From 37b742aff30f71f7b5fc1b8ceceee3d7a6687ea3 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Mon, 20 Nov 2023 19:43:07 +0100 Subject: [PATCH] 2023-11-20 17:14 UTC+0100 Aleksander Czajczynski (hb fki.pl) * contrib/hbcrypto/hbcrypto.hbp * fix hbmk2's .hbx specifier after merge by Eric Lendvai * ChangeLog.txt * merged in hbcrypto related log entries from Harbour 3.4 * src/rtl/sha1.c * src/rtl/sha1.h * src/rtl/sha1hmac.c * src/rtl/sha1hmac.h * src/rtl/hbsha1.c * src/rtl/hbsha1hm.c * merged SHA1 cleanups from Harbour 3.4, many thanks Viktor 2023-11-20 08:14 UTC-0800 Eric Lendvai (eric/at/lendvai.us) + contrib/hbcrypto/* * contrib/hbplist.txt * contrib/hbrun/hbrun.hbp * include/Makefile * include/hbcrypto.h * include/hbdefs.h * package/harbour.spec * src/rtl/sha2.c * src/rtl/sha2hmac.c * src/rtl/hbsha2hm.c * src/rtl/hbsha2.c + incorporated contrib/hbcrypto from Viktor Szakats repo 2017-10-06 16:11 UTC Viktor Szakats (vszakats users.noreply.github.com) * contrib/hbcrypto/3rd/ed25519/ed25519.hbp + contrib/hbcrypto/3rd/ed25519/add_scalar.c + sync public API with upstream 2017-05-15 15:28 UTC Viktor Szakats (vszakats users.noreply.github.com) * contrib/hbcrypto/3rd/scrypt/_compat.h ! fix to define `SIZE_MAX`. Required in certain Linux environments Thanks to Aleksander Czajczynski for the patch. * contrib/hbcrypto/hbcrypto.hbp * contrib/rddads/rddads.hbp ! respect `HB_BUILD_3RDEXT=no` 2017-04-08 00:01 UTC Viktor Szakats (vszakats users.noreply.github.com) * contrib/hbcrypto/sha3.c * silence 64-bit msvc warnings ! fix parameter size for 64-bit Windows * src/rtl/sha1.c ! fix 64-bit msvc warning 2017-02-19 21:20 UTC Viktor Szakats (vszakats users.noreply.github.com) * contrib/hbcrypto/3rd/scrypt/crypto_scrypt.h * contrib/hbcrypto/3rd/scrypt/scrypt.diff ! fix another C99 issue. Thanks to Alex Strickland. Ref: https://github.com/vszakats/hb/issues/270#issuecomment-280947348 2017-03-21 18:25 UTC Viktor Szakats (vszakats users.noreply.github.com) * contrib/hbcrypto/3rd/ed25519/ed25519.diff * contrib/hbcrypto/3rd/ed25519/ed25519.hbp * contrib/hbcrypto/3rd/ed25519/ge.c * contrib/hbcrypto/3rd/ed25519/key_exch.c -> contrib/hbcrypto/3rd/ed25519/key_exchange.c * contrib/hbcrypto/3rd/ed25519/LICENSE.txt -> contrib/hbcrypto/3rd/ed25519/license.txt * contrib/hbcrypto/3rd/ed25519/precompd.h -> contrib/hbcrypto/3rd/ed25519/precomp_data.h * use original (non-short) filenames to reduce local differences of vendored code 2017-02-19 17:38 UTC Viktor Szakats (vszakats users.noreply.github.com) * contrib/hbcrypto/3rd/scrypt/insecure_memzero.c * contrib/hbcrypto/3rd/scrypt/scrypt.diff * contrib/hbcrypto/3rd/scrypt/sha256.c * contrib/hbcrypto/3rd/scrypt/sha256.h + contrib/hbcrypto/3rd/scrypt/_compat.h ! rework patch to make old MSVC versions (MSVC 2008) happy, fixing another instance of C99-ism. My last effort into this, from this point I'd like to kindly ask for patches to support this compiler. 2017-02-19 14:18 UTC Viktor Szakats (vszakats users.noreply.github.com) * contrib/hbcrypto/3rd/scrypt/insecure_memzero.c * contrib/hbcrypto/3rd/scrypt/insecure_memzero.h * contrib/hbcrypto/3rd/scrypt/scrypt.diff * contrib/hbcrypto/3rd/scrypt/sha256.c ! avoid another C99 #include ! replace 'inline' with _HB_INLINE_ and make sure to #include "hbdef.h" before it. Ref: https://github.com/vszakats/hb/issues/270#issuecomment-280918348 2017-02-17 12:52 UTC Viktor Szakats (vszakats users.noreply.github.com) * include/hbdefs.h + add HB_C99_STATIC and HB_C99_RESTRICT type qualifiers currently enabled for gcc/clang family * contrib/hbcrypto/3rd/scrypt/scrypt.diff * contrib/hbcrypto/3rd/scrypt/sha256.c % restore C99 static/restrict qualifiers on compilers that support it 2017-02-17 12:24 UTC Viktor Szakats (vszakats users.noreply.github.com) * contrib/hbcrypto/3rd/scrypt/crypto_scrypt.h * cleanup * contrib/hbcrypto/3rd/scrypt/scrypt.diff * contrib/hbcrypto/3rd/scrypt/sha256.c * contrib/hbcrypto/3rd/scrypt/sha256.h * contrib/hbcrypto/hbcrypto.hbp + make sha256.{c,h} compatible with C compilers not supporting C99 (untested though) Ref: https://github.com/vszakats/hb/issues/270#issuecomment-280623411 2017-02-13 12:34 UTC Viktor Szakats (vszakats users.noreply.github.com) * contrib/hbcrypto/3rd/scrypt/scrypt.diff * contrib/hbcrypto/3rd/scrypt/scrypt.hbp * contrib/hbcrypto/3rd/scrypt/sha256.c + contrib/hbcrypto/3rd/scrypt/config.h + contrib/hbcrypto/3rd/scrypt/insecure_memzero.c + contrib/hbcrypto/3rd/scrypt/insecure_memzero.h * contrib/hbcrypto/3rd/scrypt/c_scrypt.h -> contrib/hbcrypto/3rd/scrypt/crypto_scrypt.h * contrib/hbcrypto/3rd/scrypt/c_scrypt.c -> contrib/hbcrypto/3rd/scrypt/crypto_scrypt-ref.c * update to scrypt 1.2.1 (from 1.1.6) * restore to use its own implementation of SHA256 and HMAC-SHA256 This makes patch smaller, final binaries somewhat smaller, but this appears to be a more polished SHA256 implementation than core one. WARNING: C build fallouts possible. * use original filenames * contrib/hbcrypto/hbcrypto.hbp * use original scrypt public header filename in dependency detection. This makes envvar HB_WITH_SCRYPT actually useful to point to non-vendored scrypt package. 2017-01-31 15:07 UTC Viktor Szakats (vszakats users.noreply.github.com) * contrib/hbrun/hbrun.hbp + link hbcrypto lib by default 2016-08-19 13:17 UTC+0200 Viktor Szakats (vszakats users.noreply.github.com) * contrib/hbcrypto/tests/pbkdf2.prg * contrib/hbcrypto/tests/scrypt.prg * update/add finalized RFC for test vectors 2016-01-20 12:20 UTC+0100 Viktor Szakats (vszakats users.noreply.github.com) * contrib/hbcrypto/3rd/ed25519/ed25519.dif * contrib/hbcrypto/3rd/ed25519/fixedint.h ! fix (hopefully) for msvc 2010 and above builds Closes https://github.com/vszakats/hb/issues/170 Tests: MSVC 2015: https://ci.appveyor.com/project/vszakats/hb/build/3.4.1004 MSVC 2013: https://ci.appveyor.com/project/vszakats/hb/build/3.4.1005 * remove old fix attempt * contrib/hbcrypto/hbcrypto.hbp + reenable for msvc 2015-08-27 22:05 UTC+0200 Viktor Szakats (vszakats users.noreply.github.com) * contrib/hbcrypto/3rd/ed25519/ed25519.dif * contrib/hbcrypto/3rd/ed25519/fixedint.h ! fix build error with MSVC 2010. This compiler offers but it seems to miss type 'int32_t' anyway. This is a hack to address this specific problem, it may need further updates to form a general solution. Fixes https://github.com/vszakats/hb/issues/158 2015-08-24 19:05 UTC+0200 Viktor Szakats (vszakats users.noreply.github.com) * contrib/hbcrypto/3rd/scrypt/c_scrypt.c * contrib/hbcrypto/3rd/scrypt/scrypt.dif * eliminate reliance on 'errno' making this code more portable (to wce e.g.) Fixes https://github.com/vszakats/hb/issues/156 2015-08-20 03:07 UTC+0200 Viktor Szakats (vszakats users.noreply.github.com) + contrib/hbcrypto/sha3.c * contrib/hbcrypto/hbcrypto.hbp * contrib/hbcrypto/hbcrypto.hbx + contrib/hbcrypto/tests/sha3.prg + add SHA3 functions: hb_SHA3224( , [] ) -> hb_SHA3256( , [] ) -> hb_SHA3384( , [] ) -> hb_SHA3512( , [] ) -> hb_SHAKE128( , [], [ ] ) -> hb_SHAKE256( , [], [ ] ) -> 2015-08-08 14:50 UTC+0200 Viktor Szakats (vszakats users.noreply.github.com) * contrib/hbcrypto/3rd/ed25519/ed25519.dif * contrib/hbcrypto/3rd/ed25519/fixedint.h ! silence msvc64 (msvs 2015) redefinition warnings * contrib/hbcrypto/blake2s.c ! silence msvc64 warnings: warning C4244: '+=': conversion from 'HB_SIZE' to 'HB_U32', possible loss of data 2015-08-08 13:48 UTC+0200 Viktor Szakats (vszakats users.noreply.github.com) * contrib/hbcrypto/scrypt.c ! fix extern declarations when built in C++ mode * contrib/hbcrypto/3rd/ed25519/ed25519.dif * contrib/hbcrypto/3rd/ed25519/fe.c ! fix msvc64 warning: warning C4146: unary minus operator applied to unsigned type, result still unsigned * contrib/hbcrypto/bcrypt.c ! fix msvc64 warnings: warning C4267: 'argument': conversion from 'size_t' to 'HB_U16', possible loss of data * src/rtl/sha1.c * silence msvc warning: conversion from 'HB_SIZE' to 'sha1_quadbyte', possible loss of data 2015-07-23 11:32 UTC+0200 Viktor Szakats (vszakats users.noreply.github.com) * contrib/hbcrypto/bcrypt.c * silence msvc warning Closes https://github.com/vszakats/hb/issues/145 2015-07-19 15:15 UTC+0200 Viktor Szakats (vszakats users.noreply.github.com) - contrib/hbcrypto/3rd/scrypt/sha256.h * contrib/hbcrypto/3rd/scrypt/c_scrypt.c * contrib/hbcrypto/3rd/scrypt/c_scrypt.h * contrib/hbcrypto/3rd/scrypt/scrypt.dif * contrib/hbcrypto/3rd/scrypt/scrypt.hbp * contrib/hbcrypto/3rd/scrypt/sha256.c * contrib/hbcrypto/hbcrypto.hbp * contrib/hbcrypto/pbkdf2.c * use more Harbour types for better portability * enable the contrib for all platforms * contrib/hbcrypto/3rd/ed25519/ed25519.dif * contrib/hbcrypto/3rd/ed25519/precompd.h * contrib/hbcrypto/3rd/ed25519/sc.h * add ending newlines to silence watcom warning 2015-07-17 21:31 UTC+0200 Viktor Szakats (vszakats users.noreply.github.com) * contrib/hbcrypto/hbcrypto.hbp * contrib/hbcrypto/hbcrypto.hbx + contrib/hbcrypto/scryptcf.prg + add helper function: hb_scrypt_setup( , , @, @, @

) -> NIL 2015-07-17 01:22 UTC+0200 Viktor Szakats (vszakats users.noreply.github.com) * contrib/hbcrypto/3rd/ed25519/ed25519.h * contrib/hbcrypto/3rd/ed25519/sign.c + add function ed25519_get_pubkey() Related Issue: https://github.com/orlp/ed25519/issues/1 Related PR: https://github.com/orlp/ed25519/pull/5 * contrib/hbcrypto/ed25519.c * contrib/hbcrypto/hbcrypto.hbx * contrib/hbcrypto/tests/ed25519.prg + add wrapper HB_ED25519_GET_PUBKEY() to derive public key from secret key * modify HB_ED25519_SIGN() and HB_ED25519_KEY_EXCHANGE() to return value directly (was: by reference) * contrib/hbcrypto/bcrypt.c * cleanups 2015-07-16 20:12 UTC+0200 Viktor Szakats (vszakats users.noreply.github.com) + contrib/hbcrypto/bcrypt.c * contrib/hbcrypto/hbcrypto.hbp * contrib/hbcrypto/hbcrypto.hbx + contrib/hbcrypto/tests/bcrypt.prg + add new secure hash function: hb_bcrypt( , , , ) -> Useful for interoparibility, other than that hb_scrypt() is superior. See inside for code authors and licenses. TODO: deduplicate Blowfish code against core * contrib/hbcrypto/scrypt.c * minor 2015-07-16 02:06 UTC+0200 Viktor Szakats (vszakats users.noreply.github.com) * contrib/hbcrypto/blake2b.c * contrib/hbcrypto/blake2s.c ! fix HB_BLAKE2*() to return correct length when passing a 3rd length parameter and passing .T. as 4th 2015-07-15 13:12 UTC+0200 Viktor Szakats (vszakats users.noreply.github.com) - contrib/hbcrypto/3rd/scrypt/config.h - contrib/hbcrypto/3rd/scrypt/scrypt_p.h - contrib/hbcrypto/3rd/scrypt/u_sysend.h * contrib/hbcrypto/3rd/scrypt/c_scrypt.c * contrib/hbcrypto/3rd/scrypt/scrypt.dif * contrib/hbcrypto/3rd/scrypt/scrypt.hbp * contrib/hbcrypto/3rd/scrypt/sha256.c * contrib/hbcrypto/hbcrypto.hbp * rely more on Harbour macros and drop redundant code * contrib/hbcrypto/pbkdf2.c ! do not strip 'const' + contrib/hbcrypto/tests/pbkdf2.prg * contrib/hbcrypto/tests/scrypt.prg * split into two 2015-07-14 00:23 UTC+0200 Viktor Szakats (vszakats users.noreply.github.com) * contrib/hbcrypto/3rd/scrypt/scrypt.dif * contrib/hbcrypto/3rd/scrypt/sha256.c * contrib/hbcrypto/3rd/scrypt/sha256.h % use core SHA256/HMAC implementations instead of local duplicates * src/rtl/hbsha2.c * src/rtl/hbsha2hm.c * minor cleanups 2015-07-13 23:54 UTC+0200 Viktor Szakats (vszakats users.noreply.github.com) * contrib/hbcrypto/ed25519.c * contrib/hbcrypto/hbcrypto.hbp * contrib/hbcrypto/hbcrypto.hbx * contrib/hbcrypto/tests/ed25519.prg * finalizing ed25519 functions 2015-07-13 23:47 UTC+0200 Viktor Szakats (vszakats users.noreply.github.com) + contrib/hbcrypto/3rd/ed25519 + contrib/hbcrypto/ed25519.c + contrib/hbcrypto/tests/ed25519.prg + add ed25519 public-key signature functionality https://ed25519.cr.yp.to uses low-level code from: https://github.com/orlp/ed25519 * contrib/hbcrypto * merge hbblake2 into hbcrypto 2015-07-13 23:12 UTC+0200 Viktor Szakats (vszakats users.noreply.github.com) * include/hbcrypto.h * src/rtl/hbsha1.c * src/rtl/hbsha1hm.c * src/rtl/hbsha2.c * src/rtl/hbsha2hm.c * src/rtl/sha1.c * src/rtl/sha1.h * src/rtl/sha1hmac.c * src/rtl/sha1hmac.h * src/rtl/sha2.c * src/rtl/sha2hmac.c + use Harbour index type in low-level SHA code % drop high-level hack compensating for fixed sized low-level indexes in 64-bit builds ! fix an unused variable in conditional code ! fix a wrong header reference after prev updates 2015-07-13 19:39 UTC+0200 Viktor Szakats (vszakats users.noreply.github.com) + include/hbcrypto.h * include/Makefile * src/rtl/sha2.c * src/rtl/sha2hmac.c + move sha2 and hmac/sha2 related headers to Harbour header directory so they can be used by other components. + export sha2 and hmac/sha2 low-level functions from Harbour dynlib % use HB_ULL() macro instead of local replica in sha2.c % drop unused #include from sha2.c and sha2hmac.c 2013-11-26 00:51 UTC+0100 Viktor Szakats (vszakats users.noreply.github.com) + contrib/hbcrypto/3rd/scrypt/* + contrib/hbcrypto/3rd/scrypt/scrypt.dif + contrib/hbcrypto/3rd/scrypt/scrypt.hbc + contrib/hbcrypto/3rd/scrypt/scrypt.hbp + added 3rd party code from: https://www.tarsnap.com/scrypt/ The work of Colin Percival, implementing safe password hashing function scrypt and PBKDF2 which it depends on. Plus Harbour build glue and patches to work with some other compilers than gcc and better work with Harbour. * contrib/hbplist.txt + contrib/hbcrypto/pbkdf2.c + contrib/hbcrypto/scrypt.c + contrib/hbcrypto/strcmpc.c + contrib/hbcrypto/tests/hbmk.hbm + contrib/hbcrypto/tests/test.prg + added hbcrypto package implementing following password hashing wrapper functions: hb_scrypt( , , , , , ) -> hb_pbkdf2_sha256( , , , ) -> + added function for length-constant time string comparison: hb_strcmpc( , ) -> --- ChangeLog.txt | 355 ++++ contrib/hbcrypto/3rd/ed25519/add_scalar.c | 69 + contrib/hbcrypto/3rd/ed25519/ed25519.diff | 97 ++ contrib/hbcrypto/3rd/ed25519/ed25519.h | 39 + contrib/hbcrypto/3rd/ed25519/ed25519.hbc | 1 + contrib/hbcrypto/3rd/ed25519/ed25519.hbp | 44 + contrib/hbcrypto/3rd/ed25519/fe.c | 1491 +++++++++++++++++ contrib/hbcrypto/3rd/ed25519/fe.h | 41 + contrib/hbcrypto/3rd/ed25519/fixedint.h | 76 + contrib/hbcrypto/3rd/ed25519/ge.c | 467 ++++++ contrib/hbcrypto/3rd/ed25519/ge.h | 74 + contrib/hbcrypto/3rd/ed25519/key_exchange.c | 79 + contrib/hbcrypto/3rd/ed25519/keypair.c | 16 + contrib/hbcrypto/3rd/ed25519/license.txt | 16 + contrib/hbcrypto/3rd/ed25519/precomp_data.h | 1391 +++++++++++++++ contrib/hbcrypto/3rd/ed25519/sc.c | 809 +++++++++ contrib/hbcrypto/3rd/ed25519/sc.h | 12 + contrib/hbcrypto/3rd/ed25519/sha512.c | 275 +++ contrib/hbcrypto/3rd/ed25519/sha512.h | 31 + contrib/hbcrypto/3rd/ed25519/sign.c | 41 + contrib/hbcrypto/3rd/ed25519/verify.c | 77 + contrib/hbcrypto/3rd/scrypt/LICENSE.txt | 27 + contrib/hbcrypto/3rd/scrypt/_compat.h | 21 + .../hbcrypto/3rd/scrypt/crypto_scrypt-ref.c | 282 ++++ contrib/hbcrypto/3rd/scrypt/crypto_scrypt.h | 46 + .../hbcrypto/3rd/scrypt/insecure_memzero.c | 19 + .../hbcrypto/3rd/scrypt/insecure_memzero.h | 37 + contrib/hbcrypto/3rd/scrypt/scrypt.diff | 190 +++ contrib/hbcrypto/3rd/scrypt/scrypt.hbc | 1 + contrib/hbcrypto/3rd/scrypt/scrypt.hbp | 28 + contrib/hbcrypto/3rd/scrypt/sha256.c | 526 ++++++ contrib/hbcrypto/3rd/scrypt/sha256.h | 95 ++ contrib/hbcrypto/bcrypt.c | 770 +++++++++ contrib/hbcrypto/blake2b.c | 261 +++ contrib/hbcrypto/blake2s.c | 259 +++ contrib/hbcrypto/ed25519.c | 139 ++ contrib/hbcrypto/hbcrypto.hbc | 5 + contrib/hbcrypto/hbcrypto.hbp | 43 + contrib/hbcrypto/hbcrypto.hbx | 46 + contrib/hbcrypto/pbkdf2.c | 79 + contrib/hbcrypto/scrypt.c | 83 + contrib/hbcrypto/scryptcf.prg | 95 ++ contrib/hbcrypto/sha3.c | 464 +++++ contrib/hbcrypto/strcmpc.c | 70 + contrib/hbcrypto/tests/bcrypt.prg | 17 + contrib/hbcrypto/tests/blake2.prg | 29 + contrib/hbcrypto/tests/ed25519.prg | 45 + contrib/hbcrypto/tests/hbmk.hbm | 6 + contrib/hbcrypto/tests/pbkdf2.prg | 13 + contrib/hbcrypto/tests/scrypt.prg | 27 + contrib/hbcrypto/tests/sha3.prg | 40 + contrib/hbplist.txt | 1 + contrib/hbrun/hbrun.hbp | 3 +- include/Makefile | 1 + include/hbcrypto.h | 229 +++ include/hbdefs.h | 4 + package/harbour.spec | 5 +- src/rtl/hbsha1.c | 38 +- src/rtl/hbsha1hm.c | 62 +- src/rtl/hbsha2.c | 152 +- src/rtl/hbsha2hm.c | 144 +- src/rtl/sha1.c | 14 +- src/rtl/sha1.h | 14 +- src/rtl/sha1hmac.c | 16 +- src/rtl/sha1hmac.h | 18 +- src/rtl/sha2.c | 236 +-- src/rtl/sha2hmac.c | 245 ++- 67 files changed, 9802 insertions(+), 644 deletions(-) create mode 100644 contrib/hbcrypto/3rd/ed25519/add_scalar.c create mode 100644 contrib/hbcrypto/3rd/ed25519/ed25519.diff create mode 100644 contrib/hbcrypto/3rd/ed25519/ed25519.h create mode 100644 contrib/hbcrypto/3rd/ed25519/ed25519.hbc create mode 100644 contrib/hbcrypto/3rd/ed25519/ed25519.hbp create mode 100644 contrib/hbcrypto/3rd/ed25519/fe.c create mode 100644 contrib/hbcrypto/3rd/ed25519/fe.h create mode 100644 contrib/hbcrypto/3rd/ed25519/fixedint.h create mode 100644 contrib/hbcrypto/3rd/ed25519/ge.c create mode 100644 contrib/hbcrypto/3rd/ed25519/ge.h create mode 100644 contrib/hbcrypto/3rd/ed25519/key_exchange.c create mode 100644 contrib/hbcrypto/3rd/ed25519/keypair.c create mode 100644 contrib/hbcrypto/3rd/ed25519/license.txt create mode 100644 contrib/hbcrypto/3rd/ed25519/precomp_data.h create mode 100644 contrib/hbcrypto/3rd/ed25519/sc.c create mode 100644 contrib/hbcrypto/3rd/ed25519/sc.h create mode 100644 contrib/hbcrypto/3rd/ed25519/sha512.c create mode 100644 contrib/hbcrypto/3rd/ed25519/sha512.h create mode 100644 contrib/hbcrypto/3rd/ed25519/sign.c create mode 100644 contrib/hbcrypto/3rd/ed25519/verify.c create mode 100644 contrib/hbcrypto/3rd/scrypt/LICENSE.txt create mode 100644 contrib/hbcrypto/3rd/scrypt/_compat.h create mode 100644 contrib/hbcrypto/3rd/scrypt/crypto_scrypt-ref.c create mode 100644 contrib/hbcrypto/3rd/scrypt/crypto_scrypt.h create mode 100644 contrib/hbcrypto/3rd/scrypt/insecure_memzero.c create mode 100644 contrib/hbcrypto/3rd/scrypt/insecure_memzero.h create mode 100644 contrib/hbcrypto/3rd/scrypt/scrypt.diff create mode 100644 contrib/hbcrypto/3rd/scrypt/scrypt.hbc create mode 100644 contrib/hbcrypto/3rd/scrypt/scrypt.hbp create mode 100644 contrib/hbcrypto/3rd/scrypt/sha256.c create mode 100644 contrib/hbcrypto/3rd/scrypt/sha256.h create mode 100644 contrib/hbcrypto/bcrypt.c create mode 100644 contrib/hbcrypto/blake2b.c create mode 100644 contrib/hbcrypto/blake2s.c create mode 100644 contrib/hbcrypto/ed25519.c create mode 100644 contrib/hbcrypto/hbcrypto.hbc create mode 100644 contrib/hbcrypto/hbcrypto.hbp create mode 100644 contrib/hbcrypto/hbcrypto.hbx create mode 100644 contrib/hbcrypto/pbkdf2.c create mode 100644 contrib/hbcrypto/scrypt.c create mode 100644 contrib/hbcrypto/scryptcf.prg create mode 100644 contrib/hbcrypto/sha3.c create mode 100644 contrib/hbcrypto/strcmpc.c create mode 100644 contrib/hbcrypto/tests/bcrypt.prg create mode 100644 contrib/hbcrypto/tests/blake2.prg create mode 100644 contrib/hbcrypto/tests/ed25519.prg create mode 100644 contrib/hbcrypto/tests/hbmk.hbm create mode 100644 contrib/hbcrypto/tests/pbkdf2.prg create mode 100644 contrib/hbcrypto/tests/scrypt.prg create mode 100644 contrib/hbcrypto/tests/sha3.prg create mode 100644 include/hbcrypto.h diff --git a/ChangeLog.txt b/ChangeLog.txt index 99237045fe..aa51ae3bbb 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -7,6 +7,33 @@ Entries may not always be in chronological/commit order. See license at the end of file. */ +2023-11-20 17:14 UTC+0100 Aleksander Czajczynski (hb fki.pl) + * contrib/hbcrypto/hbcrypto.hbp + * fix hbmk2's .hbx specifier after merge by Eric Lendvai + * ChangeLog.txt + * merged in hbcrypto related log entries from Harbour 3.4 + * src/rtl/sha1.c + * src/rtl/sha1.h + * src/rtl/sha1hmac.c + * src/rtl/sha1hmac.h + * src/rtl/hbsha1.c + * src/rtl/hbsha1hm.c + * merged SHA1 cleanups from Harbour 3.4, many thanks Viktor + +2023-11-20 08:14 UTC-0800 Eric Lendvai (eric/at/lendvai.us) + + contrib/hbcrypto/* + * contrib/hbplist.txt + * contrib/hbrun/hbrun.hbp + * include/Makefile + * include/hbcrypto.h + * include/hbdefs.h + * package/harbour.spec + * src/rtl/sha2.c + * src/rtl/sha2hmac.c + * src/rtl/hbsha2hm.c + * src/rtl/hbsha2.c + + incorporated contrib/hbcrypto from Viktor Szakats repo + 2023-11-15 15:57 UTC+0100 Phil Krylov (phil a t krylov.eu) * contrib/hbsqlit3/tests/backup.prg + Simple change in test to provoke access to dangling pointer saved @@ -1792,6 +1819,11 @@ * src/common/hbfopen.c ! fixed POCC and XCC builds +2017-10-06 16:11 UTC Viktor Szakats (vszakats users.noreply.github.com) + * contrib/hbcrypto/3rd/ed25519/ed25519.hbp + + contrib/hbcrypto/3rd/ed25519/add_scalar.c + + sync public API with upstream + 2017-09-28 15:11 UTC+0200 Przemyslaw Czerpak (druzus/at/poczta.onet.pl) * src/pp/ppcore.c ! fixed memory leak in unclosed extended block @@ -2740,6 +2772,15 @@ ! fixed possible use of memcpy() with the same source and destination addresses +2017-05-15 15:28 UTC Viktor Szakats (vszakats users.noreply.github.com) + * contrib/hbcrypto/3rd/scrypt/_compat.h + ! fix to define `SIZE_MAX`. Required in certain Linux environments + Thanks to Aleksander CzajczyƄski for the patch. + + * contrib/hbcrypto/hbcrypto.hbp + * contrib/rddads/rddads.hbp + ! respect `HB_BUILD_3RDEXT=no` + 2017-05-15 14:34 UTC+0200 Przemyslaw Czerpak (druzus/at/poczta.onet.pl) * contrib/hbgs/hbgs.hbp ! respect HB_BUILD_3RDEXT=no @@ -3156,6 +3197,14 @@ ; changes above come from vast number of commits in 3.4 repository - many thanks to Viktor Szakats for maintaining +2017-04-08 00:01 UTC Viktor Szakats (vszakats users.noreply.github.com) + * contrib/hbcrypto/sha3.c + * silence 64-bit msvc warnings + ! fix parameter size for 64-bit Windows + + * src/rtl/sha1.c + ! fix 64-bit msvc warning + 2017-04-06 12:05 UTC+0200 Aleksander Czajczynski (hb fki.pl) * contrib/hbtip/httpcli.prg ! fixed uploading binary files with TIPClientHTTP:PostMultiPart() @@ -3302,6 +3351,16 @@ * tests/speedtst.prg ! fixed memory statistic detection +2017-03-21 18:25 UTC Viktor Szakats (vszakats users.noreply.github.com) + * contrib/hbcrypto/3rd/ed25519/ed25519.diff + * contrib/hbcrypto/3rd/ed25519/ed25519.hbp + * contrib/hbcrypto/3rd/ed25519/ge.c + * contrib/hbcrypto/3rd/ed25519/key_exch.c -> contrib/hbcrypto/3rd/ed25519/key_exchange.c + * contrib/hbcrypto/3rd/ed25519/LICENSE.txt -> contrib/hbcrypto/3rd/ed25519/license.txt + * contrib/hbcrypto/3rd/ed25519/precompd.h -> contrib/hbcrypto/3rd/ed25519/precomp_data.h + * use original (non-short) filenames + to reduce local differences of vendored code + 2017-03-20 12:28 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl) * contrib/hbgs/core.c ! fixed to build with new GS versions - fix borrowed from Viktor's @@ -3432,6 +3491,75 @@ * updated April White email address ; please verify it and update if necessary +2017-02-19 21:20 UTC Viktor Szakats (vszakats users.noreply.github.com) + * contrib/hbcrypto/3rd/scrypt/crypto_scrypt.h + * contrib/hbcrypto/3rd/scrypt/scrypt.diff + ! fix another C99 issue. Thanks to Alex Strickland. + Ref: https://github.com/vszakats/hb/issues/270#issuecomment-280947348 + +2017-02-19 17:38 UTC Viktor Szakats (vszakats users.noreply.github.com) + * contrib/hbcrypto/3rd/scrypt/insecure_memzero.c + * contrib/hbcrypto/3rd/scrypt/scrypt.diff + * contrib/hbcrypto/3rd/scrypt/sha256.c + * contrib/hbcrypto/3rd/scrypt/sha256.h + + contrib/hbcrypto/3rd/scrypt/_compat.h + ! rework patch to make old MSVC versions (MSVC 2008) happy, + fixing another instance of C99-ism. + My last effort into this, from this point I'd like to kindly + ask for patches to support this compiler. + +2017-02-19 14:18 UTC Viktor Szakats (vszakats users.noreply.github.com) + * contrib/hbcrypto/3rd/scrypt/insecure_memzero.c + * contrib/hbcrypto/3rd/scrypt/insecure_memzero.h + * contrib/hbcrypto/3rd/scrypt/scrypt.diff + * contrib/hbcrypto/3rd/scrypt/sha256.c + ! avoid another C99 #include + ! replace 'inline' with _HB_INLINE_ and + make sure to #include "hbdef.h" before it. + Ref: https://github.com/vszakats/hb/issues/270#issuecomment-280918348 + +2017-02-17 12:52 UTC Viktor Szakats (vszakats users.noreply.github.com) + * include/hbdefs.h + + add HB_C99_STATIC and HB_C99_RESTRICT type qualifiers + currently enabled for gcc/clang family + + * contrib/hbcrypto/3rd/scrypt/scrypt.diff + * contrib/hbcrypto/3rd/scrypt/sha256.c + % restore C99 static/restrict qualifiers on compilers that support it + +2017-02-17 12:24 UTC Viktor Szakats (vszakats users.noreply.github.com) + * contrib/hbcrypto/3rd/scrypt/crypto_scrypt.h + * cleanup + + * contrib/hbcrypto/3rd/scrypt/scrypt.diff + * contrib/hbcrypto/3rd/scrypt/sha256.c + * contrib/hbcrypto/3rd/scrypt/sha256.h + * contrib/hbcrypto/hbcrypto.hbp + + make sha256.{c,h} compatible with C compilers not supporting C99 + (untested though) + Ref: https://github.com/vszakats/hb/issues/270#issuecomment-280623411 + +2017-02-13 12:34 UTC Viktor Szakats (vszakats users.noreply.github.com) + * contrib/hbcrypto/3rd/scrypt/scrypt.diff + * contrib/hbcrypto/3rd/scrypt/scrypt.hbp + * contrib/hbcrypto/3rd/scrypt/sha256.c + + contrib/hbcrypto/3rd/scrypt/config.h + + contrib/hbcrypto/3rd/scrypt/insecure_memzero.c + + contrib/hbcrypto/3rd/scrypt/insecure_memzero.h + * contrib/hbcrypto/3rd/scrypt/c_scrypt.h -> contrib/hbcrypto/3rd/scrypt/crypto_scrypt.h + * contrib/hbcrypto/3rd/scrypt/c_scrypt.c -> contrib/hbcrypto/3rd/scrypt/crypto_scrypt-ref.c + * update to scrypt 1.2.1 (from 1.1.6) + * restore to use its own implementation of SHA256 and HMAC-SHA256 + This makes patch smaller, final binaries somewhat smaller, but + this appears to be a more polished SHA256 implementation than + core one. WARNING: C build fallouts possible. + * use original filenames + + * contrib/hbcrypto/hbcrypto.hbp + * use original scrypt public header filename in dependency detection. + This makes envvar HB_WITH_SCRYPT actually useful to point to + non-vendored scrypt package. + 2017-02-08 19:36 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl) * contrib/gtqtc/gtqtc1.cpp ! fixed clipboard selection with shift + left mouse button to not report @@ -3458,6 +3586,10 @@ * src/harbour.def * updated for new functions +2017-01-31 15:07 UTC Viktor Szakats (vszakats users.noreply.github.com) + * contrib/hbrun/hbrun.hbp + + link hbcrypto lib by default + 2016-12-16 11:05 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl) * contrib/hbmisc/dates.c ! fixed WOY() to return some reasonable results. I have no idea what @@ -4125,6 +4257,11 @@ 2015-04-03 11:43 UTC+0200 Viktor Szakats (vszakats users.noreply.github.com) 2014-01-29 02:15 UTC+0100 Viktor Szakats (vszakats users.noreply.github.com) +2016-08-19 13:17 UTC+0200 Viktor Szakats (vszakats users.noreply.github.com) + * contrib/hbcrypto/tests/pbkdf2.prg + * contrib/hbcrypto/tests/scrypt.prg + * update/add finalized RFC for test vectors + 2016-08-10 20:12 UTC+0300 Mindaugas Kavaliauskas (dbtopas/at/dbtopas.lt) * contrib/rddads/ads.ch + 64bit server type constants included @@ -4965,6 +5102,19 @@ recognized by other RDDs. Now only one long type name can be returned: "CICHARACTER" +2016-01-20 12:20 UTC+0100 Viktor Szakats (vszakats users.noreply.github.com) + * contrib/hbcrypto/3rd/ed25519/ed25519.dif + * contrib/hbcrypto/3rd/ed25519/fixedint.h + ! fix (hopefully) for msvc 2010 and above builds + Closes https://github.com/vszakats/hb/issues/170 + Tests: + MSVC 2015: https://ci.appveyor.com/project/vszakats/hb/build/3.4.1004 + MSVC 2013: https://ci.appveyor.com/project/vszakats/hb/build/3.4.1005 + * remove old fix attempt + + * contrib/hbcrypto/hbcrypto.hbp + + reenable for msvc + 2016-01-19 13:03 UTC+0100 Maurilio Longo (maurilio.longo@libero.it) - tests/longfile.prg + tests/largefil.prg @@ -6793,6 +6943,35 @@ raw sockets + implemented hb_fileFlush() +2015-08-27 22:05 UTC+0200 Viktor Szakats (vszakats users.noreply.github.com) + * contrib/hbcrypto/3rd/ed25519/ed25519.dif + * contrib/hbcrypto/3rd/ed25519/fixedint.h + ! fix build error with MSVC 2010. This compiler offers + but it seems to miss type 'int32_t' anyway. This is a hack to + address this specific problem, it may need further updates + to form a general solution. + Fixes https://github.com/vszakats/hb/issues/158 + +2015-08-24 19:05 UTC+0200 Viktor Szakats (vszakats users.noreply.github.com) + * contrib/hbcrypto/3rd/scrypt/c_scrypt.c + * contrib/hbcrypto/3rd/scrypt/scrypt.dif + * eliminate reliance on 'errno' making this code + more portable (to wce e.g.) + Fixes https://github.com/vszakats/hb/issues/156 + +2015-08-20 03:07 UTC+0200 Viktor Szakats (vszakats users.noreply.github.com) + + contrib/hbcrypto/sha3.c + * contrib/hbcrypto/hbcrypto.hbp + * contrib/hbcrypto/hbcrypto.hbx + + contrib/hbcrypto/tests/sha3.prg + + add SHA3 functions: + hb_SHA3224( , [] ) -> + hb_SHA3256( , [] ) -> + hb_SHA3384( , [] ) -> + hb_SHA3512( , [] ) -> + hb_SHAKE128( , [], [ ] ) -> + hb_SHAKE256( , [], [ ] ) -> + 2015-08-17 15:39 UTC+0200 Przemyslaw Czerpak (druzus/at/poczta.onet.pl) * include/hbznet.h + include hbsocket.h @@ -6813,6 +6992,32 @@ * contrib/hbtcpio/tcpio.c ! initialize socket subsystem - it fixes issue #105 +2015-08-08 14:50 UTC+0200 Viktor Szakats (vszakats users.noreply.github.com) + * contrib/hbcrypto/3rd/ed25519/ed25519.dif + * contrib/hbcrypto/3rd/ed25519/fixedint.h + ! silence msvc64 (msvs 2015) redefinition warnings + + * contrib/hbcrypto/blake2s.c + ! silence msvc64 warnings: + warning C4244: '+=': conversion from 'HB_SIZE' to 'HB_U32', possible loss of data + +2015-08-08 13:48 UTC+0200 Viktor Szakats (vszakats users.noreply.github.com) + * contrib/hbcrypto/scrypt.c + ! fix extern declarations when built in C++ mode + + * contrib/hbcrypto/3rd/ed25519/ed25519.dif + * contrib/hbcrypto/3rd/ed25519/fe.c + ! fix msvc64 warning: + warning C4146: unary minus operator applied to unsigned type, result still unsigned + + * contrib/hbcrypto/bcrypt.c + ! fix msvc64 warnings: + warning C4267: 'argument': conversion from 'size_t' to 'HB_U16', possible loss of data + + * src/rtl/sha1.c + * silence msvc warning: + conversion from 'HB_SIZE' to 'sha1_quadbyte', possible loss of data + 2015-08-07 16:07 UTC+0200 Przemyslaw Czerpak (druzus/at/poczta.onet.pl) * src/rtl/filesys.c * removed dummy code left by mistake @@ -6999,11 +7204,58 @@ ! fixed bug with potentially uninitialized buffer (fix borrowed from Viktor's branch) +2015-07-23 11:32 UTC+0200 Viktor Szakats (vszakats users.noreply.github.com) + * contrib/hbcrypto/bcrypt.c + * silence msvc warning + Closes https://github.com/vszakats/hb/issues/145 + 2015-07-20 17:02 UTC+0200 Przemyslaw Czerpak (druzus/at/poczta.onet.pl) * src/rtl/gttrm/gttrm.c + added support for aixterm colors escape sequences. It can be enabled by //GTTRM:EXCLR=4 +2015-07-19 15:15 UTC+0200 Viktor Szakats (vszakats users.noreply.github.com) + - contrib/hbcrypto/3rd/scrypt/sha256.h + * contrib/hbcrypto/3rd/scrypt/c_scrypt.c + * contrib/hbcrypto/3rd/scrypt/c_scrypt.h + * contrib/hbcrypto/3rd/scrypt/scrypt.dif + * contrib/hbcrypto/3rd/scrypt/scrypt.hbp + * contrib/hbcrypto/3rd/scrypt/sha256.c + * contrib/hbcrypto/hbcrypto.hbp + * contrib/hbcrypto/pbkdf2.c + * use more Harbour types for better portability + * enable the contrib for all platforms + + * contrib/hbcrypto/3rd/ed25519/ed25519.dif + * contrib/hbcrypto/3rd/ed25519/precompd.h + * contrib/hbcrypto/3rd/ed25519/sc.h + * add ending newlines to silence watcom warning + +2015-07-17 21:31 UTC+0200 Viktor Szakats (vszakats users.noreply.github.com) + * contrib/hbcrypto/hbcrypto.hbp + * contrib/hbcrypto/hbcrypto.hbx + + contrib/hbcrypto/scryptcf.prg + + add helper function: + hb_scrypt_setup( , , @, @, @

) -> NIL + +2015-07-17 01:22 UTC+0200 Viktor Szakats (vszakats users.noreply.github.com) + * contrib/hbcrypto/3rd/ed25519/ed25519.h + * contrib/hbcrypto/3rd/ed25519/sign.c + + add function ed25519_get_pubkey() + Related Issue: https://github.com/orlp/ed25519/issues/1 + Related PR: https://github.com/orlp/ed25519/pull/5 + + * contrib/hbcrypto/ed25519.c + * contrib/hbcrypto/hbcrypto.hbx + * contrib/hbcrypto/tests/ed25519.prg + + add wrapper HB_ED25519_GET_PUBKEY() to derive + public key from secret key + * modify HB_ED25519_SIGN() and HB_ED25519_KEY_EXCHANGE() + to return value directly (was: by reference) + + * contrib/hbcrypto/bcrypt.c + * cleanups + 2015-07-16 17:10 UTC+0200 Przemyslaw Czerpak (druzus/at/poczta.onet.pl) * src/rtl/gttrm/gttrm.c * gives the highest priority to terminal type specified by @@ -7033,10 +7285,88 @@ Warning: I added above modes to test different terminals. It's possible that I'll change it after tests. +2015-07-15 13:12 UTC+0200 Viktor Szakats (vszakats users.noreply.github.com) + - contrib/hbcrypto/3rd/scrypt/config.h + - contrib/hbcrypto/3rd/scrypt/scrypt_p.h + - contrib/hbcrypto/3rd/scrypt/u_sysend.h + * contrib/hbcrypto/3rd/scrypt/c_scrypt.c + * contrib/hbcrypto/3rd/scrypt/scrypt.dif + * contrib/hbcrypto/3rd/scrypt/scrypt.hbp + * contrib/hbcrypto/3rd/scrypt/sha256.c + * contrib/hbcrypto/hbcrypto.hbp + * rely more on Harbour macros and drop + redundant code + + * contrib/hbcrypto/pbkdf2.c + ! do not strip 'const' + + + contrib/hbcrypto/tests/pbkdf2.prg + * contrib/hbcrypto/tests/scrypt.prg + * split into two + 2015-07-14 17:51 UTC+0200 Przemyslaw Czerpak (druzus/at/poczta.onet.pl) * src/rtl/gtxwc/gtxwc.c ! fixed SetMode() when HB_GTI_RESIZABLE is set to .F. +2015-07-14 00:23 UTC+0200 Viktor Szakats (vszakats users.noreply.github.com) + * contrib/hbcrypto/3rd/scrypt/scrypt.dif + * contrib/hbcrypto/3rd/scrypt/sha256.c + * contrib/hbcrypto/3rd/scrypt/sha256.h + % use core SHA256/HMAC implementations instead + of local duplicates + + * src/rtl/hbsha2.c + * src/rtl/hbsha2hm.c + * minor cleanups + +2015-07-13 23:54 UTC+0200 Viktor Szakats (vszakats users.noreply.github.com) + * contrib/hbcrypto/ed25519.c + * contrib/hbcrypto/hbcrypto.hbp + * contrib/hbcrypto/hbcrypto.hbx + * contrib/hbcrypto/tests/ed25519.prg + * finalizing ed25519 functions + +2015-07-13 23:47 UTC+0200 Viktor Szakats (vszakats users.noreply.github.com) + + contrib/hbcrypto/3rd/ed25519 + + contrib/hbcrypto/ed25519.c + + contrib/hbcrypto/tests/ed25519.prg + + add ed25519 public-key signature functionality + https://ed25519.cr.yp.to + uses low-level code from: + https://github.com/orlp/ed25519 + + * contrib/hbcrypto + * merge hbblake2 into hbcrypto + +2015-07-13 23:12 UTC+0200 Viktor Szakats (vszakats users.noreply.github.com) + * include/hbcrypto.h + * src/rtl/hbsha1.c + * src/rtl/hbsha1hm.c + * src/rtl/hbsha2.c + * src/rtl/hbsha2hm.c + * src/rtl/sha1.c + * src/rtl/sha1.h + * src/rtl/sha1hmac.c + * src/rtl/sha1hmac.h + * src/rtl/sha2.c + * src/rtl/sha2hmac.c + + use Harbour index type in low-level SHA code + % drop high-level hack compensating for fixed sized + low-level indexes in 64-bit builds + ! fix an unused variable in conditional code + ! fix a wrong header reference after prev updates + +2015-07-13 19:39 UTC+0200 Viktor Szakats (vszakats users.noreply.github.com) + + include/hbcrypto.h + * include/Makefile + * src/rtl/sha2.c + * src/rtl/sha2hmac.c + + move sha2 and hmac/sha2 related headers to Harbour + header directory so they can be used by other components. + + export sha2 and hmac/sha2 low-level functions from Harbour dynlib + % use HB_ULL() macro instead of local replica in sha2.c + % drop unused #include from sha2.c and sha2hmac.c + 2015-07-03 11:22 UTC+0200 Viktor Szakats (vszakats users.noreply.github.com) * include/harbour.hbx * src/rtl/libnamec.c @@ -11822,6 +12152,31 @@ * src/rtl/hbini.prg ! fixed RTE on 'include' directive +2013-11-26 00:51 UTC+0100 Viktor Szakats (vszakats users.noreply.github.com) + + contrib/hbcrypto/3rd/scrypt/* + + contrib/hbcrypto/3rd/scrypt/scrypt.dif + + contrib/hbcrypto/3rd/scrypt/scrypt.hbc + + contrib/hbcrypto/3rd/scrypt/scrypt.hbp + + added 3rd party code from: + https://www.tarsnap.com/scrypt/ + The work of Colin Percival, implementing safe password + hashing function scrypt and PBKDF2 which it depends on. + Plus Harbour build glue and patches to work with some + other compilers than gcc and better work with Harbour. + + * contrib/hbplist.txt + + contrib/hbcrypto/pbkdf2.c + + contrib/hbcrypto/scrypt.c + + contrib/hbcrypto/strcmpc.c + + contrib/hbcrypto/tests/hbmk.hbm + + contrib/hbcrypto/tests/test.prg + + added hbcrypto package implementing following password + hashing wrapper functions: + hb_scrypt( , , , , , ) -> + hb_pbkdf2_sha256( , , , ) -> + + added function for length-constant time string comparison: + hb_strcmpc( , ) -> + 2013-11-25 23:23 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl) * src/common/strwild.c ! fixed hb_strMatchFile() (C) and hb_fileMatch() (PRG) to respect diff --git a/contrib/hbcrypto/3rd/ed25519/add_scalar.c b/contrib/hbcrypto/3rd/ed25519/add_scalar.c new file mode 100644 index 0000000000..7528a7a4a2 --- /dev/null +++ b/contrib/hbcrypto/3rd/ed25519/add_scalar.c @@ -0,0 +1,69 @@ +#include "ed25519.h" +#include "ge.h" +#include "sc.h" +#include "sha512.h" + + +/* see http://crypto.stackexchange.com/a/6215/4697 */ +void ed25519_add_scalar(unsigned char *public_key, unsigned char *private_key, const unsigned char *scalar) { + const unsigned char SC_1[32] = {1}; /* scalar with value 1 */ + + unsigned char n[32]; + ge_p3 nB; + ge_p1p1 A_p1p1; + ge_p3 A; + ge_p3 public_key_unpacked; + ge_cached T; + + sha512_context hash; + unsigned char hashbuf[64]; + + int i; + + /* copy the scalar and clear highest bit */ + for (i = 0; i < 31; ++i) { + n[i] = scalar[i]; + } + n[31] = scalar[31] & 127; + + /* private key: a = n + t */ + if (private_key) { + sc_muladd(private_key, SC_1, n, private_key); + + // https://github.com/orlp/ed25519/issues/3 + sha512_init(&hash); + sha512_update(&hash, private_key + 32, 32); + sha512_update(&hash, scalar, 32); + sha512_final(&hash, hashbuf); + for (i = 0; i < 32; ++i) { + private_key[32 + i] = hashbuf[i]; + } + } + + /* public key: A = nB + T */ + if (public_key) { + /* if we know the private key we don't need a point addition, which is faster */ + /* using a "timing attack" you could find out wether or not we know the private + key, but this information seems rather useless - if this is important pass + public_key and private_key seperately in 2 function calls */ + if (private_key) { + ge_scalarmult_base(&A, private_key); + } else { + /* unpack public key into T */ + ge_frombytes_negate_vartime(&public_key_unpacked, public_key); + fe_neg(public_key_unpacked.X, public_key_unpacked.X); /* undo negate */ + fe_neg(public_key_unpacked.T, public_key_unpacked.T); /* undo negate */ + ge_p3_to_cached(&T, &public_key_unpacked); + + /* calculate n*B */ + ge_scalarmult_base(&nB, n); + + /* A = n*B + T */ + ge_add(&A_p1p1, &nB, &T); + ge_p1p1_to_p3(&A, &A_p1p1); + } + + /* pack public key */ + ge_p3_tobytes(public_key, &A); + } +} diff --git a/contrib/hbcrypto/3rd/ed25519/ed25519.diff b/contrib/hbcrypto/3rd/ed25519/ed25519.diff new file mode 100644 index 0000000000..e1baa051fc --- /dev/null +++ b/contrib/hbcrypto/3rd/ed25519/ed25519.diff @@ -0,0 +1,97 @@ +diff --strip-trailing-cr -urN ed25519.orig/ed25519.h ed25519/ed25519.h +--- ed25519.orig/ed25519.h 2017-02-10 19:47:44.000000000 +0000 ++++ ed25519/ed25519.h 2022-06-30 12:06:22.000000000 +0000 +@@ -25,7 +25,8 @@ + #endif + + void ED25519_DECLSPEC ed25519_create_keypair(unsigned char *public_key, unsigned char *private_key, const unsigned char *seed); +-void ED25519_DECLSPEC ed25519_sign(unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *public_key, const unsigned char *private_key); ++void ED25519_DECLSPEC ed25519_get_pubkey(unsigned char *public_key, const unsigned char *private_key); ++void ED25519_DECLSPEC ed25519_sign(unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *unused, const unsigned char *private_key); + int ED25519_DECLSPEC ed25519_verify(const unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *public_key); + void ED25519_DECLSPEC ed25519_add_scalar(unsigned char *public_key, unsigned char *private_key, const unsigned char *scalar); + void ED25519_DECLSPEC ed25519_key_exchange(unsigned char *shared_secret, const unsigned char *public_key, const unsigned char *private_key); +diff --strip-trailing-cr -urN ed25519.orig/fixedint.h ed25519/fixedint.h +--- ed25519.orig/fixedint.h 2017-02-10 19:47:44.000000000 +0000 ++++ ed25519/fixedint.h 2022-06-30 12:06:22.000000000 +0000 +@@ -4,7 +4,7 @@ + Not a compatible replacement for , do not blindly use it as such. + */ + +-#if ((defined(__STDC__) && __STDC__ && __STDC_VERSION__ >= 199901L) || (defined(__WATCOMC__) && (defined(_STDINT_H_INCLUDED) || __WATCOMC__ >= 1250)) || (defined(__GNUC__) && (defined(_STDINT_H) || defined(_STDINT_H_) || defined(__UINT_FAST64_TYPE__)) )) && !defined(FIXEDINT_H_INCLUDED) ++#if ((defined(__STDC__) && __STDC__ && __STDC_VERSION__ >= 199901L) || (defined(_MSC_VER) && _MSC_VER >= 1600) || (defined(__WATCOMC__) && (defined(_STDINT_H_INCLUDED) || __WATCOMC__ >= 1250)) || (defined(__GNUC__) && (defined(_STDINT_H) || defined(_STDINT_H_) || defined(__UINT_FAST64_TYPE__)) )) && !defined(FIXEDINT_H_INCLUDED) + #include + #define FIXEDINT_H_INCLUDED + +@@ -66,7 +66,11 @@ + typedef __int64 int64_t; + typedef unsigned __int64 uint64_t; + ++ #ifndef UINT64_C + #define UINT64_C(v) v ##UI64 ++ #endif ++ #ifndef INT64_C + #define INT64_C(v) v ##I64 ++ #endif + #endif + #endif +diff --strip-trailing-cr -urN ed25519.orig/sha512.h ed25519/sha512.h +--- ed25519.orig/sha512.h 2017-02-10 19:47:44.000000000 +0000 ++++ ed25519/sha512.h 2022-06-30 12:06:22.000000000 +0000 +@@ -1,11 +1,20 @@ + #ifndef SHA512_H + #define SHA512_H + +-#include ++#include "hbdefs.h" + + #include "fixedint.h" + + /* state */ ++#if defined( HB_USE_CORE_SHA512 ) ++# include "hbcrypto.h" ++# define sha512_context hb_sha512_ctx ++# define sha512_init hb_sha512_init ++# define sha512_final hb_sha512_final ++# define sha512_update hb_sha512_update ++# define sha512 hb_sha512 ++#else ++# define uint64_t HB_U64 + typedef struct sha512_context_ { + uint64_t length, state[8]; + size_t curlen; +@@ -17,5 +26,6 @@ + int sha512_final(sha512_context * md, unsigned char *out); + int sha512_update(sha512_context * md, const unsigned char *in, size_t inlen); + int sha512(const unsigned char *message, size_t message_len, unsigned char *out); ++#endif + + #endif +diff --strip-trailing-cr -urN ed25519.orig/sign.c ed25519/sign.c +--- ed25519.orig/sign.c 2017-02-10 19:47:44.000000000 +0000 ++++ ed25519/sign.c 2022-06-30 12:06:22.000000000 +0000 +@@ -3,13 +3,23 @@ + #include "ge.h" + #include "sc.h" + ++void ed25519_get_pubkey(unsigned char *public_key, const unsigned char *private_key) { ++ ge_p3 A; + +-void ed25519_sign(unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *public_key, const unsigned char *private_key) { ++ ge_scalarmult_base(&A, private_key); ++ ge_p3_tobytes(public_key, &A); ++} ++ ++void ed25519_sign(unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *unused, const unsigned char *private_key) { + sha512_context hash; + unsigned char hram[64]; + unsigned char r[64]; + ge_p3 R; ++ unsigned char public_key[ 32 ]; ++ ++ (void)unused; + ++ ed25519_get_pubkey(public_key, private_key); + + sha512_init(&hash); + sha512_update(&hash, private_key + 32, 32); diff --git a/contrib/hbcrypto/3rd/ed25519/ed25519.h b/contrib/hbcrypto/3rd/ed25519/ed25519.h new file mode 100644 index 0000000000..b0d0347921 --- /dev/null +++ b/contrib/hbcrypto/3rd/ed25519/ed25519.h @@ -0,0 +1,39 @@ +#ifndef ED25519_H +#define ED25519_H + +#include + +#if defined(_WIN32) + #if defined(ED25519_BUILD_DLL) + #define ED25519_DECLSPEC __declspec(dllexport) + #elif defined(ED25519_DLL) + #define ED25519_DECLSPEC __declspec(dllimport) + #else + #define ED25519_DECLSPEC + #endif +#else + #define ED25519_DECLSPEC +#endif + + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef ED25519_NO_SEED +int ED25519_DECLSPEC ed25519_create_seed(unsigned char *seed); +#endif + +void ED25519_DECLSPEC ed25519_create_keypair(unsigned char *public_key, unsigned char *private_key, const unsigned char *seed); +void ED25519_DECLSPEC ed25519_get_pubkey(unsigned char *public_key, const unsigned char *private_key); +void ED25519_DECLSPEC ed25519_sign(unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *unused, const unsigned char *private_key); +int ED25519_DECLSPEC ed25519_verify(const unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *public_key); +void ED25519_DECLSPEC ed25519_add_scalar(unsigned char *public_key, unsigned char *private_key, const unsigned char *scalar); +void ED25519_DECLSPEC ed25519_key_exchange(unsigned char *shared_secret, const unsigned char *public_key, const unsigned char *private_key); + + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/contrib/hbcrypto/3rd/ed25519/ed25519.hbc b/contrib/hbcrypto/3rd/ed25519/ed25519.hbc new file mode 100644 index 0000000000..a18c93b814 --- /dev/null +++ b/contrib/hbcrypto/3rd/ed25519/ed25519.hbc @@ -0,0 +1 @@ +libs=${_HB_3RDPREF}${hb_name}${_HB_3RDSUFF} diff --git a/contrib/hbcrypto/3rd/ed25519/ed25519.hbp b/contrib/hbcrypto/3rd/ed25519/ed25519.hbp new file mode 100644 index 0000000000..11f9015e03 --- /dev/null +++ b/contrib/hbcrypto/3rd/ed25519/ed25519.hbp @@ -0,0 +1,44 @@ +-stop{hbdyn&!(HB_BUILD_3RD_DYN='yes')} -env:__HB_3RD_DYN=yes{hbdyn} + +-hblib +-inc + +-o${hb_name} + +-warn=low +-cpp=no +-pic + +fe.c +ge.c +keypair.c +key_exchange.c +sc.c +sign.c +verify.c +sha512.c{hbdyn} + +# Use Harbour core SHA-512 implementation only when building static lib. +# This way the dynamic lib won't depend on Harbour dynlib. +-cflag=-DHB_USE_CORE_SHA512{!hbdyn} + +# URL https://github.com/orlp/ed25519/archive/7fa6712ef5d581a6981ec2b08ee623314cd1d1c4.tar.gz +# DIFF ed25519.diff +# +# MAP license.txt +# MAP src/add_scalar.c add_scalar.c +# MAP src/fe.c fe.c +# MAP src/ge.c ge.c +# MAP src/key_exchange.c key_exchange.c +# MAP src/keypair.c keypair.c +# MAP src/sc.c sc.c +# MAP src/sign.c sign.c +# MAP src/verify.c verify.c +# MAP src/ed25519.h ed25519.h +# MAP src/fe.h fe.h +# MAP src/fixedint.h fixedint.h +# MAP src/ge.h ge.h +# MAP src/precomp_data.h precomp_data.h +# MAP src/sc.h sc.h +# MAP src/sha512.h sha512.h +# MAP src/sha512.c sha512.c diff --git a/contrib/hbcrypto/3rd/ed25519/fe.c b/contrib/hbcrypto/3rd/ed25519/fe.c new file mode 100644 index 0000000000..2105eb7b2c --- /dev/null +++ b/contrib/hbcrypto/3rd/ed25519/fe.c @@ -0,0 +1,1491 @@ +#include "fixedint.h" +#include "fe.h" + + +/* + helper functions +*/ +static uint64_t load_3(const unsigned char *in) { + uint64_t result; + + result = (uint64_t) in[0]; + result |= ((uint64_t) in[1]) << 8; + result |= ((uint64_t) in[2]) << 16; + + return result; +} + +static uint64_t load_4(const unsigned char *in) { + uint64_t result; + + result = (uint64_t) in[0]; + result |= ((uint64_t) in[1]) << 8; + result |= ((uint64_t) in[2]) << 16; + result |= ((uint64_t) in[3]) << 24; + + return result; +} + + + +/* + h = 0 +*/ + +void fe_0(fe h) { + h[0] = 0; + h[1] = 0; + h[2] = 0; + h[3] = 0; + h[4] = 0; + h[5] = 0; + h[6] = 0; + h[7] = 0; + h[8] = 0; + h[9] = 0; +} + + + +/* + h = 1 +*/ + +void fe_1(fe h) { + h[0] = 1; + h[1] = 0; + h[2] = 0; + h[3] = 0; + h[4] = 0; + h[5] = 0; + h[6] = 0; + h[7] = 0; + h[8] = 0; + h[9] = 0; +} + + + +/* + h = f + g + Can overlap h with f or g. + + Preconditions: + |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. + |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. + + Postconditions: + |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. +*/ + +void fe_add(fe h, const fe f, const fe g) { + int32_t f0 = f[0]; + int32_t f1 = f[1]; + int32_t f2 = f[2]; + int32_t f3 = f[3]; + int32_t f4 = f[4]; + int32_t f5 = f[5]; + int32_t f6 = f[6]; + int32_t f7 = f[7]; + int32_t f8 = f[8]; + int32_t f9 = f[9]; + int32_t g0 = g[0]; + int32_t g1 = g[1]; + int32_t g2 = g[2]; + int32_t g3 = g[3]; + int32_t g4 = g[4]; + int32_t g5 = g[5]; + int32_t g6 = g[6]; + int32_t g7 = g[7]; + int32_t g8 = g[8]; + int32_t g9 = g[9]; + int32_t h0 = f0 + g0; + int32_t h1 = f1 + g1; + int32_t h2 = f2 + g2; + int32_t h3 = f3 + g3; + int32_t h4 = f4 + g4; + int32_t h5 = f5 + g5; + int32_t h6 = f6 + g6; + int32_t h7 = f7 + g7; + int32_t h8 = f8 + g8; + int32_t h9 = f9 + g9; + + h[0] = h0; + h[1] = h1; + h[2] = h2; + h[3] = h3; + h[4] = h4; + h[5] = h5; + h[6] = h6; + h[7] = h7; + h[8] = h8; + h[9] = h9; +} + + + +/* + Replace (f,g) with (g,g) if b == 1; + replace (f,g) with (f,g) if b == 0. + + Preconditions: b in {0,1}. +*/ + +void fe_cmov(fe f, const fe g, unsigned int b) { + int32_t f0 = f[0]; + int32_t f1 = f[1]; + int32_t f2 = f[2]; + int32_t f3 = f[3]; + int32_t f4 = f[4]; + int32_t f5 = f[5]; + int32_t f6 = f[6]; + int32_t f7 = f[7]; + int32_t f8 = f[8]; + int32_t f9 = f[9]; + int32_t g0 = g[0]; + int32_t g1 = g[1]; + int32_t g2 = g[2]; + int32_t g3 = g[3]; + int32_t g4 = g[4]; + int32_t g5 = g[5]; + int32_t g6 = g[6]; + int32_t g7 = g[7]; + int32_t g8 = g[8]; + int32_t g9 = g[9]; + int32_t x0 = f0 ^ g0; + int32_t x1 = f1 ^ g1; + int32_t x2 = f2 ^ g2; + int32_t x3 = f3 ^ g3; + int32_t x4 = f4 ^ g4; + int32_t x5 = f5 ^ g5; + int32_t x6 = f6 ^ g6; + int32_t x7 = f7 ^ g7; + int32_t x8 = f8 ^ g8; + int32_t x9 = f9 ^ g9; + + b = (unsigned int) (- (int) b); /* silence warning */ + x0 &= b; + x1 &= b; + x2 &= b; + x3 &= b; + x4 &= b; + x5 &= b; + x6 &= b; + x7 &= b; + x8 &= b; + x9 &= b; + + f[0] = f0 ^ x0; + f[1] = f1 ^ x1; + f[2] = f2 ^ x2; + f[3] = f3 ^ x3; + f[4] = f4 ^ x4; + f[5] = f5 ^ x5; + f[6] = f6 ^ x6; + f[7] = f7 ^ x7; + f[8] = f8 ^ x8; + f[9] = f9 ^ x9; +} + +/* + Replace (f,g) with (g,f) if b == 1; + replace (f,g) with (f,g) if b == 0. + + Preconditions: b in {0,1}. +*/ + +void fe_cswap(fe f,fe g,unsigned int b) { + int32_t f0 = f[0]; + int32_t f1 = f[1]; + int32_t f2 = f[2]; + int32_t f3 = f[3]; + int32_t f4 = f[4]; + int32_t f5 = f[5]; + int32_t f6 = f[6]; + int32_t f7 = f[7]; + int32_t f8 = f[8]; + int32_t f9 = f[9]; + int32_t g0 = g[0]; + int32_t g1 = g[1]; + int32_t g2 = g[2]; + int32_t g3 = g[3]; + int32_t g4 = g[4]; + int32_t g5 = g[5]; + int32_t g6 = g[6]; + int32_t g7 = g[7]; + int32_t g8 = g[8]; + int32_t g9 = g[9]; + int32_t x0 = f0 ^ g0; + int32_t x1 = f1 ^ g1; + int32_t x2 = f2 ^ g2; + int32_t x3 = f3 ^ g3; + int32_t x4 = f4 ^ g4; + int32_t x5 = f5 ^ g5; + int32_t x6 = f6 ^ g6; + int32_t x7 = f7 ^ g7; + int32_t x8 = f8 ^ g8; + int32_t x9 = f9 ^ g9; + b = (unsigned int) (- (int) b); /* silence warning */ + x0 &= b; + x1 &= b; + x2 &= b; + x3 &= b; + x4 &= b; + x5 &= b; + x6 &= b; + x7 &= b; + x8 &= b; + x9 &= b; + f[0] = f0 ^ x0; + f[1] = f1 ^ x1; + f[2] = f2 ^ x2; + f[3] = f3 ^ x3; + f[4] = f4 ^ x4; + f[5] = f5 ^ x5; + f[6] = f6 ^ x6; + f[7] = f7 ^ x7; + f[8] = f8 ^ x8; + f[9] = f9 ^ x9; + g[0] = g0 ^ x0; + g[1] = g1 ^ x1; + g[2] = g2 ^ x2; + g[3] = g3 ^ x3; + g[4] = g4 ^ x4; + g[5] = g5 ^ x5; + g[6] = g6 ^ x6; + g[7] = g7 ^ x7; + g[8] = g8 ^ x8; + g[9] = g9 ^ x9; +} + + + +/* + h = f +*/ + +void fe_copy(fe h, const fe f) { + int32_t f0 = f[0]; + int32_t f1 = f[1]; + int32_t f2 = f[2]; + int32_t f3 = f[3]; + int32_t f4 = f[4]; + int32_t f5 = f[5]; + int32_t f6 = f[6]; + int32_t f7 = f[7]; + int32_t f8 = f[8]; + int32_t f9 = f[9]; + + h[0] = f0; + h[1] = f1; + h[2] = f2; + h[3] = f3; + h[4] = f4; + h[5] = f5; + h[6] = f6; + h[7] = f7; + h[8] = f8; + h[9] = f9; +} + + + +/* + Ignores top bit of h. +*/ + +void fe_frombytes(fe h, const unsigned char *s) { + int64_t h0 = load_4(s); + int64_t h1 = load_3(s + 4) << 6; + int64_t h2 = load_3(s + 7) << 5; + int64_t h3 = load_3(s + 10) << 3; + int64_t h4 = load_3(s + 13) << 2; + int64_t h5 = load_4(s + 16); + int64_t h6 = load_3(s + 20) << 7; + int64_t h7 = load_3(s + 23) << 5; + int64_t h8 = load_3(s + 26) << 4; + int64_t h9 = (load_3(s + 29) & 8388607) << 2; + int64_t carry0; + int64_t carry1; + int64_t carry2; + int64_t carry3; + int64_t carry4; + int64_t carry5; + int64_t carry6; + int64_t carry7; + int64_t carry8; + int64_t carry9; + + carry9 = (h9 + (int64_t) (1 << 24)) >> 25; + h0 += carry9 * 19; + h9 -= carry9 << 25; + carry1 = (h1 + (int64_t) (1 << 24)) >> 25; + h2 += carry1; + h1 -= carry1 << 25; + carry3 = (h3 + (int64_t) (1 << 24)) >> 25; + h4 += carry3; + h3 -= carry3 << 25; + carry5 = (h5 + (int64_t) (1 << 24)) >> 25; + h6 += carry5; + h5 -= carry5 << 25; + carry7 = (h7 + (int64_t) (1 << 24)) >> 25; + h8 += carry7; + h7 -= carry7 << 25; + carry0 = (h0 + (int64_t) (1 << 25)) >> 26; + h1 += carry0; + h0 -= carry0 << 26; + carry2 = (h2 + (int64_t) (1 << 25)) >> 26; + h3 += carry2; + h2 -= carry2 << 26; + carry4 = (h4 + (int64_t) (1 << 25)) >> 26; + h5 += carry4; + h4 -= carry4 << 26; + carry6 = (h6 + (int64_t) (1 << 25)) >> 26; + h7 += carry6; + h6 -= carry6 << 26; + carry8 = (h8 + (int64_t) (1 << 25)) >> 26; + h9 += carry8; + h8 -= carry8 << 26; + + h[0] = (int32_t) h0; + h[1] = (int32_t) h1; + h[2] = (int32_t) h2; + h[3] = (int32_t) h3; + h[4] = (int32_t) h4; + h[5] = (int32_t) h5; + h[6] = (int32_t) h6; + h[7] = (int32_t) h7; + h[8] = (int32_t) h8; + h[9] = (int32_t) h9; +} + + + +void fe_invert(fe out, const fe z) { + fe t0; + fe t1; + fe t2; + fe t3; + int i; + + fe_sq(t0, z); + + for (i = 1; i < 1; ++i) { + fe_sq(t0, t0); + } + + fe_sq(t1, t0); + + for (i = 1; i < 2; ++i) { + fe_sq(t1, t1); + } + + fe_mul(t1, z, t1); + fe_mul(t0, t0, t1); + fe_sq(t2, t0); + + for (i = 1; i < 1; ++i) { + fe_sq(t2, t2); + } + + fe_mul(t1, t1, t2); + fe_sq(t2, t1); + + for (i = 1; i < 5; ++i) { + fe_sq(t2, t2); + } + + fe_mul(t1, t2, t1); + fe_sq(t2, t1); + + for (i = 1; i < 10; ++i) { + fe_sq(t2, t2); + } + + fe_mul(t2, t2, t1); + fe_sq(t3, t2); + + for (i = 1; i < 20; ++i) { + fe_sq(t3, t3); + } + + fe_mul(t2, t3, t2); + fe_sq(t2, t2); + + for (i = 1; i < 10; ++i) { + fe_sq(t2, t2); + } + + fe_mul(t1, t2, t1); + fe_sq(t2, t1); + + for (i = 1; i < 50; ++i) { + fe_sq(t2, t2); + } + + fe_mul(t2, t2, t1); + fe_sq(t3, t2); + + for (i = 1; i < 100; ++i) { + fe_sq(t3, t3); + } + + fe_mul(t2, t3, t2); + fe_sq(t2, t2); + + for (i = 1; i < 50; ++i) { + fe_sq(t2, t2); + } + + fe_mul(t1, t2, t1); + fe_sq(t1, t1); + + for (i = 1; i < 5; ++i) { + fe_sq(t1, t1); + } + + fe_mul(out, t1, t0); +} + + + +/* + return 1 if f is in {1,3,5,...,q-2} + return 0 if f is in {0,2,4,...,q-1} + + Preconditions: + |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. +*/ + +int fe_isnegative(const fe f) { + unsigned char s[32]; + + fe_tobytes(s, f); + + return s[0] & 1; +} + + + +/* + return 1 if f == 0 + return 0 if f != 0 + + Preconditions: + |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. +*/ + +int fe_isnonzero(const fe f) { + unsigned char s[32]; + unsigned char r; + + fe_tobytes(s, f); + + r = s[0]; + #define F(i) r |= s[i] + F(1); + F(2); + F(3); + F(4); + F(5); + F(6); + F(7); + F(8); + F(9); + F(10); + F(11); + F(12); + F(13); + F(14); + F(15); + F(16); + F(17); + F(18); + F(19); + F(20); + F(21); + F(22); + F(23); + F(24); + F(25); + F(26); + F(27); + F(28); + F(29); + F(30); + F(31); + #undef F + + return r != 0; +} + + + +/* + h = f * g + Can overlap h with f or g. + + Preconditions: + |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc. + |g| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc. + + Postconditions: + |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc. + */ + + /* + Notes on implementation strategy: + + Using schoolbook multiplication. + Karatsuba would save a little in some cost models. + + Most multiplications by 2 and 19 are 32-bit precomputations; + cheaper than 64-bit postcomputations. + + There is one remaining multiplication by 19 in the carry chain; + one *19 precomputation can be merged into this, + but the resulting data flow is considerably less clean. + + There are 12 carries below. + 10 of them are 2-way parallelizable and vectorizable. + Can get away with 11 carries, but then data flow is much deeper. + + With tighter constraints on inputs can squeeze carries into int32. +*/ + +void fe_mul(fe h, const fe f, const fe g) { + int32_t f0 = f[0]; + int32_t f1 = f[1]; + int32_t f2 = f[2]; + int32_t f3 = f[3]; + int32_t f4 = f[4]; + int32_t f5 = f[5]; + int32_t f6 = f[6]; + int32_t f7 = f[7]; + int32_t f8 = f[8]; + int32_t f9 = f[9]; + int32_t g0 = g[0]; + int32_t g1 = g[1]; + int32_t g2 = g[2]; + int32_t g3 = g[3]; + int32_t g4 = g[4]; + int32_t g5 = g[5]; + int32_t g6 = g[6]; + int32_t g7 = g[7]; + int32_t g8 = g[8]; + int32_t g9 = g[9]; + int32_t g1_19 = 19 * g1; /* 1.959375*2^29 */ + int32_t g2_19 = 19 * g2; /* 1.959375*2^30; still ok */ + int32_t g3_19 = 19 * g3; + int32_t g4_19 = 19 * g4; + int32_t g5_19 = 19 * g5; + int32_t g6_19 = 19 * g6; + int32_t g7_19 = 19 * g7; + int32_t g8_19 = 19 * g8; + int32_t g9_19 = 19 * g9; + int32_t f1_2 = 2 * f1; + int32_t f3_2 = 2 * f3; + int32_t f5_2 = 2 * f5; + int32_t f7_2 = 2 * f7; + int32_t f9_2 = 2 * f9; + int64_t f0g0 = f0 * (int64_t) g0; + int64_t f0g1 = f0 * (int64_t) g1; + int64_t f0g2 = f0 * (int64_t) g2; + int64_t f0g3 = f0 * (int64_t) g3; + int64_t f0g4 = f0 * (int64_t) g4; + int64_t f0g5 = f0 * (int64_t) g5; + int64_t f0g6 = f0 * (int64_t) g6; + int64_t f0g7 = f0 * (int64_t) g7; + int64_t f0g8 = f0 * (int64_t) g8; + int64_t f0g9 = f0 * (int64_t) g9; + int64_t f1g0 = f1 * (int64_t) g0; + int64_t f1g1_2 = f1_2 * (int64_t) g1; + int64_t f1g2 = f1 * (int64_t) g2; + int64_t f1g3_2 = f1_2 * (int64_t) g3; + int64_t f1g4 = f1 * (int64_t) g4; + int64_t f1g5_2 = f1_2 * (int64_t) g5; + int64_t f1g6 = f1 * (int64_t) g6; + int64_t f1g7_2 = f1_2 * (int64_t) g7; + int64_t f1g8 = f1 * (int64_t) g8; + int64_t f1g9_38 = f1_2 * (int64_t) g9_19; + int64_t f2g0 = f2 * (int64_t) g0; + int64_t f2g1 = f2 * (int64_t) g1; + int64_t f2g2 = f2 * (int64_t) g2; + int64_t f2g3 = f2 * (int64_t) g3; + int64_t f2g4 = f2 * (int64_t) g4; + int64_t f2g5 = f2 * (int64_t) g5; + int64_t f2g6 = f2 * (int64_t) g6; + int64_t f2g7 = f2 * (int64_t) g7; + int64_t f2g8_19 = f2 * (int64_t) g8_19; + int64_t f2g9_19 = f2 * (int64_t) g9_19; + int64_t f3g0 = f3 * (int64_t) g0; + int64_t f3g1_2 = f3_2 * (int64_t) g1; + int64_t f3g2 = f3 * (int64_t) g2; + int64_t f3g3_2 = f3_2 * (int64_t) g3; + int64_t f3g4 = f3 * (int64_t) g4; + int64_t f3g5_2 = f3_2 * (int64_t) g5; + int64_t f3g6 = f3 * (int64_t) g6; + int64_t f3g7_38 = f3_2 * (int64_t) g7_19; + int64_t f3g8_19 = f3 * (int64_t) g8_19; + int64_t f3g9_38 = f3_2 * (int64_t) g9_19; + int64_t f4g0 = f4 * (int64_t) g0; + int64_t f4g1 = f4 * (int64_t) g1; + int64_t f4g2 = f4 * (int64_t) g2; + int64_t f4g3 = f4 * (int64_t) g3; + int64_t f4g4 = f4 * (int64_t) g4; + int64_t f4g5 = f4 * (int64_t) g5; + int64_t f4g6_19 = f4 * (int64_t) g6_19; + int64_t f4g7_19 = f4 * (int64_t) g7_19; + int64_t f4g8_19 = f4 * (int64_t) g8_19; + int64_t f4g9_19 = f4 * (int64_t) g9_19; + int64_t f5g0 = f5 * (int64_t) g0; + int64_t f5g1_2 = f5_2 * (int64_t) g1; + int64_t f5g2 = f5 * (int64_t) g2; + int64_t f5g3_2 = f5_2 * (int64_t) g3; + int64_t f5g4 = f5 * (int64_t) g4; + int64_t f5g5_38 = f5_2 * (int64_t) g5_19; + int64_t f5g6_19 = f5 * (int64_t) g6_19; + int64_t f5g7_38 = f5_2 * (int64_t) g7_19; + int64_t f5g8_19 = f5 * (int64_t) g8_19; + int64_t f5g9_38 = f5_2 * (int64_t) g9_19; + int64_t f6g0 = f6 * (int64_t) g0; + int64_t f6g1 = f6 * (int64_t) g1; + int64_t f6g2 = f6 * (int64_t) g2; + int64_t f6g3 = f6 * (int64_t) g3; + int64_t f6g4_19 = f6 * (int64_t) g4_19; + int64_t f6g5_19 = f6 * (int64_t) g5_19; + int64_t f6g6_19 = f6 * (int64_t) g6_19; + int64_t f6g7_19 = f6 * (int64_t) g7_19; + int64_t f6g8_19 = f6 * (int64_t) g8_19; + int64_t f6g9_19 = f6 * (int64_t) g9_19; + int64_t f7g0 = f7 * (int64_t) g0; + int64_t f7g1_2 = f7_2 * (int64_t) g1; + int64_t f7g2 = f7 * (int64_t) g2; + int64_t f7g3_38 = f7_2 * (int64_t) g3_19; + int64_t f7g4_19 = f7 * (int64_t) g4_19; + int64_t f7g5_38 = f7_2 * (int64_t) g5_19; + int64_t f7g6_19 = f7 * (int64_t) g6_19; + int64_t f7g7_38 = f7_2 * (int64_t) g7_19; + int64_t f7g8_19 = f7 * (int64_t) g8_19; + int64_t f7g9_38 = f7_2 * (int64_t) g9_19; + int64_t f8g0 = f8 * (int64_t) g0; + int64_t f8g1 = f8 * (int64_t) g1; + int64_t f8g2_19 = f8 * (int64_t) g2_19; + int64_t f8g3_19 = f8 * (int64_t) g3_19; + int64_t f8g4_19 = f8 * (int64_t) g4_19; + int64_t f8g5_19 = f8 * (int64_t) g5_19; + int64_t f8g6_19 = f8 * (int64_t) g6_19; + int64_t f8g7_19 = f8 * (int64_t) g7_19; + int64_t f8g8_19 = f8 * (int64_t) g8_19; + int64_t f8g9_19 = f8 * (int64_t) g9_19; + int64_t f9g0 = f9 * (int64_t) g0; + int64_t f9g1_38 = f9_2 * (int64_t) g1_19; + int64_t f9g2_19 = f9 * (int64_t) g2_19; + int64_t f9g3_38 = f9_2 * (int64_t) g3_19; + int64_t f9g4_19 = f9 * (int64_t) g4_19; + int64_t f9g5_38 = f9_2 * (int64_t) g5_19; + int64_t f9g6_19 = f9 * (int64_t) g6_19; + int64_t f9g7_38 = f9_2 * (int64_t) g7_19; + int64_t f9g8_19 = f9 * (int64_t) g8_19; + int64_t f9g9_38 = f9_2 * (int64_t) g9_19; + int64_t h0 = f0g0 + f1g9_38 + f2g8_19 + f3g7_38 + f4g6_19 + f5g5_38 + f6g4_19 + f7g3_38 + f8g2_19 + f9g1_38; + int64_t h1 = f0g1 + f1g0 + f2g9_19 + f3g8_19 + f4g7_19 + f5g6_19 + f6g5_19 + f7g4_19 + f8g3_19 + f9g2_19; + int64_t h2 = f0g2 + f1g1_2 + f2g0 + f3g9_38 + f4g8_19 + f5g7_38 + f6g6_19 + f7g5_38 + f8g4_19 + f9g3_38; + int64_t h3 = f0g3 + f1g2 + f2g1 + f3g0 + f4g9_19 + f5g8_19 + f6g7_19 + f7g6_19 + f8g5_19 + f9g4_19; + int64_t h4 = f0g4 + f1g3_2 + f2g2 + f3g1_2 + f4g0 + f5g9_38 + f6g8_19 + f7g7_38 + f8g6_19 + f9g5_38; + int64_t h5 = f0g5 + f1g4 + f2g3 + f3g2 + f4g1 + f5g0 + f6g9_19 + f7g8_19 + f8g7_19 + f9g6_19; + int64_t h6 = f0g6 + f1g5_2 + f2g4 + f3g3_2 + f4g2 + f5g1_2 + f6g0 + f7g9_38 + f8g8_19 + f9g7_38; + int64_t h7 = f0g7 + f1g6 + f2g5 + f3g4 + f4g3 + f5g2 + f6g1 + f7g0 + f8g9_19 + f9g8_19; + int64_t h8 = f0g8 + f1g7_2 + f2g6 + f3g5_2 + f4g4 + f5g3_2 + f6g2 + f7g1_2 + f8g0 + f9g9_38; + int64_t h9 = f0g9 + f1g8 + f2g7 + f3g6 + f4g5 + f5g4 + f6g3 + f7g2 + f8g1 + f9g0 ; + int64_t carry0; + int64_t carry1; + int64_t carry2; + int64_t carry3; + int64_t carry4; + int64_t carry5; + int64_t carry6; + int64_t carry7; + int64_t carry8; + int64_t carry9; + + carry0 = (h0 + (int64_t) (1 << 25)) >> 26; + h1 += carry0; + h0 -= carry0 << 26; + carry4 = (h4 + (int64_t) (1 << 25)) >> 26; + h5 += carry4; + h4 -= carry4 << 26; + + carry1 = (h1 + (int64_t) (1 << 24)) >> 25; + h2 += carry1; + h1 -= carry1 << 25; + carry5 = (h5 + (int64_t) (1 << 24)) >> 25; + h6 += carry5; + h5 -= carry5 << 25; + + carry2 = (h2 + (int64_t) (1 << 25)) >> 26; + h3 += carry2; + h2 -= carry2 << 26; + carry6 = (h6 + (int64_t) (1 << 25)) >> 26; + h7 += carry6; + h6 -= carry6 << 26; + + carry3 = (h3 + (int64_t) (1 << 24)) >> 25; + h4 += carry3; + h3 -= carry3 << 25; + carry7 = (h7 + (int64_t) (1 << 24)) >> 25; + h8 += carry7; + h7 -= carry7 << 25; + + carry4 = (h4 + (int64_t) (1 << 25)) >> 26; + h5 += carry4; + h4 -= carry4 << 26; + carry8 = (h8 + (int64_t) (1 << 25)) >> 26; + h9 += carry8; + h8 -= carry8 << 26; + + carry9 = (h9 + (int64_t) (1 << 24)) >> 25; + h0 += carry9 * 19; + h9 -= carry9 << 25; + + carry0 = (h0 + (int64_t) (1 << 25)) >> 26; + h1 += carry0; + h0 -= carry0 << 26; + + h[0] = (int32_t) h0; + h[1] = (int32_t) h1; + h[2] = (int32_t) h2; + h[3] = (int32_t) h3; + h[4] = (int32_t) h4; + h[5] = (int32_t) h5; + h[6] = (int32_t) h6; + h[7] = (int32_t) h7; + h[8] = (int32_t) h8; + h[9] = (int32_t) h9; +} + + +/* +h = f * 121666 +Can overlap h with f. + +Preconditions: + |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. + +Postconditions: + |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. +*/ + +void fe_mul121666(fe h, fe f) { + int32_t f0 = f[0]; + int32_t f1 = f[1]; + int32_t f2 = f[2]; + int32_t f3 = f[3]; + int32_t f4 = f[4]; + int32_t f5 = f[5]; + int32_t f6 = f[6]; + int32_t f7 = f[7]; + int32_t f8 = f[8]; + int32_t f9 = f[9]; + int64_t h0 = f0 * (int64_t) 121666; + int64_t h1 = f1 * (int64_t) 121666; + int64_t h2 = f2 * (int64_t) 121666; + int64_t h3 = f3 * (int64_t) 121666; + int64_t h4 = f4 * (int64_t) 121666; + int64_t h5 = f5 * (int64_t) 121666; + int64_t h6 = f6 * (int64_t) 121666; + int64_t h7 = f7 * (int64_t) 121666; + int64_t h8 = f8 * (int64_t) 121666; + int64_t h9 = f9 * (int64_t) 121666; + int64_t carry0; + int64_t carry1; + int64_t carry2; + int64_t carry3; + int64_t carry4; + int64_t carry5; + int64_t carry6; + int64_t carry7; + int64_t carry8; + int64_t carry9; + + carry9 = (h9 + (int64_t) (1<<24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25; + carry1 = (h1 + (int64_t) (1<<24)) >> 25; h2 += carry1; h1 -= carry1 << 25; + carry3 = (h3 + (int64_t) (1<<24)) >> 25; h4 += carry3; h3 -= carry3 << 25; + carry5 = (h5 + (int64_t) (1<<24)) >> 25; h6 += carry5; h5 -= carry5 << 25; + carry7 = (h7 + (int64_t) (1<<24)) >> 25; h8 += carry7; h7 -= carry7 << 25; + + carry0 = (h0 + (int64_t) (1<<25)) >> 26; h1 += carry0; h0 -= carry0 << 26; + carry2 = (h2 + (int64_t) (1<<25)) >> 26; h3 += carry2; h2 -= carry2 << 26; + carry4 = (h4 + (int64_t) (1<<25)) >> 26; h5 += carry4; h4 -= carry4 << 26; + carry6 = (h6 + (int64_t) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26; + carry8 = (h8 + (int64_t) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26; + + h[0] = (int32_t) h0; + h[1] = (int32_t) h1; + h[2] = (int32_t) h2; + h[3] = (int32_t) h3; + h[4] = (int32_t) h4; + h[5] = (int32_t) h5; + h[6] = (int32_t) h6; + h[7] = (int32_t) h7; + h[8] = (int32_t) h8; + h[9] = (int32_t) h9; +} + + +/* +h = -f + +Preconditions: + |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. + +Postconditions: + |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. +*/ + +void fe_neg(fe h, const fe f) { + int32_t f0 = f[0]; + int32_t f1 = f[1]; + int32_t f2 = f[2]; + int32_t f3 = f[3]; + int32_t f4 = f[4]; + int32_t f5 = f[5]; + int32_t f6 = f[6]; + int32_t f7 = f[7]; + int32_t f8 = f[8]; + int32_t f9 = f[9]; + int32_t h0 = -f0; + int32_t h1 = -f1; + int32_t h2 = -f2; + int32_t h3 = -f3; + int32_t h4 = -f4; + int32_t h5 = -f5; + int32_t h6 = -f6; + int32_t h7 = -f7; + int32_t h8 = -f8; + int32_t h9 = -f9; + + h[0] = h0; + h[1] = h1; + h[2] = h2; + h[3] = h3; + h[4] = h4; + h[5] = h5; + h[6] = h6; + h[7] = h7; + h[8] = h8; + h[9] = h9; +} + + +void fe_pow22523(fe out, const fe z) { + fe t0; + fe t1; + fe t2; + int i; + fe_sq(t0, z); + + for (i = 1; i < 1; ++i) { + fe_sq(t0, t0); + } + + fe_sq(t1, t0); + + for (i = 1; i < 2; ++i) { + fe_sq(t1, t1); + } + + fe_mul(t1, z, t1); + fe_mul(t0, t0, t1); + fe_sq(t0, t0); + + for (i = 1; i < 1; ++i) { + fe_sq(t0, t0); + } + + fe_mul(t0, t1, t0); + fe_sq(t1, t0); + + for (i = 1; i < 5; ++i) { + fe_sq(t1, t1); + } + + fe_mul(t0, t1, t0); + fe_sq(t1, t0); + + for (i = 1; i < 10; ++i) { + fe_sq(t1, t1); + } + + fe_mul(t1, t1, t0); + fe_sq(t2, t1); + + for (i = 1; i < 20; ++i) { + fe_sq(t2, t2); + } + + fe_mul(t1, t2, t1); + fe_sq(t1, t1); + + for (i = 1; i < 10; ++i) { + fe_sq(t1, t1); + } + + fe_mul(t0, t1, t0); + fe_sq(t1, t0); + + for (i = 1; i < 50; ++i) { + fe_sq(t1, t1); + } + + fe_mul(t1, t1, t0); + fe_sq(t2, t1); + + for (i = 1; i < 100; ++i) { + fe_sq(t2, t2); + } + + fe_mul(t1, t2, t1); + fe_sq(t1, t1); + + for (i = 1; i < 50; ++i) { + fe_sq(t1, t1); + } + + fe_mul(t0, t1, t0); + fe_sq(t0, t0); + + for (i = 1; i < 2; ++i) { + fe_sq(t0, t0); + } + + fe_mul(out, t0, z); + return; +} + + +/* +h = f * f +Can overlap h with f. + +Preconditions: + |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc. + +Postconditions: + |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc. +*/ + +/* +See fe_mul.c for discussion of implementation strategy. +*/ + +void fe_sq(fe h, const fe f) { + int32_t f0 = f[0]; + int32_t f1 = f[1]; + int32_t f2 = f[2]; + int32_t f3 = f[3]; + int32_t f4 = f[4]; + int32_t f5 = f[5]; + int32_t f6 = f[6]; + int32_t f7 = f[7]; + int32_t f8 = f[8]; + int32_t f9 = f[9]; + int32_t f0_2 = 2 * f0; + int32_t f1_2 = 2 * f1; + int32_t f2_2 = 2 * f2; + int32_t f3_2 = 2 * f3; + int32_t f4_2 = 2 * f4; + int32_t f5_2 = 2 * f5; + int32_t f6_2 = 2 * f6; + int32_t f7_2 = 2 * f7; + int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */ + int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */ + int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */ + int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */ + int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */ + int64_t f0f0 = f0 * (int64_t) f0; + int64_t f0f1_2 = f0_2 * (int64_t) f1; + int64_t f0f2_2 = f0_2 * (int64_t) f2; + int64_t f0f3_2 = f0_2 * (int64_t) f3; + int64_t f0f4_2 = f0_2 * (int64_t) f4; + int64_t f0f5_2 = f0_2 * (int64_t) f5; + int64_t f0f6_2 = f0_2 * (int64_t) f6; + int64_t f0f7_2 = f0_2 * (int64_t) f7; + int64_t f0f8_2 = f0_2 * (int64_t) f8; + int64_t f0f9_2 = f0_2 * (int64_t) f9; + int64_t f1f1_2 = f1_2 * (int64_t) f1; + int64_t f1f2_2 = f1_2 * (int64_t) f2; + int64_t f1f3_4 = f1_2 * (int64_t) f3_2; + int64_t f1f4_2 = f1_2 * (int64_t) f4; + int64_t f1f5_4 = f1_2 * (int64_t) f5_2; + int64_t f1f6_2 = f1_2 * (int64_t) f6; + int64_t f1f7_4 = f1_2 * (int64_t) f7_2; + int64_t f1f8_2 = f1_2 * (int64_t) f8; + int64_t f1f9_76 = f1_2 * (int64_t) f9_38; + int64_t f2f2 = f2 * (int64_t) f2; + int64_t f2f3_2 = f2_2 * (int64_t) f3; + int64_t f2f4_2 = f2_2 * (int64_t) f4; + int64_t f2f5_2 = f2_2 * (int64_t) f5; + int64_t f2f6_2 = f2_2 * (int64_t) f6; + int64_t f2f7_2 = f2_2 * (int64_t) f7; + int64_t f2f8_38 = f2_2 * (int64_t) f8_19; + int64_t f2f9_38 = f2 * (int64_t) f9_38; + int64_t f3f3_2 = f3_2 * (int64_t) f3; + int64_t f3f4_2 = f3_2 * (int64_t) f4; + int64_t f3f5_4 = f3_2 * (int64_t) f5_2; + int64_t f3f6_2 = f3_2 * (int64_t) f6; + int64_t f3f7_76 = f3_2 * (int64_t) f7_38; + int64_t f3f8_38 = f3_2 * (int64_t) f8_19; + int64_t f3f9_76 = f3_2 * (int64_t) f9_38; + int64_t f4f4 = f4 * (int64_t) f4; + int64_t f4f5_2 = f4_2 * (int64_t) f5; + int64_t f4f6_38 = f4_2 * (int64_t) f6_19; + int64_t f4f7_38 = f4 * (int64_t) f7_38; + int64_t f4f8_38 = f4_2 * (int64_t) f8_19; + int64_t f4f9_38 = f4 * (int64_t) f9_38; + int64_t f5f5_38 = f5 * (int64_t) f5_38; + int64_t f5f6_38 = f5_2 * (int64_t) f6_19; + int64_t f5f7_76 = f5_2 * (int64_t) f7_38; + int64_t f5f8_38 = f5_2 * (int64_t) f8_19; + int64_t f5f9_76 = f5_2 * (int64_t) f9_38; + int64_t f6f6_19 = f6 * (int64_t) f6_19; + int64_t f6f7_38 = f6 * (int64_t) f7_38; + int64_t f6f8_38 = f6_2 * (int64_t) f8_19; + int64_t f6f9_38 = f6 * (int64_t) f9_38; + int64_t f7f7_38 = f7 * (int64_t) f7_38; + int64_t f7f8_38 = f7_2 * (int64_t) f8_19; + int64_t f7f9_76 = f7_2 * (int64_t) f9_38; + int64_t f8f8_19 = f8 * (int64_t) f8_19; + int64_t f8f9_38 = f8 * (int64_t) f9_38; + int64_t f9f9_38 = f9 * (int64_t) f9_38; + int64_t h0 = f0f0 + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38; + int64_t h1 = f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38; + int64_t h2 = f0f2_2 + f1f1_2 + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19; + int64_t h3 = f0f3_2 + f1f2_2 + f4f9_38 + f5f8_38 + f6f7_38; + int64_t h4 = f0f4_2 + f1f3_4 + f2f2 + f5f9_76 + f6f8_38 + f7f7_38; + int64_t h5 = f0f5_2 + f1f4_2 + f2f3_2 + f6f9_38 + f7f8_38; + int64_t h6 = f0f6_2 + f1f5_4 + f2f4_2 + f3f3_2 + f7f9_76 + f8f8_19; + int64_t h7 = f0f7_2 + f1f6_2 + f2f5_2 + f3f4_2 + f8f9_38; + int64_t h8 = f0f8_2 + f1f7_4 + f2f6_2 + f3f5_4 + f4f4 + f9f9_38; + int64_t h9 = f0f9_2 + f1f8_2 + f2f7_2 + f3f6_2 + f4f5_2; + int64_t carry0; + int64_t carry1; + int64_t carry2; + int64_t carry3; + int64_t carry4; + int64_t carry5; + int64_t carry6; + int64_t carry7; + int64_t carry8; + int64_t carry9; + carry0 = (h0 + (int64_t) (1 << 25)) >> 26; + h1 += carry0; + h0 -= carry0 << 26; + carry4 = (h4 + (int64_t) (1 << 25)) >> 26; + h5 += carry4; + h4 -= carry4 << 26; + carry1 = (h1 + (int64_t) (1 << 24)) >> 25; + h2 += carry1; + h1 -= carry1 << 25; + carry5 = (h5 + (int64_t) (1 << 24)) >> 25; + h6 += carry5; + h5 -= carry5 << 25; + carry2 = (h2 + (int64_t) (1 << 25)) >> 26; + h3 += carry2; + h2 -= carry2 << 26; + carry6 = (h6 + (int64_t) (1 << 25)) >> 26; + h7 += carry6; + h6 -= carry6 << 26; + carry3 = (h3 + (int64_t) (1 << 24)) >> 25; + h4 += carry3; + h3 -= carry3 << 25; + carry7 = (h7 + (int64_t) (1 << 24)) >> 25; + h8 += carry7; + h7 -= carry7 << 25; + carry4 = (h4 + (int64_t) (1 << 25)) >> 26; + h5 += carry4; + h4 -= carry4 << 26; + carry8 = (h8 + (int64_t) (1 << 25)) >> 26; + h9 += carry8; + h8 -= carry8 << 26; + carry9 = (h9 + (int64_t) (1 << 24)) >> 25; + h0 += carry9 * 19; + h9 -= carry9 << 25; + carry0 = (h0 + (int64_t) (1 << 25)) >> 26; + h1 += carry0; + h0 -= carry0 << 26; + h[0] = (int32_t) h0; + h[1] = (int32_t) h1; + h[2] = (int32_t) h2; + h[3] = (int32_t) h3; + h[4] = (int32_t) h4; + h[5] = (int32_t) h5; + h[6] = (int32_t) h6; + h[7] = (int32_t) h7; + h[8] = (int32_t) h8; + h[9] = (int32_t) h9; +} + + +/* +h = 2 * f * f +Can overlap h with f. + +Preconditions: + |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc. + +Postconditions: + |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc. +*/ + +/* +See fe_mul.c for discussion of implementation strategy. +*/ + +void fe_sq2(fe h, const fe f) { + int32_t f0 = f[0]; + int32_t f1 = f[1]; + int32_t f2 = f[2]; + int32_t f3 = f[3]; + int32_t f4 = f[4]; + int32_t f5 = f[5]; + int32_t f6 = f[6]; + int32_t f7 = f[7]; + int32_t f8 = f[8]; + int32_t f9 = f[9]; + int32_t f0_2 = 2 * f0; + int32_t f1_2 = 2 * f1; + int32_t f2_2 = 2 * f2; + int32_t f3_2 = 2 * f3; + int32_t f4_2 = 2 * f4; + int32_t f5_2 = 2 * f5; + int32_t f6_2 = 2 * f6; + int32_t f7_2 = 2 * f7; + int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */ + int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */ + int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */ + int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */ + int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */ + int64_t f0f0 = f0 * (int64_t) f0; + int64_t f0f1_2 = f0_2 * (int64_t) f1; + int64_t f0f2_2 = f0_2 * (int64_t) f2; + int64_t f0f3_2 = f0_2 * (int64_t) f3; + int64_t f0f4_2 = f0_2 * (int64_t) f4; + int64_t f0f5_2 = f0_2 * (int64_t) f5; + int64_t f0f6_2 = f0_2 * (int64_t) f6; + int64_t f0f7_2 = f0_2 * (int64_t) f7; + int64_t f0f8_2 = f0_2 * (int64_t) f8; + int64_t f0f9_2 = f0_2 * (int64_t) f9; + int64_t f1f1_2 = f1_2 * (int64_t) f1; + int64_t f1f2_2 = f1_2 * (int64_t) f2; + int64_t f1f3_4 = f1_2 * (int64_t) f3_2; + int64_t f1f4_2 = f1_2 * (int64_t) f4; + int64_t f1f5_4 = f1_2 * (int64_t) f5_2; + int64_t f1f6_2 = f1_2 * (int64_t) f6; + int64_t f1f7_4 = f1_2 * (int64_t) f7_2; + int64_t f1f8_2 = f1_2 * (int64_t) f8; + int64_t f1f9_76 = f1_2 * (int64_t) f9_38; + int64_t f2f2 = f2 * (int64_t) f2; + int64_t f2f3_2 = f2_2 * (int64_t) f3; + int64_t f2f4_2 = f2_2 * (int64_t) f4; + int64_t f2f5_2 = f2_2 * (int64_t) f5; + int64_t f2f6_2 = f2_2 * (int64_t) f6; + int64_t f2f7_2 = f2_2 * (int64_t) f7; + int64_t f2f8_38 = f2_2 * (int64_t) f8_19; + int64_t f2f9_38 = f2 * (int64_t) f9_38; + int64_t f3f3_2 = f3_2 * (int64_t) f3; + int64_t f3f4_2 = f3_2 * (int64_t) f4; + int64_t f3f5_4 = f3_2 * (int64_t) f5_2; + int64_t f3f6_2 = f3_2 * (int64_t) f6; + int64_t f3f7_76 = f3_2 * (int64_t) f7_38; + int64_t f3f8_38 = f3_2 * (int64_t) f8_19; + int64_t f3f9_76 = f3_2 * (int64_t) f9_38; + int64_t f4f4 = f4 * (int64_t) f4; + int64_t f4f5_2 = f4_2 * (int64_t) f5; + int64_t f4f6_38 = f4_2 * (int64_t) f6_19; + int64_t f4f7_38 = f4 * (int64_t) f7_38; + int64_t f4f8_38 = f4_2 * (int64_t) f8_19; + int64_t f4f9_38 = f4 * (int64_t) f9_38; + int64_t f5f5_38 = f5 * (int64_t) f5_38; + int64_t f5f6_38 = f5_2 * (int64_t) f6_19; + int64_t f5f7_76 = f5_2 * (int64_t) f7_38; + int64_t f5f8_38 = f5_2 * (int64_t) f8_19; + int64_t f5f9_76 = f5_2 * (int64_t) f9_38; + int64_t f6f6_19 = f6 * (int64_t) f6_19; + int64_t f6f7_38 = f6 * (int64_t) f7_38; + int64_t f6f8_38 = f6_2 * (int64_t) f8_19; + int64_t f6f9_38 = f6 * (int64_t) f9_38; + int64_t f7f7_38 = f7 * (int64_t) f7_38; + int64_t f7f8_38 = f7_2 * (int64_t) f8_19; + int64_t f7f9_76 = f7_2 * (int64_t) f9_38; + int64_t f8f8_19 = f8 * (int64_t) f8_19; + int64_t f8f9_38 = f8 * (int64_t) f9_38; + int64_t f9f9_38 = f9 * (int64_t) f9_38; + int64_t h0 = f0f0 + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38; + int64_t h1 = f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38; + int64_t h2 = f0f2_2 + f1f1_2 + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19; + int64_t h3 = f0f3_2 + f1f2_2 + f4f9_38 + f5f8_38 + f6f7_38; + int64_t h4 = f0f4_2 + f1f3_4 + f2f2 + f5f9_76 + f6f8_38 + f7f7_38; + int64_t h5 = f0f5_2 + f1f4_2 + f2f3_2 + f6f9_38 + f7f8_38; + int64_t h6 = f0f6_2 + f1f5_4 + f2f4_2 + f3f3_2 + f7f9_76 + f8f8_19; + int64_t h7 = f0f7_2 + f1f6_2 + f2f5_2 + f3f4_2 + f8f9_38; + int64_t h8 = f0f8_2 + f1f7_4 + f2f6_2 + f3f5_4 + f4f4 + f9f9_38; + int64_t h9 = f0f9_2 + f1f8_2 + f2f7_2 + f3f6_2 + f4f5_2; + int64_t carry0; + int64_t carry1; + int64_t carry2; + int64_t carry3; + int64_t carry4; + int64_t carry5; + int64_t carry6; + int64_t carry7; + int64_t carry8; + int64_t carry9; + h0 += h0; + h1 += h1; + h2 += h2; + h3 += h3; + h4 += h4; + h5 += h5; + h6 += h6; + h7 += h7; + h8 += h8; + h9 += h9; + carry0 = (h0 + (int64_t) (1 << 25)) >> 26; + h1 += carry0; + h0 -= carry0 << 26; + carry4 = (h4 + (int64_t) (1 << 25)) >> 26; + h5 += carry4; + h4 -= carry4 << 26; + carry1 = (h1 + (int64_t) (1 << 24)) >> 25; + h2 += carry1; + h1 -= carry1 << 25; + carry5 = (h5 + (int64_t) (1 << 24)) >> 25; + h6 += carry5; + h5 -= carry5 << 25; + carry2 = (h2 + (int64_t) (1 << 25)) >> 26; + h3 += carry2; + h2 -= carry2 << 26; + carry6 = (h6 + (int64_t) (1 << 25)) >> 26; + h7 += carry6; + h6 -= carry6 << 26; + carry3 = (h3 + (int64_t) (1 << 24)) >> 25; + h4 += carry3; + h3 -= carry3 << 25; + carry7 = (h7 + (int64_t) (1 << 24)) >> 25; + h8 += carry7; + h7 -= carry7 << 25; + carry4 = (h4 + (int64_t) (1 << 25)) >> 26; + h5 += carry4; + h4 -= carry4 << 26; + carry8 = (h8 + (int64_t) (1 << 25)) >> 26; + h9 += carry8; + h8 -= carry8 << 26; + carry9 = (h9 + (int64_t) (1 << 24)) >> 25; + h0 += carry9 * 19; + h9 -= carry9 << 25; + carry0 = (h0 + (int64_t) (1 << 25)) >> 26; + h1 += carry0; + h0 -= carry0 << 26; + h[0] = (int32_t) h0; + h[1] = (int32_t) h1; + h[2] = (int32_t) h2; + h[3] = (int32_t) h3; + h[4] = (int32_t) h4; + h[5] = (int32_t) h5; + h[6] = (int32_t) h6; + h[7] = (int32_t) h7; + h[8] = (int32_t) h8; + h[9] = (int32_t) h9; +} + + +/* +h = f - g +Can overlap h with f or g. + +Preconditions: + |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. + |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. + +Postconditions: + |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. +*/ + +void fe_sub(fe h, const fe f, const fe g) { + int32_t f0 = f[0]; + int32_t f1 = f[1]; + int32_t f2 = f[2]; + int32_t f3 = f[3]; + int32_t f4 = f[4]; + int32_t f5 = f[5]; + int32_t f6 = f[6]; + int32_t f7 = f[7]; + int32_t f8 = f[8]; + int32_t f9 = f[9]; + int32_t g0 = g[0]; + int32_t g1 = g[1]; + int32_t g2 = g[2]; + int32_t g3 = g[3]; + int32_t g4 = g[4]; + int32_t g5 = g[5]; + int32_t g6 = g[6]; + int32_t g7 = g[7]; + int32_t g8 = g[8]; + int32_t g9 = g[9]; + int32_t h0 = f0 - g0; + int32_t h1 = f1 - g1; + int32_t h2 = f2 - g2; + int32_t h3 = f3 - g3; + int32_t h4 = f4 - g4; + int32_t h5 = f5 - g5; + int32_t h6 = f6 - g6; + int32_t h7 = f7 - g7; + int32_t h8 = f8 - g8; + int32_t h9 = f9 - g9; + + h[0] = h0; + h[1] = h1; + h[2] = h2; + h[3] = h3; + h[4] = h4; + h[5] = h5; + h[6] = h6; + h[7] = h7; + h[8] = h8; + h[9] = h9; +} + + + +/* +Preconditions: + |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. + +Write p=2^255-19; q=floor(h/p). +Basic claim: q = floor(2^(-255)(h + 19 2^(-25)h9 + 2^(-1))). + +Proof: + Have |h|<=p so |q|<=1 so |19^2 2^(-255) q|<1/4. + Also have |h-2^230 h9|<2^231 so |19 2^(-255)(h-2^230 h9)|<1/4. + + Write y=2^(-1)-19^2 2^(-255)q-19 2^(-255)(h-2^230 h9). + Then 0> 25; + q = (h0 + q) >> 26; + q = (h1 + q) >> 25; + q = (h2 + q) >> 26; + q = (h3 + q) >> 25; + q = (h4 + q) >> 26; + q = (h5 + q) >> 25; + q = (h6 + q) >> 26; + q = (h7 + q) >> 25; + q = (h8 + q) >> 26; + q = (h9 + q) >> 25; + /* Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20. */ + h0 += 19 * q; + /* Goal: Output h-2^255 q, which is between 0 and 2^255-20. */ + carry0 = h0 >> 26; + h1 += carry0; + h0 -= carry0 << 26; + carry1 = h1 >> 25; + h2 += carry1; + h1 -= carry1 << 25; + carry2 = h2 >> 26; + h3 += carry2; + h2 -= carry2 << 26; + carry3 = h3 >> 25; + h4 += carry3; + h3 -= carry3 << 25; + carry4 = h4 >> 26; + h5 += carry4; + h4 -= carry4 << 26; + carry5 = h5 >> 25; + h6 += carry5; + h5 -= carry5 << 25; + carry6 = h6 >> 26; + h7 += carry6; + h6 -= carry6 << 26; + carry7 = h7 >> 25; + h8 += carry7; + h7 -= carry7 << 25; + carry8 = h8 >> 26; + h9 += carry8; + h8 -= carry8 << 26; + carry9 = h9 >> 25; + h9 -= carry9 << 25; + + /* h10 = carry9 */ + /* + Goal: Output h0+...+2^255 h10-2^255 q, which is between 0 and 2^255-20. + Have h0+...+2^230 h9 between 0 and 2^255-1; + evidently 2^255 h10-2^255 q = 0. + Goal: Output h0+...+2^230 h9. + */ + s[0] = (unsigned char) (h0 >> 0); + s[1] = (unsigned char) (h0 >> 8); + s[2] = (unsigned char) (h0 >> 16); + s[3] = (unsigned char) ((h0 >> 24) | (h1 << 2)); + s[4] = (unsigned char) (h1 >> 6); + s[5] = (unsigned char) (h1 >> 14); + s[6] = (unsigned char) ((h1 >> 22) | (h2 << 3)); + s[7] = (unsigned char) (h2 >> 5); + s[8] = (unsigned char) (h2 >> 13); + s[9] = (unsigned char) ((h2 >> 21) | (h3 << 5)); + s[10] = (unsigned char) (h3 >> 3); + s[11] = (unsigned char) (h3 >> 11); + s[12] = (unsigned char) ((h3 >> 19) | (h4 << 6)); + s[13] = (unsigned char) (h4 >> 2); + s[14] = (unsigned char) (h4 >> 10); + s[15] = (unsigned char) (h4 >> 18); + s[16] = (unsigned char) (h5 >> 0); + s[17] = (unsigned char) (h5 >> 8); + s[18] = (unsigned char) (h5 >> 16); + s[19] = (unsigned char) ((h5 >> 24) | (h6 << 1)); + s[20] = (unsigned char) (h6 >> 7); + s[21] = (unsigned char) (h6 >> 15); + s[22] = (unsigned char) ((h6 >> 23) | (h7 << 3)); + s[23] = (unsigned char) (h7 >> 5); + s[24] = (unsigned char) (h7 >> 13); + s[25] = (unsigned char) ((h7 >> 21) | (h8 << 4)); + s[26] = (unsigned char) (h8 >> 4); + s[27] = (unsigned char) (h8 >> 12); + s[28] = (unsigned char) ((h8 >> 20) | (h9 << 6)); + s[29] = (unsigned char) (h9 >> 2); + s[30] = (unsigned char) (h9 >> 10); + s[31] = (unsigned char) (h9 >> 18); +} diff --git a/contrib/hbcrypto/3rd/ed25519/fe.h b/contrib/hbcrypto/3rd/ed25519/fe.h new file mode 100644 index 0000000000..b4b62d2828 --- /dev/null +++ b/contrib/hbcrypto/3rd/ed25519/fe.h @@ -0,0 +1,41 @@ +#ifndef FE_H +#define FE_H + +#include "fixedint.h" + + +/* + fe means field element. + Here the field is \Z/(2^255-19). + An element t, entries t[0]...t[9], represents the integer + t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9]. + Bounds on each t[i] vary depending on context. +*/ + + +typedef int32_t fe[10]; + + +void fe_0(fe h); +void fe_1(fe h); + +void fe_frombytes(fe h, const unsigned char *s); +void fe_tobytes(unsigned char *s, const fe h); + +void fe_copy(fe h, const fe f); +int fe_isnegative(const fe f); +int fe_isnonzero(const fe f); +void fe_cmov(fe f, const fe g, unsigned int b); +void fe_cswap(fe f, fe g, unsigned int b); + +void fe_neg(fe h, const fe f); +void fe_add(fe h, const fe f, const fe g); +void fe_invert(fe out, const fe z); +void fe_sq(fe h, const fe f); +void fe_sq2(fe h, const fe f); +void fe_mul(fe h, const fe f, const fe g); +void fe_mul121666(fe h, fe f); +void fe_pow22523(fe out, const fe z); +void fe_sub(fe h, const fe f, const fe g); + +#endif diff --git a/contrib/hbcrypto/3rd/ed25519/fixedint.h b/contrib/hbcrypto/3rd/ed25519/fixedint.h new file mode 100644 index 0000000000..9d937e062d --- /dev/null +++ b/contrib/hbcrypto/3rd/ed25519/fixedint.h @@ -0,0 +1,76 @@ +/* + Portable header to provide the 32 and 64 bits type. + + Not a compatible replacement for , do not blindly use it as such. +*/ + +#if ((defined(__STDC__) && __STDC__ && __STDC_VERSION__ >= 199901L) || (defined(_MSC_VER) && _MSC_VER >= 1600) || (defined(__WATCOMC__) && (defined(_STDINT_H_INCLUDED) || __WATCOMC__ >= 1250)) || (defined(__GNUC__) && (defined(_STDINT_H) || defined(_STDINT_H_) || defined(__UINT_FAST64_TYPE__)) )) && !defined(FIXEDINT_H_INCLUDED) + #include + #define FIXEDINT_H_INCLUDED + + #if defined(__WATCOMC__) && __WATCOMC__ >= 1250 && !defined(UINT64_C) + #include + #define UINT64_C(x) (x + (UINT64_MAX - UINT64_MAX)) + #endif +#endif + + +#ifndef FIXEDINT_H_INCLUDED + #define FIXEDINT_H_INCLUDED + + #include + + /* (u)int32_t */ + #ifndef uint32_t + #if (ULONG_MAX == 0xffffffffUL) + typedef unsigned long uint32_t; + #elif (UINT_MAX == 0xffffffffUL) + typedef unsigned int uint32_t; + #elif (USHRT_MAX == 0xffffffffUL) + typedef unsigned short uint32_t; + #endif + #endif + + + #ifndef int32_t + #if (LONG_MAX == 0x7fffffffL) + typedef signed long int32_t; + #elif (INT_MAX == 0x7fffffffL) + typedef signed int int32_t; + #elif (SHRT_MAX == 0x7fffffffL) + typedef signed short int32_t; + #endif + #endif + + + /* (u)int64_t */ + #if (defined(__STDC__) && defined(__STDC_VERSION__) && __STDC__ && __STDC_VERSION__ >= 199901L) + typedef long long int64_t; + typedef unsigned long long uint64_t; + + #define UINT64_C(v) v ##ULL + #define INT64_C(v) v ##LL + #elif defined(__GNUC__) + __extension__ typedef long long int64_t; + __extension__ typedef unsigned long long uint64_t; + + #define UINT64_C(v) v ##ULL + #define INT64_C(v) v ##LL + #elif defined(__MWERKS__) || defined(__SUNPRO_C) || defined(__SUNPRO_CC) || defined(__APPLE_CC__) || defined(_LONG_LONG) || defined(_CRAYC) + typedef long long int64_t; + typedef unsigned long long uint64_t; + + #define UINT64_C(v) v ##ULL + #define INT64_C(v) v ##LL + #elif (defined(__WATCOMC__) && defined(__WATCOM_INT64__)) || (defined(_MSC_VER) && _INTEGRAL_MAX_BITS >= 64) || (defined(__BORLANDC__) && __BORLANDC__ > 0x460) || defined(__alpha) || defined(__DECC) + typedef __int64 int64_t; + typedef unsigned __int64 uint64_t; + + #ifndef UINT64_C + #define UINT64_C(v) v ##UI64 + #endif + #ifndef INT64_C + #define INT64_C(v) v ##I64 + #endif + #endif +#endif diff --git a/contrib/hbcrypto/3rd/ed25519/ge.c b/contrib/hbcrypto/3rd/ed25519/ge.c new file mode 100644 index 0000000000..87c691bff5 --- /dev/null +++ b/contrib/hbcrypto/3rd/ed25519/ge.c @@ -0,0 +1,467 @@ +#include "ge.h" +#include "precomp_data.h" + + +/* +r = p + q +*/ + +void ge_add(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q) { + fe t0; + fe_add(r->X, p->Y, p->X); + fe_sub(r->Y, p->Y, p->X); + fe_mul(r->Z, r->X, q->YplusX); + fe_mul(r->Y, r->Y, q->YminusX); + fe_mul(r->T, q->T2d, p->T); + fe_mul(r->X, p->Z, q->Z); + fe_add(t0, r->X, r->X); + fe_sub(r->X, r->Z, r->Y); + fe_add(r->Y, r->Z, r->Y); + fe_add(r->Z, t0, r->T); + fe_sub(r->T, t0, r->T); +} + + +static void slide(signed char *r, const unsigned char *a) { + int i; + int b; + int k; + + for (i = 0; i < 256; ++i) { + r[i] = 1 & (a[i >> 3] >> (i & 7)); + } + + for (i = 0; i < 256; ++i) + if (r[i]) { + for (b = 1; b <= 6 && i + b < 256; ++b) { + if (r[i + b]) { + if (r[i] + (r[i + b] << b) <= 15) { + r[i] += r[i + b] << b; + r[i + b] = 0; + } else if (r[i] - (r[i + b] << b) >= -15) { + r[i] -= r[i + b] << b; + + for (k = i + b; k < 256; ++k) { + if (!r[k]) { + r[k] = 1; + break; + } + + r[k] = 0; + } + } else { + break; + } + } + } + } +} + +/* +r = a * A + b * B +where a = a[0]+256*a[1]+...+256^31 a[31]. +and b = b[0]+256*b[1]+...+256^31 b[31]. +B is the Ed25519 base point (x,4/5) with x positive. +*/ + +void ge_double_scalarmult_vartime(ge_p2 *r, const unsigned char *a, const ge_p3 *A, const unsigned char *b) { + signed char aslide[256]; + signed char bslide[256]; + ge_cached Ai[8]; /* A,3A,5A,7A,9A,11A,13A,15A */ + ge_p1p1 t; + ge_p3 u; + ge_p3 A2; + int i; + slide(aslide, a); + slide(bslide, b); + ge_p3_to_cached(&Ai[0], A); + ge_p3_dbl(&t, A); + ge_p1p1_to_p3(&A2, &t); + ge_add(&t, &A2, &Ai[0]); + ge_p1p1_to_p3(&u, &t); + ge_p3_to_cached(&Ai[1], &u); + ge_add(&t, &A2, &Ai[1]); + ge_p1p1_to_p3(&u, &t); + ge_p3_to_cached(&Ai[2], &u); + ge_add(&t, &A2, &Ai[2]); + ge_p1p1_to_p3(&u, &t); + ge_p3_to_cached(&Ai[3], &u); + ge_add(&t, &A2, &Ai[3]); + ge_p1p1_to_p3(&u, &t); + ge_p3_to_cached(&Ai[4], &u); + ge_add(&t, &A2, &Ai[4]); + ge_p1p1_to_p3(&u, &t); + ge_p3_to_cached(&Ai[5], &u); + ge_add(&t, &A2, &Ai[5]); + ge_p1p1_to_p3(&u, &t); + ge_p3_to_cached(&Ai[6], &u); + ge_add(&t, &A2, &Ai[6]); + ge_p1p1_to_p3(&u, &t); + ge_p3_to_cached(&Ai[7], &u); + ge_p2_0(r); + + for (i = 255; i >= 0; --i) { + if (aslide[i] || bslide[i]) { + break; + } + } + + for (; i >= 0; --i) { + ge_p2_dbl(&t, r); + + if (aslide[i] > 0) { + ge_p1p1_to_p3(&u, &t); + ge_add(&t, &u, &Ai[aslide[i] / 2]); + } else if (aslide[i] < 0) { + ge_p1p1_to_p3(&u, &t); + ge_sub(&t, &u, &Ai[(-aslide[i]) / 2]); + } + + if (bslide[i] > 0) { + ge_p1p1_to_p3(&u, &t); + ge_madd(&t, &u, &Bi[bslide[i] / 2]); + } else if (bslide[i] < 0) { + ge_p1p1_to_p3(&u, &t); + ge_msub(&t, &u, &Bi[(-bslide[i]) / 2]); + } + + ge_p1p1_to_p2(r, &t); + } +} + + +static const fe d = { + -10913610, 13857413, -15372611, 6949391, 114729, -8787816, -6275908, -3247719, -18696448, -12055116 +}; + +static const fe sqrtm1 = { + -32595792, -7943725, 9377950, 3500415, 12389472, -272473, -25146209, -2005654, 326686, 11406482 +}; + +int ge_frombytes_negate_vartime(ge_p3 *h, const unsigned char *s) { + fe u; + fe v; + fe v3; + fe vxx; + fe check; + fe_frombytes(h->Y, s); + fe_1(h->Z); + fe_sq(u, h->Y); + fe_mul(v, u, d); + fe_sub(u, u, h->Z); /* u = y^2-1 */ + fe_add(v, v, h->Z); /* v = dy^2+1 */ + fe_sq(v3, v); + fe_mul(v3, v3, v); /* v3 = v^3 */ + fe_sq(h->X, v3); + fe_mul(h->X, h->X, v); + fe_mul(h->X, h->X, u); /* x = uv^7 */ + fe_pow22523(h->X, h->X); /* x = (uv^7)^((q-5)/8) */ + fe_mul(h->X, h->X, v3); + fe_mul(h->X, h->X, u); /* x = uv^3(uv^7)^((q-5)/8) */ + fe_sq(vxx, h->X); + fe_mul(vxx, vxx, v); + fe_sub(check, vxx, u); /* vx^2-u */ + + if (fe_isnonzero(check)) { + fe_add(check, vxx, u); /* vx^2+u */ + + if (fe_isnonzero(check)) { + return -1; + } + + fe_mul(h->X, h->X, sqrtm1); + } + + if (fe_isnegative(h->X) == (s[31] >> 7)) { + fe_neg(h->X, h->X); + } + + fe_mul(h->T, h->X, h->Y); + return 0; +} + + +/* +r = p + q +*/ + +void ge_madd(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q) { + fe t0; + fe_add(r->X, p->Y, p->X); + fe_sub(r->Y, p->Y, p->X); + fe_mul(r->Z, r->X, q->yplusx); + fe_mul(r->Y, r->Y, q->yminusx); + fe_mul(r->T, q->xy2d, p->T); + fe_add(t0, p->Z, p->Z); + fe_sub(r->X, r->Z, r->Y); + fe_add(r->Y, r->Z, r->Y); + fe_add(r->Z, t0, r->T); + fe_sub(r->T, t0, r->T); +} + + +/* +r = p - q +*/ + +void ge_msub(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q) { + fe t0; + + fe_add(r->X, p->Y, p->X); + fe_sub(r->Y, p->Y, p->X); + fe_mul(r->Z, r->X, q->yminusx); + fe_mul(r->Y, r->Y, q->yplusx); + fe_mul(r->T, q->xy2d, p->T); + fe_add(t0, p->Z, p->Z); + fe_sub(r->X, r->Z, r->Y); + fe_add(r->Y, r->Z, r->Y); + fe_sub(r->Z, t0, r->T); + fe_add(r->T, t0, r->T); +} + + +/* +r = p +*/ + +void ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p) { + fe_mul(r->X, p->X, p->T); + fe_mul(r->Y, p->Y, p->Z); + fe_mul(r->Z, p->Z, p->T); +} + + + +/* +r = p +*/ + +void ge_p1p1_to_p3(ge_p3 *r, const ge_p1p1 *p) { + fe_mul(r->X, p->X, p->T); + fe_mul(r->Y, p->Y, p->Z); + fe_mul(r->Z, p->Z, p->T); + fe_mul(r->T, p->X, p->Y); +} + + +void ge_p2_0(ge_p2 *h) { + fe_0(h->X); + fe_1(h->Y); + fe_1(h->Z); +} + + + +/* +r = 2 * p +*/ + +void ge_p2_dbl(ge_p1p1 *r, const ge_p2 *p) { + fe t0; + + fe_sq(r->X, p->X); + fe_sq(r->Z, p->Y); + fe_sq2(r->T, p->Z); + fe_add(r->Y, p->X, p->Y); + fe_sq(t0, r->Y); + fe_add(r->Y, r->Z, r->X); + fe_sub(r->Z, r->Z, r->X); + fe_sub(r->X, t0, r->Y); + fe_sub(r->T, r->T, r->Z); +} + + +void ge_p3_0(ge_p3 *h) { + fe_0(h->X); + fe_1(h->Y); + fe_1(h->Z); + fe_0(h->T); +} + + +/* +r = 2 * p +*/ + +void ge_p3_dbl(ge_p1p1 *r, const ge_p3 *p) { + ge_p2 q; + ge_p3_to_p2(&q, p); + ge_p2_dbl(r, &q); +} + + + +/* +r = p +*/ + +static const fe d2 = { + -21827239, -5839606, -30745221, 13898782, 229458, 15978800, -12551817, -6495438, 29715968, 9444199 +}; + +void ge_p3_to_cached(ge_cached *r, const ge_p3 *p) { + fe_add(r->YplusX, p->Y, p->X); + fe_sub(r->YminusX, p->Y, p->X); + fe_copy(r->Z, p->Z); + fe_mul(r->T2d, p->T, d2); +} + + +/* +r = p +*/ + +void ge_p3_to_p2(ge_p2 *r, const ge_p3 *p) { + fe_copy(r->X, p->X); + fe_copy(r->Y, p->Y); + fe_copy(r->Z, p->Z); +} + + +void ge_p3_tobytes(unsigned char *s, const ge_p3 *h) { + fe recip; + fe x; + fe y; + fe_invert(recip, h->Z); + fe_mul(x, h->X, recip); + fe_mul(y, h->Y, recip); + fe_tobytes(s, y); + s[31] ^= fe_isnegative(x) << 7; +} + + +static unsigned char equal(signed char b, signed char c) { + unsigned char ub = b; + unsigned char uc = c; + unsigned char x = ub ^ uc; /* 0: yes; 1..255: no */ + uint64_t y = x; /* 0: yes; 1..255: no */ + y -= 1; /* large: yes; 0..254: no */ + y >>= 63; /* 1: yes; 0: no */ + return (unsigned char) y; +} + +static unsigned char negative(signed char b) { + uint64_t x = b; /* 18446744073709551361..18446744073709551615: yes; 0..255: no */ + x >>= 63; /* 1: yes; 0: no */ + return (unsigned char) x; +} + +static void cmov(ge_precomp *t, const ge_precomp *u, unsigned char b) { + fe_cmov(t->yplusx, u->yplusx, b); + fe_cmov(t->yminusx, u->yminusx, b); + fe_cmov(t->xy2d, u->xy2d, b); +} + + +static void select(ge_precomp *t, int pos, signed char b) { + ge_precomp minust; + unsigned char bnegative = negative(b); + unsigned char babs = b - (((-bnegative) & b) << 1); + fe_1(t->yplusx); + fe_1(t->yminusx); + fe_0(t->xy2d); + cmov(t, &base[pos][0], equal(babs, 1)); + cmov(t, &base[pos][1], equal(babs, 2)); + cmov(t, &base[pos][2], equal(babs, 3)); + cmov(t, &base[pos][3], equal(babs, 4)); + cmov(t, &base[pos][4], equal(babs, 5)); + cmov(t, &base[pos][5], equal(babs, 6)); + cmov(t, &base[pos][6], equal(babs, 7)); + cmov(t, &base[pos][7], equal(babs, 8)); + fe_copy(minust.yplusx, t->yminusx); + fe_copy(minust.yminusx, t->yplusx); + fe_neg(minust.xy2d, t->xy2d); + cmov(t, &minust, bnegative); +} + +/* +h = a * B +where a = a[0]+256*a[1]+...+256^31 a[31] +B is the Ed25519 base point (x,4/5) with x positive. + +Preconditions: + a[31] <= 127 +*/ + +void ge_scalarmult_base(ge_p3 *h, const unsigned char *a) { + signed char e[64]; + signed char carry; + ge_p1p1 r; + ge_p2 s; + ge_precomp t; + int i; + + for (i = 0; i < 32; ++i) { + e[2 * i + 0] = (a[i] >> 0) & 15; + e[2 * i + 1] = (a[i] >> 4) & 15; + } + + /* each e[i] is between 0 and 15 */ + /* e[63] is between 0 and 7 */ + carry = 0; + + for (i = 0; i < 63; ++i) { + e[i] += carry; + carry = e[i] + 8; + carry >>= 4; + e[i] -= carry << 4; + } + + e[63] += carry; + /* each e[i] is between -8 and 8 */ + ge_p3_0(h); + + for (i = 1; i < 64; i += 2) { + select(&t, i / 2, e[i]); + ge_madd(&r, h, &t); + ge_p1p1_to_p3(h, &r); + } + + ge_p3_dbl(&r, h); + ge_p1p1_to_p2(&s, &r); + ge_p2_dbl(&r, &s); + ge_p1p1_to_p2(&s, &r); + ge_p2_dbl(&r, &s); + ge_p1p1_to_p2(&s, &r); + ge_p2_dbl(&r, &s); + ge_p1p1_to_p3(h, &r); + + for (i = 0; i < 64; i += 2) { + select(&t, i / 2, e[i]); + ge_madd(&r, h, &t); + ge_p1p1_to_p3(h, &r); + } +} + + +/* +r = p - q +*/ + +void ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q) { + fe t0; + + fe_add(r->X, p->Y, p->X); + fe_sub(r->Y, p->Y, p->X); + fe_mul(r->Z, r->X, q->YminusX); + fe_mul(r->Y, r->Y, q->YplusX); + fe_mul(r->T, q->T2d, p->T); + fe_mul(r->X, p->Z, q->Z); + fe_add(t0, r->X, r->X); + fe_sub(r->X, r->Z, r->Y); + fe_add(r->Y, r->Z, r->Y); + fe_sub(r->Z, t0, r->T); + fe_add(r->T, t0, r->T); +} + + +void ge_tobytes(unsigned char *s, const ge_p2 *h) { + fe recip; + fe x; + fe y; + fe_invert(recip, h->Z); + fe_mul(x, h->X, recip); + fe_mul(y, h->Y, recip); + fe_tobytes(s, y); + s[31] ^= fe_isnegative(x) << 7; +} diff --git a/contrib/hbcrypto/3rd/ed25519/ge.h b/contrib/hbcrypto/3rd/ed25519/ge.h new file mode 100644 index 0000000000..17fde2df1f --- /dev/null +++ b/contrib/hbcrypto/3rd/ed25519/ge.h @@ -0,0 +1,74 @@ +#ifndef GE_H +#define GE_H + +#include "fe.h" + + +/* +ge means group element. + +Here the group is the set of pairs (x,y) of field elements (see fe.h) +satisfying -x^2 + y^2 = 1 + d x^2y^2 +where d = -121665/121666. + +Representations: + ge_p2 (projective): (X:Y:Z) satisfying x=X/Z, y=Y/Z + ge_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT + ge_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T + ge_precomp (Duif): (y+x,y-x,2dxy) +*/ + +typedef struct { + fe X; + fe Y; + fe Z; +} ge_p2; + +typedef struct { + fe X; + fe Y; + fe Z; + fe T; +} ge_p3; + +typedef struct { + fe X; + fe Y; + fe Z; + fe T; +} ge_p1p1; + +typedef struct { + fe yplusx; + fe yminusx; + fe xy2d; +} ge_precomp; + +typedef struct { + fe YplusX; + fe YminusX; + fe Z; + fe T2d; +} ge_cached; + +void ge_p3_tobytes(unsigned char *s, const ge_p3 *h); +void ge_tobytes(unsigned char *s, const ge_p2 *h); +int ge_frombytes_negate_vartime(ge_p3 *h, const unsigned char *s); + +void ge_add(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q); +void ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q); +void ge_double_scalarmult_vartime(ge_p2 *r, const unsigned char *a, const ge_p3 *A, const unsigned char *b); +void ge_madd(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q); +void ge_msub(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q); +void ge_scalarmult_base(ge_p3 *h, const unsigned char *a); + +void ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p); +void ge_p1p1_to_p3(ge_p3 *r, const ge_p1p1 *p); +void ge_p2_0(ge_p2 *h); +void ge_p2_dbl(ge_p1p1 *r, const ge_p2 *p); +void ge_p3_0(ge_p3 *h); +void ge_p3_dbl(ge_p1p1 *r, const ge_p3 *p); +void ge_p3_to_cached(ge_cached *r, const ge_p3 *p); +void ge_p3_to_p2(ge_p2 *r, const ge_p3 *p); + +#endif diff --git a/contrib/hbcrypto/3rd/ed25519/key_exchange.c b/contrib/hbcrypto/3rd/ed25519/key_exchange.c new file mode 100644 index 0000000000..abd75da2c2 --- /dev/null +++ b/contrib/hbcrypto/3rd/ed25519/key_exchange.c @@ -0,0 +1,79 @@ +#include "ed25519.h" +#include "fe.h" + +void ed25519_key_exchange(unsigned char *shared_secret, const unsigned char *public_key, const unsigned char *private_key) { + unsigned char e[32]; + unsigned int i; + + fe x1; + fe x2; + fe z2; + fe x3; + fe z3; + fe tmp0; + fe tmp1; + + int pos; + unsigned int swap; + unsigned int b; + + /* copy the private key and make sure it's valid */ + for (i = 0; i < 32; ++i) { + e[i] = private_key[i]; + } + + e[0] &= 248; + e[31] &= 63; + e[31] |= 64; + + /* unpack the public key and convert edwards to montgomery */ + /* due to CodesInChaos: montgomeryX = (edwardsY + 1)*inverse(1 - edwardsY) mod p */ + fe_frombytes(x1, public_key); + fe_1(tmp1); + fe_add(tmp0, x1, tmp1); + fe_sub(tmp1, tmp1, x1); + fe_invert(tmp1, tmp1); + fe_mul(x1, tmp0, tmp1); + + fe_1(x2); + fe_0(z2); + fe_copy(x3, x1); + fe_1(z3); + + swap = 0; + for (pos = 254; pos >= 0; --pos) { + b = e[pos / 8] >> (pos & 7); + b &= 1; + swap ^= b; + fe_cswap(x2, x3, swap); + fe_cswap(z2, z3, swap); + swap = b; + + /* from montgomery.h */ + fe_sub(tmp0, x3, z3); + fe_sub(tmp1, x2, z2); + fe_add(x2, x2, z2); + fe_add(z2, x3, z3); + fe_mul(z3, tmp0, x2); + fe_mul(z2, z2, tmp1); + fe_sq(tmp0, tmp1); + fe_sq(tmp1, x2); + fe_add(x3, z3, z2); + fe_sub(z2, z3, z2); + fe_mul(x2, tmp1, tmp0); + fe_sub(tmp1, tmp1, tmp0); + fe_sq(z2, z2); + fe_mul121666(z3, tmp1); + fe_sq(x3, x3); + fe_add(tmp0, tmp0, z3); + fe_mul(z3, x1, z2); + fe_mul(z2, tmp1, tmp0); + } + + fe_cswap(x2, x3, swap); + fe_cswap(z2, z3, swap); + + fe_invert(z2, z2); + fe_mul(x2, x2, z2); + fe_tobytes(shared_secret, x2); +} diff --git a/contrib/hbcrypto/3rd/ed25519/keypair.c b/contrib/hbcrypto/3rd/ed25519/keypair.c new file mode 100644 index 0000000000..dc1b8eccc2 --- /dev/null +++ b/contrib/hbcrypto/3rd/ed25519/keypair.c @@ -0,0 +1,16 @@ +#include "ed25519.h" +#include "sha512.h" +#include "ge.h" + + +void ed25519_create_keypair(unsigned char *public_key, unsigned char *private_key, const unsigned char *seed) { + ge_p3 A; + + sha512(seed, 32, private_key); + private_key[0] &= 248; + private_key[31] &= 63; + private_key[31] |= 64; + + ge_scalarmult_base(&A, private_key); + ge_p3_tobytes(public_key, &A); +} diff --git a/contrib/hbcrypto/3rd/ed25519/license.txt b/contrib/hbcrypto/3rd/ed25519/license.txt new file mode 100644 index 0000000000..c1503f9121 --- /dev/null +++ b/contrib/hbcrypto/3rd/ed25519/license.txt @@ -0,0 +1,16 @@ +Copyright (c) 2015 Orson Peters + +This software is provided 'as-is', without any express or implied warranty. In no event will the +authors be held liable for any damages arising from the use of this software. + +Permission is granted to anyone to use this software for any purpose, including commercial +applications, and to alter it and redistribute it freely, subject to the following restrictions: + +1. The origin of this software must not be misrepresented; you must not claim that you wrote the + original software. If you use this software in a product, an acknowledgment in the product + documentation would be appreciated but is not required. + +2. Altered source versions must be plainly marked as such, and must not be misrepresented as + being the original software. + +3. This notice may not be removed or altered from any source distribution. diff --git a/contrib/hbcrypto/3rd/ed25519/precomp_data.h b/contrib/hbcrypto/3rd/ed25519/precomp_data.h new file mode 100644 index 0000000000..ff23986c39 --- /dev/null +++ b/contrib/hbcrypto/3rd/ed25519/precomp_data.h @@ -0,0 +1,1391 @@ +static const ge_precomp Bi[8] = { + { + { 25967493, -14356035, 29566456, 3660896, -12694345, 4014787, 27544626, -11754271, -6079156, 2047605 }, + { -12545711, 934262, -2722910, 3049990, -727428, 9406986, 12720692, 5043384, 19500929, -15469378 }, + { -8738181, 4489570, 9688441, -14785194, 10184609, -12363380, 29287919, 11864899, -24514362, -4438546 }, + }, + { + { 15636291, -9688557, 24204773, -7912398, 616977, -16685262, 27787600, -14772189, 28944400, -1550024 }, + { 16568933, 4717097, -11556148, -1102322, 15682896, -11807043, 16354577, -11775962, 7689662, 11199574 }, + { 30464156, -5976125, -11779434, -15670865, 23220365, 15915852, 7512774, 10017326, -17749093, -9920357 }, + }, + { + { 10861363, 11473154, 27284546, 1981175, -30064349, 12577861, 32867885, 14515107, -15438304, 10819380 }, + { 4708026, 6336745, 20377586, 9066809, -11272109, 6594696, -25653668, 12483688, -12668491, 5581306 }, + { 19563160, 16186464, -29386857, 4097519, 10237984, -4348115, 28542350, 13850243, -23678021, -15815942 }, + }, + { + { 5153746, 9909285, 1723747, -2777874, 30523605, 5516873, 19480852, 5230134, -23952439, -15175766 }, + { -30269007, -3463509, 7665486, 10083793, 28475525, 1649722, 20654025, 16520125, 30598449, 7715701 }, + { 28881845, 14381568, 9657904, 3680757, -20181635, 7843316, -31400660, 1370708, 29794553, -1409300 }, + }, + { + { -22518993, -6692182, 14201702, -8745502, -23510406, 8844726, 18474211, -1361450, -13062696, 13821877 }, + { -6455177, -7839871, 3374702, -4740862, -27098617, -10571707, 31655028, -7212327, 18853322, -14220951 }, + { 4566830, -12963868, -28974889, -12240689, -7602672, -2830569, -8514358, -10431137, 2207753, -3209784 }, + }, + { + { -25154831, -4185821, 29681144, 7868801, -6854661, -9423865, -12437364, -663000, -31111463, -16132436 }, + { 25576264, -2703214, 7349804, -11814844, 16472782, 9300885, 3844789, 15725684, 171356, 6466918 }, + { 23103977, 13316479, 9739013, -16149481, 817875, -15038942, 8965339, -14088058, -30714912, 16193877 }, + }, + { + { -33521811, 3180713, -2394130, 14003687, -16903474, -16270840, 17238398, 4729455, -18074513, 9256800 }, + { -25182317, -4174131, 32336398, 5036987, -21236817, 11360617, 22616405, 9761698, -19827198, 630305 }, + { -13720693, 2639453, -24237460, -7406481, 9494427, -5774029, -6554551, -15960994, -2449256, -14291300 }, + }, + { + { -3151181, -5046075, 9282714, 6866145, -31907062, -863023, -18940575, 15033784, 25105118, -7894876 }, + { -24326370, 15950226, -31801215, -14592823, -11662737, -5090925, 1573892, -2625887, 2198790, -15804619 }, + { -3099351, 10324967, -2241613, 7453183, -5446979, -2735503, -13812022, -16236442, -32461234, -12290683 }, + }, +}; + + +/* base[i][j] = (j+1)*256^i*B */ +static const ge_precomp base[32][8] = { + { + { + { 25967493, -14356035, 29566456, 3660896, -12694345, 4014787, 27544626, -11754271, -6079156, 2047605 }, + { -12545711, 934262, -2722910, 3049990, -727428, 9406986, 12720692, 5043384, 19500929, -15469378 }, + { -8738181, 4489570, 9688441, -14785194, 10184609, -12363380, 29287919, 11864899, -24514362, -4438546 }, + }, + { + { -12815894, -12976347, -21581243, 11784320, -25355658, -2750717, -11717903, -3814571, -358445, -10211303 }, + { -21703237, 6903825, 27185491, 6451973, -29577724, -9554005, -15616551, 11189268, -26829678, -5319081 }, + { 26966642, 11152617, 32442495, 15396054, 14353839, -12752335, -3128826, -9541118, -15472047, -4166697 }, + }, + { + { 15636291, -9688557, 24204773, -7912398, 616977, -16685262, 27787600, -14772189, 28944400, -1550024 }, + { 16568933, 4717097, -11556148, -1102322, 15682896, -11807043, 16354577, -11775962, 7689662, 11199574 }, + { 30464156, -5976125, -11779434, -15670865, 23220365, 15915852, 7512774, 10017326, -17749093, -9920357 }, + }, + { + { -17036878, 13921892, 10945806, -6033431, 27105052, -16084379, -28926210, 15006023, 3284568, -6276540 }, + { 23599295, -8306047, -11193664, -7687416, 13236774, 10506355, 7464579, 9656445, 13059162, 10374397 }, + { 7798556, 16710257, 3033922, 2874086, 28997861, 2835604, 32406664, -3839045, -641708, -101325 }, + }, + { + { 10861363, 11473154, 27284546, 1981175, -30064349, 12577861, 32867885, 14515107, -15438304, 10819380 }, + { 4708026, 6336745, 20377586, 9066809, -11272109, 6594696, -25653668, 12483688, -12668491, 5581306 }, + { 19563160, 16186464, -29386857, 4097519, 10237984, -4348115, 28542350, 13850243, -23678021, -15815942 }, + }, + { + { -15371964, -12862754, 32573250, 4720197, -26436522, 5875511, -19188627, -15224819, -9818940, -12085777 }, + { -8549212, 109983, 15149363, 2178705, 22900618, 4543417, 3044240, -15689887, 1762328, 14866737 }, + { -18199695, -15951423, -10473290, 1707278, -17185920, 3916101, -28236412, 3959421, 27914454, 4383652 }, + }, + { + { 5153746, 9909285, 1723747, -2777874, 30523605, 5516873, 19480852, 5230134, -23952439, -15175766 }, + { -30269007, -3463509, 7665486, 10083793, 28475525, 1649722, 20654025, 16520125, 30598449, 7715701 }, + { 28881845, 14381568, 9657904, 3680757, -20181635, 7843316, -31400660, 1370708, 29794553, -1409300 }, + }, + { + { 14499471, -2729599, -33191113, -4254652, 28494862, 14271267, 30290735, 10876454, -33154098, 2381726 }, + { -7195431, -2655363, -14730155, 462251, -27724326, 3941372, -6236617, 3696005, -32300832, 15351955 }, + { 27431194, 8222322, 16448760, -3907995, -18707002, 11938355, -32961401, -2970515, 29551813, 10109425 }, + }, + }, + { + { + { -13657040, -13155431, -31283750, 11777098, 21447386, 6519384, -2378284, -1627556, 10092783, -4764171 }, + { 27939166, 14210322, 4677035, 16277044, -22964462, -12398139, -32508754, 12005538, -17810127, 12803510 }, + { 17228999, -15661624, -1233527, 300140, -1224870, -11714777, 30364213, -9038194, 18016357, 4397660 }, + }, + { + { -10958843, -7690207, 4776341, -14954238, 27850028, -15602212, -26619106, 14544525, -17477504, 982639 }, + { 29253598, 15796703, -2863982, -9908884, 10057023, 3163536, 7332899, -4120128, -21047696, 9934963 }, + { 5793303, 16271923, -24131614, -10116404, 29188560, 1206517, -14747930, 4559895, -30123922, -10897950 }, + }, + { + { -27643952, -11493006, 16282657, -11036493, 28414021, -15012264, 24191034, 4541697, -13338309, 5500568 }, + { 12650548, -1497113, 9052871, 11355358, -17680037, -8400164, -17430592, 12264343, 10874051, 13524335 }, + { 25556948, -3045990, 714651, 2510400, 23394682, -10415330, 33119038, 5080568, -22528059, 5376628 }, + }, + { + { -26088264, -4011052, -17013699, -3537628, -6726793, 1920897, -22321305, -9447443, 4535768, 1569007 }, + { -2255422, 14606630, -21692440, -8039818, 28430649, 8775819, -30494562, 3044290, 31848280, 12543772 }, + { -22028579, 2943893, -31857513, 6777306, 13784462, -4292203, -27377195, -2062731, 7718482, 14474653 }, + }, + { + { 2385315, 2454213, -22631320, 46603, -4437935, -15680415, 656965, -7236665, 24316168, -5253567 }, + { 13741529, 10911568, -33233417, -8603737, -20177830, -1033297, 33040651, -13424532, -20729456, 8321686 }, + { 21060490, -2212744, 15712757, -4336099, 1639040, 10656336, 23845965, -11874838, -9984458, 608372 }, + }, + { + { -13672732, -15087586, -10889693, -7557059, -6036909, 11305547, 1123968, -6780577, 27229399, 23887 }, + { -23244140, -294205, -11744728, 14712571, -29465699, -2029617, 12797024, -6440308, -1633405, 16678954 }, + { -29500620, 4770662, -16054387, 14001338, 7830047, 9564805, -1508144, -4795045, -17169265, 4904953 }, + }, + { + { 24059557, 14617003, 19037157, -15039908, 19766093, -14906429, 5169211, 16191880, 2128236, -4326833 }, + { -16981152, 4124966, -8540610, -10653797, 30336522, -14105247, -29806336, 916033, -6882542, -2986532 }, + { -22630907, 12419372, -7134229, -7473371, -16478904, 16739175, 285431, 2763829, 15736322, 4143876 }, + }, + { + { 2379352, 11839345, -4110402, -5988665, 11274298, 794957, 212801, -14594663, 23527084, -16458268 }, + { 33431127, -11130478, -17838966, -15626900, 8909499, 8376530, -32625340, 4087881, -15188911, -14416214 }, + { 1767683, 7197987, -13205226, -2022635, -13091350, 448826, 5799055, 4357868, -4774191, -16323038 }, + }, + }, + { + { + { 6721966, 13833823, -23523388, -1551314, 26354293, -11863321, 23365147, -3949732, 7390890, 2759800 }, + { 4409041, 2052381, 23373853, 10530217, 7676779, -12885954, 21302353, -4264057, 1244380, -12919645 }, + { -4421239, 7169619, 4982368, -2957590, 30256825, -2777540, 14086413, 9208236, 15886429, 16489664 }, + }, + { + { 1996075, 10375649, 14346367, 13311202, -6874135, -16438411, -13693198, 398369, -30606455, -712933 }, + { -25307465, 9795880, -2777414, 14878809, -33531835, 14780363, 13348553, 12076947, -30836462, 5113182 }, + { -17770784, 11797796, 31950843, 13929123, -25888302, 12288344, -30341101, -7336386, 13847711, 5387222 }, + }, + { + { -18582163, -3416217, 17824843, -2340966, 22744343, -10442611, 8763061, 3617786, -19600662, 10370991 }, + { 20246567, -14369378, 22358229, -543712, 18507283, -10413996, 14554437, -8746092, 32232924, 16763880 }, + { 9648505, 10094563, 26416693, 14745928, -30374318, -6472621, 11094161, 15689506, 3140038, -16510092 }, + }, + { + { -16160072, 5472695, 31895588, 4744994, 8823515, 10365685, -27224800, 9448613, -28774454, 366295 }, + { 19153450, 11523972, -11096490, -6503142, -24647631, 5420647, 28344573, 8041113, 719605, 11671788 }, + { 8678025, 2694440, -6808014, 2517372, 4964326, 11152271, -15432916, -15266516, 27000813, -10195553 }, + }, + { + { -15157904, 7134312, 8639287, -2814877, -7235688, 10421742, 564065, 5336097, 6750977, -14521026 }, + { 11836410, -3979488, 26297894, 16080799, 23455045, 15735944, 1695823, -8819122, 8169720, 16220347 }, + { -18115838, 8653647, 17578566, -6092619, -8025777, -16012763, -11144307, -2627664, -5990708, -14166033 }, + }, + { + { -23308498, -10968312, 15213228, -10081214, -30853605, -11050004, 27884329, 2847284, 2655861, 1738395 }, + { -27537433, -14253021, -25336301, -8002780, -9370762, 8129821, 21651608, -3239336, -19087449, -11005278 }, + { 1533110, 3437855, 23735889, 459276, 29970501, 11335377, 26030092, 5821408, 10478196, 8544890 }, + }, + { + { 32173121, -16129311, 24896207, 3921497, 22579056, -3410854, 19270449, 12217473, 17789017, -3395995 }, + { -30552961, -2228401, -15578829, -10147201, 13243889, 517024, 15479401, -3853233, 30460520, 1052596 }, + { -11614875, 13323618, 32618793, 8175907, -15230173, 12596687, 27491595, -4612359, 3179268, -9478891 }, + }, + { + { 31947069, -14366651, -4640583, -15339921, -15125977, -6039709, -14756777, -16411740, 19072640, -9511060 }, + { 11685058, 11822410, 3158003, -13952594, 33402194, -4165066, 5977896, -5215017, 473099, 5040608 }, + { -20290863, 8198642, -27410132, 11602123, 1290375, -2799760, 28326862, 1721092, -19558642, -3131606 }, + }, + }, + { + { + { 7881532, 10687937, 7578723, 7738378, -18951012, -2553952, 21820786, 8076149, -27868496, 11538389 }, + { -19935666, 3899861, 18283497, -6801568, -15728660, -11249211, 8754525, 7446702, -5676054, 5797016 }, + { -11295600, -3793569, -15782110, -7964573, 12708869, -8456199, 2014099, -9050574, -2369172, -5877341 }, + }, + { + { -22472376, -11568741, -27682020, 1146375, 18956691, 16640559, 1192730, -3714199, 15123619, 10811505 }, + { 14352098, -3419715, -18942044, 10822655, 32750596, 4699007, -70363, 15776356, -28886779, -11974553 }, + { -28241164, -8072475, -4978962, -5315317, 29416931, 1847569, -20654173, -16484855, 4714547, -9600655 }, + }, + { + { 15200332, 8368572, 19679101, 15970074, -31872674, 1959451, 24611599, -4543832, -11745876, 12340220 }, + { 12876937, -10480056, 33134381, 6590940, -6307776, 14872440, 9613953, 8241152, 15370987, 9608631 }, + { -4143277, -12014408, 8446281, -391603, 4407738, 13629032, -7724868, 15866074, -28210621, -8814099 }, + }, + { + { 26660628, -15677655, 8393734, 358047, -7401291, 992988, -23904233, 858697, 20571223, 8420556 }, + { 14620715, 13067227, -15447274, 8264467, 14106269, 15080814, 33531827, 12516406, -21574435, -12476749 }, + { 236881, 10476226, 57258, -14677024, 6472998, 2466984, 17258519, 7256740, 8791136, 15069930 }, + }, + { + { 1276410, -9371918, 22949635, -16322807, -23493039, -5702186, 14711875, 4874229, -30663140, -2331391 }, + { 5855666, 4990204, -13711848, 7294284, -7804282, 1924647, -1423175, -7912378, -33069337, 9234253 }, + { 20590503, -9018988, 31529744, -7352666, -2706834, 10650548, 31559055, -11609587, 18979186, 13396066 }, + }, + { + { 24474287, 4968103, 22267082, 4407354, 24063882, -8325180, -18816887, 13594782, 33514650, 7021958 }, + { -11566906, -6565505, -21365085, 15928892, -26158305, 4315421, -25948728, -3916677, -21480480, 12868082 }, + { -28635013, 13504661, 19988037, -2132761, 21078225, 6443208, -21446107, 2244500, -12455797, -8089383 }, + }, + { + { -30595528, 13793479, -5852820, 319136, -25723172, -6263899, 33086546, 8957937, -15233648, 5540521 }, + { -11630176, -11503902, -8119500, -7643073, 2620056, 1022908, -23710744, -1568984, -16128528, -14962807 }, + { 23152971, 775386, 27395463, 14006635, -9701118, 4649512, 1689819, 892185, -11513277, -15205948 }, + }, + { + { 9770129, 9586738, 26496094, 4324120, 1556511, -3550024, 27453819, 4763127, -19179614, 5867134 }, + { -32765025, 1927590, 31726409, -4753295, 23962434, -16019500, 27846559, 5931263, -29749703, -16108455 }, + { 27461885, -2977536, 22380810, 1815854, -23033753, -3031938, 7283490, -15148073, -19526700, 7734629 }, + }, + }, + { + { + { -8010264, -9590817, -11120403, 6196038, 29344158, -13430885, 7585295, -3176626, 18549497, 15302069 }, + { -32658337, -6171222, -7672793, -11051681, 6258878, 13504381, 10458790, -6418461, -8872242, 8424746 }, + { 24687205, 8613276, -30667046, -3233545, 1863892, -1830544, 19206234, 7134917, -11284482, -828919 }, + }, + { + { 11334899, -9218022, 8025293, 12707519, 17523892, -10476071, 10243738, -14685461, -5066034, 16498837 }, + { 8911542, 6887158, -9584260, -6958590, 11145641, -9543680, 17303925, -14124238, 6536641, 10543906 }, + { -28946384, 15479763, -17466835, 568876, -1497683, 11223454, -2669190, -16625574, -27235709, 8876771 }, + }, + { + { -25742899, -12566864, -15649966, -846607, -33026686, -796288, -33481822, 15824474, -604426, -9039817 }, + { 10330056, 70051, 7957388, -9002667, 9764902, 15609756, 27698697, -4890037, 1657394, 3084098 }, + { 10477963, -7470260, 12119566, -13250805, 29016247, -5365589, 31280319, 14396151, -30233575, 15272409 }, + }, + { + { -12288309, 3169463, 28813183, 16658753, 25116432, -5630466, -25173957, -12636138, -25014757, 1950504 }, + { -26180358, 9489187, 11053416, -14746161, -31053720, 5825630, -8384306, -8767532, 15341279, 8373727 }, + { 28685821, 7759505, -14378516, -12002860, -31971820, 4079242, 298136, -10232602, -2878207, 15190420 }, + }, + { + { -32932876, 13806336, -14337485, -15794431, -24004620, 10940928, 8669718, 2742393, -26033313, -6875003 }, + { -1580388, -11729417, -25979658, -11445023, -17411874, -10912854, 9291594, -16247779, -12154742, 6048605 }, + { -30305315, 14843444, 1539301, 11864366, 20201677, 1900163, 13934231, 5128323, 11213262, 9168384 }, + }, + { + { -26280513, 11007847, 19408960, -940758, -18592965, -4328580, -5088060, -11105150, 20470157, -16398701 }, + { -23136053, 9282192, 14855179, -15390078, -7362815, -14408560, -22783952, 14461608, 14042978, 5230683 }, + { 29969567, -2741594, -16711867, -8552442, 9175486, -2468974, 21556951, 3506042, -5933891, -12449708 }, + }, + { + { -3144746, 8744661, 19704003, 4581278, -20430686, 6830683, -21284170, 8971513, -28539189, 15326563 }, + { -19464629, 10110288, -17262528, -3503892, -23500387, 1355669, -15523050, 15300988, -20514118, 9168260 }, + { -5353335, 4488613, -23803248, 16314347, 7780487, -15638939, -28948358, 9601605, 33087103, -9011387 }, + }, + { + { -19443170, -15512900, -20797467, -12445323, -29824447, 10229461, -27444329, -15000531, -5996870, 15664672 }, + { 23294591, -16632613, -22650781, -8470978, 27844204, 11461195, 13099750, -2460356, 18151676, 13417686 }, + { -24722913, -4176517, -31150679, 5988919, -26858785, 6685065, 1661597, -12551441, 15271676, -15452665 }, + }, + }, + { + { + { 11433042, -13228665, 8239631, -5279517, -1985436, -725718, -18698764, 2167544, -6921301, -13440182 }, + { -31436171, 15575146, 30436815, 12192228, -22463353, 9395379, -9917708, -8638997, 12215110, 12028277 }, + { 14098400, 6555944, 23007258, 5757252, -15427832, -12950502, 30123440, 4617780, -16900089, -655628 }, + }, + { + { -4026201, -15240835, 11893168, 13718664, -14809462, 1847385, -15819999, 10154009, 23973261, -12684474 }, + { -26531820, -3695990, -1908898, 2534301, -31870557, -16550355, 18341390, -11419951, 32013174, -10103539 }, + { -25479301, 10876443, -11771086, -14625140, -12369567, 1838104, 21911214, 6354752, 4425632, -837822 }, + }, + { + { -10433389, -14612966, 22229858, -3091047, -13191166, 776729, -17415375, -12020462, 4725005, 14044970 }, + { 19268650, -7304421, 1555349, 8692754, -21474059, -9910664, 6347390, -1411784, -19522291, -16109756 }, + { -24864089, 12986008, -10898878, -5558584, -11312371, -148526, 19541418, 8180106, 9282262, 10282508 }, + }, + { + { -26205082, 4428547, -8661196, -13194263, 4098402, -14165257, 15522535, 8372215, 5542595, -10702683 }, + { -10562541, 14895633, 26814552, -16673850, -17480754, -2489360, -2781891, 6993761, -18093885, 10114655 }, + { -20107055, -929418, 31422704, 10427861, -7110749, 6150669, -29091755, -11529146, 25953725, -106158 }, + }, + { + { -4234397, -8039292, -9119125, 3046000, 2101609, -12607294, 19390020, 6094296, -3315279, 12831125 }, + { -15998678, 7578152, 5310217, 14408357, -33548620, -224739, 31575954, 6326196, 7381791, -2421839 }, + { -20902779, 3296811, 24736065, -16328389, 18374254, 7318640, 6295303, 8082724, -15362489, 12339664 }, + }, + { + { 27724736, 2291157, 6088201, -14184798, 1792727, 5857634, 13848414, 15768922, 25091167, 14856294 }, + { -18866652, 8331043, 24373479, 8541013, -701998, -9269457, 12927300, -12695493, -22182473, -9012899 }, + { -11423429, -5421590, 11632845, 3405020, 30536730, -11674039, -27260765, 13866390, 30146206, 9142070 }, + }, + { + { 3924129, -15307516, -13817122, -10054960, 12291820, -668366, -27702774, 9326384, -8237858, 4171294 }, + { -15921940, 16037937, 6713787, 16606682, -21612135, 2790944, 26396185, 3731949, 345228, -5462949 }, + { -21327538, 13448259, 25284571, 1143661, 20614966, -8849387, 2031539, -12391231, -16253183, -13582083 }, + }, + { + { 31016211, -16722429, 26371392, -14451233, -5027349, 14854137, 17477601, 3842657, 28012650, -16405420 }, + { -5075835, 9368966, -8562079, -4600902, -15249953, 6970560, -9189873, 16292057, -8867157, 3507940 }, + { 29439664, 3537914, 23333589, 6997794, -17555561, -11018068, -15209202, -15051267, -9164929, 6580396 }, + }, + }, + { + { + { -12185861, -7679788, 16438269, 10826160, -8696817, -6235611, 17860444, -9273846, -2095802, 9304567 }, + { 20714564, -4336911, 29088195, 7406487, 11426967, -5095705, 14792667, -14608617, 5289421, -477127 }, + { -16665533, -10650790, -6160345, -13305760, 9192020, -1802462, 17271490, 12349094, 26939669, -3752294 }, + }, + { + { -12889898, 9373458, 31595848, 16374215, 21471720, 13221525, -27283495, -12348559, -3698806, 117887 }, + { 22263325, -6560050, 3984570, -11174646, -15114008, -566785, 28311253, 5358056, -23319780, 541964 }, + { 16259219, 3261970, 2309254, -15534474, -16885711, -4581916, 24134070, -16705829, -13337066, -13552195 }, + }, + { + { 9378160, -13140186, -22845982, -12745264, 28198281, -7244098, -2399684, -717351, 690426, 14876244 }, + { 24977353, -314384, -8223969, -13465086, 28432343, -1176353, -13068804, -12297348, -22380984, 6618999 }, + { -1538174, 11685646, 12944378, 13682314, -24389511, -14413193, 8044829, -13817328, 32239829, -5652762 }, + }, + { + { -18603066, 4762990, -926250, 8885304, -28412480, -3187315, 9781647, -10350059, 32779359, 5095274 }, + { -33008130, -5214506, -32264887, -3685216, 9460461, -9327423, -24601656, 14506724, 21639561, -2630236 }, + { -16400943, -13112215, 25239338, 15531969, 3987758, -4499318, -1289502, -6863535, 17874574, 558605 }, + }, + { + { -13600129, 10240081, 9171883, 16131053, -20869254, 9599700, 33499487, 5080151, 2085892, 5119761 }, + { -22205145, -2519528, -16381601, 414691, -25019550, 2170430, 30634760, -8363614, -31999993, -5759884 }, + { -6845704, 15791202, 8550074, -1312654, 29928809, -12092256, 27534430, -7192145, -22351378, 12961482 }, + }, + { + { -24492060, -9570771, 10368194, 11582341, -23397293, -2245287, 16533930, 8206996, -30194652, -5159638 }, + { -11121496, -3382234, 2307366, 6362031, -135455, 8868177, -16835630, 7031275, 7589640, 8945490 }, + { -32152748, 8917967, 6661220, -11677616, -1192060, -15793393, 7251489, -11182180, 24099109, -14456170 }, + }, + { + { 5019558, -7907470, 4244127, -14714356, -26933272, 6453165, -19118182, -13289025, -6231896, -10280736 }, + { 10853594, 10721687, 26480089, 5861829, -22995819, 1972175, -1866647, -10557898, -3363451, -6441124 }, + { -17002408, 5906790, 221599, -6563147, 7828208, -13248918, 24362661, -2008168, -13866408, 7421392 }, + }, + { + { 8139927, -6546497, 32257646, -5890546, 30375719, 1886181, -21175108, 15441252, 28826358, -4123029 }, + { 6267086, 9695052, 7709135, -16603597, -32869068, -1886135, 14795160, -7840124, 13746021, -1742048 }, + { 28584902, 7787108, -6732942, -15050729, 22846041, -7571236, -3181936, -363524, 4771362, -8419958 }, + }, + }, + { + { + { 24949256, 6376279, -27466481, -8174608, -18646154, -9930606, 33543569, -12141695, 3569627, 11342593 }, + { 26514989, 4740088, 27912651, 3697550, 19331575, -11472339, 6809886, 4608608, 7325975, -14801071 }, + { -11618399, -14554430, -24321212, 7655128, -1369274, 5214312, -27400540, 10258390, -17646694, -8186692 }, + }, + { + { 11431204, 15823007, 26570245, 14329124, 18029990, 4796082, -31446179, 15580664, 9280358, -3973687 }, + { -160783, -10326257, -22855316, -4304997, -20861367, -13621002, -32810901, -11181622, -15545091, 4387441 }, + { -20799378, 12194512, 3937617, -5805892, -27154820, 9340370, -24513992, 8548137, 20617071, -7482001 }, + }, + { + { -938825, -3930586, -8714311, 16124718, 24603125, -6225393, -13775352, -11875822, 24345683, 10325460 }, + { -19855277, -1568885, -22202708, 8714034, 14007766, 6928528, 16318175, -1010689, 4766743, 3552007 }, + { -21751364, -16730916, 1351763, -803421, -4009670, 3950935, 3217514, 14481909, 10988822, -3994762 }, + }, + { + { 15564307, -14311570, 3101243, 5684148, 30446780, -8051356, 12677127, -6505343, -8295852, 13296005 }, + { -9442290, 6624296, -30298964, -11913677, -4670981, -2057379, 31521204, 9614054, -30000824, 12074674 }, + { 4771191, -135239, 14290749, -13089852, 27992298, 14998318, -1413936, -1556716, 29832613, -16391035 }, + }, + { + { 7064884, -7541174, -19161962, -5067537, -18891269, -2912736, 25825242, 5293297, -27122660, 13101590 }, + { -2298563, 2439670, -7466610, 1719965, -27267541, -16328445, 32512469, -5317593, -30356070, -4190957 }, + { -30006540, 10162316, -33180176, 3981723, -16482138, -13070044, 14413974, 9515896, 19568978, 9628812 }, + }, + { + { 33053803, 199357, 15894591, 1583059, 27380243, -4580435, -17838894, -6106839, -6291786, 3437740 }, + { -18978877, 3884493, 19469877, 12726490, 15913552, 13614290, -22961733, 70104, 7463304, 4176122 }, + { -27124001, 10659917, 11482427, -16070381, 12771467, -6635117, -32719404, -5322751, 24216882, 5944158 }, + }, + { + { 8894125, 7450974, -2664149, -9765752, -28080517, -12389115, 19345746, 14680796, 11632993, 5847885 }, + { 26942781, -2315317, 9129564, -4906607, 26024105, 11769399, -11518837, 6367194, -9727230, 4782140 }, + { 19916461, -4828410, -22910704, -11414391, 25606324, -5972441, 33253853, 8220911, 6358847, -1873857 }, + }, + { + { 801428, -2081702, 16569428, 11065167, 29875704, 96627, 7908388, -4480480, -13538503, 1387155 }, + { 19646058, 5720633, -11416706, 12814209, 11607948, 12749789, 14147075, 15156355, -21866831, 11835260 }, + { 19299512, 1155910, 28703737, 14890794, 2925026, 7269399, 26121523, 15467869, -26560550, 5052483 }, + }, + }, + { + { + { -3017432, 10058206, 1980837, 3964243, 22160966, 12322533, -6431123, -12618185, 12228557, -7003677 }, + { 32944382, 14922211, -22844894, 5188528, 21913450, -8719943, 4001465, 13238564, -6114803, 8653815 }, + { 22865569, -4652735, 27603668, -12545395, 14348958, 8234005, 24808405, 5719875, 28483275, 2841751 }, + }, + { + { -16420968, -1113305, -327719, -12107856, 21886282, -15552774, -1887966, -315658, 19932058, -12739203 }, + { -11656086, 10087521, -8864888, -5536143, -19278573, -3055912, 3999228, 13239134, -4777469, -13910208 }, + { 1382174, -11694719, 17266790, 9194690, -13324356, 9720081, 20403944, 11284705, -14013818, 3093230 }, + }, + { + { 16650921, -11037932, -1064178, 1570629, -8329746, 7352753, -302424, 16271225, -24049421, -6691850 }, + { -21911077, -5927941, -4611316, -5560156, -31744103, -10785293, 24123614, 15193618, -21652117, -16739389 }, + { -9935934, -4289447, -25279823, 4372842, 2087473, 10399484, 31870908, 14690798, 17361620, 11864968 }, + }, + { + { -11307610, 6210372, 13206574, 5806320, -29017692, -13967200, -12331205, -7486601, -25578460, -16240689 }, + { 14668462, -12270235, 26039039, 15305210, 25515617, 4542480, 10453892, 6577524, 9145645, -6443880 }, + { 5974874, 3053895, -9433049, -10385191, -31865124, 3225009, -7972642, 3936128, -5652273, -3050304 }, + }, + { + { 30625386, -4729400, -25555961, -12792866, -20484575, 7695099, 17097188, -16303496, -27999779, 1803632 }, + { -3553091, 9865099, -5228566, 4272701, -5673832, -16689700, 14911344, 12196514, -21405489, 7047412 }, + { 20093277, 9920966, -11138194, -5343857, 13161587, 12044805, -32856851, 4124601, -32343828, -10257566 }, + }, + { + { -20788824, 14084654, -13531713, 7842147, 19119038, -13822605, 4752377, -8714640, -21679658, 2288038 }, + { -26819236, -3283715, 29965059, 3039786, -14473765, 2540457, 29457502, 14625692, -24819617, 12570232 }, + { -1063558, -11551823, 16920318, 12494842, 1278292, -5869109, -21159943, -3498680, -11974704, 4724943 }, + }, + { + { 17960970, -11775534, -4140968, -9702530, -8876562, -1410617, -12907383, -8659932, -29576300, 1903856 }, + { 23134274, -14279132, -10681997, -1611936, 20684485, 15770816, -12989750, 3190296, 26955097, 14109738 }, + { 15308788, 5320727, -30113809, -14318877, 22902008, 7767164, 29425325, -11277562, 31960942, 11934971 }, + }, + { + { -27395711, 8435796, 4109644, 12222639, -24627868, 14818669, 20638173, 4875028, 10491392, 1379718 }, + { -13159415, 9197841, 3875503, -8936108, -1383712, -5879801, 33518459, 16176658, 21432314, 12180697 }, + { -11787308, 11500838, 13787581, -13832590, -22430679, 10140205, 1465425, 12689540, -10301319, -13872883 }, + }, + }, + { + { + { 5414091, -15386041, -21007664, 9643570, 12834970, 1186149, -2622916, -1342231, 26128231, 6032912 }, + { -26337395, -13766162, 32496025, -13653919, 17847801, -12669156, 3604025, 8316894, -25875034, -10437358 }, + { 3296484, 6223048, 24680646, -12246460, -23052020, 5903205, -8862297, -4639164, 12376617, 3188849 }, + }, + { + { 29190488, -14659046, 27549113, -1183516, 3520066, -10697301, 32049515, -7309113, -16109234, -9852307 }, + { -14744486, -9309156, 735818, -598978, -20407687, -5057904, 25246078, -15795669, 18640741, -960977 }, + { -6928835, -16430795, 10361374, 5642961, 4910474, 12345252, -31638386, -494430, 10530747, 1053335 }, + }, + { + { -29265967, -14186805, -13538216, -12117373, -19457059, -10655384, -31462369, -2948985, 24018831, 15026644 }, + { -22592535, -3145277, -2289276, 5953843, -13440189, 9425631, 25310643, 13003497, -2314791, -15145616 }, + { -27419985, -603321, -8043984, -1669117, -26092265, 13987819, -27297622, 187899, -23166419, -2531735 }, + }, + { + { -21744398, -13810475, 1844840, 5021428, -10434399, -15911473, 9716667, 16266922, -5070217, 726099 }, + { 29370922, -6053998, 7334071, -15342259, 9385287, 2247707, -13661962, -4839461, 30007388, -15823341 }, + { -936379, 16086691, 23751945, -543318, -1167538, -5189036, 9137109, 730663, 9835848, 4555336 }, + }, + { + { -23376435, 1410446, -22253753, -12899614, 30867635, 15826977, 17693930, 544696, -11985298, 12422646 }, + { 31117226, -12215734, -13502838, 6561947, -9876867, -12757670, -5118685, -4096706, 29120153, 13924425 }, + { -17400879, -14233209, 19675799, -2734756, -11006962, -5858820, -9383939, -11317700, 7240931, -237388 }, + }, + { + { -31361739, -11346780, -15007447, -5856218, -22453340, -12152771, 1222336, 4389483, 3293637, -15551743 }, + { -16684801, -14444245, 11038544, 11054958, -13801175, -3338533, -24319580, 7733547, 12796905, -6335822 }, + { -8759414, -10817836, -25418864, 10783769, -30615557, -9746811, -28253339, 3647836, 3222231, -11160462 }, + }, + { + { 18606113, 1693100, -25448386, -15170272, 4112353, 10045021, 23603893, -2048234, -7550776, 2484985 }, + { 9255317, -3131197, -12156162, -1004256, 13098013, -9214866, 16377220, -2102812, -19802075, -3034702 }, + { -22729289, 7496160, -5742199, 11329249, 19991973, -3347502, -31718148, 9936966, -30097688, -10618797 }, + }, + { + { 21878590, -5001297, 4338336, 13643897, -3036865, 13160960, 19708896, 5415497, -7360503, -4109293 }, + { 27736861, 10103576, 12500508, 8502413, -3413016, -9633558, 10436918, -1550276, -23659143, -8132100 }, + { 19492550, -12104365, -29681976, -852630, -3208171, 12403437, 30066266, 8367329, 13243957, 8709688 }, + }, + }, + { + { + { 12015105, 2801261, 28198131, 10151021, 24818120, -4743133, -11194191, -5645734, 5150968, 7274186 }, + { 2831366, -12492146, 1478975, 6122054, 23825128, -12733586, 31097299, 6083058, 31021603, -9793610 }, + { -2529932, -2229646, 445613, 10720828, -13849527, -11505937, -23507731, 16354465, 15067285, -14147707 }, + }, + { + { 7840942, 14037873, -33364863, 15934016, -728213, -3642706, 21403988, 1057586, -19379462, -12403220 }, + { 915865, -16469274, 15608285, -8789130, -24357026, 6060030, -17371319, 8410997, -7220461, 16527025 }, + { 32922597, -556987, 20336074, -16184568, 10903705, -5384487, 16957574, 52992, 23834301, 6588044 }, + }, + { + { 32752030, 11232950, 3381995, -8714866, 22652988, -10744103, 17159699, 16689107, -20314580, -1305992 }, + { -4689649, 9166776, -25710296, -10847306, 11576752, 12733943, 7924251, -2752281, 1976123, -7249027 }, + { 21251222, 16309901, -2983015, -6783122, 30810597, 12967303, 156041, -3371252, 12331345, -8237197 }, + }, + { + { 8651614, -4477032, -16085636, -4996994, 13002507, 2950805, 29054427, -5106970, 10008136, -4667901 }, + { 31486080, 15114593, -14261250, 12951354, 14369431, -7387845, 16347321, -13662089, 8684155, -10532952 }, + { 19443825, 11385320, 24468943, -9659068, -23919258, 2187569, -26263207, -6086921, 31316348, 14219878 }, + }, + { + { -28594490, 1193785, 32245219, 11392485, 31092169, 15722801, 27146014, 6992409, 29126555, 9207390 }, + { 32382935, 1110093, 18477781, 11028262, -27411763, -7548111, -4980517, 10843782, -7957600, -14435730 }, + { 2814918, 7836403, 27519878, -7868156, -20894015, -11553689, -21494559, 8550130, 28346258, 1994730 }, + }, + { + { -19578299, 8085545, -14000519, -3948622, 2785838, -16231307, -19516951, 7174894, 22628102, 8115180 }, + { -30405132, 955511, -11133838, -15078069, -32447087, -13278079, -25651578, 3317160, -9943017, 930272 }, + { -15303681, -6833769, 28856490, 1357446, 23421993, 1057177, 24091212, -1388970, -22765376, -10650715 }, + }, + { + { -22751231, -5303997, -12907607, -12768866, -15811511, -7797053, -14839018, -16554220, -1867018, 8398970 }, + { -31969310, 2106403, -4736360, 1362501, 12813763, 16200670, 22981545, -6291273, 18009408, -15772772 }, + { -17220923, -9545221, -27784654, 14166835, 29815394, 7444469, 29551787, -3727419, 19288549, 1325865 }, + }, + { + { 15100157, -15835752, -23923978, -1005098, -26450192, 15509408, 12376730, -3479146, 33166107, -8042750 }, + { 20909231, 13023121, -9209752, 16251778, -5778415, -8094914, 12412151, 10018715, 2213263, -13878373 }, + { 32529814, -11074689, 30361439, -16689753, -9135940, 1513226, 22922121, 6382134, -5766928, 8371348 }, + }, + }, + { + { + { 9923462, 11271500, 12616794, 3544722, -29998368, -1721626, 12891687, -8193132, -26442943, 10486144 }, + { -22597207, -7012665, 8587003, -8257861, 4084309, -12970062, 361726, 2610596, -23921530, -11455195 }, + { 5408411, -1136691, -4969122, 10561668, 24145918, 14240566, 31319731, -4235541, 19985175, -3436086 }, + }, + { + { -13994457, 16616821, 14549246, 3341099, 32155958, 13648976, -17577068, 8849297, 65030, 8370684 }, + { -8320926, -12049626, 31204563, 5839400, -20627288, -1057277, -19442942, 6922164, 12743482, -9800518 }, + { -2361371, 12678785, 28815050, 4759974, -23893047, 4884717, 23783145, 11038569, 18800704, 255233 }, + }, + { + { -5269658, -1773886, 13957886, 7990715, 23132995, 728773, 13393847, 9066957, 19258688, -14753793 }, + { -2936654, -10827535, -10432089, 14516793, -3640786, 4372541, -31934921, 2209390, -1524053, 2055794 }, + { 580882, 16705327, 5468415, -2683018, -30926419, -14696000, -7203346, -8994389, -30021019, 7394435 }, + }, + { + { 23838809, 1822728, -15738443, 15242727, 8318092, -3733104, -21672180, -3492205, -4821741, 14799921 }, + { 13345610, 9759151, 3371034, -16137791, 16353039, 8577942, 31129804, 13496856, -9056018, 7402518 }, + { 2286874, -4435931, -20042458, -2008336, -13696227, 5038122, 11006906, -15760352, 8205061, 1607563 }, + }, + { + { 14414086, -8002132, 3331830, -3208217, 22249151, -5594188, 18364661, -2906958, 30019587, -9029278 }, + { -27688051, 1585953, -10775053, 931069, -29120221, -11002319, -14410829, 12029093, 9944378, 8024 }, + { 4368715, -3709630, 29874200, -15022983, -20230386, -11410704, -16114594, -999085, -8142388, 5640030 }, + }, + { + { 10299610, 13746483, 11661824, 16234854, 7630238, 5998374, 9809887, -16694564, 15219798, -14327783 }, + { 27425505, -5719081, 3055006, 10660664, 23458024, 595578, -15398605, -1173195, -18342183, 9742717 }, + { 6744077, 2427284, 26042789, 2720740, -847906, 1118974, 32324614, 7406442, 12420155, 1994844 }, + }, + { + { 14012521, -5024720, -18384453, -9578469, -26485342, -3936439, -13033478, -10909803, 24319929, -6446333 }, + { 16412690, -4507367, 10772641, 15929391, -17068788, -4658621, 10555945, -10484049, -30102368, -4739048 }, + { 22397382, -7767684, -9293161, -12792868, 17166287, -9755136, -27333065, 6199366, 21880021, -12250760 }, + }, + { + { -4283307, 5368523, -31117018, 8163389, -30323063, 3209128, 16557151, 8890729, 8840445, 4957760 }, + { -15447727, 709327, -6919446, -10870178, -29777922, 6522332, -21720181, 12130072, -14796503, 5005757 }, + { -2114751, -14308128, 23019042, 15765735, -25269683, 6002752, 10183197, -13239326, -16395286, -2176112 }, + }, + }, + { + { + { -19025756, 1632005, 13466291, -7995100, -23640451, 16573537, -32013908, -3057104, 22208662, 2000468 }, + { 3065073, -1412761, -25598674, -361432, -17683065, -5703415, -8164212, 11248527, -3691214, -7414184 }, + { 10379208, -6045554, 8877319, 1473647, -29291284, -12507580, 16690915, 2553332, -3132688, 16400289 }, + }, + { + { 15716668, 1254266, -18472690, 7446274, -8448918, 6344164, -22097271, -7285580, 26894937, 9132066 }, + { 24158887, 12938817, 11085297, -8177598, -28063478, -4457083, -30576463, 64452, -6817084, -2692882 }, + { 13488534, 7794716, 22236231, 5989356, 25426474, -12578208, 2350710, -3418511, -4688006, 2364226 }, + }, + { + { 16335052, 9132434, 25640582, 6678888, 1725628, 8517937, -11807024, -11697457, 15445875, -7798101 }, + { 29004207, -7867081, 28661402, -640412, -12794003, -7943086, 31863255, -4135540, -278050, -15759279 }, + { -6122061, -14866665, -28614905, 14569919, -10857999, -3591829, 10343412, -6976290, -29828287, -10815811 }, + }, + { + { 27081650, 3463984, 14099042, -4517604, 1616303, -6205604, 29542636, 15372179, 17293797, 960709 }, + { 20263915, 11434237, -5765435, 11236810, 13505955, -10857102, -16111345, 6493122, -19384511, 7639714 }, + { -2830798, -14839232, 25403038, -8215196, -8317012, -16173699, 18006287, -16043750, 29994677, -15808121 }, + }, + { + { 9769828, 5202651, -24157398, -13631392, -28051003, -11561624, -24613141, -13860782, -31184575, 709464 }, + { 12286395, 13076066, -21775189, -1176622, -25003198, 4057652, -32018128, -8890874, 16102007, 13205847 }, + { 13733362, 5599946, 10557076, 3195751, -5557991, 8536970, -25540170, 8525972, 10151379, 10394400 }, + }, + { + { 4024660, -16137551, 22436262, 12276534, -9099015, -2686099, 19698229, 11743039, -33302334, 8934414 }, + { -15879800, -4525240, -8580747, -2934061, 14634845, -698278, -9449077, 3137094, -11536886, 11721158 }, + { 17555939, -5013938, 8268606, 2331751, -22738815, 9761013, 9319229, 8835153, -9205489, -1280045 }, + }, + { + { -461409, -7830014, 20614118, 16688288, -7514766, -4807119, 22300304, 505429, 6108462, -6183415 }, + { -5070281, 12367917, -30663534, 3234473, 32617080, -8422642, 29880583, -13483331, -26898490, -7867459 }, + { -31975283, 5726539, 26934134, 10237677, -3173717, -605053, 24199304, 3795095, 7592688, -14992079 }, + }, + { + { 21594432, -14964228, 17466408, -4077222, 32537084, 2739898, 6407723, 12018833, -28256052, 4298412 }, + { -20650503, -11961496, -27236275, 570498, 3767144, -1717540, 13891942, -1569194, 13717174, 10805743 }, + { -14676630, -15644296, 15287174, 11927123, 24177847, -8175568, -796431, 14860609, -26938930, -5863836 }, + }, + }, + { + { + { 12962541, 5311799, -10060768, 11658280, 18855286, -7954201, 13286263, -12808704, -4381056, 9882022 }, + { 18512079, 11319350, -20123124, 15090309, 18818594, 5271736, -22727904, 3666879, -23967430, -3299429 }, + { -6789020, -3146043, 16192429, 13241070, 15898607, -14206114, -10084880, -6661110, -2403099, 5276065 }, + }, + { + { 30169808, -5317648, 26306206, -11750859, 27814964, 7069267, 7152851, 3684982, 1449224, 13082861 }, + { 10342826, 3098505, 2119311, 193222, 25702612, 12233820, 23697382, 15056736, -21016438, -8202000 }, + { -33150110, 3261608, 22745853, 7948688, 19370557, -15177665, -26171976, 6482814, -10300080, -11060101 }, + }, + { + { 32869458, -5408545, 25609743, 15678670, -10687769, -15471071, 26112421, 2521008, -22664288, 6904815 }, + { 29506923, 4457497, 3377935, -9796444, -30510046, 12935080, 1561737, 3841096, -29003639, -6657642 }, + { 10340844, -6630377, -18656632, -2278430, 12621151, -13339055, 30878497, -11824370, -25584551, 5181966 }, + }, + { + { 25940115, -12658025, 17324188, -10307374, -8671468, 15029094, 24396252, -16450922, -2322852, -12388574 }, + { -21765684, 9916823, -1300409, 4079498, -1028346, 11909559, 1782390, 12641087, 20603771, -6561742 }, + { -18882287, -11673380, 24849422, 11501709, 13161720, -4768874, 1925523, 11914390, 4662781, 7820689 }, + }, + { + { 12241050, -425982, 8132691, 9393934, 32846760, -1599620, 29749456, 12172924, 16136752, 15264020 }, + { -10349955, -14680563, -8211979, 2330220, -17662549, -14545780, 10658213, 6671822, 19012087, 3772772 }, + { 3753511, -3421066, 10617074, 2028709, 14841030, -6721664, 28718732, -15762884, 20527771, 12988982 }, + }, + { + { -14822485, -5797269, -3707987, 12689773, -898983, -10914866, -24183046, -10564943, 3299665, -12424953 }, + { -16777703, -15253301, -9642417, 4978983, 3308785, 8755439, 6943197, 6461331, -25583147, 8991218 }, + { -17226263, 1816362, -1673288, -6086439, 31783888, -8175991, -32948145, 7417950, -30242287, 1507265 }, + }, + { + { 29692663, 6829891, -10498800, 4334896, 20945975, -11906496, -28887608, 8209391, 14606362, -10647073 }, + { -3481570, 8707081, 32188102, 5672294, 22096700, 1711240, -33020695, 9761487, 4170404, -2085325 }, + { -11587470, 14855945, -4127778, -1531857, -26649089, 15084046, 22186522, 16002000, -14276837, -8400798 }, + }, + { + { -4811456, 13761029, -31703877, -2483919, -3312471, 7869047, -7113572, -9620092, 13240845, 10965870 }, + { -7742563, -8256762, -14768334, -13656260, -23232383, 12387166, 4498947, 14147411, 29514390, 4302863 }, + { -13413405, -12407859, 20757302, -13801832, 14785143, 8976368, -5061276, -2144373, 17846988, -13971927 }, + }, + }, + { + { + { -2244452, -754728, -4597030, -1066309, -6247172, 1455299, -21647728, -9214789, -5222701, 12650267 }, + { -9906797, -16070310, 21134160, 12198166, -27064575, 708126, 387813, 13770293, -19134326, 10958663 }, + { 22470984, 12369526, 23446014, -5441109, -21520802, -9698723, -11772496, -11574455, -25083830, 4271862 }, + }, + { + { -25169565, -10053642, -19909332, 15361595, -5984358, 2159192, 75375, -4278529, -32526221, 8469673 }, + { 15854970, 4148314, -8893890, 7259002, 11666551, 13824734, -30531198, 2697372, 24154791, -9460943 }, + { 15446137, -15806644, 29759747, 14019369, 30811221, -9610191, -31582008, 12840104, 24913809, 9815020 }, + }, + { + { -4709286, -5614269, -31841498, -12288893, -14443537, 10799414, -9103676, 13438769, 18735128, 9466238 }, + { 11933045, 9281483, 5081055, -5183824, -2628162, -4905629, -7727821, -10896103, -22728655, 16199064 }, + { 14576810, 379472, -26786533, -8317236, -29426508, -10812974, -102766, 1876699, 30801119, 2164795 }, + }, + { + { 15995086, 3199873, 13672555, 13712240, -19378835, -4647646, -13081610, -15496269, -13492807, 1268052 }, + { -10290614, -3659039, -3286592, 10948818, 23037027, 3794475, -3470338, -12600221, -17055369, 3565904 }, + { 29210088, -9419337, -5919792, -4952785, 10834811, -13327726, -16512102, -10820713, -27162222, -14030531 }, + }, + { + { -13161890, 15508588, 16663704, -8156150, -28349942, 9019123, -29183421, -3769423, 2244111, -14001979 }, + { -5152875, -3800936, -9306475, -6071583, 16243069, 14684434, -25673088, -16180800, 13491506, 4641841 }, + { 10813417, 643330, -19188515, -728916, 30292062, -16600078, 27548447, -7721242, 14476989, -12767431 }, + }, + { + { 10292079, 9984945, 6481436, 8279905, -7251514, 7032743, 27282937, -1644259, -27912810, 12651324 }, + { -31185513, -813383, 22271204, 11835308, 10201545, 15351028, 17099662, 3988035, 21721536, -3148940 }, + { 10202177, -6545839, -31373232, -9574638, -32150642, -8119683, -12906320, 3852694, 13216206, 14842320 }, + }, + { + { -15815640, -10601066, -6538952, -7258995, -6984659, -6581778, -31500847, 13765824, -27434397, 9900184 }, + { 14465505, -13833331, -32133984, -14738873, -27443187, 12990492, 33046193, 15796406, -7051866, -8040114 }, + { 30924417, -8279620, 6359016, -12816335, 16508377, 9071735, -25488601, 15413635, 9524356, -7018878 }, + }, + { + { 12274201, -13175547, 32627641, -1785326, 6736625, 13267305, 5237659, -5109483, 15663516, 4035784 }, + { -2951309, 8903985, 17349946, 601635, -16432815, -4612556, -13732739, -15889334, -22258478, 4659091 }, + { -16916263, -4952973, -30393711, -15158821, 20774812, 15897498, 5736189, 15026997, -2178256, -13455585 }, + }, + }, + { + { + { -8858980, -2219056, 28571666, -10155518, -474467, -10105698, -3801496, 278095, 23440562, -290208 }, + { 10226241, -5928702, 15139956, 120818, -14867693, 5218603, 32937275, 11551483, -16571960, -7442864 }, + { 17932739, -12437276, -24039557, 10749060, 11316803, 7535897, 22503767, 5561594, -3646624, 3898661 }, + }, + { + { 7749907, -969567, -16339731, -16464, -25018111, 15122143, -1573531, 7152530, 21831162, 1245233 }, + { 26958459, -14658026, 4314586, 8346991, -5677764, 11960072, -32589295, -620035, -30402091, -16716212 }, + { -12165896, 9166947, 33491384, 13673479, 29787085, 13096535, 6280834, 14587357, -22338025, 13987525 }, + }, + { + { -24349909, 7778775, 21116000, 15572597, -4833266, -5357778, -4300898, -5124639, -7469781, -2858068 }, + { 9681908, -6737123, -31951644, 13591838, -6883821, 386950, 31622781, 6439245, -14581012, 4091397 }, + { -8426427, 1470727, -28109679, -1596990, 3978627, -5123623, -19622683, 12092163, 29077877, -14741988 }, + }, + { + { 5269168, -6859726, -13230211, -8020715, 25932563, 1763552, -5606110, -5505881, -20017847, 2357889 }, + { 32264008, -15407652, -5387735, -1160093, -2091322, -3946900, 23104804, -12869908, 5727338, 189038 }, + { 14609123, -8954470, -6000566, -16622781, -14577387, -7743898, -26745169, 10942115, -25888931, -14884697 }, + }, + { + { 20513500, 5557931, -15604613, 7829531, 26413943, -2019404, -21378968, 7471781, 13913677, -5137875 }, + { -25574376, 11967826, 29233242, 12948236, -6754465, 4713227, -8940970, 14059180, 12878652, 8511905 }, + { -25656801, 3393631, -2955415, -7075526, -2250709, 9366908, -30223418, 6812974, 5568676, -3127656 }, + }, + { + { 11630004, 12144454, 2116339, 13606037, 27378885, 15676917, -17408753, -13504373, -14395196, 8070818 }, + { 27117696, -10007378, -31282771, -5570088, 1127282, 12772488, -29845906, 10483306, -11552749, -1028714 }, + { 10637467, -5688064, 5674781, 1072708, -26343588, -6982302, -1683975, 9177853, -27493162, 15431203 }, + }, + { + { 20525145, 10892566, -12742472, 12779443, -29493034, 16150075, -28240519, 14943142, -15056790, -7935931 }, + { -30024462, 5626926, -551567, -9981087, 753598, 11981191, 25244767, -3239766, -3356550, 9594024 }, + { -23752644, 2636870, -5163910, -10103818, 585134, 7877383, 11345683, -6492290, 13352335, -10977084 }, + }, + { + { -1931799, -5407458, 3304649, -12884869, 17015806, -4877091, -29783850, -7752482, -13215537, -319204 }, + { 20239939, 6607058, 6203985, 3483793, -18386976, -779229, -20723742, 15077870, -22750759, 14523817 }, + { 27406042, -6041657, 27423596, -4497394, 4996214, 10002360, -28842031, -4545494, -30172742, -4805667 }, + }, + }, + { + { + { 11374242, 12660715, 17861383, -12540833, 10935568, 1099227, -13886076, -9091740, -27727044, 11358504 }, + { -12730809, 10311867, 1510375, 10778093, -2119455, -9145702, 32676003, 11149336, -26123651, 4985768 }, + { -19096303, 341147, -6197485, -239033, 15756973, -8796662, -983043, 13794114, -19414307, -15621255 }, + }, + { + { 6490081, 11940286, 25495923, -7726360, 8668373, -8751316, 3367603, 6970005, -1691065, -9004790 }, + { 1656497, 13457317, 15370807, 6364910, 13605745, 8362338, -19174622, -5475723, -16796596, -5031438 }, + { -22273315, -13524424, -64685, -4334223, -18605636, -10921968, -20571065, -7007978, -99853, -10237333 }, + }, + { + { 17747465, 10039260, 19368299, -4050591, -20630635, -16041286, 31992683, -15857976, -29260363, -5511971 }, + { 31932027, -4986141, -19612382, 16366580, 22023614, 88450, 11371999, -3744247, 4882242, -10626905 }, + { 29796507, 37186, 19818052, 10115756, -11829032, 3352736, 18551198, 3272828, -5190932, -4162409 }, + }, + { + { 12501286, 4044383, -8612957, -13392385, -32430052, 5136599, -19230378, -3529697, 330070, -3659409 }, + { 6384877, 2899513, 17807477, 7663917, -2358888, 12363165, 25366522, -8573892, -271295, 12071499 }, + { -8365515, -4042521, 25133448, -4517355, -6211027, 2265927, -32769618, 1936675, -5159697, 3829363 }, + }, + { + { 28425966, -5835433, -577090, -4697198, -14217555, 6870930, 7921550, -6567787, 26333140, 14267664 }, + { -11067219, 11871231, 27385719, -10559544, -4585914, -11189312, 10004786, -8709488, -21761224, 8930324 }, + { -21197785, -16396035, 25654216, -1725397, 12282012, 11008919, 1541940, 4757911, -26491501, -16408940 }, + }, + { + { 13537262, -7759490, -20604840, 10961927, -5922820, -13218065, -13156584, 6217254, -15943699, 13814990 }, + { -17422573, 15157790, 18705543, 29619, 24409717, -260476, 27361681, 9257833, -1956526, -1776914 }, + { -25045300, -10191966, 15366585, 15166509, -13105086, 8423556, -29171540, 12361135, -18685978, 4578290 }, + }, + { + { 24579768, 3711570, 1342322, -11180126, -27005135, 14124956, -22544529, 14074919, 21964432, 8235257 }, + { -6528613, -2411497, 9442966, -5925588, 12025640, -1487420, -2981514, -1669206, 13006806, 2355433 }, + { -16304899, -13605259, -6632427, -5142349, 16974359, -10911083, 27202044, 1719366, 1141648, -12796236 }, + }, + { + { -12863944, -13219986, -8318266, -11018091, -6810145, -4843894, 13475066, -3133972, 32674895, 13715045 }, + { 11423335, -5468059, 32344216, 8962751, 24989809, 9241752, -13265253, 16086212, -28740881, -15642093 }, + { -1409668, 12530728, -6368726, 10847387, 19531186, -14132160, -11709148, 7791794, -27245943, 4383347 }, + }, + }, + { + { + { -28970898, 5271447, -1266009, -9736989, -12455236, 16732599, -4862407, -4906449, 27193557, 6245191 }, + { -15193956, 5362278, -1783893, 2695834, 4960227, 12840725, 23061898, 3260492, 22510453, 8577507 }, + { -12632451, 11257346, -32692994, 13548177, -721004, 10879011, 31168030, 13952092, -29571492, -3635906 }, + }, + { + { 3877321, -9572739, 32416692, 5405324, -11004407, -13656635, 3759769, 11935320, 5611860, 8164018 }, + { -16275802, 14667797, 15906460, 12155291, -22111149, -9039718, 32003002, -8832289, 5773085, -8422109 }, + { -23788118, -8254300, 1950875, 8937633, 18686727, 16459170, -905725, 12376320, 31632953, 190926 }, + }, + { + { -24593607, -16138885, -8423991, 13378746, 14162407, 6901328, -8288749, 4508564, -25341555, -3627528 }, + { 8884438, -5884009, 6023974, 10104341, -6881569, -4941533, 18722941, -14786005, -1672488, 827625 }, + { -32720583, -16289296, -32503547, 7101210, 13354605, 2659080, -1800575, -14108036, -24878478, 1541286 }, + }, + { + { 2901347, -1117687, 3880376, -10059388, -17620940, -3612781, -21802117, -3567481, 20456845, -1885033 }, + { 27019610, 12299467, -13658288, -1603234, -12861660, -4861471, -19540150, -5016058, 29439641, 15138866 }, + { 21536104, -6626420, -32447818, -10690208, -22408077, 5175814, -5420040, -16361163, 7779328, 109896 }, + }, + { + { 30279744, 14648750, -8044871, 6425558, 13639621, -743509, 28698390, 12180118, 23177719, -554075 }, + { 26572847, 3405927, -31701700, 12890905, -19265668, 5335866, -6493768, 2378492, 4439158, -13279347 }, + { -22716706, 3489070, -9225266, -332753, 18875722, -1140095, 14819434, -12731527, -17717757, -5461437 }, + }, + { + { -5056483, 16566551, 15953661, 3767752, -10436499, 15627060, -820954, 2177225, 8550082, -15114165 }, + { -18473302, 16596775, -381660, 15663611, 22860960, 15585581, -27844109, -3582739, -23260460, -8428588 }, + { -32480551, 15707275, -8205912, -5652081, 29464558, 2713815, -22725137, 15860482, -21902570, 1494193 }, + }, + { + { -19562091, -14087393, -25583872, -9299552, 13127842, 759709, 21923482, 16529112, 8742704, 12967017 }, + { -28464899, 1553205, 32536856, -10473729, -24691605, -406174, -8914625, -2933896, -29903758, 15553883 }, + { 21877909, 3230008, 9881174, 10539357, -4797115, 2841332, 11543572, 14513274, 19375923, -12647961 }, + }, + { + { 8832269, -14495485, 13253511, 5137575, 5037871, 4078777, 24880818, -6222716, 2862653, 9455043 }, + { 29306751, 5123106, 20245049, -14149889, 9592566, 8447059, -2077124, -2990080, 15511449, 4789663 }, + { -20679756, 7004547, 8824831, -9434977, -4045704, -3750736, -5754762, 108893, 23513200, 16652362 }, + }, + }, + { + { + { -33256173, 4144782, -4476029, -6579123, 10770039, -7155542, -6650416, -12936300, -18319198, 10212860 }, + { 2756081, 8598110, 7383731, -6859892, 22312759, -1105012, 21179801, 2600940, -9988298, -12506466 }, + { -24645692, 13317462, -30449259, -15653928, 21365574, -10869657, 11344424, 864440, -2499677, -16710063 }, + }, + { + { -26432803, 6148329, -17184412, -14474154, 18782929, -275997, -22561534, 211300, 2719757, 4940997 }, + { -1323882, 3911313, -6948744, 14759765, -30027150, 7851207, 21690126, 8518463, 26699843, 5276295 }, + { -13149873, -6429067, 9396249, 365013, 24703301, -10488939, 1321586, 149635, -15452774, 7159369 }, + }, + { + { 9987780, -3404759, 17507962, 9505530, 9731535, -2165514, 22356009, 8312176, 22477218, -8403385 }, + { 18155857, -16504990, 19744716, 9006923, 15154154, -10538976, 24256460, -4864995, -22548173, 9334109 }, + { 2986088, -4911893, 10776628, -3473844, 10620590, -7083203, -21413845, 14253545, -22587149, 536906 }, + }, + { + { 4377756, 8115836, 24567078, 15495314, 11625074, 13064599, 7390551, 10589625, 10838060, -15420424 }, + { -19342404, 867880, 9277171, -3218459, -14431572, -1986443, 19295826, -15796950, 6378260, 699185 }, + { 7895026, 4057113, -7081772, -13077756, -17886831, -323126, -716039, 15693155, -5045064, -13373962 }, + }, + { + { -7737563, -5869402, -14566319, -7406919, 11385654, 13201616, 31730678, -10962840, -3918636, -9669325 }, + { 10188286, -15770834, -7336361, 13427543, 22223443, 14896287, 30743455, 7116568, -21786507, 5427593 }, + { 696102, 13206899, 27047647, -10632082, 15285305, -9853179, 10798490, -4578720, 19236243, 12477404 }, + }, + { + { -11229439, 11243796, -17054270, -8040865, -788228, -8167967, -3897669, 11180504, -23169516, 7733644 }, + { 17800790, -14036179, -27000429, -11766671, 23887827, 3149671, 23466177, -10538171, 10322027, 15313801 }, + { 26246234, 11968874, 32263343, -5468728, 6830755, -13323031, -15794704, -101982, -24449242, 10890804 }, + }, + { + { -31365647, 10271363, -12660625, -6267268, 16690207, -13062544, -14982212, 16484931, 25180797, -5334884 }, + { -586574, 10376444, -32586414, -11286356, 19801893, 10997610, 2276632, 9482883, 316878, 13820577 }, + { -9882808, -4510367, -2115506, 16457136, -11100081, 11674996, 30756178, -7515054, 30696930, -3712849 }, + }, + { + { 32988917, -9603412, 12499366, 7910787, -10617257, -11931514, -7342816, -9985397, -32349517, 7392473 }, + { -8855661, 15927861, 9866406, -3649411, -2396914, -16655781, -30409476, -9134995, 25112947, -2926644 }, + { -2504044, -436966, 25621774, -5678772, 15085042, -5479877, -24884878, -13526194, 5537438, -13914319 }, + }, + }, + { + { + { -11225584, 2320285, -9584280, 10149187, -33444663, 5808648, -14876251, -1729667, 31234590, 6090599 }, + { -9633316, 116426, 26083934, 2897444, -6364437, -2688086, 609721, 15878753, -6970405, -9034768 }, + { -27757857, 247744, -15194774, -9002551, 23288161, -10011936, -23869595, 6503646, 20650474, 1804084 }, + }, + { + { -27589786, 15456424, 8972517, 8469608, 15640622, 4439847, 3121995, -10329713, 27842616, -202328 }, + { -15306973, 2839644, 22530074, 10026331, 4602058, 5048462, 28248656, 5031932, -11375082, 12714369 }, + { 20807691, -7270825, 29286141, 11421711, -27876523, -13868230, -21227475, 1035546, -19733229, 12796920 }, + }, + { + { 12076899, -14301286, -8785001, -11848922, -25012791, 16400684, -17591495, -12899438, 3480665, -15182815 }, + { -32361549, 5457597, 28548107, 7833186, 7303070, -11953545, -24363064, -15921875, -33374054, 2771025 }, + { -21389266, 421932, 26597266, 6860826, 22486084, -6737172, -17137485, -4210226, -24552282, 15673397 }, + }, + { + { -20184622, 2338216, 19788685, -9620956, -4001265, -8740893, -20271184, 4733254, 3727144, -12934448 }, + { 6120119, 814863, -11794402, -622716, 6812205, -15747771, 2019594, 7975683, 31123697, -10958981 }, + { 30069250, -11435332, 30434654, 2958439, 18399564, -976289, 12296869, 9204260, -16432438, 9648165 }, + }, + { + { 32705432, -1550977, 30705658, 7451065, -11805606, 9631813, 3305266, 5248604, -26008332, -11377501 }, + { 17219865, 2375039, -31570947, -5575615, -19459679, 9219903, 294711, 15298639, 2662509, -16297073 }, + { -1172927, -7558695, -4366770, -4287744, -21346413, -8434326, 32087529, -1222777, 32247248, -14389861 }, + }, + { + { 14312628, 1221556, 17395390, -8700143, -4945741, -8684635, -28197744, -9637817, -16027623, -13378845 }, + { -1428825, -9678990, -9235681, 6549687, -7383069, -468664, 23046502, 9803137, 17597934, 2346211 }, + { 18510800, 15337574, 26171504, 981392, -22241552, 7827556, -23491134, -11323352, 3059833, -11782870 }, + }, + { + { 10141598, 6082907, 17829293, -1947643, 9830092, 13613136, -25556636, -5544586, -33502212, 3592096 }, + { 33114168, -15889352, -26525686, -13343397, 33076705, 8716171, 1151462, 1521897, -982665, -6837803 }, + { -32939165, -4255815, 23947181, -324178, -33072974, -12305637, -16637686, 3891704, 26353178, 693168 }, + }, + { + { 30374239, 1595580, -16884039, 13186931, 4600344, 406904, 9585294, -400668, 31375464, 14369965 }, + { -14370654, -7772529, 1510301, 6434173, -18784789, -6262728, 32732230, -13108839, 17901441, 16011505 }, + { 18171223, -11934626, -12500402, 15197122, -11038147, -15230035, -19172240, -16046376, 8764035, 12309598 }, + }, + }, + { + { + { 5975908, -5243188, -19459362, -9681747, -11541277, 14015782, -23665757, 1228319, 17544096, -10593782 }, + { 5811932, -1715293, 3442887, -2269310, -18367348, -8359541, -18044043, -15410127, -5565381, 12348900 }, + { -31399660, 11407555, 25755363, 6891399, -3256938, 14872274, -24849353, 8141295, -10632534, -585479 }, + }, + { + { -12675304, 694026, -5076145, 13300344, 14015258, -14451394, -9698672, -11329050, 30944593, 1130208 }, + { 8247766, -6710942, -26562381, -7709309, -14401939, -14648910, 4652152, 2488540, 23550156, -271232 }, + { 17294316, -3788438, 7026748, 15626851, 22990044, 113481, 2267737, -5908146, -408818, -137719 }, + }, + { + { 16091085, -16253926, 18599252, 7340678, 2137637, -1221657, -3364161, 14550936, 3260525, -7166271 }, + { -4910104, -13332887, 18550887, 10864893, -16459325, -7291596, -23028869, -13204905, -12748722, 2701326 }, + { -8574695, 16099415, 4629974, -16340524, -20786213, -6005432, -10018363, 9276971, 11329923, 1862132 }, + }, + { + { 14763076, -15903608, -30918270, 3689867, 3511892, 10313526, -21951088, 12219231, -9037963, -940300 }, + { 8894987, -3446094, 6150753, 3013931, 301220, 15693451, -31981216, -2909717, -15438168, 11595570 }, + { 15214962, 3537601, -26238722, -14058872, 4418657, -15230761, 13947276, 10730794, -13489462, -4363670 }, + }, + { + { -2538306, 7682793, 32759013, 263109, -29984731, -7955452, -22332124, -10188635, 977108, 699994 }, + { -12466472, 4195084, -9211532, 550904, -15565337, 12917920, 19118110, -439841, -30534533, -14337913 }, + { 31788461, -14507657, 4799989, 7372237, 8808585, -14747943, 9408237, -10051775, 12493932, -5409317 }, + }, + { + { -25680606, 5260744, -19235809, -6284470, -3695942, 16566087, 27218280, 2607121, 29375955, 6024730 }, + { 842132, -2794693, -4763381, -8722815, 26332018, -12405641, 11831880, 6985184, -9940361, 2854096 }, + { -4847262, -7969331, 2516242, -5847713, 9695691, -7221186, 16512645, 960770, 12121869, 16648078 }, + }, + { + { -15218652, 14667096, -13336229, 2013717, 30598287, -464137, -31504922, -7882064, 20237806, 2838411 }, + { -19288047, 4453152, 15298546, -16178388, 22115043, -15972604, 12544294, -13470457, 1068881, -12499905 }, + { -9558883, -16518835, 33238498, 13506958, 30505848, -1114596, -8486907, -2630053, 12521378, 4845654 }, + }, + { + { -28198521, 10744108, -2958380, 10199664, 7759311, -13088600, 3409348, -873400, -6482306, -12885870 }, + { -23561822, 6230156, -20382013, 10655314, -24040585, -11621172, 10477734, -1240216, -3113227, 13974498 }, + { 12966261, 15550616, -32038948, -1615346, 21025980, -629444, 5642325, 7188737, 18895762, 12629579 }, + }, + }, + { + { + { 14741879, -14946887, 22177208, -11721237, 1279741, 8058600, 11758140, 789443, 32195181, 3895677 }, + { 10758205, 15755439, -4509950, 9243698, -4879422, 6879879, -2204575, -3566119, -8982069, 4429647 }, + { -2453894, 15725973, -20436342, -10410672, -5803908, -11040220, -7135870, -11642895, 18047436, -15281743 }, + }, + { + { -25173001, -11307165, 29759956, 11776784, -22262383, -15820455, 10993114, -12850837, -17620701, -9408468 }, + { 21987233, 700364, -24505048, 14972008, -7774265, -5718395, 32155026, 2581431, -29958985, 8773375 }, + { -25568350, 454463, -13211935, 16126715, 25240068, 8594567, 20656846, 12017935, -7874389, -13920155 }, + }, + { + { 6028182, 6263078, -31011806, -11301710, -818919, 2461772, -31841174, -5468042, -1721788, -2776725 }, + { -12278994, 16624277, 987579, -5922598, 32908203, 1248608, 7719845, -4166698, 28408820, 6816612 }, + { -10358094, -8237829, 19549651, -12169222, 22082623, 16147817, 20613181, 13982702, -10339570, 5067943 }, + }, + { + { -30505967, -3821767, 12074681, 13582412, -19877972, 2443951, -19719286, 12746132, 5331210, -10105944 }, + { 30528811, 3601899, -1957090, 4619785, -27361822, -15436388, 24180793, -12570394, 27679908, -1648928 }, + { 9402404, -13957065, 32834043, 10838634, -26580150, -13237195, 26653274, -8685565, 22611444, -12715406 }, + }, + { + { 22190590, 1118029, 22736441, 15130463, -30460692, -5991321, 19189625, -4648942, 4854859, 6622139 }, + { -8310738, -2953450, -8262579, -3388049, -10401731, -271929, 13424426, -3567227, 26404409, 13001963 }, + { -31241838, -15415700, -2994250, 8939346, 11562230, -12840670, -26064365, -11621720, -15405155, 11020693 }, + }, + { + { 1866042, -7949489, -7898649, -10301010, 12483315, 13477547, 3175636, -12424163, 28761762, 1406734 }, + { -448555, -1777666, 13018551, 3194501, -9580420, -11161737, 24760585, -4347088, 25577411, -13378680 }, + { -24290378, 4759345, -690653, -1852816, 2066747, 10693769, -29595790, 9884936, -9368926, 4745410 }, + }, + { + { -9141284, 6049714, -19531061, -4341411, -31260798, 9944276, -15462008, -11311852, 10931924, -11931931 }, + { -16561513, 14112680, -8012645, 4817318, -8040464, -11414606, -22853429, 10856641, -20470770, 13434654 }, + { 22759489, -10073434, -16766264, -1871422, 13637442, -10168091, 1765144, -12654326, 28445307, -5364710 }, + }, + { + { 29875063, 12493613, 2795536, -3786330, 1710620, 15181182, -10195717, -8788675, 9074234, 1167180 }, + { -26205683, 11014233, -9842651, -2635485, -26908120, 7532294, -18716888, -9535498, 3843903, 9367684 }, + { -10969595, -6403711, 9591134, 9582310, 11349256, 108879, 16235123, 8601684, -139197, 4242895 }, + }, + }, + { + { + { 22092954, -13191123, -2042793, -11968512, 32186753, -11517388, -6574341, 2470660, -27417366, 16625501 }, + { -11057722, 3042016, 13770083, -9257922, 584236, -544855, -7770857, 2602725, -27351616, 14247413 }, + { 6314175, -10264892, -32772502, 15957557, -10157730, 168750, -8618807, 14290061, 27108877, -1180880 }, + }, + { + { -8586597, -7170966, 13241782, 10960156, -32991015, -13794596, 33547976, -11058889, -27148451, 981874 }, + { 22833440, 9293594, -32649448, -13618667, -9136966, 14756819, -22928859, -13970780, -10479804, -16197962 }, + { -7768587, 3326786, -28111797, 10783824, 19178761, 14905060, 22680049, 13906969, -15933690, 3797899 }, + }, + { + { 21721356, -4212746, -12206123, 9310182, -3882239, -13653110, 23740224, -2709232, 20491983, -8042152 }, + { 9209270, -15135055, -13256557, -6167798, -731016, 15289673, 25947805, 15286587, 30997318, -6703063 }, + { 7392032, 16618386, 23946583, -8039892, -13265164, -1533858, -14197445, -2321576, 17649998, -250080 }, + }, + { + { -9301088, -14193827, 30609526, -3049543, -25175069, -1283752, -15241566, -9525724, -2233253, 7662146 }, + { -17558673, 1763594, -33114336, 15908610, -30040870, -12174295, 7335080, -8472199, -3174674, 3440183 }, + { -19889700, -5977008, -24111293, -9688870, 10799743, -16571957, 40450, -4431835, 4862400, 1133 }, + }, + { + { -32856209, -7873957, -5422389, 14860950, -16319031, 7956142, 7258061, 311861, -30594991, -7379421 }, + { -3773428, -1565936, 28985340, 7499440, 24445838, 9325937, 29727763, 16527196, 18278453, 15405622 }, + { -4381906, 8508652, -19898366, -3674424, -5984453, 15149970, -13313598, 843523, -21875062, 13626197 }, + }, + { + { 2281448, -13487055, -10915418, -2609910, 1879358, 16164207, -10783882, 3953792, 13340839, 15928663 }, + { 31727126, -7179855, -18437503, -8283652, 2875793, -16390330, -25269894, -7014826, -23452306, 5964753 }, + { 4100420, -5959452, -17179337, 6017714, -18705837, 12227141, -26684835, 11344144, 2538215, -7570755 }, + }, + { + { -9433605, 6123113, 11159803, -2156608, 30016280, 14966241, -20474983, 1485421, -629256, -15958862 }, + { -26804558, 4260919, 11851389, 9658551, -32017107, 16367492, -20205425, -13191288, 11659922, -11115118 }, + { 26180396, 10015009, -30844224, -8581293, 5418197, 9480663, 2231568, -10170080, 33100372, -1306171 }, + }, + { + { 15121113, -5201871, -10389905, 15427821, -27509937, -15992507, 21670947, 4486675, -5931810, -14466380 }, + { 16166486, -9483733, -11104130, 6023908, -31926798, -1364923, 2340060, -16254968, -10735770, -10039824 }, + { 28042865, -3557089, -12126526, 12259706, -3717498, -6945899, 6766453, -8689599, 18036436, 5803270 }, + }, + }, + { + { + { -817581, 6763912, 11803561, 1585585, 10958447, -2671165, 23855391, 4598332, -6159431, -14117438 }, + { -31031306, -14256194, 17332029, -2383520, 31312682, -5967183, 696309, 50292, -20095739, 11763584 }, + { -594563, -2514283, -32234153, 12643980, 12650761, 14811489, 665117, -12613632, -19773211, -10713562 }, + }, + { + { 30464590, -11262872, -4127476, -12734478, 19835327, -7105613, -24396175, 2075773, -17020157, 992471 }, + { 18357185, -6994433, 7766382, 16342475, -29324918, 411174, 14578841, 8080033, -11574335, -10601610 }, + { 19598397, 10334610, 12555054, 2555664, 18821899, -10339780, 21873263, 16014234, 26224780, 16452269 }, + }, + { + { -30223925, 5145196, 5944548, 16385966, 3976735, 2009897, -11377804, -7618186, -20533829, 3698650 }, + { 14187449, 3448569, -10636236, -10810935, -22663880, -3433596, 7268410, -10890444, 27394301, 12015369 }, + { 19695761, 16087646, 28032085, 12999827, 6817792, 11427614, 20244189, -1312777, -13259127, -3402461 }, + }, + { + { 30860103, 12735208, -1888245, -4699734, -16974906, 2256940, -8166013, 12298312, -8550524, -10393462 }, + { -5719826, -11245325, -1910649, 15569035, 26642876, -7587760, -5789354, -15118654, -4976164, 12651793 }, + { -2848395, 9953421, 11531313, -5282879, 26895123, -12697089, -13118820, -16517902, 9768698, -2533218 }, + }, + { + { -24719459, 1894651, -287698, -4704085, 15348719, -8156530, 32767513, 12765450, 4940095, 10678226 }, + { 18860224, 15980149, -18987240, -1562570, -26233012, -11071856, -7843882, 13944024, -24372348, 16582019 }, + { -15504260, 4970268, -29893044, 4175593, -20993212, -2199756, -11704054, 15444560, -11003761, 7989037 }, + }, + { + { 31490452, 5568061, -2412803, 2182383, -32336847, 4531686, -32078269, 6200206, -19686113, -14800171 }, + { -17308668, -15879940, -31522777, -2831, -32887382, 16375549, 8680158, -16371713, 28550068, -6857132 }, + { -28126887, -5688091, 16837845, -1820458, -6850681, 12700016, -30039981, 4364038, 1155602, 5988841 }, + }, + { + { 21890435, -13272907, -12624011, 12154349, -7831873, 15300496, 23148983, -4470481, 24618407, 8283181 }, + { -33136107, -10512751, 9975416, 6841041, -31559793, 16356536, 3070187, -7025928, 1466169, 10740210 }, + { -1509399, -15488185, -13503385, -10655916, 32799044, 909394, -13938903, -5779719, -32164649, -15327040 }, + }, + { + { 3960823, -14267803, -28026090, -15918051, -19404858, 13146868, 15567327, 951507, -3260321, -573935 }, + { 24740841, 5052253, -30094131, 8961361, 25877428, 6165135, -24368180, 14397372, -7380369, -6144105 }, + { -28888365, 3510803, -28103278, -1158478, -11238128, -10631454, -15441463, -14453128, -1625486, -6494814 }, + }, + }, + { + { + { 793299, -9230478, 8836302, -6235707, -27360908, -2369593, 33152843, -4885251, -9906200, -621852 }, + { 5666233, 525582, 20782575, -8038419, -24538499, 14657740, 16099374, 1468826, -6171428, -15186581 }, + { -4859255, -3779343, -2917758, -6748019, 7778750, 11688288, -30404353, -9871238, -1558923, -9863646 }, + }, + { + { 10896332, -7719704, 824275, 472601, -19460308, 3009587, 25248958, 14783338, -30581476, -15757844 }, + { 10566929, 12612572, -31944212, 11118703, -12633376, 12362879, 21752402, 8822496, 24003793, 14264025 }, + { 27713862, -7355973, -11008240, 9227530, 27050101, 2504721, 23886875, -13117525, 13958495, -5732453 }, + }, + { + { -23481610, 4867226, -27247128, 3900521, 29838369, -8212291, -31889399, -10041781, 7340521, -15410068 }, + { 4646514, -8011124, -22766023, -11532654, 23184553, 8566613, 31366726, -1381061, -15066784, -10375192 }, + { -17270517, 12723032, -16993061, 14878794, 21619651, -6197576, 27584817, 3093888, -8843694, 3849921 }, + }, + { + { -9064912, 2103172, 25561640, -15125738, -5239824, 9582958, 32477045, -9017955, 5002294, -15550259 }, + { -12057553, -11177906, 21115585, -13365155, 8808712, -12030708, 16489530, 13378448, -25845716, 12741426 }, + { -5946367, 10645103, -30911586, 15390284, -3286982, -7118677, 24306472, 15852464, 28834118, -7646072 }, + }, + { + { -17335748, -9107057, -24531279, 9434953, -8472084, -583362, -13090771, 455841, 20461858, 5491305 }, + { 13669248, -16095482, -12481974, -10203039, -14569770, -11893198, -24995986, 11293807, -28588204, -9421832 }, + { 28497928, 6272777, -33022994, 14470570, 8906179, -1225630, 18504674, -14165166, 29867745, -8795943 }, + }, + { + { -16207023, 13517196, -27799630, -13697798, 24009064, -6373891, -6367600, -13175392, 22853429, -4012011 }, + { 24191378, 16712145, -13931797, 15217831, 14542237, 1646131, 18603514, -11037887, 12876623, -2112447 }, + { 17902668, 4518229, -411702, -2829247, 26878217, 5258055, -12860753, 608397, 16031844, 3723494 }, + }, + { + { -28632773, 12763728, -20446446, 7577504, 33001348, -13017745, 17558842, -7872890, 23896954, -4314245 }, + { -20005381, -12011952, 31520464, 605201, 2543521, 5991821, -2945064, 7229064, -9919646, -8826859 }, + { 28816045, 298879, -28165016, -15920938, 19000928, -1665890, -12680833, -2949325, -18051778, -2082915 }, + }, + { + { 16000882, -344896, 3493092, -11447198, -29504595, -13159789, 12577740, 16041268, -19715240, 7847707 }, + { 10151868, 10572098, 27312476, 7922682, 14825339, 4723128, -32855931, -6519018, -10020567, 3852848 }, + { -11430470, 15697596, -21121557, -4420647, 5386314, 15063598, 16514493, -15932110, 29330899, -15076224 }, + }, + }, + { + { + { -25499735, -4378794, -15222908, -6901211, 16615731, 2051784, 3303702, 15490, -27548796, 12314391 }, + { 15683520, -6003043, 18109120, -9980648, 15337968, -5997823, -16717435, 15921866, 16103996, -3731215 }, + { -23169824, -10781249, 13588192, -1628807, -3798557, -1074929, -19273607, 5402699, -29815713, -9841101 }, + }, + { + { 23190676, 2384583, -32714340, 3462154, -29903655, -1529132, -11266856, 8911517, -25205859, 2739713 }, + { 21374101, -3554250, -33524649, 9874411, 15377179, 11831242, -33529904, 6134907, 4931255, 11987849 }, + { -7732, -2978858, -16223486, 7277597, 105524, -322051, -31480539, 13861388, -30076310, 10117930 }, + }, + { + { -29501170, -10744872, -26163768, 13051539, -25625564, 5089643, -6325503, 6704079, 12890019, 15728940 }, + { -21972360, -11771379, -951059, -4418840, 14704840, 2695116, 903376, -10428139, 12885167, 8311031 }, + { -17516482, 5352194, 10384213, -13811658, 7506451, 13453191, 26423267, 4384730, 1888765, -5435404 }, + }, + { + { -25817338, -3107312, -13494599, -3182506, 30896459, -13921729, -32251644, -12707869, -19464434, -3340243 }, + { -23607977, -2665774, -526091, 4651136, 5765089, 4618330, 6092245, 14845197, 17151279, -9854116 }, + { -24830458, -12733720, -15165978, 10367250, -29530908, -265356, 22825805, -7087279, -16866484, 16176525 }, + }, + { + { -23583256, 6564961, 20063689, 3798228, -4740178, 7359225, 2006182, -10363426, -28746253, -10197509 }, + { -10626600, -4486402, -13320562, -5125317, 3432136, -6393229, 23632037, -1940610, 32808310, 1099883 }, + { 15030977, 5768825, -27451236, -2887299, -6427378, -15361371, -15277896, -6809350, 2051441, -15225865 }, + }, + { + { -3362323, -7239372, 7517890, 9824992, 23555850, 295369, 5148398, -14154188, -22686354, 16633660 }, + { 4577086, -16752288, 13249841, -15304328, 19958763, -14537274, 18559670, -10759549, 8402478, -9864273 }, + { -28406330, -1051581, -26790155, -907698, -17212414, -11030789, 9453451, -14980072, 17983010, 9967138 }, + }, + { + { -25762494, 6524722, 26585488, 9969270, 24709298, 1220360, -1677990, 7806337, 17507396, 3651560 }, + { -10420457, -4118111, 14584639, 15971087, -15768321, 8861010, 26556809, -5574557, -18553322, -11357135 }, + { 2839101, 14284142, 4029895, 3472686, 14402957, 12689363, -26642121, 8459447, -5605463, -7621941 }, + }, + { + { -4839289, -3535444, 9744961, 2871048, 25113978, 3187018, -25110813, -849066, 17258084, -7977739 }, + { 18164541, -10595176, -17154882, -1542417, 19237078, -9745295, 23357533, -15217008, 26908270, 12150756 }, + { -30264870, -7647865, 5112249, -7036672, -1499807, -6974257, 43168, -5537701, -32302074, 16215819 }, + }, + }, + { + { + { -6898905, 9824394, -12304779, -4401089, -31397141, -6276835, 32574489, 12532905, -7503072, -8675347 }, + { -27343522, -16515468, -27151524, -10722951, 946346, 16291093, 254968, 7168080, 21676107, -1943028 }, + { 21260961, -8424752, -16831886, -11920822, -23677961, 3968121, -3651949, -6215466, -3556191, -7913075 }, + }, + { + { 16544754, 13250366, -16804428, 15546242, -4583003, 12757258, -2462308, -8680336, -18907032, -9662799 }, + { -2415239, -15577728, 18312303, 4964443, -15272530, -12653564, 26820651, 16690659, 25459437, -4564609 }, + { -25144690, 11425020, 28423002, -11020557, -6144921, -15826224, 9142795, -2391602, -6432418, -1644817 }, + }, + { + { -23104652, 6253476, 16964147, -3768872, -25113972, -12296437, -27457225, -16344658, 6335692, 7249989 }, + { -30333227, 13979675, 7503222, -12368314, -11956721, -4621693, -30272269, 2682242, 25993170, -12478523 }, + { 4364628, 5930691, 32304656, -10044554, -8054781, 15091131, 22857016, -10598955, 31820368, 15075278 }, + }, + { + { 31879134, -8918693, 17258761, 90626, -8041836, -4917709, 24162788, -9650886, -17970238, 12833045 }, + { 19073683, 14851414, -24403169, -11860168, 7625278, 11091125, -19619190, 2074449, -9413939, 14905377 }, + { 24483667, -11935567, -2518866, -11547418, -1553130, 15355506, -25282080, 9253129, 27628530, -7555480 }, + }, + { + { 17597607, 8340603, 19355617, 552187, 26198470, -3176583, 4593324, -9157582, -14110875, 15297016 }, + { 510886, 14337390, -31785257, 16638632, 6328095, 2713355, -20217417, -11864220, 8683221, 2921426 }, + { 18606791, 11874196, 27155355, -5281482, -24031742, 6265446, -25178240, -1278924, 4674690, 13890525 }, + }, + { + { 13609624, 13069022, -27372361, -13055908, 24360586, 9592974, 14977157, 9835105, 4389687, 288396 }, + { 9922506, -519394, 13613107, 5883594, -18758345, -434263, -12304062, 8317628, 23388070, 16052080 }, + { 12720016, 11937594, -31970060, -5028689, 26900120, 8561328, -20155687, -11632979, -14754271, -10812892 }, + }, + { + { 15961858, 14150409, 26716931, -665832, -22794328, 13603569, 11829573, 7467844, -28822128, 929275 }, + { 11038231, -11582396, -27310482, -7316562, -10498527, -16307831, -23479533, -9371869, -21393143, 2465074 }, + { 20017163, -4323226, 27915242, 1529148, 12396362, 15675764, 13817261, -9658066, 2463391, -4622140 }, + }, + { + { -16358878, -12663911, -12065183, 4996454, -1256422, 1073572, 9583558, 12851107, 4003896, 12673717 }, + { -1731589, -15155870, -3262930, 16143082, 19294135, 13385325, 14741514, -9103726, 7903886, 2348101 }, + { 24536016, -16515207, 12715592, -3862155, 1511293, 10047386, -3842346, -7129159, -28377538, 10048127 }, + }, + }, + { + { + { -12622226, -6204820, 30718825, 2591312, -10617028, 12192840, 18873298, -7297090, -32297756, 15221632 }, + { -26478122, -11103864, 11546244, -1852483, 9180880, 7656409, -21343950, 2095755, 29769758, 6593415 }, + { -31994208, -2907461, 4176912, 3264766, 12538965, -868111, 26312345, -6118678, 30958054, 8292160 }, + }, + { + { 31429822, -13959116, 29173532, 15632448, 12174511, -2760094, 32808831, 3977186, 26143136, -3148876 }, + { 22648901, 1402143, -22799984, 13746059, 7936347, 365344, -8668633, -1674433, -3758243, -2304625 }, + { -15491917, 8012313, -2514730, -12702462, -23965846, -10254029, -1612713, -1535569, -16664475, 8194478 }, + }, + { + { 27338066, -7507420, -7414224, 10140405, -19026427, -6589889, 27277191, 8855376, 28572286, 3005164 }, + { 26287124, 4821776, 25476601, -4145903, -3764513, -15788984, -18008582, 1182479, -26094821, -13079595 }, + { -7171154, 3178080, 23970071, 6201893, -17195577, -4489192, -21876275, -13982627, 32208683, -1198248 }, + }, + { + { -16657702, 2817643, -10286362, 14811298, 6024667, 13349505, -27315504, -10497842, -27672585, -11539858 }, + { 15941029, -9405932, -21367050, 8062055, 31876073, -238629, -15278393, -1444429, 15397331, -4130193 }, + { 8934485, -13485467, -23286397, -13423241, -32446090, 14047986, 31170398, -1441021, -27505566, 15087184 }, + }, + { + { -18357243, -2156491, 24524913, -16677868, 15520427, -6360776, -15502406, 11461896, 16788528, -5868942 }, + { -1947386, 16013773, 21750665, 3714552, -17401782, -16055433, -3770287, -10323320, 31322514, -11615635 }, + { 21426655, -5650218, -13648287, -5347537, -28812189, -4920970, -18275391, -14621414, 13040862, -12112948 }, + }, + { + { 11293895, 12478086, -27136401, 15083750, -29307421, 14748872, 14555558, -13417103, 1613711, 4896935 }, + { -25894883, 15323294, -8489791, -8057900, 25967126, -13425460, 2825960, -4897045, -23971776, -11267415 }, + { -15924766, -5229880, -17443532, 6410664, 3622847, 10243618, 20615400, 12405433, -23753030, -8436416 }, + }, + { + { -7091295, 12556208, -20191352, 9025187, -17072479, 4333801, 4378436, 2432030, 23097949, -566018 }, + { 4565804, -16025654, 20084412, -7842817, 1724999, 189254, 24767264, 10103221, -18512313, 2424778 }, + { 366633, -11976806, 8173090, -6890119, 30788634, 5745705, -7168678, 1344109, -3642553, 12412659 }, + }, + { + { -24001791, 7690286, 14929416, -168257, -32210835, -13412986, 24162697, -15326504, -3141501, 11179385 }, + { 18289522, -14724954, 8056945, 16430056, -21729724, 7842514, -6001441, -1486897, -18684645, -11443503 }, + { 476239, 6601091, -6152790, -9723375, 17503545, -4863900, 27672959, 13403813, 11052904, 5219329 }, + }, + }, + { + { + { 20678546, -8375738, -32671898, 8849123, -5009758, 14574752, 31186971, -3973730, 9014762, -8579056 }, + { -13644050, -10350239, -15962508, 5075808, -1514661, -11534600, -33102500, 9160280, 8473550, -3256838 }, + { 24900749, 14435722, 17209120, -15292541, -22592275, 9878983, -7689309, -16335821, -24568481, 11788948 }, + }, + { + { -3118155, -11395194, -13802089, 14797441, 9652448, -6845904, -20037437, 10410733, -24568470, -1458691 }, + { -15659161, 16736706, -22467150, 10215878, -9097177, 7563911, 11871841, -12505194, -18513325, 8464118 }, + { -23400612, 8348507, -14585951, -861714, -3950205, -6373419, 14325289, 8628612, 33313881, -8370517 }, + }, + { + { -20186973, -4967935, 22367356, 5271547, -1097117, -4788838, -24805667, -10236854, -8940735, -5818269 }, + { -6948785, -1795212, -32625683, -16021179, 32635414, -7374245, 15989197, -12838188, 28358192, -4253904 }, + { -23561781, -2799059, -32351682, -1661963, -9147719, 10429267, -16637684, 4072016, -5351664, 5596589 }, + }, + { + { -28236598, -3390048, 12312896, 6213178, 3117142, 16078565, 29266239, 2557221, 1768301, 15373193 }, + { -7243358, -3246960, -4593467, -7553353, -127927, -912245, -1090902, -4504991, -24660491, 3442910 }, + { -30210571, 5124043, 14181784, 8197961, 18964734, -11939093, 22597931, 7176455, -18585478, 13365930 }, + }, + { + { -7877390, -1499958, 8324673, 4690079, 6261860, 890446, 24538107, -8570186, -9689599, -3031667 }, + { 25008904, -10771599, -4305031, -9638010, 16265036, 15721635, 683793, -11823784, 15723479, -15163481 }, + { -9660625, 12374379, -27006999, -7026148, -7724114, -12314514, 11879682, 5400171, 519526, -1235876 }, + }, + { + { 22258397, -16332233, -7869817, 14613016, -22520255, -2950923, -20353881, 7315967, 16648397, 7605640 }, + { -8081308, -8464597, -8223311, 9719710, 19259459, -15348212, 23994942, -5281555, -9468848, 4763278 }, + { -21699244, 9220969, -15730624, 1084137, -25476107, -2852390, 31088447, -7764523, -11356529, 728112 }, + }, + { + { 26047220, -11751471, -6900323, -16521798, 24092068, 9158119, -4273545, -12555558, -29365436, -5498272 }, + { 17510331, -322857, 5854289, 8403524, 17133918, -3112612, -28111007, 12327945, 10750447, 10014012 }, + { -10312768, 3936952, 9156313, -8897683, 16498692, -994647, -27481051, -666732, 3424691, 7540221 }, + }, + { + { 30322361, -6964110, 11361005, -4143317, 7433304, 4989748, -7071422, -16317219, -9244265, 15258046 }, + { 13054562, -2779497, 19155474, 469045, -12482797, 4566042, 5631406, 2711395, 1062915, -5136345 }, + { -19240248, -11254599, -29509029, -7499965, -5835763, 13005411, -6066489, 12194497, 32960380, 1459310 }, + }, + }, + { + { + { 19852034, 7027924, 23669353, 10020366, 8586503, -6657907, 394197, -6101885, 18638003, -11174937 }, + { 31395534, 15098109, 26581030, 8030562, -16527914, -5007134, 9012486, -7584354, -6643087, -5442636 }, + { -9192165, -2347377, -1997099, 4529534, 25766844, 607986, -13222, 9677543, -32294889, -6456008 }, + }, + { + { -2444496, -149937, 29348902, 8186665, 1873760, 12489863, -30934579, -7839692, -7852844, -8138429 }, + { -15236356, -15433509, 7766470, 746860, 26346930, -10221762, -27333451, 10754588, -9431476, 5203576 }, + { 31834314, 14135496, -770007, 5159118, 20917671, -16768096, -7467973, -7337524, 31809243, 7347066 }, + }, + { + { -9606723, -11874240, 20414459, 13033986, 13716524, -11691881, 19797970, -12211255, 15192876, -2087490 }, + { -12663563, -2181719, 1168162, -3804809, 26747877, -14138091, 10609330, 12694420, 33473243, -13382104 }, + { 33184999, 11180355, 15832085, -11385430, -1633671, 225884, 15089336, -11023903, -6135662, 14480053 }, + }, + { + { 31308717, -5619998, 31030840, -1897099, 15674547, -6582883, 5496208, 13685227, 27595050, 8737275 }, + { -20318852, -15150239, 10933843, -16178022, 8335352, -7546022, -31008351, -12610604, 26498114, 66511 }, + { 22644454, -8761729, -16671776, 4884562, -3105614, -13559366, 30540766, -4286747, -13327787, -7515095 }, + }, + { + { -28017847, 9834845, 18617207, -2681312, -3401956, -13307506, 8205540, 13585437, -17127465, 15115439 }, + { 23711543, -672915, 31206561, -8362711, 6164647, -9709987, -33535882, -1426096, 8236921, 16492939 }, + { -23910559, -13515526, -26299483, -4503841, 25005590, -7687270, 19574902, 10071562, 6708380, -6222424 }, + }, + { + { 2101391, -4930054, 19702731, 2367575, -15427167, 1047675, 5301017, 9328700, 29955601, -11678310 }, + { 3096359, 9271816, -21620864, -15521844, -14847996, -7592937, -25892142, -12635595, -9917575, 6216608 }, + { -32615849, 338663, -25195611, 2510422, -29213566, -13820213, 24822830, -6146567, -26767480, 7525079 }, + }, + { + { -23066649, -13985623, 16133487, -7896178, -3389565, 778788, -910336, -2782495, -19386633, 11994101 }, + { 21691500, -13624626, -641331, -14367021, 3285881, -3483596, -25064666, 9718258, -7477437, 13381418 }, + { 18445390, -4202236, 14979846, 11622458, -1727110, -3582980, 23111648, -6375247, 28535282, 15779576 }, + }, + { + { 30098053, 3089662, -9234387, 16662135, -21306940, 11308411, -14068454, 12021730, 9955285, -16303356 }, + { 9734894, -14576830, -7473633, -9138735, 2060392, 11313496, -18426029, 9924399, 20194861, 13380996 }, + { -26378102, -7965207, -22167821, 15789297, -18055342, -6168792, -1984914, 15707771, 26342023, 10146099 }, + }, + }, + { + { + { -26016874, -219943, 21339191, -41388, 19745256, -2878700, -29637280, 2227040, 21612326, -545728 }, + { -13077387, 1184228, 23562814, -5970442, -20351244, -6348714, 25764461, 12243797, -20856566, 11649658 }, + { -10031494, 11262626, 27384172, 2271902, 26947504, -15997771, 39944, 6114064, 33514190, 2333242 }, + }, + { + { -21433588, -12421821, 8119782, 7219913, -21830522, -9016134, -6679750, -12670638, 24350578, -13450001 }, + { -4116307, -11271533, -23886186, 4843615, -30088339, 690623, -31536088, -10406836, 8317860, 12352766 }, + { 18200138, -14475911, -33087759, -2696619, -23702521, -9102511, -23552096, -2287550, 20712163, 6719373 }, + }, + { + { 26656208, 6075253, -7858556, 1886072, -28344043, 4262326, 11117530, -3763210, 26224235, -3297458 }, + { -17168938, -14854097, -3395676, -16369877, -19954045, 14050420, 21728352, 9493610, 18620611, -16428628 }, + { -13323321, 13325349, 11432106, 5964811, 18609221, 6062965, -5269471, -9725556, -30701573, -16479657 }, + }, + { + { -23860538, -11233159, 26961357, 1640861, -32413112, -16737940, 12248509, -5240639, 13735342, 1934062 }, + { 25089769, 6742589, 17081145, -13406266, 21909293, -16067981, -15136294, -3765346, -21277997, 5473616 }, + { 31883677, -7961101, 1083432, -11572403, 22828471, 13290673, -7125085, 12469656, 29111212, -5451014 }, + }, + { + { 24244947, -15050407, -26262976, 2791540, -14997599, 16666678, 24367466, 6388839, -10295587, 452383 }, + { -25640782, -3417841, 5217916, 16224624, 19987036, -4082269, -24236251, -5915248, 15766062, 8407814 }, + { -20406999, 13990231, 15495425, 16395525, 5377168, 15166495, -8917023, -4388953, -8067909, 2276718 }, + }, + { + { 30157918, 12924066, -17712050, 9245753, 19895028, 3368142, -23827587, 5096219, 22740376, -7303417 }, + { 2041139, -14256350, 7783687, 13876377, -25946985, -13352459, 24051124, 13742383, -15637599, 13295222 }, + { 33338237, -8505733, 12532113, 7977527, 9106186, -1715251, -17720195, -4612972, -4451357, -14669444 }, + }, + { + { -20045281, 5454097, -14346548, 6447146, 28862071, 1883651, -2469266, -4141880, 7770569, 9620597 }, + { 23208068, 7979712, 33071466, 8149229, 1758231, -10834995, 30945528, -1694323, -33502340, -14767970 }, + { 1439958, -16270480, -1079989, -793782, 4625402, 10647766, -5043801, 1220118, 30494170, -11440799 }, + }, + { + { -5037580, -13028295, -2970559, -3061767, 15640974, -6701666, -26739026, 926050, -1684339, -13333647 }, + { 13908495, -3549272, 30919928, -6273825, -21521863, 7989039, 9021034, 9078865, 3353509, 4033511 }, + { -29663431, -15113610, 32259991, -344482, 24295849, -12912123, 23161163, 8839127, 27485041, 7356032 }, + }, + }, + { + { + { 9661027, 705443, 11980065, -5370154, -1628543, 14661173, -6346142, 2625015, 28431036, -16771834 }, + { -23839233, -8311415, -25945511, 7480958, -17681669, -8354183, -22545972, 14150565, 15970762, 4099461 }, + { 29262576, 16756590, 26350592, -8793563, 8529671, -11208050, 13617293, -9937143, 11465739, 8317062 }, + }, + { + { -25493081, -6962928, 32500200, -9419051, -23038724, -2302222, 14898637, 3848455, 20969334, -5157516 }, + { -20384450, -14347713, -18336405, 13884722, -33039454, 2842114, -21610826, -3649888, 11177095, 14989547 }, + { -24496721, -11716016, 16959896, 2278463, 12066309, 10137771, 13515641, 2581286, -28487508, 9930240 }, + }, + { + { -17751622, -2097826, 16544300, -13009300, -15914807, -14949081, 18345767, -13403753, 16291481, -5314038 }, + { -33229194, 2553288, 32678213, 9875984, 8534129, 6889387, -9676774, 6957617, 4368891, 9788741 }, + { 16660756, 7281060, -10830758, 12911820, 20108584, -8101676, -21722536, -8613148, 16250552, -11111103 }, + }, + { + { -19765507, 2390526, -16551031, 14161980, 1905286, 6414907, 4689584, 10604807, -30190403, 4782747 }, + { -1354539, 14736941, -7367442, -13292886, 7710542, -14155590, -9981571, 4383045, 22546403, 437323 }, + { 31665577, -12180464, -16186830, 1491339, -18368625, 3294682, 27343084, 2786261, -30633590, -14097016 }, + }, + { + { -14467279, -683715, -33374107, 7448552, 19294360, 14334329, -19690631, 2355319, -19284671, -6114373 }, + { 15121312, -15796162, 6377020, -6031361, -10798111, -12957845, 18952177, 15496498, -29380133, 11754228 }, + { -2637277, -13483075, 8488727, -14303896, 12728761, -1622493, 7141596, 11724556, 22761615, -10134141 }, + }, + { + { 16918416, 11729663, -18083579, 3022987, -31015732, -13339659, -28741185, -12227393, 32851222, 11717399 }, + { 11166634, 7338049, -6722523, 4531520, -29468672, -7302055, 31474879, 3483633, -1193175, -4030831 }, + { -185635, 9921305, 31456609, -13536438, -12013818, 13348923, 33142652, 6546660, -19985279, -3948376 }, + }, + { + { -32460596, 11266712, -11197107, -7899103, 31703694, 3855903, -8537131, -12833048, -30772034, -15486313 }, + { -18006477, 12709068, 3991746, -6479188, -21491523, -10550425, -31135347, -16049879, 10928917, 3011958 }, + { -6957757, -15594337, 31696059, 334240, 29576716, 14796075, -30831056, -12805180, 18008031, 10258577 }, + }, + { + { -22448644, 15655569, 7018479, -4410003, -30314266, -1201591, -1853465, 1367120, 25127874, 6671743 }, + { 29701166, -14373934, -10878120, 9279288, -17568, 13127210, 21382910, 11042292, 25838796, 4642684 }, + { -20430234, 14955537, -24126347, 8124619, -5369288, -5990470, 30468147, -13900640, 18423289, 4177476 }, + }, + }, +}; diff --git a/contrib/hbcrypto/3rd/ed25519/sc.c b/contrib/hbcrypto/3rd/ed25519/sc.c new file mode 100644 index 0000000000..ca5bad2ca0 --- /dev/null +++ b/contrib/hbcrypto/3rd/ed25519/sc.c @@ -0,0 +1,809 @@ +#include "fixedint.h" +#include "sc.h" + +static uint64_t load_3(const unsigned char *in) { + uint64_t result; + + result = (uint64_t) in[0]; + result |= ((uint64_t) in[1]) << 8; + result |= ((uint64_t) in[2]) << 16; + + return result; +} + +static uint64_t load_4(const unsigned char *in) { + uint64_t result; + + result = (uint64_t) in[0]; + result |= ((uint64_t) in[1]) << 8; + result |= ((uint64_t) in[2]) << 16; + result |= ((uint64_t) in[3]) << 24; + + return result; +} + +/* +Input: + s[0]+256*s[1]+...+256^63*s[63] = s + +Output: + s[0]+256*s[1]+...+256^31*s[31] = s mod l + where l = 2^252 + 27742317777372353535851937790883648493. + Overwrites s in place. +*/ + +void sc_reduce(unsigned char *s) { + int64_t s0 = 2097151 & load_3(s); + int64_t s1 = 2097151 & (load_4(s + 2) >> 5); + int64_t s2 = 2097151 & (load_3(s + 5) >> 2); + int64_t s3 = 2097151 & (load_4(s + 7) >> 7); + int64_t s4 = 2097151 & (load_4(s + 10) >> 4); + int64_t s5 = 2097151 & (load_3(s + 13) >> 1); + int64_t s6 = 2097151 & (load_4(s + 15) >> 6); + int64_t s7 = 2097151 & (load_3(s + 18) >> 3); + int64_t s8 = 2097151 & load_3(s + 21); + int64_t s9 = 2097151 & (load_4(s + 23) >> 5); + int64_t s10 = 2097151 & (load_3(s + 26) >> 2); + int64_t s11 = 2097151 & (load_4(s + 28) >> 7); + int64_t s12 = 2097151 & (load_4(s + 31) >> 4); + int64_t s13 = 2097151 & (load_3(s + 34) >> 1); + int64_t s14 = 2097151 & (load_4(s + 36) >> 6); + int64_t s15 = 2097151 & (load_3(s + 39) >> 3); + int64_t s16 = 2097151 & load_3(s + 42); + int64_t s17 = 2097151 & (load_4(s + 44) >> 5); + int64_t s18 = 2097151 & (load_3(s + 47) >> 2); + int64_t s19 = 2097151 & (load_4(s + 49) >> 7); + int64_t s20 = 2097151 & (load_4(s + 52) >> 4); + int64_t s21 = 2097151 & (load_3(s + 55) >> 1); + int64_t s22 = 2097151 & (load_4(s + 57) >> 6); + int64_t s23 = (load_4(s + 60) >> 3); + int64_t carry0; + int64_t carry1; + int64_t carry2; + int64_t carry3; + int64_t carry4; + int64_t carry5; + int64_t carry6; + int64_t carry7; + int64_t carry8; + int64_t carry9; + int64_t carry10; + int64_t carry11; + int64_t carry12; + int64_t carry13; + int64_t carry14; + int64_t carry15; + int64_t carry16; + + s11 += s23 * 666643; + s12 += s23 * 470296; + s13 += s23 * 654183; + s14 -= s23 * 997805; + s15 += s23 * 136657; + s16 -= s23 * 683901; + s23 = 0; + s10 += s22 * 666643; + s11 += s22 * 470296; + s12 += s22 * 654183; + s13 -= s22 * 997805; + s14 += s22 * 136657; + s15 -= s22 * 683901; + s22 = 0; + s9 += s21 * 666643; + s10 += s21 * 470296; + s11 += s21 * 654183; + s12 -= s21 * 997805; + s13 += s21 * 136657; + s14 -= s21 * 683901; + s21 = 0; + s8 += s20 * 666643; + s9 += s20 * 470296; + s10 += s20 * 654183; + s11 -= s20 * 997805; + s12 += s20 * 136657; + s13 -= s20 * 683901; + s20 = 0; + s7 += s19 * 666643; + s8 += s19 * 470296; + s9 += s19 * 654183; + s10 -= s19 * 997805; + s11 += s19 * 136657; + s12 -= s19 * 683901; + s19 = 0; + s6 += s18 * 666643; + s7 += s18 * 470296; + s8 += s18 * 654183; + s9 -= s18 * 997805; + s10 += s18 * 136657; + s11 -= s18 * 683901; + s18 = 0; + carry6 = (s6 + (1 << 20)) >> 21; + s7 += carry6; + s6 -= carry6 << 21; + carry8 = (s8 + (1 << 20)) >> 21; + s9 += carry8; + s8 -= carry8 << 21; + carry10 = (s10 + (1 << 20)) >> 21; + s11 += carry10; + s10 -= carry10 << 21; + carry12 = (s12 + (1 << 20)) >> 21; + s13 += carry12; + s12 -= carry12 << 21; + carry14 = (s14 + (1 << 20)) >> 21; + s15 += carry14; + s14 -= carry14 << 21; + carry16 = (s16 + (1 << 20)) >> 21; + s17 += carry16; + s16 -= carry16 << 21; + carry7 = (s7 + (1 << 20)) >> 21; + s8 += carry7; + s7 -= carry7 << 21; + carry9 = (s9 + (1 << 20)) >> 21; + s10 += carry9; + s9 -= carry9 << 21; + carry11 = (s11 + (1 << 20)) >> 21; + s12 += carry11; + s11 -= carry11 << 21; + carry13 = (s13 + (1 << 20)) >> 21; + s14 += carry13; + s13 -= carry13 << 21; + carry15 = (s15 + (1 << 20)) >> 21; + s16 += carry15; + s15 -= carry15 << 21; + s5 += s17 * 666643; + s6 += s17 * 470296; + s7 += s17 * 654183; + s8 -= s17 * 997805; + s9 += s17 * 136657; + s10 -= s17 * 683901; + s17 = 0; + s4 += s16 * 666643; + s5 += s16 * 470296; + s6 += s16 * 654183; + s7 -= s16 * 997805; + s8 += s16 * 136657; + s9 -= s16 * 683901; + s16 = 0; + s3 += s15 * 666643; + s4 += s15 * 470296; + s5 += s15 * 654183; + s6 -= s15 * 997805; + s7 += s15 * 136657; + s8 -= s15 * 683901; + s15 = 0; + s2 += s14 * 666643; + s3 += s14 * 470296; + s4 += s14 * 654183; + s5 -= s14 * 997805; + s6 += s14 * 136657; + s7 -= s14 * 683901; + s14 = 0; + s1 += s13 * 666643; + s2 += s13 * 470296; + s3 += s13 * 654183; + s4 -= s13 * 997805; + s5 += s13 * 136657; + s6 -= s13 * 683901; + s13 = 0; + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; + carry0 = (s0 + (1 << 20)) >> 21; + s1 += carry0; + s0 -= carry0 << 21; + carry2 = (s2 + (1 << 20)) >> 21; + s3 += carry2; + s2 -= carry2 << 21; + carry4 = (s4 + (1 << 20)) >> 21; + s5 += carry4; + s4 -= carry4 << 21; + carry6 = (s6 + (1 << 20)) >> 21; + s7 += carry6; + s6 -= carry6 << 21; + carry8 = (s8 + (1 << 20)) >> 21; + s9 += carry8; + s8 -= carry8 << 21; + carry10 = (s10 + (1 << 20)) >> 21; + s11 += carry10; + s10 -= carry10 << 21; + carry1 = (s1 + (1 << 20)) >> 21; + s2 += carry1; + s1 -= carry1 << 21; + carry3 = (s3 + (1 << 20)) >> 21; + s4 += carry3; + s3 -= carry3 << 21; + carry5 = (s5 + (1 << 20)) >> 21; + s6 += carry5; + s5 -= carry5 << 21; + carry7 = (s7 + (1 << 20)) >> 21; + s8 += carry7; + s7 -= carry7 << 21; + carry9 = (s9 + (1 << 20)) >> 21; + s10 += carry9; + s9 -= carry9 << 21; + carry11 = (s11 + (1 << 20)) >> 21; + s12 += carry11; + s11 -= carry11 << 21; + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; + carry0 = s0 >> 21; + s1 += carry0; + s0 -= carry0 << 21; + carry1 = s1 >> 21; + s2 += carry1; + s1 -= carry1 << 21; + carry2 = s2 >> 21; + s3 += carry2; + s2 -= carry2 << 21; + carry3 = s3 >> 21; + s4 += carry3; + s3 -= carry3 << 21; + carry4 = s4 >> 21; + s5 += carry4; + s4 -= carry4 << 21; + carry5 = s5 >> 21; + s6 += carry5; + s5 -= carry5 << 21; + carry6 = s6 >> 21; + s7 += carry6; + s6 -= carry6 << 21; + carry7 = s7 >> 21; + s8 += carry7; + s7 -= carry7 << 21; + carry8 = s8 >> 21; + s9 += carry8; + s8 -= carry8 << 21; + carry9 = s9 >> 21; + s10 += carry9; + s9 -= carry9 << 21; + carry10 = s10 >> 21; + s11 += carry10; + s10 -= carry10 << 21; + carry11 = s11 >> 21; + s12 += carry11; + s11 -= carry11 << 21; + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; + carry0 = s0 >> 21; + s1 += carry0; + s0 -= carry0 << 21; + carry1 = s1 >> 21; + s2 += carry1; + s1 -= carry1 << 21; + carry2 = s2 >> 21; + s3 += carry2; + s2 -= carry2 << 21; + carry3 = s3 >> 21; + s4 += carry3; + s3 -= carry3 << 21; + carry4 = s4 >> 21; + s5 += carry4; + s4 -= carry4 << 21; + carry5 = s5 >> 21; + s6 += carry5; + s5 -= carry5 << 21; + carry6 = s6 >> 21; + s7 += carry6; + s6 -= carry6 << 21; + carry7 = s7 >> 21; + s8 += carry7; + s7 -= carry7 << 21; + carry8 = s8 >> 21; + s9 += carry8; + s8 -= carry8 << 21; + carry9 = s9 >> 21; + s10 += carry9; + s9 -= carry9 << 21; + carry10 = s10 >> 21; + s11 += carry10; + s10 -= carry10 << 21; + + s[0] = (unsigned char) (s0 >> 0); + s[1] = (unsigned char) (s0 >> 8); + s[2] = (unsigned char) ((s0 >> 16) | (s1 << 5)); + s[3] = (unsigned char) (s1 >> 3); + s[4] = (unsigned char) (s1 >> 11); + s[5] = (unsigned char) ((s1 >> 19) | (s2 << 2)); + s[6] = (unsigned char) (s2 >> 6); + s[7] = (unsigned char) ((s2 >> 14) | (s3 << 7)); + s[8] = (unsigned char) (s3 >> 1); + s[9] = (unsigned char) (s3 >> 9); + s[10] = (unsigned char) ((s3 >> 17) | (s4 << 4)); + s[11] = (unsigned char) (s4 >> 4); + s[12] = (unsigned char) (s4 >> 12); + s[13] = (unsigned char) ((s4 >> 20) | (s5 << 1)); + s[14] = (unsigned char) (s5 >> 7); + s[15] = (unsigned char) ((s5 >> 15) | (s6 << 6)); + s[16] = (unsigned char) (s6 >> 2); + s[17] = (unsigned char) (s6 >> 10); + s[18] = (unsigned char) ((s6 >> 18) | (s7 << 3)); + s[19] = (unsigned char) (s7 >> 5); + s[20] = (unsigned char) (s7 >> 13); + s[21] = (unsigned char) (s8 >> 0); + s[22] = (unsigned char) (s8 >> 8); + s[23] = (unsigned char) ((s8 >> 16) | (s9 << 5)); + s[24] = (unsigned char) (s9 >> 3); + s[25] = (unsigned char) (s9 >> 11); + s[26] = (unsigned char) ((s9 >> 19) | (s10 << 2)); + s[27] = (unsigned char) (s10 >> 6); + s[28] = (unsigned char) ((s10 >> 14) | (s11 << 7)); + s[29] = (unsigned char) (s11 >> 1); + s[30] = (unsigned char) (s11 >> 9); + s[31] = (unsigned char) (s11 >> 17); +} + + + +/* +Input: + a[0]+256*a[1]+...+256^31*a[31] = a + b[0]+256*b[1]+...+256^31*b[31] = b + c[0]+256*c[1]+...+256^31*c[31] = c + +Output: + s[0]+256*s[1]+...+256^31*s[31] = (ab+c) mod l + where l = 2^252 + 27742317777372353535851937790883648493. +*/ + +void sc_muladd(unsigned char *s, const unsigned char *a, const unsigned char *b, const unsigned char *c) { + int64_t a0 = 2097151 & load_3(a); + int64_t a1 = 2097151 & (load_4(a + 2) >> 5); + int64_t a2 = 2097151 & (load_3(a + 5) >> 2); + int64_t a3 = 2097151 & (load_4(a + 7) >> 7); + int64_t a4 = 2097151 & (load_4(a + 10) >> 4); + int64_t a5 = 2097151 & (load_3(a + 13) >> 1); + int64_t a6 = 2097151 & (load_4(a + 15) >> 6); + int64_t a7 = 2097151 & (load_3(a + 18) >> 3); + int64_t a8 = 2097151 & load_3(a + 21); + int64_t a9 = 2097151 & (load_4(a + 23) >> 5); + int64_t a10 = 2097151 & (load_3(a + 26) >> 2); + int64_t a11 = (load_4(a + 28) >> 7); + int64_t b0 = 2097151 & load_3(b); + int64_t b1 = 2097151 & (load_4(b + 2) >> 5); + int64_t b2 = 2097151 & (load_3(b + 5) >> 2); + int64_t b3 = 2097151 & (load_4(b + 7) >> 7); + int64_t b4 = 2097151 & (load_4(b + 10) >> 4); + int64_t b5 = 2097151 & (load_3(b + 13) >> 1); + int64_t b6 = 2097151 & (load_4(b + 15) >> 6); + int64_t b7 = 2097151 & (load_3(b + 18) >> 3); + int64_t b8 = 2097151 & load_3(b + 21); + int64_t b9 = 2097151 & (load_4(b + 23) >> 5); + int64_t b10 = 2097151 & (load_3(b + 26) >> 2); + int64_t b11 = (load_4(b + 28) >> 7); + int64_t c0 = 2097151 & load_3(c); + int64_t c1 = 2097151 & (load_4(c + 2) >> 5); + int64_t c2 = 2097151 & (load_3(c + 5) >> 2); + int64_t c3 = 2097151 & (load_4(c + 7) >> 7); + int64_t c4 = 2097151 & (load_4(c + 10) >> 4); + int64_t c5 = 2097151 & (load_3(c + 13) >> 1); + int64_t c6 = 2097151 & (load_4(c + 15) >> 6); + int64_t c7 = 2097151 & (load_3(c + 18) >> 3); + int64_t c8 = 2097151 & load_3(c + 21); + int64_t c9 = 2097151 & (load_4(c + 23) >> 5); + int64_t c10 = 2097151 & (load_3(c + 26) >> 2); + int64_t c11 = (load_4(c + 28) >> 7); + int64_t s0; + int64_t s1; + int64_t s2; + int64_t s3; + int64_t s4; + int64_t s5; + int64_t s6; + int64_t s7; + int64_t s8; + int64_t s9; + int64_t s10; + int64_t s11; + int64_t s12; + int64_t s13; + int64_t s14; + int64_t s15; + int64_t s16; + int64_t s17; + int64_t s18; + int64_t s19; + int64_t s20; + int64_t s21; + int64_t s22; + int64_t s23; + int64_t carry0; + int64_t carry1; + int64_t carry2; + int64_t carry3; + int64_t carry4; + int64_t carry5; + int64_t carry6; + int64_t carry7; + int64_t carry8; + int64_t carry9; + int64_t carry10; + int64_t carry11; + int64_t carry12; + int64_t carry13; + int64_t carry14; + int64_t carry15; + int64_t carry16; + int64_t carry17; + int64_t carry18; + int64_t carry19; + int64_t carry20; + int64_t carry21; + int64_t carry22; + + s0 = c0 + a0 * b0; + s1 = c1 + a0 * b1 + a1 * b0; + s2 = c2 + a0 * b2 + a1 * b1 + a2 * b0; + s3 = c3 + a0 * b3 + a1 * b2 + a2 * b1 + a3 * b0; + s4 = c4 + a0 * b4 + a1 * b3 + a2 * b2 + a3 * b1 + a4 * b0; + s5 = c5 + a0 * b5 + a1 * b4 + a2 * b3 + a3 * b2 + a4 * b1 + a5 * b0; + s6 = c6 + a0 * b6 + a1 * b5 + a2 * b4 + a3 * b3 + a4 * b2 + a5 * b1 + a6 * b0; + s7 = c7 + a0 * b7 + a1 * b6 + a2 * b5 + a3 * b4 + a4 * b3 + a5 * b2 + a6 * b1 + a7 * b0; + s8 = c8 + a0 * b8 + a1 * b7 + a2 * b6 + a3 * b5 + a4 * b4 + a5 * b3 + a6 * b2 + a7 * b1 + a8 * b0; + s9 = c9 + a0 * b9 + a1 * b8 + a2 * b7 + a3 * b6 + a4 * b5 + a5 * b4 + a6 * b3 + a7 * b2 + a8 * b1 + a9 * b0; + s10 = c10 + a0 * b10 + a1 * b9 + a2 * b8 + a3 * b7 + a4 * b6 + a5 * b5 + a6 * b4 + a7 * b3 + a8 * b2 + a9 * b1 + a10 * b0; + s11 = c11 + a0 * b11 + a1 * b10 + a2 * b9 + a3 * b8 + a4 * b7 + a5 * b6 + a6 * b5 + a7 * b4 + a8 * b3 + a9 * b2 + a10 * b1 + a11 * b0; + s12 = a1 * b11 + a2 * b10 + a3 * b9 + a4 * b8 + a5 * b7 + a6 * b6 + a7 * b5 + a8 * b4 + a9 * b3 + a10 * b2 + a11 * b1; + s13 = a2 * b11 + a3 * b10 + a4 * b9 + a5 * b8 + a6 * b7 + a7 * b6 + a8 * b5 + a9 * b4 + a10 * b3 + a11 * b2; + s14 = a3 * b11 + a4 * b10 + a5 * b9 + a6 * b8 + a7 * b7 + a8 * b6 + a9 * b5 + a10 * b4 + a11 * b3; + s15 = a4 * b11 + a5 * b10 + a6 * b9 + a7 * b8 + a8 * b7 + a9 * b6 + a10 * b5 + a11 * b4; + s16 = a5 * b11 + a6 * b10 + a7 * b9 + a8 * b8 + a9 * b7 + a10 * b6 + a11 * b5; + s17 = a6 * b11 + a7 * b10 + a8 * b9 + a9 * b8 + a10 * b7 + a11 * b6; + s18 = a7 * b11 + a8 * b10 + a9 * b9 + a10 * b8 + a11 * b7; + s19 = a8 * b11 + a9 * b10 + a10 * b9 + a11 * b8; + s20 = a9 * b11 + a10 * b10 + a11 * b9; + s21 = a10 * b11 + a11 * b10; + s22 = a11 * b11; + s23 = 0; + carry0 = (s0 + (1 << 20)) >> 21; + s1 += carry0; + s0 -= carry0 << 21; + carry2 = (s2 + (1 << 20)) >> 21; + s3 += carry2; + s2 -= carry2 << 21; + carry4 = (s4 + (1 << 20)) >> 21; + s5 += carry4; + s4 -= carry4 << 21; + carry6 = (s6 + (1 << 20)) >> 21; + s7 += carry6; + s6 -= carry6 << 21; + carry8 = (s8 + (1 << 20)) >> 21; + s9 += carry8; + s8 -= carry8 << 21; + carry10 = (s10 + (1 << 20)) >> 21; + s11 += carry10; + s10 -= carry10 << 21; + carry12 = (s12 + (1 << 20)) >> 21; + s13 += carry12; + s12 -= carry12 << 21; + carry14 = (s14 + (1 << 20)) >> 21; + s15 += carry14; + s14 -= carry14 << 21; + carry16 = (s16 + (1 << 20)) >> 21; + s17 += carry16; + s16 -= carry16 << 21; + carry18 = (s18 + (1 << 20)) >> 21; + s19 += carry18; + s18 -= carry18 << 21; + carry20 = (s20 + (1 << 20)) >> 21; + s21 += carry20; + s20 -= carry20 << 21; + carry22 = (s22 + (1 << 20)) >> 21; + s23 += carry22; + s22 -= carry22 << 21; + carry1 = (s1 + (1 << 20)) >> 21; + s2 += carry1; + s1 -= carry1 << 21; + carry3 = (s3 + (1 << 20)) >> 21; + s4 += carry3; + s3 -= carry3 << 21; + carry5 = (s5 + (1 << 20)) >> 21; + s6 += carry5; + s5 -= carry5 << 21; + carry7 = (s7 + (1 << 20)) >> 21; + s8 += carry7; + s7 -= carry7 << 21; + carry9 = (s9 + (1 << 20)) >> 21; + s10 += carry9; + s9 -= carry9 << 21; + carry11 = (s11 + (1 << 20)) >> 21; + s12 += carry11; + s11 -= carry11 << 21; + carry13 = (s13 + (1 << 20)) >> 21; + s14 += carry13; + s13 -= carry13 << 21; + carry15 = (s15 + (1 << 20)) >> 21; + s16 += carry15; + s15 -= carry15 << 21; + carry17 = (s17 + (1 << 20)) >> 21; + s18 += carry17; + s17 -= carry17 << 21; + carry19 = (s19 + (1 << 20)) >> 21; + s20 += carry19; + s19 -= carry19 << 21; + carry21 = (s21 + (1 << 20)) >> 21; + s22 += carry21; + s21 -= carry21 << 21; + s11 += s23 * 666643; + s12 += s23 * 470296; + s13 += s23 * 654183; + s14 -= s23 * 997805; + s15 += s23 * 136657; + s16 -= s23 * 683901; + s23 = 0; + s10 += s22 * 666643; + s11 += s22 * 470296; + s12 += s22 * 654183; + s13 -= s22 * 997805; + s14 += s22 * 136657; + s15 -= s22 * 683901; + s22 = 0; + s9 += s21 * 666643; + s10 += s21 * 470296; + s11 += s21 * 654183; + s12 -= s21 * 997805; + s13 += s21 * 136657; + s14 -= s21 * 683901; + s21 = 0; + s8 += s20 * 666643; + s9 += s20 * 470296; + s10 += s20 * 654183; + s11 -= s20 * 997805; + s12 += s20 * 136657; + s13 -= s20 * 683901; + s20 = 0; + s7 += s19 * 666643; + s8 += s19 * 470296; + s9 += s19 * 654183; + s10 -= s19 * 997805; + s11 += s19 * 136657; + s12 -= s19 * 683901; + s19 = 0; + s6 += s18 * 666643; + s7 += s18 * 470296; + s8 += s18 * 654183; + s9 -= s18 * 997805; + s10 += s18 * 136657; + s11 -= s18 * 683901; + s18 = 0; + carry6 = (s6 + (1 << 20)) >> 21; + s7 += carry6; + s6 -= carry6 << 21; + carry8 = (s8 + (1 << 20)) >> 21; + s9 += carry8; + s8 -= carry8 << 21; + carry10 = (s10 + (1 << 20)) >> 21; + s11 += carry10; + s10 -= carry10 << 21; + carry12 = (s12 + (1 << 20)) >> 21; + s13 += carry12; + s12 -= carry12 << 21; + carry14 = (s14 + (1 << 20)) >> 21; + s15 += carry14; + s14 -= carry14 << 21; + carry16 = (s16 + (1 << 20)) >> 21; + s17 += carry16; + s16 -= carry16 << 21; + carry7 = (s7 + (1 << 20)) >> 21; + s8 += carry7; + s7 -= carry7 << 21; + carry9 = (s9 + (1 << 20)) >> 21; + s10 += carry9; + s9 -= carry9 << 21; + carry11 = (s11 + (1 << 20)) >> 21; + s12 += carry11; + s11 -= carry11 << 21; + carry13 = (s13 + (1 << 20)) >> 21; + s14 += carry13; + s13 -= carry13 << 21; + carry15 = (s15 + (1 << 20)) >> 21; + s16 += carry15; + s15 -= carry15 << 21; + s5 += s17 * 666643; + s6 += s17 * 470296; + s7 += s17 * 654183; + s8 -= s17 * 997805; + s9 += s17 * 136657; + s10 -= s17 * 683901; + s17 = 0; + s4 += s16 * 666643; + s5 += s16 * 470296; + s6 += s16 * 654183; + s7 -= s16 * 997805; + s8 += s16 * 136657; + s9 -= s16 * 683901; + s16 = 0; + s3 += s15 * 666643; + s4 += s15 * 470296; + s5 += s15 * 654183; + s6 -= s15 * 997805; + s7 += s15 * 136657; + s8 -= s15 * 683901; + s15 = 0; + s2 += s14 * 666643; + s3 += s14 * 470296; + s4 += s14 * 654183; + s5 -= s14 * 997805; + s6 += s14 * 136657; + s7 -= s14 * 683901; + s14 = 0; + s1 += s13 * 666643; + s2 += s13 * 470296; + s3 += s13 * 654183; + s4 -= s13 * 997805; + s5 += s13 * 136657; + s6 -= s13 * 683901; + s13 = 0; + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; + carry0 = (s0 + (1 << 20)) >> 21; + s1 += carry0; + s0 -= carry0 << 21; + carry2 = (s2 + (1 << 20)) >> 21; + s3 += carry2; + s2 -= carry2 << 21; + carry4 = (s4 + (1 << 20)) >> 21; + s5 += carry4; + s4 -= carry4 << 21; + carry6 = (s6 + (1 << 20)) >> 21; + s7 += carry6; + s6 -= carry6 << 21; + carry8 = (s8 + (1 << 20)) >> 21; + s9 += carry8; + s8 -= carry8 << 21; + carry10 = (s10 + (1 << 20)) >> 21; + s11 += carry10; + s10 -= carry10 << 21; + carry1 = (s1 + (1 << 20)) >> 21; + s2 += carry1; + s1 -= carry1 << 21; + carry3 = (s3 + (1 << 20)) >> 21; + s4 += carry3; + s3 -= carry3 << 21; + carry5 = (s5 + (1 << 20)) >> 21; + s6 += carry5; + s5 -= carry5 << 21; + carry7 = (s7 + (1 << 20)) >> 21; + s8 += carry7; + s7 -= carry7 << 21; + carry9 = (s9 + (1 << 20)) >> 21; + s10 += carry9; + s9 -= carry9 << 21; + carry11 = (s11 + (1 << 20)) >> 21; + s12 += carry11; + s11 -= carry11 << 21; + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; + carry0 = s0 >> 21; + s1 += carry0; + s0 -= carry0 << 21; + carry1 = s1 >> 21; + s2 += carry1; + s1 -= carry1 << 21; + carry2 = s2 >> 21; + s3 += carry2; + s2 -= carry2 << 21; + carry3 = s3 >> 21; + s4 += carry3; + s3 -= carry3 << 21; + carry4 = s4 >> 21; + s5 += carry4; + s4 -= carry4 << 21; + carry5 = s5 >> 21; + s6 += carry5; + s5 -= carry5 << 21; + carry6 = s6 >> 21; + s7 += carry6; + s6 -= carry6 << 21; + carry7 = s7 >> 21; + s8 += carry7; + s7 -= carry7 << 21; + carry8 = s8 >> 21; + s9 += carry8; + s8 -= carry8 << 21; + carry9 = s9 >> 21; + s10 += carry9; + s9 -= carry9 << 21; + carry10 = s10 >> 21; + s11 += carry10; + s10 -= carry10 << 21; + carry11 = s11 >> 21; + s12 += carry11; + s11 -= carry11 << 21; + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; + carry0 = s0 >> 21; + s1 += carry0; + s0 -= carry0 << 21; + carry1 = s1 >> 21; + s2 += carry1; + s1 -= carry1 << 21; + carry2 = s2 >> 21; + s3 += carry2; + s2 -= carry2 << 21; + carry3 = s3 >> 21; + s4 += carry3; + s3 -= carry3 << 21; + carry4 = s4 >> 21; + s5 += carry4; + s4 -= carry4 << 21; + carry5 = s5 >> 21; + s6 += carry5; + s5 -= carry5 << 21; + carry6 = s6 >> 21; + s7 += carry6; + s6 -= carry6 << 21; + carry7 = s7 >> 21; + s8 += carry7; + s7 -= carry7 << 21; + carry8 = s8 >> 21; + s9 += carry8; + s8 -= carry8 << 21; + carry9 = s9 >> 21; + s10 += carry9; + s9 -= carry9 << 21; + carry10 = s10 >> 21; + s11 += carry10; + s10 -= carry10 << 21; + + s[0] = (unsigned char) (s0 >> 0); + s[1] = (unsigned char) (s0 >> 8); + s[2] = (unsigned char) ((s0 >> 16) | (s1 << 5)); + s[3] = (unsigned char) (s1 >> 3); + s[4] = (unsigned char) (s1 >> 11); + s[5] = (unsigned char) ((s1 >> 19) | (s2 << 2)); + s[6] = (unsigned char) (s2 >> 6); + s[7] = (unsigned char) ((s2 >> 14) | (s3 << 7)); + s[8] = (unsigned char) (s3 >> 1); + s[9] = (unsigned char) (s3 >> 9); + s[10] = (unsigned char) ((s3 >> 17) | (s4 << 4)); + s[11] = (unsigned char) (s4 >> 4); + s[12] = (unsigned char) (s4 >> 12); + s[13] = (unsigned char) ((s4 >> 20) | (s5 << 1)); + s[14] = (unsigned char) (s5 >> 7); + s[15] = (unsigned char) ((s5 >> 15) | (s6 << 6)); + s[16] = (unsigned char) (s6 >> 2); + s[17] = (unsigned char) (s6 >> 10); + s[18] = (unsigned char) ((s6 >> 18) | (s7 << 3)); + s[19] = (unsigned char) (s7 >> 5); + s[20] = (unsigned char) (s7 >> 13); + s[21] = (unsigned char) (s8 >> 0); + s[22] = (unsigned char) (s8 >> 8); + s[23] = (unsigned char) ((s8 >> 16) | (s9 << 5)); + s[24] = (unsigned char) (s9 >> 3); + s[25] = (unsigned char) (s9 >> 11); + s[26] = (unsigned char) ((s9 >> 19) | (s10 << 2)); + s[27] = (unsigned char) (s10 >> 6); + s[28] = (unsigned char) ((s10 >> 14) | (s11 << 7)); + s[29] = (unsigned char) (s11 >> 1); + s[30] = (unsigned char) (s11 >> 9); + s[31] = (unsigned char) (s11 >> 17); +} diff --git a/contrib/hbcrypto/3rd/ed25519/sc.h b/contrib/hbcrypto/3rd/ed25519/sc.h new file mode 100644 index 0000000000..e29e7fa5af --- /dev/null +++ b/contrib/hbcrypto/3rd/ed25519/sc.h @@ -0,0 +1,12 @@ +#ifndef SC_H +#define SC_H + +/* +The set of scalars is \Z/l +where l = 2^252 + 27742317777372353535851937790883648493. +*/ + +void sc_reduce(unsigned char *s); +void sc_muladd(unsigned char *s, const unsigned char *a, const unsigned char *b, const unsigned char *c); + +#endif diff --git a/contrib/hbcrypto/3rd/ed25519/sha512.c b/contrib/hbcrypto/3rd/ed25519/sha512.c new file mode 100644 index 0000000000..cb8ae71753 --- /dev/null +++ b/contrib/hbcrypto/3rd/ed25519/sha512.c @@ -0,0 +1,275 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtom.org + */ + +#include "fixedint.h" +#include "sha512.h" + +/* the K array */ +static const uint64_t K[80] = { + UINT64_C(0x428a2f98d728ae22), UINT64_C(0x7137449123ef65cd), + UINT64_C(0xb5c0fbcfec4d3b2f), UINT64_C(0xe9b5dba58189dbbc), + UINT64_C(0x3956c25bf348b538), UINT64_C(0x59f111f1b605d019), + UINT64_C(0x923f82a4af194f9b), UINT64_C(0xab1c5ed5da6d8118), + UINT64_C(0xd807aa98a3030242), UINT64_C(0x12835b0145706fbe), + UINT64_C(0x243185be4ee4b28c), UINT64_C(0x550c7dc3d5ffb4e2), + UINT64_C(0x72be5d74f27b896f), UINT64_C(0x80deb1fe3b1696b1), + UINT64_C(0x9bdc06a725c71235), UINT64_C(0xc19bf174cf692694), + UINT64_C(0xe49b69c19ef14ad2), UINT64_C(0xefbe4786384f25e3), + UINT64_C(0x0fc19dc68b8cd5b5), UINT64_C(0x240ca1cc77ac9c65), + UINT64_C(0x2de92c6f592b0275), UINT64_C(0x4a7484aa6ea6e483), + UINT64_C(0x5cb0a9dcbd41fbd4), UINT64_C(0x76f988da831153b5), + UINT64_C(0x983e5152ee66dfab), UINT64_C(0xa831c66d2db43210), + UINT64_C(0xb00327c898fb213f), UINT64_C(0xbf597fc7beef0ee4), + UINT64_C(0xc6e00bf33da88fc2), UINT64_C(0xd5a79147930aa725), + UINT64_C(0x06ca6351e003826f), UINT64_C(0x142929670a0e6e70), + UINT64_C(0x27b70a8546d22ffc), UINT64_C(0x2e1b21385c26c926), + UINT64_C(0x4d2c6dfc5ac42aed), UINT64_C(0x53380d139d95b3df), + UINT64_C(0x650a73548baf63de), UINT64_C(0x766a0abb3c77b2a8), + UINT64_C(0x81c2c92e47edaee6), UINT64_C(0x92722c851482353b), + UINT64_C(0xa2bfe8a14cf10364), UINT64_C(0xa81a664bbc423001), + UINT64_C(0xc24b8b70d0f89791), UINT64_C(0xc76c51a30654be30), + UINT64_C(0xd192e819d6ef5218), UINT64_C(0xd69906245565a910), + UINT64_C(0xf40e35855771202a), UINT64_C(0x106aa07032bbd1b8), + UINT64_C(0x19a4c116b8d2d0c8), UINT64_C(0x1e376c085141ab53), + UINT64_C(0x2748774cdf8eeb99), UINT64_C(0x34b0bcb5e19b48a8), + UINT64_C(0x391c0cb3c5c95a63), UINT64_C(0x4ed8aa4ae3418acb), + UINT64_C(0x5b9cca4f7763e373), UINT64_C(0x682e6ff3d6b2b8a3), + UINT64_C(0x748f82ee5defb2fc), UINT64_C(0x78a5636f43172f60), + UINT64_C(0x84c87814a1f0ab72), UINT64_C(0x8cc702081a6439ec), + UINT64_C(0x90befffa23631e28), UINT64_C(0xa4506cebde82bde9), + UINT64_C(0xbef9a3f7b2c67915), UINT64_C(0xc67178f2e372532b), + UINT64_C(0xca273eceea26619c), UINT64_C(0xd186b8c721c0c207), + UINT64_C(0xeada7dd6cde0eb1e), UINT64_C(0xf57d4f7fee6ed178), + UINT64_C(0x06f067aa72176fba), UINT64_C(0x0a637dc5a2c898a6), + UINT64_C(0x113f9804bef90dae), UINT64_C(0x1b710b35131c471b), + UINT64_C(0x28db77f523047d84), UINT64_C(0x32caab7b40c72493), + UINT64_C(0x3c9ebe0a15c9bebc), UINT64_C(0x431d67c49c100d4c), + UINT64_C(0x4cc5d4becb3e42b6), UINT64_C(0x597f299cfc657e2a), + UINT64_C(0x5fcb6fab3ad6faec), UINT64_C(0x6c44198c4a475817) +}; + +/* Various logical functions */ + +#define ROR64c(x, y) \ + ( ((((x)&UINT64_C(0xFFFFFFFFFFFFFFFF))>>((uint64_t)(y)&UINT64_C(63))) | \ + ((x)<<((uint64_t)(64-((y)&UINT64_C(63)))))) & UINT64_C(0xFFFFFFFFFFFFFFFF)) + +#define STORE64H(x, y) \ + { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255); \ + (y)[2] = (unsigned char)(((x)>>40)&255); (y)[3] = (unsigned char)(((x)>>32)&255); \ + (y)[4] = (unsigned char)(((x)>>24)&255); (y)[5] = (unsigned char)(((x)>>16)&255); \ + (y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); } + +#define LOAD64H(x, y) \ + { x = (((uint64_t)((y)[0] & 255))<<56)|(((uint64_t)((y)[1] & 255))<<48) | \ + (((uint64_t)((y)[2] & 255))<<40)|(((uint64_t)((y)[3] & 255))<<32) | \ + (((uint64_t)((y)[4] & 255))<<24)|(((uint64_t)((y)[5] & 255))<<16) | \ + (((uint64_t)((y)[6] & 255))<<8)|(((uint64_t)((y)[7] & 255))); } + + +#define Ch(x,y,z) (z ^ (x & (y ^ z))) +#define Maj(x,y,z) (((x | y) & z) | (x & y)) +#define S(x, n) ROR64c(x, n) +#define R(x, n) (((x) &UINT64_C(0xFFFFFFFFFFFFFFFF))>>((uint64_t)n)) +#define Sigma0(x) (S(x, 28) ^ S(x, 34) ^ S(x, 39)) +#define Sigma1(x) (S(x, 14) ^ S(x, 18) ^ S(x, 41)) +#define Gamma0(x) (S(x, 1) ^ S(x, 8) ^ R(x, 7)) +#define Gamma1(x) (S(x, 19) ^ S(x, 61) ^ R(x, 6)) +#ifndef MIN + #define MIN(x, y) ( ((x)<(y))?(x):(y) ) +#endif + +/* compress 1024-bits */ +static int sha512_compress(sha512_context *md, unsigned char *buf) +{ + uint64_t S[8], W[80], t0, t1; + int i; + + /* copy state into S */ + for (i = 0; i < 8; i++) { + S[i] = md->state[i]; + } + + /* copy the state into 1024-bits into W[0..15] */ + for (i = 0; i < 16; i++) { + LOAD64H(W[i], buf + (8*i)); + } + + /* fill W[16..79] */ + for (i = 16; i < 80; i++) { + W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + W[i - 16]; + } + +/* Compress */ + #define RND(a,b,c,d,e,f,g,h,i) \ + t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \ + t1 = Sigma0(a) + Maj(a, b, c);\ + d += t0; \ + h = t0 + t1; + + for (i = 0; i < 80; i += 8) { + RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],i+0); + RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],i+1); + RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],i+2); + RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],i+3); + RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],i+4); + RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],i+5); + RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],i+6); + RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],i+7); + } + + #undef RND + + + + /* feedback */ + for (i = 0; i < 8; i++) { + md->state[i] = md->state[i] + S[i]; + } + + return 0; +} + + +/** + Initialize the hash state + @param md The hash state you wish to initialize + @return 0 if successful +*/ +int sha512_init(sha512_context * md) { + if (md == NULL) return 1; + + md->curlen = 0; + md->length = 0; + md->state[0] = UINT64_C(0x6a09e667f3bcc908); + md->state[1] = UINT64_C(0xbb67ae8584caa73b); + md->state[2] = UINT64_C(0x3c6ef372fe94f82b); + md->state[3] = UINT64_C(0xa54ff53a5f1d36f1); + md->state[4] = UINT64_C(0x510e527fade682d1); + md->state[5] = UINT64_C(0x9b05688c2b3e6c1f); + md->state[6] = UINT64_C(0x1f83d9abfb41bd6b); + md->state[7] = UINT64_C(0x5be0cd19137e2179); + + return 0; +} + +/** + Process a block of memory though the hash + @param md The hash state + @param in The data to hash + @param inlen The length of the data (octets) + @return 0 if successful +*/ +int sha512_update (sha512_context * md, const unsigned char *in, size_t inlen) +{ + size_t n; + size_t i; + int err; + if (md == NULL) return 1; + if (in == NULL) return 1; + if (md->curlen > sizeof(md->buf)) { + return 1; + } + while (inlen > 0) { + if (md->curlen == 0 && inlen >= 128) { + if ((err = sha512_compress (md, (unsigned char *)in)) != 0) { + return err; + } + md->length += 128 * 8; + in += 128; + inlen -= 128; + } else { + n = MIN(inlen, (128 - md->curlen)); + + for (i = 0; i < n; i++) { + md->buf[i + md->curlen] = in[i]; + } + + + md->curlen += n; + in += n; + inlen -= n; + if (md->curlen == 128) { + if ((err = sha512_compress (md, md->buf)) != 0) { + return err; + } + md->length += 8*128; + md->curlen = 0; + } + } + } + return 0; +} + +/** + Terminate the hash to get the digest + @param md The hash state + @param out [out] The destination of the hash (64 bytes) + @return 0 if successful +*/ + int sha512_final(sha512_context * md, unsigned char *out) + { + int i; + + if (md == NULL) return 1; + if (out == NULL) return 1; + + if (md->curlen >= sizeof(md->buf)) { + return 1; + } + + /* increase the length of the message */ + md->length += md->curlen * UINT64_C(8); + + /* append the '1' bit */ + md->buf[md->curlen++] = (unsigned char)0x80; + + /* if the length is currently above 112 bytes we append zeros + * then compress. Then we can fall back to padding zeros and length + * encoding like normal. + */ + if (md->curlen > 112) { + while (md->curlen < 128) { + md->buf[md->curlen++] = (unsigned char)0; + } + sha512_compress(md, md->buf); + md->curlen = 0; + } + + /* pad upto 120 bytes of zeroes + * note: that from 112 to 120 is the 64 MSB of the length. We assume that you won't hash + * > 2^64 bits of data... :-) + */ +while (md->curlen < 120) { + md->buf[md->curlen++] = (unsigned char)0; +} + + /* store length */ +STORE64H(md->length, md->buf+120); +sha512_compress(md, md->buf); + + /* copy output */ +for (i = 0; i < 8; i++) { + STORE64H(md->state[i], out+(8*i)); +} + +return 0; +} + +int sha512(const unsigned char *message, size_t message_len, unsigned char *out) +{ + sha512_context ctx; + int ret; + if ((ret = sha512_init(&ctx))) return ret; + if ((ret = sha512_update(&ctx, message, message_len))) return ret; + if ((ret = sha512_final(&ctx, out))) return ret; + return 0; +} diff --git a/contrib/hbcrypto/3rd/ed25519/sha512.h b/contrib/hbcrypto/3rd/ed25519/sha512.h new file mode 100644 index 0000000000..76d98e560b --- /dev/null +++ b/contrib/hbcrypto/3rd/ed25519/sha512.h @@ -0,0 +1,31 @@ +#ifndef SHA512_H +#define SHA512_H + +#include "hbdefs.h" + +#include "fixedint.h" + +/* state */ +#if defined( HB_USE_CORE_SHA512 ) +# include "hbcrypto.h" +# define sha512_context hb_sha512_ctx +# define sha512_init hb_sha512_init +# define sha512_final hb_sha512_final +# define sha512_update hb_sha512_update +# define sha512 hb_sha512 +#else +# define uint64_t HB_U64 +typedef struct sha512_context_ { + uint64_t length, state[8]; + size_t curlen; + unsigned char buf[128]; +} sha512_context; + + +int sha512_init(sha512_context * md); +int sha512_final(sha512_context * md, unsigned char *out); +int sha512_update(sha512_context * md, const unsigned char *in, size_t inlen); +int sha512(const unsigned char *message, size_t message_len, unsigned char *out); +#endif + +#endif diff --git a/contrib/hbcrypto/3rd/ed25519/sign.c b/contrib/hbcrypto/3rd/ed25519/sign.c new file mode 100644 index 0000000000..8251252123 --- /dev/null +++ b/contrib/hbcrypto/3rd/ed25519/sign.c @@ -0,0 +1,41 @@ +#include "ed25519.h" +#include "sha512.h" +#include "ge.h" +#include "sc.h" + +void ed25519_get_pubkey(unsigned char *public_key, const unsigned char *private_key) { + ge_p3 A; + + ge_scalarmult_base(&A, private_key); + ge_p3_tobytes(public_key, &A); +} + +void ed25519_sign(unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *unused, const unsigned char *private_key) { + sha512_context hash; + unsigned char hram[64]; + unsigned char r[64]; + ge_p3 R; + unsigned char public_key[ 32 ]; + + (void)unused; + + ed25519_get_pubkey(public_key, private_key); + + sha512_init(&hash); + sha512_update(&hash, private_key + 32, 32); + sha512_update(&hash, message, message_len); + sha512_final(&hash, r); + + sc_reduce(r); + ge_scalarmult_base(&R, r); + ge_p3_tobytes(signature, &R); + + sha512_init(&hash); + sha512_update(&hash, signature, 32); + sha512_update(&hash, public_key, 32); + sha512_update(&hash, message, message_len); + sha512_final(&hash, hram); + + sc_reduce(hram); + sc_muladd(signature + 32, hram, private_key, r); +} diff --git a/contrib/hbcrypto/3rd/ed25519/verify.c b/contrib/hbcrypto/3rd/ed25519/verify.c new file mode 100644 index 0000000000..32f988edc8 --- /dev/null +++ b/contrib/hbcrypto/3rd/ed25519/verify.c @@ -0,0 +1,77 @@ +#include "ed25519.h" +#include "sha512.h" +#include "ge.h" +#include "sc.h" + +static int consttime_equal(const unsigned char *x, const unsigned char *y) { + unsigned char r = 0; + + r = x[0] ^ y[0]; + #define F(i) r |= x[i] ^ y[i] + F(1); + F(2); + F(3); + F(4); + F(5); + F(6); + F(7); + F(8); + F(9); + F(10); + F(11); + F(12); + F(13); + F(14); + F(15); + F(16); + F(17); + F(18); + F(19); + F(20); + F(21); + F(22); + F(23); + F(24); + F(25); + F(26); + F(27); + F(28); + F(29); + F(30); + F(31); + #undef F + + return !r; +} + +int ed25519_verify(const unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *public_key) { + unsigned char h[64]; + unsigned char checker[32]; + sha512_context hash; + ge_p3 A; + ge_p2 R; + + if (signature[63] & 224) { + return 0; + } + + if (ge_frombytes_negate_vartime(&A, public_key) != 0) { + return 0; + } + + sha512_init(&hash); + sha512_update(&hash, signature, 32); + sha512_update(&hash, public_key, 32); + sha512_update(&hash, message, message_len); + sha512_final(&hash, h); + + sc_reduce(h); + ge_double_scalarmult_vartime(&R, h, &A, signature + 32); + ge_tobytes(checker, &R); + + if (!consttime_equal(checker, signature)) { + return 0; + } + + return 1; +} diff --git a/contrib/hbcrypto/3rd/scrypt/LICENSE.txt b/contrib/hbcrypto/3rd/scrypt/LICENSE.txt new file mode 100644 index 0000000000..d64384571d --- /dev/null +++ b/contrib/hbcrypto/3rd/scrypt/LICENSE.txt @@ -0,0 +1,27 @@ +The included code and documentation ("scrypt") is distributed under the +following terms: + +Copyright 2005-2016 Colin Percival. All rights reserved. +Copyright 2005-2016 Tarsnap Backup Inc. All rights reserved. +Copyright 2014 Sean Kelly. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. diff --git a/contrib/hbcrypto/3rd/scrypt/_compat.h b/contrib/hbcrypto/3rd/scrypt/_compat.h new file mode 100644 index 0000000000..4b5842803c --- /dev/null +++ b/contrib/hbcrypto/3rd/scrypt/_compat.h @@ -0,0 +1,21 @@ +#ifndef HB_COMPAT_H_ +#define HB_COMPAT_H_ + +#include "hbdefs.h" +#define uint8_t HB_U8 +#define uint32_t HB_U32 +#define uint64_t HB_U64 +#define le32dec(x) HB_GET_LE_UINT32(x) +#define le32enc(x,y) HB_PUT_LE_UINT32(x,y) +#define le64dec(x) HB_GET_LE_UINT64(x) +#define le64enc(x,y) HB_PUT_LE_UINT64(x,y) +#define be32dec(x) HB_GET_BE_UINT32(x) +#define be32enc(x,y) HB_PUT_BE_UINT32(x,y) +#define be64dec(x) HB_GET_BE_UINT64(x) +#define be64enc(x,y) HB_PUT_BE_UINT64(x,y) + +#ifndef SIZE_MAX +#define SIZE_MAX HB_SIZE_MAX +#endif + +#endif diff --git a/contrib/hbcrypto/3rd/scrypt/crypto_scrypt-ref.c b/contrib/hbcrypto/3rd/scrypt/crypto_scrypt-ref.c new file mode 100644 index 0000000000..008f509c4d --- /dev/null +++ b/contrib/hbcrypto/3rd/scrypt/crypto_scrypt-ref.c @@ -0,0 +1,282 @@ +/*- + * Copyright 2009 Colin Percival + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * This file was originally written by Colin Percival as part of the Tarsnap + * online backup system. + */ + +#include +#include + +#include "sha256.h" + +#include "crypto_scrypt.h" + +static void blkcpy(uint8_t *, uint8_t *, size_t); +static void blkxor(uint8_t *, uint8_t *, size_t); +static void salsa20_8(uint8_t[64]); +static void blockmix_salsa8(uint8_t *, uint8_t *, size_t); +static uint64_t integerify(uint8_t *, size_t); +static void smix(uint8_t *, size_t, uint64_t, uint8_t *, uint8_t *); + +static void +blkcpy(uint8_t * dest, uint8_t * src, size_t len) +{ + size_t i; + + for (i = 0; i < len; i++) + dest[i] = src[i]; +} + +static void +blkxor(uint8_t * dest, uint8_t * src, size_t len) +{ + size_t i; + + for (i = 0; i < len; i++) + dest[i] ^= src[i]; +} + +/** + * salsa20_8(B): + * Apply the salsa20/8 core to the provided block. + */ +static void +salsa20_8(uint8_t B[64]) +{ + uint32_t B32[16]; + uint32_t x[16]; + size_t i; + + /* Convert little-endian values in. */ + for (i = 0; i < 16; i++) + B32[i] = le32dec(&B[i * 4]); + + /* Compute x = doubleround^4(B32). */ + for (i = 0; i < 16; i++) + x[i] = B32[i]; + for (i = 0; i < 8; i += 2) { +#define R(a,b) (((a) << (b)) | ((a) >> (32 - (b)))) + /* Operate on columns. */ + x[ 4] ^= R(x[ 0]+x[12], 7); x[ 8] ^= R(x[ 4]+x[ 0], 9); + x[12] ^= R(x[ 8]+x[ 4],13); x[ 0] ^= R(x[12]+x[ 8],18); + + x[ 9] ^= R(x[ 5]+x[ 1], 7); x[13] ^= R(x[ 9]+x[ 5], 9); + x[ 1] ^= R(x[13]+x[ 9],13); x[ 5] ^= R(x[ 1]+x[13],18); + + x[14] ^= R(x[10]+x[ 6], 7); x[ 2] ^= R(x[14]+x[10], 9); + x[ 6] ^= R(x[ 2]+x[14],13); x[10] ^= R(x[ 6]+x[ 2],18); + + x[ 3] ^= R(x[15]+x[11], 7); x[ 7] ^= R(x[ 3]+x[15], 9); + x[11] ^= R(x[ 7]+x[ 3],13); x[15] ^= R(x[11]+x[ 7],18); + + /* Operate on rows. */ + x[ 1] ^= R(x[ 0]+x[ 3], 7); x[ 2] ^= R(x[ 1]+x[ 0], 9); + x[ 3] ^= R(x[ 2]+x[ 1],13); x[ 0] ^= R(x[ 3]+x[ 2],18); + + x[ 6] ^= R(x[ 5]+x[ 4], 7); x[ 7] ^= R(x[ 6]+x[ 5], 9); + x[ 4] ^= R(x[ 7]+x[ 6],13); x[ 5] ^= R(x[ 4]+x[ 7],18); + + x[11] ^= R(x[10]+x[ 9], 7); x[ 8] ^= R(x[11]+x[10], 9); + x[ 9] ^= R(x[ 8]+x[11],13); x[10] ^= R(x[ 9]+x[ 8],18); + + x[12] ^= R(x[15]+x[14], 7); x[13] ^= R(x[12]+x[15], 9); + x[14] ^= R(x[13]+x[12],13); x[15] ^= R(x[14]+x[13],18); +#undef R + } + + /* Compute B32 = B32 + x. */ + for (i = 0; i < 16; i++) + B32[i] += x[i]; + + /* Convert little-endian values out. */ + for (i = 0; i < 16; i++) + le32enc(&B[4 * i], B32[i]); +} + +/** + * blockmix_salsa8(B, Y, r): + * Compute B = BlockMix_{salsa20/8, r}(B). The input B must be 128r bytes in + * length; the temporary space Y must also be the same size. + */ +static void +blockmix_salsa8(uint8_t * B, uint8_t * Y, size_t r) +{ + uint8_t X[64]; + size_t i; + + /* 1: X <-- B_{2r - 1} */ + blkcpy(X, &B[(2 * r - 1) * 64], 64); + + /* 2: for i = 0 to 2r - 1 do */ + for (i = 0; i < 2 * r; i++) { + /* 3: X <-- H(X \xor B_i) */ + blkxor(X, &B[i * 64], 64); + salsa20_8(X); + + /* 4: Y_i <-- X */ + blkcpy(&Y[i * 64], X, 64); + } + + /* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */ + for (i = 0; i < r; i++) + blkcpy(&B[i * 64], &Y[(i * 2) * 64], 64); + for (i = 0; i < r; i++) + blkcpy(&B[(i + r) * 64], &Y[(i * 2 + 1) * 64], 64); +} + +/** + * integerify(B, r): + * Return the result of parsing B_{2r-1} as a little-endian integer. + */ +static uint64_t +integerify(uint8_t * B, size_t r) +{ + uint8_t * X = &B[(2 * r - 1) * 64]; + + return (le64dec(X)); +} + +/** + * smix(B, r, N, V, XY): + * Compute B = SMix_r(B, N). The input B must be 128r bytes in length; the + * temporary storage V must be 128rN bytes in length; the temporary storage + * XY must be 256r bytes in length. The value N must be a power of 2. + */ +static void +smix(uint8_t * B, size_t r, uint64_t N, uint8_t * V, uint8_t * XY) +{ + uint8_t * X = XY; + uint8_t * Y = &XY[128 * r]; + uint64_t i; + uint64_t j; + + /* 1: X <-- B */ + blkcpy(X, B, 128 * r); + + /* 2: for i = 0 to N - 1 do */ + for (i = 0; i < N; i++) { + /* 3: V_i <-- X */ + blkcpy(&V[i * (128 * r)], X, 128 * r); + + /* 4: X <-- H(X) */ + blockmix_salsa8(X, Y, r); + } + + /* 6: for i = 0 to N - 1 do */ + for (i = 0; i < N; i++) { + /* 7: j <-- Integerify(X) mod N */ + j = integerify(X, r) & (N - 1); + + /* 8: X <-- H(X \xor V_j) */ + blkxor(X, &V[j * (128 * r)], 128 * r); + blockmix_salsa8(X, Y, r); + } + + /* 10: B' <-- X */ + blkcpy(B, X, 128 * r); +} + +/** + * crypto_scrypt(passwd, passwdlen, salt, saltlen, N, r, p, buf, buflen): + * Compute scrypt(passwd[0 .. passwdlen - 1], salt[0 .. saltlen - 1], N, r, + * p, buflen) and write the result into buf. The parameters r, p, and buflen + * must satisfy r * p < 2^30 and buflen <= (2^32 - 1) * 32. The parameter N + * must be a power of 2. + * + * Return 0 on success; or -1 on error. + */ +int +crypto_scrypt(const uint8_t * passwd, size_t passwdlen, + const uint8_t * salt, size_t saltlen, uint64_t N, uint32_t _r, uint32_t _p, + uint8_t * buf, size_t buflen) +{ + uint8_t * B; + uint8_t * V; + uint8_t * XY; + size_t r = _r, p = _p; + uint32_t i; + int fail = -1; + + /* Sanity-check parameters. */ +#if SIZE_MAX > UINT32_MAX + if (buflen > (((uint64_t)(1) << 32) - 1) * 32) { + fail = -2 /* EFBIG */; + goto err0; + } +#endif + if ((uint64_t)(r) * (uint64_t)(p) >= (1 << 30)) { + fail = -2 /* EFBIG */; + goto err0; + } + if (((N & (N - 1)) != 0) || (N == 0)) { + fail = -3 /* EINVAL */; + goto err0; + } + if ((r > SIZE_MAX / 128 / p) || +#if SIZE_MAX / 256 <= UINT32_MAX + (r > SIZE_MAX / 256) || +#endif + (N > SIZE_MAX / 128 / r)) { + fail = -4 /* ENOMEM */; + goto err0; + } + + /* Allocate memory. */ + if ((B = malloc(128 * r * p)) == NULL) + goto err0; + if ((XY = malloc(256 * r)) == NULL) + goto err1; + if ((V = malloc(128 * r * N)) == NULL) + goto err2; + + /* 1: (B_0 ... B_{p-1}) <-- PBKDF2(P, S, 1, p * MFLen) */ + PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, 1, B, p * 128 * r); + + /* 2: for i = 0 to p - 1 do */ + for (i = 0; i < p; i++) { + /* 3: B_i <-- MF(B_i, N) */ + smix(&B[i * 128 * r], r, N, V, XY); + } + + /* 5: DK <-- PBKDF2(P, B, 1, dkLen) */ + PBKDF2_SHA256(passwd, passwdlen, B, p * 128 * r, 1, buf, buflen); + + /* Free memory. */ + free(V); + free(XY); + free(B); + + /* Success! */ + return (0); + +err2: + free(XY); +err1: + free(B); +err0: + /* Failure! */ + return (fail); +} diff --git a/contrib/hbcrypto/3rd/scrypt/crypto_scrypt.h b/contrib/hbcrypto/3rd/scrypt/crypto_scrypt.h new file mode 100644 index 0000000000..28550d9798 --- /dev/null +++ b/contrib/hbcrypto/3rd/scrypt/crypto_scrypt.h @@ -0,0 +1,46 @@ +/*- + * Copyright 2009 Colin Percival + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * This file was originally written by Colin Percival as part of the Tarsnap + * online backup system. + */ +#ifndef _CRYPTO_SCRYPT_H_ +#define _CRYPTO_SCRYPT_H_ + +#include "_compat.h" + +/** + * crypto_scrypt(passwd, passwdlen, salt, saltlen, N, r, p, buf, buflen): + * Compute scrypt(passwd[0 .. passwdlen - 1], salt[0 .. saltlen - 1], N, r, + * p, buflen) and write the result into buf. The parameters r, p, and buflen + * must satisfy r * p < 2^30 and buflen <= (2^32 - 1) * 32. The parameter N + * must be a power of 2 greater than 1. + * + * Return 0 on success; or -1 on error. + */ +int crypto_scrypt(const uint8_t *, size_t, const uint8_t *, size_t, uint64_t, + uint32_t, uint32_t, uint8_t *, size_t); + +#endif /* !_CRYPTO_SCRYPT_H_ */ diff --git a/contrib/hbcrypto/3rd/scrypt/insecure_memzero.c b/contrib/hbcrypto/3rd/scrypt/insecure_memzero.c new file mode 100644 index 0000000000..f416f589f0 --- /dev/null +++ b/contrib/hbcrypto/3rd/scrypt/insecure_memzero.c @@ -0,0 +1,19 @@ +#include +#include "_compat.h" + +#include "insecure_memzero.h" + +/* Function which does the zeroing. */ +static void +insecure_memzero_func(volatile void * buf, size_t len) +{ + volatile uint8_t * _buf = buf; + size_t i; + + for (i = 0; i < len; i++) + _buf[i] = 0; +} + +/* Pointer to memory-zeroing function. */ +void (* volatile insecure_memzero_ptr)(volatile void *, size_t) = + insecure_memzero_func; diff --git a/contrib/hbcrypto/3rd/scrypt/insecure_memzero.h b/contrib/hbcrypto/3rd/scrypt/insecure_memzero.h new file mode 100644 index 0000000000..5436a1244d --- /dev/null +++ b/contrib/hbcrypto/3rd/scrypt/insecure_memzero.h @@ -0,0 +1,37 @@ +#ifndef _INSECURE_MEMZERO_H_ +#define _INSECURE_MEMZERO_H_ + +#include + +/* Pointer to memory-zeroing function. */ +extern void (* volatile insecure_memzero_ptr)(volatile void *, size_t); + +/** + * insecure_memzero(buf, len): + * Attempt to zero ${len} bytes at ${buf} in spite of optimizing compilers' + * best (standards-compliant) attempts to remove the buffer-zeroing. In + * particular, to avoid performing the zeroing, a compiler would need to + * use optimistic devirtualization; recognize that non-volatile objects do not + * need to be treated as volatile, even if they are accessed via volatile + * qualified pointers; and perform link-time optimization; in addition to the + * dead-code elimination which often causes buffer-zeroing to be elided. + * + * Note however that zeroing a buffer does not guarantee that the data held + * in the buffer is not stored elsewhere; in particular, there may be copies + * held in CPU registers or in anonymous allocations on the stack, even if + * every named variable is successfully sanitized. Solving the "wipe data + * from the system" problem will require a C language extension which does not + * yet exist. + * + * For more information, see: + * http://www.daemonology.net/blog/2014-09-04-how-to-zero-a-buffer.html + * http://www.daemonology.net/blog/2014-09-06-zeroing-buffers-is-insufficient.html + */ +static _HB_INLINE_ void +insecure_memzero(volatile void * buf, size_t len) +{ + + (insecure_memzero_ptr)(buf, len); +} + +#endif /* !_INSECURE_MEMZERO_H_ */ diff --git a/contrib/hbcrypto/3rd/scrypt/scrypt.diff b/contrib/hbcrypto/3rd/scrypt/scrypt.diff new file mode 100644 index 0000000000..4601413c0b --- /dev/null +++ b/contrib/hbcrypto/3rd/scrypt/scrypt.diff @@ -0,0 +1,190 @@ +diff --strip-trailing-cr -urN scrypt.orig/crypto_scrypt-ref.c scrypt/crypto_scrypt-ref.c +--- scrypt.orig/crypto_scrypt-ref.c 2017-02-11 07:29:13.000000000 +0000 ++++ scrypt/crypto_scrypt-ref.c 2017-02-19 21:18:33.000000000 +0000 +@@ -26,15 +26,11 @@ + * This file was originally written by Colin Percival as part of the Tarsnap + * online backup system. + */ +-#include "scrypt_platform.h" + +-#include +-#include + #include + #include + + #include "sha256.h" +-#include "sysendian.h" + + #include "crypto_scrypt.h" + +@@ -222,20 +218,21 @@ + uint8_t * XY; + size_t r = _r, p = _p; + uint32_t i; ++ int fail = -1; + + /* Sanity-check parameters. */ + #if SIZE_MAX > UINT32_MAX + if (buflen > (((uint64_t)(1) << 32) - 1) * 32) { +- errno = EFBIG; ++ fail = -2 /* EFBIG */; + goto err0; + } + #endif + if ((uint64_t)(r) * (uint64_t)(p) >= (1 << 30)) { +- errno = EFBIG; ++ fail = -2 /* EFBIG */; + goto err0; + } + if (((N & (N - 1)) != 0) || (N == 0)) { +- errno = EINVAL; ++ fail = -3 /* EINVAL */; + goto err0; + } + if ((r > SIZE_MAX / 128 / p) || +@@ -243,7 +240,7 @@ + (r > SIZE_MAX / 256) || + #endif + (N > SIZE_MAX / 128 / r)) { +- errno = ENOMEM; ++ fail = -4 /* ENOMEM */; + goto err0; + } + +@@ -281,5 +278,5 @@ + free(B); + err0: + /* Failure! */ +- return (-1); ++ return (fail); + } +diff --strip-trailing-cr -urN scrypt.orig/crypto_scrypt.h scrypt/crypto_scrypt.h +--- scrypt.orig/crypto_scrypt.h 2017-02-11 07:29:13.000000000 +0000 ++++ scrypt/crypto_scrypt.h 2017-02-19 21:18:37.000000000 +0000 +@@ -29,8 +29,7 @@ + #ifndef _CRYPTO_SCRYPT_H_ + #define _CRYPTO_SCRYPT_H_ + +-#include +-#include ++#include "_compat.h" + + /** + * crypto_scrypt(passwd, passwdlen, salt, saltlen, N, r, p, buf, buflen): +diff --strip-trailing-cr -urN scrypt.orig/insecure_memzero.c scrypt/insecure_memzero.c +--- scrypt.orig/insecure_memzero.c 2017-02-11 07:29:13.000000000 +0000 ++++ scrypt/insecure_memzero.c 2017-02-19 21:18:33.000000000 +0000 +@@ -1,5 +1,5 @@ + #include +-#include ++#include "_compat.h" + + #include "insecure_memzero.h" + +diff --strip-trailing-cr -urN scrypt.orig/insecure_memzero.h scrypt/insecure_memzero.h +--- scrypt.orig/insecure_memzero.h 2017-02-11 07:29:13.000000000 +0000 ++++ scrypt/insecure_memzero.h 2017-02-19 21:18:33.000000000 +0000 +@@ -27,7 +27,7 @@ + * http://www.daemonology.net/blog/2014-09-04-how-to-zero-a-buffer.html + * http://www.daemonology.net/blog/2014-09-06-zeroing-buffers-is-insufficient.html + */ +-static inline void ++static _HB_INLINE_ void + insecure_memzero(volatile void * buf, size_t len) + { + +diff --strip-trailing-cr -urN scrypt.orig/sha256.c scrypt/sha256.c +--- scrypt.orig/sha256.c 2017-02-11 07:29:13.000000000 +0000 ++++ scrypt/sha256.c 2017-02-19 21:18:33.000000000 +0000 +@@ -1,9 +1,8 @@ + #include +-#include ++#include "_compat.h" + #include + + #include "insecure_memzero.h" +-#include "sysendian.h" + + #include "sha256.h" + +@@ -94,9 +93,9 @@ + * the 512-bit input block to produce a new state. + */ + static void +-SHA256_Transform(uint32_t state[static restrict 8], +- const uint8_t block[static restrict 64], +- uint32_t W[static restrict 64], uint32_t S[static restrict 8]) ++SHA256_Transform(uint32_t state[HB_C99_STATIC HB_C99_RESTRICT 8], ++ const uint8_t block[HB_C99_STATIC HB_C99_RESTRICT 64], ++ uint32_t W[HB_C99_STATIC HB_C99_RESTRICT 64], uint32_t S[HB_C99_STATIC HB_C99_RESTRICT 8]) + { + int i; + +@@ -159,7 +158,7 @@ + + /* Add padding and terminating bit-count. */ + static void +-SHA256_Pad(SHA256_CTX * ctx, uint32_t tmp32[static restrict 72]) ++SHA256_Pad(SHA256_CTX * ctx, uint32_t tmp32[HB_C99_STATIC HB_C99_RESTRICT 72]) + { + size_t r; + +@@ -213,7 +212,7 @@ + */ + static void + _SHA256_Update(SHA256_CTX * ctx, const void * in, size_t len, +- uint32_t tmp32[static restrict 72]) ++ uint32_t tmp32[HB_C99_STATIC HB_C99_RESTRICT 72]) + { + uint32_t r; + const uint8_t * src = in; +@@ -271,7 +270,7 @@ + */ + static void + _SHA256_Final(uint8_t digest[32], SHA256_CTX * ctx, +- uint32_t tmp32[static restrict 72]) ++ uint32_t tmp32[HB_C99_STATIC HB_C99_RESTRICT 72]) + { + + /* Add padding. */ +@@ -323,8 +322,8 @@ + */ + static void + _HMAC_SHA256_Init(HMAC_SHA256_CTX * ctx, const void * _K, size_t Klen, +- uint32_t tmp32[static restrict 72], uint8_t pad[static restrict 64], +- uint8_t khash[static restrict 32]) ++ uint32_t tmp32[HB_C99_STATIC HB_C99_RESTRICT 72], uint8_t pad[HB_C99_STATIC HB_C99_RESTRICT 64], ++ uint8_t khash[HB_C99_STATIC HB_C99_RESTRICT 32]) + { + const uint8_t * K = _K; + size_t i; +@@ -376,7 +375,7 @@ + */ + static void + _HMAC_SHA256_Update(HMAC_SHA256_CTX * ctx, const void * in, size_t len, +- uint32_t tmp32[static restrict 72]) ++ uint32_t tmp32[HB_C99_STATIC HB_C99_RESTRICT 72]) + { + + /* Feed data to the inner SHA256 operation. */ +@@ -403,7 +402,7 @@ + */ + static void + _HMAC_SHA256_Final(uint8_t digest[32], HMAC_SHA256_CTX * ctx, +- uint32_t tmp32[static restrict 72], uint8_t ihash[static restrict 32]) ++ uint32_t tmp32[HB_C99_STATIC HB_C99_RESTRICT 72], uint8_t ihash[HB_C99_STATIC HB_C99_RESTRICT 32]) + { + + /* Finish the inner SHA256 operation. */ +diff --strip-trailing-cr -urN scrypt.orig/sha256.h scrypt/sha256.h +--- scrypt.orig/sha256.h 2017-02-11 07:29:13.000000000 +0000 ++++ scrypt/sha256.h 2017-02-19 21:18:33.000000000 +0000 +@@ -2,7 +2,7 @@ + #define _SHA256_H_ + + #include +-#include ++#include "_compat.h" + + /* + * Use #defines in order to avoid namespace collisions with anyone else's diff --git a/contrib/hbcrypto/3rd/scrypt/scrypt.hbc b/contrib/hbcrypto/3rd/scrypt/scrypt.hbc new file mode 100644 index 0000000000..a18c93b814 --- /dev/null +++ b/contrib/hbcrypto/3rd/scrypt/scrypt.hbc @@ -0,0 +1 @@ +libs=${_HB_3RDPREF}${hb_name}${_HB_3RDSUFF} diff --git a/contrib/hbcrypto/3rd/scrypt/scrypt.hbp b/contrib/hbcrypto/3rd/scrypt/scrypt.hbp new file mode 100644 index 0000000000..f358c85442 --- /dev/null +++ b/contrib/hbcrypto/3rd/scrypt/scrypt.hbp @@ -0,0 +1,28 @@ +-stop{hbdyn&!(HB_BUILD_3RD_DYN='yes')} -env:__HB_3RD_DYN=yes{hbdyn} + +-hblib +-inc + +-o${hb_name} + +-warn=low +-cpp=no +-pic + +-cflag=-DNDEBUG{!debug} + +crypto_scrypt-ref.c +sha256.c +insecure_memzero.c + +# ORIGIN https://www.tarsnap.com/scrypt.html +# URL https://www.tarsnap.com/scrypt/scrypt-1.2.1.tgz +# DIFF scrypt.diff +# +# MAP COPYRIGHT LICENSE.txt +# MAP libcperciva/alg/sha256.c sha256.c +# MAP libcperciva/alg/sha256.h sha256.h +# MAP libcperciva/util/insecure_memzero.c insecure_memzero.c +# MAP libcperciva/util/insecure_memzero.h insecure_memzero.h +# MAP lib/crypto/crypto_scrypt-ref.c crypto_scrypt-ref.c +# MAP lib/crypto/crypto_scrypt.h crypto_scrypt.h diff --git a/contrib/hbcrypto/3rd/scrypt/sha256.c b/contrib/hbcrypto/3rd/scrypt/sha256.c new file mode 100644 index 0000000000..09c358bf07 --- /dev/null +++ b/contrib/hbcrypto/3rd/scrypt/sha256.c @@ -0,0 +1,526 @@ +#include +#include "_compat.h" +#include + +#include "insecure_memzero.h" + +#include "sha256.h" + +/* + * Encode a length len/4 vector of (uint32_t) into a length len vector of + * (uint8_t) in big-endian form. Assumes len is a multiple of 4. + */ +static void +be32enc_vect(uint8_t * dst, const uint32_t * src, size_t len) +{ + size_t i; + + /* Sanity-check. */ + assert(len % 4 == 0); + + /* Encode vector, one word at a time. */ + for (i = 0; i < len / 4; i++) + be32enc(dst + i * 4, src[i]); +} + +/* + * Decode a big-endian length len vector of (uint8_t) into a length + * len/4 vector of (uint32_t). Assumes len is a multiple of 4. + */ +static void +be32dec_vect(uint32_t * dst, const uint8_t * src, size_t len) +{ + size_t i; + + /* Sanity-check. */ + assert(len % 4 == 0); + + /* Decode vector, one word at a time. */ + for (i = 0; i < len / 4; i++) + dst[i] = be32dec(src + i * 4); +} + +/* SHA256 round constants. */ +static const uint32_t Krnd[64] = { + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, + 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, + 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, + 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, + 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, + 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, + 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, + 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, + 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 +}; + +/* Elementary functions used by SHA256 */ +#define Ch(x, y, z) ((x & (y ^ z)) ^ z) +#define Maj(x, y, z) ((x & (y | z)) | (y & z)) +#define SHR(x, n) (x >> n) +#define ROTR(x, n) ((x >> n) | (x << (32 - n))) +#define S0(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) +#define S1(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) +#define s0(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ SHR(x, 3)) +#define s1(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SHR(x, 10)) + +/* SHA256 round function */ +#define RND(a, b, c, d, e, f, g, h, k) \ + h += S1(e) + Ch(e, f, g) + k; \ + d += h; \ + h += S0(a) + Maj(a, b, c); + +/* Adjusted round function for rotating state */ +#define RNDr(S, W, i, ii) \ + RND(S[(64 - i) % 8], S[(65 - i) % 8], \ + S[(66 - i) % 8], S[(67 - i) % 8], \ + S[(68 - i) % 8], S[(69 - i) % 8], \ + S[(70 - i) % 8], S[(71 - i) % 8], \ + W[i + ii] + Krnd[i + ii]) + +/* Message schedule computation */ +#define MSCH(W, ii, i) \ + W[i + ii + 16] = s1(W[i + ii + 14]) + W[i + ii + 9] + s0(W[i + ii + 1]) + W[i + ii] + +/* + * SHA256 block compression function. The 256-bit state is transformed via + * the 512-bit input block to produce a new state. + */ +static void +SHA256_Transform(uint32_t state[HB_C99_STATIC HB_C99_RESTRICT 8], + const uint8_t block[HB_C99_STATIC HB_C99_RESTRICT 64], + uint32_t W[HB_C99_STATIC HB_C99_RESTRICT 64], uint32_t S[HB_C99_STATIC HB_C99_RESTRICT 8]) +{ + int i; + + /* 1. Prepare the first part of the message schedule W. */ + be32dec_vect(W, block, 64); + + /* 2. Initialize working variables. */ + memcpy(S, state, 32); + + /* 3. Mix. */ + for (i = 0; i < 64; i += 16) { + RNDr(S, W, 0, i); + RNDr(S, W, 1, i); + RNDr(S, W, 2, i); + RNDr(S, W, 3, i); + RNDr(S, W, 4, i); + RNDr(S, W, 5, i); + RNDr(S, W, 6, i); + RNDr(S, W, 7, i); + RNDr(S, W, 8, i); + RNDr(S, W, 9, i); + RNDr(S, W, 10, i); + RNDr(S, W, 11, i); + RNDr(S, W, 12, i); + RNDr(S, W, 13, i); + RNDr(S, W, 14, i); + RNDr(S, W, 15, i); + + if (i == 48) + break; + MSCH(W, 0, i); + MSCH(W, 1, i); + MSCH(W, 2, i); + MSCH(W, 3, i); + MSCH(W, 4, i); + MSCH(W, 5, i); + MSCH(W, 6, i); + MSCH(W, 7, i); + MSCH(W, 8, i); + MSCH(W, 9, i); + MSCH(W, 10, i); + MSCH(W, 11, i); + MSCH(W, 12, i); + MSCH(W, 13, i); + MSCH(W, 14, i); + MSCH(W, 15, i); + } + + /* 4. Mix local working variables into global state. */ + for (i = 0; i < 8; i++) + state[i] += S[i]; +} + +static const uint8_t PAD[64] = { + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +}; + +/* Add padding and terminating bit-count. */ +static void +SHA256_Pad(SHA256_CTX * ctx, uint32_t tmp32[HB_C99_STATIC HB_C99_RESTRICT 72]) +{ + size_t r; + + /* Figure out how many bytes we have buffered. */ + r = (ctx->count >> 3) & 0x3f; + + /* Pad to 56 mod 64, transforming if we finish a block en route. */ + if (r < 56) { + /* Pad to 56 mod 64. */ + memcpy(&ctx->buf[r], PAD, 56 - r); + } else { + /* Finish the current block and mix. */ + memcpy(&ctx->buf[r], PAD, 64 - r); + SHA256_Transform(ctx->state, ctx->buf, &tmp32[0], &tmp32[64]); + + /* The start of the final block is all zeroes. */ + memset(&ctx->buf[0], 0, 56); + } + + /* Add the terminating bit-count. */ + be64enc(&ctx->buf[56], ctx->count); + + /* Mix in the final block. */ + SHA256_Transform(ctx->state, ctx->buf, &tmp32[0], &tmp32[64]); +} + +/* Magic initialization constants. */ +static const uint32_t initial_state[8] = { + 0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, + 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19 +}; + +/** + * SHA256_Init(ctx): + * Initialize the SHA256 context ${ctx}. + */ +void +SHA256_Init(SHA256_CTX * ctx) +{ + + /* Zero bits processed so far. */ + ctx->count = 0; + + /* Initialize state. */ + memcpy(ctx->state, initial_state, sizeof(initial_state)); +} + +/** + * SHA256_Update(ctx, in, len): + * Input ${len} bytes from ${in} into the SHA256 context ${ctx}. + */ +static void +_SHA256_Update(SHA256_CTX * ctx, const void * in, size_t len, + uint32_t tmp32[HB_C99_STATIC HB_C99_RESTRICT 72]) +{ + uint32_t r; + const uint8_t * src = in; + + /* Return immediately if we have nothing to do. */ + if (len == 0) + return; + + /* Number of bytes left in the buffer from previous updates. */ + r = (ctx->count >> 3) & 0x3f; + + /* Update number of bits. */ + ctx->count += (uint64_t)(len) << 3; + + /* Handle the case where we don't need to perform any transforms. */ + if (len < 64 - r) { + memcpy(&ctx->buf[r], src, len); + return; + } + + /* Finish the current block. */ + memcpy(&ctx->buf[r], src, 64 - r); + SHA256_Transform(ctx->state, ctx->buf, &tmp32[0], &tmp32[64]); + src += 64 - r; + len -= 64 - r; + + /* Perform complete blocks. */ + while (len >= 64) { + SHA256_Transform(ctx->state, src, &tmp32[0], &tmp32[64]); + src += 64; + len -= 64; + } + + /* Copy left over data into buffer. */ + memcpy(ctx->buf, src, len); +} + +/* Wrapper function for intermediate-values sanitization. */ +void +SHA256_Update(SHA256_CTX * ctx, const void * in, size_t len) +{ + uint32_t tmp32[72]; + + /* Call the real function. */ + _SHA256_Update(ctx, in, len, tmp32); + + /* Clean the stack. */ + insecure_memzero(tmp32, 288); +} + +/** + * SHA256_Final(digest, ctx): + * Output the SHA256 hash of the data input to the context ${ctx} into the + * buffer ${digest}. + */ +static void +_SHA256_Final(uint8_t digest[32], SHA256_CTX * ctx, + uint32_t tmp32[HB_C99_STATIC HB_C99_RESTRICT 72]) +{ + + /* Add padding. */ + SHA256_Pad(ctx, tmp32); + + /* Write the hash. */ + be32enc_vect(digest, ctx->state, 32); +} + +/* Wrapper function for intermediate-values sanitization. */ +void +SHA256_Final(uint8_t digest[32], SHA256_CTX * ctx) +{ + uint32_t tmp32[72]; + + /* Call the real function. */ + _SHA256_Final(digest, ctx, tmp32); + + /* Clear the context state. */ + insecure_memzero(ctx, sizeof(SHA256_CTX)); + + /* Clean the stack. */ + insecure_memzero(tmp32, 288); +} + +/** + * SHA256_Buf(in, len, digest): + * Compute the SHA256 hash of ${len} bytes from ${in} and write it to ${digest}. + */ +void +SHA256_Buf(const void * in, size_t len, uint8_t digest[32]) +{ + SHA256_CTX ctx; + uint32_t tmp32[72]; + + SHA256_Init(&ctx); + _SHA256_Update(&ctx, in, len, tmp32); + _SHA256_Final(digest, &ctx, tmp32); + + /* Clean the stack. */ + insecure_memzero(&ctx, sizeof(SHA256_CTX)); + insecure_memzero(tmp32, 288); +} + +/** + * HMAC_SHA256_Init(ctx, K, Klen): + * Initialize the HMAC-SHA256 context ${ctx} with ${Klen} bytes of key from + * ${K}. + */ +static void +_HMAC_SHA256_Init(HMAC_SHA256_CTX * ctx, const void * _K, size_t Klen, + uint32_t tmp32[HB_C99_STATIC HB_C99_RESTRICT 72], uint8_t pad[HB_C99_STATIC HB_C99_RESTRICT 64], + uint8_t khash[HB_C99_STATIC HB_C99_RESTRICT 32]) +{ + const uint8_t * K = _K; + size_t i; + + /* If Klen > 64, the key is really SHA256(K). */ + if (Klen > 64) { + SHA256_Init(&ctx->ictx); + _SHA256_Update(&ctx->ictx, K, Klen, tmp32); + _SHA256_Final(khash, &ctx->ictx, tmp32); + K = khash; + Klen = 32; + } + + /* Inner SHA256 operation is SHA256(K xor [block of 0x36] || data). */ + SHA256_Init(&ctx->ictx); + memset(pad, 0x36, 64); + for (i = 0; i < Klen; i++) + pad[i] ^= K[i]; + _SHA256_Update(&ctx->ictx, pad, 64, tmp32); + + /* Outer SHA256 operation is SHA256(K xor [block of 0x5c] || hash). */ + SHA256_Init(&ctx->octx); + memset(pad, 0x5c, 64); + for (i = 0; i < Klen; i++) + pad[i] ^= K[i]; + _SHA256_Update(&ctx->octx, pad, 64, tmp32); +} + +/* Wrapper function for intermediate-values sanitization. */ +void +HMAC_SHA256_Init(HMAC_SHA256_CTX * ctx, const void * _K, size_t Klen) +{ + uint32_t tmp32[72]; + uint8_t pad[64]; + uint8_t khash[32]; + + /* Call the real function. */ + _HMAC_SHA256_Init(ctx, _K, Klen, tmp32, pad, khash); + + /* Clean the stack. */ + insecure_memzero(tmp32, 288); + insecure_memzero(khash, 32); + insecure_memzero(pad, 64); +} + +/** + * HMAC_SHA256_Update(ctx, in, len): + * Input ${len} bytes from ${in} into the HMAC-SHA256 context ${ctx}. + */ +static void +_HMAC_SHA256_Update(HMAC_SHA256_CTX * ctx, const void * in, size_t len, + uint32_t tmp32[HB_C99_STATIC HB_C99_RESTRICT 72]) +{ + + /* Feed data to the inner SHA256 operation. */ + _SHA256_Update(&ctx->ictx, in, len, tmp32); +} + +/* Wrapper function for intermediate-values sanitization. */ +void +HMAC_SHA256_Update(HMAC_SHA256_CTX * ctx, const void * in, size_t len) +{ + uint32_t tmp32[72]; + + /* Call the real function. */ + _HMAC_SHA256_Update(ctx, in, len, tmp32); + + /* Clean the stack. */ + insecure_memzero(tmp32, 288); +} + +/** + * HMAC_SHA256_Final(digest, ctx): + * Output the HMAC-SHA256 of the data input to the context ${ctx} into the + * buffer ${digest}. + */ +static void +_HMAC_SHA256_Final(uint8_t digest[32], HMAC_SHA256_CTX * ctx, + uint32_t tmp32[HB_C99_STATIC HB_C99_RESTRICT 72], uint8_t ihash[HB_C99_STATIC HB_C99_RESTRICT 32]) +{ + + /* Finish the inner SHA256 operation. */ + _SHA256_Final(ihash, &ctx->ictx, tmp32); + + /* Feed the inner hash to the outer SHA256 operation. */ + _SHA256_Update(&ctx->octx, ihash, 32, tmp32); + + /* Finish the outer SHA256 operation. */ + _SHA256_Final(digest, &ctx->octx, tmp32); +} + +/* Wrapper function for intermediate-values sanitization. */ +void +HMAC_SHA256_Final(uint8_t digest[32], HMAC_SHA256_CTX * ctx) +{ + uint32_t tmp32[72]; + uint8_t ihash[32]; + + /* Call the real function. */ + _HMAC_SHA256_Final(digest, ctx, tmp32, ihash); + + /* Clean the stack. */ + insecure_memzero(tmp32, 288); + insecure_memzero(ihash, 32); +} + +/** + * HMAC_SHA256_Buf(K, Klen, in, len, digest): + * Compute the HMAC-SHA256 of ${len} bytes from ${in} using the key ${K} of + * length ${Klen}, and write the result to ${digest}. + */ +void +HMAC_SHA256_Buf(const void * K, size_t Klen, const void * in, size_t len, + uint8_t digest[32]) +{ + HMAC_SHA256_CTX ctx; + uint32_t tmp32[72]; + uint8_t tmp8[96]; + + _HMAC_SHA256_Init(&ctx, K, Klen, tmp32, &tmp8[0], &tmp8[64]); + _HMAC_SHA256_Update(&ctx, in, len, tmp32); + _HMAC_SHA256_Final(digest, &ctx, tmp32, &tmp8[0]); + + /* Clean the stack. */ + insecure_memzero(&ctx, sizeof(HMAC_SHA256_CTX)); + insecure_memzero(tmp32, 288); + insecure_memzero(tmp8, 96); +} + +/** + * PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, c, buf, dkLen): + * Compute PBKDF2(passwd, salt, c, dkLen) using HMAC-SHA256 as the PRF, and + * write the output to buf. The value dkLen must be at most 32 * (2^32 - 1). + */ +void +PBKDF2_SHA256(const uint8_t * passwd, size_t passwdlen, const uint8_t * salt, + size_t saltlen, uint64_t c, uint8_t * buf, size_t dkLen) +{ + HMAC_SHA256_CTX Phctx, PShctx, hctx; + uint32_t tmp32[72]; + uint8_t tmp8[96]; + size_t i; + uint8_t ivec[4]; + uint8_t U[32]; + uint8_t T[32]; + uint64_t j; + int k; + size_t clen; + + /* Sanity-check. */ + assert(dkLen <= 32 * (size_t)(UINT32_MAX)); + + /* Compute HMAC state after processing P. */ + _HMAC_SHA256_Init(&Phctx, passwd, passwdlen, + tmp32, &tmp8[0], &tmp8[64]); + + /* Compute HMAC state after processing P and S. */ + memcpy(&PShctx, &Phctx, sizeof(HMAC_SHA256_CTX)); + _HMAC_SHA256_Update(&PShctx, salt, saltlen, tmp32); + + /* Iterate through the blocks. */ + for (i = 0; i * 32 < dkLen; i++) { + /* Generate INT(i + 1). */ + be32enc(ivec, (uint32_t)(i + 1)); + + /* Compute U_1 = PRF(P, S || INT(i)). */ + memcpy(&hctx, &PShctx, sizeof(HMAC_SHA256_CTX)); + _HMAC_SHA256_Update(&hctx, ivec, 4, tmp32); + _HMAC_SHA256_Final(U, &hctx, tmp32, tmp8); + + /* T_i = U_1 ... */ + memcpy(T, U, 32); + + for (j = 2; j <= c; j++) { + /* Compute U_j. */ + memcpy(&hctx, &Phctx, sizeof(HMAC_SHA256_CTX)); + _HMAC_SHA256_Update(&hctx, U, 32, tmp32); + _HMAC_SHA256_Final(U, &hctx, tmp32, tmp8); + + /* ... xor U_j ... */ + for (k = 0; k < 32; k++) + T[k] ^= U[k]; + } + + /* Copy as many bytes as necessary into buf. */ + clen = dkLen - i * 32; + if (clen > 32) + clen = 32; + memcpy(&buf[i * 32], T, clen); + } + + /* Clean the stack. */ + insecure_memzero(&Phctx, sizeof(HMAC_SHA256_CTX)); + insecure_memzero(&PShctx, sizeof(HMAC_SHA256_CTX)); + insecure_memzero(&hctx, sizeof(HMAC_SHA256_CTX)); + insecure_memzero(tmp32, 288); + insecure_memzero(tmp8, 96); + insecure_memzero(U, 32); + insecure_memzero(T, 32); +} diff --git a/contrib/hbcrypto/3rd/scrypt/sha256.h b/contrib/hbcrypto/3rd/scrypt/sha256.h new file mode 100644 index 0000000000..4f2d529459 --- /dev/null +++ b/contrib/hbcrypto/3rd/scrypt/sha256.h @@ -0,0 +1,95 @@ +#ifndef _SHA256_H_ +#define _SHA256_H_ + +#include +#include "_compat.h" + +/* + * Use #defines in order to avoid namespace collisions with anyone else's + * SHA256 code (e.g., the code in OpenSSL). + */ +#define SHA256_Init libcperciva_SHA256_Init +#define SHA256_Update libcperciva_SHA256_Update +#define SHA256_Final libcperciva_SHA256_Final +#define SHA256_Buf libcperciva_SHA256_Buf +#define SHA256_CTX libcperciva_SHA256_CTX +#define HMAC_SHA256_Init libcperciva_HMAC_SHA256_Init +#define HMAC_SHA256_Update libcperciva_HMAC_SHA256_Update +#define HMAC_SHA256_Final libcperciva_HMAC_SHA256_Final +#define HMAC_SHA256_Buf libcperciva_HMAC_SHA256_Buf +#define HMAC_SHA256_CTX libcperciva_HMAC_SHA256_CTX + +/* Context structure for SHA256 operations. */ +typedef struct { + uint32_t state[8]; + uint64_t count; + uint8_t buf[64]; +} SHA256_CTX; + +/** + * SHA256_Init(ctx): + * Initialize the SHA256 context ${ctx}. + */ +void SHA256_Init(SHA256_CTX *); + +/** + * SHA256_Update(ctx, in, len): + * Input ${len} bytes from ${in} into the SHA256 context ${ctx}. + */ +void SHA256_Update(SHA256_CTX *, const void *, size_t); + +/** + * SHA256_Final(digest, ctx): + * Output the SHA256 hash of the data input to the context ${ctx} into the + * buffer ${digest}. + */ +void SHA256_Final(uint8_t[32], SHA256_CTX *); + +/** + * SHA256_Buf(in, len, digest): + * Compute the SHA256 hash of ${len} bytes from ${in} and write it to ${digest}. + */ +void SHA256_Buf(const void *, size_t, uint8_t[32]); + +/* Context structure for HMAC-SHA256 operations. */ +typedef struct { + SHA256_CTX ictx; + SHA256_CTX octx; +} HMAC_SHA256_CTX; + +/** + * HMAC_SHA256_Init(ctx, K, Klen): + * Initialize the HMAC-SHA256 context ${ctx} with ${Klen} bytes of key from + * ${K}. + */ +void HMAC_SHA256_Init(HMAC_SHA256_CTX *, const void *, size_t); + +/** + * HMAC_SHA256_Update(ctx, in, len): + * Input ${len} bytes from ${in} into the HMAC-SHA256 context ${ctx}. + */ +void HMAC_SHA256_Update(HMAC_SHA256_CTX *, const void *, size_t); + +/** + * HMAC_SHA256_Final(digest, ctx): + * Output the HMAC-SHA256 of the data input to the context ${ctx} into the + * buffer ${digest}. + */ +void HMAC_SHA256_Final(uint8_t[32], HMAC_SHA256_CTX *); + +/** + * HMAC_SHA256_Buf(K, Klen, in, len, digest): + * Compute the HMAC-SHA256 of ${len} bytes from ${in} using the key ${K} of + * length ${Klen}, and write the result to ${digest}. + */ +void HMAC_SHA256_Buf(const void *, size_t, const void *, size_t, uint8_t[32]); + +/** + * PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, c, buf, dkLen): + * Compute PBKDF2(passwd, salt, c, dkLen) using HMAC-SHA256 as the PRF, and + * write the output to buf. The value dkLen must be at most 32 * (2^32 - 1). + */ +void PBKDF2_SHA256(const uint8_t *, size_t, const uint8_t *, size_t, + uint64_t, uint8_t *, size_t); + +#endif /* !_SHA256_H_ */ diff --git a/contrib/hbcrypto/bcrypt.c b/contrib/hbcrypto/bcrypt.c new file mode 100644 index 0000000000..628795117e --- /dev/null +++ b/contrib/hbcrypto/bcrypt.c @@ -0,0 +1,770 @@ +/* + * Harbour interface to bcrypt password hashing + * + * Copyright 2015 Viktor Szakats (hb_bcrypt()) + * For additional Copyrights and Licenses, see below. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; see the file LICENSE.txt. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301 USA (or visit https://www.gnu.org/licenses/). + * + * As a special exception, the Harbour Project gives permission for + * additional uses of the text contained in its release of Harbour. + * + * The exception is that, if you link the Harbour libraries with other + * files to produce an executable, this does not by itself cause the + * resulting executable to be covered by the GNU General Public License. + * Your use of that executable is in no way restricted on account of + * linking the Harbour library code into it. + * + * This exception does not however invalidate any other reasons why + * the executable file might be covered by the GNU General Public License. + * + * This exception applies only to the code released by the Harbour + * Project under the name Harbour. If you copy code from other + * Harbour Project or Free Software Foundation releases into a copy of + * Harbour, as the General Public License permits, the exception does + * not apply to the code that you add in this way. To avoid misleading + * anyone as to the status of such modified files, you must delete + * this exception notice from them. + * + * If you write modifications of your own for Harbour, it is your choice + * whether to permit this exception to apply to your modifications. + * If you do not wish that, delete this exception notice. + * + */ + +#include "hbapi.h" +#include "hbapierr.h" +#include "hbcrypto.h" + +/* + * Blowfish - a fast block cipher designed by Bruce Schneier + * + * Copyright 1997 Niels Provos + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Niels Provos. + * 4. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* Schneier specifies a maximum key length of 56 bytes. + * This ensures that every key bit affects every cipher + * bit. However, the subkeys can hold up to 72 bytes. + * Warning: For normal blowfish encryption only 56 bytes + * of the key affect all cipherbits. + */ + +#define BLF_N 16 /* Number of Subkeys */ +#define BLF_MAXKEYLEN ( ( BLF_N - 2 ) * 4 ) /* 448 bits */ + +/* Blowfish context */ +typedef struct BlowfishContext +{ + HB_U32 S[ 4 ][ 256 ]; /* S-Boxes */ + HB_U32 P[ BLF_N + 2 ]; /* Subkeys */ +} hb_blf_ctx; + +/* Raw access to customized Blowfish + * blf_key is just: + * Blowfish_initstate( state ) + * Blowfish_expand0state( state, key, keylen ) + */ + +/* + * pkcs #5 pbkdf2 implementation using the "bcrypt" hash + * + * The bcrypt hash function is derived from the bcrypt password hashing + * function with the following modifications: + * 1. The input password and salt are preprocessed with SHA512. + * 2. The output length is expanded to 256 bits. + * 3. Subsequently the magic string to be encrypted is lengthened and modifed + * to "OxychromaticBlowfishSwatDynamite" + * 4. The hash function is defined to perform 64 rounds of initial state + * expansion. (More rounds are performed by iterating the hash.) + * + * Note that this implementation pulls the SHA512 operations into the caller + * as a performance optimization. + * + * One modification from official pbkdf2. Instead of outputting key material + * linearly, we mix it. pbkdf2 has a known weakness where if one uses it to + * generate (i.e.) 512 bits of key material for use as two 256 bit keys, an + * attacker can merely run once through the outer loop below, but the user + * always runs it twice. Shuffling output bytes requires computing the + * entirety of the key material to assemble any subkey. This is something a + * wise caller could do; we just do it for you. + */ + +/* + * Blowfish block cipher for OpenBSD + * Copyright 1997 Niels Provos + * All rights reserved. + * + * Implementation advice by David Mazieres . + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Niels Provos. + * 4. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* Function for Feistel Networks */ + +#define F( s, x ) ( ( ( ( s )[ ( ( ( x ) >> 24 ) & 0xFF ) ] \ + + ( s )[ 0x100 + ( ( ( x ) >> 16 ) & 0xFF ) ] ) \ + ^ ( s )[ 0x200 + ( ( ( x ) >> 8 ) & 0xFF ) ] ) \ + + ( s )[ 0x300 + ( ( x ) & 0xFF ) ] ) + +#define BLFRND( s, p, i, j, n ) ( i ^= F( s, j ) ^ ( p )[ n ] ) + +static void hb_Blowfish_encipher( hb_blf_ctx * c, HB_U32 * xl, HB_U32 * xr ) +{ + HB_U32 Xl; + HB_U32 Xr; + HB_U32 * s = c->S[ 0 ]; + HB_U32 * p = c->P; + + Xl = *xl; + Xr = *xr; + + Xl ^= p[ 0 ]; + BLFRND( s, p, Xr, Xl, 1 ); BLFRND( s, p, Xl, Xr, 2 ); + BLFRND( s, p, Xr, Xl, 3 ); BLFRND( s, p, Xl, Xr, 4 ); + BLFRND( s, p, Xr, Xl, 5 ); BLFRND( s, p, Xl, Xr, 6 ); + BLFRND( s, p, Xr, Xl, 7 ); BLFRND( s, p, Xl, Xr, 8 ); + BLFRND( s, p, Xr, Xl, 9 ); BLFRND( s, p, Xl, Xr, 10 ); + BLFRND( s, p, Xr, Xl, 11 ); BLFRND( s, p, Xl, Xr, 12 ); + BLFRND( s, p, Xr, Xl, 13 ); BLFRND( s, p, Xl, Xr, 14 ); + BLFRND( s, p, Xr, Xl, 15 ); BLFRND( s, p, Xl, Xr, 16 ); + + *xl = Xr ^ p[ 17 ]; + *xr = Xl; +} + +static void hb_Blowfish_initstate( hb_blf_ctx * c ) +{ + /* P-box and S-box tables initialized with digits of Pi */ + + static const hb_blf_ctx initstate = + { { + { + 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, + 0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99, + 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16, + 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, + 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee, + 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013, + 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, + 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e, + 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60, + 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, + 0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce, + 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a, + 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, + 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677, + 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193, + 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, + 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88, + 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239, + 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, + 0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0, + 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3, + 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, + 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88, + 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe, + 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, + 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d, + 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b, + 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, + 0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba, + 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463, + 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, + 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09, + 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3, + 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, + 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279, + 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8, + 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, + 0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82, + 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db, + 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, + 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0, + 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b, + 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, + 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8, + 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4, + 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, + 0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7, + 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c, + 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, + 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1, + 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299, + 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, + 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477, + 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf, + 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, + 0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af, + 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa, + 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, + 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41, + 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915, + 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, + 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915, + 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664, + 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a + }, + { + 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, + 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266, + 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1, + 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, + 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6, + 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1, + 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, + 0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1, + 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737, + 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, + 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff, + 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd, + 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, + 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7, + 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41, + 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, + 0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf, + 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af, + 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, + 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87, + 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c, + 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, + 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16, + 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd, + 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, + 0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509, + 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e, + 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, + 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f, + 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a, + 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, + 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960, + 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66, + 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, + 0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802, + 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84, + 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, + 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf, + 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14, + 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, + 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50, + 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7, + 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, + 0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281, + 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99, + 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, + 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128, + 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73, + 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, + 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0, + 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105, + 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, + 0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3, + 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285, + 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, + 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061, + 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb, + 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, + 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735, + 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc, + 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, + 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340, + 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20, + 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7 + }, + { + 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, + 0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068, + 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af, + 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, + 0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45, + 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504, + 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, + 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb, + 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee, + 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, + 0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42, + 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b, + 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, + 0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb, + 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527, + 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, + 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33, + 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c, + 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, + 0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc, + 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17, + 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, + 0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b, + 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115, + 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, + 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728, + 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0, + 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, + 0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37, + 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d, + 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, + 0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b, + 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3, + 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, + 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d, + 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c, + 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, + 0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9, + 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a, + 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, + 0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d, + 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc, + 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, + 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61, + 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2, + 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, + 0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2, + 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c, + 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, + 0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633, + 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10, + 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, + 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52, + 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027, + 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, + 0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62, + 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634, + 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, + 0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24, + 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc, + 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, + 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c, + 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837, + 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0 + }, + { + 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, + 0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe, + 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b, + 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, + 0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8, + 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6, + 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, + 0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22, + 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4, + 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, + 0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9, + 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59, + 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, + 0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51, + 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28, + 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, + 0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b, + 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28, + 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, + 0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd, + 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a, + 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, + 0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb, + 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f, + 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, + 0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32, + 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680, + 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, + 0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae, + 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb, + 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, + 0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47, + 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370, + 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, + 0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84, + 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048, + 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, + 0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd, + 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9, + 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, + 0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38, + 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f, + 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, + 0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525, + 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1, + 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, + 0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964, + 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e, + 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, + 0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d, + 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f, + 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, + 0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02, + 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc, + 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, + 0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a, + 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6, + 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, + 0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0, + 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060, + 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, + 0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9, + 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, + 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6 + } + }, + { + 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, + 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89, + 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, + 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, + 0x9216d5d9, 0x8979fb1b + } }; + + *c = initstate; +} + +/* Converts HB_U8 to HB_U32 */ +static HB_U32 hb_Blowfish_stream2word( const HB_U8 * data, HB_U16 databytes, + HB_U16 * current ) +{ + HB_U8 i; + HB_U16 j; + HB_U32 temp; + + temp = 0x00000000; + j = *current; + + for( i = 0; i < 4; ++i, ++j ) + { + if( j >= databytes ) + j = 0; + temp = ( temp << 8 ) | data[ j ]; + } + + *current = j; + return temp; +} + +static void hb_Blowfish_expand0state( hb_blf_ctx * c, + const HB_U8 * key, + HB_U16 keybytes ) +{ + HB_U16 i; + HB_U16 j; + HB_U32 temp; + HB_U32 datal; + HB_U32 datar; + + j = 0; + for( i = 0; i < BLF_N + 2; ++i ) + { + /* Extract 4 int8 to 1 int32 from keystream */ + temp = hb_Blowfish_stream2word( key, keybytes, &j ); + c->P[ i ] = c->P[ i ] ^ temp; + } + + j = 0; + datal = 0x00000000; + datar = 0x00000000; + for( i = 0; i < BLF_N + 2; i += 2 ) + { + hb_Blowfish_encipher( c, &datal, &datar ); + + c->P[ i ] = datal; + c->P[ i + 1 ] = datar; + } + + for( i = 0; i < 4; ++i ) + { + HB_U16 k; + for( k = 0; k < 256; k += 2 ) + { + hb_Blowfish_encipher( c, &datal, &datar ); + + c->S[ i ][ k ] = datal; + c->S[ i ][ k + 1 ] = datar; + } + } +} + + +static void hb_Blowfish_expandstate( hb_blf_ctx * c, + const HB_U8 * data, HB_U16 databytes, + const HB_U8 * key, + HB_U16 keybytes ) +{ + HB_U16 i; + HB_U16 j; + HB_U32 temp; + HB_U32 datal; + HB_U32 datar; + + j = 0; + for( i = 0; i < BLF_N + 2; ++i ) + { + /* Extract 4 int8 to 1 int32 from keystream */ + temp = hb_Blowfish_stream2word( key, keybytes, &j ); + c->P[ i ] = c->P[ i ] ^ temp; + } + + j = 0; + datal = 0x00000000; + datar = 0x00000000; + for( i = 0; i < BLF_N + 2; i += 2 ) + { + datal ^= hb_Blowfish_stream2word( data, databytes, &j ); + datar ^= hb_Blowfish_stream2word( data, databytes, &j ); + hb_Blowfish_encipher( c, &datal, &datar ); + + c->P[ i ] = datal; + c->P[ i + 1 ] = datar; + } + + for( i = 0; i < 4; ++i ) + { + HB_U16 k; + for( k = 0; k < 256; k += 2 ) + { + datal ^= hb_Blowfish_stream2word( data, databytes, &j ); + datar ^= hb_Blowfish_stream2word( data, databytes, &j ); + hb_Blowfish_encipher( c, &datal, &datar ); + + c->S[ i ][ k ] = datal; + c->S[ i ][ k + 1 ] = datar; + } + } + +} + +static void hb_blf_enc( hb_blf_ctx * c, HB_U32 * data, HB_U16 blocks ) +{ + HB_U32 * d = data; + HB_U16 i; + + for( i = 0; i < blocks; ++i ) + { + hb_Blowfish_encipher( c, d, d + 1 ); + d += 2; + } +} + +/* $OpenBSD: bcrypt_pbkdf.c,v 1.3 2013/06/04 15:55:50 tedu Exp $ */ +/* + * Copyright (c) 2013 Ted Unangst + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#define BCRYPT_BLOCKS 8 +#define BCRYPT_HASHSIZE ( BCRYPT_BLOCKS * 4 ) + +static void bcrypt_hash( HB_U8 * sha2pass, HB_U8 * sha2salt, HB_U8 * out ) +{ + hb_blf_ctx state; + + HB_U8 ciphertext[ BCRYPT_HASHSIZE ] = { + 'O', 'x', 'y', 'c', 'h', 'r', 'o', 'm', + 'a', 't', 'i', 'c', 'B', 'l', 'o', 'w', + 'f', 'i', 's', 'h', 'S', 'w', 'a', 't', + 'D', 'y', 'n', 'a', 'm', 'i', 't', 'e' }; + + HB_U32 cdata[ BCRYPT_BLOCKS ]; + int i; + HB_U16 j; + HB_U16 shalen = HB_SHA512_DIGEST_SIZE; + + /* key expansion */ + hb_Blowfish_initstate( &state ); + hb_Blowfish_expandstate( &state, sha2salt, shalen, sha2pass, shalen ); + for( i = 0; i < 64; ++i ) + { + hb_Blowfish_expand0state( &state, sha2salt, shalen ); + hb_Blowfish_expand0state( &state, sha2pass, shalen ); + } + + /* encryption */ + j = 0; + for( i = 0; i < BCRYPT_BLOCKS; ++i ) + cdata[ i ] = hb_Blowfish_stream2word( ciphertext, sizeof( ciphertext ), + &j ); + for( i = 0; i < 64; ++i ) + hb_blf_enc( &state, cdata, sizeof( cdata ) / sizeof( HB_U64 ) ); + + /* copy out */ + for( i = 0; i < BCRYPT_BLOCKS; ++i ) + { + out[ 4 * i + 3 ] = ( cdata[ i ] >> 24 ) & 0xff; + out[ 4 * i + 2 ] = ( cdata[ i ] >> 16 ) & 0xff; + out[ 4 * i + 1 ] = ( cdata[ i ] >> 8 ) & 0xff; + out[ 4 * i + 0 ] = cdata[ i ] & 0xff; + } + + /* zap */ + memset( ciphertext, 0, sizeof( ciphertext ) ); + memset( cdata, 0, sizeof( cdata ) ); + memset( &state, 0, sizeof( state ) ); +} + +static int bcrypt_pbkdf( const HB_U8 * pass, size_t passlen, + const HB_U8 * salt, size_t saltlen, + HB_U8 * key, size_t keylen, + unsigned int rounds ) +{ + hb_sha512_ctx ctx; + + HB_U8 sha2pass[ HB_SHA512_DIGEST_SIZE ]; + HB_U8 sha2salt[ HB_SHA512_DIGEST_SIZE ]; + HB_U8 out[ BCRYPT_HASHSIZE ]; + HB_U8 tmpout[ BCRYPT_HASHSIZE ]; + HB_U8 countsalt[ 4 ]; + size_t i, j, amt, stride; + HB_U32 count; + + /* nothing crazy */ + if( rounds < 1 ) + return -1; + if( passlen == 0 || saltlen == 0 || keylen == 0 || + keylen > sizeof( out ) * sizeof( out ) ) + return -1; + stride = ( keylen + sizeof( out ) - 1 ) / sizeof( out ); + amt = ( keylen + stride - 1 ) / stride; + + /* collapse password */ + hb_sha512_init( &ctx ); + hb_sha512_update( &ctx, pass, passlen ); + hb_sha512_final( &ctx, sha2pass ); + + /* generate key, sizeof(out) at a time */ + for( count = 1; keylen > 0; count++ ) + { + countsalt[ 0 ] = ( count >> 24 ) & 0xff; + countsalt[ 1 ] = ( count >> 16 ) & 0xff; + countsalt[ 2 ] = ( count >> 8 ) & 0xff; + countsalt[ 3 ] = count & 0xff; + + /* first round, salt is salt */ + hb_sha512_init( &ctx ); + hb_sha512_update( &ctx, salt, saltlen ); + hb_sha512_update( &ctx, countsalt, sizeof( countsalt ) ); + hb_sha512_final( &ctx, sha2salt ); + bcrypt_hash( sha2pass, sha2salt, tmpout ); + memcpy( out, tmpout, sizeof( out ) ); + + for( i = 1; i < rounds; ++i ) + { + /* subsequent rounds, salt is previous output */ + hb_sha512_init( &ctx ); + hb_sha512_update( &ctx, tmpout, sizeof( tmpout ) ); + hb_sha512_final( &ctx, sha2salt ); + bcrypt_hash( sha2pass, sha2salt, tmpout ); + for( j = 0; j < sizeof( out ); ++j ) + out[ j ] ^= tmpout[ j ]; + } + + /* + * pbkdf2 deviation: output the key material non-linearly. + */ + if( keylen < amt ) + amt = keylen; + for( i = 0; i < amt; ++i ) + key[ i * stride + ( count - 1 ) ] = out[ i ]; + keylen -= amt; + } + + /* zap */ + memset( &ctx, 0, sizeof( ctx ) ); + memset( out, 0, sizeof( out ) ); + + return 0; +} + +/* hb_bcrypt( , , , ) --> */ +HB_FUNC( HB_BCRYPT ) +{ + HB_ISIZ keylen = hb_parns( 4 ); + unsigned int rounds = ( unsigned int ) hb_parnldef( 3, 42 ); + + if( HB_ISCHAR( 1 ) && + HB_ISCHAR( 2 ) && + keylen >= 0 && + rounds >= 1 ) + { + HB_U8 * buf = ( HB_U8 * ) hb_xgrab( keylen + 1 ); + + if( bcrypt_pbkdf( + ( const HB_U8 * ) hb_parc( 1 ), ( size_t ) hb_parclen( 1 ), + ( const HB_U8 * ) hb_parc( 2 ), ( size_t ) hb_parclen( 2 ), + buf, keylen, rounds ) != 0 ) + { + hb_xfree( buf ); + hb_retc_null(); + } + else + hb_retclen_buffer( ( char * ) buf, keylen ); + } + else + hb_errRT_BASE( EG_ARG, 2101, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} diff --git a/contrib/hbcrypto/blake2b.c b/contrib/hbcrypto/blake2b.c new file mode 100644 index 0000000000..ff7bf46f9b --- /dev/null +++ b/contrib/hbcrypto/blake2b.c @@ -0,0 +1,261 @@ +/* + * BLAKE2b function wrapper (fast secure hash) + * + * Copyright 2015 Viktor Szakats + * (Harbour wrapper and low-level code adaptation) + * + * Low-level BLAKE2 C code courtesy of + * 2015-01-25 Markku-Juhani O. Saarinen + * A simple BLAKE2b Reference Implementation + * as of + * https://github.com/mjosaarinen/blake2_mjosref/commit/861edb3c33b5d7eaa2bddea5aaa13f6754bea10a + * License: CC0 1.0 Universal + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; see the file LICENSE.txt. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301 USA (or visit https://www.gnu.org/licenses/). + * + * As a special exception, the Harbour Project gives permission for + * additional uses of the text contained in its release of Harbour. + * + * The exception is that, if you link the Harbour libraries with other + * files to produce an executable, this does not by itself cause the + * resulting executable to be covered by the GNU General Public License. + * Your use of that executable is in no way restricted on account of + * linking the Harbour library code into it. + * + * This exception does not however invalidate any other reasons why + * the executable file might be covered by the GNU General Public License. + * + * This exception applies only to the code released by the Harbour + * Project under the name Harbour. If you copy code from other + * Harbour Project or Free Software Foundation releases into a copy of + * Harbour, as the General Public License permits, the exception does + * not apply to the code that you add in this way. To avoid misleading + * anyone as to the status of such modified files, you must delete + * this exception notice from them. + * + * If you write modifications of your own for Harbour, it is your choice + * whether to permit this exception to apply to your modifications. + * If you do not wish that, delete this exception notice. + * + */ + +/* https://tools.ietf.org/html/draft-saarinen-blake2-03 */ + +#include "hbapi.h" + +/* state context */ +typedef struct +{ + HB_U8 b[ 128 ]; /* input buffer */ + HB_U64 h[ 8 ]; /* chained state */ + HB_U64 t[ 2 ]; /* total number of bytes */ + HB_SIZE c; /* pointer for b[] */ + HB_SIZE outlen; /* digest size */ +} blake2b_ctx; + +/* cyclic right rotation */ +#define _HB_ROTR64( x, y ) ( ( ( x ) >> ( y ) ) ^ ( ( x ) << ( 64 - ( y ) ) ) ) + +/* G Mixing function */ +#define B2B_G( a, b, c, d, x, y ) { \ + v[ a ] = v[ a ] + v[ b ] + x; \ + v[ d ] = _HB_ROTR64( v[ d ] ^ v[ a ], 32 ); \ + v[ c ] = v[ c ] + v[ d ]; \ + v[ b ] = _HB_ROTR64( v[ b ] ^ v[ c ], 24 ); \ + v[ a ] = v[ a ] + v[ b ] + y; \ + v[ d ] = _HB_ROTR64( v[ d ] ^ v[ a ], 16 ); \ + v[ c ] = v[ c ] + v[ d ]; \ + v[ b ] = _HB_ROTR64( v[ b ] ^ v[ c ], 63 ); } + +/* Initialization Vector */ +static const HB_U64 blake2b_iv[ 8 ] = +{ + 0x6A09E667F3BCC908, 0xBB67AE8584CAA73B, + 0x3C6EF372FE94F82B, 0xA54FF53A5F1D36F1, + 0x510E527FADE682D1, 0x9B05688C2B3E6C1F, + 0x1F83D9ABFB41BD6B, 0x5BE0CD19137E2179 +}; + +/* Compression function. "last" flag indicates last block. */ +static void blake2b_compress( blake2b_ctx * ctx, int last ) +{ + static const HB_U8 sigma[ 12 ][ 16 ] = { + { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 }, + { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 }, + { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 }, + { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 }, + { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 }, + { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 }, + { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 }, + { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 }, + { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 }, + { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0 }, + { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 }, + { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } + }; + + int i; + HB_U64 v[ 16 ], m[ 16 ]; + + for( i = 0; i < 8; i++ ) /* init work variables */ + { + v[ i ] = ctx->h[ i ]; + v[ i + 8 ] = blake2b_iv[ i ]; + } + + v[ 12 ] ^= ctx->t[ 0 ]; /* low 64 bits of offset */ + v[ 13 ] ^= ctx->t[ 1 ]; /* high 64 bits */ + if( last ) /* last block flag set ? */ + v[ 14 ] = ~v[ 14 ]; + + for( i = 0; i < 16; i++ ) /* get little-endian words */ + m[ i ] = HB_GET_UINT64( &ctx->b[ 8 * i ] ); + + for( i = 0; i < 12; i++ ) /* twelve rounds */ + { + B2B_G( 0, 4, 8, 12, m[ sigma[ i ][ 0 ] ], m[ sigma[ i ][ 1 ] ] ); + B2B_G( 1, 5, 9, 13, m[ sigma[ i ][ 2 ] ], m[ sigma[ i ][ 3 ] ] ); + B2B_G( 2, 6, 10, 14, m[ sigma[ i ][ 4 ] ], m[ sigma[ i ][ 5 ] ] ); + B2B_G( 3, 7, 11, 15, m[ sigma[ i ][ 6 ] ], m[ sigma[ i ][ 7 ] ] ); + B2B_G( 0, 5, 10, 15, m[ sigma[ i ][ 8 ] ], m[ sigma[ i ][ 9 ] ] ); + B2B_G( 1, 6, 11, 12, m[ sigma[ i ][ 10 ] ], m[ sigma[ i ][ 11 ] ] ); + B2B_G( 2, 7, 8, 13, m[ sigma[ i ][ 12 ] ], m[ sigma[ i ][ 13 ] ] ); + B2B_G( 3, 4, 9, 14, m[ sigma[ i ][ 14 ] ], m[ sigma[ i ][ 15 ] ] ); + } + + for( i = 0; i < 8; ++i ) + ctx->h[ i ] ^= v[ i ] ^ v[ i + 8 ]; +} + +/* update with new data */ +static void blake2b_update( blake2b_ctx * ctx, + const void * in, HB_SIZE inlen ) /* data bytes */ +{ + HB_SIZE i; + + for( i = 0; i < inlen; i++ ) + { + if( ctx->c == 128 ) /* buffer full ? */ + { + ctx->t[ 0 ] += ctx->c; /* add counters */ + if( ctx->t[ 0 ] < ctx->c ) /* carry overflow ? */ + ctx->t[ 1 ]++; /* high word */ + blake2b_compress( ctx, 0 ); /* compress (not last) */ + ctx->c = 0; /* counter to zero */ + } + ctx->b[ ctx->c++ ] = ( ( const HB_U8 * ) in )[ i ]; + } +} + +/* Initialize the state. key is optional */ +static int blake2b_init( blake2b_ctx * ctx, HB_SIZE outlen, + const void * key, HB_SIZE keylen ) /* (keylen=0: no key) */ +{ + HB_SIZE i; + + if( outlen == 0 || outlen > 64 || keylen > 64 ) + return -1; /* illegal parameters */ + + for( i = 0; i < 8; i++ ) /* state, "param block" */ + ctx->h[ i ] = blake2b_iv[ i ]; + ctx->h[ 0 ] ^= 0x01010000 ^ ( keylen << 8 ) ^ outlen; + + ctx->t[ 0 ] = 0; /* input count low word */ + ctx->t[ 1 ] = 0; /* input count high word */ + ctx->c = 0; /* pointer within buffer */ + ctx->outlen = outlen; + + for( i = keylen; i < 128; i++ ) /* zero input block */ + ctx->b[ i ] = 0; + if( keylen > 0 ) + { + blake2b_update( ctx, key, keylen ); + ctx->c = 128; /* at the end */ + } + + return 0; +} + +/* finalize */ +static void blake2b_final( blake2b_ctx * ctx, void * out ) +{ + HB_SIZE i; + + ctx->t[ 0 ] += ctx->c; /* mark last block offset */ + if( ctx->t[ 0 ] < ctx->c ) /* carry overflow */ + ctx->t[ 1 ]++; /* high word */ + + while( ctx->c < 128 ) /* fill up with zeros */ + ctx->b[ ctx->c++ ] = 0; + blake2b_compress( ctx, 1 ); /* final block flag = 1 */ + + /* little endian convert and store */ + for( i = 0; i < ctx->outlen; i++ ) + { + ( ( HB_U8 * ) out )[ i ] = + ( ctx->h[ i >> 3 ] >> ( 8 * ( i & 7 ) ) ) & 0xFF; + } +} + +/* convenience function for all-in-one computation */ +static int blake2b( void * out, HB_SIZE outlen, + const void * key, HB_SIZE keylen, + const void * in, HB_SIZE inlen ) +{ + blake2b_ctx ctx; + + if( blake2b_init( &ctx, outlen, key, keylen ) ) + return -1; + blake2b_update( &ctx, in, inlen ); + blake2b_final( &ctx, out ); + + return 0; +} + +#define BLAKE2B_OUTBYTES 64 + +/* hb_BLAKE2b( , [], [], [] ) --> */ +HB_FUNC( HB_BLAKE2B ) +{ + const char * pszStr = hb_parc( 1 ); + + if( pszStr ) + { + int iHashLen = hb_parnidef( 3, BLAKE2B_OUTBYTES ); + HB_U8 out[ BLAKE2B_OUTBYTES ]; + + if( iHashLen < 1 ) + iHashLen = 1; + else if( iHashLen > BLAKE2B_OUTBYTES ) + iHashLen = BLAKE2B_OUTBYTES; + + if( blake2b( out, iHashLen, hb_parc( 2 ), hb_parclen( 2 ), pszStr, hb_parclen( 1 ) ) == 0 ) + { + if( ! hb_parl( 4 ) ) + { + char digest[ ( sizeof( out ) * 2 ) + 1 ]; + hb_strtohex( ( char * ) out, iHashLen, digest ); + hb_retclen( digest, iHashLen * 2 ); + } + else + hb_retclen( ( char * ) out, iHashLen ); + + return; + } + } + + hb_retc_null(); +} diff --git a/contrib/hbcrypto/blake2s.c b/contrib/hbcrypto/blake2s.c new file mode 100644 index 0000000000..d0eea32df2 --- /dev/null +++ b/contrib/hbcrypto/blake2s.c @@ -0,0 +1,259 @@ +/* + * BLAKE2s function wrapper (fast secure hash) + * + * Copyright 2015 Viktor Szakats + * (Harbour wrapper and low-level code adaptation) + * + * Low-level BLAKE2 C code courtesy of + * 2015-01-25 Markku-Juhani O. Saarinen + * A simple BLAKE2b Reference Implementation + * as of + * https://github.com/mjosaarinen/blake2_mjosref/commit/861edb3c33b5d7eaa2bddea5aaa13f6754bea10a + * License: CC0 1.0 Universal + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; see the file LICENSE.txt. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301 USA (or visit https://www.gnu.org/licenses/). + * + * As a special exception, the Harbour Project gives permission for + * additional uses of the text contained in its release of Harbour. + * + * The exception is that, if you link the Harbour libraries with other + * files to produce an executable, this does not by itself cause the + * resulting executable to be covered by the GNU General Public License. + * Your use of that executable is in no way restricted on account of + * linking the Harbour library code into it. + * + * This exception does not however invalidate any other reasons why + * the executable file might be covered by the GNU General Public License. + * + * This exception applies only to the code released by the Harbour + * Project under the name Harbour. If you copy code from other + * Harbour Project or Free Software Foundation releases into a copy of + * Harbour, as the General Public License permits, the exception does + * not apply to the code that you add in this way. To avoid misleading + * anyone as to the status of such modified files, you must delete + * this exception notice from them. + * + * If you write modifications of your own for Harbour, it is your choice + * whether to permit this exception to apply to your modifications. + * If you do not wish that, delete this exception notice. + * + */ + +/* https://tools.ietf.org/html/draft-saarinen-blake2-03 */ + +#include "hbapi.h" + +/* state context */ +typedef struct +{ + HB_U8 b[ 64 ]; /* input buffer */ + HB_U32 h[ 8 ]; /* chained state */ + HB_U32 t[ 2 ]; /* total number of bytes */ + HB_SIZE c; /* pointer for b[] */ + HB_SIZE outlen; /* digest size */ +} blake2s_ctx; + +/* cyclic right rotation */ +#define _HB_ROTR32( x, y ) ( ( ( x ) >> ( y ) ) ^ ( ( x ) << ( 32 - ( y ) ) ) ) + +/* G Mixing function */ +#define B2S_G( a, b, c, d, x, y ) { \ + v[ a ] = v[ a ] + v[ b ] + x; \ + v[ d ] = _HB_ROTR32( v[ d ] ^ v[ a ], 16 ); \ + v[ c ] = v[ c ] + v[ d ]; \ + v[ b ] = _HB_ROTR32( v[ b ] ^ v[ c ], 12 ); \ + v[ a ] = v[ a ] + v[ b ] + y; \ + v[ d ] = _HB_ROTR32( v[ d ] ^ v[ a ], 8 ); \ + v[ c ] = v[ c ] + v[ d ]; \ + v[ b ] = _HB_ROTR32( v[ b ] ^ v[ c ], 7 ); } + +/* Initialization Vector */ +static const HB_U32 blake2s_iv[ 8 ] = +{ + 0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A, + 0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19 +}; + +/* Compression function. "last" flag indicates last block. */ +static void blake2s_compress( blake2s_ctx * ctx, int last ) +{ + static const HB_U8 sigma[ 10 ][ 16 ] = { + { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 }, + { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 }, + { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 }, + { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 }, + { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 }, + { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 }, + { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 }, + { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 }, + { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 }, + { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0 } + }; + + int i; + HB_U32 v[ 16 ], m[ 16 ]; + + for( i = 0; i < 8; i++ ) /* init work variables */ + { + v[ i ] = ctx->h[ i ]; + v[ i + 8 ] = blake2s_iv[ i ]; + } + + v[ 12 ] ^= ctx->t[ 0 ]; /* low 32 bits of offset */ + v[ 13 ] ^= ctx->t[ 1 ]; /* high 32 bits */ + if( last ) /* last block flag set ? */ + v[ 14 ] = ~v[ 14 ]; + + for( i = 0; i < 16; i++ ) /* get little-endian words */ + m[ i ] = HB_GET_UINT32( &ctx->b[ 4 * i ] ); + + for( i = 0; i < 10; i++ ) /* ten rounds */ + { + B2S_G( 0, 4, 8, 12, m[ sigma[ i ][ 0 ] ], m[ sigma[ i ][ 1 ] ] ); + B2S_G( 1, 5, 9, 13, m[ sigma[ i ][ 2 ] ], m[ sigma[ i ][ 3 ] ] ); + B2S_G( 2, 6, 10, 14, m[ sigma[ i ][ 4 ] ], m[ sigma[ i ][ 5 ] ] ); + B2S_G( 3, 7, 11, 15, m[ sigma[ i ][ 6 ] ], m[ sigma[ i ][ 7 ] ] ); + B2S_G( 0, 5, 10, 15, m[ sigma[ i ][ 8 ] ], m[ sigma[ i ][ 9 ] ] ); + B2S_G( 1, 6, 11, 12, m[ sigma[ i ][ 10 ] ], m[ sigma[ i ][ 11 ] ] ); + B2S_G( 2, 7, 8, 13, m[ sigma[ i ][ 12 ] ], m[ sigma[ i ][ 13 ] ] ); + B2S_G( 3, 4, 9, 14, m[ sigma[ i ][ 14 ] ], m[ sigma[ i ][ 15 ] ] ); + } + + for( i = 0; i < 8; ++i ) + ctx->h[ i ] ^= v[ i ] ^ v[ i + 8 ]; +} + +/* update with new data */ +static void blake2s_update( blake2s_ctx * ctx, + const void * in, HB_SIZE inlen ) /* data bytes */ +{ + HB_SIZE i; + + for( i = 0; i < inlen; i++ ) + { + if( ctx->c == 64 ) /* buffer full ? */ + { + ctx->t[ 0 ] += ( HB_U32 ) ctx->c; /* add counters */ + if( ctx->t[ 0 ] < ctx->c ) /* carry overflow ? */ + ctx->t[ 1 ]++; /* high word */ + blake2s_compress( ctx, 0 ); /* compress (not last) */ + ctx->c = 0; /* counter to zero */ + } + ctx->b[ ctx->c++ ] = ( ( const HB_U8 * ) in )[ i ]; + } +} + +/* Initialize the state. key is optional */ +static int blake2s_init( blake2s_ctx * ctx, HB_SIZE outlen, + const void * key, HB_SIZE keylen ) /* (keylen=0: no key) */ +{ + HB_SIZE i; + + if( outlen == 0 || outlen > 32 || keylen > 32 ) + return -1; /* illegal parameters */ + + for( i = 0; i < 8; i++ ) /* state, "param block" */ + ctx->h[ i ] = blake2s_iv[ i ]; + ctx->h[ 0 ] ^= 0x01010000 ^ ( keylen << 8 ) ^ outlen; + + ctx->t[ 0 ] = 0; /* input count low word */ + ctx->t[ 1 ] = 0; /* input count high word */ + ctx->c = 0; /* pointer within buffer */ + ctx->outlen = outlen; + + for( i = keylen; i < 64; i++ ) /* zero input block */ + ctx->b[ i ] = 0; + if( keylen > 0 ) + { + blake2s_update( ctx, key, keylen ); + ctx->c = 64; /* at the end */ + } + + return 0; +} + +/* finalize */ +static void blake2s_final( blake2s_ctx * ctx, void * out ) +{ + HB_SIZE i; + + ctx->t[ 0 ] += ( HB_U32 ) ctx->c; /* mark last block offset */ + if( ctx->t[ 0 ] < ctx->c ) /* carry overflow */ + ctx->t[ 1 ]++; /* high word */ + + while( ctx->c < 64 ) /* fill up with zeros */ + ctx->b[ ctx->c++ ] = 0; + blake2s_compress( ctx, 1 ); /* final block flag = 1 */ + + /* little endian convert and store */ + for( i = 0; i < ctx->outlen; i++ ) + { + ( ( HB_U8 * ) out )[ i ] = + ( ctx->h[ i >> 2 ] >> ( 8 * ( i & 3 ) ) ) & 0xFF; + } +} + +/* convenience function for all-in-one computation */ +static int blake2s( void * out, HB_SIZE outlen, + const void * key, HB_SIZE keylen, + const void * in, HB_SIZE inlen ) +{ + blake2s_ctx ctx; + + if( blake2s_init( &ctx, outlen, key, keylen ) ) + return -1; + blake2s_update( &ctx, in, inlen ); + blake2s_final( &ctx, out ); + + return 0; +} + +#define BLAKE2S_OUTBYTES 32 + +/* hb_BLAKE2s( , [], [], [] ) --> */ +HB_FUNC( HB_BLAKE2S ) +{ + const char * pszStr = hb_parc( 1 ); + + if( pszStr ) + { + int iHashLen = hb_parnidef( 3, BLAKE2S_OUTBYTES ); + HB_U8 out[ BLAKE2S_OUTBYTES ]; + + memset( out, '\0', sizeof( out ) ); + + if( iHashLen < 1 ) + iHashLen = 1; + else if( iHashLen > BLAKE2S_OUTBYTES ) + iHashLen = BLAKE2S_OUTBYTES; + + if( blake2s( out, iHashLen, hb_parc( 2 ), hb_parclen( 2 ), pszStr, hb_parclen( 1 ) ) == 0 ) + { + if( ! hb_parl( 4 ) ) + { + char digest[ ( sizeof( out ) * 2 ) + 1 ]; + hb_strtohex( ( char * ) out, iHashLen, digest ); + hb_retclen( digest, iHashLen * 2 ); + } + else + hb_retclen( ( char * ) out, iHashLen ); + + return; + } + } + + hb_retc_null(); +} diff --git a/contrib/hbcrypto/ed25519.c b/contrib/hbcrypto/ed25519.c new file mode 100644 index 0000000000..adef52aa59 --- /dev/null +++ b/contrib/hbcrypto/ed25519.c @@ -0,0 +1,139 @@ +/* + * ED25519 wrappers + * + * Copyright 2015 Viktor Szakats + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; see the file LICENSE.txt. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301 USA (or visit https://www.gnu.org/licenses/). + * + * As a special exception, the Harbour Project gives permission for + * additional uses of the text contained in its release of Harbour. + * + * The exception is that, if you link the Harbour libraries with other + * files to produce an executable, this does not by itself cause the + * resulting executable to be covered by the GNU General Public License. + * Your use of that executable is in no way restricted on account of + * linking the Harbour library code into it. + * + * This exception does not however invalidate any other reasons why + * the executable file might be covered by the GNU General Public License. + * + * This exception applies only to the code released by the Harbour + * Project under the name Harbour. If you copy code from other + * Harbour Project or Free Software Foundation releases into a copy of + * Harbour, as the General Public License permits, the exception does + * not apply to the code that you add in this way. To avoid misleading + * anyone as to the status of such modified files, you must delete + * this exception notice from them. + * + * If you write modifications of your own for Harbour, it is your choice + * whether to permit this exception to apply to your modifications. + * If you do not wish that, delete this exception notice. + * + */ + +#include "hbapi.h" + +#include "hbapiitm.h" +#include "hbapierr.h" + +#include "ed25519.h" + +/* hb_ed25519_create_keypair( @, @ ) --> NIL */ +HB_FUNC( HB_ED25519_CREATE_KEYPAIR ) +{ + unsigned char seed[ 32 ], public_key[ 32 ], secret_key[ 64 ]; + + hb_random_block( seed, sizeof( seed ) ); + + ed25519_create_keypair( public_key, secret_key, seed ); + + hb_storclen( ( char * ) public_key, sizeof( public_key ), 1 ); + hb_storclen( ( char * ) secret_key, sizeof( secret_key ), 2 ); + + hb_ret(); +} + +/* hb_ed25519_get_pubkey( ) --> */ +HB_FUNC( HB_ED25519_GET_PUBKEY ) +{ + if( hb_parclen( 1 ) == 64 ) + { + unsigned char public_key[ 32 ]; + + ed25519_get_pubkey( public_key, ( const unsigned char * ) hb_parc( 1 ) ); + + hb_retclen( ( char * ) public_key, sizeof( public_key ) ); + } + else + hb_errRT_BASE_SubstR( EG_ARG, 3013, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + +/* hb_ed25519_sign( [, ], ) --> + NOTE: is always ignored. This argument is deprecated. */ +HB_FUNC( HB_ED25519_SIGN ) +{ + int secret_key_arg = hb_pcount() == 3 ? 3 : 2; /* COMPATIBILITY */ + + if( HB_ISCHAR( 1 ) && + hb_parclen( secret_key_arg ) == 64 ) + { + unsigned char signature[ 64 ]; + + ed25519_sign( signature, + ( const unsigned char * ) hb_parc( 1 ), ( size_t ) hb_parclen( 1 ), + NULL, + ( const unsigned char * ) hb_parc( secret_key_arg ) ); + + hb_retclen( ( char * ) signature, sizeof( signature ) ); + } + else + hb_errRT_BASE_SubstR( EG_ARG, 3013, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + +/* hb_ed25519_verify( , , ) --> */ +HB_FUNC( HB_ED25519_VERIFY ) +{ + if( hb_parclen( 1 ) == 64 && + HB_ISCHAR( 2 ) && + hb_parclen( 3 ) == 32 ) + hb_retl( ed25519_verify( ( const unsigned char * ) hb_parc( 1 ), + ( const unsigned char * ) hb_parc( 2 ), ( size_t ) hb_parclen( 2 ), + ( const unsigned char * ) hb_parc( 3 ) ) ); + else + hb_errRT_BASE_SubstR( EG_ARG, 3013, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + +#if 0 + +/* hb_ed25519_key_exchange( , ) --> */ +HB_FUNC( HB_ED25519_KEY_EXCHANGE ) +{ + if( hb_parclen( 1 ) == 32 && + hb_parclen( 2 ) == 64 ) + { + unsigned char shared_secret[ 32 ]; + + ed25519_key_exchange( shared_secret, + ( const unsigned char * ) hb_parc( 1 ), + ( const unsigned char * ) hb_parc( 2 ) ); + + hb_retclen( ( char * ) shared_secret, sizeof( shared_secret ) ); + } + else + hb_errRT_BASE_SubstR( EG_ARG, 3013, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} + +#endif diff --git a/contrib/hbcrypto/hbcrypto.hbc b/contrib/hbcrypto/hbcrypto.hbc new file mode 100644 index 0000000000..0a48f638bf --- /dev/null +++ b/contrib/hbcrypto/hbcrypto.hbc @@ -0,0 +1,5 @@ +description=Crypto functions + +libs=${_HB_DYNPREF}${hb_name}${_HB_DYNSUFF} +libs=3rd/ed25519/ed25519.hbc +libs=3rd/scrypt/scrypt.hbc diff --git a/contrib/hbcrypto/hbcrypto.hbp b/contrib/hbcrypto/hbcrypto.hbp new file mode 100644 index 0000000000..cd822936f3 --- /dev/null +++ b/contrib/hbcrypto/hbcrypto.hbp @@ -0,0 +1,43 @@ +-hblib +-inc + +-o${hb_name} + +-w3 -es2 + +-cflag=-DHAVE_CONFIG_H + +-depurlbase=ed25519:https://github.com/orlp/ed25519 +-depkeyhead=ed25519:ed25519.h +-depcontrol=ed25519:local{HB_BUILD_3RDEXT='no'} +-depcontrol=ed25519:${HB_WITH_ED25519} +-depincpathlocal=ed25519:3rd/ed25519 +-depfinish=ed25519 + +-depurlbase=scrypt:https://www.tarsnap.com/scrypt.html +-depkeyhead=scrypt:crypto_scrypt.h +-depcontrol=scrypt:local{HB_BUILD_3RDEXT='no'} +-depcontrol=scrypt:${HB_WITH_SCRYPT} +-depincpath=scrypt:/usr/include +-depincpathlocal=scrypt:3rd/scrypt +-depfinish=scrypt + +${hb_name}.hbx + +bcrypt.c + +blake2b.c +blake2s.c + +ed25519.c + +sha3.c + +pbkdf2.c +scrypt.c +strcmpc.c + +scryptcf.prg + +3rd/ed25519/ed25519.hbc{HBMK_HAS_ED25519_LOCAL} +3rd/scrypt/scrypt.hbc{HBMK_HAS_SCRYPT_LOCAL} diff --git a/contrib/hbcrypto/hbcrypto.hbx b/contrib/hbcrypto/hbcrypto.hbx new file mode 100644 index 0000000000..68d89692fb --- /dev/null +++ b/contrib/hbcrypto/hbcrypto.hbx @@ -0,0 +1,46 @@ +/* -------------------------------------------------------------------- + * NOTE: You can add manual override which functions to include or + * exclude from automatically generated EXTERNAL/DYNAMIC list. + * Syntax: // HB_FUNC_INCLUDE + * // HB_FUNC_EXCLUDE + */ + +/* -------------------------------------------------------------------- + * WARNING: Automatically generated code below. DO NOT EDIT! (except casing) + * Regenerate using hbmk2 '-hbx=' option. + */ + +#ifndef __HBEXTERN_CH__HBCRYPTO__ +#define __HBEXTERN_CH__HBCRYPTO__ + +#if defined( __HBEXTREQ__ ) .OR. defined( __HBEXTERN__HBCRYPTO__ANNOUNCE ) + ANNOUNCE __HBEXTERN__HBCRYPTO__ +#endif + +#if defined( __HBEXTREQ__ ) .OR. defined( __HBEXTERN__HBCRYPTO__REQUEST ) + #command DYNAMIC => EXTERNAL +#endif + +DYNAMIC hb_bcrypt +DYNAMIC hb_blake2b +DYNAMIC hb_blake2s +DYNAMIC hb_ed25519_create_keypair +DYNAMIC hb_ed25519_get_pubkey +DYNAMIC hb_ed25519_sign +DYNAMIC hb_ed25519_verify +DYNAMIC hb_pbkdf2_sha256 +DYNAMIC hb_scrypt +DYNAMIC hb_scrypt_setup +DYNAMIC hb_SHA3224 +DYNAMIC hb_SHA3256 +DYNAMIC hb_SHA3384 +DYNAMIC hb_SHA3512 +DYNAMIC hb_SHAKE128 +DYNAMIC hb_SHAKE256 +DYNAMIC hb_strcmpc + +#if defined( __HBEXTREQ__ ) .OR. defined( __HBEXTERN__HBCRYPTO__REQUEST ) + #uncommand DYNAMIC => EXTERNAL +#endif + +#endif diff --git a/contrib/hbcrypto/pbkdf2.c b/contrib/hbcrypto/pbkdf2.c new file mode 100644 index 0000000000..c95cee72f0 --- /dev/null +++ b/contrib/hbcrypto/pbkdf2.c @@ -0,0 +1,79 @@ +/* + * Harbour interface to PBKDF2 password hashing + * + * Copyright 2013-2017 Viktor Szakats + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; see the file LICENSE.txt. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301 USA (or visit https://www.gnu.org/licenses/). + * + * As a special exception, the Harbour Project gives permission for + * additional uses of the text contained in its release of Harbour. + * + * The exception is that, if you link the Harbour libraries with other + * files to produce an executable, this does not by itself cause the + * resulting executable to be covered by the GNU General Public License. + * Your use of that executable is in no way restricted on account of + * linking the Harbour library code into it. + * + * This exception does not however invalidate any other reasons why + * the executable file might be covered by the GNU General Public License. + * + * This exception applies only to the code released by the Harbour + * Project under the name Harbour. If you copy code from other + * Harbour Project or Free Software Foundation releases into a copy of + * Harbour, as the General Public License permits, the exception does + * not apply to the code that you add in this way. To avoid misleading + * anyone as to the status of such modified files, you must delete + * this exception notice from them. + * + * If you write modifications of your own for Harbour, it is your choice + * whether to permit this exception to apply to your modifications. + * If you do not wish that, delete this exception notice. + * + */ + +#include "hbapi.h" +#include "hbapierr.h" + +HB_EXTERN_BEGIN +#include "sha256.h" +HB_EXTERN_END + +/* hb_pbkdf2_sha256( , , , ) --> */ +HB_FUNC( HB_PBKDF2_SHA256 ) +{ + HB_U64 nC = hb_parnintdef( 3, 1 ); + HB_ISIZ keylen = hb_parns( 4 ); + + if( HB_ISCHAR( 1 ) && + HB_ISCHAR( 2 ) && + keylen >= 16 && + nC >= 1 ) + { + uint8_t * buf = ( uint8_t * ) hb_xgrab( keylen + 1 ); + + buf[ 0 ] = '\0'; + + PBKDF2_SHA256( + ( const uint8_t * ) hb_parc( 1 ), ( size_t ) hb_parclen( 1 ), + ( const uint8_t * ) hb_parc( 2 ), ( size_t ) hb_parclen( 2 ), + nC, + buf, keylen ); + + hb_retclen_buffer( ( char * ) buf, keylen ); + } + else + hb_errRT_BASE( EG_ARG, 2101, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} diff --git a/contrib/hbcrypto/scrypt.c b/contrib/hbcrypto/scrypt.c new file mode 100644 index 0000000000..96e8cb8f26 --- /dev/null +++ b/contrib/hbcrypto/scrypt.c @@ -0,0 +1,83 @@ +/* + * Harbour interface to scrypt password hashing + * + * Copyright 2013-2017 Viktor Szakats + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; see the file LICENSE.txt. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301 USA (or visit https://www.gnu.org/licenses/). + * + * As a special exception, the Harbour Project gives permission for + * additional uses of the text contained in its release of Harbour. + * + * The exception is that, if you link the Harbour libraries with other + * files to produce an executable, this does not by itself cause the + * resulting executable to be covered by the GNU General Public License. + * Your use of that executable is in no way restricted on account of + * linking the Harbour library code into it. + * + * This exception does not however invalidate any other reasons why + * the executable file might be covered by the GNU General Public License. + * + * This exception applies only to the code released by the Harbour + * Project under the name Harbour. If you copy code from other + * Harbour Project or Free Software Foundation releases into a copy of + * Harbour, as the General Public License permits, the exception does + * not apply to the code that you add in this way. To avoid misleading + * anyone as to the status of such modified files, you must delete + * this exception notice from them. + * + * If you write modifications of your own for Harbour, it is your choice + * whether to permit this exception to apply to your modifications. + * If you do not wish that, delete this exception notice. + * + */ + +#include "hbapi.h" +#include "hbapierr.h" + +HB_EXTERN_BEGIN +#include "crypto_scrypt.h" +HB_EXTERN_END + +/* hb_scrypt( , , , , , ) --> */ +HB_FUNC( HB_SCRYPT ) +{ + HB_ISIZ keylen = hb_parns( 6 ); + HB_U64 nC = hb_parnintdef( 3, 0x4000 ); /* CPU difficulty. must be a power of 2, > 1 */ + + if( HB_ISCHAR( 1 ) && + HB_ISCHAR( 2 ) && + keylen >= 16 && + nC > 1 ) + { + uint8_t * buf = ( uint8_t * ) hb_xgrab( keylen + 1 ); + + if( crypto_scrypt( + ( const uint8_t * ) hb_parc( 1 ), ( size_t ) hb_parclen( 1 ), + ( const uint8_t * ) hb_parc( 2 ), ( size_t ) hb_parclen( 2 ), + nC, + hb_parnldef( 4, 8 ), /* memory difficulty */ + hb_parnldef( 5, 1 ), /* parallel difficulty */ + buf, keylen ) != 0 ) + { + hb_xfree( buf ); + hb_retc_null(); + } + else + hb_retclen_buffer( ( char * ) buf, keylen ); + } + else + hb_errRT_BASE( EG_ARG, 2101, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS ); +} diff --git a/contrib/hbcrypto/scryptcf.prg b/contrib/hbcrypto/scryptcf.prg new file mode 100644 index 0000000000..5f6bfd96ec --- /dev/null +++ b/contrib/hbcrypto/scryptcf.prg @@ -0,0 +1,95 @@ +/* + * hb_scrypt_setup() + * + * Harbour adaptation 2015 Viktor Szakats + * based on original C code by Colin Percival in scryptenc.c + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; see the file LICENSE.txt. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301 USA (or visit https://www.gnu.org/licenses/). + * + * As a special exception, the Harbour Project gives permission for + * additional uses of the text contained in its release of Harbour. + * + * The exception is that, if you link the Harbour libraries with other + * files to produce an executable, this does not by itself cause the + * resulting executable to be covered by the GNU General Public License. + * Your use of that executable is in no way restricted on account of + * linking the Harbour library code into it. + * + * This exception does not however invalidate any other reasons why + * the executable file might be covered by the GNU General Public License. + * + * This exception applies only to the code released by the Harbour + * Project under the name Harbour. If you copy code from other + * Harbour Project or Free Software Foundation releases into a copy of + * Harbour, as the General Public License permits, the exception does + * not apply to the code that you add in this way. To avoid misleading + * anyone as to the status of such modified files, you must delete + * this exception notice from them. + * + * If you write modifications of your own for Harbour, it is your choice + * whether to permit this exception to apply to your modifications. + * If you do not wish that, delete this exception notice. + * + */ + +/* Converts from high-level scrypt parameters to low-level ones. + Some calls (e.g. scryptenc_setup()) use high-level ones, + hb_scrypt()/crypto_scrypt() expect the low-level ones. */ + +PROCEDURE hb_scrypt_setup( nOpsLimit, nMemLimit, /* @ */ N, /* @ */ r, /* @ */ p ) + + LOCAL maxN + LOCAL maxrp + + r := 8 + + IF HB_ISNUMERIC( nOpsLimit ) .AND. ; + HB_ISNUMERIC( nMemLimit ) .AND. ; + nMemLimit >= 0 + + IF nOpsLimit < 32768 + nOpsLimit := 32768 + ENDIF + + IF nOpsLimit < ( nMemLimit / 32 ) + p := 1 + maxN := nOpsLimit / ( r * 4 ) + FOR N := 1 TO 63 + IF hb_bitShift( 1, N ) > ( maxN / 2 ) + EXIT + ENDIF + NEXT + ELSE + maxN := nMemLimit / ( r * 128 ) + FOR N := 1 TO 63 + IF hb_bitShift( 1, N ) > ( maxN / 2 ) + EXIT + ENDIF + NEXT + maxrp := ( nOpsLimit / 4 ) / hb_bitShift( 1, N ) + IF maxrp > 0x3FFFFFFF + maxrp := 0X3FFFFFFF + ENDIF + p := hb_bitAnd( maxrp / r, 0xFFFFFFFF ) + ENDIF + + N := hb_bitShift( 1, N ) + ELSE + p := 1 + N := 1024 + ENDIF + + RETURN diff --git a/contrib/hbcrypto/sha3.c b/contrib/hbcrypto/sha3.c new file mode 100644 index 0000000000..6e76e2f420 --- /dev/null +++ b/contrib/hbcrypto/sha3.c @@ -0,0 +1,464 @@ +/* + * SHA3 function wrappers (secure hash) + * + * Copyright 2015 Viktor Szakats + * (Harbour wrapper and low-level code adaptation) + * + * Low-level SHA3 C code: + * https://github.com/gvanas/KeccakCodePackage/blob/4d212774e78bd46758636f6297924a2a1947d04f/Standalone/CompactFIPS202/Keccak-readable-and-compact.c + * by courtesy of: + * Implementation by the Keccak, Keyak and Ketje Teams, namely, Guido Bertoni, + * Joan Daemen, MichaĂ«l Peeters, Gilles Van Assche and Ronny Van Keer, hereby + * denoted as "the implementer". + * + * For more information, feedback or questions, please refer to our websites: + * https://keccak.noekeon.org/ + * https://keyak.noekeon.org/ + * https://ketje.noekeon.org/ + * + * To the extent possible under law, the implementer has waived all copyright + * and related or neighboring rights to the source code in this file. + * https://creativecommons.org/publicdomain/zero/1.0/ + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; see the file LICENSE.txt. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301 USA (or visit https://www.gnu.org/licenses/). + * + * As a special exception, the Harbour Project gives permission for + * additional uses of the text contained in its release of Harbour. + * + * The exception is that, if you link the Harbour libraries with other + * files to produce an executable, this does not by itself cause the + * resulting executable to be covered by the GNU General Public License. + * Your use of that executable is in no way restricted on account of + * linking the Harbour library code into it. + * + * This exception does not however invalidate any other reasons why + * the executable file might be covered by the GNU General Public License. + * + * This exception applies only to the code released by the Harbour + * Project under the name Harbour. If you copy code from other + * Harbour Project or Free Software Foundation releases into a copy of + * Harbour, as the General Public License permits, the exception does + * not apply to the code that you add in this way. To avoid misleading + * anyone as to the status of such modified files, you must delete + * this exception notice from them. + * + * If you write modifications of your own for Harbour, it is your choice + * whether to permit this exception to apply to your modifications. + * If you do not wish that, delete this exception notice. + * + */ + +#include "hbapi.h" + +/* The purpose of this source file is to demonstrate a readable and compact + implementation of all the Keccak instances approved in the FIPS 202 standard, + including the hash functions and the extendable-output functions (XOFs). + + We focused on clarity and on source-code compactness, + rather than on the performance. + + The advantages of this implementation are: + + The source code is compact, after removing the comments, that is. :-) + + There are no tables with arbitrary constants. + + For clarity, the comments link the operations to the specifications using + the same notation as much as possible. + + There is no restriction in cryptographic features. In particular, + the SHAKE128 and SHAKE256 XOFs can produce any output length. + + The code does not use much RAM, as all operations are done in place. + + The drawbacks of this implementation are: + - There is no message queue. The whole message must be ready in a buffer. + - It is not optimized for performance. + + For a more complete set of implementations, please refer to + the Keccak Code Package at https://github.com/gvanas/KeccakCodePackage + + For more information, please refer to: + * [Keccak Reference] https://keccak.team/files/Keccak-reference-3.0.pdf + * [Keccak Specifications Summary] https://keccak.team/keccak_specs_summary.html + + This file uses UTF-8 encoding, as some comments use Greek letters. */ + +/* Technicalities */ + +typedef HB_U64 tKeccakLane; + +#if ! defined( HB_LITTLE_ENDIAN ) + +/* Function to load a 64-bit value using the little-endian (LE) convention. + On a LE platform, this could be greatly simplified using a cast. */ +static HB_U64 load64( const HB_U8 * x ) +{ + int i; + HB_U64 u = 0; + + for( i = 7; i >= 0; --i ) + { + u <<= 8; + u |= x[ i ]; + } + return u; +} + +/* Function to store a 64-bit value using the little-endian (LE) convention. + On a LE platform, this could be greatly simplified using a cast. */ +static void store64( HB_U8 * x, HB_U64 u ) +{ + unsigned int i; + + for( i = 0; i < 8; ++i ) + { + x[ i ] = u; + u >>= 8; + } +} + +/* Function to XOR into a 64-bit value using the little-endian (LE) convention. + On a LE platform, this could be greatly simplified using a cast. */ +static void xor64( HB_U8 * x, HB_U64 u ) +{ + unsigned int i; + + for( i = 0; i < 8; ++i ) + { + x[ i ] ^= u; + u >>= 8; + } +} +#endif + +/* A readable and compact implementation of the Keccak-f[1600] permutation. */ + +#define ROL64( a, offset ) ( ( ( ( HB_U64 ) a ) << offset ) ^ ( ( ( HB_U64 ) a ) >> ( 64 - offset ) ) ) +#define i( x, y ) ( ( x ) + 5 * ( y ) ) + +#if defined( HB_LITTLE_ENDIAN ) + #define readLane( x, y ) ( ( ( tKeccakLane * ) state )[ i( x, y ) ] ) + #define writeLane( x, y, lane ) ( ( ( tKeccakLane * ) state )[ i( x, y ) ] ) = ( lane ) + #define XORLane( x, y, lane ) ( ( ( tKeccakLane * ) state )[ i( x, y ) ] ) ^= ( lane ) +#else + #define readLane( x, y ) load64( ( HB_U8 * ) state + sizeof( tKeccakLane ) * i( x, y ) ) + #define writeLane( x, y, lane ) store64( ( HB_U8 * ) state + sizeof( tKeccakLane ) * i( x, y ), lane ) + #define XORLane( x, y, lane ) xor64( ( HB_U8 * ) state + sizeof( tKeccakLane ) * i( x, y ), lane ) +#endif + +/* Function that computes the linear feedback shift register (LFSR) used to + define the round constants (see [Keccak Reference, Section 1.2]). */ +static int LFSR86540( HB_U8 * LFSR ) +{ + int result = ( ( *LFSR ) & 0x01 ) != 0; + + if( ( ( *LFSR ) & 0x80 ) != 0 ) + /* Primitive polynomial over GF(2): x^8+x^6+x^5+x^4+1 */ + ( *LFSR ) = ( ( *LFSR ) << 1 ) ^ 0x71; + else + ( *LFSR ) <<= 1; + + return result; +} + +/* Function that computes the Keccak-f[1600] permutation on the given state. */ +static void KeccakF1600_StatePermute( void * state ) +{ + unsigned int round, x, y, j, t; + HB_U8 LFSRstate = 0x01; + + for( round = 0; round < 24; round++ ) + { + { + /* === Ξ step (see [Keccak Reference, Section 2.3.2]) === */ + tKeccakLane C[ 5 ], D; + + /* Compute the parity of the columns */ + for( x = 0; x < 5; ++x ) + C[ x ] = readLane( x, 0 ) ^ readLane( x, 1 ) ^ readLane( x, 2 ) ^ readLane( x, 3 ) ^ readLane( x, 4 ); + for( x = 0; x < 5; ++x ) + { + /* Compute the Ξ effect for a given column */ + D = C[ ( x + 4 ) % 5 ] ^ ROL64( C[ ( x + 1 ) % 5 ], 1 ); + /* Add the Ξ effect to the whole column */ + for( y = 0; y < 5; y++ ) + XORLane( x, y, D ); + } + } + + { + /* === ρ and π steps (see [Keccak Reference, Sections 2.3.3 and 2.3.4]) === */ + tKeccakLane current, temp; + /* Start at coordinates (1 0) */ + x = 1; y = 0; + current = readLane( x, y ); + /* Iterate over ((0 1)(2 3))^t * (1 0) for 0 ≀ t ≀ 23 */ + for( t = 0; t < 24; t++ ) + { + /* Compute the rotation constant r = (t+1)(t+2)/2 */ + unsigned int r = ( ( t + 1 ) * ( t + 2 ) / 2 ) % 64; + /* Compute ((0 1)(2 3)) * (x y) */ + unsigned int Y = ( 2 * x + 3 * y ) % 5; x = y; y = Y; + /* Swap current and state(x,y), and rotate */ + temp = readLane( x, y ); + writeLane( x, y, ROL64( current, r ) ); + current = temp; + } + } + + { + /* === χ step (see [Keccak Reference, Section 2.3.1]) === */ + tKeccakLane temp[ 5 ]; + for( y = 0; y < 5; y++ ) + { + /* Take a copy of the plane */ + for( x = 0; x < 5; ++x ) + temp[ x ] = readLane( x, y ); + /* Compute χ on the plane */ + for( x = 0; x < 5; ++x ) + writeLane( x, y, temp[ x ] ^ ( ( ~temp[ ( x + 1 ) % 5 ] ) & temp[ ( x + 2 ) % 5 ] ) ); + } + } + + { + /* === Îč step (see [Keccak Reference, Section 2.3.5]) === */ + for( j = 0; j < 7; ++j ) + { + unsigned int bitPosition = ( 1 << j ) - 1; /* 2^j-1 */ + if( LFSR86540( &LFSRstate ) ) + XORLane( 0, 0, ( tKeccakLane ) 1 << bitPosition ); + } + } + } +} + +/* A readable and compact implementation of the Keccak sponge functions + that use the Keccak-f[1600] permutation. */ + +/* Function to compute the Keccak[r, c] sponge function over a given input. + * @param rate The value of the rate r. + * @param capacity The value of the capacity c. + * @param input Pointer to the input message. + * @param inputByteLen The number of input bytes provided in the input message. + * @param delimitedSuffix Bits that will be automatically appended to the end + * of the input message, as in domain separation. + * This is a byte containing from 0 to 7 bits + * These n bits must be in the least significant bit positions + * and must be delimited with a bit 1 at position n + * (counting from 0=LSB to 7=MSB) and followed by bits 0 + * from position n+1 to position 7. + * Some examples: + * - If no bits are to be appended, then @a delimitedSuffix must be 0x01. + * - If the 2-bit sequence 0,1 is to be appended (as for SHA3-*), @a delimitedSuffix must be 0x06. + * - If the 4-bit sequence 1,1,1,1 is to be appended (as for SHAKE*), @a delimitedSuffix must be 0x1F. + * - If the 7-bit sequence 1,1,0,1,0,0,0 is to be absorbed, @a delimitedSuffix must be 0x8B. + * @param output Pointer to the buffer where to store the output. + * @param outputByteLen The number of output bytes desired. + * @pre One must have r+c=1600 and the rate a multiple of 8 bits in this implementation. + */ + +static void Keccak( unsigned int rate, unsigned int capacity, const unsigned char * input, HB_SIZE inputByteLen, unsigned char delimitedSuffix, unsigned char * output, HB_SIZE outputByteLen ) +{ + HB_U8 state[ 200 ]; + unsigned int rateInBytes = rate / 8; + unsigned int blockSize = 0; + unsigned int i; + + if( ( ( rate + capacity ) != 1600 ) || ( ( rate % 8 ) != 0 ) ) + return; + + /* === Initialize the state === */ + memset( state, 0, sizeof( state ) ); + + /* === Absorb all the input blocks === */ + while( inputByteLen > 0 ) + { + blockSize = HB_MIN( ( unsigned int ) inputByteLen, rateInBytes ); + for( i = 0; i < blockSize; i++ ) + state[ i ] ^= input[ i ]; + input += blockSize; + inputByteLen -= blockSize; + + if( blockSize == rateInBytes ) + { + KeccakF1600_StatePermute( state ); + blockSize = 0; + } + } + + /* === Do the padding and switch to the squeezing phase === */ + /* Absorb the last few bits and add the first bit of padding (which coincides with the delimiter in delimitedSuffix) */ + state[ blockSize ] ^= delimitedSuffix; + /* If the first bit of padding is at position rate-1, we need a whole new block for the second bit of padding */ + if( ( ( delimitedSuffix & 0x80 ) != 0 ) && ( blockSize == ( rateInBytes - 1 ) ) ) + KeccakF1600_StatePermute( state ); + /* Add the second bit of padding */ + state[ rateInBytes - 1 ] ^= 0x80; + /* Switch to the squeezing phase */ + KeccakF1600_StatePermute( state ); + + /* === Squeeze out all the output blocks === */ + while( outputByteLen > 0 ) + { + blockSize = HB_MIN( ( unsigned int ) outputByteLen, rateInBytes ); + memcpy( output, state, blockSize ); + output += blockSize; + outputByteLen -= blockSize; + + if( outputByteLen > 0 ) + KeccakF1600_StatePermute( state ); + } +} + +/* Function to compute SHAKE128 on the input message with any output length. */ +static void FIPS202_SHAKE128( const unsigned char * input, HB_SIZE inputByteLen, unsigned char * output, HB_SIZE outputByteLen ) +{ + Keccak( 1344, 256, input, inputByteLen, 0x1F, output, outputByteLen ); +} + +/* Function to compute SHAKE256 on the input message with any output length. */ +static void FIPS202_SHAKE256( const unsigned char * input, HB_SIZE inputByteLen, unsigned char * output, HB_SIZE outputByteLen ) +{ + Keccak( 1088, 512, input, inputByteLen, 0x1F, output, outputByteLen ); +} + +/* Function to compute SHA3-224 on the input message. The output length is fixed to 28 bytes. */ +static void FIPS202_SHA3_224( const unsigned char * input, HB_SIZE inputByteLen, unsigned char * output ) +{ + Keccak( 1152, 448, input, inputByteLen, 0x06, output, 28 ); +} + +/* Function to compute SHA3-256 on the input message. The output length is fixed to 32 bytes. */ +static void FIPS202_SHA3_256( const unsigned char * input, HB_SIZE inputByteLen, unsigned char * output ) +{ + Keccak( 1088, 512, input, inputByteLen, 0x06, output, 32 ); +} + +/* Function to compute SHA3-384 on the input message. The output length is fixed to 48 bytes. */ +static void FIPS202_SHA3_384( const unsigned char * input, HB_SIZE inputByteLen, unsigned char * output ) +{ + Keccak( 832, 768, input, inputByteLen, 0x06, output, 48 ); +} + +/* Function to compute SHA3-512 on the input message. The output length is fixed to 64 bytes. */ +static void FIPS202_SHA3_512( const unsigned char * input, HB_SIZE inputByteLen, unsigned char * output ) +{ + Keccak( 576, 1024, input, inputByteLen, 0x06, output, 64 ); +} + +HB_FUNC( HB_SHAKE128 ) +{ + HB_SIZE nOutSize = hb_parnsdef( 2, 256 ) / 8; + + if( nOutSize > 0 ) + { + HB_U8 * out = ( HB_U8 * ) hb_xgrab( nOutSize + 1 ); + + FIPS202_SHAKE128( ( const HB_U8 * ) hb_parcx( 1 ), hb_parclen( 1 ), out, nOutSize ); + + if( hb_parl( 3 ) ) + hb_retclen_buffer( ( char * ) out, sizeof( out ) ); + else + { + char * digest = ( char * ) hb_xgrab( ( nOutSize * 2 ) + 1 ); + hb_strtohex( ( char * ) out, nOutSize, digest ); + hb_xfree( out ); + hb_retclen_buffer( digest, nOutSize * 2 ); + } + } +} + +HB_FUNC( HB_SHAKE256 ) +{ + HB_SIZE nOutSize = hb_parnsdef( 2, 512 ) / 8; + + if( nOutSize > 0 ) + { + HB_U8 * out = ( HB_U8 * ) hb_xgrab( nOutSize + 1 ); + + FIPS202_SHAKE256( ( const HB_U8 * ) hb_parcx( 1 ), hb_parclen( 1 ), out, nOutSize ); + + if( hb_parl( 3 ) ) + hb_retclen_buffer( ( char * ) out, sizeof( out ) ); + else + { + char * digest = ( char * ) hb_xgrab( ( nOutSize * 2 ) + 1 ); + hb_strtohex( ( char * ) out, nOutSize, digest ); + hb_xfree( out ); + hb_retclen_buffer( digest, nOutSize * 2 ); + } + } +} + +HB_FUNC( HB_SHA3224 ) +{ + HB_U8 out[ 224 / 8 + 1 ]; + + FIPS202_SHA3_224( ( const HB_U8 * ) hb_parcx( 1 ), hb_parclen( 1 ), out ); + + if( hb_parl( 2 ) ) + hb_retclen( ( char * ) out, sizeof( out ) - 1 ); + else + { + char digest[ ( ( sizeof( out ) - 1 ) * 2 ) + 1 ]; + hb_strtohex( ( char * ) out, sizeof( out ) - 1, digest ); + hb_retclen( digest, ( sizeof( out ) - 1 ) * 2 ); + } +} + +HB_FUNC( HB_SHA3256 ) +{ + HB_U8 out[ 256 / 8 + 1 ]; + + FIPS202_SHA3_256( ( const HB_U8 * ) hb_parcx( 1 ), hb_parclen( 1 ), out ); + + if( hb_parl( 2 ) ) + hb_retclen( ( char * ) out, sizeof( out ) - 1 ); + else + { + char digest[ ( ( sizeof( out ) - 1 ) * 2 ) + 1 ]; + hb_strtohex( ( char * ) out, sizeof( out ) - 1, digest ); + hb_retclen( digest, ( sizeof( out ) - 1 ) * 2 ); + } +} + +HB_FUNC( HB_SHA3384 ) +{ + HB_U8 out[ 384 / 8 + 1 ]; + + FIPS202_SHA3_384( ( const HB_U8 * ) hb_parcx( 1 ), hb_parclen( 1 ), out ); + + if( hb_parl( 2 ) ) + hb_retclen( ( char * ) out, sizeof( out ) - 1 ); + else + { + char digest[ ( ( sizeof( out ) - 1 ) * 2 ) + 1 ]; + hb_strtohex( ( char * ) out, sizeof( out ) - 1, digest ); + hb_retclen( digest, ( sizeof( out ) - 1 ) * 2 ); + } +} + +HB_FUNC( HB_SHA3512 ) +{ + HB_U8 out[ 512 / 8 + 1 ]; + + FIPS202_SHA3_512( ( const HB_U8 * ) hb_parcx( 1 ), hb_parclen( 1 ), out ); + + if( hb_parl( 2 ) ) + hb_retclen( ( char * ) out, sizeof( out ) - 1 ); + else + { + char digest[ ( ( sizeof( out ) - 1 ) * 2 ) + 1 ]; + hb_strtohex( ( char * ) out, sizeof( out ) - 1, digest ); + hb_retclen( digest, ( sizeof( out ) - 1 ) * 2 ); + } +} diff --git a/contrib/hbcrypto/strcmpc.c b/contrib/hbcrypto/strcmpc.c new file mode 100644 index 0000000000..11ef1f139e --- /dev/null +++ b/contrib/hbcrypto/strcmpc.c @@ -0,0 +1,70 @@ +/* + * hb_strcmpc() + * + * Copyright 2013 Viktor Szakats + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; see the file LICENSE.txt. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301 USA (or visit https://www.gnu.org/licenses/). + * + * As a special exception, the Harbour Project gives permission for + * additional uses of the text contained in its release of Harbour. + * + * The exception is that, if you link the Harbour libraries with other + * files to produce an executable, this does not by itself cause the + * resulting executable to be covered by the GNU General Public License. + * Your use of that executable is in no way restricted on account of + * linking the Harbour library code into it. + * + * This exception does not however invalidate any other reasons why + * the executable file might be covered by the GNU General Public License. + * + * This exception applies only to the code released by the Harbour + * Project under the name Harbour. If you copy code from other + * Harbour Project or Free Software Foundation releases into a copy of + * Harbour, as the General Public License permits, the exception does + * not apply to the code that you add in this way. To avoid misleading + * anyone as to the status of such modified files, you must delete + * this exception notice from them. + * + * If you write modifications of your own for Harbour, it is your choice + * whether to permit this exception to apply to your modifications. + * If you do not wish that, delete this exception notice. + * + */ + +#include "hbapi.h" + +/* Compare strings in length-constant time: + hb_strcmpc( , ) --> */ +HB_FUNC( HB_STRCMPC ) +{ + const char * str1 = hb_parc( 1 ); + const char * str2 = hb_parc( 2 ); + + if( str1 && str2 ) + { + HB_SIZE len1 = hb_parclen( 1 ); + HB_SIZE len2 = hb_parclen( 2 ); + HB_SIZE diff = len1 ^ len2; + HB_SIZE tmp; + + for( tmp = 0; tmp < len1 && tmp < len2; ++tmp ) + diff |= str1[ tmp ] ^ str2[ tmp ]; + + hb_retl( diff == 0 ); + } + else + hb_retl( HB_FALSE ); +} diff --git a/contrib/hbcrypto/tests/bcrypt.prg b/contrib/hbcrypto/tests/bcrypt.prg new file mode 100644 index 0000000000..a3b799ed51 --- /dev/null +++ b/contrib/hbcrypto/tests/bcrypt.prg @@ -0,0 +1,17 @@ +/* Copyright 2015 Viktor Szakats */ + +#require "hbcrypto" +#require "hbtest" + +PROCEDURE Main() + + HBTEST Lower( hb_StrToHex( hb_bcrypt( "password" , "salt" , 4, 32 ) ) ) IS "5bbf0cc293587f1c3635555c27796598d47e579071bf427e9d8fbe842aba34d9" + HBTEST Lower( hb_StrToHex( hb_bcrypt( "password" , hb_BChar( 0 ) , 4, 16 ) ) ) IS "c12b566235eee04c212598970a579a67" + HBTEST Lower( hb_StrToHex( hb_bcrypt( hb_BChar( 0 ) , "salt" , 4, 16 ) ) ) IS "6051be18c2f4f82cbf0efee5471b4bb9" + HBTEST Lower( hb_StrToHex( hb_bcrypt( "password" + hb_BChar( 0 ) , "salt" + hb_BChar( 0 ) , 4, 32 ) ) ) IS "7410e44cf4fa07bfaac8a928b1727fac001375e7bf7384370f48efd121743050" + HBTEST Lower( hb_StrToHex( hb_bcrypt( "pass" + hb_BChar( 0 ) + "wor" , "sa" + hb_BChar( 0 ) + "l" , 4, 16 ) ) ) IS "c2bffd9db38f6569efef4372f4de83c0" + HBTEST Lower( hb_StrToHex( hb_bcrypt( "pass" + hb_BChar( 0 ) + "word", "sa" + hb_BChar( 0 ) + "lt", 4, 16 ) ) ) IS "4ba4ac3925c0e8d7f0cdb6bb1684a56f" + HBTEST Lower( hb_StrToHex( hb_bcrypt( "password" , "salt" , 8, 64 ) ) ) IS "e1367ec5151a33faac4cc1c144cd23fa15d5548493ecc99b9b5d9c0d3b27bec76227ea66088b849b20ab7aa478010246e74bba51723fefa9f9474d6508845e8d" + HBTEST Lower( hb_StrToHex( hb_bcrypt( "password" , "salt" , 42, 16 ) ) ) IS "833cf0dcf56db65608e8f0dc0ce882bd" + + RETURN diff --git a/contrib/hbcrypto/tests/blake2.prg b/contrib/hbcrypto/tests/blake2.prg new file mode 100644 index 0000000000..1869c4301b --- /dev/null +++ b/contrib/hbcrypto/tests/blake2.prg @@ -0,0 +1,29 @@ +/* Copyright 2015 Viktor Szakats */ + +#require "hbcrypto" +#require "hbtest" + +PROCEDURE Main() + + LOCAL cKey + + /* https://blake2.net/blake2b-test.txt */ + + cKey := hb_HexToStr( "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f" ) + + HBTEST hb_blake2b( "" ) IS "786a02f742015903c6c6fd852552d272912f4740e15847618a86e217f71f5419d25e1031afee585313896444934eb04b903a685b1448b755d56f701afe9be2ce" + HBTEST hb_blake2b( "The quick brown fox jumps over the lazy dog" ) IS "a8add4bdddfd93e4877d2746e62817b116364a1fa7bc148d95090bc7333b3673f82401cf7aa2e4cb1ecd90296e3f14cb5413f8ed77be73045b13914cdcd6a918" + HBTEST hb_blake2b( "", cKey ) IS "10ebb67700b1868efb4417987acf4690ae9d972fb7a590c2f02871799aaa4786b5e996e8f0f4eb981fc214b005f42d2ff4233499391653df7aefcbc13fc51568" + + /* https://blake2.net/blake2s-test.txt */ + + cKey := hb_HexToStr( "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" ) + + HBTEST hb_blake2s( "" ) IS "69217a3079908094e11121d042354a7c1f55b6482ca1a51e1b250dfd1ed0eef9" + HBTEST hb_blake2s( "The quick brown fox jumps over the lazy dog" ) IS "606beeec743ccbeff6cbcdf5d5302aa855c256c29b88c8ed331ea1a6bf3c8812" + HBTEST hb_blake2s( "", cKey ) IS "48a8997da407876b3d79c0d92325ad3b89cbb754d86ab71aee047ad345fd2c49" + + HBTEST hb_blake2s( "",, 16 ) IS "64550d6ffe2c0a01a14aba1eade0200c" + HBTEST hb_blake2s( "The quick brown fox jumps over the lazy dog",, 16 ) IS "96fd07258925748a0d2fb1c8a1167a73" + + RETURN diff --git a/contrib/hbcrypto/tests/ed25519.prg b/contrib/hbcrypto/tests/ed25519.prg new file mode 100644 index 0000000000..72dc3a86d6 --- /dev/null +++ b/contrib/hbcrypto/tests/ed25519.prg @@ -0,0 +1,45 @@ +/* Copyright 2015 Viktor Szakats */ + +#require "hbcrypto" +#require "hbtest" + +PROCEDURE Main() + + LOCAL message + LOCAL secret_key + LOCAL public_key + LOCAL signature +#if 0 + LOCAL shared_secret +#endif + + /* https://ed25519.cr.yp.to */ + + HBTEST hb_ed25519_create_keypair( @public_key, @secret_key ) IS NIL + HBTEST ValType( public_key ) IS "C" + HBTEST hb_BLen( public_key ) IS 32 + HBTEST ValType( secret_key ) IS "C" + HBTEST hb_BLen( secret_key ) IS 64 + HBTEST hb_ed25519_sign() IS "E 1 BASE 3013 Argument error (HB_ED25519_SIGN) OS:0 #:0 F:S" + message := hb_MemoRead( __FILE__ ) + HBTEST hb_ed25519_get_pubkey( secret_key ) == public_key IS .T. + signature := hb_ed25519_sign( message, secret_key ) + HBTEST ValType( signature ) IS "C" + HBTEST hb_BLen( signature ) IS 64 + HBTEST hb_ed25519_verify( signature, message, public_key ) IS .T. + HBTEST hb_ed25519_verify( signature, message + "a", public_key ) IS .F. + HBTEST hb_ed25519_verify( hb_BLeft( signature, 63 ) + "a", message, public_key ) IS .F. + HBTEST hb_ed25519_verify( signature, message, hb_BLeft( signature, 31 ) + "a" ) IS .F. +#if 0 + shared_secret := hb_ed25519_key_exchange( public_key, secret_key ) + HBTEST ValType( shared_secret ) IS "C" + HBTEST hb_BLen( shared_secret ) IS 32 +#endif + + message := "TEST MESSAGE" + public_key := hb_base64Decode( "WHPNZbNuFk9ZlYCMxCLnWAKH936bj0ITv5RSKXhRoZ8=" ) + secret_key := hb_base64Decode( "4MJZ7MmqUmX5zUFLPScFa5PmctrHoUKv0Ah9aU6kREbYPhqR3UWGlQ8af0F9fSXOHaSDimjiTi3R8CQ0GhnxtQ==" ) + HBTEST hb_base64Encode( hb_ed25519_sign( message,, secret_key ) ) IS "VZuUsB2NEaMEbPilujIupXd8WxNEffSC5r9v0xO5gEmcF4g1mqxVJU8CsOYiAZPFE6h7nlQz2840K/JiwcblAQ==" + HBTEST hb_base64Encode( hb_ed25519_sign( message, secret_key ) ) IS "VZuUsB2NEaMEbPilujIupXd8WxNEffSC5r9v0xO5gEmcF4g1mqxVJU8CsOYiAZPFE6h7nlQz2840K/JiwcblAQ==" + + RETURN diff --git a/contrib/hbcrypto/tests/hbmk.hbm b/contrib/hbcrypto/tests/hbmk.hbm new file mode 100644 index 0000000000..a9bc07b31c --- /dev/null +++ b/contrib/hbcrypto/tests/hbmk.hbm @@ -0,0 +1,6 @@ +hbcrypto.hbc +hbtest.hbc + +-w3 -es2 + +-u+simpleio.ch diff --git a/contrib/hbcrypto/tests/pbkdf2.prg b/contrib/hbcrypto/tests/pbkdf2.prg new file mode 100644 index 0000000000..10298f9676 --- /dev/null +++ b/contrib/hbcrypto/tests/pbkdf2.prg @@ -0,0 +1,13 @@ +/* Copyright 2013-2016 Viktor Szakats */ + +#require "hbcrypto" +#require "hbtest" + +PROCEDURE Main() + + /* https://tools.ietf.org/html/rfc7914 */ + + HBTEST Lower( hb_StrToHex( hb_pbkdf2_sha256( "passwd" , "salt", 1, 64 ) ) ) IS "55ac046e56e3089fec1691c22544b605f94185216dde0465e68b9d57c20dacbc49ca9cccf179b645991664b39d77ef317c71b845b1e30bd509112041d3a19783" + HBTEST Lower( hb_StrToHex( hb_pbkdf2_sha256( "Password", "NaCl", 80000, 64 ) ) ) IS "4ddcd8f60b98be21830cee5ef22701f9641a4418d04c0414aeff08876b34ab56a1d425a1225833549adb841b51c9b3176a272bdebba1d078478f62b397f33c8d" + + RETURN diff --git a/contrib/hbcrypto/tests/scrypt.prg b/contrib/hbcrypto/tests/scrypt.prg new file mode 100644 index 0000000000..1530dcfc94 --- /dev/null +++ b/contrib/hbcrypto/tests/scrypt.prg @@ -0,0 +1,27 @@ +/* Copyright 2013-2016 Viktor Szakats */ + +#require "hbcrypto" +#require "hbtest" + +PROCEDURE Main() + + /* https://tools.ietf.org/html/rfc7914 */ + + HBTEST Lower( hb_StrToHex( hb_scrypt( "" , "" , 16, 1, 1, 64 ) ) ) IS "77d6576238657b203b19ca42c18a0497f16b4844e3074ae8dfdffa3fede21442fcd0069ded0948f8326a753a0fc81f17e8d3e0fb2e0d3628cf35e20c38d18906" + HBTEST Lower( hb_StrToHex( hb_scrypt( "password" , "NaCl" , 1024, 8, 16, 64 ) ) ) IS "fdbabe1c9d3472007856e7190d01e9fe7c6ad7cbc8237830e77376634b3731622eaf30d92e22a3886ff109279d9830dac727afb94a83ee6d8360cbdfa2cc0640" + HBTEST Lower( hb_StrToHex( hb_scrypt( "pleaseletmein", "SodiumChloride", 16384, 8, 1, 64 ) ) ) IS "7023bdcb3afd7348461c06cd81fd38ebfda8fbba904f8e3ea9b543f6545da1f2d5432955613f0fcf62d49705242a9af9e61e85dc0d651e40dfcf017b45575887" +#if 0 + // Takes a very long time: + HBTEST Lower( hb_StrToHex( hb_scrypt( "pleaseletmein", "SodiumChloride", 1048576, 8, 1, 64 ) ) ) IS "2101cb9b6a511aaeaddbbe09cf70f881ec568d574a2ffd4dabe5ee9820adaa478e56fd8f4ba5d09ffa1c6d927c40f4c337304049e8a952fbcbf45c6fa77a41a4" +#endif + + HBTEST hb_strcmpc( NIL, NIL ) IS .F. + HBTEST hb_strcmpc( NIL, "" ) IS .F. + HBTEST hb_strcmpc( "1", "12" ) IS .F. + HBTEST hb_strcmpc( "12", "1" ) IS .F. + HBTEST hb_strcmpc( "12", "12" ) IS .T. + HBTEST hb_strcmpc( "12", "13" ) IS .F. + HBTEST hb_strcmpc( "22", "12" ) IS .F. + HBTEST hb_strcmpc( "", "" ) IS .T. + + RETURN diff --git a/contrib/hbcrypto/tests/sha3.prg b/contrib/hbcrypto/tests/sha3.prg new file mode 100644 index 0000000000..e6e91578a6 --- /dev/null +++ b/contrib/hbcrypto/tests/sha3.prg @@ -0,0 +1,40 @@ +/* Copyright 2015 Viktor Szakats */ + +#require "hbcrypto" +#require "hbtest" + +PROCEDURE Main() + + LOCAL cMsg0 := "" + LOCAL cMsg1 := "abc" + LOCAL cMsg2a := "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" + LOCAL cMsg2b := "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" + LOCAL cMsg3 := Replicate( "a", 1000000 ) + + HBTEST hb_SHAKE128( cMsg0, 256 ) IS "7f9c2ba4e88f827d616045507605853ed73b8093f6efbc88eb1a6eacfa66ef26" + HBTEST hb_SHAKE256( cMsg0, 512 ) IS "46b9dd2b0ba88d13233b3feb743eeb243fcd52ea62b81b82b50c27646ed5762fd75dc4ddd8c0f200cb05019d67b592f6fc821c49479ab48640292eacb3b7c4be" + + HBTEST hb_SHAKE128( "The quick brown fox jumps over the lazy dog", 256 ) IS "f4202e3c5852f9182a0430fd8144f0a74b95e7417ecae17db0f8cfeed0e3e66e" + HBTEST hb_SHAKE128( "The quick brown fox jumps over the lazy dof", 256 ) IS "853f4538be0db9621a6cea659a06c1107b1f83f02b13d18297bd39d7411cf10c" + + HBTEST hb_SHA3224( cMsg0 ) IS "6b4e03423667dbb73b6e15454f0eb1abd4597f9a1b078e3f5b5a6bc7" + HBTEST hb_SHA3224( cMsg1 ) IS "e642824c3f8cf24ad09234ee7d3c766fc9a3a5168d0c94ad73b46fdf" + HBTEST hb_SHA3224( cMsg2a ) IS "8a24108b154ada21c9fd5574494479ba5c7e7ab76ef264ead0fcce33" + HBTEST hb_SHA3224( cMsg3 ) IS "d69335b93325192e516a912e6d19a15cb51c6ed5c15243e7a7fd653c" + + HBTEST hb_SHA3256( cMsg0 ) IS "a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a" + HBTEST hb_SHA3256( cMsg1 ) IS "3a985da74fe225b2045c172d6bd390bd855f086e3e9d525b46bfe24511431532" + HBTEST hb_SHA3256( cMsg2a ) IS "41c0dba2a9d6240849100376a8235e2c82e1b9998a999e21db32dd97496d3376" + HBTEST hb_SHA3256( cMsg3 ) IS "5c8875ae474a3634ba4fd55ec85bffd661f32aca75c6d699d0cdcb6c115891c1" + + HBTEST hb_SHA3384( cMsg0 ) IS "0c63a75b845e4f7d01107d852e4c2485c51a50aaaa94fc61995e71bbee983a2ac3713831264adb47fb6bd1e058d5f004" + HBTEST hb_SHA3384( cMsg1 ) IS "ec01498288516fc926459f58e2c6ad8df9b473cb0fc08c2596da7cf0e49be4b298d88cea927ac7f539f1edf228376d25" + HBTEST hb_SHA3384( cMsg2b ) IS "79407d3b5916b59c3e30b09822974791c313fb9ecc849e406f23592d04f625dc8c709b98b43b3852b337216179aa7fc7" + HBTEST hb_SHA3384( cMsg3 ) IS "eee9e24d78c1855337983451df97c8ad9eedf256c6334f8e948d252d5e0e76847aa0774ddb90a842190d2c558b4b8340" + + HBTEST hb_SHA3512( cMsg0 ) IS "a69f73cca23a9ac5c8b567dc185a756e97c982164fe25859e0d1dcc1475c80a615b2123af1f5f94c11e3e9402c3ac558f500199d95b6d3e301758586281dcd26" + HBTEST hb_SHA3512( cMsg1 ) IS "b751850b1a57168a5693cd924b6b096e08f621827444f70d884f5d0240d2712e10e116e9192af3c91a7ec57647e3934057340b4cf408d5a56592f8274eec53f0" + HBTEST hb_SHA3512( cMsg2b ) IS "afebb2ef542e6579c50cad06d2e578f9f8dd6881d7dc824d26360feebf18a4fa73e3261122948efcfd492e74e82e2189ed0fb440d187f382270cb455f21dd185" + HBTEST hb_SHA3512( cMsg3 ) IS "3c3a876da14034ab60627c077bb98f7e120a2a5370212dffb3385a18d4f38859ed311d0a9d5141ce9cc5c66ee689b266a8aa18ace8282a0e0db596c90b0a7b87" + + RETURN diff --git a/contrib/hbplist.txt b/contrib/hbplist.txt index 8653dfda86..5ed9148e89 100644 --- a/contrib/hbplist.txt +++ b/contrib/hbplist.txt @@ -12,6 +12,7 @@ hbcomm/hbcomm.hbp hbct/hbct.hbp hbcups/hbcups.hbp hbcurl/hbcurl.hbp +hbcrypto/hbcrypto.hbp hbexpat/hbexpat.hbp # uses: expat (locally hosted) hbfbird/hbfbird.hbp hbfimage/hbfimage.hbp diff --git a/contrib/hbrun/hbrun.hbp b/contrib/hbrun/hbrun.hbp index 3677e9c4bb..57bae4c10b 100644 --- a/contrib/hbrun/hbrun.hbp +++ b/contrib/hbrun/hbrun.hbp @@ -14,11 +14,12 @@ {_HB_BUILD_&(!(HB_BUILD_DYN='no')&!(HB_BUILD_CONTRIB_DYN='no')&(win|wce|os2))}-shared {shared|(unix&!(HB_BUILD_CONTRIB_DYN='no'))}-env:__HBMKDYN=yes -{__HBMKDYN='yes'}-env:_HBMK_WITH_EXTS=hbct|hbexpat|hbmemio|hbmzip|hbnetio +{__HBMKDYN='yes'}-env:_HBMK_WITH_EXTS=hbcrypto|hbct|hbexpat|hbmemio|hbmzip|hbnetio {__HBMKDYN='yes'&unix}-env:_HBMK_WITH_EXTS+|hbunix {__HBMKDYN='yes'&allwin}-env:_HBMK_WITH_EXTS+|hbwin {__HBMKDYN='yes'}-DHBMK_WITH_EXTS=${_HBMK_WITH_EXTS} +{!(__HBMKDYN='yes')}hbcrypto.hbc {!(__HBMKDYN='yes')}-request=__HBEXTERN__HBCRYPTO__ {!(__HBMKDYN='yes')}hbct.hbc {!(__HBMKDYN='yes')}-request=__HBEXTERN__HBCT__ {!(__HBMKDYN='yes')}hbexpat.hbc {!(__HBMKDYN='yes')}-request=__HBEXTERN__HBEXPAT__ {!(__HBMKDYN='yes')}hbmemio.hbc {!(__HBMKDYN='yes')}-request=__HBEXTERN__HBMEMIO__ diff --git a/include/Makefile b/include/Makefile index cab392dea9..4f4e295b8e 100644 --- a/include/Makefile +++ b/include/Makefile @@ -28,6 +28,7 @@ C_HEADERS := \ hbassert.h \ hbatomic.h \ hbbfish.h \ + hbcrypto.h \ hbfloat.h \ hbcdpreg.h \ hbchksum.h \ diff --git a/include/hbcrypto.h b/include/hbcrypto.h new file mode 100644 index 0000000000..f04d339d0a --- /dev/null +++ b/include/hbcrypto.h @@ -0,0 +1,229 @@ +/* + * FIPS 180-2 SHA-224/256/384/512 implementation + * Last update: 2007-02-02 + * Issue date: 2005-04-30 + * HMAC-SHA-224/256/384/512 implementation + * Last update: 2005-06-15 + * Issue date: 2005-06-15 + * + * Copyright (C) 2005, 2007 Olivier Gay + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the project nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef HB_CRYPTO_H_ +#define HB_CRYPTO_H_ + +#include "hbapi.h" + +#define HB_SHA224_DIGEST_SIZE ( 224 / 8 ) +#define HB_SHA256_DIGEST_SIZE ( 256 / 8 ) +#define HB_SHA384_DIGEST_SIZE ( 384 / 8 ) +#define HB_SHA512_DIGEST_SIZE ( 512 / 8 ) + +#define HB_SHA256_BLOCK_SIZE ( 512 / 8 ) +#define HB_SHA512_BLOCK_SIZE ( 1024 / 8 ) +#define HB_SHA384_BLOCK_SIZE HB_SHA512_BLOCK_SIZE +#define HB_SHA224_BLOCK_SIZE HB_SHA256_BLOCK_SIZE + +HB_EXTERN_BEGIN + +typedef struct { + HB_SIZE tot_len; + HB_SIZE len; + unsigned char block[ 2 * HB_SHA256_BLOCK_SIZE ]; + HB_U32 h[ 8 ]; +} hb_sha256_ctx; + +typedef struct { + HB_SIZE tot_len; + HB_SIZE len; + unsigned char block[ 2 * HB_SHA512_BLOCK_SIZE ]; + HB_U64 h[ 8 ]; +} hb_sha512_ctx; + +typedef hb_sha512_ctx hb_sha384_ctx; +typedef hb_sha256_ctx hb_sha224_ctx; + +extern HB_EXPORT void hb_sha224_init( hb_sha224_ctx * ctx ); +extern HB_EXPORT void hb_sha224_update( hb_sha224_ctx * ctx, + const void * message, + HB_SIZE len ); +extern HB_EXPORT void hb_sha224_final( hb_sha224_ctx * ctx, + unsigned char * digest ); +extern HB_EXPORT void hb_sha224( const void * message, + HB_SIZE len, + unsigned char * digest ); + +extern HB_EXPORT void hb_sha256_init( hb_sha256_ctx * ctx ); +extern HB_EXPORT void hb_sha256_update( hb_sha256_ctx * ctx, + const void *message, + HB_SIZE len ); +extern HB_EXPORT void hb_sha256_final( hb_sha256_ctx * ctx, + unsigned char * digest ); +extern HB_EXPORT void hb_sha256( const void * message, + HB_SIZE len, + unsigned char * digest ); + +extern HB_EXPORT void hb_sha384_init( hb_sha384_ctx * ctx ); +extern HB_EXPORT void hb_sha384_update( hb_sha384_ctx * ctx, + const void *message, + HB_SIZE len ); +extern HB_EXPORT void hb_sha384_final( hb_sha384_ctx * ctx, + unsigned char * digest ); +extern HB_EXPORT void hb_sha384( const void * message, + HB_SIZE len, + unsigned char * digest ); + +extern HB_EXPORT void hb_sha512_init( hb_sha512_ctx * ctx ); +extern HB_EXPORT void hb_sha512_update( hb_sha512_ctx * ctx, + const void *message, + HB_SIZE len ); +extern HB_EXPORT void hb_sha512_final( hb_sha512_ctx * ctx, + unsigned char * digest ); +extern HB_EXPORT void hb_sha512( const void * message, + HB_SIZE len, + unsigned char * digest ); + +typedef struct { + hb_sha224_ctx ctx_inside; + hb_sha224_ctx ctx_outside; + + /* for hmac_reinit */ + hb_sha224_ctx ctx_inside_reinit; + hb_sha224_ctx ctx_outside_reinit; + + unsigned char block_ipad[ HB_SHA224_BLOCK_SIZE ]; + unsigned char block_opad[ HB_SHA224_BLOCK_SIZE ]; +} hb_hmac_sha224_ctx; + +typedef struct { + hb_sha256_ctx ctx_inside; + hb_sha256_ctx ctx_outside; + + /* for hmac_reinit */ + hb_sha256_ctx ctx_inside_reinit; + hb_sha256_ctx ctx_outside_reinit; + + unsigned char block_ipad[ HB_SHA256_BLOCK_SIZE ]; + unsigned char block_opad[ HB_SHA256_BLOCK_SIZE ]; +} hb_hmac_sha256_ctx; + +typedef struct { + hb_sha384_ctx ctx_inside; + hb_sha384_ctx ctx_outside; + + /* for hmac_reinit */ + hb_sha384_ctx ctx_inside_reinit; + hb_sha384_ctx ctx_outside_reinit; + + unsigned char block_ipad[ HB_SHA384_BLOCK_SIZE ]; + unsigned char block_opad[ HB_SHA384_BLOCK_SIZE ]; +} hb_hmac_sha384_ctx; + +typedef struct { + hb_sha512_ctx ctx_inside; + hb_sha512_ctx ctx_outside; + + /* for hmac_reinit */ + hb_sha512_ctx ctx_inside_reinit; + hb_sha512_ctx ctx_outside_reinit; + + unsigned char block_ipad[ HB_SHA512_BLOCK_SIZE ]; + unsigned char block_opad[ HB_SHA512_BLOCK_SIZE ]; +} hb_hmac_sha512_ctx; + +extern HB_EXPORT void hb_hmac_sha224_init( hb_hmac_sha224_ctx * ctx, + const void * key, + HB_SIZE key_size ); +extern HB_EXPORT void hb_hmac_sha224_reinit( hb_hmac_sha224_ctx * ctx ); +extern HB_EXPORT void hb_hmac_sha224_update( hb_hmac_sha224_ctx * ctx, + const void * message, + HB_SIZE message_len ); +extern HB_EXPORT void hb_hmac_sha224_final( hb_hmac_sha224_ctx * ctx, + unsigned char * mac, + HB_SIZE mac_size ); +extern HB_EXPORT void hb_hmac_sha224( const void * key, + HB_SIZE key_size, + const void * message, + HB_SIZE message_len, + unsigned char * mac, + HB_SIZE mac_size ); + +extern HB_EXPORT void hb_hmac_sha256_init( hb_hmac_sha256_ctx * ctx, + const void * key, + HB_SIZE key_size ); +extern HB_EXPORT void hb_hmac_sha256_reinit( hb_hmac_sha256_ctx * ctx ); +extern HB_EXPORT void hb_hmac_sha256_update( hb_hmac_sha256_ctx * ctx, + const void * message, + HB_SIZE message_len ); +extern HB_EXPORT void hb_hmac_sha256_final( hb_hmac_sha256_ctx * ctx, + unsigned char * mac, + HB_SIZE mac_size ); +extern HB_EXPORT void hb_hmac_sha256( const void * key, + HB_SIZE key_size, + const void * message, + HB_SIZE message_len, + unsigned char * mac, + HB_SIZE mac_size ); + +extern HB_EXPORT void hb_hmac_sha384_init( hb_hmac_sha384_ctx * ctx, + const void * key, + HB_SIZE key_size ); +extern HB_EXPORT void hb_hmac_sha384_reinit( hb_hmac_sha384_ctx * ctx ); +extern HB_EXPORT void hb_hmac_sha384_update( hb_hmac_sha384_ctx * ctx, + const void * message, + HB_SIZE message_len ); +extern HB_EXPORT void hb_hmac_sha384_final( hb_hmac_sha384_ctx * ctx, + unsigned char * mac, + HB_SIZE mac_size ); +extern HB_EXPORT void hb_hmac_sha384( const void * key, + HB_SIZE key_size, + const void * message, + HB_SIZE message_len, + unsigned char * mac, + HB_SIZE mac_size ); + +extern HB_EXPORT void hb_hmac_sha512_init( hb_hmac_sha512_ctx * ctx, + const void * key, + HB_SIZE key_size ); +extern HB_EXPORT void hb_hmac_sha512_reinit( hb_hmac_sha512_ctx * ctx ); +extern HB_EXPORT void hb_hmac_sha512_update( hb_hmac_sha512_ctx * ctx, + const void * message, + HB_SIZE message_len ); +extern HB_EXPORT void hb_hmac_sha512_final( hb_hmac_sha512_ctx * ctx, + unsigned char * mac, + HB_SIZE mac_size ); +extern HB_EXPORT void hb_hmac_sha512( const void * key, + HB_SIZE key_size, + const void * message, + HB_SIZE message_len, + unsigned char * mac, + HB_SIZE mac_size ); + +HB_EXTERN_END + +#endif /* HB_CRYPTO_H_ */ diff --git a/include/hbdefs.h b/include/hbdefs.h index 28d2c351e6..736ba6e4da 100644 --- a/include/hbdefs.h +++ b/include/hbdefs.h @@ -831,9 +831,13 @@ typedef HB_U32 HB_FATTR; #if defined( HB_BIG_ENDIAN ) # define HB_PUT_UINT32( p, v ) HB_PUT_BE_UINT32( p, ( HB_U32 ) ( v ) ) # define HB_GET_UINT32( p ) HB_GET_BE_UINT32( p ) +# define HB_PUT_UINT64( p, v ) HB_PUT_BE_UINT64( p, ( HB_U64 ) ( v ) ) +# define HB_GET_UINT64( p ) HB_GET_BE_UINT64( p ) #else # define HB_PUT_UINT32( p, v ) HB_PUT_LE_UINT32( p, ( HB_U32 ) ( v ) ) # define HB_GET_UINT32( p ) HB_GET_LE_UINT32( p ) +# define HB_PUT_UINT64( p, v ) HB_PUT_LE_UINT64( p, ( HB_U64 ) ( v ) ) +# define HB_GET_UINT64( p ) HB_GET_LE_UINT64( p ) #endif /* Macros to store/retrieve integer and double values at/from byte address */ diff --git a/package/harbour.spec b/package/harbour.spec index f19edf5096..ffdb89e3fd 100644 --- a/package/harbour.spec +++ b/package/harbour.spec @@ -83,7 +83,7 @@ %define hb_blds export HB_BUILD_STRIP=all %define hb_bldsh export HB_BUILD_SHARED=%{!?_with_static:yes} %define hb_cmrc export HB_BUILD_NOGPLLIB=%{?_without_gpllib:yes} -%define hb_ctrb export HB_BUILD_CONTRIBS="hbblink hbct hbgt hbmisc hbmzip hbbz2 hbtip hbtpathy hbcomm hbhpdf hbziparc hbfoxpro hbsms hbfship hbxpp xhb rddbm rddsql hbsqlit3 sddsqlt3 hbnf hbhttpd hbformat hbunix hbzebra hblzf hbcomio hbmemio hbnetio hbpipeio hbtcpio hbmlzo hbmxml hbexpat %{?_with_allegro:gtalleg} %{?_with_cairo:hbcairo} %{?_with_cups:hbcups} %{?_with_curl:hbcurl} %{?_with_freeimage:hbfimage} %{?_with_gd:hbgd} %{?_with_firebird:hbfbird sddfb} %{?_with_mysql:hbmysql sddmy} %{?_with_odbc:hbodbc sddodbc} %{?_with_pgsql:hbpgsql sddpg} %{?_with_ads:rddads} hbrun" +%define hb_ctrb export HB_BUILD_CONTRIBS="hbblink hbct hbgt hbmisc hbmzip hbbz2 hbtip hbtpathy hbcomm hbhpdf hbziparc hbfoxpro hbcrypto hbsms hbfship hbxpp xhb rddbm rddsql hbsqlit3 sddsqlt3 hbnf hbhttpd hbformat hbunix hbzebra hblzf hbcomio hbmemio hbnetio hbpipeio hbtcpio hbmlzo hbmxml hbexpat %{?_with_allegro:gtalleg} %{?_with_cairo:hbcairo} %{?_with_cups:hbcups} %{?_with_curl:hbcurl} %{?_with_freeimage:hbfimage} %{?_with_gd:hbgd} %{?_with_firebird:hbfbird sddfb} %{?_with_mysql:hbmysql sddmy} %{?_with_odbc:hbodbc sddodbc} %{?_with_pgsql:hbpgsql sddpg} %{?_with_ads:rddads} hbrun" %define hb_env %{hb_plat} ; %{hb_cc} ; %{hb_cflag} ; %{hb_lflag} ; %{hb_dflag} ; %{shl_path} ; %{hb_gpm} ; %{hb_crs} ; %{hb_sln} ; %{hb_x11} ; %{hb_ssl} ; %{hb_local} ; %{hb_proot} ; %{hb_bdir} ; %{hb_idir} ; %{hb_ldir} ; %{hb_ddir} ; %{hb_edir} ; %{hb_cdir} ; %{hb_mdir} ; %{hb_tdir} ; %{hb_ctrb} ; %{hb_cmrc} ; %{hb_blds} ; %{hb_bldsh} ###################################################################### ## Preamble. @@ -558,6 +558,9 @@ rm -rf "$RPM_BUILD_ROOT" %dir %{_datadir}/%{name}/contrib/hbfoxpro %{_datadir}/%{name}/contrib/hbfoxpro/* %{_libdir}/%{name}/libhbfoxpro.a +%dir %{_datadir}/%{name}/contrib/hbcrypto +%{_datadir}/%{name}/contrib/hbcrypto/* +%{_libdir}/%{name}/libhbcrypto.a %dir %{_datadir}/%{name}/contrib/hbfship %{_datadir}/%{name}/contrib/hbfship/* %{_libdir}/%{name}/libhbfship.a diff --git a/src/rtl/hbsha1.c b/src/rtl/hbsha1.c index 76d11a75d1..71e7a1e70c 100644 --- a/src/rtl/hbsha1.c +++ b/src/rtl/hbsha1.c @@ -1,7 +1,7 @@ /* * SHA1 Harbour wrappers * - * Copyright 2009 Viktor Szakats (vszakats.net/harbour) + * Copyright 2009 Viktor Szakats (vsz.me/hb) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -48,43 +48,13 @@ #include "sha1.h" -HB_FUNC( HB_SHA1 ) +HB_FUNC( HB_SHA1 ) /* Considered insecure. Use SHA256 or higher instead. */ { sha1_byte digest[ SHA1_DIGEST_LENGTH ]; - SHA_CTX ctx; + HB_SHA_CTX ctx; hb_SHA1_Init( &ctx ); - - #if HB_SIZE_MAX > UINT_MAX - { - const char * buffer = hb_parcx( 1 ); - HB_SIZE nCount = hb_parclen( 1 ); - HB_SIZE nDone = 0; - - while( nCount ) - { - unsigned int uiChunk; - - if( nCount > ( HB_SIZE ) UINT_MAX ) - { - uiChunk = UINT_MAX; - nCount -= ( HB_SIZE ) uiChunk; - } - else - { - uiChunk = ( unsigned int ) nCount; - nCount = 0; - } - - hb_SHA1_Update( &ctx, buffer + nDone, uiChunk ); - - nDone += ( HB_SIZE ) uiChunk; - } - } - #else - hb_SHA1_Update( &ctx, hb_parcx( 1 ), hb_parclen( 1 ) ); - #endif - + hb_SHA1_Update( &ctx, hb_parcx( 1 ), hb_parclen( 1 ) ); hb_SHA1_Final( digest, &ctx ); if( ! hb_parl( 2 ) ) diff --git a/src/rtl/hbsha1hm.c b/src/rtl/hbsha1hm.c index e31f7b0057..eb201ffa15 100644 --- a/src/rtl/hbsha1hm.c +++ b/src/rtl/hbsha1hm.c @@ -1,7 +1,7 @@ /* * HMAC-SHA1 Harbour wrappers * - * Copyright 2009 Viktor Szakats (vszakats.net/harbour) + * Copyright 2009 Viktor Szakats (vsz.me/hb) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -54,67 +54,11 @@ HB_FUNC( HB_HMAC_SHA1 ) HMAC_SHA1_CTX ctx; hb_HMAC_SHA1_Init( &ctx ); - #if HB_SIZE_MAX > UINT_MAX - { - const char * buffer = hb_parcx( 2 ); - HB_SIZE nCount = hb_parclen( 2 ); - HB_SIZE nDone = 0; - - while( nCount ) - { - unsigned int uiChunk; - - if( nCount > ( HB_SIZE ) UINT_MAX ) - { - uiChunk = UINT_MAX; - nCount -= ( HB_SIZE ) uiChunk; - } - else - { - uiChunk = ( unsigned int ) nCount; - nCount = 0; - } - - hb_HMAC_SHA1_UpdateKey( &ctx, buffer + nDone, uiChunk ); - - nDone += ( HB_SIZE ) uiChunk; - } - } - #else - hb_HMAC_SHA1_UpdateKey( &ctx, hb_parcx( 2 ), hb_parclen( 2 ) ); - #endif + hb_HMAC_SHA1_UpdateKey( &ctx, hb_parcx( 2 ), hb_parclen( 2 ) ); hb_HMAC_SHA1_EndKey( &ctx ); hb_HMAC_SHA1_StartMessage( &ctx ); - #if HB_SIZE_MAX > UINT_MAX - { - const char * buffer = hb_parcx( 1 ); - HB_SIZE nCount = hb_parclen( 1 ); - HB_SIZE nDone = 0; - - while( nCount ) - { - unsigned int uiChunk; - - if( nCount > ( HB_SIZE ) UINT_MAX ) - { - uiChunk = UINT_MAX; - nCount -= ( HB_SIZE ) uiChunk; - } - else - { - uiChunk = ( unsigned int ) nCount; - nCount = 0; - } - - hb_HMAC_SHA1_UpdateMessage( &ctx, buffer + nDone, uiChunk ); - - nDone += ( HB_SIZE ) uiChunk; - } - } - #else - hb_HMAC_SHA1_UpdateMessage( &ctx, hb_parcx( 1 ), hb_parclen( 1 ) ); - #endif + hb_HMAC_SHA1_UpdateMessage( &ctx, hb_parcx( 1 ), hb_parclen( 1 ) ); hb_HMAC_SHA1_EndMessage( mac, &ctx ); hb_HMAC_SHA1_Done( &ctx ); diff --git a/src/rtl/hbsha2.c b/src/rtl/hbsha2.c index fbdc1bc42e..2cbf434dfd 100644 --- a/src/rtl/hbsha2.c +++ b/src/rtl/hbsha2.c @@ -1,7 +1,7 @@ /* * SHA2 Harbour wrappers * - * Copyright 2009 Viktor Szakats (vszakats.net/harbour) + * Copyright 2009 Viktor Szakats * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -46,50 +46,19 @@ #include "hbapi.h" -#include "sha2.h" +#include "hbcrypto.h" HB_FUNC( HB_SHA224 ) { - unsigned char digest[ SHA224_DIGEST_SIZE ]; - sha224_ctx ctx; + unsigned char digest[ HB_SHA224_DIGEST_SIZE ]; - hb_sha224_init( &ctx ); - #if HB_SIZE_MAX > UINT_MAX - { - const char * buffer = hb_parcx( 1 ); - HB_SIZE nCount = hb_parclen( 1 ); - HB_SIZE nDone = 0; - - while( nCount ) - { - unsigned int uiChunk; - - if( nCount > ( HB_SIZE ) UINT_MAX ) - { - uiChunk = UINT_MAX; - nCount -= ( HB_SIZE ) uiChunk; - } - else - { - uiChunk = ( unsigned int ) nCount; - nCount = 0; - } - - hb_sha224_update( &ctx, buffer + nDone, uiChunk ); - - nDone += ( HB_SIZE ) uiChunk; - } - } - #else - hb_sha224_update( &ctx, hb_parcx( 1 ), hb_parclen( 1 ) ); - #endif - hb_sha224_final( &ctx, digest ); + hb_sha224( hb_parcx( 1 ), hb_parclen( 1 ), digest ); if( ! hb_parl( 2 ) ) { char hex[ ( sizeof( digest ) * 2 ) + 1 ]; hb_strtohex( ( char * ) digest, sizeof( digest ), hex ); - hb_retclen( hex, HB_SIZEOFARRAY( hex ) - 1 ); + hb_retclen( hex, sizeof( hex ) - 1 ); } else hb_retclen( ( char * ) digest, sizeof( digest ) ); @@ -97,46 +66,15 @@ HB_FUNC( HB_SHA224 ) HB_FUNC( HB_SHA256 ) { - unsigned char digest[ SHA256_DIGEST_SIZE ]; - sha256_ctx ctx; + unsigned char digest[ HB_SHA256_DIGEST_SIZE ]; - hb_sha256_init( &ctx ); - #if HB_SIZE_MAX > UINT_MAX - { - const char * buffer = hb_parcx( 1 ); - HB_SIZE nCount = hb_parclen( 1 ); - HB_SIZE nDone = 0; - - while( nCount ) - { - unsigned int uiChunk; - - if( nCount > ( HB_SIZE ) UINT_MAX ) - { - uiChunk = UINT_MAX; - nCount -= ( HB_SIZE ) uiChunk; - } - else - { - uiChunk = ( unsigned int ) nCount; - nCount = 0; - } - - hb_sha256_update( &ctx, buffer + nDone, uiChunk ); - - nDone += ( HB_SIZE ) uiChunk; - } - } - #else - hb_sha256_update( &ctx, hb_parcx( 1 ), hb_parclen( 1 ) ); - #endif - hb_sha256_final( &ctx, digest ); + hb_sha256( hb_parcx( 1 ), hb_parclen( 1 ), digest ); if( ! hb_parl( 2 ) ) { char hex[ ( sizeof( digest ) * 2 ) + 1 ]; hb_strtohex( ( char * ) digest, sizeof( digest ), hex ); - hb_retclen( hex, HB_SIZEOFARRAY( hex ) - 1 ); + hb_retclen( hex, sizeof( hex ) - 1 ); } else hb_retclen( ( char * ) digest, sizeof( digest ) ); @@ -144,46 +82,15 @@ HB_FUNC( HB_SHA256 ) HB_FUNC( HB_SHA384 ) { - unsigned char digest[ SHA384_DIGEST_SIZE ]; - sha384_ctx ctx; + unsigned char digest[ HB_SHA384_DIGEST_SIZE ]; - hb_sha384_init( &ctx ); - #if HB_SIZE_MAX > UINT_MAX - { - const char * buffer = hb_parcx( 1 ); - HB_SIZE nCount = hb_parclen( 1 ); - HB_SIZE nDone = 0; - - while( nCount ) - { - unsigned int uiChunk; - - if( nCount > ( HB_SIZE ) UINT_MAX ) - { - uiChunk = UINT_MAX; - nCount -= ( HB_SIZE ) uiChunk; - } - else - { - uiChunk = ( unsigned int ) nCount; - nCount = 0; - } - - hb_sha384_update( &ctx, buffer + nDone, uiChunk ); - - nDone += ( HB_SIZE ) uiChunk; - } - } - #else - hb_sha384_update( &ctx, hb_parcx( 1 ), hb_parclen( 1 ) ); - #endif - hb_sha384_final( &ctx, digest ); + hb_sha384( hb_parcx( 1 ), hb_parclen( 1 ), digest ); if( ! hb_parl( 2 ) ) { char hex[ ( sizeof( digest ) * 2 ) + 1 ]; hb_strtohex( ( char * ) digest, sizeof( digest ), hex ); - hb_retclen( hex, HB_SIZEOFARRAY( hex ) - 1 ); + hb_retclen( hex, sizeof( hex ) - 1 ); } else hb_retclen( ( char * ) digest, sizeof( digest ) ); @@ -191,46 +98,15 @@ HB_FUNC( HB_SHA384 ) HB_FUNC( HB_SHA512 ) { - unsigned char digest[ SHA512_DIGEST_SIZE ]; - sha512_ctx ctx; + unsigned char digest[ HB_SHA512_DIGEST_SIZE ]; - hb_sha512_init( &ctx ); - #if HB_SIZE_MAX > UINT_MAX - { - const char * buffer = hb_parcx( 1 ); - HB_SIZE nCount = hb_parclen( 1 ); - HB_SIZE nDone = 0; - - while( nCount ) - { - unsigned int uiChunk; - - if( nCount > ( HB_SIZE ) UINT_MAX ) - { - uiChunk = UINT_MAX; - nCount -= ( HB_SIZE ) uiChunk; - } - else - { - uiChunk = ( unsigned int ) nCount; - nCount = 0; - } - - hb_sha512_update( &ctx, buffer + nDone, uiChunk ); - - nDone += ( HB_SIZE ) uiChunk; - } - } - #else - hb_sha512_update( &ctx, hb_parcx( 1 ), hb_parclen( 1 ) ); - #endif - hb_sha512_final( &ctx, digest ); + hb_sha512( hb_parcx( 1 ), hb_parclen( 1 ), digest ); if( ! hb_parl( 2 ) ) { char hex[ ( sizeof( digest ) * 2 ) + 1 ]; hb_strtohex( ( char * ) digest, sizeof( digest ), hex ); - hb_retclen( hex, HB_SIZEOFARRAY( hex ) - 1 ); + hb_retclen( hex, sizeof( hex ) - 1 ); } else hb_retclen( ( char * ) digest, sizeof( digest ) ); diff --git a/src/rtl/hbsha2hm.c b/src/rtl/hbsha2hm.c index 6866d0394b..abfb034f49 100644 --- a/src/rtl/hbsha2hm.c +++ b/src/rtl/hbsha2hm.c @@ -1,7 +1,7 @@ /* * HMAC-SHA2 Harbour wrappers * - * Copyright 2009 Viktor Szakats (vszakats.net/harbour) + * Copyright 2009 Viktor Szakats * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -46,44 +46,13 @@ #include "hbapi.h" -#include "sha2hmac.h" +#include "hbcrypto.h" HB_FUNC( HB_HMAC_SHA224 ) { - unsigned char mac[ SHA224_DIGEST_SIZE ]; - hmac_sha224_ctx ctx; + unsigned char mac[ HB_SHA224_DIGEST_SIZE ]; - hb_hmac_sha224_init( &ctx, hb_parcx( 2 ), ( unsigned int ) hb_parclen( 2 ) ); - #if HB_SIZE_MAX > UINT_MAX - { - const char * buffer = hb_parcx( 1 ); - HB_SIZE nCount = hb_parclen( 1 ); - HB_SIZE nDone = 0; - - while( nCount ) - { - unsigned int uiChunk; - - if( nCount > ( HB_SIZE ) UINT_MAX ) - { - uiChunk = UINT_MAX; - nCount -= ( HB_SIZE ) uiChunk; - } - else - { - uiChunk = ( unsigned int ) nCount; - nCount = 0; - } - - hb_hmac_sha224_update( &ctx, buffer + nDone, uiChunk ); - - nDone += ( HB_SIZE ) uiChunk; - } - } - #else - hb_hmac_sha224_update( &ctx, hb_parcx( 1 ), hb_parclen( 1 ) ); - #endif - hb_hmac_sha224_final( &ctx, mac, HB_SIZEOFARRAY( mac ) ); + hb_hmac_sha224( hb_parcx( 2 ), hb_parclen( 2 ), hb_parcx( 1 ), hb_parclen( 1 ), mac, sizeof( mac ) ); if( ! hb_parl( 3 ) ) { @@ -97,40 +66,9 @@ HB_FUNC( HB_HMAC_SHA224 ) HB_FUNC( HB_HMAC_SHA256 ) { - unsigned char mac[ SHA256_DIGEST_SIZE ]; - hmac_sha256_ctx ctx; + unsigned char mac[ HB_SHA256_DIGEST_SIZE ]; - hb_hmac_sha256_init( &ctx, hb_parcx( 2 ), ( unsigned int ) hb_parclen( 2 ) ); - #if HB_SIZE_MAX > UINT_MAX - { - const char * buffer = hb_parcx( 1 ); - HB_SIZE nCount = hb_parclen( 1 ); - HB_SIZE nDone = 0; - - while( nCount ) - { - unsigned int uiChunk; - - if( nCount > ( HB_SIZE ) UINT_MAX ) - { - uiChunk = UINT_MAX; - nCount -= ( HB_SIZE ) uiChunk; - } - else - { - uiChunk = ( unsigned int ) nCount; - nCount = 0; - } - - hb_hmac_sha256_update( &ctx, buffer + nDone, uiChunk ); - - nDone += ( HB_SIZE ) uiChunk; - } - } - #else - hb_hmac_sha256_update( &ctx, hb_parcx( 1 ), hb_parclen( 1 ) ); - #endif - hb_hmac_sha256_final( &ctx, mac, HB_SIZEOFARRAY( mac ) ); + hb_hmac_sha256( hb_parcx( 2 ), hb_parclen( 2 ), hb_parcx( 1 ), hb_parclen( 1 ), mac, sizeof( mac ) ); if( ! hb_parl( 3 ) ) { @@ -144,40 +82,9 @@ HB_FUNC( HB_HMAC_SHA256 ) HB_FUNC( HB_HMAC_SHA384 ) { - unsigned char mac[ SHA384_DIGEST_SIZE ]; - hmac_sha384_ctx ctx; + unsigned char mac[ HB_SHA384_DIGEST_SIZE ]; - hb_hmac_sha384_init( &ctx, hb_parcx( 2 ), ( unsigned int ) hb_parclen( 2 ) ); - #if HB_SIZE_MAX > UINT_MAX - { - const char * buffer = hb_parcx( 1 ); - HB_SIZE nCount = hb_parclen( 1 ); - HB_SIZE nDone = 0; - - while( nCount ) - { - unsigned int uiChunk; - - if( nCount > ( HB_SIZE ) UINT_MAX ) - { - uiChunk = UINT_MAX; - nCount -= ( HB_SIZE ) uiChunk; - } - else - { - uiChunk = ( unsigned int ) nCount; - nCount = 0; - } - - hb_hmac_sha384_update( &ctx, buffer + nDone, uiChunk ); - - nDone += ( HB_SIZE ) uiChunk; - } - } - #else - hb_hmac_sha384_update( &ctx, hb_parcx( 1 ), hb_parclen( 1 ) ); - #endif - hb_hmac_sha384_final( &ctx, mac, HB_SIZEOFARRAY( mac ) ); + hb_hmac_sha384( hb_parcx( 2 ), hb_parclen( 2 ), hb_parcx( 1 ), hb_parclen( 1 ), mac, sizeof( mac ) ); if( ! hb_parl( 3 ) ) { @@ -191,40 +98,9 @@ HB_FUNC( HB_HMAC_SHA384 ) HB_FUNC( HB_HMAC_SHA512 ) { - unsigned char mac[ SHA512_DIGEST_SIZE ]; - hmac_sha512_ctx ctx; + unsigned char mac[ HB_SHA512_DIGEST_SIZE ]; - hb_hmac_sha512_init( &ctx, hb_parcx( 2 ), ( unsigned int ) hb_parclen( 2 ) ); - #if HB_SIZE_MAX > UINT_MAX - { - const char * buffer = hb_parcx( 1 ); - HB_SIZE nCount = hb_parclen( 1 ); - HB_SIZE nDone = 0; - - while( nCount ) - { - unsigned int uiChunk; - - if( nCount > ( HB_SIZE ) UINT_MAX ) - { - uiChunk = UINT_MAX; - nCount -= ( HB_SIZE ) uiChunk; - } - else - { - uiChunk = ( unsigned int ) nCount; - nCount = 0; - } - - hb_hmac_sha512_update( &ctx, buffer + nDone, uiChunk ); - - nDone += ( HB_SIZE ) uiChunk; - } - } - #else - hb_hmac_sha512_update( &ctx, hb_parcx( 1 ), hb_parclen( 1 ) ); - #endif - hb_hmac_sha512_final( &ctx, mac, HB_SIZEOFARRAY( mac ) ); + hb_hmac_sha512( hb_parcx( 2 ), hb_parclen( 2 ), hb_parcx( 1 ), hb_parclen( 1 ), mac, sizeof( mac ) ); if( ! hb_parl( 3 ) ) { diff --git a/src/rtl/sha1.c b/src/rtl/sha1.c index 31451adfad..36e8acd59d 100644 --- a/src/rtl/sha1.c +++ b/src/rtl/sha1.c @@ -8,7 +8,7 @@ * NO COPYRIGHT - THIS IS 100% IN THE PUBLIC DOMAIN * * The original unmodified version is available at: - * http://www.nic.funet.fi/pub/crypt/hash/sha/sha1.c + * https://www.nic.funet.fi/pub/crypt/hash/sha/sha1.c * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE @@ -109,7 +109,7 @@ static void SHA1_Transform(sha1_quadbyte state[5], sha1_byte buffer[64]) { /* SHA1_Init - Initialize new context */ -void hb_SHA1_Init(SHA_CTX* context) { +void hb_SHA1_Init(HB_SHA_CTX* context) { /* SHA1 initialization constants */ context->state[0] = 0x67452301; context->state[1] = 0xEFCDAB89; @@ -120,13 +120,13 @@ void hb_SHA1_Init(SHA_CTX* context) { } /* Run your data through this. */ -void hb_SHA1_Update(SHA_CTX *context, const void *datav, unsigned int len) { +void hb_SHA1_Update(HB_SHA_CTX *context, const void *datav, HB_SIZE len) { const sha1_byte * data = ( const sha1_byte * ) datav; - unsigned int i, j; + HB_SIZE i, j; j = (context->count[0] >> 3) & 63; - if ((context->count[0] += len << 3) < (len << 3)) context->count[1]++; - context->count[1] += (len >> 29); + if ((context->count[0] += (sha1_quadbyte) len << 3) < ((sha1_quadbyte) len << 3)) context->count[1]++; + context->count[1] += ((sha1_quadbyte) len >> 29); if ((j + len) > 63) { memcpy(&context->buffer[j], data, (i = 64-j)); SHA1_Transform(context->state, context->buffer); @@ -143,7 +143,7 @@ void hb_SHA1_Update(SHA_CTX *context, const void *datav, unsigned int len) { /* Add padding and return the message digest. */ -void hb_SHA1_Final(sha1_byte digest[SHA1_DIGEST_LENGTH], SHA_CTX *context) { +void hb_SHA1_Final(sha1_byte digest[SHA1_DIGEST_LENGTH], HB_SHA_CTX *context) { sha1_quadbyte i; sha1_byte finalcount[8]; diff --git a/src/rtl/sha1.h b/src/rtl/sha1.h index 837bf3347a..fc851d0d0a 100644 --- a/src/rtl/sha1.h +++ b/src/rtl/sha1.h @@ -9,7 +9,7 @@ * NO COPYRIGHT - THIS IS 100% IN THE PUBLIC DOMAIN * * The original unmodified version is available at: - * http://www.nic.funet.fi/pub/crypt/hash/sha/sha1.c + * https://www.nic.funet.fi/pub/crypt/hash/sha/sha1.c * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE @@ -55,23 +55,23 @@ typedef unsigned char sha1_byte; /* single byte type */ #define SHA1_DIGEST_LENGTH 20 /* The SHA1 structure: */ -typedef struct _SHA_CTX { +typedef struct { sha1_quadbyte state[5]; sha1_quadbyte count[2]; sha1_byte buffer[SHA1_BLOCK_LENGTH]; -} SHA_CTX; +} HB_SHA_CTX; #ifndef NOPROTO -void hb_SHA1_Init(SHA_CTX *context); -void hb_SHA1_Update(SHA_CTX *context, const void *data, unsigned int len); -void hb_SHA1_Final(sha1_byte digest[SHA1_DIGEST_LENGTH], SHA_CTX* context); +void hb_SHA1_Init(HB_SHA_CTX *context); +void hb_SHA1_Update(HB_SHA_CTX *context, const void *data, HB_SIZE len); +void hb_SHA1_Final(sha1_byte digest[SHA1_DIGEST_LENGTH], HB_SHA_CTX* context); #else void hb_SHA1_Init(); void hb_SHA1_Update(); void hb_SHA1_Final(); #endif -#ifdef __cplusplus +#ifdef __cplusplus } #endif diff --git a/src/rtl/sha1hmac.c b/src/rtl/sha1hmac.c index 005cd3fb1c..f6321a17fd 100644 --- a/src/rtl/sha1hmac.c +++ b/src/rtl/sha1hmac.c @@ -59,10 +59,6 @@ #include "sha1hmac.h" #include -#ifdef __cplusplus -extern "C" { -#endif - /* Filler bytes: */ #define IPAD_BYTE 0x36 #define OPAD_BYTE 0x5c @@ -76,7 +72,7 @@ void hb_HMAC_SHA1_Init(HMAC_SHA1_CTX *ctx) { ctx->hashkey = 0; } -void hb_HMAC_SHA1_UpdateKey(HMAC_SHA1_CTX *ctx, const void *key, unsigned int keylen) { +void hb_HMAC_SHA1_UpdateKey(HMAC_SHA1_CTX *ctx, const void *key, HB_SIZE keylen) { /* Do we have anything to work with? If not, return right away. */ if (keylen < 1) @@ -132,7 +128,7 @@ void hb_HMAC_SHA1_UpdateKey(HMAC_SHA1_CTX *ctx, const void *key, unsigned int ke void hb_HMAC_SHA1_EndKey(HMAC_SHA1_CTX *ctx) { unsigned char *ipad, *opad, *key; - unsigned int i; + HB_SIZE i; /* Did we end up hashing the key? */ if (ctx->hashkey) { @@ -163,13 +159,13 @@ void hb_HMAC_SHA1_StartMessage(HMAC_SHA1_CTX *ctx) { hb_SHA1_Update(&ctx->shactx, &(ctx->ipad[0]), HMAC_SHA1_BLOCK_LENGTH); } -void hb_HMAC_SHA1_UpdateMessage(HMAC_SHA1_CTX *ctx, const void *data, unsigned int datalen) { +void hb_HMAC_SHA1_UpdateMessage(HMAC_SHA1_CTX *ctx, const void *data, HB_SIZE datalen) { hb_SHA1_Update(&ctx->shactx, data, datalen); } void hb_HMAC_SHA1_EndMessage(unsigned char *out, HMAC_SHA1_CTX *ctx) { unsigned char buf[HMAC_SHA1_DIGEST_LENGTH]; - SHA_CTX *c = &ctx->shactx; + HB_SHA_CTX *c = &ctx->shactx; hb_SHA1_Final(&(buf[0]), c); hb_SHA1_Init(c); @@ -187,8 +183,4 @@ void hb_HMAC_SHA1_Done(HMAC_SHA1_CTX *ctx) { ctx->hashkey = 0; } -#ifdef __cplusplus -} -#endif - #endif diff --git a/src/rtl/sha1hmac.h b/src/rtl/sha1hmac.h index 3055769ccb..4ece4adb53 100644 --- a/src/rtl/sha1hmac.h +++ b/src/rtl/sha1hmac.h @@ -50,9 +50,7 @@ #include "sha1.h" -#ifdef __cplusplus -extern "C" { -#endif +HB_EXTERN_BEGIN #define HMAC_SHA1_DIGEST_LENGTH 20 #define HMAC_SHA1_BLOCK_LENGTH 64 @@ -61,18 +59,18 @@ extern "C" { typedef struct _HMAC_SHA1_CTX { unsigned char ipad[HMAC_SHA1_BLOCK_LENGTH]; unsigned char opad[HMAC_SHA1_BLOCK_LENGTH]; - SHA_CTX shactx; + HB_SHA_CTX shactx; unsigned char key[HMAC_SHA1_BLOCK_LENGTH]; - unsigned int keylen; - unsigned int hashkey; + HB_SIZE keylen; + HB_SIZE hashkey; } HMAC_SHA1_CTX; #ifndef NOPROTO void hb_HMAC_SHA1_Init(HMAC_SHA1_CTX *ctx); -void hb_HMAC_SHA1_UpdateKey(HMAC_SHA1_CTX *ctx, const void *key, unsigned int keylen); +void hb_HMAC_SHA1_UpdateKey(HMAC_SHA1_CTX *ctx, const void *key, HB_SIZE keylen); void hb_HMAC_SHA1_EndKey(HMAC_SHA1_CTX *ctx); void hb_HMAC_SHA1_StartMessage(HMAC_SHA1_CTX *ctx); -void hb_HMAC_SHA1_UpdateMessage(HMAC_SHA1_CTX *ctx, const void *data, unsigned int datalen); +void hb_HMAC_SHA1_UpdateMessage(HMAC_SHA1_CTX *ctx, const void *data, HB_SIZE datalen); void hb_HMAC_SHA1_EndMessage(unsigned char *out, HMAC_SHA1_CTX *ctx); void hb_HMAC_SHA1_Done(HMAC_SHA1_CTX *ctx); #else @@ -85,8 +83,6 @@ void hb_HMAC_SHA1_EndMessage(); void hb_HMAC_SHA1_Done(); #endif -#ifdef __cplusplus -} -#endif +HB_EXTERN_END #endif diff --git a/src/rtl/sha2.c b/src/rtl/sha2.c index 1a1bcacaa5..590eb424c4 100644 --- a/src/rtl/sha2.c +++ b/src/rtl/sha2.c @@ -35,10 +35,8 @@ #define UNROLL_LOOPS /* Enable loops unrolling */ #endif -#include - -#include "sha2.h" -#include "hbdefs.h" +#include "hbapi.h" +#include "hbcrypto.h" #define SHFR(x, n) (x >> n) #define ROTR(x, n) ((x >> n) | (x << ((sizeof(x) << 3) - n))) @@ -58,42 +56,42 @@ #define UNPACK32(x, str) \ { \ - *((str) + 3) = (uint8) ((x) ); \ - *((str) + 2) = (uint8) ((x) >> 8); \ - *((str) + 1) = (uint8) ((x) >> 16); \ - *((str) + 0) = (uint8) ((x) >> 24); \ + *((str) + 3) = (HB_U8) ((x) ); \ + *((str) + 2) = (HB_U8) ((x) >> 8); \ + *((str) + 1) = (HB_U8) ((x) >> 16); \ + *((str) + 0) = (HB_U8) ((x) >> 24); \ } #define PACK32(str, x) \ { \ - *(x) = ((uint32) *((str) + 3) ) \ - | ((uint32) *((str) + 2) << 8) \ - | ((uint32) *((str) + 1) << 16) \ - | ((uint32) *((str) + 0) << 24); \ + *(x) = ((HB_U32) *((str) + 3) ) \ + | ((HB_U32) *((str) + 2) << 8) \ + | ((HB_U32) *((str) + 1) << 16) \ + | ((HB_U32) *((str) + 0) << 24); \ } #define UNPACK64(x, str) \ { \ - *((str) + 7) = (uint8) ((x) ); \ - *((str) + 6) = (uint8) ((x) >> 8); \ - *((str) + 5) = (uint8) ((x) >> 16); \ - *((str) + 4) = (uint8) ((x) >> 24); \ - *((str) + 3) = (uint8) ((x) >> 32); \ - *((str) + 2) = (uint8) ((x) >> 40); \ - *((str) + 1) = (uint8) ((x) >> 48); \ - *((str) + 0) = (uint8) ((x) >> 56); \ + *((str) + 7) = (HB_U8) ((x) ); \ + *((str) + 6) = (HB_U8) ((x) >> 8); \ + *((str) + 5) = (HB_U8) ((x) >> 16); \ + *((str) + 4) = (HB_U8) ((x) >> 24); \ + *((str) + 3) = (HB_U8) ((x) >> 32); \ + *((str) + 2) = (HB_U8) ((x) >> 40); \ + *((str) + 1) = (HB_U8) ((x) >> 48); \ + *((str) + 0) = (HB_U8) ((x) >> 56); \ } #define PACK64(str, x) \ { \ - *(x) = ((uint64) *((str) + 7) ) \ - | ((uint64) *((str) + 6) << 8) \ - | ((uint64) *((str) + 5) << 16) \ - | ((uint64) *((str) + 4) << 24) \ - | ((uint64) *((str) + 3) << 32) \ - | ((uint64) *((str) + 2) << 40) \ - | ((uint64) *((str) + 1) << 48) \ - | ((uint64) *((str) + 0) << 56); \ + *(x) = ((HB_U64) *((str) + 7) ) \ + | ((HB_U64) *((str) + 6) << 8) \ + | ((HB_U64) *((str) + 5) << 16) \ + | ((HB_U64) *((str) + 4) << 24) \ + | ((HB_U64) *((str) + 3) << 32) \ + | ((HB_U64) *((str) + 2) << 40) \ + | ((HB_U64) *((str) + 1) << 48) \ + | ((HB_U64) *((str) + 0) << 56); \ } /* Macros used for loops unrolling */ @@ -128,27 +126,27 @@ wv[h] = t1 + t2; \ } -static const uint32 sha224_h0[8] = +static const HB_U32 sha224_h0[8] = {0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939, 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4}; -static const uint32 sha256_h0[8] = +static const HB_U32 sha256_h0[8] = {0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19}; -static const uint64 sha384_h0[8] = +static const HB_U64 sha384_h0[8] = {HB_ULL( 0xcbbb9d5dc1059ed8 ), HB_ULL( 0x629a292a367cd507 ), HB_ULL( 0x9159015a3070dd17 ), HB_ULL( 0x152fecd8f70e5939 ), HB_ULL( 0x67332667ffc00b31 ), HB_ULL( 0x8eb44a8768581511 ), HB_ULL( 0xdb0c2e0d64f98fa7 ), HB_ULL( 0x47b5481dbefa4fa4 )}; -static const uint64 sha512_h0[8] = +static const HB_U64 sha512_h0[8] = {HB_ULL( 0x6a09e667f3bcc908 ), HB_ULL( 0xbb67ae8584caa73b ), HB_ULL( 0x3c6ef372fe94f82b ), HB_ULL( 0xa54ff53a5f1d36f1 ), HB_ULL( 0x510e527fade682d1 ), HB_ULL( 0x9b05688c2b3e6c1f ), HB_ULL( 0x1f83d9abfb41bd6b ), HB_ULL( 0x5be0cd19137e2179 )}; -static const uint32 sha256_k[64] = +static const HB_U32 sha256_k[64] = {0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, @@ -166,7 +164,7 @@ static const uint32 sha256_k[64] = 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2}; -static const uint64 sha512_k[80] = +static const HB_U64 sha512_k[80] = {HB_ULL( 0x428a2f98d728ae22 ), HB_ULL( 0x7137449123ef65cd ), HB_ULL( 0xb5c0fbcfec4d3b2f ), HB_ULL( 0xe9b5dba58189dbbc ), HB_ULL( 0x3956c25bf348b538 ), HB_ULL( 0x59f111f1b605d019 ), @@ -210,20 +208,20 @@ static const uint64 sha512_k[80] = /* SHA-256 functions */ -static void sha256_transf(sha256_ctx *ctx, const unsigned char *message, - unsigned int block_nb) +static void sha256_transf(hb_sha256_ctx *ctx, const unsigned char *message, + HB_SIZE block_nb) { - uint32 w[64]; - uint32 wv[8]; - uint32 t1, t2; + HB_U32 w[64]; + HB_U32 wv[8]; + HB_U32 t1, t2; const unsigned char *sub_block; - int i; + HB_ISIZ i; + for (i = 0; i < ( HB_ISIZ ) block_nb; i++) { #ifndef UNROLL_LOOPS - int j; + int j; #endif - for (i = 0; i < (int) block_nb; i++) { sub_block = message + (i << 6); #ifndef UNROLL_LOOPS @@ -325,16 +323,16 @@ static void sha256_transf(sha256_ctx *ctx, const unsigned char *message, } } -void hb_sha256(const void *message, unsigned int len, unsigned char *digest) +void hb_sha256(const void *message, HB_SIZE len, unsigned char *digest) { - sha256_ctx ctx; + hb_sha256_ctx ctx; hb_sha256_init(&ctx); hb_sha256_update(&ctx, message, len); hb_sha256_final(&ctx, digest); } -void hb_sha256_init(sha256_ctx *ctx) +void hb_sha256_init(hb_sha256_ctx *ctx) { #ifndef UNROLL_LOOPS int i; @@ -352,33 +350,33 @@ void hb_sha256_init(sha256_ctx *ctx) ctx->tot_len = 0; } -void hb_sha256_update(sha256_ctx *ctx, const void *messagev, - unsigned int len) +void hb_sha256_update(hb_sha256_ctx *ctx, const void *messagev, + HB_SIZE len) { const unsigned char * message = ( const unsigned char * ) messagev; - unsigned int block_nb; - unsigned int new_len, rem_len, tmp_len; + HB_SIZE block_nb; + HB_SIZE new_len, rem_len, tmp_len; const unsigned char *shifted_message; - tmp_len = SHA256_BLOCK_SIZE - ctx->len; + tmp_len = HB_SHA256_BLOCK_SIZE - ctx->len; rem_len = len < tmp_len ? len : tmp_len; memcpy(&ctx->block[ctx->len], message, rem_len); - if (ctx->len + len < SHA256_BLOCK_SIZE) { + if (ctx->len + len < HB_SHA256_BLOCK_SIZE) { ctx->len += len; return; } new_len = len - rem_len; - block_nb = new_len / SHA256_BLOCK_SIZE; + block_nb = new_len / HB_SHA256_BLOCK_SIZE; shifted_message = message + rem_len; sha256_transf(ctx, ctx->block, 1); sha256_transf(ctx, shifted_message, block_nb); - rem_len = new_len % SHA256_BLOCK_SIZE; + rem_len = new_len % HB_SHA256_BLOCK_SIZE; memcpy(ctx->block, &shifted_message[block_nb << 6], rem_len); @@ -387,18 +385,18 @@ void hb_sha256_update(sha256_ctx *ctx, const void *messagev, ctx->tot_len += (block_nb + 1) << 6; } -void hb_sha256_final(sha256_ctx *ctx, unsigned char *digest) +void hb_sha256_final(hb_sha256_ctx *ctx, unsigned char *digest) { - unsigned int block_nb; - unsigned int pm_len; - unsigned int len_b; + HB_SIZE block_nb; + HB_SIZE pm_len; + HB_SIZE len_b; #ifndef UNROLL_LOOPS int i; #endif - block_nb = (1 + ((SHA256_BLOCK_SIZE - 9) - < (ctx->len % SHA256_BLOCK_SIZE))); + block_nb = (1 + ((HB_SHA256_BLOCK_SIZE - 9) + < (ctx->len % HB_SHA256_BLOCK_SIZE))); len_b = (ctx->tot_len + ctx->len) << 3; pm_len = block_nb << 6; @@ -427,16 +425,20 @@ void hb_sha256_final(sha256_ctx *ctx, unsigned char *digest) /* SHA-512 functions */ -static void sha512_transf(sha512_ctx *ctx, const unsigned char *message, - unsigned int block_nb) +static void sha512_transf(hb_sha512_ctx *ctx, const unsigned char *message, + HB_SIZE block_nb) { - uint64 w[80]; - uint64 wv[8]; - uint64 t1, t2; + HB_U64 w[80]; + HB_U64 wv[8]; + HB_U64 t1, t2; const unsigned char *sub_block; - int i, j; + HB_ISIZ i; + + for (i = 0; i < ( HB_ISIZ ) block_nb; i++) { +#ifndef UNROLL_LOOPS + int j; +#endif - for (i = 0; i < (int) block_nb; i++) { sub_block = message + (i << 7); #ifndef UNROLL_LOOPS @@ -522,17 +524,17 @@ static void sha512_transf(sha512_ctx *ctx, const unsigned char *message, } } -void hb_sha512(const void *message, unsigned int len, +void hb_sha512(const void *message, HB_SIZE len, unsigned char *digest) { - sha512_ctx ctx; + hb_sha512_ctx ctx; hb_sha512_init(&ctx); hb_sha512_update(&ctx, message, len); hb_sha512_final(&ctx, digest); } -void hb_sha512_init(sha512_ctx *ctx) +void hb_sha512_init(hb_sha512_ctx *ctx) { #ifndef UNROLL_LOOPS int i; @@ -550,33 +552,33 @@ void hb_sha512_init(sha512_ctx *ctx) ctx->tot_len = 0; } -void hb_sha512_update(sha512_ctx *ctx, const void *messagev, - unsigned int len) +void hb_sha512_update(hb_sha512_ctx *ctx, const void *messagev, + HB_SIZE len) { const unsigned char * message = ( const unsigned char * ) messagev; - unsigned int block_nb; - unsigned int new_len, rem_len, tmp_len; + HB_SIZE block_nb; + HB_SIZE new_len, rem_len, tmp_len; const unsigned char *shifted_message; - tmp_len = SHA512_BLOCK_SIZE - ctx->len; + tmp_len = HB_SHA512_BLOCK_SIZE - ctx->len; rem_len = len < tmp_len ? len : tmp_len; memcpy(&ctx->block[ctx->len], message, rem_len); - if (ctx->len + len < SHA512_BLOCK_SIZE) { + if (ctx->len + len < HB_SHA512_BLOCK_SIZE) { ctx->len += len; return; } new_len = len - rem_len; - block_nb = new_len / SHA512_BLOCK_SIZE; + block_nb = new_len / HB_SHA512_BLOCK_SIZE; shifted_message = message + rem_len; sha512_transf(ctx, ctx->block, 1); sha512_transf(ctx, shifted_message, block_nb); - rem_len = new_len % SHA512_BLOCK_SIZE; + rem_len = new_len % HB_SHA512_BLOCK_SIZE; memcpy(ctx->block, &shifted_message[block_nb << 7], rem_len); @@ -585,18 +587,18 @@ void hb_sha512_update(sha512_ctx *ctx, const void *messagev, ctx->tot_len += (block_nb + 1) << 7; } -void hb_sha512_final(sha512_ctx *ctx, unsigned char *digest) +void hb_sha512_final(hb_sha512_ctx *ctx, unsigned char *digest) { - unsigned int block_nb; - unsigned int pm_len; - unsigned int len_b; + HB_SIZE block_nb; + HB_SIZE pm_len; + HB_SIZE len_b; #ifndef UNROLL_LOOPS int i; #endif - block_nb = 1 + ((SHA512_BLOCK_SIZE - 17) - < (ctx->len % SHA512_BLOCK_SIZE)); + block_nb = 1 + ((HB_SHA512_BLOCK_SIZE - 17) + < (ctx->len % HB_SHA512_BLOCK_SIZE)); len_b = (ctx->tot_len + ctx->len) << 3; pm_len = block_nb << 7; @@ -625,17 +627,17 @@ void hb_sha512_final(sha512_ctx *ctx, unsigned char *digest) /* SHA-384 functions */ -void hb_sha384(const void *message, unsigned int len, +void hb_sha384(const void *message, HB_SIZE len, unsigned char *digest) { - sha384_ctx ctx; + hb_sha384_ctx ctx; hb_sha384_init(&ctx); hb_sha384_update(&ctx, message, len); hb_sha384_final(&ctx, digest); } -void hb_sha384_init(sha384_ctx *ctx) +void hb_sha384_init(hb_sha384_ctx *ctx) { #ifndef UNROLL_LOOPS int i; @@ -653,33 +655,33 @@ void hb_sha384_init(sha384_ctx *ctx) ctx->tot_len = 0; } -void hb_sha384_update(sha384_ctx *ctx, const void *messagev, - unsigned int len) +void hb_sha384_update(hb_sha384_ctx *ctx, const void *messagev, + HB_SIZE len) { const unsigned char * message = ( const unsigned char * ) messagev; - unsigned int block_nb; - unsigned int new_len, rem_len, tmp_len; + HB_SIZE block_nb; + HB_SIZE new_len, rem_len, tmp_len; const unsigned char *shifted_message; - tmp_len = SHA384_BLOCK_SIZE - ctx->len; + tmp_len = HB_SHA384_BLOCK_SIZE - ctx->len; rem_len = len < tmp_len ? len : tmp_len; memcpy(&ctx->block[ctx->len], message, rem_len); - if (ctx->len + len < SHA384_BLOCK_SIZE) { + if (ctx->len + len < HB_SHA384_BLOCK_SIZE) { ctx->len += len; return; } new_len = len - rem_len; - block_nb = new_len / SHA384_BLOCK_SIZE; + block_nb = new_len / HB_SHA384_BLOCK_SIZE; shifted_message = message + rem_len; sha512_transf(ctx, ctx->block, 1); sha512_transf(ctx, shifted_message, block_nb); - rem_len = new_len % SHA384_BLOCK_SIZE; + rem_len = new_len % HB_SHA384_BLOCK_SIZE; memcpy(ctx->block, &shifted_message[block_nb << 7], rem_len); @@ -688,18 +690,18 @@ void hb_sha384_update(sha384_ctx *ctx, const void *messagev, ctx->tot_len += (block_nb + 1) << 7; } -void hb_sha384_final(sha384_ctx *ctx, unsigned char *digest) +void hb_sha384_final(hb_sha384_ctx *ctx, unsigned char *digest) { - unsigned int block_nb; - unsigned int pm_len; - unsigned int len_b; + HB_SIZE block_nb; + HB_SIZE pm_len; + HB_SIZE len_b; #ifndef UNROLL_LOOPS int i; #endif - block_nb = (1 + ((SHA384_BLOCK_SIZE - 17) - < (ctx->len % SHA384_BLOCK_SIZE))); + block_nb = (1 + ((HB_SHA384_BLOCK_SIZE - 17) + < (ctx->len % HB_SHA384_BLOCK_SIZE))); len_b = (ctx->tot_len + ctx->len) << 3; pm_len = block_nb << 7; @@ -726,17 +728,17 @@ void hb_sha384_final(sha384_ctx *ctx, unsigned char *digest) /* SHA-224 functions */ -void hb_sha224(const void *message, unsigned int len, +void hb_sha224(const void *message, HB_SIZE len, unsigned char *digest) { - sha224_ctx ctx; + hb_sha224_ctx ctx; hb_sha224_init(&ctx); hb_sha224_update(&ctx, message, len); hb_sha224_final(&ctx, digest); } -void hb_sha224_init(sha224_ctx *ctx) +void hb_sha224_init(hb_sha224_ctx *ctx) { #ifndef UNROLL_LOOPS int i; @@ -754,33 +756,33 @@ void hb_sha224_init(sha224_ctx *ctx) ctx->tot_len = 0; } -void hb_sha224_update(sha224_ctx *ctx, const void *messagev, - unsigned int len) +void hb_sha224_update(hb_sha224_ctx *ctx, const void *messagev, + HB_SIZE len) { const unsigned char * message = ( const unsigned char * ) messagev; - unsigned int block_nb; - unsigned int new_len, rem_len, tmp_len; + HB_SIZE block_nb; + HB_SIZE new_len, rem_len, tmp_len; const unsigned char *shifted_message; - tmp_len = SHA224_BLOCK_SIZE - ctx->len; + tmp_len = HB_SHA224_BLOCK_SIZE - ctx->len; rem_len = len < tmp_len ? len : tmp_len; memcpy(&ctx->block[ctx->len], message, rem_len); - if (ctx->len + len < SHA224_BLOCK_SIZE) { + if (ctx->len + len < HB_SHA224_BLOCK_SIZE) { ctx->len += len; return; } new_len = len - rem_len; - block_nb = new_len / SHA224_BLOCK_SIZE; + block_nb = new_len / HB_SHA224_BLOCK_SIZE; shifted_message = message + rem_len; sha256_transf(ctx, ctx->block, 1); sha256_transf(ctx, shifted_message, block_nb); - rem_len = new_len % SHA224_BLOCK_SIZE; + rem_len = new_len % HB_SHA224_BLOCK_SIZE; memcpy(ctx->block, &shifted_message[block_nb << 6], rem_len); @@ -789,18 +791,18 @@ void hb_sha224_update(sha224_ctx *ctx, const void *messagev, ctx->tot_len += (block_nb + 1) << 6; } -void hb_sha224_final(sha224_ctx *ctx, unsigned char *digest) +void hb_sha224_final(hb_sha224_ctx *ctx, unsigned char *digest) { - unsigned int block_nb; - unsigned int pm_len; - unsigned int len_b; + HB_SIZE block_nb; + HB_SIZE pm_len; + HB_SIZE len_b; #ifndef UNROLL_LOOPS int i; #endif - block_nb = (1 + ((SHA224_BLOCK_SIZE - 9) - < (ctx->len % SHA224_BLOCK_SIZE))); + block_nb = (1 + ((HB_SHA224_BLOCK_SIZE - 9) + < (ctx->len % HB_SHA224_BLOCK_SIZE))); len_b = (ctx->tot_len + ctx->len) << 3; pm_len = block_nb << 6; diff --git a/src/rtl/sha2hmac.c b/src/rtl/sha2hmac.c index f838f64d4c..3bddba6b78 100644 --- a/src/rtl/sha2hmac.c +++ b/src/rtl/sha2hmac.c @@ -31,36 +31,35 @@ * SUCH DAMAGE. */ -#include - -#include "sha2hmac.h" +#include "hbapi.h" +#include "hbcrypto.h" /* HMAC-SHA-224 functions */ -void hb_hmac_sha224_init(hmac_sha224_ctx *ctx, const void *keyv, - unsigned int key_size) +void hb_hmac_sha224_init(hb_hmac_sha224_ctx *ctx, const void *keyv, + HB_SIZE key_size) { - unsigned int fill; - unsigned int num; + HB_SIZE num; const unsigned char *key = ( const unsigned char * ) keyv; const unsigned char *key_used; - unsigned char key_temp[SHA224_DIGEST_SIZE]; - unsigned int i; + unsigned char key_temp[HB_SHA224_DIGEST_SIZE]; + HB_SIZE i; - if (key_size == SHA224_BLOCK_SIZE) { + if (key_size == HB_SHA224_BLOCK_SIZE) { key_used = key; - num = SHA224_BLOCK_SIZE; + num = HB_SHA224_BLOCK_SIZE; } else { - if (key_size > SHA224_BLOCK_SIZE){ + HB_SIZE fill; + if (key_size > HB_SHA224_BLOCK_SIZE){ hb_sha224(key, key_size, key_temp); key_used = key_temp; - num = SHA224_DIGEST_SIZE; - } else { /* key_size > SHA224_BLOCK_SIZE */ + num = HB_SHA224_DIGEST_SIZE; + } else { /* key_size > HB_SHA224_BLOCK_SIZE */ key_used = key; num = key_size; } - fill = SHA224_BLOCK_SIZE - num; + fill = HB_SHA224_BLOCK_SIZE - num; memset(ctx->block_ipad + num, 0x36, fill); memset(ctx->block_opad + num, 0x5c, fill); @@ -72,50 +71,50 @@ void hb_hmac_sha224_init(hmac_sha224_ctx *ctx, const void *keyv, } hb_sha224_init(&ctx->ctx_inside); - hb_sha224_update(&ctx->ctx_inside, ctx->block_ipad, SHA224_BLOCK_SIZE); + hb_sha224_update(&ctx->ctx_inside, ctx->block_ipad, HB_SHA224_BLOCK_SIZE); hb_sha224_init(&ctx->ctx_outside); hb_sha224_update(&ctx->ctx_outside, ctx->block_opad, - SHA224_BLOCK_SIZE); + HB_SHA224_BLOCK_SIZE); /* for hmac_reinit */ memcpy(&ctx->ctx_inside_reinit, &ctx->ctx_inside, - sizeof(sha224_ctx)); + sizeof(hb_sha224_ctx)); memcpy(&ctx->ctx_outside_reinit, &ctx->ctx_outside, - sizeof(sha224_ctx)); + sizeof(hb_sha224_ctx)); } -void hb_hmac_sha224_reinit(hmac_sha224_ctx *ctx) +void hb_hmac_sha224_reinit(hb_hmac_sha224_ctx *ctx) { memcpy(&ctx->ctx_inside, &ctx->ctx_inside_reinit, - sizeof(sha224_ctx)); + sizeof(hb_sha224_ctx)); memcpy(&ctx->ctx_outside, &ctx->ctx_outside_reinit, - sizeof(sha224_ctx)); + sizeof(hb_sha224_ctx)); } -void hb_hmac_sha224_update(hmac_sha224_ctx *ctx, const void *message, - unsigned int message_len) +void hb_hmac_sha224_update(hb_hmac_sha224_ctx *ctx, const void *message, + HB_SIZE message_len) { hb_sha224_update(&ctx->ctx_inside, message, message_len); } -void hb_hmac_sha224_final(hmac_sha224_ctx *ctx, unsigned char *mac, - unsigned int mac_size) +void hb_hmac_sha224_final(hb_hmac_sha224_ctx *ctx, unsigned char *mac, + HB_SIZE mac_size) { - unsigned char digest_inside[SHA224_DIGEST_SIZE]; - unsigned char mac_temp[SHA224_DIGEST_SIZE]; + unsigned char digest_inside[HB_SHA224_DIGEST_SIZE]; + unsigned char mac_temp[HB_SHA224_DIGEST_SIZE]; hb_sha224_final(&ctx->ctx_inside, digest_inside); - hb_sha224_update(&ctx->ctx_outside, digest_inside, SHA224_DIGEST_SIZE); + hb_sha224_update(&ctx->ctx_outside, digest_inside, HB_SHA224_DIGEST_SIZE); hb_sha224_final(&ctx->ctx_outside, mac_temp); memcpy(mac, mac_temp, mac_size); } -void hb_hmac_sha224(const void *key, unsigned int key_size, - const void *message, unsigned int message_len, - unsigned char *mac, unsigned mac_size) +void hb_hmac_sha224(const void *key, HB_SIZE key_size, + const void *message, HB_SIZE message_len, + unsigned char *mac, HB_SIZE mac_size) { - hmac_sha224_ctx ctx; + hb_hmac_sha224_ctx ctx; hb_hmac_sha224_init(&ctx, key, key_size); hb_hmac_sha224_update(&ctx, message, message_len); @@ -124,30 +123,30 @@ void hb_hmac_sha224(const void *key, unsigned int key_size, /* HMAC-SHA-256 functions */ -void hb_hmac_sha256_init(hmac_sha256_ctx *ctx, const void *keyv, - unsigned int key_size) +void hb_hmac_sha256_init(hb_hmac_sha256_ctx *ctx, const void *keyv, + HB_SIZE key_size) { - unsigned int fill; - unsigned int num; + HB_SIZE num; const unsigned char *key = ( const unsigned char * ) keyv; const unsigned char *key_used; - unsigned char key_temp[SHA256_DIGEST_SIZE]; - unsigned int i; + unsigned char key_temp[HB_SHA256_DIGEST_SIZE]; + HB_SIZE i; - if (key_size == SHA256_BLOCK_SIZE) { + if (key_size == HB_SHA256_BLOCK_SIZE) { key_used = key; - num = SHA256_BLOCK_SIZE; + num = HB_SHA256_BLOCK_SIZE; } else { - if (key_size > SHA256_BLOCK_SIZE){ + HB_SIZE fill; + if (key_size > HB_SHA256_BLOCK_SIZE){ hb_sha256(key, key_size, key_temp); key_used = key_temp; - num = SHA256_DIGEST_SIZE; - } else { /* key_size > SHA256_BLOCK_SIZE */ + num = HB_SHA256_DIGEST_SIZE; + } else { /* key_size > HB_SHA256_BLOCK_SIZE */ key_used = key; num = key_size; } - fill = SHA256_BLOCK_SIZE - num; + fill = HB_SHA256_BLOCK_SIZE - num; memset(ctx->block_ipad + num, 0x36, fill); memset(ctx->block_opad + num, 0x5c, fill); @@ -159,50 +158,50 @@ void hb_hmac_sha256_init(hmac_sha256_ctx *ctx, const void *keyv, } hb_sha256_init(&ctx->ctx_inside); - hb_sha256_update(&ctx->ctx_inside, ctx->block_ipad, SHA256_BLOCK_SIZE); + hb_sha256_update(&ctx->ctx_inside, ctx->block_ipad, HB_SHA256_BLOCK_SIZE); hb_sha256_init(&ctx->ctx_outside); hb_sha256_update(&ctx->ctx_outside, ctx->block_opad, - SHA256_BLOCK_SIZE); + HB_SHA256_BLOCK_SIZE); /* for hmac_reinit */ memcpy(&ctx->ctx_inside_reinit, &ctx->ctx_inside, - sizeof(sha256_ctx)); + sizeof(hb_sha256_ctx)); memcpy(&ctx->ctx_outside_reinit, &ctx->ctx_outside, - sizeof(sha256_ctx)); + sizeof(hb_sha256_ctx)); } -void hb_hmac_sha256_reinit(hmac_sha256_ctx *ctx) +void hb_hmac_sha256_reinit(hb_hmac_sha256_ctx *ctx) { memcpy(&ctx->ctx_inside, &ctx->ctx_inside_reinit, - sizeof(sha256_ctx)); + sizeof(hb_sha256_ctx)); memcpy(&ctx->ctx_outside, &ctx->ctx_outside_reinit, - sizeof(sha256_ctx)); + sizeof(hb_sha256_ctx)); } -void hb_hmac_sha256_update(hmac_sha256_ctx *ctx, const void *message, - unsigned int message_len) +void hb_hmac_sha256_update(hb_hmac_sha256_ctx *ctx, const void *message, + HB_SIZE message_len) { hb_sha256_update(&ctx->ctx_inside, message, message_len); } -void hb_hmac_sha256_final(hmac_sha256_ctx *ctx, unsigned char *mac, - unsigned int mac_size) +void hb_hmac_sha256_final(hb_hmac_sha256_ctx *ctx, unsigned char *mac, + HB_SIZE mac_size) { - unsigned char digest_inside[SHA256_DIGEST_SIZE]; - unsigned char mac_temp[SHA256_DIGEST_SIZE]; + unsigned char digest_inside[HB_SHA256_DIGEST_SIZE]; + unsigned char mac_temp[HB_SHA256_DIGEST_SIZE]; hb_sha256_final(&ctx->ctx_inside, digest_inside); - hb_sha256_update(&ctx->ctx_outside, digest_inside, SHA256_DIGEST_SIZE); + hb_sha256_update(&ctx->ctx_outside, digest_inside, HB_SHA256_DIGEST_SIZE); hb_sha256_final(&ctx->ctx_outside, mac_temp); memcpy(mac, mac_temp, mac_size); } -void hb_hmac_sha256(const void *key, unsigned int key_size, - const void *message, unsigned int message_len, - unsigned char *mac, unsigned mac_size) +void hb_hmac_sha256(const void *key, HB_SIZE key_size, + const void *message, HB_SIZE message_len, + unsigned char *mac, HB_SIZE mac_size) { - hmac_sha256_ctx ctx; + hb_hmac_sha256_ctx ctx; hb_hmac_sha256_init(&ctx, key, key_size); hb_hmac_sha256_update(&ctx, message, message_len); @@ -211,30 +210,30 @@ void hb_hmac_sha256(const void *key, unsigned int key_size, /* HMAC-SHA-384 functions */ -void hb_hmac_sha384_init(hmac_sha384_ctx *ctx, const void *keyv, - unsigned int key_size) +void hb_hmac_sha384_init(hb_hmac_sha384_ctx *ctx, const void *keyv, + HB_SIZE key_size) { - unsigned int fill; - unsigned int num; + HB_SIZE num; const unsigned char *key = ( const unsigned char * ) keyv; const unsigned char *key_used; - unsigned char key_temp[SHA384_DIGEST_SIZE]; - unsigned int i; + unsigned char key_temp[HB_SHA384_DIGEST_SIZE]; + HB_SIZE i; - if (key_size == SHA384_BLOCK_SIZE) { + if (key_size == HB_SHA384_BLOCK_SIZE) { key_used = key; - num = SHA384_BLOCK_SIZE; + num = HB_SHA384_BLOCK_SIZE; } else { - if (key_size > SHA384_BLOCK_SIZE){ + HB_SIZE fill; + if (key_size > HB_SHA384_BLOCK_SIZE){ hb_sha384(key, key_size, key_temp); key_used = key_temp; - num = SHA384_DIGEST_SIZE; - } else { /* key_size > SHA384_BLOCK_SIZE */ + num = HB_SHA384_DIGEST_SIZE; + } else { /* key_size > HB_SHA384_BLOCK_SIZE */ key_used = key; num = key_size; } - fill = SHA384_BLOCK_SIZE - num; + fill = HB_SHA384_BLOCK_SIZE - num; memset(ctx->block_ipad + num, 0x36, fill); memset(ctx->block_opad + num, 0x5c, fill); @@ -246,50 +245,50 @@ void hb_hmac_sha384_init(hmac_sha384_ctx *ctx, const void *keyv, } hb_sha384_init(&ctx->ctx_inside); - hb_sha384_update(&ctx->ctx_inside, ctx->block_ipad, SHA384_BLOCK_SIZE); + hb_sha384_update(&ctx->ctx_inside, ctx->block_ipad, HB_SHA384_BLOCK_SIZE); hb_sha384_init(&ctx->ctx_outside); hb_sha384_update(&ctx->ctx_outside, ctx->block_opad, - SHA384_BLOCK_SIZE); + HB_SHA384_BLOCK_SIZE); /* for hmac_reinit */ memcpy(&ctx->ctx_inside_reinit, &ctx->ctx_inside, - sizeof(sha384_ctx)); + sizeof(hb_sha384_ctx)); memcpy(&ctx->ctx_outside_reinit, &ctx->ctx_outside, - sizeof(sha384_ctx)); + sizeof(hb_sha384_ctx)); } -void hb_hmac_sha384_reinit(hmac_sha384_ctx *ctx) +void hb_hmac_sha384_reinit(hb_hmac_sha384_ctx *ctx) { memcpy(&ctx->ctx_inside, &ctx->ctx_inside_reinit, - sizeof(sha384_ctx)); + sizeof(hb_sha384_ctx)); memcpy(&ctx->ctx_outside, &ctx->ctx_outside_reinit, - sizeof(sha384_ctx)); + sizeof(hb_sha384_ctx)); } -void hb_hmac_sha384_update(hmac_sha384_ctx *ctx, const void *message, - unsigned int message_len) +void hb_hmac_sha384_update(hb_hmac_sha384_ctx *ctx, const void *message, + HB_SIZE message_len) { hb_sha384_update(&ctx->ctx_inside, message, message_len); } -void hb_hmac_sha384_final(hmac_sha384_ctx *ctx, unsigned char *mac, - unsigned int mac_size) +void hb_hmac_sha384_final(hb_hmac_sha384_ctx *ctx, unsigned char *mac, + HB_SIZE mac_size) { - unsigned char digest_inside[SHA384_DIGEST_SIZE]; - unsigned char mac_temp[SHA384_DIGEST_SIZE]; + unsigned char digest_inside[HB_SHA384_DIGEST_SIZE]; + unsigned char mac_temp[HB_SHA384_DIGEST_SIZE]; hb_sha384_final(&ctx->ctx_inside, digest_inside); - hb_sha384_update(&ctx->ctx_outside, digest_inside, SHA384_DIGEST_SIZE); + hb_sha384_update(&ctx->ctx_outside, digest_inside, HB_SHA384_DIGEST_SIZE); hb_sha384_final(&ctx->ctx_outside, mac_temp); memcpy(mac, mac_temp, mac_size); } -void hb_hmac_sha384(const void *key, unsigned int key_size, - const void *message, unsigned int message_len, - unsigned char *mac, unsigned mac_size) +void hb_hmac_sha384(const void *key, HB_SIZE key_size, + const void *message, HB_SIZE message_len, + unsigned char *mac, HB_SIZE mac_size) { - hmac_sha384_ctx ctx; + hb_hmac_sha384_ctx ctx; hb_hmac_sha384_init(&ctx, key, key_size); hb_hmac_sha384_update(&ctx, message, message_len); @@ -298,30 +297,30 @@ void hb_hmac_sha384(const void *key, unsigned int key_size, /* HMAC-SHA-512 functions */ -void hb_hmac_sha512_init(hmac_sha512_ctx *ctx, const void *keyv, - unsigned int key_size) +void hb_hmac_sha512_init(hb_hmac_sha512_ctx *ctx, const void *keyv, + HB_SIZE key_size) { - unsigned int fill; - unsigned int num; + HB_SIZE num; const unsigned char *key = ( const unsigned char * ) keyv; const unsigned char *key_used; - unsigned char key_temp[SHA512_DIGEST_SIZE]; - unsigned int i; + unsigned char key_temp[HB_SHA512_DIGEST_SIZE]; + HB_SIZE i; - if (key_size == SHA512_BLOCK_SIZE) { + if (key_size == HB_SHA512_BLOCK_SIZE) { key_used = key; - num = SHA512_BLOCK_SIZE; + num = HB_SHA512_BLOCK_SIZE; } else { - if (key_size > SHA512_BLOCK_SIZE){ + HB_SIZE fill; + if (key_size > HB_SHA512_BLOCK_SIZE){ hb_sha512(key, key_size, key_temp); key_used = key_temp; - num = SHA512_DIGEST_SIZE; - } else { /* key_size > SHA512_BLOCK_SIZE */ + num = HB_SHA512_DIGEST_SIZE; + } else { /* key_size > HB_SHA512_BLOCK_SIZE */ key_used = key; num = key_size; } - fill = SHA512_BLOCK_SIZE - num; + fill = HB_SHA512_BLOCK_SIZE - num; memset(ctx->block_ipad + num, 0x36, fill); memset(ctx->block_opad + num, 0x5c, fill); @@ -333,50 +332,50 @@ void hb_hmac_sha512_init(hmac_sha512_ctx *ctx, const void *keyv, } hb_sha512_init(&ctx->ctx_inside); - hb_sha512_update(&ctx->ctx_inside, ctx->block_ipad, SHA512_BLOCK_SIZE); + hb_sha512_update(&ctx->ctx_inside, ctx->block_ipad, HB_SHA512_BLOCK_SIZE); hb_sha512_init(&ctx->ctx_outside); hb_sha512_update(&ctx->ctx_outside, ctx->block_opad, - SHA512_BLOCK_SIZE); + HB_SHA512_BLOCK_SIZE); /* for hmac_reinit */ memcpy(&ctx->ctx_inside_reinit, &ctx->ctx_inside, - sizeof(sha512_ctx)); + sizeof(hb_sha512_ctx)); memcpy(&ctx->ctx_outside_reinit, &ctx->ctx_outside, - sizeof(sha512_ctx)); + sizeof(hb_sha512_ctx)); } -void hb_hmac_sha512_reinit(hmac_sha512_ctx *ctx) +void hb_hmac_sha512_reinit(hb_hmac_sha512_ctx *ctx) { memcpy(&ctx->ctx_inside, &ctx->ctx_inside_reinit, - sizeof(sha512_ctx)); + sizeof(hb_sha512_ctx)); memcpy(&ctx->ctx_outside, &ctx->ctx_outside_reinit, - sizeof(sha512_ctx)); + sizeof(hb_sha512_ctx)); } -void hb_hmac_sha512_update(hmac_sha512_ctx *ctx, const void *message, - unsigned int message_len) +void hb_hmac_sha512_update(hb_hmac_sha512_ctx *ctx, const void *message, + HB_SIZE message_len) { hb_sha512_update(&ctx->ctx_inside, message, message_len); } -void hb_hmac_sha512_final(hmac_sha512_ctx *ctx, unsigned char *mac, - unsigned int mac_size) +void hb_hmac_sha512_final(hb_hmac_sha512_ctx *ctx, unsigned char *mac, + HB_SIZE mac_size) { - unsigned char digest_inside[SHA512_DIGEST_SIZE]; - unsigned char mac_temp[SHA512_DIGEST_SIZE]; + unsigned char digest_inside[HB_SHA512_DIGEST_SIZE]; + unsigned char mac_temp[HB_SHA512_DIGEST_SIZE]; hb_sha512_final(&ctx->ctx_inside, digest_inside); - hb_sha512_update(&ctx->ctx_outside, digest_inside, SHA512_DIGEST_SIZE); + hb_sha512_update(&ctx->ctx_outside, digest_inside, HB_SHA512_DIGEST_SIZE); hb_sha512_final(&ctx->ctx_outside, mac_temp); memcpy(mac, mac_temp, mac_size); } -void hb_hmac_sha512(const void *key, unsigned int key_size, - const void *message, unsigned int message_len, - unsigned char *mac, unsigned mac_size) +void hb_hmac_sha512(const void *key, HB_SIZE key_size, + const void *message, HB_SIZE message_len, + unsigned char *mac, HB_SIZE mac_size) { - hmac_sha512_ctx ctx; + hb_hmac_sha512_ctx ctx; hb_hmac_sha512_init(&ctx, key, key_size); hb_hmac_sha512_update(&ctx, message, message_len);