Browse files

supercop-20111120

  • Loading branch information...
1 parent 61ab6e2 commit 5c3843095364c13c5222513fb06c712f45ef1ba7 Daniel J. Bernstein committed with Nov 20, 2011
Showing with 9,808 additions and 72 deletions.
  1. +3 −4 crypto_encrypt/3hfe/ref/api.h
  2. +3 −3 crypto_encrypt/4hfe/ref/api.h
  3. +3 −3 crypto_encrypt/mceliece/ref/api.h
  4. +6 −6 crypto_encrypt/ntruees787ep1/ref/api.h
  5. +5 −5 crypto_encrypt/ronald1024/openssl/api.h
  6. +5 −5 crypto_encrypt/ronald1536/openssl/api.h
  7. +5 −5 crypto_encrypt/ronald2048/openssl/api.h
  8. +5 −5 crypto_encrypt/ronald3072/openssl/api.h
  9. +5 −5 crypto_encrypt/ronald4096/openssl/api.h
  10. +2 −0 crypto_hash/groestl256/arm32/architectures
  11. +2 −0 crypto_hash/groestl512/arm32/architectures
  12. +1 −1 crypto_hash/jh224/description
  13. +1 −1 crypto_hash/jh256/description
  14. +1 −1 crypto_hash/jh384/description
  15. +1 −1 crypto_hash/jh512/description
  16. +2 −0 crypto_hash/round3jh256/arm11/api.h
  17. +1 −0 crypto_hash/round3jh256/arm11/architectures
  18. +217 −0 crypto_hash/round3jh256/arm11/consts.c
  19. +76 −0 crypto_hash/round3jh256/arm11/hash.c
  20. +3 −0 crypto_hash/round3jh256/arm11/implementors
  21. +9,342 −0 crypto_hash/round3jh256/arm11/loopcompress.s
  22. +1 −0 crypto_hash/round3jh256/checksum
  23. +1 −0 crypto_hash/round3jh256/description
  24. +1 −0 crypto_hash/round3jh256/designers
  25. 0 crypto_hash/round3jh256/sha3
  26. 0 crypto_hash/{jh256/sphlib → round3jh256/sphlib-small}/api.h
  27. 0 crypto_hash/{jh256/sphlib → round3jh256/sphlib-small}/hash.c
  28. 0 crypto_hash/{jh512/sphlib → round3jh256/sphlib-small}/implementors
  29. 0 crypto_hash/{jh512/sphlib → round3jh256/sphlib-small}/jh.c
  30. 0 crypto_hash/{jh512/sphlib → round3jh256/sphlib-small}/sph_jh.h
  31. 0 crypto_hash/{jh512 → round3jh256}/sphlib-small/sph_types.h
  32. 0 crypto_hash/{jh256/sphlib-small → round3jh256/sphlib}/api.h
  33. 0 crypto_hash/{jh256/sphlib-small → round3jh256/sphlib}/hash.c
  34. 0 crypto_hash/{jh512/sphlib-small → round3jh256/sphlib}/implementors
  35. 0 crypto_hash/{jh512/sphlib-small → round3jh256/sphlib}/jh.c
  36. 0 crypto_hash/{jh512/sphlib-small → round3jh256/sphlib}/sph_jh.h
  37. 0 crypto_hash/{jh512 → round3jh256}/sphlib/sph_types.h
  38. +1 −0 crypto_hash/round3jh512/checksum
  39. +1 −0 crypto_hash/round3jh512/description
  40. +1 −0 crypto_hash/round3jh512/designers
  41. 0 crypto_hash/round3jh512/sha3
  42. 0 crypto_hash/{jh512/sphlib → round3jh512/sphlib-small}/api.h
  43. 0 crypto_hash/{jh512/sphlib → round3jh512/sphlib-small}/hash.c
  44. 0 crypto_hash/{jh256/sphlib → round3jh512/sphlib-small}/implementors
  45. 0 crypto_hash/{jh256/sphlib → round3jh512/sphlib-small}/jh.c
  46. 0 crypto_hash/{jh256/sphlib → round3jh512/sphlib-small}/sph_jh.h
  47. 0 crypto_hash/{jh256 → round3jh512}/sphlib-small/sph_types.h
  48. 0 crypto_hash/{jh512/sphlib-small → round3jh512/sphlib}/api.h
  49. 0 crypto_hash/{jh512/sphlib-small → round3jh512/sphlib}/hash.c
  50. 0 crypto_hash/{jh256/sphlib-small → round3jh512/sphlib}/implementors
  51. 0 crypto_hash/{jh256/sphlib-small → round3jh512/sphlib}/jh.c
  52. 0 crypto_hash/{jh256/sphlib-small → round3jh512/sphlib}/sph_jh.h
  53. 0 crypto_hash/{jh256 → round3jh512}/sphlib/sph_types.h
  54. +2 −0 crypto_hash/skein10241024/arm_neon/architectures
  55. +2 −0 crypto_hash/skein256256/arm_neon/architectures
  56. +2 −0 crypto_hash/skein512256/arm_neon/architectures
  57. +2 −0 crypto_hash/skein512512/arm_neon/architectures
  58. +1 −0 crypto_sign/ed25519/checksum
  59. +1 −0 crypto_sign/hector/checksum
  60. +1 −0 crypto_sign/mqqsig160/checksum
  61. +1 −0 crypto_sign/mqqsig192/checksum
  62. +1 −0 crypto_sign/mqqsig224/checksum
  63. +1 −0 crypto_sign/mqqsig256/checksum
  64. +1 −0 crypto_sign/rwb0fuz1024/checksum
  65. +97 −26 crypto_sign/try.c
  66. +1 −1 version
View
7 crypto_encrypt/3hfe/ref/api.h
@@ -1,4 +1,3 @@
-#define crypto_encrypt_3HFE_ref_SECRETKEYBYTES 5184
-#define crypto_encrypt_3HFE_ref_PUBLICKEYBYTES 7616
-#define crypto_encrypt_3HFE_ref_BYTES 67
-
+#define CRYPTO_SECRETKEYBYTES 5184
+#define CRYPTO_PUBLICKEYBYTES 7616
+#define CRYPTO_BYTES 67
View
6 crypto_encrypt/4hfe/ref/api.h
@@ -1,4 +1,4 @@
-#define crypto_encrypt_4HFE_ref_SECRETKEYBYTES 8480
-#define crypto_encrypt_4HFE_ref_PUBLICKEYBYTES 23040
-#define crypto_encrypt_4HFE_ref_BYTES 68
+#define CRYPTO_SECRETKEYBYTES 8480
+#define CRYPTO_PUBLICKEYBYTES 23040
+#define CRYPTO_BYTES 68
View
6 crypto_encrypt/mceliece/ref/api.h
@@ -1,3 +1,3 @@
-#define crypto_encrypt_mceliece_ref_SECRETKEYBYTES 137282
-#define crypto_encrypt_mceliece_ref_PUBLICKEYBYTES 81408
-#define crypto_encrypt_mceliece_ref_BYTES 256
+#define CRYPTO_SECRETKEYBYTES 137282
+#define CRYPTO_PUBLICKEYBYTES 81408
+#define CRYPTO_BYTES 256
View
12 crypto_encrypt/ntruees787ep1/ref/api.h
@@ -1,7 +1,7 @@
-#define crypto_encrypt_ntruees787ep1_ref_PRIVATEKEYBYTES 280
-#define crypto_encrypt_ntruees787ep1_ref_PUBLICKEYBYTES 1574
+#define CRYPTO_PRIVATEKEYBYTES 280
+#define CRYPTO_PUBLICKEYBYTES 1574
-#define crypto_encrypt_ntruees787ep1_ref_SECRETKEYBYTES \
- (crypto_encrypt_ntruees787ep1_ref_PRIVATEKEYBYTES \
- + crypto_encrypt_ntruees787ep1_ref_PUBLICKEYBYTES)
-#define crypto_encrypt_ntruees787ep1_ref_BYTES crypto_encrypt_ntruees787ep1_ref_PUBLICKEYBYTES
+#define CRYPTO_SECRETKEYBYTES \
+ ( CRYPTO_PRIVATEKEYBYTES \
+ + CRYPTO_PUBLICKEYBYTES)
+#define CRYPTO_BYTES CRYPTO_PUBLICKEYBYTES
View
10 crypto_encrypt/ronald1024/openssl/api.h
@@ -1,7 +1,7 @@
#include <openssl/rand.h>
-#define crypto_encrypt_ronald1024_openssl_MODULUSBITS 1024
-#define crypto_encrypt_ronald1024_openssl_MODULUSBYTES (crypto_encrypt_ronald1024_openssl_MODULUSBITS / 8)
+#define CRYPTO_MODULUSBITS 1024
+#define CRYPTO_MODULUSBYTES ( CRYPTO_MODULUSBITS / 8)
-#define crypto_encrypt_ronald1024_openssl_SECRETKEYBYTES (crypto_encrypt_ronald1024_openssl_MODULUSBYTES * 8)
-#define crypto_encrypt_ronald1024_openssl_PUBLICKEYBYTES (crypto_encrypt_ronald1024_openssl_MODULUSBYTES)
-#define crypto_encrypt_ronald1024_openssl_BYTES (crypto_encrypt_ronald1024_openssl_MODULUSBYTES)
+#define CRYPTO_SECRETKEYBYTES ( CRYPTO_MODULUSBYTES * 8)
+#define CRYPTO_PUBLICKEYBYTES ( CRYPTO_MODULUSBYTES)
+#define CRYPTO_BYTES ( CRYPTO_MODULUSBYTES)
View
10 crypto_encrypt/ronald1536/openssl/api.h
@@ -1,7 +1,7 @@
#include <openssl/rand.h>
-#define crypto_encrypt_ronald1536_openssl_MODULUSBITS 1536
-#define crypto_encrypt_ronald1536_openssl_MODULUSBYTES (crypto_encrypt_ronald1536_openssl_MODULUSBITS / 8)
+#define CRYPTO_MODULUSBITS 1536
+#define CRYPTO_MODULUSBYTES ( CRYPTO_MODULUSBITS / 8)
-#define crypto_encrypt_ronald1536_openssl_SECRETKEYBYTES (crypto_encrypt_ronald1536_openssl_MODULUSBYTES * 8)
-#define crypto_encrypt_ronald1536_openssl_PUBLICKEYBYTES (crypto_encrypt_ronald1536_openssl_MODULUSBYTES)
-#define crypto_encrypt_ronald1536_openssl_BYTES (crypto_encrypt_ronald1536_openssl_MODULUSBYTES)
+#define CRYPTO_SECRETKEYBYTES ( CRYPTO_MODULUSBYTES * 8)
+#define CRYPTO_PUBLICKEYBYTES ( CRYPTO_MODULUSBYTES)
+#define CRYPTO_BYTES ( CRYPTO_MODULUSBYTES)
View
10 crypto_encrypt/ronald2048/openssl/api.h
@@ -1,7 +1,7 @@
#include <openssl/rand.h>
-#define crypto_encrypt_ronald2048_openssl_MODULUSBITS 2048
-#define crypto_encrypt_ronald2048_openssl_MODULUSBYTES (crypto_encrypt_ronald2048_openssl_MODULUSBITS / 8)
+#define CRYPTO_MODULUSBITS 2048
+#define CRYPTO_MODULUSBYTES ( CRYPTO_MODULUSBITS / 8)
-#define crypto_encrypt_ronald2048_openssl_SECRETKEYBYTES (crypto_encrypt_ronald2048_openssl_MODULUSBYTES * 8)
-#define crypto_encrypt_ronald2048_openssl_PUBLICKEYBYTES (crypto_encrypt_ronald2048_openssl_MODULUSBYTES)
-#define crypto_encrypt_ronald2048_openssl_BYTES (crypto_encrypt_ronald2048_openssl_MODULUSBYTES)
+#define CRYPTO_SECRETKEYBYTES ( CRYPTO_MODULUSBYTES * 8)
+#define CRYPTO_PUBLICKEYBYTES ( CRYPTO_MODULUSBYTES)
+#define CRYPTO_BYTES ( CRYPTO_MODULUSBYTES)
View
10 crypto_encrypt/ronald3072/openssl/api.h
@@ -1,7 +1,7 @@
#include <openssl/rand.h>
-#define crypto_encrypt_ronald3072_openssl_MODULUSBITS 3072
-#define crypto_encrypt_ronald3072_openssl_MODULUSBYTES (crypto_encrypt_ronald3072_openssl_MODULUSBITS / 8)
+#define CRYPTO_MODULUSBITS 3072
+#define CRYPTO_MODULUSBYTES ( CRYPTO_MODULUSBITS / 8)
-#define crypto_encrypt_ronald3072_openssl_SECRETKEYBYTES (crypto_encrypt_ronald3072_openssl_MODULUSBYTES * 8)
-#define crypto_encrypt_ronald3072_openssl_PUBLICKEYBYTES (crypto_encrypt_ronald3072_openssl_MODULUSBYTES)
-#define crypto_encrypt_ronald3072_openssl_BYTES (crypto_encrypt_ronald3072_openssl_MODULUSBYTES)
+#define CRYPTO_SECRETKEYBYTES ( CRYPTO_MODULUSBYTES * 8)
+#define CRYPTO_PUBLICKEYBYTES ( CRYPTO_MODULUSBYTES)
+#define CRYPTO_BYTES ( CRYPTO_MODULUSBYTES)
View
10 crypto_encrypt/ronald4096/openssl/api.h
@@ -1,7 +1,7 @@
#include <openssl/rand.h>
-#define crypto_encrypt_ronald4096_openssl_MODULUSBITS 4096
-#define crypto_encrypt_ronald4096_openssl_MODULUSBYTES (crypto_encrypt_ronald4096_openssl_MODULUSBITS / 8)
+#define CRYPTO_MODULUSBITS 4096
+#define CRYPTO_MODULUSBYTES ( CRYPTO_MODULUSBITS / 8)
-#define crypto_encrypt_ronald4096_openssl_SECRETKEYBYTES (crypto_encrypt_ronald4096_openssl_MODULUSBYTES * 8)
-#define crypto_encrypt_ronald4096_openssl_PUBLICKEYBYTES (crypto_encrypt_ronald4096_openssl_MODULUSBYTES)
-#define crypto_encrypt_ronald4096_openssl_BYTES (crypto_encrypt_ronald4096_openssl_MODULUSBYTES)
+#define CRYPTO_SECRETKEYBYTES ( CRYPTO_MODULUSBYTES * 8)
+#define CRYPTO_PUBLICKEYBYTES ( CRYPTO_MODULUSBYTES)
+#define CRYPTO_BYTES ( CRYPTO_MODULUSBYTES)
View
2 crypto_hash/groestl256/arm32/architectures
@@ -0,0 +1,2 @@
+arm
+armeabi
View
2 crypto_hash/groestl512/arm32/architectures
@@ -0,0 +1,2 @@
+arm
+armeabi
View
2 crypto_hash/jh224/description
@@ -1 +1 @@
-JH with 224-bit output; round-2 version
+JH with 35.5 rounds and 224-bit output; round-2 version
View
2 crypto_hash/jh256/description
@@ -1 +1 @@
-JH with 256-bit output; round-2 version
+JH with 35.5 rounds and 256-bit output; round-2 version
View
2 crypto_hash/jh384/description
@@ -1 +1 @@
-JH with 384-bit output; round-2 version
+JH with 35.5 rounds and 384-bit output; round-2 version
View
2 crypto_hash/jh512/description
@@ -1 +1 @@
-JH with 512-bit output; round-2 version
+JH with 35.5 rounds and 512-bit output; round-2 version
View
2 crypto_hash/round3jh256/arm11/api.h
@@ -0,0 +1,2 @@
+#define CRYPTO_BYTES 32
+
View
1 crypto_hash/round3jh256/arm11/architectures
@@ -0,0 +1 @@
+armeabi
View
217 crypto_hash/round3jh256/arm11/consts.c
@@ -0,0 +1,217 @@
+#include "crypto_uint32.h"
+
+crypto_uint32 TrH0_256[32]={
+0x41a398eb,0x269e23a4,0x8996a371,0x2d275e5c,
+0x9151931c,0x26abb5cd,0xf7957627,0x67d3e47b,
+0xebd3202c,0x45b92677,0x754d2e7f,0x6c0d8eac,
+0xfac7d460,0x7a176b02,0x948f2476,0xea122470,
+0x7bbecd92,0x481afbe0,0x0849141d,0xc6508451,
+0xd6820026,0x4224f056,0x57b6d587,0x13abe389,
+0xc145b29c,0x77941ad4,0x62e27df7,0x0f7a0557,
+0x038a507e,0xa82fff0f,0x6c298047,0x69d71cd3,
+};
+/*
+uint32 TrH0_224[32]={
+0x62ddfe2d,0x9f89d966,0x5c1b4f1b,0x8aa9b422,
+0x051083a4,0x5f32e811,0xa593dfdc,0xea0d9615,
+0xac989af9,0x6f708025,0xb340c8d8,0xe4a186ec,
+0x161230bc,0x106e367b,0xd3a3eaad,0xbf2babb5,
+0xd6ac7cae,0x1ba39ece,0x7fa1f697,0x95ac74d5,
+0xc63860b8,0x7f8594f9,0xdee831a4,0xf0dc1196,
+0xe734d619,0xdc1a9b1d,0x9980736e,0xf06ce59c,
+0x941466c9,0xc106fa02,0x689a53c9,0x6eea64dd,
+};
+uint32 TrH0_384[32]={
+0xc63b1e48,0x4dc8ae98,0x8a7f9b56,0xe881798a,
+0x68eafa63,0xb255f536,0x7dc29f58,0xbdd3b4a9,
+0x8a3913d8,0x28b98290,0x4c45db27,0x3a37d5f8,
+0x2ead80d4,0xec474892,0xcd80aa26,0x94d375a4,
+0x895e3b6d,0x30ea55d4,0x49bdfc9e,0xad6739f4,
+0x21cb2c33,0x930a25c7,0x8c8bc080,0xba3f6c97,
+0x9b87de4a,0x49421141,0x0eaf9763,0x717ad1dd,
+0x67820f48,0xe13cf4ba,0xda2eeb9d,0x7f734298,
+};
+uint32 TrH0_512[32]={
+0x964bd16f,0xc1a01d89,0x05e66901,0xecf657cf,
+0x8d5e228a,0xdbcc8e58,0xd0a74710,0xdffcc2e3,
+0x17aa003e,0x1e806f53,0x694ae341,0x56f8b19d,
+0x0bef970c,0xa6ba7520,0x243c84c1,0xfb1785e6,
+0x052e6a63,0x6b05a92a,0x8e8ab546,0x7c8806a7,
+0x591234e9,0x763a0fa9,0xb1716e3b,0x78465a54,
+0x43d5157a,0x806d2bea,0x5ae66f2e,0x56b11657,
+0x61c3b3f2,0xf73bf8ba,0x99c15a2d,0x4bdd8ccc,
+};
+*/
+
+__attribute__ ((aligned (8))) const crypto_uint32 cst[6+42*8] = {
+ 0xaaaaaaaaUL, 0xccccccccUL, 0xf0f0f0f0UL, 0xff00ff00UL,
+ 0xa2ded572,0x90d6ab81,
+ 0xe03a98ea,0xb4960266,
+ 0x5c5aa303,0x8019051c,
+ 0x9213ba10,0x39812c0a,
+ 0x0d5a2d42,0x0ba75c18,
+ 0x036c6e97,0xbb03f1ee,
+ 0x67f815df,0xf6875a4d,
+ 0x9cfa455c,0x8a53bbf2,
+ 0xdb0e199a,0x1d959e84,
+ 0x416bbf02,0x5078aa37,
+ 0x907eccf6,0xac442bc7,
+ 0x1ab8e09e,0xfa618e5d,
+ 0x0a15847b,0xc54f9f4e,
+ 0x99d2c503,0x1a1456b5,
+ 0x0ab23f40,0xadeb336f,
+ 0x156578dc,0xd2bf1a3f,
+ 0x9c9f62dd,0xd665dfd1,
+ 0x7e450521,0xb29796fd,
+ 0x571523b7,0x402bd1c3,
+ 0x9a99b266,0x31a2db88,
+ 0x1044c187,0xdccde75e,
+ 0xd027bbf7,0xd3910041,
+ 0xce97c092,0x23fcc663,
+ 0xa8ec6c44,0x97818394,
+ 0x2d8d672a,0x4672c78a,
+ 0x956a9ffb,0x14427fc0,
+ 0x2f3003db,0x6c69b8f8,
+ 0x37858e4a,0x8173fe8a,
+ 0x8f15f4c5,0xb775de52,
+ 0x338ff48e,0x20edf1b6,
+ 0x433529ce,0x591ff5d0,
+ 0x670605a7,0x26077447,
+ 0xa50a550d,0x81727686,
+ 0xec1f9ffc,0xf594d74f,
+ 0xc45ec7bd,0xbc88e4ae,
+ 0x1563a3a9,0xfde05a7c,
+ 0x3d98fe4e,0x86814e6f,
+ 0x6a6234ee,0x3f1080c6,
+ 0xc0a4f84a,0xd48d6050,
+ 0x7a205440,0xd895fa9d,
+ 0xa76f4475,0x1e00b882,
+ 0x24565faa,0x5ae9ca36,
+ 0x74f93a53,0x81ad9d0e,
+ 0xbe280b8b,0x6f7ea0e0,
+ 0x9fe7e391,0x415a9e7e,
+ 0x001ae4e3,0x117e2e55,
+ 0x80bb118f,0xf4a3a698,
+ 0x89f9b7d5,0x362c4206,
+ 0xa74b9a73,0x9f5ad8af,
+ 0x2717b96e,0x7b487ec6,
+ 0x9ef18e97,0x62b0e5f3,
+ 0x84c9f4ce,0xa554c324,
+ 0xe27ff578,0x85937e44,
+ 0xb2c4a50f,0x7f5928eb,
+ 0x286efebd,0x2ed349ee,
+ 0x2872df5b,0xef7c8905,
+ 0x37695f70,0x04771bc7,
+ 0xa3e8297d,0xfb301b1d,
+ 0x31bae7a4,0x32fcae3b,
+ 0xfd05c9e5,0x01b771a2,
+ 0x631d4088,0xf14abb7e,
+ 0x56a4d5a4,0x45ce5773,
+ 0x4a3124b3,0xe720b951,
+ 0xf2947692,0xe01bdc5b,
+ 0xffbf70b4,0x39d3bb53,
+ 0x0f09aef7,0x95ed44e3,
+ 0x15f66ca0,0x30c60ae2,
+ 0x00ca4fbd,0xadd16430,
+ 0xf128865e,0xe843fe74,
+ 0x097acbdd,0x4f4924da,
+ 0x0544320d,0xc1c39f45,
+ 0x12347094,0x368e3be9,
+ 0x4b44c147,0xc5b67046,
+ 0x4b849dda,0x68cea6e8,
+ 0x65e4d61d,0x8a87d423,
+ 0xc1d9309b,0xbf829cf2,
+ 0x48bcf8de,0xa08b29e0,
+ 0x34f19042,0x4a982f4f,
+ 0xffaf5287,0xe68c6ecc,
+ 0xae183ec8,0x67255c14,
+ 0x5806e933,0x7facced1,
+ 0x9a99949a,0x1885d1a0,
+ 0x16e10ecb,0x7b846fc2,
+ 0xf28cdaa3,0x20b2601f,
+ 0xa15b5932,0x67633d9f,
+ 0xea79b11f,0x5aac571d,
+ 0xafc135f7,0x15638341,
+ 0x1f3b40a7,0x6c4e3ee7,
+ 0x490c9b8d,0xd0ae3b7d,
+ 0xf4a2b8a0,0x92946891,
+ 0xd319dd8d,0xba6b04e4,
+ 0x742128a9,0x76d35075,
+ 0x42d8a498,0xa8db3aea,
+ 0xf347271c,0xfd4f21d2,
+ 0xdaeb492b,0x84558d7a,
+ 0x533b1036,0x4f88e856,
+ 0xc01c9a50,0xab19caf6,
+ 0x35f7bde9,0xfec2463a,
+ 0x20eced78,0x4d3bc3fa,
+ 0x34f04059,0x398dfdb8,
+ 0x49d7a25b,0xf0e9a5f5,
+ 0x9e07a80c,0x555cb05b,
+ 0x46b4a5aa,0x7eee560b,
+ 0xee51363b,0x01707da3,
+ 0x79676b9e,0x832c8332,
+ 0x9a762db7,0xef5957dc,
+ 0x0d70f368,0x658ef8e4,
+ 0x5aec3e75,0x4cbcbaf8,
+ 0xd6f4da75,0x50a5346c,
+ 0x5d1c6b72,0x71db28b8,
+ 0x7b9487f3,0x6db334dc,
+ 0x993bbbe3,0x28acae64,
+ 0xf2e261f8,0xf1bcac1c,
+ 0xca5b0a33,0xc3943b92,
+ 0xf7d4a8ea,0x5324a326,
+ 0xa63e1db5,0xa17cf84c,
+ 0xb333982f,0xe8b6f406,
+ 0x0d4ec1fd,0x1614c17e,
+ 0x2a518d10,0xa23fce43,
+ 0x75a12988,0x1e4d790e,
+ 0x21391abe,0xd23c32ba,
+ 0x08c9f2af,0x4d608672,
+ 0x5e76bcb1,0x36d4c1be,
+ 0x69c953f4,0x16fae006,
+ 0x3364dbe3,0x3cd1bb67,
+ 0x4d19347f,0xd7757479,
+ 0x097ef45c,0x4a17a344,
+ 0x983d5983,0xcc3ee246,
+ 0xa566d62b,0x1582ee74,
+ 0xc45a7da7,0x3daf907e,
+ 0xfc75dd59,0xb043e802,
+ 0x5c5316b4,0x3fafeeb6,
+ 0x5127234c,0xadd5a66d,
+ 0x563c6b91,0xf6c76e08,
+ 0x2ae6c4ef,0x6321efbc,
+ 0x26585806,0x3f9d6328,
+ 0x30ceaa5f,0xd830eb0d,
+ 0x300cd4b7,0x9af8cee3,
+ 0x0cd29b00,0x9832e0f2,
+ 0xe3f2c9d2,0x16512a74,
+ 0x7b9ec54b,0x574d239b,
+ 0xd98176b1,0xb3cb2bf4,
+ 0x0758df38,0x442e7031,
+ 0x39eea065,0x26b29721,
+ 0x15dfa08b,0x7ceca7d8,
+ 0x93ce25aa,0xdaef5fc0,
+ 0x9279f1b5,0x316796e6,
+ 0xce6c3213,0x47154778,
+ 0x65655e4e,0x86ca0bd0,
+ 0x8338f7d1,0x6ff81301,
+ 0xd9922576,0x7eb027ab,
+ 0xd86902bd,0xa5194a17,
+ 0x6ee651ff,0xf3a6e6cc,
+ 0x8452173c,0x825446ff,
+ 0x897cfcf2,0xa20940f0,
+ 0x37e95ef7,0xd1ed44a3,
+ 0xf6f7853c,0xda7d8d53,
+ 0xfd43f65a,0x33664d97,
+ 0xd3688604,0x05750a17,
+ 0x62a205f8,0x486a9323,
+ 0x8e5086fc,0x4e477830,
+ 0xbd3a2ce4,0xe7de9fef,
+ 0xbe42dc12,0xdea83eaa,
+ 0xf908731a,0x6a21fd4c,
+ 0xbb0f1eea,0xbf9d75f6,
+ 0x9b54cded,0xe26f4791,
+ 0x701541db,0x72409751,
+ 0x3198b435,0xa163d09a,
+ 0x00000000UL, 0x00000000UL
+} ;
View
76 crypto_hash/round3jh256/arm11/hash.c
@@ -0,0 +1,76 @@
+#include "api.h"
+#include "crypto_hash.h"
+#include "crypto_uint32.h"
+
+typedef crypto_uint32 u32;
+
+extern u32 TrH0_256[32];
+extern u32 cst[6+42*8];
+const u32 *seq=cst+4;
+
+extern void loopcompress(u32 *in, u32 nblocks, u32 *ctx, const u32 *seq);
+
+int crypto_hash(unsigned char *out,const unsigned char *in,unsigned long long inlen)
+{
+ u32 ctx[8][4];
+ int i;
+ unsigned char buffer[128];
+ unsigned long long bitlen = inlen<<3;
+
+ // Init
+ /*
+ for (i = 0; i < 32; i++)
+ ctx[i] = ((u32*) h0)[i];
+ */
+
+ for (i=0; i<32; i++)
+ ctx[i>>2][i&3] = TrH0_256[i];
+
+ // Update
+ /*
+ while(inlen>=64)
+ {
+ //compress(ctx,in);
+ inlen -= 64;
+ in += 64;
+ }
+ */
+ //XXX Handle long messages!
+ loopcompress((u32 *)in, inlen>>6, &ctx[0][0], seq);
+ in += (inlen & ~0x3f);
+ inlen &= 0x3f;
+ /* padding */
+ if(!inlen)
+ {
+ buffer[0] =0x80;
+ for(i=1;i<56;i++)
+ buffer[i] = 0;
+ for(i=56;i<64;i++)
+ buffer[i] = (bitlen >> 8*(63-i)) & 0xff;
+// compress(ctx, buffer);
+ loopcompress((u32 *)buffer, 1, &ctx[0][0], seq);
+ }
+ else
+ {
+ for(i=0;i<inlen;i++)
+ buffer[i] = in[i];
+ buffer[inlen] = 0x80;
+ for(i=inlen+1;i<120;i++)
+ buffer[i] = 0;
+ for(i=120;i<128;i++)
+ buffer[i] = (bitlen >> 8*(127-i)) & 0xff;
+ //compress(ctx, buffer);
+ //compress(ctx, buffer+64);
+ loopcompress((u32 *)buffer, 2, &ctx[0][0], seq);
+ }
+
+ //Final
+// for(i=0;i<crypto_hash_BYTES;i++)
+// out[i] = ((unsigned char *) ctx)[96+i];
+
+ u32 *X = (u32 *) &ctx[0][0];
+ u32 *H = (u32 *) out;
+ for (i=24; i<32; i++) H[i-24] = X[((i&3)<<3)+(i>>3)+(i&4)];
+
+ return 0;
+}
View
3 crypto_hash/round3jh256/arm11/implementors
@@ -0,0 +1,3 @@
+Peter Schwabe
+Bo-Yin Yang
+Shang-Yi Yang
View
9,342 crypto_hash/round3jh256/arm11/loopcompress.s
9,342 additions, 0 deletions not shown because the diff is too large. Please use a local Git client to view these changes.
View
1 crypto_hash/round3jh256/checksum
@@ -0,0 +1 @@
+1bfae2a7021186e30725ac4a20c8f039c4b43a81fb90a3795ae4dcb73adf7179
View
1 crypto_hash/round3jh256/description
@@ -0,0 +1 @@
+JH with 42 rounds and 256-bit output; JH team's final submission for SHA-3-256
View
1 crypto_hash/round3jh256/designers
@@ -0,0 +1 @@
+Hongjun Wu
View
0 crypto_hash/round3jh256/sha3
No changes.
View
0 crypto_hash/jh256/sphlib/api.h → crypto_hash/round3jh256/sphlib-small/api.h
File renamed without changes.
View
0 crypto_hash/jh256/sphlib/hash.c → crypto_hash/round3jh256/sphlib-small/hash.c
File renamed without changes.
View
0 crypto_hash/jh512/sphlib/implementors → ...ash/round3jh256/sphlib-small/implementors
File renamed without changes.
View
0 crypto_hash/jh512/sphlib/jh.c → crypto_hash/round3jh256/sphlib-small/jh.c
File renamed without changes.
View
0 crypto_hash/jh512/sphlib/sph_jh.h → ...to_hash/round3jh256/sphlib-small/sph_jh.h
File renamed without changes.
View
0 crypto_hash/jh512/sphlib-small/sph_types.h → ...hash/round3jh256/sphlib-small/sph_types.h
File renamed without changes.
View
0 crypto_hash/jh256/sphlib-small/api.h → crypto_hash/round3jh256/sphlib/api.h
File renamed without changes.
View
0 crypto_hash/jh256/sphlib-small/hash.c → crypto_hash/round3jh256/sphlib/hash.c
File renamed without changes.
View
0 crypto_hash/jh512/sphlib-small/implementors → crypto_hash/round3jh256/sphlib/implementors
File renamed without changes.
View
0 crypto_hash/jh512/sphlib-small/jh.c → crypto_hash/round3jh256/sphlib/jh.c
File renamed without changes.
View
0 crypto_hash/jh512/sphlib-small/sph_jh.h → crypto_hash/round3jh256/sphlib/sph_jh.h
File renamed without changes.
View
0 crypto_hash/jh512/sphlib/sph_types.h → crypto_hash/round3jh256/sphlib/sph_types.h
File renamed without changes.
View
1 crypto_hash/round3jh512/checksum
@@ -0,0 +1 @@
+b0f48ab19fc786736bf5af90e423c076fccda33b555dbda33eaf4dc77f3ac3edc42436d10c74d17770965e9d055383df5740e6af60719430f3b982e714a769e6
View
1 crypto_hash/round3jh512/description
@@ -0,0 +1 @@
+JH with 42 rounds and 512-bit output; JH team's final submission for SHA-3-512
View
1 crypto_hash/round3jh512/designers
@@ -0,0 +1 @@
+Hongjun Wu
View
0 crypto_hash/round3jh512/sha3
No changes.
View
0 crypto_hash/jh512/sphlib/api.h → crypto_hash/round3jh512/sphlib-small/api.h
File renamed without changes.
View
0 crypto_hash/jh512/sphlib/hash.c → crypto_hash/round3jh512/sphlib-small/hash.c
File renamed without changes.
View
0 crypto_hash/jh256/sphlib/implementors → ...ash/round3jh512/sphlib-small/implementors
File renamed without changes.
View
0 crypto_hash/jh256/sphlib/jh.c → crypto_hash/round3jh512/sphlib-small/jh.c
File renamed without changes.
View
0 crypto_hash/jh256/sphlib/sph_jh.h → ...to_hash/round3jh512/sphlib-small/sph_jh.h
File renamed without changes.
View
0 crypto_hash/jh256/sphlib-small/sph_types.h → ...hash/round3jh512/sphlib-small/sph_types.h
File renamed without changes.
View
0 crypto_hash/jh512/sphlib-small/api.h → crypto_hash/round3jh512/sphlib/api.h
File renamed without changes.
View
0 crypto_hash/jh512/sphlib-small/hash.c → crypto_hash/round3jh512/sphlib/hash.c
File renamed without changes.
View
0 crypto_hash/jh256/sphlib-small/implementors → crypto_hash/round3jh512/sphlib/implementors
File renamed without changes.
View
0 crypto_hash/jh256/sphlib-small/jh.c → crypto_hash/round3jh512/sphlib/jh.c
File renamed without changes.
View
0 crypto_hash/jh256/sphlib-small/sph_jh.h → crypto_hash/round3jh512/sphlib/sph_jh.h
File renamed without changes.
View
0 crypto_hash/jh256/sphlib/sph_types.h → crypto_hash/round3jh512/sphlib/sph_types.h
File renamed without changes.
View
2 crypto_hash/skein10241024/arm_neon/architectures
@@ -0,0 +1,2 @@
+arm
+armeabi
View
2 crypto_hash/skein256256/arm_neon/architectures
@@ -0,0 +1,2 @@
+arm
+armeabi
View
2 crypto_hash/skein512256/arm_neon/architectures
@@ -0,0 +1,2 @@
+arm
+armeabi
View
2 crypto_hash/skein512512/arm_neon/architectures
@@ -0,0 +1,2 @@
+arm
+armeabi
View
1 crypto_sign/ed25519/checksum
@@ -0,0 +1 @@
+66c6f13e4865a0b3b75d3ce10f2cc6e39b14c8c46d8346567348a96646ca9fc68934e2853b
View
1 crypto_sign/hector/checksum
@@ -0,0 +1 @@
+b97e06eaa0eecb27cfe26f1ccd3fb9c728e5203c24ca184893bf3ca900de437093e3cae6f1
View
1 crypto_sign/mqqsig160/checksum
@@ -0,0 +1 @@
+ef7170a992d40cb2959f4f3b11befe03d6b899a159eaa801c514901f4d1d5175fb494167b8
View
1 crypto_sign/mqqsig192/checksum
@@ -0,0 +1 @@
+23708f85407e651a81a17c2985ef295b73c282ece0545b497a72cb75875ec1684d1097b65e
View
1 crypto_sign/mqqsig224/checksum
@@ -0,0 +1 @@
+7ca8ddf27170a5dbcbbe71accbc5fe735d77d4312a0a229c5c85b2f11e727c258eafc9c0d3
View
1 crypto_sign/mqqsig256/checksum
@@ -0,0 +1 @@
+c8ac32ea6b34744f201395d555e0b2b26abbf8298087a2f3517faeabdc5ae2fcfa2e51584d
View
1 crypto_sign/rwb0fuz1024/checksum
@@ -0,0 +1 @@
+0d894ed68e418a81b06b4fcf9008207fa975c0eb327f8cd708069e3e4b363c16aeb9b04698
View
123 crypto_sign/try.c
@@ -1,5 +1,5 @@
/*
- * crypto_sign/try.c version 20110504
+ * crypto_sign/try.c version 20111119
* D. J. Bernstein
* Public domain.
*/
@@ -15,11 +15,11 @@ extern unsigned char *alignedcalloc(unsigned long long);
const char *primitiveimplementation = crypto_sign_IMPLEMENTATION;
-static unsigned char *pk;
-static unsigned char *sk;
-static unsigned char *m; unsigned long long mlen;
-static unsigned char *sm; unsigned long long smlen;
-static unsigned char *t; unsigned long long tlen;
+static unsigned char *pk; unsigned long long pklen; static unsigned char *pk2;
+static unsigned char *sk; unsigned long long sklen; static unsigned char *sk2;
+static unsigned char *m; unsigned long long mlen; static unsigned char *m2;
+static unsigned char *sm; unsigned long long smlen; static unsigned char *sm2;
+static unsigned char *t; unsigned long long tlen; static unsigned char *t2;
void preallocate(void)
{
@@ -30,11 +30,16 @@ void preallocate(void)
void allocate(void)
{
- pk = alignedcalloc(crypto_sign_PUBLICKEYBYTES);
- sk = alignedcalloc(crypto_sign_SECRETKEYBYTES);
+ pk = alignedcalloc(pklen = crypto_sign_PUBLICKEYBYTES);
+ sk = alignedcalloc(sklen = crypto_sign_SECRETKEYBYTES);
m = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES);
sm = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES);
t = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES);
+ pk2 = alignedcalloc(pklen);
+ sk2 = alignedcalloc(sklen);
+ m2 = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES);
+ sm2 = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES);
+ t2 = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES);
}
void predoit(void)
@@ -51,36 +56,102 @@ void doit(void)
crypto_sign_open(t,&tlen,sm,smlen,pk);
}
-char checksum[crypto_sign_BYTES * 2 + 1];
+static unsigned char chain[37]; long long chainlen = 37;
+char checksum[37 * 2 + 1];
const char *checksum_compute(void)
{
long long mlen;
long long i;
long long j;
+ long long loops;
- if (crypto_sign_keypair(pk,sk) != 0) return "crypto_sign_keypair returns nonzero";
- for (mlen = 0;mlen < MAXTEST_BYTES;mlen += 1 + (mlen / 16)) {
- if (crypto_sign(sm,&smlen,m,mlen,sk) != 0) return "crypto_sign returns nonzero";
- if (crypto_sign_open(t,&tlen,sm,smlen,pk) != 0) return "crypto_sign_open returns nonzero";
- if (tlen != mlen) return "crypto_sign_open does not match length";
- for (i = 0;i < tlen;++i)
- if (t[i] != m[i])
- return "crypto_sign_open does not match contents";
+ for (loops = 0;loops < 10;++loops) {
+ for (j = -16;j < 0;++j) sk2[j] = sk[j] = random();
+ for (j = 0;j < sklen + 16;++j) sk2[j] = sk[j] = random();
+ for (j = -16;j < 0;++j) pk2[j] = pk[j] = random();
+ for (j = 0;j < pklen + 16;++j) pk2[j] = pk[j] = random();
+ if (crypto_sign_keypair(pk,sk) != 0) return "crypto_sign_keypair returns nonzero";
+ for (j = -16;j < 0;++j) if (pk[j] != pk2[j]) return "crypto_sign_keypair writes before pk";
+ for (j = pklen;j < pklen + 16;++j) if (pk[j] != pk2[j]) return "crypto_sign_keypair writes after pk";
+ for (j = -16;j < 0;++j) if (sk[j] != sk2[j]) return "crypto_sign_keypair writes before sk";
+ for (j = sklen;j < sklen + 16;++j) if (sk[j] != sk2[j]) return "crypto_sign_keypair writes after sk";
+
+ for (mlen = 0;mlen < MAXTEST_BYTES;mlen += 1 + (mlen / 16)) {
+ for (j = -16;j < 0;++j) m2[j] = m[j] = random();
+ for (j = mlen;j < mlen + 16;++j) m2[j] = m[j] = random();
+ randombytes(m,mlen);
+ if (mlen > 0)
+ for (j = 0;j < chainlen;++j) m[j % mlen] ^= chain[j];
+ for (j = 0;j < mlen;++j) m2[j] = m[j];
+ for (j = -16;j < 0;++j) pk2[j] = pk[j];
+ for (j = 0;j < pklen + 16;++j) pk2[j] = pk[j];
+ for (j = -16;j < 0;++j) sk2[j] = sk[j];
+ for (j = 0;j < sklen + 16;++j) sk2[j] = sk[j];
+ for (j = -16;j < 0;++j) sm2[j] = sm[j] = random();
+ for (j = 0;j < mlen + crypto_sign_BYTES + 16;++j) sm2[j] = sm[j] = random();
+
+ if (crypto_sign(sm,&smlen,m,mlen,sk) != 0) return "crypto_sign returns nonzero";
+ if (smlen > mlen + crypto_sign_BYTES) return "crypto_sign returns more than crypto_sign_BYTES extra bytes";
+ if (smlen == 0) return "crypto_sign returns empty message";
+ for (j = -16;j < 0;++j) if (pk[j] != pk2[j]) return "crypto_sign overwrites pk";
+ for (j = 0;j < pklen + 16;++j) if (pk[j] != pk2[j]) return "crypto_sign overwrites pk";
+ for (j = -16;j < 0;++j) if (sk[j] != sk2[j]) return "crypto_sign overwrites sk";
+ for (j = 0;j < sklen + 16;++j) if (sk[j] != sk2[j]) return "crypto_sign overwrites sk";
+ for (j = -16;j < 0;++j) if (m[j] != m2[j]) return "crypto_sign overwrites m";
+ for (j = 0;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_sign overwrites m";
+ for (j = -16;j < 0;++j) if (sm[j] != sm2[j]) return "crypto_sign writes before sm";
+ for (j = smlen;j < smlen + 16;++j) if (sm[j] != sm2[j]) return "crypto_sign writes after sm";
- j = random() % smlen;
- sm[j] ^= 1;
- if (crypto_sign_open(t,&tlen,sm,smlen,pk) == 0) {
- if (tlen != mlen) return "crypto_sign_open allows trivial forgery of length";
+ for (j = 0;j < smlen;++j) chain[j % chainlen] ^= sm[j];
+
+ for (j = -16;j < 0;++j) sm2[j] = sm[j];
+ for (j = 0;j < smlen + 16;++j) sm2[j] = sm[j];
+ for (j = -16;j < 0;++j) t2[j] = t[j] = random();
+ for (j = 0;j < smlen + 16;++j) t2[j] = t[j] = random();
+
+ if (crypto_sign_open(t,&tlen,sm,smlen,pk) != 0) return "crypto_sign_open returns nonzero";
+ if (tlen != mlen) return "crypto_sign_open does not match length";
for (i = 0;i < tlen;++i)
if (t[i] != m[i])
- return "crypto_sign_open allows trivial forgery of contents";
+ return "crypto_sign_open does not match contents";
+ for (j = -16;j < 0;++j) if (pk[j] != pk2[j]) return "crypto_sign_open overwrites pk";
+ for (j = 0;j < pklen + 16;++j) if (pk[j] != pk2[j]) return "crypto_sign_open overwrites pk";
+ for (j = -16;j < 0;++j) if (sk[j] != sk2[j]) return "crypto_sign_open overwrites sk";
+ for (j = 0;j < sklen + 16;++j) if (sk[j] != sk2[j]) return "crypto_sign_open overwrites sk";
+ for (j = -16;j < 0;++j) if (sm[j] != sm2[j]) return "crypto_sign_open overwrites sm";
+ for (j = 0;j < smlen + 16;++j) if (sm[j] != sm2[j]) return "crypto_sign_open overwrites sm";
+ for (j = -16;j < 0;++j) if (t[j] != t2[j]) return "crypto_sign_open writes before t";
+ for (j = smlen;j < smlen + 16;++j) if (t[j] != t2[j]) return "crypto_sign_open writes after t";
+
+ j = random() % smlen;
+ sm[j] ^= 1;
+ for (j = -16;j < 0;++j) sm2[j] = sm[j];
+ for (j = 0;j < smlen + 16;++j) sm2[j] = sm[j];
+ for (j = -16;j < 0;++j) t2[j] = t[j] = random();
+ for (j = 0;j < smlen + 16;++j) t2[j] = t[j] = random();
+ if (crypto_sign_open(t,&tlen,sm,smlen,pk) == 0) {
+ if (tlen != mlen) return "crypto_sign_open allows trivial forgery of length";
+ for (i = 0;i < tlen;++i)
+ if (t[i] != m[i])
+ return "crypto_sign_open allows trivial forgery of contents";
+ }
+ for (j = -16;j < 0;++j) if (pk[j] != pk2[j]) return "crypto_sign_open overwrites pk";
+ for (j = 0;j < pklen + 16;++j) if (pk[j] != pk2[j]) return "crypto_sign_open overwrites pk";
+ for (j = -16;j < 0;++j) if (sk[j] != sk2[j]) return "crypto_sign_open overwrites sk";
+ for (j = 0;j < sklen + 16;++j) if (sk[j] != sk2[j]) return "crypto_sign_open overwrites sk";
+ for (j = -16;j < 0;++j) if (sm[j] != sm2[j]) return "crypto_sign_open overwrites sm";
+ for (j = 0;j < smlen + 16;++j) if (sm[j] != sm2[j]) return "crypto_sign_open overwrites sm";
+ for (j = -16;j < 0;++j) if (t[j] != t2[j]) return "crypto_sign_open writes before t";
+ for (j = smlen;j < smlen + 16;++j) if (t[j] != t2[j]) return "crypto_sign_open writes after t";
+ sm[j] ^= 1;
}
- sm[j] ^= 1;
-
}
- /* do some long-term checksum */
- checksum[0] = 0;
+ for (i = 0;i < chainlen;++i) {
+ checksum[2 * i] = "0123456789abcdef"[15 & (chain[i] >> 4)];
+ checksum[2 * i + 1] = "0123456789abcdef"[15 & chain[i]];
+ }
+ checksum[2 * i] = 0;
return 0;
}
View
2 version
@@ -1 +1 @@
-20111112
+20111120

0 comments on commit 5c38430

Please sign in to comment.