aboutsummaryrefslogtreecommitdiffstats
path: root/grub-core/lib
diff options
context:
space:
mode:
authorJames <james.mckenzie@citrix.com>2012-11-16 10:41:01 +0000
committerJames <james.mckenzie@citrix.com>2012-11-16 10:41:01 +0000
commit041d1ea37802bf7178a31a53f96c26efa6b8fb7b (patch)
treec193e84ad1237f25a79d0f6a267722e44c73f56a /grub-core/lib
downloadgrub-1.99-041d1ea37802bf7178a31a53f96c26efa6b8fb7b.tar.gz
grub-1.99-041d1ea37802bf7178a31a53f96c26efa6b8fb7b.tar.bz2
grub-1.99-041d1ea37802bf7178a31a53f96c26efa6b8fb7b.zip
fish
Diffstat (limited to 'grub-core/lib')
-rw-r--r--grub-core/lib/LzFind.c777
-rw-r--r--grub-core/lib/LzmaDec.c1035
-rw-r--r--grub-core/lib/LzmaEnc.c2357
-rw-r--r--grub-core/lib/arg.c478
-rw-r--r--grub-core/lib/cmdline.c105
-rw-r--r--grub-core/lib/cmos_datetime.c158
-rw-r--r--grub-core/lib/crc.c75
-rw-r--r--grub-core/lib/crypto.c456
-rw-r--r--grub-core/lib/efi/datetime.c82
-rw-r--r--grub-core/lib/efi/halt.c36
-rw-r--r--grub-core/lib/efi/relocator.c119
-rw-r--r--grub-core/lib/emu/halt.c25
-rw-r--r--grub-core/lib/envblk.c296
-rw-r--r--grub-core/lib/hexdump.c85
-rw-r--r--grub-core/lib/i386/halt.c60
-rw-r--r--grub-core/lib/i386/pc/biosnum.c47
-rw-r--r--grub-core/lib/i386/pc/vesa_modes_table.c127
-rw-r--r--grub-core/lib/i386/relocator.c270
-rw-r--r--grub-core/lib/i386/relocator16.S193
-rw-r--r--grub-core/lib/i386/relocator32.S134
-rw-r--r--grub-core/lib/i386/relocator64.S160
-rw-r--r--grub-core/lib/i386/relocator_asm.S80
-rw-r--r--grub-core/lib/i386/relocator_backward.S2
-rw-r--r--grub-core/lib/i386/relocator_common.S82
-rw-r--r--grub-core/lib/i386/setjmp.S59
-rw-r--r--grub-core/lib/ieee1275/datetime.c145
-rw-r--r--grub-core/lib/ieee1275/halt.c33
-rw-r--r--grub-core/lib/ieee1275/relocator.c95
-rw-r--r--grub-core/lib/legacy_parse.c815
-rw-r--r--grub-core/lib/libgcrypt-grub/cipher/ChangeLog4212
-rw-r--r--grub-core/lib/libgcrypt-grub/cipher/arcfour.c141
-rw-r--r--grub-core/lib/libgcrypt-grub/cipher/bithelp.h57
-rw-r--r--grub-core/lib/libgcrypt-grub/cipher/blowfish.c588
-rw-r--r--grub-core/lib/libgcrypt-grub/cipher/camellia-glue.c199
-rw-r--r--grub-core/lib/libgcrypt-grub/cipher/camellia.c1463
-rw-r--r--grub-core/lib/libgcrypt-grub/cipher/camellia.h83
-rw-r--r--grub-core/lib/libgcrypt-grub/cipher/cast5.c586
-rw-r--r--grub-core/lib/libgcrypt-grub/cipher/cipher.h2
-rw-r--r--grub-core/lib/libgcrypt-grub/cipher/crc.c318
-rw-r--r--grub-core/lib/libgcrypt-grub/cipher/crypto.lst38
-rw-r--r--grub-core/lib/libgcrypt-grub/cipher/des.c923
-rw-r--r--grub-core/lib/libgcrypt-grub/cipher/dsa.c1063
-rw-r--r--grub-core/lib/libgcrypt-grub/cipher/ecc.c1351
-rw-r--r--grub-core/lib/libgcrypt-grub/cipher/elgamal.c846
-rw-r--r--grub-core/lib/libgcrypt-grub/cipher/g10lib.h1
-rw-r--r--grub-core/lib/libgcrypt-grub/cipher/hash-common.h36
-rw-r--r--grub-core/lib/libgcrypt-grub/cipher/md4.c341
-rw-r--r--grub-core/lib/libgcrypt-grub/cipher/md5.c368
-rw-r--r--grub-core/lib/libgcrypt-grub/cipher/memory.h1
-rw-r--r--grub-core/lib/libgcrypt-grub/cipher/primegen.c1861
-rw-r--r--grub-core/lib/libgcrypt-grub/cipher/rfc2268.c282
-rw-r--r--grub-core/lib/libgcrypt-grub/cipher/rijndael-tables.h1690
-rw-r--r--grub-core/lib/libgcrypt-grub/cipher/rijndael.c767
-rw-r--r--grub-core/lib/libgcrypt-grub/cipher/rmd.h40
-rw-r--r--grub-core/lib/libgcrypt-grub/cipher/rmd160.c575
-rw-r--r--grub-core/lib/libgcrypt-grub/cipher/rsa.c1160
-rw-r--r--grub-core/lib/libgcrypt-grub/cipher/seed.c458
-rw-r--r--grub-core/lib/libgcrypt-grub/cipher/serpent.c994
-rw-r--r--grub-core/lib/libgcrypt-grub/cipher/sha1.c418
-rw-r--r--grub-core/lib/libgcrypt-grub/cipher/sha256.c388
-rw-r--r--grub-core/lib/libgcrypt-grub/cipher/sha512.c441
-rw-r--r--grub-core/lib/libgcrypt-grub/cipher/tiger.c864
-rw-r--r--grub-core/lib/libgcrypt-grub/cipher/twofish.c993
-rw-r--r--grub-core/lib/libgcrypt-grub/cipher/types.h2
-rw-r--r--grub-core/lib/libgcrypt-grub/cipher/whirlpool.c1419
-rw-r--r--grub-core/lib/libgcrypt/cipher/ChangeLog3900
-rw-r--r--grub-core/lib/libgcrypt/cipher/ac.c3301
-rw-r--r--grub-core/lib/libgcrypt/cipher/arcfour.c156
-rw-r--r--grub-core/lib/libgcrypt/cipher/bithelp.h54
-rw-r--r--grub-core/lib/libgcrypt/cipher/blowfish.c605
-rw-r--r--grub-core/lib/libgcrypt/cipher/camellia-glue.c253
-rw-r--r--grub-core/lib/libgcrypt/cipher/camellia.c1461
-rw-r--r--grub-core/lib/libgcrypt/cipher/camellia.h81
-rw-r--r--grub-core/lib/libgcrypt/cipher/cast5.c620
-rw-r--r--grub-core/lib/libgcrypt/cipher/cipher.c1932
-rw-r--r--grub-core/lib/libgcrypt/cipher/crc.c297
-rw-r--r--grub-core/lib/libgcrypt/cipher/des.c1196
-rw-r--r--grub-core/lib/libgcrypt/cipher/dsa.c1181
-rw-r--r--grub-core/lib/libgcrypt/cipher/ecc.c1390
-rw-r--r--grub-core/lib/libgcrypt/cipher/elgamal.c846
-rw-r--r--grub-core/lib/libgcrypt/cipher/hash-common.c94
-rw-r--r--grub-core/lib/libgcrypt/cipher/hash-common.h33
-rw-r--r--grub-core/lib/libgcrypt/cipher/hmac-tests.c732
-rw-r--r--grub-core/lib/libgcrypt/cipher/md.c1375
-rw-r--r--grub-core/lib/libgcrypt/cipher/md4.c328
-rw-r--r--grub-core/lib/libgcrypt/cipher/md5.c355
-rw-r--r--grub-core/lib/libgcrypt/cipher/primegen.c1862
-rw-r--r--grub-core/lib/libgcrypt/cipher/pubkey.c2749
-rw-r--r--grub-core/lib/libgcrypt/cipher/rfc2268.c345
-rw-r--r--grub-core/lib/libgcrypt/cipher/rijndael-tables.h1687
-rw-r--r--grub-core/lib/libgcrypt/cipher/rijndael.c1253
-rw-r--r--grub-core/lib/libgcrypt/cipher/rmd.h37
-rw-r--r--grub-core/lib/libgcrypt/cipher/rmd160.c572
-rw-r--r--grub-core/lib/libgcrypt/cipher/rsa.c1379
-rw-r--r--grub-core/lib/libgcrypt/cipher/seed.c478
-rw-r--r--grub-core/lib/libgcrypt/cipher/serpent.c978
-rw-r--r--grub-core/lib/libgcrypt/cipher/sha1.c479
-rw-r--r--grub-core/lib/libgcrypt/cipher/sha256.c487
-rw-r--r--grub-core/lib/libgcrypt/cipher/sha512.c553
-rw-r--r--grub-core/lib/libgcrypt/cipher/tiger.c851
-rw-r--r--grub-core/lib/libgcrypt/cipher/twofish.c1040
-rw-r--r--grub-core/lib/libgcrypt/cipher/whirlpool.c1406
-rw-r--r--grub-core/lib/libgcrypt_wrap/cipher_wrap.h92
-rw-r--r--grub-core/lib/mips/relocator.c149
-rw-r--r--grub-core/lib/mips/relocator_asm.S61
-rw-r--r--grub-core/lib/mips/setjmp.S68
-rw-r--r--grub-core/lib/pbkdf2.c105
-rw-r--r--grub-core/lib/posix_wrap/assert.h33
-rw-r--r--grub-core/lib/posix_wrap/ctype.h103
-rw-r--r--grub-core/lib/posix_wrap/errno.h28
-rw-r--r--grub-core/lib/posix_wrap/inttypes.h1
-rw-r--r--grub-core/lib/posix_wrap/langinfo.h38
-rw-r--r--grub-core/lib/posix_wrap/limits.h0
-rw-r--r--grub-core/lib/posix_wrap/localcharset.h28
-rw-r--r--grub-core/lib/posix_wrap/locale.h0
-rw-r--r--grub-core/lib/posix_wrap/stdint.h1
-rw-r--r--grub-core/lib/posix_wrap/stdio.h29
-rw-r--r--grub-core/lib/posix_wrap/stdlib.h57
-rw-r--r--grub-core/lib/posix_wrap/string.h42
-rw-r--r--grub-core/lib/posix_wrap/sys/types.h46
-rw-r--r--grub-core/lib/posix_wrap/unistd.h0
-rw-r--r--grub-core/lib/posix_wrap/wchar.h25
-rw-r--r--grub-core/lib/posix_wrap/wctype.h0
-rw-r--r--grub-core/lib/powerpc/relocator.c142
-rw-r--r--grub-core/lib/powerpc/relocator_asm.S60
-rw-r--r--grub-core/lib/powerpc/setjmp.S87
-rw-r--r--grub-core/lib/reed_solomon.c527
-rw-r--r--grub-core/lib/relocator.c1602
-rw-r--r--grub-core/lib/setjmp.S13
-rw-r--r--grub-core/lib/sparc64/setjmp.S50
-rw-r--r--grub-core/lib/x86_64/relocator_asm.S85
-rw-r--r--grub-core/lib/x86_64/setjmp.S68
-rw-r--r--grub-core/lib/xzembed/xz.h180
-rw-r--r--grub-core/lib/xzembed/xz_config.h141
-rw-r--r--grub-core/lib/xzembed/xz_dec_bcj.c578
-rw-r--r--grub-core/lib/xzembed/xz_dec_lzma2.c1182
-rw-r--r--grub-core/lib/xzembed/xz_dec_stream.c919
-rw-r--r--grub-core/lib/xzembed/xz_lzma2.h236
-rw-r--r--grub-core/lib/xzembed/xz_private.h96
-rw-r--r--grub-core/lib/xzembed/xz_stream.h53
140 files changed, 76626 insertions, 0 deletions
diff --git a/grub-core/lib/LzFind.c b/grub-core/lib/LzFind.c
new file mode 100644
index 0000000..d2bb15c
--- /dev/null
+++ b/grub-core/lib/LzFind.c
@@ -0,0 +1,777 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (c) 1999-2008 Igor Pavlov
+ * Copyright (C) 2008 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ * This code was taken from LZMA SDK 4.58 beta, and was slightly modified
+ * to adapt it to GRUB's requirement.
+ *
+ * See <http://www.7-zip.org>, for more information about LZMA.
+ */
+
+
+#include <config.h>
+
+#include <string.h>
+
+#include <grub/lib/LzFind.h>
+#include <grub/lib/LzHash.h>
+
+#define kEmptyHashValue 0
+#define kMaxValForNormalize ((UInt32)0xFFFFFFFF)
+#define kNormalizeStepMin (1 << 10) /* it must be power of 2 */
+#define kNormalizeMask (~(kNormalizeStepMin - 1))
+#define kMaxHistorySize ((UInt32)3 << 30)
+
+#define kStartMaxLen 3
+
+static void LzInWindow_Free(CMatchFinder *p, ISzAlloc *alloc)
+{
+ if (!p->directInput)
+ {
+ alloc->Free(alloc, p->bufferBase);
+ p->bufferBase = 0;
+ }
+}
+
+/* keepSizeBefore + keepSizeAfter + keepSizeReserv must be < 4G) */
+
+static int LzInWindow_Create(CMatchFinder *p, UInt32 keepSizeReserv, ISzAlloc *alloc)
+{
+ UInt32 blockSize = p->keepSizeBefore + p->keepSizeAfter + keepSizeReserv;
+ if (p->directInput)
+ {
+ p->blockSize = blockSize;
+ return 1;
+ }
+ if (p->bufferBase == 0 || p->blockSize != blockSize)
+ {
+ LzInWindow_Free(p, alloc);
+ p->blockSize = blockSize;
+ p->bufferBase = (Byte *)alloc->Alloc(alloc, (size_t)blockSize);
+ }
+ return (p->bufferBase != 0);
+}
+
+Byte *MatchFinder_GetPointerToCurrentPos(CMatchFinder *p) { return p->buffer; }
+Byte MatchFinder_GetIndexByte(CMatchFinder *p, Int32 index) { return p->buffer[index]; }
+
+UInt32 MatchFinder_GetNumAvailableBytes(CMatchFinder *p) { return p->streamPos - p->pos; }
+
+void MatchFinder_ReduceOffsets(CMatchFinder *p, UInt32 subValue)
+{
+ p->posLimit -= subValue;
+ p->pos -= subValue;
+ p->streamPos -= subValue;
+}
+
+static void MatchFinder_ReadBlock(CMatchFinder *p)
+{
+ if (p->streamEndWasReached || p->result != SZ_OK)
+ return;
+ for (;;)
+ {
+ Byte *dest = p->buffer + (p->streamPos - p->pos);
+ size_t size = (p->bufferBase + p->blockSize - dest);
+ if (size == 0)
+ return;
+ p->result = p->stream->Read(p->stream, dest, &size);
+ if (p->result != SZ_OK)
+ return;
+ if (size == 0)
+ {
+ p->streamEndWasReached = 1;
+ return;
+ }
+ p->streamPos += (UInt32)size;
+ if (p->streamPos - p->pos > p->keepSizeAfter)
+ return;
+ }
+}
+
+void MatchFinder_MoveBlock(CMatchFinder *p)
+{
+ memmove(p->bufferBase,
+ p->buffer - p->keepSizeBefore,
+ (size_t)(p->streamPos - p->pos + p->keepSizeBefore));
+ p->buffer = p->bufferBase + p->keepSizeBefore;
+}
+
+int MatchFinder_NeedMove(CMatchFinder *p)
+{
+ /* if (p->streamEndWasReached) return 0; */
+ return ((size_t)(p->bufferBase + p->blockSize - p->buffer) <= p->keepSizeAfter);
+}
+
+void MatchFinder_ReadIfRequired(CMatchFinder *p)
+{
+ if (p->streamEndWasReached)
+ return;
+ if (p->keepSizeAfter >= p->streamPos - p->pos)
+ MatchFinder_ReadBlock(p);
+}
+
+static void MatchFinder_CheckAndMoveAndRead(CMatchFinder *p)
+{
+ if (MatchFinder_NeedMove(p))
+ MatchFinder_MoveBlock(p);
+ MatchFinder_ReadBlock(p);
+}
+
+static void MatchFinder_SetDefaultSettings(CMatchFinder *p)
+{
+ p->cutValue = 32;
+ p->btMode = 1;
+ p->numHashBytes = 4;
+ /* p->skipModeBits = 0; */
+ p->directInput = 0;
+ p->bigHash = 0;
+}
+
+#define kCrcPoly 0xEDB88320
+
+void MatchFinder_Construct(CMatchFinder *p)
+{
+ UInt32 i;
+ p->bufferBase = 0;
+ p->directInput = 0;
+ p->hash = 0;
+ MatchFinder_SetDefaultSettings(p);
+
+ for (i = 0; i < 256; i++)
+ {
+ UInt32 r = i;
+ int j;
+ for (j = 0; j < 8; j++)
+ r = (r >> 1) ^ (kCrcPoly & ~((r & 1) - 1));
+ p->crc[i] = r;
+ }
+}
+
+static void MatchFinder_FreeThisClassMemory(CMatchFinder *p, ISzAlloc *alloc)
+{
+ alloc->Free(alloc, p->hash);
+ p->hash = 0;
+}
+
+void MatchFinder_Free(CMatchFinder *p, ISzAlloc *alloc)
+{
+ MatchFinder_FreeThisClassMemory(p, alloc);
+ LzInWindow_Free(p, alloc);
+}
+
+static CLzRef* AllocRefs(UInt32 num, ISzAlloc *alloc)
+{
+ size_t sizeInBytes = (size_t)num * sizeof(CLzRef);
+ if (sizeInBytes / sizeof(CLzRef) != num)
+ return 0;
+ return (CLzRef *)alloc->Alloc(alloc, sizeInBytes);
+}
+
+int MatchFinder_Create(CMatchFinder *p, UInt32 historySize,
+ UInt32 keepAddBufferBefore, UInt32 matchMaxLen, UInt32 keepAddBufferAfter,
+ ISzAlloc *alloc)
+{
+ UInt32 sizeReserv;
+ if (historySize > kMaxHistorySize)
+ {
+ MatchFinder_Free(p, alloc);
+ return 0;
+ }
+ sizeReserv = historySize >> 1;
+ if (historySize > ((UInt32)2 << 30))
+ sizeReserv = historySize >> 2;
+ sizeReserv += (keepAddBufferBefore + matchMaxLen + keepAddBufferAfter) / 2 + (1 << 19);
+
+ p->keepSizeBefore = historySize + keepAddBufferBefore + 1;
+ p->keepSizeAfter = matchMaxLen + keepAddBufferAfter;
+ /* we need one additional byte, since we use MoveBlock after pos++ and before dictionary using */
+ if (LzInWindow_Create(p, sizeReserv, alloc))
+ {
+ UInt32 newCyclicBufferSize = (historySize /* >> p->skipModeBits */) + 1;
+ UInt32 hs;
+ p->matchMaxLen = matchMaxLen;
+ {
+ p->fixedHashSize = 0;
+ if (p->numHashBytes == 2)
+ hs = (1 << 16) - 1;
+ else
+ {
+ hs = historySize - 1;
+ hs |= (hs >> 1);
+ hs |= (hs >> 2);
+ hs |= (hs >> 4);
+ hs |= (hs >> 8);
+ hs >>= 1;
+ /* hs >>= p->skipModeBits; */
+ hs |= 0xFFFF; /* don't change it! It's required for Deflate */
+ if (hs > (1 << 24))
+ {
+ if (p->numHashBytes == 3)
+ hs = (1 << 24) - 1;
+ else
+ hs >>= 1;
+ }
+ }
+ p->hashMask = hs;
+ hs++;
+ if (p->numHashBytes > 2) p->fixedHashSize += kHash2Size;
+ if (p->numHashBytes > 3) p->fixedHashSize += kHash3Size;
+ if (p->numHashBytes > 4) p->fixedHashSize += kHash4Size;
+ hs += p->fixedHashSize;
+ }
+
+ {
+ UInt32 prevSize = p->hashSizeSum + p->numSons;
+ UInt32 newSize;
+ p->historySize = historySize;
+ p->hashSizeSum = hs;
+ p->cyclicBufferSize = newCyclicBufferSize;
+ p->numSons = (p->btMode ? newCyclicBufferSize * 2 : newCyclicBufferSize);
+ newSize = p->hashSizeSum + p->numSons;
+ if (p->hash != 0 && prevSize == newSize)
+ return 1;
+ MatchFinder_FreeThisClassMemory(p, alloc);
+ p->hash = AllocRefs(newSize, alloc);
+ if (p->hash != 0)
+ {
+ p->son = p->hash + p->hashSizeSum;
+ return 1;
+ }
+ }
+ }
+ MatchFinder_Free(p, alloc);
+ return 0;
+}
+
+static void MatchFinder_SetLimits(CMatchFinder *p)
+{
+ UInt32 limit = kMaxValForNormalize - p->pos;
+ UInt32 limit2 = p->cyclicBufferSize - p->cyclicBufferPos;
+ if (limit2 < limit)
+ limit = limit2;
+ limit2 = p->streamPos - p->pos;
+ if (limit2 <= p->keepSizeAfter)
+ {
+ if (limit2 > 0)
+ limit2 = 1;
+ }
+ else
+ limit2 -= p->keepSizeAfter;
+ if (limit2 < limit)
+ limit = limit2;
+ {
+ UInt32 lenLimit = p->streamPos - p->pos;
+ if (lenLimit > p->matchMaxLen)
+ lenLimit = p->matchMaxLen;
+ p->lenLimit = lenLimit;
+ }
+ p->posLimit = p->pos + limit;
+}
+
+void MatchFinder_Init(CMatchFinder *p)
+{
+ UInt32 i;
+ for(i = 0; i < p->hashSizeSum; i++)
+ p->hash[i] = kEmptyHashValue;
+ p->cyclicBufferPos = 0;
+ p->buffer = p->bufferBase;
+ p->pos = p->streamPos = p->cyclicBufferSize;
+ p->result = SZ_OK;
+ p->streamEndWasReached = 0;
+ MatchFinder_ReadBlock(p);
+ MatchFinder_SetLimits(p);
+}
+
+static UInt32 MatchFinder_GetSubValue(CMatchFinder *p)
+{
+ return (p->pos - p->historySize - 1) & kNormalizeMask;
+}
+
+void MatchFinder_Normalize3(UInt32 subValue, CLzRef *items, UInt32 numItems)
+{
+ UInt32 i;
+ for (i = 0; i < numItems; i++)
+ {
+ UInt32 value = items[i];
+ if (value <= subValue)
+ value = kEmptyHashValue;
+ else
+ value -= subValue;
+ items[i] = value;
+ }
+}
+
+static void MatchFinder_Normalize(CMatchFinder *p)
+{
+ UInt32 subValue = MatchFinder_GetSubValue(p);
+ MatchFinder_Normalize3(subValue, p->hash, p->hashSizeSum + p->numSons);
+ MatchFinder_ReduceOffsets(p, subValue);
+}
+
+static void MatchFinder_CheckLimits(CMatchFinder *p)
+{
+ if (p->pos == kMaxValForNormalize)
+ MatchFinder_Normalize(p);
+ if (!p->streamEndWasReached && p->keepSizeAfter == p->streamPos - p->pos)
+ MatchFinder_CheckAndMoveAndRead(p);
+ if (p->cyclicBufferPos == p->cyclicBufferSize)
+ p->cyclicBufferPos = 0;
+ MatchFinder_SetLimits(p);
+}
+
+static UInt32 * Hc_GetMatchesSpec(UInt32 lenLimit, UInt32 curMatch, UInt32 pos, const Byte *cur, CLzRef *son,
+ UInt32 _cyclicBufferPos, UInt32 _cyclicBufferSize, UInt32 cutValue,
+ UInt32 *distances, UInt32 maxLen)
+{
+ son[_cyclicBufferPos] = curMatch;
+ for (;;)
+ {
+ UInt32 delta = pos - curMatch;
+ if (cutValue-- == 0 || delta >= _cyclicBufferSize)
+ return distances;
+ {
+ const Byte *pb = cur - delta;
+ curMatch = son[_cyclicBufferPos - delta + ((delta > _cyclicBufferPos) ? _cyclicBufferSize : 0)];
+ if (pb[maxLen] == cur[maxLen] && *pb == *cur)
+ {
+ UInt32 len = 0;
+ while(++len != lenLimit)
+ if (pb[len] != cur[len])
+ break;
+ if (maxLen < len)
+ {
+ *distances++ = maxLen = len;
+ *distances++ = delta - 1;
+ if (len == lenLimit)
+ return distances;
+ }
+ }
+ }
+ }
+}
+
+UInt32 * GetMatchesSpec1(UInt32 lenLimit, UInt32 curMatch, UInt32 pos, const Byte *cur, CLzRef *son,
+ UInt32 _cyclicBufferPos, UInt32 _cyclicBufferSize, UInt32 cutValue,
+ UInt32 *distances, UInt32 maxLen)
+{
+ CLzRef *ptr0 = son + (_cyclicBufferPos << 1) + 1;
+ CLzRef *ptr1 = son + (_cyclicBufferPos << 1);
+ UInt32 len0 = 0, len1 = 0;
+ for (;;)
+ {
+ UInt32 delta = pos - curMatch;
+ if (cutValue-- == 0 || delta >= _cyclicBufferSize)
+ {
+ *ptr0 = *ptr1 = kEmptyHashValue;
+ return distances;
+ }
+ {
+ CLzRef *pair = son + ((_cyclicBufferPos - delta + ((delta > _cyclicBufferPos) ? _cyclicBufferSize : 0)) << 1);
+ const Byte *pb = cur - delta;
+ UInt32 len = (len0 < len1 ? len0 : len1);
+ if (pb[len] == cur[len])
+ {
+ if (++len != lenLimit && pb[len] == cur[len])
+ while(++len != lenLimit)
+ if (pb[len] != cur[len])
+ break;
+ if (maxLen < len)
+ {
+ *distances++ = maxLen = len;
+ *distances++ = delta - 1;
+ if (len == lenLimit)
+ {
+ *ptr1 = pair[0];
+ *ptr0 = pair[1];
+ return distances;
+ }
+ }
+ }
+ if (pb[len] < cur[len])
+ {
+ *ptr1 = curMatch;
+ ptr1 = pair + 1;
+ curMatch = *ptr1;
+ len1 = len;
+ }
+ else
+ {
+ *ptr0 = curMatch;
+ ptr0 = pair;
+ curMatch = *ptr0;
+ len0 = len;
+ }
+ }
+ }
+}
+
+static void SkipMatchesSpec(UInt32 lenLimit, UInt32 curMatch, UInt32 pos, const Byte *cur, CLzRef *son,
+ UInt32 _cyclicBufferPos, UInt32 _cyclicBufferSize, UInt32 cutValue)
+{
+ CLzRef *ptr0 = son + (_cyclicBufferPos << 1) + 1;
+ CLzRef *ptr1 = son + (_cyclicBufferPos << 1);
+ UInt32 len0 = 0, len1 = 0;
+ for (;;)
+ {
+ UInt32 delta = pos - curMatch;
+ if (cutValue-- == 0 || delta >= _cyclicBufferSize)
+ {
+ *ptr0 = *ptr1 = kEmptyHashValue;
+ return;
+ }
+ {
+ CLzRef *pair = son + ((_cyclicBufferPos - delta + ((delta > _cyclicBufferPos) ? _cyclicBufferSize : 0)) << 1);
+ const Byte *pb = cur - delta;
+ UInt32 len = (len0 < len1 ? len0 : len1);
+ if (pb[len] == cur[len])
+ {
+ while(++len != lenLimit)
+ if (pb[len] != cur[len])
+ break;
+ {
+ if (len == lenLimit)
+ {
+ *ptr1 = pair[0];
+ *ptr0 = pair[1];
+ return;
+ }
+ }
+ }
+ if (pb[len] < cur[len])
+ {
+ *ptr1 = curMatch;
+ ptr1 = pair + 1;
+ curMatch = *ptr1;
+ len1 = len;
+ }
+ else
+ {
+ *ptr0 = curMatch;
+ ptr0 = pair;
+ curMatch = *ptr0;
+ len0 = len;
+ }
+ }
+ }
+}
+
+#define MOVE_POS \
+ ++p->cyclicBufferPos; \
+ p->buffer++; \
+ if (++p->pos == p->posLimit) MatchFinder_CheckLimits(p);
+
+#define MOVE_POS_RET MOVE_POS return offset;
+
+static void MatchFinder_MovePos(CMatchFinder *p) { MOVE_POS; }
+
+#define GET_MATCHES_HEADER2(minLen, ret_op) \
+ UInt32 lenLimit; UInt32 hashValue; const Byte *cur; UInt32 curMatch; \
+ lenLimit = p->lenLimit; { if (lenLimit < minLen) { MatchFinder_MovePos(p); ret_op; }} \
+ cur = p->buffer;
+
+#define GET_MATCHES_HEADER(minLen) GET_MATCHES_HEADER2(minLen, return 0)
+#define SKIP_HEADER(minLen) GET_MATCHES_HEADER2(minLen, continue)
+
+#define MF_PARAMS(p) p->pos, p->buffer, p->son, p->cyclicBufferPos, p->cyclicBufferSize, p->cutValue
+
+#define GET_MATCHES_FOOTER(offset, maxLen) \
+ offset = (UInt32)(GetMatchesSpec1(lenLimit, curMatch, MF_PARAMS(p), \
+ distances + offset, maxLen) - distances); MOVE_POS_RET;
+
+#define SKIP_FOOTER \
+ SkipMatchesSpec(lenLimit, curMatch, MF_PARAMS(p)); MOVE_POS;
+
+static UInt32 Bt2_MatchFinder_GetMatches(CMatchFinder *p, UInt32 *distances)
+{
+ UInt32 offset;
+ GET_MATCHES_HEADER(2)
+ HASH2_CALC;
+ curMatch = p->hash[hashValue];
+ p->hash[hashValue] = p->pos;
+ offset = 0;
+ GET_MATCHES_FOOTER(offset, 1)
+}
+
+UInt32 Bt3Zip_MatchFinder_GetMatches(CMatchFinder *p, UInt32 *distances)
+{
+ UInt32 offset;
+ GET_MATCHES_HEADER(3)
+ HASH_ZIP_CALC;
+ curMatch = p->hash[hashValue];
+ p->hash[hashValue] = p->pos;
+ offset = 0;
+ GET_MATCHES_FOOTER(offset, 2)
+}
+
+static UInt32 Bt3_MatchFinder_GetMatches(CMatchFinder *p, UInt32 *distances)
+{
+ UInt32 hash2Value, delta2, maxLen, offset;
+ GET_MATCHES_HEADER(3)
+
+ HASH3_CALC;
+
+ delta2 = p->pos - p->hash[hash2Value];
+ curMatch = p->hash[kFix3HashSize + hashValue];
+
+ p->hash[hash2Value] =
+ p->hash[kFix3HashSize + hashValue] = p->pos;
+
+
+ maxLen = 2;
+ offset = 0;
+ if (delta2 < p->cyclicBufferSize && *(cur - delta2) == *cur)
+ {
+ for (; maxLen != lenLimit; maxLen++)
+ if (cur[(ptrdiff_t)maxLen - delta2] != cur[maxLen])
+ break;
+ distances[0] = maxLen;
+ distances[1] = delta2 - 1;
+ offset = 2;
+ if (maxLen == lenLimit)
+ {
+ SkipMatchesSpec(lenLimit, curMatch, MF_PARAMS(p));
+ MOVE_POS_RET;
+ }
+ }
+ GET_MATCHES_FOOTER(offset, maxLen)
+}
+
+static UInt32 Bt4_MatchFinder_GetMatches(CMatchFinder *p, UInt32 *distances)
+{
+ UInt32 hash2Value, hash3Value, delta2, delta3, maxLen, offset;
+ GET_MATCHES_HEADER(4)
+
+ HASH4_CALC;
+
+ delta2 = p->pos - p->hash[ hash2Value];
+ delta3 = p->pos - p->hash[kFix3HashSize + hash3Value];
+ curMatch = p->hash[kFix4HashSize + hashValue];
+
+ p->hash[ hash2Value] =
+ p->hash[kFix3HashSize + hash3Value] =
+ p->hash[kFix4HashSize + hashValue] = p->pos;
+
+ maxLen = 1;
+ offset = 0;
+ if (delta2 < p->cyclicBufferSize && *(cur - delta2) == *cur)
+ {
+ distances[0] = maxLen = 2;
+ distances[1] = delta2 - 1;
+ offset = 2;
+ }
+ if (delta2 != delta3 && delta3 < p->cyclicBufferSize && *(cur - delta3) == *cur)
+ {
+ maxLen = 3;
+ distances[offset + 1] = delta3 - 1;
+ offset += 2;
+ delta2 = delta3;
+ }
+ if (offset != 0)
+ {
+ for (; maxLen != lenLimit; maxLen++)
+ if (cur[(ptrdiff_t)maxLen - delta2] != cur[maxLen])
+ break;
+ distances[offset - 2] = maxLen;
+ if (maxLen == lenLimit)
+ {
+ SkipMatchesSpec(lenLimit, curMatch, MF_PARAMS(p));
+ MOVE_POS_RET;
+ }
+ }
+ if (maxLen < 3)
+ maxLen = 3;
+ GET_MATCHES_FOOTER(offset, maxLen)
+}
+
+static UInt32 Hc4_MatchFinder_GetMatches(CMatchFinder *p, UInt32 *distances)
+{
+ UInt32 hash2Value, hash3Value, delta2, delta3, maxLen, offset;
+ GET_MATCHES_HEADER(4)
+
+ HASH4_CALC;
+
+ delta2 = p->pos - p->hash[ hash2Value];
+ delta3 = p->pos - p->hash[kFix3HashSize + hash3Value];
+ curMatch = p->hash[kFix4HashSize + hashValue];
+
+ p->hash[ hash2Value] =
+ p->hash[kFix3HashSize + hash3Value] =
+ p->hash[kFix4HashSize + hashValue] = p->pos;
+
+ maxLen = 1;
+ offset = 0;
+ if (delta2 < p->cyclicBufferSize && *(cur - delta2) == *cur)
+ {
+ distances[0] = maxLen = 2;
+ distances[1] = delta2 - 1;
+ offset = 2;
+ }
+ if (delta2 != delta3 && delta3 < p->cyclicBufferSize && *(cur - delta3) == *cur)
+ {
+ maxLen = 3;
+ distances[offset + 1] = delta3 - 1;
+ offset += 2;
+ delta2 = delta3;
+ }
+ if (offset != 0)
+ {
+ for (; maxLen != lenLimit; maxLen++)
+ if (cur[(ptrdiff_t)maxLen - delta2] != cur[maxLen])
+ break;
+ distances[offset - 2] = maxLen;
+ if (maxLen == lenLimit)
+ {
+ p->son[p->cyclicBufferPos] = curMatch;
+ MOVE_POS_RET;
+ }
+ }
+ if (maxLen < 3)
+ maxLen = 3;
+ offset = (UInt32)(Hc_GetMatchesSpec(lenLimit, curMatch, MF_PARAMS(p),
+ distances + offset, maxLen) - (distances));
+ MOVE_POS_RET
+}
+
+UInt32 Hc3Zip_MatchFinder_GetMatches(CMatchFinder *p, UInt32 *distances)
+{
+ UInt32 offset;
+ GET_MATCHES_HEADER(3)
+ HASH_ZIP_CALC;
+ curMatch = p->hash[hashValue];
+ p->hash[hashValue] = p->pos;
+ offset = (UInt32)(Hc_GetMatchesSpec(lenLimit, curMatch, MF_PARAMS(p),
+ distances, 2) - (distances));
+ MOVE_POS_RET
+}
+
+static void Bt2_MatchFinder_Skip(CMatchFinder *p, UInt32 num)
+{
+ do
+ {
+ SKIP_HEADER(2)
+ HASH2_CALC;
+ curMatch = p->hash[hashValue];
+ p->hash[hashValue] = p->pos;
+ SKIP_FOOTER
+ }
+ while (--num != 0);
+}
+
+void Bt3Zip_MatchFinder_Skip(CMatchFinder *p, UInt32 num)
+{
+ do
+ {
+ SKIP_HEADER(3)
+ HASH_ZIP_CALC;
+ curMatch = p->hash[hashValue];
+ p->hash[hashValue] = p->pos;
+ SKIP_FOOTER
+ }
+ while (--num != 0);
+}
+
+static void Bt3_MatchFinder_Skip(CMatchFinder *p, UInt32 num)
+{
+ do
+ {
+ UInt32 hash2Value;
+ SKIP_HEADER(3)
+ HASH3_CALC;
+ curMatch = p->hash[kFix3HashSize + hashValue];
+ p->hash[hash2Value] =
+ p->hash[kFix3HashSize + hashValue] = p->pos;
+ SKIP_FOOTER
+ }
+ while (--num != 0);
+}
+
+static void Bt4_MatchFinder_Skip(CMatchFinder *p, UInt32 num)
+{
+ do
+ {
+ UInt32 hash2Value, hash3Value;
+ SKIP_HEADER(4)
+ HASH4_CALC;
+ curMatch = p->hash[kFix4HashSize + hashValue];
+ p->hash[ hash2Value] =
+ p->hash[kFix3HashSize + hash3Value] = p->pos;
+ p->hash[kFix4HashSize + hashValue] = p->pos;
+ SKIP_FOOTER
+ }
+ while (--num != 0);
+}
+
+static void Hc4_MatchFinder_Skip(CMatchFinder *p, UInt32 num)
+{
+ do
+ {
+ UInt32 hash2Value, hash3Value;
+ SKIP_HEADER(4)
+ HASH4_CALC;
+ curMatch = p->hash[kFix4HashSize + hashValue];
+ p->hash[ hash2Value] =
+ p->hash[kFix3HashSize + hash3Value] =
+ p->hash[kFix4HashSize + hashValue] = p->pos;
+ p->son[p->cyclicBufferPos] = curMatch;
+ MOVE_POS
+ }
+ while (--num != 0);
+}
+
+void Hc3Zip_MatchFinder_Skip(CMatchFinder *p, UInt32 num)
+{
+ do
+ {
+ SKIP_HEADER(3)
+ HASH_ZIP_CALC;
+ curMatch = p->hash[hashValue];
+ p->hash[hashValue] = p->pos;
+ p->son[p->cyclicBufferPos] = curMatch;
+ MOVE_POS
+ }
+ while (--num != 0);
+}
+
+void MatchFinder_CreateVTable(CMatchFinder *p, IMatchFinder *vTable)
+{
+ vTable->Init = (Mf_Init_Func)MatchFinder_Init;
+ vTable->GetIndexByte = (Mf_GetIndexByte_Func)MatchFinder_GetIndexByte;
+ vTable->GetNumAvailableBytes = (Mf_GetNumAvailableBytes_Func)MatchFinder_GetNumAvailableBytes;
+ vTable->GetPointerToCurrentPos = (Mf_GetPointerToCurrentPos_Func)MatchFinder_GetPointerToCurrentPos;
+ if (!p->btMode)
+ {
+ vTable->GetMatches = (Mf_GetMatches_Func)Hc4_MatchFinder_GetMatches;
+ vTable->Skip = (Mf_Skip_Func)Hc4_MatchFinder_Skip;
+ }
+ else if (p->numHashBytes == 2)
+ {
+ vTable->GetMatches = (Mf_GetMatches_Func)Bt2_MatchFinder_GetMatches;
+ vTable->Skip = (Mf_Skip_Func)Bt2_MatchFinder_Skip;
+ }
+ else if (p->numHashBytes == 3)
+ {
+ vTable->GetMatches = (Mf_GetMatches_Func)Bt3_MatchFinder_GetMatches;
+ vTable->Skip = (Mf_Skip_Func)Bt3_MatchFinder_Skip;
+ }
+ else
+ {
+ vTable->GetMatches = (Mf_GetMatches_Func)Bt4_MatchFinder_GetMatches;
+ vTable->Skip = (Mf_Skip_Func)Bt4_MatchFinder_Skip;
+ }
+}
diff --git a/grub-core/lib/LzmaDec.c b/grub-core/lib/LzmaDec.c
new file mode 100644
index 0000000..62ebee6
--- /dev/null
+++ b/grub-core/lib/LzmaDec.c
@@ -0,0 +1,1035 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (c) 1999-2008 Igor Pavlov
+ * Copyright (C) 2008 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ * This code was taken from LZMA SDK 4.58 beta, and was slightly modified
+ * to adapt it to GRUB's requirement.
+ *
+ * See <http://www.7-zip.org>, for more information about LZMA.
+ */
+
+#include <grub/lib/LzmaDec.h>
+
+#include <string.h>
+
+#define kNumTopBits 24
+#define kTopValue ((UInt32)1 << kNumTopBits)
+
+#define kNumBitModelTotalBits 11
+#define kBitModelTotal (1 << kNumBitModelTotalBits)
+#define kNumMoveBits 5
+
+#define RC_INIT_SIZE 5
+
+#define NORMALIZE if (range < kTopValue) { range <<= 8; code = (code << 8) | (*buf++); }
+
+#define IF_BIT_0(p) ttt = *(p); NORMALIZE; bound = (range >> kNumBitModelTotalBits) * ttt; if (code < bound)
+#define UPDATE_0(p) range = bound; *(p) = (CLzmaProb)(ttt + ((kBitModelTotal - ttt) >> kNumMoveBits));
+#define UPDATE_1(p) range -= bound; code -= bound; *(p) = (CLzmaProb)(ttt - (ttt >> kNumMoveBits));
+#define GET_BIT2(p, i, A0, A1) IF_BIT_0(p) \
+ { UPDATE_0(p); i = (i + i); A0; } else \
+ { UPDATE_1(p); i = (i + i) + 1; A1; }
+#define GET_BIT(p, i) GET_BIT2(p, i, ; , ;)
+
+#define TREE_GET_BIT(probs, i) { GET_BIT((probs + i), i); }
+#define TREE_DECODE(probs, limit, i) \
+ { i = 1; do { TREE_GET_BIT(probs, i); } while (i < limit); i -= limit; }
+
+/* #define _LZMA_SIZE_OPT */
+
+#ifdef _LZMA_SIZE_OPT
+#define TREE_6_DECODE(probs, i) TREE_DECODE(probs, (1 << 6), i)
+#else
+#define TREE_6_DECODE(probs, i) \
+ { i = 1; \
+ TREE_GET_BIT(probs, i); \
+ TREE_GET_BIT(probs, i); \
+ TREE_GET_BIT(probs, i); \
+ TREE_GET_BIT(probs, i); \
+ TREE_GET_BIT(probs, i); \
+ TREE_GET_BIT(probs, i); \
+ i -= 0x40; }
+#endif
+
+#define NORMALIZE_CHECK if (range < kTopValue) { if (buf >= bufLimit) return DUMMY_ERROR; range <<= 8; code = (code << 8) | (*buf++); }
+
+#define IF_BIT_0_CHECK(p) ttt = *(p); NORMALIZE_CHECK; bound = (range >> kNumBitModelTotalBits) * ttt; if (code < bound)
+#define UPDATE_0_CHECK range = bound;
+#define UPDATE_1_CHECK range -= bound; code -= bound;
+#define GET_BIT2_CHECK(p, i, A0, A1) IF_BIT_0_CHECK(p) \
+ { UPDATE_0_CHECK; i = (i + i); A0; } else \
+ { UPDATE_1_CHECK; i = (i + i) + 1; A1; }
+#define GET_BIT_CHECK(p, i) GET_BIT2_CHECK(p, i, ; , ;)
+#define TREE_DECODE_CHECK(probs, limit, i) \
+ { i = 1; do { GET_BIT_CHECK(probs + i, i) } while(i < limit); i -= limit; }
+
+
+#define kNumPosBitsMax 4
+#define kNumPosStatesMax (1 << kNumPosBitsMax)
+
+#define kLenNumLowBits 3
+#define kLenNumLowSymbols (1 << kLenNumLowBits)
+#define kLenNumMidBits 3
+#define kLenNumMidSymbols (1 << kLenNumMidBits)
+#define kLenNumHighBits 8
+#define kLenNumHighSymbols (1 << kLenNumHighBits)
+
+#define LenChoice 0
+#define LenChoice2 (LenChoice + 1)
+#define LenLow (LenChoice2 + 1)
+#define LenMid (LenLow + (kNumPosStatesMax << kLenNumLowBits))
+#define LenHigh (LenMid + (kNumPosStatesMax << kLenNumMidBits))
+#define kNumLenProbs (LenHigh + kLenNumHighSymbols)
+
+
+#define kNumStates 12
+#define kNumLitStates 7
+
+#define kStartPosModelIndex 4
+#define kEndPosModelIndex 14
+#define kNumFullDistances (1 << (kEndPosModelIndex >> 1))
+
+#define kNumPosSlotBits 6
+#define kNumLenToPosStates 4
+
+#define kNumAlignBits 4
+#define kAlignTableSize (1 << kNumAlignBits)
+
+#define kMatchMinLen 2
+#define kMatchSpecLenStart (kMatchMinLen + kLenNumLowSymbols + kLenNumMidSymbols + kLenNumHighSymbols)
+
+#define IsMatch 0
+#define IsRep (IsMatch + (kNumStates << kNumPosBitsMax))
+#define IsRepG0 (IsRep + kNumStates)
+#define IsRepG1 (IsRepG0 + kNumStates)
+#define IsRepG2 (IsRepG1 + kNumStates)
+#define IsRep0Long (IsRepG2 + kNumStates)
+#define PosSlot (IsRep0Long + (kNumStates << kNumPosBitsMax))
+#define SpecPos (PosSlot + (kNumLenToPosStates << kNumPosSlotBits))
+#define Align (SpecPos + kNumFullDistances - kEndPosModelIndex)
+#define LenCoder (Align + kAlignTableSize)
+#define RepLenCoder (LenCoder + kNumLenProbs)
+#define Literal (RepLenCoder + kNumLenProbs)
+
+#define LZMA_BASE_SIZE 1846
+#define LZMA_LIT_SIZE 768
+
+#define LzmaProps_GetNumProbs(p) ((UInt32)LZMA_BASE_SIZE + (LZMA_LIT_SIZE << ((p)->lc + (p)->lp)))
+
+#if Literal != LZMA_BASE_SIZE
+StopCompilingDueBUG
+#endif
+
+/*
+#define LZMA_STREAM_WAS_FINISHED_ID (-1)
+#define LZMA_SPEC_LEN_OFFSET (-3)
+*/
+
+Byte kLiteralNextStates[kNumStates * 2] =
+{
+ 0, 0, 0, 0, 1, 2, 3, 4, 5, 6, 4, 5,
+ 7, 7, 7, 7, 7, 7, 7, 10, 10, 10, 10, 10
+};
+
+#define LZMA_DIC_MIN (1 << 12)
+
+/* First LZMA-symbol is always decoded.
+And it decodes new LZMA-symbols while (buf < bufLimit), but "buf" is without last normalization
+Out:
+ Result:
+ 0 - OK
+ 1 - Error
+ p->remainLen:
+ < kMatchSpecLenStart : normal remain
+ = kMatchSpecLenStart : finished
+ = kMatchSpecLenStart + 1 : Flush marker
+ = kMatchSpecLenStart + 2 : State Init Marker
+*/
+
+static int MY_FAST_CALL LzmaDec_DecodeReal(CLzmaDec *p, SizeT limit, const Byte *bufLimit)
+{
+ CLzmaProb *probs = p->probs;
+
+ unsigned state = p->state;
+ UInt32 rep0 = p->reps[0], rep1 = p->reps[1], rep2 = p->reps[2], rep3 = p->reps[3];
+ unsigned pbMask = ((unsigned)1 << (p->prop.pb)) - 1;
+ unsigned lpMask = ((unsigned)1 << (p->prop.lp)) - 1;
+ unsigned lc = p->prop.lc;
+
+ Byte *dic = p->dic;
+ SizeT dicBufSize = p->dicBufSize;
+ SizeT dicPos = p->dicPos;
+
+ UInt32 processedPos = p->processedPos;
+ UInt32 checkDicSize = p->checkDicSize;
+ unsigned len = 0;
+
+ const Byte *buf = p->buf;
+ UInt32 range = p->range;
+ UInt32 code = p->code;
+
+ do
+ {
+ CLzmaProb *prob;
+ UInt32 bound;
+ unsigned ttt;
+ unsigned posState = processedPos & pbMask;
+
+ prob = probs + IsMatch + (state << kNumPosBitsMax) + posState;
+ IF_BIT_0(prob)
+ {
+ unsigned symbol;
+ UPDATE_0(prob);
+ prob = probs + Literal;
+ if (checkDicSize != 0 || processedPos != 0)
+ prob += (LZMA_LIT_SIZE * (((processedPos & lpMask) << lc) +
+ (dic[(dicPos == 0 ? dicBufSize : dicPos) - 1] >> (8 - lc))));
+
+ if (state < kNumLitStates)
+ {
+ symbol = 1;
+ do { GET_BIT(prob + symbol, symbol) } while (symbol < 0x100);
+ }
+ else
+ {
+ unsigned matchByte = p->dic[(dicPos - rep0) + ((dicPos < rep0) ? dicBufSize : 0)];
+ unsigned offs = 0x100;
+ symbol = 1;
+ do
+ {
+ unsigned bit;
+ CLzmaProb *probLit;
+ matchByte <<= 1;
+ bit = (matchByte & offs);
+ probLit = prob + offs + bit + symbol;
+ GET_BIT2(probLit, symbol, offs &= ~bit, offs &= bit)
+ }
+ while (symbol < 0x100);
+ }
+ dic[dicPos++] = (Byte)symbol;
+ processedPos++;
+
+ state = kLiteralNextStates[state];
+ /* if (state < 4) state = 0; else if (state < 10) state -= 3; else state -= 6; */
+ continue;
+ }
+ else
+ {
+ UPDATE_1(prob);
+ prob = probs + IsRep + state;
+ IF_BIT_0(prob)
+ {
+ UPDATE_0(prob);
+ state += kNumStates;
+ prob = probs + LenCoder;
+ }
+ else
+ {
+ UPDATE_1(prob);
+ if (checkDicSize == 0 && processedPos == 0)
+ return SZ_ERROR_DATA;
+ prob = probs + IsRepG0 + state;
+ IF_BIT_0(prob)
+ {
+ UPDATE_0(prob);
+ prob = probs + IsRep0Long + (state << kNumPosBitsMax) + posState;
+ IF_BIT_0(prob)
+ {
+ UPDATE_0(prob);
+ dic[dicPos] = dic[(dicPos - rep0) + ((dicPos < rep0) ? dicBufSize : 0)];
+ dicPos++;
+ processedPos++;
+ state = state < kNumLitStates ? 9 : 11;
+ continue;
+ }
+ UPDATE_1(prob);
+ }
+ else
+ {
+ UInt32 distance;
+ UPDATE_1(prob);
+ prob = probs + IsRepG1 + state;
+ IF_BIT_0(prob)
+ {
+ UPDATE_0(prob);
+ distance = rep1;
+ }
+ else
+ {
+ UPDATE_1(prob);
+ prob = probs + IsRepG2 + state;
+ IF_BIT_0(prob)
+ {
+ UPDATE_0(prob);
+ distance = rep2;
+ }
+ else
+ {
+ UPDATE_1(prob);
+ distance = rep3;
+ rep3 = rep2;
+ }
+ rep2 = rep1;
+ }
+ rep1 = rep0;
+ rep0 = distance;
+ }
+ state = state < kNumLitStates ? 8 : 11;
+ prob = probs + RepLenCoder;
+ }
+ {
+ unsigned limit, offset;
+ CLzmaProb *probLen = prob + LenChoice;
+ IF_BIT_0(probLen)
+ {
+ UPDATE_0(probLen);
+ probLen = prob + LenLow + (posState << kLenNumLowBits);
+ offset = 0;
+ limit = (1 << kLenNumLowBits);
+ }
+ else
+ {
+ UPDATE_1(probLen);
+ probLen = prob + LenChoice2;
+ IF_BIT_0(probLen)
+ {
+ UPDATE_0(probLen);
+ probLen = prob + LenMid + (posState << kLenNumMidBits);
+ offset = kLenNumLowSymbols;
+ limit = (1 << kLenNumMidBits);
+ }
+ else
+ {
+ UPDATE_1(probLen);
+ probLen = prob + LenHigh;
+ offset = kLenNumLowSymbols + kLenNumMidSymbols;
+ limit = (1 << kLenNumHighBits);
+ }
+ }
+ TREE_DECODE(probLen, limit, len);
+ len += offset;
+ }
+
+ if (state >= kNumStates)
+ {
+ UInt32 distance;
+ prob = probs + PosSlot +
+ ((len < kNumLenToPosStates ? len : kNumLenToPosStates - 1) << kNumPosSlotBits);
+ TREE_6_DECODE(prob, distance);
+ if (distance >= kStartPosModelIndex)
+ {
+ unsigned posSlot = (unsigned)distance;
+ int numDirectBits = (int)(((distance >> 1) - 1));
+ distance = (2 | (distance & 1));
+ if (posSlot < kEndPosModelIndex)
+ {
+ distance <<= numDirectBits;
+ prob = probs + SpecPos + distance - posSlot - 1;
+ {
+ UInt32 mask = 1;
+ unsigned i = 1;
+ do
+ {
+ GET_BIT2(prob + i, i, ; , distance |= mask);
+ mask <<= 1;
+ }
+ while(--numDirectBits != 0);
+ }
+ }
+ else
+ {
+ numDirectBits -= kNumAlignBits;
+ do
+ {
+ NORMALIZE
+ range >>= 1;
+
+ {
+ UInt32 t;
+ code -= range;
+ t = (0 - ((UInt32)code >> 31)); /* (UInt32)((Int32)code >> 31) */
+ distance = (distance << 1) + (t + 1);
+ code += range & t;
+ }
+ /*
+ distance <<= 1;
+ if (code >= range)
+ {
+ code -= range;
+ distance |= 1;
+ }
+ */
+ }
+ while (--numDirectBits != 0);
+ prob = probs + Align;
+ distance <<= kNumAlignBits;
+ {
+ unsigned i = 1;
+ GET_BIT2(prob + i, i, ; , distance |= 1);
+ GET_BIT2(prob + i, i, ; , distance |= 2);
+ GET_BIT2(prob + i, i, ; , distance |= 4);
+ GET_BIT2(prob + i, i, ; , distance |= 8);
+ }
+ if (distance == (UInt32)0xFFFFFFFF)
+ {
+ len += kMatchSpecLenStart;
+ state -= kNumStates;
+ break;
+ }
+ }
+ }
+ rep3 = rep2;
+ rep2 = rep1;
+ rep1 = rep0;
+ rep0 = distance + 1;
+ if (checkDicSize == 0)
+ {
+ if (distance >= processedPos)
+ return SZ_ERROR_DATA;
+ }
+ else if (distance >= checkDicSize)
+ return SZ_ERROR_DATA;
+ state = (state < kNumStates + kNumLitStates) ? kNumLitStates : kNumLitStates + 3;
+ /* state = kLiteralNextStates[state]; */
+ }
+
+ len += kMatchMinLen;
+
+ {
+ SizeT rem = limit - dicPos;
+ unsigned curLen = ((rem < len) ? (unsigned)rem : len);
+ SizeT pos = (dicPos - rep0) + ((dicPos < rep0) ? dicBufSize : 0);
+
+ processedPos += curLen;
+
+ len -= curLen;
+ if (pos + curLen <= dicBufSize)
+ {
+ Byte *dest = dic + dicPos;
+ ptrdiff_t src = (ptrdiff_t)pos - (ptrdiff_t)dicPos;
+ const Byte *lim = dest + curLen;
+ dicPos += curLen;
+ do
+ *(dest) = (Byte)*(dest + src);
+ while (++dest != lim);
+ }
+ else
+ {
+ do
+ {
+ dic[dicPos++] = dic[pos];
+ if (++pos == dicBufSize)
+ pos = 0;
+ }
+ while (--curLen != 0);
+ }
+ }
+ }
+ }
+ while (dicPos < limit && buf < bufLimit);
+ NORMALIZE;
+ p->buf = buf;
+ p->range = range;
+ p->code = code;
+ p->remainLen = len;
+ p->dicPos = dicPos;
+ p->processedPos = processedPos;
+ p->reps[0] = rep0;
+ p->reps[1] = rep1;
+ p->reps[2] = rep2;
+ p->reps[3] = rep3;
+ p->state = state;
+
+ return SZ_OK;
+}
+
+static void MY_FAST_CALL LzmaDec_WriteRem(CLzmaDec *p, SizeT limit)
+{
+ if (p->remainLen != 0 && p->remainLen < kMatchSpecLenStart)
+ {
+ Byte *dic = p->dic;
+ SizeT dicPos = p->dicPos;
+ SizeT dicBufSize = p->dicBufSize;
+ unsigned len = p->remainLen;
+ UInt32 rep0 = p->reps[0];
+ if (limit - dicPos < len)
+ len = (unsigned)(limit - dicPos);
+
+ if (p->checkDicSize == 0 && p->prop.dicSize - p->processedPos <= len)
+ p->checkDicSize = p->prop.dicSize;
+
+ p->processedPos += len;
+ p->remainLen -= len;
+ while (len-- != 0)
+ {
+ dic[dicPos] = dic[(dicPos - rep0) + ((dicPos < rep0) ? dicBufSize : 0)];
+ dicPos++;
+ }
+ p->dicPos = dicPos;
+ }
+}
+
+/* LzmaDec_DecodeReal2 decodes LZMA-symbols and sets p->needFlush and p->needInit, if required. */
+
+static int MY_FAST_CALL LzmaDec_DecodeReal2(CLzmaDec *p, SizeT limit, const Byte *bufLimit)
+{
+ do
+ {
+ SizeT limit2 = limit;
+ if (p->checkDicSize == 0)
+ {
+ UInt32 rem = p->prop.dicSize - p->processedPos;
+ if (limit - p->dicPos > rem)
+ limit2 = p->dicPos + rem;
+ }
+ RINOK(LzmaDec_DecodeReal(p, limit2, bufLimit));
+ if (p->processedPos >= p->prop.dicSize)
+ p->checkDicSize = p->prop.dicSize;
+ LzmaDec_WriteRem(p, limit);
+ }
+ while (p->dicPos < limit && p->buf < bufLimit && p->remainLen < kMatchSpecLenStart);
+
+ if (p->remainLen > kMatchSpecLenStart)
+ {
+ p->remainLen = kMatchSpecLenStart;
+ }
+ return 0;
+}
+
+typedef enum
+{
+ DUMMY_ERROR, /* unexpected end of input stream */
+ DUMMY_LIT,
+ DUMMY_MATCH,
+ DUMMY_REP
+} ELzmaDummy;
+
+static ELzmaDummy LzmaDec_TryDummy(const CLzmaDec *p, const Byte *buf, SizeT inSize)
+{
+ UInt32 range = p->range;
+ UInt32 code = p->code;
+ const Byte *bufLimit = buf + inSize;
+ CLzmaProb *probs = p->probs;
+ unsigned state = p->state;
+ ELzmaDummy res;
+
+ {
+ CLzmaProb *prob;
+ UInt32 bound;
+ unsigned ttt;
+ unsigned posState = (p->processedPos) & ((1 << p->prop.pb) - 1);
+
+ prob = probs + IsMatch + (state << kNumPosBitsMax) + posState;
+ IF_BIT_0_CHECK(prob)
+ {
+ UPDATE_0_CHECK
+
+ /* if (bufLimit - buf >= 7) return DUMMY_LIT; */
+
+ prob = probs + Literal;
+ if (p->checkDicSize != 0 || p->processedPos != 0)
+ prob += (LZMA_LIT_SIZE *
+ ((((p->processedPos) & ((1 << (p->prop.lp)) - 1)) << p->prop.lc) +
+ (p->dic[(p->dicPos == 0 ? p->dicBufSize : p->dicPos) - 1] >> (8 - p->prop.lc))));
+
+ if (state < kNumLitStates)
+ {
+ unsigned symbol = 1;
+ do { GET_BIT_CHECK(prob + symbol, symbol) } while (symbol < 0x100);
+ }
+ else
+ {
+ unsigned matchByte = p->dic[p->dicPos - p->reps[0] +
+ ((p->dicPos < p->reps[0]) ? p->dicBufSize : 0)];
+ unsigned offs = 0x100;
+ unsigned symbol = 1;
+ do
+ {
+ unsigned bit;
+ CLzmaProb *probLit;
+ matchByte <<= 1;
+ bit = (matchByte & offs);
+ probLit = prob + offs + bit + symbol;
+ GET_BIT2_CHECK(probLit, symbol, offs &= ~bit, offs &= bit)
+ }
+ while (symbol < 0x100);
+ }
+ res = DUMMY_LIT;
+ }
+ else
+ {
+ unsigned len;
+ UPDATE_1_CHECK;
+
+ prob = probs + IsRep + state;
+ IF_BIT_0_CHECK(prob)
+ {
+ UPDATE_0_CHECK;
+ state = 0;
+ prob = probs + LenCoder;
+ res = DUMMY_MATCH;
+ }
+ else
+ {
+ UPDATE_1_CHECK;
+ res = DUMMY_REP;
+ prob = probs + IsRepG0 + state;
+ IF_BIT_0_CHECK(prob)
+ {
+ UPDATE_0_CHECK;
+ prob = probs + IsRep0Long + (state << kNumPosBitsMax) + posState;
+ IF_BIT_0_CHECK(prob)
+ {
+ UPDATE_0_CHECK;
+ NORMALIZE_CHECK;
+ return DUMMY_REP;
+ }
+ else
+ {
+ UPDATE_1_CHECK;
+ }
+ }
+ else
+ {
+ UPDATE_1_CHECK;
+ prob = probs + IsRepG1 + state;
+ IF_BIT_0_CHECK(prob)
+ {
+ UPDATE_0_CHECK;
+ }
+ else
+ {
+ UPDATE_1_CHECK;
+ prob = probs + IsRepG2 + state;
+ IF_BIT_0_CHECK(prob)
+ {
+ UPDATE_0_CHECK;
+ }
+ else
+ {
+ UPDATE_1_CHECK;
+ }
+ }
+ }
+ state = kNumStates;
+ prob = probs + RepLenCoder;
+ }
+ {
+ unsigned limit, offset;
+ CLzmaProb *probLen = prob + LenChoice;
+ IF_BIT_0_CHECK(probLen)
+ {
+ UPDATE_0_CHECK;
+ probLen = prob + LenLow + (posState << kLenNumLowBits);
+ offset = 0;
+ limit = 1 << kLenNumLowBits;
+ }
+ else
+ {
+ UPDATE_1_CHECK;
+ probLen = prob + LenChoice2;
+ IF_BIT_0_CHECK(probLen)
+ {
+ UPDATE_0_CHECK;
+ probLen = prob + LenMid + (posState << kLenNumMidBits);
+ offset = kLenNumLowSymbols;
+ limit = 1 << kLenNumMidBits;
+ }
+ else
+ {
+ UPDATE_1_CHECK;
+ probLen = prob + LenHigh;
+ offset = kLenNumLowSymbols + kLenNumMidSymbols;
+ limit = 1 << kLenNumHighBits;
+ }
+ }
+ TREE_DECODE_CHECK(probLen, limit, len);
+ len += offset;
+ }
+
+ if (state < 4)
+ {
+ unsigned posSlot;
+ prob = probs + PosSlot +
+ ((len < kNumLenToPosStates ? len : kNumLenToPosStates - 1) <<
+ kNumPosSlotBits);
+ TREE_DECODE_CHECK(prob, 1 << kNumPosSlotBits, posSlot);
+ if (posSlot >= kStartPosModelIndex)
+ {
+ int numDirectBits = ((posSlot >> 1) - 1);
+
+ /* if (bufLimit - buf >= 8) return DUMMY_MATCH; */
+
+ if (posSlot < kEndPosModelIndex)
+ {
+ prob = probs + SpecPos + ((2 | (posSlot & 1)) << numDirectBits) - posSlot - 1;
+ }
+ else
+ {
+ numDirectBits -= kNumAlignBits;
+ do
+ {
+ NORMALIZE_CHECK
+ range >>= 1;
+ code -= range & (((code - range) >> 31) - 1);
+ /* if (code >= range) code -= range; */
+ }
+ while (--numDirectBits != 0);
+ prob = probs + Align;
+ numDirectBits = kNumAlignBits;
+ }
+ {
+ unsigned i = 1;
+ do
+ {
+ GET_BIT_CHECK(prob + i, i);
+ }
+ while(--numDirectBits != 0);
+ }
+ }
+ }
+ }
+ }
+ NORMALIZE_CHECK;
+ return res;
+}
+
+
+static void LzmaDec_InitRc(CLzmaDec *p, const Byte *data)
+{
+ p->code = ((UInt32)data[1] << 24) | ((UInt32)data[2] << 16) | ((UInt32)data[3] << 8) | ((UInt32)data[4]);
+ p->range = 0xFFFFFFFF;
+ p->needFlush = 0;
+}
+
+void LzmaDec_InitDicAndState(CLzmaDec *p, Bool initDic, Bool initState)
+{
+ p->needFlush = 1;
+ p->remainLen = 0;
+ p->tempBufSize = 0;
+
+ if (initDic)
+ {
+ p->processedPos = 0;
+ p->checkDicSize = 0;
+ p->needInitState = 1;
+ }
+ if (initState)
+ p->needInitState = 1;
+}
+
+void LzmaDec_Init(CLzmaDec *p)
+{
+ p->dicPos = 0;
+ LzmaDec_InitDicAndState(p, True, True);
+}
+
+static void LzmaDec_InitStateReal(CLzmaDec *p)
+{
+ UInt32 numProbs = Literal + ((UInt32)LZMA_LIT_SIZE << (p->prop.lc + p->prop.lp));
+ UInt32 i;
+ CLzmaProb *probs = p->probs;
+ for (i = 0; i < numProbs; i++)
+ probs[i] = kBitModelTotal >> 1;
+ p->reps[0] = p->reps[1] = p->reps[2] = p->reps[3] = 1;
+ p->state = 0;
+ p->needInitState = 0;
+}
+
+SRes LzmaDec_DecodeToDic(CLzmaDec *p, SizeT dicLimit, const Byte *src, SizeT *srcLen,
+ ELzmaFinishMode finishMode, ELzmaStatus *status)
+{
+ SizeT inSize = *srcLen;
+ (*srcLen) = 0;
+ LzmaDec_WriteRem(p, dicLimit);
+
+ *status = LZMA_STATUS_NOT_SPECIFIED;
+
+ while (p->remainLen != kMatchSpecLenStart)
+ {
+ int checkEndMarkNow;
+
+ if (p->needFlush != 0)
+ {
+ for (; inSize > 0 && p->tempBufSize < RC_INIT_SIZE; (*srcLen)++, inSize--)
+ p->tempBuf[p->tempBufSize++] = *src++;
+ if (p->tempBufSize < RC_INIT_SIZE)
+ {
+ *status = LZMA_STATUS_NEEDS_MORE_INPUT;
+ return SZ_OK;
+ }
+ if (p->tempBuf[0] != 0)
+ return SZ_ERROR_DATA;
+
+ LzmaDec_InitRc(p, p->tempBuf);
+ p->tempBufSize = 0;
+ }
+
+ checkEndMarkNow = 0;
+ if (p->dicPos >= dicLimit)
+ {
+ if (p->remainLen == 0 && p->code == 0)
+ {
+ *status = LZMA_STATUS_MAYBE_FINISHED_WITHOUT_MARK;
+ return SZ_OK;
+ }
+ if (finishMode == LZMA_FINISH_ANY)
+ {
+ *status = LZMA_STATUS_NOT_FINISHED;
+ return SZ_OK;
+ }
+ if (p->remainLen != 0)
+ {
+ *status = LZMA_STATUS_NOT_FINISHED;
+ return SZ_ERROR_DATA;
+ }
+ checkEndMarkNow = 1;
+ }
+
+ if (p->needInitState)
+ LzmaDec_InitStateReal(p);
+
+ if (p->tempBufSize == 0)
+ {
+ SizeT processed;
+ const Byte *bufLimit;
+ if (inSize < LZMA_REQUIRED_INPUT_MAX || checkEndMarkNow)
+ {
+ int dummyRes = LzmaDec_TryDummy(p, src, inSize);
+ if (dummyRes == DUMMY_ERROR)
+ {
+ memcpy(p->tempBuf, src, inSize);
+ p->tempBufSize = (unsigned)inSize;
+ (*srcLen) += inSize;
+ *status = LZMA_STATUS_NEEDS_MORE_INPUT;
+ return SZ_OK;
+ }
+ if (checkEndMarkNow && dummyRes != DUMMY_MATCH)
+ {
+ *status = LZMA_STATUS_NOT_FINISHED;
+ return SZ_ERROR_DATA;
+ }
+ bufLimit = src;
+ }
+ else
+ bufLimit = src + inSize - LZMA_REQUIRED_INPUT_MAX;
+ p->buf = src;
+ if (LzmaDec_DecodeReal2(p, dicLimit, bufLimit) != 0)
+ return SZ_ERROR_DATA;
+ processed = p->buf - src;
+ (*srcLen) += processed;
+ src += processed;
+ inSize -= processed;
+ }
+ else
+ {
+ unsigned rem = p->tempBufSize, lookAhead = 0;
+ while (rem < LZMA_REQUIRED_INPUT_MAX && lookAhead < inSize)
+ p->tempBuf[rem++] = src[lookAhead++];
+ p->tempBufSize = rem;
+ if (rem < LZMA_REQUIRED_INPUT_MAX || checkEndMarkNow)
+ {
+ int dummyRes = LzmaDec_TryDummy(p, p->tempBuf, rem);
+ if (dummyRes == DUMMY_ERROR)
+ {
+ (*srcLen) += lookAhead;
+ *status = LZMA_STATUS_NEEDS_MORE_INPUT;
+ return SZ_OK;
+ }
+ if (checkEndMarkNow && dummyRes != DUMMY_MATCH)
+ {
+ *status = LZMA_STATUS_NOT_FINISHED;
+ return SZ_ERROR_DATA;
+ }
+ }
+ p->buf = p->tempBuf;
+ if (LzmaDec_DecodeReal2(p, dicLimit, p->buf) != 0)
+ return SZ_ERROR_DATA;
+ lookAhead -= (rem - (unsigned)(p->buf - p->tempBuf));
+ (*srcLen) += lookAhead;
+ src += lookAhead;
+ inSize -= lookAhead;
+ p->tempBufSize = 0;
+ }
+ }
+ if (p->code == 0)
+ *status = LZMA_STATUS_FINISHED_WITH_MARK;
+ return (p->code == 0) ? SZ_OK : SZ_ERROR_DATA;
+}
+
+SRes LzmaDec_DecodeToBuf(CLzmaDec *p, Byte *dest, SizeT *destLen, const Byte *src, SizeT *srcLen, ELzmaFinishMode finishMode, ELzmaStatus *status)
+{
+ SizeT outSize = *destLen;
+ SizeT inSize = *srcLen;
+ *srcLen = *destLen = 0;
+ for (;;)
+ {
+ SizeT inSizeCur = inSize, outSizeCur, dicPos;
+ ELzmaFinishMode curFinishMode;
+ SRes res;
+ if (p->dicPos == p->dicBufSize)
+ p->dicPos = 0;
+ dicPos = p->dicPos;
+ if (outSize > p->dicBufSize - dicPos)
+ {
+ outSizeCur = p->dicBufSize;
+ curFinishMode = LZMA_FINISH_ANY;
+ }
+ else
+ {
+ outSizeCur = dicPos + outSize;
+ curFinishMode = finishMode;
+ }
+
+ res = LzmaDec_DecodeToDic(p, outSizeCur, src, &inSizeCur, curFinishMode, status);
+ src += inSizeCur;
+ inSize -= inSizeCur;
+ *srcLen += inSizeCur;
+ outSizeCur = p->dicPos - dicPos;
+ memcpy(dest, p->dic + dicPos, outSizeCur);
+ dest += outSizeCur;
+ outSize -= outSizeCur;
+ *destLen += outSizeCur;
+ if (res != 0)
+ return res;
+ if (outSizeCur == 0 || outSize == 0)
+ return SZ_OK;
+ }
+}
+
+void LzmaDec_FreeProbs(CLzmaDec *p, ISzAlloc *alloc)
+{
+ alloc->Free(alloc, p->probs);
+ p->probs = 0;
+}
+
+static void LzmaDec_FreeDict(CLzmaDec *p, ISzAlloc *alloc)
+{
+ alloc->Free(alloc, p->dic);
+ p->dic = 0;
+}
+
+void LzmaDec_Free(CLzmaDec *p, ISzAlloc *alloc)
+{
+ LzmaDec_FreeProbs(p, alloc);
+ LzmaDec_FreeDict(p, alloc);
+}
+
+SRes LzmaProps_Decode(CLzmaProps *p, const Byte *data, unsigned size)
+{
+ UInt32 dicSize;
+ Byte d;
+
+ if (size < LZMA_PROPS_SIZE)
+ return SZ_ERROR_UNSUPPORTED;
+ else
+ dicSize = data[1] | ((UInt32)data[2] << 8) | ((UInt32)data[3] << 16) | ((UInt32)data[4] << 24);
+
+ if (dicSize < LZMA_DIC_MIN)
+ dicSize = LZMA_DIC_MIN;
+ p->dicSize = dicSize;
+
+ d = data[0];
+ if (d >= (9 * 5 * 5))
+ return SZ_ERROR_UNSUPPORTED;
+
+ p->lc = d % 9;
+ d /= 9;
+ p->pb = d / 5;
+ p->lp = d % 5;
+
+ return SZ_OK;
+}
+
+static SRes LzmaDec_AllocateProbs2(CLzmaDec *p, const CLzmaProps *propNew, ISzAlloc *alloc)
+{
+ UInt32 numProbs = LzmaProps_GetNumProbs(propNew);
+ if (p->probs == 0 || numProbs != p->numProbs)
+ {
+ LzmaDec_FreeProbs(p, alloc);
+ p->probs = (CLzmaProb *)alloc->Alloc(alloc, numProbs * sizeof(CLzmaProb));
+ p->numProbs = numProbs;
+ if (p->probs == 0)
+ return SZ_ERROR_MEM;
+ }
+ return SZ_OK;
+}
+
+SRes LzmaDec_AllocateProbs(CLzmaDec *p, const Byte *props, unsigned propsSize, ISzAlloc *alloc)
+{
+ CLzmaProps propNew;
+ RINOK(LzmaProps_Decode(&propNew, props, propsSize));
+ RINOK(LzmaDec_AllocateProbs2(p, &propNew, alloc));
+ p->prop = propNew;
+ return SZ_OK;
+}
+
+SRes LzmaDec_Allocate(CLzmaDec *p, const Byte *props, unsigned propsSize, ISzAlloc *alloc)
+{
+ CLzmaProps propNew;
+ SizeT dicBufSize;
+ RINOK(LzmaProps_Decode(&propNew, props, propsSize));
+ RINOK(LzmaDec_AllocateProbs2(p, &propNew, alloc));
+ dicBufSize = propNew.dicSize;
+ if (p->dic == 0 || dicBufSize != p->dicBufSize)
+ {
+ LzmaDec_FreeDict(p, alloc);
+ p->dic = (Byte *)alloc->Alloc(alloc, dicBufSize);
+ if (p->dic == 0)
+ {
+ LzmaDec_FreeProbs(p, alloc);
+ return SZ_ERROR_MEM;
+ }
+ }
+ p->dicBufSize = dicBufSize;
+ p->prop = propNew;
+ return SZ_OK;
+}
+
+SRes LzmaDecode(Byte *dest, SizeT *destLen, const Byte *src, SizeT *srcLen,
+ const Byte *propData, unsigned propSize, ELzmaFinishMode finishMode,
+ ELzmaStatus *status, ISzAlloc *alloc)
+{
+ CLzmaDec p;
+ SRes res;
+ SizeT inSize = *srcLen;
+ SizeT outSize = *destLen;
+ *srcLen = *destLen = 0;
+ if (inSize < RC_INIT_SIZE)
+ return SZ_ERROR_INPUT_EOF;
+
+ LzmaDec_Construct(&p);
+ res = LzmaDec_AllocateProbs(&p, propData, propSize, alloc);
+ if (res != 0)
+ return res;
+ p.dic = dest;
+ p.dicBufSize = outSize;
+
+ LzmaDec_Init(&p);
+
+ *srcLen = inSize;
+ res = LzmaDec_DecodeToDic(&p, outSize, src, srcLen, finishMode, status);
+
+ if (res == SZ_OK && *status == LZMA_STATUS_NEEDS_MORE_INPUT)
+ res = SZ_ERROR_INPUT_EOF;
+
+ (*destLen) = p.dicPos;
+ LzmaDec_FreeProbs(&p, alloc);
+ return res;
+}
diff --git a/grub-core/lib/LzmaEnc.c b/grub-core/lib/LzmaEnc.c
new file mode 100644
index 0000000..01ffa91
--- /dev/null
+++ b/grub-core/lib/LzmaEnc.c
@@ -0,0 +1,2357 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (c) 1999-2008 Igor Pavlov
+ * Copyright (C) 2008 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ * This code was taken from LZMA SDK 4.58 beta, and was slightly modified
+ * to adapt it to GRUB's requirement.
+ *
+ * See <http://www.7-zip.org>, for more information about LZMA.
+ */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <string.h>
+
+#include <grub/lib/LzmaEnc.h>
+
+#include <grub/lib/LzFind.h>
+#ifdef COMPRESS_MF_MT
+#include <grub/lib/LzFindMt.h>
+#endif
+
+/* #define SHOW_STAT */
+/* #define SHOW_STAT2 */
+
+#ifdef SHOW_STAT
+static int ttt = 0;
+#endif
+
+#define kBlockSizeMax ((1 << LZMA_NUM_BLOCK_SIZE_BITS) - 1)
+
+#define kBlockSize (9 << 10)
+#define kUnpackBlockSize (1 << 18)
+#define kMatchArraySize (1 << 21)
+#define kMatchRecordMaxSize ((LZMA_MATCH_LEN_MAX * 2 + 3) * LZMA_MATCH_LEN_MAX)
+
+#define kNumMaxDirectBits (31)
+
+#define kNumTopBits 24
+#define kTopValue ((UInt32)1 << kNumTopBits)
+
+#define kNumBitModelTotalBits 11
+#define kBitModelTotal (1 << kNumBitModelTotalBits)
+#define kNumMoveBits 5
+#define kProbInitValue (kBitModelTotal >> 1)
+
+#define kNumMoveReducingBits 4
+#define kNumBitPriceShiftBits 4
+#define kBitPrice (1 << kNumBitPriceShiftBits)
+
+void LzmaEncProps_Init(CLzmaEncProps *p)
+{
+ p->level = 5;
+ p->dictSize = p->mc = 0;
+ p->lc = p->lp = p->pb = p->algo = p->fb = p->btMode = p->numHashBytes = p->numThreads = -1;
+ p->writeEndMark = 0;
+}
+
+void LzmaEncProps_Normalize(CLzmaEncProps *p)
+{
+ int level = p->level;
+ if (level < 0) level = 5;
+ p->level = level;
+ if (p->dictSize == 0) p->dictSize = (level <= 5 ? (1 << (level * 2 + 14)) : (level == 6 ? (1 << 25) : (1 << 26)));
+ if (p->lc < 0) p->lc = 3;
+ if (p->lp < 0) p->lp = 0;
+ if (p->pb < 0) p->pb = 2;
+ if (p->algo < 0) p->algo = (level < 5 ? 0 : 1);
+ if (p->fb < 0) p->fb = (level < 7 ? 32 : 64);
+ if (p->btMode < 0) p->btMode = (p->algo == 0 ? 0 : 1);
+ if (p->numHashBytes < 0) p->numHashBytes = 4;
+ if (p->mc == 0) p->mc = (16 + (p->fb >> 1)) >> (p->btMode ? 0 : 1);
+ if (p->numThreads < 0) p->numThreads = ((p->btMode && p->algo) ? 2 : 1);
+}
+
+UInt32 LzmaEncProps_GetDictSize(const CLzmaEncProps *props2)
+{
+ CLzmaEncProps props = *props2;
+ LzmaEncProps_Normalize(&props);
+ return props.dictSize;
+}
+
+/* #define LZMA_LOG_BSR */
+/* Define it for Intel's CPU */
+
+
+#ifdef LZMA_LOG_BSR
+
+#define kDicLogSizeMaxCompress 30
+
+#define BSR2_RET(pos, res) { unsigned long i; _BitScanReverse(&i, (pos)); res = (i + i) + ((pos >> (i - 1)) & 1); }
+
+UInt32 GetPosSlot1(UInt32 pos)
+{
+ UInt32 res;
+ BSR2_RET(pos, res);
+ return res;
+}
+#define GetPosSlot2(pos, res) { BSR2_RET(pos, res); }
+#define GetPosSlot(pos, res) { if (pos < 2) res = pos; else BSR2_RET(pos, res); }
+
+#else
+
+#define kNumLogBits (9 + (int)sizeof(size_t) / 2)
+#define kDicLogSizeMaxCompress ((kNumLogBits - 1) * 2 + 7)
+
+void LzmaEnc_FastPosInit(Byte *g_FastPos)
+{
+ int c = 2, slotFast;
+ g_FastPos[0] = 0;
+ g_FastPos[1] = 1;
+
+ for (slotFast = 2; slotFast < kNumLogBits * 2; slotFast++)
+ {
+ UInt32 k = (1 << ((slotFast >> 1) - 1));
+ UInt32 j;
+ for (j = 0; j < k; j++, c++)
+ g_FastPos[c] = (Byte)slotFast;
+ }
+}
+
+#define BSR2_RET(pos, res) { UInt32 i = 6 + ((kNumLogBits - 1) & \
+ (0 - (((((UInt32)1 << (kNumLogBits + 6)) - 1) - pos) >> 31))); \
+ res = p->g_FastPos[pos >> i] + (i * 2); }
+/*
+#define BSR2_RET(pos, res) { res = (pos < (1 << (kNumLogBits + 6))) ? \
+ p->g_FastPos[pos >> 6] + 12 : \
+ p->g_FastPos[pos >> (6 + kNumLogBits - 1)] + (6 + (kNumLogBits - 1)) * 2; }
+*/
+
+#define GetPosSlot1(pos) p->g_FastPos[pos]
+#define GetPosSlot2(pos, res) { BSR2_RET(pos, res); }
+#define GetPosSlot(pos, res) { if (pos < kNumFullDistances) res = p->g_FastPos[pos]; else BSR2_RET(pos, res); }
+
+#endif
+
+
+#define LZMA_NUM_REPS 4
+
+typedef unsigned CState;
+
+typedef struct _COptimal
+{
+ UInt32 price;
+
+ CState state;
+ int prev1IsChar;
+ int prev2;
+
+ UInt32 posPrev2;
+ UInt32 backPrev2;
+
+ UInt32 posPrev;
+ UInt32 backPrev;
+ UInt32 backs[LZMA_NUM_REPS];
+} COptimal;
+
+#define kNumOpts (1 << 12)
+
+#define kNumLenToPosStates 4
+#define kNumPosSlotBits 6
+#define kDicLogSizeMin 0
+#define kDicLogSizeMax 32
+#define kDistTableSizeMax (kDicLogSizeMax * 2)
+
+
+#define kNumAlignBits 4
+#define kAlignTableSize (1 << kNumAlignBits)
+#define kAlignMask (kAlignTableSize - 1)
+
+#define kStartPosModelIndex 4
+#define kEndPosModelIndex 14
+#define kNumPosModels (kEndPosModelIndex - kStartPosModelIndex)
+
+#define kNumFullDistances (1 << (kEndPosModelIndex / 2))
+
+#ifdef _LZMA_PROB32
+#define CLzmaProb UInt32
+#else
+#define CLzmaProb UInt16
+#endif
+
+#define LZMA_PB_MAX 4
+#define LZMA_LC_MAX 8
+#define LZMA_LP_MAX 4
+
+#define LZMA_NUM_PB_STATES_MAX (1 << LZMA_PB_MAX)
+
+
+#define kLenNumLowBits 3
+#define kLenNumLowSymbols (1 << kLenNumLowBits)
+#define kLenNumMidBits 3
+#define kLenNumMidSymbols (1 << kLenNumMidBits)
+#define kLenNumHighBits 8
+#define kLenNumHighSymbols (1 << kLenNumHighBits)
+
+#define kLenNumSymbolsTotal (kLenNumLowSymbols + kLenNumMidSymbols + kLenNumHighSymbols)
+
+#define LZMA_MATCH_LEN_MIN 2
+#define LZMA_MATCH_LEN_MAX (LZMA_MATCH_LEN_MIN + kLenNumSymbolsTotal - 1)
+
+#define kNumStates 12
+
+typedef struct
+{
+ CLzmaProb choice;
+ CLzmaProb choice2;
+ CLzmaProb low[LZMA_NUM_PB_STATES_MAX << kLenNumLowBits];
+ CLzmaProb mid[LZMA_NUM_PB_STATES_MAX << kLenNumMidBits];
+ CLzmaProb high[kLenNumHighSymbols];
+} CLenEnc;
+
+typedef struct
+{
+ CLenEnc p;
+ UInt32 prices[LZMA_NUM_PB_STATES_MAX][kLenNumSymbolsTotal];
+ UInt32 tableSize;
+ UInt32 counters[LZMA_NUM_PB_STATES_MAX];
+} CLenPriceEnc;
+
+typedef struct _CRangeEnc
+{
+ UInt32 range;
+ Byte cache;
+ UInt64 low;
+ UInt64 cacheSize;
+ Byte *buf;
+ Byte *bufLim;
+ Byte *bufBase;
+ ISeqOutStream *outStream;
+ UInt64 processed;
+ SRes res;
+} CRangeEnc;
+
+typedef struct _CSeqInStreamBuf
+{
+ ISeqInStream funcTable;
+ const Byte *data;
+ SizeT rem;
+} CSeqInStreamBuf;
+
+static SRes MyRead(void *pp, void *data, size_t *size)
+{
+ size_t curSize = *size;
+ CSeqInStreamBuf *p = (CSeqInStreamBuf *)pp;
+ if (p->rem < curSize)
+ curSize = p->rem;
+ memcpy(data, p->data, curSize);
+ p->rem -= curSize;
+ p->data += curSize;
+ *size = curSize;
+ return SZ_OK;
+}
+
+typedef struct
+{
+ CLzmaProb *litProbs;
+
+ CLzmaProb isMatch[kNumStates][LZMA_NUM_PB_STATES_MAX];
+ CLzmaProb isRep[kNumStates];
+ CLzmaProb isRepG0[kNumStates];
+ CLzmaProb isRepG1[kNumStates];
+ CLzmaProb isRepG2[kNumStates];
+ CLzmaProb isRep0Long[kNumStates][LZMA_NUM_PB_STATES_MAX];
+
+ CLzmaProb posSlotEncoder[kNumLenToPosStates][1 << kNumPosSlotBits];
+ CLzmaProb posEncoders[kNumFullDistances - kEndPosModelIndex];
+ CLzmaProb posAlignEncoder[1 << kNumAlignBits];
+
+ CLenPriceEnc lenEnc;
+ CLenPriceEnc repLenEnc;
+
+ UInt32 reps[LZMA_NUM_REPS];
+ UInt32 state;
+} CSaveState;
+
+typedef struct _CLzmaEnc
+{
+ IMatchFinder matchFinder;
+ void *matchFinderObj;
+
+ #ifdef COMPRESS_MF_MT
+ Bool mtMode;
+ CMatchFinderMt matchFinderMt;
+ #endif
+
+ CMatchFinder matchFinderBase;
+
+ #ifdef COMPRESS_MF_MT
+ Byte pad[128];
+ #endif
+
+ UInt32 optimumEndIndex;
+ UInt32 optimumCurrentIndex;
+
+ Bool longestMatchWasFound;
+ UInt32 longestMatchLength;
+ UInt32 numDistancePairs;
+
+ COptimal opt[kNumOpts];
+
+ #ifndef LZMA_LOG_BSR
+ Byte g_FastPos[1 << kNumLogBits];
+ #endif
+
+ UInt32 ProbPrices[kBitModelTotal >> kNumMoveReducingBits];
+ UInt32 matchDistances[LZMA_MATCH_LEN_MAX * 2 + 2 + 1];
+ UInt32 numFastBytes;
+ UInt32 additionalOffset;
+ UInt32 reps[LZMA_NUM_REPS];
+ UInt32 state;
+
+ UInt32 posSlotPrices[kNumLenToPosStates][kDistTableSizeMax];
+ UInt32 distancesPrices[kNumLenToPosStates][kNumFullDistances];
+ UInt32 alignPrices[kAlignTableSize];
+ UInt32 alignPriceCount;
+
+ UInt32 distTableSize;
+
+ unsigned lc, lp, pb;
+ unsigned lpMask, pbMask;
+
+ CLzmaProb *litProbs;
+
+ CLzmaProb isMatch[kNumStates][LZMA_NUM_PB_STATES_MAX];
+ CLzmaProb isRep[kNumStates];
+ CLzmaProb isRepG0[kNumStates];
+ CLzmaProb isRepG1[kNumStates];
+ CLzmaProb isRepG2[kNumStates];
+ CLzmaProb isRep0Long[kNumStates][LZMA_NUM_PB_STATES_MAX];
+
+ CLzmaProb posSlotEncoder[kNumLenToPosStates][1 << kNumPosSlotBits];
+ CLzmaProb posEncoders[kNumFullDistances - kEndPosModelIndex];
+ CLzmaProb posAlignEncoder[1 << kNumAlignBits];
+
+ CLenPriceEnc lenEnc;
+ CLenPriceEnc repLenEnc;
+
+ unsigned lclp;
+
+ Bool fastMode;
+
+ CRangeEnc rc;
+
+ Bool writeEndMark;
+ UInt64 nowPos64;
+ UInt32 matchPriceCount;
+ Bool finished;
+ Bool multiThread;
+
+ SRes result;
+ UInt32 dictSize;
+ UInt32 matchFinderCycles;
+
+ ISeqInStream *inStream;
+ CSeqInStreamBuf seqBufInStream;
+
+ CSaveState saveState;
+} CLzmaEnc;
+
+void LzmaEnc_SaveState(CLzmaEncHandle pp)
+{
+ CLzmaEnc *p = (CLzmaEnc *)pp;
+ CSaveState *dest = &p->saveState;
+ int i;
+ dest->lenEnc = p->lenEnc;
+ dest->repLenEnc = p->repLenEnc;
+ dest->state = p->state;
+
+ for (i = 0; i < kNumStates; i++)
+ {
+ memcpy(dest->isMatch[i], p->isMatch[i], sizeof(p->isMatch[i]));
+ memcpy(dest->isRep0Long[i], p->isRep0Long[i], sizeof(p->isRep0Long[i]));
+ }
+ for (i = 0; i < kNumLenToPosStates; i++)
+ memcpy(dest->posSlotEncoder[i], p->posSlotEncoder[i], sizeof(p->posSlotEncoder[i]));
+ memcpy(dest->isRep, p->isRep, sizeof(p->isRep));
+ memcpy(dest->isRepG0, p->isRepG0, sizeof(p->isRepG0));
+ memcpy(dest->isRepG1, p->isRepG1, sizeof(p->isRepG1));
+ memcpy(dest->isRepG2, p->isRepG2, sizeof(p->isRepG2));
+ memcpy(dest->posEncoders, p->posEncoders, sizeof(p->posEncoders));
+ memcpy(dest->posAlignEncoder, p->posAlignEncoder, sizeof(p->posAlignEncoder));
+ memcpy(dest->reps, p->reps, sizeof(p->reps));
+ memcpy(dest->litProbs, p->litProbs, (0x300 << p->lclp) * sizeof(CLzmaProb));
+}
+
+void LzmaEnc_RestoreState(CLzmaEncHandle pp)
+{
+ CLzmaEnc *dest = (CLzmaEnc *)pp;
+ const CSaveState *p = &dest->saveState;
+ int i;
+ dest->lenEnc = p->lenEnc;
+ dest->repLenEnc = p->repLenEnc;
+ dest->state = p->state;
+
+ for (i = 0; i < kNumStates; i++)
+ {
+ memcpy(dest->isMatch[i], p->isMatch[i], sizeof(p->isMatch[i]));
+ memcpy(dest->isRep0Long[i], p->isRep0Long[i], sizeof(p->isRep0Long[i]));
+ }
+ for (i = 0; i < kNumLenToPosStates; i++)
+ memcpy(dest->posSlotEncoder[i], p->posSlotEncoder[i], sizeof(p->posSlotEncoder[i]));
+ memcpy(dest->isRep, p->isRep, sizeof(p->isRep));
+ memcpy(dest->isRepG0, p->isRepG0, sizeof(p->isRepG0));
+ memcpy(dest->isRepG1, p->isRepG1, sizeof(p->isRepG1));
+ memcpy(dest->isRepG2, p->isRepG2, sizeof(p->isRepG2));
+ memcpy(dest->posEncoders, p->posEncoders, sizeof(p->posEncoders));
+ memcpy(dest->posAlignEncoder, p->posAlignEncoder, sizeof(p->posAlignEncoder));
+ memcpy(dest->reps, p->reps, sizeof(p->reps));
+ memcpy(dest->litProbs, p->litProbs, (0x300 << dest->lclp) * sizeof(CLzmaProb));
+}
+
+SRes LzmaEnc_SetProps(CLzmaEncHandle pp, const CLzmaEncProps *props2)
+{
+ CLzmaEnc *p = (CLzmaEnc *)pp;
+ CLzmaEncProps props = *props2;
+ LzmaEncProps_Normalize(&props);
+
+ if (props.lc > LZMA_LC_MAX || props.lp > LZMA_LP_MAX || props.pb > LZMA_PB_MAX ||
+ props.dictSize > (1U << kDicLogSizeMaxCompress) || props.dictSize > (1 << 30))
+ return SZ_ERROR_PARAM;
+ p->dictSize = props.dictSize;
+ p->matchFinderCycles = props.mc;
+ {
+ unsigned fb = props.fb;
+ if (fb < 5)
+ fb = 5;
+ if (fb > LZMA_MATCH_LEN_MAX)
+ fb = LZMA_MATCH_LEN_MAX;
+ p->numFastBytes = fb;
+ }
+ p->lc = props.lc;
+ p->lp = props.lp;
+ p->pb = props.pb;
+ p->fastMode = (props.algo == 0);
+ p->matchFinderBase.btMode = props.btMode;
+ {
+ UInt32 numHashBytes = 4;
+ if (props.btMode)
+ {
+ if (props.numHashBytes < 2)
+ numHashBytes = 2;
+ else if (props.numHashBytes < 4)
+ numHashBytes = props.numHashBytes;
+ }
+ p->matchFinderBase.numHashBytes = numHashBytes;
+ }
+
+ p->matchFinderBase.cutValue = props.mc;
+
+ p->writeEndMark = props.writeEndMark;
+
+ #ifdef COMPRESS_MF_MT
+ /*
+ if (newMultiThread != _multiThread)
+ {
+ ReleaseMatchFinder();
+ _multiThread = newMultiThread;
+ }
+ */
+ p->multiThread = (props.numThreads > 1);
+ #endif
+
+ return SZ_OK;
+}
+
+static const int kLiteralNextStates[kNumStates] = {0, 0, 0, 0, 1, 2, 3, 4, 5, 6, 4, 5};
+static const int kMatchNextStates[kNumStates] = {7, 7, 7, 7, 7, 7, 7, 10, 10, 10, 10, 10};
+static const int kRepNextStates[kNumStates] = {8, 8, 8, 8, 8, 8, 8, 11, 11, 11, 11, 11};
+static const int kShortRepNextStates[kNumStates]= {9, 9, 9, 9, 9, 9, 9, 11, 11, 11, 11, 11};
+
+/*
+ void UpdateChar() { Index = kLiteralNextStates[Index]; }
+ void UpdateMatch() { Index = kMatchNextStates[Index]; }
+ void UpdateRep() { Index = kRepNextStates[Index]; }
+ void UpdateShortRep() { Index = kShortRepNextStates[Index]; }
+*/
+
+#define IsCharState(s) ((s) < 7)
+
+
+#define GetLenToPosState(len) (((len) < kNumLenToPosStates + 1) ? (len) - 2 : kNumLenToPosStates - 1)
+
+#define kInfinityPrice (1 << 30)
+
+static void RangeEnc_Construct(CRangeEnc *p)
+{
+ p->outStream = 0;
+ p->bufBase = 0;
+}
+
+#define RangeEnc_GetProcessed(p) ((p)->processed + ((p)->buf - (p)->bufBase) + (p)->cacheSize)
+
+#define RC_BUF_SIZE (1 << 16)
+static int RangeEnc_Alloc(CRangeEnc *p, ISzAlloc *alloc)
+{
+ if (p->bufBase == 0)
+ {
+ p->bufBase = (Byte *)alloc->Alloc(alloc, RC_BUF_SIZE);
+ if (p->bufBase == 0)
+ return 0;
+ p->bufLim = p->bufBase + RC_BUF_SIZE;
+ }
+ return 1;
+}
+
+static void RangeEnc_Free(CRangeEnc *p, ISzAlloc *alloc)
+{
+ alloc->Free(alloc, p->bufBase);
+ p->bufBase = 0;
+}
+
+static void RangeEnc_Init(CRangeEnc *p)
+{
+ /* Stream.Init(); */
+ p->low = 0;
+ p->range = 0xFFFFFFFF;
+ p->cacheSize = 1;
+ p->cache = 0;
+
+ p->buf = p->bufBase;
+
+ p->processed = 0;
+ p->res = SZ_OK;
+}
+
+static void RangeEnc_FlushStream(CRangeEnc *p)
+{
+ size_t num;
+ if (p->res != SZ_OK)
+ return;
+ num = p->buf - p->bufBase;
+ if (num != p->outStream->Write(p->outStream, p->bufBase, num))
+ p->res = SZ_ERROR_WRITE;
+ p->processed += num;
+ p->buf = p->bufBase;
+}
+
+static void MY_FAST_CALL RangeEnc_ShiftLow(CRangeEnc *p)
+{
+ if ((UInt32)p->low < (UInt32)0xFF000000 || (int)(p->low >> 32) != 0)
+ {
+ Byte temp = p->cache;
+ do
+ {
+ Byte *buf = p->buf;
+ *buf++ = (Byte)(temp + (Byte)(p->low >> 32));
+ p->buf = buf;
+ if (buf == p->bufLim)
+ RangeEnc_FlushStream(p);
+ temp = 0xFF;
+ }
+ while (--p->cacheSize != 0);
+ p->cache = (Byte)((UInt32)p->low >> 24);
+ }
+ p->cacheSize++;
+ p->low = (UInt32)p->low << 8;
+}
+
+static void RangeEnc_FlushData(CRangeEnc *p)
+{
+ int i;
+ for (i = 0; i < 5; i++)
+ RangeEnc_ShiftLow(p);
+}
+
+static void RangeEnc_EncodeDirectBits(CRangeEnc *p, UInt32 value, int numBits)
+{
+ do
+ {
+ p->range >>= 1;
+ p->low += p->range & (0 - ((value >> --numBits) & 1));
+ if (p->range < kTopValue)
+ {
+ p->range <<= 8;
+ RangeEnc_ShiftLow(p);
+ }
+ }
+ while (numBits != 0);
+}
+
+static void RangeEnc_EncodeBit(CRangeEnc *p, CLzmaProb *prob, UInt32 symbol)
+{
+ UInt32 ttt = *prob;
+ UInt32 newBound = (p->range >> kNumBitModelTotalBits) * ttt;
+ if (symbol == 0)
+ {
+ p->range = newBound;
+ ttt += (kBitModelTotal - ttt) >> kNumMoveBits;
+ }
+ else
+ {
+ p->low += newBound;
+ p->range -= newBound;
+ ttt -= ttt >> kNumMoveBits;
+ }
+ *prob = (CLzmaProb)ttt;
+ if (p->range < kTopValue)
+ {
+ p->range <<= 8;
+ RangeEnc_ShiftLow(p);
+ }
+}
+
+static void LitEnc_Encode(CRangeEnc *p, CLzmaProb *probs, UInt32 symbol)
+{
+ symbol |= 0x100;
+ do
+ {
+ RangeEnc_EncodeBit(p, probs + (symbol >> 8), (symbol >> 7) & 1);
+ symbol <<= 1;
+ }
+ while (symbol < 0x10000);
+}
+
+static void LitEnc_EncodeMatched(CRangeEnc *p, CLzmaProb *probs, UInt32 symbol, UInt32 matchByte)
+{
+ UInt32 offs = 0x100;
+ symbol |= 0x100;
+ do
+ {
+ matchByte <<= 1;
+ RangeEnc_EncodeBit(p, probs + (offs + (matchByte & offs) + (symbol >> 8)), (symbol >> 7) & 1);
+ symbol <<= 1;
+ offs &= ~(matchByte ^ symbol);
+ }
+ while (symbol < 0x10000);
+}
+
+void LzmaEnc_InitPriceTables(UInt32 *ProbPrices)
+{
+ UInt32 i;
+ for (i = (1 << kNumMoveReducingBits) / 2; i < kBitModelTotal; i += (1 << kNumMoveReducingBits))
+ {
+ const int kCyclesBits = kNumBitPriceShiftBits;
+ UInt32 w = i;
+ UInt32 bitCount = 0;
+ int j;
+ for (j = 0; j < kCyclesBits; j++)
+ {
+ w = w * w;
+ bitCount <<= 1;
+ while (w >= ((UInt32)1 << 16))
+ {
+ w >>= 1;
+ bitCount++;
+ }
+ }
+ ProbPrices[i >> kNumMoveReducingBits] = ((kNumBitModelTotalBits << kCyclesBits) - 15 - bitCount);
+ }
+}
+
+
+#define GET_PRICE(prob, symbol) \
+ p->ProbPrices[((prob) ^ (((-(int)(symbol))) & (kBitModelTotal - 1))) >> kNumMoveReducingBits];
+
+#define GET_PRICEa(prob, symbol) \
+ ProbPrices[((prob) ^ ((-((int)(symbol))) & (kBitModelTotal - 1))) >> kNumMoveReducingBits];
+
+#define GET_PRICE_0(prob) p->ProbPrices[(prob) >> kNumMoveReducingBits]
+#define GET_PRICE_1(prob) p->ProbPrices[((prob) ^ (kBitModelTotal - 1)) >> kNumMoveReducingBits]
+
+#define GET_PRICE_0a(prob) ProbPrices[(prob) >> kNumMoveReducingBits]
+#define GET_PRICE_1a(prob) ProbPrices[((prob) ^ (kBitModelTotal - 1)) >> kNumMoveReducingBits]
+
+static UInt32 LitEnc_GetPrice(const CLzmaProb *probs, UInt32 symbol, UInt32 *ProbPrices)
+{
+ UInt32 price = 0;
+ symbol |= 0x100;
+ do
+ {
+ price += GET_PRICEa(probs[symbol >> 8], (symbol >> 7) & 1);
+ symbol <<= 1;
+ }
+ while (symbol < 0x10000);
+ return price;
+};
+
+static UInt32 LitEnc_GetPriceMatched(const CLzmaProb *probs, UInt32 symbol, UInt32 matchByte, UInt32 *ProbPrices)
+{
+ UInt32 price = 0;
+ UInt32 offs = 0x100;
+ symbol |= 0x100;
+ do
+ {
+ matchByte <<= 1;
+ price += GET_PRICEa(probs[offs + (matchByte & offs) + (symbol >> 8)], (symbol >> 7) & 1);
+ symbol <<= 1;
+ offs &= ~(matchByte ^ symbol);
+ }
+ while (symbol < 0x10000);
+ return price;
+};
+
+
+static void RcTree_Encode(CRangeEnc *rc, CLzmaProb *probs, int numBitLevels, UInt32 symbol)
+{
+ UInt32 m = 1;
+ int i;
+ for (i = numBitLevels; i != 0 ;)
+ {
+ UInt32 bit;
+ i--;
+ bit = (symbol >> i) & 1;
+ RangeEnc_EncodeBit(rc, probs + m, bit);
+ m = (m << 1) | bit;
+ }
+};
+
+static void RcTree_ReverseEncode(CRangeEnc *rc, CLzmaProb *probs, int numBitLevels, UInt32 symbol)
+{
+ UInt32 m = 1;
+ int i;
+ for (i = 0; i < numBitLevels; i++)
+ {
+ UInt32 bit = symbol & 1;
+ RangeEnc_EncodeBit(rc, probs + m, bit);
+ m = (m << 1) | bit;
+ symbol >>= 1;
+ }
+}
+
+static UInt32 RcTree_GetPrice(const CLzmaProb *probs, int numBitLevels, UInt32 symbol, UInt32 *ProbPrices)
+{
+ UInt32 price = 0;
+ symbol |= (1 << numBitLevels);
+ while (symbol != 1)
+ {
+ price += GET_PRICEa(probs[symbol >> 1], symbol & 1);
+ symbol >>= 1;
+ }
+ return price;
+}
+
+static UInt32 RcTree_ReverseGetPrice(const CLzmaProb *probs, int numBitLevels, UInt32 symbol, UInt32 *ProbPrices)
+{
+ UInt32 price = 0;
+ UInt32 m = 1;
+ int i;
+ for (i = numBitLevels; i != 0; i--)
+ {
+ UInt32 bit = symbol & 1;
+ symbol >>= 1;
+ price += GET_PRICEa(probs[m], bit);
+ m = (m << 1) | bit;
+ }
+ return price;
+}
+
+
+static void LenEnc_Init(CLenEnc *p)
+{
+ unsigned i;
+ p->choice = p->choice2 = kProbInitValue;
+ for (i = 0; i < (LZMA_NUM_PB_STATES_MAX << kLenNumLowBits); i++)
+ p->low[i] = kProbInitValue;
+ for (i = 0; i < (LZMA_NUM_PB_STATES_MAX << kLenNumMidBits); i++)
+ p->mid[i] = kProbInitValue;
+ for (i = 0; i < kLenNumHighSymbols; i++)
+ p->high[i] = kProbInitValue;
+}
+
+static void LenEnc_Encode(CLenEnc *p, CRangeEnc *rc, UInt32 symbol, UInt32 posState)
+{
+ if (symbol < kLenNumLowSymbols)
+ {
+ RangeEnc_EncodeBit(rc, &p->choice, 0);
+ RcTree_Encode(rc, p->low + (posState << kLenNumLowBits), kLenNumLowBits, symbol);
+ }
+ else
+ {
+ RangeEnc_EncodeBit(rc, &p->choice, 1);
+ if (symbol < kLenNumLowSymbols + kLenNumMidSymbols)
+ {
+ RangeEnc_EncodeBit(rc, &p->choice2, 0);
+ RcTree_Encode(rc, p->mid + (posState << kLenNumMidBits), kLenNumMidBits, symbol - kLenNumLowSymbols);
+ }
+ else
+ {
+ RangeEnc_EncodeBit(rc, &p->choice2, 1);
+ RcTree_Encode(rc, p->high, kLenNumHighBits, symbol - kLenNumLowSymbols - kLenNumMidSymbols);
+ }
+ }
+}
+
+static void LenEnc_SetPrices(CLenEnc *p, UInt32 posState, UInt32 numSymbols, UInt32 *prices, UInt32 *ProbPrices)
+{
+ UInt32 a0 = GET_PRICE_0a(p->choice);
+ UInt32 a1 = GET_PRICE_1a(p->choice);
+ UInt32 b0 = a1 + GET_PRICE_0a(p->choice2);
+ UInt32 b1 = a1 + GET_PRICE_1a(p->choice2);
+ UInt32 i = 0;
+ for (i = 0; i < kLenNumLowSymbols; i++)
+ {
+ if (i >= numSymbols)
+ return;
+ prices[i] = a0 + RcTree_GetPrice(p->low + (posState << kLenNumLowBits), kLenNumLowBits, i, ProbPrices);
+ }
+ for (; i < kLenNumLowSymbols + kLenNumMidSymbols; i++)
+ {
+ if (i >= numSymbols)
+ return;
+ prices[i] = b0 + RcTree_GetPrice(p->mid + (posState << kLenNumMidBits), kLenNumMidBits, i - kLenNumLowSymbols, ProbPrices);
+ }
+ for (; i < numSymbols; i++)
+ prices[i] = b1 + RcTree_GetPrice(p->high, kLenNumHighBits, i - kLenNumLowSymbols - kLenNumMidSymbols, ProbPrices);
+}
+
+static void MY_FAST_CALL LenPriceEnc_UpdateTable(CLenPriceEnc *p, UInt32 posState, UInt32 *ProbPrices)
+{
+ LenEnc_SetPrices(&p->p, posState, p->tableSize, p->prices[posState], ProbPrices);
+ p->counters[posState] = p->tableSize;
+}
+
+static void LenPriceEnc_UpdateTables(CLenPriceEnc *p, UInt32 numPosStates, UInt32 *ProbPrices)
+{
+ UInt32 posState;
+ for (posState = 0; posState < numPosStates; posState++)
+ LenPriceEnc_UpdateTable(p, posState, ProbPrices);
+}
+
+static void LenEnc_Encode2(CLenPriceEnc *p, CRangeEnc *rc, UInt32 symbol, UInt32 posState, Bool updatePrice, UInt32 *ProbPrices)
+{
+ LenEnc_Encode(&p->p, rc, symbol, posState);
+ if (updatePrice)
+ if (--p->counters[posState] == 0)
+ LenPriceEnc_UpdateTable(p, posState, ProbPrices);
+}
+
+
+
+
+static void MovePos(CLzmaEnc *p, UInt32 num)
+{
+ #ifdef SHOW_STAT
+ ttt += num;
+ printf("\n MovePos %d", num);
+ #endif
+ if (num != 0)
+ {
+ p->additionalOffset += num;
+ p->matchFinder.Skip(p->matchFinderObj, num);
+ }
+}
+
+static UInt32 ReadMatchDistances(CLzmaEnc *p, UInt32 *numDistancePairsRes)
+{
+ UInt32 lenRes = 0, numDistancePairs;
+ numDistancePairs = p->matchFinder.GetMatches(p->matchFinderObj, p->matchDistances);
+ #ifdef SHOW_STAT
+ printf("\n i = %d numPairs = %d ", ttt, numDistancePairs / 2);
+ if (ttt >= 61994)
+ ttt = ttt;
+
+ ttt++;
+ {
+ UInt32 i;
+ for (i = 0; i < numDistancePairs; i += 2)
+ printf("%2d %6d | ", p->matchDistances[i], p->matchDistances[i + 1]);
+ }
+ #endif
+ if (numDistancePairs > 0)
+ {
+ lenRes = p->matchDistances[numDistancePairs - 2];
+ if (lenRes == p->numFastBytes)
+ {
+ UInt32 numAvail = p->matchFinder.GetNumAvailableBytes(p->matchFinderObj) + 1;
+ const Byte *pby = p->matchFinder.GetPointerToCurrentPos(p->matchFinderObj) - 1;
+ UInt32 distance = p->matchDistances[numDistancePairs - 1] + 1;
+ if (numAvail > LZMA_MATCH_LEN_MAX)
+ numAvail = LZMA_MATCH_LEN_MAX;
+
+ {
+ const Byte *pby2 = pby - distance;
+ for (; lenRes < numAvail && pby[lenRes] == pby2[lenRes]; lenRes++);
+ }
+ }
+ }
+ p->additionalOffset++;
+ *numDistancePairsRes = numDistancePairs;
+ return lenRes;
+}
+
+
+#define MakeAsChar(p) (p)->backPrev = (UInt32)(-1); (p)->prev1IsChar = False;
+#define MakeAsShortRep(p) (p)->backPrev = 0; (p)->prev1IsChar = False;
+#define IsShortRep(p) ((p)->backPrev == 0)
+
+static UInt32 GetRepLen1Price(CLzmaEnc *p, UInt32 state, UInt32 posState)
+{
+ return
+ GET_PRICE_0(p->isRepG0[state]) +
+ GET_PRICE_0(p->isRep0Long[state][posState]);
+}
+
+static UInt32 GetPureRepPrice(CLzmaEnc *p, UInt32 repIndex, UInt32 state, UInt32 posState)
+{
+ UInt32 price;
+ if (repIndex == 0)
+ {
+ price = GET_PRICE_0(p->isRepG0[state]);
+ price += GET_PRICE_1(p->isRep0Long[state][posState]);
+ }
+ else
+ {
+ price = GET_PRICE_1(p->isRepG0[state]);
+ if (repIndex == 1)
+ price += GET_PRICE_0(p->isRepG1[state]);
+ else
+ {
+ price += GET_PRICE_1(p->isRepG1[state]);
+ price += GET_PRICE(p->isRepG2[state], repIndex - 2);
+ }
+ }
+ return price;
+}
+
+static UInt32 GetRepPrice(CLzmaEnc *p, UInt32 repIndex, UInt32 len, UInt32 state, UInt32 posState)
+{
+ return p->repLenEnc.prices[posState][len - LZMA_MATCH_LEN_MIN] +
+ GetPureRepPrice(p, repIndex, state, posState);
+}
+
+static UInt32 Backward(CLzmaEnc *p, UInt32 *backRes, UInt32 cur)
+{
+ UInt32 posMem = p->opt[cur].posPrev;
+ UInt32 backMem = p->opt[cur].backPrev;
+ p->optimumEndIndex = cur;
+ do
+ {
+ if (p->opt[cur].prev1IsChar)
+ {
+ MakeAsChar(&p->opt[posMem])
+ p->opt[posMem].posPrev = posMem - 1;
+ if (p->opt[cur].prev2)
+ {
+ p->opt[posMem - 1].prev1IsChar = False;
+ p->opt[posMem - 1].posPrev = p->opt[cur].posPrev2;
+ p->opt[posMem - 1].backPrev = p->opt[cur].backPrev2;
+ }
+ }
+ {
+ UInt32 posPrev = posMem;
+ UInt32 backCur = backMem;
+
+ backMem = p->opt[posPrev].backPrev;
+ posMem = p->opt[posPrev].posPrev;
+
+ p->opt[posPrev].backPrev = backCur;
+ p->opt[posPrev].posPrev = cur;
+ cur = posPrev;
+ }
+ }
+ while (cur != 0);
+ *backRes = p->opt[0].backPrev;
+ p->optimumCurrentIndex = p->opt[0].posPrev;
+ return p->optimumCurrentIndex;
+}
+
+#define LIT_PROBS(pos, prevByte) (p->litProbs + ((((pos) & p->lpMask) << p->lc) + ((prevByte) >> (8 - p->lc))) * 0x300)
+
+static UInt32 GetOptimum(CLzmaEnc *p, UInt32 position, UInt32 *backRes)
+{
+ UInt32 numAvailableBytes, lenMain, numDistancePairs;
+ const Byte *data;
+ UInt32 reps[LZMA_NUM_REPS];
+ UInt32 repLens[LZMA_NUM_REPS];
+ UInt32 repMaxIndex, i;
+ UInt32 *matchDistances;
+ Byte currentByte, matchByte;
+ UInt32 posState;
+ UInt32 matchPrice, repMatchPrice;
+ UInt32 lenEnd;
+ UInt32 len;
+ UInt32 normalMatchPrice;
+ UInt32 cur;
+ if (p->optimumEndIndex != p->optimumCurrentIndex)
+ {
+ const COptimal *opt = &p->opt[p->optimumCurrentIndex];
+ UInt32 lenRes = opt->posPrev - p->optimumCurrentIndex;
+ *backRes = opt->backPrev;
+ p->optimumCurrentIndex = opt->posPrev;
+ return lenRes;
+ }
+ p->optimumCurrentIndex = p->optimumEndIndex = 0;
+
+ numAvailableBytes = p->matchFinder.GetNumAvailableBytes(p->matchFinderObj);
+
+ if (!p->longestMatchWasFound)
+ {
+ lenMain = ReadMatchDistances(p, &numDistancePairs);
+ }
+ else
+ {
+ lenMain = p->longestMatchLength;
+ numDistancePairs = p->numDistancePairs;
+ p->longestMatchWasFound = False;
+ }
+
+ data = p->matchFinder.GetPointerToCurrentPos(p->matchFinderObj) - 1;
+ if (numAvailableBytes < 2)
+ {
+ *backRes = (UInt32)(-1);
+ return 1;
+ }
+ if (numAvailableBytes > LZMA_MATCH_LEN_MAX)
+ numAvailableBytes = LZMA_MATCH_LEN_MAX;
+
+ repMaxIndex = 0;
+ for (i = 0; i < LZMA_NUM_REPS; i++)
+ {
+ UInt32 lenTest;
+ const Byte *data2;
+ reps[i] = p->reps[i];
+ data2 = data - (reps[i] + 1);
+ if (data[0] != data2[0] || data[1] != data2[1])
+ {
+ repLens[i] = 0;
+ continue;
+ }
+ for (lenTest = 2; lenTest < numAvailableBytes && data[lenTest] == data2[lenTest]; lenTest++);
+ repLens[i] = lenTest;
+ if (lenTest > repLens[repMaxIndex])
+ repMaxIndex = i;
+ }
+ if (repLens[repMaxIndex] >= p->numFastBytes)
+ {
+ UInt32 lenRes;
+ *backRes = repMaxIndex;
+ lenRes = repLens[repMaxIndex];
+ MovePos(p, lenRes - 1);
+ return lenRes;
+ }
+
+ matchDistances = p->matchDistances;
+ if (lenMain >= p->numFastBytes)
+ {
+ *backRes = matchDistances[numDistancePairs - 1] + LZMA_NUM_REPS;
+ MovePos(p, lenMain - 1);
+ return lenMain;
+ }
+ currentByte = *data;
+ matchByte = *(data - (reps[0] + 1));
+
+ if (lenMain < 2 && currentByte != matchByte && repLens[repMaxIndex] < 2)
+ {
+ *backRes = (UInt32)-1;
+ return 1;
+ }
+
+ p->opt[0].state = (CState)p->state;
+
+ posState = (position & p->pbMask);
+
+ {
+ const CLzmaProb *probs = LIT_PROBS(position, *(data - 1));
+ p->opt[1].price = GET_PRICE_0(p->isMatch[p->state][posState]) +
+ (!IsCharState(p->state) ?
+ LitEnc_GetPriceMatched(probs, currentByte, matchByte, p->ProbPrices) :
+ LitEnc_GetPrice(probs, currentByte, p->ProbPrices));
+ }
+
+ MakeAsChar(&p->opt[1]);
+
+ matchPrice = GET_PRICE_1(p->isMatch[p->state][posState]);
+ repMatchPrice = matchPrice + GET_PRICE_1(p->isRep[p->state]);
+
+ if (matchByte == currentByte)
+ {
+ UInt32 shortRepPrice = repMatchPrice + GetRepLen1Price(p, p->state, posState);
+ if (shortRepPrice < p->opt[1].price)
+ {
+ p->opt[1].price = shortRepPrice;
+ MakeAsShortRep(&p->opt[1]);
+ }
+ }
+ lenEnd = ((lenMain >= repLens[repMaxIndex]) ? lenMain : repLens[repMaxIndex]);
+
+ if (lenEnd < 2)
+ {
+ *backRes = p->opt[1].backPrev;
+ return 1;
+ }
+
+ p->opt[1].posPrev = 0;
+ for (i = 0; i < LZMA_NUM_REPS; i++)
+ p->opt[0].backs[i] = reps[i];
+
+ len = lenEnd;
+ do
+ p->opt[len--].price = kInfinityPrice;
+ while (len >= 2);
+
+ for (i = 0; i < LZMA_NUM_REPS; i++)
+ {
+ UInt32 repLen = repLens[i];
+ UInt32 price;
+ if (repLen < 2)
+ continue;
+ price = repMatchPrice + GetPureRepPrice(p, i, p->state, posState);
+ do
+ {
+ UInt32 curAndLenPrice = price + p->repLenEnc.prices[posState][repLen - 2];
+ COptimal *opt = &p->opt[repLen];
+ if (curAndLenPrice < opt->price)
+ {
+ opt->price = curAndLenPrice;
+ opt->posPrev = 0;
+ opt->backPrev = i;
+ opt->prev1IsChar = False;
+ }
+ }
+ while (--repLen >= 2);
+ }
+
+ normalMatchPrice = matchPrice + GET_PRICE_0(p->isRep[p->state]);
+
+ len = ((repLens[0] >= 2) ? repLens[0] + 1 : 2);
+ if (len <= lenMain)
+ {
+ UInt32 offs = 0;
+ while (len > matchDistances[offs])
+ offs += 2;
+ for (; ; len++)
+ {
+ COptimal *opt;
+ UInt32 distance = matchDistances[offs + 1];
+
+ UInt32 curAndLenPrice = normalMatchPrice + p->lenEnc.prices[posState][len - LZMA_MATCH_LEN_MIN];
+ UInt32 lenToPosState = GetLenToPosState(len);
+ if (distance < kNumFullDistances)
+ curAndLenPrice += p->distancesPrices[lenToPosState][distance];
+ else
+ {
+ UInt32 slot;
+ GetPosSlot2(distance, slot);
+ curAndLenPrice += p->alignPrices[distance & kAlignMask] + p->posSlotPrices[lenToPosState][slot];
+ }
+ opt = &p->opt[len];
+ if (curAndLenPrice < opt->price)
+ {
+ opt->price = curAndLenPrice;
+ opt->posPrev = 0;
+ opt->backPrev = distance + LZMA_NUM_REPS;
+ opt->prev1IsChar = False;
+ }
+ if (len == matchDistances[offs])
+ {
+ offs += 2;
+ if (offs == numDistancePairs)
+ break;
+ }
+ }
+ }
+
+ cur = 0;
+
+ #ifdef SHOW_STAT2
+ if (position >= 0)
+ {
+ unsigned i;
+ printf("\n pos = %4X", position);
+ for (i = cur; i <= lenEnd; i++)
+ printf("\nprice[%4X] = %d", position - cur + i, p->opt[i].price);
+ }
+ #endif
+
+ for (;;)
+ {
+ UInt32 numAvailableBytesFull, newLen, numDistancePairs;
+ COptimal *curOpt;
+ UInt32 posPrev;
+ UInt32 state;
+ UInt32 curPrice;
+ Bool nextIsChar;
+ const Byte *data;
+ Byte currentByte, matchByte;
+ UInt32 posState;
+ UInt32 curAnd1Price;
+ COptimal *nextOpt;
+ UInt32 matchPrice, repMatchPrice;
+ UInt32 numAvailableBytes;
+ UInt32 startLen;
+
+ cur++;
+ if (cur == lenEnd)
+ return Backward(p, backRes, cur);
+
+ numAvailableBytesFull = p->matchFinder.GetNumAvailableBytes(p->matchFinderObj);
+ newLen = ReadMatchDistances(p, &numDistancePairs);
+ if (newLen >= p->numFastBytes)
+ {
+ p->numDistancePairs = numDistancePairs;
+ p->longestMatchLength = newLen;
+ p->longestMatchWasFound = True;
+ return Backward(p, backRes, cur);
+ }
+ position++;
+ curOpt = &p->opt[cur];
+ posPrev = curOpt->posPrev;
+ if (curOpt->prev1IsChar)
+ {
+ posPrev--;
+ if (curOpt->prev2)
+ {
+ state = p->opt[curOpt->posPrev2].state;
+ if (curOpt->backPrev2 < LZMA_NUM_REPS)
+ state = kRepNextStates[state];
+ else
+ state = kMatchNextStates[state];
+ }
+ else
+ state = p->opt[posPrev].state;
+ state = kLiteralNextStates[state];
+ }
+ else
+ state = p->opt[posPrev].state;
+ if (posPrev == cur - 1)
+ {
+ if (IsShortRep(curOpt))
+ state = kShortRepNextStates[state];
+ else
+ state = kLiteralNextStates[state];
+ }
+ else
+ {
+ UInt32 pos;
+ const COptimal *prevOpt;
+ if (curOpt->prev1IsChar && curOpt->prev2)
+ {
+ posPrev = curOpt->posPrev2;
+ pos = curOpt->backPrev2;
+ state = kRepNextStates[state];
+ }
+ else
+ {
+ pos = curOpt->backPrev;
+ if (pos < LZMA_NUM_REPS)
+ state = kRepNextStates[state];
+ else
+ state = kMatchNextStates[state];
+ }
+ prevOpt = &p->opt[posPrev];
+ if (pos < LZMA_NUM_REPS)
+ {
+ UInt32 i;
+ reps[0] = prevOpt->backs[pos];
+ for (i = 1; i <= pos; i++)
+ reps[i] = prevOpt->backs[i - 1];
+ for (; i < LZMA_NUM_REPS; i++)
+ reps[i] = prevOpt->backs[i];
+ }
+ else
+ {
+ UInt32 i;
+ reps[0] = (pos - LZMA_NUM_REPS);
+ for (i = 1; i < LZMA_NUM_REPS; i++)
+ reps[i] = prevOpt->backs[i - 1];
+ }
+ }
+ curOpt->state = (CState)state;
+
+ curOpt->backs[0] = reps[0];
+ curOpt->backs[1] = reps[1];
+ curOpt->backs[2] = reps[2];
+ curOpt->backs[3] = reps[3];
+
+ curPrice = curOpt->price;
+ nextIsChar = False;
+ data = p->matchFinder.GetPointerToCurrentPos(p->matchFinderObj) - 1;
+ currentByte = *data;
+ matchByte = *(data - (reps[0] + 1));
+
+ posState = (position & p->pbMask);
+
+ curAnd1Price = curPrice + GET_PRICE_0(p->isMatch[state][posState]);
+ {
+ const CLzmaProb *probs = LIT_PROBS(position, *(data - 1));
+ curAnd1Price +=
+ (!IsCharState(state) ?
+ LitEnc_GetPriceMatched(probs, currentByte, matchByte, p->ProbPrices) :
+ LitEnc_GetPrice(probs, currentByte, p->ProbPrices));
+ }
+
+ nextOpt = &p->opt[cur + 1];
+
+ if (curAnd1Price < nextOpt->price)
+ {
+ nextOpt->price = curAnd1Price;
+ nextOpt->posPrev = cur;
+ MakeAsChar(nextOpt);
+ nextIsChar = True;
+ }
+
+ matchPrice = curPrice + GET_PRICE_1(p->isMatch[state][posState]);
+ repMatchPrice = matchPrice + GET_PRICE_1(p->isRep[state]);
+
+ if (matchByte == currentByte && !(nextOpt->posPrev < cur && nextOpt->backPrev == 0))
+ {
+ UInt32 shortRepPrice = repMatchPrice + GetRepLen1Price(p, state, posState);
+ if (shortRepPrice <= nextOpt->price)
+ {
+ nextOpt->price = shortRepPrice;
+ nextOpt->posPrev = cur;
+ MakeAsShortRep(nextOpt);
+ nextIsChar = True;
+ }
+ }
+
+ {
+ UInt32 temp = kNumOpts - 1 - cur;
+ if (temp < numAvailableBytesFull)
+ numAvailableBytesFull = temp;
+ }
+ numAvailableBytes = numAvailableBytesFull;
+
+ if (numAvailableBytes < 2)
+ continue;
+ if (numAvailableBytes > p->numFastBytes)
+ numAvailableBytes = p->numFastBytes;
+ if (!nextIsChar && matchByte != currentByte) /* speed optimization */
+ {
+ /* try Literal + rep0 */
+ UInt32 temp;
+ UInt32 lenTest2;
+ const Byte *data2 = data - (reps[0] + 1);
+ UInt32 limit = p->numFastBytes + 1;
+ if (limit > numAvailableBytesFull)
+ limit = numAvailableBytesFull;
+
+ for (temp = 1; temp < limit && data[temp] == data2[temp]; temp++);
+ lenTest2 = temp - 1;
+ if (lenTest2 >= 2)
+ {
+ UInt32 state2 = kLiteralNextStates[state];
+ UInt32 posStateNext = (position + 1) & p->pbMask;
+ UInt32 nextRepMatchPrice = curAnd1Price +
+ GET_PRICE_1(p->isMatch[state2][posStateNext]) +
+ GET_PRICE_1(p->isRep[state2]);
+ /* for (; lenTest2 >= 2; lenTest2--) */
+ {
+ UInt32 curAndLenPrice;
+ COptimal *opt;
+ UInt32 offset = cur + 1 + lenTest2;
+ while (lenEnd < offset)
+ p->opt[++lenEnd].price = kInfinityPrice;
+ curAndLenPrice = nextRepMatchPrice + GetRepPrice(p, 0, lenTest2, state2, posStateNext);
+ opt = &p->opt[offset];
+ if (curAndLenPrice < opt->price)
+ {
+ opt->price = curAndLenPrice;
+ opt->posPrev = cur + 1;
+ opt->backPrev = 0;
+ opt->prev1IsChar = True;
+ opt->prev2 = False;
+ }
+ }
+ }
+ }
+
+ startLen = 2; /* speed optimization */
+ {
+ UInt32 repIndex;
+ for (repIndex = 0; repIndex < LZMA_NUM_REPS; repIndex++)
+ {
+ UInt32 lenTest;
+ UInt32 lenTestTemp;
+ UInt32 price;
+ const Byte *data2 = data - (reps[repIndex] + 1);
+ if (data[0] != data2[0] || data[1] != data2[1])
+ continue;
+ for (lenTest = 2; lenTest < numAvailableBytes && data[lenTest] == data2[lenTest]; lenTest++);
+ while (lenEnd < cur + lenTest)
+ p->opt[++lenEnd].price = kInfinityPrice;
+ lenTestTemp = lenTest;
+ price = repMatchPrice + GetPureRepPrice(p, repIndex, state, posState);
+ do
+ {
+ UInt32 curAndLenPrice = price + p->repLenEnc.prices[posState][lenTest - 2];
+ COptimal *opt = &p->opt[cur + lenTest];
+ if (curAndLenPrice < opt->price)
+ {
+ opt->price = curAndLenPrice;
+ opt->posPrev = cur;
+ opt->backPrev = repIndex;
+ opt->prev1IsChar = False;
+ }
+ }
+ while (--lenTest >= 2);
+ lenTest = lenTestTemp;
+
+ if (repIndex == 0)
+ startLen = lenTest + 1;
+
+ /* if (_maxMode) */
+ {
+ UInt32 lenTest2 = lenTest + 1;
+ UInt32 limit = lenTest2 + p->numFastBytes;
+ UInt32 nextRepMatchPrice;
+ if (limit > numAvailableBytesFull)
+ limit = numAvailableBytesFull;
+ for (; lenTest2 < limit && data[lenTest2] == data2[lenTest2]; lenTest2++);
+ lenTest2 -= lenTest + 1;
+ if (lenTest2 >= 2)
+ {
+ UInt32 state2 = kRepNextStates[state];
+ UInt32 posStateNext = (position + lenTest) & p->pbMask;
+ UInt32 curAndLenCharPrice =
+ price + p->repLenEnc.prices[posState][lenTest - 2] +
+ GET_PRICE_0(p->isMatch[state2][posStateNext]) +
+ LitEnc_GetPriceMatched(LIT_PROBS(position + lenTest, data[lenTest - 1]),
+ data[lenTest], data2[lenTest], p->ProbPrices);
+ state2 = kLiteralNextStates[state2];
+ posStateNext = (position + lenTest + 1) & p->pbMask;
+ nextRepMatchPrice = curAndLenCharPrice +
+ GET_PRICE_1(p->isMatch[state2][posStateNext]) +
+ GET_PRICE_1(p->isRep[state2]);
+
+ /* for (; lenTest2 >= 2; lenTest2--) */
+ {
+ UInt32 curAndLenPrice;
+ COptimal *opt;
+ UInt32 offset = cur + lenTest + 1 + lenTest2;
+ while (lenEnd < offset)
+ p->opt[++lenEnd].price = kInfinityPrice;
+ curAndLenPrice = nextRepMatchPrice + GetRepPrice(p, 0, lenTest2, state2, posStateNext);
+ opt = &p->opt[offset];
+ if (curAndLenPrice < opt->price)
+ {
+ opt->price = curAndLenPrice;
+ opt->posPrev = cur + lenTest + 1;
+ opt->backPrev = 0;
+ opt->prev1IsChar = True;
+ opt->prev2 = True;
+ opt->posPrev2 = cur;
+ opt->backPrev2 = repIndex;
+ }
+ }
+ }
+ }
+ }
+ }
+ /* for (UInt32 lenTest = 2; lenTest <= newLen; lenTest++) */
+ if (newLen > numAvailableBytes)
+ {
+ newLen = numAvailableBytes;
+ for (numDistancePairs = 0; newLen > matchDistances[numDistancePairs]; numDistancePairs += 2);
+ matchDistances[numDistancePairs] = newLen;
+ numDistancePairs += 2;
+ }
+ if (newLen >= startLen)
+ {
+ UInt32 normalMatchPrice = matchPrice + GET_PRICE_0(p->isRep[state]);
+ UInt32 offs, curBack, posSlot;
+ UInt32 lenTest;
+ while (lenEnd < cur + newLen)
+ p->opt[++lenEnd].price = kInfinityPrice;
+
+ offs = 0;
+ while (startLen > matchDistances[offs])
+ offs += 2;
+ curBack = matchDistances[offs + 1];
+ GetPosSlot2(curBack, posSlot);
+ for (lenTest = /*2*/ startLen; ; lenTest++)
+ {
+ UInt32 curAndLenPrice = normalMatchPrice + p->lenEnc.prices[posState][lenTest - LZMA_MATCH_LEN_MIN];
+ UInt32 lenToPosState = GetLenToPosState(lenTest);
+ COptimal *opt;
+ if (curBack < kNumFullDistances)
+ curAndLenPrice += p->distancesPrices[lenToPosState][curBack];
+ else
+ curAndLenPrice += p->posSlotPrices[lenToPosState][posSlot] + p->alignPrices[curBack & kAlignMask];
+
+ opt = &p->opt[cur + lenTest];
+ if (curAndLenPrice < opt->price)
+ {
+ opt->price = curAndLenPrice;
+ opt->posPrev = cur;
+ opt->backPrev = curBack + LZMA_NUM_REPS;
+ opt->prev1IsChar = False;
+ }
+
+ if (/*_maxMode && */lenTest == matchDistances[offs])
+ {
+ /* Try Match + Literal + Rep0 */
+ const Byte *data2 = data - (curBack + 1);
+ UInt32 lenTest2 = lenTest + 1;
+ UInt32 limit = lenTest2 + p->numFastBytes;
+ UInt32 nextRepMatchPrice;
+ if (limit > numAvailableBytesFull)
+ limit = numAvailableBytesFull;
+ for (; lenTest2 < limit && data[lenTest2] == data2[lenTest2]; lenTest2++);
+ lenTest2 -= lenTest + 1;
+ if (lenTest2 >= 2)
+ {
+ UInt32 state2 = kMatchNextStates[state];
+ UInt32 posStateNext = (position + lenTest) & p->pbMask;
+ UInt32 curAndLenCharPrice = curAndLenPrice +
+ GET_PRICE_0(p->isMatch[state2][posStateNext]) +
+ LitEnc_GetPriceMatched(LIT_PROBS(position + lenTest, data[lenTest - 1]),
+ data[lenTest], data2[lenTest], p->ProbPrices);
+ state2 = kLiteralNextStates[state2];
+ posStateNext = (posStateNext + 1) & p->pbMask;
+ nextRepMatchPrice = curAndLenCharPrice +
+ GET_PRICE_1(p->isMatch[state2][posStateNext]) +
+ GET_PRICE_1(p->isRep[state2]);
+
+ /* for (; lenTest2 >= 2; lenTest2--) */
+ {
+ UInt32 offset = cur + lenTest + 1 + lenTest2;
+ UInt32 curAndLenPrice;
+ COptimal *opt;
+ while (lenEnd < offset)
+ p->opt[++lenEnd].price = kInfinityPrice;
+ curAndLenPrice = nextRepMatchPrice + GetRepPrice(p, 0, lenTest2, state2, posStateNext);
+ opt = &p->opt[offset];
+ if (curAndLenPrice < opt->price)
+ {
+ opt->price = curAndLenPrice;
+ opt->posPrev = cur + lenTest + 1;
+ opt->backPrev = 0;
+ opt->prev1IsChar = True;
+ opt->prev2 = True;
+ opt->posPrev2 = cur;
+ opt->backPrev2 = curBack + LZMA_NUM_REPS;
+ }
+ }
+ }
+ offs += 2;
+ if (offs == numDistancePairs)
+ break;
+ curBack = matchDistances[offs + 1];
+ if (curBack >= kNumFullDistances)
+ GetPosSlot2(curBack, posSlot);
+ }
+ }
+ }
+ }
+}
+
+#define ChangePair(smallDist, bigDist) (((bigDist) >> 7) > (smallDist))
+
+static UInt32 GetOptimumFast(CLzmaEnc *p, UInt32 *backRes)
+{
+ UInt32 numAvailableBytes = p->matchFinder.GetNumAvailableBytes(p->matchFinderObj);
+ UInt32 lenMain, numDistancePairs;
+ const Byte *data;
+ UInt32 repLens[LZMA_NUM_REPS];
+ UInt32 repMaxIndex, i;
+ UInt32 *matchDistances;
+ UInt32 backMain;
+
+ if (!p->longestMatchWasFound)
+ {
+ lenMain = ReadMatchDistances(p, &numDistancePairs);
+ }
+ else
+ {
+ lenMain = p->longestMatchLength;
+ numDistancePairs = p->numDistancePairs;
+ p->longestMatchWasFound = False;
+ }
+
+ data = p->matchFinder.GetPointerToCurrentPos(p->matchFinderObj) - 1;
+ if (numAvailableBytes > LZMA_MATCH_LEN_MAX)
+ numAvailableBytes = LZMA_MATCH_LEN_MAX;
+ if (numAvailableBytes < 2)
+ {
+ *backRes = (UInt32)(-1);
+ return 1;
+ }
+
+ repMaxIndex = 0;
+
+ for (i = 0; i < LZMA_NUM_REPS; i++)
+ {
+ const Byte *data2 = data - (p->reps[i] + 1);
+ UInt32 len;
+ if (data[0] != data2[0] || data[1] != data2[1])
+ {
+ repLens[i] = 0;
+ continue;
+ }
+ for (len = 2; len < numAvailableBytes && data[len] == data2[len]; len++);
+ if (len >= p->numFastBytes)
+ {
+ *backRes = i;
+ MovePos(p, len - 1);
+ return len;
+ }
+ repLens[i] = len;
+ if (len > repLens[repMaxIndex])
+ repMaxIndex = i;
+ }
+ matchDistances = p->matchDistances;
+ if (lenMain >= p->numFastBytes)
+ {
+ *backRes = matchDistances[numDistancePairs - 1] + LZMA_NUM_REPS;
+ MovePos(p, lenMain - 1);
+ return lenMain;
+ }
+
+ backMain = 0; /* for GCC */
+ if (lenMain >= 2)
+ {
+ backMain = matchDistances[numDistancePairs - 1];
+ while (numDistancePairs > 2 && lenMain == matchDistances[numDistancePairs - 4] + 1)
+ {
+ if (!ChangePair(matchDistances[numDistancePairs - 3], backMain))
+ break;
+ numDistancePairs -= 2;
+ lenMain = matchDistances[numDistancePairs - 2];
+ backMain = matchDistances[numDistancePairs - 1];
+ }
+ if (lenMain == 2 && backMain >= 0x80)
+ lenMain = 1;
+ }
+
+ if (repLens[repMaxIndex] >= 2)
+ {
+ if (repLens[repMaxIndex] + 1 >= lenMain ||
+ (repLens[repMaxIndex] + 2 >= lenMain && (backMain > (1 << 9))) ||
+ (repLens[repMaxIndex] + 3 >= lenMain && (backMain > (1 << 15))))
+ {
+ UInt32 lenRes;
+ *backRes = repMaxIndex;
+ lenRes = repLens[repMaxIndex];
+ MovePos(p, lenRes - 1);
+ return lenRes;
+ }
+ }
+
+ if (lenMain >= 2 && numAvailableBytes > 2)
+ {
+ UInt32 i;
+ numAvailableBytes = p->matchFinder.GetNumAvailableBytes(p->matchFinderObj);
+ p->longestMatchLength = ReadMatchDistances(p, &p->numDistancePairs);
+ if (p->longestMatchLength >= 2)
+ {
+ UInt32 newDistance = matchDistances[p->numDistancePairs - 1];
+ if ((p->longestMatchLength >= lenMain && newDistance < backMain) ||
+ (p->longestMatchLength == lenMain + 1 && !ChangePair(backMain, newDistance)) ||
+ (p->longestMatchLength > lenMain + 1) ||
+ (p->longestMatchLength + 1 >= lenMain && lenMain >= 3 && ChangePair(newDistance, backMain)))
+ {
+ p->longestMatchWasFound = True;
+ *backRes = (UInt32)(-1);
+ return 1;
+ }
+ }
+ data = p->matchFinder.GetPointerToCurrentPos(p->matchFinderObj) - 1;
+ for (i = 0; i < LZMA_NUM_REPS; i++)
+ {
+ UInt32 len;
+ const Byte *data2 = data - (p->reps[i] + 1);
+ if (data[1] != data2[1] || data[2] != data2[2])
+ {
+ repLens[i] = 0;
+ continue;
+ }
+ for (len = 2; len < numAvailableBytes && data[len] == data2[len]; len++);
+ if (len + 1 >= lenMain)
+ {
+ p->longestMatchWasFound = True;
+ *backRes = (UInt32)(-1);
+ return 1;
+ }
+ }
+ *backRes = backMain + LZMA_NUM_REPS;
+ MovePos(p, lenMain - 2);
+ return lenMain;
+ }
+ *backRes = (UInt32)(-1);
+ return 1;
+}
+
+static void WriteEndMarker(CLzmaEnc *p, UInt32 posState)
+{
+ UInt32 len;
+ RangeEnc_EncodeBit(&p->rc, &p->isMatch[p->state][posState], 1);
+ RangeEnc_EncodeBit(&p->rc, &p->isRep[p->state], 0);
+ p->state = kMatchNextStates[p->state];
+ len = LZMA_MATCH_LEN_MIN;
+ LenEnc_Encode2(&p->lenEnc, &p->rc, len - LZMA_MATCH_LEN_MIN, posState, !p->fastMode, p->ProbPrices);
+ RcTree_Encode(&p->rc, p->posSlotEncoder[GetLenToPosState(len)], kNumPosSlotBits, (1 << kNumPosSlotBits) - 1);
+ RangeEnc_EncodeDirectBits(&p->rc, (((UInt32)1 << 30) - 1) >> kNumAlignBits, 30 - kNumAlignBits);
+ RcTree_ReverseEncode(&p->rc, p->posAlignEncoder, kNumAlignBits, kAlignMask);
+}
+
+static SRes CheckErrors(CLzmaEnc *p)
+{
+ if (p->result != SZ_OK)
+ return p->result;
+ if (p->rc.res != SZ_OK)
+ p->result = SZ_ERROR_WRITE;
+ if (p->matchFinderBase.result != SZ_OK)
+ p->result = SZ_ERROR_READ;
+ if (p->result != SZ_OK)
+ p->finished = True;
+ return p->result;
+}
+
+static SRes Flush(CLzmaEnc *p, UInt32 nowPos)
+{
+ /* ReleaseMFStream(); */
+ p->finished = True;
+ if (p->writeEndMark)
+ WriteEndMarker(p, nowPos & p->pbMask);
+ RangeEnc_FlushData(&p->rc);
+ RangeEnc_FlushStream(&p->rc);
+ return CheckErrors(p);
+}
+
+static void FillAlignPrices(CLzmaEnc *p)
+{
+ UInt32 i;
+ for (i = 0; i < kAlignTableSize; i++)
+ p->alignPrices[i] = RcTree_ReverseGetPrice(p->posAlignEncoder, kNumAlignBits, i, p->ProbPrices);
+ p->alignPriceCount = 0;
+}
+
+static void FillDistancesPrices(CLzmaEnc *p)
+{
+ UInt32 tempPrices[kNumFullDistances];
+ UInt32 i, lenToPosState;
+ for (i = kStartPosModelIndex; i < kNumFullDistances; i++)
+ {
+ UInt32 posSlot = GetPosSlot1(i);
+ UInt32 footerBits = ((posSlot >> 1) - 1);
+ UInt32 base = ((2 | (posSlot & 1)) << footerBits);
+ tempPrices[i] = RcTree_ReverseGetPrice(p->posEncoders + base - posSlot - 1, footerBits, i - base, p->ProbPrices);
+ }
+
+ for (lenToPosState = 0; lenToPosState < kNumLenToPosStates; lenToPosState++)
+ {
+ UInt32 posSlot;
+ const CLzmaProb *encoder = p->posSlotEncoder[lenToPosState];
+ UInt32 *posSlotPrices = p->posSlotPrices[lenToPosState];
+ for (posSlot = 0; posSlot < p->distTableSize; posSlot++)
+ posSlotPrices[posSlot] = RcTree_GetPrice(encoder, kNumPosSlotBits, posSlot, p->ProbPrices);
+ for (posSlot = kEndPosModelIndex; posSlot < p->distTableSize; posSlot++)
+ posSlotPrices[posSlot] += ((((posSlot >> 1) - 1) - kNumAlignBits) << kNumBitPriceShiftBits);
+
+ {
+ UInt32 *distancesPrices = p->distancesPrices[lenToPosState];
+ UInt32 i;
+ for (i = 0; i < kStartPosModelIndex; i++)
+ distancesPrices[i] = posSlotPrices[i];
+ for (; i < kNumFullDistances; i++)
+ distancesPrices[i] = posSlotPrices[GetPosSlot1(i)] + tempPrices[i];
+ }
+ }
+ p->matchPriceCount = 0;
+}
+
+void LzmaEnc_Construct(CLzmaEnc *p)
+{
+ RangeEnc_Construct(&p->rc);
+ MatchFinder_Construct(&p->matchFinderBase);
+ #ifdef COMPRESS_MF_MT
+ MatchFinderMt_Construct(&p->matchFinderMt);
+ p->matchFinderMt.MatchFinder = &p->matchFinderBase;
+ #endif
+
+ {
+ CLzmaEncProps props;
+ LzmaEncProps_Init(&props);
+ LzmaEnc_SetProps(p, &props);
+ }
+
+ #ifndef LZMA_LOG_BSR
+ LzmaEnc_FastPosInit(p->g_FastPos);
+ #endif
+
+ LzmaEnc_InitPriceTables(p->ProbPrices);
+ p->litProbs = 0;
+ p->saveState.litProbs = 0;
+}
+
+CLzmaEncHandle LzmaEnc_Create(ISzAlloc *alloc)
+{
+ void *p;
+ p = alloc->Alloc(alloc, sizeof(CLzmaEnc));
+ if (p != 0)
+ LzmaEnc_Construct((CLzmaEnc *)p);
+ return p;
+}
+
+void LzmaEnc_FreeLits(CLzmaEnc *p, ISzAlloc *alloc)
+{
+ alloc->Free(alloc, p->litProbs);
+ alloc->Free(alloc, p->saveState.litProbs);
+ p->litProbs = 0;
+ p->saveState.litProbs = 0;
+}
+
+void LzmaEnc_Destruct(CLzmaEnc *p, ISzAlloc *alloc, ISzAlloc *allocBig)
+{
+ #ifdef COMPRESS_MF_MT
+ MatchFinderMt_Destruct(&p->matchFinderMt, allocBig);
+ #endif
+ MatchFinder_Free(&p->matchFinderBase, allocBig);
+ LzmaEnc_FreeLits(p, alloc);
+ RangeEnc_Free(&p->rc, alloc);
+}
+
+void LzmaEnc_Destroy(CLzmaEncHandle p, ISzAlloc *alloc, ISzAlloc *allocBig)
+{
+ LzmaEnc_Destruct((CLzmaEnc *)p, alloc, allocBig);
+ alloc->Free(alloc, p);
+}
+
+static SRes LzmaEnc_CodeOneBlock(CLzmaEnc *p, Bool useLimits, UInt32 maxPackSize, UInt32 maxUnpackSize)
+{
+ UInt32 nowPos32, startPos32;
+ if (p->inStream != 0)
+ {
+ p->matchFinderBase.stream = p->inStream;
+ p->matchFinder.Init(p->matchFinderObj);
+ p->inStream = 0;
+ }
+
+ if (p->finished)
+ return p->result;
+ RINOK(CheckErrors(p));
+
+ nowPos32 = (UInt32)p->nowPos64;
+ startPos32 = nowPos32;
+
+ if (p->nowPos64 == 0)
+ {
+ UInt32 numDistancePairs;
+ Byte curByte;
+ if (p->matchFinder.GetNumAvailableBytes(p->matchFinderObj) == 0)
+ return Flush(p, nowPos32);
+ ReadMatchDistances(p, &numDistancePairs);
+ RangeEnc_EncodeBit(&p->rc, &p->isMatch[p->state][0], 0);
+ p->state = kLiteralNextStates[p->state];
+ curByte = p->matchFinder.GetIndexByte(p->matchFinderObj, 0 - p->additionalOffset);
+ LitEnc_Encode(&p->rc, p->litProbs, curByte);
+ p->additionalOffset--;
+ nowPos32++;
+ }
+
+ if (p->matchFinder.GetNumAvailableBytes(p->matchFinderObj) != 0)
+ for (;;)
+ {
+ UInt32 pos, len, posState;
+
+ if (p->fastMode)
+ len = GetOptimumFast(p, &pos);
+ else
+ len = GetOptimum(p, nowPos32, &pos);
+
+ #ifdef SHOW_STAT2
+ printf("\n pos = %4X, len = %d pos = %d", nowPos32, len, pos);
+ #endif
+
+ posState = nowPos32 & p->pbMask;
+ if (len == 1 && pos == 0xFFFFFFFF)
+ {
+ Byte curByte;
+ CLzmaProb *probs;
+ const Byte *data;
+
+ RangeEnc_EncodeBit(&p->rc, &p->isMatch[p->state][posState], 0);
+ data = p->matchFinder.GetPointerToCurrentPos(p->matchFinderObj) - p->additionalOffset;
+ curByte = *data;
+ probs = LIT_PROBS(nowPos32, *(data - 1));
+ if (IsCharState(p->state))
+ LitEnc_Encode(&p->rc, probs, curByte);
+ else
+ LitEnc_EncodeMatched(&p->rc, probs, curByte, *(data - p->reps[0] - 1));
+ p->state = kLiteralNextStates[p->state];
+ }
+ else
+ {
+ RangeEnc_EncodeBit(&p->rc, &p->isMatch[p->state][posState], 1);
+ if (pos < LZMA_NUM_REPS)
+ {
+ RangeEnc_EncodeBit(&p->rc, &p->isRep[p->state], 1);
+ if (pos == 0)
+ {
+ RangeEnc_EncodeBit(&p->rc, &p->isRepG0[p->state], 0);
+ RangeEnc_EncodeBit(&p->rc, &p->isRep0Long[p->state][posState], ((len == 1) ? 0 : 1));
+ }
+ else
+ {
+ UInt32 distance = p->reps[pos];
+ RangeEnc_EncodeBit(&p->rc, &p->isRepG0[p->state], 1);
+ if (pos == 1)
+ RangeEnc_EncodeBit(&p->rc, &p->isRepG1[p->state], 0);
+ else
+ {
+ RangeEnc_EncodeBit(&p->rc, &p->isRepG1[p->state], 1);
+ RangeEnc_EncodeBit(&p->rc, &p->isRepG2[p->state], pos - 2);
+ if (pos == 3)
+ p->reps[3] = p->reps[2];
+ p->reps[2] = p->reps[1];
+ }
+ p->reps[1] = p->reps[0];
+ p->reps[0] = distance;
+ }
+ if (len == 1)
+ p->state = kShortRepNextStates[p->state];
+ else
+ {
+ LenEnc_Encode2(&p->repLenEnc, &p->rc, len - LZMA_MATCH_LEN_MIN, posState, !p->fastMode, p->ProbPrices);
+ p->state = kRepNextStates[p->state];
+ }
+ }
+ else
+ {
+ UInt32 posSlot;
+ RangeEnc_EncodeBit(&p->rc, &p->isRep[p->state], 0);
+ p->state = kMatchNextStates[p->state];
+ LenEnc_Encode2(&p->lenEnc, &p->rc, len - LZMA_MATCH_LEN_MIN, posState, !p->fastMode, p->ProbPrices);
+ pos -= LZMA_NUM_REPS;
+ GetPosSlot(pos, posSlot);
+ RcTree_Encode(&p->rc, p->posSlotEncoder[GetLenToPosState(len)], kNumPosSlotBits, posSlot);
+
+ if (posSlot >= kStartPosModelIndex)
+ {
+ UInt32 footerBits = ((posSlot >> 1) - 1);
+ UInt32 base = ((2 | (posSlot & 1)) << footerBits);
+ UInt32 posReduced = pos - base;
+
+ if (posSlot < kEndPosModelIndex)
+ RcTree_ReverseEncode(&p->rc, p->posEncoders + base - posSlot - 1, footerBits, posReduced);
+ else
+ {
+ RangeEnc_EncodeDirectBits(&p->rc, posReduced >> kNumAlignBits, footerBits - kNumAlignBits);
+ RcTree_ReverseEncode(&p->rc, p->posAlignEncoder, kNumAlignBits, posReduced & kAlignMask);
+ p->alignPriceCount++;
+ }
+ }
+ p->reps[3] = p->reps[2];
+ p->reps[2] = p->reps[1];
+ p->reps[1] = p->reps[0];
+ p->reps[0] = pos;
+ p->matchPriceCount++;
+ }
+ }
+ p->additionalOffset -= len;
+ nowPos32 += len;
+ if (p->additionalOffset == 0)
+ {
+ UInt32 processed;
+ if (!p->fastMode)
+ {
+ if (p->matchPriceCount >= (1 << 7))
+ FillDistancesPrices(p);
+ if (p->alignPriceCount >= kAlignTableSize)
+ FillAlignPrices(p);
+ }
+ if (p->matchFinder.GetNumAvailableBytes(p->matchFinderObj) == 0)
+ break;
+ processed = nowPos32 - startPos32;
+ if (useLimits)
+ {
+ if (processed + kNumOpts + 300 >= maxUnpackSize ||
+ RangeEnc_GetProcessed(&p->rc) + kNumOpts * 2 >= maxPackSize)
+ break;
+ }
+ else if (processed >= (1 << 15))
+ {
+ p->nowPos64 += nowPos32 - startPos32;
+ return CheckErrors(p);
+ }
+ }
+ }
+ p->nowPos64 += nowPos32 - startPos32;
+ return Flush(p, nowPos32);
+}
+
+#define kBigHashDicLimit ((UInt32)1 << 24)
+
+static SRes LzmaEnc_Alloc(CLzmaEnc *p, UInt32 keepWindowSize, ISzAlloc *alloc, ISzAlloc *allocBig)
+{
+ UInt32 beforeSize = kNumOpts;
+ Bool btMode;
+ if (!RangeEnc_Alloc(&p->rc, alloc))
+ return SZ_ERROR_MEM;
+ btMode = (p->matchFinderBase.btMode != 0);
+ #ifdef COMPRESS_MF_MT
+ p->mtMode = (p->multiThread && !p->fastMode && btMode);
+ #endif
+
+ {
+ unsigned lclp = p->lc + p->lp;
+ if (p->litProbs == 0 || p->saveState.litProbs == 0 || p->lclp != lclp)
+ {
+ LzmaEnc_FreeLits(p, alloc);
+ p->litProbs = (CLzmaProb *)alloc->Alloc(alloc, (0x300 << lclp) * sizeof(CLzmaProb));
+ p->saveState.litProbs = (CLzmaProb *)alloc->Alloc(alloc, (0x300 << lclp) * sizeof(CLzmaProb));
+ if (p->litProbs == 0 || p->saveState.litProbs == 0)
+ {
+ LzmaEnc_FreeLits(p, alloc);
+ return SZ_ERROR_MEM;
+ }
+ p->lclp = lclp;
+ }
+ }
+
+ p->matchFinderBase.bigHash = (p->dictSize > kBigHashDicLimit);
+
+ if (beforeSize + p->dictSize < keepWindowSize)
+ beforeSize = keepWindowSize - p->dictSize;
+
+ #ifdef COMPRESS_MF_MT
+ if (p->mtMode)
+ {
+ RINOK(MatchFinderMt_Create(&p->matchFinderMt, p->dictSize, beforeSize, p->numFastBytes, LZMA_MATCH_LEN_MAX, allocBig));
+ p->matchFinderObj = &p->matchFinderMt;
+ MatchFinderMt_CreateVTable(&p->matchFinderMt, &p->matchFinder);
+ }
+ else
+ #endif
+ {
+ if (!MatchFinder_Create(&p->matchFinderBase, p->dictSize, beforeSize, p->numFastBytes, LZMA_MATCH_LEN_MAX, allocBig))
+ return SZ_ERROR_MEM;
+ p->matchFinderObj = &p->matchFinderBase;
+ MatchFinder_CreateVTable(&p->matchFinderBase, &p->matchFinder);
+ }
+ return SZ_OK;
+}
+
+void LzmaEnc_Init(CLzmaEnc *p)
+{
+ UInt32 i;
+ p->state = 0;
+ for(i = 0 ; i < LZMA_NUM_REPS; i++)
+ p->reps[i] = 0;
+
+ RangeEnc_Init(&p->rc);
+
+
+ for (i = 0; i < kNumStates; i++)
+ {
+ UInt32 j;
+ for (j = 0; j < LZMA_NUM_PB_STATES_MAX; j++)
+ {
+ p->isMatch[i][j] = kProbInitValue;
+ p->isRep0Long[i][j] = kProbInitValue;
+ }
+ p->isRep[i] = kProbInitValue;
+ p->isRepG0[i] = kProbInitValue;
+ p->isRepG1[i] = kProbInitValue;
+ p->isRepG2[i] = kProbInitValue;
+ }
+
+ {
+ UInt32 num = 0x300 << (p->lp + p->lc);
+ for (i = 0; i < num; i++)
+ p->litProbs[i] = kProbInitValue;
+ }
+
+ {
+ for (i = 0; i < kNumLenToPosStates; i++)
+ {
+ CLzmaProb *probs = p->posSlotEncoder[i];
+ UInt32 j;
+ for (j = 0; j < (1 << kNumPosSlotBits); j++)
+ probs[j] = kProbInitValue;
+ }
+ }
+ {
+ for(i = 0; i < kNumFullDistances - kEndPosModelIndex; i++)
+ p->posEncoders[i] = kProbInitValue;
+ }
+
+ LenEnc_Init(&p->lenEnc.p);
+ LenEnc_Init(&p->repLenEnc.p);
+
+ for (i = 0; i < (1 << kNumAlignBits); i++)
+ p->posAlignEncoder[i] = kProbInitValue;
+
+ p->longestMatchWasFound = False;
+ p->optimumEndIndex = 0;
+ p->optimumCurrentIndex = 0;
+ p->additionalOffset = 0;
+
+ p->pbMask = (1 << p->pb) - 1;
+ p->lpMask = (1 << p->lp) - 1;
+}
+
+void LzmaEnc_InitPrices(CLzmaEnc *p)
+{
+ if (!p->fastMode)
+ {
+ FillDistancesPrices(p);
+ FillAlignPrices(p);
+ }
+
+ p->lenEnc.tableSize =
+ p->repLenEnc.tableSize =
+ p->numFastBytes + 1 - LZMA_MATCH_LEN_MIN;
+ LenPriceEnc_UpdateTables(&p->lenEnc, 1 << p->pb, p->ProbPrices);
+ LenPriceEnc_UpdateTables(&p->repLenEnc, 1 << p->pb, p->ProbPrices);
+}
+
+static SRes LzmaEnc_AllocAndInit(CLzmaEnc *p, UInt32 keepWindowSize, ISzAlloc *alloc, ISzAlloc *allocBig)
+{
+ UInt32 i;
+ for (i = 0; i < (UInt32)kDicLogSizeMaxCompress; i++)
+ if (p->dictSize <= ((UInt32)1 << i))
+ break;
+ p->distTableSize = i * 2;
+
+ p->finished = False;
+ p->result = SZ_OK;
+ RINOK(LzmaEnc_Alloc(p, keepWindowSize, alloc, allocBig));
+ LzmaEnc_Init(p);
+ LzmaEnc_InitPrices(p);
+ p->nowPos64 = 0;
+ return SZ_OK;
+}
+
+static SRes LzmaEnc_Prepare(CLzmaEncHandle pp, ISeqInStream *inStream, ISeqOutStream *outStream,
+ ISzAlloc *alloc, ISzAlloc *allocBig)
+{
+ CLzmaEnc *p = (CLzmaEnc *)pp;
+ p->inStream = inStream;
+ p->rc.outStream = outStream;
+ return LzmaEnc_AllocAndInit(p, 0, alloc, allocBig);
+}
+
+SRes LzmaEnc_PrepareForLzma2(CLzmaEncHandle pp,
+ ISeqInStream *inStream, UInt32 keepWindowSize,
+ ISzAlloc *alloc, ISzAlloc *allocBig)
+{
+ CLzmaEnc *p = (CLzmaEnc *)pp;
+ p->inStream = inStream;
+ return LzmaEnc_AllocAndInit(p, keepWindowSize, alloc, allocBig);
+}
+
+static void LzmaEnc_SetInputBuf(CLzmaEnc *p, const Byte *src, SizeT srcLen)
+{
+ p->seqBufInStream.funcTable.Read = MyRead;
+ p->seqBufInStream.data = src;
+ p->seqBufInStream.rem = srcLen;
+}
+
+SRes LzmaEnc_MemPrepare(CLzmaEncHandle pp, const Byte *src, SizeT srcLen,
+ UInt32 keepWindowSize, ISzAlloc *alloc, ISzAlloc *allocBig)
+{
+ CLzmaEnc *p = (CLzmaEnc *)pp;
+ LzmaEnc_SetInputBuf(p, src, srcLen);
+ p->inStream = &p->seqBufInStream.funcTable;
+ return LzmaEnc_AllocAndInit(p, keepWindowSize, alloc, allocBig);
+}
+
+void LzmaEnc_Finish(CLzmaEncHandle pp)
+{
+ #ifdef COMPRESS_MF_MT
+ CLzmaEnc *p = (CLzmaEnc *)pp;
+ if (p->mtMode)
+ MatchFinderMt_ReleaseStream(&p->matchFinderMt);
+ #else
+ (void)pp;
+ #endif
+}
+
+typedef struct _CSeqOutStreamBuf
+{
+ ISeqOutStream funcTable;
+ Byte *data;
+ SizeT rem;
+ Bool overflow;
+} CSeqOutStreamBuf;
+
+static size_t MyWrite(void *pp, const void *data, size_t size)
+{
+ CSeqOutStreamBuf *p = (CSeqOutStreamBuf *)pp;
+ if (p->rem < size)
+ {
+ size = p->rem;
+ p->overflow = True;
+ }
+ memcpy(p->data, data, size);
+ p->rem -= size;
+ p->data += size;
+ return size;
+}
+
+
+UInt32 LzmaEnc_GetNumAvailableBytes(CLzmaEncHandle pp)
+{
+ const CLzmaEnc *p = (CLzmaEnc *)pp;
+ return p->matchFinder.GetNumAvailableBytes(p->matchFinderObj);
+}
+
+const Byte *LzmaEnc_GetCurBuf(CLzmaEncHandle pp)
+{
+ const CLzmaEnc *p = (CLzmaEnc *)pp;
+ return p->matchFinder.GetPointerToCurrentPos(p->matchFinderObj) - p->additionalOffset;
+}
+
+SRes LzmaEnc_CodeOneMemBlock(CLzmaEncHandle pp, Bool reInit,
+ Byte *dest, size_t *destLen, UInt32 desiredPackSize, UInt32 *unpackSize)
+{
+ CLzmaEnc *p = (CLzmaEnc *)pp;
+ UInt64 nowPos64;
+ SRes res;
+ CSeqOutStreamBuf outStream;
+
+ outStream.funcTable.Write = MyWrite;
+ outStream.data = dest;
+ outStream.rem = *destLen;
+ outStream.overflow = False;
+
+ p->writeEndMark = False;
+ p->finished = False;
+ p->result = SZ_OK;
+
+ if (reInit)
+ LzmaEnc_Init(p);
+ LzmaEnc_InitPrices(p);
+ nowPos64 = p->nowPos64;
+ RangeEnc_Init(&p->rc);
+ p->rc.outStream = &outStream.funcTable;
+
+ res = LzmaEnc_CodeOneBlock(pp, True, desiredPackSize, *unpackSize);
+
+ *unpackSize = (UInt32)(p->nowPos64 - nowPos64);
+ *destLen -= outStream.rem;
+ if (outStream.overflow)
+ return SZ_ERROR_OUTPUT_EOF;
+
+ return res;
+}
+
+SRes LzmaEnc_Encode(CLzmaEncHandle pp, ISeqOutStream *outStream, ISeqInStream *inStream, ICompressProgress *progress,
+ ISzAlloc *alloc, ISzAlloc *allocBig)
+{
+ CLzmaEnc *p = (CLzmaEnc *)pp;
+ SRes res = SZ_OK;
+
+ #ifdef COMPRESS_MF_MT
+ Byte allocaDummy[0x300];
+ int i = 0;
+ for (i = 0; i < 16; i++)
+ allocaDummy[i] = (Byte)i;
+ #endif
+
+ RINOK(LzmaEnc_Prepare(pp, inStream, outStream, alloc, allocBig));
+
+ for (;;)
+ {
+ res = LzmaEnc_CodeOneBlock(pp, False, 0, 0);
+ if (res != SZ_OK || p->finished != 0)
+ break;
+ if (progress != 0)
+ {
+ res = progress->Progress(progress, p->nowPos64, RangeEnc_GetProcessed(&p->rc));
+ if (res != SZ_OK)
+ {
+ res = SZ_ERROR_PROGRESS;
+ break;
+ }
+ }
+ }
+ LzmaEnc_Finish(pp);
+ return res;
+}
+
+SRes LzmaEnc_WriteProperties(CLzmaEncHandle pp, Byte *props, SizeT *size)
+{
+ CLzmaEnc *p = (CLzmaEnc *)pp;
+ int i;
+ UInt32 dictSize = p->dictSize;
+ if (*size < LZMA_PROPS_SIZE)
+ return SZ_ERROR_PARAM;
+ *size = LZMA_PROPS_SIZE;
+ props[0] = (Byte)((p->pb * 5 + p->lp) * 9 + p->lc);
+
+ for (i = 11; i <= 30; i++)
+ {
+ if (dictSize <= ((UInt32)2 << i))
+ {
+ dictSize = (2 << i);
+ break;
+ }
+ if (dictSize <= ((UInt32)3 << i))
+ {
+ dictSize = (3 << i);
+ break;
+ }
+ }
+
+ for (i = 0; i < 4; i++)
+ props[1 + i] = (Byte)(dictSize >> (8 * i));
+ return SZ_OK;
+}
+
+SRes LzmaEnc_MemEncode(CLzmaEncHandle pp, Byte *dest, SizeT *destLen, const Byte *src, SizeT srcLen,
+ int writeEndMark, ICompressProgress *progress, ISzAlloc *alloc, ISzAlloc *allocBig)
+{
+ SRes res;
+ CLzmaEnc *p = (CLzmaEnc *)pp;
+
+ CSeqOutStreamBuf outStream;
+
+ LzmaEnc_SetInputBuf(p, src, srcLen);
+
+ outStream.funcTable.Write = MyWrite;
+ outStream.data = dest;
+ outStream.rem = *destLen;
+ outStream.overflow = False;
+
+ p->writeEndMark = writeEndMark;
+ res = LzmaEnc_Encode(pp, &outStream.funcTable, &p->seqBufInStream.funcTable,
+ progress, alloc, allocBig);
+
+ *destLen -= outStream.rem;
+ if (outStream.overflow)
+ return SZ_ERROR_OUTPUT_EOF;
+ return res;
+}
+
+SRes LzmaEncode(Byte *dest, SizeT *destLen, const Byte *src, SizeT srcLen,
+ const CLzmaEncProps *props, Byte *propsEncoded, SizeT *propsSize, int writeEndMark,
+ ICompressProgress *progress, ISzAlloc *alloc, ISzAlloc *allocBig)
+{
+ CLzmaEnc *p = (CLzmaEnc *)LzmaEnc_Create(alloc);
+ SRes res;
+ if (p == 0)
+ return SZ_ERROR_MEM;
+
+ res = LzmaEnc_SetProps(p, props);
+ if (res == SZ_OK)
+ {
+ res = LzmaEnc_WriteProperties(p, propsEncoded, propsSize);
+ if (res == SZ_OK)
+ res = LzmaEnc_MemEncode(p, dest, destLen, src, srcLen,
+ writeEndMark, progress, alloc, allocBig);
+ }
+
+ LzmaEnc_Destroy(p, alloc, allocBig);
+ return res;
+}
diff --git a/grub-core/lib/arg.c b/grub-core/lib/arg.c
new file mode 100644
index 0000000..75b1dd5
--- /dev/null
+++ b/grub-core/lib/arg.c
@@ -0,0 +1,478 @@
+/* arg.c - argument parser */
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2003,2004,2005,2007,2008 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/misc.h>
+#include <grub/mm.h>
+#include <grub/err.h>
+#include <grub/term.h>
+#include <grub/extcmd.h>
+#include <grub/i18n.h>
+
+/* Built-in parser for default options. */
+#define SHORT_ARG_HELP -100
+#define SHORT_ARG_USAGE -101
+
+static const struct grub_arg_option help_options[] =
+ {
+ {"help", SHORT_ARG_HELP, 0,
+ N_("Display this help and exit."), 0, ARG_TYPE_NONE},
+ {"usage", SHORT_ARG_USAGE, 0,
+ N_("Display the usage of this command and exit."), 0, ARG_TYPE_NONE},
+ {0, 0, 0, 0, 0, 0}
+ };
+
+static struct grub_arg_option *
+find_short (const struct grub_arg_option *options, char c)
+{
+ struct grub_arg_option *found = 0;
+ auto struct grub_arg_option *fnd_short (const struct grub_arg_option *opt);
+
+ struct grub_arg_option *fnd_short (const struct grub_arg_option *opt)
+ {
+ while (opt->doc)
+ {
+ if (opt->shortarg == c)
+ return (struct grub_arg_option *) opt;
+ opt++;
+ }
+ return 0;
+ }
+
+ if (options)
+ found = fnd_short (options);
+
+ if (! found)
+ {
+ switch (c)
+ {
+ case 'h':
+ found = (struct grub_arg_option *) help_options;
+ break;
+
+ case 'u':
+ found = (struct grub_arg_option *) (help_options + 1);
+ break;
+
+ default:
+ break;
+ }
+ }
+
+ return found;
+}
+
+static struct grub_arg_option *
+find_long (const struct grub_arg_option *options, const char *s, int len)
+{
+ struct grub_arg_option *found = 0;
+ auto struct grub_arg_option *fnd_long (const struct grub_arg_option *opt);
+
+ struct grub_arg_option *fnd_long (const struct grub_arg_option *opt)
+ {
+ while (opt->doc)
+ {
+ if (opt->longarg && ! grub_strncmp (opt->longarg, s, len) &&
+ opt->longarg[len] == '\0')
+ return (struct grub_arg_option *) opt;
+ opt++;
+ }
+ return 0;
+ }
+
+ if (options)
+ found = fnd_long (options);
+
+ if (! found)
+ found = fnd_long (help_options);
+
+ return found;
+}
+
+static void
+show_usage (grub_extcmd_t cmd)
+{
+ grub_printf ("%s %s %s\n", _("Usage:"), cmd->cmd->name, _(cmd->cmd->summary));
+}
+
+void
+grub_arg_show_help (grub_extcmd_t cmd)
+{
+ auto void showargs (const struct grub_arg_option *opt);
+ int h_is_used = 0;
+ int u_is_used = 0;
+
+ auto void showargs (const struct grub_arg_option *opt)
+ {
+ for (; opt->doc; opt++)
+ {
+ int spacing = 20;
+
+ if (opt->shortarg && grub_isgraph (opt->shortarg))
+ grub_printf ("-%c%c ", opt->shortarg, opt->longarg ? ',':' ');
+ else if (opt->shortarg == SHORT_ARG_HELP && ! h_is_used)
+ grub_printf ("-h, ");
+ else if (opt->shortarg == SHORT_ARG_USAGE && ! u_is_used)
+ grub_printf ("-u, ");
+ else
+ grub_printf (" ");
+
+ if (opt->longarg)
+ {
+ grub_printf ("--%s", opt->longarg);
+ spacing -= grub_strlen (opt->longarg) + 2;
+
+ if (opt->arg)
+ {
+ grub_printf ("=%s", opt->arg);
+ spacing -= grub_strlen (opt->arg) + 1;
+ }
+ }
+
+ if (spacing < 0)
+ spacing = 3;
+
+ while (spacing--)
+ grub_xputs (" ");
+
+ grub_printf ("%s\n", _(opt->doc));
+
+ switch (opt->shortarg)
+ {
+ case 'h':
+ h_is_used = 1;
+ break;
+
+ case 'u':
+ u_is_used = 1;
+ break;
+
+ default:
+ break;
+ }
+ }
+ }
+
+ show_usage (cmd);
+ grub_printf ("%s\n\n", _(cmd->cmd->description));
+ if (cmd->options)
+ showargs (cmd->options);
+ showargs (help_options);
+#if 0
+ grub_printf ("\nReport bugs to <%s>.\n", PACKAGE_BUGREPORT);
+#endif
+}
+
+
+static int
+parse_option (grub_extcmd_t cmd, int key, char *arg, struct grub_arg_list *usr)
+{
+ switch (key)
+ {
+ case SHORT_ARG_HELP:
+ grub_arg_show_help (cmd);
+ return -1;
+
+ case SHORT_ARG_USAGE:
+ show_usage (cmd);
+ return -1;
+
+ default:
+ {
+ int found = -1;
+ int i = 0;
+ const struct grub_arg_option *opt = cmd->options;
+
+ while (opt->doc)
+ {
+ if (opt->shortarg && key == opt->shortarg)
+ {
+ found = i;
+ break;
+ }
+ opt++;
+ i++;
+ }
+
+ if (found == -1)
+ return -1;
+
+ if (opt->flags & GRUB_ARG_OPTION_REPEATABLE)
+ {
+ usr[found].args[usr[found].set++] = arg;
+ usr[found].args[usr[found].set] = NULL;
+ }
+ else
+ {
+ usr[found].set = 1;
+ usr[found].arg = arg;
+ }
+ }
+ }
+
+ return 0;
+}
+
+int
+grub_arg_parse (grub_extcmd_t cmd, int argc, char **argv,
+ struct grub_arg_list *usr, char ***args, int *argnum)
+{
+ int curarg;
+ int arglen;
+ char **argl = 0;
+ int num = 0;
+ auto grub_err_t add_arg (char *s);
+
+ grub_err_t add_arg (char *s)
+ {
+ char **p = argl;
+ argl = grub_realloc (argl, (++num + 1) * sizeof (char *));
+ if (! argl)
+ {
+ grub_free (p);
+ return grub_errno;
+ }
+ argl[num - 1] = s;
+ argl[num] = NULL;
+ return 0;
+ }
+
+
+ for (curarg = 0; curarg < argc; curarg++)
+ {
+ char *arg = argv[curarg];
+ struct grub_arg_option *opt;
+ char *option = 0;
+
+ /* No option is used. */
+ if ((num && (cmd->cmd->flags & GRUB_COMMAND_OPTIONS_AT_START))
+ || arg[0] != '-' || grub_strlen (arg) == 1)
+ {
+ if (add_arg (arg) != 0)
+ goto fail;
+
+ continue;
+ }
+
+ /* One or more short options. */
+ if (arg[1] != '-')
+ {
+ char *curshort;
+
+ if (cmd->cmd->flags & GRUB_COMMAND_ACCEPT_DASH)
+ {
+ for (curshort = arg + 1; *curshort; curshort++)
+ if (!find_short (cmd->options, *curshort))
+ break;
+
+ if (*curshort)
+ {
+ if (add_arg (arg) != 0)
+ goto fail;
+ continue;
+ }
+ }
+
+ curshort = arg + 1;
+
+ while (1)
+ {
+ opt = find_short (cmd->options, *curshort);
+
+ if (! opt)
+ {
+ grub_error (GRUB_ERR_BAD_ARGUMENT,
+ "unknown argument `-%c'", *curshort);
+ goto fail;
+ }
+
+ curshort++;
+
+ /* Parse all arguments here except the last one because
+ it can have an argument value. */
+ if (*curshort)
+ {
+ if (parse_option (cmd, opt->shortarg, 0, usr) || grub_errno)
+ goto fail;
+ }
+ else
+ {
+ if (opt->type != ARG_TYPE_NONE)
+ {
+ if (curarg + 1 < argc)
+ {
+ char *nextarg = argv[curarg + 1];
+ if (!(opt->flags & GRUB_ARG_OPTION_OPTIONAL)
+ || (grub_strlen (nextarg) < 2 || nextarg[0] != '-'))
+ option = argv[++curarg];
+ }
+ }
+ break;
+ }
+ }
+
+ }
+ else /* The argument starts with "--". */
+ {
+ /* If the argument "--" is used just pass the other
+ arguments. */
+ if (grub_strlen (arg) == 2)
+ {
+ for (curarg++; curarg < argc; curarg++)
+ if (add_arg (argv[curarg]) != 0)
+ goto fail;
+ break;
+ }
+
+ option = grub_strchr (arg, '=');
+ if (option)
+ {
+ arglen = option - arg - 2;
+ option++;
+ }
+ else
+ arglen = grub_strlen (arg) - 2;
+
+ opt = find_long (cmd->options, arg + 2, arglen);
+
+ if (!option && argv[curarg + 1] && argv[curarg + 1][0] != '-'
+ && opt->type != ARG_TYPE_NONE)
+ option = argv[++curarg];
+
+ if (!opt && (cmd->cmd->flags & GRUB_COMMAND_ACCEPT_DASH))
+ {
+ if (add_arg (arg) != 0)
+ goto fail;
+ continue;
+ }
+
+ if (! opt)
+ {
+ grub_error (GRUB_ERR_BAD_ARGUMENT, "unknown argument `%s'", arg);
+ goto fail;
+ }
+ }
+
+ if (! (opt->type == ARG_TYPE_NONE
+ || (! option && (opt->flags & GRUB_ARG_OPTION_OPTIONAL))))
+ {
+ if (! option)
+ {
+ grub_error (GRUB_ERR_BAD_ARGUMENT,
+ "missing mandatory option for `%s'", opt->longarg);
+ goto fail;
+ }
+
+ switch (opt->type)
+ {
+ case ARG_TYPE_NONE:
+ /* This will never happen. */
+ break;
+
+ case ARG_TYPE_STRING:
+ /* No need to do anything. */
+ break;
+
+ case ARG_TYPE_INT:
+ {
+ char *tail;
+
+ grub_strtoull (option, &tail, 0);
+ if (tail == 0 || tail == option || *tail != '\0' || grub_errno)
+ {
+ grub_error (GRUB_ERR_BAD_ARGUMENT,
+ "the argument `%s' requires an integer",
+ arg);
+
+ goto fail;
+ }
+ break;
+ }
+
+ case ARG_TYPE_DEVICE:
+ case ARG_TYPE_DIR:
+ case ARG_TYPE_FILE:
+ case ARG_TYPE_PATHNAME:
+ /* XXX: Not implemented. */
+ break;
+ }
+ if (parse_option (cmd, opt->shortarg, option, usr) || grub_errno)
+ goto fail;
+ }
+ else
+ {
+ if (option)
+ {
+ grub_error (GRUB_ERR_BAD_ARGUMENT,
+ "a value was assigned to the argument `%s' while it "
+ "doesn't require an argument", arg);
+ goto fail;
+ }
+
+ if (parse_option (cmd, opt->shortarg, 0, usr) || grub_errno)
+ goto fail;
+ }
+ }
+
+ *args = argl;
+ *argnum = num;
+ return 1;
+
+ fail:
+ return 0;
+}
+
+struct grub_arg_list*
+grub_arg_list_alloc(grub_extcmd_t extcmd, int argc,
+ char **argv __attribute__((unused)))
+{
+ int i;
+ char **args;
+ unsigned argcnt;
+ struct grub_arg_list *list;
+ const struct grub_arg_option *options;
+
+ options = extcmd->options;
+ if (! options)
+ return 0;
+
+ argcnt = 0;
+ for (i = 0; options[i].doc; i++)
+ {
+ if (options[i].flags & GRUB_ARG_OPTION_REPEATABLE)
+ argcnt += (argc + 1) / 2 + 1; /* max possible for any option */
+ }
+
+ list = grub_zalloc (sizeof (*list) * i + sizeof (char*) * argcnt);
+ if (! list)
+ return 0;
+
+ args = (char**) (list + i);
+ for (i = 0; options[i].doc; i++)
+ {
+ list[i].set = 0;
+ list[i].arg = 0;
+
+ if (options[i].flags & GRUB_ARG_OPTION_REPEATABLE)
+ {
+ list[i].args = args;
+ args += argc / 2 + 1;
+ }
+ }
+ return list;
+}
diff --git a/grub-core/lib/cmdline.c b/grub-core/lib/cmdline.c
new file mode 100644
index 0000000..a702e64
--- /dev/null
+++ b/grub-core/lib/cmdline.c
@@ -0,0 +1,105 @@
+/* cmdline.c - linux command line handling */
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2010 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/lib/cmdline.h>
+#include <grub/misc.h>
+
+static unsigned int check_arg (char *c, int *has_space)
+{
+ int space = 0;
+ unsigned int size = 0;
+
+ while (*c)
+ {
+ if (*c == '\\' || *c == '\'' || *c == '"')
+ size++;
+ else if (*c == ' ')
+ space = 1;
+
+ size++;
+ c++;
+ }
+
+ if (space)
+ size += 2;
+
+ if (has_space)
+ *has_space = space;
+
+ return size;
+}
+
+unsigned int grub_loader_cmdline_size (int argc, char *argv[])
+{
+ int i;
+ unsigned int size = 0;
+
+ for (i = 0; i < argc; i++)
+ {
+ size += check_arg (argv[i], 0);
+ size++; /* Separator space or NULL. */
+ }
+
+ return size;
+}
+
+int grub_create_loader_cmdline (int argc, char *argv[], char *buf,
+ grub_size_t size)
+{
+ int i, space;
+ unsigned int arg_size;
+ char *c;
+
+ for (i = 0; i < argc; i++)
+ {
+ c = argv[i];
+ arg_size = check_arg(argv[i], &space);
+ arg_size++; /* Separator space or NULL. */
+
+ if (size < arg_size)
+ break;
+
+ size -= arg_size;
+
+ if (space)
+ *buf++ = '"';
+
+ while (*c)
+ {
+ if (*c == '\\' || *c == '\'' || *c == '"')
+ *buf++ = '\\';
+
+ *buf++ = *c;
+ c++;
+ }
+
+ if (space)
+ *buf++ = '"';
+
+ *buf++ = ' ';
+ }
+
+ /* Replace last space with null. */
+ if (i)
+ buf--;
+
+ *buf = 0;
+
+ return i;
+}
diff --git a/grub-core/lib/cmos_datetime.c b/grub-core/lib/cmos_datetime.c
new file mode 100644
index 0000000..73c5a03
--- /dev/null
+++ b/grub-core/lib/cmos_datetime.c
@@ -0,0 +1,158 @@
+/* kern/cmos_datetime.c - CMOS datetime function.
+ *
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2008,2009 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/datetime.h>
+#include <grub/cmos.h>
+#include <grub/dl.h>
+
+GRUB_MOD_LICENSE ("GPLv3+");
+
+grub_err_t
+grub_get_datetime (struct grub_datetime *datetime)
+{
+ int is_bcd, is_12hour;
+ grub_uint8_t value, flag;
+
+ flag = grub_cmos_read (GRUB_CMOS_INDEX_STATUS_B);
+
+ is_bcd = ! (flag & GRUB_CMOS_STATUS_B_BINARY);
+
+ value = grub_cmos_read (GRUB_CMOS_INDEX_YEAR);
+ if (is_bcd)
+ value = grub_bcd_to_num (value);
+
+ datetime->year = value;
+ datetime->year += (value < 80) ? 2000 : 1900;
+
+ value = grub_cmos_read (GRUB_CMOS_INDEX_MONTH);
+ if (is_bcd)
+ value = grub_bcd_to_num (value);
+
+ datetime->month = value;
+
+ value = grub_cmos_read (GRUB_CMOS_INDEX_DAY_OF_MONTH);
+ if (is_bcd)
+ value = grub_bcd_to_num (value);
+
+ datetime->day = value;
+
+ is_12hour = ! (flag & GRUB_CMOS_STATUS_B_24HOUR);
+
+ value = grub_cmos_read (GRUB_CMOS_INDEX_HOUR);
+ if (is_12hour)
+ {
+ is_12hour = (value & 0x80);
+
+ value &= 0x7F;
+ value--;
+ }
+
+ if (is_bcd)
+ value = grub_bcd_to_num (value);
+
+ if (is_12hour)
+ value += 12;
+
+ datetime->hour = value;
+
+ value = grub_cmos_read (GRUB_CMOS_INDEX_MINUTE);
+ if (is_bcd)
+ value = grub_bcd_to_num (value);
+
+ datetime->minute = value;
+
+ value = grub_cmos_read (GRUB_CMOS_INDEX_SECOND);
+ if (is_bcd)
+ value = grub_bcd_to_num (value);
+
+ datetime->second = value;
+
+ return 0;
+}
+
+grub_err_t
+grub_set_datetime (struct grub_datetime *datetime)
+{
+ int is_bcd, is_12hour;
+ grub_uint8_t value, flag;
+
+ flag = grub_cmos_read (GRUB_CMOS_INDEX_STATUS_B);
+
+ is_bcd = ! (flag & GRUB_CMOS_STATUS_B_BINARY);
+
+ value = ((datetime->year >= 2000) ? datetime->year - 2000 :
+ datetime->year - 1900);
+
+ if (is_bcd)
+ value = grub_num_to_bcd (value);
+
+ grub_cmos_write (GRUB_CMOS_INDEX_YEAR, value);
+
+ value = datetime->month;
+
+ if (is_bcd)
+ value = grub_num_to_bcd (value);
+
+ grub_cmos_write (GRUB_CMOS_INDEX_MONTH, value);
+
+ value = datetime->day;
+
+ if (is_bcd)
+ value = grub_num_to_bcd (value);
+
+ grub_cmos_write (GRUB_CMOS_INDEX_DAY_OF_MONTH, value);
+
+ value = datetime->hour;
+
+ is_12hour = (! (flag & GRUB_CMOS_STATUS_B_24HOUR));
+
+ if (is_12hour)
+ {
+ value++;
+
+ if (value > 12)
+ value -= 12;
+ else
+ is_12hour = 0;
+ }
+
+ if (is_bcd)
+ value = grub_num_to_bcd (value);
+
+ if (is_12hour)
+ value |= 0x80;
+
+ grub_cmos_write (GRUB_CMOS_INDEX_HOUR, value);
+
+ value = datetime->minute;
+
+ if (is_bcd)
+ value = grub_num_to_bcd (value);
+
+ grub_cmos_write (GRUB_CMOS_INDEX_MINUTE, value);
+
+ value = datetime->second;
+
+ if (is_bcd)
+ value = grub_num_to_bcd (value);
+
+ grub_cmos_write (GRUB_CMOS_INDEX_SECOND, value);
+
+ return 0;
+}
diff --git a/grub-core/lib/crc.c b/grub-core/lib/crc.c
new file mode 100644
index 0000000..ffc3ef3
--- /dev/null
+++ b/grub-core/lib/crc.c
@@ -0,0 +1,75 @@
+/* crc.c - crc function */
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2008 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/types.h>
+#include <grub/lib/crc.h>
+
+static grub_uint32_t crc32c_table [256];
+
+static void
+init_crc32c_table (void)
+{
+ auto grub_uint32_t reflect (grub_uint32_t ref, int len);
+ grub_uint32_t reflect (grub_uint32_t ref, int len)
+ {
+ grub_uint32_t result = 0;
+ int i;
+
+ for (i = 1; i <= len; i++)
+ {
+ if (ref & 1)
+ result |= 1 << (len - i);
+ ref >>= 1;
+ }
+
+ return result;
+ }
+
+ grub_uint32_t polynomial = 0x1edc6f41;
+ int i, j;
+
+ for(i = 0; i < 256; i++)
+ {
+ crc32c_table[i] = reflect(i, 8) << 24;
+ for (j = 0; j < 8; j++)
+ crc32c_table[i] = (crc32c_table[i] << 1) ^
+ (crc32c_table[i] & (1 << 31) ? polynomial : 0);
+ crc32c_table[i] = reflect(crc32c_table[i], 32);
+ }
+}
+
+grub_uint32_t
+grub_getcrc32c (grub_uint32_t crc, const void *buf, int size)
+{
+ int i;
+ const grub_uint8_t *data = buf;
+
+ if (! crc32c_table[1])
+ init_crc32c_table ();
+
+ crc^= 0xffffffff;
+
+ for (i = 0; i < size; i++)
+ {
+ crc = (crc >> 8) ^ crc32c_table[(crc & 0xFF) ^ *data];
+ data++;
+ }
+
+ return crc ^ 0xffffffff;
+}
diff --git a/grub-core/lib/crypto.c b/grub-core/lib/crypto.c
new file mode 100644
index 0000000..ad1bfc4
--- /dev/null
+++ b/grub-core/lib/crypto.c
@@ -0,0 +1,456 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2006
+ * 2007, 2008, 2009 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/crypto.h>
+#include <grub/misc.h>
+#include <grub/mm.h>
+#include <grub/term.h>
+#include <grub/dl.h>
+
+GRUB_MOD_LICENSE ("GPLv3+");
+
+struct grub_crypto_hmac_handle
+{
+ const struct gcry_md_spec *md;
+ void *ctx;
+ void *opad;
+};
+
+static gcry_cipher_spec_t *grub_ciphers = NULL;
+static gcry_md_spec_t *grub_digests = NULL;
+
+void (*grub_crypto_autoload_hook) (const char *name) = NULL;
+
+/* Based on libgcrypt-1.4.4/src/misc.c. */
+void
+grub_burn_stack (grub_size_t size)
+{
+ char buf[64];
+
+ grub_memset (buf, 0, sizeof (buf));
+ if (size > sizeof (buf))
+ grub_burn_stack (size - sizeof (buf));
+}
+
+
+void
+grub_cipher_register (gcry_cipher_spec_t *cipher)
+{
+ cipher->next = grub_ciphers;
+ grub_ciphers = cipher;
+}
+
+void
+grub_cipher_unregister (gcry_cipher_spec_t *cipher)
+{
+ gcry_cipher_spec_t **ciph;
+ for (ciph = &grub_ciphers; *ciph; ciph = &((*ciph)->next))
+ if (*ciph == cipher)
+ {
+ *ciph = (*ciph)->next;
+ break;
+ }
+}
+
+void
+grub_md_register (gcry_md_spec_t *digest)
+{
+ digest->next = grub_digests;
+ grub_digests = digest;
+}
+
+void
+grub_md_unregister (gcry_md_spec_t *cipher)
+{
+ gcry_md_spec_t **ciph;
+ for (ciph = &grub_digests; *ciph; ciph = &((*ciph)->next))
+ if (*ciph == cipher)
+ {
+ *ciph = (*ciph)->next;
+ break;
+ }
+}
+
+void
+grub_crypto_hash (const gcry_md_spec_t *hash, void *out, const void *in,
+ grub_size_t inlen)
+{
+ grub_uint8_t ctx[hash->contextsize];
+ hash->init (&ctx);
+ hash->write (&ctx, in, inlen);
+ hash->final (&ctx);
+ grub_memcpy (out, hash->read (&ctx), hash->mdlen);
+}
+
+const gcry_md_spec_t *
+grub_crypto_lookup_md_by_name (const char *name)
+{
+ const gcry_md_spec_t *md;
+ int first = 1;
+ while (1)
+ {
+ for (md = grub_digests; md; md = md->next)
+ if (grub_strcasecmp (name, md->name) == 0)
+ return md;
+ if (grub_crypto_autoload_hook && first)
+ grub_crypto_autoload_hook (name);
+ else
+ return NULL;
+ first = 0;
+ }
+}
+
+const gcry_cipher_spec_t *
+grub_crypto_lookup_cipher_by_name (const char *name)
+{
+ const gcry_cipher_spec_t *ciph;
+ int first = 1;
+ while (1)
+ {
+ for (ciph = grub_ciphers; ciph; ciph = ciph->next)
+ {
+ const char **alias;
+ if (grub_strcasecmp (name, ciph->name) == 0)
+ return ciph;
+ if (!ciph->aliases)
+ continue;
+ for (alias = ciph->aliases; *alias; alias++)
+ if (grub_strcasecmp (name, *alias) == 0)
+ return ciph;
+ }
+ if (grub_crypto_autoload_hook && first)
+ grub_crypto_autoload_hook (name);
+ else
+ return NULL;
+ first = 0;
+ }
+}
+
+
+grub_crypto_cipher_handle_t
+grub_crypto_cipher_open (const struct gcry_cipher_spec *cipher)
+{
+ grub_crypto_cipher_handle_t ret;
+ ret = grub_malloc (sizeof (*ret) + cipher->contextsize);
+ if (!ret)
+ return NULL;
+ ret->cipher = cipher;
+ return ret;
+}
+
+gcry_err_code_t
+grub_crypto_cipher_set_key (grub_crypto_cipher_handle_t cipher,
+ const unsigned char *key,
+ unsigned keylen)
+{
+ return cipher->cipher->setkey (cipher->ctx, key, keylen);
+}
+
+
+void
+grub_crypto_cipher_close (grub_crypto_cipher_handle_t cipher)
+{
+ grub_free (cipher);
+}
+
+
+void
+grub_crypto_xor (void *out, const void *in1, const void *in2, grub_size_t size)
+{
+ const grub_uint8_t *in1ptr = in1, *in2ptr = in2;
+ grub_uint8_t *outptr = out;
+ while (size--)
+ {
+ *outptr = *in1ptr ^ *in2ptr;
+ in1ptr++;
+ in2ptr++;
+ outptr++;
+ }
+}
+
+gcry_err_code_t
+grub_crypto_ecb_decrypt (grub_crypto_cipher_handle_t cipher,
+ void *out, void *in, grub_size_t size)
+{
+ grub_uint8_t *inptr, *outptr, *end;
+ if (!cipher->cipher->decrypt)
+ return GPG_ERR_NOT_SUPPORTED;
+ if (size % cipher->cipher->blocksize != 0)
+ return GPG_ERR_INV_ARG;
+ end = (grub_uint8_t *) in + size;
+ for (inptr = in, outptr = out; inptr < end;
+ inptr += cipher->cipher->blocksize, outptr += cipher->cipher->blocksize)
+ cipher->cipher->decrypt (cipher->ctx, outptr, inptr);
+ return GPG_ERR_NO_ERROR;
+}
+
+gcry_err_code_t
+grub_crypto_ecb_encrypt (grub_crypto_cipher_handle_t cipher,
+ void *out, void *in, grub_size_t size)
+{
+ grub_uint8_t *inptr, *outptr, *end;
+ if (!cipher->cipher->encrypt)
+ return GPG_ERR_NOT_SUPPORTED;
+ if (size % cipher->cipher->blocksize != 0)
+ return GPG_ERR_INV_ARG;
+ end = (grub_uint8_t *) in + size;
+ for (inptr = in, outptr = out; inptr < end;
+ inptr += cipher->cipher->blocksize, outptr += cipher->cipher->blocksize)
+ cipher->cipher->encrypt (cipher->ctx, outptr, inptr);
+ return GPG_ERR_NO_ERROR;
+}
+
+gcry_err_code_t
+grub_crypto_cbc_encrypt (grub_crypto_cipher_handle_t cipher,
+ void *out, void *in, grub_size_t size,
+ void *iv_in)
+{
+ grub_uint8_t *inptr, *outptr, *end;
+ void *iv;
+ if (!cipher->cipher->decrypt)
+ return GPG_ERR_NOT_SUPPORTED;
+ if (size % cipher->cipher->blocksize != 0)
+ return GPG_ERR_INV_ARG;
+ end = (grub_uint8_t *) in + size;
+ iv = iv_in;
+ for (inptr = in, outptr = out; inptr < end;
+ inptr += cipher->cipher->blocksize, outptr += cipher->cipher->blocksize)
+ {
+ grub_crypto_xor (outptr, inptr, iv, cipher->cipher->blocksize);
+ cipher->cipher->encrypt (cipher->ctx, outptr, outptr);
+ iv = outptr;
+ }
+ grub_memcpy (iv_in, iv, cipher->cipher->blocksize);
+ return GPG_ERR_NO_ERROR;
+}
+
+gcry_err_code_t
+grub_crypto_cbc_decrypt (grub_crypto_cipher_handle_t cipher,
+ void *out, void *in, grub_size_t size,
+ void *iv)
+{
+ grub_uint8_t *inptr, *outptr, *end;
+ grub_uint8_t ivt[cipher->cipher->blocksize];
+ if (!cipher->cipher->decrypt)
+ return GPG_ERR_NOT_SUPPORTED;
+ if (size % cipher->cipher->blocksize != 0)
+ return GPG_ERR_INV_ARG;
+ end = (grub_uint8_t *) in + size;
+ for (inptr = in, outptr = out; inptr < end;
+ inptr += cipher->cipher->blocksize, outptr += cipher->cipher->blocksize)
+ {
+ grub_memcpy (ivt, inptr, cipher->cipher->blocksize);
+ cipher->cipher->decrypt (cipher->ctx, outptr, inptr);
+ grub_crypto_xor (outptr, outptr, iv, cipher->cipher->blocksize);
+ grub_memcpy (iv, ivt, cipher->cipher->blocksize);
+ }
+ return GPG_ERR_NO_ERROR;
+}
+
+/* Based on gcry/cipher/md.c. */
+struct grub_crypto_hmac_handle *
+grub_crypto_hmac_init (const struct gcry_md_spec *md,
+ const void *key, grub_size_t keylen)
+{
+ grub_uint8_t *helpkey = NULL;
+ grub_uint8_t *ipad = NULL, *opad = NULL;
+ void *ctx = NULL;
+ struct grub_crypto_hmac_handle *ret = NULL;
+ unsigned i;
+
+ if (md->mdlen > md->blocksize)
+ return NULL;
+
+ ctx = grub_malloc (md->contextsize);
+ if (!ctx)
+ goto err;
+
+ if ( keylen > md->blocksize )
+ {
+ helpkey = grub_malloc (md->mdlen);
+ if (!helpkey)
+ goto err;
+ grub_crypto_hash (md, helpkey, key, keylen);
+
+ key = helpkey;
+ keylen = md->mdlen;
+ }
+
+ ipad = grub_zalloc (md->blocksize);
+ if (!ipad)
+ goto err;
+
+ opad = grub_zalloc (md->blocksize);
+ if (!opad)
+ goto err;
+
+ grub_memcpy ( ipad, key, keylen );
+ grub_memcpy ( opad, key, keylen );
+ for (i=0; i < md->blocksize; i++ )
+ {
+ ipad[i] ^= 0x36;
+ opad[i] ^= 0x5c;
+ }
+ grub_free (helpkey);
+ helpkey = NULL;
+
+ md->init (ctx);
+
+ md->write (ctx, ipad, md->blocksize); /* inner pad */
+ grub_memset (ipad, 0, md->blocksize);
+ grub_free (ipad);
+ ipad = NULL;
+
+ ret = grub_malloc (sizeof (*ret));
+ if (!ret)
+ goto err;
+
+ ret->md = md;
+ ret->ctx = ctx;
+ ret->opad = opad;
+
+ return ret;
+
+ err:
+ grub_free (helpkey);
+ grub_free (ctx);
+ grub_free (ipad);
+ grub_free (opad);
+ return NULL;
+}
+
+void
+grub_crypto_hmac_write (struct grub_crypto_hmac_handle *hnd, void *data,
+ grub_size_t datalen)
+{
+ hnd->md->write (hnd->ctx, data, datalen);
+}
+
+gcry_err_code_t
+grub_crypto_hmac_fini (struct grub_crypto_hmac_handle *hnd, void *out)
+{
+ grub_uint8_t *p;
+ grub_uint8_t *ctx2;
+
+ ctx2 = grub_malloc (hnd->md->contextsize);
+ if (!ctx2)
+ return GPG_ERR_OUT_OF_MEMORY;
+
+ hnd->md->final (hnd->ctx);
+ hnd->md->read (hnd->ctx);
+ p = hnd->md->read (hnd->ctx);
+
+ hnd->md->init (ctx2);
+ hnd->md->write (ctx2, hnd->opad, hnd->md->blocksize);
+ hnd->md->write (ctx2, p, hnd->md->mdlen);
+ hnd->md->final (ctx2);
+ grub_memset (hnd->opad, 0, hnd->md->blocksize);
+ grub_free (hnd->opad);
+ grub_memset (hnd->ctx, 0, hnd->md->contextsize);
+ grub_free (hnd->ctx);
+
+ grub_memcpy (out, hnd->md->read (ctx2), hnd->md->mdlen);
+ grub_memset (ctx2, 0, hnd->md->contextsize);
+ grub_free (ctx2);
+
+ grub_memset (hnd, 0, sizeof (*hnd));
+ grub_free (hnd);
+
+ return GPG_ERR_NO_ERROR;
+}
+
+gcry_err_code_t
+grub_crypto_hmac_buffer (const struct gcry_md_spec *md,
+ const void *key, grub_size_t keylen,
+ void *data, grub_size_t datalen, void *out)
+{
+ struct grub_crypto_hmac_handle *hnd;
+
+ hnd = grub_crypto_hmac_init (md, key, keylen);
+ if (!hnd)
+ return GPG_ERR_OUT_OF_MEMORY;
+
+ grub_crypto_hmac_write (hnd, data, datalen);
+ return grub_crypto_hmac_fini (hnd, out);
+}
+
+
+grub_err_t
+grub_crypto_gcry_error (gcry_err_code_t in)
+{
+ if (in == GPG_ERR_NO_ERROR)
+ return GRUB_ERR_NONE;
+ return GRUB_ACCESS_DENIED;
+}
+
+int
+grub_crypto_memcmp (const void *a, const void *b, grub_size_t n)
+{
+ register grub_size_t counter = 0;
+ const grub_uint8_t *pa, *pb;
+
+ for (pa = a, pb = b; n; pa++, pb++, n--)
+ {
+ if (*pa != *pb)
+ counter++;
+ }
+
+ return !!counter;
+}
+
+#ifndef GRUB_MKPASSWD
+int
+grub_password_get (char buf[], unsigned buf_size)
+{
+ unsigned cur_len = 0;
+ int key;
+
+ while (1)
+ {
+ key = grub_getkey ();
+ if (key == '\n' || key == '\r')
+ break;
+
+ if (key == '\e')
+ {
+ cur_len = 0;
+ break;
+ }
+
+ if (key == '\b')
+ {
+ cur_len--;
+ continue;
+ }
+
+ if (!grub_isprint (key))
+ continue;
+
+ if (cur_len + 2 < buf_size)
+ buf[cur_len++] = key;
+ }
+
+ grub_memset (buf + cur_len, 0, buf_size - cur_len);
+
+ grub_xputs ("\n");
+ grub_refresh ();
+
+ return (key != '\e');
+}
+#endif
diff --git a/grub-core/lib/efi/datetime.c b/grub-core/lib/efi/datetime.c
new file mode 100644
index 0000000..0fd1b5f
--- /dev/null
+++ b/grub-core/lib/efi/datetime.c
@@ -0,0 +1,82 @@
+/* kern/efi/datetime.c - efi datetime function.
+ *
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2008 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/types.h>
+#include <grub/symbol.h>
+#include <grub/efi/api.h>
+#include <grub/efi/efi.h>
+#include <grub/datetime.h>
+#include <grub/dl.h>
+
+GRUB_MOD_LICENSE ("GPLv3+");
+
+grub_err_t
+grub_get_datetime (struct grub_datetime *datetime)
+{
+ grub_efi_status_t status;
+ struct grub_efi_time efi_time;
+
+ status = efi_call_2 (grub_efi_system_table->runtime_services->get_time,
+ &efi_time, 0);
+
+ if (status)
+ return grub_error (GRUB_ERR_INVALID_COMMAND,
+ "can\'t get datetime using efi");
+ else
+ {
+ datetime->year = efi_time.year;
+ datetime->month = efi_time.month;
+ datetime->day = efi_time.day;
+ datetime->hour = efi_time.hour;
+ datetime->minute = efi_time.minute;
+ datetime->second = efi_time.second;
+ }
+
+ return 0;
+}
+
+grub_err_t
+grub_set_datetime (struct grub_datetime *datetime)
+{
+ grub_efi_status_t status;
+ struct grub_efi_time efi_time;
+
+ status = efi_call_2 (grub_efi_system_table->runtime_services->get_time,
+ &efi_time, 0);
+
+ if (status)
+ return grub_error (GRUB_ERR_INVALID_COMMAND,
+ "can\'t get datetime using efi");
+
+ efi_time.year = datetime->year;
+ efi_time.month = datetime->month;
+ efi_time.day = datetime->day;
+ efi_time.hour = datetime->hour;
+ efi_time.minute = datetime->minute;
+ efi_time.second = datetime->second;
+
+ status = efi_call_1 (grub_efi_system_table->runtime_services->set_time,
+ &efi_time);
+
+ if (status)
+ return grub_error (GRUB_ERR_INVALID_COMMAND,
+ "can\'t set datetime using efi");
+
+ return 0;
+}
diff --git a/grub-core/lib/efi/halt.c b/grub-core/lib/efi/halt.c
new file mode 100644
index 0000000..c195368
--- /dev/null
+++ b/grub-core/lib/efi/halt.c
@@ -0,0 +1,36 @@
+/* efi.c - generic EFI support */
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2006,2007,2008,2009,2010 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/efi/api.h>
+#include <grub/efi/efi.h>
+#include <grub/misc.h>
+#include <grub/mm.h>
+#include <grub/kernel.h>
+#include <grub/acpi.h>
+
+void
+grub_halt (void)
+{
+ grub_machine_fini ();
+ grub_acpi_halt ();
+ efi_call_4 (grub_efi_system_table->runtime_services->reset_system,
+ GRUB_EFI_RESET_SHUTDOWN, GRUB_EFI_SUCCESS, 0, NULL);
+
+ while (1);
+}
diff --git a/grub-core/lib/efi/relocator.c b/grub-core/lib/efi/relocator.c
new file mode 100644
index 0000000..0d346be
--- /dev/null
+++ b/grub-core/lib/efi/relocator.c
@@ -0,0 +1,119 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2010 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/relocator.h>
+#include <grub/relocator_private.h>
+#include <grub/memory.h>
+#include <grub/efi/efi.h>
+#include <grub/efi/api.h>
+#include <grub/term.h>
+
+#define NEXT_MEMORY_DESCRIPTOR(desc, size) \
+ ((grub_efi_memory_descriptor_t *) ((char *) (desc) + (size)))
+
+unsigned
+grub_relocator_firmware_get_max_events (void)
+{
+ grub_efi_uintn_t mmapsize = 0, descriptor_size = 0;
+ grub_efi_uint32_t descriptor_version = 0;
+ grub_efi_uintn_t key;
+ grub_efi_get_memory_map (&mmapsize, NULL, &key, &descriptor_size,
+ &descriptor_version);
+ /* Since grub_relocator_firmware_fill_events uses malloc
+ we need some reserve. Hence +10. */
+ return 2 * (mmapsize / descriptor_size + 10);
+}
+
+unsigned
+grub_relocator_firmware_fill_events (struct grub_relocator_mmap_event *events)
+{
+ grub_efi_uintn_t mmapsize = 0, desc_size = 0;
+ grub_efi_uint32_t descriptor_version = 0;
+ grub_efi_memory_descriptor_t *descs = NULL;
+ grub_efi_uintn_t key;
+ int counter = 0;
+ grub_efi_memory_descriptor_t *desc;
+
+ grub_efi_get_memory_map (&mmapsize, NULL, &key, &desc_size,
+ &descriptor_version);
+ descs = grub_malloc (mmapsize);
+ if (!descs)
+ return 0;
+
+ grub_efi_get_memory_map (&mmapsize, descs, &key, &desc_size,
+ &descriptor_version);
+
+ for (desc = descs;
+ (char *) desc < ((char *) descs + mmapsize);
+ desc = NEXT_MEMORY_DESCRIPTOR (desc, desc_size))
+ {
+ grub_uint64_t start = desc->physical_start;
+ grub_uint64_t end = desc->physical_start + (desc->num_pages << 12);
+
+ /* post-4G addresses are never supported on 32-bit EFI.
+ Moreover it has been reported that some 64-bit EFI contrary to the
+ spec don't map post-4G pages. So if you enable post-4G allocations,
+ map pages manually or check that they are mapped.
+ */
+ if (end >= 0x100000000ULL)
+ end = 0x100000000ULL;
+ if (end <= start)
+ continue;
+ if (desc->type != GRUB_EFI_CONVENTIONAL_MEMORY)
+ continue;
+ events[counter].type = REG_FIRMWARE_START;
+ events[counter].pos = start;
+ counter++;
+ events[counter].type = REG_FIRMWARE_END;
+ events[counter].pos = end;
+ counter++;
+ }
+
+ return counter;
+}
+
+int
+grub_relocator_firmware_alloc_region (grub_addr_t start, grub_size_t size)
+{
+ grub_efi_boot_services_t *b;
+ grub_efi_physical_address_t address = start;
+ grub_efi_status_t status;
+
+ if (grub_efi_is_finished)
+ return 1;
+
+ grub_dprintf ("relocator", "EFI alloc: %llx, %llx\n",
+ (unsigned long long) start, (unsigned long long) size);
+
+ b = grub_efi_system_table->boot_services;
+ status = efi_call_4 (b->allocate_pages, GRUB_EFI_ALLOCATE_ADDRESS,
+ GRUB_EFI_LOADER_DATA, size >> 12, &address);
+ return (status == GRUB_EFI_SUCCESS);
+}
+
+void
+grub_relocator_firmware_free_region (grub_addr_t start, grub_size_t size)
+{
+ grub_efi_boot_services_t *b;
+
+ if (grub_efi_is_finished)
+ return;
+
+ b = grub_efi_system_table->boot_services;
+ efi_call_2 (b->free_pages, start, size >> 12);
+}
diff --git a/grub-core/lib/emu/halt.c b/grub-core/lib/emu/halt.c
new file mode 100644
index 0000000..620935b
--- /dev/null
+++ b/grub-core/lib/emu/halt.c
@@ -0,0 +1,25 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2003,2004,2005,2006,2007,2008,2009,2010 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/misc.h>
+
+void
+grub_halt (void)
+{
+ grub_reboot ();
+}
diff --git a/grub-core/lib/envblk.c b/grub-core/lib/envblk.c
new file mode 100644
index 0000000..311927b
--- /dev/null
+++ b/grub-core/lib/envblk.c
@@ -0,0 +1,296 @@
+/* envblk.c - Common functions for environment block. */
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2008,2009 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <grub/types.h>
+#include <grub/misc.h>
+#include <grub/mm.h>
+#include <grub/lib/envblk.h>
+
+grub_envblk_t
+grub_envblk_open (char *buf, grub_size_t size)
+{
+ grub_envblk_t envblk;
+
+ if (size < sizeof (GRUB_ENVBLK_SIGNATURE)
+ || grub_memcmp (buf, GRUB_ENVBLK_SIGNATURE,
+ sizeof (GRUB_ENVBLK_SIGNATURE) - 1))
+ {
+ grub_error (GRUB_ERR_BAD_FILE_TYPE, "invalid environment block");
+ return 0;
+ }
+
+ envblk = grub_malloc (sizeof (*envblk));
+ if (envblk)
+ {
+ envblk->buf = buf;
+ envblk->size = size;
+ }
+
+ return envblk;
+}
+
+void
+grub_envblk_close (grub_envblk_t envblk)
+{
+ grub_free (envblk->buf);
+ grub_free (envblk);
+}
+
+static int
+escaped_value_len (const char *value)
+{
+ int n = 0;
+ char *p;
+
+ for (p = (char *) value; *p; p++)
+ {
+ if (*p == '\\' || *p == '\n')
+ n += 2;
+ else
+ n++;
+ }
+
+ return n;
+}
+
+static char *
+find_next_line (char *p, const char *pend)
+{
+ while (p < pend)
+ {
+ if (*p == '\\')
+ p += 2;
+ else if (*p == '\n')
+ break;
+ else
+ p++;
+ }
+
+ return p + 1;
+}
+
+int
+grub_envblk_set (grub_envblk_t envblk, const char *name, const char *value)
+{
+ char *p, *pend;
+ char *space;
+ int found = 0;
+ int nl;
+ int vl;
+ int i;
+
+ nl = grub_strlen (name);
+ vl = escaped_value_len (value);
+ p = envblk->buf + sizeof (GRUB_ENVBLK_SIGNATURE) - 1;
+ pend = envblk->buf + envblk->size;
+
+ /* First, look at free space. */
+ for (space = pend - 1; *space == '#'; space--)
+ ;
+
+ if (*space != '\n')
+ /* Broken. */
+ return 0;
+
+ space++;
+
+ while (p + nl + 1 < space)
+ {
+ if (grub_memcmp (p, name, nl) == 0 && p[nl] == '=')
+ {
+ int len;
+
+ /* Found the same name. */
+ p += nl + 1;
+
+ /* Check the length of the current value. */
+ len = 0;
+ while (p + len < pend && p[len] != '\n')
+ {
+ if (p[len] == '\\')
+ len += 2;
+ else
+ len++;
+ }
+
+ if (p + len >= pend)
+ /* Broken. */
+ return 0;
+
+ if (pend - space < vl - len)
+ /* No space. */
+ return 0;
+
+ if (vl < len)
+ {
+ /* Move the following characters backward, and fill the new
+ space with harmless characters. */
+ grub_memmove (p + vl, p + len, pend - (p + len));
+ grub_memset (space + len - vl, '#', len - vl);
+ }
+ else
+ /* Move the following characters forward. */
+ grub_memmove (p + vl, p + len, pend - (p + vl));
+
+ found = 1;
+ break;
+ }
+
+ p = find_next_line (p, pend);
+ }
+
+ if (! found)
+ {
+ /* Append a new variable. */
+
+ if (pend - space < nl + 1 + vl + 1)
+ /* No space. */
+ return 0;
+
+ grub_memcpy (space, name, nl);
+ p = space + nl;
+ *p++ = '=';
+ }
+
+ /* Write the value. */
+ for (i = 0; value[i]; i++)
+ {
+ if (value[i] == '\\' || value[i] == '\n')
+ *p++ = '\\';
+
+ *p++ = value[i];
+ }
+
+ *p = '\n';
+ return 1;
+}
+
+void
+grub_envblk_delete (grub_envblk_t envblk, const char *name)
+{
+ char *p, *pend;
+ int nl;
+
+ nl = grub_strlen (name);
+ p = envblk->buf + sizeof (GRUB_ENVBLK_SIGNATURE) - 1;
+ pend = envblk->buf + envblk->size;
+
+ while (p + nl + 1 < pend)
+ {
+ if (grub_memcmp (p, name, nl) == 0 && p[nl] == '=')
+ {
+ /* Found. */
+ int len = nl + 1;
+
+ while (p + len < pend)
+ {
+ if (p[len] == '\n')
+ break;
+ else if (p[len] == '\\')
+ len += 2;
+ else
+ len++;
+ }
+
+ if (p + len >= pend)
+ /* Broken. */
+ return;
+
+ len++;
+ grub_memmove (p, p + len, pend - (p + len));
+ grub_memset (pend - len, '#', len);
+ break;
+ }
+
+ p = find_next_line (p, pend);
+ }
+}
+
+void
+grub_envblk_iterate (grub_envblk_t envblk,
+ int hook (const char *name, const char *value))
+{
+ char *p, *pend;
+
+ p = envblk->buf + sizeof (GRUB_ENVBLK_SIGNATURE) - 1;
+ pend = envblk->buf + envblk->size;
+
+ while (p < pend)
+ {
+ if (*p != '#')
+ {
+ char *name;
+ char *value;
+ char *name_start, *name_end, *value_start;
+ char *q;
+ int ret;
+
+ name_start = p;
+ while (p < pend && *p != '=')
+ p++;
+ if (p == pend)
+ /* Broken. */
+ return;
+ name_end = p;
+
+ p++;
+ value_start = p;
+ while (p < pend)
+ {
+ if (*p == '\n')
+ break;
+ else if (*p == '\\')
+ p += 2;
+ else
+ p++;
+ }
+
+ if (p >= pend)
+ /* Broken. */
+ return;
+
+ name = grub_malloc (p - name_start + 1);
+ if (! name)
+ /* out of memory. */
+ return;
+
+ value = name + (value_start - name_start);
+
+ grub_memcpy (name, name_start, name_end - name_start);
+ name[name_end - name_start] = '\0';
+
+ for (p = value_start, q = value; *p != '\n'; ++p)
+ {
+ if (*p == '\\')
+ *q++ = *++p;
+ else
+ *q++ = *p;
+ }
+ *q = '\0';
+
+ ret = hook (name, value);
+ grub_free (name);
+ if (ret)
+ return;
+ }
+
+ p = find_next_line (p, pend);
+ }
+}
diff --git a/grub-core/lib/hexdump.c b/grub-core/lib/hexdump.c
new file mode 100644
index 0000000..317635a
--- /dev/null
+++ b/grub-core/lib/hexdump.c
@@ -0,0 +1,85 @@
+/* hexdump.c - hexdump function */
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2008,2009 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/types.h>
+#include <grub/misc.h>
+#include <grub/lib/hexdump.h>
+
+void
+hexdump (unsigned long bse, char *buf, int len)
+{
+ int pos;
+ char line[80];
+
+ while (len > 0)
+ {
+ int cnt, i;
+
+ pos = grub_snprintf (line, sizeof (line), "%08lx ", bse);
+ cnt = 16;
+ if (cnt > len)
+ cnt = len;
+
+ for (i = 0; i < cnt; i++)
+ {
+ pos += grub_snprintf (&line[pos], sizeof (line) - pos,
+ "%02x ", (unsigned char) buf[i]);
+ if ((i & 7) == 7)
+ line[pos++] = ' ';
+ }
+
+ for (; i < 16; i++)
+ {
+ pos += grub_snprintf (&line[pos], sizeof (line) - pos, " ");
+ if ((i & 7) == 7)
+ line[pos++] = ' ';
+ }
+
+ line[pos++] = '|';
+
+ for (i = 0; i < cnt; i++)
+ line[pos++] = ((buf[i] >= 32) && (buf[i] < 127)) ? buf[i] : '.';
+
+ line[pos++] = '|';
+
+ line[pos] = 0;
+
+ grub_printf ("%s\n", line);
+
+ /* Print only first and last line if more than 3 lines are identical. */
+ if (len >= 4 * 16
+ && ! grub_memcmp (buf, buf + 1 * 16, 16)
+ && ! grub_memcmp (buf, buf + 2 * 16, 16)
+ && ! grub_memcmp (buf, buf + 3 * 16, 16))
+ {
+ grub_printf ("*\n");
+ do
+ {
+ bse += 16;
+ buf += 16;
+ len -= 16;
+ }
+ while (len >= 3 * 16 && ! grub_memcmp (buf, buf + 2 * 16, 16));
+ }
+
+ bse += 16;
+ buf += 16;
+ len -= cnt;
+ }
+}
diff --git a/grub-core/lib/i386/halt.c b/grub-core/lib/i386/halt.c
new file mode 100644
index 0000000..15c4ba0
--- /dev/null
+++ b/grub-core/lib/i386/halt.c
@@ -0,0 +1,60 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2008 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/cpu/io.h>
+#include <grub/misc.h>
+#include <grub/acpi.h>
+
+const char bochs_shutdown[] = "Shutdown";
+
+/*
+ * This call is special... it never returns... in fact it should simply
+ * hang at this point!
+ */
+static inline void __attribute__ ((noreturn))
+stop (void)
+{
+ asm volatile ("cli");
+ while (1)
+ {
+ asm volatile ("hlt");
+ }
+}
+
+void
+grub_halt (void)
+{
+ unsigned int i;
+
+#if defined (GRUB_MACHINE_COREBOOT) || defined (GRUB_MACHINE_MULTIBOOT)
+ grub_acpi_halt ();
+#endif
+
+ /* Disable interrupts. */
+ __asm__ __volatile__ ("cli");
+
+ /* Bochs, QEMU, etc. */
+ for (i = 0; i < sizeof (bochs_shutdown) - 1; i++)
+ grub_outb (bochs_shutdown[i], 0x8900);
+
+ grub_printf ("GRUB doesn't know how to halt this machine yet!\n");
+
+ /* In order to return we'd have to check what the previous status of IF
+ flag was. But user most likely doesn't want to return anyway ... */
+ stop ();
+}
diff --git a/grub-core/lib/i386/pc/biosnum.c b/grub-core/lib/i386/pc/biosnum.c
new file mode 100644
index 0000000..1277108
--- /dev/null
+++ b/grub-core/lib/i386/pc/biosnum.c
@@ -0,0 +1,47 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2009 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/env.h>
+#include <grub/misc.h>
+#include <grub/disk.h>
+#include <grub/machine/biosnum.h>
+
+static int
+grub_get_root_biosnumber_default (void)
+{
+ char *biosnum;
+ int ret = -1;
+ grub_device_t dev;
+
+ biosnum = grub_env_get ("biosnum");
+
+ if (biosnum)
+ return grub_strtoul (biosnum, 0, 0);
+
+ dev = grub_device_open (0);
+ if (dev && dev->disk && dev->disk->dev
+ && dev->disk->dev->id == GRUB_DISK_DEVICE_BIOSDISK_ID)
+ ret = (int) dev->disk->id;
+
+ if (dev)
+ grub_device_close (dev);
+
+ return ret;
+}
+
+int (*grub_get_root_biosnumber) (void) = grub_get_root_biosnumber_default;
diff --git a/grub-core/lib/i386/pc/vesa_modes_table.c b/grub-core/lib/i386/pc/vesa_modes_table.c
new file mode 100644
index 0000000..6dc4b7d
--- /dev/null
+++ b/grub-core/lib/i386/pc/vesa_modes_table.c
@@ -0,0 +1,127 @@
+
+#include <grub/i386/pc/vesa_modes_table.h>
+
+/* This is the reverse of the table in [linux]/Documentation/fb/vesafb.txt
+ plus a few more modes based on the table in
+ http://en.wikipedia.org/wiki/VESA_BIOS_Extensions */
+struct grub_vesa_mode_table_entry
+grub_vesa_mode_table[GRUB_VESA_MODE_TABLE_END
+ - GRUB_VESA_MODE_TABLE_START + 1] =
+ {
+ { 640, 400, 8 }, /* 0x300 */
+ { 640, 480, 8 }, /* 0x301 */
+ { 800, 600, 4 }, /* 0x302 */
+ { 800, 600, 8 }, /* 0x303 */
+ { 1024, 768, 4 }, /* 0x304 */
+ { 1024, 768, 8 }, /* 0x305 */
+ { 1280, 1024, 4 }, /* 0x306 */
+ { 1280, 1024, 8 }, /* 0x307 */
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 320, 200, 15 }, /* 0x30d */
+ { 320, 200, 16 }, /* 0x30e */
+ { 320, 200, 24 }, /* 0x30f */
+ { 640, 480, 15 }, /* 0x310 */
+ { 640, 480, 16 }, /* 0x311 */
+ { 640, 480, 24 }, /* 0x312 */
+ { 800, 600, 15 }, /* 0x313 */
+ { 800, 600, 16 }, /* 0x314 */
+ { 800, 600, 24 }, /* 0x315 */
+ { 1024, 768, 15 }, /* 0x316 */
+ { 1024, 768, 16 }, /* 0x317 */
+ { 1024, 768, 24 }, /* 0x318 */
+ { 1280, 1024, 15 }, /* 0x319 */
+ { 1280, 1024, 16 }, /* 0x31a */
+ { 1280, 1024, 24 }, /* 0x31b */
+ { 1600, 1200, 8 }, /* 0x31c */
+ { 1600, 1200, 15 }, /* 0x31d */
+ { 1600, 1200, 16 }, /* 0x31e */
+ { 1600, 1200, 24 }, /* 0x31f */
+ { 0, 0, 0 },
+ { 640, 400, 15 }, /* 0x321 */
+ { 640, 400, 16 }, /* 0x322 */
+ { 640, 400, 24 }, /* 0x323 */
+ { 640, 400, 32 }, /* 0x324 */
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 640, 480, 32 }, /* 0x329 */
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 896, 672, 8 }, /* 0x32f */
+ { 896, 672, 15 }, /* 0x330 */
+ { 896, 672, 16 }, /* 0x331 */
+ { 896, 672, 24 }, /* 0x332 */
+ { 896, 672, 32 }, /* 0x333 */
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 1600, 1200, 32 }, /* 0x342 */
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 0, 0, 0 },
+ { 1440, 900, 8 }, /* 0x360 */
+ { 1440, 900, 15 }, /* 0x361 */
+ { 1440, 900, 16 }, /* 0x362 */
+ { 1440, 900, 24 }, /* 0x363 */
+ { 1440, 900, 32 }, /* 0x364 */
+ { 1152, 720, 8 }, /* 0x365 */
+ { 1152, 720, 15 }, /* 0x366 */
+ { 1152, 720, 16 }, /* 0x367 */
+ { 1152, 720, 24 }, /* 0x368 */
+ { 1152, 720, 32 }, /* 0x369 */
+ { 1024, 640, 8 }, /* 0x36a */
+ { 1024, 640, 15 }, /* 0x36b */
+ { 1024, 640, 16 }, /* 0x36c */
+ { 1024, 640, 24 }, /* 0x36d */
+ { 1024, 640, 32 }, /* 0x36e */
+ { 800, 500, 8 }, /* 0x36f */
+ { 800, 500, 15 }, /* 0x370 */
+ { 800, 500, 16 }, /* 0x371 */
+ { 800, 500, 24 }, /* 0x372 */
+ { 800, 500, 32 }, /* 0x373 */
+ };
diff --git a/grub-core/lib/i386/relocator.c b/grub-core/lib/i386/relocator.c
new file mode 100644
index 0000000..1bc4240
--- /dev/null
+++ b/grub-core/lib/i386/relocator.c
@@ -0,0 +1,270 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2009 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/mm.h>
+#include <grub/misc.h>
+
+#include <grub/types.h>
+#include <grub/err.h>
+#include <grub/term.h>
+
+#include <grub/i386/relocator.h>
+#include <grub/relocator_private.h>
+
+extern grub_uint8_t grub_relocator_forward_start;
+extern grub_uint8_t grub_relocator_forward_end;
+extern grub_uint8_t grub_relocator_backward_start;
+extern grub_uint8_t grub_relocator_backward_end;
+
+extern void *grub_relocator_backward_dest;
+extern void *grub_relocator_backward_src;
+extern grub_size_t grub_relocator_backward_chunk_size;
+
+extern void *grub_relocator_forward_dest;
+extern void *grub_relocator_forward_src;
+extern grub_size_t grub_relocator_forward_chunk_size;
+
+extern grub_uint8_t grub_relocator16_start;
+extern grub_uint8_t grub_relocator16_end;
+extern grub_uint16_t grub_relocator16_cs;
+extern grub_uint16_t grub_relocator16_ip;
+extern grub_uint16_t grub_relocator16_ds;
+extern grub_uint16_t grub_relocator16_es;
+extern grub_uint16_t grub_relocator16_fs;
+extern grub_uint16_t grub_relocator16_gs;
+extern grub_uint16_t grub_relocator16_ss;
+extern grub_uint16_t grub_relocator16_sp;
+extern grub_uint32_t grub_relocator16_edx;
+
+extern grub_uint8_t grub_relocator32_start;
+extern grub_uint8_t grub_relocator32_end;
+extern grub_uint32_t grub_relocator32_eax;
+extern grub_uint32_t grub_relocator32_ebx;
+extern grub_uint32_t grub_relocator32_ecx;
+extern grub_uint32_t grub_relocator32_edx;
+extern grub_uint32_t grub_relocator32_eip;
+extern grub_uint32_t grub_relocator32_esp;
+extern grub_uint32_t grub_relocator32_ebp;
+extern grub_uint32_t grub_relocator32_esi;
+extern grub_uint32_t grub_relocator32_edi;
+
+extern grub_uint8_t grub_relocator64_start;
+extern grub_uint8_t grub_relocator64_end;
+extern grub_uint64_t grub_relocator64_rax;
+extern grub_uint64_t grub_relocator64_rbx;
+extern grub_uint64_t grub_relocator64_rcx;
+extern grub_uint64_t grub_relocator64_rdx;
+extern grub_uint64_t grub_relocator64_rip;
+extern grub_uint64_t grub_relocator64_rip_addr;
+extern grub_uint64_t grub_relocator64_rsp;
+extern grub_uint64_t grub_relocator64_rsi;
+extern grub_addr_t grub_relocator64_cr3;
+
+#define RELOCATOR_SIZEOF(x) (&grub_relocator##x##_end - &grub_relocator##x##_start)
+
+grub_size_t grub_relocator_align = 1;
+grub_size_t grub_relocator_forward_size;
+grub_size_t grub_relocator_backward_size;
+#ifdef __x86_64__
+grub_size_t grub_relocator_jumper_size = 12;
+#else
+grub_size_t grub_relocator_jumper_size = 7;
+#endif
+
+void
+grub_cpu_relocator_init (void)
+{
+ grub_relocator_forward_size = RELOCATOR_SIZEOF(_forward);
+ grub_relocator_backward_size = RELOCATOR_SIZEOF(_backward);
+}
+
+void
+grub_cpu_relocator_jumper (void *rels, grub_addr_t addr)
+{
+ grub_uint8_t *ptr;
+ ptr = rels;
+#ifdef __x86_64__
+ /* movq imm64, %rax (for relocator) */
+ *(grub_uint8_t *) ptr = 0x48;
+ ptr++;
+ *(grub_uint8_t *) ptr = 0xb8;
+ ptr++;
+ *(grub_uint64_t *) ptr = addr;
+ ptr += sizeof (grub_uint64_t);
+#else
+ /* movl imm32, %eax (for relocator) */
+ *(grub_uint8_t *) ptr = 0xb8;
+ ptr++;
+ *(grub_uint32_t *) ptr = addr;
+ ptr += sizeof (grub_uint32_t);
+#endif
+ /* jmp $eax/$rax */
+ *(grub_uint8_t *) ptr = 0xff;
+ ptr++;
+ *(grub_uint8_t *) ptr = 0xe0;
+ ptr++;
+}
+
+void
+grub_cpu_relocator_backward (void *ptr, void *src, void *dest,
+ grub_size_t size)
+{
+ grub_relocator_backward_dest = dest;
+ grub_relocator_backward_src = src;
+ grub_relocator_backward_chunk_size = size;
+
+ grub_memmove (ptr,
+ &grub_relocator_backward_start,
+ RELOCATOR_SIZEOF (_backward));
+}
+
+void
+grub_cpu_relocator_forward (void *ptr, void *src, void *dest,
+ grub_size_t size)
+{
+ grub_relocator_forward_dest = dest;
+ grub_relocator_forward_src = src;
+ grub_relocator_forward_chunk_size = size;
+
+ grub_memmove (ptr,
+ &grub_relocator_forward_start,
+ RELOCATOR_SIZEOF (_forward));
+}
+
+grub_err_t
+grub_relocator32_boot (struct grub_relocator *rel,
+ struct grub_relocator32_state state)
+{
+ grub_err_t err;
+ void *relst;
+ grub_relocator_chunk_t ch;
+
+ err = grub_relocator_alloc_chunk_align (rel, &ch, 0,
+ (0xffffffff - RELOCATOR_SIZEOF (32))
+ + 1, RELOCATOR_SIZEOF (32), 16,
+ GRUB_RELOCATOR_PREFERENCE_NONE);
+ if (err)
+ return err;
+
+ grub_relocator32_eax = state.eax;
+ grub_relocator32_ebx = state.ebx;
+ grub_relocator32_ecx = state.ecx;
+ grub_relocator32_edx = state.edx;
+ grub_relocator32_eip = state.eip;
+ grub_relocator32_esp = state.esp;
+ grub_relocator32_ebp = state.ebp;
+ grub_relocator32_esi = state.esi;
+ grub_relocator32_edi = state.edi;
+
+ grub_memmove (get_virtual_current_address (ch), &grub_relocator32_start,
+ RELOCATOR_SIZEOF (32));
+
+ err = grub_relocator_prepare_relocs (rel, get_physical_target_address (ch),
+ &relst, NULL);
+ if (err)
+ return err;
+
+ asm volatile ("cli");
+ ((void (*) (void)) relst) ();
+
+ /* Not reached. */
+ return GRUB_ERR_NONE;
+}
+
+grub_err_t
+grub_relocator16_boot (struct grub_relocator *rel,
+ struct grub_relocator16_state state)
+{
+ grub_err_t err;
+ void *relst;
+ grub_relocator_chunk_t ch;
+
+ err = grub_relocator_alloc_chunk_align (rel, &ch, 0,
+ 0xa0000 - RELOCATOR_SIZEOF (16),
+ RELOCATOR_SIZEOF (16), 16,
+ GRUB_RELOCATOR_PREFERENCE_NONE);
+ if (err)
+ return err;
+
+ grub_relocator16_cs = state.cs;
+ grub_relocator16_ip = state.ip;
+
+ grub_relocator16_ds = state.ds;
+ grub_relocator16_es = state.es;
+ grub_relocator16_fs = state.fs;
+ grub_relocator16_gs = state.gs;
+
+ grub_relocator16_ss = state.ss;
+ grub_relocator16_sp = state.sp;
+
+ grub_relocator16_edx = state.edx;
+
+ grub_memmove (get_virtual_current_address (ch), &grub_relocator16_start,
+ RELOCATOR_SIZEOF (16));
+
+ err = grub_relocator_prepare_relocs (rel, get_physical_target_address (ch),
+ &relst, NULL);
+ if (err)
+ return err;
+
+ asm volatile ("cli");
+ ((void (*) (void)) relst) ();
+
+ /* Not reached. */
+ return GRUB_ERR_NONE;
+}
+
+grub_err_t
+grub_relocator64_boot (struct grub_relocator *rel,
+ struct grub_relocator64_state state,
+ grub_addr_t min_addr, grub_addr_t max_addr)
+{
+ grub_err_t err;
+ void *relst;
+ grub_relocator_chunk_t ch;
+
+ err = grub_relocator_alloc_chunk_align (rel, &ch, min_addr,
+ max_addr - RELOCATOR_SIZEOF (64),
+ RELOCATOR_SIZEOF (64), 16,
+ GRUB_RELOCATOR_PREFERENCE_NONE);
+ if (err)
+ return err;
+
+ grub_relocator64_rax = state.rax;
+ grub_relocator64_rbx = state.rbx;
+ grub_relocator64_rcx = state.rcx;
+ grub_relocator64_rdx = state.rdx;
+ grub_relocator64_rip = state.rip;
+ grub_relocator64_rsp = state.rsp;
+ grub_relocator64_rsi = state.rsi;
+ grub_relocator64_cr3 = state.cr3;
+
+ grub_memmove (get_virtual_current_address (ch), &grub_relocator64_start,
+ RELOCATOR_SIZEOF (64));
+
+ err = grub_relocator_prepare_relocs (rel, get_physical_target_address (ch),
+ &relst, NULL);
+ if (err)
+ return err;
+
+ asm volatile ("cli");
+ ((void (*) (void)) relst) ();
+
+ /* Not reached. */
+ return GRUB_ERR_NONE;
+}
diff --git a/grub-core/lib/i386/relocator16.S b/grub-core/lib/i386/relocator16.S
new file mode 100644
index 0000000..982415d
--- /dev/null
+++ b/grub-core/lib/i386/relocator16.S
@@ -0,0 +1,193 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2009,2010 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* The code segment of the protected mode. */
+#define CODE_SEGMENT 0x08
+
+/* The data segment of the protected mode. */
+#define DATA_SEGMENT 0x10
+
+#define PSEUDO_REAL_CSEG 0x18
+
+#define PSEUDO_REAL_DSEG 0x20
+
+#include "relocator_common.S"
+
+ .p2align 4 /* force 16-byte alignment */
+
+VARIABLE(grub_relocator16_start)
+ PREAMBLE
+
+ movl %esi, %eax
+ movw %ax, (LOCAL (cs_base_bytes12) - LOCAL (base)) (RSI, 1)
+ shrl $16, %eax
+ movb %al, (LOCAL (cs_base_byte3) - LOCAL (base)) (RSI, 1)
+
+ RELOAD_GDT
+ .code32
+ /* Update other registers. */
+ movl $DATA_SEGMENT, %eax
+ movl %eax, %ds
+ movl %eax, %es
+ movl %eax, %fs
+ movl %eax, %gs
+ movl %eax, %ss
+
+ DISABLE_PAGING
+
+#ifdef __x86_64__
+ /* Disable amd64. */
+ movl $GRUB_MEMORY_CPU_AMD64_MSR, %ecx
+ rdmsr
+ andl $(~GRUB_MEMORY_CPU_AMD64_MSR_ON), %eax
+ wrmsr
+#endif
+
+ /* Turn off PAE. */
+ movl %cr4, %eax
+ andl $(~GRUB_MEMORY_CPU_CR4_PAE_ON), %eax
+ movl %eax, %cr4
+
+ /* Update other registers. */
+ movl $PSEUDO_REAL_DSEG, %eax
+ movl %eax, %ds
+ movl %eax, %es
+ movl %eax, %fs
+ movl %eax, %gs
+ movl %eax, %ss
+
+ movl %esi, %eax
+ shrl $4, %eax
+ movw %ax, (LOCAL (segment) - LOCAL (base)) (%esi, 1)
+
+ /* jump to a 16 bit segment */
+ ljmp $PSEUDO_REAL_CSEG, $(LOCAL (cont2) - LOCAL(base))
+LOCAL(cont2):
+ .code16
+
+ /* clear the PE bit of CR0 */
+ movl %cr0, %eax
+ andl $(~GRUB_MEMORY_CPU_CR0_PE_ON), %eax
+ movl %eax, %cr0
+
+ /* flush prefetch queue, reload %cs */
+ /* ljmp */
+ .byte 0xea
+ .word LOCAL(cont3)-LOCAL(base)
+LOCAL(segment):
+ .word 0
+
+LOCAL(cont3):
+ /* we are in real mode now
+ * set up the real mode segment registers : DS, SS, ES
+ */
+ /* movw imm16, %ax. */
+ .byte 0xb8
+VARIABLE(grub_relocator16_ds)
+ .word 0
+ movw %ax, %ds
+
+ /* movw imm16, %ax. */
+ .byte 0xb8
+VARIABLE(grub_relocator16_es)
+ .word 0
+ movw %ax, %es
+
+ /* movw imm16, %ax. */
+ .byte 0xb8
+VARIABLE(grub_relocator16_fs)
+ .word 0
+ movw %ax, %fs
+
+ /* movw imm16, %ax. */
+ .byte 0xb8
+VARIABLE(grub_relocator16_gs)
+ .word 0
+ movw %ax, %gs
+
+ /* movw imm16, %ax. */
+ .byte 0xb8
+VARIABLE(grub_relocator16_ss)
+ .word 0
+ movw %ax, %ss
+
+ /* movw imm16, %ax. */
+ .byte 0xb8
+VARIABLE(grub_relocator16_sp)
+ .word 0
+ movzwl %ax, %esp
+
+ /* movw imm32, %edx. */
+ .byte 0x66, 0xba
+VARIABLE(grub_relocator16_edx)
+ .long 0
+
+ /* Cleared direction flag is of no problem with any current
+ payload and makes this implementation easier. */
+ cld
+
+ /* ljmp */
+ .byte 0xea
+VARIABLE(grub_relocator16_ip)
+ .word 0
+VARIABLE(grub_relocator16_cs)
+ .word 0
+
+ .code32
+
+ /* GDT. Copied from loader/i386/linux.c. */
+ .p2align 4
+LOCAL(gdt):
+ .word 0, 0
+ .byte 0, 0, 0, 0
+
+ /* -- code segment --
+ * base = 0x00000000, limit = 0xFFFFF (4 KiB Granularity), present
+ * type = 32bit code execute/read, DPL = 0
+ */
+ .word 0xFFFF, 0
+ .byte 0, 0x9A, 0xCF, 0
+
+ /* -- data segment --
+ * base = 0x00000000, limit 0xFFFFF (4 KiB Granularity), present
+ * type = 32 bit data read/write, DPL = 0
+ */
+ .word 0xFFFF, 0
+ .byte 0, 0x92, 0xCF, 0
+
+ /* -- 16 bit real mode CS --
+ * base = 0x00000000, limit 0x0FFFF (1 B Granularity), present
+ * type = 16 bit code execute/read only/conforming, DPL = 0
+ */
+ .word 0xFFFF
+LOCAL(cs_base_bytes12):
+ .word 0
+LOCAL(cs_base_byte3):
+ .byte 0
+
+ .byte 0x9E, 0, 0
+
+ /* -- 16 bit real mode DS --
+ * base = 0x00000000, limit 0x0FFFF (1 B Granularity), present
+ * type = 16 bit data read/write, DPL = 0
+ */
+ .word 0xFFFF, 0
+ .byte 0, 0x92, 0, 0
+LOCAL(gdt_end):
+
+VARIABLE(grub_relocator16_end)
diff --git a/grub-core/lib/i386/relocator32.S b/grub-core/lib/i386/relocator32.S
new file mode 100644
index 0000000..09ce56a
--- /dev/null
+++ b/grub-core/lib/i386/relocator32.S
@@ -0,0 +1,134 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2009,2010 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* The code segment of the protected mode. */
+#define CODE_SEGMENT 0x10
+
+/* The data segment of the protected mode. */
+#define DATA_SEGMENT 0x18
+
+#include "relocator_common.S"
+
+ .p2align 4 /* force 16-byte alignment */
+
+VARIABLE(grub_relocator32_start)
+ PREAMBLE
+
+ RELOAD_GDT
+ .code32
+ /* Update other registers. */
+ movl $DATA_SEGMENT, %eax
+ movl %eax, %ds
+ movl %eax, %es
+ movl %eax, %fs
+ movl %eax, %gs
+ movl %eax, %ss
+
+ DISABLE_PAGING
+
+#ifdef __x86_64__
+ /* Disable amd64. */
+ movl $GRUB_MEMORY_CPU_AMD64_MSR, %ecx
+ rdmsr
+ andl $(~GRUB_MEMORY_CPU_AMD64_MSR_ON), %eax
+ wrmsr
+#endif
+
+ /* Turn off PAE. */
+ movl %cr4, %eax
+ andl $(~GRUB_MEMORY_CPU_CR4_PAE_ON), %eax
+ movl %eax, %cr4
+
+ jmp LOCAL(cont2)
+LOCAL(cont2):
+ .code32
+
+ /* mov imm32, %eax */
+ .byte 0xb8
+VARIABLE(grub_relocator32_esp)
+ .long 0
+
+ movl %eax, %esp
+
+ /* mov imm32, %eax */
+ .byte 0xb8
+VARIABLE(grub_relocator32_ebp)
+ .long 0
+
+ movl %eax, %ebp
+
+ /* mov imm32, %eax */
+ .byte 0xb8
+VARIABLE(grub_relocator32_esi)
+ .long 0
+
+ movl %eax, %esi
+
+ /* mov imm32, %eax */
+ .byte 0xb8
+VARIABLE(grub_relocator32_edi)
+ .long 0
+
+ movl %eax, %edi
+
+ /* mov imm32, %eax */
+ .byte 0xb8
+VARIABLE(grub_relocator32_eax)
+ .long 0
+
+ /* mov imm32, %ebx */
+ .byte 0xbb
+VARIABLE(grub_relocator32_ebx)
+ .long 0
+
+ /* mov imm32, %ecx */
+ .byte 0xb9
+VARIABLE(grub_relocator32_ecx)
+ .long 0
+
+ /* mov imm32, %edx */
+ .byte 0xba
+VARIABLE(grub_relocator32_edx)
+ .long 0
+
+ /* Cleared direction flag is of no problem with any current
+ payload and makes this implementation easier. */
+ cld
+
+ .byte 0xea
+VARIABLE(grub_relocator32_eip)
+ .long 0
+ .word CODE_SEGMENT
+
+ /* GDT. Copied from loader/i386/linux.c. */
+ .p2align 4
+LOCAL(gdt):
+ /* NULL. */
+ .byte 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+
+ /* Reserved. */
+ .byte 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+
+ /* Code segment. */
+ .byte 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x9A, 0xCF, 0x00
+
+ /* Data segment. */
+ .byte 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x92, 0xCF, 0x00
+LOCAL(gdt_end):
+
+VARIABLE(grub_relocator32_end)
diff --git a/grub-core/lib/i386/relocator64.S b/grub-core/lib/i386/relocator64.S
new file mode 100644
index 0000000..bb08641
--- /dev/null
+++ b/grub-core/lib/i386/relocator64.S
@@ -0,0 +1,160 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2009,2010 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#define CODE32_SEGMENT 0x18
+#define CODE_SEGMENT 0x08
+
+/* The data segment of the protected mode. */
+#define DATA_SEGMENT 0x10
+
+#include "relocator_common.S"
+
+ .p2align 4 /* force 16-byte alignment */
+
+VARIABLE(grub_relocator64_start)
+ PREAMBLE
+#ifndef __x86_64__
+ DISABLE_PAGING
+
+ /* Turn on PAE. */
+ movl %cr4, %eax
+ orl $(GRUB_MEMORY_CPU_CR4_PAE_ON | GRUB_MEMORY_CPU_CR4_PSE_ON), %eax
+ movl %eax, %cr4
+
+ /* mov imm32, %eax */
+ .byte 0xb8
+VARIABLE(grub_relocator64_cr3)
+ .long 0
+ movl %eax, %cr3
+
+ /* Turn on amd64. */
+ movl $GRUB_MEMORY_CPU_AMD64_MSR, %ecx
+ rdmsr
+ orl $GRUB_MEMORY_CPU_AMD64_MSR_ON, %eax
+ wrmsr
+
+ /* Enable paging. */
+ movl %cr0, %eax
+ orl $GRUB_MEMORY_CPU_CR0_PAGING_ON, %eax
+ movl %eax, %cr0
+
+ RELOAD_GDT
+#else
+ /* mov imm64, %rax */
+ .byte 0x48
+ .byte 0xb8
+VARIABLE(grub_relocator64_cr3)
+ .quad 0
+ movq %rax, %cr3
+#endif
+
+ .code64
+
+ /* mov imm64, %rax */
+ .byte 0x48
+ .byte 0xb8
+VARIABLE(grub_relocator64_rsp)
+ .quad 0
+
+ movq %rax, %rsp
+
+ /* mov imm64, %rax */
+ .byte 0x48
+ .byte 0xb8
+VARIABLE(grub_relocator64_rsi)
+ .quad 0
+
+ movq %rax, %rsi
+
+ /* mov imm64, %rax */
+ .byte 0x48
+ .byte 0xb8
+VARIABLE(grub_relocator64_rax)
+ .quad 0
+
+ /* mov imm64, %rbx */
+ .byte 0x48
+ .byte 0xbb
+VARIABLE(grub_relocator64_rbx)
+ .quad 0
+
+ /* mov imm64, %rcx */
+ .byte 0x48
+ .byte 0xb9
+VARIABLE(grub_relocator64_rcx)
+ .quad 0
+
+ /* mov imm64, %rdx */
+ .byte 0x48
+ .byte 0xba
+VARIABLE(grub_relocator64_rdx)
+ .quad 0
+
+ /* Cleared direction flag is of no problem with any current
+ payload and makes this implementation easier. */
+ cld
+
+ jmp *LOCAL(jump_addr) (%rip)
+
+LOCAL(jump_addr):
+VARIABLE(grub_relocator64_rip)
+ .quad 0
+
+#ifndef __x86_64__
+ .p2align 4
+LOCAL(gdt):
+ /* NULL. */
+ .byte 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+
+ /* 64-bit segment. */
+ .word 0xffff /* Limit xffff. */
+ .word 0x0000 /* Base xxxx0000. */
+ .byte 0x00 /* Base xx00xxxx. */
+ .byte (0x8 /* Type 8. */ | (1 << 4) /* Code. */ \
+ | (0 << 5) /* Ring 0. */ | (1 << 7) /* Present. */)
+ .byte (0xf /* Limit fxxxx. */ | (0 << 4) /* AVL flag. */ \
+ | (1 << 5) /* 64-bit. */ | (0 << 6) \
+ | (1 << 7) /* 4K granular. */)
+ .byte 0x00 /* Base 00xxxxxx. */
+
+ /* Data segment*/
+ .word 0xffff /* Limit xffff. */
+ .word 0x0000 /* Base xxxx0000. */
+ .byte 0x00 /* Base xx00xxxx. */
+ .byte (0x0 /* Type 0. */ | (0 << 4) /* Data. */ \
+ | (0 << 5) /* Ring 0. */ | (1 << 7) /* Present. */)
+ .byte (0xf /* Limit fxxxx. */ | (0 << 4) /* AVL flag. */ \
+ | (0 << 5) /* Data. */ | (0 << 6) \
+ | (1 << 7) /* 4K granular. */)
+ .byte 0x00 /* Base 00xxxxxx. */
+
+ /* Compatibility segment. */
+ .word 0xffff /* Limit xffff. */
+ .word 0x0000 /* Base xxxx0000. */
+ .byte 0x00 /* Base xx00xxxx. */
+ .byte (0x8 /* Type 8. */ | (1 << 4) /* Code. */ \
+ | (0 << 5) /* Ring 0. */ | (1 << 7) /* Present. */)
+ .byte (0xf /* Limit fxxxx. */ | (0 << 4) /* AVL flag. */ \
+ | (0 << 5) /* 32-bit. */ | (1 << 6) /* 32-bit. */ \
+ | (1 << 7) /* 4K granular. */)
+ .byte 0x00 /* Base 00xxxxxx. */
+
+LOCAL(gdt_end):
+#endif
+
+VARIABLE(grub_relocator64_end)
diff --git a/grub-core/lib/i386/relocator_asm.S b/grub-core/lib/i386/relocator_asm.S
new file mode 100644
index 0000000..f273586
--- /dev/null
+++ b/grub-core/lib/i386/relocator_asm.S
@@ -0,0 +1,80 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2009 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/symbol.h>
+#include <grub/i386/memory.h>
+
+ .p2align 2
+
+VARIABLE(grub_relocator_backward_start)
+ /* mov imm32, %eax */
+ .byte 0xb8
+VARIABLE(grub_relocator_backward_dest)
+ .long 0
+ movl %eax, %edi
+
+ /* mov imm32, %eax */
+ .byte 0xb8
+VARIABLE(grub_relocator_backward_src)
+ .long 0
+ movl %eax, %esi
+
+ /* mov imm32, %ecx */
+ .byte 0xb9
+VARIABLE(grub_relocator_backward_chunk_size)
+ .long 0
+
+ add %ecx, %esi
+ add %ecx, %edi
+
+
+ /* Backward movsb is implicitly off-by-one. compensate that. */
+ sub $1, %esi
+ sub $1, %edi
+
+ /* Backward copy. */
+ std
+
+ rep
+ movsb
+VARIABLE(grub_relocator_backward_end)
+
+
+VARIABLE(grub_relocator_forward_start)
+ /* mov imm32, %eax */
+ .byte 0xb8
+VARIABLE(grub_relocator_forward_dest)
+ .long 0
+ movl %eax, %edi
+
+ /* mov imm32, %rax */
+ .byte 0xb8
+VARIABLE(grub_relocator_forward_src)
+ .long 0
+ movl %eax, %esi
+
+ /* mov imm32, %ecx */
+ .byte 0xb9
+VARIABLE(grub_relocator_forward_chunk_size)
+ .long 0
+
+ /* Forward copy. */
+ cld
+ rep
+ movsb
+VARIABLE(grub_relocator_forward_end)
diff --git a/grub-core/lib/i386/relocator_backward.S b/grub-core/lib/i386/relocator_backward.S
new file mode 100644
index 0000000..0691347
--- /dev/null
+++ b/grub-core/lib/i386/relocator_backward.S
@@ -0,0 +1,2 @@
+#define BACKWARD
+#include "relocator_asm.S"
diff --git a/grub-core/lib/i386/relocator_common.S b/grub-core/lib/i386/relocator_common.S
new file mode 100644
index 0000000..bd5b53f
--- /dev/null
+++ b/grub-core/lib/i386/relocator_common.S
@@ -0,0 +1,82 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2009,2010 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+#include <grub/symbol.h>
+#include <grub/i386/memory.h>
+
+#ifdef __x86_64__
+#define RAX %rax
+#define RSI %rsi
+#else
+#define RAX %eax
+#define RSI %esi
+#endif
+
+ .macro DISABLE_PAGING
+#ifdef GRUB_MACHINE_IEEE1275
+#endif
+
+ movl %cr0, %eax
+ andl $(~GRUB_MEMORY_CPU_CR0_PAGING_ON), %eax
+ movl %eax, %cr0
+ .endm
+
+ .macro PREAMBLE
+LOCAL(base):
+ /* %rax contains now our new 'base'. */
+ mov RAX, RSI
+
+ add $(LOCAL(cont0) - LOCAL(base)), RAX
+ jmp *RAX
+LOCAL(cont0):
+ .endm
+
+ .macro RELOAD_GDT
+ lea (LOCAL(cont1) - LOCAL(base)) (RSI, 1), RAX
+ movl %eax, (LOCAL(jump_vector) - LOCAL(base)) (RSI, 1)
+
+ lea (LOCAL(gdt) - LOCAL(base)) (RSI, 1), RAX
+ mov RAX, (LOCAL(gdt_addr) - LOCAL(base)) (RSI, 1)
+
+ /* Switch to compatibility mode. */
+ lgdt (LOCAL(gdtdesc) - LOCAL(base)) (RSI, 1)
+
+ /* Update %cs. */
+ ljmp *(LOCAL(jump_vector) - LOCAL(base)) (RSI, 1)
+
+ .p2align 4
+LOCAL(gdtdesc):
+ .word LOCAL(gdt_end) - LOCAL(gdt)
+LOCAL(gdt_addr):
+#ifdef __x86_64__
+ /* Filled by the code. */
+ .quad 0
+#else
+ /* Filled by the code. */
+ .long 0
+#endif
+
+ .p2align 4
+LOCAL(jump_vector):
+ /* Jump location. Is filled by the code */
+ .long 0
+ .long CODE_SEGMENT
+
+LOCAL(cont1):
+ .endm
diff --git a/grub-core/lib/i386/setjmp.S b/grub-core/lib/i386/setjmp.S
new file mode 100644
index 0000000..5b7aa15
--- /dev/null
+++ b/grub-core/lib/i386/setjmp.S
@@ -0,0 +1,59 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2003,2007 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/symbol.h>
+#include <grub/dl.h>
+
+ .file "setjmp.S"
+
+GRUB_MOD_LICENSE ("GPLv3+")
+
+ .text
+
+/*
+ * int grub_setjmp (grub_jmp_buf env)
+ */
+FUNCTION(grub_setjmp)
+ movl %ebx, 0(%eax) /* EBX */
+ movl %esi, 4(%eax) /* ESI */
+ movl %edi, 8(%eax) /* EDI */
+ movl %ebp, 12(%eax) /* EBP */
+ popl %ecx
+ movl %esp, 16(%eax) /* ESP */
+ movl %ecx, 20(%eax) /* EIP */
+ xorl %eax, %eax
+ jmp *%ecx
+
+
+/*
+ * int grub_longjmp (grub_jmp_buf env, int val)
+ */
+FUNCTION(grub_longjmp)
+ movl 0(%eax), %ebx
+ movl 4(%eax), %esi
+ movl 8(%eax), %edi
+ movl 12(%eax), %ebp
+ movl 16(%eax), %esp
+ movl 20(%eax), %ecx
+
+ movl %edx, %eax
+ testl %eax, %eax
+ jnz 1f
+ incl %eax
+1: jmp *%ecx
+
diff --git a/grub-core/lib/ieee1275/datetime.c b/grub-core/lib/ieee1275/datetime.c
new file mode 100644
index 0000000..4105c63
--- /dev/null
+++ b/grub-core/lib/ieee1275/datetime.c
@@ -0,0 +1,145 @@
+/* kern/cmos_datetime.c - CMOS datetime function.
+ *
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2008,2009 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/datetime.h>
+#include <grub/ieee1275/ieee1275.h>
+#include <grub/misc.h>
+#include <grub/dl.h>
+
+GRUB_MOD_LICENSE ("GPLv3+");
+
+static char *rtc = 0;
+
+static void
+find_rtc (void)
+{
+ auto int hook (struct grub_ieee1275_devalias *alias);
+ int hook (struct grub_ieee1275_devalias *alias)
+ {
+ if (grub_strcmp (alias->type, "rtc") == 0)
+ {
+ grub_dprintf ("datetime", "Found RTC %s\n", alias->path);
+ rtc = grub_strdup (alias->path);
+ return 1;
+ }
+ return 0;
+ }
+
+ grub_ieee1275_devices_iterate (hook);
+}
+
+grub_err_t
+grub_get_datetime (struct grub_datetime *datetime)
+{
+ struct get_time_args
+ {
+ struct grub_ieee1275_common_hdr common;
+ grub_ieee1275_cell_t method;
+ grub_ieee1275_cell_t device;
+ grub_ieee1275_cell_t catch_result;
+ grub_ieee1275_cell_t year;
+ grub_ieee1275_cell_t month;
+ grub_ieee1275_cell_t day;
+ grub_ieee1275_cell_t hour;
+ grub_ieee1275_cell_t minute;
+ grub_ieee1275_cell_t second;
+ }
+ args;
+ int status;
+ grub_ieee1275_ihandle_t ihandle;
+
+ if (!rtc)
+ find_rtc ();
+ if (!rtc)
+ return grub_error (GRUB_ERR_IO, "no RTC found");
+
+ status = grub_ieee1275_open (rtc, &ihandle);
+ if (status == -1)
+ return grub_error (GRUB_ERR_IO, "couldn't open RTC");
+
+ INIT_IEEE1275_COMMON (&args.common, "call-method", 2, 7);
+ args.device = (grub_ieee1275_cell_t) ihandle;
+ args.method = (grub_ieee1275_cell_t) "get-time";
+
+ status = IEEE1275_CALL_ENTRY_FN (&args);
+
+ grub_ieee1275_close (ihandle);
+
+ if (status == -1)
+ return grub_error (GRUB_ERR_IO, "get-time failed");
+
+ datetime->year = args.year;
+ datetime->month = args.month;
+ datetime->day = args.day;
+ datetime->hour = args.hour;
+ datetime->minute = args.minute;
+ datetime->second = args.second;
+
+ return GRUB_ERR_NONE;
+}
+
+grub_err_t
+grub_set_datetime (struct grub_datetime *datetime)
+{
+ struct set_time_args
+ {
+ struct grub_ieee1275_common_hdr common;
+ grub_ieee1275_cell_t method;
+ grub_ieee1275_cell_t device;
+ grub_ieee1275_cell_t year;
+ grub_ieee1275_cell_t month;
+ grub_ieee1275_cell_t day;
+ grub_ieee1275_cell_t hour;
+ grub_ieee1275_cell_t minute;
+ grub_ieee1275_cell_t second;
+ grub_ieee1275_cell_t catch_result;
+ }
+ args;
+ int status;
+ grub_ieee1275_ihandle_t ihandle;
+
+ if (!rtc)
+ find_rtc ();
+ if (!rtc)
+ return grub_error (GRUB_ERR_IO, "no RTC found");
+
+ status = grub_ieee1275_open (rtc, &ihandle);
+ if (status == -1)
+ return grub_error (GRUB_ERR_IO, "couldn't open RTC");
+
+ INIT_IEEE1275_COMMON (&args.common, "call-method", 8, 1);
+ args.device = (grub_ieee1275_cell_t) ihandle;
+ args.method = (grub_ieee1275_cell_t) "set-time";
+
+ args.year = datetime->year;
+ args.month = datetime->month;
+ args.day = datetime->day;
+ args.hour = datetime->hour;
+ args.minute = datetime->minute;
+ args.second = datetime->second;
+
+ status = IEEE1275_CALL_ENTRY_FN (&args);
+
+ grub_ieee1275_close (ihandle);
+
+ if (status == -1)
+ return grub_error (GRUB_ERR_IO, "set-time failed");
+
+ return GRUB_ERR_NONE;
+}
diff --git a/grub-core/lib/ieee1275/halt.c b/grub-core/lib/ieee1275/halt.c
new file mode 100644
index 0000000..7ede29d
--- /dev/null
+++ b/grub-core/lib/ieee1275/halt.c
@@ -0,0 +1,33 @@
+/* openfw.c -- Open firmware support functions. */
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2003,2004,2005,2007,2008,2009 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/ieee1275/ieee1275.h>
+#include <grub/misc.h>
+
+void
+grub_halt (void)
+{
+ /* Not standardized. We try three known commands. */
+
+ grub_ieee1275_interpret ("shut-down", 0);
+ grub_ieee1275_interpret ("power-off", 0);
+ grub_ieee1275_interpret ("poweroff", 0);
+
+ while (1);
+}
diff --git a/grub-core/lib/ieee1275/relocator.c b/grub-core/lib/ieee1275/relocator.c
new file mode 100644
index 0000000..c09f1e9
--- /dev/null
+++ b/grub-core/lib/ieee1275/relocator.c
@@ -0,0 +1,95 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2010 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/relocator.h>
+#include <grub/relocator_private.h>
+#include <grub/memory.h>
+#include <grub/ieee1275/ieee1275.h>
+
+unsigned
+grub_relocator_firmware_get_max_events (void)
+{
+ int counter = 0;
+ auto int NESTED_FUNC_ATTR count (grub_uint64_t addr __attribute__ ((unused)),
+ grub_uint64_t len __attribute__ ((unused)),
+ grub_memory_type_t type __attribute__ ((unused)));
+ int NESTED_FUNC_ATTR count (grub_uint64_t addr __attribute__ ((unused)),
+ grub_uint64_t len __attribute__ ((unused)),
+ grub_memory_type_t type __attribute__ ((unused)))
+ {
+ counter++;
+ return 0;
+ }
+
+ if (grub_ieee1275_test_flag (GRUB_IEEE1275_FLAG_CANNOT_INTERPRET))
+ return 0;
+ grub_machine_mmap_iterate (count);
+ return 2 * counter;
+}
+
+unsigned
+grub_relocator_firmware_fill_events (struct grub_relocator_mmap_event *events)
+{
+ int counter = 0;
+ auto int NESTED_FUNC_ATTR fill (grub_uint64_t addr, grub_uint64_t len,
+ grub_memory_type_t type);
+ int NESTED_FUNC_ATTR fill (grub_uint64_t addr, grub_uint64_t len,
+ grub_memory_type_t type)
+ {
+ if (type != GRUB_MEMORY_AVAILABLE)
+ return 0;
+
+ if (grub_ieee1275_test_flag (GRUB_IEEE1275_FLAG_NO_PRE1_5M_CLAIM))
+ {
+ if (addr + len <= 0x180000)
+ return 0;
+
+ if (addr < 0x180000)
+ {
+ len = addr + len - 0x180000;
+ addr = 0x180000;
+ }
+ }
+
+ events[counter].type = REG_FIRMWARE_START;
+ events[counter].pos = addr;
+ counter++;
+ events[counter].type = REG_FIRMWARE_END;
+ events[counter].pos = addr + len;
+ counter++;
+
+ return 0;
+ }
+
+ if (grub_ieee1275_test_flag (GRUB_IEEE1275_FLAG_CANNOT_INTERPRET))
+ return 0;
+ grub_machine_mmap_iterate (fill);
+ return counter;
+}
+
+int
+grub_relocator_firmware_alloc_region (grub_addr_t start, grub_size_t size)
+{
+ return (grub_claimmap (start, size) >= 0);
+}
+
+void
+grub_relocator_firmware_free_region (grub_addr_t start, grub_size_t size)
+{
+ grub_ieee1275_release (start, size);
+}
diff --git a/grub-core/lib/legacy_parse.c b/grub-core/lib/legacy_parse.c
new file mode 100644
index 0000000..659fa70
--- /dev/null
+++ b/grub-core/lib/legacy_parse.c
@@ -0,0 +1,815 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 1999,2000,2001,2002,2003,2004,2010 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/types.h>
+#include <grub/misc.h>
+#include <grub/mm.h>
+#include <grub/err.h>
+#include <grub/legacy_parse.h>
+#include <grub/i386/pc/vesa_modes_table.h>
+
+struct legacy_command
+{
+ const char *name;
+ const char *map;
+ const char *suffix;
+ unsigned suffixarg;
+ unsigned argc;
+ enum arg_type {
+ TYPE_VERBATIM,
+ TYPE_FORCE_OPTION,
+ TYPE_NOAPM_OPTION,
+ TYPE_TYPE_OR_NOMEM_OPTION,
+ TYPE_OPTION,
+ TYPE_FILE,
+ TYPE_FILE_NO_CONSUME,
+ TYPE_PARTITION,
+ TYPE_BOOL,
+ TYPE_INT,
+ TYPE_REST_VERBATIM,
+ TYPE_VBE_MODE
+ } argt[4];
+ enum {
+ FLAG_IGNORE_REST = 0x001,
+ FLAG_FALLBACK_AVAILABLE = 0x004,
+ FLAG_FALLBACK = 0x008,
+ FLAG_COLOR_INVERT = 0x010,
+ FLAG_NO_MENUENTRY = 0x020,
+ FLAG_MENUENTRY_ONLY = 0x040,
+ FLAG_TERMINAL = 0x080,
+ FLAG_TITLE = 0x100,
+ } flags;
+ const char *shortdesc;
+ const char *longdesc;
+};
+
+static struct legacy_command legacy_commands[] =
+ {
+ {"blocklist", "blocklist '%s'\n", NULL, 0, 1, {TYPE_FILE}, 0, "FILE",
+ "Print the blocklist notation of the file FILE."},
+ {"boot", "boot\n", NULL, 0, 0, {}, 0, 0,
+ "Boot the OS/chain-loader which has been loaded."},
+ /* FIXME: bootp unsupported. */
+ {"cat", "cat '%s'\n", NULL, 0, 1, {TYPE_FILE}, 0, "FILE",
+ "Print the contents of the file FILE."},
+ {"chainloader", "chainloader %s '%s'\n", NULL, 0,
+ 2, {TYPE_FORCE_OPTION, TYPE_FILE}, 0, "[--force] FILE",
+ "Load the chain-loader FILE. If --force is specified, then load it"
+ " forcibly, whether the boot loader signature is present or not."},
+ {"cmp", "cmp '%s' '%s'\n", NULL, 0,
+ 2, {TYPE_FILE, TYPE_FILE}, FLAG_IGNORE_REST, "FILE1 FILE2",
+ "Compare the file FILE1 with the FILE2 and inform the different values"
+ " if any."},
+ {"color", "set color_normal='%s'; set color_highlight='%s'\n", NULL, 0,
+ 2, {TYPE_VERBATIM, TYPE_VERBATIM},
+ FLAG_IGNORE_REST | FLAG_FALLBACK_AVAILABLE, "NORMAL [HIGHLIGHT]",
+ "Change the menu colors. The color NORMAL is used for most"
+ " lines in the menu, and the color HIGHLIGHT is used to highlight the"
+ " line where the cursor points. If you omit HIGHLIGHT, then the"
+ " inverted color of NORMAL is used for the highlighted line."
+ " The format of a color is \"FG/BG\". FG and BG are symbolic color names."
+ " A symbolic color name must be one of these: black, blue, green,"
+ " cyan, red, magenta, brown, light-gray, dark-gray, light-blue,"
+ " light-green, light-cyan, light-red, light-magenta, yellow and white."
+ " But only the first eight names can be used for BG. You can prefix"
+ " \"blink-\" to FG if you want a blinking foreground color."},
+ {"color", "set color_normal='%s'; set color_highlight='%s'\n", NULL, 0,
+ 1, {TYPE_VERBATIM},
+ FLAG_IGNORE_REST | FLAG_FALLBACK | FLAG_COLOR_INVERT, NULL, NULL},
+ {"configfile", "legacy_configfile '%s'\n", NULL, 0, 1, {TYPE_FILE},
+ 0, "FILE", "Load FILE as the configuration file."},
+ {"debug",
+ "if [ -z \"$debug\" ]; then set debug=all; else set debug=; fi\n", NULL, 0,
+ 0, {}, 0, 0, "Turn on/off the debug mode."},
+ {"default",
+ "set default='%s'; if [ x\"$default\" = xsaved ]; then load_env; "
+ "set default=\"$saved_entry\"; fi\n", NULL, 0, 1, {TYPE_VERBATIM}, 0,
+ "[NUM | `saved']",
+ "Set the default entry to entry number NUM (if not specified, it is"
+ " 0, the first entry) or the entry number saved by savedefault."},
+ /* FIXME: dhcp unsupported. */
+ {"displayapm", "lsapm\n", NULL, 0, 0, {}, 0, 0,
+ "Display APM BIOS information."},
+ {"displaymem", "lsmmap\n", NULL, 0, 0, {}, 0, 0,
+ "Display what GRUB thinks the system address space map of the"
+ " machine is, including all regions of physical RAM installed."},
+ /* NOTE: embed unsupported. */
+ {"fallback", "set fallback='%s'\n", NULL, 0,
+ 1, {TYPE_VERBATIM}, 0, "NUM...",
+ "Go into unattended boot mode: if the default boot entry has any"
+ " errors, instead of waiting for the user to do anything, it"
+ " immediately starts over using the NUM entry (same numbering as the"
+ " `default' command). This obviously won't help if the machine"
+ " was rebooted by a kernel that GRUB loaded."},
+ {"find", "search -f '%s'\n", NULL, 0, 1, {TYPE_FILE}, 0, "FILENAME",
+ "Search for the filename FILENAME in all of partitions and print the list of"
+ " the devices which contain the file."},
+ /* FIXME: fstest unsupported. */
+ /* NOTE: The obsolete C/H/S geometry isn't shown anymore. */
+ {"geometry", "insmod regexp; ls -l (%s*)\n", NULL, 0, 1, {TYPE_VERBATIM}, 0, "DRIVE",
+ "Print the information for a drive DRIVE. "},
+ {"halt", "halt %s\n", NULL, 0, 1, {TYPE_NOAPM_OPTION}, 0, "[--no-apm]",
+ "Halt your system. If APM is available on it, turn off the power using"
+ " the APM BIOS, unless you specify the option `--no-apm'."},
+ /* FIXME: help unsupported. */ /* NUL_TERMINATE */
+ {"hiddenmenu", NULL,
+ "if sleep -i $timeout; then timeout=0; else timeout=-1; fi\n", 0,
+ 0, {}, 0, "", "Hide the menu."},
+ {"hide", "parttool '%s' hidden+\n", NULL, 0, 1, {TYPE_PARTITION},
+ 0, "PARTITION",
+ "Hide PARTITION by setting the \"hidden\" bit in"
+ " its partition type code."},
+ /* FIXME: ifconfig unsupported. */
+ /* FIXME: impsprobe unsupported. */
+ {"initrd", "legacy_initrd '%s' %s\n", NULL, 0, 2, {TYPE_FILE_NO_CONSUME,
+ TYPE_REST_VERBATIM}, 0,
+ "FILE [ARG ...]",
+ "Load an initial ramdisk FILE for a Linux format boot image and set the"
+ " appropriate parameters in the Linux setup area in memory."},
+ /* NOTE: install unsupported. */
+ /* FIXME: ioprobe unsupported. */
+ /* FIXME: really support --no-mem-option. */
+ {"kernel", "legacy_kernel %s %s '%s' %s\n", NULL, 0,
+ 4, {TYPE_TYPE_OR_NOMEM_OPTION, TYPE_TYPE_OR_NOMEM_OPTION,
+ TYPE_FILE_NO_CONSUME, TYPE_REST_VERBATIM}, 0,
+ "[--no-mem-option] [--type=TYPE] FILE [ARG ...]",
+ "Attempt to load the primary boot image from FILE. The rest of the"
+ " line is passed verbatim as the \"kernel command line\". Any modules"
+ " must be reloaded after using this command. The option --type is used"
+ " to suggest what type of kernel to be loaded. TYPE must be either of"
+ " \"netbsd\", \"freebsd\", \"openbsd\", \"linux\", \"biglinux\" and"
+ " \"multiboot\". The option --no-mem-option tells GRUB not to pass a"
+ " Linux's mem option automatically."},
+ {"lock", "if ! authenticate legacy; then return; fi", NULL, 0, 0, {}, 0,
+ 0, "Break a command execution unless the user is authenticated."},
+ {"makeactive", "parttool \"$root\" boot+\n", NULL, 0, 0, {}, 0, 0,
+ "Set the active partition on the root disk to GRUB's root device."
+ " This command is limited to _primary_ PC partitions on a hard disk."},
+ {"map", "drivemap '%s' '%s'\n", NULL, 0,
+ 2, {TYPE_PARTITION, TYPE_PARTITION},
+ FLAG_IGNORE_REST, "TO_DRIVE FROM_DRIVE",
+ "Map the drive FROM_DRIVE to the drive TO_DRIVE. This is necessary"
+ " when you chain-load some operating systems, such as DOS, if such an"
+ " OS resides at a non-first drive."},
+ /* NOTE: md5crypt unsupported since GRUB has not enough entropy and this
+ hash shouldn't be used anymore. */
+ {"module", "legacy_initrd '%s' %s\n", NULL, 0, 2, {TYPE_FILE_NO_CONSUME,
+ TYPE_REST_VERBATIM}, 0,
+ "FILE [ARG ...]",
+ "Load a boot module FILE for a Multiboot format boot image (no"
+ " interpretation of the file contents is made, so users of this"
+ " command must know what the kernel in question expects). The"
+ " rest of the line is passed as the \"module command line\", like"
+ " the `kernel' command."},
+ {"modulenounzip", "legacy_initrd_nounzip '%s' %s\n", NULL, 0, 2,
+ {TYPE_FILE_NO_CONSUME, TYPE_REST_VERBATIM}, 0,
+ "FILE [ARG ...]",
+ "The same as `module', except that automatic decompression is"
+ " disabled."},
+ {"pager", "set pager=%s; if [ \"$pager\" = 0 ]; then "
+ " echo Internal pager is now off; else "
+ "echo Internal pager is now on; fi\n", NULL, 0,
+ 1, {TYPE_BOOL}, FLAG_FALLBACK_AVAILABLE, "[FLAG]",
+ "Toggle pager mode with no argument. If FLAG is given and its value"
+ " is `on', turn on the mode. If FLAG is `off', turn off the mode."},
+ {"pager",
+ "if [ \"$pager\" = 1 ]; then pager=0; echo Internal pager is now off;"
+ "else pager=1; echo Internal pager is now on; fi\n", NULL, 0, 0, {},
+ FLAG_FALLBACK, NULL, NULL},
+ /* FIXME: partnew unsupported. */
+ {"parttype", "parttool '%s' type=%s\n", NULL, 0,
+ 2, {TYPE_PARTITION, TYPE_INT}, 0,
+ "PART TYPE", "Change the type of the partition PART to TYPE."},
+ {"password", "if [ \"$superusers\" = "" ]; then superusers=legacy; fi;\n"
+ "legacy_password %s '%s'\n",
+ "menuentry \"Superuser menu\" --users \"legacy\" { configfile '%s'; }\n",
+ 2, 3, {TYPE_OPTION, TYPE_VERBATIM, TYPE_FILE},
+ FLAG_IGNORE_REST | FLAG_FALLBACK_AVAILABLE | FLAG_NO_MENUENTRY,
+ "[--md5] PASSWD [FILE]",
+ "If used in the first section of a menu file, disable all"
+ " interactive editing control (menu entry editor and"
+ " command line). If the password PASSWD is entered, it loads the"
+ " FILE as a new config file and restarts the GRUB Stage 2. If you"
+ " omit the argument FILE, then GRUB just unlocks privileged"
+ " instructions. You can also use it in the script section, in"
+ " which case it will ask for the password, before continuing."
+ " The option --md5 tells GRUB that PASSWD is encrypted with"
+ " md5crypt."},
+ {"password", "if [ \"$superusers\" = "" ]; then superusers=legacy; fi;\n"
+ "legacy_password %s '%s'\n", NULL, 0, 2, {TYPE_OPTION, TYPE_VERBATIM},
+ FLAG_IGNORE_REST | FLAG_FALLBACK | FLAG_NO_MENUENTRY, NULL, NULL},
+ {"password", "if legacy_check_password %s '%s'; then configfile '%s'; "
+ "else return; fi\n", NULL, 2, 3, {TYPE_OPTION, TYPE_VERBATIM, TYPE_FILE},
+ FLAG_IGNORE_REST | FLAG_FALLBACK_AVAILABLE | FLAG_MENUENTRY_ONLY,
+ NULL, NULL},
+ {"password", "if ! legacy_check_password %s '%s'; then return fi;\n",
+ NULL, 0, 2, {TYPE_OPTION, TYPE_VERBATIM},
+ FLAG_IGNORE_REST | FLAG_FALLBACK | FLAG_MENUENTRY_ONLY, NULL, NULL},
+ /* NOTE: GRUB2 has a design principle of not eternally waiting for user
+ input. 60 seconds should be enough.
+ */
+ {"pause", "echo %s; if ! sleep -i 60; then return; fi\n", NULL, 0, 1,
+ {TYPE_REST_VERBATIM}, 0,
+ "[MESSAGE ...]", "Print MESSAGE, then wait until a key is pressed."},
+ /* FIXME: rarp unsupported. */
+ {"read", "read_dword %s\n", NULL, 0, 1, {TYPE_INT}, 0, "ADDR",
+ "Read a 32-bit value from memory at address ADDR and"
+ " display it in hex format."},
+ {"reboot", "reboot\n", NULL, 0, 0, {}, 0, 0, "Reboot your system."},
+ {"root", "set root='%s'; set legacy_hdbias='%s'\n", NULL, 0,
+ 2, {TYPE_PARTITION, TYPE_INT}, FLAG_FALLBACK_AVAILABLE,
+ "[DEVICE [HDBIAS]]",
+ "Set the current \"root device\" to the device DEVICE, then"
+ " attempt to mount it to get the partition size (for passing the"
+ " partition descriptor in `ES:ESI', used by some chain-loaded"
+ " bootloaders), the BSD drive-type (for booting BSD kernels using"
+ " their native boot format), and correctly determine "
+ " the PC partition where a BSD sub-partition is located. The"
+ " optional HDBIAS parameter is a number to tell a BSD kernel"
+ " how many BIOS drive numbers are on controllers before the current"
+ " one. For example, if there is an IDE disk and a SCSI disk, and your"
+ " FreeBSD root partition is on the SCSI disk, then use a `1' for HDBIAS."},
+ {"root", "echo \"$root\"\n", NULL, 0, 0, {}, FLAG_FALLBACK, NULL, NULL},
+ {"rootnoverify", "set root='%s'; set legacy_hdbias='%s'\n", NULL, 0,
+ 2, {TYPE_PARTITION, TYPE_INT}, 0,
+ "[DEVICE [HDBIAS]]",
+ "Similar to `root', but don't attempt to mount the partition. This"
+ " is useful for when an OS is outside of the area of the disk that"
+ " GRUB can read, but setting the correct root device is still"
+ " desired. Note that the items mentioned in `root' which"
+ " derived from attempting the mount will NOT work correctly."},
+ {"rootnoverify", "echo \"$root\"\n", NULL, 0,
+ 0, {}, FLAG_FALLBACK, NULL, NULL},
+ /* FIXME: support saving NUM and fallback. */
+ {"savedefault", "saved_entry=${chosen}; save_env saved_entry\n", NULL, 0,
+ 0, {}, 0, "[NUM | `fallback']",
+ "Save the current entry as the default boot entry if no argument is"
+ " specified. If a number is specified, this number is saved. If"
+ " `fallback' is used, next fallback entry is saved."},
+ {"serial", "serial %s\n", NULL, 0, 1, {TYPE_REST_VERBATIM}, 0,
+ "[--unit=UNIT] [--port=PORT] [--speed=SPEED] [--word=WORD] "
+ "[--parity=PARITY] [--stop=STOP] [--device=DEV]",
+ "Initialize a serial device. UNIT is a digit that specifies which serial"
+ " device is used (e.g. 0 == COM1). If you need to specify the port number,"
+ " set it by --port. SPEED is the DTE-DTE speed. WORD is the word length,"
+ " PARITY is the type of parity, which is one of `no', `odd' and `even'."
+ " STOP is the length of stop bit(s). The option --device can be used only"
+ " in the grub shell, which specifies the file name of a tty device. The"
+ " default values are COM1, 9600, 8N1."},
+ /* FIXME: setkey unsupported. */ /* NUL_TERMINATE */
+ /* NOTE: setup unsupported. */
+ /* FIXME: --no-echo, --no-edit, hercules unsupported. */
+ /* NOTE: both terminals are activated so --silent and --timeout
+ are useless. */
+ {"terminal", NULL, NULL, 0, 0, {}, FLAG_TERMINAL | FLAG_IGNORE_REST,
+ "[--dumb] [--no-echo] [--no-edit] [--timeout=SECS] [--lines=LINES] "
+ "[--silent] [console] [serial] [hercules]",
+ "Select a terminal. When multiple terminals are specified, wait until"
+ " you push any key to continue. If both console and serial are specified,"
+ " the terminal to which you input a key first will be selected. If no"
+ " argument is specified, print current setting. The option --dumb"
+ " specifies that your terminal is dumb, otherwise, vt100-compatibility"
+ " is assumed. If you specify --no-echo, input characters won't be echoed."
+ " If you specify --no-edit, the BASH-like editing feature will be disabled."
+ " If --timeout is present, this command will wait at most for SECS"
+ " seconds. The option --lines specifies the maximum number of lines."
+ " The option --silent is used to suppress messages."},
+ /* FIXME: terminfo unsupported. */ /* NUL_TERMINATE */
+ {"testload", "cat '%s'\n", NULL, 0, 1, {TYPE_FILE}, 0, "FILE",
+ "Read the entire contents of FILE in several different ways and"
+ " compares them, to test the filesystem code. "
+ " If this test succeeds, then a good next"
+ " step is to try loading a kernel."},
+ {"testvbe", "insmod vbe; videotest '%s'\n", NULL, 0, 1, {TYPE_VBE_MODE}, 0,
+ "MODE", "Test the VBE mode MODE. Hit any key to return."},
+ /* FIXME: tftpserver unsupported. */
+ {"timeout", "set timeout=%s\n", NULL, 0, 1, {TYPE_INT}, 0, "SEC",
+ "Set a timeout, in SEC seconds, before automatically booting the"
+ " default entry (normally the first entry defined)."},
+ {"title", NULL, NULL, 0, 0, {}, FLAG_TITLE, "NAME ...",
+ "Start a new boot entry, and set its name to the contents of the"
+ " rest of the line, starting with the first non-space character."},
+ {"unhide", "parttool '%s' hidden-\n", NULL, 0,
+ 1, {TYPE_PARTITION}, 0, "PARTITION",
+ "Unhide PARTITION by clearing the \"hidden\" bit in its"
+ " partition type code."},
+ /* FIXME: uppermem unsupported. */
+ {"uuid", "search --set=root --fs-uuid '%s'\n", NULL, 0, 1, {TYPE_VERBATIM},
+ 0, "UUID", "Find root by UUID"},
+ {"vbeprobe", "insmod vbe; videoinfo '%s'\n", NULL, 0, 1, {TYPE_VBE_MODE},
+ FLAG_FALLBACK_AVAILABLE, "[MODE]",
+ "Probe VBE information. If the mode number MODE is specified, show only"
+ " the information about only the mode."},
+ {"vbeprobe", "insmod vbe; videoinfo\n", NULL, 0, 0, {},
+ FLAG_FALLBACK, NULL, NULL}
+ };
+
+char *
+grub_legacy_escape (const char *in, grub_size_t len)
+{
+ char *ptr;
+ char *ret;
+ char saved;
+ int overhead = 0;
+
+ for (ptr = (char*)in; ptr < in + len && *ptr; ptr++)
+ if (*ptr == '\'')
+ overhead += 3;
+ ret = grub_malloc (ptr - in + overhead + 1);
+ if (!ret)
+ return NULL;
+
+ ptr = (char*)in;
+ saved = ptr[len];
+ ptr[len] = '\0';
+ grub_strchrsub (ret, ptr, '\'', "'\\''");
+ ptr[len] = saved;
+ return ret;
+}
+
+static char *
+adjust_file (const char *in, grub_size_t len)
+{
+ const char *comma, *ptr, *rest;
+ char *ret, *outptr;
+ int overhead = 0;
+ int part = -1, subpart = -1;
+ if (in[0] != '(')
+ return grub_legacy_escape (in, len);
+ for (ptr = in + 1; ptr < in + len && *ptr && *ptr != ')'
+ && *ptr != ','; ptr++)
+ if (*ptr == '\'' || *ptr == '\\')
+ overhead++;
+ comma = ptr;
+ if (*comma != ',')
+ return grub_legacy_escape (in, len);
+ part = grub_strtoull (comma + 1, (char **) &rest, 0);
+ if (rest[0] == ',' && rest[1] >= 'a' && rest[1] <= 'z')
+ {
+ subpart = rest[1] - 'a';
+ rest += 2;
+ }
+ for (ptr = rest; ptr < in + len && *ptr; ptr++)
+ if (*ptr == '\'' || *ptr == '\\')
+ overhead++;
+
+ /* 35 is enough for any 2 numbers. */
+ ret = grub_malloc (ptr - in + overhead + 35);
+ if (!ret)
+ return NULL;
+
+ outptr = ret;
+ for (ptr = in; ptr < in + len && ptr <= comma; ptr++)
+ {
+ if (*ptr == '\'' || *ptr == '\\')
+ *outptr++ = '\\';
+
+ *outptr++ = *ptr;
+ }
+ if (subpart != -1)
+ grub_snprintf (outptr, 35, "%d,%d", part + 1, subpart + 1);
+ else
+ grub_snprintf (outptr, 35, "%d", part + 1);
+ while (*outptr)
+ outptr++;
+ for (ptr = rest; ptr < in + len; ptr++)
+ {
+ if (*ptr == '\'' || *ptr == '\\')
+ *outptr++ = '\\';
+
+ *outptr++ = *ptr;
+ }
+ *outptr = 0;
+ return ret;
+}
+
+static int
+check_option (const char *a, char *b, grub_size_t len)
+{
+ if (grub_strlen (b) != len)
+ return 0;
+ return grub_strncmp (a, b, len) == 0;
+}
+
+static int
+is_option (enum arg_type opt, const char *curarg, grub_size_t len)
+{
+ switch (opt)
+ {
+ case TYPE_NOAPM_OPTION:
+ return check_option (curarg, "--no-apm", len);
+ case TYPE_FORCE_OPTION:
+ return check_option (curarg, "--force", len);
+ case TYPE_TYPE_OR_NOMEM_OPTION:
+ return check_option (curarg, "--type=netbsd", len)
+ || check_option (curarg, "--type=freebsd", len)
+ || check_option (curarg, "--type=openbsd", len)
+ || check_option (curarg, "--type=linux", len)
+ || check_option (curarg, "--type=biglinux", len)
+ || check_option (curarg, "--type=multiboot", len)
+ || check_option (curarg, "--no-mem-option", len);
+ case TYPE_OPTION:
+ return (len >= 2 && curarg[0] == '-' && curarg[1] == '-');
+ default:
+ return 0;
+ }
+}
+
+char *
+grub_legacy_parse (const char *buf, char **entryname, char **suffix)
+{
+ const char *ptr;
+ const char *cmdname;
+ unsigned i, cmdnum;
+ char *args[ARRAY_SIZE (legacy_commands[0].argt)];
+
+ *suffix = NULL;
+
+ for (ptr = buf; *ptr && grub_isspace (*ptr); ptr++);
+ if (!*ptr || *ptr == '#')
+ {
+ char *ret;
+ int len = grub_strlen (buf);
+ ret = grub_malloc (len + 2);
+ grub_memcpy (ret, buf, len);
+ if (len && ret[len - 1] == '\n')
+ ret[len] = 0;
+ else
+ {
+ ret[len] = '\n';
+ ret[len + 1] = 0;
+ }
+ return ret;
+ }
+
+ cmdname = ptr;
+ for (ptr = buf; *ptr && !grub_isspace (*ptr) && *ptr != '='; ptr++);
+
+ for (cmdnum = 0; cmdnum < ARRAY_SIZE (legacy_commands); cmdnum++)
+ if (grub_strncmp (legacy_commands[cmdnum].name, cmdname, ptr - cmdname) == 0
+ && legacy_commands[cmdnum].name[ptr - cmdname] == 0
+ && (!(*entryname != NULL && (legacy_commands[cmdnum].flags
+ & FLAG_NO_MENUENTRY)))
+ && (!(*entryname == NULL && (legacy_commands[cmdnum].flags
+ & FLAG_MENUENTRY_ONLY))))
+ break;
+ if (cmdnum == ARRAY_SIZE (legacy_commands))
+ return grub_xasprintf ("# Unsupported legacy command: %s\n", buf);
+
+ for (; grub_isspace (*ptr) || *ptr == '='; ptr++);
+
+ if (legacy_commands[cmdnum].flags & FLAG_TITLE)
+ {
+ const char *ptr2;
+ ptr2 = ptr + grub_strlen (ptr);
+ while (ptr2 > ptr && grub_isspace (*(ptr2 - 1)))
+ ptr2--;
+ *entryname = grub_strndup (ptr, ptr2 - ptr);
+ return NULL;
+ }
+
+ if (legacy_commands[cmdnum].flags & FLAG_TERMINAL)
+ {
+ int dumb = 0, lines = 24;
+#ifdef TODO
+ int no_echo = 0, no_edit = 0;
+ int hercules = 0;
+#endif
+ int console = 0, serial = 0;
+ /* Big enough for any possible resulting command. */
+ char outbuf[256] = "";
+ char *outptr;
+ while (*ptr)
+ {
+ /* "[--timeout=SECS] [--silent]"
+ " [console] [serial] [hercules]"*/
+ if (grub_memcmp (ptr, "--dumb", sizeof ("--dumb") - 1) == 0)
+ dumb = 1;
+#ifdef TODO
+ if (grub_memcmp (ptr, "--no-echo", sizeof ("--no-echo") - 1) == 0)
+ no_echo = 1;
+
+ if (grub_memcmp (ptr, "--no-edit", sizeof ("--no-edit") - 1) == 0)
+ no_edit = 1;
+#endif
+ if (grub_memcmp (ptr, "--lines=", sizeof ("--lines=") - 1) == 0)
+ {
+ lines = grub_strtoul (ptr + sizeof ("--lines=") - 1, 0, 0);
+ if (grub_errno)
+ {
+ lines = 24;
+ grub_errno = GRUB_ERR_NONE;
+ }
+ }
+
+ if (grub_memcmp (ptr, "console", sizeof ("console") - 1) == 0)
+ console = 1;
+
+ if (grub_memcmp (ptr, "serial", sizeof ("serial") - 1) == 0)
+ serial = 1;
+#ifdef TODO
+ if (grub_memcmp (ptr, "hercules", sizeof ("hercules") - 1) == 0)
+ hercules = 1;
+#endif
+ while (*ptr && !grub_isspace (*ptr))
+ ptr++;
+ while (*ptr && grub_isspace (*ptr))
+ ptr++;
+ }
+
+ if (!console && !serial)
+ return grub_strdup ("terminal_input; terminal_output; terminfo\n");
+
+ grub_strcpy (outbuf, "terminal_input ");
+ outptr = outbuf + grub_strlen (outbuf);
+ if (serial)
+ {
+ grub_strcpy (outptr, "serial ");
+ outptr += grub_strlen (outptr);
+ }
+ if (console)
+ {
+ grub_strcpy (outptr, "console ");
+ outptr += grub_strlen (outptr);
+ }
+ grub_strcpy (outptr, "; terminal_output ");
+ outptr += grub_strlen (outptr);
+ if (serial)
+ {
+ grub_strcpy (outptr, "serial ");
+ outptr += grub_strlen (outptr);
+ }
+ if (console)
+ {
+ grub_strcpy (outptr, "console ");
+ outptr += grub_strlen (outptr);
+ }
+ grub_strcpy (outptr, "; ");
+ outptr += grub_strlen (outptr);
+ if (serial)
+ {
+ grub_snprintf (outptr, outbuf + sizeof (outbuf) - outptr,
+ "terminfo serial -g 80x%d %s; ",
+ lines, dumb ? "dumb" : "vt100");
+ outptr += grub_strlen (outptr);
+ }
+
+ grub_strcpy (outptr, "\n");
+
+ return grub_strdup (outbuf);
+ }
+
+ grub_memset (args, 0, sizeof (args));
+
+ {
+ int hold_arg = 0;
+ const char *curarg = NULL;
+ for (i = 0; i < legacy_commands[cmdnum].argc; i++)
+ {
+ grub_size_t curarglen;
+ if (hold_arg)
+ {
+ ptr = curarg;
+ hold_arg = 0;
+ }
+ for (; grub_isspace (*ptr); ptr++);
+ curarg = ptr;
+ if (!*curarg)
+ break;
+ for (; *ptr && !grub_isspace (*ptr); ptr++);
+ if (i != legacy_commands[cmdnum].argc - 1
+ || (legacy_commands[cmdnum].flags & FLAG_IGNORE_REST))
+ curarglen = ptr - curarg;
+ else
+ {
+ curarglen = grub_strlen (curarg);
+ while (curarglen > 0 && grub_isspace (curarg[curarglen - 1]))
+ curarglen--;
+ }
+ if (*ptr)
+ ptr++;
+ switch (legacy_commands[cmdnum].argt[i])
+ {
+ case TYPE_FILE_NO_CONSUME:
+ hold_arg = 1;
+ case TYPE_PARTITION:
+ case TYPE_FILE:
+ args[i] = adjust_file (curarg, curarglen);
+ break;
+
+ case TYPE_REST_VERBATIM:
+ {
+ char *outptr, *outptr0;
+ int overhead = 3;
+ ptr = curarg;
+ while (*ptr)
+ {
+ for (; *ptr && grub_isspace (*ptr); ptr++);
+ for (; *ptr && !grub_isspace (*ptr); ptr++)
+ if (*ptr == '\'')
+ overhead += 3;
+ if (*ptr)
+ ptr++;
+ overhead += 3;
+ }
+
+ outptr0 = args[i] = grub_malloc (overhead + (ptr - curarg));
+ if (!outptr0)
+ return NULL;
+ ptr = curarg;
+ outptr = outptr0;
+ while (*ptr)
+ {
+ for (; *ptr && grub_isspace (*ptr); ptr++);
+ if (outptr != outptr0)
+ *outptr++ = ' ';
+ *outptr++ = '\'';
+ for (; *ptr && !grub_isspace (*ptr); ptr++)
+ {
+ if (*ptr == '\'')
+ {
+ *outptr++ = '\'';
+ *outptr++ = '\\';
+ *outptr++ = '\'';
+ *outptr++ = '\'';
+ }
+ else
+ *outptr++ = *ptr;
+ }
+ *outptr++ = '\'';
+ if (*ptr)
+ ptr++;
+ }
+ *outptr++ = 0;
+ }
+ break;
+
+ case TYPE_VERBATIM:
+ args[i] = grub_legacy_escape (curarg, curarglen);
+ break;
+ case TYPE_FORCE_OPTION:
+ case TYPE_NOAPM_OPTION:
+ case TYPE_TYPE_OR_NOMEM_OPTION:
+ case TYPE_OPTION:
+ if (is_option (legacy_commands[cmdnum].argt[i], curarg, curarglen))
+ {
+ args[i] = grub_strndup (curarg, curarglen);
+ break;
+ }
+ args[i] = grub_strdup ("");
+ hold_arg = 1;
+ break;
+ case TYPE_INT:
+ {
+ const char *brk;
+ int base = 10;
+ brk = curarg;
+ if (brk[0] == '0' && brk[1] == 'x')
+ {
+ base = 16;
+ brk += 2;
+ }
+ else if (brk[0] == '0')
+ base = 8;
+ for (; *brk && brk < curarg + curarglen; brk++)
+ {
+ if (base == 8 && (*brk == '8' || *brk == '9'))
+ break;
+ if (grub_isdigit (*brk))
+ continue;
+ if (base != 16)
+ break;
+ if (!(*brk >= 'a' && *brk <= 'f')
+ && !(*brk >= 'A' && *brk <= 'F'))
+ break;
+ }
+ if (brk == curarg)
+ args[i] = grub_strdup ("0");
+ else
+ args[i] = grub_strndup (curarg, brk - curarg);
+ }
+ break;
+ case TYPE_VBE_MODE:
+ {
+ unsigned mod;
+ struct grub_vesa_mode_table_entry *modedesc;
+
+ mod = grub_strtoul (curarg, 0, 0);
+ if (grub_errno)
+ {
+ mod = 0;
+ grub_errno = GRUB_ERR_NONE;
+ }
+ if (mod < GRUB_VESA_MODE_TABLE_START
+ || mod > GRUB_VESA_MODE_TABLE_END)
+ {
+ args[i] = grub_strdup ("auto");
+ break;
+ }
+ modedesc = &grub_vesa_mode_table[mod - GRUB_VESA_MODE_TABLE_START];
+ if (!modedesc->width)
+ {
+ args[i] = grub_strdup ("auto");
+ break;
+ }
+ args[i] = grub_xasprintf ("%ux%ux%u",
+ modedesc->width, modedesc->height,
+ modedesc->depth);
+ break;
+ }
+ case TYPE_BOOL:
+ if (curarglen == 2 && curarg[0] == 'o' && curarg[1] == 'n')
+ args[i] = grub_strdup ("1");
+ else
+ args[i] = grub_strdup ("0");
+ break;
+ }
+ }
+ }
+
+ while (legacy_commands[cmdnum].argc > 0
+ && args[legacy_commands[cmdnum].argc - 1] == NULL
+ && (legacy_commands[cmdnum].flags & FLAG_FALLBACK_AVAILABLE)
+ && args[legacy_commands[cmdnum + 1].argc] == NULL)
+ cmdnum++;
+
+ for (; i < legacy_commands[cmdnum].argc; i++)
+ switch (legacy_commands[cmdnum].argt[i])
+ {
+ case TYPE_FILE_NO_CONSUME:
+ case TYPE_PARTITION:
+ case TYPE_FILE:
+ case TYPE_REST_VERBATIM:
+ case TYPE_VERBATIM:
+ case TYPE_FORCE_OPTION:
+ case TYPE_NOAPM_OPTION:
+ case TYPE_TYPE_OR_NOMEM_OPTION:
+ case TYPE_OPTION:
+ args[i] = grub_strdup ("");
+ break;
+ case TYPE_BOOL:
+ case TYPE_INT:
+ args[i] = grub_strdup ("0");
+ break;
+ case TYPE_VBE_MODE:
+ args[i] = grub_strdup ("auto");
+ break;
+ }
+
+ if (legacy_commands[cmdnum].flags & FLAG_COLOR_INVERT)
+ {
+ char *corig = args[legacy_commands[cmdnum].argc - 1];
+ char *slash = grub_strchr (corig, '/');
+ char *invert;
+ grub_size_t len;
+
+ len = grub_strlen (corig);
+ if (!slash)
+ {
+ grub_error (GRUB_ERR_BAD_ARGUMENT, "bad color specification %s",
+ args[0]);
+ return NULL;
+ }
+ invert = grub_malloc (len + 1);
+ if (!invert)
+ return NULL;
+ grub_memcpy (invert, slash + 1, len - (slash - corig) - 1);
+ invert[len - (slash - args[0]) - 1] = '/';
+ grub_memcpy (invert + len - (slash - corig), corig, slash - corig);
+ invert[len] = 0;
+ args[legacy_commands[cmdnum].argc] = invert;
+ }
+
+ if (legacy_commands[cmdnum].suffix)
+ {
+ *suffix = grub_xasprintf (legacy_commands[cmdnum].suffix,
+ args[legacy_commands[cmdnum].suffixarg]);
+ if (*suffix)
+ return NULL;
+ }
+
+ {
+ char *ret = grub_xasprintf (legacy_commands[cmdnum].map, args[0], args[1],
+ args[2], args[3]);
+ grub_free (args[0]);
+ grub_free (args[1]);
+ grub_free (args[2]);
+ grub_free (args[3]);
+ return ret;
+ }
+}
diff --git a/grub-core/lib/libgcrypt-grub/cipher/ChangeLog b/grub-core/lib/libgcrypt-grub/cipher/ChangeLog
new file mode 100644
index 0000000..e7db175
--- /dev/null
+++ b/grub-core/lib/libgcrypt-grub/cipher/ChangeLog
@@ -0,0 +1,4212 @@
+2011-05-14 Automatic import tool
+
+ Imported ciphers to GRUB
+
+ * ac.c: Removed
+ * arcfour.c: Removed including of config.h
+ Removed including of stdio.h
+ Removed including of stdlib.h
+ Removed including of string.h
+ (elftest): Removed declaration.
+ (selftest): Removed.
+ (GRUB_MOD_INIT(gcry_arcfour)): New function
+
+ Register cipher _gcry_cipher_spec_arcfour
+ (GRUB_MOD_FINI(gcry_arcfour)): New function
+
+ Unregister cipher _gcry_cipher_spec_arcfour
+ * blowfish.c: Removed including of config.h
+ Removed including of stdio.h
+ Removed including of stdlib.h
+ Removed including of string.h
+ (selftest): Removed.
+ (GRUB_MOD_INIT(gcry_blowfish)): New function
+
+ Register cipher _gcry_cipher_spec_blowfish
+ (GRUB_MOD_FINI(gcry_blowfish)): New function
+
+ Unregister cipher _gcry_cipher_spec_blowfish
+ * camellia.c: Removed including of string.h
+ Removed including of stdlib.h
+ * camellia.h: Removed including of config.h
+ * camellia-glue.c: Removed including of config.h
+ Removed including of config.h
+ (elftest): Removed declaration.
+ (selftest): Removed.
+ (GRUB_MOD_INIT(gcry_camellia)): New function
+
+ Register cipher _gcry_cipher_spec_camellia128
+ Register cipher _gcry_cipher_spec_camellia192
+ Register cipher _gcry_cipher_spec_camellia256
+ (GRUB_MOD_FINI(gcry_camellia)): New function
+
+ Unregister cipher _gcry_cipher_spec_camellia128
+ Unregister cipher _gcry_cipher_spec_camellia192
+ Unregister cipher _gcry_cipher_spec_camellia256
+ * cast5.c: Removed including of config.h
+ Removed including of stdio.h
+ Removed including of stdlib.h
+ Removed including of string.h
+ (selftest): Removed.
+ (GRUB_MOD_INIT(gcry_cast5)): New function
+
+ Register cipher _gcry_cipher_spec_cast5
+ (GRUB_MOD_FINI(gcry_cast5)): New function
+
+ Unregister cipher _gcry_cipher_spec_cast5
+ * cipher.c: Removed
+ * crc.c: Removed including of config.h
+ Removed including of stdio.h
+ Removed including of stdlib.h
+ Removed including of string.h
+ (GRUB_MOD_INIT(gcry_crc)): New function
+
+ Register digest _gcry_digest_spec_crc32
+ Register digest _gcry_digest_spec_crc32_rfc1510
+ Register digest _gcry_digest_spec_crc24_rfc2440
+ (GRUB_MOD_FINI(gcry_crc)): New function
+
+ Unregister MD _gcry_digest_spec_crc32
+ Unregister MD _gcry_digest_spec_crc32_rfc1510
+ Unregister MD _gcry_digest_spec_crc24_rfc2440
+ * des.c: Removed including of config.h
+ Removed including of stdio.h
+ Removed including of string.h
+ (elftest): Removed declaration.
+ (weak_keys_chksum): Removed.
+ (tripledes_set2keys): Removed.
+ (selftest): Removed.
+ (do_tripledes_set_extra_info): Removed.
+ (selftest_fips): Removed.
+ (run_selftests): Removed.
+ (_gcry_cipher_extraspec_tripledes): Removed.
+ (GRUB_MOD_INIT(gcry_des)): New function
+
+ Register cipher _gcry_cipher_spec_des
+ Register cipher _gcry_cipher_spec_tripledes
+ (GRUB_MOD_FINI(gcry_des)): New function
+
+ Unregister cipher _gcry_cipher_spec_des
+ Unregister cipher _gcry_cipher_spec_tripledes
+ * dsa.c: Removed including of config.h
+ Removed including of stdio.h
+ Removed including of stdlib.h
+ Removed including of string.h
+ (selftest_sign_1024): Removed.
+ (selftests_dsa): Removed.
+ (run_selftests): Removed.
+ * ecc.c: Removed including of config.h
+ Removed including of stdio.h
+ Removed including of stdlib.h
+ Removed including of string.h
+ (selftests_ecdsa): Removed.
+ (run_selftests): Removed.
+ * elgamal.c: Removed including of config.h
+ Removed including of stdio.h
+ Removed including of stdlib.h
+ Removed including of string.h
+ * hash-common.c: Removed
+ * hmac-tests.c: Removed
+ * md.c: Removed
+ * md4.c: Removed including of config.h
+ Removed including of stdio.h
+ Removed including of stdlib.h
+ Removed including of string.h
+ (GRUB_MOD_INIT(gcry_md4)): New function
+
+ Register digest _gcry_digest_spec_md4
+ (GRUB_MOD_FINI(gcry_md4)): New function
+
+ Unregister MD _gcry_digest_spec_md4
+ * md5.c: Removed including of config.h
+ Removed including of stdio.h
+ Removed including of stdlib.h
+ Removed including of string.h
+ (GRUB_MOD_INIT(gcry_md5)): New function
+
+ Register digest _gcry_digest_spec_md5
+ (GRUB_MOD_FINI(gcry_md5)): New function
+
+ Unregister MD _gcry_digest_spec_md5
+ * primegen.c: Removed including of config.h
+ Removed including of stdio.h
+ Removed including of stdlib.h
+ Removed including of string.h
+ Removed including of errno.h
+ * pubkey.c: Removed
+ * rfc2268.c: Removed including of config.h
+ Removed including of stdio.h
+ Removed including of stdlib.h
+ Removed including of string.h
+ (elftest): Removed declaration.
+ (selftest): Removed.
+ (GRUB_MOD_INIT(gcry_rfc2268)): New function
+
+ Register cipher _gcry_cipher_spec_rfc2268_40
+ (GRUB_MOD_FINI(gcry_rfc2268)): New function
+
+ Unregister cipher _gcry_cipher_spec_rfc2268_40
+ * rijndael.c: Removed including of config.h
+ Removed including of stdio.h
+ Removed including of stdlib.h
+ Removed including of string.h
+ (elftest): Removed declaration.
+ (_gcry_aes_cfb_enc): Removed.
+ (_gcry_aes_cbc_enc): Removed.
+ (_gcry_aes_cfb_dec): Removed.
+ (_gcry_aes_cbc_dec): Removed.
+ (selftest_basic_128): Removed.
+ (selftest_basic_192): Removed.
+ (selftest_basic_256): Removed.
+ (selftest): Removed.
+ (selftest_fips_128_38a): Removed.
+ (selftest_fips_128): Removed.
+ (selftest_fips_192): Removed.
+ (selftest_fips_256): Removed.
+ (run_selftests): Removed.
+ (_gcry_cipher_extraspec_aes): Removed.
+ (_gcry_cipher_extraspec_aes192): Removed.
+ (_gcry_cipher_extraspec_aes256): Removed.
+ (GRUB_MOD_INIT(gcry_rijndael)): New function
+
+ Register cipher _gcry_cipher_spec_aes
+ Register cipher _gcry_cipher_spec_aes192
+ Register cipher _gcry_cipher_spec_aes256
+ (GRUB_MOD_FINI(gcry_rijndael)): New function
+
+ Unregister cipher _gcry_cipher_spec_aes
+ Unregister cipher _gcry_cipher_spec_aes192
+ Unregister cipher _gcry_cipher_spec_aes256
+ * rmd160.c: Removed including of config.h
+ Removed including of stdio.h
+ Removed including of stdlib.h
+ Removed including of string.h
+ (_gcry_rmd160_hash_buffer): Removed.
+ (GRUB_MOD_INIT(gcry_rmd160)): New function
+
+ Register digest _gcry_digest_spec_rmd160
+ (GRUB_MOD_FINI(gcry_rmd160)): New function
+
+ Unregister MD _gcry_digest_spec_rmd160
+ * rsa.c: Removed including of config.h
+ Removed including of stdio.h
+ Removed including of stdlib.h
+ Removed including of string.h
+ Removed including of errno.h
+ (selftest_sign_1024): Removed.
+ (selftest_encr_1024): Removed.
+ (selftests_rsa): Removed.
+ (run_selftests): Removed.
+ * seed.c: Removed including of config.h
+ Removed including of stdio.h
+ Removed including of stdlib.h
+ (elftest): Removed declaration.
+ (selftest): Removed.
+ (GRUB_MOD_INIT(gcry_seed)): New function
+
+ Register cipher _gcry_cipher_spec_seed
+ (GRUB_MOD_FINI(gcry_seed)): New function
+
+ Unregister cipher _gcry_cipher_spec_seed
+ * serpent.c: Removed including of config.h
+ Removed including of string.h
+ Removed including of stdio.h
+ (GRUB_MOD_INIT(gcry_serpent)): New function
+
+ Register cipher _gcry_cipher_spec_serpent128
+ Register cipher _gcry_cipher_spec_serpent192
+ Register cipher _gcry_cipher_spec_serpent256
+ (GRUB_MOD_FINI(gcry_serpent)): New function
+
+ Unregister cipher _gcry_cipher_spec_serpent128
+ Unregister cipher _gcry_cipher_spec_serpent192
+ Unregister cipher _gcry_cipher_spec_serpent256
+ * sha1.c: Removed including of config.h
+ Removed including of stdio.h
+ Removed including of stdlib.h
+ Removed including of string.h
+ (_gcry_sha1_hash_buffer): Removed.
+ (selftests_sha1): Removed.
+ (run_selftests): Removed.
+ (_gcry_digest_extraspec_sha1): Removed.
+ (GRUB_MOD_INIT(gcry_sha1)): New function
+
+ Register digest _gcry_digest_spec_sha1
+ (GRUB_MOD_FINI(gcry_sha1)): New function
+
+ Unregister MD _gcry_digest_spec_sha1
+ * sha256.c: Removed including of config.h
+ Removed including of stdio.h
+ Removed including of stdlib.h
+ Removed including of string.h
+ (selftests_sha224): Removed.
+ (selftests_sha256): Removed.
+ (run_selftests): Removed.
+ (_gcry_digest_extraspec_sha224): Removed.
+ (_gcry_digest_extraspec_sha256): Removed.
+ (GRUB_MOD_INIT(gcry_sha256)): New function
+
+ Register digest _gcry_digest_spec_sha224
+ Register digest _gcry_digest_spec_sha256
+ (GRUB_MOD_FINI(gcry_sha256)): New function
+
+ Unregister MD _gcry_digest_spec_sha224
+ Unregister MD _gcry_digest_spec_sha256
+ * sha512.c: Removed including of config.h
+ Removed including of string.h
+ (selftests_sha384): Removed.
+ (selftests_sha512): Removed.
+ (run_selftests): Removed.
+ (_gcry_digest_extraspec_sha512): Removed.
+ (_gcry_digest_extraspec_sha384): Removed.
+ (GRUB_MOD_INIT(gcry_sha512)): New function
+
+ Register digest _gcry_digest_spec_sha512
+ Register digest _gcry_digest_spec_sha384
+ (GRUB_MOD_FINI(gcry_sha512)): New function
+
+ Unregister MD _gcry_digest_spec_sha512
+ Unregister MD _gcry_digest_spec_sha384
+ * tiger.c: Removed including of config.h
+ Removed including of stdio.h
+ Removed including of stdlib.h
+ Removed including of string.h
+ (GRUB_MOD_INIT(gcry_tiger)): New function
+
+ Register digest _gcry_digest_spec_tiger
+ (GRUB_MOD_FINI(gcry_tiger)): New function
+
+ Unregister MD _gcry_digest_spec_tiger
+ * twofish.c: Removed including of config.h
+ Removed including of stdio.h
+ Removed including of stdlib.h
+ Removed including of string.h
+ (elftest): Removed declaration.
+ (selftest): Removed.
+ Removed including of stdio.h
+ Removed including of string.h
+ Removed including of time.h
+ (GRUB_MOD_INIT(gcry_twofish)): New function
+
+ Register cipher _gcry_cipher_spec_twofish
+ Register cipher _gcry_cipher_spec_twofish128
+ (GRUB_MOD_FINI(gcry_twofish)): New function
+
+ Unregister cipher _gcry_cipher_spec_twofish
+ Unregister cipher _gcry_cipher_spec_twofish128
+ * whirlpool.c: Removed including of config.h
+ Removed including of stdio.h
+ Removed including of stdlib.h
+ Removed including of string.h
+ (GRUB_MOD_INIT(gcry_whirlpool)): New function
+
+ Register digest _gcry_digest_spec_whirlpool
+ (GRUB_MOD_FINI(gcry_whirlpool)): New function
+
+ Unregister MD _gcry_digest_spec_whirlpool
+ * crypto.lst: New file.
+ * types.h: New file.
+ * memory.h: New file.
+ * cipher.h: Likewise.
+ * g10lib.h: Likewise.
+
+2009-01-22 Werner Koch <wk@g10code.com>
+
+ * ecc.c (compute_keygrip): Remove superfluous const.
+
+2009-01-06 Werner Koch <wk@g10code.com>
+
+ * rmd160.c (oid_spec_rmd160): Add TeleTrust identifier.
+
+2008-12-10 Werner Koch <wk@g10code.com>
+
+ * dsa.c (generate): Add arg DOMAIN and use it if specified.
+ (generate_fips186): Ditto.
+ (dsa_generate_ext): Parse and check the optional "domain"
+ parameter and pass them to the generate functions.
+
+ * rijndael.c (rijndael_names): Add "AES128" and "AES-128".
+ (rijndael192_names): Add "AES-192".
+ (rijndael256_names): Add "AES-256".
+
+2008-12-05 Werner Koch <wk@g10code.com>
+
+ * dsa.c (generate): Add arg TRANSIENT_KEY and use it to detrmine
+ the RNG quality needed.
+ (dsa_generate_ext): Parse the transient-key flag und pass it to
+ generate.
+
+2008-11-28 Werner Koch <wk@g10code.com>
+
+ * dsa.c (generate_fips186): Add arg DERIVEPARMS and use the seed
+ value if available.
+
+ * primegen.c (_gcry_generate_fips186_2_prime): Fix inner p loop.
+
+2008-11-26 Werner Koch <wk@g10code.com>
+
+ * primegen.c (_gcry_generate_fips186_3_prime): New.
+ * dsa.c (generate_fips186): Add arg USE_FIPS186_2.
+ (dsa_generate_ext): Parse new flag use-fips183-2.
+
+2008-11-25 Werner Koch <wk@g10code.com>
+
+ * dsa.c (generate_fips186): New.
+ (dsa_generate_ext): Use new function if derive-parms are given or
+ if in FIPS mode.
+ * primegen.c (_gcry_generate_fips186_2_prime): New.
+
+2008-11-24 Werner Koch <wk@g10code.com>
+
+ * pubkey.c (gcry_pk_genkey): Insert code to output extrainfo.
+ (pubkey_generate): Add arg R_EXTRAINFO and pass it to the extended
+ key generation function.
+ * rsa.c (gen_x931_parm_xp, gen_x931_parm_xi): New.
+ (generate_x931): Generate params if not given.
+ (rsa_generate_ext): Parse use-x931 flag. Return p-q-swapped
+ indicator.
+ * dsa.c (dsa_generate_ext): Put RETFACTORS into R_EXTRAINFO if
+ possible.
+
+ * pubkey.c (gcry_pk_genkey): Remove parsing of almost all
+ parameters and pass the parameter S-expression to pubkey_generate.
+ (pubkey_generate): Simplify by requitring modules to parse the
+ parameters. Remove the special cases for Elgamal and ECC.
+ (sexp_elements_extract_ecc): Add arg EXTRASPEC and use it. Fix
+ small memory leak.
+ (sexp_to_key): Pass EXTRASPEC to sexp_elements_extract_ecc.
+ (pubkey_table) [USE_ELGAMAL]: Add real extraspec.
+ * rsa.c (rsa_generate_ext): Adjust for new calling convention.
+ * dsa.c (dsa_generate_ext): Ditto.
+ * elgamal.c (_gcry_elg_generate): Ditto. Rename to elg_generate_ext.
+ (elg_generate): New.
+ (_gcry_elg_generate_using_x): Remove after merging code with
+ elg_generate_ext.
+ (_gcry_pubkey_extraspec_elg): New.
+ (_gcry_elg_check_secret_key, _gcry_elg_encrypt, _gcry_elg_sign)
+ (_gcry_elg_verify, _gcry_elg_get_nbits): Make static and remove
+ _gcry_ prefix.
+ * ecc.c (_gcry_ecc_generate): Rename to ecc_generate_ext and
+ adjust for new calling convention.
+ (_gcry_ecc_get_param): Rename to ecc_get_param and make static.
+ (_gcry_pubkey_extraspec_ecdsa): Add ecc_generate_ext and
+ ecc_get_param.
+
+2008-11-20 Werner Koch <wk@g10code.com>
+
+ * pubkey.c (pubkey_generate): Add arg DERIVEPARMS.
+ (gcry_pk_genkey): Parse derive-parms and pass it to above.
+ * rsa.c (generate_x931): New.
+ (rsa_generate_ext): Add arg DERIVEPARMS and call new function in
+ fips mode or if DERIVEPARMS is given.
+ * primegen.c (_gcry_derive_x931_prime, find_x931_prime): New.
+
+2008-11-19 Werner Koch <wk@g10code.com>
+
+ * rsa.c (rsa_decrypt): Use gcry_create_nonce for blinding.
+ (generate): Rename to generate_std.
+
+2008-11-05 Werner Koch <wk@g10code.com>
+
+ * md.c (md_open): Use a switch to set the Bsize.
+ (prepare_macpads): Fix long key case for SHA384 and SHA512.
+
+ * cipher.c (gcry_cipher_handle): Add field EXTRASPEC.
+ (gcry_cipher_open): Set it.
+ (gcry_cipher_ctl): Add private control code to disable weak key
+ detection and to return the current input block.
+ * des.c (_tripledes_ctx): Add field FLAGS.
+ (do_tripledes_set_extra_info): New.
+ (_gcry_cipher_extraspec_tripledes): Add new function.
+ (do_tripledes_setkey): Disable weak key detection.
+
+2008-10-24 Werner Koch <wk@g10code.com>
+
+ * md.c (digest_table): Allow MD5 in fips mode.
+ (md_register_default): Take special action for MD5.
+ (md_enable, gcry_md_hash_buffer): Ditto.
+
+2008-09-30 Werner Koch <wk@g10code.com>
+
+ * rijndael.c (do_setkey): Properly align "t" and "tk".
+ (prepare_decryption): Properly align "w". Fixes bug #936.
+
+2008-09-18 Werner Koch <wk@g10code.com>
+
+ * pubkey.c (gcry_pk_genkey): Parse domain parameter.
+ (pubkey_generate): Add new arg DOMAIN and remove special case for
+ DSA with qbits.
+ * rsa.c (rsa_generate): Add dummy args QBITS, NAME and DOMAIN and
+ rename to rsa_generate_ext. Change caller.
+ (_gcry_rsa_generate, _gcry_rsa_check_secret_key)
+ (_gcry_rsa_encrypt, _gcry_rsa_decrypt, _gcry_rsa_sign)
+ (_gcry_rsa_verify, _gcry_rsa_get_nbits): Make static and remove
+ _gcry_ prefix.
+ (_gcry_pubkey_spec_rsa, _gcry_pubkey_extraspec_rsa): Adjust names.
+ * dsa.c (dsa_generate_ext): New.
+ (_gcry_dsa_generate): Replace code by a call to dsa_generate.
+ (_gcry_dsa_check_secret_key, _gcry_dsa_sign, _gcry_dsa_verify)
+ (_gcry_dsa_get_nbits): Make static and remove _gcry prefix.
+ (_gcry_dsa_generate2): Remove.
+ (_gcry_pubkey_spec_dsa): Adjust to name changes.
+ (_gcry_pubkey_extraspec_rsa): Add dsa_generate_ext.
+
+2008-09-16 Werner Koch <wk@g10code.com>
+
+ * ecc.c (run_selftests): Add arg EXTENDED.
+
+2008-09-12 Werner Koch <wk@g10code.com>
+
+ * rsa.c (test_keys): Do a bad case signature check.
+ * dsa.c (test_keys): Do a bad case check.
+
+ * cipher.c (_gcry_cipher_selftest): Add arg EXTENDED and pass it
+ to the called tests.
+ * md.c (_gcry_md_selftest): Ditto.
+ * pubkey.c (_gcry_pk_selftest): Ditto.
+ * rijndael.c (run_selftests): Add arg EXTENDED and pass it to the
+ called tests.
+ (selftest_fips_128): Add arg EXTENDED and run only one test
+ non-extended mode.
+ (selftest_fips_192): Add dummy arg EXTENDED.
+ (selftest_fips_256): Ditto.
+ * hmac-tests.c (_gcry_hmac_selftest): Ditto.
+ (run_selftests): Ditto.
+ (selftests_sha1): Add arg EXTENDED and run only one test
+ non-extended mode.
+ (selftests_sha224, selftests_sha256): Ditto.
+ (selftests_sha384, selftests_sha512): Ditto.
+ * sha1.c (run_selftests): Add arg EXTENDED and pass it to the
+ called test.
+ (selftests_sha1): Add arg EXTENDED and run only one test
+ non-extended mode.
+ * sha256.c (run_selftests): Add arg EXTENDED and pass it to the
+ called tests.
+ (selftests_sha224): Add arg EXTENDED and run only one test
+ non-extended mode.
+ (selftests_sha256): Ditto.
+ * sha512.c (run_selftests): Add arg EXTENDED and pass it to the
+ called tests.
+ (selftests_sha384): Add arg EXTENDED and run only one test
+ non-extended mode.
+ (selftests_sha512): Ditto.
+ * des.c (run_selftests): Add arg EXTENDED and pass it to the
+ called test.
+ (selftest_fips): Add dummy arg EXTENDED.
+ * rsa.c (run_selftests): Add dummy arg EXTENDED.
+
+ * dsa.c (run_selftests): Add dummy arg EXTENDED.
+
+ * rsa.c (extract_a_from_sexp): New.
+ (selftest_encr_1024): Check that the ciphertext does not match the
+ plaintext.
+ (test_keys): Improve tests and return an error status.
+ (generate): Return an error if test_keys fails.
+ * dsa.c (test_keys): Add comments and return an error status.
+ (generate): Return an error if test_keys failed.
+
+2008-09-11 Werner Koch <wk@g10code.com>
+
+ * rsa.c (_gcry_rsa_decrypt): Return an error instead of calling
+ BUG in case of a practically impossible condition.
+ (sample_secret_key, sample_public_key): New.
+ (selftest_sign_1024, selftest_encr_1024): New.
+ (selftests_rsa): Implement tests.
+ * dsa.c (sample_secret_key, sample_public_key): New.
+ (selftest_sign_1024): New.
+ (selftests_dsa): Implement tests.
+
+2008-09-09 Werner Koch <wk@g10code.com>
+
+ * hmac-tests.c (selftests_sha1): Add tests.
+ (selftests_sha224, selftests_sha384, selftests_sha512): Make up tests.
+
+ * hash-common.c, hash-common.h: New.
+ * sha1.c (selftests_sha1): Add 3 tests.
+ * sha256.c (selftests_sha256, selftests_sha224): Ditto.
+ * sha512.c (selftests_sha512, selftests_sha384): Ditto.
+
+2008-08-29 Werner Koch <wk@g10code.com>
+
+ * pubkey.c (gcry_pk_get_keygrip): Remove the special case for RSA
+ and check whether a custom computation function has been setup.
+ * rsa.c (compute_keygrip): New.
+ (_gcry_pubkey_extraspec_rsa): Setup this function.
+ * ecc.c (compute_keygrip): New.
+ (_gcry_pubkey_extraspec_ecdsa): Setup this function.
+
+2008-08-28 Werner Koch <wk@g10code.com>
+
+ * cipher.c (cipher_decrypt, cipher_encrypt): Return an error if
+ mode NONE is used.
+ (gcry_cipher_open): Allow mode NONE only with a debug flag set and
+ if not in FIPS mode.
+
+2008-08-26 Werner Koch <wk@g10code.com>
+
+ * pubkey.c (pubkey_generate): Add arg KEYGEN_FLAGS.
+ (gcry_pk_genkey): Implement new parameter "transient-key" and
+ pass it as flags to pubkey_generate.
+ (pubkey_generate): Make use of an ext_generate function.
+ * rsa.c (generate): Add new arg transient_key and pass appropriate
+ args to the prime generator.
+ (_gcry_rsa_generate): Factor all code out to ...
+ (rsa_generate): .. new func with extra arg KEYGEN_FLAGS.
+ (_gcry_pubkey_extraspec_ecdsa): Setup rsa_generate.
+ * primegen.c (_gcry_generate_secret_prime)
+ (_gcry_generate_public_prime): Add new arg RANDOM_LEVEL.
+
+2008-08-21 Werner Koch <wk@g10code.com>
+
+ * primegen.c (_gcry_generate_secret_prime)
+ (_gcry_generate_public_prime): Use a constant macro for the random
+ level.
+
+2008-08-19 Werner Koch <wk@g10code.com>
+
+ * pubkey.c (sexp_elements_extract_ecc) [!USE_ECC]: Do not allow
+ allow "curve" parameter.
+
+2008-08-15 Werner Koch <wk@g10code.com>
+
+ * pubkey.c (_gcry_pk_selftest): New.
+ * dsa.c (selftests_dsa, run_selftests): New.
+ * rsa.c (selftests_rsa, run_selftests): New.
+ * ecc.c (selftests_ecdsa, run_selftests): New.
+
+ * md.c (_gcry_md_selftest): New.
+ * sha1.c (run_selftests, selftests_sha1): New.
+ * sha256.c (selftests_sha224, selftests_sha256, run_selftests): New.
+ * sha512.c (selftests_sha384, selftests_sha512, run_selftests): New.
+
+ * des.c (selftest): Remove static variable form selftest.
+ (des_setkey): No on-the-fly self test in fips mode.
+ (tripledes_set3keys): Ditto.
+
+ * cipher.c (_gcry_cipher_setkey, _gcry_cipher_setiv):
+
+ * dsa.c (generate): Bail out in fips mode if NBITS is less than 1024.
+ * rsa.c (generate): Return an error code if the the requested size
+ is less than 1024 and we are in fpis mode.
+ (_gcry_rsa_generate): Take care of that error code.
+
+ * ecc.c (generate_curve): In fips mode enable only NIST curves.
+
+ * cipher.c (_gcry_cipher_selftest): New.
+
+ * sha512.c (_gcry_digest_extraspec_sha384)
+ (_gcry_digest_extraspec_sha512): New.
+ * sha256.c (_gcry_digest_extraspec_sha224)
+ (_gcry_digest_extraspec_sha256): New.
+ * sha1.c (_gcry_digest_extraspec_sha1): New.
+ * ecc.c (_gcry_pubkey_extraspec_ecdsa): New.
+ * dsa.c (_gcry_pubkey_extraspec_dsa): New.
+ * rsa.c (_gcry_pubkey_extraspec_rsa): New.
+ * rijndael.c (_gcry_cipher_extraspec_aes)
+ (_gcry_cipher_extraspec_aes192, _gcry_cipher_extraspec_aes256): New.
+ * des.c (_gcry_cipher_extraspec_tripledes): New.
+
+ * cipher.c (gcry_cipher_register): Rename to _gcry_cipher_register.
+ Add arg EXTRASPEC.
+ (dummy_extra_spec): New.
+ (cipher_table_entry): Add extraspec field.
+ * md.c (_gcry_md_register): Rename to _gcry_md_register. Add
+ arg EXTRASPEC.
+ (dummy_extra_spec): New.
+ (digest_table_entry): Add extraspec field.
+ * pubkey.c (gcry_pk_register): Rename to _gcry_pk_register. Add
+ arg EXTRASPEC.
+ (dummy_extra_spec): New.
+ (pubkey_table_entry): Add extraspec field.
+
+ * ac.c: Let most public functions return GPG_ERR_UNSUPPORTED in
+ fips mode.
+
+ * pubkey.c (pubkey_table_entry): Add field FIPS_ALLOWED and mark
+ appropriate algorithms.
+ (dummy_generate, dummy_check_secret_key, dummy_encrypt)
+ (dummy_decrypt, dummy_sign, dummy_verify, dummy_get_nbits): Signal
+ a fips error when used.
+ (gcry_pk_register): In fips mode do not allow to register new
+ algorithms.
+
+ * md.c (digest_table): Add field FIPS_ALLOWED and mark appropriate
+ algorithms.
+ (md_register_default): In fips mode register only fips algorithms.
+ (gcry_md_register): In fips mode do not allow to register new
+ algorithms.
+ (gcry_md_get): Signal a fips error if called.
+ (gcry_md_hash_buffer): Do not allow rmd160 when not in fips mode.
+ (md_start_debug): Disable in fips_mode.
+
+ * md.c (gcry_md_register_default): Rename to ..
+ (md_register_default): .. this.
+ (md_digest): Remove this commented fucntion.
+ * pubkey.c (gcry_pk_register_default): Rename to ..
+ (pk_register_default): .. this.
+
+ * cipher.c (cipher_table_entry): Add field FIPS_ALLOWED.
+ (gcry_cipher_register_default): Register only fips approved
+ algorithms.
+ (gcry_cipher_register): Do not allow to register new ciphers.
+ (cipher_setiv): Signal fips error.
+
+ * cipher (gcry_cipher_register_default): Rename to ..
+ (cipher_register_default): .. this.
+ (REGISTER_DEFAULT_CIPHERS): Adjust for that change.
+
+2008-07-05 Werner Koch <wk@g10code.com>
+
+ * random-daemon.c, random.h, rndhw.c, rndunix.c, rand-internal.h
+ * random.c, rndegd.c, rndlinux.c, rndw32.c: Move to ../cipher.
+ * Makefile.am: Remove random stuff.
+
+2008-06-24 Szakats Istvan <szaki.ms@gmail.com> (wk)
+
+ * ac.c (_gcry_ac_key_destroy, _gcry_ac_key_pair_generate): Relase
+ some more memory.
+
+2008-04-22 Werner Koch <wk@g10code.com>
+
+ * rijndael.c (_gcry_aes_cfb_enc, _gcry_aes_cbc_enc)
+ (_gcry_aes_cfb_dec, _gcry_aes_cbc_dec): Use Padlock if possible.
+
+2008-04-18 Werner Koch <wk@g10code.com>
+
+ * sha1.c (transform_aligned): Remove. That is will obviosuly not
+ work because we need a scratch working area and our internal API
+ does not allow to modify the buffers.
+
+ * rijndael.c: Factor tables out to ..
+ * rijndael-tables.h: .. new.
+
+ * ac.c (ac_data_extract): Make static.
+
+ * camellia.h [HAVE_CONFIG_H]: Include config.h.
+
+ * rndw32.c (registry_poll): Only print the performance data
+ problem warning once. Suggested by Simon Josefsson.
+
+2008-03-19 Werner Koch <wk@g10code.com>
+
+ * cipher.c (gcry_cipher_open) [USE_AES]: Init bulk encryption only
+ if requested. Suggested by Dirk Stoecker.
+
+2008-03-18 Werner Koch <wk@g10code.com>
+
+ * sha1.c: Include stdint.h.
+ (transform): Add arg NBLOCKS so that we can work on more than one
+ block and avoid updates of the chaining variables. Changed all
+ callers to use 1.
+ (sha1_write): Replace loop around transform.
+ (transform_aligned) [WORDS_BIGENDIAN]: New.
+ (TRANSFORM): New macro to replace all direct calls of transform.
+
+2008-03-17 Werner Koch <wk@g10code.com>
+
+ * rijndael.c (_gcry_aes_cfb_dec): New.
+ (do_encrypt): Factor code out to ..
+ (do_encrypt_aligned): .. New.
+ (_gcry_aes_cfb_enc, _gcry_aes_cfb_dec): Use new function.
+ (do_decrypt): Factor code out to ..
+ (do_decrypt_aligned): .. new.
+ (_gcry_aes_cbc_enc, _gcry_aes_cbc_dec): New.
+ * cipher.c (struct gcry_cipher_handle): Put field IV into new
+ union U_IV to enforce proper alignment. Change all users.
+ (do_cfb_decrypt): Optimize.
+ (do_cbc_encrypt, do_cbc_decrypt): Optimize.
+
+2008-03-15 Werner Koch <wk@g10code.com>
+
+ * rijndael.c (_gcry_aes_cfb_enc): New.
+ * cipher.c (struct gcry_cipher_handle): Add field ALGO and BULK.
+ (gcry_cipher_open): Set ALGO and BULK.
+ (do_cfb_encrypt): Optimize.
+
+2008-02-18 Werner Koch <wk@g10code.com>
+
+ * rsa.c (_gcry_rsa_verify) [IS_DEVELOPMENT_VERSION]: Print
+ intermediate results.
+
+2008-01-08 Werner Koch <wk@g10code.com>
+
+ * random.c (add_randomness): Do not just increment
+ POOL_FILLED_COUNTER but update it by the actual amount of data.
+
+2007-12-13 Werner Koch <wk@g10code.com>
+
+ * pubkey.c (sexp_data_to_mpi): Support SHA-224.
+
+2007-12-05 Werner Koch <wk@g10code.com>
+
+ * rijndael.c (USE_PADLOCK): Depend on ENABLE_PADLOCK_SUPPORT.
+ * rndhw.c (USE_PADLOCK): Ditto
+
+ * rsa.c (secret): Fixed condition test for using CRT. Reported by
+ Dean Scarff. Fixes bug#864.
+ (_gcry_rsa_check_secret_key): Return an erro if the optional
+ parameters are missing.
+ * pubkey.c (sexp_elements_extract): Add arg ALGO_NAME. Changed all
+ callers to pass NULL. Add hack to allow for optional RSA
+ parameters.
+ (sexp_to_key): Pass algo name to sexp_elements_extract.
+
+2007-12-03 Werner Koch <wk@g10code.com>
+
+ * random.c (gcry_random_add_bytes): Implement it.
+ * rand-internal.h (RANDOM_ORIGIN_EXTERNAL): New.
+
+2007-11-30 Werner Koch <wk@g10code.com>
+
+ * rndhw.c: New.
+ * rndlinux.c (_gcry_rndlinux_gather_random): Try to read 50%
+ directly from the hwrng.
+ * random.c (do_fast_random_poll): Also run the hw rng fast poll.
+ (_gcry_random_dump_stats): Tell whether the hw rng failed.
+
+2007-11-29 Werner Koch <wk@g10code.com>
+
+ * rijndael.c (USE_PADLOCK): Define new macro used for ia32.
+ (RIJNDAEL_context) [USE_PADLOCK]: Add fields USE_PADLOCK and
+ PADLOCK_KEY.
+ (do_setkey) [USE_PADLOCK]: Enable padlock if available for 128 bit
+ AES.
+ (do_padlock) [USE_PADLOCK]: New.
+ (rijndael_encrypt, rijndael_decrypt) [USE_PADLOCK]: Divert to
+ do_padlock.
+ * cipher.c (cipher_context_alignment_t): New. Use it in this
+ module in place of PROPERLY_ALIGNED_TYPE.
+ (NEED_16BYTE_ALIGNED_CONTEXT): Define macro for ia32.
+ (struct gcry_cipher_handle): Add field HANDLE_OFFSET.
+ (gcry_cipher_open): Take care of increased alignment requirements.
+ (gcry_cipher_close): Ditto.
+
+2007-11-28 Werner Koch <wk@g10code.com>
+
+ * sha256.c (asn224): Fixed wrong template. It happened due to a
+ bug in RFC4880. SHA-224 is not in the stable version of libgcrypt
+ so the consequences are limited to users of this devel version.
+
+2007-10-31 Werner Koch <wk@g10code.com>
+
+ * ac.c (gcry_ac_data_new): Remove due to the visibility wrapper.
+ (gcry_ac_data_destroy, gcry_ac_data_copy, gcry_ac_data_length)
+ (gcry_ac_data_set, gcry_ac_data_get_name, gcry_ac_data_get_index)
+ (gcry_ac_data_to_sexp, gcry_ac_data_from_sexp)
+ (gcry_ac_data_clear, gcry_ac_io_init, gcry_ac_open)
+ (gcry_ac_close, gcry_ac_key_init, gcry_ac_key_pair_generate)
+ (gcry_ac_key_pair_extract, gcry_ac_key_destroy)
+ (gcry_ac_key_pair_destroy, gcry_ac_key_data_get)
+ (gcry_ac_key_test, gcry_ac_key_get_nbits, gcry_ac_key_get_grip)
+ (gcry_ac_data_encrypt, gcry_ac_data_decrypt, gcry_ac_data_sign)
+ (gcry_ac_data_verify, gcry_ac_data_encode, gcry_ac_data_decode)
+ (gcry_ac_mpi_to_os, gcry_ac_mpi_to_os_alloc, gcry_ac_os_to_mpi)
+ (gcry_ac_data_encrypt_scheme, gcry_ac_data_decrypt_scheme)
+ (gcry_ac_data_sign_scheme, gcry_ac_data_verify_scheme)
+ (gcry_ac_io_init_va): Ditto.
+ (gcry_ac_id_to_name, gcry_ac_name_to_id): Remove as these
+ deprecated functions are now implemented by visibility.c.
+
+2007-10-26 Werner Koch <wk@g10code.com>
+
+ * rndw32.c: Disable debug flag.
+
+2007-10-25 Werner Koch <wk@g10code.com>
+
+ * rndw32.c: Updated from current cryptlib snapshot and modified
+ for our use. Removed support from pre NT systems.
+ (slow_gatherer_windows95): Remove.
+ (_gcry_rndw32_gather_random): Require an NT platform.
+ (init_system_rng, read_system_rng, read_mbm_data): New.
+ (slow_gatherer_windowsNT): Rename to ...
+ (slow_gatherer): .. this. Read system RNG and MBM.
+ (registry_poll): New with code factored out from slow_gatherer.
+
+2007-08-23 Werner Koch <wk@g10code.com>
+
+ * random.c (pool_filled_counter): New.
+ (add_randomness): Use it.
+
+2007-08-22 Werner Koch <wk@g10code.com>
+
+ * rndw32.c, rndunix.c: Switched to LGPL.
+
+2007-05-30 Werner Koch <wk@g10code.com>
+
+ * camellia.h, camellia.c: Replace by new LGPL version and adjusted
+ camellia.h.
+
+2007-05-09 Marcus Brinkmann <marcus@g10code.de>
+
+ * ac.c (_gcry_ac_io_init_va, _gcry_ac_io_write, _gcry_ac_io_read):
+ Adjust users of gcry_ac_io_t because union is not anonymous
+ anymore.
+
+2007-05-02 Werner Koch <wk@g10code.com>
+
+ * camellia-glue.c (camellia_setkey, camellia_encrypt)
+ (camellia_decrypt): Recalculated used stack size in called
+ functions.
+ * camellia.h: Redefine external symbols.
+
+2007-05-02 David Shaw <dshaw@jabberwocky.com>
+
+ * Makefile.am, cipher.c: Add Camellia.
+
+ * camellia-glue.c: New. The necessary glue to interface libgcrypt
+ to the stock NTT Camellia distribution.
+
+ * camellia.h, camellia.c: The stock NTT Camellia distribution
+ (GPL).
+
+2007-04-30 David Shaw <dshaw@jabberwocky.com>
+
+ * cipher.c: Use #if instead of #ifdef as configure defines the
+ USE_cipher defines as 0 for disabled.
+
+2007-04-30 Werner Koch <wk@g10code.com>
+
+ * rndegd.c (_gcry_rndegd_set_socket_name): New.
+
+2007-04-30 Marcus Brinkmann <marcus@g10code.de>
+
+ * ecc.c (ec2os): Fix relocation of short numbers.
+
+ * ecc.c (generate_key): Do not allocate D, which will be allocated
+ by GEN_K. Remove G. Fix test if g_x, g_y resp. q_x, q_y are
+ requested.
+ (_gcry_ecc_generate): Release unneeded members of SK.
+ * pubkey.c (sexp_to_key): Release NAME.
+
+2007-04-28 Marcus Brinkmann <marcus@g10code.de>
+
+ * ac.c (gcry_ac_mpi): Remove member NAME_PROVIDED.
+ (ac_data_mpi_copy, _gcry_ac_data_set, _gcry_ac_data_get_name)
+ (_gcry_ac_data_get_index, ac_data_construct): Adjust handling of
+ NAME accordingly.
+
+2007-04-20 Werner Koch <wk@g10code.com>
+
+ * ecc.c (domain_parms): Add standard brainpool curves.
+
+2007-04-18 Werner Koch <wk@g10code.com>
+
+ * ecc.c (generate_curve): Implement alias mechanism.
+
+ * pubkey.c (sexp_elements_extract_ecc): New.
+ (sexp_to_key): Add special case for ecc.
+ (sexp_to_key, sexp_to_sig, sexp_to_enc, gcry_pk_genkey): Replace
+ name_terminated stuff by a call to _gcry_sexp_nth_string.
+ (gcry_pk_get_keygrip): Ditto.
+
+2007-04-16 Werner Koch <wk@g10code.com>
+
+ * ecc.c (_gcry_ecc_generate): Renamed DUMMY to CURVE and use it.
+
+2007-04-13 Marcus Brinkmann <marcus@g10code.de>
+
+ * ac.c (ac_data_construct): Cast const away to suppress compiler
+ warning.
+
+ * ecc.c (ecc_generate): Avoid compiler warning for unused argument
+ DUMMY.
+ (ecc_verify): Avoid compiler warning for unused arguments CMP and
+ OPAQUEV.
+
+2007-04-06 Werner Koch <wk@g10code.com>
+
+ * sha1.c (oid_spec_sha1): Add another oid from X9.62.
+
+2007-03-28 Werner Koch <wk@g10code.com>
+
+ * pubkey.c (gcry_pk_genkey): Do not issue misc-key-info if it is
+ empty.
+ (gcry_pk_genkey): New parameter "curve".
+
+ * ecc.c: Entirely rewritten with only a few traces of the old
+ code left.
+ (_gcry_ecc_generate): New.
+ (generate_key) New arg NAME.
+ (generate_curve): Ditto. Return actual number of NBITS.
+
+2007-03-26 Werner Koch <wk@g10code.com>
+
+ * pubkey.c (gcry_pk_genkey): Increase size of SKEY array and add a
+ runtime bounds check.
+
+2007-03-23 Werner Koch <wk@g10code.com>
+
+ * ecc.c (ecc_ctx_init, ecc_ctx_free, ecc_mod, ecc_mulm): New.
+ (duplicate_point, sum_points, escalar_mult): Don't use a
+ copy of base->p. Replaced all mpi_mulm by ecc_mulm so that we can
+ experiment with different algorithms.
+ (generate_key, check_secret_key, sign, verify): Initialize a
+ computation context for use by ecc_mulm.
+
+2007-03-22 Werner Koch <wk@g10code.com>
+
+ * pubkey.c (pubkey_table): Initialize ECC.
+ * Makefile.am (EXTRA_libcipher_la_SOURCES): Add ecc.c.
+ * ecc.c: New. Heavily reformatted and changed for use in libgcrypt.
+ (point_init): New.
+ (escalar_mult): Make arg R the first arg to be similar to the mpi
+ functions.
+ (duplicate_point): Ditto
+ (sum_points): Ditto
+ (sign, verify): Remove unneeded copy operations.
+ (sum_points): Removed memory leaks and optimized some compares.
+ (verify): Simplified input check.
+
+2007-03-14 Werner Koch <wk@g10code.com>
+
+ * random.c (MASK_LEVEL): Removed macro as it was used only at one
+ place. Open coded it there.
+ (gcry_randomize, _gcry_update_random_seed_file)
+ (_gcry_fast_random_poll): Factor lock code out to ..
+ (lock_pool, unlock_pool): .. new.
+ (initialize): Look the pool while allocating.
+ (read_random_source, do_fast_random_poll): Moved intialization to ...
+ (initialize): .. here.
+ (_gcry_enable_quick_random_gen): No more need for initialization.
+ (is_initialized): Moved this global flag to ..
+ (initialize): .. here and changed all users to unconditionally call
+ initialize.
+ (add_randomness): Remove initalization here. It simply can't
+ happen.
+
+ * random.c (enum random_origins): Moved to ..
+ * rand-internal.h: .. here.
+ * rndunix.c (_gcry_rndunix_gather_random): Use enum in prototype
+ for ORIGIN and renamed REQUESTOR to ORIGIN.
+ * rndegd.c (_gcry_rndegd_gather_random): Ditto.
+ * rndlinux.c (_gcry_rndlinux_gather_random): Ditto.
+ * rndw32.c (_gcry_rndw32_gather_random): Ditto.
+ (_gcry_rndw32_gather_random_fast): Ditto.
+
+2007-03-13 Werner Koch <wk@g10code.com>
+
+ * random.c (enum random_origins): New.
+ (add_randomness): Renamed arg SOURCE to ORIGIN.
+ (read_random_source): Renamed arg REQUESTOR to ORIGIN.
+ (getfnc_gather_random): Removed static variable because this
+ function is only called one and thus we don't need this
+ optimization.
+ (_gcry_quick_random_gen): Removed and replaced by..
+ (_gcry_enable_quick_random_gen): .. this. It is onlyu used to
+ enable it and it does not make sense to disable it later. Changed
+ the only one caller too.
+ (get_random_bytes): Removed.
+ (gcry_random_bytes, gcry_random_bytes_secure): Implement in terms
+ of gcry_randomize.
+ * random-daemon.c (_gcry_daemon_get_random_bytes): Removed.
+
+2007-02-23 Werner Koch <wk@g10code.com>
+
+ * elgamal.c (generate): Removed unused variable TEMP.
+ (test_keys): New arg NODIE.
+ (generate_using_x, _gcry_elg_generate_using_x): New.
+ * pubkey.c (pubkey_generate): New arg XVALUE and direct call to
+ the new elgamal generate fucntion.
+ (gcry_pk_genkey): Parse the new "xvalue" tag.
+
+2007-02-22 Werner Koch <wk@g10code.com>
+
+ * pubkey.c (sexp_data_to_mpi): Handle dynamically allocated
+ algorithms. Suggested by Neil Dunbar. Fixes bug#596.
+
+ * rndw32.c (_gcry_rndw32_gather_random_fast): Make it return void.
+
+ * cipher.c (gcry_cipher_algo_name): Simplified.
+
+ * random.c: Use the daemon only if compiled with USE_RANDOM_DAEMON.
+
+ * Makefile.am (libcipher_la_SOURCES): Build random-daemon support
+ only if requested.
+
+2007-02-21 Werner Koch <wk@g10code.com>
+
+ * random.c (rndpool, keypool): Make unsigned.
+ (mix_pool): Change char* variables to unsigned char*.
+ (gcry_randomize): Make arg BUFFER a void*.
+ (gcry_create_nonce): Ditto.
+
+ * rmd160.c (gcry_rmd160_mixblock): Make BUFFER a void*.
+ (_gcry_rmd160_hash_buffer): Make OUTBUF and BUFFER void*.
+ * sha1.c (_gcry_sha1_hash_buffer): Ditto.
+
+ * cipher.c (gcry_cipher_encrypt, cry_cipher_decrypt): Change
+ buffer args to void*.
+ (gcry_cipher_register): Make ALGORITHM_ID a int *.
+
+ * md.c (md_start_debug): Make SUFFIX a const char*. Use snprintf.
+ (gcry_md_debug): New.
+ (gcry_md_ctl): Changed arg BUFFER from unsigned char*.
+
+ * md.c (md_write): Make INBUF a const void*.
+ (gcry_md_write): Remove needless cast.
+ * crc.c (crc32_write): Make INBUF a const void*
+ (update_crc32, crc24rfc2440_write): Ditto.
+ * sha512.c (sha512_write, transform): Ditto.
+ * sha256.c (sha256_write, transform): Ditto.
+ * rmd160.c (rmd160_write, transform): Ditto.
+ * md5.c (md5_write, transform): Ditto.
+ * md4.c (md4_write, transform): Ditto.
+ * sha1.c (sha1_write, transform): Ditto.
+
+ * tiger.c (tiger_write, transform): Ditto.
+ * whirlpool.c (whirlpool_write, whirlpool_add, transform): Ditto.
+
+ * elgamal.c (elg_names): Change to a const*.
+ * dsa.c (dsa_names): Ditto.
+ * rsa.c (rsa_names): Ditto.
+ * pubkey.c (gcry_pk_lookup_func_name): Make ALIASES a const.
+
+2007-02-20 Werner Koch <wk@g10code.com>
+
+ * rndlinux.c (open_device): Remove unsused arg MINOR.
+
+2007-01-30 Werner Koch <wk@g10code.com>
+
+ * sha256.c (oid_spec_sha256): Add alias from pkcs#1.
+ * sha512.c (oid_spec_sha512): Ditto.
+ (oid_spec_sha384): Ditto.
+
+2006-12-18 Werner Koch <wk@g10code.com>
+
+ * rndlinux.c (set_cloexec_flag): New.
+ (open_device): Set close-on-exit flags. Suggested by Max
+ Kellermann. Fixes Debian#403613.
+
+ * Makefile.am (AM_CPPFLAGS, AM_CFLAGS): Splitted and merged
+ Moritz' changes.
+ (INCLUDES): Removed.
+
+2006-11-30 Werner Koch <wk@g10code.com>
+
+ * serpent.c (byte_swap_32): Remove trailing semicolon.
+
+2006-11-15 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (INCLUDES): Include ../src/
+
+2006-11-03 Werner Koch <wk@g10code.com>
+
+ * random.c [HAVE_GETTIMEOFDAY]: Included sys/time.h and not
+ sys/times.h. Reported by Rafaël Carré.
+
+2006-11-05 Moritz Schulte <moritz@g10code.com>
+
+ * Makefile.am (AM_CFLAGS): Added -I$(top_builddir)/src so that the
+ new gcrypt.h is used, not the one installed in the system.
+
+2006-10-25 Werner Koch <wk@g10code.com>
+
+ * primegen.c (prime_generate_internal): Tweaked use of secure
+ memory and entropy use. Safe unused primes from the pool. Allocate
+ at least a pool of 30.
+ (save_pool_prime, get_pool_prime): New.
+
+2006-10-23 Werner Koch <wk@g10code.com>
+
+ * ac.c (_gcry_ac_data_from_sexp): Reset sexp_tmp for failsafe
+ means. Release sexp_cur if needed. Reported by Dirk Stoecker.
+
+ * pubkey.c (pubkeys_registered_lock): Intialized it. It is not
+ realy needed because this is a mere initialization to 0 anyway.
+ Noted by Victor Stinner.
+
+2006-10-17 Werner Koch <wk@g10code.com>
+
+ * dsa.c (_gcry_dsa_generate2): New.
+ (generate): New arg QBITS. Add sanity checks for reasonable qbits
+ and nbits.
+ * pubkey.c (gcry_pk_genkey): Parse an qbits element.
+ (pubkey_generate): New arg QBITS. Pass it to the DSA generation.
+
+2006-10-05 Werner Koch <wk@g10code.com>
+
+ * md.c (gcry_md_algo_info) <get_asnoid>: Check that the algo is
+ available.
+
+2006-10-04 David Shaw <dshaw@jabberwocky.com> (wk)
+
+ * tiger.c (round): Rename to tiger_round as gcc 4 has a built-in
+ round function that this conflicts with.
+
+2006-09-11 Werner Koch <wk@g10code.com>
+
+ * rndw32.c (slow_gatherer_windowsNT): While adding data use the
+ size of the diskPerformance and not its address. Has been fixed in
+ GnuPG more than a year ago. Noted by Lee Fisher.
+
+2006-08-30 Werner Koch <wk@g10code.com>
+
+ * pubkey.c (sexp_data_to_mpi): Need to allow "ripemd160" here as
+ this is the canonical name.
+
+2006-08-29 Hye-Shik Chang <perky@FreeBSD.org> (wk)
+
+ * seed.c: New.
+
+2006-08-03 Werner Koch <wk@g10code.com>
+
+ * random-daemon.c (_gcry_daemon_initialize_basics): Don't
+ initialize the socket. Remove arg SOCKETNAME.
+ (connect_to_socket): Make sure that daemon is set to -1 on error.
+ (call_daemon): Initialize the socket on the first call.
+ (_gcry_daemon_randomize, _gcry_daemon_get_random_bytes)
+ (_gcry_daemon_create_nonce): New arg SOCKETNAME.
+ * random.c (initialize): Call new daemon initializator.
+ (get_random_bytes, gcry_randomize, gcry_create_nonce): Pass socket
+ name to daemon call and reset allow_daemon on failure.
+
+2006-07-26 Werner Koch <wk@g10code.com>
+
+ * rmd160.c (_gcry_rmd160_mixblock): Add cast to transform call.
+
+ * blowfish.c (selftest): Cast string to usnigned char*.
+
+ * primegen.c (prime_generate_internal): Cast unsigned/char*
+ mismatch in calling m_out_of_n.
+ (is_prime): Changed COUNT to unsigned int *.
+
+ * ac.c (_gcry_ac_data_copy): Initialize DATA_MPIS.
+
+ * random.c (gcry_create_nonce): Update the pid after a fork.
+ Reported by Uoti Urpala.
+
+2006-07-04 Marcus Brinkmann <marcus@g10code.de>
+
+ * sha512.c: Fix typo in copyright notice.
+
+2006-06-21 Werner Koch <wk@g10code.com>
+
+ * rsa.c (_gcry_rsa_generate): Replace xcalloc by calloc.
+ * pubkey.c (gcry_pk_encrypt, gcry_pk_sign): Ditto.
+ (sexp_to_key, sexp_to_sig, sexp_to_enc, gcry_pk_encrypt)
+ (gcry_pk_sign, gcry_pk_genkey, gcry_pk_get_keygrip): Ditto.
+ * md.c (md_copy): Ditto.
+
+2006-04-22 Moritz Schulte <moritz@g10code.com>
+
+ * random-daemon.c (_gcry_daemon_initialize_basics): New argument:
+ SOCKETNAME. Passing on to connect_to_socket() if non-NULL.
+ (connect_to_socket, writen, readn, call_daemon): New functions.
+ (_gcry_daemon_randomize, _gcry_daemon_get_random_bytes)
+ (_gcry_daemon_create_nonce): Call call_daemon().
+ (RANDOM_DAEMON_SOCKET): New symbol.
+ (daemon_socket): New static variable.
+
+ * random.h (_gcry_daemon_initialize_basics): New parameter:
+ SOCKETNAME.
+ (_gcry_set_random_daemon_socket): New declaration.
+
+ * random.c (initialize_basics): Pass DAEMON_SOCKET_NAME to
+ _gcry_daemon_initialize_basics.
+ (_gcry_set_random_daemon_socket): New function, setting
+ DAEMON_SOCKET_NAME.
+
+2006-04-01 Moritz Schulte <moritz@g10code.com>
+
+ * ac.c (eme_pkcs_v1_5_encode): Use KEY_SIZE directly, no need to
+ call gcry_ac_key_get_nbits.
+ (eme_pkcs_v1_5_decode): Likewise.
+ (ac_es_dencode_prepare_pkcs_v1_5): Fill options_em structure with
+ key_size.
+ (_gcry_ac_data_dump, gcry_ac_data_dump): New functions.
+ (_gcry_ac_data_to_sexp, _gcry_ac_data_from_sexp): More or less
+ rewritten; changed S-Expression format so that it matches the one
+ used in pubkey.c.
+
+2006-03-15 Werner Koch <wk@g10code.com>
+
+ * random-daemon.c: New.
+ * random.c (_gcry_use_random_daemon): New.
+ (get_random_bytes, gcry_randomize, gcry_create_nonce): Try
+ diverting to the daemon functions.
+
+2006-03-14 Werner Koch <wk@g10code.com>
+
+ * random.c (lock_seed_file): New.
+ (read_seed_file, _gcry_update_random_seed_file): Use it.
+
+ * random.c (gcry_create_nonce): Detect a fork and re-seed.
+ (read_pool): Fixed the fork detection; it used to work only for
+ multi-threaded processes.
+
+2006-03-12 Brad Hards <bradh@frogmouth.net> (wk)
+
+ * md.c (md_open): Use new variable macpads_Bsize instead of
+ hardwiring the block size. Changed at all places.
+
+2006-03-10 Brad Hards <bradh@frogmouth.net> (wk, patch 2005-04-22)
+
+ * md.c, sha256.c: Add support for SHA-224.
+ (sha224_init): New.
+
+2006-01-18 Brad Hards <bradh@frogmouth.net> (wk 2006-03-07)
+
+ * cipher.c (cipher_encrypt, cipher_decrypt, do_ofb_encrypt)
+ (do_ofb_decrypt, gcry_cipher_open): Implement Output Feedback Mode.
+
+2005-11-02 Moritz Schulte <moritz@g10code.com>
+
+ * pubkey.c (gcry_pk_algo_name): Return "?" instead of NULL for
+ unknown algorithm IDs.
+ * cipher.c (cipher_algo_to_string): Likewise.
+
+2005-11-01 Moritz Schulte <moritz@g10code.com>
+
+ * pubkey.c (gcry_pk_algo_info): Don't forget to break after switch
+ case.
+
+2005-09-19 Werner Koch <wk@g10code.com>
+
+ * dsa.c (generate): Add preliminary support for 2 and 4 keys.
+ Return an error code if the key size is not supported.
+ (_gcry_dsa_generate): Return an error.
+
+2005-08-22 Werner Koch <wk@g10code.com>
+
+ * primegen.c (check_prime): New arg RM_ROUNDS.
+ (prime_generate_internal): Call it here with 5 rounds as used
+ before.
+ (gcry_prime_check): But here with 64 rounds.
+ (is_prime): Make sure never to use less than 5 rounds.
+
+2005-04-16 Moritz Schulte <moritz@g10code.com>
+
+ * ac.c (_gcry_ac_init): New function.
+
+2005-04-12 Moritz Schulte <moritz@g10code.com>
+
+ * ac.c (_gcry_ac_io_write, _gcry_ac_io_read): Initialize err to
+ make the compiler happy.
+ Always use errno, now that gcry_malloc() is guaranteed to set
+ errno on failure.
+ (_gcry_ac_data_to_sexp): Don't forget to goto out after error in
+ loop.
+ (_gcry_ac_data_to_sexp): Remove unused variable: mpi_list;
+ (_gcry_ac_data_to_sexp): Always deallocate sexp_buffer.
+ (_gcry_ac_data_from_sexp): Don't forget to initialize data_set_new.
+ (_gcry_ac_data_from_sexp): Handle special case, which is
+ necessary, since gcry_sexp_nth() does not distinguish between
+ "element does not exist" and "element is the empty list".
+ (_gcry_ac_io_init_va): Use assert to make sure that mode and type
+ are correct.
+ Use gcry_error_t types where gcry_err_code_t types have been used
+ before.
+
+2005-04-11 Moritz Schulte <moritz@g10code.com>
+
+ * ac.c (_gcry_ac_data_sign_scheme): Don't forget to initialize
+ buffer.
+
+ * whirlpool.c: New file.
+ * md.c (digest_table): Add whirlpool.
+ * Makefile.am (EXTRA_libcipher_la_SOURCES): Added: whirlpool.c.
+
+2005-03-30 Moritz Schulte <moritz@g10code.com>
+
+ * ac.c (_gcry_ac_data_from_sexp): Use length of SEXP_CUR, not
+ length of SEXP; do not forget to set SEXP_TMP to NULL after it has
+ been released.
+
+ (struct gcry_ac_mpi): New member: name_provided.
+ (_gcry_ac_data_set): Rename variable `name_final' to `name_cp';
+ remove const qualifier; change code to not cast away const
+ qualifiers; use name_provided member as well.
+ (_gcry_ac_data_set, _gcry_ac_data_get_name): Use name_provided
+ member of named mpi structure.
+
+ (gcry_ac_name_to_id): Do not forget to initialize err.
+ (_gcry_ac_data_get_index): Do not forget to initialize mpi_return;
+ use gcry_free() instead of free(); remove unnecessary cast; rename
+ mpi_return and name_return to mpi_cp and name_cp; adjust code.
+ (ac_data_mpi_copy): Do not cast away const qualifier.
+ (ac_data_values_destroy): Likewise.
+ (ac_data_construct): Likewise.
+
+ (ac_data_mpi_copy): Initialize flags to GCRY_AC_FLAG_DEALLOC.
+ (ac_data_extract): Use GCRY_AC_FLAG_DEALLOC instead of
+ GCRY_AC_FLAG_COPY.
+
+ (_gcry_ac_io_init_va, _gcry_ac_io_init, gcry_ac_io_init)
+ (gcry_ac_io_init_va, _gcry_ac_io_write, _gcry_ac_io_read)
+ (_gcry_ac_io_read_all, _gcry_ac_io_process): New functions.
+ (gry_ac_em_dencode_t): Use gcry_ac_io_t in prototype instead of
+ memroy strings directly; adjust encode/decode functions to use io
+ objects.
+ (emsa_pkcs_v1_5_encode_data_cb): New function ...
+ (emsa_pkcs_v1_5_encode): ... use it here.
+ (ac_data_dencode): Use io objects.
+ (_gcry_ac_data_encode, _gcry_ac_data_decode, gcry_ac_data_encode)
+ (gcry_ac_data_decode): Likewise.
+ (_gcry_ac_data_encrypt_scheme, gcry_ac_data_encrypt_scheme)
+ (_gcry_ac_data_decrypt_scheme, gcry_ac_data_decrypt_scheme)
+ (_gcry_ac_data_sign_scheme, gcry_ac_data_sign_scheme)
+ (_gcry_ac_data_verify_scheme, gcry_ac_data_verify_scheme):
+ Likewise.
+
+2005-03-23 Werner Koch <wk@g10code.com>
+
+ * rndw32.c (_gcry_rndw32_gather_random_fast): While adding data
+ use the size of the object and not the one of its address. Bug
+ reported by Sascha Kiefer.
+
+2005-03-19 Moritz Schulte <moritz@g10code.com>
+
+ * cipher.c (do_cbc_encrypt): Be careful to not overwrite data,
+ which is to be used later on. This happend, in case CTS is
+ enabled and OUTBUF is equal to INBUF.
+
+2005-02-25 Werner Koch <wk@g10code.com>
+
+ * pubkey.c (gcry_pk_get_keygrip): Allow for shadowed-private-key.
+
+2005-02-13 Moritz Schulte <moritz@g10code.com>
+
+ * serpent.c: Updated from 1.2 branch:
+
+ s/u32_t/u32/ and s/byte_t/byte/. Too match what we have always
+ used and are using in all other files too
+ (serpent_test): Moved prototype out of a fucntion.
+
+2005-02-07 Moritz Schulte <moritz@g10code.com>
+
+ * ac.c: Major parts rewritten.
+ * pubkey.c (_gcry_pk_get_elements): New function.
+
+2004-12-09 Werner Koch <wk@g10code.com>
+
+ * serpent.c (serpent_setkey): Moved prototype of serpent_test to
+ outer scope.
+
+2004-09-11 Moritz Schulte <moritz@g10code.com>
+
+ * pubkey.c (pubkey_table): Added an alias entry for GCRY_PK_ELG_E.
+
+2004-08-23 Moritz Schulte <moritz@g10code.com>
+
+ * ac.c: Do not include <assert.h>.
+ * rndegd.c: Likewise.
+ * sha1.c: Likewise.
+ * rndunix.c: Likewise.
+ * rndlinux.c: Likewise.
+ * rmd160.c: Likewise.
+ * md5.c: Likewise.
+ * md4.c: Likewise.
+ * cipher.c: Likewise.
+ * crc.c: Likewise.
+ * blowfish.c: Likewise.
+
+ * pubkey.c (dummy_generate, dummy_check_secret_key)
+ (dummy_encrypt, dummy_decrypt, dummy_sign, dummy_verify): Return
+ err code GPG_ERR_NOT_IMPLEMENTED instead of aborting through
+ log_bug().
+ (dummy_get_nbits): Return 0 instead of aborting though log_bug().
+
+2004-08-19 Werner Koch <wk@g10code.de>
+
+ * pubkey.c (sexp_data_to_mpi): Changed the zero random byte
+ substituting code to actually do clever things. Thanks to
+ Matthias Urlichs for noting the implementation problem.
+
+2004-08-09 Moritz Schulte <moritz@g10code.com>
+
+ * pubkey.c (gcry_pk_sign): Fixed memory leak; fix provided by
+ Modestas Vainius.
+
+2004-07-16 Werner Koch <wk@gnupg.org>
+
+ * rijndael.c (do_encrypt): Fix alignment problem. Bugs found by
+ Matthias Urlichs.
+ (do_decrypt): Ditto.
+ (keySched, keySched2): Use 2 macros along with unions in the key
+ schedule context.
+
+2004-07-14 Moritz Schulte <moritz@g10code.com>
+
+ * rsa.c (_gcry_rsa_decrypt): Don't forget to free "a". Thanks to
+ Nikos Mavroyanopoulos.
+
+2004-05-09 Werner Koch <wk@gnupg.org>
+
+ * random.c (read_pool): Mix the PID in to better protect after a
+ fork.
+
+2004-07-04 Moritz Schulte <moritz@g10code.com>
+
+ * serpent.c: Use "u32_t" instead of "unsigned long", do not
+ declare S-Box variables as "register". Fixes failure on
+ OpenBSD/sparc64, reported by Nikolay Sturm.
+
+2004-05-07 Werner Koch <wk@gnupg.org>
+
+ * random.c (initialize): Factored out some code to ..
+ (initialize_basics): .. new function.
+ (_gcry_random_initialize): Just call initialize_basics unless the
+ new arg FULL is set to TRUE.
+ (_gcry_fast_random_poll): Don't do anything unless the random
+ system has been really initialized.
+
+2004-05-07 Moritz Schulte <moritz@g10code.de>
+
+ * ac.c (gcry_ac_open): Do not dereference NULL pointer. Reported
+ by Umberto Salsi.
+
+2004-02-20 Werner Koch <wk@gnupg.org>
+
+ * primegen.c (check_prime): New args CB_FUNC and CB_ARG; call them
+ at different stages. Pass these arguments through all callers.
+
+2004-02-06 Werner Koch <wk@gnupg.org>
+
+ * des.c: Add a new OID as used by pkcs#12.
+
+ * rfc2268.c: New. Taken from libgcrypt.
+ * cipher.c: Setup the rfc2268 algorithm.
+
+2004-01-25 Moritz Schulte <mo@g10code.com>
+
+ * primegen.c (prime_generate_internal): Do not forget to free
+ `q_factor'; fixed by Brieuc Jeunhomme.
+ (prime_generate_internal): Do not forget to free `prime'.
+
+2004-01-14 Moritz Schulte <mo@g10code.com>
+
+ * ac.c (gcry_ac_data_set): New argument: flags; slightly
+ rewritten.
+ (gcry_ac_data_get_name, gcry_ac_data_get_index): Likewise.
+ (gcry_ac_key_pair_generate): New argument: misc_data; modified
+ order of arguments.
+ (gcry_ac_key_test): New argument: handle.
+ (gcry_ac_key_get_nbits, gcry_ac_key_get_grip): Likewise.
+ Use GCRY_AC_FLAG_NO_BLINDING instead of
+ GCRY_AC_DATA_FLAG_NO_BLINDING.
+ (gcry_ac_mpi): New member: flags.
+ (gcry_ac_data_search, gcry_ac_data_add): Removed functions.
+
+2003-12-22 Werner Koch <wk@gnupg.org>
+
+ * primegen.c (is_prime): Release A2.
+
+2003-12-19 Werner Koch <wk@gnupg.org>
+
+ * md.c: Moved a couple of functions down below the data structure
+ definitions.
+ (struct gcry_md_context): New field ACTUAL_HANDLE_SIZE.
+ (md_open): Set it here.
+ (strcut gcry_md_list): New field ACTUAL_STRUCT_SIZE.
+ (md_enable): Set it here.
+ (md_close): Wipe the context memory.
+ secure memory.
+ * cipher.c (struct gcry_cipher_handle): New field ACTUAL_HANDLE_SIZE.
+ (gcry_cipher_open): Set it here.
+ (gcry_cipher_close): Use it to always wipe out the handle data.
+
+ * ac.c (gcry_ac_open): Make sure HANDLE gets initialized even when
+ the function is not successful.
+ (gcry_ac_close): Allow a NULL handle.
+ (gcry_ac_key_destroy, gcry_ac_key_pair_destroy): Ditto.
+ (gcry_ac_key_get_grip): Return INV_OBJ on error.
+
+ * primegen.c (prime_generate_internal): Fixed error code for
+ failed malloc. Replaced the !err if chain by gotos.
+ (gcry_prime_group_generator): Remove the extra sanity check.
+
+ * md.c: Minor code and comment cleanups.
+
+2003-12-16 Werner Koch <wk@gnupg.org>
+
+ * primegen.c (gen_prime): Doc fix. Thanks to Newton Hammet.
+
+2003-12-11 Werner Koch <wk@gnupg.org>
+
+ * rndunix.c (slow_poll): Don't use #warning but #error.
+
+ * rndegd.c: Changed indentation.
+ (my_make_filename): Removd the var_arg cruft becuase we
+ don't need it here. Changed caller.
+
+ * rndlinux.c: Changed indentation.
+ (open_device): Remove the superfluous stat call and clarify
+ comment.
+
+ * rsa.c: Changed indentation.
+ (secret): Use the standard algorithm if p, q and u are not
+ available.
+ (rsa_blind, rsa_unblind): Renamed from _gcry_rsa_blind,
+ _gcry_rsa_unblind and moved more to the top.
+
+ * md4.c: Changed indentation. Removed unnecessary casts.
+ * md5.c, rmd160.c, sha1.c, tiger.c: Ditto.
+ * rijndael.c, twofish.c: Ditto.
+ * serpent.c: Removed unnecessary casts.
+ * sha256.c, sha512.c: Ditto.
+
+2003-12-09 Werner Koch <wk@gnupg.org>
+
+ * dsa.c: Unified indentation style.
+ * elgamal.c: Ditto.
+ * des.c (des_key_schedule): Code beautifications.
+ * blowfish.c: Changed indentation style.
+ * cast5.c (do_cast_setkey): Ditto.
+
+ * pubkey.c (gcry_pk_encrypt): Replaced the chain of if(!err) tests
+ by straightforward gotos. Other cleanups.
+ (gcry_pk_decrypt): Ditto.
+ (gcry_pk_sign): Ditto.
+ (gcry_pk_verify): Ditto.
+ (gcry_pk_genkey): Ditto. Use strtoul instead of strtol.
+ (gcry_pk_ctl): Use GPG_ERR_INV_ARG to indicate bad arguments.
+
+2003-12-07 Werner Koch <wk@gnupg.org>
+
+ * pubkey.c (gcry_pk_register_default): Undef the helper macro.
+ (gcry_pk_map_name): Allow NULL for string.
+ (sexp_to_key): Use memcpy and not strncpy. Use gcry_free and not
+ free.
+ (sexp_to_sig): Ditto.
+ (sexp_to_enc): Ditto. Replaced the chain of if(!err) tests by
+ straightforward gotos.
+
+2003-12-05 Werner Koch <wk@gnupg.org>
+
+ * cipher.c: Documentation cleanups.
+ (gcry_cipher_mode_from_oid): Allow NULL for STRING.
+
+2003-12-03 Werner Koch <wk@gnupg.org>
+
+ * elgamal.c (sign, do_encrypt, gen_k): Make sure that a small K is
+ only used for encryption.
+
+2003-11-18 Werner Koch <wk@gnupg.org>
+
+ * random.h (rndw32_set_dll_name): Removed unused prototype.
+
+ * Makefile.am (EXTRA_DIST): Added Manifest.
+
+2003-11-11 Werner Koch <wk@gnupg.org>
+
+ * Manifest: New.
+
+2003-11-04 Werner Koch <wk@gnupg.org>
+
+ * md.c (gcry_md_hash_buffer): Use shortcut for SHA1
+ * sha1.c (_gcry_sha1_hash_buffer): New.
+
+ * random.c: Reformatted most functions.
+ (mix_pool): Moved the failsafe_digest from global
+ scope to here.
+ (do_fast_random_poll): Use the generic fucntions even if a fast
+ gathering function has been used.
+ (read_pool): Detect a fork and retry.
+ (gcry_randomize, get_random_bytes): Don't distinguish anymore
+ between weak and strong random.
+ (gcry_create_nonce): New.
+
+2003-10-31 Werner Koch <wk@gnupg.org>
+
+ * rndw32.c (slow_gatherer_windowsNT): Use a plain buffer for the
+ disk performance values and not the W32 API structure.
+
+ * dsa.c (verify): s/exp/ex/ due to shadowing of a builtin.
+ * elgamal.c (verify): Ditto.
+
+ * ac.c (gcry_ac_data_get_index): s/index/idx/
+ (gcry_ac_data_copy_internal): Remove the cast in _gcry_malloc.
+ (gcry_ac_data_add): Must use gcry_realloc instead of realloc.
+ * pubkey.c (sexp_elements_extract): s/index/idx/ as tribute to the
+ forehackers.
+ (gcry_pk_encrypt): Removed shadowed definition of I. Reordered
+ arguments to malloc for clarity.
+ (gcry_pk_sign, gcry_pk_genkey): Ditto.
+ * primegen.c (prime_generate_internal): s/random/randomlevel/.
+
+2003-10-27 Moritz Schulte <mo@g10code.com>
+
+ * pubkey.c (gcry_pk_encrypt): Don't forget to deallocate pkey.
+
+2003-10-27 Werner Koch <wk@gnupg.org>
+
+ * random.c (gcry_random_add_bytes): Return if buflen is zero to
+ avoid gcc warning about unsed parameter.
+ (MASK_LEVEL): Simplified; does now work for signed and unsigned
+ w/o warnings.
+
+ * md.c (md_start_debug): Removed the const from SUFFIX, because
+ this function is called from the control fucntion which does not
+ require const.
+
+ Prefixed all (pubkey,digest,cipher}_spec_* globale variables with
+ _gcry_.
+
+ * ac.c (ac_key_identifiers): Made static.
+
+ * random.c (getfnc_gather_random,getfnc_fast_random_poll): Move
+ prototypes to ..
+ * rand-internal.h: .. here
+ * random.c (getfnc_gather_random): Include rndw32 gatherer.
+ * rndunix.c, rndw32.c, rndegd.c: Include them here.
+ * rndlinux.c (_gcry_rndlinux_gather_random): Prepend the _gcry_
+ prefix. Changed all callers.
+ * rndegd.c (_gcry_rndegd_gather_random): Likewise.
+ (_gcry_rndegd_connect_socket): Likewise.
+ * rndunix.c (_gcry_rndunix_gather_random): Likewise.
+ (waitpid): Made static.
+ * rndw32.c: Removed the old and unused winseed.dll cruft.
+ (_gcry_rndw32_gather_random_fast): Renamed from
+ gather_random_fast.
+ (_gcry_rndw32_gather_random): Renamed from gather_random. Note,
+ that the changes 2003-04-08 somehow got lost.
+
+ * sha512.c (sha512_init, sha384_init): Made static.
+
+ * cipher.c (do_ctr_decrypt): Removed "return" from this void
+ function.
+
+2003-10-24 Moritz Schulte <mo@g10code.com>
+
+ * serpent.c: Fix an issue on big-endian systems.
+
+ * rndw32.c: Removed IS_MODULE -cruft.
+ * rndlinux.c (rndlinux_gather_random): Likewise.
+
+2003-10-10 Werner Koch <wk@gnupg.org>
+
+ * primegen.c (gen_prime): Bail out if NBITS is less than 16.
+ (prime_generate_internal): Initialize prime variable to suppress
+ compiler warning. Check pbits, initialize qbits when passed as
+ zero.
+
+ * primegen.c (prime_generate_internal): New arg
+ ALL_FACTORS. Changed all callers.
+ (gcry_prime_generate): Make the factors arg optional. Request
+ all_factors. Make sure PRIME is set to NULL even on error.
+ (gcry_prime_group_generator): New.
+ (gcry_prime_release_factors): New.
+
+2003-10-06 Werner Koch <wk@gnupg.org>
+
+ * primegen.c (gen_prime): Assert that NBITS is never zero, it
+ would cause a segv.
+
+2003-09-28 Moritz Schulte <mo@g10code.com>
+
+ * ac.c: Include "cipher.h".
+
+2003-09-27 Moritz Schulte <mo@g10code.com>
+
+ * rndegd.c (do_read): Return nread instead of nbytes; thanks to
+ Michael Caerwyn.
+
+2003-09-04 Werner Koch <wk@gnupg.org>
+
+ * pubkey.c (_gcry_pk_aliased_algo_name): New.
+ * ac.c (gcry_ac_open): Use it here.
+
+ * Makefile.am (EXTRA_libcipher_la_SOURCES): Add serpent.c
+
+2003-09-02 Moritz Schulte <mo@g10code.com>
+
+ * primegen.c (gcry_prime_check, gcry_prime_generate): New
+ functions.
+ (prime_generate_internal): New function, based on
+ _gcry_generate_elg_prime.
+ (_gcry_generate_elg_prime): Rewritten as a wrapper for
+ prime_generate_internal.
+
+2003-08-28 Werner Koch <wk@gnupg.org>
+
+ * pubkey.c (gcry_pk_encrypt): Don't include the flags list in the
+ return value. This does not make sense and breaks any programs
+ parsing the output strictly (e.g. current gpgsm).
+ (gcry_pk_encrypt): If aliases for the algorithm name exists, take
+ the first one instead of the regular name to adhere to SPKI
+ conventions.
+ (gcry_pk_genkey): Ditto.
+ (gcry_pk_sign): Ditto. Removed unused KEY_ALGO_NAME.
+
+2003-08-19 Moritz Schulte <mo@g10code.com>
+
+ * cipher.c: Add support for Serpent
+ * serpent.c: New file.
+
+2003-08-10 Moritz Schulte <moritz@g10code.com>
+
+ * rsa.c (_gcry_rsa_blind, _gcry_rsa_unblind): Declare static.
+
+2003-08-09 Timo Schulz <twoaday@freakmail.de>
+
+ * random.c (getfnc_gather_random): Don't check NAME_OF_DEV_RANDOM
+ two times, but also the NAME_OF_DEV_URANDOM device.
+
+2003-08-08 Moritz Schulte <moritz@g10code.com>
+
+ * pubkey.c (sexp_to_enc): Fixed extraction of S-Expression: do not
+ fail if no `flags' sub S-Expression is found.
+
+2003-07-27 Werner Koch <wk@gnupg.org>
+
+ * md.c (gcry_md_lookup_func_oid): Allow for empty OID lists.
+
+2003-07-23 Moritz Schulte <moritz@g10code.com>
+
+ * ac.c (gcry_ac_data_construct): New argument: include_flags, only
+ include `flags' S-expression, if include_flags is true. Adjust
+ callers. Thanks for triggering a bug caused by `flags'
+ sub-S-expression where they are not expected to Ralf Schneider.
+
+2003-07-21 Moritz Schulte <moritz@g10code.com>
+
+ * pubkey.c (gcry_pk_lookup_func_name): Use new member name
+ `aliases' instead of `sexp_names'.
+
+ * ac.c (gcry_ac_key_data_get): New function.
+
+ * cipher.c (gcry_cipher_lookup_func_name): Fix return value.
+
+2003-07-20 Moritz Schulte <moritz@g10code.com>
+
+ * blowfish.c: Adjusted for new gcry_cipher_spec_t structure.
+ * cast5.c: Likewise.
+ * twofish.c: Likewise.
+ * arcfour.c: Likewise.
+ * rijndael.c (rijndael_oids, rijndael192_oids, rijndael256_oids):
+ New variables, adjust for new gcry_cipher_spec_t structure.
+ * des.c (oids_tripledes): New variable, adjust for new
+ gcry_cipher_spec_t structure.
+
+ * md.c (oid_table): Removed.
+
+ * tiger.c (oid_spec_tiger): New variable.
+ (digest_spec_tiger): Adjusted for new gry_md_spec_t structure.
+
+ * sha512.c (oid_spec_sha512): New variable.
+ (digest_spec_sha512): Adjusted for new gry_md_spec_t structure.
+
+ * sha512.c (oid_spec_sha384): New variable.
+ (digest_spec_sha384): Adjusted for new gry_md_spec_t structure.
+
+ * sha256.c (oid_spec_sha256): New variable.
+ (digest_spec_sha256): Adjusted for new gry_md_spec_t structure.
+
+ * sha1.c (oid_spec_sha1): New variable.
+ (digest_spec_sha1): Adjusted for new gry_md_spec_t structure.
+
+ * rmd160.c (oid_spec_rmd160): New variable.
+ (digest_spec_rnd160): Adjusted for new gry_md_spec_t structure.
+
+ * md5.c (oid_spec_md5): New variable.
+ (digest_spec_md5): Adjusted for new gry_md_spec_t structure.
+
+ * md4.c (oid_spec_md4): New variable.
+ (digest_spec_md4): Adjusted for new gry_md_spec_t structure.
+
+ * crc.c (digest_spec_crc32, digest_spec_crc32_rfc1510,
+ digest_spec_crc32_rfc2440): Adjusted for new gry_md_spec_t
+ structure.
+
+2003-07-19 Moritz Schulte <moritz@g10code.com>
+
+ * md.c (gcry_md_lookup_func_oid): New function.
+ (search_oid): New function, copied from cipher.c.
+ (gcry_md_map_name): Adjust for new search_oid_interface.
+
+ * cipher.c (oid_table): Removed table.
+ (gcry_cipher_lookup_func_oid): New function.
+ (search_oid): Rewritten to use the module functions.
+ (gcry_cipher_map_name): Adjust for new search_oid interface.
+ (gcry_cipher_mode_from_oid): Likewise.
+
+2003-07-18 Werner Koch <wk@gnupg.org>
+
+ * md.c (gcry_md_hash_buffer): Convert ERR to gpg_error_t in
+ gpg_strerror.
+
+2003-07-14 Moritz Schulte <moritz@g10code.com>
+
+ * cipher.c (gcry_cipher_lookup_func_name): Also check the cipher
+ name aliases, not just the primary name.
+ (gcry_cipher_map_name): Remove kludge for aliasing Rijndael to
+ AES.
+
+ * arcfour.c, blowfish.c, cast5.c, des.c, twofish.c: Adjust cipher
+ specification structures.
+
+ * rijndael.c (rijndael_names, rijndael192_names,
+ rijndael256_names): New variables, use them in the cipher
+ specifications.
+
+ * rmd160test.c: Removed file.
+
+ * ac.c, arcfour.c, blowfish.c, cast5.c, cipher.c, des.c, dsa.c,
+ elgamal.c, md.c, pubkey.c, random.c, rijndael.c, rsa.c, twofish.c:
+ Used gcry_err* wrappers for libgpg symbols.
+
+ * primegen.c (gen_prime): Correct the order arguments to
+ extra_check.
+
+2003-07-12 Moritz Schulte <moritz@g10code.com>
+
+ * ac.c: Replaced all public occurences of gpg_error_t with
+ gcry_error_t.
+ * cipher.c: Likewise.
+ * md.c: Likewise.
+ * pubkey.c: Likewise.
+ * random.c: Likewise.
+
+ * cipher.c: Added support for TWOFISH128.
+
+2003-07-08 Moritz Schulte <moritz@g10code.com>
+
+ * ac.c (gcry_ac_data_copy_internal): New function, based on
+ gcry_ac_data_copy.
+ (gcry_ac_data_copy): Made public, use gcry_ac_data_copy_internal.
+ (gcry_ac_key_init): Use gcry_ac_data_copy_internal.
+
+2003-07-07 Moritz Schulte <moritz@g10code.com>
+
+ * ac.c (gcry_ac_data_set): Only release old MPI value if it is
+ different from the new value. Bug reported by Simon Josefsson
+ <jas@extundo.com>.
+
+ * pubkey.c (gcry_pk_list): New function.
+ * md.c (gcry_md_list): New function.
+
+ * ac.c (gcry_ac_key_pair_generate): Fix calculation of format
+ string size.
+
+2003-07-05 Moritz Schulte <moritz@g10code.com>
+
+ * md.c: Named struct of digest_table `digest_table_entry'.
+ (digest_table_entry): New member: algorithm; filled in.
+ (digest_table_entry): Removed unused member: flags.
+ (gcry_md_register): New argument: algorithm_id, filled in.
+ (gcry_md_register_default): Used algorithm ID from module
+ structure.
+ (gcry_md_map_name): Likewise.
+ (md_enable): Likewise.
+ (md_read): Likewise.
+ (gcry_md_info): Likewise.
+
+ * pubkey.c: Named truct for pubkey_table `pubkey_table_entry'.
+ (pubkey_table_entry): New member: algorithm; filled in.
+ (gcry_pk_register_default): Used algorithm ID from pubkey_table.
+ (gcry_pk_register): New argument: algorithm_id, filled in.
+ (gcry_pk_map_name): Used algorithm ID from module structure.
+ (gcry_pk_decrypt): Likewise.
+ (gcry_pk_encrypt): Likewise.
+ (gcry_pk_verify): Likewise.
+ (gcry_pk_sign): Likewise.
+ (gcry_pk_testkey): Likewise.
+ (gcry_pk_genkey): Likewise.
+ (gcry_pk_get_nbits): Likewise.
+ (sexp_to_key): Removed unused variable: algo.
+ (sexp_to_sig): Likewise.
+
+ * cipher.c: Named struct for cipher_table `cipher_table_entry'.
+ (cipher_table_entry): New member: algorithm; filled in.
+ (gcry_cipher_register_default): Used algorithm ID from
+ cipher_table.
+ (gcry_cipher_register): New argument: algorithm_id, filled in.
+ (gcry_cipher_map_name): Used algorithm ID from module structure.
+
+ * arcfour.c (cipher_spec_arcfour): Removed algorithm ID.
+ * blowfish.c (cipher_spec_blowfish): Likewise.
+ * cast5.c (cipher_spec_cast5): Likewise.
+ * crc.c (digest_spec_crc32): Likewise.
+ * crc.c (digest_spec_crc32_rfc1510): Likewise.
+ * crc.c (digest_spec_crc32_rfc2440): Likewise.
+ * des.c (cipher_spec_des): Likewise.
+ * des.c (cipher_spec_tripledes): Likewise.
+ * dsa.c (pubkey_spec_dsa): Likewise.
+ * elgamal.c (pubkey_spec_elg): Likewise.
+ * md4.c (digest_spec_md4): Likewise.
+ * md5.c (digest_spec_md5): Likewise.
+ * aes.c (cipher_spec_aes): Likewise.
+ * aes.c (cipher_spec_aes192): Likewise.
+ * aes.c (cipher_spec_aes256): Likewise.
+ * rsa.c (pubkey_spec_rsa): Likewise.
+ * sha1.c (digest_spec_sha1): Likewise.
+ * sha256.c (digest_spec_sha256): Likewise.
+ * sha512.c (digest_spec_sha512): Likewise.
+ * tiger.c (digest_spec_tiger): Likewise.
+ * twofish.c (cipher_spec_twofish): Likewise.
+ * twofish.c (cipher_spec_twofish128): Likewise.
+
+ * Makefile.am (EXTRA_libcipher_la_SOURCES): Fix list of source
+ files; reported by Simon Josefsson <jas@extundo.com>.
+
+ * pubkey.c: Replaced all occurences of `id' with `algorithm',
+ since `id' is a keyword in obj-c.
+ * md.c: Likewise.
+ * cipher.c: Likewise.
+
+ * crc.c, md4.c, md5.c, rmd160.c, sha1.c, sha256.c, tiger.c:
+ Replaced all occurences of gcry_digest_spec_t with gcry_md_spec_t.
+
+ * dsa.c, rsa.c, elgamal.c: Replaced all occurencens of
+ gcry_pubkey_spec_t with gcry_pk_spec_t.
+
+ * md.c: Replaced all occurences of gcry_digest_spec_t with
+ gcry_md_spec_t.
+ (gcry_digest_register_default): Renamed to ...
+ (gcry_md_register_default): ... this; adjusted callers.
+ (gcry_digest_lookup_func_name): Renamed to ...
+ (gcry_md_lookup_func_name): ... this; adjusted callers.
+ (gcry_digest_lookup_name): Renamed to ...
+ (gcry_md_lookup_name): ... this; adjusted callers.
+ (gcry_digest_register): Renamed to ...
+ (gcry_md_register): ... this.
+ (gcry_digest_unregister): Renamed to ...
+ (gcry_md_unregister): ... this.
+
+ * pubkey.c (gcry_pubkey_register): Renamed to ...
+ (gcry_pk_register): ... this.
+ (gcry_pubkey_unregister): Renamed to ...
+ (gcry_pk_unregister): ... this.
+ Replaced all occurences of gcry_pubkey_spec_t with gcry_pk_spec_t.
+ (gcry_pubkey_register_default): Renamed to ...
+ (gcry_pk_register_default): ... this; adjusted callers.
+ (gcry_pubkey_lookup_func_name): Renamed to ...
+ (gcry_pk_lookup_func_name): ... this; adjusted callers.
+ (gcry_pubkey_lookup_name): Renamed to ...
+ (gcry_pk_lookup_name): ... this; adjusted callers.
+
+ * md.c (gcry_md_hash_buffer): Fix error checking. Thanks to Simon
+ Josefsson <jas@extunde.com>.
+
+2003-07-04 Moritz Schulte <moritz@g10code.com>
+
+ * cipher.c (gcry_cipher_list): New function.
+
+2003-07-01 Moritz Schulte <moritz@g10code.com>
+
+ * pubkey.c (sexp_to_sig): Accept a `flags' S-expression to be more
+ consistent with sexp_to_enc.
+
+2003-06-30 Moritz Schulte <moritz@g10code.com>
+
+ * Makefile.am (libcipher_la_SOURCES): Added: ac.c.
+
+ * pubkey.c (_gcry_pk_module_lookup): New function.
+ (_gcry_pk_module_release): New function.
+
+2003-06-29 Moritz Schulte <moritz@g10code.com>
+
+ * ac.c: New file.
+
+2003-06-26 Werner Koch <wk@gnupg.org>
+
+ * md.c (gcry_md_hash_buffer): Trigger BUG correcly with new API.
+
+2003-06-19 Werner Koch <wk@gnupg.org>
+
+ * md.c (gcry_md_is_enabled): Fixed.
+
+2003-06-18 Werner Koch <wk@gnupg.org>
+
+ * cipher.c (gcry_cipher_get_algo_keylen): New.
+ (gcry_cipher_get_algo_blklen): New.
+
+2003-06-18 Moritz Schulte <moritz@g10code.com>
+
+ * arcfour.c, cipher.c, blowfish.c, md.c, cast5.c, pubkey.c, crc.c,
+ des.c, dsa.c, elgamal.c, md4.c, md5.c, random.c, rijndael.c,
+ rmd160.c, rsa.c, sha1.c, sha256.c, sha512.c, tiger.c, twofish.c:
+ Replaced older types GcryDigestSpec, GcryCipherSpec and
+ GcryPubkeySpec with newer types: gcry_digest_spec_t,
+ gcry_cipher_spec_t and gcry_pubkey_spec_t.
+
+ * md.c (gcry_digest_id_new): Removed function.
+ (gcry_digest_register): Removed code for generating a new module
+ ID.
+
+ * pubkey.c (gcry_pubkey_id_new): Removed function.
+ (gcry_pubkey_register): Removed code for generating a new module
+ ID.
+
+ * cipher.c, md.c, pubkey.c: Replace old type GcryModule with newer
+ one: gcry_module_t.
+ (gcry_cipher_id_new): Removed function.
+ (gcry_cipher_register): Removed code for generating a new module
+ ID.
+
+ * cipher.c (gcry_cipher_register): Adjust call to
+ _gcry_module_add.
+ (gcry_cipher_register_default): Likewise.
+ * pubkey.c (gcry_pubkey_register_default): Likewise.
+ (gcry_pubkey_register): Likewise.
+ * md.c (gcry_digest_register_default): Likewise.
+ (gcry_digest_register): Likewise.
+
+ * md.c (gcry_digest_lookup_func_id): Removed function.
+ (gcry_digest_lookup_id): Likewise.
+ (gcry_digest_id_new): Use _gcry_module_lookup_id instead of
+ gcry_digest_lookup_id.
+ (digest_algo_to_string): Likewise.
+ (check_digest_algo): Likewise.
+ (md_enable): Likewise.
+ (md_digest_length): Likewise.
+ (md_asn_oid): Likewise.
+
+ * pubkey.c (gcry_pubkey_lookup_id): Removed function.
+ (gcry_pubkey_lookup_func_id): Likewise.
+ (gcry_pubkey_id_new): Use _gcry_module_lookup_id instead of
+ gcry_pubkey_id_new.
+ (gcry_pk_algo_name): Likewise.
+ (disable_pubkey_algo): Likewise.
+ (check_pubkey_algo): Likewise.
+ (pubkey_get_npkey): Likewise.
+ (pubkey_get_nskey): Likewise.
+ (pubkey_get_nsig): Likewise.
+ (pubkey_get_nenc): Likewise.
+ (pubkey_generate): Likewise.
+ (pubkey_check_secret_key): Likewise.
+ (pubkey_encrypt): Likewise.
+ (pubkey_decrypt): Likewise.
+ (pubkey_sign): Likewise.
+ (pubkey_verify): Likewise.
+ (gcry_pk_algo_info): Likewise.
+
+ * cipher.c (gcry_cipher_lookup_func_id): Removed function.
+ (gcry_cipher_lookup_id): Likewise.
+ (cipher_algo_to_string): use _gcry_module_lookup_id instead of
+ gcry_cipher_lookup_id.
+ (disable_cipher_algo): Likewise.
+ (check_cipher_algo): Likewise.
+ (cipher_get_blocksize): Likewise.
+ (gcry_cipher_open): Likewise.
+ (gcry_cipher_id_new): Likewise.
+
+2003-06-17 Moritz Schulte <moritz@g10code.com>
+
+ * Makefile.am (GCRYPT_MODULES): Set to @GCRYPT_CIPHERS@,
+ @GCRYPT_PUBKEY_CIPHERS@, @GCRYPT_DIGESTS@ and @GCRYPT_RANDOM@.
+ (libcipher_la_DEPENDENCIES): Set to $(GCRYPT_MODULES).
+ (libcipher_la_LIBADD): Likewise.
+ (AM_CFLAGS): Added: @GPG_ERROR_CFLAGS@.
+ (EXTRA_libcipher_la_SOURCES): Added all conditional sources.
+
+ * md.c (md_open): Use _gcry_fast_random_poll instead of
+ fast_random_poll.
+ * cipher.c (gcry_cipher_open): Likewise.
+
+ * random.h (fast_random_poll): Removed macro.
+
+ * blowfish.c, md4.c, md5.c, rmd160.c, sha1.c, sha256.c, sha512.c,
+ tiger.c: Use Autoconf's WORDS_BIGENDIAN instead of our own
+ BIG_ENDIAN_HOST.
+
+2003-06-16 Moritz Schulte <moritz@g10code.com>
+
+ * random.c (getfnc_gather_random): Do not special-case
+ USE_ALL_RANDOM_MODULES, make it the default.
+
+ * dsa.c: Replace last occurences of old type names with newer
+ names (i.e. replace MPI with gcry_mpi_t).
+ * elgamal.c: Likewise.
+ * primegen.c: Likewise.
+ * pubkey.c: Likewise.
+ * rsa.c: Likewise.
+
+2003-06-14 Moritz Schulte <moritz@g10code.com>
+
+ * des.c (des_setkey): Add selftest check.
+ (tripledes_set3keys): Likewise.
+ (do_tripledes_setkey): Remove selftest check.
+ (do_des_setkey): Likewise.
+
+2003-06-11 Moritz Schulte <moritz@g10code.com>
+
+ * md.c (_gcry_md_init): New function.
+ * cipher.c (_gcry_cipher_init): New function.
+ * pubkey.c (_gcry_pk_init): New function.
+
+2003-06-13 Werner Koch <wk@gnupg.org>
+
+ * md.c (gcry_md_get_algo): Reverted to old API. This is a
+ convenience function anyway and error checking is not approriate.
+ (gcry_md_is_secure): New.
+ (gcry_md_is_enabled): New.
+
+2003-06-12 Werner Koch <wk@gnupg.org>
+
+ * cipher.c (gcry_cipher_open): Make sure HANDLE is set to NULL on
+ error.
+
+2003-06-11 Werner Koch <wk@gnupg.org>
+
+ * md.c (gcry_md_open): Make sure H receives either NULL or an
+ valid handle.
+ (gcry_md_copy): Swapped arguments so that it is more in lione with
+ md_open and most other API fucntions like memcpy (destination
+ comes first). Make sure HANDLE is set to NULL on error.
+
+ * rijndael.c (do_encrypt): Hack to force correct alignment. It
+ seems not to be not sufficient, though. We should rework this
+ fucntions and remove all these ugly casts. Let the compiler
+ optimize or have an assembler implementation.
+
+2003-06-09 Moritz Schulte <moritz@g10code.com>
+
+ * Makefile.am: Removed rules serpent, since that is not commited
+ yet.
+
+2003-06-08 Moritz Schulte <moritz@g10code.com>
+
+ * pubkey.c (gcry_pk_encrypt): Improve calculation for size of the
+ format string.
+
+2003-06-07 Moritz Schulte <moritz@g10code.com>
+
+ * arcfour.c, bithelp.h, blowfish.c, cast5.c, cipher.c, crc.c,
+ des.c, dsa.c, elgamal.c, md4.c, md5.c, md.c, primegen.c, pubkey.c,
+ rand-internal.h, random.c, random.h, rijndael.c, rmd160.c,
+ rmd160test.c, rmd.h, rndeged.c, rndlinux.c, rndunix.c, rndw32.c,
+ rsa.c, sha1.c, sha256.c, sha512.c, tiger.c, twofish.c: Edited all
+ preprocessor instructions to remove whitespace before the '#'.
+ This is not required by C89, but there are some compilers out
+ there that don't like it. Replaced any occurence of the now
+ deprecated type names with the new ones.
+
+2003-06-04 Moritz Schulte <moritz@g10code.com>
+
+ * pubkey.c (gcry_pk_encrypt): Construct an arg_list and use
+ gcry_sexp_build_array instead of gcry_sexp_build.
+ (gcry_pk_sign): Likewise.
+ (gcry_pk_genkey): Likewise.
+
+2003-06-01 Moritz Schulte <moritz@g10code.com>
+
+ * dsa.c (_gcry_dsa_generate): Do not check wether the algorithm ID
+ does indeed belong to DSA.
+ (_gcry_dsa_sign): Likewise.
+ (_gcry_dsa_verify): Likewise.
+ (_gcry_dsa_get_nbits): Likewise.
+
+ * elgamal.c (_gcry_elg_check_secret_key): Do not check wether the
+ algorithm ID does indeed belong to ElGamal.
+ (_gcry_elg_encrypt): Likewise.
+ (_gcry_elg_decrypt): Likewise.
+ (_gcry_elg_sign): Likewise.
+ (_gcry_elg_verify): Likewise.
+ (_gcry_elg_get_nbits): Likewise.
+ (_gcry_elg_generate): Likewise.
+
+ * rsa.c (_gcry_rsa_generate): Do not check wether the algorithm ID
+ does indeed belong to RSA.
+ (_gcry_rsa_encrypt): Likewise.
+ (_gcry_rsa_decrypt): Likewise.
+ (_gcry_rsa_sign): Likewise.
+ (_gcry_rsa_verify): Likewise.
+ (_gcry_rsa_get_nbits): Likewise.
+
+2003-05-30 Moritz Schulte <moritz@g10code.com>
+
+ * md.c (md_get_algo): Return zero in case to algorithm is enabled.
+
+ * md.c (gcry_md_info): Adjusted for new no-errno-API.
+ (md_final): Likewise.
+ (gcry_md_get_algo): Likewise.
+ * pubkey.c (gcry_pk_get_keygrip): Likewise.
+ (gcry_pk_ctl): Likewise.
+ (gcry_pk_algo_info): Likewise.
+ * des.c (selftest): Likewise.
+
+2003-05-29 Moritz Schulte <moritz@g10code.com>
+
+ * md.c (md_enable): Do not forget to release module on error.
+ (gcry_md_open): Adjusted for new no-errno-API.
+ (md_open): Likewise.
+ (md_copy): Likewise.
+ (gcry_md_copy): Likewise.
+ (gcry_md_setkey): Likewise.
+ (gcry_md_algo_info): Likewise.
+
+ * cipher.c (gcry_cipher_open): Adjusted for new no-errno-API and
+ also fixed a locking bug.
+ (gcry_cipher_encrypt): Adjusted for new no-errno-API.
+ (gcry_cipher_decrypt): Likewise.
+ (gcry_cipher_ctl): Likewise.
+ (gcry_cipher_info): Likewise.
+ (gcry_cipher_algo_info): Likewise.
+
+2003-05-28 Moritz Schulte <moritz@g10code.com>
+
+ * md.c (md_enable): Adjusted for libgpg-error.
+ (gcry_md_enable): Likewise.
+ (gcry_digest_register_default): Likewise.
+ (gcry_digest_register): Likewise.
+ (check_digest_algo): Likewise.
+ (prepare_macpads): Likewise.
+ (gcry_md_setkey): Likewise.
+ (gcry_md_ctl): Likewise.
+ (gcry_md_get): Likewise.
+ (gcry_md_algo_info): Likewise.
+ (gcry_md_info): Likewise.
+ * dsa.c (_gcry_dsa_generate): Likewise.
+ (_gcry_dsa_check_secret_key): Likewise.
+ (_gcry_dsa_sign): Likewie.
+ (_gcry_dsa_verify): Likewise.
+ * twofish.c (do_twofish_setkey): Likewise.
+ (twofish_setkey): Likewise.
+ * cipher.c (gcry_cipher_register): Likewise.
+
+2003-05-25 Moritz Schulte <moritz@g10code.com>
+
+ * rijndael.c (do_setkey): Adjusted for libgpg-error.
+ (rijndael_setkey): Likewise.
+ * random.c (gcry_random_add_bytes): Likewise.
+ * elgamal.c (_gcry_elg_generate): Likewise.
+ (_gcry_elg_check_secret_key): Likewise.
+ (_gcry_elg_encrypt): Likewise.
+ (_gcry_elg_decrypt): Likewise.
+ (_gcry_elg_sign): Likewise.
+ (_gcry_elg_verify): Likewise.
+ * rsa.c (_gcry_rsa_generate): Likewise.
+ (_gcry_rsa_check_secret_key): Likewise.
+ (_gcry_rsa_encrypt): Likewise.
+ (_gcry_rsa_decrypt): Likewise.
+ (_gcry_rsa_sign): Likewise.
+ (_gcry_rsa_verify): Likewise.
+ * pubkey.c (dummy_generate, dummy_check_secret_key, dummy_encrypt,
+ dummy_decrypt, dummy_sign, dummy_verify): Likewise.
+ (gcry_pubkey_register): Likewise.
+ (check_pubkey_algo): Likewise.
+ (pubkey_generate): Likewise.
+ (pubkey_check_secret_key): Likewise.
+ (pubkey_encrypt): Likewise.
+ (pubkey_decrypt): Likewise.
+ (pubkey_sign): Likewise.
+ (pubkey_verify): Likewise.
+ (sexp_elements_extract): Likewise.
+ (sexp_to_key): Likewise.
+ (sexp_to_sig): Likewise.
+ (sexp_to_enc): Likewise.
+ (sexp_data_to_mpi): Likewise.
+ (gcry_pk_encrypt): Likewise.
+ (gcry_pk_decrypt): Likewise.
+ (gcry_pk_sign): Likewise.
+ (gcry_pk_verify): Likewise.
+ (gcry_pk_testkey): Likewise.
+ (gcry_pk_genkey): Likewise.
+ (gcry_pk_ctl): Likewise.
+ * cipher.c (dummy_setkey): Likewise.
+ (check_cipher_algo): Likewise.
+ (gcry_cipher_open): Likewise.
+ (cipher_setkey): Likewise.
+ (gcry_cipher_ctl): Likewise.
+ (cipher_encrypt): Likewise.
+ (gcry_cipher_encrypt): Likewise.
+ (cipher_decrypt): Likewise.
+ (gcry_cipher_decrypt): Likewise.
+ (gcry_cipher_info): Likewise.
+ (gcry_cipher_algo_info): Likewise.
+ * cast5.c (cast_setkey): Likewise.
+ (do_cast_setkey): Likewise.
+ * arcfour.c (arcfour_setkey): Likewise.
+ (do_arcfour_setkey): Likewise.
+ * blowfish.c (do_bf_setkey): Likewise.
+ (bf_setkey): Likewise.
+ * des.c (do_des_setkey): Likewise.
+ (do_tripledes_setkey): Likewise.
+
+2003-05-22 Moritz Schulte <moritz@g10code.com>
+
+ * tiger.c: Merged code ussing the U64_C macro from GnuPG.
+
+ * sha512.c: Likewise.
+
+2003-05-17 Moritz Schulte <moritz@g10code.com>
+
+ * pubkey.c (gcry_pk_genkey): Fix type: acquire a lock, instead of
+ releasing it.
+
+2003-05-11 Moritz Schulte <moritz@g10code.com>
+
+ * pubkey.c (gcry_pk_testkey): Call REGISTER_DEFAULT_CIPHERS.
+ (gcry_pk_ctl): Likewise.
+
+2003-04-27 Moritz Schulte <moritz@g10code.com>
+
+ * pubkey.c (gcry_pk_genkey): Release sexp after extracted data has
+ been used.
+
+ * md.c (gcry_md_get_algo_dlen): Simplified, simply call
+ md_digest_length to do the job.
+
+ * des.c (do_des_setkey): Check for selftest failure not only
+ during initialization.
+ (do_tripledes_setkey): Include check for selftest failure.
+
+ * pubkey.c (gcry_pubkey_register_default): New macro
+ `pubkey_use_dummy', use it.
+
+ * elgamal.c (elg_names): New variable.
+ (pubkey_spec_elg): Include elg_names.
+
+ * dsa.c (dsa_names): New variable.
+ (pubkey_spec_dsa): Include dsa_names.
+
+ * rsa.c (rsa_names): New variable.
+ (pubkey_spec_rsa): Include rsa_names.
+
+ * pubkey.c (gcry_pubkey_lookup_func_name): Compare name also with
+ the names listed in `sexp_names'.
+
+2003-04-24 Moritz Schulte <moritz@g10code.com>
+
+ * pubkey.c (sexp_to_key): New variables: module, pubkey. Adjusted
+ to new module interface.
+ (sexp_to_key): Changend type of argument `retalgo' from `int *' to
+ `GcryModule **'. Adjusted all callers. Removed argument:
+ r_algotblidx.
+ (sexp_to_sig): Changend type of argument `retalgo' from `int *' to
+ `GcryModule **'. Adjusted all callers.
+ (sexp_to_enc): Likewise.
+
+ (pubkey_get_npkey, pubkey_get_nskey, pubkey_get_nsig,
+ pubkey_get_nenc): Use strlen to find out the number.
+
+ * rsa.c: Adjust pubkey_spec_rsa to new internal interface.
+ * dsa.c: Likewise.
+ * elgamal.c: Likewise.
+
+2003-04-17 Moritz Schulte <moritz@g10code.com>
+
+ * pubkey.c (sexp_elements_extract): New function.
+ * pubkey.c (sexp_to_key): Removed variable `idx', added `err', use
+ sexp_elements_extract.
+ (sexp_to_sig): Likewise.
+ (sexp_to_enc): Likewise.
+
+ * pubkey.c: Terminate list correctly.
+ * md.c: Include sha512/sha384 in digest_table.
+
+2003-04-16 Moritz Schulte <moritz@g10code.com>
+
+ * Makefile.am: Include support for sha512.c.
+
+ * sha512.c: New file, merged from GnuPG, with few modifications
+ for libgcrypt.
+
+ * rand-internal.h: Removed declarations for constructor functions.
+
+ * md.c (md_copy): Call _gcry_module_use for incrementing the usage
+ counter of the digest modules.
+
+ * rsa.c: Do not include "rsa.h".
+ * dsa.c: Do not include "dsa.h".
+ * elgamal.c: Do not include "elgamal.h".
+ * des.c: Do not include "des.h".
+ * cast5.c: Do not include "cast5.h".
+ * blowfish.c: Do not include "blowfish.h".
+ * arcfour.c: Do not include "arcfour.h".
+
+ * Makefile.am (libcipher_la_DEPENDENCIES): Removed.
+ (libcipher_la_LIBADD): Removed.
+ Use Automake conditionals for conditional compilation.
+
+2003-04-13 Moritz Schulte <moritz@g10code.com>
+
+ * cipher.c (gcry_cipher_open): Call REGISTER_DEFAULT_CIPHERS.
+
+ * md.c (gcry_md_list): New member: module.
+ (md_enable): New variable: module, changed use of module and
+ digest.
+ (md_enable): Initialize member: module.
+ (md_close): Call _gcry_module_release.
+
+ * cipher.c (gcry_cipher_open): New variable: module, changed use of
+ module and cipher.
+ (struct gcry_cipher_handle): New member: module.
+ (gcry_cipher_open): Initialize member: module.
+ (gcry_cipher_close): Call _gcry_module_release.
+
+2003-04-09 Moritz Schulte <moritz@g10code.com>
+
+ * cipher.c: Include "ath.h".
+ * md.c: Likewise.
+ * pubkey.c: Likewise.
+
+ * cipher.c (ciphers_registered_lock): New variable.
+ * md.c (digests_registered_lock): New variable.
+ * pubkey.c (pubkeys_registered_lock): New variable.
+
+ * rndlinux.c (gnupgext_version, func_table): Removed definitions.
+ (gnupgext_enum_func): Removed function.
+ (_gcry_rndlinux_constructor): Removed function.
+
+ * rndegd.c (gnupgext_version, func_table): Removed definitions.
+ (gnupgext_enum_func): Removed function.
+ (_gcry_rndegd_constructor): Removed function.
+
+ * rndunix.c (gnupgext_version, func_table): Removed definitions.
+ (gnupgext_enum_func): Removed function.
+ (_gcry_rndunix_constructor): Removed function.
+
+ * rndw32.c (gnupgext_version, func_table): Removed definitions.
+ (gnupgext_enum_func): Removed function.
+ (_gcry_rndw32_constructor): Removed function.
+
+ * rndegd.c (rndegd_connect_socket): Simplify code for creating the
+ egd socket address.
+ (rndegd_connect_socket): Call log_fatal use instead of
+ g10_log_fatal.
+ (egd_gather_random): Renamed to ...
+ (rndegd_gather_random): ... here.
+
+2003-04-08 Moritz Schulte <moritz@g10code.com>
+
+ * rndlinux.c: Do not include "dynload.h".
+ * rndunix.c: Likewise.
+ * rndw32.c: Likewise.
+
+ * rndegd.c (rndegd_connect_socket): Factored out from ...
+ (egd_gather_random): here; call it.
+ (egd_socket): New variable.
+ (egd_gather_random): Initialize fd with egd_socket, do not declare
+ fd static.
+ (do_read): Merged few changes from GnuPG. FIXME - not finished?
+ Do not include "dynload.h".
+
+ * rndw32.c (gather_random): Renamed to rndw32_gather_random, do
+ not declare static.
+ (gather_random_fast): Renamed to rndw32_gather_random_fast, do not
+ declare static.
+
+ * rndunix.c (gather_random): Renamed to rndunix_gather_random, do
+ not declare static.
+ * rndegd.c (gather_random): Renamed to rndegd_gather_random, do
+ not declare static.
+ * rndlinux.c (gather_random): Renamed to rndlinux_gather_random,
+ do not declare static.
+
+2003-04-07 Moritz Schulte <moritz@g10code.com>
+
+ * Makefile.am (libcipher_la_SOURCES): Removed construct.c.
+ (libcipher_la_SOURCES): Added sha1.c, sha256.c, rmd160.c, md4.c,
+ md5.c, tiger.c and crc.c
+ (EXTRA_PROGRAMS): Removed sha1, sha256, rmd160, md4, md5, tiger
+ and crc. Removed definitions: EXTRA_md4_SOURCES,
+ EXTRA_md5_SOURCES, EXTRA_rmd160_SOURCES, EXTRA_sha1_SOURCES,
+ EXTRA_sha256_SOURCES, EXTRA_tiger_SOURCES and EXTRA_crc_SOURCES,
+ BUILT_SOURCES, DISTCLEANFILES.
+
+ * pubkey.c: Do not include "elgamal.h", "dsa.h" and "rsa.h".
+
+ * Makefile.am (libcipher_la_SOURCES): Removed rsa.h, elgamal.h,
+ dsa.h, des.h, cast5.h, arcfour.h and blowfish.h.
+
+ * rsa.h: Removed file.
+ * elgamal.h: Removed file.
+ * dsa.h: Removed file.
+ * des.h: Removed file.
+ * cast5.h: Removed file.
+ * arcfour.h: Removed file.
+ * blowfish.h: Removed file.
+
+ * Makefile.am (libcipher_la_SOURCES): Removed dynload.c and
+ dynload.h.
+
+ * rsa.c (pubkey_spec_rsa): New variable.
+ * dsa.c (pubkey_spec_rsa): New variable.
+ * elgamal.c (pubkey_spec_elg): New variable.
+
+ * rsa.c (_gcry_rsa_get_info): Removed function.
+ * elgamal.c (_gcry_elg_get_info): Removed function.
+ * dsa.c (_gcry_dsa_get_info): Removed function.
+
+ * tiger.c (tiger_get_info): Removed function.
+ (gnupgext_version, func_table): Removed definitions.
+ (gnupgext_enum_func): Removed function.
+ (_gcry_tiger_constructor): Removed function.
+
+ * sha1.c (sha1_get_info): Removed function.
+ (gnupgext_version, func_table): Removed definitions.
+ (gnupgext_enum_func): Removed function.
+ (_gcry_sha1_constructor): Removed function.
+
+ * sha256.c (sha256_get_info): Removed function.
+ (gnupgext_version, func_table): Removed definitions.
+ (gnupgext_enum_func): Removed function.
+ (_gcry_sha256_constructor): Removed function.
+
+ * rmd160.c (rmd160_get_info): Removed function.
+ (gnupgext_version, func_table): Removed definitions.
+ (gnupgext_enum_func): Removed function.
+ (_gcry_rmd160_constructor): Removed function.
+
+ * md5.c (md5_get_info): Removed function.
+ (gnupgext_version, func_table): Removed definitions.
+ (gnupgext_enum_func): Removed function.
+ (_gcry_md5_constructor): Removed function.
+
+ * md4.c (md4_get_info): Removed function.
+ (gnupgext_version, func_table): Removed definitions.
+ (gnupgext_enum_func): Removed function.
+ (_gcry_md4_constructor): Removed function.
+
+ * crc.c (crc_get_info): Removed function.
+
+ * arcfour.c (do_arcfour_setkey): Changed type of context argument
+ to `void *', added local variable for cast, adjusted callers.
+ (arcfour_setkey): Likewise.
+ (encrypt_stream): Likewise.
+ * cast5.c (cast_setkey): Likewise.
+ (encrypt_block): Likewise.
+ * rijndael.c (rijndael_setkey): Likewise.
+ (rijndael_encrypt): Likewise.
+ (rijndael_decrypt): Likewise.
+ * twofish.c (twofish_setkey): Likewise.
+ (twofish_encrypt): Likewise.
+ (twofish_decrypt): Likewise.
+ * des.c (do_des_setkey): Likewise.
+ (do_des_encrypt): Likewise.
+ (do_des_encrypt): Likewise.
+ (do_tripledes_encrypt): Likewise.
+ (do_tripledes_encrypt): Likewise.
+ * blowfish.c (bf_setkey: Likewise.
+ (encrypt_block): Likewise.
+ (decrypt_block): Likewise.
+
+ * arcfour.c (encrypt_stream): Likewise.
+
+ * rijndael.c (gnupgext_version, func_table): Removed definitions.
+ (gnupgext_enum_func) Removed function.
+
+ * twofish.c (gnupgext_version, func_table): Removed definitions.
+ (gnupgext_enum_func) Removed function.
+
+ * cast5.c (CIPHER_ALGO_CAST5): Removed.
+
+ * blowfish.c (FNCCAST_SETKEY, FNCCAST_CRYPT): Removed macros.
+ (CIPHER_ALGO_BLOWFISH): Removed symbol.
+ * cast5.c (FNCCAST_SETKEY, FNCCAST_CRYPT): Likewise.
+ * des.c (selftest_failed): Removed.
+ (initialized): New variable.
+ (do_des_setkey): Run selftest, if not yet done.
+ (FNCCAST_SETKEY, FNCCAST_CRYPT): Removed macros.
+
+ * arcfour.c (_gcry_arcfour_get_info): Removed function.
+ * blowfish.c (_gcry_blowfish_get_info): Removed function.
+ * cast5.c (_gcry_cast5_get_info): Removed function.
+ * des.c (_gcry_des_get_info): Removed function.
+ * rijndael.c (_gcry_rijndael_get_info): Removed function.
+ * twofish.c (_gcry_twofish_get_info): Removed function.
+
+ * arcfour.c (cipher_spec_arcfour): New variable.
+ * twofish.c (cipher_spec_twofish, cipher_spec_twofish128): New
+ variables.
+ * rijndael.c (cipher_spec_aes, cipher_spec_aes192,
+ cipher_spec256): New variables.
+ * des.c (cipher_spec_des, cipher_spec_tripledes): New variables.
+ * cast5.c (cipher_spec_cast5): New variable.
+ * blowfish.c (cipher_spec_blowfish): Likewise.
+
+ * twofish.c: Do not include "dynload.h".
+ * rijndael.c: Likewise.
+ * des.c: Likewise.
+ * cast5.c: Likewise.
+ * blowfish.c: Likewise.
+ * cipher.c: Likewise.
+ * crc.c: Likewise.
+ * md4.c: Likewise.
+ * md5.c: Likewise.
+ * md.c: Likewise.
+ * pubkey.c: Likewise.
+ * rijndael.c: Likewise.
+ * sha1.c: Likewise.
+ * sha256.c: Likewise.
+
+ * arcfour.c: Include "cipher.h".
+ * twofish.c: Likewise.
+ * rijndael.c: Likewise.
+ * des.c: Likewise.
+ * cast5.c: Likewise.
+ * blowfish.c: Likewise.
+
+ * twofish.c (twofish_setkey): Declared argument `key' const.
+ (twofish_encrypt): Declared argument `inbuf' const.
+ (twofish_decrypt): Likewise.
+
+ * rijndael.c (rijndael_setkey): Declared argument `key' const.
+ (rijndael_encrypt): Declared argument `inbuf' const.
+ (rijndael_decrypt): Likewise.
+
+ * des.c (do_des_setkey): Declared argument `key' const.
+ (do_tripledes_setkey): Likewise.
+ (do_des_encrypt): Declared argument `inbuf' const.
+ (do_des_decrypt): Likewise.
+ (do_tripledes_encrypt): Likewise.
+ (do_tripledes_decrypt): Likewise.
+
+ * cast5.c (encrypt_block): Declared argument `inbuf' const.
+ (decrypt_block): Likewise.
+ (cast_setkey): Declared argument `key' const.
+
+ * blowfish.c (do_bf_setkey): Declared argument `key' const.
+ (encrypt_block): Declared argument `inbuf' const.
+ (encrypt_block): Likewise.
+
+
+
+ * cipher.c: Remove CIPHER_ALGO_DUMMY related code.
+ Removed struct cipher_table_s.
+ Changed definition of cipher_table.
+ Removed definition of disabled_algos.
+ (ciphers_registered, default_ciphers_registered): New variables.
+ (REGISTER_DEFAULT_CIPHERS): New macro.
+ (dummy_setkey): Declared argument `key' const.
+ (dummy_encrypt_block): Declared argument `inbuf' const.
+ (dummy_encrypt_block): Likewise.
+ (dummy_encrypt_stream): Likewise.
+ (dummy_encrypt_stream): Likewise.
+ (dummy_setkey): Use `unsigned char' instead of `byte'.
+ (dummy_encrypt_block): Likewise.
+ (dummy_decrypt_block): Likewise.
+ (dummy_encrypt_stream): Likewise.
+ (dummy_decrypt_stream): Likewise.
+ (gcry_cipher_register_default): New function.
+ (gcry_cipher_lookup_func_id): New function.
+ (gcry_cipher_lookup_func_name): New function.
+ (gcry_cipher_lookup_id): New function.
+ (gcry_cipher_lookup_name): New function.
+ (gcry_cipher_id_new): New function.
+ (gcry_cipher_register): New function.
+ (gcry_cipher_unregister): New function.
+ (setup_cipher_table): Removed function.
+ (load_cipher_modules): Removed function.
+ (gcry_cipher_map_name): Adjusted to use new module management.
+ (cipher_algo_to_string): Likewise.
+ (disable_cipher_algo): Likewise.
+ (check_cipher_algo): Likewise.
+ (cipher_get_keylen): Likewise.
+ (cipher_get_blocksize): Likewise.
+ (gcry_cipher_open): Likewise.
+ (struct gcry_cipher_handle): Replaced members algo, algo_index,
+ blocksize, setkey, encrypt, decrypt, stencrypt, stdecrypt with one
+ member: cipher.
+ (gcry_cipher_open): Adjusted code for new handle structure.
+ (cipher_setkey): Likewise.
+ (cipher_setiv): Likewise.
+ (cipher_reset): Likewise.
+ (do_ecb_encrypt): Likewise.
+ (do_ecb_decrypt): Likewise.
+ (do_cbc_encrypt): Likewise.
+ (do_cbc_decrypt): Likewise.
+ (do_cfb_encrypt): Likewise.
+ (do_cfb_decrypt): Likewise.
+ (do_ctr_encrypt): Likewise.
+ (cipher_encrypt): Likewise.
+ (gcry_cipher_encrypt): Likewise.
+ (cipher_decrypt): Likewise.
+ (gcry_cipher_decrypt): Likewise.
+ (cipher_sync): Likewise.
+ (gcry_cipher_ctl): Likewise.
+
+ * pubkey.c: Removed struct pubkey_table_s.
+ Changed definition of pubkey_table.
+ Removed definition of disabled_algos.
+ (pubkeys_registered, default_pubkeys_registered): New variables.
+ (REGISTER_DEFAULT_PUBKEYS): New macro.
+ (setup_pubkey_table): Removed function.
+ (load_pubkey_modules): Removed function.
+ (gcry_pubkey_register_default): New function.
+ (gcry_pubkey_lookup_func_id): New function.
+ (gcry_pubkey_lookup_func_name): New function.
+ (gcry_pubkey_lookup_id): New function.
+ (gcry_pubkey_lookup_name): New function.
+ (gcry_pubkey_id_new): New function.
+ (gcry_pubkey_register): New function.
+ (gcry_pubkey_unregister): New function.
+ (gcry_pk_map_name): Adjusted to use new module management.
+ (gcry_pk_algo_name): Likewise.
+ (disable_pubkey_algo): Likewise.
+ (check_pubkey_algo): Likewise.
+ (pubkey_get_npkey): Likewise.
+ (pubkey_get_nskey): Likewise.
+ (pubkey_get_nsig): Likewise.
+ (pubkey_get_nenc): Likewise.
+ (pubkey_generate): Likewise.
+ (pubkey_check_secret_key): Likewise.
+ (pubkey_encrypt): Likewise.
+ (pubkey_decrypt): Likewise.
+ (pubkey_sign): Likewise.
+ (pubkey_verify): Likewise.
+ (gcry_pk_get_nbits): Likewise.
+ (gcry_pk_algo_info): Likewise.
+
+ * md.c: Removed struct md_digest_list_s.
+ (digest_list): Changed definition.
+ (digests_registered, default_digests_registered): New variables.
+ (REGISTER_DEFAULT_DIGESTS): New macro.
+ (new_list_item): Removed function.
+ (setup_md_table): Removed function.
+ (load_digest_module): Removed function.
+ (gcry_digest_register_default): New function.
+ (gcry_digest_lookup_func_id): New function.
+ (gcry_digest_lookup_func_name): New function.
+ (gcry_digest_lookup_id): New function.
+ (gcry_digest_lookup_name): New function.
+ (gcry_digest_id_new): New function.
+ (gcry_digest_register): New function.
+ (gcry_digest_unregister): New function.
+ (GcryDigestEntry): New type.
+ (struct gcry_md_context): Adjusted type of `list'.
+ (gcry_md_map_name): Adjusted to use new module management.
+ (digest_algo_to_string): Likewise.
+ (check_digest_algo): Likewise.
+ (md_enable): Likewise.
+ (md_digest_length): Likewise.
+ (md_asn_oid): Likewise.
+
+2003-04-07 Moritz Schulte <moritz@g10code.com>
+
+ * pubkey.c: Replaced PUBKEY_ALGO_DSA with GCRY_PK_DSA,
+ PUBKEY_ALGO_RSA with GCRY_PK_RSA and PUBKEY_ALGO_ELGAMAL with
+ GCRY_PK_ELG.
+
+ * dsa.c: Replaced PUBKEY_ALGO_DSA with GCRY_PK_DSA.
+
+2003-04-01 Moritz Schulte <moritz@g10code.com>
+
+ * des.c: Removed checks for GCRY_CIPHER_3DES and GCRY_CIPHER_DES.
+
+2003-03-31 Moritz Schulte <moritz@g10code.com>
+
+ * tiger.c (tiger_get_info): Do not declare static.
+ * sha256.c (sha256_get_info): Likewise.
+ * sha1.c (sha1_get_info): Likewise.
+ * rmd160.c (rmd160_get_info): Likewise.
+ * md5.c (md5_get_info): Likewise.
+ * md4.c (md4_get_info): Likewise.
+ * crc.c (crc_get_info): Likewise.
+
+ * md.c (load_digest_module): Call setup_md_table during
+ initialization.
+ (new_list_item): Link new element into digest_list.
+
+ * cipher.c (do_ctr_decrypt): Made do_ctr_encrypt act as a wrapper
+ for do_ctr_encrypt, since these functions are identical.
+
+2003-03-30 Simon Josefsson <jas@extundo.com>
+
+ * cipher.c (struct gcry_cipher_handle): Add counter field.
+ (gcry_cipher_open): Add CTR.
+ (cipher_reset): Clear counter field.
+ (do_ctr_encrypt, do_ctr_decrypt): New functions.
+ (cipher_encrypt, cipher_decrypt): Call CTR functions.
+ (gcry_cipher_ctl): Add SET_CTR to set counter.
+
+2003-03-30 Moritz Schulte <moritz@g10code.com>
+
+ * rsa.c (_gcry_rsa_blind): New function.
+ (_gcry_rsa_unblind): New function.
+ (_gcry_rsa_decrypt): Use _gcry_rsa_blind and _gcry_rsa_decrypt.
+
+2003-03-26 Moritz Schulte <moritz@g10code.com>
+
+ * dynload.c (_gcry_enum_gnupgext_pubkeys): Adjust `encrypt' and
+ `decrypt' function arguments.
+ (_gcry_enum_gnupgext_pubkeys): Likewise.
+ * dynload.h: Likewise.
+
+ * pubkey.c (dummy_decrypt): Add argument: int flags.
+ (dummy_encrypt): Likewise.
+
+ * elgamal.c (_gcry_elg_encrypt): Add argument: int flags.
+ (_gcry_elg_decrypt): Likewise.
+
+ * rsa.c (_gcry_rsa_encrypt): Add argument: int flags.
+ (_gcry_rsa_decrypt): Likewise.
+
+ * pubkey.c: Add `flags' argument to members `encrypt' and
+ `decrypt' of struct `pubkey_table_s'.
+
+ * rsa.h: Add `flags' argument to function declarations.
+ * elgamal.h: Likewise.
+
+ * pubkey.c (sexp_data_to_mpi): New variable: int parsed_flags.
+ (sexp_data_to_mpi): Set `parsed_flags'.
+ (sexp_data_to_mpi): New argument: int *flags.
+ (gcry_pk_encrypt): New variable: int flags.
+ (gcry_pk_encrypt): Pass `flags' to pubkey_encrypt.
+ (pubkey_encrypt): New variable: int flags.
+ (pubkey_encrypt): Pass `flags' to pubkey encrypt function.
+ (pubkey_decrypt): Likewise.
+ (pubkey_decrypt): Pass `flags' to pubkey encrypt function.
+ (gcry_pk_encrypt): Include `flags' s-exp in return list.
+ (sexp_to_enc): New argument: int *flags.
+ (gcry_pk_decrypt): New variable: int flags.
+ (gcry_pk_decrypt): Pass `flags' to pubkey_decrypt.
+ (sexp_to_enc): New variable: int parsed_flags.
+ (sexp_to_enc): Set `parsed_flags'.
+
+2003-03-22 Simon Josefsson <jas@extundo.com>
+
+ * cipher.c (gcry_cipher_open, do_cbc_encrypt)
+ (gcry_cipher_encrypt): Support GCRY_CIPHER_CBC_MAC.
+ (gcry_cipher_ctl): Support GCRYCTL_SET_CBC_MAC.
+
+2003-03-19 Werner Koch <wk@gnupg.org>
+
+ * primegen.c (gen_prime): New args EXTRA_CHECK and EXTRA_CHECK_ARG
+ to allow for a user callback. Changed all callers.
+ (_gcry_generate_secret_prime)
+ (_gcry_generate_public_prime): Ditto, pass them to gen_prime.
+ * rsa.c (check_exponent): New.
+ (generate): Use a callback to ensure that a given exponent is
+ actually generated.
+
+2003-03-12 Moritz Schulte <moritz@g10code.com>
+
+ * primegen.c: Initialize `no_of_small_prime_numbers' statically.
+ (gen_prime): Remove calculation of `no_of_small_prime_numbers'.
+
+2003-03-03 Moritz Schulte <moritz@g10code.com>
+
+ * md.c (gcry_md_ctl): Rewritten to use same style like the other
+ functions dispatchers.
+
+2003-03-02 Moritz Schulte <moritz@g10code.com>
+
+ * cipher.c (struct gcry_cipher_handle): New member: algo_index.
+ (gcry_cipher_open): Allocate memory for two cipher contexts.
+ Initialize algo_index.
+ (cipher_setkey): Duplicate context into reserved memory.
+ (cipher_reset): New function, which resets the context and clear
+ the IV.
+ (gcry_cipher_ctl): Call cipher_reset.
+
+2003-02-23 Moritz Schulte <moritz@g10code.com>
+
+ * cipher.c: Remove (bogus) `digitp' macro definition.
+ * md.c: Likewise.
+
+ * blowfish.c (burn_stack): Removed.
+ * arcfour.c (burn_stack): Likewise.
+ * cast5.c (burn_stack): Likewise.
+ * des.c (burn_stack): Likewise.
+ * md4.c (burn_stack): Likewise.
+ * md5.c (burn_stack): Likewise.
+ * random.c (burn_stack): Likewise.
+ * rijndael.c (burn_stack): Likewise.
+ * rmd160.c (burn_stack): Likewise.
+ * sha1.c (burn_stack): Likewise.
+ * sha256.c (burn_stack): Likewise.
+ * tiger.c (burn_stack): Likewise.
+ * twofish.c (burn_stack): Likewise.
+
+ * blowfish.c: Changed all occurences of burn_stack to
+ _gcry_burn_stack.
+ * arcfour.c: Likewise.
+ * cast5.c: Likewise.
+ * des.c: Likewise.
+ * md4.c: Likewise.
+ * md5.c: Likewise.
+ * random.c: Likewise.
+ * rijndael.c: Likewise.
+ * rmd160.c: Likewise.
+ * sha1.c: Likewise.
+ * sha256.c: Likewise.
+ * tiger.c: Likewise.
+ * twofish.c: Likewise.
+
+ * arcfour.c (_gcry_arcfour_get_info): Use GCRY_CIPHER_ARCFOUR
+ instead of hard-coded value `301'.
+
+2003-01-24 Werner Koch <wk@gnupg.org>
+
+ * random.c (_gcry_register_random_progress): New.
+ (_gcry_random_progress): New.
+
+ * rndlinux.c (gather_random): Call the random progress function.
+
+2003-01-23 Werner Koch <wk@gnupg.org>
+
+ * rsa.c (generate): New arg USE_E to request a specific public
+ exponent.
+ (_gcry_rsa_generate): Ditto.
+ * elgamal.c (_gcry_elg_generate): Must add an dummy argument
+ instead of USE_E.
+ * dsa.c (_gcry_dsa_generate): Ditto.
+ * pubkey.c (dummy_generate): Ditto.
+ (pubkey_generate): Add USE_E arg and pass it down.
+ (gcry_pk_genkey): Detect "rsa-use-e" parameter and pass it to generate.
+
+ * pubkey.c (sexp_to_enc): New arg RET_MODERN.
+ (gcry_pk_decrypt): Make use of it to return a real S-expression.
+ Return better error codes.
+ (gcry_pk_verify): Return better error codes.
+
+2003-01-21 Werner Koch <wk@gnupg.org>
+
+ * random.c (gcry_random_add_bytes): Add QUALITY argument, let
+ function return an error code and disable its core for now.
+
+2003-01-21 Timo Schulz <twoaday@freakmail.de>
+
+ * random.c (gcry_random_add_bytes): New. Function to add external
+ random to the pool.
+
+2003-01-20 Simon Josefsson <jas@extundo.com>
+
+ * crc.c: New.
+ * Makefile.am (EXTRA_PROGRAMS, EXTRA_crc_SOURCES): Add crc.c.
+ * md.c (gcry_md_get_algo_dlen): Add values for CRC.
+
+2003-01-20 Werner Koch <wk@gnupg.org>
+
+ * sha256.c: New.
+ * bithelp.h (ror): New.
+ * Makfile.am: Add sha256.c.
+ * md.c (oid_table): Add values for SHA256 et al.
+ (gcry_md_get_algo_dlen): Likewise
+
+2003-01-20 Werner Koch <wk@gnupg.org>
+
+ * pubkey.c (gcry_pk_get_keygrip): Implemented keygrips for DSA
+ and ElGamal.
+
+2003-01-17 Werner Koch <wk@gnupg.org>
+
+ * cipher.c (gcry_cipher_encrypt): Reworked so that the output will
+ never contain the plaintext even if the caller did not checked the
+ return value.
+
+ * md.c (gcry_md_get_algo): Changed error code to GCRYERR_GENERAL
+ because we don't have an invalid md algo but no algorithm enabled.
+
+ * pubkey.c (gcry_pk_genkey): Changed error code for bounds check
+ of table parameters to GCRYERR_INTERNAL.
+
+ * md.c (gcry_md_open): Partly reverted Timo's change from
+ 2002-10-10 by removing the check for the algorithm. An algorithm
+ of 0 is allowed and anyway we should not double check it or check
+ it using a different function. Also fixed the flags check.
+
+ * pubkey.c (gcry_pk_encrypt): Make sure that R_CIPH points to NULL
+ on error.
+ (gcry_pk_decrypt): Ditto for R_PLAIN.
+ (gcry_pk_sign): Ditto for R_SIG.
+ (gcry_pk_genkey): Ditto for R_KEY.
+
+2003-01-16 Werner Koch <wk@gnupg.org>
+
+ * md.c (gcry_md_write): Changed 2nd argument type to void*.
+ (gcry_md_hash_buffer): Changed type of boths buffers to void*.
+ (gcry_md_setkey): Changed 2nd argument type to void*.
+
+2003-01-15 Werner Koch <wk@gnupg.org>
+
+ * pubkey.c (sexp_data_to_mpi): New. This handles pkcs1 padding.
+ (gcry_pk_sign, gcry_pk_verify): Use it here.
+ (gcry_pk_encrypt): And here.
+ (pubkey_verify): Add debug code.
+ (sexp_to_enc): Handle flags in the input and return the pkcs1 flag
+ in a new parameter.
+ (gcry_pk_decrypt): Prepare for future pkcs1 handling.
+
+2002-12-19 Werner Koch <wk@gnupg.org>
+
+ * random.c (_gcry_random_initialize): New.
+
+2002-12-16 Werner Koch <wk@gnupg.org>
+
+ * cipher.c: Added a Teletrust specific OID for 3DES.
+
+2002-12-12 Werner Koch <wk@gnupg.org>
+
+ * md.c: Added another oddball OIW OID (sha-1WithRSAEncryption).
+
+2002-11-23 Werner Koch <wk@gnupg.org>
+
+ * md.c (load_digest_module): Enlarged checked_algos bitmap.
+ * md4.c (func_table): Fixed entry for md4.
+ Both by Simon Josephson.
+ (transform): Copy data to get the alignment straight. Tested only
+ on i386.
+
+2002-11-10 Simon Josefsson <jas@extundo.com>
+
+ * cipher.c (gcry_cipher_open): Don't reject CTS flag.
+ (do_cbc_encrypt, do_cbc_decrypt, cipher_encrypt)
+ (gcry_cipher_encrypt, cipher_decrypt)
+ (gcry_cipher_decrypt): Support CTS flag.
+ (gcry_cipher_ctl): Toggle CTS flag.
+
+2002-11-10 Werner Koch <wk@gnupg.org>
+
+ * md4.c: New. By Simon Josefsson.
+ * Makefile.am (EXTRA_PROGRAMS): Add md4.c.
+ * md.c (oid_table,gcry_md_get_algo_dlen): MD4 support.
+
+2002-10-14 Werner Koch <wk@gnupg.org>
+
+ * arcfour.c (do_encrypt_stream): Don't use increment op when
+ assigning to the same variable.
+
+2002-10-10 Timo Schulz <ts@winpt.org>
+
+ * pubkey.c (gcry_pk_genkey): Check boundaries.
+
+ * md.c (gcry_md_open): Check that algo is available and only
+ valid flag values are used.
+ (gcry_md_get_algo): Add error handling.
+
+2002-09-26 Werner Koch <wk@gnupg.org>
+
+ * md.c: Include an OID for TIGER.
+ * tiger.c (tiger_get_info): Use a regular OID.
+
+2002-09-17 Werner Koch <wk@gnupg.org>
+
+ * random.c: Replaced mutex.h by the new ath.h. Changed all calls.
+
+2002-09-16 Werner Koch <wk@gnupg.org>
+
+ * arcfour.c (do_encrypt_stream): Use register modifier and modulo.
+ According to Nikos Mavroyanopoulos this increases perfromace on
+ i386 system noticable. And I always tought gcc is clever enough.
+ * md5.c (transform): Use register modifier.
+ * rmd160.c (transform): Ditto.
+ * sha1.c (transform): Ditto. We hope that there are 6 free registers.
+ * random.c (gcry_randomize): Rewrote to avoid malloc calls.
+
+ * rndlinux.c (gather_random): Replaced remaining fprintfs by log_*.
+ * arcfour.c (do_arcfour_setkey): Ditto.
+ * twofish.c (do_twofish_setkey): Ditto.
+ * rndegd.c (gather_random): Ditto.
+ * rijndael.c (do_setkey): Ditto.
+ * random.c (_gcry_random_dump_stats): Ditto.
+ * primegen.c (_gcry_generate_elg_prime): Ditto.
+ * des.c (_gcry_des_get_info): Ditto.
+ * cast5.c (do_cast_setkey): Ditto.
+ * blowfish.c (do_bf_setkey): Ditto.
+
+2002-08-26 Werner Koch <wk@gnupg.org>
+
+ * des.c (weak_keys): Fixed one entry in the table and compared
+ all entries against the literature.
+ (selftest): Checksum the weak key table.
+
+2002-08-21 Werner Koch <wk@gnupg.org>
+
+ * pubkey.c: Enable keygrip calculation for "openpgp-rsa".
+
+2002-08-17 Werner Koch <wk@gnupg.org>
+
+ * cipher.c (setup_cipher_table): Don't overwrite the DES entry
+ with the entry for DUMMY.
+
+2002-08-14 Werner Koch <wk@gnupg.org>
+
+ * des.c (do_des_setkey,do_des_encrypt, do_des_decrypt): New.
+ (_gcry_des_get_info): Support plain old DES.
+ * cipher.c (setup_cipher_table): Put DES into the table.
+
+2002-07-25 Werner Koch <wk@gnupg.org>
+
+ * rndunix.c (_gcry_rndunix_constructor): Prefixed with _gcry_.
+ Noted by Stephan Austermuehle.
+
+2002-07-08 Timo Schulz <ts@winpt.org>
+
+ * rndw32.c: Replaced the m_ memory functions with the real
+ gcry_ functions. Renamed all g10_ prefixed functions to log_.
+
+2002-06-12 Werner Koch <wk@gnupg.org>
+
+ * rsa.c (generate): Use e = 65537 for now.
+
+2002-06-11 Werner Koch <wk@gnupg.org>
+
+ * pubkey.c (gcry_pk_get_keygrip): Allow a "protected-private-key".
+
+2002-06-05 Timo Schulz <ts@winpt.org>
+
+ * cipher.c (gcry_cipher_encrypt, gcry_cipher_decrypt):
+ Check that the input size is a multiple of the blocksize.
+
+2002-05-23 Werner Koch <wk@gnupg.org>
+
+ * md.c (oid_table): Add an rsadsi OID for MD5.
+
+2002-05-21 Werner Koch <wk@gnupg.org>
+
+ * primegen.c, elgamal.c, dsa.c (progress): Do not print anything
+ by default. Pass an extra identifying string to the callback and
+ reserved 2 argumenst for current and total counters. Changed the
+ register function prototype.
+
+2002-05-17 Werner Koch <wk@gnupg.org>
+
+ * rndegd.c (rndegd_constructor): Fixed name of register function
+ and prefixed the function name with _gcry_.
+ * rndw32.c (rndw32_constructor): Ditto.
+ * tiger.c (tiger_constructor): Ditto.
+
+ * Makefile.am: Removed all dynamic loading stuff.
+ * dynload.c: Ditto. Now only used for the constructor system.
+
+2002-05-15 Werner Koch <wk@gnupg.org>
+
+ * random.c (gcry_random_bytes,gcry_random_bytes_secure)
+ (gcry_randomize): Make sure we are initialized.
+
+2002-05-14 Werner Koch <wk@gnupg.org>
+
+ Changed license of most files to the LGPL.
+
+2002-05-02 Werner Koch <wk@gnupg.org>
+
+ * random.c (_gcry_fast_random_poll): Initialize the module so the
+ mutex can be used.
+
+ * primegen.c (small_prime_numbers): Moved table from smallprime.c
+ * smallprime.c: File removed.
+
+ * des.c (leftkey_swap, rightkey_swap, working_memcmp): Made static.
+
+ * cipher.c (gcry_cipher_map_name): Map "RIJNDAEL" to "AES".
+ * rijndael.c (rijndael_get_info): We do only support a 128 bit
+ blocksize so it makes sense to change the algorithm strings to
+ AES.
+
+ * tiger.c (tiger_final): Removed superfluous token pasting operators.
+ * md5.c (md5_final): Ditto.
+
+2002-04-30 Werner Koch <wk@gnupg.org>
+
+ * cipher.c: Fixed list of copyright years.
+
+2002-03-18 Werner Koch <wk@gnupg.org>
+
+ * random.c (initialize): Initialize the new pool lock mutex.
+ (_gcry_fast_random_poll): Add locking and moved main
+ code out to...
+ (do_fast_random_poll): new function.
+ (read_pool): Use the new function here.
+ (get_random_bytes): Add locking.
+ (_gcry_update_random_seed_file): Ditto.
+
+2002-03-11 Werner Koch <wk@gnupg.org>
+
+ * md.c: Add rsaSignatureWithripemd160 to OID table.
+
+2002-02-20 Werner Koch <wk@gnupg.org>
+
+ * sha1.c: Removed a left over comment note. The code has been
+ rewritten from scratch in 1998. Thanks to Niels Möller for
+ reporting this misleading comment.
+
+2002-02-18 Werner Koch <wk@gnupg.org>
+
+ * rndunix.c (rndunix_constructor): Use the the new prefixed
+ function name. Reported by Jordi Mallach.
+
+2002-02-10 Werner Koch <wk@gnupg.org>
+
+ * random.c (mix_pool): Carry an extra failsafe_digest buffer
+ around to make the function more robust.
+
+2002-02-08 Werner Koch <wk@gnupg.org>
+
+ * random.c (add_randomness): Xor new data into the pool and not
+ just copy it. This avoids any choosen input attacks which are not
+ serious in our setting because an outsider won't be able to mix
+ data in and even then we keep going with a PRNG. Thanks to Stefan
+ Keller for pointing this out.
+
+2002-01-04 Werner Koch <wk@gnupg.org>
+
+ * pubkey.c (gcry_pk_genkey): Do not release skey - it is static.
+
+ * primegen.c (gen_prime): Of course we should use set_bit
+ and not set_highbit to set the second high bit.
+
+2001-12-18 Werner Koch <wk@gnupg.org>
+
+ * rsa.c (generate): Loop until we find the exact modulus size.
+ Changed the exponent to 41.
+ (rsa_get_info): s/usage/r_usage/ to avoid shadow warnings.
+ * primegen.c (gen_prime): Set 2 high order bits for secret primes.
+
+ * Makefile.am (DISTCLEANFILES): Include construct.c.
+
+2001-12-17 Werner Koch <wk@gnupg.org>
+
+ * pubkey.c (gcry_pk_get_keygrip): New - experimental.
+
+2001-12-11 Werner Koch <wk@gnupg.org>
+
+ * cipher.c: Added OIDs for AES.
+ (gcry_cipher_mode_from_oid): New.
+ (gcry_cipher_map_name): Moved OID search code to ..
+ (search_oid): .. new function.
+
+2001-12-10 Werner Koch <wk@gnupg.org>
+
+ * pubkey.c (gcry_pk_encrypt): Find the signature algorithm by name
+ and not by number.
+
+ * pubkey.c (gcry_pk_encrypt,gcry_pk_decrypt,gcry_pk_sign)
+ (gcry_pk_verify,gcry_pk_testkey, gcry_pk_genkey)
+ (gcry_pk_get_nbits): Release the arrays. Noted by Nikos
+ Mavroyanopoulos.
+
+2001-12-06 Werner Koch <wk@gnupg.org>
+
+ * cipher.c (gcry_cipher_map_name): Look also for OIDs prefixed
+ with "oid." or "OID.".
+
+2001-12-05 Werner Koch <wk@gnupg.org>
+
+ * pubkey.c (algo_info_table): Fixed entry for openpgp-rsa.
+
+2001-11-24 Werner Koch <wk@gnupg.org>
+
+ * pubkey.c: Added the rsaEncryption OID to the tables.
+ (sexp_to_key): Add an arg to return the index of the algorithm,
+ changed all callers.
+ (gcry_pk_sign): Find the signature algorithm by name and not by
+ number.
+ (gcry_pk_get_nbits): Fixed so that we can now really pass a secret
+ key to get the result.
+
+ * md.c (gcry_md_map_name): Look also for OIDs prefixed with "oid."
+ or "OID." so that an OID string can be used as an S-Exp token.
+
+2001-11-20 Werner Koch <wk@gnupg.org>
+
+ * md.c (gcry_md_map_name): Lookup by OID if the the name begins
+ with a digit.
+ (oid_table): New.
+
+2001-11-16 Werner Koch <wk@gnupg.org>
+
+ * md.c (gcry_md_info): New operator GCRYCTL_IS_ALGO_ENABLED.
+
+2001-11-07 Werner Koch <wk@gnupg.org>
+
+ * md.c (gcry_md_hash_buffer): Close the handle which was left open
+ for algorithms other than rmd160.
+
+2001-08-08 Werner Koch <wk@gnupg.org>
+
+ * rndw32.c (gather_random): Use toolhelp in addition to the NT
+ gatherer for Windows2000. Suggested by Sami Tolvanen.
+
+ * random.c (read_pool): Fixed length check, this used to be one
+ byte to strict. Made an assert out of it because the caller has
+ already made sure that only poolsize bytes are requested.
+ Reported by Marcus Brinkmann.
+
+2001-08-03 Werner Koch <wk@gnupg.org>
+
+ * cipher.c (cipher_encrypt, cipher_decrypt): Prepare to return
+ errors. We have to change the interface to all ciphers to make
+ this really work but we should do so to prepare for hardware
+ encryption modules.
+ (gcry_cipher_encrypt, gcry_cipher_decrypt): Return the error and
+ set lasterr.
+ (gcry_cipher_ctl): Make sure that errors from setkey are returned.
+
+2001-08-02 Werner Koch <wk@gnupg.org>
+
+ * rndlinux.c (gather_random): casted a size_t arg to int so that
+ the format string is correct. Casting is okay here and avoids
+ translation changes.
+
+ * random.c (fast_random_poll): Do not check the return code of
+ getrusage.
+
+ * rndunix.c: Add a signal.h header to avoid warnings on Solaris 7
+ and 8.
+
+ * tiger.c (print_abc,print_data): Removed.
+
+ * rijndael.c, des.c, blowfish.c, twofish.c, cast5.c, arcfour.c
+ (burn_stack): New. Add wrappers for most functions to be able to
+ call burn_stack after the function invocation. This methods seems
+ to be the most portable way to zeroise the stack used. It does
+ only work on stack frame based machines but it is highly portable
+ and has no side effects. Just setting the automatic variables at
+ the end of a function to zero does not work well because the
+ compiler will optimize them away - marking them as volatile would
+ be bad for performance.
+ * md5.c, sha1.c, rmd160.c, tiger.c (burn_stack): Likewise.
+ * random.c (burn_stack): New.
+ (mix_pool): Use it here to burn the stack of the mixblock function.
+
+ * primegen.c (_gcry_generate_elg_prime): Freed q at 3 places.
+ Thanks to Tommi Komulainen.
+
+ * arcfour.c (arcfour_setkey): Check the minimim keylength against
+ bytes and not bits.
+ (selftest): Must reset the key before decryption.
+
+2001-05-31 Werner Koch <wk@gnupg.org>
+
+ * sha1.c (sha1_init): Made static.
+
+ Changed all g10_ prefixed function names as well as some mpi_
+ function names to cope with the introduced naming changes.
+
+ * md.c (prepare_macpads): Made key const.
+
+2001-05-28 Werner Koch <wk@gnupg.org>
+
+ * rndegd.c (gather_random): Removed the use of tty_printf.
+
+2001-03-29 Werner Koch <wk@gnupg.org>
+
+ * md5.c (md5_final): Fixed calculation of hashed length. Thanks
+ to disastry@saiknes.lv for pointing out that it was horrible wrong
+ for more than 512MB of input.
+ * sha1.c (sha1_final): Ditto.
+ * rmd160.c (rmd160_final): Ditto.
+ * tiger.c (tiger_final): Ditto.
+
+ * blowfish.c (encrypt,do_encrypt): Changed name to do_encrypt to
+ avoid name clashes with an encrypt function in stdlib.h of
+ Dynix/PIX. Thanks to Gene Carter.
+ * elgamal.c (encrypt,do_encrypt): Ditto.
+
+ * twofish.c (gnupgext_enum_func): Use only when when compiled as a
+ module.
+ * rijndael.c (gnupgext_enum_func): Ditto.
+
+ * tiger.c (tiger_get_info): Return "TIGER192" and not just
+ "TIGER". By Edwin Woudt.
+
+ * random.c: Always include time.h - standard requirement. Thanks
+ to James Troup.
+
+ * rndw32.c: Fixes to the macros.
+
+2001-01-11 Werner Koch <wk@gnupg.org>
+
+ * cipher.c (cipher_encrypt,gcry_cipher_encrypt): Use blocksize and
+ not 8.
+
+2000-12-19 Werner Koch <wk@gnupg.org>
+
+ Major change:
+ Removed all GnuPG stuff and renamed this piece of software
+ to gcrypt.
+
+2000-11-14 Werner Koch <wk@gnupg.org>
+
+ * dsa.c (test_keys): Replaced mpi_alloc by gcry_mpi_new and
+ mpi_free by gcry_mpi_release.
+ * elgamal.c (test_keys,generate): Ditto, also for mpi_alloc_secure.
+ * rsa.c (test_keys,generate,rsa_verify): Ditto.
+ * primegen.c (generate_elg_prime): Ditto.
+ (gen_prime): Ditto and removed nlimbs.
+
+ * rsa.c (generate): Allocate 2 more vars in secure memory.
+
+ * Makefile.am (OMIT_DEPENDENCIES): Hack to work around dependency
+ problems.
+
+2000-10-09 Werner Koch <wk@gnupg.org>
+
+ * arcfour.c, arcfour.h: New.
+ * cipher.c (cipher_encrypt, cipher_decrypt): Add stream mode.
+ (setup_cipher_table): Add Arcfour.
+ (gcry_cipher_open): Kludge to allow stream mode.
+
+Wed Oct 4 13:16:18 CEST 2000 Werner Koch <wk@openit.de>
+
+ * sha1.c (transform): Use rol() macro. Actually this is not needed
+ for a newer gcc but there are still aoter compilers.
+
+ * rsa.c (test_keys): Use new random function.
+
+ * md.c (gcry_md_setkey): New function to overcome problems with
+ const conflics.
+ (gcry_md_ctl): Pass set key to the new functions.
+
+ * rijndael.c: New.
+ * cipher.c: Add Rijndael support.
+
+Mon Sep 18 16:35:45 CEST 2000 Werner Koch <wk@openit.de>
+
+ * rndlinux.c (open_device): Loose random device checking.
+ By Nils Ellmenreich.
+
+ * random.c (fast_random_poll): Check ENOSYS for getrusage.
+ * rndunix.c: Add 2 sources for QNX. By Sam Roberts.
+
+ * pubkey.c (gcry_pk_algo_info): Add GCRYCTL_GET_ALGO_USAGE.
+
+ * rsa.c: Changed the comment about the patent.
+ (secret): Speed up by using the CRT. For a 2k keys this
+ is about 3 times faster.
+ (stronger_key_check): New but unused code to check the secret key.
+ * Makefile.am: Included rsa.[ch].
+ * pubkey.c: Enabled RSA support.
+ (pubkey_get_npkey): Removed RSA workaround.
+
+Mon Jul 31 10:04:47 CEST 2000 Werner Koch <wk@openit.de>
+
+ * pubkey.c: Replaced all gcry_sexp_{car,cdr}_{data,mpi} by the new
+ gcry_sexp_nth_{data,mpi} functions.
+
+Tue Jul 25 17:44:15 CEST 2000 Werner Koch <wk@openit.de>
+
+ * pubkey.c (exp_to_key,sexp_to_sig,sexp_to_enc,gcry_pk_encrypt,
+ gcry_pk_decrypt,gcry_pk_sign,gcry_pk_genkey): Changed to work with
+ the new S-Exp interface.
+
+Mon Jul 17 16:35:47 CEST 2000 Werner Koch <wk@>
+
+ * random.c (gather_faked): Replaced make_timestamp by time(2) again.
+
+Fri Jul 14 19:38:23 CEST 2000 Werner Koch <wk@>
+
+ * md.c (gcry_md_ctl): Support GCRYCTL_{START,STOP}_DUMP.
+
+ * Makefile.am: Never compile mingw32 as module.
+
+ * Makefile.am: Tweaked module build and removed libtool
+
+ * Makefile.am: Replaced -O1 by -O. Suggested by Alec Habig.
+
+ * elgamal.c (sign): Removed inactive code.
+
+ * rsa.c, rsa.h: New based on the old module version (only in CVS for now).
+ * pubkey.c (setup_pubkey_table): Added commented support for RSA.
+
+ * rndunix.c (waitpid): New. For UTS 2.1. All by Dave Dykstra.
+ (my_popen): Do the FD_CLOEXEC only if it is available
+ (start_gatherer): Cope with missing _SC_OPEN_MAX
+
+ * rndunix.c: Add some more headers for QNX. By Sam Roberts.
+
+ * rndegd.c (gather_random): Shortcut level 0.
+ * rndunix.c (gather_random): Ditto.
+ * rndw32.c (gather_random): Ditto.
+
+ * rndw32.c: Replaced with code from Cryptlib and commented the old stuff.
+ * rndw32.c: Add some debuging code enabled by an environment variable.
+
+ * random.c (read_seed_file): Binary open for DOSish system
+ (update_random_seed_file): Ditto.
+ * random.c [MINGW32]: Include process.h for getpid.
+ * random.c (fast_random_poll): Add clock_gettime() as fallback for
+ system which support this POSIX.4 fucntion. By Sam Roberts.
+
+ * random.c (read_seed_file): Removed the S_ISLNK test becuase it
+ is already covered by !S_ISREG and is not defined in Unixware.
+ Reported by Dave Dykstra.
+ (update_random_seed_file): Silently ignore update request when pool
+ is not filled.
+
+ * random.c (read_seed_file): New.
+ (set_random_seed_file): New.
+ (read_pool): Try to read the seeding file.
+ (update_random_seed_file): New.
+
+ (read_pool): Do an initial extra seeding when level 2 quality random
+ is requested the first time. This requestes at least POOLSIZE/2 bytes
+ of entropy. Compined with the seeding file this should make normal
+ random bytes cheaper and increase the quality of the random bytes
+ used for key generation.
+
+ * random.c (read_pool): Print a more friendly error message in
+ cases when too much random is requested in one call.
+
+ * random.c (fast_random_poll): Check whether RUSAGE_SELF is defined;
+ this is not the case for some ESIX and Unixware, although they have
+ getrusage().
+
+ * primegen.c (generate_elg_prime): All primes are now generated with
+ the lowest random quality level. Because they are public anyway we
+ don't need stronger random and by this we do not drain the systems
+ entropy so much.
+
+ * primegen.c (register_primegen_progress): New.
+ * dsa.c (register_pk_dsa_progress): New.
+ * elgamal.c (register_pk_elg_progress): New.
+
+ * elgamal.c (wiener_map): New.
+ (gen_k): Use a much smaller k.
+ (generate): Calculate the qbits using the wiener map and
+ choose an x at a size comparable to the one choosen in gen_k
+
+ * rmd160.c (rmd160_get_info): Moved casting to the left side due to a
+ problem with UTS4.3. Suggested by Dave Dykstra.
+ * sha1.c (sha1_get_info): Ditto.
+ * tiger.c (tiger_get_info): Ditto.
+ * md5.c (md5_get_info): Ditto
+ * des.c (des_get_info): Ditto.
+ * blowfish.c (blowfish_get_info): Ditto.
+ * cast5.c (cast5_get_info): Ditto.
+ * twofish.c (twofish_get_info): Ditto.
+
+Fri Mar 24 11:25:45 CET 2000 Werner Koch <wk@openit.de>
+
+ * md.c (md_open): Add hmac arg and allocate space for the pads.
+ (md_finalize): Add HMAC support.
+ (md_copy): Ditto.
+ (md_close): Ditto.
+ (gcry_md_reset): Ditto.
+ (gcry_md_ctl): Ditto.
+ (prepare_macpdas): New.
+
+Mon Mar 13 19:22:46 CET 2000 Werner Koch <wk@openit.de>
+
+ * md.c (gcry_md_hash_buffer): Add support for the other algorithms.
+
+Mon Jan 31 16:37:34 CET 2000 Werner Koch <wk@gnupg.de>
+
+ * genprime.c (generate_elg_prime): Fixed returned factors which never
+ worked for non-DSA keys.
+
+Thu Jan 27 18:00:44 CET 2000 Werner Koch <wk@gnupg.de>
+
+ * pubkey.c (sexp_to_key): Fixed mem leaks in case of errors.
+
+Mon Jan 24 22:24:38 CET 2000 Werner Koch <wk@gnupg.de>
+
+ * pubkey.c (gcry_pk_decrypt): Implemented.
+ (gcry_pk_encrypt): Implemented.
+ (gcry_pk_testkey): New.
+ (gcry_pk_genkey): New.
+ (pubkey_decrypt): Made static.
+ (pubkey_encrypt): Ditto.
+ (pubkey_check_secret_key): Ditto.
+ (pubkey_generate): Ditto.
+
+Mon Jan 24 13:04:28 CET 2000 Werner Koch <wk@gnupg.de>
+
+ * pubkey.c (pubkey_nbits): Removed and replaced by ...
+ (gcry_pk_get_nbits): this new one.
+
+Wed Dec 8 21:58:32 CET 1999 Werner Koch <wk@gnupg.de>
+
+ * dsa.c: s/mpi_powm/gcry_mpi_powm/g
+ * elgamal.c: Ditto.
+ * primegen.c: Ditto.
+
+ * : Replaced g10_opt_verbose by g10_log_verbosity().
+
+ * Makefile.am (INCLUDES): removed intl, add ../gcrypt
+
+Fri Nov 19 17:15:20 CET 1999 Werner Koch <wk@gnupg.de>
+
+ * dynload.c (cmp_filenames): New to replaced compare_filename() in
+ module.
+ (register_cipher_extension): Removed the tilde expansion stuff.
+ * rndeg.c (my_make_filename): New.
+
+ * : Replaced header util.h by g10lib.h
+
+ * random.c (gather_faked): Replaced make_timestamp by time(2).
+ Disabled wrning printed with tty_printf.
+ * rndlinux.c (gather_random): Always use fprintf instead of tty_xxx;
+ this should be replaced by a callback function.
+
+ * primegen.c (gen_prime): Use gcry_mpi_randomize.
+ (is_prime): Ditto.
+ * elgamal.c (test_keys): Ditto.
+ * dsa.c (test_keys): Ditto.
+
+ * cipher.c (gcry_cipher_close): Die on invalid handle.
+
+Mon Nov 15 21:36:02 CET 1999 Werner Koch <wk@gnupg.de>
+
+ * elgamal.c (gen_k): Use the new random API.
+ (generate): Ditto.
+ * dsa.c (gen_k): Ditto.
+ (generate): Ditto.
+
+Sat Nov 13 17:44:23 CET 1999 Werner Koch <wk@gnupg.de>
+
+ * pubkey.c (disable_pubkey_algo): Made static.
+ (gcry_pk_ctl): New.
+
+ * random.c (get_random_bits): Renamed to ...
+ (get_random_bytes): ... this and made static.
+ (gcry_random_bytes): New.
+ (gcry_random_bytes_secure): New.
+ (randomize_buffer): Renamed to ...
+ (gcry_randomize): ...this.
+
+ * md.c (gcry_md_hash_buffer): New.
+
+ * pubkey.c (gcry_pk_algo_info): 4 new commands.
+ (pubkey_get_npkey): Made static.
+ (pubkey_get_nskey): Made static.
+ (pubkey_get_nsig): Made static.
+ (pubkey_get_nenc): Made static.
+
+ * pubkey.c: Removed all G10ERR_xxx.
+ * cipher.c: Changed all GCRYERR_INV_ALGO to GCRYERR_INV_CIPHER_ALGO.
+ * md.c: Changed all GCRYERR_INV_ALGO to GCRYERR_INV_MD_ALGO.
+ * cast5.c (cast_setkey): Changed errocodes to GCRYERR_xxx.
+ * blowfish.c: Ditto.
+ * des.c: Ditto.
+ * twofish.c: Ditto.
+ * dsa.c: Ditto.
+ * elgamal.c: Ditto.
+
+ * g10c.c: Removed
+
+ * cipher.c (gcry_cipher_open): Replaced alloc functions and return NULL
+ if we are out of core.
+ * dynload.c: Replaced all memory allocation functions.
+ * md.c: Ditto.
+ * primegen.c: Ditto.
+ * pubkey.c: Ditto.
+ * random.c: Ditto.
+ * rndw32.c: Ditto.
+ * elgamal.c: Ditto.
+ * dsa.c: Ditto.
+
+Tue Oct 26 14:10:21 CEST 1999 Werner Koch <wk@gnupg.de>
+
+ * elgamal.c (sign): Hugh found strange code here. Replaced by BUG().
+
+ * cipher.c: Merged with gcrypt/symapi.c.
+
+ * pubkey.c (string_to_pubkey_algo): Renamed function to ...
+ (gcry_pk_map_name): ... this.
+ (pubkey_algo_to_string): Renamed function to ...
+ (gcry_pk_algo_name): ... this.
+ (gcry_pk_algo_info): New.
+ * pubkey.c: Merged with gcrypt/pkapi.c.
+
+ * md.c (md_reset): Clear finalized; thanks to Ulf Moeller for
+ fixing this bug.
+
+ * md.c: Merged with gcrypt/mdapi.c
+
+Wed Sep 15 14:39:59 CEST 1999 Michael Roth <mroth@nessie.de>
+
+ * des.c: Various speed improvements: One bit pre rotation
+ trick after initial permutation (Richard Outerbridge).
+ Finished test of SSLeay Tripple-DES patterns.
+
+Wed Sep 15 16:22:17 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * rndw32.c: New.
+
+Mon Sep 13 10:51:29 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * bithelp.h: New.
+ * rmd160.h, sha1.h, md5.h: Use the rol macro from bithelp.h
+
+Tue Sep 7 16:23:36 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * Makefile.am: Fixed seds for latest egcc. By Ollivier Robert.
+
+Mon Sep 6 19:59:08 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * des.c (selftest): Add some testpattern
+
+Mon Aug 30 20:38:33 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * cipher.c (do_cbc_encrypt): Fixed serious bug occuring when not using
+ in place encryption. Pointed out by Frank Stajano.
+
+Mon Jul 26 09:34:46 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * md5.c (md5_final): Fix for a SCO cpp bug.
+
+Thu Jul 15 10:15:35 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * elgamal.c (elg_check_secret_key,elg_encrypt
+ elg_decrypt,elg_sign,elg_verify): Sanity check on the args.
+ * dsa.c (dsa_check_secret_key,dsa_sign,dsa_verify): Ditto.
+
+ * pubkey.c (disable_pubkey_algo): New.
+ (check_pubkey_algo2): Look at disabled algo table.
+ * cipher.c (disable_cipher_algo): New.
+ (check_cipher_algo): Look at disabled algo table.
+
+Wed Jul 7 13:08:40 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * Makefile.am: Support for libtool.
+
+Fri Jul 2 11:45:54 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * dsa.c (gen_k): Changed algorithm to consume less random bytes
+ * elgamal.c (gen_k): Ditto.
+
+ * random.c (random_dump_stats): New.
+
+Thu Jul 1 12:47:31 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * primegen.c, elgamal.c, dsa.c (progess): New and replaced all
+ fputc with a call to this function.
+
+Sat Jun 26 12:15:59 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * rndegd.c (do_write): s/ssize_t/int/ due to SunOS 4.1 probs.
+
+ * cipher.c (do_cbc_encrypt, do_cbc_decrypt): New.
+
+ * dynload.c (HAVE_DL_SHL_LOAD): Map hpux API to dlopen (Dave Dykstra).
+ * Makefile.am (install-exec-hook): Removed.
+
+Sun May 23 14:20:22 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * cipher.c (setup_cipher_table): Enable Twofish
+
+ * random.c (fast_random_poll): Disable use of times() for mingw32.
+
+Mon May 17 21:54:43 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * dynload.c (register_internal_cipher_extension): Minor init fix.
+
+Tue May 4 15:47:53 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * primegen.c (gen_prime): Readded the Fermat test. Fixed the bug
+ that we didn't correct for step when passing the prime to the
+ Rabin-Miller test which led to bad performance (Stefan Keller).
+ (check_prime): Add a first Fermat test.
+
+Sun Apr 18 10:11:28 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * cipher.c (cipher_setiv): Add ivlen arg, changed all callers.
+
+ * random.c (randomize_buffer): alway use secure memory because
+ we can't use m_is_secure() on a statically allocated buffer.
+
+ * twofish.c: Replaced some macros by a loop to reduce text size.
+ * Makefile.am (twofish): No more need for sed editing.
+
+Fri Apr 9 12:26:25 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * cipher.c (cipher_open): Reversed the changes for AUTO_CFB.
+
+ * blowfish.c: Dropped the Blowfish 160 mode.
+ * cipher.c (cipher_open): Ditto.
+ (setup_cipher_table): Ditto. And removed support of twofish128
+
+Wed Apr 7 20:51:39 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * random.c (get_random_bits): Can now handle requests > POOLSIZE
+
+ * cipher.c (cipher_open): Now uses standard CFB for automode if
+ the blocksize is gt 8 (according to rfc2440).
+
+ * twofish.c: Applied Matthew Skala's patches for 256 bit key.
+
+Tue Apr 6 19:58:12 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * random.c (get_random_bits): Can now handle requests > POOLSIZE
+
+ * cipher.c (cipher_open): Now uses standard CFB for automode if
+ the blocksize is gt 8 (according to rfc2440).
+
+Sat Mar 20 11:44:21 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * rndlinux.c (tty_printf) [IS_MODULE]: Removed.
+
+ * rndegd.c (gather_random): Some fixes.
+
+Wed Mar 17 13:09:03 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * rndegd.c (do_read): New.
+ (gather_random): Changed the implementation.
+
+Mon Mar 8 20:47:17 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * dynload.c (DLSYM_NEEDS_UNDERSCORE): Renamed.
+
+Fri Feb 26 17:55:41 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * md.c: Nearly a total rewrote.
+
+Wed Feb 24 11:07:27 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * cipher.c (context): Fixed alignment
+ * md.c: Ditto.
+
+ * rndegd.c: New
+
+Mon Feb 22 20:04:00 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * rndegd.c: New.
+
+Wed Feb 10 17:15:39 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * Makefile.am: Modules are now figured out by configure
+ * construct.c: New. Generated by configure. Changed all modules
+ to work with that.
+ * sha1.h: Removed.
+ * md5.h: Removed.
+
+ * twofish.c: Changed interface to allow Twofish/256
+
+ * rndunix.c (start_gatherer): Die on SIGPIPE.
+
+Wed Jan 20 18:59:49 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * rndunix.c (gather_random): Fix to avoid infinite loop.
+
+Sun Jan 17 11:04:33 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * des.c (is_weak_key): Replace system memcmp due to bugs
+ in SunOS's memcmp.
+ (des_get_info): Return error on failed selftest.
+ * twofish.c (twofish_setkey): Return error on failed selftest or
+ invalid keylength.
+ * cast5.c (cast_setkey): Ditto.
+ * blowfish.c (bf_setkey): Return error on failed selftest.
+
+Tue Jan 12 11:17:18 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * random.c (random_is_faked): New.
+
+ * tiger.c: Only compile if we have the u64 type
+
+Sat Jan 9 16:02:23 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * rndunix.c (gather_random): check for setuid.
+
+ * Makefile.am: Add a way to staically link random modules
+
+Thu Jan 7 18:00:58 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * md.c (md_stop_debug): Do a flush first.
+ (md_open): size of buffer now depends on the secure parameter
+
+Sun Jan 3 15:28:44 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * rndunix.c (start_gatherer): Fixed stupid ==/= bug
+
+1998-12-31 Geoff Keating <geoffk@ozemail.com.au>
+
+ * des.c (is_weak_key): Rewrite loop end condition.
+
+Tue Dec 29 14:41:47 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
+
+ * random.c: add unistd.h for getpid().
+ (RAND_MAX): Fallback value for Sun.
+
+Wed Dec 23 17:12:24 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
+
+ * md.c (md_copy): Reset debug.
+
+Mon Dec 14 21:18:49 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
+
+ * random.c (read_random_source): Changed the interface to the
+ random gathering function.
+ (gather_faked): Use new interface.
+ * dynload.c (dynload_getfnc_fast_random_poll): Ditto.
+ (dynload_getfnc_gather_random): Ditto.
+ * rndlinux.c (gather_random): Ditto.
+ * rndunix.c (gather_random): Ditto.
+
+Sat Dec 12 18:40:32 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
+
+ * dynload.c (SYMBOL_VERSION): New to cope with system which needs
+ underscores.
+
+ * rndunix.c: Rewrote large parts
+
+Thu Dec 10 20:15:36 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
+
+ * dynload.c (load_extension): increased needed verbosity level.
+
+ * random.c (fast_random_poll): Fallback to a default fast random
+ poll function.
+ (read_random_source): Always use the faked entroy gatherer if no
+ gather module is available.
+ * rndlinux.c (fast_poll): Removed.
+ * rndunix.c (fast_poll): Removed.
+
+
+Wed Nov 25 12:33:41 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * rand-*.c: Removed.
+ * rndlinux.c : New.
+ * rndunix.c : New.
+ * random.c : Restructured the interface to the gather modules.
+ (intialize): Call constructor functions
+ (read_radnom_source): Moved to here.
+ * dynload.c (dynload_getfnc_gather_random): New.
+ (dynload_getfnc_fast_random_poll): New.
+ (register_internal_cipher_extension): New.
+ (register_cipher_extension): Support of internal modules.
+
+Sun Nov 8 17:44:36 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * rand-unix.c (read_random_source): Removed the assert.
+
+Mon Oct 19 18:34:30 1998 me,,, (wk@tobold)
+
+ * pubkey.c: Hack to allow us to give some info about RSA keys back.
+
+Thu Oct 15 11:47:57 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * dynload.c: Support for DLD
+
+Wed Oct 14 12:13:07 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * rand-unix.c: Now uses names from configure for /dev/random.
+
+1998-10-10 SL Baur <steve@altair.xemacs.org>
+
+ * Makefile.am: fix sed -O substitutions to catch -O6, etc.
+
+Tue Oct 6 10:06:32 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * rand-unix.c (HAVE_GETTIMEOFDAY): Fixed (was ..GETTIMEOFTIME :-)
+ * rand-dummy.c (HAVE_GETTIMEOFDAY): Ditto.
+
+Mon Sep 28 13:23:09 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * md.c (md_digest): New.
+ (md_reset): New.
+
+Wed Sep 23 12:27:02 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * tiger.c (TIGER_CONTEXT): moved "buf", so that it is 64 bit aligned.
+
+Mon Sep 21 06:22:53 1998 Werner Koch (wk@(none))
+
+ * des.c: Some patches from Michael.
+
+Thu Sep 17 19:00:06 1998 Werner Koch (wk@(none))
+
+ * des.c : New file from Michael Roth <mroth@nessie.de>
+
+Mon Sep 14 11:10:55 1998 Werner Koch (wk@(none))
+
+ * blowfish.c (bf_setkey): Niklas Hernaeus patch to detect weak keys.
+
+Mon Sep 14 09:19:25 1998 Werner Koch (wk@(none))
+
+ * dynload.c (RTLD_NOW): Now defined to 1 if it is undefined.
+
+Mon Sep 7 17:04:33 1998 Werner Koch (wk@(none))
+
+ * Makefile.am: Fixes to allow a different build directory
+
+Thu Aug 6 17:25:38 1998 Werner Koch,mobil,,, (wk@tobold)
+
+ * random.c (get_random_byte): Removed and changed all callers
+ to use get_random_bits()
+
+Mon Jul 27 10:30:22 1998 Werner Koch (wk@(none))
+
+ * cipher.c : Support for other blocksizes
+ (cipher_get_blocksize): New.
+ * twofish.c: New.
+ * Makefile.am: Add twofish module.
+
+Mon Jul 13 21:30:52 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * random.c (read_pool): Simple alloc if secure_alloc is not set.
+ (get_random_bits): Ditto.
+
+Thu Jul 9 13:01:14 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * dynload.c (load_extension): Function now nbails out if
+ the program is run setuid.
+
+Wed Jul 8 18:58:23 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * rmd160.c (rmd160_hash_buffer): New.
+
+Thu Jul 2 10:50:30 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * cipher.c (cipher_open): algos >=100 use standard CFB
+
+Thu Jun 25 11:18:25 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * Makefile.am: Support for extensions
+
+Thu Jun 18 12:09:38 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * random.c (mix_pool): simpler handling for level 0
+
+Mon Jun 15 14:40:48 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * tiger.c: Removed from dist, will reappear as dynload module
+
+Sat Jun 13 14:16:57 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * pubkey.c: Major changes to allow extensions. Changed the inteface
+ of all public key ciphers and added the ability to load extensions
+ on demand.
+
+ * misc.c: Removed.
+
+Wed Jun 10 07:52:08 1998 Werner Koch,mobil,,, (wk@tobold)
+
+ * dynload.c: New.
+ * cipher.c: Major changes to allow extensions.
+
+Mon Jun 8 22:43:00 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * cipher.c: Major internal chnages to support extensions.
+ * blowfish.c (blowfish_get_info): New and made all internal
+ functions static, changed heder.
+ * cast5.c (cast5_get_info): Likewise.
+
+Mon Jun 8 12:27:52 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * tiger.c (transform): Fix for big endian
+
+ * cipher.c (do_cfb_decrypt): Big endian fix.
+
+Fri May 22 07:30:39 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * md.c (md_get_oid): Add a new one for TIGER.
+
+Thu May 21 13:24:52 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * cipher.c: Add support for a dummy cipher
+
+Thu May 14 15:40:36 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * rmd160.c (transform): fixed sigbus - I should better
+ add Christian von Roques's new implemenation of rmd160_write.
+
+Fri May 8 18:07:44 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * rand-internal.h, rand-unix.c, rand-w32.c, rand_dummy.c: New
+ * random.c: Moved system specific functions to rand-****.c
+
+Fri May 8 14:01:17 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * random.c (fast_random_poll): add call to gethrtime.
+
+Tue May 5 21:28:55 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * elgamal.c (elg_generate): choosing x was not correct, could
+ yield 6 bytes which are not from the random pool, tsss, tsss..
+
+Tue May 5 14:09:06 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * primegen.c (generate_elg_prime): Add arg mode, changed all
+ callers and implemented mode 1.
+
+Mon Apr 27 14:41:58 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * cipher.c (cipher_get_keylen): New.
+
+Sun Apr 26 14:44:52 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * tiger.c, tiger.h: New.
+
+Wed Apr 8 14:57:11 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * misc.c (check_pubkey_algo2): New.
+
+Tue Apr 7 18:46:49 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * cipher.c: New
+ * misc.c (check_cipher_algo): Moved to cipher.c
+ * cast5.c: Moved many functions to cipher.c
+ * blowfish.c: Likewise.
+
+Sat Apr 4 19:52:08 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * cast5.c: Implemented and tested.
+
+Wed Apr 1 16:38:27 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * elgamal.c (elg_generate): Faster generation of x in some cases.
+
+Thu Mar 19 13:54:48 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * blowfish.c (blowfish_decode_cfb): changed XOR operation
+ (blowfish_encode_cfb): Ditto.
+
+Thu Mar 12 14:04:05 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * sha1.c (transform): Rewrote
+
+ * blowfish.c (encrypt): Unrolled for rounds == 16
+ (decrypt): Ditto.
+
+Tue Mar 10 16:32:08 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * rmd160.c (transform): Unrolled the loop.
+
+Tue Mar 10 13:05:14 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * random.c (read_pool): Add pool_balance stuff.
+ (get_random_bits): New.
+
+ * elgamal.c (elg_generate): Now uses get_random_bits to generate x.
+
+
+Tue Mar 10 11:33:51 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * md.c (md_digest_length): New.
+
+Tue Mar 10 11:27:41 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * dsa.c (dsa_verify): Works.
+
+Mon Mar 9 12:59:08 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * dsa.c, dsa.h: Removed some unused code.
+
+Wed Mar 4 10:39:22 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * md.c (md_open): Add call to fast_random_poll.
+ blowfish.c (blowfish_setkey): Ditto.
+
+Tue Mar 3 13:32:54 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * rmd160.c (rmd160_mixblock): New.
+ * random.c: Restructured to start with a new RNG implementation.
+ * random.h: New.
+
+Mon Mar 2 19:21:46 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * gost.c, gost.h: Removed because they did only contain trash.
+
+Sun Mar 1 16:42:29 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * random.c (fill_buffer): removed error message if n == -1.
+
+Fri Feb 27 16:39:34 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * md.c (md_enable): No init if called twice.
+
+Thu Feb 26 07:57:02 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * primegen.c (generate_elg_prime): Changed the progress printing.
+ (gen_prime): Ditto.
+
+Tue Feb 24 12:28:42 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * md5.c, md.5 : Replaced by a modified version of md5.c from
+ GNU textutils 1.22.
+
+Wed Feb 18 14:08:30 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * md.c, md.h : New debugging support
+
+Mon Feb 16 10:08:47 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * misc.c (cipher_algo_to_string): New
+ (pubkey_algo_to_string): New.
+ (digest_algo_to_string): New.
+
+
+ Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006
+ 2007, 2008, 2009 Free Software Foundation, Inc.
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/grub-core/lib/libgcrypt-grub/cipher/arcfour.c b/grub-core/lib/libgcrypt-grub/cipher/arcfour.c
new file mode 100644
index 0000000..99f9c1c
--- /dev/null
+++ b/grub-core/lib/libgcrypt-grub/cipher/arcfour.c
@@ -0,0 +1,141 @@
+/* This file was automatically imported with
+ import_gcry.py. Please don't modify it */
+#include <grub/dl.h>
+GRUB_MOD_LICENSE ("GPLv3+");
+/* arcfour.c - The arcfour stream cipher
+ * Copyright (C) 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ *
+ * For a description of the algorithm, see:
+ * Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996.
+ * ISBN 0-471-11709-9. Pages 397 ff.
+ */
+
+
+#include "types.h"
+#include "g10lib.h"
+#include "cipher.h"
+
+
+typedef struct {
+ int idx_i, idx_j;
+ byte sbox[256];
+} ARCFOUR_context;
+
+static void
+do_encrypt_stream( ARCFOUR_context *ctx,
+ byte *outbuf, const byte *inbuf, unsigned int length )
+{
+ register int i = ctx->idx_i;
+ register int j = ctx->idx_j;
+ register byte *sbox = ctx->sbox;
+ register int t;
+
+ while ( length-- )
+ {
+ i++;
+ i = i & 255; /* The and-op seems to be faster than the mod-op. */
+ j += sbox[i];
+ j &= 255;
+ t = sbox[i]; sbox[i] = sbox[j]; sbox[j] = t;
+ *outbuf++ = *inbuf++ ^ sbox[(sbox[i] + sbox[j]) & 255];
+ }
+
+ ctx->idx_i = i;
+ ctx->idx_j = j;
+}
+
+static void
+encrypt_stream (void *context,
+ byte *outbuf, const byte *inbuf, unsigned int length)
+{
+ ARCFOUR_context *ctx = (ARCFOUR_context *) context;
+ do_encrypt_stream (ctx, outbuf, inbuf, length );
+ _gcry_burn_stack (64);
+}
+
+
+static gcry_err_code_t
+do_arcfour_setkey (void *context, const byte *key, unsigned int keylen)
+{
+ static int initialized;
+ static const char* selftest_failed;
+ int i, j;
+ byte karr[256];
+ ARCFOUR_context *ctx = (ARCFOUR_context *) context;
+
+ if (!initialized )
+ {
+ initialized = 1;
+ selftest_failed = selftest();
+ if( selftest_failed )
+ log_error ("ARCFOUR selftest failed (%s)\n", selftest_failed );
+ }
+ if( selftest_failed )
+ return GPG_ERR_SELFTEST_FAILED;
+
+ if( keylen < 40/8 ) /* we want at least 40 bits */
+ return GPG_ERR_INV_KEYLEN;
+
+ ctx->idx_i = ctx->idx_j = 0;
+ for (i=0; i < 256; i++ )
+ ctx->sbox[i] = i;
+ for (i=0; i < 256; i++ )
+ karr[i] = key[i%keylen];
+ for (i=j=0; i < 256; i++ )
+ {
+ int t;
+ j = (j + ctx->sbox[i] + karr[i]) % 256;
+ t = ctx->sbox[i];
+ ctx->sbox[i] = ctx->sbox[j];
+ ctx->sbox[j] = t;
+ }
+ memset( karr, 0, 256 );
+
+ return GPG_ERR_NO_ERROR;
+}
+
+static gcry_err_code_t
+arcfour_setkey ( void *context, const byte *key, unsigned int keylen )
+{
+ ARCFOUR_context *ctx = (ARCFOUR_context *) context;
+ gcry_err_code_t rc = do_arcfour_setkey (ctx, key, keylen );
+ _gcry_burn_stack (300);
+ return rc;
+}
+
+
+
+
+gcry_cipher_spec_t _gcry_cipher_spec_arcfour =
+ {
+ "ARCFOUR", NULL, NULL, 1, 128, sizeof (ARCFOUR_context),
+ arcfour_setkey, NULL, NULL, encrypt_stream, encrypt_stream,
+ };
+
+
+
+GRUB_MOD_INIT(gcry_arcfour)
+{
+ grub_cipher_register (&_gcry_cipher_spec_arcfour);
+}
+
+GRUB_MOD_FINI(gcry_arcfour)
+{
+ grub_cipher_unregister (&_gcry_cipher_spec_arcfour);
+}
diff --git a/grub-core/lib/libgcrypt-grub/cipher/bithelp.h b/grub-core/lib/libgcrypt-grub/cipher/bithelp.h
new file mode 100644
index 0000000..e957b4e
--- /dev/null
+++ b/grub-core/lib/libgcrypt-grub/cipher/bithelp.h
@@ -0,0 +1,57 @@
+/* This file was automatically imported with
+ import_gcry.py. Please don't modify it */
+#include <grub/dl.h>
+/* bithelp.h - Some bit manipulation helpers
+ * Copyright (C) 1999, 2002 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+#ifndef G10_BITHELP_H
+#define G10_BITHELP_H
+
+
+/****************
+ * Rotate the 32 bit unsigned integer X by N bits left/right
+ */
+#if defined(__GNUC__) && defined(__i386__)
+static inline u32
+rol( u32 x, int n)
+{
+ __asm__("roll %%cl,%0"
+ :"=r" (x)
+ :"0" (x),"c" (n));
+ return x;
+}
+#else
+#define rol(x,n) ( ((x) << (n)) | ((x) >> (32-(n))) )
+#endif
+
+#if defined(__GNUC__) && defined(__i386__)
+static inline u32
+ror(u32 x, int n)
+{
+ __asm__("rorl %%cl,%0"
+ :"=r" (x)
+ :"0" (x),"c" (n));
+ return x;
+}
+#else
+#define ror(x,n) ( ((x) >> (n)) | ((x) << (32-(n))) )
+#endif
+
+
+#endif /*G10_BITHELP_H*/
diff --git a/grub-core/lib/libgcrypt-grub/cipher/blowfish.c b/grub-core/lib/libgcrypt-grub/cipher/blowfish.c
new file mode 100644
index 0000000..3780889
--- /dev/null
+++ b/grub-core/lib/libgcrypt-grub/cipher/blowfish.c
@@ -0,0 +1,588 @@
+/* This file was automatically imported with
+ import_gcry.py. Please don't modify it */
+#include <grub/dl.h>
+GRUB_MOD_LICENSE ("GPLv3+");
+/* blowfish.c - Blowfish encryption
+ * Copyright (C) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ *
+ * For a description of the algorithm, see:
+ * Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996.
+ * ISBN 0-471-11709-9. Pages 336 ff.
+ */
+
+/* Test values:
+ * key "abcdefghijklmnopqrstuvwxyz";
+ * plain "BLOWFISH"
+ * cipher 32 4E D0 FE F4 13 A2 03
+ *
+ */
+
+#include "types.h"
+#include "g10lib.h"
+#include "cipher.h"
+
+#define BLOWFISH_BLOCKSIZE 8
+#define BLOWFISH_ROUNDS 16
+
+typedef struct {
+ u32 s0[256];
+ u32 s1[256];
+ u32 s2[256];
+ u32 s3[256];
+ u32 p[BLOWFISH_ROUNDS+2];
+} BLOWFISH_context;
+
+static gcry_err_code_t bf_setkey (void *c, const byte *key, unsigned keylen);
+static void encrypt_block (void *bc, byte *outbuf, const byte *inbuf);
+static void decrypt_block (void *bc, byte *outbuf, const byte *inbuf);
+
+
+/* precomputed S boxes */
+static const u32 ks0[256] = {
+ 0xD1310BA6,0x98DFB5AC,0x2FFD72DB,0xD01ADFB7,0xB8E1AFED,0x6A267E96,
+ 0xBA7C9045,0xF12C7F99,0x24A19947,0xB3916CF7,0x0801F2E2,0x858EFC16,
+ 0x636920D8,0x71574E69,0xA458FEA3,0xF4933D7E,0x0D95748F,0x728EB658,
+ 0x718BCD58,0x82154AEE,0x7B54A41D,0xC25A59B5,0x9C30D539,0x2AF26013,
+ 0xC5D1B023,0x286085F0,0xCA417918,0xB8DB38EF,0x8E79DCB0,0x603A180E,
+ 0x6C9E0E8B,0xB01E8A3E,0xD71577C1,0xBD314B27,0x78AF2FDA,0x55605C60,
+ 0xE65525F3,0xAA55AB94,0x57489862,0x63E81440,0x55CA396A,0x2AAB10B6,
+ 0xB4CC5C34,0x1141E8CE,0xA15486AF,0x7C72E993,0xB3EE1411,0x636FBC2A,
+ 0x2BA9C55D,0x741831F6,0xCE5C3E16,0x9B87931E,0xAFD6BA33,0x6C24CF5C,
+ 0x7A325381,0x28958677,0x3B8F4898,0x6B4BB9AF,0xC4BFE81B,0x66282193,
+ 0x61D809CC,0xFB21A991,0x487CAC60,0x5DEC8032,0xEF845D5D,0xE98575B1,
+ 0xDC262302,0xEB651B88,0x23893E81,0xD396ACC5,0x0F6D6FF3,0x83F44239,
+ 0x2E0B4482,0xA4842004,0x69C8F04A,0x9E1F9B5E,0x21C66842,0xF6E96C9A,
+ 0x670C9C61,0xABD388F0,0x6A51A0D2,0xD8542F68,0x960FA728,0xAB5133A3,
+ 0x6EEF0B6C,0x137A3BE4,0xBA3BF050,0x7EFB2A98,0xA1F1651D,0x39AF0176,
+ 0x66CA593E,0x82430E88,0x8CEE8619,0x456F9FB4,0x7D84A5C3,0x3B8B5EBE,
+ 0xE06F75D8,0x85C12073,0x401A449F,0x56C16AA6,0x4ED3AA62,0x363F7706,
+ 0x1BFEDF72,0x429B023D,0x37D0D724,0xD00A1248,0xDB0FEAD3,0x49F1C09B,
+ 0x075372C9,0x80991B7B,0x25D479D8,0xF6E8DEF7,0xE3FE501A,0xB6794C3B,
+ 0x976CE0BD,0x04C006BA,0xC1A94FB6,0x409F60C4,0x5E5C9EC2,0x196A2463,
+ 0x68FB6FAF,0x3E6C53B5,0x1339B2EB,0x3B52EC6F,0x6DFC511F,0x9B30952C,
+ 0xCC814544,0xAF5EBD09,0xBEE3D004,0xDE334AFD,0x660F2807,0x192E4BB3,
+ 0xC0CBA857,0x45C8740F,0xD20B5F39,0xB9D3FBDB,0x5579C0BD,0x1A60320A,
+ 0xD6A100C6,0x402C7279,0x679F25FE,0xFB1FA3CC,0x8EA5E9F8,0xDB3222F8,
+ 0x3C7516DF,0xFD616B15,0x2F501EC8,0xAD0552AB,0x323DB5FA,0xFD238760,
+ 0x53317B48,0x3E00DF82,0x9E5C57BB,0xCA6F8CA0,0x1A87562E,0xDF1769DB,
+ 0xD542A8F6,0x287EFFC3,0xAC6732C6,0x8C4F5573,0x695B27B0,0xBBCA58C8,
+ 0xE1FFA35D,0xB8F011A0,0x10FA3D98,0xFD2183B8,0x4AFCB56C,0x2DD1D35B,
+ 0x9A53E479,0xB6F84565,0xD28E49BC,0x4BFB9790,0xE1DDF2DA,0xA4CB7E33,
+ 0x62FB1341,0xCEE4C6E8,0xEF20CADA,0x36774C01,0xD07E9EFE,0x2BF11FB4,
+ 0x95DBDA4D,0xAE909198,0xEAAD8E71,0x6B93D5A0,0xD08ED1D0,0xAFC725E0,
+ 0x8E3C5B2F,0x8E7594B7,0x8FF6E2FB,0xF2122B64,0x8888B812,0x900DF01C,
+ 0x4FAD5EA0,0x688FC31C,0xD1CFF191,0xB3A8C1AD,0x2F2F2218,0xBE0E1777,
+ 0xEA752DFE,0x8B021FA1,0xE5A0CC0F,0xB56F74E8,0x18ACF3D6,0xCE89E299,
+ 0xB4A84FE0,0xFD13E0B7,0x7CC43B81,0xD2ADA8D9,0x165FA266,0x80957705,
+ 0x93CC7314,0x211A1477,0xE6AD2065,0x77B5FA86,0xC75442F5,0xFB9D35CF,
+ 0xEBCDAF0C,0x7B3E89A0,0xD6411BD3,0xAE1E7E49,0x00250E2D,0x2071B35E,
+ 0x226800BB,0x57B8E0AF,0x2464369B,0xF009B91E,0x5563911D,0x59DFA6AA,
+ 0x78C14389,0xD95A537F,0x207D5BA2,0x02E5B9C5,0x83260376,0x6295CFA9,
+ 0x11C81968,0x4E734A41,0xB3472DCA,0x7B14A94A,0x1B510052,0x9A532915,
+ 0xD60F573F,0xBC9BC6E4,0x2B60A476,0x81E67400,0x08BA6FB5,0x571BE91F,
+ 0xF296EC6B,0x2A0DD915,0xB6636521,0xE7B9F9B6,0xFF34052E,0xC5855664,
+ 0x53B02D5D,0xA99F8FA1,0x08BA4799,0x6E85076A };
+
+static const u32 ks1[256] = {
+ 0x4B7A70E9,0xB5B32944,0xDB75092E,0xC4192623,0xAD6EA6B0,0x49A7DF7D,
+ 0x9CEE60B8,0x8FEDB266,0xECAA8C71,0x699A17FF,0x5664526C,0xC2B19EE1,
+ 0x193602A5,0x75094C29,0xA0591340,0xE4183A3E,0x3F54989A,0x5B429D65,
+ 0x6B8FE4D6,0x99F73FD6,0xA1D29C07,0xEFE830F5,0x4D2D38E6,0xF0255DC1,
+ 0x4CDD2086,0x8470EB26,0x6382E9C6,0x021ECC5E,0x09686B3F,0x3EBAEFC9,
+ 0x3C971814,0x6B6A70A1,0x687F3584,0x52A0E286,0xB79C5305,0xAA500737,
+ 0x3E07841C,0x7FDEAE5C,0x8E7D44EC,0x5716F2B8,0xB03ADA37,0xF0500C0D,
+ 0xF01C1F04,0x0200B3FF,0xAE0CF51A,0x3CB574B2,0x25837A58,0xDC0921BD,
+ 0xD19113F9,0x7CA92FF6,0x94324773,0x22F54701,0x3AE5E581,0x37C2DADC,
+ 0xC8B57634,0x9AF3DDA7,0xA9446146,0x0FD0030E,0xECC8C73E,0xA4751E41,
+ 0xE238CD99,0x3BEA0E2F,0x3280BBA1,0x183EB331,0x4E548B38,0x4F6DB908,
+ 0x6F420D03,0xF60A04BF,0x2CB81290,0x24977C79,0x5679B072,0xBCAF89AF,
+ 0xDE9A771F,0xD9930810,0xB38BAE12,0xDCCF3F2E,0x5512721F,0x2E6B7124,
+ 0x501ADDE6,0x9F84CD87,0x7A584718,0x7408DA17,0xBC9F9ABC,0xE94B7D8C,
+ 0xEC7AEC3A,0xDB851DFA,0x63094366,0xC464C3D2,0xEF1C1847,0x3215D908,
+ 0xDD433B37,0x24C2BA16,0x12A14D43,0x2A65C451,0x50940002,0x133AE4DD,
+ 0x71DFF89E,0x10314E55,0x81AC77D6,0x5F11199B,0x043556F1,0xD7A3C76B,
+ 0x3C11183B,0x5924A509,0xF28FE6ED,0x97F1FBFA,0x9EBABF2C,0x1E153C6E,
+ 0x86E34570,0xEAE96FB1,0x860E5E0A,0x5A3E2AB3,0x771FE71C,0x4E3D06FA,
+ 0x2965DCB9,0x99E71D0F,0x803E89D6,0x5266C825,0x2E4CC978,0x9C10B36A,
+ 0xC6150EBA,0x94E2EA78,0xA5FC3C53,0x1E0A2DF4,0xF2F74EA7,0x361D2B3D,
+ 0x1939260F,0x19C27960,0x5223A708,0xF71312B6,0xEBADFE6E,0xEAC31F66,
+ 0xE3BC4595,0xA67BC883,0xB17F37D1,0x018CFF28,0xC332DDEF,0xBE6C5AA5,
+ 0x65582185,0x68AB9802,0xEECEA50F,0xDB2F953B,0x2AEF7DAD,0x5B6E2F84,
+ 0x1521B628,0x29076170,0xECDD4775,0x619F1510,0x13CCA830,0xEB61BD96,
+ 0x0334FE1E,0xAA0363CF,0xB5735C90,0x4C70A239,0xD59E9E0B,0xCBAADE14,
+ 0xEECC86BC,0x60622CA7,0x9CAB5CAB,0xB2F3846E,0x648B1EAF,0x19BDF0CA,
+ 0xA02369B9,0x655ABB50,0x40685A32,0x3C2AB4B3,0x319EE9D5,0xC021B8F7,
+ 0x9B540B19,0x875FA099,0x95F7997E,0x623D7DA8,0xF837889A,0x97E32D77,
+ 0x11ED935F,0x16681281,0x0E358829,0xC7E61FD6,0x96DEDFA1,0x7858BA99,
+ 0x57F584A5,0x1B227263,0x9B83C3FF,0x1AC24696,0xCDB30AEB,0x532E3054,
+ 0x8FD948E4,0x6DBC3128,0x58EBF2EF,0x34C6FFEA,0xFE28ED61,0xEE7C3C73,
+ 0x5D4A14D9,0xE864B7E3,0x42105D14,0x203E13E0,0x45EEE2B6,0xA3AAABEA,
+ 0xDB6C4F15,0xFACB4FD0,0xC742F442,0xEF6ABBB5,0x654F3B1D,0x41CD2105,
+ 0xD81E799E,0x86854DC7,0xE44B476A,0x3D816250,0xCF62A1F2,0x5B8D2646,
+ 0xFC8883A0,0xC1C7B6A3,0x7F1524C3,0x69CB7492,0x47848A0B,0x5692B285,
+ 0x095BBF00,0xAD19489D,0x1462B174,0x23820E00,0x58428D2A,0x0C55F5EA,
+ 0x1DADF43E,0x233F7061,0x3372F092,0x8D937E41,0xD65FECF1,0x6C223BDB,
+ 0x7CDE3759,0xCBEE7460,0x4085F2A7,0xCE77326E,0xA6078084,0x19F8509E,
+ 0xE8EFD855,0x61D99735,0xA969A7AA,0xC50C06C2,0x5A04ABFC,0x800BCADC,
+ 0x9E447A2E,0xC3453484,0xFDD56705,0x0E1E9EC9,0xDB73DBD3,0x105588CD,
+ 0x675FDA79,0xE3674340,0xC5C43465,0x713E38D8,0x3D28F89E,0xF16DFF20,
+ 0x153E21E7,0x8FB03D4A,0xE6E39F2B,0xDB83ADF7 };
+
+static const u32 ks2[256] = {
+ 0xE93D5A68,0x948140F7,0xF64C261C,0x94692934,0x411520F7,0x7602D4F7,
+ 0xBCF46B2E,0xD4A20068,0xD4082471,0x3320F46A,0x43B7D4B7,0x500061AF,
+ 0x1E39F62E,0x97244546,0x14214F74,0xBF8B8840,0x4D95FC1D,0x96B591AF,
+ 0x70F4DDD3,0x66A02F45,0xBFBC09EC,0x03BD9785,0x7FAC6DD0,0x31CB8504,
+ 0x96EB27B3,0x55FD3941,0xDA2547E6,0xABCA0A9A,0x28507825,0x530429F4,
+ 0x0A2C86DA,0xE9B66DFB,0x68DC1462,0xD7486900,0x680EC0A4,0x27A18DEE,
+ 0x4F3FFEA2,0xE887AD8C,0xB58CE006,0x7AF4D6B6,0xAACE1E7C,0xD3375FEC,
+ 0xCE78A399,0x406B2A42,0x20FE9E35,0xD9F385B9,0xEE39D7AB,0x3B124E8B,
+ 0x1DC9FAF7,0x4B6D1856,0x26A36631,0xEAE397B2,0x3A6EFA74,0xDD5B4332,
+ 0x6841E7F7,0xCA7820FB,0xFB0AF54E,0xD8FEB397,0x454056AC,0xBA489527,
+ 0x55533A3A,0x20838D87,0xFE6BA9B7,0xD096954B,0x55A867BC,0xA1159A58,
+ 0xCCA92963,0x99E1DB33,0xA62A4A56,0x3F3125F9,0x5EF47E1C,0x9029317C,
+ 0xFDF8E802,0x04272F70,0x80BB155C,0x05282CE3,0x95C11548,0xE4C66D22,
+ 0x48C1133F,0xC70F86DC,0x07F9C9EE,0x41041F0F,0x404779A4,0x5D886E17,
+ 0x325F51EB,0xD59BC0D1,0xF2BCC18F,0x41113564,0x257B7834,0x602A9C60,
+ 0xDFF8E8A3,0x1F636C1B,0x0E12B4C2,0x02E1329E,0xAF664FD1,0xCAD18115,
+ 0x6B2395E0,0x333E92E1,0x3B240B62,0xEEBEB922,0x85B2A20E,0xE6BA0D99,
+ 0xDE720C8C,0x2DA2F728,0xD0127845,0x95B794FD,0x647D0862,0xE7CCF5F0,
+ 0x5449A36F,0x877D48FA,0xC39DFD27,0xF33E8D1E,0x0A476341,0x992EFF74,
+ 0x3A6F6EAB,0xF4F8FD37,0xA812DC60,0xA1EBDDF8,0x991BE14C,0xDB6E6B0D,
+ 0xC67B5510,0x6D672C37,0x2765D43B,0xDCD0E804,0xF1290DC7,0xCC00FFA3,
+ 0xB5390F92,0x690FED0B,0x667B9FFB,0xCEDB7D9C,0xA091CF0B,0xD9155EA3,
+ 0xBB132F88,0x515BAD24,0x7B9479BF,0x763BD6EB,0x37392EB3,0xCC115979,
+ 0x8026E297,0xF42E312D,0x6842ADA7,0xC66A2B3B,0x12754CCC,0x782EF11C,
+ 0x6A124237,0xB79251E7,0x06A1BBE6,0x4BFB6350,0x1A6B1018,0x11CAEDFA,
+ 0x3D25BDD8,0xE2E1C3C9,0x44421659,0x0A121386,0xD90CEC6E,0xD5ABEA2A,
+ 0x64AF674E,0xDA86A85F,0xBEBFE988,0x64E4C3FE,0x9DBC8057,0xF0F7C086,
+ 0x60787BF8,0x6003604D,0xD1FD8346,0xF6381FB0,0x7745AE04,0xD736FCCC,
+ 0x83426B33,0xF01EAB71,0xB0804187,0x3C005E5F,0x77A057BE,0xBDE8AE24,
+ 0x55464299,0xBF582E61,0x4E58F48F,0xF2DDFDA2,0xF474EF38,0x8789BDC2,
+ 0x5366F9C3,0xC8B38E74,0xB475F255,0x46FCD9B9,0x7AEB2661,0x8B1DDF84,
+ 0x846A0E79,0x915F95E2,0x466E598E,0x20B45770,0x8CD55591,0xC902DE4C,
+ 0xB90BACE1,0xBB8205D0,0x11A86248,0x7574A99E,0xB77F19B6,0xE0A9DC09,
+ 0x662D09A1,0xC4324633,0xE85A1F02,0x09F0BE8C,0x4A99A025,0x1D6EFE10,
+ 0x1AB93D1D,0x0BA5A4DF,0xA186F20F,0x2868F169,0xDCB7DA83,0x573906FE,
+ 0xA1E2CE9B,0x4FCD7F52,0x50115E01,0xA70683FA,0xA002B5C4,0x0DE6D027,
+ 0x9AF88C27,0x773F8641,0xC3604C06,0x61A806B5,0xF0177A28,0xC0F586E0,
+ 0x006058AA,0x30DC7D62,0x11E69ED7,0x2338EA63,0x53C2DD94,0xC2C21634,
+ 0xBBCBEE56,0x90BCB6DE,0xEBFC7DA1,0xCE591D76,0x6F05E409,0x4B7C0188,
+ 0x39720A3D,0x7C927C24,0x86E3725F,0x724D9DB9,0x1AC15BB4,0xD39EB8FC,
+ 0xED545578,0x08FCA5B5,0xD83D7CD3,0x4DAD0FC4,0x1E50EF5E,0xB161E6F8,
+ 0xA28514D9,0x6C51133C,0x6FD5C7E7,0x56E14EC4,0x362ABFCE,0xDDC6C837,
+ 0xD79A3234,0x92638212,0x670EFA8E,0x406000E0 };
+
+static const u32 ks3[256] = {
+ 0x3A39CE37,0xD3FAF5CF,0xABC27737,0x5AC52D1B,0x5CB0679E,0x4FA33742,
+ 0xD3822740,0x99BC9BBE,0xD5118E9D,0xBF0F7315,0xD62D1C7E,0xC700C47B,
+ 0xB78C1B6B,0x21A19045,0xB26EB1BE,0x6A366EB4,0x5748AB2F,0xBC946E79,
+ 0xC6A376D2,0x6549C2C8,0x530FF8EE,0x468DDE7D,0xD5730A1D,0x4CD04DC6,
+ 0x2939BBDB,0xA9BA4650,0xAC9526E8,0xBE5EE304,0xA1FAD5F0,0x6A2D519A,
+ 0x63EF8CE2,0x9A86EE22,0xC089C2B8,0x43242EF6,0xA51E03AA,0x9CF2D0A4,
+ 0x83C061BA,0x9BE96A4D,0x8FE51550,0xBA645BD6,0x2826A2F9,0xA73A3AE1,
+ 0x4BA99586,0xEF5562E9,0xC72FEFD3,0xF752F7DA,0x3F046F69,0x77FA0A59,
+ 0x80E4A915,0x87B08601,0x9B09E6AD,0x3B3EE593,0xE990FD5A,0x9E34D797,
+ 0x2CF0B7D9,0x022B8B51,0x96D5AC3A,0x017DA67D,0xD1CF3ED6,0x7C7D2D28,
+ 0x1F9F25CF,0xADF2B89B,0x5AD6B472,0x5A88F54C,0xE029AC71,0xE019A5E6,
+ 0x47B0ACFD,0xED93FA9B,0xE8D3C48D,0x283B57CC,0xF8D56629,0x79132E28,
+ 0x785F0191,0xED756055,0xF7960E44,0xE3D35E8C,0x15056DD4,0x88F46DBA,
+ 0x03A16125,0x0564F0BD,0xC3EB9E15,0x3C9057A2,0x97271AEC,0xA93A072A,
+ 0x1B3F6D9B,0x1E6321F5,0xF59C66FB,0x26DCF319,0x7533D928,0xB155FDF5,
+ 0x03563482,0x8ABA3CBB,0x28517711,0xC20AD9F8,0xABCC5167,0xCCAD925F,
+ 0x4DE81751,0x3830DC8E,0x379D5862,0x9320F991,0xEA7A90C2,0xFB3E7BCE,
+ 0x5121CE64,0x774FBE32,0xA8B6E37E,0xC3293D46,0x48DE5369,0x6413E680,
+ 0xA2AE0810,0xDD6DB224,0x69852DFD,0x09072166,0xB39A460A,0x6445C0DD,
+ 0x586CDECF,0x1C20C8AE,0x5BBEF7DD,0x1B588D40,0xCCD2017F,0x6BB4E3BB,
+ 0xDDA26A7E,0x3A59FF45,0x3E350A44,0xBCB4CDD5,0x72EACEA8,0xFA6484BB,
+ 0x8D6612AE,0xBF3C6F47,0xD29BE463,0x542F5D9E,0xAEC2771B,0xF64E6370,
+ 0x740E0D8D,0xE75B1357,0xF8721671,0xAF537D5D,0x4040CB08,0x4EB4E2CC,
+ 0x34D2466A,0x0115AF84,0xE1B00428,0x95983A1D,0x06B89FB4,0xCE6EA048,
+ 0x6F3F3B82,0x3520AB82,0x011A1D4B,0x277227F8,0x611560B1,0xE7933FDC,
+ 0xBB3A792B,0x344525BD,0xA08839E1,0x51CE794B,0x2F32C9B7,0xA01FBAC9,
+ 0xE01CC87E,0xBCC7D1F6,0xCF0111C3,0xA1E8AAC7,0x1A908749,0xD44FBD9A,
+ 0xD0DADECB,0xD50ADA38,0x0339C32A,0xC6913667,0x8DF9317C,0xE0B12B4F,
+ 0xF79E59B7,0x43F5BB3A,0xF2D519FF,0x27D9459C,0xBF97222C,0x15E6FC2A,
+ 0x0F91FC71,0x9B941525,0xFAE59361,0xCEB69CEB,0xC2A86459,0x12BAA8D1,
+ 0xB6C1075E,0xE3056A0C,0x10D25065,0xCB03A442,0xE0EC6E0E,0x1698DB3B,
+ 0x4C98A0BE,0x3278E964,0x9F1F9532,0xE0D392DF,0xD3A0342B,0x8971F21E,
+ 0x1B0A7441,0x4BA3348C,0xC5BE7120,0xC37632D8,0xDF359F8D,0x9B992F2E,
+ 0xE60B6F47,0x0FE3F11D,0xE54CDA54,0x1EDAD891,0xCE6279CF,0xCD3E7E6F,
+ 0x1618B166,0xFD2C1D05,0x848FD2C5,0xF6FB2299,0xF523F357,0xA6327623,
+ 0x93A83531,0x56CCCD02,0xACF08162,0x5A75EBB5,0x6E163697,0x88D273CC,
+ 0xDE966292,0x81B949D0,0x4C50901B,0x71C65614,0xE6C6C7BD,0x327A140A,
+ 0x45E1D006,0xC3F27B9A,0xC9AA53FD,0x62A80F00,0xBB25BFE2,0x35BDD2F6,
+ 0x71126905,0xB2040222,0xB6CBCF7C,0xCD769C2B,0x53113EC0,0x1640E3D3,
+ 0x38ABBD60,0x2547ADF0,0xBA38209C,0xF746CE76,0x77AFA1C5,0x20756060,
+ 0x85CBFE4E,0x8AE88DD8,0x7AAAF9B0,0x4CF9AA7E,0x1948C25C,0x02FB8A8C,
+ 0x01C36AE4,0xD6EBE1F9,0x90D4F869,0xA65CDEA0,0x3F09252D,0xC208E69F,
+ 0xB74E6132,0xCE77E25B,0x578FDFE3,0x3AC372E6 };
+
+static const u32 ps[BLOWFISH_ROUNDS+2] = {
+ 0x243F6A88,0x85A308D3,0x13198A2E,0x03707344,0xA4093822,0x299F31D0,
+ 0x082EFA98,0xEC4E6C89,0x452821E6,0x38D01377,0xBE5466CF,0x34E90C6C,
+ 0xC0AC29B7,0xC97C50DD,0x3F84D5B5,0xB5470917,0x9216D5D9,0x8979FB1B };
+
+
+
+#if BLOWFISH_ROUNDS != 16
+static inline u32
+function_F( BLOWFISH_context *bc, u32 x )
+{
+ u16 a, b, c, d;
+
+#ifdef WORDS_BIGENDIAN
+ a = ((byte*)&x)[0];
+ b = ((byte*)&x)[1];
+ c = ((byte*)&x)[2];
+ d = ((byte*)&x)[3];
+#else
+ a = ((byte*)&x)[3];
+ b = ((byte*)&x)[2];
+ c = ((byte*)&x)[1];
+ d = ((byte*)&x)[0];
+#endif
+
+ return ((bc->s0[a] + bc->s1[b]) ^ bc->s2[c] ) + bc->s3[d];
+}
+#endif
+
+#ifdef WORDS_BIGENDIAN
+#define F(x) ((( s0[((byte*)&x)[0]] + s1[((byte*)&x)[1]]) \
+ ^ s2[((byte*)&x)[2]]) + s3[((byte*)&x)[3]] )
+#else
+#define F(x) ((( s0[((byte*)&x)[3]] + s1[((byte*)&x)[2]]) \
+ ^ s2[((byte*)&x)[1]]) + s3[((byte*)&x)[0]] )
+#endif
+#define R(l,r,i) do { l ^= p[i]; r ^= F(l); } while(0)
+
+
+static void
+do_encrypt ( BLOWFISH_context *bc, u32 *ret_xl, u32 *ret_xr )
+{
+#if BLOWFISH_ROUNDS == 16
+ u32 xl, xr, *s0, *s1, *s2, *s3, *p;
+
+ xl = *ret_xl;
+ xr = *ret_xr;
+ p = bc->p;
+ s0 = bc->s0;
+ s1 = bc->s1;
+ s2 = bc->s2;
+ s3 = bc->s3;
+
+ R( xl, xr, 0);
+ R( xr, xl, 1);
+ R( xl, xr, 2);
+ R( xr, xl, 3);
+ R( xl, xr, 4);
+ R( xr, xl, 5);
+ R( xl, xr, 6);
+ R( xr, xl, 7);
+ R( xl, xr, 8);
+ R( xr, xl, 9);
+ R( xl, xr, 10);
+ R( xr, xl, 11);
+ R( xl, xr, 12);
+ R( xr, xl, 13);
+ R( xl, xr, 14);
+ R( xr, xl, 15);
+
+ xl ^= p[BLOWFISH_ROUNDS];
+ xr ^= p[BLOWFISH_ROUNDS+1];
+
+ *ret_xl = xr;
+ *ret_xr = xl;
+
+#else
+ u32 xl, xr, temp, *p;
+ int i;
+
+ xl = *ret_xl;
+ xr = *ret_xr;
+ p = bc->p;
+
+ for(i=0; i < BLOWFISH_ROUNDS; i++ )
+ {
+ xl ^= p[i];
+ xr ^= function_F(bc, xl);
+ temp = xl;
+ xl = xr;
+ xr = temp;
+ }
+ temp = xl;
+ xl = xr;
+ xr = temp;
+
+ xr ^= p[BLOWFISH_ROUNDS];
+ xl ^= p[BLOWFISH_ROUNDS+1];
+
+ *ret_xl = xl;
+ *ret_xr = xr;
+#endif
+}
+
+
+static void
+decrypt ( BLOWFISH_context *bc, u32 *ret_xl, u32 *ret_xr )
+{
+#if BLOWFISH_ROUNDS == 16
+ u32 xl, xr, *s0, *s1, *s2, *s3, *p;
+
+ xl = *ret_xl;
+ xr = *ret_xr;
+ p = bc->p;
+ s0 = bc->s0;
+ s1 = bc->s1;
+ s2 = bc->s2;
+ s3 = bc->s3;
+
+ R( xl, xr, 17);
+ R( xr, xl, 16);
+ R( xl, xr, 15);
+ R( xr, xl, 14);
+ R( xl, xr, 13);
+ R( xr, xl, 12);
+ R( xl, xr, 11);
+ R( xr, xl, 10);
+ R( xl, xr, 9);
+ R( xr, xl, 8);
+ R( xl, xr, 7);
+ R( xr, xl, 6);
+ R( xl, xr, 5);
+ R( xr, xl, 4);
+ R( xl, xr, 3);
+ R( xr, xl, 2);
+
+ xl ^= p[1];
+ xr ^= p[0];
+
+ *ret_xl = xr;
+ *ret_xr = xl;
+
+#else
+ u32 xl, xr, temp, *p;
+ int i;
+
+ xl = *ret_xl;
+ xr = *ret_xr;
+ p = bc->p;
+
+ for (i=BLOWFISH_ROUNDS+1; i > 1; i-- )
+ {
+ xl ^= p[i];
+ xr ^= function_F(bc, xl);
+ temp = xl;
+ xl = xr;
+ xr = temp;
+ }
+
+ temp = xl;
+ xl = xr;
+ xr = temp;
+
+ xr ^= p[1];
+ xl ^= p[0];
+
+ *ret_xl = xl;
+ *ret_xr = xr;
+#endif
+}
+
+#undef F
+#undef R
+
+static void
+do_encrypt_block ( BLOWFISH_context *bc, byte *outbuf, const byte *inbuf )
+{
+ u32 d1, d2;
+
+ d1 = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
+ d2 = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];
+ do_encrypt( bc, &d1, &d2 );
+ outbuf[0] = (d1 >> 24) & 0xff;
+ outbuf[1] = (d1 >> 16) & 0xff;
+ outbuf[2] = (d1 >> 8) & 0xff;
+ outbuf[3] = d1 & 0xff;
+ outbuf[4] = (d2 >> 24) & 0xff;
+ outbuf[5] = (d2 >> 16) & 0xff;
+ outbuf[6] = (d2 >> 8) & 0xff;
+ outbuf[7] = d2 & 0xff;
+}
+
+static void
+encrypt_block (void *context, byte *outbuf, const byte *inbuf)
+{
+ BLOWFISH_context *bc = (BLOWFISH_context *) context;
+ do_encrypt_block (bc, outbuf, inbuf);
+ _gcry_burn_stack (64);
+}
+
+
+static void
+do_decrypt_block (BLOWFISH_context *bc, byte *outbuf, const byte *inbuf)
+{
+ u32 d1, d2;
+
+ d1 = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
+ d2 = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];
+ decrypt( bc, &d1, &d2 );
+ outbuf[0] = (d1 >> 24) & 0xff;
+ outbuf[1] = (d1 >> 16) & 0xff;
+ outbuf[2] = (d1 >> 8) & 0xff;
+ outbuf[3] = d1 & 0xff;
+ outbuf[4] = (d2 >> 24) & 0xff;
+ outbuf[5] = (d2 >> 16) & 0xff;
+ outbuf[6] = (d2 >> 8) & 0xff;
+ outbuf[7] = d2 & 0xff;
+}
+
+static void
+decrypt_block (void *context, byte *outbuf, const byte *inbuf)
+{
+ BLOWFISH_context *bc = (BLOWFISH_context *) context;
+ do_decrypt_block (bc, outbuf, inbuf);
+ _gcry_burn_stack (64);
+}
+
+
+
+
+
+static gcry_err_code_t
+do_bf_setkey (BLOWFISH_context *c, const byte *key, unsigned keylen)
+{
+ int i, j;
+ u32 data, datal, datar;
+ static int initialized;
+ static const char *selftest_failed;
+
+ if( !initialized )
+ {
+ initialized = 1;
+ selftest_failed = selftest();
+ if( selftest_failed )
+ log_error ("%s\n", selftest_failed );
+ }
+ if( selftest_failed )
+ return GPG_ERR_SELFTEST_FAILED;
+
+ for(i=0; i < BLOWFISH_ROUNDS+2; i++ )
+ c->p[i] = ps[i];
+ for(i=0; i < 256; i++ )
+ {
+ c->s0[i] = ks0[i];
+ c->s1[i] = ks1[i];
+ c->s2[i] = ks2[i];
+ c->s3[i] = ks3[i];
+ }
+
+ for(i=j=0; i < BLOWFISH_ROUNDS+2; i++ )
+ {
+#ifdef WORDS_BIGENDIAN
+ ((byte*)&data)[0] = key[j];
+ ((byte*)&data)[1] = key[(j+1)%keylen];
+ ((byte*)&data)[2] = key[(j+2)%keylen];
+ ((byte*)&data)[3] = key[(j+3)%keylen];
+#else
+ ((byte*)&data)[3] = key[j];
+ ((byte*)&data)[2] = key[(j+1)%keylen];
+ ((byte*)&data)[1] = key[(j+2)%keylen];
+ ((byte*)&data)[0] = key[(j+3)%keylen];
+#endif
+ c->p[i] ^= data;
+ j = (j+4) % keylen;
+ }
+
+ datal = datar = 0;
+ for(i=0; i < BLOWFISH_ROUNDS+2; i += 2 )
+ {
+ do_encrypt( c, &datal, &datar );
+ c->p[i] = datal;
+ c->p[i+1] = datar;
+ }
+ for(i=0; i < 256; i += 2 )
+ {
+ do_encrypt( c, &datal, &datar );
+ c->s0[i] = datal;
+ c->s0[i+1] = datar;
+ }
+ for(i=0; i < 256; i += 2 )
+ {
+ do_encrypt( c, &datal, &datar );
+ c->s1[i] = datal;
+ c->s1[i+1] = datar;
+ }
+ for(i=0; i < 256; i += 2 )
+ {
+ do_encrypt( c, &datal, &datar );
+ c->s2[i] = datal;
+ c->s2[i+1] = datar;
+ }
+ for(i=0; i < 256; i += 2 )
+ {
+ do_encrypt( c, &datal, &datar );
+ c->s3[i] = datal;
+ c->s3[i+1] = datar;
+ }
+
+
+ /* Check for weak key. A weak key is a key in which a value in
+ the P-array (here c) occurs more than once per table. */
+ for(i=0; i < 255; i++ )
+ {
+ for( j=i+1; j < 256; j++)
+ {
+ if( (c->s0[i] == c->s0[j]) || (c->s1[i] == c->s1[j]) ||
+ (c->s2[i] == c->s2[j]) || (c->s3[i] == c->s3[j]) )
+ return GPG_ERR_WEAK_KEY;
+ }
+ }
+
+ return GPG_ERR_NO_ERROR;
+}
+
+
+static gcry_err_code_t
+bf_setkey (void *context, const byte *key, unsigned keylen)
+{
+ BLOWFISH_context *c = (BLOWFISH_context *) context;
+ gcry_err_code_t rc = do_bf_setkey (c, key, keylen);
+ _gcry_burn_stack (64);
+ return rc;
+}
+
+
+gcry_cipher_spec_t _gcry_cipher_spec_blowfish =
+ {
+ "BLOWFISH", NULL, NULL, BLOWFISH_BLOCKSIZE, 128,
+ sizeof (BLOWFISH_context),
+ bf_setkey, encrypt_block, decrypt_block
+ };
+
+
+GRUB_MOD_INIT(gcry_blowfish)
+{
+ grub_cipher_register (&_gcry_cipher_spec_blowfish);
+}
+
+GRUB_MOD_FINI(gcry_blowfish)
+{
+ grub_cipher_unregister (&_gcry_cipher_spec_blowfish);
+}
diff --git a/grub-core/lib/libgcrypt-grub/cipher/camellia-glue.c b/grub-core/lib/libgcrypt-grub/cipher/camellia-glue.c
new file mode 100644
index 0000000..c620191
--- /dev/null
+++ b/grub-core/lib/libgcrypt-grub/cipher/camellia-glue.c
@@ -0,0 +1,199 @@
+/* This file was automatically imported with
+ import_gcry.py. Please don't modify it */
+#include <grub/dl.h>
+GRUB_MOD_LICENSE ("GPLv3+");
+/* camellia-glue.c - Glue for the Camellia cipher
+ * Copyright (C) 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/* I put all the libgcrypt-specific stuff in this file to keep the
+ camellia.c/camellia.h files exactly as provided by NTT. If they
+ update their code, this should make it easier to bring the changes
+ in. - dshaw
+
+ There is one small change which needs to be done: Include the
+ following code at the top of camellia.h: */
+#if 0
+
+/* To use Camellia with libraries it is often useful to keep the name
+ * space of the library clean. The following macro is thus useful:
+ *
+ * #define CAMELLIA_EXT_SYM_PREFIX foo_
+ *
+ * This prefixes all external symbols with "foo_".
+ */
+#ifdef HAVE_CONFIG_H
+#endif
+#ifdef CAMELLIA_EXT_SYM_PREFIX
+#define CAMELLIA_PREFIX1(x,y) x ## y
+#define CAMELLIA_PREFIX2(x,y) CAMELLIA_PREFIX1(x,y)
+#define CAMELLIA_PREFIX(x) CAMELLIA_PREFIX2(CAMELLIA_EXT_SYM_PREFIX,x)
+#define Camellia_Ekeygen CAMELLIA_PREFIX(Camellia_Ekeygen)
+#define Camellia_EncryptBlock CAMELLIA_PREFIX(Camellia_EncryptBlock)
+#define Camellia_DecryptBlock CAMELLIA_PREFIX(Camellia_DecryptBlock)
+#define camellia_decrypt128 CAMELLIA_PREFIX(camellia_decrypt128)
+#define camellia_decrypt256 CAMELLIA_PREFIX(camellia_decrypt256)
+#define camellia_encrypt128 CAMELLIA_PREFIX(camellia_encrypt128)
+#define camellia_encrypt256 CAMELLIA_PREFIX(camellia_encrypt256)
+#define camellia_setup128 CAMELLIA_PREFIX(camellia_setup128)
+#define camellia_setup192 CAMELLIA_PREFIX(camellia_setup192)
+#define camellia_setup256 CAMELLIA_PREFIX(camellia_setup256)
+#endif /*CAMELLIA_EXT_SYM_PREFIX*/
+
+#endif /* Code sample. */
+
+
+#include "types.h"
+#include "g10lib.h"
+#include "cipher.h"
+#include "camellia.h"
+
+typedef struct
+{
+ int keybitlength;
+ KEY_TABLE_TYPE keytable;
+} CAMELLIA_context;
+
+
+static gcry_err_code_t
+camellia_setkey(void *c, const byte *key, unsigned keylen)
+{
+ CAMELLIA_context *ctx=c;
+ static int initialized=0;
+ static const char *selftest_failed=NULL;
+
+ if(keylen!=16 && keylen!=24 && keylen!=32)
+ return GPG_ERR_INV_KEYLEN;
+
+ if(!initialized)
+ {
+ initialized=1;
+ selftest_failed=selftest();
+ if(selftest_failed)
+ log_error("%s\n",selftest_failed);
+ }
+
+ if(selftest_failed)
+ return GPG_ERR_SELFTEST_FAILED;
+
+ ctx->keybitlength=keylen*8;
+ Camellia_Ekeygen(ctx->keybitlength,key,ctx->keytable);
+ _gcry_burn_stack
+ ((19+34+34)*sizeof(u32)+2*sizeof(void*) /* camellia_setup256 */
+ +(4+32)*sizeof(u32)+2*sizeof(void*) /* camellia_setup192 */
+ +0+sizeof(int)+2*sizeof(void*) /* Camellia_Ekeygen */
+ +3*2*sizeof(void*) /* Function calls. */
+ );
+
+ return 0;
+}
+
+static void
+camellia_encrypt(void *c, byte *outbuf, const byte *inbuf)
+{
+ CAMELLIA_context *ctx=c;
+
+ Camellia_EncryptBlock(ctx->keybitlength,inbuf,ctx->keytable,outbuf);
+ _gcry_burn_stack
+ (sizeof(int)+2*sizeof(unsigned char *)+sizeof(KEY_TABLE_TYPE)
+ +4*sizeof(u32)
+ +2*sizeof(u32*)+4*sizeof(u32)
+ +2*2*sizeof(void*) /* Function calls. */
+ );
+}
+
+static void
+camellia_decrypt(void *c, byte *outbuf, const byte *inbuf)
+{
+ CAMELLIA_context *ctx=c;
+
+ Camellia_DecryptBlock(ctx->keybitlength,inbuf,ctx->keytable,outbuf);
+ _gcry_burn_stack
+ (sizeof(int)+2*sizeof(unsigned char *)+sizeof(KEY_TABLE_TYPE)
+ +4*sizeof(u32)
+ +2*sizeof(u32*)+4*sizeof(u32)
+ +2*2*sizeof(void*) /* Function calls. */
+ );
+}
+
+
+/* These oids are from
+ <http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications_oid.html>,
+ retrieved May 1, 2007. */
+
+static gcry_cipher_oid_spec_t camellia128_oids[] =
+ {
+ {"1.2.392.200011.61.1.1.1.2", GCRY_CIPHER_MODE_CBC},
+ {"0.3.4401.5.3.1.9.1", GCRY_CIPHER_MODE_ECB},
+ {"0.3.4401.5.3.1.9.3", GCRY_CIPHER_MODE_OFB},
+ {"0.3.4401.5.3.1.9.4", GCRY_CIPHER_MODE_CFB},
+ { NULL }
+ };
+
+static gcry_cipher_oid_spec_t camellia192_oids[] =
+ {
+ {"1.2.392.200011.61.1.1.1.3", GCRY_CIPHER_MODE_CBC},
+ {"0.3.4401.5.3.1.9.21", GCRY_CIPHER_MODE_ECB},
+ {"0.3.4401.5.3.1.9.23", GCRY_CIPHER_MODE_OFB},
+ {"0.3.4401.5.3.1.9.24", GCRY_CIPHER_MODE_CFB},
+ { NULL }
+ };
+
+static gcry_cipher_oid_spec_t camellia256_oids[] =
+ {
+ {"1.2.392.200011.61.1.1.1.4", GCRY_CIPHER_MODE_CBC},
+ {"0.3.4401.5.3.1.9.41", GCRY_CIPHER_MODE_ECB},
+ {"0.3.4401.5.3.1.9.43", GCRY_CIPHER_MODE_OFB},
+ {"0.3.4401.5.3.1.9.44", GCRY_CIPHER_MODE_CFB},
+ { NULL }
+ };
+
+gcry_cipher_spec_t _gcry_cipher_spec_camellia128 =
+ {
+ "CAMELLIA128",NULL,camellia128_oids,CAMELLIA_BLOCK_SIZE,128,
+ sizeof(CAMELLIA_context),camellia_setkey,camellia_encrypt,camellia_decrypt
+ };
+
+gcry_cipher_spec_t _gcry_cipher_spec_camellia192 =
+ {
+ "CAMELLIA192",NULL,camellia192_oids,CAMELLIA_BLOCK_SIZE,192,
+ sizeof(CAMELLIA_context),camellia_setkey,camellia_encrypt,camellia_decrypt
+ };
+
+gcry_cipher_spec_t _gcry_cipher_spec_camellia256 =
+ {
+ "CAMELLIA256",NULL,camellia256_oids,CAMELLIA_BLOCK_SIZE,256,
+ sizeof(CAMELLIA_context),camellia_setkey,camellia_encrypt,camellia_decrypt
+ };
+
+
+GRUB_MOD_INIT(gcry_camellia)
+{
+ grub_cipher_register (&_gcry_cipher_spec_camellia128);
+ grub_cipher_register (&_gcry_cipher_spec_camellia192);
+ grub_cipher_register (&_gcry_cipher_spec_camellia256);
+}
+
+GRUB_MOD_FINI(gcry_camellia)
+{
+ grub_cipher_unregister (&_gcry_cipher_spec_camellia128);
+ grub_cipher_unregister (&_gcry_cipher_spec_camellia192);
+ grub_cipher_unregister (&_gcry_cipher_spec_camellia256);
+}
diff --git a/grub-core/lib/libgcrypt-grub/cipher/camellia.c b/grub-core/lib/libgcrypt-grub/cipher/camellia.c
new file mode 100644
index 0000000..6ef6e74
--- /dev/null
+++ b/grub-core/lib/libgcrypt-grub/cipher/camellia.c
@@ -0,0 +1,1463 @@
+/* This file was automatically imported with
+ import_gcry.py. Please don't modify it */
+#include <grub/dl.h>
+GRUB_MOD_LICENSE ("GPLv3+");
+/* camellia.h ver 1.2.0
+ *
+ * Copyright (C) 2006,2007
+ * NTT (Nippon Telegraph and Telephone Corporation).
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/*
+ * Algorithm Specification
+ * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
+ */
+
+
+#include "camellia.h"
+
+/* u32 must be 32bit word */
+typedef unsigned int u32;
+typedef unsigned char u8;
+
+/* key constants */
+
+#define CAMELLIA_SIGMA1L (0xA09E667FL)
+#define CAMELLIA_SIGMA1R (0x3BCC908BL)
+#define CAMELLIA_SIGMA2L (0xB67AE858L)
+#define CAMELLIA_SIGMA2R (0x4CAA73B2L)
+#define CAMELLIA_SIGMA3L (0xC6EF372FL)
+#define CAMELLIA_SIGMA3R (0xE94F82BEL)
+#define CAMELLIA_SIGMA4L (0x54FF53A5L)
+#define CAMELLIA_SIGMA4R (0xF1D36F1CL)
+#define CAMELLIA_SIGMA5L (0x10E527FAL)
+#define CAMELLIA_SIGMA5R (0xDE682D1DL)
+#define CAMELLIA_SIGMA6L (0xB05688C2L)
+#define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
+
+/*
+ * macros
+ */
+
+
+#if defined(_MSC_VER)
+
+# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
+# define GETU32(p) SWAP(*((u32 *)(p)))
+# define PUTU32(ct, st) {*((u32 *)(ct)) = SWAP((st));}
+
+#else /* not MS-VC */
+
+# define GETU32(pt) \
+ (((u32)(pt)[0] << 24) \
+ ^ ((u32)(pt)[1] << 16) \
+ ^ ((u32)(pt)[2] << 8) \
+ ^ ((u32)(pt)[3]))
+
+# define PUTU32(ct, st) { \
+ (ct)[0] = (u8)((st) >> 24); \
+ (ct)[1] = (u8)((st) >> 16); \
+ (ct)[2] = (u8)((st) >> 8); \
+ (ct)[3] = (u8)(st); }
+
+#endif
+
+#define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
+#define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
+
+/* rotation right shift 1byte */
+#define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
+/* rotation left shift 1bit */
+#define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
+/* rotation left shift 1byte */
+#define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
+
+#define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
+ do { \
+ w0 = ll; \
+ ll = (ll << bits) + (lr >> (32 - bits)); \
+ lr = (lr << bits) + (rl >> (32 - bits)); \
+ rl = (rl << bits) + (rr >> (32 - bits)); \
+ rr = (rr << bits) + (w0 >> (32 - bits)); \
+ } while(0)
+
+#define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
+ do { \
+ w0 = ll; \
+ w1 = lr; \
+ ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
+ lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
+ rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
+ rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
+ } while(0)
+
+#define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
+#define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
+#define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
+#define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
+
+#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
+ do { \
+ il = xl ^ kl; \
+ ir = xr ^ kr; \
+ t0 = il >> 16; \
+ t1 = ir >> 16; \
+ yl = CAMELLIA_SP1110(ir & 0xff) \
+ ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
+ ^ CAMELLIA_SP3033(t1 & 0xff) \
+ ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
+ yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
+ ^ CAMELLIA_SP0222(t0 & 0xff) \
+ ^ CAMELLIA_SP3033((il >> 8) & 0xff) \
+ ^ CAMELLIA_SP4404(il & 0xff); \
+ yl ^= yr; \
+ yr = CAMELLIA_RR8(yr); \
+ yr ^= yl; \
+ } while(0)
+
+
+/*
+ * for speed up
+ *
+ */
+#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
+ do { \
+ t0 = kll; \
+ t0 &= ll; \
+ lr ^= CAMELLIA_RL1(t0); \
+ t1 = klr; \
+ t1 |= lr; \
+ ll ^= t1; \
+ \
+ t2 = krr; \
+ t2 |= rr; \
+ rl ^= t2; \
+ t3 = krl; \
+ t3 &= rl; \
+ rr ^= CAMELLIA_RL1(t3); \
+ } while(0)
+
+#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
+ do { \
+ ir = CAMELLIA_SP1110(xr & 0xff) \
+ ^ CAMELLIA_SP0222((xr >> 24) & 0xff) \
+ ^ CAMELLIA_SP3033((xr >> 16) & 0xff) \
+ ^ CAMELLIA_SP4404((xr >> 8) & 0xff); \
+ il = CAMELLIA_SP1110((xl >> 24) & 0xff) \
+ ^ CAMELLIA_SP0222((xl >> 16) & 0xff) \
+ ^ CAMELLIA_SP3033((xl >> 8) & 0xff) \
+ ^ CAMELLIA_SP4404(xl & 0xff); \
+ il ^= kl; \
+ ir ^= kr; \
+ ir ^= il; \
+ il = CAMELLIA_RR8(il); \
+ il ^= ir; \
+ yl ^= ir; \
+ yr ^= il; \
+ } while(0)
+
+
+static const u32 camellia_sp1110[256] = {
+ 0x70707000,0x82828200,0x2c2c2c00,0xececec00,
+ 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
+ 0xe4e4e400,0x85858500,0x57575700,0x35353500,
+ 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
+ 0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
+ 0x45454500,0x19191900,0xa5a5a500,0x21212100,
+ 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
+ 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
+ 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
+ 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
+ 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
+ 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
+ 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
+ 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
+ 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
+ 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
+ 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
+ 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
+ 0x74747400,0x12121200,0x2b2b2b00,0x20202000,
+ 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
+ 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
+ 0x34343400,0x7e7e7e00,0x76767600,0x05050500,
+ 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
+ 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
+ 0x14141400,0x58585800,0x3a3a3a00,0x61616100,
+ 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
+ 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
+ 0x53535300,0x18181800,0xf2f2f200,0x22222200,
+ 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
+ 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
+ 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
+ 0x60606000,0xfcfcfc00,0x69696900,0x50505000,
+ 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
+ 0xa1a1a100,0x89898900,0x62626200,0x97979700,
+ 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
+ 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
+ 0x10101000,0xc4c4c400,0x00000000,0x48484800,
+ 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
+ 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
+ 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
+ 0x87878700,0x5c5c5c00,0x83838300,0x02020200,
+ 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
+ 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
+ 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
+ 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
+ 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
+ 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
+ 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
+ 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
+ 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
+ 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
+ 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
+ 0x78787800,0x98989800,0x06060600,0x6a6a6a00,
+ 0xe7e7e700,0x46464600,0x71717100,0xbababa00,
+ 0xd4d4d400,0x25252500,0xababab00,0x42424200,
+ 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
+ 0x72727200,0x07070700,0xb9b9b900,0x55555500,
+ 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
+ 0x36363600,0x49494900,0x2a2a2a00,0x68686800,
+ 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
+ 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
+ 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
+ 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
+ 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
+};
+
+static const u32 camellia_sp0222[256] = {
+ 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
+ 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
+ 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
+ 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
+ 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
+ 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
+ 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
+ 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
+ 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
+ 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
+ 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
+ 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
+ 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
+ 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
+ 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
+ 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
+ 0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
+ 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
+ 0x00e8e8e8,0x00242424,0x00565656,0x00404040,
+ 0x00e1e1e1,0x00636363,0x00090909,0x00333333,
+ 0x00bfbfbf,0x00989898,0x00979797,0x00858585,
+ 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
+ 0x00dadada,0x006f6f6f,0x00535353,0x00626262,
+ 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
+ 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
+ 0x00bdbdbd,0x00363636,0x00222222,0x00383838,
+ 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
+ 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
+ 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
+ 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
+ 0x00484848,0x00101010,0x00d1d1d1,0x00515151,
+ 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
+ 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
+ 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
+ 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
+ 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
+ 0x00202020,0x00898989,0x00000000,0x00909090,
+ 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
+ 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
+ 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
+ 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
+ 0x009b9b9b,0x00949494,0x00212121,0x00666666,
+ 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
+ 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
+ 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
+ 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
+ 0x00030303,0x002d2d2d,0x00dedede,0x00969696,
+ 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
+ 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
+ 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
+ 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
+ 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
+ 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
+ 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
+ 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
+ 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
+ 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
+ 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
+ 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
+ 0x00787878,0x00707070,0x00e3e3e3,0x00494949,
+ 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
+ 0x00777777,0x00939393,0x00868686,0x00838383,
+ 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
+ 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
+};
+
+static const u32 camellia_sp3033[256] = {
+ 0x38003838,0x41004141,0x16001616,0x76007676,
+ 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
+ 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
+ 0x75007575,0x06000606,0x57005757,0xa000a0a0,
+ 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
+ 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
+ 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
+ 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
+ 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
+ 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
+ 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
+ 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
+ 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
+ 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
+ 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
+ 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
+ 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
+ 0xfd00fdfd,0x66006666,0x58005858,0x96009696,
+ 0x3a003a3a,0x09000909,0x95009595,0x10001010,
+ 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
+ 0xef00efef,0x26002626,0xe500e5e5,0x61006161,
+ 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
+ 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
+ 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
+ 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
+ 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
+ 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
+ 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
+ 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
+ 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
+ 0x12001212,0x04000404,0x74007474,0x54005454,
+ 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
+ 0x55005555,0x68006868,0x50005050,0xbe00bebe,
+ 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
+ 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
+ 0x70007070,0xff00ffff,0x32003232,0x69006969,
+ 0x08000808,0x62006262,0x00000000,0x24002424,
+ 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
+ 0x45004545,0x81008181,0x73007373,0x6d006d6d,
+ 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
+ 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
+ 0xe600e6e6,0x25002525,0x48004848,0x99009999,
+ 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
+ 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
+ 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
+ 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
+ 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
+ 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
+ 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
+ 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
+ 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
+ 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
+ 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
+ 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
+ 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
+ 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
+ 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
+ 0x7c007c7c,0x77007777,0x56005656,0x05000505,
+ 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
+ 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
+ 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
+ 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
+ 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
+ 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
+};
+
+static const u32 camellia_sp4404[256] = {
+ 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
+ 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
+ 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
+ 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
+ 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
+ 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
+ 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
+ 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
+ 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
+ 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
+ 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
+ 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
+ 0x14140014,0x3a3a003a,0xdede00de,0x11110011,
+ 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
+ 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
+ 0x24240024,0xe8e800e8,0x60600060,0x69690069,
+ 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
+ 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
+ 0x10100010,0x00000000,0xa3a300a3,0x75750075,
+ 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
+ 0x87870087,0x83830083,0xcdcd00cd,0x90900090,
+ 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
+ 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
+ 0x81810081,0x6f6f006f,0x13130013,0x63630063,
+ 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
+ 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
+ 0x78780078,0x06060006,0xe7e700e7,0x71710071,
+ 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
+ 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
+ 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
+ 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
+ 0x15150015,0xadad00ad,0x77770077,0x80800080,
+ 0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
+ 0x85850085,0x35350035,0x0c0c000c,0x41410041,
+ 0xefef00ef,0x93930093,0x19190019,0x21210021,
+ 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
+ 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
+ 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
+ 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
+ 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
+ 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
+ 0x12120012,0x20200020,0xb1b100b1,0x99990099,
+ 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
+ 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
+ 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
+ 0x0f0f000f,0x16160016,0x18180018,0x22220022,
+ 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
+ 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
+ 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
+ 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
+ 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
+ 0x03030003,0xdada00da,0x3f3f003f,0x94940094,
+ 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
+ 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
+ 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
+ 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
+ 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
+ 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
+ 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
+ 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
+ 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
+ 0x49490049,0x68680068,0x38380038,0xa4a400a4,
+ 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
+ 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
+};
+
+
+/**
+ * Stuff related to the Camellia key schedule
+ */
+#define subl(x) subL[(x)]
+#define subr(x) subR[(x)]
+
+void camellia_setup128(const unsigned char *key, u32 *subkey)
+{
+ u32 kll, klr, krl, krr;
+ u32 il, ir, t0, t1, w0, w1;
+ u32 kw4l, kw4r, dw, tl, tr;
+ u32 subL[26];
+ u32 subR[26];
+
+ /**
+ * k == kll || klr || krl || krr (|| is concatination)
+ */
+ kll = GETU32(key );
+ klr = GETU32(key + 4);
+ krl = GETU32(key + 8);
+ krr = GETU32(key + 12);
+ /**
+ * generate KL dependent subkeys
+ */
+ subl(0) = kll; subr(0) = klr;
+ subl(1) = krl; subr(1) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+ subl(4) = kll; subr(4) = klr;
+ subl(5) = krl; subr(5) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
+ subl(10) = kll; subr(10) = klr;
+ subl(11) = krl; subr(11) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+ subl(13) = krl; subr(13) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+ subl(16) = kll; subr(16) = klr;
+ subl(17) = krl; subr(17) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+ subl(18) = kll; subr(18) = klr;
+ subl(19) = krl; subr(19) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+ subl(22) = kll; subr(22) = klr;
+ subl(23) = krl; subr(23) = krr;
+
+ /* generate KA */
+ kll = subl(0); klr = subr(0);
+ krl = subl(1); krr = subr(1);
+ CAMELLIA_F(kll, klr,
+ CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
+ w0, w1, il, ir, t0, t1);
+ krl ^= w0; krr ^= w1;
+ CAMELLIA_F(krl, krr,
+ CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
+ kll, klr, il, ir, t0, t1);
+ CAMELLIA_F(kll, klr,
+ CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
+ krl, krr, il, ir, t0, t1);
+ krl ^= w0; krr ^= w1;
+ CAMELLIA_F(krl, krr,
+ CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
+ w0, w1, il, ir, t0, t1);
+ kll ^= w0; klr ^= w1;
+
+ /* generate KA dependent subkeys */
+ subl(2) = kll; subr(2) = klr;
+ subl(3) = krl; subr(3) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+ subl(6) = kll; subr(6) = klr;
+ subl(7) = krl; subr(7) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+ subl(8) = kll; subr(8) = klr;
+ subl(9) = krl; subr(9) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+ subl(12) = kll; subr(12) = klr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+ subl(14) = kll; subr(14) = klr;
+ subl(15) = krl; subr(15) = krr;
+ CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
+ subl(20) = kll; subr(20) = klr;
+ subl(21) = krl; subr(21) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+ subl(24) = kll; subr(24) = klr;
+ subl(25) = krl; subr(25) = krr;
+
+
+ /* absorb kw2 to other subkeys */
+ subl(3) ^= subl(1); subr(3) ^= subr(1);
+ subl(5) ^= subl(1); subr(5) ^= subr(1);
+ subl(7) ^= subl(1); subr(7) ^= subr(1);
+ subl(1) ^= subr(1) & ~subr(9);
+ dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
+ subl(11) ^= subl(1); subr(11) ^= subr(1);
+ subl(13) ^= subl(1); subr(13) ^= subr(1);
+ subl(15) ^= subl(1); subr(15) ^= subr(1);
+ subl(1) ^= subr(1) & ~subr(17);
+ dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
+ subl(19) ^= subl(1); subr(19) ^= subr(1);
+ subl(21) ^= subl(1); subr(21) ^= subr(1);
+ subl(23) ^= subl(1); subr(23) ^= subr(1);
+ subl(24) ^= subl(1); subr(24) ^= subr(1);
+
+ /* absorb kw4 to other subkeys */
+ kw4l = subl(25); kw4r = subr(25);
+ subl(22) ^= kw4l; subr(22) ^= kw4r;
+ subl(20) ^= kw4l; subr(20) ^= kw4r;
+ subl(18) ^= kw4l; subr(18) ^= kw4r;
+ kw4l ^= kw4r & ~subr(16);
+ dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
+ subl(14) ^= kw4l; subr(14) ^= kw4r;
+ subl(12) ^= kw4l; subr(12) ^= kw4r;
+ subl(10) ^= kw4l; subr(10) ^= kw4r;
+ kw4l ^= kw4r & ~subr(8);
+ dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
+ subl(6) ^= kw4l; subr(6) ^= kw4r;
+ subl(4) ^= kw4l; subr(4) ^= kw4r;
+ subl(2) ^= kw4l; subr(2) ^= kw4r;
+ subl(0) ^= kw4l; subr(0) ^= kw4r;
+
+ /* key XOR is end of F-function */
+ CamelliaSubkeyL(0) = subl(0) ^ subl(2);
+ CamelliaSubkeyR(0) = subr(0) ^ subr(2);
+ CamelliaSubkeyL(2) = subl(3);
+ CamelliaSubkeyR(2) = subr(3);
+ CamelliaSubkeyL(3) = subl(2) ^ subl(4);
+ CamelliaSubkeyR(3) = subr(2) ^ subr(4);
+ CamelliaSubkeyL(4) = subl(3) ^ subl(5);
+ CamelliaSubkeyR(4) = subr(3) ^ subr(5);
+ CamelliaSubkeyL(5) = subl(4) ^ subl(6);
+ CamelliaSubkeyR(5) = subr(4) ^ subr(6);
+ CamelliaSubkeyL(6) = subl(5) ^ subl(7);
+ CamelliaSubkeyR(6) = subr(5) ^ subr(7);
+ tl = subl(10) ^ (subr(10) & ~subr(8));
+ dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(7) = subl(6) ^ tl;
+ CamelliaSubkeyR(7) = subr(6) ^ tr;
+ CamelliaSubkeyL(8) = subl(8);
+ CamelliaSubkeyR(8) = subr(8);
+ CamelliaSubkeyL(9) = subl(9);
+ CamelliaSubkeyR(9) = subr(9);
+ tl = subl(7) ^ (subr(7) & ~subr(9));
+ dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(10) = tl ^ subl(11);
+ CamelliaSubkeyR(10) = tr ^ subr(11);
+ CamelliaSubkeyL(11) = subl(10) ^ subl(12);
+ CamelliaSubkeyR(11) = subr(10) ^ subr(12);
+ CamelliaSubkeyL(12) = subl(11) ^ subl(13);
+ CamelliaSubkeyR(12) = subr(11) ^ subr(13);
+ CamelliaSubkeyL(13) = subl(12) ^ subl(14);
+ CamelliaSubkeyR(13) = subr(12) ^ subr(14);
+ CamelliaSubkeyL(14) = subl(13) ^ subl(15);
+ CamelliaSubkeyR(14) = subr(13) ^ subr(15);
+ tl = subl(18) ^ (subr(18) & ~subr(16));
+ dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(15) = subl(14) ^ tl;
+ CamelliaSubkeyR(15) = subr(14) ^ tr;
+ CamelliaSubkeyL(16) = subl(16);
+ CamelliaSubkeyR(16) = subr(16);
+ CamelliaSubkeyL(17) = subl(17);
+ CamelliaSubkeyR(17) = subr(17);
+ tl = subl(15) ^ (subr(15) & ~subr(17));
+ dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(18) = tl ^ subl(19);
+ CamelliaSubkeyR(18) = tr ^ subr(19);
+ CamelliaSubkeyL(19) = subl(18) ^ subl(20);
+ CamelliaSubkeyR(19) = subr(18) ^ subr(20);
+ CamelliaSubkeyL(20) = subl(19) ^ subl(21);
+ CamelliaSubkeyR(20) = subr(19) ^ subr(21);
+ CamelliaSubkeyL(21) = subl(20) ^ subl(22);
+ CamelliaSubkeyR(21) = subr(20) ^ subr(22);
+ CamelliaSubkeyL(22) = subl(21) ^ subl(23);
+ CamelliaSubkeyR(22) = subr(21) ^ subr(23);
+ CamelliaSubkeyL(23) = subl(22);
+ CamelliaSubkeyR(23) = subr(22);
+ CamelliaSubkeyL(24) = subl(24) ^ subl(23);
+ CamelliaSubkeyR(24) = subr(24) ^ subr(23);
+
+ /* apply the inverse of the last half of P-function */
+ dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
+ dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
+ dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
+ dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
+ dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
+ dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
+ dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
+ dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
+ dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
+ dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
+ dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
+ dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
+ dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
+ dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
+ dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
+ dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
+ dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
+ dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
+
+ return;
+}
+
+void camellia_setup256(const unsigned char *key, u32 *subkey)
+{
+ u32 kll,klr,krl,krr; /* left half of key */
+ u32 krll,krlr,krrl,krrr; /* right half of key */
+ u32 il, ir, t0, t1, w0, w1; /* temporary variables */
+ u32 kw4l, kw4r, dw, tl, tr;
+ u32 subL[34];
+ u32 subR[34];
+
+ /**
+ * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
+ * (|| is concatination)
+ */
+
+ kll = GETU32(key );
+ klr = GETU32(key + 4);
+ krl = GETU32(key + 8);
+ krr = GETU32(key + 12);
+ krll = GETU32(key + 16);
+ krlr = GETU32(key + 20);
+ krrl = GETU32(key + 24);
+ krrr = GETU32(key + 28);
+
+ /* generate KL dependent subkeys */
+ subl(0) = kll; subr(0) = klr;
+ subl(1) = krl; subr(1) = krr;
+ CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
+ subl(12) = kll; subr(12) = klr;
+ subl(13) = krl; subr(13) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+ subl(16) = kll; subr(16) = klr;
+ subl(17) = krl; subr(17) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+ subl(22) = kll; subr(22) = klr;
+ subl(23) = krl; subr(23) = krr;
+ CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
+ subl(30) = kll; subr(30) = klr;
+ subl(31) = krl; subr(31) = krr;
+
+ /* generate KR dependent subkeys */
+ CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
+ subl(4) = krll; subr(4) = krlr;
+ subl(5) = krrl; subr(5) = krrr;
+ CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
+ subl(8) = krll; subr(8) = krlr;
+ subl(9) = krrl; subr(9) = krrr;
+ CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
+ subl(18) = krll; subr(18) = krlr;
+ subl(19) = krrl; subr(19) = krrr;
+ CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
+ subl(26) = krll; subr(26) = krlr;
+ subl(27) = krrl; subr(27) = krrr;
+ CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
+
+ /* generate KA */
+ kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
+ krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
+ CAMELLIA_F(kll, klr,
+ CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
+ w0, w1, il, ir, t0, t1);
+ krl ^= w0; krr ^= w1;
+ CAMELLIA_F(krl, krr,
+ CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
+ kll, klr, il, ir, t0, t1);
+ kll ^= krll; klr ^= krlr;
+ CAMELLIA_F(kll, klr,
+ CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
+ krl, krr, il, ir, t0, t1);
+ krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
+ CAMELLIA_F(krl, krr,
+ CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
+ w0, w1, il, ir, t0, t1);
+ kll ^= w0; klr ^= w1;
+
+ /* generate KB */
+ krll ^= kll; krlr ^= klr;
+ krrl ^= krl; krrr ^= krr;
+ CAMELLIA_F(krll, krlr,
+ CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
+ w0, w1, il, ir, t0, t1);
+ krrl ^= w0; krrr ^= w1;
+ CAMELLIA_F(krrl, krrr,
+ CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
+ w0, w1, il, ir, t0, t1);
+ krll ^= w0; krlr ^= w1;
+
+ /* generate KA dependent subkeys */
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+ subl(6) = kll; subr(6) = klr;
+ subl(7) = krl; subr(7) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
+ subl(14) = kll; subr(14) = klr;
+ subl(15) = krl; subr(15) = krr;
+ subl(24) = klr; subr(24) = krl;
+ subl(25) = krr; subr(25) = kll;
+ CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
+ subl(28) = kll; subr(28) = klr;
+ subl(29) = krl; subr(29) = krr;
+
+ /* generate KB dependent subkeys */
+ subl(2) = krll; subr(2) = krlr;
+ subl(3) = krrl; subr(3) = krrr;
+ CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
+ subl(10) = krll; subr(10) = krlr;
+ subl(11) = krrl; subr(11) = krrr;
+ CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
+ subl(20) = krll; subr(20) = krlr;
+ subl(21) = krrl; subr(21) = krrr;
+ CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
+ subl(32) = krll; subr(32) = krlr;
+ subl(33) = krrl; subr(33) = krrr;
+
+ /* absorb kw2 to other subkeys */
+ subl(3) ^= subl(1); subr(3) ^= subr(1);
+ subl(5) ^= subl(1); subr(5) ^= subr(1);
+ subl(7) ^= subl(1); subr(7) ^= subr(1);
+ subl(1) ^= subr(1) & ~subr(9);
+ dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
+ subl(11) ^= subl(1); subr(11) ^= subr(1);
+ subl(13) ^= subl(1); subr(13) ^= subr(1);
+ subl(15) ^= subl(1); subr(15) ^= subr(1);
+ subl(1) ^= subr(1) & ~subr(17);
+ dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
+ subl(19) ^= subl(1); subr(19) ^= subr(1);
+ subl(21) ^= subl(1); subr(21) ^= subr(1);
+ subl(23) ^= subl(1); subr(23) ^= subr(1);
+ subl(1) ^= subr(1) & ~subr(25);
+ dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw);
+ subl(27) ^= subl(1); subr(27) ^= subr(1);
+ subl(29) ^= subl(1); subr(29) ^= subr(1);
+ subl(31) ^= subl(1); subr(31) ^= subr(1);
+ subl(32) ^= subl(1); subr(32) ^= subr(1);
+
+ /* absorb kw4 to other subkeys */
+ kw4l = subl(33); kw4r = subr(33);
+ subl(30) ^= kw4l; subr(30) ^= kw4r;
+ subl(28) ^= kw4l; subr(28) ^= kw4r;
+ subl(26) ^= kw4l; subr(26) ^= kw4r;
+ kw4l ^= kw4r & ~subr(24);
+ dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw);
+ subl(22) ^= kw4l; subr(22) ^= kw4r;
+ subl(20) ^= kw4l; subr(20) ^= kw4r;
+ subl(18) ^= kw4l; subr(18) ^= kw4r;
+ kw4l ^= kw4r & ~subr(16);
+ dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
+ subl(14) ^= kw4l; subr(14) ^= kw4r;
+ subl(12) ^= kw4l; subr(12) ^= kw4r;
+ subl(10) ^= kw4l; subr(10) ^= kw4r;
+ kw4l ^= kw4r & ~subr(8);
+ dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
+ subl(6) ^= kw4l; subr(6) ^= kw4r;
+ subl(4) ^= kw4l; subr(4) ^= kw4r;
+ subl(2) ^= kw4l; subr(2) ^= kw4r;
+ subl(0) ^= kw4l; subr(0) ^= kw4r;
+
+ /* key XOR is end of F-function */
+ CamelliaSubkeyL(0) = subl(0) ^ subl(2);
+ CamelliaSubkeyR(0) = subr(0) ^ subr(2);
+ CamelliaSubkeyL(2) = subl(3);
+ CamelliaSubkeyR(2) = subr(3);
+ CamelliaSubkeyL(3) = subl(2) ^ subl(4);
+ CamelliaSubkeyR(3) = subr(2) ^ subr(4);
+ CamelliaSubkeyL(4) = subl(3) ^ subl(5);
+ CamelliaSubkeyR(4) = subr(3) ^ subr(5);
+ CamelliaSubkeyL(5) = subl(4) ^ subl(6);
+ CamelliaSubkeyR(5) = subr(4) ^ subr(6);
+ CamelliaSubkeyL(6) = subl(5) ^ subl(7);
+ CamelliaSubkeyR(6) = subr(5) ^ subr(7);
+ tl = subl(10) ^ (subr(10) & ~subr(8));
+ dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(7) = subl(6) ^ tl;
+ CamelliaSubkeyR(7) = subr(6) ^ tr;
+ CamelliaSubkeyL(8) = subl(8);
+ CamelliaSubkeyR(8) = subr(8);
+ CamelliaSubkeyL(9) = subl(9);
+ CamelliaSubkeyR(9) = subr(9);
+ tl = subl(7) ^ (subr(7) & ~subr(9));
+ dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(10) = tl ^ subl(11);
+ CamelliaSubkeyR(10) = tr ^ subr(11);
+ CamelliaSubkeyL(11) = subl(10) ^ subl(12);
+ CamelliaSubkeyR(11) = subr(10) ^ subr(12);
+ CamelliaSubkeyL(12) = subl(11) ^ subl(13);
+ CamelliaSubkeyR(12) = subr(11) ^ subr(13);
+ CamelliaSubkeyL(13) = subl(12) ^ subl(14);
+ CamelliaSubkeyR(13) = subr(12) ^ subr(14);
+ CamelliaSubkeyL(14) = subl(13) ^ subl(15);
+ CamelliaSubkeyR(14) = subr(13) ^ subr(15);
+ tl = subl(18) ^ (subr(18) & ~subr(16));
+ dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(15) = subl(14) ^ tl;
+ CamelliaSubkeyR(15) = subr(14) ^ tr;
+ CamelliaSubkeyL(16) = subl(16);
+ CamelliaSubkeyR(16) = subr(16);
+ CamelliaSubkeyL(17) = subl(17);
+ CamelliaSubkeyR(17) = subr(17);
+ tl = subl(15) ^ (subr(15) & ~subr(17));
+ dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(18) = tl ^ subl(19);
+ CamelliaSubkeyR(18) = tr ^ subr(19);
+ CamelliaSubkeyL(19) = subl(18) ^ subl(20);
+ CamelliaSubkeyR(19) = subr(18) ^ subr(20);
+ CamelliaSubkeyL(20) = subl(19) ^ subl(21);
+ CamelliaSubkeyR(20) = subr(19) ^ subr(21);
+ CamelliaSubkeyL(21) = subl(20) ^ subl(22);
+ CamelliaSubkeyR(21) = subr(20) ^ subr(22);
+ CamelliaSubkeyL(22) = subl(21) ^ subl(23);
+ CamelliaSubkeyR(22) = subr(21) ^ subr(23);
+ tl = subl(26) ^ (subr(26) & ~subr(24));
+ dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(23) = subl(22) ^ tl;
+ CamelliaSubkeyR(23) = subr(22) ^ tr;
+ CamelliaSubkeyL(24) = subl(24);
+ CamelliaSubkeyR(24) = subr(24);
+ CamelliaSubkeyL(25) = subl(25);
+ CamelliaSubkeyR(25) = subr(25);
+ tl = subl(23) ^ (subr(23) & ~subr(25));
+ dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(26) = tl ^ subl(27);
+ CamelliaSubkeyR(26) = tr ^ subr(27);
+ CamelliaSubkeyL(27) = subl(26) ^ subl(28);
+ CamelliaSubkeyR(27) = subr(26) ^ subr(28);
+ CamelliaSubkeyL(28) = subl(27) ^ subl(29);
+ CamelliaSubkeyR(28) = subr(27) ^ subr(29);
+ CamelliaSubkeyL(29) = subl(28) ^ subl(30);
+ CamelliaSubkeyR(29) = subr(28) ^ subr(30);
+ CamelliaSubkeyL(30) = subl(29) ^ subl(31);
+ CamelliaSubkeyR(30) = subr(29) ^ subr(31);
+ CamelliaSubkeyL(31) = subl(30);
+ CamelliaSubkeyR(31) = subr(30);
+ CamelliaSubkeyL(32) = subl(32) ^ subl(31);
+ CamelliaSubkeyR(32) = subr(32) ^ subr(31);
+
+ /* apply the inverse of the last half of P-function */
+ dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
+ dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
+ dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
+ dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
+ dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
+ dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
+ dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
+ dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
+ dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
+ dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
+ dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
+ dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
+ dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
+ dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
+ dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
+ dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
+ dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
+ dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
+ dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw, CamelliaSubkeyL(26) = dw;
+ dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw, CamelliaSubkeyL(27) = dw;
+ dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw, CamelliaSubkeyL(28) = dw;
+ dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw, CamelliaSubkeyL(29) = dw;
+ dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, CamelliaSubkeyL(30) = dw;
+ dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,CamelliaSubkeyL(31) = dw;
+
+ return;
+}
+
+void camellia_setup192(const unsigned char *key, u32 *subkey)
+{
+ unsigned char kk[32];
+ u32 krll, krlr, krrl,krrr;
+
+ memcpy(kk, key, 24);
+ memcpy((unsigned char *)&krll, key+16,4);
+ memcpy((unsigned char *)&krlr, key+20,4);
+ krrl = ~krll;
+ krrr = ~krlr;
+ memcpy(kk+24, (unsigned char *)&krrl, 4);
+ memcpy(kk+28, (unsigned char *)&krrr, 4);
+ camellia_setup256(kk, subkey);
+ return;
+}
+
+
+/**
+ * Stuff related to camellia encryption/decryption
+ *
+ * "io" must be 4byte aligned and big-endian data.
+ */
+void camellia_encrypt128(const u32 *subkey, u32 *io)
+{
+ u32 il, ir, t0, t1;
+
+ /* pre whitening but absorb kw2*/
+ io[0] ^= CamelliaSubkeyL(0);
+ io[1] ^= CamelliaSubkeyR(0);
+ /* main iteration */
+
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(2),CamelliaSubkeyR(2),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(3),CamelliaSubkeyR(3),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(4),CamelliaSubkeyR(4),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(5),CamelliaSubkeyR(5),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(6),CamelliaSubkeyR(6),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(7),CamelliaSubkeyR(7),
+ io[0],io[1],il,ir,t0,t1);
+
+ CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+ CamelliaSubkeyL(8),CamelliaSubkeyR(8),
+ CamelliaSubkeyL(9),CamelliaSubkeyR(9),
+ t0,t1,il,ir);
+
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(10),CamelliaSubkeyR(10),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(11),CamelliaSubkeyR(11),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(12),CamelliaSubkeyR(12),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(13),CamelliaSubkeyR(13),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(14),CamelliaSubkeyR(14),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(15),CamelliaSubkeyR(15),
+ io[0],io[1],il,ir,t0,t1);
+
+ CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+ CamelliaSubkeyL(16),CamelliaSubkeyR(16),
+ CamelliaSubkeyL(17),CamelliaSubkeyR(17),
+ t0,t1,il,ir);
+
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(18),CamelliaSubkeyR(18),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(19),CamelliaSubkeyR(19),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(20),CamelliaSubkeyR(20),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(21),CamelliaSubkeyR(21),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(22),CamelliaSubkeyR(22),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(23),CamelliaSubkeyR(23),
+ io[0],io[1],il,ir,t0,t1);
+
+ /* post whitening but kw4 */
+ io[2] ^= CamelliaSubkeyL(24);
+ io[3] ^= CamelliaSubkeyR(24);
+
+ t0 = io[0];
+ t1 = io[1];
+ io[0] = io[2];
+ io[1] = io[3];
+ io[2] = t0;
+ io[3] = t1;
+
+ return;
+}
+
+void camellia_decrypt128(const u32 *subkey, u32 *io)
+{
+ u32 il,ir,t0,t1; /* temporary valiables */
+
+ /* pre whitening but absorb kw2*/
+ io[0] ^= CamelliaSubkeyL(24);
+ io[1] ^= CamelliaSubkeyR(24);
+
+ /* main iteration */
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(23),CamelliaSubkeyR(23),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(22),CamelliaSubkeyR(22),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(21),CamelliaSubkeyR(21),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(20),CamelliaSubkeyR(20),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(19),CamelliaSubkeyR(19),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(18),CamelliaSubkeyR(18),
+ io[0],io[1],il,ir,t0,t1);
+
+ CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+ CamelliaSubkeyL(17),CamelliaSubkeyR(17),
+ CamelliaSubkeyL(16),CamelliaSubkeyR(16),
+ t0,t1,il,ir);
+
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(15),CamelliaSubkeyR(15),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(14),CamelliaSubkeyR(14),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(13),CamelliaSubkeyR(13),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(12),CamelliaSubkeyR(12),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(11),CamelliaSubkeyR(11),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(10),CamelliaSubkeyR(10),
+ io[0],io[1],il,ir,t0,t1);
+
+ CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+ CamelliaSubkeyL(9),CamelliaSubkeyR(9),
+ CamelliaSubkeyL(8),CamelliaSubkeyR(8),
+ t0,t1,il,ir);
+
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(7),CamelliaSubkeyR(7),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(6),CamelliaSubkeyR(6),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(5),CamelliaSubkeyR(5),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(4),CamelliaSubkeyR(4),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(3),CamelliaSubkeyR(3),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(2),CamelliaSubkeyR(2),
+ io[0],io[1],il,ir,t0,t1);
+
+ /* post whitening but kw4 */
+ io[2] ^= CamelliaSubkeyL(0);
+ io[3] ^= CamelliaSubkeyR(0);
+
+ t0 = io[0];
+ t1 = io[1];
+ io[0] = io[2];
+ io[1] = io[3];
+ io[2] = t0;
+ io[3] = t1;
+
+ return;
+}
+
+/**
+ * stuff for 192 and 256bit encryption/decryption
+ */
+void camellia_encrypt256(const u32 *subkey, u32 *io)
+{
+ u32 il,ir,t0,t1; /* temporary valiables */
+
+ /* pre whitening but absorb kw2*/
+ io[0] ^= CamelliaSubkeyL(0);
+ io[1] ^= CamelliaSubkeyR(0);
+
+ /* main iteration */
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(2),CamelliaSubkeyR(2),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(3),CamelliaSubkeyR(3),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(4),CamelliaSubkeyR(4),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(5),CamelliaSubkeyR(5),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(6),CamelliaSubkeyR(6),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(7),CamelliaSubkeyR(7),
+ io[0],io[1],il,ir,t0,t1);
+
+ CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+ CamelliaSubkeyL(8),CamelliaSubkeyR(8),
+ CamelliaSubkeyL(9),CamelliaSubkeyR(9),
+ t0,t1,il,ir);
+
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(10),CamelliaSubkeyR(10),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(11),CamelliaSubkeyR(11),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(12),CamelliaSubkeyR(12),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(13),CamelliaSubkeyR(13),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(14),CamelliaSubkeyR(14),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(15),CamelliaSubkeyR(15),
+ io[0],io[1],il,ir,t0,t1);
+
+ CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+ CamelliaSubkeyL(16),CamelliaSubkeyR(16),
+ CamelliaSubkeyL(17),CamelliaSubkeyR(17),
+ t0,t1,il,ir);
+
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(18),CamelliaSubkeyR(18),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(19),CamelliaSubkeyR(19),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(20),CamelliaSubkeyR(20),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(21),CamelliaSubkeyR(21),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(22),CamelliaSubkeyR(22),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(23),CamelliaSubkeyR(23),
+ io[0],io[1],il,ir,t0,t1);
+
+ CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+ CamelliaSubkeyL(24),CamelliaSubkeyR(24),
+ CamelliaSubkeyL(25),CamelliaSubkeyR(25),
+ t0,t1,il,ir);
+
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(26),CamelliaSubkeyR(26),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(27),CamelliaSubkeyR(27),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(28),CamelliaSubkeyR(28),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(29),CamelliaSubkeyR(29),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(30),CamelliaSubkeyR(30),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(31),CamelliaSubkeyR(31),
+ io[0],io[1],il,ir,t0,t1);
+
+ /* post whitening but kw4 */
+ io[2] ^= CamelliaSubkeyL(32);
+ io[3] ^= CamelliaSubkeyR(32);
+
+ t0 = io[0];
+ t1 = io[1];
+ io[0] = io[2];
+ io[1] = io[3];
+ io[2] = t0;
+ io[3] = t1;
+
+ return;
+}
+
+void camellia_decrypt256(const u32 *subkey, u32 *io)
+{
+ u32 il,ir,t0,t1; /* temporary valiables */
+
+ /* pre whitening but absorb kw2*/
+ io[0] ^= CamelliaSubkeyL(32);
+ io[1] ^= CamelliaSubkeyR(32);
+
+ /* main iteration */
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(31),CamelliaSubkeyR(31),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(30),CamelliaSubkeyR(30),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(29),CamelliaSubkeyR(29),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(28),CamelliaSubkeyR(28),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(27),CamelliaSubkeyR(27),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(26),CamelliaSubkeyR(26),
+ io[0],io[1],il,ir,t0,t1);
+
+ CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+ CamelliaSubkeyL(25),CamelliaSubkeyR(25),
+ CamelliaSubkeyL(24),CamelliaSubkeyR(24),
+ t0,t1,il,ir);
+
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(23),CamelliaSubkeyR(23),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(22),CamelliaSubkeyR(22),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(21),CamelliaSubkeyR(21),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(20),CamelliaSubkeyR(20),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(19),CamelliaSubkeyR(19),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(18),CamelliaSubkeyR(18),
+ io[0],io[1],il,ir,t0,t1);
+
+ CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+ CamelliaSubkeyL(17),CamelliaSubkeyR(17),
+ CamelliaSubkeyL(16),CamelliaSubkeyR(16),
+ t0,t1,il,ir);
+
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(15),CamelliaSubkeyR(15),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(14),CamelliaSubkeyR(14),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(13),CamelliaSubkeyR(13),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(12),CamelliaSubkeyR(12),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(11),CamelliaSubkeyR(11),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(10),CamelliaSubkeyR(10),
+ io[0],io[1],il,ir,t0,t1);
+
+ CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+ CamelliaSubkeyL(9),CamelliaSubkeyR(9),
+ CamelliaSubkeyL(8),CamelliaSubkeyR(8),
+ t0,t1,il,ir);
+
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(7),CamelliaSubkeyR(7),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(6),CamelliaSubkeyR(6),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(5),CamelliaSubkeyR(5),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(4),CamelliaSubkeyR(4),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(3),CamelliaSubkeyR(3),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(2),CamelliaSubkeyR(2),
+ io[0],io[1],il,ir,t0,t1);
+
+ /* post whitening but kw4 */
+ io[2] ^= CamelliaSubkeyL(0);
+ io[3] ^= CamelliaSubkeyR(0);
+
+ t0 = io[0];
+ t1 = io[1];
+ io[0] = io[2];
+ io[1] = io[3];
+ io[2] = t0;
+ io[3] = t1;
+
+ return;
+}
+
+/***
+ *
+ * API for compatibility
+ */
+
+void Camellia_Ekeygen(const int keyBitLength,
+ const unsigned char *rawKey,
+ KEY_TABLE_TYPE keyTable)
+{
+ switch(keyBitLength) {
+ case 128:
+ camellia_setup128(rawKey, keyTable);
+ break;
+ case 192:
+ camellia_setup192(rawKey, keyTable);
+ break;
+ case 256:
+ camellia_setup256(rawKey, keyTable);
+ break;
+ default:
+ break;
+ }
+}
+
+
+void Camellia_EncryptBlock(const int keyBitLength,
+ const unsigned char *plaintext,
+ const KEY_TABLE_TYPE keyTable,
+ unsigned char *ciphertext)
+{
+ u32 tmp[4];
+
+ tmp[0] = GETU32(plaintext);
+ tmp[1] = GETU32(plaintext + 4);
+ tmp[2] = GETU32(plaintext + 8);
+ tmp[3] = GETU32(plaintext + 12);
+
+ switch (keyBitLength) {
+ case 128:
+ camellia_encrypt128(keyTable, tmp);
+ break;
+ case 192:
+ /* fall through */
+ case 256:
+ camellia_encrypt256(keyTable, tmp);
+ break;
+ default:
+ break;
+ }
+
+ PUTU32(ciphertext, tmp[0]);
+ PUTU32(ciphertext + 4, tmp[1]);
+ PUTU32(ciphertext + 8, tmp[2]);
+ PUTU32(ciphertext + 12, tmp[3]);
+}
+
+void Camellia_DecryptBlock(const int keyBitLength,
+ const unsigned char *ciphertext,
+ const KEY_TABLE_TYPE keyTable,
+ unsigned char *plaintext)
+{
+ u32 tmp[4];
+
+ tmp[0] = GETU32(ciphertext);
+ tmp[1] = GETU32(ciphertext + 4);
+ tmp[2] = GETU32(ciphertext + 8);
+ tmp[3] = GETU32(ciphertext + 12);
+
+ switch (keyBitLength) {
+ case 128:
+ camellia_decrypt128(keyTable, tmp);
+ break;
+ case 192:
+ /* fall through */
+ case 256:
+ camellia_decrypt256(keyTable, tmp);
+ break;
+ default:
+ break;
+ }
+ PUTU32(plaintext, tmp[0]);
+ PUTU32(plaintext + 4, tmp[1]);
+ PUTU32(plaintext + 8, tmp[2]);
+ PUTU32(plaintext + 12, tmp[3]);
+}
diff --git a/grub-core/lib/libgcrypt-grub/cipher/camellia.h b/grub-core/lib/libgcrypt-grub/cipher/camellia.h
new file mode 100644
index 0000000..c96f0b4
--- /dev/null
+++ b/grub-core/lib/libgcrypt-grub/cipher/camellia.h
@@ -0,0 +1,83 @@
+/* This file was automatically imported with
+ import_gcry.py. Please don't modify it */
+#include <grub/dl.h>
+/* camellia.h ver 1.2.0
+ *
+ * Copyright (C) 2006,2007
+ * NTT (Nippon Telegraph and Telephone Corporation).
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef HEADER_CAMELLIA_H
+#define HEADER_CAMELLIA_H
+
+/* To use Camellia with libraries it is often useful to keep the name
+ * space of the library clean. The following macro is thus useful:
+ *
+ * #define CAMELLIA_EXT_SYM_PREFIX foo_
+ *
+ * This prefixes all external symbols with "foo_".
+ */
+#ifdef HAVE_CONFIG_H
+#endif
+#ifdef CAMELLIA_EXT_SYM_PREFIX
+#define CAMELLIA_PREFIX1(x,y) x ## y
+#define CAMELLIA_PREFIX2(x,y) CAMELLIA_PREFIX1(x,y)
+#define CAMELLIA_PREFIX(x) CAMELLIA_PREFIX2(CAMELLIA_EXT_SYM_PREFIX,x)
+#define Camellia_Ekeygen CAMELLIA_PREFIX(Camellia_Ekeygen)
+#define Camellia_EncryptBlock CAMELLIA_PREFIX(Camellia_EncryptBlock)
+#define Camellia_DecryptBlock CAMELLIA_PREFIX(Camellia_DecryptBlock)
+#define camellia_decrypt128 CAMELLIA_PREFIX(camellia_decrypt128)
+#define camellia_decrypt256 CAMELLIA_PREFIX(camellia_decrypt256)
+#define camellia_encrypt128 CAMELLIA_PREFIX(camellia_encrypt128)
+#define camellia_encrypt256 CAMELLIA_PREFIX(camellia_encrypt256)
+#define camellia_setup128 CAMELLIA_PREFIX(camellia_setup128)
+#define camellia_setup192 CAMELLIA_PREFIX(camellia_setup192)
+#define camellia_setup256 CAMELLIA_PREFIX(camellia_setup256)
+#endif /*CAMELLIA_EXT_SYM_PREFIX*/
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define CAMELLIA_BLOCK_SIZE 16
+#define CAMELLIA_TABLE_BYTE_LEN 272
+#define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4)
+
+typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN];
+
+
+void Camellia_Ekeygen(const int keyBitLength,
+ const unsigned char *rawKey,
+ KEY_TABLE_TYPE keyTable);
+
+void Camellia_EncryptBlock(const int keyBitLength,
+ const unsigned char *plaintext,
+ const KEY_TABLE_TYPE keyTable,
+ unsigned char *cipherText);
+
+void Camellia_DecryptBlock(const int keyBitLength,
+ const unsigned char *cipherText,
+ const KEY_TABLE_TYPE keyTable,
+ unsigned char *plaintext);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* HEADER_CAMELLIA_H */
diff --git a/grub-core/lib/libgcrypt-grub/cipher/cast5.c b/grub-core/lib/libgcrypt-grub/cipher/cast5.c
new file mode 100644
index 0000000..984bb44
--- /dev/null
+++ b/grub-core/lib/libgcrypt-grub/cipher/cast5.c
@@ -0,0 +1,586 @@
+/* This file was automatically imported with
+ import_gcry.py. Please don't modify it */
+#include <grub/dl.h>
+GRUB_MOD_LICENSE ("GPLv3+");
+/* cast5.c - CAST5 cipher (RFC2144)
+ * Copyright (C) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+/* Test vectors:
+ *
+ * 128-bit key = 01 23 45 67 12 34 56 78 23 45 67 89 34 56 78 9A
+ * plaintext = 01 23 45 67 89 AB CD EF
+ * ciphertext = 23 8B 4F E5 84 7E 44 B2
+ *
+ * 80-bit key = 01 23 45 67 12 34 56 78 23 45
+ * = 01 23 45 67 12 34 56 78 23 45 00 00 00 00 00 00
+ * plaintext = 01 23 45 67 89 AB CD EF
+ * ciphertext = EB 6A 71 1A 2C 02 27 1B
+ *
+ * 40-bit key = 01 23 45 67 12
+ * = 01 23 45 67 12 00 00 00 00 00 00 00 00 00 00 00
+ * plaintext = 01 23 45 67 89 AB CD EF
+ * ciphertext = 7A C8 16 D1 6E 9B 30 2E
+ */
+
+#include "g10lib.h"
+#include "types.h"
+#include "cipher.h"
+
+#define CAST5_BLOCKSIZE 8
+
+typedef struct {
+ u32 Km[16];
+ byte Kr[16];
+} CAST5_context;
+
+static gcry_err_code_t cast_setkey (void *c, const byte *key, unsigned keylen);
+static void encrypt_block (void *c, byte *outbuf, const byte *inbuf);
+static void decrypt_block (void *c, byte *outbuf, const byte *inbuf);
+
+
+
+
+static const u32 s1[256] = {
+0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949,
+0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e,
+0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d,
+0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0,
+0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7,
+0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935,
+0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d,
+0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50,
+0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe,
+0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3,
+0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167,
+0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291,
+0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779,
+0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2,
+0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511,
+0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d,
+0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5,
+0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324,
+0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c,
+0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc,
+0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d,
+0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96,
+0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a,
+0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d,
+0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd,
+0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6,
+0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9,
+0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872,
+0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c,
+0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e,
+0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9,
+0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf
+};
+static const u32 s2[256] = {
+0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651,
+0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3,
+0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb,
+0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806,
+0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b,
+0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359,
+0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b,
+0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c,
+0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34,
+0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb,
+0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd,
+0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860,
+0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b,
+0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304,
+0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b,
+0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf,
+0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c,
+0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13,
+0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f,
+0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6,
+0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6,
+0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58,
+0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906,
+0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d,
+0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6,
+0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4,
+0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6,
+0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f,
+0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249,
+0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa,
+0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9,
+0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1
+};
+static const u32 s3[256] = {
+0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90,
+0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5,
+0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e,
+0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240,
+0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5,
+0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b,
+0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71,
+0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04,
+0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82,
+0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15,
+0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2,
+0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176,
+0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148,
+0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc,
+0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341,
+0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e,
+0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51,
+0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f,
+0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a,
+0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b,
+0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b,
+0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5,
+0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45,
+0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536,
+0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc,
+0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0,
+0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69,
+0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2,
+0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49,
+0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d,
+0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a,
+0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783
+};
+static const u32 s4[256] = {
+0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1,
+0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf,
+0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15,
+0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121,
+0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25,
+0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5,
+0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb,
+0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5,
+0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d,
+0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6,
+0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23,
+0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003,
+0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6,
+0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119,
+0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24,
+0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a,
+0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79,
+0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df,
+0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26,
+0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab,
+0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7,
+0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417,
+0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2,
+0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2,
+0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a,
+0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919,
+0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef,
+0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876,
+0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab,
+0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04,
+0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282,
+0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2
+};
+static const u32 s5[256] = {
+0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f,
+0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a,
+0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff,
+0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02,
+0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a,
+0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7,
+0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9,
+0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981,
+0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774,
+0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655,
+0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2,
+0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910,
+0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1,
+0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da,
+0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049,
+0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f,
+0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba,
+0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be,
+0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3,
+0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840,
+0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4,
+0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2,
+0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7,
+0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5,
+0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e,
+0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e,
+0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801,
+0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad,
+0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0,
+0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20,
+0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8,
+0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4
+};
+static const u32 s6[256] = {
+0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac,
+0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138,
+0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367,
+0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98,
+0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072,
+0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3,
+0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd,
+0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8,
+0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9,
+0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54,
+0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387,
+0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc,
+0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf,
+0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf,
+0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f,
+0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289,
+0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950,
+0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f,
+0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b,
+0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be,
+0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13,
+0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976,
+0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0,
+0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891,
+0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da,
+0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc,
+0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084,
+0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25,
+0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121,
+0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5,
+0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd,
+0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f
+};
+static const u32 s7[256] = {
+0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f,
+0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de,
+0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43,
+0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19,
+0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2,
+0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516,
+0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88,
+0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816,
+0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756,
+0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a,
+0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264,
+0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688,
+0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28,
+0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3,
+0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7,
+0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06,
+0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033,
+0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a,
+0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566,
+0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509,
+0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962,
+0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e,
+0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c,
+0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c,
+0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285,
+0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301,
+0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be,
+0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767,
+0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647,
+0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914,
+0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c,
+0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3
+};
+static const u32 s8[256] = {
+0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5,
+0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc,
+0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd,
+0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d,
+0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2,
+0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862,
+0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc,
+0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c,
+0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e,
+0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039,
+0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8,
+0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42,
+0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5,
+0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472,
+0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225,
+0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c,
+0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb,
+0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054,
+0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70,
+0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc,
+0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c,
+0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3,
+0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4,
+0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101,
+0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f,
+0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e,
+0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a,
+0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c,
+0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384,
+0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c,
+0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82,
+0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e
+};
+
+
+#if defined(__GNUC__) && defined(__i386__)
+static inline u32
+rol(int n, u32 x)
+{
+ __asm__("roll %%cl,%0"
+ :"=r" (x)
+ :"0" (x),"c" (n));
+ return x;
+}
+#else
+#define rol(n,x) ( ((x) << (n)) | ((x) >> (32-(n))) )
+#endif
+
+#define F1(D,m,r) ( (I = ((m) + (D))), (I=rol((r),I)), \
+ (((s1[I >> 24] ^ s2[(I>>16)&0xff]) - s3[(I>>8)&0xff]) + s4[I&0xff]) )
+#define F2(D,m,r) ( (I = ((m) ^ (D))), (I=rol((r),I)), \
+ (((s1[I >> 24] - s2[(I>>16)&0xff]) + s3[(I>>8)&0xff]) ^ s4[I&0xff]) )
+#define F3(D,m,r) ( (I = ((m) - (D))), (I=rol((r),I)), \
+ (((s1[I >> 24] + s2[(I>>16)&0xff]) ^ s3[(I>>8)&0xff]) - s4[I&0xff]) )
+
+static void
+do_encrypt_block( CAST5_context *c, byte *outbuf, const byte *inbuf )
+{
+ u32 l, r, t;
+ u32 I; /* used by the Fx macros */
+ u32 *Km;
+ byte *Kr;
+
+ Km = c->Km;
+ Kr = c->Kr;
+
+ /* (L0,R0) <-- (m1...m64). (Split the plaintext into left and
+ * right 32-bit halves L0 = m1...m32 and R0 = m33...m64.)
+ */
+ l = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
+ r = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];
+
+ /* (16 rounds) for i from 1 to 16, compute Li and Ri as follows:
+ * Li = Ri-1;
+ * Ri = Li-1 ^ f(Ri-1,Kmi,Kri), where f is defined in Section 2.2
+ * Rounds 1, 4, 7, 10, 13, and 16 use f function Type 1.
+ * Rounds 2, 5, 8, 11, and 14 use f function Type 2.
+ * Rounds 3, 6, 9, 12, and 15 use f function Type 3.
+ */
+
+ t = l; l = r; r = t ^ F1(r, Km[ 0], Kr[ 0]);
+ t = l; l = r; r = t ^ F2(r, Km[ 1], Kr[ 1]);
+ t = l; l = r; r = t ^ F3(r, Km[ 2], Kr[ 2]);
+ t = l; l = r; r = t ^ F1(r, Km[ 3], Kr[ 3]);
+ t = l; l = r; r = t ^ F2(r, Km[ 4], Kr[ 4]);
+ t = l; l = r; r = t ^ F3(r, Km[ 5], Kr[ 5]);
+ t = l; l = r; r = t ^ F1(r, Km[ 6], Kr[ 6]);
+ t = l; l = r; r = t ^ F2(r, Km[ 7], Kr[ 7]);
+ t = l; l = r; r = t ^ F3(r, Km[ 8], Kr[ 8]);
+ t = l; l = r; r = t ^ F1(r, Km[ 9], Kr[ 9]);
+ t = l; l = r; r = t ^ F2(r, Km[10], Kr[10]);
+ t = l; l = r; r = t ^ F3(r, Km[11], Kr[11]);
+ t = l; l = r; r = t ^ F1(r, Km[12], Kr[12]);
+ t = l; l = r; r = t ^ F2(r, Km[13], Kr[13]);
+ t = l; l = r; r = t ^ F3(r, Km[14], Kr[14]);
+ t = l; l = r; r = t ^ F1(r, Km[15], Kr[15]);
+
+ /* c1...c64 <-- (R16,L16). (Exchange final blocks L16, R16 and
+ * concatenate to form the ciphertext.) */
+ outbuf[0] = (r >> 24) & 0xff;
+ outbuf[1] = (r >> 16) & 0xff;
+ outbuf[2] = (r >> 8) & 0xff;
+ outbuf[3] = r & 0xff;
+ outbuf[4] = (l >> 24) & 0xff;
+ outbuf[5] = (l >> 16) & 0xff;
+ outbuf[6] = (l >> 8) & 0xff;
+ outbuf[7] = l & 0xff;
+}
+
+static void
+encrypt_block (void *context , byte *outbuf, const byte *inbuf)
+{
+ CAST5_context *c = (CAST5_context *) context;
+ do_encrypt_block (c, outbuf, inbuf);
+ _gcry_burn_stack (20+4*sizeof(void*));
+}
+
+
+static void
+do_decrypt_block (CAST5_context *c, byte *outbuf, const byte *inbuf )
+{
+ u32 l, r, t;
+ u32 I;
+ u32 *Km;
+ byte *Kr;
+
+ Km = c->Km;
+ Kr = c->Kr;
+
+ l = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
+ r = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];
+
+ t = l; l = r; r = t ^ F1(r, Km[15], Kr[15]);
+ t = l; l = r; r = t ^ F3(r, Km[14], Kr[14]);
+ t = l; l = r; r = t ^ F2(r, Km[13], Kr[13]);
+ t = l; l = r; r = t ^ F1(r, Km[12], Kr[12]);
+ t = l; l = r; r = t ^ F3(r, Km[11], Kr[11]);
+ t = l; l = r; r = t ^ F2(r, Km[10], Kr[10]);
+ t = l; l = r; r = t ^ F1(r, Km[ 9], Kr[ 9]);
+ t = l; l = r; r = t ^ F3(r, Km[ 8], Kr[ 8]);
+ t = l; l = r; r = t ^ F2(r, Km[ 7], Kr[ 7]);
+ t = l; l = r; r = t ^ F1(r, Km[ 6], Kr[ 6]);
+ t = l; l = r; r = t ^ F3(r, Km[ 5], Kr[ 5]);
+ t = l; l = r; r = t ^ F2(r, Km[ 4], Kr[ 4]);
+ t = l; l = r; r = t ^ F1(r, Km[ 3], Kr[ 3]);
+ t = l; l = r; r = t ^ F3(r, Km[ 2], Kr[ 2]);
+ t = l; l = r; r = t ^ F2(r, Km[ 1], Kr[ 1]);
+ t = l; l = r; r = t ^ F1(r, Km[ 0], Kr[ 0]);
+
+ outbuf[0] = (r >> 24) & 0xff;
+ outbuf[1] = (r >> 16) & 0xff;
+ outbuf[2] = (r >> 8) & 0xff;
+ outbuf[3] = r & 0xff;
+ outbuf[4] = (l >> 24) & 0xff;
+ outbuf[5] = (l >> 16) & 0xff;
+ outbuf[6] = (l >> 8) & 0xff;
+ outbuf[7] = l & 0xff;
+}
+
+static void
+decrypt_block (void *context, byte *outbuf, const byte *inbuf)
+{
+ CAST5_context *c = (CAST5_context *) context;
+ do_decrypt_block (c, outbuf, inbuf);
+ _gcry_burn_stack (20+4*sizeof(void*));
+}
+
+
+
+
+static void
+key_schedule( u32 *x, u32 *z, u32 *k )
+{
+
+#define xi(i) ((x[(i)/4] >> (8*(3-((i)%4)))) & 0xff)
+#define zi(i) ((z[(i)/4] >> (8*(3-((i)%4)))) & 0xff)
+
+ z[0] = x[0] ^ s5[xi(13)]^s6[xi(15)]^s7[xi(12)]^s8[xi(14)]^s7[xi( 8)];
+ z[1] = x[2] ^ s5[zi( 0)]^s6[zi( 2)]^s7[zi( 1)]^s8[zi( 3)]^s8[xi(10)];
+ z[2] = x[3] ^ s5[zi( 7)]^s6[zi( 6)]^s7[zi( 5)]^s8[zi( 4)]^s5[xi( 9)];
+ z[3] = x[1] ^ s5[zi(10)]^s6[zi( 9)]^s7[zi(11)]^s8[zi( 8)]^s6[xi(11)];
+ k[0] = s5[zi( 8)]^s6[zi( 9)]^s7[zi( 7)]^s8[zi( 6)]^s5[zi( 2)];
+ k[1] = s5[zi(10)]^s6[zi(11)]^s7[zi( 5)]^s8[zi( 4)]^s6[zi( 6)];
+ k[2] = s5[zi(12)]^s6[zi(13)]^s7[zi( 3)]^s8[zi( 2)]^s7[zi( 9)];
+ k[3] = s5[zi(14)]^s6[zi(15)]^s7[zi( 1)]^s8[zi( 0)]^s8[zi(12)];
+
+ x[0] = z[2] ^ s5[zi( 5)]^s6[zi( 7)]^s7[zi( 4)]^s8[zi( 6)]^s7[zi( 0)];
+ x[1] = z[0] ^ s5[xi( 0)]^s6[xi( 2)]^s7[xi( 1)]^s8[xi( 3)]^s8[zi( 2)];
+ x[2] = z[1] ^ s5[xi( 7)]^s6[xi( 6)]^s7[xi( 5)]^s8[xi( 4)]^s5[zi( 1)];
+ x[3] = z[3] ^ s5[xi(10)]^s6[xi( 9)]^s7[xi(11)]^s8[xi( 8)]^s6[zi( 3)];
+ k[4] = s5[xi( 3)]^s6[xi( 2)]^s7[xi(12)]^s8[xi(13)]^s5[xi( 8)];
+ k[5] = s5[xi( 1)]^s6[xi( 0)]^s7[xi(14)]^s8[xi(15)]^s6[xi(13)];
+ k[6] = s5[xi( 7)]^s6[xi( 6)]^s7[xi( 8)]^s8[xi( 9)]^s7[xi( 3)];
+ k[7] = s5[xi( 5)]^s6[xi( 4)]^s7[xi(10)]^s8[xi(11)]^s8[xi( 7)];
+
+ z[0] = x[0] ^ s5[xi(13)]^s6[xi(15)]^s7[xi(12)]^s8[xi(14)]^s7[xi( 8)];
+ z[1] = x[2] ^ s5[zi( 0)]^s6[zi( 2)]^s7[zi( 1)]^s8[zi( 3)]^s8[xi(10)];
+ z[2] = x[3] ^ s5[zi( 7)]^s6[zi( 6)]^s7[zi( 5)]^s8[zi( 4)]^s5[xi( 9)];
+ z[3] = x[1] ^ s5[zi(10)]^s6[zi( 9)]^s7[zi(11)]^s8[zi( 8)]^s6[xi(11)];
+ k[8] = s5[zi( 3)]^s6[zi( 2)]^s7[zi(12)]^s8[zi(13)]^s5[zi( 9)];
+ k[9] = s5[zi( 1)]^s6[zi( 0)]^s7[zi(14)]^s8[zi(15)]^s6[zi(12)];
+ k[10]= s5[zi( 7)]^s6[zi( 6)]^s7[zi( 8)]^s8[zi( 9)]^s7[zi( 2)];
+ k[11]= s5[zi( 5)]^s6[zi( 4)]^s7[zi(10)]^s8[zi(11)]^s8[zi( 6)];
+
+ x[0] = z[2] ^ s5[zi( 5)]^s6[zi( 7)]^s7[zi( 4)]^s8[zi( 6)]^s7[zi( 0)];
+ x[1] = z[0] ^ s5[xi( 0)]^s6[xi( 2)]^s7[xi( 1)]^s8[xi( 3)]^s8[zi( 2)];
+ x[2] = z[1] ^ s5[xi( 7)]^s6[xi( 6)]^s7[xi( 5)]^s8[xi( 4)]^s5[zi( 1)];
+ x[3] = z[3] ^ s5[xi(10)]^s6[xi( 9)]^s7[xi(11)]^s8[xi( 8)]^s6[zi( 3)];
+ k[12]= s5[xi( 8)]^s6[xi( 9)]^s7[xi( 7)]^s8[xi( 6)]^s5[xi( 3)];
+ k[13]= s5[xi(10)]^s6[xi(11)]^s7[xi( 5)]^s8[xi( 4)]^s6[xi( 7)];
+ k[14]= s5[xi(12)]^s6[xi(13)]^s7[xi( 3)]^s8[xi( 2)]^s7[xi( 8)];
+ k[15]= s5[xi(14)]^s6[xi(15)]^s7[xi( 1)]^s8[xi( 0)]^s8[xi(13)];
+
+#undef xi
+#undef zi
+}
+
+
+static gcry_err_code_t
+do_cast_setkey( CAST5_context *c, const byte *key, unsigned keylen )
+{
+ static int initialized;
+ static const char* selftest_failed;
+ int i;
+ u32 x[4];
+ u32 z[4];
+ u32 k[16];
+
+ if( !initialized )
+ {
+ initialized = 1;
+ selftest_failed = selftest();
+ if( selftest_failed )
+ log_error ("CAST5 selftest failed (%s).\n", selftest_failed );
+ }
+ if( selftest_failed )
+ return GPG_ERR_SELFTEST_FAILED;
+
+ if( keylen != 16 )
+ return GPG_ERR_INV_KEYLEN;
+
+ x[0] = key[0] << 24 | key[1] << 16 | key[2] << 8 | key[3];
+ x[1] = key[4] << 24 | key[5] << 16 | key[6] << 8 | key[7];
+ x[2] = key[8] << 24 | key[9] << 16 | key[10] << 8 | key[11];
+ x[3] = key[12] << 24 | key[13] << 16 | key[14] << 8 | key[15];
+
+ key_schedule( x, z, k );
+ for(i=0; i < 16; i++ )
+ c->Km[i] = k[i];
+ key_schedule( x, z, k );
+ for(i=0; i < 16; i++ )
+ c->Kr[i] = k[i] & 0x1f;
+
+ memset(&x,0, sizeof x);
+ memset(&z,0, sizeof z);
+ memset(&k,0, sizeof k);
+
+#undef xi
+#undef zi
+ return GPG_ERR_NO_ERROR;
+}
+
+static gcry_err_code_t
+cast_setkey (void *context, const byte *key, unsigned keylen )
+{
+ CAST5_context *c = (CAST5_context *) context;
+ gcry_err_code_t rc = do_cast_setkey (c, key, keylen);
+ _gcry_burn_stack (96+7*sizeof(void*));
+ return rc;
+}
+
+
+gcry_cipher_spec_t _gcry_cipher_spec_cast5 =
+ {
+ "CAST5", NULL, NULL, CAST5_BLOCKSIZE, 128, sizeof (CAST5_context),
+ cast_setkey, encrypt_block, decrypt_block
+ };
+
+
+GRUB_MOD_INIT(gcry_cast5)
+{
+ grub_cipher_register (&_gcry_cipher_spec_cast5);
+}
+
+GRUB_MOD_FINI(gcry_cast5)
+{
+ grub_cipher_unregister (&_gcry_cipher_spec_cast5);
+}
diff --git a/grub-core/lib/libgcrypt-grub/cipher/cipher.h b/grub-core/lib/libgcrypt-grub/cipher/cipher.h
new file mode 100644
index 0000000..73c6779
--- /dev/null
+++ b/grub-core/lib/libgcrypt-grub/cipher/cipher.h
@@ -0,0 +1,2 @@
+#include <grub/crypto.h>
+#include <cipher_wrap.h>
diff --git a/grub-core/lib/libgcrypt-grub/cipher/crc.c b/grub-core/lib/libgcrypt-grub/cipher/crc.c
new file mode 100644
index 0000000..e0f2bf2
--- /dev/null
+++ b/grub-core/lib/libgcrypt-grub/cipher/crc.c
@@ -0,0 +1,318 @@
+/* This file was automatically imported with
+ import_gcry.py. Please don't modify it */
+#include <grub/dl.h>
+GRUB_MOD_LICENSE ("GPLv3+");
+/* crc.c - Cyclic redundancy checks.
+ * Copyright (C) 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ *
+ */
+
+
+#include "g10lib.h"
+#include "memory.h"
+#include "cipher.h"
+
+#include "bithelp.h"
+
+/* Table of CRCs of all 8-bit messages. Generated by running code
+ from RFC 1952 modified to print out the table. */
+static u32 crc32_table[256] = {
+ 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f,
+ 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988,
+ 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2,
+ 0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7,
+ 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9,
+ 0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172,
+ 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c,
+ 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59,
+ 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423,
+ 0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
+ 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106,
+ 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433,
+ 0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d,
+ 0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e,
+ 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950,
+ 0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65,
+ 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7,
+ 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0,
+ 0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa,
+ 0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
+ 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81,
+ 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a,
+ 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84,
+ 0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1,
+ 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb,
+ 0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc,
+ 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e,
+ 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b,
+ 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55,
+ 0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
+ 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0xb2bd0b28,
+ 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d,
+ 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f,
+ 0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38,
+ 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242,
+ 0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777,
+ 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69,
+ 0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2,
+ 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc,
+ 0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
+ 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693,
+ 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94,
+ 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d
+};
+
+/*
+ * The following function was extracted from RFC 1952 by Simon
+ * Josefsson, for the Shishi project, and modified to be compatible
+ * with the modified CRC-32 used by RFC 1510, and subsequently
+ * modified for GNU Libgcrypt to allow it to be used for calculating
+ * both unmodified CRC-32 and modified CRC-32 values. Original
+ * copyright and notice from the document follows:
+ *
+ * Copyright (c) 1996 L. Peter Deutsch
+ *
+ * Permission is granted to copy and distribute this document for
+ * any purpose and without charge, including translations into
+ * other languages and incorporation into compilations, provided
+ * that the copyright notice and this notice are preserved, and
+ * that any substantive changes or deletions from the original are
+ * clearly marked.
+ *
+ * The copyright on RFCs, and consequently the function below, are
+ * supposedly also retroactively claimed by the Internet Society
+ * (according to rfc-editor@rfc-editor.org), with the following
+ * copyright notice:
+ *
+ * Copyright (C) The Internet Society. All Rights Reserved.
+ *
+ * This document and translations of it may be copied and furnished
+ * to others, and derivative works that comment on or otherwise
+ * explain it or assist in its implementation may be prepared,
+ * copied, published and distributed, in whole or in part, without
+ * restriction of any kind, provided that the above copyright
+ * notice and this paragraph are included on all such copies and
+ * derivative works. However, this document itself may not be
+ * modified in any way, such as by removing the copyright notice or
+ * references to the Internet Society or other Internet
+ * organizations, except as needed for the purpose of developing
+ * Internet standards in which case the procedures for copyrights
+ * defined in the Internet Standards process must be followed, or
+ * as required to translate it into languages other than English.
+ *
+ * The limited permissions granted above are perpetual and will not be
+ * revoked by the Internet Society or its successors or assigns.
+ *
+ * This document and the information contained herein is provided
+ * on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET
+ * ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE
+ * OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY
+ * IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
+ * PARTICULAR PURPOSE.
+ *
+ */
+static u32
+update_crc32 (u32 crc, const void *buf_arg, size_t len)
+{
+ const char *buf = buf_arg;
+ size_t n;
+
+ for (n = 0; n < len; n++)
+ crc = crc32_table[(crc ^ buf[n]) & 0xff] ^ (crc >> 8);
+
+ return crc;
+}
+
+typedef struct
+{
+ u32 CRC;
+ byte buf[4];
+}
+CRC_CONTEXT;
+
+/* CRC32 */
+
+static void
+crc32_init (void *context)
+{
+ CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
+ ctx->CRC = 0 ^ 0xffffffffL;
+}
+
+static void
+crc32_write (void *context, const void *inbuf, size_t inlen)
+{
+ CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
+ if (!inbuf)
+ return;
+ ctx->CRC = update_crc32 (ctx->CRC, inbuf, inlen);
+}
+
+static byte *
+crc32_read (void *context)
+{
+ CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
+ return ctx->buf;
+}
+
+static void
+crc32_final (void *context)
+{
+ CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
+ ctx->CRC ^= 0xffffffffL;
+ ctx->buf[0] = (ctx->CRC >> 24) & 0xFF;
+ ctx->buf[1] = (ctx->CRC >> 16) & 0xFF;
+ ctx->buf[2] = (ctx->CRC >> 8) & 0xFF;
+ ctx->buf[3] = (ctx->CRC ) & 0xFF;
+}
+
+/* CRC32 a'la RFC 1510 */
+static void
+crc32rfc1510_init (void *context)
+{
+ CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
+ ctx->CRC = 0;
+}
+
+static void
+crc32rfc1510_final (void *context)
+{
+ CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
+ ctx->buf[0] = (ctx->CRC >> 24) & 0xFF;
+ ctx->buf[1] = (ctx->CRC >> 16) & 0xFF;
+ ctx->buf[2] = (ctx->CRC >> 8) & 0xFF;
+ ctx->buf[3] = (ctx->CRC ) & 0xFF;
+}
+
+/* CRC24 a'la RFC 2440 */
+/*
+ * The following CRC 24 routines are adapted from RFC 2440, which has
+ * the following copyright notice:
+ *
+ * Copyright (C) The Internet Society (1998). All Rights Reserved.
+ *
+ * This document and translations of it may be copied and furnished
+ * to others, and derivative works that comment on or otherwise
+ * explain it or assist in its implementation may be prepared,
+ * copied, published and distributed, in whole or in part, without
+ * restriction of any kind, provided that the above copyright notice
+ * and this paragraph are included on all such copies and derivative
+ * works. However, this document itself may not be modified in any
+ * way, such as by removing the copyright notice or references to
+ * the Internet Society or other Internet organizations, except as
+ * needed for the purpose of developing Internet standards in which
+ * case the procedures for copyrights defined in the Internet
+ * Standards process must be followed, or as required to translate
+ * it into languages other than English.
+ *
+ * The limited permissions granted above are perpetual and will not be
+ * revoked by the Internet Society or its successors or assigns.
+ *
+ * This document and the information contained herein is provided on
+ * an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET
+ * ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE
+ * OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY
+ * IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR
+ * PURPOSE.
+ */
+
+#define CRC24_INIT 0xb704ceL
+#define CRC24_POLY 0x1864cfbL
+
+static void
+crc24rfc2440_init (void *context)
+{
+ CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
+ ctx->CRC = CRC24_INIT;
+}
+
+static void
+crc24rfc2440_write (void *context, const void *inbuf_arg, size_t inlen)
+{
+ const unsigned char *inbuf = inbuf_arg;
+ int i;
+ CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
+
+ if (!inbuf)
+ return;
+
+ while (inlen--) {
+ ctx->CRC ^= (*inbuf++) << 16;
+ for (i = 0; i < 8; i++) {
+ ctx->CRC <<= 1;
+ if (ctx->CRC & 0x1000000)
+ ctx->CRC ^= CRC24_POLY;
+ }
+ }
+}
+
+static void
+crc24rfc2440_final (void *context)
+{
+ CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
+ ctx->buf[0] = (ctx->CRC >> 16) & 0xFF;
+ ctx->buf[1] = (ctx->CRC >> 8) & 0xFF;
+ ctx->buf[2] = (ctx->CRC ) & 0xFF;
+}
+
+gcry_md_spec_t _gcry_digest_spec_crc32 =
+ {
+ "CRC32", NULL, 0, NULL, 4,
+ crc32_init, crc32_write, crc32_final, crc32_read,
+ sizeof (CRC_CONTEXT)
+ ,
+ .blocksize = 64
+ };
+
+gcry_md_spec_t _gcry_digest_spec_crc32_rfc1510 =
+ {
+ "CRC32RFC1510", NULL, 0, NULL, 4,
+ crc32rfc1510_init, crc32_write,
+ crc32rfc1510_final, crc32_read,
+ sizeof (CRC_CONTEXT)
+ ,
+ .blocksize = 64
+ };
+
+gcry_md_spec_t _gcry_digest_spec_crc24_rfc2440 =
+ {
+ "CRC24RFC2440", NULL, 0, NULL, 3,
+ crc24rfc2440_init, crc24rfc2440_write,
+ crc24rfc2440_final, crc32_read,
+ sizeof (CRC_CONTEXT)
+ ,
+ .blocksize = 64
+ };
+
+
+GRUB_MOD_INIT(gcry_crc)
+{
+ grub_md_register (&_gcry_digest_spec_crc32);
+ grub_md_register (&_gcry_digest_spec_crc32_rfc1510);
+ grub_md_register (&_gcry_digest_spec_crc24_rfc2440);
+}
+
+GRUB_MOD_FINI(gcry_crc)
+{
+ grub_md_unregister (&_gcry_digest_spec_crc32);
+ grub_md_unregister (&_gcry_digest_spec_crc32_rfc1510);
+ grub_md_unregister (&_gcry_digest_spec_crc24_rfc2440);
+}
diff --git a/grub-core/lib/libgcrypt-grub/cipher/crypto.lst b/grub-core/lib/libgcrypt-grub/cipher/crypto.lst
new file mode 100644
index 0000000..5f33d7a
--- /dev/null
+++ b/grub-core/lib/libgcrypt-grub/cipher/crypto.lst
@@ -0,0 +1,38 @@
+RIJNDAEL: gcry_rijndael
+RIJNDAEL192: gcry_rijndael
+RIJNDAEL256: gcry_rijndael
+AES128: gcry_rijndael
+AES-128: gcry_rijndael
+AES-192: gcry_rijndael
+AES-256: gcry_rijndael
+ARCFOUR: gcry_arcfour
+BLOWFISH: gcry_blowfish
+CAMELLIA128: gcry_camellia
+CAMELLIA192: gcry_camellia
+CAMELLIA256: gcry_camellia
+CAST5: gcry_cast5
+CRC32: gcry_crc
+CRC32RFC1510: gcry_crc
+CRC24RFC2440: gcry_crc
+DES: gcry_des
+3DES: gcry_des
+MD4: gcry_md4
+MD5: gcry_md5
+RFC2268_40: gcry_rfc2268
+AES: gcry_rijndael
+AES192: gcry_rijndael
+AES256: gcry_rijndael
+RIPEMD160: gcry_rmd160
+SEED: gcry_seed
+SERPENT128: gcry_serpent
+SERPENT192: gcry_serpent
+SERPENT256: gcry_serpent
+SHA1: gcry_sha1
+SHA224: gcry_sha256
+SHA256: gcry_sha256
+SHA512: gcry_sha512
+SHA384: gcry_sha512
+TIGER192: gcry_tiger
+TWOFISH: gcry_twofish
+TWOFISH128: gcry_twofish
+WHIRLPOOL: gcry_whirlpool
diff --git a/grub-core/lib/libgcrypt-grub/cipher/des.c b/grub-core/lib/libgcrypt-grub/cipher/des.c
new file mode 100644
index 0000000..48592df
--- /dev/null
+++ b/grub-core/lib/libgcrypt-grub/cipher/des.c
@@ -0,0 +1,923 @@
+/* This file was automatically imported with
+ import_gcry.py. Please don't modify it */
+#include <grub/dl.h>
+GRUB_MOD_LICENSE ("GPLv3+");
+/* des.c - DES and Triple-DES encryption/decryption Algorithm
+ * Copyright (C) 1998, 1999, 2001, 2002, 2003,
+ * 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ *
+ * For a description of triple encryption, see:
+ * Bruce Schneier: Applied Cryptography. Second Edition.
+ * John Wiley & Sons, 1996. ISBN 0-471-12845-7. Pages 358 ff.
+ * This implementation is according to the definition of DES in FIPS
+ * PUB 46-2 from December 1993.
+ */
+
+
+/*
+ * Written by Michael Roth <mroth@nessie.de>, September 1998
+ */
+
+
+/*
+ * U S A G E
+ * ===========
+ *
+ * For DES or Triple-DES encryption/decryption you must initialize a proper
+ * encryption context with a key.
+ *
+ * A DES key is 64bit wide but only 56bits of the key are used. The remaining
+ * bits are parity bits and they will _not_ checked in this implementation, but
+ * simply ignored.
+ *
+ * For Triple-DES you could use either two 64bit keys or three 64bit keys.
+ * The parity bits will _not_ checked, too.
+ *
+ * After initializing a context with a key you could use this context to
+ * encrypt or decrypt data in 64bit blocks in Electronic Codebook Mode.
+ *
+ * (In the examples below the slashes at the beginning and ending of comments
+ * are omited.)
+ *
+ * DES Example
+ * -----------
+ * unsigned char key[8];
+ * unsigned char plaintext[8];
+ * unsigned char ciphertext[8];
+ * unsigned char recoverd[8];
+ * des_ctx context;
+ *
+ * * Fill 'key' and 'plaintext' with some data *
+ * ....
+ *
+ * * Set up the DES encryption context *
+ * des_setkey(context, key);
+ *
+ * * Encrypt the plaintext *
+ * des_ecb_encrypt(context, plaintext, ciphertext);
+ *
+ * * To recover the orginal plaintext from ciphertext use: *
+ * des_ecb_decrypt(context, ciphertext, recoverd);
+ *
+ *
+ * Triple-DES Example
+ * ------------------
+ * unsigned char key1[8];
+ * unsigned char key2[8];
+ * unsigned char key3[8];
+ * unsigned char plaintext[8];
+ * unsigned char ciphertext[8];
+ * unsigned char recoverd[8];
+ * tripledes_ctx context;
+ *
+ * * If you would like to use two 64bit keys, fill 'key1' and'key2'
+ * then setup the encryption context: *
+ * tripledes_set2keys(context, key1, key2);
+ *
+ * * To use three 64bit keys with Triple-DES use: *
+ * tripledes_set3keys(context, key1, key2, key3);
+ *
+ * * Encrypting plaintext with Triple-DES *
+ * tripledes_ecb_encrypt(context, plaintext, ciphertext);
+ *
+ * * Decrypting ciphertext to recover the plaintext with Triple-DES *
+ * tripledes_ecb_decrypt(context, ciphertext, recoverd);
+ *
+ *
+ * Selftest
+ * --------
+ * char *error_msg;
+ *
+ * * To perform a selftest of this DES/Triple-DES implementation use the
+ * function selftest(). It will return an error string if there are
+ * some problems with this library. *
+ *
+ * if ( (error_msg = selftest()) )
+ * {
+ * fprintf(stderr, "An error in the DES/Tripple-DES implementation occured: %s\n", error_msg);
+ * abort();
+ * }
+ */
+
+
+#include "types.h" /* for byte and u32 typedefs */
+#include "g10lib.h"
+#include "cipher.h"
+
+#if defined(__GNUC__) && defined(__GNU_LIBRARY__)
+#define working_memcmp memcmp
+#else
+/*
+ * According to the SunOS man page, memcmp returns indeterminate sign
+ * depending on whether characters are signed or not.
+ */
+static int
+working_memcmp( const char *a, const char *b, size_t n )
+{
+ for( ; n; n--, a++, b++ )
+ if( *a != *b )
+ return (int)(*(byte*)a) - (int)(*(byte*)b);
+ return 0;
+}
+#endif
+
+/*
+ * Encryption/Decryption context of DES
+ */
+typedef struct _des_ctx
+ {
+ u32 encrypt_subkeys[32];
+ u32 decrypt_subkeys[32];
+ }
+des_ctx[1];
+
+/*
+ * Encryption/Decryption context of Triple-DES
+ */
+typedef struct _tripledes_ctx
+ {
+ u32 encrypt_subkeys[96];
+ u32 decrypt_subkeys[96];
+ struct {
+ int no_weak_key;
+ } flags;
+ }
+tripledes_ctx[1];
+
+static void des_key_schedule (const byte *, u32 *);
+static int des_setkey (struct _des_ctx *, const byte *);
+static int des_ecb_crypt (struct _des_ctx *, const byte *, byte *, int);
+static int tripledes_set3keys (struct _tripledes_ctx *,
+ const byte *, const byte *, const byte *);
+static int tripledes_ecb_crypt (struct _tripledes_ctx *,
+ const byte *, byte *, int);
+static int is_weak_key ( const byte *key );
+
+static int initialized;
+
+
+
+
+/*
+ * The s-box values are permuted according to the 'primitive function P'
+ * and are rotated one bit to the left.
+ */
+static u32 sbox1[64] =
+{
+ 0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404, 0x00000004, 0x00010000,
+ 0x00000400, 0x01010400, 0x01010404, 0x00000400, 0x01000404, 0x01010004, 0x01000000, 0x00000004,
+ 0x00000404, 0x01000400, 0x01000400, 0x00010400, 0x00010400, 0x01010000, 0x01010000, 0x01000404,
+ 0x00010004, 0x01000004, 0x01000004, 0x00010004, 0x00000000, 0x00000404, 0x00010404, 0x01000000,
+ 0x00010000, 0x01010404, 0x00000004, 0x01010000, 0x01010400, 0x01000000, 0x01000000, 0x00000400,
+ 0x01010004, 0x00010000, 0x00010400, 0x01000004, 0x00000400, 0x00000004, 0x01000404, 0x00010404,
+ 0x01010404, 0x00010004, 0x01010000, 0x01000404, 0x01000004, 0x00000404, 0x00010404, 0x01010400,
+ 0x00000404, 0x01000400, 0x01000400, 0x00000000, 0x00010004, 0x00010400, 0x00000000, 0x01010004
+};
+
+static u32 sbox2[64] =
+{
+ 0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020, 0x80100020, 0x80008020,
+ 0x80000020, 0x80108020, 0x80108000, 0x80000000, 0x80008000, 0x00100000, 0x00000020, 0x80100020,
+ 0x00108000, 0x00100020, 0x80008020, 0x00000000, 0x80000000, 0x00008000, 0x00108020, 0x80100000,
+ 0x00100020, 0x80000020, 0x00000000, 0x00108000, 0x00008020, 0x80108000, 0x80100000, 0x00008020,
+ 0x00000000, 0x00108020, 0x80100020, 0x00100000, 0x80008020, 0x80100000, 0x80108000, 0x00008000,
+ 0x80100000, 0x80008000, 0x00000020, 0x80108020, 0x00108020, 0x00000020, 0x00008000, 0x80000000,
+ 0x00008020, 0x80108000, 0x00100000, 0x80000020, 0x00100020, 0x80008020, 0x80000020, 0x00100020,
+ 0x00108000, 0x00000000, 0x80008000, 0x00008020, 0x80000000, 0x80100020, 0x80108020, 0x00108000
+};
+
+static u32 sbox3[64] =
+{
+ 0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000, 0x00020208, 0x08000200,
+ 0x00020008, 0x08000008, 0x08000008, 0x00020000, 0x08020208, 0x00020008, 0x08020000, 0x00000208,
+ 0x08000000, 0x00000008, 0x08020200, 0x00000200, 0x00020200, 0x08020000, 0x08020008, 0x00020208,
+ 0x08000208, 0x00020200, 0x00020000, 0x08000208, 0x00000008, 0x08020208, 0x00000200, 0x08000000,
+ 0x08020200, 0x08000000, 0x00020008, 0x00000208, 0x00020000, 0x08020200, 0x08000200, 0x00000000,
+ 0x00000200, 0x00020008, 0x08020208, 0x08000200, 0x08000008, 0x00000200, 0x00000000, 0x08020008,
+ 0x08000208, 0x00020000, 0x08000000, 0x08020208, 0x00000008, 0x00020208, 0x00020200, 0x08000008,
+ 0x08020000, 0x08000208, 0x00000208, 0x08020000, 0x00020208, 0x00000008, 0x08020008, 0x00020200
+};
+
+static u32 sbox4[64] =
+{
+ 0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081, 0x00800001, 0x00002001,
+ 0x00000000, 0x00802000, 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00800080, 0x00800001,
+ 0x00000001, 0x00002000, 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002001, 0x00002080,
+ 0x00800081, 0x00000001, 0x00002080, 0x00800080, 0x00002000, 0x00802080, 0x00802081, 0x00000081,
+ 0x00800080, 0x00800001, 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00000000, 0x00802000,
+ 0x00002080, 0x00800080, 0x00800081, 0x00000001, 0x00802001, 0x00002081, 0x00002081, 0x00000080,
+ 0x00802081, 0x00000081, 0x00000001, 0x00002000, 0x00800001, 0x00002001, 0x00802080, 0x00800081,
+ 0x00002001, 0x00002080, 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002000, 0x00802080
+};
+
+static u32 sbox5[64] =
+{
+ 0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100, 0x40000000, 0x02080000,
+ 0x40080100, 0x00080000, 0x02000100, 0x40080100, 0x42000100, 0x42080000, 0x00080100, 0x40000000,
+ 0x02000000, 0x40080000, 0x40080000, 0x00000000, 0x40000100, 0x42080100, 0x42080100, 0x02000100,
+ 0x42080000, 0x40000100, 0x00000000, 0x42000000, 0x02080100, 0x02000000, 0x42000000, 0x00080100,
+ 0x00080000, 0x42000100, 0x00000100, 0x02000000, 0x40000000, 0x02080000, 0x42000100, 0x40080100,
+ 0x02000100, 0x40000000, 0x42080000, 0x02080100, 0x40080100, 0x00000100, 0x02000000, 0x42080000,
+ 0x42080100, 0x00080100, 0x42000000, 0x42080100, 0x02080000, 0x00000000, 0x40080000, 0x42000000,
+ 0x00080100, 0x02000100, 0x40000100, 0x00080000, 0x00000000, 0x40080000, 0x02080100, 0x40000100
+};
+
+static u32 sbox6[64] =
+{
+ 0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010, 0x20404010, 0x00400000,
+ 0x20004000, 0x00404010, 0x00400000, 0x20000010, 0x00400010, 0x20004000, 0x20000000, 0x00004010,
+ 0x00000000, 0x00400010, 0x20004010, 0x00004000, 0x00404000, 0x20004010, 0x00000010, 0x20400010,
+ 0x20400010, 0x00000000, 0x00404010, 0x20404000, 0x00004010, 0x00404000, 0x20404000, 0x20000000,
+ 0x20004000, 0x00000010, 0x20400010, 0x00404000, 0x20404010, 0x00400000, 0x00004010, 0x20000010,
+ 0x00400000, 0x20004000, 0x20000000, 0x00004010, 0x20000010, 0x20404010, 0x00404000, 0x20400000,
+ 0x00404010, 0x20404000, 0x00000000, 0x20400010, 0x00000010, 0x00004000, 0x20400000, 0x00404010,
+ 0x00004000, 0x00400010, 0x20004010, 0x00000000, 0x20404000, 0x20000000, 0x00400010, 0x20004010
+};
+
+static u32 sbox7[64] =
+{
+ 0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802, 0x00200802, 0x04200800,
+ 0x04200802, 0x00200000, 0x00000000, 0x04000002, 0x00000002, 0x04000000, 0x04200002, 0x00000802,
+ 0x04000800, 0x00200802, 0x00200002, 0x04000800, 0x04000002, 0x04200000, 0x04200800, 0x00200002,
+ 0x04200000, 0x00000800, 0x00000802, 0x04200802, 0x00200800, 0x00000002, 0x04000000, 0x00200800,
+ 0x04000000, 0x00200800, 0x00200000, 0x04000802, 0x04000802, 0x04200002, 0x04200002, 0x00000002,
+ 0x00200002, 0x04000000, 0x04000800, 0x00200000, 0x04200800, 0x00000802, 0x00200802, 0x04200800,
+ 0x00000802, 0x04000002, 0x04200802, 0x04200000, 0x00200800, 0x00000000, 0x00000002, 0x04200802,
+ 0x00000000, 0x00200802, 0x04200000, 0x00000800, 0x04000002, 0x04000800, 0x00000800, 0x00200002
+};
+
+static u32 sbox8[64] =
+{
+ 0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040, 0x00000040, 0x10000000,
+ 0x00040040, 0x10040000, 0x10041040, 0x00041000, 0x10041000, 0x00041040, 0x00001000, 0x00000040,
+ 0x10040000, 0x10000040, 0x10001000, 0x00001040, 0x00041000, 0x00040040, 0x10040040, 0x10041000,
+ 0x00001040, 0x00000000, 0x00000000, 0x10040040, 0x10000040, 0x10001000, 0x00041040, 0x00040000,
+ 0x00041040, 0x00040000, 0x10041000, 0x00001000, 0x00000040, 0x10040040, 0x00001000, 0x00041040,
+ 0x10001000, 0x00000040, 0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x00040000, 0x10001040,
+ 0x00000000, 0x10041040, 0x00040040, 0x10000040, 0x10040000, 0x10001000, 0x10001040, 0x00000000,
+ 0x10041040, 0x00041000, 0x00041000, 0x00001040, 0x00001040, 0x00040040, 0x10000000, 0x10041000
+};
+
+
+/*
+ * These two tables are part of the 'permuted choice 1' function.
+ * In this implementation several speed improvements are done.
+ */
+static u32 leftkey_swap[16] =
+{
+ 0x00000000, 0x00000001, 0x00000100, 0x00000101,
+ 0x00010000, 0x00010001, 0x00010100, 0x00010101,
+ 0x01000000, 0x01000001, 0x01000100, 0x01000101,
+ 0x01010000, 0x01010001, 0x01010100, 0x01010101
+};
+
+static u32 rightkey_swap[16] =
+{
+ 0x00000000, 0x01000000, 0x00010000, 0x01010000,
+ 0x00000100, 0x01000100, 0x00010100, 0x01010100,
+ 0x00000001, 0x01000001, 0x00010001, 0x01010001,
+ 0x00000101, 0x01000101, 0x00010101, 0x01010101,
+};
+
+
+
+/*
+ * Numbers of left shifts per round for encryption subkeys.
+ * To calculate the decryption subkeys we just reverse the
+ * ordering of the calculated encryption subkeys. So their
+ * is no need for a decryption rotate tab.
+ */
+static byte encrypt_rotate_tab[16] =
+{
+ 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
+};
+
+
+
+/*
+ * Table with weak DES keys sorted in ascending order.
+ * In DES their are 64 known keys which are weak. They are weak
+ * because they produce only one, two or four different
+ * subkeys in the subkey scheduling process.
+ * The keys in this table have all their parity bits cleared.
+ */
+static byte weak_keys[64][8] =
+{
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /*w*/
+ { 0x00, 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e },
+ { 0x00, 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0 },
+ { 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe },
+ { 0x00, 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e }, /*sw*/
+ { 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00 },
+ { 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe },
+ { 0x00, 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0 },
+ { 0x00, 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0 }, /*sw*/
+ { 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe },
+ { 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00 },
+ { 0x00, 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e },
+ { 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe }, /*sw*/
+ { 0x00, 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0 },
+ { 0x00, 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e },
+ { 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00 },
+ { 0x1e, 0x00, 0x00, 0x1e, 0x0e, 0x00, 0x00, 0x0e },
+ { 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e, 0x00 }, /*sw*/
+ { 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0, 0xfe },
+ { 0x1e, 0x00, 0xfe, 0xe0, 0x0e, 0x00, 0xfe, 0xf0 },
+ { 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00, 0x00 },
+ { 0x1e, 0x1e, 0x1e, 0x1e, 0x0e, 0x0e, 0x0e, 0x0e }, /*w*/
+ { 0x1e, 0x1e, 0xe0, 0xe0, 0x0e, 0x0e, 0xf0, 0xf0 },
+ { 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe, 0xfe },
+ { 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00, 0xfe },
+ { 0x1e, 0xe0, 0x1e, 0xe0, 0x0e, 0xf0, 0x0e, 0xf0 }, /*sw*/
+ { 0x1e, 0xe0, 0xe0, 0x1e, 0x0e, 0xf0, 0xf0, 0x0e },
+ { 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe, 0x00 },
+ { 0x1e, 0xfe, 0x00, 0xe0, 0x0e, 0xfe, 0x00, 0xf0 },
+ { 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe }, /*sw*/
+ { 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0, 0x00 },
+ { 0x1e, 0xfe, 0xfe, 0x1e, 0x0e, 0xfe, 0xfe, 0x0e },
+ { 0xe0, 0x00, 0x00, 0xe0, 0xf0, 0x00, 0x00, 0xf0 },
+ { 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e, 0xfe },
+ { 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0, 0x00 }, /*sw*/
+ { 0xe0, 0x00, 0xfe, 0x1e, 0xf0, 0x00, 0xfe, 0x0e },
+ { 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00, 0xfe },
+ { 0xe0, 0x1e, 0x1e, 0xe0, 0xf0, 0x0e, 0x0e, 0xf0 },
+ { 0xe0, 0x1e, 0xe0, 0x1e, 0xf0, 0x0e, 0xf0, 0x0e }, /*sw*/
+ { 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe, 0x00 },
+ { 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00, 0x00 },
+ { 0xe0, 0xe0, 0x1e, 0x1e, 0xf0, 0xf0, 0x0e, 0x0e },
+ { 0xe0, 0xe0, 0xe0, 0xe0, 0xf0, 0xf0, 0xf0, 0xf0 }, /*w*/
+ { 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe, 0xfe },
+ { 0xe0, 0xfe, 0x00, 0x1e, 0xf0, 0xfe, 0x00, 0x0e },
+ { 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e, 0x00 },
+ { 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0, 0xfe }, /*sw*/
+ { 0xe0, 0xfe, 0xfe, 0xe0, 0xf0, 0xfe, 0xfe, 0xf0 },
+ { 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe },
+ { 0xfe, 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0 },
+ { 0xfe, 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e },
+ { 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00 }, /*sw*/
+ { 0xfe, 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0 },
+ { 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe },
+ { 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00 },
+ { 0xfe, 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e }, /*sw*/
+ { 0xfe, 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e },
+ { 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00 },
+ { 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe },
+ { 0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0 }, /*sw*/
+ { 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00 },
+ { 0xfe, 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e },
+ { 0xfe, 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0 },
+ { 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe } /*w*/
+};
+
+
+
+/*
+ * Macro to swap bits across two words.
+ */
+#define DO_PERMUTATION(a, temp, b, offset, mask) \
+ temp = ((a>>offset) ^ b) & mask; \
+ b ^= temp; \
+ a ^= temp<<offset;
+
+
+/*
+ * This performs the 'initial permutation' of the data to be encrypted
+ * or decrypted. Additionally the resulting two words are rotated one bit
+ * to the left.
+ */
+#define INITIAL_PERMUTATION(left, temp, right) \
+ DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f) \
+ DO_PERMUTATION(left, temp, right, 16, 0x0000ffff) \
+ DO_PERMUTATION(right, temp, left, 2, 0x33333333) \
+ DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff) \
+ right = (right << 1) | (right >> 31); \
+ temp = (left ^ right) & 0xaaaaaaaa; \
+ right ^= temp; \
+ left ^= temp; \
+ left = (left << 1) | (left >> 31);
+
+/*
+ * The 'inverse initial permutation'.
+ */
+#define FINAL_PERMUTATION(left, temp, right) \
+ left = (left << 31) | (left >> 1); \
+ temp = (left ^ right) & 0xaaaaaaaa; \
+ left ^= temp; \
+ right ^= temp; \
+ right = (right << 31) | (right >> 1); \
+ DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff) \
+ DO_PERMUTATION(right, temp, left, 2, 0x33333333) \
+ DO_PERMUTATION(left, temp, right, 16, 0x0000ffff) \
+ DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f)
+
+
+/*
+ * A full DES round including 'expansion function', 'sbox substitution'
+ * and 'primitive function P' but without swapping the left and right word.
+ * Please note: The data in 'from' and 'to' is already rotated one bit to
+ * the left, done in the initial permutation.
+ */
+#define DES_ROUND(from, to, work, subkey) \
+ work = from ^ *subkey++; \
+ to ^= sbox8[ work & 0x3f ]; \
+ to ^= sbox6[ (work>>8) & 0x3f ]; \
+ to ^= sbox4[ (work>>16) & 0x3f ]; \
+ to ^= sbox2[ (work>>24) & 0x3f ]; \
+ work = ((from << 28) | (from >> 4)) ^ *subkey++; \
+ to ^= sbox7[ work & 0x3f ]; \
+ to ^= sbox5[ (work>>8) & 0x3f ]; \
+ to ^= sbox3[ (work>>16) & 0x3f ]; \
+ to ^= sbox1[ (work>>24) & 0x3f ];
+
+/*
+ * Macros to convert 8 bytes from/to 32bit words.
+ */
+#define READ_64BIT_DATA(data, left, right) \
+ left = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3]; \
+ right = (data[4] << 24) | (data[5] << 16) | (data[6] << 8) | data[7];
+
+#define WRITE_64BIT_DATA(data, left, right) \
+ data[0] = (left >> 24) &0xff; data[1] = (left >> 16) &0xff; \
+ data[2] = (left >> 8) &0xff; data[3] = left &0xff; \
+ data[4] = (right >> 24) &0xff; data[5] = (right >> 16) &0xff; \
+ data[6] = (right >> 8) &0xff; data[7] = right &0xff;
+
+/*
+ * Handy macros for encryption and decryption of data
+ */
+#define des_ecb_encrypt(ctx, from, to) des_ecb_crypt(ctx, from, to, 0)
+#define des_ecb_decrypt(ctx, from, to) des_ecb_crypt(ctx, from, to, 1)
+#define tripledes_ecb_encrypt(ctx, from, to) tripledes_ecb_crypt(ctx,from,to,0)
+#define tripledes_ecb_decrypt(ctx, from, to) tripledes_ecb_crypt(ctx,from,to,1)
+
+
+
+
+
+
+/*
+ * des_key_schedule(): Calculate 16 subkeys pairs (even/odd) for
+ * 16 encryption rounds.
+ * To calculate subkeys for decryption the caller
+ * have to reorder the generated subkeys.
+ *
+ * rawkey: 8 Bytes of key data
+ * subkey: Array of at least 32 u32s. Will be filled
+ * with calculated subkeys.
+ *
+ */
+static void
+des_key_schedule (const byte * rawkey, u32 * subkey)
+{
+ u32 left, right, work;
+ int round;
+
+ READ_64BIT_DATA (rawkey, left, right)
+
+ DO_PERMUTATION (right, work, left, 4, 0x0f0f0f0f)
+ DO_PERMUTATION (right, work, left, 0, 0x10101010)
+
+ left = ((leftkey_swap[(left >> 0) & 0xf] << 3)
+ | (leftkey_swap[(left >> 8) & 0xf] << 2)
+ | (leftkey_swap[(left >> 16) & 0xf] << 1)
+ | (leftkey_swap[(left >> 24) & 0xf])
+ | (leftkey_swap[(left >> 5) & 0xf] << 7)
+ | (leftkey_swap[(left >> 13) & 0xf] << 6)
+ | (leftkey_swap[(left >> 21) & 0xf] << 5)
+ | (leftkey_swap[(left >> 29) & 0xf] << 4));
+
+ left &= 0x0fffffff;
+
+ right = ((rightkey_swap[(right >> 1) & 0xf] << 3)
+ | (rightkey_swap[(right >> 9) & 0xf] << 2)
+ | (rightkey_swap[(right >> 17) & 0xf] << 1)
+ | (rightkey_swap[(right >> 25) & 0xf])
+ | (rightkey_swap[(right >> 4) & 0xf] << 7)
+ | (rightkey_swap[(right >> 12) & 0xf] << 6)
+ | (rightkey_swap[(right >> 20) & 0xf] << 5)
+ | (rightkey_swap[(right >> 28) & 0xf] << 4));
+
+ right &= 0x0fffffff;
+
+ for (round = 0; round < 16; ++round)
+ {
+ left = ((left << encrypt_rotate_tab[round])
+ | (left >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
+ right = ((right << encrypt_rotate_tab[round])
+ | (right >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
+
+ *subkey++ = (((left << 4) & 0x24000000)
+ | ((left << 28) & 0x10000000)
+ | ((left << 14) & 0x08000000)
+ | ((left << 18) & 0x02080000)
+ | ((left << 6) & 0x01000000)
+ | ((left << 9) & 0x00200000)
+ | ((left >> 1) & 0x00100000)
+ | ((left << 10) & 0x00040000)
+ | ((left << 2) & 0x00020000)
+ | ((left >> 10) & 0x00010000)
+ | ((right >> 13) & 0x00002000)
+ | ((right >> 4) & 0x00001000)
+ | ((right << 6) & 0x00000800)
+ | ((right >> 1) & 0x00000400)
+ | ((right >> 14) & 0x00000200)
+ | (right & 0x00000100)
+ | ((right >> 5) & 0x00000020)
+ | ((right >> 10) & 0x00000010)
+ | ((right >> 3) & 0x00000008)
+ | ((right >> 18) & 0x00000004)
+ | ((right >> 26) & 0x00000002)
+ | ((right >> 24) & 0x00000001));
+
+ *subkey++ = (((left << 15) & 0x20000000)
+ | ((left << 17) & 0x10000000)
+ | ((left << 10) & 0x08000000)
+ | ((left << 22) & 0x04000000)
+ | ((left >> 2) & 0x02000000)
+ | ((left << 1) & 0x01000000)
+ | ((left << 16) & 0x00200000)
+ | ((left << 11) & 0x00100000)
+ | ((left << 3) & 0x00080000)
+ | ((left >> 6) & 0x00040000)
+ | ((left << 15) & 0x00020000)
+ | ((left >> 4) & 0x00010000)
+ | ((right >> 2) & 0x00002000)
+ | ((right << 8) & 0x00001000)
+ | ((right >> 14) & 0x00000808)
+ | ((right >> 9) & 0x00000400)
+ | ((right) & 0x00000200)
+ | ((right << 7) & 0x00000100)
+ | ((right >> 7) & 0x00000020)
+ | ((right >> 3) & 0x00000011)
+ | ((right << 2) & 0x00000004)
+ | ((right >> 21) & 0x00000002));
+ }
+}
+
+
+/*
+ * Fill a DES context with subkeys calculated from a 64bit key.
+ * Does not check parity bits, but simply ignore them.
+ * Does not check for weak keys.
+ */
+static int
+des_setkey (struct _des_ctx *ctx, const byte * key)
+{
+ static const char *selftest_failed;
+ int i;
+
+ if (!fips_mode () && !initialized)
+ {
+ initialized = 1;
+ selftest_failed = selftest ();
+
+ if (selftest_failed)
+ log_error ("%s\n", selftest_failed);
+ }
+ if (selftest_failed)
+ return GPG_ERR_SELFTEST_FAILED;
+
+ des_key_schedule (key, ctx->encrypt_subkeys);
+ _gcry_burn_stack (32);
+
+ for(i=0; i<32; i+=2)
+ {
+ ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[30-i];
+ ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[31-i];
+ }
+
+ return 0;
+}
+
+
+
+/*
+ * Electronic Codebook Mode DES encryption/decryption of data according
+ * to 'mode'.
+ */
+static int
+des_ecb_crypt (struct _des_ctx *ctx, const byte * from, byte * to, int mode)
+{
+ u32 left, right, work;
+ u32 *keys;
+
+ keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
+
+ READ_64BIT_DATA (from, left, right)
+ INITIAL_PERMUTATION (left, work, right)
+
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+
+ FINAL_PERMUTATION (right, work, left)
+ WRITE_64BIT_DATA (to, right, left)
+
+ return 0;
+}
+
+
+
+/*
+ * Fill a Triple-DES context with subkeys calculated from two 64bit keys.
+ * Does not check the parity bits of the keys, but simply ignore them.
+ * Does not check for weak keys.
+ */
+
+
+
+/*
+ * Fill a Triple-DES context with subkeys calculated from three 64bit keys.
+ * Does not check the parity bits of the keys, but simply ignore them.
+ * Does not check for weak keys.
+ */
+static int
+tripledes_set3keys (struct _tripledes_ctx *ctx,
+ const byte * key1,
+ const byte * key2,
+ const byte * key3)
+{
+ static const char *selftest_failed;
+ int i;
+
+ if (!fips_mode () && !initialized)
+ {
+ initialized = 1;
+ selftest_failed = selftest ();
+
+ if (selftest_failed)
+ log_error ("%s\n", selftest_failed);
+ }
+ if (selftest_failed)
+ return GPG_ERR_SELFTEST_FAILED;
+
+ des_key_schedule (key1, ctx->encrypt_subkeys);
+ des_key_schedule (key2, &(ctx->decrypt_subkeys[32]));
+ des_key_schedule (key3, &(ctx->encrypt_subkeys[64]));
+ _gcry_burn_stack (32);
+
+ for(i=0; i<32; i+=2)
+ {
+ ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[94-i];
+ ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[95-i];
+
+ ctx->encrypt_subkeys[i+32] = ctx->decrypt_subkeys[62-i];
+ ctx->encrypt_subkeys[i+33] = ctx->decrypt_subkeys[63-i];
+
+ ctx->decrypt_subkeys[i+64] = ctx->encrypt_subkeys[30-i];
+ ctx->decrypt_subkeys[i+65] = ctx->encrypt_subkeys[31-i];
+ }
+
+ return 0;
+}
+
+
+
+/*
+ * Electronic Codebook Mode Triple-DES encryption/decryption of data
+ * according to 'mode'. Sometimes this mode is named 'EDE' mode
+ * (Encryption-Decryption-Encryption).
+ */
+static int
+tripledes_ecb_crypt (struct _tripledes_ctx *ctx, const byte * from,
+ byte * to, int mode)
+{
+ u32 left, right, work;
+ u32 *keys;
+
+ keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
+
+ READ_64BIT_DATA (from, left, right)
+ INITIAL_PERMUTATION (left, work, right)
+
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+
+ DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
+ DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
+ DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
+ DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
+ DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
+ DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
+ DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
+ DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
+
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+
+ FINAL_PERMUTATION (right, work, left)
+ WRITE_64BIT_DATA (to, right, left)
+
+ return 0;
+}
+
+
+
+
+
+/*
+ * Check whether the 8 byte key is weak.
+ * Does not check the parity bits of the key but simple ignore them.
+ */
+static int
+is_weak_key ( const byte *key )
+{
+ byte work[8];
+ int i, left, right, middle, cmp_result;
+
+ /* clear parity bits */
+ for(i=0; i<8; ++i)
+ work[i] = key[i] & 0xfe;
+
+ /* binary search in the weak key table */
+ left = 0;
+ right = 63;
+ while(left <= right)
+ {
+ middle = (left + right) / 2;
+
+ if ( !(cmp_result=working_memcmp(work, weak_keys[middle], 8)) )
+ return -1;
+
+ if ( cmp_result > 0 )
+ left = middle + 1;
+ else
+ right = middle - 1;
+ }
+
+ return 0;
+}
+
+
+
+/*
+ * Performs a selftest of this DES/Triple-DES implementation.
+ * Returns an string with the error text on failure.
+ * Returns NULL if all is ok.
+ */
+
+
+static gcry_err_code_t
+do_tripledes_setkey ( void *context, const byte *key, unsigned keylen )
+{
+ struct _tripledes_ctx *ctx = (struct _tripledes_ctx *) context;
+
+ if( keylen != 24 )
+ return GPG_ERR_INV_KEYLEN;
+
+ tripledes_set3keys ( ctx, key, key+8, key+16);
+
+ if (ctx->flags.no_weak_key)
+ ; /* Detection has been disabled. */
+ else if (is_weak_key (key) || is_weak_key (key+8) || is_weak_key (key+16))
+ {
+ _gcry_burn_stack (64);
+ return GPG_ERR_WEAK_KEY;
+ }
+ _gcry_burn_stack (64);
+
+ return GPG_ERR_NO_ERROR;
+}
+
+
+
+
+static void
+do_tripledes_encrypt( void *context, byte *outbuf, const byte *inbuf )
+{
+ struct _tripledes_ctx *ctx = (struct _tripledes_ctx *) context;
+
+ tripledes_ecb_encrypt ( ctx, inbuf, outbuf );
+ _gcry_burn_stack (32);
+}
+
+static void
+do_tripledes_decrypt( void *context, byte *outbuf, const byte *inbuf )
+{
+ struct _tripledes_ctx *ctx = (struct _tripledes_ctx *) context;
+ tripledes_ecb_decrypt ( ctx, inbuf, outbuf );
+ _gcry_burn_stack (32);
+}
+
+static gcry_err_code_t
+do_des_setkey (void *context, const byte *key, unsigned keylen)
+{
+ struct _des_ctx *ctx = (struct _des_ctx *) context;
+
+ if (keylen != 8)
+ return GPG_ERR_INV_KEYLEN;
+
+ des_setkey (ctx, key);
+
+ if (is_weak_key (key)) {
+ _gcry_burn_stack (64);
+ return GPG_ERR_WEAK_KEY;
+ }
+ _gcry_burn_stack (64);
+
+ return GPG_ERR_NO_ERROR;
+}
+
+
+static void
+do_des_encrypt( void *context, byte *outbuf, const byte *inbuf )
+{
+ struct _des_ctx *ctx = (struct _des_ctx *) context;
+
+ des_ecb_encrypt ( ctx, inbuf, outbuf );
+ _gcry_burn_stack (32);
+}
+
+static void
+do_des_decrypt( void *context, byte *outbuf, const byte *inbuf )
+{
+ struct _des_ctx *ctx = (struct _des_ctx *) context;
+
+ des_ecb_decrypt ( ctx, inbuf, outbuf );
+ _gcry_burn_stack (32);
+}
+
+
+
+
+/*
+ Self-test section.
+ */
+
+
+/* Selftest for TripleDES. */
+
+
+
+/* Run a full self-test for ALGO and return 0 on success. */
+
+
+
+gcry_cipher_spec_t _gcry_cipher_spec_des =
+ {
+ "DES", NULL, NULL, 8, 64, sizeof (struct _des_ctx),
+ do_des_setkey, do_des_encrypt, do_des_decrypt
+ };
+
+static gcry_cipher_oid_spec_t oids_tripledes[] =
+ {
+ { "1.2.840.113549.3.7", GCRY_CIPHER_MODE_CBC },
+ /* Teletrust specific OID for 3DES. */
+ { "1.3.36.3.1.3.2.1", GCRY_CIPHER_MODE_CBC },
+ /* pbeWithSHAAnd3_KeyTripleDES_CBC */
+ { "1.2.840.113549.1.12.1.3", GCRY_CIPHER_MODE_CBC },
+ { NULL }
+ };
+
+gcry_cipher_spec_t _gcry_cipher_spec_tripledes =
+ {
+ "3DES", NULL, oids_tripledes, 8, 192, sizeof (struct _tripledes_ctx),
+ do_tripledes_setkey, do_tripledes_encrypt, do_tripledes_decrypt
+ };
+
+
+
+GRUB_MOD_INIT(gcry_des)
+{
+ grub_cipher_register (&_gcry_cipher_spec_des);
+ grub_cipher_register (&_gcry_cipher_spec_tripledes);
+}
+
+GRUB_MOD_FINI(gcry_des)
+{
+ grub_cipher_unregister (&_gcry_cipher_spec_des);
+ grub_cipher_unregister (&_gcry_cipher_spec_tripledes);
+}
diff --git a/grub-core/lib/libgcrypt-grub/cipher/dsa.c b/grub-core/lib/libgcrypt-grub/cipher/dsa.c
new file mode 100644
index 0000000..296d2ef
--- /dev/null
+++ b/grub-core/lib/libgcrypt-grub/cipher/dsa.c
@@ -0,0 +1,1063 @@
+/* This file was automatically imported with
+ import_gcry.py. Please don't modify it */
+#include <grub/dl.h>
+GRUB_MOD_LICENSE ("GPLv3+");
+/* dsa.c - DSA signature algorithm
+ * Copyright (C) 1998, 2000, 2001, 2002, 2003,
+ * 2006, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+#include "g10lib.h"
+#include "mpi.h"
+#include "cipher.h"
+
+typedef struct
+{
+ gcry_mpi_t p; /* prime */
+ gcry_mpi_t q; /* group order */
+ gcry_mpi_t g; /* group generator */
+ gcry_mpi_t y; /* g^x mod p */
+} DSA_public_key;
+
+
+typedef struct
+{
+ gcry_mpi_t p; /* prime */
+ gcry_mpi_t q; /* group order */
+ gcry_mpi_t g; /* group generator */
+ gcry_mpi_t y; /* g^x mod p */
+ gcry_mpi_t x; /* secret exponent */
+} DSA_secret_key;
+
+
+/* A structure used to hold domain parameters. */
+typedef struct
+{
+ gcry_mpi_t p; /* prime */
+ gcry_mpi_t q; /* group order */
+ gcry_mpi_t g; /* group generator */
+} dsa_domain_t;
+
+
+/* A sample 1024 bit DSA key used for the selftests. */
+static const char sample_secret_key[] =
+"(private-key"
+" (dsa"
+" (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB"
+" 96273899DD8B2BB46CD6ECA263FAF04A28903503D59062A8865D2AE8ADFB5191"
+" CF36FFB562D0E2F5809801A1F675DAE59698A9E01EFE8D7DCFCA084F4C6F5A44"
+" 44D499A06FFAEA5E8EF5E01F2FD20A7B7EF3F6968AFBA1FB8D91F1559D52D8777B#)"
+" (q #00EB7B5751D25EBBB7BD59D920315FD840E19AEBF9#)"
+" (g #1574363387FDFD1DDF38F4FBE135BB20C7EE4772FB94C337AF86EA8E49666503"
+" AE04B6BE81A2F8DD095311E0217ACA698A11E6C5D33CCDAE71498ED35D13991E"
+" B02F09AB40BD8F4C5ED8C75DA779D0AE104BC34C960B002377068AB4B5A1F984"
+" 3FBA91F537F1B7CAC4D8DD6D89B0D863AF7025D549F9C765D2FC07EE208F8D15#)"
+" (y #64B11EF8871BE4AB572AA810D5D3CA11A6CDBC637A8014602C72960DB135BF46"
+" A1816A724C34F87330FC9E187C5D66897A04535CC2AC9164A7150ABFA8179827"
+" 6E45831AB811EEE848EBB24D9F5F2883B6E5DDC4C659DEF944DCFD80BF4D0A20"
+" 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)"
+" (x #11D54E4ADBD3034160F2CED4B7CD292A4EBF3EC0#)))";
+/* A sample 1024 bit DSA key used for the selftests (public only). */
+static const char sample_public_key[] =
+"(public-key"
+" (dsa"
+" (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB"
+" 96273899DD8B2BB46CD6ECA263FAF04A28903503D59062A8865D2AE8ADFB5191"
+" CF36FFB562D0E2F5809801A1F675DAE59698A9E01EFE8D7DCFCA084F4C6F5A44"
+" 44D499A06FFAEA5E8EF5E01F2FD20A7B7EF3F6968AFBA1FB8D91F1559D52D8777B#)"
+" (q #00EB7B5751D25EBBB7BD59D920315FD840E19AEBF9#)"
+" (g #1574363387FDFD1DDF38F4FBE135BB20C7EE4772FB94C337AF86EA8E49666503"
+" AE04B6BE81A2F8DD095311E0217ACA698A11E6C5D33CCDAE71498ED35D13991E"
+" B02F09AB40BD8F4C5ED8C75DA779D0AE104BC34C960B002377068AB4B5A1F984"
+" 3FBA91F537F1B7CAC4D8DD6D89B0D863AF7025D549F9C765D2FC07EE208F8D15#)"
+" (y #64B11EF8871BE4AB572AA810D5D3CA11A6CDBC637A8014602C72960DB135BF46"
+" A1816A724C34F87330FC9E187C5D66897A04535CC2AC9164A7150ABFA8179827"
+" 6E45831AB811EEE848EBB24D9F5F2883B6E5DDC4C659DEF944DCFD80BF4D0A20"
+" 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)))";
+
+
+
+
+static gcry_mpi_t gen_k (gcry_mpi_t q);
+static int test_keys (DSA_secret_key *sk, unsigned int qbits);
+static int check_secret_key (DSA_secret_key *sk);
+static gpg_err_code_t generate (DSA_secret_key *sk,
+ unsigned int nbits,
+ unsigned int qbits,
+ int transient_key,
+ dsa_domain_t *domain,
+ gcry_mpi_t **ret_factors);
+static void sign (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t input,
+ DSA_secret_key *skey);
+static int verify (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t input,
+ DSA_public_key *pkey);
+
+static void (*progress_cb) (void *,const char *, int, int, int );
+static void *progress_cb_data;
+
+
+void
+_gcry_register_pk_dsa_progress (void (*cb) (void *, const char *,
+ int, int, int),
+ void *cb_data)
+{
+ progress_cb = cb;
+ progress_cb_data = cb_data;
+}
+
+
+static void
+progress (int c)
+{
+ if (progress_cb)
+ progress_cb (progress_cb_data, "pk_dsa", c, 0, 0);
+}
+
+
+/*
+ * Generate a random secret exponent k less than q.
+ */
+static gcry_mpi_t
+gen_k( gcry_mpi_t q )
+{
+ gcry_mpi_t k = mpi_alloc_secure( mpi_get_nlimbs(q) );
+ unsigned int nbits = mpi_get_nbits(q);
+ unsigned int nbytes = (nbits+7)/8;
+ char *rndbuf = NULL;
+
+ if ( DBG_CIPHER )
+ log_debug("choosing a random k ");
+ for (;;)
+ {
+ if( DBG_CIPHER )
+ progress('.');
+
+ if ( !rndbuf || nbits < 32 )
+ {
+ gcry_free(rndbuf);
+ rndbuf = gcry_random_bytes_secure( (nbits+7)/8, GCRY_STRONG_RANDOM );
+ }
+ else
+ { /* Change only some of the higher bits. We could improve
+ this by directly requesting more memory at the first call
+ to get_random_bytes() and use this the here maybe it is
+ easier to do this directly in random.c. */
+ char *pp = gcry_random_bytes_secure( 4, GCRY_STRONG_RANDOM );
+ memcpy( rndbuf,pp, 4 );
+ gcry_free(pp);
+ }
+ _gcry_mpi_set_buffer( k, rndbuf, nbytes, 0 );
+ if ( mpi_test_bit( k, nbits-1 ) )
+ mpi_set_highbit( k, nbits-1 );
+ else
+ {
+ mpi_set_highbit( k, nbits-1 );
+ mpi_clear_bit( k, nbits-1 );
+ }
+
+ if( !(mpi_cmp( k, q ) < 0) ) /* check: k < q */
+ {
+ if( DBG_CIPHER )
+ progress('+');
+ continue; /* no */
+ }
+ if( !(mpi_cmp_ui( k, 0 ) > 0) ) /* check: k > 0 */
+ {
+ if( DBG_CIPHER )
+ progress('-');
+ continue; /* no */
+ }
+ break; /* okay */
+ }
+ gcry_free(rndbuf);
+ if( DBG_CIPHER )
+ progress('\n');
+
+ return k;
+}
+
+
+/* Check that a freshly generated key actually works. Returns 0 on success. */
+static int
+test_keys (DSA_secret_key *sk, unsigned int qbits)
+{
+ int result = -1; /* Default to failure. */
+ DSA_public_key pk;
+ gcry_mpi_t data = gcry_mpi_new (qbits);
+ gcry_mpi_t sig_a = gcry_mpi_new (qbits);
+ gcry_mpi_t sig_b = gcry_mpi_new (qbits);
+
+ /* Put the relevant parameters into a public key structure. */
+ pk.p = sk->p;
+ pk.q = sk->q;
+ pk.g = sk->g;
+ pk.y = sk->y;
+
+ /* Create a random plaintext. */
+ gcry_mpi_randomize (data, qbits, GCRY_WEAK_RANDOM);
+
+ /* Sign DATA using the secret key. */
+ sign (sig_a, sig_b, data, sk);
+
+ /* Verify the signature using the public key. */
+ if ( !verify (sig_a, sig_b, data, &pk) )
+ goto leave; /* Signature does not match. */
+
+ /* Modify the data and check that the signing fails. */
+ gcry_mpi_add_ui (data, data, 1);
+ if ( verify (sig_a, sig_b, data, &pk) )
+ goto leave; /* Signature matches but should not. */
+
+ result = 0; /* The test succeeded. */
+
+ leave:
+ gcry_mpi_release (sig_b);
+ gcry_mpi_release (sig_a);
+ gcry_mpi_release (data);
+ return result;
+}
+
+
+
+/*
+ Generate a DSA key pair with a key of size NBITS. If transient_key
+ is true the key is generated using the standard RNG and not the
+ very secure one.
+
+ Returns: 2 structures filled with all needed values
+ and an array with the n-1 factors of (p-1)
+ */
+static gpg_err_code_t
+generate (DSA_secret_key *sk, unsigned int nbits, unsigned int qbits,
+ int transient_key, dsa_domain_t *domain, gcry_mpi_t **ret_factors )
+{
+ gcry_mpi_t p; /* the prime */
+ gcry_mpi_t q; /* the 160 bit prime factor */
+ gcry_mpi_t g; /* the generator */
+ gcry_mpi_t y; /* g^x mod p */
+ gcry_mpi_t x; /* the secret exponent */
+ gcry_mpi_t h, e; /* helper */
+ unsigned char *rndbuf;
+ gcry_random_level_t random_level;
+
+ if (qbits)
+ ; /* Caller supplied qbits. Use this value. */
+ else if ( nbits >= 512 && nbits <= 1024 )
+ qbits = 160;
+ else if ( nbits == 2048 )
+ qbits = 224;
+ else if ( nbits == 3072 )
+ qbits = 256;
+ else if ( nbits == 7680 )
+ qbits = 384;
+ else if ( nbits == 15360 )
+ qbits = 512;
+ else
+ return GPG_ERR_INV_VALUE;
+
+ if (qbits < 160 || qbits > 512 || (qbits%8) )
+ return GPG_ERR_INV_VALUE;
+ if (nbits < 2*qbits || nbits > 15360)
+ return GPG_ERR_INV_VALUE;
+
+ if (fips_mode ())
+ {
+ if (nbits < 1024)
+ return GPG_ERR_INV_VALUE;
+ if (transient_key)
+ return GPG_ERR_INV_VALUE;
+ }
+
+ if (domain->p && domain->q && domain->g)
+ {
+ /* Domain parameters are given; use them. */
+ p = mpi_copy (domain->p);
+ q = mpi_copy (domain->q);
+ g = mpi_copy (domain->g);
+ gcry_assert (mpi_get_nbits (p) == nbits);
+ gcry_assert (mpi_get_nbits (q) == qbits);
+ h = mpi_alloc (0);
+ e = NULL;
+ }
+ else
+ {
+ /* Generate new domain parameters. */
+ p = _gcry_generate_elg_prime (1, nbits, qbits, NULL, ret_factors);
+ /* Get q out of factors. */
+ q = mpi_copy ((*ret_factors)[0]);
+ gcry_assert (mpi_get_nbits (q) == qbits);
+
+ /* Find a generator g (h and e are helpers).
+ e = (p-1)/q */
+ e = mpi_alloc (mpi_get_nlimbs (p));
+ mpi_sub_ui (e, p, 1);
+ mpi_fdiv_q (e, e, q);
+ g = mpi_alloc (mpi_get_nlimbs (p));
+ h = mpi_alloc_set_ui (1); /* (We start with 2.) */
+ do
+ {
+ mpi_add_ui (h, h, 1);
+ /* g = h^e mod p */
+ gcry_mpi_powm (g, h, e, p);
+ }
+ while (!mpi_cmp_ui (g, 1)); /* Continue until g != 1. */
+ }
+
+ /* Select a random number X with the property:
+ * 0 < x < q-1
+ * This must be a very good random number because this is the secret
+ * part. The random quality depends on the transient_key flag. */
+ random_level = transient_key ? GCRY_STRONG_RANDOM : GCRY_VERY_STRONG_RANDOM;
+ if (DBG_CIPHER)
+ log_debug("choosing a random x%s", transient_key? " (transient-key)":"");
+ gcry_assert( qbits >= 160 );
+ x = mpi_alloc_secure( mpi_get_nlimbs(q) );
+ mpi_sub_ui( h, q, 1 ); /* put q-1 into h */
+ rndbuf = NULL;
+ do
+ {
+ if( DBG_CIPHER )
+ progress('.');
+ if( !rndbuf )
+ rndbuf = gcry_random_bytes_secure ((qbits+7)/8, random_level);
+ else
+ { /* Change only some of the higher bits (= 2 bytes)*/
+ char *r = gcry_random_bytes_secure (2, random_level);
+ memcpy(rndbuf, r, 2 );
+ gcry_free(r);
+ }
+
+ _gcry_mpi_set_buffer( x, rndbuf, (qbits+7)/8, 0 );
+ mpi_clear_highbit( x, qbits+1 );
+ }
+ while ( !( mpi_cmp_ui( x, 0 )>0 && mpi_cmp( x, h )<0 ) );
+ gcry_free(rndbuf);
+ mpi_free( e );
+ mpi_free( h );
+
+ /* y = g^x mod p */
+ y = mpi_alloc( mpi_get_nlimbs(p) );
+ gcry_mpi_powm( y, g, x, p );
+
+ if( DBG_CIPHER )
+ {
+ progress('\n');
+ log_mpidump("dsa p", p );
+ log_mpidump("dsa q", q );
+ log_mpidump("dsa g", g );
+ log_mpidump("dsa y", y );
+ log_mpidump("dsa x", x );
+ }
+
+ /* Copy the stuff to the key structures. */
+ sk->p = p;
+ sk->q = q;
+ sk->g = g;
+ sk->y = y;
+ sk->x = x;
+
+ /* Now we can test our keys (this should never fail!). */
+ if ( test_keys (sk, qbits) )
+ {
+ gcry_mpi_release (sk->p); sk->p = NULL;
+ gcry_mpi_release (sk->q); sk->q = NULL;
+ gcry_mpi_release (sk->g); sk->g = NULL;
+ gcry_mpi_release (sk->y); sk->y = NULL;
+ gcry_mpi_release (sk->x); sk->x = NULL;
+ fips_signal_error ("self-test after key generation failed");
+ return GPG_ERR_SELFTEST_FAILED;
+ }
+ return 0;
+}
+
+
+/* Generate a DSA key pair with a key of size NBITS using the
+ algorithm given in FIPS-186-3. If USE_FIPS186_2 is true,
+ FIPS-186-2 is used and thus the length is restricted to 1024/160.
+ If DERIVEPARMS is not NULL it may contain a seed value. If domain
+ parameters are specified in DOMAIN, DERIVEPARMS may not be given
+ and NBITS and QBITS must match the specified domain parameters. */
+static gpg_err_code_t
+generate_fips186 (DSA_secret_key *sk, unsigned int nbits, unsigned int qbits,
+ gcry_sexp_t deriveparms, int use_fips186_2,
+ dsa_domain_t *domain,
+ int *r_counter, void **r_seed, size_t *r_seedlen,
+ gcry_mpi_t *r_h)
+{
+ gpg_err_code_t ec;
+ struct {
+ gcry_sexp_t sexp;
+ const void *seed;
+ size_t seedlen;
+ } initial_seed = { NULL, NULL, 0 };
+ gcry_mpi_t prime_q = NULL;
+ gcry_mpi_t prime_p = NULL;
+ gcry_mpi_t value_g = NULL; /* The generator. */
+ gcry_mpi_t value_y = NULL; /* g^x mod p */
+ gcry_mpi_t value_x = NULL; /* The secret exponent. */
+ gcry_mpi_t value_h = NULL; /* Helper. */
+ gcry_mpi_t value_e = NULL; /* Helper. */
+
+ /* Preset return values. */
+ *r_counter = 0;
+ *r_seed = NULL;
+ *r_seedlen = 0;
+ *r_h = NULL;
+
+ /* Derive QBITS from NBITS if requested */
+ if (!qbits)
+ {
+ if (nbits == 1024)
+ qbits = 160;
+ else if (nbits == 2048)
+ qbits = 224;
+ else if (nbits == 3072)
+ qbits = 256;
+ }
+
+ /* Check that QBITS and NBITS match the standard. Note that FIPS
+ 186-3 uses N for QBITS and L for NBITS. */
+ if (nbits == 1024 && qbits == 160)
+ ;
+ else if (nbits == 2048 && qbits == 224)
+ ;
+ else if (nbits == 2048 && qbits == 256)
+ ;
+ else if (nbits == 3072 && qbits == 256)
+ ;
+ else
+ return GPG_ERR_INV_VALUE;
+
+ if (domain->p && domain->q && domain->g)
+ {
+ /* Domain parameters are given; use them. */
+ prime_p = mpi_copy (domain->p);
+ prime_q = mpi_copy (domain->q);
+ value_g = mpi_copy (domain->g);
+ gcry_assert (mpi_get_nbits (prime_p) == nbits);
+ gcry_assert (mpi_get_nbits (prime_q) == qbits);
+ gcry_assert (!deriveparms);
+ ec = 0;
+ }
+ else
+ {
+ /* Generate new domain parameters. */
+
+ /* Get an initial seed value. */
+ if (deriveparms)
+ {
+ initial_seed.sexp = gcry_sexp_find_token (deriveparms, "seed", 0);
+ if (initial_seed.sexp)
+ initial_seed.seed = gcry_sexp_nth_data (initial_seed.sexp, 1,
+ &initial_seed.seedlen);
+ }
+
+ /* Fixme: Enable 186-3 after it has been approved and after fixing
+ the generation function. */
+ /* if (use_fips186_2) */
+ (void)use_fips186_2;
+ ec = _gcry_generate_fips186_2_prime (nbits, qbits,
+ initial_seed.seed,
+ initial_seed.seedlen,
+ &prime_q, &prime_p,
+ r_counter,
+ r_seed, r_seedlen);
+ /* else */
+ /* ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0, */
+ /* &prime_q, &prime_p, */
+ /* r_counter, */
+ /* r_seed, r_seedlen, NULL); */
+ gcry_sexp_release (initial_seed.sexp);
+ if (ec)
+ goto leave;
+
+ /* Find a generator g (h and e are helpers).
+ e = (p-1)/q */
+ value_e = mpi_alloc_like (prime_p);
+ mpi_sub_ui (value_e, prime_p, 1);
+ mpi_fdiv_q (value_e, value_e, prime_q );
+ value_g = mpi_alloc_like (prime_p);
+ value_h = mpi_alloc_set_ui (1);
+ do
+ {
+ mpi_add_ui (value_h, value_h, 1);
+ /* g = h^e mod p */
+ mpi_powm (value_g, value_h, value_e, prime_p);
+ }
+ while (!mpi_cmp_ui (value_g, 1)); /* Continue until g != 1. */
+ }
+
+
+ /* Select a random number x with: 0 < x < q */
+ value_x = gcry_mpi_snew (qbits);
+ do
+ {
+ if( DBG_CIPHER )
+ progress('.');
+ gcry_mpi_randomize (value_x, qbits, GCRY_VERY_STRONG_RANDOM);
+ mpi_clear_highbit (value_x, qbits+1);
+ }
+ while (!(mpi_cmp_ui (value_x, 0) > 0 && mpi_cmp (value_x, prime_q) < 0));
+
+ /* y = g^x mod p */
+ value_y = mpi_alloc_like (prime_p);
+ gcry_mpi_powm (value_y, value_g, value_x, prime_p);
+
+ if (DBG_CIPHER)
+ {
+ progress('\n');
+ log_mpidump("dsa p", prime_p );
+ log_mpidump("dsa q", prime_q );
+ log_mpidump("dsa g", value_g );
+ log_mpidump("dsa y", value_y );
+ log_mpidump("dsa x", value_x );
+ log_mpidump("dsa h", value_h );
+ }
+
+ /* Copy the stuff to the key structures. */
+ sk->p = prime_p; prime_p = NULL;
+ sk->q = prime_q; prime_q = NULL;
+ sk->g = value_g; value_g = NULL;
+ sk->y = value_y; value_y = NULL;
+ sk->x = value_x; value_x = NULL;
+ *r_h = value_h; value_h = NULL;
+
+ leave:
+ gcry_mpi_release (prime_p);
+ gcry_mpi_release (prime_q);
+ gcry_mpi_release (value_g);
+ gcry_mpi_release (value_y);
+ gcry_mpi_release (value_x);
+ gcry_mpi_release (value_h);
+ gcry_mpi_release (value_e);
+
+ /* As a last step test this keys (this should never fail of course). */
+ if (!ec && test_keys (sk, qbits) )
+ {
+ gcry_mpi_release (sk->p); sk->p = NULL;
+ gcry_mpi_release (sk->q); sk->q = NULL;
+ gcry_mpi_release (sk->g); sk->g = NULL;
+ gcry_mpi_release (sk->y); sk->y = NULL;
+ gcry_mpi_release (sk->x); sk->x = NULL;
+ fips_signal_error ("self-test after key generation failed");
+ ec = GPG_ERR_SELFTEST_FAILED;
+ }
+
+ if (ec)
+ {
+ *r_counter = 0;
+ gcry_free (*r_seed); *r_seed = NULL;
+ *r_seedlen = 0;
+ gcry_mpi_release (*r_h); *r_h = NULL;
+ }
+
+ return ec;
+}
+
+
+
+/*
+ Test whether the secret key is valid.
+ Returns: if this is a valid key.
+ */
+static int
+check_secret_key( DSA_secret_key *sk )
+{
+ int rc;
+ gcry_mpi_t y = mpi_alloc( mpi_get_nlimbs(sk->y) );
+
+ gcry_mpi_powm( y, sk->g, sk->x, sk->p );
+ rc = !mpi_cmp( y, sk->y );
+ mpi_free( y );
+ return rc;
+}
+
+
+
+/*
+ Make a DSA signature from HASH and put it into r and s.
+ */
+static void
+sign(gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t hash, DSA_secret_key *skey )
+{
+ gcry_mpi_t k;
+ gcry_mpi_t kinv;
+ gcry_mpi_t tmp;
+
+ /* Select a random k with 0 < k < q */
+ k = gen_k( skey->q );
+
+ /* r = (a^k mod p) mod q */
+ gcry_mpi_powm( r, skey->g, k, skey->p );
+ mpi_fdiv_r( r, r, skey->q );
+
+ /* kinv = k^(-1) mod q */
+ kinv = mpi_alloc( mpi_get_nlimbs(k) );
+ mpi_invm(kinv, k, skey->q );
+
+ /* s = (kinv * ( hash + x * r)) mod q */
+ tmp = mpi_alloc( mpi_get_nlimbs(skey->p) );
+ mpi_mul( tmp, skey->x, r );
+ mpi_add( tmp, tmp, hash );
+ mpi_mulm( s , kinv, tmp, skey->q );
+
+ mpi_free(k);
+ mpi_free(kinv);
+ mpi_free(tmp);
+}
+
+
+/*
+ Returns true if the signature composed from R and S is valid.
+ */
+static int
+verify (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t hash, DSA_public_key *pkey )
+{
+ int rc;
+ gcry_mpi_t w, u1, u2, v;
+ gcry_mpi_t base[3];
+ gcry_mpi_t ex[3];
+
+ if( !(mpi_cmp_ui( r, 0 ) > 0 && mpi_cmp( r, pkey->q ) < 0) )
+ return 0; /* assertion 0 < r < q failed */
+ if( !(mpi_cmp_ui( s, 0 ) > 0 && mpi_cmp( s, pkey->q ) < 0) )
+ return 0; /* assertion 0 < s < q failed */
+
+ w = mpi_alloc( mpi_get_nlimbs(pkey->q) );
+ u1 = mpi_alloc( mpi_get_nlimbs(pkey->q) );
+ u2 = mpi_alloc( mpi_get_nlimbs(pkey->q) );
+ v = mpi_alloc( mpi_get_nlimbs(pkey->p) );
+
+ /* w = s^(-1) mod q */
+ mpi_invm( w, s, pkey->q );
+
+ /* u1 = (hash * w) mod q */
+ mpi_mulm( u1, hash, w, pkey->q );
+
+ /* u2 = r * w mod q */
+ mpi_mulm( u2, r, w, pkey->q );
+
+ /* v = g^u1 * y^u2 mod p mod q */
+ base[0] = pkey->g; ex[0] = u1;
+ base[1] = pkey->y; ex[1] = u2;
+ base[2] = NULL; ex[2] = NULL;
+ mpi_mulpowm( v, base, ex, pkey->p );
+ mpi_fdiv_r( v, v, pkey->q );
+
+ rc = !mpi_cmp( v, r );
+
+ mpi_free(w);
+ mpi_free(u1);
+ mpi_free(u2);
+ mpi_free(v);
+
+ return rc;
+}
+
+
+/*********************************************
+ ************** interface ******************
+ *********************************************/
+
+static gcry_err_code_t
+dsa_generate_ext (int algo, unsigned int nbits, unsigned long evalue,
+ const gcry_sexp_t genparms,
+ gcry_mpi_t *skey, gcry_mpi_t **retfactors,
+ gcry_sexp_t *r_extrainfo)
+{
+ gpg_err_code_t ec;
+ DSA_secret_key sk;
+ gcry_sexp_t l1;
+ unsigned int qbits = 0;
+ gcry_sexp_t deriveparms = NULL;
+ gcry_sexp_t seedinfo = NULL;
+ int transient_key = 0;
+ int use_fips186_2 = 0;
+ int use_fips186 = 0;
+ dsa_domain_t domain;
+
+ (void)algo; /* No need to check it. */
+ (void)evalue; /* Not required for DSA. */
+
+ memset (&domain, 0, sizeof domain);
+
+ if (genparms)
+ {
+ gcry_sexp_t domainsexp;
+
+ /* Parse the optional qbits element. */
+ l1 = gcry_sexp_find_token (genparms, "qbits", 0);
+ if (l1)
+ {
+ char buf[50];
+ const char *s;
+ size_t n;
+
+ s = gcry_sexp_nth_data (l1, 1, &n);
+ if (!s || n >= DIM (buf) - 1 )
+ {
+ gcry_sexp_release (l1);
+ return GPG_ERR_INV_OBJ; /* No value or value too large. */
+ }
+ memcpy (buf, s, n);
+ buf[n] = 0;
+ qbits = (unsigned int)strtoul (buf, NULL, 0);
+ gcry_sexp_release (l1);
+ }
+
+ /* Parse the optional transient-key flag. */
+ l1 = gcry_sexp_find_token (genparms, "transient-key", 0);
+ if (l1)
+ {
+ transient_key = 1;
+ gcry_sexp_release (l1);
+ }
+
+ /* Get the optional derive parameters. */
+ deriveparms = gcry_sexp_find_token (genparms, "derive-parms", 0);
+
+ /* Parse the optional "use-fips186" flags. */
+ l1 = gcry_sexp_find_token (genparms, "use-fips186", 0);
+ if (l1)
+ {
+ use_fips186 = 1;
+ gcry_sexp_release (l1);
+ }
+ l1 = gcry_sexp_find_token (genparms, "use-fips186-2", 0);
+ if (l1)
+ {
+ use_fips186_2 = 1;
+ gcry_sexp_release (l1);
+ }
+
+ /* Check whether domain parameters are given. */
+ domainsexp = gcry_sexp_find_token (genparms, "domain", 0);
+ if (domainsexp)
+ {
+ /* DERIVEPARMS can't be used together with domain
+ parameters. NBITS abnd QBITS may not be specified
+ because there values are derived from the domain
+ parameters. */
+ if (deriveparms || qbits || nbits)
+ {
+ gcry_sexp_release (domainsexp);
+ gcry_sexp_release (deriveparms);
+ return GPG_ERR_INV_VALUE;
+ }
+
+ /* Put all domain parameters into the domain object. */
+ l1 = gcry_sexp_find_token (domainsexp, "p", 0);
+ domain.p = gcry_sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG);
+ gcry_sexp_release (l1);
+ l1 = gcry_sexp_find_token (domainsexp, "q", 0);
+ domain.q = gcry_sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG);
+ gcry_sexp_release (l1);
+ l1 = gcry_sexp_find_token (domainsexp, "g", 0);
+ domain.g = gcry_sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG);
+ gcry_sexp_release (l1);
+ gcry_sexp_release (domainsexp);
+
+ /* Check that all domain parameters are available. */
+ if (!domain.p || !domain.q || !domain.g)
+ {
+ gcry_mpi_release (domain.p);
+ gcry_mpi_release (domain.q);
+ gcry_mpi_release (domain.g);
+ gcry_sexp_release (deriveparms);
+ return GPG_ERR_MISSING_VALUE;
+ }
+
+ /* Get NBITS and QBITS from the domain parameters. */
+ nbits = mpi_get_nbits (domain.p);
+ qbits = mpi_get_nbits (domain.q);
+ }
+ }
+
+ if (deriveparms || use_fips186 || use_fips186_2 || fips_mode ())
+ {
+ int counter;
+ void *seed;
+ size_t seedlen;
+ gcry_mpi_t h_value;
+
+ ec = generate_fips186 (&sk, nbits, qbits, deriveparms, use_fips186_2,
+ &domain,
+ &counter, &seed, &seedlen, &h_value);
+ gcry_sexp_release (deriveparms);
+ if (!ec && h_value)
+ {
+ /* Format the seed-values unless domain parameters are used
+ for which a H_VALUE of NULL is an indication. */
+ ec = gpg_err_code (gcry_sexp_build
+ (&seedinfo, NULL,
+ "(seed-values(counter %d)(seed %b)(h %m))",
+ counter, (int)seedlen, seed, h_value));
+ if (ec)
+ {
+ gcry_mpi_release (sk.p); sk.p = NULL;
+ gcry_mpi_release (sk.q); sk.q = NULL;
+ gcry_mpi_release (sk.g); sk.g = NULL;
+ gcry_mpi_release (sk.y); sk.y = NULL;
+ gcry_mpi_release (sk.x); sk.x = NULL;
+ }
+ gcry_free (seed);
+ gcry_mpi_release (h_value);
+ }
+ }
+ else
+ {
+ ec = generate (&sk, nbits, qbits, transient_key, &domain, retfactors);
+ }
+
+ gcry_mpi_release (domain.p);
+ gcry_mpi_release (domain.q);
+ gcry_mpi_release (domain.g);
+
+ if (!ec)
+ {
+ skey[0] = sk.p;
+ skey[1] = sk.q;
+ skey[2] = sk.g;
+ skey[3] = sk.y;
+ skey[4] = sk.x;
+
+ if (!r_extrainfo)
+ {
+ /* Old style interface - return the factors - if any - at
+ retfactors. */
+ }
+ else if (!*retfactors && !seedinfo)
+ {
+ /* No factors and no seedinfo, thus there is nothing to return. */
+ *r_extrainfo = NULL;
+ }
+ else
+ {
+ /* Put the factors into extrainfo and set retfactors to NULL
+ to make use of the new interface. Note that the factors
+ are not confidential thus we can store them in standard
+ memory. */
+ int nfactors, i, j;
+ char *p;
+ char *format = NULL;
+ void **arg_list = NULL;
+
+ for (nfactors=0; *retfactors && (*retfactors)[nfactors]; nfactors++)
+ ;
+ /* Allocate space for the format string:
+ "(misc-key-info%S(pm1-factors%m))"
+ with one "%m" for each factor and construct it. */
+ format = gcry_malloc (50 + 2*nfactors);
+ if (!format)
+ ec = gpg_err_code_from_syserror ();
+ else
+ {
+ p = stpcpy (format, "(misc-key-info");
+ if (seedinfo)
+ p = stpcpy (p, "%S");
+ if (nfactors)
+ {
+ p = stpcpy (p, "(pm1-factors");
+ for (i=0; i < nfactors; i++)
+ p = stpcpy (p, "%m");
+ p = stpcpy (p, ")");
+ }
+ p = stpcpy (p, ")");
+
+ /* Allocate space for the list of factors plus one for
+ an S-expression plus an extra NULL entry for safety
+ and fill it with the factors. */
+ arg_list = gcry_calloc (nfactors+1+1, sizeof *arg_list);
+ if (!arg_list)
+ ec = gpg_err_code_from_syserror ();
+ else
+ {
+ i = 0;
+ if (seedinfo)
+ arg_list[i++] = &seedinfo;
+ for (j=0; j < nfactors; j++)
+ arg_list[i++] = (*retfactors) + j;
+ arg_list[i] = NULL;
+
+ ec = gpg_err_code (gcry_sexp_build_array
+ (r_extrainfo, NULL, format, arg_list));
+ }
+ }
+
+ gcry_free (arg_list);
+ gcry_free (format);
+ for (i=0; i < nfactors; i++)
+ {
+ gcry_mpi_release ((*retfactors)[i]);
+ (*retfactors)[i] = NULL;
+ }
+ *retfactors = NULL;
+ if (ec)
+ {
+ for (i=0; i < 5; i++)
+ {
+ gcry_mpi_release (skey[i]);
+ skey[i] = NULL;
+ }
+ }
+ }
+ }
+
+ gcry_sexp_release (seedinfo);
+ return ec;
+}
+
+
+static gcry_err_code_t
+dsa_generate (int algo, unsigned int nbits, unsigned long evalue,
+ gcry_mpi_t *skey, gcry_mpi_t **retfactors)
+{
+ (void)evalue;
+ return dsa_generate_ext (algo, nbits, 0, NULL, skey, retfactors, NULL);
+}
+
+
+
+static gcry_err_code_t
+dsa_check_secret_key (int algo, gcry_mpi_t *skey)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+ DSA_secret_key sk;
+
+ (void)algo;
+
+ if ((! skey[0]) || (! skey[1]) || (! skey[2]) || (! skey[3]) || (! skey[4]))
+ err = GPG_ERR_BAD_MPI;
+ else
+ {
+ sk.p = skey[0];
+ sk.q = skey[1];
+ sk.g = skey[2];
+ sk.y = skey[3];
+ sk.x = skey[4];
+ if (! check_secret_key (&sk))
+ err = GPG_ERR_BAD_SECKEY;
+ }
+
+ return err;
+}
+
+
+static gcry_err_code_t
+dsa_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+ DSA_secret_key sk;
+
+ (void)algo;
+
+ if ((! data)
+ || (! skey[0]) || (! skey[1]) || (! skey[2])
+ || (! skey[3]) || (! skey[4]))
+ err = GPG_ERR_BAD_MPI;
+ else
+ {
+ sk.p = skey[0];
+ sk.q = skey[1];
+ sk.g = skey[2];
+ sk.y = skey[3];
+ sk.x = skey[4];
+ resarr[0] = mpi_alloc (mpi_get_nlimbs (sk.p));
+ resarr[1] = mpi_alloc (mpi_get_nlimbs (sk.p));
+ sign (resarr[0], resarr[1], data, &sk);
+ }
+ return err;
+}
+
+static gcry_err_code_t
+dsa_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey,
+ int (*cmp) (void *, gcry_mpi_t), void *opaquev)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+ DSA_public_key pk;
+
+ (void)algo;
+ (void)cmp;
+ (void)opaquev;
+
+ if ((! data[0]) || (! data[1]) || (! hash)
+ || (! pkey[0]) || (! pkey[1]) || (! pkey[2]) || (! pkey[3]))
+ err = GPG_ERR_BAD_MPI;
+ else
+ {
+ pk.p = pkey[0];
+ pk.q = pkey[1];
+ pk.g = pkey[2];
+ pk.y = pkey[3];
+ if (! verify (data[0], data[1], hash, &pk))
+ err = GPG_ERR_BAD_SIGNATURE;
+ }
+ return err;
+}
+
+
+static unsigned int
+dsa_get_nbits (int algo, gcry_mpi_t *pkey)
+{
+ (void)algo;
+
+ return mpi_get_nbits (pkey[0]);
+}
+
+
+
+/*
+ Self-test section.
+ */
+
+
+
+
+
+/* Run a full self-test for ALGO and return 0 on success. */
+
+
+
+
+static const char *dsa_names[] =
+ {
+ "dsa",
+ "openpgp-dsa",
+ NULL,
+ };
+
+gcry_pk_spec_t _gcry_pubkey_spec_dsa =
+ {
+ "DSA", dsa_names,
+ "pqgy", "pqgyx", "", "rs", "pqgy",
+ GCRY_PK_USAGE_SIGN,
+ dsa_generate,
+ dsa_check_secret_key,
+ NULL,
+ NULL,
+ dsa_sign,
+ dsa_verify,
+ dsa_get_nbits
+ };
+pk_extra_spec_t _gcry_pubkey_extraspec_dsa =
+ {
+ run_selftests,
+ dsa_generate_ext
+ };
+
diff --git a/grub-core/lib/libgcrypt-grub/cipher/ecc.c b/grub-core/lib/libgcrypt-grub/cipher/ecc.c
new file mode 100644
index 0000000..75a2c8d
--- /dev/null
+++ b/grub-core/lib/libgcrypt-grub/cipher/ecc.c
@@ -0,0 +1,1351 @@
+/* This file was automatically imported with
+ import_gcry.py. Please don't modify it */
+#include <grub/dl.h>
+GRUB_MOD_LICENSE ("GPLv3+");
+/* ecc.c - Elliptic Curve Cryptography
+ Copyright (C) 2007, 2008 Free Software Foundation, Inc.
+
+ This file is part of Libgcrypt.
+
+ Libgcrypt is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as
+ published by the Free Software Foundation; either version 2.1 of
+ the License, or (at your option) any later version.
+
+ Libgcrypt is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ USA. */
+
+/* This code is originally based on the Patch 0.1.6 for the gnupg
+ 1.4.x branch as retrieved on 2007-03-21 from
+ http://www.calcurco.cat/eccGnuPG/src/gnupg-1.4.6-ecc0.2.0beta1.diff.bz2
+ The original authors are:
+ Written by
+ Sergi Blanch i Torne <d4372211 at alumnes.eup.udl.es>,
+ Ramiro Moreno Chiral <ramiro at eup.udl.es>
+ Maintainers
+ Sergi Blanch i Torne
+ Ramiro Moreno Chiral
+ Mikael Mylnikov (mmr)
+ For use in Libgcrypt the code has been heavily modified and cleaned
+ up. In fact there is not much left of the orginally code except for
+ some variable names and the text book implementaion of the sign and
+ verification algorithms. The arithmetic functions have entirely
+ been rewritten and moved to mpi/ec.c. */
+
+
+/* TODO:
+
+ - If we support point compression we need to decide how to compute
+ the keygrip - it should not change due to compression.
+
+ - In mpi/ec.c we use mpi_powm for x^2 mod p: Either implement a
+ special case in mpi_powm or check whether mpi_mulm is faster.
+
+ - Decide whether we should hide the mpi_point_t definition.
+
+ - Support more than just ECDSA.
+*/
+
+
+
+#include "g10lib.h"
+#include "mpi.h"
+#include "cipher.h"
+
+
+/* Definition of a curve. */
+typedef struct
+{
+ gcry_mpi_t p; /* Prime specifying the field GF(p). */
+ gcry_mpi_t a; /* First coefficient of the Weierstrass equation. */
+ gcry_mpi_t b; /* Second coefficient of the Weierstrass equation. */
+ mpi_point_t G; /* Base point (generator). */
+ gcry_mpi_t n; /* Order of G. */
+} elliptic_curve_t;
+
+
+typedef struct
+{
+ elliptic_curve_t E;
+ mpi_point_t Q; /* Q = [d]G */
+} ECC_public_key;
+
+typedef struct
+{
+ elliptic_curve_t E;
+ mpi_point_t Q;
+ gcry_mpi_t d;
+} ECC_secret_key;
+
+
+/* This tables defines aliases for curve names. */
+static const struct
+{
+ const char *name; /* Our name. */
+ const char *other; /* Other name. */
+} curve_aliases[] =
+ {
+ { "NIST P-192", "1.2.840.10045.3.1.1" }, /* X9.62 OID */
+ { "NIST P-192", "prime192v1" }, /* X9.62 name. */
+ { "NIST P-192", "secp192r1" }, /* SECP name. */
+
+ { "NIST P-224", "secp224r1" },
+ { "NIST P-224", "1.3.132.0.33" }, /* SECP OID. */
+
+ { "NIST P-256", "1.2.840.10045.3.1.7" }, /* From NIST SP 800-78-1. */
+ { "NIST P-256", "prime256v1" },
+ { "NIST P-256", "secp256r1" },
+
+ { "NIST P-384", "secp384r1" },
+ { "NIST P-384", "1.3.132.0.34" },
+
+ { "NIST P-521", "secp521r1" },
+ { "NIST P-521", "1.3.132.0.35" },
+
+ { "brainpoolP160r1", "1.3.36.3.3.2.8.1.1.1" },
+ { "brainpoolP192r1", "1.3.36.3.3.2.8.1.1.3" },
+ { "brainpoolP224r1", "1.3.36.3.3.2.8.1.1.5" },
+ { "brainpoolP256r1", "1.3.36.3.3.2.8.1.1.7" },
+ { "brainpoolP320r1", "1.3.36.3.3.2.8.1.1.9" },
+ { "brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11"},
+ { "brainpoolP512r1", "1.3.36.3.3.2.8.1.1.13"},
+
+ { NULL, NULL}
+ };
+
+
+
+/* This static table defines all available curves. */
+static const struct
+{
+ const char *desc; /* Description of the curve. */
+ unsigned int nbits; /* Number of bits. */
+ unsigned int fips:1; /* True if this is a FIPS140-2 approved curve. */
+ const char *p; /* Order of the prime field. */
+ const char *a, *b; /* The coefficients. */
+ const char *n; /* The order of the base point. */
+ const char *g_x, *g_y; /* Base point. */
+} domain_parms[] =
+ {
+ {
+ "NIST P-192", 192, 1,
+ "0xfffffffffffffffffffffffffffffffeffffffffffffffff",
+ "0xfffffffffffffffffffffffffffffffefffffffffffffffc",
+ "0x64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1",
+ "0xffffffffffffffffffffffff99def836146bc9b1b4d22831",
+
+ "0x188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012",
+ "0x07192b95ffc8da78631011ed6b24cdd573f977a11e794811"
+ },
+ {
+ "NIST P-224", 224, 1,
+ "0xffffffffffffffffffffffffffffffff000000000000000000000001",
+ "0xfffffffffffffffffffffffffffffffefffffffffffffffffffffffe",
+ "0xb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4",
+ "0xffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d" ,
+
+ "0xb70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21",
+ "0xbd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34"
+ },
+ {
+ "NIST P-256", 256, 1,
+ "0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff",
+ "0xffffffff00000001000000000000000000000000fffffffffffffffffffffffc",
+ "0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b",
+ "0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551",
+
+ "0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296",
+ "0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5"
+ },
+ {
+ "NIST P-384", 384, 1,
+ "0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe"
+ "ffffffff0000000000000000ffffffff",
+ "0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe"
+ "ffffffff0000000000000000fffffffc",
+ "0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875a"
+ "c656398d8a2ed19d2a85c8edd3ec2aef",
+ "0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf"
+ "581a0db248b0a77aecec196accc52973",
+
+ "0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a38"
+ "5502f25dbf55296c3a545e3872760ab7",
+ "0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c0"
+ "0a60b1ce1d7e819d7a431d7c90ea0e5f"
+ },
+ {
+ "NIST P-521", 521, 1,
+ "0x01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
+ "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "0x01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
+ "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc",
+ "0x051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef10"
+ "9e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00",
+ "0x1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
+ "ffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409",
+
+ "0xc6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3d"
+ "baa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66",
+ "0x11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e6"
+ "62c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650"
+ },
+
+ { "brainpoolP160r1", 160, 0,
+ "0xe95e4a5f737059dc60dfc7ad95b3d8139515620f",
+ "0x340e7be2a280eb74e2be61bada745d97e8f7c300",
+ "0x1e589a8595423412134faa2dbdec95c8d8675e58",
+ "0xe95e4a5f737059dc60df5991d45029409e60fc09",
+ "0xbed5af16ea3f6a4f62938c4631eb5af7bdbcdbc3",
+ "0x1667cb477a1a8ec338f94741669c976316da6321"
+ },
+
+ { "brainpoolP192r1", 192, 0,
+ "0xc302f41d932a36cda7a3463093d18db78fce476de1a86297",
+ "0x6a91174076b1e0e19c39c031fe8685c1cae040e5c69a28ef",
+ "0x469a28ef7c28cca3dc721d044f4496bcca7ef4146fbf25c9",
+ "0xc302f41d932a36cda7a3462f9e9e916b5be8f1029ac4acc1",
+ "0xc0a0647eaab6a48753b033c56cb0f0900a2f5c4853375fd6",
+ "0x14b690866abd5bb88b5f4828c1490002e6773fa2fa299b8f"
+ },
+
+ { "brainpoolP224r1", 224, 0,
+ "0xd7c134aa264366862a18302575d1d787b09f075797da89f57ec8c0ff",
+ "0x68a5e62ca9ce6c1c299803a6c1530b514e182ad8b0042a59cad29f43",
+ "0x2580f63ccfe44138870713b1a92369e33e2135d266dbb372386c400b",
+ "0xd7c134aa264366862a18302575d0fb98d116bc4b6ddebca3a5a7939f",
+ "0x0d9029ad2c7e5cf4340823b2a87dc68c9e4ce3174c1e6efdee12c07d",
+ "0x58aa56f772c0726f24c6b89e4ecdac24354b9e99caa3f6d3761402cd"
+ },
+
+ { "brainpoolP256r1", 256, 0,
+ "0xa9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377",
+ "0x7d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9",
+ "0x26dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b6",
+ "0xa9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7",
+ "0x8bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262",
+ "0x547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f046997"
+ },
+
+ { "brainpoolP320r1", 320, 0,
+ "0xd35e472036bc4fb7e13c785ed201e065f98fcfa6f6f40def4f92b9ec7893ec28"
+ "fcd412b1f1b32e27",
+ "0x3ee30b568fbab0f883ccebd46d3f3bb8a2a73513f5eb79da66190eb085ffa9f4"
+ "92f375a97d860eb4",
+ "0x520883949dfdbc42d3ad198640688a6fe13f41349554b49acc31dccd88453981"
+ "6f5eb4ac8fb1f1a6",
+ "0xd35e472036bc4fb7e13c785ed201e065f98fcfa5b68f12a32d482ec7ee8658e9"
+ "8691555b44c59311",
+ "0x43bd7e9afb53d8b85289bcc48ee5bfe6f20137d10a087eb6e7871e2a10a599c7"
+ "10af8d0d39e20611",
+ "0x14fdd05545ec1cc8ab4093247f77275e0743ffed117182eaa9c77877aaac6ac7"
+ "d35245d1692e8ee1"
+ },
+
+ { "brainpoolP384r1", 384, 0,
+ "0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123"
+ "acd3a729901d1a71874700133107ec53",
+ "0x7bc382c63d8c150c3c72080ace05afa0c2bea28e4fb22787139165efba91f90f"
+ "8aa5814a503ad4eb04a8c7dd22ce2826",
+ "0x04a8c7dd22ce28268b39b55416f0447c2fb77de107dcd2a62e880ea53eeb62d5"
+ "7cb4390295dbc9943ab78696fa504c11",
+ "0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b31f166e6cac0425a7"
+ "cf3ab6af6b7fc3103b883202e9046565",
+ "0x1d1c64f068cf45ffa2a63a81b7c13f6b8847a3e77ef14fe3db7fcafe0cbd10e8"
+ "e826e03436d646aaef87b2e247d4af1e",
+ "0x8abe1d7520f9c2a45cb1eb8e95cfd55262b70b29feec5864e19c054ff9912928"
+ "0e4646217791811142820341263c5315"
+ },
+
+ { "brainpoolP512r1", 512, 0,
+ "0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330871"
+ "7d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f3",
+ "0x7830a3318b603b89e2327145ac234cc594cbdd8d3df91610a83441caea9863bc"
+ "2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94ca",
+ "0x3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a7"
+ "2bf2c7b9e7c1ac4d77fc94cadc083e67984050b75ebae5dd2809bd638016f723",
+ "0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870"
+ "553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90069",
+ "0x81aee4bdd82ed9645a21322e9c4c6a9385ed9f70b5d916c1b43b62eef4d0098e"
+ "ff3b1f78e2d0d48d50d1687b93b97d5f7c6d5047406a5e688b352209bcb9f822",
+ "0x7dde385d566332ecc0eabfa9cf7822fdf209f70024a57b1aa000c55b881f8111"
+ "b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892"
+ },
+
+ { NULL, 0, 0, NULL, NULL, NULL, NULL }
+ };
+
+
+/* Registered progress function and its callback value. */
+static void (*progress_cb) (void *, const char*, int, int, int);
+static void *progress_cb_data;
+
+
+#define point_init(a) _gcry_mpi_ec_point_init ((a))
+#define point_free(a) _gcry_mpi_ec_point_free ((a))
+
+
+
+/* Local prototypes. */
+static gcry_mpi_t gen_k (gcry_mpi_t p, int security_level);
+static void test_keys (ECC_secret_key * sk, unsigned int nbits);
+static int check_secret_key (ECC_secret_key * sk);
+static gpg_err_code_t sign (gcry_mpi_t input, ECC_secret_key *skey,
+ gcry_mpi_t r, gcry_mpi_t s);
+static gpg_err_code_t verify (gcry_mpi_t input, ECC_public_key *pkey,
+ gcry_mpi_t r, gcry_mpi_t s);
+
+
+static gcry_mpi_t gen_y_2 (gcry_mpi_t x, elliptic_curve_t * base);
+
+
+
+
+void
+_gcry_register_pk_ecc_progress (void (*cb) (void *, const char *,
+ int, int, int),
+ void *cb_data)
+{
+ progress_cb = cb;
+ progress_cb_data = cb_data;
+}
+
+/* static void */
+/* progress (int c) */
+/* { */
+/* if (progress_cb) */
+/* progress_cb (progress_cb_data, "pk_ecc", c, 0, 0); */
+/* } */
+
+
+
+
+/* Set the value from S into D. */
+static void
+point_set (mpi_point_t *d, mpi_point_t *s)
+{
+ mpi_set (d->x, s->x);
+ mpi_set (d->y, s->y);
+ mpi_set (d->z, s->z);
+}
+
+
+/*
+ * Release a curve object.
+ */
+static void
+curve_free (elliptic_curve_t *E)
+{
+ mpi_free (E->p); E->p = NULL;
+ mpi_free (E->a); E->a = NULL;
+ mpi_free (E->b); E->b = NULL;
+ point_free (&E->G);
+ mpi_free (E->n); E->n = NULL;
+}
+
+
+/*
+ * Return a copy of a curve object.
+ */
+static elliptic_curve_t
+curve_copy (elliptic_curve_t E)
+{
+ elliptic_curve_t R;
+
+ R.p = mpi_copy (E.p);
+ R.a = mpi_copy (E.a);
+ R.b = mpi_copy (E.b);
+ point_init (&R.G);
+ point_set (&R.G, &E.G);
+ R.n = mpi_copy (E.n);
+
+ return R;
+}
+
+
+
+/* Helper to scan a hex string. */
+static gcry_mpi_t
+scanval (const char *string)
+{
+ gpg_error_t err;
+ gcry_mpi_t val;
+
+ err = gcry_mpi_scan (&val, GCRYMPI_FMT_HEX, string, 0, NULL);
+ if (err)
+ log_fatal ("scanning ECC parameter failed: %s\n", gpg_strerror (err));
+ return val;
+}
+
+
+
+
+
+/****************
+ * Solve the right side of the equation that defines a curve.
+ */
+static gcry_mpi_t
+gen_y_2 (gcry_mpi_t x, elliptic_curve_t *base)
+{
+ gcry_mpi_t three, x_3, axb, y;
+
+ three = mpi_alloc_set_ui (3);
+ x_3 = mpi_new (0);
+ axb = mpi_new (0);
+ y = mpi_new (0);
+
+ mpi_powm (x_3, x, three, base->p);
+ mpi_mulm (axb, base->a, x, base->p);
+ mpi_addm (axb, axb, base->b, base->p);
+ mpi_addm (y, x_3, axb, base->p);
+
+ mpi_free (x_3);
+ mpi_free (axb);
+ mpi_free (three);
+ return y; /* The quadratic value of the coordinate if it exist. */
+}
+
+
+
+
+
+/* Generate a random secret scalar k with an order of p
+
+ At the beginning this was identical to the code is in elgamal.c.
+ Later imporved by mmr. Further simplified by wk. */
+static gcry_mpi_t
+gen_k (gcry_mpi_t p, int security_level)
+{
+ gcry_mpi_t k;
+ unsigned int nbits;
+
+ nbits = mpi_get_nbits (p);
+ k = mpi_snew (nbits);
+ if (DBG_CIPHER)
+ log_debug ("choosing a random k of %u bits\n", nbits);
+
+ gcry_mpi_randomize (k, nbits, security_level);
+
+ mpi_mod (k, k, p); /* k = k mod p */
+
+ return k;
+}
+
+/****************
+ * Generate the crypto system setup.
+ * As of now the fix NIST recommended values are used.
+ * The subgroup generator point is in another function: gen_big_point.
+ */
+static gpg_err_code_t
+generate_curve (unsigned int nbits, const char *name,
+ elliptic_curve_t *curve, unsigned int *r_nbits)
+{
+ int idx, aliasno;
+
+ if (name)
+ {
+ /* First check nor native curves. */
+ for (idx = 0; domain_parms[idx].desc; idx++)
+ if (!strcmp (name, domain_parms[idx].desc))
+ break;
+ /* If not found consult the alias table. */
+ if (!domain_parms[idx].desc)
+ {
+ for (aliasno = 0; curve_aliases[aliasno].name; aliasno++)
+ if (!strcmp (name, curve_aliases[aliasno].other))
+ break;
+ if (curve_aliases[aliasno].name)
+ {
+ for (idx = 0; domain_parms[idx].desc; idx++)
+ if (!strcmp (curve_aliases[aliasno].name,
+ domain_parms[idx].desc))
+ break;
+ }
+ }
+ }
+ else
+ {
+ for (idx = 0; domain_parms[idx].desc; idx++)
+ if (nbits == domain_parms[idx].nbits)
+ break;
+ }
+ if (!domain_parms[idx].desc)
+ return GPG_ERR_INV_VALUE;
+
+ /* In fips mode we only support NIST curves. Note that it is
+ possible to bypass this check by specifying the curve parameters
+ directly. */
+ if (fips_mode () && !domain_parms[idx].fips )
+ return GPG_ERR_NOT_SUPPORTED;
+
+
+ *r_nbits = domain_parms[idx].nbits;
+ curve->p = scanval (domain_parms[idx].p);
+ curve->a = scanval (domain_parms[idx].a);
+ curve->b = scanval (domain_parms[idx].b);
+ curve->n = scanval (domain_parms[idx].n);
+ curve->G.x = scanval (domain_parms[idx].g_x);
+ curve->G.y = scanval (domain_parms[idx].g_y);
+ curve->G.z = mpi_alloc_set_ui (1);
+
+ return 0;
+}
+
+
+/*
+ * First obtain the setup. Over the finite field randomize an scalar
+ * secret value, and calculate the public point.
+ */
+static gpg_err_code_t
+generate_key (ECC_secret_key *sk, unsigned int nbits, const char *name,
+ gcry_mpi_t g_x, gcry_mpi_t g_y,
+ gcry_mpi_t q_x, gcry_mpi_t q_y)
+{
+ gpg_err_code_t err;
+ elliptic_curve_t E;
+ gcry_mpi_t d;
+ mpi_point_t Q;
+ mpi_ec_t ctx;
+
+ err = generate_curve (nbits, name, &E, &nbits);
+ if (err)
+ return err;
+
+ if (DBG_CIPHER)
+ {
+ log_mpidump ("ecc generation p", E.p);
+ log_mpidump ("ecc generation a", E.a);
+ log_mpidump ("ecc generation b", E.b);
+ log_mpidump ("ecc generation n", E.n);
+ log_mpidump ("ecc generation Gx", E.G.x);
+ log_mpidump ("ecc generation Gy", E.G.y);
+ log_mpidump ("ecc generation Gz", E.G.z);
+ }
+
+ if (DBG_CIPHER)
+ log_debug ("choosing a random x of size %u\n", nbits);
+ d = gen_k (E.n, GCRY_VERY_STRONG_RANDOM);
+
+ /* Compute Q. */
+ point_init (&Q);
+ ctx = _gcry_mpi_ec_init (E.p, E.a);
+ _gcry_mpi_ec_mul_point (&Q, d, &E.G, ctx);
+
+ /* Copy the stuff to the key structures. */
+ sk->E.p = mpi_copy (E.p);
+ sk->E.a = mpi_copy (E.a);
+ sk->E.b = mpi_copy (E.b);
+ point_init (&sk->E.G);
+ point_set (&sk->E.G, &E.G);
+ sk->E.n = mpi_copy (E.n);
+ point_init (&sk->Q);
+ point_set (&sk->Q, &Q);
+ sk->d = mpi_copy (d);
+ /* We also return copies of G and Q in affine coordinates if
+ requested. */
+ if (g_x && g_y)
+ {
+ if (_gcry_mpi_ec_get_affine (g_x, g_y, &sk->E.G, ctx))
+ log_fatal ("ecc generate: Failed to get affine coordinates\n");
+ }
+ if (q_x && q_y)
+ {
+ if (_gcry_mpi_ec_get_affine (q_x, q_y, &sk->Q, ctx))
+ log_fatal ("ecc generate: Failed to get affine coordinates\n");
+ }
+ _gcry_mpi_ec_free (ctx);
+
+ point_free (&Q);
+ mpi_free (d);
+ curve_free (&E);
+
+ /* Now we can test our keys (this should never fail!). */
+ test_keys (sk, nbits - 64);
+
+ return 0;
+}
+
+
+/****************
+ * To verify correct skey it use a random information.
+ * First, encrypt and decrypt this dummy value,
+ * test if the information is recuperated.
+ * Second, test with the sign and verify functions.
+ */
+static void
+test_keys (ECC_secret_key *sk, unsigned int nbits)
+{
+ ECC_public_key pk;
+ gcry_mpi_t test = mpi_new (nbits);
+ mpi_point_t R_;
+ gcry_mpi_t c = mpi_new (nbits);
+ gcry_mpi_t out = mpi_new (nbits);
+ gcry_mpi_t r = mpi_new (nbits);
+ gcry_mpi_t s = mpi_new (nbits);
+
+ if (DBG_CIPHER)
+ log_debug ("Testing key.\n");
+
+ point_init (&R_);
+
+ pk.E = curve_copy (sk->E);
+ point_init (&pk.Q);
+ point_set (&pk.Q, &sk->Q);
+
+ gcry_mpi_randomize (test, nbits, GCRY_WEAK_RANDOM);
+
+ if (sign (test, sk, r, s) )
+ log_fatal ("ECDSA operation: sign failed\n");
+
+ if (verify (test, &pk, r, s))
+ {
+ log_fatal ("ECDSA operation: sign, verify failed\n");
+ }
+
+ if (DBG_CIPHER)
+ log_debug ("ECDSA operation: sign, verify ok.\n");
+
+ point_free (&pk.Q);
+ curve_free (&pk.E);
+
+ point_free (&R_);
+ mpi_free (s);
+ mpi_free (r);
+ mpi_free (out);
+ mpi_free (c);
+ mpi_free (test);
+}
+
+/****************
+ * To check the validity of the value, recalculate the correspondence
+ * between the public value and the secret one.
+ */
+static int
+check_secret_key (ECC_secret_key * sk)
+{
+ mpi_point_t Q;
+ gcry_mpi_t y_2, y2 = mpi_alloc (0);
+ mpi_ec_t ctx;
+
+ /* ?primarity test of 'p' */
+ /* (...) //!! */
+ /* G in E(F_p) */
+ y_2 = gen_y_2 (sk->E.G.x, &sk->E); /* y^2=x^3+a*x+b */
+ mpi_mulm (y2, sk->E.G.y, sk->E.G.y, sk->E.p); /* y^2=y*y */
+ if (mpi_cmp (y_2, y2))
+ {
+ if (DBG_CIPHER)
+ log_debug ("Bad check: Point 'G' does not belong to curve 'E'!\n");
+ return (1);
+ }
+ /* G != PaI */
+ if (!mpi_cmp_ui (sk->E.G.z, 0))
+ {
+ if (DBG_CIPHER)
+ log_debug ("Bad check: 'G' cannot be Point at Infinity!\n");
+ return (1);
+ }
+
+ point_init (&Q);
+ ctx = _gcry_mpi_ec_init (sk->E.p, sk->E.a);
+ _gcry_mpi_ec_mul_point (&Q, sk->E.n, &sk->E.G, ctx);
+ if (mpi_cmp_ui (Q.z, 0))
+ {
+ if (DBG_CIPHER)
+ log_debug ("check_secret_key: E is not a curve of order n\n");
+ point_free (&Q);
+ _gcry_mpi_ec_free (ctx);
+ return 1;
+ }
+ /* pubkey cannot be PaI */
+ if (!mpi_cmp_ui (sk->Q.z, 0))
+ {
+ if (DBG_CIPHER)
+ log_debug ("Bad check: Q can not be a Point at Infinity!\n");
+ _gcry_mpi_ec_free (ctx);
+ return (1);
+ }
+ /* pubkey = [d]G over E */
+ _gcry_mpi_ec_mul_point (&Q, sk->d, &sk->E.G, ctx);
+ if ((Q.x == sk->Q.x) && (Q.y == sk->Q.y) && (Q.z == sk->Q.z))
+ {
+ if (DBG_CIPHER)
+ log_debug
+ ("Bad check: There is NO correspondence between 'd' and 'Q'!\n");
+ _gcry_mpi_ec_free (ctx);
+ return (1);
+ }
+ _gcry_mpi_ec_free (ctx);
+ point_free (&Q);
+ return 0;
+}
+
+
+/*
+ * Return the signature struct (r,s) from the message hash. The caller
+ * must have allocated R and S.
+ */
+static gpg_err_code_t
+sign (gcry_mpi_t input, ECC_secret_key *skey, gcry_mpi_t r, gcry_mpi_t s)
+{
+ gpg_err_code_t err = 0;
+ gcry_mpi_t k, dr, sum, k_1, x;
+ mpi_point_t I;
+ mpi_ec_t ctx;
+
+ k = NULL;
+ dr = mpi_alloc (0);
+ sum = mpi_alloc (0);
+ k_1 = mpi_alloc (0);
+ x = mpi_alloc (0);
+ point_init (&I);
+
+ mpi_set_ui (s, 0);
+ mpi_set_ui (r, 0);
+
+ ctx = _gcry_mpi_ec_init (skey->E.p, skey->E.a);
+
+ while (!mpi_cmp_ui (s, 0)) /* s == 0 */
+ {
+ while (!mpi_cmp_ui (r, 0)) /* r == 0 */
+ {
+ /* Note, that we are guaranteed to enter this loop at least
+ once because r has been intialized to 0. We can't use a
+ do_while because we want to keep the value of R even if S
+ has to be recomputed. */
+ mpi_free (k);
+ k = gen_k (skey->E.n, GCRY_STRONG_RANDOM);
+ _gcry_mpi_ec_mul_point (&I, k, &skey->E.G, ctx);
+ if (_gcry_mpi_ec_get_affine (x, NULL, &I, ctx))
+ {
+ if (DBG_CIPHER)
+ log_debug ("ecc sign: Failed to get affine coordinates\n");
+ err = GPG_ERR_BAD_SIGNATURE;
+ goto leave;
+ }
+ mpi_mod (r, x, skey->E.n); /* r = x mod n */
+ }
+ mpi_mulm (dr, skey->d, r, skey->E.n); /* dr = d*r mod n */
+ mpi_addm (sum, input, dr, skey->E.n); /* sum = hash + (d*r) mod n */
+ mpi_invm (k_1, k, skey->E.n); /* k_1 = k^(-1) mod n */
+ mpi_mulm (s, k_1, sum, skey->E.n); /* s = k^(-1)*(hash+(d*r)) mod n */
+ }
+
+ leave:
+ _gcry_mpi_ec_free (ctx);
+ point_free (&I);
+ mpi_free (x);
+ mpi_free (k_1);
+ mpi_free (sum);
+ mpi_free (dr);
+ mpi_free (k);
+
+ return err;
+}
+
+/*
+ * Check if R and S verifies INPUT.
+ */
+static gpg_err_code_t
+verify (gcry_mpi_t input, ECC_public_key *pkey, gcry_mpi_t r, gcry_mpi_t s)
+{
+ gpg_err_code_t err = 0;
+ gcry_mpi_t h, h1, h2, x, y;
+ mpi_point_t Q, Q1, Q2;
+ mpi_ec_t ctx;
+
+ if( !(mpi_cmp_ui (r, 0) > 0 && mpi_cmp (r, pkey->E.n) < 0) )
+ return GPG_ERR_BAD_SIGNATURE; /* Assertion 0 < r < n failed. */
+ if( !(mpi_cmp_ui (s, 0) > 0 && mpi_cmp (s, pkey->E.n) < 0) )
+ return GPG_ERR_BAD_SIGNATURE; /* Assertion 0 < s < n failed. */
+
+ h = mpi_alloc (0);
+ h1 = mpi_alloc (0);
+ h2 = mpi_alloc (0);
+ x = mpi_alloc (0);
+ y = mpi_alloc (0);
+ point_init (&Q);
+ point_init (&Q1);
+ point_init (&Q2);
+
+ ctx = _gcry_mpi_ec_init (pkey->E.p, pkey->E.a);
+
+ /* h = s^(-1) (mod n) */
+ mpi_invm (h, s, pkey->E.n);
+/* log_mpidump (" h", h); */
+ /* h1 = hash * s^(-1) (mod n) */
+ mpi_mulm (h1, input, h, pkey->E.n);
+/* log_mpidump (" h1", h1); */
+ /* Q1 = [ hash * s^(-1) ]G */
+ _gcry_mpi_ec_mul_point (&Q1, h1, &pkey->E.G, ctx);
+/* log_mpidump ("Q1.x", Q1.x); */
+/* log_mpidump ("Q1.y", Q1.y); */
+/* log_mpidump ("Q1.z", Q1.z); */
+ /* h2 = r * s^(-1) (mod n) */
+ mpi_mulm (h2, r, h, pkey->E.n);
+/* log_mpidump (" h2", h2); */
+ /* Q2 = [ r * s^(-1) ]Q */
+ _gcry_mpi_ec_mul_point (&Q2, h2, &pkey->Q, ctx);
+/* log_mpidump ("Q2.x", Q2.x); */
+/* log_mpidump ("Q2.y", Q2.y); */
+/* log_mpidump ("Q2.z", Q2.z); */
+ /* Q = ([hash * s^(-1)]G) + ([r * s^(-1)]Q) */
+ _gcry_mpi_ec_add_points (&Q, &Q1, &Q2, ctx);
+/* log_mpidump (" Q.x", Q.x); */
+/* log_mpidump (" Q.y", Q.y); */
+/* log_mpidump (" Q.z", Q.z); */
+
+ if (!mpi_cmp_ui (Q.z, 0))
+ {
+ if (DBG_CIPHER)
+ log_debug ("ecc verify: Rejected\n");
+ err = GPG_ERR_BAD_SIGNATURE;
+ goto leave;
+ }
+ if (_gcry_mpi_ec_get_affine (x, y, &Q, ctx))
+ {
+ if (DBG_CIPHER)
+ log_debug ("ecc verify: Failed to get affine coordinates\n");
+ err = GPG_ERR_BAD_SIGNATURE;
+ goto leave;
+ }
+ mpi_mod (x, x, pkey->E.n); /* x = x mod E_n */
+ if (mpi_cmp (x, r)) /* x != r */
+ {
+ if (DBG_CIPHER)
+ {
+ log_mpidump (" x", x);
+ log_mpidump (" y", y);
+ log_mpidump (" r", r);
+ log_mpidump (" s", s);
+ log_debug ("ecc verify: Not verified\n");
+ }
+ err = GPG_ERR_BAD_SIGNATURE;
+ goto leave;
+ }
+ if (DBG_CIPHER)
+ log_debug ("ecc verify: Accepted\n");
+
+ leave:
+ _gcry_mpi_ec_free (ctx);
+ point_free (&Q2);
+ point_free (&Q1);
+ point_free (&Q);
+ mpi_free (y);
+ mpi_free (x);
+ mpi_free (h2);
+ mpi_free (h1);
+ mpi_free (h);
+ return err;
+}
+
+
+
+/*********************************************
+ ************** interface ******************
+ *********************************************/
+static gcry_mpi_t
+ec2os (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t p)
+{
+ gpg_error_t err;
+ int pbytes = (mpi_get_nbits (p)+7)/8;
+ size_t n;
+ unsigned char *buf, *ptr;
+ gcry_mpi_t result;
+
+ buf = gcry_xmalloc ( 1 + 2*pbytes );
+ *buf = 04; /* Uncompressed point. */
+ ptr = buf+1;
+ err = gcry_mpi_print (GCRYMPI_FMT_USG, ptr, pbytes, &n, x);
+ if (err)
+ log_fatal ("mpi_print failed: %s\n", gpg_strerror (err));
+ if (n < pbytes)
+ {
+ memmove (ptr+(pbytes-n), ptr, n);
+ memset (ptr, 0, (pbytes-n));
+ }
+ ptr += pbytes;
+ err = gcry_mpi_print (GCRYMPI_FMT_USG, ptr, pbytes, &n, y);
+ if (err)
+ log_fatal ("mpi_print failed: %s\n", gpg_strerror (err));
+ if (n < pbytes)
+ {
+ memmove (ptr+(pbytes-n), ptr, n);
+ memset (ptr, 0, (pbytes-n));
+ }
+
+ err = gcry_mpi_scan (&result, GCRYMPI_FMT_USG, buf, 1+2*pbytes, NULL);
+ if (err)
+ log_fatal ("mpi_scan failed: %s\n", gpg_strerror (err));
+ gcry_free (buf);
+
+ mpi_free (x);
+ mpi_free (y);
+
+ return result;
+}
+
+/* RESULT must have been initialized and is set on success to the
+ point given by VALUE. */
+static gcry_error_t
+os2ec (mpi_point_t *result, gcry_mpi_t value)
+{
+ gcry_error_t err;
+ size_t n;
+ unsigned char *buf;
+ gcry_mpi_t x, y;
+
+ n = (mpi_get_nbits (value)+7)/8;
+ buf = gcry_xmalloc (n);
+ err = gcry_mpi_print (GCRYMPI_FMT_USG, buf, n, &n, value);
+ if (err)
+ {
+ gcry_free (buf);
+ return err;
+ }
+ if (n < 1)
+ {
+ gcry_free (buf);
+ return GPG_ERR_INV_OBJ;
+ }
+ if (*buf != 4)
+ {
+ gcry_free (buf);
+ return GPG_ERR_NOT_IMPLEMENTED; /* No support for point compression. */
+ }
+ if ( ((n-1)%2) )
+ {
+ gcry_free (buf);
+ return GPG_ERR_INV_OBJ;
+ }
+ n = (n-1)/2;
+ err = gcry_mpi_scan (&x, GCRYMPI_FMT_USG, buf+1, n, NULL);
+ if (err)
+ {
+ gcry_free (buf);
+ return err;
+ }
+ err = gcry_mpi_scan (&y, GCRYMPI_FMT_USG, buf+1+n, n, NULL);
+ gcry_free (buf);
+ if (err)
+ {
+ mpi_free (x);
+ return err;
+ }
+
+ mpi_set (result->x, x);
+ mpi_set (result->y, y);
+ mpi_set_ui (result->z, 1);
+
+ mpi_free (x);
+ mpi_free (y);
+
+ return 0;
+}
+
+
+/* Extended version of ecc_generate. */
+static gcry_err_code_t
+ecc_generate_ext (int algo, unsigned int nbits, unsigned long evalue,
+ const gcry_sexp_t genparms,
+ gcry_mpi_t *skey, gcry_mpi_t **retfactors,
+ gcry_sexp_t *r_extrainfo)
+{
+ gpg_err_code_t ec;
+ ECC_secret_key sk;
+ gcry_mpi_t g_x, g_y, q_x, q_y;
+ char *curve_name = NULL;
+ gcry_sexp_t l1;
+
+ (void)algo;
+ (void)evalue;
+ (void)r_extrainfo;
+
+ if (genparms)
+ {
+ /* Parse the optional "curve" parameter. */
+ l1 = gcry_sexp_find_token (genparms, "curve", 0);
+ if (l1)
+ {
+ curve_name = _gcry_sexp_nth_string (l1, 1);
+ gcry_sexp_release (l1);
+ if (!curve_name)
+ return GPG_ERR_INV_OBJ; /* No curve name or value too large. */
+ }
+ }
+
+ /* NBITS is required if no curve name has been given. */
+ if (!nbits && !curve_name)
+ return GPG_ERR_NO_OBJ; /* No NBITS parameter. */
+
+ g_x = mpi_new (0);
+ g_y = mpi_new (0);
+ q_x = mpi_new (0);
+ q_y = mpi_new (0);
+ ec = generate_key (&sk, nbits, curve_name, g_x, g_y, q_x, q_y);
+ gcry_free (curve_name);
+ if (ec)
+ return ec;
+
+ skey[0] = sk.E.p;
+ skey[1] = sk.E.a;
+ skey[2] = sk.E.b;
+ /* The function ec2os releases g_x and g_y. */
+ skey[3] = ec2os (g_x, g_y, sk.E.p);
+ skey[4] = sk.E.n;
+ /* The function ec2os releases g_x and g_y. */
+ skey[5] = ec2os (q_x, q_y, sk.E.p);
+ skey[6] = sk.d;
+
+ point_free (&sk.E.G);
+ point_free (&sk.Q);
+
+ /* Make an empty list of factors. */
+ *retfactors = gcry_calloc ( 1, sizeof **retfactors );
+ if (!*retfactors)
+ return gpg_err_code_from_syserror ();
+
+ return 0;
+}
+
+
+static gcry_err_code_t
+ecc_generate (int algo, unsigned int nbits, unsigned long evalue,
+ gcry_mpi_t *skey, gcry_mpi_t **retfactors)
+{
+ (void)evalue;
+ return ecc_generate_ext (algo, nbits, 0, NULL, skey, retfactors, NULL);
+}
+
+
+/* Return the parameters of the curve NAME. */
+static gcry_err_code_t
+ecc_get_param (const char *name, gcry_mpi_t *pkey)
+{
+ gpg_err_code_t err;
+ unsigned int nbits;
+ elliptic_curve_t E;
+ mpi_ec_t ctx;
+ gcry_mpi_t g_x, g_y;
+
+ err = generate_curve (0, name, &E, &nbits);
+ if (err)
+ return err;
+
+ g_x = mpi_new (0);
+ g_y = mpi_new (0);
+ ctx = _gcry_mpi_ec_init (E.p, E.a);
+ if (_gcry_mpi_ec_get_affine (g_x, g_y, &E.G, ctx))
+ log_fatal ("ecc get param: Failed to get affine coordinates\n");
+ _gcry_mpi_ec_free (ctx);
+ point_free (&E.G);
+
+ pkey[0] = E.p;
+ pkey[1] = E.a;
+ pkey[2] = E.b;
+ pkey[3] = ec2os (g_x, g_y, E.p);
+ pkey[4] = E.n;
+ pkey[5] = NULL;
+
+ return 0;
+}
+
+
+static gcry_err_code_t
+ecc_check_secret_key (int algo, gcry_mpi_t *skey)
+{
+ gpg_err_code_t err;
+ ECC_secret_key sk;
+
+ (void)algo;
+
+ if (!skey[0] || !skey[1] || !skey[2] || !skey[3] || !skey[4] || !skey[5]
+ || !skey[6] || !skey[7] || !skey[8] || !skey[9] || !skey[10])
+ return GPG_ERR_BAD_MPI;
+
+ sk.E.p = skey[0];
+ sk.E.a = skey[1];
+ sk.E.b = skey[2];
+ point_init (&sk.E.G);
+ err = os2ec (&sk.E.G, skey[3]);
+ if (err)
+ {
+ point_free (&sk.E.G);
+ return err;
+ }
+ sk.E.n = skey[4];
+ point_init (&sk.Q);
+ err = os2ec (&sk.Q, skey[5]);
+ if (err)
+ {
+ point_free (&sk.E.G);
+ point_free (&sk.Q);
+ return err;
+ }
+
+ sk.d = skey[6];
+
+ if (check_secret_key (&sk))
+ {
+ point_free (&sk.E.G);
+ point_free (&sk.Q);
+ return GPG_ERR_BAD_SECKEY;
+ }
+ point_free (&sk.E.G);
+ point_free (&sk.Q);
+ return 0;
+}
+
+
+static gcry_err_code_t
+ecc_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey)
+{
+ gpg_err_code_t err;
+ ECC_secret_key sk;
+
+ (void)algo;
+
+ if (!data || !skey[0] || !skey[1] || !skey[2] || !skey[3] || !skey[4]
+ || !skey[5] || !skey[6] )
+ return GPG_ERR_BAD_MPI;
+
+ sk.E.p = skey[0];
+ sk.E.a = skey[1];
+ sk.E.b = skey[2];
+ point_init (&sk.E.G);
+ err = os2ec (&sk.E.G, skey[3]);
+ if (err)
+ {
+ point_free (&sk.E.G);
+ return err;
+ }
+ sk.E.n = skey[4];
+ point_init (&sk.Q);
+ err = os2ec (&sk.Q, skey[5]);
+ if (err)
+ {
+ point_free (&sk.E.G);
+ point_free (&sk.Q);
+ return err;
+ }
+ sk.d = skey[6];
+
+ resarr[0] = mpi_alloc (mpi_get_nlimbs (sk.E.p));
+ resarr[1] = mpi_alloc (mpi_get_nlimbs (sk.E.p));
+ err = sign (data, &sk, resarr[0], resarr[1]);
+ if (err)
+ {
+ mpi_free (resarr[0]);
+ mpi_free (resarr[1]);
+ resarr[0] = NULL; /* Mark array as released. */
+ }
+ point_free (&sk.E.G);
+ point_free (&sk.Q);
+ return err;
+}
+
+static gcry_err_code_t
+ecc_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey,
+ int (*cmp)(void *, gcry_mpi_t), void *opaquev)
+{
+ gpg_err_code_t err;
+ ECC_public_key pk;
+
+ (void)algo;
+ (void)cmp;
+ (void)opaquev;
+
+ if (!data[0] || !data[1] || !hash || !pkey[0] || !pkey[1] || !pkey[2]
+ || !pkey[3] || !pkey[4] || !pkey[5] )
+ return GPG_ERR_BAD_MPI;
+
+ pk.E.p = pkey[0];
+ pk.E.a = pkey[1];
+ pk.E.b = pkey[2];
+ point_init (&pk.E.G);
+ err = os2ec (&pk.E.G, pkey[3]);
+ if (err)
+ {
+ point_free (&pk.E.G);
+ return err;
+ }
+ pk.E.n = pkey[4];
+ point_init (&pk.Q);
+ err = os2ec (&pk.Q, pkey[5]);
+ if (err)
+ {
+ point_free (&pk.E.G);
+ point_free (&pk.Q);
+ return err;
+ }
+
+ err = verify (hash, &pk, data[0], data[1]);
+
+ point_free (&pk.E.G);
+ point_free (&pk.Q);
+ return err;
+}
+
+
+
+static unsigned int
+ecc_get_nbits (int algo, gcry_mpi_t *pkey)
+{
+ (void)algo;
+
+ return mpi_get_nbits (pkey[0]);
+}
+
+
+
+/* See rsa.c for a description of this function. */
+static gpg_err_code_t
+compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparam)
+{
+ static const char names[] = "pabgnq";
+ gpg_err_code_t ec = 0;
+ gcry_sexp_t l1;
+ gcry_mpi_t values[6];
+ int idx;
+
+ /* Clear the values for easier error cleanup. */
+ for (idx=0; idx < 6; idx++)
+ values[idx] = NULL;
+
+ /* Fill values with all available parameters. */
+ for (idx=0; idx < 6; idx++)
+ {
+ l1 = gcry_sexp_find_token (keyparam, names+idx, 1);
+ if (l1)
+ {
+ values[idx] = gcry_sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG);
+ gcry_sexp_release (l1);
+ if (!values[idx])
+ {
+ ec = GPG_ERR_INV_OBJ;
+ goto leave;
+ }
+ }
+ }
+
+ /* Check whether a curve parameter is available and use that to fill
+ in missing values. */
+ l1 = gcry_sexp_find_token (keyparam, "curve", 5);
+ if (l1)
+ {
+ char *curve;
+ gcry_mpi_t tmpvalues[6];
+
+ for (idx = 0; idx < 6; idx++)
+ tmpvalues[idx] = NULL;
+
+ curve = _gcry_sexp_nth_string (l1, 1);
+ if (!curve)
+ {
+ ec = GPG_ERR_INV_OBJ; /* Name missing or out of core. */
+ goto leave;
+ }
+ ec = ecc_get_param (curve, tmpvalues);
+ gcry_free (curve);
+ if (ec)
+ goto leave;
+
+ for (idx = 0; idx < 6; idx++)
+ {
+ if (!values[idx])
+ values[idx] = tmpvalues[idx];
+ else
+ mpi_free (tmpvalues[idx]);
+ }
+ }
+
+ /* Check that all parameters are known and normalize all MPIs (that
+ should not be required but we use an internal fucntion later and
+ thus we better make 100% sure that they are normalized). */
+ for (idx = 0; idx < 6; idx++)
+ if (!values[idx])
+ {
+ ec = GPG_ERR_NO_OBJ;
+ goto leave;
+ }
+ else
+ _gcry_mpi_normalize (values[idx]);
+
+ /* Hash them all. */
+ for (idx = 0; idx < 6; idx++)
+ {
+ char buf[30];
+ unsigned char *rawmpi;
+ unsigned int rawmpilen;
+
+ rawmpi = _gcry_mpi_get_buffer (values[idx], &rawmpilen, NULL);
+ if (!rawmpi)
+ {
+ ec = gpg_err_code_from_syserror ();
+ goto leave;
+ }
+ snprintf (buf, sizeof buf, "(1:%c%u:", names[idx], rawmpilen);
+ gcry_md_write (md, buf, strlen (buf));
+ gcry_md_write (md, rawmpi, rawmpilen);
+ gcry_md_write (md, ")", 1);
+ gcry_free (rawmpi);
+ }
+
+ leave:
+ for (idx = 0; idx < 6; idx++)
+ _gcry_mpi_release (values[idx]);
+
+ return ec;
+}
+
+
+
+
+
+/*
+ Self-test section.
+ */
+
+
+
+
+/* Run a full self-test for ALGO and return 0 on success. */
+
+
+
+
+static const char *ecdsa_names[] =
+ {
+ "ecdsa",
+ "ecc",
+ NULL,
+ };
+
+gcry_pk_spec_t _gcry_pubkey_spec_ecdsa =
+ {
+ "ECDSA", ecdsa_names,
+ "pabgnq", "pabgnqd", "", "rs", "pabgnq",
+ GCRY_PK_USAGE_SIGN,
+ ecc_generate,
+ ecc_check_secret_key,
+ NULL,
+ NULL,
+ ecc_sign,
+ ecc_verify,
+ ecc_get_nbits
+ };
+
+pk_extra_spec_t _gcry_pubkey_extraspec_ecdsa =
+ {
+ run_selftests,
+ ecc_generate_ext,
+ compute_keygrip,
+ ecc_get_param
+ };
+
diff --git a/grub-core/lib/libgcrypt-grub/cipher/elgamal.c b/grub-core/lib/libgcrypt-grub/cipher/elgamal.c
new file mode 100644
index 0000000..ade8dc2
--- /dev/null
+++ b/grub-core/lib/libgcrypt-grub/cipher/elgamal.c
@@ -0,0 +1,846 @@
+/* This file was automatically imported with
+ import_gcry.py. Please don't modify it */
+#include <grub/dl.h>
+GRUB_MOD_LICENSE ("GPLv3+");
+/* Elgamal.c - Elgamal Public Key encryption
+ * Copyright (C) 1998, 2000, 2001, 2002, 2003,
+ * 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ *
+ * For a description of the algorithm, see:
+ * Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996.
+ * ISBN 0-471-11709-9. Pages 476 ff.
+ */
+
+#include "g10lib.h"
+#include "mpi.h"
+#include "cipher.h"
+
+typedef struct
+{
+ gcry_mpi_t p; /* prime */
+ gcry_mpi_t g; /* group generator */
+ gcry_mpi_t y; /* g^x mod p */
+} ELG_public_key;
+
+
+typedef struct
+{
+ gcry_mpi_t p; /* prime */
+ gcry_mpi_t g; /* group generator */
+ gcry_mpi_t y; /* g^x mod p */
+ gcry_mpi_t x; /* secret exponent */
+} ELG_secret_key;
+
+
+static int test_keys (ELG_secret_key *sk, unsigned int nbits, int nodie);
+static gcry_mpi_t gen_k (gcry_mpi_t p, int small_k);
+static void generate (ELG_secret_key *sk, unsigned nbits, gcry_mpi_t **factors);
+static int check_secret_key (ELG_secret_key *sk);
+static void do_encrypt (gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input,
+ ELG_public_key *pkey);
+static void decrypt (gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b,
+ ELG_secret_key *skey);
+static void sign (gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input,
+ ELG_secret_key *skey);
+static int verify (gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input,
+ ELG_public_key *pkey);
+
+
+static void (*progress_cb) (void *, const char *, int, int, int);
+static void *progress_cb_data;
+
+void
+_gcry_register_pk_elg_progress (void (*cb) (void *, const char *,
+ int, int, int),
+ void *cb_data)
+{
+ progress_cb = cb;
+ progress_cb_data = cb_data;
+}
+
+
+static void
+progress (int c)
+{
+ if (progress_cb)
+ progress_cb (progress_cb_data, "pk_elg", c, 0, 0);
+}
+
+
+/****************
+ * Michael Wiener's table on subgroup sizes to match field sizes.
+ * (floating around somewhere, probably based on the paper from
+ * Eurocrypt 96, page 332)
+ */
+static unsigned int
+wiener_map( unsigned int n )
+{
+ static struct { unsigned int p_n, q_n; } t[] =
+ { /* p q attack cost */
+ { 512, 119 }, /* 9 x 10^17 */
+ { 768, 145 }, /* 6 x 10^21 */
+ { 1024, 165 }, /* 7 x 10^24 */
+ { 1280, 183 }, /* 3 x 10^27 */
+ { 1536, 198 }, /* 7 x 10^29 */
+ { 1792, 212 }, /* 9 x 10^31 */
+ { 2048, 225 }, /* 8 x 10^33 */
+ { 2304, 237 }, /* 5 x 10^35 */
+ { 2560, 249 }, /* 3 x 10^37 */
+ { 2816, 259 }, /* 1 x 10^39 */
+ { 3072, 269 }, /* 3 x 10^40 */
+ { 3328, 279 }, /* 8 x 10^41 */
+ { 3584, 288 }, /* 2 x 10^43 */
+ { 3840, 296 }, /* 4 x 10^44 */
+ { 4096, 305 }, /* 7 x 10^45 */
+ { 4352, 313 }, /* 1 x 10^47 */
+ { 4608, 320 }, /* 2 x 10^48 */
+ { 4864, 328 }, /* 2 x 10^49 */
+ { 5120, 335 }, /* 3 x 10^50 */
+ { 0, 0 }
+ };
+ int i;
+
+ for(i=0; t[i].p_n; i++ )
+ {
+ if( n <= t[i].p_n )
+ return t[i].q_n;
+ }
+ /* Not in table - use an arbitrary high number. */
+ return n / 8 + 200;
+}
+
+static int
+test_keys ( ELG_secret_key *sk, unsigned int nbits, int nodie )
+{
+ ELG_public_key pk;
+ gcry_mpi_t test = gcry_mpi_new ( 0 );
+ gcry_mpi_t out1_a = gcry_mpi_new ( nbits );
+ gcry_mpi_t out1_b = gcry_mpi_new ( nbits );
+ gcry_mpi_t out2 = gcry_mpi_new ( nbits );
+ int failed = 0;
+
+ pk.p = sk->p;
+ pk.g = sk->g;
+ pk.y = sk->y;
+
+ gcry_mpi_randomize ( test, nbits, GCRY_WEAK_RANDOM );
+
+ do_encrypt ( out1_a, out1_b, test, &pk );
+ decrypt ( out2, out1_a, out1_b, sk );
+ if ( mpi_cmp( test, out2 ) )
+ failed |= 1;
+
+ sign ( out1_a, out1_b, test, sk );
+ if ( !verify( out1_a, out1_b, test, &pk ) )
+ failed |= 2;
+
+ gcry_mpi_release ( test );
+ gcry_mpi_release ( out1_a );
+ gcry_mpi_release ( out1_b );
+ gcry_mpi_release ( out2 );
+
+ if (failed && !nodie)
+ log_fatal ("Elgamal test key for %s %s failed\n",
+ (failed & 1)? "encrypt+decrypt":"",
+ (failed & 2)? "sign+verify":"");
+ if (failed && DBG_CIPHER)
+ log_debug ("Elgamal test key for %s %s failed\n",
+ (failed & 1)? "encrypt+decrypt":"",
+ (failed & 2)? "sign+verify":"");
+
+ return failed;
+}
+
+
+/****************
+ * Generate a random secret exponent k from prime p, so that k is
+ * relatively prime to p-1. With SMALL_K set, k will be selected for
+ * better encryption performance - this must never be used signing!
+ */
+static gcry_mpi_t
+gen_k( gcry_mpi_t p, int small_k )
+{
+ gcry_mpi_t k = mpi_alloc_secure( 0 );
+ gcry_mpi_t temp = mpi_alloc( mpi_get_nlimbs(p) );
+ gcry_mpi_t p_1 = mpi_copy(p);
+ unsigned int orig_nbits = mpi_get_nbits(p);
+ unsigned int nbits, nbytes;
+ char *rndbuf = NULL;
+
+ if (small_k)
+ {
+ /* Using a k much lesser than p is sufficient for encryption and
+ * it greatly improves the encryption performance. We use
+ * Wiener's table and add a large safety margin. */
+ nbits = wiener_map( orig_nbits ) * 3 / 2;
+ if( nbits >= orig_nbits )
+ BUG();
+ }
+ else
+ nbits = orig_nbits;
+
+
+ nbytes = (nbits+7)/8;
+ if( DBG_CIPHER )
+ log_debug("choosing a random k ");
+ mpi_sub_ui( p_1, p, 1);
+ for(;;)
+ {
+ if( !rndbuf || nbits < 32 )
+ {
+ gcry_free(rndbuf);
+ rndbuf = gcry_random_bytes_secure( nbytes, GCRY_STRONG_RANDOM );
+ }
+ else
+ {
+ /* Change only some of the higher bits. We could improve
+ this by directly requesting more memory at the first call
+ to get_random_bytes() and use this the here maybe it is
+ easier to do this directly in random.c Anyway, it is
+ highly inlikely that we will ever reach this code. */
+ char *pp = gcry_random_bytes_secure( 4, GCRY_STRONG_RANDOM );
+ memcpy( rndbuf, pp, 4 );
+ gcry_free(pp);
+ }
+ _gcry_mpi_set_buffer( k, rndbuf, nbytes, 0 );
+
+ for(;;)
+ {
+ if( !(mpi_cmp( k, p_1 ) < 0) ) /* check: k < (p-1) */
+ {
+ if( DBG_CIPHER )
+ progress('+');
+ break; /* no */
+ }
+ if( !(mpi_cmp_ui( k, 0 ) > 0) ) /* check: k > 0 */
+ {
+ if( DBG_CIPHER )
+ progress('-');
+ break; /* no */
+ }
+ if (gcry_mpi_gcd( temp, k, p_1 ))
+ goto found; /* okay, k is relative prime to (p-1) */
+ mpi_add_ui( k, k, 1 );
+ if( DBG_CIPHER )
+ progress('.');
+ }
+ }
+ found:
+ gcry_free(rndbuf);
+ if( DBG_CIPHER )
+ progress('\n');
+ mpi_free(p_1);
+ mpi_free(temp);
+
+ return k;
+}
+
+/****************
+ * Generate a key pair with a key of size NBITS
+ * Returns: 2 structures filled with all needed values
+ * and an array with n-1 factors of (p-1)
+ */
+static void
+generate ( ELG_secret_key *sk, unsigned int nbits, gcry_mpi_t **ret_factors )
+{
+ gcry_mpi_t p; /* the prime */
+ gcry_mpi_t p_min1;
+ gcry_mpi_t g;
+ gcry_mpi_t x; /* the secret exponent */
+ gcry_mpi_t y;
+ unsigned int qbits;
+ unsigned int xbits;
+ byte *rndbuf;
+
+ p_min1 = gcry_mpi_new ( nbits );
+ qbits = wiener_map( nbits );
+ if( qbits & 1 ) /* better have a even one */
+ qbits++;
+ g = mpi_alloc(1);
+ p = _gcry_generate_elg_prime( 0, nbits, qbits, g, ret_factors );
+ mpi_sub_ui(p_min1, p, 1);
+
+
+ /* Select a random number which has these properties:
+ * 0 < x < p-1
+ * This must be a very good random number because this is the
+ * secret part. The prime is public and may be shared anyway,
+ * so a random generator level of 1 is used for the prime.
+ *
+ * I don't see a reason to have a x of about the same size
+ * as the p. It should be sufficient to have one about the size
+ * of q or the later used k plus a large safety margin. Decryption
+ * will be much faster with such an x.
+ */
+ xbits = qbits * 3 / 2;
+ if( xbits >= nbits )
+ BUG();
+ x = gcry_mpi_snew ( xbits );
+ if( DBG_CIPHER )
+ log_debug("choosing a random x of size %u", xbits );
+ rndbuf = NULL;
+ do
+ {
+ if( DBG_CIPHER )
+ progress('.');
+ if( rndbuf )
+ { /* Change only some of the higher bits */
+ if( xbits < 16 ) /* should never happen ... */
+ {
+ gcry_free(rndbuf);
+ rndbuf = gcry_random_bytes_secure( (xbits+7)/8,
+ GCRY_VERY_STRONG_RANDOM );
+ }
+ else
+ {
+ char *r = gcry_random_bytes_secure( 2,
+ GCRY_VERY_STRONG_RANDOM );
+ memcpy(rndbuf, r, 2 );
+ gcry_free(r);
+ }
+ }
+ else
+ {
+ rndbuf = gcry_random_bytes_secure( (xbits+7)/8,
+ GCRY_VERY_STRONG_RANDOM );
+ }
+ _gcry_mpi_set_buffer( x, rndbuf, (xbits+7)/8, 0 );
+ mpi_clear_highbit( x, xbits+1 );
+ }
+ while( !( mpi_cmp_ui( x, 0 )>0 && mpi_cmp( x, p_min1 )<0 ) );
+ gcry_free(rndbuf);
+
+ y = gcry_mpi_new (nbits);
+ gcry_mpi_powm( y, g, x, p );
+
+ if( DBG_CIPHER )
+ {
+ progress('\n');
+ log_mpidump("elg p= ", p );
+ log_mpidump("elg g= ", g );
+ log_mpidump("elg y= ", y );
+ log_mpidump("elg x= ", x );
+ }
+
+ /* Copy the stuff to the key structures */
+ sk->p = p;
+ sk->g = g;
+ sk->y = y;
+ sk->x = x;
+
+ gcry_mpi_release ( p_min1 );
+
+ /* Now we can test our keys (this should never fail!) */
+ test_keys ( sk, nbits - 64, 0 );
+}
+
+
+/* Generate a key pair with a key of size NBITS not using a random
+ value for the secret key but the one given as X. This is useful to
+ implement a passphrase based decryption for a public key based
+ encryption. It has appliactions in backup systems.
+
+ Returns: A structure filled with all needed values and an array
+ with n-1 factors of (p-1). */
+static gcry_err_code_t
+generate_using_x (ELG_secret_key *sk, unsigned int nbits, gcry_mpi_t x,
+ gcry_mpi_t **ret_factors )
+{
+ gcry_mpi_t p; /* The prime. */
+ gcry_mpi_t p_min1; /* The prime minus 1. */
+ gcry_mpi_t g; /* The generator. */
+ gcry_mpi_t y; /* g^x mod p. */
+ unsigned int qbits;
+ unsigned int xbits;
+
+ sk->p = NULL;
+ sk->g = NULL;
+ sk->y = NULL;
+ sk->x = NULL;
+
+ /* Do a quick check to see whether X is suitable. */
+ xbits = mpi_get_nbits (x);
+ if ( xbits < 64 || xbits >= nbits )
+ return GPG_ERR_INV_VALUE;
+
+ p_min1 = gcry_mpi_new ( nbits );
+ qbits = wiener_map ( nbits );
+ if ( (qbits & 1) ) /* Better have an even one. */
+ qbits++;
+ g = mpi_alloc (1);
+ p = _gcry_generate_elg_prime ( 0, nbits, qbits, g, ret_factors );
+ mpi_sub_ui (p_min1, p, 1);
+
+ if (DBG_CIPHER)
+ log_debug ("using a supplied x of size %u", xbits );
+ if ( !(mpi_cmp_ui ( x, 0 ) > 0 && mpi_cmp ( x, p_min1 ) <0 ) )
+ {
+ gcry_mpi_release ( p_min1 );
+ gcry_mpi_release ( p );
+ gcry_mpi_release ( g );
+ return GPG_ERR_INV_VALUE;
+ }
+
+ y = gcry_mpi_new (nbits);
+ gcry_mpi_powm ( y, g, x, p );
+
+ if ( DBG_CIPHER )
+ {
+ progress ('\n');
+ log_mpidump ("elg p= ", p );
+ log_mpidump ("elg g= ", g );
+ log_mpidump ("elg y= ", y );
+ log_mpidump ("elg x= ", x );
+ }
+
+ /* Copy the stuff to the key structures */
+ sk->p = p;
+ sk->g = g;
+ sk->y = y;
+ sk->x = gcry_mpi_copy (x);
+
+ gcry_mpi_release ( p_min1 );
+
+ /* Now we can test our keys. */
+ if ( test_keys ( sk, nbits - 64, 1 ) )
+ {
+ gcry_mpi_release ( sk->p ); sk->p = NULL;
+ gcry_mpi_release ( sk->g ); sk->g = NULL;
+ gcry_mpi_release ( sk->y ); sk->y = NULL;
+ gcry_mpi_release ( sk->x ); sk->x = NULL;
+ return GPG_ERR_BAD_SECKEY;
+ }
+
+ return 0;
+}
+
+
+/****************
+ * Test whether the secret key is valid.
+ * Returns: if this is a valid key.
+ */
+static int
+check_secret_key( ELG_secret_key *sk )
+{
+ int rc;
+ gcry_mpi_t y = mpi_alloc( mpi_get_nlimbs(sk->y) );
+
+ gcry_mpi_powm( y, sk->g, sk->x, sk->p );
+ rc = !mpi_cmp( y, sk->y );
+ mpi_free( y );
+ return rc;
+}
+
+
+static void
+do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey )
+{
+ gcry_mpi_t k;
+
+ /* Note: maybe we should change the interface, so that it
+ * is possible to check that input is < p and return an
+ * error code.
+ */
+
+ k = gen_k( pkey->p, 1 );
+ gcry_mpi_powm( a, pkey->g, k, pkey->p );
+ /* b = (y^k * input) mod p
+ * = ((y^k mod p) * (input mod p)) mod p
+ * and because input is < p
+ * = ((y^k mod p) * input) mod p
+ */
+ gcry_mpi_powm( b, pkey->y, k, pkey->p );
+ gcry_mpi_mulm( b, b, input, pkey->p );
+#if 0
+ if( DBG_CIPHER )
+ {
+ log_mpidump("elg encrypted y= ", pkey->y);
+ log_mpidump("elg encrypted p= ", pkey->p);
+ log_mpidump("elg encrypted k= ", k);
+ log_mpidump("elg encrypted M= ", input);
+ log_mpidump("elg encrypted a= ", a);
+ log_mpidump("elg encrypted b= ", b);
+ }
+#endif
+ mpi_free(k);
+}
+
+
+
+
+static void
+decrypt(gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b, ELG_secret_key *skey )
+{
+ gcry_mpi_t t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) );
+
+ /* output = b/(a^x) mod p */
+ gcry_mpi_powm( t1, a, skey->x, skey->p );
+ mpi_invm( t1, t1, skey->p );
+ mpi_mulm( output, b, t1, skey->p );
+#if 0
+ if( DBG_CIPHER )
+ {
+ log_mpidump("elg decrypted x= ", skey->x);
+ log_mpidump("elg decrypted p= ", skey->p);
+ log_mpidump("elg decrypted a= ", a);
+ log_mpidump("elg decrypted b= ", b);
+ log_mpidump("elg decrypted M= ", output);
+ }
+#endif
+ mpi_free(t1);
+}
+
+
+/****************
+ * Make an Elgamal signature out of INPUT
+ */
+
+static void
+sign(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_secret_key *skey )
+{
+ gcry_mpi_t k;
+ gcry_mpi_t t = mpi_alloc( mpi_get_nlimbs(a) );
+ gcry_mpi_t inv = mpi_alloc( mpi_get_nlimbs(a) );
+ gcry_mpi_t p_1 = mpi_copy(skey->p);
+
+ /*
+ * b = (t * inv) mod (p-1)
+ * b = (t * inv(k,(p-1),(p-1)) mod (p-1)
+ * b = (((M-x*a) mod (p-1)) * inv(k,(p-1),(p-1))) mod (p-1)
+ *
+ */
+ mpi_sub_ui(p_1, p_1, 1);
+ k = gen_k( skey->p, 0 /* no small K ! */ );
+ gcry_mpi_powm( a, skey->g, k, skey->p );
+ mpi_mul(t, skey->x, a );
+ mpi_subm(t, input, t, p_1 );
+ mpi_invm(inv, k, p_1 );
+ mpi_mulm(b, t, inv, p_1 );
+
+#if 0
+ if( DBG_CIPHER )
+ {
+ log_mpidump("elg sign p= ", skey->p);
+ log_mpidump("elg sign g= ", skey->g);
+ log_mpidump("elg sign y= ", skey->y);
+ log_mpidump("elg sign x= ", skey->x);
+ log_mpidump("elg sign k= ", k);
+ log_mpidump("elg sign M= ", input);
+ log_mpidump("elg sign a= ", a);
+ log_mpidump("elg sign b= ", b);
+ }
+#endif
+ mpi_free(k);
+ mpi_free(t);
+ mpi_free(inv);
+ mpi_free(p_1);
+}
+
+
+/****************
+ * Returns true if the signature composed of A and B is valid.
+ */
+static int
+verify(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey )
+{
+ int rc;
+ gcry_mpi_t t1;
+ gcry_mpi_t t2;
+ gcry_mpi_t base[4];
+ gcry_mpi_t ex[4];
+
+ if( !(mpi_cmp_ui( a, 0 ) > 0 && mpi_cmp( a, pkey->p ) < 0) )
+ return 0; /* assertion 0 < a < p failed */
+
+ t1 = mpi_alloc( mpi_get_nlimbs(a) );
+ t2 = mpi_alloc( mpi_get_nlimbs(a) );
+
+#if 0
+ /* t1 = (y^a mod p) * (a^b mod p) mod p */
+ gcry_mpi_powm( t1, pkey->y, a, pkey->p );
+ gcry_mpi_powm( t2, a, b, pkey->p );
+ mpi_mulm( t1, t1, t2, pkey->p );
+
+ /* t2 = g ^ input mod p */
+ gcry_mpi_powm( t2, pkey->g, input, pkey->p );
+
+ rc = !mpi_cmp( t1, t2 );
+#elif 0
+ /* t1 = (y^a mod p) * (a^b mod p) mod p */
+ base[0] = pkey->y; ex[0] = a;
+ base[1] = a; ex[1] = b;
+ base[2] = NULL; ex[2] = NULL;
+ mpi_mulpowm( t1, base, ex, pkey->p );
+
+ /* t2 = g ^ input mod p */
+ gcry_mpi_powm( t2, pkey->g, input, pkey->p );
+
+ rc = !mpi_cmp( t1, t2 );
+#else
+ /* t1 = g ^ - input * y ^ a * a ^ b mod p */
+ mpi_invm(t2, pkey->g, pkey->p );
+ base[0] = t2 ; ex[0] = input;
+ base[1] = pkey->y; ex[1] = a;
+ base[2] = a; ex[2] = b;
+ base[3] = NULL; ex[3] = NULL;
+ mpi_mulpowm( t1, base, ex, pkey->p );
+ rc = !mpi_cmp_ui( t1, 1 );
+
+#endif
+
+ mpi_free(t1);
+ mpi_free(t2);
+ return rc;
+}
+
+/*********************************************
+ ************** interface ******************
+ *********************************************/
+
+static gpg_err_code_t
+elg_generate_ext (int algo, unsigned int nbits, unsigned long evalue,
+ const gcry_sexp_t genparms,
+ gcry_mpi_t *skey, gcry_mpi_t **retfactors,
+ gcry_sexp_t *r_extrainfo)
+{
+ gpg_err_code_t ec;
+ ELG_secret_key sk;
+ gcry_mpi_t xvalue = NULL;
+ gcry_sexp_t l1;
+
+ (void)algo;
+ (void)evalue;
+ (void)r_extrainfo;
+
+ if (genparms)
+ {
+ /* Parse the optional xvalue element. */
+ l1 = gcry_sexp_find_token (genparms, "xvalue", 0);
+ if (l1)
+ {
+ xvalue = gcry_sexp_nth_mpi (l1, 1, 0);
+ gcry_sexp_release (l1);
+ if (!xvalue)
+ return GPG_ERR_BAD_MPI;
+ }
+ }
+
+ if (xvalue)
+ ec = generate_using_x (&sk, nbits, xvalue, retfactors);
+ else
+ {
+ generate (&sk, nbits, retfactors);
+ ec = 0;
+ }
+
+ skey[0] = sk.p;
+ skey[1] = sk.g;
+ skey[2] = sk.y;
+ skey[3] = sk.x;
+
+ return ec;
+}
+
+
+static gcry_err_code_t
+elg_generate (int algo, unsigned int nbits, unsigned long evalue,
+ gcry_mpi_t *skey, gcry_mpi_t **retfactors)
+{
+ ELG_secret_key sk;
+
+ (void)algo;
+ (void)evalue;
+
+ generate (&sk, nbits, retfactors);
+ skey[0] = sk.p;
+ skey[1] = sk.g;
+ skey[2] = sk.y;
+ skey[3] = sk.x;
+
+ return GPG_ERR_NO_ERROR;
+}
+
+
+static gcry_err_code_t
+elg_check_secret_key (int algo, gcry_mpi_t *skey)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+ ELG_secret_key sk;
+
+ (void)algo;
+
+ if ((! skey[0]) || (! skey[1]) || (! skey[2]) || (! skey[3]))
+ err = GPG_ERR_BAD_MPI;
+ else
+ {
+ sk.p = skey[0];
+ sk.g = skey[1];
+ sk.y = skey[2];
+ sk.x = skey[3];
+
+ if (! check_secret_key (&sk))
+ err = GPG_ERR_BAD_SECKEY;
+ }
+
+ return err;
+}
+
+
+static gcry_err_code_t
+elg_encrypt (int algo, gcry_mpi_t *resarr,
+ gcry_mpi_t data, gcry_mpi_t *pkey, int flags)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+ ELG_public_key pk;
+
+ (void)algo;
+ (void)flags;
+
+ if ((! data) || (! pkey[0]) || (! pkey[1]) || (! pkey[2]))
+ err = GPG_ERR_BAD_MPI;
+ else
+ {
+ pk.p = pkey[0];
+ pk.g = pkey[1];
+ pk.y = pkey[2];
+ resarr[0] = mpi_alloc (mpi_get_nlimbs (pk.p));
+ resarr[1] = mpi_alloc (mpi_get_nlimbs (pk.p));
+ do_encrypt (resarr[0], resarr[1], data, &pk);
+ }
+ return err;
+}
+
+
+static gcry_err_code_t
+elg_decrypt (int algo, gcry_mpi_t *result,
+ gcry_mpi_t *data, gcry_mpi_t *skey, int flags)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+ ELG_secret_key sk;
+
+ (void)algo;
+ (void)flags;
+
+ if ((! data[0]) || (! data[1])
+ || (! skey[0]) || (! skey[1]) || (! skey[2]) || (! skey[3]))
+ err = GPG_ERR_BAD_MPI;
+ else
+ {
+ sk.p = skey[0];
+ sk.g = skey[1];
+ sk.y = skey[2];
+ sk.x = skey[3];
+ *result = mpi_alloc_secure (mpi_get_nlimbs (sk.p));
+ decrypt (*result, data[0], data[1], &sk);
+ }
+ return err;
+}
+
+
+static gcry_err_code_t
+elg_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+ ELG_secret_key sk;
+
+ (void)algo;
+
+ if ((! data)
+ || (! skey[0]) || (! skey[1]) || (! skey[2]) || (! skey[3]))
+ err = GPG_ERR_BAD_MPI;
+ else
+ {
+ sk.p = skey[0];
+ sk.g = skey[1];
+ sk.y = skey[2];
+ sk.x = skey[3];
+ resarr[0] = mpi_alloc (mpi_get_nlimbs (sk.p));
+ resarr[1] = mpi_alloc (mpi_get_nlimbs (sk.p));
+ sign (resarr[0], resarr[1], data, &sk);
+ }
+
+ return err;
+}
+
+
+static gcry_err_code_t
+elg_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey,
+ int (*cmp) (void *, gcry_mpi_t), void *opaquev)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+ ELG_public_key pk;
+
+ (void)algo;
+ (void)cmp;
+ (void)opaquev;
+
+ if ((! data[0]) || (! data[1]) || (! hash)
+ || (! pkey[0]) || (! pkey[1]) || (! pkey[2]))
+ err = GPG_ERR_BAD_MPI;
+ else
+ {
+ pk.p = pkey[0];
+ pk.g = pkey[1];
+ pk.y = pkey[2];
+ if (! verify (data[0], data[1], hash, &pk))
+ err = GPG_ERR_BAD_SIGNATURE;
+ }
+
+ return err;
+}
+
+
+static unsigned int
+elg_get_nbits (int algo, gcry_mpi_t *pkey)
+{
+ (void)algo;
+
+ return mpi_get_nbits (pkey[0]);
+}
+
+
+static const char *elg_names[] =
+ {
+ "elg",
+ "openpgp-elg",
+ "openpgp-elg-sig",
+ NULL,
+ };
+
+
+gcry_pk_spec_t _gcry_pubkey_spec_elg =
+ {
+ "ELG", elg_names,
+ "pgy", "pgyx", "ab", "rs", "pgy",
+ GCRY_PK_USAGE_SIGN | GCRY_PK_USAGE_ENCR,
+ elg_generate,
+ elg_check_secret_key,
+ elg_encrypt,
+ elg_decrypt,
+ elg_sign,
+ elg_verify,
+ elg_get_nbits
+ };
+
+pk_extra_spec_t _gcry_pubkey_extraspec_elg =
+ {
+ NULL,
+ elg_generate_ext,
+ NULL
+ };
+
diff --git a/grub-core/lib/libgcrypt-grub/cipher/g10lib.h b/grub-core/lib/libgcrypt-grub/cipher/g10lib.h
new file mode 100644
index 0000000..49cc16a
--- /dev/null
+++ b/grub-core/lib/libgcrypt-grub/cipher/g10lib.h
@@ -0,0 +1 @@
+#include <cipher_wrap.h>
diff --git a/grub-core/lib/libgcrypt-grub/cipher/hash-common.h b/grub-core/lib/libgcrypt-grub/cipher/hash-common.h
new file mode 100644
index 0000000..4a1630f
--- /dev/null
+++ b/grub-core/lib/libgcrypt-grub/cipher/hash-common.h
@@ -0,0 +1,36 @@
+/* This file was automatically imported with
+ import_gcry.py. Please don't modify it */
+#include <grub/dl.h>
+/* hash-common.h - Declarations of common code for hash algorithms.
+ * Copyright (C) 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GCRY_HASH_COMMON_H
+#define GCRY_HASH_COMMON_H
+
+
+const char * _gcry_hash_selftest_check_one
+/**/ (int algo,
+ int datamode, const void *data, size_t datalen,
+ const void *expect, size_t expectlen);
+
+
+
+
+
+#endif /*GCRY_HASH_COMMON_H*/
diff --git a/grub-core/lib/libgcrypt-grub/cipher/md4.c b/grub-core/lib/libgcrypt-grub/cipher/md4.c
new file mode 100644
index 0000000..184a4c7
--- /dev/null
+++ b/grub-core/lib/libgcrypt-grub/cipher/md4.c
@@ -0,0 +1,341 @@
+/* This file was automatically imported with
+ import_gcry.py. Please don't modify it */
+#include <grub/dl.h>
+GRUB_MOD_LICENSE ("GPLv3+");
+/* md4.c - MD4 Message-Digest Algorithm
+ * Copyright (C) 2002, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ *
+ * Based on md5.c in libgcrypt, but rewritten to compute md4 checksums
+ * using a public domain md4 implementation with the following comments:
+ *
+ * Modified by Wei Dai from Andrew M. Kuchling's md4.c
+ * The original code and all modifications are in the public domain.
+ *
+ * This is the original introductory comment:
+ *
+ * md4.c : MD4 hash algorithm.
+ *
+ * Part of the Python Cryptography Toolkit, version 1.1
+ *
+ * Distribute and use freely; there are no restrictions on further
+ * dissemination and usage except those imposed by the laws of your
+ * country of residence.
+ *
+ */
+
+/* MD4 test suite:
+ * MD4 ("") = 31d6cfe0d16ae931b73c59d7e0c089c0
+ * MD4 ("a") = bde52cb31de33e46245e05fbdbd6fb24
+ * MD4 ("abc") = a448017aaf21d8525fc10ae87aa6729d
+ * MD4 ("message digest") = d9130a8164549fe818874806e1c7014b
+ * MD4 ("abcdefghijklmnopqrstuvwxyz") = d79e1c308aa5bbcdeea8ed63df412da9
+ * MD4 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =
+ * 043f8582f241db351ce627e153e7f0e4
+ * MD4 ("123456789012345678901234567890123456789012345678901234567890123456
+ * 78901234567890") = e33b4ddc9c38f2199c3e7b164fcc0536
+ */
+
+
+#include "g10lib.h"
+#include "memory.h"
+#include "cipher.h"
+
+#include "bithelp.h"
+
+
+typedef struct {
+ u32 A,B,C,D; /* chaining variables */
+ u32 nblocks;
+ byte buf[64];
+ int count;
+} MD4_CONTEXT;
+
+
+static void
+md4_init( void *context )
+{
+ MD4_CONTEXT *ctx = context;
+
+ ctx->A = 0x67452301;
+ ctx->B = 0xefcdab89;
+ ctx->C = 0x98badcfe;
+ ctx->D = 0x10325476;
+
+ ctx->nblocks = 0;
+ ctx->count = 0;
+}
+
+#define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
+#define G(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
+#define H(x, y, z) ((x) ^ (y) ^ (z))
+
+
+/****************
+ * transform 64 bytes
+ */
+static void
+transform ( MD4_CONTEXT *ctx, const unsigned char *data )
+{
+ u32 in[16];
+ register u32 A = ctx->A;
+ register u32 B = ctx->B;
+ register u32 C = ctx->C;
+ register u32 D = ctx->D;
+
+#ifdef WORDS_BIGENDIAN
+ {
+ int i;
+ byte *p2, *p1;
+ for(i=0, p1=data, p2=(byte*)in; i < 16; i++, p2 += 4 )
+ {
+ p2[3] = *p1++;
+ p2[2] = *p1++;
+ p2[1] = *p1++;
+ p2[0] = *p1++;
+ }
+ }
+#else
+ memcpy (in, data, 64);
+#endif
+
+ /* Round 1. */
+#define function(a,b,c,d,k,s) a=rol(a+F(b,c,d)+in[k],s);
+ function(A,B,C,D, 0, 3);
+ function(D,A,B,C, 1, 7);
+ function(C,D,A,B, 2,11);
+ function(B,C,D,A, 3,19);
+ function(A,B,C,D, 4, 3);
+ function(D,A,B,C, 5, 7);
+ function(C,D,A,B, 6,11);
+ function(B,C,D,A, 7,19);
+ function(A,B,C,D, 8, 3);
+ function(D,A,B,C, 9, 7);
+ function(C,D,A,B,10,11);
+ function(B,C,D,A,11,19);
+ function(A,B,C,D,12, 3);
+ function(D,A,B,C,13, 7);
+ function(C,D,A,B,14,11);
+ function(B,C,D,A,15,19);
+
+#undef function
+
+ /* Round 2. */
+#define function(a,b,c,d,k,s) a=rol(a+G(b,c,d)+in[k]+0x5a827999,s);
+
+ function(A,B,C,D, 0, 3);
+ function(D,A,B,C, 4, 5);
+ function(C,D,A,B, 8, 9);
+ function(B,C,D,A,12,13);
+ function(A,B,C,D, 1, 3);
+ function(D,A,B,C, 5, 5);
+ function(C,D,A,B, 9, 9);
+ function(B,C,D,A,13,13);
+ function(A,B,C,D, 2, 3);
+ function(D,A,B,C, 6, 5);
+ function(C,D,A,B,10, 9);
+ function(B,C,D,A,14,13);
+ function(A,B,C,D, 3, 3);
+ function(D,A,B,C, 7, 5);
+ function(C,D,A,B,11, 9);
+ function(B,C,D,A,15,13);
+
+#undef function
+
+ /* Round 3. */
+#define function(a,b,c,d,k,s) a=rol(a+H(b,c,d)+in[k]+0x6ed9eba1,s);
+
+ function(A,B,C,D, 0, 3);
+ function(D,A,B,C, 8, 9);
+ function(C,D,A,B, 4,11);
+ function(B,C,D,A,12,15);
+ function(A,B,C,D, 2, 3);
+ function(D,A,B,C,10, 9);
+ function(C,D,A,B, 6,11);
+ function(B,C,D,A,14,15);
+ function(A,B,C,D, 1, 3);
+ function(D,A,B,C, 9, 9);
+ function(C,D,A,B, 5,11);
+ function(B,C,D,A,13,15);
+ function(A,B,C,D, 3, 3);
+ function(D,A,B,C,11, 9);
+ function(C,D,A,B, 7,11);
+ function(B,C,D,A,15,15);
+
+
+ /* Put checksum in context given as argument. */
+ ctx->A += A;
+ ctx->B += B;
+ ctx->C += C;
+ ctx->D += D;
+}
+
+
+
+/* The routine updates the message-digest context to
+ * account for the presence of each of the characters inBuf[0..inLen-1]
+ * in the message whose digest is being computed.
+ */
+static void
+md4_write ( void *context, const void *inbuf_arg, size_t inlen)
+{
+ const unsigned char *inbuf = inbuf_arg;
+ MD4_CONTEXT *hd = context;
+
+ if( hd->count == 64 ) /* flush the buffer */
+ {
+ transform( hd, hd->buf );
+ _gcry_burn_stack (80+6*sizeof(void*));
+ hd->count = 0;
+ hd->nblocks++;
+ }
+ if( !inbuf )
+ return;
+
+ if( hd->count )
+ {
+ for( ; inlen && hd->count < 64; inlen-- )
+ hd->buf[hd->count++] = *inbuf++;
+ md4_write( hd, NULL, 0 );
+ if( !inlen )
+ return;
+ }
+ _gcry_burn_stack (80+6*sizeof(void*));
+
+ while( inlen >= 64 )
+ {
+ transform( hd, inbuf );
+ hd->count = 0;
+ hd->nblocks++;
+ inlen -= 64;
+ inbuf += 64;
+ }
+ for( ; inlen && hd->count < 64; inlen-- )
+ hd->buf[hd->count++] = *inbuf++;
+}
+
+
+
+/* The routine final terminates the message-digest computation and
+ * ends with the desired message digest in mdContext->digest[0...15].
+ * The handle is prepared for a new MD4 cycle.
+ * Returns 16 bytes representing the digest.
+ */
+
+static void
+md4_final( void *context )
+{
+ MD4_CONTEXT *hd = context;
+ u32 t, msb, lsb;
+ byte *p;
+
+ md4_write(hd, NULL, 0); /* flush */;
+
+ t = hd->nblocks;
+ /* multiply by 64 to make a byte count */
+ lsb = t << 6;
+ msb = t >> 26;
+ /* add the count */
+ t = lsb;
+ if( (lsb += hd->count) < t )
+ msb++;
+ /* multiply by 8 to make a bit count */
+ t = lsb;
+ lsb <<= 3;
+ msb <<= 3;
+ msb |= t >> 29;
+
+ if( hd->count < 56 ) /* enough room */
+ {
+ hd->buf[hd->count++] = 0x80; /* pad */
+ while( hd->count < 56 )
+ hd->buf[hd->count++] = 0; /* pad */
+ }
+ else /* need one extra block */
+ {
+ hd->buf[hd->count++] = 0x80; /* pad character */
+ while( hd->count < 64 )
+ hd->buf[hd->count++] = 0;
+ md4_write(hd, NULL, 0); /* flush */;
+ memset(hd->buf, 0, 56 ); /* fill next block with zeroes */
+ }
+ /* append the 64 bit count */
+ hd->buf[56] = lsb ;
+ hd->buf[57] = lsb >> 8;
+ hd->buf[58] = lsb >> 16;
+ hd->buf[59] = lsb >> 24;
+ hd->buf[60] = msb ;
+ hd->buf[61] = msb >> 8;
+ hd->buf[62] = msb >> 16;
+ hd->buf[63] = msb >> 24;
+ transform( hd, hd->buf );
+ _gcry_burn_stack (80+6*sizeof(void*));
+
+ p = hd->buf;
+#ifdef WORDS_BIGENDIAN
+#define X(a) do { *p++ = hd->a ; *p++ = hd->a >> 8; \
+ *p++ = hd->a >> 16; *p++ = hd->a >> 24; } while(0)
+#else /* little endian */
+#define X(a) do { *(u32*)p = (*hd).a ; p += 4; } while(0)
+#endif
+ X(A);
+ X(B);
+ X(C);
+ X(D);
+#undef X
+
+}
+
+static byte *
+md4_read (void *context)
+{
+ MD4_CONTEXT *hd = context;
+ return hd->buf;
+}
+
+static byte asn[18] = /* Object ID is 1.2.840.113549.2.4 */
+ { 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86,0x48,
+ 0x86, 0xf7, 0x0d, 0x02, 0x04, 0x05, 0x00, 0x04, 0x10 };
+
+static gcry_md_oid_spec_t oid_spec_md4[] =
+ {
+ /* iso.member-body.us.rsadsi.digestAlgorithm.md4 */
+ { "1.2.840.113549.2.4" },
+ { NULL },
+ };
+
+gcry_md_spec_t _gcry_digest_spec_md4 =
+ {
+ "MD4", asn, DIM (asn), oid_spec_md4,16,
+ md4_init, md4_write, md4_final, md4_read,
+ sizeof (MD4_CONTEXT)
+ ,
+ .blocksize = 64
+ };
+
+
+
+GRUB_MOD_INIT(gcry_md4)
+{
+ grub_md_register (&_gcry_digest_spec_md4);
+}
+
+GRUB_MOD_FINI(gcry_md4)
+{
+ grub_md_unregister (&_gcry_digest_spec_md4);
+}
diff --git a/grub-core/lib/libgcrypt-grub/cipher/md5.c b/grub-core/lib/libgcrypt-grub/cipher/md5.c
new file mode 100644
index 0000000..f790cd4
--- /dev/null
+++ b/grub-core/lib/libgcrypt-grub/cipher/md5.c
@@ -0,0 +1,368 @@
+/* This file was automatically imported with
+ import_gcry.py. Please don't modify it */
+#include <grub/dl.h>
+GRUB_MOD_LICENSE ("GPLv3+");
+/* md5.c - MD5 Message-Digest Algorithm
+ * Copyright (C) 1995,1996,1998,1999,2001,2002,
+ * 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ *
+ * According to the definition of MD5 in RFC 1321 from April 1992.
+ * NOTE: This is *not* the same file as the one from glibc.
+ * Written by Ulrich Drepper <drepper@gnu.ai.mit.edu>, 1995.
+ * heavily modified for GnuPG by Werner Koch <wk@gnupg.org>
+ */
+
+/* Test values:
+ * "" D4 1D 8C D9 8F 00 B2 04 E9 80 09 98 EC F8 42 7E
+ * "a" 0C C1 75 B9 C0 F1 B6 A8 31 C3 99 E2 69 77 26 61
+ * "abc 90 01 50 98 3C D2 4F B0 D6 96 3F 7D 28 E1 7F 72
+ * "message digest" F9 6B 69 7D 7C B7 93 8D 52 5A 2F 31 AA F1 61 D0
+ */
+
+
+#include "g10lib.h"
+#include "memory.h"
+#include "cipher.h"
+
+#include "bithelp.h"
+
+
+typedef struct {
+ u32 A,B,C,D; /* chaining variables */
+ u32 nblocks;
+ byte buf[64];
+ int count;
+} MD5_CONTEXT;
+
+
+static void
+md5_init( void *context )
+{
+ MD5_CONTEXT *ctx = context;
+
+ ctx->A = 0x67452301;
+ ctx->B = 0xefcdab89;
+ ctx->C = 0x98badcfe;
+ ctx->D = 0x10325476;
+
+ ctx->nblocks = 0;
+ ctx->count = 0;
+}
+
+
+/* These are the four functions used in the four steps of the MD5 algorithm
+ and defined in the RFC 1321. The first function is a little bit optimized
+ (as found in Colin Plumbs public domain implementation). */
+/* #define FF(b, c, d) ((b & c) | (~b & d)) */
+#define FF(b, c, d) (d ^ (b & (c ^ d)))
+#define FG(b, c, d) FF (d, b, c)
+#define FH(b, c, d) (b ^ c ^ d)
+#define FI(b, c, d) (c ^ (b | ~d))
+
+
+/****************
+ * transform n*64 bytes
+ */
+static void
+transform ( MD5_CONTEXT *ctx, const unsigned char *data )
+{
+ u32 correct_words[16];
+ register u32 A = ctx->A;
+ register u32 B = ctx->B;
+ register u32 C = ctx->C;
+ register u32 D = ctx->D;
+ u32 *cwp = correct_words;
+
+#ifdef WORDS_BIGENDIAN
+ {
+ int i;
+ byte *p2, *p1;
+ for(i=0, p1=data, p2=(byte*)correct_words; i < 16; i++, p2 += 4 )
+ {
+ p2[3] = *p1++;
+ p2[2] = *p1++;
+ p2[1] = *p1++;
+ p2[0] = *p1++;
+ }
+ }
+#else
+ memcpy( correct_words, data, 64 );
+#endif
+
+
+#define OP(a, b, c, d, s, T) \
+ do \
+ { \
+ a += FF (b, c, d) + (*cwp++) + T; \
+ a = rol(a, s); \
+ a += b; \
+ } \
+ while (0)
+
+ /* Before we start, one word about the strange constants.
+ They are defined in RFC 1321 as
+
+ T[i] = (int) (4294967296.0 * fabs (sin (i))), i=1..64
+ */
+
+ /* Round 1. */
+ OP (A, B, C, D, 7, 0xd76aa478);
+ OP (D, A, B, C, 12, 0xe8c7b756);
+ OP (C, D, A, B, 17, 0x242070db);
+ OP (B, C, D, A, 22, 0xc1bdceee);
+ OP (A, B, C, D, 7, 0xf57c0faf);
+ OP (D, A, B, C, 12, 0x4787c62a);
+ OP (C, D, A, B, 17, 0xa8304613);
+ OP (B, C, D, A, 22, 0xfd469501);
+ OP (A, B, C, D, 7, 0x698098d8);
+ OP (D, A, B, C, 12, 0x8b44f7af);
+ OP (C, D, A, B, 17, 0xffff5bb1);
+ OP (B, C, D, A, 22, 0x895cd7be);
+ OP (A, B, C, D, 7, 0x6b901122);
+ OP (D, A, B, C, 12, 0xfd987193);
+ OP (C, D, A, B, 17, 0xa679438e);
+ OP (B, C, D, A, 22, 0x49b40821);
+
+#undef OP
+#define OP(f, a, b, c, d, k, s, T) \
+ do \
+ { \
+ a += f (b, c, d) + correct_words[k] + T; \
+ a = rol(a, s); \
+ a += b; \
+ } \
+ while (0)
+
+ /* Round 2. */
+ OP (FG, A, B, C, D, 1, 5, 0xf61e2562);
+ OP (FG, D, A, B, C, 6, 9, 0xc040b340);
+ OP (FG, C, D, A, B, 11, 14, 0x265e5a51);
+ OP (FG, B, C, D, A, 0, 20, 0xe9b6c7aa);
+ OP (FG, A, B, C, D, 5, 5, 0xd62f105d);
+ OP (FG, D, A, B, C, 10, 9, 0x02441453);
+ OP (FG, C, D, A, B, 15, 14, 0xd8a1e681);
+ OP (FG, B, C, D, A, 4, 20, 0xe7d3fbc8);
+ OP (FG, A, B, C, D, 9, 5, 0x21e1cde6);
+ OP (FG, D, A, B, C, 14, 9, 0xc33707d6);
+ OP (FG, C, D, A, B, 3, 14, 0xf4d50d87);
+ OP (FG, B, C, D, A, 8, 20, 0x455a14ed);
+ OP (FG, A, B, C, D, 13, 5, 0xa9e3e905);
+ OP (FG, D, A, B, C, 2, 9, 0xfcefa3f8);
+ OP (FG, C, D, A, B, 7, 14, 0x676f02d9);
+ OP (FG, B, C, D, A, 12, 20, 0x8d2a4c8a);
+
+ /* Round 3. */
+ OP (FH, A, B, C, D, 5, 4, 0xfffa3942);
+ OP (FH, D, A, B, C, 8, 11, 0x8771f681);
+ OP (FH, C, D, A, B, 11, 16, 0x6d9d6122);
+ OP (FH, B, C, D, A, 14, 23, 0xfde5380c);
+ OP (FH, A, B, C, D, 1, 4, 0xa4beea44);
+ OP (FH, D, A, B, C, 4, 11, 0x4bdecfa9);
+ OP (FH, C, D, A, B, 7, 16, 0xf6bb4b60);
+ OP (FH, B, C, D, A, 10, 23, 0xbebfbc70);
+ OP (FH, A, B, C, D, 13, 4, 0x289b7ec6);
+ OP (FH, D, A, B, C, 0, 11, 0xeaa127fa);
+ OP (FH, C, D, A, B, 3, 16, 0xd4ef3085);
+ OP (FH, B, C, D, A, 6, 23, 0x04881d05);
+ OP (FH, A, B, C, D, 9, 4, 0xd9d4d039);
+ OP (FH, D, A, B, C, 12, 11, 0xe6db99e5);
+ OP (FH, C, D, A, B, 15, 16, 0x1fa27cf8);
+ OP (FH, B, C, D, A, 2, 23, 0xc4ac5665);
+
+ /* Round 4. */
+ OP (FI, A, B, C, D, 0, 6, 0xf4292244);
+ OP (FI, D, A, B, C, 7, 10, 0x432aff97);
+ OP (FI, C, D, A, B, 14, 15, 0xab9423a7);
+ OP (FI, B, C, D, A, 5, 21, 0xfc93a039);
+ OP (FI, A, B, C, D, 12, 6, 0x655b59c3);
+ OP (FI, D, A, B, C, 3, 10, 0x8f0ccc92);
+ OP (FI, C, D, A, B, 10, 15, 0xffeff47d);
+ OP (FI, B, C, D, A, 1, 21, 0x85845dd1);
+ OP (FI, A, B, C, D, 8, 6, 0x6fa87e4f);
+ OP (FI, D, A, B, C, 15, 10, 0xfe2ce6e0);
+ OP (FI, C, D, A, B, 6, 15, 0xa3014314);
+ OP (FI, B, C, D, A, 13, 21, 0x4e0811a1);
+ OP (FI, A, B, C, D, 4, 6, 0xf7537e82);
+ OP (FI, D, A, B, C, 11, 10, 0xbd3af235);
+ OP (FI, C, D, A, B, 2, 15, 0x2ad7d2bb);
+ OP (FI, B, C, D, A, 9, 21, 0xeb86d391);
+
+ /* Put checksum in context given as argument. */
+ ctx->A += A;
+ ctx->B += B;
+ ctx->C += C;
+ ctx->D += D;
+}
+
+
+
+/* The routine updates the message-digest context to
+ * account for the presence of each of the characters inBuf[0..inLen-1]
+ * in the message whose digest is being computed.
+ */
+static void
+md5_write( void *context, const void *inbuf_arg , size_t inlen)
+{
+ const unsigned char *inbuf = inbuf_arg;
+ MD5_CONTEXT *hd = context;
+
+ if( hd->count == 64 ) /* flush the buffer */
+ {
+ transform( hd, hd->buf );
+ _gcry_burn_stack (80+6*sizeof(void*));
+ hd->count = 0;
+ hd->nblocks++;
+ }
+ if( !inbuf )
+ return;
+
+ if( hd->count )
+ {
+ for( ; inlen && hd->count < 64; inlen-- )
+ hd->buf[hd->count++] = *inbuf++;
+ md5_write( hd, NULL, 0 );
+ if( !inlen )
+ return;
+ }
+ _gcry_burn_stack (80+6*sizeof(void*));
+
+ while( inlen >= 64 )
+ {
+ transform( hd, inbuf );
+ hd->count = 0;
+ hd->nblocks++;
+ inlen -= 64;
+ inbuf += 64;
+ }
+ for( ; inlen && hd->count < 64; inlen-- )
+ hd->buf[hd->count++] = *inbuf++;
+
+}
+
+
+
+/* The routine final terminates the message-digest computation and
+ * ends with the desired message digest in mdContext->digest[0...15].
+ * The handle is prepared for a new MD5 cycle.
+ * Returns 16 bytes representing the digest.
+ */
+
+static void
+md5_final( void *context)
+{
+ MD5_CONTEXT *hd = context;
+ u32 t, msb, lsb;
+ byte *p;
+
+ md5_write(hd, NULL, 0); /* flush */;
+
+ t = hd->nblocks;
+ /* multiply by 64 to make a byte count */
+ lsb = t << 6;
+ msb = t >> 26;
+ /* add the count */
+ t = lsb;
+ if( (lsb += hd->count) < t )
+ msb++;
+ /* multiply by 8 to make a bit count */
+ t = lsb;
+ lsb <<= 3;
+ msb <<= 3;
+ msb |= t >> 29;
+
+ if( hd->count < 56 ) /* enough room */
+ {
+ hd->buf[hd->count++] = 0x80; /* pad */
+ while( hd->count < 56 )
+ hd->buf[hd->count++] = 0; /* pad */
+ }
+ else /* need one extra block */
+ {
+ hd->buf[hd->count++] = 0x80; /* pad character */
+ while( hd->count < 64 )
+ hd->buf[hd->count++] = 0;
+ md5_write(hd, NULL, 0); /* flush */;
+ memset(hd->buf, 0, 56 ); /* fill next block with zeroes */
+ }
+ /* append the 64 bit count */
+ hd->buf[56] = lsb ;
+ hd->buf[57] = lsb >> 8;
+ hd->buf[58] = lsb >> 16;
+ hd->buf[59] = lsb >> 24;
+ hd->buf[60] = msb ;
+ hd->buf[61] = msb >> 8;
+ hd->buf[62] = msb >> 16;
+ hd->buf[63] = msb >> 24;
+ transform( hd, hd->buf );
+ _gcry_burn_stack (80+6*sizeof(void*));
+
+ p = hd->buf;
+#ifdef WORDS_BIGENDIAN
+#define X(a) do { *p++ = hd->a ; *p++ = hd->a >> 8; \
+ *p++ = hd->a >> 16; *p++ = hd->a >> 24; } while(0)
+#else /* little endian */
+#define X(a) do { *(u32*)p = (*hd).a ; p += 4; } while(0)
+#endif
+ X(A);
+ X(B);
+ X(C);
+ X(D);
+#undef X
+
+}
+
+static byte *
+md5_read( void *context )
+{
+ MD5_CONTEXT *hd = (MD5_CONTEXT *) context;
+ return hd->buf;
+}
+
+static byte asn[18] = /* Object ID is 1.2.840.113549.2.5 */
+ { 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86,0x48,
+ 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10 };
+
+static gcry_md_oid_spec_t oid_spec_md5[] =
+ {
+ /* iso.member-body.us.rsadsi.pkcs.pkcs-1.4 (md5WithRSAEncryption) */
+ { "1.2.840.113549.1.1.4" },
+ /* RSADSI digestAlgorithm MD5 */
+ { "1.2.840.113549.2.5" },
+ { NULL },
+ };
+
+gcry_md_spec_t _gcry_digest_spec_md5 =
+ {
+ "MD5", asn, DIM (asn), oid_spec_md5, 16,
+ md5_init, md5_write, md5_final, md5_read,
+ sizeof (MD5_CONTEXT)
+ ,
+ .blocksize = 64
+ };
+
+
+GRUB_MOD_INIT(gcry_md5)
+{
+ grub_md_register (&_gcry_digest_spec_md5);
+}
+
+GRUB_MOD_FINI(gcry_md5)
+{
+ grub_md_unregister (&_gcry_digest_spec_md5);
+}
diff --git a/grub-core/lib/libgcrypt-grub/cipher/memory.h b/grub-core/lib/libgcrypt-grub/cipher/memory.h
new file mode 100644
index 0000000..49cc16a
--- /dev/null
+++ b/grub-core/lib/libgcrypt-grub/cipher/memory.h
@@ -0,0 +1 @@
+#include <cipher_wrap.h>
diff --git a/grub-core/lib/libgcrypt-grub/cipher/primegen.c b/grub-core/lib/libgcrypt-grub/cipher/primegen.c
new file mode 100644
index 0000000..b8a3121
--- /dev/null
+++ b/grub-core/lib/libgcrypt-grub/cipher/primegen.c
@@ -0,0 +1,1861 @@
+/* This file was automatically imported with
+ import_gcry.py. Please don't modify it */
+#include <grub/dl.h>
+GRUB_MOD_LICENSE ("GPLv3+");
+/* primegen.c - prime number generator
+ * Copyright (C) 1998, 2000, 2001, 2002, 2003
+ * 2004, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
+
+#include "g10lib.h"
+#include "mpi.h"
+#include "cipher.h"
+#include "ath.h"
+
+static gcry_mpi_t gen_prime (unsigned int nbits, int secret, int randomlevel,
+ int (*extra_check)(void *, gcry_mpi_t),
+ void *extra_check_arg);
+static int check_prime( gcry_mpi_t prime, gcry_mpi_t val_2, int rm_rounds,
+ gcry_prime_check_func_t cb_func, void *cb_arg );
+static int is_prime (gcry_mpi_t n, int steps, unsigned int *count);
+static void m_out_of_n( char *array, int m, int n );
+
+static void (*progress_cb) (void *,const char*,int,int, int );
+static void *progress_cb_data;
+
+/* Note: 2 is not included because it can be tested more easily by
+ looking at bit 0. The last entry in this list is marked by a zero */
+static ushort small_prime_numbers[] = {
+ 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43,
+ 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101,
+ 103, 107, 109, 113, 127, 131, 137, 139, 149, 151,
+ 157, 163, 167, 173, 179, 181, 191, 193, 197, 199,
+ 211, 223, 227, 229, 233, 239, 241, 251, 257, 263,
+ 269, 271, 277, 281, 283, 293, 307, 311, 313, 317,
+ 331, 337, 347, 349, 353, 359, 367, 373, 379, 383,
+ 389, 397, 401, 409, 419, 421, 431, 433, 439, 443,
+ 449, 457, 461, 463, 467, 479, 487, 491, 499, 503,
+ 509, 521, 523, 541, 547, 557, 563, 569, 571, 577,
+ 587, 593, 599, 601, 607, 613, 617, 619, 631, 641,
+ 643, 647, 653, 659, 661, 673, 677, 683, 691, 701,
+ 709, 719, 727, 733, 739, 743, 751, 757, 761, 769,
+ 773, 787, 797, 809, 811, 821, 823, 827, 829, 839,
+ 853, 857, 859, 863, 877, 881, 883, 887, 907, 911,
+ 919, 929, 937, 941, 947, 953, 967, 971, 977, 983,
+ 991, 997, 1009, 1013, 1019, 1021, 1031, 1033,
+ 1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091,
+ 1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151,
+ 1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213,
+ 1217, 1223, 1229, 1231, 1237, 1249, 1259, 1277,
+ 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307,
+ 1319, 1321, 1327, 1361, 1367, 1373, 1381, 1399,
+ 1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451,
+ 1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493,
+ 1499, 1511, 1523, 1531, 1543, 1549, 1553, 1559,
+ 1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609,
+ 1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667,
+ 1669, 1693, 1697, 1699, 1709, 1721, 1723, 1733,
+ 1741, 1747, 1753, 1759, 1777, 1783, 1787, 1789,
+ 1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871,
+ 1873, 1877, 1879, 1889, 1901, 1907, 1913, 1931,
+ 1933, 1949, 1951, 1973, 1979, 1987, 1993, 1997,
+ 1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053,
+ 2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111,
+ 2113, 2129, 2131, 2137, 2141, 2143, 2153, 2161,
+ 2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243,
+ 2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297,
+ 2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357,
+ 2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411,
+ 2417, 2423, 2437, 2441, 2447, 2459, 2467, 2473,
+ 2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551,
+ 2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633,
+ 2647, 2657, 2659, 2663, 2671, 2677, 2683, 2687,
+ 2689, 2693, 2699, 2707, 2711, 2713, 2719, 2729,
+ 2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791,
+ 2797, 2801, 2803, 2819, 2833, 2837, 2843, 2851,
+ 2857, 2861, 2879, 2887, 2897, 2903, 2909, 2917,
+ 2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999,
+ 3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061,
+ 3067, 3079, 3083, 3089, 3109, 3119, 3121, 3137,
+ 3163, 3167, 3169, 3181, 3187, 3191, 3203, 3209,
+ 3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271,
+ 3299, 3301, 3307, 3313, 3319, 3323, 3329, 3331,
+ 3343, 3347, 3359, 3361, 3371, 3373, 3389, 3391,
+ 3407, 3413, 3433, 3449, 3457, 3461, 3463, 3467,
+ 3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533,
+ 3539, 3541, 3547, 3557, 3559, 3571, 3581, 3583,
+ 3593, 3607, 3613, 3617, 3623, 3631, 3637, 3643,
+ 3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709,
+ 3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779,
+ 3793, 3797, 3803, 3821, 3823, 3833, 3847, 3851,
+ 3853, 3863, 3877, 3881, 3889, 3907, 3911, 3917,
+ 3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989,
+ 4001, 4003, 4007, 4013, 4019, 4021, 4027, 4049,
+ 4051, 4057, 4073, 4079, 4091, 4093, 4099, 4111,
+ 4127, 4129, 4133, 4139, 4153, 4157, 4159, 4177,
+ 4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243,
+ 4253, 4259, 4261, 4271, 4273, 4283, 4289, 4297,
+ 4327, 4337, 4339, 4349, 4357, 4363, 4373, 4391,
+ 4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457,
+ 4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519,
+ 4523, 4547, 4549, 4561, 4567, 4583, 4591, 4597,
+ 4603, 4621, 4637, 4639, 4643, 4649, 4651, 4657,
+ 4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729,
+ 4733, 4751, 4759, 4783, 4787, 4789, 4793, 4799,
+ 4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889,
+ 4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951,
+ 4957, 4967, 4969, 4973, 4987, 4993, 4999,
+ 0
+};
+static int no_of_small_prime_numbers = DIM (small_prime_numbers) - 1;
+
+
+
+/* An object and a list to build up a global pool of primes. See
+ save_pool_prime and get_pool_prime. */
+struct primepool_s
+{
+ struct primepool_s *next;
+ gcry_mpi_t prime; /* If this is NULL the entry is not used. */
+ unsigned int nbits;
+ gcry_random_level_t randomlevel;
+};
+struct primepool_s *primepool;
+/* Mutex used to protect access to the primepool. */
+static ath_mutex_t primepool_lock = ATH_MUTEX_INITIALIZER;
+
+
+
+/* Save PRIME which has been generated at RANDOMLEVEL for later
+ use. Needs to be called while primepool_lock is being hold. Note
+ that PRIME should be considered released after calling this
+ function. */
+static void
+save_pool_prime (gcry_mpi_t prime, gcry_random_level_t randomlevel)
+{
+ struct primepool_s *item, *item2;
+ size_t n;
+
+ for (n=0, item = primepool; item; item = item->next, n++)
+ if (!item->prime)
+ break;
+ if (!item && n > 100)
+ {
+ /* Remove some of the entries. Our strategy is removing
+ the last third from the list. */
+ int i;
+
+ for (i=0, item2 = primepool; item2; item2 = item2->next)
+ {
+ if (i >= n/3*2)
+ {
+ gcry_mpi_release (item2->prime);
+ item2->prime = NULL;
+ if (!item)
+ item = item2;
+ }
+ }
+ }
+ if (!item)
+ {
+ item = gcry_calloc (1, sizeof *item);
+ if (!item)
+ {
+ /* Out of memory. Silently giving up. */
+ gcry_mpi_release (prime);
+ return;
+ }
+ item->next = primepool;
+ primepool = item;
+ }
+ item->prime = prime;
+ item->nbits = mpi_get_nbits (prime);
+ item->randomlevel = randomlevel;
+}
+
+
+/* Return a prime for the prime pool or NULL if none has been found.
+ The prime needs to match NBITS and randomlevel. This function needs
+ to be called why the primepool_look is being hold. */
+static gcry_mpi_t
+get_pool_prime (unsigned int nbits, gcry_random_level_t randomlevel)
+{
+ struct primepool_s *item;
+
+ for (item = primepool; item; item = item->next)
+ if (item->prime
+ && item->nbits == nbits && item->randomlevel == randomlevel)
+ {
+ gcry_mpi_t prime = item->prime;
+ item->prime = NULL;
+ gcry_assert (nbits == mpi_get_nbits (prime));
+ return prime;
+ }
+ return NULL;
+}
+
+
+
+
+
+
+void
+_gcry_register_primegen_progress ( void (*cb)(void *,const char*,int,int,int),
+ void *cb_data )
+{
+ progress_cb = cb;
+ progress_cb_data = cb_data;
+}
+
+
+static void
+progress( int c )
+{
+ if ( progress_cb )
+ progress_cb ( progress_cb_data, "primegen", c, 0, 0 );
+}
+
+
+/****************
+ * Generate a prime number (stored in secure memory)
+ */
+gcry_mpi_t
+_gcry_generate_secret_prime (unsigned int nbits,
+ gcry_random_level_t random_level,
+ int (*extra_check)(void*, gcry_mpi_t),
+ void *extra_check_arg)
+{
+ gcry_mpi_t prime;
+
+ prime = gen_prime (nbits, 1, random_level, extra_check, extra_check_arg);
+ progress('\n');
+ return prime;
+}
+
+
+/* Generate a prime number which may be public, i.e. not allocated in
+ secure memory. */
+gcry_mpi_t
+_gcry_generate_public_prime (unsigned int nbits,
+ gcry_random_level_t random_level,
+ int (*extra_check)(void*, gcry_mpi_t),
+ void *extra_check_arg)
+{
+ gcry_mpi_t prime;
+
+ prime = gen_prime (nbits, 0, random_level, extra_check, extra_check_arg);
+ progress('\n');
+ return prime;
+}
+
+
+/* Core prime generation function. The algorithm used to generate
+ practically save primes is due to Lim and Lee as described in the
+ CRYPTO '97 proceedings (ISBN3540633847) page 260.
+
+ NEED_Q_FACTOR: If true make sure that at least one factor is of
+ size qbits. This is for example required for DSA.
+ PRIME_GENERATED: Adresss of a variable where the resulting prime
+ number will be stored.
+ PBITS: Requested size of the prime number. At least 48.
+ QBITS: One factor of the prime needs to be of this size. Maybe 0
+ if this is not required. See also MODE.
+ G: If not NULL an MPI which will receive a generator for the prime
+ for use with Elgamal.
+ RET_FACTORS: if not NULL, an array with all factors are stored at
+ that address.
+ ALL_FACTORS: If set to true all factors of prime-1 are returned.
+ RANDOMLEVEL: How strong should the random numers be.
+ FLAGS: Prime generation bit flags. Currently supported:
+ GCRY_PRIME_FLAG_SECRET - The prime needs to be kept secret.
+ CB_FUNC, CB_ARG: Callback to be used for extra checks.
+
+ */
+static gcry_err_code_t
+prime_generate_internal (int need_q_factor,
+ gcry_mpi_t *prime_generated, unsigned int pbits,
+ unsigned int qbits, gcry_mpi_t g,
+ gcry_mpi_t **ret_factors,
+ gcry_random_level_t randomlevel, unsigned int flags,
+ int all_factors,
+ gcry_prime_check_func_t cb_func, void *cb_arg)
+{
+ gcry_err_code_t err = 0;
+ gcry_mpi_t *factors_new = NULL; /* Factors to return to the
+ caller. */
+ gcry_mpi_t *factors = NULL; /* Current factors. */
+ gcry_random_level_t poolrandomlevel; /* Random level used for pool primes. */
+ gcry_mpi_t *pool = NULL; /* Pool of primes. */
+ int *pool_in_use = NULL; /* Array with currently used POOL elements. */
+ unsigned char *perms = NULL; /* Permutations of POOL. */
+ gcry_mpi_t q_factor = NULL; /* Used if QBITS is non-zero. */
+ unsigned int fbits = 0; /* Length of prime factors. */
+ unsigned int n = 0; /* Number of factors. */
+ unsigned int m = 0; /* Number of primes in pool. */
+ gcry_mpi_t q = NULL; /* First prime factor. */
+ gcry_mpi_t prime = NULL; /* Prime candidate. */
+ unsigned int nprime = 0; /* Bits of PRIME. */
+ unsigned int req_qbits; /* The original QBITS value. */
+ gcry_mpi_t val_2; /* For check_prime(). */
+ int is_locked = 0; /* Flag to help unlocking the primepool. */
+ unsigned int is_secret = (flags & GCRY_PRIME_FLAG_SECRET);
+ unsigned int count1 = 0, count2 = 0;
+ unsigned int i = 0, j = 0;
+
+ if (pbits < 48)
+ return GPG_ERR_INV_ARG;
+
+ /* We won't use a too strong random elvel for the pooled subprimes. */
+ poolrandomlevel = (randomlevel > GCRY_STRONG_RANDOM?
+ GCRY_STRONG_RANDOM : randomlevel);
+
+
+ /* If QBITS is not given, assume a reasonable value. */
+ if (!qbits)
+ qbits = pbits / 3;
+
+ req_qbits = qbits;
+
+ /* Find number of needed prime factors N. */
+ for (n = 1; (pbits - qbits - 1) / n >= qbits; n++)
+ ;
+ n--;
+
+ val_2 = mpi_alloc_set_ui (2);
+
+ if ((! n) || ((need_q_factor) && (n < 2)))
+ {
+ err = GPG_ERR_INV_ARG;
+ goto leave;
+ }
+
+ if (need_q_factor)
+ {
+ n--; /* Need one factor less because we want a specific Q-FACTOR. */
+ fbits = (pbits - 2 * req_qbits -1) / n;
+ qbits = pbits - req_qbits - n * fbits;
+ }
+ else
+ {
+ fbits = (pbits - req_qbits -1) / n;
+ qbits = pbits - n * fbits;
+ }
+
+ if (DBG_CIPHER)
+ log_debug ("gen prime: pbits=%u qbits=%u fbits=%u/%u n=%d\n",
+ pbits, req_qbits, qbits, fbits, n);
+
+ /* Allocate an integer to old the new prime. */
+ prime = gcry_mpi_new (pbits);
+
+ /* Generate first prime factor. */
+ q = gen_prime (qbits, is_secret, randomlevel, NULL, NULL);
+
+ /* Generate a specific Q-Factor if requested. */
+ if (need_q_factor)
+ q_factor = gen_prime (req_qbits, is_secret, randomlevel, NULL, NULL);
+
+ /* Allocate an array to hold all factors + 2 for later usage. */
+ factors = gcry_calloc (n + 2, sizeof (*factors));
+ if (!factors)
+ {
+ err = gpg_err_code_from_errno (errno);
+ goto leave;
+ }
+
+ /* Allocate an array to track pool usage. */
+ pool_in_use = gcry_malloc (n * sizeof *pool_in_use);
+ if (!pool_in_use)
+ {
+ err = gpg_err_code_from_errno (errno);
+ goto leave;
+ }
+ for (i=0; i < n; i++)
+ pool_in_use[i] = -1;
+
+ /* Make a pool of 3n+5 primes (this is an arbitrary value). We
+ require at least 30 primes for are useful selection process.
+
+ Fixme: We need to research the best formula for sizing the pool.
+ */
+ m = n * 3 + 5;
+ if (need_q_factor) /* Need some more in this case. */
+ m += 5;
+ if (m < 30)
+ m = 30;
+ pool = gcry_calloc (m , sizeof (*pool));
+ if (! pool)
+ {
+ err = gpg_err_code_from_errno (errno);
+ goto leave;
+ }
+
+ /* Permutate over the pool of primes until we find a prime of the
+ requested length. */
+ do
+ {
+ next_try:
+ for (i=0; i < n; i++)
+ pool_in_use[i] = -1;
+
+ if (!perms)
+ {
+ /* Allocate new primes. This is done right at the beginning
+ of the loop and if we have later run out of primes. */
+ for (i = 0; i < m; i++)
+ {
+ mpi_free (pool[i]);
+ pool[i] = NULL;
+ }
+
+ /* Init m_out_of_n(). */
+ perms = gcry_calloc (1, m);
+ if (!perms)
+ {
+ err = gpg_err_code_from_errno (errno);
+ goto leave;
+ }
+
+ if (ath_mutex_lock (&primepool_lock))
+ {
+ err = GPG_ERR_INTERNAL;
+ goto leave;
+ }
+ is_locked = 1;
+ for (i = 0; i < n; i++)
+ {
+ perms[i] = 1;
+ /* At a maximum we use strong random for the factors.
+ This saves us a lot of entropy. Given that Q and
+ possible Q-factor are also used in the final prime
+ this should be acceptable. We also don't allocate in
+ secure memory to save on that scare resource too. If
+ Q has been allocated in secure memory, the final
+ prime will be saved there anyway. This is because
+ our MPI routines take care of that. GnuPG has worked
+ this way ever since. */
+ pool[i] = NULL;
+ if (is_locked)
+ {
+ pool[i] = get_pool_prime (fbits, poolrandomlevel);
+ if (!pool[i])
+ {
+ if (ath_mutex_unlock (&primepool_lock))
+ {
+ err = GPG_ERR_INTERNAL;
+ goto leave;
+ }
+ is_locked = 0;
+ }
+ }
+ if (!pool[i])
+ pool[i] = gen_prime (fbits, 0, poolrandomlevel, NULL, NULL);
+ pool_in_use[i] = i;
+ factors[i] = pool[i];
+ }
+ if (is_locked && ath_mutex_unlock (&primepool_lock))
+ {
+ err = GPG_ERR_INTERNAL;
+ goto leave;
+ }
+ is_locked = 0;
+ }
+ else
+ {
+ /* Get next permutation. */
+ m_out_of_n ( (char*)perms, n, m);
+ if (ath_mutex_lock (&primepool_lock))
+ {
+ err = GPG_ERR_INTERNAL;
+ goto leave;
+ }
+ is_locked = 1;
+ for (i = j = 0; (i < m) && (j < n); i++)
+ if (perms[i])
+ {
+ /* If the subprime has not yet beed generated do it now. */
+ if (!pool[i] && is_locked)
+ {
+ pool[i] = get_pool_prime (fbits, poolrandomlevel);
+ if (!pool[i])
+ {
+ if (ath_mutex_unlock (&primepool_lock))
+ {
+ err = GPG_ERR_INTERNAL;
+ goto leave;
+ }
+ is_locked = 0;
+ }
+ }
+ if (!pool[i])
+ pool[i] = gen_prime (fbits, 0, poolrandomlevel, NULL, NULL);
+ pool_in_use[j] = i;
+ factors[j++] = pool[i];
+ }
+ if (is_locked && ath_mutex_unlock (&primepool_lock))
+ {
+ err = GPG_ERR_INTERNAL;
+ goto leave;
+ }
+ is_locked = 0;
+ if (i == n)
+ {
+ /* Ran out of permutations: Allocate new primes. */
+ gcry_free (perms);
+ perms = NULL;
+ progress ('!');
+ goto next_try;
+ }
+ }
+
+ /* Generate next prime candidate:
+ p = 2 * q [ * q_factor] * factor_0 * factor_1 * ... * factor_n + 1.
+ */
+ mpi_set (prime, q);
+ mpi_mul_ui (prime, prime, 2);
+ if (need_q_factor)
+ mpi_mul (prime, prime, q_factor);
+ for(i = 0; i < n; i++)
+ mpi_mul (prime, prime, factors[i]);
+ mpi_add_ui (prime, prime, 1);
+ nprime = mpi_get_nbits (prime);
+
+ if (nprime < pbits)
+ {
+ if (++count1 > 20)
+ {
+ count1 = 0;
+ qbits++;
+ progress('>');
+ mpi_free (q);
+ q = gen_prime (qbits, is_secret, randomlevel, NULL, NULL);
+ goto next_try;
+ }
+ }
+ else
+ count1 = 0;
+
+ if (nprime > pbits)
+ {
+ if (++count2 > 20)
+ {
+ count2 = 0;
+ qbits--;
+ progress('<');
+ mpi_free (q);
+ q = gen_prime (qbits, is_secret, randomlevel, NULL, NULL);
+ goto next_try;
+ }
+ }
+ else
+ count2 = 0;
+ }
+ while (! ((nprime == pbits) && check_prime (prime, val_2, 5,
+ cb_func, cb_arg)));
+
+ if (DBG_CIPHER)
+ {
+ progress ('\n');
+ log_mpidump ("prime : ", prime);
+ log_mpidump ("factor q: ", q);
+ if (need_q_factor)
+ log_mpidump ("factor q0: ", q_factor);
+ for (i = 0; i < n; i++)
+ log_mpidump ("factor pi: ", factors[i]);
+ log_debug ("bit sizes: prime=%u, q=%u",
+ mpi_get_nbits (prime), mpi_get_nbits (q));
+ if (need_q_factor)
+ log_debug (", q0=%u", mpi_get_nbits (q_factor));
+ for (i = 0; i < n; i++)
+ log_debug (", p%d=%u", i, mpi_get_nbits (factors[i]));
+ progress('\n');
+ }
+
+ if (ret_factors)
+ {
+ /* Caller wants the factors. */
+ factors_new = gcry_calloc (n + 4, sizeof (*factors_new));
+ if (! factors_new)
+ {
+ err = gpg_err_code_from_errno (errno);
+ goto leave;
+ }
+
+ if (all_factors)
+ {
+ i = 0;
+ factors_new[i++] = gcry_mpi_set_ui (NULL, 2);
+ factors_new[i++] = mpi_copy (q);
+ if (need_q_factor)
+ factors_new[i++] = mpi_copy (q_factor);
+ for(j=0; j < n; j++)
+ factors_new[i++] = mpi_copy (factors[j]);
+ }
+ else
+ {
+ i = 0;
+ if (need_q_factor)
+ {
+ factors_new[i++] = mpi_copy (q_factor);
+ for (; i <= n; i++)
+ factors_new[i] = mpi_copy (factors[i]);
+ }
+ else
+ for (; i < n; i++ )
+ factors_new[i] = mpi_copy (factors[i]);
+ }
+ }
+
+ if (g)
+ {
+ /* Create a generator (start with 3). */
+ gcry_mpi_t tmp = mpi_alloc (mpi_get_nlimbs (prime));
+ gcry_mpi_t b = mpi_alloc (mpi_get_nlimbs (prime));
+ gcry_mpi_t pmin1 = mpi_alloc (mpi_get_nlimbs (prime));
+
+ if (need_q_factor)
+ err = GPG_ERR_NOT_IMPLEMENTED;
+ else
+ {
+ factors[n] = q;
+ factors[n + 1] = mpi_alloc_set_ui (2);
+ mpi_sub_ui (pmin1, prime, 1);
+ mpi_set_ui (g, 2);
+ do
+ {
+ mpi_add_ui (g, g, 1);
+ if (DBG_CIPHER)
+ {
+ log_debug ("checking g:");
+ gcry_mpi_dump (g);
+ log_printf ("\n");
+ }
+ else
+ progress('^');
+ for (i = 0; i < n + 2; i++)
+ {
+ mpi_fdiv_q (tmp, pmin1, factors[i]);
+ /* No mpi_pow(), but it is okay to use this with mod
+ prime. */
+ gcry_mpi_powm (b, g, tmp, prime);
+ if (! mpi_cmp_ui (b, 1))
+ break;
+ }
+ if (DBG_CIPHER)
+ progress('\n');
+ }
+ while (i < n + 2);
+
+ mpi_free (factors[n+1]);
+ mpi_free (tmp);
+ mpi_free (b);
+ mpi_free (pmin1);
+ }
+ }
+
+ if (! DBG_CIPHER)
+ progress ('\n');
+
+
+ leave:
+ if (pool)
+ {
+ is_locked = !ath_mutex_lock (&primepool_lock);
+ for(i = 0; i < m; i++)
+ {
+ if (pool[i])
+ {
+ for (j=0; j < n; j++)
+ if (pool_in_use[j] == i)
+ break;
+ if (j == n && is_locked)
+ {
+ /* This pooled subprime has not been used. */
+ save_pool_prime (pool[i], poolrandomlevel);
+ }
+ else
+ mpi_free (pool[i]);
+ }
+ }
+ if (is_locked && ath_mutex_unlock (&primepool_lock))
+ err = GPG_ERR_INTERNAL;
+ is_locked = 0;
+ gcry_free (pool);
+ }
+ gcry_free (pool_in_use);
+ if (factors)
+ gcry_free (factors); /* Factors are shallow copies. */
+ if (perms)
+ gcry_free (perms);
+
+ mpi_free (val_2);
+ mpi_free (q);
+ mpi_free (q_factor);
+
+ if (! err)
+ {
+ *prime_generated = prime;
+ if (ret_factors)
+ *ret_factors = factors_new;
+ }
+ else
+ {
+ if (factors_new)
+ {
+ for (i = 0; factors_new[i]; i++)
+ mpi_free (factors_new[i]);
+ gcry_free (factors_new);
+ }
+ mpi_free (prime);
+ }
+
+ return err;
+}
+
+
+/* Generate a prime used for discrete logarithm algorithms; i.e. this
+ prime will be public and no strong random is required. */
+gcry_mpi_t
+_gcry_generate_elg_prime (int mode, unsigned pbits, unsigned qbits,
+ gcry_mpi_t g, gcry_mpi_t **ret_factors)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+ gcry_mpi_t prime = NULL;
+
+ err = prime_generate_internal ((mode == 1), &prime, pbits, qbits, g,
+ ret_factors, GCRY_WEAK_RANDOM, 0, 0,
+ NULL, NULL);
+
+ return prime;
+}
+
+
+static gcry_mpi_t
+gen_prime (unsigned int nbits, int secret, int randomlevel,
+ int (*extra_check)(void *, gcry_mpi_t), void *extra_check_arg)
+{
+ gcry_mpi_t prime, ptest, pminus1, val_2, val_3, result;
+ int i;
+ unsigned int x, step;
+ unsigned int count1, count2;
+ int *mods;
+
+/* if ( DBG_CIPHER ) */
+/* log_debug ("generate a prime of %u bits ", nbits ); */
+
+ if (nbits < 16)
+ log_fatal ("can't generate a prime with less than %d bits\n", 16);
+
+ mods = gcry_xmalloc( no_of_small_prime_numbers * sizeof *mods );
+ /* Make nbits fit into gcry_mpi_t implementation. */
+ val_2 = mpi_alloc_set_ui( 2 );
+ val_3 = mpi_alloc_set_ui( 3);
+ prime = secret? gcry_mpi_snew ( nbits ): gcry_mpi_new ( nbits );
+ result = mpi_alloc_like( prime );
+ pminus1= mpi_alloc_like( prime );
+ ptest = mpi_alloc_like( prime );
+ count1 = count2 = 0;
+ for (;;)
+ { /* try forvever */
+ int dotcount=0;
+
+ /* generate a random number */
+ gcry_mpi_randomize( prime, nbits, randomlevel );
+
+ /* Set high order bit to 1, set low order bit to 1. If we are
+ generating a secret prime we are most probably doing that
+ for RSA, to make sure that the modulus does have the
+ requested key size we set the 2 high order bits. */
+ mpi_set_highbit (prime, nbits-1);
+ if (secret)
+ mpi_set_bit (prime, nbits-2);
+ mpi_set_bit(prime, 0);
+
+ /* Calculate all remainders. */
+ for (i=0; (x = small_prime_numbers[i]); i++ )
+ mods[i] = mpi_fdiv_r_ui(NULL, prime, x);
+
+ /* Now try some primes starting with prime. */
+ for(step=0; step < 20000; step += 2 )
+ {
+ /* Check against all the small primes we have in mods. */
+ count1++;
+ for (i=0; (x = small_prime_numbers[i]); i++ )
+ {
+ while ( mods[i] + step >= x )
+ mods[i] -= x;
+ if ( !(mods[i] + step) )
+ break;
+ }
+ if ( x )
+ continue; /* Found a multiple of an already known prime. */
+
+ mpi_add_ui( ptest, prime, step );
+
+ /* Do a fast Fermat test now. */
+ count2++;
+ mpi_sub_ui( pminus1, ptest, 1);
+ gcry_mpi_powm( result, val_2, pminus1, ptest );
+ if ( !mpi_cmp_ui( result, 1 ) )
+ {
+ /* Not composite, perform stronger tests */
+ if (is_prime(ptest, 5, &count2 ))
+ {
+ if (!mpi_test_bit( ptest, nbits-1-secret ))
+ {
+ progress('\n');
+ log_debug ("overflow in prime generation\n");
+ break; /* Stop loop, continue with a new prime. */
+ }
+
+ if (extra_check && extra_check (extra_check_arg, ptest))
+ {
+ /* The extra check told us that this prime is
+ not of the caller's taste. */
+ progress ('/');
+ }
+ else
+ {
+ /* Got it. */
+ mpi_free(val_2);
+ mpi_free(val_3);
+ mpi_free(result);
+ mpi_free(pminus1);
+ mpi_free(prime);
+ gcry_free(mods);
+ return ptest;
+ }
+ }
+ }
+ if (++dotcount == 10 )
+ {
+ progress('.');
+ dotcount = 0;
+ }
+ }
+ progress(':'); /* restart with a new random value */
+ }
+}
+
+/****************
+ * Returns: true if this may be a prime
+ * RM_ROUNDS gives the number of Rabin-Miller tests to run.
+ */
+static int
+check_prime( gcry_mpi_t prime, gcry_mpi_t val_2, int rm_rounds,
+ gcry_prime_check_func_t cb_func, void *cb_arg)
+{
+ int i;
+ unsigned int x;
+ unsigned int count=0;
+
+ /* Check against small primes. */
+ for (i=0; (x = small_prime_numbers[i]); i++ )
+ {
+ if ( mpi_divisible_ui( prime, x ) )
+ return 0;
+ }
+
+ /* A quick Fermat test. */
+ {
+ gcry_mpi_t result = mpi_alloc_like( prime );
+ gcry_mpi_t pminus1 = mpi_alloc_like( prime );
+ mpi_sub_ui( pminus1, prime, 1);
+ gcry_mpi_powm( result, val_2, pminus1, prime );
+ mpi_free( pminus1 );
+ if ( mpi_cmp_ui( result, 1 ) )
+ {
+ /* Is composite. */
+ mpi_free( result );
+ progress('.');
+ return 0;
+ }
+ mpi_free( result );
+ }
+
+ if (!cb_func || cb_func (cb_arg, GCRY_PRIME_CHECK_AT_MAYBE_PRIME, prime))
+ {
+ /* Perform stronger tests. */
+ if ( is_prime( prime, rm_rounds, &count ) )
+ {
+ if (!cb_func
+ || cb_func (cb_arg, GCRY_PRIME_CHECK_AT_GOT_PRIME, prime))
+ return 1; /* Probably a prime. */
+ }
+ }
+ progress('.');
+ return 0;
+}
+
+
+/*
+ * Return true if n is probably a prime
+ */
+static int
+is_prime (gcry_mpi_t n, int steps, unsigned int *count)
+{
+ gcry_mpi_t x = mpi_alloc( mpi_get_nlimbs( n ) );
+ gcry_mpi_t y = mpi_alloc( mpi_get_nlimbs( n ) );
+ gcry_mpi_t z = mpi_alloc( mpi_get_nlimbs( n ) );
+ gcry_mpi_t nminus1 = mpi_alloc( mpi_get_nlimbs( n ) );
+ gcry_mpi_t a2 = mpi_alloc_set_ui( 2 );
+ gcry_mpi_t q;
+ unsigned i, j, k;
+ int rc = 0;
+ unsigned nbits = mpi_get_nbits( n );
+
+ if (steps < 5) /* Make sure that we do at least 5 rounds. */
+ steps = 5;
+
+ mpi_sub_ui( nminus1, n, 1 );
+
+ /* Find q and k, so that n = 1 + 2^k * q . */
+ q = mpi_copy ( nminus1 );
+ k = mpi_trailing_zeros ( q );
+ mpi_tdiv_q_2exp (q, q, k);
+
+ for (i=0 ; i < steps; i++ )
+ {
+ ++*count;
+ if( !i )
+ {
+ mpi_set_ui( x, 2 );
+ }
+ else
+ {
+ gcry_mpi_randomize( x, nbits, GCRY_WEAK_RANDOM );
+
+ /* Make sure that the number is smaller than the prime and
+ keep the randomness of the high bit. */
+ if ( mpi_test_bit ( x, nbits-2) )
+ {
+ mpi_set_highbit ( x, nbits-2); /* Clear all higher bits. */
+ }
+ else
+ {
+ mpi_set_highbit( x, nbits-2 );
+ mpi_clear_bit( x, nbits-2 );
+ }
+ gcry_assert (mpi_cmp (x, nminus1) < 0 && mpi_cmp_ui (x, 1) > 0);
+ }
+ gcry_mpi_powm ( y, x, q, n);
+ if ( mpi_cmp_ui(y, 1) && mpi_cmp( y, nminus1 ) )
+ {
+ for ( j=1; j < k && mpi_cmp( y, nminus1 ); j++ )
+ {
+ gcry_mpi_powm(y, y, a2, n);
+ if( !mpi_cmp_ui( y, 1 ) )
+ goto leave; /* Not a prime. */
+ }
+ if (mpi_cmp( y, nminus1 ) )
+ goto leave; /* Not a prime. */
+ }
+ progress('+');
+ }
+ rc = 1; /* May be a prime. */
+
+ leave:
+ mpi_free( x );
+ mpi_free( y );
+ mpi_free( z );
+ mpi_free( nminus1 );
+ mpi_free( q );
+ mpi_free( a2 );
+
+ return rc;
+}
+
+
+/* Given ARRAY of size N with M elements set to true produce a
+ modified array with the next permutation of M elements. Note, that
+ ARRAY is used in a one-bit-per-byte approach. To detected the last
+ permutation it is useful to intialize the array with the first M
+ element set to true and use this test:
+ m_out_of_n (array, m, n);
+ for (i = j = 0; i < n && j < m; i++)
+ if (array[i])
+ j++;
+ if (j == m)
+ goto ready;
+
+ This code is based on the algorithm 452 from the "Collected
+ Algorithms From ACM, Volume II" by C. N. Liu and D. T. Tang.
+*/
+static void
+m_out_of_n ( char *array, int m, int n )
+{
+ int i=0, i1=0, j=0, jp=0, j1=0, k1=0, k2=0;
+
+ if( !m || m >= n )
+ return;
+
+ /* Need to handle this simple case separately. */
+ if( m == 1 )
+ {
+ for (i=0; i < n; i++ )
+ {
+ if ( array[i] )
+ {
+ array[i++] = 0;
+ if( i >= n )
+ i = 0;
+ array[i] = 1;
+ return;
+ }
+ }
+ BUG();
+ }
+
+
+ for (j=1; j < n; j++ )
+ {
+ if ( array[n-1] == array[n-j-1])
+ continue;
+ j1 = j;
+ break;
+ }
+
+ if ( (m & 1) )
+ {
+ /* M is odd. */
+ if( array[n-1] )
+ {
+ if( j1 & 1 )
+ {
+ k1 = n - j1;
+ k2 = k1+2;
+ if( k2 > n )
+ k2 = n;
+ goto leave;
+ }
+ goto scan;
+ }
+ k2 = n - j1 - 1;
+ if( k2 == 0 )
+ {
+ k1 = i;
+ k2 = n - j1;
+ }
+ else if( array[k2] && array[k2-1] )
+ k1 = n;
+ else
+ k1 = k2 + 1;
+ }
+ else
+ {
+ /* M is even. */
+ if( !array[n-1] )
+ {
+ k1 = n - j1;
+ k2 = k1 + 1;
+ goto leave;
+ }
+
+ if( !(j1 & 1) )
+ {
+ k1 = n - j1;
+ k2 = k1+2;
+ if( k2 > n )
+ k2 = n;
+ goto leave;
+ }
+ scan:
+ jp = n - j1 - 1;
+ for (i=1; i <= jp; i++ )
+ {
+ i1 = jp + 2 - i;
+ if( array[i1-1] )
+ {
+ if( array[i1-2] )
+ {
+ k1 = i1 - 1;
+ k2 = n - j1;
+ }
+ else
+ {
+ k1 = i1 - 1;
+ k2 = n + 1 - j1;
+ }
+ goto leave;
+ }
+ }
+ k1 = 1;
+ k2 = n + 1 - m;
+ }
+ leave:
+ /* Now complement the two selected bits. */
+ array[k1-1] = !array[k1-1];
+ array[k2-1] = !array[k2-1];
+}
+
+
+/* Generate a new prime number of PRIME_BITS bits and store it in
+ PRIME. If FACTOR_BITS is non-zero, one of the prime factors of
+ (prime - 1) / 2 must be FACTOR_BITS bits long. If FACTORS is
+ non-zero, allocate a new, NULL-terminated array holding the prime
+ factors and store it in FACTORS. FLAGS might be used to influence
+ the prime number generation process. */
+gcry_error_t
+gcry_prime_generate (gcry_mpi_t *prime, unsigned int prime_bits,
+ unsigned int factor_bits, gcry_mpi_t **factors,
+ gcry_prime_check_func_t cb_func, void *cb_arg,
+ gcry_random_level_t random_level,
+ unsigned int flags)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+ gcry_mpi_t *factors_generated = NULL;
+ gcry_mpi_t prime_generated = NULL;
+ unsigned int mode = 0;
+
+ if (!prime)
+ return gpg_error (GPG_ERR_INV_ARG);
+ *prime = NULL;
+
+ if (flags & GCRY_PRIME_FLAG_SPECIAL_FACTOR)
+ mode = 1;
+
+ /* Generate. */
+ err = prime_generate_internal ((mode==1), &prime_generated, prime_bits,
+ factor_bits, NULL,
+ factors? &factors_generated : NULL,
+ random_level, flags, 1,
+ cb_func, cb_arg);
+
+ if (! err)
+ if (cb_func)
+ {
+ /* Additional check. */
+ if ( !cb_func (cb_arg, GCRY_PRIME_CHECK_AT_FINISH, prime_generated))
+ {
+ /* Failed, deallocate resources. */
+ unsigned int i;
+
+ mpi_free (prime_generated);
+ if (factors)
+ {
+ for (i = 0; factors_generated[i]; i++)
+ mpi_free (factors_generated[i]);
+ gcry_free (factors_generated);
+ }
+ err = GPG_ERR_GENERAL;
+ }
+ }
+
+ if (! err)
+ {
+ if (factors)
+ *factors = factors_generated;
+ *prime = prime_generated;
+ }
+
+ return gcry_error (err);
+}
+
+/* Check wether the number X is prime. */
+gcry_error_t
+gcry_prime_check (gcry_mpi_t x, unsigned int flags)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+ gcry_mpi_t val_2 = mpi_alloc_set_ui (2); /* Used by the Fermat test. */
+
+ (void)flags;
+
+ /* We use 64 rounds because the prime we are going to test is not
+ guaranteed to be a random one. */
+ if (! check_prime (x, val_2, 64, NULL, NULL))
+ err = GPG_ERR_NO_PRIME;
+
+ mpi_free (val_2);
+
+ return gcry_error (err);
+}
+
+/* Find a generator for PRIME where the factorization of (prime-1) is
+ in the NULL terminated array FACTORS. Return the generator as a
+ newly allocated MPI in R_G. If START_G is not NULL, use this as s
+ atart for the search. Returns 0 on success.*/
+gcry_error_t
+gcry_prime_group_generator (gcry_mpi_t *r_g,
+ gcry_mpi_t prime, gcry_mpi_t *factors,
+ gcry_mpi_t start_g)
+{
+ gcry_mpi_t tmp = gcry_mpi_new (0);
+ gcry_mpi_t b = gcry_mpi_new (0);
+ gcry_mpi_t pmin1 = gcry_mpi_new (0);
+ gcry_mpi_t g = start_g? gcry_mpi_copy (start_g) : gcry_mpi_set_ui (NULL, 3);
+ int first = 1;
+ int i, n;
+
+ if (!factors || !r_g || !prime)
+ return gpg_error (GPG_ERR_INV_ARG);
+ *r_g = NULL;
+
+ for (n=0; factors[n]; n++)
+ ;
+ if (n < 2)
+ return gpg_error (GPG_ERR_INV_ARG);
+
+ /* Extra sanity check - usually disabled. */
+/* mpi_set (tmp, factors[0]); */
+/* for(i = 1; i < n; i++) */
+/* mpi_mul (tmp, tmp, factors[i]); */
+/* mpi_add_ui (tmp, tmp, 1); */
+/* if (mpi_cmp (prime, tmp)) */
+/* return gpg_error (GPG_ERR_INV_ARG); */
+
+ gcry_mpi_sub_ui (pmin1, prime, 1);
+ do
+ {
+ if (first)
+ first = 0;
+ else
+ gcry_mpi_add_ui (g, g, 1);
+
+ if (DBG_CIPHER)
+ {
+ log_debug ("checking g:");
+ gcry_mpi_dump (g);
+ log_debug ("\n");
+ }
+ else
+ progress('^');
+
+ for (i = 0; i < n; i++)
+ {
+ mpi_fdiv_q (tmp, pmin1, factors[i]);
+ gcry_mpi_powm (b, g, tmp, prime);
+ if (! mpi_cmp_ui (b, 1))
+ break;
+ }
+ if (DBG_CIPHER)
+ progress('\n');
+ }
+ while (i < n);
+
+ gcry_mpi_release (tmp);
+ gcry_mpi_release (b);
+ gcry_mpi_release (pmin1);
+ *r_g = g;
+
+ return 0;
+}
+
+/* Convenience function to release the factors array. */
+void
+gcry_prime_release_factors (gcry_mpi_t *factors)
+{
+ if (factors)
+ {
+ int i;
+
+ for (i=0; factors[i]; i++)
+ mpi_free (factors[i]);
+ gcry_free (factors);
+ }
+}
+
+
+
+/* Helper for _gcry_derive_x931_prime. */
+static gcry_mpi_t
+find_x931_prime (const gcry_mpi_t pfirst)
+{
+ gcry_mpi_t val_2 = mpi_alloc_set_ui (2);
+ gcry_mpi_t prime;
+
+ prime = gcry_mpi_copy (pfirst);
+ /* If P is even add 1. */
+ mpi_set_bit (prime, 0);
+
+ /* We use 64 Rabin-Miller rounds which is better and thus
+ sufficient. We do not have a Lucas test implementaion thus we
+ can't do it in the X9.31 preferred way of running a few
+ Rabin-Miller followed by one Lucas test. */
+ while ( !check_prime (prime, val_2, 64, NULL, NULL) )
+ mpi_add_ui (prime, prime, 2);
+
+ mpi_free (val_2);
+
+ return prime;
+}
+
+
+/* Generate a prime using the algorithm from X9.31 appendix B.4.
+
+ This function requires that the provided public exponent E is odd.
+ XP, XP1 and XP2 are the seed values. All values are mandatory.
+
+ On success the prime is returned. If R_P1 or R_P2 are given the
+ internal values P1 and P2 are saved at these addresses. On error
+ NULL is returned. */
+gcry_mpi_t
+_gcry_derive_x931_prime (const gcry_mpi_t xp,
+ const gcry_mpi_t xp1, const gcry_mpi_t xp2,
+ const gcry_mpi_t e,
+ gcry_mpi_t *r_p1, gcry_mpi_t *r_p2)
+{
+ gcry_mpi_t p1, p2, p1p2, yp0;
+
+ if (!xp || !xp1 || !xp2)
+ return NULL;
+ if (!e || !mpi_test_bit (e, 0))
+ return NULL; /* We support only odd values for E. */
+
+ p1 = find_x931_prime (xp1);
+ p2 = find_x931_prime (xp2);
+ p1p2 = mpi_alloc_like (xp);
+ mpi_mul (p1p2, p1, p2);
+
+ {
+ gcry_mpi_t r1, tmp;
+
+ /* r1 = (p2^{-1} mod p1)p2 - (p1^{-1} mod p2) */
+ tmp = mpi_alloc_like (p1);
+ mpi_invm (tmp, p2, p1);
+ mpi_mul (tmp, tmp, p2);
+ r1 = tmp;
+
+ tmp = mpi_alloc_like (p2);
+ mpi_invm (tmp, p1, p2);
+ mpi_mul (tmp, tmp, p1);
+ mpi_sub (r1, r1, tmp);
+
+ /* Fixup a negative value. */
+ if (mpi_is_neg (r1))
+ mpi_add (r1, r1, p1p2);
+
+ /* yp0 = xp + (r1 - xp mod p1*p2) */
+ yp0 = tmp; tmp = NULL;
+ mpi_subm (yp0, r1, xp, p1p2);
+ mpi_add (yp0, yp0, xp);
+ mpi_free (r1);
+
+ /* Fixup a negative value. */
+ if (mpi_cmp (yp0, xp) < 0 )
+ mpi_add (yp0, yp0, p1p2);
+ }
+
+ /* yp0 is now the first integer greater than xp with p1 being a
+ large prime factor of yp0-1 and p2 a large prime factor of yp0+1. */
+
+ /* Note that the first example from X9.31 (D.1.1) which uses
+ (Xq1 #1A5CF72EE770DE50CB09ACCEA9#)
+ (Xq2 #134E4CAA16D2350A21D775C404#)
+ (Xq #CC1092495D867E64065DEE3E7955F2EBC7D47A2D
+ 7C9953388F97DDDC3E1CA19C35CA659EDC2FC325
+ 6D29C2627479C086A699A49C4C9CEE7EF7BD1B34
+ 321DE34A#))))
+ returns an yp0 of
+ #CC1092495D867E64065DEE3E7955F2EBC7D47A2D
+ 7C9953388F97DDDC3E1CA19C35CA659EDC2FC4E3
+ BF20CB896EE37E098A906313271422162CB6C642
+ 75C1201F#
+ and not
+ #CC1092495D867E64065DEE3E7955F2EBC7D47A2D
+ 7C9953388F97DDDC3E1CA19C35CA659EDC2FC2E6
+ C88FE299D52D78BE405A97E01FD71DD7819ECB91
+ FA85A076#
+ as stated in the standard. This seems to be a bug in X9.31.
+ */
+
+ {
+ gcry_mpi_t val_2 = mpi_alloc_set_ui (2);
+ gcry_mpi_t gcdtmp = mpi_alloc_like (yp0);
+ int gcdres;
+
+ mpi_sub_ui (p1p2, p1p2, 1); /* Adjust for loop body. */
+ mpi_sub_ui (yp0, yp0, 1); /* Ditto. */
+ for (;;)
+ {
+ gcdres = gcry_mpi_gcd (gcdtmp, e, yp0);
+ mpi_add_ui (yp0, yp0, 1);
+ if (!gcdres)
+ progress ('/'); /* gcd (e, yp0-1) != 1 */
+ else if (check_prime (yp0, val_2, 64, NULL, NULL))
+ break; /* Found. */
+ /* We add p1p2-1 because yp0 is incremented after the gcd test. */
+ mpi_add (yp0, yp0, p1p2);
+ }
+ mpi_free (gcdtmp);
+ mpi_free (val_2);
+ }
+
+ mpi_free (p1p2);
+
+ progress('\n');
+ if (r_p1)
+ *r_p1 = p1;
+ else
+ mpi_free (p1);
+ if (r_p2)
+ *r_p2 = p2;
+ else
+ mpi_free (p2);
+ return yp0;
+}
+
+
+
+/* Generate the two prime used for DSA using the algorithm specified
+ in FIPS 186-2. PBITS is the desired length of the prime P and a
+ QBITS the length of the prime Q. If SEED is not supplied and
+ SEEDLEN is 0 the function generates an appropriate SEED. On
+ success the generated primes are stored at R_Q and R_P, the counter
+ value is stored at R_COUNTER and the seed actually used for
+ generation is stored at R_SEED and R_SEEDVALUE. */
+gpg_err_code_t
+_gcry_generate_fips186_2_prime (unsigned int pbits, unsigned int qbits,
+ const void *seed, size_t seedlen,
+ gcry_mpi_t *r_q, gcry_mpi_t *r_p,
+ int *r_counter,
+ void **r_seed, size_t *r_seedlen)
+{
+ gpg_err_code_t ec;
+ unsigned char seed_help_buffer[160/8]; /* Used to hold a generated SEED. */
+ unsigned char *seed_plus; /* Malloced buffer to hold SEED+x. */
+ unsigned char digest[160/8]; /* Helper buffer for SHA-1 digest. */
+ gcry_mpi_t val_2 = NULL; /* Helper for the prime test. */
+ gcry_mpi_t tmpval = NULL; /* Helper variable. */
+ int i;
+
+ unsigned char value_u[160/8];
+ int value_n, value_b, value_k;
+ int counter;
+ gcry_mpi_t value_w = NULL;
+ gcry_mpi_t value_x = NULL;
+ gcry_mpi_t prime_q = NULL;
+ gcry_mpi_t prime_p = NULL;
+
+ /* FIPS 186-2 allows only for 1024/160 bit. */
+ if (pbits != 1024 || qbits != 160)
+ return GPG_ERR_INV_KEYLEN;
+
+ if (!seed && !seedlen)
+ ; /* No seed value given: We are asked to generate it. */
+ else if (!seed || seedlen < qbits/8)
+ return GPG_ERR_INV_ARG;
+
+ /* Allocate a buffer to later compute SEED+some_increment. */
+ seed_plus = gcry_malloc (seedlen < 20? 20:seedlen);
+ if (!seed_plus)
+ {
+ ec = gpg_err_code_from_syserror ();
+ goto leave;
+ }
+
+ val_2 = mpi_alloc_set_ui (2);
+ value_n = (pbits - 1) / qbits;
+ value_b = (pbits - 1) - value_n * qbits;
+ value_w = gcry_mpi_new (pbits);
+ value_x = gcry_mpi_new (pbits);
+
+ restart:
+ /* Generate Q. */
+ for (;;)
+ {
+ /* Step 1: Generate a (new) seed unless one has been supplied. */
+ if (!seed)
+ {
+ seedlen = sizeof seed_help_buffer;
+ gcry_create_nonce (seed_help_buffer, seedlen);
+ seed = seed_help_buffer;
+ }
+
+ /* Step 2: U = sha1(seed) ^ sha1((seed+1) mod 2^{qbits}) */
+ memcpy (seed_plus, seed, seedlen);
+ for (i=seedlen-1; i >= 0; i--)
+ {
+ seed_plus[i]++;
+ if (seed_plus[i])
+ break;
+ }
+ gcry_md_hash_buffer (GCRY_MD_SHA1, value_u, seed, seedlen);
+ gcry_md_hash_buffer (GCRY_MD_SHA1, digest, seed_plus, seedlen);
+ for (i=0; i < sizeof value_u; i++)
+ value_u[i] ^= digest[i];
+
+ /* Step 3: Form q from U */
+ gcry_mpi_release (prime_q); prime_q = NULL;
+ ec = gpg_err_code (gcry_mpi_scan (&prime_q, GCRYMPI_FMT_USG,
+ value_u, sizeof value_u, NULL));
+ if (ec)
+ goto leave;
+ mpi_set_highbit (prime_q, qbits-1 );
+ mpi_set_bit (prime_q, 0);
+
+ /* Step 4: Test whether Q is prime using 64 round of Rabin-Miller. */
+ if (check_prime (prime_q, val_2, 64, NULL, NULL))
+ break; /* Yes, Q is prime. */
+
+ /* Step 5. */
+ seed = NULL; /* Force a new seed at Step 1. */
+ }
+
+ /* Step 6. Note that we do no use an explicit offset but increment
+ SEED_PLUS accordingly. SEED_PLUS is currently SEED+1. */
+ counter = 0;
+
+ /* Generate P. */
+ prime_p = gcry_mpi_new (pbits);
+ for (;;)
+ {
+ /* Step 7: For k = 0,...n let
+ V_k = sha1(seed+offset+k) mod 2^{qbits}
+ Step 8: W = V_0 + V_1*2^160 +
+ ...
+ + V_{n-1}*2^{(n-1)*160}
+ + (V_{n} mod 2^b)*2^{n*160}
+ */
+ mpi_set_ui (value_w, 0);
+ for (value_k=0; value_k <= value_n; value_k++)
+ {
+ /* There is no need to have an explicit offset variable: In
+ the first round we shall have an offset of 2, this is
+ achieved by using SEED_PLUS which is already at SEED+1,
+ thus we just need to increment it once again. The
+ requirement for the next round is to update offset by N,
+ which we implictly did at the end of this loop, and then
+ to add one; this one is the same as in the first round. */
+ for (i=seedlen-1; i >= 0; i--)
+ {
+ seed_plus[i]++;
+ if (seed_plus[i])
+ break;
+ }
+ gcry_md_hash_buffer (GCRY_MD_SHA1, digest, seed_plus, seedlen);
+
+ gcry_mpi_release (tmpval); tmpval = NULL;
+ ec = gpg_err_code (gcry_mpi_scan (&tmpval, GCRYMPI_FMT_USG,
+ digest, sizeof digest, NULL));
+ if (ec)
+ goto leave;
+ if (value_k == value_n)
+ mpi_clear_highbit (tmpval, value_b); /* (V_n mod 2^b) */
+ mpi_lshift (tmpval, tmpval, value_k*qbits);
+ mpi_add (value_w, value_w, tmpval);
+ }
+
+ /* Step 8 continued: X = W + 2^{L-1} */
+ mpi_set_ui (value_x, 0);
+ mpi_set_highbit (value_x, pbits-1);
+ mpi_add (value_x, value_x, value_w);
+
+ /* Step 9: c = X mod 2q, p = X - (c - 1) */
+ mpi_mul_2exp (tmpval, prime_q, 1);
+ mpi_mod (tmpval, value_x, tmpval);
+ mpi_sub_ui (tmpval, tmpval, 1);
+ mpi_sub (prime_p, value_x, tmpval);
+
+ /* Step 10: If p < 2^{L-1} skip the primality test. */
+ /* Step 11 and 12: Primality test. */
+ if (mpi_get_nbits (prime_p) >= pbits-1
+ && check_prime (prime_p, val_2, 64, NULL, NULL) )
+ break; /* Yes, P is prime, continue with Step 15. */
+
+ /* Step 13: counter = counter + 1, offset = offset + n + 1. */
+ counter++;
+
+ /* Step 14: If counter >= 2^12 goto Step 1. */
+ if (counter >= 4096)
+ goto restart;
+ }
+
+ /* Step 15: Save p, q, counter and seed. */
+/* log_debug ("fips186-2 pbits p=%u q=%u counter=%d\n", */
+/* mpi_get_nbits (prime_p), mpi_get_nbits (prime_q), counter); */
+/* log_printhex("fips186-2 seed:", seed, seedlen); */
+/* log_mpidump ("fips186-2 prime p", prime_p); */
+/* log_mpidump ("fips186-2 prime q", prime_q); */
+ if (r_q)
+ {
+ *r_q = prime_q;
+ prime_q = NULL;
+ }
+ if (r_p)
+ {
+ *r_p = prime_p;
+ prime_p = NULL;
+ }
+ if (r_counter)
+ *r_counter = counter;
+ if (r_seed && r_seedlen)
+ {
+ memcpy (seed_plus, seed, seedlen);
+ *r_seed = seed_plus;
+ seed_plus = NULL;
+ *r_seedlen = seedlen;
+ }
+
+
+ leave:
+ gcry_mpi_release (tmpval);
+ gcry_mpi_release (value_x);
+ gcry_mpi_release (value_w);
+ gcry_mpi_release (prime_p);
+ gcry_mpi_release (prime_q);
+ gcry_free (seed_plus);
+ gcry_mpi_release (val_2);
+ return ec;
+}
+
+
+
+/* WARNING: The code below has not yet been tested! However, it is
+ not yet used. We need to wait for FIPS 186-3 final and for test
+ vectors.
+
+ Generate the two prime used for DSA using the algorithm specified
+ in FIPS 186-3, A.1.1.2. PBITS is the desired length of the prime P
+ and a QBITS the length of the prime Q. If SEED is not supplied and
+ SEEDLEN is 0 the function generates an appropriate SEED. On
+ success the generated primes are stored at R_Q and R_P, the counter
+ value is stored at R_COUNTER and the seed actually used for
+ generation is stored at R_SEED and R_SEEDVALUE. The hash algorithm
+ used is stored at R_HASHALGO.
+
+ Note that this function is very similar to the fips186_2 code. Due
+ to the minor differences, other buffer sizes and for documentarion,
+ we use a separate function.
+*/
+gpg_err_code_t
+_gcry_generate_fips186_3_prime (unsigned int pbits, unsigned int qbits,
+ const void *seed, size_t seedlen,
+ gcry_mpi_t *r_q, gcry_mpi_t *r_p,
+ int *r_counter,
+ void **r_seed, size_t *r_seedlen,
+ int *r_hashalgo)
+{
+ gpg_err_code_t ec;
+ unsigned char seed_help_buffer[256/8]; /* Used to hold a generated SEED. */
+ unsigned char *seed_plus; /* Malloced buffer to hold SEED+x. */
+ unsigned char digest[256/8]; /* Helper buffer for SHA-1 digest. */
+ gcry_mpi_t val_2 = NULL; /* Helper for the prime test. */
+ gcry_mpi_t tmpval = NULL; /* Helper variable. */
+ int hashalgo; /* The id of the Approved Hash Function. */
+ int i;
+
+ unsigned char value_u[256/8];
+ int value_n, value_b, value_j;
+ int counter;
+ gcry_mpi_t value_w = NULL;
+ gcry_mpi_t value_x = NULL;
+ gcry_mpi_t prime_q = NULL;
+ gcry_mpi_t prime_p = NULL;
+
+ gcry_assert (sizeof seed_help_buffer == sizeof digest
+ && sizeof seed_help_buffer == sizeof value_u);
+
+ /* Step 1: Check the requested prime lengths. */
+ /* Note that due to the size of our buffers QBITS is limited to 256. */
+ if (pbits == 1024 && qbits == 160)
+ hashalgo = GCRY_MD_SHA1;
+ else if (pbits == 2048 && qbits == 224)
+ hashalgo = GCRY_MD_SHA224;
+ else if (pbits == 2048 && qbits == 256)
+ hashalgo = GCRY_MD_SHA256;
+ else if (pbits == 3072 && qbits == 256)
+ hashalgo = GCRY_MD_SHA256;
+ else
+ return GPG_ERR_INV_KEYLEN;
+
+ /* Also check that the hash algorithm is available. */
+ ec = gpg_err_code (gcry_md_test_algo (hashalgo));
+ if (ec)
+ return ec;
+ gcry_assert (qbits/8 <= sizeof digest);
+ gcry_assert (gcry_md_get_algo_dlen (hashalgo) == qbits/8);
+
+
+ /* Step 2: Check seedlen. */
+ if (!seed && !seedlen)
+ ; /* No seed value given: We are asked to generate it. */
+ else if (!seed || seedlen < qbits/8)
+ return GPG_ERR_INV_ARG;
+
+ /* Allocate a buffer to later compute SEED+some_increment and a few
+ helper variables. */
+ seed_plus = gcry_malloc (seedlen < sizeof seed_help_buffer?
+ sizeof seed_help_buffer : seedlen);
+ if (!seed_plus)
+ {
+ ec = gpg_err_code_from_syserror ();
+ goto leave;
+ }
+ val_2 = mpi_alloc_set_ui (2);
+ value_w = gcry_mpi_new (pbits);
+ value_x = gcry_mpi_new (pbits);
+
+ /* Step 3: n = \lceil L / outlen \rceil - 1 */
+ value_n = (pbits + qbits - 1) / qbits - 1;
+ /* Step 4: b = L - 1 - (n * outlen) */
+ value_b = pbits - 1 - (value_n * qbits);
+
+ restart:
+ /* Generate Q. */
+ for (;;)
+ {
+ /* Step 5: Generate a (new) seed unless one has been supplied. */
+ if (!seed)
+ {
+ seedlen = qbits/8;
+ gcry_assert (seedlen <= sizeof seed_help_buffer);
+ gcry_create_nonce (seed_help_buffer, seedlen);
+ seed = seed_help_buffer;
+ }
+
+ /* Step 6: U = hash(seed) */
+ gcry_md_hash_buffer (hashalgo, value_u, seed, seedlen);
+
+ /* Step 7: q = 2^{N-1} + U + 1 - (U mod 2) */
+ if ( !(value_u[qbits/8-1] & 0x01) )
+ {
+ for (i=qbits/8-1; i >= 0; i--)
+ {
+ value_u[i]++;
+ if (value_u[i])
+ break;
+ }
+ }
+ gcry_mpi_release (prime_q); prime_q = NULL;
+ ec = gpg_err_code (gcry_mpi_scan (&prime_q, GCRYMPI_FMT_USG,
+ value_u, sizeof value_u, NULL));
+ if (ec)
+ goto leave;
+ mpi_set_highbit (prime_q, qbits-1 );
+
+ /* Step 8: Test whether Q is prime using 64 round of Rabin-Miller.
+ According to table C.1 this is sufficient for all
+ supported prime sizes (i.e. up 3072/256). */
+ if (check_prime (prime_q, val_2, 64, NULL, NULL))
+ break; /* Yes, Q is prime. */
+
+ /* Step 8. */
+ seed = NULL; /* Force a new seed at Step 5. */
+ }
+
+ /* Step 11. Note that we do no use an explicit offset but increment
+ SEED_PLUS accordingly. */
+ memcpy (seed_plus, seed, seedlen);
+ counter = 0;
+
+ /* Generate P. */
+ prime_p = gcry_mpi_new (pbits);
+ for (;;)
+ {
+ /* Step 11.1: For j = 0,...n let
+ V_j = hash(seed+offset+j)
+ Step 11.2: W = V_0 + V_1*2^outlen +
+ ...
+ + V_{n-1}*2^{(n-1)*outlen}
+ + (V_{n} mod 2^b)*2^{n*outlen}
+ */
+ mpi_set_ui (value_w, 0);
+ for (value_j=0; value_j <= value_n; value_j++)
+ {
+ /* There is no need to have an explicit offset variable: In
+ the first round we shall have an offset of 1 and a j of
+ 0. This is achieved by incrementing SEED_PLUS here. For
+ the next round offset is implicitly updated by using
+ SEED_PLUS again. */
+ for (i=seedlen-1; i >= 0; i--)
+ {
+ seed_plus[i]++;
+ if (seed_plus[i])
+ break;
+ }
+ gcry_md_hash_buffer (GCRY_MD_SHA1, digest, seed_plus, seedlen);
+
+ gcry_mpi_release (tmpval); tmpval = NULL;
+ ec = gpg_err_code (gcry_mpi_scan (&tmpval, GCRYMPI_FMT_USG,
+ digest, sizeof digest, NULL));
+ if (ec)
+ goto leave;
+ if (value_j == value_n)
+ mpi_clear_highbit (tmpval, value_b); /* (V_n mod 2^b) */
+ mpi_lshift (tmpval, tmpval, value_j*qbits);
+ mpi_add (value_w, value_w, tmpval);
+ }
+
+ /* Step 11.3: X = W + 2^{L-1} */
+ mpi_set_ui (value_x, 0);
+ mpi_set_highbit (value_x, pbits-1);
+ mpi_add (value_x, value_x, value_w);
+
+ /* Step 11.4: c = X mod 2q */
+ mpi_mul_2exp (tmpval, prime_q, 1);
+ mpi_mod (tmpval, value_x, tmpval);
+
+ /* Step 11.5: p = X - (c - 1) */
+ mpi_sub_ui (tmpval, tmpval, 1);
+ mpi_sub (prime_p, value_x, tmpval);
+
+ /* Step 11.6: If p < 2^{L-1} skip the primality test. */
+ /* Step 11.7 and 11.8: Primality test. */
+ if (mpi_get_nbits (prime_p) >= pbits-1
+ && check_prime (prime_p, val_2, 64, NULL, NULL) )
+ break; /* Yes, P is prime, continue with Step 15. */
+
+ /* Step 11.9: counter = counter + 1, offset = offset + n + 1.
+ If counter >= 4L goto Step 5. */
+ counter++;
+ if (counter >= 4*pbits)
+ goto restart;
+ }
+
+ /* Step 12: Save p, q, counter and seed. */
+ log_debug ("fips186-3 pbits p=%u q=%u counter=%d\n",
+ mpi_get_nbits (prime_p), mpi_get_nbits (prime_q), counter);
+ log_printhex("fips186-3 seed:", seed, seedlen);
+ log_mpidump ("fips186-3 prime p", prime_p);
+ log_mpidump ("fips186-3 prime q", prime_q);
+ if (r_q)
+ {
+ *r_q = prime_q;
+ prime_q = NULL;
+ }
+ if (r_p)
+ {
+ *r_p = prime_p;
+ prime_p = NULL;
+ }
+ if (r_counter)
+ *r_counter = counter;
+ if (r_seed && r_seedlen)
+ {
+ memcpy (seed_plus, seed, seedlen);
+ *r_seed = seed_plus;
+ seed_plus = NULL;
+ *r_seedlen = seedlen;
+ }
+ if (r_hashalgo)
+ *r_hashalgo = hashalgo;
+
+ leave:
+ gcry_mpi_release (tmpval);
+ gcry_mpi_release (value_x);
+ gcry_mpi_release (value_w);
+ gcry_mpi_release (prime_p);
+ gcry_mpi_release (prime_q);
+ gcry_free (seed_plus);
+ gcry_mpi_release (val_2);
+ return ec;
+}
+
diff --git a/grub-core/lib/libgcrypt-grub/cipher/rfc2268.c b/grub-core/lib/libgcrypt-grub/cipher/rfc2268.c
new file mode 100644
index 0000000..f6c2679
--- /dev/null
+++ b/grub-core/lib/libgcrypt-grub/cipher/rfc2268.c
@@ -0,0 +1,282 @@
+/* This file was automatically imported with
+ import_gcry.py. Please don't modify it */
+#include <grub/dl.h>
+GRUB_MOD_LICENSE ("GPLv3+");
+/* rfc2268.c - The cipher described in rfc2268; aka Ron's Cipher 2.
+ * Copyright (C) 2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+/* This implementation was written by Nikos Mavroyanopoulos for GNUTLS
+ * as a Libgcrypt module (gnutls/lib/x509/rc2.c) and later adapted for
+ * direct use by Libgcrypt by Werner Koch. This implementation is
+ * only useful for pkcs#12 descryption.
+ *
+ * The implementation here is based on Peter Gutmann's RRC.2 paper.
+ */
+
+
+#include "g10lib.h"
+#include "types.h"
+#include "cipher.h"
+
+#define RFC2268_BLOCKSIZE 8
+
+typedef struct
+{
+ u16 S[64];
+} RFC2268_context;
+
+static const unsigned char rfc2268_sbox[] = {
+ 217, 120, 249, 196, 25, 221, 181, 237,
+ 40, 233, 253, 121, 74, 160, 216, 157,
+ 198, 126, 55, 131, 43, 118, 83, 142,
+ 98, 76, 100, 136, 68, 139, 251, 162,
+ 23, 154, 89, 245, 135, 179, 79, 19,
+ 97, 69, 109, 141, 9, 129, 125, 50,
+ 189, 143, 64, 235, 134, 183, 123, 11,
+ 240, 149, 33, 34, 92, 107, 78, 130,
+ 84, 214, 101, 147, 206, 96, 178, 28,
+ 115, 86, 192, 20, 167, 140, 241, 220,
+ 18, 117, 202, 31, 59, 190, 228, 209,
+ 66, 61, 212, 48, 163, 60, 182, 38,
+ 111, 191, 14, 218, 70, 105, 7, 87,
+ 39, 242, 29, 155, 188, 148, 67, 3,
+ 248, 17, 199, 246, 144, 239, 62, 231,
+ 6, 195, 213, 47, 200, 102, 30, 215,
+ 8, 232, 234, 222, 128, 82, 238, 247,
+ 132, 170, 114, 172, 53, 77, 106, 42,
+ 150, 26, 210, 113, 90, 21, 73, 116,
+ 75, 159, 208, 94, 4, 24, 164, 236,
+ 194, 224, 65, 110, 15, 81, 203, 204,
+ 36, 145, 175, 80, 161, 244, 112, 57,
+ 153, 124, 58, 133, 35, 184, 180, 122,
+ 252, 2, 54, 91, 37, 85, 151, 49,
+ 45, 93, 250, 152, 227, 138, 146, 174,
+ 5, 223, 41, 16, 103, 108, 186, 201,
+ 211, 0, 230, 207, 225, 158, 168, 44,
+ 99, 22, 1, 63, 88, 226, 137, 169,
+ 13, 56, 52, 27, 171, 51, 255, 176,
+ 187, 72, 12, 95, 185, 177, 205, 46,
+ 197, 243, 219, 71, 229, 165, 156, 119,
+ 10, 166, 32, 104, 254, 127, 193, 173
+};
+
+#define rotl16(x,n) (((x) << ((u16)(n))) | ((x) >> (16 - (u16)(n))))
+#define rotr16(x,n) (((x) >> ((u16)(n))) | ((x) << (16 - (u16)(n))))
+
+
+
+static void
+do_encrypt (void *context, unsigned char *outbuf, const unsigned char *inbuf)
+{
+ RFC2268_context *ctx = context;
+ register int i, j;
+ u16 word0 = 0, word1 = 0, word2 = 0, word3 = 0;
+
+ word0 = (word0 << 8) | inbuf[1];
+ word0 = (word0 << 8) | inbuf[0];
+ word1 = (word1 << 8) | inbuf[3];
+ word1 = (word1 << 8) | inbuf[2];
+ word2 = (word2 << 8) | inbuf[5];
+ word2 = (word2 << 8) | inbuf[4];
+ word3 = (word3 << 8) | inbuf[7];
+ word3 = (word3 << 8) | inbuf[6];
+
+ for (i = 0; i < 16; i++)
+ {
+ j = i * 4;
+ /* For some reason I cannot combine those steps. */
+ word0 += (word1 & ~word3) + (word2 & word3) + ctx->S[j];
+ word0 = rotl16(word0, 1);
+
+ word1 += (word2 & ~word0) + (word3 & word0) + ctx->S[j + 1];
+ word1 = rotl16(word1, 2);
+
+ word2 += (word3 & ~word1) + (word0 & word1) + ctx->S[j + 2];
+ word2 = rotl16(word2, 3);
+
+ word3 += (word0 & ~word2) + (word1 & word2) + ctx->S[j + 3];
+ word3 = rotl16(word3, 5);
+
+ if (i == 4 || i == 10)
+ {
+ word0 += ctx->S[word3 & 63];
+ word1 += ctx->S[word0 & 63];
+ word2 += ctx->S[word1 & 63];
+ word3 += ctx->S[word2 & 63];
+ }
+
+ }
+
+ outbuf[0] = word0 & 255;
+ outbuf[1] = word0 >> 8;
+ outbuf[2] = word1 & 255;
+ outbuf[3] = word1 >> 8;
+ outbuf[4] = word2 & 255;
+ outbuf[5] = word2 >> 8;
+ outbuf[6] = word3 & 255;
+ outbuf[7] = word3 >> 8;
+}
+
+static void
+do_decrypt (void *context, unsigned char *outbuf, const unsigned char *inbuf)
+{
+ RFC2268_context *ctx = context;
+ register int i, j;
+ u16 word0 = 0, word1 = 0, word2 = 0, word3 = 0;
+
+ word0 = (word0 << 8) | inbuf[1];
+ word0 = (word0 << 8) | inbuf[0];
+ word1 = (word1 << 8) | inbuf[3];
+ word1 = (word1 << 8) | inbuf[2];
+ word2 = (word2 << 8) | inbuf[5];
+ word2 = (word2 << 8) | inbuf[4];
+ word3 = (word3 << 8) | inbuf[7];
+ word3 = (word3 << 8) | inbuf[6];
+
+ for (i = 15; i >= 0; i--)
+ {
+ j = i * 4;
+
+ word3 = rotr16(word3, 5);
+ word3 -= (word0 & ~word2) + (word1 & word2) + ctx->S[j + 3];
+
+ word2 = rotr16(word2, 3);
+ word2 -= (word3 & ~word1) + (word0 & word1) + ctx->S[j + 2];
+
+ word1 = rotr16(word1, 2);
+ word1 -= (word2 & ~word0) + (word3 & word0) + ctx->S[j + 1];
+
+ word0 = rotr16(word0, 1);
+ word0 -= (word1 & ~word3) + (word2 & word3) + ctx->S[j];
+
+ if (i == 5 || i == 11)
+ {
+ word3 = word3 - ctx->S[word2 & 63];
+ word2 = word2 - ctx->S[word1 & 63];
+ word1 = word1 - ctx->S[word0 & 63];
+ word0 = word0 - ctx->S[word3 & 63];
+ }
+
+ }
+
+ outbuf[0] = word0 & 255;
+ outbuf[1] = word0 >> 8;
+ outbuf[2] = word1 & 255;
+ outbuf[3] = word1 >> 8;
+ outbuf[4] = word2 & 255;
+ outbuf[5] = word2 >> 8;
+ outbuf[6] = word3 & 255;
+ outbuf[7] = word3 >> 8;
+}
+
+
+static gpg_err_code_t
+setkey_core (void *context, const unsigned char *key, unsigned int keylen, int with_phase2)
+{
+ static int initialized;
+ static const char *selftest_failed;
+ RFC2268_context *ctx = context;
+ unsigned int i;
+ unsigned char *S, x;
+ int len;
+ int bits = keylen * 8;
+
+ if (!initialized)
+ {
+ initialized = 1;
+ selftest_failed = selftest ();
+ if (selftest_failed)
+ log_error ("RFC2268 selftest failed (%s).\n", selftest_failed);
+ }
+ if (selftest_failed)
+ return GPG_ERR_SELFTEST_FAILED;
+
+ if (keylen < 40 / 8) /* We want at least 40 bits. */
+ return GPG_ERR_INV_KEYLEN;
+
+ S = (unsigned char *) ctx->S;
+
+ for (i = 0; i < keylen; i++)
+ S[i] = key[i];
+
+ for (i = keylen; i < 128; i++)
+ S[i] = rfc2268_sbox[(S[i - keylen] + S[i - 1]) & 255];
+
+ S[0] = rfc2268_sbox[S[0]];
+
+ /* Phase 2 - reduce effective key size to "bits". This was not
+ * discussed in Gutmann's paper. I've copied that from the public
+ * domain code posted in sci.crypt. */
+ if (with_phase2)
+ {
+ len = (bits + 7) >> 3;
+ i = 128 - len;
+ x = rfc2268_sbox[S[i] & (255 >> (7 & -bits))];
+ S[i] = x;
+
+ while (i--)
+ {
+ x = rfc2268_sbox[x ^ S[i + len]];
+ S[i] = x;
+ }
+ }
+
+ /* Make the expanded key, endian independent. */
+ for (i = 0; i < 64; i++)
+ ctx->S[i] = ( (u16) S[i * 2] | (((u16) S[i * 2 + 1]) << 8));
+
+ return 0;
+}
+
+static gpg_err_code_t
+do_setkey (void *context, const unsigned char *key, unsigned int keylen)
+{
+ return setkey_core (context, key, keylen, 1);
+}
+
+
+
+
+static gcry_cipher_oid_spec_t oids_rfc2268_40[] =
+ {
+ /*{ "1.2.840.113549.3.2", GCRY_CIPHER_MODE_CBC },*/
+ /* pbeWithSHAAnd40BitRC2_CBC */
+ { "1.2.840.113549.1.12.1.6", GCRY_CIPHER_MODE_CBC },
+ { NULL }
+ };
+
+gcry_cipher_spec_t _gcry_cipher_spec_rfc2268_40 = {
+ "RFC2268_40", NULL, oids_rfc2268_40,
+ RFC2268_BLOCKSIZE, 40, sizeof(RFC2268_context),
+ do_setkey, do_encrypt, do_decrypt
+};
+
+
+
+GRUB_MOD_INIT(gcry_rfc2268)
+{
+ grub_cipher_register (&_gcry_cipher_spec_rfc2268_40);
+}
+
+GRUB_MOD_FINI(gcry_rfc2268)
+{
+ grub_cipher_unregister (&_gcry_cipher_spec_rfc2268_40);
+}
diff --git a/grub-core/lib/libgcrypt-grub/cipher/rijndael-tables.h b/grub-core/lib/libgcrypt-grub/cipher/rijndael-tables.h
new file mode 100644
index 0000000..b027ec6
--- /dev/null
+++ b/grub-core/lib/libgcrypt-grub/cipher/rijndael-tables.h
@@ -0,0 +1,1690 @@
+/* This file was automatically imported with
+ import_gcry.py. Please don't modify it */
+#include <grub/dl.h>
+/* rijndael-tables.h - Rijndael (AES) for GnuPG,
+ * Copyright (C) 2000, 2001, 2002, 2003, 2007,
+ * 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* To keep the actual implementation at a readable size we use this
+ include file to define the tables. */
+
+static const unsigned char S[256] =
+ {
+ 99, 124, 119, 123, 242, 107, 111, 197,
+ 48, 1, 103, 43, 254, 215, 171, 118,
+ 202, 130, 201, 125, 250, 89, 71, 240,
+ 173, 212, 162, 175, 156, 164, 114, 192,
+ 183, 253, 147, 38, 54, 63, 247, 204,
+ 52, 165, 229, 241, 113, 216, 49, 21,
+ 4, 199, 35, 195, 24, 150, 5, 154,
+ 7, 18, 128, 226, 235, 39, 178, 117,
+ 9, 131, 44, 26, 27, 110, 90, 160,
+ 82, 59, 214, 179, 41, 227, 47, 132,
+ 83, 209, 0, 237, 32, 252, 177, 91,
+ 106, 203, 190, 57, 74, 76, 88, 207,
+ 208, 239, 170, 251, 67, 77, 51, 133,
+ 69, 249, 2, 127, 80, 60, 159, 168,
+ 81, 163, 64, 143, 146, 157, 56, 245,
+ 188, 182, 218, 33, 16, 255, 243, 210,
+ 205, 12, 19, 236, 95, 151, 68, 23,
+ 196, 167, 126, 61, 100, 93, 25, 115,
+ 96, 129, 79, 220, 34, 42, 144, 136,
+ 70, 238, 184, 20, 222, 94, 11, 219,
+ 224, 50, 58, 10, 73, 6, 36, 92,
+ 194, 211, 172, 98, 145, 149, 228, 121,
+ 231, 200, 55, 109, 141, 213, 78, 169,
+ 108, 86, 244, 234, 101, 122, 174, 8,
+ 186, 120, 37, 46, 28, 166, 180, 198,
+ 232, 221, 116, 31, 75, 189, 139, 138,
+ 112, 62, 181, 102, 72, 3, 246, 14,
+ 97, 53, 87, 185, 134, 193, 29, 158,
+ 225, 248, 152, 17, 105, 217, 142, 148,
+ 155, 30, 135, 233, 206, 85, 40, 223,
+ 140, 161, 137, 13, 191, 230, 66, 104,
+ 65, 153, 45, 15, 176, 84, 187, 22
+ };
+
+
+static const unsigned char T1[256][4] =
+ {
+ { 0xc6,0x63,0x63,0xa5 }, { 0xf8,0x7c,0x7c,0x84 },
+ { 0xee,0x77,0x77,0x99 }, { 0xf6,0x7b,0x7b,0x8d },
+ { 0xff,0xf2,0xf2,0x0d }, { 0xd6,0x6b,0x6b,0xbd },
+ { 0xde,0x6f,0x6f,0xb1 }, { 0x91,0xc5,0xc5,0x54 },
+ { 0x60,0x30,0x30,0x50 }, { 0x02,0x01,0x01,0x03 },
+ { 0xce,0x67,0x67,0xa9 }, { 0x56,0x2b,0x2b,0x7d },
+ { 0xe7,0xfe,0xfe,0x19 }, { 0xb5,0xd7,0xd7,0x62 },
+ { 0x4d,0xab,0xab,0xe6 }, { 0xec,0x76,0x76,0x9a },
+ { 0x8f,0xca,0xca,0x45 }, { 0x1f,0x82,0x82,0x9d },
+ { 0x89,0xc9,0xc9,0x40 }, { 0xfa,0x7d,0x7d,0x87 },
+ { 0xef,0xfa,0xfa,0x15 }, { 0xb2,0x59,0x59,0xeb },
+ { 0x8e,0x47,0x47,0xc9 }, { 0xfb,0xf0,0xf0,0x0b },
+ { 0x41,0xad,0xad,0xec }, { 0xb3,0xd4,0xd4,0x67 },
+ { 0x5f,0xa2,0xa2,0xfd }, { 0x45,0xaf,0xaf,0xea },
+ { 0x23,0x9c,0x9c,0xbf }, { 0x53,0xa4,0xa4,0xf7 },
+ { 0xe4,0x72,0x72,0x96 }, { 0x9b,0xc0,0xc0,0x5b },
+ { 0x75,0xb7,0xb7,0xc2 }, { 0xe1,0xfd,0xfd,0x1c },
+ { 0x3d,0x93,0x93,0xae }, { 0x4c,0x26,0x26,0x6a },
+ { 0x6c,0x36,0x36,0x5a }, { 0x7e,0x3f,0x3f,0x41 },
+ { 0xf5,0xf7,0xf7,0x02 }, { 0x83,0xcc,0xcc,0x4f },
+ { 0x68,0x34,0x34,0x5c }, { 0x51,0xa5,0xa5,0xf4 },
+ { 0xd1,0xe5,0xe5,0x34 }, { 0xf9,0xf1,0xf1,0x08 },
+ { 0xe2,0x71,0x71,0x93 }, { 0xab,0xd8,0xd8,0x73 },
+ { 0x62,0x31,0x31,0x53 }, { 0x2a,0x15,0x15,0x3f },
+ { 0x08,0x04,0x04,0x0c }, { 0x95,0xc7,0xc7,0x52 },
+ { 0x46,0x23,0x23,0x65 }, { 0x9d,0xc3,0xc3,0x5e },
+ { 0x30,0x18,0x18,0x28 }, { 0x37,0x96,0x96,0xa1 },
+ { 0x0a,0x05,0x05,0x0f }, { 0x2f,0x9a,0x9a,0xb5 },
+ { 0x0e,0x07,0x07,0x09 }, { 0x24,0x12,0x12,0x36 },
+ { 0x1b,0x80,0x80,0x9b }, { 0xdf,0xe2,0xe2,0x3d },
+ { 0xcd,0xeb,0xeb,0x26 }, { 0x4e,0x27,0x27,0x69 },
+ { 0x7f,0xb2,0xb2,0xcd }, { 0xea,0x75,0x75,0x9f },
+ { 0x12,0x09,0x09,0x1b }, { 0x1d,0x83,0x83,0x9e },
+ { 0x58,0x2c,0x2c,0x74 }, { 0x34,0x1a,0x1a,0x2e },
+ { 0x36,0x1b,0x1b,0x2d }, { 0xdc,0x6e,0x6e,0xb2 },
+ { 0xb4,0x5a,0x5a,0xee }, { 0x5b,0xa0,0xa0,0xfb },
+ { 0xa4,0x52,0x52,0xf6 }, { 0x76,0x3b,0x3b,0x4d },
+ { 0xb7,0xd6,0xd6,0x61 }, { 0x7d,0xb3,0xb3,0xce },
+ { 0x52,0x29,0x29,0x7b }, { 0xdd,0xe3,0xe3,0x3e },
+ { 0x5e,0x2f,0x2f,0x71 }, { 0x13,0x84,0x84,0x97 },
+ { 0xa6,0x53,0x53,0xf5 }, { 0xb9,0xd1,0xd1,0x68 },
+ { 0x00,0x00,0x00,0x00 }, { 0xc1,0xed,0xed,0x2c },
+ { 0x40,0x20,0x20,0x60 }, { 0xe3,0xfc,0xfc,0x1f },
+ { 0x79,0xb1,0xb1,0xc8 }, { 0xb6,0x5b,0x5b,0xed },
+ { 0xd4,0x6a,0x6a,0xbe }, { 0x8d,0xcb,0xcb,0x46 },
+ { 0x67,0xbe,0xbe,0xd9 }, { 0x72,0x39,0x39,0x4b },
+ { 0x94,0x4a,0x4a,0xde }, { 0x98,0x4c,0x4c,0xd4 },
+ { 0xb0,0x58,0x58,0xe8 }, { 0x85,0xcf,0xcf,0x4a },
+ { 0xbb,0xd0,0xd0,0x6b }, { 0xc5,0xef,0xef,0x2a },
+ { 0x4f,0xaa,0xaa,0xe5 }, { 0xed,0xfb,0xfb,0x16 },
+ { 0x86,0x43,0x43,0xc5 }, { 0x9a,0x4d,0x4d,0xd7 },
+ { 0x66,0x33,0x33,0x55 }, { 0x11,0x85,0x85,0x94 },
+ { 0x8a,0x45,0x45,0xcf }, { 0xe9,0xf9,0xf9,0x10 },
+ { 0x04,0x02,0x02,0x06 }, { 0xfe,0x7f,0x7f,0x81 },
+ { 0xa0,0x50,0x50,0xf0 }, { 0x78,0x3c,0x3c,0x44 },
+ { 0x25,0x9f,0x9f,0xba }, { 0x4b,0xa8,0xa8,0xe3 },
+ { 0xa2,0x51,0x51,0xf3 }, { 0x5d,0xa3,0xa3,0xfe },
+ { 0x80,0x40,0x40,0xc0 }, { 0x05,0x8f,0x8f,0x8a },
+ { 0x3f,0x92,0x92,0xad }, { 0x21,0x9d,0x9d,0xbc },
+ { 0x70,0x38,0x38,0x48 }, { 0xf1,0xf5,0xf5,0x04 },
+ { 0x63,0xbc,0xbc,0xdf }, { 0x77,0xb6,0xb6,0xc1 },
+ { 0xaf,0xda,0xda,0x75 }, { 0x42,0x21,0x21,0x63 },
+ { 0x20,0x10,0x10,0x30 }, { 0xe5,0xff,0xff,0x1a },
+ { 0xfd,0xf3,0xf3,0x0e }, { 0xbf,0xd2,0xd2,0x6d },
+ { 0x81,0xcd,0xcd,0x4c }, { 0x18,0x0c,0x0c,0x14 },
+ { 0x26,0x13,0x13,0x35 }, { 0xc3,0xec,0xec,0x2f },
+ { 0xbe,0x5f,0x5f,0xe1 }, { 0x35,0x97,0x97,0xa2 },
+ { 0x88,0x44,0x44,0xcc }, { 0x2e,0x17,0x17,0x39 },
+ { 0x93,0xc4,0xc4,0x57 }, { 0x55,0xa7,0xa7,0xf2 },
+ { 0xfc,0x7e,0x7e,0x82 }, { 0x7a,0x3d,0x3d,0x47 },
+ { 0xc8,0x64,0x64,0xac }, { 0xba,0x5d,0x5d,0xe7 },
+ { 0x32,0x19,0x19,0x2b }, { 0xe6,0x73,0x73,0x95 },
+ { 0xc0,0x60,0x60,0xa0 }, { 0x19,0x81,0x81,0x98 },
+ { 0x9e,0x4f,0x4f,0xd1 }, { 0xa3,0xdc,0xdc,0x7f },
+ { 0x44,0x22,0x22,0x66 }, { 0x54,0x2a,0x2a,0x7e },
+ { 0x3b,0x90,0x90,0xab }, { 0x0b,0x88,0x88,0x83 },
+ { 0x8c,0x46,0x46,0xca }, { 0xc7,0xee,0xee,0x29 },
+ { 0x6b,0xb8,0xb8,0xd3 }, { 0x28,0x14,0x14,0x3c },
+ { 0xa7,0xde,0xde,0x79 }, { 0xbc,0x5e,0x5e,0xe2 },
+ { 0x16,0x0b,0x0b,0x1d }, { 0xad,0xdb,0xdb,0x76 },
+ { 0xdb,0xe0,0xe0,0x3b }, { 0x64,0x32,0x32,0x56 },
+ { 0x74,0x3a,0x3a,0x4e }, { 0x14,0x0a,0x0a,0x1e },
+ { 0x92,0x49,0x49,0xdb }, { 0x0c,0x06,0x06,0x0a },
+ { 0x48,0x24,0x24,0x6c }, { 0xb8,0x5c,0x5c,0xe4 },
+ { 0x9f,0xc2,0xc2,0x5d }, { 0xbd,0xd3,0xd3,0x6e },
+ { 0x43,0xac,0xac,0xef }, { 0xc4,0x62,0x62,0xa6 },
+ { 0x39,0x91,0x91,0xa8 }, { 0x31,0x95,0x95,0xa4 },
+ { 0xd3,0xe4,0xe4,0x37 }, { 0xf2,0x79,0x79,0x8b },
+ { 0xd5,0xe7,0xe7,0x32 }, { 0x8b,0xc8,0xc8,0x43 },
+ { 0x6e,0x37,0x37,0x59 }, { 0xda,0x6d,0x6d,0xb7 },
+ { 0x01,0x8d,0x8d,0x8c }, { 0xb1,0xd5,0xd5,0x64 },
+ { 0x9c,0x4e,0x4e,0xd2 }, { 0x49,0xa9,0xa9,0xe0 },
+ { 0xd8,0x6c,0x6c,0xb4 }, { 0xac,0x56,0x56,0xfa },
+ { 0xf3,0xf4,0xf4,0x07 }, { 0xcf,0xea,0xea,0x25 },
+ { 0xca,0x65,0x65,0xaf }, { 0xf4,0x7a,0x7a,0x8e },
+ { 0x47,0xae,0xae,0xe9 }, { 0x10,0x08,0x08,0x18 },
+ { 0x6f,0xba,0xba,0xd5 }, { 0xf0,0x78,0x78,0x88 },
+ { 0x4a,0x25,0x25,0x6f }, { 0x5c,0x2e,0x2e,0x72 },
+ { 0x38,0x1c,0x1c,0x24 }, { 0x57,0xa6,0xa6,0xf1 },
+ { 0x73,0xb4,0xb4,0xc7 }, { 0x97,0xc6,0xc6,0x51 },
+ { 0xcb,0xe8,0xe8,0x23 }, { 0xa1,0xdd,0xdd,0x7c },
+ { 0xe8,0x74,0x74,0x9c }, { 0x3e,0x1f,0x1f,0x21 },
+ { 0x96,0x4b,0x4b,0xdd }, { 0x61,0xbd,0xbd,0xdc },
+ { 0x0d,0x8b,0x8b,0x86 }, { 0x0f,0x8a,0x8a,0x85 },
+ { 0xe0,0x70,0x70,0x90 }, { 0x7c,0x3e,0x3e,0x42 },
+ { 0x71,0xb5,0xb5,0xc4 }, { 0xcc,0x66,0x66,0xaa },
+ { 0x90,0x48,0x48,0xd8 }, { 0x06,0x03,0x03,0x05 },
+ { 0xf7,0xf6,0xf6,0x01 }, { 0x1c,0x0e,0x0e,0x12 },
+ { 0xc2,0x61,0x61,0xa3 }, { 0x6a,0x35,0x35,0x5f },
+ { 0xae,0x57,0x57,0xf9 }, { 0x69,0xb9,0xb9,0xd0 },
+ { 0x17,0x86,0x86,0x91 }, { 0x99,0xc1,0xc1,0x58 },
+ { 0x3a,0x1d,0x1d,0x27 }, { 0x27,0x9e,0x9e,0xb9 },
+ { 0xd9,0xe1,0xe1,0x38 }, { 0xeb,0xf8,0xf8,0x13 },
+ { 0x2b,0x98,0x98,0xb3 }, { 0x22,0x11,0x11,0x33 },
+ { 0xd2,0x69,0x69,0xbb }, { 0xa9,0xd9,0xd9,0x70 },
+ { 0x07,0x8e,0x8e,0x89 }, { 0x33,0x94,0x94,0xa7 },
+ { 0x2d,0x9b,0x9b,0xb6 }, { 0x3c,0x1e,0x1e,0x22 },
+ { 0x15,0x87,0x87,0x92 }, { 0xc9,0xe9,0xe9,0x20 },
+ { 0x87,0xce,0xce,0x49 }, { 0xaa,0x55,0x55,0xff },
+ { 0x50,0x28,0x28,0x78 }, { 0xa5,0xdf,0xdf,0x7a },
+ { 0x03,0x8c,0x8c,0x8f }, { 0x59,0xa1,0xa1,0xf8 },
+ { 0x09,0x89,0x89,0x80 }, { 0x1a,0x0d,0x0d,0x17 },
+ { 0x65,0xbf,0xbf,0xda }, { 0xd7,0xe6,0xe6,0x31 },
+ { 0x84,0x42,0x42,0xc6 }, { 0xd0,0x68,0x68,0xb8 },
+ { 0x82,0x41,0x41,0xc3 }, { 0x29,0x99,0x99,0xb0 },
+ { 0x5a,0x2d,0x2d,0x77 }, { 0x1e,0x0f,0x0f,0x11 },
+ { 0x7b,0xb0,0xb0,0xcb }, { 0xa8,0x54,0x54,0xfc },
+ { 0x6d,0xbb,0xbb,0xd6 }, { 0x2c,0x16,0x16,0x3a }
+ };
+
+static const unsigned char T2[256][4] =
+ {
+ { 0xa5,0xc6,0x63,0x63 }, { 0x84,0xf8,0x7c,0x7c },
+ { 0x99,0xee,0x77,0x77 }, { 0x8d,0xf6,0x7b,0x7b },
+ { 0x0d,0xff,0xf2,0xf2 }, { 0xbd,0xd6,0x6b,0x6b },
+ { 0xb1,0xde,0x6f,0x6f }, { 0x54,0x91,0xc5,0xc5 },
+ { 0x50,0x60,0x30,0x30 }, { 0x03,0x02,0x01,0x01 },
+ { 0xa9,0xce,0x67,0x67 }, { 0x7d,0x56,0x2b,0x2b },
+ { 0x19,0xe7,0xfe,0xfe }, { 0x62,0xb5,0xd7,0xd7 },
+ { 0xe6,0x4d,0xab,0xab }, { 0x9a,0xec,0x76,0x76 },
+ { 0x45,0x8f,0xca,0xca }, { 0x9d,0x1f,0x82,0x82 },
+ { 0x40,0x89,0xc9,0xc9 }, { 0x87,0xfa,0x7d,0x7d },
+ { 0x15,0xef,0xfa,0xfa }, { 0xeb,0xb2,0x59,0x59 },
+ { 0xc9,0x8e,0x47,0x47 }, { 0x0b,0xfb,0xf0,0xf0 },
+ { 0xec,0x41,0xad,0xad }, { 0x67,0xb3,0xd4,0xd4 },
+ { 0xfd,0x5f,0xa2,0xa2 }, { 0xea,0x45,0xaf,0xaf },
+ { 0xbf,0x23,0x9c,0x9c }, { 0xf7,0x53,0xa4,0xa4 },
+ { 0x96,0xe4,0x72,0x72 }, { 0x5b,0x9b,0xc0,0xc0 },
+ { 0xc2,0x75,0xb7,0xb7 }, { 0x1c,0xe1,0xfd,0xfd },
+ { 0xae,0x3d,0x93,0x93 }, { 0x6a,0x4c,0x26,0x26 },
+ { 0x5a,0x6c,0x36,0x36 }, { 0x41,0x7e,0x3f,0x3f },
+ { 0x02,0xf5,0xf7,0xf7 }, { 0x4f,0x83,0xcc,0xcc },
+ { 0x5c,0x68,0x34,0x34 }, { 0xf4,0x51,0xa5,0xa5 },
+ { 0x34,0xd1,0xe5,0xe5 }, { 0x08,0xf9,0xf1,0xf1 },
+ { 0x93,0xe2,0x71,0x71 }, { 0x73,0xab,0xd8,0xd8 },
+ { 0x53,0x62,0x31,0x31 }, { 0x3f,0x2a,0x15,0x15 },
+ { 0x0c,0x08,0x04,0x04 }, { 0x52,0x95,0xc7,0xc7 },
+ { 0x65,0x46,0x23,0x23 }, { 0x5e,0x9d,0xc3,0xc3 },
+ { 0x28,0x30,0x18,0x18 }, { 0xa1,0x37,0x96,0x96 },
+ { 0x0f,0x0a,0x05,0x05 }, { 0xb5,0x2f,0x9a,0x9a },
+ { 0x09,0x0e,0x07,0x07 }, { 0x36,0x24,0x12,0x12 },
+ { 0x9b,0x1b,0x80,0x80 }, { 0x3d,0xdf,0xe2,0xe2 },
+ { 0x26,0xcd,0xeb,0xeb }, { 0x69,0x4e,0x27,0x27 },
+ { 0xcd,0x7f,0xb2,0xb2 }, { 0x9f,0xea,0x75,0x75 },
+ { 0x1b,0x12,0x09,0x09 }, { 0x9e,0x1d,0x83,0x83 },
+ { 0x74,0x58,0x2c,0x2c }, { 0x2e,0x34,0x1a,0x1a },
+ { 0x2d,0x36,0x1b,0x1b }, { 0xb2,0xdc,0x6e,0x6e },
+ { 0xee,0xb4,0x5a,0x5a }, { 0xfb,0x5b,0xa0,0xa0 },
+ { 0xf6,0xa4,0x52,0x52 }, { 0x4d,0x76,0x3b,0x3b },
+ { 0x61,0xb7,0xd6,0xd6 }, { 0xce,0x7d,0xb3,0xb3 },
+ { 0x7b,0x52,0x29,0x29 }, { 0x3e,0xdd,0xe3,0xe3 },
+ { 0x71,0x5e,0x2f,0x2f }, { 0x97,0x13,0x84,0x84 },
+ { 0xf5,0xa6,0x53,0x53 }, { 0x68,0xb9,0xd1,0xd1 },
+ { 0x00,0x00,0x00,0x00 }, { 0x2c,0xc1,0xed,0xed },
+ { 0x60,0x40,0x20,0x20 }, { 0x1f,0xe3,0xfc,0xfc },
+ { 0xc8,0x79,0xb1,0xb1 }, { 0xed,0xb6,0x5b,0x5b },
+ { 0xbe,0xd4,0x6a,0x6a }, { 0x46,0x8d,0xcb,0xcb },
+ { 0xd9,0x67,0xbe,0xbe }, { 0x4b,0x72,0x39,0x39 },
+ { 0xde,0x94,0x4a,0x4a }, { 0xd4,0x98,0x4c,0x4c },
+ { 0xe8,0xb0,0x58,0x58 }, { 0x4a,0x85,0xcf,0xcf },
+ { 0x6b,0xbb,0xd0,0xd0 }, { 0x2a,0xc5,0xef,0xef },
+ { 0xe5,0x4f,0xaa,0xaa }, { 0x16,0xed,0xfb,0xfb },
+ { 0xc5,0x86,0x43,0x43 }, { 0xd7,0x9a,0x4d,0x4d },
+ { 0x55,0x66,0x33,0x33 }, { 0x94,0x11,0x85,0x85 },
+ { 0xcf,0x8a,0x45,0x45 }, { 0x10,0xe9,0xf9,0xf9 },
+ { 0x06,0x04,0x02,0x02 }, { 0x81,0xfe,0x7f,0x7f },
+ { 0xf0,0xa0,0x50,0x50 }, { 0x44,0x78,0x3c,0x3c },
+ { 0xba,0x25,0x9f,0x9f }, { 0xe3,0x4b,0xa8,0xa8 },
+ { 0xf3,0xa2,0x51,0x51 }, { 0xfe,0x5d,0xa3,0xa3 },
+ { 0xc0,0x80,0x40,0x40 }, { 0x8a,0x05,0x8f,0x8f },
+ { 0xad,0x3f,0x92,0x92 }, { 0xbc,0x21,0x9d,0x9d },
+ { 0x48,0x70,0x38,0x38 }, { 0x04,0xf1,0xf5,0xf5 },
+ { 0xdf,0x63,0xbc,0xbc }, { 0xc1,0x77,0xb6,0xb6 },
+ { 0x75,0xaf,0xda,0xda }, { 0x63,0x42,0x21,0x21 },
+ { 0x30,0x20,0x10,0x10 }, { 0x1a,0xe5,0xff,0xff },
+ { 0x0e,0xfd,0xf3,0xf3 }, { 0x6d,0xbf,0xd2,0xd2 },
+ { 0x4c,0x81,0xcd,0xcd }, { 0x14,0x18,0x0c,0x0c },
+ { 0x35,0x26,0x13,0x13 }, { 0x2f,0xc3,0xec,0xec },
+ { 0xe1,0xbe,0x5f,0x5f }, { 0xa2,0x35,0x97,0x97 },
+ { 0xcc,0x88,0x44,0x44 }, { 0x39,0x2e,0x17,0x17 },
+ { 0x57,0x93,0xc4,0xc4 }, { 0xf2,0x55,0xa7,0xa7 },
+ { 0x82,0xfc,0x7e,0x7e }, { 0x47,0x7a,0x3d,0x3d },
+ { 0xac,0xc8,0x64,0x64 }, { 0xe7,0xba,0x5d,0x5d },
+ { 0x2b,0x32,0x19,0x19 }, { 0x95,0xe6,0x73,0x73 },
+ { 0xa0,0xc0,0x60,0x60 }, { 0x98,0x19,0x81,0x81 },
+ { 0xd1,0x9e,0x4f,0x4f }, { 0x7f,0xa3,0xdc,0xdc },
+ { 0x66,0x44,0x22,0x22 }, { 0x7e,0x54,0x2a,0x2a },
+ { 0xab,0x3b,0x90,0x90 }, { 0x83,0x0b,0x88,0x88 },
+ { 0xca,0x8c,0x46,0x46 }, { 0x29,0xc7,0xee,0xee },
+ { 0xd3,0x6b,0xb8,0xb8 }, { 0x3c,0x28,0x14,0x14 },
+ { 0x79,0xa7,0xde,0xde }, { 0xe2,0xbc,0x5e,0x5e },
+ { 0x1d,0x16,0x0b,0x0b }, { 0x76,0xad,0xdb,0xdb },
+ { 0x3b,0xdb,0xe0,0xe0 }, { 0x56,0x64,0x32,0x32 },
+ { 0x4e,0x74,0x3a,0x3a }, { 0x1e,0x14,0x0a,0x0a },
+ { 0xdb,0x92,0x49,0x49 }, { 0x0a,0x0c,0x06,0x06 },
+ { 0x6c,0x48,0x24,0x24 }, { 0xe4,0xb8,0x5c,0x5c },
+ { 0x5d,0x9f,0xc2,0xc2 }, { 0x6e,0xbd,0xd3,0xd3 },
+ { 0xef,0x43,0xac,0xac }, { 0xa6,0xc4,0x62,0x62 },
+ { 0xa8,0x39,0x91,0x91 }, { 0xa4,0x31,0x95,0x95 },
+ { 0x37,0xd3,0xe4,0xe4 }, { 0x8b,0xf2,0x79,0x79 },
+ { 0x32,0xd5,0xe7,0xe7 }, { 0x43,0x8b,0xc8,0xc8 },
+ { 0x59,0x6e,0x37,0x37 }, { 0xb7,0xda,0x6d,0x6d },
+ { 0x8c,0x01,0x8d,0x8d }, { 0x64,0xb1,0xd5,0xd5 },
+ { 0xd2,0x9c,0x4e,0x4e }, { 0xe0,0x49,0xa9,0xa9 },
+ { 0xb4,0xd8,0x6c,0x6c }, { 0xfa,0xac,0x56,0x56 },
+ { 0x07,0xf3,0xf4,0xf4 }, { 0x25,0xcf,0xea,0xea },
+ { 0xaf,0xca,0x65,0x65 }, { 0x8e,0xf4,0x7a,0x7a },
+ { 0xe9,0x47,0xae,0xae }, { 0x18,0x10,0x08,0x08 },
+ { 0xd5,0x6f,0xba,0xba }, { 0x88,0xf0,0x78,0x78 },
+ { 0x6f,0x4a,0x25,0x25 }, { 0x72,0x5c,0x2e,0x2e },
+ { 0x24,0x38,0x1c,0x1c }, { 0xf1,0x57,0xa6,0xa6 },
+ { 0xc7,0x73,0xb4,0xb4 }, { 0x51,0x97,0xc6,0xc6 },
+ { 0x23,0xcb,0xe8,0xe8 }, { 0x7c,0xa1,0xdd,0xdd },
+ { 0x9c,0xe8,0x74,0x74 }, { 0x21,0x3e,0x1f,0x1f },
+ { 0xdd,0x96,0x4b,0x4b }, { 0xdc,0x61,0xbd,0xbd },
+ { 0x86,0x0d,0x8b,0x8b }, { 0x85,0x0f,0x8a,0x8a },
+ { 0x90,0xe0,0x70,0x70 }, { 0x42,0x7c,0x3e,0x3e },
+ { 0xc4,0x71,0xb5,0xb5 }, { 0xaa,0xcc,0x66,0x66 },
+ { 0xd8,0x90,0x48,0x48 }, { 0x05,0x06,0x03,0x03 },
+ { 0x01,0xf7,0xf6,0xf6 }, { 0x12,0x1c,0x0e,0x0e },
+ { 0xa3,0xc2,0x61,0x61 }, { 0x5f,0x6a,0x35,0x35 },
+ { 0xf9,0xae,0x57,0x57 }, { 0xd0,0x69,0xb9,0xb9 },
+ { 0x91,0x17,0x86,0x86 }, { 0x58,0x99,0xc1,0xc1 },
+ { 0x27,0x3a,0x1d,0x1d }, { 0xb9,0x27,0x9e,0x9e },
+ { 0x38,0xd9,0xe1,0xe1 }, { 0x13,0xeb,0xf8,0xf8 },
+ { 0xb3,0x2b,0x98,0x98 }, { 0x33,0x22,0x11,0x11 },
+ { 0xbb,0xd2,0x69,0x69 }, { 0x70,0xa9,0xd9,0xd9 },
+ { 0x89,0x07,0x8e,0x8e }, { 0xa7,0x33,0x94,0x94 },
+ { 0xb6,0x2d,0x9b,0x9b }, { 0x22,0x3c,0x1e,0x1e },
+ { 0x92,0x15,0x87,0x87 }, { 0x20,0xc9,0xe9,0xe9 },
+ { 0x49,0x87,0xce,0xce }, { 0xff,0xaa,0x55,0x55 },
+ { 0x78,0x50,0x28,0x28 }, { 0x7a,0xa5,0xdf,0xdf },
+ { 0x8f,0x03,0x8c,0x8c }, { 0xf8,0x59,0xa1,0xa1 },
+ { 0x80,0x09,0x89,0x89 }, { 0x17,0x1a,0x0d,0x0d },
+ { 0xda,0x65,0xbf,0xbf }, { 0x31,0xd7,0xe6,0xe6 },
+ { 0xc6,0x84,0x42,0x42 }, { 0xb8,0xd0,0x68,0x68 },
+ { 0xc3,0x82,0x41,0x41 }, { 0xb0,0x29,0x99,0x99 },
+ { 0x77,0x5a,0x2d,0x2d }, { 0x11,0x1e,0x0f,0x0f },
+ { 0xcb,0x7b,0xb0,0xb0 }, { 0xfc,0xa8,0x54,0x54 },
+ { 0xd6,0x6d,0xbb,0xbb }, { 0x3a,0x2c,0x16,0x16 }
+ };
+
+static const unsigned char T3[256][4] =
+ {
+ { 0x63,0xa5,0xc6,0x63 }, { 0x7c,0x84,0xf8,0x7c },
+ { 0x77,0x99,0xee,0x77 }, { 0x7b,0x8d,0xf6,0x7b },
+ { 0xf2,0x0d,0xff,0xf2 }, { 0x6b,0xbd,0xd6,0x6b },
+ { 0x6f,0xb1,0xde,0x6f }, { 0xc5,0x54,0x91,0xc5 },
+ { 0x30,0x50,0x60,0x30 }, { 0x01,0x03,0x02,0x01 },
+ { 0x67,0xa9,0xce,0x67 }, { 0x2b,0x7d,0x56,0x2b },
+ { 0xfe,0x19,0xe7,0xfe }, { 0xd7,0x62,0xb5,0xd7 },
+ { 0xab,0xe6,0x4d,0xab }, { 0x76,0x9a,0xec,0x76 },
+ { 0xca,0x45,0x8f,0xca }, { 0x82,0x9d,0x1f,0x82 },
+ { 0xc9,0x40,0x89,0xc9 }, { 0x7d,0x87,0xfa,0x7d },
+ { 0xfa,0x15,0xef,0xfa }, { 0x59,0xeb,0xb2,0x59 },
+ { 0x47,0xc9,0x8e,0x47 }, { 0xf0,0x0b,0xfb,0xf0 },
+ { 0xad,0xec,0x41,0xad }, { 0xd4,0x67,0xb3,0xd4 },
+ { 0xa2,0xfd,0x5f,0xa2 }, { 0xaf,0xea,0x45,0xaf },
+ { 0x9c,0xbf,0x23,0x9c }, { 0xa4,0xf7,0x53,0xa4 },
+ { 0x72,0x96,0xe4,0x72 }, { 0xc0,0x5b,0x9b,0xc0 },
+ { 0xb7,0xc2,0x75,0xb7 }, { 0xfd,0x1c,0xe1,0xfd },
+ { 0x93,0xae,0x3d,0x93 }, { 0x26,0x6a,0x4c,0x26 },
+ { 0x36,0x5a,0x6c,0x36 }, { 0x3f,0x41,0x7e,0x3f },
+ { 0xf7,0x02,0xf5,0xf7 }, { 0xcc,0x4f,0x83,0xcc },
+ { 0x34,0x5c,0x68,0x34 }, { 0xa5,0xf4,0x51,0xa5 },
+ { 0xe5,0x34,0xd1,0xe5 }, { 0xf1,0x08,0xf9,0xf1 },
+ { 0x71,0x93,0xe2,0x71 }, { 0xd8,0x73,0xab,0xd8 },
+ { 0x31,0x53,0x62,0x31 }, { 0x15,0x3f,0x2a,0x15 },
+ { 0x04,0x0c,0x08,0x04 }, { 0xc7,0x52,0x95,0xc7 },
+ { 0x23,0x65,0x46,0x23 }, { 0xc3,0x5e,0x9d,0xc3 },
+ { 0x18,0x28,0x30,0x18 }, { 0x96,0xa1,0x37,0x96 },
+ { 0x05,0x0f,0x0a,0x05 }, { 0x9a,0xb5,0x2f,0x9a },
+ { 0x07,0x09,0x0e,0x07 }, { 0x12,0x36,0x24,0x12 },
+ { 0x80,0x9b,0x1b,0x80 }, { 0xe2,0x3d,0xdf,0xe2 },
+ { 0xeb,0x26,0xcd,0xeb }, { 0x27,0x69,0x4e,0x27 },
+ { 0xb2,0xcd,0x7f,0xb2 }, { 0x75,0x9f,0xea,0x75 },
+ { 0x09,0x1b,0x12,0x09 }, { 0x83,0x9e,0x1d,0x83 },
+ { 0x2c,0x74,0x58,0x2c }, { 0x1a,0x2e,0x34,0x1a },
+ { 0x1b,0x2d,0x36,0x1b }, { 0x6e,0xb2,0xdc,0x6e },
+ { 0x5a,0xee,0xb4,0x5a }, { 0xa0,0xfb,0x5b,0xa0 },
+ { 0x52,0xf6,0xa4,0x52 }, { 0x3b,0x4d,0x76,0x3b },
+ { 0xd6,0x61,0xb7,0xd6 }, { 0xb3,0xce,0x7d,0xb3 },
+ { 0x29,0x7b,0x52,0x29 }, { 0xe3,0x3e,0xdd,0xe3 },
+ { 0x2f,0x71,0x5e,0x2f }, { 0x84,0x97,0x13,0x84 },
+ { 0x53,0xf5,0xa6,0x53 }, { 0xd1,0x68,0xb9,0xd1 },
+ { 0x00,0x00,0x00,0x00 }, { 0xed,0x2c,0xc1,0xed },
+ { 0x20,0x60,0x40,0x20 }, { 0xfc,0x1f,0xe3,0xfc },
+ { 0xb1,0xc8,0x79,0xb1 }, { 0x5b,0xed,0xb6,0x5b },
+ { 0x6a,0xbe,0xd4,0x6a }, { 0xcb,0x46,0x8d,0xcb },
+ { 0xbe,0xd9,0x67,0xbe }, { 0x39,0x4b,0x72,0x39 },
+ { 0x4a,0xde,0x94,0x4a }, { 0x4c,0xd4,0x98,0x4c },
+ { 0x58,0xe8,0xb0,0x58 }, { 0xcf,0x4a,0x85,0xcf },
+ { 0xd0,0x6b,0xbb,0xd0 }, { 0xef,0x2a,0xc5,0xef },
+ { 0xaa,0xe5,0x4f,0xaa }, { 0xfb,0x16,0xed,0xfb },
+ { 0x43,0xc5,0x86,0x43 }, { 0x4d,0xd7,0x9a,0x4d },
+ { 0x33,0x55,0x66,0x33 }, { 0x85,0x94,0x11,0x85 },
+ { 0x45,0xcf,0x8a,0x45 }, { 0xf9,0x10,0xe9,0xf9 },
+ { 0x02,0x06,0x04,0x02 }, { 0x7f,0x81,0xfe,0x7f },
+ { 0x50,0xf0,0xa0,0x50 }, { 0x3c,0x44,0x78,0x3c },
+ { 0x9f,0xba,0x25,0x9f }, { 0xa8,0xe3,0x4b,0xa8 },
+ { 0x51,0xf3,0xa2,0x51 }, { 0xa3,0xfe,0x5d,0xa3 },
+ { 0x40,0xc0,0x80,0x40 }, { 0x8f,0x8a,0x05,0x8f },
+ { 0x92,0xad,0x3f,0x92 }, { 0x9d,0xbc,0x21,0x9d },
+ { 0x38,0x48,0x70,0x38 }, { 0xf5,0x04,0xf1,0xf5 },
+ { 0xbc,0xdf,0x63,0xbc }, { 0xb6,0xc1,0x77,0xb6 },
+ { 0xda,0x75,0xaf,0xda }, { 0x21,0x63,0x42,0x21 },
+ { 0x10,0x30,0x20,0x10 }, { 0xff,0x1a,0xe5,0xff },
+ { 0xf3,0x0e,0xfd,0xf3 }, { 0xd2,0x6d,0xbf,0xd2 },
+ { 0xcd,0x4c,0x81,0xcd }, { 0x0c,0x14,0x18,0x0c },
+ { 0x13,0x35,0x26,0x13 }, { 0xec,0x2f,0xc3,0xec },
+ { 0x5f,0xe1,0xbe,0x5f }, { 0x97,0xa2,0x35,0x97 },
+ { 0x44,0xcc,0x88,0x44 }, { 0x17,0x39,0x2e,0x17 },
+ { 0xc4,0x57,0x93,0xc4 }, { 0xa7,0xf2,0x55,0xa7 },
+ { 0x7e,0x82,0xfc,0x7e }, { 0x3d,0x47,0x7a,0x3d },
+ { 0x64,0xac,0xc8,0x64 }, { 0x5d,0xe7,0xba,0x5d },
+ { 0x19,0x2b,0x32,0x19 }, { 0x73,0x95,0xe6,0x73 },
+ { 0x60,0xa0,0xc0,0x60 }, { 0x81,0x98,0x19,0x81 },
+ { 0x4f,0xd1,0x9e,0x4f }, { 0xdc,0x7f,0xa3,0xdc },
+ { 0x22,0x66,0x44,0x22 }, { 0x2a,0x7e,0x54,0x2a },
+ { 0x90,0xab,0x3b,0x90 }, { 0x88,0x83,0x0b,0x88 },
+ { 0x46,0xca,0x8c,0x46 }, { 0xee,0x29,0xc7,0xee },
+ { 0xb8,0xd3,0x6b,0xb8 }, { 0x14,0x3c,0x28,0x14 },
+ { 0xde,0x79,0xa7,0xde }, { 0x5e,0xe2,0xbc,0x5e },
+ { 0x0b,0x1d,0x16,0x0b }, { 0xdb,0x76,0xad,0xdb },
+ { 0xe0,0x3b,0xdb,0xe0 }, { 0x32,0x56,0x64,0x32 },
+ { 0x3a,0x4e,0x74,0x3a }, { 0x0a,0x1e,0x14,0x0a },
+ { 0x49,0xdb,0x92,0x49 }, { 0x06,0x0a,0x0c,0x06 },
+ { 0x24,0x6c,0x48,0x24 }, { 0x5c,0xe4,0xb8,0x5c },
+ { 0xc2,0x5d,0x9f,0xc2 }, { 0xd3,0x6e,0xbd,0xd3 },
+ { 0xac,0xef,0x43,0xac }, { 0x62,0xa6,0xc4,0x62 },
+ { 0x91,0xa8,0x39,0x91 }, { 0x95,0xa4,0x31,0x95 },
+ { 0xe4,0x37,0xd3,0xe4 }, { 0x79,0x8b,0xf2,0x79 },
+ { 0xe7,0x32,0xd5,0xe7 }, { 0xc8,0x43,0x8b,0xc8 },
+ { 0x37,0x59,0x6e,0x37 }, { 0x6d,0xb7,0xda,0x6d },
+ { 0x8d,0x8c,0x01,0x8d }, { 0xd5,0x64,0xb1,0xd5 },
+ { 0x4e,0xd2,0x9c,0x4e }, { 0xa9,0xe0,0x49,0xa9 },
+ { 0x6c,0xb4,0xd8,0x6c }, { 0x56,0xfa,0xac,0x56 },
+ { 0xf4,0x07,0xf3,0xf4 }, { 0xea,0x25,0xcf,0xea },
+ { 0x65,0xaf,0xca,0x65 }, { 0x7a,0x8e,0xf4,0x7a },
+ { 0xae,0xe9,0x47,0xae }, { 0x08,0x18,0x10,0x08 },
+ { 0xba,0xd5,0x6f,0xba }, { 0x78,0x88,0xf0,0x78 },
+ { 0x25,0x6f,0x4a,0x25 }, { 0x2e,0x72,0x5c,0x2e },
+ { 0x1c,0x24,0x38,0x1c }, { 0xa6,0xf1,0x57,0xa6 },
+ { 0xb4,0xc7,0x73,0xb4 }, { 0xc6,0x51,0x97,0xc6 },
+ { 0xe8,0x23,0xcb,0xe8 }, { 0xdd,0x7c,0xa1,0xdd },
+ { 0x74,0x9c,0xe8,0x74 }, { 0x1f,0x21,0x3e,0x1f },
+ { 0x4b,0xdd,0x96,0x4b }, { 0xbd,0xdc,0x61,0xbd },
+ { 0x8b,0x86,0x0d,0x8b }, { 0x8a,0x85,0x0f,0x8a },
+ { 0x70,0x90,0xe0,0x70 }, { 0x3e,0x42,0x7c,0x3e },
+ { 0xb5,0xc4,0x71,0xb5 }, { 0x66,0xaa,0xcc,0x66 },
+ { 0x48,0xd8,0x90,0x48 }, { 0x03,0x05,0x06,0x03 },
+ { 0xf6,0x01,0xf7,0xf6 }, { 0x0e,0x12,0x1c,0x0e },
+ { 0x61,0xa3,0xc2,0x61 }, { 0x35,0x5f,0x6a,0x35 },
+ { 0x57,0xf9,0xae,0x57 }, { 0xb9,0xd0,0x69,0xb9 },
+ { 0x86,0x91,0x17,0x86 }, { 0xc1,0x58,0x99,0xc1 },
+ { 0x1d,0x27,0x3a,0x1d }, { 0x9e,0xb9,0x27,0x9e },
+ { 0xe1,0x38,0xd9,0xe1 }, { 0xf8,0x13,0xeb,0xf8 },
+ { 0x98,0xb3,0x2b,0x98 }, { 0x11,0x33,0x22,0x11 },
+ { 0x69,0xbb,0xd2,0x69 }, { 0xd9,0x70,0xa9,0xd9 },
+ { 0x8e,0x89,0x07,0x8e }, { 0x94,0xa7,0x33,0x94 },
+ { 0x9b,0xb6,0x2d,0x9b }, { 0x1e,0x22,0x3c,0x1e },
+ { 0x87,0x92,0x15,0x87 }, { 0xe9,0x20,0xc9,0xe9 },
+ { 0xce,0x49,0x87,0xce }, { 0x55,0xff,0xaa,0x55 },
+ { 0x28,0x78,0x50,0x28 }, { 0xdf,0x7a,0xa5,0xdf },
+ { 0x8c,0x8f,0x03,0x8c }, { 0xa1,0xf8,0x59,0xa1 },
+ { 0x89,0x80,0x09,0x89 }, { 0x0d,0x17,0x1a,0x0d },
+ { 0xbf,0xda,0x65,0xbf }, { 0xe6,0x31,0xd7,0xe6 },
+ { 0x42,0xc6,0x84,0x42 }, { 0x68,0xb8,0xd0,0x68 },
+ { 0x41,0xc3,0x82,0x41 }, { 0x99,0xb0,0x29,0x99 },
+ { 0x2d,0x77,0x5a,0x2d }, { 0x0f,0x11,0x1e,0x0f },
+ { 0xb0,0xcb,0x7b,0xb0 }, { 0x54,0xfc,0xa8,0x54 },
+ { 0xbb,0xd6,0x6d,0xbb }, { 0x16,0x3a,0x2c,0x16 }
+ };
+
+static const unsigned char T4[256][4] =
+ {
+ { 0x63,0x63,0xa5,0xc6 }, { 0x7c,0x7c,0x84,0xf8 },
+ { 0x77,0x77,0x99,0xee }, { 0x7b,0x7b,0x8d,0xf6 },
+ { 0xf2,0xf2,0x0d,0xff }, { 0x6b,0x6b,0xbd,0xd6 },
+ { 0x6f,0x6f,0xb1,0xde }, { 0xc5,0xc5,0x54,0x91 },
+ { 0x30,0x30,0x50,0x60 }, { 0x01,0x01,0x03,0x02 },
+ { 0x67,0x67,0xa9,0xce }, { 0x2b,0x2b,0x7d,0x56 },
+ { 0xfe,0xfe,0x19,0xe7 }, { 0xd7,0xd7,0x62,0xb5 },
+ { 0xab,0xab,0xe6,0x4d }, { 0x76,0x76,0x9a,0xec },
+ { 0xca,0xca,0x45,0x8f }, { 0x82,0x82,0x9d,0x1f },
+ { 0xc9,0xc9,0x40,0x89 }, { 0x7d,0x7d,0x87,0xfa },
+ { 0xfa,0xfa,0x15,0xef }, { 0x59,0x59,0xeb,0xb2 },
+ { 0x47,0x47,0xc9,0x8e }, { 0xf0,0xf0,0x0b,0xfb },
+ { 0xad,0xad,0xec,0x41 }, { 0xd4,0xd4,0x67,0xb3 },
+ { 0xa2,0xa2,0xfd,0x5f }, { 0xaf,0xaf,0xea,0x45 },
+ { 0x9c,0x9c,0xbf,0x23 }, { 0xa4,0xa4,0xf7,0x53 },
+ { 0x72,0x72,0x96,0xe4 }, { 0xc0,0xc0,0x5b,0x9b },
+ { 0xb7,0xb7,0xc2,0x75 }, { 0xfd,0xfd,0x1c,0xe1 },
+ { 0x93,0x93,0xae,0x3d }, { 0x26,0x26,0x6a,0x4c },
+ { 0x36,0x36,0x5a,0x6c }, { 0x3f,0x3f,0x41,0x7e },
+ { 0xf7,0xf7,0x02,0xf5 }, { 0xcc,0xcc,0x4f,0x83 },
+ { 0x34,0x34,0x5c,0x68 }, { 0xa5,0xa5,0xf4,0x51 },
+ { 0xe5,0xe5,0x34,0xd1 }, { 0xf1,0xf1,0x08,0xf9 },
+ { 0x71,0x71,0x93,0xe2 }, { 0xd8,0xd8,0x73,0xab },
+ { 0x31,0x31,0x53,0x62 }, { 0x15,0x15,0x3f,0x2a },
+ { 0x04,0x04,0x0c,0x08 }, { 0xc7,0xc7,0x52,0x95 },
+ { 0x23,0x23,0x65,0x46 }, { 0xc3,0xc3,0x5e,0x9d },
+ { 0x18,0x18,0x28,0x30 }, { 0x96,0x96,0xa1,0x37 },
+ { 0x05,0x05,0x0f,0x0a }, { 0x9a,0x9a,0xb5,0x2f },
+ { 0x07,0x07,0x09,0x0e }, { 0x12,0x12,0x36,0x24 },
+ { 0x80,0x80,0x9b,0x1b }, { 0xe2,0xe2,0x3d,0xdf },
+ { 0xeb,0xeb,0x26,0xcd }, { 0x27,0x27,0x69,0x4e },
+ { 0xb2,0xb2,0xcd,0x7f }, { 0x75,0x75,0x9f,0xea },
+ { 0x09,0x09,0x1b,0x12 }, { 0x83,0x83,0x9e,0x1d },
+ { 0x2c,0x2c,0x74,0x58 }, { 0x1a,0x1a,0x2e,0x34 },
+ { 0x1b,0x1b,0x2d,0x36 }, { 0x6e,0x6e,0xb2,0xdc },
+ { 0x5a,0x5a,0xee,0xb4 }, { 0xa0,0xa0,0xfb,0x5b },
+ { 0x52,0x52,0xf6,0xa4 }, { 0x3b,0x3b,0x4d,0x76 },
+ { 0xd6,0xd6,0x61,0xb7 }, { 0xb3,0xb3,0xce,0x7d },
+ { 0x29,0x29,0x7b,0x52 }, { 0xe3,0xe3,0x3e,0xdd },
+ { 0x2f,0x2f,0x71,0x5e }, { 0x84,0x84,0x97,0x13 },
+ { 0x53,0x53,0xf5,0xa6 }, { 0xd1,0xd1,0x68,0xb9 },
+ { 0x00,0x00,0x00,0x00 }, { 0xed,0xed,0x2c,0xc1 },
+ { 0x20,0x20,0x60,0x40 }, { 0xfc,0xfc,0x1f,0xe3 },
+ { 0xb1,0xb1,0xc8,0x79 }, { 0x5b,0x5b,0xed,0xb6 },
+ { 0x6a,0x6a,0xbe,0xd4 }, { 0xcb,0xcb,0x46,0x8d },
+ { 0xbe,0xbe,0xd9,0x67 }, { 0x39,0x39,0x4b,0x72 },
+ { 0x4a,0x4a,0xde,0x94 }, { 0x4c,0x4c,0xd4,0x98 },
+ { 0x58,0x58,0xe8,0xb0 }, { 0xcf,0xcf,0x4a,0x85 },
+ { 0xd0,0xd0,0x6b,0xbb }, { 0xef,0xef,0x2a,0xc5 },
+ { 0xaa,0xaa,0xe5,0x4f }, { 0xfb,0xfb,0x16,0xed },
+ { 0x43,0x43,0xc5,0x86 }, { 0x4d,0x4d,0xd7,0x9a },
+ { 0x33,0x33,0x55,0x66 }, { 0x85,0x85,0x94,0x11 },
+ { 0x45,0x45,0xcf,0x8a }, { 0xf9,0xf9,0x10,0xe9 },
+ { 0x02,0x02,0x06,0x04 }, { 0x7f,0x7f,0x81,0xfe },
+ { 0x50,0x50,0xf0,0xa0 }, { 0x3c,0x3c,0x44,0x78 },
+ { 0x9f,0x9f,0xba,0x25 }, { 0xa8,0xa8,0xe3,0x4b },
+ { 0x51,0x51,0xf3,0xa2 }, { 0xa3,0xa3,0xfe,0x5d },
+ { 0x40,0x40,0xc0,0x80 }, { 0x8f,0x8f,0x8a,0x05 },
+ { 0x92,0x92,0xad,0x3f }, { 0x9d,0x9d,0xbc,0x21 },
+ { 0x38,0x38,0x48,0x70 }, { 0xf5,0xf5,0x04,0xf1 },
+ { 0xbc,0xbc,0xdf,0x63 }, { 0xb6,0xb6,0xc1,0x77 },
+ { 0xda,0xda,0x75,0xaf }, { 0x21,0x21,0x63,0x42 },
+ { 0x10,0x10,0x30,0x20 }, { 0xff,0xff,0x1a,0xe5 },
+ { 0xf3,0xf3,0x0e,0xfd }, { 0xd2,0xd2,0x6d,0xbf },
+ { 0xcd,0xcd,0x4c,0x81 }, { 0x0c,0x0c,0x14,0x18 },
+ { 0x13,0x13,0x35,0x26 }, { 0xec,0xec,0x2f,0xc3 },
+ { 0x5f,0x5f,0xe1,0xbe }, { 0x97,0x97,0xa2,0x35 },
+ { 0x44,0x44,0xcc,0x88 }, { 0x17,0x17,0x39,0x2e },
+ { 0xc4,0xc4,0x57,0x93 }, { 0xa7,0xa7,0xf2,0x55 },
+ { 0x7e,0x7e,0x82,0xfc }, { 0x3d,0x3d,0x47,0x7a },
+ { 0x64,0x64,0xac,0xc8 }, { 0x5d,0x5d,0xe7,0xba },
+ { 0x19,0x19,0x2b,0x32 }, { 0x73,0x73,0x95,0xe6 },
+ { 0x60,0x60,0xa0,0xc0 }, { 0x81,0x81,0x98,0x19 },
+ { 0x4f,0x4f,0xd1,0x9e }, { 0xdc,0xdc,0x7f,0xa3 },
+ { 0x22,0x22,0x66,0x44 }, { 0x2a,0x2a,0x7e,0x54 },
+ { 0x90,0x90,0xab,0x3b }, { 0x88,0x88,0x83,0x0b },
+ { 0x46,0x46,0xca,0x8c }, { 0xee,0xee,0x29,0xc7 },
+ { 0xb8,0xb8,0xd3,0x6b }, { 0x14,0x14,0x3c,0x28 },
+ { 0xde,0xde,0x79,0xa7 }, { 0x5e,0x5e,0xe2,0xbc },
+ { 0x0b,0x0b,0x1d,0x16 }, { 0xdb,0xdb,0x76,0xad },
+ { 0xe0,0xe0,0x3b,0xdb }, { 0x32,0x32,0x56,0x64 },
+ { 0x3a,0x3a,0x4e,0x74 }, { 0x0a,0x0a,0x1e,0x14 },
+ { 0x49,0x49,0xdb,0x92 }, { 0x06,0x06,0x0a,0x0c },
+ { 0x24,0x24,0x6c,0x48 }, { 0x5c,0x5c,0xe4,0xb8 },
+ { 0xc2,0xc2,0x5d,0x9f }, { 0xd3,0xd3,0x6e,0xbd },
+ { 0xac,0xac,0xef,0x43 }, { 0x62,0x62,0xa6,0xc4 },
+ { 0x91,0x91,0xa8,0x39 }, { 0x95,0x95,0xa4,0x31 },
+ { 0xe4,0xe4,0x37,0xd3 }, { 0x79,0x79,0x8b,0xf2 },
+ { 0xe7,0xe7,0x32,0xd5 }, { 0xc8,0xc8,0x43,0x8b },
+ { 0x37,0x37,0x59,0x6e }, { 0x6d,0x6d,0xb7,0xda },
+ { 0x8d,0x8d,0x8c,0x01 }, { 0xd5,0xd5,0x64,0xb1 },
+ { 0x4e,0x4e,0xd2,0x9c }, { 0xa9,0xa9,0xe0,0x49 },
+ { 0x6c,0x6c,0xb4,0xd8 }, { 0x56,0x56,0xfa,0xac },
+ { 0xf4,0xf4,0x07,0xf3 }, { 0xea,0xea,0x25,0xcf },
+ { 0x65,0x65,0xaf,0xca }, { 0x7a,0x7a,0x8e,0xf4 },
+ { 0xae,0xae,0xe9,0x47 }, { 0x08,0x08,0x18,0x10 },
+ { 0xba,0xba,0xd5,0x6f }, { 0x78,0x78,0x88,0xf0 },
+ { 0x25,0x25,0x6f,0x4a }, { 0x2e,0x2e,0x72,0x5c },
+ { 0x1c,0x1c,0x24,0x38 }, { 0xa6,0xa6,0xf1,0x57 },
+ { 0xb4,0xb4,0xc7,0x73 }, { 0xc6,0xc6,0x51,0x97 },
+ { 0xe8,0xe8,0x23,0xcb }, { 0xdd,0xdd,0x7c,0xa1 },
+ { 0x74,0x74,0x9c,0xe8 }, { 0x1f,0x1f,0x21,0x3e },
+ { 0x4b,0x4b,0xdd,0x96 }, { 0xbd,0xbd,0xdc,0x61 },
+ { 0x8b,0x8b,0x86,0x0d }, { 0x8a,0x8a,0x85,0x0f },
+ { 0x70,0x70,0x90,0xe0 }, { 0x3e,0x3e,0x42,0x7c },
+ { 0xb5,0xb5,0xc4,0x71 }, { 0x66,0x66,0xaa,0xcc },
+ { 0x48,0x48,0xd8,0x90 }, { 0x03,0x03,0x05,0x06 },
+ { 0xf6,0xf6,0x01,0xf7 }, { 0x0e,0x0e,0x12,0x1c },
+ { 0x61,0x61,0xa3,0xc2 }, { 0x35,0x35,0x5f,0x6a },
+ { 0x57,0x57,0xf9,0xae }, { 0xb9,0xb9,0xd0,0x69 },
+ { 0x86,0x86,0x91,0x17 }, { 0xc1,0xc1,0x58,0x99 },
+ { 0x1d,0x1d,0x27,0x3a }, { 0x9e,0x9e,0xb9,0x27 },
+ { 0xe1,0xe1,0x38,0xd9 }, { 0xf8,0xf8,0x13,0xeb },
+ { 0x98,0x98,0xb3,0x2b }, { 0x11,0x11,0x33,0x22 },
+ { 0x69,0x69,0xbb,0xd2 }, { 0xd9,0xd9,0x70,0xa9 },
+ { 0x8e,0x8e,0x89,0x07 }, { 0x94,0x94,0xa7,0x33 },
+ { 0x9b,0x9b,0xb6,0x2d }, { 0x1e,0x1e,0x22,0x3c },
+ { 0x87,0x87,0x92,0x15 }, { 0xe9,0xe9,0x20,0xc9 },
+ { 0xce,0xce,0x49,0x87 }, { 0x55,0x55,0xff,0xaa },
+ { 0x28,0x28,0x78,0x50 }, { 0xdf,0xdf,0x7a,0xa5 },
+ { 0x8c,0x8c,0x8f,0x03 }, { 0xa1,0xa1,0xf8,0x59 },
+ { 0x89,0x89,0x80,0x09 }, { 0x0d,0x0d,0x17,0x1a },
+ { 0xbf,0xbf,0xda,0x65 }, { 0xe6,0xe6,0x31,0xd7 },
+ { 0x42,0x42,0xc6,0x84 }, { 0x68,0x68,0xb8,0xd0 },
+ { 0x41,0x41,0xc3,0x82 }, { 0x99,0x99,0xb0,0x29 },
+ { 0x2d,0x2d,0x77,0x5a }, { 0x0f,0x0f,0x11,0x1e },
+ { 0xb0,0xb0,0xcb,0x7b }, { 0x54,0x54,0xfc,0xa8 },
+ { 0xbb,0xbb,0xd6,0x6d }, { 0x16,0x16,0x3a,0x2c }
+ };
+
+static const unsigned char T5[256][4] =
+ {
+ { 0x51,0xf4,0xa7,0x50 }, { 0x7e,0x41,0x65,0x53 },
+ { 0x1a,0x17,0xa4,0xc3 }, { 0x3a,0x27,0x5e,0x96 },
+ { 0x3b,0xab,0x6b,0xcb }, { 0x1f,0x9d,0x45,0xf1 },
+ { 0xac,0xfa,0x58,0xab }, { 0x4b,0xe3,0x03,0x93 },
+ { 0x20,0x30,0xfa,0x55 }, { 0xad,0x76,0x6d,0xf6 },
+ { 0x88,0xcc,0x76,0x91 }, { 0xf5,0x02,0x4c,0x25 },
+ { 0x4f,0xe5,0xd7,0xfc }, { 0xc5,0x2a,0xcb,0xd7 },
+ { 0x26,0x35,0x44,0x80 }, { 0xb5,0x62,0xa3,0x8f },
+ { 0xde,0xb1,0x5a,0x49 }, { 0x25,0xba,0x1b,0x67 },
+ { 0x45,0xea,0x0e,0x98 }, { 0x5d,0xfe,0xc0,0xe1 },
+ { 0xc3,0x2f,0x75,0x02 }, { 0x81,0x4c,0xf0,0x12 },
+ { 0x8d,0x46,0x97,0xa3 }, { 0x6b,0xd3,0xf9,0xc6 },
+ { 0x03,0x8f,0x5f,0xe7 }, { 0x15,0x92,0x9c,0x95 },
+ { 0xbf,0x6d,0x7a,0xeb }, { 0x95,0x52,0x59,0xda },
+ { 0xd4,0xbe,0x83,0x2d }, { 0x58,0x74,0x21,0xd3 },
+ { 0x49,0xe0,0x69,0x29 }, { 0x8e,0xc9,0xc8,0x44 },
+ { 0x75,0xc2,0x89,0x6a }, { 0xf4,0x8e,0x79,0x78 },
+ { 0x99,0x58,0x3e,0x6b }, { 0x27,0xb9,0x71,0xdd },
+ { 0xbe,0xe1,0x4f,0xb6 }, { 0xf0,0x88,0xad,0x17 },
+ { 0xc9,0x20,0xac,0x66 }, { 0x7d,0xce,0x3a,0xb4 },
+ { 0x63,0xdf,0x4a,0x18 }, { 0xe5,0x1a,0x31,0x82 },
+ { 0x97,0x51,0x33,0x60 }, { 0x62,0x53,0x7f,0x45 },
+ { 0xb1,0x64,0x77,0xe0 }, { 0xbb,0x6b,0xae,0x84 },
+ { 0xfe,0x81,0xa0,0x1c }, { 0xf9,0x08,0x2b,0x94 },
+ { 0x70,0x48,0x68,0x58 }, { 0x8f,0x45,0xfd,0x19 },
+ { 0x94,0xde,0x6c,0x87 }, { 0x52,0x7b,0xf8,0xb7 },
+ { 0xab,0x73,0xd3,0x23 }, { 0x72,0x4b,0x02,0xe2 },
+ { 0xe3,0x1f,0x8f,0x57 }, { 0x66,0x55,0xab,0x2a },
+ { 0xb2,0xeb,0x28,0x07 }, { 0x2f,0xb5,0xc2,0x03 },
+ { 0x86,0xc5,0x7b,0x9a }, { 0xd3,0x37,0x08,0xa5 },
+ { 0x30,0x28,0x87,0xf2 }, { 0x23,0xbf,0xa5,0xb2 },
+ { 0x02,0x03,0x6a,0xba }, { 0xed,0x16,0x82,0x5c },
+ { 0x8a,0xcf,0x1c,0x2b }, { 0xa7,0x79,0xb4,0x92 },
+ { 0xf3,0x07,0xf2,0xf0 }, { 0x4e,0x69,0xe2,0xa1 },
+ { 0x65,0xda,0xf4,0xcd }, { 0x06,0x05,0xbe,0xd5 },
+ { 0xd1,0x34,0x62,0x1f }, { 0xc4,0xa6,0xfe,0x8a },
+ { 0x34,0x2e,0x53,0x9d }, { 0xa2,0xf3,0x55,0xa0 },
+ { 0x05,0x8a,0xe1,0x32 }, { 0xa4,0xf6,0xeb,0x75 },
+ { 0x0b,0x83,0xec,0x39 }, { 0x40,0x60,0xef,0xaa },
+ { 0x5e,0x71,0x9f,0x06 }, { 0xbd,0x6e,0x10,0x51 },
+ { 0x3e,0x21,0x8a,0xf9 }, { 0x96,0xdd,0x06,0x3d },
+ { 0xdd,0x3e,0x05,0xae }, { 0x4d,0xe6,0xbd,0x46 },
+ { 0x91,0x54,0x8d,0xb5 }, { 0x71,0xc4,0x5d,0x05 },
+ { 0x04,0x06,0xd4,0x6f }, { 0x60,0x50,0x15,0xff },
+ { 0x19,0x98,0xfb,0x24 }, { 0xd6,0xbd,0xe9,0x97 },
+ { 0x89,0x40,0x43,0xcc }, { 0x67,0xd9,0x9e,0x77 },
+ { 0xb0,0xe8,0x42,0xbd }, { 0x07,0x89,0x8b,0x88 },
+ { 0xe7,0x19,0x5b,0x38 }, { 0x79,0xc8,0xee,0xdb },
+ { 0xa1,0x7c,0x0a,0x47 }, { 0x7c,0x42,0x0f,0xe9 },
+ { 0xf8,0x84,0x1e,0xc9 }, { 0x00,0x00,0x00,0x00 },
+ { 0x09,0x80,0x86,0x83 }, { 0x32,0x2b,0xed,0x48 },
+ { 0x1e,0x11,0x70,0xac }, { 0x6c,0x5a,0x72,0x4e },
+ { 0xfd,0x0e,0xff,0xfb }, { 0x0f,0x85,0x38,0x56 },
+ { 0x3d,0xae,0xd5,0x1e }, { 0x36,0x2d,0x39,0x27 },
+ { 0x0a,0x0f,0xd9,0x64 }, { 0x68,0x5c,0xa6,0x21 },
+ { 0x9b,0x5b,0x54,0xd1 }, { 0x24,0x36,0x2e,0x3a },
+ { 0x0c,0x0a,0x67,0xb1 }, { 0x93,0x57,0xe7,0x0f },
+ { 0xb4,0xee,0x96,0xd2 }, { 0x1b,0x9b,0x91,0x9e },
+ { 0x80,0xc0,0xc5,0x4f }, { 0x61,0xdc,0x20,0xa2 },
+ { 0x5a,0x77,0x4b,0x69 }, { 0x1c,0x12,0x1a,0x16 },
+ { 0xe2,0x93,0xba,0x0a }, { 0xc0,0xa0,0x2a,0xe5 },
+ { 0x3c,0x22,0xe0,0x43 }, { 0x12,0x1b,0x17,0x1d },
+ { 0x0e,0x09,0x0d,0x0b }, { 0xf2,0x8b,0xc7,0xad },
+ { 0x2d,0xb6,0xa8,0xb9 }, { 0x14,0x1e,0xa9,0xc8 },
+ { 0x57,0xf1,0x19,0x85 }, { 0xaf,0x75,0x07,0x4c },
+ { 0xee,0x99,0xdd,0xbb }, { 0xa3,0x7f,0x60,0xfd },
+ { 0xf7,0x01,0x26,0x9f }, { 0x5c,0x72,0xf5,0xbc },
+ { 0x44,0x66,0x3b,0xc5 }, { 0x5b,0xfb,0x7e,0x34 },
+ { 0x8b,0x43,0x29,0x76 }, { 0xcb,0x23,0xc6,0xdc },
+ { 0xb6,0xed,0xfc,0x68 }, { 0xb8,0xe4,0xf1,0x63 },
+ { 0xd7,0x31,0xdc,0xca }, { 0x42,0x63,0x85,0x10 },
+ { 0x13,0x97,0x22,0x40 }, { 0x84,0xc6,0x11,0x20 },
+ { 0x85,0x4a,0x24,0x7d }, { 0xd2,0xbb,0x3d,0xf8 },
+ { 0xae,0xf9,0x32,0x11 }, { 0xc7,0x29,0xa1,0x6d },
+ { 0x1d,0x9e,0x2f,0x4b }, { 0xdc,0xb2,0x30,0xf3 },
+ { 0x0d,0x86,0x52,0xec }, { 0x77,0xc1,0xe3,0xd0 },
+ { 0x2b,0xb3,0x16,0x6c }, { 0xa9,0x70,0xb9,0x99 },
+ { 0x11,0x94,0x48,0xfa }, { 0x47,0xe9,0x64,0x22 },
+ { 0xa8,0xfc,0x8c,0xc4 }, { 0xa0,0xf0,0x3f,0x1a },
+ { 0x56,0x7d,0x2c,0xd8 }, { 0x22,0x33,0x90,0xef },
+ { 0x87,0x49,0x4e,0xc7 }, { 0xd9,0x38,0xd1,0xc1 },
+ { 0x8c,0xca,0xa2,0xfe }, { 0x98,0xd4,0x0b,0x36 },
+ { 0xa6,0xf5,0x81,0xcf }, { 0xa5,0x7a,0xde,0x28 },
+ { 0xda,0xb7,0x8e,0x26 }, { 0x3f,0xad,0xbf,0xa4 },
+ { 0x2c,0x3a,0x9d,0xe4 }, { 0x50,0x78,0x92,0x0d },
+ { 0x6a,0x5f,0xcc,0x9b }, { 0x54,0x7e,0x46,0x62 },
+ { 0xf6,0x8d,0x13,0xc2 }, { 0x90,0xd8,0xb8,0xe8 },
+ { 0x2e,0x39,0xf7,0x5e }, { 0x82,0xc3,0xaf,0xf5 },
+ { 0x9f,0x5d,0x80,0xbe }, { 0x69,0xd0,0x93,0x7c },
+ { 0x6f,0xd5,0x2d,0xa9 }, { 0xcf,0x25,0x12,0xb3 },
+ { 0xc8,0xac,0x99,0x3b }, { 0x10,0x18,0x7d,0xa7 },
+ { 0xe8,0x9c,0x63,0x6e }, { 0xdb,0x3b,0xbb,0x7b },
+ { 0xcd,0x26,0x78,0x09 }, { 0x6e,0x59,0x18,0xf4 },
+ { 0xec,0x9a,0xb7,0x01 }, { 0x83,0x4f,0x9a,0xa8 },
+ { 0xe6,0x95,0x6e,0x65 }, { 0xaa,0xff,0xe6,0x7e },
+ { 0x21,0xbc,0xcf,0x08 }, { 0xef,0x15,0xe8,0xe6 },
+ { 0xba,0xe7,0x9b,0xd9 }, { 0x4a,0x6f,0x36,0xce },
+ { 0xea,0x9f,0x09,0xd4 }, { 0x29,0xb0,0x7c,0xd6 },
+ { 0x31,0xa4,0xb2,0xaf }, { 0x2a,0x3f,0x23,0x31 },
+ { 0xc6,0xa5,0x94,0x30 }, { 0x35,0xa2,0x66,0xc0 },
+ { 0x74,0x4e,0xbc,0x37 }, { 0xfc,0x82,0xca,0xa6 },
+ { 0xe0,0x90,0xd0,0xb0 }, { 0x33,0xa7,0xd8,0x15 },
+ { 0xf1,0x04,0x98,0x4a }, { 0x41,0xec,0xda,0xf7 },
+ { 0x7f,0xcd,0x50,0x0e }, { 0x17,0x91,0xf6,0x2f },
+ { 0x76,0x4d,0xd6,0x8d }, { 0x43,0xef,0xb0,0x4d },
+ { 0xcc,0xaa,0x4d,0x54 }, { 0xe4,0x96,0x04,0xdf },
+ { 0x9e,0xd1,0xb5,0xe3 }, { 0x4c,0x6a,0x88,0x1b },
+ { 0xc1,0x2c,0x1f,0xb8 }, { 0x46,0x65,0x51,0x7f },
+ { 0x9d,0x5e,0xea,0x04 }, { 0x01,0x8c,0x35,0x5d },
+ { 0xfa,0x87,0x74,0x73 }, { 0xfb,0x0b,0x41,0x2e },
+ { 0xb3,0x67,0x1d,0x5a }, { 0x92,0xdb,0xd2,0x52 },
+ { 0xe9,0x10,0x56,0x33 }, { 0x6d,0xd6,0x47,0x13 },
+ { 0x9a,0xd7,0x61,0x8c }, { 0x37,0xa1,0x0c,0x7a },
+ { 0x59,0xf8,0x14,0x8e }, { 0xeb,0x13,0x3c,0x89 },
+ { 0xce,0xa9,0x27,0xee }, { 0xb7,0x61,0xc9,0x35 },
+ { 0xe1,0x1c,0xe5,0xed }, { 0x7a,0x47,0xb1,0x3c },
+ { 0x9c,0xd2,0xdf,0x59 }, { 0x55,0xf2,0x73,0x3f },
+ { 0x18,0x14,0xce,0x79 }, { 0x73,0xc7,0x37,0xbf },
+ { 0x53,0xf7,0xcd,0xea }, { 0x5f,0xfd,0xaa,0x5b },
+ { 0xdf,0x3d,0x6f,0x14 }, { 0x78,0x44,0xdb,0x86 },
+ { 0xca,0xaf,0xf3,0x81 }, { 0xb9,0x68,0xc4,0x3e },
+ { 0x38,0x24,0x34,0x2c }, { 0xc2,0xa3,0x40,0x5f },
+ { 0x16,0x1d,0xc3,0x72 }, { 0xbc,0xe2,0x25,0x0c },
+ { 0x28,0x3c,0x49,0x8b }, { 0xff,0x0d,0x95,0x41 },
+ { 0x39,0xa8,0x01,0x71 }, { 0x08,0x0c,0xb3,0xde },
+ { 0xd8,0xb4,0xe4,0x9c }, { 0x64,0x56,0xc1,0x90 },
+ { 0x7b,0xcb,0x84,0x61 }, { 0xd5,0x32,0xb6,0x70 },
+ { 0x48,0x6c,0x5c,0x74 }, { 0xd0,0xb8,0x57,0x42 }
+ };
+
+static const unsigned char T6[256][4] =
+ {
+ { 0x50,0x51,0xf4,0xa7 }, { 0x53,0x7e,0x41,0x65 },
+ { 0xc3,0x1a,0x17,0xa4 }, { 0x96,0x3a,0x27,0x5e },
+ { 0xcb,0x3b,0xab,0x6b }, { 0xf1,0x1f,0x9d,0x45 },
+ { 0xab,0xac,0xfa,0x58 }, { 0x93,0x4b,0xe3,0x03 },
+ { 0x55,0x20,0x30,0xfa }, { 0xf6,0xad,0x76,0x6d },
+ { 0x91,0x88,0xcc,0x76 }, { 0x25,0xf5,0x02,0x4c },
+ { 0xfc,0x4f,0xe5,0xd7 }, { 0xd7,0xc5,0x2a,0xcb },
+ { 0x80,0x26,0x35,0x44 }, { 0x8f,0xb5,0x62,0xa3 },
+ { 0x49,0xde,0xb1,0x5a }, { 0x67,0x25,0xba,0x1b },
+ { 0x98,0x45,0xea,0x0e }, { 0xe1,0x5d,0xfe,0xc0 },
+ { 0x02,0xc3,0x2f,0x75 }, { 0x12,0x81,0x4c,0xf0 },
+ { 0xa3,0x8d,0x46,0x97 }, { 0xc6,0x6b,0xd3,0xf9 },
+ { 0xe7,0x03,0x8f,0x5f }, { 0x95,0x15,0x92,0x9c },
+ { 0xeb,0xbf,0x6d,0x7a }, { 0xda,0x95,0x52,0x59 },
+ { 0x2d,0xd4,0xbe,0x83 }, { 0xd3,0x58,0x74,0x21 },
+ { 0x29,0x49,0xe0,0x69 }, { 0x44,0x8e,0xc9,0xc8 },
+ { 0x6a,0x75,0xc2,0x89 }, { 0x78,0xf4,0x8e,0x79 },
+ { 0x6b,0x99,0x58,0x3e }, { 0xdd,0x27,0xb9,0x71 },
+ { 0xb6,0xbe,0xe1,0x4f }, { 0x17,0xf0,0x88,0xad },
+ { 0x66,0xc9,0x20,0xac }, { 0xb4,0x7d,0xce,0x3a },
+ { 0x18,0x63,0xdf,0x4a }, { 0x82,0xe5,0x1a,0x31 },
+ { 0x60,0x97,0x51,0x33 }, { 0x45,0x62,0x53,0x7f },
+ { 0xe0,0xb1,0x64,0x77 }, { 0x84,0xbb,0x6b,0xae },
+ { 0x1c,0xfe,0x81,0xa0 }, { 0x94,0xf9,0x08,0x2b },
+ { 0x58,0x70,0x48,0x68 }, { 0x19,0x8f,0x45,0xfd },
+ { 0x87,0x94,0xde,0x6c }, { 0xb7,0x52,0x7b,0xf8 },
+ { 0x23,0xab,0x73,0xd3 }, { 0xe2,0x72,0x4b,0x02 },
+ { 0x57,0xe3,0x1f,0x8f }, { 0x2a,0x66,0x55,0xab },
+ { 0x07,0xb2,0xeb,0x28 }, { 0x03,0x2f,0xb5,0xc2 },
+ { 0x9a,0x86,0xc5,0x7b }, { 0xa5,0xd3,0x37,0x08 },
+ { 0xf2,0x30,0x28,0x87 }, { 0xb2,0x23,0xbf,0xa5 },
+ { 0xba,0x02,0x03,0x6a }, { 0x5c,0xed,0x16,0x82 },
+ { 0x2b,0x8a,0xcf,0x1c }, { 0x92,0xa7,0x79,0xb4 },
+ { 0xf0,0xf3,0x07,0xf2 }, { 0xa1,0x4e,0x69,0xe2 },
+ { 0xcd,0x65,0xda,0xf4 }, { 0xd5,0x06,0x05,0xbe },
+ { 0x1f,0xd1,0x34,0x62 }, { 0x8a,0xc4,0xa6,0xfe },
+ { 0x9d,0x34,0x2e,0x53 }, { 0xa0,0xa2,0xf3,0x55 },
+ { 0x32,0x05,0x8a,0xe1 }, { 0x75,0xa4,0xf6,0xeb },
+ { 0x39,0x0b,0x83,0xec }, { 0xaa,0x40,0x60,0xef },
+ { 0x06,0x5e,0x71,0x9f }, { 0x51,0xbd,0x6e,0x10 },
+ { 0xf9,0x3e,0x21,0x8a }, { 0x3d,0x96,0xdd,0x06 },
+ { 0xae,0xdd,0x3e,0x05 }, { 0x46,0x4d,0xe6,0xbd },
+ { 0xb5,0x91,0x54,0x8d }, { 0x05,0x71,0xc4,0x5d },
+ { 0x6f,0x04,0x06,0xd4 }, { 0xff,0x60,0x50,0x15 },
+ { 0x24,0x19,0x98,0xfb }, { 0x97,0xd6,0xbd,0xe9 },
+ { 0xcc,0x89,0x40,0x43 }, { 0x77,0x67,0xd9,0x9e },
+ { 0xbd,0xb0,0xe8,0x42 }, { 0x88,0x07,0x89,0x8b },
+ { 0x38,0xe7,0x19,0x5b }, { 0xdb,0x79,0xc8,0xee },
+ { 0x47,0xa1,0x7c,0x0a }, { 0xe9,0x7c,0x42,0x0f },
+ { 0xc9,0xf8,0x84,0x1e }, { 0x00,0x00,0x00,0x00 },
+ { 0x83,0x09,0x80,0x86 }, { 0x48,0x32,0x2b,0xed },
+ { 0xac,0x1e,0x11,0x70 }, { 0x4e,0x6c,0x5a,0x72 },
+ { 0xfb,0xfd,0x0e,0xff }, { 0x56,0x0f,0x85,0x38 },
+ { 0x1e,0x3d,0xae,0xd5 }, { 0x27,0x36,0x2d,0x39 },
+ { 0x64,0x0a,0x0f,0xd9 }, { 0x21,0x68,0x5c,0xa6 },
+ { 0xd1,0x9b,0x5b,0x54 }, { 0x3a,0x24,0x36,0x2e },
+ { 0xb1,0x0c,0x0a,0x67 }, { 0x0f,0x93,0x57,0xe7 },
+ { 0xd2,0xb4,0xee,0x96 }, { 0x9e,0x1b,0x9b,0x91 },
+ { 0x4f,0x80,0xc0,0xc5 }, { 0xa2,0x61,0xdc,0x20 },
+ { 0x69,0x5a,0x77,0x4b }, { 0x16,0x1c,0x12,0x1a },
+ { 0x0a,0xe2,0x93,0xba }, { 0xe5,0xc0,0xa0,0x2a },
+ { 0x43,0x3c,0x22,0xe0 }, { 0x1d,0x12,0x1b,0x17 },
+ { 0x0b,0x0e,0x09,0x0d }, { 0xad,0xf2,0x8b,0xc7 },
+ { 0xb9,0x2d,0xb6,0xa8 }, { 0xc8,0x14,0x1e,0xa9 },
+ { 0x85,0x57,0xf1,0x19 }, { 0x4c,0xaf,0x75,0x07 },
+ { 0xbb,0xee,0x99,0xdd }, { 0xfd,0xa3,0x7f,0x60 },
+ { 0x9f,0xf7,0x01,0x26 }, { 0xbc,0x5c,0x72,0xf5 },
+ { 0xc5,0x44,0x66,0x3b }, { 0x34,0x5b,0xfb,0x7e },
+ { 0x76,0x8b,0x43,0x29 }, { 0xdc,0xcb,0x23,0xc6 },
+ { 0x68,0xb6,0xed,0xfc }, { 0x63,0xb8,0xe4,0xf1 },
+ { 0xca,0xd7,0x31,0xdc }, { 0x10,0x42,0x63,0x85 },
+ { 0x40,0x13,0x97,0x22 }, { 0x20,0x84,0xc6,0x11 },
+ { 0x7d,0x85,0x4a,0x24 }, { 0xf8,0xd2,0xbb,0x3d },
+ { 0x11,0xae,0xf9,0x32 }, { 0x6d,0xc7,0x29,0xa1 },
+ { 0x4b,0x1d,0x9e,0x2f }, { 0xf3,0xdc,0xb2,0x30 },
+ { 0xec,0x0d,0x86,0x52 }, { 0xd0,0x77,0xc1,0xe3 },
+ { 0x6c,0x2b,0xb3,0x16 }, { 0x99,0xa9,0x70,0xb9 },
+ { 0xfa,0x11,0x94,0x48 }, { 0x22,0x47,0xe9,0x64 },
+ { 0xc4,0xa8,0xfc,0x8c }, { 0x1a,0xa0,0xf0,0x3f },
+ { 0xd8,0x56,0x7d,0x2c }, { 0xef,0x22,0x33,0x90 },
+ { 0xc7,0x87,0x49,0x4e }, { 0xc1,0xd9,0x38,0xd1 },
+ { 0xfe,0x8c,0xca,0xa2 }, { 0x36,0x98,0xd4,0x0b },
+ { 0xcf,0xa6,0xf5,0x81 }, { 0x28,0xa5,0x7a,0xde },
+ { 0x26,0xda,0xb7,0x8e }, { 0xa4,0x3f,0xad,0xbf },
+ { 0xe4,0x2c,0x3a,0x9d }, { 0x0d,0x50,0x78,0x92 },
+ { 0x9b,0x6a,0x5f,0xcc }, { 0x62,0x54,0x7e,0x46 },
+ { 0xc2,0xf6,0x8d,0x13 }, { 0xe8,0x90,0xd8,0xb8 },
+ { 0x5e,0x2e,0x39,0xf7 }, { 0xf5,0x82,0xc3,0xaf },
+ { 0xbe,0x9f,0x5d,0x80 }, { 0x7c,0x69,0xd0,0x93 },
+ { 0xa9,0x6f,0xd5,0x2d }, { 0xb3,0xcf,0x25,0x12 },
+ { 0x3b,0xc8,0xac,0x99 }, { 0xa7,0x10,0x18,0x7d },
+ { 0x6e,0xe8,0x9c,0x63 }, { 0x7b,0xdb,0x3b,0xbb },
+ { 0x09,0xcd,0x26,0x78 }, { 0xf4,0x6e,0x59,0x18 },
+ { 0x01,0xec,0x9a,0xb7 }, { 0xa8,0x83,0x4f,0x9a },
+ { 0x65,0xe6,0x95,0x6e }, { 0x7e,0xaa,0xff,0xe6 },
+ { 0x08,0x21,0xbc,0xcf }, { 0xe6,0xef,0x15,0xe8 },
+ { 0xd9,0xba,0xe7,0x9b }, { 0xce,0x4a,0x6f,0x36 },
+ { 0xd4,0xea,0x9f,0x09 }, { 0xd6,0x29,0xb0,0x7c },
+ { 0xaf,0x31,0xa4,0xb2 }, { 0x31,0x2a,0x3f,0x23 },
+ { 0x30,0xc6,0xa5,0x94 }, { 0xc0,0x35,0xa2,0x66 },
+ { 0x37,0x74,0x4e,0xbc }, { 0xa6,0xfc,0x82,0xca },
+ { 0xb0,0xe0,0x90,0xd0 }, { 0x15,0x33,0xa7,0xd8 },
+ { 0x4a,0xf1,0x04,0x98 }, { 0xf7,0x41,0xec,0xda },
+ { 0x0e,0x7f,0xcd,0x50 }, { 0x2f,0x17,0x91,0xf6 },
+ { 0x8d,0x76,0x4d,0xd6 }, { 0x4d,0x43,0xef,0xb0 },
+ { 0x54,0xcc,0xaa,0x4d }, { 0xdf,0xe4,0x96,0x04 },
+ { 0xe3,0x9e,0xd1,0xb5 }, { 0x1b,0x4c,0x6a,0x88 },
+ { 0xb8,0xc1,0x2c,0x1f }, { 0x7f,0x46,0x65,0x51 },
+ { 0x04,0x9d,0x5e,0xea }, { 0x5d,0x01,0x8c,0x35 },
+ { 0x73,0xfa,0x87,0x74 }, { 0x2e,0xfb,0x0b,0x41 },
+ { 0x5a,0xb3,0x67,0x1d }, { 0x52,0x92,0xdb,0xd2 },
+ { 0x33,0xe9,0x10,0x56 }, { 0x13,0x6d,0xd6,0x47 },
+ { 0x8c,0x9a,0xd7,0x61 }, { 0x7a,0x37,0xa1,0x0c },
+ { 0x8e,0x59,0xf8,0x14 }, { 0x89,0xeb,0x13,0x3c },
+ { 0xee,0xce,0xa9,0x27 }, { 0x35,0xb7,0x61,0xc9 },
+ { 0xed,0xe1,0x1c,0xe5 }, { 0x3c,0x7a,0x47,0xb1 },
+ { 0x59,0x9c,0xd2,0xdf }, { 0x3f,0x55,0xf2,0x73 },
+ { 0x79,0x18,0x14,0xce }, { 0xbf,0x73,0xc7,0x37 },
+ { 0xea,0x53,0xf7,0xcd }, { 0x5b,0x5f,0xfd,0xaa },
+ { 0x14,0xdf,0x3d,0x6f }, { 0x86,0x78,0x44,0xdb },
+ { 0x81,0xca,0xaf,0xf3 }, { 0x3e,0xb9,0x68,0xc4 },
+ { 0x2c,0x38,0x24,0x34 }, { 0x5f,0xc2,0xa3,0x40 },
+ { 0x72,0x16,0x1d,0xc3 }, { 0x0c,0xbc,0xe2,0x25 },
+ { 0x8b,0x28,0x3c,0x49 }, { 0x41,0xff,0x0d,0x95 },
+ { 0x71,0x39,0xa8,0x01 }, { 0xde,0x08,0x0c,0xb3 },
+ { 0x9c,0xd8,0xb4,0xe4 }, { 0x90,0x64,0x56,0xc1 },
+ { 0x61,0x7b,0xcb,0x84 }, { 0x70,0xd5,0x32,0xb6 },
+ { 0x74,0x48,0x6c,0x5c }, { 0x42,0xd0,0xb8,0x57 }
+ };
+
+static const unsigned char T7[256][4] =
+ {
+ { 0xa7,0x50,0x51,0xf4 }, { 0x65,0x53,0x7e,0x41 },
+ { 0xa4,0xc3,0x1a,0x17 }, { 0x5e,0x96,0x3a,0x27 },
+ { 0x6b,0xcb,0x3b,0xab }, { 0x45,0xf1,0x1f,0x9d },
+ { 0x58,0xab,0xac,0xfa }, { 0x03,0x93,0x4b,0xe3 },
+ { 0xfa,0x55,0x20,0x30 }, { 0x6d,0xf6,0xad,0x76 },
+ { 0x76,0x91,0x88,0xcc }, { 0x4c,0x25,0xf5,0x02 },
+ { 0xd7,0xfc,0x4f,0xe5 }, { 0xcb,0xd7,0xc5,0x2a },
+ { 0x44,0x80,0x26,0x35 }, { 0xa3,0x8f,0xb5,0x62 },
+ { 0x5a,0x49,0xde,0xb1 }, { 0x1b,0x67,0x25,0xba },
+ { 0x0e,0x98,0x45,0xea }, { 0xc0,0xe1,0x5d,0xfe },
+ { 0x75,0x02,0xc3,0x2f }, { 0xf0,0x12,0x81,0x4c },
+ { 0x97,0xa3,0x8d,0x46 }, { 0xf9,0xc6,0x6b,0xd3 },
+ { 0x5f,0xe7,0x03,0x8f }, { 0x9c,0x95,0x15,0x92 },
+ { 0x7a,0xeb,0xbf,0x6d }, { 0x59,0xda,0x95,0x52 },
+ { 0x83,0x2d,0xd4,0xbe }, { 0x21,0xd3,0x58,0x74 },
+ { 0x69,0x29,0x49,0xe0 }, { 0xc8,0x44,0x8e,0xc9 },
+ { 0x89,0x6a,0x75,0xc2 }, { 0x79,0x78,0xf4,0x8e },
+ { 0x3e,0x6b,0x99,0x58 }, { 0x71,0xdd,0x27,0xb9 },
+ { 0x4f,0xb6,0xbe,0xe1 }, { 0xad,0x17,0xf0,0x88 },
+ { 0xac,0x66,0xc9,0x20 }, { 0x3a,0xb4,0x7d,0xce },
+ { 0x4a,0x18,0x63,0xdf }, { 0x31,0x82,0xe5,0x1a },
+ { 0x33,0x60,0x97,0x51 }, { 0x7f,0x45,0x62,0x53 },
+ { 0x77,0xe0,0xb1,0x64 }, { 0xae,0x84,0xbb,0x6b },
+ { 0xa0,0x1c,0xfe,0x81 }, { 0x2b,0x94,0xf9,0x08 },
+ { 0x68,0x58,0x70,0x48 }, { 0xfd,0x19,0x8f,0x45 },
+ { 0x6c,0x87,0x94,0xde }, { 0xf8,0xb7,0x52,0x7b },
+ { 0xd3,0x23,0xab,0x73 }, { 0x02,0xe2,0x72,0x4b },
+ { 0x8f,0x57,0xe3,0x1f }, { 0xab,0x2a,0x66,0x55 },
+ { 0x28,0x07,0xb2,0xeb }, { 0xc2,0x03,0x2f,0xb5 },
+ { 0x7b,0x9a,0x86,0xc5 }, { 0x08,0xa5,0xd3,0x37 },
+ { 0x87,0xf2,0x30,0x28 }, { 0xa5,0xb2,0x23,0xbf },
+ { 0x6a,0xba,0x02,0x03 }, { 0x82,0x5c,0xed,0x16 },
+ { 0x1c,0x2b,0x8a,0xcf }, { 0xb4,0x92,0xa7,0x79 },
+ { 0xf2,0xf0,0xf3,0x07 }, { 0xe2,0xa1,0x4e,0x69 },
+ { 0xf4,0xcd,0x65,0xda }, { 0xbe,0xd5,0x06,0x05 },
+ { 0x62,0x1f,0xd1,0x34 }, { 0xfe,0x8a,0xc4,0xa6 },
+ { 0x53,0x9d,0x34,0x2e }, { 0x55,0xa0,0xa2,0xf3 },
+ { 0xe1,0x32,0x05,0x8a }, { 0xeb,0x75,0xa4,0xf6 },
+ { 0xec,0x39,0x0b,0x83 }, { 0xef,0xaa,0x40,0x60 },
+ { 0x9f,0x06,0x5e,0x71 }, { 0x10,0x51,0xbd,0x6e },
+ { 0x8a,0xf9,0x3e,0x21 }, { 0x06,0x3d,0x96,0xdd },
+ { 0x05,0xae,0xdd,0x3e }, { 0xbd,0x46,0x4d,0xe6 },
+ { 0x8d,0xb5,0x91,0x54 }, { 0x5d,0x05,0x71,0xc4 },
+ { 0xd4,0x6f,0x04,0x06 }, { 0x15,0xff,0x60,0x50 },
+ { 0xfb,0x24,0x19,0x98 }, { 0xe9,0x97,0xd6,0xbd },
+ { 0x43,0xcc,0x89,0x40 }, { 0x9e,0x77,0x67,0xd9 },
+ { 0x42,0xbd,0xb0,0xe8 }, { 0x8b,0x88,0x07,0x89 },
+ { 0x5b,0x38,0xe7,0x19 }, { 0xee,0xdb,0x79,0xc8 },
+ { 0x0a,0x47,0xa1,0x7c }, { 0x0f,0xe9,0x7c,0x42 },
+ { 0x1e,0xc9,0xf8,0x84 }, { 0x00,0x00,0x00,0x00 },
+ { 0x86,0x83,0x09,0x80 }, { 0xed,0x48,0x32,0x2b },
+ { 0x70,0xac,0x1e,0x11 }, { 0x72,0x4e,0x6c,0x5a },
+ { 0xff,0xfb,0xfd,0x0e }, { 0x38,0x56,0x0f,0x85 },
+ { 0xd5,0x1e,0x3d,0xae }, { 0x39,0x27,0x36,0x2d },
+ { 0xd9,0x64,0x0a,0x0f }, { 0xa6,0x21,0x68,0x5c },
+ { 0x54,0xd1,0x9b,0x5b }, { 0x2e,0x3a,0x24,0x36 },
+ { 0x67,0xb1,0x0c,0x0a }, { 0xe7,0x0f,0x93,0x57 },
+ { 0x96,0xd2,0xb4,0xee }, { 0x91,0x9e,0x1b,0x9b },
+ { 0xc5,0x4f,0x80,0xc0 }, { 0x20,0xa2,0x61,0xdc },
+ { 0x4b,0x69,0x5a,0x77 }, { 0x1a,0x16,0x1c,0x12 },
+ { 0xba,0x0a,0xe2,0x93 }, { 0x2a,0xe5,0xc0,0xa0 },
+ { 0xe0,0x43,0x3c,0x22 }, { 0x17,0x1d,0x12,0x1b },
+ { 0x0d,0x0b,0x0e,0x09 }, { 0xc7,0xad,0xf2,0x8b },
+ { 0xa8,0xb9,0x2d,0xb6 }, { 0xa9,0xc8,0x14,0x1e },
+ { 0x19,0x85,0x57,0xf1 }, { 0x07,0x4c,0xaf,0x75 },
+ { 0xdd,0xbb,0xee,0x99 }, { 0x60,0xfd,0xa3,0x7f },
+ { 0x26,0x9f,0xf7,0x01 }, { 0xf5,0xbc,0x5c,0x72 },
+ { 0x3b,0xc5,0x44,0x66 }, { 0x7e,0x34,0x5b,0xfb },
+ { 0x29,0x76,0x8b,0x43 }, { 0xc6,0xdc,0xcb,0x23 },
+ { 0xfc,0x68,0xb6,0xed }, { 0xf1,0x63,0xb8,0xe4 },
+ { 0xdc,0xca,0xd7,0x31 }, { 0x85,0x10,0x42,0x63 },
+ { 0x22,0x40,0x13,0x97 }, { 0x11,0x20,0x84,0xc6 },
+ { 0x24,0x7d,0x85,0x4a }, { 0x3d,0xf8,0xd2,0xbb },
+ { 0x32,0x11,0xae,0xf9 }, { 0xa1,0x6d,0xc7,0x29 },
+ { 0x2f,0x4b,0x1d,0x9e }, { 0x30,0xf3,0xdc,0xb2 },
+ { 0x52,0xec,0x0d,0x86 }, { 0xe3,0xd0,0x77,0xc1 },
+ { 0x16,0x6c,0x2b,0xb3 }, { 0xb9,0x99,0xa9,0x70 },
+ { 0x48,0xfa,0x11,0x94 }, { 0x64,0x22,0x47,0xe9 },
+ { 0x8c,0xc4,0xa8,0xfc }, { 0x3f,0x1a,0xa0,0xf0 },
+ { 0x2c,0xd8,0x56,0x7d }, { 0x90,0xef,0x22,0x33 },
+ { 0x4e,0xc7,0x87,0x49 }, { 0xd1,0xc1,0xd9,0x38 },
+ { 0xa2,0xfe,0x8c,0xca }, { 0x0b,0x36,0x98,0xd4 },
+ { 0x81,0xcf,0xa6,0xf5 }, { 0xde,0x28,0xa5,0x7a },
+ { 0x8e,0x26,0xda,0xb7 }, { 0xbf,0xa4,0x3f,0xad },
+ { 0x9d,0xe4,0x2c,0x3a }, { 0x92,0x0d,0x50,0x78 },
+ { 0xcc,0x9b,0x6a,0x5f }, { 0x46,0x62,0x54,0x7e },
+ { 0x13,0xc2,0xf6,0x8d }, { 0xb8,0xe8,0x90,0xd8 },
+ { 0xf7,0x5e,0x2e,0x39 }, { 0xaf,0xf5,0x82,0xc3 },
+ { 0x80,0xbe,0x9f,0x5d }, { 0x93,0x7c,0x69,0xd0 },
+ { 0x2d,0xa9,0x6f,0xd5 }, { 0x12,0xb3,0xcf,0x25 },
+ { 0x99,0x3b,0xc8,0xac }, { 0x7d,0xa7,0x10,0x18 },
+ { 0x63,0x6e,0xe8,0x9c }, { 0xbb,0x7b,0xdb,0x3b },
+ { 0x78,0x09,0xcd,0x26 }, { 0x18,0xf4,0x6e,0x59 },
+ { 0xb7,0x01,0xec,0x9a }, { 0x9a,0xa8,0x83,0x4f },
+ { 0x6e,0x65,0xe6,0x95 }, { 0xe6,0x7e,0xaa,0xff },
+ { 0xcf,0x08,0x21,0xbc }, { 0xe8,0xe6,0xef,0x15 },
+ { 0x9b,0xd9,0xba,0xe7 }, { 0x36,0xce,0x4a,0x6f },
+ { 0x09,0xd4,0xea,0x9f }, { 0x7c,0xd6,0x29,0xb0 },
+ { 0xb2,0xaf,0x31,0xa4 }, { 0x23,0x31,0x2a,0x3f },
+ { 0x94,0x30,0xc6,0xa5 }, { 0x66,0xc0,0x35,0xa2 },
+ { 0xbc,0x37,0x74,0x4e }, { 0xca,0xa6,0xfc,0x82 },
+ { 0xd0,0xb0,0xe0,0x90 }, { 0xd8,0x15,0x33,0xa7 },
+ { 0x98,0x4a,0xf1,0x04 }, { 0xda,0xf7,0x41,0xec },
+ { 0x50,0x0e,0x7f,0xcd }, { 0xf6,0x2f,0x17,0x91 },
+ { 0xd6,0x8d,0x76,0x4d }, { 0xb0,0x4d,0x43,0xef },
+ { 0x4d,0x54,0xcc,0xaa }, { 0x04,0xdf,0xe4,0x96 },
+ { 0xb5,0xe3,0x9e,0xd1 }, { 0x88,0x1b,0x4c,0x6a },
+ { 0x1f,0xb8,0xc1,0x2c }, { 0x51,0x7f,0x46,0x65 },
+ { 0xea,0x04,0x9d,0x5e }, { 0x35,0x5d,0x01,0x8c },
+ { 0x74,0x73,0xfa,0x87 }, { 0x41,0x2e,0xfb,0x0b },
+ { 0x1d,0x5a,0xb3,0x67 }, { 0xd2,0x52,0x92,0xdb },
+ { 0x56,0x33,0xe9,0x10 }, { 0x47,0x13,0x6d,0xd6 },
+ { 0x61,0x8c,0x9a,0xd7 }, { 0x0c,0x7a,0x37,0xa1 },
+ { 0x14,0x8e,0x59,0xf8 }, { 0x3c,0x89,0xeb,0x13 },
+ { 0x27,0xee,0xce,0xa9 }, { 0xc9,0x35,0xb7,0x61 },
+ { 0xe5,0xed,0xe1,0x1c }, { 0xb1,0x3c,0x7a,0x47 },
+ { 0xdf,0x59,0x9c,0xd2 }, { 0x73,0x3f,0x55,0xf2 },
+ { 0xce,0x79,0x18,0x14 }, { 0x37,0xbf,0x73,0xc7 },
+ { 0xcd,0xea,0x53,0xf7 }, { 0xaa,0x5b,0x5f,0xfd },
+ { 0x6f,0x14,0xdf,0x3d }, { 0xdb,0x86,0x78,0x44 },
+ { 0xf3,0x81,0xca,0xaf }, { 0xc4,0x3e,0xb9,0x68 },
+ { 0x34,0x2c,0x38,0x24 }, { 0x40,0x5f,0xc2,0xa3 },
+ { 0xc3,0x72,0x16,0x1d }, { 0x25,0x0c,0xbc,0xe2 },
+ { 0x49,0x8b,0x28,0x3c }, { 0x95,0x41,0xff,0x0d },
+ { 0x01,0x71,0x39,0xa8 }, { 0xb3,0xde,0x08,0x0c },
+ { 0xe4,0x9c,0xd8,0xb4 }, { 0xc1,0x90,0x64,0x56 },
+ { 0x84,0x61,0x7b,0xcb }, { 0xb6,0x70,0xd5,0x32 },
+ { 0x5c,0x74,0x48,0x6c }, { 0x57,0x42,0xd0,0xb8 }
+ };
+
+static const unsigned char T8[256][4] =
+ {
+ { 0xf4,0xa7,0x50,0x51 }, { 0x41,0x65,0x53,0x7e },
+ { 0x17,0xa4,0xc3,0x1a }, { 0x27,0x5e,0x96,0x3a },
+ { 0xab,0x6b,0xcb,0x3b }, { 0x9d,0x45,0xf1,0x1f },
+ { 0xfa,0x58,0xab,0xac }, { 0xe3,0x03,0x93,0x4b },
+ { 0x30,0xfa,0x55,0x20 }, { 0x76,0x6d,0xf6,0xad },
+ { 0xcc,0x76,0x91,0x88 }, { 0x02,0x4c,0x25,0xf5 },
+ { 0xe5,0xd7,0xfc,0x4f }, { 0x2a,0xcb,0xd7,0xc5 },
+ { 0x35,0x44,0x80,0x26 }, { 0x62,0xa3,0x8f,0xb5 },
+ { 0xb1,0x5a,0x49,0xde }, { 0xba,0x1b,0x67,0x25 },
+ { 0xea,0x0e,0x98,0x45 }, { 0xfe,0xc0,0xe1,0x5d },
+ { 0x2f,0x75,0x02,0xc3 }, { 0x4c,0xf0,0x12,0x81 },
+ { 0x46,0x97,0xa3,0x8d }, { 0xd3,0xf9,0xc6,0x6b },
+ { 0x8f,0x5f,0xe7,0x03 }, { 0x92,0x9c,0x95,0x15 },
+ { 0x6d,0x7a,0xeb,0xbf }, { 0x52,0x59,0xda,0x95 },
+ { 0xbe,0x83,0x2d,0xd4 }, { 0x74,0x21,0xd3,0x58 },
+ { 0xe0,0x69,0x29,0x49 }, { 0xc9,0xc8,0x44,0x8e },
+ { 0xc2,0x89,0x6a,0x75 }, { 0x8e,0x79,0x78,0xf4 },
+ { 0x58,0x3e,0x6b,0x99 }, { 0xb9,0x71,0xdd,0x27 },
+ { 0xe1,0x4f,0xb6,0xbe }, { 0x88,0xad,0x17,0xf0 },
+ { 0x20,0xac,0x66,0xc9 }, { 0xce,0x3a,0xb4,0x7d },
+ { 0xdf,0x4a,0x18,0x63 }, { 0x1a,0x31,0x82,0xe5 },
+ { 0x51,0x33,0x60,0x97 }, { 0x53,0x7f,0x45,0x62 },
+ { 0x64,0x77,0xe0,0xb1 }, { 0x6b,0xae,0x84,0xbb },
+ { 0x81,0xa0,0x1c,0xfe }, { 0x08,0x2b,0x94,0xf9 },
+ { 0x48,0x68,0x58,0x70 }, { 0x45,0xfd,0x19,0x8f },
+ { 0xde,0x6c,0x87,0x94 }, { 0x7b,0xf8,0xb7,0x52 },
+ { 0x73,0xd3,0x23,0xab }, { 0x4b,0x02,0xe2,0x72 },
+ { 0x1f,0x8f,0x57,0xe3 }, { 0x55,0xab,0x2a,0x66 },
+ { 0xeb,0x28,0x07,0xb2 }, { 0xb5,0xc2,0x03,0x2f },
+ { 0xc5,0x7b,0x9a,0x86 }, { 0x37,0x08,0xa5,0xd3 },
+ { 0x28,0x87,0xf2,0x30 }, { 0xbf,0xa5,0xb2,0x23 },
+ { 0x03,0x6a,0xba,0x02 }, { 0x16,0x82,0x5c,0xed },
+ { 0xcf,0x1c,0x2b,0x8a }, { 0x79,0xb4,0x92,0xa7 },
+ { 0x07,0xf2,0xf0,0xf3 }, { 0x69,0xe2,0xa1,0x4e },
+ { 0xda,0xf4,0xcd,0x65 }, { 0x05,0xbe,0xd5,0x06 },
+ { 0x34,0x62,0x1f,0xd1 }, { 0xa6,0xfe,0x8a,0xc4 },
+ { 0x2e,0x53,0x9d,0x34 }, { 0xf3,0x55,0xa0,0xa2 },
+ { 0x8a,0xe1,0x32,0x05 }, { 0xf6,0xeb,0x75,0xa4 },
+ { 0x83,0xec,0x39,0x0b }, { 0x60,0xef,0xaa,0x40 },
+ { 0x71,0x9f,0x06,0x5e }, { 0x6e,0x10,0x51,0xbd },
+ { 0x21,0x8a,0xf9,0x3e }, { 0xdd,0x06,0x3d,0x96 },
+ { 0x3e,0x05,0xae,0xdd }, { 0xe6,0xbd,0x46,0x4d },
+ { 0x54,0x8d,0xb5,0x91 }, { 0xc4,0x5d,0x05,0x71 },
+ { 0x06,0xd4,0x6f,0x04 }, { 0x50,0x15,0xff,0x60 },
+ { 0x98,0xfb,0x24,0x19 }, { 0xbd,0xe9,0x97,0xd6 },
+ { 0x40,0x43,0xcc,0x89 }, { 0xd9,0x9e,0x77,0x67 },
+ { 0xe8,0x42,0xbd,0xb0 }, { 0x89,0x8b,0x88,0x07 },
+ { 0x19,0x5b,0x38,0xe7 }, { 0xc8,0xee,0xdb,0x79 },
+ { 0x7c,0x0a,0x47,0xa1 }, { 0x42,0x0f,0xe9,0x7c },
+ { 0x84,0x1e,0xc9,0xf8 }, { 0x00,0x00,0x00,0x00 },
+ { 0x80,0x86,0x83,0x09 }, { 0x2b,0xed,0x48,0x32 },
+ { 0x11,0x70,0xac,0x1e }, { 0x5a,0x72,0x4e,0x6c },
+ { 0x0e,0xff,0xfb,0xfd }, { 0x85,0x38,0x56,0x0f },
+ { 0xae,0xd5,0x1e,0x3d }, { 0x2d,0x39,0x27,0x36 },
+ { 0x0f,0xd9,0x64,0x0a }, { 0x5c,0xa6,0x21,0x68 },
+ { 0x5b,0x54,0xd1,0x9b }, { 0x36,0x2e,0x3a,0x24 },
+ { 0x0a,0x67,0xb1,0x0c }, { 0x57,0xe7,0x0f,0x93 },
+ { 0xee,0x96,0xd2,0xb4 }, { 0x9b,0x91,0x9e,0x1b },
+ { 0xc0,0xc5,0x4f,0x80 }, { 0xdc,0x20,0xa2,0x61 },
+ { 0x77,0x4b,0x69,0x5a }, { 0x12,0x1a,0x16,0x1c },
+ { 0x93,0xba,0x0a,0xe2 }, { 0xa0,0x2a,0xe5,0xc0 },
+ { 0x22,0xe0,0x43,0x3c }, { 0x1b,0x17,0x1d,0x12 },
+ { 0x09,0x0d,0x0b,0x0e }, { 0x8b,0xc7,0xad,0xf2 },
+ { 0xb6,0xa8,0xb9,0x2d }, { 0x1e,0xa9,0xc8,0x14 },
+ { 0xf1,0x19,0x85,0x57 }, { 0x75,0x07,0x4c,0xaf },
+ { 0x99,0xdd,0xbb,0xee }, { 0x7f,0x60,0xfd,0xa3 },
+ { 0x01,0x26,0x9f,0xf7 }, { 0x72,0xf5,0xbc,0x5c },
+ { 0x66,0x3b,0xc5,0x44 }, { 0xfb,0x7e,0x34,0x5b },
+ { 0x43,0x29,0x76,0x8b }, { 0x23,0xc6,0xdc,0xcb },
+ { 0xed,0xfc,0x68,0xb6 }, { 0xe4,0xf1,0x63,0xb8 },
+ { 0x31,0xdc,0xca,0xd7 }, { 0x63,0x85,0x10,0x42 },
+ { 0x97,0x22,0x40,0x13 }, { 0xc6,0x11,0x20,0x84 },
+ { 0x4a,0x24,0x7d,0x85 }, { 0xbb,0x3d,0xf8,0xd2 },
+ { 0xf9,0x32,0x11,0xae }, { 0x29,0xa1,0x6d,0xc7 },
+ { 0x9e,0x2f,0x4b,0x1d }, { 0xb2,0x30,0xf3,0xdc },
+ { 0x86,0x52,0xec,0x0d }, { 0xc1,0xe3,0xd0,0x77 },
+ { 0xb3,0x16,0x6c,0x2b }, { 0x70,0xb9,0x99,0xa9 },
+ { 0x94,0x48,0xfa,0x11 }, { 0xe9,0x64,0x22,0x47 },
+ { 0xfc,0x8c,0xc4,0xa8 }, { 0xf0,0x3f,0x1a,0xa0 },
+ { 0x7d,0x2c,0xd8,0x56 }, { 0x33,0x90,0xef,0x22 },
+ { 0x49,0x4e,0xc7,0x87 }, { 0x38,0xd1,0xc1,0xd9 },
+ { 0xca,0xa2,0xfe,0x8c }, { 0xd4,0x0b,0x36,0x98 },
+ { 0xf5,0x81,0xcf,0xa6 }, { 0x7a,0xde,0x28,0xa5 },
+ { 0xb7,0x8e,0x26,0xda }, { 0xad,0xbf,0xa4,0x3f },
+ { 0x3a,0x9d,0xe4,0x2c }, { 0x78,0x92,0x0d,0x50 },
+ { 0x5f,0xcc,0x9b,0x6a }, { 0x7e,0x46,0x62,0x54 },
+ { 0x8d,0x13,0xc2,0xf6 }, { 0xd8,0xb8,0xe8,0x90 },
+ { 0x39,0xf7,0x5e,0x2e }, { 0xc3,0xaf,0xf5,0x82 },
+ { 0x5d,0x80,0xbe,0x9f }, { 0xd0,0x93,0x7c,0x69 },
+ { 0xd5,0x2d,0xa9,0x6f }, { 0x25,0x12,0xb3,0xcf },
+ { 0xac,0x99,0x3b,0xc8 }, { 0x18,0x7d,0xa7,0x10 },
+ { 0x9c,0x63,0x6e,0xe8 }, { 0x3b,0xbb,0x7b,0xdb },
+ { 0x26,0x78,0x09,0xcd }, { 0x59,0x18,0xf4,0x6e },
+ { 0x9a,0xb7,0x01,0xec }, { 0x4f,0x9a,0xa8,0x83 },
+ { 0x95,0x6e,0x65,0xe6 }, { 0xff,0xe6,0x7e,0xaa },
+ { 0xbc,0xcf,0x08,0x21 }, { 0x15,0xe8,0xe6,0xef },
+ { 0xe7,0x9b,0xd9,0xba }, { 0x6f,0x36,0xce,0x4a },
+ { 0x9f,0x09,0xd4,0xea }, { 0xb0,0x7c,0xd6,0x29 },
+ { 0xa4,0xb2,0xaf,0x31 }, { 0x3f,0x23,0x31,0x2a },
+ { 0xa5,0x94,0x30,0xc6 }, { 0xa2,0x66,0xc0,0x35 },
+ { 0x4e,0xbc,0x37,0x74 }, { 0x82,0xca,0xa6,0xfc },
+ { 0x90,0xd0,0xb0,0xe0 }, { 0xa7,0xd8,0x15,0x33 },
+ { 0x04,0x98,0x4a,0xf1 }, { 0xec,0xda,0xf7,0x41 },
+ { 0xcd,0x50,0x0e,0x7f }, { 0x91,0xf6,0x2f,0x17 },
+ { 0x4d,0xd6,0x8d,0x76 }, { 0xef,0xb0,0x4d,0x43 },
+ { 0xaa,0x4d,0x54,0xcc }, { 0x96,0x04,0xdf,0xe4 },
+ { 0xd1,0xb5,0xe3,0x9e }, { 0x6a,0x88,0x1b,0x4c },
+ { 0x2c,0x1f,0xb8,0xc1 }, { 0x65,0x51,0x7f,0x46 },
+ { 0x5e,0xea,0x04,0x9d }, { 0x8c,0x35,0x5d,0x01 },
+ { 0x87,0x74,0x73,0xfa }, { 0x0b,0x41,0x2e,0xfb },
+ { 0x67,0x1d,0x5a,0xb3 }, { 0xdb,0xd2,0x52,0x92 },
+ { 0x10,0x56,0x33,0xe9 }, { 0xd6,0x47,0x13,0x6d },
+ { 0xd7,0x61,0x8c,0x9a }, { 0xa1,0x0c,0x7a,0x37 },
+ { 0xf8,0x14,0x8e,0x59 }, { 0x13,0x3c,0x89,0xeb },
+ { 0xa9,0x27,0xee,0xce }, { 0x61,0xc9,0x35,0xb7 },
+ { 0x1c,0xe5,0xed,0xe1 }, { 0x47,0xb1,0x3c,0x7a },
+ { 0xd2,0xdf,0x59,0x9c }, { 0xf2,0x73,0x3f,0x55 },
+ { 0x14,0xce,0x79,0x18 }, { 0xc7,0x37,0xbf,0x73 },
+ { 0xf7,0xcd,0xea,0x53 }, { 0xfd,0xaa,0x5b,0x5f },
+ { 0x3d,0x6f,0x14,0xdf }, { 0x44,0xdb,0x86,0x78 },
+ { 0xaf,0xf3,0x81,0xca }, { 0x68,0xc4,0x3e,0xb9 },
+ { 0x24,0x34,0x2c,0x38 }, { 0xa3,0x40,0x5f,0xc2 },
+ { 0x1d,0xc3,0x72,0x16 }, { 0xe2,0x25,0x0c,0xbc },
+ { 0x3c,0x49,0x8b,0x28 }, { 0x0d,0x95,0x41,0xff },
+ { 0xa8,0x01,0x71,0x39 }, { 0x0c,0xb3,0xde,0x08 },
+ { 0xb4,0xe4,0x9c,0xd8 }, { 0x56,0xc1,0x90,0x64 },
+ { 0xcb,0x84,0x61,0x7b }, { 0x32,0xb6,0x70,0xd5 },
+ { 0x6c,0x5c,0x74,0x48 }, { 0xb8,0x57,0x42,0xd0 }
+ };
+
+static const unsigned char S5[256] =
+ {
+ 0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38,
+ 0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb,
+ 0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87,
+ 0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb,
+ 0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d,
+ 0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e,
+ 0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2,
+ 0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25,
+ 0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16,
+ 0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92,
+ 0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda,
+ 0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84,
+ 0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a,
+ 0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06,
+ 0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02,
+ 0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b,
+ 0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea,
+ 0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73,
+ 0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85,
+ 0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e,
+ 0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89,
+ 0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b,
+ 0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20,
+ 0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4,
+ 0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31,
+ 0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f,
+ 0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d,
+ 0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef,
+ 0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0,
+ 0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61,
+ 0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26,
+ 0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
+ };
+
+static const unsigned char U1[256][4] =
+ {
+ { 0x00,0x00,0x00,0x00 }, { 0x0e,0x09,0x0d,0x0b },
+ { 0x1c,0x12,0x1a,0x16 }, { 0x12,0x1b,0x17,0x1d },
+ { 0x38,0x24,0x34,0x2c }, { 0x36,0x2d,0x39,0x27 },
+ { 0x24,0x36,0x2e,0x3a }, { 0x2a,0x3f,0x23,0x31 },
+ { 0x70,0x48,0x68,0x58 }, { 0x7e,0x41,0x65,0x53 },
+ { 0x6c,0x5a,0x72,0x4e }, { 0x62,0x53,0x7f,0x45 },
+ { 0x48,0x6c,0x5c,0x74 }, { 0x46,0x65,0x51,0x7f },
+ { 0x54,0x7e,0x46,0x62 }, { 0x5a,0x77,0x4b,0x69 },
+ { 0xe0,0x90,0xd0,0xb0 }, { 0xee,0x99,0xdd,0xbb },
+ { 0xfc,0x82,0xca,0xa6 }, { 0xf2,0x8b,0xc7,0xad },
+ { 0xd8,0xb4,0xe4,0x9c }, { 0xd6,0xbd,0xe9,0x97 },
+ { 0xc4,0xa6,0xfe,0x8a }, { 0xca,0xaf,0xf3,0x81 },
+ { 0x90,0xd8,0xb8,0xe8 }, { 0x9e,0xd1,0xb5,0xe3 },
+ { 0x8c,0xca,0xa2,0xfe }, { 0x82,0xc3,0xaf,0xf5 },
+ { 0xa8,0xfc,0x8c,0xc4 }, { 0xa6,0xf5,0x81,0xcf },
+ { 0xb4,0xee,0x96,0xd2 }, { 0xba,0xe7,0x9b,0xd9 },
+ { 0xdb,0x3b,0xbb,0x7b }, { 0xd5,0x32,0xb6,0x70 },
+ { 0xc7,0x29,0xa1,0x6d }, { 0xc9,0x20,0xac,0x66 },
+ { 0xe3,0x1f,0x8f,0x57 }, { 0xed,0x16,0x82,0x5c },
+ { 0xff,0x0d,0x95,0x41 }, { 0xf1,0x04,0x98,0x4a },
+ { 0xab,0x73,0xd3,0x23 }, { 0xa5,0x7a,0xde,0x28 },
+ { 0xb7,0x61,0xc9,0x35 }, { 0xb9,0x68,0xc4,0x3e },
+ { 0x93,0x57,0xe7,0x0f }, { 0x9d,0x5e,0xea,0x04 },
+ { 0x8f,0x45,0xfd,0x19 }, { 0x81,0x4c,0xf0,0x12 },
+ { 0x3b,0xab,0x6b,0xcb }, { 0x35,0xa2,0x66,0xc0 },
+ { 0x27,0xb9,0x71,0xdd }, { 0x29,0xb0,0x7c,0xd6 },
+ { 0x03,0x8f,0x5f,0xe7 }, { 0x0d,0x86,0x52,0xec },
+ { 0x1f,0x9d,0x45,0xf1 }, { 0x11,0x94,0x48,0xfa },
+ { 0x4b,0xe3,0x03,0x93 }, { 0x45,0xea,0x0e,0x98 },
+ { 0x57,0xf1,0x19,0x85 }, { 0x59,0xf8,0x14,0x8e },
+ { 0x73,0xc7,0x37,0xbf }, { 0x7d,0xce,0x3a,0xb4 },
+ { 0x6f,0xd5,0x2d,0xa9 }, { 0x61,0xdc,0x20,0xa2 },
+ { 0xad,0x76,0x6d,0xf6 }, { 0xa3,0x7f,0x60,0xfd },
+ { 0xb1,0x64,0x77,0xe0 }, { 0xbf,0x6d,0x7a,0xeb },
+ { 0x95,0x52,0x59,0xda }, { 0x9b,0x5b,0x54,0xd1 },
+ { 0x89,0x40,0x43,0xcc }, { 0x87,0x49,0x4e,0xc7 },
+ { 0xdd,0x3e,0x05,0xae }, { 0xd3,0x37,0x08,0xa5 },
+ { 0xc1,0x2c,0x1f,0xb8 }, { 0xcf,0x25,0x12,0xb3 },
+ { 0xe5,0x1a,0x31,0x82 }, { 0xeb,0x13,0x3c,0x89 },
+ { 0xf9,0x08,0x2b,0x94 }, { 0xf7,0x01,0x26,0x9f },
+ { 0x4d,0xe6,0xbd,0x46 }, { 0x43,0xef,0xb0,0x4d },
+ { 0x51,0xf4,0xa7,0x50 }, { 0x5f,0xfd,0xaa,0x5b },
+ { 0x75,0xc2,0x89,0x6a }, { 0x7b,0xcb,0x84,0x61 },
+ { 0x69,0xd0,0x93,0x7c }, { 0x67,0xd9,0x9e,0x77 },
+ { 0x3d,0xae,0xd5,0x1e }, { 0x33,0xa7,0xd8,0x15 },
+ { 0x21,0xbc,0xcf,0x08 }, { 0x2f,0xb5,0xc2,0x03 },
+ { 0x05,0x8a,0xe1,0x32 }, { 0x0b,0x83,0xec,0x39 },
+ { 0x19,0x98,0xfb,0x24 }, { 0x17,0x91,0xf6,0x2f },
+ { 0x76,0x4d,0xd6,0x8d }, { 0x78,0x44,0xdb,0x86 },
+ { 0x6a,0x5f,0xcc,0x9b }, { 0x64,0x56,0xc1,0x90 },
+ { 0x4e,0x69,0xe2,0xa1 }, { 0x40,0x60,0xef,0xaa },
+ { 0x52,0x7b,0xf8,0xb7 }, { 0x5c,0x72,0xf5,0xbc },
+ { 0x06,0x05,0xbe,0xd5 }, { 0x08,0x0c,0xb3,0xde },
+ { 0x1a,0x17,0xa4,0xc3 }, { 0x14,0x1e,0xa9,0xc8 },
+ { 0x3e,0x21,0x8a,0xf9 }, { 0x30,0x28,0x87,0xf2 },
+ { 0x22,0x33,0x90,0xef }, { 0x2c,0x3a,0x9d,0xe4 },
+ { 0x96,0xdd,0x06,0x3d }, { 0x98,0xd4,0x0b,0x36 },
+ { 0x8a,0xcf,0x1c,0x2b }, { 0x84,0xc6,0x11,0x20 },
+ { 0xae,0xf9,0x32,0x11 }, { 0xa0,0xf0,0x3f,0x1a },
+ { 0xb2,0xeb,0x28,0x07 }, { 0xbc,0xe2,0x25,0x0c },
+ { 0xe6,0x95,0x6e,0x65 }, { 0xe8,0x9c,0x63,0x6e },
+ { 0xfa,0x87,0x74,0x73 }, { 0xf4,0x8e,0x79,0x78 },
+ { 0xde,0xb1,0x5a,0x49 }, { 0xd0,0xb8,0x57,0x42 },
+ { 0xc2,0xa3,0x40,0x5f }, { 0xcc,0xaa,0x4d,0x54 },
+ { 0x41,0xec,0xda,0xf7 }, { 0x4f,0xe5,0xd7,0xfc },
+ { 0x5d,0xfe,0xc0,0xe1 }, { 0x53,0xf7,0xcd,0xea },
+ { 0x79,0xc8,0xee,0xdb }, { 0x77,0xc1,0xe3,0xd0 },
+ { 0x65,0xda,0xf4,0xcd }, { 0x6b,0xd3,0xf9,0xc6 },
+ { 0x31,0xa4,0xb2,0xaf }, { 0x3f,0xad,0xbf,0xa4 },
+ { 0x2d,0xb6,0xa8,0xb9 }, { 0x23,0xbf,0xa5,0xb2 },
+ { 0x09,0x80,0x86,0x83 }, { 0x07,0x89,0x8b,0x88 },
+ { 0x15,0x92,0x9c,0x95 }, { 0x1b,0x9b,0x91,0x9e },
+ { 0xa1,0x7c,0x0a,0x47 }, { 0xaf,0x75,0x07,0x4c },
+ { 0xbd,0x6e,0x10,0x51 }, { 0xb3,0x67,0x1d,0x5a },
+ { 0x99,0x58,0x3e,0x6b }, { 0x97,0x51,0x33,0x60 },
+ { 0x85,0x4a,0x24,0x7d }, { 0x8b,0x43,0x29,0x76 },
+ { 0xd1,0x34,0x62,0x1f }, { 0xdf,0x3d,0x6f,0x14 },
+ { 0xcd,0x26,0x78,0x09 }, { 0xc3,0x2f,0x75,0x02 },
+ { 0xe9,0x10,0x56,0x33 }, { 0xe7,0x19,0x5b,0x38 },
+ { 0xf5,0x02,0x4c,0x25 }, { 0xfb,0x0b,0x41,0x2e },
+ { 0x9a,0xd7,0x61,0x8c }, { 0x94,0xde,0x6c,0x87 },
+ { 0x86,0xc5,0x7b,0x9a }, { 0x88,0xcc,0x76,0x91 },
+ { 0xa2,0xf3,0x55,0xa0 }, { 0xac,0xfa,0x58,0xab },
+ { 0xbe,0xe1,0x4f,0xb6 }, { 0xb0,0xe8,0x42,0xbd },
+ { 0xea,0x9f,0x09,0xd4 }, { 0xe4,0x96,0x04,0xdf },
+ { 0xf6,0x8d,0x13,0xc2 }, { 0xf8,0x84,0x1e,0xc9 },
+ { 0xd2,0xbb,0x3d,0xf8 }, { 0xdc,0xb2,0x30,0xf3 },
+ { 0xce,0xa9,0x27,0xee }, { 0xc0,0xa0,0x2a,0xe5 },
+ { 0x7a,0x47,0xb1,0x3c }, { 0x74,0x4e,0xbc,0x37 },
+ { 0x66,0x55,0xab,0x2a }, { 0x68,0x5c,0xa6,0x21 },
+ { 0x42,0x63,0x85,0x10 }, { 0x4c,0x6a,0x88,0x1b },
+ { 0x5e,0x71,0x9f,0x06 }, { 0x50,0x78,0x92,0x0d },
+ { 0x0a,0x0f,0xd9,0x64 }, { 0x04,0x06,0xd4,0x6f },
+ { 0x16,0x1d,0xc3,0x72 }, { 0x18,0x14,0xce,0x79 },
+ { 0x32,0x2b,0xed,0x48 }, { 0x3c,0x22,0xe0,0x43 },
+ { 0x2e,0x39,0xf7,0x5e }, { 0x20,0x30,0xfa,0x55 },
+ { 0xec,0x9a,0xb7,0x01 }, { 0xe2,0x93,0xba,0x0a },
+ { 0xf0,0x88,0xad,0x17 }, { 0xfe,0x81,0xa0,0x1c },
+ { 0xd4,0xbe,0x83,0x2d }, { 0xda,0xb7,0x8e,0x26 },
+ { 0xc8,0xac,0x99,0x3b }, { 0xc6,0xa5,0x94,0x30 },
+ { 0x9c,0xd2,0xdf,0x59 }, { 0x92,0xdb,0xd2,0x52 },
+ { 0x80,0xc0,0xc5,0x4f }, { 0x8e,0xc9,0xc8,0x44 },
+ { 0xa4,0xf6,0xeb,0x75 }, { 0xaa,0xff,0xe6,0x7e },
+ { 0xb8,0xe4,0xf1,0x63 }, { 0xb6,0xed,0xfc,0x68 },
+ { 0x0c,0x0a,0x67,0xb1 }, { 0x02,0x03,0x6a,0xba },
+ { 0x10,0x18,0x7d,0xa7 }, { 0x1e,0x11,0x70,0xac },
+ { 0x34,0x2e,0x53,0x9d }, { 0x3a,0x27,0x5e,0x96 },
+ { 0x28,0x3c,0x49,0x8b }, { 0x26,0x35,0x44,0x80 },
+ { 0x7c,0x42,0x0f,0xe9 }, { 0x72,0x4b,0x02,0xe2 },
+ { 0x60,0x50,0x15,0xff }, { 0x6e,0x59,0x18,0xf4 },
+ { 0x44,0x66,0x3b,0xc5 }, { 0x4a,0x6f,0x36,0xce },
+ { 0x58,0x74,0x21,0xd3 }, { 0x56,0x7d,0x2c,0xd8 },
+ { 0x37,0xa1,0x0c,0x7a }, { 0x39,0xa8,0x01,0x71 },
+ { 0x2b,0xb3,0x16,0x6c }, { 0x25,0xba,0x1b,0x67 },
+ { 0x0f,0x85,0x38,0x56 }, { 0x01,0x8c,0x35,0x5d },
+ { 0x13,0x97,0x22,0x40 }, { 0x1d,0x9e,0x2f,0x4b },
+ { 0x47,0xe9,0x64,0x22 }, { 0x49,0xe0,0x69,0x29 },
+ { 0x5b,0xfb,0x7e,0x34 }, { 0x55,0xf2,0x73,0x3f },
+ { 0x7f,0xcd,0x50,0x0e }, { 0x71,0xc4,0x5d,0x05 },
+ { 0x63,0xdf,0x4a,0x18 }, { 0x6d,0xd6,0x47,0x13 },
+ { 0xd7,0x31,0xdc,0xca }, { 0xd9,0x38,0xd1,0xc1 },
+ { 0xcb,0x23,0xc6,0xdc }, { 0xc5,0x2a,0xcb,0xd7 },
+ { 0xef,0x15,0xe8,0xe6 }, { 0xe1,0x1c,0xe5,0xed },
+ { 0xf3,0x07,0xf2,0xf0 }, { 0xfd,0x0e,0xff,0xfb },
+ { 0xa7,0x79,0xb4,0x92 }, { 0xa9,0x70,0xb9,0x99 },
+ { 0xbb,0x6b,0xae,0x84 }, { 0xb5,0x62,0xa3,0x8f },
+ { 0x9f,0x5d,0x80,0xbe }, { 0x91,0x54,0x8d,0xb5 },
+ { 0x83,0x4f,0x9a,0xa8 }, { 0x8d,0x46,0x97,0xa3 }
+ };
+
+static const unsigned char U2[256][4] =
+ {
+ { 0x00,0x00,0x00,0x00 }, { 0x0b,0x0e,0x09,0x0d },
+ { 0x16,0x1c,0x12,0x1a }, { 0x1d,0x12,0x1b,0x17 },
+ { 0x2c,0x38,0x24,0x34 }, { 0x27,0x36,0x2d,0x39 },
+ { 0x3a,0x24,0x36,0x2e }, { 0x31,0x2a,0x3f,0x23 },
+ { 0x58,0x70,0x48,0x68 }, { 0x53,0x7e,0x41,0x65 },
+ { 0x4e,0x6c,0x5a,0x72 }, { 0x45,0x62,0x53,0x7f },
+ { 0x74,0x48,0x6c,0x5c }, { 0x7f,0x46,0x65,0x51 },
+ { 0x62,0x54,0x7e,0x46 }, { 0x69,0x5a,0x77,0x4b },
+ { 0xb0,0xe0,0x90,0xd0 }, { 0xbb,0xee,0x99,0xdd },
+ { 0xa6,0xfc,0x82,0xca }, { 0xad,0xf2,0x8b,0xc7 },
+ { 0x9c,0xd8,0xb4,0xe4 }, { 0x97,0xd6,0xbd,0xe9 },
+ { 0x8a,0xc4,0xa6,0xfe }, { 0x81,0xca,0xaf,0xf3 },
+ { 0xe8,0x90,0xd8,0xb8 }, { 0xe3,0x9e,0xd1,0xb5 },
+ { 0xfe,0x8c,0xca,0xa2 }, { 0xf5,0x82,0xc3,0xaf },
+ { 0xc4,0xa8,0xfc,0x8c }, { 0xcf,0xa6,0xf5,0x81 },
+ { 0xd2,0xb4,0xee,0x96 }, { 0xd9,0xba,0xe7,0x9b },
+ { 0x7b,0xdb,0x3b,0xbb }, { 0x70,0xd5,0x32,0xb6 },
+ { 0x6d,0xc7,0x29,0xa1 }, { 0x66,0xc9,0x20,0xac },
+ { 0x57,0xe3,0x1f,0x8f }, { 0x5c,0xed,0x16,0x82 },
+ { 0x41,0xff,0x0d,0x95 }, { 0x4a,0xf1,0x04,0x98 },
+ { 0x23,0xab,0x73,0xd3 }, { 0x28,0xa5,0x7a,0xde },
+ { 0x35,0xb7,0x61,0xc9 }, { 0x3e,0xb9,0x68,0xc4 },
+ { 0x0f,0x93,0x57,0xe7 }, { 0x04,0x9d,0x5e,0xea },
+ { 0x19,0x8f,0x45,0xfd }, { 0x12,0x81,0x4c,0xf0 },
+ { 0xcb,0x3b,0xab,0x6b }, { 0xc0,0x35,0xa2,0x66 },
+ { 0xdd,0x27,0xb9,0x71 }, { 0xd6,0x29,0xb0,0x7c },
+ { 0xe7,0x03,0x8f,0x5f }, { 0xec,0x0d,0x86,0x52 },
+ { 0xf1,0x1f,0x9d,0x45 }, { 0xfa,0x11,0x94,0x48 },
+ { 0x93,0x4b,0xe3,0x03 }, { 0x98,0x45,0xea,0x0e },
+ { 0x85,0x57,0xf1,0x19 }, { 0x8e,0x59,0xf8,0x14 },
+ { 0xbf,0x73,0xc7,0x37 }, { 0xb4,0x7d,0xce,0x3a },
+ { 0xa9,0x6f,0xd5,0x2d }, { 0xa2,0x61,0xdc,0x20 },
+ { 0xf6,0xad,0x76,0x6d }, { 0xfd,0xa3,0x7f,0x60 },
+ { 0xe0,0xb1,0x64,0x77 }, { 0xeb,0xbf,0x6d,0x7a },
+ { 0xda,0x95,0x52,0x59 }, { 0xd1,0x9b,0x5b,0x54 },
+ { 0xcc,0x89,0x40,0x43 }, { 0xc7,0x87,0x49,0x4e },
+ { 0xae,0xdd,0x3e,0x05 }, { 0xa5,0xd3,0x37,0x08 },
+ { 0xb8,0xc1,0x2c,0x1f }, { 0xb3,0xcf,0x25,0x12 },
+ { 0x82,0xe5,0x1a,0x31 }, { 0x89,0xeb,0x13,0x3c },
+ { 0x94,0xf9,0x08,0x2b }, { 0x9f,0xf7,0x01,0x26 },
+ { 0x46,0x4d,0xe6,0xbd }, { 0x4d,0x43,0xef,0xb0 },
+ { 0x50,0x51,0xf4,0xa7 }, { 0x5b,0x5f,0xfd,0xaa },
+ { 0x6a,0x75,0xc2,0x89 }, { 0x61,0x7b,0xcb,0x84 },
+ { 0x7c,0x69,0xd0,0x93 }, { 0x77,0x67,0xd9,0x9e },
+ { 0x1e,0x3d,0xae,0xd5 }, { 0x15,0x33,0xa7,0xd8 },
+ { 0x08,0x21,0xbc,0xcf }, { 0x03,0x2f,0xb5,0xc2 },
+ { 0x32,0x05,0x8a,0xe1 }, { 0x39,0x0b,0x83,0xec },
+ { 0x24,0x19,0x98,0xfb }, { 0x2f,0x17,0x91,0xf6 },
+ { 0x8d,0x76,0x4d,0xd6 }, { 0x86,0x78,0x44,0xdb },
+ { 0x9b,0x6a,0x5f,0xcc }, { 0x90,0x64,0x56,0xc1 },
+ { 0xa1,0x4e,0x69,0xe2 }, { 0xaa,0x40,0x60,0xef },
+ { 0xb7,0x52,0x7b,0xf8 }, { 0xbc,0x5c,0x72,0xf5 },
+ { 0xd5,0x06,0x05,0xbe }, { 0xde,0x08,0x0c,0xb3 },
+ { 0xc3,0x1a,0x17,0xa4 }, { 0xc8,0x14,0x1e,0xa9 },
+ { 0xf9,0x3e,0x21,0x8a }, { 0xf2,0x30,0x28,0x87 },
+ { 0xef,0x22,0x33,0x90 }, { 0xe4,0x2c,0x3a,0x9d },
+ { 0x3d,0x96,0xdd,0x06 }, { 0x36,0x98,0xd4,0x0b },
+ { 0x2b,0x8a,0xcf,0x1c }, { 0x20,0x84,0xc6,0x11 },
+ { 0x11,0xae,0xf9,0x32 }, { 0x1a,0xa0,0xf0,0x3f },
+ { 0x07,0xb2,0xeb,0x28 }, { 0x0c,0xbc,0xe2,0x25 },
+ { 0x65,0xe6,0x95,0x6e }, { 0x6e,0xe8,0x9c,0x63 },
+ { 0x73,0xfa,0x87,0x74 }, { 0x78,0xf4,0x8e,0x79 },
+ { 0x49,0xde,0xb1,0x5a }, { 0x42,0xd0,0xb8,0x57 },
+ { 0x5f,0xc2,0xa3,0x40 }, { 0x54,0xcc,0xaa,0x4d },
+ { 0xf7,0x41,0xec,0xda }, { 0xfc,0x4f,0xe5,0xd7 },
+ { 0xe1,0x5d,0xfe,0xc0 }, { 0xea,0x53,0xf7,0xcd },
+ { 0xdb,0x79,0xc8,0xee }, { 0xd0,0x77,0xc1,0xe3 },
+ { 0xcd,0x65,0xda,0xf4 }, { 0xc6,0x6b,0xd3,0xf9 },
+ { 0xaf,0x31,0xa4,0xb2 }, { 0xa4,0x3f,0xad,0xbf },
+ { 0xb9,0x2d,0xb6,0xa8 }, { 0xb2,0x23,0xbf,0xa5 },
+ { 0x83,0x09,0x80,0x86 }, { 0x88,0x07,0x89,0x8b },
+ { 0x95,0x15,0x92,0x9c }, { 0x9e,0x1b,0x9b,0x91 },
+ { 0x47,0xa1,0x7c,0x0a }, { 0x4c,0xaf,0x75,0x07 },
+ { 0x51,0xbd,0x6e,0x10 }, { 0x5a,0xb3,0x67,0x1d },
+ { 0x6b,0x99,0x58,0x3e }, { 0x60,0x97,0x51,0x33 },
+ { 0x7d,0x85,0x4a,0x24 }, { 0x76,0x8b,0x43,0x29 },
+ { 0x1f,0xd1,0x34,0x62 }, { 0x14,0xdf,0x3d,0x6f },
+ { 0x09,0xcd,0x26,0x78 }, { 0x02,0xc3,0x2f,0x75 },
+ { 0x33,0xe9,0x10,0x56 }, { 0x38,0xe7,0x19,0x5b },
+ { 0x25,0xf5,0x02,0x4c }, { 0x2e,0xfb,0x0b,0x41 },
+ { 0x8c,0x9a,0xd7,0x61 }, { 0x87,0x94,0xde,0x6c },
+ { 0x9a,0x86,0xc5,0x7b }, { 0x91,0x88,0xcc,0x76 },
+ { 0xa0,0xa2,0xf3,0x55 }, { 0xab,0xac,0xfa,0x58 },
+ { 0xb6,0xbe,0xe1,0x4f }, { 0xbd,0xb0,0xe8,0x42 },
+ { 0xd4,0xea,0x9f,0x09 }, { 0xdf,0xe4,0x96,0x04 },
+ { 0xc2,0xf6,0x8d,0x13 }, { 0xc9,0xf8,0x84,0x1e },
+ { 0xf8,0xd2,0xbb,0x3d }, { 0xf3,0xdc,0xb2,0x30 },
+ { 0xee,0xce,0xa9,0x27 }, { 0xe5,0xc0,0xa0,0x2a },
+ { 0x3c,0x7a,0x47,0xb1 }, { 0x37,0x74,0x4e,0xbc },
+ { 0x2a,0x66,0x55,0xab }, { 0x21,0x68,0x5c,0xa6 },
+ { 0x10,0x42,0x63,0x85 }, { 0x1b,0x4c,0x6a,0x88 },
+ { 0x06,0x5e,0x71,0x9f }, { 0x0d,0x50,0x78,0x92 },
+ { 0x64,0x0a,0x0f,0xd9 }, { 0x6f,0x04,0x06,0xd4 },
+ { 0x72,0x16,0x1d,0xc3 }, { 0x79,0x18,0x14,0xce },
+ { 0x48,0x32,0x2b,0xed }, { 0x43,0x3c,0x22,0xe0 },
+ { 0x5e,0x2e,0x39,0xf7 }, { 0x55,0x20,0x30,0xfa },
+ { 0x01,0xec,0x9a,0xb7 }, { 0x0a,0xe2,0x93,0xba },
+ { 0x17,0xf0,0x88,0xad }, { 0x1c,0xfe,0x81,0xa0 },
+ { 0x2d,0xd4,0xbe,0x83 }, { 0x26,0xda,0xb7,0x8e },
+ { 0x3b,0xc8,0xac,0x99 }, { 0x30,0xc6,0xa5,0x94 },
+ { 0x59,0x9c,0xd2,0xdf }, { 0x52,0x92,0xdb,0xd2 },
+ { 0x4f,0x80,0xc0,0xc5 }, { 0x44,0x8e,0xc9,0xc8 },
+ { 0x75,0xa4,0xf6,0xeb }, { 0x7e,0xaa,0xff,0xe6 },
+ { 0x63,0xb8,0xe4,0xf1 }, { 0x68,0xb6,0xed,0xfc },
+ { 0xb1,0x0c,0x0a,0x67 }, { 0xba,0x02,0x03,0x6a },
+ { 0xa7,0x10,0x18,0x7d }, { 0xac,0x1e,0x11,0x70 },
+ { 0x9d,0x34,0x2e,0x53 }, { 0x96,0x3a,0x27,0x5e },
+ { 0x8b,0x28,0x3c,0x49 }, { 0x80,0x26,0x35,0x44 },
+ { 0xe9,0x7c,0x42,0x0f }, { 0xe2,0x72,0x4b,0x02 },
+ { 0xff,0x60,0x50,0x15 }, { 0xf4,0x6e,0x59,0x18 },
+ { 0xc5,0x44,0x66,0x3b }, { 0xce,0x4a,0x6f,0x36 },
+ { 0xd3,0x58,0x74,0x21 }, { 0xd8,0x56,0x7d,0x2c },
+ { 0x7a,0x37,0xa1,0x0c }, { 0x71,0x39,0xa8,0x01 },
+ { 0x6c,0x2b,0xb3,0x16 }, { 0x67,0x25,0xba,0x1b },
+ { 0x56,0x0f,0x85,0x38 }, { 0x5d,0x01,0x8c,0x35 },
+ { 0x40,0x13,0x97,0x22 }, { 0x4b,0x1d,0x9e,0x2f },
+ { 0x22,0x47,0xe9,0x64 }, { 0x29,0x49,0xe0,0x69 },
+ { 0x34,0x5b,0xfb,0x7e }, { 0x3f,0x55,0xf2,0x73 },
+ { 0x0e,0x7f,0xcd,0x50 }, { 0x05,0x71,0xc4,0x5d },
+ { 0x18,0x63,0xdf,0x4a }, { 0x13,0x6d,0xd6,0x47 },
+ { 0xca,0xd7,0x31,0xdc }, { 0xc1,0xd9,0x38,0xd1 },
+ { 0xdc,0xcb,0x23,0xc6 }, { 0xd7,0xc5,0x2a,0xcb },
+ { 0xe6,0xef,0x15,0xe8 }, { 0xed,0xe1,0x1c,0xe5 },
+ { 0xf0,0xf3,0x07,0xf2 }, { 0xfb,0xfd,0x0e,0xff },
+ { 0x92,0xa7,0x79,0xb4 }, { 0x99,0xa9,0x70,0xb9 },
+ { 0x84,0xbb,0x6b,0xae }, { 0x8f,0xb5,0x62,0xa3 },
+ { 0xbe,0x9f,0x5d,0x80 }, { 0xb5,0x91,0x54,0x8d },
+ { 0xa8,0x83,0x4f,0x9a }, { 0xa3,0x8d,0x46,0x97 }
+ };
+
+static const unsigned char U3[256][4] =
+ {
+ { 0x00,0x00,0x00,0x00 }, { 0x0d,0x0b,0x0e,0x09 },
+ { 0x1a,0x16,0x1c,0x12 }, { 0x17,0x1d,0x12,0x1b },
+ { 0x34,0x2c,0x38,0x24 }, { 0x39,0x27,0x36,0x2d },
+ { 0x2e,0x3a,0x24,0x36 }, { 0x23,0x31,0x2a,0x3f },
+ { 0x68,0x58,0x70,0x48 }, { 0x65,0x53,0x7e,0x41 },
+ { 0x72,0x4e,0x6c,0x5a }, { 0x7f,0x45,0x62,0x53 },
+ { 0x5c,0x74,0x48,0x6c }, { 0x51,0x7f,0x46,0x65 },
+ { 0x46,0x62,0x54,0x7e }, { 0x4b,0x69,0x5a,0x77 },
+ { 0xd0,0xb0,0xe0,0x90 }, { 0xdd,0xbb,0xee,0x99 },
+ { 0xca,0xa6,0xfc,0x82 }, { 0xc7,0xad,0xf2,0x8b },
+ { 0xe4,0x9c,0xd8,0xb4 }, { 0xe9,0x97,0xd6,0xbd },
+ { 0xfe,0x8a,0xc4,0xa6 }, { 0xf3,0x81,0xca,0xaf },
+ { 0xb8,0xe8,0x90,0xd8 }, { 0xb5,0xe3,0x9e,0xd1 },
+ { 0xa2,0xfe,0x8c,0xca }, { 0xaf,0xf5,0x82,0xc3 },
+ { 0x8c,0xc4,0xa8,0xfc }, { 0x81,0xcf,0xa6,0xf5 },
+ { 0x96,0xd2,0xb4,0xee }, { 0x9b,0xd9,0xba,0xe7 },
+ { 0xbb,0x7b,0xdb,0x3b }, { 0xb6,0x70,0xd5,0x32 },
+ { 0xa1,0x6d,0xc7,0x29 }, { 0xac,0x66,0xc9,0x20 },
+ { 0x8f,0x57,0xe3,0x1f }, { 0x82,0x5c,0xed,0x16 },
+ { 0x95,0x41,0xff,0x0d }, { 0x98,0x4a,0xf1,0x04 },
+ { 0xd3,0x23,0xab,0x73 }, { 0xde,0x28,0xa5,0x7a },
+ { 0xc9,0x35,0xb7,0x61 }, { 0xc4,0x3e,0xb9,0x68 },
+ { 0xe7,0x0f,0x93,0x57 }, { 0xea,0x04,0x9d,0x5e },
+ { 0xfd,0x19,0x8f,0x45 }, { 0xf0,0x12,0x81,0x4c },
+ { 0x6b,0xcb,0x3b,0xab }, { 0x66,0xc0,0x35,0xa2 },
+ { 0x71,0xdd,0x27,0xb9 }, { 0x7c,0xd6,0x29,0xb0 },
+ { 0x5f,0xe7,0x03,0x8f }, { 0x52,0xec,0x0d,0x86 },
+ { 0x45,0xf1,0x1f,0x9d }, { 0x48,0xfa,0x11,0x94 },
+ { 0x03,0x93,0x4b,0xe3 }, { 0x0e,0x98,0x45,0xea },
+ { 0x19,0x85,0x57,0xf1 }, { 0x14,0x8e,0x59,0xf8 },
+ { 0x37,0xbf,0x73,0xc7 }, { 0x3a,0xb4,0x7d,0xce },
+ { 0x2d,0xa9,0x6f,0xd5 }, { 0x20,0xa2,0x61,0xdc },
+ { 0x6d,0xf6,0xad,0x76 }, { 0x60,0xfd,0xa3,0x7f },
+ { 0x77,0xe0,0xb1,0x64 }, { 0x7a,0xeb,0xbf,0x6d },
+ { 0x59,0xda,0x95,0x52 }, { 0x54,0xd1,0x9b,0x5b },
+ { 0x43,0xcc,0x89,0x40 }, { 0x4e,0xc7,0x87,0x49 },
+ { 0x05,0xae,0xdd,0x3e }, { 0x08,0xa5,0xd3,0x37 },
+ { 0x1f,0xb8,0xc1,0x2c }, { 0x12,0xb3,0xcf,0x25 },
+ { 0x31,0x82,0xe5,0x1a }, { 0x3c,0x89,0xeb,0x13 },
+ { 0x2b,0x94,0xf9,0x08 }, { 0x26,0x9f,0xf7,0x01 },
+ { 0xbd,0x46,0x4d,0xe6 }, { 0xb0,0x4d,0x43,0xef },
+ { 0xa7,0x50,0x51,0xf4 }, { 0xaa,0x5b,0x5f,0xfd },
+ { 0x89,0x6a,0x75,0xc2 }, { 0x84,0x61,0x7b,0xcb },
+ { 0x93,0x7c,0x69,0xd0 }, { 0x9e,0x77,0x67,0xd9 },
+ { 0xd5,0x1e,0x3d,0xae }, { 0xd8,0x15,0x33,0xa7 },
+ { 0xcf,0x08,0x21,0xbc }, { 0xc2,0x03,0x2f,0xb5 },
+ { 0xe1,0x32,0x05,0x8a }, { 0xec,0x39,0x0b,0x83 },
+ { 0xfb,0x24,0x19,0x98 }, { 0xf6,0x2f,0x17,0x91 },
+ { 0xd6,0x8d,0x76,0x4d }, { 0xdb,0x86,0x78,0x44 },
+ { 0xcc,0x9b,0x6a,0x5f }, { 0xc1,0x90,0x64,0x56 },
+ { 0xe2,0xa1,0x4e,0x69 }, { 0xef,0xaa,0x40,0x60 },
+ { 0xf8,0xb7,0x52,0x7b }, { 0xf5,0xbc,0x5c,0x72 },
+ { 0xbe,0xd5,0x06,0x05 }, { 0xb3,0xde,0x08,0x0c },
+ { 0xa4,0xc3,0x1a,0x17 }, { 0xa9,0xc8,0x14,0x1e },
+ { 0x8a,0xf9,0x3e,0x21 }, { 0x87,0xf2,0x30,0x28 },
+ { 0x90,0xef,0x22,0x33 }, { 0x9d,0xe4,0x2c,0x3a },
+ { 0x06,0x3d,0x96,0xdd }, { 0x0b,0x36,0x98,0xd4 },
+ { 0x1c,0x2b,0x8a,0xcf }, { 0x11,0x20,0x84,0xc6 },
+ { 0x32,0x11,0xae,0xf9 }, { 0x3f,0x1a,0xa0,0xf0 },
+ { 0x28,0x07,0xb2,0xeb }, { 0x25,0x0c,0xbc,0xe2 },
+ { 0x6e,0x65,0xe6,0x95 }, { 0x63,0x6e,0xe8,0x9c },
+ { 0x74,0x73,0xfa,0x87 }, { 0x79,0x78,0xf4,0x8e },
+ { 0x5a,0x49,0xde,0xb1 }, { 0x57,0x42,0xd0,0xb8 },
+ { 0x40,0x5f,0xc2,0xa3 }, { 0x4d,0x54,0xcc,0xaa },
+ { 0xda,0xf7,0x41,0xec }, { 0xd7,0xfc,0x4f,0xe5 },
+ { 0xc0,0xe1,0x5d,0xfe }, { 0xcd,0xea,0x53,0xf7 },
+ { 0xee,0xdb,0x79,0xc8 }, { 0xe3,0xd0,0x77,0xc1 },
+ { 0xf4,0xcd,0x65,0xda }, { 0xf9,0xc6,0x6b,0xd3 },
+ { 0xb2,0xaf,0x31,0xa4 }, { 0xbf,0xa4,0x3f,0xad },
+ { 0xa8,0xb9,0x2d,0xb6 }, { 0xa5,0xb2,0x23,0xbf },
+ { 0x86,0x83,0x09,0x80 }, { 0x8b,0x88,0x07,0x89 },
+ { 0x9c,0x95,0x15,0x92 }, { 0x91,0x9e,0x1b,0x9b },
+ { 0x0a,0x47,0xa1,0x7c }, { 0x07,0x4c,0xaf,0x75 },
+ { 0x10,0x51,0xbd,0x6e }, { 0x1d,0x5a,0xb3,0x67 },
+ { 0x3e,0x6b,0x99,0x58 }, { 0x33,0x60,0x97,0x51 },
+ { 0x24,0x7d,0x85,0x4a }, { 0x29,0x76,0x8b,0x43 },
+ { 0x62,0x1f,0xd1,0x34 }, { 0x6f,0x14,0xdf,0x3d },
+ { 0x78,0x09,0xcd,0x26 }, { 0x75,0x02,0xc3,0x2f },
+ { 0x56,0x33,0xe9,0x10 }, { 0x5b,0x38,0xe7,0x19 },
+ { 0x4c,0x25,0xf5,0x02 }, { 0x41,0x2e,0xfb,0x0b },
+ { 0x61,0x8c,0x9a,0xd7 }, { 0x6c,0x87,0x94,0xde },
+ { 0x7b,0x9a,0x86,0xc5 }, { 0x76,0x91,0x88,0xcc },
+ { 0x55,0xa0,0xa2,0xf3 }, { 0x58,0xab,0xac,0xfa },
+ { 0x4f,0xb6,0xbe,0xe1 }, { 0x42,0xbd,0xb0,0xe8 },
+ { 0x09,0xd4,0xea,0x9f }, { 0x04,0xdf,0xe4,0x96 },
+ { 0x13,0xc2,0xf6,0x8d }, { 0x1e,0xc9,0xf8,0x84 },
+ { 0x3d,0xf8,0xd2,0xbb }, { 0x30,0xf3,0xdc,0xb2 },
+ { 0x27,0xee,0xce,0xa9 }, { 0x2a,0xe5,0xc0,0xa0 },
+ { 0xb1,0x3c,0x7a,0x47 }, { 0xbc,0x37,0x74,0x4e },
+ { 0xab,0x2a,0x66,0x55 }, { 0xa6,0x21,0x68,0x5c },
+ { 0x85,0x10,0x42,0x63 }, { 0x88,0x1b,0x4c,0x6a },
+ { 0x9f,0x06,0x5e,0x71 }, { 0x92,0x0d,0x50,0x78 },
+ { 0xd9,0x64,0x0a,0x0f }, { 0xd4,0x6f,0x04,0x06 },
+ { 0xc3,0x72,0x16,0x1d }, { 0xce,0x79,0x18,0x14 },
+ { 0xed,0x48,0x32,0x2b }, { 0xe0,0x43,0x3c,0x22 },
+ { 0xf7,0x5e,0x2e,0x39 }, { 0xfa,0x55,0x20,0x30 },
+ { 0xb7,0x01,0xec,0x9a }, { 0xba,0x0a,0xe2,0x93 },
+ { 0xad,0x17,0xf0,0x88 }, { 0xa0,0x1c,0xfe,0x81 },
+ { 0x83,0x2d,0xd4,0xbe }, { 0x8e,0x26,0xda,0xb7 },
+ { 0x99,0x3b,0xc8,0xac }, { 0x94,0x30,0xc6,0xa5 },
+ { 0xdf,0x59,0x9c,0xd2 }, { 0xd2,0x52,0x92,0xdb },
+ { 0xc5,0x4f,0x80,0xc0 }, { 0xc8,0x44,0x8e,0xc9 },
+ { 0xeb,0x75,0xa4,0xf6 }, { 0xe6,0x7e,0xaa,0xff },
+ { 0xf1,0x63,0xb8,0xe4 }, { 0xfc,0x68,0xb6,0xed },
+ { 0x67,0xb1,0x0c,0x0a }, { 0x6a,0xba,0x02,0x03 },
+ { 0x7d,0xa7,0x10,0x18 }, { 0x70,0xac,0x1e,0x11 },
+ { 0x53,0x9d,0x34,0x2e }, { 0x5e,0x96,0x3a,0x27 },
+ { 0x49,0x8b,0x28,0x3c }, { 0x44,0x80,0x26,0x35 },
+ { 0x0f,0xe9,0x7c,0x42 }, { 0x02,0xe2,0x72,0x4b },
+ { 0x15,0xff,0x60,0x50 }, { 0x18,0xf4,0x6e,0x59 },
+ { 0x3b,0xc5,0x44,0x66 }, { 0x36,0xce,0x4a,0x6f },
+ { 0x21,0xd3,0x58,0x74 }, { 0x2c,0xd8,0x56,0x7d },
+ { 0x0c,0x7a,0x37,0xa1 }, { 0x01,0x71,0x39,0xa8 },
+ { 0x16,0x6c,0x2b,0xb3 }, { 0x1b,0x67,0x25,0xba },
+ { 0x38,0x56,0x0f,0x85 }, { 0x35,0x5d,0x01,0x8c },
+ { 0x22,0x40,0x13,0x97 }, { 0x2f,0x4b,0x1d,0x9e },
+ { 0x64,0x22,0x47,0xe9 }, { 0x69,0x29,0x49,0xe0 },
+ { 0x7e,0x34,0x5b,0xfb }, { 0x73,0x3f,0x55,0xf2 },
+ { 0x50,0x0e,0x7f,0xcd }, { 0x5d,0x05,0x71,0xc4 },
+ { 0x4a,0x18,0x63,0xdf }, { 0x47,0x13,0x6d,0xd6 },
+ { 0xdc,0xca,0xd7,0x31 }, { 0xd1,0xc1,0xd9,0x38 },
+ { 0xc6,0xdc,0xcb,0x23 }, { 0xcb,0xd7,0xc5,0x2a },
+ { 0xe8,0xe6,0xef,0x15 }, { 0xe5,0xed,0xe1,0x1c },
+ { 0xf2,0xf0,0xf3,0x07 }, { 0xff,0xfb,0xfd,0x0e },
+ { 0xb4,0x92,0xa7,0x79 }, { 0xb9,0x99,0xa9,0x70 },
+ { 0xae,0x84,0xbb,0x6b }, { 0xa3,0x8f,0xb5,0x62 },
+ { 0x80,0xbe,0x9f,0x5d }, { 0x8d,0xb5,0x91,0x54 },
+ { 0x9a,0xa8,0x83,0x4f }, { 0x97,0xa3,0x8d,0x46 }
+ };
+
+static const unsigned char U4[256][4] =
+ {
+ { 0x00,0x00,0x00,0x00 }, { 0x09,0x0d,0x0b,0x0e },
+ { 0x12,0x1a,0x16,0x1c }, { 0x1b,0x17,0x1d,0x12 },
+ { 0x24,0x34,0x2c,0x38 }, { 0x2d,0x39,0x27,0x36 },
+ { 0x36,0x2e,0x3a,0x24 }, { 0x3f,0x23,0x31,0x2a },
+ { 0x48,0x68,0x58,0x70 }, { 0x41,0x65,0x53,0x7e },
+ { 0x5a,0x72,0x4e,0x6c }, { 0x53,0x7f,0x45,0x62 },
+ { 0x6c,0x5c,0x74,0x48 }, { 0x65,0x51,0x7f,0x46 },
+ { 0x7e,0x46,0x62,0x54 }, { 0x77,0x4b,0x69,0x5a },
+ { 0x90,0xd0,0xb0,0xe0 }, { 0x99,0xdd,0xbb,0xee },
+ { 0x82,0xca,0xa6,0xfc }, { 0x8b,0xc7,0xad,0xf2 },
+ { 0xb4,0xe4,0x9c,0xd8 }, { 0xbd,0xe9,0x97,0xd6 },
+ { 0xa6,0xfe,0x8a,0xc4 }, { 0xaf,0xf3,0x81,0xca },
+ { 0xd8,0xb8,0xe8,0x90 }, { 0xd1,0xb5,0xe3,0x9e },
+ { 0xca,0xa2,0xfe,0x8c }, { 0xc3,0xaf,0xf5,0x82 },
+ { 0xfc,0x8c,0xc4,0xa8 }, { 0xf5,0x81,0xcf,0xa6 },
+ { 0xee,0x96,0xd2,0xb4 }, { 0xe7,0x9b,0xd9,0xba },
+ { 0x3b,0xbb,0x7b,0xdb }, { 0x32,0xb6,0x70,0xd5 },
+ { 0x29,0xa1,0x6d,0xc7 }, { 0x20,0xac,0x66,0xc9 },
+ { 0x1f,0x8f,0x57,0xe3 }, { 0x16,0x82,0x5c,0xed },
+ { 0x0d,0x95,0x41,0xff }, { 0x04,0x98,0x4a,0xf1 },
+ { 0x73,0xd3,0x23,0xab }, { 0x7a,0xde,0x28,0xa5 },
+ { 0x61,0xc9,0x35,0xb7 }, { 0x68,0xc4,0x3e,0xb9 },
+ { 0x57,0xe7,0x0f,0x93 }, { 0x5e,0xea,0x04,0x9d },
+ { 0x45,0xfd,0x19,0x8f }, { 0x4c,0xf0,0x12,0x81 },
+ { 0xab,0x6b,0xcb,0x3b }, { 0xa2,0x66,0xc0,0x35 },
+ { 0xb9,0x71,0xdd,0x27 }, { 0xb0,0x7c,0xd6,0x29 },
+ { 0x8f,0x5f,0xe7,0x03 }, { 0x86,0x52,0xec,0x0d },
+ { 0x9d,0x45,0xf1,0x1f }, { 0x94,0x48,0xfa,0x11 },
+ { 0xe3,0x03,0x93,0x4b }, { 0xea,0x0e,0x98,0x45 },
+ { 0xf1,0x19,0x85,0x57 }, { 0xf8,0x14,0x8e,0x59 },
+ { 0xc7,0x37,0xbf,0x73 }, { 0xce,0x3a,0xb4,0x7d },
+ { 0xd5,0x2d,0xa9,0x6f }, { 0xdc,0x20,0xa2,0x61 },
+ { 0x76,0x6d,0xf6,0xad }, { 0x7f,0x60,0xfd,0xa3 },
+ { 0x64,0x77,0xe0,0xb1 }, { 0x6d,0x7a,0xeb,0xbf },
+ { 0x52,0x59,0xda,0x95 }, { 0x5b,0x54,0xd1,0x9b },
+ { 0x40,0x43,0xcc,0x89 }, { 0x49,0x4e,0xc7,0x87 },
+ { 0x3e,0x05,0xae,0xdd }, { 0x37,0x08,0xa5,0xd3 },
+ { 0x2c,0x1f,0xb8,0xc1 }, { 0x25,0x12,0xb3,0xcf },
+ { 0x1a,0x31,0x82,0xe5 }, { 0x13,0x3c,0x89,0xeb },
+ { 0x08,0x2b,0x94,0xf9 }, { 0x01,0x26,0x9f,0xf7 },
+ { 0xe6,0xbd,0x46,0x4d }, { 0xef,0xb0,0x4d,0x43 },
+ { 0xf4,0xa7,0x50,0x51 }, { 0xfd,0xaa,0x5b,0x5f },
+ { 0xc2,0x89,0x6a,0x75 }, { 0xcb,0x84,0x61,0x7b },
+ { 0xd0,0x93,0x7c,0x69 }, { 0xd9,0x9e,0x77,0x67 },
+ { 0xae,0xd5,0x1e,0x3d }, { 0xa7,0xd8,0x15,0x33 },
+ { 0xbc,0xcf,0x08,0x21 }, { 0xb5,0xc2,0x03,0x2f },
+ { 0x8a,0xe1,0x32,0x05 }, { 0x83,0xec,0x39,0x0b },
+ { 0x98,0xfb,0x24,0x19 }, { 0x91,0xf6,0x2f,0x17 },
+ { 0x4d,0xd6,0x8d,0x76 }, { 0x44,0xdb,0x86,0x78 },
+ { 0x5f,0xcc,0x9b,0x6a }, { 0x56,0xc1,0x90,0x64 },
+ { 0x69,0xe2,0xa1,0x4e }, { 0x60,0xef,0xaa,0x40 },
+ { 0x7b,0xf8,0xb7,0x52 }, { 0x72,0xf5,0xbc,0x5c },
+ { 0x05,0xbe,0xd5,0x06 }, { 0x0c,0xb3,0xde,0x08 },
+ { 0x17,0xa4,0xc3,0x1a }, { 0x1e,0xa9,0xc8,0x14 },
+ { 0x21,0x8a,0xf9,0x3e }, { 0x28,0x87,0xf2,0x30 },
+ { 0x33,0x90,0xef,0x22 }, { 0x3a,0x9d,0xe4,0x2c },
+ { 0xdd,0x06,0x3d,0x96 }, { 0xd4,0x0b,0x36,0x98 },
+ { 0xcf,0x1c,0x2b,0x8a }, { 0xc6,0x11,0x20,0x84 },
+ { 0xf9,0x32,0x11,0xae }, { 0xf0,0x3f,0x1a,0xa0 },
+ { 0xeb,0x28,0x07,0xb2 }, { 0xe2,0x25,0x0c,0xbc },
+ { 0x95,0x6e,0x65,0xe6 }, { 0x9c,0x63,0x6e,0xe8 },
+ { 0x87,0x74,0x73,0xfa }, { 0x8e,0x79,0x78,0xf4 },
+ { 0xb1,0x5a,0x49,0xde }, { 0xb8,0x57,0x42,0xd0 },
+ { 0xa3,0x40,0x5f,0xc2 }, { 0xaa,0x4d,0x54,0xcc },
+ { 0xec,0xda,0xf7,0x41 }, { 0xe5,0xd7,0xfc,0x4f },
+ { 0xfe,0xc0,0xe1,0x5d }, { 0xf7,0xcd,0xea,0x53 },
+ { 0xc8,0xee,0xdb,0x79 }, { 0xc1,0xe3,0xd0,0x77 },
+ { 0xda,0xf4,0xcd,0x65 }, { 0xd3,0xf9,0xc6,0x6b },
+ { 0xa4,0xb2,0xaf,0x31 }, { 0xad,0xbf,0xa4,0x3f },
+ { 0xb6,0xa8,0xb9,0x2d }, { 0xbf,0xa5,0xb2,0x23 },
+ { 0x80,0x86,0x83,0x09 }, { 0x89,0x8b,0x88,0x07 },
+ { 0x92,0x9c,0x95,0x15 }, { 0x9b,0x91,0x9e,0x1b },
+ { 0x7c,0x0a,0x47,0xa1 }, { 0x75,0x07,0x4c,0xaf },
+ { 0x6e,0x10,0x51,0xbd }, { 0x67,0x1d,0x5a,0xb3 },
+ { 0x58,0x3e,0x6b,0x99 }, { 0x51,0x33,0x60,0x97 },
+ { 0x4a,0x24,0x7d,0x85 }, { 0x43,0x29,0x76,0x8b },
+ { 0x34,0x62,0x1f,0xd1 }, { 0x3d,0x6f,0x14,0xdf },
+ { 0x26,0x78,0x09,0xcd }, { 0x2f,0x75,0x02,0xc3 },
+ { 0x10,0x56,0x33,0xe9 }, { 0x19,0x5b,0x38,0xe7 },
+ { 0x02,0x4c,0x25,0xf5 }, { 0x0b,0x41,0x2e,0xfb },
+ { 0xd7,0x61,0x8c,0x9a }, { 0xde,0x6c,0x87,0x94 },
+ { 0xc5,0x7b,0x9a,0x86 }, { 0xcc,0x76,0x91,0x88 },
+ { 0xf3,0x55,0xa0,0xa2 }, { 0xfa,0x58,0xab,0xac },
+ { 0xe1,0x4f,0xb6,0xbe }, { 0xe8,0x42,0xbd,0xb0 },
+ { 0x9f,0x09,0xd4,0xea }, { 0x96,0x04,0xdf,0xe4 },
+ { 0x8d,0x13,0xc2,0xf6 }, { 0x84,0x1e,0xc9,0xf8 },
+ { 0xbb,0x3d,0xf8,0xd2 }, { 0xb2,0x30,0xf3,0xdc },
+ { 0xa9,0x27,0xee,0xce }, { 0xa0,0x2a,0xe5,0xc0 },
+ { 0x47,0xb1,0x3c,0x7a }, { 0x4e,0xbc,0x37,0x74 },
+ { 0x55,0xab,0x2a,0x66 }, { 0x5c,0xa6,0x21,0x68 },
+ { 0x63,0x85,0x10,0x42 }, { 0x6a,0x88,0x1b,0x4c },
+ { 0x71,0x9f,0x06,0x5e }, { 0x78,0x92,0x0d,0x50 },
+ { 0x0f,0xd9,0x64,0x0a }, { 0x06,0xd4,0x6f,0x04 },
+ { 0x1d,0xc3,0x72,0x16 }, { 0x14,0xce,0x79,0x18 },
+ { 0x2b,0xed,0x48,0x32 }, { 0x22,0xe0,0x43,0x3c },
+ { 0x39,0xf7,0x5e,0x2e }, { 0x30,0xfa,0x55,0x20 },
+ { 0x9a,0xb7,0x01,0xec }, { 0x93,0xba,0x0a,0xe2 },
+ { 0x88,0xad,0x17,0xf0 }, { 0x81,0xa0,0x1c,0xfe },
+ { 0xbe,0x83,0x2d,0xd4 }, { 0xb7,0x8e,0x26,0xda },
+ { 0xac,0x99,0x3b,0xc8 }, { 0xa5,0x94,0x30,0xc6 },
+ { 0xd2,0xdf,0x59,0x9c }, { 0xdb,0xd2,0x52,0x92 },
+ { 0xc0,0xc5,0x4f,0x80 }, { 0xc9,0xc8,0x44,0x8e },
+ { 0xf6,0xeb,0x75,0xa4 }, { 0xff,0xe6,0x7e,0xaa },
+ { 0xe4,0xf1,0x63,0xb8 }, { 0xed,0xfc,0x68,0xb6 },
+ { 0x0a,0x67,0xb1,0x0c }, { 0x03,0x6a,0xba,0x02 },
+ { 0x18,0x7d,0xa7,0x10 }, { 0x11,0x70,0xac,0x1e },
+ { 0x2e,0x53,0x9d,0x34 }, { 0x27,0x5e,0x96,0x3a },
+ { 0x3c,0x49,0x8b,0x28 }, { 0x35,0x44,0x80,0x26 },
+ { 0x42,0x0f,0xe9,0x7c }, { 0x4b,0x02,0xe2,0x72 },
+ { 0x50,0x15,0xff,0x60 }, { 0x59,0x18,0xf4,0x6e },
+ { 0x66,0x3b,0xc5,0x44 }, { 0x6f,0x36,0xce,0x4a },
+ { 0x74,0x21,0xd3,0x58 }, { 0x7d,0x2c,0xd8,0x56 },
+ { 0xa1,0x0c,0x7a,0x37 }, { 0xa8,0x01,0x71,0x39 },
+ { 0xb3,0x16,0x6c,0x2b }, { 0xba,0x1b,0x67,0x25 },
+ { 0x85,0x38,0x56,0x0f }, { 0x8c,0x35,0x5d,0x01 },
+ { 0x97,0x22,0x40,0x13 }, { 0x9e,0x2f,0x4b,0x1d },
+ { 0xe9,0x64,0x22,0x47 }, { 0xe0,0x69,0x29,0x49 },
+ { 0xfb,0x7e,0x34,0x5b }, { 0xf2,0x73,0x3f,0x55 },
+ { 0xcd,0x50,0x0e,0x7f }, { 0xc4,0x5d,0x05,0x71 },
+ { 0xdf,0x4a,0x18,0x63 }, { 0xd6,0x47,0x13,0x6d },
+ { 0x31,0xdc,0xca,0xd7 }, { 0x38,0xd1,0xc1,0xd9 },
+ { 0x23,0xc6,0xdc,0xcb }, { 0x2a,0xcb,0xd7,0xc5 },
+ { 0x15,0xe8,0xe6,0xef }, { 0x1c,0xe5,0xed,0xe1 },
+ { 0x07,0xf2,0xf0,0xf3 }, { 0x0e,0xff,0xfb,0xfd },
+ { 0x79,0xb4,0x92,0xa7 }, { 0x70,0xb9,0x99,0xa9 },
+ { 0x6b,0xae,0x84,0xbb }, { 0x62,0xa3,0x8f,0xb5 },
+ { 0x5d,0x80,0xbe,0x9f }, { 0x54,0x8d,0xb5,0x91 },
+ { 0x4f,0x9a,0xa8,0x83 }, { 0x46,0x97,0xa3,0x8d }
+ };
+
+static const u32 rcon[30] =
+ {
+ 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c,
+ 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35,
+ 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91
+ };
+
diff --git a/grub-core/lib/libgcrypt-grub/cipher/rijndael.c b/grub-core/lib/libgcrypt-grub/cipher/rijndael.c
new file mode 100644
index 0000000..557b3be
--- /dev/null
+++ b/grub-core/lib/libgcrypt-grub/cipher/rijndael.c
@@ -0,0 +1,767 @@
+/* This file was automatically imported with
+ import_gcry.py. Please don't modify it */
+#include <grub/dl.h>
+GRUB_MOD_LICENSE ("GPLv3+");
+/* Rijndael (AES) for GnuPG
+ * Copyright (C) 2000, 2001, 2002, 2003, 2007,
+ * 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ *******************************************************************
+ * The code here is based on the optimized implementation taken from
+ * http://www.esat.kuleuven.ac.be/~rijmen/rijndael/ on Oct 2, 2000,
+ * which carries this notice:
+ *------------------------------------------
+ * rijndael-alg-fst.c v2.3 April '2000
+ *
+ * Optimised ANSI C code
+ *
+ * authors: v1.0: Antoon Bosselaers
+ * v2.0: Vincent Rijmen
+ * v2.3: Paulo Barreto
+ *
+ * This code is placed in the public domain.
+ *------------------------------------------
+ *
+ * The SP800-38a document is available at:
+ * http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
+ *
+ */
+
+
+#include "types.h" /* for byte and u32 typedefs */
+#include "g10lib.h"
+#include "cipher.h"
+
+#define MAXKC (256/32)
+#define MAXROUNDS 14
+#define BLOCKSIZE (128/8)
+
+
+/* USE_PADLOCK indicates whether to compile the padlock specific
+ code. */
+#undef USE_PADLOCK
+#ifdef ENABLE_PADLOCK_SUPPORT
+# if defined (__i386__) && SIZEOF_UNSIGNED_LONG == 4 && defined (__GNUC__)
+# define USE_PADLOCK
+# endif
+#endif /*ENABLE_PADLOCK_SUPPORT*/
+
+
+typedef struct
+{
+ int ROUNDS; /* Key-length-dependent number of rounds. */
+ int decryption_prepared; /* The decryption key schedule is available. */
+#ifdef USE_PADLOCK
+ int use_padlock; /* Padlock shall be used. */
+ /* The key as passed to the padlock engine. */
+ unsigned char padlock_key[16] __attribute__ ((aligned (16)));
+#endif
+ union
+ {
+ PROPERLY_ALIGNED_TYPE dummy;
+ byte keyschedule[MAXROUNDS+1][4][4];
+ } u1;
+ union
+ {
+ PROPERLY_ALIGNED_TYPE dummy;
+ byte keyschedule[MAXROUNDS+1][4][4];
+ } u2;
+} RIJNDAEL_context;
+
+#define keySched u1.keyschedule
+#define keySched2 u2.keyschedule
+
+/* All the numbers. */
+#include "rijndael-tables.h"
+
+
+/* Perform the key setup. */
+static gcry_err_code_t
+do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen)
+{
+ static int initialized = 0;
+ static const char *selftest_failed=0;
+ int ROUNDS;
+ int i,j, r, t, rconpointer = 0;
+ int KC;
+ union
+ {
+ PROPERLY_ALIGNED_TYPE dummy;
+ byte k[MAXKC][4];
+ } k;
+#define k k.k
+ union
+ {
+ PROPERLY_ALIGNED_TYPE dummy;
+ byte tk[MAXKC][4];
+ } tk;
+#define tk tk.tk
+
+ /* The on-the-fly self tests are only run in non-fips mode. In fips
+ mode explicit self-tests are required. Actually the on-the-fly
+ self-tests are not fully thread-safe and it might happen that a
+ failed self-test won't get noticed in another thread.
+
+ FIXME: We might want to have a central registry of succeeded
+ self-tests. */
+ if (!fips_mode () && !initialized)
+ {
+ initialized = 1;
+ selftest_failed = selftest ();
+ if (selftest_failed)
+ log_error ("%s\n", selftest_failed );
+ }
+ if (selftest_failed)
+ return GPG_ERR_SELFTEST_FAILED;
+
+ ctx->decryption_prepared = 0;
+#ifdef USE_PADLOCK
+ ctx->use_padlock = 0;
+#endif
+
+ if( keylen == 128/8 )
+ {
+ ROUNDS = 10;
+ KC = 4;
+#ifdef USE_PADLOCK
+ if ((_gcry_get_hw_features () & HWF_PADLOCK_AES))
+ {
+ ctx->use_padlock = 1;
+ memcpy (ctx->padlock_key, key, keylen);
+ }
+#endif
+ }
+ else if ( keylen == 192/8 )
+ {
+ ROUNDS = 12;
+ KC = 6;
+ }
+ else if ( keylen == 256/8 )
+ {
+ ROUNDS = 14;
+ KC = 8;
+ }
+ else
+ return GPG_ERR_INV_KEYLEN;
+
+ ctx->ROUNDS = ROUNDS;
+
+#ifdef USE_PADLOCK
+ if (ctx->use_padlock)
+ {
+ /* Nothing to do as we support only hardware key generation for
+ now. */
+ }
+ else
+#endif /*USE_PADLOCK*/
+ {
+#define W (ctx->keySched)
+ for (i = 0; i < keylen; i++)
+ {
+ k[i >> 2][i & 3] = key[i];
+ }
+
+ for (j = KC-1; j >= 0; j--)
+ {
+ *((u32*)tk[j]) = *((u32*)k[j]);
+ }
+ r = 0;
+ t = 0;
+ /* Copy values into round key array. */
+ for (j = 0; (j < KC) && (r < ROUNDS + 1); )
+ {
+ for (; (j < KC) && (t < 4); j++, t++)
+ {
+ *((u32*)W[r][t]) = *((u32*)tk[j]);
+ }
+ if (t == 4)
+ {
+ r++;
+ t = 0;
+ }
+ }
+
+ while (r < ROUNDS + 1)
+ {
+ /* While not enough round key material calculated calculate
+ new values. */
+ tk[0][0] ^= S[tk[KC-1][1]];
+ tk[0][1] ^= S[tk[KC-1][2]];
+ tk[0][2] ^= S[tk[KC-1][3]];
+ tk[0][3] ^= S[tk[KC-1][0]];
+ tk[0][0] ^= rcon[rconpointer++];
+
+ if (KC != 8)
+ {
+ for (j = 1; j < KC; j++)
+ {
+ *((u32*)tk[j]) ^= *((u32*)tk[j-1]);
+ }
+ }
+ else
+ {
+ for (j = 1; j < KC/2; j++)
+ {
+ *((u32*)tk[j]) ^= *((u32*)tk[j-1]);
+ }
+ tk[KC/2][0] ^= S[tk[KC/2 - 1][0]];
+ tk[KC/2][1] ^= S[tk[KC/2 - 1][1]];
+ tk[KC/2][2] ^= S[tk[KC/2 - 1][2]];
+ tk[KC/2][3] ^= S[tk[KC/2 - 1][3]];
+ for (j = KC/2 + 1; j < KC; j++)
+ {
+ *((u32*)tk[j]) ^= *((u32*)tk[j-1]);
+ }
+ }
+
+ /* Copy values into round key array. */
+ for (j = 0; (j < KC) && (r < ROUNDS + 1); )
+ {
+ for (; (j < KC) && (t < 4); j++, t++)
+ {
+ *((u32*)W[r][t]) = *((u32*)tk[j]);
+ }
+ if (t == 4)
+ {
+ r++;
+ t = 0;
+ }
+ }
+ }
+#undef W
+ }
+
+ return 0;
+#undef tk
+#undef k
+}
+
+
+static gcry_err_code_t
+rijndael_setkey (void *context, const byte *key, const unsigned keylen)
+{
+ RIJNDAEL_context *ctx = context;
+
+ int rc = do_setkey (ctx, key, keylen);
+ _gcry_burn_stack ( 100 + 16*sizeof(int));
+ return rc;
+}
+
+
+/* Make a decryption key from an encryption key. */
+static void
+prepare_decryption( RIJNDAEL_context *ctx )
+{
+ int r;
+ union
+ {
+ PROPERLY_ALIGNED_TYPE dummy;
+ byte *w;
+ } w;
+#define w w.w
+
+ for (r=0; r < MAXROUNDS+1; r++ )
+ {
+ *((u32*)ctx->keySched2[r][0]) = *((u32*)ctx->keySched[r][0]);
+ *((u32*)ctx->keySched2[r][1]) = *((u32*)ctx->keySched[r][1]);
+ *((u32*)ctx->keySched2[r][2]) = *((u32*)ctx->keySched[r][2]);
+ *((u32*)ctx->keySched2[r][3]) = *((u32*)ctx->keySched[r][3]);
+ }
+#define W (ctx->keySched2)
+ for (r = 1; r < ctx->ROUNDS; r++)
+ {
+ w = W[r][0];
+ *((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]])
+ ^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]);
+
+ w = W[r][1];
+ *((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]])
+ ^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]);
+
+ w = W[r][2];
+ *((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]])
+ ^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]);
+
+ w = W[r][3];
+ *((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]])
+ ^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]);
+ }
+#undef W
+#undef w
+}
+
+
+
+/* Encrypt one block. A and B need to be aligned on a 4 byte
+ boundary. A and B may be the same. */
+static void
+do_encrypt_aligned (const RIJNDAEL_context *ctx,
+ unsigned char *b, const unsigned char *a)
+{
+#define rk (ctx->keySched)
+ int ROUNDS = ctx->ROUNDS;
+ int r;
+ union
+ {
+ u32 tempu32[4]; /* Force correct alignment. */
+ byte temp[4][4];
+ } u;
+
+ *((u32*)u.temp[0]) = *((u32*)(a )) ^ *((u32*)rk[0][0]);
+ *((u32*)u.temp[1]) = *((u32*)(a+ 4)) ^ *((u32*)rk[0][1]);
+ *((u32*)u.temp[2]) = *((u32*)(a+ 8)) ^ *((u32*)rk[0][2]);
+ *((u32*)u.temp[3]) = *((u32*)(a+12)) ^ *((u32*)rk[0][3]);
+ *((u32*)(b )) = (*((u32*)T1[u.temp[0][0]])
+ ^ *((u32*)T2[u.temp[1][1]])
+ ^ *((u32*)T3[u.temp[2][2]])
+ ^ *((u32*)T4[u.temp[3][3]]));
+ *((u32*)(b + 4)) = (*((u32*)T1[u.temp[1][0]])
+ ^ *((u32*)T2[u.temp[2][1]])
+ ^ *((u32*)T3[u.temp[3][2]])
+ ^ *((u32*)T4[u.temp[0][3]]));
+ *((u32*)(b + 8)) = (*((u32*)T1[u.temp[2][0]])
+ ^ *((u32*)T2[u.temp[3][1]])
+ ^ *((u32*)T3[u.temp[0][2]])
+ ^ *((u32*)T4[u.temp[1][3]]));
+ *((u32*)(b +12)) = (*((u32*)T1[u.temp[3][0]])
+ ^ *((u32*)T2[u.temp[0][1]])
+ ^ *((u32*)T3[u.temp[1][2]])
+ ^ *((u32*)T4[u.temp[2][3]]));
+
+ for (r = 1; r < ROUNDS-1; r++)
+ {
+ *((u32*)u.temp[0]) = *((u32*)(b )) ^ *((u32*)rk[r][0]);
+ *((u32*)u.temp[1]) = *((u32*)(b+ 4)) ^ *((u32*)rk[r][1]);
+ *((u32*)u.temp[2]) = *((u32*)(b+ 8)) ^ *((u32*)rk[r][2]);
+ *((u32*)u.temp[3]) = *((u32*)(b+12)) ^ *((u32*)rk[r][3]);
+
+ *((u32*)(b )) = (*((u32*)T1[u.temp[0][0]])
+ ^ *((u32*)T2[u.temp[1][1]])
+ ^ *((u32*)T3[u.temp[2][2]])
+ ^ *((u32*)T4[u.temp[3][3]]));
+ *((u32*)(b + 4)) = (*((u32*)T1[u.temp[1][0]])
+ ^ *((u32*)T2[u.temp[2][1]])
+ ^ *((u32*)T3[u.temp[3][2]])
+ ^ *((u32*)T4[u.temp[0][3]]));
+ *((u32*)(b + 8)) = (*((u32*)T1[u.temp[2][0]])
+ ^ *((u32*)T2[u.temp[3][1]])
+ ^ *((u32*)T3[u.temp[0][2]])
+ ^ *((u32*)T4[u.temp[1][3]]));
+ *((u32*)(b +12)) = (*((u32*)T1[u.temp[3][0]])
+ ^ *((u32*)T2[u.temp[0][1]])
+ ^ *((u32*)T3[u.temp[1][2]])
+ ^ *((u32*)T4[u.temp[2][3]]));
+ }
+
+ /* Last round is special. */
+ *((u32*)u.temp[0]) = *((u32*)(b )) ^ *((u32*)rk[ROUNDS-1][0]);
+ *((u32*)u.temp[1]) = *((u32*)(b+ 4)) ^ *((u32*)rk[ROUNDS-1][1]);
+ *((u32*)u.temp[2]) = *((u32*)(b+ 8)) ^ *((u32*)rk[ROUNDS-1][2]);
+ *((u32*)u.temp[3]) = *((u32*)(b+12)) ^ *((u32*)rk[ROUNDS-1][3]);
+ b[ 0] = T1[u.temp[0][0]][1];
+ b[ 1] = T1[u.temp[1][1]][1];
+ b[ 2] = T1[u.temp[2][2]][1];
+ b[ 3] = T1[u.temp[3][3]][1];
+ b[ 4] = T1[u.temp[1][0]][1];
+ b[ 5] = T1[u.temp[2][1]][1];
+ b[ 6] = T1[u.temp[3][2]][1];
+ b[ 7] = T1[u.temp[0][3]][1];
+ b[ 8] = T1[u.temp[2][0]][1];
+ b[ 9] = T1[u.temp[3][1]][1];
+ b[10] = T1[u.temp[0][2]][1];
+ b[11] = T1[u.temp[1][3]][1];
+ b[12] = T1[u.temp[3][0]][1];
+ b[13] = T1[u.temp[0][1]][1];
+ b[14] = T1[u.temp[1][2]][1];
+ b[15] = T1[u.temp[2][3]][1];
+ *((u32*)(b )) ^= *((u32*)rk[ROUNDS][0]);
+ *((u32*)(b+ 4)) ^= *((u32*)rk[ROUNDS][1]);
+ *((u32*)(b+ 8)) ^= *((u32*)rk[ROUNDS][2]);
+ *((u32*)(b+12)) ^= *((u32*)rk[ROUNDS][3]);
+#undef rk
+}
+
+
+static void
+do_encrypt (const RIJNDAEL_context *ctx,
+ unsigned char *bx, const unsigned char *ax)
+{
+ /* BX and AX are not necessary correctly aligned. Thus we need to
+ copy them here. */
+ union
+ {
+ u32 dummy[4];
+ byte a[16];
+ } a;
+ union
+ {
+ u32 dummy[4];
+ byte b[16];
+ } b;
+
+ memcpy (a.a, ax, 16);
+ do_encrypt_aligned (ctx, b.b, a.a);
+ memcpy (bx, b.b, 16);
+}
+
+
+/* Encrypt or decrypt one block using the padlock engine. A and B may
+ be the same. */
+#ifdef USE_PADLOCK
+static void
+do_padlock (const RIJNDAEL_context *ctx, int decrypt_flag,
+ unsigned char *bx, const unsigned char *ax)
+{
+ /* BX and AX are not necessary correctly aligned. Thus we need to
+ copy them here. */
+ unsigned char a[16] __attribute__ ((aligned (16)));
+ unsigned char b[16] __attribute__ ((aligned (16)));
+ unsigned int cword[4] __attribute__ ((aligned (16)));
+
+ /* The control word fields are:
+ 127:12 11:10 9 8 7 6 5 4 3:0
+ RESERVED KSIZE CRYPT INTER KEYGN CIPHR ALIGN DGEST ROUND */
+ cword[0] = (ctx->ROUNDS & 15); /* (The mask is just a safeguard.) */
+ cword[1] = 0;
+ cword[2] = 0;
+ cword[3] = 0;
+ if (decrypt_flag)
+ cword[0] |= 0x00000200;
+
+ memcpy (a, ax, 16);
+
+ asm volatile
+ ("pushfl\n\t" /* Force key reload. */
+ "popfl\n\t"
+ "xchg %3, %%ebx\n\t" /* Load key. */
+ "movl $1, %%ecx\n\t" /* Init counter for just one block. */
+ ".byte 0xf3, 0x0f, 0xa7, 0xc8\n\t" /* REP XSTORE ECB. */
+ "xchg %3, %%ebx\n" /* Restore GOT register. */
+ : /* No output */
+ : "S" (a), "D" (b), "d" (cword), "r" (ctx->padlock_key)
+ : "%ecx", "cc", "memory"
+ );
+
+ memcpy (bx, b, 16);
+
+}
+#endif /*USE_PADLOCK*/
+
+
+static void
+rijndael_encrypt (void *context, byte *b, const byte *a)
+{
+ RIJNDAEL_context *ctx = context;
+
+#ifdef USE_PADLOCK
+ if (ctx->use_padlock)
+ {
+ do_padlock (ctx, 0, b, a);
+ _gcry_burn_stack (48 + 15 /* possible padding for alignment */);
+ }
+ else
+#endif /*USE_PADLOCK*/
+ {
+ do_encrypt (ctx, b, a);
+ _gcry_burn_stack (48 + 2*sizeof(int));
+ }
+}
+
+
+/* Bulk encryption of complete blocks in CFB mode. Caller needs to
+ make sure that IV is aligned on an unsigned long boundary. This
+ function is only intended for the bulk encryption feature of
+ cipher.c. */
+
+
+/* Bulk encryption of complete blocks in CBC mode. Caller needs to
+ make sure that IV is aligned on an unsigned long boundary. This
+ function is only intended for the bulk encryption feature of
+ cipher.c. */
+
+
+
+/* Decrypt one block. A and B need to be aligned on a 4 byte boundary
+ and the decryption must have been prepared. A and B may be the
+ same. */
+static void
+do_decrypt_aligned (RIJNDAEL_context *ctx,
+ unsigned char *b, const unsigned char *a)
+{
+#define rk (ctx->keySched2)
+ int ROUNDS = ctx->ROUNDS;
+ int r;
+ union
+ {
+ u32 tempu32[4]; /* Force correct alignment. */
+ byte temp[4][4];
+ } u;
+
+
+ *((u32*)u.temp[0]) = *((u32*)(a )) ^ *((u32*)rk[ROUNDS][0]);
+ *((u32*)u.temp[1]) = *((u32*)(a+ 4)) ^ *((u32*)rk[ROUNDS][1]);
+ *((u32*)u.temp[2]) = *((u32*)(a+ 8)) ^ *((u32*)rk[ROUNDS][2]);
+ *((u32*)u.temp[3]) = *((u32*)(a+12)) ^ *((u32*)rk[ROUNDS][3]);
+
+ *((u32*)(b )) = (*((u32*)T5[u.temp[0][0]])
+ ^ *((u32*)T6[u.temp[3][1]])
+ ^ *((u32*)T7[u.temp[2][2]])
+ ^ *((u32*)T8[u.temp[1][3]]));
+ *((u32*)(b+ 4)) = (*((u32*)T5[u.temp[1][0]])
+ ^ *((u32*)T6[u.temp[0][1]])
+ ^ *((u32*)T7[u.temp[3][2]])
+ ^ *((u32*)T8[u.temp[2][3]]));
+ *((u32*)(b+ 8)) = (*((u32*)T5[u.temp[2][0]])
+ ^ *((u32*)T6[u.temp[1][1]])
+ ^ *((u32*)T7[u.temp[0][2]])
+ ^ *((u32*)T8[u.temp[3][3]]));
+ *((u32*)(b+12)) = (*((u32*)T5[u.temp[3][0]])
+ ^ *((u32*)T6[u.temp[2][1]])
+ ^ *((u32*)T7[u.temp[1][2]])
+ ^ *((u32*)T8[u.temp[0][3]]));
+
+ for (r = ROUNDS-1; r > 1; r--)
+ {
+ *((u32*)u.temp[0]) = *((u32*)(b )) ^ *((u32*)rk[r][0]);
+ *((u32*)u.temp[1]) = *((u32*)(b+ 4)) ^ *((u32*)rk[r][1]);
+ *((u32*)u.temp[2]) = *((u32*)(b+ 8)) ^ *((u32*)rk[r][2]);
+ *((u32*)u.temp[3]) = *((u32*)(b+12)) ^ *((u32*)rk[r][3]);
+ *((u32*)(b )) = (*((u32*)T5[u.temp[0][0]])
+ ^ *((u32*)T6[u.temp[3][1]])
+ ^ *((u32*)T7[u.temp[2][2]])
+ ^ *((u32*)T8[u.temp[1][3]]));
+ *((u32*)(b+ 4)) = (*((u32*)T5[u.temp[1][0]])
+ ^ *((u32*)T6[u.temp[0][1]])
+ ^ *((u32*)T7[u.temp[3][2]])
+ ^ *((u32*)T8[u.temp[2][3]]));
+ *((u32*)(b+ 8)) = (*((u32*)T5[u.temp[2][0]])
+ ^ *((u32*)T6[u.temp[1][1]])
+ ^ *((u32*)T7[u.temp[0][2]])
+ ^ *((u32*)T8[u.temp[3][3]]));
+ *((u32*)(b+12)) = (*((u32*)T5[u.temp[3][0]])
+ ^ *((u32*)T6[u.temp[2][1]])
+ ^ *((u32*)T7[u.temp[1][2]])
+ ^ *((u32*)T8[u.temp[0][3]]));
+ }
+
+ /* Last round is special. */
+ *((u32*)u.temp[0]) = *((u32*)(b )) ^ *((u32*)rk[1][0]);
+ *((u32*)u.temp[1]) = *((u32*)(b+ 4)) ^ *((u32*)rk[1][1]);
+ *((u32*)u.temp[2]) = *((u32*)(b+ 8)) ^ *((u32*)rk[1][2]);
+ *((u32*)u.temp[3]) = *((u32*)(b+12)) ^ *((u32*)rk[1][3]);
+ b[ 0] = S5[u.temp[0][0]];
+ b[ 1] = S5[u.temp[3][1]];
+ b[ 2] = S5[u.temp[2][2]];
+ b[ 3] = S5[u.temp[1][3]];
+ b[ 4] = S5[u.temp[1][0]];
+ b[ 5] = S5[u.temp[0][1]];
+ b[ 6] = S5[u.temp[3][2]];
+ b[ 7] = S5[u.temp[2][3]];
+ b[ 8] = S5[u.temp[2][0]];
+ b[ 9] = S5[u.temp[1][1]];
+ b[10] = S5[u.temp[0][2]];
+ b[11] = S5[u.temp[3][3]];
+ b[12] = S5[u.temp[3][0]];
+ b[13] = S5[u.temp[2][1]];
+ b[14] = S5[u.temp[1][2]];
+ b[15] = S5[u.temp[0][3]];
+ *((u32*)(b )) ^= *((u32*)rk[0][0]);
+ *((u32*)(b+ 4)) ^= *((u32*)rk[0][1]);
+ *((u32*)(b+ 8)) ^= *((u32*)rk[0][2]);
+ *((u32*)(b+12)) ^= *((u32*)rk[0][3]);
+#undef rk
+}
+
+
+/* Decrypt one block. AX and BX may be the same. */
+static void
+do_decrypt (RIJNDAEL_context *ctx, byte *bx, const byte *ax)
+{
+ /* BX and AX are not necessary correctly aligned. Thus we need to
+ copy them here. */
+ union
+ {
+ u32 dummy[4];
+ byte a[16];
+ } a;
+ union
+ {
+ u32 dummy[4];
+ byte b[16];
+ } b;
+
+ if ( !ctx->decryption_prepared )
+ {
+ prepare_decryption ( ctx );
+ _gcry_burn_stack (64);
+ ctx->decryption_prepared = 1;
+ }
+
+ memcpy (a.a, ax, 16);
+ do_decrypt_aligned (ctx, b.b, a.a);
+ memcpy (bx, b.b, 16);
+#undef rk
+}
+
+
+
+
+static void
+rijndael_decrypt (void *context, byte *b, const byte *a)
+{
+ RIJNDAEL_context *ctx = context;
+
+#ifdef USE_PADLOCK
+ if (ctx->use_padlock)
+ {
+ do_padlock (ctx, 1, b, a);
+ _gcry_burn_stack (48 + 2*sizeof(int) /* FIXME */);
+ }
+ else
+#endif /*USE_PADLOCK*/
+ {
+ do_decrypt (ctx, b, a);
+ _gcry_burn_stack (48+2*sizeof(int));
+ }
+}
+
+
+/* Bulk decryption of complete blocks in CFB mode. Caller needs to
+ make sure that IV is aligned on an unisgned lonhg boundary. This
+ function is only intended for the bulk encryption feature of
+ cipher.c. */
+
+
+/* Bulk decryption of complete blocks in CBC mode. Caller needs to
+ make sure that IV is aligned on an unsigned long boundary. This
+ function is only intended for the bulk encryption feature of
+ cipher.c. */
+
+
+
+
+/* Run the self-tests for AES 128. Returns NULL on success. */
+
+/* Run the self-tests for AES 192. Returns NULL on success. */
+
+
+/* Run the self-tests for AES 256. Returns NULL on success. */
+
+/* Run all the self-tests and return NULL on success. This function
+ is used for the on-the-fly self-tests. */
+
+
+/* SP800-38a.pdf for AES-128. */
+
+
+/* Complete selftest for AES-128 with all modes and driver code. */
+
+/* Complete selftest for AES-192. */
+
+
+/* Complete selftest for AES-256. */
+
+
+
+/* Run a full self-test for ALGO and return 0 on success. */
+
+
+
+
+static const char *rijndael_names[] =
+ {
+ "RIJNDAEL",
+ "AES128",
+ "AES-128",
+ NULL
+ };
+
+static gcry_cipher_oid_spec_t rijndael_oids[] =
+ {
+ { "2.16.840.1.101.3.4.1.1", GCRY_CIPHER_MODE_ECB },
+ { "2.16.840.1.101.3.4.1.2", GCRY_CIPHER_MODE_CBC },
+ { "2.16.840.1.101.3.4.1.3", GCRY_CIPHER_MODE_OFB },
+ { "2.16.840.1.101.3.4.1.4", GCRY_CIPHER_MODE_CFB },
+ { NULL }
+ };
+
+gcry_cipher_spec_t _gcry_cipher_spec_aes =
+ {
+ "AES", rijndael_names, rijndael_oids, 16, 128, sizeof (RIJNDAEL_context),
+ rijndael_setkey, rijndael_encrypt, rijndael_decrypt
+ };
+
+static const char *rijndael192_names[] =
+ {
+ "RIJNDAEL192",
+ "AES-192",
+ NULL
+ };
+
+static gcry_cipher_oid_spec_t rijndael192_oids[] =
+ {
+ { "2.16.840.1.101.3.4.1.21", GCRY_CIPHER_MODE_ECB },
+ { "2.16.840.1.101.3.4.1.22", GCRY_CIPHER_MODE_CBC },
+ { "2.16.840.1.101.3.4.1.23", GCRY_CIPHER_MODE_OFB },
+ { "2.16.840.1.101.3.4.1.24", GCRY_CIPHER_MODE_CFB },
+ { NULL }
+ };
+
+gcry_cipher_spec_t _gcry_cipher_spec_aes192 =
+ {
+ "AES192", rijndael192_names, rijndael192_oids, 16, 192, sizeof (RIJNDAEL_context),
+ rijndael_setkey, rijndael_encrypt, rijndael_decrypt
+ };
+
+static const char *rijndael256_names[] =
+ {
+ "RIJNDAEL256",
+ "AES-256",
+ NULL
+ };
+
+static gcry_cipher_oid_spec_t rijndael256_oids[] =
+ {
+ { "2.16.840.1.101.3.4.1.41", GCRY_CIPHER_MODE_ECB },
+ { "2.16.840.1.101.3.4.1.42", GCRY_CIPHER_MODE_CBC },
+ { "2.16.840.1.101.3.4.1.43", GCRY_CIPHER_MODE_OFB },
+ { "2.16.840.1.101.3.4.1.44", GCRY_CIPHER_MODE_CFB },
+ { NULL }
+ };
+
+gcry_cipher_spec_t _gcry_cipher_spec_aes256 =
+ {
+ "AES256", rijndael256_names, rijndael256_oids, 16, 256,
+ sizeof (RIJNDAEL_context),
+ rijndael_setkey, rijndael_encrypt, rijndael_decrypt
+ };
+
+
+
+GRUB_MOD_INIT(gcry_rijndael)
+{
+ grub_cipher_register (&_gcry_cipher_spec_aes);
+ grub_cipher_register (&_gcry_cipher_spec_aes192);
+ grub_cipher_register (&_gcry_cipher_spec_aes256);
+}
+
+GRUB_MOD_FINI(gcry_rijndael)
+{
+ grub_cipher_unregister (&_gcry_cipher_spec_aes);
+ grub_cipher_unregister (&_gcry_cipher_spec_aes192);
+ grub_cipher_unregister (&_gcry_cipher_spec_aes256);
+}
diff --git a/grub-core/lib/libgcrypt-grub/cipher/rmd.h b/grub-core/lib/libgcrypt-grub/cipher/rmd.h
new file mode 100644
index 0000000..1f11382
--- /dev/null
+++ b/grub-core/lib/libgcrypt-grub/cipher/rmd.h
@@ -0,0 +1,40 @@
+/* This file was automatically imported with
+ import_gcry.py. Please don't modify it */
+#include <grub/dl.h>
+/* rmd.h - RIPE-MD hash functions
+ * Copyright (C) 1998, 2001, 2002 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+#ifndef G10_RMD_H
+#define G10_RMD_H
+
+
+/* We need this here because random.c must have direct access. */
+typedef struct
+{
+ u32 h0,h1,h2,h3,h4;
+ u32 nblocks;
+ byte buf[64];
+ int count;
+} RMD160_CONTEXT;
+
+void _gcry_rmd160_init ( void *context );
+void _gcry_rmd160_mixblock ( RMD160_CONTEXT *hd, void *blockof64byte );
+
+#endif /*G10_RMD_H*/
+
diff --git a/grub-core/lib/libgcrypt-grub/cipher/rmd160.c b/grub-core/lib/libgcrypt-grub/cipher/rmd160.c
new file mode 100644
index 0000000..9c35e45
--- /dev/null
+++ b/grub-core/lib/libgcrypt-grub/cipher/rmd160.c
@@ -0,0 +1,575 @@
+/* This file was automatically imported with
+ import_gcry.py. Please don't modify it */
+#include <grub/dl.h>
+GRUB_MOD_LICENSE ("GPLv3+");
+/* rmd160.c - RIPE-MD160
+ * Copyright (C) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
+#include "g10lib.h"
+#include "memory.h"
+#include "rmd.h"
+#include "cipher.h" /* Only used for the rmd160_hash_buffer() prototype. */
+
+#include "bithelp.h"
+
+/*********************************
+ * RIPEMD-160 is not patented, see (as of 25.10.97)
+ * http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html
+ * Note that the code uses Little Endian byteorder, which is good for
+ * 386 etc, but we must add some conversion when used on a big endian box.
+ *
+ *
+ * Pseudo-code for RIPEMD-160
+ *
+ * RIPEMD-160 is an iterative hash function that operates on 32-bit words.
+ * The round function takes as input a 5-word chaining variable and a 16-word
+ * message block and maps this to a new chaining variable. All operations are
+ * defined on 32-bit words. Padding is identical to that of MD4.
+ *
+ *
+ * RIPEMD-160: definitions
+ *
+ *
+ * nonlinear functions at bit level: exor, mux, -, mux, -
+ *
+ * f(j, x, y, z) = x XOR y XOR z (0 <= j <= 15)
+ * f(j, x, y, z) = (x AND y) OR (NOT(x) AND z) (16 <= j <= 31)
+ * f(j, x, y, z) = (x OR NOT(y)) XOR z (32 <= j <= 47)
+ * f(j, x, y, z) = (x AND z) OR (y AND NOT(z)) (48 <= j <= 63)
+ * f(j, x, y, z) = x XOR (y OR NOT(z)) (64 <= j <= 79)
+ *
+ *
+ * added constants (hexadecimal)
+ *
+ * K(j) = 0x00000000 (0 <= j <= 15)
+ * K(j) = 0x5A827999 (16 <= j <= 31) int(2**30 x sqrt(2))
+ * K(j) = 0x6ED9EBA1 (32 <= j <= 47) int(2**30 x sqrt(3))
+ * K(j) = 0x8F1BBCDC (48 <= j <= 63) int(2**30 x sqrt(5))
+ * K(j) = 0xA953FD4E (64 <= j <= 79) int(2**30 x sqrt(7))
+ * K'(j) = 0x50A28BE6 (0 <= j <= 15) int(2**30 x cbrt(2))
+ * K'(j) = 0x5C4DD124 (16 <= j <= 31) int(2**30 x cbrt(3))
+ * K'(j) = 0x6D703EF3 (32 <= j <= 47) int(2**30 x cbrt(5))
+ * K'(j) = 0x7A6D76E9 (48 <= j <= 63) int(2**30 x cbrt(7))
+ * K'(j) = 0x00000000 (64 <= j <= 79)
+ *
+ *
+ * selection of message word
+ *
+ * r(j) = j (0 <= j <= 15)
+ * r(16..31) = 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8
+ * r(32..47) = 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12
+ * r(48..63) = 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2
+ * r(64..79) = 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13
+ * r0(0..15) = 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12
+ * r0(16..31)= 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2
+ * r0(32..47)= 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13
+ * r0(48..63)= 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14
+ * r0(64..79)= 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11
+ *
+ *
+ * amount for rotate left (rol)
+ *
+ * s(0..15) = 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8
+ * s(16..31) = 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12
+ * s(32..47) = 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5
+ * s(48..63) = 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12
+ * s(64..79) = 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6
+ * s'(0..15) = 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6
+ * s'(16..31)= 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11
+ * s'(32..47)= 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5
+ * s'(48..63)= 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8
+ * s'(64..79)= 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11
+ *
+ *
+ * initial value (hexadecimal)
+ *
+ * h0 = 0x67452301; h1 = 0xEFCDAB89; h2 = 0x98BADCFE; h3 = 0x10325476;
+ * h4 = 0xC3D2E1F0;
+ *
+ *
+ * RIPEMD-160: pseudo-code
+ *
+ * It is assumed that the message after padding consists of t 16-word blocks
+ * that will be denoted with X[i][j], with 0 <= i <= t-1 and 0 <= j <= 15.
+ * The symbol [+] denotes addition modulo 2**32 and rol_s denotes cyclic left
+ * shift (rotate) over s positions.
+ *
+ *
+ * for i := 0 to t-1 {
+ * A := h0; B := h1; C := h2; D = h3; E = h4;
+ * A' := h0; B' := h1; C' := h2; D' = h3; E' = h4;
+ * for j := 0 to 79 {
+ * T := rol_s(j)(A [+] f(j, B, C, D) [+] X[i][r(j)] [+] K(j)) [+] E;
+ * A := E; E := D; D := rol_10(C); C := B; B := T;
+ * T := rol_s'(j)(A' [+] f(79-j, B', C', D') [+] X[i][r'(j)]
+ [+] K'(j)) [+] E';
+ * A' := E'; E' := D'; D' := rol_10(C'); C' := B'; B' := T;
+ * }
+ * T := h1 [+] C [+] D'; h1 := h2 [+] D [+] E'; h2 := h3 [+] E [+] A';
+ * h3 := h4 [+] A [+] B'; h4 := h0 [+] B [+] C'; h0 := T;
+ * }
+ */
+
+/* Some examples:
+ * "" 9c1185a5c5e9fc54612808977ee8f548b2258d31
+ * "a" 0bdc9d2d256b3ee9daae347be6f4dc835a467ffe
+ * "abc" 8eb208f7e05d987a9b044a8e98c6b087f15a0bfc
+ * "message digest" 5d0689ef49d2fae572b881b123a85ffa21595f36
+ * "a...z" f71c27109c692c1b56bbdceb5b9d2865b3708dbc
+ * "abcdbcde...nopq" 12a053384a9c0c88e405a06c27dcf49ada62eb2b
+ * "A...Za...z0...9" b0e20b6e3116640286ed3a87a5713079b21f5189
+ * 8 times "1234567890" 9b752e45573d4b39f4dbd3323cab82bf63326bfb
+ * 1 million times "a" 52783243c1697bdbe16d37f97f68f08325dc1528
+ */
+
+
+void
+_gcry_rmd160_init (void *context)
+{
+ RMD160_CONTEXT *hd = context;
+
+ hd->h0 = 0x67452301;
+ hd->h1 = 0xEFCDAB89;
+ hd->h2 = 0x98BADCFE;
+ hd->h3 = 0x10325476;
+ hd->h4 = 0xC3D2E1F0;
+ hd->nblocks = 0;
+ hd->count = 0;
+}
+
+
+
+/****************
+ * Transform the message X which consists of 16 32-bit-words
+ */
+static void
+transform ( RMD160_CONTEXT *hd, const unsigned char *data )
+{
+ register u32 a,b,c,d,e;
+ u32 aa,bb,cc,dd,ee,t;
+#ifdef WORDS_BIGENDIAN
+ u32 x[16];
+ {
+ int i;
+ byte *p2, *p1;
+ for (i=0, p1=data, p2=(byte*)x; i < 16; i++, p2 += 4 )
+ {
+ p2[3] = *p1++;
+ p2[2] = *p1++;
+ p2[1] = *p1++;
+ p2[0] = *p1++;
+ }
+ }
+#else
+ /* This version is better because it is always aligned;
+ * The performance penalty on a 586-100 is about 6% which
+ * is acceptable - because the data is more local it might
+ * also be possible that this is faster on some machines.
+ * This function (when compiled with -02 on gcc 2.7.2)
+ * executes on a 586-100 (39.73 bogomips) at about 1900kb/sec;
+ * [measured with a 4MB data and "gpgm --print-md rmd160"] */
+ u32 x[16];
+ memcpy( x, data, 64 );
+#endif
+
+
+#define K0 0x00000000
+#define K1 0x5A827999
+#define K2 0x6ED9EBA1
+#define K3 0x8F1BBCDC
+#define K4 0xA953FD4E
+#define KK0 0x50A28BE6
+#define KK1 0x5C4DD124
+#define KK2 0x6D703EF3
+#define KK3 0x7A6D76E9
+#define KK4 0x00000000
+#define F0(x,y,z) ( (x) ^ (y) ^ (z) )
+#define F1(x,y,z) ( ((x) & (y)) | (~(x) & (z)) )
+#define F2(x,y,z) ( ((x) | ~(y)) ^ (z) )
+#define F3(x,y,z) ( ((x) & (z)) | ((y) & ~(z)) )
+#define F4(x,y,z) ( (x) ^ ((y) | ~(z)) )
+#define R(a,b,c,d,e,f,k,r,s) do { t = a + f(b,c,d) + k + x[r]; \
+ a = rol(t,s) + e; \
+ c = rol(c,10); \
+ } while(0)
+
+ /* left lane */
+ a = hd->h0;
+ b = hd->h1;
+ c = hd->h2;
+ d = hd->h3;
+ e = hd->h4;
+ R( a, b, c, d, e, F0, K0, 0, 11 );
+ R( e, a, b, c, d, F0, K0, 1, 14 );
+ R( d, e, a, b, c, F0, K0, 2, 15 );
+ R( c, d, e, a, b, F0, K0, 3, 12 );
+ R( b, c, d, e, a, F0, K0, 4, 5 );
+ R( a, b, c, d, e, F0, K0, 5, 8 );
+ R( e, a, b, c, d, F0, K0, 6, 7 );
+ R( d, e, a, b, c, F0, K0, 7, 9 );
+ R( c, d, e, a, b, F0, K0, 8, 11 );
+ R( b, c, d, e, a, F0, K0, 9, 13 );
+ R( a, b, c, d, e, F0, K0, 10, 14 );
+ R( e, a, b, c, d, F0, K0, 11, 15 );
+ R( d, e, a, b, c, F0, K0, 12, 6 );
+ R( c, d, e, a, b, F0, K0, 13, 7 );
+ R( b, c, d, e, a, F0, K0, 14, 9 );
+ R( a, b, c, d, e, F0, K0, 15, 8 );
+ R( e, a, b, c, d, F1, K1, 7, 7 );
+ R( d, e, a, b, c, F1, K1, 4, 6 );
+ R( c, d, e, a, b, F1, K1, 13, 8 );
+ R( b, c, d, e, a, F1, K1, 1, 13 );
+ R( a, b, c, d, e, F1, K1, 10, 11 );
+ R( e, a, b, c, d, F1, K1, 6, 9 );
+ R( d, e, a, b, c, F1, K1, 15, 7 );
+ R( c, d, e, a, b, F1, K1, 3, 15 );
+ R( b, c, d, e, a, F1, K1, 12, 7 );
+ R( a, b, c, d, e, F1, K1, 0, 12 );
+ R( e, a, b, c, d, F1, K1, 9, 15 );
+ R( d, e, a, b, c, F1, K1, 5, 9 );
+ R( c, d, e, a, b, F1, K1, 2, 11 );
+ R( b, c, d, e, a, F1, K1, 14, 7 );
+ R( a, b, c, d, e, F1, K1, 11, 13 );
+ R( e, a, b, c, d, F1, K1, 8, 12 );
+ R( d, e, a, b, c, F2, K2, 3, 11 );
+ R( c, d, e, a, b, F2, K2, 10, 13 );
+ R( b, c, d, e, a, F2, K2, 14, 6 );
+ R( a, b, c, d, e, F2, K2, 4, 7 );
+ R( e, a, b, c, d, F2, K2, 9, 14 );
+ R( d, e, a, b, c, F2, K2, 15, 9 );
+ R( c, d, e, a, b, F2, K2, 8, 13 );
+ R( b, c, d, e, a, F2, K2, 1, 15 );
+ R( a, b, c, d, e, F2, K2, 2, 14 );
+ R( e, a, b, c, d, F2, K2, 7, 8 );
+ R( d, e, a, b, c, F2, K2, 0, 13 );
+ R( c, d, e, a, b, F2, K2, 6, 6 );
+ R( b, c, d, e, a, F2, K2, 13, 5 );
+ R( a, b, c, d, e, F2, K2, 11, 12 );
+ R( e, a, b, c, d, F2, K2, 5, 7 );
+ R( d, e, a, b, c, F2, K2, 12, 5 );
+ R( c, d, e, a, b, F3, K3, 1, 11 );
+ R( b, c, d, e, a, F3, K3, 9, 12 );
+ R( a, b, c, d, e, F3, K3, 11, 14 );
+ R( e, a, b, c, d, F3, K3, 10, 15 );
+ R( d, e, a, b, c, F3, K3, 0, 14 );
+ R( c, d, e, a, b, F3, K3, 8, 15 );
+ R( b, c, d, e, a, F3, K3, 12, 9 );
+ R( a, b, c, d, e, F3, K3, 4, 8 );
+ R( e, a, b, c, d, F3, K3, 13, 9 );
+ R( d, e, a, b, c, F3, K3, 3, 14 );
+ R( c, d, e, a, b, F3, K3, 7, 5 );
+ R( b, c, d, e, a, F3, K3, 15, 6 );
+ R( a, b, c, d, e, F3, K3, 14, 8 );
+ R( e, a, b, c, d, F3, K3, 5, 6 );
+ R( d, e, a, b, c, F3, K3, 6, 5 );
+ R( c, d, e, a, b, F3, K3, 2, 12 );
+ R( b, c, d, e, a, F4, K4, 4, 9 );
+ R( a, b, c, d, e, F4, K4, 0, 15 );
+ R( e, a, b, c, d, F4, K4, 5, 5 );
+ R( d, e, a, b, c, F4, K4, 9, 11 );
+ R( c, d, e, a, b, F4, K4, 7, 6 );
+ R( b, c, d, e, a, F4, K4, 12, 8 );
+ R( a, b, c, d, e, F4, K4, 2, 13 );
+ R( e, a, b, c, d, F4, K4, 10, 12 );
+ R( d, e, a, b, c, F4, K4, 14, 5 );
+ R( c, d, e, a, b, F4, K4, 1, 12 );
+ R( b, c, d, e, a, F4, K4, 3, 13 );
+ R( a, b, c, d, e, F4, K4, 8, 14 );
+ R( e, a, b, c, d, F4, K4, 11, 11 );
+ R( d, e, a, b, c, F4, K4, 6, 8 );
+ R( c, d, e, a, b, F4, K4, 15, 5 );
+ R( b, c, d, e, a, F4, K4, 13, 6 );
+
+ aa = a; bb = b; cc = c; dd = d; ee = e;
+
+ /* right lane */
+ a = hd->h0;
+ b = hd->h1;
+ c = hd->h2;
+ d = hd->h3;
+ e = hd->h4;
+ R( a, b, c, d, e, F4, KK0, 5, 8);
+ R( e, a, b, c, d, F4, KK0, 14, 9);
+ R( d, e, a, b, c, F4, KK0, 7, 9);
+ R( c, d, e, a, b, F4, KK0, 0, 11);
+ R( b, c, d, e, a, F4, KK0, 9, 13);
+ R( a, b, c, d, e, F4, KK0, 2, 15);
+ R( e, a, b, c, d, F4, KK0, 11, 15);
+ R( d, e, a, b, c, F4, KK0, 4, 5);
+ R( c, d, e, a, b, F4, KK0, 13, 7);
+ R( b, c, d, e, a, F4, KK0, 6, 7);
+ R( a, b, c, d, e, F4, KK0, 15, 8);
+ R( e, a, b, c, d, F4, KK0, 8, 11);
+ R( d, e, a, b, c, F4, KK0, 1, 14);
+ R( c, d, e, a, b, F4, KK0, 10, 14);
+ R( b, c, d, e, a, F4, KK0, 3, 12);
+ R( a, b, c, d, e, F4, KK0, 12, 6);
+ R( e, a, b, c, d, F3, KK1, 6, 9);
+ R( d, e, a, b, c, F3, KK1, 11, 13);
+ R( c, d, e, a, b, F3, KK1, 3, 15);
+ R( b, c, d, e, a, F3, KK1, 7, 7);
+ R( a, b, c, d, e, F3, KK1, 0, 12);
+ R( e, a, b, c, d, F3, KK1, 13, 8);
+ R( d, e, a, b, c, F3, KK1, 5, 9);
+ R( c, d, e, a, b, F3, KK1, 10, 11);
+ R( b, c, d, e, a, F3, KK1, 14, 7);
+ R( a, b, c, d, e, F3, KK1, 15, 7);
+ R( e, a, b, c, d, F3, KK1, 8, 12);
+ R( d, e, a, b, c, F3, KK1, 12, 7);
+ R( c, d, e, a, b, F3, KK1, 4, 6);
+ R( b, c, d, e, a, F3, KK1, 9, 15);
+ R( a, b, c, d, e, F3, KK1, 1, 13);
+ R( e, a, b, c, d, F3, KK1, 2, 11);
+ R( d, e, a, b, c, F2, KK2, 15, 9);
+ R( c, d, e, a, b, F2, KK2, 5, 7);
+ R( b, c, d, e, a, F2, KK2, 1, 15);
+ R( a, b, c, d, e, F2, KK2, 3, 11);
+ R( e, a, b, c, d, F2, KK2, 7, 8);
+ R( d, e, a, b, c, F2, KK2, 14, 6);
+ R( c, d, e, a, b, F2, KK2, 6, 6);
+ R( b, c, d, e, a, F2, KK2, 9, 14);
+ R( a, b, c, d, e, F2, KK2, 11, 12);
+ R( e, a, b, c, d, F2, KK2, 8, 13);
+ R( d, e, a, b, c, F2, KK2, 12, 5);
+ R( c, d, e, a, b, F2, KK2, 2, 14);
+ R( b, c, d, e, a, F2, KK2, 10, 13);
+ R( a, b, c, d, e, F2, KK2, 0, 13);
+ R( e, a, b, c, d, F2, KK2, 4, 7);
+ R( d, e, a, b, c, F2, KK2, 13, 5);
+ R( c, d, e, a, b, F1, KK3, 8, 15);
+ R( b, c, d, e, a, F1, KK3, 6, 5);
+ R( a, b, c, d, e, F1, KK3, 4, 8);
+ R( e, a, b, c, d, F1, KK3, 1, 11);
+ R( d, e, a, b, c, F1, KK3, 3, 14);
+ R( c, d, e, a, b, F1, KK3, 11, 14);
+ R( b, c, d, e, a, F1, KK3, 15, 6);
+ R( a, b, c, d, e, F1, KK3, 0, 14);
+ R( e, a, b, c, d, F1, KK3, 5, 6);
+ R( d, e, a, b, c, F1, KK3, 12, 9);
+ R( c, d, e, a, b, F1, KK3, 2, 12);
+ R( b, c, d, e, a, F1, KK3, 13, 9);
+ R( a, b, c, d, e, F1, KK3, 9, 12);
+ R( e, a, b, c, d, F1, KK3, 7, 5);
+ R( d, e, a, b, c, F1, KK3, 10, 15);
+ R( c, d, e, a, b, F1, KK3, 14, 8);
+ R( b, c, d, e, a, F0, KK4, 12, 8);
+ R( a, b, c, d, e, F0, KK4, 15, 5);
+ R( e, a, b, c, d, F0, KK4, 10, 12);
+ R( d, e, a, b, c, F0, KK4, 4, 9);
+ R( c, d, e, a, b, F0, KK4, 1, 12);
+ R( b, c, d, e, a, F0, KK4, 5, 5);
+ R( a, b, c, d, e, F0, KK4, 8, 14);
+ R( e, a, b, c, d, F0, KK4, 7, 6);
+ R( d, e, a, b, c, F0, KK4, 6, 8);
+ R( c, d, e, a, b, F0, KK4, 2, 13);
+ R( b, c, d, e, a, F0, KK4, 13, 6);
+ R( a, b, c, d, e, F0, KK4, 14, 5);
+ R( e, a, b, c, d, F0, KK4, 0, 15);
+ R( d, e, a, b, c, F0, KK4, 3, 13);
+ R( c, d, e, a, b, F0, KK4, 9, 11);
+ R( b, c, d, e, a, F0, KK4, 11, 11);
+
+
+ t = hd->h1 + d + cc;
+ hd->h1 = hd->h2 + e + dd;
+ hd->h2 = hd->h3 + a + ee;
+ hd->h3 = hd->h4 + b + aa;
+ hd->h4 = hd->h0 + c + bb;
+ hd->h0 = t;
+}
+
+
+/* Update the message digest with the contents
+ * of INBUF with length INLEN.
+ */
+static void
+rmd160_write ( void *context, const void *inbuf_arg, size_t inlen)
+{
+ const unsigned char *inbuf = inbuf_arg;
+ RMD160_CONTEXT *hd = context;
+
+ if( hd->count == 64 ) /* flush the buffer */
+ {
+ transform( hd, hd->buf );
+ _gcry_burn_stack (108+5*sizeof(void*));
+ hd->count = 0;
+ hd->nblocks++;
+ }
+ if( !inbuf )
+ return;
+ if( hd->count )
+ {
+ for( ; inlen && hd->count < 64; inlen-- )
+ hd->buf[hd->count++] = *inbuf++;
+ rmd160_write( hd, NULL, 0 );
+ if( !inlen )
+ return;
+ }
+
+ while( inlen >= 64 )
+ {
+ transform( hd, inbuf );
+ hd->count = 0;
+ hd->nblocks++;
+ inlen -= 64;
+ inbuf += 64;
+ }
+ _gcry_burn_stack (108+5*sizeof(void*));
+ for( ; inlen && hd->count < 64; inlen-- )
+ hd->buf[hd->count++] = *inbuf++;
+}
+
+/****************
+ * Apply the rmd160 transform function on the buffer which must have
+ * a length 64 bytes. Do not use this function together with the
+ * other functions, use rmd160_init to initialize internal variables.
+ * Returns: 16 bytes in buffer with the mixed contentes of buffer.
+ */
+void
+_gcry_rmd160_mixblock ( RMD160_CONTEXT *hd, void *blockof64byte )
+{
+ char *p = blockof64byte;
+
+ transform ( hd, blockof64byte );
+#define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0)
+ X(0);
+ X(1);
+ X(2);
+ X(3);
+ X(4);
+#undef X
+}
+
+
+/* The routine terminates the computation
+ */
+
+static void
+rmd160_final( void *context )
+{
+ RMD160_CONTEXT *hd = context;
+ u32 t, msb, lsb;
+ byte *p;
+
+ rmd160_write(hd, NULL, 0); /* flush */;
+
+ t = hd->nblocks;
+ /* multiply by 64 to make a byte count */
+ lsb = t << 6;
+ msb = t >> 26;
+ /* add the count */
+ t = lsb;
+ if( (lsb += hd->count) < t )
+ msb++;
+ /* multiply by 8 to make a bit count */
+ t = lsb;
+ lsb <<= 3;
+ msb <<= 3;
+ msb |= t >> 29;
+
+ if( hd->count < 56 ) /* enough room */
+ {
+ hd->buf[hd->count++] = 0x80; /* pad */
+ while( hd->count < 56 )
+ hd->buf[hd->count++] = 0; /* pad */
+ }
+ else /* need one extra block */
+ {
+ hd->buf[hd->count++] = 0x80; /* pad character */
+ while( hd->count < 64 )
+ hd->buf[hd->count++] = 0;
+ rmd160_write(hd, NULL, 0); /* flush */;
+ memset(hd->buf, 0, 56 ); /* fill next block with zeroes */
+ }
+ /* append the 64 bit count */
+ hd->buf[56] = lsb ;
+ hd->buf[57] = lsb >> 8;
+ hd->buf[58] = lsb >> 16;
+ hd->buf[59] = lsb >> 24;
+ hd->buf[60] = msb ;
+ hd->buf[61] = msb >> 8;
+ hd->buf[62] = msb >> 16;
+ hd->buf[63] = msb >> 24;
+ transform( hd, hd->buf );
+ _gcry_burn_stack (108+5*sizeof(void*));
+
+ p = hd->buf;
+#ifdef WORDS_BIGENDIAN
+#define X(a) do { *p++ = hd->h##a ; *p++ = hd->h##a >> 8; \
+ *p++ = hd->h##a >> 16; *p++ = hd->h##a >> 24; } while(0)
+#else /* little endian */
+#define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0)
+#endif
+ X(0);
+ X(1);
+ X(2);
+ X(3);
+ X(4);
+#undef X
+}
+
+static byte *
+rmd160_read( void *context )
+{
+ RMD160_CONTEXT *hd = context;
+
+ return hd->buf;
+}
+
+
+
+/****************
+ * Shortcut functions which puts the hash value of the supplied buffer
+ * into outbuf which must have a size of 20 bytes.
+ */
+
+static byte asn[15] = /* Object ID is 1.3.36.3.2.1 */
+ { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x24, 0x03,
+ 0x02, 0x01, 0x05, 0x00, 0x04, 0x14 };
+
+static gcry_md_oid_spec_t oid_spec_rmd160[] =
+ {
+ /* rsaSignatureWithripemd160 */
+ { "1.3.36.3.3.1.2" },
+ /* TeleTrust hash algorithm. */
+ { "1.3.36.3.2.1" },
+ { NULL }
+ };
+
+gcry_md_spec_t _gcry_digest_spec_rmd160 =
+ {
+ "RIPEMD160", asn, DIM (asn), oid_spec_rmd160, 20,
+ _gcry_rmd160_init, rmd160_write, rmd160_final, rmd160_read,
+ sizeof (RMD160_CONTEXT)
+ ,
+ .blocksize = 64
+ };
+
+
+GRUB_MOD_INIT(gcry_rmd160)
+{
+ grub_md_register (&_gcry_digest_spec_rmd160);
+}
+
+GRUB_MOD_FINI(gcry_rmd160)
+{
+ grub_md_unregister (&_gcry_digest_spec_rmd160);
+}
diff --git a/grub-core/lib/libgcrypt-grub/cipher/rsa.c b/grub-core/lib/libgcrypt-grub/cipher/rsa.c
new file mode 100644
index 0000000..168af84
--- /dev/null
+++ b/grub-core/lib/libgcrypt-grub/cipher/rsa.c
@@ -0,0 +1,1160 @@
+/* This file was automatically imported with
+ import_gcry.py. Please don't modify it */
+#include <grub/dl.h>
+GRUB_MOD_LICENSE ("GPLv3+");
+/* rsa.c - RSA implementation
+ * Copyright (C) 1997, 1998, 1999 by Werner Koch (dd9jn)
+ * Copyright (C) 2000, 2001, 2002, 2003, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* This code uses an algorithm protected by U.S. Patent #4,405,829
+ which expired on September 20, 2000. The patent holder placed that
+ patent into the public domain on Sep 6th, 2000.
+*/
+
+
+#include "g10lib.h"
+#include "mpi.h"
+#include "cipher.h"
+
+
+typedef struct
+{
+ gcry_mpi_t n; /* modulus */
+ gcry_mpi_t e; /* exponent */
+} RSA_public_key;
+
+
+typedef struct
+{
+ gcry_mpi_t n; /* public modulus */
+ gcry_mpi_t e; /* public exponent */
+ gcry_mpi_t d; /* exponent */
+ gcry_mpi_t p; /* prime p. */
+ gcry_mpi_t q; /* prime q. */
+ gcry_mpi_t u; /* inverse of p mod q. */
+} RSA_secret_key;
+
+
+/* A sample 1024 bit RSA key used for the selftests. */
+static const char sample_secret_key[] =
+"(private-key"
+" (rsa"
+" (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa"
+" 2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291"
+" ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7"
+" 891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)"
+" (e #010001#)"
+" (d #046129f2489d71579be0a75fe029bd6cdb574ebf57ea8a5b0fda942cab943b11"
+" 7d7bb95e5d28875e0f9fc5fcc06a72f6d502464dabded78ef6b716177b83d5bd"
+" c543dc5d3fed932e59f5897e92e6f58a0f33424106a3b6fa2cbf877510e4ac21"
+" c3ee47851e97d12996222ac3566d4ccb0b83d164074abf7de655fc2446da1781#)"
+" (p #00e861b700e17e8afe6837e7512e35b6ca11d0ae47d8b85161c67baf64377213"
+" fe52d772f2035b3ca830af41d8a4120e1c1c70d12cc22f00d28d31dd48a8d424f1#)"
+" (q #00f7a7ca5367c661f8e62df34f0d05c10c88e5492348dd7bddc942c9a8f369f9"
+" 35a07785d2db805215ed786e4285df1658eed3ce84f469b81b50d358407b4ad361#)"
+" (u #304559a9ead56d2309d203811a641bb1a09626bc8eb36fffa23c968ec5bd891e"
+" ebbafc73ae666e01ba7c8990bae06cc2bbe10b75e69fcacb353a6473079d8e9b#)))";
+/* A sample 1024 bit RSA key used for the selftests (public only). */
+static const char sample_public_key[] =
+"(public-key"
+" (rsa"
+" (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa"
+" 2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291"
+" ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7"
+" 891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)"
+" (e #010001#)))";
+
+
+
+
+static int test_keys (RSA_secret_key *sk, unsigned nbits);
+static int check_secret_key (RSA_secret_key *sk);
+static void public (gcry_mpi_t output, gcry_mpi_t input, RSA_public_key *skey);
+static void secret (gcry_mpi_t output, gcry_mpi_t input, RSA_secret_key *skey);
+
+
+/* Check that a freshly generated key actually works. Returns 0 on success. */
+static int
+test_keys (RSA_secret_key *sk, unsigned int nbits)
+{
+ int result = -1; /* Default to failure. */
+ RSA_public_key pk;
+ gcry_mpi_t plaintext = gcry_mpi_new (nbits);
+ gcry_mpi_t ciphertext = gcry_mpi_new (nbits);
+ gcry_mpi_t decr_plaintext = gcry_mpi_new (nbits);
+ gcry_mpi_t signature = gcry_mpi_new (nbits);
+
+ /* Put the relevant parameters into a public key structure. */
+ pk.n = sk->n;
+ pk.e = sk->e;
+
+ /* Create a random plaintext. */
+ gcry_mpi_randomize (plaintext, nbits, GCRY_WEAK_RANDOM);
+
+ /* Encrypt using the public key. */
+ public (ciphertext, plaintext, &pk);
+
+ /* Check that the cipher text does not match the plaintext. */
+ if (!gcry_mpi_cmp (ciphertext, plaintext))
+ goto leave; /* Ciphertext is identical to the plaintext. */
+
+ /* Decrypt using the secret key. */
+ secret (decr_plaintext, ciphertext, sk);
+
+ /* Check that the decrypted plaintext matches the original plaintext. */
+ if (gcry_mpi_cmp (decr_plaintext, plaintext))
+ goto leave; /* Plaintext does not match. */
+
+ /* Create another random plaintext as data for signature checking. */
+ gcry_mpi_randomize (plaintext, nbits, GCRY_WEAK_RANDOM);
+
+ /* Use the RSA secret function to create a signature of the plaintext. */
+ secret (signature, plaintext, sk);
+
+ /* Use the RSA public function to verify this signature. */
+ public (decr_plaintext, signature, &pk);
+ if (gcry_mpi_cmp (decr_plaintext, plaintext))
+ goto leave; /* Signature does not match. */
+
+ /* Modify the signature and check that the signing fails. */
+ gcry_mpi_add_ui (signature, signature, 1);
+ public (decr_plaintext, signature, &pk);
+ if (!gcry_mpi_cmp (decr_plaintext, plaintext))
+ goto leave; /* Signature matches but should not. */
+
+ result = 0; /* All tests succeeded. */
+
+ leave:
+ gcry_mpi_release (signature);
+ gcry_mpi_release (decr_plaintext);
+ gcry_mpi_release (ciphertext);
+ gcry_mpi_release (plaintext);
+ return result;
+}
+
+
+/* Callback used by the prime generation to test whether the exponent
+ is suitable. Returns 0 if the test has been passed. */
+static int
+check_exponent (void *arg, gcry_mpi_t a)
+{
+ gcry_mpi_t e = arg;
+ gcry_mpi_t tmp;
+ int result;
+
+ mpi_sub_ui (a, a, 1);
+ tmp = _gcry_mpi_alloc_like (a);
+ result = !gcry_mpi_gcd(tmp, e, a); /* GCD is not 1. */
+ gcry_mpi_release (tmp);
+ mpi_add_ui (a, a, 1);
+ return result;
+}
+
+/****************
+ * Generate a key pair with a key of size NBITS.
+ * USE_E = 0 let Libcgrypt decide what exponent to use.
+ * = 1 request the use of a "secure" exponent; this is required by some
+ * specification to be 65537.
+ * > 2 Use this public exponent. If the given exponent
+ * is not odd one is internally added to it.
+ * TRANSIENT_KEY: If true, generate the primes using the standard RNG.
+ * Returns: 2 structures filled with all needed values
+ */
+static gpg_err_code_t
+generate_std (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e,
+ int transient_key)
+{
+ gcry_mpi_t p, q; /* the two primes */
+ gcry_mpi_t d; /* the private key */
+ gcry_mpi_t u;
+ gcry_mpi_t t1, t2;
+ gcry_mpi_t n; /* the public key */
+ gcry_mpi_t e; /* the exponent */
+ gcry_mpi_t phi; /* helper: (p-1)(q-1) */
+ gcry_mpi_t g;
+ gcry_mpi_t f;
+ gcry_random_level_t random_level;
+
+ if (fips_mode ())
+ {
+ if (nbits < 1024)
+ return GPG_ERR_INV_VALUE;
+ if (transient_key)
+ return GPG_ERR_INV_VALUE;
+ }
+
+ /* The random quality depends on the transient_key flag. */
+ random_level = transient_key ? GCRY_STRONG_RANDOM : GCRY_VERY_STRONG_RANDOM;
+
+ /* Make sure that nbits is even so that we generate p, q of equal size. */
+ if ( (nbits&1) )
+ nbits++;
+
+ if (use_e == 1) /* Alias for a secure value */
+ use_e = 65537; /* as demanded by Sphinx. */
+
+ /* Public exponent:
+ In general we use 41 as this is quite fast and more secure than the
+ commonly used 17. Benchmarking the RSA verify function
+ with a 1024 bit key yields (2001-11-08):
+ e=17 0.54 ms
+ e=41 0.75 ms
+ e=257 0.95 ms
+ e=65537 1.80 ms
+ */
+ e = mpi_alloc( (32+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB );
+ if (!use_e)
+ mpi_set_ui (e, 41); /* This is a reasonable secure and fast value */
+ else
+ {
+ use_e |= 1; /* make sure this is odd */
+ mpi_set_ui (e, use_e);
+ }
+
+ n = gcry_mpi_new (nbits);
+
+ p = q = NULL;
+ do
+ {
+ /* select two (very secret) primes */
+ if (p)
+ gcry_mpi_release (p);
+ if (q)
+ gcry_mpi_release (q);
+ if (use_e)
+ { /* Do an extra test to ensure that the given exponent is
+ suitable. */
+ p = _gcry_generate_secret_prime (nbits/2, random_level,
+ check_exponent, e);
+ q = _gcry_generate_secret_prime (nbits/2, random_level,
+ check_exponent, e);
+ }
+ else
+ { /* We check the exponent later. */
+ p = _gcry_generate_secret_prime (nbits/2, random_level, NULL, NULL);
+ q = _gcry_generate_secret_prime (nbits/2, random_level, NULL, NULL);
+ }
+ if (mpi_cmp (p, q) > 0 ) /* p shall be smaller than q (for calc of u)*/
+ mpi_swap(p,q);
+ /* calculate the modulus */
+ mpi_mul( n, p, q );
+ }
+ while ( mpi_get_nbits(n) != nbits );
+
+ /* calculate Euler totient: phi = (p-1)(q-1) */
+ t1 = mpi_alloc_secure( mpi_get_nlimbs(p) );
+ t2 = mpi_alloc_secure( mpi_get_nlimbs(p) );
+ phi = gcry_mpi_snew ( nbits );
+ g = gcry_mpi_snew ( nbits );
+ f = gcry_mpi_snew ( nbits );
+ mpi_sub_ui( t1, p, 1 );
+ mpi_sub_ui( t2, q, 1 );
+ mpi_mul( phi, t1, t2 );
+ gcry_mpi_gcd(g, t1, t2);
+ mpi_fdiv_q(f, phi, g);
+
+ while (!gcry_mpi_gcd(t1, e, phi)) /* (while gcd is not 1) */
+ {
+ if (use_e)
+ BUG (); /* The prime generator already made sure that we
+ never can get to here. */
+ mpi_add_ui (e, e, 2);
+ }
+
+ /* calculate the secret key d = e^1 mod phi */
+ d = gcry_mpi_snew ( nbits );
+ mpi_invm(d, e, f );
+ /* calculate the inverse of p and q (used for chinese remainder theorem)*/
+ u = gcry_mpi_snew ( nbits );
+ mpi_invm(u, p, q );
+
+ if( DBG_CIPHER )
+ {
+ log_mpidump(" p= ", p );
+ log_mpidump(" q= ", q );
+ log_mpidump("phi= ", phi );
+ log_mpidump(" g= ", g );
+ log_mpidump(" f= ", f );
+ log_mpidump(" n= ", n );
+ log_mpidump(" e= ", e );
+ log_mpidump(" d= ", d );
+ log_mpidump(" u= ", u );
+ }
+
+ gcry_mpi_release (t1);
+ gcry_mpi_release (t2);
+ gcry_mpi_release (phi);
+ gcry_mpi_release (f);
+ gcry_mpi_release (g);
+
+ sk->n = n;
+ sk->e = e;
+ sk->p = p;
+ sk->q = q;
+ sk->d = d;
+ sk->u = u;
+
+ /* Now we can test our keys. */
+ if (test_keys (sk, nbits - 64))
+ {
+ gcry_mpi_release (sk->n); sk->n = NULL;
+ gcry_mpi_release (sk->e); sk->e = NULL;
+ gcry_mpi_release (sk->p); sk->p = NULL;
+ gcry_mpi_release (sk->q); sk->q = NULL;
+ gcry_mpi_release (sk->d); sk->d = NULL;
+ gcry_mpi_release (sk->u); sk->u = NULL;
+ fips_signal_error ("self-test after key generation failed");
+ return GPG_ERR_SELFTEST_FAILED;
+ }
+
+ return 0;
+}
+
+
+/* Helper for generate_x931. */
+static gcry_mpi_t
+gen_x931_parm_xp (unsigned int nbits)
+{
+ gcry_mpi_t xp;
+
+ xp = gcry_mpi_snew (nbits);
+ gcry_mpi_randomize (xp, nbits, GCRY_VERY_STRONG_RANDOM);
+
+ /* The requirement for Xp is:
+
+ sqrt{2}*2^{nbits-1} <= xp <= 2^{nbits} - 1
+
+ We set the two high order bits to 1 to satisfy the lower bound.
+ By using mpi_set_highbit we make sure that the upper bound is
+ satisfied as well. */
+ mpi_set_highbit (xp, nbits-1);
+ mpi_set_bit (xp, nbits-2);
+ gcry_assert ( mpi_get_nbits (xp) == nbits );
+
+ return xp;
+}
+
+
+/* Helper for generate_x931. */
+static gcry_mpi_t
+gen_x931_parm_xi (void)
+{
+ gcry_mpi_t xi;
+
+ xi = gcry_mpi_snew (101);
+ gcry_mpi_randomize (xi, 101, GCRY_VERY_STRONG_RANDOM);
+ mpi_set_highbit (xi, 100);
+ gcry_assert ( mpi_get_nbits (xi) == 101 );
+
+ return xi;
+}
+
+
+
+/* Variant of the standard key generation code using the algorithm
+ from X9.31. Using this algorithm has the advantage that the
+ generation can be made deterministic which is required for CAVS
+ testing. */
+static gpg_err_code_t
+generate_x931 (RSA_secret_key *sk, unsigned int nbits, unsigned long e_value,
+ gcry_sexp_t deriveparms, int *swapped)
+{
+ gcry_mpi_t p, q; /* The two primes. */
+ gcry_mpi_t e; /* The public exponent. */
+ gcry_mpi_t n; /* The public key. */
+ gcry_mpi_t d; /* The private key */
+ gcry_mpi_t u; /* The inverse of p and q. */
+ gcry_mpi_t pm1; /* p - 1 */
+ gcry_mpi_t qm1; /* q - 1 */
+ gcry_mpi_t phi; /* Euler totient. */
+ gcry_mpi_t f, g; /* Helper. */
+
+ *swapped = 0;
+
+ if (e_value == 1) /* Alias for a secure value. */
+ e_value = 65537;
+
+ /* Point 1 of section 4.1: k = 1024 + 256s with S >= 0 */
+ if (nbits < 1024 || (nbits % 256))
+ return GPG_ERR_INV_VALUE;
+
+ /* Point 2: 2 <= bitlength(e) < 2^{k-2}
+ Note that we do not need to check the upper bound because we use
+ an unsigned long for E and thus there is no way for E to reach
+ that limit. */
+ if (e_value < 3)
+ return GPG_ERR_INV_VALUE;
+
+ /* Our implementaion requires E to be odd. */
+ if (!(e_value & 1))
+ return GPG_ERR_INV_VALUE;
+
+ /* Point 3: e > 0 or e 0 if it is to be randomly generated.
+ We support only a fixed E and thus there is no need for an extra test. */
+
+
+ /* Compute or extract the derive parameters. */
+ {
+ gcry_mpi_t xp1 = NULL;
+ gcry_mpi_t xp2 = NULL;
+ gcry_mpi_t xp = NULL;
+ gcry_mpi_t xq1 = NULL;
+ gcry_mpi_t xq2 = NULL;
+ gcry_mpi_t xq = NULL;
+ gcry_mpi_t tmpval;
+
+ if (!deriveparms)
+ {
+ /* Not given: Generate them. */
+ xp = gen_x931_parm_xp (nbits/2);
+ /* Make sure that |xp - xq| > 2^{nbits - 100} holds. */
+ tmpval = gcry_mpi_snew (nbits/2);
+ do
+ {
+ gcry_mpi_release (xq);
+ xq = gen_x931_parm_xp (nbits/2);
+ mpi_sub (tmpval, xp, xq);
+ }
+ while (mpi_get_nbits (tmpval) <= (nbits/2 - 100));
+ gcry_mpi_release (tmpval);
+
+ xp1 = gen_x931_parm_xi ();
+ xp2 = gen_x931_parm_xi ();
+ xq1 = gen_x931_parm_xi ();
+ xq2 = gen_x931_parm_xi ();
+
+ }
+ else
+ {
+ /* Parameters to derive the key are given. */
+ struct { const char *name; gcry_mpi_t *value; } tbl[] = {
+ { "Xp1", &xp1 },
+ { "Xp2", &xp2 },
+ { "Xp", &xp },
+ { "Xq1", &xq1 },
+ { "Xq2", &xq2 },
+ { "Xq", &xq },
+ { NULL, NULL }
+ };
+ int idx;
+ gcry_sexp_t oneparm;
+
+ for (idx=0; tbl[idx].name; idx++)
+ {
+ oneparm = gcry_sexp_find_token (deriveparms, tbl[idx].name, 0);
+ if (oneparm)
+ {
+ *tbl[idx].value = gcry_sexp_nth_mpi (oneparm, 1,
+ GCRYMPI_FMT_USG);
+ gcry_sexp_release (oneparm);
+ }
+ }
+ for (idx=0; tbl[idx].name; idx++)
+ if (!*tbl[idx].value)
+ break;
+ if (tbl[idx].name)
+ {
+ /* At least one parameter is missing. */
+ for (idx=0; tbl[idx].name; idx++)
+ gcry_mpi_release (*tbl[idx].value);
+ return GPG_ERR_MISSING_VALUE;
+ }
+ }
+
+ e = mpi_alloc_set_ui (e_value);
+
+ /* Find two prime numbers. */
+ p = _gcry_derive_x931_prime (xp, xp1, xp2, e, NULL, NULL);
+ q = _gcry_derive_x931_prime (xq, xq1, xq2, e, NULL, NULL);
+ gcry_mpi_release (xp); xp = NULL;
+ gcry_mpi_release (xp1); xp1 = NULL;
+ gcry_mpi_release (xp2); xp2 = NULL;
+ gcry_mpi_release (xq); xq = NULL;
+ gcry_mpi_release (xq1); xq1 = NULL;
+ gcry_mpi_release (xq2); xq2 = NULL;
+ if (!p || !q)
+ {
+ gcry_mpi_release (p);
+ gcry_mpi_release (q);
+ gcry_mpi_release (e);
+ return GPG_ERR_NO_PRIME;
+ }
+ }
+
+
+ /* Compute the public modulus. We make sure that p is smaller than
+ q to allow the use of the CRT. */
+ if (mpi_cmp (p, q) > 0 )
+ {
+ mpi_swap (p, q);
+ *swapped = 1;
+ }
+ n = gcry_mpi_new (nbits);
+ mpi_mul (n, p, q);
+
+ /* Compute the Euler totient: phi = (p-1)(q-1) */
+ pm1 = gcry_mpi_snew (nbits/2);
+ qm1 = gcry_mpi_snew (nbits/2);
+ phi = gcry_mpi_snew (nbits);
+ mpi_sub_ui (pm1, p, 1);
+ mpi_sub_ui (qm1, q, 1);
+ mpi_mul (phi, pm1, qm1);
+
+ g = gcry_mpi_snew (nbits);
+ gcry_assert (gcry_mpi_gcd (g, e, phi));
+
+ /* Compute: f = lcm(p-1,q-1) = phi / gcd(p-1,q-1) */
+ gcry_mpi_gcd (g, pm1, qm1);
+ f = pm1; pm1 = NULL;
+ gcry_mpi_release (qm1); qm1 = NULL;
+ mpi_fdiv_q (f, phi, g);
+ gcry_mpi_release (phi); phi = NULL;
+ d = g; g = NULL;
+ /* Compute the secret key: d = e^{-1} mod lcm(p-1,q-1) */
+ mpi_invm (d, e, f);
+
+ /* Compute the inverse of p and q. */
+ u = f; f = NULL;
+ mpi_invm (u, p, q );
+
+ if( DBG_CIPHER )
+ {
+ if (*swapped)
+ log_debug ("p and q are swapped\n");
+ log_mpidump(" p", p );
+ log_mpidump(" q", q );
+ log_mpidump(" n", n );
+ log_mpidump(" e", e );
+ log_mpidump(" d", d );
+ log_mpidump(" u", u );
+ }
+
+
+ sk->n = n;
+ sk->e = e;
+ sk->p = p;
+ sk->q = q;
+ sk->d = d;
+ sk->u = u;
+
+ /* Now we can test our keys. */
+ if (test_keys (sk, nbits - 64))
+ {
+ gcry_mpi_release (sk->n); sk->n = NULL;
+ gcry_mpi_release (sk->e); sk->e = NULL;
+ gcry_mpi_release (sk->p); sk->p = NULL;
+ gcry_mpi_release (sk->q); sk->q = NULL;
+ gcry_mpi_release (sk->d); sk->d = NULL;
+ gcry_mpi_release (sk->u); sk->u = NULL;
+ fips_signal_error ("self-test after key generation failed");
+ return GPG_ERR_SELFTEST_FAILED;
+ }
+
+ return 0;
+}
+
+
+/****************
+ * Test wether the secret key is valid.
+ * Returns: true if this is a valid key.
+ */
+static int
+check_secret_key( RSA_secret_key *sk )
+{
+ int rc;
+ gcry_mpi_t temp = mpi_alloc( mpi_get_nlimbs(sk->p)*2 );
+
+ mpi_mul(temp, sk->p, sk->q );
+ rc = mpi_cmp( temp, sk->n );
+ mpi_free(temp);
+ return !rc;
+}
+
+
+
+/****************
+ * Public key operation. Encrypt INPUT with PKEY and put result into OUTPUT.
+ *
+ * c = m^e mod n
+ *
+ * Where c is OUTPUT, m is INPUT and e,n are elements of PKEY.
+ */
+static void
+public(gcry_mpi_t output, gcry_mpi_t input, RSA_public_key *pkey )
+{
+ if( output == input ) /* powm doesn't like output and input the same */
+ {
+ gcry_mpi_t x = mpi_alloc( mpi_get_nlimbs(input)*2 );
+ mpi_powm( x, input, pkey->e, pkey->n );
+ mpi_set(output, x);
+ mpi_free(x);
+ }
+ else
+ mpi_powm( output, input, pkey->e, pkey->n );
+}
+
+#if 0
+static void
+stronger_key_check ( RSA_secret_key *skey )
+{
+ gcry_mpi_t t = mpi_alloc_secure ( 0 );
+ gcry_mpi_t t1 = mpi_alloc_secure ( 0 );
+ gcry_mpi_t t2 = mpi_alloc_secure ( 0 );
+ gcry_mpi_t phi = mpi_alloc_secure ( 0 );
+
+ /* check that n == p * q */
+ mpi_mul( t, skey->p, skey->q);
+ if (mpi_cmp( t, skey->n) )
+ log_info ( "RSA Oops: n != p * q\n" );
+
+ /* check that p is less than q */
+ if( mpi_cmp( skey->p, skey->q ) > 0 )
+ {
+ log_info ("RSA Oops: p >= q - fixed\n");
+ _gcry_mpi_swap ( skey->p, skey->q);
+ }
+
+ /* check that e divides neither p-1 nor q-1 */
+ mpi_sub_ui(t, skey->p, 1 );
+ mpi_fdiv_r(t, t, skey->e );
+ if ( !mpi_cmp_ui( t, 0) )
+ log_info ( "RSA Oops: e divides p-1\n" );
+ mpi_sub_ui(t, skey->q, 1 );
+ mpi_fdiv_r(t, t, skey->e );
+ if ( !mpi_cmp_ui( t, 0) )
+ log_info ( "RSA Oops: e divides q-1\n" );
+
+ /* check that d is correct */
+ mpi_sub_ui( t1, skey->p, 1 );
+ mpi_sub_ui( t2, skey->q, 1 );
+ mpi_mul( phi, t1, t2 );
+ gcry_mpi_gcd(t, t1, t2);
+ mpi_fdiv_q(t, phi, t);
+ mpi_invm(t, skey->e, t );
+ if ( mpi_cmp(t, skey->d ) )
+ {
+ log_info ( "RSA Oops: d is wrong - fixed\n");
+ mpi_set (skey->d, t);
+ _gcry_log_mpidump (" fixed d", skey->d);
+ }
+
+ /* check for correctness of u */
+ mpi_invm(t, skey->p, skey->q );
+ if ( mpi_cmp(t, skey->u ) )
+ {
+ log_info ( "RSA Oops: u is wrong - fixed\n");
+ mpi_set (skey->u, t);
+ _gcry_log_mpidump (" fixed u", skey->u);
+ }
+
+ log_info ( "RSA secret key check finished\n");
+
+ mpi_free (t);
+ mpi_free (t1);
+ mpi_free (t2);
+ mpi_free (phi);
+}
+#endif
+
+
+
+/****************
+ * Secret key operation. Encrypt INPUT with SKEY and put result into OUTPUT.
+ *
+ * m = c^d mod n
+ *
+ * Or faster:
+ *
+ * m1 = c ^ (d mod (p-1)) mod p
+ * m2 = c ^ (d mod (q-1)) mod q
+ * h = u * (m2 - m1) mod q
+ * m = m1 + h * p
+ *
+ * Where m is OUTPUT, c is INPUT and d,n,p,q,u are elements of SKEY.
+ */
+static void
+secret(gcry_mpi_t output, gcry_mpi_t input, RSA_secret_key *skey )
+{
+ if (!skey->p || !skey->q || !skey->u)
+ {
+ mpi_powm (output, input, skey->d, skey->n);
+ }
+ else
+ {
+ gcry_mpi_t m1 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
+ gcry_mpi_t m2 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
+ gcry_mpi_t h = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
+
+ /* m1 = c ^ (d mod (p-1)) mod p */
+ mpi_sub_ui( h, skey->p, 1 );
+ mpi_fdiv_r( h, skey->d, h );
+ mpi_powm( m1, input, h, skey->p );
+ /* m2 = c ^ (d mod (q-1)) mod q */
+ mpi_sub_ui( h, skey->q, 1 );
+ mpi_fdiv_r( h, skey->d, h );
+ mpi_powm( m2, input, h, skey->q );
+ /* h = u * ( m2 - m1 ) mod q */
+ mpi_sub( h, m2, m1 );
+ if ( mpi_is_neg( h ) )
+ mpi_add ( h, h, skey->q );
+ mpi_mulm( h, skey->u, h, skey->q );
+ /* m = m2 + h * p */
+ mpi_mul ( h, h, skey->p );
+ mpi_add ( output, m1, h );
+
+ mpi_free ( h );
+ mpi_free ( m1 );
+ mpi_free ( m2 );
+ }
+}
+
+
+
+/* Perform RSA blinding. */
+static gcry_mpi_t
+rsa_blind (gcry_mpi_t x, gcry_mpi_t r, gcry_mpi_t e, gcry_mpi_t n)
+{
+ /* A helper. */
+ gcry_mpi_t a;
+
+ /* Result. */
+ gcry_mpi_t y;
+
+ a = gcry_mpi_snew (gcry_mpi_get_nbits (n));
+ y = gcry_mpi_snew (gcry_mpi_get_nbits (n));
+
+ /* Now we calculate: y = (x * r^e) mod n, where r is the random
+ number, e is the public exponent, x is the non-blinded data and n
+ is the RSA modulus. */
+ gcry_mpi_powm (a, r, e, n);
+ gcry_mpi_mulm (y, a, x, n);
+
+ gcry_mpi_release (a);
+
+ return y;
+}
+
+/* Undo RSA blinding. */
+static gcry_mpi_t
+rsa_unblind (gcry_mpi_t x, gcry_mpi_t ri, gcry_mpi_t n)
+{
+ gcry_mpi_t y;
+
+ y = gcry_mpi_snew (gcry_mpi_get_nbits (n));
+
+ /* Here we calculate: y = (x * r^-1) mod n, where x is the blinded
+ decrypted data, ri is the modular multiplicative inverse of r and
+ n is the RSA modulus. */
+
+ gcry_mpi_mulm (y, ri, x, n);
+
+ return y;
+}
+
+/*********************************************
+ ************** interface ******************
+ *********************************************/
+
+static gcry_err_code_t
+rsa_generate_ext (int algo, unsigned int nbits, unsigned long evalue,
+ const gcry_sexp_t genparms,
+ gcry_mpi_t *skey, gcry_mpi_t **retfactors,
+ gcry_sexp_t *r_extrainfo)
+{
+ RSA_secret_key sk;
+ gpg_err_code_t ec;
+ gcry_sexp_t deriveparms;
+ int transient_key = 0;
+ int use_x931 = 0;
+ gcry_sexp_t l1;
+
+ (void)algo;
+
+ *retfactors = NULL; /* We don't return them. */
+
+ deriveparms = (genparms?
+ gcry_sexp_find_token (genparms, "derive-parms", 0) : NULL);
+ if (!deriveparms)
+ {
+ /* Parse the optional "use-x931" flag. */
+ l1 = gcry_sexp_find_token (genparms, "use-x931", 0);
+ if (l1)
+ {
+ use_x931 = 1;
+ gcry_sexp_release (l1);
+ }
+ }
+
+ if (deriveparms || use_x931 || fips_mode ())
+ {
+ int swapped;
+ ec = generate_x931 (&sk, nbits, evalue, deriveparms, &swapped);
+ gcry_sexp_release (deriveparms);
+ if (!ec && r_extrainfo && swapped)
+ {
+ ec = gcry_sexp_new (r_extrainfo,
+ "(misc-key-info(p-q-swapped))", 0, 1);
+ if (ec)
+ {
+ gcry_mpi_release (sk.n); sk.n = NULL;
+ gcry_mpi_release (sk.e); sk.e = NULL;
+ gcry_mpi_release (sk.p); sk.p = NULL;
+ gcry_mpi_release (sk.q); sk.q = NULL;
+ gcry_mpi_release (sk.d); sk.d = NULL;
+ gcry_mpi_release (sk.u); sk.u = NULL;
+ }
+ }
+ }
+ else
+ {
+ /* Parse the optional "transient-key" flag. */
+ l1 = gcry_sexp_find_token (genparms, "transient-key", 0);
+ if (l1)
+ {
+ transient_key = 1;
+ gcry_sexp_release (l1);
+ }
+ /* Generate. */
+ ec = generate_std (&sk, nbits, evalue, transient_key);
+ }
+
+ if (!ec)
+ {
+ skey[0] = sk.n;
+ skey[1] = sk.e;
+ skey[2] = sk.d;
+ skey[3] = sk.p;
+ skey[4] = sk.q;
+ skey[5] = sk.u;
+ }
+
+ return ec;
+}
+
+
+static gcry_err_code_t
+rsa_generate (int algo, unsigned int nbits, unsigned long evalue,
+ gcry_mpi_t *skey, gcry_mpi_t **retfactors)
+{
+ return rsa_generate_ext (algo, nbits, evalue, NULL, skey, retfactors, NULL);
+}
+
+
+static gcry_err_code_t
+rsa_check_secret_key (int algo, gcry_mpi_t *skey)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+ RSA_secret_key sk;
+
+ (void)algo;
+
+ sk.n = skey[0];
+ sk.e = skey[1];
+ sk.d = skey[2];
+ sk.p = skey[3];
+ sk.q = skey[4];
+ sk.u = skey[5];
+
+ if (!sk.p || !sk.q || !sk.u)
+ err = GPG_ERR_NO_OBJ; /* To check the key we need the optional
+ parameters. */
+ else if (!check_secret_key (&sk))
+ err = GPG_ERR_PUBKEY_ALGO;
+
+ return err;
+}
+
+
+static gcry_err_code_t
+rsa_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,
+ gcry_mpi_t *pkey, int flags)
+{
+ RSA_public_key pk;
+
+ (void)algo;
+ (void)flags;
+
+ pk.n = pkey[0];
+ pk.e = pkey[1];
+ resarr[0] = mpi_alloc (mpi_get_nlimbs (pk.n));
+ public (resarr[0], data, &pk);
+
+ return GPG_ERR_NO_ERROR;
+}
+
+
+static gcry_err_code_t
+rsa_decrypt (int algo, gcry_mpi_t *result, gcry_mpi_t *data,
+ gcry_mpi_t *skey, int flags)
+{
+ RSA_secret_key sk;
+ gcry_mpi_t r = MPI_NULL; /* Random number needed for blinding. */
+ gcry_mpi_t ri = MPI_NULL; /* Modular multiplicative inverse of
+ r. */
+ gcry_mpi_t x = MPI_NULL; /* Data to decrypt. */
+ gcry_mpi_t y; /* Result. */
+
+ (void)algo;
+
+ /* Extract private key. */
+ sk.n = skey[0];
+ sk.e = skey[1];
+ sk.d = skey[2];
+ sk.p = skey[3]; /* Optional. */
+ sk.q = skey[4]; /* Optional. */
+ sk.u = skey[5]; /* Optional. */
+
+ y = gcry_mpi_snew (gcry_mpi_get_nbits (sk.n));
+
+ /* We use blinding by default to mitigate timing attacks which can
+ be practically mounted over the network as shown by Brumley and
+ Boney in 2003. */
+ if (! (flags & PUBKEY_FLAG_NO_BLINDING))
+ {
+ /* Initialize blinding. */
+
+ /* First, we need a random number r between 0 and n - 1, which
+ is relatively prime to n (i.e. it is neither p nor q). The
+ random number needs to be only unpredictable, thus we employ
+ the gcry_create_nonce function by using GCRY_WEAK_RANDOM with
+ gcry_mpi_randomize. */
+ r = gcry_mpi_snew (gcry_mpi_get_nbits (sk.n));
+ ri = gcry_mpi_snew (gcry_mpi_get_nbits (sk.n));
+
+ gcry_mpi_randomize (r, gcry_mpi_get_nbits (sk.n), GCRY_WEAK_RANDOM);
+ gcry_mpi_mod (r, r, sk.n);
+
+ /* Calculate inverse of r. It practically impossible that the
+ follwing test fails, thus we do not add code to release
+ allocated resources. */
+ if (!gcry_mpi_invm (ri, r, sk.n))
+ return GPG_ERR_INTERNAL;
+ }
+
+ if (! (flags & PUBKEY_FLAG_NO_BLINDING))
+ x = rsa_blind (data[0], r, sk.e, sk.n);
+ else
+ x = data[0];
+
+ /* Do the encryption. */
+ secret (y, x, &sk);
+
+ if (! (flags & PUBKEY_FLAG_NO_BLINDING))
+ {
+ /* Undo blinding. */
+ gcry_mpi_t a = gcry_mpi_copy (y);
+
+ gcry_mpi_release (y);
+ y = rsa_unblind (a, ri, sk.n);
+
+ gcry_mpi_release (a);
+ }
+
+ if (! (flags & PUBKEY_FLAG_NO_BLINDING))
+ {
+ /* Deallocate resources needed for blinding. */
+ gcry_mpi_release (x);
+ gcry_mpi_release (r);
+ gcry_mpi_release (ri);
+ }
+
+ /* Copy out result. */
+ *result = y;
+
+ return GPG_ERR_NO_ERROR;
+}
+
+
+static gcry_err_code_t
+rsa_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey)
+{
+ RSA_secret_key sk;
+
+ (void)algo;
+
+ sk.n = skey[0];
+ sk.e = skey[1];
+ sk.d = skey[2];
+ sk.p = skey[3];
+ sk.q = skey[4];
+ sk.u = skey[5];
+ resarr[0] = mpi_alloc( mpi_get_nlimbs (sk.n));
+ secret (resarr[0], data, &sk);
+
+ return GPG_ERR_NO_ERROR;
+}
+
+
+static gcry_err_code_t
+rsa_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey,
+ int (*cmp) (void *opaque, gcry_mpi_t tmp),
+ void *opaquev)
+{
+ RSA_public_key pk;
+ gcry_mpi_t result;
+ gcry_err_code_t rc;
+
+ (void)algo;
+ (void)cmp;
+ (void)opaquev;
+
+ pk.n = pkey[0];
+ pk.e = pkey[1];
+ result = gcry_mpi_new ( 160 );
+ public( result, data[0], &pk );
+#ifdef IS_DEVELOPMENT_VERSION
+ if (DBG_CIPHER)
+ {
+ log_mpidump ("rsa verify result:", result );
+ log_mpidump (" hash:", hash );
+ }
+#endif /*IS_DEVELOPMENT_VERSION*/
+ /*rc = (*cmp)( opaquev, result );*/
+ rc = mpi_cmp (result, hash) ? GPG_ERR_BAD_SIGNATURE : GPG_ERR_NO_ERROR;
+ gcry_mpi_release (result);
+
+ return rc;
+}
+
+
+static unsigned int
+rsa_get_nbits (int algo, gcry_mpi_t *pkey)
+{
+ (void)algo;
+
+ return mpi_get_nbits (pkey[0]);
+}
+
+
+/* Compute a keygrip. MD is the hash context which we are going to
+ update. KEYPARAM is an S-expression with the key parameters, this
+ is usually a public key but may also be a secret key. An example
+ of such an S-expression is:
+
+ (rsa
+ (n #00B...#)
+ (e #010001#))
+
+ PKCS-15 says that for RSA only the modulus should be hashed -
+ however, it is not clear wether this is meant to use the raw bytes
+ (assuming this is an unsigned integer) or whether the DER required
+ 0 should be prefixed. We hash the raw bytes. */
+static gpg_err_code_t
+compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparam)
+{
+ gcry_sexp_t l1;
+ const char *data;
+ size_t datalen;
+
+ l1 = gcry_sexp_find_token (keyparam, "n", 1);
+ if (!l1)
+ return GPG_ERR_NO_OBJ;
+
+ data = gcry_sexp_nth_data (l1, 1, &datalen);
+ if (!data)
+ {
+ gcry_sexp_release (l1);
+ return GPG_ERR_NO_OBJ;
+ }
+
+ gcry_md_write (md, data, datalen);
+ gcry_sexp_release (l1);
+
+ return 0;
+}
+
+
+
+
+/*
+ Self-test section.
+ */
+
+
+
+
+/* Given an S-expression ENCR_DATA of the form:
+
+ (enc-val
+ (rsa
+ (a a-value)))
+
+ as returned by gcry_pk_decrypt, return the the A-VALUE. On error,
+ return NULL. */
+static gcry_mpi_t
+extract_a_from_sexp (gcry_sexp_t encr_data)
+{
+ gcry_sexp_t l1, l2, l3;
+ gcry_mpi_t a_value;
+
+ l1 = gcry_sexp_find_token (encr_data, "enc-val", 0);
+ if (!l1)
+ return NULL;
+ l2 = gcry_sexp_find_token (l1, "rsa", 0);
+ gcry_sexp_release (l1);
+ if (!l2)
+ return NULL;
+ l3 = gcry_sexp_find_token (l2, "a", 0);
+ gcry_sexp_release (l2);
+ if (!l3)
+ return NULL;
+ a_value = gcry_sexp_nth_mpi (l3, 1, 0);
+ gcry_sexp_release (l3);
+
+ return a_value;
+}
+
+
+
+
+
+
+/* Run a full self-test for ALGO and return 0 on success. */
+
+
+
+
+static const char *rsa_names[] =
+ {
+ "rsa",
+ "openpgp-rsa",
+ "oid.1.2.840.113549.1.1.1",
+ NULL,
+ };
+
+gcry_pk_spec_t _gcry_pubkey_spec_rsa =
+ {
+ "RSA", rsa_names,
+ "ne", "nedpqu", "a", "s", "n",
+ GCRY_PK_USAGE_SIGN | GCRY_PK_USAGE_ENCR,
+ rsa_generate,
+ rsa_check_secret_key,
+ rsa_encrypt,
+ rsa_decrypt,
+ rsa_sign,
+ rsa_verify,
+ rsa_get_nbits,
+ };
+pk_extra_spec_t _gcry_pubkey_extraspec_rsa =
+ {
+ run_selftests,
+ rsa_generate_ext,
+ compute_keygrip
+ };
+
diff --git a/grub-core/lib/libgcrypt-grub/cipher/seed.c b/grub-core/lib/libgcrypt-grub/cipher/seed.c
new file mode 100644
index 0000000..8f47a29
--- /dev/null
+++ b/grub-core/lib/libgcrypt-grub/cipher/seed.c
@@ -0,0 +1,458 @@
+/* This file was automatically imported with
+ import_gcry.py. Please don't modify it */
+#include <grub/dl.h>
+GRUB_MOD_LICENSE ("GPLv3+");
+/* SEED for libgcrypt
+ * Copyright (C) 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ *
+ * --
+ * This implementation was provided for libgcrypt in public domain
+ * by Hye-Shik Chang <perky@FreeBSD.org>, July 2006.
+ */
+
+
+#include "types.h" /* for byte and u32 typedefs */
+#include "g10lib.h"
+#include "cipher.h"
+
+#define NUMKC 16
+
+#define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ \
+ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3]))
+#define PUTU32(ct, st) { (ct)[0] = (byte)((st) >> 24); \
+ (ct)[1] = (byte)((st) >> 16); \
+ (ct)[2] = (byte)((st) >> 8); \
+ (ct)[3] = (byte)(st); }
+
+union wordbuf
+{
+ u32 w;
+ byte b[4];
+};
+
+#ifdef WORDS_BIGENDIAN
+#define b0 b[3]
+#define b1 b[2]
+#define b2 b[1]
+#define b3 b[0]
+#else
+#define b0 b[0]
+#define b1 b[1]
+#define b2 b[2]
+#define b3 b[3]
+#endif
+
+
+typedef struct
+{
+ u32 keyschedule[32];
+} SEED_context;
+
+static const u32 SS0[256] = {
+ 0x2989a1a8, 0x05858184, 0x16c6d2d4, 0x13c3d3d0, 0x14445054, 0x1d0d111c,
+ 0x2c8ca0ac, 0x25052124, 0x1d4d515c, 0x03434340, 0x18081018, 0x1e0e121c,
+ 0x11415150, 0x3cccf0fc, 0x0acac2c8, 0x23436360, 0x28082028, 0x04444044,
+ 0x20002020, 0x1d8d919c, 0x20c0e0e0, 0x22c2e2e0, 0x08c8c0c8, 0x17071314,
+ 0x2585a1a4, 0x0f8f838c, 0x03030300, 0x3b4b7378, 0x3b8bb3b8, 0x13031310,
+ 0x12c2d2d0, 0x2ecee2ec, 0x30407070, 0x0c8c808c, 0x3f0f333c, 0x2888a0a8,
+ 0x32023230, 0x1dcdd1dc, 0x36c6f2f4, 0x34447074, 0x2ccce0ec, 0x15859194,
+ 0x0b0b0308, 0x17475354, 0x1c4c505c, 0x1b4b5358, 0x3d8db1bc, 0x01010100,
+ 0x24042024, 0x1c0c101c, 0x33437370, 0x18889098, 0x10001010, 0x0cccc0cc,
+ 0x32c2f2f0, 0x19c9d1d8, 0x2c0c202c, 0x27c7e3e4, 0x32427270, 0x03838380,
+ 0x1b8b9398, 0x11c1d1d0, 0x06868284, 0x09c9c1c8, 0x20406060, 0x10405050,
+ 0x2383a3a0, 0x2bcbe3e8, 0x0d0d010c, 0x3686b2b4, 0x1e8e929c, 0x0f4f434c,
+ 0x3787b3b4, 0x1a4a5258, 0x06c6c2c4, 0x38487078, 0x2686a2a4, 0x12021210,
+ 0x2f8fa3ac, 0x15c5d1d4, 0x21416160, 0x03c3c3c0, 0x3484b0b4, 0x01414140,
+ 0x12425250, 0x3d4d717c, 0x0d8d818c, 0x08080008, 0x1f0f131c, 0x19899198,
+ 0x00000000, 0x19091118, 0x04040004, 0x13435350, 0x37c7f3f4, 0x21c1e1e0,
+ 0x3dcdf1fc, 0x36467274, 0x2f0f232c, 0x27072324, 0x3080b0b0, 0x0b8b8388,
+ 0x0e0e020c, 0x2b8ba3a8, 0x2282a2a0, 0x2e4e626c, 0x13839390, 0x0d4d414c,
+ 0x29496168, 0x3c4c707c, 0x09090108, 0x0a0a0208, 0x3f8fb3bc, 0x2fcfe3ec,
+ 0x33c3f3f0, 0x05c5c1c4, 0x07878384, 0x14041014, 0x3ecef2fc, 0x24446064,
+ 0x1eced2dc, 0x2e0e222c, 0x0b4b4348, 0x1a0a1218, 0x06060204, 0x21012120,
+ 0x2b4b6368, 0x26466264, 0x02020200, 0x35c5f1f4, 0x12829290, 0x0a8a8288,
+ 0x0c0c000c, 0x3383b3b0, 0x3e4e727c, 0x10c0d0d0, 0x3a4a7278, 0x07474344,
+ 0x16869294, 0x25c5e1e4, 0x26062224, 0x00808080, 0x2d8da1ac, 0x1fcfd3dc,
+ 0x2181a1a0, 0x30003030, 0x37073334, 0x2e8ea2ac, 0x36063234, 0x15051114,
+ 0x22022220, 0x38083038, 0x34c4f0f4, 0x2787a3a4, 0x05454144, 0x0c4c404c,
+ 0x01818180, 0x29c9e1e8, 0x04848084, 0x17879394, 0x35053134, 0x0bcbc3c8,
+ 0x0ecec2cc, 0x3c0c303c, 0x31417170, 0x11011110, 0x07c7c3c4, 0x09898188,
+ 0x35457174, 0x3bcbf3f8, 0x1acad2d8, 0x38c8f0f8, 0x14849094, 0x19495158,
+ 0x02828280, 0x04c4c0c4, 0x3fcff3fc, 0x09494148, 0x39093138, 0x27476364,
+ 0x00c0c0c0, 0x0fcfc3cc, 0x17c7d3d4, 0x3888b0b8, 0x0f0f030c, 0x0e8e828c,
+ 0x02424240, 0x23032320, 0x11819190, 0x2c4c606c, 0x1bcbd3d8, 0x2484a0a4,
+ 0x34043034, 0x31c1f1f0, 0x08484048, 0x02c2c2c0, 0x2f4f636c, 0x3d0d313c,
+ 0x2d0d212c, 0x00404040, 0x3e8eb2bc, 0x3e0e323c, 0x3c8cb0bc, 0x01c1c1c0,
+ 0x2a8aa2a8, 0x3a8ab2b8, 0x0e4e424c, 0x15455154, 0x3b0b3338, 0x1cccd0dc,
+ 0x28486068, 0x3f4f737c, 0x1c8c909c, 0x18c8d0d8, 0x0a4a4248, 0x16465254,
+ 0x37477374, 0x2080a0a0, 0x2dcde1ec, 0x06464244, 0x3585b1b4, 0x2b0b2328,
+ 0x25456164, 0x3acaf2f8, 0x23c3e3e0, 0x3989b1b8, 0x3181b1b0, 0x1f8f939c,
+ 0x1e4e525c, 0x39c9f1f8, 0x26c6e2e4, 0x3282b2b0, 0x31013130, 0x2acae2e8,
+ 0x2d4d616c, 0x1f4f535c, 0x24c4e0e4, 0x30c0f0f0, 0x0dcdc1cc, 0x08888088,
+ 0x16061214, 0x3a0a3238, 0x18485058, 0x14c4d0d4, 0x22426260, 0x29092128,
+ 0x07070304, 0x33033330, 0x28c8e0e8, 0x1b0b1318, 0x05050104, 0x39497178,
+ 0x10809090, 0x2a4a6268, 0x2a0a2228, 0x1a8a9298,
+};
+
+static const u32 SS1[256] = {
+ 0x38380830, 0xe828c8e0, 0x2c2d0d21, 0xa42686a2, 0xcc0fcfc3, 0xdc1eced2,
+ 0xb03383b3, 0xb83888b0, 0xac2f8fa3, 0x60204060, 0x54154551, 0xc407c7c3,
+ 0x44044440, 0x6c2f4f63, 0x682b4b63, 0x581b4b53, 0xc003c3c3, 0x60224262,
+ 0x30330333, 0xb43585b1, 0x28290921, 0xa02080a0, 0xe022c2e2, 0xa42787a3,
+ 0xd013c3d3, 0x90118191, 0x10110111, 0x04060602, 0x1c1c0c10, 0xbc3c8cb0,
+ 0x34360632, 0x480b4b43, 0xec2fcfe3, 0x88088880, 0x6c2c4c60, 0xa82888a0,
+ 0x14170713, 0xc404c4c0, 0x14160612, 0xf434c4f0, 0xc002c2c2, 0x44054541,
+ 0xe021c1e1, 0xd416c6d2, 0x3c3f0f33, 0x3c3d0d31, 0x8c0e8e82, 0x98188890,
+ 0x28280820, 0x4c0e4e42, 0xf436c6f2, 0x3c3e0e32, 0xa42585a1, 0xf839c9f1,
+ 0x0c0d0d01, 0xdc1fcfd3, 0xd818c8d0, 0x282b0b23, 0x64264662, 0x783a4a72,
+ 0x24270723, 0x2c2f0f23, 0xf031c1f1, 0x70324272, 0x40024242, 0xd414c4d0,
+ 0x40014141, 0xc000c0c0, 0x70334373, 0x64274763, 0xac2c8ca0, 0x880b8b83,
+ 0xf437c7f3, 0xac2d8da1, 0x80008080, 0x1c1f0f13, 0xc80acac2, 0x2c2c0c20,
+ 0xa82a8aa2, 0x34340430, 0xd012c2d2, 0x080b0b03, 0xec2ecee2, 0xe829c9e1,
+ 0x5c1d4d51, 0x94148490, 0x18180810, 0xf838c8f0, 0x54174753, 0xac2e8ea2,
+ 0x08080800, 0xc405c5c1, 0x10130313, 0xcc0dcdc1, 0x84068682, 0xb83989b1,
+ 0xfc3fcff3, 0x7c3d4d71, 0xc001c1c1, 0x30310131, 0xf435c5f1, 0x880a8a82,
+ 0x682a4a62, 0xb03181b1, 0xd011c1d1, 0x20200020, 0xd417c7d3, 0x00020202,
+ 0x20220222, 0x04040400, 0x68284860, 0x70314171, 0x04070703, 0xd81bcbd3,
+ 0x9c1d8d91, 0x98198991, 0x60214161, 0xbc3e8eb2, 0xe426c6e2, 0x58194951,
+ 0xdc1dcdd1, 0x50114151, 0x90108090, 0xdc1cccd0, 0x981a8a92, 0xa02383a3,
+ 0xa82b8ba3, 0xd010c0d0, 0x80018181, 0x0c0f0f03, 0x44074743, 0x181a0a12,
+ 0xe023c3e3, 0xec2ccce0, 0x8c0d8d81, 0xbc3f8fb3, 0x94168692, 0x783b4b73,
+ 0x5c1c4c50, 0xa02282a2, 0xa02181a1, 0x60234363, 0x20230323, 0x4c0d4d41,
+ 0xc808c8c0, 0x9c1e8e92, 0x9c1c8c90, 0x383a0a32, 0x0c0c0c00, 0x2c2e0e22,
+ 0xb83a8ab2, 0x6c2e4e62, 0x9c1f8f93, 0x581a4a52, 0xf032c2f2, 0x90128292,
+ 0xf033c3f3, 0x48094941, 0x78384870, 0xcc0cccc0, 0x14150511, 0xf83bcbf3,
+ 0x70304070, 0x74354571, 0x7c3f4f73, 0x34350531, 0x10100010, 0x00030303,
+ 0x64244460, 0x6c2d4d61, 0xc406c6c2, 0x74344470, 0xd415c5d1, 0xb43484b0,
+ 0xe82acae2, 0x08090901, 0x74364672, 0x18190911, 0xfc3ecef2, 0x40004040,
+ 0x10120212, 0xe020c0e0, 0xbc3d8db1, 0x04050501, 0xf83acaf2, 0x00010101,
+ 0xf030c0f0, 0x282a0a22, 0x5c1e4e52, 0xa82989a1, 0x54164652, 0x40034343,
+ 0x84058581, 0x14140410, 0x88098981, 0x981b8b93, 0xb03080b0, 0xe425c5e1,
+ 0x48084840, 0x78394971, 0x94178793, 0xfc3cccf0, 0x1c1e0e12, 0x80028282,
+ 0x20210121, 0x8c0c8c80, 0x181b0b13, 0x5c1f4f53, 0x74374773, 0x54144450,
+ 0xb03282b2, 0x1c1d0d11, 0x24250521, 0x4c0f4f43, 0x00000000, 0x44064642,
+ 0xec2dcde1, 0x58184850, 0x50124252, 0xe82bcbe3, 0x7c3e4e72, 0xd81acad2,
+ 0xc809c9c1, 0xfc3dcdf1, 0x30300030, 0x94158591, 0x64254561, 0x3c3c0c30,
+ 0xb43686b2, 0xe424c4e0, 0xb83b8bb3, 0x7c3c4c70, 0x0c0e0e02, 0x50104050,
+ 0x38390931, 0x24260622, 0x30320232, 0x84048480, 0x68294961, 0x90138393,
+ 0x34370733, 0xe427c7e3, 0x24240420, 0xa42484a0, 0xc80bcbc3, 0x50134353,
+ 0x080a0a02, 0x84078783, 0xd819c9d1, 0x4c0c4c40, 0x80038383, 0x8c0f8f83,
+ 0xcc0ecec2, 0x383b0b33, 0x480a4a42, 0xb43787b3,
+};
+
+static const u32 SS2[256] = {
+ 0xa1a82989, 0x81840585, 0xd2d416c6, 0xd3d013c3, 0x50541444, 0x111c1d0d,
+ 0xa0ac2c8c, 0x21242505, 0x515c1d4d, 0x43400343, 0x10181808, 0x121c1e0e,
+ 0x51501141, 0xf0fc3ccc, 0xc2c80aca, 0x63602343, 0x20282808, 0x40440444,
+ 0x20202000, 0x919c1d8d, 0xe0e020c0, 0xe2e022c2, 0xc0c808c8, 0x13141707,
+ 0xa1a42585, 0x838c0f8f, 0x03000303, 0x73783b4b, 0xb3b83b8b, 0x13101303,
+ 0xd2d012c2, 0xe2ec2ece, 0x70703040, 0x808c0c8c, 0x333c3f0f, 0xa0a82888,
+ 0x32303202, 0xd1dc1dcd, 0xf2f436c6, 0x70743444, 0xe0ec2ccc, 0x91941585,
+ 0x03080b0b, 0x53541747, 0x505c1c4c, 0x53581b4b, 0xb1bc3d8d, 0x01000101,
+ 0x20242404, 0x101c1c0c, 0x73703343, 0x90981888, 0x10101000, 0xc0cc0ccc,
+ 0xf2f032c2, 0xd1d819c9, 0x202c2c0c, 0xe3e427c7, 0x72703242, 0x83800383,
+ 0x93981b8b, 0xd1d011c1, 0x82840686, 0xc1c809c9, 0x60602040, 0x50501040,
+ 0xa3a02383, 0xe3e82bcb, 0x010c0d0d, 0xb2b43686, 0x929c1e8e, 0x434c0f4f,
+ 0xb3b43787, 0x52581a4a, 0xc2c406c6, 0x70783848, 0xa2a42686, 0x12101202,
+ 0xa3ac2f8f, 0xd1d415c5, 0x61602141, 0xc3c003c3, 0xb0b43484, 0x41400141,
+ 0x52501242, 0x717c3d4d, 0x818c0d8d, 0x00080808, 0x131c1f0f, 0x91981989,
+ 0x00000000, 0x11181909, 0x00040404, 0x53501343, 0xf3f437c7, 0xe1e021c1,
+ 0xf1fc3dcd, 0x72743646, 0x232c2f0f, 0x23242707, 0xb0b03080, 0x83880b8b,
+ 0x020c0e0e, 0xa3a82b8b, 0xa2a02282, 0x626c2e4e, 0x93901383, 0x414c0d4d,
+ 0x61682949, 0x707c3c4c, 0x01080909, 0x02080a0a, 0xb3bc3f8f, 0xe3ec2fcf,
+ 0xf3f033c3, 0xc1c405c5, 0x83840787, 0x10141404, 0xf2fc3ece, 0x60642444,
+ 0xd2dc1ece, 0x222c2e0e, 0x43480b4b, 0x12181a0a, 0x02040606, 0x21202101,
+ 0x63682b4b, 0x62642646, 0x02000202, 0xf1f435c5, 0x92901282, 0x82880a8a,
+ 0x000c0c0c, 0xb3b03383, 0x727c3e4e, 0xd0d010c0, 0x72783a4a, 0x43440747,
+ 0x92941686, 0xe1e425c5, 0x22242606, 0x80800080, 0xa1ac2d8d, 0xd3dc1fcf,
+ 0xa1a02181, 0x30303000, 0x33343707, 0xa2ac2e8e, 0x32343606, 0x11141505,
+ 0x22202202, 0x30383808, 0xf0f434c4, 0xa3a42787, 0x41440545, 0x404c0c4c,
+ 0x81800181, 0xe1e829c9, 0x80840484, 0x93941787, 0x31343505, 0xc3c80bcb,
+ 0xc2cc0ece, 0x303c3c0c, 0x71703141, 0x11101101, 0xc3c407c7, 0x81880989,
+ 0x71743545, 0xf3f83bcb, 0xd2d81aca, 0xf0f838c8, 0x90941484, 0x51581949,
+ 0x82800282, 0xc0c404c4, 0xf3fc3fcf, 0x41480949, 0x31383909, 0x63642747,
+ 0xc0c000c0, 0xc3cc0fcf, 0xd3d417c7, 0xb0b83888, 0x030c0f0f, 0x828c0e8e,
+ 0x42400242, 0x23202303, 0x91901181, 0x606c2c4c, 0xd3d81bcb, 0xa0a42484,
+ 0x30343404, 0xf1f031c1, 0x40480848, 0xc2c002c2, 0x636c2f4f, 0x313c3d0d,
+ 0x212c2d0d, 0x40400040, 0xb2bc3e8e, 0x323c3e0e, 0xb0bc3c8c, 0xc1c001c1,
+ 0xa2a82a8a, 0xb2b83a8a, 0x424c0e4e, 0x51541545, 0x33383b0b, 0xd0dc1ccc,
+ 0x60682848, 0x737c3f4f, 0x909c1c8c, 0xd0d818c8, 0x42480a4a, 0x52541646,
+ 0x73743747, 0xa0a02080, 0xe1ec2dcd, 0x42440646, 0xb1b43585, 0x23282b0b,
+ 0x61642545, 0xf2f83aca, 0xe3e023c3, 0xb1b83989, 0xb1b03181, 0x939c1f8f,
+ 0x525c1e4e, 0xf1f839c9, 0xe2e426c6, 0xb2b03282, 0x31303101, 0xe2e82aca,
+ 0x616c2d4d, 0x535c1f4f, 0xe0e424c4, 0xf0f030c0, 0xc1cc0dcd, 0x80880888,
+ 0x12141606, 0x32383a0a, 0x50581848, 0xd0d414c4, 0x62602242, 0x21282909,
+ 0x03040707, 0x33303303, 0xe0e828c8, 0x13181b0b, 0x01040505, 0x71783949,
+ 0x90901080, 0x62682a4a, 0x22282a0a, 0x92981a8a,
+};
+
+static const u32 SS3[256] = {
+ 0x08303838, 0xc8e0e828, 0x0d212c2d, 0x86a2a426, 0xcfc3cc0f, 0xced2dc1e,
+ 0x83b3b033, 0x88b0b838, 0x8fa3ac2f, 0x40606020, 0x45515415, 0xc7c3c407,
+ 0x44404404, 0x4f636c2f, 0x4b63682b, 0x4b53581b, 0xc3c3c003, 0x42626022,
+ 0x03333033, 0x85b1b435, 0x09212829, 0x80a0a020, 0xc2e2e022, 0x87a3a427,
+ 0xc3d3d013, 0x81919011, 0x01111011, 0x06020406, 0x0c101c1c, 0x8cb0bc3c,
+ 0x06323436, 0x4b43480b, 0xcfe3ec2f, 0x88808808, 0x4c606c2c, 0x88a0a828,
+ 0x07131417, 0xc4c0c404, 0x06121416, 0xc4f0f434, 0xc2c2c002, 0x45414405,
+ 0xc1e1e021, 0xc6d2d416, 0x0f333c3f, 0x0d313c3d, 0x8e828c0e, 0x88909818,
+ 0x08202828, 0x4e424c0e, 0xc6f2f436, 0x0e323c3e, 0x85a1a425, 0xc9f1f839,
+ 0x0d010c0d, 0xcfd3dc1f, 0xc8d0d818, 0x0b23282b, 0x46626426, 0x4a72783a,
+ 0x07232427, 0x0f232c2f, 0xc1f1f031, 0x42727032, 0x42424002, 0xc4d0d414,
+ 0x41414001, 0xc0c0c000, 0x43737033, 0x47636427, 0x8ca0ac2c, 0x8b83880b,
+ 0xc7f3f437, 0x8da1ac2d, 0x80808000, 0x0f131c1f, 0xcac2c80a, 0x0c202c2c,
+ 0x8aa2a82a, 0x04303434, 0xc2d2d012, 0x0b03080b, 0xcee2ec2e, 0xc9e1e829,
+ 0x4d515c1d, 0x84909414, 0x08101818, 0xc8f0f838, 0x47535417, 0x8ea2ac2e,
+ 0x08000808, 0xc5c1c405, 0x03131013, 0xcdc1cc0d, 0x86828406, 0x89b1b839,
+ 0xcff3fc3f, 0x4d717c3d, 0xc1c1c001, 0x01313031, 0xc5f1f435, 0x8a82880a,
+ 0x4a62682a, 0x81b1b031, 0xc1d1d011, 0x00202020, 0xc7d3d417, 0x02020002,
+ 0x02222022, 0x04000404, 0x48606828, 0x41717031, 0x07030407, 0xcbd3d81b,
+ 0x8d919c1d, 0x89919819, 0x41616021, 0x8eb2bc3e, 0xc6e2e426, 0x49515819,
+ 0xcdd1dc1d, 0x41515011, 0x80909010, 0xccd0dc1c, 0x8a92981a, 0x83a3a023,
+ 0x8ba3a82b, 0xc0d0d010, 0x81818001, 0x0f030c0f, 0x47434407, 0x0a12181a,
+ 0xc3e3e023, 0xcce0ec2c, 0x8d818c0d, 0x8fb3bc3f, 0x86929416, 0x4b73783b,
+ 0x4c505c1c, 0x82a2a022, 0x81a1a021, 0x43636023, 0x03232023, 0x4d414c0d,
+ 0xc8c0c808, 0x8e929c1e, 0x8c909c1c, 0x0a32383a, 0x0c000c0c, 0x0e222c2e,
+ 0x8ab2b83a, 0x4e626c2e, 0x8f939c1f, 0x4a52581a, 0xc2f2f032, 0x82929012,
+ 0xc3f3f033, 0x49414809, 0x48707838, 0xccc0cc0c, 0x05111415, 0xcbf3f83b,
+ 0x40707030, 0x45717435, 0x4f737c3f, 0x05313435, 0x00101010, 0x03030003,
+ 0x44606424, 0x4d616c2d, 0xc6c2c406, 0x44707434, 0xc5d1d415, 0x84b0b434,
+ 0xcae2e82a, 0x09010809, 0x46727436, 0x09111819, 0xcef2fc3e, 0x40404000,
+ 0x02121012, 0xc0e0e020, 0x8db1bc3d, 0x05010405, 0xcaf2f83a, 0x01010001,
+ 0xc0f0f030, 0x0a22282a, 0x4e525c1e, 0x89a1a829, 0x46525416, 0x43434003,
+ 0x85818405, 0x04101414, 0x89818809, 0x8b93981b, 0x80b0b030, 0xc5e1e425,
+ 0x48404808, 0x49717839, 0x87939417, 0xccf0fc3c, 0x0e121c1e, 0x82828002,
+ 0x01212021, 0x8c808c0c, 0x0b13181b, 0x4f535c1f, 0x47737437, 0x44505414,
+ 0x82b2b032, 0x0d111c1d, 0x05212425, 0x4f434c0f, 0x00000000, 0x46424406,
+ 0xcde1ec2d, 0x48505818, 0x42525012, 0xcbe3e82b, 0x4e727c3e, 0xcad2d81a,
+ 0xc9c1c809, 0xcdf1fc3d, 0x00303030, 0x85919415, 0x45616425, 0x0c303c3c,
+ 0x86b2b436, 0xc4e0e424, 0x8bb3b83b, 0x4c707c3c, 0x0e020c0e, 0x40505010,
+ 0x09313839, 0x06222426, 0x02323032, 0x84808404, 0x49616829, 0x83939013,
+ 0x07333437, 0xc7e3e427, 0x04202424, 0x84a0a424, 0xcbc3c80b, 0x43535013,
+ 0x0a02080a, 0x87838407, 0xc9d1d819, 0x4c404c0c, 0x83838003, 0x8f838c0f,
+ 0xcec2cc0e, 0x0b33383b, 0x4a42480a, 0x87b3b437,
+};
+
+static const u32 KC[NUMKC] = {
+ 0x9e3779b9, 0x3c6ef373, 0x78dde6e6, 0xf1bbcdcc,
+ 0xe3779b99, 0xc6ef3733, 0x8dde6e67, 0x1bbcdccf,
+ 0x3779b99e, 0x6ef3733c, 0xdde6e678, 0xbbcdccf1,
+ 0x779b99e3, 0xef3733c6, 0xde6e678d, 0xbcdccf1b,
+};
+
+
+
+/* Perform the key setup.
+ */
+static gcry_err_code_t
+do_setkey (SEED_context *ctx, const byte *key, const unsigned keylen)
+{
+ static int initialized = 0;
+ static const char *selftest_failed=0;
+ u32 x1, x2, x3, x4;
+ union wordbuf t0, t1;
+ u32 *keyout = ctx->keyschedule;
+ int i;
+
+ if (!initialized)
+ {
+ initialized = 1;
+ selftest_failed = selftest ();
+ if( selftest_failed )
+ log_error ("%s\n", selftest_failed );
+ }
+ if (selftest_failed)
+ return GPG_ERR_SELFTEST_FAILED;
+
+ if (keylen != 16)
+ return GPG_ERR_INV_KEYLEN;
+
+ x1 = GETU32 (key);
+ x2 = GETU32 (key+4);
+ x3 = GETU32 (key+8);
+ x4 = GETU32 (key+12);
+
+ for (i = 0; i < NUMKC; i++)
+ {
+ t0.w = x1 + x3 - KC[i];
+ t1.w = x2 + KC[i] - x4;
+ *(keyout++) = SS0[t0.b0] ^ SS1[t0.b1] ^ SS2[t0.b2] ^ SS3[t0.b3];
+ *(keyout++) = SS0[t1.b0] ^ SS1[t1.b1] ^ SS2[t1.b2] ^ SS3[t1.b3];
+
+ if (i % 2 == 0)
+ {
+ t0.w = x1;
+ x1 = (x1>>8) ^ (x2<<24);
+ x2 = (x2>>8) ^ (t0.w<<24);
+ }
+ else
+ {
+ t0.w = x3;
+ x3 = (x3<<8) ^ (x4>>24);
+ x4 = (x4<<8) ^ (t0.w>>24);
+ }
+ }
+
+ return 0;
+}
+
+static gcry_err_code_t
+seed_setkey (void *context, const byte *key, const unsigned keylen)
+{
+ SEED_context *ctx = context;
+
+ int rc = do_setkey (ctx, key, keylen);
+ _gcry_burn_stack (4*6 + sizeof(void*)*2 + sizeof(int)*2);
+ return rc;
+}
+
+
+
+#define OP(X1, X2, X3, X4, rbase) \
+ t0.w = X3 ^ ctx->keyschedule[rbase]; \
+ t1.w = X4 ^ ctx->keyschedule[rbase+1]; \
+ t1.w ^= t0.w; \
+ t1.w = SS0[t1.b0] ^ SS1[t1.b1] ^ SS2[t1.b2] ^ SS3[t1.b3]; \
+ t0.w += t1.w; \
+ t0.w = SS0[t0.b0] ^ SS1[t0.b1] ^ SS2[t0.b2] ^ SS3[t0.b3]; \
+ t1.w += t0.w; \
+ t1.w = SS0[t1.b0] ^ SS1[t1.b1] ^ SS2[t1.b2] ^ SS3[t1.b3]; \
+ t0.w += t1.w; \
+ X1 ^= t0.w; \
+ X2 ^= t1.w;
+
+/* Encrypt one block. inbuf and outbuf may be the same. */
+static void
+do_encrypt (const SEED_context *ctx, byte *outbuf, const byte *inbuf)
+{
+ u32 x1, x2, x3, x4;
+ union wordbuf t0, t1;
+
+ x1 = GETU32 (inbuf);
+ x2 = GETU32 (inbuf+4);
+ x3 = GETU32 (inbuf+8);
+ x4 = GETU32 (inbuf+12);
+
+ OP (x1, x2, x3, x4, 0);
+ OP (x3, x4, x1, x2, 2);
+ OP (x1, x2, x3, x4, 4);
+ OP (x3, x4, x1, x2, 6);
+ OP (x1, x2, x3, x4, 8);
+ OP (x3, x4, x1, x2, 10);
+ OP (x1, x2, x3, x4, 12);
+ OP (x3, x4, x1, x2, 14);
+ OP (x1, x2, x3, x4, 16);
+ OP (x3, x4, x1, x2, 18);
+ OP (x1, x2, x3, x4, 20);
+ OP (x3, x4, x1, x2, 22);
+ OP (x1, x2, x3, x4, 24);
+ OP (x3, x4, x1, x2, 26);
+ OP (x1, x2, x3, x4, 28);
+ OP (x3, x4, x1, x2, 30);
+
+ PUTU32 (outbuf, x3);
+ PUTU32 (outbuf+4, x4);
+ PUTU32 (outbuf+8, x1);
+ PUTU32 (outbuf+12, x2);
+}
+
+static void
+seed_encrypt (void *context, byte *outbuf, const byte *inbuf)
+{
+ SEED_context *ctx = context;
+
+ do_encrypt (ctx, outbuf, inbuf);
+ _gcry_burn_stack (4*6);
+}
+
+
+
+/* Decrypt one block. inbuf and outbuf may be the same. */
+static void
+do_decrypt (SEED_context *ctx, byte *outbuf, const byte *inbuf)
+{
+ u32 x1, x2, x3, x4;
+ union wordbuf t0, t1;
+
+ x1 = GETU32 (inbuf);
+ x2 = GETU32 (inbuf+4);
+ x3 = GETU32 (inbuf+8);
+ x4 = GETU32 (inbuf+12);
+
+ OP (x1, x2, x3, x4, 30);
+ OP (x3, x4, x1, x2, 28);
+ OP (x1, x2, x3, x4, 26);
+ OP (x3, x4, x1, x2, 24);
+ OP (x1, x2, x3, x4, 22);
+ OP (x3, x4, x1, x2, 20);
+ OP (x1, x2, x3, x4, 18);
+ OP (x3, x4, x1, x2, 16);
+ OP (x1, x2, x3, x4, 14);
+ OP (x3, x4, x1, x2, 12);
+ OP (x1, x2, x3, x4, 10);
+ OP (x3, x4, x1, x2, 8);
+ OP (x1, x2, x3, x4, 6);
+ OP (x3, x4, x1, x2, 4);
+ OP (x1, x2, x3, x4, 2);
+ OP (x3, x4, x1, x2, 0);
+
+ PUTU32 (outbuf, x3);
+ PUTU32 (outbuf+4, x4);
+ PUTU32 (outbuf+8, x1);
+ PUTU32 (outbuf+12, x2);
+}
+
+static void
+seed_decrypt (void *context, byte *outbuf, const byte *inbuf)
+{
+ SEED_context *ctx = context;
+
+ do_decrypt (ctx, outbuf, inbuf);
+ _gcry_burn_stack (4*6);
+}
+
+
+/* Test a single encryption and decryption with each key size. */
+
+
+
+static gcry_cipher_oid_spec_t seed_oids[] =
+ {
+ { "1.2.410.200004.1.3", GCRY_CIPHER_MODE_ECB },
+ { "1.2.410.200004.1.4", GCRY_CIPHER_MODE_CBC },
+ { "1.2.410.200004.1.5", GCRY_CIPHER_MODE_CFB },
+ { "1.2.410.200004.1.6", GCRY_CIPHER_MODE_OFB },
+ { NULL }
+ };
+
+gcry_cipher_spec_t _gcry_cipher_spec_seed =
+ {
+ "SEED", NULL, seed_oids, 16, 128, sizeof (SEED_context),
+ seed_setkey, seed_encrypt, seed_decrypt,
+ };
+
+
+GRUB_MOD_INIT(gcry_seed)
+{
+ grub_cipher_register (&_gcry_cipher_spec_seed);
+}
+
+GRUB_MOD_FINI(gcry_seed)
+{
+ grub_cipher_unregister (&_gcry_cipher_spec_seed);
+}
diff --git a/grub-core/lib/libgcrypt-grub/cipher/serpent.c b/grub-core/lib/libgcrypt-grub/cipher/serpent.c
new file mode 100644
index 0000000..b213ad2
--- /dev/null
+++ b/grub-core/lib/libgcrypt-grub/cipher/serpent.c
@@ -0,0 +1,994 @@
+/* This file was automatically imported with
+ import_gcry.py. Please don't modify it */
+#include <grub/dl.h>
+GRUB_MOD_LICENSE ("GPLv3+");
+/* serpent.c - Implementation of the Serpent encryption algorithm.
+ * Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ */
+
+
+
+#include "types.h"
+#include "g10lib.h"
+#include "cipher.h"
+#include "bithelp.h"
+
+/* Number of rounds per Serpent encrypt/decrypt operation. */
+#define ROUNDS 32
+
+/* Magic number, used during generating of the subkeys. */
+#define PHI 0x9E3779B9
+
+/* Serpent works on 128 bit blocks. */
+typedef u32 serpent_block_t[4];
+
+/* Serpent key, provided by the user. If the original key is shorter
+ than 256 bits, it is padded. */
+typedef u32 serpent_key_t[8];
+
+/* The key schedule consists of 33 128 bit subkeys. */
+typedef u32 serpent_subkeys_t[ROUNDS + 1][4];
+
+/* A Serpent context. */
+typedef struct serpent_context
+{
+ serpent_subkeys_t keys; /* Generated subkeys. */
+} serpent_context_t;
+
+
+/* A prototype. */
+static const char *serpent_test (void);
+
+
+#define byte_swap_32(x) \
+ (0 \
+ | (((x) & 0xff000000) >> 24) | (((x) & 0x00ff0000) >> 8) \
+ | (((x) & 0x0000ff00) << 8) | (((x) & 0x000000ff) << 24))
+
+/* These are the S-Boxes of Serpent. They are copied from Serpents
+ reference implementation (the optimized one, contained in
+ `floppy2') and are therefore:
+
+ Copyright (C) 1998 Ross Anderson, Eli Biham, Lars Knudsen.
+
+ To quote the Serpent homepage
+ (http://www.cl.cam.ac.uk/~rja14/serpent.html):
+
+ "Serpent is now completely in the public domain, and we impose no
+ restrictions on its use. This was announced on the 21st August at
+ the First AES Candidate Conference. The optimised implementations
+ in the submission package are now under the GNU PUBLIC LICENSE
+ (GPL), although some comments in the code still say otherwise. You
+ are welcome to use Serpent for any application." */
+
+#define SBOX0(a, b, c, d, w, x, y, z) \
+ { \
+ u32 t02, t03, t05, t06, t07, t08, t09; \
+ u32 t11, t12, t13, t14, t15, t17, t01; \
+ t01 = b ^ c ; \
+ t02 = a | d ; \
+ t03 = a ^ b ; \
+ z = t02 ^ t01; \
+ t05 = c | z ; \
+ t06 = a ^ d ; \
+ t07 = b | c ; \
+ t08 = d & t05; \
+ t09 = t03 & t07; \
+ y = t09 ^ t08; \
+ t11 = t09 & y ; \
+ t12 = c ^ d ; \
+ t13 = t07 ^ t11; \
+ t14 = b & t06; \
+ t15 = t06 ^ t13; \
+ w = ~ t15; \
+ t17 = w ^ t14; \
+ x = t12 ^ t17; \
+ }
+
+#define SBOX0_INVERSE(a, b, c, d, w, x, y, z) \
+ { \
+ u32 t02, t03, t04, t05, t06, t08, t09, t10; \
+ u32 t12, t13, t14, t15, t17, t18, t01; \
+ t01 = c ^ d ; \
+ t02 = a | b ; \
+ t03 = b | c ; \
+ t04 = c & t01; \
+ t05 = t02 ^ t01; \
+ t06 = a | t04; \
+ y = ~ t05; \
+ t08 = b ^ d ; \
+ t09 = t03 & t08; \
+ t10 = d | y ; \
+ x = t09 ^ t06; \
+ t12 = a | t05; \
+ t13 = x ^ t12; \
+ t14 = t03 ^ t10; \
+ t15 = a ^ c ; \
+ z = t14 ^ t13; \
+ t17 = t05 & t13; \
+ t18 = t14 | t17; \
+ w = t15 ^ t18; \
+ }
+
+#define SBOX1(a, b, c, d, w, x, y, z) \
+ { \
+ u32 t02, t03, t04, t05, t06, t07, t08; \
+ u32 t10, t11, t12, t13, t16, t17, t01; \
+ t01 = a | d ; \
+ t02 = c ^ d ; \
+ t03 = ~ b ; \
+ t04 = a ^ c ; \
+ t05 = a | t03; \
+ t06 = d & t04; \
+ t07 = t01 & t02; \
+ t08 = b | t06; \
+ y = t02 ^ t05; \
+ t10 = t07 ^ t08; \
+ t11 = t01 ^ t10; \
+ t12 = y ^ t11; \
+ t13 = b & d ; \
+ z = ~ t10; \
+ x = t13 ^ t12; \
+ t16 = t10 | x ; \
+ t17 = t05 & t16; \
+ w = c ^ t17; \
+ }
+
+#define SBOX1_INVERSE(a, b, c, d, w, x, y, z) \
+ { \
+ u32 t02, t03, t04, t05, t06, t07, t08; \
+ u32 t09, t10, t11, t14, t15, t17, t01; \
+ t01 = a ^ b ; \
+ t02 = b | d ; \
+ t03 = a & c ; \
+ t04 = c ^ t02; \
+ t05 = a | t04; \
+ t06 = t01 & t05; \
+ t07 = d | t03; \
+ t08 = b ^ t06; \
+ t09 = t07 ^ t06; \
+ t10 = t04 | t03; \
+ t11 = d & t08; \
+ y = ~ t09; \
+ x = t10 ^ t11; \
+ t14 = a | y ; \
+ t15 = t06 ^ x ; \
+ z = t01 ^ t04; \
+ t17 = c ^ t15; \
+ w = t14 ^ t17; \
+ }
+
+#define SBOX2(a, b, c, d, w, x, y, z) \
+ { \
+ u32 t02, t03, t05, t06, t07, t08; \
+ u32 t09, t10, t12, t13, t14, t01; \
+ t01 = a | c ; \
+ t02 = a ^ b ; \
+ t03 = d ^ t01; \
+ w = t02 ^ t03; \
+ t05 = c ^ w ; \
+ t06 = b ^ t05; \
+ t07 = b | t05; \
+ t08 = t01 & t06; \
+ t09 = t03 ^ t07; \
+ t10 = t02 | t09; \
+ x = t10 ^ t08; \
+ t12 = a | d ; \
+ t13 = t09 ^ x ; \
+ t14 = b ^ t13; \
+ z = ~ t09; \
+ y = t12 ^ t14; \
+ }
+
+#define SBOX2_INVERSE(a, b, c, d, w, x, y, z) \
+ { \
+ u32 t02, t03, t04, t06, t07, t08, t09; \
+ u32 t10, t11, t12, t15, t16, t17, t01; \
+ t01 = a ^ d ; \
+ t02 = c ^ d ; \
+ t03 = a & c ; \
+ t04 = b | t02; \
+ w = t01 ^ t04; \
+ t06 = a | c ; \
+ t07 = d | w ; \
+ t08 = ~ d ; \
+ t09 = b & t06; \
+ t10 = t08 | t03; \
+ t11 = b & t07; \
+ t12 = t06 & t02; \
+ z = t09 ^ t10; \
+ x = t12 ^ t11; \
+ t15 = c & z ; \
+ t16 = w ^ x ; \
+ t17 = t10 ^ t15; \
+ y = t16 ^ t17; \
+ }
+
+#define SBOX3(a, b, c, d, w, x, y, z) \
+ { \
+ u32 t02, t03, t04, t05, t06, t07, t08; \
+ u32 t09, t10, t11, t13, t14, t15, t01; \
+ t01 = a ^ c ; \
+ t02 = a | d ; \
+ t03 = a & d ; \
+ t04 = t01 & t02; \
+ t05 = b | t03; \
+ t06 = a & b ; \
+ t07 = d ^ t04; \
+ t08 = c | t06; \
+ t09 = b ^ t07; \
+ t10 = d & t05; \
+ t11 = t02 ^ t10; \
+ z = t08 ^ t09; \
+ t13 = d | z ; \
+ t14 = a | t07; \
+ t15 = b & t13; \
+ y = t08 ^ t11; \
+ w = t14 ^ t15; \
+ x = t05 ^ t04; \
+ }
+
+#define SBOX3_INVERSE(a, b, c, d, w, x, y, z) \
+ { \
+ u32 t02, t03, t04, t05, t06, t07, t09; \
+ u32 t11, t12, t13, t14, t16, t01; \
+ t01 = c | d ; \
+ t02 = a | d ; \
+ t03 = c ^ t02; \
+ t04 = b ^ t02; \
+ t05 = a ^ d ; \
+ t06 = t04 & t03; \
+ t07 = b & t01; \
+ y = t05 ^ t06; \
+ t09 = a ^ t03; \
+ w = t07 ^ t03; \
+ t11 = w | t05; \
+ t12 = t09 & t11; \
+ t13 = a & y ; \
+ t14 = t01 ^ t05; \
+ x = b ^ t12; \
+ t16 = b | t13; \
+ z = t14 ^ t16; \
+ }
+
+#define SBOX4(a, b, c, d, w, x, y, z) \
+ { \
+ u32 t02, t03, t04, t05, t06, t08, t09; \
+ u32 t10, t11, t12, t13, t14, t15, t16, t01; \
+ t01 = a | b ; \
+ t02 = b | c ; \
+ t03 = a ^ t02; \
+ t04 = b ^ d ; \
+ t05 = d | t03; \
+ t06 = d & t01; \
+ z = t03 ^ t06; \
+ t08 = z & t04; \
+ t09 = t04 & t05; \
+ t10 = c ^ t06; \
+ t11 = b & c ; \
+ t12 = t04 ^ t08; \
+ t13 = t11 | t03; \
+ t14 = t10 ^ t09; \
+ t15 = a & t05; \
+ t16 = t11 | t12; \
+ y = t13 ^ t08; \
+ x = t15 ^ t16; \
+ w = ~ t14; \
+ }
+
+#define SBOX4_INVERSE(a, b, c, d, w, x, y, z) \
+ { \
+ u32 t02, t03, t04, t05, t06, t07, t09; \
+ u32 t10, t11, t12, t13, t15, t01; \
+ t01 = b | d ; \
+ t02 = c | d ; \
+ t03 = a & t01; \
+ t04 = b ^ t02; \
+ t05 = c ^ d ; \
+ t06 = ~ t03; \
+ t07 = a & t04; \
+ x = t05 ^ t07; \
+ t09 = x | t06; \
+ t10 = a ^ t07; \
+ t11 = t01 ^ t09; \
+ t12 = d ^ t04; \
+ t13 = c | t10; \
+ z = t03 ^ t12; \
+ t15 = a ^ t04; \
+ y = t11 ^ t13; \
+ w = t15 ^ t09; \
+ }
+
+#define SBOX5(a, b, c, d, w, x, y, z) \
+ { \
+ u32 t02, t03, t04, t05, t07, t08, t09; \
+ u32 t10, t11, t12, t13, t14, t01; \
+ t01 = b ^ d ; \
+ t02 = b | d ; \
+ t03 = a & t01; \
+ t04 = c ^ t02; \
+ t05 = t03 ^ t04; \
+ w = ~ t05; \
+ t07 = a ^ t01; \
+ t08 = d | w ; \
+ t09 = b | t05; \
+ t10 = d ^ t08; \
+ t11 = b | t07; \
+ t12 = t03 | w ; \
+ t13 = t07 | t10; \
+ t14 = t01 ^ t11; \
+ y = t09 ^ t13; \
+ x = t07 ^ t08; \
+ z = t12 ^ t14; \
+ }
+
+#define SBOX5_INVERSE(a, b, c, d, w, x, y, z) \
+ { \
+ u32 t02, t03, t04, t05, t07, t08, t09; \
+ u32 t10, t12, t13, t15, t16, t01; \
+ t01 = a & d ; \
+ t02 = c ^ t01; \
+ t03 = a ^ d ; \
+ t04 = b & t02; \
+ t05 = a & c ; \
+ w = t03 ^ t04; \
+ t07 = a & w ; \
+ t08 = t01 ^ w ; \
+ t09 = b | t05; \
+ t10 = ~ b ; \
+ x = t08 ^ t09; \
+ t12 = t10 | t07; \
+ t13 = w | x ; \
+ z = t02 ^ t12; \
+ t15 = t02 ^ t13; \
+ t16 = b ^ d ; \
+ y = t16 ^ t15; \
+ }
+
+#define SBOX6(a, b, c, d, w, x, y, z) \
+ { \
+ u32 t02, t03, t04, t05, t07, t08, t09, t10; \
+ u32 t11, t12, t13, t15, t17, t18, t01; \
+ t01 = a & d ; \
+ t02 = b ^ c ; \
+ t03 = a ^ d ; \
+ t04 = t01 ^ t02; \
+ t05 = b | c ; \
+ x = ~ t04; \
+ t07 = t03 & t05; \
+ t08 = b & x ; \
+ t09 = a | c ; \
+ t10 = t07 ^ t08; \
+ t11 = b | d ; \
+ t12 = c ^ t11; \
+ t13 = t09 ^ t10; \
+ y = ~ t13; \
+ t15 = x & t03; \
+ z = t12 ^ t07; \
+ t17 = a ^ b ; \
+ t18 = y ^ t15; \
+ w = t17 ^ t18; \
+ }
+
+#define SBOX6_INVERSE(a, b, c, d, w, x, y, z) \
+ { \
+ u32 t02, t03, t04, t05, t06, t07, t08, t09; \
+ u32 t12, t13, t14, t15, t16, t17, t01; \
+ t01 = a ^ c ; \
+ t02 = ~ c ; \
+ t03 = b & t01; \
+ t04 = b | t02; \
+ t05 = d | t03; \
+ t06 = b ^ d ; \
+ t07 = a & t04; \
+ t08 = a | t02; \
+ t09 = t07 ^ t05; \
+ x = t06 ^ t08; \
+ w = ~ t09; \
+ t12 = b & w ; \
+ t13 = t01 & t05; \
+ t14 = t01 ^ t12; \
+ t15 = t07 ^ t13; \
+ t16 = d | t02; \
+ t17 = a ^ x ; \
+ z = t17 ^ t15; \
+ y = t16 ^ t14; \
+ }
+
+#define SBOX7(a, b, c, d, w, x, y, z) \
+ { \
+ u32 t02, t03, t04, t05, t06, t08, t09, t10; \
+ u32 t11, t13, t14, t15, t16, t17, t01; \
+ t01 = a & c ; \
+ t02 = ~ d ; \
+ t03 = a & t02; \
+ t04 = b | t01; \
+ t05 = a & b ; \
+ t06 = c ^ t04; \
+ z = t03 ^ t06; \
+ t08 = c | z ; \
+ t09 = d | t05; \
+ t10 = a ^ t08; \
+ t11 = t04 & z ; \
+ x = t09 ^ t10; \
+ t13 = b ^ x ; \
+ t14 = t01 ^ x ; \
+ t15 = c ^ t05; \
+ t16 = t11 | t13; \
+ t17 = t02 | t14; \
+ w = t15 ^ t17; \
+ y = a ^ t16; \
+ }
+
+#define SBOX7_INVERSE(a, b, c, d, w, x, y, z) \
+ { \
+ u32 t02, t03, t04, t06, t07, t08, t09; \
+ u32 t10, t11, t13, t14, t15, t16, t01; \
+ t01 = a & b ; \
+ t02 = a | b ; \
+ t03 = c | t01; \
+ t04 = d & t02; \
+ z = t03 ^ t04; \
+ t06 = b ^ t04; \
+ t07 = d ^ z ; \
+ t08 = ~ t07; \
+ t09 = t06 | t08; \
+ t10 = b ^ d ; \
+ t11 = a | d ; \
+ x = a ^ t09; \
+ t13 = c ^ t06; \
+ t14 = c & t11; \
+ t15 = d | x ; \
+ t16 = t01 | t10; \
+ w = t13 ^ t15; \
+ y = t14 ^ t16; \
+ }
+
+/* XOR BLOCK1 into BLOCK0. */
+#define BLOCK_XOR(block0, block1) \
+ { \
+ block0[0] ^= block1[0]; \
+ block0[1] ^= block1[1]; \
+ block0[2] ^= block1[2]; \
+ block0[3] ^= block1[3]; \
+ }
+
+/* Copy BLOCK_SRC to BLOCK_DST. */
+#define BLOCK_COPY(block_dst, block_src) \
+ { \
+ block_dst[0] = block_src[0]; \
+ block_dst[1] = block_src[1]; \
+ block_dst[2] = block_src[2]; \
+ block_dst[3] = block_src[3]; \
+ }
+
+/* Apply SBOX number WHICH to to the block found in ARRAY0 at index
+ INDEX, writing the output to the block found in ARRAY1 at index
+ INDEX. */
+#define SBOX(which, array0, array1, index) \
+ SBOX##which (array0[index + 0], array0[index + 1], \
+ array0[index + 2], array0[index + 3], \
+ array1[index + 0], array1[index + 1], \
+ array1[index + 2], array1[index + 3]);
+
+/* Apply inverse SBOX number WHICH to to the block found in ARRAY0 at
+ index INDEX, writing the output to the block found in ARRAY1 at
+ index INDEX. */
+#define SBOX_INVERSE(which, array0, array1, index) \
+ SBOX##which##_INVERSE (array0[index + 0], array0[index + 1], \
+ array0[index + 2], array0[index + 3], \
+ array1[index + 0], array1[index + 1], \
+ array1[index + 2], array1[index + 3]);
+
+/* Apply the linear transformation to BLOCK. */
+#define LINEAR_TRANSFORMATION(block) \
+ { \
+ block[0] = rol (block[0], 13); \
+ block[2] = rol (block[2], 3); \
+ block[1] = block[1] ^ block[0] ^ block[2]; \
+ block[3] = block[3] ^ block[2] ^ (block[0] << 3); \
+ block[1] = rol (block[1], 1); \
+ block[3] = rol (block[3], 7); \
+ block[0] = block[0] ^ block[1] ^ block[3]; \
+ block[2] = block[2] ^ block[3] ^ (block[1] << 7); \
+ block[0] = rol (block[0], 5); \
+ block[2] = rol (block[2], 22); \
+ }
+
+/* Apply the inverse linear transformation to BLOCK. */
+#define LINEAR_TRANSFORMATION_INVERSE(block) \
+ { \
+ block[2] = ror (block[2], 22); \
+ block[0] = ror (block[0] , 5); \
+ block[2] = block[2] ^ block[3] ^ (block[1] << 7); \
+ block[0] = block[0] ^ block[1] ^ block[3]; \
+ block[3] = ror (block[3], 7); \
+ block[1] = ror (block[1], 1); \
+ block[3] = block[3] ^ block[2] ^ (block[0] << 3); \
+ block[1] = block[1] ^ block[0] ^ block[2]; \
+ block[2] = ror (block[2], 3); \
+ block[0] = ror (block[0], 13); \
+ }
+
+/* Apply a Serpent round to BLOCK, using the SBOX number WHICH and the
+ subkeys contained in SUBKEYS. Use BLOCK_TMP as temporary storage.
+ This macro increments `round'. */
+#define ROUND(which, subkeys, block, block_tmp) \
+ { \
+ BLOCK_XOR (block, subkeys[round]); \
+ round++; \
+ SBOX (which, block, block_tmp, 0); \
+ LINEAR_TRANSFORMATION (block_tmp); \
+ BLOCK_COPY (block, block_tmp); \
+ }
+
+/* Apply the last Serpent round to BLOCK, using the SBOX number WHICH
+ and the subkeys contained in SUBKEYS. Use BLOCK_TMP as temporary
+ storage. The result will be stored in BLOCK_TMP. This macro
+ increments `round'. */
+#define ROUND_LAST(which, subkeys, block, block_tmp) \
+ { \
+ BLOCK_XOR (block, subkeys[round]); \
+ round++; \
+ SBOX (which, block, block_tmp, 0); \
+ BLOCK_XOR (block_tmp, subkeys[round]); \
+ round++; \
+ }
+
+/* Apply an inverse Serpent round to BLOCK, using the SBOX number
+ WHICH and the subkeys contained in SUBKEYS. Use BLOCK_TMP as
+ temporary storage. This macro increments `round'. */
+#define ROUND_INVERSE(which, subkey, block, block_tmp) \
+ { \
+ LINEAR_TRANSFORMATION_INVERSE (block); \
+ SBOX_INVERSE (which, block, block_tmp, 0); \
+ BLOCK_XOR (block_tmp, subkey[round]); \
+ round--; \
+ BLOCK_COPY (block, block_tmp); \
+ }
+
+/* Apply the first Serpent round to BLOCK, using the SBOX number WHICH
+ and the subkeys contained in SUBKEYS. Use BLOCK_TMP as temporary
+ storage. The result will be stored in BLOCK_TMP. This macro
+ increments `round'. */
+#define ROUND_FIRST_INVERSE(which, subkeys, block, block_tmp) \
+ { \
+ BLOCK_XOR (block, subkeys[round]); \
+ round--; \
+ SBOX_INVERSE (which, block, block_tmp, 0); \
+ BLOCK_XOR (block_tmp, subkeys[round]); \
+ round--; \
+ }
+
+/* Convert the user provided key KEY of KEY_LENGTH bytes into the
+ internally used format. */
+static void
+serpent_key_prepare (const byte *key, unsigned int key_length,
+ serpent_key_t key_prepared)
+{
+ int i;
+
+ /* Copy key. */
+ for (i = 0; i < key_length / 4; i++)
+ {
+#ifdef WORDS_BIGENDIAN
+ key_prepared[i] = byte_swap_32 (((u32 *) key)[i]);
+#else
+ key_prepared[i] = ((u32 *) key)[i];
+#endif
+ }
+
+ if (i < 8)
+ {
+ /* Key must be padded according to the Serpent
+ specification. */
+ key_prepared[i] = 0x00000001;
+
+ for (i++; i < 8; i++)
+ key_prepared[i] = 0;
+ }
+}
+
+/* Derive the 33 subkeys from KEY and store them in SUBKEYS. */
+static void
+serpent_subkeys_generate (serpent_key_t key, serpent_subkeys_t subkeys)
+{
+ u32 w_real[140]; /* The `prekey'. */
+ u32 k[132];
+ u32 *w = &w_real[8];
+ int i, j;
+
+ /* Initialize with key values. */
+ for (i = 0; i < 8; i++)
+ w[i - 8] = key[i];
+
+ /* Expand to intermediate key using the affine recurrence. */
+ for (i = 0; i < 132; i++)
+ w[i] = rol (w[i - 8] ^ w[i - 5] ^ w[i - 3] ^ w[i - 1] ^ PHI ^ i, 11);
+
+ /* Calculate subkeys via S-Boxes, in bitslice mode. */
+ SBOX (3, w, k, 0);
+ SBOX (2, w, k, 4);
+ SBOX (1, w, k, 8);
+ SBOX (0, w, k, 12);
+ SBOX (7, w, k, 16);
+ SBOX (6, w, k, 20);
+ SBOX (5, w, k, 24);
+ SBOX (4, w, k, 28);
+ SBOX (3, w, k, 32);
+ SBOX (2, w, k, 36);
+ SBOX (1, w, k, 40);
+ SBOX (0, w, k, 44);
+ SBOX (7, w, k, 48);
+ SBOX (6, w, k, 52);
+ SBOX (5, w, k, 56);
+ SBOX (4, w, k, 60);
+ SBOX (3, w, k, 64);
+ SBOX (2, w, k, 68);
+ SBOX (1, w, k, 72);
+ SBOX (0, w, k, 76);
+ SBOX (7, w, k, 80);
+ SBOX (6, w, k, 84);
+ SBOX (5, w, k, 88);
+ SBOX (4, w, k, 92);
+ SBOX (3, w, k, 96);
+ SBOX (2, w, k, 100);
+ SBOX (1, w, k, 104);
+ SBOX (0, w, k, 108);
+ SBOX (7, w, k, 112);
+ SBOX (6, w, k, 116);
+ SBOX (5, w, k, 120);
+ SBOX (4, w, k, 124);
+ SBOX (3, w, k, 128);
+
+ /* Renumber subkeys. */
+ for (i = 0; i < ROUNDS + 1; i++)
+ for (j = 0; j < 4; j++)
+ subkeys[i][j] = k[4 * i + j];
+}
+
+/* Initialize CONTEXT with the key KEY of KEY_LENGTH bits. */
+static void
+serpent_setkey_internal (serpent_context_t *context,
+ const byte *key, unsigned int key_length)
+{
+ serpent_key_t key_prepared;
+
+ serpent_key_prepare (key, key_length, key_prepared);
+ serpent_subkeys_generate (key_prepared, context->keys);
+ _gcry_burn_stack (272 * sizeof (u32));
+}
+
+/* Initialize CTX with the key KEY of KEY_LENGTH bytes. */
+static gcry_err_code_t
+serpent_setkey (void *ctx,
+ const byte *key, unsigned int key_length)
+{
+ serpent_context_t *context = ctx;
+ static const char *serpent_test_ret;
+ static int serpent_init_done;
+ gcry_err_code_t ret = GPG_ERR_NO_ERROR;
+
+ if (! serpent_init_done)
+ {
+ /* Execute a self-test the first time, Serpent is used. */
+ serpent_test_ret = serpent_test ();
+ if (serpent_test_ret)
+ log_error ("Serpent test failure: %s\n", serpent_test_ret);
+ serpent_init_done = 1;
+ }
+
+ if (serpent_test_ret)
+ ret = GPG_ERR_SELFTEST_FAILED;
+ else
+ {
+ serpent_setkey_internal (context, key, key_length);
+ _gcry_burn_stack (sizeof (serpent_key_t));
+ }
+
+ return ret;
+}
+
+static void
+serpent_encrypt_internal (serpent_context_t *context,
+ const serpent_block_t input, serpent_block_t output)
+{
+ serpent_block_t b, b_next;
+ int round = 0;
+
+#ifdef WORDS_BIGENDIAN
+ b[0] = byte_swap_32 (input[0]);
+ b[1] = byte_swap_32 (input[1]);
+ b[2] = byte_swap_32 (input[2]);
+ b[3] = byte_swap_32 (input[3]);
+#else
+ b[0] = input[0];
+ b[1] = input[1];
+ b[2] = input[2];
+ b[3] = input[3];
+#endif
+
+ ROUND (0, context->keys, b, b_next);
+ ROUND (1, context->keys, b, b_next);
+ ROUND (2, context->keys, b, b_next);
+ ROUND (3, context->keys, b, b_next);
+ ROUND (4, context->keys, b, b_next);
+ ROUND (5, context->keys, b, b_next);
+ ROUND (6, context->keys, b, b_next);
+ ROUND (7, context->keys, b, b_next);
+ ROUND (0, context->keys, b, b_next);
+ ROUND (1, context->keys, b, b_next);
+ ROUND (2, context->keys, b, b_next);
+ ROUND (3, context->keys, b, b_next);
+ ROUND (4, context->keys, b, b_next);
+ ROUND (5, context->keys, b, b_next);
+ ROUND (6, context->keys, b, b_next);
+ ROUND (7, context->keys, b, b_next);
+ ROUND (0, context->keys, b, b_next);
+ ROUND (1, context->keys, b, b_next);
+ ROUND (2, context->keys, b, b_next);
+ ROUND (3, context->keys, b, b_next);
+ ROUND (4, context->keys, b, b_next);
+ ROUND (5, context->keys, b, b_next);
+ ROUND (6, context->keys, b, b_next);
+ ROUND (7, context->keys, b, b_next);
+ ROUND (0, context->keys, b, b_next);
+ ROUND (1, context->keys, b, b_next);
+ ROUND (2, context->keys, b, b_next);
+ ROUND (3, context->keys, b, b_next);
+ ROUND (4, context->keys, b, b_next);
+ ROUND (5, context->keys, b, b_next);
+ ROUND (6, context->keys, b, b_next);
+
+ ROUND_LAST (7, context->keys, b, b_next);
+
+#ifdef WORDS_BIGENDIAN
+ output[0] = byte_swap_32 (b_next[0]);
+ output[1] = byte_swap_32 (b_next[1]);
+ output[2] = byte_swap_32 (b_next[2]);
+ output[3] = byte_swap_32 (b_next[3]);
+#else
+ output[0] = b_next[0];
+ output[1] = b_next[1];
+ output[2] = b_next[2];
+ output[3] = b_next[3];
+#endif
+}
+
+static void
+serpent_decrypt_internal (serpent_context_t *context,
+ const serpent_block_t input, serpent_block_t output)
+{
+ serpent_block_t b, b_next;
+ int round = ROUNDS;
+
+#ifdef WORDS_BIGENDIAN
+ b_next[0] = byte_swap_32 (input[0]);
+ b_next[1] = byte_swap_32 (input[1]);
+ b_next[2] = byte_swap_32 (input[2]);
+ b_next[3] = byte_swap_32 (input[3]);
+#else
+ b_next[0] = input[0];
+ b_next[1] = input[1];
+ b_next[2] = input[2];
+ b_next[3] = input[3];
+#endif
+
+ ROUND_FIRST_INVERSE (7, context->keys, b_next, b);
+
+ ROUND_INVERSE (6, context->keys, b, b_next);
+ ROUND_INVERSE (5, context->keys, b, b_next);
+ ROUND_INVERSE (4, context->keys, b, b_next);
+ ROUND_INVERSE (3, context->keys, b, b_next);
+ ROUND_INVERSE (2, context->keys, b, b_next);
+ ROUND_INVERSE (1, context->keys, b, b_next);
+ ROUND_INVERSE (0, context->keys, b, b_next);
+ ROUND_INVERSE (7, context->keys, b, b_next);
+ ROUND_INVERSE (6, context->keys, b, b_next);
+ ROUND_INVERSE (5, context->keys, b, b_next);
+ ROUND_INVERSE (4, context->keys, b, b_next);
+ ROUND_INVERSE (3, context->keys, b, b_next);
+ ROUND_INVERSE (2, context->keys, b, b_next);
+ ROUND_INVERSE (1, context->keys, b, b_next);
+ ROUND_INVERSE (0, context->keys, b, b_next);
+ ROUND_INVERSE (7, context->keys, b, b_next);
+ ROUND_INVERSE (6, context->keys, b, b_next);
+ ROUND_INVERSE (5, context->keys, b, b_next);
+ ROUND_INVERSE (4, context->keys, b, b_next);
+ ROUND_INVERSE (3, context->keys, b, b_next);
+ ROUND_INVERSE (2, context->keys, b, b_next);
+ ROUND_INVERSE (1, context->keys, b, b_next);
+ ROUND_INVERSE (0, context->keys, b, b_next);
+ ROUND_INVERSE (7, context->keys, b, b_next);
+ ROUND_INVERSE (6, context->keys, b, b_next);
+ ROUND_INVERSE (5, context->keys, b, b_next);
+ ROUND_INVERSE (4, context->keys, b, b_next);
+ ROUND_INVERSE (3, context->keys, b, b_next);
+ ROUND_INVERSE (2, context->keys, b, b_next);
+ ROUND_INVERSE (1, context->keys, b, b_next);
+ ROUND_INVERSE (0, context->keys, b, b_next);
+
+
+#ifdef WORDS_BIGENDIAN
+ output[0] = byte_swap_32 (b_next[0]);
+ output[1] = byte_swap_32 (b_next[1]);
+ output[2] = byte_swap_32 (b_next[2]);
+ output[3] = byte_swap_32 (b_next[3]);
+#else
+ output[0] = b_next[0];
+ output[1] = b_next[1];
+ output[2] = b_next[2];
+ output[3] = b_next[3];
+#endif
+}
+
+static void
+serpent_encrypt (void *ctx, byte *buffer_out, const byte *buffer_in)
+{
+ serpent_context_t *context = ctx;
+
+ serpent_encrypt_internal (context,
+ (const u32 *) buffer_in, (u32 *) buffer_out);
+ _gcry_burn_stack (2 * sizeof (serpent_block_t));
+}
+
+static void
+serpent_decrypt (void *ctx, byte *buffer_out, const byte *buffer_in)
+{
+ serpent_context_t *context = ctx;
+
+ serpent_decrypt_internal (context,
+ (const u32 *) buffer_in,
+ (u32 *) buffer_out);
+ _gcry_burn_stack (2 * sizeof (serpent_block_t));
+}
+
+
+
+/* Serpent test. */
+
+static const char *
+serpent_test (void)
+{
+ serpent_context_t context;
+ unsigned char scratch[16];
+ unsigned int i;
+
+ static struct test
+ {
+ int key_length;
+ unsigned char key[32];
+ unsigned char text_plain[16];
+ unsigned char text_cipher[16];
+ } test_data[] =
+ {
+ {
+ 16,
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ "\xD2\x9D\x57\x6F\xCE\xA3\xA3\xA7\xED\x90\x99\xF2\x92\x73\xD7\x8E",
+ "\xB2\x28\x8B\x96\x8A\xE8\xB0\x86\x48\xD1\xCE\x96\x06\xFD\x99\x2D"
+ },
+ {
+ 24,
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ "\xD2\x9D\x57\x6F\xCE\xAB\xA3\xA7\xED\x98\x99\xF2\x92\x7B\xD7\x8E",
+ "\x13\x0E\x35\x3E\x10\x37\xC2\x24\x05\xE8\xFA\xEF\xB2\xC3\xC3\xE9"
+ },
+ {
+ 32,
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ "\xD0\x95\x57\x6F\xCE\xA3\xE3\xA7\xED\x98\xD9\xF2\x90\x73\xD7\x8E",
+ "\xB9\x0E\xE5\x86\x2D\xE6\x91\x68\xF2\xBD\xD5\x12\x5B\x45\x47\x2B"
+ },
+ {
+ 32,
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ "\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\x03\x00\x00\x00",
+ "\x20\x61\xA4\x27\x82\xBD\x52\xEC\x69\x1E\xC3\x83\xB0\x3B\xA7\x7C"
+ },
+ {
+ 0
+ },
+ };
+
+ for (i = 0; test_data[i].key_length; i++)
+ {
+ serpent_setkey_internal (&context, test_data[i].key,
+ test_data[i].key_length);
+ serpent_encrypt_internal (&context,
+ (const u32 *) test_data[i].text_plain,
+ (u32 *) scratch);
+
+ if (memcmp (scratch, test_data[i].text_cipher, sizeof (serpent_block_t)))
+ switch (test_data[i].key_length)
+ {
+ case 16:
+ return "Serpent-128 test encryption failed.";
+ case 24:
+ return "Serpent-192 test encryption failed.";
+ case 32:
+ return "Serpent-256 test encryption failed.";
+ }
+
+ serpent_decrypt_internal (&context,
+ (const u32 *) test_data[i].text_cipher,
+ (u32 *) scratch);
+ if (memcmp (scratch, test_data[i].text_plain, sizeof (serpent_block_t)))
+ switch (test_data[i].key_length)
+ {
+ case 16:
+ return "Serpent-128 test decryption failed.";
+ case 24:
+ return "Serpent-192 test decryption failed.";
+ case 32:
+ return "Serpent-256 test decryption failed.";
+ }
+ }
+
+ return NULL;
+}
+
+
+
+/* "SERPENT" is an alias for "SERPENT128". */
+static const char *cipher_spec_serpent128_aliases[] =
+ {
+ "SERPENT",
+ NULL
+ };
+
+gcry_cipher_spec_t _gcry_cipher_spec_serpent128 =
+ {
+ "SERPENT128", cipher_spec_serpent128_aliases, NULL, 16, 128,
+ sizeof (serpent_context_t),
+ serpent_setkey, serpent_encrypt, serpent_decrypt
+ };
+
+gcry_cipher_spec_t _gcry_cipher_spec_serpent192 =
+ {
+ "SERPENT192", NULL, NULL, 16, 192,
+ sizeof (serpent_context_t),
+ serpent_setkey, serpent_encrypt, serpent_decrypt
+ };
+
+gcry_cipher_spec_t _gcry_cipher_spec_serpent256 =
+ {
+ "SERPENT256", NULL, NULL, 16, 256,
+ sizeof (serpent_context_t),
+ serpent_setkey, serpent_encrypt, serpent_decrypt
+ };
+
+
+GRUB_MOD_INIT(gcry_serpent)
+{
+ grub_cipher_register (&_gcry_cipher_spec_serpent128);
+ grub_cipher_register (&_gcry_cipher_spec_serpent192);
+ grub_cipher_register (&_gcry_cipher_spec_serpent256);
+}
+
+GRUB_MOD_FINI(gcry_serpent)
+{
+ grub_cipher_unregister (&_gcry_cipher_spec_serpent128);
+ grub_cipher_unregister (&_gcry_cipher_spec_serpent192);
+ grub_cipher_unregister (&_gcry_cipher_spec_serpent256);
+}
diff --git a/grub-core/lib/libgcrypt-grub/cipher/sha1.c b/grub-core/lib/libgcrypt-grub/cipher/sha1.c
new file mode 100644
index 0000000..daf0af5
--- /dev/null
+++ b/grub-core/lib/libgcrypt-grub/cipher/sha1.c
@@ -0,0 +1,418 @@
+/* This file was automatically imported with
+ import_gcry.py. Please don't modify it */
+#include <grub/dl.h>
+GRUB_MOD_LICENSE ("GPLv3+");
+/* sha1.c - SHA1 hash function
+ * Copyright (C) 1998, 2001, 2002, 2003, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+/* Test vectors:
+ *
+ * "abc"
+ * A999 3E36 4706 816A BA3E 2571 7850 C26C 9CD0 D89D
+ *
+ * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+ * 8498 3E44 1C3B D26E BAAE 4AA1 F951 29E5 E546 70F1
+ */
+
+
+#ifdef HAVE_STDINT_H
+# include <stdint.h>
+#endif
+
+#include "g10lib.h"
+#include "memory.h"
+#include "bithelp.h"
+#include "cipher.h"
+#include "hash-common.h"
+
+
+/* A macro to test whether P is properly aligned for an u32 type.
+ Note that config.h provides a suitable replacement for uintptr_t if
+ it does not exist in stdint.h. */
+/* #if __GNUC__ >= 2 */
+/* # define U32_ALIGNED_P(p) (!(((uintptr_t)p) % __alignof__ (u32))) */
+/* #else */
+/* # define U32_ALIGNED_P(p) (!(((uintptr_t)p) % sizeof (u32))) */
+/* #endif */
+
+#define TRANSFORM(x,d,n) transform ((x), (d), (n))
+
+
+typedef struct
+{
+ u32 h0,h1,h2,h3,h4;
+ u32 nblocks;
+ unsigned char buf[64];
+ int count;
+} SHA1_CONTEXT;
+
+
+
+static void
+sha1_init (void *context)
+{
+ SHA1_CONTEXT *hd = context;
+
+ hd->h0 = 0x67452301;
+ hd->h1 = 0xefcdab89;
+ hd->h2 = 0x98badcfe;
+ hd->h3 = 0x10325476;
+ hd->h4 = 0xc3d2e1f0;
+ hd->nblocks = 0;
+ hd->count = 0;
+}
+
+
+/* Round function macros. */
+#define K1 0x5A827999L
+#define K2 0x6ED9EBA1L
+#define K3 0x8F1BBCDCL
+#define K4 0xCA62C1D6L
+#define F1(x,y,z) ( z ^ ( x & ( y ^ z ) ) )
+#define F2(x,y,z) ( x ^ y ^ z )
+#define F3(x,y,z) ( ( x & y ) | ( z & ( x | y ) ) )
+#define F4(x,y,z) ( x ^ y ^ z )
+#define M(i) ( tm = x[ i &0x0f] \
+ ^ x[(i-14)&0x0f] \
+ ^ x[(i-8) &0x0f] \
+ ^ x[(i-3) &0x0f], \
+ (x[i&0x0f] = rol(tm, 1)))
+#define R(a,b,c,d,e,f,k,m) do { e += rol( a, 5 ) \
+ + f( b, c, d ) \
+ + k \
+ + m; \
+ b = rol( b, 30 ); \
+ } while(0)
+
+
+/*
+ * Transform NBLOCKS of each 64 bytes (16 32-bit words) at DATA.
+ */
+static void
+transform (SHA1_CONTEXT *hd, const unsigned char *data, size_t nblocks)
+{
+ register u32 a, b, c, d, e; /* Local copies of the chaining variables. */
+ register u32 tm; /* Helper. */
+ u32 x[16]; /* The array we work on. */
+
+ /* Loop over all blocks. */
+ for ( ;nblocks; nblocks--)
+ {
+#ifdef WORDS_BIGENDIAN
+ memcpy (x, data, 64);
+ data += 64;
+#else
+ {
+ int i;
+ unsigned char *p;
+
+ for(i=0, p=(unsigned char*)x; i < 16; i++, p += 4 )
+ {
+ p[3] = *data++;
+ p[2] = *data++;
+ p[1] = *data++;
+ p[0] = *data++;
+ }
+ }
+#endif
+ /* Get the values of the chaining variables. */
+ a = hd->h0;
+ b = hd->h1;
+ c = hd->h2;
+ d = hd->h3;
+ e = hd->h4;
+
+ /* Transform. */
+ R( a, b, c, d, e, F1, K1, x[ 0] );
+ R( e, a, b, c, d, F1, K1, x[ 1] );
+ R( d, e, a, b, c, F1, K1, x[ 2] );
+ R( c, d, e, a, b, F1, K1, x[ 3] );
+ R( b, c, d, e, a, F1, K1, x[ 4] );
+ R( a, b, c, d, e, F1, K1, x[ 5] );
+ R( e, a, b, c, d, F1, K1, x[ 6] );
+ R( d, e, a, b, c, F1, K1, x[ 7] );
+ R( c, d, e, a, b, F1, K1, x[ 8] );
+ R( b, c, d, e, a, F1, K1, x[ 9] );
+ R( a, b, c, d, e, F1, K1, x[10] );
+ R( e, a, b, c, d, F1, K1, x[11] );
+ R( d, e, a, b, c, F1, K1, x[12] );
+ R( c, d, e, a, b, F1, K1, x[13] );
+ R( b, c, d, e, a, F1, K1, x[14] );
+ R( a, b, c, d, e, F1, K1, x[15] );
+ R( e, a, b, c, d, F1, K1, M(16) );
+ R( d, e, a, b, c, F1, K1, M(17) );
+ R( c, d, e, a, b, F1, K1, M(18) );
+ R( b, c, d, e, a, F1, K1, M(19) );
+ R( a, b, c, d, e, F2, K2, M(20) );
+ R( e, a, b, c, d, F2, K2, M(21) );
+ R( d, e, a, b, c, F2, K2, M(22) );
+ R( c, d, e, a, b, F2, K2, M(23) );
+ R( b, c, d, e, a, F2, K2, M(24) );
+ R( a, b, c, d, e, F2, K2, M(25) );
+ R( e, a, b, c, d, F2, K2, M(26) );
+ R( d, e, a, b, c, F2, K2, M(27) );
+ R( c, d, e, a, b, F2, K2, M(28) );
+ R( b, c, d, e, a, F2, K2, M(29) );
+ R( a, b, c, d, e, F2, K2, M(30) );
+ R( e, a, b, c, d, F2, K2, M(31) );
+ R( d, e, a, b, c, F2, K2, M(32) );
+ R( c, d, e, a, b, F2, K2, M(33) );
+ R( b, c, d, e, a, F2, K2, M(34) );
+ R( a, b, c, d, e, F2, K2, M(35) );
+ R( e, a, b, c, d, F2, K2, M(36) );
+ R( d, e, a, b, c, F2, K2, M(37) );
+ R( c, d, e, a, b, F2, K2, M(38) );
+ R( b, c, d, e, a, F2, K2, M(39) );
+ R( a, b, c, d, e, F3, K3, M(40) );
+ R( e, a, b, c, d, F3, K3, M(41) );
+ R( d, e, a, b, c, F3, K3, M(42) );
+ R( c, d, e, a, b, F3, K3, M(43) );
+ R( b, c, d, e, a, F3, K3, M(44) );
+ R( a, b, c, d, e, F3, K3, M(45) );
+ R( e, a, b, c, d, F3, K3, M(46) );
+ R( d, e, a, b, c, F3, K3, M(47) );
+ R( c, d, e, a, b, F3, K3, M(48) );
+ R( b, c, d, e, a, F3, K3, M(49) );
+ R( a, b, c, d, e, F3, K3, M(50) );
+ R( e, a, b, c, d, F3, K3, M(51) );
+ R( d, e, a, b, c, F3, K3, M(52) );
+ R( c, d, e, a, b, F3, K3, M(53) );
+ R( b, c, d, e, a, F3, K3, M(54) );
+ R( a, b, c, d, e, F3, K3, M(55) );
+ R( e, a, b, c, d, F3, K3, M(56) );
+ R( d, e, a, b, c, F3, K3, M(57) );
+ R( c, d, e, a, b, F3, K3, M(58) );
+ R( b, c, d, e, a, F3, K3, M(59) );
+ R( a, b, c, d, e, F4, K4, M(60) );
+ R( e, a, b, c, d, F4, K4, M(61) );
+ R( d, e, a, b, c, F4, K4, M(62) );
+ R( c, d, e, a, b, F4, K4, M(63) );
+ R( b, c, d, e, a, F4, K4, M(64) );
+ R( a, b, c, d, e, F4, K4, M(65) );
+ R( e, a, b, c, d, F4, K4, M(66) );
+ R( d, e, a, b, c, F4, K4, M(67) );
+ R( c, d, e, a, b, F4, K4, M(68) );
+ R( b, c, d, e, a, F4, K4, M(69) );
+ R( a, b, c, d, e, F4, K4, M(70) );
+ R( e, a, b, c, d, F4, K4, M(71) );
+ R( d, e, a, b, c, F4, K4, M(72) );
+ R( c, d, e, a, b, F4, K4, M(73) );
+ R( b, c, d, e, a, F4, K4, M(74) );
+ R( a, b, c, d, e, F4, K4, M(75) );
+ R( e, a, b, c, d, F4, K4, M(76) );
+ R( d, e, a, b, c, F4, K4, M(77) );
+ R( c, d, e, a, b, F4, K4, M(78) );
+ R( b, c, d, e, a, F4, K4, M(79) );
+
+ /* Update the chaining variables. */
+ hd->h0 += a;
+ hd->h1 += b;
+ hd->h2 += c;
+ hd->h3 += d;
+ hd->h4 += e;
+ }
+}
+
+
+/* Update the message digest with the contents
+ * of INBUF with length INLEN.
+ */
+static void
+sha1_write( void *context, const void *inbuf_arg, size_t inlen)
+{
+ const unsigned char *inbuf = inbuf_arg;
+ SHA1_CONTEXT *hd = context;
+ size_t nblocks;
+
+ if (hd->count == 64) /* Flush the buffer. */
+ {
+ TRANSFORM( hd, hd->buf, 1 );
+ _gcry_burn_stack (88+4*sizeof(void*));
+ hd->count = 0;
+ hd->nblocks++;
+ }
+ if (!inbuf)
+ return;
+
+ if (hd->count)
+ {
+ for (; inlen && hd->count < 64; inlen--)
+ hd->buf[hd->count++] = *inbuf++;
+ sha1_write (hd, NULL, 0);
+ if (!inlen)
+ return;
+ }
+
+ nblocks = inlen / 64;
+ if (nblocks)
+ {
+ TRANSFORM (hd, inbuf, nblocks);
+ hd->count = 0;
+ hd->nblocks += nblocks;
+ inlen -= nblocks * 64;
+ inbuf += nblocks * 64;
+ }
+ _gcry_burn_stack (88+4*sizeof(void*));
+
+ /* Save remaining bytes. */
+ for (; inlen && hd->count < 64; inlen--)
+ hd->buf[hd->count++] = *inbuf++;
+}
+
+
+/* The routine final terminates the computation and
+ * returns the digest.
+ * The handle is prepared for a new cycle, but adding bytes to the
+ * handle will the destroy the returned buffer.
+ * Returns: 20 bytes representing the digest.
+ */
+
+static void
+sha1_final(void *context)
+{
+ SHA1_CONTEXT *hd = context;
+
+ u32 t, msb, lsb;
+ unsigned char *p;
+
+ sha1_write(hd, NULL, 0); /* flush */;
+
+ t = hd->nblocks;
+ /* multiply by 64 to make a byte count */
+ lsb = t << 6;
+ msb = t >> 26;
+ /* add the count */
+ t = lsb;
+ if( (lsb += hd->count) < t )
+ msb++;
+ /* multiply by 8 to make a bit count */
+ t = lsb;
+ lsb <<= 3;
+ msb <<= 3;
+ msb |= t >> 29;
+
+ if( hd->count < 56 ) /* enough room */
+ {
+ hd->buf[hd->count++] = 0x80; /* pad */
+ while( hd->count < 56 )
+ hd->buf[hd->count++] = 0; /* pad */
+ }
+ else /* need one extra block */
+ {
+ hd->buf[hd->count++] = 0x80; /* pad character */
+ while( hd->count < 64 )
+ hd->buf[hd->count++] = 0;
+ sha1_write(hd, NULL, 0); /* flush */;
+ memset(hd->buf, 0, 56 ); /* fill next block with zeroes */
+ }
+ /* append the 64 bit count */
+ hd->buf[56] = msb >> 24;
+ hd->buf[57] = msb >> 16;
+ hd->buf[58] = msb >> 8;
+ hd->buf[59] = msb ;
+ hd->buf[60] = lsb >> 24;
+ hd->buf[61] = lsb >> 16;
+ hd->buf[62] = lsb >> 8;
+ hd->buf[63] = lsb ;
+ TRANSFORM( hd, hd->buf, 1 );
+ _gcry_burn_stack (88+4*sizeof(void*));
+
+ p = hd->buf;
+#ifdef WORDS_BIGENDIAN
+#define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0)
+#else /* little endian */
+#define X(a) do { *p++ = hd->h##a >> 24; *p++ = hd->h##a >> 16; \
+ *p++ = hd->h##a >> 8; *p++ = hd->h##a; } while(0)
+#endif
+ X(0);
+ X(1);
+ X(2);
+ X(3);
+ X(4);
+#undef X
+
+}
+
+static unsigned char *
+sha1_read( void *context )
+{
+ SHA1_CONTEXT *hd = context;
+
+ return hd->buf;
+}
+
+/****************
+ * Shortcut functions which puts the hash value of the supplied buffer
+ * into outbuf which must have a size of 20 bytes.
+ */
+
+
+
+/*
+ Self-test section.
+ */
+
+
+
+
+/* Run a full self-test for ALGO and return 0 on success. */
+
+
+
+
+static unsigned char asn[15] = /* Object ID is 1.3.14.3.2.26 */
+ { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03,
+ 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 };
+
+static gcry_md_oid_spec_t oid_spec_sha1[] =
+ {
+ /* iso.member-body.us.rsadsi.pkcs.pkcs-1.5 (sha1WithRSAEncryption) */
+ { "1.2.840.113549.1.1.5" },
+ /* iso.member-body.us.x9-57.x9cm.3 (dsaWithSha1)*/
+ { "1.2.840.10040.4.3" },
+ /* from NIST's OIW (sha1) */
+ { "1.3.14.3.2.26" },
+ /* from NIST OIW (sha-1WithRSAEncryption) */
+ { "1.3.14.3.2.29" },
+ /* iso.member-body.us.ansi-x9-62.signatures.ecdsa-with-sha1 */
+ { "1.2.840.10045.4.1" },
+ { NULL },
+ };
+
+gcry_md_spec_t _gcry_digest_spec_sha1 =
+ {
+ "SHA1", asn, DIM (asn), oid_spec_sha1, 20,
+ sha1_init, sha1_write, sha1_final, sha1_read,
+ sizeof (SHA1_CONTEXT)
+ ,
+ .blocksize = 64
+ };
+
+
+
+GRUB_MOD_INIT(gcry_sha1)
+{
+ grub_md_register (&_gcry_digest_spec_sha1);
+}
+
+GRUB_MOD_FINI(gcry_sha1)
+{
+ grub_md_unregister (&_gcry_digest_spec_sha1);
+}
diff --git a/grub-core/lib/libgcrypt-grub/cipher/sha256.c b/grub-core/lib/libgcrypt-grub/cipher/sha256.c
new file mode 100644
index 0000000..3e917a7
--- /dev/null
+++ b/grub-core/lib/libgcrypt-grub/cipher/sha256.c
@@ -0,0 +1,388 @@
+/* This file was automatically imported with
+ import_gcry.py. Please don't modify it */
+#include <grub/dl.h>
+GRUB_MOD_LICENSE ("GPLv3+");
+/* sha256.c - SHA256 hash function
+ * Copyright (C) 2003, 2006, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+/* Test vectors:
+
+ "abc"
+ SHA224: 23097d22 3405d822 8642a477 bda255b3 2aadbce4 bda0b3f7 e36c9da7
+ SHA256: ba7816bf 8f01cfea 414140de 5dae2223 b00361a3 96177a9c b410ff61 f20015ad
+
+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+ SHA224: 75388b16 512776cc 5dba5da1 fd890150 b0c6455c b4f58b19 52522525
+ SHA256: 248d6a61 d20638b8 e5c02693 0c3e6039 a33ce459 64ff2167 f6ecedd4 19db06c1
+
+ "a" one million times
+ SHA224: 20794655 980c91d8 bbb4c1ea 97618a4b f03f4258 1948b2ee 4ee7ad67
+ SHA256: cdc76e5c 9914fb92 81a1c7e2 84d73e67 f1809a48 a497200e 046d39cc c7112cd0
+
+ */
+
+
+
+#include "g10lib.h"
+#include "memory.h"
+#include "bithelp.h"
+#include "cipher.h"
+#include "hash-common.h"
+
+typedef struct {
+ u32 h0,h1,h2,h3,h4,h5,h6,h7;
+ u32 nblocks;
+ byte buf[64];
+ int count;
+} SHA256_CONTEXT;
+
+
+static void
+sha256_init (void *context)
+{
+ SHA256_CONTEXT *hd = context;
+
+ hd->h0 = 0x6a09e667;
+ hd->h1 = 0xbb67ae85;
+ hd->h2 = 0x3c6ef372;
+ hd->h3 = 0xa54ff53a;
+ hd->h4 = 0x510e527f;
+ hd->h5 = 0x9b05688c;
+ hd->h6 = 0x1f83d9ab;
+ hd->h7 = 0x5be0cd19;
+
+ hd->nblocks = 0;
+ hd->count = 0;
+}
+
+
+static void
+sha224_init (void *context)
+{
+ SHA256_CONTEXT *hd = context;
+
+ hd->h0 = 0xc1059ed8;
+ hd->h1 = 0x367cd507;
+ hd->h2 = 0x3070dd17;
+ hd->h3 = 0xf70e5939;
+ hd->h4 = 0xffc00b31;
+ hd->h5 = 0x68581511;
+ hd->h6 = 0x64f98fa7;
+ hd->h7 = 0xbefa4fa4;
+
+ hd->nblocks = 0;
+ hd->count = 0;
+}
+
+
+/*
+ Transform the message X which consists of 16 32-bit-words. See FIPS
+ 180-2 for details. */
+#define Cho(x,y,z) (z ^ (x & (y ^ z))) /* (4.2) same as SHA-1's F1 */
+#define Maj(x,y,z) ((x & y) | (z & (x|y))) /* (4.3) same as SHA-1's F3 */
+#define Sum0(x) (ror ((x), 2) ^ ror ((x), 13) ^ ror ((x), 22)) /* (4.4) */
+#define Sum1(x) (ror ((x), 6) ^ ror ((x), 11) ^ ror ((x), 25)) /* (4.5) */
+#define S0(x) (ror ((x), 7) ^ ror ((x), 18) ^ ((x) >> 3)) /* (4.6) */
+#define S1(x) (ror ((x), 17) ^ ror ((x), 19) ^ ((x) >> 10)) /* (4.7) */
+#define R(a,b,c,d,e,f,g,h,k,w) do \
+ { \
+ t1 = (h) + Sum1((e)) + Cho((e),(f),(g)) + (k) + (w); \
+ t2 = Sum0((a)) + Maj((a),(b),(c)); \
+ h = g; \
+ g = f; \
+ f = e; \
+ e = d + t1; \
+ d = c; \
+ c = b; \
+ b = a; \
+ a = t1 + t2; \
+ } while (0)
+
+static void
+transform (SHA256_CONTEXT *hd, const unsigned char *data)
+{
+ static const u32 K[64] = {
+ 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
+ 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
+ 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
+ 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
+ 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
+ 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
+ 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
+ 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
+ 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
+ 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
+ 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
+ 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
+ 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
+ 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
+ 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
+ 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
+ };
+
+ u32 a,b,c,d,e,f,g,h,t1,t2;
+ u32 x[16];
+ u32 w[64];
+ int i;
+
+ a = hd->h0;
+ b = hd->h1;
+ c = hd->h2;
+ d = hd->h3;
+ e = hd->h4;
+ f = hd->h5;
+ g = hd->h6;
+ h = hd->h7;
+
+#ifdef WORDS_BIGENDIAN
+ memcpy (x, data, 64);
+#else
+ {
+ byte *p2;
+
+ for (i=0, p2=(byte*)x; i < 16; i++, p2 += 4 )
+ {
+ p2[3] = *data++;
+ p2[2] = *data++;
+ p2[1] = *data++;
+ p2[0] = *data++;
+ }
+ }
+#endif
+
+ for (i=0; i < 16; i++)
+ w[i] = x[i];
+ for (; i < 64; i++)
+ w[i] = S1(w[i-2]) + w[i-7] + S0(w[i-15]) + w[i-16];
+
+ for (i=0; i < 64; i++)
+ R(a,b,c,d,e,f,g,h,K[i],w[i]);
+
+ hd->h0 += a;
+ hd->h1 += b;
+ hd->h2 += c;
+ hd->h3 += d;
+ hd->h4 += e;
+ hd->h5 += f;
+ hd->h6 += g;
+ hd->h7 += h;
+}
+#undef Cho
+#undef Maj
+#undef Sum0
+#undef Sum1
+#undef S0
+#undef S1
+#undef R
+
+
+/* Update the message digest with the contents of INBUF with length
+ INLEN. */
+static void
+sha256_write (void *context, const void *inbuf_arg, size_t inlen)
+{
+ const unsigned char *inbuf = inbuf_arg;
+ SHA256_CONTEXT *hd = context;
+
+ if (hd->count == 64)
+ { /* flush the buffer */
+ transform (hd, hd->buf);
+ _gcry_burn_stack (74*4+32);
+ hd->count = 0;
+ hd->nblocks++;
+ }
+ if (!inbuf)
+ return;
+ if (hd->count)
+ {
+ for (; inlen && hd->count < 64; inlen--)
+ hd->buf[hd->count++] = *inbuf++;
+ sha256_write (hd, NULL, 0);
+ if (!inlen)
+ return;
+ }
+
+ while (inlen >= 64)
+ {
+ transform (hd, inbuf);
+ hd->count = 0;
+ hd->nblocks++;
+ inlen -= 64;
+ inbuf += 64;
+ }
+ _gcry_burn_stack (74*4+32);
+ for (; inlen && hd->count < 64; inlen--)
+ hd->buf[hd->count++] = *inbuf++;
+}
+
+
+/*
+ The routine finally terminates the computation and returns the
+ digest. The handle is prepared for a new cycle, but adding bytes
+ to the handle will the destroy the returned buffer. Returns: 32
+ bytes with the message the digest. */
+static void
+sha256_final(void *context)
+{
+ SHA256_CONTEXT *hd = context;
+ u32 t, msb, lsb;
+ byte *p;
+
+ sha256_write (hd, NULL, 0); /* flush */;
+
+ t = hd->nblocks;
+ /* multiply by 64 to make a byte count */
+ lsb = t << 6;
+ msb = t >> 26;
+ /* add the count */
+ t = lsb;
+ if ((lsb += hd->count) < t)
+ msb++;
+ /* multiply by 8 to make a bit count */
+ t = lsb;
+ lsb <<= 3;
+ msb <<= 3;
+ msb |= t >> 29;
+
+ if (hd->count < 56)
+ { /* enough room */
+ hd->buf[hd->count++] = 0x80; /* pad */
+ while (hd->count < 56)
+ hd->buf[hd->count++] = 0; /* pad */
+ }
+ else
+ { /* need one extra block */
+ hd->buf[hd->count++] = 0x80; /* pad character */
+ while (hd->count < 64)
+ hd->buf[hd->count++] = 0;
+ sha256_write (hd, NULL, 0); /* flush */;
+ memset (hd->buf, 0, 56 ); /* fill next block with zeroes */
+ }
+ /* append the 64 bit count */
+ hd->buf[56] = msb >> 24;
+ hd->buf[57] = msb >> 16;
+ hd->buf[58] = msb >> 8;
+ hd->buf[59] = msb;
+ hd->buf[60] = lsb >> 24;
+ hd->buf[61] = lsb >> 16;
+ hd->buf[62] = lsb >> 8;
+ hd->buf[63] = lsb;
+ transform (hd, hd->buf);
+ _gcry_burn_stack (74*4+32);
+
+ p = hd->buf;
+#ifdef WORDS_BIGENDIAN
+#define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0)
+#else /* little endian */
+#define X(a) do { *p++ = hd->h##a >> 24; *p++ = hd->h##a >> 16; \
+ *p++ = hd->h##a >> 8; *p++ = hd->h##a; } while(0)
+#endif
+ X(0);
+ X(1);
+ X(2);
+ X(3);
+ X(4);
+ X(5);
+ X(6);
+ X(7);
+#undef X
+}
+
+static byte *
+sha256_read (void *context)
+{
+ SHA256_CONTEXT *hd = context;
+
+ return hd->buf;
+}
+
+
+
+/*
+ Self-test section.
+ */
+
+
+
+
+
+/* Run a full self-test for ALGO and return 0 on success. */
+
+
+
+
+static byte asn224[19] = /* Object ID is 2.16.840.1.101.3.4.2.4 */
+ { 0x30, 0x2D, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48,
+ 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, 0x00, 0x04,
+ 0x1C
+ };
+
+static gcry_md_oid_spec_t oid_spec_sha224[] =
+ {
+ /* From RFC3874, Section 4 */
+ { "2.16.840.1.101.3.4.2.4" },
+ { NULL },
+ };
+
+static byte asn256[19] = /* Object ID is 2.16.840.1.101.3.4.2.1 */
+ { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
+ 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
+ 0x00, 0x04, 0x20 };
+
+static gcry_md_oid_spec_t oid_spec_sha256[] =
+ {
+ /* According to the OpenPGP draft rfc2440-bis06 */
+ { "2.16.840.1.101.3.4.2.1" },
+ /* PKCS#1 sha256WithRSAEncryption */
+ { "1.2.840.113549.1.1.11" },
+
+ { NULL },
+ };
+
+gcry_md_spec_t _gcry_digest_spec_sha224 =
+ {
+ "SHA224", asn224, DIM (asn224), oid_spec_sha224, 28,
+ sha224_init, sha256_write, sha256_final, sha256_read,
+ sizeof (SHA256_CONTEXT)
+ ,
+ .blocksize = 64
+ };
+
+gcry_md_spec_t _gcry_digest_spec_sha256 =
+ {
+ "SHA256", asn256, DIM (asn256), oid_spec_sha256, 32,
+ sha256_init, sha256_write, sha256_final, sha256_read,
+ sizeof (SHA256_CONTEXT)
+ ,
+ .blocksize = 64
+ };
+
+
+GRUB_MOD_INIT(gcry_sha256)
+{
+ grub_md_register (&_gcry_digest_spec_sha224);
+ grub_md_register (&_gcry_digest_spec_sha256);
+}
+
+GRUB_MOD_FINI(gcry_sha256)
+{
+ grub_md_unregister (&_gcry_digest_spec_sha224);
+ grub_md_unregister (&_gcry_digest_spec_sha256);
+}
diff --git a/grub-core/lib/libgcrypt-grub/cipher/sha512.c b/grub-core/lib/libgcrypt-grub/cipher/sha512.c
new file mode 100644
index 0000000..856b3d0
--- /dev/null
+++ b/grub-core/lib/libgcrypt-grub/cipher/sha512.c
@@ -0,0 +1,441 @@
+/* This file was automatically imported with
+ import_gcry.py. Please don't modify it */
+#include <grub/dl.h>
+GRUB_MOD_LICENSE ("GPLv3+");
+/* sha512.c - SHA384 and SHA512 hash functions
+ * Copyright (C) 2003, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+/* Test vectors from FIPS-180-2:
+ *
+ * "abc"
+ * 384:
+ * CB00753F 45A35E8B B5A03D69 9AC65007 272C32AB 0EDED163
+ * 1A8B605A 43FF5BED 8086072B A1E7CC23 58BAECA1 34C825A7
+ * 512:
+ * DDAF35A1 93617ABA CC417349 AE204131 12E6FA4E 89A97EA2 0A9EEEE6 4B55D39A
+ * 2192992A 274FC1A8 36BA3C23 A3FEEBBD 454D4423 643CE80E 2A9AC94F A54CA49F
+ *
+ * "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
+ * 384:
+ * 09330C33 F71147E8 3D192FC7 82CD1B47 53111B17 3B3B05D2
+ * 2FA08086 E3B0F712 FCC7C71A 557E2DB9 66C3E9FA 91746039
+ * 512:
+ * 8E959B75 DAE313DA 8CF4F728 14FC143F 8F7779C6 EB9F7FA1 7299AEAD B6889018
+ * 501D289E 4900F7E4 331B99DE C4B5433A C7D329EE B6DD2654 5E96E55B 874BE909
+ *
+ * "a" x 1000000
+ * 384:
+ * 9D0E1809 716474CB 086E834E 310A4A1C ED149E9C 00F24852
+ * 7972CEC5 704C2A5B 07B8B3DC 38ECC4EB AE97DDD8 7F3D8985
+ * 512:
+ * E718483D 0CE76964 4E2E42C7 BC15B463 8E1F98B1 3B204428 5632A803 AFA973EB
+ * DE0FF244 877EA60A 4CB0432C E577C31B EB009C5C 2C49AA2E 4EADB217 AD8CC09B
+ */
+
+
+#include "g10lib.h"
+#include "bithelp.h"
+#include "cipher.h"
+#include "hash-common.h"
+
+typedef struct
+{
+ u64 h0, h1, h2, h3, h4, h5, h6, h7;
+ u64 nblocks;
+ byte buf[128];
+ int count;
+} SHA512_CONTEXT;
+
+static void
+sha512_init (void *context)
+{
+ SHA512_CONTEXT *hd = context;
+
+ hd->h0 = U64_C(0x6a09e667f3bcc908);
+ hd->h1 = U64_C(0xbb67ae8584caa73b);
+ hd->h2 = U64_C(0x3c6ef372fe94f82b);
+ hd->h3 = U64_C(0xa54ff53a5f1d36f1);
+ hd->h4 = U64_C(0x510e527fade682d1);
+ hd->h5 = U64_C(0x9b05688c2b3e6c1f);
+ hd->h6 = U64_C(0x1f83d9abfb41bd6b);
+ hd->h7 = U64_C(0x5be0cd19137e2179);
+
+ hd->nblocks = 0;
+ hd->count = 0;
+}
+
+static void
+sha384_init (void *context)
+{
+ SHA512_CONTEXT *hd = context;
+
+ hd->h0 = U64_C(0xcbbb9d5dc1059ed8);
+ hd->h1 = U64_C(0x629a292a367cd507);
+ hd->h2 = U64_C(0x9159015a3070dd17);
+ hd->h3 = U64_C(0x152fecd8f70e5939);
+ hd->h4 = U64_C(0x67332667ffc00b31);
+ hd->h5 = U64_C(0x8eb44a8768581511);
+ hd->h6 = U64_C(0xdb0c2e0d64f98fa7);
+ hd->h7 = U64_C(0x47b5481dbefa4fa4);
+
+ hd->nblocks = 0;
+ hd->count = 0;
+}
+
+
+/****************
+ * Transform the message W which consists of 16 64-bit-words
+ */
+static void
+transform (SHA512_CONTEXT *hd, const unsigned char *data)
+{
+ u64 a, b, c, d, e, f, g, h;
+ u64 w[80];
+ int t;
+ static const u64 k[] =
+ {
+ U64_C(0x428a2f98d728ae22), U64_C(0x7137449123ef65cd),
+ U64_C(0xb5c0fbcfec4d3b2f), U64_C(0xe9b5dba58189dbbc),
+ U64_C(0x3956c25bf348b538), U64_C(0x59f111f1b605d019),
+ U64_C(0x923f82a4af194f9b), U64_C(0xab1c5ed5da6d8118),
+ U64_C(0xd807aa98a3030242), U64_C(0x12835b0145706fbe),
+ U64_C(0x243185be4ee4b28c), U64_C(0x550c7dc3d5ffb4e2),
+ U64_C(0x72be5d74f27b896f), U64_C(0x80deb1fe3b1696b1),
+ U64_C(0x9bdc06a725c71235), U64_C(0xc19bf174cf692694),
+ U64_C(0xe49b69c19ef14ad2), U64_C(0xefbe4786384f25e3),
+ U64_C(0x0fc19dc68b8cd5b5), U64_C(0x240ca1cc77ac9c65),
+ U64_C(0x2de92c6f592b0275), U64_C(0x4a7484aa6ea6e483),
+ U64_C(0x5cb0a9dcbd41fbd4), U64_C(0x76f988da831153b5),
+ U64_C(0x983e5152ee66dfab), U64_C(0xa831c66d2db43210),
+ U64_C(0xb00327c898fb213f), U64_C(0xbf597fc7beef0ee4),
+ U64_C(0xc6e00bf33da88fc2), U64_C(0xd5a79147930aa725),
+ U64_C(0x06ca6351e003826f), U64_C(0x142929670a0e6e70),
+ U64_C(0x27b70a8546d22ffc), U64_C(0x2e1b21385c26c926),
+ U64_C(0x4d2c6dfc5ac42aed), U64_C(0x53380d139d95b3df),
+ U64_C(0x650a73548baf63de), U64_C(0x766a0abb3c77b2a8),
+ U64_C(0x81c2c92e47edaee6), U64_C(0x92722c851482353b),
+ U64_C(0xa2bfe8a14cf10364), U64_C(0xa81a664bbc423001),
+ U64_C(0xc24b8b70d0f89791), U64_C(0xc76c51a30654be30),
+ U64_C(0xd192e819d6ef5218), U64_C(0xd69906245565a910),
+ U64_C(0xf40e35855771202a), U64_C(0x106aa07032bbd1b8),
+ U64_C(0x19a4c116b8d2d0c8), U64_C(0x1e376c085141ab53),
+ U64_C(0x2748774cdf8eeb99), U64_C(0x34b0bcb5e19b48a8),
+ U64_C(0x391c0cb3c5c95a63), U64_C(0x4ed8aa4ae3418acb),
+ U64_C(0x5b9cca4f7763e373), U64_C(0x682e6ff3d6b2b8a3),
+ U64_C(0x748f82ee5defb2fc), U64_C(0x78a5636f43172f60),
+ U64_C(0x84c87814a1f0ab72), U64_C(0x8cc702081a6439ec),
+ U64_C(0x90befffa23631e28), U64_C(0xa4506cebde82bde9),
+ U64_C(0xbef9a3f7b2c67915), U64_C(0xc67178f2e372532b),
+ U64_C(0xca273eceea26619c), U64_C(0xd186b8c721c0c207),
+ U64_C(0xeada7dd6cde0eb1e), U64_C(0xf57d4f7fee6ed178),
+ U64_C(0x06f067aa72176fba), U64_C(0x0a637dc5a2c898a6),
+ U64_C(0x113f9804bef90dae), U64_C(0x1b710b35131c471b),
+ U64_C(0x28db77f523047d84), U64_C(0x32caab7b40c72493),
+ U64_C(0x3c9ebe0a15c9bebc), U64_C(0x431d67c49c100d4c),
+ U64_C(0x4cc5d4becb3e42b6), U64_C(0x597f299cfc657e2a),
+ U64_C(0x5fcb6fab3ad6faec), U64_C(0x6c44198c4a475817)
+ };
+
+ /* get values from the chaining vars */
+ a = hd->h0;
+ b = hd->h1;
+ c = hd->h2;
+ d = hd->h3;
+ e = hd->h4;
+ f = hd->h5;
+ g = hd->h6;
+ h = hd->h7;
+
+#ifdef WORDS_BIGENDIAN
+ memcpy (w, data, 128);
+#else
+ {
+ int i;
+ byte *p2;
+
+ for (i = 0, p2 = (byte *) w; i < 16; i++, p2 += 8)
+ {
+ p2[7] = *data++;
+ p2[6] = *data++;
+ p2[5] = *data++;
+ p2[4] = *data++;
+ p2[3] = *data++;
+ p2[2] = *data++;
+ p2[1] = *data++;
+ p2[0] = *data++;
+ }
+ }
+#endif
+
+#define ROTR(x,n) (((x)>>(n)) | ((x)<<(64-(n))))
+#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
+#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+#define Sum0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
+#define Sum1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41))
+#define S0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7))
+#define S1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
+
+ for (t = 16; t < 80; t++)
+ w[t] = S1 (w[t - 2]) + w[t - 7] + S0 (w[t - 15]) + w[t - 16];
+
+ for (t = 0; t < 80; t++)
+ {
+ u64 t1, t2;
+
+ t1 = h + Sum1 (e) + Ch (e, f, g) + k[t] + w[t];
+ t2 = Sum0 (a) + Maj (a, b, c);
+ h = g;
+ g = f;
+ f = e;
+ e = d + t1;
+ d = c;
+ c = b;
+ b = a;
+ a = t1 + t2;
+
+ /* printf("t=%d a=%016llX b=%016llX c=%016llX d=%016llX "
+ "e=%016llX f=%016llX g=%016llX h=%016llX\n",t,a,b,c,d,e,f,g,h); */
+ }
+
+ /* update chaining vars */
+ hd->h0 += a;
+ hd->h1 += b;
+ hd->h2 += c;
+ hd->h3 += d;
+ hd->h4 += e;
+ hd->h5 += f;
+ hd->h6 += g;
+ hd->h7 += h;
+}
+
+
+/* Update the message digest with the contents
+ * of INBUF with length INLEN.
+ */
+static void
+sha512_write (void *context, const void *inbuf_arg, size_t inlen)
+{
+ const unsigned char *inbuf = inbuf_arg;
+ SHA512_CONTEXT *hd = context;
+
+ if (hd->count == 128)
+ { /* flush the buffer */
+ transform (hd, hd->buf);
+ _gcry_burn_stack (768);
+ hd->count = 0;
+ hd->nblocks++;
+ }
+ if (!inbuf)
+ return;
+ if (hd->count)
+ {
+ for (; inlen && hd->count < 128; inlen--)
+ hd->buf[hd->count++] = *inbuf++;
+ sha512_write (context, NULL, 0);
+ if (!inlen)
+ return;
+ }
+
+ while (inlen >= 128)
+ {
+ transform (hd, inbuf);
+ hd->count = 0;
+ hd->nblocks++;
+ inlen -= 128;
+ inbuf += 128;
+ }
+ _gcry_burn_stack (768);
+ for (; inlen && hd->count < 128; inlen--)
+ hd->buf[hd->count++] = *inbuf++;
+}
+
+
+/* The routine final terminates the computation and
+ * returns the digest.
+ * The handle is prepared for a new cycle, but adding bytes to the
+ * handle will the destroy the returned buffer.
+ * Returns: 64 bytes representing the digest. When used for sha384,
+ * we take the leftmost 48 of those bytes.
+ */
+
+static void
+sha512_final (void *context)
+{
+ SHA512_CONTEXT *hd = context;
+ u64 t, msb, lsb;
+ byte *p;
+
+ sha512_write (context, NULL, 0); /* flush */ ;
+
+ t = hd->nblocks;
+ /* multiply by 128 to make a byte count */
+ lsb = t << 7;
+ msb = t >> 57;
+ /* add the count */
+ t = lsb;
+ if ((lsb += hd->count) < t)
+ msb++;
+ /* multiply by 8 to make a bit count */
+ t = lsb;
+ lsb <<= 3;
+ msb <<= 3;
+ msb |= t >> 61;
+
+ if (hd->count < 112)
+ { /* enough room */
+ hd->buf[hd->count++] = 0x80; /* pad */
+ while (hd->count < 112)
+ hd->buf[hd->count++] = 0; /* pad */
+ }
+ else
+ { /* need one extra block */
+ hd->buf[hd->count++] = 0x80; /* pad character */
+ while (hd->count < 128)
+ hd->buf[hd->count++] = 0;
+ sha512_write (context, NULL, 0); /* flush */ ;
+ memset (hd->buf, 0, 112); /* fill next block with zeroes */
+ }
+ /* append the 128 bit count */
+ hd->buf[112] = msb >> 56;
+ hd->buf[113] = msb >> 48;
+ hd->buf[114] = msb >> 40;
+ hd->buf[115] = msb >> 32;
+ hd->buf[116] = msb >> 24;
+ hd->buf[117] = msb >> 16;
+ hd->buf[118] = msb >> 8;
+ hd->buf[119] = msb;
+
+ hd->buf[120] = lsb >> 56;
+ hd->buf[121] = lsb >> 48;
+ hd->buf[122] = lsb >> 40;
+ hd->buf[123] = lsb >> 32;
+ hd->buf[124] = lsb >> 24;
+ hd->buf[125] = lsb >> 16;
+ hd->buf[126] = lsb >> 8;
+ hd->buf[127] = lsb;
+ transform (hd, hd->buf);
+ _gcry_burn_stack (768);
+
+ p = hd->buf;
+#ifdef WORDS_BIGENDIAN
+#define X(a) do { *(u64*)p = hd->h##a ; p += 8; } while (0)
+#else /* little endian */
+#define X(a) do { *p++ = hd->h##a >> 56; *p++ = hd->h##a >> 48; \
+ *p++ = hd->h##a >> 40; *p++ = hd->h##a >> 32; \
+ *p++ = hd->h##a >> 24; *p++ = hd->h##a >> 16; \
+ *p++ = hd->h##a >> 8; *p++ = hd->h##a; } while (0)
+#endif
+ X (0);
+ X (1);
+ X (2);
+ X (3);
+ X (4);
+ X (5);
+ /* Note that these last two chunks are included even for SHA384.
+ We just ignore them. */
+ X (6);
+ X (7);
+#undef X
+}
+
+static byte *
+sha512_read (void *context)
+{
+ SHA512_CONTEXT *hd = (SHA512_CONTEXT *) context;
+ return hd->buf;
+}
+
+
+
+/*
+ Self-test section.
+ */
+
+
+
+
+
+/* Run a full self-test for ALGO and return 0 on success. */
+
+
+
+
+static byte sha512_asn[] = /* Object ID is 2.16.840.1.101.3.4.2.3 */
+ {
+ 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
+ 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05,
+ 0x00, 0x04, 0x40
+ };
+
+static gcry_md_oid_spec_t oid_spec_sha512[] =
+ {
+ { "2.16.840.1.101.3.4.2.3" },
+
+ /* PKCS#1 sha512WithRSAEncryption */
+ { "1.2.840.113549.1.1.13" },
+
+ { NULL }
+ };
+
+gcry_md_spec_t _gcry_digest_spec_sha512 =
+ {
+ "SHA512", sha512_asn, DIM (sha512_asn), oid_spec_sha512, 64,
+ sha512_init, sha512_write, sha512_final, sha512_read,
+ sizeof (SHA512_CONTEXT),
+ .blocksize = 128
+ };
+
+static byte sha384_asn[] = /* Object ID is 2.16.840.1.101.3.4.2.2 */
+ {
+ 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
+ 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05,
+ 0x00, 0x04, 0x30
+ };
+
+static gcry_md_oid_spec_t oid_spec_sha384[] =
+ {
+ { "2.16.840.1.101.3.4.2.2" },
+
+ /* PKCS#1 sha384WithRSAEncryption */
+ { "1.2.840.113549.1.1.12" },
+
+ { NULL },
+ };
+
+gcry_md_spec_t _gcry_digest_spec_sha384 =
+ {
+ "SHA384", sha384_asn, DIM (sha384_asn), oid_spec_sha384, 48,
+ sha384_init, sha512_write, sha512_final, sha512_read,
+ sizeof (SHA512_CONTEXT),
+ .blocksize = 128
+ };
+
+
+GRUB_MOD_INIT(gcry_sha512)
+{
+ grub_md_register (&_gcry_digest_spec_sha512);
+ grub_md_register (&_gcry_digest_spec_sha384);
+}
+
+GRUB_MOD_FINI(gcry_sha512)
+{
+ grub_md_unregister (&_gcry_digest_spec_sha512);
+ grub_md_unregister (&_gcry_digest_spec_sha384);
+}
diff --git a/grub-core/lib/libgcrypt-grub/cipher/tiger.c b/grub-core/lib/libgcrypt-grub/cipher/tiger.c
new file mode 100644
index 0000000..b7c6b0a
--- /dev/null
+++ b/grub-core/lib/libgcrypt-grub/cipher/tiger.c
@@ -0,0 +1,864 @@
+/* This file was automatically imported with
+ import_gcry.py. Please don't modify it */
+#include <grub/dl.h>
+GRUB_MOD_LICENSE ("GPLv3+");
+/* tiger.c - The TIGER hash function
+ * Copyright (C) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+
+#include "g10lib.h"
+#include "memory.h"
+#include "cipher.h"
+
+#ifdef HAVE_U64_TYPEDEF
+
+/* we really need it here, but as this is only experiment we
+ * can live without Tiger */
+
+typedef struct {
+ u64 a, b, c;
+ byte buf[64];
+ int count;
+ u32 nblocks;
+} TIGER_CONTEXT;
+
+
+/*********************************
+ * Okay, okay, this is not the fastest code - improvements are welcome.
+ *
+ */
+
+/* Some test vectors:
+ * "" 24F0130C63AC9332 16166E76B1BB925F F373DE2D49584E7A
+ * "abc" F258C1E88414AB2A 527AB541FFC5B8BF 935F7B951C132951
+ * "Tiger" 9F00F599072300DD 276ABB38C8EB6DEC 37790C116F9D2BDF
+ * "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-"
+ * 87FB2A9083851CF7 470D2CF810E6DF9E B586445034A5A386
+ * "ABCDEFGHIJKLMNOPQRSTUVWXYZ=abcdefghijklmnopqrstuvwxyz+0123456789"
+ * 467DB80863EBCE48 8DF1CD1261655DE9 57896565975F9197
+ * "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham"
+ * 0C410A042968868A 1671DA5A3FD29A72 5EC1E457D3CDB303
+ * "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham, proc"
+ * "eedings of Fast Software Encryption 3, Cambridge."
+ * EBF591D5AFA655CE 7F22894FF87F54AC 89C811B6B0DA3193
+ * "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham, proc"
+ * "eedings of Fast Software Encryption 3, Cambridge, 1996."
+ * 3D9AEB03D1BD1A63 57B2774DFD6D5B24 DD68151D503974FC
+ * "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-ABCDEF"
+ * "GHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-"
+ * 00B83EB4E53440C5 76AC6AAEE0A74858 25FD15E70A59FFE4
+ */
+
+static u64 sbox1[256] = {
+ U64_C(0x02aab17cf7e90c5e) /* 0 */, U64_C(0xac424b03e243a8ec) /* 1 */,
+ U64_C(0x72cd5be30dd5fcd3) /* 2 */, U64_C(0x6d019b93f6f97f3a) /* 3 */,
+ U64_C(0xcd9978ffd21f9193) /* 4 */, U64_C(0x7573a1c9708029e2) /* 5 */,
+ U64_C(0xb164326b922a83c3) /* 6 */, U64_C(0x46883eee04915870) /* 7 */,
+ U64_C(0xeaace3057103ece6) /* 8 */, U64_C(0xc54169b808a3535c) /* 9 */,
+ U64_C(0x4ce754918ddec47c) /* 10 */, U64_C(0x0aa2f4dfdc0df40c) /* 11 */,
+ U64_C(0x10b76f18a74dbefa) /* 12 */, U64_C(0xc6ccb6235ad1ab6a) /* 13 */,
+ U64_C(0x13726121572fe2ff) /* 14 */, U64_C(0x1a488c6f199d921e) /* 15 */,
+ U64_C(0x4bc9f9f4da0007ca) /* 16 */, U64_C(0x26f5e6f6e85241c7) /* 17 */,
+ U64_C(0x859079dbea5947b6) /* 18 */, U64_C(0x4f1885c5c99e8c92) /* 19 */,
+ U64_C(0xd78e761ea96f864b) /* 20 */, U64_C(0x8e36428c52b5c17d) /* 21 */,
+ U64_C(0x69cf6827373063c1) /* 22 */, U64_C(0xb607c93d9bb4c56e) /* 23 */,
+ U64_C(0x7d820e760e76b5ea) /* 24 */, U64_C(0x645c9cc6f07fdc42) /* 25 */,
+ U64_C(0xbf38a078243342e0) /* 26 */, U64_C(0x5f6b343c9d2e7d04) /* 27 */,
+ U64_C(0xf2c28aeb600b0ec6) /* 28 */, U64_C(0x6c0ed85f7254bcac) /* 29 */,
+ U64_C(0x71592281a4db4fe5) /* 30 */, U64_C(0x1967fa69ce0fed9f) /* 31 */,
+ U64_C(0xfd5293f8b96545db) /* 32 */, U64_C(0xc879e9d7f2a7600b) /* 33 */,
+ U64_C(0x860248920193194e) /* 34 */, U64_C(0xa4f9533b2d9cc0b3) /* 35 */,
+ U64_C(0x9053836c15957613) /* 36 */, U64_C(0xdb6dcf8afc357bf1) /* 37 */,
+ U64_C(0x18beea7a7a370f57) /* 38 */, U64_C(0x037117ca50b99066) /* 39 */,
+ U64_C(0x6ab30a9774424a35) /* 40 */, U64_C(0xf4e92f02e325249b) /* 41 */,
+ U64_C(0x7739db07061ccae1) /* 42 */, U64_C(0xd8f3b49ceca42a05) /* 43 */,
+ U64_C(0xbd56be3f51382f73) /* 44 */, U64_C(0x45faed5843b0bb28) /* 45 */,
+ U64_C(0x1c813d5c11bf1f83) /* 46 */, U64_C(0x8af0e4b6d75fa169) /* 47 */,
+ U64_C(0x33ee18a487ad9999) /* 48 */, U64_C(0x3c26e8eab1c94410) /* 49 */,
+ U64_C(0xb510102bc0a822f9) /* 50 */, U64_C(0x141eef310ce6123b) /* 51 */,
+ U64_C(0xfc65b90059ddb154) /* 52 */, U64_C(0xe0158640c5e0e607) /* 53 */,
+ U64_C(0x884e079826c3a3cf) /* 54 */, U64_C(0x930d0d9523c535fd) /* 55 */,
+ U64_C(0x35638d754e9a2b00) /* 56 */, U64_C(0x4085fccf40469dd5) /* 57 */,
+ U64_C(0xc4b17ad28be23a4c) /* 58 */, U64_C(0xcab2f0fc6a3e6a2e) /* 59 */,
+ U64_C(0x2860971a6b943fcd) /* 60 */, U64_C(0x3dde6ee212e30446) /* 61 */,
+ U64_C(0x6222f32ae01765ae) /* 62 */, U64_C(0x5d550bb5478308fe) /* 63 */,
+ U64_C(0xa9efa98da0eda22a) /* 64 */, U64_C(0xc351a71686c40da7) /* 65 */,
+ U64_C(0x1105586d9c867c84) /* 66 */, U64_C(0xdcffee85fda22853) /* 67 */,
+ U64_C(0xccfbd0262c5eef76) /* 68 */, U64_C(0xbaf294cb8990d201) /* 69 */,
+ U64_C(0xe69464f52afad975) /* 70 */, U64_C(0x94b013afdf133e14) /* 71 */,
+ U64_C(0x06a7d1a32823c958) /* 72 */, U64_C(0x6f95fe5130f61119) /* 73 */,
+ U64_C(0xd92ab34e462c06c0) /* 74 */, U64_C(0xed7bde33887c71d2) /* 75 */,
+ U64_C(0x79746d6e6518393e) /* 76 */, U64_C(0x5ba419385d713329) /* 77 */,
+ U64_C(0x7c1ba6b948a97564) /* 78 */, U64_C(0x31987c197bfdac67) /* 79 */,
+ U64_C(0xde6c23c44b053d02) /* 80 */, U64_C(0x581c49fed002d64d) /* 81 */,
+ U64_C(0xdd474d6338261571) /* 82 */, U64_C(0xaa4546c3e473d062) /* 83 */,
+ U64_C(0x928fce349455f860) /* 84 */, U64_C(0x48161bbacaab94d9) /* 85 */,
+ U64_C(0x63912430770e6f68) /* 86 */, U64_C(0x6ec8a5e602c6641c) /* 87 */,
+ U64_C(0x87282515337ddd2b) /* 88 */, U64_C(0x2cda6b42034b701b) /* 89 */,
+ U64_C(0xb03d37c181cb096d) /* 90 */, U64_C(0xe108438266c71c6f) /* 91 */,
+ U64_C(0x2b3180c7eb51b255) /* 92 */, U64_C(0xdf92b82f96c08bbc) /* 93 */,
+ U64_C(0x5c68c8c0a632f3ba) /* 94 */, U64_C(0x5504cc861c3d0556) /* 95 */,
+ U64_C(0xabbfa4e55fb26b8f) /* 96 */, U64_C(0x41848b0ab3baceb4) /* 97 */,
+ U64_C(0xb334a273aa445d32) /* 98 */, U64_C(0xbca696f0a85ad881) /* 99 */,
+ U64_C(0x24f6ec65b528d56c) /* 100 */, U64_C(0x0ce1512e90f4524a) /* 101 */,
+ U64_C(0x4e9dd79d5506d35a) /* 102 */, U64_C(0x258905fac6ce9779) /* 103 */,
+ U64_C(0x2019295b3e109b33) /* 104 */, U64_C(0xf8a9478b73a054cc) /* 105 */,
+ U64_C(0x2924f2f934417eb0) /* 106 */, U64_C(0x3993357d536d1bc4) /* 107 */,
+ U64_C(0x38a81ac21db6ff8b) /* 108 */, U64_C(0x47c4fbf17d6016bf) /* 109 */,
+ U64_C(0x1e0faadd7667e3f5) /* 110 */, U64_C(0x7abcff62938beb96) /* 111 */,
+ U64_C(0xa78dad948fc179c9) /* 112 */, U64_C(0x8f1f98b72911e50d) /* 113 */,
+ U64_C(0x61e48eae27121a91) /* 114 */, U64_C(0x4d62f7ad31859808) /* 115 */,
+ U64_C(0xeceba345ef5ceaeb) /* 116 */, U64_C(0xf5ceb25ebc9684ce) /* 117 */,
+ U64_C(0xf633e20cb7f76221) /* 118 */, U64_C(0xa32cdf06ab8293e4) /* 119 */,
+ U64_C(0x985a202ca5ee2ca4) /* 120 */, U64_C(0xcf0b8447cc8a8fb1) /* 121 */,
+ U64_C(0x9f765244979859a3) /* 122 */, U64_C(0xa8d516b1a1240017) /* 123 */,
+ U64_C(0x0bd7ba3ebb5dc726) /* 124 */, U64_C(0xe54bca55b86adb39) /* 125 */,
+ U64_C(0x1d7a3afd6c478063) /* 126 */, U64_C(0x519ec608e7669edd) /* 127 */,
+ U64_C(0x0e5715a2d149aa23) /* 128 */, U64_C(0x177d4571848ff194) /* 129 */,
+ U64_C(0xeeb55f3241014c22) /* 130 */, U64_C(0x0f5e5ca13a6e2ec2) /* 131 */,
+ U64_C(0x8029927b75f5c361) /* 132 */, U64_C(0xad139fabc3d6e436) /* 133 */,
+ U64_C(0x0d5df1a94ccf402f) /* 134 */, U64_C(0x3e8bd948bea5dfc8) /* 135 */,
+ U64_C(0xa5a0d357bd3ff77e) /* 136 */, U64_C(0xa2d12e251f74f645) /* 137 */,
+ U64_C(0x66fd9e525e81a082) /* 138 */, U64_C(0x2e0c90ce7f687a49) /* 139 */,
+ U64_C(0xc2e8bcbeba973bc5) /* 140 */, U64_C(0x000001bce509745f) /* 141 */,
+ U64_C(0x423777bbe6dab3d6) /* 142 */, U64_C(0xd1661c7eaef06eb5) /* 143 */,
+ U64_C(0xa1781f354daacfd8) /* 144 */, U64_C(0x2d11284a2b16affc) /* 145 */,
+ U64_C(0xf1fc4f67fa891d1f) /* 146 */, U64_C(0x73ecc25dcb920ada) /* 147 */,
+ U64_C(0xae610c22c2a12651) /* 148 */, U64_C(0x96e0a810d356b78a) /* 149 */,
+ U64_C(0x5a9a381f2fe7870f) /* 150 */, U64_C(0xd5ad62ede94e5530) /* 151 */,
+ U64_C(0xd225e5e8368d1427) /* 152 */, U64_C(0x65977b70c7af4631) /* 153 */,
+ U64_C(0x99f889b2de39d74f) /* 154 */, U64_C(0x233f30bf54e1d143) /* 155 */,
+ U64_C(0x9a9675d3d9a63c97) /* 156 */, U64_C(0x5470554ff334f9a8) /* 157 */,
+ U64_C(0x166acb744a4f5688) /* 158 */, U64_C(0x70c74caab2e4aead) /* 159 */,
+ U64_C(0xf0d091646f294d12) /* 160 */, U64_C(0x57b82a89684031d1) /* 161 */,
+ U64_C(0xefd95a5a61be0b6b) /* 162 */, U64_C(0x2fbd12e969f2f29a) /* 163 */,
+ U64_C(0x9bd37013feff9fe8) /* 164 */, U64_C(0x3f9b0404d6085a06) /* 165 */,
+ U64_C(0x4940c1f3166cfe15) /* 166 */, U64_C(0x09542c4dcdf3defb) /* 167 */,
+ U64_C(0xb4c5218385cd5ce3) /* 168 */, U64_C(0xc935b7dc4462a641) /* 169 */,
+ U64_C(0x3417f8a68ed3b63f) /* 170 */, U64_C(0xb80959295b215b40) /* 171 */,
+ U64_C(0xf99cdaef3b8c8572) /* 172 */, U64_C(0x018c0614f8fcb95d) /* 173 */,
+ U64_C(0x1b14accd1a3acdf3) /* 174 */, U64_C(0x84d471f200bb732d) /* 175 */,
+ U64_C(0xc1a3110e95e8da16) /* 176 */, U64_C(0x430a7220bf1a82b8) /* 177 */,
+ U64_C(0xb77e090d39df210e) /* 178 */, U64_C(0x5ef4bd9f3cd05e9d) /* 179 */,
+ U64_C(0x9d4ff6da7e57a444) /* 180 */, U64_C(0xda1d60e183d4a5f8) /* 181 */,
+ U64_C(0xb287c38417998e47) /* 182 */, U64_C(0xfe3edc121bb31886) /* 183 */,
+ U64_C(0xc7fe3ccc980ccbef) /* 184 */, U64_C(0xe46fb590189bfd03) /* 185 */,
+ U64_C(0x3732fd469a4c57dc) /* 186 */, U64_C(0x7ef700a07cf1ad65) /* 187 */,
+ U64_C(0x59c64468a31d8859) /* 188 */, U64_C(0x762fb0b4d45b61f6) /* 189 */,
+ U64_C(0x155baed099047718) /* 190 */, U64_C(0x68755e4c3d50baa6) /* 191 */,
+ U64_C(0xe9214e7f22d8b4df) /* 192 */, U64_C(0x2addbf532eac95f4) /* 193 */,
+ U64_C(0x32ae3909b4bd0109) /* 194 */, U64_C(0x834df537b08e3450) /* 195 */,
+ U64_C(0xfa209da84220728d) /* 196 */, U64_C(0x9e691d9b9efe23f7) /* 197 */,
+ U64_C(0x0446d288c4ae8d7f) /* 198 */, U64_C(0x7b4cc524e169785b) /* 199 */,
+ U64_C(0x21d87f0135ca1385) /* 200 */, U64_C(0xcebb400f137b8aa5) /* 201 */,
+ U64_C(0x272e2b66580796be) /* 202 */, U64_C(0x3612264125c2b0de) /* 203 */,
+ U64_C(0x057702bdad1efbb2) /* 204 */, U64_C(0xd4babb8eacf84be9) /* 205 */,
+ U64_C(0x91583139641bc67b) /* 206 */, U64_C(0x8bdc2de08036e024) /* 207 */,
+ U64_C(0x603c8156f49f68ed) /* 208 */, U64_C(0xf7d236f7dbef5111) /* 209 */,
+ U64_C(0x9727c4598ad21e80) /* 210 */, U64_C(0xa08a0896670a5fd7) /* 211 */,
+ U64_C(0xcb4a8f4309eba9cb) /* 212 */, U64_C(0x81af564b0f7036a1) /* 213 */,
+ U64_C(0xc0b99aa778199abd) /* 214 */, U64_C(0x959f1ec83fc8e952) /* 215 */,
+ U64_C(0x8c505077794a81b9) /* 216 */, U64_C(0x3acaaf8f056338f0) /* 217 */,
+ U64_C(0x07b43f50627a6778) /* 218 */, U64_C(0x4a44ab49f5eccc77) /* 219 */,
+ U64_C(0x3bc3d6e4b679ee98) /* 220 */, U64_C(0x9cc0d4d1cf14108c) /* 221 */,
+ U64_C(0x4406c00b206bc8a0) /* 222 */, U64_C(0x82a18854c8d72d89) /* 223 */,
+ U64_C(0x67e366b35c3c432c) /* 224 */, U64_C(0xb923dd61102b37f2) /* 225 */,
+ U64_C(0x56ab2779d884271d) /* 226 */, U64_C(0xbe83e1b0ff1525af) /* 227 */,
+ U64_C(0xfb7c65d4217e49a9) /* 228 */, U64_C(0x6bdbe0e76d48e7d4) /* 229 */,
+ U64_C(0x08df828745d9179e) /* 230 */, U64_C(0x22ea6a9add53bd34) /* 231 */,
+ U64_C(0xe36e141c5622200a) /* 232 */, U64_C(0x7f805d1b8cb750ee) /* 233 */,
+ U64_C(0xafe5c7a59f58e837) /* 234 */, U64_C(0xe27f996a4fb1c23c) /* 235 */,
+ U64_C(0xd3867dfb0775f0d0) /* 236 */, U64_C(0xd0e673de6e88891a) /* 237 */,
+ U64_C(0x123aeb9eafb86c25) /* 238 */, U64_C(0x30f1d5d5c145b895) /* 239 */,
+ U64_C(0xbb434a2dee7269e7) /* 240 */, U64_C(0x78cb67ecf931fa38) /* 241 */,
+ U64_C(0xf33b0372323bbf9c) /* 242 */, U64_C(0x52d66336fb279c74) /* 243 */,
+ U64_C(0x505f33ac0afb4eaa) /* 244 */, U64_C(0xe8a5cd99a2cce187) /* 245 */,
+ U64_C(0x534974801e2d30bb) /* 246 */, U64_C(0x8d2d5711d5876d90) /* 247 */,
+ U64_C(0x1f1a412891bc038e) /* 248 */, U64_C(0xd6e2e71d82e56648) /* 249 */,
+ U64_C(0x74036c3a497732b7) /* 250 */, U64_C(0x89b67ed96361f5ab) /* 251 */,
+ U64_C(0xffed95d8f1ea02a2) /* 252 */, U64_C(0xe72b3bd61464d43d) /* 253 */,
+ U64_C(0xa6300f170bdc4820) /* 254 */, U64_C(0xebc18760ed78a77a) /* 255 */
+};
+static u64 sbox2[256] = {
+ U64_C(0xe6a6be5a05a12138) /* 256 */, U64_C(0xb5a122a5b4f87c98) /* 257 */,
+ U64_C(0x563c6089140b6990) /* 258 */, U64_C(0x4c46cb2e391f5dd5) /* 259 */,
+ U64_C(0xd932addbc9b79434) /* 260 */, U64_C(0x08ea70e42015aff5) /* 261 */,
+ U64_C(0xd765a6673e478cf1) /* 262 */, U64_C(0xc4fb757eab278d99) /* 263 */,
+ U64_C(0xdf11c6862d6e0692) /* 264 */, U64_C(0xddeb84f10d7f3b16) /* 265 */,
+ U64_C(0x6f2ef604a665ea04) /* 266 */, U64_C(0x4a8e0f0ff0e0dfb3) /* 267 */,
+ U64_C(0xa5edeef83dbcba51) /* 268 */, U64_C(0xfc4f0a2a0ea4371e) /* 269 */,
+ U64_C(0xe83e1da85cb38429) /* 270 */, U64_C(0xdc8ff882ba1b1ce2) /* 271 */,
+ U64_C(0xcd45505e8353e80d) /* 272 */, U64_C(0x18d19a00d4db0717) /* 273 */,
+ U64_C(0x34a0cfeda5f38101) /* 274 */, U64_C(0x0be77e518887caf2) /* 275 */,
+ U64_C(0x1e341438b3c45136) /* 276 */, U64_C(0xe05797f49089ccf9) /* 277 */,
+ U64_C(0xffd23f9df2591d14) /* 278 */, U64_C(0x543dda228595c5cd) /* 279 */,
+ U64_C(0x661f81fd99052a33) /* 280 */, U64_C(0x8736e641db0f7b76) /* 281 */,
+ U64_C(0x15227725418e5307) /* 282 */, U64_C(0xe25f7f46162eb2fa) /* 283 */,
+ U64_C(0x48a8b2126c13d9fe) /* 284 */, U64_C(0xafdc541792e76eea) /* 285 */,
+ U64_C(0x03d912bfc6d1898f) /* 286 */, U64_C(0x31b1aafa1b83f51b) /* 287 */,
+ U64_C(0xf1ac2796e42ab7d9) /* 288 */, U64_C(0x40a3a7d7fcd2ebac) /* 289 */,
+ U64_C(0x1056136d0afbbcc5) /* 290 */, U64_C(0x7889e1dd9a6d0c85) /* 291 */,
+ U64_C(0xd33525782a7974aa) /* 292 */, U64_C(0xa7e25d09078ac09b) /* 293 */,
+ U64_C(0xbd4138b3eac6edd0) /* 294 */, U64_C(0x920abfbe71eb9e70) /* 295 */,
+ U64_C(0xa2a5d0f54fc2625c) /* 296 */, U64_C(0xc054e36b0b1290a3) /* 297 */,
+ U64_C(0xf6dd59ff62fe932b) /* 298 */, U64_C(0x3537354511a8ac7d) /* 299 */,
+ U64_C(0xca845e9172fadcd4) /* 300 */, U64_C(0x84f82b60329d20dc) /* 301 */,
+ U64_C(0x79c62ce1cd672f18) /* 302 */, U64_C(0x8b09a2add124642c) /* 303 */,
+ U64_C(0xd0c1e96a19d9e726) /* 304 */, U64_C(0x5a786a9b4ba9500c) /* 305 */,
+ U64_C(0x0e020336634c43f3) /* 306 */, U64_C(0xc17b474aeb66d822) /* 307 */,
+ U64_C(0x6a731ae3ec9baac2) /* 308 */, U64_C(0x8226667ae0840258) /* 309 */,
+ U64_C(0x67d4567691caeca5) /* 310 */, U64_C(0x1d94155c4875adb5) /* 311 */,
+ U64_C(0x6d00fd985b813fdf) /* 312 */, U64_C(0x51286efcb774cd06) /* 313 */,
+ U64_C(0x5e8834471fa744af) /* 314 */, U64_C(0xf72ca0aee761ae2e) /* 315 */,
+ U64_C(0xbe40e4cdaee8e09a) /* 316 */, U64_C(0xe9970bbb5118f665) /* 317 */,
+ U64_C(0x726e4beb33df1964) /* 318 */, U64_C(0x703b000729199762) /* 319 */,
+ U64_C(0x4631d816f5ef30a7) /* 320 */, U64_C(0xb880b5b51504a6be) /* 321 */,
+ U64_C(0x641793c37ed84b6c) /* 322 */, U64_C(0x7b21ed77f6e97d96) /* 323 */,
+ U64_C(0x776306312ef96b73) /* 324 */, U64_C(0xae528948e86ff3f4) /* 325 */,
+ U64_C(0x53dbd7f286a3f8f8) /* 326 */, U64_C(0x16cadce74cfc1063) /* 327 */,
+ U64_C(0x005c19bdfa52c6dd) /* 328 */, U64_C(0x68868f5d64d46ad3) /* 329 */,
+ U64_C(0x3a9d512ccf1e186a) /* 330 */, U64_C(0x367e62c2385660ae) /* 331 */,
+ U64_C(0xe359e7ea77dcb1d7) /* 332 */, U64_C(0x526c0773749abe6e) /* 333 */,
+ U64_C(0x735ae5f9d09f734b) /* 334 */, U64_C(0x493fc7cc8a558ba8) /* 335 */,
+ U64_C(0xb0b9c1533041ab45) /* 336 */, U64_C(0x321958ba470a59bd) /* 337 */,
+ U64_C(0x852db00b5f46c393) /* 338 */, U64_C(0x91209b2bd336b0e5) /* 339 */,
+ U64_C(0x6e604f7d659ef19f) /* 340 */, U64_C(0xb99a8ae2782ccb24) /* 341 */,
+ U64_C(0xccf52ab6c814c4c7) /* 342 */, U64_C(0x4727d9afbe11727b) /* 343 */,
+ U64_C(0x7e950d0c0121b34d) /* 344 */, U64_C(0x756f435670ad471f) /* 345 */,
+ U64_C(0xf5add442615a6849) /* 346 */, U64_C(0x4e87e09980b9957a) /* 347 */,
+ U64_C(0x2acfa1df50aee355) /* 348 */, U64_C(0xd898263afd2fd556) /* 349 */,
+ U64_C(0xc8f4924dd80c8fd6) /* 350 */, U64_C(0xcf99ca3d754a173a) /* 351 */,
+ U64_C(0xfe477bacaf91bf3c) /* 352 */, U64_C(0xed5371f6d690c12d) /* 353 */,
+ U64_C(0x831a5c285e687094) /* 354 */, U64_C(0xc5d3c90a3708a0a4) /* 355 */,
+ U64_C(0x0f7f903717d06580) /* 356 */, U64_C(0x19f9bb13b8fdf27f) /* 357 */,
+ U64_C(0xb1bd6f1b4d502843) /* 358 */, U64_C(0x1c761ba38fff4012) /* 359 */,
+ U64_C(0x0d1530c4e2e21f3b) /* 360 */, U64_C(0x8943ce69a7372c8a) /* 361 */,
+ U64_C(0xe5184e11feb5ce66) /* 362 */, U64_C(0x618bdb80bd736621) /* 363 */,
+ U64_C(0x7d29bad68b574d0b) /* 364 */, U64_C(0x81bb613e25e6fe5b) /* 365 */,
+ U64_C(0x071c9c10bc07913f) /* 366 */, U64_C(0xc7beeb7909ac2d97) /* 367 */,
+ U64_C(0xc3e58d353bc5d757) /* 368 */, U64_C(0xeb017892f38f61e8) /* 369 */,
+ U64_C(0xd4effb9c9b1cc21a) /* 370 */, U64_C(0x99727d26f494f7ab) /* 371 */,
+ U64_C(0xa3e063a2956b3e03) /* 372 */, U64_C(0x9d4a8b9a4aa09c30) /* 373 */,
+ U64_C(0x3f6ab7d500090fb4) /* 374 */, U64_C(0x9cc0f2a057268ac0) /* 375 */,
+ U64_C(0x3dee9d2dedbf42d1) /* 376 */, U64_C(0x330f49c87960a972) /* 377 */,
+ U64_C(0xc6b2720287421b41) /* 378 */, U64_C(0x0ac59ec07c00369c) /* 379 */,
+ U64_C(0xef4eac49cb353425) /* 380 */, U64_C(0xf450244eef0129d8) /* 381 */,
+ U64_C(0x8acc46e5caf4deb6) /* 382 */, U64_C(0x2ffeab63989263f7) /* 383 */,
+ U64_C(0x8f7cb9fe5d7a4578) /* 384 */, U64_C(0x5bd8f7644e634635) /* 385 */,
+ U64_C(0x427a7315bf2dc900) /* 386 */, U64_C(0x17d0c4aa2125261c) /* 387 */,
+ U64_C(0x3992486c93518e50) /* 388 */, U64_C(0xb4cbfee0a2d7d4c3) /* 389 */,
+ U64_C(0x7c75d6202c5ddd8d) /* 390 */, U64_C(0xdbc295d8e35b6c61) /* 391 */,
+ U64_C(0x60b369d302032b19) /* 392 */, U64_C(0xce42685fdce44132) /* 393 */,
+ U64_C(0x06f3ddb9ddf65610) /* 394 */, U64_C(0x8ea4d21db5e148f0) /* 395 */,
+ U64_C(0x20b0fce62fcd496f) /* 396 */, U64_C(0x2c1b912358b0ee31) /* 397 */,
+ U64_C(0xb28317b818f5a308) /* 398 */, U64_C(0xa89c1e189ca6d2cf) /* 399 */,
+ U64_C(0x0c6b18576aaadbc8) /* 400 */, U64_C(0xb65deaa91299fae3) /* 401 */,
+ U64_C(0xfb2b794b7f1027e7) /* 402 */, U64_C(0x04e4317f443b5beb) /* 403 */,
+ U64_C(0x4b852d325939d0a6) /* 404 */, U64_C(0xd5ae6beefb207ffc) /* 405 */,
+ U64_C(0x309682b281c7d374) /* 406 */, U64_C(0xbae309a194c3b475) /* 407 */,
+ U64_C(0x8cc3f97b13b49f05) /* 408 */, U64_C(0x98a9422ff8293967) /* 409 */,
+ U64_C(0x244b16b01076ff7c) /* 410 */, U64_C(0xf8bf571c663d67ee) /* 411 */,
+ U64_C(0x1f0d6758eee30da1) /* 412 */, U64_C(0xc9b611d97adeb9b7) /* 413 */,
+ U64_C(0xb7afd5887b6c57a2) /* 414 */, U64_C(0x6290ae846b984fe1) /* 415 */,
+ U64_C(0x94df4cdeacc1a5fd) /* 416 */, U64_C(0x058a5bd1c5483aff) /* 417 */,
+ U64_C(0x63166cc142ba3c37) /* 418 */, U64_C(0x8db8526eb2f76f40) /* 419 */,
+ U64_C(0xe10880036f0d6d4e) /* 420 */, U64_C(0x9e0523c9971d311d) /* 421 */,
+ U64_C(0x45ec2824cc7cd691) /* 422 */, U64_C(0x575b8359e62382c9) /* 423 */,
+ U64_C(0xfa9e400dc4889995) /* 424 */, U64_C(0xd1823ecb45721568) /* 425 */,
+ U64_C(0xdafd983b8206082f) /* 426 */, U64_C(0xaa7d29082386a8cb) /* 427 */,
+ U64_C(0x269fcd4403b87588) /* 428 */, U64_C(0x1b91f5f728bdd1e0) /* 429 */,
+ U64_C(0xe4669f39040201f6) /* 430 */, U64_C(0x7a1d7c218cf04ade) /* 431 */,
+ U64_C(0x65623c29d79ce5ce) /* 432 */, U64_C(0x2368449096c00bb1) /* 433 */,
+ U64_C(0xab9bf1879da503ba) /* 434 */, U64_C(0xbc23ecb1a458058e) /* 435 */,
+ U64_C(0x9a58df01bb401ecc) /* 436 */, U64_C(0xa070e868a85f143d) /* 437 */,
+ U64_C(0x4ff188307df2239e) /* 438 */, U64_C(0x14d565b41a641183) /* 439 */,
+ U64_C(0xee13337452701602) /* 440 */, U64_C(0x950e3dcf3f285e09) /* 441 */,
+ U64_C(0x59930254b9c80953) /* 442 */, U64_C(0x3bf299408930da6d) /* 443 */,
+ U64_C(0xa955943f53691387) /* 444 */, U64_C(0xa15edecaa9cb8784) /* 445 */,
+ U64_C(0x29142127352be9a0) /* 446 */, U64_C(0x76f0371fff4e7afb) /* 447 */,
+ U64_C(0x0239f450274f2228) /* 448 */, U64_C(0xbb073af01d5e868b) /* 449 */,
+ U64_C(0xbfc80571c10e96c1) /* 450 */, U64_C(0xd267088568222e23) /* 451 */,
+ U64_C(0x9671a3d48e80b5b0) /* 452 */, U64_C(0x55b5d38ae193bb81) /* 453 */,
+ U64_C(0x693ae2d0a18b04b8) /* 454 */, U64_C(0x5c48b4ecadd5335f) /* 455 */,
+ U64_C(0xfd743b194916a1ca) /* 456 */, U64_C(0x2577018134be98c4) /* 457 */,
+ U64_C(0xe77987e83c54a4ad) /* 458 */, U64_C(0x28e11014da33e1b9) /* 459 */,
+ U64_C(0x270cc59e226aa213) /* 460 */, U64_C(0x71495f756d1a5f60) /* 461 */,
+ U64_C(0x9be853fb60afef77) /* 462 */, U64_C(0xadc786a7f7443dbf) /* 463 */,
+ U64_C(0x0904456173b29a82) /* 464 */, U64_C(0x58bc7a66c232bd5e) /* 465 */,
+ U64_C(0xf306558c673ac8b2) /* 466 */, U64_C(0x41f639c6b6c9772a) /* 467 */,
+ U64_C(0x216defe99fda35da) /* 468 */, U64_C(0x11640cc71c7be615) /* 469 */,
+ U64_C(0x93c43694565c5527) /* 470 */, U64_C(0xea038e6246777839) /* 471 */,
+ U64_C(0xf9abf3ce5a3e2469) /* 472 */, U64_C(0x741e768d0fd312d2) /* 473 */,
+ U64_C(0x0144b883ced652c6) /* 474 */, U64_C(0xc20b5a5ba33f8552) /* 475 */,
+ U64_C(0x1ae69633c3435a9d) /* 476 */, U64_C(0x97a28ca4088cfdec) /* 477 */,
+ U64_C(0x8824a43c1e96f420) /* 478 */, U64_C(0x37612fa66eeea746) /* 479 */,
+ U64_C(0x6b4cb165f9cf0e5a) /* 480 */, U64_C(0x43aa1c06a0abfb4a) /* 481 */,
+ U64_C(0x7f4dc26ff162796b) /* 482 */, U64_C(0x6cbacc8e54ed9b0f) /* 483 */,
+ U64_C(0xa6b7ffefd2bb253e) /* 484 */, U64_C(0x2e25bc95b0a29d4f) /* 485 */,
+ U64_C(0x86d6a58bdef1388c) /* 486 */, U64_C(0xded74ac576b6f054) /* 487 */,
+ U64_C(0x8030bdbc2b45805d) /* 488 */, U64_C(0x3c81af70e94d9289) /* 489 */,
+ U64_C(0x3eff6dda9e3100db) /* 490 */, U64_C(0xb38dc39fdfcc8847) /* 491 */,
+ U64_C(0x123885528d17b87e) /* 492 */, U64_C(0xf2da0ed240b1b642) /* 493 */,
+ U64_C(0x44cefadcd54bf9a9) /* 494 */, U64_C(0x1312200e433c7ee6) /* 495 */,
+ U64_C(0x9ffcc84f3a78c748) /* 496 */, U64_C(0xf0cd1f72248576bb) /* 497 */,
+ U64_C(0xec6974053638cfe4) /* 498 */, U64_C(0x2ba7b67c0cec4e4c) /* 499 */,
+ U64_C(0xac2f4df3e5ce32ed) /* 500 */, U64_C(0xcb33d14326ea4c11) /* 501 */,
+ U64_C(0xa4e9044cc77e58bc) /* 502 */, U64_C(0x5f513293d934fcef) /* 503 */,
+ U64_C(0x5dc9645506e55444) /* 504 */, U64_C(0x50de418f317de40a) /* 505 */,
+ U64_C(0x388cb31a69dde259) /* 506 */, U64_C(0x2db4a83455820a86) /* 507 */,
+ U64_C(0x9010a91e84711ae9) /* 508 */, U64_C(0x4df7f0b7b1498371) /* 509 */,
+ U64_C(0xd62a2eabc0977179) /* 510 */, U64_C(0x22fac097aa8d5c0e) /* 511 */
+};
+static u64 sbox3[256] = {
+ U64_C(0xf49fcc2ff1daf39b) /* 512 */, U64_C(0x487fd5c66ff29281) /* 513 */,
+ U64_C(0xe8a30667fcdca83f) /* 514 */, U64_C(0x2c9b4be3d2fcce63) /* 515 */,
+ U64_C(0xda3ff74b93fbbbc2) /* 516 */, U64_C(0x2fa165d2fe70ba66) /* 517 */,
+ U64_C(0xa103e279970e93d4) /* 518 */, U64_C(0xbecdec77b0e45e71) /* 519 */,
+ U64_C(0xcfb41e723985e497) /* 520 */, U64_C(0xb70aaa025ef75017) /* 521 */,
+ U64_C(0xd42309f03840b8e0) /* 522 */, U64_C(0x8efc1ad035898579) /* 523 */,
+ U64_C(0x96c6920be2b2abc5) /* 524 */, U64_C(0x66af4163375a9172) /* 525 */,
+ U64_C(0x2174abdcca7127fb) /* 526 */, U64_C(0xb33ccea64a72ff41) /* 527 */,
+ U64_C(0xf04a4933083066a5) /* 528 */, U64_C(0x8d970acdd7289af5) /* 529 */,
+ U64_C(0x8f96e8e031c8c25e) /* 530 */, U64_C(0xf3fec02276875d47) /* 531 */,
+ U64_C(0xec7bf310056190dd) /* 532 */, U64_C(0xf5adb0aebb0f1491) /* 533 */,
+ U64_C(0x9b50f8850fd58892) /* 534 */, U64_C(0x4975488358b74de8) /* 535 */,
+ U64_C(0xa3354ff691531c61) /* 536 */, U64_C(0x0702bbe481d2c6ee) /* 537 */,
+ U64_C(0x89fb24057deded98) /* 538 */, U64_C(0xac3075138596e902) /* 539 */,
+ U64_C(0x1d2d3580172772ed) /* 540 */, U64_C(0xeb738fc28e6bc30d) /* 541 */,
+ U64_C(0x5854ef8f63044326) /* 542 */, U64_C(0x9e5c52325add3bbe) /* 543 */,
+ U64_C(0x90aa53cf325c4623) /* 544 */, U64_C(0xc1d24d51349dd067) /* 545 */,
+ U64_C(0x2051cfeea69ea624) /* 546 */, U64_C(0x13220f0a862e7e4f) /* 547 */,
+ U64_C(0xce39399404e04864) /* 548 */, U64_C(0xd9c42ca47086fcb7) /* 549 */,
+ U64_C(0x685ad2238a03e7cc) /* 550 */, U64_C(0x066484b2ab2ff1db) /* 551 */,
+ U64_C(0xfe9d5d70efbf79ec) /* 552 */, U64_C(0x5b13b9dd9c481854) /* 553 */,
+ U64_C(0x15f0d475ed1509ad) /* 554 */, U64_C(0x0bebcd060ec79851) /* 555 */,
+ U64_C(0xd58c6791183ab7f8) /* 556 */, U64_C(0xd1187c5052f3eee4) /* 557 */,
+ U64_C(0xc95d1192e54e82ff) /* 558 */, U64_C(0x86eea14cb9ac6ca2) /* 559 */,
+ U64_C(0x3485beb153677d5d) /* 560 */, U64_C(0xdd191d781f8c492a) /* 561 */,
+ U64_C(0xf60866baa784ebf9) /* 562 */, U64_C(0x518f643ba2d08c74) /* 563 */,
+ U64_C(0x8852e956e1087c22) /* 564 */, U64_C(0xa768cb8dc410ae8d) /* 565 */,
+ U64_C(0x38047726bfec8e1a) /* 566 */, U64_C(0xa67738b4cd3b45aa) /* 567 */,
+ U64_C(0xad16691cec0dde19) /* 568 */, U64_C(0xc6d4319380462e07) /* 569 */,
+ U64_C(0xc5a5876d0ba61938) /* 570 */, U64_C(0x16b9fa1fa58fd840) /* 571 */,
+ U64_C(0x188ab1173ca74f18) /* 572 */, U64_C(0xabda2f98c99c021f) /* 573 */,
+ U64_C(0x3e0580ab134ae816) /* 574 */, U64_C(0x5f3b05b773645abb) /* 575 */,
+ U64_C(0x2501a2be5575f2f6) /* 576 */, U64_C(0x1b2f74004e7e8ba9) /* 577 */,
+ U64_C(0x1cd7580371e8d953) /* 578 */, U64_C(0x7f6ed89562764e30) /* 579 */,
+ U64_C(0xb15926ff596f003d) /* 580 */, U64_C(0x9f65293da8c5d6b9) /* 581 */,
+ U64_C(0x6ecef04dd690f84c) /* 582 */, U64_C(0x4782275fff33af88) /* 583 */,
+ U64_C(0xe41433083f820801) /* 584 */, U64_C(0xfd0dfe409a1af9b5) /* 585 */,
+ U64_C(0x4325a3342cdb396b) /* 586 */, U64_C(0x8ae77e62b301b252) /* 587 */,
+ U64_C(0xc36f9e9f6655615a) /* 588 */, U64_C(0x85455a2d92d32c09) /* 589 */,
+ U64_C(0xf2c7dea949477485) /* 590 */, U64_C(0x63cfb4c133a39eba) /* 591 */,
+ U64_C(0x83b040cc6ebc5462) /* 592 */, U64_C(0x3b9454c8fdb326b0) /* 593 */,
+ U64_C(0x56f56a9e87ffd78c) /* 594 */, U64_C(0x2dc2940d99f42bc6) /* 595 */,
+ U64_C(0x98f7df096b096e2d) /* 596 */, U64_C(0x19a6e01e3ad852bf) /* 597 */,
+ U64_C(0x42a99ccbdbd4b40b) /* 598 */, U64_C(0xa59998af45e9c559) /* 599 */,
+ U64_C(0x366295e807d93186) /* 600 */, U64_C(0x6b48181bfaa1f773) /* 601 */,
+ U64_C(0x1fec57e2157a0a1d) /* 602 */, U64_C(0x4667446af6201ad5) /* 603 */,
+ U64_C(0xe615ebcacfb0f075) /* 604 */, U64_C(0xb8f31f4f68290778) /* 605 */,
+ U64_C(0x22713ed6ce22d11e) /* 606 */, U64_C(0x3057c1a72ec3c93b) /* 607 */,
+ U64_C(0xcb46acc37c3f1f2f) /* 608 */, U64_C(0xdbb893fd02aaf50e) /* 609 */,
+ U64_C(0x331fd92e600b9fcf) /* 610 */, U64_C(0xa498f96148ea3ad6) /* 611 */,
+ U64_C(0xa8d8426e8b6a83ea) /* 612 */, U64_C(0xa089b274b7735cdc) /* 613 */,
+ U64_C(0x87f6b3731e524a11) /* 614 */, U64_C(0x118808e5cbc96749) /* 615 */,
+ U64_C(0x9906e4c7b19bd394) /* 616 */, U64_C(0xafed7f7e9b24a20c) /* 617 */,
+ U64_C(0x6509eadeeb3644a7) /* 618 */, U64_C(0x6c1ef1d3e8ef0ede) /* 619 */,
+ U64_C(0xb9c97d43e9798fb4) /* 620 */, U64_C(0xa2f2d784740c28a3) /* 621 */,
+ U64_C(0x7b8496476197566f) /* 622 */, U64_C(0x7a5be3e6b65f069d) /* 623 */,
+ U64_C(0xf96330ed78be6f10) /* 624 */, U64_C(0xeee60de77a076a15) /* 625 */,
+ U64_C(0x2b4bee4aa08b9bd0) /* 626 */, U64_C(0x6a56a63ec7b8894e) /* 627 */,
+ U64_C(0x02121359ba34fef4) /* 628 */, U64_C(0x4cbf99f8283703fc) /* 629 */,
+ U64_C(0x398071350caf30c8) /* 630 */, U64_C(0xd0a77a89f017687a) /* 631 */,
+ U64_C(0xf1c1a9eb9e423569) /* 632 */, U64_C(0x8c7976282dee8199) /* 633 */,
+ U64_C(0x5d1737a5dd1f7abd) /* 634 */, U64_C(0x4f53433c09a9fa80) /* 635 */,
+ U64_C(0xfa8b0c53df7ca1d9) /* 636 */, U64_C(0x3fd9dcbc886ccb77) /* 637 */,
+ U64_C(0xc040917ca91b4720) /* 638 */, U64_C(0x7dd00142f9d1dcdf) /* 639 */,
+ U64_C(0x8476fc1d4f387b58) /* 640 */, U64_C(0x23f8e7c5f3316503) /* 641 */,
+ U64_C(0x032a2244e7e37339) /* 642 */, U64_C(0x5c87a5d750f5a74b) /* 643 */,
+ U64_C(0x082b4cc43698992e) /* 644 */, U64_C(0xdf917becb858f63c) /* 645 */,
+ U64_C(0x3270b8fc5bf86dda) /* 646 */, U64_C(0x10ae72bb29b5dd76) /* 647 */,
+ U64_C(0x576ac94e7700362b) /* 648 */, U64_C(0x1ad112dac61efb8f) /* 649 */,
+ U64_C(0x691bc30ec5faa427) /* 650 */, U64_C(0xff246311cc327143) /* 651 */,
+ U64_C(0x3142368e30e53206) /* 652 */, U64_C(0x71380e31e02ca396) /* 653 */,
+ U64_C(0x958d5c960aad76f1) /* 654 */, U64_C(0xf8d6f430c16da536) /* 655 */,
+ U64_C(0xc8ffd13f1be7e1d2) /* 656 */, U64_C(0x7578ae66004ddbe1) /* 657 */,
+ U64_C(0x05833f01067be646) /* 658 */, U64_C(0xbb34b5ad3bfe586d) /* 659 */,
+ U64_C(0x095f34c9a12b97f0) /* 660 */, U64_C(0x247ab64525d60ca8) /* 661 */,
+ U64_C(0xdcdbc6f3017477d1) /* 662 */, U64_C(0x4a2e14d4decad24d) /* 663 */,
+ U64_C(0xbdb5e6d9be0a1eeb) /* 664 */, U64_C(0x2a7e70f7794301ab) /* 665 */,
+ U64_C(0xdef42d8a270540fd) /* 666 */, U64_C(0x01078ec0a34c22c1) /* 667 */,
+ U64_C(0xe5de511af4c16387) /* 668 */, U64_C(0x7ebb3a52bd9a330a) /* 669 */,
+ U64_C(0x77697857aa7d6435) /* 670 */, U64_C(0x004e831603ae4c32) /* 671 */,
+ U64_C(0xe7a21020ad78e312) /* 672 */, U64_C(0x9d41a70c6ab420f2) /* 673 */,
+ U64_C(0x28e06c18ea1141e6) /* 674 */, U64_C(0xd2b28cbd984f6b28) /* 675 */,
+ U64_C(0x26b75f6c446e9d83) /* 676 */, U64_C(0xba47568c4d418d7f) /* 677 */,
+ U64_C(0xd80badbfe6183d8e) /* 678 */, U64_C(0x0e206d7f5f166044) /* 679 */,
+ U64_C(0xe258a43911cbca3e) /* 680 */, U64_C(0x723a1746b21dc0bc) /* 681 */,
+ U64_C(0xc7caa854f5d7cdd3) /* 682 */, U64_C(0x7cac32883d261d9c) /* 683 */,
+ U64_C(0x7690c26423ba942c) /* 684 */, U64_C(0x17e55524478042b8) /* 685 */,
+ U64_C(0xe0be477656a2389f) /* 686 */, U64_C(0x4d289b5e67ab2da0) /* 687 */,
+ U64_C(0x44862b9c8fbbfd31) /* 688 */, U64_C(0xb47cc8049d141365) /* 689 */,
+ U64_C(0x822c1b362b91c793) /* 690 */, U64_C(0x4eb14655fb13dfd8) /* 691 */,
+ U64_C(0x1ecbba0714e2a97b) /* 692 */, U64_C(0x6143459d5cde5f14) /* 693 */,
+ U64_C(0x53a8fbf1d5f0ac89) /* 694 */, U64_C(0x97ea04d81c5e5b00) /* 695 */,
+ U64_C(0x622181a8d4fdb3f3) /* 696 */, U64_C(0xe9bcd341572a1208) /* 697 */,
+ U64_C(0x1411258643cce58a) /* 698 */, U64_C(0x9144c5fea4c6e0a4) /* 699 */,
+ U64_C(0x0d33d06565cf620f) /* 700 */, U64_C(0x54a48d489f219ca1) /* 701 */,
+ U64_C(0xc43e5eac6d63c821) /* 702 */, U64_C(0xa9728b3a72770daf) /* 703 */,
+ U64_C(0xd7934e7b20df87ef) /* 704 */, U64_C(0xe35503b61a3e86e5) /* 705 */,
+ U64_C(0xcae321fbc819d504) /* 706 */, U64_C(0x129a50b3ac60bfa6) /* 707 */,
+ U64_C(0xcd5e68ea7e9fb6c3) /* 708 */, U64_C(0xb01c90199483b1c7) /* 709 */,
+ U64_C(0x3de93cd5c295376c) /* 710 */, U64_C(0xaed52edf2ab9ad13) /* 711 */,
+ U64_C(0x2e60f512c0a07884) /* 712 */, U64_C(0xbc3d86a3e36210c9) /* 713 */,
+ U64_C(0x35269d9b163951ce) /* 714 */, U64_C(0x0c7d6e2ad0cdb5fa) /* 715 */,
+ U64_C(0x59e86297d87f5733) /* 716 */, U64_C(0x298ef221898db0e7) /* 717 */,
+ U64_C(0x55000029d1a5aa7e) /* 718 */, U64_C(0x8bc08ae1b5061b45) /* 719 */,
+ U64_C(0xc2c31c2b6c92703a) /* 720 */, U64_C(0x94cc596baf25ef42) /* 721 */,
+ U64_C(0x0a1d73db22540456) /* 722 */, U64_C(0x04b6a0f9d9c4179a) /* 723 */,
+ U64_C(0xeffdafa2ae3d3c60) /* 724 */, U64_C(0xf7c8075bb49496c4) /* 725 */,
+ U64_C(0x9cc5c7141d1cd4e3) /* 726 */, U64_C(0x78bd1638218e5534) /* 727 */,
+ U64_C(0xb2f11568f850246a) /* 728 */, U64_C(0xedfabcfa9502bc29) /* 729 */,
+ U64_C(0x796ce5f2da23051b) /* 730 */, U64_C(0xaae128b0dc93537c) /* 731 */,
+ U64_C(0x3a493da0ee4b29ae) /* 732 */, U64_C(0xb5df6b2c416895d7) /* 733 */,
+ U64_C(0xfcabbd25122d7f37) /* 734 */, U64_C(0x70810b58105dc4b1) /* 735 */,
+ U64_C(0xe10fdd37f7882a90) /* 736 */, U64_C(0x524dcab5518a3f5c) /* 737 */,
+ U64_C(0x3c9e85878451255b) /* 738 */, U64_C(0x4029828119bd34e2) /* 739 */,
+ U64_C(0x74a05b6f5d3ceccb) /* 740 */, U64_C(0xb610021542e13eca) /* 741 */,
+ U64_C(0x0ff979d12f59e2ac) /* 742 */, U64_C(0x6037da27e4f9cc50) /* 743 */,
+ U64_C(0x5e92975a0df1847d) /* 744 */, U64_C(0xd66de190d3e623fe) /* 745 */,
+ U64_C(0x5032d6b87b568048) /* 746 */, U64_C(0x9a36b7ce8235216e) /* 747 */,
+ U64_C(0x80272a7a24f64b4a) /* 748 */, U64_C(0x93efed8b8c6916f7) /* 749 */,
+ U64_C(0x37ddbff44cce1555) /* 750 */, U64_C(0x4b95db5d4b99bd25) /* 751 */,
+ U64_C(0x92d3fda169812fc0) /* 752 */, U64_C(0xfb1a4a9a90660bb6) /* 753 */,
+ U64_C(0x730c196946a4b9b2) /* 754 */, U64_C(0x81e289aa7f49da68) /* 755 */,
+ U64_C(0x64669a0f83b1a05f) /* 756 */, U64_C(0x27b3ff7d9644f48b) /* 757 */,
+ U64_C(0xcc6b615c8db675b3) /* 758 */, U64_C(0x674f20b9bcebbe95) /* 759 */,
+ U64_C(0x6f31238275655982) /* 760 */, U64_C(0x5ae488713e45cf05) /* 761 */,
+ U64_C(0xbf619f9954c21157) /* 762 */, U64_C(0xeabac46040a8eae9) /* 763 */,
+ U64_C(0x454c6fe9f2c0c1cd) /* 764 */, U64_C(0x419cf6496412691c) /* 765 */,
+ U64_C(0xd3dc3bef265b0f70) /* 766 */, U64_C(0x6d0e60f5c3578a9e) /* 767 */
+};
+static u64 sbox4[256] = {
+ U64_C(0x5b0e608526323c55) /* 768 */, U64_C(0x1a46c1a9fa1b59f5) /* 769 */,
+ U64_C(0xa9e245a17c4c8ffa) /* 770 */, U64_C(0x65ca5159db2955d7) /* 771 */,
+ U64_C(0x05db0a76ce35afc2) /* 772 */, U64_C(0x81eac77ea9113d45) /* 773 */,
+ U64_C(0x528ef88ab6ac0a0d) /* 774 */, U64_C(0xa09ea253597be3ff) /* 775 */,
+ U64_C(0x430ddfb3ac48cd56) /* 776 */, U64_C(0xc4b3a67af45ce46f) /* 777 */,
+ U64_C(0x4ececfd8fbe2d05e) /* 778 */, U64_C(0x3ef56f10b39935f0) /* 779 */,
+ U64_C(0x0b22d6829cd619c6) /* 780 */, U64_C(0x17fd460a74df2069) /* 781 */,
+ U64_C(0x6cf8cc8e8510ed40) /* 782 */, U64_C(0xd6c824bf3a6ecaa7) /* 783 */,
+ U64_C(0x61243d581a817049) /* 784 */, U64_C(0x048bacb6bbc163a2) /* 785 */,
+ U64_C(0xd9a38ac27d44cc32) /* 786 */, U64_C(0x7fddff5baaf410ab) /* 787 */,
+ U64_C(0xad6d495aa804824b) /* 788 */, U64_C(0xe1a6a74f2d8c9f94) /* 789 */,
+ U64_C(0xd4f7851235dee8e3) /* 790 */, U64_C(0xfd4b7f886540d893) /* 791 */,
+ U64_C(0x247c20042aa4bfda) /* 792 */, U64_C(0x096ea1c517d1327c) /* 793 */,
+ U64_C(0xd56966b4361a6685) /* 794 */, U64_C(0x277da5c31221057d) /* 795 */,
+ U64_C(0x94d59893a43acff7) /* 796 */, U64_C(0x64f0c51ccdc02281) /* 797 */,
+ U64_C(0x3d33bcc4ff6189db) /* 798 */, U64_C(0xe005cb184ce66af1) /* 799 */,
+ U64_C(0xff5ccd1d1db99bea) /* 800 */, U64_C(0xb0b854a7fe42980f) /* 801 */,
+ U64_C(0x7bd46a6a718d4b9f) /* 802 */, U64_C(0xd10fa8cc22a5fd8c) /* 803 */,
+ U64_C(0xd31484952be4bd31) /* 804 */, U64_C(0xc7fa975fcb243847) /* 805 */,
+ U64_C(0x4886ed1e5846c407) /* 806 */, U64_C(0x28cddb791eb70b04) /* 807 */,
+ U64_C(0xc2b00be2f573417f) /* 808 */, U64_C(0x5c9590452180f877) /* 809 */,
+ U64_C(0x7a6bddfff370eb00) /* 810 */, U64_C(0xce509e38d6d9d6a4) /* 811 */,
+ U64_C(0xebeb0f00647fa702) /* 812 */, U64_C(0x1dcc06cf76606f06) /* 813 */,
+ U64_C(0xe4d9f28ba286ff0a) /* 814 */, U64_C(0xd85a305dc918c262) /* 815 */,
+ U64_C(0x475b1d8732225f54) /* 816 */, U64_C(0x2d4fb51668ccb5fe) /* 817 */,
+ U64_C(0xa679b9d9d72bba20) /* 818 */, U64_C(0x53841c0d912d43a5) /* 819 */,
+ U64_C(0x3b7eaa48bf12a4e8) /* 820 */, U64_C(0x781e0e47f22f1ddf) /* 821 */,
+ U64_C(0xeff20ce60ab50973) /* 822 */, U64_C(0x20d261d19dffb742) /* 823 */,
+ U64_C(0x16a12b03062a2e39) /* 824 */, U64_C(0x1960eb2239650495) /* 825 */,
+ U64_C(0x251c16fed50eb8b8) /* 826 */, U64_C(0x9ac0c330f826016e) /* 827 */,
+ U64_C(0xed152665953e7671) /* 828 */, U64_C(0x02d63194a6369570) /* 829 */,
+ U64_C(0x5074f08394b1c987) /* 830 */, U64_C(0x70ba598c90b25ce1) /* 831 */,
+ U64_C(0x794a15810b9742f6) /* 832 */, U64_C(0x0d5925e9fcaf8c6c) /* 833 */,
+ U64_C(0x3067716cd868744e) /* 834 */, U64_C(0x910ab077e8d7731b) /* 835 */,
+ U64_C(0x6a61bbdb5ac42f61) /* 836 */, U64_C(0x93513efbf0851567) /* 837 */,
+ U64_C(0xf494724b9e83e9d5) /* 838 */, U64_C(0xe887e1985c09648d) /* 839 */,
+ U64_C(0x34b1d3c675370cfd) /* 840 */, U64_C(0xdc35e433bc0d255d) /* 841 */,
+ U64_C(0xd0aab84234131be0) /* 842 */, U64_C(0x08042a50b48b7eaf) /* 843 */,
+ U64_C(0x9997c4ee44a3ab35) /* 844 */, U64_C(0x829a7b49201799d0) /* 845 */,
+ U64_C(0x263b8307b7c54441) /* 846 */, U64_C(0x752f95f4fd6a6ca6) /* 847 */,
+ U64_C(0x927217402c08c6e5) /* 848 */, U64_C(0x2a8ab754a795d9ee) /* 849 */,
+ U64_C(0xa442f7552f72943d) /* 850 */, U64_C(0x2c31334e19781208) /* 851 */,
+ U64_C(0x4fa98d7ceaee6291) /* 852 */, U64_C(0x55c3862f665db309) /* 853 */,
+ U64_C(0xbd0610175d53b1f3) /* 854 */, U64_C(0x46fe6cb840413f27) /* 855 */,
+ U64_C(0x3fe03792df0cfa59) /* 856 */, U64_C(0xcfe700372eb85e8f) /* 857 */,
+ U64_C(0xa7be29e7adbce118) /* 858 */, U64_C(0xe544ee5cde8431dd) /* 859 */,
+ U64_C(0x8a781b1b41f1873e) /* 860 */, U64_C(0xa5c94c78a0d2f0e7) /* 861 */,
+ U64_C(0x39412e2877b60728) /* 862 */, U64_C(0xa1265ef3afc9a62c) /* 863 */,
+ U64_C(0xbcc2770c6a2506c5) /* 864 */, U64_C(0x3ab66dd5dce1ce12) /* 865 */,
+ U64_C(0xe65499d04a675b37) /* 866 */, U64_C(0x7d8f523481bfd216) /* 867 */,
+ U64_C(0x0f6f64fcec15f389) /* 868 */, U64_C(0x74efbe618b5b13c8) /* 869 */,
+ U64_C(0xacdc82b714273e1d) /* 870 */, U64_C(0xdd40bfe003199d17) /* 871 */,
+ U64_C(0x37e99257e7e061f8) /* 872 */, U64_C(0xfa52626904775aaa) /* 873 */,
+ U64_C(0x8bbbf63a463d56f9) /* 874 */, U64_C(0xf0013f1543a26e64) /* 875 */,
+ U64_C(0xa8307e9f879ec898) /* 876 */, U64_C(0xcc4c27a4150177cc) /* 877 */,
+ U64_C(0x1b432f2cca1d3348) /* 878 */, U64_C(0xde1d1f8f9f6fa013) /* 879 */,
+ U64_C(0x606602a047a7ddd6) /* 880 */, U64_C(0xd237ab64cc1cb2c7) /* 881 */,
+ U64_C(0x9b938e7225fcd1d3) /* 882 */, U64_C(0xec4e03708e0ff476) /* 883 */,
+ U64_C(0xfeb2fbda3d03c12d) /* 884 */, U64_C(0xae0bced2ee43889a) /* 885 */,
+ U64_C(0x22cb8923ebfb4f43) /* 886 */, U64_C(0x69360d013cf7396d) /* 887 */,
+ U64_C(0x855e3602d2d4e022) /* 888 */, U64_C(0x073805bad01f784c) /* 889 */,
+ U64_C(0x33e17a133852f546) /* 890 */, U64_C(0xdf4874058ac7b638) /* 891 */,
+ U64_C(0xba92b29c678aa14a) /* 892 */, U64_C(0x0ce89fc76cfaadcd) /* 893 */,
+ U64_C(0x5f9d4e0908339e34) /* 894 */, U64_C(0xf1afe9291f5923b9) /* 895 */,
+ U64_C(0x6e3480f60f4a265f) /* 896 */, U64_C(0xeebf3a2ab29b841c) /* 897 */,
+ U64_C(0xe21938a88f91b4ad) /* 898 */, U64_C(0x57dfeff845c6d3c3) /* 899 */,
+ U64_C(0x2f006b0bf62caaf2) /* 900 */, U64_C(0x62f479ef6f75ee78) /* 901 */,
+ U64_C(0x11a55ad41c8916a9) /* 902 */, U64_C(0xf229d29084fed453) /* 903 */,
+ U64_C(0x42f1c27b16b000e6) /* 904 */, U64_C(0x2b1f76749823c074) /* 905 */,
+ U64_C(0x4b76eca3c2745360) /* 906 */, U64_C(0x8c98f463b91691bd) /* 907 */,
+ U64_C(0x14bcc93cf1ade66a) /* 908 */, U64_C(0x8885213e6d458397) /* 909 */,
+ U64_C(0x8e177df0274d4711) /* 910 */, U64_C(0xb49b73b5503f2951) /* 911 */,
+ U64_C(0x10168168c3f96b6b) /* 912 */, U64_C(0x0e3d963b63cab0ae) /* 913 */,
+ U64_C(0x8dfc4b5655a1db14) /* 914 */, U64_C(0xf789f1356e14de5c) /* 915 */,
+ U64_C(0x683e68af4e51dac1) /* 916 */, U64_C(0xc9a84f9d8d4b0fd9) /* 917 */,
+ U64_C(0x3691e03f52a0f9d1) /* 918 */, U64_C(0x5ed86e46e1878e80) /* 919 */,
+ U64_C(0x3c711a0e99d07150) /* 920 */, U64_C(0x5a0865b20c4e9310) /* 921 */,
+ U64_C(0x56fbfc1fe4f0682e) /* 922 */, U64_C(0xea8d5de3105edf9b) /* 923 */,
+ U64_C(0x71abfdb12379187a) /* 924 */, U64_C(0x2eb99de1bee77b9c) /* 925 */,
+ U64_C(0x21ecc0ea33cf4523) /* 926 */, U64_C(0x59a4d7521805c7a1) /* 927 */,
+ U64_C(0x3896f5eb56ae7c72) /* 928 */, U64_C(0xaa638f3db18f75dc) /* 929 */,
+ U64_C(0x9f39358dabe9808e) /* 930 */, U64_C(0xb7defa91c00b72ac) /* 931 */,
+ U64_C(0x6b5541fd62492d92) /* 932 */, U64_C(0x6dc6dee8f92e4d5b) /* 933 */,
+ U64_C(0x353f57abc4beea7e) /* 934 */, U64_C(0x735769d6da5690ce) /* 935 */,
+ U64_C(0x0a234aa642391484) /* 936 */, U64_C(0xf6f9508028f80d9d) /* 937 */,
+ U64_C(0xb8e319a27ab3f215) /* 938 */, U64_C(0x31ad9c1151341a4d) /* 939 */,
+ U64_C(0x773c22a57bef5805) /* 940 */, U64_C(0x45c7561a07968633) /* 941 */,
+ U64_C(0xf913da9e249dbe36) /* 942 */, U64_C(0xda652d9b78a64c68) /* 943 */,
+ U64_C(0x4c27a97f3bc334ef) /* 944 */, U64_C(0x76621220e66b17f4) /* 945 */,
+ U64_C(0x967743899acd7d0b) /* 946 */, U64_C(0xf3ee5bcae0ed6782) /* 947 */,
+ U64_C(0x409f753600c879fc) /* 948 */, U64_C(0x06d09a39b5926db6) /* 949 */,
+ U64_C(0x6f83aeb0317ac588) /* 950 */, U64_C(0x01e6ca4a86381f21) /* 951 */,
+ U64_C(0x66ff3462d19f3025) /* 952 */, U64_C(0x72207c24ddfd3bfb) /* 953 */,
+ U64_C(0x4af6b6d3e2ece2eb) /* 954 */, U64_C(0x9c994dbec7ea08de) /* 955 */,
+ U64_C(0x49ace597b09a8bc4) /* 956 */, U64_C(0xb38c4766cf0797ba) /* 957 */,
+ U64_C(0x131b9373c57c2a75) /* 958 */, U64_C(0xb1822cce61931e58) /* 959 */,
+ U64_C(0x9d7555b909ba1c0c) /* 960 */, U64_C(0x127fafdd937d11d2) /* 961 */,
+ U64_C(0x29da3badc66d92e4) /* 962 */, U64_C(0xa2c1d57154c2ecbc) /* 963 */,
+ U64_C(0x58c5134d82f6fe24) /* 964 */, U64_C(0x1c3ae3515b62274f) /* 965 */,
+ U64_C(0xe907c82e01cb8126) /* 966 */, U64_C(0xf8ed091913e37fcb) /* 967 */,
+ U64_C(0x3249d8f9c80046c9) /* 968 */, U64_C(0x80cf9bede388fb63) /* 969 */,
+ U64_C(0x1881539a116cf19e) /* 970 */, U64_C(0x5103f3f76bd52457) /* 971 */,
+ U64_C(0x15b7e6f5ae47f7a8) /* 972 */, U64_C(0xdbd7c6ded47e9ccf) /* 973 */,
+ U64_C(0x44e55c410228bb1a) /* 974 */, U64_C(0xb647d4255edb4e99) /* 975 */,
+ U64_C(0x5d11882bb8aafc30) /* 976 */, U64_C(0xf5098bbb29d3212a) /* 977 */,
+ U64_C(0x8fb5ea14e90296b3) /* 978 */, U64_C(0x677b942157dd025a) /* 979 */,
+ U64_C(0xfb58e7c0a390acb5) /* 980 */, U64_C(0x89d3674c83bd4a01) /* 981 */,
+ U64_C(0x9e2da4df4bf3b93b) /* 982 */, U64_C(0xfcc41e328cab4829) /* 983 */,
+ U64_C(0x03f38c96ba582c52) /* 984 */, U64_C(0xcad1bdbd7fd85db2) /* 985 */,
+ U64_C(0xbbb442c16082ae83) /* 986 */, U64_C(0xb95fe86ba5da9ab0) /* 987 */,
+ U64_C(0xb22e04673771a93f) /* 988 */, U64_C(0x845358c9493152d8) /* 989 */,
+ U64_C(0xbe2a488697b4541e) /* 990 */, U64_C(0x95a2dc2dd38e6966) /* 991 */,
+ U64_C(0xc02c11ac923c852b) /* 992 */, U64_C(0x2388b1990df2a87b) /* 993 */,
+ U64_C(0x7c8008fa1b4f37be) /* 994 */, U64_C(0x1f70d0c84d54e503) /* 995 */,
+ U64_C(0x5490adec7ece57d4) /* 996 */, U64_C(0x002b3c27d9063a3a) /* 997 */,
+ U64_C(0x7eaea3848030a2bf) /* 998 */, U64_C(0xc602326ded2003c0) /* 999 */,
+ U64_C(0x83a7287d69a94086) /* 1000 */, U64_C(0xc57a5fcb30f57a8a) /* 1001 */,
+ U64_C(0xb56844e479ebe779) /* 1002 */, U64_C(0xa373b40f05dcbce9) /* 1003 */,
+ U64_C(0xd71a786e88570ee2) /* 1004 */, U64_C(0x879cbacdbde8f6a0) /* 1005 */,
+ U64_C(0x976ad1bcc164a32f) /* 1006 */, U64_C(0xab21e25e9666d78b) /* 1007 */,
+ U64_C(0x901063aae5e5c33c) /* 1008 */, U64_C(0x9818b34448698d90) /* 1009 */,
+ U64_C(0xe36487ae3e1e8abb) /* 1010 */, U64_C(0xafbdf931893bdcb4) /* 1011 */,
+ U64_C(0x6345a0dc5fbbd519) /* 1012 */, U64_C(0x8628fe269b9465ca) /* 1013 */,
+ U64_C(0x1e5d01603f9c51ec) /* 1014 */, U64_C(0x4de44006a15049b7) /* 1015 */,
+ U64_C(0xbf6c70e5f776cbb1) /* 1016 */, U64_C(0x411218f2ef552bed) /* 1017 */,
+ U64_C(0xcb0c0708705a36a3) /* 1018 */, U64_C(0xe74d14754f986044) /* 1019 */,
+ U64_C(0xcd56d9430ea8280e) /* 1020 */, U64_C(0xc12591d7535f5065) /* 1021 */,
+ U64_C(0xc83223f1720aef96) /* 1022 */, U64_C(0xc3a0396f7363a51f) /* 1023 */
+};
+
+static void
+tiger_init( void *context )
+{
+ TIGER_CONTEXT *hd = context;
+
+ hd->a = 0x0123456789abcdefLL;
+ hd->b = 0xfedcba9876543210LL;
+ hd->c = 0xf096a5b4c3b2e187LL;
+ hd->nblocks = 0;
+ hd->count = 0;
+}
+
+static void
+tiger_round( u64 *ra, u64 *rb, u64 *rc, u64 x, int mul )
+{
+ u64 a = *ra;
+ u64 b = *rb;
+ u64 c = *rc;
+
+ c ^= x;
+ a -= ( sbox1[ c & 0xff ] ^ sbox2[ (c >> 16) & 0xff ]
+ ^ sbox3[ (c >> 32) & 0xff ] ^ sbox4[ (c >> 48) & 0xff ]);
+ b += ( sbox4[ (c >> 8) & 0xff ] ^ sbox3[ (c >> 24) & 0xff ]
+ ^ sbox2[ (c >> 40) & 0xff ] ^ sbox1[ (c >> 56) & 0xff ]);
+ b *= mul;
+
+ *ra = a;
+ *rb = b;
+ *rc = c;
+}
+
+
+static void
+pass( u64 *ra, u64 *rb, u64 *rc, u64 *x, int mul )
+{
+ u64 a = *ra;
+ u64 b = *rb;
+ u64 c = *rc;
+
+ tiger_round( &a, &b, &c, x[0], mul );
+ tiger_round( &b, &c, &a, x[1], mul );
+ tiger_round( &c, &a, &b, x[2], mul );
+ tiger_round( &a, &b, &c, x[3], mul );
+ tiger_round( &b, &c, &a, x[4], mul );
+ tiger_round( &c, &a, &b, x[5], mul );
+ tiger_round( &a, &b, &c, x[6], mul );
+ tiger_round( &b, &c, &a, x[7], mul );
+
+ *ra = a;
+ *rb = b;
+ *rc = c;
+}
+
+
+static void
+key_schedule( u64 *x )
+{
+ x[0] -= x[7] ^ 0xa5a5a5a5a5a5a5a5LL;
+ x[1] ^= x[0];
+ x[2] += x[1];
+ x[3] -= x[2] ^ ((~x[1]) << 19 );
+ x[4] ^= x[3];
+ x[5] += x[4];
+ x[6] -= x[5] ^ ((~x[4]) >> 23 );
+ x[7] ^= x[6];
+ x[0] += x[7];
+ x[1] -= x[0] ^ ((~x[7]) << 19 );
+ x[2] ^= x[1];
+ x[3] += x[2];
+ x[4] -= x[3] ^ ((~x[2]) >> 23 );
+ x[5] ^= x[4];
+ x[6] += x[5];
+ x[7] -= x[6] ^ 0x0123456789abcdefLL;
+}
+
+
+/****************
+ * Transform the message DATA which consists of 512 bytes (8 words)
+ */
+static void
+transform ( TIGER_CONTEXT *hd, const unsigned char *data )
+{
+ u64 a,b,c,aa,bb,cc;
+ u64 x[8];
+#ifdef WORDS_BIGENDIAN
+#define MKWORD(d,n) \
+ ( ((u64)(d)[8*(n)+7]) << 56 | ((u64)(d)[8*(n)+6]) << 48 \
+ | ((u64)(d)[8*(n)+5]) << 40 | ((u64)(d)[8*(n)+4]) << 32 \
+ | ((u64)(d)[8*(n)+3]) << 24 | ((u64)(d)[8*(n)+2]) << 16 \
+ | ((u64)(d)[8*(n)+1]) << 8 | ((u64)(d)[8*(n) ]) )
+ x[0] = MKWORD(data, 0);
+ x[1] = MKWORD(data, 1);
+ x[2] = MKWORD(data, 2);
+ x[3] = MKWORD(data, 3);
+ x[4] = MKWORD(data, 4);
+ x[5] = MKWORD(data, 5);
+ x[6] = MKWORD(data, 6);
+ x[7] = MKWORD(data, 7);
+#undef MKWORD
+#else
+ memcpy( &x[0], data, 64 );
+#endif
+
+ /* save */
+ a = aa = hd->a;
+ b = bb = hd->b;
+ c = cc = hd->c;
+
+ pass( &a, &b, &c, x, 5);
+ key_schedule( x );
+ pass( &c, &a, &b, x, 7);
+ key_schedule( x );
+ pass( &b, &c, &a, x, 9);
+
+ /* feedforward */
+ a ^= aa;
+ b -= bb;
+ c += cc;
+ /* store */
+ hd->a = a;
+ hd->b = b;
+ hd->c = c;
+}
+
+
+
+/* Update the message digest with the contents
+ * of INBUF with length INLEN.
+ */
+static void
+tiger_write ( void *context, const void *inbuf_arg, size_t inlen)
+{
+ const unsigned char *inbuf = inbuf_arg;
+ TIGER_CONTEXT *hd = context;
+
+ if( hd->count == 64 ) /* flush the buffer */
+ {
+ transform( hd, hd->buf );
+ _gcry_burn_stack (21*8+11*sizeof(void*));
+ hd->count = 0;
+ hd->nblocks++;
+ }
+ if( !inbuf )
+ return;
+ if( hd->count )
+ {
+ for( ; inlen && hd->count < 64; inlen-- )
+ hd->buf[hd->count++] = *inbuf++;
+ tiger_write( hd, NULL, 0 );
+ if( !inlen )
+ return;
+ }
+
+ while( inlen >= 64 )
+ {
+ transform( hd, inbuf );
+ hd->count = 0;
+ hd->nblocks++;
+ inlen -= 64;
+ inbuf += 64;
+ }
+ _gcry_burn_stack (21*8+11*sizeof(void*));
+ for( ; inlen && hd->count < 64; inlen-- )
+ hd->buf[hd->count++] = *inbuf++;
+}
+
+
+
+/* The routine terminates the computation
+ */
+static void
+tiger_final( void *context )
+{
+ TIGER_CONTEXT *hd = context;
+ u32 t, msb, lsb;
+ byte *p;
+
+ tiger_write(hd, NULL, 0); /* flush */;
+
+ t = hd->nblocks;
+ /* multiply by 64 to make a byte count */
+ lsb = t << 6;
+ msb = t >> 26;
+ /* add the count */
+ t = lsb;
+ if( (lsb += hd->count) < t )
+ msb++;
+ /* multiply by 8 to make a bit count */
+ t = lsb;
+ lsb <<= 3;
+ msb <<= 3;
+ msb |= t >> 29;
+
+ if( hd->count < 56 ) /* enough room */
+ {
+ hd->buf[hd->count++] = 0x01; /* pad */
+ while( hd->count < 56 )
+ hd->buf[hd->count++] = 0; /* pad */
+ }
+ else /* need one extra block */
+ {
+ hd->buf[hd->count++] = 0x01; /* pad character */
+ while( hd->count < 64 )
+ hd->buf[hd->count++] = 0;
+ tiger_write(hd, NULL, 0); /* flush */;
+ memset(hd->buf, 0, 56 ); /* fill next block with zeroes */
+ }
+ /* append the 64 bit count */
+ hd->buf[56] = lsb ;
+ hd->buf[57] = lsb >> 8;
+ hd->buf[58] = lsb >> 16;
+ hd->buf[59] = lsb >> 24;
+ hd->buf[60] = msb ;
+ hd->buf[61] = msb >> 8;
+ hd->buf[62] = msb >> 16;
+ hd->buf[63] = msb >> 24;
+ transform( hd, hd->buf );
+ _gcry_burn_stack (21*8+11*sizeof(void*));
+
+ p = hd->buf;
+#ifdef WORDS_BIGENDIAN
+#define X(a) do { *(u64*)p = hd->a ; p += 8; } while(0)
+#else /* little endian */
+#define X(a) do { *p++ = hd->a >> 56; *p++ = hd->a >> 48; \
+ *p++ = hd->a >> 40; *p++ = hd->a >> 32; \
+ *p++ = hd->a >> 24; *p++ = hd->a >> 16; \
+ *p++ = hd->a >> 8; *p++ = hd->a; } while(0)
+#endif
+ X(a);
+ X(b);
+ X(c);
+#undef X
+}
+
+static byte *
+tiger_read( void *context )
+{
+ TIGER_CONTEXT *hd = context;
+
+ return hd->buf;
+}
+
+static byte asn[19] = /* Object ID is 1.3.6.1.4.1.11591.12.2 */
+ { 0x30, 0x29, 0x30, 0x0d, 0x06, 0x09, 0x2b, 0x06,
+ 0x01, 0x04, 0x01, 0xda, 0x47, 0x0c, 0x02,
+ 0x05, 0x00, 0x04, 0x18 };
+
+static gcry_md_oid_spec_t oid_spec_tiger[] =
+ {
+ /* GNU.digestAlgorithm TIGER */
+ { "1.3.6.1.4.1.11591.12.2" },
+ { NULL }
+ };
+
+gcry_md_spec_t _gcry_digest_spec_tiger =
+ {
+ "TIGER192", asn, DIM (asn), oid_spec_tiger, 24,
+ tiger_init, tiger_write, tiger_final, tiger_read,
+ sizeof (TIGER_CONTEXT)
+ ,
+ .blocksize = 64
+ };
+
+#endif /* HAVE_U64_TYPEDEF */
+
+
+GRUB_MOD_INIT(gcry_tiger)
+{
+ grub_md_register (&_gcry_digest_spec_tiger);
+}
+
+GRUB_MOD_FINI(gcry_tiger)
+{
+ grub_md_unregister (&_gcry_digest_spec_tiger);
+}
diff --git a/grub-core/lib/libgcrypt-grub/cipher/twofish.c b/grub-core/lib/libgcrypt-grub/cipher/twofish.c
new file mode 100644
index 0000000..8065623
--- /dev/null
+++ b/grub-core/lib/libgcrypt-grub/cipher/twofish.c
@@ -0,0 +1,993 @@
+/* This file was automatically imported with
+ import_gcry.py. Please don't modify it */
+#include <grub/dl.h>
+GRUB_MOD_LICENSE ("GPLv3+");
+/* Twofish for GPG
+ * Copyright (C) 1998, 2002, 2003 Free Software Foundation, Inc.
+ * Written by Matthew Skala <mskala@ansuz.sooke.bc.ca>, July 26, 1998
+ * 256-bit key length added March 20, 1999
+ * Some modifications to reduce the text size by Werner Koch, April, 1998
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ ********************************************************************
+ *
+ * This code is a "clean room" implementation, written from the paper
+ * _Twofish: A 128-Bit Block Cipher_ by Bruce Schneier, John Kelsey,
+ * Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson, available
+ * through http://www.counterpane.com/twofish.html
+ *
+ * For background information on multiplication in finite fields, used for
+ * the matrix operations in the key schedule, see the book _Contemporary
+ * Abstract Algebra_ by Joseph A. Gallian, especially chapter 22 in the
+ * Third Edition.
+ *
+ * Only the 128- and 256-bit key sizes are supported. This code is intended
+ * for GNU C on a 32-bit system, but it should work almost anywhere. Loops
+ * are unrolled, precomputation tables are used, etc., for maximum speed at
+ * some cost in memory consumption. */
+
+
+#include "types.h" /* for byte and u32 typedefs */
+#include "g10lib.h"
+#include "cipher.h"
+
+/* Prototype for the self-test function. */
+
+/* Structure for an expanded Twofish key. s contains the key-dependent
+ * S-boxes composed with the MDS matrix; w contains the eight "whitening"
+ * subkeys, K[0] through K[7]. k holds the remaining, "round" subkeys. Note
+ * that k[i] corresponds to what the Twofish paper calls K[i+8]. */
+typedef struct {
+ u32 s[4][256], w[8], k[32];
+} TWOFISH_context;
+
+/* These two tables are the q0 and q1 permutations, exactly as described in
+ * the Twofish paper. */
+
+static const byte q0[256] = {
+ 0xA9, 0x67, 0xB3, 0xE8, 0x04, 0xFD, 0xA3, 0x76, 0x9A, 0x92, 0x80, 0x78,
+ 0xE4, 0xDD, 0xD1, 0x38, 0x0D, 0xC6, 0x35, 0x98, 0x18, 0xF7, 0xEC, 0x6C,
+ 0x43, 0x75, 0x37, 0x26, 0xFA, 0x13, 0x94, 0x48, 0xF2, 0xD0, 0x8B, 0x30,
+ 0x84, 0x54, 0xDF, 0x23, 0x19, 0x5B, 0x3D, 0x59, 0xF3, 0xAE, 0xA2, 0x82,
+ 0x63, 0x01, 0x83, 0x2E, 0xD9, 0x51, 0x9B, 0x7C, 0xA6, 0xEB, 0xA5, 0xBE,
+ 0x16, 0x0C, 0xE3, 0x61, 0xC0, 0x8C, 0x3A, 0xF5, 0x73, 0x2C, 0x25, 0x0B,
+ 0xBB, 0x4E, 0x89, 0x6B, 0x53, 0x6A, 0xB4, 0xF1, 0xE1, 0xE6, 0xBD, 0x45,
+ 0xE2, 0xF4, 0xB6, 0x66, 0xCC, 0x95, 0x03, 0x56, 0xD4, 0x1C, 0x1E, 0xD7,
+ 0xFB, 0xC3, 0x8E, 0xB5, 0xE9, 0xCF, 0xBF, 0xBA, 0xEA, 0x77, 0x39, 0xAF,
+ 0x33, 0xC9, 0x62, 0x71, 0x81, 0x79, 0x09, 0xAD, 0x24, 0xCD, 0xF9, 0xD8,
+ 0xE5, 0xC5, 0xB9, 0x4D, 0x44, 0x08, 0x86, 0xE7, 0xA1, 0x1D, 0xAA, 0xED,
+ 0x06, 0x70, 0xB2, 0xD2, 0x41, 0x7B, 0xA0, 0x11, 0x31, 0xC2, 0x27, 0x90,
+ 0x20, 0xF6, 0x60, 0xFF, 0x96, 0x5C, 0xB1, 0xAB, 0x9E, 0x9C, 0x52, 0x1B,
+ 0x5F, 0x93, 0x0A, 0xEF, 0x91, 0x85, 0x49, 0xEE, 0x2D, 0x4F, 0x8F, 0x3B,
+ 0x47, 0x87, 0x6D, 0x46, 0xD6, 0x3E, 0x69, 0x64, 0x2A, 0xCE, 0xCB, 0x2F,
+ 0xFC, 0x97, 0x05, 0x7A, 0xAC, 0x7F, 0xD5, 0x1A, 0x4B, 0x0E, 0xA7, 0x5A,
+ 0x28, 0x14, 0x3F, 0x29, 0x88, 0x3C, 0x4C, 0x02, 0xB8, 0xDA, 0xB0, 0x17,
+ 0x55, 0x1F, 0x8A, 0x7D, 0x57, 0xC7, 0x8D, 0x74, 0xB7, 0xC4, 0x9F, 0x72,
+ 0x7E, 0x15, 0x22, 0x12, 0x58, 0x07, 0x99, 0x34, 0x6E, 0x50, 0xDE, 0x68,
+ 0x65, 0xBC, 0xDB, 0xF8, 0xC8, 0xA8, 0x2B, 0x40, 0xDC, 0xFE, 0x32, 0xA4,
+ 0xCA, 0x10, 0x21, 0xF0, 0xD3, 0x5D, 0x0F, 0x00, 0x6F, 0x9D, 0x36, 0x42,
+ 0x4A, 0x5E, 0xC1, 0xE0
+};
+
+static const byte q1[256] = {
+ 0x75, 0xF3, 0xC6, 0xF4, 0xDB, 0x7B, 0xFB, 0xC8, 0x4A, 0xD3, 0xE6, 0x6B,
+ 0x45, 0x7D, 0xE8, 0x4B, 0xD6, 0x32, 0xD8, 0xFD, 0x37, 0x71, 0xF1, 0xE1,
+ 0x30, 0x0F, 0xF8, 0x1B, 0x87, 0xFA, 0x06, 0x3F, 0x5E, 0xBA, 0xAE, 0x5B,
+ 0x8A, 0x00, 0xBC, 0x9D, 0x6D, 0xC1, 0xB1, 0x0E, 0x80, 0x5D, 0xD2, 0xD5,
+ 0xA0, 0x84, 0x07, 0x14, 0xB5, 0x90, 0x2C, 0xA3, 0xB2, 0x73, 0x4C, 0x54,
+ 0x92, 0x74, 0x36, 0x51, 0x38, 0xB0, 0xBD, 0x5A, 0xFC, 0x60, 0x62, 0x96,
+ 0x6C, 0x42, 0xF7, 0x10, 0x7C, 0x28, 0x27, 0x8C, 0x13, 0x95, 0x9C, 0xC7,
+ 0x24, 0x46, 0x3B, 0x70, 0xCA, 0xE3, 0x85, 0xCB, 0x11, 0xD0, 0x93, 0xB8,
+ 0xA6, 0x83, 0x20, 0xFF, 0x9F, 0x77, 0xC3, 0xCC, 0x03, 0x6F, 0x08, 0xBF,
+ 0x40, 0xE7, 0x2B, 0xE2, 0x79, 0x0C, 0xAA, 0x82, 0x41, 0x3A, 0xEA, 0xB9,
+ 0xE4, 0x9A, 0xA4, 0x97, 0x7E, 0xDA, 0x7A, 0x17, 0x66, 0x94, 0xA1, 0x1D,
+ 0x3D, 0xF0, 0xDE, 0xB3, 0x0B, 0x72, 0xA7, 0x1C, 0xEF, 0xD1, 0x53, 0x3E,
+ 0x8F, 0x33, 0x26, 0x5F, 0xEC, 0x76, 0x2A, 0x49, 0x81, 0x88, 0xEE, 0x21,
+ 0xC4, 0x1A, 0xEB, 0xD9, 0xC5, 0x39, 0x99, 0xCD, 0xAD, 0x31, 0x8B, 0x01,
+ 0x18, 0x23, 0xDD, 0x1F, 0x4E, 0x2D, 0xF9, 0x48, 0x4F, 0xF2, 0x65, 0x8E,
+ 0x78, 0x5C, 0x58, 0x19, 0x8D, 0xE5, 0x98, 0x57, 0x67, 0x7F, 0x05, 0x64,
+ 0xAF, 0x63, 0xB6, 0xFE, 0xF5, 0xB7, 0x3C, 0xA5, 0xCE, 0xE9, 0x68, 0x44,
+ 0xE0, 0x4D, 0x43, 0x69, 0x29, 0x2E, 0xAC, 0x15, 0x59, 0xA8, 0x0A, 0x9E,
+ 0x6E, 0x47, 0xDF, 0x34, 0x35, 0x6A, 0xCF, 0xDC, 0x22, 0xC9, 0xC0, 0x9B,
+ 0x89, 0xD4, 0xED, 0xAB, 0x12, 0xA2, 0x0D, 0x52, 0xBB, 0x02, 0x2F, 0xA9,
+ 0xD7, 0x61, 0x1E, 0xB4, 0x50, 0x04, 0xF6, 0xC2, 0x16, 0x25, 0x86, 0x56,
+ 0x55, 0x09, 0xBE, 0x91
+};
+
+/* These MDS tables are actually tables of MDS composed with q0 and q1,
+ * because it is only ever used that way and we can save some time by
+ * precomputing. Of course the main saving comes from precomputing the
+ * GF(2^8) multiplication involved in the MDS matrix multiply; by looking
+ * things up in these tables we reduce the matrix multiply to four lookups
+ * and three XORs. Semi-formally, the definition of these tables is:
+ * mds[0][i] = MDS (q1[i] 0 0 0)^T mds[1][i] = MDS (0 q0[i] 0 0)^T
+ * mds[2][i] = MDS (0 0 q1[i] 0)^T mds[3][i] = MDS (0 0 0 q0[i])^T
+ * where ^T means "transpose", the matrix multiply is performed in GF(2^8)
+ * represented as GF(2)[x]/v(x) where v(x)=x^8+x^6+x^5+x^3+1 as described
+ * by Schneier et al, and I'm casually glossing over the byte/word
+ * conversion issues. */
+
+static const u32 mds[4][256] = {
+ {0xBCBC3275, 0xECEC21F3, 0x202043C6, 0xB3B3C9F4, 0xDADA03DB, 0x02028B7B,
+ 0xE2E22BFB, 0x9E9EFAC8, 0xC9C9EC4A, 0xD4D409D3, 0x18186BE6, 0x1E1E9F6B,
+ 0x98980E45, 0xB2B2387D, 0xA6A6D2E8, 0x2626B74B, 0x3C3C57D6, 0x93938A32,
+ 0x8282EED8, 0x525298FD, 0x7B7BD437, 0xBBBB3771, 0x5B5B97F1, 0x474783E1,
+ 0x24243C30, 0x5151E20F, 0xBABAC6F8, 0x4A4AF31B, 0xBFBF4887, 0x0D0D70FA,
+ 0xB0B0B306, 0x7575DE3F, 0xD2D2FD5E, 0x7D7D20BA, 0x666631AE, 0x3A3AA35B,
+ 0x59591C8A, 0x00000000, 0xCDCD93BC, 0x1A1AE09D, 0xAEAE2C6D, 0x7F7FABC1,
+ 0x2B2BC7B1, 0xBEBEB90E, 0xE0E0A080, 0x8A8A105D, 0x3B3B52D2, 0x6464BAD5,
+ 0xD8D888A0, 0xE7E7A584, 0x5F5FE807, 0x1B1B1114, 0x2C2CC2B5, 0xFCFCB490,
+ 0x3131272C, 0x808065A3, 0x73732AB2, 0x0C0C8173, 0x79795F4C, 0x6B6B4154,
+ 0x4B4B0292, 0x53536974, 0x94948F36, 0x83831F51, 0x2A2A3638, 0xC4C49CB0,
+ 0x2222C8BD, 0xD5D5F85A, 0xBDBDC3FC, 0x48487860, 0xFFFFCE62, 0x4C4C0796,
+ 0x4141776C, 0xC7C7E642, 0xEBEB24F7, 0x1C1C1410, 0x5D5D637C, 0x36362228,
+ 0x6767C027, 0xE9E9AF8C, 0x4444F913, 0x1414EA95, 0xF5F5BB9C, 0xCFCF18C7,
+ 0x3F3F2D24, 0xC0C0E346, 0x7272DB3B, 0x54546C70, 0x29294CCA, 0xF0F035E3,
+ 0x0808FE85, 0xC6C617CB, 0xF3F34F11, 0x8C8CE4D0, 0xA4A45993, 0xCACA96B8,
+ 0x68683BA6, 0xB8B84D83, 0x38382820, 0xE5E52EFF, 0xADAD569F, 0x0B0B8477,
+ 0xC8C81DC3, 0x9999FFCC, 0x5858ED03, 0x19199A6F, 0x0E0E0A08, 0x95957EBF,
+ 0x70705040, 0xF7F730E7, 0x6E6ECF2B, 0x1F1F6EE2, 0xB5B53D79, 0x09090F0C,
+ 0x616134AA, 0x57571682, 0x9F9F0B41, 0x9D9D803A, 0x111164EA, 0x2525CDB9,
+ 0xAFAFDDE4, 0x4545089A, 0xDFDF8DA4, 0xA3A35C97, 0xEAEAD57E, 0x353558DA,
+ 0xEDEDD07A, 0x4343FC17, 0xF8F8CB66, 0xFBFBB194, 0x3737D3A1, 0xFAFA401D,
+ 0xC2C2683D, 0xB4B4CCF0, 0x32325DDE, 0x9C9C71B3, 0x5656E70B, 0xE3E3DA72,
+ 0x878760A7, 0x15151B1C, 0xF9F93AEF, 0x6363BFD1, 0x3434A953, 0x9A9A853E,
+ 0xB1B1428F, 0x7C7CD133, 0x88889B26, 0x3D3DA65F, 0xA1A1D7EC, 0xE4E4DF76,
+ 0x8181942A, 0x91910149, 0x0F0FFB81, 0xEEEEAA88, 0x161661EE, 0xD7D77321,
+ 0x9797F5C4, 0xA5A5A81A, 0xFEFE3FEB, 0x6D6DB5D9, 0x7878AEC5, 0xC5C56D39,
+ 0x1D1DE599, 0x7676A4CD, 0x3E3EDCAD, 0xCBCB6731, 0xB6B6478B, 0xEFEF5B01,
+ 0x12121E18, 0x6060C523, 0x6A6AB0DD, 0x4D4DF61F, 0xCECEE94E, 0xDEDE7C2D,
+ 0x55559DF9, 0x7E7E5A48, 0x2121B24F, 0x03037AF2, 0xA0A02665, 0x5E5E198E,
+ 0x5A5A6678, 0x65654B5C, 0x62624E58, 0xFDFD4519, 0x0606F48D, 0x404086E5,
+ 0xF2F2BE98, 0x3333AC57, 0x17179067, 0x05058E7F, 0xE8E85E05, 0x4F4F7D64,
+ 0x89896AAF, 0x10109563, 0x74742FB6, 0x0A0A75FE, 0x5C5C92F5, 0x9B9B74B7,
+ 0x2D2D333C, 0x3030D6A5, 0x2E2E49CE, 0x494989E9, 0x46467268, 0x77775544,
+ 0xA8A8D8E0, 0x9696044D, 0x2828BD43, 0xA9A92969, 0xD9D97929, 0x8686912E,
+ 0xD1D187AC, 0xF4F44A15, 0x8D8D1559, 0xD6D682A8, 0xB9B9BC0A, 0x42420D9E,
+ 0xF6F6C16E, 0x2F2FB847, 0xDDDD06DF, 0x23233934, 0xCCCC6235, 0xF1F1C46A,
+ 0xC1C112CF, 0x8585EBDC, 0x8F8F9E22, 0x7171A1C9, 0x9090F0C0, 0xAAAA539B,
+ 0x0101F189, 0x8B8BE1D4, 0x4E4E8CED, 0x8E8E6FAB, 0xABABA212, 0x6F6F3EA2,
+ 0xE6E6540D, 0xDBDBF252, 0x92927BBB, 0xB7B7B602, 0x6969CA2F, 0x3939D9A9,
+ 0xD3D30CD7, 0xA7A72361, 0xA2A2AD1E, 0xC3C399B4, 0x6C6C4450, 0x07070504,
+ 0x04047FF6, 0x272746C2, 0xACACA716, 0xD0D07625, 0x50501386, 0xDCDCF756,
+ 0x84841A55, 0xE1E15109, 0x7A7A25BE, 0x1313EF91},
+
+ {0xA9D93939, 0x67901717, 0xB3719C9C, 0xE8D2A6A6, 0x04050707, 0xFD985252,
+ 0xA3658080, 0x76DFE4E4, 0x9A084545, 0x92024B4B, 0x80A0E0E0, 0x78665A5A,
+ 0xE4DDAFAF, 0xDDB06A6A, 0xD1BF6363, 0x38362A2A, 0x0D54E6E6, 0xC6432020,
+ 0x3562CCCC, 0x98BEF2F2, 0x181E1212, 0xF724EBEB, 0xECD7A1A1, 0x6C774141,
+ 0x43BD2828, 0x7532BCBC, 0x37D47B7B, 0x269B8888, 0xFA700D0D, 0x13F94444,
+ 0x94B1FBFB, 0x485A7E7E, 0xF27A0303, 0xD0E48C8C, 0x8B47B6B6, 0x303C2424,
+ 0x84A5E7E7, 0x54416B6B, 0xDF06DDDD, 0x23C56060, 0x1945FDFD, 0x5BA33A3A,
+ 0x3D68C2C2, 0x59158D8D, 0xF321ECEC, 0xAE316666, 0xA23E6F6F, 0x82165757,
+ 0x63951010, 0x015BEFEF, 0x834DB8B8, 0x2E918686, 0xD9B56D6D, 0x511F8383,
+ 0x9B53AAAA, 0x7C635D5D, 0xA63B6868, 0xEB3FFEFE, 0xA5D63030, 0xBE257A7A,
+ 0x16A7ACAC, 0x0C0F0909, 0xE335F0F0, 0x6123A7A7, 0xC0F09090, 0x8CAFE9E9,
+ 0x3A809D9D, 0xF5925C5C, 0x73810C0C, 0x2C273131, 0x2576D0D0, 0x0BE75656,
+ 0xBB7B9292, 0x4EE9CECE, 0x89F10101, 0x6B9F1E1E, 0x53A93434, 0x6AC4F1F1,
+ 0xB499C3C3, 0xF1975B5B, 0xE1834747, 0xE66B1818, 0xBDC82222, 0x450E9898,
+ 0xE26E1F1F, 0xF4C9B3B3, 0xB62F7474, 0x66CBF8F8, 0xCCFF9999, 0x95EA1414,
+ 0x03ED5858, 0x56F7DCDC, 0xD4E18B8B, 0x1C1B1515, 0x1EADA2A2, 0xD70CD3D3,
+ 0xFB2BE2E2, 0xC31DC8C8, 0x8E195E5E, 0xB5C22C2C, 0xE9894949, 0xCF12C1C1,
+ 0xBF7E9595, 0xBA207D7D, 0xEA641111, 0x77840B0B, 0x396DC5C5, 0xAF6A8989,
+ 0x33D17C7C, 0xC9A17171, 0x62CEFFFF, 0x7137BBBB, 0x81FB0F0F, 0x793DB5B5,
+ 0x0951E1E1, 0xADDC3E3E, 0x242D3F3F, 0xCDA47676, 0xF99D5555, 0xD8EE8282,
+ 0xE5864040, 0xC5AE7878, 0xB9CD2525, 0x4D049696, 0x44557777, 0x080A0E0E,
+ 0x86135050, 0xE730F7F7, 0xA1D33737, 0x1D40FAFA, 0xAA346161, 0xED8C4E4E,
+ 0x06B3B0B0, 0x706C5454, 0xB22A7373, 0xD2523B3B, 0x410B9F9F, 0x7B8B0202,
+ 0xA088D8D8, 0x114FF3F3, 0x3167CBCB, 0xC2462727, 0x27C06767, 0x90B4FCFC,
+ 0x20283838, 0xF67F0404, 0x60784848, 0xFF2EE5E5, 0x96074C4C, 0x5C4B6565,
+ 0xB1C72B2B, 0xAB6F8E8E, 0x9E0D4242, 0x9CBBF5F5, 0x52F2DBDB, 0x1BF34A4A,
+ 0x5FA63D3D, 0x9359A4A4, 0x0ABCB9B9, 0xEF3AF9F9, 0x91EF1313, 0x85FE0808,
+ 0x49019191, 0xEE611616, 0x2D7CDEDE, 0x4FB22121, 0x8F42B1B1, 0x3BDB7272,
+ 0x47B82F2F, 0x8748BFBF, 0x6D2CAEAE, 0x46E3C0C0, 0xD6573C3C, 0x3E859A9A,
+ 0x6929A9A9, 0x647D4F4F, 0x2A948181, 0xCE492E2E, 0xCB17C6C6, 0x2FCA6969,
+ 0xFCC3BDBD, 0x975CA3A3, 0x055EE8E8, 0x7AD0EDED, 0xAC87D1D1, 0x7F8E0505,
+ 0xD5BA6464, 0x1AA8A5A5, 0x4BB72626, 0x0EB9BEBE, 0xA7608787, 0x5AF8D5D5,
+ 0x28223636, 0x14111B1B, 0x3FDE7575, 0x2979D9D9, 0x88AAEEEE, 0x3C332D2D,
+ 0x4C5F7979, 0x02B6B7B7, 0xB896CACA, 0xDA583535, 0xB09CC4C4, 0x17FC4343,
+ 0x551A8484, 0x1FF64D4D, 0x8A1C5959, 0x7D38B2B2, 0x57AC3333, 0xC718CFCF,
+ 0x8DF40606, 0x74695353, 0xB7749B9B, 0xC4F59797, 0x9F56ADAD, 0x72DAE3E3,
+ 0x7ED5EAEA, 0x154AF4F4, 0x229E8F8F, 0x12A2ABAB, 0x584E6262, 0x07E85F5F,
+ 0x99E51D1D, 0x34392323, 0x6EC1F6F6, 0x50446C6C, 0xDE5D3232, 0x68724646,
+ 0x6526A0A0, 0xBC93CDCD, 0xDB03DADA, 0xF8C6BABA, 0xC8FA9E9E, 0xA882D6D6,
+ 0x2BCF6E6E, 0x40507070, 0xDCEB8585, 0xFE750A0A, 0x328A9393, 0xA48DDFDF,
+ 0xCA4C2929, 0x10141C1C, 0x2173D7D7, 0xF0CCB4B4, 0xD309D4D4, 0x5D108A8A,
+ 0x0FE25151, 0x00000000, 0x6F9A1919, 0x9DE01A1A, 0x368F9494, 0x42E6C7C7,
+ 0x4AECC9C9, 0x5EFDD2D2, 0xC1AB7F7F, 0xE0D8A8A8},
+
+ {0xBC75BC32, 0xECF3EC21, 0x20C62043, 0xB3F4B3C9, 0xDADBDA03, 0x027B028B,
+ 0xE2FBE22B, 0x9EC89EFA, 0xC94AC9EC, 0xD4D3D409, 0x18E6186B, 0x1E6B1E9F,
+ 0x9845980E, 0xB27DB238, 0xA6E8A6D2, 0x264B26B7, 0x3CD63C57, 0x9332938A,
+ 0x82D882EE, 0x52FD5298, 0x7B377BD4, 0xBB71BB37, 0x5BF15B97, 0x47E14783,
+ 0x2430243C, 0x510F51E2, 0xBAF8BAC6, 0x4A1B4AF3, 0xBF87BF48, 0x0DFA0D70,
+ 0xB006B0B3, 0x753F75DE, 0xD25ED2FD, 0x7DBA7D20, 0x66AE6631, 0x3A5B3AA3,
+ 0x598A591C, 0x00000000, 0xCDBCCD93, 0x1A9D1AE0, 0xAE6DAE2C, 0x7FC17FAB,
+ 0x2BB12BC7, 0xBE0EBEB9, 0xE080E0A0, 0x8A5D8A10, 0x3BD23B52, 0x64D564BA,
+ 0xD8A0D888, 0xE784E7A5, 0x5F075FE8, 0x1B141B11, 0x2CB52CC2, 0xFC90FCB4,
+ 0x312C3127, 0x80A38065, 0x73B2732A, 0x0C730C81, 0x794C795F, 0x6B546B41,
+ 0x4B924B02, 0x53745369, 0x9436948F, 0x8351831F, 0x2A382A36, 0xC4B0C49C,
+ 0x22BD22C8, 0xD55AD5F8, 0xBDFCBDC3, 0x48604878, 0xFF62FFCE, 0x4C964C07,
+ 0x416C4177, 0xC742C7E6, 0xEBF7EB24, 0x1C101C14, 0x5D7C5D63, 0x36283622,
+ 0x672767C0, 0xE98CE9AF, 0x441344F9, 0x149514EA, 0xF59CF5BB, 0xCFC7CF18,
+ 0x3F243F2D, 0xC046C0E3, 0x723B72DB, 0x5470546C, 0x29CA294C, 0xF0E3F035,
+ 0x088508FE, 0xC6CBC617, 0xF311F34F, 0x8CD08CE4, 0xA493A459, 0xCAB8CA96,
+ 0x68A6683B, 0xB883B84D, 0x38203828, 0xE5FFE52E, 0xAD9FAD56, 0x0B770B84,
+ 0xC8C3C81D, 0x99CC99FF, 0x580358ED, 0x196F199A, 0x0E080E0A, 0x95BF957E,
+ 0x70407050, 0xF7E7F730, 0x6E2B6ECF, 0x1FE21F6E, 0xB579B53D, 0x090C090F,
+ 0x61AA6134, 0x57825716, 0x9F419F0B, 0x9D3A9D80, 0x11EA1164, 0x25B925CD,
+ 0xAFE4AFDD, 0x459A4508, 0xDFA4DF8D, 0xA397A35C, 0xEA7EEAD5, 0x35DA3558,
+ 0xED7AEDD0, 0x431743FC, 0xF866F8CB, 0xFB94FBB1, 0x37A137D3, 0xFA1DFA40,
+ 0xC23DC268, 0xB4F0B4CC, 0x32DE325D, 0x9CB39C71, 0x560B56E7, 0xE372E3DA,
+ 0x87A78760, 0x151C151B, 0xF9EFF93A, 0x63D163BF, 0x345334A9, 0x9A3E9A85,
+ 0xB18FB142, 0x7C337CD1, 0x8826889B, 0x3D5F3DA6, 0xA1ECA1D7, 0xE476E4DF,
+ 0x812A8194, 0x91499101, 0x0F810FFB, 0xEE88EEAA, 0x16EE1661, 0xD721D773,
+ 0x97C497F5, 0xA51AA5A8, 0xFEEBFE3F, 0x6DD96DB5, 0x78C578AE, 0xC539C56D,
+ 0x1D991DE5, 0x76CD76A4, 0x3EAD3EDC, 0xCB31CB67, 0xB68BB647, 0xEF01EF5B,
+ 0x1218121E, 0x602360C5, 0x6ADD6AB0, 0x4D1F4DF6, 0xCE4ECEE9, 0xDE2DDE7C,
+ 0x55F9559D, 0x7E487E5A, 0x214F21B2, 0x03F2037A, 0xA065A026, 0x5E8E5E19,
+ 0x5A785A66, 0x655C654B, 0x6258624E, 0xFD19FD45, 0x068D06F4, 0x40E54086,
+ 0xF298F2BE, 0x335733AC, 0x17671790, 0x057F058E, 0xE805E85E, 0x4F644F7D,
+ 0x89AF896A, 0x10631095, 0x74B6742F, 0x0AFE0A75, 0x5CF55C92, 0x9BB79B74,
+ 0x2D3C2D33, 0x30A530D6, 0x2ECE2E49, 0x49E94989, 0x46684672, 0x77447755,
+ 0xA8E0A8D8, 0x964D9604, 0x284328BD, 0xA969A929, 0xD929D979, 0x862E8691,
+ 0xD1ACD187, 0xF415F44A, 0x8D598D15, 0xD6A8D682, 0xB90AB9BC, 0x429E420D,
+ 0xF66EF6C1, 0x2F472FB8, 0xDDDFDD06, 0x23342339, 0xCC35CC62, 0xF16AF1C4,
+ 0xC1CFC112, 0x85DC85EB, 0x8F228F9E, 0x71C971A1, 0x90C090F0, 0xAA9BAA53,
+ 0x018901F1, 0x8BD48BE1, 0x4EED4E8C, 0x8EAB8E6F, 0xAB12ABA2, 0x6FA26F3E,
+ 0xE60DE654, 0xDB52DBF2, 0x92BB927B, 0xB702B7B6, 0x692F69CA, 0x39A939D9,
+ 0xD3D7D30C, 0xA761A723, 0xA21EA2AD, 0xC3B4C399, 0x6C506C44, 0x07040705,
+ 0x04F6047F, 0x27C22746, 0xAC16ACA7, 0xD025D076, 0x50865013, 0xDC56DCF7,
+ 0x8455841A, 0xE109E151, 0x7ABE7A25, 0x139113EF},
+
+ {0xD939A9D9, 0x90176790, 0x719CB371, 0xD2A6E8D2, 0x05070405, 0x9852FD98,
+ 0x6580A365, 0xDFE476DF, 0x08459A08, 0x024B9202, 0xA0E080A0, 0x665A7866,
+ 0xDDAFE4DD, 0xB06ADDB0, 0xBF63D1BF, 0x362A3836, 0x54E60D54, 0x4320C643,
+ 0x62CC3562, 0xBEF298BE, 0x1E12181E, 0x24EBF724, 0xD7A1ECD7, 0x77416C77,
+ 0xBD2843BD, 0x32BC7532, 0xD47B37D4, 0x9B88269B, 0x700DFA70, 0xF94413F9,
+ 0xB1FB94B1, 0x5A7E485A, 0x7A03F27A, 0xE48CD0E4, 0x47B68B47, 0x3C24303C,
+ 0xA5E784A5, 0x416B5441, 0x06DDDF06, 0xC56023C5, 0x45FD1945, 0xA33A5BA3,
+ 0x68C23D68, 0x158D5915, 0x21ECF321, 0x3166AE31, 0x3E6FA23E, 0x16578216,
+ 0x95106395, 0x5BEF015B, 0x4DB8834D, 0x91862E91, 0xB56DD9B5, 0x1F83511F,
+ 0x53AA9B53, 0x635D7C63, 0x3B68A63B, 0x3FFEEB3F, 0xD630A5D6, 0x257ABE25,
+ 0xA7AC16A7, 0x0F090C0F, 0x35F0E335, 0x23A76123, 0xF090C0F0, 0xAFE98CAF,
+ 0x809D3A80, 0x925CF592, 0x810C7381, 0x27312C27, 0x76D02576, 0xE7560BE7,
+ 0x7B92BB7B, 0xE9CE4EE9, 0xF10189F1, 0x9F1E6B9F, 0xA93453A9, 0xC4F16AC4,
+ 0x99C3B499, 0x975BF197, 0x8347E183, 0x6B18E66B, 0xC822BDC8, 0x0E98450E,
+ 0x6E1FE26E, 0xC9B3F4C9, 0x2F74B62F, 0xCBF866CB, 0xFF99CCFF, 0xEA1495EA,
+ 0xED5803ED, 0xF7DC56F7, 0xE18BD4E1, 0x1B151C1B, 0xADA21EAD, 0x0CD3D70C,
+ 0x2BE2FB2B, 0x1DC8C31D, 0x195E8E19, 0xC22CB5C2, 0x8949E989, 0x12C1CF12,
+ 0x7E95BF7E, 0x207DBA20, 0x6411EA64, 0x840B7784, 0x6DC5396D, 0x6A89AF6A,
+ 0xD17C33D1, 0xA171C9A1, 0xCEFF62CE, 0x37BB7137, 0xFB0F81FB, 0x3DB5793D,
+ 0x51E10951, 0xDC3EADDC, 0x2D3F242D, 0xA476CDA4, 0x9D55F99D, 0xEE82D8EE,
+ 0x8640E586, 0xAE78C5AE, 0xCD25B9CD, 0x04964D04, 0x55774455, 0x0A0E080A,
+ 0x13508613, 0x30F7E730, 0xD337A1D3, 0x40FA1D40, 0x3461AA34, 0x8C4EED8C,
+ 0xB3B006B3, 0x6C54706C, 0x2A73B22A, 0x523BD252, 0x0B9F410B, 0x8B027B8B,
+ 0x88D8A088, 0x4FF3114F, 0x67CB3167, 0x4627C246, 0xC06727C0, 0xB4FC90B4,
+ 0x28382028, 0x7F04F67F, 0x78486078, 0x2EE5FF2E, 0x074C9607, 0x4B655C4B,
+ 0xC72BB1C7, 0x6F8EAB6F, 0x0D429E0D, 0xBBF59CBB, 0xF2DB52F2, 0xF34A1BF3,
+ 0xA63D5FA6, 0x59A49359, 0xBCB90ABC, 0x3AF9EF3A, 0xEF1391EF, 0xFE0885FE,
+ 0x01914901, 0x6116EE61, 0x7CDE2D7C, 0xB2214FB2, 0x42B18F42, 0xDB723BDB,
+ 0xB82F47B8, 0x48BF8748, 0x2CAE6D2C, 0xE3C046E3, 0x573CD657, 0x859A3E85,
+ 0x29A96929, 0x7D4F647D, 0x94812A94, 0x492ECE49, 0x17C6CB17, 0xCA692FCA,
+ 0xC3BDFCC3, 0x5CA3975C, 0x5EE8055E, 0xD0ED7AD0, 0x87D1AC87, 0x8E057F8E,
+ 0xBA64D5BA, 0xA8A51AA8, 0xB7264BB7, 0xB9BE0EB9, 0x6087A760, 0xF8D55AF8,
+ 0x22362822, 0x111B1411, 0xDE753FDE, 0x79D92979, 0xAAEE88AA, 0x332D3C33,
+ 0x5F794C5F, 0xB6B702B6, 0x96CAB896, 0x5835DA58, 0x9CC4B09C, 0xFC4317FC,
+ 0x1A84551A, 0xF64D1FF6, 0x1C598A1C, 0x38B27D38, 0xAC3357AC, 0x18CFC718,
+ 0xF4068DF4, 0x69537469, 0x749BB774, 0xF597C4F5, 0x56AD9F56, 0xDAE372DA,
+ 0xD5EA7ED5, 0x4AF4154A, 0x9E8F229E, 0xA2AB12A2, 0x4E62584E, 0xE85F07E8,
+ 0xE51D99E5, 0x39233439, 0xC1F66EC1, 0x446C5044, 0x5D32DE5D, 0x72466872,
+ 0x26A06526, 0x93CDBC93, 0x03DADB03, 0xC6BAF8C6, 0xFA9EC8FA, 0x82D6A882,
+ 0xCF6E2BCF, 0x50704050, 0xEB85DCEB, 0x750AFE75, 0x8A93328A, 0x8DDFA48D,
+ 0x4C29CA4C, 0x141C1014, 0x73D72173, 0xCCB4F0CC, 0x09D4D309, 0x108A5D10,
+ 0xE2510FE2, 0x00000000, 0x9A196F9A, 0xE01A9DE0, 0x8F94368F, 0xE6C742E6,
+ 0xECC94AEC, 0xFDD25EFD, 0xAB7FC1AB, 0xD8A8E0D8}
+};
+
+/* The exp_to_poly and poly_to_exp tables are used to perform efficient
+ * operations in GF(2^8) represented as GF(2)[x]/w(x) where
+ * w(x)=x^8+x^6+x^3+x^2+1. We care about doing that because it's part of the
+ * definition of the RS matrix in the key schedule. Elements of that field
+ * are polynomials of degree not greater than 7 and all coefficients 0 or 1,
+ * which can be represented naturally by bytes (just substitute x=2). In that
+ * form, GF(2^8) addition is the same as bitwise XOR, but GF(2^8)
+ * multiplication is inefficient without hardware support. To multiply
+ * faster, I make use of the fact x is a generator for the nonzero elements,
+ * so that every element p of GF(2)[x]/w(x) is either 0 or equal to (x)^n for
+ * some n in 0..254. Note that that caret is exponentiation in GF(2^8),
+ * *not* polynomial notation. So if I want to compute pq where p and q are
+ * in GF(2^8), I can just say:
+ * 1. if p=0 or q=0 then pq=0
+ * 2. otherwise, find m and n such that p=x^m and q=x^n
+ * 3. pq=(x^m)(x^n)=x^(m+n), so add m and n and find pq
+ * The translations in steps 2 and 3 are looked up in the tables
+ * poly_to_exp (for step 2) and exp_to_poly (for step 3). To see this
+ * in action, look at the CALC_S macro. As additional wrinkles, note that
+ * one of my operands is always a constant, so the poly_to_exp lookup on it
+ * is done in advance; I included the original values in the comments so
+ * readers can have some chance of recognizing that this *is* the RS matrix
+ * from the Twofish paper. I've only included the table entries I actually
+ * need; I never do a lookup on a variable input of zero and the biggest
+ * exponents I'll ever see are 254 (variable) and 237 (constant), so they'll
+ * never sum to more than 491. I'm repeating part of the exp_to_poly table
+ * so that I don't have to do mod-255 reduction in the exponent arithmetic.
+ * Since I know my constant operands are never zero, I only have to worry
+ * about zero values in the variable operand, and I do it with a simple
+ * conditional branch. I know conditionals are expensive, but I couldn't
+ * see a non-horrible way of avoiding them, and I did manage to group the
+ * statements so that each if covers four group multiplications. */
+
+static const byte poly_to_exp[255] = {
+ 0x00, 0x01, 0x17, 0x02, 0x2E, 0x18, 0x53, 0x03, 0x6A, 0x2F, 0x93, 0x19,
+ 0x34, 0x54, 0x45, 0x04, 0x5C, 0x6B, 0xB6, 0x30, 0xA6, 0x94, 0x4B, 0x1A,
+ 0x8C, 0x35, 0x81, 0x55, 0xAA, 0x46, 0x0D, 0x05, 0x24, 0x5D, 0x87, 0x6C,
+ 0x9B, 0xB7, 0xC1, 0x31, 0x2B, 0xA7, 0xA3, 0x95, 0x98, 0x4C, 0xCA, 0x1B,
+ 0xE6, 0x8D, 0x73, 0x36, 0xCD, 0x82, 0x12, 0x56, 0x62, 0xAB, 0xF0, 0x47,
+ 0x4F, 0x0E, 0xBD, 0x06, 0xD4, 0x25, 0xD2, 0x5E, 0x27, 0x88, 0x66, 0x6D,
+ 0xD6, 0x9C, 0x79, 0xB8, 0x08, 0xC2, 0xDF, 0x32, 0x68, 0x2C, 0xFD, 0xA8,
+ 0x8A, 0xA4, 0x5A, 0x96, 0x29, 0x99, 0x22, 0x4D, 0x60, 0xCB, 0xE4, 0x1C,
+ 0x7B, 0xE7, 0x3B, 0x8E, 0x9E, 0x74, 0xF4, 0x37, 0xD8, 0xCE, 0xF9, 0x83,
+ 0x6F, 0x13, 0xB2, 0x57, 0xE1, 0x63, 0xDC, 0xAC, 0xC4, 0xF1, 0xAF, 0x48,
+ 0x0A, 0x50, 0x42, 0x0F, 0xBA, 0xBE, 0xC7, 0x07, 0xDE, 0xD5, 0x78, 0x26,
+ 0x65, 0xD3, 0xD1, 0x5F, 0xE3, 0x28, 0x21, 0x89, 0x59, 0x67, 0xFC, 0x6E,
+ 0xB1, 0xD7, 0xF8, 0x9D, 0xF3, 0x7A, 0x3A, 0xB9, 0xC6, 0x09, 0x41, 0xC3,
+ 0xAE, 0xE0, 0xDB, 0x33, 0x44, 0x69, 0x92, 0x2D, 0x52, 0xFE, 0x16, 0xA9,
+ 0x0C, 0x8B, 0x80, 0xA5, 0x4A, 0x5B, 0xB5, 0x97, 0xC9, 0x2A, 0xA2, 0x9A,
+ 0xC0, 0x23, 0x86, 0x4E, 0xBC, 0x61, 0xEF, 0xCC, 0x11, 0xE5, 0x72, 0x1D,
+ 0x3D, 0x7C, 0xEB, 0xE8, 0xE9, 0x3C, 0xEA, 0x8F, 0x7D, 0x9F, 0xEC, 0x75,
+ 0x1E, 0xF5, 0x3E, 0x38, 0xF6, 0xD9, 0x3F, 0xCF, 0x76, 0xFA, 0x1F, 0x84,
+ 0xA0, 0x70, 0xED, 0x14, 0x90, 0xB3, 0x7E, 0x58, 0xFB, 0xE2, 0x20, 0x64,
+ 0xD0, 0xDD, 0x77, 0xAD, 0xDA, 0xC5, 0x40, 0xF2, 0x39, 0xB0, 0xF7, 0x49,
+ 0xB4, 0x0B, 0x7F, 0x51, 0x15, 0x43, 0x91, 0x10, 0x71, 0xBB, 0xEE, 0xBF,
+ 0x85, 0xC8, 0xA1
+};
+
+static const byte exp_to_poly[492] = {
+ 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x4D, 0x9A, 0x79, 0xF2,
+ 0xA9, 0x1F, 0x3E, 0x7C, 0xF8, 0xBD, 0x37, 0x6E, 0xDC, 0xF5, 0xA7, 0x03,
+ 0x06, 0x0C, 0x18, 0x30, 0x60, 0xC0, 0xCD, 0xD7, 0xE3, 0x8B, 0x5B, 0xB6,
+ 0x21, 0x42, 0x84, 0x45, 0x8A, 0x59, 0xB2, 0x29, 0x52, 0xA4, 0x05, 0x0A,
+ 0x14, 0x28, 0x50, 0xA0, 0x0D, 0x1A, 0x34, 0x68, 0xD0, 0xED, 0x97, 0x63,
+ 0xC6, 0xC1, 0xCF, 0xD3, 0xEB, 0x9B, 0x7B, 0xF6, 0xA1, 0x0F, 0x1E, 0x3C,
+ 0x78, 0xF0, 0xAD, 0x17, 0x2E, 0x5C, 0xB8, 0x3D, 0x7A, 0xF4, 0xA5, 0x07,
+ 0x0E, 0x1C, 0x38, 0x70, 0xE0, 0x8D, 0x57, 0xAE, 0x11, 0x22, 0x44, 0x88,
+ 0x5D, 0xBA, 0x39, 0x72, 0xE4, 0x85, 0x47, 0x8E, 0x51, 0xA2, 0x09, 0x12,
+ 0x24, 0x48, 0x90, 0x6D, 0xDA, 0xF9, 0xBF, 0x33, 0x66, 0xCC, 0xD5, 0xE7,
+ 0x83, 0x4B, 0x96, 0x61, 0xC2, 0xC9, 0xDF, 0xF3, 0xAB, 0x1B, 0x36, 0x6C,
+ 0xD8, 0xFD, 0xB7, 0x23, 0x46, 0x8C, 0x55, 0xAA, 0x19, 0x32, 0x64, 0xC8,
+ 0xDD, 0xF7, 0xA3, 0x0B, 0x16, 0x2C, 0x58, 0xB0, 0x2D, 0x5A, 0xB4, 0x25,
+ 0x4A, 0x94, 0x65, 0xCA, 0xD9, 0xFF, 0xB3, 0x2B, 0x56, 0xAC, 0x15, 0x2A,
+ 0x54, 0xA8, 0x1D, 0x3A, 0x74, 0xE8, 0x9D, 0x77, 0xEE, 0x91, 0x6F, 0xDE,
+ 0xF1, 0xAF, 0x13, 0x26, 0x4C, 0x98, 0x7D, 0xFA, 0xB9, 0x3F, 0x7E, 0xFC,
+ 0xB5, 0x27, 0x4E, 0x9C, 0x75, 0xEA, 0x99, 0x7F, 0xFE, 0xB1, 0x2F, 0x5E,
+ 0xBC, 0x35, 0x6A, 0xD4, 0xE5, 0x87, 0x43, 0x86, 0x41, 0x82, 0x49, 0x92,
+ 0x69, 0xD2, 0xE9, 0x9F, 0x73, 0xE6, 0x81, 0x4F, 0x9E, 0x71, 0xE2, 0x89,
+ 0x5F, 0xBE, 0x31, 0x62, 0xC4, 0xC5, 0xC7, 0xC3, 0xCB, 0xDB, 0xFB, 0xBB,
+ 0x3B, 0x76, 0xEC, 0x95, 0x67, 0xCE, 0xD1, 0xEF, 0x93, 0x6B, 0xD6, 0xE1,
+ 0x8F, 0x53, 0xA6, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x4D,
+ 0x9A, 0x79, 0xF2, 0xA9, 0x1F, 0x3E, 0x7C, 0xF8, 0xBD, 0x37, 0x6E, 0xDC,
+ 0xF5, 0xA7, 0x03, 0x06, 0x0C, 0x18, 0x30, 0x60, 0xC0, 0xCD, 0xD7, 0xE3,
+ 0x8B, 0x5B, 0xB6, 0x21, 0x42, 0x84, 0x45, 0x8A, 0x59, 0xB2, 0x29, 0x52,
+ 0xA4, 0x05, 0x0A, 0x14, 0x28, 0x50, 0xA0, 0x0D, 0x1A, 0x34, 0x68, 0xD0,
+ 0xED, 0x97, 0x63, 0xC6, 0xC1, 0xCF, 0xD3, 0xEB, 0x9B, 0x7B, 0xF6, 0xA1,
+ 0x0F, 0x1E, 0x3C, 0x78, 0xF0, 0xAD, 0x17, 0x2E, 0x5C, 0xB8, 0x3D, 0x7A,
+ 0xF4, 0xA5, 0x07, 0x0E, 0x1C, 0x38, 0x70, 0xE0, 0x8D, 0x57, 0xAE, 0x11,
+ 0x22, 0x44, 0x88, 0x5D, 0xBA, 0x39, 0x72, 0xE4, 0x85, 0x47, 0x8E, 0x51,
+ 0xA2, 0x09, 0x12, 0x24, 0x48, 0x90, 0x6D, 0xDA, 0xF9, 0xBF, 0x33, 0x66,
+ 0xCC, 0xD5, 0xE7, 0x83, 0x4B, 0x96, 0x61, 0xC2, 0xC9, 0xDF, 0xF3, 0xAB,
+ 0x1B, 0x36, 0x6C, 0xD8, 0xFD, 0xB7, 0x23, 0x46, 0x8C, 0x55, 0xAA, 0x19,
+ 0x32, 0x64, 0xC8, 0xDD, 0xF7, 0xA3, 0x0B, 0x16, 0x2C, 0x58, 0xB0, 0x2D,
+ 0x5A, 0xB4, 0x25, 0x4A, 0x94, 0x65, 0xCA, 0xD9, 0xFF, 0xB3, 0x2B, 0x56,
+ 0xAC, 0x15, 0x2A, 0x54, 0xA8, 0x1D, 0x3A, 0x74, 0xE8, 0x9D, 0x77, 0xEE,
+ 0x91, 0x6F, 0xDE, 0xF1, 0xAF, 0x13, 0x26, 0x4C, 0x98, 0x7D, 0xFA, 0xB9,
+ 0x3F, 0x7E, 0xFC, 0xB5, 0x27, 0x4E, 0x9C, 0x75, 0xEA, 0x99, 0x7F, 0xFE,
+ 0xB1, 0x2F, 0x5E, 0xBC, 0x35, 0x6A, 0xD4, 0xE5, 0x87, 0x43, 0x86, 0x41,
+ 0x82, 0x49, 0x92, 0x69, 0xD2, 0xE9, 0x9F, 0x73, 0xE6, 0x81, 0x4F, 0x9E,
+ 0x71, 0xE2, 0x89, 0x5F, 0xBE, 0x31, 0x62, 0xC4, 0xC5, 0xC7, 0xC3, 0xCB
+};
+
+
+/* The table constants are indices of
+ * S-box entries, preprocessed through q0 and q1. */
+static byte calc_sb_tbl[512] = {
+ 0xA9, 0x75, 0x67, 0xF3, 0xB3, 0xC6, 0xE8, 0xF4,
+ 0x04, 0xDB, 0xFD, 0x7B, 0xA3, 0xFB, 0x76, 0xC8,
+ 0x9A, 0x4A, 0x92, 0xD3, 0x80, 0xE6, 0x78, 0x6B,
+ 0xE4, 0x45, 0xDD, 0x7D, 0xD1, 0xE8, 0x38, 0x4B,
+ 0x0D, 0xD6, 0xC6, 0x32, 0x35, 0xD8, 0x98, 0xFD,
+ 0x18, 0x37, 0xF7, 0x71, 0xEC, 0xF1, 0x6C, 0xE1,
+ 0x43, 0x30, 0x75, 0x0F, 0x37, 0xF8, 0x26, 0x1B,
+ 0xFA, 0x87, 0x13, 0xFA, 0x94, 0x06, 0x48, 0x3F,
+ 0xF2, 0x5E, 0xD0, 0xBA, 0x8B, 0xAE, 0x30, 0x5B,
+ 0x84, 0x8A, 0x54, 0x00, 0xDF, 0xBC, 0x23, 0x9D,
+ 0x19, 0x6D, 0x5B, 0xC1, 0x3D, 0xB1, 0x59, 0x0E,
+ 0xF3, 0x80, 0xAE, 0x5D, 0xA2, 0xD2, 0x82, 0xD5,
+ 0x63, 0xA0, 0x01, 0x84, 0x83, 0x07, 0x2E, 0x14,
+ 0xD9, 0xB5, 0x51, 0x90, 0x9B, 0x2C, 0x7C, 0xA3,
+ 0xA6, 0xB2, 0xEB, 0x73, 0xA5, 0x4C, 0xBE, 0x54,
+ 0x16, 0x92, 0x0C, 0x74, 0xE3, 0x36, 0x61, 0x51,
+ 0xC0, 0x38, 0x8C, 0xB0, 0x3A, 0xBD, 0xF5, 0x5A,
+ 0x73, 0xFC, 0x2C, 0x60, 0x25, 0x62, 0x0B, 0x96,
+ 0xBB, 0x6C, 0x4E, 0x42, 0x89, 0xF7, 0x6B, 0x10,
+ 0x53, 0x7C, 0x6A, 0x28, 0xB4, 0x27, 0xF1, 0x8C,
+ 0xE1, 0x13, 0xE6, 0x95, 0xBD, 0x9C, 0x45, 0xC7,
+ 0xE2, 0x24, 0xF4, 0x46, 0xB6, 0x3B, 0x66, 0x70,
+ 0xCC, 0xCA, 0x95, 0xE3, 0x03, 0x85, 0x56, 0xCB,
+ 0xD4, 0x11, 0x1C, 0xD0, 0x1E, 0x93, 0xD7, 0xB8,
+ 0xFB, 0xA6, 0xC3, 0x83, 0x8E, 0x20, 0xB5, 0xFF,
+ 0xE9, 0x9F, 0xCF, 0x77, 0xBF, 0xC3, 0xBA, 0xCC,
+ 0xEA, 0x03, 0x77, 0x6F, 0x39, 0x08, 0xAF, 0xBF,
+ 0x33, 0x40, 0xC9, 0xE7, 0x62, 0x2B, 0x71, 0xE2,
+ 0x81, 0x79, 0x79, 0x0C, 0x09, 0xAA, 0xAD, 0x82,
+ 0x24, 0x41, 0xCD, 0x3A, 0xF9, 0xEA, 0xD8, 0xB9,
+ 0xE5, 0xE4, 0xC5, 0x9A, 0xB9, 0xA4, 0x4D, 0x97,
+ 0x44, 0x7E, 0x08, 0xDA, 0x86, 0x7A, 0xE7, 0x17,
+ 0xA1, 0x66, 0x1D, 0x94, 0xAA, 0xA1, 0xED, 0x1D,
+ 0x06, 0x3D, 0x70, 0xF0, 0xB2, 0xDE, 0xD2, 0xB3,
+ 0x41, 0x0B, 0x7B, 0x72, 0xA0, 0xA7, 0x11, 0x1C,
+ 0x31, 0xEF, 0xC2, 0xD1, 0x27, 0x53, 0x90, 0x3E,
+ 0x20, 0x8F, 0xF6, 0x33, 0x60, 0x26, 0xFF, 0x5F,
+ 0x96, 0xEC, 0x5C, 0x76, 0xB1, 0x2A, 0xAB, 0x49,
+ 0x9E, 0x81, 0x9C, 0x88, 0x52, 0xEE, 0x1B, 0x21,
+ 0x5F, 0xC4, 0x93, 0x1A, 0x0A, 0xEB, 0xEF, 0xD9,
+ 0x91, 0xC5, 0x85, 0x39, 0x49, 0x99, 0xEE, 0xCD,
+ 0x2D, 0xAD, 0x4F, 0x31, 0x8F, 0x8B, 0x3B, 0x01,
+ 0x47, 0x18, 0x87, 0x23, 0x6D, 0xDD, 0x46, 0x1F,
+ 0xD6, 0x4E, 0x3E, 0x2D, 0x69, 0xF9, 0x64, 0x48,
+ 0x2A, 0x4F, 0xCE, 0xF2, 0xCB, 0x65, 0x2F, 0x8E,
+ 0xFC, 0x78, 0x97, 0x5C, 0x05, 0x58, 0x7A, 0x19,
+ 0xAC, 0x8D, 0x7F, 0xE5, 0xD5, 0x98, 0x1A, 0x57,
+ 0x4B, 0x67, 0x0E, 0x7F, 0xA7, 0x05, 0x5A, 0x64,
+ 0x28, 0xAF, 0x14, 0x63, 0x3F, 0xB6, 0x29, 0xFE,
+ 0x88, 0xF5, 0x3C, 0xB7, 0x4C, 0x3C, 0x02, 0xA5,
+ 0xB8, 0xCE, 0xDA, 0xE9, 0xB0, 0x68, 0x17, 0x44,
+ 0x55, 0xE0, 0x1F, 0x4D, 0x8A, 0x43, 0x7D, 0x69,
+ 0x57, 0x29, 0xC7, 0x2E, 0x8D, 0xAC, 0x74, 0x15,
+ 0xB7, 0x59, 0xC4, 0xA8, 0x9F, 0x0A, 0x72, 0x9E,
+ 0x7E, 0x6E, 0x15, 0x47, 0x22, 0xDF, 0x12, 0x34,
+ 0x58, 0x35, 0x07, 0x6A, 0x99, 0xCF, 0x34, 0xDC,
+ 0x6E, 0x22, 0x50, 0xC9, 0xDE, 0xC0, 0x68, 0x9B,
+ 0x65, 0x89, 0xBC, 0xD4, 0xDB, 0xED, 0xF8, 0xAB,
+ 0xC8, 0x12, 0xA8, 0xA2, 0x2B, 0x0D, 0x40, 0x52,
+ 0xDC, 0xBB, 0xFE, 0x02, 0x32, 0x2F, 0xA4, 0xA9,
+ 0xCA, 0xD7, 0x10, 0x61, 0x21, 0x1E, 0xF0, 0xB4,
+ 0xD3, 0x50, 0x5D, 0x04, 0x0F, 0xF6, 0x00, 0xC2,
+ 0x6F, 0x16, 0x9D, 0x25, 0x36, 0x86, 0x42, 0x56,
+ 0x4A, 0x55, 0x5E, 0x09, 0xC1, 0xBE, 0xE0, 0x91
+};
+/* Macro to perform one column of the RS matrix multiplication. The
+ * parameters a, b, c, and d are the four bytes of output; i is the index
+ * of the key bytes, and w, x, y, and z, are the column of constants from
+ * the RS matrix, preprocessed through the poly_to_exp table. */
+
+#define CALC_S(a, b, c, d, i, w, x, y, z) \
+ if (key[i]) { \
+ tmp = poly_to_exp[key[i] - 1]; \
+ (a) ^= exp_to_poly[tmp + (w)]; \
+ (b) ^= exp_to_poly[tmp + (x)]; \
+ (c) ^= exp_to_poly[tmp + (y)]; \
+ (d) ^= exp_to_poly[tmp + (z)]; \
+ }
+
+/* Macros to calculate the key-dependent S-boxes for a 128-bit key using
+ * the S vector from CALC_S. CALC_SB_2 computes a single entry in all
+ * four S-boxes, where i is the index of the entry to compute, and a and b
+ * are the index numbers preprocessed through the q0 and q1 tables
+ * respectively. CALC_SB is simply a convenience to make the code shorter;
+ * it calls CALC_SB_2 four times with consecutive indices from i to i+3,
+ * using the remaining parameters two by two. */
+
+#define CALC_SB_2(i, a, b) \
+ ctx->s[0][i] = mds[0][q0[(a) ^ sa] ^ se]; \
+ ctx->s[1][i] = mds[1][q0[(b) ^ sb] ^ sf]; \
+ ctx->s[2][i] = mds[2][q1[(a) ^ sc] ^ sg]; \
+ ctx->s[3][i] = mds[3][q1[(b) ^ sd] ^ sh]
+
+#define CALC_SB(i, a, b, c, d, e, f, g, h) \
+ CALC_SB_2 (i, a, b); CALC_SB_2 ((i)+1, c, d); \
+ CALC_SB_2 ((i)+2, e, f); CALC_SB_2 ((i)+3, g, h)
+
+/* Macros exactly like CALC_SB and CALC_SB_2, but for 256-bit keys. */
+
+#define CALC_SB256_2(i, a, b) \
+ ctx->s[0][i] = mds[0][q0[q0[q1[(b) ^ sa] ^ se] ^ si] ^ sm]; \
+ ctx->s[1][i] = mds[1][q0[q1[q1[(a) ^ sb] ^ sf] ^ sj] ^ sn]; \
+ ctx->s[2][i] = mds[2][q1[q0[q0[(a) ^ sc] ^ sg] ^ sk] ^ so]; \
+ ctx->s[3][i] = mds[3][q1[q1[q0[(b) ^ sd] ^ sh] ^ sl] ^ sp];
+
+#define CALC_SB256(i, a, b, c, d, e, f, g, h) \
+ CALC_SB256_2 (i, a, b); CALC_SB256_2 ((i)+1, c, d); \
+ CALC_SB256_2 ((i)+2, e, f); CALC_SB256_2 ((i)+3, g, h)
+
+/* Macros to calculate the whitening and round subkeys. CALC_K_2 computes the
+ * last two stages of the h() function for a given index (either 2i or 2i+1).
+ * a, b, c, and d are the four bytes going into the last two stages. For
+ * 128-bit keys, this is the entire h() function and a and c are the index
+ * preprocessed through q0 and q1 respectively; for longer keys they are the
+ * output of previous stages. j is the index of the first key byte to use.
+ * CALC_K computes a pair of subkeys for 128-bit Twofish, by calling CALC_K_2
+ * twice, doing the Psuedo-Hadamard Transform, and doing the necessary
+ * rotations. Its parameters are: a, the array to write the results into,
+ * j, the index of the first output entry, k and l, the preprocessed indices
+ * for index 2i, and m and n, the preprocessed indices for index 2i+1.
+ * CALC_K256_2 expands CALC_K_2 to handle 256-bit keys, by doing two
+ * additional lookup-and-XOR stages. The parameters a and b are the index
+ * preprocessed through q0 and q1 respectively; j is the index of the first
+ * key byte to use. CALC_K256 is identical to CALC_K but for using the
+ * CALC_K256_2 macro instead of CALC_K_2. */
+
+#define CALC_K_2(a, b, c, d, j) \
+ mds[0][q0[a ^ key[(j) + 8]] ^ key[j]] \
+ ^ mds[1][q0[b ^ key[(j) + 9]] ^ key[(j) + 1]] \
+ ^ mds[2][q1[c ^ key[(j) + 10]] ^ key[(j) + 2]] \
+ ^ mds[3][q1[d ^ key[(j) + 11]] ^ key[(j) + 3]]
+
+#define CALC_K(a, j, k, l, m, n) \
+ x = CALC_K_2 (k, l, k, l, 0); \
+ y = CALC_K_2 (m, n, m, n, 4); \
+ y = (y << 8) + (y >> 24); \
+ x += y; y += x; ctx->a[j] = x; \
+ ctx->a[(j) + 1] = (y << 9) + (y >> 23)
+
+#define CALC_K256_2(a, b, j) \
+ CALC_K_2 (q0[q1[b ^ key[(j) + 24]] ^ key[(j) + 16]], \
+ q1[q1[a ^ key[(j) + 25]] ^ key[(j) + 17]], \
+ q0[q0[a ^ key[(j) + 26]] ^ key[(j) + 18]], \
+ q1[q0[b ^ key[(j) + 27]] ^ key[(j) + 19]], j)
+
+#define CALC_K256(a, j, k, l, m, n) \
+ x = CALC_K256_2 (k, l, 0); \
+ y = CALC_K256_2 (m, n, 4); \
+ y = (y << 8) + (y >> 24); \
+ x += y; y += x; ctx->a[j] = x; \
+ ctx->a[(j) + 1] = (y << 9) + (y >> 23)
+
+
+
+/* Perform the key setup. Note that this works only with 128- and 256-bit
+ * keys, despite the API that looks like it might support other sizes. */
+
+static gcry_err_code_t
+do_twofish_setkey (TWOFISH_context *ctx, const byte *key, const unsigned keylen)
+{
+ int i, j, k;
+
+ /* Temporaries for CALC_K. */
+ u32 x, y;
+
+ /* The S vector used to key the S-boxes, split up into individual bytes.
+ * 128-bit keys use only sa through sh; 256-bit use all of them. */
+ byte sa = 0, sb = 0, sc = 0, sd = 0, se = 0, sf = 0, sg = 0, sh = 0;
+ byte si = 0, sj = 0, sk = 0, sl = 0, sm = 0, sn = 0, so = 0, sp = 0;
+
+ /* Temporary for CALC_S. */
+ byte tmp;
+
+ /* Flags for self-test. */
+ static int initialized = 0;
+ static const char *selftest_failed=0;
+
+ /* Check key length. */
+ if( ( ( keylen - 16 ) | 16 ) != 16 )
+ return GPG_ERR_INV_KEYLEN;
+
+ /* Do self-test if necessary. */
+ if (!initialized)
+ {
+ initialized = 1;
+ selftest_failed = selftest ();
+ if( selftest_failed )
+ log_error("%s\n", selftest_failed );
+ }
+ if( selftest_failed )
+ return GPG_ERR_SELFTEST_FAILED;
+
+ /* Compute the first two words of the S vector. The magic numbers are
+ * the entries of the RS matrix, preprocessed through poly_to_exp. The
+ * numbers in the comments are the original (polynomial form) matrix
+ * entries. */
+ CALC_S (sa, sb, sc, sd, 0, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */
+ CALC_S (sa, sb, sc, sd, 1, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */
+ CALC_S (sa, sb, sc, sd, 2, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */
+ CALC_S (sa, sb, sc, sd, 3, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */
+ CALC_S (sa, sb, sc, sd, 4, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */
+ CALC_S (sa, sb, sc, sd, 5, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */
+ CALC_S (sa, sb, sc, sd, 6, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */
+ CALC_S (sa, sb, sc, sd, 7, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */
+ CALC_S (se, sf, sg, sh, 8, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */
+ CALC_S (se, sf, sg, sh, 9, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */
+ CALC_S (se, sf, sg, sh, 10, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */
+ CALC_S (se, sf, sg, sh, 11, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */
+ CALC_S (se, sf, sg, sh, 12, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */
+ CALC_S (se, sf, sg, sh, 13, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */
+ CALC_S (se, sf, sg, sh, 14, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */
+ CALC_S (se, sf, sg, sh, 15, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */
+
+ if (keylen == 32) /* 256-bit key */
+ {
+ /* Calculate the remaining two words of the S vector */
+ CALC_S (si, sj, sk, sl, 16, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */
+ CALC_S (si, sj, sk, sl, 17, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */
+ CALC_S (si, sj, sk, sl, 18, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */
+ CALC_S (si, sj, sk, sl, 19, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */
+ CALC_S (si, sj, sk, sl, 20, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */
+ CALC_S (si, sj, sk, sl, 21, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */
+ CALC_S (si, sj, sk, sl, 22, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */
+ CALC_S (si, sj, sk, sl, 23, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */
+ CALC_S (sm, sn, so, sp, 24, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */
+ CALC_S (sm, sn, so, sp, 25, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */
+ CALC_S (sm, sn, so, sp, 26, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */
+ CALC_S (sm, sn, so, sp, 27, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */
+ CALC_S (sm, sn, so, sp, 28, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */
+ CALC_S (sm, sn, so, sp, 29, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */
+ CALC_S (sm, sn, so, sp, 30, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */
+ CALC_S (sm, sn, so, sp, 31, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */
+
+ /* Compute the S-boxes. */
+ for(i=j=0,k=1; i < 256; i++, j += 2, k += 2 )
+ {
+ CALC_SB256_2( i, calc_sb_tbl[j], calc_sb_tbl[k] );
+ }
+
+ /* Calculate whitening and round subkeys. The constants are
+ * indices of subkeys, preprocessed through q0 and q1. */
+ CALC_K256 (w, 0, 0xA9, 0x75, 0x67, 0xF3);
+ CALC_K256 (w, 2, 0xB3, 0xC6, 0xE8, 0xF4);
+ CALC_K256 (w, 4, 0x04, 0xDB, 0xFD, 0x7B);
+ CALC_K256 (w, 6, 0xA3, 0xFB, 0x76, 0xC8);
+ CALC_K256 (k, 0, 0x9A, 0x4A, 0x92, 0xD3);
+ CALC_K256 (k, 2, 0x80, 0xE6, 0x78, 0x6B);
+ CALC_K256 (k, 4, 0xE4, 0x45, 0xDD, 0x7D);
+ CALC_K256 (k, 6, 0xD1, 0xE8, 0x38, 0x4B);
+ CALC_K256 (k, 8, 0x0D, 0xD6, 0xC6, 0x32);
+ CALC_K256 (k, 10, 0x35, 0xD8, 0x98, 0xFD);
+ CALC_K256 (k, 12, 0x18, 0x37, 0xF7, 0x71);
+ CALC_K256 (k, 14, 0xEC, 0xF1, 0x6C, 0xE1);
+ CALC_K256 (k, 16, 0x43, 0x30, 0x75, 0x0F);
+ CALC_K256 (k, 18, 0x37, 0xF8, 0x26, 0x1B);
+ CALC_K256 (k, 20, 0xFA, 0x87, 0x13, 0xFA);
+ CALC_K256 (k, 22, 0x94, 0x06, 0x48, 0x3F);
+ CALC_K256 (k, 24, 0xF2, 0x5E, 0xD0, 0xBA);
+ CALC_K256 (k, 26, 0x8B, 0xAE, 0x30, 0x5B);
+ CALC_K256 (k, 28, 0x84, 0x8A, 0x54, 0x00);
+ CALC_K256 (k, 30, 0xDF, 0xBC, 0x23, 0x9D);
+ }
+ else
+ {
+ /* Compute the S-boxes. */
+ for(i=j=0,k=1; i < 256; i++, j += 2, k += 2 )
+ {
+ CALC_SB_2( i, calc_sb_tbl[j], calc_sb_tbl[k] );
+ }
+
+ /* Calculate whitening and round subkeys. The constants are
+ * indices of subkeys, preprocessed through q0 and q1. */
+ CALC_K (w, 0, 0xA9, 0x75, 0x67, 0xF3);
+ CALC_K (w, 2, 0xB3, 0xC6, 0xE8, 0xF4);
+ CALC_K (w, 4, 0x04, 0xDB, 0xFD, 0x7B);
+ CALC_K (w, 6, 0xA3, 0xFB, 0x76, 0xC8);
+ CALC_K (k, 0, 0x9A, 0x4A, 0x92, 0xD3);
+ CALC_K (k, 2, 0x80, 0xE6, 0x78, 0x6B);
+ CALC_K (k, 4, 0xE4, 0x45, 0xDD, 0x7D);
+ CALC_K (k, 6, 0xD1, 0xE8, 0x38, 0x4B);
+ CALC_K (k, 8, 0x0D, 0xD6, 0xC6, 0x32);
+ CALC_K (k, 10, 0x35, 0xD8, 0x98, 0xFD);
+ CALC_K (k, 12, 0x18, 0x37, 0xF7, 0x71);
+ CALC_K (k, 14, 0xEC, 0xF1, 0x6C, 0xE1);
+ CALC_K (k, 16, 0x43, 0x30, 0x75, 0x0F);
+ CALC_K (k, 18, 0x37, 0xF8, 0x26, 0x1B);
+ CALC_K (k, 20, 0xFA, 0x87, 0x13, 0xFA);
+ CALC_K (k, 22, 0x94, 0x06, 0x48, 0x3F);
+ CALC_K (k, 24, 0xF2, 0x5E, 0xD0, 0xBA);
+ CALC_K (k, 26, 0x8B, 0xAE, 0x30, 0x5B);
+ CALC_K (k, 28, 0x84, 0x8A, 0x54, 0x00);
+ CALC_K (k, 30, 0xDF, 0xBC, 0x23, 0x9D);
+ }
+
+ return 0;
+}
+
+static gcry_err_code_t
+twofish_setkey (void *context, const byte *key, unsigned int keylen)
+{
+ TWOFISH_context *ctx = context;
+ int rc = do_twofish_setkey (ctx, key, keylen);
+ _gcry_burn_stack (23+6*sizeof(void*));
+ return rc;
+}
+
+
+
+/* Macros to compute the g() function in the encryption and decryption
+ * rounds. G1 is the straight g() function; G2 includes the 8-bit
+ * rotation for the high 32-bit word. */
+
+#define G1(a) \
+ (ctx->s[0][(a) & 0xFF]) ^ (ctx->s[1][((a) >> 8) & 0xFF]) \
+ ^ (ctx->s[2][((a) >> 16) & 0xFF]) ^ (ctx->s[3][(a) >> 24])
+
+#define G2(b) \
+ (ctx->s[1][(b) & 0xFF]) ^ (ctx->s[2][((b) >> 8) & 0xFF]) \
+ ^ (ctx->s[3][((b) >> 16) & 0xFF]) ^ (ctx->s[0][(b) >> 24])
+
+/* Encryption and decryption Feistel rounds. Each one calls the two g()
+ * macros, does the PHT, and performs the XOR and the appropriate bit
+ * rotations. The parameters are the round number (used to select subkeys),
+ * and the four 32-bit chunks of the text. */
+
+#define ENCROUND(n, a, b, c, d) \
+ x = G1 (a); y = G2 (b); \
+ x += y; y += x + ctx->k[2 * (n) + 1]; \
+ (c) ^= x + ctx->k[2 * (n)]; \
+ (c) = ((c) >> 1) + ((c) << 31); \
+ (d) = (((d) << 1)+((d) >> 31)) ^ y
+
+#define DECROUND(n, a, b, c, d) \
+ x = G1 (a); y = G2 (b); \
+ x += y; y += x; \
+ (d) ^= y + ctx->k[2 * (n) + 1]; \
+ (d) = ((d) >> 1) + ((d) << 31); \
+ (c) = (((c) << 1)+((c) >> 31)); \
+ (c) ^= (x + ctx->k[2 * (n)])
+
+/* Encryption and decryption cycles; each one is simply two Feistel rounds
+ * with the 32-bit chunks re-ordered to simulate the "swap" */
+
+#define ENCCYCLE(n) \
+ ENCROUND (2 * (n), a, b, c, d); \
+ ENCROUND (2 * (n) + 1, c, d, a, b)
+
+#define DECCYCLE(n) \
+ DECROUND (2 * (n) + 1, c, d, a, b); \
+ DECROUND (2 * (n), a, b, c, d)
+
+/* Macros to convert the input and output bytes into 32-bit words,
+ * and simultaneously perform the whitening step. INPACK packs word
+ * number n into the variable named by x, using whitening subkey number m.
+ * OUTUNPACK unpacks word number n from the variable named by x, using
+ * whitening subkey number m. */
+
+#define INPACK(n, x, m) \
+ x = in[4 * (n)] ^ (in[4 * (n) + 1] << 8) \
+ ^ (in[4 * (n) + 2] << 16) ^ (in[4 * (n) + 3] << 24) ^ ctx->w[m]
+
+#define OUTUNPACK(n, x, m) \
+ x ^= ctx->w[m]; \
+ out[4 * (n)] = x; out[4 * (n) + 1] = x >> 8; \
+ out[4 * (n) + 2] = x >> 16; out[4 * (n) + 3] = x >> 24
+
+/* Encrypt one block. in and out may be the same. */
+
+static void
+do_twofish_encrypt (const TWOFISH_context *ctx, byte *out, const byte *in)
+{
+ /* The four 32-bit chunks of the text. */
+ u32 a, b, c, d;
+
+ /* Temporaries used by the round function. */
+ u32 x, y;
+
+ /* Input whitening and packing. */
+ INPACK (0, a, 0);
+ INPACK (1, b, 1);
+ INPACK (2, c, 2);
+ INPACK (3, d, 3);
+
+ /* Encryption Feistel cycles. */
+ ENCCYCLE (0);
+ ENCCYCLE (1);
+ ENCCYCLE (2);
+ ENCCYCLE (3);
+ ENCCYCLE (4);
+ ENCCYCLE (5);
+ ENCCYCLE (6);
+ ENCCYCLE (7);
+
+ /* Output whitening and unpacking. */
+ OUTUNPACK (0, c, 4);
+ OUTUNPACK (1, d, 5);
+ OUTUNPACK (2, a, 6);
+ OUTUNPACK (3, b, 7);
+}
+
+static void
+twofish_encrypt (void *context, byte *out, const byte *in)
+{
+ TWOFISH_context *ctx = context;
+ do_twofish_encrypt (ctx, out, in);
+ _gcry_burn_stack (24+3*sizeof (void*));
+}
+
+
+/* Decrypt one block. in and out may be the same. */
+
+static void
+do_twofish_decrypt (const TWOFISH_context *ctx, byte *out, const byte *in)
+{
+ /* The four 32-bit chunks of the text. */
+ u32 a, b, c, d;
+
+ /* Temporaries used by the round function. */
+ u32 x, y;
+
+ /* Input whitening and packing. */
+ INPACK (0, c, 4);
+ INPACK (1, d, 5);
+ INPACK (2, a, 6);
+ INPACK (3, b, 7);
+
+ /* Encryption Feistel cycles. */
+ DECCYCLE (7);
+ DECCYCLE (6);
+ DECCYCLE (5);
+ DECCYCLE (4);
+ DECCYCLE (3);
+ DECCYCLE (2);
+ DECCYCLE (1);
+ DECCYCLE (0);
+
+ /* Output whitening and unpacking. */
+ OUTUNPACK (0, a, 0);
+ OUTUNPACK (1, b, 1);
+ OUTUNPACK (2, c, 2);
+ OUTUNPACK (3, d, 3);
+}
+
+static void
+twofish_decrypt (void *context, byte *out, const byte *in)
+{
+ TWOFISH_context *ctx = context;
+
+ do_twofish_decrypt (ctx, out, in);
+ _gcry_burn_stack (24+3*sizeof (void*));
+}
+
+
+/* Test a single encryption and decryption with each key size. */
+
+
+/* More complete test program. This does 1000 encryptions and decryptions
+ * with each of 250 128-bit keys and 2000 encryptions and decryptions with
+ * each of 125 256-bit keys, using a feedback scheme similar to a Feistel
+ * cipher, so as to be sure of testing all the table entries pretty
+ * thoroughly. We keep changing the keys so as to get a more meaningful
+ * performance number, since the key setup is non-trivial for Twofish. */
+
+#ifdef TEST
+
+
+int
+main()
+{
+ TWOFISH_context ctx; /* Expanded key. */
+ int i, j; /* Loop counters. */
+
+ const char *encrypt_msg; /* Message to print regarding encryption test;
+ * the printf is done outside the loop to avoid
+ * stuffing up the timing. */
+ clock_t timer; /* For computing elapsed time. */
+
+ /* Test buffer. */
+ byte buffer[4][16] = {
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+ 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF},
+ {0x0F, 0x1E, 0x2D, 0x3C, 0x4B, 0x5A, 0x69, 0x78,
+ 0x87, 0x96, 0xA5, 0xB4, 0xC3, 0xD2 ,0xE1, 0xF0},
+ {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+ 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54 ,0x32, 0x10},
+ {0x01, 0x23, 0x45, 0x67, 0x76, 0x54 ,0x32, 0x10,
+ 0x89, 0xAB, 0xCD, 0xEF, 0xFE, 0xDC, 0xBA, 0x98}
+ };
+
+ /* Expected outputs for the million-operation test */
+ static const byte test_encrypt[4][16] = {
+ {0xC8, 0x23, 0xB8, 0xB7, 0x6B, 0xFE, 0x91, 0x13,
+ 0x2F, 0xA7, 0x5E, 0xE6, 0x94, 0x77, 0x6F, 0x6B},
+ {0x90, 0x36, 0xD8, 0x29, 0xD5, 0x96, 0xC2, 0x8E,
+ 0xE4, 0xFF, 0x76, 0xBC, 0xE5, 0x77, 0x88, 0x27},
+ {0xB8, 0x78, 0x69, 0xAF, 0x42, 0x8B, 0x48, 0x64,
+ 0xF7, 0xE9, 0xF3, 0x9C, 0x42, 0x18, 0x7B, 0x73},
+ {0x7A, 0x88, 0xFB, 0xEB, 0x90, 0xA4, 0xB4, 0xA8,
+ 0x43, 0xA3, 0x1D, 0xF1, 0x26, 0xC4, 0x53, 0x57}
+ };
+ static const byte test_decrypt[4][16] = {
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+ 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF},
+ {0x0F, 0x1E, 0x2D, 0x3C, 0x4B, 0x5A, 0x69, 0x78,
+ 0x87, 0x96, 0xA5, 0xB4, 0xC3, 0xD2 ,0xE1, 0xF0},
+ {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+ 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54 ,0x32, 0x10},
+ {0x01, 0x23, 0x45, 0x67, 0x76, 0x54 ,0x32, 0x10,
+ 0x89, 0xAB, 0xCD, 0xEF, 0xFE, 0xDC, 0xBA, 0x98}
+ };
+
+ /* Start the timer ticking. */
+ timer = clock ();
+
+ /* Encryption test. */
+ for (i = 0; i < 125; i++)
+ {
+ twofish_setkey (&ctx, buffer[0], sizeof (buffer[0]));
+ for (j = 0; j < 1000; j++)
+ twofish_encrypt (&ctx, buffer[2], buffer[2]);
+ twofish_setkey (&ctx, buffer[1], sizeof (buffer[1]));
+ for (j = 0; j < 1000; j++)
+ twofish_encrypt (&ctx, buffer[3], buffer[3]);
+ twofish_setkey (&ctx, buffer[2], sizeof (buffer[2])*2);
+ for (j = 0; j < 1000; j++) {
+ twofish_encrypt (&ctx, buffer[0], buffer[0]);
+ twofish_encrypt (&ctx, buffer[1], buffer[1]);
+ }
+ }
+ encrypt_msg = memcmp (buffer, test_encrypt, sizeof (test_encrypt)) ?
+ "encryption failure!\n" : "encryption OK!\n";
+
+ /* Decryption test. */
+ for (i = 0; i < 125; i++)
+ {
+ twofish_setkey (&ctx, buffer[2], sizeof (buffer[2])*2);
+ for (j = 0; j < 1000; j++) {
+ twofish_decrypt (&ctx, buffer[0], buffer[0]);
+ twofish_decrypt (&ctx, buffer[1], buffer[1]);
+ }
+ twofish_setkey (&ctx, buffer[1], sizeof (buffer[1]));
+ for (j = 0; j < 1000; j++)
+ twofish_decrypt (&ctx, buffer[3], buffer[3]);
+ twofish_setkey (&ctx, buffer[0], sizeof (buffer[0]));
+ for (j = 0; j < 1000; j++)
+ twofish_decrypt (&ctx, buffer[2], buffer[2]);
+ }
+
+ /* Stop the timer, and print results. */
+ timer = clock () - timer;
+ printf (encrypt_msg);
+ printf (memcmp (buffer, test_decrypt, sizeof (test_decrypt)) ?
+ "decryption failure!\n" : "decryption OK!\n");
+ printf ("elapsed time: %.1f s.\n", (float) timer / CLOCKS_PER_SEC);
+
+ return 0;
+}
+
+#endif /* TEST */
+
+
+
+gcry_cipher_spec_t _gcry_cipher_spec_twofish =
+ {
+ "TWOFISH", NULL, NULL, 16, 256, sizeof (TWOFISH_context),
+ twofish_setkey, twofish_encrypt, twofish_decrypt
+ };
+
+gcry_cipher_spec_t _gcry_cipher_spec_twofish128 =
+ {
+ "TWOFISH128", NULL, NULL, 16, 128, sizeof (TWOFISH_context),
+ twofish_setkey, twofish_encrypt, twofish_decrypt
+ };
+
+
+GRUB_MOD_INIT(gcry_twofish)
+{
+ grub_cipher_register (&_gcry_cipher_spec_twofish);
+ grub_cipher_register (&_gcry_cipher_spec_twofish128);
+}
+
+GRUB_MOD_FINI(gcry_twofish)
+{
+ grub_cipher_unregister (&_gcry_cipher_spec_twofish);
+ grub_cipher_unregister (&_gcry_cipher_spec_twofish128);
+}
diff --git a/grub-core/lib/libgcrypt-grub/cipher/types.h b/grub-core/lib/libgcrypt-grub/cipher/types.h
new file mode 100644
index 0000000..2ec78b6
--- /dev/null
+++ b/grub-core/lib/libgcrypt-grub/cipher/types.h
@@ -0,0 +1,2 @@
+#include <grub/types.h>
+#include <cipher_wrap.h>
diff --git a/grub-core/lib/libgcrypt-grub/cipher/whirlpool.c b/grub-core/lib/libgcrypt-grub/cipher/whirlpool.c
new file mode 100644
index 0000000..d4ea993
--- /dev/null
+++ b/grub-core/lib/libgcrypt-grub/cipher/whirlpool.c
@@ -0,0 +1,1419 @@
+/* This file was automatically imported with
+ import_gcry.py. Please don't modify it */
+#include <grub/dl.h>
+GRUB_MOD_LICENSE ("GPLv3+");
+/* whirlpool.c - Whirlpool hashing algorithm
+ * Copyright (C) 2005 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ *
+ */
+
+/* This is an implementation of the Whirlpool hashing algorithm, which
+ has been developed by Vincent Rijmen and Paulo S. L. M. Barreto;
+ it's homepage is located at:
+ http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html.
+
+ The S-Boxes and the structure of the main transformation function,
+ which implements an optimized version of the algorithm, is taken
+ from the reference implementation available from
+ http://planeta.terra.com.br/informatica/paulobarreto/whirlpool.zip. */
+
+
+#include "types.h"
+#include "g10lib.h"
+#include "memory.h"
+#include "cipher.h"
+
+#include "bithelp.h"
+
+/* Size of a whirlpool block (in bytes). */
+#define BLOCK_SIZE 64
+
+/* Number of rounds. */
+#define R 10
+
+
+
+/* Types. */
+typedef u64 whirlpool_block_t[BLOCK_SIZE / 8];
+
+typedef struct {
+ whirlpool_block_t hash_state;
+ unsigned char buffer[BLOCK_SIZE];
+ size_t count;
+ unsigned char length[32];
+} whirlpool_context_t;
+
+
+
+/* Macros. */
+
+/* Convert the the buffer BUFFER into a block BLOCK, using I as
+ counter. */
+#define buffer_to_block(buffer, block, i) \
+ for (i = 0; i < 8; i++) \
+ (block)[i] = ((u64) (0 \
+ | (((u64) (buffer)[i * 8 + 0]) << 56) \
+ | (((u64) (buffer)[i * 8 + 1]) << 48) \
+ | (((u64) (buffer)[i * 8 + 2]) << 40) \
+ | (((u64) (buffer)[i * 8 + 3]) << 32) \
+ | (((u64) (buffer)[i * 8 + 4]) << 24) \
+ | (((u64) (buffer)[i * 8 + 5]) << 16) \
+ | (((u64) (buffer)[i * 8 + 6]) << 8) \
+ | (((u64) (buffer)[i * 8 + 7]) << 0)));
+
+/* Convert the block BLOCK into a buffer BUFFER, using I as
+ counter. */
+#define block_to_buffer(buffer, block, i) \
+ for (i = 0; i < 8; i++) \
+ { \
+ (buffer)[i * 8 + 0] = (block[i] >> 56) & 0xFF; \
+ (buffer)[i * 8 + 1] = (block[i] >> 48) & 0xFF; \
+ (buffer)[i * 8 + 2] = (block[i] >> 40) & 0xFF; \
+ (buffer)[i * 8 + 3] = (block[i] >> 32) & 0xFF; \
+ (buffer)[i * 8 + 4] = (block[i] >> 24) & 0xFF; \
+ (buffer)[i * 8 + 5] = (block[i] >> 16) & 0xFF; \
+ (buffer)[i * 8 + 6] = (block[i] >> 8) & 0xFF; \
+ (buffer)[i * 8 + 7] = (block[i] >> 0) & 0xFF; \
+ }
+
+/* Copy the block BLOCK_SRC to BLOCK_DST, using I as counter. */
+#define block_copy(block_dst, block_src, i) \
+ for (i = 0; i < 8; i++) \
+ block_dst[i] = block_src[i];
+
+/* XOR the block BLOCK_SRC into BLOCK_DST, using I as counter. */
+#define block_xor(block_dst, block_src, i) \
+ for (i = 0; i < 8; i++) \
+ block_dst[i] ^= block_src[i];
+
+
+
+/* Round constants. */
+static const u64 rc[R] =
+ {
+ U64_C (0x1823c6e887b8014f),
+ U64_C (0x36a6d2f5796f9152),
+ U64_C (0x60bc9b8ea30c7b35),
+ U64_C (0x1de0d7c22e4bfe57),
+ U64_C (0x157737e59ff04ada),
+ U64_C (0x58c9290ab1a06b85),
+ U64_C (0xbd5d10f4cb3e0567),
+ U64_C (0xe427418ba77d95d8),
+ U64_C (0xfbee7c66dd17479e),
+ U64_C (0xca2dbf07ad5a8333),
+ };
+
+
+
+/* Main lookup boxes. */
+static const u64 C0[256] =
+ {
+ U64_C (0x18186018c07830d8), U64_C (0x23238c2305af4626),
+ U64_C (0xc6c63fc67ef991b8), U64_C (0xe8e887e8136fcdfb),
+ U64_C (0x878726874ca113cb), U64_C (0xb8b8dab8a9626d11),
+ U64_C (0x0101040108050209), U64_C (0x4f4f214f426e9e0d),
+ U64_C (0x3636d836adee6c9b), U64_C (0xa6a6a2a6590451ff),
+ U64_C (0xd2d26fd2debdb90c), U64_C (0xf5f5f3f5fb06f70e),
+ U64_C (0x7979f979ef80f296), U64_C (0x6f6fa16f5fcede30),
+ U64_C (0x91917e91fcef3f6d), U64_C (0x52525552aa07a4f8),
+ U64_C (0x60609d6027fdc047), U64_C (0xbcbccabc89766535),
+ U64_C (0x9b9b569baccd2b37), U64_C (0x8e8e028e048c018a),
+ U64_C (0xa3a3b6a371155bd2), U64_C (0x0c0c300c603c186c),
+ U64_C (0x7b7bf17bff8af684), U64_C (0x3535d435b5e16a80),
+ U64_C (0x1d1d741de8693af5), U64_C (0xe0e0a7e05347ddb3),
+ U64_C (0xd7d77bd7f6acb321), U64_C (0xc2c22fc25eed999c),
+ U64_C (0x2e2eb82e6d965c43), U64_C (0x4b4b314b627a9629),
+ U64_C (0xfefedffea321e15d), U64_C (0x575741578216aed5),
+ U64_C (0x15155415a8412abd), U64_C (0x7777c1779fb6eee8),
+ U64_C (0x3737dc37a5eb6e92), U64_C (0xe5e5b3e57b56d79e),
+ U64_C (0x9f9f469f8cd92313), U64_C (0xf0f0e7f0d317fd23),
+ U64_C (0x4a4a354a6a7f9420), U64_C (0xdada4fda9e95a944),
+ U64_C (0x58587d58fa25b0a2), U64_C (0xc9c903c906ca8fcf),
+ U64_C (0x2929a429558d527c), U64_C (0x0a0a280a5022145a),
+ U64_C (0xb1b1feb1e14f7f50), U64_C (0xa0a0baa0691a5dc9),
+ U64_C (0x6b6bb16b7fdad614), U64_C (0x85852e855cab17d9),
+ U64_C (0xbdbdcebd8173673c), U64_C (0x5d5d695dd234ba8f),
+ U64_C (0x1010401080502090), U64_C (0xf4f4f7f4f303f507),
+ U64_C (0xcbcb0bcb16c08bdd), U64_C (0x3e3ef83eedc67cd3),
+ U64_C (0x0505140528110a2d), U64_C (0x676781671fe6ce78),
+ U64_C (0xe4e4b7e47353d597), U64_C (0x27279c2725bb4e02),
+ U64_C (0x4141194132588273), U64_C (0x8b8b168b2c9d0ba7),
+ U64_C (0xa7a7a6a7510153f6), U64_C (0x7d7de97dcf94fab2),
+ U64_C (0x95956e95dcfb3749), U64_C (0xd8d847d88e9fad56),
+ U64_C (0xfbfbcbfb8b30eb70), U64_C (0xeeee9fee2371c1cd),
+ U64_C (0x7c7ced7cc791f8bb), U64_C (0x6666856617e3cc71),
+ U64_C (0xdddd53dda68ea77b), U64_C (0x17175c17b84b2eaf),
+ U64_C (0x4747014702468e45), U64_C (0x9e9e429e84dc211a),
+ U64_C (0xcaca0fca1ec589d4), U64_C (0x2d2db42d75995a58),
+ U64_C (0xbfbfc6bf9179632e), U64_C (0x07071c07381b0e3f),
+ U64_C (0xadad8ead012347ac), U64_C (0x5a5a755aea2fb4b0),
+ U64_C (0x838336836cb51bef), U64_C (0x3333cc3385ff66b6),
+ U64_C (0x636391633ff2c65c), U64_C (0x02020802100a0412),
+ U64_C (0xaaaa92aa39384993), U64_C (0x7171d971afa8e2de),
+ U64_C (0xc8c807c80ecf8dc6), U64_C (0x19196419c87d32d1),
+ U64_C (0x494939497270923b), U64_C (0xd9d943d9869aaf5f),
+ U64_C (0xf2f2eff2c31df931), U64_C (0xe3e3abe34b48dba8),
+ U64_C (0x5b5b715be22ab6b9), U64_C (0x88881a8834920dbc),
+ U64_C (0x9a9a529aa4c8293e), U64_C (0x262698262dbe4c0b),
+ U64_C (0x3232c8328dfa64bf), U64_C (0xb0b0fab0e94a7d59),
+ U64_C (0xe9e983e91b6acff2), U64_C (0x0f0f3c0f78331e77),
+ U64_C (0xd5d573d5e6a6b733), U64_C (0x80803a8074ba1df4),
+ U64_C (0xbebec2be997c6127), U64_C (0xcdcd13cd26de87eb),
+ U64_C (0x3434d034bde46889), U64_C (0x48483d487a759032),
+ U64_C (0xffffdbffab24e354), U64_C (0x7a7af57af78ff48d),
+ U64_C (0x90907a90f4ea3d64), U64_C (0x5f5f615fc23ebe9d),
+ U64_C (0x202080201da0403d), U64_C (0x6868bd6867d5d00f),
+ U64_C (0x1a1a681ad07234ca), U64_C (0xaeae82ae192c41b7),
+ U64_C (0xb4b4eab4c95e757d), U64_C (0x54544d549a19a8ce),
+ U64_C (0x93937693ece53b7f), U64_C (0x222288220daa442f),
+ U64_C (0x64648d6407e9c863), U64_C (0xf1f1e3f1db12ff2a),
+ U64_C (0x7373d173bfa2e6cc), U64_C (0x12124812905a2482),
+ U64_C (0x40401d403a5d807a), U64_C (0x0808200840281048),
+ U64_C (0xc3c32bc356e89b95), U64_C (0xecec97ec337bc5df),
+ U64_C (0xdbdb4bdb9690ab4d), U64_C (0xa1a1bea1611f5fc0),
+ U64_C (0x8d8d0e8d1c830791), U64_C (0x3d3df43df5c97ac8),
+ U64_C (0x97976697ccf1335b), U64_C (0x0000000000000000),
+ U64_C (0xcfcf1bcf36d483f9), U64_C (0x2b2bac2b4587566e),
+ U64_C (0x7676c57697b3ece1), U64_C (0x8282328264b019e6),
+ U64_C (0xd6d67fd6fea9b128), U64_C (0x1b1b6c1bd87736c3),
+ U64_C (0xb5b5eeb5c15b7774), U64_C (0xafaf86af112943be),
+ U64_C (0x6a6ab56a77dfd41d), U64_C (0x50505d50ba0da0ea),
+ U64_C (0x45450945124c8a57), U64_C (0xf3f3ebf3cb18fb38),
+ U64_C (0x3030c0309df060ad), U64_C (0xefef9bef2b74c3c4),
+ U64_C (0x3f3ffc3fe5c37eda), U64_C (0x55554955921caac7),
+ U64_C (0xa2a2b2a2791059db), U64_C (0xeaea8fea0365c9e9),
+ U64_C (0x656589650fecca6a), U64_C (0xbabad2bab9686903),
+ U64_C (0x2f2fbc2f65935e4a), U64_C (0xc0c027c04ee79d8e),
+ U64_C (0xdede5fdebe81a160), U64_C (0x1c1c701ce06c38fc),
+ U64_C (0xfdfdd3fdbb2ee746), U64_C (0x4d4d294d52649a1f),
+ U64_C (0x92927292e4e03976), U64_C (0x7575c9758fbceafa),
+ U64_C (0x06061806301e0c36), U64_C (0x8a8a128a249809ae),
+ U64_C (0xb2b2f2b2f940794b), U64_C (0xe6e6bfe66359d185),
+ U64_C (0x0e0e380e70361c7e), U64_C (0x1f1f7c1ff8633ee7),
+ U64_C (0x6262956237f7c455), U64_C (0xd4d477d4eea3b53a),
+ U64_C (0xa8a89aa829324d81), U64_C (0x96966296c4f43152),
+ U64_C (0xf9f9c3f99b3aef62), U64_C (0xc5c533c566f697a3),
+ U64_C (0x2525942535b14a10), U64_C (0x59597959f220b2ab),
+ U64_C (0x84842a8454ae15d0), U64_C (0x7272d572b7a7e4c5),
+ U64_C (0x3939e439d5dd72ec), U64_C (0x4c4c2d4c5a619816),
+ U64_C (0x5e5e655eca3bbc94), U64_C (0x7878fd78e785f09f),
+ U64_C (0x3838e038ddd870e5), U64_C (0x8c8c0a8c14860598),
+ U64_C (0xd1d163d1c6b2bf17), U64_C (0xa5a5aea5410b57e4),
+ U64_C (0xe2e2afe2434dd9a1), U64_C (0x616199612ff8c24e),
+ U64_C (0xb3b3f6b3f1457b42), U64_C (0x2121842115a54234),
+ U64_C (0x9c9c4a9c94d62508), U64_C (0x1e1e781ef0663cee),
+ U64_C (0x4343114322528661), U64_C (0xc7c73bc776fc93b1),
+ U64_C (0xfcfcd7fcb32be54f), U64_C (0x0404100420140824),
+ U64_C (0x51515951b208a2e3), U64_C (0x99995e99bcc72f25),
+ U64_C (0x6d6da96d4fc4da22), U64_C (0x0d0d340d68391a65),
+ U64_C (0xfafacffa8335e979), U64_C (0xdfdf5bdfb684a369),
+ U64_C (0x7e7ee57ed79bfca9), U64_C (0x242490243db44819),
+ U64_C (0x3b3bec3bc5d776fe), U64_C (0xabab96ab313d4b9a),
+ U64_C (0xcece1fce3ed181f0), U64_C (0x1111441188552299),
+ U64_C (0x8f8f068f0c890383), U64_C (0x4e4e254e4a6b9c04),
+ U64_C (0xb7b7e6b7d1517366), U64_C (0xebeb8beb0b60cbe0),
+ U64_C (0x3c3cf03cfdcc78c1), U64_C (0x81813e817cbf1ffd),
+ U64_C (0x94946a94d4fe3540), U64_C (0xf7f7fbf7eb0cf31c),
+ U64_C (0xb9b9deb9a1676f18), U64_C (0x13134c13985f268b),
+ U64_C (0x2c2cb02c7d9c5851), U64_C (0xd3d36bd3d6b8bb05),
+ U64_C (0xe7e7bbe76b5cd38c), U64_C (0x6e6ea56e57cbdc39),
+ U64_C (0xc4c437c46ef395aa), U64_C (0x03030c03180f061b),
+ U64_C (0x565645568a13acdc), U64_C (0x44440d441a49885e),
+ U64_C (0x7f7fe17fdf9efea0), U64_C (0xa9a99ea921374f88),
+ U64_C (0x2a2aa82a4d825467), U64_C (0xbbbbd6bbb16d6b0a),
+ U64_C (0xc1c123c146e29f87), U64_C (0x53535153a202a6f1),
+ U64_C (0xdcdc57dcae8ba572), U64_C (0x0b0b2c0b58271653),
+ U64_C (0x9d9d4e9d9cd32701), U64_C (0x6c6cad6c47c1d82b),
+ U64_C (0x3131c43195f562a4), U64_C (0x7474cd7487b9e8f3),
+ U64_C (0xf6f6fff6e309f115), U64_C (0x464605460a438c4c),
+ U64_C (0xacac8aac092645a5), U64_C (0x89891e893c970fb5),
+ U64_C (0x14145014a04428b4), U64_C (0xe1e1a3e15b42dfba),
+ U64_C (0x16165816b04e2ca6), U64_C (0x3a3ae83acdd274f7),
+ U64_C (0x6969b9696fd0d206), U64_C (0x09092409482d1241),
+ U64_C (0x7070dd70a7ade0d7), U64_C (0xb6b6e2b6d954716f),
+ U64_C (0xd0d067d0ceb7bd1e), U64_C (0xeded93ed3b7ec7d6),
+ U64_C (0xcccc17cc2edb85e2), U64_C (0x424215422a578468),
+ U64_C (0x98985a98b4c22d2c), U64_C (0xa4a4aaa4490e55ed),
+ U64_C (0x2828a0285d885075), U64_C (0x5c5c6d5cda31b886),
+ U64_C (0xf8f8c7f8933fed6b), U64_C (0x8686228644a411c2),
+ };
+
+static const u64 C1[256] =
+ {
+ U64_C (0xd818186018c07830), U64_C (0x2623238c2305af46),
+ U64_C (0xb8c6c63fc67ef991), U64_C (0xfbe8e887e8136fcd),
+ U64_C (0xcb878726874ca113), U64_C (0x11b8b8dab8a9626d),
+ U64_C (0x0901010401080502), U64_C (0x0d4f4f214f426e9e),
+ U64_C (0x9b3636d836adee6c), U64_C (0xffa6a6a2a6590451),
+ U64_C (0x0cd2d26fd2debdb9), U64_C (0x0ef5f5f3f5fb06f7),
+ U64_C (0x967979f979ef80f2), U64_C (0x306f6fa16f5fcede),
+ U64_C (0x6d91917e91fcef3f), U64_C (0xf852525552aa07a4),
+ U64_C (0x4760609d6027fdc0), U64_C (0x35bcbccabc897665),
+ U64_C (0x379b9b569baccd2b), U64_C (0x8a8e8e028e048c01),
+ U64_C (0xd2a3a3b6a371155b), U64_C (0x6c0c0c300c603c18),
+ U64_C (0x847b7bf17bff8af6), U64_C (0x803535d435b5e16a),
+ U64_C (0xf51d1d741de8693a), U64_C (0xb3e0e0a7e05347dd),
+ U64_C (0x21d7d77bd7f6acb3), U64_C (0x9cc2c22fc25eed99),
+ U64_C (0x432e2eb82e6d965c), U64_C (0x294b4b314b627a96),
+ U64_C (0x5dfefedffea321e1), U64_C (0xd5575741578216ae),
+ U64_C (0xbd15155415a8412a), U64_C (0xe87777c1779fb6ee),
+ U64_C (0x923737dc37a5eb6e), U64_C (0x9ee5e5b3e57b56d7),
+ U64_C (0x139f9f469f8cd923), U64_C (0x23f0f0e7f0d317fd),
+ U64_C (0x204a4a354a6a7f94), U64_C (0x44dada4fda9e95a9),
+ U64_C (0xa258587d58fa25b0), U64_C (0xcfc9c903c906ca8f),
+ U64_C (0x7c2929a429558d52), U64_C (0x5a0a0a280a502214),
+ U64_C (0x50b1b1feb1e14f7f), U64_C (0xc9a0a0baa0691a5d),
+ U64_C (0x146b6bb16b7fdad6), U64_C (0xd985852e855cab17),
+ U64_C (0x3cbdbdcebd817367), U64_C (0x8f5d5d695dd234ba),
+ U64_C (0x9010104010805020), U64_C (0x07f4f4f7f4f303f5),
+ U64_C (0xddcbcb0bcb16c08b), U64_C (0xd33e3ef83eedc67c),
+ U64_C (0x2d0505140528110a), U64_C (0x78676781671fe6ce),
+ U64_C (0x97e4e4b7e47353d5), U64_C (0x0227279c2725bb4e),
+ U64_C (0x7341411941325882), U64_C (0xa78b8b168b2c9d0b),
+ U64_C (0xf6a7a7a6a7510153), U64_C (0xb27d7de97dcf94fa),
+ U64_C (0x4995956e95dcfb37), U64_C (0x56d8d847d88e9fad),
+ U64_C (0x70fbfbcbfb8b30eb), U64_C (0xcdeeee9fee2371c1),
+ U64_C (0xbb7c7ced7cc791f8), U64_C (0x716666856617e3cc),
+ U64_C (0x7bdddd53dda68ea7), U64_C (0xaf17175c17b84b2e),
+ U64_C (0x454747014702468e), U64_C (0x1a9e9e429e84dc21),
+ U64_C (0xd4caca0fca1ec589), U64_C (0x582d2db42d75995a),
+ U64_C (0x2ebfbfc6bf917963), U64_C (0x3f07071c07381b0e),
+ U64_C (0xacadad8ead012347), U64_C (0xb05a5a755aea2fb4),
+ U64_C (0xef838336836cb51b), U64_C (0xb63333cc3385ff66),
+ U64_C (0x5c636391633ff2c6), U64_C (0x1202020802100a04),
+ U64_C (0x93aaaa92aa393849), U64_C (0xde7171d971afa8e2),
+ U64_C (0xc6c8c807c80ecf8d), U64_C (0xd119196419c87d32),
+ U64_C (0x3b49493949727092), U64_C (0x5fd9d943d9869aaf),
+ U64_C (0x31f2f2eff2c31df9), U64_C (0xa8e3e3abe34b48db),
+ U64_C (0xb95b5b715be22ab6), U64_C (0xbc88881a8834920d),
+ U64_C (0x3e9a9a529aa4c829), U64_C (0x0b262698262dbe4c),
+ U64_C (0xbf3232c8328dfa64), U64_C (0x59b0b0fab0e94a7d),
+ U64_C (0xf2e9e983e91b6acf), U64_C (0x770f0f3c0f78331e),
+ U64_C (0x33d5d573d5e6a6b7), U64_C (0xf480803a8074ba1d),
+ U64_C (0x27bebec2be997c61), U64_C (0xebcdcd13cd26de87),
+ U64_C (0x893434d034bde468), U64_C (0x3248483d487a7590),
+ U64_C (0x54ffffdbffab24e3), U64_C (0x8d7a7af57af78ff4),
+ U64_C (0x6490907a90f4ea3d), U64_C (0x9d5f5f615fc23ebe),
+ U64_C (0x3d202080201da040), U64_C (0x0f6868bd6867d5d0),
+ U64_C (0xca1a1a681ad07234), U64_C (0xb7aeae82ae192c41),
+ U64_C (0x7db4b4eab4c95e75), U64_C (0xce54544d549a19a8),
+ U64_C (0x7f93937693ece53b), U64_C (0x2f222288220daa44),
+ U64_C (0x6364648d6407e9c8), U64_C (0x2af1f1e3f1db12ff),
+ U64_C (0xcc7373d173bfa2e6), U64_C (0x8212124812905a24),
+ U64_C (0x7a40401d403a5d80), U64_C (0x4808082008402810),
+ U64_C (0x95c3c32bc356e89b), U64_C (0xdfecec97ec337bc5),
+ U64_C (0x4ddbdb4bdb9690ab), U64_C (0xc0a1a1bea1611f5f),
+ U64_C (0x918d8d0e8d1c8307), U64_C (0xc83d3df43df5c97a),
+ U64_C (0x5b97976697ccf133), U64_C (0x0000000000000000),
+ U64_C (0xf9cfcf1bcf36d483), U64_C (0x6e2b2bac2b458756),
+ U64_C (0xe17676c57697b3ec), U64_C (0xe68282328264b019),
+ U64_C (0x28d6d67fd6fea9b1), U64_C (0xc31b1b6c1bd87736),
+ U64_C (0x74b5b5eeb5c15b77), U64_C (0xbeafaf86af112943),
+ U64_C (0x1d6a6ab56a77dfd4), U64_C (0xea50505d50ba0da0),
+ U64_C (0x5745450945124c8a), U64_C (0x38f3f3ebf3cb18fb),
+ U64_C (0xad3030c0309df060), U64_C (0xc4efef9bef2b74c3),
+ U64_C (0xda3f3ffc3fe5c37e), U64_C (0xc755554955921caa),
+ U64_C (0xdba2a2b2a2791059), U64_C (0xe9eaea8fea0365c9),
+ U64_C (0x6a656589650fecca), U64_C (0x03babad2bab96869),
+ U64_C (0x4a2f2fbc2f65935e), U64_C (0x8ec0c027c04ee79d),
+ U64_C (0x60dede5fdebe81a1), U64_C (0xfc1c1c701ce06c38),
+ U64_C (0x46fdfdd3fdbb2ee7), U64_C (0x1f4d4d294d52649a),
+ U64_C (0x7692927292e4e039), U64_C (0xfa7575c9758fbcea),
+ U64_C (0x3606061806301e0c), U64_C (0xae8a8a128a249809),
+ U64_C (0x4bb2b2f2b2f94079), U64_C (0x85e6e6bfe66359d1),
+ U64_C (0x7e0e0e380e70361c), U64_C (0xe71f1f7c1ff8633e),
+ U64_C (0x556262956237f7c4), U64_C (0x3ad4d477d4eea3b5),
+ U64_C (0x81a8a89aa829324d), U64_C (0x5296966296c4f431),
+ U64_C (0x62f9f9c3f99b3aef), U64_C (0xa3c5c533c566f697),
+ U64_C (0x102525942535b14a), U64_C (0xab59597959f220b2),
+ U64_C (0xd084842a8454ae15), U64_C (0xc57272d572b7a7e4),
+ U64_C (0xec3939e439d5dd72), U64_C (0x164c4c2d4c5a6198),
+ U64_C (0x945e5e655eca3bbc), U64_C (0x9f7878fd78e785f0),
+ U64_C (0xe53838e038ddd870), U64_C (0x988c8c0a8c148605),
+ U64_C (0x17d1d163d1c6b2bf), U64_C (0xe4a5a5aea5410b57),
+ U64_C (0xa1e2e2afe2434dd9), U64_C (0x4e616199612ff8c2),
+ U64_C (0x42b3b3f6b3f1457b), U64_C (0x342121842115a542),
+ U64_C (0x089c9c4a9c94d625), U64_C (0xee1e1e781ef0663c),
+ U64_C (0x6143431143225286), U64_C (0xb1c7c73bc776fc93),
+ U64_C (0x4ffcfcd7fcb32be5), U64_C (0x2404041004201408),
+ U64_C (0xe351515951b208a2), U64_C (0x2599995e99bcc72f),
+ U64_C (0x226d6da96d4fc4da), U64_C (0x650d0d340d68391a),
+ U64_C (0x79fafacffa8335e9), U64_C (0x69dfdf5bdfb684a3),
+ U64_C (0xa97e7ee57ed79bfc), U64_C (0x19242490243db448),
+ U64_C (0xfe3b3bec3bc5d776), U64_C (0x9aabab96ab313d4b),
+ U64_C (0xf0cece1fce3ed181), U64_C (0x9911114411885522),
+ U64_C (0x838f8f068f0c8903), U64_C (0x044e4e254e4a6b9c),
+ U64_C (0x66b7b7e6b7d15173), U64_C (0xe0ebeb8beb0b60cb),
+ U64_C (0xc13c3cf03cfdcc78), U64_C (0xfd81813e817cbf1f),
+ U64_C (0x4094946a94d4fe35), U64_C (0x1cf7f7fbf7eb0cf3),
+ U64_C (0x18b9b9deb9a1676f), U64_C (0x8b13134c13985f26),
+ U64_C (0x512c2cb02c7d9c58), U64_C (0x05d3d36bd3d6b8bb),
+ U64_C (0x8ce7e7bbe76b5cd3), U64_C (0x396e6ea56e57cbdc),
+ U64_C (0xaac4c437c46ef395), U64_C (0x1b03030c03180f06),
+ U64_C (0xdc565645568a13ac), U64_C (0x5e44440d441a4988),
+ U64_C (0xa07f7fe17fdf9efe), U64_C (0x88a9a99ea921374f),
+ U64_C (0x672a2aa82a4d8254), U64_C (0x0abbbbd6bbb16d6b),
+ U64_C (0x87c1c123c146e29f), U64_C (0xf153535153a202a6),
+ U64_C (0x72dcdc57dcae8ba5), U64_C (0x530b0b2c0b582716),
+ U64_C (0x019d9d4e9d9cd327), U64_C (0x2b6c6cad6c47c1d8),
+ U64_C (0xa43131c43195f562), U64_C (0xf37474cd7487b9e8),
+ U64_C (0x15f6f6fff6e309f1), U64_C (0x4c464605460a438c),
+ U64_C (0xa5acac8aac092645), U64_C (0xb589891e893c970f),
+ U64_C (0xb414145014a04428), U64_C (0xbae1e1a3e15b42df),
+ U64_C (0xa616165816b04e2c), U64_C (0xf73a3ae83acdd274),
+ U64_C (0x066969b9696fd0d2), U64_C (0x4109092409482d12),
+ U64_C (0xd77070dd70a7ade0), U64_C (0x6fb6b6e2b6d95471),
+ U64_C (0x1ed0d067d0ceb7bd), U64_C (0xd6eded93ed3b7ec7),
+ U64_C (0xe2cccc17cc2edb85), U64_C (0x68424215422a5784),
+ U64_C (0x2c98985a98b4c22d), U64_C (0xeda4a4aaa4490e55),
+ U64_C (0x752828a0285d8850), U64_C (0x865c5c6d5cda31b8),
+ U64_C (0x6bf8f8c7f8933fed), U64_C (0xc28686228644a411),
+ };
+
+static const u64 C2[256] =
+ {
+ U64_C (0x30d818186018c078), U64_C (0x462623238c2305af),
+ U64_C (0x91b8c6c63fc67ef9), U64_C (0xcdfbe8e887e8136f),
+ U64_C (0x13cb878726874ca1), U64_C (0x6d11b8b8dab8a962),
+ U64_C (0x0209010104010805), U64_C (0x9e0d4f4f214f426e),
+ U64_C (0x6c9b3636d836adee), U64_C (0x51ffa6a6a2a65904),
+ U64_C (0xb90cd2d26fd2debd), U64_C (0xf70ef5f5f3f5fb06),
+ U64_C (0xf2967979f979ef80), U64_C (0xde306f6fa16f5fce),
+ U64_C (0x3f6d91917e91fcef), U64_C (0xa4f852525552aa07),
+ U64_C (0xc04760609d6027fd), U64_C (0x6535bcbccabc8976),
+ U64_C (0x2b379b9b569baccd), U64_C (0x018a8e8e028e048c),
+ U64_C (0x5bd2a3a3b6a37115), U64_C (0x186c0c0c300c603c),
+ U64_C (0xf6847b7bf17bff8a), U64_C (0x6a803535d435b5e1),
+ U64_C (0x3af51d1d741de869), U64_C (0xddb3e0e0a7e05347),
+ U64_C (0xb321d7d77bd7f6ac), U64_C (0x999cc2c22fc25eed),
+ U64_C (0x5c432e2eb82e6d96), U64_C (0x96294b4b314b627a),
+ U64_C (0xe15dfefedffea321), U64_C (0xaed5575741578216),
+ U64_C (0x2abd15155415a841), U64_C (0xeee87777c1779fb6),
+ U64_C (0x6e923737dc37a5eb), U64_C (0xd79ee5e5b3e57b56),
+ U64_C (0x23139f9f469f8cd9), U64_C (0xfd23f0f0e7f0d317),
+ U64_C (0x94204a4a354a6a7f), U64_C (0xa944dada4fda9e95),
+ U64_C (0xb0a258587d58fa25), U64_C (0x8fcfc9c903c906ca),
+ U64_C (0x527c2929a429558d), U64_C (0x145a0a0a280a5022),
+ U64_C (0x7f50b1b1feb1e14f), U64_C (0x5dc9a0a0baa0691a),
+ U64_C (0xd6146b6bb16b7fda), U64_C (0x17d985852e855cab),
+ U64_C (0x673cbdbdcebd8173), U64_C (0xba8f5d5d695dd234),
+ U64_C (0x2090101040108050), U64_C (0xf507f4f4f7f4f303),
+ U64_C (0x8bddcbcb0bcb16c0), U64_C (0x7cd33e3ef83eedc6),
+ U64_C (0x0a2d050514052811), U64_C (0xce78676781671fe6),
+ U64_C (0xd597e4e4b7e47353), U64_C (0x4e0227279c2725bb),
+ U64_C (0x8273414119413258), U64_C (0x0ba78b8b168b2c9d),
+ U64_C (0x53f6a7a7a6a75101), U64_C (0xfab27d7de97dcf94),
+ U64_C (0x374995956e95dcfb), U64_C (0xad56d8d847d88e9f),
+ U64_C (0xeb70fbfbcbfb8b30), U64_C (0xc1cdeeee9fee2371),
+ U64_C (0xf8bb7c7ced7cc791), U64_C (0xcc716666856617e3),
+ U64_C (0xa77bdddd53dda68e), U64_C (0x2eaf17175c17b84b),
+ U64_C (0x8e45474701470246), U64_C (0x211a9e9e429e84dc),
+ U64_C (0x89d4caca0fca1ec5), U64_C (0x5a582d2db42d7599),
+ U64_C (0x632ebfbfc6bf9179), U64_C (0x0e3f07071c07381b),
+ U64_C (0x47acadad8ead0123), U64_C (0xb4b05a5a755aea2f),
+ U64_C (0x1bef838336836cb5), U64_C (0x66b63333cc3385ff),
+ U64_C (0xc65c636391633ff2), U64_C (0x041202020802100a),
+ U64_C (0x4993aaaa92aa3938), U64_C (0xe2de7171d971afa8),
+ U64_C (0x8dc6c8c807c80ecf), U64_C (0x32d119196419c87d),
+ U64_C (0x923b494939497270), U64_C (0xaf5fd9d943d9869a),
+ U64_C (0xf931f2f2eff2c31d), U64_C (0xdba8e3e3abe34b48),
+ U64_C (0xb6b95b5b715be22a), U64_C (0x0dbc88881a883492),
+ U64_C (0x293e9a9a529aa4c8), U64_C (0x4c0b262698262dbe),
+ U64_C (0x64bf3232c8328dfa), U64_C (0x7d59b0b0fab0e94a),
+ U64_C (0xcff2e9e983e91b6a), U64_C (0x1e770f0f3c0f7833),
+ U64_C (0xb733d5d573d5e6a6), U64_C (0x1df480803a8074ba),
+ U64_C (0x6127bebec2be997c), U64_C (0x87ebcdcd13cd26de),
+ U64_C (0x68893434d034bde4), U64_C (0x903248483d487a75),
+ U64_C (0xe354ffffdbffab24), U64_C (0xf48d7a7af57af78f),
+ U64_C (0x3d6490907a90f4ea), U64_C (0xbe9d5f5f615fc23e),
+ U64_C (0x403d202080201da0), U64_C (0xd00f6868bd6867d5),
+ U64_C (0x34ca1a1a681ad072), U64_C (0x41b7aeae82ae192c),
+ U64_C (0x757db4b4eab4c95e), U64_C (0xa8ce54544d549a19),
+ U64_C (0x3b7f93937693ece5), U64_C (0x442f222288220daa),
+ U64_C (0xc86364648d6407e9), U64_C (0xff2af1f1e3f1db12),
+ U64_C (0xe6cc7373d173bfa2), U64_C (0x248212124812905a),
+ U64_C (0x807a40401d403a5d), U64_C (0x1048080820084028),
+ U64_C (0x9b95c3c32bc356e8), U64_C (0xc5dfecec97ec337b),
+ U64_C (0xab4ddbdb4bdb9690), U64_C (0x5fc0a1a1bea1611f),
+ U64_C (0x07918d8d0e8d1c83), U64_C (0x7ac83d3df43df5c9),
+ U64_C (0x335b97976697ccf1), U64_C (0x0000000000000000),
+ U64_C (0x83f9cfcf1bcf36d4), U64_C (0x566e2b2bac2b4587),
+ U64_C (0xece17676c57697b3), U64_C (0x19e68282328264b0),
+ U64_C (0xb128d6d67fd6fea9), U64_C (0x36c31b1b6c1bd877),
+ U64_C (0x7774b5b5eeb5c15b), U64_C (0x43beafaf86af1129),
+ U64_C (0xd41d6a6ab56a77df), U64_C (0xa0ea50505d50ba0d),
+ U64_C (0x8a5745450945124c), U64_C (0xfb38f3f3ebf3cb18),
+ U64_C (0x60ad3030c0309df0), U64_C (0xc3c4efef9bef2b74),
+ U64_C (0x7eda3f3ffc3fe5c3), U64_C (0xaac755554955921c),
+ U64_C (0x59dba2a2b2a27910), U64_C (0xc9e9eaea8fea0365),
+ U64_C (0xca6a656589650fec), U64_C (0x6903babad2bab968),
+ U64_C (0x5e4a2f2fbc2f6593), U64_C (0x9d8ec0c027c04ee7),
+ U64_C (0xa160dede5fdebe81), U64_C (0x38fc1c1c701ce06c),
+ U64_C (0xe746fdfdd3fdbb2e), U64_C (0x9a1f4d4d294d5264),
+ U64_C (0x397692927292e4e0), U64_C (0xeafa7575c9758fbc),
+ U64_C (0x0c3606061806301e), U64_C (0x09ae8a8a128a2498),
+ U64_C (0x794bb2b2f2b2f940), U64_C (0xd185e6e6bfe66359),
+ U64_C (0x1c7e0e0e380e7036), U64_C (0x3ee71f1f7c1ff863),
+ U64_C (0xc4556262956237f7), U64_C (0xb53ad4d477d4eea3),
+ U64_C (0x4d81a8a89aa82932), U64_C (0x315296966296c4f4),
+ U64_C (0xef62f9f9c3f99b3a), U64_C (0x97a3c5c533c566f6),
+ U64_C (0x4a102525942535b1), U64_C (0xb2ab59597959f220),
+ U64_C (0x15d084842a8454ae), U64_C (0xe4c57272d572b7a7),
+ U64_C (0x72ec3939e439d5dd), U64_C (0x98164c4c2d4c5a61),
+ U64_C (0xbc945e5e655eca3b), U64_C (0xf09f7878fd78e785),
+ U64_C (0x70e53838e038ddd8), U64_C (0x05988c8c0a8c1486),
+ U64_C (0xbf17d1d163d1c6b2), U64_C (0x57e4a5a5aea5410b),
+ U64_C (0xd9a1e2e2afe2434d), U64_C (0xc24e616199612ff8),
+ U64_C (0x7b42b3b3f6b3f145), U64_C (0x42342121842115a5),
+ U64_C (0x25089c9c4a9c94d6), U64_C (0x3cee1e1e781ef066),
+ U64_C (0x8661434311432252), U64_C (0x93b1c7c73bc776fc),
+ U64_C (0xe54ffcfcd7fcb32b), U64_C (0x0824040410042014),
+ U64_C (0xa2e351515951b208), U64_C (0x2f2599995e99bcc7),
+ U64_C (0xda226d6da96d4fc4), U64_C (0x1a650d0d340d6839),
+ U64_C (0xe979fafacffa8335), U64_C (0xa369dfdf5bdfb684),
+ U64_C (0xfca97e7ee57ed79b), U64_C (0x4819242490243db4),
+ U64_C (0x76fe3b3bec3bc5d7), U64_C (0x4b9aabab96ab313d),
+ U64_C (0x81f0cece1fce3ed1), U64_C (0x2299111144118855),
+ U64_C (0x03838f8f068f0c89), U64_C (0x9c044e4e254e4a6b),
+ U64_C (0x7366b7b7e6b7d151), U64_C (0xcbe0ebeb8beb0b60),
+ U64_C (0x78c13c3cf03cfdcc), U64_C (0x1ffd81813e817cbf),
+ U64_C (0x354094946a94d4fe), U64_C (0xf31cf7f7fbf7eb0c),
+ U64_C (0x6f18b9b9deb9a167), U64_C (0x268b13134c13985f),
+ U64_C (0x58512c2cb02c7d9c), U64_C (0xbb05d3d36bd3d6b8),
+ U64_C (0xd38ce7e7bbe76b5c), U64_C (0xdc396e6ea56e57cb),
+ U64_C (0x95aac4c437c46ef3), U64_C (0x061b03030c03180f),
+ U64_C (0xacdc565645568a13), U64_C (0x885e44440d441a49),
+ U64_C (0xfea07f7fe17fdf9e), U64_C (0x4f88a9a99ea92137),
+ U64_C (0x54672a2aa82a4d82), U64_C (0x6b0abbbbd6bbb16d),
+ U64_C (0x9f87c1c123c146e2), U64_C (0xa6f153535153a202),
+ U64_C (0xa572dcdc57dcae8b), U64_C (0x16530b0b2c0b5827),
+ U64_C (0x27019d9d4e9d9cd3), U64_C (0xd82b6c6cad6c47c1),
+ U64_C (0x62a43131c43195f5), U64_C (0xe8f37474cd7487b9),
+ U64_C (0xf115f6f6fff6e309), U64_C (0x8c4c464605460a43),
+ U64_C (0x45a5acac8aac0926), U64_C (0x0fb589891e893c97),
+ U64_C (0x28b414145014a044), U64_C (0xdfbae1e1a3e15b42),
+ U64_C (0x2ca616165816b04e), U64_C (0x74f73a3ae83acdd2),
+ U64_C (0xd2066969b9696fd0), U64_C (0x124109092409482d),
+ U64_C (0xe0d77070dd70a7ad), U64_C (0x716fb6b6e2b6d954),
+ U64_C (0xbd1ed0d067d0ceb7), U64_C (0xc7d6eded93ed3b7e),
+ U64_C (0x85e2cccc17cc2edb), U64_C (0x8468424215422a57),
+ U64_C (0x2d2c98985a98b4c2), U64_C (0x55eda4a4aaa4490e),
+ U64_C (0x50752828a0285d88), U64_C (0xb8865c5c6d5cda31),
+ U64_C (0xed6bf8f8c7f8933f), U64_C (0x11c28686228644a4),
+ };
+
+static const u64 C3[256] =
+ {
+ U64_C (0x7830d818186018c0), U64_C (0xaf462623238c2305),
+ U64_C (0xf991b8c6c63fc67e), U64_C (0x6fcdfbe8e887e813),
+ U64_C (0xa113cb878726874c), U64_C (0x626d11b8b8dab8a9),
+ U64_C (0x0502090101040108), U64_C (0x6e9e0d4f4f214f42),
+ U64_C (0xee6c9b3636d836ad), U64_C (0x0451ffa6a6a2a659),
+ U64_C (0xbdb90cd2d26fd2de), U64_C (0x06f70ef5f5f3f5fb),
+ U64_C (0x80f2967979f979ef), U64_C (0xcede306f6fa16f5f),
+ U64_C (0xef3f6d91917e91fc), U64_C (0x07a4f852525552aa),
+ U64_C (0xfdc04760609d6027), U64_C (0x766535bcbccabc89),
+ U64_C (0xcd2b379b9b569bac), U64_C (0x8c018a8e8e028e04),
+ U64_C (0x155bd2a3a3b6a371), U64_C (0x3c186c0c0c300c60),
+ U64_C (0x8af6847b7bf17bff), U64_C (0xe16a803535d435b5),
+ U64_C (0x693af51d1d741de8), U64_C (0x47ddb3e0e0a7e053),
+ U64_C (0xacb321d7d77bd7f6), U64_C (0xed999cc2c22fc25e),
+ U64_C (0x965c432e2eb82e6d), U64_C (0x7a96294b4b314b62),
+ U64_C (0x21e15dfefedffea3), U64_C (0x16aed55757415782),
+ U64_C (0x412abd15155415a8), U64_C (0xb6eee87777c1779f),
+ U64_C (0xeb6e923737dc37a5), U64_C (0x56d79ee5e5b3e57b),
+ U64_C (0xd923139f9f469f8c), U64_C (0x17fd23f0f0e7f0d3),
+ U64_C (0x7f94204a4a354a6a), U64_C (0x95a944dada4fda9e),
+ U64_C (0x25b0a258587d58fa), U64_C (0xca8fcfc9c903c906),
+ U64_C (0x8d527c2929a42955), U64_C (0x22145a0a0a280a50),
+ U64_C (0x4f7f50b1b1feb1e1), U64_C (0x1a5dc9a0a0baa069),
+ U64_C (0xdad6146b6bb16b7f), U64_C (0xab17d985852e855c),
+ U64_C (0x73673cbdbdcebd81), U64_C (0x34ba8f5d5d695dd2),
+ U64_C (0x5020901010401080), U64_C (0x03f507f4f4f7f4f3),
+ U64_C (0xc08bddcbcb0bcb16), U64_C (0xc67cd33e3ef83eed),
+ U64_C (0x110a2d0505140528), U64_C (0xe6ce78676781671f),
+ U64_C (0x53d597e4e4b7e473), U64_C (0xbb4e0227279c2725),
+ U64_C (0x5882734141194132), U64_C (0x9d0ba78b8b168b2c),
+ U64_C (0x0153f6a7a7a6a751), U64_C (0x94fab27d7de97dcf),
+ U64_C (0xfb374995956e95dc), U64_C (0x9fad56d8d847d88e),
+ U64_C (0x30eb70fbfbcbfb8b), U64_C (0x71c1cdeeee9fee23),
+ U64_C (0x91f8bb7c7ced7cc7), U64_C (0xe3cc716666856617),
+ U64_C (0x8ea77bdddd53dda6), U64_C (0x4b2eaf17175c17b8),
+ U64_C (0x468e454747014702), U64_C (0xdc211a9e9e429e84),
+ U64_C (0xc589d4caca0fca1e), U64_C (0x995a582d2db42d75),
+ U64_C (0x79632ebfbfc6bf91), U64_C (0x1b0e3f07071c0738),
+ U64_C (0x2347acadad8ead01), U64_C (0x2fb4b05a5a755aea),
+ U64_C (0xb51bef838336836c), U64_C (0xff66b63333cc3385),
+ U64_C (0xf2c65c636391633f), U64_C (0x0a04120202080210),
+ U64_C (0x384993aaaa92aa39), U64_C (0xa8e2de7171d971af),
+ U64_C (0xcf8dc6c8c807c80e), U64_C (0x7d32d119196419c8),
+ U64_C (0x70923b4949394972), U64_C (0x9aaf5fd9d943d986),
+ U64_C (0x1df931f2f2eff2c3), U64_C (0x48dba8e3e3abe34b),
+ U64_C (0x2ab6b95b5b715be2), U64_C (0x920dbc88881a8834),
+ U64_C (0xc8293e9a9a529aa4), U64_C (0xbe4c0b262698262d),
+ U64_C (0xfa64bf3232c8328d), U64_C (0x4a7d59b0b0fab0e9),
+ U64_C (0x6acff2e9e983e91b), U64_C (0x331e770f0f3c0f78),
+ U64_C (0xa6b733d5d573d5e6), U64_C (0xba1df480803a8074),
+ U64_C (0x7c6127bebec2be99), U64_C (0xde87ebcdcd13cd26),
+ U64_C (0xe468893434d034bd), U64_C (0x75903248483d487a),
+ U64_C (0x24e354ffffdbffab), U64_C (0x8ff48d7a7af57af7),
+ U64_C (0xea3d6490907a90f4), U64_C (0x3ebe9d5f5f615fc2),
+ U64_C (0xa0403d202080201d), U64_C (0xd5d00f6868bd6867),
+ U64_C (0x7234ca1a1a681ad0), U64_C (0x2c41b7aeae82ae19),
+ U64_C (0x5e757db4b4eab4c9), U64_C (0x19a8ce54544d549a),
+ U64_C (0xe53b7f93937693ec), U64_C (0xaa442f222288220d),
+ U64_C (0xe9c86364648d6407), U64_C (0x12ff2af1f1e3f1db),
+ U64_C (0xa2e6cc7373d173bf), U64_C (0x5a24821212481290),
+ U64_C (0x5d807a40401d403a), U64_C (0x2810480808200840),
+ U64_C (0xe89b95c3c32bc356), U64_C (0x7bc5dfecec97ec33),
+ U64_C (0x90ab4ddbdb4bdb96), U64_C (0x1f5fc0a1a1bea161),
+ U64_C (0x8307918d8d0e8d1c), U64_C (0xc97ac83d3df43df5),
+ U64_C (0xf1335b97976697cc), U64_C (0x0000000000000000),
+ U64_C (0xd483f9cfcf1bcf36), U64_C (0x87566e2b2bac2b45),
+ U64_C (0xb3ece17676c57697), U64_C (0xb019e68282328264),
+ U64_C (0xa9b128d6d67fd6fe), U64_C (0x7736c31b1b6c1bd8),
+ U64_C (0x5b7774b5b5eeb5c1), U64_C (0x2943beafaf86af11),
+ U64_C (0xdfd41d6a6ab56a77), U64_C (0x0da0ea50505d50ba),
+ U64_C (0x4c8a574545094512), U64_C (0x18fb38f3f3ebf3cb),
+ U64_C (0xf060ad3030c0309d), U64_C (0x74c3c4efef9bef2b),
+ U64_C (0xc37eda3f3ffc3fe5), U64_C (0x1caac75555495592),
+ U64_C (0x1059dba2a2b2a279), U64_C (0x65c9e9eaea8fea03),
+ U64_C (0xecca6a656589650f), U64_C (0x686903babad2bab9),
+ U64_C (0x935e4a2f2fbc2f65), U64_C (0xe79d8ec0c027c04e),
+ U64_C (0x81a160dede5fdebe), U64_C (0x6c38fc1c1c701ce0),
+ U64_C (0x2ee746fdfdd3fdbb), U64_C (0x649a1f4d4d294d52),
+ U64_C (0xe0397692927292e4), U64_C (0xbceafa7575c9758f),
+ U64_C (0x1e0c360606180630), U64_C (0x9809ae8a8a128a24),
+ U64_C (0x40794bb2b2f2b2f9), U64_C (0x59d185e6e6bfe663),
+ U64_C (0x361c7e0e0e380e70), U64_C (0x633ee71f1f7c1ff8),
+ U64_C (0xf7c4556262956237), U64_C (0xa3b53ad4d477d4ee),
+ U64_C (0x324d81a8a89aa829), U64_C (0xf4315296966296c4),
+ U64_C (0x3aef62f9f9c3f99b), U64_C (0xf697a3c5c533c566),
+ U64_C (0xb14a102525942535), U64_C (0x20b2ab59597959f2),
+ U64_C (0xae15d084842a8454), U64_C (0xa7e4c57272d572b7),
+ U64_C (0xdd72ec3939e439d5), U64_C (0x6198164c4c2d4c5a),
+ U64_C (0x3bbc945e5e655eca), U64_C (0x85f09f7878fd78e7),
+ U64_C (0xd870e53838e038dd), U64_C (0x8605988c8c0a8c14),
+ U64_C (0xb2bf17d1d163d1c6), U64_C (0x0b57e4a5a5aea541),
+ U64_C (0x4dd9a1e2e2afe243), U64_C (0xf8c24e616199612f),
+ U64_C (0x457b42b3b3f6b3f1), U64_C (0xa542342121842115),
+ U64_C (0xd625089c9c4a9c94), U64_C (0x663cee1e1e781ef0),
+ U64_C (0x5286614343114322), U64_C (0xfc93b1c7c73bc776),
+ U64_C (0x2be54ffcfcd7fcb3), U64_C (0x1408240404100420),
+ U64_C (0x08a2e351515951b2), U64_C (0xc72f2599995e99bc),
+ U64_C (0xc4da226d6da96d4f), U64_C (0x391a650d0d340d68),
+ U64_C (0x35e979fafacffa83), U64_C (0x84a369dfdf5bdfb6),
+ U64_C (0x9bfca97e7ee57ed7), U64_C (0xb44819242490243d),
+ U64_C (0xd776fe3b3bec3bc5), U64_C (0x3d4b9aabab96ab31),
+ U64_C (0xd181f0cece1fce3e), U64_C (0x5522991111441188),
+ U64_C (0x8903838f8f068f0c), U64_C (0x6b9c044e4e254e4a),
+ U64_C (0x517366b7b7e6b7d1), U64_C (0x60cbe0ebeb8beb0b),
+ U64_C (0xcc78c13c3cf03cfd), U64_C (0xbf1ffd81813e817c),
+ U64_C (0xfe354094946a94d4), U64_C (0x0cf31cf7f7fbf7eb),
+ U64_C (0x676f18b9b9deb9a1), U64_C (0x5f268b13134c1398),
+ U64_C (0x9c58512c2cb02c7d), U64_C (0xb8bb05d3d36bd3d6),
+ U64_C (0x5cd38ce7e7bbe76b), U64_C (0xcbdc396e6ea56e57),
+ U64_C (0xf395aac4c437c46e), U64_C (0x0f061b03030c0318),
+ U64_C (0x13acdc565645568a), U64_C (0x49885e44440d441a),
+ U64_C (0x9efea07f7fe17fdf), U64_C (0x374f88a9a99ea921),
+ U64_C (0x8254672a2aa82a4d), U64_C (0x6d6b0abbbbd6bbb1),
+ U64_C (0xe29f87c1c123c146), U64_C (0x02a6f153535153a2),
+ U64_C (0x8ba572dcdc57dcae), U64_C (0x2716530b0b2c0b58),
+ U64_C (0xd327019d9d4e9d9c), U64_C (0xc1d82b6c6cad6c47),
+ U64_C (0xf562a43131c43195), U64_C (0xb9e8f37474cd7487),
+ U64_C (0x09f115f6f6fff6e3), U64_C (0x438c4c464605460a),
+ U64_C (0x2645a5acac8aac09), U64_C (0x970fb589891e893c),
+ U64_C (0x4428b414145014a0), U64_C (0x42dfbae1e1a3e15b),
+ U64_C (0x4e2ca616165816b0), U64_C (0xd274f73a3ae83acd),
+ U64_C (0xd0d2066969b9696f), U64_C (0x2d12410909240948),
+ U64_C (0xade0d77070dd70a7), U64_C (0x54716fb6b6e2b6d9),
+ U64_C (0xb7bd1ed0d067d0ce), U64_C (0x7ec7d6eded93ed3b),
+ U64_C (0xdb85e2cccc17cc2e), U64_C (0x578468424215422a),
+ U64_C (0xc22d2c98985a98b4), U64_C (0x0e55eda4a4aaa449),
+ U64_C (0x8850752828a0285d), U64_C (0x31b8865c5c6d5cda),
+ U64_C (0x3fed6bf8f8c7f893), U64_C (0xa411c28686228644),
+ };
+
+static const u64 C4[256] =
+ {
+ U64_C (0xc07830d818186018), U64_C (0x05af462623238c23),
+ U64_C (0x7ef991b8c6c63fc6), U64_C (0x136fcdfbe8e887e8),
+ U64_C (0x4ca113cb87872687), U64_C (0xa9626d11b8b8dab8),
+ U64_C (0x0805020901010401), U64_C (0x426e9e0d4f4f214f),
+ U64_C (0xadee6c9b3636d836), U64_C (0x590451ffa6a6a2a6),
+ U64_C (0xdebdb90cd2d26fd2), U64_C (0xfb06f70ef5f5f3f5),
+ U64_C (0xef80f2967979f979), U64_C (0x5fcede306f6fa16f),
+ U64_C (0xfcef3f6d91917e91), U64_C (0xaa07a4f852525552),
+ U64_C (0x27fdc04760609d60), U64_C (0x89766535bcbccabc),
+ U64_C (0xaccd2b379b9b569b), U64_C (0x048c018a8e8e028e),
+ U64_C (0x71155bd2a3a3b6a3), U64_C (0x603c186c0c0c300c),
+ U64_C (0xff8af6847b7bf17b), U64_C (0xb5e16a803535d435),
+ U64_C (0xe8693af51d1d741d), U64_C (0x5347ddb3e0e0a7e0),
+ U64_C (0xf6acb321d7d77bd7), U64_C (0x5eed999cc2c22fc2),
+ U64_C (0x6d965c432e2eb82e), U64_C (0x627a96294b4b314b),
+ U64_C (0xa321e15dfefedffe), U64_C (0x8216aed557574157),
+ U64_C (0xa8412abd15155415), U64_C (0x9fb6eee87777c177),
+ U64_C (0xa5eb6e923737dc37), U64_C (0x7b56d79ee5e5b3e5),
+ U64_C (0x8cd923139f9f469f), U64_C (0xd317fd23f0f0e7f0),
+ U64_C (0x6a7f94204a4a354a), U64_C (0x9e95a944dada4fda),
+ U64_C (0xfa25b0a258587d58), U64_C (0x06ca8fcfc9c903c9),
+ U64_C (0x558d527c2929a429), U64_C (0x5022145a0a0a280a),
+ U64_C (0xe14f7f50b1b1feb1), U64_C (0x691a5dc9a0a0baa0),
+ U64_C (0x7fdad6146b6bb16b), U64_C (0x5cab17d985852e85),
+ U64_C (0x8173673cbdbdcebd), U64_C (0xd234ba8f5d5d695d),
+ U64_C (0x8050209010104010), U64_C (0xf303f507f4f4f7f4),
+ U64_C (0x16c08bddcbcb0bcb), U64_C (0xedc67cd33e3ef83e),
+ U64_C (0x28110a2d05051405), U64_C (0x1fe6ce7867678167),
+ U64_C (0x7353d597e4e4b7e4), U64_C (0x25bb4e0227279c27),
+ U64_C (0x3258827341411941), U64_C (0x2c9d0ba78b8b168b),
+ U64_C (0x510153f6a7a7a6a7), U64_C (0xcf94fab27d7de97d),
+ U64_C (0xdcfb374995956e95), U64_C (0x8e9fad56d8d847d8),
+ U64_C (0x8b30eb70fbfbcbfb), U64_C (0x2371c1cdeeee9fee),
+ U64_C (0xc791f8bb7c7ced7c), U64_C (0x17e3cc7166668566),
+ U64_C (0xa68ea77bdddd53dd), U64_C (0xb84b2eaf17175c17),
+ U64_C (0x02468e4547470147), U64_C (0x84dc211a9e9e429e),
+ U64_C (0x1ec589d4caca0fca), U64_C (0x75995a582d2db42d),
+ U64_C (0x9179632ebfbfc6bf), U64_C (0x381b0e3f07071c07),
+ U64_C (0x012347acadad8ead), U64_C (0xea2fb4b05a5a755a),
+ U64_C (0x6cb51bef83833683), U64_C (0x85ff66b63333cc33),
+ U64_C (0x3ff2c65c63639163), U64_C (0x100a041202020802),
+ U64_C (0x39384993aaaa92aa), U64_C (0xafa8e2de7171d971),
+ U64_C (0x0ecf8dc6c8c807c8), U64_C (0xc87d32d119196419),
+ U64_C (0x7270923b49493949), U64_C (0x869aaf5fd9d943d9),
+ U64_C (0xc31df931f2f2eff2), U64_C (0x4b48dba8e3e3abe3),
+ U64_C (0xe22ab6b95b5b715b), U64_C (0x34920dbc88881a88),
+ U64_C (0xa4c8293e9a9a529a), U64_C (0x2dbe4c0b26269826),
+ U64_C (0x8dfa64bf3232c832), U64_C (0xe94a7d59b0b0fab0),
+ U64_C (0x1b6acff2e9e983e9), U64_C (0x78331e770f0f3c0f),
+ U64_C (0xe6a6b733d5d573d5), U64_C (0x74ba1df480803a80),
+ U64_C (0x997c6127bebec2be), U64_C (0x26de87ebcdcd13cd),
+ U64_C (0xbde468893434d034), U64_C (0x7a75903248483d48),
+ U64_C (0xab24e354ffffdbff), U64_C (0xf78ff48d7a7af57a),
+ U64_C (0xf4ea3d6490907a90), U64_C (0xc23ebe9d5f5f615f),
+ U64_C (0x1da0403d20208020), U64_C (0x67d5d00f6868bd68),
+ U64_C (0xd07234ca1a1a681a), U64_C (0x192c41b7aeae82ae),
+ U64_C (0xc95e757db4b4eab4), U64_C (0x9a19a8ce54544d54),
+ U64_C (0xece53b7f93937693), U64_C (0x0daa442f22228822),
+ U64_C (0x07e9c86364648d64), U64_C (0xdb12ff2af1f1e3f1),
+ U64_C (0xbfa2e6cc7373d173), U64_C (0x905a248212124812),
+ U64_C (0x3a5d807a40401d40), U64_C (0x4028104808082008),
+ U64_C (0x56e89b95c3c32bc3), U64_C (0x337bc5dfecec97ec),
+ U64_C (0x9690ab4ddbdb4bdb), U64_C (0x611f5fc0a1a1bea1),
+ U64_C (0x1c8307918d8d0e8d), U64_C (0xf5c97ac83d3df43d),
+ U64_C (0xccf1335b97976697), U64_C (0x0000000000000000),
+ U64_C (0x36d483f9cfcf1bcf), U64_C (0x4587566e2b2bac2b),
+ U64_C (0x97b3ece17676c576), U64_C (0x64b019e682823282),
+ U64_C (0xfea9b128d6d67fd6), U64_C (0xd87736c31b1b6c1b),
+ U64_C (0xc15b7774b5b5eeb5), U64_C (0x112943beafaf86af),
+ U64_C (0x77dfd41d6a6ab56a), U64_C (0xba0da0ea50505d50),
+ U64_C (0x124c8a5745450945), U64_C (0xcb18fb38f3f3ebf3),
+ U64_C (0x9df060ad3030c030), U64_C (0x2b74c3c4efef9bef),
+ U64_C (0xe5c37eda3f3ffc3f), U64_C (0x921caac755554955),
+ U64_C (0x791059dba2a2b2a2), U64_C (0x0365c9e9eaea8fea),
+ U64_C (0x0fecca6a65658965), U64_C (0xb9686903babad2ba),
+ U64_C (0x65935e4a2f2fbc2f), U64_C (0x4ee79d8ec0c027c0),
+ U64_C (0xbe81a160dede5fde), U64_C (0xe06c38fc1c1c701c),
+ U64_C (0xbb2ee746fdfdd3fd), U64_C (0x52649a1f4d4d294d),
+ U64_C (0xe4e0397692927292), U64_C (0x8fbceafa7575c975),
+ U64_C (0x301e0c3606061806), U64_C (0x249809ae8a8a128a),
+ U64_C (0xf940794bb2b2f2b2), U64_C (0x6359d185e6e6bfe6),
+ U64_C (0x70361c7e0e0e380e), U64_C (0xf8633ee71f1f7c1f),
+ U64_C (0x37f7c45562629562), U64_C (0xeea3b53ad4d477d4),
+ U64_C (0x29324d81a8a89aa8), U64_C (0xc4f4315296966296),
+ U64_C (0x9b3aef62f9f9c3f9), U64_C (0x66f697a3c5c533c5),
+ U64_C (0x35b14a1025259425), U64_C (0xf220b2ab59597959),
+ U64_C (0x54ae15d084842a84), U64_C (0xb7a7e4c57272d572),
+ U64_C (0xd5dd72ec3939e439), U64_C (0x5a6198164c4c2d4c),
+ U64_C (0xca3bbc945e5e655e), U64_C (0xe785f09f7878fd78),
+ U64_C (0xddd870e53838e038), U64_C (0x148605988c8c0a8c),
+ U64_C (0xc6b2bf17d1d163d1), U64_C (0x410b57e4a5a5aea5),
+ U64_C (0x434dd9a1e2e2afe2), U64_C (0x2ff8c24e61619961),
+ U64_C (0xf1457b42b3b3f6b3), U64_C (0x15a5423421218421),
+ U64_C (0x94d625089c9c4a9c), U64_C (0xf0663cee1e1e781e),
+ U64_C (0x2252866143431143), U64_C (0x76fc93b1c7c73bc7),
+ U64_C (0xb32be54ffcfcd7fc), U64_C (0x2014082404041004),
+ U64_C (0xb208a2e351515951), U64_C (0xbcc72f2599995e99),
+ U64_C (0x4fc4da226d6da96d), U64_C (0x68391a650d0d340d),
+ U64_C (0x8335e979fafacffa), U64_C (0xb684a369dfdf5bdf),
+ U64_C (0xd79bfca97e7ee57e), U64_C (0x3db4481924249024),
+ U64_C (0xc5d776fe3b3bec3b), U64_C (0x313d4b9aabab96ab),
+ U64_C (0x3ed181f0cece1fce), U64_C (0x8855229911114411),
+ U64_C (0x0c8903838f8f068f), U64_C (0x4a6b9c044e4e254e),
+ U64_C (0xd1517366b7b7e6b7), U64_C (0x0b60cbe0ebeb8beb),
+ U64_C (0xfdcc78c13c3cf03c), U64_C (0x7cbf1ffd81813e81),
+ U64_C (0xd4fe354094946a94), U64_C (0xeb0cf31cf7f7fbf7),
+ U64_C (0xa1676f18b9b9deb9), U64_C (0x985f268b13134c13),
+ U64_C (0x7d9c58512c2cb02c), U64_C (0xd6b8bb05d3d36bd3),
+ U64_C (0x6b5cd38ce7e7bbe7), U64_C (0x57cbdc396e6ea56e),
+ U64_C (0x6ef395aac4c437c4), U64_C (0x180f061b03030c03),
+ U64_C (0x8a13acdc56564556), U64_C (0x1a49885e44440d44),
+ U64_C (0xdf9efea07f7fe17f), U64_C (0x21374f88a9a99ea9),
+ U64_C (0x4d8254672a2aa82a), U64_C (0xb16d6b0abbbbd6bb),
+ U64_C (0x46e29f87c1c123c1), U64_C (0xa202a6f153535153),
+ U64_C (0xae8ba572dcdc57dc), U64_C (0x582716530b0b2c0b),
+ U64_C (0x9cd327019d9d4e9d), U64_C (0x47c1d82b6c6cad6c),
+ U64_C (0x95f562a43131c431), U64_C (0x87b9e8f37474cd74),
+ U64_C (0xe309f115f6f6fff6), U64_C (0x0a438c4c46460546),
+ U64_C (0x092645a5acac8aac), U64_C (0x3c970fb589891e89),
+ U64_C (0xa04428b414145014), U64_C (0x5b42dfbae1e1a3e1),
+ U64_C (0xb04e2ca616165816), U64_C (0xcdd274f73a3ae83a),
+ U64_C (0x6fd0d2066969b969), U64_C (0x482d124109092409),
+ U64_C (0xa7ade0d77070dd70), U64_C (0xd954716fb6b6e2b6),
+ U64_C (0xceb7bd1ed0d067d0), U64_C (0x3b7ec7d6eded93ed),
+ U64_C (0x2edb85e2cccc17cc), U64_C (0x2a57846842421542),
+ U64_C (0xb4c22d2c98985a98), U64_C (0x490e55eda4a4aaa4),
+ U64_C (0x5d8850752828a028), U64_C (0xda31b8865c5c6d5c),
+ U64_C (0x933fed6bf8f8c7f8), U64_C (0x44a411c286862286),
+ };
+
+static const u64 C5[256] =
+ {
+ U64_C (0x18c07830d8181860), U64_C (0x2305af462623238c),
+ U64_C (0xc67ef991b8c6c63f), U64_C (0xe8136fcdfbe8e887),
+ U64_C (0x874ca113cb878726), U64_C (0xb8a9626d11b8b8da),
+ U64_C (0x0108050209010104), U64_C (0x4f426e9e0d4f4f21),
+ U64_C (0x36adee6c9b3636d8), U64_C (0xa6590451ffa6a6a2),
+ U64_C (0xd2debdb90cd2d26f), U64_C (0xf5fb06f70ef5f5f3),
+ U64_C (0x79ef80f2967979f9), U64_C (0x6f5fcede306f6fa1),
+ U64_C (0x91fcef3f6d91917e), U64_C (0x52aa07a4f8525255),
+ U64_C (0x6027fdc04760609d), U64_C (0xbc89766535bcbcca),
+ U64_C (0x9baccd2b379b9b56), U64_C (0x8e048c018a8e8e02),
+ U64_C (0xa371155bd2a3a3b6), U64_C (0x0c603c186c0c0c30),
+ U64_C (0x7bff8af6847b7bf1), U64_C (0x35b5e16a803535d4),
+ U64_C (0x1de8693af51d1d74), U64_C (0xe05347ddb3e0e0a7),
+ U64_C (0xd7f6acb321d7d77b), U64_C (0xc25eed999cc2c22f),
+ U64_C (0x2e6d965c432e2eb8), U64_C (0x4b627a96294b4b31),
+ U64_C (0xfea321e15dfefedf), U64_C (0x578216aed5575741),
+ U64_C (0x15a8412abd151554), U64_C (0x779fb6eee87777c1),
+ U64_C (0x37a5eb6e923737dc), U64_C (0xe57b56d79ee5e5b3),
+ U64_C (0x9f8cd923139f9f46), U64_C (0xf0d317fd23f0f0e7),
+ U64_C (0x4a6a7f94204a4a35), U64_C (0xda9e95a944dada4f),
+ U64_C (0x58fa25b0a258587d), U64_C (0xc906ca8fcfc9c903),
+ U64_C (0x29558d527c2929a4), U64_C (0x0a5022145a0a0a28),
+ U64_C (0xb1e14f7f50b1b1fe), U64_C (0xa0691a5dc9a0a0ba),
+ U64_C (0x6b7fdad6146b6bb1), U64_C (0x855cab17d985852e),
+ U64_C (0xbd8173673cbdbdce), U64_C (0x5dd234ba8f5d5d69),
+ U64_C (0x1080502090101040), U64_C (0xf4f303f507f4f4f7),
+ U64_C (0xcb16c08bddcbcb0b), U64_C (0x3eedc67cd33e3ef8),
+ U64_C (0x0528110a2d050514), U64_C (0x671fe6ce78676781),
+ U64_C (0xe47353d597e4e4b7), U64_C (0x2725bb4e0227279c),
+ U64_C (0x4132588273414119), U64_C (0x8b2c9d0ba78b8b16),
+ U64_C (0xa7510153f6a7a7a6), U64_C (0x7dcf94fab27d7de9),
+ U64_C (0x95dcfb374995956e), U64_C (0xd88e9fad56d8d847),
+ U64_C (0xfb8b30eb70fbfbcb), U64_C (0xee2371c1cdeeee9f),
+ U64_C (0x7cc791f8bb7c7ced), U64_C (0x6617e3cc71666685),
+ U64_C (0xdda68ea77bdddd53), U64_C (0x17b84b2eaf17175c),
+ U64_C (0x4702468e45474701), U64_C (0x9e84dc211a9e9e42),
+ U64_C (0xca1ec589d4caca0f), U64_C (0x2d75995a582d2db4),
+ U64_C (0xbf9179632ebfbfc6), U64_C (0x07381b0e3f07071c),
+ U64_C (0xad012347acadad8e), U64_C (0x5aea2fb4b05a5a75),
+ U64_C (0x836cb51bef838336), U64_C (0x3385ff66b63333cc),
+ U64_C (0x633ff2c65c636391), U64_C (0x02100a0412020208),
+ U64_C (0xaa39384993aaaa92), U64_C (0x71afa8e2de7171d9),
+ U64_C (0xc80ecf8dc6c8c807), U64_C (0x19c87d32d1191964),
+ U64_C (0x497270923b494939), U64_C (0xd9869aaf5fd9d943),
+ U64_C (0xf2c31df931f2f2ef), U64_C (0xe34b48dba8e3e3ab),
+ U64_C (0x5be22ab6b95b5b71), U64_C (0x8834920dbc88881a),
+ U64_C (0x9aa4c8293e9a9a52), U64_C (0x262dbe4c0b262698),
+ U64_C (0x328dfa64bf3232c8), U64_C (0xb0e94a7d59b0b0fa),
+ U64_C (0xe91b6acff2e9e983), U64_C (0x0f78331e770f0f3c),
+ U64_C (0xd5e6a6b733d5d573), U64_C (0x8074ba1df480803a),
+ U64_C (0xbe997c6127bebec2), U64_C (0xcd26de87ebcdcd13),
+ U64_C (0x34bde468893434d0), U64_C (0x487a75903248483d),
+ U64_C (0xffab24e354ffffdb), U64_C (0x7af78ff48d7a7af5),
+ U64_C (0x90f4ea3d6490907a), U64_C (0x5fc23ebe9d5f5f61),
+ U64_C (0x201da0403d202080), U64_C (0x6867d5d00f6868bd),
+ U64_C (0x1ad07234ca1a1a68), U64_C (0xae192c41b7aeae82),
+ U64_C (0xb4c95e757db4b4ea), U64_C (0x549a19a8ce54544d),
+ U64_C (0x93ece53b7f939376), U64_C (0x220daa442f222288),
+ U64_C (0x6407e9c86364648d), U64_C (0xf1db12ff2af1f1e3),
+ U64_C (0x73bfa2e6cc7373d1), U64_C (0x12905a2482121248),
+ U64_C (0x403a5d807a40401d), U64_C (0x0840281048080820),
+ U64_C (0xc356e89b95c3c32b), U64_C (0xec337bc5dfecec97),
+ U64_C (0xdb9690ab4ddbdb4b), U64_C (0xa1611f5fc0a1a1be),
+ U64_C (0x8d1c8307918d8d0e), U64_C (0x3df5c97ac83d3df4),
+ U64_C (0x97ccf1335b979766), U64_C (0x0000000000000000),
+ U64_C (0xcf36d483f9cfcf1b), U64_C (0x2b4587566e2b2bac),
+ U64_C (0x7697b3ece17676c5), U64_C (0x8264b019e6828232),
+ U64_C (0xd6fea9b128d6d67f), U64_C (0x1bd87736c31b1b6c),
+ U64_C (0xb5c15b7774b5b5ee), U64_C (0xaf112943beafaf86),
+ U64_C (0x6a77dfd41d6a6ab5), U64_C (0x50ba0da0ea50505d),
+ U64_C (0x45124c8a57454509), U64_C (0xf3cb18fb38f3f3eb),
+ U64_C (0x309df060ad3030c0), U64_C (0xef2b74c3c4efef9b),
+ U64_C (0x3fe5c37eda3f3ffc), U64_C (0x55921caac7555549),
+ U64_C (0xa2791059dba2a2b2), U64_C (0xea0365c9e9eaea8f),
+ U64_C (0x650fecca6a656589), U64_C (0xbab9686903babad2),
+ U64_C (0x2f65935e4a2f2fbc), U64_C (0xc04ee79d8ec0c027),
+ U64_C (0xdebe81a160dede5f), U64_C (0x1ce06c38fc1c1c70),
+ U64_C (0xfdbb2ee746fdfdd3), U64_C (0x4d52649a1f4d4d29),
+ U64_C (0x92e4e03976929272), U64_C (0x758fbceafa7575c9),
+ U64_C (0x06301e0c36060618), U64_C (0x8a249809ae8a8a12),
+ U64_C (0xb2f940794bb2b2f2), U64_C (0xe66359d185e6e6bf),
+ U64_C (0x0e70361c7e0e0e38), U64_C (0x1ff8633ee71f1f7c),
+ U64_C (0x6237f7c455626295), U64_C (0xd4eea3b53ad4d477),
+ U64_C (0xa829324d81a8a89a), U64_C (0x96c4f43152969662),
+ U64_C (0xf99b3aef62f9f9c3), U64_C (0xc566f697a3c5c533),
+ U64_C (0x2535b14a10252594), U64_C (0x59f220b2ab595979),
+ U64_C (0x8454ae15d084842a), U64_C (0x72b7a7e4c57272d5),
+ U64_C (0x39d5dd72ec3939e4), U64_C (0x4c5a6198164c4c2d),
+ U64_C (0x5eca3bbc945e5e65), U64_C (0x78e785f09f7878fd),
+ U64_C (0x38ddd870e53838e0), U64_C (0x8c148605988c8c0a),
+ U64_C (0xd1c6b2bf17d1d163), U64_C (0xa5410b57e4a5a5ae),
+ U64_C (0xe2434dd9a1e2e2af), U64_C (0x612ff8c24e616199),
+ U64_C (0xb3f1457b42b3b3f6), U64_C (0x2115a54234212184),
+ U64_C (0x9c94d625089c9c4a), U64_C (0x1ef0663cee1e1e78),
+ U64_C (0x4322528661434311), U64_C (0xc776fc93b1c7c73b),
+ U64_C (0xfcb32be54ffcfcd7), U64_C (0x0420140824040410),
+ U64_C (0x51b208a2e3515159), U64_C (0x99bcc72f2599995e),
+ U64_C (0x6d4fc4da226d6da9), U64_C (0x0d68391a650d0d34),
+ U64_C (0xfa8335e979fafacf), U64_C (0xdfb684a369dfdf5b),
+ U64_C (0x7ed79bfca97e7ee5), U64_C (0x243db44819242490),
+ U64_C (0x3bc5d776fe3b3bec), U64_C (0xab313d4b9aabab96),
+ U64_C (0xce3ed181f0cece1f), U64_C (0x1188552299111144),
+ U64_C (0x8f0c8903838f8f06), U64_C (0x4e4a6b9c044e4e25),
+ U64_C (0xb7d1517366b7b7e6), U64_C (0xeb0b60cbe0ebeb8b),
+ U64_C (0x3cfdcc78c13c3cf0), U64_C (0x817cbf1ffd81813e),
+ U64_C (0x94d4fe354094946a), U64_C (0xf7eb0cf31cf7f7fb),
+ U64_C (0xb9a1676f18b9b9de), U64_C (0x13985f268b13134c),
+ U64_C (0x2c7d9c58512c2cb0), U64_C (0xd3d6b8bb05d3d36b),
+ U64_C (0xe76b5cd38ce7e7bb), U64_C (0x6e57cbdc396e6ea5),
+ U64_C (0xc46ef395aac4c437), U64_C (0x03180f061b03030c),
+ U64_C (0x568a13acdc565645), U64_C (0x441a49885e44440d),
+ U64_C (0x7fdf9efea07f7fe1), U64_C (0xa921374f88a9a99e),
+ U64_C (0x2a4d8254672a2aa8), U64_C (0xbbb16d6b0abbbbd6),
+ U64_C (0xc146e29f87c1c123), U64_C (0x53a202a6f1535351),
+ U64_C (0xdcae8ba572dcdc57), U64_C (0x0b582716530b0b2c),
+ U64_C (0x9d9cd327019d9d4e), U64_C (0x6c47c1d82b6c6cad),
+ U64_C (0x3195f562a43131c4), U64_C (0x7487b9e8f37474cd),
+ U64_C (0xf6e309f115f6f6ff), U64_C (0x460a438c4c464605),
+ U64_C (0xac092645a5acac8a), U64_C (0x893c970fb589891e),
+ U64_C (0x14a04428b4141450), U64_C (0xe15b42dfbae1e1a3),
+ U64_C (0x16b04e2ca6161658), U64_C (0x3acdd274f73a3ae8),
+ U64_C (0x696fd0d2066969b9), U64_C (0x09482d1241090924),
+ U64_C (0x70a7ade0d77070dd), U64_C (0xb6d954716fb6b6e2),
+ U64_C (0xd0ceb7bd1ed0d067), U64_C (0xed3b7ec7d6eded93),
+ U64_C (0xcc2edb85e2cccc17), U64_C (0x422a578468424215),
+ U64_C (0x98b4c22d2c98985a), U64_C (0xa4490e55eda4a4aa),
+ U64_C (0x285d8850752828a0), U64_C (0x5cda31b8865c5c6d),
+ U64_C (0xf8933fed6bf8f8c7), U64_C (0x8644a411c2868622),
+ };
+
+static const u64 C6[256] =
+ {
+ U64_C (0x6018c07830d81818), U64_C (0x8c2305af46262323),
+ U64_C (0x3fc67ef991b8c6c6), U64_C (0x87e8136fcdfbe8e8),
+ U64_C (0x26874ca113cb8787), U64_C (0xdab8a9626d11b8b8),
+ U64_C (0x0401080502090101), U64_C (0x214f426e9e0d4f4f),
+ U64_C (0xd836adee6c9b3636), U64_C (0xa2a6590451ffa6a6),
+ U64_C (0x6fd2debdb90cd2d2), U64_C (0xf3f5fb06f70ef5f5),
+ U64_C (0xf979ef80f2967979), U64_C (0xa16f5fcede306f6f),
+ U64_C (0x7e91fcef3f6d9191), U64_C (0x5552aa07a4f85252),
+ U64_C (0x9d6027fdc0476060), U64_C (0xcabc89766535bcbc),
+ U64_C (0x569baccd2b379b9b), U64_C (0x028e048c018a8e8e),
+ U64_C (0xb6a371155bd2a3a3), U64_C (0x300c603c186c0c0c),
+ U64_C (0xf17bff8af6847b7b), U64_C (0xd435b5e16a803535),
+ U64_C (0x741de8693af51d1d), U64_C (0xa7e05347ddb3e0e0),
+ U64_C (0x7bd7f6acb321d7d7), U64_C (0x2fc25eed999cc2c2),
+ U64_C (0xb82e6d965c432e2e), U64_C (0x314b627a96294b4b),
+ U64_C (0xdffea321e15dfefe), U64_C (0x41578216aed55757),
+ U64_C (0x5415a8412abd1515), U64_C (0xc1779fb6eee87777),
+ U64_C (0xdc37a5eb6e923737), U64_C (0xb3e57b56d79ee5e5),
+ U64_C (0x469f8cd923139f9f), U64_C (0xe7f0d317fd23f0f0),
+ U64_C (0x354a6a7f94204a4a), U64_C (0x4fda9e95a944dada),
+ U64_C (0x7d58fa25b0a25858), U64_C (0x03c906ca8fcfc9c9),
+ U64_C (0xa429558d527c2929), U64_C (0x280a5022145a0a0a),
+ U64_C (0xfeb1e14f7f50b1b1), U64_C (0xbaa0691a5dc9a0a0),
+ U64_C (0xb16b7fdad6146b6b), U64_C (0x2e855cab17d98585),
+ U64_C (0xcebd8173673cbdbd), U64_C (0x695dd234ba8f5d5d),
+ U64_C (0x4010805020901010), U64_C (0xf7f4f303f507f4f4),
+ U64_C (0x0bcb16c08bddcbcb), U64_C (0xf83eedc67cd33e3e),
+ U64_C (0x140528110a2d0505), U64_C (0x81671fe6ce786767),
+ U64_C (0xb7e47353d597e4e4), U64_C (0x9c2725bb4e022727),
+ U64_C (0x1941325882734141), U64_C (0x168b2c9d0ba78b8b),
+ U64_C (0xa6a7510153f6a7a7), U64_C (0xe97dcf94fab27d7d),
+ U64_C (0x6e95dcfb37499595), U64_C (0x47d88e9fad56d8d8),
+ U64_C (0xcbfb8b30eb70fbfb), U64_C (0x9fee2371c1cdeeee),
+ U64_C (0xed7cc791f8bb7c7c), U64_C (0x856617e3cc716666),
+ U64_C (0x53dda68ea77bdddd), U64_C (0x5c17b84b2eaf1717),
+ U64_C (0x014702468e454747), U64_C (0x429e84dc211a9e9e),
+ U64_C (0x0fca1ec589d4caca), U64_C (0xb42d75995a582d2d),
+ U64_C (0xc6bf9179632ebfbf), U64_C (0x1c07381b0e3f0707),
+ U64_C (0x8ead012347acadad), U64_C (0x755aea2fb4b05a5a),
+ U64_C (0x36836cb51bef8383), U64_C (0xcc3385ff66b63333),
+ U64_C (0x91633ff2c65c6363), U64_C (0x0802100a04120202),
+ U64_C (0x92aa39384993aaaa), U64_C (0xd971afa8e2de7171),
+ U64_C (0x07c80ecf8dc6c8c8), U64_C (0x6419c87d32d11919),
+ U64_C (0x39497270923b4949), U64_C (0x43d9869aaf5fd9d9),
+ U64_C (0xeff2c31df931f2f2), U64_C (0xabe34b48dba8e3e3),
+ U64_C (0x715be22ab6b95b5b), U64_C (0x1a8834920dbc8888),
+ U64_C (0x529aa4c8293e9a9a), U64_C (0x98262dbe4c0b2626),
+ U64_C (0xc8328dfa64bf3232), U64_C (0xfab0e94a7d59b0b0),
+ U64_C (0x83e91b6acff2e9e9), U64_C (0x3c0f78331e770f0f),
+ U64_C (0x73d5e6a6b733d5d5), U64_C (0x3a8074ba1df48080),
+ U64_C (0xc2be997c6127bebe), U64_C (0x13cd26de87ebcdcd),
+ U64_C (0xd034bde468893434), U64_C (0x3d487a7590324848),
+ U64_C (0xdbffab24e354ffff), U64_C (0xf57af78ff48d7a7a),
+ U64_C (0x7a90f4ea3d649090), U64_C (0x615fc23ebe9d5f5f),
+ U64_C (0x80201da0403d2020), U64_C (0xbd6867d5d00f6868),
+ U64_C (0x681ad07234ca1a1a), U64_C (0x82ae192c41b7aeae),
+ U64_C (0xeab4c95e757db4b4), U64_C (0x4d549a19a8ce5454),
+ U64_C (0x7693ece53b7f9393), U64_C (0x88220daa442f2222),
+ U64_C (0x8d6407e9c8636464), U64_C (0xe3f1db12ff2af1f1),
+ U64_C (0xd173bfa2e6cc7373), U64_C (0x4812905a24821212),
+ U64_C (0x1d403a5d807a4040), U64_C (0x2008402810480808),
+ U64_C (0x2bc356e89b95c3c3), U64_C (0x97ec337bc5dfecec),
+ U64_C (0x4bdb9690ab4ddbdb), U64_C (0xbea1611f5fc0a1a1),
+ U64_C (0x0e8d1c8307918d8d), U64_C (0xf43df5c97ac83d3d),
+ U64_C (0x6697ccf1335b9797), U64_C (0x0000000000000000),
+ U64_C (0x1bcf36d483f9cfcf), U64_C (0xac2b4587566e2b2b),
+ U64_C (0xc57697b3ece17676), U64_C (0x328264b019e68282),
+ U64_C (0x7fd6fea9b128d6d6), U64_C (0x6c1bd87736c31b1b),
+ U64_C (0xeeb5c15b7774b5b5), U64_C (0x86af112943beafaf),
+ U64_C (0xb56a77dfd41d6a6a), U64_C (0x5d50ba0da0ea5050),
+ U64_C (0x0945124c8a574545), U64_C (0xebf3cb18fb38f3f3),
+ U64_C (0xc0309df060ad3030), U64_C (0x9bef2b74c3c4efef),
+ U64_C (0xfc3fe5c37eda3f3f), U64_C (0x4955921caac75555),
+ U64_C (0xb2a2791059dba2a2), U64_C (0x8fea0365c9e9eaea),
+ U64_C (0x89650fecca6a6565), U64_C (0xd2bab9686903baba),
+ U64_C (0xbc2f65935e4a2f2f), U64_C (0x27c04ee79d8ec0c0),
+ U64_C (0x5fdebe81a160dede), U64_C (0x701ce06c38fc1c1c),
+ U64_C (0xd3fdbb2ee746fdfd), U64_C (0x294d52649a1f4d4d),
+ U64_C (0x7292e4e039769292), U64_C (0xc9758fbceafa7575),
+ U64_C (0x1806301e0c360606), U64_C (0x128a249809ae8a8a),
+ U64_C (0xf2b2f940794bb2b2), U64_C (0xbfe66359d185e6e6),
+ U64_C (0x380e70361c7e0e0e), U64_C (0x7c1ff8633ee71f1f),
+ U64_C (0x956237f7c4556262), U64_C (0x77d4eea3b53ad4d4),
+ U64_C (0x9aa829324d81a8a8), U64_C (0x6296c4f431529696),
+ U64_C (0xc3f99b3aef62f9f9), U64_C (0x33c566f697a3c5c5),
+ U64_C (0x942535b14a102525), U64_C (0x7959f220b2ab5959),
+ U64_C (0x2a8454ae15d08484), U64_C (0xd572b7a7e4c57272),
+ U64_C (0xe439d5dd72ec3939), U64_C (0x2d4c5a6198164c4c),
+ U64_C (0x655eca3bbc945e5e), U64_C (0xfd78e785f09f7878),
+ U64_C (0xe038ddd870e53838), U64_C (0x0a8c148605988c8c),
+ U64_C (0x63d1c6b2bf17d1d1), U64_C (0xaea5410b57e4a5a5),
+ U64_C (0xafe2434dd9a1e2e2), U64_C (0x99612ff8c24e6161),
+ U64_C (0xf6b3f1457b42b3b3), U64_C (0x842115a542342121),
+ U64_C (0x4a9c94d625089c9c), U64_C (0x781ef0663cee1e1e),
+ U64_C (0x1143225286614343), U64_C (0x3bc776fc93b1c7c7),
+ U64_C (0xd7fcb32be54ffcfc), U64_C (0x1004201408240404),
+ U64_C (0x5951b208a2e35151), U64_C (0x5e99bcc72f259999),
+ U64_C (0xa96d4fc4da226d6d), U64_C (0x340d68391a650d0d),
+ U64_C (0xcffa8335e979fafa), U64_C (0x5bdfb684a369dfdf),
+ U64_C (0xe57ed79bfca97e7e), U64_C (0x90243db448192424),
+ U64_C (0xec3bc5d776fe3b3b), U64_C (0x96ab313d4b9aabab),
+ U64_C (0x1fce3ed181f0cece), U64_C (0x4411885522991111),
+ U64_C (0x068f0c8903838f8f), U64_C (0x254e4a6b9c044e4e),
+ U64_C (0xe6b7d1517366b7b7), U64_C (0x8beb0b60cbe0ebeb),
+ U64_C (0xf03cfdcc78c13c3c), U64_C (0x3e817cbf1ffd8181),
+ U64_C (0x6a94d4fe35409494), U64_C (0xfbf7eb0cf31cf7f7),
+ U64_C (0xdeb9a1676f18b9b9), U64_C (0x4c13985f268b1313),
+ U64_C (0xb02c7d9c58512c2c), U64_C (0x6bd3d6b8bb05d3d3),
+ U64_C (0xbbe76b5cd38ce7e7), U64_C (0xa56e57cbdc396e6e),
+ U64_C (0x37c46ef395aac4c4), U64_C (0x0c03180f061b0303),
+ U64_C (0x45568a13acdc5656), U64_C (0x0d441a49885e4444),
+ U64_C (0xe17fdf9efea07f7f), U64_C (0x9ea921374f88a9a9),
+ U64_C (0xa82a4d8254672a2a), U64_C (0xd6bbb16d6b0abbbb),
+ U64_C (0x23c146e29f87c1c1), U64_C (0x5153a202a6f15353),
+ U64_C (0x57dcae8ba572dcdc), U64_C (0x2c0b582716530b0b),
+ U64_C (0x4e9d9cd327019d9d), U64_C (0xad6c47c1d82b6c6c),
+ U64_C (0xc43195f562a43131), U64_C (0xcd7487b9e8f37474),
+ U64_C (0xfff6e309f115f6f6), U64_C (0x05460a438c4c4646),
+ U64_C (0x8aac092645a5acac), U64_C (0x1e893c970fb58989),
+ U64_C (0x5014a04428b41414), U64_C (0xa3e15b42dfbae1e1),
+ U64_C (0x5816b04e2ca61616), U64_C (0xe83acdd274f73a3a),
+ U64_C (0xb9696fd0d2066969), U64_C (0x2409482d12410909),
+ U64_C (0xdd70a7ade0d77070), U64_C (0xe2b6d954716fb6b6),
+ U64_C (0x67d0ceb7bd1ed0d0), U64_C (0x93ed3b7ec7d6eded),
+ U64_C (0x17cc2edb85e2cccc), U64_C (0x15422a5784684242),
+ U64_C (0x5a98b4c22d2c9898), U64_C (0xaaa4490e55eda4a4),
+ U64_C (0xa0285d8850752828), U64_C (0x6d5cda31b8865c5c),
+ U64_C (0xc7f8933fed6bf8f8), U64_C (0x228644a411c28686),
+ };
+
+static const u64 C7[256] =
+ {
+ U64_C (0x186018c07830d818), U64_C (0x238c2305af462623),
+ U64_C (0xc63fc67ef991b8c6), U64_C (0xe887e8136fcdfbe8),
+ U64_C (0x8726874ca113cb87), U64_C (0xb8dab8a9626d11b8),
+ U64_C (0x0104010805020901), U64_C (0x4f214f426e9e0d4f),
+ U64_C (0x36d836adee6c9b36), U64_C (0xa6a2a6590451ffa6),
+ U64_C (0xd26fd2debdb90cd2), U64_C (0xf5f3f5fb06f70ef5),
+ U64_C (0x79f979ef80f29679), U64_C (0x6fa16f5fcede306f),
+ U64_C (0x917e91fcef3f6d91), U64_C (0x525552aa07a4f852),
+ U64_C (0x609d6027fdc04760), U64_C (0xbccabc89766535bc),
+ U64_C (0x9b569baccd2b379b), U64_C (0x8e028e048c018a8e),
+ U64_C (0xa3b6a371155bd2a3), U64_C (0x0c300c603c186c0c),
+ U64_C (0x7bf17bff8af6847b), U64_C (0x35d435b5e16a8035),
+ U64_C (0x1d741de8693af51d), U64_C (0xe0a7e05347ddb3e0),
+ U64_C (0xd77bd7f6acb321d7), U64_C (0xc22fc25eed999cc2),
+ U64_C (0x2eb82e6d965c432e), U64_C (0x4b314b627a96294b),
+ U64_C (0xfedffea321e15dfe), U64_C (0x5741578216aed557),
+ U64_C (0x155415a8412abd15), U64_C (0x77c1779fb6eee877),
+ U64_C (0x37dc37a5eb6e9237), U64_C (0xe5b3e57b56d79ee5),
+ U64_C (0x9f469f8cd923139f), U64_C (0xf0e7f0d317fd23f0),
+ U64_C (0x4a354a6a7f94204a), U64_C (0xda4fda9e95a944da),
+ U64_C (0x587d58fa25b0a258), U64_C (0xc903c906ca8fcfc9),
+ U64_C (0x29a429558d527c29), U64_C (0x0a280a5022145a0a),
+ U64_C (0xb1feb1e14f7f50b1), U64_C (0xa0baa0691a5dc9a0),
+ U64_C (0x6bb16b7fdad6146b), U64_C (0x852e855cab17d985),
+ U64_C (0xbdcebd8173673cbd), U64_C (0x5d695dd234ba8f5d),
+ U64_C (0x1040108050209010), U64_C (0xf4f7f4f303f507f4),
+ U64_C (0xcb0bcb16c08bddcb), U64_C (0x3ef83eedc67cd33e),
+ U64_C (0x05140528110a2d05), U64_C (0x6781671fe6ce7867),
+ U64_C (0xe4b7e47353d597e4), U64_C (0x279c2725bb4e0227),
+ U64_C (0x4119413258827341), U64_C (0x8b168b2c9d0ba78b),
+ U64_C (0xa7a6a7510153f6a7), U64_C (0x7de97dcf94fab27d),
+ U64_C (0x956e95dcfb374995), U64_C (0xd847d88e9fad56d8),
+ U64_C (0xfbcbfb8b30eb70fb), U64_C (0xee9fee2371c1cdee),
+ U64_C (0x7ced7cc791f8bb7c), U64_C (0x66856617e3cc7166),
+ U64_C (0xdd53dda68ea77bdd), U64_C (0x175c17b84b2eaf17),
+ U64_C (0x47014702468e4547), U64_C (0x9e429e84dc211a9e),
+ U64_C (0xca0fca1ec589d4ca), U64_C (0x2db42d75995a582d),
+ U64_C (0xbfc6bf9179632ebf), U64_C (0x071c07381b0e3f07),
+ U64_C (0xad8ead012347acad), U64_C (0x5a755aea2fb4b05a),
+ U64_C (0x8336836cb51bef83), U64_C (0x33cc3385ff66b633),
+ U64_C (0x6391633ff2c65c63), U64_C (0x020802100a041202),
+ U64_C (0xaa92aa39384993aa), U64_C (0x71d971afa8e2de71),
+ U64_C (0xc807c80ecf8dc6c8), U64_C (0x196419c87d32d119),
+ U64_C (0x4939497270923b49), U64_C (0xd943d9869aaf5fd9),
+ U64_C (0xf2eff2c31df931f2), U64_C (0xe3abe34b48dba8e3),
+ U64_C (0x5b715be22ab6b95b), U64_C (0x881a8834920dbc88),
+ U64_C (0x9a529aa4c8293e9a), U64_C (0x2698262dbe4c0b26),
+ U64_C (0x32c8328dfa64bf32), U64_C (0xb0fab0e94a7d59b0),
+ U64_C (0xe983e91b6acff2e9), U64_C (0x0f3c0f78331e770f),
+ U64_C (0xd573d5e6a6b733d5), U64_C (0x803a8074ba1df480),
+ U64_C (0xbec2be997c6127be), U64_C (0xcd13cd26de87ebcd),
+ U64_C (0x34d034bde4688934), U64_C (0x483d487a75903248),
+ U64_C (0xffdbffab24e354ff), U64_C (0x7af57af78ff48d7a),
+ U64_C (0x907a90f4ea3d6490), U64_C (0x5f615fc23ebe9d5f),
+ U64_C (0x2080201da0403d20), U64_C (0x68bd6867d5d00f68),
+ U64_C (0x1a681ad07234ca1a), U64_C (0xae82ae192c41b7ae),
+ U64_C (0xb4eab4c95e757db4), U64_C (0x544d549a19a8ce54),
+ U64_C (0x937693ece53b7f93), U64_C (0x2288220daa442f22),
+ U64_C (0x648d6407e9c86364), U64_C (0xf1e3f1db12ff2af1),
+ U64_C (0x73d173bfa2e6cc73), U64_C (0x124812905a248212),
+ U64_C (0x401d403a5d807a40), U64_C (0x0820084028104808),
+ U64_C (0xc32bc356e89b95c3), U64_C (0xec97ec337bc5dfec),
+ U64_C (0xdb4bdb9690ab4ddb), U64_C (0xa1bea1611f5fc0a1),
+ U64_C (0x8d0e8d1c8307918d), U64_C (0x3df43df5c97ac83d),
+ U64_C (0x976697ccf1335b97), U64_C (0x0000000000000000),
+ U64_C (0xcf1bcf36d483f9cf), U64_C (0x2bac2b4587566e2b),
+ U64_C (0x76c57697b3ece176), U64_C (0x82328264b019e682),
+ U64_C (0xd67fd6fea9b128d6), U64_C (0x1b6c1bd87736c31b),
+ U64_C (0xb5eeb5c15b7774b5), U64_C (0xaf86af112943beaf),
+ U64_C (0x6ab56a77dfd41d6a), U64_C (0x505d50ba0da0ea50),
+ U64_C (0x450945124c8a5745), U64_C (0xf3ebf3cb18fb38f3),
+ U64_C (0x30c0309df060ad30), U64_C (0xef9bef2b74c3c4ef),
+ U64_C (0x3ffc3fe5c37eda3f), U64_C (0x554955921caac755),
+ U64_C (0xa2b2a2791059dba2), U64_C (0xea8fea0365c9e9ea),
+ U64_C (0x6589650fecca6a65), U64_C (0xbad2bab9686903ba),
+ U64_C (0x2fbc2f65935e4a2f), U64_C (0xc027c04ee79d8ec0),
+ U64_C (0xde5fdebe81a160de), U64_C (0x1c701ce06c38fc1c),
+ U64_C (0xfdd3fdbb2ee746fd), U64_C (0x4d294d52649a1f4d),
+ U64_C (0x927292e4e0397692), U64_C (0x75c9758fbceafa75),
+ U64_C (0x061806301e0c3606), U64_C (0x8a128a249809ae8a),
+ U64_C (0xb2f2b2f940794bb2), U64_C (0xe6bfe66359d185e6),
+ U64_C (0x0e380e70361c7e0e), U64_C (0x1f7c1ff8633ee71f),
+ U64_C (0x62956237f7c45562), U64_C (0xd477d4eea3b53ad4),
+ U64_C (0xa89aa829324d81a8), U64_C (0x966296c4f4315296),
+ U64_C (0xf9c3f99b3aef62f9), U64_C (0xc533c566f697a3c5),
+ U64_C (0x25942535b14a1025), U64_C (0x597959f220b2ab59),
+ U64_C (0x842a8454ae15d084), U64_C (0x72d572b7a7e4c572),
+ U64_C (0x39e439d5dd72ec39), U64_C (0x4c2d4c5a6198164c),
+ U64_C (0x5e655eca3bbc945e), U64_C (0x78fd78e785f09f78),
+ U64_C (0x38e038ddd870e538), U64_C (0x8c0a8c148605988c),
+ U64_C (0xd163d1c6b2bf17d1), U64_C (0xa5aea5410b57e4a5),
+ U64_C (0xe2afe2434dd9a1e2), U64_C (0x6199612ff8c24e61),
+ U64_C (0xb3f6b3f1457b42b3), U64_C (0x21842115a5423421),
+ U64_C (0x9c4a9c94d625089c), U64_C (0x1e781ef0663cee1e),
+ U64_C (0x4311432252866143), U64_C (0xc73bc776fc93b1c7),
+ U64_C (0xfcd7fcb32be54ffc), U64_C (0x0410042014082404),
+ U64_C (0x515951b208a2e351), U64_C (0x995e99bcc72f2599),
+ U64_C (0x6da96d4fc4da226d), U64_C (0x0d340d68391a650d),
+ U64_C (0xfacffa8335e979fa), U64_C (0xdf5bdfb684a369df),
+ U64_C (0x7ee57ed79bfca97e), U64_C (0x2490243db4481924),
+ U64_C (0x3bec3bc5d776fe3b), U64_C (0xab96ab313d4b9aab),
+ U64_C (0xce1fce3ed181f0ce), U64_C (0x1144118855229911),
+ U64_C (0x8f068f0c8903838f), U64_C (0x4e254e4a6b9c044e),
+ U64_C (0xb7e6b7d1517366b7), U64_C (0xeb8beb0b60cbe0eb),
+ U64_C (0x3cf03cfdcc78c13c), U64_C (0x813e817cbf1ffd81),
+ U64_C (0x946a94d4fe354094), U64_C (0xf7fbf7eb0cf31cf7),
+ U64_C (0xb9deb9a1676f18b9), U64_C (0x134c13985f268b13),
+ U64_C (0x2cb02c7d9c58512c), U64_C (0xd36bd3d6b8bb05d3),
+ U64_C (0xe7bbe76b5cd38ce7), U64_C (0x6ea56e57cbdc396e),
+ U64_C (0xc437c46ef395aac4), U64_C (0x030c03180f061b03),
+ U64_C (0x5645568a13acdc56), U64_C (0x440d441a49885e44),
+ U64_C (0x7fe17fdf9efea07f), U64_C (0xa99ea921374f88a9),
+ U64_C (0x2aa82a4d8254672a), U64_C (0xbbd6bbb16d6b0abb),
+ U64_C (0xc123c146e29f87c1), U64_C (0x535153a202a6f153),
+ U64_C (0xdc57dcae8ba572dc), U64_C (0x0b2c0b582716530b),
+ U64_C (0x9d4e9d9cd327019d), U64_C (0x6cad6c47c1d82b6c),
+ U64_C (0x31c43195f562a431), U64_C (0x74cd7487b9e8f374),
+ U64_C (0xf6fff6e309f115f6), U64_C (0x4605460a438c4c46),
+ U64_C (0xac8aac092645a5ac), U64_C (0x891e893c970fb589),
+ U64_C (0x145014a04428b414), U64_C (0xe1a3e15b42dfbae1),
+ U64_C (0x165816b04e2ca616), U64_C (0x3ae83acdd274f73a),
+ U64_C (0x69b9696fd0d20669), U64_C (0x092409482d124109),
+ U64_C (0x70dd70a7ade0d770), U64_C (0xb6e2b6d954716fb6),
+ U64_C (0xd067d0ceb7bd1ed0), U64_C (0xed93ed3b7ec7d6ed),
+ U64_C (0xcc17cc2edb85e2cc), U64_C (0x4215422a57846842),
+ U64_C (0x985a98b4c22d2c98), U64_C (0xa4aaa4490e55eda4),
+ U64_C (0x28a0285d88507528), U64_C (0x5c6d5cda31b8865c),
+ U64_C (0xf8c7f8933fed6bf8), U64_C (0x86228644a411c286),
+ };
+
+
+
+static void
+whirlpool_init (void *ctx)
+{
+ whirlpool_context_t *context = ctx;
+
+ memset (context, 0, sizeof (*context));
+}
+
+
+/*
+ * Transform block.
+ */
+static void
+whirlpool_transform (whirlpool_context_t *context, const unsigned char *data)
+{
+ whirlpool_block_t data_block;
+ whirlpool_block_t key;
+ whirlpool_block_t state;
+ whirlpool_block_t block;
+ unsigned int r;
+ unsigned int i;
+
+ buffer_to_block (data, data_block, i);
+ block_copy (key, context->hash_state, i);
+ block_copy (state, context->hash_state, i);
+ block_xor (state, data_block, i);
+
+ for (r = 0; r < R; r++)
+ {
+ /* Compute round key K^r. */
+
+ block[0] = (C0[(key[0] >> 56) & 0xFF] ^ C1[(key[7] >> 48) & 0xFF] ^
+ C2[(key[6] >> 40) & 0xFF] ^ C3[(key[5] >> 32) & 0xFF] ^
+ C4[(key[4] >> 24) & 0xFF] ^ C5[(key[3] >> 16) & 0xFF] ^
+ C6[(key[2] >> 8) & 0xFF] ^ C7[(key[1] >> 0) & 0xFF] ^ rc[r]);
+ block[1] = (C0[(key[1] >> 56) & 0xFF] ^ C1[(key[0] >> 48) & 0xFF] ^
+ C2[(key[7] >> 40) & 0xFF] ^ C3[(key[6] >> 32) & 0xFF] ^
+ C4[(key[5] >> 24) & 0xFF] ^ C5[(key[4] >> 16) & 0xFF] ^
+ C6[(key[3] >> 8) & 0xFF] ^ C7[(key[2] >> 0) & 0xFF]);
+ block[2] = (C0[(key[2] >> 56) & 0xFF] ^ C1[(key[1] >> 48) & 0xFF] ^
+ C2[(key[0] >> 40) & 0xFF] ^ C3[(key[7] >> 32) & 0xFF] ^
+ C4[(key[6] >> 24) & 0xFF] ^ C5[(key[5] >> 16) & 0xFF] ^
+ C6[(key[4] >> 8) & 0xFF] ^ C7[(key[3] >> 0) & 0xFF]);
+ block[3] = (C0[(key[3] >> 56) & 0xFF] ^ C1[(key[2] >> 48) & 0xFF] ^
+ C2[(key[1] >> 40) & 0xFF] ^ C3[(key[0] >> 32) & 0xFF] ^
+ C4[(key[7] >> 24) & 0xFF] ^ C5[(key[6] >> 16) & 0xFF] ^
+ C6[(key[5] >> 8) & 0xFF] ^ C7[(key[4] >> 0) & 0xFF]);
+ block[4] = (C0[(key[4] >> 56) & 0xFF] ^ C1[(key[3] >> 48) & 0xFF] ^
+ C2[(key[2] >> 40) & 0xFF] ^ C3[(key[1] >> 32) & 0xFF] ^
+ C4[(key[0] >> 24) & 0xFF] ^ C5[(key[7] >> 16) & 0xFF] ^
+ C6[(key[6] >> 8) & 0xFF] ^ C7[(key[5] >> 0) & 0xFF]);
+ block[5] = (C0[(key[5] >> 56) & 0xFF] ^ C1[(key[4] >> 48) & 0xFF] ^
+ C2[(key[3] >> 40) & 0xFF] ^ C3[(key[2] >> 32) & 0xFF] ^
+ C4[(key[1] >> 24) & 0xFF] ^ C5[(key[0] >> 16) & 0xFF] ^
+ C6[(key[7] >> 8) & 0xFF] ^ C7[(key[6] >> 0) & 0xFF]);
+ block[6] = (C0[(key[6] >> 56) & 0xFF] ^ C1[(key[5] >> 48) & 0xFF] ^
+ C2[(key[4] >> 40) & 0xFF] ^ C3[(key[3] >> 32) & 0xFF] ^
+ C4[(key[2] >> 24) & 0xFF] ^ C5[(key[1] >> 16) & 0xFF] ^
+ C6[(key[0] >> 8) & 0xFF] ^ C7[(key[7] >> 0) & 0xFF]);
+ block[7] = (C0[(key[7] >> 56) & 0xFF] ^ C1[(key[6] >> 48) & 0xFF] ^
+ C2[(key[5] >> 40) & 0xFF] ^ C3[(key[4] >> 32) & 0xFF] ^
+ C4[(key[3] >> 24) & 0xFF] ^ C5[(key[2] >> 16) & 0xFF] ^
+ C6[(key[1] >> 8) & 0xFF] ^ C7[(key[0] >> 0) & 0xFF]);
+ block_copy (key, block, i);
+
+ /* Apply r-th round transformation. */
+
+ block[0] = (C0[(state[0] >> 56) & 0xFF] ^ C1[(state[7] >> 48) & 0xFF] ^
+ C2[(state[6] >> 40) & 0xFF] ^ C3[(state[5] >> 32) & 0xFF] ^
+ C4[(state[4] >> 24) & 0xFF] ^ C5[(state[3] >> 16) & 0xFF] ^
+ C6[(state[2] >> 8) & 0xFF] ^ C7[(state[1] >> 0) & 0xFF] ^ key[0]);
+ block[1] = (C0[(state[1] >> 56) & 0xFF] ^ C1[(state[0] >> 48) & 0xFF] ^
+ C2[(state[7] >> 40) & 0xFF] ^ C3[(state[6] >> 32) & 0xFF] ^
+ C4[(state[5] >> 24) & 0xFF] ^ C5[(state[4] >> 16) & 0xFF] ^
+ C6[(state[3] >> 8) & 0xFF] ^ C7[(state[2] >> 0) & 0xFF] ^ key[1]);
+ block[2] = (C0[(state[2] >> 56) & 0xFF] ^ C1[(state[1] >> 48) & 0xFF] ^
+ C2[(state[0] >> 40) & 0xFF] ^ C3[(state[7] >> 32) & 0xFF] ^
+ C4[(state[6] >> 24) & 0xFF] ^ C5[(state[5] >> 16) & 0xFF] ^
+ C6[(state[4] >> 8) & 0xFF] ^ C7[(state[3] >> 0) & 0xFF] ^ key[2]);
+ block[3] = (C0[(state[3] >> 56) & 0xFF] ^ C1[(state[2] >> 48) & 0xFF] ^
+ C2[(state[1] >> 40) & 0xFF] ^ C3[(state[0] >> 32) & 0xFF] ^
+ C4[(state[7] >> 24) & 0xFF] ^ C5[(state[6] >> 16) & 0xFF] ^
+ C6[(state[5] >> 8) & 0xFF] ^ C7[(state[4] >> 0) & 0xFF] ^ key[3]);
+ block[4] = (C0[(state[4] >> 56) & 0xFF] ^ C1[(state[3] >> 48) & 0xFF] ^
+ C2[(state[2] >> 40) & 0xFF] ^ C3[(state[1] >> 32) & 0xFF] ^
+ C4[(state[0] >> 24) & 0xFF] ^ C5[(state[7] >> 16) & 0xFF] ^
+ C6[(state[6] >> 8) & 0xFF] ^ C7[(state[5] >> 0) & 0xFF] ^ key[4]);
+ block[5] = (C0[(state[5] >> 56) & 0xFF] ^ C1[(state[4] >> 48) & 0xFF] ^
+ C2[(state[3] >> 40) & 0xFF] ^ C3[(state[2] >> 32) & 0xFF] ^
+ C4[(state[1] >> 24) & 0xFF] ^ C5[(state[0] >> 16) & 0xFF] ^
+ C6[(state[7] >> 8) & 0xFF] ^ C7[(state[6] >> 0) & 0xFF] ^ key[5]);
+ block[6] = (C0[(state[6] >> 56) & 0xFF] ^ C1[(state[5] >> 48) & 0xFF] ^
+ C2[(state[4] >> 40) & 0xFF] ^ C3[(state[3] >> 32) & 0xFF] ^
+ C4[(state[2] >> 24) & 0xFF] ^ C5[(state[1] >> 16) & 0xFF] ^
+ C6[(state[0] >> 8) & 0xFF] ^ C7[(state[7] >> 0) & 0xFF] ^ key[6]);
+ block[7] = (C0[(state[7] >> 56) & 0xFF] ^ C1[(state[6] >> 48) & 0xFF] ^
+ C2[(state[5] >> 40) & 0xFF] ^ C3[(state[4] >> 32) & 0xFF] ^
+ C4[(state[3] >> 24) & 0xFF] ^ C5[(state[2] >> 16) & 0xFF] ^
+ C6[(state[1] >> 8) & 0xFF] ^ C7[(state[0] >> 0) & 0xFF] ^ key[7]);
+ block_copy (state, block, i);
+ }
+
+ /* Compression. */
+
+ block_xor (context->hash_state, data_block, i);
+ block_xor (context->hash_state, state, i);
+}
+
+static void
+whirlpool_add (whirlpool_context_t *context,
+ const void *buffer_arg, size_t buffer_n)
+{
+ const unsigned char *buffer = buffer_arg;
+ u64 buffer_size;
+ unsigned int carry;
+ unsigned int i;
+
+ buffer_size = buffer_n;
+
+ if (context->count == BLOCK_SIZE)
+ {
+ /* Flush the buffer. */
+ whirlpool_transform (context, context->buffer);
+ /*_gcry_burn_stack (80+6*sizeof(void*));*/ /* FIXME */
+ context->count = 0;
+ }
+ if (! buffer)
+ return; /* Nothing to add. */
+
+ if (context->count)
+ {
+ while (buffer_n && (context->count < BLOCK_SIZE))
+ {
+ context->buffer[context->count++] = *buffer++;
+ buffer_n--;
+ }
+ whirlpool_add (context, NULL, 0);
+ if (!buffer_n)
+ /* Done. */
+ return;
+ }
+ /*_gcry_burn_stack (80+6*sizeof(void*));*/ /* FIXME */
+
+ while (buffer_n >= BLOCK_SIZE)
+ {
+ whirlpool_transform (context, buffer);
+ context->count = 0;
+ buffer_n -= BLOCK_SIZE;
+ buffer += BLOCK_SIZE;
+ }
+ while (buffer_n && (context->count < BLOCK_SIZE))
+ {
+ context->buffer[context->count++] = *buffer++;
+ buffer_n--;
+ }
+
+ /* Update bit counter. */
+ carry = 0;
+ buffer_size <<= 3;
+ for (i = 1; i <= 32; i++)
+ {
+ if (! (buffer_size || carry))
+ break;
+
+ carry += context->length[32 - i] + (buffer_size & 0xFF);
+ context->length[32 - i] = carry;
+ buffer_size >>= 8;
+ carry >>= 8;
+ }
+ gcry_assert (! (buffer_size || carry));
+}
+
+static void
+whirlpool_write (void *ctx, const void *buffer, size_t buffer_n)
+{
+ whirlpool_context_t *context = ctx;
+
+ whirlpool_add (context, buffer, buffer_n);
+}
+
+static void
+whirlpool_final (void *ctx)
+{
+ whirlpool_context_t *context = ctx;
+ unsigned int i;
+
+ /* Flush. */
+ whirlpool_add (context, NULL, 0);
+
+ /* Pad. */
+ context->buffer[context->count++] = 0x80;
+
+ if (context->count > 32)
+ {
+ /* An extra block is necessary. */
+ while (context->count < 64)
+ context->buffer[context->count++] = 0;
+ whirlpool_add (context, NULL, 0);
+ }
+ while (context->count < 32)
+ context->buffer[context->count++] = 0;
+
+ /* Add length of message. */
+ memcpy (context->buffer + context->count, context->length, 32);
+ context->count += 32;
+ whirlpool_add (context, NULL, 0);
+
+ block_to_buffer (context->buffer, context->hash_state, i);
+}
+
+static byte *
+whirlpool_read (void *ctx)
+{
+ whirlpool_context_t *context = ctx;
+
+ return context->buffer;
+}
+
+gcry_md_spec_t _gcry_digest_spec_whirlpool =
+ {
+ "WHIRLPOOL", NULL, 0, NULL, 64,
+ whirlpool_init, whirlpool_write, whirlpool_final, whirlpool_read,
+ sizeof (whirlpool_context_t)
+ ,
+ .blocksize = 64
+ };
+
+
+GRUB_MOD_INIT(gcry_whirlpool)
+{
+ grub_md_register (&_gcry_digest_spec_whirlpool);
+}
+
+GRUB_MOD_FINI(gcry_whirlpool)
+{
+ grub_md_unregister (&_gcry_digest_spec_whirlpool);
+}
diff --git a/grub-core/lib/libgcrypt/cipher/ChangeLog b/grub-core/lib/libgcrypt/cipher/ChangeLog
new file mode 100644
index 0000000..8924f17
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/ChangeLog
@@ -0,0 +1,3900 @@
+2009-01-22 Werner Koch <wk@g10code.com>
+
+ * ecc.c (compute_keygrip): Remove superfluous const.
+
+2009-01-06 Werner Koch <wk@g10code.com>
+
+ * rmd160.c (oid_spec_rmd160): Add TeleTrust identifier.
+
+2008-12-10 Werner Koch <wk@g10code.com>
+
+ * dsa.c (generate): Add arg DOMAIN and use it if specified.
+ (generate_fips186): Ditto.
+ (dsa_generate_ext): Parse and check the optional "domain"
+ parameter and pass them to the generate functions.
+
+ * rijndael.c (rijndael_names): Add "AES128" and "AES-128".
+ (rijndael192_names): Add "AES-192".
+ (rijndael256_names): Add "AES-256".
+
+2008-12-05 Werner Koch <wk@g10code.com>
+
+ * dsa.c (generate): Add arg TRANSIENT_KEY and use it to detrmine
+ the RNG quality needed.
+ (dsa_generate_ext): Parse the transient-key flag und pass it to
+ generate.
+
+2008-11-28 Werner Koch <wk@g10code.com>
+
+ * dsa.c (generate_fips186): Add arg DERIVEPARMS and use the seed
+ value if available.
+
+ * primegen.c (_gcry_generate_fips186_2_prime): Fix inner p loop.
+
+2008-11-26 Werner Koch <wk@g10code.com>
+
+ * primegen.c (_gcry_generate_fips186_3_prime): New.
+ * dsa.c (generate_fips186): Add arg USE_FIPS186_2.
+ (dsa_generate_ext): Parse new flag use-fips183-2.
+
+2008-11-25 Werner Koch <wk@g10code.com>
+
+ * dsa.c (generate_fips186): New.
+ (dsa_generate_ext): Use new function if derive-parms are given or
+ if in FIPS mode.
+ * primegen.c (_gcry_generate_fips186_2_prime): New.
+
+2008-11-24 Werner Koch <wk@g10code.com>
+
+ * pubkey.c (gcry_pk_genkey): Insert code to output extrainfo.
+ (pubkey_generate): Add arg R_EXTRAINFO and pass it to the extended
+ key generation function.
+ * rsa.c (gen_x931_parm_xp, gen_x931_parm_xi): New.
+ (generate_x931): Generate params if not given.
+ (rsa_generate_ext): Parse use-x931 flag. Return p-q-swapped
+ indicator.
+ * dsa.c (dsa_generate_ext): Put RETFACTORS into R_EXTRAINFO if
+ possible.
+
+ * pubkey.c (gcry_pk_genkey): Remove parsing of almost all
+ parameters and pass the parameter S-expression to pubkey_generate.
+ (pubkey_generate): Simplify by requitring modules to parse the
+ parameters. Remove the special cases for Elgamal and ECC.
+ (sexp_elements_extract_ecc): Add arg EXTRASPEC and use it. Fix
+ small memory leak.
+ (sexp_to_key): Pass EXTRASPEC to sexp_elements_extract_ecc.
+ (pubkey_table) [USE_ELGAMAL]: Add real extraspec.
+ * rsa.c (rsa_generate_ext): Adjust for new calling convention.
+ * dsa.c (dsa_generate_ext): Ditto.
+ * elgamal.c (_gcry_elg_generate): Ditto. Rename to elg_generate_ext.
+ (elg_generate): New.
+ (_gcry_elg_generate_using_x): Remove after merging code with
+ elg_generate_ext.
+ (_gcry_pubkey_extraspec_elg): New.
+ (_gcry_elg_check_secret_key, _gcry_elg_encrypt, _gcry_elg_sign)
+ (_gcry_elg_verify, _gcry_elg_get_nbits): Make static and remove
+ _gcry_ prefix.
+ * ecc.c (_gcry_ecc_generate): Rename to ecc_generate_ext and
+ adjust for new calling convention.
+ (_gcry_ecc_get_param): Rename to ecc_get_param and make static.
+ (_gcry_pubkey_extraspec_ecdsa): Add ecc_generate_ext and
+ ecc_get_param.
+
+2008-11-20 Werner Koch <wk@g10code.com>
+
+ * pubkey.c (pubkey_generate): Add arg DERIVEPARMS.
+ (gcry_pk_genkey): Parse derive-parms and pass it to above.
+ * rsa.c (generate_x931): New.
+ (rsa_generate_ext): Add arg DERIVEPARMS and call new function in
+ fips mode or if DERIVEPARMS is given.
+ * primegen.c (_gcry_derive_x931_prime, find_x931_prime): New.
+
+2008-11-19 Werner Koch <wk@g10code.com>
+
+ * rsa.c (rsa_decrypt): Use gcry_create_nonce for blinding.
+ (generate): Rename to generate_std.
+
+2008-11-05 Werner Koch <wk@g10code.com>
+
+ * md.c (md_open): Use a switch to set the Bsize.
+ (prepare_macpads): Fix long key case for SHA384 and SHA512.
+
+ * cipher.c (gcry_cipher_handle): Add field EXTRASPEC.
+ (gcry_cipher_open): Set it.
+ (gcry_cipher_ctl): Add private control code to disable weak key
+ detection and to return the current input block.
+ * des.c (_tripledes_ctx): Add field FLAGS.
+ (do_tripledes_set_extra_info): New.
+ (_gcry_cipher_extraspec_tripledes): Add new function.
+ (do_tripledes_setkey): Disable weak key detection.
+
+2008-10-24 Werner Koch <wk@g10code.com>
+
+ * md.c (digest_table): Allow MD5 in fips mode.
+ (md_register_default): Take special action for MD5.
+ (md_enable, gcry_md_hash_buffer): Ditto.
+
+2008-09-30 Werner Koch <wk@g10code.com>
+
+ * rijndael.c (do_setkey): Properly align "t" and "tk".
+ (prepare_decryption): Properly align "w". Fixes bug #936.
+
+2008-09-18 Werner Koch <wk@g10code.com>
+
+ * pubkey.c (gcry_pk_genkey): Parse domain parameter.
+ (pubkey_generate): Add new arg DOMAIN and remove special case for
+ DSA with qbits.
+ * rsa.c (rsa_generate): Add dummy args QBITS, NAME and DOMAIN and
+ rename to rsa_generate_ext. Change caller.
+ (_gcry_rsa_generate, _gcry_rsa_check_secret_key)
+ (_gcry_rsa_encrypt, _gcry_rsa_decrypt, _gcry_rsa_sign)
+ (_gcry_rsa_verify, _gcry_rsa_get_nbits): Make static and remove
+ _gcry_ prefix.
+ (_gcry_pubkey_spec_rsa, _gcry_pubkey_extraspec_rsa): Adjust names.
+ * dsa.c (dsa_generate_ext): New.
+ (_gcry_dsa_generate): Replace code by a call to dsa_generate.
+ (_gcry_dsa_check_secret_key, _gcry_dsa_sign, _gcry_dsa_verify)
+ (_gcry_dsa_get_nbits): Make static and remove _gcry prefix.
+ (_gcry_dsa_generate2): Remove.
+ (_gcry_pubkey_spec_dsa): Adjust to name changes.
+ (_gcry_pubkey_extraspec_rsa): Add dsa_generate_ext.
+
+2008-09-16 Werner Koch <wk@g10code.com>
+
+ * ecc.c (run_selftests): Add arg EXTENDED.
+
+2008-09-12 Werner Koch <wk@g10code.com>
+
+ * rsa.c (test_keys): Do a bad case signature check.
+ * dsa.c (test_keys): Do a bad case check.
+
+ * cipher.c (_gcry_cipher_selftest): Add arg EXTENDED and pass it
+ to the called tests.
+ * md.c (_gcry_md_selftest): Ditto.
+ * pubkey.c (_gcry_pk_selftest): Ditto.
+ * rijndael.c (run_selftests): Add arg EXTENDED and pass it to the
+ called tests.
+ (selftest_fips_128): Add arg EXTENDED and run only one test
+ non-extended mode.
+ (selftest_fips_192): Add dummy arg EXTENDED.
+ (selftest_fips_256): Ditto.
+ * hmac-tests.c (_gcry_hmac_selftest): Ditto.
+ (run_selftests): Ditto.
+ (selftests_sha1): Add arg EXTENDED and run only one test
+ non-extended mode.
+ (selftests_sha224, selftests_sha256): Ditto.
+ (selftests_sha384, selftests_sha512): Ditto.
+ * sha1.c (run_selftests): Add arg EXTENDED and pass it to the
+ called test.
+ (selftests_sha1): Add arg EXTENDED and run only one test
+ non-extended mode.
+ * sha256.c (run_selftests): Add arg EXTENDED and pass it to the
+ called tests.
+ (selftests_sha224): Add arg EXTENDED and run only one test
+ non-extended mode.
+ (selftests_sha256): Ditto.
+ * sha512.c (run_selftests): Add arg EXTENDED and pass it to the
+ called tests.
+ (selftests_sha384): Add arg EXTENDED and run only one test
+ non-extended mode.
+ (selftests_sha512): Ditto.
+ * des.c (run_selftests): Add arg EXTENDED and pass it to the
+ called test.
+ (selftest_fips): Add dummy arg EXTENDED.
+ * rsa.c (run_selftests): Add dummy arg EXTENDED.
+
+ * dsa.c (run_selftests): Add dummy arg EXTENDED.
+
+ * rsa.c (extract_a_from_sexp): New.
+ (selftest_encr_1024): Check that the ciphertext does not match the
+ plaintext.
+ (test_keys): Improve tests and return an error status.
+ (generate): Return an error if test_keys fails.
+ * dsa.c (test_keys): Add comments and return an error status.
+ (generate): Return an error if test_keys failed.
+
+2008-09-11 Werner Koch <wk@g10code.com>
+
+ * rsa.c (_gcry_rsa_decrypt): Return an error instead of calling
+ BUG in case of a practically impossible condition.
+ (sample_secret_key, sample_public_key): New.
+ (selftest_sign_1024, selftest_encr_1024): New.
+ (selftests_rsa): Implement tests.
+ * dsa.c (sample_secret_key, sample_public_key): New.
+ (selftest_sign_1024): New.
+ (selftests_dsa): Implement tests.
+
+2008-09-09 Werner Koch <wk@g10code.com>
+
+ * hmac-tests.c (selftests_sha1): Add tests.
+ (selftests_sha224, selftests_sha384, selftests_sha512): Make up tests.
+
+ * hash-common.c, hash-common.h: New.
+ * sha1.c (selftests_sha1): Add 3 tests.
+ * sha256.c (selftests_sha256, selftests_sha224): Ditto.
+ * sha512.c (selftests_sha512, selftests_sha384): Ditto.
+
+2008-08-29 Werner Koch <wk@g10code.com>
+
+ * pubkey.c (gcry_pk_get_keygrip): Remove the special case for RSA
+ and check whether a custom computation function has been setup.
+ * rsa.c (compute_keygrip): New.
+ (_gcry_pubkey_extraspec_rsa): Setup this function.
+ * ecc.c (compute_keygrip): New.
+ (_gcry_pubkey_extraspec_ecdsa): Setup this function.
+
+2008-08-28 Werner Koch <wk@g10code.com>
+
+ * cipher.c (cipher_decrypt, cipher_encrypt): Return an error if
+ mode NONE is used.
+ (gcry_cipher_open): Allow mode NONE only with a debug flag set and
+ if not in FIPS mode.
+
+2008-08-26 Werner Koch <wk@g10code.com>
+
+ * pubkey.c (pubkey_generate): Add arg KEYGEN_FLAGS.
+ (gcry_pk_genkey): Implement new parameter "transient-key" and
+ pass it as flags to pubkey_generate.
+ (pubkey_generate): Make use of an ext_generate function.
+ * rsa.c (generate): Add new arg transient_key and pass appropriate
+ args to the prime generator.
+ (_gcry_rsa_generate): Factor all code out to ...
+ (rsa_generate): .. new func with extra arg KEYGEN_FLAGS.
+ (_gcry_pubkey_extraspec_ecdsa): Setup rsa_generate.
+ * primegen.c (_gcry_generate_secret_prime)
+ (_gcry_generate_public_prime): Add new arg RANDOM_LEVEL.
+
+2008-08-21 Werner Koch <wk@g10code.com>
+
+ * primegen.c (_gcry_generate_secret_prime)
+ (_gcry_generate_public_prime): Use a constant macro for the random
+ level.
+
+2008-08-19 Werner Koch <wk@g10code.com>
+
+ * pubkey.c (sexp_elements_extract_ecc) [!USE_ECC]: Do not allow
+ allow "curve" parameter.
+
+2008-08-15 Werner Koch <wk@g10code.com>
+
+ * pubkey.c (_gcry_pk_selftest): New.
+ * dsa.c (selftests_dsa, run_selftests): New.
+ * rsa.c (selftests_rsa, run_selftests): New.
+ * ecc.c (selftests_ecdsa, run_selftests): New.
+
+ * md.c (_gcry_md_selftest): New.
+ * sha1.c (run_selftests, selftests_sha1): New.
+ * sha256.c (selftests_sha224, selftests_sha256, run_selftests): New.
+ * sha512.c (selftests_sha384, selftests_sha512, run_selftests): New.
+
+ * des.c (selftest): Remove static variable form selftest.
+ (des_setkey): No on-the-fly self test in fips mode.
+ (tripledes_set3keys): Ditto.
+
+ * cipher.c (_gcry_cipher_setkey, _gcry_cipher_setiv):
+
+ * dsa.c (generate): Bail out in fips mode if NBITS is less than 1024.
+ * rsa.c (generate): Return an error code if the the requested size
+ is less than 1024 and we are in fpis mode.
+ (_gcry_rsa_generate): Take care of that error code.
+
+ * ecc.c (generate_curve): In fips mode enable only NIST curves.
+
+ * cipher.c (_gcry_cipher_selftest): New.
+
+ * sha512.c (_gcry_digest_extraspec_sha384)
+ (_gcry_digest_extraspec_sha512): New.
+ * sha256.c (_gcry_digest_extraspec_sha224)
+ (_gcry_digest_extraspec_sha256): New.
+ * sha1.c (_gcry_digest_extraspec_sha1): New.
+ * ecc.c (_gcry_pubkey_extraspec_ecdsa): New.
+ * dsa.c (_gcry_pubkey_extraspec_dsa): New.
+ * rsa.c (_gcry_pubkey_extraspec_rsa): New.
+ * rijndael.c (_gcry_cipher_extraspec_aes)
+ (_gcry_cipher_extraspec_aes192, _gcry_cipher_extraspec_aes256): New.
+ * des.c (_gcry_cipher_extraspec_tripledes): New.
+
+ * cipher.c (gcry_cipher_register): Rename to _gcry_cipher_register.
+ Add arg EXTRASPEC.
+ (dummy_extra_spec): New.
+ (cipher_table_entry): Add extraspec field.
+ * md.c (_gcry_md_register): Rename to _gcry_md_register. Add
+ arg EXTRASPEC.
+ (dummy_extra_spec): New.
+ (digest_table_entry): Add extraspec field.
+ * pubkey.c (gcry_pk_register): Rename to _gcry_pk_register. Add
+ arg EXTRASPEC.
+ (dummy_extra_spec): New.
+ (pubkey_table_entry): Add extraspec field.
+
+ * ac.c: Let most public functions return GPG_ERR_UNSUPPORTED in
+ fips mode.
+
+ * pubkey.c (pubkey_table_entry): Add field FIPS_ALLOWED and mark
+ appropriate algorithms.
+ (dummy_generate, dummy_check_secret_key, dummy_encrypt)
+ (dummy_decrypt, dummy_sign, dummy_verify, dummy_get_nbits): Signal
+ a fips error when used.
+ (gcry_pk_register): In fips mode do not allow to register new
+ algorithms.
+
+ * md.c (digest_table): Add field FIPS_ALLOWED and mark appropriate
+ algorithms.
+ (md_register_default): In fips mode register only fips algorithms.
+ (gcry_md_register): In fips mode do not allow to register new
+ algorithms.
+ (gcry_md_get): Signal a fips error if called.
+ (gcry_md_hash_buffer): Do not allow rmd160 when not in fips mode.
+ (md_start_debug): Disable in fips_mode.
+
+ * md.c (gcry_md_register_default): Rename to ..
+ (md_register_default): .. this.
+ (md_digest): Remove this commented fucntion.
+ * pubkey.c (gcry_pk_register_default): Rename to ..
+ (pk_register_default): .. this.
+
+ * cipher.c (cipher_table_entry): Add field FIPS_ALLOWED.
+ (gcry_cipher_register_default): Register only fips approved
+ algorithms.
+ (gcry_cipher_register): Do not allow to register new ciphers.
+ (cipher_setiv): Signal fips error.
+
+ * cipher (gcry_cipher_register_default): Rename to ..
+ (cipher_register_default): .. this.
+ (REGISTER_DEFAULT_CIPHERS): Adjust for that change.
+
+2008-07-05 Werner Koch <wk@g10code.com>
+
+ * random-daemon.c, random.h, rndhw.c, rndunix.c, rand-internal.h
+ * random.c, rndegd.c, rndlinux.c, rndw32.c: Move to ../cipher.
+ * Makefile.am: Remove random stuff.
+
+2008-06-24 Szakats Istvan <szaki.ms@gmail.com> (wk)
+
+ * ac.c (_gcry_ac_key_destroy, _gcry_ac_key_pair_generate): Relase
+ some more memory.
+
+2008-04-22 Werner Koch <wk@g10code.com>
+
+ * rijndael.c (_gcry_aes_cfb_enc, _gcry_aes_cbc_enc)
+ (_gcry_aes_cfb_dec, _gcry_aes_cbc_dec): Use Padlock if possible.
+
+2008-04-18 Werner Koch <wk@g10code.com>
+
+ * sha1.c (transform_aligned): Remove. That is will obviosuly not
+ work because we need a scratch working area and our internal API
+ does not allow to modify the buffers.
+
+ * rijndael.c: Factor tables out to ..
+ * rijndael-tables.h: .. new.
+
+ * ac.c (ac_data_extract): Make static.
+
+ * camellia.h [HAVE_CONFIG_H]: Include config.h.
+
+ * rndw32.c (registry_poll): Only print the performance data
+ problem warning once. Suggested by Simon Josefsson.
+
+2008-03-19 Werner Koch <wk@g10code.com>
+
+ * cipher.c (gcry_cipher_open) [USE_AES]: Init bulk encryption only
+ if requested. Suggested by Dirk Stoecker.
+
+2008-03-18 Werner Koch <wk@g10code.com>
+
+ * sha1.c: Include stdint.h.
+ (transform): Add arg NBLOCKS so that we can work on more than one
+ block and avoid updates of the chaining variables. Changed all
+ callers to use 1.
+ (sha1_write): Replace loop around transform.
+ (transform_aligned) [WORDS_BIGENDIAN]: New.
+ (TRANSFORM): New macro to replace all direct calls of transform.
+
+2008-03-17 Werner Koch <wk@g10code.com>
+
+ * rijndael.c (_gcry_aes_cfb_dec): New.
+ (do_encrypt): Factor code out to ..
+ (do_encrypt_aligned): .. New.
+ (_gcry_aes_cfb_enc, _gcry_aes_cfb_dec): Use new function.
+ (do_decrypt): Factor code out to ..
+ (do_decrypt_aligned): .. new.
+ (_gcry_aes_cbc_enc, _gcry_aes_cbc_dec): New.
+ * cipher.c (struct gcry_cipher_handle): Put field IV into new
+ union U_IV to enforce proper alignment. Change all users.
+ (do_cfb_decrypt): Optimize.
+ (do_cbc_encrypt, do_cbc_decrypt): Optimize.
+
+2008-03-15 Werner Koch <wk@g10code.com>
+
+ * rijndael.c (_gcry_aes_cfb_enc): New.
+ * cipher.c (struct gcry_cipher_handle): Add field ALGO and BULK.
+ (gcry_cipher_open): Set ALGO and BULK.
+ (do_cfb_encrypt): Optimize.
+
+2008-02-18 Werner Koch <wk@g10code.com>
+
+ * rsa.c (_gcry_rsa_verify) [IS_DEVELOPMENT_VERSION]: Print
+ intermediate results.
+
+2008-01-08 Werner Koch <wk@g10code.com>
+
+ * random.c (add_randomness): Do not just increment
+ POOL_FILLED_COUNTER but update it by the actual amount of data.
+
+2007-12-13 Werner Koch <wk@g10code.com>
+
+ * pubkey.c (sexp_data_to_mpi): Support SHA-224.
+
+2007-12-05 Werner Koch <wk@g10code.com>
+
+ * rijndael.c (USE_PADLOCK): Depend on ENABLE_PADLOCK_SUPPORT.
+ * rndhw.c (USE_PADLOCK): Ditto
+
+ * rsa.c (secret): Fixed condition test for using CRT. Reported by
+ Dean Scarff. Fixes bug#864.
+ (_gcry_rsa_check_secret_key): Return an erro if the optional
+ parameters are missing.
+ * pubkey.c (sexp_elements_extract): Add arg ALGO_NAME. Changed all
+ callers to pass NULL. Add hack to allow for optional RSA
+ parameters.
+ (sexp_to_key): Pass algo name to sexp_elements_extract.
+
+2007-12-03 Werner Koch <wk@g10code.com>
+
+ * random.c (gcry_random_add_bytes): Implement it.
+ * rand-internal.h (RANDOM_ORIGIN_EXTERNAL): New.
+
+2007-11-30 Werner Koch <wk@g10code.com>
+
+ * rndhw.c: New.
+ * rndlinux.c (_gcry_rndlinux_gather_random): Try to read 50%
+ directly from the hwrng.
+ * random.c (do_fast_random_poll): Also run the hw rng fast poll.
+ (_gcry_random_dump_stats): Tell whether the hw rng failed.
+
+2007-11-29 Werner Koch <wk@g10code.com>
+
+ * rijndael.c (USE_PADLOCK): Define new macro used for ia32.
+ (RIJNDAEL_context) [USE_PADLOCK]: Add fields USE_PADLOCK and
+ PADLOCK_KEY.
+ (do_setkey) [USE_PADLOCK]: Enable padlock if available for 128 bit
+ AES.
+ (do_padlock) [USE_PADLOCK]: New.
+ (rijndael_encrypt, rijndael_decrypt) [USE_PADLOCK]: Divert to
+ do_padlock.
+ * cipher.c (cipher_context_alignment_t): New. Use it in this
+ module in place of PROPERLY_ALIGNED_TYPE.
+ (NEED_16BYTE_ALIGNED_CONTEXT): Define macro for ia32.
+ (struct gcry_cipher_handle): Add field HANDLE_OFFSET.
+ (gcry_cipher_open): Take care of increased alignment requirements.
+ (gcry_cipher_close): Ditto.
+
+2007-11-28 Werner Koch <wk@g10code.com>
+
+ * sha256.c (asn224): Fixed wrong template. It happened due to a
+ bug in RFC4880. SHA-224 is not in the stable version of libgcrypt
+ so the consequences are limited to users of this devel version.
+
+2007-10-31 Werner Koch <wk@g10code.com>
+
+ * ac.c (gcry_ac_data_new): Remove due to the visibility wrapper.
+ (gcry_ac_data_destroy, gcry_ac_data_copy, gcry_ac_data_length)
+ (gcry_ac_data_set, gcry_ac_data_get_name, gcry_ac_data_get_index)
+ (gcry_ac_data_to_sexp, gcry_ac_data_from_sexp)
+ (gcry_ac_data_clear, gcry_ac_io_init, gcry_ac_open)
+ (gcry_ac_close, gcry_ac_key_init, gcry_ac_key_pair_generate)
+ (gcry_ac_key_pair_extract, gcry_ac_key_destroy)
+ (gcry_ac_key_pair_destroy, gcry_ac_key_data_get)
+ (gcry_ac_key_test, gcry_ac_key_get_nbits, gcry_ac_key_get_grip)
+ (gcry_ac_data_encrypt, gcry_ac_data_decrypt, gcry_ac_data_sign)
+ (gcry_ac_data_verify, gcry_ac_data_encode, gcry_ac_data_decode)
+ (gcry_ac_mpi_to_os, gcry_ac_mpi_to_os_alloc, gcry_ac_os_to_mpi)
+ (gcry_ac_data_encrypt_scheme, gcry_ac_data_decrypt_scheme)
+ (gcry_ac_data_sign_scheme, gcry_ac_data_verify_scheme)
+ (gcry_ac_io_init_va): Ditto.
+ (gcry_ac_id_to_name, gcry_ac_name_to_id): Remove as these
+ deprecated functions are now implemented by visibility.c.
+
+2007-10-26 Werner Koch <wk@g10code.com>
+
+ * rndw32.c: Disable debug flag.
+
+2007-10-25 Werner Koch <wk@g10code.com>
+
+ * rndw32.c: Updated from current cryptlib snapshot and modified
+ for our use. Removed support from pre NT systems.
+ (slow_gatherer_windows95): Remove.
+ (_gcry_rndw32_gather_random): Require an NT platform.
+ (init_system_rng, read_system_rng, read_mbm_data): New.
+ (slow_gatherer_windowsNT): Rename to ...
+ (slow_gatherer): .. this. Read system RNG and MBM.
+ (registry_poll): New with code factored out from slow_gatherer.
+
+2007-08-23 Werner Koch <wk@g10code.com>
+
+ * random.c (pool_filled_counter): New.
+ (add_randomness): Use it.
+
+2007-08-22 Werner Koch <wk@g10code.com>
+
+ * rndw32.c, rndunix.c: Switched to LGPL.
+
+2007-05-30 Werner Koch <wk@g10code.com>
+
+ * camellia.h, camellia.c: Replace by new LGPL version and adjusted
+ camellia.h.
+
+2007-05-09 Marcus Brinkmann <marcus@g10code.de>
+
+ * ac.c (_gcry_ac_io_init_va, _gcry_ac_io_write, _gcry_ac_io_read):
+ Adjust users of gcry_ac_io_t because union is not anonymous
+ anymore.
+
+2007-05-02 Werner Koch <wk@g10code.com>
+
+ * camellia-glue.c (camellia_setkey, camellia_encrypt)
+ (camellia_decrypt): Recalculated used stack size in called
+ functions.
+ * camellia.h: Redefine external symbols.
+
+2007-05-02 David Shaw <dshaw@jabberwocky.com>
+
+ * Makefile.am, cipher.c: Add Camellia.
+
+ * camellia-glue.c: New. The necessary glue to interface libgcrypt
+ to the stock NTT Camellia distribution.
+
+ * camellia.h, camellia.c: The stock NTT Camellia distribution
+ (GPL).
+
+2007-04-30 David Shaw <dshaw@jabberwocky.com>
+
+ * cipher.c: Use #if instead of #ifdef as configure defines the
+ USE_cipher defines as 0 for disabled.
+
+2007-04-30 Werner Koch <wk@g10code.com>
+
+ * rndegd.c (_gcry_rndegd_set_socket_name): New.
+
+2007-04-30 Marcus Brinkmann <marcus@g10code.de>
+
+ * ecc.c (ec2os): Fix relocation of short numbers.
+
+ * ecc.c (generate_key): Do not allocate D, which will be allocated
+ by GEN_K. Remove G. Fix test if g_x, g_y resp. q_x, q_y are
+ requested.
+ (_gcry_ecc_generate): Release unneeded members of SK.
+ * pubkey.c (sexp_to_key): Release NAME.
+
+2007-04-28 Marcus Brinkmann <marcus@g10code.de>
+
+ * ac.c (gcry_ac_mpi): Remove member NAME_PROVIDED.
+ (ac_data_mpi_copy, _gcry_ac_data_set, _gcry_ac_data_get_name)
+ (_gcry_ac_data_get_index, ac_data_construct): Adjust handling of
+ NAME accordingly.
+
+2007-04-20 Werner Koch <wk@g10code.com>
+
+ * ecc.c (domain_parms): Add standard brainpool curves.
+
+2007-04-18 Werner Koch <wk@g10code.com>
+
+ * ecc.c (generate_curve): Implement alias mechanism.
+
+ * pubkey.c (sexp_elements_extract_ecc): New.
+ (sexp_to_key): Add special case for ecc.
+ (sexp_to_key, sexp_to_sig, sexp_to_enc, gcry_pk_genkey): Replace
+ name_terminated stuff by a call to _gcry_sexp_nth_string.
+ (gcry_pk_get_keygrip): Ditto.
+
+2007-04-16 Werner Koch <wk@g10code.com>
+
+ * ecc.c (_gcry_ecc_generate): Renamed DUMMY to CURVE and use it.
+
+2007-04-13 Marcus Brinkmann <marcus@g10code.de>
+
+ * ac.c (ac_data_construct): Cast const away to suppress compiler
+ warning.
+
+ * ecc.c (ecc_generate): Avoid compiler warning for unused argument
+ DUMMY.
+ (ecc_verify): Avoid compiler warning for unused arguments CMP and
+ OPAQUEV.
+
+2007-04-06 Werner Koch <wk@g10code.com>
+
+ * sha1.c (oid_spec_sha1): Add another oid from X9.62.
+
+2007-03-28 Werner Koch <wk@g10code.com>
+
+ * pubkey.c (gcry_pk_genkey): Do not issue misc-key-info if it is
+ empty.
+ (gcry_pk_genkey): New parameter "curve".
+
+ * ecc.c: Entirely rewritten with only a few traces of the old
+ code left.
+ (_gcry_ecc_generate): New.
+ (generate_key) New arg NAME.
+ (generate_curve): Ditto. Return actual number of NBITS.
+
+2007-03-26 Werner Koch <wk@g10code.com>
+
+ * pubkey.c (gcry_pk_genkey): Increase size of SKEY array and add a
+ runtime bounds check.
+
+2007-03-23 Werner Koch <wk@g10code.com>
+
+ * ecc.c (ecc_ctx_init, ecc_ctx_free, ecc_mod, ecc_mulm): New.
+ (duplicate_point, sum_points, escalar_mult): Don't use a
+ copy of base->p. Replaced all mpi_mulm by ecc_mulm so that we can
+ experiment with different algorithms.
+ (generate_key, check_secret_key, sign, verify): Initialize a
+ computation context for use by ecc_mulm.
+
+2007-03-22 Werner Koch <wk@g10code.com>
+
+ * pubkey.c (pubkey_table): Initialize ECC.
+ * Makefile.am (EXTRA_libcipher_la_SOURCES): Add ecc.c.
+ * ecc.c: New. Heavily reformatted and changed for use in libgcrypt.
+ (point_init): New.
+ (escalar_mult): Make arg R the first arg to be similar to the mpi
+ functions.
+ (duplicate_point): Ditto
+ (sum_points): Ditto
+ (sign, verify): Remove unneeded copy operations.
+ (sum_points): Removed memory leaks and optimized some compares.
+ (verify): Simplified input check.
+
+2007-03-14 Werner Koch <wk@g10code.com>
+
+ * random.c (MASK_LEVEL): Removed macro as it was used only at one
+ place. Open coded it there.
+ (gcry_randomize, _gcry_update_random_seed_file)
+ (_gcry_fast_random_poll): Factor lock code out to ..
+ (lock_pool, unlock_pool): .. new.
+ (initialize): Look the pool while allocating.
+ (read_random_source, do_fast_random_poll): Moved intialization to ...
+ (initialize): .. here.
+ (_gcry_enable_quick_random_gen): No more need for initialization.
+ (is_initialized): Moved this global flag to ..
+ (initialize): .. here and changed all users to unconditionally call
+ initialize.
+ (add_randomness): Remove initalization here. It simply can't
+ happen.
+
+ * random.c (enum random_origins): Moved to ..
+ * rand-internal.h: .. here.
+ * rndunix.c (_gcry_rndunix_gather_random): Use enum in prototype
+ for ORIGIN and renamed REQUESTOR to ORIGIN.
+ * rndegd.c (_gcry_rndegd_gather_random): Ditto.
+ * rndlinux.c (_gcry_rndlinux_gather_random): Ditto.
+ * rndw32.c (_gcry_rndw32_gather_random): Ditto.
+ (_gcry_rndw32_gather_random_fast): Ditto.
+
+2007-03-13 Werner Koch <wk@g10code.com>
+
+ * random.c (enum random_origins): New.
+ (add_randomness): Renamed arg SOURCE to ORIGIN.
+ (read_random_source): Renamed arg REQUESTOR to ORIGIN.
+ (getfnc_gather_random): Removed static variable because this
+ function is only called one and thus we don't need this
+ optimization.
+ (_gcry_quick_random_gen): Removed and replaced by..
+ (_gcry_enable_quick_random_gen): .. this. It is onlyu used to
+ enable it and it does not make sense to disable it later. Changed
+ the only one caller too.
+ (get_random_bytes): Removed.
+ (gcry_random_bytes, gcry_random_bytes_secure): Implement in terms
+ of gcry_randomize.
+ * random-daemon.c (_gcry_daemon_get_random_bytes): Removed.
+
+2007-02-23 Werner Koch <wk@g10code.com>
+
+ * elgamal.c (generate): Removed unused variable TEMP.
+ (test_keys): New arg NODIE.
+ (generate_using_x, _gcry_elg_generate_using_x): New.
+ * pubkey.c (pubkey_generate): New arg XVALUE and direct call to
+ the new elgamal generate fucntion.
+ (gcry_pk_genkey): Parse the new "xvalue" tag.
+
+2007-02-22 Werner Koch <wk@g10code.com>
+
+ * pubkey.c (sexp_data_to_mpi): Handle dynamically allocated
+ algorithms. Suggested by Neil Dunbar. Fixes bug#596.
+
+ * rndw32.c (_gcry_rndw32_gather_random_fast): Make it return void.
+
+ * cipher.c (gcry_cipher_algo_name): Simplified.
+
+ * random.c: Use the daemon only if compiled with USE_RANDOM_DAEMON.
+
+ * Makefile.am (libcipher_la_SOURCES): Build random-daemon support
+ only if requested.
+
+2007-02-21 Werner Koch <wk@g10code.com>
+
+ * random.c (rndpool, keypool): Make unsigned.
+ (mix_pool): Change char* variables to unsigned char*.
+ (gcry_randomize): Make arg BUFFER a void*.
+ (gcry_create_nonce): Ditto.
+
+ * rmd160.c (gcry_rmd160_mixblock): Make BUFFER a void*.
+ (_gcry_rmd160_hash_buffer): Make OUTBUF and BUFFER void*.
+ * sha1.c (_gcry_sha1_hash_buffer): Ditto.
+
+ * cipher.c (gcry_cipher_encrypt, cry_cipher_decrypt): Change
+ buffer args to void*.
+ (gcry_cipher_register): Make ALGORITHM_ID a int *.
+
+ * md.c (md_start_debug): Make SUFFIX a const char*. Use snprintf.
+ (gcry_md_debug): New.
+ (gcry_md_ctl): Changed arg BUFFER from unsigned char*.
+
+ * md.c (md_write): Make INBUF a const void*.
+ (gcry_md_write): Remove needless cast.
+ * crc.c (crc32_write): Make INBUF a const void*
+ (update_crc32, crc24rfc2440_write): Ditto.
+ * sha512.c (sha512_write, transform): Ditto.
+ * sha256.c (sha256_write, transform): Ditto.
+ * rmd160.c (rmd160_write, transform): Ditto.
+ * md5.c (md5_write, transform): Ditto.
+ * md4.c (md4_write, transform): Ditto.
+ * sha1.c (sha1_write, transform): Ditto.
+
+ * tiger.c (tiger_write, transform): Ditto.
+ * whirlpool.c (whirlpool_write, whirlpool_add, transform): Ditto.
+
+ * elgamal.c (elg_names): Change to a const*.
+ * dsa.c (dsa_names): Ditto.
+ * rsa.c (rsa_names): Ditto.
+ * pubkey.c (gcry_pk_lookup_func_name): Make ALIASES a const.
+
+2007-02-20 Werner Koch <wk@g10code.com>
+
+ * rndlinux.c (open_device): Remove unsused arg MINOR.
+
+2007-01-30 Werner Koch <wk@g10code.com>
+
+ * sha256.c (oid_spec_sha256): Add alias from pkcs#1.
+ * sha512.c (oid_spec_sha512): Ditto.
+ (oid_spec_sha384): Ditto.
+
+2006-12-18 Werner Koch <wk@g10code.com>
+
+ * rndlinux.c (set_cloexec_flag): New.
+ (open_device): Set close-on-exit flags. Suggested by Max
+ Kellermann. Fixes Debian#403613.
+
+ * Makefile.am (AM_CPPFLAGS, AM_CFLAGS): Splitted and merged
+ Moritz' changes.
+ (INCLUDES): Removed.
+
+2006-11-30 Werner Koch <wk@g10code.com>
+
+ * serpent.c (byte_swap_32): Remove trailing semicolon.
+
+2006-11-15 Werner Koch <wk@g10code.com>
+
+ * Makefile.am (INCLUDES): Include ../src/
+
+2006-11-03 Werner Koch <wk@g10code.com>
+
+ * random.c [HAVE_GETTIMEOFDAY]: Included sys/time.h and not
+ sys/times.h. Reported by Rafaël Carré.
+
+2006-11-05 Moritz Schulte <moritz@g10code.com>
+
+ * Makefile.am (AM_CFLAGS): Added -I$(top_builddir)/src so that the
+ new gcrypt.h is used, not the one installed in the system.
+
+2006-10-25 Werner Koch <wk@g10code.com>
+
+ * primegen.c (prime_generate_internal): Tweaked use of secure
+ memory and entropy use. Safe unused primes from the pool. Allocate
+ at least a pool of 30.
+ (save_pool_prime, get_pool_prime): New.
+
+2006-10-23 Werner Koch <wk@g10code.com>
+
+ * ac.c (_gcry_ac_data_from_sexp): Reset sexp_tmp for failsafe
+ means. Release sexp_cur if needed. Reported by Dirk Stoecker.
+
+ * pubkey.c (pubkeys_registered_lock): Intialized it. It is not
+ realy needed because this is a mere initialization to 0 anyway.
+ Noted by Victor Stinner.
+
+2006-10-17 Werner Koch <wk@g10code.com>
+
+ * dsa.c (_gcry_dsa_generate2): New.
+ (generate): New arg QBITS. Add sanity checks for reasonable qbits
+ and nbits.
+ * pubkey.c (gcry_pk_genkey): Parse an qbits element.
+ (pubkey_generate): New arg QBITS. Pass it to the DSA generation.
+
+2006-10-05 Werner Koch <wk@g10code.com>
+
+ * md.c (gcry_md_algo_info) <get_asnoid>: Check that the algo is
+ available.
+
+2006-10-04 David Shaw <dshaw@jabberwocky.com> (wk)
+
+ * tiger.c (round): Rename to tiger_round as gcc 4 has a built-in
+ round function that this conflicts with.
+
+2006-09-11 Werner Koch <wk@g10code.com>
+
+ * rndw32.c (slow_gatherer_windowsNT): While adding data use the
+ size of the diskPerformance and not its address. Has been fixed in
+ GnuPG more than a year ago. Noted by Lee Fisher.
+
+2006-08-30 Werner Koch <wk@g10code.com>
+
+ * pubkey.c (sexp_data_to_mpi): Need to allow "ripemd160" here as
+ this is the canonical name.
+
+2006-08-29 Hye-Shik Chang <perky@FreeBSD.org> (wk)
+
+ * seed.c: New.
+
+2006-08-03 Werner Koch <wk@g10code.com>
+
+ * random-daemon.c (_gcry_daemon_initialize_basics): Don't
+ initialize the socket. Remove arg SOCKETNAME.
+ (connect_to_socket): Make sure that daemon is set to -1 on error.
+ (call_daemon): Initialize the socket on the first call.
+ (_gcry_daemon_randomize, _gcry_daemon_get_random_bytes)
+ (_gcry_daemon_create_nonce): New arg SOCKETNAME.
+ * random.c (initialize): Call new daemon initializator.
+ (get_random_bytes, gcry_randomize, gcry_create_nonce): Pass socket
+ name to daemon call and reset allow_daemon on failure.
+
+2006-07-26 Werner Koch <wk@g10code.com>
+
+ * rmd160.c (_gcry_rmd160_mixblock): Add cast to transform call.
+
+ * blowfish.c (selftest): Cast string to usnigned char*.
+
+ * primegen.c (prime_generate_internal): Cast unsigned/char*
+ mismatch in calling m_out_of_n.
+ (is_prime): Changed COUNT to unsigned int *.
+
+ * ac.c (_gcry_ac_data_copy): Initialize DATA_MPIS.
+
+ * random.c (gcry_create_nonce): Update the pid after a fork.
+ Reported by Uoti Urpala.
+
+2006-07-04 Marcus Brinkmann <marcus@g10code.de>
+
+ * sha512.c: Fix typo in copyright notice.
+
+2006-06-21 Werner Koch <wk@g10code.com>
+
+ * rsa.c (_gcry_rsa_generate): Replace xcalloc by calloc.
+ * pubkey.c (gcry_pk_encrypt, gcry_pk_sign): Ditto.
+ (sexp_to_key, sexp_to_sig, sexp_to_enc, gcry_pk_encrypt)
+ (gcry_pk_sign, gcry_pk_genkey, gcry_pk_get_keygrip): Ditto.
+ * md.c (md_copy): Ditto.
+
+2006-04-22 Moritz Schulte <moritz@g10code.com>
+
+ * random-daemon.c (_gcry_daemon_initialize_basics): New argument:
+ SOCKETNAME. Passing on to connect_to_socket() if non-NULL.
+ (connect_to_socket, writen, readn, call_daemon): New functions.
+ (_gcry_daemon_randomize, _gcry_daemon_get_random_bytes)
+ (_gcry_daemon_create_nonce): Call call_daemon().
+ (RANDOM_DAEMON_SOCKET): New symbol.
+ (daemon_socket): New static variable.
+
+ * random.h (_gcry_daemon_initialize_basics): New parameter:
+ SOCKETNAME.
+ (_gcry_set_random_daemon_socket): New declaration.
+
+ * random.c (initialize_basics): Pass DAEMON_SOCKET_NAME to
+ _gcry_daemon_initialize_basics.
+ (_gcry_set_random_daemon_socket): New function, setting
+ DAEMON_SOCKET_NAME.
+
+2006-04-01 Moritz Schulte <moritz@g10code.com>
+
+ * ac.c (eme_pkcs_v1_5_encode): Use KEY_SIZE directly, no need to
+ call gcry_ac_key_get_nbits.
+ (eme_pkcs_v1_5_decode): Likewise.
+ (ac_es_dencode_prepare_pkcs_v1_5): Fill options_em structure with
+ key_size.
+ (_gcry_ac_data_dump, gcry_ac_data_dump): New functions.
+ (_gcry_ac_data_to_sexp, _gcry_ac_data_from_sexp): More or less
+ rewritten; changed S-Expression format so that it matches the one
+ used in pubkey.c.
+
+2006-03-15 Werner Koch <wk@g10code.com>
+
+ * random-daemon.c: New.
+ * random.c (_gcry_use_random_daemon): New.
+ (get_random_bytes, gcry_randomize, gcry_create_nonce): Try
+ diverting to the daemon functions.
+
+2006-03-14 Werner Koch <wk@g10code.com>
+
+ * random.c (lock_seed_file): New.
+ (read_seed_file, _gcry_update_random_seed_file): Use it.
+
+ * random.c (gcry_create_nonce): Detect a fork and re-seed.
+ (read_pool): Fixed the fork detection; it used to work only for
+ multi-threaded processes.
+
+2006-03-12 Brad Hards <bradh@frogmouth.net> (wk)
+
+ * md.c (md_open): Use new variable macpads_Bsize instead of
+ hardwiring the block size. Changed at all places.
+
+2006-03-10 Brad Hards <bradh@frogmouth.net> (wk, patch 2005-04-22)
+
+ * md.c, sha256.c: Add support for SHA-224.
+ (sha224_init): New.
+
+2006-01-18 Brad Hards <bradh@frogmouth.net> (wk 2006-03-07)
+
+ * cipher.c (cipher_encrypt, cipher_decrypt, do_ofb_encrypt)
+ (do_ofb_decrypt, gcry_cipher_open): Implement Output Feedback Mode.
+
+2005-11-02 Moritz Schulte <moritz@g10code.com>
+
+ * pubkey.c (gcry_pk_algo_name): Return "?" instead of NULL for
+ unknown algorithm IDs.
+ * cipher.c (cipher_algo_to_string): Likewise.
+
+2005-11-01 Moritz Schulte <moritz@g10code.com>
+
+ * pubkey.c (gcry_pk_algo_info): Don't forget to break after switch
+ case.
+
+2005-09-19 Werner Koch <wk@g10code.com>
+
+ * dsa.c (generate): Add preliminary support for 2 and 4 keys.
+ Return an error code if the key size is not supported.
+ (_gcry_dsa_generate): Return an error.
+
+2005-08-22 Werner Koch <wk@g10code.com>
+
+ * primegen.c (check_prime): New arg RM_ROUNDS.
+ (prime_generate_internal): Call it here with 5 rounds as used
+ before.
+ (gcry_prime_check): But here with 64 rounds.
+ (is_prime): Make sure never to use less than 5 rounds.
+
+2005-04-16 Moritz Schulte <moritz@g10code.com>
+
+ * ac.c (_gcry_ac_init): New function.
+
+2005-04-12 Moritz Schulte <moritz@g10code.com>
+
+ * ac.c (_gcry_ac_io_write, _gcry_ac_io_read): Initialize err to
+ make the compiler happy.
+ Always use errno, now that gcry_malloc() is guaranteed to set
+ errno on failure.
+ (_gcry_ac_data_to_sexp): Don't forget to goto out after error in
+ loop.
+ (_gcry_ac_data_to_sexp): Remove unused variable: mpi_list;
+ (_gcry_ac_data_to_sexp): Always deallocate sexp_buffer.
+ (_gcry_ac_data_from_sexp): Don't forget to initialize data_set_new.
+ (_gcry_ac_data_from_sexp): Handle special case, which is
+ necessary, since gcry_sexp_nth() does not distinguish between
+ "element does not exist" and "element is the empty list".
+ (_gcry_ac_io_init_va): Use assert to make sure that mode and type
+ are correct.
+ Use gcry_error_t types where gcry_err_code_t types have been used
+ before.
+
+2005-04-11 Moritz Schulte <moritz@g10code.com>
+
+ * ac.c (_gcry_ac_data_sign_scheme): Don't forget to initialize
+ buffer.
+
+ * whirlpool.c: New file.
+ * md.c (digest_table): Add whirlpool.
+ * Makefile.am (EXTRA_libcipher_la_SOURCES): Added: whirlpool.c.
+
+2005-03-30 Moritz Schulte <moritz@g10code.com>
+
+ * ac.c (_gcry_ac_data_from_sexp): Use length of SEXP_CUR, not
+ length of SEXP; do not forget to set SEXP_TMP to NULL after it has
+ been released.
+
+ (struct gcry_ac_mpi): New member: name_provided.
+ (_gcry_ac_data_set): Rename variable `name_final' to `name_cp';
+ remove const qualifier; change code to not cast away const
+ qualifiers; use name_provided member as well.
+ (_gcry_ac_data_set, _gcry_ac_data_get_name): Use name_provided
+ member of named mpi structure.
+
+ (gcry_ac_name_to_id): Do not forget to initialize err.
+ (_gcry_ac_data_get_index): Do not forget to initialize mpi_return;
+ use gcry_free() instead of free(); remove unnecessary cast; rename
+ mpi_return and name_return to mpi_cp and name_cp; adjust code.
+ (ac_data_mpi_copy): Do not cast away const qualifier.
+ (ac_data_values_destroy): Likewise.
+ (ac_data_construct): Likewise.
+
+ (ac_data_mpi_copy): Initialize flags to GCRY_AC_FLAG_DEALLOC.
+ (ac_data_extract): Use GCRY_AC_FLAG_DEALLOC instead of
+ GCRY_AC_FLAG_COPY.
+
+ (_gcry_ac_io_init_va, _gcry_ac_io_init, gcry_ac_io_init)
+ (gcry_ac_io_init_va, _gcry_ac_io_write, _gcry_ac_io_read)
+ (_gcry_ac_io_read_all, _gcry_ac_io_process): New functions.
+ (gry_ac_em_dencode_t): Use gcry_ac_io_t in prototype instead of
+ memroy strings directly; adjust encode/decode functions to use io
+ objects.
+ (emsa_pkcs_v1_5_encode_data_cb): New function ...
+ (emsa_pkcs_v1_5_encode): ... use it here.
+ (ac_data_dencode): Use io objects.
+ (_gcry_ac_data_encode, _gcry_ac_data_decode, gcry_ac_data_encode)
+ (gcry_ac_data_decode): Likewise.
+ (_gcry_ac_data_encrypt_scheme, gcry_ac_data_encrypt_scheme)
+ (_gcry_ac_data_decrypt_scheme, gcry_ac_data_decrypt_scheme)
+ (_gcry_ac_data_sign_scheme, gcry_ac_data_sign_scheme)
+ (_gcry_ac_data_verify_scheme, gcry_ac_data_verify_scheme):
+ Likewise.
+
+2005-03-23 Werner Koch <wk@g10code.com>
+
+ * rndw32.c (_gcry_rndw32_gather_random_fast): While adding data
+ use the size of the object and not the one of its address. Bug
+ reported by Sascha Kiefer.
+
+2005-03-19 Moritz Schulte <moritz@g10code.com>
+
+ * cipher.c (do_cbc_encrypt): Be careful to not overwrite data,
+ which is to be used later on. This happend, in case CTS is
+ enabled and OUTBUF is equal to INBUF.
+
+2005-02-25 Werner Koch <wk@g10code.com>
+
+ * pubkey.c (gcry_pk_get_keygrip): Allow for shadowed-private-key.
+
+2005-02-13 Moritz Schulte <moritz@g10code.com>
+
+ * serpent.c: Updated from 1.2 branch:
+
+ s/u32_t/u32/ and s/byte_t/byte/. Too match what we have always
+ used and are using in all other files too
+ (serpent_test): Moved prototype out of a fucntion.
+
+2005-02-07 Moritz Schulte <moritz@g10code.com>
+
+ * ac.c: Major parts rewritten.
+ * pubkey.c (_gcry_pk_get_elements): New function.
+
+2004-12-09 Werner Koch <wk@g10code.com>
+
+ * serpent.c (serpent_setkey): Moved prototype of serpent_test to
+ outer scope.
+
+2004-09-11 Moritz Schulte <moritz@g10code.com>
+
+ * pubkey.c (pubkey_table): Added an alias entry for GCRY_PK_ELG_E.
+
+2004-08-23 Moritz Schulte <moritz@g10code.com>
+
+ * ac.c: Do not include <assert.h>.
+ * rndegd.c: Likewise.
+ * sha1.c: Likewise.
+ * rndunix.c: Likewise.
+ * rndlinux.c: Likewise.
+ * rmd160.c: Likewise.
+ * md5.c: Likewise.
+ * md4.c: Likewise.
+ * cipher.c: Likewise.
+ * crc.c: Likewise.
+ * blowfish.c: Likewise.
+
+ * pubkey.c (dummy_generate, dummy_check_secret_key)
+ (dummy_encrypt, dummy_decrypt, dummy_sign, dummy_verify): Return
+ err code GPG_ERR_NOT_IMPLEMENTED instead of aborting through
+ log_bug().
+ (dummy_get_nbits): Return 0 instead of aborting though log_bug().
+
+2004-08-19 Werner Koch <wk@g10code.de>
+
+ * pubkey.c (sexp_data_to_mpi): Changed the zero random byte
+ substituting code to actually do clever things. Thanks to
+ Matthias Urlichs for noting the implementation problem.
+
+2004-08-09 Moritz Schulte <moritz@g10code.com>
+
+ * pubkey.c (gcry_pk_sign): Fixed memory leak; fix provided by
+ Modestas Vainius.
+
+2004-07-16 Werner Koch <wk@gnupg.org>
+
+ * rijndael.c (do_encrypt): Fix alignment problem. Bugs found by
+ Matthias Urlichs.
+ (do_decrypt): Ditto.
+ (keySched, keySched2): Use 2 macros along with unions in the key
+ schedule context.
+
+2004-07-14 Moritz Schulte <moritz@g10code.com>
+
+ * rsa.c (_gcry_rsa_decrypt): Don't forget to free "a". Thanks to
+ Nikos Mavroyanopoulos.
+
+2004-05-09 Werner Koch <wk@gnupg.org>
+
+ * random.c (read_pool): Mix the PID in to better protect after a
+ fork.
+
+2004-07-04 Moritz Schulte <moritz@g10code.com>
+
+ * serpent.c: Use "u32_t" instead of "unsigned long", do not
+ declare S-Box variables as "register". Fixes failure on
+ OpenBSD/sparc64, reported by Nikolay Sturm.
+
+2004-05-07 Werner Koch <wk@gnupg.org>
+
+ * random.c (initialize): Factored out some code to ..
+ (initialize_basics): .. new function.
+ (_gcry_random_initialize): Just call initialize_basics unless the
+ new arg FULL is set to TRUE.
+ (_gcry_fast_random_poll): Don't do anything unless the random
+ system has been really initialized.
+
+2004-05-07 Moritz Schulte <moritz@g10code.de>
+
+ * ac.c (gcry_ac_open): Do not dereference NULL pointer. Reported
+ by Umberto Salsi.
+
+2004-02-20 Werner Koch <wk@gnupg.org>
+
+ * primegen.c (check_prime): New args CB_FUNC and CB_ARG; call them
+ at different stages. Pass these arguments through all callers.
+
+2004-02-06 Werner Koch <wk@gnupg.org>
+
+ * des.c: Add a new OID as used by pkcs#12.
+
+ * rfc2268.c: New. Taken from libgcrypt.
+ * cipher.c: Setup the rfc2268 algorithm.
+
+2004-01-25 Moritz Schulte <mo@g10code.com>
+
+ * primegen.c (prime_generate_internal): Do not forget to free
+ `q_factor'; fixed by Brieuc Jeunhomme.
+ (prime_generate_internal): Do not forget to free `prime'.
+
+2004-01-14 Moritz Schulte <mo@g10code.com>
+
+ * ac.c (gcry_ac_data_set): New argument: flags; slightly
+ rewritten.
+ (gcry_ac_data_get_name, gcry_ac_data_get_index): Likewise.
+ (gcry_ac_key_pair_generate): New argument: misc_data; modified
+ order of arguments.
+ (gcry_ac_key_test): New argument: handle.
+ (gcry_ac_key_get_nbits, gcry_ac_key_get_grip): Likewise.
+ Use GCRY_AC_FLAG_NO_BLINDING instead of
+ GCRY_AC_DATA_FLAG_NO_BLINDING.
+ (gcry_ac_mpi): New member: flags.
+ (gcry_ac_data_search, gcry_ac_data_add): Removed functions.
+
+2003-12-22 Werner Koch <wk@gnupg.org>
+
+ * primegen.c (is_prime): Release A2.
+
+2003-12-19 Werner Koch <wk@gnupg.org>
+
+ * md.c: Moved a couple of functions down below the data structure
+ definitions.
+ (struct gcry_md_context): New field ACTUAL_HANDLE_SIZE.
+ (md_open): Set it here.
+ (strcut gcry_md_list): New field ACTUAL_STRUCT_SIZE.
+ (md_enable): Set it here.
+ (md_close): Wipe the context memory.
+ secure memory.
+ * cipher.c (struct gcry_cipher_handle): New field ACTUAL_HANDLE_SIZE.
+ (gcry_cipher_open): Set it here.
+ (gcry_cipher_close): Use it to always wipe out the handle data.
+
+ * ac.c (gcry_ac_open): Make sure HANDLE gets initialized even when
+ the function is not successful.
+ (gcry_ac_close): Allow a NULL handle.
+ (gcry_ac_key_destroy, gcry_ac_key_pair_destroy): Ditto.
+ (gcry_ac_key_get_grip): Return INV_OBJ on error.
+
+ * primegen.c (prime_generate_internal): Fixed error code for
+ failed malloc. Replaced the !err if chain by gotos.
+ (gcry_prime_group_generator): Remove the extra sanity check.
+
+ * md.c: Minor code and comment cleanups.
+
+2003-12-16 Werner Koch <wk@gnupg.org>
+
+ * primegen.c (gen_prime): Doc fix. Thanks to Newton Hammet.
+
+2003-12-11 Werner Koch <wk@gnupg.org>
+
+ * rndunix.c (slow_poll): Don't use #warning but #error.
+
+ * rndegd.c: Changed indentation.
+ (my_make_filename): Removd the var_arg cruft becuase we
+ don't need it here. Changed caller.
+
+ * rndlinux.c: Changed indentation.
+ (open_device): Remove the superfluous stat call and clarify
+ comment.
+
+ * rsa.c: Changed indentation.
+ (secret): Use the standard algorithm if p, q and u are not
+ available.
+ (rsa_blind, rsa_unblind): Renamed from _gcry_rsa_blind,
+ _gcry_rsa_unblind and moved more to the top.
+
+ * md4.c: Changed indentation. Removed unnecessary casts.
+ * md5.c, rmd160.c, sha1.c, tiger.c: Ditto.
+ * rijndael.c, twofish.c: Ditto.
+ * serpent.c: Removed unnecessary casts.
+ * sha256.c, sha512.c: Ditto.
+
+2003-12-09 Werner Koch <wk@gnupg.org>
+
+ * dsa.c: Unified indentation style.
+ * elgamal.c: Ditto.
+ * des.c (des_key_schedule): Code beautifications.
+ * blowfish.c: Changed indentation style.
+ * cast5.c (do_cast_setkey): Ditto.
+
+ * pubkey.c (gcry_pk_encrypt): Replaced the chain of if(!err) tests
+ by straightforward gotos. Other cleanups.
+ (gcry_pk_decrypt): Ditto.
+ (gcry_pk_sign): Ditto.
+ (gcry_pk_verify): Ditto.
+ (gcry_pk_genkey): Ditto. Use strtoul instead of strtol.
+ (gcry_pk_ctl): Use GPG_ERR_INV_ARG to indicate bad arguments.
+
+2003-12-07 Werner Koch <wk@gnupg.org>
+
+ * pubkey.c (gcry_pk_register_default): Undef the helper macro.
+ (gcry_pk_map_name): Allow NULL for string.
+ (sexp_to_key): Use memcpy and not strncpy. Use gcry_free and not
+ free.
+ (sexp_to_sig): Ditto.
+ (sexp_to_enc): Ditto. Replaced the chain of if(!err) tests by
+ straightforward gotos.
+
+2003-12-05 Werner Koch <wk@gnupg.org>
+
+ * cipher.c: Documentation cleanups.
+ (gcry_cipher_mode_from_oid): Allow NULL for STRING.
+
+2003-12-03 Werner Koch <wk@gnupg.org>
+
+ * elgamal.c (sign, do_encrypt, gen_k): Make sure that a small K is
+ only used for encryption.
+
+2003-11-18 Werner Koch <wk@gnupg.org>
+
+ * random.h (rndw32_set_dll_name): Removed unused prototype.
+
+ * Makefile.am (EXTRA_DIST): Added Manifest.
+
+2003-11-11 Werner Koch <wk@gnupg.org>
+
+ * Manifest: New.
+
+2003-11-04 Werner Koch <wk@gnupg.org>
+
+ * md.c (gcry_md_hash_buffer): Use shortcut for SHA1
+ * sha1.c (_gcry_sha1_hash_buffer): New.
+
+ * random.c: Reformatted most functions.
+ (mix_pool): Moved the failsafe_digest from global
+ scope to here.
+ (do_fast_random_poll): Use the generic fucntions even if a fast
+ gathering function has been used.
+ (read_pool): Detect a fork and retry.
+ (gcry_randomize, get_random_bytes): Don't distinguish anymore
+ between weak and strong random.
+ (gcry_create_nonce): New.
+
+2003-10-31 Werner Koch <wk@gnupg.org>
+
+ * rndw32.c (slow_gatherer_windowsNT): Use a plain buffer for the
+ disk performance values and not the W32 API structure.
+
+ * dsa.c (verify): s/exp/ex/ due to shadowing of a builtin.
+ * elgamal.c (verify): Ditto.
+
+ * ac.c (gcry_ac_data_get_index): s/index/idx/
+ (gcry_ac_data_copy_internal): Remove the cast in _gcry_malloc.
+ (gcry_ac_data_add): Must use gcry_realloc instead of realloc.
+ * pubkey.c (sexp_elements_extract): s/index/idx/ as tribute to the
+ forehackers.
+ (gcry_pk_encrypt): Removed shadowed definition of I. Reordered
+ arguments to malloc for clarity.
+ (gcry_pk_sign, gcry_pk_genkey): Ditto.
+ * primegen.c (prime_generate_internal): s/random/randomlevel/.
+
+2003-10-27 Moritz Schulte <mo@g10code.com>
+
+ * pubkey.c (gcry_pk_encrypt): Don't forget to deallocate pkey.
+
+2003-10-27 Werner Koch <wk@gnupg.org>
+
+ * random.c (gcry_random_add_bytes): Return if buflen is zero to
+ avoid gcc warning about unsed parameter.
+ (MASK_LEVEL): Simplified; does now work for signed and unsigned
+ w/o warnings.
+
+ * md.c (md_start_debug): Removed the const from SUFFIX, because
+ this function is called from the control fucntion which does not
+ require const.
+
+ Prefixed all (pubkey,digest,cipher}_spec_* globale variables with
+ _gcry_.
+
+ * ac.c (ac_key_identifiers): Made static.
+
+ * random.c (getfnc_gather_random,getfnc_fast_random_poll): Move
+ prototypes to ..
+ * rand-internal.h: .. here
+ * random.c (getfnc_gather_random): Include rndw32 gatherer.
+ * rndunix.c, rndw32.c, rndegd.c: Include them here.
+ * rndlinux.c (_gcry_rndlinux_gather_random): Prepend the _gcry_
+ prefix. Changed all callers.
+ * rndegd.c (_gcry_rndegd_gather_random): Likewise.
+ (_gcry_rndegd_connect_socket): Likewise.
+ * rndunix.c (_gcry_rndunix_gather_random): Likewise.
+ (waitpid): Made static.
+ * rndw32.c: Removed the old and unused winseed.dll cruft.
+ (_gcry_rndw32_gather_random_fast): Renamed from
+ gather_random_fast.
+ (_gcry_rndw32_gather_random): Renamed from gather_random. Note,
+ that the changes 2003-04-08 somehow got lost.
+
+ * sha512.c (sha512_init, sha384_init): Made static.
+
+ * cipher.c (do_ctr_decrypt): Removed "return" from this void
+ function.
+
+2003-10-24 Moritz Schulte <mo@g10code.com>
+
+ * serpent.c: Fix an issue on big-endian systems.
+
+ * rndw32.c: Removed IS_MODULE -cruft.
+ * rndlinux.c (rndlinux_gather_random): Likewise.
+
+2003-10-10 Werner Koch <wk@gnupg.org>
+
+ * primegen.c (gen_prime): Bail out if NBITS is less than 16.
+ (prime_generate_internal): Initialize prime variable to suppress
+ compiler warning. Check pbits, initialize qbits when passed as
+ zero.
+
+ * primegen.c (prime_generate_internal): New arg
+ ALL_FACTORS. Changed all callers.
+ (gcry_prime_generate): Make the factors arg optional. Request
+ all_factors. Make sure PRIME is set to NULL even on error.
+ (gcry_prime_group_generator): New.
+ (gcry_prime_release_factors): New.
+
+2003-10-06 Werner Koch <wk@gnupg.org>
+
+ * primegen.c (gen_prime): Assert that NBITS is never zero, it
+ would cause a segv.
+
+2003-09-28 Moritz Schulte <mo@g10code.com>
+
+ * ac.c: Include "cipher.h".
+
+2003-09-27 Moritz Schulte <mo@g10code.com>
+
+ * rndegd.c (do_read): Return nread instead of nbytes; thanks to
+ Michael Caerwyn.
+
+2003-09-04 Werner Koch <wk@gnupg.org>
+
+ * pubkey.c (_gcry_pk_aliased_algo_name): New.
+ * ac.c (gcry_ac_open): Use it here.
+
+ * Makefile.am (EXTRA_libcipher_la_SOURCES): Add serpent.c
+
+2003-09-02 Moritz Schulte <mo@g10code.com>
+
+ * primegen.c (gcry_prime_check, gcry_prime_generate): New
+ functions.
+ (prime_generate_internal): New function, based on
+ _gcry_generate_elg_prime.
+ (_gcry_generate_elg_prime): Rewritten as a wrapper for
+ prime_generate_internal.
+
+2003-08-28 Werner Koch <wk@gnupg.org>
+
+ * pubkey.c (gcry_pk_encrypt): Don't include the flags list in the
+ return value. This does not make sense and breaks any programs
+ parsing the output strictly (e.g. current gpgsm).
+ (gcry_pk_encrypt): If aliases for the algorithm name exists, take
+ the first one instead of the regular name to adhere to SPKI
+ conventions.
+ (gcry_pk_genkey): Ditto.
+ (gcry_pk_sign): Ditto. Removed unused KEY_ALGO_NAME.
+
+2003-08-19 Moritz Schulte <mo@g10code.com>
+
+ * cipher.c: Add support for Serpent
+ * serpent.c: New file.
+
+2003-08-10 Moritz Schulte <moritz@g10code.com>
+
+ * rsa.c (_gcry_rsa_blind, _gcry_rsa_unblind): Declare static.
+
+2003-08-09 Timo Schulz <twoaday@freakmail.de>
+
+ * random.c (getfnc_gather_random): Don't check NAME_OF_DEV_RANDOM
+ two times, but also the NAME_OF_DEV_URANDOM device.
+
+2003-08-08 Moritz Schulte <moritz@g10code.com>
+
+ * pubkey.c (sexp_to_enc): Fixed extraction of S-Expression: do not
+ fail if no `flags' sub S-Expression is found.
+
+2003-07-27 Werner Koch <wk@gnupg.org>
+
+ * md.c (gcry_md_lookup_func_oid): Allow for empty OID lists.
+
+2003-07-23 Moritz Schulte <moritz@g10code.com>
+
+ * ac.c (gcry_ac_data_construct): New argument: include_flags, only
+ include `flags' S-expression, if include_flags is true. Adjust
+ callers. Thanks for triggering a bug caused by `flags'
+ sub-S-expression where they are not expected to Ralf Schneider.
+
+2003-07-21 Moritz Schulte <moritz@g10code.com>
+
+ * pubkey.c (gcry_pk_lookup_func_name): Use new member name
+ `aliases' instead of `sexp_names'.
+
+ * ac.c (gcry_ac_key_data_get): New function.
+
+ * cipher.c (gcry_cipher_lookup_func_name): Fix return value.
+
+2003-07-20 Moritz Schulte <moritz@g10code.com>
+
+ * blowfish.c: Adjusted for new gcry_cipher_spec_t structure.
+ * cast5.c: Likewise.
+ * twofish.c: Likewise.
+ * arcfour.c: Likewise.
+ * rijndael.c (rijndael_oids, rijndael192_oids, rijndael256_oids):
+ New variables, adjust for new gcry_cipher_spec_t structure.
+ * des.c (oids_tripledes): New variable, adjust for new
+ gcry_cipher_spec_t structure.
+
+ * md.c (oid_table): Removed.
+
+ * tiger.c (oid_spec_tiger): New variable.
+ (digest_spec_tiger): Adjusted for new gry_md_spec_t structure.
+
+ * sha512.c (oid_spec_sha512): New variable.
+ (digest_spec_sha512): Adjusted for new gry_md_spec_t structure.
+
+ * sha512.c (oid_spec_sha384): New variable.
+ (digest_spec_sha384): Adjusted for new gry_md_spec_t structure.
+
+ * sha256.c (oid_spec_sha256): New variable.
+ (digest_spec_sha256): Adjusted for new gry_md_spec_t structure.
+
+ * sha1.c (oid_spec_sha1): New variable.
+ (digest_spec_sha1): Adjusted for new gry_md_spec_t structure.
+
+ * rmd160.c (oid_spec_rmd160): New variable.
+ (digest_spec_rnd160): Adjusted for new gry_md_spec_t structure.
+
+ * md5.c (oid_spec_md5): New variable.
+ (digest_spec_md5): Adjusted for new gry_md_spec_t structure.
+
+ * md4.c (oid_spec_md4): New variable.
+ (digest_spec_md4): Adjusted for new gry_md_spec_t structure.
+
+ * crc.c (digest_spec_crc32, digest_spec_crc32_rfc1510,
+ digest_spec_crc32_rfc2440): Adjusted for new gry_md_spec_t
+ structure.
+
+2003-07-19 Moritz Schulte <moritz@g10code.com>
+
+ * md.c (gcry_md_lookup_func_oid): New function.
+ (search_oid): New function, copied from cipher.c.
+ (gcry_md_map_name): Adjust for new search_oid_interface.
+
+ * cipher.c (oid_table): Removed table.
+ (gcry_cipher_lookup_func_oid): New function.
+ (search_oid): Rewritten to use the module functions.
+ (gcry_cipher_map_name): Adjust for new search_oid interface.
+ (gcry_cipher_mode_from_oid): Likewise.
+
+2003-07-18 Werner Koch <wk@gnupg.org>
+
+ * md.c (gcry_md_hash_buffer): Convert ERR to gpg_error_t in
+ gpg_strerror.
+
+2003-07-14 Moritz Schulte <moritz@g10code.com>
+
+ * cipher.c (gcry_cipher_lookup_func_name): Also check the cipher
+ name aliases, not just the primary name.
+ (gcry_cipher_map_name): Remove kludge for aliasing Rijndael to
+ AES.
+
+ * arcfour.c, blowfish.c, cast5.c, des.c, twofish.c: Adjust cipher
+ specification structures.
+
+ * rijndael.c (rijndael_names, rijndael192_names,
+ rijndael256_names): New variables, use them in the cipher
+ specifications.
+
+ * rmd160test.c: Removed file.
+
+ * ac.c, arcfour.c, blowfish.c, cast5.c, cipher.c, des.c, dsa.c,
+ elgamal.c, md.c, pubkey.c, random.c, rijndael.c, rsa.c, twofish.c:
+ Used gcry_err* wrappers for libgpg symbols.
+
+ * primegen.c (gen_prime): Correct the order arguments to
+ extra_check.
+
+2003-07-12 Moritz Schulte <moritz@g10code.com>
+
+ * ac.c: Replaced all public occurences of gpg_error_t with
+ gcry_error_t.
+ * cipher.c: Likewise.
+ * md.c: Likewise.
+ * pubkey.c: Likewise.
+ * random.c: Likewise.
+
+ * cipher.c: Added support for TWOFISH128.
+
+2003-07-08 Moritz Schulte <moritz@g10code.com>
+
+ * ac.c (gcry_ac_data_copy_internal): New function, based on
+ gcry_ac_data_copy.
+ (gcry_ac_data_copy): Made public, use gcry_ac_data_copy_internal.
+ (gcry_ac_key_init): Use gcry_ac_data_copy_internal.
+
+2003-07-07 Moritz Schulte <moritz@g10code.com>
+
+ * ac.c (gcry_ac_data_set): Only release old MPI value if it is
+ different from the new value. Bug reported by Simon Josefsson
+ <jas@extundo.com>.
+
+ * pubkey.c (gcry_pk_list): New function.
+ * md.c (gcry_md_list): New function.
+
+ * ac.c (gcry_ac_key_pair_generate): Fix calculation of format
+ string size.
+
+2003-07-05 Moritz Schulte <moritz@g10code.com>
+
+ * md.c: Named struct of digest_table `digest_table_entry'.
+ (digest_table_entry): New member: algorithm; filled in.
+ (digest_table_entry): Removed unused member: flags.
+ (gcry_md_register): New argument: algorithm_id, filled in.
+ (gcry_md_register_default): Used algorithm ID from module
+ structure.
+ (gcry_md_map_name): Likewise.
+ (md_enable): Likewise.
+ (md_read): Likewise.
+ (gcry_md_info): Likewise.
+
+ * pubkey.c: Named truct for pubkey_table `pubkey_table_entry'.
+ (pubkey_table_entry): New member: algorithm; filled in.
+ (gcry_pk_register_default): Used algorithm ID from pubkey_table.
+ (gcry_pk_register): New argument: algorithm_id, filled in.
+ (gcry_pk_map_name): Used algorithm ID from module structure.
+ (gcry_pk_decrypt): Likewise.
+ (gcry_pk_encrypt): Likewise.
+ (gcry_pk_verify): Likewise.
+ (gcry_pk_sign): Likewise.
+ (gcry_pk_testkey): Likewise.
+ (gcry_pk_genkey): Likewise.
+ (gcry_pk_get_nbits): Likewise.
+ (sexp_to_key): Removed unused variable: algo.
+ (sexp_to_sig): Likewise.
+
+ * cipher.c: Named struct for cipher_table `cipher_table_entry'.
+ (cipher_table_entry): New member: algorithm; filled in.
+ (gcry_cipher_register_default): Used algorithm ID from
+ cipher_table.
+ (gcry_cipher_register): New argument: algorithm_id, filled in.
+ (gcry_cipher_map_name): Used algorithm ID from module structure.
+
+ * arcfour.c (cipher_spec_arcfour): Removed algorithm ID.
+ * blowfish.c (cipher_spec_blowfish): Likewise.
+ * cast5.c (cipher_spec_cast5): Likewise.
+ * crc.c (digest_spec_crc32): Likewise.
+ * crc.c (digest_spec_crc32_rfc1510): Likewise.
+ * crc.c (digest_spec_crc32_rfc2440): Likewise.
+ * des.c (cipher_spec_des): Likewise.
+ * des.c (cipher_spec_tripledes): Likewise.
+ * dsa.c (pubkey_spec_dsa): Likewise.
+ * elgamal.c (pubkey_spec_elg): Likewise.
+ * md4.c (digest_spec_md4): Likewise.
+ * md5.c (digest_spec_md5): Likewise.
+ * aes.c (cipher_spec_aes): Likewise.
+ * aes.c (cipher_spec_aes192): Likewise.
+ * aes.c (cipher_spec_aes256): Likewise.
+ * rsa.c (pubkey_spec_rsa): Likewise.
+ * sha1.c (digest_spec_sha1): Likewise.
+ * sha256.c (digest_spec_sha256): Likewise.
+ * sha512.c (digest_spec_sha512): Likewise.
+ * tiger.c (digest_spec_tiger): Likewise.
+ * twofish.c (cipher_spec_twofish): Likewise.
+ * twofish.c (cipher_spec_twofish128): Likewise.
+
+ * Makefile.am (EXTRA_libcipher_la_SOURCES): Fix list of source
+ files; reported by Simon Josefsson <jas@extundo.com>.
+
+ * pubkey.c: Replaced all occurences of `id' with `algorithm',
+ since `id' is a keyword in obj-c.
+ * md.c: Likewise.
+ * cipher.c: Likewise.
+
+ * crc.c, md4.c, md5.c, rmd160.c, sha1.c, sha256.c, tiger.c:
+ Replaced all occurences of gcry_digest_spec_t with gcry_md_spec_t.
+
+ * dsa.c, rsa.c, elgamal.c: Replaced all occurencens of
+ gcry_pubkey_spec_t with gcry_pk_spec_t.
+
+ * md.c: Replaced all occurences of gcry_digest_spec_t with
+ gcry_md_spec_t.
+ (gcry_digest_register_default): Renamed to ...
+ (gcry_md_register_default): ... this; adjusted callers.
+ (gcry_digest_lookup_func_name): Renamed to ...
+ (gcry_md_lookup_func_name): ... this; adjusted callers.
+ (gcry_digest_lookup_name): Renamed to ...
+ (gcry_md_lookup_name): ... this; adjusted callers.
+ (gcry_digest_register): Renamed to ...
+ (gcry_md_register): ... this.
+ (gcry_digest_unregister): Renamed to ...
+ (gcry_md_unregister): ... this.
+
+ * pubkey.c (gcry_pubkey_register): Renamed to ...
+ (gcry_pk_register): ... this.
+ (gcry_pubkey_unregister): Renamed to ...
+ (gcry_pk_unregister): ... this.
+ Replaced all occurences of gcry_pubkey_spec_t with gcry_pk_spec_t.
+ (gcry_pubkey_register_default): Renamed to ...
+ (gcry_pk_register_default): ... this; adjusted callers.
+ (gcry_pubkey_lookup_func_name): Renamed to ...
+ (gcry_pk_lookup_func_name): ... this; adjusted callers.
+ (gcry_pubkey_lookup_name): Renamed to ...
+ (gcry_pk_lookup_name): ... this; adjusted callers.
+
+ * md.c (gcry_md_hash_buffer): Fix error checking. Thanks to Simon
+ Josefsson <jas@extunde.com>.
+
+2003-07-04 Moritz Schulte <moritz@g10code.com>
+
+ * cipher.c (gcry_cipher_list): New function.
+
+2003-07-01 Moritz Schulte <moritz@g10code.com>
+
+ * pubkey.c (sexp_to_sig): Accept a `flags' S-expression to be more
+ consistent with sexp_to_enc.
+
+2003-06-30 Moritz Schulte <moritz@g10code.com>
+
+ * Makefile.am (libcipher_la_SOURCES): Added: ac.c.
+
+ * pubkey.c (_gcry_pk_module_lookup): New function.
+ (_gcry_pk_module_release): New function.
+
+2003-06-29 Moritz Schulte <moritz@g10code.com>
+
+ * ac.c: New file.
+
+2003-06-26 Werner Koch <wk@gnupg.org>
+
+ * md.c (gcry_md_hash_buffer): Trigger BUG correcly with new API.
+
+2003-06-19 Werner Koch <wk@gnupg.org>
+
+ * md.c (gcry_md_is_enabled): Fixed.
+
+2003-06-18 Werner Koch <wk@gnupg.org>
+
+ * cipher.c (gcry_cipher_get_algo_keylen): New.
+ (gcry_cipher_get_algo_blklen): New.
+
+2003-06-18 Moritz Schulte <moritz@g10code.com>
+
+ * arcfour.c, cipher.c, blowfish.c, md.c, cast5.c, pubkey.c, crc.c,
+ des.c, dsa.c, elgamal.c, md4.c, md5.c, random.c, rijndael.c,
+ rmd160.c, rsa.c, sha1.c, sha256.c, sha512.c, tiger.c, twofish.c:
+ Replaced older types GcryDigestSpec, GcryCipherSpec and
+ GcryPubkeySpec with newer types: gcry_digest_spec_t,
+ gcry_cipher_spec_t and gcry_pubkey_spec_t.
+
+ * md.c (gcry_digest_id_new): Removed function.
+ (gcry_digest_register): Removed code for generating a new module
+ ID.
+
+ * pubkey.c (gcry_pubkey_id_new): Removed function.
+ (gcry_pubkey_register): Removed code for generating a new module
+ ID.
+
+ * cipher.c, md.c, pubkey.c: Replace old type GcryModule with newer
+ one: gcry_module_t.
+ (gcry_cipher_id_new): Removed function.
+ (gcry_cipher_register): Removed code for generating a new module
+ ID.
+
+ * cipher.c (gcry_cipher_register): Adjust call to
+ _gcry_module_add.
+ (gcry_cipher_register_default): Likewise.
+ * pubkey.c (gcry_pubkey_register_default): Likewise.
+ (gcry_pubkey_register): Likewise.
+ * md.c (gcry_digest_register_default): Likewise.
+ (gcry_digest_register): Likewise.
+
+ * md.c (gcry_digest_lookup_func_id): Removed function.
+ (gcry_digest_lookup_id): Likewise.
+ (gcry_digest_id_new): Use _gcry_module_lookup_id instead of
+ gcry_digest_lookup_id.
+ (digest_algo_to_string): Likewise.
+ (check_digest_algo): Likewise.
+ (md_enable): Likewise.
+ (md_digest_length): Likewise.
+ (md_asn_oid): Likewise.
+
+ * pubkey.c (gcry_pubkey_lookup_id): Removed function.
+ (gcry_pubkey_lookup_func_id): Likewise.
+ (gcry_pubkey_id_new): Use _gcry_module_lookup_id instead of
+ gcry_pubkey_id_new.
+ (gcry_pk_algo_name): Likewise.
+ (disable_pubkey_algo): Likewise.
+ (check_pubkey_algo): Likewise.
+ (pubkey_get_npkey): Likewise.
+ (pubkey_get_nskey): Likewise.
+ (pubkey_get_nsig): Likewise.
+ (pubkey_get_nenc): Likewise.
+ (pubkey_generate): Likewise.
+ (pubkey_check_secret_key): Likewise.
+ (pubkey_encrypt): Likewise.
+ (pubkey_decrypt): Likewise.
+ (pubkey_sign): Likewise.
+ (pubkey_verify): Likewise.
+ (gcry_pk_algo_info): Likewise.
+
+ * cipher.c (gcry_cipher_lookup_func_id): Removed function.
+ (gcry_cipher_lookup_id): Likewise.
+ (cipher_algo_to_string): use _gcry_module_lookup_id instead of
+ gcry_cipher_lookup_id.
+ (disable_cipher_algo): Likewise.
+ (check_cipher_algo): Likewise.
+ (cipher_get_blocksize): Likewise.
+ (gcry_cipher_open): Likewise.
+ (gcry_cipher_id_new): Likewise.
+
+2003-06-17 Moritz Schulte <moritz@g10code.com>
+
+ * Makefile.am (GCRYPT_MODULES): Set to @GCRYPT_CIPHERS@,
+ @GCRYPT_PUBKEY_CIPHERS@, @GCRYPT_DIGESTS@ and @GCRYPT_RANDOM@.
+ (libcipher_la_DEPENDENCIES): Set to $(GCRYPT_MODULES).
+ (libcipher_la_LIBADD): Likewise.
+ (AM_CFLAGS): Added: @GPG_ERROR_CFLAGS@.
+ (EXTRA_libcipher_la_SOURCES): Added all conditional sources.
+
+ * md.c (md_open): Use _gcry_fast_random_poll instead of
+ fast_random_poll.
+ * cipher.c (gcry_cipher_open): Likewise.
+
+ * random.h (fast_random_poll): Removed macro.
+
+ * blowfish.c, md4.c, md5.c, rmd160.c, sha1.c, sha256.c, sha512.c,
+ tiger.c: Use Autoconf's WORDS_BIGENDIAN instead of our own
+ BIG_ENDIAN_HOST.
+
+2003-06-16 Moritz Schulte <moritz@g10code.com>
+
+ * random.c (getfnc_gather_random): Do not special-case
+ USE_ALL_RANDOM_MODULES, make it the default.
+
+ * dsa.c: Replace last occurences of old type names with newer
+ names (i.e. replace MPI with gcry_mpi_t).
+ * elgamal.c: Likewise.
+ * primegen.c: Likewise.
+ * pubkey.c: Likewise.
+ * rsa.c: Likewise.
+
+2003-06-14 Moritz Schulte <moritz@g10code.com>
+
+ * des.c (des_setkey): Add selftest check.
+ (tripledes_set3keys): Likewise.
+ (do_tripledes_setkey): Remove selftest check.
+ (do_des_setkey): Likewise.
+
+2003-06-11 Moritz Schulte <moritz@g10code.com>
+
+ * md.c (_gcry_md_init): New function.
+ * cipher.c (_gcry_cipher_init): New function.
+ * pubkey.c (_gcry_pk_init): New function.
+
+2003-06-13 Werner Koch <wk@gnupg.org>
+
+ * md.c (gcry_md_get_algo): Reverted to old API. This is a
+ convenience function anyway and error checking is not approriate.
+ (gcry_md_is_secure): New.
+ (gcry_md_is_enabled): New.
+
+2003-06-12 Werner Koch <wk@gnupg.org>
+
+ * cipher.c (gcry_cipher_open): Make sure HANDLE is set to NULL on
+ error.
+
+2003-06-11 Werner Koch <wk@gnupg.org>
+
+ * md.c (gcry_md_open): Make sure H receives either NULL or an
+ valid handle.
+ (gcry_md_copy): Swapped arguments so that it is more in lione with
+ md_open and most other API fucntions like memcpy (destination
+ comes first). Make sure HANDLE is set to NULL on error.
+
+ * rijndael.c (do_encrypt): Hack to force correct alignment. It
+ seems not to be not sufficient, though. We should rework this
+ fucntions and remove all these ugly casts. Let the compiler
+ optimize or have an assembler implementation.
+
+2003-06-09 Moritz Schulte <moritz@g10code.com>
+
+ * Makefile.am: Removed rules serpent, since that is not commited
+ yet.
+
+2003-06-08 Moritz Schulte <moritz@g10code.com>
+
+ * pubkey.c (gcry_pk_encrypt): Improve calculation for size of the
+ format string.
+
+2003-06-07 Moritz Schulte <moritz@g10code.com>
+
+ * arcfour.c, bithelp.h, blowfish.c, cast5.c, cipher.c, crc.c,
+ des.c, dsa.c, elgamal.c, md4.c, md5.c, md.c, primegen.c, pubkey.c,
+ rand-internal.h, random.c, random.h, rijndael.c, rmd160.c,
+ rmd160test.c, rmd.h, rndeged.c, rndlinux.c, rndunix.c, rndw32.c,
+ rsa.c, sha1.c, sha256.c, sha512.c, tiger.c, twofish.c: Edited all
+ preprocessor instructions to remove whitespace before the '#'.
+ This is not required by C89, but there are some compilers out
+ there that don't like it. Replaced any occurence of the now
+ deprecated type names with the new ones.
+
+2003-06-04 Moritz Schulte <moritz@g10code.com>
+
+ * pubkey.c (gcry_pk_encrypt): Construct an arg_list and use
+ gcry_sexp_build_array instead of gcry_sexp_build.
+ (gcry_pk_sign): Likewise.
+ (gcry_pk_genkey): Likewise.
+
+2003-06-01 Moritz Schulte <moritz@g10code.com>
+
+ * dsa.c (_gcry_dsa_generate): Do not check wether the algorithm ID
+ does indeed belong to DSA.
+ (_gcry_dsa_sign): Likewise.
+ (_gcry_dsa_verify): Likewise.
+ (_gcry_dsa_get_nbits): Likewise.
+
+ * elgamal.c (_gcry_elg_check_secret_key): Do not check wether the
+ algorithm ID does indeed belong to ElGamal.
+ (_gcry_elg_encrypt): Likewise.
+ (_gcry_elg_decrypt): Likewise.
+ (_gcry_elg_sign): Likewise.
+ (_gcry_elg_verify): Likewise.
+ (_gcry_elg_get_nbits): Likewise.
+ (_gcry_elg_generate): Likewise.
+
+ * rsa.c (_gcry_rsa_generate): Do not check wether the algorithm ID
+ does indeed belong to RSA.
+ (_gcry_rsa_encrypt): Likewise.
+ (_gcry_rsa_decrypt): Likewise.
+ (_gcry_rsa_sign): Likewise.
+ (_gcry_rsa_verify): Likewise.
+ (_gcry_rsa_get_nbits): Likewise.
+
+2003-05-30 Moritz Schulte <moritz@g10code.com>
+
+ * md.c (md_get_algo): Return zero in case to algorithm is enabled.
+
+ * md.c (gcry_md_info): Adjusted for new no-errno-API.
+ (md_final): Likewise.
+ (gcry_md_get_algo): Likewise.
+ * pubkey.c (gcry_pk_get_keygrip): Likewise.
+ (gcry_pk_ctl): Likewise.
+ (gcry_pk_algo_info): Likewise.
+ * des.c (selftest): Likewise.
+
+2003-05-29 Moritz Schulte <moritz@g10code.com>
+
+ * md.c (md_enable): Do not forget to release module on error.
+ (gcry_md_open): Adjusted for new no-errno-API.
+ (md_open): Likewise.
+ (md_copy): Likewise.
+ (gcry_md_copy): Likewise.
+ (gcry_md_setkey): Likewise.
+ (gcry_md_algo_info): Likewise.
+
+ * cipher.c (gcry_cipher_open): Adjusted for new no-errno-API and
+ also fixed a locking bug.
+ (gcry_cipher_encrypt): Adjusted for new no-errno-API.
+ (gcry_cipher_decrypt): Likewise.
+ (gcry_cipher_ctl): Likewise.
+ (gcry_cipher_info): Likewise.
+ (gcry_cipher_algo_info): Likewise.
+
+2003-05-28 Moritz Schulte <moritz@g10code.com>
+
+ * md.c (md_enable): Adjusted for libgpg-error.
+ (gcry_md_enable): Likewise.
+ (gcry_digest_register_default): Likewise.
+ (gcry_digest_register): Likewise.
+ (check_digest_algo): Likewise.
+ (prepare_macpads): Likewise.
+ (gcry_md_setkey): Likewise.
+ (gcry_md_ctl): Likewise.
+ (gcry_md_get): Likewise.
+ (gcry_md_algo_info): Likewise.
+ (gcry_md_info): Likewise.
+ * dsa.c (_gcry_dsa_generate): Likewise.
+ (_gcry_dsa_check_secret_key): Likewise.
+ (_gcry_dsa_sign): Likewie.
+ (_gcry_dsa_verify): Likewise.
+ * twofish.c (do_twofish_setkey): Likewise.
+ (twofish_setkey): Likewise.
+ * cipher.c (gcry_cipher_register): Likewise.
+
+2003-05-25 Moritz Schulte <moritz@g10code.com>
+
+ * rijndael.c (do_setkey): Adjusted for libgpg-error.
+ (rijndael_setkey): Likewise.
+ * random.c (gcry_random_add_bytes): Likewise.
+ * elgamal.c (_gcry_elg_generate): Likewise.
+ (_gcry_elg_check_secret_key): Likewise.
+ (_gcry_elg_encrypt): Likewise.
+ (_gcry_elg_decrypt): Likewise.
+ (_gcry_elg_sign): Likewise.
+ (_gcry_elg_verify): Likewise.
+ * rsa.c (_gcry_rsa_generate): Likewise.
+ (_gcry_rsa_check_secret_key): Likewise.
+ (_gcry_rsa_encrypt): Likewise.
+ (_gcry_rsa_decrypt): Likewise.
+ (_gcry_rsa_sign): Likewise.
+ (_gcry_rsa_verify): Likewise.
+ * pubkey.c (dummy_generate, dummy_check_secret_key, dummy_encrypt,
+ dummy_decrypt, dummy_sign, dummy_verify): Likewise.
+ (gcry_pubkey_register): Likewise.
+ (check_pubkey_algo): Likewise.
+ (pubkey_generate): Likewise.
+ (pubkey_check_secret_key): Likewise.
+ (pubkey_encrypt): Likewise.
+ (pubkey_decrypt): Likewise.
+ (pubkey_sign): Likewise.
+ (pubkey_verify): Likewise.
+ (sexp_elements_extract): Likewise.
+ (sexp_to_key): Likewise.
+ (sexp_to_sig): Likewise.
+ (sexp_to_enc): Likewise.
+ (sexp_data_to_mpi): Likewise.
+ (gcry_pk_encrypt): Likewise.
+ (gcry_pk_decrypt): Likewise.
+ (gcry_pk_sign): Likewise.
+ (gcry_pk_verify): Likewise.
+ (gcry_pk_testkey): Likewise.
+ (gcry_pk_genkey): Likewise.
+ (gcry_pk_ctl): Likewise.
+ * cipher.c (dummy_setkey): Likewise.
+ (check_cipher_algo): Likewise.
+ (gcry_cipher_open): Likewise.
+ (cipher_setkey): Likewise.
+ (gcry_cipher_ctl): Likewise.
+ (cipher_encrypt): Likewise.
+ (gcry_cipher_encrypt): Likewise.
+ (cipher_decrypt): Likewise.
+ (gcry_cipher_decrypt): Likewise.
+ (gcry_cipher_info): Likewise.
+ (gcry_cipher_algo_info): Likewise.
+ * cast5.c (cast_setkey): Likewise.
+ (do_cast_setkey): Likewise.
+ * arcfour.c (arcfour_setkey): Likewise.
+ (do_arcfour_setkey): Likewise.
+ * blowfish.c (do_bf_setkey): Likewise.
+ (bf_setkey): Likewise.
+ * des.c (do_des_setkey): Likewise.
+ (do_tripledes_setkey): Likewise.
+
+2003-05-22 Moritz Schulte <moritz@g10code.com>
+
+ * tiger.c: Merged code ussing the U64_C macro from GnuPG.
+
+ * sha512.c: Likewise.
+
+2003-05-17 Moritz Schulte <moritz@g10code.com>
+
+ * pubkey.c (gcry_pk_genkey): Fix type: acquire a lock, instead of
+ releasing it.
+
+2003-05-11 Moritz Schulte <moritz@g10code.com>
+
+ * pubkey.c (gcry_pk_testkey): Call REGISTER_DEFAULT_CIPHERS.
+ (gcry_pk_ctl): Likewise.
+
+2003-04-27 Moritz Schulte <moritz@g10code.com>
+
+ * pubkey.c (gcry_pk_genkey): Release sexp after extracted data has
+ been used.
+
+ * md.c (gcry_md_get_algo_dlen): Simplified, simply call
+ md_digest_length to do the job.
+
+ * des.c (do_des_setkey): Check for selftest failure not only
+ during initialization.
+ (do_tripledes_setkey): Include check for selftest failure.
+
+ * pubkey.c (gcry_pubkey_register_default): New macro
+ `pubkey_use_dummy', use it.
+
+ * elgamal.c (elg_names): New variable.
+ (pubkey_spec_elg): Include elg_names.
+
+ * dsa.c (dsa_names): New variable.
+ (pubkey_spec_dsa): Include dsa_names.
+
+ * rsa.c (rsa_names): New variable.
+ (pubkey_spec_rsa): Include rsa_names.
+
+ * pubkey.c (gcry_pubkey_lookup_func_name): Compare name also with
+ the names listed in `sexp_names'.
+
+2003-04-24 Moritz Schulte <moritz@g10code.com>
+
+ * pubkey.c (sexp_to_key): New variables: module, pubkey. Adjusted
+ to new module interface.
+ (sexp_to_key): Changend type of argument `retalgo' from `int *' to
+ `GcryModule **'. Adjusted all callers. Removed argument:
+ r_algotblidx.
+ (sexp_to_sig): Changend type of argument `retalgo' from `int *' to
+ `GcryModule **'. Adjusted all callers.
+ (sexp_to_enc): Likewise.
+
+ (pubkey_get_npkey, pubkey_get_nskey, pubkey_get_nsig,
+ pubkey_get_nenc): Use strlen to find out the number.
+
+ * rsa.c: Adjust pubkey_spec_rsa to new internal interface.
+ * dsa.c: Likewise.
+ * elgamal.c: Likewise.
+
+2003-04-17 Moritz Schulte <moritz@g10code.com>
+
+ * pubkey.c (sexp_elements_extract): New function.
+ * pubkey.c (sexp_to_key): Removed variable `idx', added `err', use
+ sexp_elements_extract.
+ (sexp_to_sig): Likewise.
+ (sexp_to_enc): Likewise.
+
+ * pubkey.c: Terminate list correctly.
+ * md.c: Include sha512/sha384 in digest_table.
+
+2003-04-16 Moritz Schulte <moritz@g10code.com>
+
+ * Makefile.am: Include support for sha512.c.
+
+ * sha512.c: New file, merged from GnuPG, with few modifications
+ for libgcrypt.
+
+ * rand-internal.h: Removed declarations for constructor functions.
+
+ * md.c (md_copy): Call _gcry_module_use for incrementing the usage
+ counter of the digest modules.
+
+ * rsa.c: Do not include "rsa.h".
+ * dsa.c: Do not include "dsa.h".
+ * elgamal.c: Do not include "elgamal.h".
+ * des.c: Do not include "des.h".
+ * cast5.c: Do not include "cast5.h".
+ * blowfish.c: Do not include "blowfish.h".
+ * arcfour.c: Do not include "arcfour.h".
+
+ * Makefile.am (libcipher_la_DEPENDENCIES): Removed.
+ (libcipher_la_LIBADD): Removed.
+ Use Automake conditionals for conditional compilation.
+
+2003-04-13 Moritz Schulte <moritz@g10code.com>
+
+ * cipher.c (gcry_cipher_open): Call REGISTER_DEFAULT_CIPHERS.
+
+ * md.c (gcry_md_list): New member: module.
+ (md_enable): New variable: module, changed use of module and
+ digest.
+ (md_enable): Initialize member: module.
+ (md_close): Call _gcry_module_release.
+
+ * cipher.c (gcry_cipher_open): New variable: module, changed use of
+ module and cipher.
+ (struct gcry_cipher_handle): New member: module.
+ (gcry_cipher_open): Initialize member: module.
+ (gcry_cipher_close): Call _gcry_module_release.
+
+2003-04-09 Moritz Schulte <moritz@g10code.com>
+
+ * cipher.c: Include "ath.h".
+ * md.c: Likewise.
+ * pubkey.c: Likewise.
+
+ * cipher.c (ciphers_registered_lock): New variable.
+ * md.c (digests_registered_lock): New variable.
+ * pubkey.c (pubkeys_registered_lock): New variable.
+
+ * rndlinux.c (gnupgext_version, func_table): Removed definitions.
+ (gnupgext_enum_func): Removed function.
+ (_gcry_rndlinux_constructor): Removed function.
+
+ * rndegd.c (gnupgext_version, func_table): Removed definitions.
+ (gnupgext_enum_func): Removed function.
+ (_gcry_rndegd_constructor): Removed function.
+
+ * rndunix.c (gnupgext_version, func_table): Removed definitions.
+ (gnupgext_enum_func): Removed function.
+ (_gcry_rndunix_constructor): Removed function.
+
+ * rndw32.c (gnupgext_version, func_table): Removed definitions.
+ (gnupgext_enum_func): Removed function.
+ (_gcry_rndw32_constructor): Removed function.
+
+ * rndegd.c (rndegd_connect_socket): Simplify code for creating the
+ egd socket address.
+ (rndegd_connect_socket): Call log_fatal use instead of
+ g10_log_fatal.
+ (egd_gather_random): Renamed to ...
+ (rndegd_gather_random): ... here.
+
+2003-04-08 Moritz Schulte <moritz@g10code.com>
+
+ * rndlinux.c: Do not include "dynload.h".
+ * rndunix.c: Likewise.
+ * rndw32.c: Likewise.
+
+ * rndegd.c (rndegd_connect_socket): Factored out from ...
+ (egd_gather_random): here; call it.
+ (egd_socket): New variable.
+ (egd_gather_random): Initialize fd with egd_socket, do not declare
+ fd static.
+ (do_read): Merged few changes from GnuPG. FIXME - not finished?
+ Do not include "dynload.h".
+
+ * rndw32.c (gather_random): Renamed to rndw32_gather_random, do
+ not declare static.
+ (gather_random_fast): Renamed to rndw32_gather_random_fast, do not
+ declare static.
+
+ * rndunix.c (gather_random): Renamed to rndunix_gather_random, do
+ not declare static.
+ * rndegd.c (gather_random): Renamed to rndegd_gather_random, do
+ not declare static.
+ * rndlinux.c (gather_random): Renamed to rndlinux_gather_random,
+ do not declare static.
+
+2003-04-07 Moritz Schulte <moritz@g10code.com>
+
+ * Makefile.am (libcipher_la_SOURCES): Removed construct.c.
+ (libcipher_la_SOURCES): Added sha1.c, sha256.c, rmd160.c, md4.c,
+ md5.c, tiger.c and crc.c
+ (EXTRA_PROGRAMS): Removed sha1, sha256, rmd160, md4, md5, tiger
+ and crc. Removed definitions: EXTRA_md4_SOURCES,
+ EXTRA_md5_SOURCES, EXTRA_rmd160_SOURCES, EXTRA_sha1_SOURCES,
+ EXTRA_sha256_SOURCES, EXTRA_tiger_SOURCES and EXTRA_crc_SOURCES,
+ BUILT_SOURCES, DISTCLEANFILES.
+
+ * pubkey.c: Do not include "elgamal.h", "dsa.h" and "rsa.h".
+
+ * Makefile.am (libcipher_la_SOURCES): Removed rsa.h, elgamal.h,
+ dsa.h, des.h, cast5.h, arcfour.h and blowfish.h.
+
+ * rsa.h: Removed file.
+ * elgamal.h: Removed file.
+ * dsa.h: Removed file.
+ * des.h: Removed file.
+ * cast5.h: Removed file.
+ * arcfour.h: Removed file.
+ * blowfish.h: Removed file.
+
+ * Makefile.am (libcipher_la_SOURCES): Removed dynload.c and
+ dynload.h.
+
+ * rsa.c (pubkey_spec_rsa): New variable.
+ * dsa.c (pubkey_spec_rsa): New variable.
+ * elgamal.c (pubkey_spec_elg): New variable.
+
+ * rsa.c (_gcry_rsa_get_info): Removed function.
+ * elgamal.c (_gcry_elg_get_info): Removed function.
+ * dsa.c (_gcry_dsa_get_info): Removed function.
+
+ * tiger.c (tiger_get_info): Removed function.
+ (gnupgext_version, func_table): Removed definitions.
+ (gnupgext_enum_func): Removed function.
+ (_gcry_tiger_constructor): Removed function.
+
+ * sha1.c (sha1_get_info): Removed function.
+ (gnupgext_version, func_table): Removed definitions.
+ (gnupgext_enum_func): Removed function.
+ (_gcry_sha1_constructor): Removed function.
+
+ * sha256.c (sha256_get_info): Removed function.
+ (gnupgext_version, func_table): Removed definitions.
+ (gnupgext_enum_func): Removed function.
+ (_gcry_sha256_constructor): Removed function.
+
+ * rmd160.c (rmd160_get_info): Removed function.
+ (gnupgext_version, func_table): Removed definitions.
+ (gnupgext_enum_func): Removed function.
+ (_gcry_rmd160_constructor): Removed function.
+
+ * md5.c (md5_get_info): Removed function.
+ (gnupgext_version, func_table): Removed definitions.
+ (gnupgext_enum_func): Removed function.
+ (_gcry_md5_constructor): Removed function.
+
+ * md4.c (md4_get_info): Removed function.
+ (gnupgext_version, func_table): Removed definitions.
+ (gnupgext_enum_func): Removed function.
+ (_gcry_md4_constructor): Removed function.
+
+ * crc.c (crc_get_info): Removed function.
+
+ * arcfour.c (do_arcfour_setkey): Changed type of context argument
+ to `void *', added local variable for cast, adjusted callers.
+ (arcfour_setkey): Likewise.
+ (encrypt_stream): Likewise.
+ * cast5.c (cast_setkey): Likewise.
+ (encrypt_block): Likewise.
+ * rijndael.c (rijndael_setkey): Likewise.
+ (rijndael_encrypt): Likewise.
+ (rijndael_decrypt): Likewise.
+ * twofish.c (twofish_setkey): Likewise.
+ (twofish_encrypt): Likewise.
+ (twofish_decrypt): Likewise.
+ * des.c (do_des_setkey): Likewise.
+ (do_des_encrypt): Likewise.
+ (do_des_encrypt): Likewise.
+ (do_tripledes_encrypt): Likewise.
+ (do_tripledes_encrypt): Likewise.
+ * blowfish.c (bf_setkey: Likewise.
+ (encrypt_block): Likewise.
+ (decrypt_block): Likewise.
+
+ * arcfour.c (encrypt_stream): Likewise.
+
+ * rijndael.c (gnupgext_version, func_table): Removed definitions.
+ (gnupgext_enum_func) Removed function.
+
+ * twofish.c (gnupgext_version, func_table): Removed definitions.
+ (gnupgext_enum_func) Removed function.
+
+ * cast5.c (CIPHER_ALGO_CAST5): Removed.
+
+ * blowfish.c (FNCCAST_SETKEY, FNCCAST_CRYPT): Removed macros.
+ (CIPHER_ALGO_BLOWFISH): Removed symbol.
+ * cast5.c (FNCCAST_SETKEY, FNCCAST_CRYPT): Likewise.
+ * des.c (selftest_failed): Removed.
+ (initialized): New variable.
+ (do_des_setkey): Run selftest, if not yet done.
+ (FNCCAST_SETKEY, FNCCAST_CRYPT): Removed macros.
+
+ * arcfour.c (_gcry_arcfour_get_info): Removed function.
+ * blowfish.c (_gcry_blowfish_get_info): Removed function.
+ * cast5.c (_gcry_cast5_get_info): Removed function.
+ * des.c (_gcry_des_get_info): Removed function.
+ * rijndael.c (_gcry_rijndael_get_info): Removed function.
+ * twofish.c (_gcry_twofish_get_info): Removed function.
+
+ * arcfour.c (cipher_spec_arcfour): New variable.
+ * twofish.c (cipher_spec_twofish, cipher_spec_twofish128): New
+ variables.
+ * rijndael.c (cipher_spec_aes, cipher_spec_aes192,
+ cipher_spec256): New variables.
+ * des.c (cipher_spec_des, cipher_spec_tripledes): New variables.
+ * cast5.c (cipher_spec_cast5): New variable.
+ * blowfish.c (cipher_spec_blowfish): Likewise.
+
+ * twofish.c: Do not include "dynload.h".
+ * rijndael.c: Likewise.
+ * des.c: Likewise.
+ * cast5.c: Likewise.
+ * blowfish.c: Likewise.
+ * cipher.c: Likewise.
+ * crc.c: Likewise.
+ * md4.c: Likewise.
+ * md5.c: Likewise.
+ * md.c: Likewise.
+ * pubkey.c: Likewise.
+ * rijndael.c: Likewise.
+ * sha1.c: Likewise.
+ * sha256.c: Likewise.
+
+ * arcfour.c: Include "cipher.h".
+ * twofish.c: Likewise.
+ * rijndael.c: Likewise.
+ * des.c: Likewise.
+ * cast5.c: Likewise.
+ * blowfish.c: Likewise.
+
+ * twofish.c (twofish_setkey): Declared argument `key' const.
+ (twofish_encrypt): Declared argument `inbuf' const.
+ (twofish_decrypt): Likewise.
+
+ * rijndael.c (rijndael_setkey): Declared argument `key' const.
+ (rijndael_encrypt): Declared argument `inbuf' const.
+ (rijndael_decrypt): Likewise.
+
+ * des.c (do_des_setkey): Declared argument `key' const.
+ (do_tripledes_setkey): Likewise.
+ (do_des_encrypt): Declared argument `inbuf' const.
+ (do_des_decrypt): Likewise.
+ (do_tripledes_encrypt): Likewise.
+ (do_tripledes_decrypt): Likewise.
+
+ * cast5.c (encrypt_block): Declared argument `inbuf' const.
+ (decrypt_block): Likewise.
+ (cast_setkey): Declared argument `key' const.
+
+ * blowfish.c (do_bf_setkey): Declared argument `key' const.
+ (encrypt_block): Declared argument `inbuf' const.
+ (encrypt_block): Likewise.
+
+
+
+ * cipher.c: Remove CIPHER_ALGO_DUMMY related code.
+ Removed struct cipher_table_s.
+ Changed definition of cipher_table.
+ Removed definition of disabled_algos.
+ (ciphers_registered, default_ciphers_registered): New variables.
+ (REGISTER_DEFAULT_CIPHERS): New macro.
+ (dummy_setkey): Declared argument `key' const.
+ (dummy_encrypt_block): Declared argument `inbuf' const.
+ (dummy_encrypt_block): Likewise.
+ (dummy_encrypt_stream): Likewise.
+ (dummy_encrypt_stream): Likewise.
+ (dummy_setkey): Use `unsigned char' instead of `byte'.
+ (dummy_encrypt_block): Likewise.
+ (dummy_decrypt_block): Likewise.
+ (dummy_encrypt_stream): Likewise.
+ (dummy_decrypt_stream): Likewise.
+ (gcry_cipher_register_default): New function.
+ (gcry_cipher_lookup_func_id): New function.
+ (gcry_cipher_lookup_func_name): New function.
+ (gcry_cipher_lookup_id): New function.
+ (gcry_cipher_lookup_name): New function.
+ (gcry_cipher_id_new): New function.
+ (gcry_cipher_register): New function.
+ (gcry_cipher_unregister): New function.
+ (setup_cipher_table): Removed function.
+ (load_cipher_modules): Removed function.
+ (gcry_cipher_map_name): Adjusted to use new module management.
+ (cipher_algo_to_string): Likewise.
+ (disable_cipher_algo): Likewise.
+ (check_cipher_algo): Likewise.
+ (cipher_get_keylen): Likewise.
+ (cipher_get_blocksize): Likewise.
+ (gcry_cipher_open): Likewise.
+ (struct gcry_cipher_handle): Replaced members algo, algo_index,
+ blocksize, setkey, encrypt, decrypt, stencrypt, stdecrypt with one
+ member: cipher.
+ (gcry_cipher_open): Adjusted code for new handle structure.
+ (cipher_setkey): Likewise.
+ (cipher_setiv): Likewise.
+ (cipher_reset): Likewise.
+ (do_ecb_encrypt): Likewise.
+ (do_ecb_decrypt): Likewise.
+ (do_cbc_encrypt): Likewise.
+ (do_cbc_decrypt): Likewise.
+ (do_cfb_encrypt): Likewise.
+ (do_cfb_decrypt): Likewise.
+ (do_ctr_encrypt): Likewise.
+ (cipher_encrypt): Likewise.
+ (gcry_cipher_encrypt): Likewise.
+ (cipher_decrypt): Likewise.
+ (gcry_cipher_decrypt): Likewise.
+ (cipher_sync): Likewise.
+ (gcry_cipher_ctl): Likewise.
+
+ * pubkey.c: Removed struct pubkey_table_s.
+ Changed definition of pubkey_table.
+ Removed definition of disabled_algos.
+ (pubkeys_registered, default_pubkeys_registered): New variables.
+ (REGISTER_DEFAULT_PUBKEYS): New macro.
+ (setup_pubkey_table): Removed function.
+ (load_pubkey_modules): Removed function.
+ (gcry_pubkey_register_default): New function.
+ (gcry_pubkey_lookup_func_id): New function.
+ (gcry_pubkey_lookup_func_name): New function.
+ (gcry_pubkey_lookup_id): New function.
+ (gcry_pubkey_lookup_name): New function.
+ (gcry_pubkey_id_new): New function.
+ (gcry_pubkey_register): New function.
+ (gcry_pubkey_unregister): New function.
+ (gcry_pk_map_name): Adjusted to use new module management.
+ (gcry_pk_algo_name): Likewise.
+ (disable_pubkey_algo): Likewise.
+ (check_pubkey_algo): Likewise.
+ (pubkey_get_npkey): Likewise.
+ (pubkey_get_nskey): Likewise.
+ (pubkey_get_nsig): Likewise.
+ (pubkey_get_nenc): Likewise.
+ (pubkey_generate): Likewise.
+ (pubkey_check_secret_key): Likewise.
+ (pubkey_encrypt): Likewise.
+ (pubkey_decrypt): Likewise.
+ (pubkey_sign): Likewise.
+ (pubkey_verify): Likewise.
+ (gcry_pk_get_nbits): Likewise.
+ (gcry_pk_algo_info): Likewise.
+
+ * md.c: Removed struct md_digest_list_s.
+ (digest_list): Changed definition.
+ (digests_registered, default_digests_registered): New variables.
+ (REGISTER_DEFAULT_DIGESTS): New macro.
+ (new_list_item): Removed function.
+ (setup_md_table): Removed function.
+ (load_digest_module): Removed function.
+ (gcry_digest_register_default): New function.
+ (gcry_digest_lookup_func_id): New function.
+ (gcry_digest_lookup_func_name): New function.
+ (gcry_digest_lookup_id): New function.
+ (gcry_digest_lookup_name): New function.
+ (gcry_digest_id_new): New function.
+ (gcry_digest_register): New function.
+ (gcry_digest_unregister): New function.
+ (GcryDigestEntry): New type.
+ (struct gcry_md_context): Adjusted type of `list'.
+ (gcry_md_map_name): Adjusted to use new module management.
+ (digest_algo_to_string): Likewise.
+ (check_digest_algo): Likewise.
+ (md_enable): Likewise.
+ (md_digest_length): Likewise.
+ (md_asn_oid): Likewise.
+
+2003-04-07 Moritz Schulte <moritz@g10code.com>
+
+ * pubkey.c: Replaced PUBKEY_ALGO_DSA with GCRY_PK_DSA,
+ PUBKEY_ALGO_RSA with GCRY_PK_RSA and PUBKEY_ALGO_ELGAMAL with
+ GCRY_PK_ELG.
+
+ * dsa.c: Replaced PUBKEY_ALGO_DSA with GCRY_PK_DSA.
+
+2003-04-01 Moritz Schulte <moritz@g10code.com>
+
+ * des.c: Removed checks for GCRY_CIPHER_3DES and GCRY_CIPHER_DES.
+
+2003-03-31 Moritz Schulte <moritz@g10code.com>
+
+ * tiger.c (tiger_get_info): Do not declare static.
+ * sha256.c (sha256_get_info): Likewise.
+ * sha1.c (sha1_get_info): Likewise.
+ * rmd160.c (rmd160_get_info): Likewise.
+ * md5.c (md5_get_info): Likewise.
+ * md4.c (md4_get_info): Likewise.
+ * crc.c (crc_get_info): Likewise.
+
+ * md.c (load_digest_module): Call setup_md_table during
+ initialization.
+ (new_list_item): Link new element into digest_list.
+
+ * cipher.c (do_ctr_decrypt): Made do_ctr_encrypt act as a wrapper
+ for do_ctr_encrypt, since these functions are identical.
+
+2003-03-30 Simon Josefsson <jas@extundo.com>
+
+ * cipher.c (struct gcry_cipher_handle): Add counter field.
+ (gcry_cipher_open): Add CTR.
+ (cipher_reset): Clear counter field.
+ (do_ctr_encrypt, do_ctr_decrypt): New functions.
+ (cipher_encrypt, cipher_decrypt): Call CTR functions.
+ (gcry_cipher_ctl): Add SET_CTR to set counter.
+
+2003-03-30 Moritz Schulte <moritz@g10code.com>
+
+ * rsa.c (_gcry_rsa_blind): New function.
+ (_gcry_rsa_unblind): New function.
+ (_gcry_rsa_decrypt): Use _gcry_rsa_blind and _gcry_rsa_decrypt.
+
+2003-03-26 Moritz Schulte <moritz@g10code.com>
+
+ * dynload.c (_gcry_enum_gnupgext_pubkeys): Adjust `encrypt' and
+ `decrypt' function arguments.
+ (_gcry_enum_gnupgext_pubkeys): Likewise.
+ * dynload.h: Likewise.
+
+ * pubkey.c (dummy_decrypt): Add argument: int flags.
+ (dummy_encrypt): Likewise.
+
+ * elgamal.c (_gcry_elg_encrypt): Add argument: int flags.
+ (_gcry_elg_decrypt): Likewise.
+
+ * rsa.c (_gcry_rsa_encrypt): Add argument: int flags.
+ (_gcry_rsa_decrypt): Likewise.
+
+ * pubkey.c: Add `flags' argument to members `encrypt' and
+ `decrypt' of struct `pubkey_table_s'.
+
+ * rsa.h: Add `flags' argument to function declarations.
+ * elgamal.h: Likewise.
+
+ * pubkey.c (sexp_data_to_mpi): New variable: int parsed_flags.
+ (sexp_data_to_mpi): Set `parsed_flags'.
+ (sexp_data_to_mpi): New argument: int *flags.
+ (gcry_pk_encrypt): New variable: int flags.
+ (gcry_pk_encrypt): Pass `flags' to pubkey_encrypt.
+ (pubkey_encrypt): New variable: int flags.
+ (pubkey_encrypt): Pass `flags' to pubkey encrypt function.
+ (pubkey_decrypt): Likewise.
+ (pubkey_decrypt): Pass `flags' to pubkey encrypt function.
+ (gcry_pk_encrypt): Include `flags' s-exp in return list.
+ (sexp_to_enc): New argument: int *flags.
+ (gcry_pk_decrypt): New variable: int flags.
+ (gcry_pk_decrypt): Pass `flags' to pubkey_decrypt.
+ (sexp_to_enc): New variable: int parsed_flags.
+ (sexp_to_enc): Set `parsed_flags'.
+
+2003-03-22 Simon Josefsson <jas@extundo.com>
+
+ * cipher.c (gcry_cipher_open, do_cbc_encrypt)
+ (gcry_cipher_encrypt): Support GCRY_CIPHER_CBC_MAC.
+ (gcry_cipher_ctl): Support GCRYCTL_SET_CBC_MAC.
+
+2003-03-19 Werner Koch <wk@gnupg.org>
+
+ * primegen.c (gen_prime): New args EXTRA_CHECK and EXTRA_CHECK_ARG
+ to allow for a user callback. Changed all callers.
+ (_gcry_generate_secret_prime)
+ (_gcry_generate_public_prime): Ditto, pass them to gen_prime.
+ * rsa.c (check_exponent): New.
+ (generate): Use a callback to ensure that a given exponent is
+ actually generated.
+
+2003-03-12 Moritz Schulte <moritz@g10code.com>
+
+ * primegen.c: Initialize `no_of_small_prime_numbers' statically.
+ (gen_prime): Remove calculation of `no_of_small_prime_numbers'.
+
+2003-03-03 Moritz Schulte <moritz@g10code.com>
+
+ * md.c (gcry_md_ctl): Rewritten to use same style like the other
+ functions dispatchers.
+
+2003-03-02 Moritz Schulte <moritz@g10code.com>
+
+ * cipher.c (struct gcry_cipher_handle): New member: algo_index.
+ (gcry_cipher_open): Allocate memory for two cipher contexts.
+ Initialize algo_index.
+ (cipher_setkey): Duplicate context into reserved memory.
+ (cipher_reset): New function, which resets the context and clear
+ the IV.
+ (gcry_cipher_ctl): Call cipher_reset.
+
+2003-02-23 Moritz Schulte <moritz@g10code.com>
+
+ * cipher.c: Remove (bogus) `digitp' macro definition.
+ * md.c: Likewise.
+
+ * blowfish.c (burn_stack): Removed.
+ * arcfour.c (burn_stack): Likewise.
+ * cast5.c (burn_stack): Likewise.
+ * des.c (burn_stack): Likewise.
+ * md4.c (burn_stack): Likewise.
+ * md5.c (burn_stack): Likewise.
+ * random.c (burn_stack): Likewise.
+ * rijndael.c (burn_stack): Likewise.
+ * rmd160.c (burn_stack): Likewise.
+ * sha1.c (burn_stack): Likewise.
+ * sha256.c (burn_stack): Likewise.
+ * tiger.c (burn_stack): Likewise.
+ * twofish.c (burn_stack): Likewise.
+
+ * blowfish.c: Changed all occurences of burn_stack to
+ _gcry_burn_stack.
+ * arcfour.c: Likewise.
+ * cast5.c: Likewise.
+ * des.c: Likewise.
+ * md4.c: Likewise.
+ * md5.c: Likewise.
+ * random.c: Likewise.
+ * rijndael.c: Likewise.
+ * rmd160.c: Likewise.
+ * sha1.c: Likewise.
+ * sha256.c: Likewise.
+ * tiger.c: Likewise.
+ * twofish.c: Likewise.
+
+ * arcfour.c (_gcry_arcfour_get_info): Use GCRY_CIPHER_ARCFOUR
+ instead of hard-coded value `301'.
+
+2003-01-24 Werner Koch <wk@gnupg.org>
+
+ * random.c (_gcry_register_random_progress): New.
+ (_gcry_random_progress): New.
+
+ * rndlinux.c (gather_random): Call the random progress function.
+
+2003-01-23 Werner Koch <wk@gnupg.org>
+
+ * rsa.c (generate): New arg USE_E to request a specific public
+ exponent.
+ (_gcry_rsa_generate): Ditto.
+ * elgamal.c (_gcry_elg_generate): Must add an dummy argument
+ instead of USE_E.
+ * dsa.c (_gcry_dsa_generate): Ditto.
+ * pubkey.c (dummy_generate): Ditto.
+ (pubkey_generate): Add USE_E arg and pass it down.
+ (gcry_pk_genkey): Detect "rsa-use-e" parameter and pass it to generate.
+
+ * pubkey.c (sexp_to_enc): New arg RET_MODERN.
+ (gcry_pk_decrypt): Make use of it to return a real S-expression.
+ Return better error codes.
+ (gcry_pk_verify): Return better error codes.
+
+2003-01-21 Werner Koch <wk@gnupg.org>
+
+ * random.c (gcry_random_add_bytes): Add QUALITY argument, let
+ function return an error code and disable its core for now.
+
+2003-01-21 Timo Schulz <twoaday@freakmail.de>
+
+ * random.c (gcry_random_add_bytes): New. Function to add external
+ random to the pool.
+
+2003-01-20 Simon Josefsson <jas@extundo.com>
+
+ * crc.c: New.
+ * Makefile.am (EXTRA_PROGRAMS, EXTRA_crc_SOURCES): Add crc.c.
+ * md.c (gcry_md_get_algo_dlen): Add values for CRC.
+
+2003-01-20 Werner Koch <wk@gnupg.org>
+
+ * sha256.c: New.
+ * bithelp.h (ror): New.
+ * Makfile.am: Add sha256.c.
+ * md.c (oid_table): Add values for SHA256 et al.
+ (gcry_md_get_algo_dlen): Likewise
+
+2003-01-20 Werner Koch <wk@gnupg.org>
+
+ * pubkey.c (gcry_pk_get_keygrip): Implemented keygrips for DSA
+ and ElGamal.
+
+2003-01-17 Werner Koch <wk@gnupg.org>
+
+ * cipher.c (gcry_cipher_encrypt): Reworked so that the output will
+ never contain the plaintext even if the caller did not checked the
+ return value.
+
+ * md.c (gcry_md_get_algo): Changed error code to GCRYERR_GENERAL
+ because we don't have an invalid md algo but no algorithm enabled.
+
+ * pubkey.c (gcry_pk_genkey): Changed error code for bounds check
+ of table parameters to GCRYERR_INTERNAL.
+
+ * md.c (gcry_md_open): Partly reverted Timo's change from
+ 2002-10-10 by removing the check for the algorithm. An algorithm
+ of 0 is allowed and anyway we should not double check it or check
+ it using a different function. Also fixed the flags check.
+
+ * pubkey.c (gcry_pk_encrypt): Make sure that R_CIPH points to NULL
+ on error.
+ (gcry_pk_decrypt): Ditto for R_PLAIN.
+ (gcry_pk_sign): Ditto for R_SIG.
+ (gcry_pk_genkey): Ditto for R_KEY.
+
+2003-01-16 Werner Koch <wk@gnupg.org>
+
+ * md.c (gcry_md_write): Changed 2nd argument type to void*.
+ (gcry_md_hash_buffer): Changed type of boths buffers to void*.
+ (gcry_md_setkey): Changed 2nd argument type to void*.
+
+2003-01-15 Werner Koch <wk@gnupg.org>
+
+ * pubkey.c (sexp_data_to_mpi): New. This handles pkcs1 padding.
+ (gcry_pk_sign, gcry_pk_verify): Use it here.
+ (gcry_pk_encrypt): And here.
+ (pubkey_verify): Add debug code.
+ (sexp_to_enc): Handle flags in the input and return the pkcs1 flag
+ in a new parameter.
+ (gcry_pk_decrypt): Prepare for future pkcs1 handling.
+
+2002-12-19 Werner Koch <wk@gnupg.org>
+
+ * random.c (_gcry_random_initialize): New.
+
+2002-12-16 Werner Koch <wk@gnupg.org>
+
+ * cipher.c: Added a Teletrust specific OID for 3DES.
+
+2002-12-12 Werner Koch <wk@gnupg.org>
+
+ * md.c: Added another oddball OIW OID (sha-1WithRSAEncryption).
+
+2002-11-23 Werner Koch <wk@gnupg.org>
+
+ * md.c (load_digest_module): Enlarged checked_algos bitmap.
+ * md4.c (func_table): Fixed entry for md4.
+ Both by Simon Josephson.
+ (transform): Copy data to get the alignment straight. Tested only
+ on i386.
+
+2002-11-10 Simon Josefsson <jas@extundo.com>
+
+ * cipher.c (gcry_cipher_open): Don't reject CTS flag.
+ (do_cbc_encrypt, do_cbc_decrypt, cipher_encrypt)
+ (gcry_cipher_encrypt, cipher_decrypt)
+ (gcry_cipher_decrypt): Support CTS flag.
+ (gcry_cipher_ctl): Toggle CTS flag.
+
+2002-11-10 Werner Koch <wk@gnupg.org>
+
+ * md4.c: New. By Simon Josefsson.
+ * Makefile.am (EXTRA_PROGRAMS): Add md4.c.
+ * md.c (oid_table,gcry_md_get_algo_dlen): MD4 support.
+
+2002-10-14 Werner Koch <wk@gnupg.org>
+
+ * arcfour.c (do_encrypt_stream): Don't use increment op when
+ assigning to the same variable.
+
+2002-10-10 Timo Schulz <ts@winpt.org>
+
+ * pubkey.c (gcry_pk_genkey): Check boundaries.
+
+ * md.c (gcry_md_open): Check that algo is available and only
+ valid flag values are used.
+ (gcry_md_get_algo): Add error handling.
+
+2002-09-26 Werner Koch <wk@gnupg.org>
+
+ * md.c: Include an OID for TIGER.
+ * tiger.c (tiger_get_info): Use a regular OID.
+
+2002-09-17 Werner Koch <wk@gnupg.org>
+
+ * random.c: Replaced mutex.h by the new ath.h. Changed all calls.
+
+2002-09-16 Werner Koch <wk@gnupg.org>
+
+ * arcfour.c (do_encrypt_stream): Use register modifier and modulo.
+ According to Nikos Mavroyanopoulos this increases perfromace on
+ i386 system noticable. And I always tought gcc is clever enough.
+ * md5.c (transform): Use register modifier.
+ * rmd160.c (transform): Ditto.
+ * sha1.c (transform): Ditto. We hope that there are 6 free registers.
+ * random.c (gcry_randomize): Rewrote to avoid malloc calls.
+
+ * rndlinux.c (gather_random): Replaced remaining fprintfs by log_*.
+ * arcfour.c (do_arcfour_setkey): Ditto.
+ * twofish.c (do_twofish_setkey): Ditto.
+ * rndegd.c (gather_random): Ditto.
+ * rijndael.c (do_setkey): Ditto.
+ * random.c (_gcry_random_dump_stats): Ditto.
+ * primegen.c (_gcry_generate_elg_prime): Ditto.
+ * des.c (_gcry_des_get_info): Ditto.
+ * cast5.c (do_cast_setkey): Ditto.
+ * blowfish.c (do_bf_setkey): Ditto.
+
+2002-08-26 Werner Koch <wk@gnupg.org>
+
+ * des.c (weak_keys): Fixed one entry in the table and compared
+ all entries against the literature.
+ (selftest): Checksum the weak key table.
+
+2002-08-21 Werner Koch <wk@gnupg.org>
+
+ * pubkey.c: Enable keygrip calculation for "openpgp-rsa".
+
+2002-08-17 Werner Koch <wk@gnupg.org>
+
+ * cipher.c (setup_cipher_table): Don't overwrite the DES entry
+ with the entry for DUMMY.
+
+2002-08-14 Werner Koch <wk@gnupg.org>
+
+ * des.c (do_des_setkey,do_des_encrypt, do_des_decrypt): New.
+ (_gcry_des_get_info): Support plain old DES.
+ * cipher.c (setup_cipher_table): Put DES into the table.
+
+2002-07-25 Werner Koch <wk@gnupg.org>
+
+ * rndunix.c (_gcry_rndunix_constructor): Prefixed with _gcry_.
+ Noted by Stephan Austermuehle.
+
+2002-07-08 Timo Schulz <ts@winpt.org>
+
+ * rndw32.c: Replaced the m_ memory functions with the real
+ gcry_ functions. Renamed all g10_ prefixed functions to log_.
+
+2002-06-12 Werner Koch <wk@gnupg.org>
+
+ * rsa.c (generate): Use e = 65537 for now.
+
+2002-06-11 Werner Koch <wk@gnupg.org>
+
+ * pubkey.c (gcry_pk_get_keygrip): Allow a "protected-private-key".
+
+2002-06-05 Timo Schulz <ts@winpt.org>
+
+ * cipher.c (gcry_cipher_encrypt, gcry_cipher_decrypt):
+ Check that the input size is a multiple of the blocksize.
+
+2002-05-23 Werner Koch <wk@gnupg.org>
+
+ * md.c (oid_table): Add an rsadsi OID for MD5.
+
+2002-05-21 Werner Koch <wk@gnupg.org>
+
+ * primegen.c, elgamal.c, dsa.c (progress): Do not print anything
+ by default. Pass an extra identifying string to the callback and
+ reserved 2 argumenst for current and total counters. Changed the
+ register function prototype.
+
+2002-05-17 Werner Koch <wk@gnupg.org>
+
+ * rndegd.c (rndegd_constructor): Fixed name of register function
+ and prefixed the function name with _gcry_.
+ * rndw32.c (rndw32_constructor): Ditto.
+ * tiger.c (tiger_constructor): Ditto.
+
+ * Makefile.am: Removed all dynamic loading stuff.
+ * dynload.c: Ditto. Now only used for the constructor system.
+
+2002-05-15 Werner Koch <wk@gnupg.org>
+
+ * random.c (gcry_random_bytes,gcry_random_bytes_secure)
+ (gcry_randomize): Make sure we are initialized.
+
+2002-05-14 Werner Koch <wk@gnupg.org>
+
+ Changed license of most files to the LGPL.
+
+2002-05-02 Werner Koch <wk@gnupg.org>
+
+ * random.c (_gcry_fast_random_poll): Initialize the module so the
+ mutex can be used.
+
+ * primegen.c (small_prime_numbers): Moved table from smallprime.c
+ * smallprime.c: File removed.
+
+ * des.c (leftkey_swap, rightkey_swap, working_memcmp): Made static.
+
+ * cipher.c (gcry_cipher_map_name): Map "RIJNDAEL" to "AES".
+ * rijndael.c (rijndael_get_info): We do only support a 128 bit
+ blocksize so it makes sense to change the algorithm strings to
+ AES.
+
+ * tiger.c (tiger_final): Removed superfluous token pasting operators.
+ * md5.c (md5_final): Ditto.
+
+2002-04-30 Werner Koch <wk@gnupg.org>
+
+ * cipher.c: Fixed list of copyright years.
+
+2002-03-18 Werner Koch <wk@gnupg.org>
+
+ * random.c (initialize): Initialize the new pool lock mutex.
+ (_gcry_fast_random_poll): Add locking and moved main
+ code out to...
+ (do_fast_random_poll): new function.
+ (read_pool): Use the new function here.
+ (get_random_bytes): Add locking.
+ (_gcry_update_random_seed_file): Ditto.
+
+2002-03-11 Werner Koch <wk@gnupg.org>
+
+ * md.c: Add rsaSignatureWithripemd160 to OID table.
+
+2002-02-20 Werner Koch <wk@gnupg.org>
+
+ * sha1.c: Removed a left over comment note. The code has been
+ rewritten from scratch in 1998. Thanks to Niels Möller for
+ reporting this misleading comment.
+
+2002-02-18 Werner Koch <wk@gnupg.org>
+
+ * rndunix.c (rndunix_constructor): Use the the new prefixed
+ function name. Reported by Jordi Mallach.
+
+2002-02-10 Werner Koch <wk@gnupg.org>
+
+ * random.c (mix_pool): Carry an extra failsafe_digest buffer
+ around to make the function more robust.
+
+2002-02-08 Werner Koch <wk@gnupg.org>
+
+ * random.c (add_randomness): Xor new data into the pool and not
+ just copy it. This avoids any choosen input attacks which are not
+ serious in our setting because an outsider won't be able to mix
+ data in and even then we keep going with a PRNG. Thanks to Stefan
+ Keller for pointing this out.
+
+2002-01-04 Werner Koch <wk@gnupg.org>
+
+ * pubkey.c (gcry_pk_genkey): Do not release skey - it is static.
+
+ * primegen.c (gen_prime): Of course we should use set_bit
+ and not set_highbit to set the second high bit.
+
+2001-12-18 Werner Koch <wk@gnupg.org>
+
+ * rsa.c (generate): Loop until we find the exact modulus size.
+ Changed the exponent to 41.
+ (rsa_get_info): s/usage/r_usage/ to avoid shadow warnings.
+ * primegen.c (gen_prime): Set 2 high order bits for secret primes.
+
+ * Makefile.am (DISTCLEANFILES): Include construct.c.
+
+2001-12-17 Werner Koch <wk@gnupg.org>
+
+ * pubkey.c (gcry_pk_get_keygrip): New - experimental.
+
+2001-12-11 Werner Koch <wk@gnupg.org>
+
+ * cipher.c: Added OIDs for AES.
+ (gcry_cipher_mode_from_oid): New.
+ (gcry_cipher_map_name): Moved OID search code to ..
+ (search_oid): .. new function.
+
+2001-12-10 Werner Koch <wk@gnupg.org>
+
+ * pubkey.c (gcry_pk_encrypt): Find the signature algorithm by name
+ and not by number.
+
+ * pubkey.c (gcry_pk_encrypt,gcry_pk_decrypt,gcry_pk_sign)
+ (gcry_pk_verify,gcry_pk_testkey, gcry_pk_genkey)
+ (gcry_pk_get_nbits): Release the arrays. Noted by Nikos
+ Mavroyanopoulos.
+
+2001-12-06 Werner Koch <wk@gnupg.org>
+
+ * cipher.c (gcry_cipher_map_name): Look also for OIDs prefixed
+ with "oid." or "OID.".
+
+2001-12-05 Werner Koch <wk@gnupg.org>
+
+ * pubkey.c (algo_info_table): Fixed entry for openpgp-rsa.
+
+2001-11-24 Werner Koch <wk@gnupg.org>
+
+ * pubkey.c: Added the rsaEncryption OID to the tables.
+ (sexp_to_key): Add an arg to return the index of the algorithm,
+ changed all callers.
+ (gcry_pk_sign): Find the signature algorithm by name and not by
+ number.
+ (gcry_pk_get_nbits): Fixed so that we can now really pass a secret
+ key to get the result.
+
+ * md.c (gcry_md_map_name): Look also for OIDs prefixed with "oid."
+ or "OID." so that an OID string can be used as an S-Exp token.
+
+2001-11-20 Werner Koch <wk@gnupg.org>
+
+ * md.c (gcry_md_map_name): Lookup by OID if the the name begins
+ with a digit.
+ (oid_table): New.
+
+2001-11-16 Werner Koch <wk@gnupg.org>
+
+ * md.c (gcry_md_info): New operator GCRYCTL_IS_ALGO_ENABLED.
+
+2001-11-07 Werner Koch <wk@gnupg.org>
+
+ * md.c (gcry_md_hash_buffer): Close the handle which was left open
+ for algorithms other than rmd160.
+
+2001-08-08 Werner Koch <wk@gnupg.org>
+
+ * rndw32.c (gather_random): Use toolhelp in addition to the NT
+ gatherer for Windows2000. Suggested by Sami Tolvanen.
+
+ * random.c (read_pool): Fixed length check, this used to be one
+ byte to strict. Made an assert out of it because the caller has
+ already made sure that only poolsize bytes are requested.
+ Reported by Marcus Brinkmann.
+
+2001-08-03 Werner Koch <wk@gnupg.org>
+
+ * cipher.c (cipher_encrypt, cipher_decrypt): Prepare to return
+ errors. We have to change the interface to all ciphers to make
+ this really work but we should do so to prepare for hardware
+ encryption modules.
+ (gcry_cipher_encrypt, gcry_cipher_decrypt): Return the error and
+ set lasterr.
+ (gcry_cipher_ctl): Make sure that errors from setkey are returned.
+
+2001-08-02 Werner Koch <wk@gnupg.org>
+
+ * rndlinux.c (gather_random): casted a size_t arg to int so that
+ the format string is correct. Casting is okay here and avoids
+ translation changes.
+
+ * random.c (fast_random_poll): Do not check the return code of
+ getrusage.
+
+ * rndunix.c: Add a signal.h header to avoid warnings on Solaris 7
+ and 8.
+
+ * tiger.c (print_abc,print_data): Removed.
+
+ * rijndael.c, des.c, blowfish.c, twofish.c, cast5.c, arcfour.c
+ (burn_stack): New. Add wrappers for most functions to be able to
+ call burn_stack after the function invocation. This methods seems
+ to be the most portable way to zeroise the stack used. It does
+ only work on stack frame based machines but it is highly portable
+ and has no side effects. Just setting the automatic variables at
+ the end of a function to zero does not work well because the
+ compiler will optimize them away - marking them as volatile would
+ be bad for performance.
+ * md5.c, sha1.c, rmd160.c, tiger.c (burn_stack): Likewise.
+ * random.c (burn_stack): New.
+ (mix_pool): Use it here to burn the stack of the mixblock function.
+
+ * primegen.c (_gcry_generate_elg_prime): Freed q at 3 places.
+ Thanks to Tommi Komulainen.
+
+ * arcfour.c (arcfour_setkey): Check the minimim keylength against
+ bytes and not bits.
+ (selftest): Must reset the key before decryption.
+
+2001-05-31 Werner Koch <wk@gnupg.org>
+
+ * sha1.c (sha1_init): Made static.
+
+ Changed all g10_ prefixed function names as well as some mpi_
+ function names to cope with the introduced naming changes.
+
+ * md.c (prepare_macpads): Made key const.
+
+2001-05-28 Werner Koch <wk@gnupg.org>
+
+ * rndegd.c (gather_random): Removed the use of tty_printf.
+
+2001-03-29 Werner Koch <wk@gnupg.org>
+
+ * md5.c (md5_final): Fixed calculation of hashed length. Thanks
+ to disastry@saiknes.lv for pointing out that it was horrible wrong
+ for more than 512MB of input.
+ * sha1.c (sha1_final): Ditto.
+ * rmd160.c (rmd160_final): Ditto.
+ * tiger.c (tiger_final): Ditto.
+
+ * blowfish.c (encrypt,do_encrypt): Changed name to do_encrypt to
+ avoid name clashes with an encrypt function in stdlib.h of
+ Dynix/PIX. Thanks to Gene Carter.
+ * elgamal.c (encrypt,do_encrypt): Ditto.
+
+ * twofish.c (gnupgext_enum_func): Use only when when compiled as a
+ module.
+ * rijndael.c (gnupgext_enum_func): Ditto.
+
+ * tiger.c (tiger_get_info): Return "TIGER192" and not just
+ "TIGER". By Edwin Woudt.
+
+ * random.c: Always include time.h - standard requirement. Thanks
+ to James Troup.
+
+ * rndw32.c: Fixes to the macros.
+
+2001-01-11 Werner Koch <wk@gnupg.org>
+
+ * cipher.c (cipher_encrypt,gcry_cipher_encrypt): Use blocksize and
+ not 8.
+
+2000-12-19 Werner Koch <wk@gnupg.org>
+
+ Major change:
+ Removed all GnuPG stuff and renamed this piece of software
+ to gcrypt.
+
+2000-11-14 Werner Koch <wk@gnupg.org>
+
+ * dsa.c (test_keys): Replaced mpi_alloc by gcry_mpi_new and
+ mpi_free by gcry_mpi_release.
+ * elgamal.c (test_keys,generate): Ditto, also for mpi_alloc_secure.
+ * rsa.c (test_keys,generate,rsa_verify): Ditto.
+ * primegen.c (generate_elg_prime): Ditto.
+ (gen_prime): Ditto and removed nlimbs.
+
+ * rsa.c (generate): Allocate 2 more vars in secure memory.
+
+ * Makefile.am (OMIT_DEPENDENCIES): Hack to work around dependency
+ problems.
+
+2000-10-09 Werner Koch <wk@gnupg.org>
+
+ * arcfour.c, arcfour.h: New.
+ * cipher.c (cipher_encrypt, cipher_decrypt): Add stream mode.
+ (setup_cipher_table): Add Arcfour.
+ (gcry_cipher_open): Kludge to allow stream mode.
+
+Wed Oct 4 13:16:18 CEST 2000 Werner Koch <wk@openit.de>
+
+ * sha1.c (transform): Use rol() macro. Actually this is not needed
+ for a newer gcc but there are still aoter compilers.
+
+ * rsa.c (test_keys): Use new random function.
+
+ * md.c (gcry_md_setkey): New function to overcome problems with
+ const conflics.
+ (gcry_md_ctl): Pass set key to the new functions.
+
+ * rijndael.c: New.
+ * cipher.c: Add Rijndael support.
+
+Mon Sep 18 16:35:45 CEST 2000 Werner Koch <wk@openit.de>
+
+ * rndlinux.c (open_device): Loose random device checking.
+ By Nils Ellmenreich.
+
+ * random.c (fast_random_poll): Check ENOSYS for getrusage.
+ * rndunix.c: Add 2 sources for QNX. By Sam Roberts.
+
+ * pubkey.c (gcry_pk_algo_info): Add GCRYCTL_GET_ALGO_USAGE.
+
+ * rsa.c: Changed the comment about the patent.
+ (secret): Speed up by using the CRT. For a 2k keys this
+ is about 3 times faster.
+ (stronger_key_check): New but unused code to check the secret key.
+ * Makefile.am: Included rsa.[ch].
+ * pubkey.c: Enabled RSA support.
+ (pubkey_get_npkey): Removed RSA workaround.
+
+Mon Jul 31 10:04:47 CEST 2000 Werner Koch <wk@openit.de>
+
+ * pubkey.c: Replaced all gcry_sexp_{car,cdr}_{data,mpi} by the new
+ gcry_sexp_nth_{data,mpi} functions.
+
+Tue Jul 25 17:44:15 CEST 2000 Werner Koch <wk@openit.de>
+
+ * pubkey.c (exp_to_key,sexp_to_sig,sexp_to_enc,gcry_pk_encrypt,
+ gcry_pk_decrypt,gcry_pk_sign,gcry_pk_genkey): Changed to work with
+ the new S-Exp interface.
+
+Mon Jul 17 16:35:47 CEST 2000 Werner Koch <wk@>
+
+ * random.c (gather_faked): Replaced make_timestamp by time(2) again.
+
+Fri Jul 14 19:38:23 CEST 2000 Werner Koch <wk@>
+
+ * md.c (gcry_md_ctl): Support GCRYCTL_{START,STOP}_DUMP.
+
+ * Makefile.am: Never compile mingw32 as module.
+
+ * Makefile.am: Tweaked module build and removed libtool
+
+ * Makefile.am: Replaced -O1 by -O. Suggested by Alec Habig.
+
+ * elgamal.c (sign): Removed inactive code.
+
+ * rsa.c, rsa.h: New based on the old module version (only in CVS for now).
+ * pubkey.c (setup_pubkey_table): Added commented support for RSA.
+
+ * rndunix.c (waitpid): New. For UTS 2.1. All by Dave Dykstra.
+ (my_popen): Do the FD_CLOEXEC only if it is available
+ (start_gatherer): Cope with missing _SC_OPEN_MAX
+
+ * rndunix.c: Add some more headers for QNX. By Sam Roberts.
+
+ * rndegd.c (gather_random): Shortcut level 0.
+ * rndunix.c (gather_random): Ditto.
+ * rndw32.c (gather_random): Ditto.
+
+ * rndw32.c: Replaced with code from Cryptlib and commented the old stuff.
+ * rndw32.c: Add some debuging code enabled by an environment variable.
+
+ * random.c (read_seed_file): Binary open for DOSish system
+ (update_random_seed_file): Ditto.
+ * random.c [MINGW32]: Include process.h for getpid.
+ * random.c (fast_random_poll): Add clock_gettime() as fallback for
+ system which support this POSIX.4 fucntion. By Sam Roberts.
+
+ * random.c (read_seed_file): Removed the S_ISLNK test becuase it
+ is already covered by !S_ISREG and is not defined in Unixware.
+ Reported by Dave Dykstra.
+ (update_random_seed_file): Silently ignore update request when pool
+ is not filled.
+
+ * random.c (read_seed_file): New.
+ (set_random_seed_file): New.
+ (read_pool): Try to read the seeding file.
+ (update_random_seed_file): New.
+
+ (read_pool): Do an initial extra seeding when level 2 quality random
+ is requested the first time. This requestes at least POOLSIZE/2 bytes
+ of entropy. Compined with the seeding file this should make normal
+ random bytes cheaper and increase the quality of the random bytes
+ used for key generation.
+
+ * random.c (read_pool): Print a more friendly error message in
+ cases when too much random is requested in one call.
+
+ * random.c (fast_random_poll): Check whether RUSAGE_SELF is defined;
+ this is not the case for some ESIX and Unixware, although they have
+ getrusage().
+
+ * primegen.c (generate_elg_prime): All primes are now generated with
+ the lowest random quality level. Because they are public anyway we
+ don't need stronger random and by this we do not drain the systems
+ entropy so much.
+
+ * primegen.c (register_primegen_progress): New.
+ * dsa.c (register_pk_dsa_progress): New.
+ * elgamal.c (register_pk_elg_progress): New.
+
+ * elgamal.c (wiener_map): New.
+ (gen_k): Use a much smaller k.
+ (generate): Calculate the qbits using the wiener map and
+ choose an x at a size comparable to the one choosen in gen_k
+
+ * rmd160.c (rmd160_get_info): Moved casting to the left side due to a
+ problem with UTS4.3. Suggested by Dave Dykstra.
+ * sha1.c (sha1_get_info): Ditto.
+ * tiger.c (tiger_get_info): Ditto.
+ * md5.c (md5_get_info): Ditto
+ * des.c (des_get_info): Ditto.
+ * blowfish.c (blowfish_get_info): Ditto.
+ * cast5.c (cast5_get_info): Ditto.
+ * twofish.c (twofish_get_info): Ditto.
+
+Fri Mar 24 11:25:45 CET 2000 Werner Koch <wk@openit.de>
+
+ * md.c (md_open): Add hmac arg and allocate space for the pads.
+ (md_finalize): Add HMAC support.
+ (md_copy): Ditto.
+ (md_close): Ditto.
+ (gcry_md_reset): Ditto.
+ (gcry_md_ctl): Ditto.
+ (prepare_macpdas): New.
+
+Mon Mar 13 19:22:46 CET 2000 Werner Koch <wk@openit.de>
+
+ * md.c (gcry_md_hash_buffer): Add support for the other algorithms.
+
+Mon Jan 31 16:37:34 CET 2000 Werner Koch <wk@gnupg.de>
+
+ * genprime.c (generate_elg_prime): Fixed returned factors which never
+ worked for non-DSA keys.
+
+Thu Jan 27 18:00:44 CET 2000 Werner Koch <wk@gnupg.de>
+
+ * pubkey.c (sexp_to_key): Fixed mem leaks in case of errors.
+
+Mon Jan 24 22:24:38 CET 2000 Werner Koch <wk@gnupg.de>
+
+ * pubkey.c (gcry_pk_decrypt): Implemented.
+ (gcry_pk_encrypt): Implemented.
+ (gcry_pk_testkey): New.
+ (gcry_pk_genkey): New.
+ (pubkey_decrypt): Made static.
+ (pubkey_encrypt): Ditto.
+ (pubkey_check_secret_key): Ditto.
+ (pubkey_generate): Ditto.
+
+Mon Jan 24 13:04:28 CET 2000 Werner Koch <wk@gnupg.de>
+
+ * pubkey.c (pubkey_nbits): Removed and replaced by ...
+ (gcry_pk_get_nbits): this new one.
+
+Wed Dec 8 21:58:32 CET 1999 Werner Koch <wk@gnupg.de>
+
+ * dsa.c: s/mpi_powm/gcry_mpi_powm/g
+ * elgamal.c: Ditto.
+ * primegen.c: Ditto.
+
+ * : Replaced g10_opt_verbose by g10_log_verbosity().
+
+ * Makefile.am (INCLUDES): removed intl, add ../gcrypt
+
+Fri Nov 19 17:15:20 CET 1999 Werner Koch <wk@gnupg.de>
+
+ * dynload.c (cmp_filenames): New to replaced compare_filename() in
+ module.
+ (register_cipher_extension): Removed the tilde expansion stuff.
+ * rndeg.c (my_make_filename): New.
+
+ * : Replaced header util.h by g10lib.h
+
+ * random.c (gather_faked): Replaced make_timestamp by time(2).
+ Disabled wrning printed with tty_printf.
+ * rndlinux.c (gather_random): Always use fprintf instead of tty_xxx;
+ this should be replaced by a callback function.
+
+ * primegen.c (gen_prime): Use gcry_mpi_randomize.
+ (is_prime): Ditto.
+ * elgamal.c (test_keys): Ditto.
+ * dsa.c (test_keys): Ditto.
+
+ * cipher.c (gcry_cipher_close): Die on invalid handle.
+
+Mon Nov 15 21:36:02 CET 1999 Werner Koch <wk@gnupg.de>
+
+ * elgamal.c (gen_k): Use the new random API.
+ (generate): Ditto.
+ * dsa.c (gen_k): Ditto.
+ (generate): Ditto.
+
+Sat Nov 13 17:44:23 CET 1999 Werner Koch <wk@gnupg.de>
+
+ * pubkey.c (disable_pubkey_algo): Made static.
+ (gcry_pk_ctl): New.
+
+ * random.c (get_random_bits): Renamed to ...
+ (get_random_bytes): ... this and made static.
+ (gcry_random_bytes): New.
+ (gcry_random_bytes_secure): New.
+ (randomize_buffer): Renamed to ...
+ (gcry_randomize): ...this.
+
+ * md.c (gcry_md_hash_buffer): New.
+
+ * pubkey.c (gcry_pk_algo_info): 4 new commands.
+ (pubkey_get_npkey): Made static.
+ (pubkey_get_nskey): Made static.
+ (pubkey_get_nsig): Made static.
+ (pubkey_get_nenc): Made static.
+
+ * pubkey.c: Removed all G10ERR_xxx.
+ * cipher.c: Changed all GCRYERR_INV_ALGO to GCRYERR_INV_CIPHER_ALGO.
+ * md.c: Changed all GCRYERR_INV_ALGO to GCRYERR_INV_MD_ALGO.
+ * cast5.c (cast_setkey): Changed errocodes to GCRYERR_xxx.
+ * blowfish.c: Ditto.
+ * des.c: Ditto.
+ * twofish.c: Ditto.
+ * dsa.c: Ditto.
+ * elgamal.c: Ditto.
+
+ * g10c.c: Removed
+
+ * cipher.c (gcry_cipher_open): Replaced alloc functions and return NULL
+ if we are out of core.
+ * dynload.c: Replaced all memory allocation functions.
+ * md.c: Ditto.
+ * primegen.c: Ditto.
+ * pubkey.c: Ditto.
+ * random.c: Ditto.
+ * rndw32.c: Ditto.
+ * elgamal.c: Ditto.
+ * dsa.c: Ditto.
+
+Tue Oct 26 14:10:21 CEST 1999 Werner Koch <wk@gnupg.de>
+
+ * elgamal.c (sign): Hugh found strange code here. Replaced by BUG().
+
+ * cipher.c: Merged with gcrypt/symapi.c.
+
+ * pubkey.c (string_to_pubkey_algo): Renamed function to ...
+ (gcry_pk_map_name): ... this.
+ (pubkey_algo_to_string): Renamed function to ...
+ (gcry_pk_algo_name): ... this.
+ (gcry_pk_algo_info): New.
+ * pubkey.c: Merged with gcrypt/pkapi.c.
+
+ * md.c (md_reset): Clear finalized; thanks to Ulf Moeller for
+ fixing this bug.
+
+ * md.c: Merged with gcrypt/mdapi.c
+
+Wed Sep 15 14:39:59 CEST 1999 Michael Roth <mroth@nessie.de>
+
+ * des.c: Various speed improvements: One bit pre rotation
+ trick after initial permutation (Richard Outerbridge).
+ Finished test of SSLeay Tripple-DES patterns.
+
+Wed Sep 15 16:22:17 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * rndw32.c: New.
+
+Mon Sep 13 10:51:29 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * bithelp.h: New.
+ * rmd160.h, sha1.h, md5.h: Use the rol macro from bithelp.h
+
+Tue Sep 7 16:23:36 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * Makefile.am: Fixed seds for latest egcc. By Ollivier Robert.
+
+Mon Sep 6 19:59:08 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * des.c (selftest): Add some testpattern
+
+Mon Aug 30 20:38:33 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * cipher.c (do_cbc_encrypt): Fixed serious bug occuring when not using
+ in place encryption. Pointed out by Frank Stajano.
+
+Mon Jul 26 09:34:46 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * md5.c (md5_final): Fix for a SCO cpp bug.
+
+Thu Jul 15 10:15:35 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * elgamal.c (elg_check_secret_key,elg_encrypt
+ elg_decrypt,elg_sign,elg_verify): Sanity check on the args.
+ * dsa.c (dsa_check_secret_key,dsa_sign,dsa_verify): Ditto.
+
+ * pubkey.c (disable_pubkey_algo): New.
+ (check_pubkey_algo2): Look at disabled algo table.
+ * cipher.c (disable_cipher_algo): New.
+ (check_cipher_algo): Look at disabled algo table.
+
+Wed Jul 7 13:08:40 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * Makefile.am: Support for libtool.
+
+Fri Jul 2 11:45:54 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * dsa.c (gen_k): Changed algorithm to consume less random bytes
+ * elgamal.c (gen_k): Ditto.
+
+ * random.c (random_dump_stats): New.
+
+Thu Jul 1 12:47:31 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * primegen.c, elgamal.c, dsa.c (progess): New and replaced all
+ fputc with a call to this function.
+
+Sat Jun 26 12:15:59 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * rndegd.c (do_write): s/ssize_t/int/ due to SunOS 4.1 probs.
+
+ * cipher.c (do_cbc_encrypt, do_cbc_decrypt): New.
+
+ * dynload.c (HAVE_DL_SHL_LOAD): Map hpux API to dlopen (Dave Dykstra).
+ * Makefile.am (install-exec-hook): Removed.
+
+Sun May 23 14:20:22 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * cipher.c (setup_cipher_table): Enable Twofish
+
+ * random.c (fast_random_poll): Disable use of times() for mingw32.
+
+Mon May 17 21:54:43 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * dynload.c (register_internal_cipher_extension): Minor init fix.
+
+Tue May 4 15:47:53 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * primegen.c (gen_prime): Readded the Fermat test. Fixed the bug
+ that we didn't correct for step when passing the prime to the
+ Rabin-Miller test which led to bad performance (Stefan Keller).
+ (check_prime): Add a first Fermat test.
+
+Sun Apr 18 10:11:28 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * cipher.c (cipher_setiv): Add ivlen arg, changed all callers.
+
+ * random.c (randomize_buffer): alway use secure memory because
+ we can't use m_is_secure() on a statically allocated buffer.
+
+ * twofish.c: Replaced some macros by a loop to reduce text size.
+ * Makefile.am (twofish): No more need for sed editing.
+
+Fri Apr 9 12:26:25 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * cipher.c (cipher_open): Reversed the changes for AUTO_CFB.
+
+ * blowfish.c: Dropped the Blowfish 160 mode.
+ * cipher.c (cipher_open): Ditto.
+ (setup_cipher_table): Ditto. And removed support of twofish128
+
+Wed Apr 7 20:51:39 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * random.c (get_random_bits): Can now handle requests > POOLSIZE
+
+ * cipher.c (cipher_open): Now uses standard CFB for automode if
+ the blocksize is gt 8 (according to rfc2440).
+
+ * twofish.c: Applied Matthew Skala's patches for 256 bit key.
+
+Tue Apr 6 19:58:12 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * random.c (get_random_bits): Can now handle requests > POOLSIZE
+
+ * cipher.c (cipher_open): Now uses standard CFB for automode if
+ the blocksize is gt 8 (according to rfc2440).
+
+Sat Mar 20 11:44:21 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * rndlinux.c (tty_printf) [IS_MODULE]: Removed.
+
+ * rndegd.c (gather_random): Some fixes.
+
+Wed Mar 17 13:09:03 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * rndegd.c (do_read): New.
+ (gather_random): Changed the implementation.
+
+Mon Mar 8 20:47:17 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * dynload.c (DLSYM_NEEDS_UNDERSCORE): Renamed.
+
+Fri Feb 26 17:55:41 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * md.c: Nearly a total rewrote.
+
+Wed Feb 24 11:07:27 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * cipher.c (context): Fixed alignment
+ * md.c: Ditto.
+
+ * rndegd.c: New
+
+Mon Feb 22 20:04:00 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * rndegd.c: New.
+
+Wed Feb 10 17:15:39 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * Makefile.am: Modules are now figured out by configure
+ * construct.c: New. Generated by configure. Changed all modules
+ to work with that.
+ * sha1.h: Removed.
+ * md5.h: Removed.
+
+ * twofish.c: Changed interface to allow Twofish/256
+
+ * rndunix.c (start_gatherer): Die on SIGPIPE.
+
+Wed Jan 20 18:59:49 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * rndunix.c (gather_random): Fix to avoid infinite loop.
+
+Sun Jan 17 11:04:33 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * des.c (is_weak_key): Replace system memcmp due to bugs
+ in SunOS's memcmp.
+ (des_get_info): Return error on failed selftest.
+ * twofish.c (twofish_setkey): Return error on failed selftest or
+ invalid keylength.
+ * cast5.c (cast_setkey): Ditto.
+ * blowfish.c (bf_setkey): Return error on failed selftest.
+
+Tue Jan 12 11:17:18 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * random.c (random_is_faked): New.
+
+ * tiger.c: Only compile if we have the u64 type
+
+Sat Jan 9 16:02:23 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * rndunix.c (gather_random): check for setuid.
+
+ * Makefile.am: Add a way to staically link random modules
+
+Thu Jan 7 18:00:58 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * md.c (md_stop_debug): Do a flush first.
+ (md_open): size of buffer now depends on the secure parameter
+
+Sun Jan 3 15:28:44 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * rndunix.c (start_gatherer): Fixed stupid ==/= bug
+
+1998-12-31 Geoff Keating <geoffk@ozemail.com.au>
+
+ * des.c (is_weak_key): Rewrite loop end condition.
+
+Tue Dec 29 14:41:47 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
+
+ * random.c: add unistd.h for getpid().
+ (RAND_MAX): Fallback value for Sun.
+
+Wed Dec 23 17:12:24 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
+
+ * md.c (md_copy): Reset debug.
+
+Mon Dec 14 21:18:49 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
+
+ * random.c (read_random_source): Changed the interface to the
+ random gathering function.
+ (gather_faked): Use new interface.
+ * dynload.c (dynload_getfnc_fast_random_poll): Ditto.
+ (dynload_getfnc_gather_random): Ditto.
+ * rndlinux.c (gather_random): Ditto.
+ * rndunix.c (gather_random): Ditto.
+
+Sat Dec 12 18:40:32 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
+
+ * dynload.c (SYMBOL_VERSION): New to cope with system which needs
+ underscores.
+
+ * rndunix.c: Rewrote large parts
+
+Thu Dec 10 20:15:36 CET 1998 Werner Koch <wk@isil.d.shuttle.de>
+
+ * dynload.c (load_extension): increased needed verbosity level.
+
+ * random.c (fast_random_poll): Fallback to a default fast random
+ poll function.
+ (read_random_source): Always use the faked entroy gatherer if no
+ gather module is available.
+ * rndlinux.c (fast_poll): Removed.
+ * rndunix.c (fast_poll): Removed.
+
+
+Wed Nov 25 12:33:41 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * rand-*.c: Removed.
+ * rndlinux.c : New.
+ * rndunix.c : New.
+ * random.c : Restructured the interface to the gather modules.
+ (intialize): Call constructor functions
+ (read_radnom_source): Moved to here.
+ * dynload.c (dynload_getfnc_gather_random): New.
+ (dynload_getfnc_fast_random_poll): New.
+ (register_internal_cipher_extension): New.
+ (register_cipher_extension): Support of internal modules.
+
+Sun Nov 8 17:44:36 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * rand-unix.c (read_random_source): Removed the assert.
+
+Mon Oct 19 18:34:30 1998 me,,, (wk@tobold)
+
+ * pubkey.c: Hack to allow us to give some info about RSA keys back.
+
+Thu Oct 15 11:47:57 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * dynload.c: Support for DLD
+
+Wed Oct 14 12:13:07 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * rand-unix.c: Now uses names from configure for /dev/random.
+
+1998-10-10 SL Baur <steve@altair.xemacs.org>
+
+ * Makefile.am: fix sed -O substitutions to catch -O6, etc.
+
+Tue Oct 6 10:06:32 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * rand-unix.c (HAVE_GETTIMEOFDAY): Fixed (was ..GETTIMEOFTIME :-)
+ * rand-dummy.c (HAVE_GETTIMEOFDAY): Ditto.
+
+Mon Sep 28 13:23:09 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * md.c (md_digest): New.
+ (md_reset): New.
+
+Wed Sep 23 12:27:02 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * tiger.c (TIGER_CONTEXT): moved "buf", so that it is 64 bit aligned.
+
+Mon Sep 21 06:22:53 1998 Werner Koch (wk@(none))
+
+ * des.c: Some patches from Michael.
+
+Thu Sep 17 19:00:06 1998 Werner Koch (wk@(none))
+
+ * des.c : New file from Michael Roth <mroth@nessie.de>
+
+Mon Sep 14 11:10:55 1998 Werner Koch (wk@(none))
+
+ * blowfish.c (bf_setkey): Niklas Hernaeus patch to detect weak keys.
+
+Mon Sep 14 09:19:25 1998 Werner Koch (wk@(none))
+
+ * dynload.c (RTLD_NOW): Now defined to 1 if it is undefined.
+
+Mon Sep 7 17:04:33 1998 Werner Koch (wk@(none))
+
+ * Makefile.am: Fixes to allow a different build directory
+
+Thu Aug 6 17:25:38 1998 Werner Koch,mobil,,, (wk@tobold)
+
+ * random.c (get_random_byte): Removed and changed all callers
+ to use get_random_bits()
+
+Mon Jul 27 10:30:22 1998 Werner Koch (wk@(none))
+
+ * cipher.c : Support for other blocksizes
+ (cipher_get_blocksize): New.
+ * twofish.c: New.
+ * Makefile.am: Add twofish module.
+
+Mon Jul 13 21:30:52 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * random.c (read_pool): Simple alloc if secure_alloc is not set.
+ (get_random_bits): Ditto.
+
+Thu Jul 9 13:01:14 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * dynload.c (load_extension): Function now nbails out if
+ the program is run setuid.
+
+Wed Jul 8 18:58:23 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * rmd160.c (rmd160_hash_buffer): New.
+
+Thu Jul 2 10:50:30 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * cipher.c (cipher_open): algos >=100 use standard CFB
+
+Thu Jun 25 11:18:25 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * Makefile.am: Support for extensions
+
+Thu Jun 18 12:09:38 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * random.c (mix_pool): simpler handling for level 0
+
+Mon Jun 15 14:40:48 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * tiger.c: Removed from dist, will reappear as dynload module
+
+Sat Jun 13 14:16:57 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * pubkey.c: Major changes to allow extensions. Changed the inteface
+ of all public key ciphers and added the ability to load extensions
+ on demand.
+
+ * misc.c: Removed.
+
+Wed Jun 10 07:52:08 1998 Werner Koch,mobil,,, (wk@tobold)
+
+ * dynload.c: New.
+ * cipher.c: Major changes to allow extensions.
+
+Mon Jun 8 22:43:00 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * cipher.c: Major internal chnages to support extensions.
+ * blowfish.c (blowfish_get_info): New and made all internal
+ functions static, changed heder.
+ * cast5.c (cast5_get_info): Likewise.
+
+Mon Jun 8 12:27:52 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * tiger.c (transform): Fix for big endian
+
+ * cipher.c (do_cfb_decrypt): Big endian fix.
+
+Fri May 22 07:30:39 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * md.c (md_get_oid): Add a new one for TIGER.
+
+Thu May 21 13:24:52 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * cipher.c: Add support for a dummy cipher
+
+Thu May 14 15:40:36 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * rmd160.c (transform): fixed sigbus - I should better
+ add Christian von Roques's new implemenation of rmd160_write.
+
+Fri May 8 18:07:44 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * rand-internal.h, rand-unix.c, rand-w32.c, rand_dummy.c: New
+ * random.c: Moved system specific functions to rand-****.c
+
+Fri May 8 14:01:17 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * random.c (fast_random_poll): add call to gethrtime.
+
+Tue May 5 21:28:55 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * elgamal.c (elg_generate): choosing x was not correct, could
+ yield 6 bytes which are not from the random pool, tsss, tsss..
+
+Tue May 5 14:09:06 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * primegen.c (generate_elg_prime): Add arg mode, changed all
+ callers and implemented mode 1.
+
+Mon Apr 27 14:41:58 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * cipher.c (cipher_get_keylen): New.
+
+Sun Apr 26 14:44:52 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * tiger.c, tiger.h: New.
+
+Wed Apr 8 14:57:11 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * misc.c (check_pubkey_algo2): New.
+
+Tue Apr 7 18:46:49 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * cipher.c: New
+ * misc.c (check_cipher_algo): Moved to cipher.c
+ * cast5.c: Moved many functions to cipher.c
+ * blowfish.c: Likewise.
+
+Sat Apr 4 19:52:08 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * cast5.c: Implemented and tested.
+
+Wed Apr 1 16:38:27 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * elgamal.c (elg_generate): Faster generation of x in some cases.
+
+Thu Mar 19 13:54:48 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * blowfish.c (blowfish_decode_cfb): changed XOR operation
+ (blowfish_encode_cfb): Ditto.
+
+Thu Mar 12 14:04:05 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * sha1.c (transform): Rewrote
+
+ * blowfish.c (encrypt): Unrolled for rounds == 16
+ (decrypt): Ditto.
+
+Tue Mar 10 16:32:08 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * rmd160.c (transform): Unrolled the loop.
+
+Tue Mar 10 13:05:14 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * random.c (read_pool): Add pool_balance stuff.
+ (get_random_bits): New.
+
+ * elgamal.c (elg_generate): Now uses get_random_bits to generate x.
+
+
+Tue Mar 10 11:33:51 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * md.c (md_digest_length): New.
+
+Tue Mar 10 11:27:41 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * dsa.c (dsa_verify): Works.
+
+Mon Mar 9 12:59:08 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * dsa.c, dsa.h: Removed some unused code.
+
+Wed Mar 4 10:39:22 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * md.c (md_open): Add call to fast_random_poll.
+ blowfish.c (blowfish_setkey): Ditto.
+
+Tue Mar 3 13:32:54 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * rmd160.c (rmd160_mixblock): New.
+ * random.c: Restructured to start with a new RNG implementation.
+ * random.h: New.
+
+Mon Mar 2 19:21:46 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * gost.c, gost.h: Removed because they did only contain trash.
+
+Sun Mar 1 16:42:29 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * random.c (fill_buffer): removed error message if n == -1.
+
+Fri Feb 27 16:39:34 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * md.c (md_enable): No init if called twice.
+
+Thu Feb 26 07:57:02 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * primegen.c (generate_elg_prime): Changed the progress printing.
+ (gen_prime): Ditto.
+
+Tue Feb 24 12:28:42 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * md5.c, md.5 : Replaced by a modified version of md5.c from
+ GNU textutils 1.22.
+
+Wed Feb 18 14:08:30 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * md.c, md.h : New debugging support
+
+Mon Feb 16 10:08:47 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * misc.c (cipher_algo_to_string): New
+ (pubkey_algo_to_string): New.
+ (digest_algo_to_string): New.
+
+
+ Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006
+ 2007, 2008, 2009 Free Software Foundation, Inc.
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/grub-core/lib/libgcrypt/cipher/ac.c b/grub-core/lib/libgcrypt/cipher/ac.c
new file mode 100644
index 0000000..ee9498b
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/ac.c
@@ -0,0 +1,3301 @@
+/* ac.c - Alternative interface for asymmetric cryptography.
+ Copyright (C) 2003, 2004, 2005, 2006
+ 2007, 2008 Free Software Foundation, Inc.
+
+ This file is part of Libgcrypt.
+
+ Libgcrypt is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser general Public License as
+ published by the Free Software Foundation; either version 2.1 of
+ the License, or (at your option) any later version.
+
+ Libgcrypt is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+#include <stddef.h>
+
+#include "g10lib.h"
+#include "cipher.h"
+#include "mpi.h"
+
+
+
+/* At the moment the ac interface is a wrapper around the pk
+ interface, but this might change somewhen in the future, depending
+ on how many people prefer the ac interface. */
+
+/* Mapping of flag numbers to the according strings as it is expected
+ for S-expressions. */
+static struct number_string
+{
+ int number;
+ const char *string;
+} ac_flags[] =
+ {
+ { GCRY_AC_FLAG_NO_BLINDING, "no-blinding" },
+ };
+
+/* The positions in this list correspond to the values contained in
+ the gcry_ac_key_type_t enumeration list. */
+static const char *ac_key_identifiers[] =
+ {
+ "private-key",
+ "public-key"
+ };
+
+/* These specifications are needed for key-pair generation; the caller
+ is allowed to pass additional, algorithm-specific `specs' to
+ gcry_ac_key_pair_generate. This list is used for decoding the
+ provided values according to the selected algorithm. */
+struct gcry_ac_key_generate_spec
+{
+ int algorithm; /* Algorithm for which this flag is
+ relevant. */
+ const char *name; /* Name of this flag. */
+ size_t offset; /* Offset in the cipher-specific spec
+ structure at which the MPI value
+ associated with this flag is to be
+ found. */
+} ac_key_generate_specs[] =
+ {
+ { GCRY_AC_RSA, "rsa-use-e", offsetof (gcry_ac_key_spec_rsa_t, e) },
+ { 0 }
+ };
+
+/* Handle structure. */
+struct gcry_ac_handle
+{
+ int algorithm; /* Algorithm ID associated with this
+ handle. */
+ const char *algorithm_name; /* Name of the algorithm. */
+ unsigned int flags; /* Flags, not used yet. */
+ gcry_module_t module; /* Reference to the algorithm
+ module. */
+};
+
+/* A named MPI value. */
+typedef struct gcry_ac_mpi
+{
+ char *name; /* Self-maintained copy of name. */
+ gcry_mpi_t mpi; /* MPI value. */
+ unsigned int flags; /* Flags. */
+} gcry_ac_mpi_t;
+
+/* A data set, that is simply a list of named MPI values. */
+struct gcry_ac_data
+{
+ gcry_ac_mpi_t *data; /* List of named values. */
+ unsigned int data_n; /* Number of values in DATA. */
+};
+
+/* A single key. */
+struct gcry_ac_key
+{
+ gcry_ac_data_t data; /* Data in native ac structure. */
+ gcry_ac_key_type_t type; /* Type of the key. */
+};
+
+/* A key pair. */
+struct gcry_ac_key_pair
+{
+ gcry_ac_key_t public;
+ gcry_ac_key_t secret;
+};
+
+
+
+/*
+ * Functions for working with data sets.
+ */
+
+/* Creates a new, empty data set and store it in DATA. */
+gcry_error_t
+_gcry_ac_data_new (gcry_ac_data_t *data)
+{
+ gcry_ac_data_t data_new;
+ gcry_error_t err;
+
+ if (fips_mode ())
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ data_new = gcry_malloc (sizeof (*data_new));
+ if (! data_new)
+ {
+ err = gcry_error_from_errno (errno);
+ goto out;
+ }
+
+ data_new->data = NULL;
+ data_new->data_n = 0;
+ *data = data_new;
+ err = 0;
+
+ out:
+
+ return err;
+}
+
+/* Destroys all the entries in DATA, but not DATA itself. */
+static void
+ac_data_values_destroy (gcry_ac_data_t data)
+{
+ unsigned int i;
+
+ for (i = 0; i < data->data_n; i++)
+ if (data->data[i].flags & GCRY_AC_FLAG_DEALLOC)
+ {
+ gcry_mpi_release (data->data[i].mpi);
+ gcry_free (data->data[i].name);
+ }
+}
+
+/* Destroys the data set DATA. */
+void
+_gcry_ac_data_destroy (gcry_ac_data_t data)
+{
+ if (data)
+ {
+ ac_data_values_destroy (data);
+ gcry_free (data->data);
+ gcry_free (data);
+ }
+}
+
+/* This function creates a copy of the array of named MPIs DATA_MPIS,
+ which is of length DATA_MPIS_N; the copy is stored in
+ DATA_MPIS_CP. */
+static gcry_error_t
+ac_data_mpi_copy (gcry_ac_mpi_t *data_mpis, unsigned int data_mpis_n,
+ gcry_ac_mpi_t **data_mpis_cp)
+{
+ gcry_ac_mpi_t *data_mpis_new;
+ gcry_error_t err;
+ unsigned int i;
+ gcry_mpi_t mpi;
+ char *label;
+
+ data_mpis_new = gcry_malloc (sizeof (*data_mpis_new) * data_mpis_n);
+ if (! data_mpis_new)
+ {
+ err = gcry_error_from_errno (errno);
+ goto out;
+ }
+ memset (data_mpis_new, 0, sizeof (*data_mpis_new) * data_mpis_n);
+
+ err = 0;
+ for (i = 0; i < data_mpis_n; i++)
+ {
+ /* Copy values. */
+
+ label = gcry_strdup (data_mpis[i].name);
+ mpi = gcry_mpi_copy (data_mpis[i].mpi);
+ if (! (label && mpi))
+ {
+ err = gcry_error_from_errno (errno);
+ gcry_mpi_release (mpi);
+ gcry_free (label);
+ break;
+ }
+
+ data_mpis_new[i].flags = GCRY_AC_FLAG_DEALLOC;
+ data_mpis_new[i].name = label;
+ data_mpis_new[i].mpi = mpi;
+ }
+ if (err)
+ goto out;
+
+ *data_mpis_cp = data_mpis_new;
+ err = 0;
+
+ out:
+
+ if (err)
+ if (data_mpis_new)
+ {
+ for (i = 0; i < data_mpis_n; i++)
+ {
+ gcry_mpi_release (data_mpis_new[i].mpi);
+ gcry_free (data_mpis_new[i].name);
+ }
+ gcry_free (data_mpis_new);
+ }
+
+ return err;
+}
+
+/* Create a copy of the data set DATA and store it in DATA_CP. */
+gcry_error_t
+_gcry_ac_data_copy (gcry_ac_data_t *data_cp, gcry_ac_data_t data)
+{
+ gcry_ac_mpi_t *data_mpis = NULL;
+ gcry_ac_data_t data_new;
+ gcry_error_t err;
+
+ if (fips_mode ())
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ /* Allocate data set. */
+ data_new = gcry_malloc (sizeof (*data_new));
+ if (! data_new)
+ {
+ err = gcry_error_from_errno (errno);
+ goto out;
+ }
+
+ err = ac_data_mpi_copy (data->data, data->data_n, &data_mpis);
+ if (err)
+ goto out;
+
+ data_new->data_n = data->data_n;
+ data_new->data = data_mpis;
+ *data_cp = data_new;
+
+ out:
+
+ if (err)
+ gcry_free (data_new);
+
+ return err;
+}
+
+/* Returns the number of named MPI values inside of the data set
+ DATA. */
+unsigned int
+_gcry_ac_data_length (gcry_ac_data_t data)
+{
+ return data->data_n;
+}
+
+
+/* Add the value MPI to DATA with the label NAME. If FLAGS contains
+ GCRY_AC_FLAG_COPY, the data set will contain copies of NAME
+ and MPI. If FLAGS contains GCRY_AC_FLAG_DEALLOC or
+ GCRY_AC_FLAG_COPY, the values contained in the data set will
+ be deallocated when they are to be removed from the data set. */
+gcry_error_t
+_gcry_ac_data_set (gcry_ac_data_t data, unsigned int flags,
+ const char *name, gcry_mpi_t mpi)
+{
+ gcry_error_t err;
+ gcry_mpi_t mpi_cp;
+ char *name_cp;
+ unsigned int i;
+
+ name_cp = NULL;
+ mpi_cp = NULL;
+
+ if (fips_mode ())
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ if (flags & ~(GCRY_AC_FLAG_DEALLOC | GCRY_AC_FLAG_COPY))
+ {
+ err = gcry_error (GPG_ERR_INV_ARG);
+ goto out;
+ }
+
+ if (flags & GCRY_AC_FLAG_COPY)
+ {
+ /* Create copies. */
+
+ flags |= GCRY_AC_FLAG_DEALLOC;
+ name_cp = gcry_strdup (name);
+ mpi_cp = gcry_mpi_copy (mpi);
+ if (! (name_cp && mpi_cp))
+ {
+ err = gcry_error_from_errno (errno);
+ goto out;
+ }
+ }
+
+ /* Search for existing entry. */
+ for (i = 0; i < data->data_n; i++)
+ if (! strcmp (name, data->data[i].name))
+ break;
+ if (i < data->data_n)
+ {
+ /* An entry for NAME does already exist. */
+ if (data->data[i].flags & GCRY_AC_FLAG_DEALLOC)
+ {
+ gcry_mpi_release (data->data[i].mpi);
+ gcry_free (data->data[i].name);
+ }
+ }
+ else
+ {
+ /* Create a new entry. */
+
+ gcry_ac_mpi_t *ac_mpis;
+
+ ac_mpis = gcry_realloc (data->data,
+ sizeof (*data->data) * (data->data_n + 1));
+ if (! ac_mpis)
+ {
+ err = gcry_error_from_errno (errno);
+ goto out;
+ }
+
+ if (data->data != ac_mpis)
+ data->data = ac_mpis;
+ data->data_n++;
+ }
+
+ data->data[i].name = name_cp ? name_cp : ((char *) name);
+ data->data[i].mpi = mpi_cp ? mpi_cp : mpi;
+ data->data[i].flags = flags;
+ err = 0;
+
+ out:
+
+ if (err)
+ {
+ gcry_mpi_release (mpi_cp);
+ gcry_free (name_cp);
+ }
+
+ return err;
+}
+
+/* Stores the value labelled with NAME found in the data set DATA in
+ MPI. The returned MPI value will be released in case
+ gcry_ac_data_set is used to associate the label NAME with a
+ different MPI value. */
+gcry_error_t
+_gcry_ac_data_get_name (gcry_ac_data_t data, unsigned int flags,
+ const char *name, gcry_mpi_t *mpi)
+{
+ gcry_mpi_t mpi_return;
+ gcry_error_t err;
+ unsigned int i;
+
+ if (fips_mode ())
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ if (flags & ~(GCRY_AC_FLAG_COPY))
+ {
+ err = gcry_error (GPG_ERR_INV_ARG);
+ goto out;
+ }
+
+ for (i = 0; i < data->data_n; i++)
+ if (! strcmp (name, data->data[i].name))
+ break;
+ if (i == data->data_n)
+ {
+ err = gcry_error (GPG_ERR_NOT_FOUND);
+ goto out;
+ }
+
+ if (flags & GCRY_AC_FLAG_COPY)
+ {
+ mpi_return = gcry_mpi_copy (data->data[i].mpi);
+ if (! mpi_return)
+ {
+ err = gcry_error_from_errno (errno); /* FIXME? */
+ goto out;
+ }
+ }
+ else
+ mpi_return = data->data[i].mpi;
+
+ *mpi = mpi_return;
+ err = 0;
+
+ out:
+
+ return err;
+}
+
+/* Stores in NAME and MPI the named MPI value contained in the data
+ set DATA with the index IDX. NAME or MPI may be NULL. The
+ returned MPI value will be released in case gcry_ac_data_set is
+ used to associate the label NAME with a different MPI value. */
+gcry_error_t
+_gcry_ac_data_get_index (gcry_ac_data_t data, unsigned int flags,
+ unsigned int idx,
+ const char **name, gcry_mpi_t *mpi)
+{
+ gcry_error_t err;
+ gcry_mpi_t mpi_cp;
+ char *name_cp;
+
+ name_cp = NULL;
+ mpi_cp = NULL;
+
+ if (fips_mode ())
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ if (flags & ~(GCRY_AC_FLAG_COPY))
+ {
+ err = gcry_error (GPG_ERR_INV_ARG);
+ goto out;
+ }
+
+ if (idx >= data->data_n)
+ {
+ err = gcry_error (GPG_ERR_INV_ARG);
+ goto out;
+ }
+
+ if (flags & GCRY_AC_FLAG_COPY)
+ {
+ /* Return copies to the user. */
+ if (name)
+ {
+ name_cp = gcry_strdup (data->data[idx].name);
+ if (! name_cp)
+ {
+ err = gcry_error_from_errno (errno);
+ goto out;
+ }
+ }
+ if (mpi)
+ {
+ mpi_cp = gcry_mpi_copy (data->data[idx].mpi);
+ if (! mpi_cp)
+ {
+ err = gcry_error_from_errno (errno);
+ goto out;
+ }
+ }
+ }
+
+ if (name)
+ *name = name_cp ? name_cp : data->data[idx].name;
+ if (mpi)
+ *mpi = mpi_cp ? mpi_cp : data->data[idx].mpi;
+ err = 0;
+
+ out:
+
+ if (err)
+ {
+ gcry_mpi_release (mpi_cp);
+ gcry_free (name_cp);
+ }
+
+ return err;
+}
+
+/* Convert the data set DATA into a new S-Expression, which is to be
+ stored in SEXP, according to the identifiers contained in
+ IDENTIFIERS. */
+gcry_error_t
+_gcry_ac_data_to_sexp (gcry_ac_data_t data, gcry_sexp_t *sexp,
+ const char **identifiers)
+{
+ gcry_sexp_t sexp_new;
+ gcry_error_t err;
+ char *sexp_buffer;
+ size_t sexp_buffer_n;
+ size_t identifiers_n;
+ const char *label;
+ gcry_mpi_t mpi;
+ void **arg_list;
+ size_t data_n;
+ unsigned int i;
+
+ sexp_buffer_n = 1;
+ sexp_buffer = NULL;
+ arg_list = NULL;
+ err = 0;
+
+ if (fips_mode ())
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ /* Calculate size of S-expression representation. */
+
+ i = 0;
+ if (identifiers)
+ while (identifiers[i])
+ {
+ /* For each identifier, we add "(<IDENTIFIER>)". */
+ sexp_buffer_n += 1 + strlen (identifiers[i]) + 1;
+ i++;
+ }
+ identifiers_n = i;
+
+ if (! identifiers_n)
+ /* If there are NO identifiers, we still add surrounding braces so
+ that we have a list of named MPI value lists. Otherwise it
+ wouldn't be too much fun to process these lists. */
+ sexp_buffer_n += 2;
+
+ data_n = _gcry_ac_data_length (data);
+ for (i = 0; i < data_n; i++)
+ {
+ err = gcry_ac_data_get_index (data, 0, i, &label, NULL);
+ if (err)
+ break;
+ /* For each MPI we add "(<LABEL> %m)". */
+ sexp_buffer_n += 1 + strlen (label) + 4;
+ }
+ if (err)
+ goto out;
+
+ /* Allocate buffer. */
+
+ sexp_buffer = gcry_malloc (sexp_buffer_n);
+ if (! sexp_buffer)
+ {
+ err = gcry_error_from_errno (errno);
+ goto out;
+ }
+
+ /* Fill buffer. */
+
+ *sexp_buffer = 0;
+ sexp_buffer_n = 0;
+
+ /* Add identifiers: (<IDENTIFIER0>(<IDENTIFIER1>...)). */
+ if (identifiers_n)
+ {
+ /* Add nested identifier lists as usual. */
+ for (i = 0; i < identifiers_n; i++)
+ sexp_buffer_n += sprintf (sexp_buffer + sexp_buffer_n, "(%s",
+ identifiers[i]);
+ }
+ else
+ {
+ /* Add special list. */
+ sexp_buffer_n += sprintf (sexp_buffer + sexp_buffer_n, "(");
+ }
+
+ /* Add MPI list. */
+ arg_list = gcry_malloc (sizeof (*arg_list) * (data_n + 1));
+ if (! arg_list)
+ {
+ err = gcry_error_from_errno (errno);
+ goto out;
+ }
+ for (i = 0; i < data_n; i++)
+ {
+ err = gcry_ac_data_get_index (data, 0, i, &label, &mpi);
+ if (err)
+ break;
+ sexp_buffer_n += sprintf (sexp_buffer + sexp_buffer_n,
+ "(%s %%m)", label);
+ arg_list[i] = &data->data[i].mpi;
+ }
+ if (err)
+ goto out;
+
+ if (identifiers_n)
+ {
+ /* Add closing braces for identifier lists as usual. */
+ for (i = 0; i < identifiers_n; i++)
+ sexp_buffer_n += sprintf (sexp_buffer + sexp_buffer_n, ")");
+ }
+ else
+ {
+ /* Add closing braces for special list. */
+ sexp_buffer_n += sprintf (sexp_buffer + sexp_buffer_n, ")");
+ }
+
+ /* Construct. */
+ err = gcry_sexp_build_array (&sexp_new, NULL, sexp_buffer, arg_list);
+ if (err)
+ goto out;
+
+ *sexp = sexp_new;
+
+ out:
+
+ gcry_free (sexp_buffer);
+ gcry_free (arg_list);
+
+ return err;
+}
+
+/* Create a new data set, which is to be stored in DATA_SET, from the
+ S-Expression SEXP, according to the identifiers contained in
+ IDENTIFIERS. */
+gcry_error_t
+_gcry_ac_data_from_sexp (gcry_ac_data_t *data_set, gcry_sexp_t sexp,
+ const char **identifiers)
+{
+ gcry_ac_data_t data_set_new;
+ gcry_error_t err;
+ gcry_sexp_t sexp_cur;
+ gcry_sexp_t sexp_tmp;
+ gcry_mpi_t mpi;
+ char *string;
+ const char *data;
+ size_t data_n;
+ size_t sexp_n;
+ unsigned int i;
+ int skip_name;
+
+ data_set_new = NULL;
+ sexp_cur = sexp;
+ sexp_tmp = NULL;
+ string = NULL;
+ mpi = NULL;
+ err = 0;
+
+ if (fips_mode ())
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ /* Process S-expression/identifiers. */
+
+ if (identifiers)
+ {
+ for (i = 0; identifiers[i]; i++)
+ {
+ /* Next identifier. Extract first data item from
+ SEXP_CUR. */
+ data = gcry_sexp_nth_data (sexp_cur, 0, &data_n);
+
+ if (! ((data_n == strlen (identifiers[i]))
+ && (! strncmp (data, identifiers[i], data_n))))
+ {
+ /* Identifier mismatch -> error. */
+ err = gcry_error (GPG_ERR_INV_SEXP);
+ break;
+ }
+
+ /* Identifier matches. Now we have to distinguish two
+ cases:
+
+ (i) we are at the last identifier:
+ leave loop
+
+ (ii) we are not at the last identifier:
+ extract next element, which is supposed to be a
+ sublist. */
+
+ if (! identifiers[i + 1])
+ /* Last identifier. */
+ break;
+ else
+ {
+ /* Not the last identifier, extract next sublist. */
+
+ sexp_tmp = gcry_sexp_nth (sexp_cur, 1);
+ if (! sexp_tmp)
+ {
+ /* Missing sublist. */
+ err = gcry_error (GPG_ERR_INV_SEXP);
+ break;
+ }
+
+ /* Release old SEXP_CUR, in case it is not equal to the
+ original SEXP. */
+ if (sexp_cur != sexp)
+ gcry_sexp_release (sexp_cur);
+
+ /* Make SEXP_CUR point to the new current sublist. */
+ sexp_cur = sexp_tmp;
+ sexp_tmp = NULL;
+ }
+ }
+ if (err)
+ goto out;
+
+ if (i)
+ {
+ /* We have at least one identifier in the list, this means
+ the the list of named MPI values is prefixed, this means
+ that we need to skip the first item (the list name), when
+ processing the MPI values. */
+ skip_name = 1;
+ }
+ else
+ {
+ /* Since there is no identifiers list, the list of named MPI
+ values is not prefixed with a list name, therefore the
+ offset to use is zero. */
+ skip_name = 0;
+ }
+ }
+ else
+ /* Since there is no identifiers list, the list of named MPI
+ values is not prefixed with a list name, therefore the offset
+ to use is zero. */
+ skip_name = 0;
+
+ /* Create data set from S-expression data. */
+
+ err = gcry_ac_data_new (&data_set_new);
+ if (err)
+ goto out;
+
+ /* Figure out amount of named MPIs in SEXP_CUR. */
+ if (sexp_cur)
+ sexp_n = gcry_sexp_length (sexp_cur) - skip_name;
+ else
+ sexp_n = 0;
+
+ /* Extracte the named MPIs sequentially. */
+ for (i = 0; i < sexp_n; i++)
+ {
+ /* Store next S-Expression pair, which is supposed to consist of
+ a name and an MPI value, in SEXP_TMP. */
+
+ sexp_tmp = gcry_sexp_nth (sexp_cur, i + skip_name);
+ if (! sexp_tmp)
+ {
+ err = gcry_error (GPG_ERR_INV_SEXP);
+ break;
+ }
+
+ /* Extract name from current S-Expression pair. */
+ data = gcry_sexp_nth_data (sexp_tmp, 0, &data_n);
+ string = gcry_malloc (data_n + 1);
+ if (! string)
+ {
+ err = gcry_error_from_errno (errno);
+ break;
+ }
+ memcpy (string, data, data_n);
+ string[data_n] = 0;
+
+ /* Extract MPI value. */
+ mpi = gcry_sexp_nth_mpi (sexp_tmp, 1, 0);
+ if (! mpi)
+ {
+ err = gcry_error (GPG_ERR_INV_SEXP); /* FIXME? */
+ break;
+ }
+
+ /* Store named MPI in data_set_new. */
+ err = gcry_ac_data_set (data_set_new, GCRY_AC_FLAG_DEALLOC, string, mpi);
+ if (err)
+ break;
+
+/* gcry_free (string); */
+ string = NULL;
+/* gcry_mpi_release (mpi); */
+ mpi = NULL;
+
+ gcry_sexp_release (sexp_tmp);
+ sexp_tmp = NULL;
+ }
+ if (err)
+ goto out;
+
+ *data_set = data_set_new;
+
+ out:
+
+ if (sexp_cur != sexp)
+ gcry_sexp_release (sexp_cur);
+ gcry_sexp_release (sexp_tmp);
+ gcry_mpi_release (mpi);
+ gcry_free (string);
+
+ if (err)
+ gcry_ac_data_destroy (data_set_new);
+
+ return err;
+}
+
+
+static void
+_gcry_ac_data_dump (const char *prefix, gcry_ac_data_t data)
+{
+ unsigned char *mpi_buffer;
+ size_t mpi_buffer_n;
+ unsigned int data_n;
+ gcry_error_t err;
+ const char *name;
+ gcry_mpi_t mpi;
+ unsigned int i;
+
+ if (! data)
+ return;
+
+ if (fips_mode ())
+ return;
+
+ mpi_buffer = NULL;
+
+ data_n = _gcry_ac_data_length (data);
+ for (i = 0; i < data_n; i++)
+ {
+ err = gcry_ac_data_get_index (data, 0, i, &name, &mpi);
+ if (err)
+ {
+ log_error ("failed to dump data set");
+ break;
+ }
+
+ err = gcry_mpi_aprint (GCRYMPI_FMT_HEX, &mpi_buffer, &mpi_buffer_n, mpi);
+ if (err)
+ {
+ log_error ("failed to dump data set");
+ break;
+ }
+
+ log_printf ("%s%s%s: %s\n",
+ prefix ? prefix : "",
+ prefix ? ": " : ""
+ , name, mpi_buffer);
+
+ gcry_free (mpi_buffer);
+ mpi_buffer = NULL;
+ }
+
+ gcry_free (mpi_buffer);
+}
+
+/* Dump the named MPI values contained in the data set DATA to
+ Libgcrypt's logging stream. */
+void
+gcry_ac_data_dump (const char *prefix, gcry_ac_data_t data)
+{
+ _gcry_ac_data_dump (prefix, data);
+}
+
+/* Destroys any values contained in the data set DATA. */
+void
+_gcry_ac_data_clear (gcry_ac_data_t data)
+{
+ ac_data_values_destroy (data);
+ gcry_free (data->data);
+ data->data = NULL;
+ data->data_n = 0;
+}
+
+
+
+/*
+ * Implementation of `ac io' objects.
+ */
+
+/* Initialize AC_IO according to MODE, TYPE and the variable list of
+ arguments AP. The list of variable arguments to specify depends on
+ the given TYPE. */
+void
+_gcry_ac_io_init_va (gcry_ac_io_t *ac_io,
+ gcry_ac_io_mode_t mode, gcry_ac_io_type_t type, va_list ap)
+{
+ memset (ac_io, 0, sizeof (*ac_io));
+
+ if (fips_mode ())
+ return;
+
+ gcry_assert ((mode == GCRY_AC_IO_READABLE) || (mode == GCRY_AC_IO_WRITABLE));
+ gcry_assert ((type == GCRY_AC_IO_STRING) || (type == GCRY_AC_IO_STRING));
+
+ ac_io->mode = mode;
+ ac_io->type = type;
+
+ switch (mode)
+ {
+ case GCRY_AC_IO_READABLE:
+ switch (type)
+ {
+ case GCRY_AC_IO_STRING:
+ ac_io->io.readable.string.data = va_arg (ap, unsigned char *);
+ ac_io->io.readable.string.data_n = va_arg (ap, size_t);
+ break;
+
+ case GCRY_AC_IO_CALLBACK:
+ ac_io->io.readable.callback.cb = va_arg (ap, gcry_ac_data_read_cb_t);
+ ac_io->io.readable.callback.opaque = va_arg (ap, void *);
+ break;
+ }
+ break;
+ case GCRY_AC_IO_WRITABLE:
+ switch (type)
+ {
+ case GCRY_AC_IO_STRING:
+ ac_io->io.writable.string.data = va_arg (ap, unsigned char **);
+ ac_io->io.writable.string.data_n = va_arg (ap, size_t *);
+ break;
+
+ case GCRY_AC_IO_CALLBACK:
+ ac_io->io.writable.callback.cb = va_arg (ap, gcry_ac_data_write_cb_t);
+ ac_io->io.writable.callback.opaque = va_arg (ap, void *);
+ break;
+ }
+ break;
+ }
+}
+
+/* Initialize AC_IO according to MODE, TYPE and the variable list of
+ arguments. The list of variable arguments to specify depends on
+ the given TYPE. */
+void
+_gcry_ac_io_init (gcry_ac_io_t *ac_io,
+ gcry_ac_io_mode_t mode, gcry_ac_io_type_t type, ...)
+{
+ va_list ap;
+
+ va_start (ap, type);
+ _gcry_ac_io_init_va (ac_io, mode, type, ap);
+ va_end (ap);
+}
+
+
+/* Write to the IO object AC_IO BUFFER_N bytes from BUFFER. Return
+ zero on success or error code. */
+static gcry_error_t
+_gcry_ac_io_write (gcry_ac_io_t *ac_io, unsigned char *buffer, size_t buffer_n)
+{
+ gcry_error_t err;
+
+ gcry_assert (ac_io->mode == GCRY_AC_IO_WRITABLE);
+ err = 0;
+
+ switch (ac_io->type)
+ {
+ case GCRY_AC_IO_STRING:
+ {
+ unsigned char *p;
+
+ if (*ac_io->io.writable.string.data)
+ {
+ p = gcry_realloc (*ac_io->io.writable.string.data,
+ *ac_io->io.writable.string.data_n + buffer_n);
+ if (! p)
+ err = gcry_error_from_errno (errno);
+ else
+ {
+ if (*ac_io->io.writable.string.data != p)
+ *ac_io->io.writable.string.data = p;
+ memcpy (p + *ac_io->io.writable.string.data_n, buffer, buffer_n);
+ *ac_io->io.writable.string.data_n += buffer_n;
+ }
+ }
+ else
+ {
+ if (gcry_is_secure (buffer))
+ p = gcry_malloc_secure (buffer_n);
+ else
+ p = gcry_malloc (buffer_n);
+ if (! p)
+ err = gcry_error_from_errno (errno);
+ else
+ {
+ memcpy (p, buffer, buffer_n);
+ *ac_io->io.writable.string.data = p;
+ *ac_io->io.writable.string.data_n = buffer_n;
+ }
+ }
+ }
+ break;
+
+ case GCRY_AC_IO_CALLBACK:
+ err = (*ac_io->io.writable.callback.cb) (ac_io->io.writable.callback.opaque,
+ buffer, buffer_n);
+ break;
+ }
+
+ return err;
+}
+
+/* Read *BUFFER_N bytes from the IO object AC_IO into BUFFER; NREAD
+ bytes have already been read from the object; on success, store the
+ amount of bytes read in *BUFFER_N; zero bytes read means EOF.
+ Return zero on success or error code. */
+static gcry_error_t
+_gcry_ac_io_read (gcry_ac_io_t *ac_io,
+ unsigned int nread, unsigned char *buffer, size_t *buffer_n)
+{
+ gcry_error_t err;
+
+ gcry_assert (ac_io->mode == GCRY_AC_IO_READABLE);
+ err = 0;
+
+ switch (ac_io->type)
+ {
+ case GCRY_AC_IO_STRING:
+ {
+ size_t bytes_available;
+ size_t bytes_to_read;
+ size_t bytes_wanted;
+
+ bytes_available = ac_io->io.readable.string.data_n - nread;
+ bytes_wanted = *buffer_n;
+
+ if (bytes_wanted > bytes_available)
+ bytes_to_read = bytes_available;
+ else
+ bytes_to_read = bytes_wanted;
+
+ memcpy (buffer, ac_io->io.readable.string.data + nread, bytes_to_read);
+ *buffer_n = bytes_to_read;
+ err = 0;
+ break;
+ }
+
+ case GCRY_AC_IO_CALLBACK:
+ err = (*ac_io->io.readable.callback.cb)
+ (ac_io->io.readable.callback.opaque, buffer, buffer_n);
+ break;
+ }
+
+ return err;
+}
+
+/* Read all data available from the IO object AC_IO into newly
+ allocated memory, storing an appropriate pointer in *BUFFER and the
+ amount of bytes read in *BUFFER_N. Return zero on success or error
+ code. */
+static gcry_error_t
+_gcry_ac_io_read_all (gcry_ac_io_t *ac_io, unsigned char **buffer, size_t *buffer_n)
+{
+ unsigned char *buffer_new;
+ size_t buffer_new_n;
+ unsigned char buf[BUFSIZ];
+ size_t buf_n;
+ unsigned char *p;
+ gcry_error_t err;
+
+ buffer_new = NULL;
+ buffer_new_n = 0;
+
+ while (1)
+ {
+ buf_n = sizeof (buf);
+ err = _gcry_ac_io_read (ac_io, buffer_new_n, buf, &buf_n);
+ if (err)
+ break;
+
+ if (buf_n)
+ {
+ p = gcry_realloc (buffer_new, buffer_new_n + buf_n);
+ if (! p)
+ {
+ err = gcry_error_from_errno (errno);
+ break;
+ }
+
+ if (buffer_new != p)
+ buffer_new = p;
+
+ memcpy (buffer_new + buffer_new_n, buf, buf_n);
+ buffer_new_n += buf_n;
+ }
+ else
+ break;
+ }
+ if (err)
+ goto out;
+
+ *buffer_n = buffer_new_n;
+ *buffer = buffer_new;
+
+ out:
+
+ if (err)
+ gcry_free (buffer_new);
+
+ return err;
+}
+
+/* Read data chunks from the IO object AC_IO until EOF, feeding them
+ to the callback function CB. Return zero on success or error
+ code. */
+static gcry_error_t
+_gcry_ac_io_process (gcry_ac_io_t *ac_io,
+ gcry_ac_data_write_cb_t cb, void *opaque)
+{
+ unsigned char buffer[BUFSIZ];
+ unsigned int nread;
+ size_t buffer_n;
+ gcry_error_t err;
+
+ nread = 0;
+
+ while (1)
+ {
+ buffer_n = sizeof (buffer);
+ err = _gcry_ac_io_read (ac_io, nread, buffer, &buffer_n);
+ if (err)
+ break;
+ if (buffer_n)
+ {
+ err = (*cb) (opaque, buffer, buffer_n);
+ if (err)
+ break;
+ nread += buffer_n;
+ }
+ else
+ break;
+ }
+
+ return err;
+}
+
+
+
+/*
+ * Functions for converting data between the native ac and the
+ * S-expression structure used by the pk interface.
+ */
+
+/* Extract the S-Expression DATA_SEXP into DATA under the control of
+ TYPE and NAME. This function assumes that S-Expressions are of the
+ following structure:
+
+ (IDENTIFIER [...]
+ (ALGORITHM <list of named MPI values>)) */
+static gcry_error_t
+ac_data_extract (const char *identifier, const char *algorithm,
+ gcry_sexp_t sexp, gcry_ac_data_t *data)
+{
+ gcry_error_t err;
+ gcry_sexp_t value_sexp;
+ gcry_sexp_t data_sexp;
+ size_t data_sexp_n;
+ gcry_mpi_t value_mpi;
+ char *value_name;
+ const char *data_raw;
+ size_t data_raw_n;
+ gcry_ac_data_t data_new;
+ unsigned int i;
+
+ value_sexp = NULL;
+ data_sexp = NULL;
+ value_name = NULL;
+ value_mpi = NULL;
+ data_new = NULL;
+
+ /* Verify that the S-expression contains the correct identifier. */
+ data_raw = gcry_sexp_nth_data (sexp, 0, &data_raw_n);
+ if ((! data_raw) || strncmp (identifier, data_raw, data_raw_n))
+ {
+ err = gcry_error (GPG_ERR_INV_SEXP);
+ goto out;
+ }
+
+ /* Extract inner S-expression. */
+ data_sexp = gcry_sexp_find_token (sexp, algorithm, 0);
+ if (! data_sexp)
+ {
+ err = gcry_error (GPG_ERR_INV_SEXP);
+ goto out;
+ }
+
+ /* Count data elements. */
+ data_sexp_n = gcry_sexp_length (data_sexp);
+ data_sexp_n--;
+
+ /* Allocate new data set. */
+ err = _gcry_ac_data_new (&data_new);
+ if (err)
+ goto out;
+
+ /* Iterate through list of data elements and add them to the data
+ set. */
+ for (i = 0; i < data_sexp_n; i++)
+ {
+ /* Get the S-expression of the named MPI, that contains the name
+ and the MPI value. */
+ value_sexp = gcry_sexp_nth (data_sexp, i + 1);
+ if (! value_sexp)
+ {
+ err = gcry_error (GPG_ERR_INV_SEXP);
+ break;
+ }
+
+ /* Extract the name. */
+ data_raw = gcry_sexp_nth_data (value_sexp, 0, &data_raw_n);
+ if (! data_raw)
+ {
+ err = gcry_error (GPG_ERR_INV_SEXP);
+ break;
+ }
+
+ /* Extract the MPI value. */
+ value_mpi = gcry_sexp_nth_mpi (value_sexp, 1, GCRYMPI_FMT_USG);
+ if (! value_mpi)
+ {
+ err = gcry_error (GPG_ERR_INTERNAL); /* FIXME? */
+ break;
+ }
+
+ /* Duplicate the name. */
+ value_name = gcry_malloc (data_raw_n + 1);
+ if (! value_name)
+ {
+ err = gcry_error_from_errno (errno);
+ break;
+ }
+ strncpy (value_name, data_raw, data_raw_n);
+ value_name[data_raw_n] = 0;
+
+ err = _gcry_ac_data_set (data_new, GCRY_AC_FLAG_DEALLOC, value_name, value_mpi);
+ if (err)
+ break;
+
+ gcry_sexp_release (value_sexp);
+ value_sexp = NULL;
+ value_name = NULL;
+ value_mpi = NULL;
+ }
+ if (err)
+ goto out;
+
+ /* Copy out. */
+ *data = data_new;
+
+ out:
+
+ /* Deallocate resources. */
+ if (err)
+ {
+ _gcry_ac_data_destroy (data_new);
+ gcry_mpi_release (value_mpi);
+ gcry_free (value_name);
+ gcry_sexp_release (value_sexp);
+ }
+ gcry_sexp_release (data_sexp);
+
+ return err;
+}
+
+/* Construct an S-expression from the DATA and store it in
+ DATA_SEXP. The S-expression will be of the following structure:
+
+ (IDENTIFIER [(flags [...])]
+ (ALGORITHM <list of named MPI values>)) */
+static gcry_error_t
+ac_data_construct (const char *identifier, int include_flags,
+ unsigned int flags, const char *algorithm,
+ gcry_ac_data_t data, gcry_sexp_t *sexp)
+{
+ unsigned int data_length;
+ gcry_sexp_t sexp_new;
+ gcry_error_t err;
+ size_t sexp_format_n;
+ char *sexp_format;
+ void **arg_list;
+ unsigned int i;
+
+ arg_list = NULL;
+ sexp_new = NULL;
+ sexp_format = NULL;
+
+ /* We build a list of arguments to pass to
+ gcry_sexp_build_array(). */
+ data_length = _gcry_ac_data_length (data);
+ arg_list = gcry_malloc (sizeof (*arg_list) * (data_length * 2));
+ if (! arg_list)
+ {
+ err = gcry_error_from_errno (errno);
+ goto out;
+ }
+
+ /* Fill list with MPIs. */
+ for (i = 0; i < data_length; i++)
+ {
+ char **nameaddr = &data->data[i].name;
+
+ arg_list[(i * 2) + 0] = nameaddr;
+ arg_list[(i * 2) + 1] = &data->data[i].mpi;
+ }
+
+ /* Calculate size of format string. */
+ sexp_format_n = (3
+ + (include_flags ? 7 : 0)
+ + (algorithm ? (2 + strlen (algorithm)) : 0)
+ + strlen (identifier));
+
+ for (i = 0; i < data_length; i++)
+ /* Per-element sizes. */
+ sexp_format_n += 6;
+
+ if (include_flags)
+ /* Add flags. */
+ for (i = 0; i < DIM (ac_flags); i++)
+ if (flags & ac_flags[i].number)
+ sexp_format_n += strlen (ac_flags[i].string) + 1;
+
+ /* Done. */
+ sexp_format = gcry_malloc (sexp_format_n);
+ if (! sexp_format)
+ {
+ err = gcry_error_from_errno (errno);
+ goto out;
+ }
+
+ /* Construct the format string. */
+
+ *sexp_format = 0;
+ strcat (sexp_format, "(");
+ strcat (sexp_format, identifier);
+ if (include_flags)
+ {
+ strcat (sexp_format, "(flags");
+ for (i = 0; i < DIM (ac_flags); i++)
+ if (flags & ac_flags[i].number)
+ {
+ strcat (sexp_format, " ");
+ strcat (sexp_format, ac_flags[i].string);
+ }
+ strcat (sexp_format, ")");
+ }
+ if (algorithm)
+ {
+ strcat (sexp_format, "(");
+ strcat (sexp_format, algorithm);
+ }
+ for (i = 0; i < data_length; i++)
+ strcat (sexp_format, "(%s%m)");
+ if (algorithm)
+ strcat (sexp_format, ")");
+ strcat (sexp_format, ")");
+
+ /* Create final S-expression. */
+ err = gcry_sexp_build_array (&sexp_new, NULL, sexp_format, arg_list);
+ if (err)
+ goto out;
+
+ *sexp = sexp_new;
+
+ out:
+
+ /* Deallocate resources. */
+ gcry_free (sexp_format);
+ gcry_free (arg_list);
+ if (err)
+ gcry_sexp_release (sexp_new);
+
+ return err;
+}
+
+
+
+/*
+ * Handle management.
+ */
+
+/* Creates a new handle for the algorithm ALGORITHM and stores it in
+ HANDLE. FLAGS is not used yet. */
+gcry_error_t
+_gcry_ac_open (gcry_ac_handle_t *handle,
+ gcry_ac_id_t algorithm, unsigned int flags)
+{
+ gcry_ac_handle_t handle_new;
+ const char *algorithm_name;
+ gcry_module_t module;
+ gcry_error_t err;
+
+ *handle = NULL;
+ module = NULL;
+
+ if (fips_mode ())
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ /* Get name. */
+ algorithm_name = _gcry_pk_aliased_algo_name (algorithm);
+ if (! algorithm_name)
+ {
+ err = gcry_error (GPG_ERR_PUBKEY_ALGO);
+ goto out;
+ }
+
+ /* Acquire reference to the pubkey module. */
+ err = _gcry_pk_module_lookup (algorithm, &module);
+ if (err)
+ goto out;
+
+ /* Allocate. */
+ handle_new = gcry_malloc (sizeof (*handle_new));
+ if (! handle_new)
+ {
+ err = gcry_error_from_errno (errno);
+ goto out;
+ }
+
+ /* Done. */
+ handle_new->algorithm = algorithm;
+ handle_new->algorithm_name = algorithm_name;
+ handle_new->flags = flags;
+ handle_new->module = module;
+ *handle = handle_new;
+
+ out:
+
+ /* Deallocate resources. */
+ if (err)
+ _gcry_pk_module_release (module);
+
+ return err;
+}
+
+
+/* Destroys the handle HANDLE. */
+void
+_gcry_ac_close (gcry_ac_handle_t handle)
+{
+ /* Release reference to pubkey module. */
+ if (handle)
+ {
+ _gcry_pk_module_release (handle->module);
+ gcry_free (handle);
+ }
+}
+
+
+
+/*
+ * Key management.
+ */
+
+/* Initialize a key from a given data set. */
+/* FIXME/Damn: the argument HANDLE is not only unnecessary, it is
+ completely WRONG here. */
+gcry_error_t
+_gcry_ac_key_init (gcry_ac_key_t *key, gcry_ac_handle_t handle,
+ gcry_ac_key_type_t type, gcry_ac_data_t data)
+{
+ gcry_ac_data_t data_new;
+ gcry_ac_key_t key_new;
+ gcry_error_t err;
+
+ (void)handle;
+
+ if (fips_mode ())
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ /* Allocate. */
+ key_new = gcry_malloc (sizeof (*key_new));
+ if (! key_new)
+ {
+ err = gcry_error_from_errno (errno);
+ goto out;
+ }
+
+ /* Copy data set. */
+ err = _gcry_ac_data_copy (&data_new, data);
+ if (err)
+ goto out;
+
+ /* Done. */
+ key_new->data = data_new;
+ key_new->type = type;
+ *key = key_new;
+
+ out:
+
+ if (err)
+ /* Deallocate resources. */
+ gcry_free (key_new);
+
+ return err;
+}
+
+
+/* Generates a new key pair via the handle HANDLE of NBITS bits and
+ stores it in KEY_PAIR. In case non-standard settings are wanted, a
+ pointer to a structure of type gcry_ac_key_spec_<algorithm>_t,
+ matching the selected algorithm, can be given as KEY_SPEC.
+ MISC_DATA is not used yet. */
+gcry_error_t
+_gcry_ac_key_pair_generate (gcry_ac_handle_t handle, unsigned int nbits,
+ void *key_spec,
+ gcry_ac_key_pair_t *key_pair,
+ gcry_mpi_t **misc_data)
+{
+ gcry_sexp_t genkey_sexp_request;
+ gcry_sexp_t genkey_sexp_reply;
+ gcry_ac_data_t key_data_secret;
+ gcry_ac_data_t key_data_public;
+ gcry_ac_key_pair_t key_pair_new;
+ gcry_ac_key_t key_secret;
+ gcry_ac_key_t key_public;
+ gcry_sexp_t key_sexp;
+ gcry_error_t err;
+ char *genkey_format;
+ size_t genkey_format_n;
+ void **arg_list;
+ size_t arg_list_n;
+ unsigned int i;
+ unsigned int j;
+
+ (void)misc_data;
+
+ if (fips_mode ())
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ key_data_secret = NULL;
+ key_data_public = NULL;
+ key_secret = NULL;
+ key_public = NULL;
+ genkey_format = NULL;
+ arg_list = NULL;
+ genkey_sexp_request = NULL;
+ genkey_sexp_reply = NULL;
+ key_sexp = NULL;
+
+ /* Allocate key pair. */
+ key_pair_new = gcry_malloc (sizeof (struct gcry_ac_key_pair));
+ if (! key_pair_new)
+ {
+ err = gcry_error_from_errno (errno);
+ goto out;
+ }
+
+ /* Allocate keys. */
+ key_secret = gcry_malloc (sizeof (*key_secret));
+ if (! key_secret)
+ {
+ err = gcry_error_from_errno (errno);
+ goto out;
+ }
+ key_public = gcry_malloc (sizeof (*key_public));
+ if (! key_public)
+ {
+ err = gcry_error_from_errno (errno);
+ goto out;
+ }
+
+ /* Calculate size of the format string, that is used for creating
+ the request S-expression. */
+ genkey_format_n = 22;
+
+ /* Respect any relevant algorithm specific commands. */
+ if (key_spec)
+ for (i = 0; i < DIM (ac_key_generate_specs); i++)
+ if (handle->algorithm == ac_key_generate_specs[i].algorithm)
+ genkey_format_n += 6;
+
+ /* Create format string. */
+ genkey_format = gcry_malloc (genkey_format_n);
+ if (! genkey_format)
+ {
+ err = gcry_error_from_errno (errno);
+ goto out;
+ }
+
+ /* Fill format string. */
+ *genkey_format = 0;
+ strcat (genkey_format, "(genkey(%s(nbits%d)");
+ if (key_spec)
+ for (i = 0; i < DIM (ac_key_generate_specs); i++)
+ if (handle->algorithm == ac_key_generate_specs[i].algorithm)
+ strcat (genkey_format, "(%s%m)");
+ strcat (genkey_format, "))");
+
+ /* Build list of argument pointers, the algorithm name and the nbits
+ are always needed. */
+ arg_list_n = 2;
+
+ /* Now the algorithm specific arguments. */
+ if (key_spec)
+ for (i = 0; i < DIM (ac_key_generate_specs); i++)
+ if (handle->algorithm == ac_key_generate_specs[i].algorithm)
+ arg_list_n += 2;
+
+ /* Allocate list. */
+ arg_list = gcry_malloc (sizeof (*arg_list) * arg_list_n);
+ if (! arg_list)
+ {
+ err = gcry_error_from_errno (errno);
+ goto out;
+ }
+
+ arg_list[0] = (void *) &handle->algorithm_name;
+ arg_list[1] = (void *) &nbits;
+ if (key_spec)
+ for (j = 2, i = 0; i < DIM (ac_key_generate_specs); i++)
+ if (handle->algorithm == ac_key_generate_specs[i].algorithm)
+ {
+ /* Add name of this specification flag and the
+ according member of the spec strucuture. */
+ arg_list[j++] = (void *)(&ac_key_generate_specs[i].name);
+ arg_list[j++] = (void *)
+ (((char *) key_spec)
+ + ac_key_generate_specs[i].offset);
+ /* FIXME: above seems to suck. */
+ }
+
+ /* Construct final request S-expression. */
+ err = gcry_sexp_build_array (&genkey_sexp_request,
+ NULL, genkey_format, arg_list);
+ if (err)
+ goto out;
+
+ /* Perform genkey operation. */
+ err = gcry_pk_genkey (&genkey_sexp_reply, genkey_sexp_request);
+ if (err)
+ goto out;
+
+ key_sexp = gcry_sexp_find_token (genkey_sexp_reply, "private-key", 0);
+ if (! key_sexp)
+ {
+ err = gcry_error (GPG_ERR_INTERNAL);
+ goto out;
+ }
+ err = ac_data_extract ("private-key", handle->algorithm_name,
+ key_sexp, &key_data_secret);
+ if (err)
+ goto out;
+
+ gcry_sexp_release (key_sexp);
+ key_sexp = gcry_sexp_find_token (genkey_sexp_reply, "public-key", 0);
+ if (! key_sexp)
+ {
+ err = gcry_error (GPG_ERR_INTERNAL);
+ goto out;
+ }
+ err = ac_data_extract ("public-key", handle->algorithm_name,
+ key_sexp, &key_data_public);
+ if (err)
+ goto out;
+
+ /* Done. */
+
+ key_secret->type = GCRY_AC_KEY_SECRET;
+ key_secret->data = key_data_secret;
+ key_public->type = GCRY_AC_KEY_PUBLIC;
+ key_public->data = key_data_public;
+ key_pair_new->secret = key_secret;
+ key_pair_new->public = key_public;
+ *key_pair = key_pair_new;
+
+ out:
+
+ /* Deallocate resources. */
+
+ gcry_free (genkey_format);
+ gcry_free (arg_list);
+ gcry_sexp_release (genkey_sexp_request);
+ gcry_sexp_release (genkey_sexp_reply);
+ gcry_sexp_release (key_sexp);
+ if (err)
+ {
+ _gcry_ac_data_destroy (key_data_secret);
+ _gcry_ac_data_destroy (key_data_public);
+ gcry_free (key_secret);
+ gcry_free (key_public);
+ gcry_free (key_pair_new);
+ }
+
+ return err;
+}
+
+/* Returns the key of type WHICH out of the key pair KEY_PAIR. */
+gcry_ac_key_t
+_gcry_ac_key_pair_extract (gcry_ac_key_pair_t key_pair,
+ gcry_ac_key_type_t which)
+{
+ gcry_ac_key_t key;
+
+ if (fips_mode ())
+ return NULL;
+
+ switch (which)
+ {
+ case GCRY_AC_KEY_SECRET:
+ key = key_pair->secret;
+ break;
+
+ case GCRY_AC_KEY_PUBLIC:
+ key = key_pair->public;
+ break;
+
+ default:
+ key = NULL;
+ break;
+ }
+
+ return key;
+}
+
+/* Destroys the key KEY. */
+void
+_gcry_ac_key_destroy (gcry_ac_key_t key)
+{
+ unsigned int i;
+
+ if (key)
+ {
+ if (key->data)
+ {
+ for (i = 0; i < key->data->data_n; i++)
+ {
+ if (key->data->data[i].mpi)
+ gcry_mpi_release (key->data->data[i].mpi);
+ if (key->data->data[i].name)
+ gcry_free (key->data->data[i].name);
+ }
+ gcry_free (key->data->data);
+ gcry_free (key->data);
+ }
+ gcry_free (key);
+ }
+}
+
+/* Destroys the key pair KEY_PAIR. */
+void
+_gcry_ac_key_pair_destroy (gcry_ac_key_pair_t key_pair)
+{
+ if (key_pair)
+ {
+ gcry_ac_key_destroy (key_pair->secret);
+ gcry_ac_key_destroy (key_pair->public);
+ gcry_free (key_pair);
+ }
+}
+
+/* Returns the data set contained in the key KEY. */
+gcry_ac_data_t
+_gcry_ac_key_data_get (gcry_ac_key_t key)
+{
+ if (fips_mode ())
+ return NULL;
+ return key->data;
+}
+
+/* Verifies that the key KEY is sane via HANDLE. */
+gcry_error_t
+_gcry_ac_key_test (gcry_ac_handle_t handle, gcry_ac_key_t key)
+{
+ gcry_sexp_t key_sexp;
+ gcry_error_t err;
+
+ if (fips_mode ())
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ key_sexp = NULL;
+ err = ac_data_construct (ac_key_identifiers[key->type], 0, 0,
+ handle->algorithm_name, key->data, &key_sexp);
+ if (err)
+ goto out;
+
+ err = gcry_pk_testkey (key_sexp);
+
+ out:
+
+ gcry_sexp_release (key_sexp);
+
+ return gcry_error (err);
+}
+
+/* Stores the number of bits of the key KEY in NBITS via HANDLE. */
+gcry_error_t
+_gcry_ac_key_get_nbits (gcry_ac_handle_t handle,
+ gcry_ac_key_t key, unsigned int *nbits)
+{
+ gcry_sexp_t key_sexp;
+ gcry_error_t err;
+ unsigned int n;
+
+ if (fips_mode ())
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ key_sexp = NULL;
+
+ err = ac_data_construct (ac_key_identifiers[key->type],
+ 0, 0, handle->algorithm_name, key->data, &key_sexp);
+ if (err)
+ goto out;
+
+ n = gcry_pk_get_nbits (key_sexp);
+ if (! n)
+ {
+ err = gcry_error (GPG_ERR_PUBKEY_ALGO);
+ goto out;
+ }
+
+ *nbits = n;
+
+ out:
+
+ gcry_sexp_release (key_sexp);
+
+ return err;
+}
+
+/* Writes the 20 byte long key grip of the key KEY to KEY_GRIP via
+ HANDLE. */
+gcry_error_t
+_gcry_ac_key_get_grip (gcry_ac_handle_t handle,
+ gcry_ac_key_t key, unsigned char *key_grip)
+{
+ gcry_sexp_t key_sexp;
+ gcry_error_t err;
+ unsigned char *ret;
+
+ if (fips_mode ())
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ key_sexp = NULL;
+ err = ac_data_construct (ac_key_identifiers[key->type], 0, 0,
+ handle->algorithm_name, key->data, &key_sexp);
+ if (err)
+ goto out;
+
+ ret = gcry_pk_get_keygrip (key_sexp, key_grip);
+ if (! ret)
+ {
+ err = gcry_error (GPG_ERR_INV_OBJ);
+ goto out;
+ }
+
+ err = 0;
+
+ out:
+
+ gcry_sexp_release (key_sexp);
+
+ return err;
+}
+
+
+
+
+/*
+ * Functions performing cryptographic operations.
+ */
+
+/* Encrypts the plain text MPI value DATA_PLAIN with the key public
+ KEY under the control of the flags FLAGS and stores the resulting
+ data set into DATA_ENCRYPTED. */
+gcry_error_t
+_gcry_ac_data_encrypt (gcry_ac_handle_t handle,
+ unsigned int flags,
+ gcry_ac_key_t key,
+ gcry_mpi_t data_plain,
+ gcry_ac_data_t *data_encrypted)
+{
+ gcry_ac_data_t data_encrypted_new;
+ gcry_ac_data_t data_value;
+ gcry_sexp_t sexp_request;
+ gcry_sexp_t sexp_reply;
+ gcry_sexp_t sexp_key;
+ gcry_error_t err;
+
+ if (fips_mode ())
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ data_encrypted_new = NULL;
+ sexp_request = NULL;
+ sexp_reply = NULL;
+ data_value = NULL;
+ sexp_key = NULL;
+
+ if (key->type != GCRY_AC_KEY_PUBLIC)
+ {
+ err = gcry_error (GPG_ERR_WRONG_KEY_USAGE);
+ goto out;
+ }
+
+ err = ac_data_construct (ac_key_identifiers[key->type], 0, 0,
+ handle->algorithm_name, key->data, &sexp_key);
+ if (err)
+ goto out;
+
+ err = _gcry_ac_data_new (&data_value);
+ if (err)
+ goto out;
+
+ err = _gcry_ac_data_set (data_value, 0, "value", data_plain);
+ if (err)
+ goto out;
+
+ err = ac_data_construct ("data", 1, flags, handle->algorithm_name,
+ data_value, &sexp_request);
+ if (err)
+ goto out;
+
+ /* FIXME: error vs. errcode? */
+
+ err = gcry_pk_encrypt (&sexp_reply, sexp_request, sexp_key);
+ if (err)
+ goto out;
+
+ /* Extract data. */
+ err = ac_data_extract ("enc-val", handle->algorithm_name,
+ sexp_reply, &data_encrypted_new);
+ if (err)
+ goto out;
+
+ *data_encrypted = data_encrypted_new;
+
+ out:
+
+ /* Deallocate resources. */
+
+ gcry_sexp_release (sexp_request);
+ gcry_sexp_release (sexp_reply);
+ gcry_sexp_release (sexp_key);
+ _gcry_ac_data_destroy (data_value);
+
+ return err;
+}
+
+/* Decrypts the encrypted data contained in the data set
+ DATA_ENCRYPTED with the secret key KEY under the control of the
+ flags FLAGS and stores the resulting plain text MPI value in
+ DATA_PLAIN. */
+gcry_error_t
+_gcry_ac_data_decrypt (gcry_ac_handle_t handle,
+ unsigned int flags,
+ gcry_ac_key_t key,
+ gcry_mpi_t *data_plain,
+ gcry_ac_data_t data_encrypted)
+{
+ gcry_mpi_t data_decrypted;
+ gcry_sexp_t sexp_request;
+ gcry_sexp_t sexp_reply;
+ gcry_sexp_t sexp_value;
+ gcry_sexp_t sexp_key;
+ gcry_error_t err;
+
+ if (fips_mode ())
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ sexp_request = NULL;
+ sexp_reply = NULL;
+ sexp_value = NULL;
+ sexp_key = NULL;
+
+ if (key->type != GCRY_AC_KEY_SECRET)
+ {
+ err = gcry_error (GPG_ERR_WRONG_KEY_USAGE);
+ goto out;
+ }
+
+ err = ac_data_construct (ac_key_identifiers[key->type], 0, 0,
+ handle->algorithm_name, key->data, &sexp_key);
+ if (err)
+ goto out;
+
+ /* Create S-expression from data. */
+ err = ac_data_construct ("enc-val", 1, flags, handle->algorithm_name,
+ data_encrypted, &sexp_request);
+ if (err)
+ goto out;
+
+ /* Decrypt. */
+ err = gcry_pk_decrypt (&sexp_reply, sexp_request, sexp_key);
+ if (err)
+ goto out;
+
+ /* Extract plain text. */
+ sexp_value = gcry_sexp_find_token (sexp_reply, "value", 0);
+ if (! sexp_value)
+ {
+ /* FIXME? */
+ err = gcry_error (GPG_ERR_GENERAL);
+ goto out;
+ }
+
+ data_decrypted = gcry_sexp_nth_mpi (sexp_value, 1, GCRYMPI_FMT_USG);
+ if (! data_decrypted)
+ {
+ err = gcry_error (GPG_ERR_GENERAL);
+ goto out;
+ }
+
+ *data_plain = data_decrypted;
+
+ out:
+
+ /* Deallocate resources. */
+ gcry_sexp_release (sexp_request);
+ gcry_sexp_release (sexp_reply);
+ gcry_sexp_release (sexp_value);
+ gcry_sexp_release (sexp_key);
+
+ return gcry_error (err);
+
+}
+
+/* Signs the data contained in DATA with the secret key KEY and stores
+ the resulting signature data set in DATA_SIGNATURE. */
+gcry_error_t
+_gcry_ac_data_sign (gcry_ac_handle_t handle,
+ gcry_ac_key_t key,
+ gcry_mpi_t data,
+ gcry_ac_data_t *data_signature)
+{
+ gcry_ac_data_t data_signed;
+ gcry_ac_data_t data_value;
+ gcry_sexp_t sexp_request;
+ gcry_sexp_t sexp_reply;
+ gcry_sexp_t sexp_key;
+ gcry_error_t err;
+
+ if (fips_mode ())
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ data_signed = NULL;
+ data_value = NULL;
+ sexp_request = NULL;
+ sexp_reply = NULL;
+ sexp_key = NULL;
+
+ if (key->type != GCRY_AC_KEY_SECRET)
+ {
+ err = gcry_error (GPG_ERR_WRONG_KEY_USAGE);
+ goto out;
+ }
+
+ err = ac_data_construct (ac_key_identifiers[key->type], 0, 0,
+ handle->algorithm_name, key->data, &sexp_key);
+ if (err)
+ goto out;
+
+ err = _gcry_ac_data_new (&data_value);
+ if (err)
+ goto out;
+
+ err = _gcry_ac_data_set (data_value, 0, "value", data);
+ if (err)
+ goto out;
+
+ /* Create S-expression holding the data. */
+ err = ac_data_construct ("data", 1, 0, NULL, data_value, &sexp_request);
+ if (err)
+ goto out;
+
+ /* Sign. */
+ err = gcry_pk_sign (&sexp_reply, sexp_request, sexp_key);
+ if (err)
+ goto out;
+
+ /* Extract data. */
+ err = ac_data_extract ("sig-val", handle->algorithm_name,
+ sexp_reply, &data_signed);
+ if (err)
+ goto out;
+
+ /* Done. */
+ *data_signature = data_signed;
+
+ out:
+
+ gcry_sexp_release (sexp_request);
+ gcry_sexp_release (sexp_reply);
+ gcry_sexp_release (sexp_key);
+ _gcry_ac_data_destroy (data_value);
+
+ return gcry_error (err);
+}
+
+
+/* Verifies that the signature contained in the data set
+ DATA_SIGNATURE is indeed the result of signing the data contained
+ in DATA with the secret key belonging to the public key KEY. */
+gcry_error_t
+_gcry_ac_data_verify (gcry_ac_handle_t handle,
+ gcry_ac_key_t key,
+ gcry_mpi_t data,
+ gcry_ac_data_t data_signature)
+{
+ gcry_sexp_t sexp_signature;
+ gcry_ac_data_t data_value;
+ gcry_sexp_t sexp_data;
+ gcry_sexp_t sexp_key;
+ gcry_error_t err;
+
+ if (fips_mode ())
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ sexp_signature = NULL;
+ data_value = NULL;
+ sexp_data = NULL;
+ sexp_key = NULL;
+
+ err = ac_data_construct ("public-key", 0, 0,
+ handle->algorithm_name, key->data, &sexp_key);
+ if (err)
+ goto out;
+
+ if (key->type != GCRY_AC_KEY_PUBLIC)
+ {
+ err = gcry_error (GPG_ERR_WRONG_KEY_USAGE);
+ goto out;
+ }
+
+ /* Construct S-expression holding the signature data. */
+ err = ac_data_construct ("sig-val", 1, 0, handle->algorithm_name,
+ data_signature, &sexp_signature);
+ if (err)
+ goto out;
+
+ err = _gcry_ac_data_new (&data_value);
+ if (err)
+ goto out;
+
+ err = _gcry_ac_data_set (data_value, 0, "value", data);
+ if (err)
+ goto out;
+
+ /* Construct S-expression holding the data. */
+ err = ac_data_construct ("data", 1, 0, NULL, data_value, &sexp_data);
+ if (err)
+ goto out;
+
+ /* Verify signature. */
+ err = gcry_pk_verify (sexp_signature, sexp_data, sexp_key);
+
+ out:
+
+ gcry_sexp_release (sexp_signature);
+ gcry_sexp_release (sexp_data);
+ gcry_sexp_release (sexp_key);
+ _gcry_ac_data_destroy (data_value);
+
+ return gcry_error (err);
+}
+
+
+
+
+/*
+ * Implementation of encoding methods (em).
+ */
+
+/* Type for functions that encode or decode (hence the name) a
+ message. */
+typedef gcry_error_t (*gcry_ac_em_dencode_t) (unsigned int flags,
+ void *options,
+ gcry_ac_io_t *ac_io_read,
+ gcry_ac_io_t *ac_io_write);
+
+/* Fill the buffer BUFFER which is BUFFER_N bytes long with non-zero
+ random bytes of random level LEVEL. */
+static void
+em_randomize_nonzero (unsigned char *buffer, size_t buffer_n,
+ gcry_random_level_t level)
+{
+ unsigned char *buffer_rand;
+ unsigned int buffer_rand_n;
+ unsigned int zeros;
+ unsigned int i;
+ unsigned int j;
+
+ for (i = 0; i < buffer_n; i++)
+ buffer[i] = 0;
+
+ do
+ {
+ /* Count zeros. */
+ for (i = zeros = 0; i < buffer_n; i++)
+ if (! buffer[i])
+ zeros++;
+
+ if (zeros)
+ {
+ /* Get random bytes. */
+ buffer_rand_n = zeros + (zeros / 128);
+ buffer_rand = gcry_random_bytes_secure (buffer_rand_n, level);
+
+ /* Substitute zeros with non-zero random bytes. */
+ for (i = j = 0; zeros && (i < buffer_n) && (j < buffer_rand_n); i++)
+ if (! buffer[i])
+ {
+ while ((j < buffer_rand_n) && (! buffer_rand[j]))
+ j++;
+ if (j < buffer_rand_n)
+ {
+ buffer[i] = buffer_rand[j++];
+ zeros--;
+ }
+ else
+ break;
+ }
+ gcry_free (buffer_rand);
+ }
+ }
+ while (zeros);
+}
+
+/* Encode a message according to the Encoding Method for Encryption
+ `PKCS-V1_5' (EME-PKCS-V1_5). */
+static gcry_error_t
+eme_pkcs_v1_5_encode (unsigned int flags, void *opts,
+ gcry_ac_io_t *ac_io_read,
+ gcry_ac_io_t *ac_io_write)
+{
+ gcry_ac_eme_pkcs_v1_5_t *options;
+ gcry_error_t err;
+ unsigned char *buffer;
+ unsigned char *ps;
+ unsigned char *m;
+ size_t m_n;
+ unsigned int ps_n;
+ unsigned int k;
+
+ (void)flags;
+
+ options = opts;
+ buffer = NULL;
+ m = NULL;
+
+ err = _gcry_ac_io_read_all (ac_io_read, &m, &m_n);
+ if (err)
+ goto out;
+
+ /* Figure out key length in bytes. */
+ k = options->key_size / 8;
+
+ if (m_n > k - 11)
+ {
+ /* Key is too short for message. */
+ err = gcry_error (GPG_ERR_TOO_SHORT);
+ goto out;
+ }
+
+ /* According to this encoding method, the first byte of the encoded
+ message is zero. This byte will be lost anyway, when the encoded
+ message is to be converted into an MPI, that's why we skip
+ it. */
+
+ /* Allocate buffer. */
+ buffer = gcry_malloc (k - 1);
+ if (! buffer)
+ {
+ err = gcry_error_from_errno (errno);
+ goto out;
+ }
+
+ /* Generate an octet string PS of length k - mLen - 3 consisting
+ of pseudorandomly generated nonzero octets. The length of PS
+ will be at least eight octets. */
+ ps_n = k - m_n - 3;
+ ps = buffer + 1;
+ em_randomize_nonzero (ps, ps_n, GCRY_STRONG_RANDOM);
+
+ /* Concatenate PS, the message M, and other padding to form an
+ encoded message EM of length k octets as:
+
+ EM = 0x00 || 0x02 || PS || 0x00 || M. */
+
+ buffer[0] = 0x02;
+ buffer[ps_n + 1] = 0x00;
+ memcpy (buffer + ps_n + 2, m, m_n);
+
+ err = _gcry_ac_io_write (ac_io_write, buffer, k - 1);
+
+ out:
+
+ gcry_free (buffer);
+ gcry_free (m);
+
+ return err;
+}
+
+/* Decode a message according to the Encoding Method for Encryption
+ `PKCS-V1_5' (EME-PKCS-V1_5). */
+static gcry_error_t
+eme_pkcs_v1_5_decode (unsigned int flags, void *opts,
+ gcry_ac_io_t *ac_io_read,
+ gcry_ac_io_t *ac_io_write)
+{
+ gcry_ac_eme_pkcs_v1_5_t *options;
+ unsigned char *buffer;
+ unsigned char *em;
+ size_t em_n;
+ gcry_error_t err;
+ unsigned int i;
+ unsigned int k;
+
+ (void)flags;
+
+ options = opts;
+ buffer = NULL;
+ em = NULL;
+
+ err = _gcry_ac_io_read_all (ac_io_read, &em, &em_n);
+ if (err)
+ goto out;
+
+ /* Figure out key size. */
+ k = options->key_size / 8;
+
+ /* Search for zero byte. */
+ for (i = 0; (i < em_n) && em[i]; i++);
+
+ /* According to this encoding method, the first byte of the encoded
+ message should be zero. This byte is lost. */
+
+ if (! ((em_n >= 10)
+ && (em_n == (k - 1))
+ && (em[0] == 0x02)
+ && (i < em_n)
+ && ((i - 1) >= 8)))
+ {
+ err = gcry_error (GPG_ERR_DECRYPT_FAILED);
+ goto out;
+ }
+
+ i++;
+ buffer = gcry_malloc (em_n - i);
+ if (! buffer)
+ {
+ err = gcry_error_from_errno (errno);
+ goto out;
+ }
+
+ memcpy (buffer, em + i, em_n - i);
+ err = _gcry_ac_io_write (ac_io_write, buffer, em_n - i);
+
+ out:
+
+ gcry_free (buffer);
+ gcry_free (em);
+
+ return err;
+}
+
+static gcry_error_t
+emsa_pkcs_v1_5_encode_data_cb (void *opaque,
+ unsigned char *buffer, size_t buffer_n)
+{
+ gcry_md_hd_t md_handle;
+
+ md_handle = opaque;
+ gcry_md_write (md_handle, buffer, buffer_n);
+
+ return 0;
+}
+
+
+/* Encode a message according to the Encoding Method for Signatures
+ with Appendix `PKCS-V1_5' (EMSA-PKCS-V1_5). */
+static gcry_error_t
+emsa_pkcs_v1_5_encode (unsigned int flags, void *opts,
+ gcry_ac_io_t *ac_io_read,
+ gcry_ac_io_t *ac_io_write)
+{
+ gcry_ac_emsa_pkcs_v1_5_t *options;
+ gcry_error_t err;
+ gcry_md_hd_t md;
+ unsigned char *t;
+ size_t t_n;
+ unsigned char *h;
+ size_t h_n;
+ unsigned char *ps;
+ size_t ps_n;
+ unsigned char *buffer;
+ size_t buffer_n;
+ unsigned char asn[100]; /* FIXME, always enough? */
+ size_t asn_n;
+ unsigned int i;
+
+ (void)flags;
+
+ options = opts;
+ buffer = NULL;
+ md = NULL;
+ ps = NULL;
+ t = NULL;
+
+ /* Create hashing handle and get the necessary information. */
+ err = gcry_md_open (&md, options->md, 0);
+ if (err)
+ goto out;
+
+ asn_n = DIM (asn);
+ err = gcry_md_algo_info (options->md, GCRYCTL_GET_ASNOID, asn, &asn_n);
+ if (err)
+ goto out;
+
+ h_n = gcry_md_get_algo_dlen (options->md);
+
+ err = _gcry_ac_io_process (ac_io_read, emsa_pkcs_v1_5_encode_data_cb, md);
+ if (err)
+ goto out;
+
+ h = gcry_md_read (md, 0);
+
+ /* Encode the algorithm ID for the hash function and the hash value
+ into an ASN.1 value of type DigestInfo with the Distinguished
+ Encoding Rules (DER), where the type DigestInfo has the syntax:
+
+ DigestInfo ::== SEQUENCE {
+ digestAlgorithm AlgorithmIdentifier,
+ digest OCTET STRING
+ }
+
+ The first field identifies the hash function and the second
+ contains the hash value. Let T be the DER encoding of the
+ DigestInfo value and let tLen be the length in octets of T. */
+
+ t_n = asn_n + h_n;
+ t = gcry_malloc (t_n);
+ if (! t)
+ {
+ err = gcry_error_from_errno (errno);
+ goto out;
+ }
+
+ for (i = 0; i < asn_n; i++)
+ t[i] = asn[i];
+ for (i = 0; i < h_n; i++)
+ t[asn_n + i] = h[i];
+
+ /* If emLen < tLen + 11, output "intended encoded message length
+ too short" and stop. */
+ if (options->em_n < t_n + 11)
+ {
+ err = gcry_error (GPG_ERR_TOO_SHORT);
+ goto out;
+ }
+
+ /* Generate an octet string PS consisting of emLen - tLen - 3 octets
+ with hexadecimal value 0xFF. The length of PS will be at least 8
+ octets. */
+ ps_n = options->em_n - t_n - 3;
+ ps = gcry_malloc (ps_n);
+ if (! ps)
+ {
+ err = gcry_error_from_errno (errno);
+ goto out;
+ }
+ for (i = 0; i < ps_n; i++)
+ ps[i] = 0xFF;
+
+ /* Concatenate PS, the DER encoding T, and other padding to form the
+ encoded message EM as:
+
+ EM = 0x00 || 0x01 || PS || 0x00 || T. */
+
+ buffer_n = ps_n + t_n + 3;
+ buffer = gcry_malloc (buffer_n);
+ if (! buffer)
+ {
+ err = gcry_error_from_errno (errno);
+ goto out;
+ }
+
+ buffer[0] = 0x00;
+ buffer[1] = 0x01;
+ for (i = 0; i < ps_n; i++)
+ buffer[2 + i] = ps[i];
+ buffer[2 + ps_n] = 0x00;
+ for (i = 0; i < t_n; i++)
+ buffer[3 + ps_n + i] = t[i];
+
+ err = _gcry_ac_io_write (ac_io_write, buffer, buffer_n);
+
+ out:
+
+ gcry_md_close (md);
+
+ gcry_free (buffer);
+ gcry_free (ps);
+ gcry_free (t);
+
+ return err;
+}
+
+/* `Actions' for data_dencode(). */
+typedef enum dencode_action
+ {
+ DATA_ENCODE,
+ DATA_DECODE,
+ }
+dencode_action_t;
+
+/* Encode or decode a message according to the the encoding method
+ METHOD; ACTION specifies wether the message that is contained in
+ BUFFER_IN and of length BUFFER_IN_N should be encoded or decoded.
+ The resulting message will be stored in a newly allocated buffer in
+ BUFFER_OUT and BUFFER_OUT_N. */
+static gcry_error_t
+ac_data_dencode (gcry_ac_em_t method, dencode_action_t action,
+ unsigned int flags, void *options,
+ gcry_ac_io_t *ac_io_read,
+ gcry_ac_io_t *ac_io_write)
+{
+ struct
+ {
+ gcry_ac_em_t method;
+ gcry_ac_em_dencode_t encode;
+ gcry_ac_em_dencode_t decode;
+ } methods[] =
+ {
+ { GCRY_AC_EME_PKCS_V1_5,
+ eme_pkcs_v1_5_encode, eme_pkcs_v1_5_decode },
+ { GCRY_AC_EMSA_PKCS_V1_5,
+ emsa_pkcs_v1_5_encode, NULL },
+ };
+ size_t methods_n;
+ gcry_error_t err;
+ unsigned int i;
+
+ methods_n = sizeof (methods) / sizeof (*methods);
+
+ for (i = 0; i < methods_n; i++)
+ if (methods[i].method == method)
+ break;
+ if (i == methods_n)
+ {
+ err = gcry_error (GPG_ERR_NOT_FOUND); /* FIXME? */
+ goto out;
+ }
+
+ err = 0;
+ switch (action)
+ {
+ case DATA_ENCODE:
+ if (methods[i].encode)
+ /* FIXME? */
+ err = (*methods[i].encode) (flags, options, ac_io_read, ac_io_write);
+ break;
+
+ case DATA_DECODE:
+ if (methods[i].decode)
+ /* FIXME? */
+ err = (*methods[i].decode) (flags, options, ac_io_read, ac_io_write);
+ break;
+
+ default:
+ err = gcry_error (GPG_ERR_INV_ARG);
+ break;
+ }
+
+ out:
+
+ return err;
+}
+
+/* Encode a message according to the encoding method METHOD. OPTIONS
+ must be a pointer to a method-specific structure
+ (gcry_ac_em*_t). */
+gcry_error_t
+_gcry_ac_data_encode (gcry_ac_em_t method,
+ unsigned int flags, void *options,
+ gcry_ac_io_t *ac_io_read,
+ gcry_ac_io_t *ac_io_write)
+{
+ if (fips_mode ())
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ return ac_data_dencode (method, DATA_ENCODE, flags, options,
+ ac_io_read, ac_io_write);
+}
+
+/* Dencode a message according to the encoding method METHOD. OPTIONS
+ must be a pointer to a method-specific structure
+ (gcry_ac_em*_t). */
+gcry_error_t
+_gcry_ac_data_decode (gcry_ac_em_t method,
+ unsigned int flags, void *options,
+ gcry_ac_io_t *ac_io_read,
+ gcry_ac_io_t *ac_io_write)
+{
+ if (fips_mode ())
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ return ac_data_dencode (method, DATA_DECODE, flags, options,
+ ac_io_read, ac_io_write);
+}
+
+/* Convert an MPI into an octet string. */
+void
+_gcry_ac_mpi_to_os (gcry_mpi_t mpi, unsigned char *os, size_t os_n)
+{
+ unsigned long digit;
+ gcry_mpi_t base;
+ unsigned int i;
+ unsigned int n;
+ gcry_mpi_t m;
+ gcry_mpi_t d;
+
+ if (fips_mode ())
+ return;
+
+ base = gcry_mpi_new (0);
+ gcry_mpi_set_ui (base, 256);
+
+ n = 0;
+ m = gcry_mpi_copy (mpi);
+ while (gcry_mpi_cmp_ui (m, 0))
+ {
+ n++;
+ gcry_mpi_div (m, NULL, m, base, 0);
+ }
+
+ gcry_mpi_set (m, mpi);
+ d = gcry_mpi_new (0);
+ for (i = 0; (i < n) && (i < os_n); i++)
+ {
+ gcry_mpi_mod (d, m, base);
+ _gcry_mpi_get_ui (d, &digit);
+ gcry_mpi_div (m, NULL, m, base, 0);
+ os[os_n - i - 1] = (digit & 0xFF);
+ }
+
+ for (; i < os_n; i++)
+ os[os_n - i - 1] = 0;
+
+ gcry_mpi_release (base);
+ gcry_mpi_release (d);
+ gcry_mpi_release (m);
+}
+
+/* Convert an MPI into an newly allocated octet string. */
+gcry_error_t
+_gcry_ac_mpi_to_os_alloc (gcry_mpi_t mpi, unsigned char **os, size_t *os_n)
+{
+ unsigned char *buffer;
+ size_t buffer_n;
+ gcry_error_t err;
+ unsigned int nbits;
+
+ if (fips_mode ())
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ nbits = gcry_mpi_get_nbits (mpi);
+ buffer_n = (nbits + 7) / 8;
+ buffer = gcry_malloc (buffer_n);
+ if (! buffer)
+ {
+ err = gcry_error_from_errno (errno);
+ goto out;
+ }
+
+ _gcry_ac_mpi_to_os (mpi, buffer, buffer_n);
+ *os = buffer;
+ *os_n = buffer_n;
+ err = 0;
+
+ out:
+
+ return err;
+}
+
+
+/* Convert an octet string into an MPI. */
+void
+_gcry_ac_os_to_mpi (gcry_mpi_t mpi, unsigned char *os, size_t os_n)
+{
+ unsigned int i;
+ gcry_mpi_t xi;
+ gcry_mpi_t x;
+ gcry_mpi_t a;
+
+ if (fips_mode ())
+ return;
+
+ a = gcry_mpi_new (0);
+ gcry_mpi_set_ui (a, 1);
+ x = gcry_mpi_new (0);
+ gcry_mpi_set_ui (x, 0);
+ xi = gcry_mpi_new (0);
+
+ for (i = 0; i < os_n; i++)
+ {
+ gcry_mpi_mul_ui (xi, a, os[os_n - i - 1]);
+ gcry_mpi_add (x, x, xi);
+ gcry_mpi_mul_ui (a, a, 256);
+ }
+
+ gcry_mpi_release (xi);
+ gcry_mpi_release (a);
+
+ gcry_mpi_set (mpi, x);
+ gcry_mpi_release (x); /* FIXME: correct? */
+}
+
+
+
+/*
+ * Implementation of Encryption Schemes (ES) and Signature Schemes
+ * with Appendix (SSA).
+ */
+
+/* Schemes consist of two things: encoding methods and cryptographic
+ primitives.
+
+ Since encoding methods are accessible through a common API with
+ method-specific options passed as an anonymous struct, schemes have
+ to provide functions that construct this method-specific structure;
+ this is what the functions of type `gcry_ac_dencode_prepare_t' are
+ there for. */
+
+typedef gcry_error_t (*gcry_ac_dencode_prepare_t) (gcry_ac_handle_t handle,
+ gcry_ac_key_t key,
+ void *opts,
+ void *opts_em);
+
+/* The `dencode_prepare' function for ES-PKCS-V1_5. */
+static gcry_error_t
+ac_es_dencode_prepare_pkcs_v1_5 (gcry_ac_handle_t handle, gcry_ac_key_t key,
+ void *opts, void *opts_em)
+{
+ gcry_ac_eme_pkcs_v1_5_t *options_em;
+ unsigned int nbits;
+ gcry_error_t err;
+
+ (void)opts;
+
+ err = _gcry_ac_key_get_nbits (handle, key, &nbits);
+ if (err)
+ goto out;
+
+ options_em = opts_em;
+ options_em->key_size = nbits;
+
+ out:
+
+ return err;
+}
+
+/* The `dencode_prepare' function for SSA-PKCS-V1_5. */
+static gcry_error_t
+ac_ssa_dencode_prepare_pkcs_v1_5 (gcry_ac_handle_t handle, gcry_ac_key_t key,
+ void *opts, void *opts_em)
+{
+ gcry_ac_emsa_pkcs_v1_5_t *options_em;
+ gcry_ac_ssa_pkcs_v1_5_t *options;
+ gcry_error_t err;
+ unsigned int k;
+
+ options_em = opts_em;
+ options = opts;
+
+ err = _gcry_ac_key_get_nbits (handle, key, &k);
+ if (err)
+ goto out;
+
+ k = (k + 7) / 8;
+ options_em->md = options->md;
+ options_em->em_n = k;
+
+ out:
+
+ return err;
+}
+
+/* Type holding the information about each supported
+ Encryption/Signature Scheme. */
+typedef struct ac_scheme
+{
+ gcry_ac_scheme_t scheme;
+ gcry_ac_em_t scheme_encoding;
+ gcry_ac_dencode_prepare_t dencode_prepare;
+ size_t options_em_n;
+} ac_scheme_t;
+
+/* List of supported Schemes. */
+static ac_scheme_t ac_schemes[] =
+ {
+ { GCRY_AC_ES_PKCS_V1_5, GCRY_AC_EME_PKCS_V1_5,
+ ac_es_dencode_prepare_pkcs_v1_5,
+ sizeof (gcry_ac_eme_pkcs_v1_5_t) },
+ { GCRY_AC_SSA_PKCS_V1_5, GCRY_AC_EMSA_PKCS_V1_5,
+ ac_ssa_dencode_prepare_pkcs_v1_5,
+ sizeof (gcry_ac_emsa_pkcs_v1_5_t) }
+ };
+
+/* Lookup a scheme by it's ID. */
+static ac_scheme_t *
+ac_scheme_get (gcry_ac_scheme_t scheme)
+{
+ ac_scheme_t *ac_scheme;
+ unsigned int i;
+
+ for (i = 0; i < DIM (ac_schemes); i++)
+ if (scheme == ac_schemes[i].scheme)
+ break;
+ if (i == DIM (ac_schemes))
+ ac_scheme = NULL;
+ else
+ ac_scheme = ac_schemes + i;
+
+ return ac_scheme;
+}
+
+/* Prepares the encoding/decoding by creating an according option
+ structure. */
+static gcry_error_t
+ac_dencode_prepare (gcry_ac_handle_t handle, gcry_ac_key_t key, void *opts,
+ ac_scheme_t scheme, void **opts_em)
+{
+ gcry_error_t err;
+ void *options_em;
+
+ options_em = gcry_malloc (scheme.options_em_n);
+ if (! options_em)
+ {
+ err = gcry_error_from_errno (errno);
+ goto out;
+ }
+
+ err = (*scheme.dencode_prepare) (handle, key, opts, options_em);
+ if (err)
+ goto out;
+
+ *opts_em = options_em;
+
+ out:
+
+ if (err)
+ free (options_em);
+
+ return err;
+}
+
+/* Convert a data set into a single MPI; currently, this is only
+ supported for data sets containing a single MPI. */
+static gcry_error_t
+ac_data_set_to_mpi (gcry_ac_data_t data, gcry_mpi_t *mpi)
+{
+ gcry_error_t err;
+ gcry_mpi_t mpi_new;
+ unsigned int elems;
+
+ elems = _gcry_ac_data_length (data);
+
+ if (elems != 1)
+ {
+ /* FIXME: I guess, we should be more flexible in this respect by
+ allowing the actual encryption/signature schemes to implement
+ this conversion mechanism. */
+ err = gcry_error (GPG_ERR_CONFLICT);
+ goto out;
+ }
+
+ err = _gcry_ac_data_get_index (data, GCRY_AC_FLAG_COPY, 0, NULL, &mpi_new);
+ if (err)
+ goto out;
+
+ *mpi = mpi_new;
+
+ out:
+
+ return err;
+}
+
+/* Encrypts the plain text message contained in M, which is of size
+ M_N, with the public key KEY_PUBLIC according to the Encryption
+ Scheme SCHEME_ID. HANDLE is used for accessing the low-level
+ cryptographic primitives. If OPTS is not NULL, it has to be an
+ anonymous structure specific to the chosen scheme (gcry_ac_es_*_t).
+ The encrypted message will be stored in C and C_N. */
+gcry_error_t
+_gcry_ac_data_encrypt_scheme (gcry_ac_handle_t handle,
+ gcry_ac_scheme_t scheme_id,
+ unsigned int flags, void *opts,
+ gcry_ac_key_t key,
+ gcry_ac_io_t *io_message,
+ gcry_ac_io_t *io_cipher)
+{
+ gcry_error_t err;
+ gcry_ac_io_t io_em;
+ unsigned char *em;
+ size_t em_n;
+ gcry_mpi_t mpi_plain;
+ gcry_ac_data_t data_encrypted;
+ gcry_mpi_t mpi_encrypted;
+ unsigned char *buffer;
+ size_t buffer_n;
+ void *opts_em;
+ ac_scheme_t *scheme;
+
+ (void)flags;
+
+ if (fips_mode ())
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ data_encrypted = NULL;
+ mpi_encrypted = NULL;
+ mpi_plain = NULL;
+ opts_em = NULL;
+ buffer = NULL;
+ em = NULL;
+
+ scheme = ac_scheme_get (scheme_id);
+ if (! scheme)
+ {
+ err = gcry_error (GPG_ERR_NO_ENCRYPTION_SCHEME);
+ goto out;
+ }
+
+ if (key->type != GCRY_AC_KEY_PUBLIC)
+ {
+ err = gcry_error (GPG_ERR_WRONG_KEY_USAGE);
+ goto out;
+ }
+
+ err = ac_dencode_prepare (handle, key, opts, *scheme, &opts_em);
+ if (err)
+ goto out;
+
+ _gcry_ac_io_init (&io_em, GCRY_AC_IO_WRITABLE,
+ GCRY_AC_IO_STRING, &em, &em_n);
+
+ err = _gcry_ac_data_encode (scheme->scheme_encoding, 0, opts_em,
+ io_message, &io_em);
+ if (err)
+ goto out;
+
+ mpi_plain = gcry_mpi_snew (0);
+ gcry_ac_os_to_mpi (mpi_plain, em, em_n);
+
+ err = _gcry_ac_data_encrypt (handle, 0, key, mpi_plain, &data_encrypted);
+ if (err)
+ goto out;
+
+ err = ac_data_set_to_mpi (data_encrypted, &mpi_encrypted);
+ if (err)
+ goto out;
+
+ err = _gcry_ac_mpi_to_os_alloc (mpi_encrypted, &buffer, &buffer_n);
+ if (err)
+ goto out;
+
+ err = _gcry_ac_io_write (io_cipher, buffer, buffer_n);
+
+ out:
+
+ gcry_ac_data_destroy (data_encrypted);
+ gcry_mpi_release (mpi_encrypted);
+ gcry_mpi_release (mpi_plain);
+ gcry_free (opts_em);
+ gcry_free (buffer);
+ gcry_free (em);
+
+ return err;
+}
+
+/* Decryptes the cipher message contained in C, which is of size C_N,
+ with the secret key KEY_SECRET according to the Encryption Scheme
+ SCHEME_ID. Handle is used for accessing the low-level
+ cryptographic primitives. If OPTS is not NULL, it has to be an
+ anonymous structure specific to the chosen scheme (gcry_ac_es_*_t).
+ The decrypted message will be stored in M and M_N. */
+gcry_error_t
+_gcry_ac_data_decrypt_scheme (gcry_ac_handle_t handle,
+ gcry_ac_scheme_t scheme_id,
+ unsigned int flags, void *opts,
+ gcry_ac_key_t key,
+ gcry_ac_io_t *io_cipher,
+ gcry_ac_io_t *io_message)
+{
+ gcry_ac_io_t io_em;
+ gcry_error_t err;
+ gcry_ac_data_t data_encrypted;
+ unsigned char *em;
+ size_t em_n;
+ gcry_mpi_t mpi_encrypted;
+ gcry_mpi_t mpi_decrypted;
+ void *opts_em;
+ ac_scheme_t *scheme;
+ char *elements_enc;
+ size_t elements_enc_n;
+ unsigned char *c;
+ size_t c_n;
+
+ (void)flags;
+
+ if (fips_mode ())
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ data_encrypted = NULL;
+ mpi_encrypted = NULL;
+ mpi_decrypted = NULL;
+ elements_enc = NULL;
+ opts_em = NULL;
+ em = NULL;
+ c = NULL;
+
+ scheme = ac_scheme_get (scheme_id);
+ if (! scheme)
+ {
+ err = gcry_error (GPG_ERR_NO_ENCRYPTION_SCHEME);
+ goto out;
+ }
+
+ if (key->type != GCRY_AC_KEY_SECRET)
+ {
+ err = gcry_error (GPG_ERR_WRONG_KEY_USAGE);
+ goto out;
+ }
+
+ err = _gcry_ac_io_read_all (io_cipher, &c, &c_n);
+ if (err)
+ goto out;
+
+ mpi_encrypted = gcry_mpi_snew (0);
+ gcry_ac_os_to_mpi (mpi_encrypted, c, c_n);
+
+ err = _gcry_pk_get_elements (handle->algorithm, &elements_enc, NULL);
+ if (err)
+ goto out;
+
+ elements_enc_n = strlen (elements_enc);
+ if (elements_enc_n != 1)
+ {
+ /* FIXME? */
+ err = gcry_error (GPG_ERR_CONFLICT);
+ goto out;
+ }
+
+ err = _gcry_ac_data_new (&data_encrypted);
+ if (err)
+ goto out;
+
+ err = _gcry_ac_data_set (data_encrypted, GCRY_AC_FLAG_COPY | GCRY_AC_FLAG_DEALLOC,
+ elements_enc, mpi_encrypted);
+ if (err)
+ goto out;
+
+ err = _gcry_ac_data_decrypt (handle, 0, key, &mpi_decrypted, data_encrypted);
+ if (err)
+ goto out;
+
+ err = _gcry_ac_mpi_to_os_alloc (mpi_decrypted, &em, &em_n);
+ if (err)
+ goto out;
+
+ err = ac_dencode_prepare (handle, key, opts, *scheme, &opts_em);
+ if (err)
+ goto out;
+
+ _gcry_ac_io_init (&io_em, GCRY_AC_IO_READABLE,
+ GCRY_AC_IO_STRING, em, em_n);
+
+ err = _gcry_ac_data_decode (scheme->scheme_encoding, 0, opts_em,
+ &io_em, io_message);
+ if (err)
+ goto out;
+
+ out:
+
+ _gcry_ac_data_destroy (data_encrypted);
+ gcry_mpi_release (mpi_encrypted);
+ gcry_mpi_release (mpi_decrypted);
+ free (elements_enc);
+ gcry_free (opts_em);
+ gcry_free (em);
+ gcry_free (c);
+
+ return err;
+}
+
+
+/* Signs the message contained in M, which is of size M_N, with the
+ secret key KEY according to the Signature Scheme SCHEME_ID. Handle
+ is used for accessing the low-level cryptographic primitives. If
+ OPTS is not NULL, it has to be an anonymous structure specific to
+ the chosen scheme (gcry_ac_ssa_*_t). The signed message will be
+ stored in S and S_N. */
+gcry_error_t
+_gcry_ac_data_sign_scheme (gcry_ac_handle_t handle,
+ gcry_ac_scheme_t scheme_id,
+ unsigned int flags, void *opts,
+ gcry_ac_key_t key,
+ gcry_ac_io_t *io_message,
+ gcry_ac_io_t *io_signature)
+{
+ gcry_ac_io_t io_em;
+ gcry_error_t err;
+ gcry_ac_data_t data_signed;
+ unsigned char *em;
+ size_t em_n;
+ gcry_mpi_t mpi;
+ void *opts_em;
+ unsigned char *buffer;
+ size_t buffer_n;
+ gcry_mpi_t mpi_signed;
+ ac_scheme_t *scheme;
+
+ (void)flags;
+
+ if (fips_mode ())
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ data_signed = NULL;
+ mpi_signed = NULL;
+ opts_em = NULL;
+ buffer = NULL;
+ mpi = NULL;
+ em = NULL;
+
+ if (key->type != GCRY_AC_KEY_SECRET)
+ {
+ err = gcry_error (GPG_ERR_WRONG_KEY_USAGE);
+ goto out;
+ }
+
+ scheme = ac_scheme_get (scheme_id);
+ if (! scheme)
+ {
+ /* FIXME: adjust api of scheme_get in respect to err codes. */
+ err = gcry_error (GPG_ERR_NO_SIGNATURE_SCHEME);
+ goto out;
+ }
+
+ err = ac_dencode_prepare (handle, key, opts, *scheme, &opts_em);
+ if (err)
+ goto out;
+
+ _gcry_ac_io_init (&io_em, GCRY_AC_IO_WRITABLE,
+ GCRY_AC_IO_STRING, &em, &em_n);
+
+ err = _gcry_ac_data_encode (scheme->scheme_encoding, 0, opts_em,
+ io_message, &io_em);
+ if (err)
+ goto out;
+
+ mpi = gcry_mpi_new (0);
+ _gcry_ac_os_to_mpi (mpi, em, em_n);
+
+ err = _gcry_ac_data_sign (handle, key, mpi, &data_signed);
+ if (err)
+ goto out;
+
+ err = ac_data_set_to_mpi (data_signed, &mpi_signed);
+ if (err)
+ goto out;
+
+ err = _gcry_ac_mpi_to_os_alloc (mpi_signed, &buffer, &buffer_n);
+ if (err)
+ goto out;
+
+ err = _gcry_ac_io_write (io_signature, buffer, buffer_n);
+
+ out:
+
+ _gcry_ac_data_destroy (data_signed);
+ gcry_mpi_release (mpi_signed);
+ gcry_mpi_release (mpi);
+ gcry_free (opts_em);
+ gcry_free (buffer);
+ gcry_free (em);
+
+ return err;
+}
+
+/* Verifies that the signature contained in S, which is of length S_N,
+ is indeed the result of signing the message contained in M, which
+ is of size M_N, with the secret key belonging to the public key
+ KEY_PUBLIC. If OPTS is not NULL, it has to be an anonymous
+ structure (gcry_ac_ssa_*_t) specific to the Signature Scheme, whose
+ ID is contained in SCHEME_ID. */
+gcry_error_t
+_gcry_ac_data_verify_scheme (gcry_ac_handle_t handle,
+ gcry_ac_scheme_t scheme_id,
+ unsigned int flags, void *opts,
+ gcry_ac_key_t key,
+ gcry_ac_io_t *io_message,
+ gcry_ac_io_t *io_signature)
+{
+ gcry_ac_io_t io_em;
+ gcry_error_t err;
+ gcry_ac_data_t data_signed;
+ unsigned char *em;
+ size_t em_n;
+ void *opts_em;
+ gcry_mpi_t mpi_signature;
+ gcry_mpi_t mpi_data;
+ ac_scheme_t *scheme;
+ char *elements_sig;
+ size_t elements_sig_n;
+ unsigned char *s;
+ size_t s_n;
+
+ (void)flags;
+
+ if (fips_mode ())
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ mpi_signature = NULL;
+ elements_sig = NULL;
+ data_signed = NULL;
+ mpi_data = NULL;
+ opts_em = NULL;
+ em = NULL;
+ s = NULL;
+
+ if (key->type != GCRY_AC_KEY_PUBLIC)
+ {
+ err = gcry_error (GPG_ERR_WRONG_KEY_USAGE);
+ goto out;
+ }
+
+ scheme = ac_scheme_get (scheme_id);
+ if (! scheme)
+ {
+ err = gcry_error (GPG_ERR_NO_SIGNATURE_SCHEME);
+ goto out;
+ }
+
+ err = ac_dencode_prepare (handle, key, opts, *scheme, &opts_em);
+ if (err)
+ goto out;
+
+ _gcry_ac_io_init (&io_em, GCRY_AC_IO_WRITABLE,
+ GCRY_AC_IO_STRING, &em, &em_n);
+
+ err = _gcry_ac_data_encode (scheme->scheme_encoding, 0, opts_em,
+ io_message, &io_em);
+ if (err)
+ goto out;
+
+ mpi_data = gcry_mpi_new (0);
+ _gcry_ac_os_to_mpi (mpi_data, em, em_n);
+
+ err = _gcry_ac_io_read_all (io_signature, &s, &s_n);
+ if (err)
+ goto out;
+
+ mpi_signature = gcry_mpi_new (0);
+ _gcry_ac_os_to_mpi (mpi_signature, s, s_n);
+
+ err = _gcry_pk_get_elements (handle->algorithm, NULL, &elements_sig);
+ if (err)
+ goto out;
+
+ elements_sig_n = strlen (elements_sig);
+ if (elements_sig_n != 1)
+ {
+ /* FIXME? */
+ err = gcry_error (GPG_ERR_CONFLICT);
+ goto out;
+ }
+
+ err = _gcry_ac_data_new (&data_signed);
+ if (err)
+ goto out;
+
+ err = _gcry_ac_data_set (data_signed, GCRY_AC_FLAG_COPY | GCRY_AC_FLAG_DEALLOC,
+ elements_sig, mpi_signature);
+ if (err)
+ goto out;
+
+ gcry_mpi_release (mpi_signature);
+ mpi_signature = NULL;
+
+ err = _gcry_ac_data_verify (handle, key, mpi_data, data_signed);
+
+ out:
+
+ _gcry_ac_data_destroy (data_signed);
+ gcry_mpi_release (mpi_signature);
+ gcry_mpi_release (mpi_data);
+ free (elements_sig);
+ gcry_free (opts_em);
+ gcry_free (em);
+ gcry_free (s);
+
+ return err;
+}
+
+
+/*
+ * General functions.
+ */
+
+gcry_err_code_t
+_gcry_ac_init (void)
+{
+ if (fips_mode ())
+ return GPG_ERR_NOT_SUPPORTED;
+
+ return 0;
+}
diff --git a/grub-core/lib/libgcrypt/cipher/arcfour.c b/grub-core/lib/libgcrypt/cipher/arcfour.c
new file mode 100644
index 0000000..6bb0555
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/arcfour.c
@@ -0,0 +1,156 @@
+/* arcfour.c - The arcfour stream cipher
+ * Copyright (C) 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ *
+ * For a description of the algorithm, see:
+ * Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996.
+ * ISBN 0-471-11709-9. Pages 397 ff.
+ */
+
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "types.h"
+#include "g10lib.h"
+#include "cipher.h"
+
+static const char *selftest(void);
+
+typedef struct {
+ int idx_i, idx_j;
+ byte sbox[256];
+} ARCFOUR_context;
+
+static void
+do_encrypt_stream( ARCFOUR_context *ctx,
+ byte *outbuf, const byte *inbuf, unsigned int length )
+{
+ register int i = ctx->idx_i;
+ register int j = ctx->idx_j;
+ register byte *sbox = ctx->sbox;
+ register int t;
+
+ while ( length-- )
+ {
+ i++;
+ i = i & 255; /* The and-op seems to be faster than the mod-op. */
+ j += sbox[i];
+ j &= 255;
+ t = sbox[i]; sbox[i] = sbox[j]; sbox[j] = t;
+ *outbuf++ = *inbuf++ ^ sbox[(sbox[i] + sbox[j]) & 255];
+ }
+
+ ctx->idx_i = i;
+ ctx->idx_j = j;
+}
+
+static void
+encrypt_stream (void *context,
+ byte *outbuf, const byte *inbuf, unsigned int length)
+{
+ ARCFOUR_context *ctx = (ARCFOUR_context *) context;
+ do_encrypt_stream (ctx, outbuf, inbuf, length );
+ _gcry_burn_stack (64);
+}
+
+
+static gcry_err_code_t
+do_arcfour_setkey (void *context, const byte *key, unsigned int keylen)
+{
+ static int initialized;
+ static const char* selftest_failed;
+ int i, j;
+ byte karr[256];
+ ARCFOUR_context *ctx = (ARCFOUR_context *) context;
+
+ if (!initialized )
+ {
+ initialized = 1;
+ selftest_failed = selftest();
+ if( selftest_failed )
+ log_error ("ARCFOUR selftest failed (%s)\n", selftest_failed );
+ }
+ if( selftest_failed )
+ return GPG_ERR_SELFTEST_FAILED;
+
+ if( keylen < 40/8 ) /* we want at least 40 bits */
+ return GPG_ERR_INV_KEYLEN;
+
+ ctx->idx_i = ctx->idx_j = 0;
+ for (i=0; i < 256; i++ )
+ ctx->sbox[i] = i;
+ for (i=0; i < 256; i++ )
+ karr[i] = key[i%keylen];
+ for (i=j=0; i < 256; i++ )
+ {
+ int t;
+ j = (j + ctx->sbox[i] + karr[i]) % 256;
+ t = ctx->sbox[i];
+ ctx->sbox[i] = ctx->sbox[j];
+ ctx->sbox[j] = t;
+ }
+ memset( karr, 0, 256 );
+
+ return GPG_ERR_NO_ERROR;
+}
+
+static gcry_err_code_t
+arcfour_setkey ( void *context, const byte *key, unsigned int keylen )
+{
+ ARCFOUR_context *ctx = (ARCFOUR_context *) context;
+ gcry_err_code_t rc = do_arcfour_setkey (ctx, key, keylen );
+ _gcry_burn_stack (300);
+ return rc;
+}
+
+
+static const char*
+selftest(void)
+{
+ ARCFOUR_context ctx;
+ byte scratch[16];
+
+ /* Test vector from Cryptlib labeled there: "from the
+ State/Commerce Department". */
+ static byte key_1[] =
+ { 0x61, 0x8A, 0x63, 0xD2, 0xFB };
+ static byte plaintext_1[] =
+ { 0xDC, 0xEE, 0x4C, 0xF9, 0x2C };
+ static const byte ciphertext_1[] =
+ { 0xF1, 0x38, 0x29, 0xC9, 0xDE };
+
+ arcfour_setkey( &ctx, key_1, sizeof(key_1));
+ encrypt_stream( &ctx, scratch, plaintext_1, sizeof(plaintext_1));
+ if ( memcmp (scratch, ciphertext_1, sizeof (ciphertext_1)))
+ return "Arcfour encryption test 1 failed.";
+ arcfour_setkey( &ctx, key_1, sizeof(key_1));
+ encrypt_stream(&ctx, scratch, scratch, sizeof(plaintext_1)); /* decrypt */
+ if ( memcmp (scratch, plaintext_1, sizeof (plaintext_1)))
+ return "Arcfour decryption test 1 failed.";
+ return NULL;
+}
+
+
+gcry_cipher_spec_t _gcry_cipher_spec_arcfour =
+ {
+ "ARCFOUR", NULL, NULL, 1, 128, sizeof (ARCFOUR_context),
+ arcfour_setkey, NULL, NULL, encrypt_stream, encrypt_stream,
+ };
+
diff --git a/grub-core/lib/libgcrypt/cipher/bithelp.h b/grub-core/lib/libgcrypt/cipher/bithelp.h
new file mode 100644
index 0000000..1505324
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/bithelp.h
@@ -0,0 +1,54 @@
+/* bithelp.h - Some bit manipulation helpers
+ * Copyright (C) 1999, 2002 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+#ifndef G10_BITHELP_H
+#define G10_BITHELP_H
+
+
+/****************
+ * Rotate the 32 bit unsigned integer X by N bits left/right
+ */
+#if defined(__GNUC__) && defined(__i386__)
+static inline u32
+rol( u32 x, int n)
+{
+ __asm__("roll %%cl,%0"
+ :"=r" (x)
+ :"0" (x),"c" (n));
+ return x;
+}
+#else
+#define rol(x,n) ( ((x) << (n)) | ((x) >> (32-(n))) )
+#endif
+
+#if defined(__GNUC__) && defined(__i386__)
+static inline u32
+ror(u32 x, int n)
+{
+ __asm__("rorl %%cl,%0"
+ :"=r" (x)
+ :"0" (x),"c" (n));
+ return x;
+}
+#else
+#define ror(x,n) ( ((x) >> (n)) | ((x) << (32-(n))) )
+#endif
+
+
+#endif /*G10_BITHELP_H*/
diff --git a/grub-core/lib/libgcrypt/cipher/blowfish.c b/grub-core/lib/libgcrypt/cipher/blowfish.c
new file mode 100644
index 0000000..6ef68e3
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/blowfish.c
@@ -0,0 +1,605 @@
+/* blowfish.c - Blowfish encryption
+ * Copyright (C) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ *
+ * For a description of the algorithm, see:
+ * Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996.
+ * ISBN 0-471-11709-9. Pages 336 ff.
+ */
+
+/* Test values:
+ * key "abcdefghijklmnopqrstuvwxyz";
+ * plain "BLOWFISH"
+ * cipher 32 4E D0 FE F4 13 A2 03
+ *
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "types.h"
+#include "g10lib.h"
+#include "cipher.h"
+
+#define BLOWFISH_BLOCKSIZE 8
+#define BLOWFISH_ROUNDS 16
+
+typedef struct {
+ u32 s0[256];
+ u32 s1[256];
+ u32 s2[256];
+ u32 s3[256];
+ u32 p[BLOWFISH_ROUNDS+2];
+} BLOWFISH_context;
+
+static gcry_err_code_t bf_setkey (void *c, const byte *key, unsigned keylen);
+static void encrypt_block (void *bc, byte *outbuf, const byte *inbuf);
+static void decrypt_block (void *bc, byte *outbuf, const byte *inbuf);
+
+
+/* precomputed S boxes */
+static const u32 ks0[256] = {
+ 0xD1310BA6,0x98DFB5AC,0x2FFD72DB,0xD01ADFB7,0xB8E1AFED,0x6A267E96,
+ 0xBA7C9045,0xF12C7F99,0x24A19947,0xB3916CF7,0x0801F2E2,0x858EFC16,
+ 0x636920D8,0x71574E69,0xA458FEA3,0xF4933D7E,0x0D95748F,0x728EB658,
+ 0x718BCD58,0x82154AEE,0x7B54A41D,0xC25A59B5,0x9C30D539,0x2AF26013,
+ 0xC5D1B023,0x286085F0,0xCA417918,0xB8DB38EF,0x8E79DCB0,0x603A180E,
+ 0x6C9E0E8B,0xB01E8A3E,0xD71577C1,0xBD314B27,0x78AF2FDA,0x55605C60,
+ 0xE65525F3,0xAA55AB94,0x57489862,0x63E81440,0x55CA396A,0x2AAB10B6,
+ 0xB4CC5C34,0x1141E8CE,0xA15486AF,0x7C72E993,0xB3EE1411,0x636FBC2A,
+ 0x2BA9C55D,0x741831F6,0xCE5C3E16,0x9B87931E,0xAFD6BA33,0x6C24CF5C,
+ 0x7A325381,0x28958677,0x3B8F4898,0x6B4BB9AF,0xC4BFE81B,0x66282193,
+ 0x61D809CC,0xFB21A991,0x487CAC60,0x5DEC8032,0xEF845D5D,0xE98575B1,
+ 0xDC262302,0xEB651B88,0x23893E81,0xD396ACC5,0x0F6D6FF3,0x83F44239,
+ 0x2E0B4482,0xA4842004,0x69C8F04A,0x9E1F9B5E,0x21C66842,0xF6E96C9A,
+ 0x670C9C61,0xABD388F0,0x6A51A0D2,0xD8542F68,0x960FA728,0xAB5133A3,
+ 0x6EEF0B6C,0x137A3BE4,0xBA3BF050,0x7EFB2A98,0xA1F1651D,0x39AF0176,
+ 0x66CA593E,0x82430E88,0x8CEE8619,0x456F9FB4,0x7D84A5C3,0x3B8B5EBE,
+ 0xE06F75D8,0x85C12073,0x401A449F,0x56C16AA6,0x4ED3AA62,0x363F7706,
+ 0x1BFEDF72,0x429B023D,0x37D0D724,0xD00A1248,0xDB0FEAD3,0x49F1C09B,
+ 0x075372C9,0x80991B7B,0x25D479D8,0xF6E8DEF7,0xE3FE501A,0xB6794C3B,
+ 0x976CE0BD,0x04C006BA,0xC1A94FB6,0x409F60C4,0x5E5C9EC2,0x196A2463,
+ 0x68FB6FAF,0x3E6C53B5,0x1339B2EB,0x3B52EC6F,0x6DFC511F,0x9B30952C,
+ 0xCC814544,0xAF5EBD09,0xBEE3D004,0xDE334AFD,0x660F2807,0x192E4BB3,
+ 0xC0CBA857,0x45C8740F,0xD20B5F39,0xB9D3FBDB,0x5579C0BD,0x1A60320A,
+ 0xD6A100C6,0x402C7279,0x679F25FE,0xFB1FA3CC,0x8EA5E9F8,0xDB3222F8,
+ 0x3C7516DF,0xFD616B15,0x2F501EC8,0xAD0552AB,0x323DB5FA,0xFD238760,
+ 0x53317B48,0x3E00DF82,0x9E5C57BB,0xCA6F8CA0,0x1A87562E,0xDF1769DB,
+ 0xD542A8F6,0x287EFFC3,0xAC6732C6,0x8C4F5573,0x695B27B0,0xBBCA58C8,
+ 0xE1FFA35D,0xB8F011A0,0x10FA3D98,0xFD2183B8,0x4AFCB56C,0x2DD1D35B,
+ 0x9A53E479,0xB6F84565,0xD28E49BC,0x4BFB9790,0xE1DDF2DA,0xA4CB7E33,
+ 0x62FB1341,0xCEE4C6E8,0xEF20CADA,0x36774C01,0xD07E9EFE,0x2BF11FB4,
+ 0x95DBDA4D,0xAE909198,0xEAAD8E71,0x6B93D5A0,0xD08ED1D0,0xAFC725E0,
+ 0x8E3C5B2F,0x8E7594B7,0x8FF6E2FB,0xF2122B64,0x8888B812,0x900DF01C,
+ 0x4FAD5EA0,0x688FC31C,0xD1CFF191,0xB3A8C1AD,0x2F2F2218,0xBE0E1777,
+ 0xEA752DFE,0x8B021FA1,0xE5A0CC0F,0xB56F74E8,0x18ACF3D6,0xCE89E299,
+ 0xB4A84FE0,0xFD13E0B7,0x7CC43B81,0xD2ADA8D9,0x165FA266,0x80957705,
+ 0x93CC7314,0x211A1477,0xE6AD2065,0x77B5FA86,0xC75442F5,0xFB9D35CF,
+ 0xEBCDAF0C,0x7B3E89A0,0xD6411BD3,0xAE1E7E49,0x00250E2D,0x2071B35E,
+ 0x226800BB,0x57B8E0AF,0x2464369B,0xF009B91E,0x5563911D,0x59DFA6AA,
+ 0x78C14389,0xD95A537F,0x207D5BA2,0x02E5B9C5,0x83260376,0x6295CFA9,
+ 0x11C81968,0x4E734A41,0xB3472DCA,0x7B14A94A,0x1B510052,0x9A532915,
+ 0xD60F573F,0xBC9BC6E4,0x2B60A476,0x81E67400,0x08BA6FB5,0x571BE91F,
+ 0xF296EC6B,0x2A0DD915,0xB6636521,0xE7B9F9B6,0xFF34052E,0xC5855664,
+ 0x53B02D5D,0xA99F8FA1,0x08BA4799,0x6E85076A };
+
+static const u32 ks1[256] = {
+ 0x4B7A70E9,0xB5B32944,0xDB75092E,0xC4192623,0xAD6EA6B0,0x49A7DF7D,
+ 0x9CEE60B8,0x8FEDB266,0xECAA8C71,0x699A17FF,0x5664526C,0xC2B19EE1,
+ 0x193602A5,0x75094C29,0xA0591340,0xE4183A3E,0x3F54989A,0x5B429D65,
+ 0x6B8FE4D6,0x99F73FD6,0xA1D29C07,0xEFE830F5,0x4D2D38E6,0xF0255DC1,
+ 0x4CDD2086,0x8470EB26,0x6382E9C6,0x021ECC5E,0x09686B3F,0x3EBAEFC9,
+ 0x3C971814,0x6B6A70A1,0x687F3584,0x52A0E286,0xB79C5305,0xAA500737,
+ 0x3E07841C,0x7FDEAE5C,0x8E7D44EC,0x5716F2B8,0xB03ADA37,0xF0500C0D,
+ 0xF01C1F04,0x0200B3FF,0xAE0CF51A,0x3CB574B2,0x25837A58,0xDC0921BD,
+ 0xD19113F9,0x7CA92FF6,0x94324773,0x22F54701,0x3AE5E581,0x37C2DADC,
+ 0xC8B57634,0x9AF3DDA7,0xA9446146,0x0FD0030E,0xECC8C73E,0xA4751E41,
+ 0xE238CD99,0x3BEA0E2F,0x3280BBA1,0x183EB331,0x4E548B38,0x4F6DB908,
+ 0x6F420D03,0xF60A04BF,0x2CB81290,0x24977C79,0x5679B072,0xBCAF89AF,
+ 0xDE9A771F,0xD9930810,0xB38BAE12,0xDCCF3F2E,0x5512721F,0x2E6B7124,
+ 0x501ADDE6,0x9F84CD87,0x7A584718,0x7408DA17,0xBC9F9ABC,0xE94B7D8C,
+ 0xEC7AEC3A,0xDB851DFA,0x63094366,0xC464C3D2,0xEF1C1847,0x3215D908,
+ 0xDD433B37,0x24C2BA16,0x12A14D43,0x2A65C451,0x50940002,0x133AE4DD,
+ 0x71DFF89E,0x10314E55,0x81AC77D6,0x5F11199B,0x043556F1,0xD7A3C76B,
+ 0x3C11183B,0x5924A509,0xF28FE6ED,0x97F1FBFA,0x9EBABF2C,0x1E153C6E,
+ 0x86E34570,0xEAE96FB1,0x860E5E0A,0x5A3E2AB3,0x771FE71C,0x4E3D06FA,
+ 0x2965DCB9,0x99E71D0F,0x803E89D6,0x5266C825,0x2E4CC978,0x9C10B36A,
+ 0xC6150EBA,0x94E2EA78,0xA5FC3C53,0x1E0A2DF4,0xF2F74EA7,0x361D2B3D,
+ 0x1939260F,0x19C27960,0x5223A708,0xF71312B6,0xEBADFE6E,0xEAC31F66,
+ 0xE3BC4595,0xA67BC883,0xB17F37D1,0x018CFF28,0xC332DDEF,0xBE6C5AA5,
+ 0x65582185,0x68AB9802,0xEECEA50F,0xDB2F953B,0x2AEF7DAD,0x5B6E2F84,
+ 0x1521B628,0x29076170,0xECDD4775,0x619F1510,0x13CCA830,0xEB61BD96,
+ 0x0334FE1E,0xAA0363CF,0xB5735C90,0x4C70A239,0xD59E9E0B,0xCBAADE14,
+ 0xEECC86BC,0x60622CA7,0x9CAB5CAB,0xB2F3846E,0x648B1EAF,0x19BDF0CA,
+ 0xA02369B9,0x655ABB50,0x40685A32,0x3C2AB4B3,0x319EE9D5,0xC021B8F7,
+ 0x9B540B19,0x875FA099,0x95F7997E,0x623D7DA8,0xF837889A,0x97E32D77,
+ 0x11ED935F,0x16681281,0x0E358829,0xC7E61FD6,0x96DEDFA1,0x7858BA99,
+ 0x57F584A5,0x1B227263,0x9B83C3FF,0x1AC24696,0xCDB30AEB,0x532E3054,
+ 0x8FD948E4,0x6DBC3128,0x58EBF2EF,0x34C6FFEA,0xFE28ED61,0xEE7C3C73,
+ 0x5D4A14D9,0xE864B7E3,0x42105D14,0x203E13E0,0x45EEE2B6,0xA3AAABEA,
+ 0xDB6C4F15,0xFACB4FD0,0xC742F442,0xEF6ABBB5,0x654F3B1D,0x41CD2105,
+ 0xD81E799E,0x86854DC7,0xE44B476A,0x3D816250,0xCF62A1F2,0x5B8D2646,
+ 0xFC8883A0,0xC1C7B6A3,0x7F1524C3,0x69CB7492,0x47848A0B,0x5692B285,
+ 0x095BBF00,0xAD19489D,0x1462B174,0x23820E00,0x58428D2A,0x0C55F5EA,
+ 0x1DADF43E,0x233F7061,0x3372F092,0x8D937E41,0xD65FECF1,0x6C223BDB,
+ 0x7CDE3759,0xCBEE7460,0x4085F2A7,0xCE77326E,0xA6078084,0x19F8509E,
+ 0xE8EFD855,0x61D99735,0xA969A7AA,0xC50C06C2,0x5A04ABFC,0x800BCADC,
+ 0x9E447A2E,0xC3453484,0xFDD56705,0x0E1E9EC9,0xDB73DBD3,0x105588CD,
+ 0x675FDA79,0xE3674340,0xC5C43465,0x713E38D8,0x3D28F89E,0xF16DFF20,
+ 0x153E21E7,0x8FB03D4A,0xE6E39F2B,0xDB83ADF7 };
+
+static const u32 ks2[256] = {
+ 0xE93D5A68,0x948140F7,0xF64C261C,0x94692934,0x411520F7,0x7602D4F7,
+ 0xBCF46B2E,0xD4A20068,0xD4082471,0x3320F46A,0x43B7D4B7,0x500061AF,
+ 0x1E39F62E,0x97244546,0x14214F74,0xBF8B8840,0x4D95FC1D,0x96B591AF,
+ 0x70F4DDD3,0x66A02F45,0xBFBC09EC,0x03BD9785,0x7FAC6DD0,0x31CB8504,
+ 0x96EB27B3,0x55FD3941,0xDA2547E6,0xABCA0A9A,0x28507825,0x530429F4,
+ 0x0A2C86DA,0xE9B66DFB,0x68DC1462,0xD7486900,0x680EC0A4,0x27A18DEE,
+ 0x4F3FFEA2,0xE887AD8C,0xB58CE006,0x7AF4D6B6,0xAACE1E7C,0xD3375FEC,
+ 0xCE78A399,0x406B2A42,0x20FE9E35,0xD9F385B9,0xEE39D7AB,0x3B124E8B,
+ 0x1DC9FAF7,0x4B6D1856,0x26A36631,0xEAE397B2,0x3A6EFA74,0xDD5B4332,
+ 0x6841E7F7,0xCA7820FB,0xFB0AF54E,0xD8FEB397,0x454056AC,0xBA489527,
+ 0x55533A3A,0x20838D87,0xFE6BA9B7,0xD096954B,0x55A867BC,0xA1159A58,
+ 0xCCA92963,0x99E1DB33,0xA62A4A56,0x3F3125F9,0x5EF47E1C,0x9029317C,
+ 0xFDF8E802,0x04272F70,0x80BB155C,0x05282CE3,0x95C11548,0xE4C66D22,
+ 0x48C1133F,0xC70F86DC,0x07F9C9EE,0x41041F0F,0x404779A4,0x5D886E17,
+ 0x325F51EB,0xD59BC0D1,0xF2BCC18F,0x41113564,0x257B7834,0x602A9C60,
+ 0xDFF8E8A3,0x1F636C1B,0x0E12B4C2,0x02E1329E,0xAF664FD1,0xCAD18115,
+ 0x6B2395E0,0x333E92E1,0x3B240B62,0xEEBEB922,0x85B2A20E,0xE6BA0D99,
+ 0xDE720C8C,0x2DA2F728,0xD0127845,0x95B794FD,0x647D0862,0xE7CCF5F0,
+ 0x5449A36F,0x877D48FA,0xC39DFD27,0xF33E8D1E,0x0A476341,0x992EFF74,
+ 0x3A6F6EAB,0xF4F8FD37,0xA812DC60,0xA1EBDDF8,0x991BE14C,0xDB6E6B0D,
+ 0xC67B5510,0x6D672C37,0x2765D43B,0xDCD0E804,0xF1290DC7,0xCC00FFA3,
+ 0xB5390F92,0x690FED0B,0x667B9FFB,0xCEDB7D9C,0xA091CF0B,0xD9155EA3,
+ 0xBB132F88,0x515BAD24,0x7B9479BF,0x763BD6EB,0x37392EB3,0xCC115979,
+ 0x8026E297,0xF42E312D,0x6842ADA7,0xC66A2B3B,0x12754CCC,0x782EF11C,
+ 0x6A124237,0xB79251E7,0x06A1BBE6,0x4BFB6350,0x1A6B1018,0x11CAEDFA,
+ 0x3D25BDD8,0xE2E1C3C9,0x44421659,0x0A121386,0xD90CEC6E,0xD5ABEA2A,
+ 0x64AF674E,0xDA86A85F,0xBEBFE988,0x64E4C3FE,0x9DBC8057,0xF0F7C086,
+ 0x60787BF8,0x6003604D,0xD1FD8346,0xF6381FB0,0x7745AE04,0xD736FCCC,
+ 0x83426B33,0xF01EAB71,0xB0804187,0x3C005E5F,0x77A057BE,0xBDE8AE24,
+ 0x55464299,0xBF582E61,0x4E58F48F,0xF2DDFDA2,0xF474EF38,0x8789BDC2,
+ 0x5366F9C3,0xC8B38E74,0xB475F255,0x46FCD9B9,0x7AEB2661,0x8B1DDF84,
+ 0x846A0E79,0x915F95E2,0x466E598E,0x20B45770,0x8CD55591,0xC902DE4C,
+ 0xB90BACE1,0xBB8205D0,0x11A86248,0x7574A99E,0xB77F19B6,0xE0A9DC09,
+ 0x662D09A1,0xC4324633,0xE85A1F02,0x09F0BE8C,0x4A99A025,0x1D6EFE10,
+ 0x1AB93D1D,0x0BA5A4DF,0xA186F20F,0x2868F169,0xDCB7DA83,0x573906FE,
+ 0xA1E2CE9B,0x4FCD7F52,0x50115E01,0xA70683FA,0xA002B5C4,0x0DE6D027,
+ 0x9AF88C27,0x773F8641,0xC3604C06,0x61A806B5,0xF0177A28,0xC0F586E0,
+ 0x006058AA,0x30DC7D62,0x11E69ED7,0x2338EA63,0x53C2DD94,0xC2C21634,
+ 0xBBCBEE56,0x90BCB6DE,0xEBFC7DA1,0xCE591D76,0x6F05E409,0x4B7C0188,
+ 0x39720A3D,0x7C927C24,0x86E3725F,0x724D9DB9,0x1AC15BB4,0xD39EB8FC,
+ 0xED545578,0x08FCA5B5,0xD83D7CD3,0x4DAD0FC4,0x1E50EF5E,0xB161E6F8,
+ 0xA28514D9,0x6C51133C,0x6FD5C7E7,0x56E14EC4,0x362ABFCE,0xDDC6C837,
+ 0xD79A3234,0x92638212,0x670EFA8E,0x406000E0 };
+
+static const u32 ks3[256] = {
+ 0x3A39CE37,0xD3FAF5CF,0xABC27737,0x5AC52D1B,0x5CB0679E,0x4FA33742,
+ 0xD3822740,0x99BC9BBE,0xD5118E9D,0xBF0F7315,0xD62D1C7E,0xC700C47B,
+ 0xB78C1B6B,0x21A19045,0xB26EB1BE,0x6A366EB4,0x5748AB2F,0xBC946E79,
+ 0xC6A376D2,0x6549C2C8,0x530FF8EE,0x468DDE7D,0xD5730A1D,0x4CD04DC6,
+ 0x2939BBDB,0xA9BA4650,0xAC9526E8,0xBE5EE304,0xA1FAD5F0,0x6A2D519A,
+ 0x63EF8CE2,0x9A86EE22,0xC089C2B8,0x43242EF6,0xA51E03AA,0x9CF2D0A4,
+ 0x83C061BA,0x9BE96A4D,0x8FE51550,0xBA645BD6,0x2826A2F9,0xA73A3AE1,
+ 0x4BA99586,0xEF5562E9,0xC72FEFD3,0xF752F7DA,0x3F046F69,0x77FA0A59,
+ 0x80E4A915,0x87B08601,0x9B09E6AD,0x3B3EE593,0xE990FD5A,0x9E34D797,
+ 0x2CF0B7D9,0x022B8B51,0x96D5AC3A,0x017DA67D,0xD1CF3ED6,0x7C7D2D28,
+ 0x1F9F25CF,0xADF2B89B,0x5AD6B472,0x5A88F54C,0xE029AC71,0xE019A5E6,
+ 0x47B0ACFD,0xED93FA9B,0xE8D3C48D,0x283B57CC,0xF8D56629,0x79132E28,
+ 0x785F0191,0xED756055,0xF7960E44,0xE3D35E8C,0x15056DD4,0x88F46DBA,
+ 0x03A16125,0x0564F0BD,0xC3EB9E15,0x3C9057A2,0x97271AEC,0xA93A072A,
+ 0x1B3F6D9B,0x1E6321F5,0xF59C66FB,0x26DCF319,0x7533D928,0xB155FDF5,
+ 0x03563482,0x8ABA3CBB,0x28517711,0xC20AD9F8,0xABCC5167,0xCCAD925F,
+ 0x4DE81751,0x3830DC8E,0x379D5862,0x9320F991,0xEA7A90C2,0xFB3E7BCE,
+ 0x5121CE64,0x774FBE32,0xA8B6E37E,0xC3293D46,0x48DE5369,0x6413E680,
+ 0xA2AE0810,0xDD6DB224,0x69852DFD,0x09072166,0xB39A460A,0x6445C0DD,
+ 0x586CDECF,0x1C20C8AE,0x5BBEF7DD,0x1B588D40,0xCCD2017F,0x6BB4E3BB,
+ 0xDDA26A7E,0x3A59FF45,0x3E350A44,0xBCB4CDD5,0x72EACEA8,0xFA6484BB,
+ 0x8D6612AE,0xBF3C6F47,0xD29BE463,0x542F5D9E,0xAEC2771B,0xF64E6370,
+ 0x740E0D8D,0xE75B1357,0xF8721671,0xAF537D5D,0x4040CB08,0x4EB4E2CC,
+ 0x34D2466A,0x0115AF84,0xE1B00428,0x95983A1D,0x06B89FB4,0xCE6EA048,
+ 0x6F3F3B82,0x3520AB82,0x011A1D4B,0x277227F8,0x611560B1,0xE7933FDC,
+ 0xBB3A792B,0x344525BD,0xA08839E1,0x51CE794B,0x2F32C9B7,0xA01FBAC9,
+ 0xE01CC87E,0xBCC7D1F6,0xCF0111C3,0xA1E8AAC7,0x1A908749,0xD44FBD9A,
+ 0xD0DADECB,0xD50ADA38,0x0339C32A,0xC6913667,0x8DF9317C,0xE0B12B4F,
+ 0xF79E59B7,0x43F5BB3A,0xF2D519FF,0x27D9459C,0xBF97222C,0x15E6FC2A,
+ 0x0F91FC71,0x9B941525,0xFAE59361,0xCEB69CEB,0xC2A86459,0x12BAA8D1,
+ 0xB6C1075E,0xE3056A0C,0x10D25065,0xCB03A442,0xE0EC6E0E,0x1698DB3B,
+ 0x4C98A0BE,0x3278E964,0x9F1F9532,0xE0D392DF,0xD3A0342B,0x8971F21E,
+ 0x1B0A7441,0x4BA3348C,0xC5BE7120,0xC37632D8,0xDF359F8D,0x9B992F2E,
+ 0xE60B6F47,0x0FE3F11D,0xE54CDA54,0x1EDAD891,0xCE6279CF,0xCD3E7E6F,
+ 0x1618B166,0xFD2C1D05,0x848FD2C5,0xF6FB2299,0xF523F357,0xA6327623,
+ 0x93A83531,0x56CCCD02,0xACF08162,0x5A75EBB5,0x6E163697,0x88D273CC,
+ 0xDE966292,0x81B949D0,0x4C50901B,0x71C65614,0xE6C6C7BD,0x327A140A,
+ 0x45E1D006,0xC3F27B9A,0xC9AA53FD,0x62A80F00,0xBB25BFE2,0x35BDD2F6,
+ 0x71126905,0xB2040222,0xB6CBCF7C,0xCD769C2B,0x53113EC0,0x1640E3D3,
+ 0x38ABBD60,0x2547ADF0,0xBA38209C,0xF746CE76,0x77AFA1C5,0x20756060,
+ 0x85CBFE4E,0x8AE88DD8,0x7AAAF9B0,0x4CF9AA7E,0x1948C25C,0x02FB8A8C,
+ 0x01C36AE4,0xD6EBE1F9,0x90D4F869,0xA65CDEA0,0x3F09252D,0xC208E69F,
+ 0xB74E6132,0xCE77E25B,0x578FDFE3,0x3AC372E6 };
+
+static const u32 ps[BLOWFISH_ROUNDS+2] = {
+ 0x243F6A88,0x85A308D3,0x13198A2E,0x03707344,0xA4093822,0x299F31D0,
+ 0x082EFA98,0xEC4E6C89,0x452821E6,0x38D01377,0xBE5466CF,0x34E90C6C,
+ 0xC0AC29B7,0xC97C50DD,0x3F84D5B5,0xB5470917,0x9216D5D9,0x8979FB1B };
+
+
+
+#if BLOWFISH_ROUNDS != 16
+static inline u32
+function_F( BLOWFISH_context *bc, u32 x )
+{
+ u16 a, b, c, d;
+
+#ifdef WORDS_BIGENDIAN
+ a = ((byte*)&x)[0];
+ b = ((byte*)&x)[1];
+ c = ((byte*)&x)[2];
+ d = ((byte*)&x)[3];
+#else
+ a = ((byte*)&x)[3];
+ b = ((byte*)&x)[2];
+ c = ((byte*)&x)[1];
+ d = ((byte*)&x)[0];
+#endif
+
+ return ((bc->s0[a] + bc->s1[b]) ^ bc->s2[c] ) + bc->s3[d];
+}
+#endif
+
+#ifdef WORDS_BIGENDIAN
+#define F(x) ((( s0[((byte*)&x)[0]] + s1[((byte*)&x)[1]]) \
+ ^ s2[((byte*)&x)[2]]) + s3[((byte*)&x)[3]] )
+#else
+#define F(x) ((( s0[((byte*)&x)[3]] + s1[((byte*)&x)[2]]) \
+ ^ s2[((byte*)&x)[1]]) + s3[((byte*)&x)[0]] )
+#endif
+#define R(l,r,i) do { l ^= p[i]; r ^= F(l); } while(0)
+
+
+static void
+do_encrypt ( BLOWFISH_context *bc, u32 *ret_xl, u32 *ret_xr )
+{
+#if BLOWFISH_ROUNDS == 16
+ u32 xl, xr, *s0, *s1, *s2, *s3, *p;
+
+ xl = *ret_xl;
+ xr = *ret_xr;
+ p = bc->p;
+ s0 = bc->s0;
+ s1 = bc->s1;
+ s2 = bc->s2;
+ s3 = bc->s3;
+
+ R( xl, xr, 0);
+ R( xr, xl, 1);
+ R( xl, xr, 2);
+ R( xr, xl, 3);
+ R( xl, xr, 4);
+ R( xr, xl, 5);
+ R( xl, xr, 6);
+ R( xr, xl, 7);
+ R( xl, xr, 8);
+ R( xr, xl, 9);
+ R( xl, xr, 10);
+ R( xr, xl, 11);
+ R( xl, xr, 12);
+ R( xr, xl, 13);
+ R( xl, xr, 14);
+ R( xr, xl, 15);
+
+ xl ^= p[BLOWFISH_ROUNDS];
+ xr ^= p[BLOWFISH_ROUNDS+1];
+
+ *ret_xl = xr;
+ *ret_xr = xl;
+
+#else
+ u32 xl, xr, temp, *p;
+ int i;
+
+ xl = *ret_xl;
+ xr = *ret_xr;
+ p = bc->p;
+
+ for(i=0; i < BLOWFISH_ROUNDS; i++ )
+ {
+ xl ^= p[i];
+ xr ^= function_F(bc, xl);
+ temp = xl;
+ xl = xr;
+ xr = temp;
+ }
+ temp = xl;
+ xl = xr;
+ xr = temp;
+
+ xr ^= p[BLOWFISH_ROUNDS];
+ xl ^= p[BLOWFISH_ROUNDS+1];
+
+ *ret_xl = xl;
+ *ret_xr = xr;
+#endif
+}
+
+
+static void
+decrypt ( BLOWFISH_context *bc, u32 *ret_xl, u32 *ret_xr )
+{
+#if BLOWFISH_ROUNDS == 16
+ u32 xl, xr, *s0, *s1, *s2, *s3, *p;
+
+ xl = *ret_xl;
+ xr = *ret_xr;
+ p = bc->p;
+ s0 = bc->s0;
+ s1 = bc->s1;
+ s2 = bc->s2;
+ s3 = bc->s3;
+
+ R( xl, xr, 17);
+ R( xr, xl, 16);
+ R( xl, xr, 15);
+ R( xr, xl, 14);
+ R( xl, xr, 13);
+ R( xr, xl, 12);
+ R( xl, xr, 11);
+ R( xr, xl, 10);
+ R( xl, xr, 9);
+ R( xr, xl, 8);
+ R( xl, xr, 7);
+ R( xr, xl, 6);
+ R( xl, xr, 5);
+ R( xr, xl, 4);
+ R( xl, xr, 3);
+ R( xr, xl, 2);
+
+ xl ^= p[1];
+ xr ^= p[0];
+
+ *ret_xl = xr;
+ *ret_xr = xl;
+
+#else
+ u32 xl, xr, temp, *p;
+ int i;
+
+ xl = *ret_xl;
+ xr = *ret_xr;
+ p = bc->p;
+
+ for (i=BLOWFISH_ROUNDS+1; i > 1; i-- )
+ {
+ xl ^= p[i];
+ xr ^= function_F(bc, xl);
+ temp = xl;
+ xl = xr;
+ xr = temp;
+ }
+
+ temp = xl;
+ xl = xr;
+ xr = temp;
+
+ xr ^= p[1];
+ xl ^= p[0];
+
+ *ret_xl = xl;
+ *ret_xr = xr;
+#endif
+}
+
+#undef F
+#undef R
+
+static void
+do_encrypt_block ( BLOWFISH_context *bc, byte *outbuf, const byte *inbuf )
+{
+ u32 d1, d2;
+
+ d1 = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
+ d2 = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];
+ do_encrypt( bc, &d1, &d2 );
+ outbuf[0] = (d1 >> 24) & 0xff;
+ outbuf[1] = (d1 >> 16) & 0xff;
+ outbuf[2] = (d1 >> 8) & 0xff;
+ outbuf[3] = d1 & 0xff;
+ outbuf[4] = (d2 >> 24) & 0xff;
+ outbuf[5] = (d2 >> 16) & 0xff;
+ outbuf[6] = (d2 >> 8) & 0xff;
+ outbuf[7] = d2 & 0xff;
+}
+
+static void
+encrypt_block (void *context, byte *outbuf, const byte *inbuf)
+{
+ BLOWFISH_context *bc = (BLOWFISH_context *) context;
+ do_encrypt_block (bc, outbuf, inbuf);
+ _gcry_burn_stack (64);
+}
+
+
+static void
+do_decrypt_block (BLOWFISH_context *bc, byte *outbuf, const byte *inbuf)
+{
+ u32 d1, d2;
+
+ d1 = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
+ d2 = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];
+ decrypt( bc, &d1, &d2 );
+ outbuf[0] = (d1 >> 24) & 0xff;
+ outbuf[1] = (d1 >> 16) & 0xff;
+ outbuf[2] = (d1 >> 8) & 0xff;
+ outbuf[3] = d1 & 0xff;
+ outbuf[4] = (d2 >> 24) & 0xff;
+ outbuf[5] = (d2 >> 16) & 0xff;
+ outbuf[6] = (d2 >> 8) & 0xff;
+ outbuf[7] = d2 & 0xff;
+}
+
+static void
+decrypt_block (void *context, byte *outbuf, const byte *inbuf)
+{
+ BLOWFISH_context *bc = (BLOWFISH_context *) context;
+ do_decrypt_block (bc, outbuf, inbuf);
+ _gcry_burn_stack (64);
+}
+
+
+static const char*
+selftest(void)
+{
+ BLOWFISH_context c;
+ byte plain[] = "BLOWFISH";
+ byte buffer[8];
+ byte plain3[] = { 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10 };
+ byte key3[] = { 0x41, 0x79, 0x6E, 0xA0, 0x52, 0x61, 0x6E, 0xE4 };
+ byte cipher3[] = { 0xE1, 0x13, 0xF4, 0x10, 0x2C, 0xFC, 0xCE, 0x43 };
+
+ bf_setkey( (void *) &c,
+ (const unsigned char*)"abcdefghijklmnopqrstuvwxyz", 26 );
+ encrypt_block( (void *) &c, buffer, plain );
+ if( memcmp( buffer, "\x32\x4E\xD0\xFE\xF4\x13\xA2\x03", 8 ) )
+ return "Blowfish selftest failed (1).";
+ decrypt_block( (void *) &c, buffer, buffer );
+ if( memcmp( buffer, plain, 8 ) )
+ return "Blowfish selftest failed (2).";
+
+ bf_setkey( (void *) &c, key3, 8 );
+ encrypt_block( (void *) &c, buffer, plain3 );
+ if( memcmp( buffer, cipher3, 8 ) )
+ return "Blowfish selftest failed (3).";
+ decrypt_block( (void *) &c, buffer, buffer );
+ if( memcmp( buffer, plain3, 8 ) )
+ return "Blowfish selftest failed (4).";
+ return NULL;
+}
+
+
+
+static gcry_err_code_t
+do_bf_setkey (BLOWFISH_context *c, const byte *key, unsigned keylen)
+{
+ int i, j;
+ u32 data, datal, datar;
+ static int initialized;
+ static const char *selftest_failed;
+
+ if( !initialized )
+ {
+ initialized = 1;
+ selftest_failed = selftest();
+ if( selftest_failed )
+ log_error ("%s\n", selftest_failed );
+ }
+ if( selftest_failed )
+ return GPG_ERR_SELFTEST_FAILED;
+
+ for(i=0; i < BLOWFISH_ROUNDS+2; i++ )
+ c->p[i] = ps[i];
+ for(i=0; i < 256; i++ )
+ {
+ c->s0[i] = ks0[i];
+ c->s1[i] = ks1[i];
+ c->s2[i] = ks2[i];
+ c->s3[i] = ks3[i];
+ }
+
+ for(i=j=0; i < BLOWFISH_ROUNDS+2; i++ )
+ {
+#ifdef WORDS_BIGENDIAN
+ ((byte*)&data)[0] = key[j];
+ ((byte*)&data)[1] = key[(j+1)%keylen];
+ ((byte*)&data)[2] = key[(j+2)%keylen];
+ ((byte*)&data)[3] = key[(j+3)%keylen];
+#else
+ ((byte*)&data)[3] = key[j];
+ ((byte*)&data)[2] = key[(j+1)%keylen];
+ ((byte*)&data)[1] = key[(j+2)%keylen];
+ ((byte*)&data)[0] = key[(j+3)%keylen];
+#endif
+ c->p[i] ^= data;
+ j = (j+4) % keylen;
+ }
+
+ datal = datar = 0;
+ for(i=0; i < BLOWFISH_ROUNDS+2; i += 2 )
+ {
+ do_encrypt( c, &datal, &datar );
+ c->p[i] = datal;
+ c->p[i+1] = datar;
+ }
+ for(i=0; i < 256; i += 2 )
+ {
+ do_encrypt( c, &datal, &datar );
+ c->s0[i] = datal;
+ c->s0[i+1] = datar;
+ }
+ for(i=0; i < 256; i += 2 )
+ {
+ do_encrypt( c, &datal, &datar );
+ c->s1[i] = datal;
+ c->s1[i+1] = datar;
+ }
+ for(i=0; i < 256; i += 2 )
+ {
+ do_encrypt( c, &datal, &datar );
+ c->s2[i] = datal;
+ c->s2[i+1] = datar;
+ }
+ for(i=0; i < 256; i += 2 )
+ {
+ do_encrypt( c, &datal, &datar );
+ c->s3[i] = datal;
+ c->s3[i+1] = datar;
+ }
+
+
+ /* Check for weak key. A weak key is a key in which a value in
+ the P-array (here c) occurs more than once per table. */
+ for(i=0; i < 255; i++ )
+ {
+ for( j=i+1; j < 256; j++)
+ {
+ if( (c->s0[i] == c->s0[j]) || (c->s1[i] == c->s1[j]) ||
+ (c->s2[i] == c->s2[j]) || (c->s3[i] == c->s3[j]) )
+ return GPG_ERR_WEAK_KEY;
+ }
+ }
+
+ return GPG_ERR_NO_ERROR;
+}
+
+
+static gcry_err_code_t
+bf_setkey (void *context, const byte *key, unsigned keylen)
+{
+ BLOWFISH_context *c = (BLOWFISH_context *) context;
+ gcry_err_code_t rc = do_bf_setkey (c, key, keylen);
+ _gcry_burn_stack (64);
+ return rc;
+}
+
+
+gcry_cipher_spec_t _gcry_cipher_spec_blowfish =
+ {
+ "BLOWFISH", NULL, NULL, BLOWFISH_BLOCKSIZE, 128,
+ sizeof (BLOWFISH_context),
+ bf_setkey, encrypt_block, decrypt_block
+ };
diff --git a/grub-core/lib/libgcrypt/cipher/camellia-glue.c b/grub-core/lib/libgcrypt/cipher/camellia-glue.c
new file mode 100644
index 0000000..067af85
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/camellia-glue.c
@@ -0,0 +1,253 @@
+/* camellia-glue.c - Glue for the Camellia cipher
+ * Copyright (C) 2007 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/* I put all the libgcrypt-specific stuff in this file to keep the
+ camellia.c/camellia.h files exactly as provided by NTT. If they
+ update their code, this should make it easier to bring the changes
+ in. - dshaw
+
+ There is one small change which needs to be done: Include the
+ following code at the top of camellia.h: */
+#if 0
+
+/* To use Camellia with libraries it is often useful to keep the name
+ * space of the library clean. The following macro is thus useful:
+ *
+ * #define CAMELLIA_EXT_SYM_PREFIX foo_
+ *
+ * This prefixes all external symbols with "foo_".
+ */
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#ifdef CAMELLIA_EXT_SYM_PREFIX
+#define CAMELLIA_PREFIX1(x,y) x ## y
+#define CAMELLIA_PREFIX2(x,y) CAMELLIA_PREFIX1(x,y)
+#define CAMELLIA_PREFIX(x) CAMELLIA_PREFIX2(CAMELLIA_EXT_SYM_PREFIX,x)
+#define Camellia_Ekeygen CAMELLIA_PREFIX(Camellia_Ekeygen)
+#define Camellia_EncryptBlock CAMELLIA_PREFIX(Camellia_EncryptBlock)
+#define Camellia_DecryptBlock CAMELLIA_PREFIX(Camellia_DecryptBlock)
+#define camellia_decrypt128 CAMELLIA_PREFIX(camellia_decrypt128)
+#define camellia_decrypt256 CAMELLIA_PREFIX(camellia_decrypt256)
+#define camellia_encrypt128 CAMELLIA_PREFIX(camellia_encrypt128)
+#define camellia_encrypt256 CAMELLIA_PREFIX(camellia_encrypt256)
+#define camellia_setup128 CAMELLIA_PREFIX(camellia_setup128)
+#define camellia_setup192 CAMELLIA_PREFIX(camellia_setup192)
+#define camellia_setup256 CAMELLIA_PREFIX(camellia_setup256)
+#endif /*CAMELLIA_EXT_SYM_PREFIX*/
+
+#endif /* Code sample. */
+
+
+#include <config.h>
+#include "types.h"
+#include "g10lib.h"
+#include "cipher.h"
+#include "camellia.h"
+
+typedef struct
+{
+ int keybitlength;
+ KEY_TABLE_TYPE keytable;
+} CAMELLIA_context;
+
+static const char *selftest(void);
+
+static gcry_err_code_t
+camellia_setkey(void *c, const byte *key, unsigned keylen)
+{
+ CAMELLIA_context *ctx=c;
+ static int initialized=0;
+ static const char *selftest_failed=NULL;
+
+ if(keylen!=16 && keylen!=24 && keylen!=32)
+ return GPG_ERR_INV_KEYLEN;
+
+ if(!initialized)
+ {
+ initialized=1;
+ selftest_failed=selftest();
+ if(selftest_failed)
+ log_error("%s\n",selftest_failed);
+ }
+
+ if(selftest_failed)
+ return GPG_ERR_SELFTEST_FAILED;
+
+ ctx->keybitlength=keylen*8;
+ Camellia_Ekeygen(ctx->keybitlength,key,ctx->keytable);
+ _gcry_burn_stack
+ ((19+34+34)*sizeof(u32)+2*sizeof(void*) /* camellia_setup256 */
+ +(4+32)*sizeof(u32)+2*sizeof(void*) /* camellia_setup192 */
+ +0+sizeof(int)+2*sizeof(void*) /* Camellia_Ekeygen */
+ +3*2*sizeof(void*) /* Function calls. */
+ );
+
+ return 0;
+}
+
+static void
+camellia_encrypt(void *c, byte *outbuf, const byte *inbuf)
+{
+ CAMELLIA_context *ctx=c;
+
+ Camellia_EncryptBlock(ctx->keybitlength,inbuf,ctx->keytable,outbuf);
+ _gcry_burn_stack
+ (sizeof(int)+2*sizeof(unsigned char *)+sizeof(KEY_TABLE_TYPE)
+ +4*sizeof(u32)
+ +2*sizeof(u32*)+4*sizeof(u32)
+ +2*2*sizeof(void*) /* Function calls. */
+ );
+}
+
+static void
+camellia_decrypt(void *c, byte *outbuf, const byte *inbuf)
+{
+ CAMELLIA_context *ctx=c;
+
+ Camellia_DecryptBlock(ctx->keybitlength,inbuf,ctx->keytable,outbuf);
+ _gcry_burn_stack
+ (sizeof(int)+2*sizeof(unsigned char *)+sizeof(KEY_TABLE_TYPE)
+ +4*sizeof(u32)
+ +2*sizeof(u32*)+4*sizeof(u32)
+ +2*2*sizeof(void*) /* Function calls. */
+ );
+}
+
+static const char *
+selftest(void)
+{
+ CAMELLIA_context ctx;
+ byte scratch[16];
+
+ /* These test vectors are from RFC-3713 */
+ const byte plaintext[]=
+ {
+ 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
+ 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10
+ };
+ const byte key_128[]=
+ {
+ 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
+ 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10
+ };
+ const byte ciphertext_128[]=
+ {
+ 0x67,0x67,0x31,0x38,0x54,0x96,0x69,0x73,
+ 0x08,0x57,0x06,0x56,0x48,0xea,0xbe,0x43
+ };
+ const byte key_192[]=
+ {
+ 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xfe,0xdc,0xba,0x98,
+ 0x76,0x54,0x32,0x10,0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77
+ };
+ const byte ciphertext_192[]=
+ {
+ 0xb4,0x99,0x34,0x01,0xb3,0xe9,0x96,0xf8,
+ 0x4e,0xe5,0xce,0xe7,0xd7,0x9b,0x09,0xb9
+ };
+ const byte key_256[]=
+ {
+ 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xfe,0xdc,0xba,
+ 0x98,0x76,0x54,0x32,0x10,0x00,0x11,0x22,0x33,0x44,0x55,
+ 0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff
+ };
+ const byte ciphertext_256[]=
+ {
+ 0x9a,0xcc,0x23,0x7d,0xff,0x16,0xd7,0x6c,
+ 0x20,0xef,0x7c,0x91,0x9e,0x3a,0x75,0x09
+ };
+
+ camellia_setkey(&ctx,key_128,sizeof(key_128));
+ camellia_encrypt(&ctx,scratch,plaintext);
+ if(memcmp(scratch,ciphertext_128,sizeof(ciphertext_128))!=0)
+ return "CAMELLIA-128 test encryption failed.";
+ camellia_decrypt(&ctx,scratch,scratch);
+ if(memcmp(scratch,plaintext,sizeof(plaintext))!=0)
+ return "CAMELLIA-128 test decryption failed.";
+
+ camellia_setkey(&ctx,key_192,sizeof(key_192));
+ camellia_encrypt(&ctx,scratch,plaintext);
+ if(memcmp(scratch,ciphertext_192,sizeof(ciphertext_192))!=0)
+ return "CAMELLIA-192 test encryption failed.";
+ camellia_decrypt(&ctx,scratch,scratch);
+ if(memcmp(scratch,plaintext,sizeof(plaintext))!=0)
+ return "CAMELLIA-192 test decryption failed.";
+
+ camellia_setkey(&ctx,key_256,sizeof(key_256));
+ camellia_encrypt(&ctx,scratch,plaintext);
+ if(memcmp(scratch,ciphertext_256,sizeof(ciphertext_256))!=0)
+ return "CAMELLIA-256 test encryption failed.";
+ camellia_decrypt(&ctx,scratch,scratch);
+ if(memcmp(scratch,plaintext,sizeof(plaintext))!=0)
+ return "CAMELLIA-256 test decryption failed.";
+
+ return NULL;
+}
+
+/* These oids are from
+ <http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications_oid.html>,
+ retrieved May 1, 2007. */
+
+static gcry_cipher_oid_spec_t camellia128_oids[] =
+ {
+ {"1.2.392.200011.61.1.1.1.2", GCRY_CIPHER_MODE_CBC},
+ {"0.3.4401.5.3.1.9.1", GCRY_CIPHER_MODE_ECB},
+ {"0.3.4401.5.3.1.9.3", GCRY_CIPHER_MODE_OFB},
+ {"0.3.4401.5.3.1.9.4", GCRY_CIPHER_MODE_CFB},
+ { NULL }
+ };
+
+static gcry_cipher_oid_spec_t camellia192_oids[] =
+ {
+ {"1.2.392.200011.61.1.1.1.3", GCRY_CIPHER_MODE_CBC},
+ {"0.3.4401.5.3.1.9.21", GCRY_CIPHER_MODE_ECB},
+ {"0.3.4401.5.3.1.9.23", GCRY_CIPHER_MODE_OFB},
+ {"0.3.4401.5.3.1.9.24", GCRY_CIPHER_MODE_CFB},
+ { NULL }
+ };
+
+static gcry_cipher_oid_spec_t camellia256_oids[] =
+ {
+ {"1.2.392.200011.61.1.1.1.4", GCRY_CIPHER_MODE_CBC},
+ {"0.3.4401.5.3.1.9.41", GCRY_CIPHER_MODE_ECB},
+ {"0.3.4401.5.3.1.9.43", GCRY_CIPHER_MODE_OFB},
+ {"0.3.4401.5.3.1.9.44", GCRY_CIPHER_MODE_CFB},
+ { NULL }
+ };
+
+gcry_cipher_spec_t _gcry_cipher_spec_camellia128 =
+ {
+ "CAMELLIA128",NULL,camellia128_oids,CAMELLIA_BLOCK_SIZE,128,
+ sizeof(CAMELLIA_context),camellia_setkey,camellia_encrypt,camellia_decrypt
+ };
+
+gcry_cipher_spec_t _gcry_cipher_spec_camellia192 =
+ {
+ "CAMELLIA192",NULL,camellia192_oids,CAMELLIA_BLOCK_SIZE,192,
+ sizeof(CAMELLIA_context),camellia_setkey,camellia_encrypt,camellia_decrypt
+ };
+
+gcry_cipher_spec_t _gcry_cipher_spec_camellia256 =
+ {
+ "CAMELLIA256",NULL,camellia256_oids,CAMELLIA_BLOCK_SIZE,256,
+ sizeof(CAMELLIA_context),camellia_setkey,camellia_encrypt,camellia_decrypt
+ };
diff --git a/grub-core/lib/libgcrypt/cipher/camellia.c b/grub-core/lib/libgcrypt/cipher/camellia.c
new file mode 100644
index 0000000..79cd49b
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/camellia.c
@@ -0,0 +1,1461 @@
+/* camellia.h ver 1.2.0
+ *
+ * Copyright (C) 2006,2007
+ * NTT (Nippon Telegraph and Telephone Corporation).
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/*
+ * Algorithm Specification
+ * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
+ */
+
+#include <string.h>
+#include <stdlib.h>
+
+#include "camellia.h"
+
+/* u32 must be 32bit word */
+typedef unsigned int u32;
+typedef unsigned char u8;
+
+/* key constants */
+
+#define CAMELLIA_SIGMA1L (0xA09E667FL)
+#define CAMELLIA_SIGMA1R (0x3BCC908BL)
+#define CAMELLIA_SIGMA2L (0xB67AE858L)
+#define CAMELLIA_SIGMA2R (0x4CAA73B2L)
+#define CAMELLIA_SIGMA3L (0xC6EF372FL)
+#define CAMELLIA_SIGMA3R (0xE94F82BEL)
+#define CAMELLIA_SIGMA4L (0x54FF53A5L)
+#define CAMELLIA_SIGMA4R (0xF1D36F1CL)
+#define CAMELLIA_SIGMA5L (0x10E527FAL)
+#define CAMELLIA_SIGMA5R (0xDE682D1DL)
+#define CAMELLIA_SIGMA6L (0xB05688C2L)
+#define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
+
+/*
+ * macros
+ */
+
+
+#if defined(_MSC_VER)
+
+# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
+# define GETU32(p) SWAP(*((u32 *)(p)))
+# define PUTU32(ct, st) {*((u32 *)(ct)) = SWAP((st));}
+
+#else /* not MS-VC */
+
+# define GETU32(pt) \
+ (((u32)(pt)[0] << 24) \
+ ^ ((u32)(pt)[1] << 16) \
+ ^ ((u32)(pt)[2] << 8) \
+ ^ ((u32)(pt)[3]))
+
+# define PUTU32(ct, st) { \
+ (ct)[0] = (u8)((st) >> 24); \
+ (ct)[1] = (u8)((st) >> 16); \
+ (ct)[2] = (u8)((st) >> 8); \
+ (ct)[3] = (u8)(st); }
+
+#endif
+
+#define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
+#define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
+
+/* rotation right shift 1byte */
+#define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
+/* rotation left shift 1bit */
+#define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
+/* rotation left shift 1byte */
+#define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
+
+#define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
+ do { \
+ w0 = ll; \
+ ll = (ll << bits) + (lr >> (32 - bits)); \
+ lr = (lr << bits) + (rl >> (32 - bits)); \
+ rl = (rl << bits) + (rr >> (32 - bits)); \
+ rr = (rr << bits) + (w0 >> (32 - bits)); \
+ } while(0)
+
+#define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
+ do { \
+ w0 = ll; \
+ w1 = lr; \
+ ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
+ lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
+ rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
+ rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
+ } while(0)
+
+#define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
+#define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
+#define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
+#define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
+
+#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
+ do { \
+ il = xl ^ kl; \
+ ir = xr ^ kr; \
+ t0 = il >> 16; \
+ t1 = ir >> 16; \
+ yl = CAMELLIA_SP1110(ir & 0xff) \
+ ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
+ ^ CAMELLIA_SP3033(t1 & 0xff) \
+ ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
+ yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
+ ^ CAMELLIA_SP0222(t0 & 0xff) \
+ ^ CAMELLIA_SP3033((il >> 8) & 0xff) \
+ ^ CAMELLIA_SP4404(il & 0xff); \
+ yl ^= yr; \
+ yr = CAMELLIA_RR8(yr); \
+ yr ^= yl; \
+ } while(0)
+
+
+/*
+ * for speed up
+ *
+ */
+#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
+ do { \
+ t0 = kll; \
+ t0 &= ll; \
+ lr ^= CAMELLIA_RL1(t0); \
+ t1 = klr; \
+ t1 |= lr; \
+ ll ^= t1; \
+ \
+ t2 = krr; \
+ t2 |= rr; \
+ rl ^= t2; \
+ t3 = krl; \
+ t3 &= rl; \
+ rr ^= CAMELLIA_RL1(t3); \
+ } while(0)
+
+#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
+ do { \
+ ir = CAMELLIA_SP1110(xr & 0xff) \
+ ^ CAMELLIA_SP0222((xr >> 24) & 0xff) \
+ ^ CAMELLIA_SP3033((xr >> 16) & 0xff) \
+ ^ CAMELLIA_SP4404((xr >> 8) & 0xff); \
+ il = CAMELLIA_SP1110((xl >> 24) & 0xff) \
+ ^ CAMELLIA_SP0222((xl >> 16) & 0xff) \
+ ^ CAMELLIA_SP3033((xl >> 8) & 0xff) \
+ ^ CAMELLIA_SP4404(xl & 0xff); \
+ il ^= kl; \
+ ir ^= kr; \
+ ir ^= il; \
+ il = CAMELLIA_RR8(il); \
+ il ^= ir; \
+ yl ^= ir; \
+ yr ^= il; \
+ } while(0)
+
+
+static const u32 camellia_sp1110[256] = {
+ 0x70707000,0x82828200,0x2c2c2c00,0xececec00,
+ 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
+ 0xe4e4e400,0x85858500,0x57575700,0x35353500,
+ 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
+ 0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
+ 0x45454500,0x19191900,0xa5a5a500,0x21212100,
+ 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
+ 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
+ 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
+ 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
+ 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
+ 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
+ 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
+ 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
+ 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
+ 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
+ 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
+ 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
+ 0x74747400,0x12121200,0x2b2b2b00,0x20202000,
+ 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
+ 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
+ 0x34343400,0x7e7e7e00,0x76767600,0x05050500,
+ 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
+ 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
+ 0x14141400,0x58585800,0x3a3a3a00,0x61616100,
+ 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
+ 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
+ 0x53535300,0x18181800,0xf2f2f200,0x22222200,
+ 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
+ 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
+ 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
+ 0x60606000,0xfcfcfc00,0x69696900,0x50505000,
+ 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
+ 0xa1a1a100,0x89898900,0x62626200,0x97979700,
+ 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
+ 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
+ 0x10101000,0xc4c4c400,0x00000000,0x48484800,
+ 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
+ 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
+ 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
+ 0x87878700,0x5c5c5c00,0x83838300,0x02020200,
+ 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
+ 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
+ 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
+ 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
+ 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
+ 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
+ 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
+ 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
+ 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
+ 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
+ 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
+ 0x78787800,0x98989800,0x06060600,0x6a6a6a00,
+ 0xe7e7e700,0x46464600,0x71717100,0xbababa00,
+ 0xd4d4d400,0x25252500,0xababab00,0x42424200,
+ 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
+ 0x72727200,0x07070700,0xb9b9b900,0x55555500,
+ 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
+ 0x36363600,0x49494900,0x2a2a2a00,0x68686800,
+ 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
+ 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
+ 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
+ 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
+ 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
+};
+
+static const u32 camellia_sp0222[256] = {
+ 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
+ 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
+ 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
+ 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
+ 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
+ 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
+ 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
+ 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
+ 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
+ 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
+ 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
+ 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
+ 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
+ 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
+ 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
+ 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
+ 0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
+ 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
+ 0x00e8e8e8,0x00242424,0x00565656,0x00404040,
+ 0x00e1e1e1,0x00636363,0x00090909,0x00333333,
+ 0x00bfbfbf,0x00989898,0x00979797,0x00858585,
+ 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
+ 0x00dadada,0x006f6f6f,0x00535353,0x00626262,
+ 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
+ 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
+ 0x00bdbdbd,0x00363636,0x00222222,0x00383838,
+ 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
+ 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
+ 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
+ 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
+ 0x00484848,0x00101010,0x00d1d1d1,0x00515151,
+ 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
+ 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
+ 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
+ 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
+ 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
+ 0x00202020,0x00898989,0x00000000,0x00909090,
+ 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
+ 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
+ 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
+ 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
+ 0x009b9b9b,0x00949494,0x00212121,0x00666666,
+ 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
+ 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
+ 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
+ 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
+ 0x00030303,0x002d2d2d,0x00dedede,0x00969696,
+ 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
+ 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
+ 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
+ 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
+ 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
+ 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
+ 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
+ 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
+ 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
+ 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
+ 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
+ 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
+ 0x00787878,0x00707070,0x00e3e3e3,0x00494949,
+ 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
+ 0x00777777,0x00939393,0x00868686,0x00838383,
+ 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
+ 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
+};
+
+static const u32 camellia_sp3033[256] = {
+ 0x38003838,0x41004141,0x16001616,0x76007676,
+ 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
+ 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
+ 0x75007575,0x06000606,0x57005757,0xa000a0a0,
+ 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
+ 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
+ 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
+ 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
+ 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
+ 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
+ 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
+ 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
+ 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
+ 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
+ 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
+ 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
+ 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
+ 0xfd00fdfd,0x66006666,0x58005858,0x96009696,
+ 0x3a003a3a,0x09000909,0x95009595,0x10001010,
+ 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
+ 0xef00efef,0x26002626,0xe500e5e5,0x61006161,
+ 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
+ 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
+ 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
+ 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
+ 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
+ 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
+ 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
+ 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
+ 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
+ 0x12001212,0x04000404,0x74007474,0x54005454,
+ 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
+ 0x55005555,0x68006868,0x50005050,0xbe00bebe,
+ 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
+ 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
+ 0x70007070,0xff00ffff,0x32003232,0x69006969,
+ 0x08000808,0x62006262,0x00000000,0x24002424,
+ 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
+ 0x45004545,0x81008181,0x73007373,0x6d006d6d,
+ 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
+ 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
+ 0xe600e6e6,0x25002525,0x48004848,0x99009999,
+ 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
+ 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
+ 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
+ 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
+ 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
+ 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
+ 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
+ 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
+ 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
+ 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
+ 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
+ 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
+ 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
+ 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
+ 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
+ 0x7c007c7c,0x77007777,0x56005656,0x05000505,
+ 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
+ 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
+ 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
+ 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
+ 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
+ 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
+};
+
+static const u32 camellia_sp4404[256] = {
+ 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
+ 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
+ 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
+ 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
+ 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
+ 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
+ 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
+ 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
+ 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
+ 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
+ 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
+ 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
+ 0x14140014,0x3a3a003a,0xdede00de,0x11110011,
+ 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
+ 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
+ 0x24240024,0xe8e800e8,0x60600060,0x69690069,
+ 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
+ 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
+ 0x10100010,0x00000000,0xa3a300a3,0x75750075,
+ 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
+ 0x87870087,0x83830083,0xcdcd00cd,0x90900090,
+ 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
+ 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
+ 0x81810081,0x6f6f006f,0x13130013,0x63630063,
+ 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
+ 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
+ 0x78780078,0x06060006,0xe7e700e7,0x71710071,
+ 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
+ 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
+ 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
+ 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
+ 0x15150015,0xadad00ad,0x77770077,0x80800080,
+ 0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
+ 0x85850085,0x35350035,0x0c0c000c,0x41410041,
+ 0xefef00ef,0x93930093,0x19190019,0x21210021,
+ 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
+ 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
+ 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
+ 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
+ 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
+ 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
+ 0x12120012,0x20200020,0xb1b100b1,0x99990099,
+ 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
+ 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
+ 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
+ 0x0f0f000f,0x16160016,0x18180018,0x22220022,
+ 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
+ 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
+ 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
+ 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
+ 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
+ 0x03030003,0xdada00da,0x3f3f003f,0x94940094,
+ 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
+ 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
+ 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
+ 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
+ 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
+ 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
+ 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
+ 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
+ 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
+ 0x49490049,0x68680068,0x38380038,0xa4a400a4,
+ 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
+ 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
+};
+
+
+/**
+ * Stuff related to the Camellia key schedule
+ */
+#define subl(x) subL[(x)]
+#define subr(x) subR[(x)]
+
+void camellia_setup128(const unsigned char *key, u32 *subkey)
+{
+ u32 kll, klr, krl, krr;
+ u32 il, ir, t0, t1, w0, w1;
+ u32 kw4l, kw4r, dw, tl, tr;
+ u32 subL[26];
+ u32 subR[26];
+
+ /**
+ * k == kll || klr || krl || krr (|| is concatination)
+ */
+ kll = GETU32(key );
+ klr = GETU32(key + 4);
+ krl = GETU32(key + 8);
+ krr = GETU32(key + 12);
+ /**
+ * generate KL dependent subkeys
+ */
+ subl(0) = kll; subr(0) = klr;
+ subl(1) = krl; subr(1) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+ subl(4) = kll; subr(4) = klr;
+ subl(5) = krl; subr(5) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
+ subl(10) = kll; subr(10) = klr;
+ subl(11) = krl; subr(11) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+ subl(13) = krl; subr(13) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+ subl(16) = kll; subr(16) = klr;
+ subl(17) = krl; subr(17) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+ subl(18) = kll; subr(18) = klr;
+ subl(19) = krl; subr(19) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+ subl(22) = kll; subr(22) = klr;
+ subl(23) = krl; subr(23) = krr;
+
+ /* generate KA */
+ kll = subl(0); klr = subr(0);
+ krl = subl(1); krr = subr(1);
+ CAMELLIA_F(kll, klr,
+ CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
+ w0, w1, il, ir, t0, t1);
+ krl ^= w0; krr ^= w1;
+ CAMELLIA_F(krl, krr,
+ CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
+ kll, klr, il, ir, t0, t1);
+ CAMELLIA_F(kll, klr,
+ CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
+ krl, krr, il, ir, t0, t1);
+ krl ^= w0; krr ^= w1;
+ CAMELLIA_F(krl, krr,
+ CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
+ w0, w1, il, ir, t0, t1);
+ kll ^= w0; klr ^= w1;
+
+ /* generate KA dependent subkeys */
+ subl(2) = kll; subr(2) = klr;
+ subl(3) = krl; subr(3) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+ subl(6) = kll; subr(6) = klr;
+ subl(7) = krl; subr(7) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+ subl(8) = kll; subr(8) = klr;
+ subl(9) = krl; subr(9) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+ subl(12) = kll; subr(12) = klr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+ subl(14) = kll; subr(14) = klr;
+ subl(15) = krl; subr(15) = krr;
+ CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
+ subl(20) = kll; subr(20) = klr;
+ subl(21) = krl; subr(21) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+ subl(24) = kll; subr(24) = klr;
+ subl(25) = krl; subr(25) = krr;
+
+
+ /* absorb kw2 to other subkeys */
+ subl(3) ^= subl(1); subr(3) ^= subr(1);
+ subl(5) ^= subl(1); subr(5) ^= subr(1);
+ subl(7) ^= subl(1); subr(7) ^= subr(1);
+ subl(1) ^= subr(1) & ~subr(9);
+ dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
+ subl(11) ^= subl(1); subr(11) ^= subr(1);
+ subl(13) ^= subl(1); subr(13) ^= subr(1);
+ subl(15) ^= subl(1); subr(15) ^= subr(1);
+ subl(1) ^= subr(1) & ~subr(17);
+ dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
+ subl(19) ^= subl(1); subr(19) ^= subr(1);
+ subl(21) ^= subl(1); subr(21) ^= subr(1);
+ subl(23) ^= subl(1); subr(23) ^= subr(1);
+ subl(24) ^= subl(1); subr(24) ^= subr(1);
+
+ /* absorb kw4 to other subkeys */
+ kw4l = subl(25); kw4r = subr(25);
+ subl(22) ^= kw4l; subr(22) ^= kw4r;
+ subl(20) ^= kw4l; subr(20) ^= kw4r;
+ subl(18) ^= kw4l; subr(18) ^= kw4r;
+ kw4l ^= kw4r & ~subr(16);
+ dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
+ subl(14) ^= kw4l; subr(14) ^= kw4r;
+ subl(12) ^= kw4l; subr(12) ^= kw4r;
+ subl(10) ^= kw4l; subr(10) ^= kw4r;
+ kw4l ^= kw4r & ~subr(8);
+ dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
+ subl(6) ^= kw4l; subr(6) ^= kw4r;
+ subl(4) ^= kw4l; subr(4) ^= kw4r;
+ subl(2) ^= kw4l; subr(2) ^= kw4r;
+ subl(0) ^= kw4l; subr(0) ^= kw4r;
+
+ /* key XOR is end of F-function */
+ CamelliaSubkeyL(0) = subl(0) ^ subl(2);
+ CamelliaSubkeyR(0) = subr(0) ^ subr(2);
+ CamelliaSubkeyL(2) = subl(3);
+ CamelliaSubkeyR(2) = subr(3);
+ CamelliaSubkeyL(3) = subl(2) ^ subl(4);
+ CamelliaSubkeyR(3) = subr(2) ^ subr(4);
+ CamelliaSubkeyL(4) = subl(3) ^ subl(5);
+ CamelliaSubkeyR(4) = subr(3) ^ subr(5);
+ CamelliaSubkeyL(5) = subl(4) ^ subl(6);
+ CamelliaSubkeyR(5) = subr(4) ^ subr(6);
+ CamelliaSubkeyL(6) = subl(5) ^ subl(7);
+ CamelliaSubkeyR(6) = subr(5) ^ subr(7);
+ tl = subl(10) ^ (subr(10) & ~subr(8));
+ dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(7) = subl(6) ^ tl;
+ CamelliaSubkeyR(7) = subr(6) ^ tr;
+ CamelliaSubkeyL(8) = subl(8);
+ CamelliaSubkeyR(8) = subr(8);
+ CamelliaSubkeyL(9) = subl(9);
+ CamelliaSubkeyR(9) = subr(9);
+ tl = subl(7) ^ (subr(7) & ~subr(9));
+ dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(10) = tl ^ subl(11);
+ CamelliaSubkeyR(10) = tr ^ subr(11);
+ CamelliaSubkeyL(11) = subl(10) ^ subl(12);
+ CamelliaSubkeyR(11) = subr(10) ^ subr(12);
+ CamelliaSubkeyL(12) = subl(11) ^ subl(13);
+ CamelliaSubkeyR(12) = subr(11) ^ subr(13);
+ CamelliaSubkeyL(13) = subl(12) ^ subl(14);
+ CamelliaSubkeyR(13) = subr(12) ^ subr(14);
+ CamelliaSubkeyL(14) = subl(13) ^ subl(15);
+ CamelliaSubkeyR(14) = subr(13) ^ subr(15);
+ tl = subl(18) ^ (subr(18) & ~subr(16));
+ dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(15) = subl(14) ^ tl;
+ CamelliaSubkeyR(15) = subr(14) ^ tr;
+ CamelliaSubkeyL(16) = subl(16);
+ CamelliaSubkeyR(16) = subr(16);
+ CamelliaSubkeyL(17) = subl(17);
+ CamelliaSubkeyR(17) = subr(17);
+ tl = subl(15) ^ (subr(15) & ~subr(17));
+ dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(18) = tl ^ subl(19);
+ CamelliaSubkeyR(18) = tr ^ subr(19);
+ CamelliaSubkeyL(19) = subl(18) ^ subl(20);
+ CamelliaSubkeyR(19) = subr(18) ^ subr(20);
+ CamelliaSubkeyL(20) = subl(19) ^ subl(21);
+ CamelliaSubkeyR(20) = subr(19) ^ subr(21);
+ CamelliaSubkeyL(21) = subl(20) ^ subl(22);
+ CamelliaSubkeyR(21) = subr(20) ^ subr(22);
+ CamelliaSubkeyL(22) = subl(21) ^ subl(23);
+ CamelliaSubkeyR(22) = subr(21) ^ subr(23);
+ CamelliaSubkeyL(23) = subl(22);
+ CamelliaSubkeyR(23) = subr(22);
+ CamelliaSubkeyL(24) = subl(24) ^ subl(23);
+ CamelliaSubkeyR(24) = subr(24) ^ subr(23);
+
+ /* apply the inverse of the last half of P-function */
+ dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
+ dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
+ dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
+ dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
+ dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
+ dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
+ dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
+ dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
+ dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
+ dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
+ dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
+ dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
+ dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
+ dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
+ dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
+ dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
+ dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
+ dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
+
+ return;
+}
+
+void camellia_setup256(const unsigned char *key, u32 *subkey)
+{
+ u32 kll,klr,krl,krr; /* left half of key */
+ u32 krll,krlr,krrl,krrr; /* right half of key */
+ u32 il, ir, t0, t1, w0, w1; /* temporary variables */
+ u32 kw4l, kw4r, dw, tl, tr;
+ u32 subL[34];
+ u32 subR[34];
+
+ /**
+ * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
+ * (|| is concatination)
+ */
+
+ kll = GETU32(key );
+ klr = GETU32(key + 4);
+ krl = GETU32(key + 8);
+ krr = GETU32(key + 12);
+ krll = GETU32(key + 16);
+ krlr = GETU32(key + 20);
+ krrl = GETU32(key + 24);
+ krrr = GETU32(key + 28);
+
+ /* generate KL dependent subkeys */
+ subl(0) = kll; subr(0) = klr;
+ subl(1) = krl; subr(1) = krr;
+ CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
+ subl(12) = kll; subr(12) = klr;
+ subl(13) = krl; subr(13) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+ subl(16) = kll; subr(16) = klr;
+ subl(17) = krl; subr(17) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+ subl(22) = kll; subr(22) = klr;
+ subl(23) = krl; subr(23) = krr;
+ CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
+ subl(30) = kll; subr(30) = klr;
+ subl(31) = krl; subr(31) = krr;
+
+ /* generate KR dependent subkeys */
+ CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
+ subl(4) = krll; subr(4) = krlr;
+ subl(5) = krrl; subr(5) = krrr;
+ CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
+ subl(8) = krll; subr(8) = krlr;
+ subl(9) = krrl; subr(9) = krrr;
+ CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
+ subl(18) = krll; subr(18) = krlr;
+ subl(19) = krrl; subr(19) = krrr;
+ CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
+ subl(26) = krll; subr(26) = krlr;
+ subl(27) = krrl; subr(27) = krrr;
+ CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
+
+ /* generate KA */
+ kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
+ krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
+ CAMELLIA_F(kll, klr,
+ CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
+ w0, w1, il, ir, t0, t1);
+ krl ^= w0; krr ^= w1;
+ CAMELLIA_F(krl, krr,
+ CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
+ kll, klr, il, ir, t0, t1);
+ kll ^= krll; klr ^= krlr;
+ CAMELLIA_F(kll, klr,
+ CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
+ krl, krr, il, ir, t0, t1);
+ krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
+ CAMELLIA_F(krl, krr,
+ CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
+ w0, w1, il, ir, t0, t1);
+ kll ^= w0; klr ^= w1;
+
+ /* generate KB */
+ krll ^= kll; krlr ^= klr;
+ krrl ^= krl; krrr ^= krr;
+ CAMELLIA_F(krll, krlr,
+ CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
+ w0, w1, il, ir, t0, t1);
+ krrl ^= w0; krrr ^= w1;
+ CAMELLIA_F(krrl, krrr,
+ CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
+ w0, w1, il, ir, t0, t1);
+ krll ^= w0; krlr ^= w1;
+
+ /* generate KA dependent subkeys */
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+ subl(6) = kll; subr(6) = klr;
+ subl(7) = krl; subr(7) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
+ subl(14) = kll; subr(14) = klr;
+ subl(15) = krl; subr(15) = krr;
+ subl(24) = klr; subr(24) = krl;
+ subl(25) = krr; subr(25) = kll;
+ CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
+ subl(28) = kll; subr(28) = klr;
+ subl(29) = krl; subr(29) = krr;
+
+ /* generate KB dependent subkeys */
+ subl(2) = krll; subr(2) = krlr;
+ subl(3) = krrl; subr(3) = krrr;
+ CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
+ subl(10) = krll; subr(10) = krlr;
+ subl(11) = krrl; subr(11) = krrr;
+ CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
+ subl(20) = krll; subr(20) = krlr;
+ subl(21) = krrl; subr(21) = krrr;
+ CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
+ subl(32) = krll; subr(32) = krlr;
+ subl(33) = krrl; subr(33) = krrr;
+
+ /* absorb kw2 to other subkeys */
+ subl(3) ^= subl(1); subr(3) ^= subr(1);
+ subl(5) ^= subl(1); subr(5) ^= subr(1);
+ subl(7) ^= subl(1); subr(7) ^= subr(1);
+ subl(1) ^= subr(1) & ~subr(9);
+ dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw);
+ subl(11) ^= subl(1); subr(11) ^= subr(1);
+ subl(13) ^= subl(1); subr(13) ^= subr(1);
+ subl(15) ^= subl(1); subr(15) ^= subr(1);
+ subl(1) ^= subr(1) & ~subr(17);
+ dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw);
+ subl(19) ^= subl(1); subr(19) ^= subr(1);
+ subl(21) ^= subl(1); subr(21) ^= subr(1);
+ subl(23) ^= subl(1); subr(23) ^= subr(1);
+ subl(1) ^= subr(1) & ~subr(25);
+ dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw);
+ subl(27) ^= subl(1); subr(27) ^= subr(1);
+ subl(29) ^= subl(1); subr(29) ^= subr(1);
+ subl(31) ^= subl(1); subr(31) ^= subr(1);
+ subl(32) ^= subl(1); subr(32) ^= subr(1);
+
+ /* absorb kw4 to other subkeys */
+ kw4l = subl(33); kw4r = subr(33);
+ subl(30) ^= kw4l; subr(30) ^= kw4r;
+ subl(28) ^= kw4l; subr(28) ^= kw4r;
+ subl(26) ^= kw4l; subr(26) ^= kw4r;
+ kw4l ^= kw4r & ~subr(24);
+ dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw);
+ subl(22) ^= kw4l; subr(22) ^= kw4r;
+ subl(20) ^= kw4l; subr(20) ^= kw4r;
+ subl(18) ^= kw4l; subr(18) ^= kw4r;
+ kw4l ^= kw4r & ~subr(16);
+ dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw);
+ subl(14) ^= kw4l; subr(14) ^= kw4r;
+ subl(12) ^= kw4l; subr(12) ^= kw4r;
+ subl(10) ^= kw4l; subr(10) ^= kw4r;
+ kw4l ^= kw4r & ~subr(8);
+ dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw);
+ subl(6) ^= kw4l; subr(6) ^= kw4r;
+ subl(4) ^= kw4l; subr(4) ^= kw4r;
+ subl(2) ^= kw4l; subr(2) ^= kw4r;
+ subl(0) ^= kw4l; subr(0) ^= kw4r;
+
+ /* key XOR is end of F-function */
+ CamelliaSubkeyL(0) = subl(0) ^ subl(2);
+ CamelliaSubkeyR(0) = subr(0) ^ subr(2);
+ CamelliaSubkeyL(2) = subl(3);
+ CamelliaSubkeyR(2) = subr(3);
+ CamelliaSubkeyL(3) = subl(2) ^ subl(4);
+ CamelliaSubkeyR(3) = subr(2) ^ subr(4);
+ CamelliaSubkeyL(4) = subl(3) ^ subl(5);
+ CamelliaSubkeyR(4) = subr(3) ^ subr(5);
+ CamelliaSubkeyL(5) = subl(4) ^ subl(6);
+ CamelliaSubkeyR(5) = subr(4) ^ subr(6);
+ CamelliaSubkeyL(6) = subl(5) ^ subl(7);
+ CamelliaSubkeyR(6) = subr(5) ^ subr(7);
+ tl = subl(10) ^ (subr(10) & ~subr(8));
+ dw = tl & subl(8), tr = subr(10) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(7) = subl(6) ^ tl;
+ CamelliaSubkeyR(7) = subr(6) ^ tr;
+ CamelliaSubkeyL(8) = subl(8);
+ CamelliaSubkeyR(8) = subr(8);
+ CamelliaSubkeyL(9) = subl(9);
+ CamelliaSubkeyR(9) = subr(9);
+ tl = subl(7) ^ (subr(7) & ~subr(9));
+ dw = tl & subl(9), tr = subr(7) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(10) = tl ^ subl(11);
+ CamelliaSubkeyR(10) = tr ^ subr(11);
+ CamelliaSubkeyL(11) = subl(10) ^ subl(12);
+ CamelliaSubkeyR(11) = subr(10) ^ subr(12);
+ CamelliaSubkeyL(12) = subl(11) ^ subl(13);
+ CamelliaSubkeyR(12) = subr(11) ^ subr(13);
+ CamelliaSubkeyL(13) = subl(12) ^ subl(14);
+ CamelliaSubkeyR(13) = subr(12) ^ subr(14);
+ CamelliaSubkeyL(14) = subl(13) ^ subl(15);
+ CamelliaSubkeyR(14) = subr(13) ^ subr(15);
+ tl = subl(18) ^ (subr(18) & ~subr(16));
+ dw = tl & subl(16), tr = subr(18) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(15) = subl(14) ^ tl;
+ CamelliaSubkeyR(15) = subr(14) ^ tr;
+ CamelliaSubkeyL(16) = subl(16);
+ CamelliaSubkeyR(16) = subr(16);
+ CamelliaSubkeyL(17) = subl(17);
+ CamelliaSubkeyR(17) = subr(17);
+ tl = subl(15) ^ (subr(15) & ~subr(17));
+ dw = tl & subl(17), tr = subr(15) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(18) = tl ^ subl(19);
+ CamelliaSubkeyR(18) = tr ^ subr(19);
+ CamelliaSubkeyL(19) = subl(18) ^ subl(20);
+ CamelliaSubkeyR(19) = subr(18) ^ subr(20);
+ CamelliaSubkeyL(20) = subl(19) ^ subl(21);
+ CamelliaSubkeyR(20) = subr(19) ^ subr(21);
+ CamelliaSubkeyL(21) = subl(20) ^ subl(22);
+ CamelliaSubkeyR(21) = subr(20) ^ subr(22);
+ CamelliaSubkeyL(22) = subl(21) ^ subl(23);
+ CamelliaSubkeyR(22) = subr(21) ^ subr(23);
+ tl = subl(26) ^ (subr(26) & ~subr(24));
+ dw = tl & subl(24), tr = subr(26) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(23) = subl(22) ^ tl;
+ CamelliaSubkeyR(23) = subr(22) ^ tr;
+ CamelliaSubkeyL(24) = subl(24);
+ CamelliaSubkeyR(24) = subr(24);
+ CamelliaSubkeyL(25) = subl(25);
+ CamelliaSubkeyR(25) = subr(25);
+ tl = subl(23) ^ (subr(23) & ~subr(25));
+ dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(26) = tl ^ subl(27);
+ CamelliaSubkeyR(26) = tr ^ subr(27);
+ CamelliaSubkeyL(27) = subl(26) ^ subl(28);
+ CamelliaSubkeyR(27) = subr(26) ^ subr(28);
+ CamelliaSubkeyL(28) = subl(27) ^ subl(29);
+ CamelliaSubkeyR(28) = subr(27) ^ subr(29);
+ CamelliaSubkeyL(29) = subl(28) ^ subl(30);
+ CamelliaSubkeyR(29) = subr(28) ^ subr(30);
+ CamelliaSubkeyL(30) = subl(29) ^ subl(31);
+ CamelliaSubkeyR(30) = subr(29) ^ subr(31);
+ CamelliaSubkeyL(31) = subl(30);
+ CamelliaSubkeyR(31) = subr(30);
+ CamelliaSubkeyL(32) = subl(32) ^ subl(31);
+ CamelliaSubkeyR(32) = subr(32) ^ subr(31);
+
+ /* apply the inverse of the last half of P-function */
+ dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
+ dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
+ dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
+ dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
+ dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
+ dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
+ dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
+ dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
+ dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
+ dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
+ dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
+ dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
+ dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
+ dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
+ dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
+ dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
+ dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
+ dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
+ dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw, CamelliaSubkeyL(26) = dw;
+ dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw, CamelliaSubkeyL(27) = dw;
+ dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw, CamelliaSubkeyL(28) = dw;
+ dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw, CamelliaSubkeyL(29) = dw;
+ dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, CamelliaSubkeyL(30) = dw;
+ dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,CamelliaSubkeyL(31) = dw;
+
+ return;
+}
+
+void camellia_setup192(const unsigned char *key, u32 *subkey)
+{
+ unsigned char kk[32];
+ u32 krll, krlr, krrl,krrr;
+
+ memcpy(kk, key, 24);
+ memcpy((unsigned char *)&krll, key+16,4);
+ memcpy((unsigned char *)&krlr, key+20,4);
+ krrl = ~krll;
+ krrr = ~krlr;
+ memcpy(kk+24, (unsigned char *)&krrl, 4);
+ memcpy(kk+28, (unsigned char *)&krrr, 4);
+ camellia_setup256(kk, subkey);
+ return;
+}
+
+
+/**
+ * Stuff related to camellia encryption/decryption
+ *
+ * "io" must be 4byte aligned and big-endian data.
+ */
+void camellia_encrypt128(const u32 *subkey, u32 *io)
+{
+ u32 il, ir, t0, t1;
+
+ /* pre whitening but absorb kw2*/
+ io[0] ^= CamelliaSubkeyL(0);
+ io[1] ^= CamelliaSubkeyR(0);
+ /* main iteration */
+
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(2),CamelliaSubkeyR(2),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(3),CamelliaSubkeyR(3),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(4),CamelliaSubkeyR(4),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(5),CamelliaSubkeyR(5),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(6),CamelliaSubkeyR(6),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(7),CamelliaSubkeyR(7),
+ io[0],io[1],il,ir,t0,t1);
+
+ CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+ CamelliaSubkeyL(8),CamelliaSubkeyR(8),
+ CamelliaSubkeyL(9),CamelliaSubkeyR(9),
+ t0,t1,il,ir);
+
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(10),CamelliaSubkeyR(10),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(11),CamelliaSubkeyR(11),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(12),CamelliaSubkeyR(12),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(13),CamelliaSubkeyR(13),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(14),CamelliaSubkeyR(14),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(15),CamelliaSubkeyR(15),
+ io[0],io[1],il,ir,t0,t1);
+
+ CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+ CamelliaSubkeyL(16),CamelliaSubkeyR(16),
+ CamelliaSubkeyL(17),CamelliaSubkeyR(17),
+ t0,t1,il,ir);
+
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(18),CamelliaSubkeyR(18),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(19),CamelliaSubkeyR(19),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(20),CamelliaSubkeyR(20),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(21),CamelliaSubkeyR(21),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(22),CamelliaSubkeyR(22),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(23),CamelliaSubkeyR(23),
+ io[0],io[1],il,ir,t0,t1);
+
+ /* post whitening but kw4 */
+ io[2] ^= CamelliaSubkeyL(24);
+ io[3] ^= CamelliaSubkeyR(24);
+
+ t0 = io[0];
+ t1 = io[1];
+ io[0] = io[2];
+ io[1] = io[3];
+ io[2] = t0;
+ io[3] = t1;
+
+ return;
+}
+
+void camellia_decrypt128(const u32 *subkey, u32 *io)
+{
+ u32 il,ir,t0,t1; /* temporary valiables */
+
+ /* pre whitening but absorb kw2*/
+ io[0] ^= CamelliaSubkeyL(24);
+ io[1] ^= CamelliaSubkeyR(24);
+
+ /* main iteration */
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(23),CamelliaSubkeyR(23),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(22),CamelliaSubkeyR(22),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(21),CamelliaSubkeyR(21),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(20),CamelliaSubkeyR(20),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(19),CamelliaSubkeyR(19),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(18),CamelliaSubkeyR(18),
+ io[0],io[1],il,ir,t0,t1);
+
+ CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+ CamelliaSubkeyL(17),CamelliaSubkeyR(17),
+ CamelliaSubkeyL(16),CamelliaSubkeyR(16),
+ t0,t1,il,ir);
+
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(15),CamelliaSubkeyR(15),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(14),CamelliaSubkeyR(14),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(13),CamelliaSubkeyR(13),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(12),CamelliaSubkeyR(12),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(11),CamelliaSubkeyR(11),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(10),CamelliaSubkeyR(10),
+ io[0],io[1],il,ir,t0,t1);
+
+ CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+ CamelliaSubkeyL(9),CamelliaSubkeyR(9),
+ CamelliaSubkeyL(8),CamelliaSubkeyR(8),
+ t0,t1,il,ir);
+
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(7),CamelliaSubkeyR(7),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(6),CamelliaSubkeyR(6),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(5),CamelliaSubkeyR(5),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(4),CamelliaSubkeyR(4),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(3),CamelliaSubkeyR(3),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(2),CamelliaSubkeyR(2),
+ io[0],io[1],il,ir,t0,t1);
+
+ /* post whitening but kw4 */
+ io[2] ^= CamelliaSubkeyL(0);
+ io[3] ^= CamelliaSubkeyR(0);
+
+ t0 = io[0];
+ t1 = io[1];
+ io[0] = io[2];
+ io[1] = io[3];
+ io[2] = t0;
+ io[3] = t1;
+
+ return;
+}
+
+/**
+ * stuff for 192 and 256bit encryption/decryption
+ */
+void camellia_encrypt256(const u32 *subkey, u32 *io)
+{
+ u32 il,ir,t0,t1; /* temporary valiables */
+
+ /* pre whitening but absorb kw2*/
+ io[0] ^= CamelliaSubkeyL(0);
+ io[1] ^= CamelliaSubkeyR(0);
+
+ /* main iteration */
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(2),CamelliaSubkeyR(2),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(3),CamelliaSubkeyR(3),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(4),CamelliaSubkeyR(4),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(5),CamelliaSubkeyR(5),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(6),CamelliaSubkeyR(6),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(7),CamelliaSubkeyR(7),
+ io[0],io[1],il,ir,t0,t1);
+
+ CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+ CamelliaSubkeyL(8),CamelliaSubkeyR(8),
+ CamelliaSubkeyL(9),CamelliaSubkeyR(9),
+ t0,t1,il,ir);
+
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(10),CamelliaSubkeyR(10),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(11),CamelliaSubkeyR(11),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(12),CamelliaSubkeyR(12),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(13),CamelliaSubkeyR(13),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(14),CamelliaSubkeyR(14),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(15),CamelliaSubkeyR(15),
+ io[0],io[1],il,ir,t0,t1);
+
+ CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+ CamelliaSubkeyL(16),CamelliaSubkeyR(16),
+ CamelliaSubkeyL(17),CamelliaSubkeyR(17),
+ t0,t1,il,ir);
+
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(18),CamelliaSubkeyR(18),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(19),CamelliaSubkeyR(19),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(20),CamelliaSubkeyR(20),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(21),CamelliaSubkeyR(21),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(22),CamelliaSubkeyR(22),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(23),CamelliaSubkeyR(23),
+ io[0],io[1],il,ir,t0,t1);
+
+ CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+ CamelliaSubkeyL(24),CamelliaSubkeyR(24),
+ CamelliaSubkeyL(25),CamelliaSubkeyR(25),
+ t0,t1,il,ir);
+
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(26),CamelliaSubkeyR(26),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(27),CamelliaSubkeyR(27),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(28),CamelliaSubkeyR(28),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(29),CamelliaSubkeyR(29),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(30),CamelliaSubkeyR(30),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(31),CamelliaSubkeyR(31),
+ io[0],io[1],il,ir,t0,t1);
+
+ /* post whitening but kw4 */
+ io[2] ^= CamelliaSubkeyL(32);
+ io[3] ^= CamelliaSubkeyR(32);
+
+ t0 = io[0];
+ t1 = io[1];
+ io[0] = io[2];
+ io[1] = io[3];
+ io[2] = t0;
+ io[3] = t1;
+
+ return;
+}
+
+void camellia_decrypt256(const u32 *subkey, u32 *io)
+{
+ u32 il,ir,t0,t1; /* temporary valiables */
+
+ /* pre whitening but absorb kw2*/
+ io[0] ^= CamelliaSubkeyL(32);
+ io[1] ^= CamelliaSubkeyR(32);
+
+ /* main iteration */
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(31),CamelliaSubkeyR(31),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(30),CamelliaSubkeyR(30),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(29),CamelliaSubkeyR(29),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(28),CamelliaSubkeyR(28),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(27),CamelliaSubkeyR(27),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(26),CamelliaSubkeyR(26),
+ io[0],io[1],il,ir,t0,t1);
+
+ CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+ CamelliaSubkeyL(25),CamelliaSubkeyR(25),
+ CamelliaSubkeyL(24),CamelliaSubkeyR(24),
+ t0,t1,il,ir);
+
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(23),CamelliaSubkeyR(23),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(22),CamelliaSubkeyR(22),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(21),CamelliaSubkeyR(21),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(20),CamelliaSubkeyR(20),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(19),CamelliaSubkeyR(19),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(18),CamelliaSubkeyR(18),
+ io[0],io[1],il,ir,t0,t1);
+
+ CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+ CamelliaSubkeyL(17),CamelliaSubkeyR(17),
+ CamelliaSubkeyL(16),CamelliaSubkeyR(16),
+ t0,t1,il,ir);
+
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(15),CamelliaSubkeyR(15),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(14),CamelliaSubkeyR(14),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(13),CamelliaSubkeyR(13),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(12),CamelliaSubkeyR(12),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(11),CamelliaSubkeyR(11),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(10),CamelliaSubkeyR(10),
+ io[0],io[1],il,ir,t0,t1);
+
+ CAMELLIA_FLS(io[0],io[1],io[2],io[3],
+ CamelliaSubkeyL(9),CamelliaSubkeyR(9),
+ CamelliaSubkeyL(8),CamelliaSubkeyR(8),
+ t0,t1,il,ir);
+
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(7),CamelliaSubkeyR(7),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(6),CamelliaSubkeyR(6),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(5),CamelliaSubkeyR(5),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(4),CamelliaSubkeyR(4),
+ io[0],io[1],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[0],io[1],
+ CamelliaSubkeyL(3),CamelliaSubkeyR(3),
+ io[2],io[3],il,ir,t0,t1);
+ CAMELLIA_ROUNDSM(io[2],io[3],
+ CamelliaSubkeyL(2),CamelliaSubkeyR(2),
+ io[0],io[1],il,ir,t0,t1);
+
+ /* post whitening but kw4 */
+ io[2] ^= CamelliaSubkeyL(0);
+ io[3] ^= CamelliaSubkeyR(0);
+
+ t0 = io[0];
+ t1 = io[1];
+ io[0] = io[2];
+ io[1] = io[3];
+ io[2] = t0;
+ io[3] = t1;
+
+ return;
+}
+
+/***
+ *
+ * API for compatibility
+ */
+
+void Camellia_Ekeygen(const int keyBitLength,
+ const unsigned char *rawKey,
+ KEY_TABLE_TYPE keyTable)
+{
+ switch(keyBitLength) {
+ case 128:
+ camellia_setup128(rawKey, keyTable);
+ break;
+ case 192:
+ camellia_setup192(rawKey, keyTable);
+ break;
+ case 256:
+ camellia_setup256(rawKey, keyTable);
+ break;
+ default:
+ break;
+ }
+}
+
+
+void Camellia_EncryptBlock(const int keyBitLength,
+ const unsigned char *plaintext,
+ const KEY_TABLE_TYPE keyTable,
+ unsigned char *ciphertext)
+{
+ u32 tmp[4];
+
+ tmp[0] = GETU32(plaintext);
+ tmp[1] = GETU32(plaintext + 4);
+ tmp[2] = GETU32(plaintext + 8);
+ tmp[3] = GETU32(plaintext + 12);
+
+ switch (keyBitLength) {
+ case 128:
+ camellia_encrypt128(keyTable, tmp);
+ break;
+ case 192:
+ /* fall through */
+ case 256:
+ camellia_encrypt256(keyTable, tmp);
+ break;
+ default:
+ break;
+ }
+
+ PUTU32(ciphertext, tmp[0]);
+ PUTU32(ciphertext + 4, tmp[1]);
+ PUTU32(ciphertext + 8, tmp[2]);
+ PUTU32(ciphertext + 12, tmp[3]);
+}
+
+void Camellia_DecryptBlock(const int keyBitLength,
+ const unsigned char *ciphertext,
+ const KEY_TABLE_TYPE keyTable,
+ unsigned char *plaintext)
+{
+ u32 tmp[4];
+
+ tmp[0] = GETU32(ciphertext);
+ tmp[1] = GETU32(ciphertext + 4);
+ tmp[2] = GETU32(ciphertext + 8);
+ tmp[3] = GETU32(ciphertext + 12);
+
+ switch (keyBitLength) {
+ case 128:
+ camellia_decrypt128(keyTable, tmp);
+ break;
+ case 192:
+ /* fall through */
+ case 256:
+ camellia_decrypt256(keyTable, tmp);
+ break;
+ default:
+ break;
+ }
+ PUTU32(plaintext, tmp[0]);
+ PUTU32(plaintext + 4, tmp[1]);
+ PUTU32(plaintext + 8, tmp[2]);
+ PUTU32(plaintext + 12, tmp[3]);
+}
diff --git a/grub-core/lib/libgcrypt/cipher/camellia.h b/grub-core/lib/libgcrypt/cipher/camellia.h
new file mode 100644
index 0000000..4425a3a
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/camellia.h
@@ -0,0 +1,81 @@
+/* camellia.h ver 1.2.0
+ *
+ * Copyright (C) 2006,2007
+ * NTT (Nippon Telegraph and Telephone Corporation).
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef HEADER_CAMELLIA_H
+#define HEADER_CAMELLIA_H
+
+/* To use Camellia with libraries it is often useful to keep the name
+ * space of the library clean. The following macro is thus useful:
+ *
+ * #define CAMELLIA_EXT_SYM_PREFIX foo_
+ *
+ * This prefixes all external symbols with "foo_".
+ */
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#ifdef CAMELLIA_EXT_SYM_PREFIX
+#define CAMELLIA_PREFIX1(x,y) x ## y
+#define CAMELLIA_PREFIX2(x,y) CAMELLIA_PREFIX1(x,y)
+#define CAMELLIA_PREFIX(x) CAMELLIA_PREFIX2(CAMELLIA_EXT_SYM_PREFIX,x)
+#define Camellia_Ekeygen CAMELLIA_PREFIX(Camellia_Ekeygen)
+#define Camellia_EncryptBlock CAMELLIA_PREFIX(Camellia_EncryptBlock)
+#define Camellia_DecryptBlock CAMELLIA_PREFIX(Camellia_DecryptBlock)
+#define camellia_decrypt128 CAMELLIA_PREFIX(camellia_decrypt128)
+#define camellia_decrypt256 CAMELLIA_PREFIX(camellia_decrypt256)
+#define camellia_encrypt128 CAMELLIA_PREFIX(camellia_encrypt128)
+#define camellia_encrypt256 CAMELLIA_PREFIX(camellia_encrypt256)
+#define camellia_setup128 CAMELLIA_PREFIX(camellia_setup128)
+#define camellia_setup192 CAMELLIA_PREFIX(camellia_setup192)
+#define camellia_setup256 CAMELLIA_PREFIX(camellia_setup256)
+#endif /*CAMELLIA_EXT_SYM_PREFIX*/
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define CAMELLIA_BLOCK_SIZE 16
+#define CAMELLIA_TABLE_BYTE_LEN 272
+#define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4)
+
+typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN];
+
+
+void Camellia_Ekeygen(const int keyBitLength,
+ const unsigned char *rawKey,
+ KEY_TABLE_TYPE keyTable);
+
+void Camellia_EncryptBlock(const int keyBitLength,
+ const unsigned char *plaintext,
+ const KEY_TABLE_TYPE keyTable,
+ unsigned char *cipherText);
+
+void Camellia_DecryptBlock(const int keyBitLength,
+ const unsigned char *cipherText,
+ const KEY_TABLE_TYPE keyTable,
+ unsigned char *plaintext);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* HEADER_CAMELLIA_H */
diff --git a/grub-core/lib/libgcrypt/cipher/cast5.c b/grub-core/lib/libgcrypt/cipher/cast5.c
new file mode 100644
index 0000000..333d55e
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/cast5.c
@@ -0,0 +1,620 @@
+/* cast5.c - CAST5 cipher (RFC2144)
+ * Copyright (C) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+/* Test vectors:
+ *
+ * 128-bit key = 01 23 45 67 12 34 56 78 23 45 67 89 34 56 78 9A
+ * plaintext = 01 23 45 67 89 AB CD EF
+ * ciphertext = 23 8B 4F E5 84 7E 44 B2
+ *
+ * 80-bit key = 01 23 45 67 12 34 56 78 23 45
+ * = 01 23 45 67 12 34 56 78 23 45 00 00 00 00 00 00
+ * plaintext = 01 23 45 67 89 AB CD EF
+ * ciphertext = EB 6A 71 1A 2C 02 27 1B
+ *
+ * 40-bit key = 01 23 45 67 12
+ * = 01 23 45 67 12 00 00 00 00 00 00 00 00 00 00 00
+ * plaintext = 01 23 45 67 89 AB CD EF
+ * ciphertext = 7A C8 16 D1 6E 9B 30 2E
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "g10lib.h"
+#include "types.h"
+#include "cipher.h"
+
+#define CAST5_BLOCKSIZE 8
+
+typedef struct {
+ u32 Km[16];
+ byte Kr[16];
+} CAST5_context;
+
+static gcry_err_code_t cast_setkey (void *c, const byte *key, unsigned keylen);
+static void encrypt_block (void *c, byte *outbuf, const byte *inbuf);
+static void decrypt_block (void *c, byte *outbuf, const byte *inbuf);
+
+
+
+
+static const u32 s1[256] = {
+0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949,
+0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e,
+0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d,
+0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0,
+0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7,
+0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935,
+0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d,
+0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50,
+0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe,
+0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3,
+0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167,
+0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291,
+0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779,
+0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2,
+0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511,
+0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d,
+0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5,
+0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324,
+0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c,
+0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc,
+0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d,
+0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96,
+0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a,
+0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d,
+0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd,
+0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6,
+0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9,
+0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872,
+0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c,
+0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e,
+0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9,
+0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf
+};
+static const u32 s2[256] = {
+0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651,
+0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3,
+0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb,
+0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806,
+0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b,
+0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359,
+0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b,
+0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c,
+0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34,
+0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb,
+0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd,
+0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860,
+0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b,
+0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304,
+0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b,
+0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf,
+0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c,
+0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13,
+0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f,
+0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6,
+0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6,
+0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58,
+0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906,
+0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d,
+0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6,
+0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4,
+0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6,
+0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f,
+0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249,
+0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa,
+0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9,
+0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1
+};
+static const u32 s3[256] = {
+0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90,
+0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5,
+0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e,
+0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240,
+0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5,
+0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b,
+0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71,
+0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04,
+0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82,
+0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15,
+0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2,
+0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176,
+0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148,
+0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc,
+0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341,
+0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e,
+0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51,
+0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f,
+0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a,
+0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b,
+0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b,
+0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5,
+0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45,
+0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536,
+0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc,
+0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0,
+0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69,
+0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2,
+0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49,
+0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d,
+0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a,
+0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783
+};
+static const u32 s4[256] = {
+0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1,
+0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf,
+0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15,
+0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121,
+0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25,
+0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5,
+0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb,
+0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5,
+0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d,
+0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6,
+0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23,
+0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003,
+0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6,
+0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119,
+0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24,
+0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a,
+0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79,
+0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df,
+0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26,
+0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab,
+0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7,
+0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417,
+0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2,
+0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2,
+0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a,
+0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919,
+0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef,
+0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876,
+0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab,
+0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04,
+0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282,
+0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2
+};
+static const u32 s5[256] = {
+0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f,
+0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a,
+0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff,
+0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02,
+0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a,
+0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7,
+0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9,
+0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981,
+0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774,
+0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655,
+0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2,
+0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910,
+0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1,
+0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da,
+0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049,
+0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f,
+0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba,
+0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be,
+0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3,
+0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840,
+0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4,
+0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2,
+0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7,
+0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5,
+0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e,
+0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e,
+0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801,
+0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad,
+0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0,
+0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20,
+0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8,
+0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4
+};
+static const u32 s6[256] = {
+0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac,
+0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138,
+0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367,
+0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98,
+0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072,
+0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3,
+0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd,
+0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8,
+0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9,
+0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54,
+0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387,
+0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc,
+0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf,
+0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf,
+0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f,
+0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289,
+0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950,
+0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f,
+0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b,
+0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be,
+0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13,
+0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976,
+0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0,
+0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891,
+0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da,
+0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc,
+0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084,
+0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25,
+0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121,
+0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5,
+0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd,
+0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f
+};
+static const u32 s7[256] = {
+0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f,
+0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de,
+0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43,
+0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19,
+0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2,
+0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516,
+0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88,
+0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816,
+0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756,
+0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a,
+0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264,
+0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688,
+0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28,
+0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3,
+0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7,
+0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06,
+0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033,
+0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a,
+0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566,
+0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509,
+0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962,
+0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e,
+0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c,
+0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c,
+0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285,
+0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301,
+0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be,
+0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767,
+0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647,
+0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914,
+0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c,
+0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3
+};
+static const u32 s8[256] = {
+0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5,
+0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc,
+0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd,
+0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d,
+0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2,
+0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862,
+0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc,
+0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c,
+0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e,
+0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039,
+0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8,
+0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42,
+0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5,
+0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472,
+0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225,
+0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c,
+0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb,
+0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054,
+0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70,
+0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc,
+0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c,
+0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3,
+0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4,
+0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101,
+0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f,
+0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e,
+0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a,
+0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c,
+0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384,
+0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c,
+0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82,
+0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e
+};
+
+
+#if defined(__GNUC__) && defined(__i386__)
+static inline u32
+rol(int n, u32 x)
+{
+ __asm__("roll %%cl,%0"
+ :"=r" (x)
+ :"0" (x),"c" (n));
+ return x;
+}
+#else
+#define rol(n,x) ( ((x) << (n)) | ((x) >> (32-(n))) )
+#endif
+
+#define F1(D,m,r) ( (I = ((m) + (D))), (I=rol((r),I)), \
+ (((s1[I >> 24] ^ s2[(I>>16)&0xff]) - s3[(I>>8)&0xff]) + s4[I&0xff]) )
+#define F2(D,m,r) ( (I = ((m) ^ (D))), (I=rol((r),I)), \
+ (((s1[I >> 24] - s2[(I>>16)&0xff]) + s3[(I>>8)&0xff]) ^ s4[I&0xff]) )
+#define F3(D,m,r) ( (I = ((m) - (D))), (I=rol((r),I)), \
+ (((s1[I >> 24] + s2[(I>>16)&0xff]) ^ s3[(I>>8)&0xff]) - s4[I&0xff]) )
+
+static void
+do_encrypt_block( CAST5_context *c, byte *outbuf, const byte *inbuf )
+{
+ u32 l, r, t;
+ u32 I; /* used by the Fx macros */
+ u32 *Km;
+ byte *Kr;
+
+ Km = c->Km;
+ Kr = c->Kr;
+
+ /* (L0,R0) <-- (m1...m64). (Split the plaintext into left and
+ * right 32-bit halves L0 = m1...m32 and R0 = m33...m64.)
+ */
+ l = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
+ r = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];
+
+ /* (16 rounds) for i from 1 to 16, compute Li and Ri as follows:
+ * Li = Ri-1;
+ * Ri = Li-1 ^ f(Ri-1,Kmi,Kri), where f is defined in Section 2.2
+ * Rounds 1, 4, 7, 10, 13, and 16 use f function Type 1.
+ * Rounds 2, 5, 8, 11, and 14 use f function Type 2.
+ * Rounds 3, 6, 9, 12, and 15 use f function Type 3.
+ */
+
+ t = l; l = r; r = t ^ F1(r, Km[ 0], Kr[ 0]);
+ t = l; l = r; r = t ^ F2(r, Km[ 1], Kr[ 1]);
+ t = l; l = r; r = t ^ F3(r, Km[ 2], Kr[ 2]);
+ t = l; l = r; r = t ^ F1(r, Km[ 3], Kr[ 3]);
+ t = l; l = r; r = t ^ F2(r, Km[ 4], Kr[ 4]);
+ t = l; l = r; r = t ^ F3(r, Km[ 5], Kr[ 5]);
+ t = l; l = r; r = t ^ F1(r, Km[ 6], Kr[ 6]);
+ t = l; l = r; r = t ^ F2(r, Km[ 7], Kr[ 7]);
+ t = l; l = r; r = t ^ F3(r, Km[ 8], Kr[ 8]);
+ t = l; l = r; r = t ^ F1(r, Km[ 9], Kr[ 9]);
+ t = l; l = r; r = t ^ F2(r, Km[10], Kr[10]);
+ t = l; l = r; r = t ^ F3(r, Km[11], Kr[11]);
+ t = l; l = r; r = t ^ F1(r, Km[12], Kr[12]);
+ t = l; l = r; r = t ^ F2(r, Km[13], Kr[13]);
+ t = l; l = r; r = t ^ F3(r, Km[14], Kr[14]);
+ t = l; l = r; r = t ^ F1(r, Km[15], Kr[15]);
+
+ /* c1...c64 <-- (R16,L16). (Exchange final blocks L16, R16 and
+ * concatenate to form the ciphertext.) */
+ outbuf[0] = (r >> 24) & 0xff;
+ outbuf[1] = (r >> 16) & 0xff;
+ outbuf[2] = (r >> 8) & 0xff;
+ outbuf[3] = r & 0xff;
+ outbuf[4] = (l >> 24) & 0xff;
+ outbuf[5] = (l >> 16) & 0xff;
+ outbuf[6] = (l >> 8) & 0xff;
+ outbuf[7] = l & 0xff;
+}
+
+static void
+encrypt_block (void *context , byte *outbuf, const byte *inbuf)
+{
+ CAST5_context *c = (CAST5_context *) context;
+ do_encrypt_block (c, outbuf, inbuf);
+ _gcry_burn_stack (20+4*sizeof(void*));
+}
+
+
+static void
+do_decrypt_block (CAST5_context *c, byte *outbuf, const byte *inbuf )
+{
+ u32 l, r, t;
+ u32 I;
+ u32 *Km;
+ byte *Kr;
+
+ Km = c->Km;
+ Kr = c->Kr;
+
+ l = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
+ r = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];
+
+ t = l; l = r; r = t ^ F1(r, Km[15], Kr[15]);
+ t = l; l = r; r = t ^ F3(r, Km[14], Kr[14]);
+ t = l; l = r; r = t ^ F2(r, Km[13], Kr[13]);
+ t = l; l = r; r = t ^ F1(r, Km[12], Kr[12]);
+ t = l; l = r; r = t ^ F3(r, Km[11], Kr[11]);
+ t = l; l = r; r = t ^ F2(r, Km[10], Kr[10]);
+ t = l; l = r; r = t ^ F1(r, Km[ 9], Kr[ 9]);
+ t = l; l = r; r = t ^ F3(r, Km[ 8], Kr[ 8]);
+ t = l; l = r; r = t ^ F2(r, Km[ 7], Kr[ 7]);
+ t = l; l = r; r = t ^ F1(r, Km[ 6], Kr[ 6]);
+ t = l; l = r; r = t ^ F3(r, Km[ 5], Kr[ 5]);
+ t = l; l = r; r = t ^ F2(r, Km[ 4], Kr[ 4]);
+ t = l; l = r; r = t ^ F1(r, Km[ 3], Kr[ 3]);
+ t = l; l = r; r = t ^ F3(r, Km[ 2], Kr[ 2]);
+ t = l; l = r; r = t ^ F2(r, Km[ 1], Kr[ 1]);
+ t = l; l = r; r = t ^ F1(r, Km[ 0], Kr[ 0]);
+
+ outbuf[0] = (r >> 24) & 0xff;
+ outbuf[1] = (r >> 16) & 0xff;
+ outbuf[2] = (r >> 8) & 0xff;
+ outbuf[3] = r & 0xff;
+ outbuf[4] = (l >> 24) & 0xff;
+ outbuf[5] = (l >> 16) & 0xff;
+ outbuf[6] = (l >> 8) & 0xff;
+ outbuf[7] = l & 0xff;
+}
+
+static void
+decrypt_block (void *context, byte *outbuf, const byte *inbuf)
+{
+ CAST5_context *c = (CAST5_context *) context;
+ do_decrypt_block (c, outbuf, inbuf);
+ _gcry_burn_stack (20+4*sizeof(void*));
+}
+
+
+static const char*
+selftest(void)
+{
+ CAST5_context c;
+ byte key[16] = { 0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78,
+ 0x23, 0x45, 0x67, 0x89, 0x34, 0x56, 0x78, 0x9A };
+ byte plain[8] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF };
+ byte cipher[8]= { 0x23, 0x8B, 0x4F, 0xE5, 0x84, 0x7E, 0x44, 0xB2 };
+ byte buffer[8];
+
+ cast_setkey( &c, key, 16 );
+ encrypt_block( &c, buffer, plain );
+ if( memcmp( buffer, cipher, 8 ) )
+ return "1";
+ decrypt_block( &c, buffer, buffer );
+ if( memcmp( buffer, plain, 8 ) )
+ return "2";
+
+#if 0 /* full maintenance test */
+ {
+ int i;
+ byte a0[16] = { 0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
+ 0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A };
+ byte b0[16] = { 0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
+ 0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A };
+ byte a1[16] = { 0xEE,0xA9,0xD0,0xA2,0x49,0xFD,0x3B,0xA6,
+ 0xB3,0x43,0x6F,0xB8,0x9D,0x6D,0xCA,0x92 };
+ byte b1[16] = { 0xB2,0xC9,0x5E,0xB0,0x0C,0x31,0xAD,0x71,
+ 0x80,0xAC,0x05,0xB8,0xE8,0x3D,0x69,0x6E };
+
+ for(i=0; i < 1000000; i++ ) {
+ cast_setkey( &c, b0, 16 );
+ encrypt_block( &c, a0, a0 );
+ encrypt_block( &c, a0+8, a0+8 );
+ cast_setkey( &c, a0, 16 );
+ encrypt_block( &c, b0, b0 );
+ encrypt_block( &c, b0+8, b0+8 );
+ }
+ if( memcmp( a0, a1, 16 ) || memcmp( b0, b1, 16 ) )
+ return "3";
+
+ }
+#endif
+ return NULL;
+}
+
+
+static void
+key_schedule( u32 *x, u32 *z, u32 *k )
+{
+
+#define xi(i) ((x[(i)/4] >> (8*(3-((i)%4)))) & 0xff)
+#define zi(i) ((z[(i)/4] >> (8*(3-((i)%4)))) & 0xff)
+
+ z[0] = x[0] ^ s5[xi(13)]^s6[xi(15)]^s7[xi(12)]^s8[xi(14)]^s7[xi( 8)];
+ z[1] = x[2] ^ s5[zi( 0)]^s6[zi( 2)]^s7[zi( 1)]^s8[zi( 3)]^s8[xi(10)];
+ z[2] = x[3] ^ s5[zi( 7)]^s6[zi( 6)]^s7[zi( 5)]^s8[zi( 4)]^s5[xi( 9)];
+ z[3] = x[1] ^ s5[zi(10)]^s6[zi( 9)]^s7[zi(11)]^s8[zi( 8)]^s6[xi(11)];
+ k[0] = s5[zi( 8)]^s6[zi( 9)]^s7[zi( 7)]^s8[zi( 6)]^s5[zi( 2)];
+ k[1] = s5[zi(10)]^s6[zi(11)]^s7[zi( 5)]^s8[zi( 4)]^s6[zi( 6)];
+ k[2] = s5[zi(12)]^s6[zi(13)]^s7[zi( 3)]^s8[zi( 2)]^s7[zi( 9)];
+ k[3] = s5[zi(14)]^s6[zi(15)]^s7[zi( 1)]^s8[zi( 0)]^s8[zi(12)];
+
+ x[0] = z[2] ^ s5[zi( 5)]^s6[zi( 7)]^s7[zi( 4)]^s8[zi( 6)]^s7[zi( 0)];
+ x[1] = z[0] ^ s5[xi( 0)]^s6[xi( 2)]^s7[xi( 1)]^s8[xi( 3)]^s8[zi( 2)];
+ x[2] = z[1] ^ s5[xi( 7)]^s6[xi( 6)]^s7[xi( 5)]^s8[xi( 4)]^s5[zi( 1)];
+ x[3] = z[3] ^ s5[xi(10)]^s6[xi( 9)]^s7[xi(11)]^s8[xi( 8)]^s6[zi( 3)];
+ k[4] = s5[xi( 3)]^s6[xi( 2)]^s7[xi(12)]^s8[xi(13)]^s5[xi( 8)];
+ k[5] = s5[xi( 1)]^s6[xi( 0)]^s7[xi(14)]^s8[xi(15)]^s6[xi(13)];
+ k[6] = s5[xi( 7)]^s6[xi( 6)]^s7[xi( 8)]^s8[xi( 9)]^s7[xi( 3)];
+ k[7] = s5[xi( 5)]^s6[xi( 4)]^s7[xi(10)]^s8[xi(11)]^s8[xi( 7)];
+
+ z[0] = x[0] ^ s5[xi(13)]^s6[xi(15)]^s7[xi(12)]^s8[xi(14)]^s7[xi( 8)];
+ z[1] = x[2] ^ s5[zi( 0)]^s6[zi( 2)]^s7[zi( 1)]^s8[zi( 3)]^s8[xi(10)];
+ z[2] = x[3] ^ s5[zi( 7)]^s6[zi( 6)]^s7[zi( 5)]^s8[zi( 4)]^s5[xi( 9)];
+ z[3] = x[1] ^ s5[zi(10)]^s6[zi( 9)]^s7[zi(11)]^s8[zi( 8)]^s6[xi(11)];
+ k[8] = s5[zi( 3)]^s6[zi( 2)]^s7[zi(12)]^s8[zi(13)]^s5[zi( 9)];
+ k[9] = s5[zi( 1)]^s6[zi( 0)]^s7[zi(14)]^s8[zi(15)]^s6[zi(12)];
+ k[10]= s5[zi( 7)]^s6[zi( 6)]^s7[zi( 8)]^s8[zi( 9)]^s7[zi( 2)];
+ k[11]= s5[zi( 5)]^s6[zi( 4)]^s7[zi(10)]^s8[zi(11)]^s8[zi( 6)];
+
+ x[0] = z[2] ^ s5[zi( 5)]^s6[zi( 7)]^s7[zi( 4)]^s8[zi( 6)]^s7[zi( 0)];
+ x[1] = z[0] ^ s5[xi( 0)]^s6[xi( 2)]^s7[xi( 1)]^s8[xi( 3)]^s8[zi( 2)];
+ x[2] = z[1] ^ s5[xi( 7)]^s6[xi( 6)]^s7[xi( 5)]^s8[xi( 4)]^s5[zi( 1)];
+ x[3] = z[3] ^ s5[xi(10)]^s6[xi( 9)]^s7[xi(11)]^s8[xi( 8)]^s6[zi( 3)];
+ k[12]= s5[xi( 8)]^s6[xi( 9)]^s7[xi( 7)]^s8[xi( 6)]^s5[xi( 3)];
+ k[13]= s5[xi(10)]^s6[xi(11)]^s7[xi( 5)]^s8[xi( 4)]^s6[xi( 7)];
+ k[14]= s5[xi(12)]^s6[xi(13)]^s7[xi( 3)]^s8[xi( 2)]^s7[xi( 8)];
+ k[15]= s5[xi(14)]^s6[xi(15)]^s7[xi( 1)]^s8[xi( 0)]^s8[xi(13)];
+
+#undef xi
+#undef zi
+}
+
+
+static gcry_err_code_t
+do_cast_setkey( CAST5_context *c, const byte *key, unsigned keylen )
+{
+ static int initialized;
+ static const char* selftest_failed;
+ int i;
+ u32 x[4];
+ u32 z[4];
+ u32 k[16];
+
+ if( !initialized )
+ {
+ initialized = 1;
+ selftest_failed = selftest();
+ if( selftest_failed )
+ log_error ("CAST5 selftest failed (%s).\n", selftest_failed );
+ }
+ if( selftest_failed )
+ return GPG_ERR_SELFTEST_FAILED;
+
+ if( keylen != 16 )
+ return GPG_ERR_INV_KEYLEN;
+
+ x[0] = key[0] << 24 | key[1] << 16 | key[2] << 8 | key[3];
+ x[1] = key[4] << 24 | key[5] << 16 | key[6] << 8 | key[7];
+ x[2] = key[8] << 24 | key[9] << 16 | key[10] << 8 | key[11];
+ x[3] = key[12] << 24 | key[13] << 16 | key[14] << 8 | key[15];
+
+ key_schedule( x, z, k );
+ for(i=0; i < 16; i++ )
+ c->Km[i] = k[i];
+ key_schedule( x, z, k );
+ for(i=0; i < 16; i++ )
+ c->Kr[i] = k[i] & 0x1f;
+
+ memset(&x,0, sizeof x);
+ memset(&z,0, sizeof z);
+ memset(&k,0, sizeof k);
+
+#undef xi
+#undef zi
+ return GPG_ERR_NO_ERROR;
+}
+
+static gcry_err_code_t
+cast_setkey (void *context, const byte *key, unsigned keylen )
+{
+ CAST5_context *c = (CAST5_context *) context;
+ gcry_err_code_t rc = do_cast_setkey (c, key, keylen);
+ _gcry_burn_stack (96+7*sizeof(void*));
+ return rc;
+}
+
+
+gcry_cipher_spec_t _gcry_cipher_spec_cast5 =
+ {
+ "CAST5", NULL, NULL, CAST5_BLOCKSIZE, 128, sizeof (CAST5_context),
+ cast_setkey, encrypt_block, decrypt_block
+ };
diff --git a/grub-core/lib/libgcrypt/cipher/cipher.c b/grub-core/lib/libgcrypt/cipher/cipher.c
new file mode 100644
index 0000000..2c33ee9
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/cipher.c
@@ -0,0 +1,1932 @@
+/* cipher.c - cipher dispatcher
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003
+ * 2005, 2007, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+
+#include "g10lib.h"
+#include "cipher.h"
+#include "ath.h"
+
+#define MAX_BLOCKSIZE 16
+#define TABLE_SIZE 14
+#define CTX_MAGIC_NORMAL 0x24091964
+#define CTX_MAGIC_SECURE 0x46919042
+
+#undef NEED_16BYTE_ALIGNED_CONTEXT
+#if defined (__i386__) && SIZEOF_UNSIGNED_LONG == 4 && defined (__GNUC__)
+#define NEED_16BYTE_ALIGNED_CONTEXT 1
+#endif
+
+/* A dummy extraspec so that we do not need to tests the extraspec
+ field from the module specification against NULL and instead
+ directly test the respective fields of extraspecs. */
+static cipher_extra_spec_t dummy_extra_spec;
+
+/* This is the list of the default ciphers, which are included in
+ libgcrypt. */
+static struct cipher_table_entry
+{
+ gcry_cipher_spec_t *cipher;
+ cipher_extra_spec_t *extraspec;
+ unsigned int algorithm;
+ int fips_allowed;
+} cipher_table[] =
+ {
+#if USE_BLOWFISH
+ { &_gcry_cipher_spec_blowfish,
+ &dummy_extra_spec, GCRY_CIPHER_BLOWFISH },
+#endif
+#if USE_DES
+ { &_gcry_cipher_spec_des,
+ &dummy_extra_spec, GCRY_CIPHER_DES },
+ { &_gcry_cipher_spec_tripledes,
+ &_gcry_cipher_extraspec_tripledes, GCRY_CIPHER_3DES, 1 },
+#endif
+#if USE_ARCFOUR
+ { &_gcry_cipher_spec_arcfour,
+ &dummy_extra_spec, GCRY_CIPHER_ARCFOUR },
+#endif
+#if USE_CAST5
+ { &_gcry_cipher_spec_cast5,
+ &dummy_extra_spec, GCRY_CIPHER_CAST5 },
+#endif
+#if USE_AES
+ { &_gcry_cipher_spec_aes,
+ &_gcry_cipher_extraspec_aes, GCRY_CIPHER_AES, 1 },
+ { &_gcry_cipher_spec_aes192,
+ &_gcry_cipher_extraspec_aes192, GCRY_CIPHER_AES192, 1 },
+ { &_gcry_cipher_spec_aes256,
+ &_gcry_cipher_extraspec_aes256, GCRY_CIPHER_AES256, 1 },
+#endif
+#if USE_TWOFISH
+ { &_gcry_cipher_spec_twofish,
+ &dummy_extra_spec, GCRY_CIPHER_TWOFISH },
+ { &_gcry_cipher_spec_twofish128,
+ &dummy_extra_spec, GCRY_CIPHER_TWOFISH128 },
+#endif
+#if USE_SERPENT
+ { &_gcry_cipher_spec_serpent128,
+ &dummy_extra_spec, GCRY_CIPHER_SERPENT128 },
+ { &_gcry_cipher_spec_serpent192,
+ &dummy_extra_spec, GCRY_CIPHER_SERPENT192 },
+ { &_gcry_cipher_spec_serpent256,
+ &dummy_extra_spec, GCRY_CIPHER_SERPENT256 },
+#endif
+#if USE_RFC2268
+ { &_gcry_cipher_spec_rfc2268_40,
+ &dummy_extra_spec, GCRY_CIPHER_RFC2268_40 },
+#endif
+#if USE_SEED
+ { &_gcry_cipher_spec_seed,
+ &dummy_extra_spec, GCRY_CIPHER_SEED },
+#endif
+#if USE_CAMELLIA
+ { &_gcry_cipher_spec_camellia128,
+ &dummy_extra_spec, GCRY_CIPHER_CAMELLIA128 },
+ { &_gcry_cipher_spec_camellia192,
+ &dummy_extra_spec, GCRY_CIPHER_CAMELLIA192 },
+ { &_gcry_cipher_spec_camellia256,
+ &dummy_extra_spec, GCRY_CIPHER_CAMELLIA256 },
+#endif
+ { NULL }
+ };
+
+/* List of registered ciphers. */
+static gcry_module_t ciphers_registered;
+
+/* This is the lock protecting CIPHERS_REGISTERED. */
+static ath_mutex_t ciphers_registered_lock = ATH_MUTEX_INITIALIZER;
+
+/* Flag to check wether the default ciphers have already been
+ registered. */
+static int default_ciphers_registered;
+
+/* Convenient macro for registering the default ciphers. */
+#define REGISTER_DEFAULT_CIPHERS \
+ do \
+ { \
+ ath_mutex_lock (&ciphers_registered_lock); \
+ if (! default_ciphers_registered) \
+ { \
+ cipher_register_default (); \
+ default_ciphers_registered = 1; \
+ } \
+ ath_mutex_unlock (&ciphers_registered_lock); \
+ } \
+ while (0)
+
+
+/* A VIA processor with the Padlock engine requires an alignment of
+ most data on a 16 byte boundary. Because we trick out the compiler
+ while allocating the context, the align attribute as used in
+ rijndael.c does not work on its own. Thus we need to make sure
+ that the entire context structure is a aligned on that boundary.
+ We achieve this by defining a new type and use that instead of our
+ usual alignment type. */
+typedef union
+{
+ PROPERLY_ALIGNED_TYPE foo;
+#ifdef NEED_16BYTE_ALIGNED_CONTEXT
+ char bar[16] __attribute__ ((aligned (16)));
+#endif
+ char c[1];
+} cipher_context_alignment_t;
+
+
+/* The handle structure. */
+struct gcry_cipher_handle
+{
+ int magic;
+ size_t actual_handle_size; /* Allocated size of this handle. */
+ size_t handle_offset; /* Offset to the malloced block. */
+ gcry_cipher_spec_t *cipher;
+ cipher_extra_spec_t *extraspec;
+ gcry_module_t module;
+
+ /* The algorithm id. This is a hack required because the module
+ interface does not easily allow to retrieve this value. */
+ int algo;
+
+ /* A structure with function pointers for bulk operations. Due to
+ limitations of the module system (we don't want to change the
+ API) we need to keep these function pointers here. The cipher
+ open function intializes them and the actual encryption routines
+ use them if they are not NULL. */
+ struct {
+ void (*cfb_enc)(void *context, unsigned char *iv,
+ void *outbuf_arg, const void *inbuf_arg,
+ unsigned int nblocks);
+ void (*cfb_dec)(void *context, unsigned char *iv,
+ void *outbuf_arg, const void *inbuf_arg,
+ unsigned int nblocks);
+ void (*cbc_enc)(void *context, unsigned char *iv,
+ void *outbuf_arg, const void *inbuf_arg,
+ unsigned int nblocks, int cbc_mac);
+ void (*cbc_dec)(void *context, unsigned char *iv,
+ void *outbuf_arg, const void *inbuf_arg,
+ unsigned int nblocks);
+ } bulk;
+
+
+ int mode;
+ unsigned int flags;
+
+ /* The initialization vector. To help code optimization we make
+ sure that it is aligned on an unsigned long and u32 boundary. */
+ union {
+ unsigned long dummy_iv;
+ u32 dummy_u32_iv;
+ unsigned char iv[MAX_BLOCKSIZE];
+ } u_iv;
+
+ unsigned char lastiv[MAX_BLOCKSIZE];
+ int unused; /* Number of unused bytes in the IV. */
+
+ unsigned char ctr[MAX_BLOCKSIZE]; /* For Counter (CTR) mode. */
+
+
+ /* What follows are two contexts of the cipher in use. The first
+ one needs to be aligned well enough for the cipher operation
+ whereas the second one is a copy created by cipher_setkey and
+ used by cipher_reset. That second copy has no need for proper
+ aligment because it is only accessed by memcpy. */
+ cipher_context_alignment_t context;
+};
+
+
+
+/* These dummy functions are used in case a cipher implementation
+ refuses to provide it's own functions. */
+
+static gcry_err_code_t
+dummy_setkey (void *c, const unsigned char *key, unsigned int keylen)
+{
+ (void)c;
+ (void)key;
+ (void)keylen;
+ return GPG_ERR_NO_ERROR;
+}
+
+static void
+dummy_encrypt_block (void *c,
+ unsigned char *outbuf, const unsigned char *inbuf)
+{
+ (void)c;
+ (void)outbuf;
+ (void)inbuf;
+ BUG();
+}
+
+static void
+dummy_decrypt_block (void *c,
+ unsigned char *outbuf, const unsigned char *inbuf)
+{
+ (void)c;
+ (void)outbuf;
+ (void)inbuf;
+ BUG();
+}
+
+static void
+dummy_encrypt_stream (void *c,
+ unsigned char *outbuf, const unsigned char *inbuf,
+ unsigned int n)
+{
+ (void)c;
+ (void)outbuf;
+ (void)inbuf;
+ (void)n;
+ BUG();
+}
+
+static void
+dummy_decrypt_stream (void *c,
+ unsigned char *outbuf, const unsigned char *inbuf,
+ unsigned int n)
+{
+ (void)c;
+ (void)outbuf;
+ (void)inbuf;
+ (void)n;
+ BUG();
+}
+
+
+/* Internal function. Register all the ciphers included in
+ CIPHER_TABLE. Note, that this function gets only used by the macro
+ REGISTER_DEFAULT_CIPHERS which protects it using a mutex. */
+static void
+cipher_register_default (void)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+ int i;
+
+ for (i = 0; !err && cipher_table[i].cipher; i++)
+ {
+ if (! cipher_table[i].cipher->setkey)
+ cipher_table[i].cipher->setkey = dummy_setkey;
+ if (! cipher_table[i].cipher->encrypt)
+ cipher_table[i].cipher->encrypt = dummy_encrypt_block;
+ if (! cipher_table[i].cipher->decrypt)
+ cipher_table[i].cipher->decrypt = dummy_decrypt_block;
+ if (! cipher_table[i].cipher->stencrypt)
+ cipher_table[i].cipher->stencrypt = dummy_encrypt_stream;
+ if (! cipher_table[i].cipher->stdecrypt)
+ cipher_table[i].cipher->stdecrypt = dummy_decrypt_stream;
+
+ if ( fips_mode () && !cipher_table[i].fips_allowed )
+ continue;
+
+ err = _gcry_module_add (&ciphers_registered,
+ cipher_table[i].algorithm,
+ (void *) cipher_table[i].cipher,
+ (void *) cipher_table[i].extraspec,
+ NULL);
+ }
+
+ if (err)
+ BUG ();
+}
+
+/* Internal callback function. Used via _gcry_module_lookup. */
+static int
+gcry_cipher_lookup_func_name (void *spec, void *data)
+{
+ gcry_cipher_spec_t *cipher = (gcry_cipher_spec_t *) spec;
+ char *name = (char *) data;
+ const char **aliases = cipher->aliases;
+ int i, ret = ! stricmp (name, cipher->name);
+
+ if (aliases)
+ for (i = 0; aliases[i] && (! ret); i++)
+ ret = ! stricmp (name, aliases[i]);
+
+ return ret;
+}
+
+/* Internal callback function. Used via _gcry_module_lookup. */
+static int
+gcry_cipher_lookup_func_oid (void *spec, void *data)
+{
+ gcry_cipher_spec_t *cipher = (gcry_cipher_spec_t *) spec;
+ char *oid = (char *) data;
+ gcry_cipher_oid_spec_t *oid_specs = cipher->oids;
+ int ret = 0, i;
+
+ if (oid_specs)
+ for (i = 0; oid_specs[i].oid && (! ret); i++)
+ if (! stricmp (oid, oid_specs[i].oid))
+ ret = 1;
+
+ return ret;
+}
+
+/* Internal function. Lookup a cipher entry by it's name. */
+static gcry_module_t
+gcry_cipher_lookup_name (const char *name)
+{
+ gcry_module_t cipher;
+
+ cipher = _gcry_module_lookup (ciphers_registered, (void *) name,
+ gcry_cipher_lookup_func_name);
+
+ return cipher;
+}
+
+/* Internal function. Lookup a cipher entry by it's oid. */
+static gcry_module_t
+gcry_cipher_lookup_oid (const char *oid)
+{
+ gcry_module_t cipher;
+
+ cipher = _gcry_module_lookup (ciphers_registered, (void *) oid,
+ gcry_cipher_lookup_func_oid);
+
+ return cipher;
+}
+
+/* Register a new cipher module whose specification can be found in
+ CIPHER. On success, a new algorithm ID is stored in ALGORITHM_ID
+ and a pointer representhing this module is stored in MODULE. */
+gcry_error_t
+_gcry_cipher_register (gcry_cipher_spec_t *cipher,
+ cipher_extra_spec_t *extraspec,
+ int *algorithm_id,
+ gcry_module_t *module)
+{
+ gcry_err_code_t err = 0;
+ gcry_module_t mod;
+
+ /* We do not support module loading in fips mode. */
+ if (fips_mode ())
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ ath_mutex_lock (&ciphers_registered_lock);
+ err = _gcry_module_add (&ciphers_registered, 0,
+ (void *)cipher,
+ (void *)(extraspec? extraspec : &dummy_extra_spec),
+ &mod);
+ ath_mutex_unlock (&ciphers_registered_lock);
+
+ if (! err)
+ {
+ *module = mod;
+ *algorithm_id = mod->mod_id;
+ }
+
+ return gcry_error (err);
+}
+
+/* Unregister the cipher identified by MODULE, which must have been
+ registered with gcry_cipher_register. */
+void
+gcry_cipher_unregister (gcry_module_t module)
+{
+ ath_mutex_lock (&ciphers_registered_lock);
+ _gcry_module_release (module);
+ ath_mutex_unlock (&ciphers_registered_lock);
+}
+
+/* Locate the OID in the oid table and return the index or -1 when not
+ found. An opitonal "oid." or "OID." prefix in OID is ignored, the
+ OID is expected to be in standard IETF dotted notation. The
+ internal algorithm number is returned in ALGORITHM unless it
+ ispassed as NULL. A pointer to the specification of the module
+ implementing this algorithm is return in OID_SPEC unless passed as
+ NULL.*/
+static int
+search_oid (const char *oid, int *algorithm, gcry_cipher_oid_spec_t *oid_spec)
+{
+ gcry_module_t module;
+ int ret = 0;
+
+ if (oid && ((! strncmp (oid, "oid.", 4))
+ || (! strncmp (oid, "OID.", 4))))
+ oid += 4;
+
+ module = gcry_cipher_lookup_oid (oid);
+ if (module)
+ {
+ gcry_cipher_spec_t *cipher = module->spec;
+ int i;
+
+ for (i = 0; cipher->oids[i].oid && !ret; i++)
+ if (! stricmp (oid, cipher->oids[i].oid))
+ {
+ if (algorithm)
+ *algorithm = module->mod_id;
+ if (oid_spec)
+ *oid_spec = cipher->oids[i];
+ ret = 1;
+ }
+ _gcry_module_release (module);
+ }
+
+ return ret;
+}
+
+/* Map STRING to the cipher algorithm identifier. Returns the
+ algorithm ID of the cipher for the given name or 0 if the name is
+ not known. It is valid to pass NULL for STRING which results in a
+ return value of 0. */
+int
+gcry_cipher_map_name (const char *string)
+{
+ gcry_module_t cipher;
+ int ret, algorithm = 0;
+
+ if (! string)
+ return 0;
+
+ REGISTER_DEFAULT_CIPHERS;
+
+ /* If the string starts with a digit (optionally prefixed with
+ either "OID." or "oid."), we first look into our table of ASN.1
+ object identifiers to figure out the algorithm */
+
+ ath_mutex_lock (&ciphers_registered_lock);
+
+ ret = search_oid (string, &algorithm, NULL);
+ if (! ret)
+ {
+ cipher = gcry_cipher_lookup_name (string);
+ if (cipher)
+ {
+ algorithm = cipher->mod_id;
+ _gcry_module_release (cipher);
+ }
+ }
+
+ ath_mutex_unlock (&ciphers_registered_lock);
+
+ return algorithm;
+}
+
+
+/* Given a STRING with an OID in dotted decimal notation, this
+ function returns the cipher mode (GCRY_CIPHER_MODE_*) associated
+ with that OID or 0 if no mode is known. Passing NULL for string
+ yields a return value of 0. */
+int
+gcry_cipher_mode_from_oid (const char *string)
+{
+ gcry_cipher_oid_spec_t oid_spec;
+ int ret = 0, mode = 0;
+
+ if (!string)
+ return 0;
+
+ ath_mutex_lock (&ciphers_registered_lock);
+ ret = search_oid (string, NULL, &oid_spec);
+ if (ret)
+ mode = oid_spec.mode;
+ ath_mutex_unlock (&ciphers_registered_lock);
+
+ return mode;
+}
+
+
+/* Map the cipher algorithm whose ID is contained in ALGORITHM to a
+ string representation of the algorithm name. For unknown algorithm
+ IDs this function returns "?". */
+static const char *
+cipher_algo_to_string (int algorithm)
+{
+ gcry_module_t cipher;
+ const char *name;
+
+ REGISTER_DEFAULT_CIPHERS;
+
+ ath_mutex_lock (&ciphers_registered_lock);
+ cipher = _gcry_module_lookup_id (ciphers_registered, algorithm);
+ if (cipher)
+ {
+ name = ((gcry_cipher_spec_t *) cipher->spec)->name;
+ _gcry_module_release (cipher);
+ }
+ else
+ name = "?";
+ ath_mutex_unlock (&ciphers_registered_lock);
+
+ return name;
+}
+
+/* Map the cipher algorithm identifier ALGORITHM to a string
+ representing this algorithm. This string is the default name as
+ used by Libgcrypt. An pointer to an empty string is returned for
+ an unknown algorithm. NULL is never returned. */
+const char *
+gcry_cipher_algo_name (int algorithm)
+{
+ return cipher_algo_to_string (algorithm);
+}
+
+
+/* Flag the cipher algorithm with the identifier ALGORITHM as
+ disabled. There is no error return, the function does nothing for
+ unknown algorithms. Disabled algorithms are vitually not available
+ in Libgcrypt. */
+static void
+disable_cipher_algo (int algorithm)
+{
+ gcry_module_t cipher;
+
+ REGISTER_DEFAULT_CIPHERS;
+
+ ath_mutex_lock (&ciphers_registered_lock);
+ cipher = _gcry_module_lookup_id (ciphers_registered, algorithm);
+ if (cipher)
+ {
+ if (! (cipher->flags & FLAG_MODULE_DISABLED))
+ cipher->flags |= FLAG_MODULE_DISABLED;
+ _gcry_module_release (cipher);
+ }
+ ath_mutex_unlock (&ciphers_registered_lock);
+}
+
+
+/* Return 0 if the cipher algorithm with identifier ALGORITHM is
+ available. Returns a basic error code value if it is not
+ available. */
+static gcry_err_code_t
+check_cipher_algo (int algorithm)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+ gcry_module_t cipher;
+
+ REGISTER_DEFAULT_CIPHERS;
+
+ ath_mutex_lock (&ciphers_registered_lock);
+ cipher = _gcry_module_lookup_id (ciphers_registered, algorithm);
+ if (cipher)
+ {
+ if (cipher->flags & FLAG_MODULE_DISABLED)
+ err = GPG_ERR_CIPHER_ALGO;
+ _gcry_module_release (cipher);
+ }
+ else
+ err = GPG_ERR_CIPHER_ALGO;
+ ath_mutex_unlock (&ciphers_registered_lock);
+
+ return err;
+}
+
+
+/* Return the standard length of the key for the cipher algorithm with
+ the identifier ALGORITHM. This function expects a valid algorithm
+ and will abort if the algorithm is not available or the length of
+ the key is not known. */
+static unsigned int
+cipher_get_keylen (int algorithm)
+{
+ gcry_module_t cipher;
+ unsigned len = 0;
+
+ REGISTER_DEFAULT_CIPHERS;
+
+ ath_mutex_lock (&ciphers_registered_lock);
+ cipher = _gcry_module_lookup_id (ciphers_registered, algorithm);
+ if (cipher)
+ {
+ len = ((gcry_cipher_spec_t *) cipher->spec)->keylen;
+ if (!len)
+ log_bug ("cipher %d w/o key length\n", algorithm);
+ _gcry_module_release (cipher);
+ }
+ else
+ log_bug ("cipher %d not found\n", algorithm);
+ ath_mutex_unlock (&ciphers_registered_lock);
+
+ return len;
+}
+
+/* Return the block length of the cipher algorithm with the identifier
+ ALGORITHM. This function expects a valid algorithm and will abort
+ if the algorithm is not available or the length of the key is not
+ known. */
+static unsigned int
+cipher_get_blocksize (int algorithm)
+{
+ gcry_module_t cipher;
+ unsigned len = 0;
+
+ REGISTER_DEFAULT_CIPHERS;
+
+ ath_mutex_lock (&ciphers_registered_lock);
+ cipher = _gcry_module_lookup_id (ciphers_registered, algorithm);
+ if (cipher)
+ {
+ len = ((gcry_cipher_spec_t *) cipher->spec)->blocksize;
+ if (! len)
+ log_bug ("cipher %d w/o blocksize\n", algorithm);
+ _gcry_module_release (cipher);
+ }
+ else
+ log_bug ("cipher %d not found\n", algorithm);
+ ath_mutex_unlock (&ciphers_registered_lock);
+
+ return len;
+}
+
+
+/*
+ Open a cipher handle for use with cipher algorithm ALGORITHM, using
+ the cipher mode MODE (one of the GCRY_CIPHER_MODE_*) and return a
+ handle in HANDLE. Put NULL into HANDLE and return an error code if
+ something goes wrong. FLAGS may be used to modify the
+ operation. The defined flags are:
+
+ GCRY_CIPHER_SECURE: allocate all internal buffers in secure memory.
+ GCRY_CIPHER_ENABLE_SYNC: Enable the sync operation as used in OpenPGP.
+ GCRY_CIPHER_CBC_CTS: Enable CTS mode.
+ GCRY_CIPHER_CBC_MAC: Enable MAC mode.
+
+ Values for these flags may be combined using OR.
+ */
+gcry_error_t
+gcry_cipher_open (gcry_cipher_hd_t *handle,
+ int algo, int mode, unsigned int flags)
+{
+ int secure = (flags & GCRY_CIPHER_SECURE);
+ gcry_cipher_spec_t *cipher = NULL;
+ cipher_extra_spec_t *extraspec = NULL;
+ gcry_module_t module = NULL;
+ gcry_cipher_hd_t h = NULL;
+ gcry_err_code_t err = 0;
+
+ /* If the application missed to call the random poll function, we do
+ it here to ensure that it is used once in a while. */
+ _gcry_fast_random_poll ();
+
+ REGISTER_DEFAULT_CIPHERS;
+
+ /* Fetch the according module and check wether the cipher is marked
+ available for use. */
+ ath_mutex_lock (&ciphers_registered_lock);
+ module = _gcry_module_lookup_id (ciphers_registered, algo);
+ if (module)
+ {
+ /* Found module. */
+
+ if (module->flags & FLAG_MODULE_DISABLED)
+ {
+ /* Not available for use. */
+ err = GPG_ERR_CIPHER_ALGO;
+ _gcry_module_release (module);
+ }
+ else
+ {
+ cipher = (gcry_cipher_spec_t *) module->spec;
+ extraspec = module->extraspec;
+ }
+ }
+ else
+ err = GPG_ERR_CIPHER_ALGO;
+ ath_mutex_unlock (&ciphers_registered_lock);
+
+ /* check flags */
+ if ((! err)
+ && ((flags & ~(0
+ | GCRY_CIPHER_SECURE
+ | GCRY_CIPHER_ENABLE_SYNC
+ | GCRY_CIPHER_CBC_CTS
+ | GCRY_CIPHER_CBC_MAC))
+ || (flags & GCRY_CIPHER_CBC_CTS & GCRY_CIPHER_CBC_MAC)))
+ err = GPG_ERR_CIPHER_ALGO;
+
+ /* check that a valid mode has been requested */
+ if (! err)
+ switch (mode)
+ {
+ case GCRY_CIPHER_MODE_ECB:
+ case GCRY_CIPHER_MODE_CBC:
+ case GCRY_CIPHER_MODE_CFB:
+ case GCRY_CIPHER_MODE_OFB:
+ case GCRY_CIPHER_MODE_CTR:
+ if ((cipher->encrypt == dummy_encrypt_block)
+ || (cipher->decrypt == dummy_decrypt_block))
+ err = GPG_ERR_INV_CIPHER_MODE;
+ break;
+
+ case GCRY_CIPHER_MODE_STREAM:
+ if ((cipher->stencrypt == dummy_encrypt_stream)
+ || (cipher->stdecrypt == dummy_decrypt_stream))
+ err = GPG_ERR_INV_CIPHER_MODE;
+ break;
+
+ case GCRY_CIPHER_MODE_NONE:
+ /* This mode may be used for debugging. It copies the main
+ text verbatim to the ciphertext. We do not allow this in
+ fips mode or if no debug flag has been set. */
+ if (fips_mode () || !_gcry_get_debug_flag (0))
+ err = GPG_ERR_INV_CIPHER_MODE;
+ break;
+
+ default:
+ err = GPG_ERR_INV_CIPHER_MODE;
+ }
+
+ /* Perform selftest here and mark this with a flag in cipher_table?
+ No, we should not do this as it takes too long. Further it does
+ not make sense to exclude algorithms with failing selftests at
+ runtime: If a selftest fails there is something seriously wrong
+ with the system and thus we better die immediately. */
+
+ if (! err)
+ {
+ size_t size = (sizeof (*h)
+ + 2 * cipher->contextsize
+ - sizeof (cipher_context_alignment_t)
+#ifdef NEED_16BYTE_ALIGNED_CONTEXT
+ + 15 /* Space for leading alignment gap. */
+#endif /*NEED_16BYTE_ALIGNED_CONTEXT*/
+ );
+
+ if (secure)
+ h = gcry_calloc_secure (1, size);
+ else
+ h = gcry_calloc (1, size);
+
+ if (! h)
+ err = gpg_err_code_from_errno (errno);
+ else
+ {
+ size_t off = 0;
+
+#ifdef NEED_16BYTE_ALIGNED_CONTEXT
+ if ( ((unsigned long)h & 0x0f) )
+ {
+ /* The malloced block is not aligned on a 16 byte
+ boundary. Correct for this. */
+ off = 16 - ((unsigned long)h & 0x0f);
+ h = (void*)((char*)h + off);
+ }
+#endif /*NEED_16BYTE_ALIGNED_CONTEXT*/
+
+ h->magic = secure ? CTX_MAGIC_SECURE : CTX_MAGIC_NORMAL;
+ h->actual_handle_size = size - off;
+ h->handle_offset = off;
+ h->cipher = cipher;
+ h->extraspec = extraspec;
+ h->module = module;
+ h->algo = algo;
+ h->mode = mode;
+ h->flags = flags;
+
+ /* Setup bulk encryption routines. */
+ switch (algo)
+ {
+#ifdef USE_AES
+ case GCRY_CIPHER_AES128:
+ case GCRY_CIPHER_AES192:
+ case GCRY_CIPHER_AES256:
+ h->bulk.cfb_enc = _gcry_aes_cfb_enc;
+ h->bulk.cfb_dec = _gcry_aes_cfb_dec;
+ h->bulk.cbc_enc = _gcry_aes_cbc_enc;
+ h->bulk.cbc_dec = _gcry_aes_cbc_dec;
+ break;
+#endif /*USE_AES*/
+
+ default:
+ break;
+ }
+ }
+ }
+
+ /* Done. */
+
+ if (err)
+ {
+ if (module)
+ {
+ /* Release module. */
+ ath_mutex_lock (&ciphers_registered_lock);
+ _gcry_module_release (module);
+ ath_mutex_unlock (&ciphers_registered_lock);
+ }
+ }
+
+ *handle = err ? NULL : h;
+
+ return gcry_error (err);
+}
+
+
+/* Release all resources associated with the cipher handle H. H may be
+ NULL in which case this is a no-operation. */
+void
+gcry_cipher_close (gcry_cipher_hd_t h)
+{
+ size_t off;
+
+ if (!h)
+ return;
+
+ if ((h->magic != CTX_MAGIC_SECURE)
+ && (h->magic != CTX_MAGIC_NORMAL))
+ _gcry_fatal_error(GPG_ERR_INTERNAL,
+ "gcry_cipher_close: already closed/invalid handle");
+ else
+ h->magic = 0;
+
+ /* Release module. */
+ ath_mutex_lock (&ciphers_registered_lock);
+ _gcry_module_release (h->module);
+ ath_mutex_unlock (&ciphers_registered_lock);
+
+ /* We always want to wipe out the memory even when the context has
+ been allocated in secure memory. The user might have disabled
+ secure memory or is using his own implementation which does not
+ do the wiping. To accomplish this we need to keep track of the
+ actual size of this structure because we have no way to known
+ how large the allocated area was when using a standard malloc. */
+ off = h->handle_offset;
+ wipememory (h, h->actual_handle_size);
+
+ gcry_free ((char*)h - off);
+}
+
+
+/* Set the key to be used for the encryption context C to KEY with
+ length KEYLEN. The length should match the required length. */
+static gcry_error_t
+cipher_setkey (gcry_cipher_hd_t c, byte *key, unsigned int keylen)
+{
+ gcry_err_code_t ret;
+
+ ret = (*c->cipher->setkey) (&c->context.c, key, keylen);
+ if (!ret)
+ {
+ /* Duplicate initial context. */
+ memcpy ((void *) ((char *) &c->context.c + c->cipher->contextsize),
+ (void *) &c->context.c,
+ c->cipher->contextsize);
+ }
+
+ return gcry_error (ret);
+}
+
+
+/* Set the IV to be used for the encryption context C to IV with
+ length IVLEN. The length should match the required length. */
+static void
+cipher_setiv( gcry_cipher_hd_t c, const byte *iv, unsigned ivlen )
+{
+ memset (c->u_iv.iv, 0, c->cipher->blocksize);
+ if (iv)
+ {
+ if (ivlen != c->cipher->blocksize)
+ {
+ log_info ("WARNING: cipher_setiv: ivlen=%u blklen=%u\n",
+ ivlen, (unsigned int)c->cipher->blocksize);
+ fips_signal_error ("IV length does not match blocklength");
+ }
+ if (ivlen > c->cipher->blocksize)
+ ivlen = c->cipher->blocksize;
+ memcpy (c->u_iv.iv, iv, ivlen);
+ }
+ c->unused = 0;
+}
+
+
+/* Reset the cipher context to the initial context. This is basically
+ the same as an release followed by a new. */
+static void
+cipher_reset (gcry_cipher_hd_t c)
+{
+ memcpy (&c->context.c,
+ (char *) &c->context.c + c->cipher->contextsize,
+ c->cipher->contextsize);
+ memset (c->u_iv.iv, 0, c->cipher->blocksize);
+ memset (c->lastiv, 0, c->cipher->blocksize);
+ memset (c->ctr, 0, c->cipher->blocksize);
+}
+
+
+static void
+do_ecb_encrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,
+ unsigned int nblocks )
+{
+ unsigned int n;
+
+ for (n=0; n < nblocks; n++ )
+ {
+ c->cipher->encrypt ( &c->context.c, outbuf, (byte*)/*arggg*/inbuf );
+ inbuf += c->cipher->blocksize;
+ outbuf += c->cipher->blocksize;
+ }
+}
+
+static void
+do_ecb_decrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,
+ unsigned int nblocks )
+{
+ unsigned int n;
+
+ for (n=0; n < nblocks; n++ )
+ {
+ c->cipher->decrypt ( &c->context.c, outbuf, (byte*)/*arggg*/inbuf );
+ inbuf += c->cipher->blocksize;
+ outbuf += c->cipher->blocksize;
+ }
+}
+
+
+static void
+do_cbc_encrypt (gcry_cipher_hd_t c, unsigned char *outbuf,
+ const unsigned char *inbuf, unsigned int nbytes )
+{
+ unsigned int n;
+ unsigned char *ivp;
+ int i;
+ size_t blocksize = c->cipher->blocksize;
+ unsigned nblocks = nbytes / blocksize;
+
+ if ((c->flags & GCRY_CIPHER_CBC_CTS) && nbytes > blocksize)
+ {
+ if ((nbytes % blocksize) == 0)
+ nblocks--;
+ }
+
+ if (c->bulk.cbc_enc)
+ {
+ c->bulk.cbc_enc (&c->context.c, c->u_iv.iv, outbuf, inbuf, nblocks,
+ (c->flags & GCRY_CIPHER_CBC_MAC));
+ inbuf += nblocks * blocksize;
+ if (!(c->flags & GCRY_CIPHER_CBC_MAC))
+ outbuf += nblocks * blocksize;
+ }
+ else
+ {
+ for (n=0; n < nblocks; n++ )
+ {
+ for (ivp=c->u_iv.iv,i=0; i < blocksize; i++ )
+ outbuf[i] = inbuf[i] ^ *ivp++;
+ c->cipher->encrypt ( &c->context.c, outbuf, outbuf );
+ memcpy (c->u_iv.iv, outbuf, blocksize );
+ inbuf += blocksize;
+ if (!(c->flags & GCRY_CIPHER_CBC_MAC))
+ outbuf += blocksize;
+ }
+ }
+
+ if ((c->flags & GCRY_CIPHER_CBC_CTS) && nbytes > blocksize)
+ {
+ /* We have to be careful here, since outbuf might be equal to
+ inbuf. */
+ int restbytes;
+ unsigned char b;
+
+ if ((nbytes % blocksize) == 0)
+ restbytes = blocksize;
+ else
+ restbytes = nbytes % blocksize;
+
+ outbuf -= blocksize;
+ for (ivp = c->u_iv.iv, i = 0; i < restbytes; i++)
+ {
+ b = inbuf[i];
+ outbuf[blocksize + i] = outbuf[i];
+ outbuf[i] = b ^ *ivp++;
+ }
+ for (; i < blocksize; i++)
+ outbuf[i] = 0 ^ *ivp++;
+
+ c->cipher->encrypt (&c->context.c, outbuf, outbuf);
+ memcpy (c->u_iv.iv, outbuf, blocksize);
+ }
+}
+
+
+static void
+do_cbc_decrypt (gcry_cipher_hd_t c, unsigned char *outbuf,
+ const unsigned char *inbuf, unsigned int nbytes)
+{
+ unsigned int n;
+ unsigned char *ivp;
+ int i;
+ size_t blocksize = c->cipher->blocksize;
+ unsigned int nblocks = nbytes / blocksize;
+
+ if ((c->flags & GCRY_CIPHER_CBC_CTS) && nbytes > blocksize)
+ {
+ nblocks--;
+ if ((nbytes % blocksize) == 0)
+ nblocks--;
+ memcpy (c->lastiv, c->u_iv.iv, blocksize);
+ }
+
+ if (c->bulk.cbc_dec)
+ {
+ c->bulk.cbc_dec (&c->context.c, c->u_iv.iv, outbuf, inbuf, nblocks);
+ inbuf += nblocks * blocksize;
+ outbuf += nblocks * blocksize;
+ }
+ else
+ {
+ for (n=0; n < nblocks; n++ )
+ {
+ /* Because outbuf and inbuf might be the same, we have to
+ * save the original ciphertext block. We use LASTIV for
+ * this here because it is not used otherwise. */
+ memcpy (c->lastiv, inbuf, blocksize);
+ c->cipher->decrypt ( &c->context.c, outbuf, inbuf );
+ for (ivp=c->u_iv.iv,i=0; i < blocksize; i++ )
+ outbuf[i] ^= *ivp++;
+ memcpy(c->u_iv.iv, c->lastiv, blocksize );
+ inbuf += c->cipher->blocksize;
+ outbuf += c->cipher->blocksize;
+ }
+ }
+
+ if ((c->flags & GCRY_CIPHER_CBC_CTS) && nbytes > blocksize)
+ {
+ int restbytes;
+
+ if ((nbytes % blocksize) == 0)
+ restbytes = blocksize;
+ else
+ restbytes = nbytes % blocksize;
+
+ memcpy (c->lastiv, c->u_iv.iv, blocksize ); /* Save Cn-2. */
+ memcpy (c->u_iv.iv, inbuf + blocksize, restbytes ); /* Save Cn. */
+
+ c->cipher->decrypt ( &c->context.c, outbuf, inbuf );
+ for (ivp=c->u_iv.iv,i=0; i < restbytes; i++ )
+ outbuf[i] ^= *ivp++;
+
+ memcpy(outbuf + blocksize, outbuf, restbytes);
+ for(i=restbytes; i < blocksize; i++)
+ c->u_iv.iv[i] = outbuf[i];
+ c->cipher->decrypt (&c->context.c, outbuf, c->u_iv.iv);
+ for(ivp=c->lastiv,i=0; i < blocksize; i++ )
+ outbuf[i] ^= *ivp++;
+ /* c->lastiv is now really lastlastiv, does this matter? */
+ }
+}
+
+
+static void
+do_cfb_encrypt( gcry_cipher_hd_t c, unsigned char *outbuf,
+ const unsigned char *inbuf, unsigned int nbytes )
+{
+ unsigned char *ivp;
+ size_t blocksize = c->cipher->blocksize;
+ size_t blocksize_x_2 = blocksize + blocksize;
+
+ if ( nbytes <= c->unused )
+ {
+ /* Short enough to be encoded by the remaining XOR mask. */
+ /* XOR the input with the IV and store input into IV. */
+ for (ivp=c->u_iv.iv+c->cipher->blocksize - c->unused;
+ nbytes;
+ nbytes--, c->unused-- )
+ *outbuf++ = (*ivp++ ^= *inbuf++);
+ return;
+ }
+
+ if ( c->unused )
+ {
+ /* XOR the input with the IV and store input into IV */
+ nbytes -= c->unused;
+ for(ivp=c->u_iv.iv+blocksize - c->unused; c->unused; c->unused-- )
+ *outbuf++ = (*ivp++ ^= *inbuf++);
+ }
+
+ /* Now we can process complete blocks. We use a loop as long as we
+ have at least 2 blocks and use conditions for the rest. This
+ also allows to use a bulk encryption function if available. */
+ if (nbytes >= blocksize_x_2 && c->bulk.cfb_enc)
+ {
+ unsigned int nblocks = nbytes / blocksize;
+ c->bulk.cfb_enc (&c->context.c, c->u_iv.iv, outbuf, inbuf, nblocks);
+ outbuf += nblocks * blocksize;
+ inbuf += nblocks * blocksize;
+ nbytes -= nblocks * blocksize;
+ }
+ else
+ {
+ while ( nbytes >= blocksize_x_2 )
+ {
+ int i;
+ /* Encrypt the IV. */
+ c->cipher->encrypt ( &c->context.c, c->u_iv.iv, c->u_iv.iv );
+ /* XOR the input with the IV and store input into IV. */
+ for(ivp=c->u_iv.iv,i=0; i < blocksize; i++ )
+ *outbuf++ = (*ivp++ ^= *inbuf++);
+ nbytes -= blocksize;
+ }
+ }
+
+ if ( nbytes >= blocksize )
+ {
+ int i;
+ /* Save the current IV and then encrypt the IV. */
+ memcpy( c->lastiv, c->u_iv.iv, blocksize );
+ c->cipher->encrypt ( &c->context.c, c->u_iv.iv, c->u_iv.iv );
+ /* XOR the input with the IV and store input into IV */
+ for(ivp=c->u_iv.iv,i=0; i < blocksize; i++ )
+ *outbuf++ = (*ivp++ ^= *inbuf++);
+ nbytes -= blocksize;
+ }
+ if ( nbytes )
+ {
+ /* Save the current IV and then encrypt the IV. */
+ memcpy( c->lastiv, c->u_iv.iv, blocksize );
+ c->cipher->encrypt ( &c->context.c, c->u_iv.iv, c->u_iv.iv );
+ c->unused = blocksize;
+ /* Apply the XOR. */
+ c->unused -= nbytes;
+ for(ivp=c->u_iv.iv; nbytes; nbytes-- )
+ *outbuf++ = (*ivp++ ^= *inbuf++);
+ }
+}
+
+
+static void
+do_cfb_decrypt( gcry_cipher_hd_t c, unsigned char *outbuf,
+ const unsigned char *inbuf, unsigned int nbytes )
+{
+ unsigned char *ivp;
+ unsigned long temp;
+ int i;
+ size_t blocksize = c->cipher->blocksize;
+ size_t blocksize_x_2 = blocksize + blocksize;
+
+ if (nbytes <= c->unused)
+ {
+ /* Short enough to be encoded by the remaining XOR mask. */
+ /* XOR the input with the IV and store input into IV. */
+ for (ivp=c->u_iv.iv+blocksize - c->unused;
+ nbytes;
+ nbytes--, c->unused--)
+ {
+ temp = *inbuf++;
+ *outbuf++ = *ivp ^ temp;
+ *ivp++ = temp;
+ }
+ return;
+ }
+
+ if (c->unused)
+ {
+ /* XOR the input with the IV and store input into IV. */
+ nbytes -= c->unused;
+ for (ivp=c->u_iv.iv+blocksize - c->unused; c->unused; c->unused-- )
+ {
+ temp = *inbuf++;
+ *outbuf++ = *ivp ^ temp;
+ *ivp++ = temp;
+ }
+ }
+
+ /* Now we can process complete blocks. We use a loop as long as we
+ have at least 2 blocks and use conditions for the rest. This
+ also allows to use a bulk encryption function if available. */
+ if (nbytes >= blocksize_x_2 && c->bulk.cfb_dec)
+ {
+ unsigned int nblocks = nbytes / blocksize;
+ c->bulk.cfb_dec (&c->context.c, c->u_iv.iv, outbuf, inbuf, nblocks);
+ outbuf += nblocks * blocksize;
+ inbuf += nblocks * blocksize;
+ nbytes -= nblocks * blocksize;
+ }
+ else
+ {
+ while (nbytes >= blocksize_x_2 )
+ {
+ /* Encrypt the IV. */
+ c->cipher->encrypt ( &c->context.c, c->u_iv.iv, c->u_iv.iv );
+ /* XOR the input with the IV and store input into IV. */
+ for (ivp=c->u_iv.iv,i=0; i < blocksize; i++ )
+ {
+ temp = *inbuf++;
+ *outbuf++ = *ivp ^ temp;
+ *ivp++ = temp;
+ }
+ nbytes -= blocksize;
+ }
+ }
+
+ if (nbytes >= blocksize )
+ {
+ /* Save the current IV and then encrypt the IV. */
+ memcpy ( c->lastiv, c->u_iv.iv, blocksize);
+ c->cipher->encrypt ( &c->context.c, c->u_iv.iv, c->u_iv.iv );
+ /* XOR the input with the IV and store input into IV */
+ for (ivp=c->u_iv.iv,i=0; i < blocksize; i++ )
+ {
+ temp = *inbuf++;
+ *outbuf++ = *ivp ^ temp;
+ *ivp++ = temp;
+ }
+ nbytes -= blocksize;
+ }
+
+ if (nbytes)
+ {
+ /* Save the current IV and then encrypt the IV. */
+ memcpy ( c->lastiv, c->u_iv.iv, blocksize );
+ c->cipher->encrypt ( &c->context.c, c->u_iv.iv, c->u_iv.iv );
+ c->unused = blocksize;
+ /* Apply the XOR. */
+ c->unused -= nbytes;
+ for (ivp=c->u_iv.iv; nbytes; nbytes-- )
+ {
+ temp = *inbuf++;
+ *outbuf++ = *ivp ^ temp;
+ *ivp++ = temp;
+ }
+ }
+}
+
+
+static void
+do_ofb_encrypt( gcry_cipher_hd_t c,
+ byte *outbuf, const byte *inbuf, unsigned nbytes )
+{
+ byte *ivp;
+ size_t blocksize = c->cipher->blocksize;
+
+ if ( nbytes <= c->unused )
+ {
+ /* Short enough to be encoded by the remaining XOR mask. */
+ /* XOR the input with the IV */
+ for (ivp=c->u_iv.iv+c->cipher->blocksize - c->unused;
+ nbytes;
+ nbytes--, c->unused-- )
+ *outbuf++ = (*ivp++ ^ *inbuf++);
+ return;
+ }
+
+ if( c->unused )
+ {
+ nbytes -= c->unused;
+ for(ivp=c->u_iv.iv+blocksize - c->unused; c->unused; c->unused-- )
+ *outbuf++ = (*ivp++ ^ *inbuf++);
+ }
+
+ /* Now we can process complete blocks. */
+ while ( nbytes >= blocksize )
+ {
+ int i;
+ /* Encrypt the IV (and save the current one). */
+ memcpy( c->lastiv, c->u_iv.iv, blocksize );
+ c->cipher->encrypt ( &c->context.c, c->u_iv.iv, c->u_iv.iv );
+
+ for (ivp=c->u_iv.iv,i=0; i < blocksize; i++ )
+ *outbuf++ = (*ivp++ ^ *inbuf++);
+ nbytes -= blocksize;
+ }
+ if ( nbytes )
+ { /* process the remaining bytes */
+ memcpy( c->lastiv, c->u_iv.iv, blocksize );
+ c->cipher->encrypt ( &c->context.c, c->u_iv.iv, c->u_iv.iv );
+ c->unused = blocksize;
+ c->unused -= nbytes;
+ for(ivp=c->u_iv.iv; nbytes; nbytes-- )
+ *outbuf++ = (*ivp++ ^ *inbuf++);
+ }
+}
+
+static void
+do_ofb_decrypt( gcry_cipher_hd_t c,
+ byte *outbuf, const byte *inbuf, unsigned int nbytes )
+{
+ byte *ivp;
+ size_t blocksize = c->cipher->blocksize;
+
+ if( nbytes <= c->unused )
+ {
+ /* Short enough to be encoded by the remaining XOR mask. */
+ for (ivp=c->u_iv.iv+blocksize - c->unused; nbytes; nbytes--,c->unused--)
+ *outbuf++ = *ivp++ ^ *inbuf++;
+ return;
+ }
+
+ if ( c->unused )
+ {
+ nbytes -= c->unused;
+ for (ivp=c->u_iv.iv+blocksize - c->unused; c->unused; c->unused-- )
+ *outbuf++ = *ivp++ ^ *inbuf++;
+ }
+
+ /* Now we can process complete blocks. */
+ while ( nbytes >= blocksize )
+ {
+ int i;
+ /* Encrypt the IV (and save the current one). */
+ memcpy( c->lastiv, c->u_iv.iv, blocksize );
+ c->cipher->encrypt ( &c->context.c, c->u_iv.iv, c->u_iv.iv );
+ for (ivp=c->u_iv.iv,i=0; i < blocksize; i++ )
+ *outbuf++ = *ivp++ ^ *inbuf++;
+ nbytes -= blocksize;
+ }
+ if ( nbytes )
+ { /* Process the remaining bytes. */
+ /* Encrypt the IV (and save the current one). */
+ memcpy( c->lastiv, c->u_iv.iv, blocksize );
+ c->cipher->encrypt ( &c->context.c, c->u_iv.iv, c->u_iv.iv );
+ c->unused = blocksize;
+ c->unused -= nbytes;
+ for (ivp=c->u_iv.iv; nbytes; nbytes-- )
+ *outbuf++ = *ivp++ ^ *inbuf++;
+ }
+}
+
+
+static void
+do_ctr_encrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,
+ unsigned int nbytes )
+{
+ unsigned int n;
+ byte tmp[MAX_BLOCKSIZE];
+ int i;
+
+ for(n=0; n < nbytes; n++)
+ {
+ if ((n % c->cipher->blocksize) == 0)
+ {
+ c->cipher->encrypt (&c->context.c, tmp, c->ctr);
+
+ for (i = c->cipher->blocksize; i > 0; i--)
+ {
+ c->ctr[i-1]++;
+ if (c->ctr[i-1] != 0)
+ break;
+ }
+ }
+
+ /* XOR input with encrypted counter and store in output. */
+ outbuf[n] = inbuf[n] ^ tmp[n % c->cipher->blocksize];
+ }
+}
+
+static void
+do_ctr_decrypt( gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,
+ unsigned int nbytes )
+{
+ do_ctr_encrypt (c, outbuf, inbuf, nbytes);
+}
+
+
+/****************
+ * Encrypt INBUF to OUTBUF with the mode selected at open.
+ * inbuf and outbuf may overlap or be the same.
+ * Depending on the mode some contraints apply to NBYTES.
+ */
+static gcry_err_code_t
+cipher_encrypt (gcry_cipher_hd_t c, byte *outbuf,
+ const byte *inbuf, unsigned int nbytes)
+{
+ gcry_err_code_t rc = GPG_ERR_NO_ERROR;
+
+ switch( c->mode ) {
+ case GCRY_CIPHER_MODE_ECB:
+ if (!(nbytes%c->cipher->blocksize))
+ do_ecb_encrypt(c, outbuf, inbuf, nbytes/c->cipher->blocksize );
+ else
+ rc = GPG_ERR_INV_ARG;
+ break;
+ case GCRY_CIPHER_MODE_CBC:
+ if (!(nbytes%c->cipher->blocksize)
+ || (nbytes > c->cipher->blocksize
+ && (c->flags & GCRY_CIPHER_CBC_CTS)))
+ do_cbc_encrypt(c, outbuf, inbuf, nbytes );
+ else
+ rc = GPG_ERR_INV_ARG;
+ break;
+ case GCRY_CIPHER_MODE_CFB:
+ do_cfb_encrypt(c, outbuf, inbuf, nbytes );
+ break;
+ case GCRY_CIPHER_MODE_OFB:
+ do_ofb_encrypt(c, outbuf, inbuf, nbytes );
+ break;
+ case GCRY_CIPHER_MODE_CTR:
+ do_ctr_encrypt(c, outbuf, inbuf, nbytes );
+ break;
+ case GCRY_CIPHER_MODE_STREAM:
+ c->cipher->stencrypt ( &c->context.c,
+ outbuf, (byte*)/*arggg*/inbuf, nbytes );
+ break;
+ case GCRY_CIPHER_MODE_NONE:
+ if (fips_mode () || !_gcry_get_debug_flag (0))
+ {
+ fips_signal_error ("cipher mode NONE used");
+ rc = GPG_ERR_INV_CIPHER_MODE;
+ }
+ else
+ {
+ if ( inbuf != outbuf )
+ memmove (outbuf, inbuf, nbytes);
+ }
+ break;
+ default:
+ log_fatal("cipher_encrypt: invalid mode %d\n", c->mode );
+ rc = GPG_ERR_INV_CIPHER_MODE;
+ break;
+ }
+ return rc;
+}
+
+
+/****************
+ * Encrypt IN and write it to OUT. If IN is NULL, in-place encryption has
+ * been requested.
+ */
+gcry_error_t
+gcry_cipher_encrypt (gcry_cipher_hd_t h, void *out, size_t outsize,
+ const void *in, size_t inlen)
+{
+ gcry_err_code_t err;
+
+ if (!in)
+ {
+ /* Caller requested in-place encryption. */
+ /* Actually cipher_encrypt() does not need to know about it, but
+ * we may change it in the future to get better performance. */
+ err = cipher_encrypt (h, out, out, outsize);
+ }
+ else if (outsize < ((h->flags & GCRY_CIPHER_CBC_MAC) ?
+ h->cipher->blocksize : inlen))
+ err = GPG_ERR_TOO_SHORT;
+ else if ((h->mode == GCRY_CIPHER_MODE_ECB
+ || (h->mode == GCRY_CIPHER_MODE_CBC
+ && (! ((h->flags & GCRY_CIPHER_CBC_CTS)
+ && (inlen > h->cipher->blocksize)))))
+ && (inlen % h->cipher->blocksize))
+ err = GPG_ERR_INV_ARG;
+ else
+ err = cipher_encrypt (h, out, in, inlen);
+
+ if (err && out)
+ memset (out, 0x42, outsize); /* Failsafe: Make sure that the
+ plaintext will never make it into
+ OUT. */
+
+ return gcry_error (err);
+}
+
+
+
+/****************
+ * Decrypt INBUF to OUTBUF with the mode selected at open.
+ * inbuf and outbuf may overlap or be the same.
+ * Depending on the mode some some contraints apply to NBYTES.
+ */
+static gcry_err_code_t
+cipher_decrypt (gcry_cipher_hd_t c, byte *outbuf, const byte *inbuf,
+ unsigned int nbytes)
+{
+ gcry_err_code_t rc = GPG_ERR_NO_ERROR;
+
+ switch( c->mode ) {
+ case GCRY_CIPHER_MODE_ECB:
+ if (!(nbytes%c->cipher->blocksize))
+ do_ecb_decrypt(c, outbuf, inbuf, nbytes/c->cipher->blocksize );
+ else
+ rc = GPG_ERR_INV_ARG;
+ break;
+ case GCRY_CIPHER_MODE_CBC:
+ if (!(nbytes%c->cipher->blocksize)
+ || (nbytes > c->cipher->blocksize
+ && (c->flags & GCRY_CIPHER_CBC_CTS)))
+ do_cbc_decrypt(c, outbuf, inbuf, nbytes );
+ else
+ rc = GPG_ERR_INV_ARG;
+ break;
+ case GCRY_CIPHER_MODE_CFB:
+ do_cfb_decrypt(c, outbuf, inbuf, nbytes );
+ break;
+ case GCRY_CIPHER_MODE_OFB:
+ do_ofb_decrypt(c, outbuf, inbuf, nbytes );
+ break;
+ case GCRY_CIPHER_MODE_CTR:
+ do_ctr_decrypt(c, outbuf, inbuf, nbytes );
+ break;
+ case GCRY_CIPHER_MODE_STREAM:
+ c->cipher->stdecrypt ( &c->context.c,
+ outbuf, (byte*)/*arggg*/inbuf, nbytes );
+ break;
+ case GCRY_CIPHER_MODE_NONE:
+ if (fips_mode () || !_gcry_get_debug_flag (0))
+ {
+ fips_signal_error ("cipher mode NONE used");
+ rc = GPG_ERR_INV_CIPHER_MODE;
+ }
+ else
+ {
+ if (inbuf != outbuf)
+ memmove (outbuf, inbuf, nbytes);
+ }
+ break;
+ default:
+ log_fatal ("cipher_decrypt: invalid mode %d\n", c->mode );
+ rc = GPG_ERR_INV_CIPHER_MODE;
+ break;
+ }
+ return rc;
+}
+
+
+gcry_error_t
+gcry_cipher_decrypt (gcry_cipher_hd_t h, void *out, size_t outsize,
+ const void *in, size_t inlen)
+{
+ gcry_err_code_t err = 0;
+
+ if (!in)
+ {
+ /* Caller requested in-place encryption. */
+ /* Actually cipher_encrypt() does not need to know about it, but
+ * we may change it in the future to get better performance. */
+ err = cipher_decrypt (h, out, out, outsize);
+ }
+ else if (outsize < inlen)
+ err = GPG_ERR_TOO_SHORT;
+ else if (((h->mode == GCRY_CIPHER_MODE_ECB)
+ || ((h->mode == GCRY_CIPHER_MODE_CBC)
+ && (! ((h->flags & GCRY_CIPHER_CBC_CTS)
+ && (inlen > h->cipher->blocksize)))))
+ && (inlen % h->cipher->blocksize) != 0)
+ err = GPG_ERR_INV_ARG;
+ else
+ err = cipher_decrypt (h, out, in, inlen);
+
+ return gcry_error (err);
+}
+
+
+
+/****************
+ * Used for PGP's somewhat strange CFB mode. Only works if
+ * the corresponding flag is set.
+ */
+static void
+cipher_sync (gcry_cipher_hd_t c)
+{
+ if ((c->flags & GCRY_CIPHER_ENABLE_SYNC) && c->unused)
+ {
+ memmove (c->u_iv.iv + c->unused,
+ c->u_iv.iv, c->cipher->blocksize - c->unused);
+ memcpy (c->u_iv.iv,
+ c->lastiv + c->cipher->blocksize - c->unused, c->unused);
+ c->unused = 0;
+ }
+}
+
+
+gcry_error_t
+_gcry_cipher_setkey (gcry_cipher_hd_t hd, const void *key, size_t keylen)
+{
+ return cipher_setkey (hd, (void*)key, keylen);
+}
+
+
+gcry_error_t
+_gcry_cipher_setiv (gcry_cipher_hd_t hd, const void *iv, size_t ivlen)
+{
+ cipher_setiv (hd, iv, ivlen);
+ return 0;
+}
+
+/* Set counter for CTR mode. (CTR,CTRLEN) must denote a buffer of
+ block size length, or (NULL,0) to set the CTR to the all-zero
+ block. */
+gpg_error_t
+_gcry_cipher_setctr (gcry_cipher_hd_t hd, const void *ctr, size_t ctrlen)
+{
+ if (ctr && ctrlen == hd->cipher->blocksize)
+ memcpy (hd->ctr, ctr, hd->cipher->blocksize);
+ else if (!ctr || !ctrlen)
+ memset (hd->ctr, 0, hd->cipher->blocksize);
+ else
+ return gpg_error (GPG_ERR_INV_ARG);
+ return 0;
+}
+
+
+gcry_error_t
+gcry_cipher_ctl( gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen)
+{
+ gcry_err_code_t rc = GPG_ERR_NO_ERROR;
+
+ switch (cmd)
+ {
+ case GCRYCTL_SET_KEY: /* Deprecated; use gcry_cipher_setkey. */
+ rc = cipher_setkey( h, buffer, buflen );
+ break;
+
+ case GCRYCTL_SET_IV: /* Deprecated; use gcry_cipher_setiv. */
+ cipher_setiv( h, buffer, buflen );
+ break;
+
+ case GCRYCTL_RESET:
+ cipher_reset (h);
+ break;
+
+ case GCRYCTL_CFB_SYNC:
+ cipher_sync( h );
+ break;
+
+ case GCRYCTL_SET_CBC_CTS:
+ if (buflen)
+ if (h->flags & GCRY_CIPHER_CBC_MAC)
+ rc = GPG_ERR_INV_FLAG;
+ else
+ h->flags |= GCRY_CIPHER_CBC_CTS;
+ else
+ h->flags &= ~GCRY_CIPHER_CBC_CTS;
+ break;
+
+ case GCRYCTL_SET_CBC_MAC:
+ if (buflen)
+ if (h->flags & GCRY_CIPHER_CBC_CTS)
+ rc = GPG_ERR_INV_FLAG;
+ else
+ h->flags |= GCRY_CIPHER_CBC_MAC;
+ else
+ h->flags &= ~GCRY_CIPHER_CBC_MAC;
+ break;
+
+ case GCRYCTL_DISABLE_ALGO:
+ /* This command expects NULL for H and BUFFER to point to an
+ integer with the algo number. */
+ if( h || !buffer || buflen != sizeof(int) )
+ return gcry_error (GPG_ERR_CIPHER_ALGO);
+ disable_cipher_algo( *(int*)buffer );
+ break;
+
+ case GCRYCTL_SET_CTR: /* Deprecated; use gcry_cipher_setctr. */
+ if (buffer && buflen == h->cipher->blocksize)
+ memcpy (h->ctr, buffer, h->cipher->blocksize);
+ else if (buffer == NULL || buflen == 0)
+ memset (h->ctr, 0, h->cipher->blocksize);
+ else
+ rc = GPG_ERR_INV_ARG;
+ break;
+
+ case 61: /* Disable weak key detection (private). */
+ if (h->extraspec->set_extra_info)
+ rc = h->extraspec->set_extra_info
+ (&h->context.c, CIPHER_INFO_NO_WEAK_KEY, NULL, 0);
+ else
+ rc = GPG_ERR_NOT_SUPPORTED;
+ break;
+
+ case 62: /* Return current input vector (private). */
+ /* This is the input block as used in CFB and OFB mode which has
+ initially been set as IV. The returned format is:
+ 1 byte Actual length of the block in bytes.
+ n byte The block.
+ If the provided buffer is too short, an error is returned. */
+ if (buflen < (1 + h->cipher->blocksize))
+ rc = GPG_ERR_TOO_SHORT;
+ else
+ {
+ unsigned char *ivp;
+ unsigned char *dst = buffer;
+ int n = h->unused;
+
+ if (!n)
+ n = h->cipher->blocksize;
+ gcry_assert (n <= h->cipher->blocksize);
+ *dst++ = n;
+ ivp = h->u_iv.iv + h->cipher->blocksize - n;
+ while (n--)
+ *dst++ = *ivp++;
+ }
+ break;
+
+ default:
+ rc = GPG_ERR_INV_OP;
+ }
+
+ return gcry_error (rc);
+}
+
+
+/* Return information about the cipher handle H. CMD is the kind of
+ information requested. BUFFER and NBYTES are reserved for now.
+
+ There are no values for CMD yet defined.
+
+ The fucntion always returns GPG_ERR_INV_OP.
+
+ */
+gcry_error_t
+gcry_cipher_info (gcry_cipher_hd_t h, int cmd, void *buffer, size_t *nbytes)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+
+ (void)h;
+ (void)buffer;
+ (void)nbytes;
+
+ switch (cmd)
+ {
+ default:
+ err = GPG_ERR_INV_OP;
+ }
+
+ return gcry_error (err);
+}
+
+/* Return information about the given cipher algorithm ALGO.
+
+ WHAT select the kind of information returned:
+
+ GCRYCTL_GET_KEYLEN:
+ Return the length of the key. If the algorithm ALGO
+ supports multiple key lengths, the maximum supported key length
+ is returned. The key length is returned as number of octets.
+ BUFFER and NBYTES must be zero.
+
+ GCRYCTL_GET_BLKLEN:
+ Return the blocklength of the algorithm ALGO counted in octets.
+ BUFFER and NBYTES must be zero.
+
+ GCRYCTL_TEST_ALGO:
+ Returns 0 if the specified algorithm ALGO is available for use.
+ BUFFER and NBYTES must be zero.
+
+ Note: Because this function is in most cases used to return an
+ integer value, we can make it easier for the caller to just look at
+ the return value. The caller will in all cases consult the value
+ and thereby detecting whether a error occured or not (i.e. while
+ checking the block size)
+ */
+gcry_error_t
+gcry_cipher_algo_info (int algo, int what, void *buffer, size_t *nbytes)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+ unsigned int ui;
+
+ switch (what)
+ {
+ case GCRYCTL_GET_KEYLEN:
+ if (buffer || (! nbytes))
+ err = GPG_ERR_CIPHER_ALGO;
+ else
+ {
+ ui = cipher_get_keylen (algo);
+ if ((ui > 0) && (ui <= 512))
+ *nbytes = (size_t) ui / 8;
+ else
+ /* The only reason is an invalid algo or a strange
+ blocksize. */
+ err = GPG_ERR_CIPHER_ALGO;
+ }
+ break;
+
+ case GCRYCTL_GET_BLKLEN:
+ if (buffer || (! nbytes))
+ err = GPG_ERR_CIPHER_ALGO;
+ else
+ {
+ ui = cipher_get_blocksize (algo);
+ if ((ui > 0) && (ui < 10000))
+ *nbytes = ui;
+ else
+ /* The only reason is an invalid algo or a strange
+ blocksize. */
+ err = GPG_ERR_CIPHER_ALGO;
+ }
+ break;
+
+ case GCRYCTL_TEST_ALGO:
+ if (buffer || nbytes)
+ err = GPG_ERR_INV_ARG;
+ else
+ err = check_cipher_algo (algo);
+ break;
+
+ default:
+ err = GPG_ERR_INV_OP;
+ }
+
+ return gcry_error (err);
+}
+
+
+/* This function returns length of the key for algorithm ALGO. If the
+ algorithm supports multiple key lengths, the maximum supported key
+ length is returned. On error 0 is returned. The key length is
+ returned as number of octets.
+
+ This is a convenience functions which should be preferred over
+ gcry_cipher_algo_info because it allows for proper type
+ checking. */
+size_t
+gcry_cipher_get_algo_keylen (int algo)
+{
+ size_t n;
+
+ if (gcry_cipher_algo_info (algo, GCRYCTL_GET_KEYLEN, NULL, &n))
+ n = 0;
+ return n;
+}
+
+/* This functions returns the blocklength of the algorithm ALGO
+ counted in octets. On error 0 is returned.
+
+ This is a convenience functions which should be preferred over
+ gcry_cipher_algo_info because it allows for proper type
+ checking. */
+size_t
+gcry_cipher_get_algo_blklen (int algo)
+{
+ size_t n;
+
+ if (gcry_cipher_algo_info( algo, GCRYCTL_GET_BLKLEN, NULL, &n))
+ n = 0;
+ return n;
+}
+
+/* Explicitly initialize this module. */
+gcry_err_code_t
+_gcry_cipher_init (void)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+
+ REGISTER_DEFAULT_CIPHERS;
+
+ return err;
+}
+
+/* Get a list consisting of the IDs of the loaded cipher modules. If
+ LIST is zero, write the number of loaded cipher modules to
+ LIST_LENGTH and return. If LIST is non-zero, the first
+ *LIST_LENGTH algorithm IDs are stored in LIST, which must be of
+ according size. In case there are less cipher modules than
+ *LIST_LENGTH, *LIST_LENGTH is updated to the correct number. */
+gcry_error_t
+gcry_cipher_list (int *list, int *list_length)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+
+ ath_mutex_lock (&ciphers_registered_lock);
+ err = _gcry_module_list (ciphers_registered, list, list_length);
+ ath_mutex_unlock (&ciphers_registered_lock);
+
+ return err;
+}
+
+
+/* Run the selftests for cipher algorithm ALGO with optional reporting
+ function REPORT. */
+gpg_error_t
+_gcry_cipher_selftest (int algo, int extended, selftest_report_func_t report)
+{
+ gcry_module_t module = NULL;
+ cipher_extra_spec_t *extraspec = NULL;
+ gcry_err_code_t ec = 0;
+
+ REGISTER_DEFAULT_CIPHERS;
+
+ ath_mutex_lock (&ciphers_registered_lock);
+ module = _gcry_module_lookup_id (ciphers_registered, algo);
+ if (module && !(module->flags & FLAG_MODULE_DISABLED))
+ extraspec = module->extraspec;
+ ath_mutex_unlock (&ciphers_registered_lock);
+ if (extraspec && extraspec->selftest)
+ ec = extraspec->selftest (algo, extended, report);
+ else
+ {
+ ec = GPG_ERR_CIPHER_ALGO;
+ if (report)
+ report ("cipher", algo, "module",
+ module && !(module->flags & FLAG_MODULE_DISABLED)?
+ "no selftest available" :
+ module? "algorithm disabled" : "algorithm not found");
+ }
+
+ if (module)
+ {
+ ath_mutex_lock (&ciphers_registered_lock);
+ _gcry_module_release (module);
+ ath_mutex_unlock (&ciphers_registered_lock);
+ }
+ return gpg_error (ec);
+}
diff --git a/grub-core/lib/libgcrypt/cipher/crc.c b/grub-core/lib/libgcrypt/cipher/crc.c
new file mode 100644
index 0000000..d04fff8
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/crc.c
@@ -0,0 +1,297 @@
+/* crc.c - Cyclic redundancy checks.
+ * Copyright (C) 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ *
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "g10lib.h"
+#include "memory.h"
+#include "cipher.h"
+
+#include "bithelp.h"
+
+/* Table of CRCs of all 8-bit messages. Generated by running code
+ from RFC 1952 modified to print out the table. */
+static u32 crc32_table[256] = {
+ 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f,
+ 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988,
+ 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2,
+ 0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7,
+ 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9,
+ 0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172,
+ 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c,
+ 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59,
+ 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423,
+ 0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
+ 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106,
+ 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433,
+ 0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d,
+ 0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e,
+ 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950,
+ 0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65,
+ 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7,
+ 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0,
+ 0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa,
+ 0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
+ 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81,
+ 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a,
+ 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84,
+ 0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1,
+ 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb,
+ 0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc,
+ 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e,
+ 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b,
+ 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55,
+ 0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
+ 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0xb2bd0b28,
+ 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d,
+ 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f,
+ 0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38,
+ 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242,
+ 0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777,
+ 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69,
+ 0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2,
+ 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc,
+ 0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
+ 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693,
+ 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94,
+ 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d
+};
+
+/*
+ * The following function was extracted from RFC 1952 by Simon
+ * Josefsson, for the Shishi project, and modified to be compatible
+ * with the modified CRC-32 used by RFC 1510, and subsequently
+ * modified for GNU Libgcrypt to allow it to be used for calculating
+ * both unmodified CRC-32 and modified CRC-32 values. Original
+ * copyright and notice from the document follows:
+ *
+ * Copyright (c) 1996 L. Peter Deutsch
+ *
+ * Permission is granted to copy and distribute this document for
+ * any purpose and without charge, including translations into
+ * other languages and incorporation into compilations, provided
+ * that the copyright notice and this notice are preserved, and
+ * that any substantive changes or deletions from the original are
+ * clearly marked.
+ *
+ * The copyright on RFCs, and consequently the function below, are
+ * supposedly also retroactively claimed by the Internet Society
+ * (according to rfc-editor@rfc-editor.org), with the following
+ * copyright notice:
+ *
+ * Copyright (C) The Internet Society. All Rights Reserved.
+ *
+ * This document and translations of it may be copied and furnished
+ * to others, and derivative works that comment on or otherwise
+ * explain it or assist in its implementation may be prepared,
+ * copied, published and distributed, in whole or in part, without
+ * restriction of any kind, provided that the above copyright
+ * notice and this paragraph are included on all such copies and
+ * derivative works. However, this document itself may not be
+ * modified in any way, such as by removing the copyright notice or
+ * references to the Internet Society or other Internet
+ * organizations, except as needed for the purpose of developing
+ * Internet standards in which case the procedures for copyrights
+ * defined in the Internet Standards process must be followed, or
+ * as required to translate it into languages other than English.
+ *
+ * The limited permissions granted above are perpetual and will not be
+ * revoked by the Internet Society or its successors or assigns.
+ *
+ * This document and the information contained herein is provided
+ * on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET
+ * ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE
+ * OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY
+ * IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
+ * PARTICULAR PURPOSE.
+ *
+ */
+static u32
+update_crc32 (u32 crc, const void *buf_arg, size_t len)
+{
+ const char *buf = buf_arg;
+ size_t n;
+
+ for (n = 0; n < len; n++)
+ crc = crc32_table[(crc ^ buf[n]) & 0xff] ^ (crc >> 8);
+
+ return crc;
+}
+
+typedef struct
+{
+ u32 CRC;
+ byte buf[4];
+}
+CRC_CONTEXT;
+
+/* CRC32 */
+
+static void
+crc32_init (void *context)
+{
+ CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
+ ctx->CRC = 0 ^ 0xffffffffL;
+}
+
+static void
+crc32_write (void *context, const void *inbuf, size_t inlen)
+{
+ CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
+ if (!inbuf)
+ return;
+ ctx->CRC = update_crc32 (ctx->CRC, inbuf, inlen);
+}
+
+static byte *
+crc32_read (void *context)
+{
+ CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
+ return ctx->buf;
+}
+
+static void
+crc32_final (void *context)
+{
+ CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
+ ctx->CRC ^= 0xffffffffL;
+ ctx->buf[0] = (ctx->CRC >> 24) & 0xFF;
+ ctx->buf[1] = (ctx->CRC >> 16) & 0xFF;
+ ctx->buf[2] = (ctx->CRC >> 8) & 0xFF;
+ ctx->buf[3] = (ctx->CRC ) & 0xFF;
+}
+
+/* CRC32 a'la RFC 1510 */
+static void
+crc32rfc1510_init (void *context)
+{
+ CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
+ ctx->CRC = 0;
+}
+
+static void
+crc32rfc1510_final (void *context)
+{
+ CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
+ ctx->buf[0] = (ctx->CRC >> 24) & 0xFF;
+ ctx->buf[1] = (ctx->CRC >> 16) & 0xFF;
+ ctx->buf[2] = (ctx->CRC >> 8) & 0xFF;
+ ctx->buf[3] = (ctx->CRC ) & 0xFF;
+}
+
+/* CRC24 a'la RFC 2440 */
+/*
+ * The following CRC 24 routines are adapted from RFC 2440, which has
+ * the following copyright notice:
+ *
+ * Copyright (C) The Internet Society (1998). All Rights Reserved.
+ *
+ * This document and translations of it may be copied and furnished
+ * to others, and derivative works that comment on or otherwise
+ * explain it or assist in its implementation may be prepared,
+ * copied, published and distributed, in whole or in part, without
+ * restriction of any kind, provided that the above copyright notice
+ * and this paragraph are included on all such copies and derivative
+ * works. However, this document itself may not be modified in any
+ * way, such as by removing the copyright notice or references to
+ * the Internet Society or other Internet organizations, except as
+ * needed for the purpose of developing Internet standards in which
+ * case the procedures for copyrights defined in the Internet
+ * Standards process must be followed, or as required to translate
+ * it into languages other than English.
+ *
+ * The limited permissions granted above are perpetual and will not be
+ * revoked by the Internet Society or its successors or assigns.
+ *
+ * This document and the information contained herein is provided on
+ * an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET
+ * ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE
+ * OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY
+ * IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR
+ * PURPOSE.
+ */
+
+#define CRC24_INIT 0xb704ceL
+#define CRC24_POLY 0x1864cfbL
+
+static void
+crc24rfc2440_init (void *context)
+{
+ CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
+ ctx->CRC = CRC24_INIT;
+}
+
+static void
+crc24rfc2440_write (void *context, const void *inbuf_arg, size_t inlen)
+{
+ const unsigned char *inbuf = inbuf_arg;
+ int i;
+ CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
+
+ if (!inbuf)
+ return;
+
+ while (inlen--) {
+ ctx->CRC ^= (*inbuf++) << 16;
+ for (i = 0; i < 8; i++) {
+ ctx->CRC <<= 1;
+ if (ctx->CRC & 0x1000000)
+ ctx->CRC ^= CRC24_POLY;
+ }
+ }
+}
+
+static void
+crc24rfc2440_final (void *context)
+{
+ CRC_CONTEXT *ctx = (CRC_CONTEXT *) context;
+ ctx->buf[0] = (ctx->CRC >> 16) & 0xFF;
+ ctx->buf[1] = (ctx->CRC >> 8) & 0xFF;
+ ctx->buf[2] = (ctx->CRC ) & 0xFF;
+}
+
+gcry_md_spec_t _gcry_digest_spec_crc32 =
+ {
+ "CRC32", NULL, 0, NULL, 4,
+ crc32_init, crc32_write, crc32_final, crc32_read,
+ sizeof (CRC_CONTEXT)
+ };
+
+gcry_md_spec_t _gcry_digest_spec_crc32_rfc1510 =
+ {
+ "CRC32RFC1510", NULL, 0, NULL, 4,
+ crc32rfc1510_init, crc32_write,
+ crc32rfc1510_final, crc32_read,
+ sizeof (CRC_CONTEXT)
+ };
+
+gcry_md_spec_t _gcry_digest_spec_crc24_rfc2440 =
+ {
+ "CRC24RFC2440", NULL, 0, NULL, 3,
+ crc24rfc2440_init, crc24rfc2440_write,
+ crc24rfc2440_final, crc32_read,
+ sizeof (CRC_CONTEXT)
+ };
diff --git a/grub-core/lib/libgcrypt/cipher/des.c b/grub-core/lib/libgcrypt/cipher/des.c
new file mode 100644
index 0000000..f91df77
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/des.c
@@ -0,0 +1,1196 @@
+/* des.c - DES and Triple-DES encryption/decryption Algorithm
+ * Copyright (C) 1998, 1999, 2001, 2002, 2003,
+ * 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ *
+ * For a description of triple encryption, see:
+ * Bruce Schneier: Applied Cryptography. Second Edition.
+ * John Wiley & Sons, 1996. ISBN 0-471-12845-7. Pages 358 ff.
+ * This implementation is according to the definition of DES in FIPS
+ * PUB 46-2 from December 1993.
+ */
+
+
+/*
+ * Written by Michael Roth <mroth@nessie.de>, September 1998
+ */
+
+
+/*
+ * U S A G E
+ * ===========
+ *
+ * For DES or Triple-DES encryption/decryption you must initialize a proper
+ * encryption context with a key.
+ *
+ * A DES key is 64bit wide but only 56bits of the key are used. The remaining
+ * bits are parity bits and they will _not_ checked in this implementation, but
+ * simply ignored.
+ *
+ * For Triple-DES you could use either two 64bit keys or three 64bit keys.
+ * The parity bits will _not_ checked, too.
+ *
+ * After initializing a context with a key you could use this context to
+ * encrypt or decrypt data in 64bit blocks in Electronic Codebook Mode.
+ *
+ * (In the examples below the slashes at the beginning and ending of comments
+ * are omited.)
+ *
+ * DES Example
+ * -----------
+ * unsigned char key[8];
+ * unsigned char plaintext[8];
+ * unsigned char ciphertext[8];
+ * unsigned char recoverd[8];
+ * des_ctx context;
+ *
+ * * Fill 'key' and 'plaintext' with some data *
+ * ....
+ *
+ * * Set up the DES encryption context *
+ * des_setkey(context, key);
+ *
+ * * Encrypt the plaintext *
+ * des_ecb_encrypt(context, plaintext, ciphertext);
+ *
+ * * To recover the orginal plaintext from ciphertext use: *
+ * des_ecb_decrypt(context, ciphertext, recoverd);
+ *
+ *
+ * Triple-DES Example
+ * ------------------
+ * unsigned char key1[8];
+ * unsigned char key2[8];
+ * unsigned char key3[8];
+ * unsigned char plaintext[8];
+ * unsigned char ciphertext[8];
+ * unsigned char recoverd[8];
+ * tripledes_ctx context;
+ *
+ * * If you would like to use two 64bit keys, fill 'key1' and'key2'
+ * then setup the encryption context: *
+ * tripledes_set2keys(context, key1, key2);
+ *
+ * * To use three 64bit keys with Triple-DES use: *
+ * tripledes_set3keys(context, key1, key2, key3);
+ *
+ * * Encrypting plaintext with Triple-DES *
+ * tripledes_ecb_encrypt(context, plaintext, ciphertext);
+ *
+ * * Decrypting ciphertext to recover the plaintext with Triple-DES *
+ * tripledes_ecb_decrypt(context, ciphertext, recoverd);
+ *
+ *
+ * Selftest
+ * --------
+ * char *error_msg;
+ *
+ * * To perform a selftest of this DES/Triple-DES implementation use the
+ * function selftest(). It will return an error string if there are
+ * some problems with this library. *
+ *
+ * if ( (error_msg = selftest()) )
+ * {
+ * fprintf(stderr, "An error in the DES/Tripple-DES implementation occured: %s\n", error_msg);
+ * abort();
+ * }
+ */
+
+
+#include <config.h>
+#include <stdio.h>
+#include <string.h> /* memcpy, memcmp */
+#include "types.h" /* for byte and u32 typedefs */
+#include "g10lib.h"
+#include "cipher.h"
+
+#if defined(__GNUC__) && defined(__GNU_LIBRARY__)
+#define working_memcmp memcmp
+#else
+/*
+ * According to the SunOS man page, memcmp returns indeterminate sign
+ * depending on whether characters are signed or not.
+ */
+static int
+working_memcmp( const char *a, const char *b, size_t n )
+{
+ for( ; n; n--, a++, b++ )
+ if( *a != *b )
+ return (int)(*(byte*)a) - (int)(*(byte*)b);
+ return 0;
+}
+#endif
+
+/*
+ * Encryption/Decryption context of DES
+ */
+typedef struct _des_ctx
+ {
+ u32 encrypt_subkeys[32];
+ u32 decrypt_subkeys[32];
+ }
+des_ctx[1];
+
+/*
+ * Encryption/Decryption context of Triple-DES
+ */
+typedef struct _tripledes_ctx
+ {
+ u32 encrypt_subkeys[96];
+ u32 decrypt_subkeys[96];
+ struct {
+ int no_weak_key;
+ } flags;
+ }
+tripledes_ctx[1];
+
+static void des_key_schedule (const byte *, u32 *);
+static int des_setkey (struct _des_ctx *, const byte *);
+static int des_ecb_crypt (struct _des_ctx *, const byte *, byte *, int);
+static int tripledes_set2keys (struct _tripledes_ctx *,
+ const byte *, const byte *);
+static int tripledes_set3keys (struct _tripledes_ctx *,
+ const byte *, const byte *, const byte *);
+static int tripledes_ecb_crypt (struct _tripledes_ctx *,
+ const byte *, byte *, int);
+static int is_weak_key ( const byte *key );
+static const char *selftest (void);
+
+static int initialized;
+
+
+
+
+/*
+ * The s-box values are permuted according to the 'primitive function P'
+ * and are rotated one bit to the left.
+ */
+static u32 sbox1[64] =
+{
+ 0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404, 0x00000004, 0x00010000,
+ 0x00000400, 0x01010400, 0x01010404, 0x00000400, 0x01000404, 0x01010004, 0x01000000, 0x00000004,
+ 0x00000404, 0x01000400, 0x01000400, 0x00010400, 0x00010400, 0x01010000, 0x01010000, 0x01000404,
+ 0x00010004, 0x01000004, 0x01000004, 0x00010004, 0x00000000, 0x00000404, 0x00010404, 0x01000000,
+ 0x00010000, 0x01010404, 0x00000004, 0x01010000, 0x01010400, 0x01000000, 0x01000000, 0x00000400,
+ 0x01010004, 0x00010000, 0x00010400, 0x01000004, 0x00000400, 0x00000004, 0x01000404, 0x00010404,
+ 0x01010404, 0x00010004, 0x01010000, 0x01000404, 0x01000004, 0x00000404, 0x00010404, 0x01010400,
+ 0x00000404, 0x01000400, 0x01000400, 0x00000000, 0x00010004, 0x00010400, 0x00000000, 0x01010004
+};
+
+static u32 sbox2[64] =
+{
+ 0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020, 0x80100020, 0x80008020,
+ 0x80000020, 0x80108020, 0x80108000, 0x80000000, 0x80008000, 0x00100000, 0x00000020, 0x80100020,
+ 0x00108000, 0x00100020, 0x80008020, 0x00000000, 0x80000000, 0x00008000, 0x00108020, 0x80100000,
+ 0x00100020, 0x80000020, 0x00000000, 0x00108000, 0x00008020, 0x80108000, 0x80100000, 0x00008020,
+ 0x00000000, 0x00108020, 0x80100020, 0x00100000, 0x80008020, 0x80100000, 0x80108000, 0x00008000,
+ 0x80100000, 0x80008000, 0x00000020, 0x80108020, 0x00108020, 0x00000020, 0x00008000, 0x80000000,
+ 0x00008020, 0x80108000, 0x00100000, 0x80000020, 0x00100020, 0x80008020, 0x80000020, 0x00100020,
+ 0x00108000, 0x00000000, 0x80008000, 0x00008020, 0x80000000, 0x80100020, 0x80108020, 0x00108000
+};
+
+static u32 sbox3[64] =
+{
+ 0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000, 0x00020208, 0x08000200,
+ 0x00020008, 0x08000008, 0x08000008, 0x00020000, 0x08020208, 0x00020008, 0x08020000, 0x00000208,
+ 0x08000000, 0x00000008, 0x08020200, 0x00000200, 0x00020200, 0x08020000, 0x08020008, 0x00020208,
+ 0x08000208, 0x00020200, 0x00020000, 0x08000208, 0x00000008, 0x08020208, 0x00000200, 0x08000000,
+ 0x08020200, 0x08000000, 0x00020008, 0x00000208, 0x00020000, 0x08020200, 0x08000200, 0x00000000,
+ 0x00000200, 0x00020008, 0x08020208, 0x08000200, 0x08000008, 0x00000200, 0x00000000, 0x08020008,
+ 0x08000208, 0x00020000, 0x08000000, 0x08020208, 0x00000008, 0x00020208, 0x00020200, 0x08000008,
+ 0x08020000, 0x08000208, 0x00000208, 0x08020000, 0x00020208, 0x00000008, 0x08020008, 0x00020200
+};
+
+static u32 sbox4[64] =
+{
+ 0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081, 0x00800001, 0x00002001,
+ 0x00000000, 0x00802000, 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00800080, 0x00800001,
+ 0x00000001, 0x00002000, 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002001, 0x00002080,
+ 0x00800081, 0x00000001, 0x00002080, 0x00800080, 0x00002000, 0x00802080, 0x00802081, 0x00000081,
+ 0x00800080, 0x00800001, 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00000000, 0x00802000,
+ 0x00002080, 0x00800080, 0x00800081, 0x00000001, 0x00802001, 0x00002081, 0x00002081, 0x00000080,
+ 0x00802081, 0x00000081, 0x00000001, 0x00002000, 0x00800001, 0x00002001, 0x00802080, 0x00800081,
+ 0x00002001, 0x00002080, 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002000, 0x00802080
+};
+
+static u32 sbox5[64] =
+{
+ 0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100, 0x40000000, 0x02080000,
+ 0x40080100, 0x00080000, 0x02000100, 0x40080100, 0x42000100, 0x42080000, 0x00080100, 0x40000000,
+ 0x02000000, 0x40080000, 0x40080000, 0x00000000, 0x40000100, 0x42080100, 0x42080100, 0x02000100,
+ 0x42080000, 0x40000100, 0x00000000, 0x42000000, 0x02080100, 0x02000000, 0x42000000, 0x00080100,
+ 0x00080000, 0x42000100, 0x00000100, 0x02000000, 0x40000000, 0x02080000, 0x42000100, 0x40080100,
+ 0x02000100, 0x40000000, 0x42080000, 0x02080100, 0x40080100, 0x00000100, 0x02000000, 0x42080000,
+ 0x42080100, 0x00080100, 0x42000000, 0x42080100, 0x02080000, 0x00000000, 0x40080000, 0x42000000,
+ 0x00080100, 0x02000100, 0x40000100, 0x00080000, 0x00000000, 0x40080000, 0x02080100, 0x40000100
+};
+
+static u32 sbox6[64] =
+{
+ 0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010, 0x20404010, 0x00400000,
+ 0x20004000, 0x00404010, 0x00400000, 0x20000010, 0x00400010, 0x20004000, 0x20000000, 0x00004010,
+ 0x00000000, 0x00400010, 0x20004010, 0x00004000, 0x00404000, 0x20004010, 0x00000010, 0x20400010,
+ 0x20400010, 0x00000000, 0x00404010, 0x20404000, 0x00004010, 0x00404000, 0x20404000, 0x20000000,
+ 0x20004000, 0x00000010, 0x20400010, 0x00404000, 0x20404010, 0x00400000, 0x00004010, 0x20000010,
+ 0x00400000, 0x20004000, 0x20000000, 0x00004010, 0x20000010, 0x20404010, 0x00404000, 0x20400000,
+ 0x00404010, 0x20404000, 0x00000000, 0x20400010, 0x00000010, 0x00004000, 0x20400000, 0x00404010,
+ 0x00004000, 0x00400010, 0x20004010, 0x00000000, 0x20404000, 0x20000000, 0x00400010, 0x20004010
+};
+
+static u32 sbox7[64] =
+{
+ 0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802, 0x00200802, 0x04200800,
+ 0x04200802, 0x00200000, 0x00000000, 0x04000002, 0x00000002, 0x04000000, 0x04200002, 0x00000802,
+ 0x04000800, 0x00200802, 0x00200002, 0x04000800, 0x04000002, 0x04200000, 0x04200800, 0x00200002,
+ 0x04200000, 0x00000800, 0x00000802, 0x04200802, 0x00200800, 0x00000002, 0x04000000, 0x00200800,
+ 0x04000000, 0x00200800, 0x00200000, 0x04000802, 0x04000802, 0x04200002, 0x04200002, 0x00000002,
+ 0x00200002, 0x04000000, 0x04000800, 0x00200000, 0x04200800, 0x00000802, 0x00200802, 0x04200800,
+ 0x00000802, 0x04000002, 0x04200802, 0x04200000, 0x00200800, 0x00000000, 0x00000002, 0x04200802,
+ 0x00000000, 0x00200802, 0x04200000, 0x00000800, 0x04000002, 0x04000800, 0x00000800, 0x00200002
+};
+
+static u32 sbox8[64] =
+{
+ 0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040, 0x00000040, 0x10000000,
+ 0x00040040, 0x10040000, 0x10041040, 0x00041000, 0x10041000, 0x00041040, 0x00001000, 0x00000040,
+ 0x10040000, 0x10000040, 0x10001000, 0x00001040, 0x00041000, 0x00040040, 0x10040040, 0x10041000,
+ 0x00001040, 0x00000000, 0x00000000, 0x10040040, 0x10000040, 0x10001000, 0x00041040, 0x00040000,
+ 0x00041040, 0x00040000, 0x10041000, 0x00001000, 0x00000040, 0x10040040, 0x00001000, 0x00041040,
+ 0x10001000, 0x00000040, 0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x00040000, 0x10001040,
+ 0x00000000, 0x10041040, 0x00040040, 0x10000040, 0x10040000, 0x10001000, 0x10001040, 0x00000000,
+ 0x10041040, 0x00041000, 0x00041000, 0x00001040, 0x00001040, 0x00040040, 0x10000000, 0x10041000
+};
+
+
+/*
+ * These two tables are part of the 'permuted choice 1' function.
+ * In this implementation several speed improvements are done.
+ */
+static u32 leftkey_swap[16] =
+{
+ 0x00000000, 0x00000001, 0x00000100, 0x00000101,
+ 0x00010000, 0x00010001, 0x00010100, 0x00010101,
+ 0x01000000, 0x01000001, 0x01000100, 0x01000101,
+ 0x01010000, 0x01010001, 0x01010100, 0x01010101
+};
+
+static u32 rightkey_swap[16] =
+{
+ 0x00000000, 0x01000000, 0x00010000, 0x01010000,
+ 0x00000100, 0x01000100, 0x00010100, 0x01010100,
+ 0x00000001, 0x01000001, 0x00010001, 0x01010001,
+ 0x00000101, 0x01000101, 0x00010101, 0x01010101,
+};
+
+
+
+/*
+ * Numbers of left shifts per round for encryption subkeys.
+ * To calculate the decryption subkeys we just reverse the
+ * ordering of the calculated encryption subkeys. So their
+ * is no need for a decryption rotate tab.
+ */
+static byte encrypt_rotate_tab[16] =
+{
+ 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
+};
+
+
+
+/*
+ * Table with weak DES keys sorted in ascending order.
+ * In DES their are 64 known keys which are weak. They are weak
+ * because they produce only one, two or four different
+ * subkeys in the subkey scheduling process.
+ * The keys in this table have all their parity bits cleared.
+ */
+static byte weak_keys[64][8] =
+{
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /*w*/
+ { 0x00, 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e },
+ { 0x00, 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0 },
+ { 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe },
+ { 0x00, 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e }, /*sw*/
+ { 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00 },
+ { 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe },
+ { 0x00, 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0 },
+ { 0x00, 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0 }, /*sw*/
+ { 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe },
+ { 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00 },
+ { 0x00, 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e },
+ { 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe }, /*sw*/
+ { 0x00, 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0 },
+ { 0x00, 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e },
+ { 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00 },
+ { 0x1e, 0x00, 0x00, 0x1e, 0x0e, 0x00, 0x00, 0x0e },
+ { 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e, 0x00 }, /*sw*/
+ { 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0, 0xfe },
+ { 0x1e, 0x00, 0xfe, 0xe0, 0x0e, 0x00, 0xfe, 0xf0 },
+ { 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00, 0x00 },
+ { 0x1e, 0x1e, 0x1e, 0x1e, 0x0e, 0x0e, 0x0e, 0x0e }, /*w*/
+ { 0x1e, 0x1e, 0xe0, 0xe0, 0x0e, 0x0e, 0xf0, 0xf0 },
+ { 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe, 0xfe },
+ { 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00, 0xfe },
+ { 0x1e, 0xe0, 0x1e, 0xe0, 0x0e, 0xf0, 0x0e, 0xf0 }, /*sw*/
+ { 0x1e, 0xe0, 0xe0, 0x1e, 0x0e, 0xf0, 0xf0, 0x0e },
+ { 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe, 0x00 },
+ { 0x1e, 0xfe, 0x00, 0xe0, 0x0e, 0xfe, 0x00, 0xf0 },
+ { 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe }, /*sw*/
+ { 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0, 0x00 },
+ { 0x1e, 0xfe, 0xfe, 0x1e, 0x0e, 0xfe, 0xfe, 0x0e },
+ { 0xe0, 0x00, 0x00, 0xe0, 0xf0, 0x00, 0x00, 0xf0 },
+ { 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e, 0xfe },
+ { 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0, 0x00 }, /*sw*/
+ { 0xe0, 0x00, 0xfe, 0x1e, 0xf0, 0x00, 0xfe, 0x0e },
+ { 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00, 0xfe },
+ { 0xe0, 0x1e, 0x1e, 0xe0, 0xf0, 0x0e, 0x0e, 0xf0 },
+ { 0xe0, 0x1e, 0xe0, 0x1e, 0xf0, 0x0e, 0xf0, 0x0e }, /*sw*/
+ { 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe, 0x00 },
+ { 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00, 0x00 },
+ { 0xe0, 0xe0, 0x1e, 0x1e, 0xf0, 0xf0, 0x0e, 0x0e },
+ { 0xe0, 0xe0, 0xe0, 0xe0, 0xf0, 0xf0, 0xf0, 0xf0 }, /*w*/
+ { 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe, 0xfe },
+ { 0xe0, 0xfe, 0x00, 0x1e, 0xf0, 0xfe, 0x00, 0x0e },
+ { 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e, 0x00 },
+ { 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0, 0xfe }, /*sw*/
+ { 0xe0, 0xfe, 0xfe, 0xe0, 0xf0, 0xfe, 0xfe, 0xf0 },
+ { 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe },
+ { 0xfe, 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0 },
+ { 0xfe, 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e },
+ { 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00 }, /*sw*/
+ { 0xfe, 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0 },
+ { 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe },
+ { 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00 },
+ { 0xfe, 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e }, /*sw*/
+ { 0xfe, 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e },
+ { 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00 },
+ { 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe },
+ { 0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0 }, /*sw*/
+ { 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00 },
+ { 0xfe, 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e },
+ { 0xfe, 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0 },
+ { 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe } /*w*/
+};
+static unsigned char weak_keys_chksum[20] = {
+ 0xD0, 0xCF, 0x07, 0x38, 0x93, 0x70, 0x8A, 0x83, 0x7D, 0xD7,
+ 0x8A, 0x36, 0x65, 0x29, 0x6C, 0x1F, 0x7C, 0x3F, 0xD3, 0x41
+};
+
+
+
+/*
+ * Macro to swap bits across two words.
+ */
+#define DO_PERMUTATION(a, temp, b, offset, mask) \
+ temp = ((a>>offset) ^ b) & mask; \
+ b ^= temp; \
+ a ^= temp<<offset;
+
+
+/*
+ * This performs the 'initial permutation' of the data to be encrypted
+ * or decrypted. Additionally the resulting two words are rotated one bit
+ * to the left.
+ */
+#define INITIAL_PERMUTATION(left, temp, right) \
+ DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f) \
+ DO_PERMUTATION(left, temp, right, 16, 0x0000ffff) \
+ DO_PERMUTATION(right, temp, left, 2, 0x33333333) \
+ DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff) \
+ right = (right << 1) | (right >> 31); \
+ temp = (left ^ right) & 0xaaaaaaaa; \
+ right ^= temp; \
+ left ^= temp; \
+ left = (left << 1) | (left >> 31);
+
+/*
+ * The 'inverse initial permutation'.
+ */
+#define FINAL_PERMUTATION(left, temp, right) \
+ left = (left << 31) | (left >> 1); \
+ temp = (left ^ right) & 0xaaaaaaaa; \
+ left ^= temp; \
+ right ^= temp; \
+ right = (right << 31) | (right >> 1); \
+ DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff) \
+ DO_PERMUTATION(right, temp, left, 2, 0x33333333) \
+ DO_PERMUTATION(left, temp, right, 16, 0x0000ffff) \
+ DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f)
+
+
+/*
+ * A full DES round including 'expansion function', 'sbox substitution'
+ * and 'primitive function P' but without swapping the left and right word.
+ * Please note: The data in 'from' and 'to' is already rotated one bit to
+ * the left, done in the initial permutation.
+ */
+#define DES_ROUND(from, to, work, subkey) \
+ work = from ^ *subkey++; \
+ to ^= sbox8[ work & 0x3f ]; \
+ to ^= sbox6[ (work>>8) & 0x3f ]; \
+ to ^= sbox4[ (work>>16) & 0x3f ]; \
+ to ^= sbox2[ (work>>24) & 0x3f ]; \
+ work = ((from << 28) | (from >> 4)) ^ *subkey++; \
+ to ^= sbox7[ work & 0x3f ]; \
+ to ^= sbox5[ (work>>8) & 0x3f ]; \
+ to ^= sbox3[ (work>>16) & 0x3f ]; \
+ to ^= sbox1[ (work>>24) & 0x3f ];
+
+/*
+ * Macros to convert 8 bytes from/to 32bit words.
+ */
+#define READ_64BIT_DATA(data, left, right) \
+ left = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3]; \
+ right = (data[4] << 24) | (data[5] << 16) | (data[6] << 8) | data[7];
+
+#define WRITE_64BIT_DATA(data, left, right) \
+ data[0] = (left >> 24) &0xff; data[1] = (left >> 16) &0xff; \
+ data[2] = (left >> 8) &0xff; data[3] = left &0xff; \
+ data[4] = (right >> 24) &0xff; data[5] = (right >> 16) &0xff; \
+ data[6] = (right >> 8) &0xff; data[7] = right &0xff;
+
+/*
+ * Handy macros for encryption and decryption of data
+ */
+#define des_ecb_encrypt(ctx, from, to) des_ecb_crypt(ctx, from, to, 0)
+#define des_ecb_decrypt(ctx, from, to) des_ecb_crypt(ctx, from, to, 1)
+#define tripledes_ecb_encrypt(ctx, from, to) tripledes_ecb_crypt(ctx,from,to,0)
+#define tripledes_ecb_decrypt(ctx, from, to) tripledes_ecb_crypt(ctx,from,to,1)
+
+
+
+
+
+
+/*
+ * des_key_schedule(): Calculate 16 subkeys pairs (even/odd) for
+ * 16 encryption rounds.
+ * To calculate subkeys for decryption the caller
+ * have to reorder the generated subkeys.
+ *
+ * rawkey: 8 Bytes of key data
+ * subkey: Array of at least 32 u32s. Will be filled
+ * with calculated subkeys.
+ *
+ */
+static void
+des_key_schedule (const byte * rawkey, u32 * subkey)
+{
+ u32 left, right, work;
+ int round;
+
+ READ_64BIT_DATA (rawkey, left, right)
+
+ DO_PERMUTATION (right, work, left, 4, 0x0f0f0f0f)
+ DO_PERMUTATION (right, work, left, 0, 0x10101010)
+
+ left = ((leftkey_swap[(left >> 0) & 0xf] << 3)
+ | (leftkey_swap[(left >> 8) & 0xf] << 2)
+ | (leftkey_swap[(left >> 16) & 0xf] << 1)
+ | (leftkey_swap[(left >> 24) & 0xf])
+ | (leftkey_swap[(left >> 5) & 0xf] << 7)
+ | (leftkey_swap[(left >> 13) & 0xf] << 6)
+ | (leftkey_swap[(left >> 21) & 0xf] << 5)
+ | (leftkey_swap[(left >> 29) & 0xf] << 4));
+
+ left &= 0x0fffffff;
+
+ right = ((rightkey_swap[(right >> 1) & 0xf] << 3)
+ | (rightkey_swap[(right >> 9) & 0xf] << 2)
+ | (rightkey_swap[(right >> 17) & 0xf] << 1)
+ | (rightkey_swap[(right >> 25) & 0xf])
+ | (rightkey_swap[(right >> 4) & 0xf] << 7)
+ | (rightkey_swap[(right >> 12) & 0xf] << 6)
+ | (rightkey_swap[(right >> 20) & 0xf] << 5)
+ | (rightkey_swap[(right >> 28) & 0xf] << 4));
+
+ right &= 0x0fffffff;
+
+ for (round = 0; round < 16; ++round)
+ {
+ left = ((left << encrypt_rotate_tab[round])
+ | (left >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
+ right = ((right << encrypt_rotate_tab[round])
+ | (right >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
+
+ *subkey++ = (((left << 4) & 0x24000000)
+ | ((left << 28) & 0x10000000)
+ | ((left << 14) & 0x08000000)
+ | ((left << 18) & 0x02080000)
+ | ((left << 6) & 0x01000000)
+ | ((left << 9) & 0x00200000)
+ | ((left >> 1) & 0x00100000)
+ | ((left << 10) & 0x00040000)
+ | ((left << 2) & 0x00020000)
+ | ((left >> 10) & 0x00010000)
+ | ((right >> 13) & 0x00002000)
+ | ((right >> 4) & 0x00001000)
+ | ((right << 6) & 0x00000800)
+ | ((right >> 1) & 0x00000400)
+ | ((right >> 14) & 0x00000200)
+ | (right & 0x00000100)
+ | ((right >> 5) & 0x00000020)
+ | ((right >> 10) & 0x00000010)
+ | ((right >> 3) & 0x00000008)
+ | ((right >> 18) & 0x00000004)
+ | ((right >> 26) & 0x00000002)
+ | ((right >> 24) & 0x00000001));
+
+ *subkey++ = (((left << 15) & 0x20000000)
+ | ((left << 17) & 0x10000000)
+ | ((left << 10) & 0x08000000)
+ | ((left << 22) & 0x04000000)
+ | ((left >> 2) & 0x02000000)
+ | ((left << 1) & 0x01000000)
+ | ((left << 16) & 0x00200000)
+ | ((left << 11) & 0x00100000)
+ | ((left << 3) & 0x00080000)
+ | ((left >> 6) & 0x00040000)
+ | ((left << 15) & 0x00020000)
+ | ((left >> 4) & 0x00010000)
+ | ((right >> 2) & 0x00002000)
+ | ((right << 8) & 0x00001000)
+ | ((right >> 14) & 0x00000808)
+ | ((right >> 9) & 0x00000400)
+ | ((right) & 0x00000200)
+ | ((right << 7) & 0x00000100)
+ | ((right >> 7) & 0x00000020)
+ | ((right >> 3) & 0x00000011)
+ | ((right << 2) & 0x00000004)
+ | ((right >> 21) & 0x00000002));
+ }
+}
+
+
+/*
+ * Fill a DES context with subkeys calculated from a 64bit key.
+ * Does not check parity bits, but simply ignore them.
+ * Does not check for weak keys.
+ */
+static int
+des_setkey (struct _des_ctx *ctx, const byte * key)
+{
+ static const char *selftest_failed;
+ int i;
+
+ if (!fips_mode () && !initialized)
+ {
+ initialized = 1;
+ selftest_failed = selftest ();
+
+ if (selftest_failed)
+ log_error ("%s\n", selftest_failed);
+ }
+ if (selftest_failed)
+ return GPG_ERR_SELFTEST_FAILED;
+
+ des_key_schedule (key, ctx->encrypt_subkeys);
+ _gcry_burn_stack (32);
+
+ for(i=0; i<32; i+=2)
+ {
+ ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[30-i];
+ ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[31-i];
+ }
+
+ return 0;
+}
+
+
+
+/*
+ * Electronic Codebook Mode DES encryption/decryption of data according
+ * to 'mode'.
+ */
+static int
+des_ecb_crypt (struct _des_ctx *ctx, const byte * from, byte * to, int mode)
+{
+ u32 left, right, work;
+ u32 *keys;
+
+ keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
+
+ READ_64BIT_DATA (from, left, right)
+ INITIAL_PERMUTATION (left, work, right)
+
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+
+ FINAL_PERMUTATION (right, work, left)
+ WRITE_64BIT_DATA (to, right, left)
+
+ return 0;
+}
+
+
+
+/*
+ * Fill a Triple-DES context with subkeys calculated from two 64bit keys.
+ * Does not check the parity bits of the keys, but simply ignore them.
+ * Does not check for weak keys.
+ */
+static int
+tripledes_set2keys (struct _tripledes_ctx *ctx,
+ const byte * key1,
+ const byte * key2)
+{
+ int i;
+
+ des_key_schedule (key1, ctx->encrypt_subkeys);
+ des_key_schedule (key2, &(ctx->decrypt_subkeys[32]));
+ _gcry_burn_stack (32);
+
+ for(i=0; i<32; i+=2)
+ {
+ ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[30-i];
+ ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[31-i];
+
+ ctx->encrypt_subkeys[i+32] = ctx->decrypt_subkeys[62-i];
+ ctx->encrypt_subkeys[i+33] = ctx->decrypt_subkeys[63-i];
+
+ ctx->encrypt_subkeys[i+64] = ctx->encrypt_subkeys[i];
+ ctx->encrypt_subkeys[i+65] = ctx->encrypt_subkeys[i+1];
+
+ ctx->decrypt_subkeys[i+64] = ctx->decrypt_subkeys[i];
+ ctx->decrypt_subkeys[i+65] = ctx->decrypt_subkeys[i+1];
+ }
+
+ return 0;
+}
+
+
+
+/*
+ * Fill a Triple-DES context with subkeys calculated from three 64bit keys.
+ * Does not check the parity bits of the keys, but simply ignore them.
+ * Does not check for weak keys.
+ */
+static int
+tripledes_set3keys (struct _tripledes_ctx *ctx,
+ const byte * key1,
+ const byte * key2,
+ const byte * key3)
+{
+ static const char *selftest_failed;
+ int i;
+
+ if (!fips_mode () && !initialized)
+ {
+ initialized = 1;
+ selftest_failed = selftest ();
+
+ if (selftest_failed)
+ log_error ("%s\n", selftest_failed);
+ }
+ if (selftest_failed)
+ return GPG_ERR_SELFTEST_FAILED;
+
+ des_key_schedule (key1, ctx->encrypt_subkeys);
+ des_key_schedule (key2, &(ctx->decrypt_subkeys[32]));
+ des_key_schedule (key3, &(ctx->encrypt_subkeys[64]));
+ _gcry_burn_stack (32);
+
+ for(i=0; i<32; i+=2)
+ {
+ ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[94-i];
+ ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[95-i];
+
+ ctx->encrypt_subkeys[i+32] = ctx->decrypt_subkeys[62-i];
+ ctx->encrypt_subkeys[i+33] = ctx->decrypt_subkeys[63-i];
+
+ ctx->decrypt_subkeys[i+64] = ctx->encrypt_subkeys[30-i];
+ ctx->decrypt_subkeys[i+65] = ctx->encrypt_subkeys[31-i];
+ }
+
+ return 0;
+}
+
+
+
+/*
+ * Electronic Codebook Mode Triple-DES encryption/decryption of data
+ * according to 'mode'. Sometimes this mode is named 'EDE' mode
+ * (Encryption-Decryption-Encryption).
+ */
+static int
+tripledes_ecb_crypt (struct _tripledes_ctx *ctx, const byte * from,
+ byte * to, int mode)
+{
+ u32 left, right, work;
+ u32 *keys;
+
+ keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
+
+ READ_64BIT_DATA (from, left, right)
+ INITIAL_PERMUTATION (left, work, right)
+
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+
+ DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
+ DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
+ DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
+ DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
+ DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
+ DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
+ DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
+ DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys)
+
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+ DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys)
+
+ FINAL_PERMUTATION (right, work, left)
+ WRITE_64BIT_DATA (to, right, left)
+
+ return 0;
+}
+
+
+
+
+
+/*
+ * Check whether the 8 byte key is weak.
+ * Does not check the parity bits of the key but simple ignore them.
+ */
+static int
+is_weak_key ( const byte *key )
+{
+ byte work[8];
+ int i, left, right, middle, cmp_result;
+
+ /* clear parity bits */
+ for(i=0; i<8; ++i)
+ work[i] = key[i] & 0xfe;
+
+ /* binary search in the weak key table */
+ left = 0;
+ right = 63;
+ while(left <= right)
+ {
+ middle = (left + right) / 2;
+
+ if ( !(cmp_result=working_memcmp(work, weak_keys[middle], 8)) )
+ return -1;
+
+ if ( cmp_result > 0 )
+ left = middle + 1;
+ else
+ right = middle - 1;
+ }
+
+ return 0;
+}
+
+
+
+/*
+ * Performs a selftest of this DES/Triple-DES implementation.
+ * Returns an string with the error text on failure.
+ * Returns NULL if all is ok.
+ */
+static const char *
+selftest (void)
+{
+ /*
+ * Check if 'u32' is really 32 bits wide. This DES / 3DES implementation
+ * need this.
+ */
+ if (sizeof (u32) != 4)
+ return "Wrong word size for DES configured.";
+
+ /*
+ * DES Maintenance Test
+ */
+ {
+ int i;
+ byte key[8] =
+ {0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55};
+ byte input[8] =
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
+ byte result[8] =
+ {0x24, 0x6e, 0x9d, 0xb9, 0xc5, 0x50, 0x38, 0x1a};
+ byte temp1[8], temp2[8], temp3[8];
+ des_ctx des;
+
+ for (i = 0; i < 64; ++i)
+ {
+ des_setkey (des, key);
+ des_ecb_encrypt (des, input, temp1);
+ des_ecb_encrypt (des, temp1, temp2);
+ des_setkey (des, temp2);
+ des_ecb_decrypt (des, temp1, temp3);
+ memcpy (key, temp3, 8);
+ memcpy (input, temp1, 8);
+ }
+ if (memcmp (temp3, result, 8))
+ return "DES maintenance test failed.";
+ }
+
+
+ /*
+ * Self made Triple-DES test (Does somebody know an official test?)
+ */
+ {
+ int i;
+ byte input[8] =
+ {0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10};
+ byte key1[8] =
+ {0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0};
+ byte key2[8] =
+ {0x11, 0x22, 0x33, 0x44, 0xff, 0xaa, 0xcc, 0xdd};
+ byte result[8] =
+ {0x7b, 0x38, 0x3b, 0x23, 0xa2, 0x7d, 0x26, 0xd3};
+
+ tripledes_ctx des3;
+
+ for (i = 0; i < 16; ++i)
+ {
+ tripledes_set2keys (des3, key1, key2);
+ tripledes_ecb_encrypt (des3, input, key1);
+ tripledes_ecb_decrypt (des3, input, key2);
+ tripledes_set3keys (des3, key1, input, key2);
+ tripledes_ecb_encrypt (des3, input, input);
+ }
+ if (memcmp (input, result, 8))
+ return "Triple-DES test failed.";
+ }
+
+ /*
+ * More Triple-DES test. These are testvectors as used by SSLeay,
+ * thanks to Jeroen C. van Gelderen.
+ */
+ {
+ struct { byte key[24]; byte plain[8]; byte cipher[8]; } testdata[] = {
+ { { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+ 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+ 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01 },
+ { 0x95,0xF8,0xA5,0xE5,0xDD,0x31,0xD9,0x00 },
+ { 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }
+ },
+
+ { { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+ 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+ 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01 },
+ { 0x9D,0x64,0x55,0x5A,0x9A,0x10,0xB8,0x52, },
+ { 0x00,0x00,0x00,0x10,0x00,0x00,0x00,0x00 }
+ },
+ { { 0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E,
+ 0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E,
+ 0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E },
+ { 0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A },
+ { 0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A }
+ },
+ { { 0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6,
+ 0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6,
+ 0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6 },
+ { 0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2 },
+ { 0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95 }
+ },
+ { { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+ 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+ 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF },
+ { 0x73,0x6F,0x6D,0x65,0x64,0x61,0x74,0x61 },
+ { 0x3D,0x12,0x4F,0xE2,0x19,0x8B,0xA3,0x18 }
+ },
+ { { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+ 0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,
+ 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF },
+ { 0x73,0x6F,0x6D,0x65,0x64,0x61,0x74,0x61 },
+ { 0xFB,0xAB,0xA1,0xFF,0x9D,0x05,0xE9,0xB1 }
+ },
+ { { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+ 0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,
+ 0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10 },
+ { 0x73,0x6F,0x6D,0x65,0x64,0x61,0x74,0x61 },
+ { 0x18,0xd7,0x48,0xe5,0x63,0x62,0x05,0x72 }
+ },
+ { { 0x03,0x52,0x02,0x07,0x67,0x20,0x82,0x17,
+ 0x86,0x02,0x87,0x66,0x59,0x08,0x21,0x98,
+ 0x64,0x05,0x6A,0xBD,0xFE,0xA9,0x34,0x57 },
+ { 0x73,0x71,0x75,0x69,0x67,0x67,0x6C,0x65 },
+ { 0xc0,0x7d,0x2a,0x0f,0xa5,0x66,0xfa,0x30 }
+ },
+ { { 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+ 0x80,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+ 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x02 },
+ { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
+ { 0xe6,0xe6,0xdd,0x5b,0x7e,0x72,0x29,0x74 }
+ },
+ { { 0x10,0x46,0x10,0x34,0x89,0x98,0x80,0x20,
+ 0x91,0x07,0xD0,0x15,0x89,0x19,0x01,0x01,
+ 0x19,0x07,0x92,0x10,0x98,0x1A,0x01,0x01 },
+ { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
+ { 0xe1,0xef,0x62,0xc3,0x32,0xfe,0x82,0x5b }
+ }
+ };
+
+ byte result[8];
+ int i;
+ tripledes_ctx des3;
+
+ for (i=0; i<sizeof(testdata)/sizeof(*testdata); ++i)
+ {
+ tripledes_set3keys (des3, testdata[i].key,
+ testdata[i].key + 8, testdata[i].key + 16);
+
+ tripledes_ecb_encrypt (des3, testdata[i].plain, result);
+ if (memcmp (testdata[i].cipher, result, 8))
+ return "Triple-DES SSLeay test failed on encryption.";
+
+ tripledes_ecb_decrypt (des3, testdata[i].cipher, result);
+ if (memcmp (testdata[i].plain, result, 8))
+ return "Triple-DES SSLeay test failed on decryption.";;
+ }
+ }
+
+ /*
+ * Check the weak key detection. We simply assume that the table
+ * with weak keys is ok and check every key in the table if it is
+ * detected... (This test is a little bit stupid).
+ */
+ {
+ int i;
+ unsigned char *p;
+ gcry_md_hd_t h;
+
+ if (_gcry_md_open (&h, GCRY_MD_SHA1, 0))
+ return "SHA1 not available";
+
+ for (i = 0; i < 64; ++i)
+ _gcry_md_write (h, weak_keys[i], 8);
+ p = _gcry_md_read (h, GCRY_MD_SHA1);
+ i = memcmp (p, weak_keys_chksum, 20);
+ _gcry_md_close (h);
+ if (i)
+ return "weak key table defect";
+
+ for (i = 0; i < 64; ++i)
+ if (!is_weak_key(weak_keys[i]))
+ return "DES weak key detection failed";
+ }
+
+ return 0;
+}
+
+
+static gcry_err_code_t
+do_tripledes_setkey ( void *context, const byte *key, unsigned keylen )
+{
+ struct _tripledes_ctx *ctx = (struct _tripledes_ctx *) context;
+
+ if( keylen != 24 )
+ return GPG_ERR_INV_KEYLEN;
+
+ tripledes_set3keys ( ctx, key, key+8, key+16);
+
+ if (ctx->flags.no_weak_key)
+ ; /* Detection has been disabled. */
+ else if (is_weak_key (key) || is_weak_key (key+8) || is_weak_key (key+16))
+ {
+ _gcry_burn_stack (64);
+ return GPG_ERR_WEAK_KEY;
+ }
+ _gcry_burn_stack (64);
+
+ return GPG_ERR_NO_ERROR;
+}
+
+
+static gcry_err_code_t
+do_tripledes_set_extra_info (void *context, int what,
+ const void *buffer, size_t buflen)
+{
+ struct _tripledes_ctx *ctx = (struct _tripledes_ctx *)context;
+ gpg_err_code_t ec = 0;
+
+ (void)buffer;
+ (void)buflen;
+
+ switch (what)
+ {
+ case CIPHER_INFO_NO_WEAK_KEY:
+ ctx->flags.no_weak_key = 1;
+ break;
+
+ default:
+ ec = GPG_ERR_INV_OP;
+ break;
+ }
+ return ec;
+}
+
+
+static void
+do_tripledes_encrypt( void *context, byte *outbuf, const byte *inbuf )
+{
+ struct _tripledes_ctx *ctx = (struct _tripledes_ctx *) context;
+
+ tripledes_ecb_encrypt ( ctx, inbuf, outbuf );
+ _gcry_burn_stack (32);
+}
+
+static void
+do_tripledes_decrypt( void *context, byte *outbuf, const byte *inbuf )
+{
+ struct _tripledes_ctx *ctx = (struct _tripledes_ctx *) context;
+ tripledes_ecb_decrypt ( ctx, inbuf, outbuf );
+ _gcry_burn_stack (32);
+}
+
+static gcry_err_code_t
+do_des_setkey (void *context, const byte *key, unsigned keylen)
+{
+ struct _des_ctx *ctx = (struct _des_ctx *) context;
+
+ if (keylen != 8)
+ return GPG_ERR_INV_KEYLEN;
+
+ des_setkey (ctx, key);
+
+ if (is_weak_key (key)) {
+ _gcry_burn_stack (64);
+ return GPG_ERR_WEAK_KEY;
+ }
+ _gcry_burn_stack (64);
+
+ return GPG_ERR_NO_ERROR;
+}
+
+
+static void
+do_des_encrypt( void *context, byte *outbuf, const byte *inbuf )
+{
+ struct _des_ctx *ctx = (struct _des_ctx *) context;
+
+ des_ecb_encrypt ( ctx, inbuf, outbuf );
+ _gcry_burn_stack (32);
+}
+
+static void
+do_des_decrypt( void *context, byte *outbuf, const byte *inbuf )
+{
+ struct _des_ctx *ctx = (struct _des_ctx *) context;
+
+ des_ecb_decrypt ( ctx, inbuf, outbuf );
+ _gcry_burn_stack (32);
+}
+
+
+
+
+/*
+ Self-test section.
+ */
+
+
+/* Selftest for TripleDES. */
+static gpg_err_code_t
+selftest_fips (int extended, selftest_report_func_t report)
+{
+ const char *what;
+ const char *errtxt;
+
+ (void)extended; /* No extended tests available. */
+
+ what = "low-level";
+ errtxt = selftest ();
+ if (errtxt)
+ goto failed;
+
+ /* The low-level self-tests are quite extensive and thus we can do
+ without high level tests. This is also justified because we have
+ no custom block code implementation for 3des but always use the
+ standard high level block code. */
+
+ return 0; /* Succeeded. */
+
+ failed:
+ if (report)
+ report ("cipher", GCRY_CIPHER_3DES, what, errtxt);
+ return GPG_ERR_SELFTEST_FAILED;
+}
+
+
+
+/* Run a full self-test for ALGO and return 0 on success. */
+static gpg_err_code_t
+run_selftests (int algo, int extended, selftest_report_func_t report)
+{
+ gpg_err_code_t ec;
+
+ switch (algo)
+ {
+ case GCRY_CIPHER_3DES:
+ ec = selftest_fips (extended, report);
+ break;
+ default:
+ ec = GPG_ERR_CIPHER_ALGO;
+ break;
+
+ }
+ return ec;
+}
+
+
+
+gcry_cipher_spec_t _gcry_cipher_spec_des =
+ {
+ "DES", NULL, NULL, 8, 64, sizeof (struct _des_ctx),
+ do_des_setkey, do_des_encrypt, do_des_decrypt
+ };
+
+static gcry_cipher_oid_spec_t oids_tripledes[] =
+ {
+ { "1.2.840.113549.3.7", GCRY_CIPHER_MODE_CBC },
+ /* Teletrust specific OID for 3DES. */
+ { "1.3.36.3.1.3.2.1", GCRY_CIPHER_MODE_CBC },
+ /* pbeWithSHAAnd3_KeyTripleDES_CBC */
+ { "1.2.840.113549.1.12.1.3", GCRY_CIPHER_MODE_CBC },
+ { NULL }
+ };
+
+gcry_cipher_spec_t _gcry_cipher_spec_tripledes =
+ {
+ "3DES", NULL, oids_tripledes, 8, 192, sizeof (struct _tripledes_ctx),
+ do_tripledes_setkey, do_tripledes_encrypt, do_tripledes_decrypt
+ };
+
+cipher_extra_spec_t _gcry_cipher_extraspec_tripledes =
+ {
+ run_selftests,
+ do_tripledes_set_extra_info
+ };
diff --git a/grub-core/lib/libgcrypt/cipher/dsa.c b/grub-core/lib/libgcrypt/cipher/dsa.c
new file mode 100644
index 0000000..100710f
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/dsa.c
@@ -0,0 +1,1181 @@
+/* dsa.c - DSA signature algorithm
+ * Copyright (C) 1998, 2000, 2001, 2002, 2003,
+ * 2006, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "g10lib.h"
+#include "mpi.h"
+#include "cipher.h"
+
+typedef struct
+{
+ gcry_mpi_t p; /* prime */
+ gcry_mpi_t q; /* group order */
+ gcry_mpi_t g; /* group generator */
+ gcry_mpi_t y; /* g^x mod p */
+} DSA_public_key;
+
+
+typedef struct
+{
+ gcry_mpi_t p; /* prime */
+ gcry_mpi_t q; /* group order */
+ gcry_mpi_t g; /* group generator */
+ gcry_mpi_t y; /* g^x mod p */
+ gcry_mpi_t x; /* secret exponent */
+} DSA_secret_key;
+
+
+/* A structure used to hold domain parameters. */
+typedef struct
+{
+ gcry_mpi_t p; /* prime */
+ gcry_mpi_t q; /* group order */
+ gcry_mpi_t g; /* group generator */
+} dsa_domain_t;
+
+
+/* A sample 1024 bit DSA key used for the selftests. */
+static const char sample_secret_key[] =
+"(private-key"
+" (dsa"
+" (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB"
+" 96273899DD8B2BB46CD6ECA263FAF04A28903503D59062A8865D2AE8ADFB5191"
+" CF36FFB562D0E2F5809801A1F675DAE59698A9E01EFE8D7DCFCA084F4C6F5A44"
+" 44D499A06FFAEA5E8EF5E01F2FD20A7B7EF3F6968AFBA1FB8D91F1559D52D8777B#)"
+" (q #00EB7B5751D25EBBB7BD59D920315FD840E19AEBF9#)"
+" (g #1574363387FDFD1DDF38F4FBE135BB20C7EE4772FB94C337AF86EA8E49666503"
+" AE04B6BE81A2F8DD095311E0217ACA698A11E6C5D33CCDAE71498ED35D13991E"
+" B02F09AB40BD8F4C5ED8C75DA779D0AE104BC34C960B002377068AB4B5A1F984"
+" 3FBA91F537F1B7CAC4D8DD6D89B0D863AF7025D549F9C765D2FC07EE208F8D15#)"
+" (y #64B11EF8871BE4AB572AA810D5D3CA11A6CDBC637A8014602C72960DB135BF46"
+" A1816A724C34F87330FC9E187C5D66897A04535CC2AC9164A7150ABFA8179827"
+" 6E45831AB811EEE848EBB24D9F5F2883B6E5DDC4C659DEF944DCFD80BF4D0A20"
+" 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)"
+" (x #11D54E4ADBD3034160F2CED4B7CD292A4EBF3EC0#)))";
+/* A sample 1024 bit DSA key used for the selftests (public only). */
+static const char sample_public_key[] =
+"(public-key"
+" (dsa"
+" (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB"
+" 96273899DD8B2BB46CD6ECA263FAF04A28903503D59062A8865D2AE8ADFB5191"
+" CF36FFB562D0E2F5809801A1F675DAE59698A9E01EFE8D7DCFCA084F4C6F5A44"
+" 44D499A06FFAEA5E8EF5E01F2FD20A7B7EF3F6968AFBA1FB8D91F1559D52D8777B#)"
+" (q #00EB7B5751D25EBBB7BD59D920315FD840E19AEBF9#)"
+" (g #1574363387FDFD1DDF38F4FBE135BB20C7EE4772FB94C337AF86EA8E49666503"
+" AE04B6BE81A2F8DD095311E0217ACA698A11E6C5D33CCDAE71498ED35D13991E"
+" B02F09AB40BD8F4C5ED8C75DA779D0AE104BC34C960B002377068AB4B5A1F984"
+" 3FBA91F537F1B7CAC4D8DD6D89B0D863AF7025D549F9C765D2FC07EE208F8D15#)"
+" (y #64B11EF8871BE4AB572AA810D5D3CA11A6CDBC637A8014602C72960DB135BF46"
+" A1816A724C34F87330FC9E187C5D66897A04535CC2AC9164A7150ABFA8179827"
+" 6E45831AB811EEE848EBB24D9F5F2883B6E5DDC4C659DEF944DCFD80BF4D0A20"
+" 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)))";
+
+
+
+
+static gcry_mpi_t gen_k (gcry_mpi_t q);
+static int test_keys (DSA_secret_key *sk, unsigned int qbits);
+static int check_secret_key (DSA_secret_key *sk);
+static gpg_err_code_t generate (DSA_secret_key *sk,
+ unsigned int nbits,
+ unsigned int qbits,
+ int transient_key,
+ dsa_domain_t *domain,
+ gcry_mpi_t **ret_factors);
+static void sign (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t input,
+ DSA_secret_key *skey);
+static int verify (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t input,
+ DSA_public_key *pkey);
+
+static void (*progress_cb) (void *,const char *, int, int, int );
+static void *progress_cb_data;
+
+
+void
+_gcry_register_pk_dsa_progress (void (*cb) (void *, const char *,
+ int, int, int),
+ void *cb_data)
+{
+ progress_cb = cb;
+ progress_cb_data = cb_data;
+}
+
+
+static void
+progress (int c)
+{
+ if (progress_cb)
+ progress_cb (progress_cb_data, "pk_dsa", c, 0, 0);
+}
+
+
+/*
+ * Generate a random secret exponent k less than q.
+ */
+static gcry_mpi_t
+gen_k( gcry_mpi_t q )
+{
+ gcry_mpi_t k = mpi_alloc_secure( mpi_get_nlimbs(q) );
+ unsigned int nbits = mpi_get_nbits(q);
+ unsigned int nbytes = (nbits+7)/8;
+ char *rndbuf = NULL;
+
+ if ( DBG_CIPHER )
+ log_debug("choosing a random k ");
+ for (;;)
+ {
+ if( DBG_CIPHER )
+ progress('.');
+
+ if ( !rndbuf || nbits < 32 )
+ {
+ gcry_free(rndbuf);
+ rndbuf = gcry_random_bytes_secure( (nbits+7)/8, GCRY_STRONG_RANDOM );
+ }
+ else
+ { /* Change only some of the higher bits. We could improve
+ this by directly requesting more memory at the first call
+ to get_random_bytes() and use this the here maybe it is
+ easier to do this directly in random.c. */
+ char *pp = gcry_random_bytes_secure( 4, GCRY_STRONG_RANDOM );
+ memcpy( rndbuf,pp, 4 );
+ gcry_free(pp);
+ }
+ _gcry_mpi_set_buffer( k, rndbuf, nbytes, 0 );
+ if ( mpi_test_bit( k, nbits-1 ) )
+ mpi_set_highbit( k, nbits-1 );
+ else
+ {
+ mpi_set_highbit( k, nbits-1 );
+ mpi_clear_bit( k, nbits-1 );
+ }
+
+ if( !(mpi_cmp( k, q ) < 0) ) /* check: k < q */
+ {
+ if( DBG_CIPHER )
+ progress('+');
+ continue; /* no */
+ }
+ if( !(mpi_cmp_ui( k, 0 ) > 0) ) /* check: k > 0 */
+ {
+ if( DBG_CIPHER )
+ progress('-');
+ continue; /* no */
+ }
+ break; /* okay */
+ }
+ gcry_free(rndbuf);
+ if( DBG_CIPHER )
+ progress('\n');
+
+ return k;
+}
+
+
+/* Check that a freshly generated key actually works. Returns 0 on success. */
+static int
+test_keys (DSA_secret_key *sk, unsigned int qbits)
+{
+ int result = -1; /* Default to failure. */
+ DSA_public_key pk;
+ gcry_mpi_t data = gcry_mpi_new (qbits);
+ gcry_mpi_t sig_a = gcry_mpi_new (qbits);
+ gcry_mpi_t sig_b = gcry_mpi_new (qbits);
+
+ /* Put the relevant parameters into a public key structure. */
+ pk.p = sk->p;
+ pk.q = sk->q;
+ pk.g = sk->g;
+ pk.y = sk->y;
+
+ /* Create a random plaintext. */
+ gcry_mpi_randomize (data, qbits, GCRY_WEAK_RANDOM);
+
+ /* Sign DATA using the secret key. */
+ sign (sig_a, sig_b, data, sk);
+
+ /* Verify the signature using the public key. */
+ if ( !verify (sig_a, sig_b, data, &pk) )
+ goto leave; /* Signature does not match. */
+
+ /* Modify the data and check that the signing fails. */
+ gcry_mpi_add_ui (data, data, 1);
+ if ( verify (sig_a, sig_b, data, &pk) )
+ goto leave; /* Signature matches but should not. */
+
+ result = 0; /* The test succeeded. */
+
+ leave:
+ gcry_mpi_release (sig_b);
+ gcry_mpi_release (sig_a);
+ gcry_mpi_release (data);
+ return result;
+}
+
+
+
+/*
+ Generate a DSA key pair with a key of size NBITS. If transient_key
+ is true the key is generated using the standard RNG and not the
+ very secure one.
+
+ Returns: 2 structures filled with all needed values
+ and an array with the n-1 factors of (p-1)
+ */
+static gpg_err_code_t
+generate (DSA_secret_key *sk, unsigned int nbits, unsigned int qbits,
+ int transient_key, dsa_domain_t *domain, gcry_mpi_t **ret_factors )
+{
+ gcry_mpi_t p; /* the prime */
+ gcry_mpi_t q; /* the 160 bit prime factor */
+ gcry_mpi_t g; /* the generator */
+ gcry_mpi_t y; /* g^x mod p */
+ gcry_mpi_t x; /* the secret exponent */
+ gcry_mpi_t h, e; /* helper */
+ unsigned char *rndbuf;
+ gcry_random_level_t random_level;
+
+ if (qbits)
+ ; /* Caller supplied qbits. Use this value. */
+ else if ( nbits >= 512 && nbits <= 1024 )
+ qbits = 160;
+ else if ( nbits == 2048 )
+ qbits = 224;
+ else if ( nbits == 3072 )
+ qbits = 256;
+ else if ( nbits == 7680 )
+ qbits = 384;
+ else if ( nbits == 15360 )
+ qbits = 512;
+ else
+ return GPG_ERR_INV_VALUE;
+
+ if (qbits < 160 || qbits > 512 || (qbits%8) )
+ return GPG_ERR_INV_VALUE;
+ if (nbits < 2*qbits || nbits > 15360)
+ return GPG_ERR_INV_VALUE;
+
+ if (fips_mode ())
+ {
+ if (nbits < 1024)
+ return GPG_ERR_INV_VALUE;
+ if (transient_key)
+ return GPG_ERR_INV_VALUE;
+ }
+
+ if (domain->p && domain->q && domain->g)
+ {
+ /* Domain parameters are given; use them. */
+ p = mpi_copy (domain->p);
+ q = mpi_copy (domain->q);
+ g = mpi_copy (domain->g);
+ gcry_assert (mpi_get_nbits (p) == nbits);
+ gcry_assert (mpi_get_nbits (q) == qbits);
+ h = mpi_alloc (0);
+ e = NULL;
+ }
+ else
+ {
+ /* Generate new domain parameters. */
+ p = _gcry_generate_elg_prime (1, nbits, qbits, NULL, ret_factors);
+ /* Get q out of factors. */
+ q = mpi_copy ((*ret_factors)[0]);
+ gcry_assert (mpi_get_nbits (q) == qbits);
+
+ /* Find a generator g (h and e are helpers).
+ e = (p-1)/q */
+ e = mpi_alloc (mpi_get_nlimbs (p));
+ mpi_sub_ui (e, p, 1);
+ mpi_fdiv_q (e, e, q);
+ g = mpi_alloc (mpi_get_nlimbs (p));
+ h = mpi_alloc_set_ui (1); /* (We start with 2.) */
+ do
+ {
+ mpi_add_ui (h, h, 1);
+ /* g = h^e mod p */
+ gcry_mpi_powm (g, h, e, p);
+ }
+ while (!mpi_cmp_ui (g, 1)); /* Continue until g != 1. */
+ }
+
+ /* Select a random number X with the property:
+ * 0 < x < q-1
+ * This must be a very good random number because this is the secret
+ * part. The random quality depends on the transient_key flag. */
+ random_level = transient_key ? GCRY_STRONG_RANDOM : GCRY_VERY_STRONG_RANDOM;
+ if (DBG_CIPHER)
+ log_debug("choosing a random x%s", transient_key? " (transient-key)":"");
+ gcry_assert( qbits >= 160 );
+ x = mpi_alloc_secure( mpi_get_nlimbs(q) );
+ mpi_sub_ui( h, q, 1 ); /* put q-1 into h */
+ rndbuf = NULL;
+ do
+ {
+ if( DBG_CIPHER )
+ progress('.');
+ if( !rndbuf )
+ rndbuf = gcry_random_bytes_secure ((qbits+7)/8, random_level);
+ else
+ { /* Change only some of the higher bits (= 2 bytes)*/
+ char *r = gcry_random_bytes_secure (2, random_level);
+ memcpy(rndbuf, r, 2 );
+ gcry_free(r);
+ }
+
+ _gcry_mpi_set_buffer( x, rndbuf, (qbits+7)/8, 0 );
+ mpi_clear_highbit( x, qbits+1 );
+ }
+ while ( !( mpi_cmp_ui( x, 0 )>0 && mpi_cmp( x, h )<0 ) );
+ gcry_free(rndbuf);
+ mpi_free( e );
+ mpi_free( h );
+
+ /* y = g^x mod p */
+ y = mpi_alloc( mpi_get_nlimbs(p) );
+ gcry_mpi_powm( y, g, x, p );
+
+ if( DBG_CIPHER )
+ {
+ progress('\n');
+ log_mpidump("dsa p", p );
+ log_mpidump("dsa q", q );
+ log_mpidump("dsa g", g );
+ log_mpidump("dsa y", y );
+ log_mpidump("dsa x", x );
+ }
+
+ /* Copy the stuff to the key structures. */
+ sk->p = p;
+ sk->q = q;
+ sk->g = g;
+ sk->y = y;
+ sk->x = x;
+
+ /* Now we can test our keys (this should never fail!). */
+ if ( test_keys (sk, qbits) )
+ {
+ gcry_mpi_release (sk->p); sk->p = NULL;
+ gcry_mpi_release (sk->q); sk->q = NULL;
+ gcry_mpi_release (sk->g); sk->g = NULL;
+ gcry_mpi_release (sk->y); sk->y = NULL;
+ gcry_mpi_release (sk->x); sk->x = NULL;
+ fips_signal_error ("self-test after key generation failed");
+ return GPG_ERR_SELFTEST_FAILED;
+ }
+ return 0;
+}
+
+
+/* Generate a DSA key pair with a key of size NBITS using the
+ algorithm given in FIPS-186-3. If USE_FIPS186_2 is true,
+ FIPS-186-2 is used and thus the length is restricted to 1024/160.
+ If DERIVEPARMS is not NULL it may contain a seed value. If domain
+ parameters are specified in DOMAIN, DERIVEPARMS may not be given
+ and NBITS and QBITS must match the specified domain parameters. */
+static gpg_err_code_t
+generate_fips186 (DSA_secret_key *sk, unsigned int nbits, unsigned int qbits,
+ gcry_sexp_t deriveparms, int use_fips186_2,
+ dsa_domain_t *domain,
+ int *r_counter, void **r_seed, size_t *r_seedlen,
+ gcry_mpi_t *r_h)
+{
+ gpg_err_code_t ec;
+ struct {
+ gcry_sexp_t sexp;
+ const void *seed;
+ size_t seedlen;
+ } initial_seed = { NULL, NULL, 0 };
+ gcry_mpi_t prime_q = NULL;
+ gcry_mpi_t prime_p = NULL;
+ gcry_mpi_t value_g = NULL; /* The generator. */
+ gcry_mpi_t value_y = NULL; /* g^x mod p */
+ gcry_mpi_t value_x = NULL; /* The secret exponent. */
+ gcry_mpi_t value_h = NULL; /* Helper. */
+ gcry_mpi_t value_e = NULL; /* Helper. */
+
+ /* Preset return values. */
+ *r_counter = 0;
+ *r_seed = NULL;
+ *r_seedlen = 0;
+ *r_h = NULL;
+
+ /* Derive QBITS from NBITS if requested */
+ if (!qbits)
+ {
+ if (nbits == 1024)
+ qbits = 160;
+ else if (nbits == 2048)
+ qbits = 224;
+ else if (nbits == 3072)
+ qbits = 256;
+ }
+
+ /* Check that QBITS and NBITS match the standard. Note that FIPS
+ 186-3 uses N for QBITS and L for NBITS. */
+ if (nbits == 1024 && qbits == 160)
+ ;
+ else if (nbits == 2048 && qbits == 224)
+ ;
+ else if (nbits == 2048 && qbits == 256)
+ ;
+ else if (nbits == 3072 && qbits == 256)
+ ;
+ else
+ return GPG_ERR_INV_VALUE;
+
+ if (domain->p && domain->q && domain->g)
+ {
+ /* Domain parameters are given; use them. */
+ prime_p = mpi_copy (domain->p);
+ prime_q = mpi_copy (domain->q);
+ value_g = mpi_copy (domain->g);
+ gcry_assert (mpi_get_nbits (prime_p) == nbits);
+ gcry_assert (mpi_get_nbits (prime_q) == qbits);
+ gcry_assert (!deriveparms);
+ ec = 0;
+ }
+ else
+ {
+ /* Generate new domain parameters. */
+
+ /* Get an initial seed value. */
+ if (deriveparms)
+ {
+ initial_seed.sexp = gcry_sexp_find_token (deriveparms, "seed", 0);
+ if (initial_seed.sexp)
+ initial_seed.seed = gcry_sexp_nth_data (initial_seed.sexp, 1,
+ &initial_seed.seedlen);
+ }
+
+ /* Fixme: Enable 186-3 after it has been approved and after fixing
+ the generation function. */
+ /* if (use_fips186_2) */
+ (void)use_fips186_2;
+ ec = _gcry_generate_fips186_2_prime (nbits, qbits,
+ initial_seed.seed,
+ initial_seed.seedlen,
+ &prime_q, &prime_p,
+ r_counter,
+ r_seed, r_seedlen);
+ /* else */
+ /* ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0, */
+ /* &prime_q, &prime_p, */
+ /* r_counter, */
+ /* r_seed, r_seedlen, NULL); */
+ gcry_sexp_release (initial_seed.sexp);
+ if (ec)
+ goto leave;
+
+ /* Find a generator g (h and e are helpers).
+ e = (p-1)/q */
+ value_e = mpi_alloc_like (prime_p);
+ mpi_sub_ui (value_e, prime_p, 1);
+ mpi_fdiv_q (value_e, value_e, prime_q );
+ value_g = mpi_alloc_like (prime_p);
+ value_h = mpi_alloc_set_ui (1);
+ do
+ {
+ mpi_add_ui (value_h, value_h, 1);
+ /* g = h^e mod p */
+ mpi_powm (value_g, value_h, value_e, prime_p);
+ }
+ while (!mpi_cmp_ui (value_g, 1)); /* Continue until g != 1. */
+ }
+
+
+ /* Select a random number x with: 0 < x < q */
+ value_x = gcry_mpi_snew (qbits);
+ do
+ {
+ if( DBG_CIPHER )
+ progress('.');
+ gcry_mpi_randomize (value_x, qbits, GCRY_VERY_STRONG_RANDOM);
+ mpi_clear_highbit (value_x, qbits+1);
+ }
+ while (!(mpi_cmp_ui (value_x, 0) > 0 && mpi_cmp (value_x, prime_q) < 0));
+
+ /* y = g^x mod p */
+ value_y = mpi_alloc_like (prime_p);
+ gcry_mpi_powm (value_y, value_g, value_x, prime_p);
+
+ if (DBG_CIPHER)
+ {
+ progress('\n');
+ log_mpidump("dsa p", prime_p );
+ log_mpidump("dsa q", prime_q );
+ log_mpidump("dsa g", value_g );
+ log_mpidump("dsa y", value_y );
+ log_mpidump("dsa x", value_x );
+ log_mpidump("dsa h", value_h );
+ }
+
+ /* Copy the stuff to the key structures. */
+ sk->p = prime_p; prime_p = NULL;
+ sk->q = prime_q; prime_q = NULL;
+ sk->g = value_g; value_g = NULL;
+ sk->y = value_y; value_y = NULL;
+ sk->x = value_x; value_x = NULL;
+ *r_h = value_h; value_h = NULL;
+
+ leave:
+ gcry_mpi_release (prime_p);
+ gcry_mpi_release (prime_q);
+ gcry_mpi_release (value_g);
+ gcry_mpi_release (value_y);
+ gcry_mpi_release (value_x);
+ gcry_mpi_release (value_h);
+ gcry_mpi_release (value_e);
+
+ /* As a last step test this keys (this should never fail of course). */
+ if (!ec && test_keys (sk, qbits) )
+ {
+ gcry_mpi_release (sk->p); sk->p = NULL;
+ gcry_mpi_release (sk->q); sk->q = NULL;
+ gcry_mpi_release (sk->g); sk->g = NULL;
+ gcry_mpi_release (sk->y); sk->y = NULL;
+ gcry_mpi_release (sk->x); sk->x = NULL;
+ fips_signal_error ("self-test after key generation failed");
+ ec = GPG_ERR_SELFTEST_FAILED;
+ }
+
+ if (ec)
+ {
+ *r_counter = 0;
+ gcry_free (*r_seed); *r_seed = NULL;
+ *r_seedlen = 0;
+ gcry_mpi_release (*r_h); *r_h = NULL;
+ }
+
+ return ec;
+}
+
+
+
+/*
+ Test whether the secret key is valid.
+ Returns: if this is a valid key.
+ */
+static int
+check_secret_key( DSA_secret_key *sk )
+{
+ int rc;
+ gcry_mpi_t y = mpi_alloc( mpi_get_nlimbs(sk->y) );
+
+ gcry_mpi_powm( y, sk->g, sk->x, sk->p );
+ rc = !mpi_cmp( y, sk->y );
+ mpi_free( y );
+ return rc;
+}
+
+
+
+/*
+ Make a DSA signature from HASH and put it into r and s.
+ */
+static void
+sign(gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t hash, DSA_secret_key *skey )
+{
+ gcry_mpi_t k;
+ gcry_mpi_t kinv;
+ gcry_mpi_t tmp;
+
+ /* Select a random k with 0 < k < q */
+ k = gen_k( skey->q );
+
+ /* r = (a^k mod p) mod q */
+ gcry_mpi_powm( r, skey->g, k, skey->p );
+ mpi_fdiv_r( r, r, skey->q );
+
+ /* kinv = k^(-1) mod q */
+ kinv = mpi_alloc( mpi_get_nlimbs(k) );
+ mpi_invm(kinv, k, skey->q );
+
+ /* s = (kinv * ( hash + x * r)) mod q */
+ tmp = mpi_alloc( mpi_get_nlimbs(skey->p) );
+ mpi_mul( tmp, skey->x, r );
+ mpi_add( tmp, tmp, hash );
+ mpi_mulm( s , kinv, tmp, skey->q );
+
+ mpi_free(k);
+ mpi_free(kinv);
+ mpi_free(tmp);
+}
+
+
+/*
+ Returns true if the signature composed from R and S is valid.
+ */
+static int
+verify (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t hash, DSA_public_key *pkey )
+{
+ int rc;
+ gcry_mpi_t w, u1, u2, v;
+ gcry_mpi_t base[3];
+ gcry_mpi_t ex[3];
+
+ if( !(mpi_cmp_ui( r, 0 ) > 0 && mpi_cmp( r, pkey->q ) < 0) )
+ return 0; /* assertion 0 < r < q failed */
+ if( !(mpi_cmp_ui( s, 0 ) > 0 && mpi_cmp( s, pkey->q ) < 0) )
+ return 0; /* assertion 0 < s < q failed */
+
+ w = mpi_alloc( mpi_get_nlimbs(pkey->q) );
+ u1 = mpi_alloc( mpi_get_nlimbs(pkey->q) );
+ u2 = mpi_alloc( mpi_get_nlimbs(pkey->q) );
+ v = mpi_alloc( mpi_get_nlimbs(pkey->p) );
+
+ /* w = s^(-1) mod q */
+ mpi_invm( w, s, pkey->q );
+
+ /* u1 = (hash * w) mod q */
+ mpi_mulm( u1, hash, w, pkey->q );
+
+ /* u2 = r * w mod q */
+ mpi_mulm( u2, r, w, pkey->q );
+
+ /* v = g^u1 * y^u2 mod p mod q */
+ base[0] = pkey->g; ex[0] = u1;
+ base[1] = pkey->y; ex[1] = u2;
+ base[2] = NULL; ex[2] = NULL;
+ mpi_mulpowm( v, base, ex, pkey->p );
+ mpi_fdiv_r( v, v, pkey->q );
+
+ rc = !mpi_cmp( v, r );
+
+ mpi_free(w);
+ mpi_free(u1);
+ mpi_free(u2);
+ mpi_free(v);
+
+ return rc;
+}
+
+
+/*********************************************
+ ************** interface ******************
+ *********************************************/
+
+static gcry_err_code_t
+dsa_generate_ext (int algo, unsigned int nbits, unsigned long evalue,
+ const gcry_sexp_t genparms,
+ gcry_mpi_t *skey, gcry_mpi_t **retfactors,
+ gcry_sexp_t *r_extrainfo)
+{
+ gpg_err_code_t ec;
+ DSA_secret_key sk;
+ gcry_sexp_t l1;
+ unsigned int qbits = 0;
+ gcry_sexp_t deriveparms = NULL;
+ gcry_sexp_t seedinfo = NULL;
+ int transient_key = 0;
+ int use_fips186_2 = 0;
+ int use_fips186 = 0;
+ dsa_domain_t domain;
+
+ (void)algo; /* No need to check it. */
+ (void)evalue; /* Not required for DSA. */
+
+ memset (&domain, 0, sizeof domain);
+
+ if (genparms)
+ {
+ gcry_sexp_t domainsexp;
+
+ /* Parse the optional qbits element. */
+ l1 = gcry_sexp_find_token (genparms, "qbits", 0);
+ if (l1)
+ {
+ char buf[50];
+ const char *s;
+ size_t n;
+
+ s = gcry_sexp_nth_data (l1, 1, &n);
+ if (!s || n >= DIM (buf) - 1 )
+ {
+ gcry_sexp_release (l1);
+ return GPG_ERR_INV_OBJ; /* No value or value too large. */
+ }
+ memcpy (buf, s, n);
+ buf[n] = 0;
+ qbits = (unsigned int)strtoul (buf, NULL, 0);
+ gcry_sexp_release (l1);
+ }
+
+ /* Parse the optional transient-key flag. */
+ l1 = gcry_sexp_find_token (genparms, "transient-key", 0);
+ if (l1)
+ {
+ transient_key = 1;
+ gcry_sexp_release (l1);
+ }
+
+ /* Get the optional derive parameters. */
+ deriveparms = gcry_sexp_find_token (genparms, "derive-parms", 0);
+
+ /* Parse the optional "use-fips186" flags. */
+ l1 = gcry_sexp_find_token (genparms, "use-fips186", 0);
+ if (l1)
+ {
+ use_fips186 = 1;
+ gcry_sexp_release (l1);
+ }
+ l1 = gcry_sexp_find_token (genparms, "use-fips186-2", 0);
+ if (l1)
+ {
+ use_fips186_2 = 1;
+ gcry_sexp_release (l1);
+ }
+
+ /* Check whether domain parameters are given. */
+ domainsexp = gcry_sexp_find_token (genparms, "domain", 0);
+ if (domainsexp)
+ {
+ /* DERIVEPARMS can't be used together with domain
+ parameters. NBITS abnd QBITS may not be specified
+ because there values are derived from the domain
+ parameters. */
+ if (deriveparms || qbits || nbits)
+ {
+ gcry_sexp_release (domainsexp);
+ gcry_sexp_release (deriveparms);
+ return GPG_ERR_INV_VALUE;
+ }
+
+ /* Put all domain parameters into the domain object. */
+ l1 = gcry_sexp_find_token (domainsexp, "p", 0);
+ domain.p = gcry_sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG);
+ gcry_sexp_release (l1);
+ l1 = gcry_sexp_find_token (domainsexp, "q", 0);
+ domain.q = gcry_sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG);
+ gcry_sexp_release (l1);
+ l1 = gcry_sexp_find_token (domainsexp, "g", 0);
+ domain.g = gcry_sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG);
+ gcry_sexp_release (l1);
+ gcry_sexp_release (domainsexp);
+
+ /* Check that all domain parameters are available. */
+ if (!domain.p || !domain.q || !domain.g)
+ {
+ gcry_mpi_release (domain.p);
+ gcry_mpi_release (domain.q);
+ gcry_mpi_release (domain.g);
+ gcry_sexp_release (deriveparms);
+ return GPG_ERR_MISSING_VALUE;
+ }
+
+ /* Get NBITS and QBITS from the domain parameters. */
+ nbits = mpi_get_nbits (domain.p);
+ qbits = mpi_get_nbits (domain.q);
+ }
+ }
+
+ if (deriveparms || use_fips186 || use_fips186_2 || fips_mode ())
+ {
+ int counter;
+ void *seed;
+ size_t seedlen;
+ gcry_mpi_t h_value;
+
+ ec = generate_fips186 (&sk, nbits, qbits, deriveparms, use_fips186_2,
+ &domain,
+ &counter, &seed, &seedlen, &h_value);
+ gcry_sexp_release (deriveparms);
+ if (!ec && h_value)
+ {
+ /* Format the seed-values unless domain parameters are used
+ for which a H_VALUE of NULL is an indication. */
+ ec = gpg_err_code (gcry_sexp_build
+ (&seedinfo, NULL,
+ "(seed-values(counter %d)(seed %b)(h %m))",
+ counter, (int)seedlen, seed, h_value));
+ if (ec)
+ {
+ gcry_mpi_release (sk.p); sk.p = NULL;
+ gcry_mpi_release (sk.q); sk.q = NULL;
+ gcry_mpi_release (sk.g); sk.g = NULL;
+ gcry_mpi_release (sk.y); sk.y = NULL;
+ gcry_mpi_release (sk.x); sk.x = NULL;
+ }
+ gcry_free (seed);
+ gcry_mpi_release (h_value);
+ }
+ }
+ else
+ {
+ ec = generate (&sk, nbits, qbits, transient_key, &domain, retfactors);
+ }
+
+ gcry_mpi_release (domain.p);
+ gcry_mpi_release (domain.q);
+ gcry_mpi_release (domain.g);
+
+ if (!ec)
+ {
+ skey[0] = sk.p;
+ skey[1] = sk.q;
+ skey[2] = sk.g;
+ skey[3] = sk.y;
+ skey[4] = sk.x;
+
+ if (!r_extrainfo)
+ {
+ /* Old style interface - return the factors - if any - at
+ retfactors. */
+ }
+ else if (!*retfactors && !seedinfo)
+ {
+ /* No factors and no seedinfo, thus there is nothing to return. */
+ *r_extrainfo = NULL;
+ }
+ else
+ {
+ /* Put the factors into extrainfo and set retfactors to NULL
+ to make use of the new interface. Note that the factors
+ are not confidential thus we can store them in standard
+ memory. */
+ int nfactors, i, j;
+ char *p;
+ char *format = NULL;
+ void **arg_list = NULL;
+
+ for (nfactors=0; *retfactors && (*retfactors)[nfactors]; nfactors++)
+ ;
+ /* Allocate space for the format string:
+ "(misc-key-info%S(pm1-factors%m))"
+ with one "%m" for each factor and construct it. */
+ format = gcry_malloc (50 + 2*nfactors);
+ if (!format)
+ ec = gpg_err_code_from_syserror ();
+ else
+ {
+ p = stpcpy (format, "(misc-key-info");
+ if (seedinfo)
+ p = stpcpy (p, "%S");
+ if (nfactors)
+ {
+ p = stpcpy (p, "(pm1-factors");
+ for (i=0; i < nfactors; i++)
+ p = stpcpy (p, "%m");
+ p = stpcpy (p, ")");
+ }
+ p = stpcpy (p, ")");
+
+ /* Allocate space for the list of factors plus one for
+ an S-expression plus an extra NULL entry for safety
+ and fill it with the factors. */
+ arg_list = gcry_calloc (nfactors+1+1, sizeof *arg_list);
+ if (!arg_list)
+ ec = gpg_err_code_from_syserror ();
+ else
+ {
+ i = 0;
+ if (seedinfo)
+ arg_list[i++] = &seedinfo;
+ for (j=0; j < nfactors; j++)
+ arg_list[i++] = (*retfactors) + j;
+ arg_list[i] = NULL;
+
+ ec = gpg_err_code (gcry_sexp_build_array
+ (r_extrainfo, NULL, format, arg_list));
+ }
+ }
+
+ gcry_free (arg_list);
+ gcry_free (format);
+ for (i=0; i < nfactors; i++)
+ {
+ gcry_mpi_release ((*retfactors)[i]);
+ (*retfactors)[i] = NULL;
+ }
+ *retfactors = NULL;
+ if (ec)
+ {
+ for (i=0; i < 5; i++)
+ {
+ gcry_mpi_release (skey[i]);
+ skey[i] = NULL;
+ }
+ }
+ }
+ }
+
+ gcry_sexp_release (seedinfo);
+ return ec;
+}
+
+
+static gcry_err_code_t
+dsa_generate (int algo, unsigned int nbits, unsigned long evalue,
+ gcry_mpi_t *skey, gcry_mpi_t **retfactors)
+{
+ (void)evalue;
+ return dsa_generate_ext (algo, nbits, 0, NULL, skey, retfactors, NULL);
+}
+
+
+
+static gcry_err_code_t
+dsa_check_secret_key (int algo, gcry_mpi_t *skey)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+ DSA_secret_key sk;
+
+ (void)algo;
+
+ if ((! skey[0]) || (! skey[1]) || (! skey[2]) || (! skey[3]) || (! skey[4]))
+ err = GPG_ERR_BAD_MPI;
+ else
+ {
+ sk.p = skey[0];
+ sk.q = skey[1];
+ sk.g = skey[2];
+ sk.y = skey[3];
+ sk.x = skey[4];
+ if (! check_secret_key (&sk))
+ err = GPG_ERR_BAD_SECKEY;
+ }
+
+ return err;
+}
+
+
+static gcry_err_code_t
+dsa_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+ DSA_secret_key sk;
+
+ (void)algo;
+
+ if ((! data)
+ || (! skey[0]) || (! skey[1]) || (! skey[2])
+ || (! skey[3]) || (! skey[4]))
+ err = GPG_ERR_BAD_MPI;
+ else
+ {
+ sk.p = skey[0];
+ sk.q = skey[1];
+ sk.g = skey[2];
+ sk.y = skey[3];
+ sk.x = skey[4];
+ resarr[0] = mpi_alloc (mpi_get_nlimbs (sk.p));
+ resarr[1] = mpi_alloc (mpi_get_nlimbs (sk.p));
+ sign (resarr[0], resarr[1], data, &sk);
+ }
+ return err;
+}
+
+static gcry_err_code_t
+dsa_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey,
+ int (*cmp) (void *, gcry_mpi_t), void *opaquev)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+ DSA_public_key pk;
+
+ (void)algo;
+ (void)cmp;
+ (void)opaquev;
+
+ if ((! data[0]) || (! data[1]) || (! hash)
+ || (! pkey[0]) || (! pkey[1]) || (! pkey[2]) || (! pkey[3]))
+ err = GPG_ERR_BAD_MPI;
+ else
+ {
+ pk.p = pkey[0];
+ pk.q = pkey[1];
+ pk.g = pkey[2];
+ pk.y = pkey[3];
+ if (! verify (data[0], data[1], hash, &pk))
+ err = GPG_ERR_BAD_SIGNATURE;
+ }
+ return err;
+}
+
+
+static unsigned int
+dsa_get_nbits (int algo, gcry_mpi_t *pkey)
+{
+ (void)algo;
+
+ return mpi_get_nbits (pkey[0]);
+}
+
+
+
+/*
+ Self-test section.
+ */
+
+static const char *
+selftest_sign_1024 (gcry_sexp_t pkey, gcry_sexp_t skey)
+{
+ static const char sample_data[] =
+ "(data (flags pkcs1)"
+ " (hash sha1 #a0b1c2d3e4f500102030405060708090a1b2c3d4#))";
+ static const char sample_data_bad[] =
+ "(data (flags pkcs1)"
+ " (hash sha1 #a0b1c2d3e4f510102030405060708090a1b2c3d4#))";
+
+ const char *errtxt = NULL;
+ gcry_error_t err;
+ gcry_sexp_t data = NULL;
+ gcry_sexp_t data_bad = NULL;
+ gcry_sexp_t sig = NULL;
+
+ err = gcry_sexp_sscan (&data, NULL,
+ sample_data, strlen (sample_data));
+ if (!err)
+ err = gcry_sexp_sscan (&data_bad, NULL,
+ sample_data_bad, strlen (sample_data_bad));
+ if (err)
+ {
+ errtxt = "converting data failed";
+ goto leave;
+ }
+
+ err = gcry_pk_sign (&sig, data, skey);
+ if (err)
+ {
+ errtxt = "signing failed";
+ goto leave;
+ }
+ err = gcry_pk_verify (sig, data, pkey);
+ if (err)
+ {
+ errtxt = "verify failed";
+ goto leave;
+ }
+ err = gcry_pk_verify (sig, data_bad, pkey);
+ if (gcry_err_code (err) != GPG_ERR_BAD_SIGNATURE)
+ {
+ errtxt = "bad signature not detected";
+ goto leave;
+ }
+
+
+ leave:
+ gcry_sexp_release (sig);
+ gcry_sexp_release (data_bad);
+ gcry_sexp_release (data);
+ return errtxt;
+}
+
+
+static gpg_err_code_t
+selftests_dsa (selftest_report_func_t report)
+{
+ const char *what;
+ const char *errtxt;
+ gcry_error_t err;
+ gcry_sexp_t skey = NULL;
+ gcry_sexp_t pkey = NULL;
+
+ /* Convert the S-expressions into the internal representation. */
+ what = "convert";
+ err = gcry_sexp_sscan (&skey, NULL,
+ sample_secret_key, strlen (sample_secret_key));
+ if (!err)
+ err = gcry_sexp_sscan (&pkey, NULL,
+ sample_public_key, strlen (sample_public_key));
+ if (err)
+ {
+ errtxt = gcry_strerror (err);
+ goto failed;
+ }
+
+ what = "key consistency";
+ err = gcry_pk_testkey (skey);
+ if (err)
+ {
+ errtxt = gcry_strerror (err);
+ goto failed;
+ }
+
+ what = "sign";
+ errtxt = selftest_sign_1024 (pkey, skey);
+ if (errtxt)
+ goto failed;
+
+ gcry_sexp_release (pkey);
+ gcry_sexp_release (skey);
+ return 0; /* Succeeded. */
+
+ failed:
+ gcry_sexp_release (pkey);
+ gcry_sexp_release (skey);
+ if (report)
+ report ("pubkey", GCRY_PK_DSA, what, errtxt);
+ return GPG_ERR_SELFTEST_FAILED;
+}
+
+
+/* Run a full self-test for ALGO and return 0 on success. */
+static gpg_err_code_t
+run_selftests (int algo, int extended, selftest_report_func_t report)
+{
+ gpg_err_code_t ec;
+
+ (void)extended;
+
+ switch (algo)
+ {
+ case GCRY_PK_DSA:
+ ec = selftests_dsa (report);
+ break;
+ default:
+ ec = GPG_ERR_PUBKEY_ALGO;
+ break;
+
+ }
+ return ec;
+}
+
+
+
+
+static const char *dsa_names[] =
+ {
+ "dsa",
+ "openpgp-dsa",
+ NULL,
+ };
+
+gcry_pk_spec_t _gcry_pubkey_spec_dsa =
+ {
+ "DSA", dsa_names,
+ "pqgy", "pqgyx", "", "rs", "pqgy",
+ GCRY_PK_USAGE_SIGN,
+ dsa_generate,
+ dsa_check_secret_key,
+ NULL,
+ NULL,
+ dsa_sign,
+ dsa_verify,
+ dsa_get_nbits
+ };
+pk_extra_spec_t _gcry_pubkey_extraspec_dsa =
+ {
+ run_selftests,
+ dsa_generate_ext
+ };
+
diff --git a/grub-core/lib/libgcrypt/cipher/ecc.c b/grub-core/lib/libgcrypt/cipher/ecc.c
new file mode 100644
index 0000000..fcbd8e3
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/ecc.c
@@ -0,0 +1,1390 @@
+/* ecc.c - Elliptic Curve Cryptography
+ Copyright (C) 2007, 2008 Free Software Foundation, Inc.
+
+ This file is part of Libgcrypt.
+
+ Libgcrypt is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as
+ published by the Free Software Foundation; either version 2.1 of
+ the License, or (at your option) any later version.
+
+ Libgcrypt is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ USA. */
+
+/* This code is originally based on the Patch 0.1.6 for the gnupg
+ 1.4.x branch as retrieved on 2007-03-21 from
+ http://www.calcurco.cat/eccGnuPG/src/gnupg-1.4.6-ecc0.2.0beta1.diff.bz2
+ The original authors are:
+ Written by
+ Sergi Blanch i Torne <d4372211 at alumnes.eup.udl.es>,
+ Ramiro Moreno Chiral <ramiro at eup.udl.es>
+ Maintainers
+ Sergi Blanch i Torne
+ Ramiro Moreno Chiral
+ Mikael Mylnikov (mmr)
+ For use in Libgcrypt the code has been heavily modified and cleaned
+ up. In fact there is not much left of the orginally code except for
+ some variable names and the text book implementaion of the sign and
+ verification algorithms. The arithmetic functions have entirely
+ been rewritten and moved to mpi/ec.c. */
+
+
+/* TODO:
+
+ - If we support point compression we need to decide how to compute
+ the keygrip - it should not change due to compression.
+
+ - In mpi/ec.c we use mpi_powm for x^2 mod p: Either implement a
+ special case in mpi_powm or check whether mpi_mulm is faster.
+
+ - Decide whether we should hide the mpi_point_t definition.
+
+ - Support more than just ECDSA.
+*/
+
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "g10lib.h"
+#include "mpi.h"
+#include "cipher.h"
+
+
+/* Definition of a curve. */
+typedef struct
+{
+ gcry_mpi_t p; /* Prime specifying the field GF(p). */
+ gcry_mpi_t a; /* First coefficient of the Weierstrass equation. */
+ gcry_mpi_t b; /* Second coefficient of the Weierstrass equation. */
+ mpi_point_t G; /* Base point (generator). */
+ gcry_mpi_t n; /* Order of G. */
+} elliptic_curve_t;
+
+
+typedef struct
+{
+ elliptic_curve_t E;
+ mpi_point_t Q; /* Q = [d]G */
+} ECC_public_key;
+
+typedef struct
+{
+ elliptic_curve_t E;
+ mpi_point_t Q;
+ gcry_mpi_t d;
+} ECC_secret_key;
+
+
+/* This tables defines aliases for curve names. */
+static const struct
+{
+ const char *name; /* Our name. */
+ const char *other; /* Other name. */
+} curve_aliases[] =
+ {
+ { "NIST P-192", "1.2.840.10045.3.1.1" }, /* X9.62 OID */
+ { "NIST P-192", "prime192v1" }, /* X9.62 name. */
+ { "NIST P-192", "secp192r1" }, /* SECP name. */
+
+ { "NIST P-224", "secp224r1" },
+ { "NIST P-224", "1.3.132.0.33" }, /* SECP OID. */
+
+ { "NIST P-256", "1.2.840.10045.3.1.7" }, /* From NIST SP 800-78-1. */
+ { "NIST P-256", "prime256v1" },
+ { "NIST P-256", "secp256r1" },
+
+ { "NIST P-384", "secp384r1" },
+ { "NIST P-384", "1.3.132.0.34" },
+
+ { "NIST P-521", "secp521r1" },
+ { "NIST P-521", "1.3.132.0.35" },
+
+ { "brainpoolP160r1", "1.3.36.3.3.2.8.1.1.1" },
+ { "brainpoolP192r1", "1.3.36.3.3.2.8.1.1.3" },
+ { "brainpoolP224r1", "1.3.36.3.3.2.8.1.1.5" },
+ { "brainpoolP256r1", "1.3.36.3.3.2.8.1.1.7" },
+ { "brainpoolP320r1", "1.3.36.3.3.2.8.1.1.9" },
+ { "brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11"},
+ { "brainpoolP512r1", "1.3.36.3.3.2.8.1.1.13"},
+
+ { NULL, NULL}
+ };
+
+
+
+/* This static table defines all available curves. */
+static const struct
+{
+ const char *desc; /* Description of the curve. */
+ unsigned int nbits; /* Number of bits. */
+ unsigned int fips:1; /* True if this is a FIPS140-2 approved curve. */
+ const char *p; /* Order of the prime field. */
+ const char *a, *b; /* The coefficients. */
+ const char *n; /* The order of the base point. */
+ const char *g_x, *g_y; /* Base point. */
+} domain_parms[] =
+ {
+ {
+ "NIST P-192", 192, 1,
+ "0xfffffffffffffffffffffffffffffffeffffffffffffffff",
+ "0xfffffffffffffffffffffffffffffffefffffffffffffffc",
+ "0x64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1",
+ "0xffffffffffffffffffffffff99def836146bc9b1b4d22831",
+
+ "0x188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012",
+ "0x07192b95ffc8da78631011ed6b24cdd573f977a11e794811"
+ },
+ {
+ "NIST P-224", 224, 1,
+ "0xffffffffffffffffffffffffffffffff000000000000000000000001",
+ "0xfffffffffffffffffffffffffffffffefffffffffffffffffffffffe",
+ "0xb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4",
+ "0xffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d" ,
+
+ "0xb70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21",
+ "0xbd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34"
+ },
+ {
+ "NIST P-256", 256, 1,
+ "0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff",
+ "0xffffffff00000001000000000000000000000000fffffffffffffffffffffffc",
+ "0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b",
+ "0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551",
+
+ "0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296",
+ "0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5"
+ },
+ {
+ "NIST P-384", 384, 1,
+ "0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe"
+ "ffffffff0000000000000000ffffffff",
+ "0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe"
+ "ffffffff0000000000000000fffffffc",
+ "0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875a"
+ "c656398d8a2ed19d2a85c8edd3ec2aef",
+ "0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf"
+ "581a0db248b0a77aecec196accc52973",
+
+ "0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a38"
+ "5502f25dbf55296c3a545e3872760ab7",
+ "0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c0"
+ "0a60b1ce1d7e819d7a431d7c90ea0e5f"
+ },
+ {
+ "NIST P-521", 521, 1,
+ "0x01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
+ "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "0x01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
+ "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc",
+ "0x051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef10"
+ "9e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00",
+ "0x1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
+ "ffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409",
+
+ "0xc6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3d"
+ "baa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66",
+ "0x11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e6"
+ "62c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650"
+ },
+
+ { "brainpoolP160r1", 160, 0,
+ "0xe95e4a5f737059dc60dfc7ad95b3d8139515620f",
+ "0x340e7be2a280eb74e2be61bada745d97e8f7c300",
+ "0x1e589a8595423412134faa2dbdec95c8d8675e58",
+ "0xe95e4a5f737059dc60df5991d45029409e60fc09",
+ "0xbed5af16ea3f6a4f62938c4631eb5af7bdbcdbc3",
+ "0x1667cb477a1a8ec338f94741669c976316da6321"
+ },
+
+ { "brainpoolP192r1", 192, 0,
+ "0xc302f41d932a36cda7a3463093d18db78fce476de1a86297",
+ "0x6a91174076b1e0e19c39c031fe8685c1cae040e5c69a28ef",
+ "0x469a28ef7c28cca3dc721d044f4496bcca7ef4146fbf25c9",
+ "0xc302f41d932a36cda7a3462f9e9e916b5be8f1029ac4acc1",
+ "0xc0a0647eaab6a48753b033c56cb0f0900a2f5c4853375fd6",
+ "0x14b690866abd5bb88b5f4828c1490002e6773fa2fa299b8f"
+ },
+
+ { "brainpoolP224r1", 224, 0,
+ "0xd7c134aa264366862a18302575d1d787b09f075797da89f57ec8c0ff",
+ "0x68a5e62ca9ce6c1c299803a6c1530b514e182ad8b0042a59cad29f43",
+ "0x2580f63ccfe44138870713b1a92369e33e2135d266dbb372386c400b",
+ "0xd7c134aa264366862a18302575d0fb98d116bc4b6ddebca3a5a7939f",
+ "0x0d9029ad2c7e5cf4340823b2a87dc68c9e4ce3174c1e6efdee12c07d",
+ "0x58aa56f772c0726f24c6b89e4ecdac24354b9e99caa3f6d3761402cd"
+ },
+
+ { "brainpoolP256r1", 256, 0,
+ "0xa9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377",
+ "0x7d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9",
+ "0x26dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b6",
+ "0xa9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7",
+ "0x8bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262",
+ "0x547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f046997"
+ },
+
+ { "brainpoolP320r1", 320, 0,
+ "0xd35e472036bc4fb7e13c785ed201e065f98fcfa6f6f40def4f92b9ec7893ec28"
+ "fcd412b1f1b32e27",
+ "0x3ee30b568fbab0f883ccebd46d3f3bb8a2a73513f5eb79da66190eb085ffa9f4"
+ "92f375a97d860eb4",
+ "0x520883949dfdbc42d3ad198640688a6fe13f41349554b49acc31dccd88453981"
+ "6f5eb4ac8fb1f1a6",
+ "0xd35e472036bc4fb7e13c785ed201e065f98fcfa5b68f12a32d482ec7ee8658e9"
+ "8691555b44c59311",
+ "0x43bd7e9afb53d8b85289bcc48ee5bfe6f20137d10a087eb6e7871e2a10a599c7"
+ "10af8d0d39e20611",
+ "0x14fdd05545ec1cc8ab4093247f77275e0743ffed117182eaa9c77877aaac6ac7"
+ "d35245d1692e8ee1"
+ },
+
+ { "brainpoolP384r1", 384, 0,
+ "0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123"
+ "acd3a729901d1a71874700133107ec53",
+ "0x7bc382c63d8c150c3c72080ace05afa0c2bea28e4fb22787139165efba91f90f"
+ "8aa5814a503ad4eb04a8c7dd22ce2826",
+ "0x04a8c7dd22ce28268b39b55416f0447c2fb77de107dcd2a62e880ea53eeb62d5"
+ "7cb4390295dbc9943ab78696fa504c11",
+ "0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b31f166e6cac0425a7"
+ "cf3ab6af6b7fc3103b883202e9046565",
+ "0x1d1c64f068cf45ffa2a63a81b7c13f6b8847a3e77ef14fe3db7fcafe0cbd10e8"
+ "e826e03436d646aaef87b2e247d4af1e",
+ "0x8abe1d7520f9c2a45cb1eb8e95cfd55262b70b29feec5864e19c054ff9912928"
+ "0e4646217791811142820341263c5315"
+ },
+
+ { "brainpoolP512r1", 512, 0,
+ "0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330871"
+ "7d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f3",
+ "0x7830a3318b603b89e2327145ac234cc594cbdd8d3df91610a83441caea9863bc"
+ "2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94ca",
+ "0x3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a7"
+ "2bf2c7b9e7c1ac4d77fc94cadc083e67984050b75ebae5dd2809bd638016f723",
+ "0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870"
+ "553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90069",
+ "0x81aee4bdd82ed9645a21322e9c4c6a9385ed9f70b5d916c1b43b62eef4d0098e"
+ "ff3b1f78e2d0d48d50d1687b93b97d5f7c6d5047406a5e688b352209bcb9f822",
+ "0x7dde385d566332ecc0eabfa9cf7822fdf209f70024a57b1aa000c55b881f8111"
+ "b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892"
+ },
+
+ { NULL, 0, 0, NULL, NULL, NULL, NULL }
+ };
+
+
+/* Registered progress function and its callback value. */
+static void (*progress_cb) (void *, const char*, int, int, int);
+static void *progress_cb_data;
+
+
+#define point_init(a) _gcry_mpi_ec_point_init ((a))
+#define point_free(a) _gcry_mpi_ec_point_free ((a))
+
+
+
+/* Local prototypes. */
+static gcry_mpi_t gen_k (gcry_mpi_t p, int security_level);
+static void test_keys (ECC_secret_key * sk, unsigned int nbits);
+static int check_secret_key (ECC_secret_key * sk);
+static gpg_err_code_t sign (gcry_mpi_t input, ECC_secret_key *skey,
+ gcry_mpi_t r, gcry_mpi_t s);
+static gpg_err_code_t verify (gcry_mpi_t input, ECC_public_key *pkey,
+ gcry_mpi_t r, gcry_mpi_t s);
+
+
+static gcry_mpi_t gen_y_2 (gcry_mpi_t x, elliptic_curve_t * base);
+
+
+
+
+void
+_gcry_register_pk_ecc_progress (void (*cb) (void *, const char *,
+ int, int, int),
+ void *cb_data)
+{
+ progress_cb = cb;
+ progress_cb_data = cb_data;
+}
+
+/* static void */
+/* progress (int c) */
+/* { */
+/* if (progress_cb) */
+/* progress_cb (progress_cb_data, "pk_ecc", c, 0, 0); */
+/* } */
+
+
+
+
+/* Set the value from S into D. */
+static void
+point_set (mpi_point_t *d, mpi_point_t *s)
+{
+ mpi_set (d->x, s->x);
+ mpi_set (d->y, s->y);
+ mpi_set (d->z, s->z);
+}
+
+
+/*
+ * Release a curve object.
+ */
+static void
+curve_free (elliptic_curve_t *E)
+{
+ mpi_free (E->p); E->p = NULL;
+ mpi_free (E->a); E->a = NULL;
+ mpi_free (E->b); E->b = NULL;
+ point_free (&E->G);
+ mpi_free (E->n); E->n = NULL;
+}
+
+
+/*
+ * Return a copy of a curve object.
+ */
+static elliptic_curve_t
+curve_copy (elliptic_curve_t E)
+{
+ elliptic_curve_t R;
+
+ R.p = mpi_copy (E.p);
+ R.a = mpi_copy (E.a);
+ R.b = mpi_copy (E.b);
+ point_init (&R.G);
+ point_set (&R.G, &E.G);
+ R.n = mpi_copy (E.n);
+
+ return R;
+}
+
+
+
+/* Helper to scan a hex string. */
+static gcry_mpi_t
+scanval (const char *string)
+{
+ gpg_error_t err;
+ gcry_mpi_t val;
+
+ err = gcry_mpi_scan (&val, GCRYMPI_FMT_HEX, string, 0, NULL);
+ if (err)
+ log_fatal ("scanning ECC parameter failed: %s\n", gpg_strerror (err));
+ return val;
+}
+
+
+
+
+
+/****************
+ * Solve the right side of the equation that defines a curve.
+ */
+static gcry_mpi_t
+gen_y_2 (gcry_mpi_t x, elliptic_curve_t *base)
+{
+ gcry_mpi_t three, x_3, axb, y;
+
+ three = mpi_alloc_set_ui (3);
+ x_3 = mpi_new (0);
+ axb = mpi_new (0);
+ y = mpi_new (0);
+
+ mpi_powm (x_3, x, three, base->p);
+ mpi_mulm (axb, base->a, x, base->p);
+ mpi_addm (axb, axb, base->b, base->p);
+ mpi_addm (y, x_3, axb, base->p);
+
+ mpi_free (x_3);
+ mpi_free (axb);
+ mpi_free (three);
+ return y; /* The quadratic value of the coordinate if it exist. */
+}
+
+
+
+
+
+/* Generate a random secret scalar k with an order of p
+
+ At the beginning this was identical to the code is in elgamal.c.
+ Later imporved by mmr. Further simplified by wk. */
+static gcry_mpi_t
+gen_k (gcry_mpi_t p, int security_level)
+{
+ gcry_mpi_t k;
+ unsigned int nbits;
+
+ nbits = mpi_get_nbits (p);
+ k = mpi_snew (nbits);
+ if (DBG_CIPHER)
+ log_debug ("choosing a random k of %u bits\n", nbits);
+
+ gcry_mpi_randomize (k, nbits, security_level);
+
+ mpi_mod (k, k, p); /* k = k mod p */
+
+ return k;
+}
+
+/****************
+ * Generate the crypto system setup.
+ * As of now the fix NIST recommended values are used.
+ * The subgroup generator point is in another function: gen_big_point.
+ */
+static gpg_err_code_t
+generate_curve (unsigned int nbits, const char *name,
+ elliptic_curve_t *curve, unsigned int *r_nbits)
+{
+ int idx, aliasno;
+
+ if (name)
+ {
+ /* First check nor native curves. */
+ for (idx = 0; domain_parms[idx].desc; idx++)
+ if (!strcmp (name, domain_parms[idx].desc))
+ break;
+ /* If not found consult the alias table. */
+ if (!domain_parms[idx].desc)
+ {
+ for (aliasno = 0; curve_aliases[aliasno].name; aliasno++)
+ if (!strcmp (name, curve_aliases[aliasno].other))
+ break;
+ if (curve_aliases[aliasno].name)
+ {
+ for (idx = 0; domain_parms[idx].desc; idx++)
+ if (!strcmp (curve_aliases[aliasno].name,
+ domain_parms[idx].desc))
+ break;
+ }
+ }
+ }
+ else
+ {
+ for (idx = 0; domain_parms[idx].desc; idx++)
+ if (nbits == domain_parms[idx].nbits)
+ break;
+ }
+ if (!domain_parms[idx].desc)
+ return GPG_ERR_INV_VALUE;
+
+ /* In fips mode we only support NIST curves. Note that it is
+ possible to bypass this check by specifying the curve parameters
+ directly. */
+ if (fips_mode () && !domain_parms[idx].fips )
+ return GPG_ERR_NOT_SUPPORTED;
+
+
+ *r_nbits = domain_parms[idx].nbits;
+ curve->p = scanval (domain_parms[idx].p);
+ curve->a = scanval (domain_parms[idx].a);
+ curve->b = scanval (domain_parms[idx].b);
+ curve->n = scanval (domain_parms[idx].n);
+ curve->G.x = scanval (domain_parms[idx].g_x);
+ curve->G.y = scanval (domain_parms[idx].g_y);
+ curve->G.z = mpi_alloc_set_ui (1);
+
+ return 0;
+}
+
+
+/*
+ * First obtain the setup. Over the finite field randomize an scalar
+ * secret value, and calculate the public point.
+ */
+static gpg_err_code_t
+generate_key (ECC_secret_key *sk, unsigned int nbits, const char *name,
+ gcry_mpi_t g_x, gcry_mpi_t g_y,
+ gcry_mpi_t q_x, gcry_mpi_t q_y)
+{
+ gpg_err_code_t err;
+ elliptic_curve_t E;
+ gcry_mpi_t d;
+ mpi_point_t Q;
+ mpi_ec_t ctx;
+
+ err = generate_curve (nbits, name, &E, &nbits);
+ if (err)
+ return err;
+
+ if (DBG_CIPHER)
+ {
+ log_mpidump ("ecc generation p", E.p);
+ log_mpidump ("ecc generation a", E.a);
+ log_mpidump ("ecc generation b", E.b);
+ log_mpidump ("ecc generation n", E.n);
+ log_mpidump ("ecc generation Gx", E.G.x);
+ log_mpidump ("ecc generation Gy", E.G.y);
+ log_mpidump ("ecc generation Gz", E.G.z);
+ }
+
+ if (DBG_CIPHER)
+ log_debug ("choosing a random x of size %u\n", nbits);
+ d = gen_k (E.n, GCRY_VERY_STRONG_RANDOM);
+
+ /* Compute Q. */
+ point_init (&Q);
+ ctx = _gcry_mpi_ec_init (E.p, E.a);
+ _gcry_mpi_ec_mul_point (&Q, d, &E.G, ctx);
+
+ /* Copy the stuff to the key structures. */
+ sk->E.p = mpi_copy (E.p);
+ sk->E.a = mpi_copy (E.a);
+ sk->E.b = mpi_copy (E.b);
+ point_init (&sk->E.G);
+ point_set (&sk->E.G, &E.G);
+ sk->E.n = mpi_copy (E.n);
+ point_init (&sk->Q);
+ point_set (&sk->Q, &Q);
+ sk->d = mpi_copy (d);
+ /* We also return copies of G and Q in affine coordinates if
+ requested. */
+ if (g_x && g_y)
+ {
+ if (_gcry_mpi_ec_get_affine (g_x, g_y, &sk->E.G, ctx))
+ log_fatal ("ecc generate: Failed to get affine coordinates\n");
+ }
+ if (q_x && q_y)
+ {
+ if (_gcry_mpi_ec_get_affine (q_x, q_y, &sk->Q, ctx))
+ log_fatal ("ecc generate: Failed to get affine coordinates\n");
+ }
+ _gcry_mpi_ec_free (ctx);
+
+ point_free (&Q);
+ mpi_free (d);
+ curve_free (&E);
+
+ /* Now we can test our keys (this should never fail!). */
+ test_keys (sk, nbits - 64);
+
+ return 0;
+}
+
+
+/****************
+ * To verify correct skey it use a random information.
+ * First, encrypt and decrypt this dummy value,
+ * test if the information is recuperated.
+ * Second, test with the sign and verify functions.
+ */
+static void
+test_keys (ECC_secret_key *sk, unsigned int nbits)
+{
+ ECC_public_key pk;
+ gcry_mpi_t test = mpi_new (nbits);
+ mpi_point_t R_;
+ gcry_mpi_t c = mpi_new (nbits);
+ gcry_mpi_t out = mpi_new (nbits);
+ gcry_mpi_t r = mpi_new (nbits);
+ gcry_mpi_t s = mpi_new (nbits);
+
+ if (DBG_CIPHER)
+ log_debug ("Testing key.\n");
+
+ point_init (&R_);
+
+ pk.E = curve_copy (sk->E);
+ point_init (&pk.Q);
+ point_set (&pk.Q, &sk->Q);
+
+ gcry_mpi_randomize (test, nbits, GCRY_WEAK_RANDOM);
+
+ if (sign (test, sk, r, s) )
+ log_fatal ("ECDSA operation: sign failed\n");
+
+ if (verify (test, &pk, r, s))
+ {
+ log_fatal ("ECDSA operation: sign, verify failed\n");
+ }
+
+ if (DBG_CIPHER)
+ log_debug ("ECDSA operation: sign, verify ok.\n");
+
+ point_free (&pk.Q);
+ curve_free (&pk.E);
+
+ point_free (&R_);
+ mpi_free (s);
+ mpi_free (r);
+ mpi_free (out);
+ mpi_free (c);
+ mpi_free (test);
+}
+
+/****************
+ * To check the validity of the value, recalculate the correspondence
+ * between the public value and the secret one.
+ */
+static int
+check_secret_key (ECC_secret_key * sk)
+{
+ mpi_point_t Q;
+ gcry_mpi_t y_2, y2 = mpi_alloc (0);
+ mpi_ec_t ctx;
+
+ /* ?primarity test of 'p' */
+ /* (...) //!! */
+ /* G in E(F_p) */
+ y_2 = gen_y_2 (sk->E.G.x, &sk->E); /* y^2=x^3+a*x+b */
+ mpi_mulm (y2, sk->E.G.y, sk->E.G.y, sk->E.p); /* y^2=y*y */
+ if (mpi_cmp (y_2, y2))
+ {
+ if (DBG_CIPHER)
+ log_debug ("Bad check: Point 'G' does not belong to curve 'E'!\n");
+ return (1);
+ }
+ /* G != PaI */
+ if (!mpi_cmp_ui (sk->E.G.z, 0))
+ {
+ if (DBG_CIPHER)
+ log_debug ("Bad check: 'G' cannot be Point at Infinity!\n");
+ return (1);
+ }
+
+ point_init (&Q);
+ ctx = _gcry_mpi_ec_init (sk->E.p, sk->E.a);
+ _gcry_mpi_ec_mul_point (&Q, sk->E.n, &sk->E.G, ctx);
+ if (mpi_cmp_ui (Q.z, 0))
+ {
+ if (DBG_CIPHER)
+ log_debug ("check_secret_key: E is not a curve of order n\n");
+ point_free (&Q);
+ _gcry_mpi_ec_free (ctx);
+ return 1;
+ }
+ /* pubkey cannot be PaI */
+ if (!mpi_cmp_ui (sk->Q.z, 0))
+ {
+ if (DBG_CIPHER)
+ log_debug ("Bad check: Q can not be a Point at Infinity!\n");
+ _gcry_mpi_ec_free (ctx);
+ return (1);
+ }
+ /* pubkey = [d]G over E */
+ _gcry_mpi_ec_mul_point (&Q, sk->d, &sk->E.G, ctx);
+ if ((Q.x == sk->Q.x) && (Q.y == sk->Q.y) && (Q.z == sk->Q.z))
+ {
+ if (DBG_CIPHER)
+ log_debug
+ ("Bad check: There is NO correspondence between 'd' and 'Q'!\n");
+ _gcry_mpi_ec_free (ctx);
+ return (1);
+ }
+ _gcry_mpi_ec_free (ctx);
+ point_free (&Q);
+ return 0;
+}
+
+
+/*
+ * Return the signature struct (r,s) from the message hash. The caller
+ * must have allocated R and S.
+ */
+static gpg_err_code_t
+sign (gcry_mpi_t input, ECC_secret_key *skey, gcry_mpi_t r, gcry_mpi_t s)
+{
+ gpg_err_code_t err = 0;
+ gcry_mpi_t k, dr, sum, k_1, x;
+ mpi_point_t I;
+ mpi_ec_t ctx;
+
+ k = NULL;
+ dr = mpi_alloc (0);
+ sum = mpi_alloc (0);
+ k_1 = mpi_alloc (0);
+ x = mpi_alloc (0);
+ point_init (&I);
+
+ mpi_set_ui (s, 0);
+ mpi_set_ui (r, 0);
+
+ ctx = _gcry_mpi_ec_init (skey->E.p, skey->E.a);
+
+ while (!mpi_cmp_ui (s, 0)) /* s == 0 */
+ {
+ while (!mpi_cmp_ui (r, 0)) /* r == 0 */
+ {
+ /* Note, that we are guaranteed to enter this loop at least
+ once because r has been intialized to 0. We can't use a
+ do_while because we want to keep the value of R even if S
+ has to be recomputed. */
+ mpi_free (k);
+ k = gen_k (skey->E.n, GCRY_STRONG_RANDOM);
+ _gcry_mpi_ec_mul_point (&I, k, &skey->E.G, ctx);
+ if (_gcry_mpi_ec_get_affine (x, NULL, &I, ctx))
+ {
+ if (DBG_CIPHER)
+ log_debug ("ecc sign: Failed to get affine coordinates\n");
+ err = GPG_ERR_BAD_SIGNATURE;
+ goto leave;
+ }
+ mpi_mod (r, x, skey->E.n); /* r = x mod n */
+ }
+ mpi_mulm (dr, skey->d, r, skey->E.n); /* dr = d*r mod n */
+ mpi_addm (sum, input, dr, skey->E.n); /* sum = hash + (d*r) mod n */
+ mpi_invm (k_1, k, skey->E.n); /* k_1 = k^(-1) mod n */
+ mpi_mulm (s, k_1, sum, skey->E.n); /* s = k^(-1)*(hash+(d*r)) mod n */
+ }
+
+ leave:
+ _gcry_mpi_ec_free (ctx);
+ point_free (&I);
+ mpi_free (x);
+ mpi_free (k_1);
+ mpi_free (sum);
+ mpi_free (dr);
+ mpi_free (k);
+
+ return err;
+}
+
+/*
+ * Check if R and S verifies INPUT.
+ */
+static gpg_err_code_t
+verify (gcry_mpi_t input, ECC_public_key *pkey, gcry_mpi_t r, gcry_mpi_t s)
+{
+ gpg_err_code_t err = 0;
+ gcry_mpi_t h, h1, h2, x, y;
+ mpi_point_t Q, Q1, Q2;
+ mpi_ec_t ctx;
+
+ if( !(mpi_cmp_ui (r, 0) > 0 && mpi_cmp (r, pkey->E.n) < 0) )
+ return GPG_ERR_BAD_SIGNATURE; /* Assertion 0 < r < n failed. */
+ if( !(mpi_cmp_ui (s, 0) > 0 && mpi_cmp (s, pkey->E.n) < 0) )
+ return GPG_ERR_BAD_SIGNATURE; /* Assertion 0 < s < n failed. */
+
+ h = mpi_alloc (0);
+ h1 = mpi_alloc (0);
+ h2 = mpi_alloc (0);
+ x = mpi_alloc (0);
+ y = mpi_alloc (0);
+ point_init (&Q);
+ point_init (&Q1);
+ point_init (&Q2);
+
+ ctx = _gcry_mpi_ec_init (pkey->E.p, pkey->E.a);
+
+ /* h = s^(-1) (mod n) */
+ mpi_invm (h, s, pkey->E.n);
+/* log_mpidump (" h", h); */
+ /* h1 = hash * s^(-1) (mod n) */
+ mpi_mulm (h1, input, h, pkey->E.n);
+/* log_mpidump (" h1", h1); */
+ /* Q1 = [ hash * s^(-1) ]G */
+ _gcry_mpi_ec_mul_point (&Q1, h1, &pkey->E.G, ctx);
+/* log_mpidump ("Q1.x", Q1.x); */
+/* log_mpidump ("Q1.y", Q1.y); */
+/* log_mpidump ("Q1.z", Q1.z); */
+ /* h2 = r * s^(-1) (mod n) */
+ mpi_mulm (h2, r, h, pkey->E.n);
+/* log_mpidump (" h2", h2); */
+ /* Q2 = [ r * s^(-1) ]Q */
+ _gcry_mpi_ec_mul_point (&Q2, h2, &pkey->Q, ctx);
+/* log_mpidump ("Q2.x", Q2.x); */
+/* log_mpidump ("Q2.y", Q2.y); */
+/* log_mpidump ("Q2.z", Q2.z); */
+ /* Q = ([hash * s^(-1)]G) + ([r * s^(-1)]Q) */
+ _gcry_mpi_ec_add_points (&Q, &Q1, &Q2, ctx);
+/* log_mpidump (" Q.x", Q.x); */
+/* log_mpidump (" Q.y", Q.y); */
+/* log_mpidump (" Q.z", Q.z); */
+
+ if (!mpi_cmp_ui (Q.z, 0))
+ {
+ if (DBG_CIPHER)
+ log_debug ("ecc verify: Rejected\n");
+ err = GPG_ERR_BAD_SIGNATURE;
+ goto leave;
+ }
+ if (_gcry_mpi_ec_get_affine (x, y, &Q, ctx))
+ {
+ if (DBG_CIPHER)
+ log_debug ("ecc verify: Failed to get affine coordinates\n");
+ err = GPG_ERR_BAD_SIGNATURE;
+ goto leave;
+ }
+ mpi_mod (x, x, pkey->E.n); /* x = x mod E_n */
+ if (mpi_cmp (x, r)) /* x != r */
+ {
+ if (DBG_CIPHER)
+ {
+ log_mpidump (" x", x);
+ log_mpidump (" y", y);
+ log_mpidump (" r", r);
+ log_mpidump (" s", s);
+ log_debug ("ecc verify: Not verified\n");
+ }
+ err = GPG_ERR_BAD_SIGNATURE;
+ goto leave;
+ }
+ if (DBG_CIPHER)
+ log_debug ("ecc verify: Accepted\n");
+
+ leave:
+ _gcry_mpi_ec_free (ctx);
+ point_free (&Q2);
+ point_free (&Q1);
+ point_free (&Q);
+ mpi_free (y);
+ mpi_free (x);
+ mpi_free (h2);
+ mpi_free (h1);
+ mpi_free (h);
+ return err;
+}
+
+
+
+/*********************************************
+ ************** interface ******************
+ *********************************************/
+static gcry_mpi_t
+ec2os (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t p)
+{
+ gpg_error_t err;
+ int pbytes = (mpi_get_nbits (p)+7)/8;
+ size_t n;
+ unsigned char *buf, *ptr;
+ gcry_mpi_t result;
+
+ buf = gcry_xmalloc ( 1 + 2*pbytes );
+ *buf = 04; /* Uncompressed point. */
+ ptr = buf+1;
+ err = gcry_mpi_print (GCRYMPI_FMT_USG, ptr, pbytes, &n, x);
+ if (err)
+ log_fatal ("mpi_print failed: %s\n", gpg_strerror (err));
+ if (n < pbytes)
+ {
+ memmove (ptr+(pbytes-n), ptr, n);
+ memset (ptr, 0, (pbytes-n));
+ }
+ ptr += pbytes;
+ err = gcry_mpi_print (GCRYMPI_FMT_USG, ptr, pbytes, &n, y);
+ if (err)
+ log_fatal ("mpi_print failed: %s\n", gpg_strerror (err));
+ if (n < pbytes)
+ {
+ memmove (ptr+(pbytes-n), ptr, n);
+ memset (ptr, 0, (pbytes-n));
+ }
+
+ err = gcry_mpi_scan (&result, GCRYMPI_FMT_USG, buf, 1+2*pbytes, NULL);
+ if (err)
+ log_fatal ("mpi_scan failed: %s\n", gpg_strerror (err));
+ gcry_free (buf);
+
+ mpi_free (x);
+ mpi_free (y);
+
+ return result;
+}
+
+/* RESULT must have been initialized and is set on success to the
+ point given by VALUE. */
+static gcry_error_t
+os2ec (mpi_point_t *result, gcry_mpi_t value)
+{
+ gcry_error_t err;
+ size_t n;
+ unsigned char *buf;
+ gcry_mpi_t x, y;
+
+ n = (mpi_get_nbits (value)+7)/8;
+ buf = gcry_xmalloc (n);
+ err = gcry_mpi_print (GCRYMPI_FMT_USG, buf, n, &n, value);
+ if (err)
+ {
+ gcry_free (buf);
+ return err;
+ }
+ if (n < 1)
+ {
+ gcry_free (buf);
+ return GPG_ERR_INV_OBJ;
+ }
+ if (*buf != 4)
+ {
+ gcry_free (buf);
+ return GPG_ERR_NOT_IMPLEMENTED; /* No support for point compression. */
+ }
+ if ( ((n-1)%2) )
+ {
+ gcry_free (buf);
+ return GPG_ERR_INV_OBJ;
+ }
+ n = (n-1)/2;
+ err = gcry_mpi_scan (&x, GCRYMPI_FMT_USG, buf+1, n, NULL);
+ if (err)
+ {
+ gcry_free (buf);
+ return err;
+ }
+ err = gcry_mpi_scan (&y, GCRYMPI_FMT_USG, buf+1+n, n, NULL);
+ gcry_free (buf);
+ if (err)
+ {
+ mpi_free (x);
+ return err;
+ }
+
+ mpi_set (result->x, x);
+ mpi_set (result->y, y);
+ mpi_set_ui (result->z, 1);
+
+ mpi_free (x);
+ mpi_free (y);
+
+ return 0;
+}
+
+
+/* Extended version of ecc_generate. */
+static gcry_err_code_t
+ecc_generate_ext (int algo, unsigned int nbits, unsigned long evalue,
+ const gcry_sexp_t genparms,
+ gcry_mpi_t *skey, gcry_mpi_t **retfactors,
+ gcry_sexp_t *r_extrainfo)
+{
+ gpg_err_code_t ec;
+ ECC_secret_key sk;
+ gcry_mpi_t g_x, g_y, q_x, q_y;
+ char *curve_name = NULL;
+ gcry_sexp_t l1;
+
+ (void)algo;
+ (void)evalue;
+ (void)r_extrainfo;
+
+ if (genparms)
+ {
+ /* Parse the optional "curve" parameter. */
+ l1 = gcry_sexp_find_token (genparms, "curve", 0);
+ if (l1)
+ {
+ curve_name = _gcry_sexp_nth_string (l1, 1);
+ gcry_sexp_release (l1);
+ if (!curve_name)
+ return GPG_ERR_INV_OBJ; /* No curve name or value too large. */
+ }
+ }
+
+ /* NBITS is required if no curve name has been given. */
+ if (!nbits && !curve_name)
+ return GPG_ERR_NO_OBJ; /* No NBITS parameter. */
+
+ g_x = mpi_new (0);
+ g_y = mpi_new (0);
+ q_x = mpi_new (0);
+ q_y = mpi_new (0);
+ ec = generate_key (&sk, nbits, curve_name, g_x, g_y, q_x, q_y);
+ gcry_free (curve_name);
+ if (ec)
+ return ec;
+
+ skey[0] = sk.E.p;
+ skey[1] = sk.E.a;
+ skey[2] = sk.E.b;
+ /* The function ec2os releases g_x and g_y. */
+ skey[3] = ec2os (g_x, g_y, sk.E.p);
+ skey[4] = sk.E.n;
+ /* The function ec2os releases g_x and g_y. */
+ skey[5] = ec2os (q_x, q_y, sk.E.p);
+ skey[6] = sk.d;
+
+ point_free (&sk.E.G);
+ point_free (&sk.Q);
+
+ /* Make an empty list of factors. */
+ *retfactors = gcry_calloc ( 1, sizeof **retfactors );
+ if (!*retfactors)
+ return gpg_err_code_from_syserror ();
+
+ return 0;
+}
+
+
+static gcry_err_code_t
+ecc_generate (int algo, unsigned int nbits, unsigned long evalue,
+ gcry_mpi_t *skey, gcry_mpi_t **retfactors)
+{
+ (void)evalue;
+ return ecc_generate_ext (algo, nbits, 0, NULL, skey, retfactors, NULL);
+}
+
+
+/* Return the parameters of the curve NAME. */
+static gcry_err_code_t
+ecc_get_param (const char *name, gcry_mpi_t *pkey)
+{
+ gpg_err_code_t err;
+ unsigned int nbits;
+ elliptic_curve_t E;
+ mpi_ec_t ctx;
+ gcry_mpi_t g_x, g_y;
+
+ err = generate_curve (0, name, &E, &nbits);
+ if (err)
+ return err;
+
+ g_x = mpi_new (0);
+ g_y = mpi_new (0);
+ ctx = _gcry_mpi_ec_init (E.p, E.a);
+ if (_gcry_mpi_ec_get_affine (g_x, g_y, &E.G, ctx))
+ log_fatal ("ecc get param: Failed to get affine coordinates\n");
+ _gcry_mpi_ec_free (ctx);
+ point_free (&E.G);
+
+ pkey[0] = E.p;
+ pkey[1] = E.a;
+ pkey[2] = E.b;
+ pkey[3] = ec2os (g_x, g_y, E.p);
+ pkey[4] = E.n;
+ pkey[5] = NULL;
+
+ return 0;
+}
+
+
+static gcry_err_code_t
+ecc_check_secret_key (int algo, gcry_mpi_t *skey)
+{
+ gpg_err_code_t err;
+ ECC_secret_key sk;
+
+ (void)algo;
+
+ if (!skey[0] || !skey[1] || !skey[2] || !skey[3] || !skey[4] || !skey[5]
+ || !skey[6] || !skey[7] || !skey[8] || !skey[9] || !skey[10])
+ return GPG_ERR_BAD_MPI;
+
+ sk.E.p = skey[0];
+ sk.E.a = skey[1];
+ sk.E.b = skey[2];
+ point_init (&sk.E.G);
+ err = os2ec (&sk.E.G, skey[3]);
+ if (err)
+ {
+ point_free (&sk.E.G);
+ return err;
+ }
+ sk.E.n = skey[4];
+ point_init (&sk.Q);
+ err = os2ec (&sk.Q, skey[5]);
+ if (err)
+ {
+ point_free (&sk.E.G);
+ point_free (&sk.Q);
+ return err;
+ }
+
+ sk.d = skey[6];
+
+ if (check_secret_key (&sk))
+ {
+ point_free (&sk.E.G);
+ point_free (&sk.Q);
+ return GPG_ERR_BAD_SECKEY;
+ }
+ point_free (&sk.E.G);
+ point_free (&sk.Q);
+ return 0;
+}
+
+
+static gcry_err_code_t
+ecc_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey)
+{
+ gpg_err_code_t err;
+ ECC_secret_key sk;
+
+ (void)algo;
+
+ if (!data || !skey[0] || !skey[1] || !skey[2] || !skey[3] || !skey[4]
+ || !skey[5] || !skey[6] )
+ return GPG_ERR_BAD_MPI;
+
+ sk.E.p = skey[0];
+ sk.E.a = skey[1];
+ sk.E.b = skey[2];
+ point_init (&sk.E.G);
+ err = os2ec (&sk.E.G, skey[3]);
+ if (err)
+ {
+ point_free (&sk.E.G);
+ return err;
+ }
+ sk.E.n = skey[4];
+ point_init (&sk.Q);
+ err = os2ec (&sk.Q, skey[5]);
+ if (err)
+ {
+ point_free (&sk.E.G);
+ point_free (&sk.Q);
+ return err;
+ }
+ sk.d = skey[6];
+
+ resarr[0] = mpi_alloc (mpi_get_nlimbs (sk.E.p));
+ resarr[1] = mpi_alloc (mpi_get_nlimbs (sk.E.p));
+ err = sign (data, &sk, resarr[0], resarr[1]);
+ if (err)
+ {
+ mpi_free (resarr[0]);
+ mpi_free (resarr[1]);
+ resarr[0] = NULL; /* Mark array as released. */
+ }
+ point_free (&sk.E.G);
+ point_free (&sk.Q);
+ return err;
+}
+
+static gcry_err_code_t
+ecc_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey,
+ int (*cmp)(void *, gcry_mpi_t), void *opaquev)
+{
+ gpg_err_code_t err;
+ ECC_public_key pk;
+
+ (void)algo;
+ (void)cmp;
+ (void)opaquev;
+
+ if (!data[0] || !data[1] || !hash || !pkey[0] || !pkey[1] || !pkey[2]
+ || !pkey[3] || !pkey[4] || !pkey[5] )
+ return GPG_ERR_BAD_MPI;
+
+ pk.E.p = pkey[0];
+ pk.E.a = pkey[1];
+ pk.E.b = pkey[2];
+ point_init (&pk.E.G);
+ err = os2ec (&pk.E.G, pkey[3]);
+ if (err)
+ {
+ point_free (&pk.E.G);
+ return err;
+ }
+ pk.E.n = pkey[4];
+ point_init (&pk.Q);
+ err = os2ec (&pk.Q, pkey[5]);
+ if (err)
+ {
+ point_free (&pk.E.G);
+ point_free (&pk.Q);
+ return err;
+ }
+
+ err = verify (hash, &pk, data[0], data[1]);
+
+ point_free (&pk.E.G);
+ point_free (&pk.Q);
+ return err;
+}
+
+
+
+static unsigned int
+ecc_get_nbits (int algo, gcry_mpi_t *pkey)
+{
+ (void)algo;
+
+ return mpi_get_nbits (pkey[0]);
+}
+
+
+
+/* See rsa.c for a description of this function. */
+static gpg_err_code_t
+compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparam)
+{
+ static const char names[] = "pabgnq";
+ gpg_err_code_t ec = 0;
+ gcry_sexp_t l1;
+ gcry_mpi_t values[6];
+ int idx;
+
+ /* Clear the values for easier error cleanup. */
+ for (idx=0; idx < 6; idx++)
+ values[idx] = NULL;
+
+ /* Fill values with all available parameters. */
+ for (idx=0; idx < 6; idx++)
+ {
+ l1 = gcry_sexp_find_token (keyparam, names+idx, 1);
+ if (l1)
+ {
+ values[idx] = gcry_sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG);
+ gcry_sexp_release (l1);
+ if (!values[idx])
+ {
+ ec = GPG_ERR_INV_OBJ;
+ goto leave;
+ }
+ }
+ }
+
+ /* Check whether a curve parameter is available and use that to fill
+ in missing values. */
+ l1 = gcry_sexp_find_token (keyparam, "curve", 5);
+ if (l1)
+ {
+ char *curve;
+ gcry_mpi_t tmpvalues[6];
+
+ for (idx = 0; idx < 6; idx++)
+ tmpvalues[idx] = NULL;
+
+ curve = _gcry_sexp_nth_string (l1, 1);
+ if (!curve)
+ {
+ ec = GPG_ERR_INV_OBJ; /* Name missing or out of core. */
+ goto leave;
+ }
+ ec = ecc_get_param (curve, tmpvalues);
+ gcry_free (curve);
+ if (ec)
+ goto leave;
+
+ for (idx = 0; idx < 6; idx++)
+ {
+ if (!values[idx])
+ values[idx] = tmpvalues[idx];
+ else
+ mpi_free (tmpvalues[idx]);
+ }
+ }
+
+ /* Check that all parameters are known and normalize all MPIs (that
+ should not be required but we use an internal fucntion later and
+ thus we better make 100% sure that they are normalized). */
+ for (idx = 0; idx < 6; idx++)
+ if (!values[idx])
+ {
+ ec = GPG_ERR_NO_OBJ;
+ goto leave;
+ }
+ else
+ _gcry_mpi_normalize (values[idx]);
+
+ /* Hash them all. */
+ for (idx = 0; idx < 6; idx++)
+ {
+ char buf[30];
+ unsigned char *rawmpi;
+ unsigned int rawmpilen;
+
+ rawmpi = _gcry_mpi_get_buffer (values[idx], &rawmpilen, NULL);
+ if (!rawmpi)
+ {
+ ec = gpg_err_code_from_syserror ();
+ goto leave;
+ }
+ snprintf (buf, sizeof buf, "(1:%c%u:", names[idx], rawmpilen);
+ gcry_md_write (md, buf, strlen (buf));
+ gcry_md_write (md, rawmpi, rawmpilen);
+ gcry_md_write (md, ")", 1);
+ gcry_free (rawmpi);
+ }
+
+ leave:
+ for (idx = 0; idx < 6; idx++)
+ _gcry_mpi_release (values[idx]);
+
+ return ec;
+}
+
+
+
+
+
+/*
+ Self-test section.
+ */
+
+
+static gpg_err_code_t
+selftests_ecdsa (selftest_report_func_t report)
+{
+ const char *what;
+ const char *errtxt;
+
+ what = "low-level";
+ errtxt = NULL; /*selftest ();*/
+ if (errtxt)
+ goto failed;
+
+ /* FIXME: need more tests. */
+
+ return 0; /* Succeeded. */
+
+ failed:
+ if (report)
+ report ("pubkey", GCRY_PK_ECDSA, what, errtxt);
+ return GPG_ERR_SELFTEST_FAILED;
+}
+
+
+/* Run a full self-test for ALGO and return 0 on success. */
+static gpg_err_code_t
+run_selftests (int algo, int extended, selftest_report_func_t report)
+{
+ gpg_err_code_t ec;
+
+ (void)extended;
+
+ switch (algo)
+ {
+ case GCRY_PK_ECDSA:
+ ec = selftests_ecdsa (report);
+ break;
+ default:
+ ec = GPG_ERR_PUBKEY_ALGO;
+ break;
+
+ }
+ return ec;
+}
+
+
+
+
+static const char *ecdsa_names[] =
+ {
+ "ecdsa",
+ "ecc",
+ NULL,
+ };
+
+gcry_pk_spec_t _gcry_pubkey_spec_ecdsa =
+ {
+ "ECDSA", ecdsa_names,
+ "pabgnq", "pabgnqd", "", "rs", "pabgnq",
+ GCRY_PK_USAGE_SIGN,
+ ecc_generate,
+ ecc_check_secret_key,
+ NULL,
+ NULL,
+ ecc_sign,
+ ecc_verify,
+ ecc_get_nbits
+ };
+
+pk_extra_spec_t _gcry_pubkey_extraspec_ecdsa =
+ {
+ run_selftests,
+ ecc_generate_ext,
+ compute_keygrip,
+ ecc_get_param
+ };
+
diff --git a/grub-core/lib/libgcrypt/cipher/elgamal.c b/grub-core/lib/libgcrypt/cipher/elgamal.c
new file mode 100644
index 0000000..0b0c07c
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/elgamal.c
@@ -0,0 +1,846 @@
+/* Elgamal.c - Elgamal Public Key encryption
+ * Copyright (C) 1998, 2000, 2001, 2002, 2003,
+ * 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ *
+ * For a description of the algorithm, see:
+ * Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996.
+ * ISBN 0-471-11709-9. Pages 476 ff.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "g10lib.h"
+#include "mpi.h"
+#include "cipher.h"
+
+typedef struct
+{
+ gcry_mpi_t p; /* prime */
+ gcry_mpi_t g; /* group generator */
+ gcry_mpi_t y; /* g^x mod p */
+} ELG_public_key;
+
+
+typedef struct
+{
+ gcry_mpi_t p; /* prime */
+ gcry_mpi_t g; /* group generator */
+ gcry_mpi_t y; /* g^x mod p */
+ gcry_mpi_t x; /* secret exponent */
+} ELG_secret_key;
+
+
+static int test_keys (ELG_secret_key *sk, unsigned int nbits, int nodie);
+static gcry_mpi_t gen_k (gcry_mpi_t p, int small_k);
+static void generate (ELG_secret_key *sk, unsigned nbits, gcry_mpi_t **factors);
+static int check_secret_key (ELG_secret_key *sk);
+static void do_encrypt (gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input,
+ ELG_public_key *pkey);
+static void decrypt (gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b,
+ ELG_secret_key *skey);
+static void sign (gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input,
+ ELG_secret_key *skey);
+static int verify (gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input,
+ ELG_public_key *pkey);
+
+
+static void (*progress_cb) (void *, const char *, int, int, int);
+static void *progress_cb_data;
+
+void
+_gcry_register_pk_elg_progress (void (*cb) (void *, const char *,
+ int, int, int),
+ void *cb_data)
+{
+ progress_cb = cb;
+ progress_cb_data = cb_data;
+}
+
+
+static void
+progress (int c)
+{
+ if (progress_cb)
+ progress_cb (progress_cb_data, "pk_elg", c, 0, 0);
+}
+
+
+/****************
+ * Michael Wiener's table on subgroup sizes to match field sizes.
+ * (floating around somewhere, probably based on the paper from
+ * Eurocrypt 96, page 332)
+ */
+static unsigned int
+wiener_map( unsigned int n )
+{
+ static struct { unsigned int p_n, q_n; } t[] =
+ { /* p q attack cost */
+ { 512, 119 }, /* 9 x 10^17 */
+ { 768, 145 }, /* 6 x 10^21 */
+ { 1024, 165 }, /* 7 x 10^24 */
+ { 1280, 183 }, /* 3 x 10^27 */
+ { 1536, 198 }, /* 7 x 10^29 */
+ { 1792, 212 }, /* 9 x 10^31 */
+ { 2048, 225 }, /* 8 x 10^33 */
+ { 2304, 237 }, /* 5 x 10^35 */
+ { 2560, 249 }, /* 3 x 10^37 */
+ { 2816, 259 }, /* 1 x 10^39 */
+ { 3072, 269 }, /* 3 x 10^40 */
+ { 3328, 279 }, /* 8 x 10^41 */
+ { 3584, 288 }, /* 2 x 10^43 */
+ { 3840, 296 }, /* 4 x 10^44 */
+ { 4096, 305 }, /* 7 x 10^45 */
+ { 4352, 313 }, /* 1 x 10^47 */
+ { 4608, 320 }, /* 2 x 10^48 */
+ { 4864, 328 }, /* 2 x 10^49 */
+ { 5120, 335 }, /* 3 x 10^50 */
+ { 0, 0 }
+ };
+ int i;
+
+ for(i=0; t[i].p_n; i++ )
+ {
+ if( n <= t[i].p_n )
+ return t[i].q_n;
+ }
+ /* Not in table - use an arbitrary high number. */
+ return n / 8 + 200;
+}
+
+static int
+test_keys ( ELG_secret_key *sk, unsigned int nbits, int nodie )
+{
+ ELG_public_key pk;
+ gcry_mpi_t test = gcry_mpi_new ( 0 );
+ gcry_mpi_t out1_a = gcry_mpi_new ( nbits );
+ gcry_mpi_t out1_b = gcry_mpi_new ( nbits );
+ gcry_mpi_t out2 = gcry_mpi_new ( nbits );
+ int failed = 0;
+
+ pk.p = sk->p;
+ pk.g = sk->g;
+ pk.y = sk->y;
+
+ gcry_mpi_randomize ( test, nbits, GCRY_WEAK_RANDOM );
+
+ do_encrypt ( out1_a, out1_b, test, &pk );
+ decrypt ( out2, out1_a, out1_b, sk );
+ if ( mpi_cmp( test, out2 ) )
+ failed |= 1;
+
+ sign ( out1_a, out1_b, test, sk );
+ if ( !verify( out1_a, out1_b, test, &pk ) )
+ failed |= 2;
+
+ gcry_mpi_release ( test );
+ gcry_mpi_release ( out1_a );
+ gcry_mpi_release ( out1_b );
+ gcry_mpi_release ( out2 );
+
+ if (failed && !nodie)
+ log_fatal ("Elgamal test key for %s %s failed\n",
+ (failed & 1)? "encrypt+decrypt":"",
+ (failed & 2)? "sign+verify":"");
+ if (failed && DBG_CIPHER)
+ log_debug ("Elgamal test key for %s %s failed\n",
+ (failed & 1)? "encrypt+decrypt":"",
+ (failed & 2)? "sign+verify":"");
+
+ return failed;
+}
+
+
+/****************
+ * Generate a random secret exponent k from prime p, so that k is
+ * relatively prime to p-1. With SMALL_K set, k will be selected for
+ * better encryption performance - this must never be used signing!
+ */
+static gcry_mpi_t
+gen_k( gcry_mpi_t p, int small_k )
+{
+ gcry_mpi_t k = mpi_alloc_secure( 0 );
+ gcry_mpi_t temp = mpi_alloc( mpi_get_nlimbs(p) );
+ gcry_mpi_t p_1 = mpi_copy(p);
+ unsigned int orig_nbits = mpi_get_nbits(p);
+ unsigned int nbits, nbytes;
+ char *rndbuf = NULL;
+
+ if (small_k)
+ {
+ /* Using a k much lesser than p is sufficient for encryption and
+ * it greatly improves the encryption performance. We use
+ * Wiener's table and add a large safety margin. */
+ nbits = wiener_map( orig_nbits ) * 3 / 2;
+ if( nbits >= orig_nbits )
+ BUG();
+ }
+ else
+ nbits = orig_nbits;
+
+
+ nbytes = (nbits+7)/8;
+ if( DBG_CIPHER )
+ log_debug("choosing a random k ");
+ mpi_sub_ui( p_1, p, 1);
+ for(;;)
+ {
+ if( !rndbuf || nbits < 32 )
+ {
+ gcry_free(rndbuf);
+ rndbuf = gcry_random_bytes_secure( nbytes, GCRY_STRONG_RANDOM );
+ }
+ else
+ {
+ /* Change only some of the higher bits. We could improve
+ this by directly requesting more memory at the first call
+ to get_random_bytes() and use this the here maybe it is
+ easier to do this directly in random.c Anyway, it is
+ highly inlikely that we will ever reach this code. */
+ char *pp = gcry_random_bytes_secure( 4, GCRY_STRONG_RANDOM );
+ memcpy( rndbuf, pp, 4 );
+ gcry_free(pp);
+ }
+ _gcry_mpi_set_buffer( k, rndbuf, nbytes, 0 );
+
+ for(;;)
+ {
+ if( !(mpi_cmp( k, p_1 ) < 0) ) /* check: k < (p-1) */
+ {
+ if( DBG_CIPHER )
+ progress('+');
+ break; /* no */
+ }
+ if( !(mpi_cmp_ui( k, 0 ) > 0) ) /* check: k > 0 */
+ {
+ if( DBG_CIPHER )
+ progress('-');
+ break; /* no */
+ }
+ if (gcry_mpi_gcd( temp, k, p_1 ))
+ goto found; /* okay, k is relative prime to (p-1) */
+ mpi_add_ui( k, k, 1 );
+ if( DBG_CIPHER )
+ progress('.');
+ }
+ }
+ found:
+ gcry_free(rndbuf);
+ if( DBG_CIPHER )
+ progress('\n');
+ mpi_free(p_1);
+ mpi_free(temp);
+
+ return k;
+}
+
+/****************
+ * Generate a key pair with a key of size NBITS
+ * Returns: 2 structures filled with all needed values
+ * and an array with n-1 factors of (p-1)
+ */
+static void
+generate ( ELG_secret_key *sk, unsigned int nbits, gcry_mpi_t **ret_factors )
+{
+ gcry_mpi_t p; /* the prime */
+ gcry_mpi_t p_min1;
+ gcry_mpi_t g;
+ gcry_mpi_t x; /* the secret exponent */
+ gcry_mpi_t y;
+ unsigned int qbits;
+ unsigned int xbits;
+ byte *rndbuf;
+
+ p_min1 = gcry_mpi_new ( nbits );
+ qbits = wiener_map( nbits );
+ if( qbits & 1 ) /* better have a even one */
+ qbits++;
+ g = mpi_alloc(1);
+ p = _gcry_generate_elg_prime( 0, nbits, qbits, g, ret_factors );
+ mpi_sub_ui(p_min1, p, 1);
+
+
+ /* Select a random number which has these properties:
+ * 0 < x < p-1
+ * This must be a very good random number because this is the
+ * secret part. The prime is public and may be shared anyway,
+ * so a random generator level of 1 is used for the prime.
+ *
+ * I don't see a reason to have a x of about the same size
+ * as the p. It should be sufficient to have one about the size
+ * of q or the later used k plus a large safety margin. Decryption
+ * will be much faster with such an x.
+ */
+ xbits = qbits * 3 / 2;
+ if( xbits >= nbits )
+ BUG();
+ x = gcry_mpi_snew ( xbits );
+ if( DBG_CIPHER )
+ log_debug("choosing a random x of size %u", xbits );
+ rndbuf = NULL;
+ do
+ {
+ if( DBG_CIPHER )
+ progress('.');
+ if( rndbuf )
+ { /* Change only some of the higher bits */
+ if( xbits < 16 ) /* should never happen ... */
+ {
+ gcry_free(rndbuf);
+ rndbuf = gcry_random_bytes_secure( (xbits+7)/8,
+ GCRY_VERY_STRONG_RANDOM );
+ }
+ else
+ {
+ char *r = gcry_random_bytes_secure( 2,
+ GCRY_VERY_STRONG_RANDOM );
+ memcpy(rndbuf, r, 2 );
+ gcry_free(r);
+ }
+ }
+ else
+ {
+ rndbuf = gcry_random_bytes_secure( (xbits+7)/8,
+ GCRY_VERY_STRONG_RANDOM );
+ }
+ _gcry_mpi_set_buffer( x, rndbuf, (xbits+7)/8, 0 );
+ mpi_clear_highbit( x, xbits+1 );
+ }
+ while( !( mpi_cmp_ui( x, 0 )>0 && mpi_cmp( x, p_min1 )<0 ) );
+ gcry_free(rndbuf);
+
+ y = gcry_mpi_new (nbits);
+ gcry_mpi_powm( y, g, x, p );
+
+ if( DBG_CIPHER )
+ {
+ progress('\n');
+ log_mpidump("elg p= ", p );
+ log_mpidump("elg g= ", g );
+ log_mpidump("elg y= ", y );
+ log_mpidump("elg x= ", x );
+ }
+
+ /* Copy the stuff to the key structures */
+ sk->p = p;
+ sk->g = g;
+ sk->y = y;
+ sk->x = x;
+
+ gcry_mpi_release ( p_min1 );
+
+ /* Now we can test our keys (this should never fail!) */
+ test_keys ( sk, nbits - 64, 0 );
+}
+
+
+/* Generate a key pair with a key of size NBITS not using a random
+ value for the secret key but the one given as X. This is useful to
+ implement a passphrase based decryption for a public key based
+ encryption. It has appliactions in backup systems.
+
+ Returns: A structure filled with all needed values and an array
+ with n-1 factors of (p-1). */
+static gcry_err_code_t
+generate_using_x (ELG_secret_key *sk, unsigned int nbits, gcry_mpi_t x,
+ gcry_mpi_t **ret_factors )
+{
+ gcry_mpi_t p; /* The prime. */
+ gcry_mpi_t p_min1; /* The prime minus 1. */
+ gcry_mpi_t g; /* The generator. */
+ gcry_mpi_t y; /* g^x mod p. */
+ unsigned int qbits;
+ unsigned int xbits;
+
+ sk->p = NULL;
+ sk->g = NULL;
+ sk->y = NULL;
+ sk->x = NULL;
+
+ /* Do a quick check to see whether X is suitable. */
+ xbits = mpi_get_nbits (x);
+ if ( xbits < 64 || xbits >= nbits )
+ return GPG_ERR_INV_VALUE;
+
+ p_min1 = gcry_mpi_new ( nbits );
+ qbits = wiener_map ( nbits );
+ if ( (qbits & 1) ) /* Better have an even one. */
+ qbits++;
+ g = mpi_alloc (1);
+ p = _gcry_generate_elg_prime ( 0, nbits, qbits, g, ret_factors );
+ mpi_sub_ui (p_min1, p, 1);
+
+ if (DBG_CIPHER)
+ log_debug ("using a supplied x of size %u", xbits );
+ if ( !(mpi_cmp_ui ( x, 0 ) > 0 && mpi_cmp ( x, p_min1 ) <0 ) )
+ {
+ gcry_mpi_release ( p_min1 );
+ gcry_mpi_release ( p );
+ gcry_mpi_release ( g );
+ return GPG_ERR_INV_VALUE;
+ }
+
+ y = gcry_mpi_new (nbits);
+ gcry_mpi_powm ( y, g, x, p );
+
+ if ( DBG_CIPHER )
+ {
+ progress ('\n');
+ log_mpidump ("elg p= ", p );
+ log_mpidump ("elg g= ", g );
+ log_mpidump ("elg y= ", y );
+ log_mpidump ("elg x= ", x );
+ }
+
+ /* Copy the stuff to the key structures */
+ sk->p = p;
+ sk->g = g;
+ sk->y = y;
+ sk->x = gcry_mpi_copy (x);
+
+ gcry_mpi_release ( p_min1 );
+
+ /* Now we can test our keys. */
+ if ( test_keys ( sk, nbits - 64, 1 ) )
+ {
+ gcry_mpi_release ( sk->p ); sk->p = NULL;
+ gcry_mpi_release ( sk->g ); sk->g = NULL;
+ gcry_mpi_release ( sk->y ); sk->y = NULL;
+ gcry_mpi_release ( sk->x ); sk->x = NULL;
+ return GPG_ERR_BAD_SECKEY;
+ }
+
+ return 0;
+}
+
+
+/****************
+ * Test whether the secret key is valid.
+ * Returns: if this is a valid key.
+ */
+static int
+check_secret_key( ELG_secret_key *sk )
+{
+ int rc;
+ gcry_mpi_t y = mpi_alloc( mpi_get_nlimbs(sk->y) );
+
+ gcry_mpi_powm( y, sk->g, sk->x, sk->p );
+ rc = !mpi_cmp( y, sk->y );
+ mpi_free( y );
+ return rc;
+}
+
+
+static void
+do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey )
+{
+ gcry_mpi_t k;
+
+ /* Note: maybe we should change the interface, so that it
+ * is possible to check that input is < p and return an
+ * error code.
+ */
+
+ k = gen_k( pkey->p, 1 );
+ gcry_mpi_powm( a, pkey->g, k, pkey->p );
+ /* b = (y^k * input) mod p
+ * = ((y^k mod p) * (input mod p)) mod p
+ * and because input is < p
+ * = ((y^k mod p) * input) mod p
+ */
+ gcry_mpi_powm( b, pkey->y, k, pkey->p );
+ gcry_mpi_mulm( b, b, input, pkey->p );
+#if 0
+ if( DBG_CIPHER )
+ {
+ log_mpidump("elg encrypted y= ", pkey->y);
+ log_mpidump("elg encrypted p= ", pkey->p);
+ log_mpidump("elg encrypted k= ", k);
+ log_mpidump("elg encrypted M= ", input);
+ log_mpidump("elg encrypted a= ", a);
+ log_mpidump("elg encrypted b= ", b);
+ }
+#endif
+ mpi_free(k);
+}
+
+
+
+
+static void
+decrypt(gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b, ELG_secret_key *skey )
+{
+ gcry_mpi_t t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) );
+
+ /* output = b/(a^x) mod p */
+ gcry_mpi_powm( t1, a, skey->x, skey->p );
+ mpi_invm( t1, t1, skey->p );
+ mpi_mulm( output, b, t1, skey->p );
+#if 0
+ if( DBG_CIPHER )
+ {
+ log_mpidump("elg decrypted x= ", skey->x);
+ log_mpidump("elg decrypted p= ", skey->p);
+ log_mpidump("elg decrypted a= ", a);
+ log_mpidump("elg decrypted b= ", b);
+ log_mpidump("elg decrypted M= ", output);
+ }
+#endif
+ mpi_free(t1);
+}
+
+
+/****************
+ * Make an Elgamal signature out of INPUT
+ */
+
+static void
+sign(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_secret_key *skey )
+{
+ gcry_mpi_t k;
+ gcry_mpi_t t = mpi_alloc( mpi_get_nlimbs(a) );
+ gcry_mpi_t inv = mpi_alloc( mpi_get_nlimbs(a) );
+ gcry_mpi_t p_1 = mpi_copy(skey->p);
+
+ /*
+ * b = (t * inv) mod (p-1)
+ * b = (t * inv(k,(p-1),(p-1)) mod (p-1)
+ * b = (((M-x*a) mod (p-1)) * inv(k,(p-1),(p-1))) mod (p-1)
+ *
+ */
+ mpi_sub_ui(p_1, p_1, 1);
+ k = gen_k( skey->p, 0 /* no small K ! */ );
+ gcry_mpi_powm( a, skey->g, k, skey->p );
+ mpi_mul(t, skey->x, a );
+ mpi_subm(t, input, t, p_1 );
+ mpi_invm(inv, k, p_1 );
+ mpi_mulm(b, t, inv, p_1 );
+
+#if 0
+ if( DBG_CIPHER )
+ {
+ log_mpidump("elg sign p= ", skey->p);
+ log_mpidump("elg sign g= ", skey->g);
+ log_mpidump("elg sign y= ", skey->y);
+ log_mpidump("elg sign x= ", skey->x);
+ log_mpidump("elg sign k= ", k);
+ log_mpidump("elg sign M= ", input);
+ log_mpidump("elg sign a= ", a);
+ log_mpidump("elg sign b= ", b);
+ }
+#endif
+ mpi_free(k);
+ mpi_free(t);
+ mpi_free(inv);
+ mpi_free(p_1);
+}
+
+
+/****************
+ * Returns true if the signature composed of A and B is valid.
+ */
+static int
+verify(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey )
+{
+ int rc;
+ gcry_mpi_t t1;
+ gcry_mpi_t t2;
+ gcry_mpi_t base[4];
+ gcry_mpi_t ex[4];
+
+ if( !(mpi_cmp_ui( a, 0 ) > 0 && mpi_cmp( a, pkey->p ) < 0) )
+ return 0; /* assertion 0 < a < p failed */
+
+ t1 = mpi_alloc( mpi_get_nlimbs(a) );
+ t2 = mpi_alloc( mpi_get_nlimbs(a) );
+
+#if 0
+ /* t1 = (y^a mod p) * (a^b mod p) mod p */
+ gcry_mpi_powm( t1, pkey->y, a, pkey->p );
+ gcry_mpi_powm( t2, a, b, pkey->p );
+ mpi_mulm( t1, t1, t2, pkey->p );
+
+ /* t2 = g ^ input mod p */
+ gcry_mpi_powm( t2, pkey->g, input, pkey->p );
+
+ rc = !mpi_cmp( t1, t2 );
+#elif 0
+ /* t1 = (y^a mod p) * (a^b mod p) mod p */
+ base[0] = pkey->y; ex[0] = a;
+ base[1] = a; ex[1] = b;
+ base[2] = NULL; ex[2] = NULL;
+ mpi_mulpowm( t1, base, ex, pkey->p );
+
+ /* t2 = g ^ input mod p */
+ gcry_mpi_powm( t2, pkey->g, input, pkey->p );
+
+ rc = !mpi_cmp( t1, t2 );
+#else
+ /* t1 = g ^ - input * y ^ a * a ^ b mod p */
+ mpi_invm(t2, pkey->g, pkey->p );
+ base[0] = t2 ; ex[0] = input;
+ base[1] = pkey->y; ex[1] = a;
+ base[2] = a; ex[2] = b;
+ base[3] = NULL; ex[3] = NULL;
+ mpi_mulpowm( t1, base, ex, pkey->p );
+ rc = !mpi_cmp_ui( t1, 1 );
+
+#endif
+
+ mpi_free(t1);
+ mpi_free(t2);
+ return rc;
+}
+
+/*********************************************
+ ************** interface ******************
+ *********************************************/
+
+static gpg_err_code_t
+elg_generate_ext (int algo, unsigned int nbits, unsigned long evalue,
+ const gcry_sexp_t genparms,
+ gcry_mpi_t *skey, gcry_mpi_t **retfactors,
+ gcry_sexp_t *r_extrainfo)
+{
+ gpg_err_code_t ec;
+ ELG_secret_key sk;
+ gcry_mpi_t xvalue = NULL;
+ gcry_sexp_t l1;
+
+ (void)algo;
+ (void)evalue;
+ (void)r_extrainfo;
+
+ if (genparms)
+ {
+ /* Parse the optional xvalue element. */
+ l1 = gcry_sexp_find_token (genparms, "xvalue", 0);
+ if (l1)
+ {
+ xvalue = gcry_sexp_nth_mpi (l1, 1, 0);
+ gcry_sexp_release (l1);
+ if (!xvalue)
+ return GPG_ERR_BAD_MPI;
+ }
+ }
+
+ if (xvalue)
+ ec = generate_using_x (&sk, nbits, xvalue, retfactors);
+ else
+ {
+ generate (&sk, nbits, retfactors);
+ ec = 0;
+ }
+
+ skey[0] = sk.p;
+ skey[1] = sk.g;
+ skey[2] = sk.y;
+ skey[3] = sk.x;
+
+ return ec;
+}
+
+
+static gcry_err_code_t
+elg_generate (int algo, unsigned int nbits, unsigned long evalue,
+ gcry_mpi_t *skey, gcry_mpi_t **retfactors)
+{
+ ELG_secret_key sk;
+
+ (void)algo;
+ (void)evalue;
+
+ generate (&sk, nbits, retfactors);
+ skey[0] = sk.p;
+ skey[1] = sk.g;
+ skey[2] = sk.y;
+ skey[3] = sk.x;
+
+ return GPG_ERR_NO_ERROR;
+}
+
+
+static gcry_err_code_t
+elg_check_secret_key (int algo, gcry_mpi_t *skey)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+ ELG_secret_key sk;
+
+ (void)algo;
+
+ if ((! skey[0]) || (! skey[1]) || (! skey[2]) || (! skey[3]))
+ err = GPG_ERR_BAD_MPI;
+ else
+ {
+ sk.p = skey[0];
+ sk.g = skey[1];
+ sk.y = skey[2];
+ sk.x = skey[3];
+
+ if (! check_secret_key (&sk))
+ err = GPG_ERR_BAD_SECKEY;
+ }
+
+ return err;
+}
+
+
+static gcry_err_code_t
+elg_encrypt (int algo, gcry_mpi_t *resarr,
+ gcry_mpi_t data, gcry_mpi_t *pkey, int flags)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+ ELG_public_key pk;
+
+ (void)algo;
+ (void)flags;
+
+ if ((! data) || (! pkey[0]) || (! pkey[1]) || (! pkey[2]))
+ err = GPG_ERR_BAD_MPI;
+ else
+ {
+ pk.p = pkey[0];
+ pk.g = pkey[1];
+ pk.y = pkey[2];
+ resarr[0] = mpi_alloc (mpi_get_nlimbs (pk.p));
+ resarr[1] = mpi_alloc (mpi_get_nlimbs (pk.p));
+ do_encrypt (resarr[0], resarr[1], data, &pk);
+ }
+ return err;
+}
+
+
+static gcry_err_code_t
+elg_decrypt (int algo, gcry_mpi_t *result,
+ gcry_mpi_t *data, gcry_mpi_t *skey, int flags)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+ ELG_secret_key sk;
+
+ (void)algo;
+ (void)flags;
+
+ if ((! data[0]) || (! data[1])
+ || (! skey[0]) || (! skey[1]) || (! skey[2]) || (! skey[3]))
+ err = GPG_ERR_BAD_MPI;
+ else
+ {
+ sk.p = skey[0];
+ sk.g = skey[1];
+ sk.y = skey[2];
+ sk.x = skey[3];
+ *result = mpi_alloc_secure (mpi_get_nlimbs (sk.p));
+ decrypt (*result, data[0], data[1], &sk);
+ }
+ return err;
+}
+
+
+static gcry_err_code_t
+elg_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+ ELG_secret_key sk;
+
+ (void)algo;
+
+ if ((! data)
+ || (! skey[0]) || (! skey[1]) || (! skey[2]) || (! skey[3]))
+ err = GPG_ERR_BAD_MPI;
+ else
+ {
+ sk.p = skey[0];
+ sk.g = skey[1];
+ sk.y = skey[2];
+ sk.x = skey[3];
+ resarr[0] = mpi_alloc (mpi_get_nlimbs (sk.p));
+ resarr[1] = mpi_alloc (mpi_get_nlimbs (sk.p));
+ sign (resarr[0], resarr[1], data, &sk);
+ }
+
+ return err;
+}
+
+
+static gcry_err_code_t
+elg_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey,
+ int (*cmp) (void *, gcry_mpi_t), void *opaquev)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+ ELG_public_key pk;
+
+ (void)algo;
+ (void)cmp;
+ (void)opaquev;
+
+ if ((! data[0]) || (! data[1]) || (! hash)
+ || (! pkey[0]) || (! pkey[1]) || (! pkey[2]))
+ err = GPG_ERR_BAD_MPI;
+ else
+ {
+ pk.p = pkey[0];
+ pk.g = pkey[1];
+ pk.y = pkey[2];
+ if (! verify (data[0], data[1], hash, &pk))
+ err = GPG_ERR_BAD_SIGNATURE;
+ }
+
+ return err;
+}
+
+
+static unsigned int
+elg_get_nbits (int algo, gcry_mpi_t *pkey)
+{
+ (void)algo;
+
+ return mpi_get_nbits (pkey[0]);
+}
+
+
+static const char *elg_names[] =
+ {
+ "elg",
+ "openpgp-elg",
+ "openpgp-elg-sig",
+ NULL,
+ };
+
+
+gcry_pk_spec_t _gcry_pubkey_spec_elg =
+ {
+ "ELG", elg_names,
+ "pgy", "pgyx", "ab", "rs", "pgy",
+ GCRY_PK_USAGE_SIGN | GCRY_PK_USAGE_ENCR,
+ elg_generate,
+ elg_check_secret_key,
+ elg_encrypt,
+ elg_decrypt,
+ elg_sign,
+ elg_verify,
+ elg_get_nbits
+ };
+
+pk_extra_spec_t _gcry_pubkey_extraspec_elg =
+ {
+ NULL,
+ elg_generate_ext,
+ NULL
+ };
+
diff --git a/grub-core/lib/libgcrypt/cipher/hash-common.c b/grub-core/lib/libgcrypt/cipher/hash-common.c
new file mode 100644
index 0000000..656e180
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/hash-common.c
@@ -0,0 +1,94 @@
+/* hash-common.c - Common code for hash algorithms
+ * Copyright (C) 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef HAVE_STDINT_H
+# include <stdint.h>
+#endif
+
+#include "g10lib.h"
+#include "hash-common.h"
+
+
+/* Run a selftest for hash algorithm ALGO. If the resulting digest
+ matches EXPECT/EXPECTLEN and everything else is fine as well,
+ return NULL. If an error occurs, return a static text string
+ describing the error.
+
+ DATAMODE controls what will be hashed according to this table:
+
+ 0 - Hash the supplied DATA of DATALEN.
+ 1 - Hash one million times a 'a'. DATA and DATALEN are ignored.
+
+*/
+const char *
+_gcry_hash_selftest_check_one (int algo,
+ int datamode, const void *data, size_t datalen,
+ const void *expect, size_t expectlen)
+{
+ const char *result = NULL;
+ gcry_error_t err = 0;
+ gcry_md_hd_t hd;
+ unsigned char *digest;
+
+ if (_gcry_md_get_algo_dlen (algo) != expectlen)
+ return "digest size does not match expected size";
+
+ err = _gcry_md_open (&hd, algo, 0);
+ if (err)
+ return "gcry_md_open failed";
+
+ switch (datamode)
+ {
+ case 0:
+ _gcry_md_write (hd, data, datalen);
+ break;
+
+ case 1: /* Hash one million times an "a". */
+ {
+ char aaa[1000];
+ int i;
+
+ /* Write in odd size chunks so that we test the buffering. */
+ memset (aaa, 'a', 1000);
+ for (i = 0; i < 1000; i++)
+ _gcry_md_write (hd, aaa, 1000);
+ }
+ break;
+
+ default:
+ result = "invalid DATAMODE";
+ }
+
+ if (!result)
+ {
+ digest = _gcry_md_read (hd, algo);
+
+ if ( memcmp (digest, expect, expectlen) )
+ result = "digest mismatch";
+ }
+
+ _gcry_md_close (hd);
+
+ return result;
+}
+
diff --git a/grub-core/lib/libgcrypt/cipher/hash-common.h b/grub-core/lib/libgcrypt/cipher/hash-common.h
new file mode 100644
index 0000000..9c4e333
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/hash-common.h
@@ -0,0 +1,33 @@
+/* hash-common.h - Declarations of common code for hash algorithms.
+ * Copyright (C) 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GCRY_HASH_COMMON_H
+#define GCRY_HASH_COMMON_H
+
+
+const char * _gcry_hash_selftest_check_one
+/**/ (int algo,
+ int datamode, const void *data, size_t datalen,
+ const void *expect, size_t expectlen);
+
+
+
+
+
+#endif /*GCRY_HASH_COMMON_H*/
diff --git a/grub-core/lib/libgcrypt/cipher/hmac-tests.c b/grub-core/lib/libgcrypt/cipher/hmac-tests.c
new file mode 100644
index 0000000..56c9b20
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/hmac-tests.c
@@ -0,0 +1,732 @@
+/* hmac-tests.c - HMAC selftests.
+ * Copyright (C) 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*
+ Although algorithm self-tests are usually implemented in the module
+ implementing the algorithm, the case for HMAC is different because
+ HMAC is implemnetd on a higher level using a special feature of the
+ gcry_md_ functions. It would be possible to do this also in the
+ digest algorithm modules, but that would blow up the code too much
+ and spread the hmac tests over several modules.
+
+ Thus we implement all HMAC tests in this test module and provide a
+ function to run the tests.
+*/
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef HAVE_STDINT_H
+# include <stdint.h>
+#endif
+
+#include "g10lib.h"
+#include "cipher.h"
+#include "hmac256.h"
+
+/* Check one HMAC with digest ALGO using the regualr HAMC
+ API. (DATA,DATALEN) is the data to be MACed, (KEY,KEYLEN) the key
+ and (EXPECT,EXPECTLEN) the expected result. Returns NULL on
+ succdess or a string describing the failure. */
+static const char *
+check_one (int algo,
+ const void *data, size_t datalen,
+ const void *key, size_t keylen,
+ const void *expect, size_t expectlen)
+{
+ gcry_md_hd_t hd;
+ const unsigned char *digest;
+
+/* printf ("HMAC algo %d\n", algo); */
+ if (_gcry_md_get_algo_dlen (algo) != expectlen)
+ return "invalid tests data";
+ if (_gcry_md_open (&hd, algo, GCRY_MD_FLAG_HMAC))
+ return "gcry_md_open failed";
+ if (_gcry_md_setkey (hd, key, keylen))
+ {
+ _gcry_md_close (hd);
+ return "gcry_md_setkey failed";
+ }
+ _gcry_md_write (hd, data, datalen);
+ digest = _gcry_md_read (hd, algo);
+ if (!digest)
+ {
+ _gcry_md_close (hd);
+ return "gcry_md_read failed";
+ }
+ if (memcmp (digest, expect, expectlen))
+ {
+/* int i; */
+
+/* fputs (" {", stdout); */
+/* for (i=0; i < expectlen-1; i++) */
+/* { */
+/* if (i && !(i % 8)) */
+/* fputs ("\n ", stdout); */
+/* printf (" 0x%02x,", digest[i]); */
+/* } */
+/* printf (" 0x%02x } },\n", digest[i]); */
+
+ _gcry_md_close (hd);
+ return "does not match";
+ }
+ _gcry_md_close (hd);
+ return NULL;
+}
+
+
+static gpg_err_code_t
+selftests_sha1 (int extended, selftest_report_func_t report)
+{
+ const char *what;
+ const char *errtxt;
+ unsigned char key[128];
+ int i, j;
+
+ what = "FIPS-198a, A.1";
+ for (i=0; i < 64; i++)
+ key[i] = i;
+ errtxt = check_one (GCRY_MD_SHA1,
+ "Sample #1", 9,
+ key, 64,
+ "\x4f\x4c\xa3\xd5\xd6\x8b\xa7\xcc\x0a\x12"
+ "\x08\xc9\xc6\x1e\x9c\x5d\xa0\x40\x3c\x0a", 20);
+ if (errtxt)
+ goto failed;
+
+ if (extended)
+ {
+ what = "FIPS-198a, A.2";
+ for (i=0, j=0x30; i < 20; i++)
+ key[i] = j++;
+ errtxt = check_one (GCRY_MD_SHA1,
+ "Sample #2", 9,
+ key, 20,
+ "\x09\x22\xd3\x40\x5f\xaa\x3d\x19\x4f\x82"
+ "\xa4\x58\x30\x73\x7d\x5c\xc6\xc7\x5d\x24", 20);
+ if (errtxt)
+ goto failed;
+
+ what = "FIPS-198a, A.3";
+ for (i=0, j=0x50; i < 100; i++)
+ key[i] = j++;
+ errtxt = check_one (GCRY_MD_SHA1,
+ "Sample #3", 9,
+ key, 100,
+ "\xbc\xf4\x1e\xab\x8b\xb2\xd8\x02\xf3\xd0"
+ "\x5c\xaf\x7c\xb0\x92\xec\xf8\xd1\xa3\xaa", 20 );
+ if (errtxt)
+ goto failed;
+
+ what = "FIPS-198a, A.4";
+ for (i=0, j=0x70; i < 49; i++)
+ key[i] = j++;
+ errtxt = check_one (GCRY_MD_SHA1,
+ "Sample #4", 9,
+ key, 49,
+ "\x9e\xa8\x86\xef\xe2\x68\xdb\xec\xce\x42"
+ "\x0c\x75\x24\xdf\x32\xe0\x75\x1a\x2a\x26", 20 );
+ if (errtxt)
+ goto failed;
+ }
+
+ return 0; /* Succeeded. */
+
+ failed:
+ if (report)
+ report ("hmac", GCRY_MD_SHA1, what, errtxt);
+ return GPG_ERR_SELFTEST_FAILED;
+}
+
+
+
+static gpg_err_code_t
+selftests_sha224 (int extended, selftest_report_func_t report)
+{
+ static struct
+ {
+ const char * const desc;
+ const char * const data;
+ const char * const key;
+ const char expect[28];
+ } tv[] =
+ {
+ { "data-28 key-4",
+ "what do ya want for nothing?",
+ "Jefe",
+ { 0xa3, 0x0e, 0x01, 0x09, 0x8b, 0xc6, 0xdb, 0xbf,
+ 0x45, 0x69, 0x0f, 0x3a, 0x7e, 0x9e, 0x6d, 0x0f,
+ 0x8b, 0xbe, 0xa2, 0xa3, 0x9e, 0x61, 0x48, 0x00,
+ 0x8f, 0xd0, 0x5e, 0x44 } },
+
+ { "data-9 key-20",
+ "Hi There",
+ "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+ "\x0b\x0b\x0b\x0b",
+ { 0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19,
+ 0x68, 0x32, 0x10, 0x7c, 0xd4, 0x9d, 0xf3, 0x3f,
+ 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f,
+ 0x53, 0x68, 0x4b, 0x22 } },
+
+ { "data-50 key-20",
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd",
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa",
+ { 0x7f, 0xb3, 0xcb, 0x35, 0x88, 0xc6, 0xc1, 0xf6,
+ 0xff, 0xa9, 0x69, 0x4d, 0x7d, 0x6a, 0xd2, 0x64,
+ 0x93, 0x65, 0xb0, 0xc1, 0xf6, 0x5d, 0x69, 0xd1,
+ 0xec, 0x83, 0x33, 0xea } },
+
+ { "data-50 key-26",
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd",
+ "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"
+ "\x11\x12\x13\x14\x15\x16\x17\x18\x19",
+ { 0x6c, 0x11, 0x50, 0x68, 0x74, 0x01, 0x3c, 0xac,
+ 0x6a, 0x2a, 0xbc, 0x1b, 0xb3, 0x82, 0x62, 0x7c,
+ 0xec, 0x6a, 0x90, 0xd8, 0x6e, 0xfc, 0x01, 0x2d,
+ 0xe7, 0xaf, 0xec, 0x5a } },
+
+ { "data-54 key-131",
+ "Test Using Larger Than Block-Size Key - Hash Key First",
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa",
+ { 0x95, 0xe9, 0xa0, 0xdb, 0x96, 0x20, 0x95, 0xad,
+ 0xae, 0xbe, 0x9b, 0x2d, 0x6f, 0x0d, 0xbc, 0xe2,
+ 0xd4, 0x99, 0xf1, 0x12, 0xf2, 0xd2, 0xb7, 0x27,
+ 0x3f, 0xa6, 0x87, 0x0e } },
+
+ { "data-152 key-131",
+ "This is a test using a larger than block-size key and a larger "
+ "than block-size data. The key needs to be hashed before being "
+ "used by the HMAC algorithm.",
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa",
+ { 0x3a, 0x85, 0x41, 0x66, 0xac, 0x5d, 0x9f, 0x02,
+ 0x3f, 0x54, 0xd5, 0x17, 0xd0, 0xb3, 0x9d, 0xbd,
+ 0x94, 0x67, 0x70, 0xdb, 0x9c, 0x2b, 0x95, 0xc9,
+ 0xf6, 0xf5, 0x65, 0xd1 } },
+
+ { NULL }
+ };
+ const char *what;
+ const char *errtxt;
+ int tvidx;
+
+ for (tvidx=0; tv[tvidx].desc; tvidx++)
+ {
+ what = tv[tvidx].desc;
+ errtxt = check_one (GCRY_MD_SHA224,
+ tv[tvidx].data, strlen (tv[tvidx].data),
+ tv[tvidx].key, strlen (tv[tvidx].key),
+ tv[tvidx].expect, DIM (tv[tvidx].expect) );
+ if (errtxt)
+ goto failed;
+ if (!extended)
+ break;
+ }
+
+ return 0; /* Succeeded. */
+
+ failed:
+ if (report)
+ report ("hmac", GCRY_MD_SHA224, what, errtxt);
+ return GPG_ERR_SELFTEST_FAILED;
+}
+
+
+static gpg_err_code_t
+selftests_sha256 (int extended, selftest_report_func_t report)
+{
+ static struct
+ {
+ const char * const desc;
+ const char * const data;
+ const char * const key;
+ const char expect[32];
+ } tv[] =
+ {
+ { "data-28 key-4",
+ "what do ya want for nothing?",
+ "Jefe",
+ { 0x5b, 0xdc, 0xc1, 0x46, 0xbf, 0x60, 0x75, 0x4e,
+ 0x6a, 0x04, 0x24, 0x26, 0x08, 0x95, 0x75, 0xc7,
+ 0x5a, 0x00, 0x3f, 0x08, 0x9d, 0x27, 0x39, 0x83,
+ 0x9d, 0xec, 0x58, 0xb9, 0x64, 0xec, 0x38, 0x43 } },
+
+ { "data-9 key-20",
+ "Hi There",
+ "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+ "\x0b\x0b\x0b\x0b",
+ { 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53,
+ 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b,
+ 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7,
+ 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7 } },
+
+ { "data-50 key-20",
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd",
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa",
+ { 0x77, 0x3e, 0xa9, 0x1e, 0x36, 0x80, 0x0e, 0x46,
+ 0x85, 0x4d, 0xb8, 0xeb, 0xd0, 0x91, 0x81, 0xa7,
+ 0x29, 0x59, 0x09, 0x8b, 0x3e, 0xf8, 0xc1, 0x22,
+ 0xd9, 0x63, 0x55, 0x14, 0xce, 0xd5, 0x65, 0xfe } },
+
+ { "data-50 key-26",
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd",
+ "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"
+ "\x11\x12\x13\x14\x15\x16\x17\x18\x19",
+ { 0x82, 0x55, 0x8a, 0x38, 0x9a, 0x44, 0x3c, 0x0e,
+ 0xa4, 0xcc, 0x81, 0x98, 0x99, 0xf2, 0x08, 0x3a,
+ 0x85, 0xf0, 0xfa, 0xa3, 0xe5, 0x78, 0xf8, 0x07,
+ 0x7a, 0x2e, 0x3f, 0xf4, 0x67, 0x29, 0x66, 0x5b } },
+
+ { "data-54 key-131",
+ "Test Using Larger Than Block-Size Key - Hash Key First",
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa",
+ { 0x60, 0xe4, 0x31, 0x59, 0x1e, 0xe0, 0xb6, 0x7f,
+ 0x0d, 0x8a, 0x26, 0xaa, 0xcb, 0xf5, 0xb7, 0x7f,
+ 0x8e, 0x0b, 0xc6, 0x21, 0x37, 0x28, 0xc5, 0x14,
+ 0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3, 0x7f, 0x54 } },
+
+ { "data-152 key-131",
+ "This is a test using a larger than block-size key and a larger "
+ "than block-size data. The key needs to be hashed before being "
+ "used by the HMAC algorithm.",
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa",
+ { 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94, 0x2f, 0xcb,
+ 0x27, 0x63, 0x5f, 0xbc, 0xd5, 0xb0, 0xe9, 0x44,
+ 0xbf, 0xdc, 0x63, 0x64, 0x4f, 0x07, 0x13, 0x93,
+ 0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a, 0x35, 0xe2 } },
+
+ { NULL }
+ };
+ const char *what;
+ const char *errtxt;
+ int tvidx;
+
+ for (tvidx=0; tv[tvidx].desc; tvidx++)
+ {
+ hmac256_context_t hmachd;
+ const unsigned char *digest;
+ size_t dlen;
+
+ what = tv[tvidx].desc;
+ errtxt = check_one (GCRY_MD_SHA256,
+ tv[tvidx].data, strlen (tv[tvidx].data),
+ tv[tvidx].key, strlen (tv[tvidx].key),
+ tv[tvidx].expect, DIM (tv[tvidx].expect) );
+ if (errtxt)
+ goto failed;
+
+ hmachd = _gcry_hmac256_new (tv[tvidx].key, strlen (tv[tvidx].key));
+ if (!hmachd)
+ {
+ errtxt = "_gcry_hmac256_new failed";
+ goto failed;
+ }
+ _gcry_hmac256_update (hmachd, tv[tvidx].data, strlen (tv[tvidx].data));
+ digest = _gcry_hmac256_finalize (hmachd, &dlen);
+ if (!digest)
+ {
+ errtxt = "_gcry_hmac256_finalize failed";
+ _gcry_hmac256_release (hmachd);
+ goto failed;
+ }
+ if (dlen != DIM (tv[tvidx].expect)
+ || memcmp (digest, tv[tvidx].expect, DIM (tv[tvidx].expect)))
+ {
+ errtxt = "does not match in second implementation";
+ _gcry_hmac256_release (hmachd);
+ goto failed;
+ }
+ _gcry_hmac256_release (hmachd);
+
+ if (!extended)
+ break;
+ }
+
+ return 0; /* Succeeded. */
+
+ failed:
+ if (report)
+ report ("hmac", GCRY_MD_SHA256, what, errtxt);
+ return GPG_ERR_SELFTEST_FAILED;
+}
+
+
+static gpg_err_code_t
+selftests_sha384 (int extended, selftest_report_func_t report)
+{
+ static struct
+ {
+ const char * const desc;
+ const char * const data;
+ const char * const key;
+ const char expect[48];
+ } tv[] =
+ {
+ { "data-28 key-4",
+ "what do ya want for nothing?",
+ "Jefe",
+ { 0xaf, 0x45, 0xd2, 0xe3, 0x76, 0x48, 0x40, 0x31,
+ 0x61, 0x7f, 0x78, 0xd2, 0xb5, 0x8a, 0x6b, 0x1b,
+ 0x9c, 0x7e, 0xf4, 0x64, 0xf5, 0xa0, 0x1b, 0x47,
+ 0xe4, 0x2e, 0xc3, 0x73, 0x63, 0x22, 0x44, 0x5e,
+ 0x8e, 0x22, 0x40, 0xca, 0x5e, 0x69, 0xe2, 0xc7,
+ 0x8b, 0x32, 0x39, 0xec, 0xfa, 0xb2, 0x16, 0x49 } },
+
+ { "data-9 key-20",
+ "Hi There",
+ "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+ "\x0b\x0b\x0b\x0b",
+ { 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62,
+ 0x6b, 0x08, 0x25, 0xf4, 0xab, 0x46, 0x90, 0x7f,
+ 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6,
+ 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c,
+ 0xfa, 0xea, 0x9e, 0xa9, 0x07, 0x6e, 0xde, 0x7f,
+ 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6 } },
+
+ { "data-50 key-20",
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd",
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa",
+ { 0x88, 0x06, 0x26, 0x08, 0xd3, 0xe6, 0xad, 0x8a,
+ 0x0a, 0xa2, 0xac, 0xe0, 0x14, 0xc8, 0xa8, 0x6f,
+ 0x0a, 0xa6, 0x35, 0xd9, 0x47, 0xac, 0x9f, 0xeb,
+ 0xe8, 0x3e, 0xf4, 0xe5, 0x59, 0x66, 0x14, 0x4b,
+ 0x2a, 0x5a, 0xb3, 0x9d, 0xc1, 0x38, 0x14, 0xb9,
+ 0x4e, 0x3a, 0xb6, 0xe1, 0x01, 0xa3, 0x4f, 0x27 } },
+
+ { "data-50 key-26",
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd",
+ "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"
+ "\x11\x12\x13\x14\x15\x16\x17\x18\x19",
+ { 0x3e, 0x8a, 0x69, 0xb7, 0x78, 0x3c, 0x25, 0x85,
+ 0x19, 0x33, 0xab, 0x62, 0x90, 0xaf, 0x6c, 0xa7,
+ 0x7a, 0x99, 0x81, 0x48, 0x08, 0x50, 0x00, 0x9c,
+ 0xc5, 0x57, 0x7c, 0x6e, 0x1f, 0x57, 0x3b, 0x4e,
+ 0x68, 0x01, 0xdd, 0x23, 0xc4, 0xa7, 0xd6, 0x79,
+ 0xcc, 0xf8, 0xa3, 0x86, 0xc6, 0x74, 0xcf, 0xfb } },
+
+ { "data-54 key-131",
+ "Test Using Larger Than Block-Size Key - Hash Key First",
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa",
+ { 0x4e, 0xce, 0x08, 0x44, 0x85, 0x81, 0x3e, 0x90,
+ 0x88, 0xd2, 0xc6, 0x3a, 0x04, 0x1b, 0xc5, 0xb4,
+ 0x4f, 0x9e, 0xf1, 0x01, 0x2a, 0x2b, 0x58, 0x8f,
+ 0x3c, 0xd1, 0x1f, 0x05, 0x03, 0x3a, 0xc4, 0xc6,
+ 0x0c, 0x2e, 0xf6, 0xab, 0x40, 0x30, 0xfe, 0x82,
+ 0x96, 0x24, 0x8d, 0xf1, 0x63, 0xf4, 0x49, 0x52 } },
+
+ { "data-152 key-131",
+ "This is a test using a larger than block-size key and a larger "
+ "than block-size data. The key needs to be hashed before being "
+ "used by the HMAC algorithm.",
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa",
+ { 0x66, 0x17, 0x17, 0x8e, 0x94, 0x1f, 0x02, 0x0d,
+ 0x35, 0x1e, 0x2f, 0x25, 0x4e, 0x8f, 0xd3, 0x2c,
+ 0x60, 0x24, 0x20, 0xfe, 0xb0, 0xb8, 0xfb, 0x9a,
+ 0xdc, 0xce, 0xbb, 0x82, 0x46, 0x1e, 0x99, 0xc5,
+ 0xa6, 0x78, 0xcc, 0x31, 0xe7, 0x99, 0x17, 0x6d,
+ 0x38, 0x60, 0xe6, 0x11, 0x0c, 0x46, 0x52, 0x3e } },
+
+ { NULL }
+ };
+ const char *what;
+ const char *errtxt;
+ int tvidx;
+
+ for (tvidx=0; tv[tvidx].desc; tvidx++)
+ {
+ what = tv[tvidx].desc;
+ errtxt = check_one (GCRY_MD_SHA384,
+ tv[tvidx].data, strlen (tv[tvidx].data),
+ tv[tvidx].key, strlen (tv[tvidx].key),
+ tv[tvidx].expect, DIM (tv[tvidx].expect) );
+ if (errtxt)
+ goto failed;
+ if (!extended)
+ break;
+ }
+
+ return 0; /* Succeeded. */
+
+ failed:
+ if (report)
+ report ("hmac", GCRY_MD_SHA384, what, errtxt);
+ return GPG_ERR_SELFTEST_FAILED;
+}
+
+
+static gpg_err_code_t
+selftests_sha512 (int extended, selftest_report_func_t report)
+{
+ static struct
+ {
+ const char * const desc;
+ const char * const data;
+ const char * const key;
+ const char expect[64];
+ } tv[] =
+ {
+ { "data-28 key-4",
+ "what do ya want for nothing?",
+ "Jefe",
+ { 0x16, 0x4b, 0x7a, 0x7b, 0xfc, 0xf8, 0x19, 0xe2,
+ 0xe3, 0x95, 0xfb, 0xe7, 0x3b, 0x56, 0xe0, 0xa3,
+ 0x87, 0xbd, 0x64, 0x22, 0x2e, 0x83, 0x1f, 0xd6,
+ 0x10, 0x27, 0x0c, 0xd7, 0xea, 0x25, 0x05, 0x54,
+ 0x97, 0x58, 0xbf, 0x75, 0xc0, 0x5a, 0x99, 0x4a,
+ 0x6d, 0x03, 0x4f, 0x65, 0xf8, 0xf0, 0xe6, 0xfd,
+ 0xca, 0xea, 0xb1, 0xa3, 0x4d, 0x4a, 0x6b, 0x4b,
+ 0x63, 0x6e, 0x07, 0x0a, 0x38, 0xbc, 0xe7, 0x37 } },
+
+ { "data-9 key-20",
+ "Hi There",
+ "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+ "\x0b\x0b\x0b\x0b",
+ { 0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d,
+ 0x4f, 0xf0, 0xb4, 0x24, 0x1a, 0x1d, 0x6c, 0xb0,
+ 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78,
+ 0x7a, 0xd0, 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde,
+ 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7, 0x02,
+ 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4,
+ 0xbe, 0x9d, 0x91, 0x4e, 0xeb, 0x61, 0xf1, 0x70,
+ 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54 } },
+
+ { "data-50 key-20",
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd",
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa",
+ { 0xfa, 0x73, 0xb0, 0x08, 0x9d, 0x56, 0xa2, 0x84,
+ 0xef, 0xb0, 0xf0, 0x75, 0x6c, 0x89, 0x0b, 0xe9,
+ 0xb1, 0xb5, 0xdb, 0xdd, 0x8e, 0xe8, 0x1a, 0x36,
+ 0x55, 0xf8, 0x3e, 0x33, 0xb2, 0x27, 0x9d, 0x39,
+ 0xbf, 0x3e, 0x84, 0x82, 0x79, 0xa7, 0x22, 0xc8,
+ 0x06, 0xb4, 0x85, 0xa4, 0x7e, 0x67, 0xc8, 0x07,
+ 0xb9, 0x46, 0xa3, 0x37, 0xbe, 0xe8, 0x94, 0x26,
+ 0x74, 0x27, 0x88, 0x59, 0xe1, 0x32, 0x92, 0xfb } },
+
+ { "data-50 key-26",
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd",
+ "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"
+ "\x11\x12\x13\x14\x15\x16\x17\x18\x19",
+ { 0xb0, 0xba, 0x46, 0x56, 0x37, 0x45, 0x8c, 0x69,
+ 0x90, 0xe5, 0xa8, 0xc5, 0xf6, 0x1d, 0x4a, 0xf7,
+ 0xe5, 0x76, 0xd9, 0x7f, 0xf9, 0x4b, 0x87, 0x2d,
+ 0xe7, 0x6f, 0x80, 0x50, 0x36, 0x1e, 0xe3, 0xdb,
+ 0xa9, 0x1c, 0xa5, 0xc1, 0x1a, 0xa2, 0x5e, 0xb4,
+ 0xd6, 0x79, 0x27, 0x5c, 0xc5, 0x78, 0x80, 0x63,
+ 0xa5, 0xf1, 0x97, 0x41, 0x12, 0x0c, 0x4f, 0x2d,
+ 0xe2, 0xad, 0xeb, 0xeb, 0x10, 0xa2, 0x98, 0xdd } },
+
+ { "data-54 key-131",
+ "Test Using Larger Than Block-Size Key - Hash Key First",
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa",
+ { 0x80, 0xb2, 0x42, 0x63, 0xc7, 0xc1, 0xa3, 0xeb,
+ 0xb7, 0x14, 0x93, 0xc1, 0xdd, 0x7b, 0xe8, 0xb4,
+ 0x9b, 0x46, 0xd1, 0xf4, 0x1b, 0x4a, 0xee, 0xc1,
+ 0x12, 0x1b, 0x01, 0x37, 0x83, 0xf8, 0xf3, 0x52,
+ 0x6b, 0x56, 0xd0, 0x37, 0xe0, 0x5f, 0x25, 0x98,
+ 0xbd, 0x0f, 0xd2, 0x21, 0x5d, 0x6a, 0x1e, 0x52,
+ 0x95, 0xe6, 0x4f, 0x73, 0xf6, 0x3f, 0x0a, 0xec,
+ 0x8b, 0x91, 0x5a, 0x98, 0x5d, 0x78, 0x65, 0x98 } },
+
+ { "data-152 key-131",
+ "This is a test using a larger than block-size key and a larger "
+ "than block-size data. The key needs to be hashed before being "
+ "used by the HMAC algorithm.",
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa",
+ { 0xe3, 0x7b, 0x6a, 0x77, 0x5d, 0xc8, 0x7d, 0xba,
+ 0xa4, 0xdf, 0xa9, 0xf9, 0x6e, 0x5e, 0x3f, 0xfd,
+ 0xde, 0xbd, 0x71, 0xf8, 0x86, 0x72, 0x89, 0x86,
+ 0x5d, 0xf5, 0xa3, 0x2d, 0x20, 0xcd, 0xc9, 0x44,
+ 0xb6, 0x02, 0x2c, 0xac, 0x3c, 0x49, 0x82, 0xb1,
+ 0x0d, 0x5e, 0xeb, 0x55, 0xc3, 0xe4, 0xde, 0x15,
+ 0x13, 0x46, 0x76, 0xfb, 0x6d, 0xe0, 0x44, 0x60,
+ 0x65, 0xc9, 0x74, 0x40, 0xfa, 0x8c, 0x6a, 0x58 } },
+
+ { NULL }
+ };
+ const char *what;
+ const char *errtxt;
+ int tvidx;
+
+ for (tvidx=0; tv[tvidx].desc; tvidx++)
+ {
+ what = tv[tvidx].desc;
+ errtxt = check_one (GCRY_MD_SHA512,
+ tv[tvidx].data, strlen (tv[tvidx].data),
+ tv[tvidx].key, strlen (tv[tvidx].key),
+ tv[tvidx].expect, DIM (tv[tvidx].expect) );
+ if (errtxt)
+ goto failed;
+ if (!extended)
+ break;
+ }
+
+ return 0; /* Succeeded. */
+
+ failed:
+ if (report)
+ report ("hmac", GCRY_MD_SHA512, what, errtxt);
+ return GPG_ERR_SELFTEST_FAILED;
+}
+
+
+
+/* Run a full self-test for ALGO and return 0 on success. */
+static gpg_err_code_t
+run_selftests (int algo, int extended, selftest_report_func_t report)
+{
+ gpg_err_code_t ec;
+
+ switch (algo)
+ {
+ case GCRY_MD_SHA1:
+ ec = selftests_sha1 (extended, report);
+ break;
+ case GCRY_MD_SHA224:
+ ec = selftests_sha224 (extended, report);
+ break;
+ case GCRY_MD_SHA256:
+ ec = selftests_sha256 (extended, report);
+ break;
+ case GCRY_MD_SHA384:
+ ec = selftests_sha384 (extended, report);
+ break;
+ case GCRY_MD_SHA512:
+ ec = selftests_sha512 (extended, report);
+ break;
+ default:
+ ec = GPG_ERR_DIGEST_ALGO;
+ break;
+ }
+ return ec;
+}
+
+
+
+
+/* Run the selftests for HMAC with digest algorithm ALGO with optional
+ reporting function REPORT. */
+gpg_error_t
+_gcry_hmac_selftest (int algo, int extended, selftest_report_func_t report)
+{
+ gcry_err_code_t ec = 0;
+
+ if (!gcry_md_test_algo (algo))
+ {
+ ec = run_selftests (algo, extended, report);
+ }
+ else
+ {
+ ec = GPG_ERR_DIGEST_ALGO;
+ if (report)
+ report ("hmac", algo, "module", "algorithm not available");
+ }
+ return gpg_error (ec);
+}
diff --git a/grub-core/lib/libgcrypt/cipher/md.c b/grub-core/lib/libgcrypt/cipher/md.c
new file mode 100644
index 0000000..5dfbbd9
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/md.c
@@ -0,0 +1,1375 @@
+/* md.c - message digest dispatcher
+ * Copyright (C) 1998, 1999, 2002, 2003, 2006,
+ * 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+
+#include "g10lib.h"
+#include "cipher.h"
+#include "ath.h"
+
+#include "rmd.h"
+
+/* A dummy extraspec so that we do not need to tests the extraspec
+ field from the module specification against NULL and instead
+ directly test the respective fields of extraspecs. */
+static md_extra_spec_t dummy_extra_spec;
+
+
+/* This is the list of the digest implementations included in
+ libgcrypt. */
+static struct digest_table_entry
+{
+ gcry_md_spec_t *digest;
+ md_extra_spec_t *extraspec;
+ unsigned int algorithm;
+ int fips_allowed;
+} digest_table[] =
+ {
+#if USE_CRC
+ /* We allow the CRC algorithms even in FIPS mode because they are
+ actually no cryptographic primitives. */
+ { &_gcry_digest_spec_crc32,
+ &dummy_extra_spec, GCRY_MD_CRC32, 1 },
+ { &_gcry_digest_spec_crc32_rfc1510,
+ &dummy_extra_spec, GCRY_MD_CRC32_RFC1510, 1 },
+ { &_gcry_digest_spec_crc24_rfc2440,
+ &dummy_extra_spec, GCRY_MD_CRC24_RFC2440, 1 },
+#endif
+#if USE_MD4
+ { &_gcry_digest_spec_md4,
+ &dummy_extra_spec, GCRY_MD_MD4 },
+#endif
+#if USE_MD5
+ { &_gcry_digest_spec_md5,
+ &dummy_extra_spec, GCRY_MD_MD5, 1 },
+#endif
+#if USE_RMD160
+ { &_gcry_digest_spec_rmd160,
+ &dummy_extra_spec, GCRY_MD_RMD160 },
+#endif
+#if USE_SHA1
+ { &_gcry_digest_spec_sha1,
+ &_gcry_digest_extraspec_sha1, GCRY_MD_SHA1, 1 },
+#endif
+#if USE_SHA256
+ { &_gcry_digest_spec_sha256,
+ &_gcry_digest_extraspec_sha256, GCRY_MD_SHA256, 1 },
+ { &_gcry_digest_spec_sha224,
+ &_gcry_digest_extraspec_sha224, GCRY_MD_SHA224, 1 },
+#endif
+#if USE_SHA512
+ { &_gcry_digest_spec_sha512,
+ &_gcry_digest_extraspec_sha512, GCRY_MD_SHA512, 1 },
+ { &_gcry_digest_spec_sha384,
+ &_gcry_digest_extraspec_sha384, GCRY_MD_SHA384, 1 },
+#endif
+#if USE_TIGER
+ { &_gcry_digest_spec_tiger,
+ &dummy_extra_spec, GCRY_MD_TIGER },
+#endif
+#if USE_WHIRLPOOL
+ { &_gcry_digest_spec_whirlpool,
+ &dummy_extra_spec, GCRY_MD_WHIRLPOOL },
+#endif
+ { NULL },
+ };
+
+/* List of registered digests. */
+static gcry_module_t digests_registered;
+
+/* This is the lock protecting DIGESTS_REGISTERED. */
+static ath_mutex_t digests_registered_lock = ATH_MUTEX_INITIALIZER;
+
+/* Flag to check wether the default ciphers have already been
+ registered. */
+static int default_digests_registered;
+
+typedef struct gcry_md_list
+{
+ gcry_md_spec_t *digest;
+ gcry_module_t module;
+ struct gcry_md_list *next;
+ size_t actual_struct_size; /* Allocated size of this structure. */
+ PROPERLY_ALIGNED_TYPE context;
+} GcryDigestEntry;
+
+/* this structure is put right after the gcry_md_hd_t buffer, so that
+ * only one memory block is needed. */
+struct gcry_md_context
+{
+ int magic;
+ size_t actual_handle_size; /* Allocated size of this handle. */
+ int secure;
+ FILE *debug;
+ int finalized;
+ GcryDigestEntry *list;
+ byte *macpads;
+ int macpads_Bsize; /* Blocksize as used for the HMAC pads. */
+};
+
+
+#define CTX_MAGIC_NORMAL 0x11071961
+#define CTX_MAGIC_SECURE 0x16917011
+
+/* Convenient macro for registering the default digests. */
+#define REGISTER_DEFAULT_DIGESTS \
+ do \
+ { \
+ ath_mutex_lock (&digests_registered_lock); \
+ if (! default_digests_registered) \
+ { \
+ md_register_default (); \
+ default_digests_registered = 1; \
+ } \
+ ath_mutex_unlock (&digests_registered_lock); \
+ } \
+ while (0)
+
+
+static const char * digest_algo_to_string( int algo );
+static gcry_err_code_t check_digest_algo (int algo);
+static gcry_err_code_t md_open (gcry_md_hd_t *h, int algo,
+ int secure, int hmac);
+static gcry_err_code_t md_enable (gcry_md_hd_t hd, int algo);
+static gcry_err_code_t md_copy (gcry_md_hd_t a, gcry_md_hd_t *b);
+static void md_close (gcry_md_hd_t a);
+static void md_write (gcry_md_hd_t a, const void *inbuf, size_t inlen);
+static void md_final(gcry_md_hd_t a);
+static byte *md_read( gcry_md_hd_t a, int algo );
+static int md_get_algo( gcry_md_hd_t a );
+static int md_digest_length( int algo );
+static const byte *md_asn_oid( int algo, size_t *asnlen, size_t *mdlen );
+static void md_start_debug ( gcry_md_hd_t a, const char *suffix );
+static void md_stop_debug ( gcry_md_hd_t a );
+
+
+
+
+/* Internal function. Register all the ciphers included in
+ CIPHER_TABLE. Returns zero on success or an error code. */
+static void
+md_register_default (void)
+{
+ gcry_err_code_t err = 0;
+ int i;
+
+ for (i = 0; !err && digest_table[i].digest; i++)
+ {
+ if ( fips_mode ())
+ {
+ if (!digest_table[i].fips_allowed)
+ continue;
+ if (digest_table[i].algorithm == GCRY_MD_MD5
+ && _gcry_enforced_fips_mode () )
+ continue; /* Do not register in enforced fips mode. */
+ }
+
+ err = _gcry_module_add (&digests_registered,
+ digest_table[i].algorithm,
+ (void *) digest_table[i].digest,
+ (void *) digest_table[i].extraspec,
+ NULL);
+ }
+
+ if (err)
+ BUG ();
+}
+
+/* Internal callback function. */
+static int
+gcry_md_lookup_func_name (void *spec, void *data)
+{
+ gcry_md_spec_t *digest = (gcry_md_spec_t *) spec;
+ char *name = (char *) data;
+
+ return (! stricmp (digest->name, name));
+}
+
+/* Internal callback function. Used via _gcry_module_lookup. */
+static int
+gcry_md_lookup_func_oid (void *spec, void *data)
+{
+ gcry_md_spec_t *digest = (gcry_md_spec_t *) spec;
+ char *oid = (char *) data;
+ gcry_md_oid_spec_t *oid_specs = digest->oids;
+ int ret = 0, i;
+
+ if (oid_specs)
+ {
+ for (i = 0; oid_specs[i].oidstring && (! ret); i++)
+ if (! stricmp (oid, oid_specs[i].oidstring))
+ ret = 1;
+ }
+
+ return ret;
+}
+
+/* Internal function. Lookup a digest entry by it's name. */
+static gcry_module_t
+gcry_md_lookup_name (const char *name)
+{
+ gcry_module_t digest;
+
+ digest = _gcry_module_lookup (digests_registered, (void *) name,
+ gcry_md_lookup_func_name);
+
+ return digest;
+}
+
+/* Internal function. Lookup a cipher entry by it's oid. */
+static gcry_module_t
+gcry_md_lookup_oid (const char *oid)
+{
+ gcry_module_t digest;
+
+ digest = _gcry_module_lookup (digests_registered, (void *) oid,
+ gcry_md_lookup_func_oid);
+
+ return digest;
+}
+
+/* Register a new digest module whose specification can be found in
+ DIGEST. On success, a new algorithm ID is stored in ALGORITHM_ID
+ and a pointer representhing this module is stored in MODULE. */
+gcry_error_t
+_gcry_md_register (gcry_md_spec_t *digest,
+ md_extra_spec_t *extraspec,
+ unsigned int *algorithm_id,
+ gcry_module_t *module)
+{
+ gcry_err_code_t err = 0;
+ gcry_module_t mod;
+
+ /* We do not support module loading in fips mode. */
+ if (fips_mode ())
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ ath_mutex_lock (&digests_registered_lock);
+ err = _gcry_module_add (&digests_registered, 0,
+ (void *) digest,
+ (void *)(extraspec? extraspec : &dummy_extra_spec),
+ &mod);
+ ath_mutex_unlock (&digests_registered_lock);
+
+ if (! err)
+ {
+ *module = mod;
+ *algorithm_id = mod->mod_id;
+ }
+
+ return gcry_error (err);
+}
+
+/* Unregister the digest identified by ID, which must have been
+ registered with gcry_digest_register. */
+void
+gcry_md_unregister (gcry_module_t module)
+{
+ ath_mutex_lock (&digests_registered_lock);
+ _gcry_module_release (module);
+ ath_mutex_unlock (&digests_registered_lock);
+}
+
+
+static int
+search_oid (const char *oid, int *algorithm, gcry_md_oid_spec_t *oid_spec)
+{
+ gcry_module_t module;
+ int ret = 0;
+
+ if (oid && ((! strncmp (oid, "oid.", 4))
+ || (! strncmp (oid, "OID.", 4))))
+ oid += 4;
+
+ module = gcry_md_lookup_oid (oid);
+ if (module)
+ {
+ gcry_md_spec_t *digest = module->spec;
+ int i;
+
+ for (i = 0; digest->oids[i].oidstring && !ret; i++)
+ if (! stricmp (oid, digest->oids[i].oidstring))
+ {
+ if (algorithm)
+ *algorithm = module->mod_id;
+ if (oid_spec)
+ *oid_spec = digest->oids[i];
+ ret = 1;
+ }
+ _gcry_module_release (module);
+ }
+
+ return ret;
+}
+
+/****************
+ * Map a string to the digest algo
+ */
+int
+gcry_md_map_name (const char *string)
+{
+ gcry_module_t digest;
+ int ret, algorithm = 0;
+
+ if (! string)
+ return 0;
+
+ REGISTER_DEFAULT_DIGESTS;
+
+ /* If the string starts with a digit (optionally prefixed with
+ either "OID." or "oid."), we first look into our table of ASN.1
+ object identifiers to figure out the algorithm */
+
+ ath_mutex_lock (&digests_registered_lock);
+
+ ret = search_oid (string, &algorithm, NULL);
+ if (! ret)
+ {
+ /* Not found, search a matching digest name. */
+ digest = gcry_md_lookup_name (string);
+ if (digest)
+ {
+ algorithm = digest->mod_id;
+ _gcry_module_release (digest);
+ }
+ }
+ ath_mutex_unlock (&digests_registered_lock);
+
+ return algorithm;
+}
+
+
+/****************
+ * Map a digest algo to a string
+ */
+static const char *
+digest_algo_to_string (int algorithm)
+{
+ const char *name = NULL;
+ gcry_module_t digest;
+
+ REGISTER_DEFAULT_DIGESTS;
+
+ ath_mutex_lock (&digests_registered_lock);
+ digest = _gcry_module_lookup_id (digests_registered, algorithm);
+ if (digest)
+ {
+ name = ((gcry_md_spec_t *) digest->spec)->name;
+ _gcry_module_release (digest);
+ }
+ ath_mutex_unlock (&digests_registered_lock);
+
+ return name;
+}
+
+/****************
+ * This function simply returns the name of the algorithm or some constant
+ * string when there is no algo. It will never return NULL.
+ * Use the macro gcry_md_test_algo() to check whether the algorithm
+ * is valid.
+ */
+const char *
+gcry_md_algo_name (int algorithm)
+{
+ const char *s = digest_algo_to_string (algorithm);
+ return s ? s : "?";
+}
+
+
+static gcry_err_code_t
+check_digest_algo (int algorithm)
+{
+ gcry_err_code_t rc = 0;
+ gcry_module_t digest;
+
+ REGISTER_DEFAULT_DIGESTS;
+
+ ath_mutex_lock (&digests_registered_lock);
+ digest = _gcry_module_lookup_id (digests_registered, algorithm);
+ if (digest)
+ _gcry_module_release (digest);
+ else
+ rc = GPG_ERR_DIGEST_ALGO;
+ ath_mutex_unlock (&digests_registered_lock);
+
+ return rc;
+}
+
+
+
+/****************
+ * Open a message digest handle for use with algorithm ALGO.
+ * More algorithms may be added by md_enable(). The initial algorithm
+ * may be 0.
+ */
+static gcry_err_code_t
+md_open (gcry_md_hd_t *h, int algo, int secure, int hmac)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+ int bufsize = secure ? 512 : 1024;
+ struct gcry_md_context *ctx;
+ gcry_md_hd_t hd;
+ size_t n;
+
+ /* Allocate a memory area to hold the caller visible buffer with it's
+ * control information and the data required by this module. Set the
+ * context pointer at the beginning to this area.
+ * We have to use this strange scheme because we want to hide the
+ * internal data but have a variable sized buffer.
+ *
+ * +---+------+---........------+-------------+
+ * !ctx! bctl ! buffer ! private !
+ * +---+------+---........------+-------------+
+ * ! ^
+ * !---------------------------!
+ *
+ * We have to make sure that private is well aligned.
+ */
+ n = sizeof (struct gcry_md_handle) + bufsize;
+ n = ((n + sizeof (PROPERLY_ALIGNED_TYPE) - 1)
+ / sizeof (PROPERLY_ALIGNED_TYPE)) * sizeof (PROPERLY_ALIGNED_TYPE);
+
+ /* Allocate and set the Context pointer to the private data */
+ if (secure)
+ hd = gcry_malloc_secure (n + sizeof (struct gcry_md_context));
+ else
+ hd = gcry_malloc (n + sizeof (struct gcry_md_context));
+
+ if (! hd)
+ err = gpg_err_code_from_errno (errno);
+
+ if (! err)
+ {
+ hd->ctx = ctx = (struct gcry_md_context *) ((char *) hd + n);
+ /* Setup the globally visible data (bctl in the diagram).*/
+ hd->bufsize = n - sizeof (struct gcry_md_handle) + 1;
+ hd->bufpos = 0;
+
+ /* Initialize the private data. */
+ memset (hd->ctx, 0, sizeof *hd->ctx);
+ ctx->magic = secure ? CTX_MAGIC_SECURE : CTX_MAGIC_NORMAL;
+ ctx->actual_handle_size = n + sizeof (struct gcry_md_context);
+ ctx->secure = secure;
+
+ if (hmac)
+ {
+ switch (algo)
+ {
+ case GCRY_MD_SHA384:
+ case GCRY_MD_SHA512:
+ ctx->macpads_Bsize = 128;
+ break;
+ default:
+ ctx->macpads_Bsize = 64;
+ break;
+ }
+ ctx->macpads = gcry_malloc_secure (2*(ctx->macpads_Bsize));
+ if (!ctx->macpads)
+ {
+ err = gpg_err_code_from_errno (errno);
+ md_close (hd);
+ }
+ }
+ }
+
+ if (! err)
+ {
+ /* Hmmm, should we really do that? - yes [-wk] */
+ _gcry_fast_random_poll ();
+
+ if (algo)
+ {
+ err = md_enable (hd, algo);
+ if (err)
+ md_close (hd);
+ }
+ }
+
+ if (! err)
+ *h = hd;
+
+ return err;
+}
+
+/* Create a message digest object for algorithm ALGO. FLAGS may be
+ given as an bitwise OR of the gcry_md_flags values. ALGO may be
+ given as 0 if the algorithms to be used are later set using
+ gcry_md_enable. H is guaranteed to be a valid handle or NULL on
+ error. */
+gcry_error_t
+gcry_md_open (gcry_md_hd_t *h, int algo, unsigned int flags)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+ gcry_md_hd_t hd;
+
+ if ((flags & ~(GCRY_MD_FLAG_SECURE | GCRY_MD_FLAG_HMAC)))
+ err = GPG_ERR_INV_ARG;
+ else
+ {
+ err = md_open (&hd, algo, (flags & GCRY_MD_FLAG_SECURE),
+ (flags & GCRY_MD_FLAG_HMAC));
+ }
+
+ *h = err? NULL : hd;
+ return gcry_error (err);
+}
+
+
+
+static gcry_err_code_t
+md_enable (gcry_md_hd_t hd, int algorithm)
+{
+ struct gcry_md_context *h = hd->ctx;
+ gcry_md_spec_t *digest = NULL;
+ GcryDigestEntry *entry;
+ gcry_module_t module;
+ gcry_err_code_t err = 0;
+
+ for (entry = h->list; entry; entry = entry->next)
+ if (entry->module->mod_id == algorithm)
+ return err; /* already enabled */
+
+ REGISTER_DEFAULT_DIGESTS;
+
+ ath_mutex_lock (&digests_registered_lock);
+ module = _gcry_module_lookup_id (digests_registered, algorithm);
+ ath_mutex_unlock (&digests_registered_lock);
+ if (! module)
+ {
+ log_debug ("md_enable: algorithm %d not available\n", algorithm);
+ err = GPG_ERR_DIGEST_ALGO;
+ }
+ else
+ digest = (gcry_md_spec_t *) module->spec;
+
+
+ if (!err && algorithm == GCRY_MD_MD5 && fips_mode ())
+ {
+ _gcry_inactivate_fips_mode ("MD5 used");
+ if (_gcry_enforced_fips_mode () )
+ {
+ /* We should never get to here because we do not register
+ MD5 in enforced fips mode. But better throw an error. */
+ err = GPG_ERR_DIGEST_ALGO;
+ }
+ }
+
+ if (!err)
+ {
+ size_t size = (sizeof (*entry)
+ + digest->contextsize
+ - sizeof (entry->context));
+
+ /* And allocate a new list entry. */
+ if (h->secure)
+ entry = gcry_malloc_secure (size);
+ else
+ entry = gcry_malloc (size);
+
+ if (! entry)
+ err = gpg_err_code_from_errno (errno);
+ else
+ {
+ entry->digest = digest;
+ entry->module = module;
+ entry->next = h->list;
+ entry->actual_struct_size = size;
+ h->list = entry;
+
+ /* And init this instance. */
+ entry->digest->init (&entry->context.c);
+ }
+ }
+
+ if (err)
+ {
+ if (module)
+ {
+ ath_mutex_lock (&digests_registered_lock);
+ _gcry_module_release (module);
+ ath_mutex_unlock (&digests_registered_lock);
+ }
+ }
+
+ return err;
+}
+
+
+gcry_error_t
+gcry_md_enable (gcry_md_hd_t hd, int algorithm)
+{
+ return gcry_error (md_enable (hd, algorithm));
+}
+
+static gcry_err_code_t
+md_copy (gcry_md_hd_t ahd, gcry_md_hd_t *b_hd)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+ struct gcry_md_context *a = ahd->ctx;
+ struct gcry_md_context *b;
+ GcryDigestEntry *ar, *br;
+ gcry_md_hd_t bhd;
+ size_t n;
+
+ if (ahd->bufpos)
+ md_write (ahd, NULL, 0);
+
+ n = (char *) ahd->ctx - (char *) ahd;
+ if (a->secure)
+ bhd = gcry_malloc_secure (n + sizeof (struct gcry_md_context));
+ else
+ bhd = gcry_malloc (n + sizeof (struct gcry_md_context));
+
+ if (! bhd)
+ err = gpg_err_code_from_errno (errno);
+
+ if (! err)
+ {
+ bhd->ctx = b = (struct gcry_md_context *) ((char *) bhd + n);
+ /* No need to copy the buffer due to the write above. */
+ gcry_assert (ahd->bufsize == (n - sizeof (struct gcry_md_handle) + 1));
+ bhd->bufsize = ahd->bufsize;
+ bhd->bufpos = 0;
+ gcry_assert (! ahd->bufpos);
+ memcpy (b, a, sizeof *a);
+ b->list = NULL;
+ b->debug = NULL;
+ if (a->macpads)
+ {
+ b->macpads = gcry_malloc_secure (2*(a->macpads_Bsize));
+ if (! b->macpads)
+ {
+ err = gpg_err_code_from_errno (errno);
+ md_close (bhd);
+ }
+ else
+ memcpy (b->macpads, a->macpads, (2*(a->macpads_Bsize)));
+ }
+ }
+
+ /* Copy the complete list of algorithms. The copied list is
+ reversed, but that doesn't matter. */
+ if (!err)
+ {
+ for (ar = a->list; ar; ar = ar->next)
+ {
+ if (a->secure)
+ br = gcry_malloc_secure (sizeof *br
+ + ar->digest->contextsize
+ - sizeof(ar->context));
+ else
+ br = gcry_malloc (sizeof *br
+ + ar->digest->contextsize
+ - sizeof (ar->context));
+ if (!br)
+ {
+ err = gpg_err_code_from_errno (errno);
+ md_close (bhd);
+ break;
+ }
+
+ memcpy (br, ar, (sizeof (*br) + ar->digest->contextsize
+ - sizeof (ar->context)));
+ br->next = b->list;
+ b->list = br;
+
+ /* Add a reference to the module. */
+ ath_mutex_lock (&digests_registered_lock);
+ _gcry_module_use (br->module);
+ ath_mutex_unlock (&digests_registered_lock);
+ }
+ }
+
+ if (a->debug && !err)
+ md_start_debug (bhd, "unknown");
+
+ if (!err)
+ *b_hd = bhd;
+
+ return err;
+}
+
+gcry_error_t
+gcry_md_copy (gcry_md_hd_t *handle, gcry_md_hd_t hd)
+{
+ gcry_err_code_t err;
+
+ err = md_copy (hd, handle);
+ if (err)
+ *handle = NULL;
+ return gcry_error (err);
+}
+
+/*
+ * Reset all contexts and discard any buffered stuff. This may be used
+ * instead of a md_close(); md_open().
+ */
+void
+gcry_md_reset (gcry_md_hd_t a)
+{
+ GcryDigestEntry *r;
+
+ /* Note: We allow this even in fips non operational mode. */
+
+ a->bufpos = a->ctx->finalized = 0;
+
+ for (r = a->ctx->list; r; r = r->next)
+ {
+ memset (r->context.c, 0, r->digest->contextsize);
+ (*r->digest->init) (&r->context.c);
+ }
+ if (a->ctx->macpads)
+ md_write (a, a->ctx->macpads, a->ctx->macpads_Bsize); /* inner pad */
+}
+
+static void
+md_close (gcry_md_hd_t a)
+{
+ GcryDigestEntry *r, *r2;
+
+ if (! a)
+ return;
+ if (a->ctx->debug)
+ md_stop_debug (a);
+ for (r = a->ctx->list; r; r = r2)
+ {
+ r2 = r->next;
+ ath_mutex_lock (&digests_registered_lock);
+ _gcry_module_release (r->module);
+ ath_mutex_unlock (&digests_registered_lock);
+ wipememory (r, r->actual_struct_size);
+ gcry_free (r);
+ }
+
+ if (a->ctx->macpads)
+ {
+ wipememory (a->ctx->macpads, 2*(a->ctx->macpads_Bsize));
+ gcry_free(a->ctx->macpads);
+ }
+
+ wipememory (a, a->ctx->actual_handle_size);
+ gcry_free(a);
+}
+
+void
+gcry_md_close (gcry_md_hd_t hd)
+{
+ /* Note: We allow this even in fips non operational mode. */
+ md_close (hd);
+}
+
+static void
+md_write (gcry_md_hd_t a, const void *inbuf, size_t inlen)
+{
+ GcryDigestEntry *r;
+
+ if (a->ctx->debug)
+ {
+ if (a->bufpos && fwrite (a->buf, a->bufpos, 1, a->ctx->debug) != 1)
+ BUG();
+ if (inlen && fwrite (inbuf, inlen, 1, a->ctx->debug) != 1)
+ BUG();
+ }
+
+ for (r = a->ctx->list; r; r = r->next)
+ {
+ if (a->bufpos)
+ (*r->digest->write) (&r->context.c, a->buf, a->bufpos);
+ (*r->digest->write) (&r->context.c, inbuf, inlen);
+ }
+ a->bufpos = 0;
+}
+
+void
+gcry_md_write (gcry_md_hd_t hd, const void *inbuf, size_t inlen)
+{
+ md_write (hd, inbuf, inlen);
+}
+
+static void
+md_final (gcry_md_hd_t a)
+{
+ GcryDigestEntry *r;
+
+ if (a->ctx->finalized)
+ return;
+
+ if (a->bufpos)
+ md_write (a, NULL, 0);
+
+ for (r = a->ctx->list; r; r = r->next)
+ (*r->digest->final) (&r->context.c);
+
+ a->ctx->finalized = 1;
+
+ if (a->ctx->macpads)
+ {
+ /* Finish the hmac. */
+ int algo = md_get_algo (a);
+ byte *p = md_read (a, algo);
+ size_t dlen = md_digest_length (algo);
+ gcry_md_hd_t om;
+ gcry_err_code_t err = md_open (&om, algo, a->ctx->secure, 0);
+
+ if (err)
+ _gcry_fatal_error (err, NULL);
+ md_write (om,
+ (a->ctx->macpads)+(a->ctx->macpads_Bsize),
+ a->ctx->macpads_Bsize);
+ md_write (om, p, dlen);
+ md_final (om);
+ /* Replace our digest with the mac (they have the same size). */
+ memcpy (p, md_read (om, algo), dlen);
+ md_close (om);
+ }
+}
+
+static gcry_err_code_t
+prepare_macpads (gcry_md_hd_t hd, const unsigned char *key, size_t keylen)
+{
+ int i;
+ int algo = md_get_algo (hd);
+ unsigned char *helpkey = NULL;
+ unsigned char *ipad, *opad;
+
+ if (!algo)
+ return GPG_ERR_DIGEST_ALGO; /* Might happen if no algo is enabled. */
+
+ if ( keylen > hd->ctx->macpads_Bsize )
+ {
+ helpkey = gcry_malloc_secure (md_digest_length (algo));
+ if (!helpkey)
+ return gpg_err_code_from_errno (errno);
+ gcry_md_hash_buffer (algo, helpkey, key, keylen);
+ key = helpkey;
+ keylen = md_digest_length (algo);
+ gcry_assert ( keylen <= hd->ctx->macpads_Bsize );
+ }
+
+ memset ( hd->ctx->macpads, 0, 2*(hd->ctx->macpads_Bsize) );
+ ipad = hd->ctx->macpads;
+ opad = (hd->ctx->macpads)+(hd->ctx->macpads_Bsize);
+ memcpy ( ipad, key, keylen );
+ memcpy ( opad, key, keylen );
+ for (i=0; i < hd->ctx->macpads_Bsize; i++ )
+ {
+ ipad[i] ^= 0x36;
+ opad[i] ^= 0x5c;
+ }
+ gcry_free (helpkey);
+
+ return GPG_ERR_NO_ERROR;
+}
+
+gcry_error_t
+gcry_md_ctl (gcry_md_hd_t hd, int cmd, void *buffer, size_t buflen)
+{
+ gcry_err_code_t rc = 0;
+
+ switch (cmd)
+ {
+ case GCRYCTL_FINALIZE:
+ md_final (hd);
+ break;
+ case GCRYCTL_SET_KEY:
+ rc = gcry_err_code (gcry_md_setkey (hd, buffer, buflen));
+ break;
+ case GCRYCTL_START_DUMP:
+ md_start_debug (hd, buffer);
+ break;
+ case GCRYCTL_STOP_DUMP:
+ md_stop_debug ( hd );
+ break;
+ default:
+ rc = GPG_ERR_INV_OP;
+ }
+ return gcry_error (rc);
+}
+
+gcry_error_t
+gcry_md_setkey (gcry_md_hd_t hd, const void *key, size_t keylen)
+{
+ gcry_err_code_t rc = GPG_ERR_NO_ERROR;
+
+ if (!hd->ctx->macpads)
+ rc = GPG_ERR_CONFLICT;
+ else
+ {
+ rc = prepare_macpads (hd, key, keylen);
+ if (! rc)
+ gcry_md_reset (hd);
+ }
+
+ return gcry_error (rc);
+}
+
+/* The new debug interface. If SUFFIX is a string it creates an debug
+ file for the context HD. IF suffix is NULL, the file is closed and
+ debugging is stopped. */
+void
+gcry_md_debug (gcry_md_hd_t hd, const char *suffix)
+{
+ if (suffix)
+ md_start_debug (hd, suffix);
+ else
+ md_stop_debug (hd);
+}
+
+
+
+/****************
+ * if ALGO is null get the digest for the used algo (which should be only one)
+ */
+static byte *
+md_read( gcry_md_hd_t a, int algo )
+{
+ GcryDigestEntry *r = a->ctx->list;
+
+ if (! algo)
+ {
+ /* return the first algorithm */
+ if (r && r->next)
+ log_debug ("more than one algorithm in md_read(0)\n");
+ return r->digest->read( &r->context.c );
+ }
+ else
+ {
+ for (r = a->ctx->list; r; r = r->next)
+ if (r->module->mod_id == algo)
+ return r->digest->read (&r->context.c);
+ }
+ BUG();
+ return NULL;
+}
+
+/*
+ * Read out the complete digest, this function implictly finalizes
+ * the hash.
+ */
+byte *
+gcry_md_read (gcry_md_hd_t hd, int algo)
+{
+ /* This function is expected to always return a digest, thus we
+ can't return an error which we actually should do in
+ non-operational state. */
+ gcry_md_ctl (hd, GCRYCTL_FINALIZE, NULL, 0);
+ return md_read (hd, algo);
+}
+
+
+/*
+ * Read out an intermediate digest. Not yet functional.
+ */
+gcry_err_code_t
+gcry_md_get (gcry_md_hd_t hd, int algo, byte *buffer, int buflen)
+{
+ (void)hd;
+ (void)algo;
+ (void)buffer;
+ (void)buflen;
+
+ /*md_digest ... */
+ fips_signal_error ("unimplemented function called");
+ return GPG_ERR_INTERNAL;
+}
+
+
+/*
+ * Shortcut function to hash a buffer with a given algo. The only
+ * guaranteed supported algorithms are RIPE-MD160 and SHA-1. The
+ * supplied digest buffer must be large enough to store the resulting
+ * hash. No error is returned, the function will abort on an invalid
+ * algo. DISABLED_ALGOS are ignored here. */
+void
+gcry_md_hash_buffer (int algo, void *digest,
+ const void *buffer, size_t length)
+{
+ if (algo == GCRY_MD_SHA1)
+ _gcry_sha1_hash_buffer (digest, buffer, length);
+ else if (algo == GCRY_MD_RMD160 && !fips_mode () )
+ _gcry_rmd160_hash_buffer (digest, buffer, length);
+ else
+ {
+ /* For the others we do not have a fast function, so we use the
+ normal functions. */
+ gcry_md_hd_t h;
+ gpg_err_code_t err;
+
+ if (algo == GCRY_MD_MD5 && fips_mode ())
+ {
+ _gcry_inactivate_fips_mode ("MD5 used");
+ if (_gcry_enforced_fips_mode () )
+ {
+ /* We should never get to here because we do not register
+ MD5 in enforced fips mode. */
+ _gcry_fips_noreturn ();
+ }
+ }
+
+ err = md_open (&h, algo, 0, 0);
+ if (err)
+ log_bug ("gcry_md_open failed for algo %d: %s",
+ algo, gpg_strerror (gcry_error(err)));
+ md_write (h, (byte *) buffer, length);
+ md_final (h);
+ memcpy (digest, md_read (h, algo), md_digest_length (algo));
+ md_close (h);
+ }
+}
+
+static int
+md_get_algo (gcry_md_hd_t a)
+{
+ GcryDigestEntry *r = a->ctx->list;
+
+ if (r && r->next)
+ {
+ fips_signal_error ("possible usage error");
+ log_error ("WARNING: more than one algorithm in md_get_algo()\n");
+ }
+ return r ? r->module->mod_id : 0;
+}
+
+int
+gcry_md_get_algo (gcry_md_hd_t hd)
+{
+ return md_get_algo (hd);
+}
+
+
+/****************
+ * Return the length of the digest
+ */
+static int
+md_digest_length (int algorithm)
+{
+ gcry_module_t digest;
+ int mdlen = 0;
+
+ REGISTER_DEFAULT_DIGESTS;
+
+ ath_mutex_lock (&digests_registered_lock);
+ digest = _gcry_module_lookup_id (digests_registered, algorithm);
+ if (digest)
+ {
+ mdlen = ((gcry_md_spec_t *) digest->spec)->mdlen;
+ _gcry_module_release (digest);
+ }
+ ath_mutex_unlock (&digests_registered_lock);
+
+ return mdlen;
+}
+
+/****************
+ * Return the length of the digest in bytes.
+ * This function will return 0 in case of errors.
+ */
+unsigned int
+gcry_md_get_algo_dlen (int algorithm)
+{
+ return md_digest_length (algorithm);
+}
+
+
+/* Hmmm: add a mode to enumerate the OIDs
+ * to make g10/sig-check.c more portable */
+static const byte *
+md_asn_oid (int algorithm, size_t *asnlen, size_t *mdlen)
+{
+ const byte *asnoid = NULL;
+ gcry_module_t digest;
+
+ REGISTER_DEFAULT_DIGESTS;
+
+ ath_mutex_lock (&digests_registered_lock);
+ digest = _gcry_module_lookup_id (digests_registered, algorithm);
+ if (digest)
+ {
+ if (asnlen)
+ *asnlen = ((gcry_md_spec_t *) digest->spec)->asnlen;
+ if (mdlen)
+ *mdlen = ((gcry_md_spec_t *) digest->spec)->mdlen;
+ asnoid = ((gcry_md_spec_t *) digest->spec)->asnoid;
+ _gcry_module_release (digest);
+ }
+ else
+ log_bug ("no ASN.1 OID for md algo %d\n", algorithm);
+ ath_mutex_unlock (&digests_registered_lock);
+
+ return asnoid;
+}
+
+
+
+/****************
+ * Return information about the given cipher algorithm
+ * WHAT select the kind of information returned:
+ * GCRYCTL_TEST_ALGO:
+ * Returns 0 when the specified algorithm is available for use.
+ * buffer and nbytes must be zero.
+ * GCRYCTL_GET_ASNOID:
+ * Return the ASNOID of the algorithm in buffer. if buffer is NULL, only
+ * the required length is returned.
+ *
+ * Note: Because this function is in most cases used to return an
+ * integer value, we can make it easier for the caller to just look at
+ * the return value. The caller will in all cases consult the value
+ * and thereby detecting whether a error occured or not (i.e. while checking
+ * the block size)
+ */
+gcry_error_t
+gcry_md_algo_info (int algo, int what, void *buffer, size_t *nbytes)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+
+ switch (what)
+ {
+ case GCRYCTL_TEST_ALGO:
+ if (buffer || nbytes)
+ err = GPG_ERR_INV_ARG;
+ else
+ err = check_digest_algo (algo);
+ break;
+
+ case GCRYCTL_GET_ASNOID:
+ /* We need to check that the algo is available because
+ md_asn_oid would otherwise raise an assertion. */
+ err = check_digest_algo (algo);
+ if (!err)
+ {
+ const char unsigned *asn;
+ size_t asnlen;
+
+ asn = md_asn_oid (algo, &asnlen, NULL);
+ if (buffer && (*nbytes >= asnlen))
+ {
+ memcpy (buffer, asn, asnlen);
+ *nbytes = asnlen;
+ }
+ else if (!buffer && nbytes)
+ *nbytes = asnlen;
+ else
+ {
+ if (buffer)
+ err = GPG_ERR_TOO_SHORT;
+ else
+ err = GPG_ERR_INV_ARG;
+ }
+ }
+ break;
+
+ default:
+ err = GPG_ERR_INV_OP;
+ }
+
+ return gcry_error (err);
+}
+
+
+static void
+md_start_debug ( gcry_md_hd_t md, const char *suffix )
+{
+ static int idx=0;
+ char buf[50];
+
+ if (fips_mode ())
+ return;
+
+ if ( md->ctx->debug )
+ {
+ log_debug("Oops: md debug already started\n");
+ return;
+ }
+ idx++;
+ snprintf (buf, DIM(buf)-1, "dbgmd-%05d.%.10s", idx, suffix );
+ md->ctx->debug = fopen(buf, "w");
+ if ( !md->ctx->debug )
+ log_debug("md debug: can't open %s\n", buf );
+}
+
+static void
+md_stop_debug( gcry_md_hd_t md )
+{
+ if ( md->ctx->debug )
+ {
+ if ( md->bufpos )
+ md_write ( md, NULL, 0 );
+ fclose (md->ctx->debug);
+ md->ctx->debug = NULL;
+ }
+
+#ifdef HAVE_U64_TYPEDEF
+ { /* a kludge to pull in the __muldi3 for Solaris */
+ volatile u32 a = (u32)(ulong)md;
+ volatile u64 b = 42;
+ volatile u64 c;
+ c = a * b;
+ }
+#endif
+}
+
+
+
+/*
+ * Return information about the digest handle.
+ * GCRYCTL_IS_SECURE:
+ * Returns 1 when the handle works on secured memory
+ * otherwise 0 is returned. There is no error return.
+ * GCRYCTL_IS_ALGO_ENABLED:
+ * Returns 1 if the algo is enabled for that handle.
+ * The algo must be passed as the address of an int.
+ */
+gcry_error_t
+gcry_md_info (gcry_md_hd_t h, int cmd, void *buffer, size_t *nbytes)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+
+ switch (cmd)
+ {
+ case GCRYCTL_IS_SECURE:
+ *nbytes = h->ctx->secure;
+ break;
+
+ case GCRYCTL_IS_ALGO_ENABLED:
+ {
+ GcryDigestEntry *r;
+ int algo;
+
+ if ( !buffer || (nbytes && (*nbytes != sizeof (int))))
+ err = GPG_ERR_INV_ARG;
+ else
+ {
+ algo = *(int*)buffer;
+
+ *nbytes = 0;
+ for(r=h->ctx->list; r; r = r->next ) {
+ if (r->module->mod_id == algo)
+ {
+ *nbytes = 1;
+ break;
+ }
+ }
+ }
+ break;
+ }
+
+ default:
+ err = GPG_ERR_INV_OP;
+ }
+
+ return gcry_error (err);
+}
+
+
+/* Explicitly initialize this module. */
+gcry_err_code_t
+_gcry_md_init (void)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+
+ REGISTER_DEFAULT_DIGESTS;
+
+ return err;
+}
+
+
+int
+gcry_md_is_secure (gcry_md_hd_t a)
+{
+ size_t value;
+
+ if (gcry_md_info (a, GCRYCTL_IS_SECURE, NULL, &value))
+ value = 1; /* It seems to be better to assume secure memory on
+ error. */
+ return value;
+}
+
+
+int
+gcry_md_is_enabled (gcry_md_hd_t a, int algo)
+{
+ size_t value;
+
+ value = sizeof algo;
+ if (gcry_md_info (a, GCRYCTL_IS_ALGO_ENABLED, &algo, &value))
+ value = 0;
+ return value;
+}
+
+/* Get a list consisting of the IDs of the loaded message digest
+ modules. If LIST is zero, write the number of loaded message
+ digest modules to LIST_LENGTH and return. If LIST is non-zero, the
+ first *LIST_LENGTH algorithm IDs are stored in LIST, which must be
+ of according size. In case there are less message digest modules
+ than *LIST_LENGTH, *LIST_LENGTH is updated to the correct
+ number. */
+gcry_error_t
+gcry_md_list (int *list, int *list_length)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+
+ ath_mutex_lock (&digests_registered_lock);
+ err = _gcry_module_list (digests_registered, list, list_length);
+ ath_mutex_unlock (&digests_registered_lock);
+
+ return err;
+}
+
+
+/* Run the selftests for digest algorithm ALGO with optional reporting
+ function REPORT. */
+gpg_error_t
+_gcry_md_selftest (int algo, int extended, selftest_report_func_t report)
+{
+ gcry_module_t module = NULL;
+ cipher_extra_spec_t *extraspec = NULL;
+ gcry_err_code_t ec = 0;
+
+ REGISTER_DEFAULT_DIGESTS;
+
+ ath_mutex_lock (&digests_registered_lock);
+ module = _gcry_module_lookup_id (digests_registered, algo);
+ if (module && !(module->flags & FLAG_MODULE_DISABLED))
+ extraspec = module->extraspec;
+ ath_mutex_unlock (&digests_registered_lock);
+ if (extraspec && extraspec->selftest)
+ ec = extraspec->selftest (algo, extended, report);
+ else
+ {
+ ec = GPG_ERR_DIGEST_ALGO;
+ if (report)
+ report ("digest", algo, "module",
+ module && !(module->flags & FLAG_MODULE_DISABLED)?
+ "no selftest available" :
+ module? "algorithm disabled" : "algorithm not found");
+ }
+
+ if (module)
+ {
+ ath_mutex_lock (&digests_registered_lock);
+ _gcry_module_release (module);
+ ath_mutex_unlock (&digests_registered_lock);
+ }
+ return gpg_error (ec);
+}
diff --git a/grub-core/lib/libgcrypt/cipher/md4.c b/grub-core/lib/libgcrypt/cipher/md4.c
new file mode 100644
index 0000000..680cf87
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/md4.c
@@ -0,0 +1,328 @@
+/* md4.c - MD4 Message-Digest Algorithm
+ * Copyright (C) 2002, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ *
+ * Based on md5.c in libgcrypt, but rewritten to compute md4 checksums
+ * using a public domain md4 implementation with the following comments:
+ *
+ * Modified by Wei Dai from Andrew M. Kuchling's md4.c
+ * The original code and all modifications are in the public domain.
+ *
+ * This is the original introductory comment:
+ *
+ * md4.c : MD4 hash algorithm.
+ *
+ * Part of the Python Cryptography Toolkit, version 1.1
+ *
+ * Distribute and use freely; there are no restrictions on further
+ * dissemination and usage except those imposed by the laws of your
+ * country of residence.
+ *
+ */
+
+/* MD4 test suite:
+ * MD4 ("") = 31d6cfe0d16ae931b73c59d7e0c089c0
+ * MD4 ("a") = bde52cb31de33e46245e05fbdbd6fb24
+ * MD4 ("abc") = a448017aaf21d8525fc10ae87aa6729d
+ * MD4 ("message digest") = d9130a8164549fe818874806e1c7014b
+ * MD4 ("abcdefghijklmnopqrstuvwxyz") = d79e1c308aa5bbcdeea8ed63df412da9
+ * MD4 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =
+ * 043f8582f241db351ce627e153e7f0e4
+ * MD4 ("123456789012345678901234567890123456789012345678901234567890123456
+ * 78901234567890") = e33b4ddc9c38f2199c3e7b164fcc0536
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "g10lib.h"
+#include "memory.h"
+#include "cipher.h"
+
+#include "bithelp.h"
+
+
+typedef struct {
+ u32 A,B,C,D; /* chaining variables */
+ u32 nblocks;
+ byte buf[64];
+ int count;
+} MD4_CONTEXT;
+
+
+static void
+md4_init( void *context )
+{
+ MD4_CONTEXT *ctx = context;
+
+ ctx->A = 0x67452301;
+ ctx->B = 0xefcdab89;
+ ctx->C = 0x98badcfe;
+ ctx->D = 0x10325476;
+
+ ctx->nblocks = 0;
+ ctx->count = 0;
+}
+
+#define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
+#define G(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
+#define H(x, y, z) ((x) ^ (y) ^ (z))
+
+
+/****************
+ * transform 64 bytes
+ */
+static void
+transform ( MD4_CONTEXT *ctx, const unsigned char *data )
+{
+ u32 in[16];
+ register u32 A = ctx->A;
+ register u32 B = ctx->B;
+ register u32 C = ctx->C;
+ register u32 D = ctx->D;
+
+#ifdef WORDS_BIGENDIAN
+ {
+ int i;
+ byte *p2, *p1;
+ for(i=0, p1=data, p2=(byte*)in; i < 16; i++, p2 += 4 )
+ {
+ p2[3] = *p1++;
+ p2[2] = *p1++;
+ p2[1] = *p1++;
+ p2[0] = *p1++;
+ }
+ }
+#else
+ memcpy (in, data, 64);
+#endif
+
+ /* Round 1. */
+#define function(a,b,c,d,k,s) a=rol(a+F(b,c,d)+in[k],s);
+ function(A,B,C,D, 0, 3);
+ function(D,A,B,C, 1, 7);
+ function(C,D,A,B, 2,11);
+ function(B,C,D,A, 3,19);
+ function(A,B,C,D, 4, 3);
+ function(D,A,B,C, 5, 7);
+ function(C,D,A,B, 6,11);
+ function(B,C,D,A, 7,19);
+ function(A,B,C,D, 8, 3);
+ function(D,A,B,C, 9, 7);
+ function(C,D,A,B,10,11);
+ function(B,C,D,A,11,19);
+ function(A,B,C,D,12, 3);
+ function(D,A,B,C,13, 7);
+ function(C,D,A,B,14,11);
+ function(B,C,D,A,15,19);
+
+#undef function
+
+ /* Round 2. */
+#define function(a,b,c,d,k,s) a=rol(a+G(b,c,d)+in[k]+0x5a827999,s);
+
+ function(A,B,C,D, 0, 3);
+ function(D,A,B,C, 4, 5);
+ function(C,D,A,B, 8, 9);
+ function(B,C,D,A,12,13);
+ function(A,B,C,D, 1, 3);
+ function(D,A,B,C, 5, 5);
+ function(C,D,A,B, 9, 9);
+ function(B,C,D,A,13,13);
+ function(A,B,C,D, 2, 3);
+ function(D,A,B,C, 6, 5);
+ function(C,D,A,B,10, 9);
+ function(B,C,D,A,14,13);
+ function(A,B,C,D, 3, 3);
+ function(D,A,B,C, 7, 5);
+ function(C,D,A,B,11, 9);
+ function(B,C,D,A,15,13);
+
+#undef function
+
+ /* Round 3. */
+#define function(a,b,c,d,k,s) a=rol(a+H(b,c,d)+in[k]+0x6ed9eba1,s);
+
+ function(A,B,C,D, 0, 3);
+ function(D,A,B,C, 8, 9);
+ function(C,D,A,B, 4,11);
+ function(B,C,D,A,12,15);
+ function(A,B,C,D, 2, 3);
+ function(D,A,B,C,10, 9);
+ function(C,D,A,B, 6,11);
+ function(B,C,D,A,14,15);
+ function(A,B,C,D, 1, 3);
+ function(D,A,B,C, 9, 9);
+ function(C,D,A,B, 5,11);
+ function(B,C,D,A,13,15);
+ function(A,B,C,D, 3, 3);
+ function(D,A,B,C,11, 9);
+ function(C,D,A,B, 7,11);
+ function(B,C,D,A,15,15);
+
+
+ /* Put checksum in context given as argument. */
+ ctx->A += A;
+ ctx->B += B;
+ ctx->C += C;
+ ctx->D += D;
+}
+
+
+
+/* The routine updates the message-digest context to
+ * account for the presence of each of the characters inBuf[0..inLen-1]
+ * in the message whose digest is being computed.
+ */
+static void
+md4_write ( void *context, const void *inbuf_arg, size_t inlen)
+{
+ const unsigned char *inbuf = inbuf_arg;
+ MD4_CONTEXT *hd = context;
+
+ if( hd->count == 64 ) /* flush the buffer */
+ {
+ transform( hd, hd->buf );
+ _gcry_burn_stack (80+6*sizeof(void*));
+ hd->count = 0;
+ hd->nblocks++;
+ }
+ if( !inbuf )
+ return;
+
+ if( hd->count )
+ {
+ for( ; inlen && hd->count < 64; inlen-- )
+ hd->buf[hd->count++] = *inbuf++;
+ md4_write( hd, NULL, 0 );
+ if( !inlen )
+ return;
+ }
+ _gcry_burn_stack (80+6*sizeof(void*));
+
+ while( inlen >= 64 )
+ {
+ transform( hd, inbuf );
+ hd->count = 0;
+ hd->nblocks++;
+ inlen -= 64;
+ inbuf += 64;
+ }
+ for( ; inlen && hd->count < 64; inlen-- )
+ hd->buf[hd->count++] = *inbuf++;
+}
+
+
+
+/* The routine final terminates the message-digest computation and
+ * ends with the desired message digest in mdContext->digest[0...15].
+ * The handle is prepared for a new MD4 cycle.
+ * Returns 16 bytes representing the digest.
+ */
+
+static void
+md4_final( void *context )
+{
+ MD4_CONTEXT *hd = context;
+ u32 t, msb, lsb;
+ byte *p;
+
+ md4_write(hd, NULL, 0); /* flush */;
+
+ t = hd->nblocks;
+ /* multiply by 64 to make a byte count */
+ lsb = t << 6;
+ msb = t >> 26;
+ /* add the count */
+ t = lsb;
+ if( (lsb += hd->count) < t )
+ msb++;
+ /* multiply by 8 to make a bit count */
+ t = lsb;
+ lsb <<= 3;
+ msb <<= 3;
+ msb |= t >> 29;
+
+ if( hd->count < 56 ) /* enough room */
+ {
+ hd->buf[hd->count++] = 0x80; /* pad */
+ while( hd->count < 56 )
+ hd->buf[hd->count++] = 0; /* pad */
+ }
+ else /* need one extra block */
+ {
+ hd->buf[hd->count++] = 0x80; /* pad character */
+ while( hd->count < 64 )
+ hd->buf[hd->count++] = 0;
+ md4_write(hd, NULL, 0); /* flush */;
+ memset(hd->buf, 0, 56 ); /* fill next block with zeroes */
+ }
+ /* append the 64 bit count */
+ hd->buf[56] = lsb ;
+ hd->buf[57] = lsb >> 8;
+ hd->buf[58] = lsb >> 16;
+ hd->buf[59] = lsb >> 24;
+ hd->buf[60] = msb ;
+ hd->buf[61] = msb >> 8;
+ hd->buf[62] = msb >> 16;
+ hd->buf[63] = msb >> 24;
+ transform( hd, hd->buf );
+ _gcry_burn_stack (80+6*sizeof(void*));
+
+ p = hd->buf;
+#ifdef WORDS_BIGENDIAN
+#define X(a) do { *p++ = hd->a ; *p++ = hd->a >> 8; \
+ *p++ = hd->a >> 16; *p++ = hd->a >> 24; } while(0)
+#else /* little endian */
+#define X(a) do { *(u32*)p = (*hd).a ; p += 4; } while(0)
+#endif
+ X(A);
+ X(B);
+ X(C);
+ X(D);
+#undef X
+
+}
+
+static byte *
+md4_read (void *context)
+{
+ MD4_CONTEXT *hd = context;
+ return hd->buf;
+}
+
+static byte asn[18] = /* Object ID is 1.2.840.113549.2.4 */
+ { 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86,0x48,
+ 0x86, 0xf7, 0x0d, 0x02, 0x04, 0x05, 0x00, 0x04, 0x10 };
+
+static gcry_md_oid_spec_t oid_spec_md4[] =
+ {
+ /* iso.member-body.us.rsadsi.digestAlgorithm.md4 */
+ { "1.2.840.113549.2.4" },
+ { NULL },
+ };
+
+gcry_md_spec_t _gcry_digest_spec_md4 =
+ {
+ "MD4", asn, DIM (asn), oid_spec_md4,16,
+ md4_init, md4_write, md4_final, md4_read,
+ sizeof (MD4_CONTEXT)
+ };
+
diff --git a/grub-core/lib/libgcrypt/cipher/md5.c b/grub-core/lib/libgcrypt/cipher/md5.c
new file mode 100644
index 0000000..899dce8
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/md5.c
@@ -0,0 +1,355 @@
+/* md5.c - MD5 Message-Digest Algorithm
+ * Copyright (C) 1995,1996,1998,1999,2001,2002,
+ * 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ *
+ * According to the definition of MD5 in RFC 1321 from April 1992.
+ * NOTE: This is *not* the same file as the one from glibc.
+ * Written by Ulrich Drepper <drepper@gnu.ai.mit.edu>, 1995.
+ * heavily modified for GnuPG by Werner Koch <wk@gnupg.org>
+ */
+
+/* Test values:
+ * "" D4 1D 8C D9 8F 00 B2 04 E9 80 09 98 EC F8 42 7E
+ * "a" 0C C1 75 B9 C0 F1 B6 A8 31 C3 99 E2 69 77 26 61
+ * "abc 90 01 50 98 3C D2 4F B0 D6 96 3F 7D 28 E1 7F 72
+ * "message digest" F9 6B 69 7D 7C B7 93 8D 52 5A 2F 31 AA F1 61 D0
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "g10lib.h"
+#include "memory.h"
+#include "cipher.h"
+
+#include "bithelp.h"
+
+
+typedef struct {
+ u32 A,B,C,D; /* chaining variables */
+ u32 nblocks;
+ byte buf[64];
+ int count;
+} MD5_CONTEXT;
+
+
+static void
+md5_init( void *context )
+{
+ MD5_CONTEXT *ctx = context;
+
+ ctx->A = 0x67452301;
+ ctx->B = 0xefcdab89;
+ ctx->C = 0x98badcfe;
+ ctx->D = 0x10325476;
+
+ ctx->nblocks = 0;
+ ctx->count = 0;
+}
+
+
+/* These are the four functions used in the four steps of the MD5 algorithm
+ and defined in the RFC 1321. The first function is a little bit optimized
+ (as found in Colin Plumbs public domain implementation). */
+/* #define FF(b, c, d) ((b & c) | (~b & d)) */
+#define FF(b, c, d) (d ^ (b & (c ^ d)))
+#define FG(b, c, d) FF (d, b, c)
+#define FH(b, c, d) (b ^ c ^ d)
+#define FI(b, c, d) (c ^ (b | ~d))
+
+
+/****************
+ * transform n*64 bytes
+ */
+static void
+transform ( MD5_CONTEXT *ctx, const unsigned char *data )
+{
+ u32 correct_words[16];
+ register u32 A = ctx->A;
+ register u32 B = ctx->B;
+ register u32 C = ctx->C;
+ register u32 D = ctx->D;
+ u32 *cwp = correct_words;
+
+#ifdef WORDS_BIGENDIAN
+ {
+ int i;
+ byte *p2, *p1;
+ for(i=0, p1=data, p2=(byte*)correct_words; i < 16; i++, p2 += 4 )
+ {
+ p2[3] = *p1++;
+ p2[2] = *p1++;
+ p2[1] = *p1++;
+ p2[0] = *p1++;
+ }
+ }
+#else
+ memcpy( correct_words, data, 64 );
+#endif
+
+
+#define OP(a, b, c, d, s, T) \
+ do \
+ { \
+ a += FF (b, c, d) + (*cwp++) + T; \
+ a = rol(a, s); \
+ a += b; \
+ } \
+ while (0)
+
+ /* Before we start, one word about the strange constants.
+ They are defined in RFC 1321 as
+
+ T[i] = (int) (4294967296.0 * fabs (sin (i))), i=1..64
+ */
+
+ /* Round 1. */
+ OP (A, B, C, D, 7, 0xd76aa478);
+ OP (D, A, B, C, 12, 0xe8c7b756);
+ OP (C, D, A, B, 17, 0x242070db);
+ OP (B, C, D, A, 22, 0xc1bdceee);
+ OP (A, B, C, D, 7, 0xf57c0faf);
+ OP (D, A, B, C, 12, 0x4787c62a);
+ OP (C, D, A, B, 17, 0xa8304613);
+ OP (B, C, D, A, 22, 0xfd469501);
+ OP (A, B, C, D, 7, 0x698098d8);
+ OP (D, A, B, C, 12, 0x8b44f7af);
+ OP (C, D, A, B, 17, 0xffff5bb1);
+ OP (B, C, D, A, 22, 0x895cd7be);
+ OP (A, B, C, D, 7, 0x6b901122);
+ OP (D, A, B, C, 12, 0xfd987193);
+ OP (C, D, A, B, 17, 0xa679438e);
+ OP (B, C, D, A, 22, 0x49b40821);
+
+#undef OP
+#define OP(f, a, b, c, d, k, s, T) \
+ do \
+ { \
+ a += f (b, c, d) + correct_words[k] + T; \
+ a = rol(a, s); \
+ a += b; \
+ } \
+ while (0)
+
+ /* Round 2. */
+ OP (FG, A, B, C, D, 1, 5, 0xf61e2562);
+ OP (FG, D, A, B, C, 6, 9, 0xc040b340);
+ OP (FG, C, D, A, B, 11, 14, 0x265e5a51);
+ OP (FG, B, C, D, A, 0, 20, 0xe9b6c7aa);
+ OP (FG, A, B, C, D, 5, 5, 0xd62f105d);
+ OP (FG, D, A, B, C, 10, 9, 0x02441453);
+ OP (FG, C, D, A, B, 15, 14, 0xd8a1e681);
+ OP (FG, B, C, D, A, 4, 20, 0xe7d3fbc8);
+ OP (FG, A, B, C, D, 9, 5, 0x21e1cde6);
+ OP (FG, D, A, B, C, 14, 9, 0xc33707d6);
+ OP (FG, C, D, A, B, 3, 14, 0xf4d50d87);
+ OP (FG, B, C, D, A, 8, 20, 0x455a14ed);
+ OP (FG, A, B, C, D, 13, 5, 0xa9e3e905);
+ OP (FG, D, A, B, C, 2, 9, 0xfcefa3f8);
+ OP (FG, C, D, A, B, 7, 14, 0x676f02d9);
+ OP (FG, B, C, D, A, 12, 20, 0x8d2a4c8a);
+
+ /* Round 3. */
+ OP (FH, A, B, C, D, 5, 4, 0xfffa3942);
+ OP (FH, D, A, B, C, 8, 11, 0x8771f681);
+ OP (FH, C, D, A, B, 11, 16, 0x6d9d6122);
+ OP (FH, B, C, D, A, 14, 23, 0xfde5380c);
+ OP (FH, A, B, C, D, 1, 4, 0xa4beea44);
+ OP (FH, D, A, B, C, 4, 11, 0x4bdecfa9);
+ OP (FH, C, D, A, B, 7, 16, 0xf6bb4b60);
+ OP (FH, B, C, D, A, 10, 23, 0xbebfbc70);
+ OP (FH, A, B, C, D, 13, 4, 0x289b7ec6);
+ OP (FH, D, A, B, C, 0, 11, 0xeaa127fa);
+ OP (FH, C, D, A, B, 3, 16, 0xd4ef3085);
+ OP (FH, B, C, D, A, 6, 23, 0x04881d05);
+ OP (FH, A, B, C, D, 9, 4, 0xd9d4d039);
+ OP (FH, D, A, B, C, 12, 11, 0xe6db99e5);
+ OP (FH, C, D, A, B, 15, 16, 0x1fa27cf8);
+ OP (FH, B, C, D, A, 2, 23, 0xc4ac5665);
+
+ /* Round 4. */
+ OP (FI, A, B, C, D, 0, 6, 0xf4292244);
+ OP (FI, D, A, B, C, 7, 10, 0x432aff97);
+ OP (FI, C, D, A, B, 14, 15, 0xab9423a7);
+ OP (FI, B, C, D, A, 5, 21, 0xfc93a039);
+ OP (FI, A, B, C, D, 12, 6, 0x655b59c3);
+ OP (FI, D, A, B, C, 3, 10, 0x8f0ccc92);
+ OP (FI, C, D, A, B, 10, 15, 0xffeff47d);
+ OP (FI, B, C, D, A, 1, 21, 0x85845dd1);
+ OP (FI, A, B, C, D, 8, 6, 0x6fa87e4f);
+ OP (FI, D, A, B, C, 15, 10, 0xfe2ce6e0);
+ OP (FI, C, D, A, B, 6, 15, 0xa3014314);
+ OP (FI, B, C, D, A, 13, 21, 0x4e0811a1);
+ OP (FI, A, B, C, D, 4, 6, 0xf7537e82);
+ OP (FI, D, A, B, C, 11, 10, 0xbd3af235);
+ OP (FI, C, D, A, B, 2, 15, 0x2ad7d2bb);
+ OP (FI, B, C, D, A, 9, 21, 0xeb86d391);
+
+ /* Put checksum in context given as argument. */
+ ctx->A += A;
+ ctx->B += B;
+ ctx->C += C;
+ ctx->D += D;
+}
+
+
+
+/* The routine updates the message-digest context to
+ * account for the presence of each of the characters inBuf[0..inLen-1]
+ * in the message whose digest is being computed.
+ */
+static void
+md5_write( void *context, const void *inbuf_arg , size_t inlen)
+{
+ const unsigned char *inbuf = inbuf_arg;
+ MD5_CONTEXT *hd = context;
+
+ if( hd->count == 64 ) /* flush the buffer */
+ {
+ transform( hd, hd->buf );
+ _gcry_burn_stack (80+6*sizeof(void*));
+ hd->count = 0;
+ hd->nblocks++;
+ }
+ if( !inbuf )
+ return;
+
+ if( hd->count )
+ {
+ for( ; inlen && hd->count < 64; inlen-- )
+ hd->buf[hd->count++] = *inbuf++;
+ md5_write( hd, NULL, 0 );
+ if( !inlen )
+ return;
+ }
+ _gcry_burn_stack (80+6*sizeof(void*));
+
+ while( inlen >= 64 )
+ {
+ transform( hd, inbuf );
+ hd->count = 0;
+ hd->nblocks++;
+ inlen -= 64;
+ inbuf += 64;
+ }
+ for( ; inlen && hd->count < 64; inlen-- )
+ hd->buf[hd->count++] = *inbuf++;
+
+}
+
+
+
+/* The routine final terminates the message-digest computation and
+ * ends with the desired message digest in mdContext->digest[0...15].
+ * The handle is prepared for a new MD5 cycle.
+ * Returns 16 bytes representing the digest.
+ */
+
+static void
+md5_final( void *context)
+{
+ MD5_CONTEXT *hd = context;
+ u32 t, msb, lsb;
+ byte *p;
+
+ md5_write(hd, NULL, 0); /* flush */;
+
+ t = hd->nblocks;
+ /* multiply by 64 to make a byte count */
+ lsb = t << 6;
+ msb = t >> 26;
+ /* add the count */
+ t = lsb;
+ if( (lsb += hd->count) < t )
+ msb++;
+ /* multiply by 8 to make a bit count */
+ t = lsb;
+ lsb <<= 3;
+ msb <<= 3;
+ msb |= t >> 29;
+
+ if( hd->count < 56 ) /* enough room */
+ {
+ hd->buf[hd->count++] = 0x80; /* pad */
+ while( hd->count < 56 )
+ hd->buf[hd->count++] = 0; /* pad */
+ }
+ else /* need one extra block */
+ {
+ hd->buf[hd->count++] = 0x80; /* pad character */
+ while( hd->count < 64 )
+ hd->buf[hd->count++] = 0;
+ md5_write(hd, NULL, 0); /* flush */;
+ memset(hd->buf, 0, 56 ); /* fill next block with zeroes */
+ }
+ /* append the 64 bit count */
+ hd->buf[56] = lsb ;
+ hd->buf[57] = lsb >> 8;
+ hd->buf[58] = lsb >> 16;
+ hd->buf[59] = lsb >> 24;
+ hd->buf[60] = msb ;
+ hd->buf[61] = msb >> 8;
+ hd->buf[62] = msb >> 16;
+ hd->buf[63] = msb >> 24;
+ transform( hd, hd->buf );
+ _gcry_burn_stack (80+6*sizeof(void*));
+
+ p = hd->buf;
+#ifdef WORDS_BIGENDIAN
+#define X(a) do { *p++ = hd->a ; *p++ = hd->a >> 8; \
+ *p++ = hd->a >> 16; *p++ = hd->a >> 24; } while(0)
+#else /* little endian */
+#define X(a) do { *(u32*)p = (*hd).a ; p += 4; } while(0)
+#endif
+ X(A);
+ X(B);
+ X(C);
+ X(D);
+#undef X
+
+}
+
+static byte *
+md5_read( void *context )
+{
+ MD5_CONTEXT *hd = (MD5_CONTEXT *) context;
+ return hd->buf;
+}
+
+static byte asn[18] = /* Object ID is 1.2.840.113549.2.5 */
+ { 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86,0x48,
+ 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10 };
+
+static gcry_md_oid_spec_t oid_spec_md5[] =
+ {
+ /* iso.member-body.us.rsadsi.pkcs.pkcs-1.4 (md5WithRSAEncryption) */
+ { "1.2.840.113549.1.1.4" },
+ /* RSADSI digestAlgorithm MD5 */
+ { "1.2.840.113549.2.5" },
+ { NULL },
+ };
+
+gcry_md_spec_t _gcry_digest_spec_md5 =
+ {
+ "MD5", asn, DIM (asn), oid_spec_md5, 16,
+ md5_init, md5_write, md5_final, md5_read,
+ sizeof (MD5_CONTEXT)
+ };
diff --git a/grub-core/lib/libgcrypt/cipher/primegen.c b/grub-core/lib/libgcrypt/cipher/primegen.c
new file mode 100644
index 0000000..b869bee
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/primegen.c
@@ -0,0 +1,1862 @@
+/* primegen.c - prime number generator
+ * Copyright (C) 1998, 2000, 2001, 2002, 2003
+ * 2004, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+
+#include "g10lib.h"
+#include "mpi.h"
+#include "cipher.h"
+#include "ath.h"
+
+static gcry_mpi_t gen_prime (unsigned int nbits, int secret, int randomlevel,
+ int (*extra_check)(void *, gcry_mpi_t),
+ void *extra_check_arg);
+static int check_prime( gcry_mpi_t prime, gcry_mpi_t val_2, int rm_rounds,
+ gcry_prime_check_func_t cb_func, void *cb_arg );
+static int is_prime (gcry_mpi_t n, int steps, unsigned int *count);
+static void m_out_of_n( char *array, int m, int n );
+
+static void (*progress_cb) (void *,const char*,int,int, int );
+static void *progress_cb_data;
+
+/* Note: 2 is not included because it can be tested more easily by
+ looking at bit 0. The last entry in this list is marked by a zero */
+static ushort small_prime_numbers[] = {
+ 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43,
+ 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101,
+ 103, 107, 109, 113, 127, 131, 137, 139, 149, 151,
+ 157, 163, 167, 173, 179, 181, 191, 193, 197, 199,
+ 211, 223, 227, 229, 233, 239, 241, 251, 257, 263,
+ 269, 271, 277, 281, 283, 293, 307, 311, 313, 317,
+ 331, 337, 347, 349, 353, 359, 367, 373, 379, 383,
+ 389, 397, 401, 409, 419, 421, 431, 433, 439, 443,
+ 449, 457, 461, 463, 467, 479, 487, 491, 499, 503,
+ 509, 521, 523, 541, 547, 557, 563, 569, 571, 577,
+ 587, 593, 599, 601, 607, 613, 617, 619, 631, 641,
+ 643, 647, 653, 659, 661, 673, 677, 683, 691, 701,
+ 709, 719, 727, 733, 739, 743, 751, 757, 761, 769,
+ 773, 787, 797, 809, 811, 821, 823, 827, 829, 839,
+ 853, 857, 859, 863, 877, 881, 883, 887, 907, 911,
+ 919, 929, 937, 941, 947, 953, 967, 971, 977, 983,
+ 991, 997, 1009, 1013, 1019, 1021, 1031, 1033,
+ 1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091,
+ 1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151,
+ 1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213,
+ 1217, 1223, 1229, 1231, 1237, 1249, 1259, 1277,
+ 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307,
+ 1319, 1321, 1327, 1361, 1367, 1373, 1381, 1399,
+ 1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451,
+ 1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493,
+ 1499, 1511, 1523, 1531, 1543, 1549, 1553, 1559,
+ 1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609,
+ 1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667,
+ 1669, 1693, 1697, 1699, 1709, 1721, 1723, 1733,
+ 1741, 1747, 1753, 1759, 1777, 1783, 1787, 1789,
+ 1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871,
+ 1873, 1877, 1879, 1889, 1901, 1907, 1913, 1931,
+ 1933, 1949, 1951, 1973, 1979, 1987, 1993, 1997,
+ 1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053,
+ 2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111,
+ 2113, 2129, 2131, 2137, 2141, 2143, 2153, 2161,
+ 2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243,
+ 2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297,
+ 2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357,
+ 2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411,
+ 2417, 2423, 2437, 2441, 2447, 2459, 2467, 2473,
+ 2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551,
+ 2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633,
+ 2647, 2657, 2659, 2663, 2671, 2677, 2683, 2687,
+ 2689, 2693, 2699, 2707, 2711, 2713, 2719, 2729,
+ 2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791,
+ 2797, 2801, 2803, 2819, 2833, 2837, 2843, 2851,
+ 2857, 2861, 2879, 2887, 2897, 2903, 2909, 2917,
+ 2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999,
+ 3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061,
+ 3067, 3079, 3083, 3089, 3109, 3119, 3121, 3137,
+ 3163, 3167, 3169, 3181, 3187, 3191, 3203, 3209,
+ 3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271,
+ 3299, 3301, 3307, 3313, 3319, 3323, 3329, 3331,
+ 3343, 3347, 3359, 3361, 3371, 3373, 3389, 3391,
+ 3407, 3413, 3433, 3449, 3457, 3461, 3463, 3467,
+ 3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533,
+ 3539, 3541, 3547, 3557, 3559, 3571, 3581, 3583,
+ 3593, 3607, 3613, 3617, 3623, 3631, 3637, 3643,
+ 3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709,
+ 3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779,
+ 3793, 3797, 3803, 3821, 3823, 3833, 3847, 3851,
+ 3853, 3863, 3877, 3881, 3889, 3907, 3911, 3917,
+ 3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989,
+ 4001, 4003, 4007, 4013, 4019, 4021, 4027, 4049,
+ 4051, 4057, 4073, 4079, 4091, 4093, 4099, 4111,
+ 4127, 4129, 4133, 4139, 4153, 4157, 4159, 4177,
+ 4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243,
+ 4253, 4259, 4261, 4271, 4273, 4283, 4289, 4297,
+ 4327, 4337, 4339, 4349, 4357, 4363, 4373, 4391,
+ 4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457,
+ 4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519,
+ 4523, 4547, 4549, 4561, 4567, 4583, 4591, 4597,
+ 4603, 4621, 4637, 4639, 4643, 4649, 4651, 4657,
+ 4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729,
+ 4733, 4751, 4759, 4783, 4787, 4789, 4793, 4799,
+ 4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889,
+ 4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951,
+ 4957, 4967, 4969, 4973, 4987, 4993, 4999,
+ 0
+};
+static int no_of_small_prime_numbers = DIM (small_prime_numbers) - 1;
+
+
+
+/* An object and a list to build up a global pool of primes. See
+ save_pool_prime and get_pool_prime. */
+struct primepool_s
+{
+ struct primepool_s *next;
+ gcry_mpi_t prime; /* If this is NULL the entry is not used. */
+ unsigned int nbits;
+ gcry_random_level_t randomlevel;
+};
+struct primepool_s *primepool;
+/* Mutex used to protect access to the primepool. */
+static ath_mutex_t primepool_lock = ATH_MUTEX_INITIALIZER;
+
+
+
+/* Save PRIME which has been generated at RANDOMLEVEL for later
+ use. Needs to be called while primepool_lock is being hold. Note
+ that PRIME should be considered released after calling this
+ function. */
+static void
+save_pool_prime (gcry_mpi_t prime, gcry_random_level_t randomlevel)
+{
+ struct primepool_s *item, *item2;
+ size_t n;
+
+ for (n=0, item = primepool; item; item = item->next, n++)
+ if (!item->prime)
+ break;
+ if (!item && n > 100)
+ {
+ /* Remove some of the entries. Our strategy is removing
+ the last third from the list. */
+ int i;
+
+ for (i=0, item2 = primepool; item2; item2 = item2->next)
+ {
+ if (i >= n/3*2)
+ {
+ gcry_mpi_release (item2->prime);
+ item2->prime = NULL;
+ if (!item)
+ item = item2;
+ }
+ }
+ }
+ if (!item)
+ {
+ item = gcry_calloc (1, sizeof *item);
+ if (!item)
+ {
+ /* Out of memory. Silently giving up. */
+ gcry_mpi_release (prime);
+ return;
+ }
+ item->next = primepool;
+ primepool = item;
+ }
+ item->prime = prime;
+ item->nbits = mpi_get_nbits (prime);
+ item->randomlevel = randomlevel;
+}
+
+
+/* Return a prime for the prime pool or NULL if none has been found.
+ The prime needs to match NBITS and randomlevel. This function needs
+ to be called why the primepool_look is being hold. */
+static gcry_mpi_t
+get_pool_prime (unsigned int nbits, gcry_random_level_t randomlevel)
+{
+ struct primepool_s *item;
+
+ for (item = primepool; item; item = item->next)
+ if (item->prime
+ && item->nbits == nbits && item->randomlevel == randomlevel)
+ {
+ gcry_mpi_t prime = item->prime;
+ item->prime = NULL;
+ gcry_assert (nbits == mpi_get_nbits (prime));
+ return prime;
+ }
+ return NULL;
+}
+
+
+
+
+
+
+void
+_gcry_register_primegen_progress ( void (*cb)(void *,const char*,int,int,int),
+ void *cb_data )
+{
+ progress_cb = cb;
+ progress_cb_data = cb_data;
+}
+
+
+static void
+progress( int c )
+{
+ if ( progress_cb )
+ progress_cb ( progress_cb_data, "primegen", c, 0, 0 );
+}
+
+
+/****************
+ * Generate a prime number (stored in secure memory)
+ */
+gcry_mpi_t
+_gcry_generate_secret_prime (unsigned int nbits,
+ gcry_random_level_t random_level,
+ int (*extra_check)(void*, gcry_mpi_t),
+ void *extra_check_arg)
+{
+ gcry_mpi_t prime;
+
+ prime = gen_prime (nbits, 1, random_level, extra_check, extra_check_arg);
+ progress('\n');
+ return prime;
+}
+
+
+/* Generate a prime number which may be public, i.e. not allocated in
+ secure memory. */
+gcry_mpi_t
+_gcry_generate_public_prime (unsigned int nbits,
+ gcry_random_level_t random_level,
+ int (*extra_check)(void*, gcry_mpi_t),
+ void *extra_check_arg)
+{
+ gcry_mpi_t prime;
+
+ prime = gen_prime (nbits, 0, random_level, extra_check, extra_check_arg);
+ progress('\n');
+ return prime;
+}
+
+
+/* Core prime generation function. The algorithm used to generate
+ practically save primes is due to Lim and Lee as described in the
+ CRYPTO '97 proceedings (ISBN3540633847) page 260.
+
+ NEED_Q_FACTOR: If true make sure that at least one factor is of
+ size qbits. This is for example required for DSA.
+ PRIME_GENERATED: Adresss of a variable where the resulting prime
+ number will be stored.
+ PBITS: Requested size of the prime number. At least 48.
+ QBITS: One factor of the prime needs to be of this size. Maybe 0
+ if this is not required. See also MODE.
+ G: If not NULL an MPI which will receive a generator for the prime
+ for use with Elgamal.
+ RET_FACTORS: if not NULL, an array with all factors are stored at
+ that address.
+ ALL_FACTORS: If set to true all factors of prime-1 are returned.
+ RANDOMLEVEL: How strong should the random numers be.
+ FLAGS: Prime generation bit flags. Currently supported:
+ GCRY_PRIME_FLAG_SECRET - The prime needs to be kept secret.
+ CB_FUNC, CB_ARG: Callback to be used for extra checks.
+
+ */
+static gcry_err_code_t
+prime_generate_internal (int need_q_factor,
+ gcry_mpi_t *prime_generated, unsigned int pbits,
+ unsigned int qbits, gcry_mpi_t g,
+ gcry_mpi_t **ret_factors,
+ gcry_random_level_t randomlevel, unsigned int flags,
+ int all_factors,
+ gcry_prime_check_func_t cb_func, void *cb_arg)
+{
+ gcry_err_code_t err = 0;
+ gcry_mpi_t *factors_new = NULL; /* Factors to return to the
+ caller. */
+ gcry_mpi_t *factors = NULL; /* Current factors. */
+ gcry_random_level_t poolrandomlevel; /* Random level used for pool primes. */
+ gcry_mpi_t *pool = NULL; /* Pool of primes. */
+ int *pool_in_use = NULL; /* Array with currently used POOL elements. */
+ unsigned char *perms = NULL; /* Permutations of POOL. */
+ gcry_mpi_t q_factor = NULL; /* Used if QBITS is non-zero. */
+ unsigned int fbits = 0; /* Length of prime factors. */
+ unsigned int n = 0; /* Number of factors. */
+ unsigned int m = 0; /* Number of primes in pool. */
+ gcry_mpi_t q = NULL; /* First prime factor. */
+ gcry_mpi_t prime = NULL; /* Prime candidate. */
+ unsigned int nprime = 0; /* Bits of PRIME. */
+ unsigned int req_qbits; /* The original QBITS value. */
+ gcry_mpi_t val_2; /* For check_prime(). */
+ int is_locked = 0; /* Flag to help unlocking the primepool. */
+ unsigned int is_secret = (flags & GCRY_PRIME_FLAG_SECRET);
+ unsigned int count1 = 0, count2 = 0;
+ unsigned int i = 0, j = 0;
+
+ if (pbits < 48)
+ return GPG_ERR_INV_ARG;
+
+ /* We won't use a too strong random elvel for the pooled subprimes. */
+ poolrandomlevel = (randomlevel > GCRY_STRONG_RANDOM?
+ GCRY_STRONG_RANDOM : randomlevel);
+
+
+ /* If QBITS is not given, assume a reasonable value. */
+ if (!qbits)
+ qbits = pbits / 3;
+
+ req_qbits = qbits;
+
+ /* Find number of needed prime factors N. */
+ for (n = 1; (pbits - qbits - 1) / n >= qbits; n++)
+ ;
+ n--;
+
+ val_2 = mpi_alloc_set_ui (2);
+
+ if ((! n) || ((need_q_factor) && (n < 2)))
+ {
+ err = GPG_ERR_INV_ARG;
+ goto leave;
+ }
+
+ if (need_q_factor)
+ {
+ n--; /* Need one factor less because we want a specific Q-FACTOR. */
+ fbits = (pbits - 2 * req_qbits -1) / n;
+ qbits = pbits - req_qbits - n * fbits;
+ }
+ else
+ {
+ fbits = (pbits - req_qbits -1) / n;
+ qbits = pbits - n * fbits;
+ }
+
+ if (DBG_CIPHER)
+ log_debug ("gen prime: pbits=%u qbits=%u fbits=%u/%u n=%d\n",
+ pbits, req_qbits, qbits, fbits, n);
+
+ /* Allocate an integer to old the new prime. */
+ prime = gcry_mpi_new (pbits);
+
+ /* Generate first prime factor. */
+ q = gen_prime (qbits, is_secret, randomlevel, NULL, NULL);
+
+ /* Generate a specific Q-Factor if requested. */
+ if (need_q_factor)
+ q_factor = gen_prime (req_qbits, is_secret, randomlevel, NULL, NULL);
+
+ /* Allocate an array to hold all factors + 2 for later usage. */
+ factors = gcry_calloc (n + 2, sizeof (*factors));
+ if (!factors)
+ {
+ err = gpg_err_code_from_errno (errno);
+ goto leave;
+ }
+
+ /* Allocate an array to track pool usage. */
+ pool_in_use = gcry_malloc (n * sizeof *pool_in_use);
+ if (!pool_in_use)
+ {
+ err = gpg_err_code_from_errno (errno);
+ goto leave;
+ }
+ for (i=0; i < n; i++)
+ pool_in_use[i] = -1;
+
+ /* Make a pool of 3n+5 primes (this is an arbitrary value). We
+ require at least 30 primes for are useful selection process.
+
+ Fixme: We need to research the best formula for sizing the pool.
+ */
+ m = n * 3 + 5;
+ if (need_q_factor) /* Need some more in this case. */
+ m += 5;
+ if (m < 30)
+ m = 30;
+ pool = gcry_calloc (m , sizeof (*pool));
+ if (! pool)
+ {
+ err = gpg_err_code_from_errno (errno);
+ goto leave;
+ }
+
+ /* Permutate over the pool of primes until we find a prime of the
+ requested length. */
+ do
+ {
+ next_try:
+ for (i=0; i < n; i++)
+ pool_in_use[i] = -1;
+
+ if (!perms)
+ {
+ /* Allocate new primes. This is done right at the beginning
+ of the loop and if we have later run out of primes. */
+ for (i = 0; i < m; i++)
+ {
+ mpi_free (pool[i]);
+ pool[i] = NULL;
+ }
+
+ /* Init m_out_of_n(). */
+ perms = gcry_calloc (1, m);
+ if (!perms)
+ {
+ err = gpg_err_code_from_errno (errno);
+ goto leave;
+ }
+
+ if (ath_mutex_lock (&primepool_lock))
+ {
+ err = GPG_ERR_INTERNAL;
+ goto leave;
+ }
+ is_locked = 1;
+ for (i = 0; i < n; i++)
+ {
+ perms[i] = 1;
+ /* At a maximum we use strong random for the factors.
+ This saves us a lot of entropy. Given that Q and
+ possible Q-factor are also used in the final prime
+ this should be acceptable. We also don't allocate in
+ secure memory to save on that scare resource too. If
+ Q has been allocated in secure memory, the final
+ prime will be saved there anyway. This is because
+ our MPI routines take care of that. GnuPG has worked
+ this way ever since. */
+ pool[i] = NULL;
+ if (is_locked)
+ {
+ pool[i] = get_pool_prime (fbits, poolrandomlevel);
+ if (!pool[i])
+ {
+ if (ath_mutex_unlock (&primepool_lock))
+ {
+ err = GPG_ERR_INTERNAL;
+ goto leave;
+ }
+ is_locked = 0;
+ }
+ }
+ if (!pool[i])
+ pool[i] = gen_prime (fbits, 0, poolrandomlevel, NULL, NULL);
+ pool_in_use[i] = i;
+ factors[i] = pool[i];
+ }
+ if (is_locked && ath_mutex_unlock (&primepool_lock))
+ {
+ err = GPG_ERR_INTERNAL;
+ goto leave;
+ }
+ is_locked = 0;
+ }
+ else
+ {
+ /* Get next permutation. */
+ m_out_of_n ( (char*)perms, n, m);
+ if (ath_mutex_lock (&primepool_lock))
+ {
+ err = GPG_ERR_INTERNAL;
+ goto leave;
+ }
+ is_locked = 1;
+ for (i = j = 0; (i < m) && (j < n); i++)
+ if (perms[i])
+ {
+ /* If the subprime has not yet beed generated do it now. */
+ if (!pool[i] && is_locked)
+ {
+ pool[i] = get_pool_prime (fbits, poolrandomlevel);
+ if (!pool[i])
+ {
+ if (ath_mutex_unlock (&primepool_lock))
+ {
+ err = GPG_ERR_INTERNAL;
+ goto leave;
+ }
+ is_locked = 0;
+ }
+ }
+ if (!pool[i])
+ pool[i] = gen_prime (fbits, 0, poolrandomlevel, NULL, NULL);
+ pool_in_use[j] = i;
+ factors[j++] = pool[i];
+ }
+ if (is_locked && ath_mutex_unlock (&primepool_lock))
+ {
+ err = GPG_ERR_INTERNAL;
+ goto leave;
+ }
+ is_locked = 0;
+ if (i == n)
+ {
+ /* Ran out of permutations: Allocate new primes. */
+ gcry_free (perms);
+ perms = NULL;
+ progress ('!');
+ goto next_try;
+ }
+ }
+
+ /* Generate next prime candidate:
+ p = 2 * q [ * q_factor] * factor_0 * factor_1 * ... * factor_n + 1.
+ */
+ mpi_set (prime, q);
+ mpi_mul_ui (prime, prime, 2);
+ if (need_q_factor)
+ mpi_mul (prime, prime, q_factor);
+ for(i = 0; i < n; i++)
+ mpi_mul (prime, prime, factors[i]);
+ mpi_add_ui (prime, prime, 1);
+ nprime = mpi_get_nbits (prime);
+
+ if (nprime < pbits)
+ {
+ if (++count1 > 20)
+ {
+ count1 = 0;
+ qbits++;
+ progress('>');
+ mpi_free (q);
+ q = gen_prime (qbits, is_secret, randomlevel, NULL, NULL);
+ goto next_try;
+ }
+ }
+ else
+ count1 = 0;
+
+ if (nprime > pbits)
+ {
+ if (++count2 > 20)
+ {
+ count2 = 0;
+ qbits--;
+ progress('<');
+ mpi_free (q);
+ q = gen_prime (qbits, is_secret, randomlevel, NULL, NULL);
+ goto next_try;
+ }
+ }
+ else
+ count2 = 0;
+ }
+ while (! ((nprime == pbits) && check_prime (prime, val_2, 5,
+ cb_func, cb_arg)));
+
+ if (DBG_CIPHER)
+ {
+ progress ('\n');
+ log_mpidump ("prime : ", prime);
+ log_mpidump ("factor q: ", q);
+ if (need_q_factor)
+ log_mpidump ("factor q0: ", q_factor);
+ for (i = 0; i < n; i++)
+ log_mpidump ("factor pi: ", factors[i]);
+ log_debug ("bit sizes: prime=%u, q=%u",
+ mpi_get_nbits (prime), mpi_get_nbits (q));
+ if (need_q_factor)
+ log_debug (", q0=%u", mpi_get_nbits (q_factor));
+ for (i = 0; i < n; i++)
+ log_debug (", p%d=%u", i, mpi_get_nbits (factors[i]));
+ progress('\n');
+ }
+
+ if (ret_factors)
+ {
+ /* Caller wants the factors. */
+ factors_new = gcry_calloc (n + 4, sizeof (*factors_new));
+ if (! factors_new)
+ {
+ err = gpg_err_code_from_errno (errno);
+ goto leave;
+ }
+
+ if (all_factors)
+ {
+ i = 0;
+ factors_new[i++] = gcry_mpi_set_ui (NULL, 2);
+ factors_new[i++] = mpi_copy (q);
+ if (need_q_factor)
+ factors_new[i++] = mpi_copy (q_factor);
+ for(j=0; j < n; j++)
+ factors_new[i++] = mpi_copy (factors[j]);
+ }
+ else
+ {
+ i = 0;
+ if (need_q_factor)
+ {
+ factors_new[i++] = mpi_copy (q_factor);
+ for (; i <= n; i++)
+ factors_new[i] = mpi_copy (factors[i]);
+ }
+ else
+ for (; i < n; i++ )
+ factors_new[i] = mpi_copy (factors[i]);
+ }
+ }
+
+ if (g)
+ {
+ /* Create a generator (start with 3). */
+ gcry_mpi_t tmp = mpi_alloc (mpi_get_nlimbs (prime));
+ gcry_mpi_t b = mpi_alloc (mpi_get_nlimbs (prime));
+ gcry_mpi_t pmin1 = mpi_alloc (mpi_get_nlimbs (prime));
+
+ if (need_q_factor)
+ err = GPG_ERR_NOT_IMPLEMENTED;
+ else
+ {
+ factors[n] = q;
+ factors[n + 1] = mpi_alloc_set_ui (2);
+ mpi_sub_ui (pmin1, prime, 1);
+ mpi_set_ui (g, 2);
+ do
+ {
+ mpi_add_ui (g, g, 1);
+ if (DBG_CIPHER)
+ {
+ log_debug ("checking g:");
+ gcry_mpi_dump (g);
+ log_printf ("\n");
+ }
+ else
+ progress('^');
+ for (i = 0; i < n + 2; i++)
+ {
+ mpi_fdiv_q (tmp, pmin1, factors[i]);
+ /* No mpi_pow(), but it is okay to use this with mod
+ prime. */
+ gcry_mpi_powm (b, g, tmp, prime);
+ if (! mpi_cmp_ui (b, 1))
+ break;
+ }
+ if (DBG_CIPHER)
+ progress('\n');
+ }
+ while (i < n + 2);
+
+ mpi_free (factors[n+1]);
+ mpi_free (tmp);
+ mpi_free (b);
+ mpi_free (pmin1);
+ }
+ }
+
+ if (! DBG_CIPHER)
+ progress ('\n');
+
+
+ leave:
+ if (pool)
+ {
+ is_locked = !ath_mutex_lock (&primepool_lock);
+ for(i = 0; i < m; i++)
+ {
+ if (pool[i])
+ {
+ for (j=0; j < n; j++)
+ if (pool_in_use[j] == i)
+ break;
+ if (j == n && is_locked)
+ {
+ /* This pooled subprime has not been used. */
+ save_pool_prime (pool[i], poolrandomlevel);
+ }
+ else
+ mpi_free (pool[i]);
+ }
+ }
+ if (is_locked && ath_mutex_unlock (&primepool_lock))
+ err = GPG_ERR_INTERNAL;
+ is_locked = 0;
+ gcry_free (pool);
+ }
+ gcry_free (pool_in_use);
+ if (factors)
+ gcry_free (factors); /* Factors are shallow copies. */
+ if (perms)
+ gcry_free (perms);
+
+ mpi_free (val_2);
+ mpi_free (q);
+ mpi_free (q_factor);
+
+ if (! err)
+ {
+ *prime_generated = prime;
+ if (ret_factors)
+ *ret_factors = factors_new;
+ }
+ else
+ {
+ if (factors_new)
+ {
+ for (i = 0; factors_new[i]; i++)
+ mpi_free (factors_new[i]);
+ gcry_free (factors_new);
+ }
+ mpi_free (prime);
+ }
+
+ return err;
+}
+
+
+/* Generate a prime used for discrete logarithm algorithms; i.e. this
+ prime will be public and no strong random is required. */
+gcry_mpi_t
+_gcry_generate_elg_prime (int mode, unsigned pbits, unsigned qbits,
+ gcry_mpi_t g, gcry_mpi_t **ret_factors)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+ gcry_mpi_t prime = NULL;
+
+ err = prime_generate_internal ((mode == 1), &prime, pbits, qbits, g,
+ ret_factors, GCRY_WEAK_RANDOM, 0, 0,
+ NULL, NULL);
+
+ return prime;
+}
+
+
+static gcry_mpi_t
+gen_prime (unsigned int nbits, int secret, int randomlevel,
+ int (*extra_check)(void *, gcry_mpi_t), void *extra_check_arg)
+{
+ gcry_mpi_t prime, ptest, pminus1, val_2, val_3, result;
+ int i;
+ unsigned int x, step;
+ unsigned int count1, count2;
+ int *mods;
+
+/* if ( DBG_CIPHER ) */
+/* log_debug ("generate a prime of %u bits ", nbits ); */
+
+ if (nbits < 16)
+ log_fatal ("can't generate a prime with less than %d bits\n", 16);
+
+ mods = gcry_xmalloc( no_of_small_prime_numbers * sizeof *mods );
+ /* Make nbits fit into gcry_mpi_t implementation. */
+ val_2 = mpi_alloc_set_ui( 2 );
+ val_3 = mpi_alloc_set_ui( 3);
+ prime = secret? gcry_mpi_snew ( nbits ): gcry_mpi_new ( nbits );
+ result = mpi_alloc_like( prime );
+ pminus1= mpi_alloc_like( prime );
+ ptest = mpi_alloc_like( prime );
+ count1 = count2 = 0;
+ for (;;)
+ { /* try forvever */
+ int dotcount=0;
+
+ /* generate a random number */
+ gcry_mpi_randomize( prime, nbits, randomlevel );
+
+ /* Set high order bit to 1, set low order bit to 1. If we are
+ generating a secret prime we are most probably doing that
+ for RSA, to make sure that the modulus does have the
+ requested key size we set the 2 high order bits. */
+ mpi_set_highbit (prime, nbits-1);
+ if (secret)
+ mpi_set_bit (prime, nbits-2);
+ mpi_set_bit(prime, 0);
+
+ /* Calculate all remainders. */
+ for (i=0; (x = small_prime_numbers[i]); i++ )
+ mods[i] = mpi_fdiv_r_ui(NULL, prime, x);
+
+ /* Now try some primes starting with prime. */
+ for(step=0; step < 20000; step += 2 )
+ {
+ /* Check against all the small primes we have in mods. */
+ count1++;
+ for (i=0; (x = small_prime_numbers[i]); i++ )
+ {
+ while ( mods[i] + step >= x )
+ mods[i] -= x;
+ if ( !(mods[i] + step) )
+ break;
+ }
+ if ( x )
+ continue; /* Found a multiple of an already known prime. */
+
+ mpi_add_ui( ptest, prime, step );
+
+ /* Do a fast Fermat test now. */
+ count2++;
+ mpi_sub_ui( pminus1, ptest, 1);
+ gcry_mpi_powm( result, val_2, pminus1, ptest );
+ if ( !mpi_cmp_ui( result, 1 ) )
+ {
+ /* Not composite, perform stronger tests */
+ if (is_prime(ptest, 5, &count2 ))
+ {
+ if (!mpi_test_bit( ptest, nbits-1-secret ))
+ {
+ progress('\n');
+ log_debug ("overflow in prime generation\n");
+ break; /* Stop loop, continue with a new prime. */
+ }
+
+ if (extra_check && extra_check (extra_check_arg, ptest))
+ {
+ /* The extra check told us that this prime is
+ not of the caller's taste. */
+ progress ('/');
+ }
+ else
+ {
+ /* Got it. */
+ mpi_free(val_2);
+ mpi_free(val_3);
+ mpi_free(result);
+ mpi_free(pminus1);
+ mpi_free(prime);
+ gcry_free(mods);
+ return ptest;
+ }
+ }
+ }
+ if (++dotcount == 10 )
+ {
+ progress('.');
+ dotcount = 0;
+ }
+ }
+ progress(':'); /* restart with a new random value */
+ }
+}
+
+/****************
+ * Returns: true if this may be a prime
+ * RM_ROUNDS gives the number of Rabin-Miller tests to run.
+ */
+static int
+check_prime( gcry_mpi_t prime, gcry_mpi_t val_2, int rm_rounds,
+ gcry_prime_check_func_t cb_func, void *cb_arg)
+{
+ int i;
+ unsigned int x;
+ unsigned int count=0;
+
+ /* Check against small primes. */
+ for (i=0; (x = small_prime_numbers[i]); i++ )
+ {
+ if ( mpi_divisible_ui( prime, x ) )
+ return 0;
+ }
+
+ /* A quick Fermat test. */
+ {
+ gcry_mpi_t result = mpi_alloc_like( prime );
+ gcry_mpi_t pminus1 = mpi_alloc_like( prime );
+ mpi_sub_ui( pminus1, prime, 1);
+ gcry_mpi_powm( result, val_2, pminus1, prime );
+ mpi_free( pminus1 );
+ if ( mpi_cmp_ui( result, 1 ) )
+ {
+ /* Is composite. */
+ mpi_free( result );
+ progress('.');
+ return 0;
+ }
+ mpi_free( result );
+ }
+
+ if (!cb_func || cb_func (cb_arg, GCRY_PRIME_CHECK_AT_MAYBE_PRIME, prime))
+ {
+ /* Perform stronger tests. */
+ if ( is_prime( prime, rm_rounds, &count ) )
+ {
+ if (!cb_func
+ || cb_func (cb_arg, GCRY_PRIME_CHECK_AT_GOT_PRIME, prime))
+ return 1; /* Probably a prime. */
+ }
+ }
+ progress('.');
+ return 0;
+}
+
+
+/*
+ * Return true if n is probably a prime
+ */
+static int
+is_prime (gcry_mpi_t n, int steps, unsigned int *count)
+{
+ gcry_mpi_t x = mpi_alloc( mpi_get_nlimbs( n ) );
+ gcry_mpi_t y = mpi_alloc( mpi_get_nlimbs( n ) );
+ gcry_mpi_t z = mpi_alloc( mpi_get_nlimbs( n ) );
+ gcry_mpi_t nminus1 = mpi_alloc( mpi_get_nlimbs( n ) );
+ gcry_mpi_t a2 = mpi_alloc_set_ui( 2 );
+ gcry_mpi_t q;
+ unsigned i, j, k;
+ int rc = 0;
+ unsigned nbits = mpi_get_nbits( n );
+
+ if (steps < 5) /* Make sure that we do at least 5 rounds. */
+ steps = 5;
+
+ mpi_sub_ui( nminus1, n, 1 );
+
+ /* Find q and k, so that n = 1 + 2^k * q . */
+ q = mpi_copy ( nminus1 );
+ k = mpi_trailing_zeros ( q );
+ mpi_tdiv_q_2exp (q, q, k);
+
+ for (i=0 ; i < steps; i++ )
+ {
+ ++*count;
+ if( !i )
+ {
+ mpi_set_ui( x, 2 );
+ }
+ else
+ {
+ gcry_mpi_randomize( x, nbits, GCRY_WEAK_RANDOM );
+
+ /* Make sure that the number is smaller than the prime and
+ keep the randomness of the high bit. */
+ if ( mpi_test_bit ( x, nbits-2) )
+ {
+ mpi_set_highbit ( x, nbits-2); /* Clear all higher bits. */
+ }
+ else
+ {
+ mpi_set_highbit( x, nbits-2 );
+ mpi_clear_bit( x, nbits-2 );
+ }
+ gcry_assert (mpi_cmp (x, nminus1) < 0 && mpi_cmp_ui (x, 1) > 0);
+ }
+ gcry_mpi_powm ( y, x, q, n);
+ if ( mpi_cmp_ui(y, 1) && mpi_cmp( y, nminus1 ) )
+ {
+ for ( j=1; j < k && mpi_cmp( y, nminus1 ); j++ )
+ {
+ gcry_mpi_powm(y, y, a2, n);
+ if( !mpi_cmp_ui( y, 1 ) )
+ goto leave; /* Not a prime. */
+ }
+ if (mpi_cmp( y, nminus1 ) )
+ goto leave; /* Not a prime. */
+ }
+ progress('+');
+ }
+ rc = 1; /* May be a prime. */
+
+ leave:
+ mpi_free( x );
+ mpi_free( y );
+ mpi_free( z );
+ mpi_free( nminus1 );
+ mpi_free( q );
+ mpi_free( a2 );
+
+ return rc;
+}
+
+
+/* Given ARRAY of size N with M elements set to true produce a
+ modified array with the next permutation of M elements. Note, that
+ ARRAY is used in a one-bit-per-byte approach. To detected the last
+ permutation it is useful to intialize the array with the first M
+ element set to true and use this test:
+ m_out_of_n (array, m, n);
+ for (i = j = 0; i < n && j < m; i++)
+ if (array[i])
+ j++;
+ if (j == m)
+ goto ready;
+
+ This code is based on the algorithm 452 from the "Collected
+ Algorithms From ACM, Volume II" by C. N. Liu and D. T. Tang.
+*/
+static void
+m_out_of_n ( char *array, int m, int n )
+{
+ int i=0, i1=0, j=0, jp=0, j1=0, k1=0, k2=0;
+
+ if( !m || m >= n )
+ return;
+
+ /* Need to handle this simple case separately. */
+ if( m == 1 )
+ {
+ for (i=0; i < n; i++ )
+ {
+ if ( array[i] )
+ {
+ array[i++] = 0;
+ if( i >= n )
+ i = 0;
+ array[i] = 1;
+ return;
+ }
+ }
+ BUG();
+ }
+
+
+ for (j=1; j < n; j++ )
+ {
+ if ( array[n-1] == array[n-j-1])
+ continue;
+ j1 = j;
+ break;
+ }
+
+ if ( (m & 1) )
+ {
+ /* M is odd. */
+ if( array[n-1] )
+ {
+ if( j1 & 1 )
+ {
+ k1 = n - j1;
+ k2 = k1+2;
+ if( k2 > n )
+ k2 = n;
+ goto leave;
+ }
+ goto scan;
+ }
+ k2 = n - j1 - 1;
+ if( k2 == 0 )
+ {
+ k1 = i;
+ k2 = n - j1;
+ }
+ else if( array[k2] && array[k2-1] )
+ k1 = n;
+ else
+ k1 = k2 + 1;
+ }
+ else
+ {
+ /* M is even. */
+ if( !array[n-1] )
+ {
+ k1 = n - j1;
+ k2 = k1 + 1;
+ goto leave;
+ }
+
+ if( !(j1 & 1) )
+ {
+ k1 = n - j1;
+ k2 = k1+2;
+ if( k2 > n )
+ k2 = n;
+ goto leave;
+ }
+ scan:
+ jp = n - j1 - 1;
+ for (i=1; i <= jp; i++ )
+ {
+ i1 = jp + 2 - i;
+ if( array[i1-1] )
+ {
+ if( array[i1-2] )
+ {
+ k1 = i1 - 1;
+ k2 = n - j1;
+ }
+ else
+ {
+ k1 = i1 - 1;
+ k2 = n + 1 - j1;
+ }
+ goto leave;
+ }
+ }
+ k1 = 1;
+ k2 = n + 1 - m;
+ }
+ leave:
+ /* Now complement the two selected bits. */
+ array[k1-1] = !array[k1-1];
+ array[k2-1] = !array[k2-1];
+}
+
+
+/* Generate a new prime number of PRIME_BITS bits and store it in
+ PRIME. If FACTOR_BITS is non-zero, one of the prime factors of
+ (prime - 1) / 2 must be FACTOR_BITS bits long. If FACTORS is
+ non-zero, allocate a new, NULL-terminated array holding the prime
+ factors and store it in FACTORS. FLAGS might be used to influence
+ the prime number generation process. */
+gcry_error_t
+gcry_prime_generate (gcry_mpi_t *prime, unsigned int prime_bits,
+ unsigned int factor_bits, gcry_mpi_t **factors,
+ gcry_prime_check_func_t cb_func, void *cb_arg,
+ gcry_random_level_t random_level,
+ unsigned int flags)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+ gcry_mpi_t *factors_generated = NULL;
+ gcry_mpi_t prime_generated = NULL;
+ unsigned int mode = 0;
+
+ if (!prime)
+ return gpg_error (GPG_ERR_INV_ARG);
+ *prime = NULL;
+
+ if (flags & GCRY_PRIME_FLAG_SPECIAL_FACTOR)
+ mode = 1;
+
+ /* Generate. */
+ err = prime_generate_internal ((mode==1), &prime_generated, prime_bits,
+ factor_bits, NULL,
+ factors? &factors_generated : NULL,
+ random_level, flags, 1,
+ cb_func, cb_arg);
+
+ if (! err)
+ if (cb_func)
+ {
+ /* Additional check. */
+ if ( !cb_func (cb_arg, GCRY_PRIME_CHECK_AT_FINISH, prime_generated))
+ {
+ /* Failed, deallocate resources. */
+ unsigned int i;
+
+ mpi_free (prime_generated);
+ if (factors)
+ {
+ for (i = 0; factors_generated[i]; i++)
+ mpi_free (factors_generated[i]);
+ gcry_free (factors_generated);
+ }
+ err = GPG_ERR_GENERAL;
+ }
+ }
+
+ if (! err)
+ {
+ if (factors)
+ *factors = factors_generated;
+ *prime = prime_generated;
+ }
+
+ return gcry_error (err);
+}
+
+/* Check wether the number X is prime. */
+gcry_error_t
+gcry_prime_check (gcry_mpi_t x, unsigned int flags)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+ gcry_mpi_t val_2 = mpi_alloc_set_ui (2); /* Used by the Fermat test. */
+
+ (void)flags;
+
+ /* We use 64 rounds because the prime we are going to test is not
+ guaranteed to be a random one. */
+ if (! check_prime (x, val_2, 64, NULL, NULL))
+ err = GPG_ERR_NO_PRIME;
+
+ mpi_free (val_2);
+
+ return gcry_error (err);
+}
+
+/* Find a generator for PRIME where the factorization of (prime-1) is
+ in the NULL terminated array FACTORS. Return the generator as a
+ newly allocated MPI in R_G. If START_G is not NULL, use this as s
+ atart for the search. Returns 0 on success.*/
+gcry_error_t
+gcry_prime_group_generator (gcry_mpi_t *r_g,
+ gcry_mpi_t prime, gcry_mpi_t *factors,
+ gcry_mpi_t start_g)
+{
+ gcry_mpi_t tmp = gcry_mpi_new (0);
+ gcry_mpi_t b = gcry_mpi_new (0);
+ gcry_mpi_t pmin1 = gcry_mpi_new (0);
+ gcry_mpi_t g = start_g? gcry_mpi_copy (start_g) : gcry_mpi_set_ui (NULL, 3);
+ int first = 1;
+ int i, n;
+
+ if (!factors || !r_g || !prime)
+ return gpg_error (GPG_ERR_INV_ARG);
+ *r_g = NULL;
+
+ for (n=0; factors[n]; n++)
+ ;
+ if (n < 2)
+ return gpg_error (GPG_ERR_INV_ARG);
+
+ /* Extra sanity check - usually disabled. */
+/* mpi_set (tmp, factors[0]); */
+/* for(i = 1; i < n; i++) */
+/* mpi_mul (tmp, tmp, factors[i]); */
+/* mpi_add_ui (tmp, tmp, 1); */
+/* if (mpi_cmp (prime, tmp)) */
+/* return gpg_error (GPG_ERR_INV_ARG); */
+
+ gcry_mpi_sub_ui (pmin1, prime, 1);
+ do
+ {
+ if (first)
+ first = 0;
+ else
+ gcry_mpi_add_ui (g, g, 1);
+
+ if (DBG_CIPHER)
+ {
+ log_debug ("checking g:");
+ gcry_mpi_dump (g);
+ log_debug ("\n");
+ }
+ else
+ progress('^');
+
+ for (i = 0; i < n; i++)
+ {
+ mpi_fdiv_q (tmp, pmin1, factors[i]);
+ gcry_mpi_powm (b, g, tmp, prime);
+ if (! mpi_cmp_ui (b, 1))
+ break;
+ }
+ if (DBG_CIPHER)
+ progress('\n');
+ }
+ while (i < n);
+
+ gcry_mpi_release (tmp);
+ gcry_mpi_release (b);
+ gcry_mpi_release (pmin1);
+ *r_g = g;
+
+ return 0;
+}
+
+/* Convenience function to release the factors array. */
+void
+gcry_prime_release_factors (gcry_mpi_t *factors)
+{
+ if (factors)
+ {
+ int i;
+
+ for (i=0; factors[i]; i++)
+ mpi_free (factors[i]);
+ gcry_free (factors);
+ }
+}
+
+
+
+/* Helper for _gcry_derive_x931_prime. */
+static gcry_mpi_t
+find_x931_prime (const gcry_mpi_t pfirst)
+{
+ gcry_mpi_t val_2 = mpi_alloc_set_ui (2);
+ gcry_mpi_t prime;
+
+ prime = gcry_mpi_copy (pfirst);
+ /* If P is even add 1. */
+ mpi_set_bit (prime, 0);
+
+ /* We use 64 Rabin-Miller rounds which is better and thus
+ sufficient. We do not have a Lucas test implementaion thus we
+ can't do it in the X9.31 preferred way of running a few
+ Rabin-Miller followed by one Lucas test. */
+ while ( !check_prime (prime, val_2, 64, NULL, NULL) )
+ mpi_add_ui (prime, prime, 2);
+
+ mpi_free (val_2);
+
+ return prime;
+}
+
+
+/* Generate a prime using the algorithm from X9.31 appendix B.4.
+
+ This function requires that the provided public exponent E is odd.
+ XP, XP1 and XP2 are the seed values. All values are mandatory.
+
+ On success the prime is returned. If R_P1 or R_P2 are given the
+ internal values P1 and P2 are saved at these addresses. On error
+ NULL is returned. */
+gcry_mpi_t
+_gcry_derive_x931_prime (const gcry_mpi_t xp,
+ const gcry_mpi_t xp1, const gcry_mpi_t xp2,
+ const gcry_mpi_t e,
+ gcry_mpi_t *r_p1, gcry_mpi_t *r_p2)
+{
+ gcry_mpi_t p1, p2, p1p2, yp0;
+
+ if (!xp || !xp1 || !xp2)
+ return NULL;
+ if (!e || !mpi_test_bit (e, 0))
+ return NULL; /* We support only odd values for E. */
+
+ p1 = find_x931_prime (xp1);
+ p2 = find_x931_prime (xp2);
+ p1p2 = mpi_alloc_like (xp);
+ mpi_mul (p1p2, p1, p2);
+
+ {
+ gcry_mpi_t r1, tmp;
+
+ /* r1 = (p2^{-1} mod p1)p2 - (p1^{-1} mod p2) */
+ tmp = mpi_alloc_like (p1);
+ mpi_invm (tmp, p2, p1);
+ mpi_mul (tmp, tmp, p2);
+ r1 = tmp;
+
+ tmp = mpi_alloc_like (p2);
+ mpi_invm (tmp, p1, p2);
+ mpi_mul (tmp, tmp, p1);
+ mpi_sub (r1, r1, tmp);
+
+ /* Fixup a negative value. */
+ if (mpi_is_neg (r1))
+ mpi_add (r1, r1, p1p2);
+
+ /* yp0 = xp + (r1 - xp mod p1*p2) */
+ yp0 = tmp; tmp = NULL;
+ mpi_subm (yp0, r1, xp, p1p2);
+ mpi_add (yp0, yp0, xp);
+ mpi_free (r1);
+
+ /* Fixup a negative value. */
+ if (mpi_cmp (yp0, xp) < 0 )
+ mpi_add (yp0, yp0, p1p2);
+ }
+
+ /* yp0 is now the first integer greater than xp with p1 being a
+ large prime factor of yp0-1 and p2 a large prime factor of yp0+1. */
+
+ /* Note that the first example from X9.31 (D.1.1) which uses
+ (Xq1 #1A5CF72EE770DE50CB09ACCEA9#)
+ (Xq2 #134E4CAA16D2350A21D775C404#)
+ (Xq #CC1092495D867E64065DEE3E7955F2EBC7D47A2D
+ 7C9953388F97DDDC3E1CA19C35CA659EDC2FC325
+ 6D29C2627479C086A699A49C4C9CEE7EF7BD1B34
+ 321DE34A#))))
+ returns an yp0 of
+ #CC1092495D867E64065DEE3E7955F2EBC7D47A2D
+ 7C9953388F97DDDC3E1CA19C35CA659EDC2FC4E3
+ BF20CB896EE37E098A906313271422162CB6C642
+ 75C1201F#
+ and not
+ #CC1092495D867E64065DEE3E7955F2EBC7D47A2D
+ 7C9953388F97DDDC3E1CA19C35CA659EDC2FC2E6
+ C88FE299D52D78BE405A97E01FD71DD7819ECB91
+ FA85A076#
+ as stated in the standard. This seems to be a bug in X9.31.
+ */
+
+ {
+ gcry_mpi_t val_2 = mpi_alloc_set_ui (2);
+ gcry_mpi_t gcdtmp = mpi_alloc_like (yp0);
+ int gcdres;
+
+ mpi_sub_ui (p1p2, p1p2, 1); /* Adjust for loop body. */
+ mpi_sub_ui (yp0, yp0, 1); /* Ditto. */
+ for (;;)
+ {
+ gcdres = gcry_mpi_gcd (gcdtmp, e, yp0);
+ mpi_add_ui (yp0, yp0, 1);
+ if (!gcdres)
+ progress ('/'); /* gcd (e, yp0-1) != 1 */
+ else if (check_prime (yp0, val_2, 64, NULL, NULL))
+ break; /* Found. */
+ /* We add p1p2-1 because yp0 is incremented after the gcd test. */
+ mpi_add (yp0, yp0, p1p2);
+ }
+ mpi_free (gcdtmp);
+ mpi_free (val_2);
+ }
+
+ mpi_free (p1p2);
+
+ progress('\n');
+ if (r_p1)
+ *r_p1 = p1;
+ else
+ mpi_free (p1);
+ if (r_p2)
+ *r_p2 = p2;
+ else
+ mpi_free (p2);
+ return yp0;
+}
+
+
+
+/* Generate the two prime used for DSA using the algorithm specified
+ in FIPS 186-2. PBITS is the desired length of the prime P and a
+ QBITS the length of the prime Q. If SEED is not supplied and
+ SEEDLEN is 0 the function generates an appropriate SEED. On
+ success the generated primes are stored at R_Q and R_P, the counter
+ value is stored at R_COUNTER and the seed actually used for
+ generation is stored at R_SEED and R_SEEDVALUE. */
+gpg_err_code_t
+_gcry_generate_fips186_2_prime (unsigned int pbits, unsigned int qbits,
+ const void *seed, size_t seedlen,
+ gcry_mpi_t *r_q, gcry_mpi_t *r_p,
+ int *r_counter,
+ void **r_seed, size_t *r_seedlen)
+{
+ gpg_err_code_t ec;
+ unsigned char seed_help_buffer[160/8]; /* Used to hold a generated SEED. */
+ unsigned char *seed_plus; /* Malloced buffer to hold SEED+x. */
+ unsigned char digest[160/8]; /* Helper buffer for SHA-1 digest. */
+ gcry_mpi_t val_2 = NULL; /* Helper for the prime test. */
+ gcry_mpi_t tmpval = NULL; /* Helper variable. */
+ int i;
+
+ unsigned char value_u[160/8];
+ int value_n, value_b, value_k;
+ int counter;
+ gcry_mpi_t value_w = NULL;
+ gcry_mpi_t value_x = NULL;
+ gcry_mpi_t prime_q = NULL;
+ gcry_mpi_t prime_p = NULL;
+
+ /* FIPS 186-2 allows only for 1024/160 bit. */
+ if (pbits != 1024 || qbits != 160)
+ return GPG_ERR_INV_KEYLEN;
+
+ if (!seed && !seedlen)
+ ; /* No seed value given: We are asked to generate it. */
+ else if (!seed || seedlen < qbits/8)
+ return GPG_ERR_INV_ARG;
+
+ /* Allocate a buffer to later compute SEED+some_increment. */
+ seed_plus = gcry_malloc (seedlen < 20? 20:seedlen);
+ if (!seed_plus)
+ {
+ ec = gpg_err_code_from_syserror ();
+ goto leave;
+ }
+
+ val_2 = mpi_alloc_set_ui (2);
+ value_n = (pbits - 1) / qbits;
+ value_b = (pbits - 1) - value_n * qbits;
+ value_w = gcry_mpi_new (pbits);
+ value_x = gcry_mpi_new (pbits);
+
+ restart:
+ /* Generate Q. */
+ for (;;)
+ {
+ /* Step 1: Generate a (new) seed unless one has been supplied. */
+ if (!seed)
+ {
+ seedlen = sizeof seed_help_buffer;
+ gcry_create_nonce (seed_help_buffer, seedlen);
+ seed = seed_help_buffer;
+ }
+
+ /* Step 2: U = sha1(seed) ^ sha1((seed+1) mod 2^{qbits}) */
+ memcpy (seed_plus, seed, seedlen);
+ for (i=seedlen-1; i >= 0; i--)
+ {
+ seed_plus[i]++;
+ if (seed_plus[i])
+ break;
+ }
+ gcry_md_hash_buffer (GCRY_MD_SHA1, value_u, seed, seedlen);
+ gcry_md_hash_buffer (GCRY_MD_SHA1, digest, seed_plus, seedlen);
+ for (i=0; i < sizeof value_u; i++)
+ value_u[i] ^= digest[i];
+
+ /* Step 3: Form q from U */
+ gcry_mpi_release (prime_q); prime_q = NULL;
+ ec = gpg_err_code (gcry_mpi_scan (&prime_q, GCRYMPI_FMT_USG,
+ value_u, sizeof value_u, NULL));
+ if (ec)
+ goto leave;
+ mpi_set_highbit (prime_q, qbits-1 );
+ mpi_set_bit (prime_q, 0);
+
+ /* Step 4: Test whether Q is prime using 64 round of Rabin-Miller. */
+ if (check_prime (prime_q, val_2, 64, NULL, NULL))
+ break; /* Yes, Q is prime. */
+
+ /* Step 5. */
+ seed = NULL; /* Force a new seed at Step 1. */
+ }
+
+ /* Step 6. Note that we do no use an explicit offset but increment
+ SEED_PLUS accordingly. SEED_PLUS is currently SEED+1. */
+ counter = 0;
+
+ /* Generate P. */
+ prime_p = gcry_mpi_new (pbits);
+ for (;;)
+ {
+ /* Step 7: For k = 0,...n let
+ V_k = sha1(seed+offset+k) mod 2^{qbits}
+ Step 8: W = V_0 + V_1*2^160 +
+ ...
+ + V_{n-1}*2^{(n-1)*160}
+ + (V_{n} mod 2^b)*2^{n*160}
+ */
+ mpi_set_ui (value_w, 0);
+ for (value_k=0; value_k <= value_n; value_k++)
+ {
+ /* There is no need to have an explicit offset variable: In
+ the first round we shall have an offset of 2, this is
+ achieved by using SEED_PLUS which is already at SEED+1,
+ thus we just need to increment it once again. The
+ requirement for the next round is to update offset by N,
+ which we implictly did at the end of this loop, and then
+ to add one; this one is the same as in the first round. */
+ for (i=seedlen-1; i >= 0; i--)
+ {
+ seed_plus[i]++;
+ if (seed_plus[i])
+ break;
+ }
+ gcry_md_hash_buffer (GCRY_MD_SHA1, digest, seed_plus, seedlen);
+
+ gcry_mpi_release (tmpval); tmpval = NULL;
+ ec = gpg_err_code (gcry_mpi_scan (&tmpval, GCRYMPI_FMT_USG,
+ digest, sizeof digest, NULL));
+ if (ec)
+ goto leave;
+ if (value_k == value_n)
+ mpi_clear_highbit (tmpval, value_b); /* (V_n mod 2^b) */
+ mpi_lshift (tmpval, tmpval, value_k*qbits);
+ mpi_add (value_w, value_w, tmpval);
+ }
+
+ /* Step 8 continued: X = W + 2^{L-1} */
+ mpi_set_ui (value_x, 0);
+ mpi_set_highbit (value_x, pbits-1);
+ mpi_add (value_x, value_x, value_w);
+
+ /* Step 9: c = X mod 2q, p = X - (c - 1) */
+ mpi_mul_2exp (tmpval, prime_q, 1);
+ mpi_mod (tmpval, value_x, tmpval);
+ mpi_sub_ui (tmpval, tmpval, 1);
+ mpi_sub (prime_p, value_x, tmpval);
+
+ /* Step 10: If p < 2^{L-1} skip the primality test. */
+ /* Step 11 and 12: Primality test. */
+ if (mpi_get_nbits (prime_p) >= pbits-1
+ && check_prime (prime_p, val_2, 64, NULL, NULL) )
+ break; /* Yes, P is prime, continue with Step 15. */
+
+ /* Step 13: counter = counter + 1, offset = offset + n + 1. */
+ counter++;
+
+ /* Step 14: If counter >= 2^12 goto Step 1. */
+ if (counter >= 4096)
+ goto restart;
+ }
+
+ /* Step 15: Save p, q, counter and seed. */
+/* log_debug ("fips186-2 pbits p=%u q=%u counter=%d\n", */
+/* mpi_get_nbits (prime_p), mpi_get_nbits (prime_q), counter); */
+/* log_printhex("fips186-2 seed:", seed, seedlen); */
+/* log_mpidump ("fips186-2 prime p", prime_p); */
+/* log_mpidump ("fips186-2 prime q", prime_q); */
+ if (r_q)
+ {
+ *r_q = prime_q;
+ prime_q = NULL;
+ }
+ if (r_p)
+ {
+ *r_p = prime_p;
+ prime_p = NULL;
+ }
+ if (r_counter)
+ *r_counter = counter;
+ if (r_seed && r_seedlen)
+ {
+ memcpy (seed_plus, seed, seedlen);
+ *r_seed = seed_plus;
+ seed_plus = NULL;
+ *r_seedlen = seedlen;
+ }
+
+
+ leave:
+ gcry_mpi_release (tmpval);
+ gcry_mpi_release (value_x);
+ gcry_mpi_release (value_w);
+ gcry_mpi_release (prime_p);
+ gcry_mpi_release (prime_q);
+ gcry_free (seed_plus);
+ gcry_mpi_release (val_2);
+ return ec;
+}
+
+
+
+/* WARNING: The code below has not yet been tested! However, it is
+ not yet used. We need to wait for FIPS 186-3 final and for test
+ vectors.
+
+ Generate the two prime used for DSA using the algorithm specified
+ in FIPS 186-3, A.1.1.2. PBITS is the desired length of the prime P
+ and a QBITS the length of the prime Q. If SEED is not supplied and
+ SEEDLEN is 0 the function generates an appropriate SEED. On
+ success the generated primes are stored at R_Q and R_P, the counter
+ value is stored at R_COUNTER and the seed actually used for
+ generation is stored at R_SEED and R_SEEDVALUE. The hash algorithm
+ used is stored at R_HASHALGO.
+
+ Note that this function is very similar to the fips186_2 code. Due
+ to the minor differences, other buffer sizes and for documentarion,
+ we use a separate function.
+*/
+gpg_err_code_t
+_gcry_generate_fips186_3_prime (unsigned int pbits, unsigned int qbits,
+ const void *seed, size_t seedlen,
+ gcry_mpi_t *r_q, gcry_mpi_t *r_p,
+ int *r_counter,
+ void **r_seed, size_t *r_seedlen,
+ int *r_hashalgo)
+{
+ gpg_err_code_t ec;
+ unsigned char seed_help_buffer[256/8]; /* Used to hold a generated SEED. */
+ unsigned char *seed_plus; /* Malloced buffer to hold SEED+x. */
+ unsigned char digest[256/8]; /* Helper buffer for SHA-1 digest. */
+ gcry_mpi_t val_2 = NULL; /* Helper for the prime test. */
+ gcry_mpi_t tmpval = NULL; /* Helper variable. */
+ int hashalgo; /* The id of the Approved Hash Function. */
+ int i;
+
+ unsigned char value_u[256/8];
+ int value_n, value_b, value_j;
+ int counter;
+ gcry_mpi_t value_w = NULL;
+ gcry_mpi_t value_x = NULL;
+ gcry_mpi_t prime_q = NULL;
+ gcry_mpi_t prime_p = NULL;
+
+ gcry_assert (sizeof seed_help_buffer == sizeof digest
+ && sizeof seed_help_buffer == sizeof value_u);
+
+ /* Step 1: Check the requested prime lengths. */
+ /* Note that due to the size of our buffers QBITS is limited to 256. */
+ if (pbits == 1024 && qbits == 160)
+ hashalgo = GCRY_MD_SHA1;
+ else if (pbits == 2048 && qbits == 224)
+ hashalgo = GCRY_MD_SHA224;
+ else if (pbits == 2048 && qbits == 256)
+ hashalgo = GCRY_MD_SHA256;
+ else if (pbits == 3072 && qbits == 256)
+ hashalgo = GCRY_MD_SHA256;
+ else
+ return GPG_ERR_INV_KEYLEN;
+
+ /* Also check that the hash algorithm is available. */
+ ec = gpg_err_code (gcry_md_test_algo (hashalgo));
+ if (ec)
+ return ec;
+ gcry_assert (qbits/8 <= sizeof digest);
+ gcry_assert (gcry_md_get_algo_dlen (hashalgo) == qbits/8);
+
+
+ /* Step 2: Check seedlen. */
+ if (!seed && !seedlen)
+ ; /* No seed value given: We are asked to generate it. */
+ else if (!seed || seedlen < qbits/8)
+ return GPG_ERR_INV_ARG;
+
+ /* Allocate a buffer to later compute SEED+some_increment and a few
+ helper variables. */
+ seed_plus = gcry_malloc (seedlen < sizeof seed_help_buffer?
+ sizeof seed_help_buffer : seedlen);
+ if (!seed_plus)
+ {
+ ec = gpg_err_code_from_syserror ();
+ goto leave;
+ }
+ val_2 = mpi_alloc_set_ui (2);
+ value_w = gcry_mpi_new (pbits);
+ value_x = gcry_mpi_new (pbits);
+
+ /* Step 3: n = \lceil L / outlen \rceil - 1 */
+ value_n = (pbits + qbits - 1) / qbits - 1;
+ /* Step 4: b = L - 1 - (n * outlen) */
+ value_b = pbits - 1 - (value_n * qbits);
+
+ restart:
+ /* Generate Q. */
+ for (;;)
+ {
+ /* Step 5: Generate a (new) seed unless one has been supplied. */
+ if (!seed)
+ {
+ seedlen = qbits/8;
+ gcry_assert (seedlen <= sizeof seed_help_buffer);
+ gcry_create_nonce (seed_help_buffer, seedlen);
+ seed = seed_help_buffer;
+ }
+
+ /* Step 6: U = hash(seed) */
+ gcry_md_hash_buffer (hashalgo, value_u, seed, seedlen);
+
+ /* Step 7: q = 2^{N-1} + U + 1 - (U mod 2) */
+ if ( !(value_u[qbits/8-1] & 0x01) )
+ {
+ for (i=qbits/8-1; i >= 0; i--)
+ {
+ value_u[i]++;
+ if (value_u[i])
+ break;
+ }
+ }
+ gcry_mpi_release (prime_q); prime_q = NULL;
+ ec = gpg_err_code (gcry_mpi_scan (&prime_q, GCRYMPI_FMT_USG,
+ value_u, sizeof value_u, NULL));
+ if (ec)
+ goto leave;
+ mpi_set_highbit (prime_q, qbits-1 );
+
+ /* Step 8: Test whether Q is prime using 64 round of Rabin-Miller.
+ According to table C.1 this is sufficient for all
+ supported prime sizes (i.e. up 3072/256). */
+ if (check_prime (prime_q, val_2, 64, NULL, NULL))
+ break; /* Yes, Q is prime. */
+
+ /* Step 8. */
+ seed = NULL; /* Force a new seed at Step 5. */
+ }
+
+ /* Step 11. Note that we do no use an explicit offset but increment
+ SEED_PLUS accordingly. */
+ memcpy (seed_plus, seed, seedlen);
+ counter = 0;
+
+ /* Generate P. */
+ prime_p = gcry_mpi_new (pbits);
+ for (;;)
+ {
+ /* Step 11.1: For j = 0,...n let
+ V_j = hash(seed+offset+j)
+ Step 11.2: W = V_0 + V_1*2^outlen +
+ ...
+ + V_{n-1}*2^{(n-1)*outlen}
+ + (V_{n} mod 2^b)*2^{n*outlen}
+ */
+ mpi_set_ui (value_w, 0);
+ for (value_j=0; value_j <= value_n; value_j++)
+ {
+ /* There is no need to have an explicit offset variable: In
+ the first round we shall have an offset of 1 and a j of
+ 0. This is achieved by incrementing SEED_PLUS here. For
+ the next round offset is implicitly updated by using
+ SEED_PLUS again. */
+ for (i=seedlen-1; i >= 0; i--)
+ {
+ seed_plus[i]++;
+ if (seed_plus[i])
+ break;
+ }
+ gcry_md_hash_buffer (GCRY_MD_SHA1, digest, seed_plus, seedlen);
+
+ gcry_mpi_release (tmpval); tmpval = NULL;
+ ec = gpg_err_code (gcry_mpi_scan (&tmpval, GCRYMPI_FMT_USG,
+ digest, sizeof digest, NULL));
+ if (ec)
+ goto leave;
+ if (value_j == value_n)
+ mpi_clear_highbit (tmpval, value_b); /* (V_n mod 2^b) */
+ mpi_lshift (tmpval, tmpval, value_j*qbits);
+ mpi_add (value_w, value_w, tmpval);
+ }
+
+ /* Step 11.3: X = W + 2^{L-1} */
+ mpi_set_ui (value_x, 0);
+ mpi_set_highbit (value_x, pbits-1);
+ mpi_add (value_x, value_x, value_w);
+
+ /* Step 11.4: c = X mod 2q */
+ mpi_mul_2exp (tmpval, prime_q, 1);
+ mpi_mod (tmpval, value_x, tmpval);
+
+ /* Step 11.5: p = X - (c - 1) */
+ mpi_sub_ui (tmpval, tmpval, 1);
+ mpi_sub (prime_p, value_x, tmpval);
+
+ /* Step 11.6: If p < 2^{L-1} skip the primality test. */
+ /* Step 11.7 and 11.8: Primality test. */
+ if (mpi_get_nbits (prime_p) >= pbits-1
+ && check_prime (prime_p, val_2, 64, NULL, NULL) )
+ break; /* Yes, P is prime, continue with Step 15. */
+
+ /* Step 11.9: counter = counter + 1, offset = offset + n + 1.
+ If counter >= 4L goto Step 5. */
+ counter++;
+ if (counter >= 4*pbits)
+ goto restart;
+ }
+
+ /* Step 12: Save p, q, counter and seed. */
+ log_debug ("fips186-3 pbits p=%u q=%u counter=%d\n",
+ mpi_get_nbits (prime_p), mpi_get_nbits (prime_q), counter);
+ log_printhex("fips186-3 seed:", seed, seedlen);
+ log_mpidump ("fips186-3 prime p", prime_p);
+ log_mpidump ("fips186-3 prime q", prime_q);
+ if (r_q)
+ {
+ *r_q = prime_q;
+ prime_q = NULL;
+ }
+ if (r_p)
+ {
+ *r_p = prime_p;
+ prime_p = NULL;
+ }
+ if (r_counter)
+ *r_counter = counter;
+ if (r_seed && r_seedlen)
+ {
+ memcpy (seed_plus, seed, seedlen);
+ *r_seed = seed_plus;
+ seed_plus = NULL;
+ *r_seedlen = seedlen;
+ }
+ if (r_hashalgo)
+ *r_hashalgo = hashalgo;
+
+ leave:
+ gcry_mpi_release (tmpval);
+ gcry_mpi_release (value_x);
+ gcry_mpi_release (value_w);
+ gcry_mpi_release (prime_p);
+ gcry_mpi_release (prime_q);
+ gcry_free (seed_plus);
+ gcry_mpi_release (val_2);
+ return ec;
+}
+
diff --git a/grub-core/lib/libgcrypt/cipher/pubkey.c b/grub-core/lib/libgcrypt/cipher/pubkey.c
new file mode 100644
index 0000000..08abcbf
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/pubkey.c
@@ -0,0 +1,2749 @@
+/* pubkey.c - pubkey dispatcher
+ * Copyright (C) 1998, 1999, 2000, 2002, 2003, 2005,
+ * 2007, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+
+#include "g10lib.h"
+#include "mpi.h"
+#include "cipher.h"
+#include "ath.h"
+
+
+static gcry_err_code_t pubkey_decrypt (int algo, gcry_mpi_t *result,
+ gcry_mpi_t *data, gcry_mpi_t *skey,
+ int flags);
+static gcry_err_code_t pubkey_sign (int algo, gcry_mpi_t *resarr,
+ gcry_mpi_t hash, gcry_mpi_t *skey);
+static gcry_err_code_t pubkey_verify (int algo, gcry_mpi_t hash,
+ gcry_mpi_t *data, gcry_mpi_t *pkey,
+ int (*cmp) (void *, gcry_mpi_t),
+ void *opaque);
+
+
+/* A dummy extraspec so that we do not need to tests the extraspec
+ field from the module specification against NULL and instead
+ directly test the respective fields of extraspecs. */
+static pk_extra_spec_t dummy_extra_spec;
+
+
+/* This is the list of the default public-key ciphers included in
+ libgcrypt. FIPS_ALLOWED indicated whether the algorithm is used in
+ FIPS mode. */
+static struct pubkey_table_entry
+{
+ gcry_pk_spec_t *pubkey;
+ pk_extra_spec_t *extraspec;
+ unsigned int algorithm;
+ int fips_allowed;
+} pubkey_table[] =
+ {
+#if USE_RSA
+ { &_gcry_pubkey_spec_rsa,
+ &_gcry_pubkey_extraspec_rsa, GCRY_PK_RSA, 1},
+#endif
+#if USE_ELGAMAL
+ { &_gcry_pubkey_spec_elg,
+ &_gcry_pubkey_extraspec_elg, GCRY_PK_ELG },
+ { &_gcry_pubkey_spec_elg,
+ &_gcry_pubkey_extraspec_elg, GCRY_PK_ELG_E },
+#endif
+#if USE_DSA
+ { &_gcry_pubkey_spec_dsa,
+ &_gcry_pubkey_extraspec_dsa, GCRY_PK_DSA, 1 },
+#endif
+#if USE_ECC
+ { &_gcry_pubkey_spec_ecdsa,
+ &_gcry_pubkey_extraspec_ecdsa, GCRY_PK_ECDSA, 0 },
+#endif
+ { NULL, 0 },
+ };
+
+/* List of registered ciphers. */
+static gcry_module_t pubkeys_registered;
+
+/* This is the lock protecting PUBKEYS_REGISTERED. */
+static ath_mutex_t pubkeys_registered_lock = ATH_MUTEX_INITIALIZER;;
+
+/* Flag to check wether the default pubkeys have already been
+ registered. */
+static int default_pubkeys_registered;
+
+/* Convenient macro for registering the default digests. */
+#define REGISTER_DEFAULT_PUBKEYS \
+ do \
+ { \
+ ath_mutex_lock (&pubkeys_registered_lock); \
+ if (! default_pubkeys_registered) \
+ { \
+ pk_register_default (); \
+ default_pubkeys_registered = 1; \
+ } \
+ ath_mutex_unlock (&pubkeys_registered_lock); \
+ } \
+ while (0)
+
+/* These dummy functions are used in case a cipher implementation
+ refuses to provide it's own functions. */
+
+static gcry_err_code_t
+dummy_generate (int algorithm, unsigned int nbits, unsigned long dummy,
+ gcry_mpi_t *skey, gcry_mpi_t **retfactors)
+{
+ (void)algorithm;
+ (void)nbits;
+ (void)dummy;
+ (void)skey;
+ (void)retfactors;
+ fips_signal_error ("using dummy public key function");
+ return GPG_ERR_NOT_IMPLEMENTED;
+}
+
+static gcry_err_code_t
+dummy_check_secret_key (int algorithm, gcry_mpi_t *skey)
+{
+ (void)algorithm;
+ (void)skey;
+ fips_signal_error ("using dummy public key function");
+ return GPG_ERR_NOT_IMPLEMENTED;
+}
+
+static gcry_err_code_t
+dummy_encrypt (int algorithm, gcry_mpi_t *resarr, gcry_mpi_t data,
+ gcry_mpi_t *pkey, int flags)
+{
+ (void)algorithm;
+ (void)resarr;
+ (void)data;
+ (void)pkey;
+ (void)flags;
+ fips_signal_error ("using dummy public key function");
+ return GPG_ERR_NOT_IMPLEMENTED;
+}
+
+static gcry_err_code_t
+dummy_decrypt (int algorithm, gcry_mpi_t *result, gcry_mpi_t *data,
+ gcry_mpi_t *skey, int flags)
+{
+ (void)algorithm;
+ (void)result;
+ (void)data;
+ (void)skey;
+ (void)flags;
+ fips_signal_error ("using dummy public key function");
+ return GPG_ERR_NOT_IMPLEMENTED;
+}
+
+static gcry_err_code_t
+dummy_sign (int algorithm, gcry_mpi_t *resarr, gcry_mpi_t data,
+ gcry_mpi_t *skey)
+{
+ (void)algorithm;
+ (void)resarr;
+ (void)data;
+ (void)skey;
+ fips_signal_error ("using dummy public key function");
+ return GPG_ERR_NOT_IMPLEMENTED;
+}
+
+static gcry_err_code_t
+dummy_verify (int algorithm, gcry_mpi_t hash, gcry_mpi_t *data,
+ gcry_mpi_t *pkey,
+ int (*cmp) (void *, gcry_mpi_t), void *opaquev)
+{
+ (void)algorithm;
+ (void)hash;
+ (void)data;
+ (void)pkey;
+ (void)cmp;
+ (void)opaquev;
+ fips_signal_error ("using dummy public key function");
+ return GPG_ERR_NOT_IMPLEMENTED;
+}
+
+static unsigned
+dummy_get_nbits (int algorithm, gcry_mpi_t *pkey)
+{
+ (void)algorithm;
+ (void)pkey;
+ fips_signal_error ("using dummy public key function");
+ return 0;
+}
+
+/* Internal function. Register all the pubkeys included in
+ PUBKEY_TABLE. Returns zero on success or an error code. */
+static void
+pk_register_default (void)
+{
+ gcry_err_code_t err = 0;
+ int i;
+
+ for (i = 0; (! err) && pubkey_table[i].pubkey; i++)
+ {
+#define pubkey_use_dummy(func) \
+ if (! pubkey_table[i].pubkey->func) \
+ pubkey_table[i].pubkey->func = dummy_##func;
+
+ pubkey_use_dummy (generate);
+ pubkey_use_dummy (check_secret_key);
+ pubkey_use_dummy (encrypt);
+ pubkey_use_dummy (decrypt);
+ pubkey_use_dummy (sign);
+ pubkey_use_dummy (verify);
+ pubkey_use_dummy (get_nbits);
+#undef pubkey_use_dummy
+
+ err = _gcry_module_add (&pubkeys_registered,
+ pubkey_table[i].algorithm,
+ (void *) pubkey_table[i].pubkey,
+ (void *) pubkey_table[i].extraspec,
+ NULL);
+ }
+
+ if (err)
+ BUG ();
+}
+
+/* Internal callback function. Used via _gcry_module_lookup. */
+static int
+gcry_pk_lookup_func_name (void *spec, void *data)
+{
+ gcry_pk_spec_t *pubkey = (gcry_pk_spec_t *) spec;
+ char *name = (char *) data;
+ const char **aliases = pubkey->aliases;
+ int ret = stricmp (name, pubkey->name);
+
+ while (ret && *aliases)
+ ret = stricmp (name, *aliases++);
+
+ return ! ret;
+}
+
+/* Internal function. Lookup a pubkey entry by it's name. */
+static gcry_module_t
+gcry_pk_lookup_name (const char *name)
+{
+ gcry_module_t pubkey;
+
+ pubkey = _gcry_module_lookup (pubkeys_registered, (void *) name,
+ gcry_pk_lookup_func_name);
+
+ return pubkey;
+}
+
+/* Register a new pubkey module whose specification can be found in
+ PUBKEY. On success, a new algorithm ID is stored in ALGORITHM_ID
+ and a pointer representhing this module is stored in MODULE. */
+gcry_error_t
+_gcry_pk_register (gcry_pk_spec_t *pubkey,
+ pk_extra_spec_t *extraspec,
+ unsigned int *algorithm_id,
+ gcry_module_t *module)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+ gcry_module_t mod;
+
+ /* We do not support module loading in fips mode. */
+ if (fips_mode ())
+ return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+ ath_mutex_lock (&pubkeys_registered_lock);
+ err = _gcry_module_add (&pubkeys_registered, 0,
+ (void *) pubkey,
+ (void *)(extraspec? extraspec : &dummy_extra_spec),
+ &mod);
+ ath_mutex_unlock (&pubkeys_registered_lock);
+
+ if (! err)
+ {
+ *module = mod;
+ *algorithm_id = mod->mod_id;
+ }
+
+ return err;
+}
+
+/* Unregister the pubkey identified by ID, which must have been
+ registered with gcry_pk_register. */
+void
+gcry_pk_unregister (gcry_module_t module)
+{
+ ath_mutex_lock (&pubkeys_registered_lock);
+ _gcry_module_release (module);
+ ath_mutex_unlock (&pubkeys_registered_lock);
+}
+
+static void
+release_mpi_array (gcry_mpi_t *array)
+{
+ for (; *array; array++)
+ {
+ mpi_free(*array);
+ *array = NULL;
+ }
+}
+
+/****************
+ * Map a string to the pubkey algo
+ */
+int
+gcry_pk_map_name (const char *string)
+{
+ gcry_module_t pubkey;
+ int algorithm = 0;
+
+ if (!string)
+ return 0;
+
+ REGISTER_DEFAULT_PUBKEYS;
+
+ ath_mutex_lock (&pubkeys_registered_lock);
+ pubkey = gcry_pk_lookup_name (string);
+ if (pubkey)
+ {
+ algorithm = pubkey->mod_id;
+ _gcry_module_release (pubkey);
+ }
+ ath_mutex_unlock (&pubkeys_registered_lock);
+
+ return algorithm;
+}
+
+
+/* Map the public key algorithm whose ID is contained in ALGORITHM to
+ a string representation of the algorithm name. For unknown
+ algorithm IDs this functions returns "?". */
+const char *
+gcry_pk_algo_name (int algorithm)
+{
+ gcry_module_t pubkey;
+ const char *name;
+
+ REGISTER_DEFAULT_PUBKEYS;
+
+ ath_mutex_lock (&pubkeys_registered_lock);
+ pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
+ if (pubkey)
+ {
+ name = ((gcry_pk_spec_t *) pubkey->spec)->name;
+ _gcry_module_release (pubkey);
+ }
+ else
+ name = "?";
+ ath_mutex_unlock (&pubkeys_registered_lock);
+
+ return name;
+}
+
+
+/* A special version of gcry_pk_algo name to return the first aliased
+ name of the algorithm. This is required to adhere to the spki
+ specs where the algorithm names are lowercase. */
+const char *
+_gcry_pk_aliased_algo_name (int algorithm)
+{
+ const char *name = NULL;
+ gcry_module_t module;
+
+ REGISTER_DEFAULT_PUBKEYS;
+
+ ath_mutex_lock (&pubkeys_registered_lock);
+ module = _gcry_module_lookup_id (pubkeys_registered, algorithm);
+ if (module)
+ {
+ gcry_pk_spec_t *pubkey = (gcry_pk_spec_t *) module->spec;
+
+ name = pubkey->aliases? *pubkey->aliases : NULL;
+ if (!name || !*name)
+ name = pubkey->name;
+ _gcry_module_release (module);
+ }
+ ath_mutex_unlock (&pubkeys_registered_lock);
+
+ return name;
+}
+
+
+static void
+disable_pubkey_algo (int algorithm)
+{
+ gcry_module_t pubkey;
+
+ ath_mutex_lock (&pubkeys_registered_lock);
+ pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
+ if (pubkey)
+ {
+ if (! (pubkey-> flags & FLAG_MODULE_DISABLED))
+ pubkey->flags |= FLAG_MODULE_DISABLED;
+ _gcry_module_release (pubkey);
+ }
+ ath_mutex_unlock (&pubkeys_registered_lock);
+}
+
+
+/****************
+ * A USE of 0 means: don't care.
+ */
+static gcry_err_code_t
+check_pubkey_algo (int algorithm, unsigned use)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+ gcry_pk_spec_t *pubkey;
+ gcry_module_t module;
+
+ REGISTER_DEFAULT_PUBKEYS;
+
+ ath_mutex_lock (&pubkeys_registered_lock);
+ module = _gcry_module_lookup_id (pubkeys_registered, algorithm);
+ if (module)
+ {
+ pubkey = (gcry_pk_spec_t *) module->spec;
+
+ if (((use & GCRY_PK_USAGE_SIGN)
+ && (! (pubkey->use & GCRY_PK_USAGE_SIGN)))
+ || ((use & GCRY_PK_USAGE_ENCR)
+ && (! (pubkey->use & GCRY_PK_USAGE_ENCR))))
+ err = GPG_ERR_WRONG_PUBKEY_ALGO;
+ else if (module->flags & FLAG_MODULE_DISABLED)
+ err = GPG_ERR_PUBKEY_ALGO;
+ _gcry_module_release (module);
+ }
+ else
+ err = GPG_ERR_PUBKEY_ALGO;
+ ath_mutex_unlock (&pubkeys_registered_lock);
+
+ return err;
+}
+
+
+/****************
+ * Return the number of public key material numbers
+ */
+static int
+pubkey_get_npkey (int algorithm)
+{
+ gcry_module_t pubkey;
+ int npkey = 0;
+
+ REGISTER_DEFAULT_PUBKEYS;
+
+ ath_mutex_lock (&pubkeys_registered_lock);
+ pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
+ if (pubkey)
+ {
+ npkey = strlen (((gcry_pk_spec_t *) pubkey->spec)->elements_pkey);
+ _gcry_module_release (pubkey);
+ }
+ ath_mutex_unlock (&pubkeys_registered_lock);
+
+ return npkey;
+}
+
+/****************
+ * Return the number of secret key material numbers
+ */
+static int
+pubkey_get_nskey (int algorithm)
+{
+ gcry_module_t pubkey;
+ int nskey = 0;
+
+ REGISTER_DEFAULT_PUBKEYS;
+
+ ath_mutex_lock (&pubkeys_registered_lock);
+ pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
+ if (pubkey)
+ {
+ nskey = strlen (((gcry_pk_spec_t *) pubkey->spec)->elements_skey);
+ _gcry_module_release (pubkey);
+ }
+ ath_mutex_unlock (&pubkeys_registered_lock);
+
+ return nskey;
+}
+
+/****************
+ * Return the number of signature material numbers
+ */
+static int
+pubkey_get_nsig (int algorithm)
+{
+ gcry_module_t pubkey;
+ int nsig = 0;
+
+ REGISTER_DEFAULT_PUBKEYS;
+
+ ath_mutex_lock (&pubkeys_registered_lock);
+ pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
+ if (pubkey)
+ {
+ nsig = strlen (((gcry_pk_spec_t *) pubkey->spec)->elements_sig);
+ _gcry_module_release (pubkey);
+ }
+ ath_mutex_unlock (&pubkeys_registered_lock);
+
+ return nsig;
+}
+
+/****************
+ * Return the number of encryption material numbers
+ */
+static int
+pubkey_get_nenc (int algorithm)
+{
+ gcry_module_t pubkey;
+ int nenc = 0;
+
+ REGISTER_DEFAULT_PUBKEYS;
+
+ ath_mutex_lock (&pubkeys_registered_lock);
+ pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
+ if (pubkey)
+ {
+ nenc = strlen (((gcry_pk_spec_t *) pubkey->spec)->elements_enc);
+ _gcry_module_release (pubkey);
+ }
+ ath_mutex_unlock (&pubkeys_registered_lock);
+
+ return nenc;
+}
+
+
+/* Generate a new public key with algorithm ALGORITHM of size NBITS
+ and return it at SKEY. USE_E depends on the ALGORITHM. GENPARMS
+ is passed to the algorithm module if it features an extended
+ generation function. RETFACTOR is used by some algorithms to
+ return certain additional information which are in general not
+ required.
+
+ The function returns the error code number or 0 on success. */
+static gcry_err_code_t
+pubkey_generate (int algorithm,
+ unsigned int nbits,
+ unsigned long use_e,
+ gcry_sexp_t genparms,
+ gcry_mpi_t *skey, gcry_mpi_t **retfactors,
+ gcry_sexp_t *r_extrainfo)
+{
+ gcry_err_code_t ec = GPG_ERR_PUBKEY_ALGO;
+ gcry_module_t pubkey;
+
+ REGISTER_DEFAULT_PUBKEYS;
+
+ ath_mutex_lock (&pubkeys_registered_lock);
+ pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
+ if (pubkey)
+ {
+ pk_extra_spec_t *extraspec = pubkey->extraspec;
+
+ if (extraspec && extraspec->ext_generate)
+ {
+ /* Use the extended generate function. */
+ ec = extraspec->ext_generate
+ (algorithm, nbits, use_e, genparms, skey, retfactors, r_extrainfo);
+ }
+ else
+ {
+ /* Use the standard generate function. */
+ ec = ((gcry_pk_spec_t *) pubkey->spec)->generate
+ (algorithm, nbits, use_e, skey, retfactors);
+ }
+ _gcry_module_release (pubkey);
+ }
+ ath_mutex_unlock (&pubkeys_registered_lock);
+
+ return ec;
+}
+
+
+static gcry_err_code_t
+pubkey_check_secret_key (int algorithm, gcry_mpi_t *skey)
+{
+ gcry_err_code_t err = GPG_ERR_PUBKEY_ALGO;
+ gcry_module_t pubkey;
+
+ REGISTER_DEFAULT_PUBKEYS;
+
+ ath_mutex_lock (&pubkeys_registered_lock);
+ pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
+ if (pubkey)
+ {
+ err = ((gcry_pk_spec_t *) pubkey->spec)->check_secret_key
+ (algorithm, skey);
+ _gcry_module_release (pubkey);
+ }
+ ath_mutex_unlock (&pubkeys_registered_lock);
+
+ return err;
+}
+
+
+/****************
+ * This is the interface to the public key encryption. Encrypt DATA
+ * with PKEY and put it into RESARR which should be an array of MPIs
+ * of size PUBKEY_MAX_NENC (or less if the algorithm allows this -
+ * check with pubkey_get_nenc() )
+ */
+static gcry_err_code_t
+pubkey_encrypt (int algorithm, gcry_mpi_t *resarr, gcry_mpi_t data,
+ gcry_mpi_t *pkey, int flags)
+{
+ gcry_pk_spec_t *pubkey;
+ gcry_module_t module;
+ gcry_err_code_t rc;
+ int i;
+
+ /* Note: In fips mode DBG_CIPHER will enver evaluate to true but as
+ an extra failsafe protection we explicitly test for fips mode
+ here. */
+ if (DBG_CIPHER && !fips_mode ())
+ {
+ log_debug ("pubkey_encrypt: algo=%d\n", algorithm);
+ for(i = 0; i < pubkey_get_npkey (algorithm); i++)
+ log_mpidump (" pkey:", pkey[i]);
+ log_mpidump (" data:", data);
+ }
+
+ ath_mutex_lock (&pubkeys_registered_lock);
+ module = _gcry_module_lookup_id (pubkeys_registered, algorithm);
+ if (module)
+ {
+ pubkey = (gcry_pk_spec_t *) module->spec;
+ rc = pubkey->encrypt (algorithm, resarr, data, pkey, flags);
+ _gcry_module_release (module);
+ goto ready;
+ }
+ rc = GPG_ERR_PUBKEY_ALGO;
+
+ ready:
+ ath_mutex_unlock (&pubkeys_registered_lock);
+
+ if (!rc && DBG_CIPHER && !fips_mode ())
+ {
+ for(i = 0; i < pubkey_get_nenc (algorithm); i++)
+ log_mpidump(" encr:", resarr[i] );
+ }
+ return rc;
+}
+
+
+/****************
+ * This is the interface to the public key decryption.
+ * ALGO gives the algorithm to use and this implicitly determines
+ * the size of the arrays.
+ * result is a pointer to a mpi variable which will receive a
+ * newly allocated mpi or NULL in case of an error.
+ */
+static gcry_err_code_t
+pubkey_decrypt (int algorithm, gcry_mpi_t *result, gcry_mpi_t *data,
+ gcry_mpi_t *skey, int flags)
+{
+ gcry_pk_spec_t *pubkey;
+ gcry_module_t module;
+ gcry_err_code_t rc;
+ int i;
+
+ *result = NULL; /* so the caller can always do a mpi_free */
+ if (DBG_CIPHER && !fips_mode ())
+ {
+ log_debug ("pubkey_decrypt: algo=%d\n", algorithm);
+ for(i = 0; i < pubkey_get_nskey (algorithm); i++)
+ log_mpidump (" skey:", skey[i]);
+ for(i = 0; i < pubkey_get_nenc (algorithm); i++)
+ log_mpidump (" data:", data[i]);
+ }
+
+ ath_mutex_lock (&pubkeys_registered_lock);
+ module = _gcry_module_lookup_id (pubkeys_registered, algorithm);
+ if (module)
+ {
+ pubkey = (gcry_pk_spec_t *) module->spec;
+ rc = pubkey->decrypt (algorithm, result, data, skey, flags);
+ _gcry_module_release (module);
+ goto ready;
+ }
+
+ rc = GPG_ERR_PUBKEY_ALGO;
+
+ ready:
+ ath_mutex_unlock (&pubkeys_registered_lock);
+
+ if (!rc && DBG_CIPHER && !fips_mode ())
+ log_mpidump (" plain:", *result);
+
+ return rc;
+}
+
+
+/****************
+ * This is the interface to the public key signing.
+ * Sign data with skey and put the result into resarr which
+ * should be an array of MPIs of size PUBKEY_MAX_NSIG (or less if the
+ * algorithm allows this - check with pubkey_get_nsig() )
+ */
+static gcry_err_code_t
+pubkey_sign (int algorithm, gcry_mpi_t *resarr, gcry_mpi_t data,
+ gcry_mpi_t *skey)
+{
+ gcry_pk_spec_t *pubkey;
+ gcry_module_t module;
+ gcry_err_code_t rc;
+ int i;
+
+ if (DBG_CIPHER && !fips_mode ())
+ {
+ log_debug ("pubkey_sign: algo=%d\n", algorithm);
+ for(i = 0; i < pubkey_get_nskey (algorithm); i++)
+ log_mpidump (" skey:", skey[i]);
+ log_mpidump(" data:", data );
+ }
+
+ ath_mutex_lock (&pubkeys_registered_lock);
+ module = _gcry_module_lookup_id (pubkeys_registered, algorithm);
+ if (module)
+ {
+ pubkey = (gcry_pk_spec_t *) module->spec;
+ rc = pubkey->sign (algorithm, resarr, data, skey);
+ _gcry_module_release (module);
+ goto ready;
+ }
+
+ rc = GPG_ERR_PUBKEY_ALGO;
+
+ ready:
+ ath_mutex_unlock (&pubkeys_registered_lock);
+
+ if (!rc && DBG_CIPHER && !fips_mode ())
+ for (i = 0; i < pubkey_get_nsig (algorithm); i++)
+ log_mpidump (" sig:", resarr[i]);
+
+ return rc;
+}
+
+/****************
+ * Verify a public key signature.
+ * Return 0 if the signature is good
+ */
+static gcry_err_code_t
+pubkey_verify (int algorithm, gcry_mpi_t hash, gcry_mpi_t *data,
+ gcry_mpi_t *pkey,
+ int (*cmp)(void *, gcry_mpi_t), void *opaquev)
+{
+ gcry_pk_spec_t *pubkey;
+ gcry_module_t module;
+ gcry_err_code_t rc;
+ int i;
+
+ if (DBG_CIPHER && !fips_mode ())
+ {
+ log_debug ("pubkey_verify: algo=%d\n", algorithm);
+ for (i = 0; i < pubkey_get_npkey (algorithm); i++)
+ log_mpidump (" pkey:", pkey[i]);
+ for (i = 0; i < pubkey_get_nsig (algorithm); i++)
+ log_mpidump (" sig:", data[i]);
+ log_mpidump (" hash:", hash);
+ }
+
+ ath_mutex_lock (&pubkeys_registered_lock);
+ module = _gcry_module_lookup_id (pubkeys_registered, algorithm);
+ if (module)
+ {
+ pubkey = (gcry_pk_spec_t *) module->spec;
+ rc = pubkey->verify (algorithm, hash, data, pkey, cmp, opaquev);
+ _gcry_module_release (module);
+ goto ready;
+ }
+
+ rc = GPG_ERR_PUBKEY_ALGO;
+
+ ready:
+ ath_mutex_unlock (&pubkeys_registered_lock);
+ return rc;
+}
+
+
+/* Internal function. */
+static gcry_err_code_t
+sexp_elements_extract (gcry_sexp_t key_sexp, const char *element_names,
+ gcry_mpi_t *elements, const char *algo_name)
+{
+ gcry_err_code_t err = 0;
+ int i, idx;
+ const char *name;
+ gcry_sexp_t list;
+
+ for (name = element_names, idx = 0; *name && !err; name++, idx++)
+ {
+ list = gcry_sexp_find_token (key_sexp, name, 1);
+ if (!list)
+ elements[idx] = NULL;
+ else
+ {
+ elements[idx] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);
+ gcry_sexp_release (list);
+ if (!elements[idx])
+ err = GPG_ERR_INV_OBJ;
+ }
+ }
+
+ if (!err)
+ {
+ /* Check that all elements are available. */
+ for (name = element_names, idx = 0; *name; name++, idx++)
+ if (!elements[idx])
+ break;
+ if (*name)
+ {
+ err = GPG_ERR_NO_OBJ;
+ /* Some are missing. Before bailing out we test for
+ optional parameters. */
+ if (algo_name && !strcmp (algo_name, "RSA")
+ && !strcmp (element_names, "nedpqu") )
+ {
+ /* This is RSA. Test whether we got N, E and D and that
+ the optional P, Q and U are all missing. */
+ if (elements[0] && elements[1] && elements[2]
+ && !elements[3] && !elements[4] && !elements[5])
+ err = 0;
+ }
+ }
+ }
+
+
+ if (err)
+ {
+ for (i = 0; i < idx; i++)
+ if (elements[i])
+ gcry_free (elements[i]);
+ }
+ return err;
+}
+
+
+/* Internal function used for ecc. Note, that this function makes use
+ of its intimate knowledge about the ECC parameters from ecc.c. */
+static gcry_err_code_t
+sexp_elements_extract_ecc (gcry_sexp_t key_sexp, const char *element_names,
+ gcry_mpi_t *elements, pk_extra_spec_t *extraspec)
+
+{
+ gcry_err_code_t err = 0;
+ int idx;
+ const char *name;
+ gcry_sexp_t list;
+
+ /* Clear the array for easier error cleanup. */
+ for (name = element_names, idx = 0; *name; name++, idx++)
+ elements[idx] = NULL;
+ gcry_assert (idx >= 6); /* We know that ECC has at least 6 elements. */
+
+ /* Init the array with the available curve parameters. */
+ for (name = element_names, idx = 0; *name && !err; name++, idx++)
+ {
+ list = gcry_sexp_find_token (key_sexp, name, 1);
+ if (!list)
+ elements[idx] = NULL;
+ else
+ {
+ elements[idx] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);
+ gcry_sexp_release (list);
+ if (!elements[idx])
+ {
+ err = GPG_ERR_INV_OBJ;
+ goto leave;
+ }
+ }
+ }
+
+ /* Check whether a curve parameter has been given and then fill any
+ missing elements. */
+ list = gcry_sexp_find_token (key_sexp, "curve", 5);
+ if (list)
+ {
+ if (extraspec->get_param)
+ {
+ char *curve;
+ gcry_mpi_t params[6];
+
+ for (idx = 0; idx < DIM(params); idx++)
+ params[idx] = NULL;
+
+ curve = _gcry_sexp_nth_string (list, 1);
+ gcry_sexp_release (list);
+ if (!curve)
+ {
+ /* No curve name given (or out of core). */
+ err = GPG_ERR_INV_OBJ;
+ goto leave;
+ }
+ err = extraspec->get_param (curve, params);
+ gcry_free (curve);
+ if (err)
+ goto leave;
+
+ for (idx = 0; idx < DIM(params); idx++)
+ {
+ if (!elements[idx])
+ elements[idx] = params[idx];
+ else
+ mpi_free (params[idx]);
+ }
+ }
+ else
+ {
+ gcry_sexp_release (list);
+ err = GPG_ERR_INV_OBJ; /* "curve" given but ECC not supported. */
+ goto leave;
+ }
+ }
+
+ /* Check that all parameters are known. */
+ for (name = element_names, idx = 0; *name; name++, idx++)
+ if (!elements[idx])
+ {
+ err = GPG_ERR_NO_OBJ;
+ goto leave;
+ }
+
+ leave:
+ if (err)
+ {
+ for (name = element_names, idx = 0; *name; name++, idx++)
+ if (elements[idx])
+ gcry_free (elements[idx]);
+ }
+ return err;
+}
+
+
+
+/****************
+ * Convert a S-Exp with either a private or a public key to our
+ * internal format. Currently we do only support the following
+ * algorithms:
+ * dsa
+ * rsa
+ * openpgp-dsa
+ * openpgp-rsa
+ * openpgp-elg
+ * openpgp-elg-sig
+ * ecdsa
+ * Provide a SE with the first element be either "private-key" or
+ * or "public-key". It is followed by a list with its first element
+ * be one of the above algorithm identifiers and the remaning
+ * elements are pairs with parameter-id and value.
+ * NOTE: we look through the list to find a list beginning with
+ * "private-key" or "public-key" - the first one found is used.
+ *
+ * Returns: A pointer to an allocated array of MPIs if the return value is
+ * zero; the caller has to release this array.
+ *
+ * Example of a DSA public key:
+ * (private-key
+ * (dsa
+ * (p <mpi>)
+ * (g <mpi>)
+ * (y <mpi>)
+ * (x <mpi>)
+ * )
+ * )
+ * The <mpi> are expected to be in GCRYMPI_FMT_USG
+ */
+static gcry_err_code_t
+sexp_to_key (gcry_sexp_t sexp, int want_private, gcry_mpi_t **retarray,
+ gcry_module_t *retalgo)
+{
+ gcry_err_code_t err = 0;
+ gcry_sexp_t list, l2;
+ char *name;
+ const char *elems;
+ gcry_mpi_t *array;
+ gcry_module_t module;
+ gcry_pk_spec_t *pubkey;
+ pk_extra_spec_t *extraspec;
+ int is_ecc;
+
+ /* Check that the first element is valid. */
+ list = gcry_sexp_find_token (sexp,
+ want_private? "private-key":"public-key", 0);
+ if (!list)
+ return GPG_ERR_INV_OBJ; /* Does not contain a key object. */
+
+ l2 = gcry_sexp_cadr( list );
+ gcry_sexp_release ( list );
+ list = l2;
+ name = _gcry_sexp_nth_string (list, 0);
+ if (!name)
+ {
+ gcry_sexp_release ( list );
+ return GPG_ERR_INV_OBJ; /* Invalid structure of object. */
+ }
+
+ ath_mutex_lock (&pubkeys_registered_lock);
+ module = gcry_pk_lookup_name (name);
+ ath_mutex_unlock (&pubkeys_registered_lock);
+
+ /* Fixme: We should make sure that an ECC key is always named "ecc"
+ and not "ecdsa". "ecdsa" should be used for the signature
+ itself. We need a function to test whether an algorithm given
+ with a key is compatible with an application of the key (signing,
+ encryption). For RSA this is easy, but ECC is the first
+ algorithm which has many flavours. */
+ is_ecc = ( !strcmp (name, "ecdsa") || !strcmp (name, "ecc") );
+ gcry_free (name);
+
+ if (!module)
+ {
+ gcry_sexp_release (list);
+ return GPG_ERR_PUBKEY_ALGO; /* Unknown algorithm. */
+ }
+ else
+ {
+ pubkey = (gcry_pk_spec_t *) module->spec;
+ extraspec = module->extraspec;
+ }
+
+ elems = want_private ? pubkey->elements_skey : pubkey->elements_pkey;
+ array = gcry_calloc (strlen (elems) + 1, sizeof (*array));
+ if (!array)
+ err = gpg_err_code_from_errno (errno);
+ if (!err)
+ {
+ if (is_ecc)
+ err = sexp_elements_extract_ecc (list, elems, array, extraspec);
+ else
+ err = sexp_elements_extract (list, elems, array, pubkey->name);
+ }
+
+ gcry_sexp_release (list);
+
+ if (err)
+ {
+ gcry_free (array);
+
+ ath_mutex_lock (&pubkeys_registered_lock);
+ _gcry_module_release (module);
+ ath_mutex_unlock (&pubkeys_registered_lock);
+ }
+ else
+ {
+ *retarray = array;
+ *retalgo = module;
+ }
+
+ return err;
+}
+
+
+static gcry_err_code_t
+sexp_to_sig (gcry_sexp_t sexp, gcry_mpi_t **retarray,
+ gcry_module_t *retalgo)
+{
+ gcry_err_code_t err = 0;
+ gcry_sexp_t list, l2;
+ char *name;
+ const char *elems;
+ gcry_mpi_t *array;
+ gcry_module_t module;
+ gcry_pk_spec_t *pubkey;
+
+ /* Check that the first element is valid. */
+ list = gcry_sexp_find_token( sexp, "sig-val" , 0 );
+ if (!list)
+ return GPG_ERR_INV_OBJ; /* Does not contain a signature value object. */
+
+ l2 = gcry_sexp_nth (list, 1);
+ if (!l2)
+ {
+ gcry_sexp_release (list);
+ return GPG_ERR_NO_OBJ; /* No cadr for the sig object. */
+ }
+ name = _gcry_sexp_nth_string (l2, 0);
+ if (!name)
+ {
+ gcry_sexp_release (list);
+ gcry_sexp_release (l2);
+ return GPG_ERR_INV_OBJ; /* Invalid structure of object. */
+ }
+ else if (!strcmp (name, "flags"))
+ {
+ /* Skip flags, since they are not used but here just for the
+ sake of consistent S-expressions. */
+ gcry_free (name);
+ gcry_sexp_release (l2);
+ l2 = gcry_sexp_nth (list, 2);
+ if (!l2)
+ {
+ gcry_sexp_release (list);
+ return GPG_ERR_INV_OBJ;
+ }
+ name = _gcry_sexp_nth_string (l2, 0);
+ }
+
+ ath_mutex_lock (&pubkeys_registered_lock);
+ module = gcry_pk_lookup_name (name);
+ ath_mutex_unlock (&pubkeys_registered_lock);
+ gcry_free (name);
+ name = NULL;
+
+ if (!module)
+ {
+ gcry_sexp_release (l2);
+ gcry_sexp_release (list);
+ return GPG_ERR_PUBKEY_ALGO; /* Unknown algorithm. */
+ }
+ else
+ pubkey = (gcry_pk_spec_t *) module->spec;
+
+ elems = pubkey->elements_sig;
+ array = gcry_calloc (strlen (elems) + 1 , sizeof *array );
+ if (!array)
+ err = gpg_err_code_from_errno (errno);
+
+ if (!err)
+ err = sexp_elements_extract (list, elems, array, NULL);
+
+ gcry_sexp_release (l2);
+ gcry_sexp_release (list);
+
+ if (err)
+ {
+ ath_mutex_lock (&pubkeys_registered_lock);
+ _gcry_module_release (module);
+ ath_mutex_unlock (&pubkeys_registered_lock);
+
+ gcry_free (array);
+ }
+ else
+ {
+ *retarray = array;
+ *retalgo = module;
+ }
+
+ return err;
+}
+
+
+/****************
+ * Take sexp and return an array of MPI as used for our internal decrypt
+ * function.
+ * s_data = (enc-val
+ * [(flags [pkcs1])]
+ * (<algo>
+ * (<param_name1> <mpi>)
+ * ...
+ * (<param_namen> <mpi>)
+ * ))
+ * RET_MODERN is set to true when at least an empty flags list has been found.
+ */
+static gcry_err_code_t
+sexp_to_enc (gcry_sexp_t sexp, gcry_mpi_t **retarray, gcry_module_t *retalgo,
+ int *ret_modern, int *ret_want_pkcs1, int *flags)
+{
+ gcry_err_code_t err = 0;
+ gcry_sexp_t list = NULL, l2 = NULL;
+ gcry_pk_spec_t *pubkey = NULL;
+ gcry_module_t module = NULL;
+ char *name = NULL;
+ size_t n;
+ int parsed_flags = 0;
+ const char *elems;
+ gcry_mpi_t *array = NULL;
+
+ *ret_want_pkcs1 = 0;
+ *ret_modern = 0;
+
+ /* Check that the first element is valid. */
+ list = gcry_sexp_find_token (sexp, "enc-val" , 0);
+ if (!list)
+ {
+ err = GPG_ERR_INV_OBJ; /* Does not contain an encrypted value object. */
+ goto leave;
+ }
+
+ l2 = gcry_sexp_nth (list, 1);
+ if (!l2)
+ {
+ err = GPG_ERR_NO_OBJ; /* No cdr for the data object. */
+ goto leave;
+ }
+
+ /* Extract identifier of sublist. */
+ name = _gcry_sexp_nth_string (l2, 0);
+ if (!name)
+ {
+ err = GPG_ERR_INV_OBJ; /* Invalid structure of object. */
+ goto leave;
+ }
+
+ if (!strcmp (name, "flags"))
+ {
+ /* There is a flags element - process it. */
+ const char *s;
+ int i;
+
+ *ret_modern = 1;
+ for (i = gcry_sexp_length (l2) - 1; i > 0; i--)
+ {
+ s = gcry_sexp_nth_data (l2, i, &n);
+ if (! s)
+ ; /* Not a data element - ignore. */
+ else if (n == 3 && !memcmp (s, "raw", 3))
+ ; /* This is just a dummy as it is the default. */
+ else if (n == 5 && !memcmp (s, "pkcs1", 5))
+ *ret_want_pkcs1 = 1;
+ else if (n == 11 && ! memcmp (s, "no-blinding", 11))
+ parsed_flags |= PUBKEY_FLAG_NO_BLINDING;
+ else
+ {
+ err = GPG_ERR_INV_FLAG;
+ goto leave;
+ }
+ }
+
+ /* Get the next which has the actual data. */
+ gcry_sexp_release (l2);
+ l2 = gcry_sexp_nth (list, 2);
+ if (!l2)
+ {
+ err = GPG_ERR_NO_OBJ; /* No cdr for the data object. */
+ goto leave;
+ }
+
+ /* Extract sublist identifier. */
+ gcry_free (name);
+ name = _gcry_sexp_nth_string (l2, 0);
+ if (!name)
+ {
+ err = GPG_ERR_INV_OBJ; /* Invalid structure of object. */
+ goto leave;
+ }
+
+ gcry_sexp_release (list);
+ list = l2;
+ l2 = NULL;
+ }
+
+ ath_mutex_lock (&pubkeys_registered_lock);
+ module = gcry_pk_lookup_name (name);
+ ath_mutex_unlock (&pubkeys_registered_lock);
+
+ if (!module)
+ {
+ err = GPG_ERR_PUBKEY_ALGO; /* Unknown algorithm. */
+ goto leave;
+ }
+ pubkey = (gcry_pk_spec_t *) module->spec;
+
+ elems = pubkey->elements_enc;
+ array = gcry_calloc (strlen (elems) + 1, sizeof (*array));
+ if (!array)
+ {
+ err = gpg_err_code_from_errno (errno);
+ goto leave;
+ }
+
+ err = sexp_elements_extract (list, elems, array, NULL);
+
+ leave:
+ gcry_sexp_release (list);
+ gcry_sexp_release (l2);
+ gcry_free (name);
+
+ if (err)
+ {
+ ath_mutex_lock (&pubkeys_registered_lock);
+ _gcry_module_release (module);
+ ath_mutex_unlock (&pubkeys_registered_lock);
+ gcry_free (array);
+ }
+ else
+ {
+ *retarray = array;
+ *retalgo = module;
+ *flags = parsed_flags;
+ }
+
+ return err;
+}
+
+/* Take the hash value and convert into an MPI, suitable for
+ passing to the low level functions. We currently support the
+ old style way of passing just a MPI and the modern interface which
+ allows to pass flags so that we can choose between raw and pkcs1
+ padding - may be more padding options later.
+
+ (<mpi>)
+ or
+ (data
+ [(flags [pkcs1])]
+ [(hash <algo> <value>)]
+ [(value <text>)]
+ )
+
+ Either the VALUE or the HASH element must be present for use
+ with signatures. VALUE is used for encryption.
+
+ NBITS is the length of the key in bits.
+
+*/
+static gcry_err_code_t
+sexp_data_to_mpi (gcry_sexp_t input, unsigned int nbits, gcry_mpi_t *ret_mpi,
+ int for_encryption, int *flags)
+{
+ gcry_err_code_t rc = 0;
+ gcry_sexp_t ldata, lhash, lvalue;
+ int i;
+ size_t n;
+ const char *s;
+ int is_raw = 0, is_pkcs1 = 0, unknown_flag=0;
+ int parsed_flags = 0, dummy_flags;
+
+ if (! flags)
+ flags = &dummy_flags;
+
+ *ret_mpi = NULL;
+ ldata = gcry_sexp_find_token (input, "data", 0);
+ if (!ldata)
+ { /* assume old style */
+ *ret_mpi = gcry_sexp_nth_mpi (input, 0, 0);
+ return *ret_mpi ? GPG_ERR_NO_ERROR : GPG_ERR_INV_OBJ;
+ }
+
+ /* see whether there is a flags object */
+ {
+ gcry_sexp_t lflags = gcry_sexp_find_token (ldata, "flags", 0);
+ if (lflags)
+ { /* parse the flags list. */
+ for (i=gcry_sexp_length (lflags)-1; i > 0; i--)
+ {
+ s = gcry_sexp_nth_data (lflags, i, &n);
+ if (!s)
+ ; /* not a data element*/
+ else if ( n == 3 && !memcmp (s, "raw", 3))
+ is_raw = 1;
+ else if ( n == 5 && !memcmp (s, "pkcs1", 5))
+ is_pkcs1 = 1;
+ else if (n == 11 && ! memcmp (s, "no-blinding", 11))
+ parsed_flags |= PUBKEY_FLAG_NO_BLINDING;
+ else
+ unknown_flag = 1;
+ }
+ gcry_sexp_release (lflags);
+ }
+ }
+
+ if (!is_pkcs1 && !is_raw)
+ is_raw = 1; /* default to raw */
+
+ /* Get HASH or MPI */
+ lhash = gcry_sexp_find_token (ldata, "hash", 0);
+ lvalue = lhash? NULL : gcry_sexp_find_token (ldata, "value", 0);
+
+ if (!(!lhash ^ !lvalue))
+ rc = GPG_ERR_INV_OBJ; /* none or both given */
+ else if (unknown_flag)
+ rc = GPG_ERR_INV_FLAG;
+ else if (is_raw && is_pkcs1 && !for_encryption)
+ rc = GPG_ERR_CONFLICT;
+ else if (is_raw && lvalue)
+ {
+ *ret_mpi = gcry_sexp_nth_mpi (lvalue, 1, 0);
+ if (!*ret_mpi)
+ rc = GPG_ERR_INV_OBJ;
+ }
+ else if (is_pkcs1 && lvalue && for_encryption)
+ {
+ /* Create pkcs#1 block type 2 padding. */
+ unsigned char *frame = NULL;
+ size_t nframe = (nbits+7) / 8;
+ const void * value;
+ size_t valuelen;
+ unsigned char *p;
+
+ if ( !(value=gcry_sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen )
+ rc = GPG_ERR_INV_OBJ;
+ else if (valuelen + 7 > nframe || !nframe)
+ {
+ /* Can't encode a VALUELEN value in a NFRAME bytes frame. */
+ rc = GPG_ERR_TOO_SHORT; /* the key is too short */
+ }
+ else if ( !(frame = gcry_malloc_secure (nframe)))
+ rc = gpg_err_code_from_errno (errno);
+ else
+ {
+ n = 0;
+ frame[n++] = 0;
+ frame[n++] = 2; /* block type */
+ i = nframe - 3 - valuelen;
+ gcry_assert (i > 0);
+ p = gcry_random_bytes_secure (i, GCRY_STRONG_RANDOM);
+ /* Replace zero bytes by new values. */
+ for (;;)
+ {
+ int j, k;
+ unsigned char *pp;
+
+ /* Count the zero bytes. */
+ for (j=k=0; j < i; j++)
+ {
+ if (!p[j])
+ k++;
+ }
+ if (!k)
+ break; /* Okay: no (more) zero bytes. */
+
+ k += k/128 + 3; /* Better get some more. */
+ pp = gcry_random_bytes_secure (k, GCRY_STRONG_RANDOM);
+ for (j=0; j < i && k; )
+ {
+ if (!p[j])
+ p[j] = pp[--k];
+ if (p[j])
+ j++;
+ }
+ gcry_free (pp);
+ }
+ memcpy (frame+n, p, i);
+ n += i;
+ gcry_free (p);
+
+ frame[n++] = 0;
+ memcpy (frame+n, value, valuelen);
+ n += valuelen;
+ gcry_assert (n == nframe);
+
+ /* FIXME, error checking? */
+ gcry_mpi_scan (ret_mpi, GCRYMPI_FMT_USG, frame, n, &nframe);
+ }
+
+ gcry_free(frame);
+ }
+ else if (is_pkcs1 && lhash && !for_encryption)
+ {
+ /* Create pkcs#1 block type 1 padding. */
+ if (gcry_sexp_length (lhash) != 3)
+ rc = GPG_ERR_INV_OBJ;
+ else if ( !(s=gcry_sexp_nth_data (lhash, 1, &n)) || !n )
+ rc = GPG_ERR_INV_OBJ;
+ else
+ {
+ static struct { const char *name; int algo; } hashnames[] =
+ { { "sha1", GCRY_MD_SHA1 },
+ { "md5", GCRY_MD_MD5 },
+ { "sha256", GCRY_MD_SHA256 },
+ { "ripemd160", GCRY_MD_RMD160 },
+ { "rmd160", GCRY_MD_RMD160 },
+ { "sha384", GCRY_MD_SHA384 },
+ { "sha512", GCRY_MD_SHA512 },
+ { "sha224", GCRY_MD_SHA224 },
+ { "md2", GCRY_MD_MD2 },
+ { "md4", GCRY_MD_MD4 },
+ { "tiger", GCRY_MD_TIGER },
+ { "haval", GCRY_MD_HAVAL },
+ { NULL, 0 }
+ };
+ int algo;
+ byte asn[100];
+ byte *frame = NULL;
+ size_t nframe = (nbits+7) / 8;
+ const void * value;
+ size_t valuelen;
+ size_t asnlen, dlen;
+
+ for (i=0; hashnames[i].name; i++)
+ {
+ if ( strlen (hashnames[i].name) == n
+ && !memcmp (hashnames[i].name, s, n))
+ break;
+ }
+ if (hashnames[i].name)
+ algo = hashnames[i].algo;
+ else
+ {
+ /* In case of not listed or dynamically allocated hash
+ algorithm we fall back to this somewhat slower
+ method. Further, it also allows to use OIDs as
+ algorithm names. */
+ char *tmpname;
+
+ tmpname = gcry_malloc (n+1);
+ if (!tmpname)
+ algo = 0; /* Out of core - silently give up. */
+ else
+ {
+ memcpy (tmpname, s, n);
+ tmpname[n] = 0;
+ algo = gcry_md_map_name (tmpname);
+ gcry_free (tmpname);
+ }
+ }
+
+ asnlen = DIM(asn);
+ dlen = gcry_md_get_algo_dlen (algo);
+
+ if (!algo)
+ rc = GPG_ERR_DIGEST_ALGO;
+ else if ( !(value=gcry_sexp_nth_data (lhash, 2, &valuelen))
+ || !valuelen )
+ rc = GPG_ERR_INV_OBJ;
+ else if (gcry_md_algo_info (algo, GCRYCTL_GET_ASNOID, asn, &asnlen))
+ {
+ /* We don't have yet all of the above algorithms. */
+ rc = GPG_ERR_NOT_IMPLEMENTED;
+ }
+ else if ( valuelen != dlen )
+ {
+ /* Hash value does not match the length of digest for
+ the given algorithm. */
+ rc = GPG_ERR_CONFLICT;
+ }
+ else if( !dlen || dlen + asnlen + 4 > nframe)
+ {
+ /* Can't encode an DLEN byte digest MD into a NFRAME
+ byte frame. */
+ rc = GPG_ERR_TOO_SHORT;
+ }
+ else if ( !(frame = gcry_malloc (nframe)) )
+ rc = gpg_err_code_from_errno (errno);
+ else
+ { /* Assemble the pkcs#1 block type 1. */
+ n = 0;
+ frame[n++] = 0;
+ frame[n++] = 1; /* block type */
+ i = nframe - valuelen - asnlen - 3 ;
+ gcry_assert (i > 1);
+ memset (frame+n, 0xff, i );
+ n += i;
+ frame[n++] = 0;
+ memcpy (frame+n, asn, asnlen);
+ n += asnlen;
+ memcpy (frame+n, value, valuelen );
+ n += valuelen;
+ gcry_assert (n == nframe);
+
+ /* Convert it into an MPI. FIXME: error checking? */
+ gcry_mpi_scan (ret_mpi, GCRYMPI_FMT_USG, frame, n, &nframe);
+ }
+
+ gcry_free (frame);
+ }
+ }
+ else
+ rc = GPG_ERR_CONFLICT;
+
+ gcry_sexp_release (ldata);
+ gcry_sexp_release (lhash);
+ gcry_sexp_release (lvalue);
+
+ if (!rc)
+ *flags = parsed_flags;
+
+ return rc;
+}
+
+
+/*
+ Do a PK encrypt operation
+
+ Caller has to provide a public key as the SEXP pkey and data as a
+ SEXP with just one MPI in it. Alternativly S_DATA might be a
+ complex S-Expression, similar to the one used for signature
+ verification. This provides a flag which allows to handle PKCS#1
+ block type 2 padding. The function returns a a sexp which may be
+ passed to to pk_decrypt.
+
+ Returns: 0 or an errorcode.
+
+ s_data = See comment for sexp_data_to_mpi
+ s_pkey = <key-as-defined-in-sexp_to_key>
+ r_ciph = (enc-val
+ (<algo>
+ (<param_name1> <mpi>)
+ ...
+ (<param_namen> <mpi>)
+ ))
+
+*/
+gcry_error_t
+gcry_pk_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t s_pkey)
+{
+ gcry_mpi_t *pkey = NULL, data = NULL, *ciph = NULL;
+ const char *algo_name, *algo_elems;
+ int flags;
+ gcry_err_code_t rc;
+ gcry_pk_spec_t *pubkey = NULL;
+ gcry_module_t module = NULL;
+
+ *r_ciph = NULL;
+
+ REGISTER_DEFAULT_PUBKEYS;
+
+ /* Get the key. */
+ rc = sexp_to_key (s_pkey, 0, &pkey, &module);
+ if (rc)
+ goto leave;
+
+ gcry_assert (module);
+ pubkey = (gcry_pk_spec_t *) module->spec;
+
+ /* If aliases for the algorithm name exists, take the first one
+ instead of the regular name to adhere to SPKI conventions. We
+ assume that the first alias name is the lowercase version of the
+ regular one. This change is required for compatibility with
+ 1.1.12 generated S-expressions. */
+ algo_name = pubkey->aliases? *pubkey->aliases : NULL;
+ if (!algo_name || !*algo_name)
+ algo_name = pubkey->name;
+
+ algo_elems = pubkey->elements_enc;
+
+ /* Get the stuff we want to encrypt. */
+ rc = sexp_data_to_mpi (s_data, gcry_pk_get_nbits (s_pkey), &data, 1,
+ &flags);
+ if (rc)
+ goto leave;
+
+ /* Now we can encrypt DATA to CIPH. */
+ ciph = gcry_calloc (strlen (algo_elems) + 1, sizeof (*ciph));
+ if (!ciph)
+ {
+ rc = gpg_err_code_from_errno (errno);
+ goto leave;
+ }
+ rc = pubkey_encrypt (module->mod_id, ciph, data, pkey, flags);
+ mpi_free (data);
+ data = NULL;
+ if (rc)
+ goto leave;
+
+ /* We did it. Now build the return list */
+ {
+ char *string, *p;
+ int i;
+ size_t nelem = strlen (algo_elems);
+ size_t needed = 19 + strlen (algo_name) + (nelem * 5);
+ void **arg_list;
+
+ /* Build the string. */
+ string = p = gcry_malloc (needed);
+ if (!string)
+ {
+ rc = gpg_err_code_from_errno (errno);
+ goto leave;
+ }
+ p = stpcpy ( p, "(enc-val(" );
+ p = stpcpy ( p, algo_name );
+ for (i=0; algo_elems[i]; i++ )
+ {
+ *p++ = '(';
+ *p++ = algo_elems[i];
+ p = stpcpy ( p, "%m)" );
+ }
+ strcpy ( p, "))" );
+
+ /* And now the ugly part: We don't have a function to pass an
+ * array to a format string, so we have to do it this way :-(. */
+ /* FIXME: There is now such a format specifier, so we can
+ change the code to be more clear. */
+ arg_list = malloc (nelem * sizeof *arg_list);
+ if (!arg_list)
+ {
+ rc = gpg_err_code_from_errno (errno);
+ goto leave;
+ }
+
+ for (i = 0; i < nelem; i++)
+ arg_list[i] = ciph + i;
+
+ rc = gcry_sexp_build_array (r_ciph, NULL, string, arg_list);
+ free (arg_list);
+ if (rc)
+ BUG ();
+ gcry_free (string);
+ }
+
+ leave:
+ if (pkey)
+ {
+ release_mpi_array (pkey);
+ gcry_free (pkey);
+ }
+
+ if (ciph)
+ {
+ release_mpi_array (ciph);
+ gcry_free (ciph);
+ }
+
+ if (module)
+ {
+ ath_mutex_lock (&pubkeys_registered_lock);
+ _gcry_module_release (module);
+ ath_mutex_unlock (&pubkeys_registered_lock);
+ }
+
+ return gcry_error (rc);
+}
+
+/*
+ Do a PK decrypt operation
+
+ Caller has to provide a secret key as the SEXP skey and data in a
+ format as created by gcry_pk_encrypt. For historic reasons the
+ function returns simply an MPI as an S-expression part; this is
+ deprecated and the new method should be used which returns a real
+ S-expressionl this is selected by adding at least an empty flags
+ list to S_DATA.
+
+ Returns: 0 or an errorcode.
+
+ s_data = (enc-val
+ [(flags)]
+ (<algo>
+ (<param_name1> <mpi>)
+ ...
+ (<param_namen> <mpi>)
+ ))
+ s_skey = <key-as-defined-in-sexp_to_key>
+ r_plain= Either an incomplete S-expression without the parentheses
+ or if the flags list is used (even if empty) a real S-expression:
+ (value PLAIN).
+ */
+gcry_error_t
+gcry_pk_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t s_skey)
+{
+ gcry_mpi_t *skey = NULL, *data = NULL, plain = NULL;
+ int modern, want_pkcs1, flags;
+ gcry_err_code_t rc;
+ gcry_module_t module_enc = NULL, module_key = NULL;
+ gcry_pk_spec_t *pubkey = NULL;
+
+ *r_plain = NULL;
+
+ REGISTER_DEFAULT_PUBKEYS;
+
+ rc = sexp_to_key (s_skey, 1, &skey, &module_key);
+ if (rc)
+ goto leave;
+
+ rc = sexp_to_enc (s_data, &data, &module_enc, &modern, &want_pkcs1, &flags);
+ if (rc)
+ goto leave;
+
+ if (module_key->mod_id != module_enc->mod_id)
+ {
+ rc = GPG_ERR_CONFLICT; /* Key algo does not match data algo. */
+ goto leave;
+ }
+
+ pubkey = (gcry_pk_spec_t *) module_key->spec;
+
+ rc = pubkey_decrypt (module_key->mod_id, &plain, data, skey, flags);
+ if (rc)
+ goto leave;
+
+ if (gcry_sexp_build (r_plain, NULL, modern? "(value %m)" : "%m", plain))
+ BUG ();
+
+ leave:
+ if (skey)
+ {
+ release_mpi_array (skey);
+ gcry_free (skey);
+ }
+
+ if (plain)
+ mpi_free (plain);
+
+ if (data)
+ {
+ release_mpi_array (data);
+ gcry_free (data);
+ }
+
+ if (module_key || module_enc)
+ {
+ ath_mutex_lock (&pubkeys_registered_lock);
+ if (module_key)
+ _gcry_module_release (module_key);
+ if (module_enc)
+ _gcry_module_release (module_enc);
+ ath_mutex_unlock (&pubkeys_registered_lock);
+ }
+
+ return gcry_error (rc);
+}
+
+
+
+/*
+ Create a signature.
+
+ Caller has to provide a secret key as the SEXP skey and data
+ expressed as a SEXP list hash with only one element which should
+ instantly be available as a MPI. Alternatively the structure given
+ below may be used for S_HASH, it provides the abiliy to pass flags
+ to the operation; the only flag defined by now is "pkcs1" which
+ does PKCS#1 block type 1 style padding.
+
+ Returns: 0 or an errorcode.
+ In case of 0 the function returns a new SEXP with the
+ signature value; the structure of this signature depends on the
+ other arguments but is always suitable to be passed to
+ gcry_pk_verify
+
+ s_hash = See comment for sexp_data_to_mpi
+
+ s_skey = <key-as-defined-in-sexp_to_key>
+ r_sig = (sig-val
+ (<algo>
+ (<param_name1> <mpi>)
+ ...
+ (<param_namen> <mpi>))
+ [(hash algo)])
+
+ Note that (hash algo) in R_SIG is not used.
+*/
+gcry_error_t
+gcry_pk_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_hash, gcry_sexp_t s_skey)
+{
+ gcry_mpi_t *skey = NULL, hash = NULL, *result = NULL;
+ gcry_pk_spec_t *pubkey = NULL;
+ gcry_module_t module = NULL;
+ const char *algo_name, *algo_elems;
+ int i;
+ gcry_err_code_t rc;
+
+ *r_sig = NULL;
+
+ REGISTER_DEFAULT_PUBKEYS;
+
+ rc = sexp_to_key (s_skey, 1, &skey, &module);
+ if (rc)
+ goto leave;
+
+ gcry_assert (module);
+ pubkey = (gcry_pk_spec_t *) module->spec;
+ algo_name = pubkey->aliases? *pubkey->aliases : NULL;
+ if (!algo_name || !*algo_name)
+ algo_name = pubkey->name;
+
+ algo_elems = pubkey->elements_sig;
+
+ /* Get the stuff we want to sign. Note that pk_get_nbits does also
+ work on a private key. */
+ rc = sexp_data_to_mpi (s_hash, gcry_pk_get_nbits (s_skey),
+ &hash, 0, NULL);
+ if (rc)
+ goto leave;
+
+ result = gcry_calloc (strlen (algo_elems) + 1, sizeof (*result));
+ if (!result)
+ {
+ rc = gpg_err_code_from_errno (errno);
+ goto leave;
+ }
+ rc = pubkey_sign (module->mod_id, result, hash, skey);
+ if (rc)
+ goto leave;
+
+ {
+ char *string, *p;
+ size_t nelem, needed = strlen (algo_name) + 20;
+ void **arg_list;
+
+ nelem = strlen (algo_elems);
+
+ /* Count elements, so that we can allocate enough space. */
+ needed += 10 * nelem;
+
+ /* Build the string. */
+ string = p = gcry_malloc (needed);
+ if (!string)
+ {
+ rc = gpg_err_code_from_errno (errno);
+ goto leave;
+ }
+ p = stpcpy (p, "(sig-val(");
+ p = stpcpy (p, algo_name);
+ for (i = 0; algo_elems[i]; i++)
+ {
+ *p++ = '(';
+ *p++ = algo_elems[i];
+ p = stpcpy (p, "%m)");
+ }
+ strcpy (p, "))");
+
+ arg_list = malloc (nelem * sizeof *arg_list);
+ if (!arg_list)
+ {
+ rc = gpg_err_code_from_errno (errno);
+ goto leave;
+ }
+
+ for (i = 0; i < nelem; i++)
+ arg_list[i] = result + i;
+
+ rc = gcry_sexp_build_array (r_sig, NULL, string, arg_list);
+ free (arg_list);
+ if (rc)
+ BUG ();
+ gcry_free (string);
+ }
+
+ leave:
+ if (skey)
+ {
+ release_mpi_array (skey);
+ gcry_free (skey);
+ }
+
+ if (hash)
+ mpi_free (hash);
+
+ if (result)
+ {
+ release_mpi_array (result);
+ gcry_free (result);
+ }
+
+ return gcry_error (rc);
+}
+
+
+/*
+ Verify a signature.
+
+ Caller has to supply the public key pkey, the signature sig and his
+ hashvalue data. Public key has to be a standard public key given
+ as an S-Exp, sig is a S-Exp as returned from gcry_pk_sign and data
+ must be an S-Exp like the one in sign too. */
+gcry_error_t
+gcry_pk_verify (gcry_sexp_t s_sig, gcry_sexp_t s_hash, gcry_sexp_t s_pkey)
+{
+ gcry_module_t module_key = NULL, module_sig = NULL;
+ gcry_mpi_t *pkey = NULL, hash = NULL, *sig = NULL;
+ gcry_err_code_t rc;
+
+ REGISTER_DEFAULT_PUBKEYS;
+
+ rc = sexp_to_key (s_pkey, 0, &pkey, &module_key);
+ if (rc)
+ goto leave;
+
+ rc = sexp_to_sig (s_sig, &sig, &module_sig);
+ if (rc)
+ goto leave;
+
+ /* Fixme: Check that the algorithm of S_SIG is compatible to the one
+ of S_PKEY. */
+
+ if (module_key->mod_id != module_sig->mod_id)
+ {
+ rc = GPG_ERR_CONFLICT;
+ goto leave;
+ }
+
+ rc = sexp_data_to_mpi (s_hash, gcry_pk_get_nbits (s_pkey), &hash, 0, 0);
+ if (rc)
+ goto leave;
+
+ rc = pubkey_verify (module_key->mod_id, hash, sig, pkey, NULL, NULL);
+
+ leave:
+ if (pkey)
+ {
+ release_mpi_array (pkey);
+ gcry_free (pkey);
+ }
+ if (sig)
+ {
+ release_mpi_array (sig);
+ gcry_free (sig);
+ }
+ if (hash)
+ mpi_free (hash);
+
+ if (module_key || module_sig)
+ {
+ ath_mutex_lock (&pubkeys_registered_lock);
+ if (module_key)
+ _gcry_module_release (module_key);
+ if (module_sig)
+ _gcry_module_release (module_sig);
+ ath_mutex_unlock (&pubkeys_registered_lock);
+ }
+
+ return gcry_error (rc);
+}
+
+
+/*
+ Test a key.
+
+ This may be used either for a public or a secret key to see whether
+ the internal structure is okay.
+
+ Returns: 0 or an errorcode.
+
+ s_key = <key-as-defined-in-sexp_to_key> */
+gcry_error_t
+gcry_pk_testkey (gcry_sexp_t s_key)
+{
+ gcry_module_t module = NULL;
+ gcry_mpi_t *key = NULL;
+ gcry_err_code_t rc;
+
+ REGISTER_DEFAULT_PUBKEYS;
+
+ /* Note we currently support only secret key checking. */
+ rc = sexp_to_key (s_key, 1, &key, &module);
+ if (! rc)
+ {
+ rc = pubkey_check_secret_key (module->mod_id, key);
+ release_mpi_array (key);
+ gcry_free (key);
+ }
+ return gcry_error (rc);
+}
+
+
+/*
+ Create a public key pair and return it in r_key.
+ How the key is created depends on s_parms:
+ (genkey
+ (algo
+ (parameter_name_1 ....)
+ ....
+ (parameter_name_n ....)
+ ))
+ The key is returned in a format depending on the
+ algorithm. Both, private and secret keys are returned
+ and optionally some additional informatin.
+ For elgamal we return this structure:
+ (key-data
+ (public-key
+ (elg
+ (p <mpi>)
+ (g <mpi>)
+ (y <mpi>)
+ )
+ )
+ (private-key
+ (elg
+ (p <mpi>)
+ (g <mpi>)
+ (y <mpi>)
+ (x <mpi>)
+ )
+ )
+ (misc-key-info
+ (pm1-factors n1 n2 ... nn)
+ ))
+ */
+gcry_error_t
+gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms)
+{
+ gcry_pk_spec_t *pubkey = NULL;
+ gcry_module_t module = NULL;
+ gcry_sexp_t list = NULL;
+ gcry_sexp_t l2 = NULL;
+ gcry_sexp_t l3 = NULL;
+ char *name = NULL;
+ size_t n;
+ gcry_err_code_t rc = GPG_ERR_NO_ERROR;
+ int i;
+ const char *algo_name = NULL;
+ int algo;
+ const char *sec_elems = NULL, *pub_elems = NULL;
+ gcry_mpi_t skey[12];
+ gcry_mpi_t *factors = NULL;
+ gcry_sexp_t extrainfo = NULL;
+ unsigned int nbits = 0;
+ unsigned long use_e = 0;
+
+ skey[0] = NULL;
+ *r_key = NULL;
+
+ REGISTER_DEFAULT_PUBKEYS;
+
+ list = gcry_sexp_find_token (s_parms, "genkey", 0);
+ if (!list)
+ {
+ rc = GPG_ERR_INV_OBJ; /* Does not contain genkey data. */
+ goto leave;
+ }
+
+ l2 = gcry_sexp_cadr (list);
+ gcry_sexp_release (list);
+ list = l2;
+ l2 = NULL;
+ if (! list)
+ {
+ rc = GPG_ERR_NO_OBJ; /* No cdr for the genkey. */
+ goto leave;
+ }
+
+ name = _gcry_sexp_nth_string (list, 0);
+ if (!name)
+ {
+ rc = GPG_ERR_INV_OBJ; /* Algo string missing. */
+ goto leave;
+ }
+
+ ath_mutex_lock (&pubkeys_registered_lock);
+ module = gcry_pk_lookup_name (name);
+ ath_mutex_unlock (&pubkeys_registered_lock);
+ gcry_free (name);
+ name = NULL;
+ if (!module)
+ {
+ rc = GPG_ERR_PUBKEY_ALGO; /* Unknown algorithm. */
+ goto leave;
+ }
+
+ pubkey = (gcry_pk_spec_t *) module->spec;
+ algo = module->mod_id;
+ algo_name = pubkey->aliases? *pubkey->aliases : NULL;
+ if (!algo_name || !*algo_name)
+ algo_name = pubkey->name;
+ pub_elems = pubkey->elements_pkey;
+ sec_elems = pubkey->elements_skey;
+ if (strlen (sec_elems) >= DIM(skey))
+ BUG ();
+
+ /* Handle the optional rsa-use-e element. Actually this belong into
+ the algorithm module but we have this parameter in the public
+ module API, so we need to parse it right here. */
+ l2 = gcry_sexp_find_token (list, "rsa-use-e", 0);
+ if (l2)
+ {
+ char buf[50];
+ const char *s;
+
+ s = gcry_sexp_nth_data (l2, 1, &n);
+ if ( !s || n >= DIM (buf) - 1 )
+ {
+ rc = GPG_ERR_INV_OBJ; /* No value or value too large. */
+ goto leave;
+ }
+ memcpy (buf, s, n);
+ buf[n] = 0;
+ use_e = strtoul (buf, NULL, 0);
+ gcry_sexp_release (l2);
+ l2 = NULL;
+ }
+ else
+ use_e = 65537; /* Not given, use the value generated by old versions. */
+
+
+ /* Get the "nbits" parameter. */
+ l2 = gcry_sexp_find_token (list, "nbits", 0);
+ if (l2)
+ {
+ char buf[50];
+ const char *s;
+
+ s = gcry_sexp_nth_data (l2, 1, &n);
+ if (!s || n >= DIM (buf) - 1 )
+ {
+ rc = GPG_ERR_INV_OBJ; /* NBITS given without a cdr. */
+ goto leave;
+ }
+ memcpy (buf, s, n);
+ buf[n] = 0;
+ nbits = (unsigned int)strtoul (buf, NULL, 0);
+ gcry_sexp_release (l2); l2 = NULL;
+ }
+ else
+ nbits = 0;
+
+ /* Pass control to the algorithm module. */
+ rc = pubkey_generate (module->mod_id, nbits, use_e, list, skey,
+ &factors, &extrainfo);
+ gcry_sexp_release (list); list = NULL;
+ if (rc)
+ goto leave;
+
+ /* Key generation succeeded: Build an S-expression. */
+ {
+ char *string, *p;
+ size_t nelem=0, nelem_cp = 0, needed=0;
+ gcry_mpi_t mpis[30];
+
+ /* Estimate size of format string. */
+ nelem = strlen (pub_elems) + strlen (sec_elems);
+ if (factors)
+ {
+ for (i = 0; factors[i]; i++)
+ nelem++;
+ }
+ nelem_cp = nelem;
+
+ needed += nelem * 10;
+ /* (+5 is for EXTRAINFO ("%S")). */
+ needed += 2 * strlen (algo_name) + 300 + 5;
+ if (nelem > DIM (mpis))
+ BUG ();
+
+ /* Build the string. */
+ nelem = 0;
+ string = p = gcry_malloc (needed);
+ if (!string)
+ {
+ rc = gpg_err_code_from_errno (errno);
+ goto leave;
+ }
+ p = stpcpy (p, "(key-data");
+ p = stpcpy (p, "(public-key(");
+ p = stpcpy (p, algo_name);
+ for(i = 0; pub_elems[i]; i++)
+ {
+ *p++ = '(';
+ *p++ = pub_elems[i];
+ p = stpcpy (p, "%m)");
+ mpis[nelem++] = skey[i];
+ }
+ p = stpcpy (p, "))");
+ p = stpcpy (p, "(private-key(");
+ p = stpcpy (p, algo_name);
+ for (i = 0; sec_elems[i]; i++)
+ {
+ *p++ = '(';
+ *p++ = sec_elems[i];
+ p = stpcpy (p, "%m)");
+ mpis[nelem++] = skey[i];
+ }
+ p = stpcpy (p, "))");
+
+ /* Hack to make release_mpi_array() work. */
+ skey[i] = NULL;
+
+ if (extrainfo)
+ {
+ /* If we have extrainfo we should not have any factors. */
+ p = stpcpy (p, "%S");
+ }
+ else if (factors && factors[0])
+ {
+ p = stpcpy (p, "(misc-key-info(pm1-factors");
+ for(i = 0; factors[i]; i++)
+ {
+ p = stpcpy (p, "%m");
+ mpis[nelem++] = factors[i];
+ }
+ p = stpcpy (p, "))");
+ }
+ strcpy (p, ")");
+ gcry_assert (p - string < needed);
+
+ while (nelem < DIM (mpis))
+ mpis[nelem++] = NULL;
+
+ {
+ int elem_n = strlen (pub_elems) + strlen (sec_elems);
+ void **arg_list;
+
+ /* Allocate one extra for EXTRAINFO ("%S"). */
+ arg_list = gcry_calloc (nelem_cp+1, sizeof *arg_list);
+ if (!arg_list)
+ {
+ rc = gpg_err_code_from_errno (errno);
+ goto leave;
+ }
+ for (i = 0; i < elem_n; i++)
+ arg_list[i] = mpis + i;
+ if (extrainfo)
+ arg_list[i] = &extrainfo;
+ else if (factors && factors[0])
+ {
+ for (; i < nelem_cp; i++)
+ arg_list[i] = factors + i - elem_n;
+ }
+
+ rc = gcry_sexp_build_array (r_key, NULL, string, arg_list);
+ gcry_free (arg_list);
+ if (rc)
+ BUG ();
+ gcry_assert (DIM (mpis) == 30); /* Reminder to make sure that
+ the array gets increased if
+ new parameters are added. */
+ }
+ gcry_free (string);
+ }
+
+ leave:
+ gcry_free (name);
+ gcry_sexp_release (extrainfo);
+ release_mpi_array (skey);
+ /* Don't free SKEY itself, it is an stack allocated array. */
+
+ if (factors)
+ {
+ release_mpi_array ( factors );
+ gcry_free (factors);
+ }
+
+ gcry_sexp_release (l3);
+ gcry_sexp_release (l2);
+ gcry_sexp_release (list);
+
+ if (module)
+ {
+ ath_mutex_lock (&pubkeys_registered_lock);
+ _gcry_module_release (module);
+ ath_mutex_unlock (&pubkeys_registered_lock);
+ }
+
+ return gcry_error (rc);
+}
+
+
+/*
+ Get the number of nbits from the public key.
+
+ Hmmm: Should we have really this function or is it better to have a
+ more general function to retrieve different properties of the key? */
+unsigned int
+gcry_pk_get_nbits (gcry_sexp_t key)
+{
+ gcry_module_t module = NULL;
+ gcry_pk_spec_t *pubkey;
+ gcry_mpi_t *keyarr = NULL;
+ unsigned int nbits = 0;
+ gcry_err_code_t rc;
+
+ REGISTER_DEFAULT_PUBKEYS;
+
+ rc = sexp_to_key (key, 0, &keyarr, &module);
+ if (rc == GPG_ERR_INV_OBJ)
+ rc = sexp_to_key (key, 1, &keyarr, &module);
+ if (rc)
+ return 0; /* Error - 0 is a suitable indication for that. */
+
+ pubkey = (gcry_pk_spec_t *) module->spec;
+ nbits = (*pubkey->get_nbits) (module->mod_id, keyarr);
+
+ ath_mutex_lock (&pubkeys_registered_lock);
+ _gcry_module_release (module);
+ ath_mutex_unlock (&pubkeys_registered_lock);
+
+ release_mpi_array (keyarr);
+ gcry_free (keyarr);
+
+ return nbits;
+}
+
+
+/* Return the so called KEYGRIP which is the SHA-1 hash of the public
+ key parameters expressed in a way depended on the algorithm.
+
+ ARRAY must either be 20 bytes long or NULL; in the latter case a
+ newly allocated array of that size is returned, otherwise ARRAY or
+ NULL is returned to indicate an error which is most likely an
+ unknown algorithm. The function accepts public or secret keys. */
+unsigned char *
+gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array)
+{
+ gcry_sexp_t list = NULL, l2 = NULL;
+ gcry_pk_spec_t *pubkey = NULL;
+ gcry_module_t module = NULL;
+ pk_extra_spec_t *extraspec;
+ const char *s;
+ char *name = NULL;
+ int idx;
+ const char *elems;
+ gcry_md_hd_t md = NULL;
+
+ REGISTER_DEFAULT_PUBKEYS;
+
+ /* Check that the first element is valid. */
+ list = gcry_sexp_find_token (key, "public-key", 0);
+ if (! list)
+ list = gcry_sexp_find_token (key, "private-key", 0);
+ if (! list)
+ list = gcry_sexp_find_token (key, "protected-private-key", 0);
+ if (! list)
+ list = gcry_sexp_find_token (key, "shadowed-private-key", 0);
+ if (! list)
+ return NULL; /* No public- or private-key object. */
+
+ l2 = gcry_sexp_cadr (list);
+ gcry_sexp_release (list);
+ list = l2;
+ l2 = NULL;
+
+ name = _gcry_sexp_nth_string (list, 0);
+ if (!name)
+ goto fail; /* Invalid structure of object. */
+
+ ath_mutex_lock (&pubkeys_registered_lock);
+ module = gcry_pk_lookup_name (name);
+ ath_mutex_unlock (&pubkeys_registered_lock);
+
+ if (!module)
+ goto fail; /* Unknown algorithm. */
+
+ pubkey = (gcry_pk_spec_t *) module->spec;
+ extraspec = module->extraspec;
+
+ elems = pubkey->elements_grip;
+ if (!elems)
+ goto fail; /* No grip parameter. */
+
+ if (gcry_md_open (&md, GCRY_MD_SHA1, 0))
+ goto fail;
+
+ if (extraspec && extraspec->comp_keygrip)
+ {
+ /* Module specific method to compute a keygrip. */
+ if (extraspec->comp_keygrip (md, list))
+ goto fail;
+ }
+ else
+ {
+ /* Generic method to compute a keygrip. */
+ for (idx = 0, s = elems; *s; s++, idx++)
+ {
+ const char *data;
+ size_t datalen;
+ char buf[30];
+
+ l2 = gcry_sexp_find_token (list, s, 1);
+ if (! l2)
+ goto fail;
+ data = gcry_sexp_nth_data (l2, 1, &datalen);
+ if (! data)
+ goto fail;
+
+ snprintf (buf, sizeof buf, "(1:%c%u:", *s, (unsigned int)datalen);
+ gcry_md_write (md, buf, strlen (buf));
+ gcry_md_write (md, data, datalen);
+ gcry_sexp_release (l2);
+ gcry_md_write (md, ")", 1);
+ }
+ }
+
+ if (!array)
+ {
+ array = gcry_malloc (20);
+ if (! array)
+ goto fail;
+ }
+
+ memcpy (array, gcry_md_read (md, GCRY_MD_SHA1), 20);
+ gcry_md_close (md);
+ gcry_sexp_release (list);
+ return array;
+
+ fail:
+ gcry_free (name);
+ gcry_sexp_release (l2);
+ gcry_md_close (md);
+ gcry_sexp_release (list);
+ return NULL;
+}
+
+
+gcry_error_t
+gcry_pk_ctl (int cmd, void *buffer, size_t buflen)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+
+ REGISTER_DEFAULT_PUBKEYS;
+
+ switch (cmd)
+ {
+ case GCRYCTL_DISABLE_ALGO:
+ /* This one expects a buffer pointing to an integer with the
+ algo number. */
+ if ((! buffer) || (buflen != sizeof (int)))
+ err = GPG_ERR_INV_ARG;
+ else
+ disable_pubkey_algo (*((int *) buffer));
+ break;
+
+ default:
+ err = GPG_ERR_INV_OP;
+ }
+
+ return gcry_error (err);
+}
+
+
+/* Return information about the given algorithm
+
+ WHAT selects the kind of information returned:
+
+ GCRYCTL_TEST_ALGO:
+ Returns 0 when the specified algorithm is available for use.
+ Buffer must be NULL, nbytes may have the address of a variable
+ with the required usage of the algorithm. It may be 0 for don't
+ care or a combination of the GCRY_PK_USAGE_xxx flags;
+
+ GCRYCTL_GET_ALGO_USAGE:
+ Return the usage glafs for the give algo. An invalid alog
+ does return 0. Disabled algos are ignored here becuase we
+ only want to know whether the algo is at all capable of
+ the usage.
+
+ Note: Because this function is in most cases used to return an
+ integer value, we can make it easier for the caller to just look at
+ the return value. The caller will in all cases consult the value
+ and thereby detecting whether a error occured or not (i.e. while
+ checking the block size) */
+gcry_error_t
+gcry_pk_algo_info (int algorithm, int what, void *buffer, size_t *nbytes)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+
+ switch (what)
+ {
+ case GCRYCTL_TEST_ALGO:
+ {
+ int use = nbytes ? *nbytes : 0;
+ if (buffer)
+ err = GPG_ERR_INV_ARG;
+ else if (check_pubkey_algo (algorithm, use))
+ err = GPG_ERR_PUBKEY_ALGO;
+ break;
+ }
+
+ case GCRYCTL_GET_ALGO_USAGE:
+ {
+ gcry_module_t pubkey;
+ int use = 0;
+
+ REGISTER_DEFAULT_PUBKEYS;
+
+ ath_mutex_lock (&pubkeys_registered_lock);
+ pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
+ if (pubkey)
+ {
+ use = ((gcry_pk_spec_t *) pubkey->spec)->use;
+ _gcry_module_release (pubkey);
+ }
+ ath_mutex_unlock (&pubkeys_registered_lock);
+
+ /* FIXME? */
+ *nbytes = use;
+
+ break;
+ }
+
+ case GCRYCTL_GET_ALGO_NPKEY:
+ {
+ /* FIXME? */
+ int npkey = pubkey_get_npkey (algorithm);
+ *nbytes = npkey;
+ break;
+ }
+ case GCRYCTL_GET_ALGO_NSKEY:
+ {
+ /* FIXME? */
+ int nskey = pubkey_get_nskey (algorithm);
+ *nbytes = nskey;
+ break;
+ }
+ case GCRYCTL_GET_ALGO_NSIGN:
+ {
+ /* FIXME? */
+ int nsign = pubkey_get_nsig (algorithm);
+ *nbytes = nsign;
+ break;
+ }
+ case GCRYCTL_GET_ALGO_NENCR:
+ {
+ /* FIXME? */
+ int nencr = pubkey_get_nenc (algorithm);
+ *nbytes = nencr;
+ break;
+ }
+
+ default:
+ err = GPG_ERR_INV_OP;
+ }
+
+ return gcry_error (err);
+}
+
+
+/* Explicitly initialize this module. */
+gcry_err_code_t
+_gcry_pk_init (void)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+
+ REGISTER_DEFAULT_PUBKEYS;
+
+ return err;
+}
+
+
+gcry_err_code_t
+_gcry_pk_module_lookup (int algorithm, gcry_module_t *module)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+ gcry_module_t pubkey;
+
+ REGISTER_DEFAULT_PUBKEYS;
+
+ ath_mutex_lock (&pubkeys_registered_lock);
+ pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
+ if (pubkey)
+ *module = pubkey;
+ else
+ err = GPG_ERR_PUBKEY_ALGO;
+ ath_mutex_unlock (&pubkeys_registered_lock);
+
+ return err;
+}
+
+
+void
+_gcry_pk_module_release (gcry_module_t module)
+{
+ ath_mutex_lock (&pubkeys_registered_lock);
+ _gcry_module_release (module);
+ ath_mutex_unlock (&pubkeys_registered_lock);
+}
+
+/* Get a list consisting of the IDs of the loaded pubkey modules. If
+ LIST is zero, write the number of loaded pubkey modules to
+ LIST_LENGTH and return. If LIST is non-zero, the first
+ *LIST_LENGTH algorithm IDs are stored in LIST, which must be of
+ according size. In case there are less pubkey modules than
+ *LIST_LENGTH, *LIST_LENGTH is updated to the correct number. */
+gcry_error_t
+gcry_pk_list (int *list, int *list_length)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+
+ ath_mutex_lock (&pubkeys_registered_lock);
+ err = _gcry_module_list (pubkeys_registered, list, list_length);
+ ath_mutex_unlock (&pubkeys_registered_lock);
+
+ return err;
+}
+
+
+/* Run the selftests for pubkey algorithm ALGO with optional reporting
+ function REPORT. */
+gpg_error_t
+_gcry_pk_selftest (int algo, int extended, selftest_report_func_t report)
+{
+ gcry_module_t module = NULL;
+ pk_extra_spec_t *extraspec = NULL;
+ gcry_err_code_t ec = 0;
+
+ REGISTER_DEFAULT_PUBKEYS;
+
+ ath_mutex_lock (&pubkeys_registered_lock);
+ module = _gcry_module_lookup_id (pubkeys_registered, algo);
+ if (module && !(module->flags & FLAG_MODULE_DISABLED))
+ extraspec = module->extraspec;
+ ath_mutex_unlock (&pubkeys_registered_lock);
+ if (extraspec && extraspec->selftest)
+ ec = extraspec->selftest (algo, extended, report);
+ else
+ {
+ ec = GPG_ERR_PUBKEY_ALGO;
+ if (report)
+ report ("pubkey", algo, "module",
+ module && !(module->flags & FLAG_MODULE_DISABLED)?
+ "no selftest available" :
+ module? "algorithm disabled" : "algorithm not found");
+ }
+
+ if (module)
+ {
+ ath_mutex_lock (&pubkeys_registered_lock);
+ _gcry_module_release (module);
+ ath_mutex_unlock (&pubkeys_registered_lock);
+ }
+ return gpg_error (ec);
+}
+
+
+/* This function is only used by ac.c! */
+gcry_err_code_t
+_gcry_pk_get_elements (int algo, char **enc, char **sig)
+{
+ gcry_module_t pubkey;
+ gcry_pk_spec_t *spec;
+ gcry_err_code_t err;
+ char *enc_cp;
+ char *sig_cp;
+
+ REGISTER_DEFAULT_PUBKEYS;
+
+ enc_cp = NULL;
+ sig_cp = NULL;
+ spec = NULL;
+
+ pubkey = _gcry_module_lookup_id (pubkeys_registered, algo);
+ if (! pubkey)
+ {
+ err = GPG_ERR_INTERNAL;
+ goto out;
+ }
+ spec = pubkey->spec;
+
+ if (enc)
+ {
+ enc_cp = strdup (spec->elements_enc);
+ if (! enc_cp)
+ {
+ err = gpg_err_code_from_errno (errno);
+ goto out;
+ }
+ }
+
+ if (sig)
+ {
+ sig_cp = strdup (spec->elements_sig);
+ if (! sig_cp)
+ {
+ err = gpg_err_code_from_errno (errno);
+ goto out;
+ }
+ }
+
+ if (enc)
+ *enc = enc_cp;
+ if (sig)
+ *sig = sig_cp;
+ err = 0;
+
+ out:
+
+ _gcry_module_release (pubkey);
+ if (err)
+ {
+ free (enc_cp);
+ free (sig_cp);
+ }
+
+ return err;
+}
diff --git a/grub-core/lib/libgcrypt/cipher/rfc2268.c b/grub-core/lib/libgcrypt/cipher/rfc2268.c
new file mode 100644
index 0000000..7d63fce
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/rfc2268.c
@@ -0,0 +1,345 @@
+/* rfc2268.c - The cipher described in rfc2268; aka Ron's Cipher 2.
+ * Copyright (C) 2003 Nikos Mavroyanopoulos
+ * Copyright (C) 2004 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+/* This implementation was written by Nikos Mavroyanopoulos for GNUTLS
+ * as a Libgcrypt module (gnutls/lib/x509/rc2.c) and later adapted for
+ * direct use by Libgcrypt by Werner Koch. This implementation is
+ * only useful for pkcs#12 descryption.
+ *
+ * The implementation here is based on Peter Gutmann's RRC.2 paper.
+ */
+
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "g10lib.h"
+#include "types.h"
+#include "cipher.h"
+
+#define RFC2268_BLOCKSIZE 8
+
+typedef struct
+{
+ u16 S[64];
+} RFC2268_context;
+
+static const unsigned char rfc2268_sbox[] = {
+ 217, 120, 249, 196, 25, 221, 181, 237,
+ 40, 233, 253, 121, 74, 160, 216, 157,
+ 198, 126, 55, 131, 43, 118, 83, 142,
+ 98, 76, 100, 136, 68, 139, 251, 162,
+ 23, 154, 89, 245, 135, 179, 79, 19,
+ 97, 69, 109, 141, 9, 129, 125, 50,
+ 189, 143, 64, 235, 134, 183, 123, 11,
+ 240, 149, 33, 34, 92, 107, 78, 130,
+ 84, 214, 101, 147, 206, 96, 178, 28,
+ 115, 86, 192, 20, 167, 140, 241, 220,
+ 18, 117, 202, 31, 59, 190, 228, 209,
+ 66, 61, 212, 48, 163, 60, 182, 38,
+ 111, 191, 14, 218, 70, 105, 7, 87,
+ 39, 242, 29, 155, 188, 148, 67, 3,
+ 248, 17, 199, 246, 144, 239, 62, 231,
+ 6, 195, 213, 47, 200, 102, 30, 215,
+ 8, 232, 234, 222, 128, 82, 238, 247,
+ 132, 170, 114, 172, 53, 77, 106, 42,
+ 150, 26, 210, 113, 90, 21, 73, 116,
+ 75, 159, 208, 94, 4, 24, 164, 236,
+ 194, 224, 65, 110, 15, 81, 203, 204,
+ 36, 145, 175, 80, 161, 244, 112, 57,
+ 153, 124, 58, 133, 35, 184, 180, 122,
+ 252, 2, 54, 91, 37, 85, 151, 49,
+ 45, 93, 250, 152, 227, 138, 146, 174,
+ 5, 223, 41, 16, 103, 108, 186, 201,
+ 211, 0, 230, 207, 225, 158, 168, 44,
+ 99, 22, 1, 63, 88, 226, 137, 169,
+ 13, 56, 52, 27, 171, 51, 255, 176,
+ 187, 72, 12, 95, 185, 177, 205, 46,
+ 197, 243, 219, 71, 229, 165, 156, 119,
+ 10, 166, 32, 104, 254, 127, 193, 173
+};
+
+#define rotl16(x,n) (((x) << ((u16)(n))) | ((x) >> (16 - (u16)(n))))
+#define rotr16(x,n) (((x) >> ((u16)(n))) | ((x) << (16 - (u16)(n))))
+
+static const char *selftest (void);
+
+
+static void
+do_encrypt (void *context, unsigned char *outbuf, const unsigned char *inbuf)
+{
+ RFC2268_context *ctx = context;
+ register int i, j;
+ u16 word0 = 0, word1 = 0, word2 = 0, word3 = 0;
+
+ word0 = (word0 << 8) | inbuf[1];
+ word0 = (word0 << 8) | inbuf[0];
+ word1 = (word1 << 8) | inbuf[3];
+ word1 = (word1 << 8) | inbuf[2];
+ word2 = (word2 << 8) | inbuf[5];
+ word2 = (word2 << 8) | inbuf[4];
+ word3 = (word3 << 8) | inbuf[7];
+ word3 = (word3 << 8) | inbuf[6];
+
+ for (i = 0; i < 16; i++)
+ {
+ j = i * 4;
+ /* For some reason I cannot combine those steps. */
+ word0 += (word1 & ~word3) + (word2 & word3) + ctx->S[j];
+ word0 = rotl16(word0, 1);
+
+ word1 += (word2 & ~word0) + (word3 & word0) + ctx->S[j + 1];
+ word1 = rotl16(word1, 2);
+
+ word2 += (word3 & ~word1) + (word0 & word1) + ctx->S[j + 2];
+ word2 = rotl16(word2, 3);
+
+ word3 += (word0 & ~word2) + (word1 & word2) + ctx->S[j + 3];
+ word3 = rotl16(word3, 5);
+
+ if (i == 4 || i == 10)
+ {
+ word0 += ctx->S[word3 & 63];
+ word1 += ctx->S[word0 & 63];
+ word2 += ctx->S[word1 & 63];
+ word3 += ctx->S[word2 & 63];
+ }
+
+ }
+
+ outbuf[0] = word0 & 255;
+ outbuf[1] = word0 >> 8;
+ outbuf[2] = word1 & 255;
+ outbuf[3] = word1 >> 8;
+ outbuf[4] = word2 & 255;
+ outbuf[5] = word2 >> 8;
+ outbuf[6] = word3 & 255;
+ outbuf[7] = word3 >> 8;
+}
+
+static void
+do_decrypt (void *context, unsigned char *outbuf, const unsigned char *inbuf)
+{
+ RFC2268_context *ctx = context;
+ register int i, j;
+ u16 word0 = 0, word1 = 0, word2 = 0, word3 = 0;
+
+ word0 = (word0 << 8) | inbuf[1];
+ word0 = (word0 << 8) | inbuf[0];
+ word1 = (word1 << 8) | inbuf[3];
+ word1 = (word1 << 8) | inbuf[2];
+ word2 = (word2 << 8) | inbuf[5];
+ word2 = (word2 << 8) | inbuf[4];
+ word3 = (word3 << 8) | inbuf[7];
+ word3 = (word3 << 8) | inbuf[6];
+
+ for (i = 15; i >= 0; i--)
+ {
+ j = i * 4;
+
+ word3 = rotr16(word3, 5);
+ word3 -= (word0 & ~word2) + (word1 & word2) + ctx->S[j + 3];
+
+ word2 = rotr16(word2, 3);
+ word2 -= (word3 & ~word1) + (word0 & word1) + ctx->S[j + 2];
+
+ word1 = rotr16(word1, 2);
+ word1 -= (word2 & ~word0) + (word3 & word0) + ctx->S[j + 1];
+
+ word0 = rotr16(word0, 1);
+ word0 -= (word1 & ~word3) + (word2 & word3) + ctx->S[j];
+
+ if (i == 5 || i == 11)
+ {
+ word3 = word3 - ctx->S[word2 & 63];
+ word2 = word2 - ctx->S[word1 & 63];
+ word1 = word1 - ctx->S[word0 & 63];
+ word0 = word0 - ctx->S[word3 & 63];
+ }
+
+ }
+
+ outbuf[0] = word0 & 255;
+ outbuf[1] = word0 >> 8;
+ outbuf[2] = word1 & 255;
+ outbuf[3] = word1 >> 8;
+ outbuf[4] = word2 & 255;
+ outbuf[5] = word2 >> 8;
+ outbuf[6] = word3 & 255;
+ outbuf[7] = word3 >> 8;
+}
+
+
+static gpg_err_code_t
+setkey_core (void *context, const unsigned char *key, unsigned int keylen, int with_phase2)
+{
+ static int initialized;
+ static const char *selftest_failed;
+ RFC2268_context *ctx = context;
+ unsigned int i;
+ unsigned char *S, x;
+ int len;
+ int bits = keylen * 8;
+
+ if (!initialized)
+ {
+ initialized = 1;
+ selftest_failed = selftest ();
+ if (selftest_failed)
+ log_error ("RFC2268 selftest failed (%s).\n", selftest_failed);
+ }
+ if (selftest_failed)
+ return GPG_ERR_SELFTEST_FAILED;
+
+ if (keylen < 40 / 8) /* We want at least 40 bits. */
+ return GPG_ERR_INV_KEYLEN;
+
+ S = (unsigned char *) ctx->S;
+
+ for (i = 0; i < keylen; i++)
+ S[i] = key[i];
+
+ for (i = keylen; i < 128; i++)
+ S[i] = rfc2268_sbox[(S[i - keylen] + S[i - 1]) & 255];
+
+ S[0] = rfc2268_sbox[S[0]];
+
+ /* Phase 2 - reduce effective key size to "bits". This was not
+ * discussed in Gutmann's paper. I've copied that from the public
+ * domain code posted in sci.crypt. */
+ if (with_phase2)
+ {
+ len = (bits + 7) >> 3;
+ i = 128 - len;
+ x = rfc2268_sbox[S[i] & (255 >> (7 & -bits))];
+ S[i] = x;
+
+ while (i--)
+ {
+ x = rfc2268_sbox[x ^ S[i + len]];
+ S[i] = x;
+ }
+ }
+
+ /* Make the expanded key, endian independent. */
+ for (i = 0; i < 64; i++)
+ ctx->S[i] = ( (u16) S[i * 2] | (((u16) S[i * 2 + 1]) << 8));
+
+ return 0;
+}
+
+static gpg_err_code_t
+do_setkey (void *context, const unsigned char *key, unsigned int keylen)
+{
+ return setkey_core (context, key, keylen, 1);
+}
+
+static const char *
+selftest (void)
+{
+ RFC2268_context ctx;
+ unsigned char scratch[16];
+
+ /* Test vectors from Peter Gutmann's paper. */
+ static unsigned char key_1[] =
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ };
+ static unsigned char plaintext_1[] =
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+ static const unsigned char ciphertext_1[] =
+ { 0x1C, 0x19, 0x8A, 0x83, 0x8D, 0xF0, 0x28, 0xB7 };
+
+ static unsigned char key_2[] =
+ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+ };
+ static unsigned char plaintext_2[] =
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+ static unsigned char ciphertext_2[] =
+ { 0x50, 0xDC, 0x01, 0x62, 0xBD, 0x75, 0x7F, 0x31 };
+
+ /* This one was checked against libmcrypt's RFC2268. */
+ static unsigned char key_3[] =
+ { 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ };
+ static unsigned char plaintext_3[] =
+ { 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+ static unsigned char ciphertext_3[] =
+ { 0x8f, 0xd1, 0x03, 0x89, 0x33, 0x6b, 0xf9, 0x5e };
+
+
+ /* First test. */
+ setkey_core (&ctx, key_1, sizeof(key_1), 0);
+ do_encrypt (&ctx, scratch, plaintext_1);
+
+ if (memcmp (scratch, ciphertext_1, sizeof(ciphertext_1)))
+ return "RFC2268 encryption test 1 failed.";
+
+ setkey_core (&ctx, key_1, sizeof(key_1), 0);
+ do_decrypt (&ctx, scratch, scratch);
+ if (memcmp (scratch, plaintext_1, sizeof(plaintext_1)))
+ return "RFC2268 decryption test 1 failed.";
+
+ /* Second test. */
+ setkey_core (&ctx, key_2, sizeof(key_2), 0);
+ do_encrypt (&ctx, scratch, plaintext_2);
+ if (memcmp (scratch, ciphertext_2, sizeof(ciphertext_2)))
+ return "RFC2268 encryption test 2 failed.";
+
+ setkey_core (&ctx, key_2, sizeof(key_2), 0);
+ do_decrypt (&ctx, scratch, scratch);
+ if (memcmp (scratch, plaintext_2, sizeof(plaintext_2)))
+ return "RFC2268 decryption test 2 failed.";
+
+ /* Third test. */
+ setkey_core(&ctx, key_3, sizeof(key_3), 0);
+ do_encrypt(&ctx, scratch, plaintext_3);
+
+ if (memcmp(scratch, ciphertext_3, sizeof(ciphertext_3)))
+ return "RFC2268 encryption test 3 failed.";
+
+ setkey_core (&ctx, key_3, sizeof(key_3), 0);
+ do_decrypt (&ctx, scratch, scratch);
+ if (memcmp(scratch, plaintext_3, sizeof(plaintext_3)))
+ return "RFC2268 decryption test 3 failed.";
+
+ return NULL;
+}
+
+
+
+static gcry_cipher_oid_spec_t oids_rfc2268_40[] =
+ {
+ /*{ "1.2.840.113549.3.2", GCRY_CIPHER_MODE_CBC },*/
+ /* pbeWithSHAAnd40BitRC2_CBC */
+ { "1.2.840.113549.1.12.1.6", GCRY_CIPHER_MODE_CBC },
+ { NULL }
+ };
+
+gcry_cipher_spec_t _gcry_cipher_spec_rfc2268_40 = {
+ "RFC2268_40", NULL, oids_rfc2268_40,
+ RFC2268_BLOCKSIZE, 40, sizeof(RFC2268_context),
+ do_setkey, do_encrypt, do_decrypt
+};
+
diff --git a/grub-core/lib/libgcrypt/cipher/rijndael-tables.h b/grub-core/lib/libgcrypt/cipher/rijndael-tables.h
new file mode 100644
index 0000000..c9b6d77
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/rijndael-tables.h
@@ -0,0 +1,1687 @@
+/* rijndael-tables.h - Rijndael (AES) for GnuPG,
+ * Copyright (C) 2000, 2001, 2002, 2003, 2007,
+ * 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* To keep the actual implementation at a readable size we use this
+ include file to define the tables. */
+
+static const unsigned char S[256] =
+ {
+ 99, 124, 119, 123, 242, 107, 111, 197,
+ 48, 1, 103, 43, 254, 215, 171, 118,
+ 202, 130, 201, 125, 250, 89, 71, 240,
+ 173, 212, 162, 175, 156, 164, 114, 192,
+ 183, 253, 147, 38, 54, 63, 247, 204,
+ 52, 165, 229, 241, 113, 216, 49, 21,
+ 4, 199, 35, 195, 24, 150, 5, 154,
+ 7, 18, 128, 226, 235, 39, 178, 117,
+ 9, 131, 44, 26, 27, 110, 90, 160,
+ 82, 59, 214, 179, 41, 227, 47, 132,
+ 83, 209, 0, 237, 32, 252, 177, 91,
+ 106, 203, 190, 57, 74, 76, 88, 207,
+ 208, 239, 170, 251, 67, 77, 51, 133,
+ 69, 249, 2, 127, 80, 60, 159, 168,
+ 81, 163, 64, 143, 146, 157, 56, 245,
+ 188, 182, 218, 33, 16, 255, 243, 210,
+ 205, 12, 19, 236, 95, 151, 68, 23,
+ 196, 167, 126, 61, 100, 93, 25, 115,
+ 96, 129, 79, 220, 34, 42, 144, 136,
+ 70, 238, 184, 20, 222, 94, 11, 219,
+ 224, 50, 58, 10, 73, 6, 36, 92,
+ 194, 211, 172, 98, 145, 149, 228, 121,
+ 231, 200, 55, 109, 141, 213, 78, 169,
+ 108, 86, 244, 234, 101, 122, 174, 8,
+ 186, 120, 37, 46, 28, 166, 180, 198,
+ 232, 221, 116, 31, 75, 189, 139, 138,
+ 112, 62, 181, 102, 72, 3, 246, 14,
+ 97, 53, 87, 185, 134, 193, 29, 158,
+ 225, 248, 152, 17, 105, 217, 142, 148,
+ 155, 30, 135, 233, 206, 85, 40, 223,
+ 140, 161, 137, 13, 191, 230, 66, 104,
+ 65, 153, 45, 15, 176, 84, 187, 22
+ };
+
+
+static const unsigned char T1[256][4] =
+ {
+ { 0xc6,0x63,0x63,0xa5 }, { 0xf8,0x7c,0x7c,0x84 },
+ { 0xee,0x77,0x77,0x99 }, { 0xf6,0x7b,0x7b,0x8d },
+ { 0xff,0xf2,0xf2,0x0d }, { 0xd6,0x6b,0x6b,0xbd },
+ { 0xde,0x6f,0x6f,0xb1 }, { 0x91,0xc5,0xc5,0x54 },
+ { 0x60,0x30,0x30,0x50 }, { 0x02,0x01,0x01,0x03 },
+ { 0xce,0x67,0x67,0xa9 }, { 0x56,0x2b,0x2b,0x7d },
+ { 0xe7,0xfe,0xfe,0x19 }, { 0xb5,0xd7,0xd7,0x62 },
+ { 0x4d,0xab,0xab,0xe6 }, { 0xec,0x76,0x76,0x9a },
+ { 0x8f,0xca,0xca,0x45 }, { 0x1f,0x82,0x82,0x9d },
+ { 0x89,0xc9,0xc9,0x40 }, { 0xfa,0x7d,0x7d,0x87 },
+ { 0xef,0xfa,0xfa,0x15 }, { 0xb2,0x59,0x59,0xeb },
+ { 0x8e,0x47,0x47,0xc9 }, { 0xfb,0xf0,0xf0,0x0b },
+ { 0x41,0xad,0xad,0xec }, { 0xb3,0xd4,0xd4,0x67 },
+ { 0x5f,0xa2,0xa2,0xfd }, { 0x45,0xaf,0xaf,0xea },
+ { 0x23,0x9c,0x9c,0xbf }, { 0x53,0xa4,0xa4,0xf7 },
+ { 0xe4,0x72,0x72,0x96 }, { 0x9b,0xc0,0xc0,0x5b },
+ { 0x75,0xb7,0xb7,0xc2 }, { 0xe1,0xfd,0xfd,0x1c },
+ { 0x3d,0x93,0x93,0xae }, { 0x4c,0x26,0x26,0x6a },
+ { 0x6c,0x36,0x36,0x5a }, { 0x7e,0x3f,0x3f,0x41 },
+ { 0xf5,0xf7,0xf7,0x02 }, { 0x83,0xcc,0xcc,0x4f },
+ { 0x68,0x34,0x34,0x5c }, { 0x51,0xa5,0xa5,0xf4 },
+ { 0xd1,0xe5,0xe5,0x34 }, { 0xf9,0xf1,0xf1,0x08 },
+ { 0xe2,0x71,0x71,0x93 }, { 0xab,0xd8,0xd8,0x73 },
+ { 0x62,0x31,0x31,0x53 }, { 0x2a,0x15,0x15,0x3f },
+ { 0x08,0x04,0x04,0x0c }, { 0x95,0xc7,0xc7,0x52 },
+ { 0x46,0x23,0x23,0x65 }, { 0x9d,0xc3,0xc3,0x5e },
+ { 0x30,0x18,0x18,0x28 }, { 0x37,0x96,0x96,0xa1 },
+ { 0x0a,0x05,0x05,0x0f }, { 0x2f,0x9a,0x9a,0xb5 },
+ { 0x0e,0x07,0x07,0x09 }, { 0x24,0x12,0x12,0x36 },
+ { 0x1b,0x80,0x80,0x9b }, { 0xdf,0xe2,0xe2,0x3d },
+ { 0xcd,0xeb,0xeb,0x26 }, { 0x4e,0x27,0x27,0x69 },
+ { 0x7f,0xb2,0xb2,0xcd }, { 0xea,0x75,0x75,0x9f },
+ { 0x12,0x09,0x09,0x1b }, { 0x1d,0x83,0x83,0x9e },
+ { 0x58,0x2c,0x2c,0x74 }, { 0x34,0x1a,0x1a,0x2e },
+ { 0x36,0x1b,0x1b,0x2d }, { 0xdc,0x6e,0x6e,0xb2 },
+ { 0xb4,0x5a,0x5a,0xee }, { 0x5b,0xa0,0xa0,0xfb },
+ { 0xa4,0x52,0x52,0xf6 }, { 0x76,0x3b,0x3b,0x4d },
+ { 0xb7,0xd6,0xd6,0x61 }, { 0x7d,0xb3,0xb3,0xce },
+ { 0x52,0x29,0x29,0x7b }, { 0xdd,0xe3,0xe3,0x3e },
+ { 0x5e,0x2f,0x2f,0x71 }, { 0x13,0x84,0x84,0x97 },
+ { 0xa6,0x53,0x53,0xf5 }, { 0xb9,0xd1,0xd1,0x68 },
+ { 0x00,0x00,0x00,0x00 }, { 0xc1,0xed,0xed,0x2c },
+ { 0x40,0x20,0x20,0x60 }, { 0xe3,0xfc,0xfc,0x1f },
+ { 0x79,0xb1,0xb1,0xc8 }, { 0xb6,0x5b,0x5b,0xed },
+ { 0xd4,0x6a,0x6a,0xbe }, { 0x8d,0xcb,0xcb,0x46 },
+ { 0x67,0xbe,0xbe,0xd9 }, { 0x72,0x39,0x39,0x4b },
+ { 0x94,0x4a,0x4a,0xde }, { 0x98,0x4c,0x4c,0xd4 },
+ { 0xb0,0x58,0x58,0xe8 }, { 0x85,0xcf,0xcf,0x4a },
+ { 0xbb,0xd0,0xd0,0x6b }, { 0xc5,0xef,0xef,0x2a },
+ { 0x4f,0xaa,0xaa,0xe5 }, { 0xed,0xfb,0xfb,0x16 },
+ { 0x86,0x43,0x43,0xc5 }, { 0x9a,0x4d,0x4d,0xd7 },
+ { 0x66,0x33,0x33,0x55 }, { 0x11,0x85,0x85,0x94 },
+ { 0x8a,0x45,0x45,0xcf }, { 0xe9,0xf9,0xf9,0x10 },
+ { 0x04,0x02,0x02,0x06 }, { 0xfe,0x7f,0x7f,0x81 },
+ { 0xa0,0x50,0x50,0xf0 }, { 0x78,0x3c,0x3c,0x44 },
+ { 0x25,0x9f,0x9f,0xba }, { 0x4b,0xa8,0xa8,0xe3 },
+ { 0xa2,0x51,0x51,0xf3 }, { 0x5d,0xa3,0xa3,0xfe },
+ { 0x80,0x40,0x40,0xc0 }, { 0x05,0x8f,0x8f,0x8a },
+ { 0x3f,0x92,0x92,0xad }, { 0x21,0x9d,0x9d,0xbc },
+ { 0x70,0x38,0x38,0x48 }, { 0xf1,0xf5,0xf5,0x04 },
+ { 0x63,0xbc,0xbc,0xdf }, { 0x77,0xb6,0xb6,0xc1 },
+ { 0xaf,0xda,0xda,0x75 }, { 0x42,0x21,0x21,0x63 },
+ { 0x20,0x10,0x10,0x30 }, { 0xe5,0xff,0xff,0x1a },
+ { 0xfd,0xf3,0xf3,0x0e }, { 0xbf,0xd2,0xd2,0x6d },
+ { 0x81,0xcd,0xcd,0x4c }, { 0x18,0x0c,0x0c,0x14 },
+ { 0x26,0x13,0x13,0x35 }, { 0xc3,0xec,0xec,0x2f },
+ { 0xbe,0x5f,0x5f,0xe1 }, { 0x35,0x97,0x97,0xa2 },
+ { 0x88,0x44,0x44,0xcc }, { 0x2e,0x17,0x17,0x39 },
+ { 0x93,0xc4,0xc4,0x57 }, { 0x55,0xa7,0xa7,0xf2 },
+ { 0xfc,0x7e,0x7e,0x82 }, { 0x7a,0x3d,0x3d,0x47 },
+ { 0xc8,0x64,0x64,0xac }, { 0xba,0x5d,0x5d,0xe7 },
+ { 0x32,0x19,0x19,0x2b }, { 0xe6,0x73,0x73,0x95 },
+ { 0xc0,0x60,0x60,0xa0 }, { 0x19,0x81,0x81,0x98 },
+ { 0x9e,0x4f,0x4f,0xd1 }, { 0xa3,0xdc,0xdc,0x7f },
+ { 0x44,0x22,0x22,0x66 }, { 0x54,0x2a,0x2a,0x7e },
+ { 0x3b,0x90,0x90,0xab }, { 0x0b,0x88,0x88,0x83 },
+ { 0x8c,0x46,0x46,0xca }, { 0xc7,0xee,0xee,0x29 },
+ { 0x6b,0xb8,0xb8,0xd3 }, { 0x28,0x14,0x14,0x3c },
+ { 0xa7,0xde,0xde,0x79 }, { 0xbc,0x5e,0x5e,0xe2 },
+ { 0x16,0x0b,0x0b,0x1d }, { 0xad,0xdb,0xdb,0x76 },
+ { 0xdb,0xe0,0xe0,0x3b }, { 0x64,0x32,0x32,0x56 },
+ { 0x74,0x3a,0x3a,0x4e }, { 0x14,0x0a,0x0a,0x1e },
+ { 0x92,0x49,0x49,0xdb }, { 0x0c,0x06,0x06,0x0a },
+ { 0x48,0x24,0x24,0x6c }, { 0xb8,0x5c,0x5c,0xe4 },
+ { 0x9f,0xc2,0xc2,0x5d }, { 0xbd,0xd3,0xd3,0x6e },
+ { 0x43,0xac,0xac,0xef }, { 0xc4,0x62,0x62,0xa6 },
+ { 0x39,0x91,0x91,0xa8 }, { 0x31,0x95,0x95,0xa4 },
+ { 0xd3,0xe4,0xe4,0x37 }, { 0xf2,0x79,0x79,0x8b },
+ { 0xd5,0xe7,0xe7,0x32 }, { 0x8b,0xc8,0xc8,0x43 },
+ { 0x6e,0x37,0x37,0x59 }, { 0xda,0x6d,0x6d,0xb7 },
+ { 0x01,0x8d,0x8d,0x8c }, { 0xb1,0xd5,0xd5,0x64 },
+ { 0x9c,0x4e,0x4e,0xd2 }, { 0x49,0xa9,0xa9,0xe0 },
+ { 0xd8,0x6c,0x6c,0xb4 }, { 0xac,0x56,0x56,0xfa },
+ { 0xf3,0xf4,0xf4,0x07 }, { 0xcf,0xea,0xea,0x25 },
+ { 0xca,0x65,0x65,0xaf }, { 0xf4,0x7a,0x7a,0x8e },
+ { 0x47,0xae,0xae,0xe9 }, { 0x10,0x08,0x08,0x18 },
+ { 0x6f,0xba,0xba,0xd5 }, { 0xf0,0x78,0x78,0x88 },
+ { 0x4a,0x25,0x25,0x6f }, { 0x5c,0x2e,0x2e,0x72 },
+ { 0x38,0x1c,0x1c,0x24 }, { 0x57,0xa6,0xa6,0xf1 },
+ { 0x73,0xb4,0xb4,0xc7 }, { 0x97,0xc6,0xc6,0x51 },
+ { 0xcb,0xe8,0xe8,0x23 }, { 0xa1,0xdd,0xdd,0x7c },
+ { 0xe8,0x74,0x74,0x9c }, { 0x3e,0x1f,0x1f,0x21 },
+ { 0x96,0x4b,0x4b,0xdd }, { 0x61,0xbd,0xbd,0xdc },
+ { 0x0d,0x8b,0x8b,0x86 }, { 0x0f,0x8a,0x8a,0x85 },
+ { 0xe0,0x70,0x70,0x90 }, { 0x7c,0x3e,0x3e,0x42 },
+ { 0x71,0xb5,0xb5,0xc4 }, { 0xcc,0x66,0x66,0xaa },
+ { 0x90,0x48,0x48,0xd8 }, { 0x06,0x03,0x03,0x05 },
+ { 0xf7,0xf6,0xf6,0x01 }, { 0x1c,0x0e,0x0e,0x12 },
+ { 0xc2,0x61,0x61,0xa3 }, { 0x6a,0x35,0x35,0x5f },
+ { 0xae,0x57,0x57,0xf9 }, { 0x69,0xb9,0xb9,0xd0 },
+ { 0x17,0x86,0x86,0x91 }, { 0x99,0xc1,0xc1,0x58 },
+ { 0x3a,0x1d,0x1d,0x27 }, { 0x27,0x9e,0x9e,0xb9 },
+ { 0xd9,0xe1,0xe1,0x38 }, { 0xeb,0xf8,0xf8,0x13 },
+ { 0x2b,0x98,0x98,0xb3 }, { 0x22,0x11,0x11,0x33 },
+ { 0xd2,0x69,0x69,0xbb }, { 0xa9,0xd9,0xd9,0x70 },
+ { 0x07,0x8e,0x8e,0x89 }, { 0x33,0x94,0x94,0xa7 },
+ { 0x2d,0x9b,0x9b,0xb6 }, { 0x3c,0x1e,0x1e,0x22 },
+ { 0x15,0x87,0x87,0x92 }, { 0xc9,0xe9,0xe9,0x20 },
+ { 0x87,0xce,0xce,0x49 }, { 0xaa,0x55,0x55,0xff },
+ { 0x50,0x28,0x28,0x78 }, { 0xa5,0xdf,0xdf,0x7a },
+ { 0x03,0x8c,0x8c,0x8f }, { 0x59,0xa1,0xa1,0xf8 },
+ { 0x09,0x89,0x89,0x80 }, { 0x1a,0x0d,0x0d,0x17 },
+ { 0x65,0xbf,0xbf,0xda }, { 0xd7,0xe6,0xe6,0x31 },
+ { 0x84,0x42,0x42,0xc6 }, { 0xd0,0x68,0x68,0xb8 },
+ { 0x82,0x41,0x41,0xc3 }, { 0x29,0x99,0x99,0xb0 },
+ { 0x5a,0x2d,0x2d,0x77 }, { 0x1e,0x0f,0x0f,0x11 },
+ { 0x7b,0xb0,0xb0,0xcb }, { 0xa8,0x54,0x54,0xfc },
+ { 0x6d,0xbb,0xbb,0xd6 }, { 0x2c,0x16,0x16,0x3a }
+ };
+
+static const unsigned char T2[256][4] =
+ {
+ { 0xa5,0xc6,0x63,0x63 }, { 0x84,0xf8,0x7c,0x7c },
+ { 0x99,0xee,0x77,0x77 }, { 0x8d,0xf6,0x7b,0x7b },
+ { 0x0d,0xff,0xf2,0xf2 }, { 0xbd,0xd6,0x6b,0x6b },
+ { 0xb1,0xde,0x6f,0x6f }, { 0x54,0x91,0xc5,0xc5 },
+ { 0x50,0x60,0x30,0x30 }, { 0x03,0x02,0x01,0x01 },
+ { 0xa9,0xce,0x67,0x67 }, { 0x7d,0x56,0x2b,0x2b },
+ { 0x19,0xe7,0xfe,0xfe }, { 0x62,0xb5,0xd7,0xd7 },
+ { 0xe6,0x4d,0xab,0xab }, { 0x9a,0xec,0x76,0x76 },
+ { 0x45,0x8f,0xca,0xca }, { 0x9d,0x1f,0x82,0x82 },
+ { 0x40,0x89,0xc9,0xc9 }, { 0x87,0xfa,0x7d,0x7d },
+ { 0x15,0xef,0xfa,0xfa }, { 0xeb,0xb2,0x59,0x59 },
+ { 0xc9,0x8e,0x47,0x47 }, { 0x0b,0xfb,0xf0,0xf0 },
+ { 0xec,0x41,0xad,0xad }, { 0x67,0xb3,0xd4,0xd4 },
+ { 0xfd,0x5f,0xa2,0xa2 }, { 0xea,0x45,0xaf,0xaf },
+ { 0xbf,0x23,0x9c,0x9c }, { 0xf7,0x53,0xa4,0xa4 },
+ { 0x96,0xe4,0x72,0x72 }, { 0x5b,0x9b,0xc0,0xc0 },
+ { 0xc2,0x75,0xb7,0xb7 }, { 0x1c,0xe1,0xfd,0xfd },
+ { 0xae,0x3d,0x93,0x93 }, { 0x6a,0x4c,0x26,0x26 },
+ { 0x5a,0x6c,0x36,0x36 }, { 0x41,0x7e,0x3f,0x3f },
+ { 0x02,0xf5,0xf7,0xf7 }, { 0x4f,0x83,0xcc,0xcc },
+ { 0x5c,0x68,0x34,0x34 }, { 0xf4,0x51,0xa5,0xa5 },
+ { 0x34,0xd1,0xe5,0xe5 }, { 0x08,0xf9,0xf1,0xf1 },
+ { 0x93,0xe2,0x71,0x71 }, { 0x73,0xab,0xd8,0xd8 },
+ { 0x53,0x62,0x31,0x31 }, { 0x3f,0x2a,0x15,0x15 },
+ { 0x0c,0x08,0x04,0x04 }, { 0x52,0x95,0xc7,0xc7 },
+ { 0x65,0x46,0x23,0x23 }, { 0x5e,0x9d,0xc3,0xc3 },
+ { 0x28,0x30,0x18,0x18 }, { 0xa1,0x37,0x96,0x96 },
+ { 0x0f,0x0a,0x05,0x05 }, { 0xb5,0x2f,0x9a,0x9a },
+ { 0x09,0x0e,0x07,0x07 }, { 0x36,0x24,0x12,0x12 },
+ { 0x9b,0x1b,0x80,0x80 }, { 0x3d,0xdf,0xe2,0xe2 },
+ { 0x26,0xcd,0xeb,0xeb }, { 0x69,0x4e,0x27,0x27 },
+ { 0xcd,0x7f,0xb2,0xb2 }, { 0x9f,0xea,0x75,0x75 },
+ { 0x1b,0x12,0x09,0x09 }, { 0x9e,0x1d,0x83,0x83 },
+ { 0x74,0x58,0x2c,0x2c }, { 0x2e,0x34,0x1a,0x1a },
+ { 0x2d,0x36,0x1b,0x1b }, { 0xb2,0xdc,0x6e,0x6e },
+ { 0xee,0xb4,0x5a,0x5a }, { 0xfb,0x5b,0xa0,0xa0 },
+ { 0xf6,0xa4,0x52,0x52 }, { 0x4d,0x76,0x3b,0x3b },
+ { 0x61,0xb7,0xd6,0xd6 }, { 0xce,0x7d,0xb3,0xb3 },
+ { 0x7b,0x52,0x29,0x29 }, { 0x3e,0xdd,0xe3,0xe3 },
+ { 0x71,0x5e,0x2f,0x2f }, { 0x97,0x13,0x84,0x84 },
+ { 0xf5,0xa6,0x53,0x53 }, { 0x68,0xb9,0xd1,0xd1 },
+ { 0x00,0x00,0x00,0x00 }, { 0x2c,0xc1,0xed,0xed },
+ { 0x60,0x40,0x20,0x20 }, { 0x1f,0xe3,0xfc,0xfc },
+ { 0xc8,0x79,0xb1,0xb1 }, { 0xed,0xb6,0x5b,0x5b },
+ { 0xbe,0xd4,0x6a,0x6a }, { 0x46,0x8d,0xcb,0xcb },
+ { 0xd9,0x67,0xbe,0xbe }, { 0x4b,0x72,0x39,0x39 },
+ { 0xde,0x94,0x4a,0x4a }, { 0xd4,0x98,0x4c,0x4c },
+ { 0xe8,0xb0,0x58,0x58 }, { 0x4a,0x85,0xcf,0xcf },
+ { 0x6b,0xbb,0xd0,0xd0 }, { 0x2a,0xc5,0xef,0xef },
+ { 0xe5,0x4f,0xaa,0xaa }, { 0x16,0xed,0xfb,0xfb },
+ { 0xc5,0x86,0x43,0x43 }, { 0xd7,0x9a,0x4d,0x4d },
+ { 0x55,0x66,0x33,0x33 }, { 0x94,0x11,0x85,0x85 },
+ { 0xcf,0x8a,0x45,0x45 }, { 0x10,0xe9,0xf9,0xf9 },
+ { 0x06,0x04,0x02,0x02 }, { 0x81,0xfe,0x7f,0x7f },
+ { 0xf0,0xa0,0x50,0x50 }, { 0x44,0x78,0x3c,0x3c },
+ { 0xba,0x25,0x9f,0x9f }, { 0xe3,0x4b,0xa8,0xa8 },
+ { 0xf3,0xa2,0x51,0x51 }, { 0xfe,0x5d,0xa3,0xa3 },
+ { 0xc0,0x80,0x40,0x40 }, { 0x8a,0x05,0x8f,0x8f },
+ { 0xad,0x3f,0x92,0x92 }, { 0xbc,0x21,0x9d,0x9d },
+ { 0x48,0x70,0x38,0x38 }, { 0x04,0xf1,0xf5,0xf5 },
+ { 0xdf,0x63,0xbc,0xbc }, { 0xc1,0x77,0xb6,0xb6 },
+ { 0x75,0xaf,0xda,0xda }, { 0x63,0x42,0x21,0x21 },
+ { 0x30,0x20,0x10,0x10 }, { 0x1a,0xe5,0xff,0xff },
+ { 0x0e,0xfd,0xf3,0xf3 }, { 0x6d,0xbf,0xd2,0xd2 },
+ { 0x4c,0x81,0xcd,0xcd }, { 0x14,0x18,0x0c,0x0c },
+ { 0x35,0x26,0x13,0x13 }, { 0x2f,0xc3,0xec,0xec },
+ { 0xe1,0xbe,0x5f,0x5f }, { 0xa2,0x35,0x97,0x97 },
+ { 0xcc,0x88,0x44,0x44 }, { 0x39,0x2e,0x17,0x17 },
+ { 0x57,0x93,0xc4,0xc4 }, { 0xf2,0x55,0xa7,0xa7 },
+ { 0x82,0xfc,0x7e,0x7e }, { 0x47,0x7a,0x3d,0x3d },
+ { 0xac,0xc8,0x64,0x64 }, { 0xe7,0xba,0x5d,0x5d },
+ { 0x2b,0x32,0x19,0x19 }, { 0x95,0xe6,0x73,0x73 },
+ { 0xa0,0xc0,0x60,0x60 }, { 0x98,0x19,0x81,0x81 },
+ { 0xd1,0x9e,0x4f,0x4f }, { 0x7f,0xa3,0xdc,0xdc },
+ { 0x66,0x44,0x22,0x22 }, { 0x7e,0x54,0x2a,0x2a },
+ { 0xab,0x3b,0x90,0x90 }, { 0x83,0x0b,0x88,0x88 },
+ { 0xca,0x8c,0x46,0x46 }, { 0x29,0xc7,0xee,0xee },
+ { 0xd3,0x6b,0xb8,0xb8 }, { 0x3c,0x28,0x14,0x14 },
+ { 0x79,0xa7,0xde,0xde }, { 0xe2,0xbc,0x5e,0x5e },
+ { 0x1d,0x16,0x0b,0x0b }, { 0x76,0xad,0xdb,0xdb },
+ { 0x3b,0xdb,0xe0,0xe0 }, { 0x56,0x64,0x32,0x32 },
+ { 0x4e,0x74,0x3a,0x3a }, { 0x1e,0x14,0x0a,0x0a },
+ { 0xdb,0x92,0x49,0x49 }, { 0x0a,0x0c,0x06,0x06 },
+ { 0x6c,0x48,0x24,0x24 }, { 0xe4,0xb8,0x5c,0x5c },
+ { 0x5d,0x9f,0xc2,0xc2 }, { 0x6e,0xbd,0xd3,0xd3 },
+ { 0xef,0x43,0xac,0xac }, { 0xa6,0xc4,0x62,0x62 },
+ { 0xa8,0x39,0x91,0x91 }, { 0xa4,0x31,0x95,0x95 },
+ { 0x37,0xd3,0xe4,0xe4 }, { 0x8b,0xf2,0x79,0x79 },
+ { 0x32,0xd5,0xe7,0xe7 }, { 0x43,0x8b,0xc8,0xc8 },
+ { 0x59,0x6e,0x37,0x37 }, { 0xb7,0xda,0x6d,0x6d },
+ { 0x8c,0x01,0x8d,0x8d }, { 0x64,0xb1,0xd5,0xd5 },
+ { 0xd2,0x9c,0x4e,0x4e }, { 0xe0,0x49,0xa9,0xa9 },
+ { 0xb4,0xd8,0x6c,0x6c }, { 0xfa,0xac,0x56,0x56 },
+ { 0x07,0xf3,0xf4,0xf4 }, { 0x25,0xcf,0xea,0xea },
+ { 0xaf,0xca,0x65,0x65 }, { 0x8e,0xf4,0x7a,0x7a },
+ { 0xe9,0x47,0xae,0xae }, { 0x18,0x10,0x08,0x08 },
+ { 0xd5,0x6f,0xba,0xba }, { 0x88,0xf0,0x78,0x78 },
+ { 0x6f,0x4a,0x25,0x25 }, { 0x72,0x5c,0x2e,0x2e },
+ { 0x24,0x38,0x1c,0x1c }, { 0xf1,0x57,0xa6,0xa6 },
+ { 0xc7,0x73,0xb4,0xb4 }, { 0x51,0x97,0xc6,0xc6 },
+ { 0x23,0xcb,0xe8,0xe8 }, { 0x7c,0xa1,0xdd,0xdd },
+ { 0x9c,0xe8,0x74,0x74 }, { 0x21,0x3e,0x1f,0x1f },
+ { 0xdd,0x96,0x4b,0x4b }, { 0xdc,0x61,0xbd,0xbd },
+ { 0x86,0x0d,0x8b,0x8b }, { 0x85,0x0f,0x8a,0x8a },
+ { 0x90,0xe0,0x70,0x70 }, { 0x42,0x7c,0x3e,0x3e },
+ { 0xc4,0x71,0xb5,0xb5 }, { 0xaa,0xcc,0x66,0x66 },
+ { 0xd8,0x90,0x48,0x48 }, { 0x05,0x06,0x03,0x03 },
+ { 0x01,0xf7,0xf6,0xf6 }, { 0x12,0x1c,0x0e,0x0e },
+ { 0xa3,0xc2,0x61,0x61 }, { 0x5f,0x6a,0x35,0x35 },
+ { 0xf9,0xae,0x57,0x57 }, { 0xd0,0x69,0xb9,0xb9 },
+ { 0x91,0x17,0x86,0x86 }, { 0x58,0x99,0xc1,0xc1 },
+ { 0x27,0x3a,0x1d,0x1d }, { 0xb9,0x27,0x9e,0x9e },
+ { 0x38,0xd9,0xe1,0xe1 }, { 0x13,0xeb,0xf8,0xf8 },
+ { 0xb3,0x2b,0x98,0x98 }, { 0x33,0x22,0x11,0x11 },
+ { 0xbb,0xd2,0x69,0x69 }, { 0x70,0xa9,0xd9,0xd9 },
+ { 0x89,0x07,0x8e,0x8e }, { 0xa7,0x33,0x94,0x94 },
+ { 0xb6,0x2d,0x9b,0x9b }, { 0x22,0x3c,0x1e,0x1e },
+ { 0x92,0x15,0x87,0x87 }, { 0x20,0xc9,0xe9,0xe9 },
+ { 0x49,0x87,0xce,0xce }, { 0xff,0xaa,0x55,0x55 },
+ { 0x78,0x50,0x28,0x28 }, { 0x7a,0xa5,0xdf,0xdf },
+ { 0x8f,0x03,0x8c,0x8c }, { 0xf8,0x59,0xa1,0xa1 },
+ { 0x80,0x09,0x89,0x89 }, { 0x17,0x1a,0x0d,0x0d },
+ { 0xda,0x65,0xbf,0xbf }, { 0x31,0xd7,0xe6,0xe6 },
+ { 0xc6,0x84,0x42,0x42 }, { 0xb8,0xd0,0x68,0x68 },
+ { 0xc3,0x82,0x41,0x41 }, { 0xb0,0x29,0x99,0x99 },
+ { 0x77,0x5a,0x2d,0x2d }, { 0x11,0x1e,0x0f,0x0f },
+ { 0xcb,0x7b,0xb0,0xb0 }, { 0xfc,0xa8,0x54,0x54 },
+ { 0xd6,0x6d,0xbb,0xbb }, { 0x3a,0x2c,0x16,0x16 }
+ };
+
+static const unsigned char T3[256][4] =
+ {
+ { 0x63,0xa5,0xc6,0x63 }, { 0x7c,0x84,0xf8,0x7c },
+ { 0x77,0x99,0xee,0x77 }, { 0x7b,0x8d,0xf6,0x7b },
+ { 0xf2,0x0d,0xff,0xf2 }, { 0x6b,0xbd,0xd6,0x6b },
+ { 0x6f,0xb1,0xde,0x6f }, { 0xc5,0x54,0x91,0xc5 },
+ { 0x30,0x50,0x60,0x30 }, { 0x01,0x03,0x02,0x01 },
+ { 0x67,0xa9,0xce,0x67 }, { 0x2b,0x7d,0x56,0x2b },
+ { 0xfe,0x19,0xe7,0xfe }, { 0xd7,0x62,0xb5,0xd7 },
+ { 0xab,0xe6,0x4d,0xab }, { 0x76,0x9a,0xec,0x76 },
+ { 0xca,0x45,0x8f,0xca }, { 0x82,0x9d,0x1f,0x82 },
+ { 0xc9,0x40,0x89,0xc9 }, { 0x7d,0x87,0xfa,0x7d },
+ { 0xfa,0x15,0xef,0xfa }, { 0x59,0xeb,0xb2,0x59 },
+ { 0x47,0xc9,0x8e,0x47 }, { 0xf0,0x0b,0xfb,0xf0 },
+ { 0xad,0xec,0x41,0xad }, { 0xd4,0x67,0xb3,0xd4 },
+ { 0xa2,0xfd,0x5f,0xa2 }, { 0xaf,0xea,0x45,0xaf },
+ { 0x9c,0xbf,0x23,0x9c }, { 0xa4,0xf7,0x53,0xa4 },
+ { 0x72,0x96,0xe4,0x72 }, { 0xc0,0x5b,0x9b,0xc0 },
+ { 0xb7,0xc2,0x75,0xb7 }, { 0xfd,0x1c,0xe1,0xfd },
+ { 0x93,0xae,0x3d,0x93 }, { 0x26,0x6a,0x4c,0x26 },
+ { 0x36,0x5a,0x6c,0x36 }, { 0x3f,0x41,0x7e,0x3f },
+ { 0xf7,0x02,0xf5,0xf7 }, { 0xcc,0x4f,0x83,0xcc },
+ { 0x34,0x5c,0x68,0x34 }, { 0xa5,0xf4,0x51,0xa5 },
+ { 0xe5,0x34,0xd1,0xe5 }, { 0xf1,0x08,0xf9,0xf1 },
+ { 0x71,0x93,0xe2,0x71 }, { 0xd8,0x73,0xab,0xd8 },
+ { 0x31,0x53,0x62,0x31 }, { 0x15,0x3f,0x2a,0x15 },
+ { 0x04,0x0c,0x08,0x04 }, { 0xc7,0x52,0x95,0xc7 },
+ { 0x23,0x65,0x46,0x23 }, { 0xc3,0x5e,0x9d,0xc3 },
+ { 0x18,0x28,0x30,0x18 }, { 0x96,0xa1,0x37,0x96 },
+ { 0x05,0x0f,0x0a,0x05 }, { 0x9a,0xb5,0x2f,0x9a },
+ { 0x07,0x09,0x0e,0x07 }, { 0x12,0x36,0x24,0x12 },
+ { 0x80,0x9b,0x1b,0x80 }, { 0xe2,0x3d,0xdf,0xe2 },
+ { 0xeb,0x26,0xcd,0xeb }, { 0x27,0x69,0x4e,0x27 },
+ { 0xb2,0xcd,0x7f,0xb2 }, { 0x75,0x9f,0xea,0x75 },
+ { 0x09,0x1b,0x12,0x09 }, { 0x83,0x9e,0x1d,0x83 },
+ { 0x2c,0x74,0x58,0x2c }, { 0x1a,0x2e,0x34,0x1a },
+ { 0x1b,0x2d,0x36,0x1b }, { 0x6e,0xb2,0xdc,0x6e },
+ { 0x5a,0xee,0xb4,0x5a }, { 0xa0,0xfb,0x5b,0xa0 },
+ { 0x52,0xf6,0xa4,0x52 }, { 0x3b,0x4d,0x76,0x3b },
+ { 0xd6,0x61,0xb7,0xd6 }, { 0xb3,0xce,0x7d,0xb3 },
+ { 0x29,0x7b,0x52,0x29 }, { 0xe3,0x3e,0xdd,0xe3 },
+ { 0x2f,0x71,0x5e,0x2f }, { 0x84,0x97,0x13,0x84 },
+ { 0x53,0xf5,0xa6,0x53 }, { 0xd1,0x68,0xb9,0xd1 },
+ { 0x00,0x00,0x00,0x00 }, { 0xed,0x2c,0xc1,0xed },
+ { 0x20,0x60,0x40,0x20 }, { 0xfc,0x1f,0xe3,0xfc },
+ { 0xb1,0xc8,0x79,0xb1 }, { 0x5b,0xed,0xb6,0x5b },
+ { 0x6a,0xbe,0xd4,0x6a }, { 0xcb,0x46,0x8d,0xcb },
+ { 0xbe,0xd9,0x67,0xbe }, { 0x39,0x4b,0x72,0x39 },
+ { 0x4a,0xde,0x94,0x4a }, { 0x4c,0xd4,0x98,0x4c },
+ { 0x58,0xe8,0xb0,0x58 }, { 0xcf,0x4a,0x85,0xcf },
+ { 0xd0,0x6b,0xbb,0xd0 }, { 0xef,0x2a,0xc5,0xef },
+ { 0xaa,0xe5,0x4f,0xaa }, { 0xfb,0x16,0xed,0xfb },
+ { 0x43,0xc5,0x86,0x43 }, { 0x4d,0xd7,0x9a,0x4d },
+ { 0x33,0x55,0x66,0x33 }, { 0x85,0x94,0x11,0x85 },
+ { 0x45,0xcf,0x8a,0x45 }, { 0xf9,0x10,0xe9,0xf9 },
+ { 0x02,0x06,0x04,0x02 }, { 0x7f,0x81,0xfe,0x7f },
+ { 0x50,0xf0,0xa0,0x50 }, { 0x3c,0x44,0x78,0x3c },
+ { 0x9f,0xba,0x25,0x9f }, { 0xa8,0xe3,0x4b,0xa8 },
+ { 0x51,0xf3,0xa2,0x51 }, { 0xa3,0xfe,0x5d,0xa3 },
+ { 0x40,0xc0,0x80,0x40 }, { 0x8f,0x8a,0x05,0x8f },
+ { 0x92,0xad,0x3f,0x92 }, { 0x9d,0xbc,0x21,0x9d },
+ { 0x38,0x48,0x70,0x38 }, { 0xf5,0x04,0xf1,0xf5 },
+ { 0xbc,0xdf,0x63,0xbc }, { 0xb6,0xc1,0x77,0xb6 },
+ { 0xda,0x75,0xaf,0xda }, { 0x21,0x63,0x42,0x21 },
+ { 0x10,0x30,0x20,0x10 }, { 0xff,0x1a,0xe5,0xff },
+ { 0xf3,0x0e,0xfd,0xf3 }, { 0xd2,0x6d,0xbf,0xd2 },
+ { 0xcd,0x4c,0x81,0xcd }, { 0x0c,0x14,0x18,0x0c },
+ { 0x13,0x35,0x26,0x13 }, { 0xec,0x2f,0xc3,0xec },
+ { 0x5f,0xe1,0xbe,0x5f }, { 0x97,0xa2,0x35,0x97 },
+ { 0x44,0xcc,0x88,0x44 }, { 0x17,0x39,0x2e,0x17 },
+ { 0xc4,0x57,0x93,0xc4 }, { 0xa7,0xf2,0x55,0xa7 },
+ { 0x7e,0x82,0xfc,0x7e }, { 0x3d,0x47,0x7a,0x3d },
+ { 0x64,0xac,0xc8,0x64 }, { 0x5d,0xe7,0xba,0x5d },
+ { 0x19,0x2b,0x32,0x19 }, { 0x73,0x95,0xe6,0x73 },
+ { 0x60,0xa0,0xc0,0x60 }, { 0x81,0x98,0x19,0x81 },
+ { 0x4f,0xd1,0x9e,0x4f }, { 0xdc,0x7f,0xa3,0xdc },
+ { 0x22,0x66,0x44,0x22 }, { 0x2a,0x7e,0x54,0x2a },
+ { 0x90,0xab,0x3b,0x90 }, { 0x88,0x83,0x0b,0x88 },
+ { 0x46,0xca,0x8c,0x46 }, { 0xee,0x29,0xc7,0xee },
+ { 0xb8,0xd3,0x6b,0xb8 }, { 0x14,0x3c,0x28,0x14 },
+ { 0xde,0x79,0xa7,0xde }, { 0x5e,0xe2,0xbc,0x5e },
+ { 0x0b,0x1d,0x16,0x0b }, { 0xdb,0x76,0xad,0xdb },
+ { 0xe0,0x3b,0xdb,0xe0 }, { 0x32,0x56,0x64,0x32 },
+ { 0x3a,0x4e,0x74,0x3a }, { 0x0a,0x1e,0x14,0x0a },
+ { 0x49,0xdb,0x92,0x49 }, { 0x06,0x0a,0x0c,0x06 },
+ { 0x24,0x6c,0x48,0x24 }, { 0x5c,0xe4,0xb8,0x5c },
+ { 0xc2,0x5d,0x9f,0xc2 }, { 0xd3,0x6e,0xbd,0xd3 },
+ { 0xac,0xef,0x43,0xac }, { 0x62,0xa6,0xc4,0x62 },
+ { 0x91,0xa8,0x39,0x91 }, { 0x95,0xa4,0x31,0x95 },
+ { 0xe4,0x37,0xd3,0xe4 }, { 0x79,0x8b,0xf2,0x79 },
+ { 0xe7,0x32,0xd5,0xe7 }, { 0xc8,0x43,0x8b,0xc8 },
+ { 0x37,0x59,0x6e,0x37 }, { 0x6d,0xb7,0xda,0x6d },
+ { 0x8d,0x8c,0x01,0x8d }, { 0xd5,0x64,0xb1,0xd5 },
+ { 0x4e,0xd2,0x9c,0x4e }, { 0xa9,0xe0,0x49,0xa9 },
+ { 0x6c,0xb4,0xd8,0x6c }, { 0x56,0xfa,0xac,0x56 },
+ { 0xf4,0x07,0xf3,0xf4 }, { 0xea,0x25,0xcf,0xea },
+ { 0x65,0xaf,0xca,0x65 }, { 0x7a,0x8e,0xf4,0x7a },
+ { 0xae,0xe9,0x47,0xae }, { 0x08,0x18,0x10,0x08 },
+ { 0xba,0xd5,0x6f,0xba }, { 0x78,0x88,0xf0,0x78 },
+ { 0x25,0x6f,0x4a,0x25 }, { 0x2e,0x72,0x5c,0x2e },
+ { 0x1c,0x24,0x38,0x1c }, { 0xa6,0xf1,0x57,0xa6 },
+ { 0xb4,0xc7,0x73,0xb4 }, { 0xc6,0x51,0x97,0xc6 },
+ { 0xe8,0x23,0xcb,0xe8 }, { 0xdd,0x7c,0xa1,0xdd },
+ { 0x74,0x9c,0xe8,0x74 }, { 0x1f,0x21,0x3e,0x1f },
+ { 0x4b,0xdd,0x96,0x4b }, { 0xbd,0xdc,0x61,0xbd },
+ { 0x8b,0x86,0x0d,0x8b }, { 0x8a,0x85,0x0f,0x8a },
+ { 0x70,0x90,0xe0,0x70 }, { 0x3e,0x42,0x7c,0x3e },
+ { 0xb5,0xc4,0x71,0xb5 }, { 0x66,0xaa,0xcc,0x66 },
+ { 0x48,0xd8,0x90,0x48 }, { 0x03,0x05,0x06,0x03 },
+ { 0xf6,0x01,0xf7,0xf6 }, { 0x0e,0x12,0x1c,0x0e },
+ { 0x61,0xa3,0xc2,0x61 }, { 0x35,0x5f,0x6a,0x35 },
+ { 0x57,0xf9,0xae,0x57 }, { 0xb9,0xd0,0x69,0xb9 },
+ { 0x86,0x91,0x17,0x86 }, { 0xc1,0x58,0x99,0xc1 },
+ { 0x1d,0x27,0x3a,0x1d }, { 0x9e,0xb9,0x27,0x9e },
+ { 0xe1,0x38,0xd9,0xe1 }, { 0xf8,0x13,0xeb,0xf8 },
+ { 0x98,0xb3,0x2b,0x98 }, { 0x11,0x33,0x22,0x11 },
+ { 0x69,0xbb,0xd2,0x69 }, { 0xd9,0x70,0xa9,0xd9 },
+ { 0x8e,0x89,0x07,0x8e }, { 0x94,0xa7,0x33,0x94 },
+ { 0x9b,0xb6,0x2d,0x9b }, { 0x1e,0x22,0x3c,0x1e },
+ { 0x87,0x92,0x15,0x87 }, { 0xe9,0x20,0xc9,0xe9 },
+ { 0xce,0x49,0x87,0xce }, { 0x55,0xff,0xaa,0x55 },
+ { 0x28,0x78,0x50,0x28 }, { 0xdf,0x7a,0xa5,0xdf },
+ { 0x8c,0x8f,0x03,0x8c }, { 0xa1,0xf8,0x59,0xa1 },
+ { 0x89,0x80,0x09,0x89 }, { 0x0d,0x17,0x1a,0x0d },
+ { 0xbf,0xda,0x65,0xbf }, { 0xe6,0x31,0xd7,0xe6 },
+ { 0x42,0xc6,0x84,0x42 }, { 0x68,0xb8,0xd0,0x68 },
+ { 0x41,0xc3,0x82,0x41 }, { 0x99,0xb0,0x29,0x99 },
+ { 0x2d,0x77,0x5a,0x2d }, { 0x0f,0x11,0x1e,0x0f },
+ { 0xb0,0xcb,0x7b,0xb0 }, { 0x54,0xfc,0xa8,0x54 },
+ { 0xbb,0xd6,0x6d,0xbb }, { 0x16,0x3a,0x2c,0x16 }
+ };
+
+static const unsigned char T4[256][4] =
+ {
+ { 0x63,0x63,0xa5,0xc6 }, { 0x7c,0x7c,0x84,0xf8 },
+ { 0x77,0x77,0x99,0xee }, { 0x7b,0x7b,0x8d,0xf6 },
+ { 0xf2,0xf2,0x0d,0xff }, { 0x6b,0x6b,0xbd,0xd6 },
+ { 0x6f,0x6f,0xb1,0xde }, { 0xc5,0xc5,0x54,0x91 },
+ { 0x30,0x30,0x50,0x60 }, { 0x01,0x01,0x03,0x02 },
+ { 0x67,0x67,0xa9,0xce }, { 0x2b,0x2b,0x7d,0x56 },
+ { 0xfe,0xfe,0x19,0xe7 }, { 0xd7,0xd7,0x62,0xb5 },
+ { 0xab,0xab,0xe6,0x4d }, { 0x76,0x76,0x9a,0xec },
+ { 0xca,0xca,0x45,0x8f }, { 0x82,0x82,0x9d,0x1f },
+ { 0xc9,0xc9,0x40,0x89 }, { 0x7d,0x7d,0x87,0xfa },
+ { 0xfa,0xfa,0x15,0xef }, { 0x59,0x59,0xeb,0xb2 },
+ { 0x47,0x47,0xc9,0x8e }, { 0xf0,0xf0,0x0b,0xfb },
+ { 0xad,0xad,0xec,0x41 }, { 0xd4,0xd4,0x67,0xb3 },
+ { 0xa2,0xa2,0xfd,0x5f }, { 0xaf,0xaf,0xea,0x45 },
+ { 0x9c,0x9c,0xbf,0x23 }, { 0xa4,0xa4,0xf7,0x53 },
+ { 0x72,0x72,0x96,0xe4 }, { 0xc0,0xc0,0x5b,0x9b },
+ { 0xb7,0xb7,0xc2,0x75 }, { 0xfd,0xfd,0x1c,0xe1 },
+ { 0x93,0x93,0xae,0x3d }, { 0x26,0x26,0x6a,0x4c },
+ { 0x36,0x36,0x5a,0x6c }, { 0x3f,0x3f,0x41,0x7e },
+ { 0xf7,0xf7,0x02,0xf5 }, { 0xcc,0xcc,0x4f,0x83 },
+ { 0x34,0x34,0x5c,0x68 }, { 0xa5,0xa5,0xf4,0x51 },
+ { 0xe5,0xe5,0x34,0xd1 }, { 0xf1,0xf1,0x08,0xf9 },
+ { 0x71,0x71,0x93,0xe2 }, { 0xd8,0xd8,0x73,0xab },
+ { 0x31,0x31,0x53,0x62 }, { 0x15,0x15,0x3f,0x2a },
+ { 0x04,0x04,0x0c,0x08 }, { 0xc7,0xc7,0x52,0x95 },
+ { 0x23,0x23,0x65,0x46 }, { 0xc3,0xc3,0x5e,0x9d },
+ { 0x18,0x18,0x28,0x30 }, { 0x96,0x96,0xa1,0x37 },
+ { 0x05,0x05,0x0f,0x0a }, { 0x9a,0x9a,0xb5,0x2f },
+ { 0x07,0x07,0x09,0x0e }, { 0x12,0x12,0x36,0x24 },
+ { 0x80,0x80,0x9b,0x1b }, { 0xe2,0xe2,0x3d,0xdf },
+ { 0xeb,0xeb,0x26,0xcd }, { 0x27,0x27,0x69,0x4e },
+ { 0xb2,0xb2,0xcd,0x7f }, { 0x75,0x75,0x9f,0xea },
+ { 0x09,0x09,0x1b,0x12 }, { 0x83,0x83,0x9e,0x1d },
+ { 0x2c,0x2c,0x74,0x58 }, { 0x1a,0x1a,0x2e,0x34 },
+ { 0x1b,0x1b,0x2d,0x36 }, { 0x6e,0x6e,0xb2,0xdc },
+ { 0x5a,0x5a,0xee,0xb4 }, { 0xa0,0xa0,0xfb,0x5b },
+ { 0x52,0x52,0xf6,0xa4 }, { 0x3b,0x3b,0x4d,0x76 },
+ { 0xd6,0xd6,0x61,0xb7 }, { 0xb3,0xb3,0xce,0x7d },
+ { 0x29,0x29,0x7b,0x52 }, { 0xe3,0xe3,0x3e,0xdd },
+ { 0x2f,0x2f,0x71,0x5e }, { 0x84,0x84,0x97,0x13 },
+ { 0x53,0x53,0xf5,0xa6 }, { 0xd1,0xd1,0x68,0xb9 },
+ { 0x00,0x00,0x00,0x00 }, { 0xed,0xed,0x2c,0xc1 },
+ { 0x20,0x20,0x60,0x40 }, { 0xfc,0xfc,0x1f,0xe3 },
+ { 0xb1,0xb1,0xc8,0x79 }, { 0x5b,0x5b,0xed,0xb6 },
+ { 0x6a,0x6a,0xbe,0xd4 }, { 0xcb,0xcb,0x46,0x8d },
+ { 0xbe,0xbe,0xd9,0x67 }, { 0x39,0x39,0x4b,0x72 },
+ { 0x4a,0x4a,0xde,0x94 }, { 0x4c,0x4c,0xd4,0x98 },
+ { 0x58,0x58,0xe8,0xb0 }, { 0xcf,0xcf,0x4a,0x85 },
+ { 0xd0,0xd0,0x6b,0xbb }, { 0xef,0xef,0x2a,0xc5 },
+ { 0xaa,0xaa,0xe5,0x4f }, { 0xfb,0xfb,0x16,0xed },
+ { 0x43,0x43,0xc5,0x86 }, { 0x4d,0x4d,0xd7,0x9a },
+ { 0x33,0x33,0x55,0x66 }, { 0x85,0x85,0x94,0x11 },
+ { 0x45,0x45,0xcf,0x8a }, { 0xf9,0xf9,0x10,0xe9 },
+ { 0x02,0x02,0x06,0x04 }, { 0x7f,0x7f,0x81,0xfe },
+ { 0x50,0x50,0xf0,0xa0 }, { 0x3c,0x3c,0x44,0x78 },
+ { 0x9f,0x9f,0xba,0x25 }, { 0xa8,0xa8,0xe3,0x4b },
+ { 0x51,0x51,0xf3,0xa2 }, { 0xa3,0xa3,0xfe,0x5d },
+ { 0x40,0x40,0xc0,0x80 }, { 0x8f,0x8f,0x8a,0x05 },
+ { 0x92,0x92,0xad,0x3f }, { 0x9d,0x9d,0xbc,0x21 },
+ { 0x38,0x38,0x48,0x70 }, { 0xf5,0xf5,0x04,0xf1 },
+ { 0xbc,0xbc,0xdf,0x63 }, { 0xb6,0xb6,0xc1,0x77 },
+ { 0xda,0xda,0x75,0xaf }, { 0x21,0x21,0x63,0x42 },
+ { 0x10,0x10,0x30,0x20 }, { 0xff,0xff,0x1a,0xe5 },
+ { 0xf3,0xf3,0x0e,0xfd }, { 0xd2,0xd2,0x6d,0xbf },
+ { 0xcd,0xcd,0x4c,0x81 }, { 0x0c,0x0c,0x14,0x18 },
+ { 0x13,0x13,0x35,0x26 }, { 0xec,0xec,0x2f,0xc3 },
+ { 0x5f,0x5f,0xe1,0xbe }, { 0x97,0x97,0xa2,0x35 },
+ { 0x44,0x44,0xcc,0x88 }, { 0x17,0x17,0x39,0x2e },
+ { 0xc4,0xc4,0x57,0x93 }, { 0xa7,0xa7,0xf2,0x55 },
+ { 0x7e,0x7e,0x82,0xfc }, { 0x3d,0x3d,0x47,0x7a },
+ { 0x64,0x64,0xac,0xc8 }, { 0x5d,0x5d,0xe7,0xba },
+ { 0x19,0x19,0x2b,0x32 }, { 0x73,0x73,0x95,0xe6 },
+ { 0x60,0x60,0xa0,0xc0 }, { 0x81,0x81,0x98,0x19 },
+ { 0x4f,0x4f,0xd1,0x9e }, { 0xdc,0xdc,0x7f,0xa3 },
+ { 0x22,0x22,0x66,0x44 }, { 0x2a,0x2a,0x7e,0x54 },
+ { 0x90,0x90,0xab,0x3b }, { 0x88,0x88,0x83,0x0b },
+ { 0x46,0x46,0xca,0x8c }, { 0xee,0xee,0x29,0xc7 },
+ { 0xb8,0xb8,0xd3,0x6b }, { 0x14,0x14,0x3c,0x28 },
+ { 0xde,0xde,0x79,0xa7 }, { 0x5e,0x5e,0xe2,0xbc },
+ { 0x0b,0x0b,0x1d,0x16 }, { 0xdb,0xdb,0x76,0xad },
+ { 0xe0,0xe0,0x3b,0xdb }, { 0x32,0x32,0x56,0x64 },
+ { 0x3a,0x3a,0x4e,0x74 }, { 0x0a,0x0a,0x1e,0x14 },
+ { 0x49,0x49,0xdb,0x92 }, { 0x06,0x06,0x0a,0x0c },
+ { 0x24,0x24,0x6c,0x48 }, { 0x5c,0x5c,0xe4,0xb8 },
+ { 0xc2,0xc2,0x5d,0x9f }, { 0xd3,0xd3,0x6e,0xbd },
+ { 0xac,0xac,0xef,0x43 }, { 0x62,0x62,0xa6,0xc4 },
+ { 0x91,0x91,0xa8,0x39 }, { 0x95,0x95,0xa4,0x31 },
+ { 0xe4,0xe4,0x37,0xd3 }, { 0x79,0x79,0x8b,0xf2 },
+ { 0xe7,0xe7,0x32,0xd5 }, { 0xc8,0xc8,0x43,0x8b },
+ { 0x37,0x37,0x59,0x6e }, { 0x6d,0x6d,0xb7,0xda },
+ { 0x8d,0x8d,0x8c,0x01 }, { 0xd5,0xd5,0x64,0xb1 },
+ { 0x4e,0x4e,0xd2,0x9c }, { 0xa9,0xa9,0xe0,0x49 },
+ { 0x6c,0x6c,0xb4,0xd8 }, { 0x56,0x56,0xfa,0xac },
+ { 0xf4,0xf4,0x07,0xf3 }, { 0xea,0xea,0x25,0xcf },
+ { 0x65,0x65,0xaf,0xca }, { 0x7a,0x7a,0x8e,0xf4 },
+ { 0xae,0xae,0xe9,0x47 }, { 0x08,0x08,0x18,0x10 },
+ { 0xba,0xba,0xd5,0x6f }, { 0x78,0x78,0x88,0xf0 },
+ { 0x25,0x25,0x6f,0x4a }, { 0x2e,0x2e,0x72,0x5c },
+ { 0x1c,0x1c,0x24,0x38 }, { 0xa6,0xa6,0xf1,0x57 },
+ { 0xb4,0xb4,0xc7,0x73 }, { 0xc6,0xc6,0x51,0x97 },
+ { 0xe8,0xe8,0x23,0xcb }, { 0xdd,0xdd,0x7c,0xa1 },
+ { 0x74,0x74,0x9c,0xe8 }, { 0x1f,0x1f,0x21,0x3e },
+ { 0x4b,0x4b,0xdd,0x96 }, { 0xbd,0xbd,0xdc,0x61 },
+ { 0x8b,0x8b,0x86,0x0d }, { 0x8a,0x8a,0x85,0x0f },
+ { 0x70,0x70,0x90,0xe0 }, { 0x3e,0x3e,0x42,0x7c },
+ { 0xb5,0xb5,0xc4,0x71 }, { 0x66,0x66,0xaa,0xcc },
+ { 0x48,0x48,0xd8,0x90 }, { 0x03,0x03,0x05,0x06 },
+ { 0xf6,0xf6,0x01,0xf7 }, { 0x0e,0x0e,0x12,0x1c },
+ { 0x61,0x61,0xa3,0xc2 }, { 0x35,0x35,0x5f,0x6a },
+ { 0x57,0x57,0xf9,0xae }, { 0xb9,0xb9,0xd0,0x69 },
+ { 0x86,0x86,0x91,0x17 }, { 0xc1,0xc1,0x58,0x99 },
+ { 0x1d,0x1d,0x27,0x3a }, { 0x9e,0x9e,0xb9,0x27 },
+ { 0xe1,0xe1,0x38,0xd9 }, { 0xf8,0xf8,0x13,0xeb },
+ { 0x98,0x98,0xb3,0x2b }, { 0x11,0x11,0x33,0x22 },
+ { 0x69,0x69,0xbb,0xd2 }, { 0xd9,0xd9,0x70,0xa9 },
+ { 0x8e,0x8e,0x89,0x07 }, { 0x94,0x94,0xa7,0x33 },
+ { 0x9b,0x9b,0xb6,0x2d }, { 0x1e,0x1e,0x22,0x3c },
+ { 0x87,0x87,0x92,0x15 }, { 0xe9,0xe9,0x20,0xc9 },
+ { 0xce,0xce,0x49,0x87 }, { 0x55,0x55,0xff,0xaa },
+ { 0x28,0x28,0x78,0x50 }, { 0xdf,0xdf,0x7a,0xa5 },
+ { 0x8c,0x8c,0x8f,0x03 }, { 0xa1,0xa1,0xf8,0x59 },
+ { 0x89,0x89,0x80,0x09 }, { 0x0d,0x0d,0x17,0x1a },
+ { 0xbf,0xbf,0xda,0x65 }, { 0xe6,0xe6,0x31,0xd7 },
+ { 0x42,0x42,0xc6,0x84 }, { 0x68,0x68,0xb8,0xd0 },
+ { 0x41,0x41,0xc3,0x82 }, { 0x99,0x99,0xb0,0x29 },
+ { 0x2d,0x2d,0x77,0x5a }, { 0x0f,0x0f,0x11,0x1e },
+ { 0xb0,0xb0,0xcb,0x7b }, { 0x54,0x54,0xfc,0xa8 },
+ { 0xbb,0xbb,0xd6,0x6d }, { 0x16,0x16,0x3a,0x2c }
+ };
+
+static const unsigned char T5[256][4] =
+ {
+ { 0x51,0xf4,0xa7,0x50 }, { 0x7e,0x41,0x65,0x53 },
+ { 0x1a,0x17,0xa4,0xc3 }, { 0x3a,0x27,0x5e,0x96 },
+ { 0x3b,0xab,0x6b,0xcb }, { 0x1f,0x9d,0x45,0xf1 },
+ { 0xac,0xfa,0x58,0xab }, { 0x4b,0xe3,0x03,0x93 },
+ { 0x20,0x30,0xfa,0x55 }, { 0xad,0x76,0x6d,0xf6 },
+ { 0x88,0xcc,0x76,0x91 }, { 0xf5,0x02,0x4c,0x25 },
+ { 0x4f,0xe5,0xd7,0xfc }, { 0xc5,0x2a,0xcb,0xd7 },
+ { 0x26,0x35,0x44,0x80 }, { 0xb5,0x62,0xa3,0x8f },
+ { 0xde,0xb1,0x5a,0x49 }, { 0x25,0xba,0x1b,0x67 },
+ { 0x45,0xea,0x0e,0x98 }, { 0x5d,0xfe,0xc0,0xe1 },
+ { 0xc3,0x2f,0x75,0x02 }, { 0x81,0x4c,0xf0,0x12 },
+ { 0x8d,0x46,0x97,0xa3 }, { 0x6b,0xd3,0xf9,0xc6 },
+ { 0x03,0x8f,0x5f,0xe7 }, { 0x15,0x92,0x9c,0x95 },
+ { 0xbf,0x6d,0x7a,0xeb }, { 0x95,0x52,0x59,0xda },
+ { 0xd4,0xbe,0x83,0x2d }, { 0x58,0x74,0x21,0xd3 },
+ { 0x49,0xe0,0x69,0x29 }, { 0x8e,0xc9,0xc8,0x44 },
+ { 0x75,0xc2,0x89,0x6a }, { 0xf4,0x8e,0x79,0x78 },
+ { 0x99,0x58,0x3e,0x6b }, { 0x27,0xb9,0x71,0xdd },
+ { 0xbe,0xe1,0x4f,0xb6 }, { 0xf0,0x88,0xad,0x17 },
+ { 0xc9,0x20,0xac,0x66 }, { 0x7d,0xce,0x3a,0xb4 },
+ { 0x63,0xdf,0x4a,0x18 }, { 0xe5,0x1a,0x31,0x82 },
+ { 0x97,0x51,0x33,0x60 }, { 0x62,0x53,0x7f,0x45 },
+ { 0xb1,0x64,0x77,0xe0 }, { 0xbb,0x6b,0xae,0x84 },
+ { 0xfe,0x81,0xa0,0x1c }, { 0xf9,0x08,0x2b,0x94 },
+ { 0x70,0x48,0x68,0x58 }, { 0x8f,0x45,0xfd,0x19 },
+ { 0x94,0xde,0x6c,0x87 }, { 0x52,0x7b,0xf8,0xb7 },
+ { 0xab,0x73,0xd3,0x23 }, { 0x72,0x4b,0x02,0xe2 },
+ { 0xe3,0x1f,0x8f,0x57 }, { 0x66,0x55,0xab,0x2a },
+ { 0xb2,0xeb,0x28,0x07 }, { 0x2f,0xb5,0xc2,0x03 },
+ { 0x86,0xc5,0x7b,0x9a }, { 0xd3,0x37,0x08,0xa5 },
+ { 0x30,0x28,0x87,0xf2 }, { 0x23,0xbf,0xa5,0xb2 },
+ { 0x02,0x03,0x6a,0xba }, { 0xed,0x16,0x82,0x5c },
+ { 0x8a,0xcf,0x1c,0x2b }, { 0xa7,0x79,0xb4,0x92 },
+ { 0xf3,0x07,0xf2,0xf0 }, { 0x4e,0x69,0xe2,0xa1 },
+ { 0x65,0xda,0xf4,0xcd }, { 0x06,0x05,0xbe,0xd5 },
+ { 0xd1,0x34,0x62,0x1f }, { 0xc4,0xa6,0xfe,0x8a },
+ { 0x34,0x2e,0x53,0x9d }, { 0xa2,0xf3,0x55,0xa0 },
+ { 0x05,0x8a,0xe1,0x32 }, { 0xa4,0xf6,0xeb,0x75 },
+ { 0x0b,0x83,0xec,0x39 }, { 0x40,0x60,0xef,0xaa },
+ { 0x5e,0x71,0x9f,0x06 }, { 0xbd,0x6e,0x10,0x51 },
+ { 0x3e,0x21,0x8a,0xf9 }, { 0x96,0xdd,0x06,0x3d },
+ { 0xdd,0x3e,0x05,0xae }, { 0x4d,0xe6,0xbd,0x46 },
+ { 0x91,0x54,0x8d,0xb5 }, { 0x71,0xc4,0x5d,0x05 },
+ { 0x04,0x06,0xd4,0x6f }, { 0x60,0x50,0x15,0xff },
+ { 0x19,0x98,0xfb,0x24 }, { 0xd6,0xbd,0xe9,0x97 },
+ { 0x89,0x40,0x43,0xcc }, { 0x67,0xd9,0x9e,0x77 },
+ { 0xb0,0xe8,0x42,0xbd }, { 0x07,0x89,0x8b,0x88 },
+ { 0xe7,0x19,0x5b,0x38 }, { 0x79,0xc8,0xee,0xdb },
+ { 0xa1,0x7c,0x0a,0x47 }, { 0x7c,0x42,0x0f,0xe9 },
+ { 0xf8,0x84,0x1e,0xc9 }, { 0x00,0x00,0x00,0x00 },
+ { 0x09,0x80,0x86,0x83 }, { 0x32,0x2b,0xed,0x48 },
+ { 0x1e,0x11,0x70,0xac }, { 0x6c,0x5a,0x72,0x4e },
+ { 0xfd,0x0e,0xff,0xfb }, { 0x0f,0x85,0x38,0x56 },
+ { 0x3d,0xae,0xd5,0x1e }, { 0x36,0x2d,0x39,0x27 },
+ { 0x0a,0x0f,0xd9,0x64 }, { 0x68,0x5c,0xa6,0x21 },
+ { 0x9b,0x5b,0x54,0xd1 }, { 0x24,0x36,0x2e,0x3a },
+ { 0x0c,0x0a,0x67,0xb1 }, { 0x93,0x57,0xe7,0x0f },
+ { 0xb4,0xee,0x96,0xd2 }, { 0x1b,0x9b,0x91,0x9e },
+ { 0x80,0xc0,0xc5,0x4f }, { 0x61,0xdc,0x20,0xa2 },
+ { 0x5a,0x77,0x4b,0x69 }, { 0x1c,0x12,0x1a,0x16 },
+ { 0xe2,0x93,0xba,0x0a }, { 0xc0,0xa0,0x2a,0xe5 },
+ { 0x3c,0x22,0xe0,0x43 }, { 0x12,0x1b,0x17,0x1d },
+ { 0x0e,0x09,0x0d,0x0b }, { 0xf2,0x8b,0xc7,0xad },
+ { 0x2d,0xb6,0xa8,0xb9 }, { 0x14,0x1e,0xa9,0xc8 },
+ { 0x57,0xf1,0x19,0x85 }, { 0xaf,0x75,0x07,0x4c },
+ { 0xee,0x99,0xdd,0xbb }, { 0xa3,0x7f,0x60,0xfd },
+ { 0xf7,0x01,0x26,0x9f }, { 0x5c,0x72,0xf5,0xbc },
+ { 0x44,0x66,0x3b,0xc5 }, { 0x5b,0xfb,0x7e,0x34 },
+ { 0x8b,0x43,0x29,0x76 }, { 0xcb,0x23,0xc6,0xdc },
+ { 0xb6,0xed,0xfc,0x68 }, { 0xb8,0xe4,0xf1,0x63 },
+ { 0xd7,0x31,0xdc,0xca }, { 0x42,0x63,0x85,0x10 },
+ { 0x13,0x97,0x22,0x40 }, { 0x84,0xc6,0x11,0x20 },
+ { 0x85,0x4a,0x24,0x7d }, { 0xd2,0xbb,0x3d,0xf8 },
+ { 0xae,0xf9,0x32,0x11 }, { 0xc7,0x29,0xa1,0x6d },
+ { 0x1d,0x9e,0x2f,0x4b }, { 0xdc,0xb2,0x30,0xf3 },
+ { 0x0d,0x86,0x52,0xec }, { 0x77,0xc1,0xe3,0xd0 },
+ { 0x2b,0xb3,0x16,0x6c }, { 0xa9,0x70,0xb9,0x99 },
+ { 0x11,0x94,0x48,0xfa }, { 0x47,0xe9,0x64,0x22 },
+ { 0xa8,0xfc,0x8c,0xc4 }, { 0xa0,0xf0,0x3f,0x1a },
+ { 0x56,0x7d,0x2c,0xd8 }, { 0x22,0x33,0x90,0xef },
+ { 0x87,0x49,0x4e,0xc7 }, { 0xd9,0x38,0xd1,0xc1 },
+ { 0x8c,0xca,0xa2,0xfe }, { 0x98,0xd4,0x0b,0x36 },
+ { 0xa6,0xf5,0x81,0xcf }, { 0xa5,0x7a,0xde,0x28 },
+ { 0xda,0xb7,0x8e,0x26 }, { 0x3f,0xad,0xbf,0xa4 },
+ { 0x2c,0x3a,0x9d,0xe4 }, { 0x50,0x78,0x92,0x0d },
+ { 0x6a,0x5f,0xcc,0x9b }, { 0x54,0x7e,0x46,0x62 },
+ { 0xf6,0x8d,0x13,0xc2 }, { 0x90,0xd8,0xb8,0xe8 },
+ { 0x2e,0x39,0xf7,0x5e }, { 0x82,0xc3,0xaf,0xf5 },
+ { 0x9f,0x5d,0x80,0xbe }, { 0x69,0xd0,0x93,0x7c },
+ { 0x6f,0xd5,0x2d,0xa9 }, { 0xcf,0x25,0x12,0xb3 },
+ { 0xc8,0xac,0x99,0x3b }, { 0x10,0x18,0x7d,0xa7 },
+ { 0xe8,0x9c,0x63,0x6e }, { 0xdb,0x3b,0xbb,0x7b },
+ { 0xcd,0x26,0x78,0x09 }, { 0x6e,0x59,0x18,0xf4 },
+ { 0xec,0x9a,0xb7,0x01 }, { 0x83,0x4f,0x9a,0xa8 },
+ { 0xe6,0x95,0x6e,0x65 }, { 0xaa,0xff,0xe6,0x7e },
+ { 0x21,0xbc,0xcf,0x08 }, { 0xef,0x15,0xe8,0xe6 },
+ { 0xba,0xe7,0x9b,0xd9 }, { 0x4a,0x6f,0x36,0xce },
+ { 0xea,0x9f,0x09,0xd4 }, { 0x29,0xb0,0x7c,0xd6 },
+ { 0x31,0xa4,0xb2,0xaf }, { 0x2a,0x3f,0x23,0x31 },
+ { 0xc6,0xa5,0x94,0x30 }, { 0x35,0xa2,0x66,0xc0 },
+ { 0x74,0x4e,0xbc,0x37 }, { 0xfc,0x82,0xca,0xa6 },
+ { 0xe0,0x90,0xd0,0xb0 }, { 0x33,0xa7,0xd8,0x15 },
+ { 0xf1,0x04,0x98,0x4a }, { 0x41,0xec,0xda,0xf7 },
+ { 0x7f,0xcd,0x50,0x0e }, { 0x17,0x91,0xf6,0x2f },
+ { 0x76,0x4d,0xd6,0x8d }, { 0x43,0xef,0xb0,0x4d },
+ { 0xcc,0xaa,0x4d,0x54 }, { 0xe4,0x96,0x04,0xdf },
+ { 0x9e,0xd1,0xb5,0xe3 }, { 0x4c,0x6a,0x88,0x1b },
+ { 0xc1,0x2c,0x1f,0xb8 }, { 0x46,0x65,0x51,0x7f },
+ { 0x9d,0x5e,0xea,0x04 }, { 0x01,0x8c,0x35,0x5d },
+ { 0xfa,0x87,0x74,0x73 }, { 0xfb,0x0b,0x41,0x2e },
+ { 0xb3,0x67,0x1d,0x5a }, { 0x92,0xdb,0xd2,0x52 },
+ { 0xe9,0x10,0x56,0x33 }, { 0x6d,0xd6,0x47,0x13 },
+ { 0x9a,0xd7,0x61,0x8c }, { 0x37,0xa1,0x0c,0x7a },
+ { 0x59,0xf8,0x14,0x8e }, { 0xeb,0x13,0x3c,0x89 },
+ { 0xce,0xa9,0x27,0xee }, { 0xb7,0x61,0xc9,0x35 },
+ { 0xe1,0x1c,0xe5,0xed }, { 0x7a,0x47,0xb1,0x3c },
+ { 0x9c,0xd2,0xdf,0x59 }, { 0x55,0xf2,0x73,0x3f },
+ { 0x18,0x14,0xce,0x79 }, { 0x73,0xc7,0x37,0xbf },
+ { 0x53,0xf7,0xcd,0xea }, { 0x5f,0xfd,0xaa,0x5b },
+ { 0xdf,0x3d,0x6f,0x14 }, { 0x78,0x44,0xdb,0x86 },
+ { 0xca,0xaf,0xf3,0x81 }, { 0xb9,0x68,0xc4,0x3e },
+ { 0x38,0x24,0x34,0x2c }, { 0xc2,0xa3,0x40,0x5f },
+ { 0x16,0x1d,0xc3,0x72 }, { 0xbc,0xe2,0x25,0x0c },
+ { 0x28,0x3c,0x49,0x8b }, { 0xff,0x0d,0x95,0x41 },
+ { 0x39,0xa8,0x01,0x71 }, { 0x08,0x0c,0xb3,0xde },
+ { 0xd8,0xb4,0xe4,0x9c }, { 0x64,0x56,0xc1,0x90 },
+ { 0x7b,0xcb,0x84,0x61 }, { 0xd5,0x32,0xb6,0x70 },
+ { 0x48,0x6c,0x5c,0x74 }, { 0xd0,0xb8,0x57,0x42 }
+ };
+
+static const unsigned char T6[256][4] =
+ {
+ { 0x50,0x51,0xf4,0xa7 }, { 0x53,0x7e,0x41,0x65 },
+ { 0xc3,0x1a,0x17,0xa4 }, { 0x96,0x3a,0x27,0x5e },
+ { 0xcb,0x3b,0xab,0x6b }, { 0xf1,0x1f,0x9d,0x45 },
+ { 0xab,0xac,0xfa,0x58 }, { 0x93,0x4b,0xe3,0x03 },
+ { 0x55,0x20,0x30,0xfa }, { 0xf6,0xad,0x76,0x6d },
+ { 0x91,0x88,0xcc,0x76 }, { 0x25,0xf5,0x02,0x4c },
+ { 0xfc,0x4f,0xe5,0xd7 }, { 0xd7,0xc5,0x2a,0xcb },
+ { 0x80,0x26,0x35,0x44 }, { 0x8f,0xb5,0x62,0xa3 },
+ { 0x49,0xde,0xb1,0x5a }, { 0x67,0x25,0xba,0x1b },
+ { 0x98,0x45,0xea,0x0e }, { 0xe1,0x5d,0xfe,0xc0 },
+ { 0x02,0xc3,0x2f,0x75 }, { 0x12,0x81,0x4c,0xf0 },
+ { 0xa3,0x8d,0x46,0x97 }, { 0xc6,0x6b,0xd3,0xf9 },
+ { 0xe7,0x03,0x8f,0x5f }, { 0x95,0x15,0x92,0x9c },
+ { 0xeb,0xbf,0x6d,0x7a }, { 0xda,0x95,0x52,0x59 },
+ { 0x2d,0xd4,0xbe,0x83 }, { 0xd3,0x58,0x74,0x21 },
+ { 0x29,0x49,0xe0,0x69 }, { 0x44,0x8e,0xc9,0xc8 },
+ { 0x6a,0x75,0xc2,0x89 }, { 0x78,0xf4,0x8e,0x79 },
+ { 0x6b,0x99,0x58,0x3e }, { 0xdd,0x27,0xb9,0x71 },
+ { 0xb6,0xbe,0xe1,0x4f }, { 0x17,0xf0,0x88,0xad },
+ { 0x66,0xc9,0x20,0xac }, { 0xb4,0x7d,0xce,0x3a },
+ { 0x18,0x63,0xdf,0x4a }, { 0x82,0xe5,0x1a,0x31 },
+ { 0x60,0x97,0x51,0x33 }, { 0x45,0x62,0x53,0x7f },
+ { 0xe0,0xb1,0x64,0x77 }, { 0x84,0xbb,0x6b,0xae },
+ { 0x1c,0xfe,0x81,0xa0 }, { 0x94,0xf9,0x08,0x2b },
+ { 0x58,0x70,0x48,0x68 }, { 0x19,0x8f,0x45,0xfd },
+ { 0x87,0x94,0xde,0x6c }, { 0xb7,0x52,0x7b,0xf8 },
+ { 0x23,0xab,0x73,0xd3 }, { 0xe2,0x72,0x4b,0x02 },
+ { 0x57,0xe3,0x1f,0x8f }, { 0x2a,0x66,0x55,0xab },
+ { 0x07,0xb2,0xeb,0x28 }, { 0x03,0x2f,0xb5,0xc2 },
+ { 0x9a,0x86,0xc5,0x7b }, { 0xa5,0xd3,0x37,0x08 },
+ { 0xf2,0x30,0x28,0x87 }, { 0xb2,0x23,0xbf,0xa5 },
+ { 0xba,0x02,0x03,0x6a }, { 0x5c,0xed,0x16,0x82 },
+ { 0x2b,0x8a,0xcf,0x1c }, { 0x92,0xa7,0x79,0xb4 },
+ { 0xf0,0xf3,0x07,0xf2 }, { 0xa1,0x4e,0x69,0xe2 },
+ { 0xcd,0x65,0xda,0xf4 }, { 0xd5,0x06,0x05,0xbe },
+ { 0x1f,0xd1,0x34,0x62 }, { 0x8a,0xc4,0xa6,0xfe },
+ { 0x9d,0x34,0x2e,0x53 }, { 0xa0,0xa2,0xf3,0x55 },
+ { 0x32,0x05,0x8a,0xe1 }, { 0x75,0xa4,0xf6,0xeb },
+ { 0x39,0x0b,0x83,0xec }, { 0xaa,0x40,0x60,0xef },
+ { 0x06,0x5e,0x71,0x9f }, { 0x51,0xbd,0x6e,0x10 },
+ { 0xf9,0x3e,0x21,0x8a }, { 0x3d,0x96,0xdd,0x06 },
+ { 0xae,0xdd,0x3e,0x05 }, { 0x46,0x4d,0xe6,0xbd },
+ { 0xb5,0x91,0x54,0x8d }, { 0x05,0x71,0xc4,0x5d },
+ { 0x6f,0x04,0x06,0xd4 }, { 0xff,0x60,0x50,0x15 },
+ { 0x24,0x19,0x98,0xfb }, { 0x97,0xd6,0xbd,0xe9 },
+ { 0xcc,0x89,0x40,0x43 }, { 0x77,0x67,0xd9,0x9e },
+ { 0xbd,0xb0,0xe8,0x42 }, { 0x88,0x07,0x89,0x8b },
+ { 0x38,0xe7,0x19,0x5b }, { 0xdb,0x79,0xc8,0xee },
+ { 0x47,0xa1,0x7c,0x0a }, { 0xe9,0x7c,0x42,0x0f },
+ { 0xc9,0xf8,0x84,0x1e }, { 0x00,0x00,0x00,0x00 },
+ { 0x83,0x09,0x80,0x86 }, { 0x48,0x32,0x2b,0xed },
+ { 0xac,0x1e,0x11,0x70 }, { 0x4e,0x6c,0x5a,0x72 },
+ { 0xfb,0xfd,0x0e,0xff }, { 0x56,0x0f,0x85,0x38 },
+ { 0x1e,0x3d,0xae,0xd5 }, { 0x27,0x36,0x2d,0x39 },
+ { 0x64,0x0a,0x0f,0xd9 }, { 0x21,0x68,0x5c,0xa6 },
+ { 0xd1,0x9b,0x5b,0x54 }, { 0x3a,0x24,0x36,0x2e },
+ { 0xb1,0x0c,0x0a,0x67 }, { 0x0f,0x93,0x57,0xe7 },
+ { 0xd2,0xb4,0xee,0x96 }, { 0x9e,0x1b,0x9b,0x91 },
+ { 0x4f,0x80,0xc0,0xc5 }, { 0xa2,0x61,0xdc,0x20 },
+ { 0x69,0x5a,0x77,0x4b }, { 0x16,0x1c,0x12,0x1a },
+ { 0x0a,0xe2,0x93,0xba }, { 0xe5,0xc0,0xa0,0x2a },
+ { 0x43,0x3c,0x22,0xe0 }, { 0x1d,0x12,0x1b,0x17 },
+ { 0x0b,0x0e,0x09,0x0d }, { 0xad,0xf2,0x8b,0xc7 },
+ { 0xb9,0x2d,0xb6,0xa8 }, { 0xc8,0x14,0x1e,0xa9 },
+ { 0x85,0x57,0xf1,0x19 }, { 0x4c,0xaf,0x75,0x07 },
+ { 0xbb,0xee,0x99,0xdd }, { 0xfd,0xa3,0x7f,0x60 },
+ { 0x9f,0xf7,0x01,0x26 }, { 0xbc,0x5c,0x72,0xf5 },
+ { 0xc5,0x44,0x66,0x3b }, { 0x34,0x5b,0xfb,0x7e },
+ { 0x76,0x8b,0x43,0x29 }, { 0xdc,0xcb,0x23,0xc6 },
+ { 0x68,0xb6,0xed,0xfc }, { 0x63,0xb8,0xe4,0xf1 },
+ { 0xca,0xd7,0x31,0xdc }, { 0x10,0x42,0x63,0x85 },
+ { 0x40,0x13,0x97,0x22 }, { 0x20,0x84,0xc6,0x11 },
+ { 0x7d,0x85,0x4a,0x24 }, { 0xf8,0xd2,0xbb,0x3d },
+ { 0x11,0xae,0xf9,0x32 }, { 0x6d,0xc7,0x29,0xa1 },
+ { 0x4b,0x1d,0x9e,0x2f }, { 0xf3,0xdc,0xb2,0x30 },
+ { 0xec,0x0d,0x86,0x52 }, { 0xd0,0x77,0xc1,0xe3 },
+ { 0x6c,0x2b,0xb3,0x16 }, { 0x99,0xa9,0x70,0xb9 },
+ { 0xfa,0x11,0x94,0x48 }, { 0x22,0x47,0xe9,0x64 },
+ { 0xc4,0xa8,0xfc,0x8c }, { 0x1a,0xa0,0xf0,0x3f },
+ { 0xd8,0x56,0x7d,0x2c }, { 0xef,0x22,0x33,0x90 },
+ { 0xc7,0x87,0x49,0x4e }, { 0xc1,0xd9,0x38,0xd1 },
+ { 0xfe,0x8c,0xca,0xa2 }, { 0x36,0x98,0xd4,0x0b },
+ { 0xcf,0xa6,0xf5,0x81 }, { 0x28,0xa5,0x7a,0xde },
+ { 0x26,0xda,0xb7,0x8e }, { 0xa4,0x3f,0xad,0xbf },
+ { 0xe4,0x2c,0x3a,0x9d }, { 0x0d,0x50,0x78,0x92 },
+ { 0x9b,0x6a,0x5f,0xcc }, { 0x62,0x54,0x7e,0x46 },
+ { 0xc2,0xf6,0x8d,0x13 }, { 0xe8,0x90,0xd8,0xb8 },
+ { 0x5e,0x2e,0x39,0xf7 }, { 0xf5,0x82,0xc3,0xaf },
+ { 0xbe,0x9f,0x5d,0x80 }, { 0x7c,0x69,0xd0,0x93 },
+ { 0xa9,0x6f,0xd5,0x2d }, { 0xb3,0xcf,0x25,0x12 },
+ { 0x3b,0xc8,0xac,0x99 }, { 0xa7,0x10,0x18,0x7d },
+ { 0x6e,0xe8,0x9c,0x63 }, { 0x7b,0xdb,0x3b,0xbb },
+ { 0x09,0xcd,0x26,0x78 }, { 0xf4,0x6e,0x59,0x18 },
+ { 0x01,0xec,0x9a,0xb7 }, { 0xa8,0x83,0x4f,0x9a },
+ { 0x65,0xe6,0x95,0x6e }, { 0x7e,0xaa,0xff,0xe6 },
+ { 0x08,0x21,0xbc,0xcf }, { 0xe6,0xef,0x15,0xe8 },
+ { 0xd9,0xba,0xe7,0x9b }, { 0xce,0x4a,0x6f,0x36 },
+ { 0xd4,0xea,0x9f,0x09 }, { 0xd6,0x29,0xb0,0x7c },
+ { 0xaf,0x31,0xa4,0xb2 }, { 0x31,0x2a,0x3f,0x23 },
+ { 0x30,0xc6,0xa5,0x94 }, { 0xc0,0x35,0xa2,0x66 },
+ { 0x37,0x74,0x4e,0xbc }, { 0xa6,0xfc,0x82,0xca },
+ { 0xb0,0xe0,0x90,0xd0 }, { 0x15,0x33,0xa7,0xd8 },
+ { 0x4a,0xf1,0x04,0x98 }, { 0xf7,0x41,0xec,0xda },
+ { 0x0e,0x7f,0xcd,0x50 }, { 0x2f,0x17,0x91,0xf6 },
+ { 0x8d,0x76,0x4d,0xd6 }, { 0x4d,0x43,0xef,0xb0 },
+ { 0x54,0xcc,0xaa,0x4d }, { 0xdf,0xe4,0x96,0x04 },
+ { 0xe3,0x9e,0xd1,0xb5 }, { 0x1b,0x4c,0x6a,0x88 },
+ { 0xb8,0xc1,0x2c,0x1f }, { 0x7f,0x46,0x65,0x51 },
+ { 0x04,0x9d,0x5e,0xea }, { 0x5d,0x01,0x8c,0x35 },
+ { 0x73,0xfa,0x87,0x74 }, { 0x2e,0xfb,0x0b,0x41 },
+ { 0x5a,0xb3,0x67,0x1d }, { 0x52,0x92,0xdb,0xd2 },
+ { 0x33,0xe9,0x10,0x56 }, { 0x13,0x6d,0xd6,0x47 },
+ { 0x8c,0x9a,0xd7,0x61 }, { 0x7a,0x37,0xa1,0x0c },
+ { 0x8e,0x59,0xf8,0x14 }, { 0x89,0xeb,0x13,0x3c },
+ { 0xee,0xce,0xa9,0x27 }, { 0x35,0xb7,0x61,0xc9 },
+ { 0xed,0xe1,0x1c,0xe5 }, { 0x3c,0x7a,0x47,0xb1 },
+ { 0x59,0x9c,0xd2,0xdf }, { 0x3f,0x55,0xf2,0x73 },
+ { 0x79,0x18,0x14,0xce }, { 0xbf,0x73,0xc7,0x37 },
+ { 0xea,0x53,0xf7,0xcd }, { 0x5b,0x5f,0xfd,0xaa },
+ { 0x14,0xdf,0x3d,0x6f }, { 0x86,0x78,0x44,0xdb },
+ { 0x81,0xca,0xaf,0xf3 }, { 0x3e,0xb9,0x68,0xc4 },
+ { 0x2c,0x38,0x24,0x34 }, { 0x5f,0xc2,0xa3,0x40 },
+ { 0x72,0x16,0x1d,0xc3 }, { 0x0c,0xbc,0xe2,0x25 },
+ { 0x8b,0x28,0x3c,0x49 }, { 0x41,0xff,0x0d,0x95 },
+ { 0x71,0x39,0xa8,0x01 }, { 0xde,0x08,0x0c,0xb3 },
+ { 0x9c,0xd8,0xb4,0xe4 }, { 0x90,0x64,0x56,0xc1 },
+ { 0x61,0x7b,0xcb,0x84 }, { 0x70,0xd5,0x32,0xb6 },
+ { 0x74,0x48,0x6c,0x5c }, { 0x42,0xd0,0xb8,0x57 }
+ };
+
+static const unsigned char T7[256][4] =
+ {
+ { 0xa7,0x50,0x51,0xf4 }, { 0x65,0x53,0x7e,0x41 },
+ { 0xa4,0xc3,0x1a,0x17 }, { 0x5e,0x96,0x3a,0x27 },
+ { 0x6b,0xcb,0x3b,0xab }, { 0x45,0xf1,0x1f,0x9d },
+ { 0x58,0xab,0xac,0xfa }, { 0x03,0x93,0x4b,0xe3 },
+ { 0xfa,0x55,0x20,0x30 }, { 0x6d,0xf6,0xad,0x76 },
+ { 0x76,0x91,0x88,0xcc }, { 0x4c,0x25,0xf5,0x02 },
+ { 0xd7,0xfc,0x4f,0xe5 }, { 0xcb,0xd7,0xc5,0x2a },
+ { 0x44,0x80,0x26,0x35 }, { 0xa3,0x8f,0xb5,0x62 },
+ { 0x5a,0x49,0xde,0xb1 }, { 0x1b,0x67,0x25,0xba },
+ { 0x0e,0x98,0x45,0xea }, { 0xc0,0xe1,0x5d,0xfe },
+ { 0x75,0x02,0xc3,0x2f }, { 0xf0,0x12,0x81,0x4c },
+ { 0x97,0xa3,0x8d,0x46 }, { 0xf9,0xc6,0x6b,0xd3 },
+ { 0x5f,0xe7,0x03,0x8f }, { 0x9c,0x95,0x15,0x92 },
+ { 0x7a,0xeb,0xbf,0x6d }, { 0x59,0xda,0x95,0x52 },
+ { 0x83,0x2d,0xd4,0xbe }, { 0x21,0xd3,0x58,0x74 },
+ { 0x69,0x29,0x49,0xe0 }, { 0xc8,0x44,0x8e,0xc9 },
+ { 0x89,0x6a,0x75,0xc2 }, { 0x79,0x78,0xf4,0x8e },
+ { 0x3e,0x6b,0x99,0x58 }, { 0x71,0xdd,0x27,0xb9 },
+ { 0x4f,0xb6,0xbe,0xe1 }, { 0xad,0x17,0xf0,0x88 },
+ { 0xac,0x66,0xc9,0x20 }, { 0x3a,0xb4,0x7d,0xce },
+ { 0x4a,0x18,0x63,0xdf }, { 0x31,0x82,0xe5,0x1a },
+ { 0x33,0x60,0x97,0x51 }, { 0x7f,0x45,0x62,0x53 },
+ { 0x77,0xe0,0xb1,0x64 }, { 0xae,0x84,0xbb,0x6b },
+ { 0xa0,0x1c,0xfe,0x81 }, { 0x2b,0x94,0xf9,0x08 },
+ { 0x68,0x58,0x70,0x48 }, { 0xfd,0x19,0x8f,0x45 },
+ { 0x6c,0x87,0x94,0xde }, { 0xf8,0xb7,0x52,0x7b },
+ { 0xd3,0x23,0xab,0x73 }, { 0x02,0xe2,0x72,0x4b },
+ { 0x8f,0x57,0xe3,0x1f }, { 0xab,0x2a,0x66,0x55 },
+ { 0x28,0x07,0xb2,0xeb }, { 0xc2,0x03,0x2f,0xb5 },
+ { 0x7b,0x9a,0x86,0xc5 }, { 0x08,0xa5,0xd3,0x37 },
+ { 0x87,0xf2,0x30,0x28 }, { 0xa5,0xb2,0x23,0xbf },
+ { 0x6a,0xba,0x02,0x03 }, { 0x82,0x5c,0xed,0x16 },
+ { 0x1c,0x2b,0x8a,0xcf }, { 0xb4,0x92,0xa7,0x79 },
+ { 0xf2,0xf0,0xf3,0x07 }, { 0xe2,0xa1,0x4e,0x69 },
+ { 0xf4,0xcd,0x65,0xda }, { 0xbe,0xd5,0x06,0x05 },
+ { 0x62,0x1f,0xd1,0x34 }, { 0xfe,0x8a,0xc4,0xa6 },
+ { 0x53,0x9d,0x34,0x2e }, { 0x55,0xa0,0xa2,0xf3 },
+ { 0xe1,0x32,0x05,0x8a }, { 0xeb,0x75,0xa4,0xf6 },
+ { 0xec,0x39,0x0b,0x83 }, { 0xef,0xaa,0x40,0x60 },
+ { 0x9f,0x06,0x5e,0x71 }, { 0x10,0x51,0xbd,0x6e },
+ { 0x8a,0xf9,0x3e,0x21 }, { 0x06,0x3d,0x96,0xdd },
+ { 0x05,0xae,0xdd,0x3e }, { 0xbd,0x46,0x4d,0xe6 },
+ { 0x8d,0xb5,0x91,0x54 }, { 0x5d,0x05,0x71,0xc4 },
+ { 0xd4,0x6f,0x04,0x06 }, { 0x15,0xff,0x60,0x50 },
+ { 0xfb,0x24,0x19,0x98 }, { 0xe9,0x97,0xd6,0xbd },
+ { 0x43,0xcc,0x89,0x40 }, { 0x9e,0x77,0x67,0xd9 },
+ { 0x42,0xbd,0xb0,0xe8 }, { 0x8b,0x88,0x07,0x89 },
+ { 0x5b,0x38,0xe7,0x19 }, { 0xee,0xdb,0x79,0xc8 },
+ { 0x0a,0x47,0xa1,0x7c }, { 0x0f,0xe9,0x7c,0x42 },
+ { 0x1e,0xc9,0xf8,0x84 }, { 0x00,0x00,0x00,0x00 },
+ { 0x86,0x83,0x09,0x80 }, { 0xed,0x48,0x32,0x2b },
+ { 0x70,0xac,0x1e,0x11 }, { 0x72,0x4e,0x6c,0x5a },
+ { 0xff,0xfb,0xfd,0x0e }, { 0x38,0x56,0x0f,0x85 },
+ { 0xd5,0x1e,0x3d,0xae }, { 0x39,0x27,0x36,0x2d },
+ { 0xd9,0x64,0x0a,0x0f }, { 0xa6,0x21,0x68,0x5c },
+ { 0x54,0xd1,0x9b,0x5b }, { 0x2e,0x3a,0x24,0x36 },
+ { 0x67,0xb1,0x0c,0x0a }, { 0xe7,0x0f,0x93,0x57 },
+ { 0x96,0xd2,0xb4,0xee }, { 0x91,0x9e,0x1b,0x9b },
+ { 0xc5,0x4f,0x80,0xc0 }, { 0x20,0xa2,0x61,0xdc },
+ { 0x4b,0x69,0x5a,0x77 }, { 0x1a,0x16,0x1c,0x12 },
+ { 0xba,0x0a,0xe2,0x93 }, { 0x2a,0xe5,0xc0,0xa0 },
+ { 0xe0,0x43,0x3c,0x22 }, { 0x17,0x1d,0x12,0x1b },
+ { 0x0d,0x0b,0x0e,0x09 }, { 0xc7,0xad,0xf2,0x8b },
+ { 0xa8,0xb9,0x2d,0xb6 }, { 0xa9,0xc8,0x14,0x1e },
+ { 0x19,0x85,0x57,0xf1 }, { 0x07,0x4c,0xaf,0x75 },
+ { 0xdd,0xbb,0xee,0x99 }, { 0x60,0xfd,0xa3,0x7f },
+ { 0x26,0x9f,0xf7,0x01 }, { 0xf5,0xbc,0x5c,0x72 },
+ { 0x3b,0xc5,0x44,0x66 }, { 0x7e,0x34,0x5b,0xfb },
+ { 0x29,0x76,0x8b,0x43 }, { 0xc6,0xdc,0xcb,0x23 },
+ { 0xfc,0x68,0xb6,0xed }, { 0xf1,0x63,0xb8,0xe4 },
+ { 0xdc,0xca,0xd7,0x31 }, { 0x85,0x10,0x42,0x63 },
+ { 0x22,0x40,0x13,0x97 }, { 0x11,0x20,0x84,0xc6 },
+ { 0x24,0x7d,0x85,0x4a }, { 0x3d,0xf8,0xd2,0xbb },
+ { 0x32,0x11,0xae,0xf9 }, { 0xa1,0x6d,0xc7,0x29 },
+ { 0x2f,0x4b,0x1d,0x9e }, { 0x30,0xf3,0xdc,0xb2 },
+ { 0x52,0xec,0x0d,0x86 }, { 0xe3,0xd0,0x77,0xc1 },
+ { 0x16,0x6c,0x2b,0xb3 }, { 0xb9,0x99,0xa9,0x70 },
+ { 0x48,0xfa,0x11,0x94 }, { 0x64,0x22,0x47,0xe9 },
+ { 0x8c,0xc4,0xa8,0xfc }, { 0x3f,0x1a,0xa0,0xf0 },
+ { 0x2c,0xd8,0x56,0x7d }, { 0x90,0xef,0x22,0x33 },
+ { 0x4e,0xc7,0x87,0x49 }, { 0xd1,0xc1,0xd9,0x38 },
+ { 0xa2,0xfe,0x8c,0xca }, { 0x0b,0x36,0x98,0xd4 },
+ { 0x81,0xcf,0xa6,0xf5 }, { 0xde,0x28,0xa5,0x7a },
+ { 0x8e,0x26,0xda,0xb7 }, { 0xbf,0xa4,0x3f,0xad },
+ { 0x9d,0xe4,0x2c,0x3a }, { 0x92,0x0d,0x50,0x78 },
+ { 0xcc,0x9b,0x6a,0x5f }, { 0x46,0x62,0x54,0x7e },
+ { 0x13,0xc2,0xf6,0x8d }, { 0xb8,0xe8,0x90,0xd8 },
+ { 0xf7,0x5e,0x2e,0x39 }, { 0xaf,0xf5,0x82,0xc3 },
+ { 0x80,0xbe,0x9f,0x5d }, { 0x93,0x7c,0x69,0xd0 },
+ { 0x2d,0xa9,0x6f,0xd5 }, { 0x12,0xb3,0xcf,0x25 },
+ { 0x99,0x3b,0xc8,0xac }, { 0x7d,0xa7,0x10,0x18 },
+ { 0x63,0x6e,0xe8,0x9c }, { 0xbb,0x7b,0xdb,0x3b },
+ { 0x78,0x09,0xcd,0x26 }, { 0x18,0xf4,0x6e,0x59 },
+ { 0xb7,0x01,0xec,0x9a }, { 0x9a,0xa8,0x83,0x4f },
+ { 0x6e,0x65,0xe6,0x95 }, { 0xe6,0x7e,0xaa,0xff },
+ { 0xcf,0x08,0x21,0xbc }, { 0xe8,0xe6,0xef,0x15 },
+ { 0x9b,0xd9,0xba,0xe7 }, { 0x36,0xce,0x4a,0x6f },
+ { 0x09,0xd4,0xea,0x9f }, { 0x7c,0xd6,0x29,0xb0 },
+ { 0xb2,0xaf,0x31,0xa4 }, { 0x23,0x31,0x2a,0x3f },
+ { 0x94,0x30,0xc6,0xa5 }, { 0x66,0xc0,0x35,0xa2 },
+ { 0xbc,0x37,0x74,0x4e }, { 0xca,0xa6,0xfc,0x82 },
+ { 0xd0,0xb0,0xe0,0x90 }, { 0xd8,0x15,0x33,0xa7 },
+ { 0x98,0x4a,0xf1,0x04 }, { 0xda,0xf7,0x41,0xec },
+ { 0x50,0x0e,0x7f,0xcd }, { 0xf6,0x2f,0x17,0x91 },
+ { 0xd6,0x8d,0x76,0x4d }, { 0xb0,0x4d,0x43,0xef },
+ { 0x4d,0x54,0xcc,0xaa }, { 0x04,0xdf,0xe4,0x96 },
+ { 0xb5,0xe3,0x9e,0xd1 }, { 0x88,0x1b,0x4c,0x6a },
+ { 0x1f,0xb8,0xc1,0x2c }, { 0x51,0x7f,0x46,0x65 },
+ { 0xea,0x04,0x9d,0x5e }, { 0x35,0x5d,0x01,0x8c },
+ { 0x74,0x73,0xfa,0x87 }, { 0x41,0x2e,0xfb,0x0b },
+ { 0x1d,0x5a,0xb3,0x67 }, { 0xd2,0x52,0x92,0xdb },
+ { 0x56,0x33,0xe9,0x10 }, { 0x47,0x13,0x6d,0xd6 },
+ { 0x61,0x8c,0x9a,0xd7 }, { 0x0c,0x7a,0x37,0xa1 },
+ { 0x14,0x8e,0x59,0xf8 }, { 0x3c,0x89,0xeb,0x13 },
+ { 0x27,0xee,0xce,0xa9 }, { 0xc9,0x35,0xb7,0x61 },
+ { 0xe5,0xed,0xe1,0x1c }, { 0xb1,0x3c,0x7a,0x47 },
+ { 0xdf,0x59,0x9c,0xd2 }, { 0x73,0x3f,0x55,0xf2 },
+ { 0xce,0x79,0x18,0x14 }, { 0x37,0xbf,0x73,0xc7 },
+ { 0xcd,0xea,0x53,0xf7 }, { 0xaa,0x5b,0x5f,0xfd },
+ { 0x6f,0x14,0xdf,0x3d }, { 0xdb,0x86,0x78,0x44 },
+ { 0xf3,0x81,0xca,0xaf }, { 0xc4,0x3e,0xb9,0x68 },
+ { 0x34,0x2c,0x38,0x24 }, { 0x40,0x5f,0xc2,0xa3 },
+ { 0xc3,0x72,0x16,0x1d }, { 0x25,0x0c,0xbc,0xe2 },
+ { 0x49,0x8b,0x28,0x3c }, { 0x95,0x41,0xff,0x0d },
+ { 0x01,0x71,0x39,0xa8 }, { 0xb3,0xde,0x08,0x0c },
+ { 0xe4,0x9c,0xd8,0xb4 }, { 0xc1,0x90,0x64,0x56 },
+ { 0x84,0x61,0x7b,0xcb }, { 0xb6,0x70,0xd5,0x32 },
+ { 0x5c,0x74,0x48,0x6c }, { 0x57,0x42,0xd0,0xb8 }
+ };
+
+static const unsigned char T8[256][4] =
+ {
+ { 0xf4,0xa7,0x50,0x51 }, { 0x41,0x65,0x53,0x7e },
+ { 0x17,0xa4,0xc3,0x1a }, { 0x27,0x5e,0x96,0x3a },
+ { 0xab,0x6b,0xcb,0x3b }, { 0x9d,0x45,0xf1,0x1f },
+ { 0xfa,0x58,0xab,0xac }, { 0xe3,0x03,0x93,0x4b },
+ { 0x30,0xfa,0x55,0x20 }, { 0x76,0x6d,0xf6,0xad },
+ { 0xcc,0x76,0x91,0x88 }, { 0x02,0x4c,0x25,0xf5 },
+ { 0xe5,0xd7,0xfc,0x4f }, { 0x2a,0xcb,0xd7,0xc5 },
+ { 0x35,0x44,0x80,0x26 }, { 0x62,0xa3,0x8f,0xb5 },
+ { 0xb1,0x5a,0x49,0xde }, { 0xba,0x1b,0x67,0x25 },
+ { 0xea,0x0e,0x98,0x45 }, { 0xfe,0xc0,0xe1,0x5d },
+ { 0x2f,0x75,0x02,0xc3 }, { 0x4c,0xf0,0x12,0x81 },
+ { 0x46,0x97,0xa3,0x8d }, { 0xd3,0xf9,0xc6,0x6b },
+ { 0x8f,0x5f,0xe7,0x03 }, { 0x92,0x9c,0x95,0x15 },
+ { 0x6d,0x7a,0xeb,0xbf }, { 0x52,0x59,0xda,0x95 },
+ { 0xbe,0x83,0x2d,0xd4 }, { 0x74,0x21,0xd3,0x58 },
+ { 0xe0,0x69,0x29,0x49 }, { 0xc9,0xc8,0x44,0x8e },
+ { 0xc2,0x89,0x6a,0x75 }, { 0x8e,0x79,0x78,0xf4 },
+ { 0x58,0x3e,0x6b,0x99 }, { 0xb9,0x71,0xdd,0x27 },
+ { 0xe1,0x4f,0xb6,0xbe }, { 0x88,0xad,0x17,0xf0 },
+ { 0x20,0xac,0x66,0xc9 }, { 0xce,0x3a,0xb4,0x7d },
+ { 0xdf,0x4a,0x18,0x63 }, { 0x1a,0x31,0x82,0xe5 },
+ { 0x51,0x33,0x60,0x97 }, { 0x53,0x7f,0x45,0x62 },
+ { 0x64,0x77,0xe0,0xb1 }, { 0x6b,0xae,0x84,0xbb },
+ { 0x81,0xa0,0x1c,0xfe }, { 0x08,0x2b,0x94,0xf9 },
+ { 0x48,0x68,0x58,0x70 }, { 0x45,0xfd,0x19,0x8f },
+ { 0xde,0x6c,0x87,0x94 }, { 0x7b,0xf8,0xb7,0x52 },
+ { 0x73,0xd3,0x23,0xab }, { 0x4b,0x02,0xe2,0x72 },
+ { 0x1f,0x8f,0x57,0xe3 }, { 0x55,0xab,0x2a,0x66 },
+ { 0xeb,0x28,0x07,0xb2 }, { 0xb5,0xc2,0x03,0x2f },
+ { 0xc5,0x7b,0x9a,0x86 }, { 0x37,0x08,0xa5,0xd3 },
+ { 0x28,0x87,0xf2,0x30 }, { 0xbf,0xa5,0xb2,0x23 },
+ { 0x03,0x6a,0xba,0x02 }, { 0x16,0x82,0x5c,0xed },
+ { 0xcf,0x1c,0x2b,0x8a }, { 0x79,0xb4,0x92,0xa7 },
+ { 0x07,0xf2,0xf0,0xf3 }, { 0x69,0xe2,0xa1,0x4e },
+ { 0xda,0xf4,0xcd,0x65 }, { 0x05,0xbe,0xd5,0x06 },
+ { 0x34,0x62,0x1f,0xd1 }, { 0xa6,0xfe,0x8a,0xc4 },
+ { 0x2e,0x53,0x9d,0x34 }, { 0xf3,0x55,0xa0,0xa2 },
+ { 0x8a,0xe1,0x32,0x05 }, { 0xf6,0xeb,0x75,0xa4 },
+ { 0x83,0xec,0x39,0x0b }, { 0x60,0xef,0xaa,0x40 },
+ { 0x71,0x9f,0x06,0x5e }, { 0x6e,0x10,0x51,0xbd },
+ { 0x21,0x8a,0xf9,0x3e }, { 0xdd,0x06,0x3d,0x96 },
+ { 0x3e,0x05,0xae,0xdd }, { 0xe6,0xbd,0x46,0x4d },
+ { 0x54,0x8d,0xb5,0x91 }, { 0xc4,0x5d,0x05,0x71 },
+ { 0x06,0xd4,0x6f,0x04 }, { 0x50,0x15,0xff,0x60 },
+ { 0x98,0xfb,0x24,0x19 }, { 0xbd,0xe9,0x97,0xd6 },
+ { 0x40,0x43,0xcc,0x89 }, { 0xd9,0x9e,0x77,0x67 },
+ { 0xe8,0x42,0xbd,0xb0 }, { 0x89,0x8b,0x88,0x07 },
+ { 0x19,0x5b,0x38,0xe7 }, { 0xc8,0xee,0xdb,0x79 },
+ { 0x7c,0x0a,0x47,0xa1 }, { 0x42,0x0f,0xe9,0x7c },
+ { 0x84,0x1e,0xc9,0xf8 }, { 0x00,0x00,0x00,0x00 },
+ { 0x80,0x86,0x83,0x09 }, { 0x2b,0xed,0x48,0x32 },
+ { 0x11,0x70,0xac,0x1e }, { 0x5a,0x72,0x4e,0x6c },
+ { 0x0e,0xff,0xfb,0xfd }, { 0x85,0x38,0x56,0x0f },
+ { 0xae,0xd5,0x1e,0x3d }, { 0x2d,0x39,0x27,0x36 },
+ { 0x0f,0xd9,0x64,0x0a }, { 0x5c,0xa6,0x21,0x68 },
+ { 0x5b,0x54,0xd1,0x9b }, { 0x36,0x2e,0x3a,0x24 },
+ { 0x0a,0x67,0xb1,0x0c }, { 0x57,0xe7,0x0f,0x93 },
+ { 0xee,0x96,0xd2,0xb4 }, { 0x9b,0x91,0x9e,0x1b },
+ { 0xc0,0xc5,0x4f,0x80 }, { 0xdc,0x20,0xa2,0x61 },
+ { 0x77,0x4b,0x69,0x5a }, { 0x12,0x1a,0x16,0x1c },
+ { 0x93,0xba,0x0a,0xe2 }, { 0xa0,0x2a,0xe5,0xc0 },
+ { 0x22,0xe0,0x43,0x3c }, { 0x1b,0x17,0x1d,0x12 },
+ { 0x09,0x0d,0x0b,0x0e }, { 0x8b,0xc7,0xad,0xf2 },
+ { 0xb6,0xa8,0xb9,0x2d }, { 0x1e,0xa9,0xc8,0x14 },
+ { 0xf1,0x19,0x85,0x57 }, { 0x75,0x07,0x4c,0xaf },
+ { 0x99,0xdd,0xbb,0xee }, { 0x7f,0x60,0xfd,0xa3 },
+ { 0x01,0x26,0x9f,0xf7 }, { 0x72,0xf5,0xbc,0x5c },
+ { 0x66,0x3b,0xc5,0x44 }, { 0xfb,0x7e,0x34,0x5b },
+ { 0x43,0x29,0x76,0x8b }, { 0x23,0xc6,0xdc,0xcb },
+ { 0xed,0xfc,0x68,0xb6 }, { 0xe4,0xf1,0x63,0xb8 },
+ { 0x31,0xdc,0xca,0xd7 }, { 0x63,0x85,0x10,0x42 },
+ { 0x97,0x22,0x40,0x13 }, { 0xc6,0x11,0x20,0x84 },
+ { 0x4a,0x24,0x7d,0x85 }, { 0xbb,0x3d,0xf8,0xd2 },
+ { 0xf9,0x32,0x11,0xae }, { 0x29,0xa1,0x6d,0xc7 },
+ { 0x9e,0x2f,0x4b,0x1d }, { 0xb2,0x30,0xf3,0xdc },
+ { 0x86,0x52,0xec,0x0d }, { 0xc1,0xe3,0xd0,0x77 },
+ { 0xb3,0x16,0x6c,0x2b }, { 0x70,0xb9,0x99,0xa9 },
+ { 0x94,0x48,0xfa,0x11 }, { 0xe9,0x64,0x22,0x47 },
+ { 0xfc,0x8c,0xc4,0xa8 }, { 0xf0,0x3f,0x1a,0xa0 },
+ { 0x7d,0x2c,0xd8,0x56 }, { 0x33,0x90,0xef,0x22 },
+ { 0x49,0x4e,0xc7,0x87 }, { 0x38,0xd1,0xc1,0xd9 },
+ { 0xca,0xa2,0xfe,0x8c }, { 0xd4,0x0b,0x36,0x98 },
+ { 0xf5,0x81,0xcf,0xa6 }, { 0x7a,0xde,0x28,0xa5 },
+ { 0xb7,0x8e,0x26,0xda }, { 0xad,0xbf,0xa4,0x3f },
+ { 0x3a,0x9d,0xe4,0x2c }, { 0x78,0x92,0x0d,0x50 },
+ { 0x5f,0xcc,0x9b,0x6a }, { 0x7e,0x46,0x62,0x54 },
+ { 0x8d,0x13,0xc2,0xf6 }, { 0xd8,0xb8,0xe8,0x90 },
+ { 0x39,0xf7,0x5e,0x2e }, { 0xc3,0xaf,0xf5,0x82 },
+ { 0x5d,0x80,0xbe,0x9f }, { 0xd0,0x93,0x7c,0x69 },
+ { 0xd5,0x2d,0xa9,0x6f }, { 0x25,0x12,0xb3,0xcf },
+ { 0xac,0x99,0x3b,0xc8 }, { 0x18,0x7d,0xa7,0x10 },
+ { 0x9c,0x63,0x6e,0xe8 }, { 0x3b,0xbb,0x7b,0xdb },
+ { 0x26,0x78,0x09,0xcd }, { 0x59,0x18,0xf4,0x6e },
+ { 0x9a,0xb7,0x01,0xec }, { 0x4f,0x9a,0xa8,0x83 },
+ { 0x95,0x6e,0x65,0xe6 }, { 0xff,0xe6,0x7e,0xaa },
+ { 0xbc,0xcf,0x08,0x21 }, { 0x15,0xe8,0xe6,0xef },
+ { 0xe7,0x9b,0xd9,0xba }, { 0x6f,0x36,0xce,0x4a },
+ { 0x9f,0x09,0xd4,0xea }, { 0xb0,0x7c,0xd6,0x29 },
+ { 0xa4,0xb2,0xaf,0x31 }, { 0x3f,0x23,0x31,0x2a },
+ { 0xa5,0x94,0x30,0xc6 }, { 0xa2,0x66,0xc0,0x35 },
+ { 0x4e,0xbc,0x37,0x74 }, { 0x82,0xca,0xa6,0xfc },
+ { 0x90,0xd0,0xb0,0xe0 }, { 0xa7,0xd8,0x15,0x33 },
+ { 0x04,0x98,0x4a,0xf1 }, { 0xec,0xda,0xf7,0x41 },
+ { 0xcd,0x50,0x0e,0x7f }, { 0x91,0xf6,0x2f,0x17 },
+ { 0x4d,0xd6,0x8d,0x76 }, { 0xef,0xb0,0x4d,0x43 },
+ { 0xaa,0x4d,0x54,0xcc }, { 0x96,0x04,0xdf,0xe4 },
+ { 0xd1,0xb5,0xe3,0x9e }, { 0x6a,0x88,0x1b,0x4c },
+ { 0x2c,0x1f,0xb8,0xc1 }, { 0x65,0x51,0x7f,0x46 },
+ { 0x5e,0xea,0x04,0x9d }, { 0x8c,0x35,0x5d,0x01 },
+ { 0x87,0x74,0x73,0xfa }, { 0x0b,0x41,0x2e,0xfb },
+ { 0x67,0x1d,0x5a,0xb3 }, { 0xdb,0xd2,0x52,0x92 },
+ { 0x10,0x56,0x33,0xe9 }, { 0xd6,0x47,0x13,0x6d },
+ { 0xd7,0x61,0x8c,0x9a }, { 0xa1,0x0c,0x7a,0x37 },
+ { 0xf8,0x14,0x8e,0x59 }, { 0x13,0x3c,0x89,0xeb },
+ { 0xa9,0x27,0xee,0xce }, { 0x61,0xc9,0x35,0xb7 },
+ { 0x1c,0xe5,0xed,0xe1 }, { 0x47,0xb1,0x3c,0x7a },
+ { 0xd2,0xdf,0x59,0x9c }, { 0xf2,0x73,0x3f,0x55 },
+ { 0x14,0xce,0x79,0x18 }, { 0xc7,0x37,0xbf,0x73 },
+ { 0xf7,0xcd,0xea,0x53 }, { 0xfd,0xaa,0x5b,0x5f },
+ { 0x3d,0x6f,0x14,0xdf }, { 0x44,0xdb,0x86,0x78 },
+ { 0xaf,0xf3,0x81,0xca }, { 0x68,0xc4,0x3e,0xb9 },
+ { 0x24,0x34,0x2c,0x38 }, { 0xa3,0x40,0x5f,0xc2 },
+ { 0x1d,0xc3,0x72,0x16 }, { 0xe2,0x25,0x0c,0xbc },
+ { 0x3c,0x49,0x8b,0x28 }, { 0x0d,0x95,0x41,0xff },
+ { 0xa8,0x01,0x71,0x39 }, { 0x0c,0xb3,0xde,0x08 },
+ { 0xb4,0xe4,0x9c,0xd8 }, { 0x56,0xc1,0x90,0x64 },
+ { 0xcb,0x84,0x61,0x7b }, { 0x32,0xb6,0x70,0xd5 },
+ { 0x6c,0x5c,0x74,0x48 }, { 0xb8,0x57,0x42,0xd0 }
+ };
+
+static const unsigned char S5[256] =
+ {
+ 0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38,
+ 0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb,
+ 0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87,
+ 0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb,
+ 0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d,
+ 0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e,
+ 0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2,
+ 0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25,
+ 0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16,
+ 0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92,
+ 0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda,
+ 0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84,
+ 0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a,
+ 0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06,
+ 0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02,
+ 0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b,
+ 0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea,
+ 0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73,
+ 0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85,
+ 0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e,
+ 0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89,
+ 0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b,
+ 0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20,
+ 0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4,
+ 0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31,
+ 0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f,
+ 0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d,
+ 0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef,
+ 0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0,
+ 0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61,
+ 0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26,
+ 0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d
+ };
+
+static const unsigned char U1[256][4] =
+ {
+ { 0x00,0x00,0x00,0x00 }, { 0x0e,0x09,0x0d,0x0b },
+ { 0x1c,0x12,0x1a,0x16 }, { 0x12,0x1b,0x17,0x1d },
+ { 0x38,0x24,0x34,0x2c }, { 0x36,0x2d,0x39,0x27 },
+ { 0x24,0x36,0x2e,0x3a }, { 0x2a,0x3f,0x23,0x31 },
+ { 0x70,0x48,0x68,0x58 }, { 0x7e,0x41,0x65,0x53 },
+ { 0x6c,0x5a,0x72,0x4e }, { 0x62,0x53,0x7f,0x45 },
+ { 0x48,0x6c,0x5c,0x74 }, { 0x46,0x65,0x51,0x7f },
+ { 0x54,0x7e,0x46,0x62 }, { 0x5a,0x77,0x4b,0x69 },
+ { 0xe0,0x90,0xd0,0xb0 }, { 0xee,0x99,0xdd,0xbb },
+ { 0xfc,0x82,0xca,0xa6 }, { 0xf2,0x8b,0xc7,0xad },
+ { 0xd8,0xb4,0xe4,0x9c }, { 0xd6,0xbd,0xe9,0x97 },
+ { 0xc4,0xa6,0xfe,0x8a }, { 0xca,0xaf,0xf3,0x81 },
+ { 0x90,0xd8,0xb8,0xe8 }, { 0x9e,0xd1,0xb5,0xe3 },
+ { 0x8c,0xca,0xa2,0xfe }, { 0x82,0xc3,0xaf,0xf5 },
+ { 0xa8,0xfc,0x8c,0xc4 }, { 0xa6,0xf5,0x81,0xcf },
+ { 0xb4,0xee,0x96,0xd2 }, { 0xba,0xe7,0x9b,0xd9 },
+ { 0xdb,0x3b,0xbb,0x7b }, { 0xd5,0x32,0xb6,0x70 },
+ { 0xc7,0x29,0xa1,0x6d }, { 0xc9,0x20,0xac,0x66 },
+ { 0xe3,0x1f,0x8f,0x57 }, { 0xed,0x16,0x82,0x5c },
+ { 0xff,0x0d,0x95,0x41 }, { 0xf1,0x04,0x98,0x4a },
+ { 0xab,0x73,0xd3,0x23 }, { 0xa5,0x7a,0xde,0x28 },
+ { 0xb7,0x61,0xc9,0x35 }, { 0xb9,0x68,0xc4,0x3e },
+ { 0x93,0x57,0xe7,0x0f }, { 0x9d,0x5e,0xea,0x04 },
+ { 0x8f,0x45,0xfd,0x19 }, { 0x81,0x4c,0xf0,0x12 },
+ { 0x3b,0xab,0x6b,0xcb }, { 0x35,0xa2,0x66,0xc0 },
+ { 0x27,0xb9,0x71,0xdd }, { 0x29,0xb0,0x7c,0xd6 },
+ { 0x03,0x8f,0x5f,0xe7 }, { 0x0d,0x86,0x52,0xec },
+ { 0x1f,0x9d,0x45,0xf1 }, { 0x11,0x94,0x48,0xfa },
+ { 0x4b,0xe3,0x03,0x93 }, { 0x45,0xea,0x0e,0x98 },
+ { 0x57,0xf1,0x19,0x85 }, { 0x59,0xf8,0x14,0x8e },
+ { 0x73,0xc7,0x37,0xbf }, { 0x7d,0xce,0x3a,0xb4 },
+ { 0x6f,0xd5,0x2d,0xa9 }, { 0x61,0xdc,0x20,0xa2 },
+ { 0xad,0x76,0x6d,0xf6 }, { 0xa3,0x7f,0x60,0xfd },
+ { 0xb1,0x64,0x77,0xe0 }, { 0xbf,0x6d,0x7a,0xeb },
+ { 0x95,0x52,0x59,0xda }, { 0x9b,0x5b,0x54,0xd1 },
+ { 0x89,0x40,0x43,0xcc }, { 0x87,0x49,0x4e,0xc7 },
+ { 0xdd,0x3e,0x05,0xae }, { 0xd3,0x37,0x08,0xa5 },
+ { 0xc1,0x2c,0x1f,0xb8 }, { 0xcf,0x25,0x12,0xb3 },
+ { 0xe5,0x1a,0x31,0x82 }, { 0xeb,0x13,0x3c,0x89 },
+ { 0xf9,0x08,0x2b,0x94 }, { 0xf7,0x01,0x26,0x9f },
+ { 0x4d,0xe6,0xbd,0x46 }, { 0x43,0xef,0xb0,0x4d },
+ { 0x51,0xf4,0xa7,0x50 }, { 0x5f,0xfd,0xaa,0x5b },
+ { 0x75,0xc2,0x89,0x6a }, { 0x7b,0xcb,0x84,0x61 },
+ { 0x69,0xd0,0x93,0x7c }, { 0x67,0xd9,0x9e,0x77 },
+ { 0x3d,0xae,0xd5,0x1e }, { 0x33,0xa7,0xd8,0x15 },
+ { 0x21,0xbc,0xcf,0x08 }, { 0x2f,0xb5,0xc2,0x03 },
+ { 0x05,0x8a,0xe1,0x32 }, { 0x0b,0x83,0xec,0x39 },
+ { 0x19,0x98,0xfb,0x24 }, { 0x17,0x91,0xf6,0x2f },
+ { 0x76,0x4d,0xd6,0x8d }, { 0x78,0x44,0xdb,0x86 },
+ { 0x6a,0x5f,0xcc,0x9b }, { 0x64,0x56,0xc1,0x90 },
+ { 0x4e,0x69,0xe2,0xa1 }, { 0x40,0x60,0xef,0xaa },
+ { 0x52,0x7b,0xf8,0xb7 }, { 0x5c,0x72,0xf5,0xbc },
+ { 0x06,0x05,0xbe,0xd5 }, { 0x08,0x0c,0xb3,0xde },
+ { 0x1a,0x17,0xa4,0xc3 }, { 0x14,0x1e,0xa9,0xc8 },
+ { 0x3e,0x21,0x8a,0xf9 }, { 0x30,0x28,0x87,0xf2 },
+ { 0x22,0x33,0x90,0xef }, { 0x2c,0x3a,0x9d,0xe4 },
+ { 0x96,0xdd,0x06,0x3d }, { 0x98,0xd4,0x0b,0x36 },
+ { 0x8a,0xcf,0x1c,0x2b }, { 0x84,0xc6,0x11,0x20 },
+ { 0xae,0xf9,0x32,0x11 }, { 0xa0,0xf0,0x3f,0x1a },
+ { 0xb2,0xeb,0x28,0x07 }, { 0xbc,0xe2,0x25,0x0c },
+ { 0xe6,0x95,0x6e,0x65 }, { 0xe8,0x9c,0x63,0x6e },
+ { 0xfa,0x87,0x74,0x73 }, { 0xf4,0x8e,0x79,0x78 },
+ { 0xde,0xb1,0x5a,0x49 }, { 0xd0,0xb8,0x57,0x42 },
+ { 0xc2,0xa3,0x40,0x5f }, { 0xcc,0xaa,0x4d,0x54 },
+ { 0x41,0xec,0xda,0xf7 }, { 0x4f,0xe5,0xd7,0xfc },
+ { 0x5d,0xfe,0xc0,0xe1 }, { 0x53,0xf7,0xcd,0xea },
+ { 0x79,0xc8,0xee,0xdb }, { 0x77,0xc1,0xe3,0xd0 },
+ { 0x65,0xda,0xf4,0xcd }, { 0x6b,0xd3,0xf9,0xc6 },
+ { 0x31,0xa4,0xb2,0xaf }, { 0x3f,0xad,0xbf,0xa4 },
+ { 0x2d,0xb6,0xa8,0xb9 }, { 0x23,0xbf,0xa5,0xb2 },
+ { 0x09,0x80,0x86,0x83 }, { 0x07,0x89,0x8b,0x88 },
+ { 0x15,0x92,0x9c,0x95 }, { 0x1b,0x9b,0x91,0x9e },
+ { 0xa1,0x7c,0x0a,0x47 }, { 0xaf,0x75,0x07,0x4c },
+ { 0xbd,0x6e,0x10,0x51 }, { 0xb3,0x67,0x1d,0x5a },
+ { 0x99,0x58,0x3e,0x6b }, { 0x97,0x51,0x33,0x60 },
+ { 0x85,0x4a,0x24,0x7d }, { 0x8b,0x43,0x29,0x76 },
+ { 0xd1,0x34,0x62,0x1f }, { 0xdf,0x3d,0x6f,0x14 },
+ { 0xcd,0x26,0x78,0x09 }, { 0xc3,0x2f,0x75,0x02 },
+ { 0xe9,0x10,0x56,0x33 }, { 0xe7,0x19,0x5b,0x38 },
+ { 0xf5,0x02,0x4c,0x25 }, { 0xfb,0x0b,0x41,0x2e },
+ { 0x9a,0xd7,0x61,0x8c }, { 0x94,0xde,0x6c,0x87 },
+ { 0x86,0xc5,0x7b,0x9a }, { 0x88,0xcc,0x76,0x91 },
+ { 0xa2,0xf3,0x55,0xa0 }, { 0xac,0xfa,0x58,0xab },
+ { 0xbe,0xe1,0x4f,0xb6 }, { 0xb0,0xe8,0x42,0xbd },
+ { 0xea,0x9f,0x09,0xd4 }, { 0xe4,0x96,0x04,0xdf },
+ { 0xf6,0x8d,0x13,0xc2 }, { 0xf8,0x84,0x1e,0xc9 },
+ { 0xd2,0xbb,0x3d,0xf8 }, { 0xdc,0xb2,0x30,0xf3 },
+ { 0xce,0xa9,0x27,0xee }, { 0xc0,0xa0,0x2a,0xe5 },
+ { 0x7a,0x47,0xb1,0x3c }, { 0x74,0x4e,0xbc,0x37 },
+ { 0x66,0x55,0xab,0x2a }, { 0x68,0x5c,0xa6,0x21 },
+ { 0x42,0x63,0x85,0x10 }, { 0x4c,0x6a,0x88,0x1b },
+ { 0x5e,0x71,0x9f,0x06 }, { 0x50,0x78,0x92,0x0d },
+ { 0x0a,0x0f,0xd9,0x64 }, { 0x04,0x06,0xd4,0x6f },
+ { 0x16,0x1d,0xc3,0x72 }, { 0x18,0x14,0xce,0x79 },
+ { 0x32,0x2b,0xed,0x48 }, { 0x3c,0x22,0xe0,0x43 },
+ { 0x2e,0x39,0xf7,0x5e }, { 0x20,0x30,0xfa,0x55 },
+ { 0xec,0x9a,0xb7,0x01 }, { 0xe2,0x93,0xba,0x0a },
+ { 0xf0,0x88,0xad,0x17 }, { 0xfe,0x81,0xa0,0x1c },
+ { 0xd4,0xbe,0x83,0x2d }, { 0xda,0xb7,0x8e,0x26 },
+ { 0xc8,0xac,0x99,0x3b }, { 0xc6,0xa5,0x94,0x30 },
+ { 0x9c,0xd2,0xdf,0x59 }, { 0x92,0xdb,0xd2,0x52 },
+ { 0x80,0xc0,0xc5,0x4f }, { 0x8e,0xc9,0xc8,0x44 },
+ { 0xa4,0xf6,0xeb,0x75 }, { 0xaa,0xff,0xe6,0x7e },
+ { 0xb8,0xe4,0xf1,0x63 }, { 0xb6,0xed,0xfc,0x68 },
+ { 0x0c,0x0a,0x67,0xb1 }, { 0x02,0x03,0x6a,0xba },
+ { 0x10,0x18,0x7d,0xa7 }, { 0x1e,0x11,0x70,0xac },
+ { 0x34,0x2e,0x53,0x9d }, { 0x3a,0x27,0x5e,0x96 },
+ { 0x28,0x3c,0x49,0x8b }, { 0x26,0x35,0x44,0x80 },
+ { 0x7c,0x42,0x0f,0xe9 }, { 0x72,0x4b,0x02,0xe2 },
+ { 0x60,0x50,0x15,0xff }, { 0x6e,0x59,0x18,0xf4 },
+ { 0x44,0x66,0x3b,0xc5 }, { 0x4a,0x6f,0x36,0xce },
+ { 0x58,0x74,0x21,0xd3 }, { 0x56,0x7d,0x2c,0xd8 },
+ { 0x37,0xa1,0x0c,0x7a }, { 0x39,0xa8,0x01,0x71 },
+ { 0x2b,0xb3,0x16,0x6c }, { 0x25,0xba,0x1b,0x67 },
+ { 0x0f,0x85,0x38,0x56 }, { 0x01,0x8c,0x35,0x5d },
+ { 0x13,0x97,0x22,0x40 }, { 0x1d,0x9e,0x2f,0x4b },
+ { 0x47,0xe9,0x64,0x22 }, { 0x49,0xe0,0x69,0x29 },
+ { 0x5b,0xfb,0x7e,0x34 }, { 0x55,0xf2,0x73,0x3f },
+ { 0x7f,0xcd,0x50,0x0e }, { 0x71,0xc4,0x5d,0x05 },
+ { 0x63,0xdf,0x4a,0x18 }, { 0x6d,0xd6,0x47,0x13 },
+ { 0xd7,0x31,0xdc,0xca }, { 0xd9,0x38,0xd1,0xc1 },
+ { 0xcb,0x23,0xc6,0xdc }, { 0xc5,0x2a,0xcb,0xd7 },
+ { 0xef,0x15,0xe8,0xe6 }, { 0xe1,0x1c,0xe5,0xed },
+ { 0xf3,0x07,0xf2,0xf0 }, { 0xfd,0x0e,0xff,0xfb },
+ { 0xa7,0x79,0xb4,0x92 }, { 0xa9,0x70,0xb9,0x99 },
+ { 0xbb,0x6b,0xae,0x84 }, { 0xb5,0x62,0xa3,0x8f },
+ { 0x9f,0x5d,0x80,0xbe }, { 0x91,0x54,0x8d,0xb5 },
+ { 0x83,0x4f,0x9a,0xa8 }, { 0x8d,0x46,0x97,0xa3 }
+ };
+
+static const unsigned char U2[256][4] =
+ {
+ { 0x00,0x00,0x00,0x00 }, { 0x0b,0x0e,0x09,0x0d },
+ { 0x16,0x1c,0x12,0x1a }, { 0x1d,0x12,0x1b,0x17 },
+ { 0x2c,0x38,0x24,0x34 }, { 0x27,0x36,0x2d,0x39 },
+ { 0x3a,0x24,0x36,0x2e }, { 0x31,0x2a,0x3f,0x23 },
+ { 0x58,0x70,0x48,0x68 }, { 0x53,0x7e,0x41,0x65 },
+ { 0x4e,0x6c,0x5a,0x72 }, { 0x45,0x62,0x53,0x7f },
+ { 0x74,0x48,0x6c,0x5c }, { 0x7f,0x46,0x65,0x51 },
+ { 0x62,0x54,0x7e,0x46 }, { 0x69,0x5a,0x77,0x4b },
+ { 0xb0,0xe0,0x90,0xd0 }, { 0xbb,0xee,0x99,0xdd },
+ { 0xa6,0xfc,0x82,0xca }, { 0xad,0xf2,0x8b,0xc7 },
+ { 0x9c,0xd8,0xb4,0xe4 }, { 0x97,0xd6,0xbd,0xe9 },
+ { 0x8a,0xc4,0xa6,0xfe }, { 0x81,0xca,0xaf,0xf3 },
+ { 0xe8,0x90,0xd8,0xb8 }, { 0xe3,0x9e,0xd1,0xb5 },
+ { 0xfe,0x8c,0xca,0xa2 }, { 0xf5,0x82,0xc3,0xaf },
+ { 0xc4,0xa8,0xfc,0x8c }, { 0xcf,0xa6,0xf5,0x81 },
+ { 0xd2,0xb4,0xee,0x96 }, { 0xd9,0xba,0xe7,0x9b },
+ { 0x7b,0xdb,0x3b,0xbb }, { 0x70,0xd5,0x32,0xb6 },
+ { 0x6d,0xc7,0x29,0xa1 }, { 0x66,0xc9,0x20,0xac },
+ { 0x57,0xe3,0x1f,0x8f }, { 0x5c,0xed,0x16,0x82 },
+ { 0x41,0xff,0x0d,0x95 }, { 0x4a,0xf1,0x04,0x98 },
+ { 0x23,0xab,0x73,0xd3 }, { 0x28,0xa5,0x7a,0xde },
+ { 0x35,0xb7,0x61,0xc9 }, { 0x3e,0xb9,0x68,0xc4 },
+ { 0x0f,0x93,0x57,0xe7 }, { 0x04,0x9d,0x5e,0xea },
+ { 0x19,0x8f,0x45,0xfd }, { 0x12,0x81,0x4c,0xf0 },
+ { 0xcb,0x3b,0xab,0x6b }, { 0xc0,0x35,0xa2,0x66 },
+ { 0xdd,0x27,0xb9,0x71 }, { 0xd6,0x29,0xb0,0x7c },
+ { 0xe7,0x03,0x8f,0x5f }, { 0xec,0x0d,0x86,0x52 },
+ { 0xf1,0x1f,0x9d,0x45 }, { 0xfa,0x11,0x94,0x48 },
+ { 0x93,0x4b,0xe3,0x03 }, { 0x98,0x45,0xea,0x0e },
+ { 0x85,0x57,0xf1,0x19 }, { 0x8e,0x59,0xf8,0x14 },
+ { 0xbf,0x73,0xc7,0x37 }, { 0xb4,0x7d,0xce,0x3a },
+ { 0xa9,0x6f,0xd5,0x2d }, { 0xa2,0x61,0xdc,0x20 },
+ { 0xf6,0xad,0x76,0x6d }, { 0xfd,0xa3,0x7f,0x60 },
+ { 0xe0,0xb1,0x64,0x77 }, { 0xeb,0xbf,0x6d,0x7a },
+ { 0xda,0x95,0x52,0x59 }, { 0xd1,0x9b,0x5b,0x54 },
+ { 0xcc,0x89,0x40,0x43 }, { 0xc7,0x87,0x49,0x4e },
+ { 0xae,0xdd,0x3e,0x05 }, { 0xa5,0xd3,0x37,0x08 },
+ { 0xb8,0xc1,0x2c,0x1f }, { 0xb3,0xcf,0x25,0x12 },
+ { 0x82,0xe5,0x1a,0x31 }, { 0x89,0xeb,0x13,0x3c },
+ { 0x94,0xf9,0x08,0x2b }, { 0x9f,0xf7,0x01,0x26 },
+ { 0x46,0x4d,0xe6,0xbd }, { 0x4d,0x43,0xef,0xb0 },
+ { 0x50,0x51,0xf4,0xa7 }, { 0x5b,0x5f,0xfd,0xaa },
+ { 0x6a,0x75,0xc2,0x89 }, { 0x61,0x7b,0xcb,0x84 },
+ { 0x7c,0x69,0xd0,0x93 }, { 0x77,0x67,0xd9,0x9e },
+ { 0x1e,0x3d,0xae,0xd5 }, { 0x15,0x33,0xa7,0xd8 },
+ { 0x08,0x21,0xbc,0xcf }, { 0x03,0x2f,0xb5,0xc2 },
+ { 0x32,0x05,0x8a,0xe1 }, { 0x39,0x0b,0x83,0xec },
+ { 0x24,0x19,0x98,0xfb }, { 0x2f,0x17,0x91,0xf6 },
+ { 0x8d,0x76,0x4d,0xd6 }, { 0x86,0x78,0x44,0xdb },
+ { 0x9b,0x6a,0x5f,0xcc }, { 0x90,0x64,0x56,0xc1 },
+ { 0xa1,0x4e,0x69,0xe2 }, { 0xaa,0x40,0x60,0xef },
+ { 0xb7,0x52,0x7b,0xf8 }, { 0xbc,0x5c,0x72,0xf5 },
+ { 0xd5,0x06,0x05,0xbe }, { 0xde,0x08,0x0c,0xb3 },
+ { 0xc3,0x1a,0x17,0xa4 }, { 0xc8,0x14,0x1e,0xa9 },
+ { 0xf9,0x3e,0x21,0x8a }, { 0xf2,0x30,0x28,0x87 },
+ { 0xef,0x22,0x33,0x90 }, { 0xe4,0x2c,0x3a,0x9d },
+ { 0x3d,0x96,0xdd,0x06 }, { 0x36,0x98,0xd4,0x0b },
+ { 0x2b,0x8a,0xcf,0x1c }, { 0x20,0x84,0xc6,0x11 },
+ { 0x11,0xae,0xf9,0x32 }, { 0x1a,0xa0,0xf0,0x3f },
+ { 0x07,0xb2,0xeb,0x28 }, { 0x0c,0xbc,0xe2,0x25 },
+ { 0x65,0xe6,0x95,0x6e }, { 0x6e,0xe8,0x9c,0x63 },
+ { 0x73,0xfa,0x87,0x74 }, { 0x78,0xf4,0x8e,0x79 },
+ { 0x49,0xde,0xb1,0x5a }, { 0x42,0xd0,0xb8,0x57 },
+ { 0x5f,0xc2,0xa3,0x40 }, { 0x54,0xcc,0xaa,0x4d },
+ { 0xf7,0x41,0xec,0xda }, { 0xfc,0x4f,0xe5,0xd7 },
+ { 0xe1,0x5d,0xfe,0xc0 }, { 0xea,0x53,0xf7,0xcd },
+ { 0xdb,0x79,0xc8,0xee }, { 0xd0,0x77,0xc1,0xe3 },
+ { 0xcd,0x65,0xda,0xf4 }, { 0xc6,0x6b,0xd3,0xf9 },
+ { 0xaf,0x31,0xa4,0xb2 }, { 0xa4,0x3f,0xad,0xbf },
+ { 0xb9,0x2d,0xb6,0xa8 }, { 0xb2,0x23,0xbf,0xa5 },
+ { 0x83,0x09,0x80,0x86 }, { 0x88,0x07,0x89,0x8b },
+ { 0x95,0x15,0x92,0x9c }, { 0x9e,0x1b,0x9b,0x91 },
+ { 0x47,0xa1,0x7c,0x0a }, { 0x4c,0xaf,0x75,0x07 },
+ { 0x51,0xbd,0x6e,0x10 }, { 0x5a,0xb3,0x67,0x1d },
+ { 0x6b,0x99,0x58,0x3e }, { 0x60,0x97,0x51,0x33 },
+ { 0x7d,0x85,0x4a,0x24 }, { 0x76,0x8b,0x43,0x29 },
+ { 0x1f,0xd1,0x34,0x62 }, { 0x14,0xdf,0x3d,0x6f },
+ { 0x09,0xcd,0x26,0x78 }, { 0x02,0xc3,0x2f,0x75 },
+ { 0x33,0xe9,0x10,0x56 }, { 0x38,0xe7,0x19,0x5b },
+ { 0x25,0xf5,0x02,0x4c }, { 0x2e,0xfb,0x0b,0x41 },
+ { 0x8c,0x9a,0xd7,0x61 }, { 0x87,0x94,0xde,0x6c },
+ { 0x9a,0x86,0xc5,0x7b }, { 0x91,0x88,0xcc,0x76 },
+ { 0xa0,0xa2,0xf3,0x55 }, { 0xab,0xac,0xfa,0x58 },
+ { 0xb6,0xbe,0xe1,0x4f }, { 0xbd,0xb0,0xe8,0x42 },
+ { 0xd4,0xea,0x9f,0x09 }, { 0xdf,0xe4,0x96,0x04 },
+ { 0xc2,0xf6,0x8d,0x13 }, { 0xc9,0xf8,0x84,0x1e },
+ { 0xf8,0xd2,0xbb,0x3d }, { 0xf3,0xdc,0xb2,0x30 },
+ { 0xee,0xce,0xa9,0x27 }, { 0xe5,0xc0,0xa0,0x2a },
+ { 0x3c,0x7a,0x47,0xb1 }, { 0x37,0x74,0x4e,0xbc },
+ { 0x2a,0x66,0x55,0xab }, { 0x21,0x68,0x5c,0xa6 },
+ { 0x10,0x42,0x63,0x85 }, { 0x1b,0x4c,0x6a,0x88 },
+ { 0x06,0x5e,0x71,0x9f }, { 0x0d,0x50,0x78,0x92 },
+ { 0x64,0x0a,0x0f,0xd9 }, { 0x6f,0x04,0x06,0xd4 },
+ { 0x72,0x16,0x1d,0xc3 }, { 0x79,0x18,0x14,0xce },
+ { 0x48,0x32,0x2b,0xed }, { 0x43,0x3c,0x22,0xe0 },
+ { 0x5e,0x2e,0x39,0xf7 }, { 0x55,0x20,0x30,0xfa },
+ { 0x01,0xec,0x9a,0xb7 }, { 0x0a,0xe2,0x93,0xba },
+ { 0x17,0xf0,0x88,0xad }, { 0x1c,0xfe,0x81,0xa0 },
+ { 0x2d,0xd4,0xbe,0x83 }, { 0x26,0xda,0xb7,0x8e },
+ { 0x3b,0xc8,0xac,0x99 }, { 0x30,0xc6,0xa5,0x94 },
+ { 0x59,0x9c,0xd2,0xdf }, { 0x52,0x92,0xdb,0xd2 },
+ { 0x4f,0x80,0xc0,0xc5 }, { 0x44,0x8e,0xc9,0xc8 },
+ { 0x75,0xa4,0xf6,0xeb }, { 0x7e,0xaa,0xff,0xe6 },
+ { 0x63,0xb8,0xe4,0xf1 }, { 0x68,0xb6,0xed,0xfc },
+ { 0xb1,0x0c,0x0a,0x67 }, { 0xba,0x02,0x03,0x6a },
+ { 0xa7,0x10,0x18,0x7d }, { 0xac,0x1e,0x11,0x70 },
+ { 0x9d,0x34,0x2e,0x53 }, { 0x96,0x3a,0x27,0x5e },
+ { 0x8b,0x28,0x3c,0x49 }, { 0x80,0x26,0x35,0x44 },
+ { 0xe9,0x7c,0x42,0x0f }, { 0xe2,0x72,0x4b,0x02 },
+ { 0xff,0x60,0x50,0x15 }, { 0xf4,0x6e,0x59,0x18 },
+ { 0xc5,0x44,0x66,0x3b }, { 0xce,0x4a,0x6f,0x36 },
+ { 0xd3,0x58,0x74,0x21 }, { 0xd8,0x56,0x7d,0x2c },
+ { 0x7a,0x37,0xa1,0x0c }, { 0x71,0x39,0xa8,0x01 },
+ { 0x6c,0x2b,0xb3,0x16 }, { 0x67,0x25,0xba,0x1b },
+ { 0x56,0x0f,0x85,0x38 }, { 0x5d,0x01,0x8c,0x35 },
+ { 0x40,0x13,0x97,0x22 }, { 0x4b,0x1d,0x9e,0x2f },
+ { 0x22,0x47,0xe9,0x64 }, { 0x29,0x49,0xe0,0x69 },
+ { 0x34,0x5b,0xfb,0x7e }, { 0x3f,0x55,0xf2,0x73 },
+ { 0x0e,0x7f,0xcd,0x50 }, { 0x05,0x71,0xc4,0x5d },
+ { 0x18,0x63,0xdf,0x4a }, { 0x13,0x6d,0xd6,0x47 },
+ { 0xca,0xd7,0x31,0xdc }, { 0xc1,0xd9,0x38,0xd1 },
+ { 0xdc,0xcb,0x23,0xc6 }, { 0xd7,0xc5,0x2a,0xcb },
+ { 0xe6,0xef,0x15,0xe8 }, { 0xed,0xe1,0x1c,0xe5 },
+ { 0xf0,0xf3,0x07,0xf2 }, { 0xfb,0xfd,0x0e,0xff },
+ { 0x92,0xa7,0x79,0xb4 }, { 0x99,0xa9,0x70,0xb9 },
+ { 0x84,0xbb,0x6b,0xae }, { 0x8f,0xb5,0x62,0xa3 },
+ { 0xbe,0x9f,0x5d,0x80 }, { 0xb5,0x91,0x54,0x8d },
+ { 0xa8,0x83,0x4f,0x9a }, { 0xa3,0x8d,0x46,0x97 }
+ };
+
+static const unsigned char U3[256][4] =
+ {
+ { 0x00,0x00,0x00,0x00 }, { 0x0d,0x0b,0x0e,0x09 },
+ { 0x1a,0x16,0x1c,0x12 }, { 0x17,0x1d,0x12,0x1b },
+ { 0x34,0x2c,0x38,0x24 }, { 0x39,0x27,0x36,0x2d },
+ { 0x2e,0x3a,0x24,0x36 }, { 0x23,0x31,0x2a,0x3f },
+ { 0x68,0x58,0x70,0x48 }, { 0x65,0x53,0x7e,0x41 },
+ { 0x72,0x4e,0x6c,0x5a }, { 0x7f,0x45,0x62,0x53 },
+ { 0x5c,0x74,0x48,0x6c }, { 0x51,0x7f,0x46,0x65 },
+ { 0x46,0x62,0x54,0x7e }, { 0x4b,0x69,0x5a,0x77 },
+ { 0xd0,0xb0,0xe0,0x90 }, { 0xdd,0xbb,0xee,0x99 },
+ { 0xca,0xa6,0xfc,0x82 }, { 0xc7,0xad,0xf2,0x8b },
+ { 0xe4,0x9c,0xd8,0xb4 }, { 0xe9,0x97,0xd6,0xbd },
+ { 0xfe,0x8a,0xc4,0xa6 }, { 0xf3,0x81,0xca,0xaf },
+ { 0xb8,0xe8,0x90,0xd8 }, { 0xb5,0xe3,0x9e,0xd1 },
+ { 0xa2,0xfe,0x8c,0xca }, { 0xaf,0xf5,0x82,0xc3 },
+ { 0x8c,0xc4,0xa8,0xfc }, { 0x81,0xcf,0xa6,0xf5 },
+ { 0x96,0xd2,0xb4,0xee }, { 0x9b,0xd9,0xba,0xe7 },
+ { 0xbb,0x7b,0xdb,0x3b }, { 0xb6,0x70,0xd5,0x32 },
+ { 0xa1,0x6d,0xc7,0x29 }, { 0xac,0x66,0xc9,0x20 },
+ { 0x8f,0x57,0xe3,0x1f }, { 0x82,0x5c,0xed,0x16 },
+ { 0x95,0x41,0xff,0x0d }, { 0x98,0x4a,0xf1,0x04 },
+ { 0xd3,0x23,0xab,0x73 }, { 0xde,0x28,0xa5,0x7a },
+ { 0xc9,0x35,0xb7,0x61 }, { 0xc4,0x3e,0xb9,0x68 },
+ { 0xe7,0x0f,0x93,0x57 }, { 0xea,0x04,0x9d,0x5e },
+ { 0xfd,0x19,0x8f,0x45 }, { 0xf0,0x12,0x81,0x4c },
+ { 0x6b,0xcb,0x3b,0xab }, { 0x66,0xc0,0x35,0xa2 },
+ { 0x71,0xdd,0x27,0xb9 }, { 0x7c,0xd6,0x29,0xb0 },
+ { 0x5f,0xe7,0x03,0x8f }, { 0x52,0xec,0x0d,0x86 },
+ { 0x45,0xf1,0x1f,0x9d }, { 0x48,0xfa,0x11,0x94 },
+ { 0x03,0x93,0x4b,0xe3 }, { 0x0e,0x98,0x45,0xea },
+ { 0x19,0x85,0x57,0xf1 }, { 0x14,0x8e,0x59,0xf8 },
+ { 0x37,0xbf,0x73,0xc7 }, { 0x3a,0xb4,0x7d,0xce },
+ { 0x2d,0xa9,0x6f,0xd5 }, { 0x20,0xa2,0x61,0xdc },
+ { 0x6d,0xf6,0xad,0x76 }, { 0x60,0xfd,0xa3,0x7f },
+ { 0x77,0xe0,0xb1,0x64 }, { 0x7a,0xeb,0xbf,0x6d },
+ { 0x59,0xda,0x95,0x52 }, { 0x54,0xd1,0x9b,0x5b },
+ { 0x43,0xcc,0x89,0x40 }, { 0x4e,0xc7,0x87,0x49 },
+ { 0x05,0xae,0xdd,0x3e }, { 0x08,0xa5,0xd3,0x37 },
+ { 0x1f,0xb8,0xc1,0x2c }, { 0x12,0xb3,0xcf,0x25 },
+ { 0x31,0x82,0xe5,0x1a }, { 0x3c,0x89,0xeb,0x13 },
+ { 0x2b,0x94,0xf9,0x08 }, { 0x26,0x9f,0xf7,0x01 },
+ { 0xbd,0x46,0x4d,0xe6 }, { 0xb0,0x4d,0x43,0xef },
+ { 0xa7,0x50,0x51,0xf4 }, { 0xaa,0x5b,0x5f,0xfd },
+ { 0x89,0x6a,0x75,0xc2 }, { 0x84,0x61,0x7b,0xcb },
+ { 0x93,0x7c,0x69,0xd0 }, { 0x9e,0x77,0x67,0xd9 },
+ { 0xd5,0x1e,0x3d,0xae }, { 0xd8,0x15,0x33,0xa7 },
+ { 0xcf,0x08,0x21,0xbc }, { 0xc2,0x03,0x2f,0xb5 },
+ { 0xe1,0x32,0x05,0x8a }, { 0xec,0x39,0x0b,0x83 },
+ { 0xfb,0x24,0x19,0x98 }, { 0xf6,0x2f,0x17,0x91 },
+ { 0xd6,0x8d,0x76,0x4d }, { 0xdb,0x86,0x78,0x44 },
+ { 0xcc,0x9b,0x6a,0x5f }, { 0xc1,0x90,0x64,0x56 },
+ { 0xe2,0xa1,0x4e,0x69 }, { 0xef,0xaa,0x40,0x60 },
+ { 0xf8,0xb7,0x52,0x7b }, { 0xf5,0xbc,0x5c,0x72 },
+ { 0xbe,0xd5,0x06,0x05 }, { 0xb3,0xde,0x08,0x0c },
+ { 0xa4,0xc3,0x1a,0x17 }, { 0xa9,0xc8,0x14,0x1e },
+ { 0x8a,0xf9,0x3e,0x21 }, { 0x87,0xf2,0x30,0x28 },
+ { 0x90,0xef,0x22,0x33 }, { 0x9d,0xe4,0x2c,0x3a },
+ { 0x06,0x3d,0x96,0xdd }, { 0x0b,0x36,0x98,0xd4 },
+ { 0x1c,0x2b,0x8a,0xcf }, { 0x11,0x20,0x84,0xc6 },
+ { 0x32,0x11,0xae,0xf9 }, { 0x3f,0x1a,0xa0,0xf0 },
+ { 0x28,0x07,0xb2,0xeb }, { 0x25,0x0c,0xbc,0xe2 },
+ { 0x6e,0x65,0xe6,0x95 }, { 0x63,0x6e,0xe8,0x9c },
+ { 0x74,0x73,0xfa,0x87 }, { 0x79,0x78,0xf4,0x8e },
+ { 0x5a,0x49,0xde,0xb1 }, { 0x57,0x42,0xd0,0xb8 },
+ { 0x40,0x5f,0xc2,0xa3 }, { 0x4d,0x54,0xcc,0xaa },
+ { 0xda,0xf7,0x41,0xec }, { 0xd7,0xfc,0x4f,0xe5 },
+ { 0xc0,0xe1,0x5d,0xfe }, { 0xcd,0xea,0x53,0xf7 },
+ { 0xee,0xdb,0x79,0xc8 }, { 0xe3,0xd0,0x77,0xc1 },
+ { 0xf4,0xcd,0x65,0xda }, { 0xf9,0xc6,0x6b,0xd3 },
+ { 0xb2,0xaf,0x31,0xa4 }, { 0xbf,0xa4,0x3f,0xad },
+ { 0xa8,0xb9,0x2d,0xb6 }, { 0xa5,0xb2,0x23,0xbf },
+ { 0x86,0x83,0x09,0x80 }, { 0x8b,0x88,0x07,0x89 },
+ { 0x9c,0x95,0x15,0x92 }, { 0x91,0x9e,0x1b,0x9b },
+ { 0x0a,0x47,0xa1,0x7c }, { 0x07,0x4c,0xaf,0x75 },
+ { 0x10,0x51,0xbd,0x6e }, { 0x1d,0x5a,0xb3,0x67 },
+ { 0x3e,0x6b,0x99,0x58 }, { 0x33,0x60,0x97,0x51 },
+ { 0x24,0x7d,0x85,0x4a }, { 0x29,0x76,0x8b,0x43 },
+ { 0x62,0x1f,0xd1,0x34 }, { 0x6f,0x14,0xdf,0x3d },
+ { 0x78,0x09,0xcd,0x26 }, { 0x75,0x02,0xc3,0x2f },
+ { 0x56,0x33,0xe9,0x10 }, { 0x5b,0x38,0xe7,0x19 },
+ { 0x4c,0x25,0xf5,0x02 }, { 0x41,0x2e,0xfb,0x0b },
+ { 0x61,0x8c,0x9a,0xd7 }, { 0x6c,0x87,0x94,0xde },
+ { 0x7b,0x9a,0x86,0xc5 }, { 0x76,0x91,0x88,0xcc },
+ { 0x55,0xa0,0xa2,0xf3 }, { 0x58,0xab,0xac,0xfa },
+ { 0x4f,0xb6,0xbe,0xe1 }, { 0x42,0xbd,0xb0,0xe8 },
+ { 0x09,0xd4,0xea,0x9f }, { 0x04,0xdf,0xe4,0x96 },
+ { 0x13,0xc2,0xf6,0x8d }, { 0x1e,0xc9,0xf8,0x84 },
+ { 0x3d,0xf8,0xd2,0xbb }, { 0x30,0xf3,0xdc,0xb2 },
+ { 0x27,0xee,0xce,0xa9 }, { 0x2a,0xe5,0xc0,0xa0 },
+ { 0xb1,0x3c,0x7a,0x47 }, { 0xbc,0x37,0x74,0x4e },
+ { 0xab,0x2a,0x66,0x55 }, { 0xa6,0x21,0x68,0x5c },
+ { 0x85,0x10,0x42,0x63 }, { 0x88,0x1b,0x4c,0x6a },
+ { 0x9f,0x06,0x5e,0x71 }, { 0x92,0x0d,0x50,0x78 },
+ { 0xd9,0x64,0x0a,0x0f }, { 0xd4,0x6f,0x04,0x06 },
+ { 0xc3,0x72,0x16,0x1d }, { 0xce,0x79,0x18,0x14 },
+ { 0xed,0x48,0x32,0x2b }, { 0xe0,0x43,0x3c,0x22 },
+ { 0xf7,0x5e,0x2e,0x39 }, { 0xfa,0x55,0x20,0x30 },
+ { 0xb7,0x01,0xec,0x9a }, { 0xba,0x0a,0xe2,0x93 },
+ { 0xad,0x17,0xf0,0x88 }, { 0xa0,0x1c,0xfe,0x81 },
+ { 0x83,0x2d,0xd4,0xbe }, { 0x8e,0x26,0xda,0xb7 },
+ { 0x99,0x3b,0xc8,0xac }, { 0x94,0x30,0xc6,0xa5 },
+ { 0xdf,0x59,0x9c,0xd2 }, { 0xd2,0x52,0x92,0xdb },
+ { 0xc5,0x4f,0x80,0xc0 }, { 0xc8,0x44,0x8e,0xc9 },
+ { 0xeb,0x75,0xa4,0xf6 }, { 0xe6,0x7e,0xaa,0xff },
+ { 0xf1,0x63,0xb8,0xe4 }, { 0xfc,0x68,0xb6,0xed },
+ { 0x67,0xb1,0x0c,0x0a }, { 0x6a,0xba,0x02,0x03 },
+ { 0x7d,0xa7,0x10,0x18 }, { 0x70,0xac,0x1e,0x11 },
+ { 0x53,0x9d,0x34,0x2e }, { 0x5e,0x96,0x3a,0x27 },
+ { 0x49,0x8b,0x28,0x3c }, { 0x44,0x80,0x26,0x35 },
+ { 0x0f,0xe9,0x7c,0x42 }, { 0x02,0xe2,0x72,0x4b },
+ { 0x15,0xff,0x60,0x50 }, { 0x18,0xf4,0x6e,0x59 },
+ { 0x3b,0xc5,0x44,0x66 }, { 0x36,0xce,0x4a,0x6f },
+ { 0x21,0xd3,0x58,0x74 }, { 0x2c,0xd8,0x56,0x7d },
+ { 0x0c,0x7a,0x37,0xa1 }, { 0x01,0x71,0x39,0xa8 },
+ { 0x16,0x6c,0x2b,0xb3 }, { 0x1b,0x67,0x25,0xba },
+ { 0x38,0x56,0x0f,0x85 }, { 0x35,0x5d,0x01,0x8c },
+ { 0x22,0x40,0x13,0x97 }, { 0x2f,0x4b,0x1d,0x9e },
+ { 0x64,0x22,0x47,0xe9 }, { 0x69,0x29,0x49,0xe0 },
+ { 0x7e,0x34,0x5b,0xfb }, { 0x73,0x3f,0x55,0xf2 },
+ { 0x50,0x0e,0x7f,0xcd }, { 0x5d,0x05,0x71,0xc4 },
+ { 0x4a,0x18,0x63,0xdf }, { 0x47,0x13,0x6d,0xd6 },
+ { 0xdc,0xca,0xd7,0x31 }, { 0xd1,0xc1,0xd9,0x38 },
+ { 0xc6,0xdc,0xcb,0x23 }, { 0xcb,0xd7,0xc5,0x2a },
+ { 0xe8,0xe6,0xef,0x15 }, { 0xe5,0xed,0xe1,0x1c },
+ { 0xf2,0xf0,0xf3,0x07 }, { 0xff,0xfb,0xfd,0x0e },
+ { 0xb4,0x92,0xa7,0x79 }, { 0xb9,0x99,0xa9,0x70 },
+ { 0xae,0x84,0xbb,0x6b }, { 0xa3,0x8f,0xb5,0x62 },
+ { 0x80,0xbe,0x9f,0x5d }, { 0x8d,0xb5,0x91,0x54 },
+ { 0x9a,0xa8,0x83,0x4f }, { 0x97,0xa3,0x8d,0x46 }
+ };
+
+static const unsigned char U4[256][4] =
+ {
+ { 0x00,0x00,0x00,0x00 }, { 0x09,0x0d,0x0b,0x0e },
+ { 0x12,0x1a,0x16,0x1c }, { 0x1b,0x17,0x1d,0x12 },
+ { 0x24,0x34,0x2c,0x38 }, { 0x2d,0x39,0x27,0x36 },
+ { 0x36,0x2e,0x3a,0x24 }, { 0x3f,0x23,0x31,0x2a },
+ { 0x48,0x68,0x58,0x70 }, { 0x41,0x65,0x53,0x7e },
+ { 0x5a,0x72,0x4e,0x6c }, { 0x53,0x7f,0x45,0x62 },
+ { 0x6c,0x5c,0x74,0x48 }, { 0x65,0x51,0x7f,0x46 },
+ { 0x7e,0x46,0x62,0x54 }, { 0x77,0x4b,0x69,0x5a },
+ { 0x90,0xd0,0xb0,0xe0 }, { 0x99,0xdd,0xbb,0xee },
+ { 0x82,0xca,0xa6,0xfc }, { 0x8b,0xc7,0xad,0xf2 },
+ { 0xb4,0xe4,0x9c,0xd8 }, { 0xbd,0xe9,0x97,0xd6 },
+ { 0xa6,0xfe,0x8a,0xc4 }, { 0xaf,0xf3,0x81,0xca },
+ { 0xd8,0xb8,0xe8,0x90 }, { 0xd1,0xb5,0xe3,0x9e },
+ { 0xca,0xa2,0xfe,0x8c }, { 0xc3,0xaf,0xf5,0x82 },
+ { 0xfc,0x8c,0xc4,0xa8 }, { 0xf5,0x81,0xcf,0xa6 },
+ { 0xee,0x96,0xd2,0xb4 }, { 0xe7,0x9b,0xd9,0xba },
+ { 0x3b,0xbb,0x7b,0xdb }, { 0x32,0xb6,0x70,0xd5 },
+ { 0x29,0xa1,0x6d,0xc7 }, { 0x20,0xac,0x66,0xc9 },
+ { 0x1f,0x8f,0x57,0xe3 }, { 0x16,0x82,0x5c,0xed },
+ { 0x0d,0x95,0x41,0xff }, { 0x04,0x98,0x4a,0xf1 },
+ { 0x73,0xd3,0x23,0xab }, { 0x7a,0xde,0x28,0xa5 },
+ { 0x61,0xc9,0x35,0xb7 }, { 0x68,0xc4,0x3e,0xb9 },
+ { 0x57,0xe7,0x0f,0x93 }, { 0x5e,0xea,0x04,0x9d },
+ { 0x45,0xfd,0x19,0x8f }, { 0x4c,0xf0,0x12,0x81 },
+ { 0xab,0x6b,0xcb,0x3b }, { 0xa2,0x66,0xc0,0x35 },
+ { 0xb9,0x71,0xdd,0x27 }, { 0xb0,0x7c,0xd6,0x29 },
+ { 0x8f,0x5f,0xe7,0x03 }, { 0x86,0x52,0xec,0x0d },
+ { 0x9d,0x45,0xf1,0x1f }, { 0x94,0x48,0xfa,0x11 },
+ { 0xe3,0x03,0x93,0x4b }, { 0xea,0x0e,0x98,0x45 },
+ { 0xf1,0x19,0x85,0x57 }, { 0xf8,0x14,0x8e,0x59 },
+ { 0xc7,0x37,0xbf,0x73 }, { 0xce,0x3a,0xb4,0x7d },
+ { 0xd5,0x2d,0xa9,0x6f }, { 0xdc,0x20,0xa2,0x61 },
+ { 0x76,0x6d,0xf6,0xad }, { 0x7f,0x60,0xfd,0xa3 },
+ { 0x64,0x77,0xe0,0xb1 }, { 0x6d,0x7a,0xeb,0xbf },
+ { 0x52,0x59,0xda,0x95 }, { 0x5b,0x54,0xd1,0x9b },
+ { 0x40,0x43,0xcc,0x89 }, { 0x49,0x4e,0xc7,0x87 },
+ { 0x3e,0x05,0xae,0xdd }, { 0x37,0x08,0xa5,0xd3 },
+ { 0x2c,0x1f,0xb8,0xc1 }, { 0x25,0x12,0xb3,0xcf },
+ { 0x1a,0x31,0x82,0xe5 }, { 0x13,0x3c,0x89,0xeb },
+ { 0x08,0x2b,0x94,0xf9 }, { 0x01,0x26,0x9f,0xf7 },
+ { 0xe6,0xbd,0x46,0x4d }, { 0xef,0xb0,0x4d,0x43 },
+ { 0xf4,0xa7,0x50,0x51 }, { 0xfd,0xaa,0x5b,0x5f },
+ { 0xc2,0x89,0x6a,0x75 }, { 0xcb,0x84,0x61,0x7b },
+ { 0xd0,0x93,0x7c,0x69 }, { 0xd9,0x9e,0x77,0x67 },
+ { 0xae,0xd5,0x1e,0x3d }, { 0xa7,0xd8,0x15,0x33 },
+ { 0xbc,0xcf,0x08,0x21 }, { 0xb5,0xc2,0x03,0x2f },
+ { 0x8a,0xe1,0x32,0x05 }, { 0x83,0xec,0x39,0x0b },
+ { 0x98,0xfb,0x24,0x19 }, { 0x91,0xf6,0x2f,0x17 },
+ { 0x4d,0xd6,0x8d,0x76 }, { 0x44,0xdb,0x86,0x78 },
+ { 0x5f,0xcc,0x9b,0x6a }, { 0x56,0xc1,0x90,0x64 },
+ { 0x69,0xe2,0xa1,0x4e }, { 0x60,0xef,0xaa,0x40 },
+ { 0x7b,0xf8,0xb7,0x52 }, { 0x72,0xf5,0xbc,0x5c },
+ { 0x05,0xbe,0xd5,0x06 }, { 0x0c,0xb3,0xde,0x08 },
+ { 0x17,0xa4,0xc3,0x1a }, { 0x1e,0xa9,0xc8,0x14 },
+ { 0x21,0x8a,0xf9,0x3e }, { 0x28,0x87,0xf2,0x30 },
+ { 0x33,0x90,0xef,0x22 }, { 0x3a,0x9d,0xe4,0x2c },
+ { 0xdd,0x06,0x3d,0x96 }, { 0xd4,0x0b,0x36,0x98 },
+ { 0xcf,0x1c,0x2b,0x8a }, { 0xc6,0x11,0x20,0x84 },
+ { 0xf9,0x32,0x11,0xae }, { 0xf0,0x3f,0x1a,0xa0 },
+ { 0xeb,0x28,0x07,0xb2 }, { 0xe2,0x25,0x0c,0xbc },
+ { 0x95,0x6e,0x65,0xe6 }, { 0x9c,0x63,0x6e,0xe8 },
+ { 0x87,0x74,0x73,0xfa }, { 0x8e,0x79,0x78,0xf4 },
+ { 0xb1,0x5a,0x49,0xde }, { 0xb8,0x57,0x42,0xd0 },
+ { 0xa3,0x40,0x5f,0xc2 }, { 0xaa,0x4d,0x54,0xcc },
+ { 0xec,0xda,0xf7,0x41 }, { 0xe5,0xd7,0xfc,0x4f },
+ { 0xfe,0xc0,0xe1,0x5d }, { 0xf7,0xcd,0xea,0x53 },
+ { 0xc8,0xee,0xdb,0x79 }, { 0xc1,0xe3,0xd0,0x77 },
+ { 0xda,0xf4,0xcd,0x65 }, { 0xd3,0xf9,0xc6,0x6b },
+ { 0xa4,0xb2,0xaf,0x31 }, { 0xad,0xbf,0xa4,0x3f },
+ { 0xb6,0xa8,0xb9,0x2d }, { 0xbf,0xa5,0xb2,0x23 },
+ { 0x80,0x86,0x83,0x09 }, { 0x89,0x8b,0x88,0x07 },
+ { 0x92,0x9c,0x95,0x15 }, { 0x9b,0x91,0x9e,0x1b },
+ { 0x7c,0x0a,0x47,0xa1 }, { 0x75,0x07,0x4c,0xaf },
+ { 0x6e,0x10,0x51,0xbd }, { 0x67,0x1d,0x5a,0xb3 },
+ { 0x58,0x3e,0x6b,0x99 }, { 0x51,0x33,0x60,0x97 },
+ { 0x4a,0x24,0x7d,0x85 }, { 0x43,0x29,0x76,0x8b },
+ { 0x34,0x62,0x1f,0xd1 }, { 0x3d,0x6f,0x14,0xdf },
+ { 0x26,0x78,0x09,0xcd }, { 0x2f,0x75,0x02,0xc3 },
+ { 0x10,0x56,0x33,0xe9 }, { 0x19,0x5b,0x38,0xe7 },
+ { 0x02,0x4c,0x25,0xf5 }, { 0x0b,0x41,0x2e,0xfb },
+ { 0xd7,0x61,0x8c,0x9a }, { 0xde,0x6c,0x87,0x94 },
+ { 0xc5,0x7b,0x9a,0x86 }, { 0xcc,0x76,0x91,0x88 },
+ { 0xf3,0x55,0xa0,0xa2 }, { 0xfa,0x58,0xab,0xac },
+ { 0xe1,0x4f,0xb6,0xbe }, { 0xe8,0x42,0xbd,0xb0 },
+ { 0x9f,0x09,0xd4,0xea }, { 0x96,0x04,0xdf,0xe4 },
+ { 0x8d,0x13,0xc2,0xf6 }, { 0x84,0x1e,0xc9,0xf8 },
+ { 0xbb,0x3d,0xf8,0xd2 }, { 0xb2,0x30,0xf3,0xdc },
+ { 0xa9,0x27,0xee,0xce }, { 0xa0,0x2a,0xe5,0xc0 },
+ { 0x47,0xb1,0x3c,0x7a }, { 0x4e,0xbc,0x37,0x74 },
+ { 0x55,0xab,0x2a,0x66 }, { 0x5c,0xa6,0x21,0x68 },
+ { 0x63,0x85,0x10,0x42 }, { 0x6a,0x88,0x1b,0x4c },
+ { 0x71,0x9f,0x06,0x5e }, { 0x78,0x92,0x0d,0x50 },
+ { 0x0f,0xd9,0x64,0x0a }, { 0x06,0xd4,0x6f,0x04 },
+ { 0x1d,0xc3,0x72,0x16 }, { 0x14,0xce,0x79,0x18 },
+ { 0x2b,0xed,0x48,0x32 }, { 0x22,0xe0,0x43,0x3c },
+ { 0x39,0xf7,0x5e,0x2e }, { 0x30,0xfa,0x55,0x20 },
+ { 0x9a,0xb7,0x01,0xec }, { 0x93,0xba,0x0a,0xe2 },
+ { 0x88,0xad,0x17,0xf0 }, { 0x81,0xa0,0x1c,0xfe },
+ { 0xbe,0x83,0x2d,0xd4 }, { 0xb7,0x8e,0x26,0xda },
+ { 0xac,0x99,0x3b,0xc8 }, { 0xa5,0x94,0x30,0xc6 },
+ { 0xd2,0xdf,0x59,0x9c }, { 0xdb,0xd2,0x52,0x92 },
+ { 0xc0,0xc5,0x4f,0x80 }, { 0xc9,0xc8,0x44,0x8e },
+ { 0xf6,0xeb,0x75,0xa4 }, { 0xff,0xe6,0x7e,0xaa },
+ { 0xe4,0xf1,0x63,0xb8 }, { 0xed,0xfc,0x68,0xb6 },
+ { 0x0a,0x67,0xb1,0x0c }, { 0x03,0x6a,0xba,0x02 },
+ { 0x18,0x7d,0xa7,0x10 }, { 0x11,0x70,0xac,0x1e },
+ { 0x2e,0x53,0x9d,0x34 }, { 0x27,0x5e,0x96,0x3a },
+ { 0x3c,0x49,0x8b,0x28 }, { 0x35,0x44,0x80,0x26 },
+ { 0x42,0x0f,0xe9,0x7c }, { 0x4b,0x02,0xe2,0x72 },
+ { 0x50,0x15,0xff,0x60 }, { 0x59,0x18,0xf4,0x6e },
+ { 0x66,0x3b,0xc5,0x44 }, { 0x6f,0x36,0xce,0x4a },
+ { 0x74,0x21,0xd3,0x58 }, { 0x7d,0x2c,0xd8,0x56 },
+ { 0xa1,0x0c,0x7a,0x37 }, { 0xa8,0x01,0x71,0x39 },
+ { 0xb3,0x16,0x6c,0x2b }, { 0xba,0x1b,0x67,0x25 },
+ { 0x85,0x38,0x56,0x0f }, { 0x8c,0x35,0x5d,0x01 },
+ { 0x97,0x22,0x40,0x13 }, { 0x9e,0x2f,0x4b,0x1d },
+ { 0xe9,0x64,0x22,0x47 }, { 0xe0,0x69,0x29,0x49 },
+ { 0xfb,0x7e,0x34,0x5b }, { 0xf2,0x73,0x3f,0x55 },
+ { 0xcd,0x50,0x0e,0x7f }, { 0xc4,0x5d,0x05,0x71 },
+ { 0xdf,0x4a,0x18,0x63 }, { 0xd6,0x47,0x13,0x6d },
+ { 0x31,0xdc,0xca,0xd7 }, { 0x38,0xd1,0xc1,0xd9 },
+ { 0x23,0xc6,0xdc,0xcb }, { 0x2a,0xcb,0xd7,0xc5 },
+ { 0x15,0xe8,0xe6,0xef }, { 0x1c,0xe5,0xed,0xe1 },
+ { 0x07,0xf2,0xf0,0xf3 }, { 0x0e,0xff,0xfb,0xfd },
+ { 0x79,0xb4,0x92,0xa7 }, { 0x70,0xb9,0x99,0xa9 },
+ { 0x6b,0xae,0x84,0xbb }, { 0x62,0xa3,0x8f,0xb5 },
+ { 0x5d,0x80,0xbe,0x9f }, { 0x54,0x8d,0xb5,0x91 },
+ { 0x4f,0x9a,0xa8,0x83 }, { 0x46,0x97,0xa3,0x8d }
+ };
+
+static const u32 rcon[30] =
+ {
+ 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36, 0x6c,
+ 0xd8, 0xab, 0x4d, 0x9a, 0x2f, 0x5e, 0xbc, 0x63, 0xc6, 0x97, 0x35,
+ 0x6a, 0xd4, 0xb3, 0x7d, 0xfa, 0xef, 0xc5, 0x91
+ };
+
diff --git a/grub-core/lib/libgcrypt/cipher/rijndael.c b/grub-core/lib/libgcrypt/cipher/rijndael.c
new file mode 100644
index 0000000..d43b349
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/rijndael.c
@@ -0,0 +1,1253 @@
+/* Rijndael (AES) for GnuPG
+ * Copyright (C) 2000, 2001, 2002, 2003, 2007,
+ * 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ *******************************************************************
+ * The code here is based on the optimized implementation taken from
+ * http://www.esat.kuleuven.ac.be/~rijmen/rijndael/ on Oct 2, 2000,
+ * which carries this notice:
+ *------------------------------------------
+ * rijndael-alg-fst.c v2.3 April '2000
+ *
+ * Optimised ANSI C code
+ *
+ * authors: v1.0: Antoon Bosselaers
+ * v2.0: Vincent Rijmen
+ * v2.3: Paulo Barreto
+ *
+ * This code is placed in the public domain.
+ *------------------------------------------
+ *
+ * The SP800-38a document is available at:
+ * http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
+ *
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h> /* for memcmp() */
+
+#include "types.h" /* for byte and u32 typedefs */
+#include "g10lib.h"
+#include "cipher.h"
+
+#define MAXKC (256/32)
+#define MAXROUNDS 14
+#define BLOCKSIZE (128/8)
+
+
+/* USE_PADLOCK indicates whether to compile the padlock specific
+ code. */
+#undef USE_PADLOCK
+#ifdef ENABLE_PADLOCK_SUPPORT
+# if defined (__i386__) && SIZEOF_UNSIGNED_LONG == 4 && defined (__GNUC__)
+# define USE_PADLOCK
+# endif
+#endif /*ENABLE_PADLOCK_SUPPORT*/
+
+static const char *selftest(void);
+
+typedef struct
+{
+ int ROUNDS; /* Key-length-dependent number of rounds. */
+ int decryption_prepared; /* The decryption key schedule is available. */
+#ifdef USE_PADLOCK
+ int use_padlock; /* Padlock shall be used. */
+ /* The key as passed to the padlock engine. */
+ unsigned char padlock_key[16] __attribute__ ((aligned (16)));
+#endif
+ union
+ {
+ PROPERLY_ALIGNED_TYPE dummy;
+ byte keyschedule[MAXROUNDS+1][4][4];
+ } u1;
+ union
+ {
+ PROPERLY_ALIGNED_TYPE dummy;
+ byte keyschedule[MAXROUNDS+1][4][4];
+ } u2;
+} RIJNDAEL_context;
+
+#define keySched u1.keyschedule
+#define keySched2 u2.keyschedule
+
+/* All the numbers. */
+#include "rijndael-tables.h"
+
+
+/* Perform the key setup. */
+static gcry_err_code_t
+do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen)
+{
+ static int initialized = 0;
+ static const char *selftest_failed=0;
+ int ROUNDS;
+ int i,j, r, t, rconpointer = 0;
+ int KC;
+ union
+ {
+ PROPERLY_ALIGNED_TYPE dummy;
+ byte k[MAXKC][4];
+ } k;
+#define k k.k
+ union
+ {
+ PROPERLY_ALIGNED_TYPE dummy;
+ byte tk[MAXKC][4];
+ } tk;
+#define tk tk.tk
+
+ /* The on-the-fly self tests are only run in non-fips mode. In fips
+ mode explicit self-tests are required. Actually the on-the-fly
+ self-tests are not fully thread-safe and it might happen that a
+ failed self-test won't get noticed in another thread.
+
+ FIXME: We might want to have a central registry of succeeded
+ self-tests. */
+ if (!fips_mode () && !initialized)
+ {
+ initialized = 1;
+ selftest_failed = selftest ();
+ if (selftest_failed)
+ log_error ("%s\n", selftest_failed );
+ }
+ if (selftest_failed)
+ return GPG_ERR_SELFTEST_FAILED;
+
+ ctx->decryption_prepared = 0;
+#ifdef USE_PADLOCK
+ ctx->use_padlock = 0;
+#endif
+
+ if( keylen == 128/8 )
+ {
+ ROUNDS = 10;
+ KC = 4;
+#ifdef USE_PADLOCK
+ if ((_gcry_get_hw_features () & HWF_PADLOCK_AES))
+ {
+ ctx->use_padlock = 1;
+ memcpy (ctx->padlock_key, key, keylen);
+ }
+#endif
+ }
+ else if ( keylen == 192/8 )
+ {
+ ROUNDS = 12;
+ KC = 6;
+ }
+ else if ( keylen == 256/8 )
+ {
+ ROUNDS = 14;
+ KC = 8;
+ }
+ else
+ return GPG_ERR_INV_KEYLEN;
+
+ ctx->ROUNDS = ROUNDS;
+
+#ifdef USE_PADLOCK
+ if (ctx->use_padlock)
+ {
+ /* Nothing to do as we support only hardware key generation for
+ now. */
+ }
+ else
+#endif /*USE_PADLOCK*/
+ {
+#define W (ctx->keySched)
+ for (i = 0; i < keylen; i++)
+ {
+ k[i >> 2][i & 3] = key[i];
+ }
+
+ for (j = KC-1; j >= 0; j--)
+ {
+ *((u32*)tk[j]) = *((u32*)k[j]);
+ }
+ r = 0;
+ t = 0;
+ /* Copy values into round key array. */
+ for (j = 0; (j < KC) && (r < ROUNDS + 1); )
+ {
+ for (; (j < KC) && (t < 4); j++, t++)
+ {
+ *((u32*)W[r][t]) = *((u32*)tk[j]);
+ }
+ if (t == 4)
+ {
+ r++;
+ t = 0;
+ }
+ }
+
+ while (r < ROUNDS + 1)
+ {
+ /* While not enough round key material calculated calculate
+ new values. */
+ tk[0][0] ^= S[tk[KC-1][1]];
+ tk[0][1] ^= S[tk[KC-1][2]];
+ tk[0][2] ^= S[tk[KC-1][3]];
+ tk[0][3] ^= S[tk[KC-1][0]];
+ tk[0][0] ^= rcon[rconpointer++];
+
+ if (KC != 8)
+ {
+ for (j = 1; j < KC; j++)
+ {
+ *((u32*)tk[j]) ^= *((u32*)tk[j-1]);
+ }
+ }
+ else
+ {
+ for (j = 1; j < KC/2; j++)
+ {
+ *((u32*)tk[j]) ^= *((u32*)tk[j-1]);
+ }
+ tk[KC/2][0] ^= S[tk[KC/2 - 1][0]];
+ tk[KC/2][1] ^= S[tk[KC/2 - 1][1]];
+ tk[KC/2][2] ^= S[tk[KC/2 - 1][2]];
+ tk[KC/2][3] ^= S[tk[KC/2 - 1][3]];
+ for (j = KC/2 + 1; j < KC; j++)
+ {
+ *((u32*)tk[j]) ^= *((u32*)tk[j-1]);
+ }
+ }
+
+ /* Copy values into round key array. */
+ for (j = 0; (j < KC) && (r < ROUNDS + 1); )
+ {
+ for (; (j < KC) && (t < 4); j++, t++)
+ {
+ *((u32*)W[r][t]) = *((u32*)tk[j]);
+ }
+ if (t == 4)
+ {
+ r++;
+ t = 0;
+ }
+ }
+ }
+#undef W
+ }
+
+ return 0;
+#undef tk
+#undef k
+}
+
+
+static gcry_err_code_t
+rijndael_setkey (void *context, const byte *key, const unsigned keylen)
+{
+ RIJNDAEL_context *ctx = context;
+
+ int rc = do_setkey (ctx, key, keylen);
+ _gcry_burn_stack ( 100 + 16*sizeof(int));
+ return rc;
+}
+
+
+/* Make a decryption key from an encryption key. */
+static void
+prepare_decryption( RIJNDAEL_context *ctx )
+{
+ int r;
+ union
+ {
+ PROPERLY_ALIGNED_TYPE dummy;
+ byte *w;
+ } w;
+#define w w.w
+
+ for (r=0; r < MAXROUNDS+1; r++ )
+ {
+ *((u32*)ctx->keySched2[r][0]) = *((u32*)ctx->keySched[r][0]);
+ *((u32*)ctx->keySched2[r][1]) = *((u32*)ctx->keySched[r][1]);
+ *((u32*)ctx->keySched2[r][2]) = *((u32*)ctx->keySched[r][2]);
+ *((u32*)ctx->keySched2[r][3]) = *((u32*)ctx->keySched[r][3]);
+ }
+#define W (ctx->keySched2)
+ for (r = 1; r < ctx->ROUNDS; r++)
+ {
+ w = W[r][0];
+ *((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]])
+ ^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]);
+
+ w = W[r][1];
+ *((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]])
+ ^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]);
+
+ w = W[r][2];
+ *((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]])
+ ^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]);
+
+ w = W[r][3];
+ *((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]])
+ ^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]);
+ }
+#undef W
+#undef w
+}
+
+
+
+/* Encrypt one block. A and B need to be aligned on a 4 byte
+ boundary. A and B may be the same. */
+static void
+do_encrypt_aligned (const RIJNDAEL_context *ctx,
+ unsigned char *b, const unsigned char *a)
+{
+#define rk (ctx->keySched)
+ int ROUNDS = ctx->ROUNDS;
+ int r;
+ union
+ {
+ u32 tempu32[4]; /* Force correct alignment. */
+ byte temp[4][4];
+ } u;
+
+ *((u32*)u.temp[0]) = *((u32*)(a )) ^ *((u32*)rk[0][0]);
+ *((u32*)u.temp[1]) = *((u32*)(a+ 4)) ^ *((u32*)rk[0][1]);
+ *((u32*)u.temp[2]) = *((u32*)(a+ 8)) ^ *((u32*)rk[0][2]);
+ *((u32*)u.temp[3]) = *((u32*)(a+12)) ^ *((u32*)rk[0][3]);
+ *((u32*)(b )) = (*((u32*)T1[u.temp[0][0]])
+ ^ *((u32*)T2[u.temp[1][1]])
+ ^ *((u32*)T3[u.temp[2][2]])
+ ^ *((u32*)T4[u.temp[3][3]]));
+ *((u32*)(b + 4)) = (*((u32*)T1[u.temp[1][0]])
+ ^ *((u32*)T2[u.temp[2][1]])
+ ^ *((u32*)T3[u.temp[3][2]])
+ ^ *((u32*)T4[u.temp[0][3]]));
+ *((u32*)(b + 8)) = (*((u32*)T1[u.temp[2][0]])
+ ^ *((u32*)T2[u.temp[3][1]])
+ ^ *((u32*)T3[u.temp[0][2]])
+ ^ *((u32*)T4[u.temp[1][3]]));
+ *((u32*)(b +12)) = (*((u32*)T1[u.temp[3][0]])
+ ^ *((u32*)T2[u.temp[0][1]])
+ ^ *((u32*)T3[u.temp[1][2]])
+ ^ *((u32*)T4[u.temp[2][3]]));
+
+ for (r = 1; r < ROUNDS-1; r++)
+ {
+ *((u32*)u.temp[0]) = *((u32*)(b )) ^ *((u32*)rk[r][0]);
+ *((u32*)u.temp[1]) = *((u32*)(b+ 4)) ^ *((u32*)rk[r][1]);
+ *((u32*)u.temp[2]) = *((u32*)(b+ 8)) ^ *((u32*)rk[r][2]);
+ *((u32*)u.temp[3]) = *((u32*)(b+12)) ^ *((u32*)rk[r][3]);
+
+ *((u32*)(b )) = (*((u32*)T1[u.temp[0][0]])
+ ^ *((u32*)T2[u.temp[1][1]])
+ ^ *((u32*)T3[u.temp[2][2]])
+ ^ *((u32*)T4[u.temp[3][3]]));
+ *((u32*)(b + 4)) = (*((u32*)T1[u.temp[1][0]])
+ ^ *((u32*)T2[u.temp[2][1]])
+ ^ *((u32*)T3[u.temp[3][2]])
+ ^ *((u32*)T4[u.temp[0][3]]));
+ *((u32*)(b + 8)) = (*((u32*)T1[u.temp[2][0]])
+ ^ *((u32*)T2[u.temp[3][1]])
+ ^ *((u32*)T3[u.temp[0][2]])
+ ^ *((u32*)T4[u.temp[1][3]]));
+ *((u32*)(b +12)) = (*((u32*)T1[u.temp[3][0]])
+ ^ *((u32*)T2[u.temp[0][1]])
+ ^ *((u32*)T3[u.temp[1][2]])
+ ^ *((u32*)T4[u.temp[2][3]]));
+ }
+
+ /* Last round is special. */
+ *((u32*)u.temp[0]) = *((u32*)(b )) ^ *((u32*)rk[ROUNDS-1][0]);
+ *((u32*)u.temp[1]) = *((u32*)(b+ 4)) ^ *((u32*)rk[ROUNDS-1][1]);
+ *((u32*)u.temp[2]) = *((u32*)(b+ 8)) ^ *((u32*)rk[ROUNDS-1][2]);
+ *((u32*)u.temp[3]) = *((u32*)(b+12)) ^ *((u32*)rk[ROUNDS-1][3]);
+ b[ 0] = T1[u.temp[0][0]][1];
+ b[ 1] = T1[u.temp[1][1]][1];
+ b[ 2] = T1[u.temp[2][2]][1];
+ b[ 3] = T1[u.temp[3][3]][1];
+ b[ 4] = T1[u.temp[1][0]][1];
+ b[ 5] = T1[u.temp[2][1]][1];
+ b[ 6] = T1[u.temp[3][2]][1];
+ b[ 7] = T1[u.temp[0][3]][1];
+ b[ 8] = T1[u.temp[2][0]][1];
+ b[ 9] = T1[u.temp[3][1]][1];
+ b[10] = T1[u.temp[0][2]][1];
+ b[11] = T1[u.temp[1][3]][1];
+ b[12] = T1[u.temp[3][0]][1];
+ b[13] = T1[u.temp[0][1]][1];
+ b[14] = T1[u.temp[1][2]][1];
+ b[15] = T1[u.temp[2][3]][1];
+ *((u32*)(b )) ^= *((u32*)rk[ROUNDS][0]);
+ *((u32*)(b+ 4)) ^= *((u32*)rk[ROUNDS][1]);
+ *((u32*)(b+ 8)) ^= *((u32*)rk[ROUNDS][2]);
+ *((u32*)(b+12)) ^= *((u32*)rk[ROUNDS][3]);
+#undef rk
+}
+
+
+static void
+do_encrypt (const RIJNDAEL_context *ctx,
+ unsigned char *bx, const unsigned char *ax)
+{
+ /* BX and AX are not necessary correctly aligned. Thus we need to
+ copy them here. */
+ union
+ {
+ u32 dummy[4];
+ byte a[16];
+ } a;
+ union
+ {
+ u32 dummy[4];
+ byte b[16];
+ } b;
+
+ memcpy (a.a, ax, 16);
+ do_encrypt_aligned (ctx, b.b, a.a);
+ memcpy (bx, b.b, 16);
+}
+
+
+/* Encrypt or decrypt one block using the padlock engine. A and B may
+ be the same. */
+#ifdef USE_PADLOCK
+static void
+do_padlock (const RIJNDAEL_context *ctx, int decrypt_flag,
+ unsigned char *bx, const unsigned char *ax)
+{
+ /* BX and AX are not necessary correctly aligned. Thus we need to
+ copy them here. */
+ unsigned char a[16] __attribute__ ((aligned (16)));
+ unsigned char b[16] __attribute__ ((aligned (16)));
+ unsigned int cword[4] __attribute__ ((aligned (16)));
+
+ /* The control word fields are:
+ 127:12 11:10 9 8 7 6 5 4 3:0
+ RESERVED KSIZE CRYPT INTER KEYGN CIPHR ALIGN DGEST ROUND */
+ cword[0] = (ctx->ROUNDS & 15); /* (The mask is just a safeguard.) */
+ cword[1] = 0;
+ cword[2] = 0;
+ cword[3] = 0;
+ if (decrypt_flag)
+ cword[0] |= 0x00000200;
+
+ memcpy (a, ax, 16);
+
+ asm volatile
+ ("pushfl\n\t" /* Force key reload. */
+ "popfl\n\t"
+ "xchg %3, %%ebx\n\t" /* Load key. */
+ "movl $1, %%ecx\n\t" /* Init counter for just one block. */
+ ".byte 0xf3, 0x0f, 0xa7, 0xc8\n\t" /* REP XSTORE ECB. */
+ "xchg %3, %%ebx\n" /* Restore GOT register. */
+ : /* No output */
+ : "S" (a), "D" (b), "d" (cword), "r" (ctx->padlock_key)
+ : "%ecx", "cc", "memory"
+ );
+
+ memcpy (bx, b, 16);
+
+}
+#endif /*USE_PADLOCK*/
+
+
+static void
+rijndael_encrypt (void *context, byte *b, const byte *a)
+{
+ RIJNDAEL_context *ctx = context;
+
+#ifdef USE_PADLOCK
+ if (ctx->use_padlock)
+ {
+ do_padlock (ctx, 0, b, a);
+ _gcry_burn_stack (48 + 15 /* possible padding for alignment */);
+ }
+ else
+#endif /*USE_PADLOCK*/
+ {
+ do_encrypt (ctx, b, a);
+ _gcry_burn_stack (48 + 2*sizeof(int));
+ }
+}
+
+
+/* Bulk encryption of complete blocks in CFB mode. Caller needs to
+ make sure that IV is aligned on an unsigned long boundary. This
+ function is only intended for the bulk encryption feature of
+ cipher.c. */
+void
+_gcry_aes_cfb_enc (void *context, unsigned char *iv,
+ void *outbuf_arg, const void *inbuf_arg,
+ unsigned int nblocks)
+{
+ RIJNDAEL_context *ctx = context;
+ unsigned char *outbuf = outbuf_arg;
+ const unsigned char *inbuf = inbuf_arg;
+ unsigned char *ivp;
+ int i;
+
+#ifdef USE_PADLOCK
+ if (ctx->use_padlock)
+ {
+ /* Fixme: Let Padlock do the CFBing. */
+ for ( ;nblocks; nblocks-- )
+ {
+ /* Encrypt the IV. */
+ do_padlock (ctx, 0, iv, iv);
+ /* XOR the input with the IV and store input into IV. */
+ for (ivp=iv,i=0; i < BLOCKSIZE; i++ )
+ *outbuf++ = (*ivp++ ^= *inbuf++);
+ }
+ }
+ else
+#endif /* USE_PADLOCK*/
+ {
+ for ( ;nblocks; nblocks-- )
+ {
+ /* Encrypt the IV. */
+ do_encrypt_aligned (ctx, iv, iv);
+ /* XOR the input with the IV and store input into IV. */
+ for (ivp=iv,i=0; i < BLOCKSIZE; i++ )
+ *outbuf++ = (*ivp++ ^= *inbuf++);
+ }
+ }
+
+ _gcry_burn_stack (48 + 2*sizeof(int));
+}
+
+
+/* Bulk encryption of complete blocks in CBC mode. Caller needs to
+ make sure that IV is aligned on an unsigned long boundary. This
+ function is only intended for the bulk encryption feature of
+ cipher.c. */
+void
+_gcry_aes_cbc_enc (void *context, unsigned char *iv,
+ void *outbuf_arg, const void *inbuf_arg,
+ unsigned int nblocks, int cbc_mac)
+{
+ RIJNDAEL_context *ctx = context;
+ unsigned char *outbuf = outbuf_arg;
+ const unsigned char *inbuf = inbuf_arg;
+ unsigned char *ivp;
+ int i;
+
+ for ( ;nblocks; nblocks-- )
+ {
+ for (ivp=iv, i=0; i < BLOCKSIZE; i++ )
+ outbuf[i] = inbuf[i] ^ *ivp++;
+
+#ifdef USE_PADLOCK
+ if (ctx->use_padlock)
+ do_padlock (ctx, 0, outbuf, outbuf);
+ else
+#endif /*USE_PADLOCK*/
+ do_encrypt (ctx, outbuf, outbuf );
+
+ memcpy (iv, outbuf, BLOCKSIZE);
+ inbuf += BLOCKSIZE;
+ if (!cbc_mac)
+ outbuf += BLOCKSIZE;
+ }
+
+ _gcry_burn_stack (48 + 2*sizeof(int));
+}
+
+
+
+/* Decrypt one block. A and B need to be aligned on a 4 byte boundary
+ and the decryption must have been prepared. A and B may be the
+ same. */
+static void
+do_decrypt_aligned (RIJNDAEL_context *ctx,
+ unsigned char *b, const unsigned char *a)
+{
+#define rk (ctx->keySched2)
+ int ROUNDS = ctx->ROUNDS;
+ int r;
+ union
+ {
+ u32 tempu32[4]; /* Force correct alignment. */
+ byte temp[4][4];
+ } u;
+
+
+ *((u32*)u.temp[0]) = *((u32*)(a )) ^ *((u32*)rk[ROUNDS][0]);
+ *((u32*)u.temp[1]) = *((u32*)(a+ 4)) ^ *((u32*)rk[ROUNDS][1]);
+ *((u32*)u.temp[2]) = *((u32*)(a+ 8)) ^ *((u32*)rk[ROUNDS][2]);
+ *((u32*)u.temp[3]) = *((u32*)(a+12)) ^ *((u32*)rk[ROUNDS][3]);
+
+ *((u32*)(b )) = (*((u32*)T5[u.temp[0][0]])
+ ^ *((u32*)T6[u.temp[3][1]])
+ ^ *((u32*)T7[u.temp[2][2]])
+ ^ *((u32*)T8[u.temp[1][3]]));
+ *((u32*)(b+ 4)) = (*((u32*)T5[u.temp[1][0]])
+ ^ *((u32*)T6[u.temp[0][1]])
+ ^ *((u32*)T7[u.temp[3][2]])
+ ^ *((u32*)T8[u.temp[2][3]]));
+ *((u32*)(b+ 8)) = (*((u32*)T5[u.temp[2][0]])
+ ^ *((u32*)T6[u.temp[1][1]])
+ ^ *((u32*)T7[u.temp[0][2]])
+ ^ *((u32*)T8[u.temp[3][3]]));
+ *((u32*)(b+12)) = (*((u32*)T5[u.temp[3][0]])
+ ^ *((u32*)T6[u.temp[2][1]])
+ ^ *((u32*)T7[u.temp[1][2]])
+ ^ *((u32*)T8[u.temp[0][3]]));
+
+ for (r = ROUNDS-1; r > 1; r--)
+ {
+ *((u32*)u.temp[0]) = *((u32*)(b )) ^ *((u32*)rk[r][0]);
+ *((u32*)u.temp[1]) = *((u32*)(b+ 4)) ^ *((u32*)rk[r][1]);
+ *((u32*)u.temp[2]) = *((u32*)(b+ 8)) ^ *((u32*)rk[r][2]);
+ *((u32*)u.temp[3]) = *((u32*)(b+12)) ^ *((u32*)rk[r][3]);
+ *((u32*)(b )) = (*((u32*)T5[u.temp[0][0]])
+ ^ *((u32*)T6[u.temp[3][1]])
+ ^ *((u32*)T7[u.temp[2][2]])
+ ^ *((u32*)T8[u.temp[1][3]]));
+ *((u32*)(b+ 4)) = (*((u32*)T5[u.temp[1][0]])
+ ^ *((u32*)T6[u.temp[0][1]])
+ ^ *((u32*)T7[u.temp[3][2]])
+ ^ *((u32*)T8[u.temp[2][3]]));
+ *((u32*)(b+ 8)) = (*((u32*)T5[u.temp[2][0]])
+ ^ *((u32*)T6[u.temp[1][1]])
+ ^ *((u32*)T7[u.temp[0][2]])
+ ^ *((u32*)T8[u.temp[3][3]]));
+ *((u32*)(b+12)) = (*((u32*)T5[u.temp[3][0]])
+ ^ *((u32*)T6[u.temp[2][1]])
+ ^ *((u32*)T7[u.temp[1][2]])
+ ^ *((u32*)T8[u.temp[0][3]]));
+ }
+
+ /* Last round is special. */
+ *((u32*)u.temp[0]) = *((u32*)(b )) ^ *((u32*)rk[1][0]);
+ *((u32*)u.temp[1]) = *((u32*)(b+ 4)) ^ *((u32*)rk[1][1]);
+ *((u32*)u.temp[2]) = *((u32*)(b+ 8)) ^ *((u32*)rk[1][2]);
+ *((u32*)u.temp[3]) = *((u32*)(b+12)) ^ *((u32*)rk[1][3]);
+ b[ 0] = S5[u.temp[0][0]];
+ b[ 1] = S5[u.temp[3][1]];
+ b[ 2] = S5[u.temp[2][2]];
+ b[ 3] = S5[u.temp[1][3]];
+ b[ 4] = S5[u.temp[1][0]];
+ b[ 5] = S5[u.temp[0][1]];
+ b[ 6] = S5[u.temp[3][2]];
+ b[ 7] = S5[u.temp[2][3]];
+ b[ 8] = S5[u.temp[2][0]];
+ b[ 9] = S5[u.temp[1][1]];
+ b[10] = S5[u.temp[0][2]];
+ b[11] = S5[u.temp[3][3]];
+ b[12] = S5[u.temp[3][0]];
+ b[13] = S5[u.temp[2][1]];
+ b[14] = S5[u.temp[1][2]];
+ b[15] = S5[u.temp[0][3]];
+ *((u32*)(b )) ^= *((u32*)rk[0][0]);
+ *((u32*)(b+ 4)) ^= *((u32*)rk[0][1]);
+ *((u32*)(b+ 8)) ^= *((u32*)rk[0][2]);
+ *((u32*)(b+12)) ^= *((u32*)rk[0][3]);
+#undef rk
+}
+
+
+/* Decrypt one block. AX and BX may be the same. */
+static void
+do_decrypt (RIJNDAEL_context *ctx, byte *bx, const byte *ax)
+{
+ /* BX and AX are not necessary correctly aligned. Thus we need to
+ copy them here. */
+ union
+ {
+ u32 dummy[4];
+ byte a[16];
+ } a;
+ union
+ {
+ u32 dummy[4];
+ byte b[16];
+ } b;
+
+ if ( !ctx->decryption_prepared )
+ {
+ prepare_decryption ( ctx );
+ _gcry_burn_stack (64);
+ ctx->decryption_prepared = 1;
+ }
+
+ memcpy (a.a, ax, 16);
+ do_decrypt_aligned (ctx, b.b, a.a);
+ memcpy (bx, b.b, 16);
+#undef rk
+}
+
+
+
+
+static void
+rijndael_decrypt (void *context, byte *b, const byte *a)
+{
+ RIJNDAEL_context *ctx = context;
+
+#ifdef USE_PADLOCK
+ if (ctx->use_padlock)
+ {
+ do_padlock (ctx, 1, b, a);
+ _gcry_burn_stack (48 + 2*sizeof(int) /* FIXME */);
+ }
+ else
+#endif /*USE_PADLOCK*/
+ {
+ do_decrypt (ctx, b, a);
+ _gcry_burn_stack (48+2*sizeof(int));
+ }
+}
+
+
+/* Bulk decryption of complete blocks in CFB mode. Caller needs to
+ make sure that IV is aligned on an unisgned lonhg boundary. This
+ function is only intended for the bulk encryption feature of
+ cipher.c. */
+void
+_gcry_aes_cfb_dec (void *context, unsigned char *iv,
+ void *outbuf_arg, const void *inbuf_arg,
+ unsigned int nblocks)
+{
+ RIJNDAEL_context *ctx = context;
+ unsigned char *outbuf = outbuf_arg;
+ const unsigned char *inbuf = inbuf_arg;
+ unsigned char *ivp;
+ unsigned char temp;
+ int i;
+
+#ifdef USE_PADLOCK
+ if (ctx->use_padlock)
+ {
+ /* Fixme: Let Padlock do the CFBing. */
+ for ( ;nblocks; nblocks-- )
+ {
+ do_padlock (ctx, 0, iv, iv);
+ for (ivp=iv,i=0; i < BLOCKSIZE; i++ )
+ {
+ temp = *inbuf++;
+ *outbuf++ = *ivp ^ temp;
+ *ivp++ = temp;
+ }
+ }
+ }
+ else
+#endif /*USE_PADLOCK*/
+ {
+ for ( ;nblocks; nblocks-- )
+ {
+ do_encrypt_aligned (ctx, iv, iv);
+ for (ivp=iv,i=0; i < BLOCKSIZE; i++ )
+ {
+ temp = *inbuf++;
+ *outbuf++ = *ivp ^ temp;
+ *ivp++ = temp;
+ }
+ }
+ }
+
+ _gcry_burn_stack (48 + 2*sizeof(int));
+}
+
+
+/* Bulk decryption of complete blocks in CBC mode. Caller needs to
+ make sure that IV is aligned on an unsigned long boundary. This
+ function is only intended for the bulk encryption feature of
+ cipher.c. */
+void
+_gcry_aes_cbc_dec (void *context, unsigned char *iv,
+ void *outbuf_arg, const void *inbuf_arg,
+ unsigned int nblocks)
+{
+ RIJNDAEL_context *ctx = context;
+ unsigned char *outbuf = outbuf_arg;
+ const unsigned char *inbuf = inbuf_arg;
+ unsigned char *ivp;
+ int i;
+ unsigned char savebuf[BLOCKSIZE];
+
+ for ( ;nblocks; nblocks-- )
+ {
+ /* We need to save INBUF away because it may be identical to
+ OUTBUF. */
+ memcpy (savebuf, inbuf, BLOCKSIZE);
+
+#ifdef USE_PADLOCK
+ if (ctx->use_padlock)
+ do_padlock (ctx, 1, outbuf, inbuf);
+ else
+#endif /*USE_PADLOCK*/
+ do_decrypt (ctx, outbuf, inbuf);
+
+ for (ivp=iv, i=0; i < BLOCKSIZE; i++ )
+ outbuf[i] ^= *ivp++;
+ memcpy (iv, savebuf, BLOCKSIZE);
+ inbuf += BLOCKSIZE;
+ outbuf += BLOCKSIZE;
+ }
+
+ _gcry_burn_stack (48 + 2*sizeof(int) + BLOCKSIZE + 4*sizeof (char*));
+}
+
+
+
+
+/* Run the self-tests for AES 128. Returns NULL on success. */
+static const char*
+selftest_basic_128 (void)
+{
+ RIJNDAEL_context ctx;
+ unsigned char scratch[16];
+
+ /* The test vectors are from the AES supplied ones; more or less
+ randomly taken from ecb_tbl.txt (I=42,81,14) */
+ static const unsigned char plaintext_128[16] =
+ {
+ 0x01,0x4B,0xAF,0x22,0x78,0xA6,0x9D,0x33,
+ 0x1D,0x51,0x80,0x10,0x36,0x43,0xE9,0x9A
+ };
+ static const unsigned char key_128[16] =
+ {
+ 0xE8,0xE9,0xEA,0xEB,0xED,0xEE,0xEF,0xF0,
+ 0xF2,0xF3,0xF4,0xF5,0xF7,0xF8,0xF9,0xFA
+ };
+ static const unsigned char ciphertext_128[16] =
+ {
+ 0x67,0x43,0xC3,0xD1,0x51,0x9A,0xB4,0xF2,
+ 0xCD,0x9A,0x78,0xAB,0x09,0xA5,0x11,0xBD
+ };
+
+ rijndael_setkey (&ctx, key_128, sizeof (key_128));
+ rijndael_encrypt (&ctx, scratch, plaintext_128);
+ if (memcmp (scratch, ciphertext_128, sizeof (ciphertext_128)))
+ return "AES-128 test encryption failed.";
+ rijndael_decrypt (&ctx, scratch, scratch);
+ if (memcmp (scratch, plaintext_128, sizeof (plaintext_128)))
+ return "AES-128 test decryption failed.";
+
+ return NULL;
+}
+
+/* Run the self-tests for AES 192. Returns NULL on success. */
+static const char*
+selftest_basic_192 (void)
+{
+ RIJNDAEL_context ctx;
+ unsigned char scratch[16];
+
+ static unsigned char plaintext_192[16] =
+ {
+ 0x76,0x77,0x74,0x75,0xF1,0xF2,0xF3,0xF4,
+ 0xF8,0xF9,0xE6,0xE7,0x77,0x70,0x71,0x72
+ };
+ static unsigned char key_192[24] =
+ {
+ 0x04,0x05,0x06,0x07,0x09,0x0A,0x0B,0x0C,
+ 0x0E,0x0F,0x10,0x11,0x13,0x14,0x15,0x16,
+ 0x18,0x19,0x1A,0x1B,0x1D,0x1E,0x1F,0x20
+ };
+ static const unsigned char ciphertext_192[16] =
+ {
+ 0x5D,0x1E,0xF2,0x0D,0xCE,0xD6,0xBC,0xBC,
+ 0x12,0x13,0x1A,0xC7,0xC5,0x47,0x88,0xAA
+ };
+
+ rijndael_setkey (&ctx, key_192, sizeof(key_192));
+ rijndael_encrypt (&ctx, scratch, plaintext_192);
+ if (memcmp (scratch, ciphertext_192, sizeof (ciphertext_192)))
+ return "AES-192 test encryption failed.";
+ rijndael_decrypt (&ctx, scratch, scratch);
+ if (memcmp (scratch, plaintext_192, sizeof (plaintext_192)))
+ return "AES-192 test decryption failed.";
+
+ return NULL;
+}
+
+
+/* Run the self-tests for AES 256. Returns NULL on success. */
+static const char*
+selftest_basic_256 (void)
+{
+ RIJNDAEL_context ctx;
+ unsigned char scratch[16];
+
+ static unsigned char plaintext_256[16] =
+ {
+ 0x06,0x9A,0x00,0x7F,0xC7,0x6A,0x45,0x9F,
+ 0x98,0xBA,0xF9,0x17,0xFE,0xDF,0x95,0x21
+ };
+ static unsigned char key_256[32] =
+ {
+ 0x08,0x09,0x0A,0x0B,0x0D,0x0E,0x0F,0x10,
+ 0x12,0x13,0x14,0x15,0x17,0x18,0x19,0x1A,
+ 0x1C,0x1D,0x1E,0x1F,0x21,0x22,0x23,0x24,
+ 0x26,0x27,0x28,0x29,0x2B,0x2C,0x2D,0x2E
+ };
+ static const unsigned char ciphertext_256[16] =
+ {
+ 0x08,0x0E,0x95,0x17,0xEB,0x16,0x77,0x71,
+ 0x9A,0xCF,0x72,0x80,0x86,0x04,0x0A,0xE3
+ };
+
+ rijndael_setkey (&ctx, key_256, sizeof(key_256));
+ rijndael_encrypt (&ctx, scratch, plaintext_256);
+ if (memcmp (scratch, ciphertext_256, sizeof (ciphertext_256)))
+ return "AES-256 test encryption failed.";
+ rijndael_decrypt (&ctx, scratch, scratch);
+ if (memcmp (scratch, plaintext_256, sizeof (plaintext_256)))
+ return "AES-256 test decryption failed.";
+
+ return NULL;
+}
+
+/* Run all the self-tests and return NULL on success. This function
+ is used for the on-the-fly self-tests. */
+static const char *
+selftest (void)
+{
+ const char *r;
+
+ if ( (r = selftest_basic_128 ())
+ || (r = selftest_basic_192 ())
+ || (r = selftest_basic_256 ()) )
+ return r;
+
+ return r;
+}
+
+
+/* SP800-38a.pdf for AES-128. */
+static const char *
+selftest_fips_128_38a (int requested_mode)
+{
+ struct tv
+ {
+ int mode;
+ const unsigned char key[16];
+ const unsigned char iv[16];
+ struct
+ {
+ const unsigned char input[16];
+ const unsigned char output[16];
+ } data[4];
+ } tv[2] =
+ {
+ {
+ GCRY_CIPHER_MODE_CFB, /* F.3.13, CFB128-AES128 */
+ { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+ 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
+ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
+ {
+ { { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a },
+ { 0x3b, 0x3f, 0xd9, 0x2e, 0xb7, 0x2d, 0xad, 0x20,
+ 0x33, 0x34, 0x49, 0xf8, 0xe8, 0x3c, 0xfb, 0x4a } },
+
+ { { 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+ 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51 },
+ { 0xc8, 0xa6, 0x45, 0x37, 0xa0, 0xb3, 0xa9, 0x3f,
+ 0xcd, 0xe3, 0xcd, 0xad, 0x9f, 0x1c, 0xe5, 0x8b } },
+
+ { { 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
+ 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef },
+ { 0x26, 0x75, 0x1f, 0x67, 0xa3, 0xcb, 0xb1, 0x40,
+ 0xb1, 0x80, 0x8c, 0xf1, 0x87, 0xa4, 0xf4, 0xdf } },
+
+ { { 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
+ 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 },
+ { 0xc0, 0x4b, 0x05, 0x35, 0x7c, 0x5d, 0x1c, 0x0e,
+ 0xea, 0xc4, 0xc6, 0x6f, 0x9f, 0xf7, 0xf2, 0xe6 } }
+ }
+ },
+ {
+ GCRY_CIPHER_MODE_OFB,
+ { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+ 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
+ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
+ {
+ { { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a },
+ { 0x3b, 0x3f, 0xd9, 0x2e, 0xb7, 0x2d, 0xad, 0x20,
+ 0x33, 0x34, 0x49, 0xf8, 0xe8, 0x3c, 0xfb, 0x4a } },
+
+ { { 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+ 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51 },
+ { 0x77, 0x89, 0x50, 0x8d, 0x16, 0x91, 0x8f, 0x03,
+ 0xf5, 0x3c, 0x52, 0xda, 0xc5, 0x4e, 0xd8, 0x25 } },
+
+ { { 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
+ 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef },
+ { 0x97, 0x40, 0x05, 0x1e, 0x9c, 0x5f, 0xec, 0xf6,
+ 0x43, 0x44, 0xf7, 0xa8, 0x22, 0x60, 0xed, 0xcc } },
+
+ { { 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
+ 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 },
+ { 0x30, 0x4c, 0x65, 0x28, 0xf6, 0x59, 0xc7, 0x78,
+ 0x66, 0xa5, 0x10, 0xd9, 0xc1, 0xd6, 0xae, 0x5e } },
+ }
+ }
+ };
+ unsigned char scratch[16];
+ gpg_error_t err;
+ int tvi, idx;
+ gcry_cipher_hd_t hdenc = NULL;
+ gcry_cipher_hd_t hddec = NULL;
+
+#define Fail(a) do { \
+ _gcry_cipher_close (hdenc); \
+ _gcry_cipher_close (hddec); \
+ return a; \
+ } while (0)
+
+ gcry_assert (sizeof tv[0].data[0].input == sizeof scratch);
+ gcry_assert (sizeof tv[0].data[0].output == sizeof scratch);
+
+ for (tvi=0; tvi < DIM (tv); tvi++)
+ if (tv[tvi].mode == requested_mode)
+ break;
+ if (tvi == DIM (tv))
+ Fail ("no test data for this mode");
+
+ err = _gcry_cipher_open (&hdenc, GCRY_CIPHER_AES, tv[tvi].mode, 0);
+ if (err)
+ Fail ("open");
+ err = _gcry_cipher_open (&hddec, GCRY_CIPHER_AES, tv[tvi].mode, 0);
+ if (err)
+ Fail ("open");
+ err = _gcry_cipher_setkey (hdenc, tv[tvi].key, sizeof tv[tvi].key);
+ if (!err)
+ err = _gcry_cipher_setkey (hddec, tv[tvi].key, sizeof tv[tvi].key);
+ if (err)
+ Fail ("set key");
+ err = _gcry_cipher_setiv (hdenc, tv[tvi].iv, sizeof tv[tvi].iv);
+ if (!err)
+ err = _gcry_cipher_setiv (hddec, tv[tvi].iv, sizeof tv[tvi].iv);
+ if (err)
+ Fail ("set IV");
+ for (idx=0; idx < DIM (tv[tvi].data); idx++)
+ {
+ err = _gcry_cipher_encrypt (hdenc, scratch, sizeof scratch,
+ tv[tvi].data[idx].input,
+ sizeof tv[tvi].data[idx].input);
+ if (err)
+ Fail ("encrypt command");
+ if (memcmp (scratch, tv[tvi].data[idx].output, sizeof scratch))
+ Fail ("encrypt mismatch");
+ err = _gcry_cipher_decrypt (hddec, scratch, sizeof scratch,
+ tv[tvi].data[idx].output,
+ sizeof tv[tvi].data[idx].output);
+ if (err)
+ Fail ("decrypt command");
+ if (memcmp (scratch, tv[tvi].data[idx].input, sizeof scratch))
+ Fail ("decrypt mismatch");
+ }
+
+#undef Fail
+ _gcry_cipher_close (hdenc);
+ _gcry_cipher_close (hddec);
+ return NULL;
+}
+
+
+/* Complete selftest for AES-128 with all modes and driver code. */
+static gpg_err_code_t
+selftest_fips_128 (int extended, selftest_report_func_t report)
+{
+ const char *what;
+ const char *errtxt;
+
+ what = "low-level";
+ errtxt = selftest_basic_128 ();
+ if (errtxt)
+ goto failed;
+
+ if (extended)
+ {
+ what = "cfb";
+ errtxt = selftest_fips_128_38a (GCRY_CIPHER_MODE_CFB);
+ if (errtxt)
+ goto failed;
+
+ what = "ofb";
+ errtxt = selftest_fips_128_38a (GCRY_CIPHER_MODE_OFB);
+ if (errtxt)
+ goto failed;
+ }
+
+ return 0; /* Succeeded. */
+
+ failed:
+ if (report)
+ report ("cipher", GCRY_CIPHER_AES128, what, errtxt);
+ return GPG_ERR_SELFTEST_FAILED;
+}
+
+/* Complete selftest for AES-192. */
+static gpg_err_code_t
+selftest_fips_192 (int extended, selftest_report_func_t report)
+{
+ const char *what;
+ const char *errtxt;
+
+ (void)extended; /* No extended tests available. */
+
+ what = "low-level";
+ errtxt = selftest_basic_192 ();
+ if (errtxt)
+ goto failed;
+
+
+ return 0; /* Succeeded. */
+
+ failed:
+ if (report)
+ report ("cipher", GCRY_CIPHER_AES192, what, errtxt);
+ return GPG_ERR_SELFTEST_FAILED;
+}
+
+
+/* Complete selftest for AES-256. */
+static gpg_err_code_t
+selftest_fips_256 (int extended, selftest_report_func_t report)
+{
+ const char *what;
+ const char *errtxt;
+
+ (void)extended; /* No extended tests available. */
+
+ what = "low-level";
+ errtxt = selftest_basic_256 ();
+ if (errtxt)
+ goto failed;
+
+ return 0; /* Succeeded. */
+
+ failed:
+ if (report)
+ report ("cipher", GCRY_CIPHER_AES256, what, errtxt);
+ return GPG_ERR_SELFTEST_FAILED;
+}
+
+
+
+/* Run a full self-test for ALGO and return 0 on success. */
+static gpg_err_code_t
+run_selftests (int algo, int extended, selftest_report_func_t report)
+{
+ gpg_err_code_t ec;
+
+ switch (algo)
+ {
+ case GCRY_CIPHER_AES128:
+ ec = selftest_fips_128 (extended, report);
+ break;
+ case GCRY_CIPHER_AES192:
+ ec = selftest_fips_192 (extended, report);
+ break;
+ case GCRY_CIPHER_AES256:
+ ec = selftest_fips_256 (extended, report);
+ break;
+ default:
+ ec = GPG_ERR_CIPHER_ALGO;
+ break;
+
+ }
+ return ec;
+}
+
+
+
+
+static const char *rijndael_names[] =
+ {
+ "RIJNDAEL",
+ "AES128",
+ "AES-128",
+ NULL
+ };
+
+static gcry_cipher_oid_spec_t rijndael_oids[] =
+ {
+ { "2.16.840.1.101.3.4.1.1", GCRY_CIPHER_MODE_ECB },
+ { "2.16.840.1.101.3.4.1.2", GCRY_CIPHER_MODE_CBC },
+ { "2.16.840.1.101.3.4.1.3", GCRY_CIPHER_MODE_OFB },
+ { "2.16.840.1.101.3.4.1.4", GCRY_CIPHER_MODE_CFB },
+ { NULL }
+ };
+
+gcry_cipher_spec_t _gcry_cipher_spec_aes =
+ {
+ "AES", rijndael_names, rijndael_oids, 16, 128, sizeof (RIJNDAEL_context),
+ rijndael_setkey, rijndael_encrypt, rijndael_decrypt
+ };
+cipher_extra_spec_t _gcry_cipher_extraspec_aes =
+ {
+ run_selftests
+ };
+
+static const char *rijndael192_names[] =
+ {
+ "RIJNDAEL192",
+ "AES-192",
+ NULL
+ };
+
+static gcry_cipher_oid_spec_t rijndael192_oids[] =
+ {
+ { "2.16.840.1.101.3.4.1.21", GCRY_CIPHER_MODE_ECB },
+ { "2.16.840.1.101.3.4.1.22", GCRY_CIPHER_MODE_CBC },
+ { "2.16.840.1.101.3.4.1.23", GCRY_CIPHER_MODE_OFB },
+ { "2.16.840.1.101.3.4.1.24", GCRY_CIPHER_MODE_CFB },
+ { NULL }
+ };
+
+gcry_cipher_spec_t _gcry_cipher_spec_aes192 =
+ {
+ "AES192", rijndael192_names, rijndael192_oids, 16, 192, sizeof (RIJNDAEL_context),
+ rijndael_setkey, rijndael_encrypt, rijndael_decrypt
+ };
+cipher_extra_spec_t _gcry_cipher_extraspec_aes192 =
+ {
+ run_selftests
+ };
+
+static const char *rijndael256_names[] =
+ {
+ "RIJNDAEL256",
+ "AES-256",
+ NULL
+ };
+
+static gcry_cipher_oid_spec_t rijndael256_oids[] =
+ {
+ { "2.16.840.1.101.3.4.1.41", GCRY_CIPHER_MODE_ECB },
+ { "2.16.840.1.101.3.4.1.42", GCRY_CIPHER_MODE_CBC },
+ { "2.16.840.1.101.3.4.1.43", GCRY_CIPHER_MODE_OFB },
+ { "2.16.840.1.101.3.4.1.44", GCRY_CIPHER_MODE_CFB },
+ { NULL }
+ };
+
+gcry_cipher_spec_t _gcry_cipher_spec_aes256 =
+ {
+ "AES256", rijndael256_names, rijndael256_oids, 16, 256,
+ sizeof (RIJNDAEL_context),
+ rijndael_setkey, rijndael_encrypt, rijndael_decrypt
+ };
+
+cipher_extra_spec_t _gcry_cipher_extraspec_aes256 =
+ {
+ run_selftests
+ };
diff --git a/grub-core/lib/libgcrypt/cipher/rmd.h b/grub-core/lib/libgcrypt/cipher/rmd.h
new file mode 100644
index 0000000..f4ce9c6
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/rmd.h
@@ -0,0 +1,37 @@
+/* rmd.h - RIPE-MD hash functions
+ * Copyright (C) 1998, 2001, 2002 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+#ifndef G10_RMD_H
+#define G10_RMD_H
+
+
+/* We need this here because random.c must have direct access. */
+typedef struct
+{
+ u32 h0,h1,h2,h3,h4;
+ u32 nblocks;
+ byte buf[64];
+ int count;
+} RMD160_CONTEXT;
+
+void _gcry_rmd160_init ( void *context );
+void _gcry_rmd160_mixblock ( RMD160_CONTEXT *hd, void *blockof64byte );
+
+#endif /*G10_RMD_H*/
+
diff --git a/grub-core/lib/libgcrypt/cipher/rmd160.c b/grub-core/lib/libgcrypt/cipher/rmd160.c
new file mode 100644
index 0000000..7805bf5
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/rmd160.c
@@ -0,0 +1,572 @@
+/* rmd160.c - RIPE-MD160
+ * Copyright (C) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "g10lib.h"
+#include "memory.h"
+#include "rmd.h"
+#include "cipher.h" /* Only used for the rmd160_hash_buffer() prototype. */
+
+#include "bithelp.h"
+
+/*********************************
+ * RIPEMD-160 is not patented, see (as of 25.10.97)
+ * http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html
+ * Note that the code uses Little Endian byteorder, which is good for
+ * 386 etc, but we must add some conversion when used on a big endian box.
+ *
+ *
+ * Pseudo-code for RIPEMD-160
+ *
+ * RIPEMD-160 is an iterative hash function that operates on 32-bit words.
+ * The round function takes as input a 5-word chaining variable and a 16-word
+ * message block and maps this to a new chaining variable. All operations are
+ * defined on 32-bit words. Padding is identical to that of MD4.
+ *
+ *
+ * RIPEMD-160: definitions
+ *
+ *
+ * nonlinear functions at bit level: exor, mux, -, mux, -
+ *
+ * f(j, x, y, z) = x XOR y XOR z (0 <= j <= 15)
+ * f(j, x, y, z) = (x AND y) OR (NOT(x) AND z) (16 <= j <= 31)
+ * f(j, x, y, z) = (x OR NOT(y)) XOR z (32 <= j <= 47)
+ * f(j, x, y, z) = (x AND z) OR (y AND NOT(z)) (48 <= j <= 63)
+ * f(j, x, y, z) = x XOR (y OR NOT(z)) (64 <= j <= 79)
+ *
+ *
+ * added constants (hexadecimal)
+ *
+ * K(j) = 0x00000000 (0 <= j <= 15)
+ * K(j) = 0x5A827999 (16 <= j <= 31) int(2**30 x sqrt(2))
+ * K(j) = 0x6ED9EBA1 (32 <= j <= 47) int(2**30 x sqrt(3))
+ * K(j) = 0x8F1BBCDC (48 <= j <= 63) int(2**30 x sqrt(5))
+ * K(j) = 0xA953FD4E (64 <= j <= 79) int(2**30 x sqrt(7))
+ * K'(j) = 0x50A28BE6 (0 <= j <= 15) int(2**30 x cbrt(2))
+ * K'(j) = 0x5C4DD124 (16 <= j <= 31) int(2**30 x cbrt(3))
+ * K'(j) = 0x6D703EF3 (32 <= j <= 47) int(2**30 x cbrt(5))
+ * K'(j) = 0x7A6D76E9 (48 <= j <= 63) int(2**30 x cbrt(7))
+ * K'(j) = 0x00000000 (64 <= j <= 79)
+ *
+ *
+ * selection of message word
+ *
+ * r(j) = j (0 <= j <= 15)
+ * r(16..31) = 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8
+ * r(32..47) = 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12
+ * r(48..63) = 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2
+ * r(64..79) = 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13
+ * r0(0..15) = 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12
+ * r0(16..31)= 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2
+ * r0(32..47)= 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13
+ * r0(48..63)= 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14
+ * r0(64..79)= 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11
+ *
+ *
+ * amount for rotate left (rol)
+ *
+ * s(0..15) = 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8
+ * s(16..31) = 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12
+ * s(32..47) = 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5
+ * s(48..63) = 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12
+ * s(64..79) = 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6
+ * s'(0..15) = 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6
+ * s'(16..31)= 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11
+ * s'(32..47)= 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5
+ * s'(48..63)= 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8
+ * s'(64..79)= 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11
+ *
+ *
+ * initial value (hexadecimal)
+ *
+ * h0 = 0x67452301; h1 = 0xEFCDAB89; h2 = 0x98BADCFE; h3 = 0x10325476;
+ * h4 = 0xC3D2E1F0;
+ *
+ *
+ * RIPEMD-160: pseudo-code
+ *
+ * It is assumed that the message after padding consists of t 16-word blocks
+ * that will be denoted with X[i][j], with 0 <= i <= t-1 and 0 <= j <= 15.
+ * The symbol [+] denotes addition modulo 2**32 and rol_s denotes cyclic left
+ * shift (rotate) over s positions.
+ *
+ *
+ * for i := 0 to t-1 {
+ * A := h0; B := h1; C := h2; D = h3; E = h4;
+ * A' := h0; B' := h1; C' := h2; D' = h3; E' = h4;
+ * for j := 0 to 79 {
+ * T := rol_s(j)(A [+] f(j, B, C, D) [+] X[i][r(j)] [+] K(j)) [+] E;
+ * A := E; E := D; D := rol_10(C); C := B; B := T;
+ * T := rol_s'(j)(A' [+] f(79-j, B', C', D') [+] X[i][r'(j)]
+ [+] K'(j)) [+] E';
+ * A' := E'; E' := D'; D' := rol_10(C'); C' := B'; B' := T;
+ * }
+ * T := h1 [+] C [+] D'; h1 := h2 [+] D [+] E'; h2 := h3 [+] E [+] A';
+ * h3 := h4 [+] A [+] B'; h4 := h0 [+] B [+] C'; h0 := T;
+ * }
+ */
+
+/* Some examples:
+ * "" 9c1185a5c5e9fc54612808977ee8f548b2258d31
+ * "a" 0bdc9d2d256b3ee9daae347be6f4dc835a467ffe
+ * "abc" 8eb208f7e05d987a9b044a8e98c6b087f15a0bfc
+ * "message digest" 5d0689ef49d2fae572b881b123a85ffa21595f36
+ * "a...z" f71c27109c692c1b56bbdceb5b9d2865b3708dbc
+ * "abcdbcde...nopq" 12a053384a9c0c88e405a06c27dcf49ada62eb2b
+ * "A...Za...z0...9" b0e20b6e3116640286ed3a87a5713079b21f5189
+ * 8 times "1234567890" 9b752e45573d4b39f4dbd3323cab82bf63326bfb
+ * 1 million times "a" 52783243c1697bdbe16d37f97f68f08325dc1528
+ */
+
+
+void
+_gcry_rmd160_init (void *context)
+{
+ RMD160_CONTEXT *hd = context;
+
+ hd->h0 = 0x67452301;
+ hd->h1 = 0xEFCDAB89;
+ hd->h2 = 0x98BADCFE;
+ hd->h3 = 0x10325476;
+ hd->h4 = 0xC3D2E1F0;
+ hd->nblocks = 0;
+ hd->count = 0;
+}
+
+
+
+/****************
+ * Transform the message X which consists of 16 32-bit-words
+ */
+static void
+transform ( RMD160_CONTEXT *hd, const unsigned char *data )
+{
+ register u32 a,b,c,d,e;
+ u32 aa,bb,cc,dd,ee,t;
+#ifdef WORDS_BIGENDIAN
+ u32 x[16];
+ {
+ int i;
+ byte *p2, *p1;
+ for (i=0, p1=data, p2=(byte*)x; i < 16; i++, p2 += 4 )
+ {
+ p2[3] = *p1++;
+ p2[2] = *p1++;
+ p2[1] = *p1++;
+ p2[0] = *p1++;
+ }
+ }
+#else
+ /* This version is better because it is always aligned;
+ * The performance penalty on a 586-100 is about 6% which
+ * is acceptable - because the data is more local it might
+ * also be possible that this is faster on some machines.
+ * This function (when compiled with -02 on gcc 2.7.2)
+ * executes on a 586-100 (39.73 bogomips) at about 1900kb/sec;
+ * [measured with a 4MB data and "gpgm --print-md rmd160"] */
+ u32 x[16];
+ memcpy( x, data, 64 );
+#endif
+
+
+#define K0 0x00000000
+#define K1 0x5A827999
+#define K2 0x6ED9EBA1
+#define K3 0x8F1BBCDC
+#define K4 0xA953FD4E
+#define KK0 0x50A28BE6
+#define KK1 0x5C4DD124
+#define KK2 0x6D703EF3
+#define KK3 0x7A6D76E9
+#define KK4 0x00000000
+#define F0(x,y,z) ( (x) ^ (y) ^ (z) )
+#define F1(x,y,z) ( ((x) & (y)) | (~(x) & (z)) )
+#define F2(x,y,z) ( ((x) | ~(y)) ^ (z) )
+#define F3(x,y,z) ( ((x) & (z)) | ((y) & ~(z)) )
+#define F4(x,y,z) ( (x) ^ ((y) | ~(z)) )
+#define R(a,b,c,d,e,f,k,r,s) do { t = a + f(b,c,d) + k + x[r]; \
+ a = rol(t,s) + e; \
+ c = rol(c,10); \
+ } while(0)
+
+ /* left lane */
+ a = hd->h0;
+ b = hd->h1;
+ c = hd->h2;
+ d = hd->h3;
+ e = hd->h4;
+ R( a, b, c, d, e, F0, K0, 0, 11 );
+ R( e, a, b, c, d, F0, K0, 1, 14 );
+ R( d, e, a, b, c, F0, K0, 2, 15 );
+ R( c, d, e, a, b, F0, K0, 3, 12 );
+ R( b, c, d, e, a, F0, K0, 4, 5 );
+ R( a, b, c, d, e, F0, K0, 5, 8 );
+ R( e, a, b, c, d, F0, K0, 6, 7 );
+ R( d, e, a, b, c, F0, K0, 7, 9 );
+ R( c, d, e, a, b, F0, K0, 8, 11 );
+ R( b, c, d, e, a, F0, K0, 9, 13 );
+ R( a, b, c, d, e, F0, K0, 10, 14 );
+ R( e, a, b, c, d, F0, K0, 11, 15 );
+ R( d, e, a, b, c, F0, K0, 12, 6 );
+ R( c, d, e, a, b, F0, K0, 13, 7 );
+ R( b, c, d, e, a, F0, K0, 14, 9 );
+ R( a, b, c, d, e, F0, K0, 15, 8 );
+ R( e, a, b, c, d, F1, K1, 7, 7 );
+ R( d, e, a, b, c, F1, K1, 4, 6 );
+ R( c, d, e, a, b, F1, K1, 13, 8 );
+ R( b, c, d, e, a, F1, K1, 1, 13 );
+ R( a, b, c, d, e, F1, K1, 10, 11 );
+ R( e, a, b, c, d, F1, K1, 6, 9 );
+ R( d, e, a, b, c, F1, K1, 15, 7 );
+ R( c, d, e, a, b, F1, K1, 3, 15 );
+ R( b, c, d, e, a, F1, K1, 12, 7 );
+ R( a, b, c, d, e, F1, K1, 0, 12 );
+ R( e, a, b, c, d, F1, K1, 9, 15 );
+ R( d, e, a, b, c, F1, K1, 5, 9 );
+ R( c, d, e, a, b, F1, K1, 2, 11 );
+ R( b, c, d, e, a, F1, K1, 14, 7 );
+ R( a, b, c, d, e, F1, K1, 11, 13 );
+ R( e, a, b, c, d, F1, K1, 8, 12 );
+ R( d, e, a, b, c, F2, K2, 3, 11 );
+ R( c, d, e, a, b, F2, K2, 10, 13 );
+ R( b, c, d, e, a, F2, K2, 14, 6 );
+ R( a, b, c, d, e, F2, K2, 4, 7 );
+ R( e, a, b, c, d, F2, K2, 9, 14 );
+ R( d, e, a, b, c, F2, K2, 15, 9 );
+ R( c, d, e, a, b, F2, K2, 8, 13 );
+ R( b, c, d, e, a, F2, K2, 1, 15 );
+ R( a, b, c, d, e, F2, K2, 2, 14 );
+ R( e, a, b, c, d, F2, K2, 7, 8 );
+ R( d, e, a, b, c, F2, K2, 0, 13 );
+ R( c, d, e, a, b, F2, K2, 6, 6 );
+ R( b, c, d, e, a, F2, K2, 13, 5 );
+ R( a, b, c, d, e, F2, K2, 11, 12 );
+ R( e, a, b, c, d, F2, K2, 5, 7 );
+ R( d, e, a, b, c, F2, K2, 12, 5 );
+ R( c, d, e, a, b, F3, K3, 1, 11 );
+ R( b, c, d, e, a, F3, K3, 9, 12 );
+ R( a, b, c, d, e, F3, K3, 11, 14 );
+ R( e, a, b, c, d, F3, K3, 10, 15 );
+ R( d, e, a, b, c, F3, K3, 0, 14 );
+ R( c, d, e, a, b, F3, K3, 8, 15 );
+ R( b, c, d, e, a, F3, K3, 12, 9 );
+ R( a, b, c, d, e, F3, K3, 4, 8 );
+ R( e, a, b, c, d, F3, K3, 13, 9 );
+ R( d, e, a, b, c, F3, K3, 3, 14 );
+ R( c, d, e, a, b, F3, K3, 7, 5 );
+ R( b, c, d, e, a, F3, K3, 15, 6 );
+ R( a, b, c, d, e, F3, K3, 14, 8 );
+ R( e, a, b, c, d, F3, K3, 5, 6 );
+ R( d, e, a, b, c, F3, K3, 6, 5 );
+ R( c, d, e, a, b, F3, K3, 2, 12 );
+ R( b, c, d, e, a, F4, K4, 4, 9 );
+ R( a, b, c, d, e, F4, K4, 0, 15 );
+ R( e, a, b, c, d, F4, K4, 5, 5 );
+ R( d, e, a, b, c, F4, K4, 9, 11 );
+ R( c, d, e, a, b, F4, K4, 7, 6 );
+ R( b, c, d, e, a, F4, K4, 12, 8 );
+ R( a, b, c, d, e, F4, K4, 2, 13 );
+ R( e, a, b, c, d, F4, K4, 10, 12 );
+ R( d, e, a, b, c, F4, K4, 14, 5 );
+ R( c, d, e, a, b, F4, K4, 1, 12 );
+ R( b, c, d, e, a, F4, K4, 3, 13 );
+ R( a, b, c, d, e, F4, K4, 8, 14 );
+ R( e, a, b, c, d, F4, K4, 11, 11 );
+ R( d, e, a, b, c, F4, K4, 6, 8 );
+ R( c, d, e, a, b, F4, K4, 15, 5 );
+ R( b, c, d, e, a, F4, K4, 13, 6 );
+
+ aa = a; bb = b; cc = c; dd = d; ee = e;
+
+ /* right lane */
+ a = hd->h0;
+ b = hd->h1;
+ c = hd->h2;
+ d = hd->h3;
+ e = hd->h4;
+ R( a, b, c, d, e, F4, KK0, 5, 8);
+ R( e, a, b, c, d, F4, KK0, 14, 9);
+ R( d, e, a, b, c, F4, KK0, 7, 9);
+ R( c, d, e, a, b, F4, KK0, 0, 11);
+ R( b, c, d, e, a, F4, KK0, 9, 13);
+ R( a, b, c, d, e, F4, KK0, 2, 15);
+ R( e, a, b, c, d, F4, KK0, 11, 15);
+ R( d, e, a, b, c, F4, KK0, 4, 5);
+ R( c, d, e, a, b, F4, KK0, 13, 7);
+ R( b, c, d, e, a, F4, KK0, 6, 7);
+ R( a, b, c, d, e, F4, KK0, 15, 8);
+ R( e, a, b, c, d, F4, KK0, 8, 11);
+ R( d, e, a, b, c, F4, KK0, 1, 14);
+ R( c, d, e, a, b, F4, KK0, 10, 14);
+ R( b, c, d, e, a, F4, KK0, 3, 12);
+ R( a, b, c, d, e, F4, KK0, 12, 6);
+ R( e, a, b, c, d, F3, KK1, 6, 9);
+ R( d, e, a, b, c, F3, KK1, 11, 13);
+ R( c, d, e, a, b, F3, KK1, 3, 15);
+ R( b, c, d, e, a, F3, KK1, 7, 7);
+ R( a, b, c, d, e, F3, KK1, 0, 12);
+ R( e, a, b, c, d, F3, KK1, 13, 8);
+ R( d, e, a, b, c, F3, KK1, 5, 9);
+ R( c, d, e, a, b, F3, KK1, 10, 11);
+ R( b, c, d, e, a, F3, KK1, 14, 7);
+ R( a, b, c, d, e, F3, KK1, 15, 7);
+ R( e, a, b, c, d, F3, KK1, 8, 12);
+ R( d, e, a, b, c, F3, KK1, 12, 7);
+ R( c, d, e, a, b, F3, KK1, 4, 6);
+ R( b, c, d, e, a, F3, KK1, 9, 15);
+ R( a, b, c, d, e, F3, KK1, 1, 13);
+ R( e, a, b, c, d, F3, KK1, 2, 11);
+ R( d, e, a, b, c, F2, KK2, 15, 9);
+ R( c, d, e, a, b, F2, KK2, 5, 7);
+ R( b, c, d, e, a, F2, KK2, 1, 15);
+ R( a, b, c, d, e, F2, KK2, 3, 11);
+ R( e, a, b, c, d, F2, KK2, 7, 8);
+ R( d, e, a, b, c, F2, KK2, 14, 6);
+ R( c, d, e, a, b, F2, KK2, 6, 6);
+ R( b, c, d, e, a, F2, KK2, 9, 14);
+ R( a, b, c, d, e, F2, KK2, 11, 12);
+ R( e, a, b, c, d, F2, KK2, 8, 13);
+ R( d, e, a, b, c, F2, KK2, 12, 5);
+ R( c, d, e, a, b, F2, KK2, 2, 14);
+ R( b, c, d, e, a, F2, KK2, 10, 13);
+ R( a, b, c, d, e, F2, KK2, 0, 13);
+ R( e, a, b, c, d, F2, KK2, 4, 7);
+ R( d, e, a, b, c, F2, KK2, 13, 5);
+ R( c, d, e, a, b, F1, KK3, 8, 15);
+ R( b, c, d, e, a, F1, KK3, 6, 5);
+ R( a, b, c, d, e, F1, KK3, 4, 8);
+ R( e, a, b, c, d, F1, KK3, 1, 11);
+ R( d, e, a, b, c, F1, KK3, 3, 14);
+ R( c, d, e, a, b, F1, KK3, 11, 14);
+ R( b, c, d, e, a, F1, KK3, 15, 6);
+ R( a, b, c, d, e, F1, KK3, 0, 14);
+ R( e, a, b, c, d, F1, KK3, 5, 6);
+ R( d, e, a, b, c, F1, KK3, 12, 9);
+ R( c, d, e, a, b, F1, KK3, 2, 12);
+ R( b, c, d, e, a, F1, KK3, 13, 9);
+ R( a, b, c, d, e, F1, KK3, 9, 12);
+ R( e, a, b, c, d, F1, KK3, 7, 5);
+ R( d, e, a, b, c, F1, KK3, 10, 15);
+ R( c, d, e, a, b, F1, KK3, 14, 8);
+ R( b, c, d, e, a, F0, KK4, 12, 8);
+ R( a, b, c, d, e, F0, KK4, 15, 5);
+ R( e, a, b, c, d, F0, KK4, 10, 12);
+ R( d, e, a, b, c, F0, KK4, 4, 9);
+ R( c, d, e, a, b, F0, KK4, 1, 12);
+ R( b, c, d, e, a, F0, KK4, 5, 5);
+ R( a, b, c, d, e, F0, KK4, 8, 14);
+ R( e, a, b, c, d, F0, KK4, 7, 6);
+ R( d, e, a, b, c, F0, KK4, 6, 8);
+ R( c, d, e, a, b, F0, KK4, 2, 13);
+ R( b, c, d, e, a, F0, KK4, 13, 6);
+ R( a, b, c, d, e, F0, KK4, 14, 5);
+ R( e, a, b, c, d, F0, KK4, 0, 15);
+ R( d, e, a, b, c, F0, KK4, 3, 13);
+ R( c, d, e, a, b, F0, KK4, 9, 11);
+ R( b, c, d, e, a, F0, KK4, 11, 11);
+
+
+ t = hd->h1 + d + cc;
+ hd->h1 = hd->h2 + e + dd;
+ hd->h2 = hd->h3 + a + ee;
+ hd->h3 = hd->h4 + b + aa;
+ hd->h4 = hd->h0 + c + bb;
+ hd->h0 = t;
+}
+
+
+/* Update the message digest with the contents
+ * of INBUF with length INLEN.
+ */
+static void
+rmd160_write ( void *context, const void *inbuf_arg, size_t inlen)
+{
+ const unsigned char *inbuf = inbuf_arg;
+ RMD160_CONTEXT *hd = context;
+
+ if( hd->count == 64 ) /* flush the buffer */
+ {
+ transform( hd, hd->buf );
+ _gcry_burn_stack (108+5*sizeof(void*));
+ hd->count = 0;
+ hd->nblocks++;
+ }
+ if( !inbuf )
+ return;
+ if( hd->count )
+ {
+ for( ; inlen && hd->count < 64; inlen-- )
+ hd->buf[hd->count++] = *inbuf++;
+ rmd160_write( hd, NULL, 0 );
+ if( !inlen )
+ return;
+ }
+
+ while( inlen >= 64 )
+ {
+ transform( hd, inbuf );
+ hd->count = 0;
+ hd->nblocks++;
+ inlen -= 64;
+ inbuf += 64;
+ }
+ _gcry_burn_stack (108+5*sizeof(void*));
+ for( ; inlen && hd->count < 64; inlen-- )
+ hd->buf[hd->count++] = *inbuf++;
+}
+
+/****************
+ * Apply the rmd160 transform function on the buffer which must have
+ * a length 64 bytes. Do not use this function together with the
+ * other functions, use rmd160_init to initialize internal variables.
+ * Returns: 16 bytes in buffer with the mixed contentes of buffer.
+ */
+void
+_gcry_rmd160_mixblock ( RMD160_CONTEXT *hd, void *blockof64byte )
+{
+ char *p = blockof64byte;
+
+ transform ( hd, blockof64byte );
+#define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0)
+ X(0);
+ X(1);
+ X(2);
+ X(3);
+ X(4);
+#undef X
+}
+
+
+/* The routine terminates the computation
+ */
+
+static void
+rmd160_final( void *context )
+{
+ RMD160_CONTEXT *hd = context;
+ u32 t, msb, lsb;
+ byte *p;
+
+ rmd160_write(hd, NULL, 0); /* flush */;
+
+ t = hd->nblocks;
+ /* multiply by 64 to make a byte count */
+ lsb = t << 6;
+ msb = t >> 26;
+ /* add the count */
+ t = lsb;
+ if( (lsb += hd->count) < t )
+ msb++;
+ /* multiply by 8 to make a bit count */
+ t = lsb;
+ lsb <<= 3;
+ msb <<= 3;
+ msb |= t >> 29;
+
+ if( hd->count < 56 ) /* enough room */
+ {
+ hd->buf[hd->count++] = 0x80; /* pad */
+ while( hd->count < 56 )
+ hd->buf[hd->count++] = 0; /* pad */
+ }
+ else /* need one extra block */
+ {
+ hd->buf[hd->count++] = 0x80; /* pad character */
+ while( hd->count < 64 )
+ hd->buf[hd->count++] = 0;
+ rmd160_write(hd, NULL, 0); /* flush */;
+ memset(hd->buf, 0, 56 ); /* fill next block with zeroes */
+ }
+ /* append the 64 bit count */
+ hd->buf[56] = lsb ;
+ hd->buf[57] = lsb >> 8;
+ hd->buf[58] = lsb >> 16;
+ hd->buf[59] = lsb >> 24;
+ hd->buf[60] = msb ;
+ hd->buf[61] = msb >> 8;
+ hd->buf[62] = msb >> 16;
+ hd->buf[63] = msb >> 24;
+ transform( hd, hd->buf );
+ _gcry_burn_stack (108+5*sizeof(void*));
+
+ p = hd->buf;
+#ifdef WORDS_BIGENDIAN
+#define X(a) do { *p++ = hd->h##a ; *p++ = hd->h##a >> 8; \
+ *p++ = hd->h##a >> 16; *p++ = hd->h##a >> 24; } while(0)
+#else /* little endian */
+#define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0)
+#endif
+ X(0);
+ X(1);
+ X(2);
+ X(3);
+ X(4);
+#undef X
+}
+
+static byte *
+rmd160_read( void *context )
+{
+ RMD160_CONTEXT *hd = context;
+
+ return hd->buf;
+}
+
+
+
+/****************
+ * Shortcut functions which puts the hash value of the supplied buffer
+ * into outbuf which must have a size of 20 bytes.
+ */
+void
+_gcry_rmd160_hash_buffer (void *outbuf, const void *buffer, size_t length )
+{
+ RMD160_CONTEXT hd;
+
+ _gcry_rmd160_init ( &hd );
+ rmd160_write ( &hd, buffer, length );
+ rmd160_final ( &hd );
+ memcpy ( outbuf, hd.buf, 20 );
+}
+
+static byte asn[15] = /* Object ID is 1.3.36.3.2.1 */
+ { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x24, 0x03,
+ 0x02, 0x01, 0x05, 0x00, 0x04, 0x14 };
+
+static gcry_md_oid_spec_t oid_spec_rmd160[] =
+ {
+ /* rsaSignatureWithripemd160 */
+ { "1.3.36.3.3.1.2" },
+ /* TeleTrust hash algorithm. */
+ { "1.3.36.3.2.1" },
+ { NULL }
+ };
+
+gcry_md_spec_t _gcry_digest_spec_rmd160 =
+ {
+ "RIPEMD160", asn, DIM (asn), oid_spec_rmd160, 20,
+ _gcry_rmd160_init, rmd160_write, rmd160_final, rmd160_read,
+ sizeof (RMD160_CONTEXT)
+ };
diff --git a/grub-core/lib/libgcrypt/cipher/rsa.c b/grub-core/lib/libgcrypt/cipher/rsa.c
new file mode 100644
index 0000000..cf278c2
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/rsa.c
@@ -0,0 +1,1379 @@
+/* rsa.c - RSA implementation
+ * Copyright (C) 1997, 1998, 1999 by Werner Koch (dd9jn)
+ * Copyright (C) 2000, 2001, 2002, 2003, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* This code uses an algorithm protected by U.S. Patent #4,405,829
+ which expired on September 20, 2000. The patent holder placed that
+ patent into the public domain on Sep 6th, 2000.
+*/
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+
+#include "g10lib.h"
+#include "mpi.h"
+#include "cipher.h"
+
+
+typedef struct
+{
+ gcry_mpi_t n; /* modulus */
+ gcry_mpi_t e; /* exponent */
+} RSA_public_key;
+
+
+typedef struct
+{
+ gcry_mpi_t n; /* public modulus */
+ gcry_mpi_t e; /* public exponent */
+ gcry_mpi_t d; /* exponent */
+ gcry_mpi_t p; /* prime p. */
+ gcry_mpi_t q; /* prime q. */
+ gcry_mpi_t u; /* inverse of p mod q. */
+} RSA_secret_key;
+
+
+/* A sample 1024 bit RSA key used for the selftests. */
+static const char sample_secret_key[] =
+"(private-key"
+" (rsa"
+" (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa"
+" 2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291"
+" ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7"
+" 891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)"
+" (e #010001#)"
+" (d #046129f2489d71579be0a75fe029bd6cdb574ebf57ea8a5b0fda942cab943b11"
+" 7d7bb95e5d28875e0f9fc5fcc06a72f6d502464dabded78ef6b716177b83d5bd"
+" c543dc5d3fed932e59f5897e92e6f58a0f33424106a3b6fa2cbf877510e4ac21"
+" c3ee47851e97d12996222ac3566d4ccb0b83d164074abf7de655fc2446da1781#)"
+" (p #00e861b700e17e8afe6837e7512e35b6ca11d0ae47d8b85161c67baf64377213"
+" fe52d772f2035b3ca830af41d8a4120e1c1c70d12cc22f00d28d31dd48a8d424f1#)"
+" (q #00f7a7ca5367c661f8e62df34f0d05c10c88e5492348dd7bddc942c9a8f369f9"
+" 35a07785d2db805215ed786e4285df1658eed3ce84f469b81b50d358407b4ad361#)"
+" (u #304559a9ead56d2309d203811a641bb1a09626bc8eb36fffa23c968ec5bd891e"
+" ebbafc73ae666e01ba7c8990bae06cc2bbe10b75e69fcacb353a6473079d8e9b#)))";
+/* A sample 1024 bit RSA key used for the selftests (public only). */
+static const char sample_public_key[] =
+"(public-key"
+" (rsa"
+" (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa"
+" 2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291"
+" ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7"
+" 891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)"
+" (e #010001#)))";
+
+
+
+
+static int test_keys (RSA_secret_key *sk, unsigned nbits);
+static int check_secret_key (RSA_secret_key *sk);
+static void public (gcry_mpi_t output, gcry_mpi_t input, RSA_public_key *skey);
+static void secret (gcry_mpi_t output, gcry_mpi_t input, RSA_secret_key *skey);
+
+
+/* Check that a freshly generated key actually works. Returns 0 on success. */
+static int
+test_keys (RSA_secret_key *sk, unsigned int nbits)
+{
+ int result = -1; /* Default to failure. */
+ RSA_public_key pk;
+ gcry_mpi_t plaintext = gcry_mpi_new (nbits);
+ gcry_mpi_t ciphertext = gcry_mpi_new (nbits);
+ gcry_mpi_t decr_plaintext = gcry_mpi_new (nbits);
+ gcry_mpi_t signature = gcry_mpi_new (nbits);
+
+ /* Put the relevant parameters into a public key structure. */
+ pk.n = sk->n;
+ pk.e = sk->e;
+
+ /* Create a random plaintext. */
+ gcry_mpi_randomize (plaintext, nbits, GCRY_WEAK_RANDOM);
+
+ /* Encrypt using the public key. */
+ public (ciphertext, plaintext, &pk);
+
+ /* Check that the cipher text does not match the plaintext. */
+ if (!gcry_mpi_cmp (ciphertext, plaintext))
+ goto leave; /* Ciphertext is identical to the plaintext. */
+
+ /* Decrypt using the secret key. */
+ secret (decr_plaintext, ciphertext, sk);
+
+ /* Check that the decrypted plaintext matches the original plaintext. */
+ if (gcry_mpi_cmp (decr_plaintext, plaintext))
+ goto leave; /* Plaintext does not match. */
+
+ /* Create another random plaintext as data for signature checking. */
+ gcry_mpi_randomize (plaintext, nbits, GCRY_WEAK_RANDOM);
+
+ /* Use the RSA secret function to create a signature of the plaintext. */
+ secret (signature, plaintext, sk);
+
+ /* Use the RSA public function to verify this signature. */
+ public (decr_plaintext, signature, &pk);
+ if (gcry_mpi_cmp (decr_plaintext, plaintext))
+ goto leave; /* Signature does not match. */
+
+ /* Modify the signature and check that the signing fails. */
+ gcry_mpi_add_ui (signature, signature, 1);
+ public (decr_plaintext, signature, &pk);
+ if (!gcry_mpi_cmp (decr_plaintext, plaintext))
+ goto leave; /* Signature matches but should not. */
+
+ result = 0; /* All tests succeeded. */
+
+ leave:
+ gcry_mpi_release (signature);
+ gcry_mpi_release (decr_plaintext);
+ gcry_mpi_release (ciphertext);
+ gcry_mpi_release (plaintext);
+ return result;
+}
+
+
+/* Callback used by the prime generation to test whether the exponent
+ is suitable. Returns 0 if the test has been passed. */
+static int
+check_exponent (void *arg, gcry_mpi_t a)
+{
+ gcry_mpi_t e = arg;
+ gcry_mpi_t tmp;
+ int result;
+
+ mpi_sub_ui (a, a, 1);
+ tmp = _gcry_mpi_alloc_like (a);
+ result = !gcry_mpi_gcd(tmp, e, a); /* GCD is not 1. */
+ gcry_mpi_release (tmp);
+ mpi_add_ui (a, a, 1);
+ return result;
+}
+
+/****************
+ * Generate a key pair with a key of size NBITS.
+ * USE_E = 0 let Libcgrypt decide what exponent to use.
+ * = 1 request the use of a "secure" exponent; this is required by some
+ * specification to be 65537.
+ * > 2 Use this public exponent. If the given exponent
+ * is not odd one is internally added to it.
+ * TRANSIENT_KEY: If true, generate the primes using the standard RNG.
+ * Returns: 2 structures filled with all needed values
+ */
+static gpg_err_code_t
+generate_std (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e,
+ int transient_key)
+{
+ gcry_mpi_t p, q; /* the two primes */
+ gcry_mpi_t d; /* the private key */
+ gcry_mpi_t u;
+ gcry_mpi_t t1, t2;
+ gcry_mpi_t n; /* the public key */
+ gcry_mpi_t e; /* the exponent */
+ gcry_mpi_t phi; /* helper: (p-1)(q-1) */
+ gcry_mpi_t g;
+ gcry_mpi_t f;
+ gcry_random_level_t random_level;
+
+ if (fips_mode ())
+ {
+ if (nbits < 1024)
+ return GPG_ERR_INV_VALUE;
+ if (transient_key)
+ return GPG_ERR_INV_VALUE;
+ }
+
+ /* The random quality depends on the transient_key flag. */
+ random_level = transient_key ? GCRY_STRONG_RANDOM : GCRY_VERY_STRONG_RANDOM;
+
+ /* Make sure that nbits is even so that we generate p, q of equal size. */
+ if ( (nbits&1) )
+ nbits++;
+
+ if (use_e == 1) /* Alias for a secure value */
+ use_e = 65537; /* as demanded by Sphinx. */
+
+ /* Public exponent:
+ In general we use 41 as this is quite fast and more secure than the
+ commonly used 17. Benchmarking the RSA verify function
+ with a 1024 bit key yields (2001-11-08):
+ e=17 0.54 ms
+ e=41 0.75 ms
+ e=257 0.95 ms
+ e=65537 1.80 ms
+ */
+ e = mpi_alloc( (32+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB );
+ if (!use_e)
+ mpi_set_ui (e, 41); /* This is a reasonable secure and fast value */
+ else
+ {
+ use_e |= 1; /* make sure this is odd */
+ mpi_set_ui (e, use_e);
+ }
+
+ n = gcry_mpi_new (nbits);
+
+ p = q = NULL;
+ do
+ {
+ /* select two (very secret) primes */
+ if (p)
+ gcry_mpi_release (p);
+ if (q)
+ gcry_mpi_release (q);
+ if (use_e)
+ { /* Do an extra test to ensure that the given exponent is
+ suitable. */
+ p = _gcry_generate_secret_prime (nbits/2, random_level,
+ check_exponent, e);
+ q = _gcry_generate_secret_prime (nbits/2, random_level,
+ check_exponent, e);
+ }
+ else
+ { /* We check the exponent later. */
+ p = _gcry_generate_secret_prime (nbits/2, random_level, NULL, NULL);
+ q = _gcry_generate_secret_prime (nbits/2, random_level, NULL, NULL);
+ }
+ if (mpi_cmp (p, q) > 0 ) /* p shall be smaller than q (for calc of u)*/
+ mpi_swap(p,q);
+ /* calculate the modulus */
+ mpi_mul( n, p, q );
+ }
+ while ( mpi_get_nbits(n) != nbits );
+
+ /* calculate Euler totient: phi = (p-1)(q-1) */
+ t1 = mpi_alloc_secure( mpi_get_nlimbs(p) );
+ t2 = mpi_alloc_secure( mpi_get_nlimbs(p) );
+ phi = gcry_mpi_snew ( nbits );
+ g = gcry_mpi_snew ( nbits );
+ f = gcry_mpi_snew ( nbits );
+ mpi_sub_ui( t1, p, 1 );
+ mpi_sub_ui( t2, q, 1 );
+ mpi_mul( phi, t1, t2 );
+ gcry_mpi_gcd(g, t1, t2);
+ mpi_fdiv_q(f, phi, g);
+
+ while (!gcry_mpi_gcd(t1, e, phi)) /* (while gcd is not 1) */
+ {
+ if (use_e)
+ BUG (); /* The prime generator already made sure that we
+ never can get to here. */
+ mpi_add_ui (e, e, 2);
+ }
+
+ /* calculate the secret key d = e^1 mod phi */
+ d = gcry_mpi_snew ( nbits );
+ mpi_invm(d, e, f );
+ /* calculate the inverse of p and q (used for chinese remainder theorem)*/
+ u = gcry_mpi_snew ( nbits );
+ mpi_invm(u, p, q );
+
+ if( DBG_CIPHER )
+ {
+ log_mpidump(" p= ", p );
+ log_mpidump(" q= ", q );
+ log_mpidump("phi= ", phi );
+ log_mpidump(" g= ", g );
+ log_mpidump(" f= ", f );
+ log_mpidump(" n= ", n );
+ log_mpidump(" e= ", e );
+ log_mpidump(" d= ", d );
+ log_mpidump(" u= ", u );
+ }
+
+ gcry_mpi_release (t1);
+ gcry_mpi_release (t2);
+ gcry_mpi_release (phi);
+ gcry_mpi_release (f);
+ gcry_mpi_release (g);
+
+ sk->n = n;
+ sk->e = e;
+ sk->p = p;
+ sk->q = q;
+ sk->d = d;
+ sk->u = u;
+
+ /* Now we can test our keys. */
+ if (test_keys (sk, nbits - 64))
+ {
+ gcry_mpi_release (sk->n); sk->n = NULL;
+ gcry_mpi_release (sk->e); sk->e = NULL;
+ gcry_mpi_release (sk->p); sk->p = NULL;
+ gcry_mpi_release (sk->q); sk->q = NULL;
+ gcry_mpi_release (sk->d); sk->d = NULL;
+ gcry_mpi_release (sk->u); sk->u = NULL;
+ fips_signal_error ("self-test after key generation failed");
+ return GPG_ERR_SELFTEST_FAILED;
+ }
+
+ return 0;
+}
+
+
+/* Helper for generate_x931. */
+static gcry_mpi_t
+gen_x931_parm_xp (unsigned int nbits)
+{
+ gcry_mpi_t xp;
+
+ xp = gcry_mpi_snew (nbits);
+ gcry_mpi_randomize (xp, nbits, GCRY_VERY_STRONG_RANDOM);
+
+ /* The requirement for Xp is:
+
+ sqrt{2}*2^{nbits-1} <= xp <= 2^{nbits} - 1
+
+ We set the two high order bits to 1 to satisfy the lower bound.
+ By using mpi_set_highbit we make sure that the upper bound is
+ satisfied as well. */
+ mpi_set_highbit (xp, nbits-1);
+ mpi_set_bit (xp, nbits-2);
+ gcry_assert ( mpi_get_nbits (xp) == nbits );
+
+ return xp;
+}
+
+
+/* Helper for generate_x931. */
+static gcry_mpi_t
+gen_x931_parm_xi (void)
+{
+ gcry_mpi_t xi;
+
+ xi = gcry_mpi_snew (101);
+ gcry_mpi_randomize (xi, 101, GCRY_VERY_STRONG_RANDOM);
+ mpi_set_highbit (xi, 100);
+ gcry_assert ( mpi_get_nbits (xi) == 101 );
+
+ return xi;
+}
+
+
+
+/* Variant of the standard key generation code using the algorithm
+ from X9.31. Using this algorithm has the advantage that the
+ generation can be made deterministic which is required for CAVS
+ testing. */
+static gpg_err_code_t
+generate_x931 (RSA_secret_key *sk, unsigned int nbits, unsigned long e_value,
+ gcry_sexp_t deriveparms, int *swapped)
+{
+ gcry_mpi_t p, q; /* The two primes. */
+ gcry_mpi_t e; /* The public exponent. */
+ gcry_mpi_t n; /* The public key. */
+ gcry_mpi_t d; /* The private key */
+ gcry_mpi_t u; /* The inverse of p and q. */
+ gcry_mpi_t pm1; /* p - 1 */
+ gcry_mpi_t qm1; /* q - 1 */
+ gcry_mpi_t phi; /* Euler totient. */
+ gcry_mpi_t f, g; /* Helper. */
+
+ *swapped = 0;
+
+ if (e_value == 1) /* Alias for a secure value. */
+ e_value = 65537;
+
+ /* Point 1 of section 4.1: k = 1024 + 256s with S >= 0 */
+ if (nbits < 1024 || (nbits % 256))
+ return GPG_ERR_INV_VALUE;
+
+ /* Point 2: 2 <= bitlength(e) < 2^{k-2}
+ Note that we do not need to check the upper bound because we use
+ an unsigned long for E and thus there is no way for E to reach
+ that limit. */
+ if (e_value < 3)
+ return GPG_ERR_INV_VALUE;
+
+ /* Our implementaion requires E to be odd. */
+ if (!(e_value & 1))
+ return GPG_ERR_INV_VALUE;
+
+ /* Point 3: e > 0 or e 0 if it is to be randomly generated.
+ We support only a fixed E and thus there is no need for an extra test. */
+
+
+ /* Compute or extract the derive parameters. */
+ {
+ gcry_mpi_t xp1 = NULL;
+ gcry_mpi_t xp2 = NULL;
+ gcry_mpi_t xp = NULL;
+ gcry_mpi_t xq1 = NULL;
+ gcry_mpi_t xq2 = NULL;
+ gcry_mpi_t xq = NULL;
+ gcry_mpi_t tmpval;
+
+ if (!deriveparms)
+ {
+ /* Not given: Generate them. */
+ xp = gen_x931_parm_xp (nbits/2);
+ /* Make sure that |xp - xq| > 2^{nbits - 100} holds. */
+ tmpval = gcry_mpi_snew (nbits/2);
+ do
+ {
+ gcry_mpi_release (xq);
+ xq = gen_x931_parm_xp (nbits/2);
+ mpi_sub (tmpval, xp, xq);
+ }
+ while (mpi_get_nbits (tmpval) <= (nbits/2 - 100));
+ gcry_mpi_release (tmpval);
+
+ xp1 = gen_x931_parm_xi ();
+ xp2 = gen_x931_parm_xi ();
+ xq1 = gen_x931_parm_xi ();
+ xq2 = gen_x931_parm_xi ();
+
+ }
+ else
+ {
+ /* Parameters to derive the key are given. */
+ struct { const char *name; gcry_mpi_t *value; } tbl[] = {
+ { "Xp1", &xp1 },
+ { "Xp2", &xp2 },
+ { "Xp", &xp },
+ { "Xq1", &xq1 },
+ { "Xq2", &xq2 },
+ { "Xq", &xq },
+ { NULL, NULL }
+ };
+ int idx;
+ gcry_sexp_t oneparm;
+
+ for (idx=0; tbl[idx].name; idx++)
+ {
+ oneparm = gcry_sexp_find_token (deriveparms, tbl[idx].name, 0);
+ if (oneparm)
+ {
+ *tbl[idx].value = gcry_sexp_nth_mpi (oneparm, 1,
+ GCRYMPI_FMT_USG);
+ gcry_sexp_release (oneparm);
+ }
+ }
+ for (idx=0; tbl[idx].name; idx++)
+ if (!*tbl[idx].value)
+ break;
+ if (tbl[idx].name)
+ {
+ /* At least one parameter is missing. */
+ for (idx=0; tbl[idx].name; idx++)
+ gcry_mpi_release (*tbl[idx].value);
+ return GPG_ERR_MISSING_VALUE;
+ }
+ }
+
+ e = mpi_alloc_set_ui (e_value);
+
+ /* Find two prime numbers. */
+ p = _gcry_derive_x931_prime (xp, xp1, xp2, e, NULL, NULL);
+ q = _gcry_derive_x931_prime (xq, xq1, xq2, e, NULL, NULL);
+ gcry_mpi_release (xp); xp = NULL;
+ gcry_mpi_release (xp1); xp1 = NULL;
+ gcry_mpi_release (xp2); xp2 = NULL;
+ gcry_mpi_release (xq); xq = NULL;
+ gcry_mpi_release (xq1); xq1 = NULL;
+ gcry_mpi_release (xq2); xq2 = NULL;
+ if (!p || !q)
+ {
+ gcry_mpi_release (p);
+ gcry_mpi_release (q);
+ gcry_mpi_release (e);
+ return GPG_ERR_NO_PRIME;
+ }
+ }
+
+
+ /* Compute the public modulus. We make sure that p is smaller than
+ q to allow the use of the CRT. */
+ if (mpi_cmp (p, q) > 0 )
+ {
+ mpi_swap (p, q);
+ *swapped = 1;
+ }
+ n = gcry_mpi_new (nbits);
+ mpi_mul (n, p, q);
+
+ /* Compute the Euler totient: phi = (p-1)(q-1) */
+ pm1 = gcry_mpi_snew (nbits/2);
+ qm1 = gcry_mpi_snew (nbits/2);
+ phi = gcry_mpi_snew (nbits);
+ mpi_sub_ui (pm1, p, 1);
+ mpi_sub_ui (qm1, q, 1);
+ mpi_mul (phi, pm1, qm1);
+
+ g = gcry_mpi_snew (nbits);
+ gcry_assert (gcry_mpi_gcd (g, e, phi));
+
+ /* Compute: f = lcm(p-1,q-1) = phi / gcd(p-1,q-1) */
+ gcry_mpi_gcd (g, pm1, qm1);
+ f = pm1; pm1 = NULL;
+ gcry_mpi_release (qm1); qm1 = NULL;
+ mpi_fdiv_q (f, phi, g);
+ gcry_mpi_release (phi); phi = NULL;
+ d = g; g = NULL;
+ /* Compute the secret key: d = e^{-1} mod lcm(p-1,q-1) */
+ mpi_invm (d, e, f);
+
+ /* Compute the inverse of p and q. */
+ u = f; f = NULL;
+ mpi_invm (u, p, q );
+
+ if( DBG_CIPHER )
+ {
+ if (*swapped)
+ log_debug ("p and q are swapped\n");
+ log_mpidump(" p", p );
+ log_mpidump(" q", q );
+ log_mpidump(" n", n );
+ log_mpidump(" e", e );
+ log_mpidump(" d", d );
+ log_mpidump(" u", u );
+ }
+
+
+ sk->n = n;
+ sk->e = e;
+ sk->p = p;
+ sk->q = q;
+ sk->d = d;
+ sk->u = u;
+
+ /* Now we can test our keys. */
+ if (test_keys (sk, nbits - 64))
+ {
+ gcry_mpi_release (sk->n); sk->n = NULL;
+ gcry_mpi_release (sk->e); sk->e = NULL;
+ gcry_mpi_release (sk->p); sk->p = NULL;
+ gcry_mpi_release (sk->q); sk->q = NULL;
+ gcry_mpi_release (sk->d); sk->d = NULL;
+ gcry_mpi_release (sk->u); sk->u = NULL;
+ fips_signal_error ("self-test after key generation failed");
+ return GPG_ERR_SELFTEST_FAILED;
+ }
+
+ return 0;
+}
+
+
+/****************
+ * Test wether the secret key is valid.
+ * Returns: true if this is a valid key.
+ */
+static int
+check_secret_key( RSA_secret_key *sk )
+{
+ int rc;
+ gcry_mpi_t temp = mpi_alloc( mpi_get_nlimbs(sk->p)*2 );
+
+ mpi_mul(temp, sk->p, sk->q );
+ rc = mpi_cmp( temp, sk->n );
+ mpi_free(temp);
+ return !rc;
+}
+
+
+
+/****************
+ * Public key operation. Encrypt INPUT with PKEY and put result into OUTPUT.
+ *
+ * c = m^e mod n
+ *
+ * Where c is OUTPUT, m is INPUT and e,n are elements of PKEY.
+ */
+static void
+public(gcry_mpi_t output, gcry_mpi_t input, RSA_public_key *pkey )
+{
+ if( output == input ) /* powm doesn't like output and input the same */
+ {
+ gcry_mpi_t x = mpi_alloc( mpi_get_nlimbs(input)*2 );
+ mpi_powm( x, input, pkey->e, pkey->n );
+ mpi_set(output, x);
+ mpi_free(x);
+ }
+ else
+ mpi_powm( output, input, pkey->e, pkey->n );
+}
+
+#if 0
+static void
+stronger_key_check ( RSA_secret_key *skey )
+{
+ gcry_mpi_t t = mpi_alloc_secure ( 0 );
+ gcry_mpi_t t1 = mpi_alloc_secure ( 0 );
+ gcry_mpi_t t2 = mpi_alloc_secure ( 0 );
+ gcry_mpi_t phi = mpi_alloc_secure ( 0 );
+
+ /* check that n == p * q */
+ mpi_mul( t, skey->p, skey->q);
+ if (mpi_cmp( t, skey->n) )
+ log_info ( "RSA Oops: n != p * q\n" );
+
+ /* check that p is less than q */
+ if( mpi_cmp( skey->p, skey->q ) > 0 )
+ {
+ log_info ("RSA Oops: p >= q - fixed\n");
+ _gcry_mpi_swap ( skey->p, skey->q);
+ }
+
+ /* check that e divides neither p-1 nor q-1 */
+ mpi_sub_ui(t, skey->p, 1 );
+ mpi_fdiv_r(t, t, skey->e );
+ if ( !mpi_cmp_ui( t, 0) )
+ log_info ( "RSA Oops: e divides p-1\n" );
+ mpi_sub_ui(t, skey->q, 1 );
+ mpi_fdiv_r(t, t, skey->e );
+ if ( !mpi_cmp_ui( t, 0) )
+ log_info ( "RSA Oops: e divides q-1\n" );
+
+ /* check that d is correct */
+ mpi_sub_ui( t1, skey->p, 1 );
+ mpi_sub_ui( t2, skey->q, 1 );
+ mpi_mul( phi, t1, t2 );
+ gcry_mpi_gcd(t, t1, t2);
+ mpi_fdiv_q(t, phi, t);
+ mpi_invm(t, skey->e, t );
+ if ( mpi_cmp(t, skey->d ) )
+ {
+ log_info ( "RSA Oops: d is wrong - fixed\n");
+ mpi_set (skey->d, t);
+ _gcry_log_mpidump (" fixed d", skey->d);
+ }
+
+ /* check for correctness of u */
+ mpi_invm(t, skey->p, skey->q );
+ if ( mpi_cmp(t, skey->u ) )
+ {
+ log_info ( "RSA Oops: u is wrong - fixed\n");
+ mpi_set (skey->u, t);
+ _gcry_log_mpidump (" fixed u", skey->u);
+ }
+
+ log_info ( "RSA secret key check finished\n");
+
+ mpi_free (t);
+ mpi_free (t1);
+ mpi_free (t2);
+ mpi_free (phi);
+}
+#endif
+
+
+
+/****************
+ * Secret key operation. Encrypt INPUT with SKEY and put result into OUTPUT.
+ *
+ * m = c^d mod n
+ *
+ * Or faster:
+ *
+ * m1 = c ^ (d mod (p-1)) mod p
+ * m2 = c ^ (d mod (q-1)) mod q
+ * h = u * (m2 - m1) mod q
+ * m = m1 + h * p
+ *
+ * Where m is OUTPUT, c is INPUT and d,n,p,q,u are elements of SKEY.
+ */
+static void
+secret(gcry_mpi_t output, gcry_mpi_t input, RSA_secret_key *skey )
+{
+ if (!skey->p || !skey->q || !skey->u)
+ {
+ mpi_powm (output, input, skey->d, skey->n);
+ }
+ else
+ {
+ gcry_mpi_t m1 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
+ gcry_mpi_t m2 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
+ gcry_mpi_t h = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
+
+ /* m1 = c ^ (d mod (p-1)) mod p */
+ mpi_sub_ui( h, skey->p, 1 );
+ mpi_fdiv_r( h, skey->d, h );
+ mpi_powm( m1, input, h, skey->p );
+ /* m2 = c ^ (d mod (q-1)) mod q */
+ mpi_sub_ui( h, skey->q, 1 );
+ mpi_fdiv_r( h, skey->d, h );
+ mpi_powm( m2, input, h, skey->q );
+ /* h = u * ( m2 - m1 ) mod q */
+ mpi_sub( h, m2, m1 );
+ if ( mpi_is_neg( h ) )
+ mpi_add ( h, h, skey->q );
+ mpi_mulm( h, skey->u, h, skey->q );
+ /* m = m2 + h * p */
+ mpi_mul ( h, h, skey->p );
+ mpi_add ( output, m1, h );
+
+ mpi_free ( h );
+ mpi_free ( m1 );
+ mpi_free ( m2 );
+ }
+}
+
+
+
+/* Perform RSA blinding. */
+static gcry_mpi_t
+rsa_blind (gcry_mpi_t x, gcry_mpi_t r, gcry_mpi_t e, gcry_mpi_t n)
+{
+ /* A helper. */
+ gcry_mpi_t a;
+
+ /* Result. */
+ gcry_mpi_t y;
+
+ a = gcry_mpi_snew (gcry_mpi_get_nbits (n));
+ y = gcry_mpi_snew (gcry_mpi_get_nbits (n));
+
+ /* Now we calculate: y = (x * r^e) mod n, where r is the random
+ number, e is the public exponent, x is the non-blinded data and n
+ is the RSA modulus. */
+ gcry_mpi_powm (a, r, e, n);
+ gcry_mpi_mulm (y, a, x, n);
+
+ gcry_mpi_release (a);
+
+ return y;
+}
+
+/* Undo RSA blinding. */
+static gcry_mpi_t
+rsa_unblind (gcry_mpi_t x, gcry_mpi_t ri, gcry_mpi_t n)
+{
+ gcry_mpi_t y;
+
+ y = gcry_mpi_snew (gcry_mpi_get_nbits (n));
+
+ /* Here we calculate: y = (x * r^-1) mod n, where x is the blinded
+ decrypted data, ri is the modular multiplicative inverse of r and
+ n is the RSA modulus. */
+
+ gcry_mpi_mulm (y, ri, x, n);
+
+ return y;
+}
+
+/*********************************************
+ ************** interface ******************
+ *********************************************/
+
+static gcry_err_code_t
+rsa_generate_ext (int algo, unsigned int nbits, unsigned long evalue,
+ const gcry_sexp_t genparms,
+ gcry_mpi_t *skey, gcry_mpi_t **retfactors,
+ gcry_sexp_t *r_extrainfo)
+{
+ RSA_secret_key sk;
+ gpg_err_code_t ec;
+ gcry_sexp_t deriveparms;
+ int transient_key = 0;
+ int use_x931 = 0;
+ gcry_sexp_t l1;
+
+ (void)algo;
+
+ *retfactors = NULL; /* We don't return them. */
+
+ deriveparms = (genparms?
+ gcry_sexp_find_token (genparms, "derive-parms", 0) : NULL);
+ if (!deriveparms)
+ {
+ /* Parse the optional "use-x931" flag. */
+ l1 = gcry_sexp_find_token (genparms, "use-x931", 0);
+ if (l1)
+ {
+ use_x931 = 1;
+ gcry_sexp_release (l1);
+ }
+ }
+
+ if (deriveparms || use_x931 || fips_mode ())
+ {
+ int swapped;
+ ec = generate_x931 (&sk, nbits, evalue, deriveparms, &swapped);
+ gcry_sexp_release (deriveparms);
+ if (!ec && r_extrainfo && swapped)
+ {
+ ec = gcry_sexp_new (r_extrainfo,
+ "(misc-key-info(p-q-swapped))", 0, 1);
+ if (ec)
+ {
+ gcry_mpi_release (sk.n); sk.n = NULL;
+ gcry_mpi_release (sk.e); sk.e = NULL;
+ gcry_mpi_release (sk.p); sk.p = NULL;
+ gcry_mpi_release (sk.q); sk.q = NULL;
+ gcry_mpi_release (sk.d); sk.d = NULL;
+ gcry_mpi_release (sk.u); sk.u = NULL;
+ }
+ }
+ }
+ else
+ {
+ /* Parse the optional "transient-key" flag. */
+ l1 = gcry_sexp_find_token (genparms, "transient-key", 0);
+ if (l1)
+ {
+ transient_key = 1;
+ gcry_sexp_release (l1);
+ }
+ /* Generate. */
+ ec = generate_std (&sk, nbits, evalue, transient_key);
+ }
+
+ if (!ec)
+ {
+ skey[0] = sk.n;
+ skey[1] = sk.e;
+ skey[2] = sk.d;
+ skey[3] = sk.p;
+ skey[4] = sk.q;
+ skey[5] = sk.u;
+ }
+
+ return ec;
+}
+
+
+static gcry_err_code_t
+rsa_generate (int algo, unsigned int nbits, unsigned long evalue,
+ gcry_mpi_t *skey, gcry_mpi_t **retfactors)
+{
+ return rsa_generate_ext (algo, nbits, evalue, NULL, skey, retfactors, NULL);
+}
+
+
+static gcry_err_code_t
+rsa_check_secret_key (int algo, gcry_mpi_t *skey)
+{
+ gcry_err_code_t err = GPG_ERR_NO_ERROR;
+ RSA_secret_key sk;
+
+ (void)algo;
+
+ sk.n = skey[0];
+ sk.e = skey[1];
+ sk.d = skey[2];
+ sk.p = skey[3];
+ sk.q = skey[4];
+ sk.u = skey[5];
+
+ if (!sk.p || !sk.q || !sk.u)
+ err = GPG_ERR_NO_OBJ; /* To check the key we need the optional
+ parameters. */
+ else if (!check_secret_key (&sk))
+ err = GPG_ERR_PUBKEY_ALGO;
+
+ return err;
+}
+
+
+static gcry_err_code_t
+rsa_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,
+ gcry_mpi_t *pkey, int flags)
+{
+ RSA_public_key pk;
+
+ (void)algo;
+ (void)flags;
+
+ pk.n = pkey[0];
+ pk.e = pkey[1];
+ resarr[0] = mpi_alloc (mpi_get_nlimbs (pk.n));
+ public (resarr[0], data, &pk);
+
+ return GPG_ERR_NO_ERROR;
+}
+
+
+static gcry_err_code_t
+rsa_decrypt (int algo, gcry_mpi_t *result, gcry_mpi_t *data,
+ gcry_mpi_t *skey, int flags)
+{
+ RSA_secret_key sk;
+ gcry_mpi_t r = MPI_NULL; /* Random number needed for blinding. */
+ gcry_mpi_t ri = MPI_NULL; /* Modular multiplicative inverse of
+ r. */
+ gcry_mpi_t x = MPI_NULL; /* Data to decrypt. */
+ gcry_mpi_t y; /* Result. */
+
+ (void)algo;
+
+ /* Extract private key. */
+ sk.n = skey[0];
+ sk.e = skey[1];
+ sk.d = skey[2];
+ sk.p = skey[3]; /* Optional. */
+ sk.q = skey[4]; /* Optional. */
+ sk.u = skey[5]; /* Optional. */
+
+ y = gcry_mpi_snew (gcry_mpi_get_nbits (sk.n));
+
+ /* We use blinding by default to mitigate timing attacks which can
+ be practically mounted over the network as shown by Brumley and
+ Boney in 2003. */
+ if (! (flags & PUBKEY_FLAG_NO_BLINDING))
+ {
+ /* Initialize blinding. */
+
+ /* First, we need a random number r between 0 and n - 1, which
+ is relatively prime to n (i.e. it is neither p nor q). The
+ random number needs to be only unpredictable, thus we employ
+ the gcry_create_nonce function by using GCRY_WEAK_RANDOM with
+ gcry_mpi_randomize. */
+ r = gcry_mpi_snew (gcry_mpi_get_nbits (sk.n));
+ ri = gcry_mpi_snew (gcry_mpi_get_nbits (sk.n));
+
+ gcry_mpi_randomize (r, gcry_mpi_get_nbits (sk.n), GCRY_WEAK_RANDOM);
+ gcry_mpi_mod (r, r, sk.n);
+
+ /* Calculate inverse of r. It practically impossible that the
+ follwing test fails, thus we do not add code to release
+ allocated resources. */
+ if (!gcry_mpi_invm (ri, r, sk.n))
+ return GPG_ERR_INTERNAL;
+ }
+
+ if (! (flags & PUBKEY_FLAG_NO_BLINDING))
+ x = rsa_blind (data[0], r, sk.e, sk.n);
+ else
+ x = data[0];
+
+ /* Do the encryption. */
+ secret (y, x, &sk);
+
+ if (! (flags & PUBKEY_FLAG_NO_BLINDING))
+ {
+ /* Undo blinding. */
+ gcry_mpi_t a = gcry_mpi_copy (y);
+
+ gcry_mpi_release (y);
+ y = rsa_unblind (a, ri, sk.n);
+
+ gcry_mpi_release (a);
+ }
+
+ if (! (flags & PUBKEY_FLAG_NO_BLINDING))
+ {
+ /* Deallocate resources needed for blinding. */
+ gcry_mpi_release (x);
+ gcry_mpi_release (r);
+ gcry_mpi_release (ri);
+ }
+
+ /* Copy out result. */
+ *result = y;
+
+ return GPG_ERR_NO_ERROR;
+}
+
+
+static gcry_err_code_t
+rsa_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey)
+{
+ RSA_secret_key sk;
+
+ (void)algo;
+
+ sk.n = skey[0];
+ sk.e = skey[1];
+ sk.d = skey[2];
+ sk.p = skey[3];
+ sk.q = skey[4];
+ sk.u = skey[5];
+ resarr[0] = mpi_alloc( mpi_get_nlimbs (sk.n));
+ secret (resarr[0], data, &sk);
+
+ return GPG_ERR_NO_ERROR;
+}
+
+
+static gcry_err_code_t
+rsa_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey,
+ int (*cmp) (void *opaque, gcry_mpi_t tmp),
+ void *opaquev)
+{
+ RSA_public_key pk;
+ gcry_mpi_t result;
+ gcry_err_code_t rc;
+
+ (void)algo;
+ (void)cmp;
+ (void)opaquev;
+
+ pk.n = pkey[0];
+ pk.e = pkey[1];
+ result = gcry_mpi_new ( 160 );
+ public( result, data[0], &pk );
+#ifdef IS_DEVELOPMENT_VERSION
+ if (DBG_CIPHER)
+ {
+ log_mpidump ("rsa verify result:", result );
+ log_mpidump (" hash:", hash );
+ }
+#endif /*IS_DEVELOPMENT_VERSION*/
+ /*rc = (*cmp)( opaquev, result );*/
+ rc = mpi_cmp (result, hash) ? GPG_ERR_BAD_SIGNATURE : GPG_ERR_NO_ERROR;
+ gcry_mpi_release (result);
+
+ return rc;
+}
+
+
+static unsigned int
+rsa_get_nbits (int algo, gcry_mpi_t *pkey)
+{
+ (void)algo;
+
+ return mpi_get_nbits (pkey[0]);
+}
+
+
+/* Compute a keygrip. MD is the hash context which we are going to
+ update. KEYPARAM is an S-expression with the key parameters, this
+ is usually a public key but may also be a secret key. An example
+ of such an S-expression is:
+
+ (rsa
+ (n #00B...#)
+ (e #010001#))
+
+ PKCS-15 says that for RSA only the modulus should be hashed -
+ however, it is not clear wether this is meant to use the raw bytes
+ (assuming this is an unsigned integer) or whether the DER required
+ 0 should be prefixed. We hash the raw bytes. */
+static gpg_err_code_t
+compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparam)
+{
+ gcry_sexp_t l1;
+ const char *data;
+ size_t datalen;
+
+ l1 = gcry_sexp_find_token (keyparam, "n", 1);
+ if (!l1)
+ return GPG_ERR_NO_OBJ;
+
+ data = gcry_sexp_nth_data (l1, 1, &datalen);
+ if (!data)
+ {
+ gcry_sexp_release (l1);
+ return GPG_ERR_NO_OBJ;
+ }
+
+ gcry_md_write (md, data, datalen);
+ gcry_sexp_release (l1);
+
+ return 0;
+}
+
+
+
+
+/*
+ Self-test section.
+ */
+
+static const char *
+selftest_sign_1024 (gcry_sexp_t pkey, gcry_sexp_t skey)
+{
+ static const char sample_data[] =
+ "(data (flags pkcs1)"
+ " (hash sha1 #11223344556677889900aabbccddeeff10203040#))";
+ static const char sample_data_bad[] =
+ "(data (flags pkcs1)"
+ " (hash sha1 #11223344556677889900aabbccddeeff80203040#))";
+
+ const char *errtxt = NULL;
+ gcry_error_t err;
+ gcry_sexp_t data = NULL;
+ gcry_sexp_t data_bad = NULL;
+ gcry_sexp_t sig = NULL;
+
+ err = gcry_sexp_sscan (&data, NULL,
+ sample_data, strlen (sample_data));
+ if (!err)
+ err = gcry_sexp_sscan (&data_bad, NULL,
+ sample_data_bad, strlen (sample_data_bad));
+ if (err)
+ {
+ errtxt = "converting data failed";
+ goto leave;
+ }
+
+ err = gcry_pk_sign (&sig, data, skey);
+ if (err)
+ {
+ errtxt = "signing failed";
+ goto leave;
+ }
+ err = gcry_pk_verify (sig, data, pkey);
+ if (err)
+ {
+ errtxt = "verify failed";
+ goto leave;
+ }
+ err = gcry_pk_verify (sig, data_bad, pkey);
+ if (gcry_err_code (err) != GPG_ERR_BAD_SIGNATURE)
+ {
+ errtxt = "bad signature not detected";
+ goto leave;
+ }
+
+
+ leave:
+ gcry_sexp_release (sig);
+ gcry_sexp_release (data_bad);
+ gcry_sexp_release (data);
+ return errtxt;
+}
+
+
+
+/* Given an S-expression ENCR_DATA of the form:
+
+ (enc-val
+ (rsa
+ (a a-value)))
+
+ as returned by gcry_pk_decrypt, return the the A-VALUE. On error,
+ return NULL. */
+static gcry_mpi_t
+extract_a_from_sexp (gcry_sexp_t encr_data)
+{
+ gcry_sexp_t l1, l2, l3;
+ gcry_mpi_t a_value;
+
+ l1 = gcry_sexp_find_token (encr_data, "enc-val", 0);
+ if (!l1)
+ return NULL;
+ l2 = gcry_sexp_find_token (l1, "rsa", 0);
+ gcry_sexp_release (l1);
+ if (!l2)
+ return NULL;
+ l3 = gcry_sexp_find_token (l2, "a", 0);
+ gcry_sexp_release (l2);
+ if (!l3)
+ return NULL;
+ a_value = gcry_sexp_nth_mpi (l3, 1, 0);
+ gcry_sexp_release (l3);
+
+ return a_value;
+}
+
+
+static const char *
+selftest_encr_1024 (gcry_sexp_t pkey, gcry_sexp_t skey)
+{
+ const char *errtxt = NULL;
+ gcry_error_t err;
+ const unsigned int nbits = 1000; /* Encrypt 1000 random bits. */
+ gcry_mpi_t plaintext = NULL;
+ gcry_sexp_t plain = NULL;
+ gcry_sexp_t encr = NULL;
+ gcry_mpi_t ciphertext = NULL;
+ gcry_sexp_t decr = NULL;
+ gcry_mpi_t decr_plaintext = NULL;
+ gcry_sexp_t tmplist = NULL;
+
+ /* Create plaintext. The plaintext is actually a big integer number. */
+ plaintext = gcry_mpi_new (nbits);
+ gcry_mpi_randomize (plaintext, nbits, GCRY_WEAK_RANDOM);
+
+ /* Put the plaintext into an S-expression. */
+ err = gcry_sexp_build (&plain, NULL,
+ "(data (flags raw) (value %m))", plaintext);
+ if (err)
+ {
+ errtxt = "converting data failed";
+ goto leave;
+ }
+
+ /* Encrypt. */
+ err = gcry_pk_encrypt (&encr, plain, pkey);
+ if (err)
+ {
+ errtxt = "encrypt failed";
+ goto leave;
+ }
+
+ /* Extraxt the ciphertext from the returned S-expression. */
+ /*gcry_sexp_dump (encr);*/
+ ciphertext = extract_a_from_sexp (encr);
+ if (!ciphertext)
+ {
+ errtxt = "gcry_pk_decrypt returned garbage";
+ goto leave;
+ }
+
+ /* Check that the ciphertext does no match the plaintext. */
+ /* _gcry_log_mpidump ("plaintext", plaintext); */
+ /* _gcry_log_mpidump ("ciphertxt", ciphertext); */
+ if (!gcry_mpi_cmp (plaintext, ciphertext))
+ {
+ errtxt = "ciphertext matches plaintext";
+ goto leave;
+ }
+
+ /* Decrypt. */
+ err = gcry_pk_decrypt (&decr, encr, skey);
+ if (err)
+ {
+ errtxt = "decrypt failed";
+ goto leave;
+ }
+
+ /* Extract the decrypted data from the S-expression. Note that the
+ output of gcry_pk_decrypt depends on whether a flags lists occurs
+ in its input data. Because we passed the output of
+ gcry_pk_encrypt directly to gcry_pk_decrypt, such a flag value
+ won't be there as of today. To be prepared for future changes we
+ take care of it anyway. */
+ tmplist = gcry_sexp_find_token (decr, "value", 0);
+ if (tmplist)
+ decr_plaintext = gcry_sexp_nth_mpi (tmplist, 1, GCRYMPI_FMT_USG);
+ else
+ decr_plaintext = gcry_sexp_nth_mpi (decr, 0, GCRYMPI_FMT_USG);
+ if (!decr_plaintext)
+ {
+ errtxt = "decrypt returned no plaintext";
+ goto leave;
+ }
+
+ /* Check that the decrypted plaintext matches the original plaintext. */
+ if (gcry_mpi_cmp (plaintext, decr_plaintext))
+ {
+ errtxt = "mismatch";
+ goto leave;
+ }
+
+ leave:
+ gcry_sexp_release (tmplist);
+ gcry_mpi_release (decr_plaintext);
+ gcry_sexp_release (decr);
+ gcry_mpi_release (ciphertext);
+ gcry_sexp_release (encr);
+ gcry_sexp_release (plain);
+ gcry_mpi_release (plaintext);
+ return errtxt;
+}
+
+
+static gpg_err_code_t
+selftests_rsa (selftest_report_func_t report)
+{
+ const char *what;
+ const char *errtxt;
+ gcry_error_t err;
+ gcry_sexp_t skey = NULL;
+ gcry_sexp_t pkey = NULL;
+
+ /* Convert the S-expressions into the internal representation. */
+ what = "convert";
+ err = gcry_sexp_sscan (&skey, NULL,
+ sample_secret_key, strlen (sample_secret_key));
+ if (!err)
+ err = gcry_sexp_sscan (&pkey, NULL,
+ sample_public_key, strlen (sample_public_key));
+ if (err)
+ {
+ errtxt = gcry_strerror (err);
+ goto failed;
+ }
+
+ what = "key consistency";
+ err = gcry_pk_testkey (skey);
+ if (err)
+ {
+ errtxt = gcry_strerror (err);
+ goto failed;
+ }
+
+ what = "sign";
+ errtxt = selftest_sign_1024 (pkey, skey);
+ if (errtxt)
+ goto failed;
+
+ what = "encrypt";
+ errtxt = selftest_encr_1024 (pkey, skey);
+ if (errtxt)
+ goto failed;
+
+ gcry_sexp_release (pkey);
+ gcry_sexp_release (skey);
+ return 0; /* Succeeded. */
+
+ failed:
+ gcry_sexp_release (pkey);
+ gcry_sexp_release (skey);
+ if (report)
+ report ("pubkey", GCRY_PK_RSA, what, errtxt);
+ return GPG_ERR_SELFTEST_FAILED;
+}
+
+
+/* Run a full self-test for ALGO and return 0 on success. */
+static gpg_err_code_t
+run_selftests (int algo, int extended, selftest_report_func_t report)
+{
+ gpg_err_code_t ec;
+
+ (void)extended;
+
+ switch (algo)
+ {
+ case GCRY_PK_RSA:
+ ec = selftests_rsa (report);
+ break;
+ default:
+ ec = GPG_ERR_PUBKEY_ALGO;
+ break;
+
+ }
+ return ec;
+}
+
+
+
+
+static const char *rsa_names[] =
+ {
+ "rsa",
+ "openpgp-rsa",
+ "oid.1.2.840.113549.1.1.1",
+ NULL,
+ };
+
+gcry_pk_spec_t _gcry_pubkey_spec_rsa =
+ {
+ "RSA", rsa_names,
+ "ne", "nedpqu", "a", "s", "n",
+ GCRY_PK_USAGE_SIGN | GCRY_PK_USAGE_ENCR,
+ rsa_generate,
+ rsa_check_secret_key,
+ rsa_encrypt,
+ rsa_decrypt,
+ rsa_sign,
+ rsa_verify,
+ rsa_get_nbits,
+ };
+pk_extra_spec_t _gcry_pubkey_extraspec_rsa =
+ {
+ run_selftests,
+ rsa_generate_ext,
+ compute_keygrip
+ };
+
diff --git a/grub-core/lib/libgcrypt/cipher/seed.c b/grub-core/lib/libgcrypt/cipher/seed.c
new file mode 100644
index 0000000..b0980d6
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/seed.c
@@ -0,0 +1,478 @@
+/* SEED for libgcrypt
+ * Copyright (C) 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ *
+ * --
+ * This implementation was provided for libgcrypt in public domain
+ * by Hye-Shik Chang <perky@FreeBSD.org>, July 2006.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "types.h" /* for byte and u32 typedefs */
+#include "g10lib.h"
+#include "cipher.h"
+
+#define NUMKC 16
+
+#define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ \
+ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3]))
+#define PUTU32(ct, st) { (ct)[0] = (byte)((st) >> 24); \
+ (ct)[1] = (byte)((st) >> 16); \
+ (ct)[2] = (byte)((st) >> 8); \
+ (ct)[3] = (byte)(st); }
+
+union wordbuf
+{
+ u32 w;
+ byte b[4];
+};
+
+#ifdef WORDS_BIGENDIAN
+#define b0 b[3]
+#define b1 b[2]
+#define b2 b[1]
+#define b3 b[0]
+#else
+#define b0 b[0]
+#define b1 b[1]
+#define b2 b[2]
+#define b3 b[3]
+#endif
+
+static const char *selftest(void);
+
+typedef struct
+{
+ u32 keyschedule[32];
+} SEED_context;
+
+static const u32 SS0[256] = {
+ 0x2989a1a8, 0x05858184, 0x16c6d2d4, 0x13c3d3d0, 0x14445054, 0x1d0d111c,
+ 0x2c8ca0ac, 0x25052124, 0x1d4d515c, 0x03434340, 0x18081018, 0x1e0e121c,
+ 0x11415150, 0x3cccf0fc, 0x0acac2c8, 0x23436360, 0x28082028, 0x04444044,
+ 0x20002020, 0x1d8d919c, 0x20c0e0e0, 0x22c2e2e0, 0x08c8c0c8, 0x17071314,
+ 0x2585a1a4, 0x0f8f838c, 0x03030300, 0x3b4b7378, 0x3b8bb3b8, 0x13031310,
+ 0x12c2d2d0, 0x2ecee2ec, 0x30407070, 0x0c8c808c, 0x3f0f333c, 0x2888a0a8,
+ 0x32023230, 0x1dcdd1dc, 0x36c6f2f4, 0x34447074, 0x2ccce0ec, 0x15859194,
+ 0x0b0b0308, 0x17475354, 0x1c4c505c, 0x1b4b5358, 0x3d8db1bc, 0x01010100,
+ 0x24042024, 0x1c0c101c, 0x33437370, 0x18889098, 0x10001010, 0x0cccc0cc,
+ 0x32c2f2f0, 0x19c9d1d8, 0x2c0c202c, 0x27c7e3e4, 0x32427270, 0x03838380,
+ 0x1b8b9398, 0x11c1d1d0, 0x06868284, 0x09c9c1c8, 0x20406060, 0x10405050,
+ 0x2383a3a0, 0x2bcbe3e8, 0x0d0d010c, 0x3686b2b4, 0x1e8e929c, 0x0f4f434c,
+ 0x3787b3b4, 0x1a4a5258, 0x06c6c2c4, 0x38487078, 0x2686a2a4, 0x12021210,
+ 0x2f8fa3ac, 0x15c5d1d4, 0x21416160, 0x03c3c3c0, 0x3484b0b4, 0x01414140,
+ 0x12425250, 0x3d4d717c, 0x0d8d818c, 0x08080008, 0x1f0f131c, 0x19899198,
+ 0x00000000, 0x19091118, 0x04040004, 0x13435350, 0x37c7f3f4, 0x21c1e1e0,
+ 0x3dcdf1fc, 0x36467274, 0x2f0f232c, 0x27072324, 0x3080b0b0, 0x0b8b8388,
+ 0x0e0e020c, 0x2b8ba3a8, 0x2282a2a0, 0x2e4e626c, 0x13839390, 0x0d4d414c,
+ 0x29496168, 0x3c4c707c, 0x09090108, 0x0a0a0208, 0x3f8fb3bc, 0x2fcfe3ec,
+ 0x33c3f3f0, 0x05c5c1c4, 0x07878384, 0x14041014, 0x3ecef2fc, 0x24446064,
+ 0x1eced2dc, 0x2e0e222c, 0x0b4b4348, 0x1a0a1218, 0x06060204, 0x21012120,
+ 0x2b4b6368, 0x26466264, 0x02020200, 0x35c5f1f4, 0x12829290, 0x0a8a8288,
+ 0x0c0c000c, 0x3383b3b0, 0x3e4e727c, 0x10c0d0d0, 0x3a4a7278, 0x07474344,
+ 0x16869294, 0x25c5e1e4, 0x26062224, 0x00808080, 0x2d8da1ac, 0x1fcfd3dc,
+ 0x2181a1a0, 0x30003030, 0x37073334, 0x2e8ea2ac, 0x36063234, 0x15051114,
+ 0x22022220, 0x38083038, 0x34c4f0f4, 0x2787a3a4, 0x05454144, 0x0c4c404c,
+ 0x01818180, 0x29c9e1e8, 0x04848084, 0x17879394, 0x35053134, 0x0bcbc3c8,
+ 0x0ecec2cc, 0x3c0c303c, 0x31417170, 0x11011110, 0x07c7c3c4, 0x09898188,
+ 0x35457174, 0x3bcbf3f8, 0x1acad2d8, 0x38c8f0f8, 0x14849094, 0x19495158,
+ 0x02828280, 0x04c4c0c4, 0x3fcff3fc, 0x09494148, 0x39093138, 0x27476364,
+ 0x00c0c0c0, 0x0fcfc3cc, 0x17c7d3d4, 0x3888b0b8, 0x0f0f030c, 0x0e8e828c,
+ 0x02424240, 0x23032320, 0x11819190, 0x2c4c606c, 0x1bcbd3d8, 0x2484a0a4,
+ 0x34043034, 0x31c1f1f0, 0x08484048, 0x02c2c2c0, 0x2f4f636c, 0x3d0d313c,
+ 0x2d0d212c, 0x00404040, 0x3e8eb2bc, 0x3e0e323c, 0x3c8cb0bc, 0x01c1c1c0,
+ 0x2a8aa2a8, 0x3a8ab2b8, 0x0e4e424c, 0x15455154, 0x3b0b3338, 0x1cccd0dc,
+ 0x28486068, 0x3f4f737c, 0x1c8c909c, 0x18c8d0d8, 0x0a4a4248, 0x16465254,
+ 0x37477374, 0x2080a0a0, 0x2dcde1ec, 0x06464244, 0x3585b1b4, 0x2b0b2328,
+ 0x25456164, 0x3acaf2f8, 0x23c3e3e0, 0x3989b1b8, 0x3181b1b0, 0x1f8f939c,
+ 0x1e4e525c, 0x39c9f1f8, 0x26c6e2e4, 0x3282b2b0, 0x31013130, 0x2acae2e8,
+ 0x2d4d616c, 0x1f4f535c, 0x24c4e0e4, 0x30c0f0f0, 0x0dcdc1cc, 0x08888088,
+ 0x16061214, 0x3a0a3238, 0x18485058, 0x14c4d0d4, 0x22426260, 0x29092128,
+ 0x07070304, 0x33033330, 0x28c8e0e8, 0x1b0b1318, 0x05050104, 0x39497178,
+ 0x10809090, 0x2a4a6268, 0x2a0a2228, 0x1a8a9298,
+};
+
+static const u32 SS1[256] = {
+ 0x38380830, 0xe828c8e0, 0x2c2d0d21, 0xa42686a2, 0xcc0fcfc3, 0xdc1eced2,
+ 0xb03383b3, 0xb83888b0, 0xac2f8fa3, 0x60204060, 0x54154551, 0xc407c7c3,
+ 0x44044440, 0x6c2f4f63, 0x682b4b63, 0x581b4b53, 0xc003c3c3, 0x60224262,
+ 0x30330333, 0xb43585b1, 0x28290921, 0xa02080a0, 0xe022c2e2, 0xa42787a3,
+ 0xd013c3d3, 0x90118191, 0x10110111, 0x04060602, 0x1c1c0c10, 0xbc3c8cb0,
+ 0x34360632, 0x480b4b43, 0xec2fcfe3, 0x88088880, 0x6c2c4c60, 0xa82888a0,
+ 0x14170713, 0xc404c4c0, 0x14160612, 0xf434c4f0, 0xc002c2c2, 0x44054541,
+ 0xe021c1e1, 0xd416c6d2, 0x3c3f0f33, 0x3c3d0d31, 0x8c0e8e82, 0x98188890,
+ 0x28280820, 0x4c0e4e42, 0xf436c6f2, 0x3c3e0e32, 0xa42585a1, 0xf839c9f1,
+ 0x0c0d0d01, 0xdc1fcfd3, 0xd818c8d0, 0x282b0b23, 0x64264662, 0x783a4a72,
+ 0x24270723, 0x2c2f0f23, 0xf031c1f1, 0x70324272, 0x40024242, 0xd414c4d0,
+ 0x40014141, 0xc000c0c0, 0x70334373, 0x64274763, 0xac2c8ca0, 0x880b8b83,
+ 0xf437c7f3, 0xac2d8da1, 0x80008080, 0x1c1f0f13, 0xc80acac2, 0x2c2c0c20,
+ 0xa82a8aa2, 0x34340430, 0xd012c2d2, 0x080b0b03, 0xec2ecee2, 0xe829c9e1,
+ 0x5c1d4d51, 0x94148490, 0x18180810, 0xf838c8f0, 0x54174753, 0xac2e8ea2,
+ 0x08080800, 0xc405c5c1, 0x10130313, 0xcc0dcdc1, 0x84068682, 0xb83989b1,
+ 0xfc3fcff3, 0x7c3d4d71, 0xc001c1c1, 0x30310131, 0xf435c5f1, 0x880a8a82,
+ 0x682a4a62, 0xb03181b1, 0xd011c1d1, 0x20200020, 0xd417c7d3, 0x00020202,
+ 0x20220222, 0x04040400, 0x68284860, 0x70314171, 0x04070703, 0xd81bcbd3,
+ 0x9c1d8d91, 0x98198991, 0x60214161, 0xbc3e8eb2, 0xe426c6e2, 0x58194951,
+ 0xdc1dcdd1, 0x50114151, 0x90108090, 0xdc1cccd0, 0x981a8a92, 0xa02383a3,
+ 0xa82b8ba3, 0xd010c0d0, 0x80018181, 0x0c0f0f03, 0x44074743, 0x181a0a12,
+ 0xe023c3e3, 0xec2ccce0, 0x8c0d8d81, 0xbc3f8fb3, 0x94168692, 0x783b4b73,
+ 0x5c1c4c50, 0xa02282a2, 0xa02181a1, 0x60234363, 0x20230323, 0x4c0d4d41,
+ 0xc808c8c0, 0x9c1e8e92, 0x9c1c8c90, 0x383a0a32, 0x0c0c0c00, 0x2c2e0e22,
+ 0xb83a8ab2, 0x6c2e4e62, 0x9c1f8f93, 0x581a4a52, 0xf032c2f2, 0x90128292,
+ 0xf033c3f3, 0x48094941, 0x78384870, 0xcc0cccc0, 0x14150511, 0xf83bcbf3,
+ 0x70304070, 0x74354571, 0x7c3f4f73, 0x34350531, 0x10100010, 0x00030303,
+ 0x64244460, 0x6c2d4d61, 0xc406c6c2, 0x74344470, 0xd415c5d1, 0xb43484b0,
+ 0xe82acae2, 0x08090901, 0x74364672, 0x18190911, 0xfc3ecef2, 0x40004040,
+ 0x10120212, 0xe020c0e0, 0xbc3d8db1, 0x04050501, 0xf83acaf2, 0x00010101,
+ 0xf030c0f0, 0x282a0a22, 0x5c1e4e52, 0xa82989a1, 0x54164652, 0x40034343,
+ 0x84058581, 0x14140410, 0x88098981, 0x981b8b93, 0xb03080b0, 0xe425c5e1,
+ 0x48084840, 0x78394971, 0x94178793, 0xfc3cccf0, 0x1c1e0e12, 0x80028282,
+ 0x20210121, 0x8c0c8c80, 0x181b0b13, 0x5c1f4f53, 0x74374773, 0x54144450,
+ 0xb03282b2, 0x1c1d0d11, 0x24250521, 0x4c0f4f43, 0x00000000, 0x44064642,
+ 0xec2dcde1, 0x58184850, 0x50124252, 0xe82bcbe3, 0x7c3e4e72, 0xd81acad2,
+ 0xc809c9c1, 0xfc3dcdf1, 0x30300030, 0x94158591, 0x64254561, 0x3c3c0c30,
+ 0xb43686b2, 0xe424c4e0, 0xb83b8bb3, 0x7c3c4c70, 0x0c0e0e02, 0x50104050,
+ 0x38390931, 0x24260622, 0x30320232, 0x84048480, 0x68294961, 0x90138393,
+ 0x34370733, 0xe427c7e3, 0x24240420, 0xa42484a0, 0xc80bcbc3, 0x50134353,
+ 0x080a0a02, 0x84078783, 0xd819c9d1, 0x4c0c4c40, 0x80038383, 0x8c0f8f83,
+ 0xcc0ecec2, 0x383b0b33, 0x480a4a42, 0xb43787b3,
+};
+
+static const u32 SS2[256] = {
+ 0xa1a82989, 0x81840585, 0xd2d416c6, 0xd3d013c3, 0x50541444, 0x111c1d0d,
+ 0xa0ac2c8c, 0x21242505, 0x515c1d4d, 0x43400343, 0x10181808, 0x121c1e0e,
+ 0x51501141, 0xf0fc3ccc, 0xc2c80aca, 0x63602343, 0x20282808, 0x40440444,
+ 0x20202000, 0x919c1d8d, 0xe0e020c0, 0xe2e022c2, 0xc0c808c8, 0x13141707,
+ 0xa1a42585, 0x838c0f8f, 0x03000303, 0x73783b4b, 0xb3b83b8b, 0x13101303,
+ 0xd2d012c2, 0xe2ec2ece, 0x70703040, 0x808c0c8c, 0x333c3f0f, 0xa0a82888,
+ 0x32303202, 0xd1dc1dcd, 0xf2f436c6, 0x70743444, 0xe0ec2ccc, 0x91941585,
+ 0x03080b0b, 0x53541747, 0x505c1c4c, 0x53581b4b, 0xb1bc3d8d, 0x01000101,
+ 0x20242404, 0x101c1c0c, 0x73703343, 0x90981888, 0x10101000, 0xc0cc0ccc,
+ 0xf2f032c2, 0xd1d819c9, 0x202c2c0c, 0xe3e427c7, 0x72703242, 0x83800383,
+ 0x93981b8b, 0xd1d011c1, 0x82840686, 0xc1c809c9, 0x60602040, 0x50501040,
+ 0xa3a02383, 0xe3e82bcb, 0x010c0d0d, 0xb2b43686, 0x929c1e8e, 0x434c0f4f,
+ 0xb3b43787, 0x52581a4a, 0xc2c406c6, 0x70783848, 0xa2a42686, 0x12101202,
+ 0xa3ac2f8f, 0xd1d415c5, 0x61602141, 0xc3c003c3, 0xb0b43484, 0x41400141,
+ 0x52501242, 0x717c3d4d, 0x818c0d8d, 0x00080808, 0x131c1f0f, 0x91981989,
+ 0x00000000, 0x11181909, 0x00040404, 0x53501343, 0xf3f437c7, 0xe1e021c1,
+ 0xf1fc3dcd, 0x72743646, 0x232c2f0f, 0x23242707, 0xb0b03080, 0x83880b8b,
+ 0x020c0e0e, 0xa3a82b8b, 0xa2a02282, 0x626c2e4e, 0x93901383, 0x414c0d4d,
+ 0x61682949, 0x707c3c4c, 0x01080909, 0x02080a0a, 0xb3bc3f8f, 0xe3ec2fcf,
+ 0xf3f033c3, 0xc1c405c5, 0x83840787, 0x10141404, 0xf2fc3ece, 0x60642444,
+ 0xd2dc1ece, 0x222c2e0e, 0x43480b4b, 0x12181a0a, 0x02040606, 0x21202101,
+ 0x63682b4b, 0x62642646, 0x02000202, 0xf1f435c5, 0x92901282, 0x82880a8a,
+ 0x000c0c0c, 0xb3b03383, 0x727c3e4e, 0xd0d010c0, 0x72783a4a, 0x43440747,
+ 0x92941686, 0xe1e425c5, 0x22242606, 0x80800080, 0xa1ac2d8d, 0xd3dc1fcf,
+ 0xa1a02181, 0x30303000, 0x33343707, 0xa2ac2e8e, 0x32343606, 0x11141505,
+ 0x22202202, 0x30383808, 0xf0f434c4, 0xa3a42787, 0x41440545, 0x404c0c4c,
+ 0x81800181, 0xe1e829c9, 0x80840484, 0x93941787, 0x31343505, 0xc3c80bcb,
+ 0xc2cc0ece, 0x303c3c0c, 0x71703141, 0x11101101, 0xc3c407c7, 0x81880989,
+ 0x71743545, 0xf3f83bcb, 0xd2d81aca, 0xf0f838c8, 0x90941484, 0x51581949,
+ 0x82800282, 0xc0c404c4, 0xf3fc3fcf, 0x41480949, 0x31383909, 0x63642747,
+ 0xc0c000c0, 0xc3cc0fcf, 0xd3d417c7, 0xb0b83888, 0x030c0f0f, 0x828c0e8e,
+ 0x42400242, 0x23202303, 0x91901181, 0x606c2c4c, 0xd3d81bcb, 0xa0a42484,
+ 0x30343404, 0xf1f031c1, 0x40480848, 0xc2c002c2, 0x636c2f4f, 0x313c3d0d,
+ 0x212c2d0d, 0x40400040, 0xb2bc3e8e, 0x323c3e0e, 0xb0bc3c8c, 0xc1c001c1,
+ 0xa2a82a8a, 0xb2b83a8a, 0x424c0e4e, 0x51541545, 0x33383b0b, 0xd0dc1ccc,
+ 0x60682848, 0x737c3f4f, 0x909c1c8c, 0xd0d818c8, 0x42480a4a, 0x52541646,
+ 0x73743747, 0xa0a02080, 0xe1ec2dcd, 0x42440646, 0xb1b43585, 0x23282b0b,
+ 0x61642545, 0xf2f83aca, 0xe3e023c3, 0xb1b83989, 0xb1b03181, 0x939c1f8f,
+ 0x525c1e4e, 0xf1f839c9, 0xe2e426c6, 0xb2b03282, 0x31303101, 0xe2e82aca,
+ 0x616c2d4d, 0x535c1f4f, 0xe0e424c4, 0xf0f030c0, 0xc1cc0dcd, 0x80880888,
+ 0x12141606, 0x32383a0a, 0x50581848, 0xd0d414c4, 0x62602242, 0x21282909,
+ 0x03040707, 0x33303303, 0xe0e828c8, 0x13181b0b, 0x01040505, 0x71783949,
+ 0x90901080, 0x62682a4a, 0x22282a0a, 0x92981a8a,
+};
+
+static const u32 SS3[256] = {
+ 0x08303838, 0xc8e0e828, 0x0d212c2d, 0x86a2a426, 0xcfc3cc0f, 0xced2dc1e,
+ 0x83b3b033, 0x88b0b838, 0x8fa3ac2f, 0x40606020, 0x45515415, 0xc7c3c407,
+ 0x44404404, 0x4f636c2f, 0x4b63682b, 0x4b53581b, 0xc3c3c003, 0x42626022,
+ 0x03333033, 0x85b1b435, 0x09212829, 0x80a0a020, 0xc2e2e022, 0x87a3a427,
+ 0xc3d3d013, 0x81919011, 0x01111011, 0x06020406, 0x0c101c1c, 0x8cb0bc3c,
+ 0x06323436, 0x4b43480b, 0xcfe3ec2f, 0x88808808, 0x4c606c2c, 0x88a0a828,
+ 0x07131417, 0xc4c0c404, 0x06121416, 0xc4f0f434, 0xc2c2c002, 0x45414405,
+ 0xc1e1e021, 0xc6d2d416, 0x0f333c3f, 0x0d313c3d, 0x8e828c0e, 0x88909818,
+ 0x08202828, 0x4e424c0e, 0xc6f2f436, 0x0e323c3e, 0x85a1a425, 0xc9f1f839,
+ 0x0d010c0d, 0xcfd3dc1f, 0xc8d0d818, 0x0b23282b, 0x46626426, 0x4a72783a,
+ 0x07232427, 0x0f232c2f, 0xc1f1f031, 0x42727032, 0x42424002, 0xc4d0d414,
+ 0x41414001, 0xc0c0c000, 0x43737033, 0x47636427, 0x8ca0ac2c, 0x8b83880b,
+ 0xc7f3f437, 0x8da1ac2d, 0x80808000, 0x0f131c1f, 0xcac2c80a, 0x0c202c2c,
+ 0x8aa2a82a, 0x04303434, 0xc2d2d012, 0x0b03080b, 0xcee2ec2e, 0xc9e1e829,
+ 0x4d515c1d, 0x84909414, 0x08101818, 0xc8f0f838, 0x47535417, 0x8ea2ac2e,
+ 0x08000808, 0xc5c1c405, 0x03131013, 0xcdc1cc0d, 0x86828406, 0x89b1b839,
+ 0xcff3fc3f, 0x4d717c3d, 0xc1c1c001, 0x01313031, 0xc5f1f435, 0x8a82880a,
+ 0x4a62682a, 0x81b1b031, 0xc1d1d011, 0x00202020, 0xc7d3d417, 0x02020002,
+ 0x02222022, 0x04000404, 0x48606828, 0x41717031, 0x07030407, 0xcbd3d81b,
+ 0x8d919c1d, 0x89919819, 0x41616021, 0x8eb2bc3e, 0xc6e2e426, 0x49515819,
+ 0xcdd1dc1d, 0x41515011, 0x80909010, 0xccd0dc1c, 0x8a92981a, 0x83a3a023,
+ 0x8ba3a82b, 0xc0d0d010, 0x81818001, 0x0f030c0f, 0x47434407, 0x0a12181a,
+ 0xc3e3e023, 0xcce0ec2c, 0x8d818c0d, 0x8fb3bc3f, 0x86929416, 0x4b73783b,
+ 0x4c505c1c, 0x82a2a022, 0x81a1a021, 0x43636023, 0x03232023, 0x4d414c0d,
+ 0xc8c0c808, 0x8e929c1e, 0x8c909c1c, 0x0a32383a, 0x0c000c0c, 0x0e222c2e,
+ 0x8ab2b83a, 0x4e626c2e, 0x8f939c1f, 0x4a52581a, 0xc2f2f032, 0x82929012,
+ 0xc3f3f033, 0x49414809, 0x48707838, 0xccc0cc0c, 0x05111415, 0xcbf3f83b,
+ 0x40707030, 0x45717435, 0x4f737c3f, 0x05313435, 0x00101010, 0x03030003,
+ 0x44606424, 0x4d616c2d, 0xc6c2c406, 0x44707434, 0xc5d1d415, 0x84b0b434,
+ 0xcae2e82a, 0x09010809, 0x46727436, 0x09111819, 0xcef2fc3e, 0x40404000,
+ 0x02121012, 0xc0e0e020, 0x8db1bc3d, 0x05010405, 0xcaf2f83a, 0x01010001,
+ 0xc0f0f030, 0x0a22282a, 0x4e525c1e, 0x89a1a829, 0x46525416, 0x43434003,
+ 0x85818405, 0x04101414, 0x89818809, 0x8b93981b, 0x80b0b030, 0xc5e1e425,
+ 0x48404808, 0x49717839, 0x87939417, 0xccf0fc3c, 0x0e121c1e, 0x82828002,
+ 0x01212021, 0x8c808c0c, 0x0b13181b, 0x4f535c1f, 0x47737437, 0x44505414,
+ 0x82b2b032, 0x0d111c1d, 0x05212425, 0x4f434c0f, 0x00000000, 0x46424406,
+ 0xcde1ec2d, 0x48505818, 0x42525012, 0xcbe3e82b, 0x4e727c3e, 0xcad2d81a,
+ 0xc9c1c809, 0xcdf1fc3d, 0x00303030, 0x85919415, 0x45616425, 0x0c303c3c,
+ 0x86b2b436, 0xc4e0e424, 0x8bb3b83b, 0x4c707c3c, 0x0e020c0e, 0x40505010,
+ 0x09313839, 0x06222426, 0x02323032, 0x84808404, 0x49616829, 0x83939013,
+ 0x07333437, 0xc7e3e427, 0x04202424, 0x84a0a424, 0xcbc3c80b, 0x43535013,
+ 0x0a02080a, 0x87838407, 0xc9d1d819, 0x4c404c0c, 0x83838003, 0x8f838c0f,
+ 0xcec2cc0e, 0x0b33383b, 0x4a42480a, 0x87b3b437,
+};
+
+static const u32 KC[NUMKC] = {
+ 0x9e3779b9, 0x3c6ef373, 0x78dde6e6, 0xf1bbcdcc,
+ 0xe3779b99, 0xc6ef3733, 0x8dde6e67, 0x1bbcdccf,
+ 0x3779b99e, 0x6ef3733c, 0xdde6e678, 0xbbcdccf1,
+ 0x779b99e3, 0xef3733c6, 0xde6e678d, 0xbcdccf1b,
+};
+
+
+
+/* Perform the key setup.
+ */
+static gcry_err_code_t
+do_setkey (SEED_context *ctx, const byte *key, const unsigned keylen)
+{
+ static int initialized = 0;
+ static const char *selftest_failed=0;
+ u32 x1, x2, x3, x4;
+ union wordbuf t0, t1;
+ u32 *keyout = ctx->keyschedule;
+ int i;
+
+ if (!initialized)
+ {
+ initialized = 1;
+ selftest_failed = selftest ();
+ if( selftest_failed )
+ log_error ("%s\n", selftest_failed );
+ }
+ if (selftest_failed)
+ return GPG_ERR_SELFTEST_FAILED;
+
+ if (keylen != 16)
+ return GPG_ERR_INV_KEYLEN;
+
+ x1 = GETU32 (key);
+ x2 = GETU32 (key+4);
+ x3 = GETU32 (key+8);
+ x4 = GETU32 (key+12);
+
+ for (i = 0; i < NUMKC; i++)
+ {
+ t0.w = x1 + x3 - KC[i];
+ t1.w = x2 + KC[i] - x4;
+ *(keyout++) = SS0[t0.b0] ^ SS1[t0.b1] ^ SS2[t0.b2] ^ SS3[t0.b3];
+ *(keyout++) = SS0[t1.b0] ^ SS1[t1.b1] ^ SS2[t1.b2] ^ SS3[t1.b3];
+
+ if (i % 2 == 0)
+ {
+ t0.w = x1;
+ x1 = (x1>>8) ^ (x2<<24);
+ x2 = (x2>>8) ^ (t0.w<<24);
+ }
+ else
+ {
+ t0.w = x3;
+ x3 = (x3<<8) ^ (x4>>24);
+ x4 = (x4<<8) ^ (t0.w>>24);
+ }
+ }
+
+ return 0;
+}
+
+static gcry_err_code_t
+seed_setkey (void *context, const byte *key, const unsigned keylen)
+{
+ SEED_context *ctx = context;
+
+ int rc = do_setkey (ctx, key, keylen);
+ _gcry_burn_stack (4*6 + sizeof(void*)*2 + sizeof(int)*2);
+ return rc;
+}
+
+
+
+#define OP(X1, X2, X3, X4, rbase) \
+ t0.w = X3 ^ ctx->keyschedule[rbase]; \
+ t1.w = X4 ^ ctx->keyschedule[rbase+1]; \
+ t1.w ^= t0.w; \
+ t1.w = SS0[t1.b0] ^ SS1[t1.b1] ^ SS2[t1.b2] ^ SS3[t1.b3]; \
+ t0.w += t1.w; \
+ t0.w = SS0[t0.b0] ^ SS1[t0.b1] ^ SS2[t0.b2] ^ SS3[t0.b3]; \
+ t1.w += t0.w; \
+ t1.w = SS0[t1.b0] ^ SS1[t1.b1] ^ SS2[t1.b2] ^ SS3[t1.b3]; \
+ t0.w += t1.w; \
+ X1 ^= t0.w; \
+ X2 ^= t1.w;
+
+/* Encrypt one block. inbuf and outbuf may be the same. */
+static void
+do_encrypt (const SEED_context *ctx, byte *outbuf, const byte *inbuf)
+{
+ u32 x1, x2, x3, x4;
+ union wordbuf t0, t1;
+
+ x1 = GETU32 (inbuf);
+ x2 = GETU32 (inbuf+4);
+ x3 = GETU32 (inbuf+8);
+ x4 = GETU32 (inbuf+12);
+
+ OP (x1, x2, x3, x4, 0);
+ OP (x3, x4, x1, x2, 2);
+ OP (x1, x2, x3, x4, 4);
+ OP (x3, x4, x1, x2, 6);
+ OP (x1, x2, x3, x4, 8);
+ OP (x3, x4, x1, x2, 10);
+ OP (x1, x2, x3, x4, 12);
+ OP (x3, x4, x1, x2, 14);
+ OP (x1, x2, x3, x4, 16);
+ OP (x3, x4, x1, x2, 18);
+ OP (x1, x2, x3, x4, 20);
+ OP (x3, x4, x1, x2, 22);
+ OP (x1, x2, x3, x4, 24);
+ OP (x3, x4, x1, x2, 26);
+ OP (x1, x2, x3, x4, 28);
+ OP (x3, x4, x1, x2, 30);
+
+ PUTU32 (outbuf, x3);
+ PUTU32 (outbuf+4, x4);
+ PUTU32 (outbuf+8, x1);
+ PUTU32 (outbuf+12, x2);
+}
+
+static void
+seed_encrypt (void *context, byte *outbuf, const byte *inbuf)
+{
+ SEED_context *ctx = context;
+
+ do_encrypt (ctx, outbuf, inbuf);
+ _gcry_burn_stack (4*6);
+}
+
+
+
+/* Decrypt one block. inbuf and outbuf may be the same. */
+static void
+do_decrypt (SEED_context *ctx, byte *outbuf, const byte *inbuf)
+{
+ u32 x1, x2, x3, x4;
+ union wordbuf t0, t1;
+
+ x1 = GETU32 (inbuf);
+ x2 = GETU32 (inbuf+4);
+ x3 = GETU32 (inbuf+8);
+ x4 = GETU32 (inbuf+12);
+
+ OP (x1, x2, x3, x4, 30);
+ OP (x3, x4, x1, x2, 28);
+ OP (x1, x2, x3, x4, 26);
+ OP (x3, x4, x1, x2, 24);
+ OP (x1, x2, x3, x4, 22);
+ OP (x3, x4, x1, x2, 20);
+ OP (x1, x2, x3, x4, 18);
+ OP (x3, x4, x1, x2, 16);
+ OP (x1, x2, x3, x4, 14);
+ OP (x3, x4, x1, x2, 12);
+ OP (x1, x2, x3, x4, 10);
+ OP (x3, x4, x1, x2, 8);
+ OP (x1, x2, x3, x4, 6);
+ OP (x3, x4, x1, x2, 4);
+ OP (x1, x2, x3, x4, 2);
+ OP (x3, x4, x1, x2, 0);
+
+ PUTU32 (outbuf, x3);
+ PUTU32 (outbuf+4, x4);
+ PUTU32 (outbuf+8, x1);
+ PUTU32 (outbuf+12, x2);
+}
+
+static void
+seed_decrypt (void *context, byte *outbuf, const byte *inbuf)
+{
+ SEED_context *ctx = context;
+
+ do_decrypt (ctx, outbuf, inbuf);
+ _gcry_burn_stack (4*6);
+}
+
+
+/* Test a single encryption and decryption with each key size. */
+static const char*
+selftest (void)
+{
+ SEED_context ctx;
+ byte scratch[16];
+
+ /* The test vector is taken from the appendix section B.3 of RFC4269.
+ */
+ static const byte plaintext[16] = {
+ 0x83, 0xA2, 0xF8, 0xA2, 0x88, 0x64, 0x1F, 0xB9,
+ 0xA4, 0xE9, 0xA5, 0xCC, 0x2F, 0x13, 0x1C, 0x7D
+ };
+ static const byte key[16] = {
+ 0x47, 0x06, 0x48, 0x08, 0x51, 0xE6, 0x1B, 0xE8,
+ 0x5D, 0x74, 0xBF, 0xB3, 0xFD, 0x95, 0x61, 0x85
+ };
+ static const byte ciphertext[16] = {
+ 0xEE, 0x54, 0xD1, 0x3E, 0xBC, 0xAE, 0x70, 0x6D,
+ 0x22, 0x6B, 0xC3, 0x14, 0x2C, 0xD4, 0x0D, 0x4A,
+ };
+
+ seed_setkey (&ctx, key, sizeof(key));
+ seed_encrypt (&ctx, scratch, plaintext);
+ if (memcmp (scratch, ciphertext, sizeof (ciphertext)))
+ return "SEED test encryption failed.";
+ seed_decrypt (&ctx, scratch, scratch);
+ if (memcmp (scratch, plaintext, sizeof (plaintext)))
+ return "SEED test decryption failed.";
+
+ return NULL;
+}
+
+
+
+static gcry_cipher_oid_spec_t seed_oids[] =
+ {
+ { "1.2.410.200004.1.3", GCRY_CIPHER_MODE_ECB },
+ { "1.2.410.200004.1.4", GCRY_CIPHER_MODE_CBC },
+ { "1.2.410.200004.1.5", GCRY_CIPHER_MODE_CFB },
+ { "1.2.410.200004.1.6", GCRY_CIPHER_MODE_OFB },
+ { NULL }
+ };
+
+gcry_cipher_spec_t _gcry_cipher_spec_seed =
+ {
+ "SEED", NULL, seed_oids, 16, 128, sizeof (SEED_context),
+ seed_setkey, seed_encrypt, seed_decrypt,
+ };
diff --git a/grub-core/lib/libgcrypt/cipher/serpent.c b/grub-core/lib/libgcrypt/cipher/serpent.c
new file mode 100644
index 0000000..6b7e655
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/serpent.c
@@ -0,0 +1,978 @@
+/* serpent.c - Implementation of the Serpent encryption algorithm.
+ * Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ */
+
+#include <config.h>
+
+#include <string.h>
+#include <stdio.h>
+
+#include "types.h"
+#include "g10lib.h"
+#include "cipher.h"
+#include "bithelp.h"
+
+/* Number of rounds per Serpent encrypt/decrypt operation. */
+#define ROUNDS 32
+
+/* Magic number, used during generating of the subkeys. */
+#define PHI 0x9E3779B9
+
+/* Serpent works on 128 bit blocks. */
+typedef u32 serpent_block_t[4];
+
+/* Serpent key, provided by the user. If the original key is shorter
+ than 256 bits, it is padded. */
+typedef u32 serpent_key_t[8];
+
+/* The key schedule consists of 33 128 bit subkeys. */
+typedef u32 serpent_subkeys_t[ROUNDS + 1][4];
+
+/* A Serpent context. */
+typedef struct serpent_context
+{
+ serpent_subkeys_t keys; /* Generated subkeys. */
+} serpent_context_t;
+
+
+/* A prototype. */
+static const char *serpent_test (void);
+
+
+#define byte_swap_32(x) \
+ (0 \
+ | (((x) & 0xff000000) >> 24) | (((x) & 0x00ff0000) >> 8) \
+ | (((x) & 0x0000ff00) << 8) | (((x) & 0x000000ff) << 24))
+
+/* These are the S-Boxes of Serpent. They are copied from Serpents
+ reference implementation (the optimized one, contained in
+ `floppy2') and are therefore:
+
+ Copyright (C) 1998 Ross Anderson, Eli Biham, Lars Knudsen.
+
+ To quote the Serpent homepage
+ (http://www.cl.cam.ac.uk/~rja14/serpent.html):
+
+ "Serpent is now completely in the public domain, and we impose no
+ restrictions on its use. This was announced on the 21st August at
+ the First AES Candidate Conference. The optimised implementations
+ in the submission package are now under the GNU PUBLIC LICENSE
+ (GPL), although some comments in the code still say otherwise. You
+ are welcome to use Serpent for any application." */
+
+#define SBOX0(a, b, c, d, w, x, y, z) \
+ { \
+ u32 t02, t03, t05, t06, t07, t08, t09; \
+ u32 t11, t12, t13, t14, t15, t17, t01; \
+ t01 = b ^ c ; \
+ t02 = a | d ; \
+ t03 = a ^ b ; \
+ z = t02 ^ t01; \
+ t05 = c | z ; \
+ t06 = a ^ d ; \
+ t07 = b | c ; \
+ t08 = d & t05; \
+ t09 = t03 & t07; \
+ y = t09 ^ t08; \
+ t11 = t09 & y ; \
+ t12 = c ^ d ; \
+ t13 = t07 ^ t11; \
+ t14 = b & t06; \
+ t15 = t06 ^ t13; \
+ w = ~ t15; \
+ t17 = w ^ t14; \
+ x = t12 ^ t17; \
+ }
+
+#define SBOX0_INVERSE(a, b, c, d, w, x, y, z) \
+ { \
+ u32 t02, t03, t04, t05, t06, t08, t09, t10; \
+ u32 t12, t13, t14, t15, t17, t18, t01; \
+ t01 = c ^ d ; \
+ t02 = a | b ; \
+ t03 = b | c ; \
+ t04 = c & t01; \
+ t05 = t02 ^ t01; \
+ t06 = a | t04; \
+ y = ~ t05; \
+ t08 = b ^ d ; \
+ t09 = t03 & t08; \
+ t10 = d | y ; \
+ x = t09 ^ t06; \
+ t12 = a | t05; \
+ t13 = x ^ t12; \
+ t14 = t03 ^ t10; \
+ t15 = a ^ c ; \
+ z = t14 ^ t13; \
+ t17 = t05 & t13; \
+ t18 = t14 | t17; \
+ w = t15 ^ t18; \
+ }
+
+#define SBOX1(a, b, c, d, w, x, y, z) \
+ { \
+ u32 t02, t03, t04, t05, t06, t07, t08; \
+ u32 t10, t11, t12, t13, t16, t17, t01; \
+ t01 = a | d ; \
+ t02 = c ^ d ; \
+ t03 = ~ b ; \
+ t04 = a ^ c ; \
+ t05 = a | t03; \
+ t06 = d & t04; \
+ t07 = t01 & t02; \
+ t08 = b | t06; \
+ y = t02 ^ t05; \
+ t10 = t07 ^ t08; \
+ t11 = t01 ^ t10; \
+ t12 = y ^ t11; \
+ t13 = b & d ; \
+ z = ~ t10; \
+ x = t13 ^ t12; \
+ t16 = t10 | x ; \
+ t17 = t05 & t16; \
+ w = c ^ t17; \
+ }
+
+#define SBOX1_INVERSE(a, b, c, d, w, x, y, z) \
+ { \
+ u32 t02, t03, t04, t05, t06, t07, t08; \
+ u32 t09, t10, t11, t14, t15, t17, t01; \
+ t01 = a ^ b ; \
+ t02 = b | d ; \
+ t03 = a & c ; \
+ t04 = c ^ t02; \
+ t05 = a | t04; \
+ t06 = t01 & t05; \
+ t07 = d | t03; \
+ t08 = b ^ t06; \
+ t09 = t07 ^ t06; \
+ t10 = t04 | t03; \
+ t11 = d & t08; \
+ y = ~ t09; \
+ x = t10 ^ t11; \
+ t14 = a | y ; \
+ t15 = t06 ^ x ; \
+ z = t01 ^ t04; \
+ t17 = c ^ t15; \
+ w = t14 ^ t17; \
+ }
+
+#define SBOX2(a, b, c, d, w, x, y, z) \
+ { \
+ u32 t02, t03, t05, t06, t07, t08; \
+ u32 t09, t10, t12, t13, t14, t01; \
+ t01 = a | c ; \
+ t02 = a ^ b ; \
+ t03 = d ^ t01; \
+ w = t02 ^ t03; \
+ t05 = c ^ w ; \
+ t06 = b ^ t05; \
+ t07 = b | t05; \
+ t08 = t01 & t06; \
+ t09 = t03 ^ t07; \
+ t10 = t02 | t09; \
+ x = t10 ^ t08; \
+ t12 = a | d ; \
+ t13 = t09 ^ x ; \
+ t14 = b ^ t13; \
+ z = ~ t09; \
+ y = t12 ^ t14; \
+ }
+
+#define SBOX2_INVERSE(a, b, c, d, w, x, y, z) \
+ { \
+ u32 t02, t03, t04, t06, t07, t08, t09; \
+ u32 t10, t11, t12, t15, t16, t17, t01; \
+ t01 = a ^ d ; \
+ t02 = c ^ d ; \
+ t03 = a & c ; \
+ t04 = b | t02; \
+ w = t01 ^ t04; \
+ t06 = a | c ; \
+ t07 = d | w ; \
+ t08 = ~ d ; \
+ t09 = b & t06; \
+ t10 = t08 | t03; \
+ t11 = b & t07; \
+ t12 = t06 & t02; \
+ z = t09 ^ t10; \
+ x = t12 ^ t11; \
+ t15 = c & z ; \
+ t16 = w ^ x ; \
+ t17 = t10 ^ t15; \
+ y = t16 ^ t17; \
+ }
+
+#define SBOX3(a, b, c, d, w, x, y, z) \
+ { \
+ u32 t02, t03, t04, t05, t06, t07, t08; \
+ u32 t09, t10, t11, t13, t14, t15, t01; \
+ t01 = a ^ c ; \
+ t02 = a | d ; \
+ t03 = a & d ; \
+ t04 = t01 & t02; \
+ t05 = b | t03; \
+ t06 = a & b ; \
+ t07 = d ^ t04; \
+ t08 = c | t06; \
+ t09 = b ^ t07; \
+ t10 = d & t05; \
+ t11 = t02 ^ t10; \
+ z = t08 ^ t09; \
+ t13 = d | z ; \
+ t14 = a | t07; \
+ t15 = b & t13; \
+ y = t08 ^ t11; \
+ w = t14 ^ t15; \
+ x = t05 ^ t04; \
+ }
+
+#define SBOX3_INVERSE(a, b, c, d, w, x, y, z) \
+ { \
+ u32 t02, t03, t04, t05, t06, t07, t09; \
+ u32 t11, t12, t13, t14, t16, t01; \
+ t01 = c | d ; \
+ t02 = a | d ; \
+ t03 = c ^ t02; \
+ t04 = b ^ t02; \
+ t05 = a ^ d ; \
+ t06 = t04 & t03; \
+ t07 = b & t01; \
+ y = t05 ^ t06; \
+ t09 = a ^ t03; \
+ w = t07 ^ t03; \
+ t11 = w | t05; \
+ t12 = t09 & t11; \
+ t13 = a & y ; \
+ t14 = t01 ^ t05; \
+ x = b ^ t12; \
+ t16 = b | t13; \
+ z = t14 ^ t16; \
+ }
+
+#define SBOX4(a, b, c, d, w, x, y, z) \
+ { \
+ u32 t02, t03, t04, t05, t06, t08, t09; \
+ u32 t10, t11, t12, t13, t14, t15, t16, t01; \
+ t01 = a | b ; \
+ t02 = b | c ; \
+ t03 = a ^ t02; \
+ t04 = b ^ d ; \
+ t05 = d | t03; \
+ t06 = d & t01; \
+ z = t03 ^ t06; \
+ t08 = z & t04; \
+ t09 = t04 & t05; \
+ t10 = c ^ t06; \
+ t11 = b & c ; \
+ t12 = t04 ^ t08; \
+ t13 = t11 | t03; \
+ t14 = t10 ^ t09; \
+ t15 = a & t05; \
+ t16 = t11 | t12; \
+ y = t13 ^ t08; \
+ x = t15 ^ t16; \
+ w = ~ t14; \
+ }
+
+#define SBOX4_INVERSE(a, b, c, d, w, x, y, z) \
+ { \
+ u32 t02, t03, t04, t05, t06, t07, t09; \
+ u32 t10, t11, t12, t13, t15, t01; \
+ t01 = b | d ; \
+ t02 = c | d ; \
+ t03 = a & t01; \
+ t04 = b ^ t02; \
+ t05 = c ^ d ; \
+ t06 = ~ t03; \
+ t07 = a & t04; \
+ x = t05 ^ t07; \
+ t09 = x | t06; \
+ t10 = a ^ t07; \
+ t11 = t01 ^ t09; \
+ t12 = d ^ t04; \
+ t13 = c | t10; \
+ z = t03 ^ t12; \
+ t15 = a ^ t04; \
+ y = t11 ^ t13; \
+ w = t15 ^ t09; \
+ }
+
+#define SBOX5(a, b, c, d, w, x, y, z) \
+ { \
+ u32 t02, t03, t04, t05, t07, t08, t09; \
+ u32 t10, t11, t12, t13, t14, t01; \
+ t01 = b ^ d ; \
+ t02 = b | d ; \
+ t03 = a & t01; \
+ t04 = c ^ t02; \
+ t05 = t03 ^ t04; \
+ w = ~ t05; \
+ t07 = a ^ t01; \
+ t08 = d | w ; \
+ t09 = b | t05; \
+ t10 = d ^ t08; \
+ t11 = b | t07; \
+ t12 = t03 | w ; \
+ t13 = t07 | t10; \
+ t14 = t01 ^ t11; \
+ y = t09 ^ t13; \
+ x = t07 ^ t08; \
+ z = t12 ^ t14; \
+ }
+
+#define SBOX5_INVERSE(a, b, c, d, w, x, y, z) \
+ { \
+ u32 t02, t03, t04, t05, t07, t08, t09; \
+ u32 t10, t12, t13, t15, t16, t01; \
+ t01 = a & d ; \
+ t02 = c ^ t01; \
+ t03 = a ^ d ; \
+ t04 = b & t02; \
+ t05 = a & c ; \
+ w = t03 ^ t04; \
+ t07 = a & w ; \
+ t08 = t01 ^ w ; \
+ t09 = b | t05; \
+ t10 = ~ b ; \
+ x = t08 ^ t09; \
+ t12 = t10 | t07; \
+ t13 = w | x ; \
+ z = t02 ^ t12; \
+ t15 = t02 ^ t13; \
+ t16 = b ^ d ; \
+ y = t16 ^ t15; \
+ }
+
+#define SBOX6(a, b, c, d, w, x, y, z) \
+ { \
+ u32 t02, t03, t04, t05, t07, t08, t09, t10; \
+ u32 t11, t12, t13, t15, t17, t18, t01; \
+ t01 = a & d ; \
+ t02 = b ^ c ; \
+ t03 = a ^ d ; \
+ t04 = t01 ^ t02; \
+ t05 = b | c ; \
+ x = ~ t04; \
+ t07 = t03 & t05; \
+ t08 = b & x ; \
+ t09 = a | c ; \
+ t10 = t07 ^ t08; \
+ t11 = b | d ; \
+ t12 = c ^ t11; \
+ t13 = t09 ^ t10; \
+ y = ~ t13; \
+ t15 = x & t03; \
+ z = t12 ^ t07; \
+ t17 = a ^ b ; \
+ t18 = y ^ t15; \
+ w = t17 ^ t18; \
+ }
+
+#define SBOX6_INVERSE(a, b, c, d, w, x, y, z) \
+ { \
+ u32 t02, t03, t04, t05, t06, t07, t08, t09; \
+ u32 t12, t13, t14, t15, t16, t17, t01; \
+ t01 = a ^ c ; \
+ t02 = ~ c ; \
+ t03 = b & t01; \
+ t04 = b | t02; \
+ t05 = d | t03; \
+ t06 = b ^ d ; \
+ t07 = a & t04; \
+ t08 = a | t02; \
+ t09 = t07 ^ t05; \
+ x = t06 ^ t08; \
+ w = ~ t09; \
+ t12 = b & w ; \
+ t13 = t01 & t05; \
+ t14 = t01 ^ t12; \
+ t15 = t07 ^ t13; \
+ t16 = d | t02; \
+ t17 = a ^ x ; \
+ z = t17 ^ t15; \
+ y = t16 ^ t14; \
+ }
+
+#define SBOX7(a, b, c, d, w, x, y, z) \
+ { \
+ u32 t02, t03, t04, t05, t06, t08, t09, t10; \
+ u32 t11, t13, t14, t15, t16, t17, t01; \
+ t01 = a & c ; \
+ t02 = ~ d ; \
+ t03 = a & t02; \
+ t04 = b | t01; \
+ t05 = a & b ; \
+ t06 = c ^ t04; \
+ z = t03 ^ t06; \
+ t08 = c | z ; \
+ t09 = d | t05; \
+ t10 = a ^ t08; \
+ t11 = t04 & z ; \
+ x = t09 ^ t10; \
+ t13 = b ^ x ; \
+ t14 = t01 ^ x ; \
+ t15 = c ^ t05; \
+ t16 = t11 | t13; \
+ t17 = t02 | t14; \
+ w = t15 ^ t17; \
+ y = a ^ t16; \
+ }
+
+#define SBOX7_INVERSE(a, b, c, d, w, x, y, z) \
+ { \
+ u32 t02, t03, t04, t06, t07, t08, t09; \
+ u32 t10, t11, t13, t14, t15, t16, t01; \
+ t01 = a & b ; \
+ t02 = a | b ; \
+ t03 = c | t01; \
+ t04 = d & t02; \
+ z = t03 ^ t04; \
+ t06 = b ^ t04; \
+ t07 = d ^ z ; \
+ t08 = ~ t07; \
+ t09 = t06 | t08; \
+ t10 = b ^ d ; \
+ t11 = a | d ; \
+ x = a ^ t09; \
+ t13 = c ^ t06; \
+ t14 = c & t11; \
+ t15 = d | x ; \
+ t16 = t01 | t10; \
+ w = t13 ^ t15; \
+ y = t14 ^ t16; \
+ }
+
+/* XOR BLOCK1 into BLOCK0. */
+#define BLOCK_XOR(block0, block1) \
+ { \
+ block0[0] ^= block1[0]; \
+ block0[1] ^= block1[1]; \
+ block0[2] ^= block1[2]; \
+ block0[3] ^= block1[3]; \
+ }
+
+/* Copy BLOCK_SRC to BLOCK_DST. */
+#define BLOCK_COPY(block_dst, block_src) \
+ { \
+ block_dst[0] = block_src[0]; \
+ block_dst[1] = block_src[1]; \
+ block_dst[2] = block_src[2]; \
+ block_dst[3] = block_src[3]; \
+ }
+
+/* Apply SBOX number WHICH to to the block found in ARRAY0 at index
+ INDEX, writing the output to the block found in ARRAY1 at index
+ INDEX. */
+#define SBOX(which, array0, array1, index) \
+ SBOX##which (array0[index + 0], array0[index + 1], \
+ array0[index + 2], array0[index + 3], \
+ array1[index + 0], array1[index + 1], \
+ array1[index + 2], array1[index + 3]);
+
+/* Apply inverse SBOX number WHICH to to the block found in ARRAY0 at
+ index INDEX, writing the output to the block found in ARRAY1 at
+ index INDEX. */
+#define SBOX_INVERSE(which, array0, array1, index) \
+ SBOX##which##_INVERSE (array0[index + 0], array0[index + 1], \
+ array0[index + 2], array0[index + 3], \
+ array1[index + 0], array1[index + 1], \
+ array1[index + 2], array1[index + 3]);
+
+/* Apply the linear transformation to BLOCK. */
+#define LINEAR_TRANSFORMATION(block) \
+ { \
+ block[0] = rol (block[0], 13); \
+ block[2] = rol (block[2], 3); \
+ block[1] = block[1] ^ block[0] ^ block[2]; \
+ block[3] = block[3] ^ block[2] ^ (block[0] << 3); \
+ block[1] = rol (block[1], 1); \
+ block[3] = rol (block[3], 7); \
+ block[0] = block[0] ^ block[1] ^ block[3]; \
+ block[2] = block[2] ^ block[3] ^ (block[1] << 7); \
+ block[0] = rol (block[0], 5); \
+ block[2] = rol (block[2], 22); \
+ }
+
+/* Apply the inverse linear transformation to BLOCK. */
+#define LINEAR_TRANSFORMATION_INVERSE(block) \
+ { \
+ block[2] = ror (block[2], 22); \
+ block[0] = ror (block[0] , 5); \
+ block[2] = block[2] ^ block[3] ^ (block[1] << 7); \
+ block[0] = block[0] ^ block[1] ^ block[3]; \
+ block[3] = ror (block[3], 7); \
+ block[1] = ror (block[1], 1); \
+ block[3] = block[3] ^ block[2] ^ (block[0] << 3); \
+ block[1] = block[1] ^ block[0] ^ block[2]; \
+ block[2] = ror (block[2], 3); \
+ block[0] = ror (block[0], 13); \
+ }
+
+/* Apply a Serpent round to BLOCK, using the SBOX number WHICH and the
+ subkeys contained in SUBKEYS. Use BLOCK_TMP as temporary storage.
+ This macro increments `round'. */
+#define ROUND(which, subkeys, block, block_tmp) \
+ { \
+ BLOCK_XOR (block, subkeys[round]); \
+ round++; \
+ SBOX (which, block, block_tmp, 0); \
+ LINEAR_TRANSFORMATION (block_tmp); \
+ BLOCK_COPY (block, block_tmp); \
+ }
+
+/* Apply the last Serpent round to BLOCK, using the SBOX number WHICH
+ and the subkeys contained in SUBKEYS. Use BLOCK_TMP as temporary
+ storage. The result will be stored in BLOCK_TMP. This macro
+ increments `round'. */
+#define ROUND_LAST(which, subkeys, block, block_tmp) \
+ { \
+ BLOCK_XOR (block, subkeys[round]); \
+ round++; \
+ SBOX (which, block, block_tmp, 0); \
+ BLOCK_XOR (block_tmp, subkeys[round]); \
+ round++; \
+ }
+
+/* Apply an inverse Serpent round to BLOCK, using the SBOX number
+ WHICH and the subkeys contained in SUBKEYS. Use BLOCK_TMP as
+ temporary storage. This macro increments `round'. */
+#define ROUND_INVERSE(which, subkey, block, block_tmp) \
+ { \
+ LINEAR_TRANSFORMATION_INVERSE (block); \
+ SBOX_INVERSE (which, block, block_tmp, 0); \
+ BLOCK_XOR (block_tmp, subkey[round]); \
+ round--; \
+ BLOCK_COPY (block, block_tmp); \
+ }
+
+/* Apply the first Serpent round to BLOCK, using the SBOX number WHICH
+ and the subkeys contained in SUBKEYS. Use BLOCK_TMP as temporary
+ storage. The result will be stored in BLOCK_TMP. This macro
+ increments `round'. */
+#define ROUND_FIRST_INVERSE(which, subkeys, block, block_tmp) \
+ { \
+ BLOCK_XOR (block, subkeys[round]); \
+ round--; \
+ SBOX_INVERSE (which, block, block_tmp, 0); \
+ BLOCK_XOR (block_tmp, subkeys[round]); \
+ round--; \
+ }
+
+/* Convert the user provided key KEY of KEY_LENGTH bytes into the
+ internally used format. */
+static void
+serpent_key_prepare (const byte *key, unsigned int key_length,
+ serpent_key_t key_prepared)
+{
+ int i;
+
+ /* Copy key. */
+ for (i = 0; i < key_length / 4; i++)
+ {
+#ifdef WORDS_BIGENDIAN
+ key_prepared[i] = byte_swap_32 (((u32 *) key)[i]);
+#else
+ key_prepared[i] = ((u32 *) key)[i];
+#endif
+ }
+
+ if (i < 8)
+ {
+ /* Key must be padded according to the Serpent
+ specification. */
+ key_prepared[i] = 0x00000001;
+
+ for (i++; i < 8; i++)
+ key_prepared[i] = 0;
+ }
+}
+
+/* Derive the 33 subkeys from KEY and store them in SUBKEYS. */
+static void
+serpent_subkeys_generate (serpent_key_t key, serpent_subkeys_t subkeys)
+{
+ u32 w_real[140]; /* The `prekey'. */
+ u32 k[132];
+ u32 *w = &w_real[8];
+ int i, j;
+
+ /* Initialize with key values. */
+ for (i = 0; i < 8; i++)
+ w[i - 8] = key[i];
+
+ /* Expand to intermediate key using the affine recurrence. */
+ for (i = 0; i < 132; i++)
+ w[i] = rol (w[i - 8] ^ w[i - 5] ^ w[i - 3] ^ w[i - 1] ^ PHI ^ i, 11);
+
+ /* Calculate subkeys via S-Boxes, in bitslice mode. */
+ SBOX (3, w, k, 0);
+ SBOX (2, w, k, 4);
+ SBOX (1, w, k, 8);
+ SBOX (0, w, k, 12);
+ SBOX (7, w, k, 16);
+ SBOX (6, w, k, 20);
+ SBOX (5, w, k, 24);
+ SBOX (4, w, k, 28);
+ SBOX (3, w, k, 32);
+ SBOX (2, w, k, 36);
+ SBOX (1, w, k, 40);
+ SBOX (0, w, k, 44);
+ SBOX (7, w, k, 48);
+ SBOX (6, w, k, 52);
+ SBOX (5, w, k, 56);
+ SBOX (4, w, k, 60);
+ SBOX (3, w, k, 64);
+ SBOX (2, w, k, 68);
+ SBOX (1, w, k, 72);
+ SBOX (0, w, k, 76);
+ SBOX (7, w, k, 80);
+ SBOX (6, w, k, 84);
+ SBOX (5, w, k, 88);
+ SBOX (4, w, k, 92);
+ SBOX (3, w, k, 96);
+ SBOX (2, w, k, 100);
+ SBOX (1, w, k, 104);
+ SBOX (0, w, k, 108);
+ SBOX (7, w, k, 112);
+ SBOX (6, w, k, 116);
+ SBOX (5, w, k, 120);
+ SBOX (4, w, k, 124);
+ SBOX (3, w, k, 128);
+
+ /* Renumber subkeys. */
+ for (i = 0; i < ROUNDS + 1; i++)
+ for (j = 0; j < 4; j++)
+ subkeys[i][j] = k[4 * i + j];
+}
+
+/* Initialize CONTEXT with the key KEY of KEY_LENGTH bits. */
+static void
+serpent_setkey_internal (serpent_context_t *context,
+ const byte *key, unsigned int key_length)
+{
+ serpent_key_t key_prepared;
+
+ serpent_key_prepare (key, key_length, key_prepared);
+ serpent_subkeys_generate (key_prepared, context->keys);
+ _gcry_burn_stack (272 * sizeof (u32));
+}
+
+/* Initialize CTX with the key KEY of KEY_LENGTH bytes. */
+static gcry_err_code_t
+serpent_setkey (void *ctx,
+ const byte *key, unsigned int key_length)
+{
+ serpent_context_t *context = ctx;
+ static const char *serpent_test_ret;
+ static int serpent_init_done;
+ gcry_err_code_t ret = GPG_ERR_NO_ERROR;
+
+ if (! serpent_init_done)
+ {
+ /* Execute a self-test the first time, Serpent is used. */
+ serpent_test_ret = serpent_test ();
+ if (serpent_test_ret)
+ log_error ("Serpent test failure: %s\n", serpent_test_ret);
+ serpent_init_done = 1;
+ }
+
+ if (serpent_test_ret)
+ ret = GPG_ERR_SELFTEST_FAILED;
+ else
+ {
+ serpent_setkey_internal (context, key, key_length);
+ _gcry_burn_stack (sizeof (serpent_key_t));
+ }
+
+ return ret;
+}
+
+static void
+serpent_encrypt_internal (serpent_context_t *context,
+ const serpent_block_t input, serpent_block_t output)
+{
+ serpent_block_t b, b_next;
+ int round = 0;
+
+#ifdef WORDS_BIGENDIAN
+ b[0] = byte_swap_32 (input[0]);
+ b[1] = byte_swap_32 (input[1]);
+ b[2] = byte_swap_32 (input[2]);
+ b[3] = byte_swap_32 (input[3]);
+#else
+ b[0] = input[0];
+ b[1] = input[1];
+ b[2] = input[2];
+ b[3] = input[3];
+#endif
+
+ ROUND (0, context->keys, b, b_next);
+ ROUND (1, context->keys, b, b_next);
+ ROUND (2, context->keys, b, b_next);
+ ROUND (3, context->keys, b, b_next);
+ ROUND (4, context->keys, b, b_next);
+ ROUND (5, context->keys, b, b_next);
+ ROUND (6, context->keys, b, b_next);
+ ROUND (7, context->keys, b, b_next);
+ ROUND (0, context->keys, b, b_next);
+ ROUND (1, context->keys, b, b_next);
+ ROUND (2, context->keys, b, b_next);
+ ROUND (3, context->keys, b, b_next);
+ ROUND (4, context->keys, b, b_next);
+ ROUND (5, context->keys, b, b_next);
+ ROUND (6, context->keys, b, b_next);
+ ROUND (7, context->keys, b, b_next);
+ ROUND (0, context->keys, b, b_next);
+ ROUND (1, context->keys, b, b_next);
+ ROUND (2, context->keys, b, b_next);
+ ROUND (3, context->keys, b, b_next);
+ ROUND (4, context->keys, b, b_next);
+ ROUND (5, context->keys, b, b_next);
+ ROUND (6, context->keys, b, b_next);
+ ROUND (7, context->keys, b, b_next);
+ ROUND (0, context->keys, b, b_next);
+ ROUND (1, context->keys, b, b_next);
+ ROUND (2, context->keys, b, b_next);
+ ROUND (3, context->keys, b, b_next);
+ ROUND (4, context->keys, b, b_next);
+ ROUND (5, context->keys, b, b_next);
+ ROUND (6, context->keys, b, b_next);
+
+ ROUND_LAST (7, context->keys, b, b_next);
+
+#ifdef WORDS_BIGENDIAN
+ output[0] = byte_swap_32 (b_next[0]);
+ output[1] = byte_swap_32 (b_next[1]);
+ output[2] = byte_swap_32 (b_next[2]);
+ output[3] = byte_swap_32 (b_next[3]);
+#else
+ output[0] = b_next[0];
+ output[1] = b_next[1];
+ output[2] = b_next[2];
+ output[3] = b_next[3];
+#endif
+}
+
+static void
+serpent_decrypt_internal (serpent_context_t *context,
+ const serpent_block_t input, serpent_block_t output)
+{
+ serpent_block_t b, b_next;
+ int round = ROUNDS;
+
+#ifdef WORDS_BIGENDIAN
+ b_next[0] = byte_swap_32 (input[0]);
+ b_next[1] = byte_swap_32 (input[1]);
+ b_next[2] = byte_swap_32 (input[2]);
+ b_next[3] = byte_swap_32 (input[3]);
+#else
+ b_next[0] = input[0];
+ b_next[1] = input[1];
+ b_next[2] = input[2];
+ b_next[3] = input[3];
+#endif
+
+ ROUND_FIRST_INVERSE (7, context->keys, b_next, b);
+
+ ROUND_INVERSE (6, context->keys, b, b_next);
+ ROUND_INVERSE (5, context->keys, b, b_next);
+ ROUND_INVERSE (4, context->keys, b, b_next);
+ ROUND_INVERSE (3, context->keys, b, b_next);
+ ROUND_INVERSE (2, context->keys, b, b_next);
+ ROUND_INVERSE (1, context->keys, b, b_next);
+ ROUND_INVERSE (0, context->keys, b, b_next);
+ ROUND_INVERSE (7, context->keys, b, b_next);
+ ROUND_INVERSE (6, context->keys, b, b_next);
+ ROUND_INVERSE (5, context->keys, b, b_next);
+ ROUND_INVERSE (4, context->keys, b, b_next);
+ ROUND_INVERSE (3, context->keys, b, b_next);
+ ROUND_INVERSE (2, context->keys, b, b_next);
+ ROUND_INVERSE (1, context->keys, b, b_next);
+ ROUND_INVERSE (0, context->keys, b, b_next);
+ ROUND_INVERSE (7, context->keys, b, b_next);
+ ROUND_INVERSE (6, context->keys, b, b_next);
+ ROUND_INVERSE (5, context->keys, b, b_next);
+ ROUND_INVERSE (4, context->keys, b, b_next);
+ ROUND_INVERSE (3, context->keys, b, b_next);
+ ROUND_INVERSE (2, context->keys, b, b_next);
+ ROUND_INVERSE (1, context->keys, b, b_next);
+ ROUND_INVERSE (0, context->keys, b, b_next);
+ ROUND_INVERSE (7, context->keys, b, b_next);
+ ROUND_INVERSE (6, context->keys, b, b_next);
+ ROUND_INVERSE (5, context->keys, b, b_next);
+ ROUND_INVERSE (4, context->keys, b, b_next);
+ ROUND_INVERSE (3, context->keys, b, b_next);
+ ROUND_INVERSE (2, context->keys, b, b_next);
+ ROUND_INVERSE (1, context->keys, b, b_next);
+ ROUND_INVERSE (0, context->keys, b, b_next);
+
+
+#ifdef WORDS_BIGENDIAN
+ output[0] = byte_swap_32 (b_next[0]);
+ output[1] = byte_swap_32 (b_next[1]);
+ output[2] = byte_swap_32 (b_next[2]);
+ output[3] = byte_swap_32 (b_next[3]);
+#else
+ output[0] = b_next[0];
+ output[1] = b_next[1];
+ output[2] = b_next[2];
+ output[3] = b_next[3];
+#endif
+}
+
+static void
+serpent_encrypt (void *ctx, byte *buffer_out, const byte *buffer_in)
+{
+ serpent_context_t *context = ctx;
+
+ serpent_encrypt_internal (context,
+ (const u32 *) buffer_in, (u32 *) buffer_out);
+ _gcry_burn_stack (2 * sizeof (serpent_block_t));
+}
+
+static void
+serpent_decrypt (void *ctx, byte *buffer_out, const byte *buffer_in)
+{
+ serpent_context_t *context = ctx;
+
+ serpent_decrypt_internal (context,
+ (const u32 *) buffer_in,
+ (u32 *) buffer_out);
+ _gcry_burn_stack (2 * sizeof (serpent_block_t));
+}
+
+
+
+/* Serpent test. */
+
+static const char *
+serpent_test (void)
+{
+ serpent_context_t context;
+ unsigned char scratch[16];
+ unsigned int i;
+
+ static struct test
+ {
+ int key_length;
+ unsigned char key[32];
+ unsigned char text_plain[16];
+ unsigned char text_cipher[16];
+ } test_data[] =
+ {
+ {
+ 16,
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ "\xD2\x9D\x57\x6F\xCE\xA3\xA3\xA7\xED\x90\x99\xF2\x92\x73\xD7\x8E",
+ "\xB2\x28\x8B\x96\x8A\xE8\xB0\x86\x48\xD1\xCE\x96\x06\xFD\x99\x2D"
+ },
+ {
+ 24,
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ "\xD2\x9D\x57\x6F\xCE\xAB\xA3\xA7\xED\x98\x99\xF2\x92\x7B\xD7\x8E",
+ "\x13\x0E\x35\x3E\x10\x37\xC2\x24\x05\xE8\xFA\xEF\xB2\xC3\xC3\xE9"
+ },
+ {
+ 32,
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ "\xD0\x95\x57\x6F\xCE\xA3\xE3\xA7\xED\x98\xD9\xF2\x90\x73\xD7\x8E",
+ "\xB9\x0E\xE5\x86\x2D\xE6\x91\x68\xF2\xBD\xD5\x12\x5B\x45\x47\x2B"
+ },
+ {
+ 32,
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ "\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\x03\x00\x00\x00",
+ "\x20\x61\xA4\x27\x82\xBD\x52\xEC\x69\x1E\xC3\x83\xB0\x3B\xA7\x7C"
+ },
+ {
+ 0
+ },
+ };
+
+ for (i = 0; test_data[i].key_length; i++)
+ {
+ serpent_setkey_internal (&context, test_data[i].key,
+ test_data[i].key_length);
+ serpent_encrypt_internal (&context,
+ (const u32 *) test_data[i].text_plain,
+ (u32 *) scratch);
+
+ if (memcmp (scratch, test_data[i].text_cipher, sizeof (serpent_block_t)))
+ switch (test_data[i].key_length)
+ {
+ case 16:
+ return "Serpent-128 test encryption failed.";
+ case 24:
+ return "Serpent-192 test encryption failed.";
+ case 32:
+ return "Serpent-256 test encryption failed.";
+ }
+
+ serpent_decrypt_internal (&context,
+ (const u32 *) test_data[i].text_cipher,
+ (u32 *) scratch);
+ if (memcmp (scratch, test_data[i].text_plain, sizeof (serpent_block_t)))
+ switch (test_data[i].key_length)
+ {
+ case 16:
+ return "Serpent-128 test decryption failed.";
+ case 24:
+ return "Serpent-192 test decryption failed.";
+ case 32:
+ return "Serpent-256 test decryption failed.";
+ }
+ }
+
+ return NULL;
+}
+
+
+
+/* "SERPENT" is an alias for "SERPENT128". */
+static const char *cipher_spec_serpent128_aliases[] =
+ {
+ "SERPENT",
+ NULL
+ };
+
+gcry_cipher_spec_t _gcry_cipher_spec_serpent128 =
+ {
+ "SERPENT128", cipher_spec_serpent128_aliases, NULL, 16, 128,
+ sizeof (serpent_context_t),
+ serpent_setkey, serpent_encrypt, serpent_decrypt
+ };
+
+gcry_cipher_spec_t _gcry_cipher_spec_serpent192 =
+ {
+ "SERPENT192", NULL, NULL, 16, 192,
+ sizeof (serpent_context_t),
+ serpent_setkey, serpent_encrypt, serpent_decrypt
+ };
+
+gcry_cipher_spec_t _gcry_cipher_spec_serpent256 =
+ {
+ "SERPENT256", NULL, NULL, 16, 256,
+ sizeof (serpent_context_t),
+ serpent_setkey, serpent_encrypt, serpent_decrypt
+ };
diff --git a/grub-core/lib/libgcrypt/cipher/sha1.c b/grub-core/lib/libgcrypt/cipher/sha1.c
new file mode 100644
index 0000000..8862c64
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/sha1.c
@@ -0,0 +1,479 @@
+/* sha1.c - SHA1 hash function
+ * Copyright (C) 1998, 2001, 2002, 2003, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+/* Test vectors:
+ *
+ * "abc"
+ * A999 3E36 4706 816A BA3E 2571 7850 C26C 9CD0 D89D
+ *
+ * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+ * 8498 3E44 1C3B D26E BAAE 4AA1 F951 29E5 E546 70F1
+ */
+
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef HAVE_STDINT_H
+# include <stdint.h>
+#endif
+
+#include "g10lib.h"
+#include "memory.h"
+#include "bithelp.h"
+#include "cipher.h"
+#include "hash-common.h"
+
+
+/* A macro to test whether P is properly aligned for an u32 type.
+ Note that config.h provides a suitable replacement for uintptr_t if
+ it does not exist in stdint.h. */
+/* #if __GNUC__ >= 2 */
+/* # define U32_ALIGNED_P(p) (!(((uintptr_t)p) % __alignof__ (u32))) */
+/* #else */
+/* # define U32_ALIGNED_P(p) (!(((uintptr_t)p) % sizeof (u32))) */
+/* #endif */
+
+#define TRANSFORM(x,d,n) transform ((x), (d), (n))
+
+
+typedef struct
+{
+ u32 h0,h1,h2,h3,h4;
+ u32 nblocks;
+ unsigned char buf[64];
+ int count;
+} SHA1_CONTEXT;
+
+
+
+static void
+sha1_init (void *context)
+{
+ SHA1_CONTEXT *hd = context;
+
+ hd->h0 = 0x67452301;
+ hd->h1 = 0xefcdab89;
+ hd->h2 = 0x98badcfe;
+ hd->h3 = 0x10325476;
+ hd->h4 = 0xc3d2e1f0;
+ hd->nblocks = 0;
+ hd->count = 0;
+}
+
+
+/* Round function macros. */
+#define K1 0x5A827999L
+#define K2 0x6ED9EBA1L
+#define K3 0x8F1BBCDCL
+#define K4 0xCA62C1D6L
+#define F1(x,y,z) ( z ^ ( x & ( y ^ z ) ) )
+#define F2(x,y,z) ( x ^ y ^ z )
+#define F3(x,y,z) ( ( x & y ) | ( z & ( x | y ) ) )
+#define F4(x,y,z) ( x ^ y ^ z )
+#define M(i) ( tm = x[ i &0x0f] \
+ ^ x[(i-14)&0x0f] \
+ ^ x[(i-8) &0x0f] \
+ ^ x[(i-3) &0x0f], \
+ (x[i&0x0f] = rol(tm, 1)))
+#define R(a,b,c,d,e,f,k,m) do { e += rol( a, 5 ) \
+ + f( b, c, d ) \
+ + k \
+ + m; \
+ b = rol( b, 30 ); \
+ } while(0)
+
+
+/*
+ * Transform NBLOCKS of each 64 bytes (16 32-bit words) at DATA.
+ */
+static void
+transform (SHA1_CONTEXT *hd, const unsigned char *data, size_t nblocks)
+{
+ register u32 a, b, c, d, e; /* Local copies of the chaining variables. */
+ register u32 tm; /* Helper. */
+ u32 x[16]; /* The array we work on. */
+
+ /* Loop over all blocks. */
+ for ( ;nblocks; nblocks--)
+ {
+#ifdef WORDS_BIGENDIAN
+ memcpy (x, data, 64);
+ data += 64;
+#else
+ {
+ int i;
+ unsigned char *p;
+
+ for(i=0, p=(unsigned char*)x; i < 16; i++, p += 4 )
+ {
+ p[3] = *data++;
+ p[2] = *data++;
+ p[1] = *data++;
+ p[0] = *data++;
+ }
+ }
+#endif
+ /* Get the values of the chaining variables. */
+ a = hd->h0;
+ b = hd->h1;
+ c = hd->h2;
+ d = hd->h3;
+ e = hd->h4;
+
+ /* Transform. */
+ R( a, b, c, d, e, F1, K1, x[ 0] );
+ R( e, a, b, c, d, F1, K1, x[ 1] );
+ R( d, e, a, b, c, F1, K1, x[ 2] );
+ R( c, d, e, a, b, F1, K1, x[ 3] );
+ R( b, c, d, e, a, F1, K1, x[ 4] );
+ R( a, b, c, d, e, F1, K1, x[ 5] );
+ R( e, a, b, c, d, F1, K1, x[ 6] );
+ R( d, e, a, b, c, F1, K1, x[ 7] );
+ R( c, d, e, a, b, F1, K1, x[ 8] );
+ R( b, c, d, e, a, F1, K1, x[ 9] );
+ R( a, b, c, d, e, F1, K1, x[10] );
+ R( e, a, b, c, d, F1, K1, x[11] );
+ R( d, e, a, b, c, F1, K1, x[12] );
+ R( c, d, e, a, b, F1, K1, x[13] );
+ R( b, c, d, e, a, F1, K1, x[14] );
+ R( a, b, c, d, e, F1, K1, x[15] );
+ R( e, a, b, c, d, F1, K1, M(16) );
+ R( d, e, a, b, c, F1, K1, M(17) );
+ R( c, d, e, a, b, F1, K1, M(18) );
+ R( b, c, d, e, a, F1, K1, M(19) );
+ R( a, b, c, d, e, F2, K2, M(20) );
+ R( e, a, b, c, d, F2, K2, M(21) );
+ R( d, e, a, b, c, F2, K2, M(22) );
+ R( c, d, e, a, b, F2, K2, M(23) );
+ R( b, c, d, e, a, F2, K2, M(24) );
+ R( a, b, c, d, e, F2, K2, M(25) );
+ R( e, a, b, c, d, F2, K2, M(26) );
+ R( d, e, a, b, c, F2, K2, M(27) );
+ R( c, d, e, a, b, F2, K2, M(28) );
+ R( b, c, d, e, a, F2, K2, M(29) );
+ R( a, b, c, d, e, F2, K2, M(30) );
+ R( e, a, b, c, d, F2, K2, M(31) );
+ R( d, e, a, b, c, F2, K2, M(32) );
+ R( c, d, e, a, b, F2, K2, M(33) );
+ R( b, c, d, e, a, F2, K2, M(34) );
+ R( a, b, c, d, e, F2, K2, M(35) );
+ R( e, a, b, c, d, F2, K2, M(36) );
+ R( d, e, a, b, c, F2, K2, M(37) );
+ R( c, d, e, a, b, F2, K2, M(38) );
+ R( b, c, d, e, a, F2, K2, M(39) );
+ R( a, b, c, d, e, F3, K3, M(40) );
+ R( e, a, b, c, d, F3, K3, M(41) );
+ R( d, e, a, b, c, F3, K3, M(42) );
+ R( c, d, e, a, b, F3, K3, M(43) );
+ R( b, c, d, e, a, F3, K3, M(44) );
+ R( a, b, c, d, e, F3, K3, M(45) );
+ R( e, a, b, c, d, F3, K3, M(46) );
+ R( d, e, a, b, c, F3, K3, M(47) );
+ R( c, d, e, a, b, F3, K3, M(48) );
+ R( b, c, d, e, a, F3, K3, M(49) );
+ R( a, b, c, d, e, F3, K3, M(50) );
+ R( e, a, b, c, d, F3, K3, M(51) );
+ R( d, e, a, b, c, F3, K3, M(52) );
+ R( c, d, e, a, b, F3, K3, M(53) );
+ R( b, c, d, e, a, F3, K3, M(54) );
+ R( a, b, c, d, e, F3, K3, M(55) );
+ R( e, a, b, c, d, F3, K3, M(56) );
+ R( d, e, a, b, c, F3, K3, M(57) );
+ R( c, d, e, a, b, F3, K3, M(58) );
+ R( b, c, d, e, a, F3, K3, M(59) );
+ R( a, b, c, d, e, F4, K4, M(60) );
+ R( e, a, b, c, d, F4, K4, M(61) );
+ R( d, e, a, b, c, F4, K4, M(62) );
+ R( c, d, e, a, b, F4, K4, M(63) );
+ R( b, c, d, e, a, F4, K4, M(64) );
+ R( a, b, c, d, e, F4, K4, M(65) );
+ R( e, a, b, c, d, F4, K4, M(66) );
+ R( d, e, a, b, c, F4, K4, M(67) );
+ R( c, d, e, a, b, F4, K4, M(68) );
+ R( b, c, d, e, a, F4, K4, M(69) );
+ R( a, b, c, d, e, F4, K4, M(70) );
+ R( e, a, b, c, d, F4, K4, M(71) );
+ R( d, e, a, b, c, F4, K4, M(72) );
+ R( c, d, e, a, b, F4, K4, M(73) );
+ R( b, c, d, e, a, F4, K4, M(74) );
+ R( a, b, c, d, e, F4, K4, M(75) );
+ R( e, a, b, c, d, F4, K4, M(76) );
+ R( d, e, a, b, c, F4, K4, M(77) );
+ R( c, d, e, a, b, F4, K4, M(78) );
+ R( b, c, d, e, a, F4, K4, M(79) );
+
+ /* Update the chaining variables. */
+ hd->h0 += a;
+ hd->h1 += b;
+ hd->h2 += c;
+ hd->h3 += d;
+ hd->h4 += e;
+ }
+}
+
+
+/* Update the message digest with the contents
+ * of INBUF with length INLEN.
+ */
+static void
+sha1_write( void *context, const void *inbuf_arg, size_t inlen)
+{
+ const unsigned char *inbuf = inbuf_arg;
+ SHA1_CONTEXT *hd = context;
+ size_t nblocks;
+
+ if (hd->count == 64) /* Flush the buffer. */
+ {
+ TRANSFORM( hd, hd->buf, 1 );
+ _gcry_burn_stack (88+4*sizeof(void*));
+ hd->count = 0;
+ hd->nblocks++;
+ }
+ if (!inbuf)
+ return;
+
+ if (hd->count)
+ {
+ for (; inlen && hd->count < 64; inlen--)
+ hd->buf[hd->count++] = *inbuf++;
+ sha1_write (hd, NULL, 0);
+ if (!inlen)
+ return;
+ }
+
+ nblocks = inlen / 64;
+ if (nblocks)
+ {
+ TRANSFORM (hd, inbuf, nblocks);
+ hd->count = 0;
+ hd->nblocks += nblocks;
+ inlen -= nblocks * 64;
+ inbuf += nblocks * 64;
+ }
+ _gcry_burn_stack (88+4*sizeof(void*));
+
+ /* Save remaining bytes. */
+ for (; inlen && hd->count < 64; inlen--)
+ hd->buf[hd->count++] = *inbuf++;
+}
+
+
+/* The routine final terminates the computation and
+ * returns the digest.
+ * The handle is prepared for a new cycle, but adding bytes to the
+ * handle will the destroy the returned buffer.
+ * Returns: 20 bytes representing the digest.
+ */
+
+static void
+sha1_final(void *context)
+{
+ SHA1_CONTEXT *hd = context;
+
+ u32 t, msb, lsb;
+ unsigned char *p;
+
+ sha1_write(hd, NULL, 0); /* flush */;
+
+ t = hd->nblocks;
+ /* multiply by 64 to make a byte count */
+ lsb = t << 6;
+ msb = t >> 26;
+ /* add the count */
+ t = lsb;
+ if( (lsb += hd->count) < t )
+ msb++;
+ /* multiply by 8 to make a bit count */
+ t = lsb;
+ lsb <<= 3;
+ msb <<= 3;
+ msb |= t >> 29;
+
+ if( hd->count < 56 ) /* enough room */
+ {
+ hd->buf[hd->count++] = 0x80; /* pad */
+ while( hd->count < 56 )
+ hd->buf[hd->count++] = 0; /* pad */
+ }
+ else /* need one extra block */
+ {
+ hd->buf[hd->count++] = 0x80; /* pad character */
+ while( hd->count < 64 )
+ hd->buf[hd->count++] = 0;
+ sha1_write(hd, NULL, 0); /* flush */;
+ memset(hd->buf, 0, 56 ); /* fill next block with zeroes */
+ }
+ /* append the 64 bit count */
+ hd->buf[56] = msb >> 24;
+ hd->buf[57] = msb >> 16;
+ hd->buf[58] = msb >> 8;
+ hd->buf[59] = msb ;
+ hd->buf[60] = lsb >> 24;
+ hd->buf[61] = lsb >> 16;
+ hd->buf[62] = lsb >> 8;
+ hd->buf[63] = lsb ;
+ TRANSFORM( hd, hd->buf, 1 );
+ _gcry_burn_stack (88+4*sizeof(void*));
+
+ p = hd->buf;
+#ifdef WORDS_BIGENDIAN
+#define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0)
+#else /* little endian */
+#define X(a) do { *p++ = hd->h##a >> 24; *p++ = hd->h##a >> 16; \
+ *p++ = hd->h##a >> 8; *p++ = hd->h##a; } while(0)
+#endif
+ X(0);
+ X(1);
+ X(2);
+ X(3);
+ X(4);
+#undef X
+
+}
+
+static unsigned char *
+sha1_read( void *context )
+{
+ SHA1_CONTEXT *hd = context;
+
+ return hd->buf;
+}
+
+/****************
+ * Shortcut functions which puts the hash value of the supplied buffer
+ * into outbuf which must have a size of 20 bytes.
+ */
+void
+_gcry_sha1_hash_buffer (void *outbuf, const void *buffer, size_t length)
+{
+ SHA1_CONTEXT hd;
+
+ sha1_init (&hd);
+ sha1_write (&hd, buffer, length);
+ sha1_final (&hd);
+ memcpy (outbuf, hd.buf, 20);
+}
+
+
+
+/*
+ Self-test section.
+ */
+
+
+static gpg_err_code_t
+selftests_sha1 (int extended, selftest_report_func_t report)
+{
+ const char *what;
+ const char *errtxt;
+
+ what = "short string";
+ errtxt = _gcry_hash_selftest_check_one
+ (GCRY_MD_SHA1, 0,
+ "abc", 3,
+ "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E"
+ "\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D", 20);
+ if (errtxt)
+ goto failed;
+
+ if (extended)
+ {
+ what = "long string";
+ errtxt = _gcry_hash_selftest_check_one
+ (GCRY_MD_SHA1, 0,
+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56,
+ "\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE"
+ "\x4A\xA1\xF9\x51\x29\xE5\xE5\x46\x70\xF1", 20);
+ if (errtxt)
+ goto failed;
+
+ what = "one million \"a\"";
+ errtxt = _gcry_hash_selftest_check_one
+ (GCRY_MD_SHA1, 1,
+ NULL, 0,
+ "\x34\xAA\x97\x3C\xD4\xC4\xDA\xA4\xF6\x1E"
+ "\xEB\x2B\xDB\xAD\x27\x31\x65\x34\x01\x6F", 20);
+ if (errtxt)
+ goto failed;
+ }
+
+ return 0; /* Succeeded. */
+
+ failed:
+ if (report)
+ report ("digest", GCRY_MD_SHA1, what, errtxt);
+ return GPG_ERR_SELFTEST_FAILED;
+}
+
+
+/* Run a full self-test for ALGO and return 0 on success. */
+static gpg_err_code_t
+run_selftests (int algo, int extended, selftest_report_func_t report)
+{
+ gpg_err_code_t ec;
+
+ switch (algo)
+ {
+ case GCRY_MD_SHA1:
+ ec = selftests_sha1 (extended, report);
+ break;
+ default:
+ ec = GPG_ERR_DIGEST_ALGO;
+ break;
+
+ }
+ return ec;
+}
+
+
+
+
+static unsigned char asn[15] = /* Object ID is 1.3.14.3.2.26 */
+ { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03,
+ 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 };
+
+static gcry_md_oid_spec_t oid_spec_sha1[] =
+ {
+ /* iso.member-body.us.rsadsi.pkcs.pkcs-1.5 (sha1WithRSAEncryption) */
+ { "1.2.840.113549.1.1.5" },
+ /* iso.member-body.us.x9-57.x9cm.3 (dsaWithSha1)*/
+ { "1.2.840.10040.4.3" },
+ /* from NIST's OIW (sha1) */
+ { "1.3.14.3.2.26" },
+ /* from NIST OIW (sha-1WithRSAEncryption) */
+ { "1.3.14.3.2.29" },
+ /* iso.member-body.us.ansi-x9-62.signatures.ecdsa-with-sha1 */
+ { "1.2.840.10045.4.1" },
+ { NULL },
+ };
+
+gcry_md_spec_t _gcry_digest_spec_sha1 =
+ {
+ "SHA1", asn, DIM (asn), oid_spec_sha1, 20,
+ sha1_init, sha1_write, sha1_final, sha1_read,
+ sizeof (SHA1_CONTEXT)
+ };
+md_extra_spec_t _gcry_digest_extraspec_sha1 =
+ {
+ run_selftests
+ };
+
diff --git a/grub-core/lib/libgcrypt/cipher/sha256.c b/grub-core/lib/libgcrypt/cipher/sha256.c
new file mode 100644
index 0000000..5d61d2f
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/sha256.c
@@ -0,0 +1,487 @@
+/* sha256.c - SHA256 hash function
+ * Copyright (C) 2003, 2006, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+/* Test vectors:
+
+ "abc"
+ SHA224: 23097d22 3405d822 8642a477 bda255b3 2aadbce4 bda0b3f7 e36c9da7
+ SHA256: ba7816bf 8f01cfea 414140de 5dae2223 b00361a3 96177a9c b410ff61 f20015ad
+
+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+ SHA224: 75388b16 512776cc 5dba5da1 fd890150 b0c6455c b4f58b19 52522525
+ SHA256: 248d6a61 d20638b8 e5c02693 0c3e6039 a33ce459 64ff2167 f6ecedd4 19db06c1
+
+ "a" one million times
+ SHA224: 20794655 980c91d8 bbb4c1ea 97618a4b f03f4258 1948b2ee 4ee7ad67
+ SHA256: cdc76e5c 9914fb92 81a1c7e2 84d73e67 f1809a48 a497200e 046d39cc c7112cd0
+
+ */
+
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "g10lib.h"
+#include "memory.h"
+#include "bithelp.h"
+#include "cipher.h"
+#include "hash-common.h"
+
+typedef struct {
+ u32 h0,h1,h2,h3,h4,h5,h6,h7;
+ u32 nblocks;
+ byte buf[64];
+ int count;
+} SHA256_CONTEXT;
+
+
+static void
+sha256_init (void *context)
+{
+ SHA256_CONTEXT *hd = context;
+
+ hd->h0 = 0x6a09e667;
+ hd->h1 = 0xbb67ae85;
+ hd->h2 = 0x3c6ef372;
+ hd->h3 = 0xa54ff53a;
+ hd->h4 = 0x510e527f;
+ hd->h5 = 0x9b05688c;
+ hd->h6 = 0x1f83d9ab;
+ hd->h7 = 0x5be0cd19;
+
+ hd->nblocks = 0;
+ hd->count = 0;
+}
+
+
+static void
+sha224_init (void *context)
+{
+ SHA256_CONTEXT *hd = context;
+
+ hd->h0 = 0xc1059ed8;
+ hd->h1 = 0x367cd507;
+ hd->h2 = 0x3070dd17;
+ hd->h3 = 0xf70e5939;
+ hd->h4 = 0xffc00b31;
+ hd->h5 = 0x68581511;
+ hd->h6 = 0x64f98fa7;
+ hd->h7 = 0xbefa4fa4;
+
+ hd->nblocks = 0;
+ hd->count = 0;
+}
+
+
+/*
+ Transform the message X which consists of 16 32-bit-words. See FIPS
+ 180-2 for details. */
+#define Cho(x,y,z) (z ^ (x & (y ^ z))) /* (4.2) same as SHA-1's F1 */
+#define Maj(x,y,z) ((x & y) | (z & (x|y))) /* (4.3) same as SHA-1's F3 */
+#define Sum0(x) (ror ((x), 2) ^ ror ((x), 13) ^ ror ((x), 22)) /* (4.4) */
+#define Sum1(x) (ror ((x), 6) ^ ror ((x), 11) ^ ror ((x), 25)) /* (4.5) */
+#define S0(x) (ror ((x), 7) ^ ror ((x), 18) ^ ((x) >> 3)) /* (4.6) */
+#define S1(x) (ror ((x), 17) ^ ror ((x), 19) ^ ((x) >> 10)) /* (4.7) */
+#define R(a,b,c,d,e,f,g,h,k,w) do \
+ { \
+ t1 = (h) + Sum1((e)) + Cho((e),(f),(g)) + (k) + (w); \
+ t2 = Sum0((a)) + Maj((a),(b),(c)); \
+ h = g; \
+ g = f; \
+ f = e; \
+ e = d + t1; \
+ d = c; \
+ c = b; \
+ b = a; \
+ a = t1 + t2; \
+ } while (0)
+
+static void
+transform (SHA256_CONTEXT *hd, const unsigned char *data)
+{
+ static const u32 K[64] = {
+ 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
+ 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
+ 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
+ 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
+ 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
+ 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
+ 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
+ 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
+ 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
+ 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
+ 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
+ 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
+ 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
+ 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
+ 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
+ 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
+ };
+
+ u32 a,b,c,d,e,f,g,h,t1,t2;
+ u32 x[16];
+ u32 w[64];
+ int i;
+
+ a = hd->h0;
+ b = hd->h1;
+ c = hd->h2;
+ d = hd->h3;
+ e = hd->h4;
+ f = hd->h5;
+ g = hd->h6;
+ h = hd->h7;
+
+#ifdef WORDS_BIGENDIAN
+ memcpy (x, data, 64);
+#else
+ {
+ byte *p2;
+
+ for (i=0, p2=(byte*)x; i < 16; i++, p2 += 4 )
+ {
+ p2[3] = *data++;
+ p2[2] = *data++;
+ p2[1] = *data++;
+ p2[0] = *data++;
+ }
+ }
+#endif
+
+ for (i=0; i < 16; i++)
+ w[i] = x[i];
+ for (; i < 64; i++)
+ w[i] = S1(w[i-2]) + w[i-7] + S0(w[i-15]) + w[i-16];
+
+ for (i=0; i < 64; i++)
+ R(a,b,c,d,e,f,g,h,K[i],w[i]);
+
+ hd->h0 += a;
+ hd->h1 += b;
+ hd->h2 += c;
+ hd->h3 += d;
+ hd->h4 += e;
+ hd->h5 += f;
+ hd->h6 += g;
+ hd->h7 += h;
+}
+#undef Cho
+#undef Maj
+#undef Sum0
+#undef Sum1
+#undef S0
+#undef S1
+#undef R
+
+
+/* Update the message digest with the contents of INBUF with length
+ INLEN. */
+static void
+sha256_write (void *context, const void *inbuf_arg, size_t inlen)
+{
+ const unsigned char *inbuf = inbuf_arg;
+ SHA256_CONTEXT *hd = context;
+
+ if (hd->count == 64)
+ { /* flush the buffer */
+ transform (hd, hd->buf);
+ _gcry_burn_stack (74*4+32);
+ hd->count = 0;
+ hd->nblocks++;
+ }
+ if (!inbuf)
+ return;
+ if (hd->count)
+ {
+ for (; inlen && hd->count < 64; inlen--)
+ hd->buf[hd->count++] = *inbuf++;
+ sha256_write (hd, NULL, 0);
+ if (!inlen)
+ return;
+ }
+
+ while (inlen >= 64)
+ {
+ transform (hd, inbuf);
+ hd->count = 0;
+ hd->nblocks++;
+ inlen -= 64;
+ inbuf += 64;
+ }
+ _gcry_burn_stack (74*4+32);
+ for (; inlen && hd->count < 64; inlen--)
+ hd->buf[hd->count++] = *inbuf++;
+}
+
+
+/*
+ The routine finally terminates the computation and returns the
+ digest. The handle is prepared for a new cycle, but adding bytes
+ to the handle will the destroy the returned buffer. Returns: 32
+ bytes with the message the digest. */
+static void
+sha256_final(void *context)
+{
+ SHA256_CONTEXT *hd = context;
+ u32 t, msb, lsb;
+ byte *p;
+
+ sha256_write (hd, NULL, 0); /* flush */;
+
+ t = hd->nblocks;
+ /* multiply by 64 to make a byte count */
+ lsb = t << 6;
+ msb = t >> 26;
+ /* add the count */
+ t = lsb;
+ if ((lsb += hd->count) < t)
+ msb++;
+ /* multiply by 8 to make a bit count */
+ t = lsb;
+ lsb <<= 3;
+ msb <<= 3;
+ msb |= t >> 29;
+
+ if (hd->count < 56)
+ { /* enough room */
+ hd->buf[hd->count++] = 0x80; /* pad */
+ while (hd->count < 56)
+ hd->buf[hd->count++] = 0; /* pad */
+ }
+ else
+ { /* need one extra block */
+ hd->buf[hd->count++] = 0x80; /* pad character */
+ while (hd->count < 64)
+ hd->buf[hd->count++] = 0;
+ sha256_write (hd, NULL, 0); /* flush */;
+ memset (hd->buf, 0, 56 ); /* fill next block with zeroes */
+ }
+ /* append the 64 bit count */
+ hd->buf[56] = msb >> 24;
+ hd->buf[57] = msb >> 16;
+ hd->buf[58] = msb >> 8;
+ hd->buf[59] = msb;
+ hd->buf[60] = lsb >> 24;
+ hd->buf[61] = lsb >> 16;
+ hd->buf[62] = lsb >> 8;
+ hd->buf[63] = lsb;
+ transform (hd, hd->buf);
+ _gcry_burn_stack (74*4+32);
+
+ p = hd->buf;
+#ifdef WORDS_BIGENDIAN
+#define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0)
+#else /* little endian */
+#define X(a) do { *p++ = hd->h##a >> 24; *p++ = hd->h##a >> 16; \
+ *p++ = hd->h##a >> 8; *p++ = hd->h##a; } while(0)
+#endif
+ X(0);
+ X(1);
+ X(2);
+ X(3);
+ X(4);
+ X(5);
+ X(6);
+ X(7);
+#undef X
+}
+
+static byte *
+sha256_read (void *context)
+{
+ SHA256_CONTEXT *hd = context;
+
+ return hd->buf;
+}
+
+
+
+/*
+ Self-test section.
+ */
+
+
+static gpg_err_code_t
+selftests_sha224 (int extended, selftest_report_func_t report)
+{
+ const char *what;
+ const char *errtxt;
+
+ what = "short string";
+ errtxt = _gcry_hash_selftest_check_one
+ (GCRY_MD_SHA224, 0,
+ "abc", 3,
+ "\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2\x55\xb3"
+ "\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7", 28);
+ if (errtxt)
+ goto failed;
+
+ if (extended)
+ {
+ what = "long string";
+ errtxt = _gcry_hash_selftest_check_one
+ (GCRY_MD_SHA224, 0,
+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56,
+ "\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01\x50"
+ "\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25", 28);
+ if (errtxt)
+ goto failed;
+
+ what = "one million \"a\"";
+ errtxt = _gcry_hash_selftest_check_one
+ (GCRY_MD_SHA224, 1,
+ NULL, 0,
+ "\x20\x79\x46\x55\x98\x0c\x91\xd8\xbb\xb4\xc1\xea\x97\x61\x8a\x4b"
+ "\xf0\x3f\x42\x58\x19\x48\xb2\xee\x4e\xe7\xad\x67", 28);
+ if (errtxt)
+ goto failed;
+ }
+
+ return 0; /* Succeeded. */
+
+ failed:
+ if (report)
+ report ("digest", GCRY_MD_SHA224, what, errtxt);
+ return GPG_ERR_SELFTEST_FAILED;
+}
+
+static gpg_err_code_t
+selftests_sha256 (int extended, selftest_report_func_t report)
+{
+ const char *what;
+ const char *errtxt;
+
+ what = "short string";
+ errtxt = _gcry_hash_selftest_check_one
+ (GCRY_MD_SHA256, 0,
+ "abc", 3,
+ "\xba\x78\x16\xbf\x8f\x01\xcf\xea\x41\x41\x40\xde\x5d\xae\x22\x23"
+ "\xb0\x03\x61\xa3\x96\x17\x7a\x9c\xb4\x10\xff\x61\xf2\x00\x15\xad", 32);
+ if (errtxt)
+ goto failed;
+
+ if (extended)
+ {
+ what = "long string";
+ errtxt = _gcry_hash_selftest_check_one
+ (GCRY_MD_SHA256, 0,
+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56,
+ "\x24\x8d\x6a\x61\xd2\x06\x38\xb8\xe5\xc0\x26\x93\x0c\x3e\x60\x39"
+ "\xa3\x3c\xe4\x59\x64\xff\x21\x67\xf6\xec\xed\xd4\x19\xdb\x06\xc1",
+ 32);
+ if (errtxt)
+ goto failed;
+
+ what = "one million \"a\"";
+ errtxt = _gcry_hash_selftest_check_one
+ (GCRY_MD_SHA256, 1,
+ NULL, 0,
+ "\xcd\xc7\x6e\x5c\x99\x14\xfb\x92\x81\xa1\xc7\xe2\x84\xd7\x3e\x67"
+ "\xf1\x80\x9a\x48\xa4\x97\x20\x0e\x04\x6d\x39\xcc\xc7\x11\x2c\xd0",
+ 32);
+ if (errtxt)
+ goto failed;
+ }
+
+ return 0; /* Succeeded. */
+
+ failed:
+ if (report)
+ report ("digest", GCRY_MD_SHA256, what, errtxt);
+ return GPG_ERR_SELFTEST_FAILED;
+}
+
+
+/* Run a full self-test for ALGO and return 0 on success. */
+static gpg_err_code_t
+run_selftests (int algo, int extended, selftest_report_func_t report)
+{
+ gpg_err_code_t ec;
+
+ switch (algo)
+ {
+ case GCRY_MD_SHA224:
+ ec = selftests_sha224 (extended, report);
+ break;
+ case GCRY_MD_SHA256:
+ ec = selftests_sha256 (extended, report);
+ break;
+ default:
+ ec = GPG_ERR_DIGEST_ALGO;
+ break;
+
+ }
+ return ec;
+}
+
+
+
+
+static byte asn224[19] = /* Object ID is 2.16.840.1.101.3.4.2.4 */
+ { 0x30, 0x2D, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48,
+ 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, 0x00, 0x04,
+ 0x1C
+ };
+
+static gcry_md_oid_spec_t oid_spec_sha224[] =
+ {
+ /* From RFC3874, Section 4 */
+ { "2.16.840.1.101.3.4.2.4" },
+ { NULL },
+ };
+
+static byte asn256[19] = /* Object ID is 2.16.840.1.101.3.4.2.1 */
+ { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
+ 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
+ 0x00, 0x04, 0x20 };
+
+static gcry_md_oid_spec_t oid_spec_sha256[] =
+ {
+ /* According to the OpenPGP draft rfc2440-bis06 */
+ { "2.16.840.1.101.3.4.2.1" },
+ /* PKCS#1 sha256WithRSAEncryption */
+ { "1.2.840.113549.1.1.11" },
+
+ { NULL },
+ };
+
+gcry_md_spec_t _gcry_digest_spec_sha224 =
+ {
+ "SHA224", asn224, DIM (asn224), oid_spec_sha224, 28,
+ sha224_init, sha256_write, sha256_final, sha256_read,
+ sizeof (SHA256_CONTEXT)
+ };
+md_extra_spec_t _gcry_digest_extraspec_sha224 =
+ {
+ run_selftests
+ };
+
+gcry_md_spec_t _gcry_digest_spec_sha256 =
+ {
+ "SHA256", asn256, DIM (asn256), oid_spec_sha256, 32,
+ sha256_init, sha256_write, sha256_final, sha256_read,
+ sizeof (SHA256_CONTEXT)
+ };
+md_extra_spec_t _gcry_digest_extraspec_sha256 =
+ {
+ run_selftests
+ };
diff --git a/grub-core/lib/libgcrypt/cipher/sha512.c b/grub-core/lib/libgcrypt/cipher/sha512.c
new file mode 100644
index 0000000..bbbd4c5
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/sha512.c
@@ -0,0 +1,553 @@
+/* sha512.c - SHA384 and SHA512 hash functions
+ * Copyright (C) 2003, 2008 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+/* Test vectors from FIPS-180-2:
+ *
+ * "abc"
+ * 384:
+ * CB00753F 45A35E8B B5A03D69 9AC65007 272C32AB 0EDED163
+ * 1A8B605A 43FF5BED 8086072B A1E7CC23 58BAECA1 34C825A7
+ * 512:
+ * DDAF35A1 93617ABA CC417349 AE204131 12E6FA4E 89A97EA2 0A9EEEE6 4B55D39A
+ * 2192992A 274FC1A8 36BA3C23 A3FEEBBD 454D4423 643CE80E 2A9AC94F A54CA49F
+ *
+ * "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
+ * 384:
+ * 09330C33 F71147E8 3D192FC7 82CD1B47 53111B17 3B3B05D2
+ * 2FA08086 E3B0F712 FCC7C71A 557E2DB9 66C3E9FA 91746039
+ * 512:
+ * 8E959B75 DAE313DA 8CF4F728 14FC143F 8F7779C6 EB9F7FA1 7299AEAD B6889018
+ * 501D289E 4900F7E4 331B99DE C4B5433A C7D329EE B6DD2654 5E96E55B 874BE909
+ *
+ * "a" x 1000000
+ * 384:
+ * 9D0E1809 716474CB 086E834E 310A4A1C ED149E9C 00F24852
+ * 7972CEC5 704C2A5B 07B8B3DC 38ECC4EB AE97DDD8 7F3D8985
+ * 512:
+ * E718483D 0CE76964 4E2E42C7 BC15B463 8E1F98B1 3B204428 5632A803 AFA973EB
+ * DE0FF244 877EA60A 4CB0432C E577C31B EB009C5C 2C49AA2E 4EADB217 AD8CC09B
+ */
+
+
+#include <config.h>
+#include <string.h>
+#include "g10lib.h"
+#include "bithelp.h"
+#include "cipher.h"
+#include "hash-common.h"
+
+typedef struct
+{
+ u64 h0, h1, h2, h3, h4, h5, h6, h7;
+ u64 nblocks;
+ byte buf[128];
+ int count;
+} SHA512_CONTEXT;
+
+static void
+sha512_init (void *context)
+{
+ SHA512_CONTEXT *hd = context;
+
+ hd->h0 = U64_C(0x6a09e667f3bcc908);
+ hd->h1 = U64_C(0xbb67ae8584caa73b);
+ hd->h2 = U64_C(0x3c6ef372fe94f82b);
+ hd->h3 = U64_C(0xa54ff53a5f1d36f1);
+ hd->h4 = U64_C(0x510e527fade682d1);
+ hd->h5 = U64_C(0x9b05688c2b3e6c1f);
+ hd->h6 = U64_C(0x1f83d9abfb41bd6b);
+ hd->h7 = U64_C(0x5be0cd19137e2179);
+
+ hd->nblocks = 0;
+ hd->count = 0;
+}
+
+static void
+sha384_init (void *context)
+{
+ SHA512_CONTEXT *hd = context;
+
+ hd->h0 = U64_C(0xcbbb9d5dc1059ed8);
+ hd->h1 = U64_C(0x629a292a367cd507);
+ hd->h2 = U64_C(0x9159015a3070dd17);
+ hd->h3 = U64_C(0x152fecd8f70e5939);
+ hd->h4 = U64_C(0x67332667ffc00b31);
+ hd->h5 = U64_C(0x8eb44a8768581511);
+ hd->h6 = U64_C(0xdb0c2e0d64f98fa7);
+ hd->h7 = U64_C(0x47b5481dbefa4fa4);
+
+ hd->nblocks = 0;
+ hd->count = 0;
+}
+
+
+/****************
+ * Transform the message W which consists of 16 64-bit-words
+ */
+static void
+transform (SHA512_CONTEXT *hd, const unsigned char *data)
+{
+ u64 a, b, c, d, e, f, g, h;
+ u64 w[80];
+ int t;
+ static const u64 k[] =
+ {
+ U64_C(0x428a2f98d728ae22), U64_C(0x7137449123ef65cd),
+ U64_C(0xb5c0fbcfec4d3b2f), U64_C(0xe9b5dba58189dbbc),
+ U64_C(0x3956c25bf348b538), U64_C(0x59f111f1b605d019),
+ U64_C(0x923f82a4af194f9b), U64_C(0xab1c5ed5da6d8118),
+ U64_C(0xd807aa98a3030242), U64_C(0x12835b0145706fbe),
+ U64_C(0x243185be4ee4b28c), U64_C(0x550c7dc3d5ffb4e2),
+ U64_C(0x72be5d74f27b896f), U64_C(0x80deb1fe3b1696b1),
+ U64_C(0x9bdc06a725c71235), U64_C(0xc19bf174cf692694),
+ U64_C(0xe49b69c19ef14ad2), U64_C(0xefbe4786384f25e3),
+ U64_C(0x0fc19dc68b8cd5b5), U64_C(0x240ca1cc77ac9c65),
+ U64_C(0x2de92c6f592b0275), U64_C(0x4a7484aa6ea6e483),
+ U64_C(0x5cb0a9dcbd41fbd4), U64_C(0x76f988da831153b5),
+ U64_C(0x983e5152ee66dfab), U64_C(0xa831c66d2db43210),
+ U64_C(0xb00327c898fb213f), U64_C(0xbf597fc7beef0ee4),
+ U64_C(0xc6e00bf33da88fc2), U64_C(0xd5a79147930aa725),
+ U64_C(0x06ca6351e003826f), U64_C(0x142929670a0e6e70),
+ U64_C(0x27b70a8546d22ffc), U64_C(0x2e1b21385c26c926),
+ U64_C(0x4d2c6dfc5ac42aed), U64_C(0x53380d139d95b3df),
+ U64_C(0x650a73548baf63de), U64_C(0x766a0abb3c77b2a8),
+ U64_C(0x81c2c92e47edaee6), U64_C(0x92722c851482353b),
+ U64_C(0xa2bfe8a14cf10364), U64_C(0xa81a664bbc423001),
+ U64_C(0xc24b8b70d0f89791), U64_C(0xc76c51a30654be30),
+ U64_C(0xd192e819d6ef5218), U64_C(0xd69906245565a910),
+ U64_C(0xf40e35855771202a), U64_C(0x106aa07032bbd1b8),
+ U64_C(0x19a4c116b8d2d0c8), U64_C(0x1e376c085141ab53),
+ U64_C(0x2748774cdf8eeb99), U64_C(0x34b0bcb5e19b48a8),
+ U64_C(0x391c0cb3c5c95a63), U64_C(0x4ed8aa4ae3418acb),
+ U64_C(0x5b9cca4f7763e373), U64_C(0x682e6ff3d6b2b8a3),
+ U64_C(0x748f82ee5defb2fc), U64_C(0x78a5636f43172f60),
+ U64_C(0x84c87814a1f0ab72), U64_C(0x8cc702081a6439ec),
+ U64_C(0x90befffa23631e28), U64_C(0xa4506cebde82bde9),
+ U64_C(0xbef9a3f7b2c67915), U64_C(0xc67178f2e372532b),
+ U64_C(0xca273eceea26619c), U64_C(0xd186b8c721c0c207),
+ U64_C(0xeada7dd6cde0eb1e), U64_C(0xf57d4f7fee6ed178),
+ U64_C(0x06f067aa72176fba), U64_C(0x0a637dc5a2c898a6),
+ U64_C(0x113f9804bef90dae), U64_C(0x1b710b35131c471b),
+ U64_C(0x28db77f523047d84), U64_C(0x32caab7b40c72493),
+ U64_C(0x3c9ebe0a15c9bebc), U64_C(0x431d67c49c100d4c),
+ U64_C(0x4cc5d4becb3e42b6), U64_C(0x597f299cfc657e2a),
+ U64_C(0x5fcb6fab3ad6faec), U64_C(0x6c44198c4a475817)
+ };
+
+ /* get values from the chaining vars */
+ a = hd->h0;
+ b = hd->h1;
+ c = hd->h2;
+ d = hd->h3;
+ e = hd->h4;
+ f = hd->h5;
+ g = hd->h6;
+ h = hd->h7;
+
+#ifdef WORDS_BIGENDIAN
+ memcpy (w, data, 128);
+#else
+ {
+ int i;
+ byte *p2;
+
+ for (i = 0, p2 = (byte *) w; i < 16; i++, p2 += 8)
+ {
+ p2[7] = *data++;
+ p2[6] = *data++;
+ p2[5] = *data++;
+ p2[4] = *data++;
+ p2[3] = *data++;
+ p2[2] = *data++;
+ p2[1] = *data++;
+ p2[0] = *data++;
+ }
+ }
+#endif
+
+#define ROTR(x,n) (((x)>>(n)) | ((x)<<(64-(n))))
+#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
+#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+#define Sum0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
+#define Sum1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41))
+#define S0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7))
+#define S1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
+
+ for (t = 16; t < 80; t++)
+ w[t] = S1 (w[t - 2]) + w[t - 7] + S0 (w[t - 15]) + w[t - 16];
+
+ for (t = 0; t < 80; t++)
+ {
+ u64 t1, t2;
+
+ t1 = h + Sum1 (e) + Ch (e, f, g) + k[t] + w[t];
+ t2 = Sum0 (a) + Maj (a, b, c);
+ h = g;
+ g = f;
+ f = e;
+ e = d + t1;
+ d = c;
+ c = b;
+ b = a;
+ a = t1 + t2;
+
+ /* printf("t=%d a=%016llX b=%016llX c=%016llX d=%016llX "
+ "e=%016llX f=%016llX g=%016llX h=%016llX\n",t,a,b,c,d,e,f,g,h); */
+ }
+
+ /* update chaining vars */
+ hd->h0 += a;
+ hd->h1 += b;
+ hd->h2 += c;
+ hd->h3 += d;
+ hd->h4 += e;
+ hd->h5 += f;
+ hd->h6 += g;
+ hd->h7 += h;
+}
+
+
+/* Update the message digest with the contents
+ * of INBUF with length INLEN.
+ */
+static void
+sha512_write (void *context, const void *inbuf_arg, size_t inlen)
+{
+ const unsigned char *inbuf = inbuf_arg;
+ SHA512_CONTEXT *hd = context;
+
+ if (hd->count == 128)
+ { /* flush the buffer */
+ transform (hd, hd->buf);
+ _gcry_burn_stack (768);
+ hd->count = 0;
+ hd->nblocks++;
+ }
+ if (!inbuf)
+ return;
+ if (hd->count)
+ {
+ for (; inlen && hd->count < 128; inlen--)
+ hd->buf[hd->count++] = *inbuf++;
+ sha512_write (context, NULL, 0);
+ if (!inlen)
+ return;
+ }
+
+ while (inlen >= 128)
+ {
+ transform (hd, inbuf);
+ hd->count = 0;
+ hd->nblocks++;
+ inlen -= 128;
+ inbuf += 128;
+ }
+ _gcry_burn_stack (768);
+ for (; inlen && hd->count < 128; inlen--)
+ hd->buf[hd->count++] = *inbuf++;
+}
+
+
+/* The routine final terminates the computation and
+ * returns the digest.
+ * The handle is prepared for a new cycle, but adding bytes to the
+ * handle will the destroy the returned buffer.
+ * Returns: 64 bytes representing the digest. When used for sha384,
+ * we take the leftmost 48 of those bytes.
+ */
+
+static void
+sha512_final (void *context)
+{
+ SHA512_CONTEXT *hd = context;
+ u64 t, msb, lsb;
+ byte *p;
+
+ sha512_write (context, NULL, 0); /* flush */ ;
+
+ t = hd->nblocks;
+ /* multiply by 128 to make a byte count */
+ lsb = t << 7;
+ msb = t >> 57;
+ /* add the count */
+ t = lsb;
+ if ((lsb += hd->count) < t)
+ msb++;
+ /* multiply by 8 to make a bit count */
+ t = lsb;
+ lsb <<= 3;
+ msb <<= 3;
+ msb |= t >> 61;
+
+ if (hd->count < 112)
+ { /* enough room */
+ hd->buf[hd->count++] = 0x80; /* pad */
+ while (hd->count < 112)
+ hd->buf[hd->count++] = 0; /* pad */
+ }
+ else
+ { /* need one extra block */
+ hd->buf[hd->count++] = 0x80; /* pad character */
+ while (hd->count < 128)
+ hd->buf[hd->count++] = 0;
+ sha512_write (context, NULL, 0); /* flush */ ;
+ memset (hd->buf, 0, 112); /* fill next block with zeroes */
+ }
+ /* append the 128 bit count */
+ hd->buf[112] = msb >> 56;
+ hd->buf[113] = msb >> 48;
+ hd->buf[114] = msb >> 40;
+ hd->buf[115] = msb >> 32;
+ hd->buf[116] = msb >> 24;
+ hd->buf[117] = msb >> 16;
+ hd->buf[118] = msb >> 8;
+ hd->buf[119] = msb;
+
+ hd->buf[120] = lsb >> 56;
+ hd->buf[121] = lsb >> 48;
+ hd->buf[122] = lsb >> 40;
+ hd->buf[123] = lsb >> 32;
+ hd->buf[124] = lsb >> 24;
+ hd->buf[125] = lsb >> 16;
+ hd->buf[126] = lsb >> 8;
+ hd->buf[127] = lsb;
+ transform (hd, hd->buf);
+ _gcry_burn_stack (768);
+
+ p = hd->buf;
+#ifdef WORDS_BIGENDIAN
+#define X(a) do { *(u64*)p = hd->h##a ; p += 8; } while (0)
+#else /* little endian */
+#define X(a) do { *p++ = hd->h##a >> 56; *p++ = hd->h##a >> 48; \
+ *p++ = hd->h##a >> 40; *p++ = hd->h##a >> 32; \
+ *p++ = hd->h##a >> 24; *p++ = hd->h##a >> 16; \
+ *p++ = hd->h##a >> 8; *p++ = hd->h##a; } while (0)
+#endif
+ X (0);
+ X (1);
+ X (2);
+ X (3);
+ X (4);
+ X (5);
+ /* Note that these last two chunks are included even for SHA384.
+ We just ignore them. */
+ X (6);
+ X (7);
+#undef X
+}
+
+static byte *
+sha512_read (void *context)
+{
+ SHA512_CONTEXT *hd = (SHA512_CONTEXT *) context;
+ return hd->buf;
+}
+
+
+
+/*
+ Self-test section.
+ */
+
+
+static gpg_err_code_t
+selftests_sha384 (int extended, selftest_report_func_t report)
+{
+ const char *what;
+ const char *errtxt;
+
+ what = "short string";
+ errtxt = _gcry_hash_selftest_check_one
+ (GCRY_MD_SHA384, 0,
+ "abc", 3,
+ "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50\x07"
+ "\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff\x5b\xed"
+ "\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34\xc8\x25\xa7", 48);
+ if (errtxt)
+ goto failed;
+
+ if (extended)
+ {
+ what = "long string";
+ errtxt = _gcry_hash_selftest_check_one
+ (GCRY_MD_SHA384, 0,
+ "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
+ "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", 112,
+ "\x09\x33\x0C\x33\xF7\x11\x47\xE8\x3D\x19\x2F\xC7\x82\xCD\x1B\x47"
+ "\x53\x11\x1B\x17\x3B\x3B\x05\xD2\x2F\xA0\x80\x86\xE3\xB0\xF7\x12"
+ "\xFC\xC7\xC7\x1A\x55\x7E\x2D\xB9\x66\xC3\xE9\xFA\x91\x74\x60\x39",
+ 48);
+ if (errtxt)
+ goto failed;
+
+ what = "one million \"a\"";
+ errtxt = _gcry_hash_selftest_check_one
+ (GCRY_MD_SHA384, 1,
+ NULL, 0,
+ "\x9D\x0E\x18\x09\x71\x64\x74\xCB\x08\x6E\x83\x4E\x31\x0A\x4A\x1C"
+ "\xED\x14\x9E\x9C\x00\xF2\x48\x52\x79\x72\xCE\xC5\x70\x4C\x2A\x5B"
+ "\x07\xB8\xB3\xDC\x38\xEC\xC4\xEB\xAE\x97\xDD\xD8\x7F\x3D\x89\x85",
+ 48);
+ if (errtxt)
+ goto failed;
+ }
+
+ return 0; /* Succeeded. */
+
+ failed:
+ if (report)
+ report ("digest", GCRY_MD_SHA384, what, errtxt);
+ return GPG_ERR_SELFTEST_FAILED;
+}
+
+static gpg_err_code_t
+selftests_sha512 (int extended, selftest_report_func_t report)
+{
+ const char *what;
+ const char *errtxt;
+
+ what = "short string";
+ errtxt = _gcry_hash_selftest_check_one
+ (GCRY_MD_SHA512, 0,
+ "abc", 3,
+ "\xDD\xAF\x35\xA1\x93\x61\x7A\xBA\xCC\x41\x73\x49\xAE\x20\x41\x31"
+ "\x12\xE6\xFA\x4E\x89\xA9\x7E\xA2\x0A\x9E\xEE\xE6\x4B\x55\xD3\x9A"
+ "\x21\x92\x99\x2A\x27\x4F\xC1\xA8\x36\xBA\x3C\x23\xA3\xFE\xEB\xBD"
+ "\x45\x4D\x44\x23\x64\x3C\xE8\x0E\x2A\x9A\xC9\x4F\xA5\x4C\xA4\x9F", 64);
+ if (errtxt)
+ goto failed;
+
+ if (extended)
+ {
+ what = "long string";
+ errtxt = _gcry_hash_selftest_check_one
+ (GCRY_MD_SHA512, 0,
+ "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
+ "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", 112,
+ "\x8E\x95\x9B\x75\xDA\xE3\x13\xDA\x8C\xF4\xF7\x28\x14\xFC\x14\x3F"
+ "\x8F\x77\x79\xC6\xEB\x9F\x7F\xA1\x72\x99\xAE\xAD\xB6\x88\x90\x18"
+ "\x50\x1D\x28\x9E\x49\x00\xF7\xE4\x33\x1B\x99\xDE\xC4\xB5\x43\x3A"
+ "\xC7\xD3\x29\xEE\xB6\xDD\x26\x54\x5E\x96\xE5\x5B\x87\x4B\xE9\x09",
+ 64);
+ if (errtxt)
+ goto failed;
+
+ what = "one million \"a\"";
+ errtxt = _gcry_hash_selftest_check_one
+ (GCRY_MD_SHA512, 1,
+ NULL, 0,
+ "\xE7\x18\x48\x3D\x0C\xE7\x69\x64\x4E\x2E\x42\xC7\xBC\x15\xB4\x63"
+ "\x8E\x1F\x98\xB1\x3B\x20\x44\x28\x56\x32\xA8\x03\xAF\xA9\x73\xEB"
+ "\xDE\x0F\xF2\x44\x87\x7E\xA6\x0A\x4C\xB0\x43\x2C\xE5\x77\xC3\x1B"
+ "\xEB\x00\x9C\x5C\x2C\x49\xAA\x2E\x4E\xAD\xB2\x17\xAD\x8C\xC0\x9B",
+ 64);
+ if (errtxt)
+ goto failed;
+ }
+
+ return 0; /* Succeeded. */
+
+ failed:
+ if (report)
+ report ("digest", GCRY_MD_SHA512, what, errtxt);
+ return GPG_ERR_SELFTEST_FAILED;
+}
+
+
+/* Run a full self-test for ALGO and return 0 on success. */
+static gpg_err_code_t
+run_selftests (int algo, int extended, selftest_report_func_t report)
+{
+ gpg_err_code_t ec;
+
+ switch (algo)
+ {
+ case GCRY_MD_SHA384:
+ ec = selftests_sha384 (extended, report);
+ break;
+ case GCRY_MD_SHA512:
+ ec = selftests_sha512 (extended, report);
+ break;
+ default:
+ ec = GPG_ERR_DIGEST_ALGO;
+ break;
+
+ }
+ return ec;
+}
+
+
+
+
+static byte sha512_asn[] = /* Object ID is 2.16.840.1.101.3.4.2.3 */
+ {
+ 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
+ 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05,
+ 0x00, 0x04, 0x40
+ };
+
+static gcry_md_oid_spec_t oid_spec_sha512[] =
+ {
+ { "2.16.840.1.101.3.4.2.3" },
+
+ /* PKCS#1 sha512WithRSAEncryption */
+ { "1.2.840.113549.1.1.13" },
+
+ { NULL }
+ };
+
+gcry_md_spec_t _gcry_digest_spec_sha512 =
+ {
+ "SHA512", sha512_asn, DIM (sha512_asn), oid_spec_sha512, 64,
+ sha512_init, sha512_write, sha512_final, sha512_read,
+ sizeof (SHA512_CONTEXT),
+ };
+md_extra_spec_t _gcry_digest_extraspec_sha512 =
+ {
+ run_selftests
+ };
+
+static byte sha384_asn[] = /* Object ID is 2.16.840.1.101.3.4.2.2 */
+ {
+ 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
+ 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05,
+ 0x00, 0x04, 0x30
+ };
+
+static gcry_md_oid_spec_t oid_spec_sha384[] =
+ {
+ { "2.16.840.1.101.3.4.2.2" },
+
+ /* PKCS#1 sha384WithRSAEncryption */
+ { "1.2.840.113549.1.1.12" },
+
+ { NULL },
+ };
+
+gcry_md_spec_t _gcry_digest_spec_sha384 =
+ {
+ "SHA384", sha384_asn, DIM (sha384_asn), oid_spec_sha384, 48,
+ sha384_init, sha512_write, sha512_final, sha512_read,
+ sizeof (SHA512_CONTEXT),
+ };
+md_extra_spec_t _gcry_digest_extraspec_sha384 =
+ {
+ run_selftests
+ };
diff --git a/grub-core/lib/libgcrypt/cipher/tiger.c b/grub-core/lib/libgcrypt/cipher/tiger.c
new file mode 100644
index 0000000..a620045
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/tiger.c
@@ -0,0 +1,851 @@
+/* tiger.c - The TIGER hash function
+ * Copyright (C) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "g10lib.h"
+#include "memory.h"
+#include "cipher.h"
+
+#ifdef HAVE_U64_TYPEDEF
+
+/* we really need it here, but as this is only experiment we
+ * can live without Tiger */
+
+typedef struct {
+ u64 a, b, c;
+ byte buf[64];
+ int count;
+ u32 nblocks;
+} TIGER_CONTEXT;
+
+
+/*********************************
+ * Okay, okay, this is not the fastest code - improvements are welcome.
+ *
+ */
+
+/* Some test vectors:
+ * "" 24F0130C63AC9332 16166E76B1BB925F F373DE2D49584E7A
+ * "abc" F258C1E88414AB2A 527AB541FFC5B8BF 935F7B951C132951
+ * "Tiger" 9F00F599072300DD 276ABB38C8EB6DEC 37790C116F9D2BDF
+ * "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-"
+ * 87FB2A9083851CF7 470D2CF810E6DF9E B586445034A5A386
+ * "ABCDEFGHIJKLMNOPQRSTUVWXYZ=abcdefghijklmnopqrstuvwxyz+0123456789"
+ * 467DB80863EBCE48 8DF1CD1261655DE9 57896565975F9197
+ * "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham"
+ * 0C410A042968868A 1671DA5A3FD29A72 5EC1E457D3CDB303
+ * "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham, proc"
+ * "eedings of Fast Software Encryption 3, Cambridge."
+ * EBF591D5AFA655CE 7F22894FF87F54AC 89C811B6B0DA3193
+ * "Tiger - A Fast New Hash Function, by Ross Anderson and Eli Biham, proc"
+ * "eedings of Fast Software Encryption 3, Cambridge, 1996."
+ * 3D9AEB03D1BD1A63 57B2774DFD6D5B24 DD68151D503974FC
+ * "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-ABCDEF"
+ * "GHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-"
+ * 00B83EB4E53440C5 76AC6AAEE0A74858 25FD15E70A59FFE4
+ */
+
+static u64 sbox1[256] = {
+ U64_C(0x02aab17cf7e90c5e) /* 0 */, U64_C(0xac424b03e243a8ec) /* 1 */,
+ U64_C(0x72cd5be30dd5fcd3) /* 2 */, U64_C(0x6d019b93f6f97f3a) /* 3 */,
+ U64_C(0xcd9978ffd21f9193) /* 4 */, U64_C(0x7573a1c9708029e2) /* 5 */,
+ U64_C(0xb164326b922a83c3) /* 6 */, U64_C(0x46883eee04915870) /* 7 */,
+ U64_C(0xeaace3057103ece6) /* 8 */, U64_C(0xc54169b808a3535c) /* 9 */,
+ U64_C(0x4ce754918ddec47c) /* 10 */, U64_C(0x0aa2f4dfdc0df40c) /* 11 */,
+ U64_C(0x10b76f18a74dbefa) /* 12 */, U64_C(0xc6ccb6235ad1ab6a) /* 13 */,
+ U64_C(0x13726121572fe2ff) /* 14 */, U64_C(0x1a488c6f199d921e) /* 15 */,
+ U64_C(0x4bc9f9f4da0007ca) /* 16 */, U64_C(0x26f5e6f6e85241c7) /* 17 */,
+ U64_C(0x859079dbea5947b6) /* 18 */, U64_C(0x4f1885c5c99e8c92) /* 19 */,
+ U64_C(0xd78e761ea96f864b) /* 20 */, U64_C(0x8e36428c52b5c17d) /* 21 */,
+ U64_C(0x69cf6827373063c1) /* 22 */, U64_C(0xb607c93d9bb4c56e) /* 23 */,
+ U64_C(0x7d820e760e76b5ea) /* 24 */, U64_C(0x645c9cc6f07fdc42) /* 25 */,
+ U64_C(0xbf38a078243342e0) /* 26 */, U64_C(0x5f6b343c9d2e7d04) /* 27 */,
+ U64_C(0xf2c28aeb600b0ec6) /* 28 */, U64_C(0x6c0ed85f7254bcac) /* 29 */,
+ U64_C(0x71592281a4db4fe5) /* 30 */, U64_C(0x1967fa69ce0fed9f) /* 31 */,
+ U64_C(0xfd5293f8b96545db) /* 32 */, U64_C(0xc879e9d7f2a7600b) /* 33 */,
+ U64_C(0x860248920193194e) /* 34 */, U64_C(0xa4f9533b2d9cc0b3) /* 35 */,
+ U64_C(0x9053836c15957613) /* 36 */, U64_C(0xdb6dcf8afc357bf1) /* 37 */,
+ U64_C(0x18beea7a7a370f57) /* 38 */, U64_C(0x037117ca50b99066) /* 39 */,
+ U64_C(0x6ab30a9774424a35) /* 40 */, U64_C(0xf4e92f02e325249b) /* 41 */,
+ U64_C(0x7739db07061ccae1) /* 42 */, U64_C(0xd8f3b49ceca42a05) /* 43 */,
+ U64_C(0xbd56be3f51382f73) /* 44 */, U64_C(0x45faed5843b0bb28) /* 45 */,
+ U64_C(0x1c813d5c11bf1f83) /* 46 */, U64_C(0x8af0e4b6d75fa169) /* 47 */,
+ U64_C(0x33ee18a487ad9999) /* 48 */, U64_C(0x3c26e8eab1c94410) /* 49 */,
+ U64_C(0xb510102bc0a822f9) /* 50 */, U64_C(0x141eef310ce6123b) /* 51 */,
+ U64_C(0xfc65b90059ddb154) /* 52 */, U64_C(0xe0158640c5e0e607) /* 53 */,
+ U64_C(0x884e079826c3a3cf) /* 54 */, U64_C(0x930d0d9523c535fd) /* 55 */,
+ U64_C(0x35638d754e9a2b00) /* 56 */, U64_C(0x4085fccf40469dd5) /* 57 */,
+ U64_C(0xc4b17ad28be23a4c) /* 58 */, U64_C(0xcab2f0fc6a3e6a2e) /* 59 */,
+ U64_C(0x2860971a6b943fcd) /* 60 */, U64_C(0x3dde6ee212e30446) /* 61 */,
+ U64_C(0x6222f32ae01765ae) /* 62 */, U64_C(0x5d550bb5478308fe) /* 63 */,
+ U64_C(0xa9efa98da0eda22a) /* 64 */, U64_C(0xc351a71686c40da7) /* 65 */,
+ U64_C(0x1105586d9c867c84) /* 66 */, U64_C(0xdcffee85fda22853) /* 67 */,
+ U64_C(0xccfbd0262c5eef76) /* 68 */, U64_C(0xbaf294cb8990d201) /* 69 */,
+ U64_C(0xe69464f52afad975) /* 70 */, U64_C(0x94b013afdf133e14) /* 71 */,
+ U64_C(0x06a7d1a32823c958) /* 72 */, U64_C(0x6f95fe5130f61119) /* 73 */,
+ U64_C(0xd92ab34e462c06c0) /* 74 */, U64_C(0xed7bde33887c71d2) /* 75 */,
+ U64_C(0x79746d6e6518393e) /* 76 */, U64_C(0x5ba419385d713329) /* 77 */,
+ U64_C(0x7c1ba6b948a97564) /* 78 */, U64_C(0x31987c197bfdac67) /* 79 */,
+ U64_C(0xde6c23c44b053d02) /* 80 */, U64_C(0x581c49fed002d64d) /* 81 */,
+ U64_C(0xdd474d6338261571) /* 82 */, U64_C(0xaa4546c3e473d062) /* 83 */,
+ U64_C(0x928fce349455f860) /* 84 */, U64_C(0x48161bbacaab94d9) /* 85 */,
+ U64_C(0x63912430770e6f68) /* 86 */, U64_C(0x6ec8a5e602c6641c) /* 87 */,
+ U64_C(0x87282515337ddd2b) /* 88 */, U64_C(0x2cda6b42034b701b) /* 89 */,
+ U64_C(0xb03d37c181cb096d) /* 90 */, U64_C(0xe108438266c71c6f) /* 91 */,
+ U64_C(0x2b3180c7eb51b255) /* 92 */, U64_C(0xdf92b82f96c08bbc) /* 93 */,
+ U64_C(0x5c68c8c0a632f3ba) /* 94 */, U64_C(0x5504cc861c3d0556) /* 95 */,
+ U64_C(0xabbfa4e55fb26b8f) /* 96 */, U64_C(0x41848b0ab3baceb4) /* 97 */,
+ U64_C(0xb334a273aa445d32) /* 98 */, U64_C(0xbca696f0a85ad881) /* 99 */,
+ U64_C(0x24f6ec65b528d56c) /* 100 */, U64_C(0x0ce1512e90f4524a) /* 101 */,
+ U64_C(0x4e9dd79d5506d35a) /* 102 */, U64_C(0x258905fac6ce9779) /* 103 */,
+ U64_C(0x2019295b3e109b33) /* 104 */, U64_C(0xf8a9478b73a054cc) /* 105 */,
+ U64_C(0x2924f2f934417eb0) /* 106 */, U64_C(0x3993357d536d1bc4) /* 107 */,
+ U64_C(0x38a81ac21db6ff8b) /* 108 */, U64_C(0x47c4fbf17d6016bf) /* 109 */,
+ U64_C(0x1e0faadd7667e3f5) /* 110 */, U64_C(0x7abcff62938beb96) /* 111 */,
+ U64_C(0xa78dad948fc179c9) /* 112 */, U64_C(0x8f1f98b72911e50d) /* 113 */,
+ U64_C(0x61e48eae27121a91) /* 114 */, U64_C(0x4d62f7ad31859808) /* 115 */,
+ U64_C(0xeceba345ef5ceaeb) /* 116 */, U64_C(0xf5ceb25ebc9684ce) /* 117 */,
+ U64_C(0xf633e20cb7f76221) /* 118 */, U64_C(0xa32cdf06ab8293e4) /* 119 */,
+ U64_C(0x985a202ca5ee2ca4) /* 120 */, U64_C(0xcf0b8447cc8a8fb1) /* 121 */,
+ U64_C(0x9f765244979859a3) /* 122 */, U64_C(0xa8d516b1a1240017) /* 123 */,
+ U64_C(0x0bd7ba3ebb5dc726) /* 124 */, U64_C(0xe54bca55b86adb39) /* 125 */,
+ U64_C(0x1d7a3afd6c478063) /* 126 */, U64_C(0x519ec608e7669edd) /* 127 */,
+ U64_C(0x0e5715a2d149aa23) /* 128 */, U64_C(0x177d4571848ff194) /* 129 */,
+ U64_C(0xeeb55f3241014c22) /* 130 */, U64_C(0x0f5e5ca13a6e2ec2) /* 131 */,
+ U64_C(0x8029927b75f5c361) /* 132 */, U64_C(0xad139fabc3d6e436) /* 133 */,
+ U64_C(0x0d5df1a94ccf402f) /* 134 */, U64_C(0x3e8bd948bea5dfc8) /* 135 */,
+ U64_C(0xa5a0d357bd3ff77e) /* 136 */, U64_C(0xa2d12e251f74f645) /* 137 */,
+ U64_C(0x66fd9e525e81a082) /* 138 */, U64_C(0x2e0c90ce7f687a49) /* 139 */,
+ U64_C(0xc2e8bcbeba973bc5) /* 140 */, U64_C(0x000001bce509745f) /* 141 */,
+ U64_C(0x423777bbe6dab3d6) /* 142 */, U64_C(0xd1661c7eaef06eb5) /* 143 */,
+ U64_C(0xa1781f354daacfd8) /* 144 */, U64_C(0x2d11284a2b16affc) /* 145 */,
+ U64_C(0xf1fc4f67fa891d1f) /* 146 */, U64_C(0x73ecc25dcb920ada) /* 147 */,
+ U64_C(0xae610c22c2a12651) /* 148 */, U64_C(0x96e0a810d356b78a) /* 149 */,
+ U64_C(0x5a9a381f2fe7870f) /* 150 */, U64_C(0xd5ad62ede94e5530) /* 151 */,
+ U64_C(0xd225e5e8368d1427) /* 152 */, U64_C(0x65977b70c7af4631) /* 153 */,
+ U64_C(0x99f889b2de39d74f) /* 154 */, U64_C(0x233f30bf54e1d143) /* 155 */,
+ U64_C(0x9a9675d3d9a63c97) /* 156 */, U64_C(0x5470554ff334f9a8) /* 157 */,
+ U64_C(0x166acb744a4f5688) /* 158 */, U64_C(0x70c74caab2e4aead) /* 159 */,
+ U64_C(0xf0d091646f294d12) /* 160 */, U64_C(0x57b82a89684031d1) /* 161 */,
+ U64_C(0xefd95a5a61be0b6b) /* 162 */, U64_C(0x2fbd12e969f2f29a) /* 163 */,
+ U64_C(0x9bd37013feff9fe8) /* 164 */, U64_C(0x3f9b0404d6085a06) /* 165 */,
+ U64_C(0x4940c1f3166cfe15) /* 166 */, U64_C(0x09542c4dcdf3defb) /* 167 */,
+ U64_C(0xb4c5218385cd5ce3) /* 168 */, U64_C(0xc935b7dc4462a641) /* 169 */,
+ U64_C(0x3417f8a68ed3b63f) /* 170 */, U64_C(0xb80959295b215b40) /* 171 */,
+ U64_C(0xf99cdaef3b8c8572) /* 172 */, U64_C(0x018c0614f8fcb95d) /* 173 */,
+ U64_C(0x1b14accd1a3acdf3) /* 174 */, U64_C(0x84d471f200bb732d) /* 175 */,
+ U64_C(0xc1a3110e95e8da16) /* 176 */, U64_C(0x430a7220bf1a82b8) /* 177 */,
+ U64_C(0xb77e090d39df210e) /* 178 */, U64_C(0x5ef4bd9f3cd05e9d) /* 179 */,
+ U64_C(0x9d4ff6da7e57a444) /* 180 */, U64_C(0xda1d60e183d4a5f8) /* 181 */,
+ U64_C(0xb287c38417998e47) /* 182 */, U64_C(0xfe3edc121bb31886) /* 183 */,
+ U64_C(0xc7fe3ccc980ccbef) /* 184 */, U64_C(0xe46fb590189bfd03) /* 185 */,
+ U64_C(0x3732fd469a4c57dc) /* 186 */, U64_C(0x7ef700a07cf1ad65) /* 187 */,
+ U64_C(0x59c64468a31d8859) /* 188 */, U64_C(0x762fb0b4d45b61f6) /* 189 */,
+ U64_C(0x155baed099047718) /* 190 */, U64_C(0x68755e4c3d50baa6) /* 191 */,
+ U64_C(0xe9214e7f22d8b4df) /* 192 */, U64_C(0x2addbf532eac95f4) /* 193 */,
+ U64_C(0x32ae3909b4bd0109) /* 194 */, U64_C(0x834df537b08e3450) /* 195 */,
+ U64_C(0xfa209da84220728d) /* 196 */, U64_C(0x9e691d9b9efe23f7) /* 197 */,
+ U64_C(0x0446d288c4ae8d7f) /* 198 */, U64_C(0x7b4cc524e169785b) /* 199 */,
+ U64_C(0x21d87f0135ca1385) /* 200 */, U64_C(0xcebb400f137b8aa5) /* 201 */,
+ U64_C(0x272e2b66580796be) /* 202 */, U64_C(0x3612264125c2b0de) /* 203 */,
+ U64_C(0x057702bdad1efbb2) /* 204 */, U64_C(0xd4babb8eacf84be9) /* 205 */,
+ U64_C(0x91583139641bc67b) /* 206 */, U64_C(0x8bdc2de08036e024) /* 207 */,
+ U64_C(0x603c8156f49f68ed) /* 208 */, U64_C(0xf7d236f7dbef5111) /* 209 */,
+ U64_C(0x9727c4598ad21e80) /* 210 */, U64_C(0xa08a0896670a5fd7) /* 211 */,
+ U64_C(0xcb4a8f4309eba9cb) /* 212 */, U64_C(0x81af564b0f7036a1) /* 213 */,
+ U64_C(0xc0b99aa778199abd) /* 214 */, U64_C(0x959f1ec83fc8e952) /* 215 */,
+ U64_C(0x8c505077794a81b9) /* 216 */, U64_C(0x3acaaf8f056338f0) /* 217 */,
+ U64_C(0x07b43f50627a6778) /* 218 */, U64_C(0x4a44ab49f5eccc77) /* 219 */,
+ U64_C(0x3bc3d6e4b679ee98) /* 220 */, U64_C(0x9cc0d4d1cf14108c) /* 221 */,
+ U64_C(0x4406c00b206bc8a0) /* 222 */, U64_C(0x82a18854c8d72d89) /* 223 */,
+ U64_C(0x67e366b35c3c432c) /* 224 */, U64_C(0xb923dd61102b37f2) /* 225 */,
+ U64_C(0x56ab2779d884271d) /* 226 */, U64_C(0xbe83e1b0ff1525af) /* 227 */,
+ U64_C(0xfb7c65d4217e49a9) /* 228 */, U64_C(0x6bdbe0e76d48e7d4) /* 229 */,
+ U64_C(0x08df828745d9179e) /* 230 */, U64_C(0x22ea6a9add53bd34) /* 231 */,
+ U64_C(0xe36e141c5622200a) /* 232 */, U64_C(0x7f805d1b8cb750ee) /* 233 */,
+ U64_C(0xafe5c7a59f58e837) /* 234 */, U64_C(0xe27f996a4fb1c23c) /* 235 */,
+ U64_C(0xd3867dfb0775f0d0) /* 236 */, U64_C(0xd0e673de6e88891a) /* 237 */,
+ U64_C(0x123aeb9eafb86c25) /* 238 */, U64_C(0x30f1d5d5c145b895) /* 239 */,
+ U64_C(0xbb434a2dee7269e7) /* 240 */, U64_C(0x78cb67ecf931fa38) /* 241 */,
+ U64_C(0xf33b0372323bbf9c) /* 242 */, U64_C(0x52d66336fb279c74) /* 243 */,
+ U64_C(0x505f33ac0afb4eaa) /* 244 */, U64_C(0xe8a5cd99a2cce187) /* 245 */,
+ U64_C(0x534974801e2d30bb) /* 246 */, U64_C(0x8d2d5711d5876d90) /* 247 */,
+ U64_C(0x1f1a412891bc038e) /* 248 */, U64_C(0xd6e2e71d82e56648) /* 249 */,
+ U64_C(0x74036c3a497732b7) /* 250 */, U64_C(0x89b67ed96361f5ab) /* 251 */,
+ U64_C(0xffed95d8f1ea02a2) /* 252 */, U64_C(0xe72b3bd61464d43d) /* 253 */,
+ U64_C(0xa6300f170bdc4820) /* 254 */, U64_C(0xebc18760ed78a77a) /* 255 */
+};
+static u64 sbox2[256] = {
+ U64_C(0xe6a6be5a05a12138) /* 256 */, U64_C(0xb5a122a5b4f87c98) /* 257 */,
+ U64_C(0x563c6089140b6990) /* 258 */, U64_C(0x4c46cb2e391f5dd5) /* 259 */,
+ U64_C(0xd932addbc9b79434) /* 260 */, U64_C(0x08ea70e42015aff5) /* 261 */,
+ U64_C(0xd765a6673e478cf1) /* 262 */, U64_C(0xc4fb757eab278d99) /* 263 */,
+ U64_C(0xdf11c6862d6e0692) /* 264 */, U64_C(0xddeb84f10d7f3b16) /* 265 */,
+ U64_C(0x6f2ef604a665ea04) /* 266 */, U64_C(0x4a8e0f0ff0e0dfb3) /* 267 */,
+ U64_C(0xa5edeef83dbcba51) /* 268 */, U64_C(0xfc4f0a2a0ea4371e) /* 269 */,
+ U64_C(0xe83e1da85cb38429) /* 270 */, U64_C(0xdc8ff882ba1b1ce2) /* 271 */,
+ U64_C(0xcd45505e8353e80d) /* 272 */, U64_C(0x18d19a00d4db0717) /* 273 */,
+ U64_C(0x34a0cfeda5f38101) /* 274 */, U64_C(0x0be77e518887caf2) /* 275 */,
+ U64_C(0x1e341438b3c45136) /* 276 */, U64_C(0xe05797f49089ccf9) /* 277 */,
+ U64_C(0xffd23f9df2591d14) /* 278 */, U64_C(0x543dda228595c5cd) /* 279 */,
+ U64_C(0x661f81fd99052a33) /* 280 */, U64_C(0x8736e641db0f7b76) /* 281 */,
+ U64_C(0x15227725418e5307) /* 282 */, U64_C(0xe25f7f46162eb2fa) /* 283 */,
+ U64_C(0x48a8b2126c13d9fe) /* 284 */, U64_C(0xafdc541792e76eea) /* 285 */,
+ U64_C(0x03d912bfc6d1898f) /* 286 */, U64_C(0x31b1aafa1b83f51b) /* 287 */,
+ U64_C(0xf1ac2796e42ab7d9) /* 288 */, U64_C(0x40a3a7d7fcd2ebac) /* 289 */,
+ U64_C(0x1056136d0afbbcc5) /* 290 */, U64_C(0x7889e1dd9a6d0c85) /* 291 */,
+ U64_C(0xd33525782a7974aa) /* 292 */, U64_C(0xa7e25d09078ac09b) /* 293 */,
+ U64_C(0xbd4138b3eac6edd0) /* 294 */, U64_C(0x920abfbe71eb9e70) /* 295 */,
+ U64_C(0xa2a5d0f54fc2625c) /* 296 */, U64_C(0xc054e36b0b1290a3) /* 297 */,
+ U64_C(0xf6dd59ff62fe932b) /* 298 */, U64_C(0x3537354511a8ac7d) /* 299 */,
+ U64_C(0xca845e9172fadcd4) /* 300 */, U64_C(0x84f82b60329d20dc) /* 301 */,
+ U64_C(0x79c62ce1cd672f18) /* 302 */, U64_C(0x8b09a2add124642c) /* 303 */,
+ U64_C(0xd0c1e96a19d9e726) /* 304 */, U64_C(0x5a786a9b4ba9500c) /* 305 */,
+ U64_C(0x0e020336634c43f3) /* 306 */, U64_C(0xc17b474aeb66d822) /* 307 */,
+ U64_C(0x6a731ae3ec9baac2) /* 308 */, U64_C(0x8226667ae0840258) /* 309 */,
+ U64_C(0x67d4567691caeca5) /* 310 */, U64_C(0x1d94155c4875adb5) /* 311 */,
+ U64_C(0x6d00fd985b813fdf) /* 312 */, U64_C(0x51286efcb774cd06) /* 313 */,
+ U64_C(0x5e8834471fa744af) /* 314 */, U64_C(0xf72ca0aee761ae2e) /* 315 */,
+ U64_C(0xbe40e4cdaee8e09a) /* 316 */, U64_C(0xe9970bbb5118f665) /* 317 */,
+ U64_C(0x726e4beb33df1964) /* 318 */, U64_C(0x703b000729199762) /* 319 */,
+ U64_C(0x4631d816f5ef30a7) /* 320 */, U64_C(0xb880b5b51504a6be) /* 321 */,
+ U64_C(0x641793c37ed84b6c) /* 322 */, U64_C(0x7b21ed77f6e97d96) /* 323 */,
+ U64_C(0x776306312ef96b73) /* 324 */, U64_C(0xae528948e86ff3f4) /* 325 */,
+ U64_C(0x53dbd7f286a3f8f8) /* 326 */, U64_C(0x16cadce74cfc1063) /* 327 */,
+ U64_C(0x005c19bdfa52c6dd) /* 328 */, U64_C(0x68868f5d64d46ad3) /* 329 */,
+ U64_C(0x3a9d512ccf1e186a) /* 330 */, U64_C(0x367e62c2385660ae) /* 331 */,
+ U64_C(0xe359e7ea77dcb1d7) /* 332 */, U64_C(0x526c0773749abe6e) /* 333 */,
+ U64_C(0x735ae5f9d09f734b) /* 334 */, U64_C(0x493fc7cc8a558ba8) /* 335 */,
+ U64_C(0xb0b9c1533041ab45) /* 336 */, U64_C(0x321958ba470a59bd) /* 337 */,
+ U64_C(0x852db00b5f46c393) /* 338 */, U64_C(0x91209b2bd336b0e5) /* 339 */,
+ U64_C(0x6e604f7d659ef19f) /* 340 */, U64_C(0xb99a8ae2782ccb24) /* 341 */,
+ U64_C(0xccf52ab6c814c4c7) /* 342 */, U64_C(0x4727d9afbe11727b) /* 343 */,
+ U64_C(0x7e950d0c0121b34d) /* 344 */, U64_C(0x756f435670ad471f) /* 345 */,
+ U64_C(0xf5add442615a6849) /* 346 */, U64_C(0x4e87e09980b9957a) /* 347 */,
+ U64_C(0x2acfa1df50aee355) /* 348 */, U64_C(0xd898263afd2fd556) /* 349 */,
+ U64_C(0xc8f4924dd80c8fd6) /* 350 */, U64_C(0xcf99ca3d754a173a) /* 351 */,
+ U64_C(0xfe477bacaf91bf3c) /* 352 */, U64_C(0xed5371f6d690c12d) /* 353 */,
+ U64_C(0x831a5c285e687094) /* 354 */, U64_C(0xc5d3c90a3708a0a4) /* 355 */,
+ U64_C(0x0f7f903717d06580) /* 356 */, U64_C(0x19f9bb13b8fdf27f) /* 357 */,
+ U64_C(0xb1bd6f1b4d502843) /* 358 */, U64_C(0x1c761ba38fff4012) /* 359 */,
+ U64_C(0x0d1530c4e2e21f3b) /* 360 */, U64_C(0x8943ce69a7372c8a) /* 361 */,
+ U64_C(0xe5184e11feb5ce66) /* 362 */, U64_C(0x618bdb80bd736621) /* 363 */,
+ U64_C(0x7d29bad68b574d0b) /* 364 */, U64_C(0x81bb613e25e6fe5b) /* 365 */,
+ U64_C(0x071c9c10bc07913f) /* 366 */, U64_C(0xc7beeb7909ac2d97) /* 367 */,
+ U64_C(0xc3e58d353bc5d757) /* 368 */, U64_C(0xeb017892f38f61e8) /* 369 */,
+ U64_C(0xd4effb9c9b1cc21a) /* 370 */, U64_C(0x99727d26f494f7ab) /* 371 */,
+ U64_C(0xa3e063a2956b3e03) /* 372 */, U64_C(0x9d4a8b9a4aa09c30) /* 373 */,
+ U64_C(0x3f6ab7d500090fb4) /* 374 */, U64_C(0x9cc0f2a057268ac0) /* 375 */,
+ U64_C(0x3dee9d2dedbf42d1) /* 376 */, U64_C(0x330f49c87960a972) /* 377 */,
+ U64_C(0xc6b2720287421b41) /* 378 */, U64_C(0x0ac59ec07c00369c) /* 379 */,
+ U64_C(0xef4eac49cb353425) /* 380 */, U64_C(0xf450244eef0129d8) /* 381 */,
+ U64_C(0x8acc46e5caf4deb6) /* 382 */, U64_C(0x2ffeab63989263f7) /* 383 */,
+ U64_C(0x8f7cb9fe5d7a4578) /* 384 */, U64_C(0x5bd8f7644e634635) /* 385 */,
+ U64_C(0x427a7315bf2dc900) /* 386 */, U64_C(0x17d0c4aa2125261c) /* 387 */,
+ U64_C(0x3992486c93518e50) /* 388 */, U64_C(0xb4cbfee0a2d7d4c3) /* 389 */,
+ U64_C(0x7c75d6202c5ddd8d) /* 390 */, U64_C(0xdbc295d8e35b6c61) /* 391 */,
+ U64_C(0x60b369d302032b19) /* 392 */, U64_C(0xce42685fdce44132) /* 393 */,
+ U64_C(0x06f3ddb9ddf65610) /* 394 */, U64_C(0x8ea4d21db5e148f0) /* 395 */,
+ U64_C(0x20b0fce62fcd496f) /* 396 */, U64_C(0x2c1b912358b0ee31) /* 397 */,
+ U64_C(0xb28317b818f5a308) /* 398 */, U64_C(0xa89c1e189ca6d2cf) /* 399 */,
+ U64_C(0x0c6b18576aaadbc8) /* 400 */, U64_C(0xb65deaa91299fae3) /* 401 */,
+ U64_C(0xfb2b794b7f1027e7) /* 402 */, U64_C(0x04e4317f443b5beb) /* 403 */,
+ U64_C(0x4b852d325939d0a6) /* 404 */, U64_C(0xd5ae6beefb207ffc) /* 405 */,
+ U64_C(0x309682b281c7d374) /* 406 */, U64_C(0xbae309a194c3b475) /* 407 */,
+ U64_C(0x8cc3f97b13b49f05) /* 408 */, U64_C(0x98a9422ff8293967) /* 409 */,
+ U64_C(0x244b16b01076ff7c) /* 410 */, U64_C(0xf8bf571c663d67ee) /* 411 */,
+ U64_C(0x1f0d6758eee30da1) /* 412 */, U64_C(0xc9b611d97adeb9b7) /* 413 */,
+ U64_C(0xb7afd5887b6c57a2) /* 414 */, U64_C(0x6290ae846b984fe1) /* 415 */,
+ U64_C(0x94df4cdeacc1a5fd) /* 416 */, U64_C(0x058a5bd1c5483aff) /* 417 */,
+ U64_C(0x63166cc142ba3c37) /* 418 */, U64_C(0x8db8526eb2f76f40) /* 419 */,
+ U64_C(0xe10880036f0d6d4e) /* 420 */, U64_C(0x9e0523c9971d311d) /* 421 */,
+ U64_C(0x45ec2824cc7cd691) /* 422 */, U64_C(0x575b8359e62382c9) /* 423 */,
+ U64_C(0xfa9e400dc4889995) /* 424 */, U64_C(0xd1823ecb45721568) /* 425 */,
+ U64_C(0xdafd983b8206082f) /* 426 */, U64_C(0xaa7d29082386a8cb) /* 427 */,
+ U64_C(0x269fcd4403b87588) /* 428 */, U64_C(0x1b91f5f728bdd1e0) /* 429 */,
+ U64_C(0xe4669f39040201f6) /* 430 */, U64_C(0x7a1d7c218cf04ade) /* 431 */,
+ U64_C(0x65623c29d79ce5ce) /* 432 */, U64_C(0x2368449096c00bb1) /* 433 */,
+ U64_C(0xab9bf1879da503ba) /* 434 */, U64_C(0xbc23ecb1a458058e) /* 435 */,
+ U64_C(0x9a58df01bb401ecc) /* 436 */, U64_C(0xa070e868a85f143d) /* 437 */,
+ U64_C(0x4ff188307df2239e) /* 438 */, U64_C(0x14d565b41a641183) /* 439 */,
+ U64_C(0xee13337452701602) /* 440 */, U64_C(0x950e3dcf3f285e09) /* 441 */,
+ U64_C(0x59930254b9c80953) /* 442 */, U64_C(0x3bf299408930da6d) /* 443 */,
+ U64_C(0xa955943f53691387) /* 444 */, U64_C(0xa15edecaa9cb8784) /* 445 */,
+ U64_C(0x29142127352be9a0) /* 446 */, U64_C(0x76f0371fff4e7afb) /* 447 */,
+ U64_C(0x0239f450274f2228) /* 448 */, U64_C(0xbb073af01d5e868b) /* 449 */,
+ U64_C(0xbfc80571c10e96c1) /* 450 */, U64_C(0xd267088568222e23) /* 451 */,
+ U64_C(0x9671a3d48e80b5b0) /* 452 */, U64_C(0x55b5d38ae193bb81) /* 453 */,
+ U64_C(0x693ae2d0a18b04b8) /* 454 */, U64_C(0x5c48b4ecadd5335f) /* 455 */,
+ U64_C(0xfd743b194916a1ca) /* 456 */, U64_C(0x2577018134be98c4) /* 457 */,
+ U64_C(0xe77987e83c54a4ad) /* 458 */, U64_C(0x28e11014da33e1b9) /* 459 */,
+ U64_C(0x270cc59e226aa213) /* 460 */, U64_C(0x71495f756d1a5f60) /* 461 */,
+ U64_C(0x9be853fb60afef77) /* 462 */, U64_C(0xadc786a7f7443dbf) /* 463 */,
+ U64_C(0x0904456173b29a82) /* 464 */, U64_C(0x58bc7a66c232bd5e) /* 465 */,
+ U64_C(0xf306558c673ac8b2) /* 466 */, U64_C(0x41f639c6b6c9772a) /* 467 */,
+ U64_C(0x216defe99fda35da) /* 468 */, U64_C(0x11640cc71c7be615) /* 469 */,
+ U64_C(0x93c43694565c5527) /* 470 */, U64_C(0xea038e6246777839) /* 471 */,
+ U64_C(0xf9abf3ce5a3e2469) /* 472 */, U64_C(0x741e768d0fd312d2) /* 473 */,
+ U64_C(0x0144b883ced652c6) /* 474 */, U64_C(0xc20b5a5ba33f8552) /* 475 */,
+ U64_C(0x1ae69633c3435a9d) /* 476 */, U64_C(0x97a28ca4088cfdec) /* 477 */,
+ U64_C(0x8824a43c1e96f420) /* 478 */, U64_C(0x37612fa66eeea746) /* 479 */,
+ U64_C(0x6b4cb165f9cf0e5a) /* 480 */, U64_C(0x43aa1c06a0abfb4a) /* 481 */,
+ U64_C(0x7f4dc26ff162796b) /* 482 */, U64_C(0x6cbacc8e54ed9b0f) /* 483 */,
+ U64_C(0xa6b7ffefd2bb253e) /* 484 */, U64_C(0x2e25bc95b0a29d4f) /* 485 */,
+ U64_C(0x86d6a58bdef1388c) /* 486 */, U64_C(0xded74ac576b6f054) /* 487 */,
+ U64_C(0x8030bdbc2b45805d) /* 488 */, U64_C(0x3c81af70e94d9289) /* 489 */,
+ U64_C(0x3eff6dda9e3100db) /* 490 */, U64_C(0xb38dc39fdfcc8847) /* 491 */,
+ U64_C(0x123885528d17b87e) /* 492 */, U64_C(0xf2da0ed240b1b642) /* 493 */,
+ U64_C(0x44cefadcd54bf9a9) /* 494 */, U64_C(0x1312200e433c7ee6) /* 495 */,
+ U64_C(0x9ffcc84f3a78c748) /* 496 */, U64_C(0xf0cd1f72248576bb) /* 497 */,
+ U64_C(0xec6974053638cfe4) /* 498 */, U64_C(0x2ba7b67c0cec4e4c) /* 499 */,
+ U64_C(0xac2f4df3e5ce32ed) /* 500 */, U64_C(0xcb33d14326ea4c11) /* 501 */,
+ U64_C(0xa4e9044cc77e58bc) /* 502 */, U64_C(0x5f513293d934fcef) /* 503 */,
+ U64_C(0x5dc9645506e55444) /* 504 */, U64_C(0x50de418f317de40a) /* 505 */,
+ U64_C(0x388cb31a69dde259) /* 506 */, U64_C(0x2db4a83455820a86) /* 507 */,
+ U64_C(0x9010a91e84711ae9) /* 508 */, U64_C(0x4df7f0b7b1498371) /* 509 */,
+ U64_C(0xd62a2eabc0977179) /* 510 */, U64_C(0x22fac097aa8d5c0e) /* 511 */
+};
+static u64 sbox3[256] = {
+ U64_C(0xf49fcc2ff1daf39b) /* 512 */, U64_C(0x487fd5c66ff29281) /* 513 */,
+ U64_C(0xe8a30667fcdca83f) /* 514 */, U64_C(0x2c9b4be3d2fcce63) /* 515 */,
+ U64_C(0xda3ff74b93fbbbc2) /* 516 */, U64_C(0x2fa165d2fe70ba66) /* 517 */,
+ U64_C(0xa103e279970e93d4) /* 518 */, U64_C(0xbecdec77b0e45e71) /* 519 */,
+ U64_C(0xcfb41e723985e497) /* 520 */, U64_C(0xb70aaa025ef75017) /* 521 */,
+ U64_C(0xd42309f03840b8e0) /* 522 */, U64_C(0x8efc1ad035898579) /* 523 */,
+ U64_C(0x96c6920be2b2abc5) /* 524 */, U64_C(0x66af4163375a9172) /* 525 */,
+ U64_C(0x2174abdcca7127fb) /* 526 */, U64_C(0xb33ccea64a72ff41) /* 527 */,
+ U64_C(0xf04a4933083066a5) /* 528 */, U64_C(0x8d970acdd7289af5) /* 529 */,
+ U64_C(0x8f96e8e031c8c25e) /* 530 */, U64_C(0xf3fec02276875d47) /* 531 */,
+ U64_C(0xec7bf310056190dd) /* 532 */, U64_C(0xf5adb0aebb0f1491) /* 533 */,
+ U64_C(0x9b50f8850fd58892) /* 534 */, U64_C(0x4975488358b74de8) /* 535 */,
+ U64_C(0xa3354ff691531c61) /* 536 */, U64_C(0x0702bbe481d2c6ee) /* 537 */,
+ U64_C(0x89fb24057deded98) /* 538 */, U64_C(0xac3075138596e902) /* 539 */,
+ U64_C(0x1d2d3580172772ed) /* 540 */, U64_C(0xeb738fc28e6bc30d) /* 541 */,
+ U64_C(0x5854ef8f63044326) /* 542 */, U64_C(0x9e5c52325add3bbe) /* 543 */,
+ U64_C(0x90aa53cf325c4623) /* 544 */, U64_C(0xc1d24d51349dd067) /* 545 */,
+ U64_C(0x2051cfeea69ea624) /* 546 */, U64_C(0x13220f0a862e7e4f) /* 547 */,
+ U64_C(0xce39399404e04864) /* 548 */, U64_C(0xd9c42ca47086fcb7) /* 549 */,
+ U64_C(0x685ad2238a03e7cc) /* 550 */, U64_C(0x066484b2ab2ff1db) /* 551 */,
+ U64_C(0xfe9d5d70efbf79ec) /* 552 */, U64_C(0x5b13b9dd9c481854) /* 553 */,
+ U64_C(0x15f0d475ed1509ad) /* 554 */, U64_C(0x0bebcd060ec79851) /* 555 */,
+ U64_C(0xd58c6791183ab7f8) /* 556 */, U64_C(0xd1187c5052f3eee4) /* 557 */,
+ U64_C(0xc95d1192e54e82ff) /* 558 */, U64_C(0x86eea14cb9ac6ca2) /* 559 */,
+ U64_C(0x3485beb153677d5d) /* 560 */, U64_C(0xdd191d781f8c492a) /* 561 */,
+ U64_C(0xf60866baa784ebf9) /* 562 */, U64_C(0x518f643ba2d08c74) /* 563 */,
+ U64_C(0x8852e956e1087c22) /* 564 */, U64_C(0xa768cb8dc410ae8d) /* 565 */,
+ U64_C(0x38047726bfec8e1a) /* 566 */, U64_C(0xa67738b4cd3b45aa) /* 567 */,
+ U64_C(0xad16691cec0dde19) /* 568 */, U64_C(0xc6d4319380462e07) /* 569 */,
+ U64_C(0xc5a5876d0ba61938) /* 570 */, U64_C(0x16b9fa1fa58fd840) /* 571 */,
+ U64_C(0x188ab1173ca74f18) /* 572 */, U64_C(0xabda2f98c99c021f) /* 573 */,
+ U64_C(0x3e0580ab134ae816) /* 574 */, U64_C(0x5f3b05b773645abb) /* 575 */,
+ U64_C(0x2501a2be5575f2f6) /* 576 */, U64_C(0x1b2f74004e7e8ba9) /* 577 */,
+ U64_C(0x1cd7580371e8d953) /* 578 */, U64_C(0x7f6ed89562764e30) /* 579 */,
+ U64_C(0xb15926ff596f003d) /* 580 */, U64_C(0x9f65293da8c5d6b9) /* 581 */,
+ U64_C(0x6ecef04dd690f84c) /* 582 */, U64_C(0x4782275fff33af88) /* 583 */,
+ U64_C(0xe41433083f820801) /* 584 */, U64_C(0xfd0dfe409a1af9b5) /* 585 */,
+ U64_C(0x4325a3342cdb396b) /* 586 */, U64_C(0x8ae77e62b301b252) /* 587 */,
+ U64_C(0xc36f9e9f6655615a) /* 588 */, U64_C(0x85455a2d92d32c09) /* 589 */,
+ U64_C(0xf2c7dea949477485) /* 590 */, U64_C(0x63cfb4c133a39eba) /* 591 */,
+ U64_C(0x83b040cc6ebc5462) /* 592 */, U64_C(0x3b9454c8fdb326b0) /* 593 */,
+ U64_C(0x56f56a9e87ffd78c) /* 594 */, U64_C(0x2dc2940d99f42bc6) /* 595 */,
+ U64_C(0x98f7df096b096e2d) /* 596 */, U64_C(0x19a6e01e3ad852bf) /* 597 */,
+ U64_C(0x42a99ccbdbd4b40b) /* 598 */, U64_C(0xa59998af45e9c559) /* 599 */,
+ U64_C(0x366295e807d93186) /* 600 */, U64_C(0x6b48181bfaa1f773) /* 601 */,
+ U64_C(0x1fec57e2157a0a1d) /* 602 */, U64_C(0x4667446af6201ad5) /* 603 */,
+ U64_C(0xe615ebcacfb0f075) /* 604 */, U64_C(0xb8f31f4f68290778) /* 605 */,
+ U64_C(0x22713ed6ce22d11e) /* 606 */, U64_C(0x3057c1a72ec3c93b) /* 607 */,
+ U64_C(0xcb46acc37c3f1f2f) /* 608 */, U64_C(0xdbb893fd02aaf50e) /* 609 */,
+ U64_C(0x331fd92e600b9fcf) /* 610 */, U64_C(0xa498f96148ea3ad6) /* 611 */,
+ U64_C(0xa8d8426e8b6a83ea) /* 612 */, U64_C(0xa089b274b7735cdc) /* 613 */,
+ U64_C(0x87f6b3731e524a11) /* 614 */, U64_C(0x118808e5cbc96749) /* 615 */,
+ U64_C(0x9906e4c7b19bd394) /* 616 */, U64_C(0xafed7f7e9b24a20c) /* 617 */,
+ U64_C(0x6509eadeeb3644a7) /* 618 */, U64_C(0x6c1ef1d3e8ef0ede) /* 619 */,
+ U64_C(0xb9c97d43e9798fb4) /* 620 */, U64_C(0xa2f2d784740c28a3) /* 621 */,
+ U64_C(0x7b8496476197566f) /* 622 */, U64_C(0x7a5be3e6b65f069d) /* 623 */,
+ U64_C(0xf96330ed78be6f10) /* 624 */, U64_C(0xeee60de77a076a15) /* 625 */,
+ U64_C(0x2b4bee4aa08b9bd0) /* 626 */, U64_C(0x6a56a63ec7b8894e) /* 627 */,
+ U64_C(0x02121359ba34fef4) /* 628 */, U64_C(0x4cbf99f8283703fc) /* 629 */,
+ U64_C(0x398071350caf30c8) /* 630 */, U64_C(0xd0a77a89f017687a) /* 631 */,
+ U64_C(0xf1c1a9eb9e423569) /* 632 */, U64_C(0x8c7976282dee8199) /* 633 */,
+ U64_C(0x5d1737a5dd1f7abd) /* 634 */, U64_C(0x4f53433c09a9fa80) /* 635 */,
+ U64_C(0xfa8b0c53df7ca1d9) /* 636 */, U64_C(0x3fd9dcbc886ccb77) /* 637 */,
+ U64_C(0xc040917ca91b4720) /* 638 */, U64_C(0x7dd00142f9d1dcdf) /* 639 */,
+ U64_C(0x8476fc1d4f387b58) /* 640 */, U64_C(0x23f8e7c5f3316503) /* 641 */,
+ U64_C(0x032a2244e7e37339) /* 642 */, U64_C(0x5c87a5d750f5a74b) /* 643 */,
+ U64_C(0x082b4cc43698992e) /* 644 */, U64_C(0xdf917becb858f63c) /* 645 */,
+ U64_C(0x3270b8fc5bf86dda) /* 646 */, U64_C(0x10ae72bb29b5dd76) /* 647 */,
+ U64_C(0x576ac94e7700362b) /* 648 */, U64_C(0x1ad112dac61efb8f) /* 649 */,
+ U64_C(0x691bc30ec5faa427) /* 650 */, U64_C(0xff246311cc327143) /* 651 */,
+ U64_C(0x3142368e30e53206) /* 652 */, U64_C(0x71380e31e02ca396) /* 653 */,
+ U64_C(0x958d5c960aad76f1) /* 654 */, U64_C(0xf8d6f430c16da536) /* 655 */,
+ U64_C(0xc8ffd13f1be7e1d2) /* 656 */, U64_C(0x7578ae66004ddbe1) /* 657 */,
+ U64_C(0x05833f01067be646) /* 658 */, U64_C(0xbb34b5ad3bfe586d) /* 659 */,
+ U64_C(0x095f34c9a12b97f0) /* 660 */, U64_C(0x247ab64525d60ca8) /* 661 */,
+ U64_C(0xdcdbc6f3017477d1) /* 662 */, U64_C(0x4a2e14d4decad24d) /* 663 */,
+ U64_C(0xbdb5e6d9be0a1eeb) /* 664 */, U64_C(0x2a7e70f7794301ab) /* 665 */,
+ U64_C(0xdef42d8a270540fd) /* 666 */, U64_C(0x01078ec0a34c22c1) /* 667 */,
+ U64_C(0xe5de511af4c16387) /* 668 */, U64_C(0x7ebb3a52bd9a330a) /* 669 */,
+ U64_C(0x77697857aa7d6435) /* 670 */, U64_C(0x004e831603ae4c32) /* 671 */,
+ U64_C(0xe7a21020ad78e312) /* 672 */, U64_C(0x9d41a70c6ab420f2) /* 673 */,
+ U64_C(0x28e06c18ea1141e6) /* 674 */, U64_C(0xd2b28cbd984f6b28) /* 675 */,
+ U64_C(0x26b75f6c446e9d83) /* 676 */, U64_C(0xba47568c4d418d7f) /* 677 */,
+ U64_C(0xd80badbfe6183d8e) /* 678 */, U64_C(0x0e206d7f5f166044) /* 679 */,
+ U64_C(0xe258a43911cbca3e) /* 680 */, U64_C(0x723a1746b21dc0bc) /* 681 */,
+ U64_C(0xc7caa854f5d7cdd3) /* 682 */, U64_C(0x7cac32883d261d9c) /* 683 */,
+ U64_C(0x7690c26423ba942c) /* 684 */, U64_C(0x17e55524478042b8) /* 685 */,
+ U64_C(0xe0be477656a2389f) /* 686 */, U64_C(0x4d289b5e67ab2da0) /* 687 */,
+ U64_C(0x44862b9c8fbbfd31) /* 688 */, U64_C(0xb47cc8049d141365) /* 689 */,
+ U64_C(0x822c1b362b91c793) /* 690 */, U64_C(0x4eb14655fb13dfd8) /* 691 */,
+ U64_C(0x1ecbba0714e2a97b) /* 692 */, U64_C(0x6143459d5cde5f14) /* 693 */,
+ U64_C(0x53a8fbf1d5f0ac89) /* 694 */, U64_C(0x97ea04d81c5e5b00) /* 695 */,
+ U64_C(0x622181a8d4fdb3f3) /* 696 */, U64_C(0xe9bcd341572a1208) /* 697 */,
+ U64_C(0x1411258643cce58a) /* 698 */, U64_C(0x9144c5fea4c6e0a4) /* 699 */,
+ U64_C(0x0d33d06565cf620f) /* 700 */, U64_C(0x54a48d489f219ca1) /* 701 */,
+ U64_C(0xc43e5eac6d63c821) /* 702 */, U64_C(0xa9728b3a72770daf) /* 703 */,
+ U64_C(0xd7934e7b20df87ef) /* 704 */, U64_C(0xe35503b61a3e86e5) /* 705 */,
+ U64_C(0xcae321fbc819d504) /* 706 */, U64_C(0x129a50b3ac60bfa6) /* 707 */,
+ U64_C(0xcd5e68ea7e9fb6c3) /* 708 */, U64_C(0xb01c90199483b1c7) /* 709 */,
+ U64_C(0x3de93cd5c295376c) /* 710 */, U64_C(0xaed52edf2ab9ad13) /* 711 */,
+ U64_C(0x2e60f512c0a07884) /* 712 */, U64_C(0xbc3d86a3e36210c9) /* 713 */,
+ U64_C(0x35269d9b163951ce) /* 714 */, U64_C(0x0c7d6e2ad0cdb5fa) /* 715 */,
+ U64_C(0x59e86297d87f5733) /* 716 */, U64_C(0x298ef221898db0e7) /* 717 */,
+ U64_C(0x55000029d1a5aa7e) /* 718 */, U64_C(0x8bc08ae1b5061b45) /* 719 */,
+ U64_C(0xc2c31c2b6c92703a) /* 720 */, U64_C(0x94cc596baf25ef42) /* 721 */,
+ U64_C(0x0a1d73db22540456) /* 722 */, U64_C(0x04b6a0f9d9c4179a) /* 723 */,
+ U64_C(0xeffdafa2ae3d3c60) /* 724 */, U64_C(0xf7c8075bb49496c4) /* 725 */,
+ U64_C(0x9cc5c7141d1cd4e3) /* 726 */, U64_C(0x78bd1638218e5534) /* 727 */,
+ U64_C(0xb2f11568f850246a) /* 728 */, U64_C(0xedfabcfa9502bc29) /* 729 */,
+ U64_C(0x796ce5f2da23051b) /* 730 */, U64_C(0xaae128b0dc93537c) /* 731 */,
+ U64_C(0x3a493da0ee4b29ae) /* 732 */, U64_C(0xb5df6b2c416895d7) /* 733 */,
+ U64_C(0xfcabbd25122d7f37) /* 734 */, U64_C(0x70810b58105dc4b1) /* 735 */,
+ U64_C(0xe10fdd37f7882a90) /* 736 */, U64_C(0x524dcab5518a3f5c) /* 737 */,
+ U64_C(0x3c9e85878451255b) /* 738 */, U64_C(0x4029828119bd34e2) /* 739 */,
+ U64_C(0x74a05b6f5d3ceccb) /* 740 */, U64_C(0xb610021542e13eca) /* 741 */,
+ U64_C(0x0ff979d12f59e2ac) /* 742 */, U64_C(0x6037da27e4f9cc50) /* 743 */,
+ U64_C(0x5e92975a0df1847d) /* 744 */, U64_C(0xd66de190d3e623fe) /* 745 */,
+ U64_C(0x5032d6b87b568048) /* 746 */, U64_C(0x9a36b7ce8235216e) /* 747 */,
+ U64_C(0x80272a7a24f64b4a) /* 748 */, U64_C(0x93efed8b8c6916f7) /* 749 */,
+ U64_C(0x37ddbff44cce1555) /* 750 */, U64_C(0x4b95db5d4b99bd25) /* 751 */,
+ U64_C(0x92d3fda169812fc0) /* 752 */, U64_C(0xfb1a4a9a90660bb6) /* 753 */,
+ U64_C(0x730c196946a4b9b2) /* 754 */, U64_C(0x81e289aa7f49da68) /* 755 */,
+ U64_C(0x64669a0f83b1a05f) /* 756 */, U64_C(0x27b3ff7d9644f48b) /* 757 */,
+ U64_C(0xcc6b615c8db675b3) /* 758 */, U64_C(0x674f20b9bcebbe95) /* 759 */,
+ U64_C(0x6f31238275655982) /* 760 */, U64_C(0x5ae488713e45cf05) /* 761 */,
+ U64_C(0xbf619f9954c21157) /* 762 */, U64_C(0xeabac46040a8eae9) /* 763 */,
+ U64_C(0x454c6fe9f2c0c1cd) /* 764 */, U64_C(0x419cf6496412691c) /* 765 */,
+ U64_C(0xd3dc3bef265b0f70) /* 766 */, U64_C(0x6d0e60f5c3578a9e) /* 767 */
+};
+static u64 sbox4[256] = {
+ U64_C(0x5b0e608526323c55) /* 768 */, U64_C(0x1a46c1a9fa1b59f5) /* 769 */,
+ U64_C(0xa9e245a17c4c8ffa) /* 770 */, U64_C(0x65ca5159db2955d7) /* 771 */,
+ U64_C(0x05db0a76ce35afc2) /* 772 */, U64_C(0x81eac77ea9113d45) /* 773 */,
+ U64_C(0x528ef88ab6ac0a0d) /* 774 */, U64_C(0xa09ea253597be3ff) /* 775 */,
+ U64_C(0x430ddfb3ac48cd56) /* 776 */, U64_C(0xc4b3a67af45ce46f) /* 777 */,
+ U64_C(0x4ececfd8fbe2d05e) /* 778 */, U64_C(0x3ef56f10b39935f0) /* 779 */,
+ U64_C(0x0b22d6829cd619c6) /* 780 */, U64_C(0x17fd460a74df2069) /* 781 */,
+ U64_C(0x6cf8cc8e8510ed40) /* 782 */, U64_C(0xd6c824bf3a6ecaa7) /* 783 */,
+ U64_C(0x61243d581a817049) /* 784 */, U64_C(0x048bacb6bbc163a2) /* 785 */,
+ U64_C(0xd9a38ac27d44cc32) /* 786 */, U64_C(0x7fddff5baaf410ab) /* 787 */,
+ U64_C(0xad6d495aa804824b) /* 788 */, U64_C(0xe1a6a74f2d8c9f94) /* 789 */,
+ U64_C(0xd4f7851235dee8e3) /* 790 */, U64_C(0xfd4b7f886540d893) /* 791 */,
+ U64_C(0x247c20042aa4bfda) /* 792 */, U64_C(0x096ea1c517d1327c) /* 793 */,
+ U64_C(0xd56966b4361a6685) /* 794 */, U64_C(0x277da5c31221057d) /* 795 */,
+ U64_C(0x94d59893a43acff7) /* 796 */, U64_C(0x64f0c51ccdc02281) /* 797 */,
+ U64_C(0x3d33bcc4ff6189db) /* 798 */, U64_C(0xe005cb184ce66af1) /* 799 */,
+ U64_C(0xff5ccd1d1db99bea) /* 800 */, U64_C(0xb0b854a7fe42980f) /* 801 */,
+ U64_C(0x7bd46a6a718d4b9f) /* 802 */, U64_C(0xd10fa8cc22a5fd8c) /* 803 */,
+ U64_C(0xd31484952be4bd31) /* 804 */, U64_C(0xc7fa975fcb243847) /* 805 */,
+ U64_C(0x4886ed1e5846c407) /* 806 */, U64_C(0x28cddb791eb70b04) /* 807 */,
+ U64_C(0xc2b00be2f573417f) /* 808 */, U64_C(0x5c9590452180f877) /* 809 */,
+ U64_C(0x7a6bddfff370eb00) /* 810 */, U64_C(0xce509e38d6d9d6a4) /* 811 */,
+ U64_C(0xebeb0f00647fa702) /* 812 */, U64_C(0x1dcc06cf76606f06) /* 813 */,
+ U64_C(0xe4d9f28ba286ff0a) /* 814 */, U64_C(0xd85a305dc918c262) /* 815 */,
+ U64_C(0x475b1d8732225f54) /* 816 */, U64_C(0x2d4fb51668ccb5fe) /* 817 */,
+ U64_C(0xa679b9d9d72bba20) /* 818 */, U64_C(0x53841c0d912d43a5) /* 819 */,
+ U64_C(0x3b7eaa48bf12a4e8) /* 820 */, U64_C(0x781e0e47f22f1ddf) /* 821 */,
+ U64_C(0xeff20ce60ab50973) /* 822 */, U64_C(0x20d261d19dffb742) /* 823 */,
+ U64_C(0x16a12b03062a2e39) /* 824 */, U64_C(0x1960eb2239650495) /* 825 */,
+ U64_C(0x251c16fed50eb8b8) /* 826 */, U64_C(0x9ac0c330f826016e) /* 827 */,
+ U64_C(0xed152665953e7671) /* 828 */, U64_C(0x02d63194a6369570) /* 829 */,
+ U64_C(0x5074f08394b1c987) /* 830 */, U64_C(0x70ba598c90b25ce1) /* 831 */,
+ U64_C(0x794a15810b9742f6) /* 832 */, U64_C(0x0d5925e9fcaf8c6c) /* 833 */,
+ U64_C(0x3067716cd868744e) /* 834 */, U64_C(0x910ab077e8d7731b) /* 835 */,
+ U64_C(0x6a61bbdb5ac42f61) /* 836 */, U64_C(0x93513efbf0851567) /* 837 */,
+ U64_C(0xf494724b9e83e9d5) /* 838 */, U64_C(0xe887e1985c09648d) /* 839 */,
+ U64_C(0x34b1d3c675370cfd) /* 840 */, U64_C(0xdc35e433bc0d255d) /* 841 */,
+ U64_C(0xd0aab84234131be0) /* 842 */, U64_C(0x08042a50b48b7eaf) /* 843 */,
+ U64_C(0x9997c4ee44a3ab35) /* 844 */, U64_C(0x829a7b49201799d0) /* 845 */,
+ U64_C(0x263b8307b7c54441) /* 846 */, U64_C(0x752f95f4fd6a6ca6) /* 847 */,
+ U64_C(0x927217402c08c6e5) /* 848 */, U64_C(0x2a8ab754a795d9ee) /* 849 */,
+ U64_C(0xa442f7552f72943d) /* 850 */, U64_C(0x2c31334e19781208) /* 851 */,
+ U64_C(0x4fa98d7ceaee6291) /* 852 */, U64_C(0x55c3862f665db309) /* 853 */,
+ U64_C(0xbd0610175d53b1f3) /* 854 */, U64_C(0x46fe6cb840413f27) /* 855 */,
+ U64_C(0x3fe03792df0cfa59) /* 856 */, U64_C(0xcfe700372eb85e8f) /* 857 */,
+ U64_C(0xa7be29e7adbce118) /* 858 */, U64_C(0xe544ee5cde8431dd) /* 859 */,
+ U64_C(0x8a781b1b41f1873e) /* 860 */, U64_C(0xa5c94c78a0d2f0e7) /* 861 */,
+ U64_C(0x39412e2877b60728) /* 862 */, U64_C(0xa1265ef3afc9a62c) /* 863 */,
+ U64_C(0xbcc2770c6a2506c5) /* 864 */, U64_C(0x3ab66dd5dce1ce12) /* 865 */,
+ U64_C(0xe65499d04a675b37) /* 866 */, U64_C(0x7d8f523481bfd216) /* 867 */,
+ U64_C(0x0f6f64fcec15f389) /* 868 */, U64_C(0x74efbe618b5b13c8) /* 869 */,
+ U64_C(0xacdc82b714273e1d) /* 870 */, U64_C(0xdd40bfe003199d17) /* 871 */,
+ U64_C(0x37e99257e7e061f8) /* 872 */, U64_C(0xfa52626904775aaa) /* 873 */,
+ U64_C(0x8bbbf63a463d56f9) /* 874 */, U64_C(0xf0013f1543a26e64) /* 875 */,
+ U64_C(0xa8307e9f879ec898) /* 876 */, U64_C(0xcc4c27a4150177cc) /* 877 */,
+ U64_C(0x1b432f2cca1d3348) /* 878 */, U64_C(0xde1d1f8f9f6fa013) /* 879 */,
+ U64_C(0x606602a047a7ddd6) /* 880 */, U64_C(0xd237ab64cc1cb2c7) /* 881 */,
+ U64_C(0x9b938e7225fcd1d3) /* 882 */, U64_C(0xec4e03708e0ff476) /* 883 */,
+ U64_C(0xfeb2fbda3d03c12d) /* 884 */, U64_C(0xae0bced2ee43889a) /* 885 */,
+ U64_C(0x22cb8923ebfb4f43) /* 886 */, U64_C(0x69360d013cf7396d) /* 887 */,
+ U64_C(0x855e3602d2d4e022) /* 888 */, U64_C(0x073805bad01f784c) /* 889 */,
+ U64_C(0x33e17a133852f546) /* 890 */, U64_C(0xdf4874058ac7b638) /* 891 */,
+ U64_C(0xba92b29c678aa14a) /* 892 */, U64_C(0x0ce89fc76cfaadcd) /* 893 */,
+ U64_C(0x5f9d4e0908339e34) /* 894 */, U64_C(0xf1afe9291f5923b9) /* 895 */,
+ U64_C(0x6e3480f60f4a265f) /* 896 */, U64_C(0xeebf3a2ab29b841c) /* 897 */,
+ U64_C(0xe21938a88f91b4ad) /* 898 */, U64_C(0x57dfeff845c6d3c3) /* 899 */,
+ U64_C(0x2f006b0bf62caaf2) /* 900 */, U64_C(0x62f479ef6f75ee78) /* 901 */,
+ U64_C(0x11a55ad41c8916a9) /* 902 */, U64_C(0xf229d29084fed453) /* 903 */,
+ U64_C(0x42f1c27b16b000e6) /* 904 */, U64_C(0x2b1f76749823c074) /* 905 */,
+ U64_C(0x4b76eca3c2745360) /* 906 */, U64_C(0x8c98f463b91691bd) /* 907 */,
+ U64_C(0x14bcc93cf1ade66a) /* 908 */, U64_C(0x8885213e6d458397) /* 909 */,
+ U64_C(0x8e177df0274d4711) /* 910 */, U64_C(0xb49b73b5503f2951) /* 911 */,
+ U64_C(0x10168168c3f96b6b) /* 912 */, U64_C(0x0e3d963b63cab0ae) /* 913 */,
+ U64_C(0x8dfc4b5655a1db14) /* 914 */, U64_C(0xf789f1356e14de5c) /* 915 */,
+ U64_C(0x683e68af4e51dac1) /* 916 */, U64_C(0xc9a84f9d8d4b0fd9) /* 917 */,
+ U64_C(0x3691e03f52a0f9d1) /* 918 */, U64_C(0x5ed86e46e1878e80) /* 919 */,
+ U64_C(0x3c711a0e99d07150) /* 920 */, U64_C(0x5a0865b20c4e9310) /* 921 */,
+ U64_C(0x56fbfc1fe4f0682e) /* 922 */, U64_C(0xea8d5de3105edf9b) /* 923 */,
+ U64_C(0x71abfdb12379187a) /* 924 */, U64_C(0x2eb99de1bee77b9c) /* 925 */,
+ U64_C(0x21ecc0ea33cf4523) /* 926 */, U64_C(0x59a4d7521805c7a1) /* 927 */,
+ U64_C(0x3896f5eb56ae7c72) /* 928 */, U64_C(0xaa638f3db18f75dc) /* 929 */,
+ U64_C(0x9f39358dabe9808e) /* 930 */, U64_C(0xb7defa91c00b72ac) /* 931 */,
+ U64_C(0x6b5541fd62492d92) /* 932 */, U64_C(0x6dc6dee8f92e4d5b) /* 933 */,
+ U64_C(0x353f57abc4beea7e) /* 934 */, U64_C(0x735769d6da5690ce) /* 935 */,
+ U64_C(0x0a234aa642391484) /* 936 */, U64_C(0xf6f9508028f80d9d) /* 937 */,
+ U64_C(0xb8e319a27ab3f215) /* 938 */, U64_C(0x31ad9c1151341a4d) /* 939 */,
+ U64_C(0x773c22a57bef5805) /* 940 */, U64_C(0x45c7561a07968633) /* 941 */,
+ U64_C(0xf913da9e249dbe36) /* 942 */, U64_C(0xda652d9b78a64c68) /* 943 */,
+ U64_C(0x4c27a97f3bc334ef) /* 944 */, U64_C(0x76621220e66b17f4) /* 945 */,
+ U64_C(0x967743899acd7d0b) /* 946 */, U64_C(0xf3ee5bcae0ed6782) /* 947 */,
+ U64_C(0x409f753600c879fc) /* 948 */, U64_C(0x06d09a39b5926db6) /* 949 */,
+ U64_C(0x6f83aeb0317ac588) /* 950 */, U64_C(0x01e6ca4a86381f21) /* 951 */,
+ U64_C(0x66ff3462d19f3025) /* 952 */, U64_C(0x72207c24ddfd3bfb) /* 953 */,
+ U64_C(0x4af6b6d3e2ece2eb) /* 954 */, U64_C(0x9c994dbec7ea08de) /* 955 */,
+ U64_C(0x49ace597b09a8bc4) /* 956 */, U64_C(0xb38c4766cf0797ba) /* 957 */,
+ U64_C(0x131b9373c57c2a75) /* 958 */, U64_C(0xb1822cce61931e58) /* 959 */,
+ U64_C(0x9d7555b909ba1c0c) /* 960 */, U64_C(0x127fafdd937d11d2) /* 961 */,
+ U64_C(0x29da3badc66d92e4) /* 962 */, U64_C(0xa2c1d57154c2ecbc) /* 963 */,
+ U64_C(0x58c5134d82f6fe24) /* 964 */, U64_C(0x1c3ae3515b62274f) /* 965 */,
+ U64_C(0xe907c82e01cb8126) /* 966 */, U64_C(0xf8ed091913e37fcb) /* 967 */,
+ U64_C(0x3249d8f9c80046c9) /* 968 */, U64_C(0x80cf9bede388fb63) /* 969 */,
+ U64_C(0x1881539a116cf19e) /* 970 */, U64_C(0x5103f3f76bd52457) /* 971 */,
+ U64_C(0x15b7e6f5ae47f7a8) /* 972 */, U64_C(0xdbd7c6ded47e9ccf) /* 973 */,
+ U64_C(0x44e55c410228bb1a) /* 974 */, U64_C(0xb647d4255edb4e99) /* 975 */,
+ U64_C(0x5d11882bb8aafc30) /* 976 */, U64_C(0xf5098bbb29d3212a) /* 977 */,
+ U64_C(0x8fb5ea14e90296b3) /* 978 */, U64_C(0x677b942157dd025a) /* 979 */,
+ U64_C(0xfb58e7c0a390acb5) /* 980 */, U64_C(0x89d3674c83bd4a01) /* 981 */,
+ U64_C(0x9e2da4df4bf3b93b) /* 982 */, U64_C(0xfcc41e328cab4829) /* 983 */,
+ U64_C(0x03f38c96ba582c52) /* 984 */, U64_C(0xcad1bdbd7fd85db2) /* 985 */,
+ U64_C(0xbbb442c16082ae83) /* 986 */, U64_C(0xb95fe86ba5da9ab0) /* 987 */,
+ U64_C(0xb22e04673771a93f) /* 988 */, U64_C(0x845358c9493152d8) /* 989 */,
+ U64_C(0xbe2a488697b4541e) /* 990 */, U64_C(0x95a2dc2dd38e6966) /* 991 */,
+ U64_C(0xc02c11ac923c852b) /* 992 */, U64_C(0x2388b1990df2a87b) /* 993 */,
+ U64_C(0x7c8008fa1b4f37be) /* 994 */, U64_C(0x1f70d0c84d54e503) /* 995 */,
+ U64_C(0x5490adec7ece57d4) /* 996 */, U64_C(0x002b3c27d9063a3a) /* 997 */,
+ U64_C(0x7eaea3848030a2bf) /* 998 */, U64_C(0xc602326ded2003c0) /* 999 */,
+ U64_C(0x83a7287d69a94086) /* 1000 */, U64_C(0xc57a5fcb30f57a8a) /* 1001 */,
+ U64_C(0xb56844e479ebe779) /* 1002 */, U64_C(0xa373b40f05dcbce9) /* 1003 */,
+ U64_C(0xd71a786e88570ee2) /* 1004 */, U64_C(0x879cbacdbde8f6a0) /* 1005 */,
+ U64_C(0x976ad1bcc164a32f) /* 1006 */, U64_C(0xab21e25e9666d78b) /* 1007 */,
+ U64_C(0x901063aae5e5c33c) /* 1008 */, U64_C(0x9818b34448698d90) /* 1009 */,
+ U64_C(0xe36487ae3e1e8abb) /* 1010 */, U64_C(0xafbdf931893bdcb4) /* 1011 */,
+ U64_C(0x6345a0dc5fbbd519) /* 1012 */, U64_C(0x8628fe269b9465ca) /* 1013 */,
+ U64_C(0x1e5d01603f9c51ec) /* 1014 */, U64_C(0x4de44006a15049b7) /* 1015 */,
+ U64_C(0xbf6c70e5f776cbb1) /* 1016 */, U64_C(0x411218f2ef552bed) /* 1017 */,
+ U64_C(0xcb0c0708705a36a3) /* 1018 */, U64_C(0xe74d14754f986044) /* 1019 */,
+ U64_C(0xcd56d9430ea8280e) /* 1020 */, U64_C(0xc12591d7535f5065) /* 1021 */,
+ U64_C(0xc83223f1720aef96) /* 1022 */, U64_C(0xc3a0396f7363a51f) /* 1023 */
+};
+
+static void
+tiger_init( void *context )
+{
+ TIGER_CONTEXT *hd = context;
+
+ hd->a = 0x0123456789abcdefLL;
+ hd->b = 0xfedcba9876543210LL;
+ hd->c = 0xf096a5b4c3b2e187LL;
+ hd->nblocks = 0;
+ hd->count = 0;
+}
+
+static void
+tiger_round( u64 *ra, u64 *rb, u64 *rc, u64 x, int mul )
+{
+ u64 a = *ra;
+ u64 b = *rb;
+ u64 c = *rc;
+
+ c ^= x;
+ a -= ( sbox1[ c & 0xff ] ^ sbox2[ (c >> 16) & 0xff ]
+ ^ sbox3[ (c >> 32) & 0xff ] ^ sbox4[ (c >> 48) & 0xff ]);
+ b += ( sbox4[ (c >> 8) & 0xff ] ^ sbox3[ (c >> 24) & 0xff ]
+ ^ sbox2[ (c >> 40) & 0xff ] ^ sbox1[ (c >> 56) & 0xff ]);
+ b *= mul;
+
+ *ra = a;
+ *rb = b;
+ *rc = c;
+}
+
+
+static void
+pass( u64 *ra, u64 *rb, u64 *rc, u64 *x, int mul )
+{
+ u64 a = *ra;
+ u64 b = *rb;
+ u64 c = *rc;
+
+ tiger_round( &a, &b, &c, x[0], mul );
+ tiger_round( &b, &c, &a, x[1], mul );
+ tiger_round( &c, &a, &b, x[2], mul );
+ tiger_round( &a, &b, &c, x[3], mul );
+ tiger_round( &b, &c, &a, x[4], mul );
+ tiger_round( &c, &a, &b, x[5], mul );
+ tiger_round( &a, &b, &c, x[6], mul );
+ tiger_round( &b, &c, &a, x[7], mul );
+
+ *ra = a;
+ *rb = b;
+ *rc = c;
+}
+
+
+static void
+key_schedule( u64 *x )
+{
+ x[0] -= x[7] ^ 0xa5a5a5a5a5a5a5a5LL;
+ x[1] ^= x[0];
+ x[2] += x[1];
+ x[3] -= x[2] ^ ((~x[1]) << 19 );
+ x[4] ^= x[3];
+ x[5] += x[4];
+ x[6] -= x[5] ^ ((~x[4]) >> 23 );
+ x[7] ^= x[6];
+ x[0] += x[7];
+ x[1] -= x[0] ^ ((~x[7]) << 19 );
+ x[2] ^= x[1];
+ x[3] += x[2];
+ x[4] -= x[3] ^ ((~x[2]) >> 23 );
+ x[5] ^= x[4];
+ x[6] += x[5];
+ x[7] -= x[6] ^ 0x0123456789abcdefLL;
+}
+
+
+/****************
+ * Transform the message DATA which consists of 512 bytes (8 words)
+ */
+static void
+transform ( TIGER_CONTEXT *hd, const unsigned char *data )
+{
+ u64 a,b,c,aa,bb,cc;
+ u64 x[8];
+#ifdef WORDS_BIGENDIAN
+#define MKWORD(d,n) \
+ ( ((u64)(d)[8*(n)+7]) << 56 | ((u64)(d)[8*(n)+6]) << 48 \
+ | ((u64)(d)[8*(n)+5]) << 40 | ((u64)(d)[8*(n)+4]) << 32 \
+ | ((u64)(d)[8*(n)+3]) << 24 | ((u64)(d)[8*(n)+2]) << 16 \
+ | ((u64)(d)[8*(n)+1]) << 8 | ((u64)(d)[8*(n) ]) )
+ x[0] = MKWORD(data, 0);
+ x[1] = MKWORD(data, 1);
+ x[2] = MKWORD(data, 2);
+ x[3] = MKWORD(data, 3);
+ x[4] = MKWORD(data, 4);
+ x[5] = MKWORD(data, 5);
+ x[6] = MKWORD(data, 6);
+ x[7] = MKWORD(data, 7);
+#undef MKWORD
+#else
+ memcpy( &x[0], data, 64 );
+#endif
+
+ /* save */
+ a = aa = hd->a;
+ b = bb = hd->b;
+ c = cc = hd->c;
+
+ pass( &a, &b, &c, x, 5);
+ key_schedule( x );
+ pass( &c, &a, &b, x, 7);
+ key_schedule( x );
+ pass( &b, &c, &a, x, 9);
+
+ /* feedforward */
+ a ^= aa;
+ b -= bb;
+ c += cc;
+ /* store */
+ hd->a = a;
+ hd->b = b;
+ hd->c = c;
+}
+
+
+
+/* Update the message digest with the contents
+ * of INBUF with length INLEN.
+ */
+static void
+tiger_write ( void *context, const void *inbuf_arg, size_t inlen)
+{
+ const unsigned char *inbuf = inbuf_arg;
+ TIGER_CONTEXT *hd = context;
+
+ if( hd->count == 64 ) /* flush the buffer */
+ {
+ transform( hd, hd->buf );
+ _gcry_burn_stack (21*8+11*sizeof(void*));
+ hd->count = 0;
+ hd->nblocks++;
+ }
+ if( !inbuf )
+ return;
+ if( hd->count )
+ {
+ for( ; inlen && hd->count < 64; inlen-- )
+ hd->buf[hd->count++] = *inbuf++;
+ tiger_write( hd, NULL, 0 );
+ if( !inlen )
+ return;
+ }
+
+ while( inlen >= 64 )
+ {
+ transform( hd, inbuf );
+ hd->count = 0;
+ hd->nblocks++;
+ inlen -= 64;
+ inbuf += 64;
+ }
+ _gcry_burn_stack (21*8+11*sizeof(void*));
+ for( ; inlen && hd->count < 64; inlen-- )
+ hd->buf[hd->count++] = *inbuf++;
+}
+
+
+
+/* The routine terminates the computation
+ */
+static void
+tiger_final( void *context )
+{
+ TIGER_CONTEXT *hd = context;
+ u32 t, msb, lsb;
+ byte *p;
+
+ tiger_write(hd, NULL, 0); /* flush */;
+
+ t = hd->nblocks;
+ /* multiply by 64 to make a byte count */
+ lsb = t << 6;
+ msb = t >> 26;
+ /* add the count */
+ t = lsb;
+ if( (lsb += hd->count) < t )
+ msb++;
+ /* multiply by 8 to make a bit count */
+ t = lsb;
+ lsb <<= 3;
+ msb <<= 3;
+ msb |= t >> 29;
+
+ if( hd->count < 56 ) /* enough room */
+ {
+ hd->buf[hd->count++] = 0x01; /* pad */
+ while( hd->count < 56 )
+ hd->buf[hd->count++] = 0; /* pad */
+ }
+ else /* need one extra block */
+ {
+ hd->buf[hd->count++] = 0x01; /* pad character */
+ while( hd->count < 64 )
+ hd->buf[hd->count++] = 0;
+ tiger_write(hd, NULL, 0); /* flush */;
+ memset(hd->buf, 0, 56 ); /* fill next block with zeroes */
+ }
+ /* append the 64 bit count */
+ hd->buf[56] = lsb ;
+ hd->buf[57] = lsb >> 8;
+ hd->buf[58] = lsb >> 16;
+ hd->buf[59] = lsb >> 24;
+ hd->buf[60] = msb ;
+ hd->buf[61] = msb >> 8;
+ hd->buf[62] = msb >> 16;
+ hd->buf[63] = msb >> 24;
+ transform( hd, hd->buf );
+ _gcry_burn_stack (21*8+11*sizeof(void*));
+
+ p = hd->buf;
+#ifdef WORDS_BIGENDIAN
+#define X(a) do { *(u64*)p = hd->a ; p += 8; } while(0)
+#else /* little endian */
+#define X(a) do { *p++ = hd->a >> 56; *p++ = hd->a >> 48; \
+ *p++ = hd->a >> 40; *p++ = hd->a >> 32; \
+ *p++ = hd->a >> 24; *p++ = hd->a >> 16; \
+ *p++ = hd->a >> 8; *p++ = hd->a; } while(0)
+#endif
+ X(a);
+ X(b);
+ X(c);
+#undef X
+}
+
+static byte *
+tiger_read( void *context )
+{
+ TIGER_CONTEXT *hd = context;
+
+ return hd->buf;
+}
+
+static byte asn[19] = /* Object ID is 1.3.6.1.4.1.11591.12.2 */
+ { 0x30, 0x29, 0x30, 0x0d, 0x06, 0x09, 0x2b, 0x06,
+ 0x01, 0x04, 0x01, 0xda, 0x47, 0x0c, 0x02,
+ 0x05, 0x00, 0x04, 0x18 };
+
+static gcry_md_oid_spec_t oid_spec_tiger[] =
+ {
+ /* GNU.digestAlgorithm TIGER */
+ { "1.3.6.1.4.1.11591.12.2" },
+ { NULL }
+ };
+
+gcry_md_spec_t _gcry_digest_spec_tiger =
+ {
+ "TIGER192", asn, DIM (asn), oid_spec_tiger, 24,
+ tiger_init, tiger_write, tiger_final, tiger_read,
+ sizeof (TIGER_CONTEXT)
+ };
+
+#endif /* HAVE_U64_TYPEDEF */
diff --git a/grub-core/lib/libgcrypt/cipher/twofish.c b/grub-core/lib/libgcrypt/cipher/twofish.c
new file mode 100644
index 0000000..5274c40
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/twofish.c
@@ -0,0 +1,1040 @@
+/* Twofish for GPG
+ * Copyright (C) 1998, 2002, 2003 Free Software Foundation, Inc.
+ * Written by Matthew Skala <mskala@ansuz.sooke.bc.ca>, July 26, 1998
+ * 256-bit key length added March 20, 1999
+ * Some modifications to reduce the text size by Werner Koch, April, 1998
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ ********************************************************************
+ *
+ * This code is a "clean room" implementation, written from the paper
+ * _Twofish: A 128-Bit Block Cipher_ by Bruce Schneier, John Kelsey,
+ * Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson, available
+ * through http://www.counterpane.com/twofish.html
+ *
+ * For background information on multiplication in finite fields, used for
+ * the matrix operations in the key schedule, see the book _Contemporary
+ * Abstract Algebra_ by Joseph A. Gallian, especially chapter 22 in the
+ * Third Edition.
+ *
+ * Only the 128- and 256-bit key sizes are supported. This code is intended
+ * for GNU C on a 32-bit system, but it should work almost anywhere. Loops
+ * are unrolled, precomputation tables are used, etc., for maximum speed at
+ * some cost in memory consumption. */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h> /* for memcmp() */
+
+#include "types.h" /* for byte and u32 typedefs */
+#include "g10lib.h"
+#include "cipher.h"
+
+/* Prototype for the self-test function. */
+static const char *selftest(void);
+
+/* Structure for an expanded Twofish key. s contains the key-dependent
+ * S-boxes composed with the MDS matrix; w contains the eight "whitening"
+ * subkeys, K[0] through K[7]. k holds the remaining, "round" subkeys. Note
+ * that k[i] corresponds to what the Twofish paper calls K[i+8]. */
+typedef struct {
+ u32 s[4][256], w[8], k[32];
+} TWOFISH_context;
+
+/* These two tables are the q0 and q1 permutations, exactly as described in
+ * the Twofish paper. */
+
+static const byte q0[256] = {
+ 0xA9, 0x67, 0xB3, 0xE8, 0x04, 0xFD, 0xA3, 0x76, 0x9A, 0x92, 0x80, 0x78,
+ 0xE4, 0xDD, 0xD1, 0x38, 0x0D, 0xC6, 0x35, 0x98, 0x18, 0xF7, 0xEC, 0x6C,
+ 0x43, 0x75, 0x37, 0x26, 0xFA, 0x13, 0x94, 0x48, 0xF2, 0xD0, 0x8B, 0x30,
+ 0x84, 0x54, 0xDF, 0x23, 0x19, 0x5B, 0x3D, 0x59, 0xF3, 0xAE, 0xA2, 0x82,
+ 0x63, 0x01, 0x83, 0x2E, 0xD9, 0x51, 0x9B, 0x7C, 0xA6, 0xEB, 0xA5, 0xBE,
+ 0x16, 0x0C, 0xE3, 0x61, 0xC0, 0x8C, 0x3A, 0xF5, 0x73, 0x2C, 0x25, 0x0B,
+ 0xBB, 0x4E, 0x89, 0x6B, 0x53, 0x6A, 0xB4, 0xF1, 0xE1, 0xE6, 0xBD, 0x45,
+ 0xE2, 0xF4, 0xB6, 0x66, 0xCC, 0x95, 0x03, 0x56, 0xD4, 0x1C, 0x1E, 0xD7,
+ 0xFB, 0xC3, 0x8E, 0xB5, 0xE9, 0xCF, 0xBF, 0xBA, 0xEA, 0x77, 0x39, 0xAF,
+ 0x33, 0xC9, 0x62, 0x71, 0x81, 0x79, 0x09, 0xAD, 0x24, 0xCD, 0xF9, 0xD8,
+ 0xE5, 0xC5, 0xB9, 0x4D, 0x44, 0x08, 0x86, 0xE7, 0xA1, 0x1D, 0xAA, 0xED,
+ 0x06, 0x70, 0xB2, 0xD2, 0x41, 0x7B, 0xA0, 0x11, 0x31, 0xC2, 0x27, 0x90,
+ 0x20, 0xF6, 0x60, 0xFF, 0x96, 0x5C, 0xB1, 0xAB, 0x9E, 0x9C, 0x52, 0x1B,
+ 0x5F, 0x93, 0x0A, 0xEF, 0x91, 0x85, 0x49, 0xEE, 0x2D, 0x4F, 0x8F, 0x3B,
+ 0x47, 0x87, 0x6D, 0x46, 0xD6, 0x3E, 0x69, 0x64, 0x2A, 0xCE, 0xCB, 0x2F,
+ 0xFC, 0x97, 0x05, 0x7A, 0xAC, 0x7F, 0xD5, 0x1A, 0x4B, 0x0E, 0xA7, 0x5A,
+ 0x28, 0x14, 0x3F, 0x29, 0x88, 0x3C, 0x4C, 0x02, 0xB8, 0xDA, 0xB0, 0x17,
+ 0x55, 0x1F, 0x8A, 0x7D, 0x57, 0xC7, 0x8D, 0x74, 0xB7, 0xC4, 0x9F, 0x72,
+ 0x7E, 0x15, 0x22, 0x12, 0x58, 0x07, 0x99, 0x34, 0x6E, 0x50, 0xDE, 0x68,
+ 0x65, 0xBC, 0xDB, 0xF8, 0xC8, 0xA8, 0x2B, 0x40, 0xDC, 0xFE, 0x32, 0xA4,
+ 0xCA, 0x10, 0x21, 0xF0, 0xD3, 0x5D, 0x0F, 0x00, 0x6F, 0x9D, 0x36, 0x42,
+ 0x4A, 0x5E, 0xC1, 0xE0
+};
+
+static const byte q1[256] = {
+ 0x75, 0xF3, 0xC6, 0xF4, 0xDB, 0x7B, 0xFB, 0xC8, 0x4A, 0xD3, 0xE6, 0x6B,
+ 0x45, 0x7D, 0xE8, 0x4B, 0xD6, 0x32, 0xD8, 0xFD, 0x37, 0x71, 0xF1, 0xE1,
+ 0x30, 0x0F, 0xF8, 0x1B, 0x87, 0xFA, 0x06, 0x3F, 0x5E, 0xBA, 0xAE, 0x5B,
+ 0x8A, 0x00, 0xBC, 0x9D, 0x6D, 0xC1, 0xB1, 0x0E, 0x80, 0x5D, 0xD2, 0xD5,
+ 0xA0, 0x84, 0x07, 0x14, 0xB5, 0x90, 0x2C, 0xA3, 0xB2, 0x73, 0x4C, 0x54,
+ 0x92, 0x74, 0x36, 0x51, 0x38, 0xB0, 0xBD, 0x5A, 0xFC, 0x60, 0x62, 0x96,
+ 0x6C, 0x42, 0xF7, 0x10, 0x7C, 0x28, 0x27, 0x8C, 0x13, 0x95, 0x9C, 0xC7,
+ 0x24, 0x46, 0x3B, 0x70, 0xCA, 0xE3, 0x85, 0xCB, 0x11, 0xD0, 0x93, 0xB8,
+ 0xA6, 0x83, 0x20, 0xFF, 0x9F, 0x77, 0xC3, 0xCC, 0x03, 0x6F, 0x08, 0xBF,
+ 0x40, 0xE7, 0x2B, 0xE2, 0x79, 0x0C, 0xAA, 0x82, 0x41, 0x3A, 0xEA, 0xB9,
+ 0xE4, 0x9A, 0xA4, 0x97, 0x7E, 0xDA, 0x7A, 0x17, 0x66, 0x94, 0xA1, 0x1D,
+ 0x3D, 0xF0, 0xDE, 0xB3, 0x0B, 0x72, 0xA7, 0x1C, 0xEF, 0xD1, 0x53, 0x3E,
+ 0x8F, 0x33, 0x26, 0x5F, 0xEC, 0x76, 0x2A, 0x49, 0x81, 0x88, 0xEE, 0x21,
+ 0xC4, 0x1A, 0xEB, 0xD9, 0xC5, 0x39, 0x99, 0xCD, 0xAD, 0x31, 0x8B, 0x01,
+ 0x18, 0x23, 0xDD, 0x1F, 0x4E, 0x2D, 0xF9, 0x48, 0x4F, 0xF2, 0x65, 0x8E,
+ 0x78, 0x5C, 0x58, 0x19, 0x8D, 0xE5, 0x98, 0x57, 0x67, 0x7F, 0x05, 0x64,
+ 0xAF, 0x63, 0xB6, 0xFE, 0xF5, 0xB7, 0x3C, 0xA5, 0xCE, 0xE9, 0x68, 0x44,
+ 0xE0, 0x4D, 0x43, 0x69, 0x29, 0x2E, 0xAC, 0x15, 0x59, 0xA8, 0x0A, 0x9E,
+ 0x6E, 0x47, 0xDF, 0x34, 0x35, 0x6A, 0xCF, 0xDC, 0x22, 0xC9, 0xC0, 0x9B,
+ 0x89, 0xD4, 0xED, 0xAB, 0x12, 0xA2, 0x0D, 0x52, 0xBB, 0x02, 0x2F, 0xA9,
+ 0xD7, 0x61, 0x1E, 0xB4, 0x50, 0x04, 0xF6, 0xC2, 0x16, 0x25, 0x86, 0x56,
+ 0x55, 0x09, 0xBE, 0x91
+};
+
+/* These MDS tables are actually tables of MDS composed with q0 and q1,
+ * because it is only ever used that way and we can save some time by
+ * precomputing. Of course the main saving comes from precomputing the
+ * GF(2^8) multiplication involved in the MDS matrix multiply; by looking
+ * things up in these tables we reduce the matrix multiply to four lookups
+ * and three XORs. Semi-formally, the definition of these tables is:
+ * mds[0][i] = MDS (q1[i] 0 0 0)^T mds[1][i] = MDS (0 q0[i] 0 0)^T
+ * mds[2][i] = MDS (0 0 q1[i] 0)^T mds[3][i] = MDS (0 0 0 q0[i])^T
+ * where ^T means "transpose", the matrix multiply is performed in GF(2^8)
+ * represented as GF(2)[x]/v(x) where v(x)=x^8+x^6+x^5+x^3+1 as described
+ * by Schneier et al, and I'm casually glossing over the byte/word
+ * conversion issues. */
+
+static const u32 mds[4][256] = {
+ {0xBCBC3275, 0xECEC21F3, 0x202043C6, 0xB3B3C9F4, 0xDADA03DB, 0x02028B7B,
+ 0xE2E22BFB, 0x9E9EFAC8, 0xC9C9EC4A, 0xD4D409D3, 0x18186BE6, 0x1E1E9F6B,
+ 0x98980E45, 0xB2B2387D, 0xA6A6D2E8, 0x2626B74B, 0x3C3C57D6, 0x93938A32,
+ 0x8282EED8, 0x525298FD, 0x7B7BD437, 0xBBBB3771, 0x5B5B97F1, 0x474783E1,
+ 0x24243C30, 0x5151E20F, 0xBABAC6F8, 0x4A4AF31B, 0xBFBF4887, 0x0D0D70FA,
+ 0xB0B0B306, 0x7575DE3F, 0xD2D2FD5E, 0x7D7D20BA, 0x666631AE, 0x3A3AA35B,
+ 0x59591C8A, 0x00000000, 0xCDCD93BC, 0x1A1AE09D, 0xAEAE2C6D, 0x7F7FABC1,
+ 0x2B2BC7B1, 0xBEBEB90E, 0xE0E0A080, 0x8A8A105D, 0x3B3B52D2, 0x6464BAD5,
+ 0xD8D888A0, 0xE7E7A584, 0x5F5FE807, 0x1B1B1114, 0x2C2CC2B5, 0xFCFCB490,
+ 0x3131272C, 0x808065A3, 0x73732AB2, 0x0C0C8173, 0x79795F4C, 0x6B6B4154,
+ 0x4B4B0292, 0x53536974, 0x94948F36, 0x83831F51, 0x2A2A3638, 0xC4C49CB0,
+ 0x2222C8BD, 0xD5D5F85A, 0xBDBDC3FC, 0x48487860, 0xFFFFCE62, 0x4C4C0796,
+ 0x4141776C, 0xC7C7E642, 0xEBEB24F7, 0x1C1C1410, 0x5D5D637C, 0x36362228,
+ 0x6767C027, 0xE9E9AF8C, 0x4444F913, 0x1414EA95, 0xF5F5BB9C, 0xCFCF18C7,
+ 0x3F3F2D24, 0xC0C0E346, 0x7272DB3B, 0x54546C70, 0x29294CCA, 0xF0F035E3,
+ 0x0808FE85, 0xC6C617CB, 0xF3F34F11, 0x8C8CE4D0, 0xA4A45993, 0xCACA96B8,
+ 0x68683BA6, 0xB8B84D83, 0x38382820, 0xE5E52EFF, 0xADAD569F, 0x0B0B8477,
+ 0xC8C81DC3, 0x9999FFCC, 0x5858ED03, 0x19199A6F, 0x0E0E0A08, 0x95957EBF,
+ 0x70705040, 0xF7F730E7, 0x6E6ECF2B, 0x1F1F6EE2, 0xB5B53D79, 0x09090F0C,
+ 0x616134AA, 0x57571682, 0x9F9F0B41, 0x9D9D803A, 0x111164EA, 0x2525CDB9,
+ 0xAFAFDDE4, 0x4545089A, 0xDFDF8DA4, 0xA3A35C97, 0xEAEAD57E, 0x353558DA,
+ 0xEDEDD07A, 0x4343FC17, 0xF8F8CB66, 0xFBFBB194, 0x3737D3A1, 0xFAFA401D,
+ 0xC2C2683D, 0xB4B4CCF0, 0x32325DDE, 0x9C9C71B3, 0x5656E70B, 0xE3E3DA72,
+ 0x878760A7, 0x15151B1C, 0xF9F93AEF, 0x6363BFD1, 0x3434A953, 0x9A9A853E,
+ 0xB1B1428F, 0x7C7CD133, 0x88889B26, 0x3D3DA65F, 0xA1A1D7EC, 0xE4E4DF76,
+ 0x8181942A, 0x91910149, 0x0F0FFB81, 0xEEEEAA88, 0x161661EE, 0xD7D77321,
+ 0x9797F5C4, 0xA5A5A81A, 0xFEFE3FEB, 0x6D6DB5D9, 0x7878AEC5, 0xC5C56D39,
+ 0x1D1DE599, 0x7676A4CD, 0x3E3EDCAD, 0xCBCB6731, 0xB6B6478B, 0xEFEF5B01,
+ 0x12121E18, 0x6060C523, 0x6A6AB0DD, 0x4D4DF61F, 0xCECEE94E, 0xDEDE7C2D,
+ 0x55559DF9, 0x7E7E5A48, 0x2121B24F, 0x03037AF2, 0xA0A02665, 0x5E5E198E,
+ 0x5A5A6678, 0x65654B5C, 0x62624E58, 0xFDFD4519, 0x0606F48D, 0x404086E5,
+ 0xF2F2BE98, 0x3333AC57, 0x17179067, 0x05058E7F, 0xE8E85E05, 0x4F4F7D64,
+ 0x89896AAF, 0x10109563, 0x74742FB6, 0x0A0A75FE, 0x5C5C92F5, 0x9B9B74B7,
+ 0x2D2D333C, 0x3030D6A5, 0x2E2E49CE, 0x494989E9, 0x46467268, 0x77775544,
+ 0xA8A8D8E0, 0x9696044D, 0x2828BD43, 0xA9A92969, 0xD9D97929, 0x8686912E,
+ 0xD1D187AC, 0xF4F44A15, 0x8D8D1559, 0xD6D682A8, 0xB9B9BC0A, 0x42420D9E,
+ 0xF6F6C16E, 0x2F2FB847, 0xDDDD06DF, 0x23233934, 0xCCCC6235, 0xF1F1C46A,
+ 0xC1C112CF, 0x8585EBDC, 0x8F8F9E22, 0x7171A1C9, 0x9090F0C0, 0xAAAA539B,
+ 0x0101F189, 0x8B8BE1D4, 0x4E4E8CED, 0x8E8E6FAB, 0xABABA212, 0x6F6F3EA2,
+ 0xE6E6540D, 0xDBDBF252, 0x92927BBB, 0xB7B7B602, 0x6969CA2F, 0x3939D9A9,
+ 0xD3D30CD7, 0xA7A72361, 0xA2A2AD1E, 0xC3C399B4, 0x6C6C4450, 0x07070504,
+ 0x04047FF6, 0x272746C2, 0xACACA716, 0xD0D07625, 0x50501386, 0xDCDCF756,
+ 0x84841A55, 0xE1E15109, 0x7A7A25BE, 0x1313EF91},
+
+ {0xA9D93939, 0x67901717, 0xB3719C9C, 0xE8D2A6A6, 0x04050707, 0xFD985252,
+ 0xA3658080, 0x76DFE4E4, 0x9A084545, 0x92024B4B, 0x80A0E0E0, 0x78665A5A,
+ 0xE4DDAFAF, 0xDDB06A6A, 0xD1BF6363, 0x38362A2A, 0x0D54E6E6, 0xC6432020,
+ 0x3562CCCC, 0x98BEF2F2, 0x181E1212, 0xF724EBEB, 0xECD7A1A1, 0x6C774141,
+ 0x43BD2828, 0x7532BCBC, 0x37D47B7B, 0x269B8888, 0xFA700D0D, 0x13F94444,
+ 0x94B1FBFB, 0x485A7E7E, 0xF27A0303, 0xD0E48C8C, 0x8B47B6B6, 0x303C2424,
+ 0x84A5E7E7, 0x54416B6B, 0xDF06DDDD, 0x23C56060, 0x1945FDFD, 0x5BA33A3A,
+ 0x3D68C2C2, 0x59158D8D, 0xF321ECEC, 0xAE316666, 0xA23E6F6F, 0x82165757,
+ 0x63951010, 0x015BEFEF, 0x834DB8B8, 0x2E918686, 0xD9B56D6D, 0x511F8383,
+ 0x9B53AAAA, 0x7C635D5D, 0xA63B6868, 0xEB3FFEFE, 0xA5D63030, 0xBE257A7A,
+ 0x16A7ACAC, 0x0C0F0909, 0xE335F0F0, 0x6123A7A7, 0xC0F09090, 0x8CAFE9E9,
+ 0x3A809D9D, 0xF5925C5C, 0x73810C0C, 0x2C273131, 0x2576D0D0, 0x0BE75656,
+ 0xBB7B9292, 0x4EE9CECE, 0x89F10101, 0x6B9F1E1E, 0x53A93434, 0x6AC4F1F1,
+ 0xB499C3C3, 0xF1975B5B, 0xE1834747, 0xE66B1818, 0xBDC82222, 0x450E9898,
+ 0xE26E1F1F, 0xF4C9B3B3, 0xB62F7474, 0x66CBF8F8, 0xCCFF9999, 0x95EA1414,
+ 0x03ED5858, 0x56F7DCDC, 0xD4E18B8B, 0x1C1B1515, 0x1EADA2A2, 0xD70CD3D3,
+ 0xFB2BE2E2, 0xC31DC8C8, 0x8E195E5E, 0xB5C22C2C, 0xE9894949, 0xCF12C1C1,
+ 0xBF7E9595, 0xBA207D7D, 0xEA641111, 0x77840B0B, 0x396DC5C5, 0xAF6A8989,
+ 0x33D17C7C, 0xC9A17171, 0x62CEFFFF, 0x7137BBBB, 0x81FB0F0F, 0x793DB5B5,
+ 0x0951E1E1, 0xADDC3E3E, 0x242D3F3F, 0xCDA47676, 0xF99D5555, 0xD8EE8282,
+ 0xE5864040, 0xC5AE7878, 0xB9CD2525, 0x4D049696, 0x44557777, 0x080A0E0E,
+ 0x86135050, 0xE730F7F7, 0xA1D33737, 0x1D40FAFA, 0xAA346161, 0xED8C4E4E,
+ 0x06B3B0B0, 0x706C5454, 0xB22A7373, 0xD2523B3B, 0x410B9F9F, 0x7B8B0202,
+ 0xA088D8D8, 0x114FF3F3, 0x3167CBCB, 0xC2462727, 0x27C06767, 0x90B4FCFC,
+ 0x20283838, 0xF67F0404, 0x60784848, 0xFF2EE5E5, 0x96074C4C, 0x5C4B6565,
+ 0xB1C72B2B, 0xAB6F8E8E, 0x9E0D4242, 0x9CBBF5F5, 0x52F2DBDB, 0x1BF34A4A,
+ 0x5FA63D3D, 0x9359A4A4, 0x0ABCB9B9, 0xEF3AF9F9, 0x91EF1313, 0x85FE0808,
+ 0x49019191, 0xEE611616, 0x2D7CDEDE, 0x4FB22121, 0x8F42B1B1, 0x3BDB7272,
+ 0x47B82F2F, 0x8748BFBF, 0x6D2CAEAE, 0x46E3C0C0, 0xD6573C3C, 0x3E859A9A,
+ 0x6929A9A9, 0x647D4F4F, 0x2A948181, 0xCE492E2E, 0xCB17C6C6, 0x2FCA6969,
+ 0xFCC3BDBD, 0x975CA3A3, 0x055EE8E8, 0x7AD0EDED, 0xAC87D1D1, 0x7F8E0505,
+ 0xD5BA6464, 0x1AA8A5A5, 0x4BB72626, 0x0EB9BEBE, 0xA7608787, 0x5AF8D5D5,
+ 0x28223636, 0x14111B1B, 0x3FDE7575, 0x2979D9D9, 0x88AAEEEE, 0x3C332D2D,
+ 0x4C5F7979, 0x02B6B7B7, 0xB896CACA, 0xDA583535, 0xB09CC4C4, 0x17FC4343,
+ 0x551A8484, 0x1FF64D4D, 0x8A1C5959, 0x7D38B2B2, 0x57AC3333, 0xC718CFCF,
+ 0x8DF40606, 0x74695353, 0xB7749B9B, 0xC4F59797, 0x9F56ADAD, 0x72DAE3E3,
+ 0x7ED5EAEA, 0x154AF4F4, 0x229E8F8F, 0x12A2ABAB, 0x584E6262, 0x07E85F5F,
+ 0x99E51D1D, 0x34392323, 0x6EC1F6F6, 0x50446C6C, 0xDE5D3232, 0x68724646,
+ 0x6526A0A0, 0xBC93CDCD, 0xDB03DADA, 0xF8C6BABA, 0xC8FA9E9E, 0xA882D6D6,
+ 0x2BCF6E6E, 0x40507070, 0xDCEB8585, 0xFE750A0A, 0x328A9393, 0xA48DDFDF,
+ 0xCA4C2929, 0x10141C1C, 0x2173D7D7, 0xF0CCB4B4, 0xD309D4D4, 0x5D108A8A,
+ 0x0FE25151, 0x00000000, 0x6F9A1919, 0x9DE01A1A, 0x368F9494, 0x42E6C7C7,
+ 0x4AECC9C9, 0x5EFDD2D2, 0xC1AB7F7F, 0xE0D8A8A8},
+
+ {0xBC75BC32, 0xECF3EC21, 0x20C62043, 0xB3F4B3C9, 0xDADBDA03, 0x027B028B,
+ 0xE2FBE22B, 0x9EC89EFA, 0xC94AC9EC, 0xD4D3D409, 0x18E6186B, 0x1E6B1E9F,
+ 0x9845980E, 0xB27DB238, 0xA6E8A6D2, 0x264B26B7, 0x3CD63C57, 0x9332938A,
+ 0x82D882EE, 0x52FD5298, 0x7B377BD4, 0xBB71BB37, 0x5BF15B97, 0x47E14783,
+ 0x2430243C, 0x510F51E2, 0xBAF8BAC6, 0x4A1B4AF3, 0xBF87BF48, 0x0DFA0D70,
+ 0xB006B0B3, 0x753F75DE, 0xD25ED2FD, 0x7DBA7D20, 0x66AE6631, 0x3A5B3AA3,
+ 0x598A591C, 0x00000000, 0xCDBCCD93, 0x1A9D1AE0, 0xAE6DAE2C, 0x7FC17FAB,
+ 0x2BB12BC7, 0xBE0EBEB9, 0xE080E0A0, 0x8A5D8A10, 0x3BD23B52, 0x64D564BA,
+ 0xD8A0D888, 0xE784E7A5, 0x5F075FE8, 0x1B141B11, 0x2CB52CC2, 0xFC90FCB4,
+ 0x312C3127, 0x80A38065, 0x73B2732A, 0x0C730C81, 0x794C795F, 0x6B546B41,
+ 0x4B924B02, 0x53745369, 0x9436948F, 0x8351831F, 0x2A382A36, 0xC4B0C49C,
+ 0x22BD22C8, 0xD55AD5F8, 0xBDFCBDC3, 0x48604878, 0xFF62FFCE, 0x4C964C07,
+ 0x416C4177, 0xC742C7E6, 0xEBF7EB24, 0x1C101C14, 0x5D7C5D63, 0x36283622,
+ 0x672767C0, 0xE98CE9AF, 0x441344F9, 0x149514EA, 0xF59CF5BB, 0xCFC7CF18,
+ 0x3F243F2D, 0xC046C0E3, 0x723B72DB, 0x5470546C, 0x29CA294C, 0xF0E3F035,
+ 0x088508FE, 0xC6CBC617, 0xF311F34F, 0x8CD08CE4, 0xA493A459, 0xCAB8CA96,
+ 0x68A6683B, 0xB883B84D, 0x38203828, 0xE5FFE52E, 0xAD9FAD56, 0x0B770B84,
+ 0xC8C3C81D, 0x99CC99FF, 0x580358ED, 0x196F199A, 0x0E080E0A, 0x95BF957E,
+ 0x70407050, 0xF7E7F730, 0x6E2B6ECF, 0x1FE21F6E, 0xB579B53D, 0x090C090F,
+ 0x61AA6134, 0x57825716, 0x9F419F0B, 0x9D3A9D80, 0x11EA1164, 0x25B925CD,
+ 0xAFE4AFDD, 0x459A4508, 0xDFA4DF8D, 0xA397A35C, 0xEA7EEAD5, 0x35DA3558,
+ 0xED7AEDD0, 0x431743FC, 0xF866F8CB, 0xFB94FBB1, 0x37A137D3, 0xFA1DFA40,
+ 0xC23DC268, 0xB4F0B4CC, 0x32DE325D, 0x9CB39C71, 0x560B56E7, 0xE372E3DA,
+ 0x87A78760, 0x151C151B, 0xF9EFF93A, 0x63D163BF, 0x345334A9, 0x9A3E9A85,
+ 0xB18FB142, 0x7C337CD1, 0x8826889B, 0x3D5F3DA6, 0xA1ECA1D7, 0xE476E4DF,
+ 0x812A8194, 0x91499101, 0x0F810FFB, 0xEE88EEAA, 0x16EE1661, 0xD721D773,
+ 0x97C497F5, 0xA51AA5A8, 0xFEEBFE3F, 0x6DD96DB5, 0x78C578AE, 0xC539C56D,
+ 0x1D991DE5, 0x76CD76A4, 0x3EAD3EDC, 0xCB31CB67, 0xB68BB647, 0xEF01EF5B,
+ 0x1218121E, 0x602360C5, 0x6ADD6AB0, 0x4D1F4DF6, 0xCE4ECEE9, 0xDE2DDE7C,
+ 0x55F9559D, 0x7E487E5A, 0x214F21B2, 0x03F2037A, 0xA065A026, 0x5E8E5E19,
+ 0x5A785A66, 0x655C654B, 0x6258624E, 0xFD19FD45, 0x068D06F4, 0x40E54086,
+ 0xF298F2BE, 0x335733AC, 0x17671790, 0x057F058E, 0xE805E85E, 0x4F644F7D,
+ 0x89AF896A, 0x10631095, 0x74B6742F, 0x0AFE0A75, 0x5CF55C92, 0x9BB79B74,
+ 0x2D3C2D33, 0x30A530D6, 0x2ECE2E49, 0x49E94989, 0x46684672, 0x77447755,
+ 0xA8E0A8D8, 0x964D9604, 0x284328BD, 0xA969A929, 0xD929D979, 0x862E8691,
+ 0xD1ACD187, 0xF415F44A, 0x8D598D15, 0xD6A8D682, 0xB90AB9BC, 0x429E420D,
+ 0xF66EF6C1, 0x2F472FB8, 0xDDDFDD06, 0x23342339, 0xCC35CC62, 0xF16AF1C4,
+ 0xC1CFC112, 0x85DC85EB, 0x8F228F9E, 0x71C971A1, 0x90C090F0, 0xAA9BAA53,
+ 0x018901F1, 0x8BD48BE1, 0x4EED4E8C, 0x8EAB8E6F, 0xAB12ABA2, 0x6FA26F3E,
+ 0xE60DE654, 0xDB52DBF2, 0x92BB927B, 0xB702B7B6, 0x692F69CA, 0x39A939D9,
+ 0xD3D7D30C, 0xA761A723, 0xA21EA2AD, 0xC3B4C399, 0x6C506C44, 0x07040705,
+ 0x04F6047F, 0x27C22746, 0xAC16ACA7, 0xD025D076, 0x50865013, 0xDC56DCF7,
+ 0x8455841A, 0xE109E151, 0x7ABE7A25, 0x139113EF},
+
+ {0xD939A9D9, 0x90176790, 0x719CB371, 0xD2A6E8D2, 0x05070405, 0x9852FD98,
+ 0x6580A365, 0xDFE476DF, 0x08459A08, 0x024B9202, 0xA0E080A0, 0x665A7866,
+ 0xDDAFE4DD, 0xB06ADDB0, 0xBF63D1BF, 0x362A3836, 0x54E60D54, 0x4320C643,
+ 0x62CC3562, 0xBEF298BE, 0x1E12181E, 0x24EBF724, 0xD7A1ECD7, 0x77416C77,
+ 0xBD2843BD, 0x32BC7532, 0xD47B37D4, 0x9B88269B, 0x700DFA70, 0xF94413F9,
+ 0xB1FB94B1, 0x5A7E485A, 0x7A03F27A, 0xE48CD0E4, 0x47B68B47, 0x3C24303C,
+ 0xA5E784A5, 0x416B5441, 0x06DDDF06, 0xC56023C5, 0x45FD1945, 0xA33A5BA3,
+ 0x68C23D68, 0x158D5915, 0x21ECF321, 0x3166AE31, 0x3E6FA23E, 0x16578216,
+ 0x95106395, 0x5BEF015B, 0x4DB8834D, 0x91862E91, 0xB56DD9B5, 0x1F83511F,
+ 0x53AA9B53, 0x635D7C63, 0x3B68A63B, 0x3FFEEB3F, 0xD630A5D6, 0x257ABE25,
+ 0xA7AC16A7, 0x0F090C0F, 0x35F0E335, 0x23A76123, 0xF090C0F0, 0xAFE98CAF,
+ 0x809D3A80, 0x925CF592, 0x810C7381, 0x27312C27, 0x76D02576, 0xE7560BE7,
+ 0x7B92BB7B, 0xE9CE4EE9, 0xF10189F1, 0x9F1E6B9F, 0xA93453A9, 0xC4F16AC4,
+ 0x99C3B499, 0x975BF197, 0x8347E183, 0x6B18E66B, 0xC822BDC8, 0x0E98450E,
+ 0x6E1FE26E, 0xC9B3F4C9, 0x2F74B62F, 0xCBF866CB, 0xFF99CCFF, 0xEA1495EA,
+ 0xED5803ED, 0xF7DC56F7, 0xE18BD4E1, 0x1B151C1B, 0xADA21EAD, 0x0CD3D70C,
+ 0x2BE2FB2B, 0x1DC8C31D, 0x195E8E19, 0xC22CB5C2, 0x8949E989, 0x12C1CF12,
+ 0x7E95BF7E, 0x207DBA20, 0x6411EA64, 0x840B7784, 0x6DC5396D, 0x6A89AF6A,
+ 0xD17C33D1, 0xA171C9A1, 0xCEFF62CE, 0x37BB7137, 0xFB0F81FB, 0x3DB5793D,
+ 0x51E10951, 0xDC3EADDC, 0x2D3F242D, 0xA476CDA4, 0x9D55F99D, 0xEE82D8EE,
+ 0x8640E586, 0xAE78C5AE, 0xCD25B9CD, 0x04964D04, 0x55774455, 0x0A0E080A,
+ 0x13508613, 0x30F7E730, 0xD337A1D3, 0x40FA1D40, 0x3461AA34, 0x8C4EED8C,
+ 0xB3B006B3, 0x6C54706C, 0x2A73B22A, 0x523BD252, 0x0B9F410B, 0x8B027B8B,
+ 0x88D8A088, 0x4FF3114F, 0x67CB3167, 0x4627C246, 0xC06727C0, 0xB4FC90B4,
+ 0x28382028, 0x7F04F67F, 0x78486078, 0x2EE5FF2E, 0x074C9607, 0x4B655C4B,
+ 0xC72BB1C7, 0x6F8EAB6F, 0x0D429E0D, 0xBBF59CBB, 0xF2DB52F2, 0xF34A1BF3,
+ 0xA63D5FA6, 0x59A49359, 0xBCB90ABC, 0x3AF9EF3A, 0xEF1391EF, 0xFE0885FE,
+ 0x01914901, 0x6116EE61, 0x7CDE2D7C, 0xB2214FB2, 0x42B18F42, 0xDB723BDB,
+ 0xB82F47B8, 0x48BF8748, 0x2CAE6D2C, 0xE3C046E3, 0x573CD657, 0x859A3E85,
+ 0x29A96929, 0x7D4F647D, 0x94812A94, 0x492ECE49, 0x17C6CB17, 0xCA692FCA,
+ 0xC3BDFCC3, 0x5CA3975C, 0x5EE8055E, 0xD0ED7AD0, 0x87D1AC87, 0x8E057F8E,
+ 0xBA64D5BA, 0xA8A51AA8, 0xB7264BB7, 0xB9BE0EB9, 0x6087A760, 0xF8D55AF8,
+ 0x22362822, 0x111B1411, 0xDE753FDE, 0x79D92979, 0xAAEE88AA, 0x332D3C33,
+ 0x5F794C5F, 0xB6B702B6, 0x96CAB896, 0x5835DA58, 0x9CC4B09C, 0xFC4317FC,
+ 0x1A84551A, 0xF64D1FF6, 0x1C598A1C, 0x38B27D38, 0xAC3357AC, 0x18CFC718,
+ 0xF4068DF4, 0x69537469, 0x749BB774, 0xF597C4F5, 0x56AD9F56, 0xDAE372DA,
+ 0xD5EA7ED5, 0x4AF4154A, 0x9E8F229E, 0xA2AB12A2, 0x4E62584E, 0xE85F07E8,
+ 0xE51D99E5, 0x39233439, 0xC1F66EC1, 0x446C5044, 0x5D32DE5D, 0x72466872,
+ 0x26A06526, 0x93CDBC93, 0x03DADB03, 0xC6BAF8C6, 0xFA9EC8FA, 0x82D6A882,
+ 0xCF6E2BCF, 0x50704050, 0xEB85DCEB, 0x750AFE75, 0x8A93328A, 0x8DDFA48D,
+ 0x4C29CA4C, 0x141C1014, 0x73D72173, 0xCCB4F0CC, 0x09D4D309, 0x108A5D10,
+ 0xE2510FE2, 0x00000000, 0x9A196F9A, 0xE01A9DE0, 0x8F94368F, 0xE6C742E6,
+ 0xECC94AEC, 0xFDD25EFD, 0xAB7FC1AB, 0xD8A8E0D8}
+};
+
+/* The exp_to_poly and poly_to_exp tables are used to perform efficient
+ * operations in GF(2^8) represented as GF(2)[x]/w(x) where
+ * w(x)=x^8+x^6+x^3+x^2+1. We care about doing that because it's part of the
+ * definition of the RS matrix in the key schedule. Elements of that field
+ * are polynomials of degree not greater than 7 and all coefficients 0 or 1,
+ * which can be represented naturally by bytes (just substitute x=2). In that
+ * form, GF(2^8) addition is the same as bitwise XOR, but GF(2^8)
+ * multiplication is inefficient without hardware support. To multiply
+ * faster, I make use of the fact x is a generator for the nonzero elements,
+ * so that every element p of GF(2)[x]/w(x) is either 0 or equal to (x)^n for
+ * some n in 0..254. Note that that caret is exponentiation in GF(2^8),
+ * *not* polynomial notation. So if I want to compute pq where p and q are
+ * in GF(2^8), I can just say:
+ * 1. if p=0 or q=0 then pq=0
+ * 2. otherwise, find m and n such that p=x^m and q=x^n
+ * 3. pq=(x^m)(x^n)=x^(m+n), so add m and n and find pq
+ * The translations in steps 2 and 3 are looked up in the tables
+ * poly_to_exp (for step 2) and exp_to_poly (for step 3). To see this
+ * in action, look at the CALC_S macro. As additional wrinkles, note that
+ * one of my operands is always a constant, so the poly_to_exp lookup on it
+ * is done in advance; I included the original values in the comments so
+ * readers can have some chance of recognizing that this *is* the RS matrix
+ * from the Twofish paper. I've only included the table entries I actually
+ * need; I never do a lookup on a variable input of zero and the biggest
+ * exponents I'll ever see are 254 (variable) and 237 (constant), so they'll
+ * never sum to more than 491. I'm repeating part of the exp_to_poly table
+ * so that I don't have to do mod-255 reduction in the exponent arithmetic.
+ * Since I know my constant operands are never zero, I only have to worry
+ * about zero values in the variable operand, and I do it with a simple
+ * conditional branch. I know conditionals are expensive, but I couldn't
+ * see a non-horrible way of avoiding them, and I did manage to group the
+ * statements so that each if covers four group multiplications. */
+
+static const byte poly_to_exp[255] = {
+ 0x00, 0x01, 0x17, 0x02, 0x2E, 0x18, 0x53, 0x03, 0x6A, 0x2F, 0x93, 0x19,
+ 0x34, 0x54, 0x45, 0x04, 0x5C, 0x6B, 0xB6, 0x30, 0xA6, 0x94, 0x4B, 0x1A,
+ 0x8C, 0x35, 0x81, 0x55, 0xAA, 0x46, 0x0D, 0x05, 0x24, 0x5D, 0x87, 0x6C,
+ 0x9B, 0xB7, 0xC1, 0x31, 0x2B, 0xA7, 0xA3, 0x95, 0x98, 0x4C, 0xCA, 0x1B,
+ 0xE6, 0x8D, 0x73, 0x36, 0xCD, 0x82, 0x12, 0x56, 0x62, 0xAB, 0xF0, 0x47,
+ 0x4F, 0x0E, 0xBD, 0x06, 0xD4, 0x25, 0xD2, 0x5E, 0x27, 0x88, 0x66, 0x6D,
+ 0xD6, 0x9C, 0x79, 0xB8, 0x08, 0xC2, 0xDF, 0x32, 0x68, 0x2C, 0xFD, 0xA8,
+ 0x8A, 0xA4, 0x5A, 0x96, 0x29, 0x99, 0x22, 0x4D, 0x60, 0xCB, 0xE4, 0x1C,
+ 0x7B, 0xE7, 0x3B, 0x8E, 0x9E, 0x74, 0xF4, 0x37, 0xD8, 0xCE, 0xF9, 0x83,
+ 0x6F, 0x13, 0xB2, 0x57, 0xE1, 0x63, 0xDC, 0xAC, 0xC4, 0xF1, 0xAF, 0x48,
+ 0x0A, 0x50, 0x42, 0x0F, 0xBA, 0xBE, 0xC7, 0x07, 0xDE, 0xD5, 0x78, 0x26,
+ 0x65, 0xD3, 0xD1, 0x5F, 0xE3, 0x28, 0x21, 0x89, 0x59, 0x67, 0xFC, 0x6E,
+ 0xB1, 0xD7, 0xF8, 0x9D, 0xF3, 0x7A, 0x3A, 0xB9, 0xC6, 0x09, 0x41, 0xC3,
+ 0xAE, 0xE0, 0xDB, 0x33, 0x44, 0x69, 0x92, 0x2D, 0x52, 0xFE, 0x16, 0xA9,
+ 0x0C, 0x8B, 0x80, 0xA5, 0x4A, 0x5B, 0xB5, 0x97, 0xC9, 0x2A, 0xA2, 0x9A,
+ 0xC0, 0x23, 0x86, 0x4E, 0xBC, 0x61, 0xEF, 0xCC, 0x11, 0xE5, 0x72, 0x1D,
+ 0x3D, 0x7C, 0xEB, 0xE8, 0xE9, 0x3C, 0xEA, 0x8F, 0x7D, 0x9F, 0xEC, 0x75,
+ 0x1E, 0xF5, 0x3E, 0x38, 0xF6, 0xD9, 0x3F, 0xCF, 0x76, 0xFA, 0x1F, 0x84,
+ 0xA0, 0x70, 0xED, 0x14, 0x90, 0xB3, 0x7E, 0x58, 0xFB, 0xE2, 0x20, 0x64,
+ 0xD0, 0xDD, 0x77, 0xAD, 0xDA, 0xC5, 0x40, 0xF2, 0x39, 0xB0, 0xF7, 0x49,
+ 0xB4, 0x0B, 0x7F, 0x51, 0x15, 0x43, 0x91, 0x10, 0x71, 0xBB, 0xEE, 0xBF,
+ 0x85, 0xC8, 0xA1
+};
+
+static const byte exp_to_poly[492] = {
+ 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x4D, 0x9A, 0x79, 0xF2,
+ 0xA9, 0x1F, 0x3E, 0x7C, 0xF8, 0xBD, 0x37, 0x6E, 0xDC, 0xF5, 0xA7, 0x03,
+ 0x06, 0x0C, 0x18, 0x30, 0x60, 0xC0, 0xCD, 0xD7, 0xE3, 0x8B, 0x5B, 0xB6,
+ 0x21, 0x42, 0x84, 0x45, 0x8A, 0x59, 0xB2, 0x29, 0x52, 0xA4, 0x05, 0x0A,
+ 0x14, 0x28, 0x50, 0xA0, 0x0D, 0x1A, 0x34, 0x68, 0xD0, 0xED, 0x97, 0x63,
+ 0xC6, 0xC1, 0xCF, 0xD3, 0xEB, 0x9B, 0x7B, 0xF6, 0xA1, 0x0F, 0x1E, 0x3C,
+ 0x78, 0xF0, 0xAD, 0x17, 0x2E, 0x5C, 0xB8, 0x3D, 0x7A, 0xF4, 0xA5, 0x07,
+ 0x0E, 0x1C, 0x38, 0x70, 0xE0, 0x8D, 0x57, 0xAE, 0x11, 0x22, 0x44, 0x88,
+ 0x5D, 0xBA, 0x39, 0x72, 0xE4, 0x85, 0x47, 0x8E, 0x51, 0xA2, 0x09, 0x12,
+ 0x24, 0x48, 0x90, 0x6D, 0xDA, 0xF9, 0xBF, 0x33, 0x66, 0xCC, 0xD5, 0xE7,
+ 0x83, 0x4B, 0x96, 0x61, 0xC2, 0xC9, 0xDF, 0xF3, 0xAB, 0x1B, 0x36, 0x6C,
+ 0xD8, 0xFD, 0xB7, 0x23, 0x46, 0x8C, 0x55, 0xAA, 0x19, 0x32, 0x64, 0xC8,
+ 0xDD, 0xF7, 0xA3, 0x0B, 0x16, 0x2C, 0x58, 0xB0, 0x2D, 0x5A, 0xB4, 0x25,
+ 0x4A, 0x94, 0x65, 0xCA, 0xD9, 0xFF, 0xB3, 0x2B, 0x56, 0xAC, 0x15, 0x2A,
+ 0x54, 0xA8, 0x1D, 0x3A, 0x74, 0xE8, 0x9D, 0x77, 0xEE, 0x91, 0x6F, 0xDE,
+ 0xF1, 0xAF, 0x13, 0x26, 0x4C, 0x98, 0x7D, 0xFA, 0xB9, 0x3F, 0x7E, 0xFC,
+ 0xB5, 0x27, 0x4E, 0x9C, 0x75, 0xEA, 0x99, 0x7F, 0xFE, 0xB1, 0x2F, 0x5E,
+ 0xBC, 0x35, 0x6A, 0xD4, 0xE5, 0x87, 0x43, 0x86, 0x41, 0x82, 0x49, 0x92,
+ 0x69, 0xD2, 0xE9, 0x9F, 0x73, 0xE6, 0x81, 0x4F, 0x9E, 0x71, 0xE2, 0x89,
+ 0x5F, 0xBE, 0x31, 0x62, 0xC4, 0xC5, 0xC7, 0xC3, 0xCB, 0xDB, 0xFB, 0xBB,
+ 0x3B, 0x76, 0xEC, 0x95, 0x67, 0xCE, 0xD1, 0xEF, 0x93, 0x6B, 0xD6, 0xE1,
+ 0x8F, 0x53, 0xA6, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x4D,
+ 0x9A, 0x79, 0xF2, 0xA9, 0x1F, 0x3E, 0x7C, 0xF8, 0xBD, 0x37, 0x6E, 0xDC,
+ 0xF5, 0xA7, 0x03, 0x06, 0x0C, 0x18, 0x30, 0x60, 0xC0, 0xCD, 0xD7, 0xE3,
+ 0x8B, 0x5B, 0xB6, 0x21, 0x42, 0x84, 0x45, 0x8A, 0x59, 0xB2, 0x29, 0x52,
+ 0xA4, 0x05, 0x0A, 0x14, 0x28, 0x50, 0xA0, 0x0D, 0x1A, 0x34, 0x68, 0xD0,
+ 0xED, 0x97, 0x63, 0xC6, 0xC1, 0xCF, 0xD3, 0xEB, 0x9B, 0x7B, 0xF6, 0xA1,
+ 0x0F, 0x1E, 0x3C, 0x78, 0xF0, 0xAD, 0x17, 0x2E, 0x5C, 0xB8, 0x3D, 0x7A,
+ 0xF4, 0xA5, 0x07, 0x0E, 0x1C, 0x38, 0x70, 0xE0, 0x8D, 0x57, 0xAE, 0x11,
+ 0x22, 0x44, 0x88, 0x5D, 0xBA, 0x39, 0x72, 0xE4, 0x85, 0x47, 0x8E, 0x51,
+ 0xA2, 0x09, 0x12, 0x24, 0x48, 0x90, 0x6D, 0xDA, 0xF9, 0xBF, 0x33, 0x66,
+ 0xCC, 0xD5, 0xE7, 0x83, 0x4B, 0x96, 0x61, 0xC2, 0xC9, 0xDF, 0xF3, 0xAB,
+ 0x1B, 0x36, 0x6C, 0xD8, 0xFD, 0xB7, 0x23, 0x46, 0x8C, 0x55, 0xAA, 0x19,
+ 0x32, 0x64, 0xC8, 0xDD, 0xF7, 0xA3, 0x0B, 0x16, 0x2C, 0x58, 0xB0, 0x2D,
+ 0x5A, 0xB4, 0x25, 0x4A, 0x94, 0x65, 0xCA, 0xD9, 0xFF, 0xB3, 0x2B, 0x56,
+ 0xAC, 0x15, 0x2A, 0x54, 0xA8, 0x1D, 0x3A, 0x74, 0xE8, 0x9D, 0x77, 0xEE,
+ 0x91, 0x6F, 0xDE, 0xF1, 0xAF, 0x13, 0x26, 0x4C, 0x98, 0x7D, 0xFA, 0xB9,
+ 0x3F, 0x7E, 0xFC, 0xB5, 0x27, 0x4E, 0x9C, 0x75, 0xEA, 0x99, 0x7F, 0xFE,
+ 0xB1, 0x2F, 0x5E, 0xBC, 0x35, 0x6A, 0xD4, 0xE5, 0x87, 0x43, 0x86, 0x41,
+ 0x82, 0x49, 0x92, 0x69, 0xD2, 0xE9, 0x9F, 0x73, 0xE6, 0x81, 0x4F, 0x9E,
+ 0x71, 0xE2, 0x89, 0x5F, 0xBE, 0x31, 0x62, 0xC4, 0xC5, 0xC7, 0xC3, 0xCB
+};
+
+
+/* The table constants are indices of
+ * S-box entries, preprocessed through q0 and q1. */
+static byte calc_sb_tbl[512] = {
+ 0xA9, 0x75, 0x67, 0xF3, 0xB3, 0xC6, 0xE8, 0xF4,
+ 0x04, 0xDB, 0xFD, 0x7B, 0xA3, 0xFB, 0x76, 0xC8,
+ 0x9A, 0x4A, 0x92, 0xD3, 0x80, 0xE6, 0x78, 0x6B,
+ 0xE4, 0x45, 0xDD, 0x7D, 0xD1, 0xE8, 0x38, 0x4B,
+ 0x0D, 0xD6, 0xC6, 0x32, 0x35, 0xD8, 0x98, 0xFD,
+ 0x18, 0x37, 0xF7, 0x71, 0xEC, 0xF1, 0x6C, 0xE1,
+ 0x43, 0x30, 0x75, 0x0F, 0x37, 0xF8, 0x26, 0x1B,
+ 0xFA, 0x87, 0x13, 0xFA, 0x94, 0x06, 0x48, 0x3F,
+ 0xF2, 0x5E, 0xD0, 0xBA, 0x8B, 0xAE, 0x30, 0x5B,
+ 0x84, 0x8A, 0x54, 0x00, 0xDF, 0xBC, 0x23, 0x9D,
+ 0x19, 0x6D, 0x5B, 0xC1, 0x3D, 0xB1, 0x59, 0x0E,
+ 0xF3, 0x80, 0xAE, 0x5D, 0xA2, 0xD2, 0x82, 0xD5,
+ 0x63, 0xA0, 0x01, 0x84, 0x83, 0x07, 0x2E, 0x14,
+ 0xD9, 0xB5, 0x51, 0x90, 0x9B, 0x2C, 0x7C, 0xA3,
+ 0xA6, 0xB2, 0xEB, 0x73, 0xA5, 0x4C, 0xBE, 0x54,
+ 0x16, 0x92, 0x0C, 0x74, 0xE3, 0x36, 0x61, 0x51,
+ 0xC0, 0x38, 0x8C, 0xB0, 0x3A, 0xBD, 0xF5, 0x5A,
+ 0x73, 0xFC, 0x2C, 0x60, 0x25, 0x62, 0x0B, 0x96,
+ 0xBB, 0x6C, 0x4E, 0x42, 0x89, 0xF7, 0x6B, 0x10,
+ 0x53, 0x7C, 0x6A, 0x28, 0xB4, 0x27, 0xF1, 0x8C,
+ 0xE1, 0x13, 0xE6, 0x95, 0xBD, 0x9C, 0x45, 0xC7,
+ 0xE2, 0x24, 0xF4, 0x46, 0xB6, 0x3B, 0x66, 0x70,
+ 0xCC, 0xCA, 0x95, 0xE3, 0x03, 0x85, 0x56, 0xCB,
+ 0xD4, 0x11, 0x1C, 0xD0, 0x1E, 0x93, 0xD7, 0xB8,
+ 0xFB, 0xA6, 0xC3, 0x83, 0x8E, 0x20, 0xB5, 0xFF,
+ 0xE9, 0x9F, 0xCF, 0x77, 0xBF, 0xC3, 0xBA, 0xCC,
+ 0xEA, 0x03, 0x77, 0x6F, 0x39, 0x08, 0xAF, 0xBF,
+ 0x33, 0x40, 0xC9, 0xE7, 0x62, 0x2B, 0x71, 0xE2,
+ 0x81, 0x79, 0x79, 0x0C, 0x09, 0xAA, 0xAD, 0x82,
+ 0x24, 0x41, 0xCD, 0x3A, 0xF9, 0xEA, 0xD8, 0xB9,
+ 0xE5, 0xE4, 0xC5, 0x9A, 0xB9, 0xA4, 0x4D, 0x97,
+ 0x44, 0x7E, 0x08, 0xDA, 0x86, 0x7A, 0xE7, 0x17,
+ 0xA1, 0x66, 0x1D, 0x94, 0xAA, 0xA1, 0xED, 0x1D,
+ 0x06, 0x3D, 0x70, 0xF0, 0xB2, 0xDE, 0xD2, 0xB3,
+ 0x41, 0x0B, 0x7B, 0x72, 0xA0, 0xA7, 0x11, 0x1C,
+ 0x31, 0xEF, 0xC2, 0xD1, 0x27, 0x53, 0x90, 0x3E,
+ 0x20, 0x8F, 0xF6, 0x33, 0x60, 0x26, 0xFF, 0x5F,
+ 0x96, 0xEC, 0x5C, 0x76, 0xB1, 0x2A, 0xAB, 0x49,
+ 0x9E, 0x81, 0x9C, 0x88, 0x52, 0xEE, 0x1B, 0x21,
+ 0x5F, 0xC4, 0x93, 0x1A, 0x0A, 0xEB, 0xEF, 0xD9,
+ 0x91, 0xC5, 0x85, 0x39, 0x49, 0x99, 0xEE, 0xCD,
+ 0x2D, 0xAD, 0x4F, 0x31, 0x8F, 0x8B, 0x3B, 0x01,
+ 0x47, 0x18, 0x87, 0x23, 0x6D, 0xDD, 0x46, 0x1F,
+ 0xD6, 0x4E, 0x3E, 0x2D, 0x69, 0xF9, 0x64, 0x48,
+ 0x2A, 0x4F, 0xCE, 0xF2, 0xCB, 0x65, 0x2F, 0x8E,
+ 0xFC, 0x78, 0x97, 0x5C, 0x05, 0x58, 0x7A, 0x19,
+ 0xAC, 0x8D, 0x7F, 0xE5, 0xD5, 0x98, 0x1A, 0x57,
+ 0x4B, 0x67, 0x0E, 0x7F, 0xA7, 0x05, 0x5A, 0x64,
+ 0x28, 0xAF, 0x14, 0x63, 0x3F, 0xB6, 0x29, 0xFE,
+ 0x88, 0xF5, 0x3C, 0xB7, 0x4C, 0x3C, 0x02, 0xA5,
+ 0xB8, 0xCE, 0xDA, 0xE9, 0xB0, 0x68, 0x17, 0x44,
+ 0x55, 0xE0, 0x1F, 0x4D, 0x8A, 0x43, 0x7D, 0x69,
+ 0x57, 0x29, 0xC7, 0x2E, 0x8D, 0xAC, 0x74, 0x15,
+ 0xB7, 0x59, 0xC4, 0xA8, 0x9F, 0x0A, 0x72, 0x9E,
+ 0x7E, 0x6E, 0x15, 0x47, 0x22, 0xDF, 0x12, 0x34,
+ 0x58, 0x35, 0x07, 0x6A, 0x99, 0xCF, 0x34, 0xDC,
+ 0x6E, 0x22, 0x50, 0xC9, 0xDE, 0xC0, 0x68, 0x9B,
+ 0x65, 0x89, 0xBC, 0xD4, 0xDB, 0xED, 0xF8, 0xAB,
+ 0xC8, 0x12, 0xA8, 0xA2, 0x2B, 0x0D, 0x40, 0x52,
+ 0xDC, 0xBB, 0xFE, 0x02, 0x32, 0x2F, 0xA4, 0xA9,
+ 0xCA, 0xD7, 0x10, 0x61, 0x21, 0x1E, 0xF0, 0xB4,
+ 0xD3, 0x50, 0x5D, 0x04, 0x0F, 0xF6, 0x00, 0xC2,
+ 0x6F, 0x16, 0x9D, 0x25, 0x36, 0x86, 0x42, 0x56,
+ 0x4A, 0x55, 0x5E, 0x09, 0xC1, 0xBE, 0xE0, 0x91
+};
+/* Macro to perform one column of the RS matrix multiplication. The
+ * parameters a, b, c, and d are the four bytes of output; i is the index
+ * of the key bytes, and w, x, y, and z, are the column of constants from
+ * the RS matrix, preprocessed through the poly_to_exp table. */
+
+#define CALC_S(a, b, c, d, i, w, x, y, z) \
+ if (key[i]) { \
+ tmp = poly_to_exp[key[i] - 1]; \
+ (a) ^= exp_to_poly[tmp + (w)]; \
+ (b) ^= exp_to_poly[tmp + (x)]; \
+ (c) ^= exp_to_poly[tmp + (y)]; \
+ (d) ^= exp_to_poly[tmp + (z)]; \
+ }
+
+/* Macros to calculate the key-dependent S-boxes for a 128-bit key using
+ * the S vector from CALC_S. CALC_SB_2 computes a single entry in all
+ * four S-boxes, where i is the index of the entry to compute, and a and b
+ * are the index numbers preprocessed through the q0 and q1 tables
+ * respectively. CALC_SB is simply a convenience to make the code shorter;
+ * it calls CALC_SB_2 four times with consecutive indices from i to i+3,
+ * using the remaining parameters two by two. */
+
+#define CALC_SB_2(i, a, b) \
+ ctx->s[0][i] = mds[0][q0[(a) ^ sa] ^ se]; \
+ ctx->s[1][i] = mds[1][q0[(b) ^ sb] ^ sf]; \
+ ctx->s[2][i] = mds[2][q1[(a) ^ sc] ^ sg]; \
+ ctx->s[3][i] = mds[3][q1[(b) ^ sd] ^ sh]
+
+#define CALC_SB(i, a, b, c, d, e, f, g, h) \
+ CALC_SB_2 (i, a, b); CALC_SB_2 ((i)+1, c, d); \
+ CALC_SB_2 ((i)+2, e, f); CALC_SB_2 ((i)+3, g, h)
+
+/* Macros exactly like CALC_SB and CALC_SB_2, but for 256-bit keys. */
+
+#define CALC_SB256_2(i, a, b) \
+ ctx->s[0][i] = mds[0][q0[q0[q1[(b) ^ sa] ^ se] ^ si] ^ sm]; \
+ ctx->s[1][i] = mds[1][q0[q1[q1[(a) ^ sb] ^ sf] ^ sj] ^ sn]; \
+ ctx->s[2][i] = mds[2][q1[q0[q0[(a) ^ sc] ^ sg] ^ sk] ^ so]; \
+ ctx->s[3][i] = mds[3][q1[q1[q0[(b) ^ sd] ^ sh] ^ sl] ^ sp];
+
+#define CALC_SB256(i, a, b, c, d, e, f, g, h) \
+ CALC_SB256_2 (i, a, b); CALC_SB256_2 ((i)+1, c, d); \
+ CALC_SB256_2 ((i)+2, e, f); CALC_SB256_2 ((i)+3, g, h)
+
+/* Macros to calculate the whitening and round subkeys. CALC_K_2 computes the
+ * last two stages of the h() function for a given index (either 2i or 2i+1).
+ * a, b, c, and d are the four bytes going into the last two stages. For
+ * 128-bit keys, this is the entire h() function and a and c are the index
+ * preprocessed through q0 and q1 respectively; for longer keys they are the
+ * output of previous stages. j is the index of the first key byte to use.
+ * CALC_K computes a pair of subkeys for 128-bit Twofish, by calling CALC_K_2
+ * twice, doing the Psuedo-Hadamard Transform, and doing the necessary
+ * rotations. Its parameters are: a, the array to write the results into,
+ * j, the index of the first output entry, k and l, the preprocessed indices
+ * for index 2i, and m and n, the preprocessed indices for index 2i+1.
+ * CALC_K256_2 expands CALC_K_2 to handle 256-bit keys, by doing two
+ * additional lookup-and-XOR stages. The parameters a and b are the index
+ * preprocessed through q0 and q1 respectively; j is the index of the first
+ * key byte to use. CALC_K256 is identical to CALC_K but for using the
+ * CALC_K256_2 macro instead of CALC_K_2. */
+
+#define CALC_K_2(a, b, c, d, j) \
+ mds[0][q0[a ^ key[(j) + 8]] ^ key[j]] \
+ ^ mds[1][q0[b ^ key[(j) + 9]] ^ key[(j) + 1]] \
+ ^ mds[2][q1[c ^ key[(j) + 10]] ^ key[(j) + 2]] \
+ ^ mds[3][q1[d ^ key[(j) + 11]] ^ key[(j) + 3]]
+
+#define CALC_K(a, j, k, l, m, n) \
+ x = CALC_K_2 (k, l, k, l, 0); \
+ y = CALC_K_2 (m, n, m, n, 4); \
+ y = (y << 8) + (y >> 24); \
+ x += y; y += x; ctx->a[j] = x; \
+ ctx->a[(j) + 1] = (y << 9) + (y >> 23)
+
+#define CALC_K256_2(a, b, j) \
+ CALC_K_2 (q0[q1[b ^ key[(j) + 24]] ^ key[(j) + 16]], \
+ q1[q1[a ^ key[(j) + 25]] ^ key[(j) + 17]], \
+ q0[q0[a ^ key[(j) + 26]] ^ key[(j) + 18]], \
+ q1[q0[b ^ key[(j) + 27]] ^ key[(j) + 19]], j)
+
+#define CALC_K256(a, j, k, l, m, n) \
+ x = CALC_K256_2 (k, l, 0); \
+ y = CALC_K256_2 (m, n, 4); \
+ y = (y << 8) + (y >> 24); \
+ x += y; y += x; ctx->a[j] = x; \
+ ctx->a[(j) + 1] = (y << 9) + (y >> 23)
+
+
+
+/* Perform the key setup. Note that this works only with 128- and 256-bit
+ * keys, despite the API that looks like it might support other sizes. */
+
+static gcry_err_code_t
+do_twofish_setkey (TWOFISH_context *ctx, const byte *key, const unsigned keylen)
+{
+ int i, j, k;
+
+ /* Temporaries for CALC_K. */
+ u32 x, y;
+
+ /* The S vector used to key the S-boxes, split up into individual bytes.
+ * 128-bit keys use only sa through sh; 256-bit use all of them. */
+ byte sa = 0, sb = 0, sc = 0, sd = 0, se = 0, sf = 0, sg = 0, sh = 0;
+ byte si = 0, sj = 0, sk = 0, sl = 0, sm = 0, sn = 0, so = 0, sp = 0;
+
+ /* Temporary for CALC_S. */
+ byte tmp;
+
+ /* Flags for self-test. */
+ static int initialized = 0;
+ static const char *selftest_failed=0;
+
+ /* Check key length. */
+ if( ( ( keylen - 16 ) | 16 ) != 16 )
+ return GPG_ERR_INV_KEYLEN;
+
+ /* Do self-test if necessary. */
+ if (!initialized)
+ {
+ initialized = 1;
+ selftest_failed = selftest ();
+ if( selftest_failed )
+ log_error("%s\n", selftest_failed );
+ }
+ if( selftest_failed )
+ return GPG_ERR_SELFTEST_FAILED;
+
+ /* Compute the first two words of the S vector. The magic numbers are
+ * the entries of the RS matrix, preprocessed through poly_to_exp. The
+ * numbers in the comments are the original (polynomial form) matrix
+ * entries. */
+ CALC_S (sa, sb, sc, sd, 0, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */
+ CALC_S (sa, sb, sc, sd, 1, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */
+ CALC_S (sa, sb, sc, sd, 2, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */
+ CALC_S (sa, sb, sc, sd, 3, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */
+ CALC_S (sa, sb, sc, sd, 4, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */
+ CALC_S (sa, sb, sc, sd, 5, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */
+ CALC_S (sa, sb, sc, sd, 6, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */
+ CALC_S (sa, sb, sc, sd, 7, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */
+ CALC_S (se, sf, sg, sh, 8, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */
+ CALC_S (se, sf, sg, sh, 9, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */
+ CALC_S (se, sf, sg, sh, 10, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */
+ CALC_S (se, sf, sg, sh, 11, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */
+ CALC_S (se, sf, sg, sh, 12, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */
+ CALC_S (se, sf, sg, sh, 13, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */
+ CALC_S (se, sf, sg, sh, 14, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */
+ CALC_S (se, sf, sg, sh, 15, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */
+
+ if (keylen == 32) /* 256-bit key */
+ {
+ /* Calculate the remaining two words of the S vector */
+ CALC_S (si, sj, sk, sl, 16, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */
+ CALC_S (si, sj, sk, sl, 17, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */
+ CALC_S (si, sj, sk, sl, 18, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */
+ CALC_S (si, sj, sk, sl, 19, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */
+ CALC_S (si, sj, sk, sl, 20, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */
+ CALC_S (si, sj, sk, sl, 21, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */
+ CALC_S (si, sj, sk, sl, 22, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */
+ CALC_S (si, sj, sk, sl, 23, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */
+ CALC_S (sm, sn, so, sp, 24, 0x00, 0x2D, 0x01, 0x2D); /* 01 A4 02 A4 */
+ CALC_S (sm, sn, so, sp, 25, 0x2D, 0xA4, 0x44, 0x8A); /* A4 56 A1 55 */
+ CALC_S (sm, sn, so, sp, 26, 0x8A, 0xD5, 0xBF, 0xD1); /* 55 82 FC 87 */
+ CALC_S (sm, sn, so, sp, 27, 0xD1, 0x7F, 0x3D, 0x99); /* 87 F3 C1 5A */
+ CALC_S (sm, sn, so, sp, 28, 0x99, 0x46, 0x66, 0x96); /* 5A 1E 47 58 */
+ CALC_S (sm, sn, so, sp, 29, 0x96, 0x3C, 0x5B, 0xED); /* 58 C6 AE DB */
+ CALC_S (sm, sn, so, sp, 30, 0xED, 0x37, 0x4F, 0xE0); /* DB 68 3D 9E */
+ CALC_S (sm, sn, so, sp, 31, 0xE0, 0xD0, 0x8C, 0x17); /* 9E E5 19 03 */
+
+ /* Compute the S-boxes. */
+ for(i=j=0,k=1; i < 256; i++, j += 2, k += 2 )
+ {
+ CALC_SB256_2( i, calc_sb_tbl[j], calc_sb_tbl[k] );
+ }
+
+ /* Calculate whitening and round subkeys. The constants are
+ * indices of subkeys, preprocessed through q0 and q1. */
+ CALC_K256 (w, 0, 0xA9, 0x75, 0x67, 0xF3);
+ CALC_K256 (w, 2, 0xB3, 0xC6, 0xE8, 0xF4);
+ CALC_K256 (w, 4, 0x04, 0xDB, 0xFD, 0x7B);
+ CALC_K256 (w, 6, 0xA3, 0xFB, 0x76, 0xC8);
+ CALC_K256 (k, 0, 0x9A, 0x4A, 0x92, 0xD3);
+ CALC_K256 (k, 2, 0x80, 0xE6, 0x78, 0x6B);
+ CALC_K256 (k, 4, 0xE4, 0x45, 0xDD, 0x7D);
+ CALC_K256 (k, 6, 0xD1, 0xE8, 0x38, 0x4B);
+ CALC_K256 (k, 8, 0x0D, 0xD6, 0xC6, 0x32);
+ CALC_K256 (k, 10, 0x35, 0xD8, 0x98, 0xFD);
+ CALC_K256 (k, 12, 0x18, 0x37, 0xF7, 0x71);
+ CALC_K256 (k, 14, 0xEC, 0xF1, 0x6C, 0xE1);
+ CALC_K256 (k, 16, 0x43, 0x30, 0x75, 0x0F);
+ CALC_K256 (k, 18, 0x37, 0xF8, 0x26, 0x1B);
+ CALC_K256 (k, 20, 0xFA, 0x87, 0x13, 0xFA);
+ CALC_K256 (k, 22, 0x94, 0x06, 0x48, 0x3F);
+ CALC_K256 (k, 24, 0xF2, 0x5E, 0xD0, 0xBA);
+ CALC_K256 (k, 26, 0x8B, 0xAE, 0x30, 0x5B);
+ CALC_K256 (k, 28, 0x84, 0x8A, 0x54, 0x00);
+ CALC_K256 (k, 30, 0xDF, 0xBC, 0x23, 0x9D);
+ }
+ else
+ {
+ /* Compute the S-boxes. */
+ for(i=j=0,k=1; i < 256; i++, j += 2, k += 2 )
+ {
+ CALC_SB_2( i, calc_sb_tbl[j], calc_sb_tbl[k] );
+ }
+
+ /* Calculate whitening and round subkeys. The constants are
+ * indices of subkeys, preprocessed through q0 and q1. */
+ CALC_K (w, 0, 0xA9, 0x75, 0x67, 0xF3);
+ CALC_K (w, 2, 0xB3, 0xC6, 0xE8, 0xF4);
+ CALC_K (w, 4, 0x04, 0xDB, 0xFD, 0x7B);
+ CALC_K (w, 6, 0xA3, 0xFB, 0x76, 0xC8);
+ CALC_K (k, 0, 0x9A, 0x4A, 0x92, 0xD3);
+ CALC_K (k, 2, 0x80, 0xE6, 0x78, 0x6B);
+ CALC_K (k, 4, 0xE4, 0x45, 0xDD, 0x7D);
+ CALC_K (k, 6, 0xD1, 0xE8, 0x38, 0x4B);
+ CALC_K (k, 8, 0x0D, 0xD6, 0xC6, 0x32);
+ CALC_K (k, 10, 0x35, 0xD8, 0x98, 0xFD);
+ CALC_K (k, 12, 0x18, 0x37, 0xF7, 0x71);
+ CALC_K (k, 14, 0xEC, 0xF1, 0x6C, 0xE1);
+ CALC_K (k, 16, 0x43, 0x30, 0x75, 0x0F);
+ CALC_K (k, 18, 0x37, 0xF8, 0x26, 0x1B);
+ CALC_K (k, 20, 0xFA, 0x87, 0x13, 0xFA);
+ CALC_K (k, 22, 0x94, 0x06, 0x48, 0x3F);
+ CALC_K (k, 24, 0xF2, 0x5E, 0xD0, 0xBA);
+ CALC_K (k, 26, 0x8B, 0xAE, 0x30, 0x5B);
+ CALC_K (k, 28, 0x84, 0x8A, 0x54, 0x00);
+ CALC_K (k, 30, 0xDF, 0xBC, 0x23, 0x9D);
+ }
+
+ return 0;
+}
+
+static gcry_err_code_t
+twofish_setkey (void *context, const byte *key, unsigned int keylen)
+{
+ TWOFISH_context *ctx = context;
+ int rc = do_twofish_setkey (ctx, key, keylen);
+ _gcry_burn_stack (23+6*sizeof(void*));
+ return rc;
+}
+
+
+
+/* Macros to compute the g() function in the encryption and decryption
+ * rounds. G1 is the straight g() function; G2 includes the 8-bit
+ * rotation for the high 32-bit word. */
+
+#define G1(a) \
+ (ctx->s[0][(a) & 0xFF]) ^ (ctx->s[1][((a) >> 8) & 0xFF]) \
+ ^ (ctx->s[2][((a) >> 16) & 0xFF]) ^ (ctx->s[3][(a) >> 24])
+
+#define G2(b) \
+ (ctx->s[1][(b) & 0xFF]) ^ (ctx->s[2][((b) >> 8) & 0xFF]) \
+ ^ (ctx->s[3][((b) >> 16) & 0xFF]) ^ (ctx->s[0][(b) >> 24])
+
+/* Encryption and decryption Feistel rounds. Each one calls the two g()
+ * macros, does the PHT, and performs the XOR and the appropriate bit
+ * rotations. The parameters are the round number (used to select subkeys),
+ * and the four 32-bit chunks of the text. */
+
+#define ENCROUND(n, a, b, c, d) \
+ x = G1 (a); y = G2 (b); \
+ x += y; y += x + ctx->k[2 * (n) + 1]; \
+ (c) ^= x + ctx->k[2 * (n)]; \
+ (c) = ((c) >> 1) + ((c) << 31); \
+ (d) = (((d) << 1)+((d) >> 31)) ^ y
+
+#define DECROUND(n, a, b, c, d) \
+ x = G1 (a); y = G2 (b); \
+ x += y; y += x; \
+ (d) ^= y + ctx->k[2 * (n) + 1]; \
+ (d) = ((d) >> 1) + ((d) << 31); \
+ (c) = (((c) << 1)+((c) >> 31)); \
+ (c) ^= (x + ctx->k[2 * (n)])
+
+/* Encryption and decryption cycles; each one is simply two Feistel rounds
+ * with the 32-bit chunks re-ordered to simulate the "swap" */
+
+#define ENCCYCLE(n) \
+ ENCROUND (2 * (n), a, b, c, d); \
+ ENCROUND (2 * (n) + 1, c, d, a, b)
+
+#define DECCYCLE(n) \
+ DECROUND (2 * (n) + 1, c, d, a, b); \
+ DECROUND (2 * (n), a, b, c, d)
+
+/* Macros to convert the input and output bytes into 32-bit words,
+ * and simultaneously perform the whitening step. INPACK packs word
+ * number n into the variable named by x, using whitening subkey number m.
+ * OUTUNPACK unpacks word number n from the variable named by x, using
+ * whitening subkey number m. */
+
+#define INPACK(n, x, m) \
+ x = in[4 * (n)] ^ (in[4 * (n) + 1] << 8) \
+ ^ (in[4 * (n) + 2] << 16) ^ (in[4 * (n) + 3] << 24) ^ ctx->w[m]
+
+#define OUTUNPACK(n, x, m) \
+ x ^= ctx->w[m]; \
+ out[4 * (n)] = x; out[4 * (n) + 1] = x >> 8; \
+ out[4 * (n) + 2] = x >> 16; out[4 * (n) + 3] = x >> 24
+
+/* Encrypt one block. in and out may be the same. */
+
+static void
+do_twofish_encrypt (const TWOFISH_context *ctx, byte *out, const byte *in)
+{
+ /* The four 32-bit chunks of the text. */
+ u32 a, b, c, d;
+
+ /* Temporaries used by the round function. */
+ u32 x, y;
+
+ /* Input whitening and packing. */
+ INPACK (0, a, 0);
+ INPACK (1, b, 1);
+ INPACK (2, c, 2);
+ INPACK (3, d, 3);
+
+ /* Encryption Feistel cycles. */
+ ENCCYCLE (0);
+ ENCCYCLE (1);
+ ENCCYCLE (2);
+ ENCCYCLE (3);
+ ENCCYCLE (4);
+ ENCCYCLE (5);
+ ENCCYCLE (6);
+ ENCCYCLE (7);
+
+ /* Output whitening and unpacking. */
+ OUTUNPACK (0, c, 4);
+ OUTUNPACK (1, d, 5);
+ OUTUNPACK (2, a, 6);
+ OUTUNPACK (3, b, 7);
+}
+
+static void
+twofish_encrypt (void *context, byte *out, const byte *in)
+{
+ TWOFISH_context *ctx = context;
+ do_twofish_encrypt (ctx, out, in);
+ _gcry_burn_stack (24+3*sizeof (void*));
+}
+
+
+/* Decrypt one block. in and out may be the same. */
+
+static void
+do_twofish_decrypt (const TWOFISH_context *ctx, byte *out, const byte *in)
+{
+ /* The four 32-bit chunks of the text. */
+ u32 a, b, c, d;
+
+ /* Temporaries used by the round function. */
+ u32 x, y;
+
+ /* Input whitening and packing. */
+ INPACK (0, c, 4);
+ INPACK (1, d, 5);
+ INPACK (2, a, 6);
+ INPACK (3, b, 7);
+
+ /* Encryption Feistel cycles. */
+ DECCYCLE (7);
+ DECCYCLE (6);
+ DECCYCLE (5);
+ DECCYCLE (4);
+ DECCYCLE (3);
+ DECCYCLE (2);
+ DECCYCLE (1);
+ DECCYCLE (0);
+
+ /* Output whitening and unpacking. */
+ OUTUNPACK (0, a, 0);
+ OUTUNPACK (1, b, 1);
+ OUTUNPACK (2, c, 2);
+ OUTUNPACK (3, d, 3);
+}
+
+static void
+twofish_decrypt (void *context, byte *out, const byte *in)
+{
+ TWOFISH_context *ctx = context;
+
+ do_twofish_decrypt (ctx, out, in);
+ _gcry_burn_stack (24+3*sizeof (void*));
+}
+
+
+/* Test a single encryption and decryption with each key size. */
+
+static const char*
+selftest (void)
+{
+ TWOFISH_context ctx; /* Expanded key. */
+ byte scratch[16]; /* Encryption/decryption result buffer. */
+
+ /* Test vectors for single encryption/decryption. Note that I am using
+ * the vectors from the Twofish paper's "known answer test", I=3 for
+ * 128-bit and I=4 for 256-bit, instead of the all-0 vectors from the
+ * "intermediate value test", because an all-0 key would trigger all the
+ * special cases in the RS matrix multiply, leaving the math untested. */
+ static byte plaintext[16] = {
+ 0xD4, 0x91, 0xDB, 0x16, 0xE7, 0xB1, 0xC3, 0x9E,
+ 0x86, 0xCB, 0x08, 0x6B, 0x78, 0x9F, 0x54, 0x19
+ };
+ static byte key[16] = {
+ 0x9F, 0x58, 0x9F, 0x5C, 0xF6, 0x12, 0x2C, 0x32,
+ 0xB6, 0xBF, 0xEC, 0x2F, 0x2A, 0xE8, 0xC3, 0x5A
+ };
+ static const byte ciphertext[16] = {
+ 0x01, 0x9F, 0x98, 0x09, 0xDE, 0x17, 0x11, 0x85,
+ 0x8F, 0xAA, 0xC3, 0xA3, 0xBA, 0x20, 0xFB, 0xC3
+ };
+ static byte plaintext_256[16] = {
+ 0x90, 0xAF, 0xE9, 0x1B, 0xB2, 0x88, 0x54, 0x4F,
+ 0x2C, 0x32, 0xDC, 0x23, 0x9B, 0x26, 0x35, 0xE6
+ };
+ static byte key_256[32] = {
+ 0xD4, 0x3B, 0xB7, 0x55, 0x6E, 0xA3, 0x2E, 0x46,
+ 0xF2, 0xA2, 0x82, 0xB7, 0xD4, 0x5B, 0x4E, 0x0D,
+ 0x57, 0xFF, 0x73, 0x9D, 0x4D, 0xC9, 0x2C, 0x1B,
+ 0xD7, 0xFC, 0x01, 0x70, 0x0C, 0xC8, 0x21, 0x6F
+ };
+ static const byte ciphertext_256[16] = {
+ 0x6C, 0xB4, 0x56, 0x1C, 0x40, 0xBF, 0x0A, 0x97,
+ 0x05, 0x93, 0x1C, 0xB6, 0xD4, 0x08, 0xE7, 0xFA
+ };
+
+ twofish_setkey (&ctx, key, sizeof(key));
+ twofish_encrypt (&ctx, scratch, plaintext);
+ if (memcmp (scratch, ciphertext, sizeof (ciphertext)))
+ return "Twofish-128 test encryption failed.";
+ twofish_decrypt (&ctx, scratch, scratch);
+ if (memcmp (scratch, plaintext, sizeof (plaintext)))
+ return "Twofish-128 test decryption failed.";
+
+ twofish_setkey (&ctx, key_256, sizeof(key_256));
+ twofish_encrypt (&ctx, scratch, plaintext_256);
+ if (memcmp (scratch, ciphertext_256, sizeof (ciphertext_256)))
+ return "Twofish-256 test encryption failed.";
+ twofish_decrypt (&ctx, scratch, scratch);
+ if (memcmp (scratch, plaintext_256, sizeof (plaintext_256)))
+ return "Twofish-256 test decryption failed.";
+
+ return NULL;
+}
+
+/* More complete test program. This does 1000 encryptions and decryptions
+ * with each of 250 128-bit keys and 2000 encryptions and decryptions with
+ * each of 125 256-bit keys, using a feedback scheme similar to a Feistel
+ * cipher, so as to be sure of testing all the table entries pretty
+ * thoroughly. We keep changing the keys so as to get a more meaningful
+ * performance number, since the key setup is non-trivial for Twofish. */
+
+#ifdef TEST
+
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+
+int
+main()
+{
+ TWOFISH_context ctx; /* Expanded key. */
+ int i, j; /* Loop counters. */
+
+ const char *encrypt_msg; /* Message to print regarding encryption test;
+ * the printf is done outside the loop to avoid
+ * stuffing up the timing. */
+ clock_t timer; /* For computing elapsed time. */
+
+ /* Test buffer. */
+ byte buffer[4][16] = {
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+ 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF},
+ {0x0F, 0x1E, 0x2D, 0x3C, 0x4B, 0x5A, 0x69, 0x78,
+ 0x87, 0x96, 0xA5, 0xB4, 0xC3, 0xD2 ,0xE1, 0xF0},
+ {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+ 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54 ,0x32, 0x10},
+ {0x01, 0x23, 0x45, 0x67, 0x76, 0x54 ,0x32, 0x10,
+ 0x89, 0xAB, 0xCD, 0xEF, 0xFE, 0xDC, 0xBA, 0x98}
+ };
+
+ /* Expected outputs for the million-operation test */
+ static const byte test_encrypt[4][16] = {
+ {0xC8, 0x23, 0xB8, 0xB7, 0x6B, 0xFE, 0x91, 0x13,
+ 0x2F, 0xA7, 0x5E, 0xE6, 0x94, 0x77, 0x6F, 0x6B},
+ {0x90, 0x36, 0xD8, 0x29, 0xD5, 0x96, 0xC2, 0x8E,
+ 0xE4, 0xFF, 0x76, 0xBC, 0xE5, 0x77, 0x88, 0x27},
+ {0xB8, 0x78, 0x69, 0xAF, 0x42, 0x8B, 0x48, 0x64,
+ 0xF7, 0xE9, 0xF3, 0x9C, 0x42, 0x18, 0x7B, 0x73},
+ {0x7A, 0x88, 0xFB, 0xEB, 0x90, 0xA4, 0xB4, 0xA8,
+ 0x43, 0xA3, 0x1D, 0xF1, 0x26, 0xC4, 0x53, 0x57}
+ };
+ static const byte test_decrypt[4][16] = {
+ {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+ 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF},
+ {0x0F, 0x1E, 0x2D, 0x3C, 0x4B, 0x5A, 0x69, 0x78,
+ 0x87, 0x96, 0xA5, 0xB4, 0xC3, 0xD2 ,0xE1, 0xF0},
+ {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+ 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54 ,0x32, 0x10},
+ {0x01, 0x23, 0x45, 0x67, 0x76, 0x54 ,0x32, 0x10,
+ 0x89, 0xAB, 0xCD, 0xEF, 0xFE, 0xDC, 0xBA, 0x98}
+ };
+
+ /* Start the timer ticking. */
+ timer = clock ();
+
+ /* Encryption test. */
+ for (i = 0; i < 125; i++)
+ {
+ twofish_setkey (&ctx, buffer[0], sizeof (buffer[0]));
+ for (j = 0; j < 1000; j++)
+ twofish_encrypt (&ctx, buffer[2], buffer[2]);
+ twofish_setkey (&ctx, buffer[1], sizeof (buffer[1]));
+ for (j = 0; j < 1000; j++)
+ twofish_encrypt (&ctx, buffer[3], buffer[3]);
+ twofish_setkey (&ctx, buffer[2], sizeof (buffer[2])*2);
+ for (j = 0; j < 1000; j++) {
+ twofish_encrypt (&ctx, buffer[0], buffer[0]);
+ twofish_encrypt (&ctx, buffer[1], buffer[1]);
+ }
+ }
+ encrypt_msg = memcmp (buffer, test_encrypt, sizeof (test_encrypt)) ?
+ "encryption failure!\n" : "encryption OK!\n";
+
+ /* Decryption test. */
+ for (i = 0; i < 125; i++)
+ {
+ twofish_setkey (&ctx, buffer[2], sizeof (buffer[2])*2);
+ for (j = 0; j < 1000; j++) {
+ twofish_decrypt (&ctx, buffer[0], buffer[0]);
+ twofish_decrypt (&ctx, buffer[1], buffer[1]);
+ }
+ twofish_setkey (&ctx, buffer[1], sizeof (buffer[1]));
+ for (j = 0; j < 1000; j++)
+ twofish_decrypt (&ctx, buffer[3], buffer[3]);
+ twofish_setkey (&ctx, buffer[0], sizeof (buffer[0]));
+ for (j = 0; j < 1000; j++)
+ twofish_decrypt (&ctx, buffer[2], buffer[2]);
+ }
+
+ /* Stop the timer, and print results. */
+ timer = clock () - timer;
+ printf (encrypt_msg);
+ printf (memcmp (buffer, test_decrypt, sizeof (test_decrypt)) ?
+ "decryption failure!\n" : "decryption OK!\n");
+ printf ("elapsed time: %.1f s.\n", (float) timer / CLOCKS_PER_SEC);
+
+ return 0;
+}
+
+#endif /* TEST */
+
+
+
+gcry_cipher_spec_t _gcry_cipher_spec_twofish =
+ {
+ "TWOFISH", NULL, NULL, 16, 256, sizeof (TWOFISH_context),
+ twofish_setkey, twofish_encrypt, twofish_decrypt
+ };
+
+gcry_cipher_spec_t _gcry_cipher_spec_twofish128 =
+ {
+ "TWOFISH128", NULL, NULL, 16, 128, sizeof (TWOFISH_context),
+ twofish_setkey, twofish_encrypt, twofish_decrypt
+ };
diff --git a/grub-core/lib/libgcrypt/cipher/whirlpool.c b/grub-core/lib/libgcrypt/cipher/whirlpool.c
new file mode 100644
index 0000000..9b029ee
--- /dev/null
+++ b/grub-core/lib/libgcrypt/cipher/whirlpool.c
@@ -0,0 +1,1406 @@
+/* whirlpool.c - Whirlpool hashing algorithm
+ * Copyright (C) 2005 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ *
+ */
+
+/* This is an implementation of the Whirlpool hashing algorithm, which
+ has been developed by Vincent Rijmen and Paulo S. L. M. Barreto;
+ it's homepage is located at:
+ http://planeta.terra.com.br/informatica/paulobarreto/WhirlpoolPage.html.
+
+ The S-Boxes and the structure of the main transformation function,
+ which implements an optimized version of the algorithm, is taken
+ from the reference implementation available from
+ http://planeta.terra.com.br/informatica/paulobarreto/whirlpool.zip. */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "types.h"
+#include "g10lib.h"
+#include "memory.h"
+#include "cipher.h"
+
+#include "bithelp.h"
+
+/* Size of a whirlpool block (in bytes). */
+#define BLOCK_SIZE 64
+
+/* Number of rounds. */
+#define R 10
+
+
+
+/* Types. */
+typedef u64 whirlpool_block_t[BLOCK_SIZE / 8];
+
+typedef struct {
+ whirlpool_block_t hash_state;
+ unsigned char buffer[BLOCK_SIZE];
+ size_t count;
+ unsigned char length[32];
+} whirlpool_context_t;
+
+
+
+/* Macros. */
+
+/* Convert the the buffer BUFFER into a block BLOCK, using I as
+ counter. */
+#define buffer_to_block(buffer, block, i) \
+ for (i = 0; i < 8; i++) \
+ (block)[i] = ((u64) (0 \
+ | (((u64) (buffer)[i * 8 + 0]) << 56) \
+ | (((u64) (buffer)[i * 8 + 1]) << 48) \
+ | (((u64) (buffer)[i * 8 + 2]) << 40) \
+ | (((u64) (buffer)[i * 8 + 3]) << 32) \
+ | (((u64) (buffer)[i * 8 + 4]) << 24) \
+ | (((u64) (buffer)[i * 8 + 5]) << 16) \
+ | (((u64) (buffer)[i * 8 + 6]) << 8) \
+ | (((u64) (buffer)[i * 8 + 7]) << 0)));
+
+/* Convert the block BLOCK into a buffer BUFFER, using I as
+ counter. */
+#define block_to_buffer(buffer, block, i) \
+ for (i = 0; i < 8; i++) \
+ { \
+ (buffer)[i * 8 + 0] = (block[i] >> 56) & 0xFF; \
+ (buffer)[i * 8 + 1] = (block[i] >> 48) & 0xFF; \
+ (buffer)[i * 8 + 2] = (block[i] >> 40) & 0xFF; \
+ (buffer)[i * 8 + 3] = (block[i] >> 32) & 0xFF; \
+ (buffer)[i * 8 + 4] = (block[i] >> 24) & 0xFF; \
+ (buffer)[i * 8 + 5] = (block[i] >> 16) & 0xFF; \
+ (buffer)[i * 8 + 6] = (block[i] >> 8) & 0xFF; \
+ (buffer)[i * 8 + 7] = (block[i] >> 0) & 0xFF; \
+ }
+
+/* Copy the block BLOCK_SRC to BLOCK_DST, using I as counter. */
+#define block_copy(block_dst, block_src, i) \
+ for (i = 0; i < 8; i++) \
+ block_dst[i] = block_src[i];
+
+/* XOR the block BLOCK_SRC into BLOCK_DST, using I as counter. */
+#define block_xor(block_dst, block_src, i) \
+ for (i = 0; i < 8; i++) \
+ block_dst[i] ^= block_src[i];
+
+
+
+/* Round constants. */
+static const u64 rc[R] =
+ {
+ U64_C (0x1823c6e887b8014f),
+ U64_C (0x36a6d2f5796f9152),
+ U64_C (0x60bc9b8ea30c7b35),
+ U64_C (0x1de0d7c22e4bfe57),
+ U64_C (0x157737e59ff04ada),
+ U64_C (0x58c9290ab1a06b85),
+ U64_C (0xbd5d10f4cb3e0567),
+ U64_C (0xe427418ba77d95d8),
+ U64_C (0xfbee7c66dd17479e),
+ U64_C (0xca2dbf07ad5a8333),
+ };
+
+
+
+/* Main lookup boxes. */
+static const u64 C0[256] =
+ {
+ U64_C (0x18186018c07830d8), U64_C (0x23238c2305af4626),
+ U64_C (0xc6c63fc67ef991b8), U64_C (0xe8e887e8136fcdfb),
+ U64_C (0x878726874ca113cb), U64_C (0xb8b8dab8a9626d11),
+ U64_C (0x0101040108050209), U64_C (0x4f4f214f426e9e0d),
+ U64_C (0x3636d836adee6c9b), U64_C (0xa6a6a2a6590451ff),
+ U64_C (0xd2d26fd2debdb90c), U64_C (0xf5f5f3f5fb06f70e),
+ U64_C (0x7979f979ef80f296), U64_C (0x6f6fa16f5fcede30),
+ U64_C (0x91917e91fcef3f6d), U64_C (0x52525552aa07a4f8),
+ U64_C (0x60609d6027fdc047), U64_C (0xbcbccabc89766535),
+ U64_C (0x9b9b569baccd2b37), U64_C (0x8e8e028e048c018a),
+ U64_C (0xa3a3b6a371155bd2), U64_C (0x0c0c300c603c186c),
+ U64_C (0x7b7bf17bff8af684), U64_C (0x3535d435b5e16a80),
+ U64_C (0x1d1d741de8693af5), U64_C (0xe0e0a7e05347ddb3),
+ U64_C (0xd7d77bd7f6acb321), U64_C (0xc2c22fc25eed999c),
+ U64_C (0x2e2eb82e6d965c43), U64_C (0x4b4b314b627a9629),
+ U64_C (0xfefedffea321e15d), U64_C (0x575741578216aed5),
+ U64_C (0x15155415a8412abd), U64_C (0x7777c1779fb6eee8),
+ U64_C (0x3737dc37a5eb6e92), U64_C (0xe5e5b3e57b56d79e),
+ U64_C (0x9f9f469f8cd92313), U64_C (0xf0f0e7f0d317fd23),
+ U64_C (0x4a4a354a6a7f9420), U64_C (0xdada4fda9e95a944),
+ U64_C (0x58587d58fa25b0a2), U64_C (0xc9c903c906ca8fcf),
+ U64_C (0x2929a429558d527c), U64_C (0x0a0a280a5022145a),
+ U64_C (0xb1b1feb1e14f7f50), U64_C (0xa0a0baa0691a5dc9),
+ U64_C (0x6b6bb16b7fdad614), U64_C (0x85852e855cab17d9),
+ U64_C (0xbdbdcebd8173673c), U64_C (0x5d5d695dd234ba8f),
+ U64_C (0x1010401080502090), U64_C (0xf4f4f7f4f303f507),
+ U64_C (0xcbcb0bcb16c08bdd), U64_C (0x3e3ef83eedc67cd3),
+ U64_C (0x0505140528110a2d), U64_C (0x676781671fe6ce78),
+ U64_C (0xe4e4b7e47353d597), U64_C (0x27279c2725bb4e02),
+ U64_C (0x4141194132588273), U64_C (0x8b8b168b2c9d0ba7),
+ U64_C (0xa7a7a6a7510153f6), U64_C (0x7d7de97dcf94fab2),
+ U64_C (0x95956e95dcfb3749), U64_C (0xd8d847d88e9fad56),
+ U64_C (0xfbfbcbfb8b30eb70), U64_C (0xeeee9fee2371c1cd),
+ U64_C (0x7c7ced7cc791f8bb), U64_C (0x6666856617e3cc71),
+ U64_C (0xdddd53dda68ea77b), U64_C (0x17175c17b84b2eaf),
+ U64_C (0x4747014702468e45), U64_C (0x9e9e429e84dc211a),
+ U64_C (0xcaca0fca1ec589d4), U64_C (0x2d2db42d75995a58),
+ U64_C (0xbfbfc6bf9179632e), U64_C (0x07071c07381b0e3f),
+ U64_C (0xadad8ead012347ac), U64_C (0x5a5a755aea2fb4b0),
+ U64_C (0x838336836cb51bef), U64_C (0x3333cc3385ff66b6),
+ U64_C (0x636391633ff2c65c), U64_C (0x02020802100a0412),
+ U64_C (0xaaaa92aa39384993), U64_C (0x7171d971afa8e2de),
+ U64_C (0xc8c807c80ecf8dc6), U64_C (0x19196419c87d32d1),
+ U64_C (0x494939497270923b), U64_C (0xd9d943d9869aaf5f),
+ U64_C (0xf2f2eff2c31df931), U64_C (0xe3e3abe34b48dba8),
+ U64_C (0x5b5b715be22ab6b9), U64_C (0x88881a8834920dbc),
+ U64_C (0x9a9a529aa4c8293e), U64_C (0x262698262dbe4c0b),
+ U64_C (0x3232c8328dfa64bf), U64_C (0xb0b0fab0e94a7d59),
+ U64_C (0xe9e983e91b6acff2), U64_C (0x0f0f3c0f78331e77),
+ U64_C (0xd5d573d5e6a6b733), U64_C (0x80803a8074ba1df4),
+ U64_C (0xbebec2be997c6127), U64_C (0xcdcd13cd26de87eb),
+ U64_C (0x3434d034bde46889), U64_C (0x48483d487a759032),
+ U64_C (0xffffdbffab24e354), U64_C (0x7a7af57af78ff48d),
+ U64_C (0x90907a90f4ea3d64), U64_C (0x5f5f615fc23ebe9d),
+ U64_C (0x202080201da0403d), U64_C (0x6868bd6867d5d00f),
+ U64_C (0x1a1a681ad07234ca), U64_C (0xaeae82ae192c41b7),
+ U64_C (0xb4b4eab4c95e757d), U64_C (0x54544d549a19a8ce),
+ U64_C (0x93937693ece53b7f), U64_C (0x222288220daa442f),
+ U64_C (0x64648d6407e9c863), U64_C (0xf1f1e3f1db12ff2a),
+ U64_C (0x7373d173bfa2e6cc), U64_C (0x12124812905a2482),
+ U64_C (0x40401d403a5d807a), U64_C (0x0808200840281048),
+ U64_C (0xc3c32bc356e89b95), U64_C (0xecec97ec337bc5df),
+ U64_C (0xdbdb4bdb9690ab4d), U64_C (0xa1a1bea1611f5fc0),
+ U64_C (0x8d8d0e8d1c830791), U64_C (0x3d3df43df5c97ac8),
+ U64_C (0x97976697ccf1335b), U64_C (0x0000000000000000),
+ U64_C (0xcfcf1bcf36d483f9), U64_C (0x2b2bac2b4587566e),
+ U64_C (0x7676c57697b3ece1), U64_C (0x8282328264b019e6),
+ U64_C (0xd6d67fd6fea9b128), U64_C (0x1b1b6c1bd87736c3),
+ U64_C (0xb5b5eeb5c15b7774), U64_C (0xafaf86af112943be),
+ U64_C (0x6a6ab56a77dfd41d), U64_C (0x50505d50ba0da0ea),
+ U64_C (0x45450945124c8a57), U64_C (0xf3f3ebf3cb18fb38),
+ U64_C (0x3030c0309df060ad), U64_C (0xefef9bef2b74c3c4),
+ U64_C (0x3f3ffc3fe5c37eda), U64_C (0x55554955921caac7),
+ U64_C (0xa2a2b2a2791059db), U64_C (0xeaea8fea0365c9e9),
+ U64_C (0x656589650fecca6a), U64_C (0xbabad2bab9686903),
+ U64_C (0x2f2fbc2f65935e4a), U64_C (0xc0c027c04ee79d8e),
+ U64_C (0xdede5fdebe81a160), U64_C (0x1c1c701ce06c38fc),
+ U64_C (0xfdfdd3fdbb2ee746), U64_C (0x4d4d294d52649a1f),
+ U64_C (0x92927292e4e03976), U64_C (0x7575c9758fbceafa),
+ U64_C (0x06061806301e0c36), U64_C (0x8a8a128a249809ae),
+ U64_C (0xb2b2f2b2f940794b), U64_C (0xe6e6bfe66359d185),
+ U64_C (0x0e0e380e70361c7e), U64_C (0x1f1f7c1ff8633ee7),
+ U64_C (0x6262956237f7c455), U64_C (0xd4d477d4eea3b53a),
+ U64_C (0xa8a89aa829324d81), U64_C (0x96966296c4f43152),
+ U64_C (0xf9f9c3f99b3aef62), U64_C (0xc5c533c566f697a3),
+ U64_C (0x2525942535b14a10), U64_C (0x59597959f220b2ab),
+ U64_C (0x84842a8454ae15d0), U64_C (0x7272d572b7a7e4c5),
+ U64_C (0x3939e439d5dd72ec), U64_C (0x4c4c2d4c5a619816),
+ U64_C (0x5e5e655eca3bbc94), U64_C (0x7878fd78e785f09f),
+ U64_C (0x3838e038ddd870e5), U64_C (0x8c8c0a8c14860598),
+ U64_C (0xd1d163d1c6b2bf17), U64_C (0xa5a5aea5410b57e4),
+ U64_C (0xe2e2afe2434dd9a1), U64_C (0x616199612ff8c24e),
+ U64_C (0xb3b3f6b3f1457b42), U64_C (0x2121842115a54234),
+ U64_C (0x9c9c4a9c94d62508), U64_C (0x1e1e781ef0663cee),
+ U64_C (0x4343114322528661), U64_C (0xc7c73bc776fc93b1),
+ U64_C (0xfcfcd7fcb32be54f), U64_C (0x0404100420140824),
+ U64_C (0x51515951b208a2e3), U64_C (0x99995e99bcc72f25),
+ U64_C (0x6d6da96d4fc4da22), U64_C (0x0d0d340d68391a65),
+ U64_C (0xfafacffa8335e979), U64_C (0xdfdf5bdfb684a369),
+ U64_C (0x7e7ee57ed79bfca9), U64_C (0x242490243db44819),
+ U64_C (0x3b3bec3bc5d776fe), U64_C (0xabab96ab313d4b9a),
+ U64_C (0xcece1fce3ed181f0), U64_C (0x1111441188552299),
+ U64_C (0x8f8f068f0c890383), U64_C (0x4e4e254e4a6b9c04),
+ U64_C (0xb7b7e6b7d1517366), U64_C (0xebeb8beb0b60cbe0),
+ U64_C (0x3c3cf03cfdcc78c1), U64_C (0x81813e817cbf1ffd),
+ U64_C (0x94946a94d4fe3540), U64_C (0xf7f7fbf7eb0cf31c),
+ U64_C (0xb9b9deb9a1676f18), U64_C (0x13134c13985f268b),
+ U64_C (0x2c2cb02c7d9c5851), U64_C (0xd3d36bd3d6b8bb05),
+ U64_C (0xe7e7bbe76b5cd38c), U64_C (0x6e6ea56e57cbdc39),
+ U64_C (0xc4c437c46ef395aa), U64_C (0x03030c03180f061b),
+ U64_C (0x565645568a13acdc), U64_C (0x44440d441a49885e),
+ U64_C (0x7f7fe17fdf9efea0), U64_C (0xa9a99ea921374f88),
+ U64_C (0x2a2aa82a4d825467), U64_C (0xbbbbd6bbb16d6b0a),
+ U64_C (0xc1c123c146e29f87), U64_C (0x53535153a202a6f1),
+ U64_C (0xdcdc57dcae8ba572), U64_C (0x0b0b2c0b58271653),
+ U64_C (0x9d9d4e9d9cd32701), U64_C (0x6c6cad6c47c1d82b),
+ U64_C (0x3131c43195f562a4), U64_C (0x7474cd7487b9e8f3),
+ U64_C (0xf6f6fff6e309f115), U64_C (0x464605460a438c4c),
+ U64_C (0xacac8aac092645a5), U64_C (0x89891e893c970fb5),
+ U64_C (0x14145014a04428b4), U64_C (0xe1e1a3e15b42dfba),
+ U64_C (0x16165816b04e2ca6), U64_C (0x3a3ae83acdd274f7),
+ U64_C (0x6969b9696fd0d206), U64_C (0x09092409482d1241),
+ U64_C (0x7070dd70a7ade0d7), U64_C (0xb6b6e2b6d954716f),
+ U64_C (0xd0d067d0ceb7bd1e), U64_C (0xeded93ed3b7ec7d6),
+ U64_C (0xcccc17cc2edb85e2), U64_C (0x424215422a578468),
+ U64_C (0x98985a98b4c22d2c), U64_C (0xa4a4aaa4490e55ed),
+ U64_C (0x2828a0285d885075), U64_C (0x5c5c6d5cda31b886),
+ U64_C (0xf8f8c7f8933fed6b), U64_C (0x8686228644a411c2),
+ };
+
+static const u64 C1[256] =
+ {
+ U64_C (0xd818186018c07830), U64_C (0x2623238c2305af46),
+ U64_C (0xb8c6c63fc67ef991), U64_C (0xfbe8e887e8136fcd),
+ U64_C (0xcb878726874ca113), U64_C (0x11b8b8dab8a9626d),
+ U64_C (0x0901010401080502), U64_C (0x0d4f4f214f426e9e),
+ U64_C (0x9b3636d836adee6c), U64_C (0xffa6a6a2a6590451),
+ U64_C (0x0cd2d26fd2debdb9), U64_C (0x0ef5f5f3f5fb06f7),
+ U64_C (0x967979f979ef80f2), U64_C (0x306f6fa16f5fcede),
+ U64_C (0x6d91917e91fcef3f), U64_C (0xf852525552aa07a4),
+ U64_C (0x4760609d6027fdc0), U64_C (0x35bcbccabc897665),
+ U64_C (0x379b9b569baccd2b), U64_C (0x8a8e8e028e048c01),
+ U64_C (0xd2a3a3b6a371155b), U64_C (0x6c0c0c300c603c18),
+ U64_C (0x847b7bf17bff8af6), U64_C (0x803535d435b5e16a),
+ U64_C (0xf51d1d741de8693a), U64_C (0xb3e0e0a7e05347dd),
+ U64_C (0x21d7d77bd7f6acb3), U64_C (0x9cc2c22fc25eed99),
+ U64_C (0x432e2eb82e6d965c), U64_C (0x294b4b314b627a96),
+ U64_C (0x5dfefedffea321e1), U64_C (0xd5575741578216ae),
+ U64_C (0xbd15155415a8412a), U64_C (0xe87777c1779fb6ee),
+ U64_C (0x923737dc37a5eb6e), U64_C (0x9ee5e5b3e57b56d7),
+ U64_C (0x139f9f469f8cd923), U64_C (0x23f0f0e7f0d317fd),
+ U64_C (0x204a4a354a6a7f94), U64_C (0x44dada4fda9e95a9),
+ U64_C (0xa258587d58fa25b0), U64_C (0xcfc9c903c906ca8f),
+ U64_C (0x7c2929a429558d52), U64_C (0x5a0a0a280a502214),
+ U64_C (0x50b1b1feb1e14f7f), U64_C (0xc9a0a0baa0691a5d),
+ U64_C (0x146b6bb16b7fdad6), U64_C (0xd985852e855cab17),
+ U64_C (0x3cbdbdcebd817367), U64_C (0x8f5d5d695dd234ba),
+ U64_C (0x9010104010805020), U64_C (0x07f4f4f7f4f303f5),
+ U64_C (0xddcbcb0bcb16c08b), U64_C (0xd33e3ef83eedc67c),
+ U64_C (0x2d0505140528110a), U64_C (0x78676781671fe6ce),
+ U64_C (0x97e4e4b7e47353d5), U64_C (0x0227279c2725bb4e),
+ U64_C (0x7341411941325882), U64_C (0xa78b8b168b2c9d0b),
+ U64_C (0xf6a7a7a6a7510153), U64_C (0xb27d7de97dcf94fa),
+ U64_C (0x4995956e95dcfb37), U64_C (0x56d8d847d88e9fad),
+ U64_C (0x70fbfbcbfb8b30eb), U64_C (0xcdeeee9fee2371c1),
+ U64_C (0xbb7c7ced7cc791f8), U64_C (0x716666856617e3cc),
+ U64_C (0x7bdddd53dda68ea7), U64_C (0xaf17175c17b84b2e),
+ U64_C (0x454747014702468e), U64_C (0x1a9e9e429e84dc21),
+ U64_C (0xd4caca0fca1ec589), U64_C (0x582d2db42d75995a),
+ U64_C (0x2ebfbfc6bf917963), U64_C (0x3f07071c07381b0e),
+ U64_C (0xacadad8ead012347), U64_C (0xb05a5a755aea2fb4),
+ U64_C (0xef838336836cb51b), U64_C (0xb63333cc3385ff66),
+ U64_C (0x5c636391633ff2c6), U64_C (0x1202020802100a04),
+ U64_C (0x93aaaa92aa393849), U64_C (0xde7171d971afa8e2),
+ U64_C (0xc6c8c807c80ecf8d), U64_C (0xd119196419c87d32),
+ U64_C (0x3b49493949727092), U64_C (0x5fd9d943d9869aaf),
+ U64_C (0x31f2f2eff2c31df9), U64_C (0xa8e3e3abe34b48db),
+ U64_C (0xb95b5b715be22ab6), U64_C (0xbc88881a8834920d),
+ U64_C (0x3e9a9a529aa4c829), U64_C (0x0b262698262dbe4c),
+ U64_C (0xbf3232c8328dfa64), U64_C (0x59b0b0fab0e94a7d),
+ U64_C (0xf2e9e983e91b6acf), U64_C (0x770f0f3c0f78331e),
+ U64_C (0x33d5d573d5e6a6b7), U64_C (0xf480803a8074ba1d),
+ U64_C (0x27bebec2be997c61), U64_C (0xebcdcd13cd26de87),
+ U64_C (0x893434d034bde468), U64_C (0x3248483d487a7590),
+ U64_C (0x54ffffdbffab24e3), U64_C (0x8d7a7af57af78ff4),
+ U64_C (0x6490907a90f4ea3d), U64_C (0x9d5f5f615fc23ebe),
+ U64_C (0x3d202080201da040), U64_C (0x0f6868bd6867d5d0),
+ U64_C (0xca1a1a681ad07234), U64_C (0xb7aeae82ae192c41),
+ U64_C (0x7db4b4eab4c95e75), U64_C (0xce54544d549a19a8),
+ U64_C (0x7f93937693ece53b), U64_C (0x2f222288220daa44),
+ U64_C (0x6364648d6407e9c8), U64_C (0x2af1f1e3f1db12ff),
+ U64_C (0xcc7373d173bfa2e6), U64_C (0x8212124812905a24),
+ U64_C (0x7a40401d403a5d80), U64_C (0x4808082008402810),
+ U64_C (0x95c3c32bc356e89b), U64_C (0xdfecec97ec337bc5),
+ U64_C (0x4ddbdb4bdb9690ab), U64_C (0xc0a1a1bea1611f5f),
+ U64_C (0x918d8d0e8d1c8307), U64_C (0xc83d3df43df5c97a),
+ U64_C (0x5b97976697ccf133), U64_C (0x0000000000000000),
+ U64_C (0xf9cfcf1bcf36d483), U64_C (0x6e2b2bac2b458756),
+ U64_C (0xe17676c57697b3ec), U64_C (0xe68282328264b019),
+ U64_C (0x28d6d67fd6fea9b1), U64_C (0xc31b1b6c1bd87736),
+ U64_C (0x74b5b5eeb5c15b77), U64_C (0xbeafaf86af112943),
+ U64_C (0x1d6a6ab56a77dfd4), U64_C (0xea50505d50ba0da0),
+ U64_C (0x5745450945124c8a), U64_C (0x38f3f3ebf3cb18fb),
+ U64_C (0xad3030c0309df060), U64_C (0xc4efef9bef2b74c3),
+ U64_C (0xda3f3ffc3fe5c37e), U64_C (0xc755554955921caa),
+ U64_C (0xdba2a2b2a2791059), U64_C (0xe9eaea8fea0365c9),
+ U64_C (0x6a656589650fecca), U64_C (0x03babad2bab96869),
+ U64_C (0x4a2f2fbc2f65935e), U64_C (0x8ec0c027c04ee79d),
+ U64_C (0x60dede5fdebe81a1), U64_C (0xfc1c1c701ce06c38),
+ U64_C (0x46fdfdd3fdbb2ee7), U64_C (0x1f4d4d294d52649a),
+ U64_C (0x7692927292e4e039), U64_C (0xfa7575c9758fbcea),
+ U64_C (0x3606061806301e0c), U64_C (0xae8a8a128a249809),
+ U64_C (0x4bb2b2f2b2f94079), U64_C (0x85e6e6bfe66359d1),
+ U64_C (0x7e0e0e380e70361c), U64_C (0xe71f1f7c1ff8633e),
+ U64_C (0x556262956237f7c4), U64_C (0x3ad4d477d4eea3b5),
+ U64_C (0x81a8a89aa829324d), U64_C (0x5296966296c4f431),
+ U64_C (0x62f9f9c3f99b3aef), U64_C (0xa3c5c533c566f697),
+ U64_C (0x102525942535b14a), U64_C (0xab59597959f220b2),
+ U64_C (0xd084842a8454ae15), U64_C (0xc57272d572b7a7e4),
+ U64_C (0xec3939e439d5dd72), U64_C (0x164c4c2d4c5a6198),
+ U64_C (0x945e5e655eca3bbc), U64_C (0x9f7878fd78e785f0),
+ U64_C (0xe53838e038ddd870), U64_C (0x988c8c0a8c148605),
+ U64_C (0x17d1d163d1c6b2bf), U64_C (0xe4a5a5aea5410b57),
+ U64_C (0xa1e2e2afe2434dd9), U64_C (0x4e616199612ff8c2),
+ U64_C (0x42b3b3f6b3f1457b), U64_C (0x342121842115a542),
+ U64_C (0x089c9c4a9c94d625), U64_C (0xee1e1e781ef0663c),
+ U64_C (0x6143431143225286), U64_C (0xb1c7c73bc776fc93),
+ U64_C (0x4ffcfcd7fcb32be5), U64_C (0x2404041004201408),
+ U64_C (0xe351515951b208a2), U64_C (0x2599995e99bcc72f),
+ U64_C (0x226d6da96d4fc4da), U64_C (0x650d0d340d68391a),
+ U64_C (0x79fafacffa8335e9), U64_C (0x69dfdf5bdfb684a3),
+ U64_C (0xa97e7ee57ed79bfc), U64_C (0x19242490243db448),
+ U64_C (0xfe3b3bec3bc5d776), U64_C (0x9aabab96ab313d4b),
+ U64_C (0xf0cece1fce3ed181), U64_C (0x9911114411885522),
+ U64_C (0x838f8f068f0c8903), U64_C (0x044e4e254e4a6b9c),
+ U64_C (0x66b7b7e6b7d15173), U64_C (0xe0ebeb8beb0b60cb),
+ U64_C (0xc13c3cf03cfdcc78), U64_C (0xfd81813e817cbf1f),
+ U64_C (0x4094946a94d4fe35), U64_C (0x1cf7f7fbf7eb0cf3),
+ U64_C (0x18b9b9deb9a1676f), U64_C (0x8b13134c13985f26),
+ U64_C (0x512c2cb02c7d9c58), U64_C (0x05d3d36bd3d6b8bb),
+ U64_C (0x8ce7e7bbe76b5cd3), U64_C (0x396e6ea56e57cbdc),
+ U64_C (0xaac4c437c46ef395), U64_C (0x1b03030c03180f06),
+ U64_C (0xdc565645568a13ac), U64_C (0x5e44440d441a4988),
+ U64_C (0xa07f7fe17fdf9efe), U64_C (0x88a9a99ea921374f),
+ U64_C (0x672a2aa82a4d8254), U64_C (0x0abbbbd6bbb16d6b),
+ U64_C (0x87c1c123c146e29f), U64_C (0xf153535153a202a6),
+ U64_C (0x72dcdc57dcae8ba5), U64_C (0x530b0b2c0b582716),
+ U64_C (0x019d9d4e9d9cd327), U64_C (0x2b6c6cad6c47c1d8),
+ U64_C (0xa43131c43195f562), U64_C (0xf37474cd7487b9e8),
+ U64_C (0x15f6f6fff6e309f1), U64_C (0x4c464605460a438c),
+ U64_C (0xa5acac8aac092645), U64_C (0xb589891e893c970f),
+ U64_C (0xb414145014a04428), U64_C (0xbae1e1a3e15b42df),
+ U64_C (0xa616165816b04e2c), U64_C (0xf73a3ae83acdd274),
+ U64_C (0x066969b9696fd0d2), U64_C (0x4109092409482d12),
+ U64_C (0xd77070dd70a7ade0), U64_C (0x6fb6b6e2b6d95471),
+ U64_C (0x1ed0d067d0ceb7bd), U64_C (0xd6eded93ed3b7ec7),
+ U64_C (0xe2cccc17cc2edb85), U64_C (0x68424215422a5784),
+ U64_C (0x2c98985a98b4c22d), U64_C (0xeda4a4aaa4490e55),
+ U64_C (0x752828a0285d8850), U64_C (0x865c5c6d5cda31b8),
+ U64_C (0x6bf8f8c7f8933fed), U64_C (0xc28686228644a411),
+ };
+
+static const u64 C2[256] =
+ {
+ U64_C (0x30d818186018c078), U64_C (0x462623238c2305af),
+ U64_C (0x91b8c6c63fc67ef9), U64_C (0xcdfbe8e887e8136f),
+ U64_C (0x13cb878726874ca1), U64_C (0x6d11b8b8dab8a962),
+ U64_C (0x0209010104010805), U64_C (0x9e0d4f4f214f426e),
+ U64_C (0x6c9b3636d836adee), U64_C (0x51ffa6a6a2a65904),
+ U64_C (0xb90cd2d26fd2debd), U64_C (0xf70ef5f5f3f5fb06),
+ U64_C (0xf2967979f979ef80), U64_C (0xde306f6fa16f5fce),
+ U64_C (0x3f6d91917e91fcef), U64_C (0xa4f852525552aa07),
+ U64_C (0xc04760609d6027fd), U64_C (0x6535bcbccabc8976),
+ U64_C (0x2b379b9b569baccd), U64_C (0x018a8e8e028e048c),
+ U64_C (0x5bd2a3a3b6a37115), U64_C (0x186c0c0c300c603c),
+ U64_C (0xf6847b7bf17bff8a), U64_C (0x6a803535d435b5e1),
+ U64_C (0x3af51d1d741de869), U64_C (0xddb3e0e0a7e05347),
+ U64_C (0xb321d7d77bd7f6ac), U64_C (0x999cc2c22fc25eed),
+ U64_C (0x5c432e2eb82e6d96), U64_C (0x96294b4b314b627a),
+ U64_C (0xe15dfefedffea321), U64_C (0xaed5575741578216),
+ U64_C (0x2abd15155415a841), U64_C (0xeee87777c1779fb6),
+ U64_C (0x6e923737dc37a5eb), U64_C (0xd79ee5e5b3e57b56),
+ U64_C (0x23139f9f469f8cd9), U64_C (0xfd23f0f0e7f0d317),
+ U64_C (0x94204a4a354a6a7f), U64_C (0xa944dada4fda9e95),
+ U64_C (0xb0a258587d58fa25), U64_C (0x8fcfc9c903c906ca),
+ U64_C (0x527c2929a429558d), U64_C (0x145a0a0a280a5022),
+ U64_C (0x7f50b1b1feb1e14f), U64_C (0x5dc9a0a0baa0691a),
+ U64_C (0xd6146b6bb16b7fda), U64_C (0x17d985852e855cab),
+ U64_C (0x673cbdbdcebd8173), U64_C (0xba8f5d5d695dd234),
+ U64_C (0x2090101040108050), U64_C (0xf507f4f4f7f4f303),
+ U64_C (0x8bddcbcb0bcb16c0), U64_C (0x7cd33e3ef83eedc6),
+ U64_C (0x0a2d050514052811), U64_C (0xce78676781671fe6),
+ U64_C (0xd597e4e4b7e47353), U64_C (0x4e0227279c2725bb),
+ U64_C (0x8273414119413258), U64_C (0x0ba78b8b168b2c9d),
+ U64_C (0x53f6a7a7a6a75101), U64_C (0xfab27d7de97dcf94),
+ U64_C (0x374995956e95dcfb), U64_C (0xad56d8d847d88e9f),
+ U64_C (0xeb70fbfbcbfb8b30), U64_C (0xc1cdeeee9fee2371),
+ U64_C (0xf8bb7c7ced7cc791), U64_C (0xcc716666856617e3),
+ U64_C (0xa77bdddd53dda68e), U64_C (0x2eaf17175c17b84b),
+ U64_C (0x8e45474701470246), U64_C (0x211a9e9e429e84dc),
+ U64_C (0x89d4caca0fca1ec5), U64_C (0x5a582d2db42d7599),
+ U64_C (0x632ebfbfc6bf9179), U64_C (0x0e3f07071c07381b),
+ U64_C (0x47acadad8ead0123), U64_C (0xb4b05a5a755aea2f),
+ U64_C (0x1bef838336836cb5), U64_C (0x66b63333cc3385ff),
+ U64_C (0xc65c636391633ff2), U64_C (0x041202020802100a),
+ U64_C (0x4993aaaa92aa3938), U64_C (0xe2de7171d971afa8),
+ U64_C (0x8dc6c8c807c80ecf), U64_C (0x32d119196419c87d),
+ U64_C (0x923b494939497270), U64_C (0xaf5fd9d943d9869a),
+ U64_C (0xf931f2f2eff2c31d), U64_C (0xdba8e3e3abe34b48),
+ U64_C (0xb6b95b5b715be22a), U64_C (0x0dbc88881a883492),
+ U64_C (0x293e9a9a529aa4c8), U64_C (0x4c0b262698262dbe),
+ U64_C (0x64bf3232c8328dfa), U64_C (0x7d59b0b0fab0e94a),
+ U64_C (0xcff2e9e983e91b6a), U64_C (0x1e770f0f3c0f7833),
+ U64_C (0xb733d5d573d5e6a6), U64_C (0x1df480803a8074ba),
+ U64_C (0x6127bebec2be997c), U64_C (0x87ebcdcd13cd26de),
+ U64_C (0x68893434d034bde4), U64_C (0x903248483d487a75),
+ U64_C (0xe354ffffdbffab24), U64_C (0xf48d7a7af57af78f),
+ U64_C (0x3d6490907a90f4ea), U64_C (0xbe9d5f5f615fc23e),
+ U64_C (0x403d202080201da0), U64_C (0xd00f6868bd6867d5),
+ U64_C (0x34ca1a1a681ad072), U64_C (0x41b7aeae82ae192c),
+ U64_C (0x757db4b4eab4c95e), U64_C (0xa8ce54544d549a19),
+ U64_C (0x3b7f93937693ece5), U64_C (0x442f222288220daa),
+ U64_C (0xc86364648d6407e9), U64_C (0xff2af1f1e3f1db12),
+ U64_C (0xe6cc7373d173bfa2), U64_C (0x248212124812905a),
+ U64_C (0x807a40401d403a5d), U64_C (0x1048080820084028),
+ U64_C (0x9b95c3c32bc356e8), U64_C (0xc5dfecec97ec337b),
+ U64_C (0xab4ddbdb4bdb9690), U64_C (0x5fc0a1a1bea1611f),
+ U64_C (0x07918d8d0e8d1c83), U64_C (0x7ac83d3df43df5c9),
+ U64_C (0x335b97976697ccf1), U64_C (0x0000000000000000),
+ U64_C (0x83f9cfcf1bcf36d4), U64_C (0x566e2b2bac2b4587),
+ U64_C (0xece17676c57697b3), U64_C (0x19e68282328264b0),
+ U64_C (0xb128d6d67fd6fea9), U64_C (0x36c31b1b6c1bd877),
+ U64_C (0x7774b5b5eeb5c15b), U64_C (0x43beafaf86af1129),
+ U64_C (0xd41d6a6ab56a77df), U64_C (0xa0ea50505d50ba0d),
+ U64_C (0x8a5745450945124c), U64_C (0xfb38f3f3ebf3cb18),
+ U64_C (0x60ad3030c0309df0), U64_C (0xc3c4efef9bef2b74),
+ U64_C (0x7eda3f3ffc3fe5c3), U64_C (0xaac755554955921c),
+ U64_C (0x59dba2a2b2a27910), U64_C (0xc9e9eaea8fea0365),
+ U64_C (0xca6a656589650fec), U64_C (0x6903babad2bab968),
+ U64_C (0x5e4a2f2fbc2f6593), U64_C (0x9d8ec0c027c04ee7),
+ U64_C (0xa160dede5fdebe81), U64_C (0x38fc1c1c701ce06c),
+ U64_C (0xe746fdfdd3fdbb2e), U64_C (0x9a1f4d4d294d5264),
+ U64_C (0x397692927292e4e0), U64_C (0xeafa7575c9758fbc),
+ U64_C (0x0c3606061806301e), U64_C (0x09ae8a8a128a2498),
+ U64_C (0x794bb2b2f2b2f940), U64_C (0xd185e6e6bfe66359),
+ U64_C (0x1c7e0e0e380e7036), U64_C (0x3ee71f1f7c1ff863),
+ U64_C (0xc4556262956237f7), U64_C (0xb53ad4d477d4eea3),
+ U64_C (0x4d81a8a89aa82932), U64_C (0x315296966296c4f4),
+ U64_C (0xef62f9f9c3f99b3a), U64_C (0x97a3c5c533c566f6),
+ U64_C (0x4a102525942535b1), U64_C (0xb2ab59597959f220),
+ U64_C (0x15d084842a8454ae), U64_C (0xe4c57272d572b7a7),
+ U64_C (0x72ec3939e439d5dd), U64_C (0x98164c4c2d4c5a61),
+ U64_C (0xbc945e5e655eca3b), U64_C (0xf09f7878fd78e785),
+ U64_C (0x70e53838e038ddd8), U64_C (0x05988c8c0a8c1486),
+ U64_C (0xbf17d1d163d1c6b2), U64_C (0x57e4a5a5aea5410b),
+ U64_C (0xd9a1e2e2afe2434d), U64_C (0xc24e616199612ff8),
+ U64_C (0x7b42b3b3f6b3f145), U64_C (0x42342121842115a5),
+ U64_C (0x25089c9c4a9c94d6), U64_C (0x3cee1e1e781ef066),
+ U64_C (0x8661434311432252), U64_C (0x93b1c7c73bc776fc),
+ U64_C (0xe54ffcfcd7fcb32b), U64_C (0x0824040410042014),
+ U64_C (0xa2e351515951b208), U64_C (0x2f2599995e99bcc7),
+ U64_C (0xda226d6da96d4fc4), U64_C (0x1a650d0d340d6839),
+ U64_C (0xe979fafacffa8335), U64_C (0xa369dfdf5bdfb684),
+ U64_C (0xfca97e7ee57ed79b), U64_C (0x4819242490243db4),
+ U64_C (0x76fe3b3bec3bc5d7), U64_C (0x4b9aabab96ab313d),
+ U64_C (0x81f0cece1fce3ed1), U64_C (0x2299111144118855),
+ U64_C (0x03838f8f068f0c89), U64_C (0x9c044e4e254e4a6b),
+ U64_C (0x7366b7b7e6b7d151), U64_C (0xcbe0ebeb8beb0b60),
+ U64_C (0x78c13c3cf03cfdcc), U64_C (0x1ffd81813e817cbf),
+ U64_C (0x354094946a94d4fe), U64_C (0xf31cf7f7fbf7eb0c),
+ U64_C (0x6f18b9b9deb9a167), U64_C (0x268b13134c13985f),
+ U64_C (0x58512c2cb02c7d9c), U64_C (0xbb05d3d36bd3d6b8),
+ U64_C (0xd38ce7e7bbe76b5c), U64_C (0xdc396e6ea56e57cb),
+ U64_C (0x95aac4c437c46ef3), U64_C (0x061b03030c03180f),
+ U64_C (0xacdc565645568a13), U64_C (0x885e44440d441a49),
+ U64_C (0xfea07f7fe17fdf9e), U64_C (0x4f88a9a99ea92137),
+ U64_C (0x54672a2aa82a4d82), U64_C (0x6b0abbbbd6bbb16d),
+ U64_C (0x9f87c1c123c146e2), U64_C (0xa6f153535153a202),
+ U64_C (0xa572dcdc57dcae8b), U64_C (0x16530b0b2c0b5827),
+ U64_C (0x27019d9d4e9d9cd3), U64_C (0xd82b6c6cad6c47c1),
+ U64_C (0x62a43131c43195f5), U64_C (0xe8f37474cd7487b9),
+ U64_C (0xf115f6f6fff6e309), U64_C (0x8c4c464605460a43),
+ U64_C (0x45a5acac8aac0926), U64_C (0x0fb589891e893c97),
+ U64_C (0x28b414145014a044), U64_C (0xdfbae1e1a3e15b42),
+ U64_C (0x2ca616165816b04e), U64_C (0x74f73a3ae83acdd2),
+ U64_C (0xd2066969b9696fd0), U64_C (0x124109092409482d),
+ U64_C (0xe0d77070dd70a7ad), U64_C (0x716fb6b6e2b6d954),
+ U64_C (0xbd1ed0d067d0ceb7), U64_C (0xc7d6eded93ed3b7e),
+ U64_C (0x85e2cccc17cc2edb), U64_C (0x8468424215422a57),
+ U64_C (0x2d2c98985a98b4c2), U64_C (0x55eda4a4aaa4490e),
+ U64_C (0x50752828a0285d88), U64_C (0xb8865c5c6d5cda31),
+ U64_C (0xed6bf8f8c7f8933f), U64_C (0x11c28686228644a4),
+ };
+
+static const u64 C3[256] =
+ {
+ U64_C (0x7830d818186018c0), U64_C (0xaf462623238c2305),
+ U64_C (0xf991b8c6c63fc67e), U64_C (0x6fcdfbe8e887e813),
+ U64_C (0xa113cb878726874c), U64_C (0x626d11b8b8dab8a9),
+ U64_C (0x0502090101040108), U64_C (0x6e9e0d4f4f214f42),
+ U64_C (0xee6c9b3636d836ad), U64_C (0x0451ffa6a6a2a659),
+ U64_C (0xbdb90cd2d26fd2de), U64_C (0x06f70ef5f5f3f5fb),
+ U64_C (0x80f2967979f979ef), U64_C (0xcede306f6fa16f5f),
+ U64_C (0xef3f6d91917e91fc), U64_C (0x07a4f852525552aa),
+ U64_C (0xfdc04760609d6027), U64_C (0x766535bcbccabc89),
+ U64_C (0xcd2b379b9b569bac), U64_C (0x8c018a8e8e028e04),
+ U64_C (0x155bd2a3a3b6a371), U64_C (0x3c186c0c0c300c60),
+ U64_C (0x8af6847b7bf17bff), U64_C (0xe16a803535d435b5),
+ U64_C (0x693af51d1d741de8), U64_C (0x47ddb3e0e0a7e053),
+ U64_C (0xacb321d7d77bd7f6), U64_C (0xed999cc2c22fc25e),
+ U64_C (0x965c432e2eb82e6d), U64_C (0x7a96294b4b314b62),
+ U64_C (0x21e15dfefedffea3), U64_C (0x16aed55757415782),
+ U64_C (0x412abd15155415a8), U64_C (0xb6eee87777c1779f),
+ U64_C (0xeb6e923737dc37a5), U64_C (0x56d79ee5e5b3e57b),
+ U64_C (0xd923139f9f469f8c), U64_C (0x17fd23f0f0e7f0d3),
+ U64_C (0x7f94204a4a354a6a), U64_C (0x95a944dada4fda9e),
+ U64_C (0x25b0a258587d58fa), U64_C (0xca8fcfc9c903c906),
+ U64_C (0x8d527c2929a42955), U64_C (0x22145a0a0a280a50),
+ U64_C (0x4f7f50b1b1feb1e1), U64_C (0x1a5dc9a0a0baa069),
+ U64_C (0xdad6146b6bb16b7f), U64_C (0xab17d985852e855c),
+ U64_C (0x73673cbdbdcebd81), U64_C (0x34ba8f5d5d695dd2),
+ U64_C (0x5020901010401080), U64_C (0x03f507f4f4f7f4f3),
+ U64_C (0xc08bddcbcb0bcb16), U64_C (0xc67cd33e3ef83eed),
+ U64_C (0x110a2d0505140528), U64_C (0xe6ce78676781671f),
+ U64_C (0x53d597e4e4b7e473), U64_C (0xbb4e0227279c2725),
+ U64_C (0x5882734141194132), U64_C (0x9d0ba78b8b168b2c),
+ U64_C (0x0153f6a7a7a6a751), U64_C (0x94fab27d7de97dcf),
+ U64_C (0xfb374995956e95dc), U64_C (0x9fad56d8d847d88e),
+ U64_C (0x30eb70fbfbcbfb8b), U64_C (0x71c1cdeeee9fee23),
+ U64_C (0x91f8bb7c7ced7cc7), U64_C (0xe3cc716666856617),
+ U64_C (0x8ea77bdddd53dda6), U64_C (0x4b2eaf17175c17b8),
+ U64_C (0x468e454747014702), U64_C (0xdc211a9e9e429e84),
+ U64_C (0xc589d4caca0fca1e), U64_C (0x995a582d2db42d75),
+ U64_C (0x79632ebfbfc6bf91), U64_C (0x1b0e3f07071c0738),
+ U64_C (0x2347acadad8ead01), U64_C (0x2fb4b05a5a755aea),
+ U64_C (0xb51bef838336836c), U64_C (0xff66b63333cc3385),
+ U64_C (0xf2c65c636391633f), U64_C (0x0a04120202080210),
+ U64_C (0x384993aaaa92aa39), U64_C (0xa8e2de7171d971af),
+ U64_C (0xcf8dc6c8c807c80e), U64_C (0x7d32d119196419c8),
+ U64_C (0x70923b4949394972), U64_C (0x9aaf5fd9d943d986),
+ U64_C (0x1df931f2f2eff2c3), U64_C (0x48dba8e3e3abe34b),
+ U64_C (0x2ab6b95b5b715be2), U64_C (0x920dbc88881a8834),
+ U64_C (0xc8293e9a9a529aa4), U64_C (0xbe4c0b262698262d),
+ U64_C (0xfa64bf3232c8328d), U64_C (0x4a7d59b0b0fab0e9),
+ U64_C (0x6acff2e9e983e91b), U64_C (0x331e770f0f3c0f78),
+ U64_C (0xa6b733d5d573d5e6), U64_C (0xba1df480803a8074),
+ U64_C (0x7c6127bebec2be99), U64_C (0xde87ebcdcd13cd26),
+ U64_C (0xe468893434d034bd), U64_C (0x75903248483d487a),
+ U64_C (0x24e354ffffdbffab), U64_C (0x8ff48d7a7af57af7),
+ U64_C (0xea3d6490907a90f4), U64_C (0x3ebe9d5f5f615fc2),
+ U64_C (0xa0403d202080201d), U64_C (0xd5d00f6868bd6867),
+ U64_C (0x7234ca1a1a681ad0), U64_C (0x2c41b7aeae82ae19),
+ U64_C (0x5e757db4b4eab4c9), U64_C (0x19a8ce54544d549a),
+ U64_C (0xe53b7f93937693ec), U64_C (0xaa442f222288220d),
+ U64_C (0xe9c86364648d6407), U64_C (0x12ff2af1f1e3f1db),
+ U64_C (0xa2e6cc7373d173bf), U64_C (0x5a24821212481290),
+ U64_C (0x5d807a40401d403a), U64_C (0x2810480808200840),
+ U64_C (0xe89b95c3c32bc356), U64_C (0x7bc5dfecec97ec33),
+ U64_C (0x90ab4ddbdb4bdb96), U64_C (0x1f5fc0a1a1bea161),
+ U64_C (0x8307918d8d0e8d1c), U64_C (0xc97ac83d3df43df5),
+ U64_C (0xf1335b97976697cc), U64_C (0x0000000000000000),
+ U64_C (0xd483f9cfcf1bcf36), U64_C (0x87566e2b2bac2b45),
+ U64_C (0xb3ece17676c57697), U64_C (0xb019e68282328264),
+ U64_C (0xa9b128d6d67fd6fe), U64_C (0x7736c31b1b6c1bd8),
+ U64_C (0x5b7774b5b5eeb5c1), U64_C (0x2943beafaf86af11),
+ U64_C (0xdfd41d6a6ab56a77), U64_C (0x0da0ea50505d50ba),
+ U64_C (0x4c8a574545094512), U64_C (0x18fb38f3f3ebf3cb),
+ U64_C (0xf060ad3030c0309d), U64_C (0x74c3c4efef9bef2b),
+ U64_C (0xc37eda3f3ffc3fe5), U64_C (0x1caac75555495592),
+ U64_C (0x1059dba2a2b2a279), U64_C (0x65c9e9eaea8fea03),
+ U64_C (0xecca6a656589650f), U64_C (0x686903babad2bab9),
+ U64_C (0x935e4a2f2fbc2f65), U64_C (0xe79d8ec0c027c04e),
+ U64_C (0x81a160dede5fdebe), U64_C (0x6c38fc1c1c701ce0),
+ U64_C (0x2ee746fdfdd3fdbb), U64_C (0x649a1f4d4d294d52),
+ U64_C (0xe0397692927292e4), U64_C (0xbceafa7575c9758f),
+ U64_C (0x1e0c360606180630), U64_C (0x9809ae8a8a128a24),
+ U64_C (0x40794bb2b2f2b2f9), U64_C (0x59d185e6e6bfe663),
+ U64_C (0x361c7e0e0e380e70), U64_C (0x633ee71f1f7c1ff8),
+ U64_C (0xf7c4556262956237), U64_C (0xa3b53ad4d477d4ee),
+ U64_C (0x324d81a8a89aa829), U64_C (0xf4315296966296c4),
+ U64_C (0x3aef62f9f9c3f99b), U64_C (0xf697a3c5c533c566),
+ U64_C (0xb14a102525942535), U64_C (0x20b2ab59597959f2),
+ U64_C (0xae15d084842a8454), U64_C (0xa7e4c57272d572b7),
+ U64_C (0xdd72ec3939e439d5), U64_C (0x6198164c4c2d4c5a),
+ U64_C (0x3bbc945e5e655eca), U64_C (0x85f09f7878fd78e7),
+ U64_C (0xd870e53838e038dd), U64_C (0x8605988c8c0a8c14),
+ U64_C (0xb2bf17d1d163d1c6), U64_C (0x0b57e4a5a5aea541),
+ U64_C (0x4dd9a1e2e2afe243), U64_C (0xf8c24e616199612f),
+ U64_C (0x457b42b3b3f6b3f1), U64_C (0xa542342121842115),
+ U64_C (0xd625089c9c4a9c94), U64_C (0x663cee1e1e781ef0),
+ U64_C (0x5286614343114322), U64_C (0xfc93b1c7c73bc776),
+ U64_C (0x2be54ffcfcd7fcb3), U64_C (0x1408240404100420),
+ U64_C (0x08a2e351515951b2), U64_C (0xc72f2599995e99bc),
+ U64_C (0xc4da226d6da96d4f), U64_C (0x391a650d0d340d68),
+ U64_C (0x35e979fafacffa83), U64_C (0x84a369dfdf5bdfb6),
+ U64_C (0x9bfca97e7ee57ed7), U64_C (0xb44819242490243d),
+ U64_C (0xd776fe3b3bec3bc5), U64_C (0x3d4b9aabab96ab31),
+ U64_C (0xd181f0cece1fce3e), U64_C (0x5522991111441188),
+ U64_C (0x8903838f8f068f0c), U64_C (0x6b9c044e4e254e4a),
+ U64_C (0x517366b7b7e6b7d1), U64_C (0x60cbe0ebeb8beb0b),
+ U64_C (0xcc78c13c3cf03cfd), U64_C (0xbf1ffd81813e817c),
+ U64_C (0xfe354094946a94d4), U64_C (0x0cf31cf7f7fbf7eb),
+ U64_C (0x676f18b9b9deb9a1), U64_C (0x5f268b13134c1398),
+ U64_C (0x9c58512c2cb02c7d), U64_C (0xb8bb05d3d36bd3d6),
+ U64_C (0x5cd38ce7e7bbe76b), U64_C (0xcbdc396e6ea56e57),
+ U64_C (0xf395aac4c437c46e), U64_C (0x0f061b03030c0318),
+ U64_C (0x13acdc565645568a), U64_C (0x49885e44440d441a),
+ U64_C (0x9efea07f7fe17fdf), U64_C (0x374f88a9a99ea921),
+ U64_C (0x8254672a2aa82a4d), U64_C (0x6d6b0abbbbd6bbb1),
+ U64_C (0xe29f87c1c123c146), U64_C (0x02a6f153535153a2),
+ U64_C (0x8ba572dcdc57dcae), U64_C (0x2716530b0b2c0b58),
+ U64_C (0xd327019d9d4e9d9c), U64_C (0xc1d82b6c6cad6c47),
+ U64_C (0xf562a43131c43195), U64_C (0xb9e8f37474cd7487),
+ U64_C (0x09f115f6f6fff6e3), U64_C (0x438c4c464605460a),
+ U64_C (0x2645a5acac8aac09), U64_C (0x970fb589891e893c),
+ U64_C (0x4428b414145014a0), U64_C (0x42dfbae1e1a3e15b),
+ U64_C (0x4e2ca616165816b0), U64_C (0xd274f73a3ae83acd),
+ U64_C (0xd0d2066969b9696f), U64_C (0x2d12410909240948),
+ U64_C (0xade0d77070dd70a7), U64_C (0x54716fb6b6e2b6d9),
+ U64_C (0xb7bd1ed0d067d0ce), U64_C (0x7ec7d6eded93ed3b),
+ U64_C (0xdb85e2cccc17cc2e), U64_C (0x578468424215422a),
+ U64_C (0xc22d2c98985a98b4), U64_C (0x0e55eda4a4aaa449),
+ U64_C (0x8850752828a0285d), U64_C (0x31b8865c5c6d5cda),
+ U64_C (0x3fed6bf8f8c7f893), U64_C (0xa411c28686228644),
+ };
+
+static const u64 C4[256] =
+ {
+ U64_C (0xc07830d818186018), U64_C (0x05af462623238c23),
+ U64_C (0x7ef991b8c6c63fc6), U64_C (0x136fcdfbe8e887e8),
+ U64_C (0x4ca113cb87872687), U64_C (0xa9626d11b8b8dab8),
+ U64_C (0x0805020901010401), U64_C (0x426e9e0d4f4f214f),
+ U64_C (0xadee6c9b3636d836), U64_C (0x590451ffa6a6a2a6),
+ U64_C (0xdebdb90cd2d26fd2), U64_C (0xfb06f70ef5f5f3f5),
+ U64_C (0xef80f2967979f979), U64_C (0x5fcede306f6fa16f),
+ U64_C (0xfcef3f6d91917e91), U64_C (0xaa07a4f852525552),
+ U64_C (0x27fdc04760609d60), U64_C (0x89766535bcbccabc),
+ U64_C (0xaccd2b379b9b569b), U64_C (0x048c018a8e8e028e),
+ U64_C (0x71155bd2a3a3b6a3), U64_C (0x603c186c0c0c300c),
+ U64_C (0xff8af6847b7bf17b), U64_C (0xb5e16a803535d435),
+ U64_C (0xe8693af51d1d741d), U64_C (0x5347ddb3e0e0a7e0),
+ U64_C (0xf6acb321d7d77bd7), U64_C (0x5eed999cc2c22fc2),
+ U64_C (0x6d965c432e2eb82e), U64_C (0x627a96294b4b314b),
+ U64_C (0xa321e15dfefedffe), U64_C (0x8216aed557574157),
+ U64_C (0xa8412abd15155415), U64_C (0x9fb6eee87777c177),
+ U64_C (0xa5eb6e923737dc37), U64_C (0x7b56d79ee5e5b3e5),
+ U64_C (0x8cd923139f9f469f), U64_C (0xd317fd23f0f0e7f0),
+ U64_C (0x6a7f94204a4a354a), U64_C (0x9e95a944dada4fda),
+ U64_C (0xfa25b0a258587d58), U64_C (0x06ca8fcfc9c903c9),
+ U64_C (0x558d527c2929a429), U64_C (0x5022145a0a0a280a),
+ U64_C (0xe14f7f50b1b1feb1), U64_C (0x691a5dc9a0a0baa0),
+ U64_C (0x7fdad6146b6bb16b), U64_C (0x5cab17d985852e85),
+ U64_C (0x8173673cbdbdcebd), U64_C (0xd234ba8f5d5d695d),
+ U64_C (0x8050209010104010), U64_C (0xf303f507f4f4f7f4),
+ U64_C (0x16c08bddcbcb0bcb), U64_C (0xedc67cd33e3ef83e),
+ U64_C (0x28110a2d05051405), U64_C (0x1fe6ce7867678167),
+ U64_C (0x7353d597e4e4b7e4), U64_C (0x25bb4e0227279c27),
+ U64_C (0x3258827341411941), U64_C (0x2c9d0ba78b8b168b),
+ U64_C (0x510153f6a7a7a6a7), U64_C (0xcf94fab27d7de97d),
+ U64_C (0xdcfb374995956e95), U64_C (0x8e9fad56d8d847d8),
+ U64_C (0x8b30eb70fbfbcbfb), U64_C (0x2371c1cdeeee9fee),
+ U64_C (0xc791f8bb7c7ced7c), U64_C (0x17e3cc7166668566),
+ U64_C (0xa68ea77bdddd53dd), U64_C (0xb84b2eaf17175c17),
+ U64_C (0x02468e4547470147), U64_C (0x84dc211a9e9e429e),
+ U64_C (0x1ec589d4caca0fca), U64_C (0x75995a582d2db42d),
+ U64_C (0x9179632ebfbfc6bf), U64_C (0x381b0e3f07071c07),
+ U64_C (0x012347acadad8ead), U64_C (0xea2fb4b05a5a755a),
+ U64_C (0x6cb51bef83833683), U64_C (0x85ff66b63333cc33),
+ U64_C (0x3ff2c65c63639163), U64_C (0x100a041202020802),
+ U64_C (0x39384993aaaa92aa), U64_C (0xafa8e2de7171d971),
+ U64_C (0x0ecf8dc6c8c807c8), U64_C (0xc87d32d119196419),
+ U64_C (0x7270923b49493949), U64_C (0x869aaf5fd9d943d9),
+ U64_C (0xc31df931f2f2eff2), U64_C (0x4b48dba8e3e3abe3),
+ U64_C (0xe22ab6b95b5b715b), U64_C (0x34920dbc88881a88),
+ U64_C (0xa4c8293e9a9a529a), U64_C (0x2dbe4c0b26269826),
+ U64_C (0x8dfa64bf3232c832), U64_C (0xe94a7d59b0b0fab0),
+ U64_C (0x1b6acff2e9e983e9), U64_C (0x78331e770f0f3c0f),
+ U64_C (0xe6a6b733d5d573d5), U64_C (0x74ba1df480803a80),
+ U64_C (0x997c6127bebec2be), U64_C (0x26de87ebcdcd13cd),
+ U64_C (0xbde468893434d034), U64_C (0x7a75903248483d48),
+ U64_C (0xab24e354ffffdbff), U64_C (0xf78ff48d7a7af57a),
+ U64_C (0xf4ea3d6490907a90), U64_C (0xc23ebe9d5f5f615f),
+ U64_C (0x1da0403d20208020), U64_C (0x67d5d00f6868bd68),
+ U64_C (0xd07234ca1a1a681a), U64_C (0x192c41b7aeae82ae),
+ U64_C (0xc95e757db4b4eab4), U64_C (0x9a19a8ce54544d54),
+ U64_C (0xece53b7f93937693), U64_C (0x0daa442f22228822),
+ U64_C (0x07e9c86364648d64), U64_C (0xdb12ff2af1f1e3f1),
+ U64_C (0xbfa2e6cc7373d173), U64_C (0x905a248212124812),
+ U64_C (0x3a5d807a40401d40), U64_C (0x4028104808082008),
+ U64_C (0x56e89b95c3c32bc3), U64_C (0x337bc5dfecec97ec),
+ U64_C (0x9690ab4ddbdb4bdb), U64_C (0x611f5fc0a1a1bea1),
+ U64_C (0x1c8307918d8d0e8d), U64_C (0xf5c97ac83d3df43d),
+ U64_C (0xccf1335b97976697), U64_C (0x0000000000000000),
+ U64_C (0x36d483f9cfcf1bcf), U64_C (0x4587566e2b2bac2b),
+ U64_C (0x97b3ece17676c576), U64_C (0x64b019e682823282),
+ U64_C (0xfea9b128d6d67fd6), U64_C (0xd87736c31b1b6c1b),
+ U64_C (0xc15b7774b5b5eeb5), U64_C (0x112943beafaf86af),
+ U64_C (0x77dfd41d6a6ab56a), U64_C (0xba0da0ea50505d50),
+ U64_C (0x124c8a5745450945), U64_C (0xcb18fb38f3f3ebf3),
+ U64_C (0x9df060ad3030c030), U64_C (0x2b74c3c4efef9bef),
+ U64_C (0xe5c37eda3f3ffc3f), U64_C (0x921caac755554955),
+ U64_C (0x791059dba2a2b2a2), U64_C (0x0365c9e9eaea8fea),
+ U64_C (0x0fecca6a65658965), U64_C (0xb9686903babad2ba),
+ U64_C (0x65935e4a2f2fbc2f), U64_C (0x4ee79d8ec0c027c0),
+ U64_C (0xbe81a160dede5fde), U64_C (0xe06c38fc1c1c701c),
+ U64_C (0xbb2ee746fdfdd3fd), U64_C (0x52649a1f4d4d294d),
+ U64_C (0xe4e0397692927292), U64_C (0x8fbceafa7575c975),
+ U64_C (0x301e0c3606061806), U64_C (0x249809ae8a8a128a),
+ U64_C (0xf940794bb2b2f2b2), U64_C (0x6359d185e6e6bfe6),
+ U64_C (0x70361c7e0e0e380e), U64_C (0xf8633ee71f1f7c1f),
+ U64_C (0x37f7c45562629562), U64_C (0xeea3b53ad4d477d4),
+ U64_C (0x29324d81a8a89aa8), U64_C (0xc4f4315296966296),
+ U64_C (0x9b3aef62f9f9c3f9), U64_C (0x66f697a3c5c533c5),
+ U64_C (0x35b14a1025259425), U64_C (0xf220b2ab59597959),
+ U64_C (0x54ae15d084842a84), U64_C (0xb7a7e4c57272d572),
+ U64_C (0xd5dd72ec3939e439), U64_C (0x5a6198164c4c2d4c),
+ U64_C (0xca3bbc945e5e655e), U64_C (0xe785f09f7878fd78),
+ U64_C (0xddd870e53838e038), U64_C (0x148605988c8c0a8c),
+ U64_C (0xc6b2bf17d1d163d1), U64_C (0x410b57e4a5a5aea5),
+ U64_C (0x434dd9a1e2e2afe2), U64_C (0x2ff8c24e61619961),
+ U64_C (0xf1457b42b3b3f6b3), U64_C (0x15a5423421218421),
+ U64_C (0x94d625089c9c4a9c), U64_C (0xf0663cee1e1e781e),
+ U64_C (0x2252866143431143), U64_C (0x76fc93b1c7c73bc7),
+ U64_C (0xb32be54ffcfcd7fc), U64_C (0x2014082404041004),
+ U64_C (0xb208a2e351515951), U64_C (0xbcc72f2599995e99),
+ U64_C (0x4fc4da226d6da96d), U64_C (0x68391a650d0d340d),
+ U64_C (0x8335e979fafacffa), U64_C (0xb684a369dfdf5bdf),
+ U64_C (0xd79bfca97e7ee57e), U64_C (0x3db4481924249024),
+ U64_C (0xc5d776fe3b3bec3b), U64_C (0x313d4b9aabab96ab),
+ U64_C (0x3ed181f0cece1fce), U64_C (0x8855229911114411),
+ U64_C (0x0c8903838f8f068f), U64_C (0x4a6b9c044e4e254e),
+ U64_C (0xd1517366b7b7e6b7), U64_C (0x0b60cbe0ebeb8beb),
+ U64_C (0xfdcc78c13c3cf03c), U64_C (0x7cbf1ffd81813e81),
+ U64_C (0xd4fe354094946a94), U64_C (0xeb0cf31cf7f7fbf7),
+ U64_C (0xa1676f18b9b9deb9), U64_C (0x985f268b13134c13),
+ U64_C (0x7d9c58512c2cb02c), U64_C (0xd6b8bb05d3d36bd3),
+ U64_C (0x6b5cd38ce7e7bbe7), U64_C (0x57cbdc396e6ea56e),
+ U64_C (0x6ef395aac4c437c4), U64_C (0x180f061b03030c03),
+ U64_C (0x8a13acdc56564556), U64_C (0x1a49885e44440d44),
+ U64_C (0xdf9efea07f7fe17f), U64_C (0x21374f88a9a99ea9),
+ U64_C (0x4d8254672a2aa82a), U64_C (0xb16d6b0abbbbd6bb),
+ U64_C (0x46e29f87c1c123c1), U64_C (0xa202a6f153535153),
+ U64_C (0xae8ba572dcdc57dc), U64_C (0x582716530b0b2c0b),
+ U64_C (0x9cd327019d9d4e9d), U64_C (0x47c1d82b6c6cad6c),
+ U64_C (0x95f562a43131c431), U64_C (0x87b9e8f37474cd74),
+ U64_C (0xe309f115f6f6fff6), U64_C (0x0a438c4c46460546),
+ U64_C (0x092645a5acac8aac), U64_C (0x3c970fb589891e89),
+ U64_C (0xa04428b414145014), U64_C (0x5b42dfbae1e1a3e1),
+ U64_C (0xb04e2ca616165816), U64_C (0xcdd274f73a3ae83a),
+ U64_C (0x6fd0d2066969b969), U64_C (0x482d124109092409),
+ U64_C (0xa7ade0d77070dd70), U64_C (0xd954716fb6b6e2b6),
+ U64_C (0xceb7bd1ed0d067d0), U64_C (0x3b7ec7d6eded93ed),
+ U64_C (0x2edb85e2cccc17cc), U64_C (0x2a57846842421542),
+ U64_C (0xb4c22d2c98985a98), U64_C (0x490e55eda4a4aaa4),
+ U64_C (0x5d8850752828a028), U64_C (0xda31b8865c5c6d5c),
+ U64_C (0x933fed6bf8f8c7f8), U64_C (0x44a411c286862286),
+ };
+
+static const u64 C5[256] =
+ {
+ U64_C (0x18c07830d8181860), U64_C (0x2305af462623238c),
+ U64_C (0xc67ef991b8c6c63f), U64_C (0xe8136fcdfbe8e887),
+ U64_C (0x874ca113cb878726), U64_C (0xb8a9626d11b8b8da),
+ U64_C (0x0108050209010104), U64_C (0x4f426e9e0d4f4f21),
+ U64_C (0x36adee6c9b3636d8), U64_C (0xa6590451ffa6a6a2),
+ U64_C (0xd2debdb90cd2d26f), U64_C (0xf5fb06f70ef5f5f3),
+ U64_C (0x79ef80f2967979f9), U64_C (0x6f5fcede306f6fa1),
+ U64_C (0x91fcef3f6d91917e), U64_C (0x52aa07a4f8525255),
+ U64_C (0x6027fdc04760609d), U64_C (0xbc89766535bcbcca),
+ U64_C (0x9baccd2b379b9b56), U64_C (0x8e048c018a8e8e02),
+ U64_C (0xa371155bd2a3a3b6), U64_C (0x0c603c186c0c0c30),
+ U64_C (0x7bff8af6847b7bf1), U64_C (0x35b5e16a803535d4),
+ U64_C (0x1de8693af51d1d74), U64_C (0xe05347ddb3e0e0a7),
+ U64_C (0xd7f6acb321d7d77b), U64_C (0xc25eed999cc2c22f),
+ U64_C (0x2e6d965c432e2eb8), U64_C (0x4b627a96294b4b31),
+ U64_C (0xfea321e15dfefedf), U64_C (0x578216aed5575741),
+ U64_C (0x15a8412abd151554), U64_C (0x779fb6eee87777c1),
+ U64_C (0x37a5eb6e923737dc), U64_C (0xe57b56d79ee5e5b3),
+ U64_C (0x9f8cd923139f9f46), U64_C (0xf0d317fd23f0f0e7),
+ U64_C (0x4a6a7f94204a4a35), U64_C (0xda9e95a944dada4f),
+ U64_C (0x58fa25b0a258587d), U64_C (0xc906ca8fcfc9c903),
+ U64_C (0x29558d527c2929a4), U64_C (0x0a5022145a0a0a28),
+ U64_C (0xb1e14f7f50b1b1fe), U64_C (0xa0691a5dc9a0a0ba),
+ U64_C (0x6b7fdad6146b6bb1), U64_C (0x855cab17d985852e),
+ U64_C (0xbd8173673cbdbdce), U64_C (0x5dd234ba8f5d5d69),
+ U64_C (0x1080502090101040), U64_C (0xf4f303f507f4f4f7),
+ U64_C (0xcb16c08bddcbcb0b), U64_C (0x3eedc67cd33e3ef8),
+ U64_C (0x0528110a2d050514), U64_C (0x671fe6ce78676781),
+ U64_C (0xe47353d597e4e4b7), U64_C (0x2725bb4e0227279c),
+ U64_C (0x4132588273414119), U64_C (0x8b2c9d0ba78b8b16),
+ U64_C (0xa7510153f6a7a7a6), U64_C (0x7dcf94fab27d7de9),
+ U64_C (0x95dcfb374995956e), U64_C (0xd88e9fad56d8d847),
+ U64_C (0xfb8b30eb70fbfbcb), U64_C (0xee2371c1cdeeee9f),
+ U64_C (0x7cc791f8bb7c7ced), U64_C (0x6617e3cc71666685),
+ U64_C (0xdda68ea77bdddd53), U64_C (0x17b84b2eaf17175c),
+ U64_C (0x4702468e45474701), U64_C (0x9e84dc211a9e9e42),
+ U64_C (0xca1ec589d4caca0f), U64_C (0x2d75995a582d2db4),
+ U64_C (0xbf9179632ebfbfc6), U64_C (0x07381b0e3f07071c),
+ U64_C (0xad012347acadad8e), U64_C (0x5aea2fb4b05a5a75),
+ U64_C (0x836cb51bef838336), U64_C (0x3385ff66b63333cc),
+ U64_C (0x633ff2c65c636391), U64_C (0x02100a0412020208),
+ U64_C (0xaa39384993aaaa92), U64_C (0x71afa8e2de7171d9),
+ U64_C (0xc80ecf8dc6c8c807), U64_C (0x19c87d32d1191964),
+ U64_C (0x497270923b494939), U64_C (0xd9869aaf5fd9d943),
+ U64_C (0xf2c31df931f2f2ef), U64_C (0xe34b48dba8e3e3ab),
+ U64_C (0x5be22ab6b95b5b71), U64_C (0x8834920dbc88881a),
+ U64_C (0x9aa4c8293e9a9a52), U64_C (0x262dbe4c0b262698),
+ U64_C (0x328dfa64bf3232c8), U64_C (0xb0e94a7d59b0b0fa),
+ U64_C (0xe91b6acff2e9e983), U64_C (0x0f78331e770f0f3c),
+ U64_C (0xd5e6a6b733d5d573), U64_C (0x8074ba1df480803a),
+ U64_C (0xbe997c6127bebec2), U64_C (0xcd26de87ebcdcd13),
+ U64_C (0x34bde468893434d0), U64_C (0x487a75903248483d),
+ U64_C (0xffab24e354ffffdb), U64_C (0x7af78ff48d7a7af5),
+ U64_C (0x90f4ea3d6490907a), U64_C (0x5fc23ebe9d5f5f61),
+ U64_C (0x201da0403d202080), U64_C (0x6867d5d00f6868bd),
+ U64_C (0x1ad07234ca1a1a68), U64_C (0xae192c41b7aeae82),
+ U64_C (0xb4c95e757db4b4ea), U64_C (0x549a19a8ce54544d),
+ U64_C (0x93ece53b7f939376), U64_C (0x220daa442f222288),
+ U64_C (0x6407e9c86364648d), U64_C (0xf1db12ff2af1f1e3),
+ U64_C (0x73bfa2e6cc7373d1), U64_C (0x12905a2482121248),
+ U64_C (0x403a5d807a40401d), U64_C (0x0840281048080820),
+ U64_C (0xc356e89b95c3c32b), U64_C (0xec337bc5dfecec97),
+ U64_C (0xdb9690ab4ddbdb4b), U64_C (0xa1611f5fc0a1a1be),
+ U64_C (0x8d1c8307918d8d0e), U64_C (0x3df5c97ac83d3df4),
+ U64_C (0x97ccf1335b979766), U64_C (0x0000000000000000),
+ U64_C (0xcf36d483f9cfcf1b), U64_C (0x2b4587566e2b2bac),
+ U64_C (0x7697b3ece17676c5), U64_C (0x8264b019e6828232),
+ U64_C (0xd6fea9b128d6d67f), U64_C (0x1bd87736c31b1b6c),
+ U64_C (0xb5c15b7774b5b5ee), U64_C (0xaf112943beafaf86),
+ U64_C (0x6a77dfd41d6a6ab5), U64_C (0x50ba0da0ea50505d),
+ U64_C (0x45124c8a57454509), U64_C (0xf3cb18fb38f3f3eb),
+ U64_C (0x309df060ad3030c0), U64_C (0xef2b74c3c4efef9b),
+ U64_C (0x3fe5c37eda3f3ffc), U64_C (0x55921caac7555549),
+ U64_C (0xa2791059dba2a2b2), U64_C (0xea0365c9e9eaea8f),
+ U64_C (0x650fecca6a656589), U64_C (0xbab9686903babad2),
+ U64_C (0x2f65935e4a2f2fbc), U64_C (0xc04ee79d8ec0c027),
+ U64_C (0xdebe81a160dede5f), U64_C (0x1ce06c38fc1c1c70),
+ U64_C (0xfdbb2ee746fdfdd3), U64_C (0x4d52649a1f4d4d29),
+ U64_C (0x92e4e03976929272), U64_C (0x758fbceafa7575c9),
+ U64_C (0x06301e0c36060618), U64_C (0x8a249809ae8a8a12),
+ U64_C (0xb2f940794bb2b2f2), U64_C (0xe66359d185e6e6bf),
+ U64_C (0x0e70361c7e0e0e38), U64_C (0x1ff8633ee71f1f7c),
+ U64_C (0x6237f7c455626295), U64_C (0xd4eea3b53ad4d477),
+ U64_C (0xa829324d81a8a89a), U64_C (0x96c4f43152969662),
+ U64_C (0xf99b3aef62f9f9c3), U64_C (0xc566f697a3c5c533),
+ U64_C (0x2535b14a10252594), U64_C (0x59f220b2ab595979),
+ U64_C (0x8454ae15d084842a), U64_C (0x72b7a7e4c57272d5),
+ U64_C (0x39d5dd72ec3939e4), U64_C (0x4c5a6198164c4c2d),
+ U64_C (0x5eca3bbc945e5e65), U64_C (0x78e785f09f7878fd),
+ U64_C (0x38ddd870e53838e0), U64_C (0x8c148605988c8c0a),
+ U64_C (0xd1c6b2bf17d1d163), U64_C (0xa5410b57e4a5a5ae),
+ U64_C (0xe2434dd9a1e2e2af), U64_C (0x612ff8c24e616199),
+ U64_C (0xb3f1457b42b3b3f6), U64_C (0x2115a54234212184),
+ U64_C (0x9c94d625089c9c4a), U64_C (0x1ef0663cee1e1e78),
+ U64_C (0x4322528661434311), U64_C (0xc776fc93b1c7c73b),
+ U64_C (0xfcb32be54ffcfcd7), U64_C (0x0420140824040410),
+ U64_C (0x51b208a2e3515159), U64_C (0x99bcc72f2599995e),
+ U64_C (0x6d4fc4da226d6da9), U64_C (0x0d68391a650d0d34),
+ U64_C (0xfa8335e979fafacf), U64_C (0xdfb684a369dfdf5b),
+ U64_C (0x7ed79bfca97e7ee5), U64_C (0x243db44819242490),
+ U64_C (0x3bc5d776fe3b3bec), U64_C (0xab313d4b9aabab96),
+ U64_C (0xce3ed181f0cece1f), U64_C (0x1188552299111144),
+ U64_C (0x8f0c8903838f8f06), U64_C (0x4e4a6b9c044e4e25),
+ U64_C (0xb7d1517366b7b7e6), U64_C (0xeb0b60cbe0ebeb8b),
+ U64_C (0x3cfdcc78c13c3cf0), U64_C (0x817cbf1ffd81813e),
+ U64_C (0x94d4fe354094946a), U64_C (0xf7eb0cf31cf7f7fb),
+ U64_C (0xb9a1676f18b9b9de), U64_C (0x13985f268b13134c),
+ U64_C (0x2c7d9c58512c2cb0), U64_C (0xd3d6b8bb05d3d36b),
+ U64_C (0xe76b5cd38ce7e7bb), U64_C (0x6e57cbdc396e6ea5),
+ U64_C (0xc46ef395aac4c437), U64_C (0x03180f061b03030c),
+ U64_C (0x568a13acdc565645), U64_C (0x441a49885e44440d),
+ U64_C (0x7fdf9efea07f7fe1), U64_C (0xa921374f88a9a99e),
+ U64_C (0x2a4d8254672a2aa8), U64_C (0xbbb16d6b0abbbbd6),
+ U64_C (0xc146e29f87c1c123), U64_C (0x53a202a6f1535351),
+ U64_C (0xdcae8ba572dcdc57), U64_C (0x0b582716530b0b2c),
+ U64_C (0x9d9cd327019d9d4e), U64_C (0x6c47c1d82b6c6cad),
+ U64_C (0x3195f562a43131c4), U64_C (0x7487b9e8f37474cd),
+ U64_C (0xf6e309f115f6f6ff), U64_C (0x460a438c4c464605),
+ U64_C (0xac092645a5acac8a), U64_C (0x893c970fb589891e),
+ U64_C (0x14a04428b4141450), U64_C (0xe15b42dfbae1e1a3),
+ U64_C (0x16b04e2ca6161658), U64_C (0x3acdd274f73a3ae8),
+ U64_C (0x696fd0d2066969b9), U64_C (0x09482d1241090924),
+ U64_C (0x70a7ade0d77070dd), U64_C (0xb6d954716fb6b6e2),
+ U64_C (0xd0ceb7bd1ed0d067), U64_C (0xed3b7ec7d6eded93),
+ U64_C (0xcc2edb85e2cccc17), U64_C (0x422a578468424215),
+ U64_C (0x98b4c22d2c98985a), U64_C (0xa4490e55eda4a4aa),
+ U64_C (0x285d8850752828a0), U64_C (0x5cda31b8865c5c6d),
+ U64_C (0xf8933fed6bf8f8c7), U64_C (0x8644a411c2868622),
+ };
+
+static const u64 C6[256] =
+ {
+ U64_C (0x6018c07830d81818), U64_C (0x8c2305af46262323),
+ U64_C (0x3fc67ef991b8c6c6), U64_C (0x87e8136fcdfbe8e8),
+ U64_C (0x26874ca113cb8787), U64_C (0xdab8a9626d11b8b8),
+ U64_C (0x0401080502090101), U64_C (0x214f426e9e0d4f4f),
+ U64_C (0xd836adee6c9b3636), U64_C (0xa2a6590451ffa6a6),
+ U64_C (0x6fd2debdb90cd2d2), U64_C (0xf3f5fb06f70ef5f5),
+ U64_C (0xf979ef80f2967979), U64_C (0xa16f5fcede306f6f),
+ U64_C (0x7e91fcef3f6d9191), U64_C (0x5552aa07a4f85252),
+ U64_C (0x9d6027fdc0476060), U64_C (0xcabc89766535bcbc),
+ U64_C (0x569baccd2b379b9b), U64_C (0x028e048c018a8e8e),
+ U64_C (0xb6a371155bd2a3a3), U64_C (0x300c603c186c0c0c),
+ U64_C (0xf17bff8af6847b7b), U64_C (0xd435b5e16a803535),
+ U64_C (0x741de8693af51d1d), U64_C (0xa7e05347ddb3e0e0),
+ U64_C (0x7bd7f6acb321d7d7), U64_C (0x2fc25eed999cc2c2),
+ U64_C (0xb82e6d965c432e2e), U64_C (0x314b627a96294b4b),
+ U64_C (0xdffea321e15dfefe), U64_C (0x41578216aed55757),
+ U64_C (0x5415a8412abd1515), U64_C (0xc1779fb6eee87777),
+ U64_C (0xdc37a5eb6e923737), U64_C (0xb3e57b56d79ee5e5),
+ U64_C (0x469f8cd923139f9f), U64_C (0xe7f0d317fd23f0f0),
+ U64_C (0x354a6a7f94204a4a), U64_C (0x4fda9e95a944dada),
+ U64_C (0x7d58fa25b0a25858), U64_C (0x03c906ca8fcfc9c9),
+ U64_C (0xa429558d527c2929), U64_C (0x280a5022145a0a0a),
+ U64_C (0xfeb1e14f7f50b1b1), U64_C (0xbaa0691a5dc9a0a0),
+ U64_C (0xb16b7fdad6146b6b), U64_C (0x2e855cab17d98585),
+ U64_C (0xcebd8173673cbdbd), U64_C (0x695dd234ba8f5d5d),
+ U64_C (0x4010805020901010), U64_C (0xf7f4f303f507f4f4),
+ U64_C (0x0bcb16c08bddcbcb), U64_C (0xf83eedc67cd33e3e),
+ U64_C (0x140528110a2d0505), U64_C (0x81671fe6ce786767),
+ U64_C (0xb7e47353d597e4e4), U64_C (0x9c2725bb4e022727),
+ U64_C (0x1941325882734141), U64_C (0x168b2c9d0ba78b8b),
+ U64_C (0xa6a7510153f6a7a7), U64_C (0xe97dcf94fab27d7d),
+ U64_C (0x6e95dcfb37499595), U64_C (0x47d88e9fad56d8d8),
+ U64_C (0xcbfb8b30eb70fbfb), U64_C (0x9fee2371c1cdeeee),
+ U64_C (0xed7cc791f8bb7c7c), U64_C (0x856617e3cc716666),
+ U64_C (0x53dda68ea77bdddd), U64_C (0x5c17b84b2eaf1717),
+ U64_C (0x014702468e454747), U64_C (0x429e84dc211a9e9e),
+ U64_C (0x0fca1ec589d4caca), U64_C (0xb42d75995a582d2d),
+ U64_C (0xc6bf9179632ebfbf), U64_C (0x1c07381b0e3f0707),
+ U64_C (0x8ead012347acadad), U64_C (0x755aea2fb4b05a5a),
+ U64_C (0x36836cb51bef8383), U64_C (0xcc3385ff66b63333),
+ U64_C (0x91633ff2c65c6363), U64_C (0x0802100a04120202),
+ U64_C (0x92aa39384993aaaa), U64_C (0xd971afa8e2de7171),
+ U64_C (0x07c80ecf8dc6c8c8), U64_C (0x6419c87d32d11919),
+ U64_C (0x39497270923b4949), U64_C (0x43d9869aaf5fd9d9),
+ U64_C (0xeff2c31df931f2f2), U64_C (0xabe34b48dba8e3e3),
+ U64_C (0x715be22ab6b95b5b), U64_C (0x1a8834920dbc8888),
+ U64_C (0x529aa4c8293e9a9a), U64_C (0x98262dbe4c0b2626),
+ U64_C (0xc8328dfa64bf3232), U64_C (0xfab0e94a7d59b0b0),
+ U64_C (0x83e91b6acff2e9e9), U64_C (0x3c0f78331e770f0f),
+ U64_C (0x73d5e6a6b733d5d5), U64_C (0x3a8074ba1df48080),
+ U64_C (0xc2be997c6127bebe), U64_C (0x13cd26de87ebcdcd),
+ U64_C (0xd034bde468893434), U64_C (0x3d487a7590324848),
+ U64_C (0xdbffab24e354ffff), U64_C (0xf57af78ff48d7a7a),
+ U64_C (0x7a90f4ea3d649090), U64_C (0x615fc23ebe9d5f5f),
+ U64_C (0x80201da0403d2020), U64_C (0xbd6867d5d00f6868),
+ U64_C (0x681ad07234ca1a1a), U64_C (0x82ae192c41b7aeae),
+ U64_C (0xeab4c95e757db4b4), U64_C (0x4d549a19a8ce5454),
+ U64_C (0x7693ece53b7f9393), U64_C (0x88220daa442f2222),
+ U64_C (0x8d6407e9c8636464), U64_C (0xe3f1db12ff2af1f1),
+ U64_C (0xd173bfa2e6cc7373), U64_C (0x4812905a24821212),
+ U64_C (0x1d403a5d807a4040), U64_C (0x2008402810480808),
+ U64_C (0x2bc356e89b95c3c3), U64_C (0x97ec337bc5dfecec),
+ U64_C (0x4bdb9690ab4ddbdb), U64_C (0xbea1611f5fc0a1a1),
+ U64_C (0x0e8d1c8307918d8d), U64_C (0xf43df5c97ac83d3d),
+ U64_C (0x6697ccf1335b9797), U64_C (0x0000000000000000),
+ U64_C (0x1bcf36d483f9cfcf), U64_C (0xac2b4587566e2b2b),
+ U64_C (0xc57697b3ece17676), U64_C (0x328264b019e68282),
+ U64_C (0x7fd6fea9b128d6d6), U64_C (0x6c1bd87736c31b1b),
+ U64_C (0xeeb5c15b7774b5b5), U64_C (0x86af112943beafaf),
+ U64_C (0xb56a77dfd41d6a6a), U64_C (0x5d50ba0da0ea5050),
+ U64_C (0x0945124c8a574545), U64_C (0xebf3cb18fb38f3f3),
+ U64_C (0xc0309df060ad3030), U64_C (0x9bef2b74c3c4efef),
+ U64_C (0xfc3fe5c37eda3f3f), U64_C (0x4955921caac75555),
+ U64_C (0xb2a2791059dba2a2), U64_C (0x8fea0365c9e9eaea),
+ U64_C (0x89650fecca6a6565), U64_C (0xd2bab9686903baba),
+ U64_C (0xbc2f65935e4a2f2f), U64_C (0x27c04ee79d8ec0c0),
+ U64_C (0x5fdebe81a160dede), U64_C (0x701ce06c38fc1c1c),
+ U64_C (0xd3fdbb2ee746fdfd), U64_C (0x294d52649a1f4d4d),
+ U64_C (0x7292e4e039769292), U64_C (0xc9758fbceafa7575),
+ U64_C (0x1806301e0c360606), U64_C (0x128a249809ae8a8a),
+ U64_C (0xf2b2f940794bb2b2), U64_C (0xbfe66359d185e6e6),
+ U64_C (0x380e70361c7e0e0e), U64_C (0x7c1ff8633ee71f1f),
+ U64_C (0x956237f7c4556262), U64_C (0x77d4eea3b53ad4d4),
+ U64_C (0x9aa829324d81a8a8), U64_C (0x6296c4f431529696),
+ U64_C (0xc3f99b3aef62f9f9), U64_C (0x33c566f697a3c5c5),
+ U64_C (0x942535b14a102525), U64_C (0x7959f220b2ab5959),
+ U64_C (0x2a8454ae15d08484), U64_C (0xd572b7a7e4c57272),
+ U64_C (0xe439d5dd72ec3939), U64_C (0x2d4c5a6198164c4c),
+ U64_C (0x655eca3bbc945e5e), U64_C (0xfd78e785f09f7878),
+ U64_C (0xe038ddd870e53838), U64_C (0x0a8c148605988c8c),
+ U64_C (0x63d1c6b2bf17d1d1), U64_C (0xaea5410b57e4a5a5),
+ U64_C (0xafe2434dd9a1e2e2), U64_C (0x99612ff8c24e6161),
+ U64_C (0xf6b3f1457b42b3b3), U64_C (0x842115a542342121),
+ U64_C (0x4a9c94d625089c9c), U64_C (0x781ef0663cee1e1e),
+ U64_C (0x1143225286614343), U64_C (0x3bc776fc93b1c7c7),
+ U64_C (0xd7fcb32be54ffcfc), U64_C (0x1004201408240404),
+ U64_C (0x5951b208a2e35151), U64_C (0x5e99bcc72f259999),
+ U64_C (0xa96d4fc4da226d6d), U64_C (0x340d68391a650d0d),
+ U64_C (0xcffa8335e979fafa), U64_C (0x5bdfb684a369dfdf),
+ U64_C (0xe57ed79bfca97e7e), U64_C (0x90243db448192424),
+ U64_C (0xec3bc5d776fe3b3b), U64_C (0x96ab313d4b9aabab),
+ U64_C (0x1fce3ed181f0cece), U64_C (0x4411885522991111),
+ U64_C (0x068f0c8903838f8f), U64_C (0x254e4a6b9c044e4e),
+ U64_C (0xe6b7d1517366b7b7), U64_C (0x8beb0b60cbe0ebeb),
+ U64_C (0xf03cfdcc78c13c3c), U64_C (0x3e817cbf1ffd8181),
+ U64_C (0x6a94d4fe35409494), U64_C (0xfbf7eb0cf31cf7f7),
+ U64_C (0xdeb9a1676f18b9b9), U64_C (0x4c13985f268b1313),
+ U64_C (0xb02c7d9c58512c2c), U64_C (0x6bd3d6b8bb05d3d3),
+ U64_C (0xbbe76b5cd38ce7e7), U64_C (0xa56e57cbdc396e6e),
+ U64_C (0x37c46ef395aac4c4), U64_C (0x0c03180f061b0303),
+ U64_C (0x45568a13acdc5656), U64_C (0x0d441a49885e4444),
+ U64_C (0xe17fdf9efea07f7f), U64_C (0x9ea921374f88a9a9),
+ U64_C (0xa82a4d8254672a2a), U64_C (0xd6bbb16d6b0abbbb),
+ U64_C (0x23c146e29f87c1c1), U64_C (0x5153a202a6f15353),
+ U64_C (0x57dcae8ba572dcdc), U64_C (0x2c0b582716530b0b),
+ U64_C (0x4e9d9cd327019d9d), U64_C (0xad6c47c1d82b6c6c),
+ U64_C (0xc43195f562a43131), U64_C (0xcd7487b9e8f37474),
+ U64_C (0xfff6e309f115f6f6), U64_C (0x05460a438c4c4646),
+ U64_C (0x8aac092645a5acac), U64_C (0x1e893c970fb58989),
+ U64_C (0x5014a04428b41414), U64_C (0xa3e15b42dfbae1e1),
+ U64_C (0x5816b04e2ca61616), U64_C (0xe83acdd274f73a3a),
+ U64_C (0xb9696fd0d2066969), U64_C (0x2409482d12410909),
+ U64_C (0xdd70a7ade0d77070), U64_C (0xe2b6d954716fb6b6),
+ U64_C (0x67d0ceb7bd1ed0d0), U64_C (0x93ed3b7ec7d6eded),
+ U64_C (0x17cc2edb85e2cccc), U64_C (0x15422a5784684242),
+ U64_C (0x5a98b4c22d2c9898), U64_C (0xaaa4490e55eda4a4),
+ U64_C (0xa0285d8850752828), U64_C (0x6d5cda31b8865c5c),
+ U64_C (0xc7f8933fed6bf8f8), U64_C (0x228644a411c28686),
+ };
+
+static const u64 C7[256] =
+ {
+ U64_C (0x186018c07830d818), U64_C (0x238c2305af462623),
+ U64_C (0xc63fc67ef991b8c6), U64_C (0xe887e8136fcdfbe8),
+ U64_C (0x8726874ca113cb87), U64_C (0xb8dab8a9626d11b8),
+ U64_C (0x0104010805020901), U64_C (0x4f214f426e9e0d4f),
+ U64_C (0x36d836adee6c9b36), U64_C (0xa6a2a6590451ffa6),
+ U64_C (0xd26fd2debdb90cd2), U64_C (0xf5f3f5fb06f70ef5),
+ U64_C (0x79f979ef80f29679), U64_C (0x6fa16f5fcede306f),
+ U64_C (0x917e91fcef3f6d91), U64_C (0x525552aa07a4f852),
+ U64_C (0x609d6027fdc04760), U64_C (0xbccabc89766535bc),
+ U64_C (0x9b569baccd2b379b), U64_C (0x8e028e048c018a8e),
+ U64_C (0xa3b6a371155bd2a3), U64_C (0x0c300c603c186c0c),
+ U64_C (0x7bf17bff8af6847b), U64_C (0x35d435b5e16a8035),
+ U64_C (0x1d741de8693af51d), U64_C (0xe0a7e05347ddb3e0),
+ U64_C (0xd77bd7f6acb321d7), U64_C (0xc22fc25eed999cc2),
+ U64_C (0x2eb82e6d965c432e), U64_C (0x4b314b627a96294b),
+ U64_C (0xfedffea321e15dfe), U64_C (0x5741578216aed557),
+ U64_C (0x155415a8412abd15), U64_C (0x77c1779fb6eee877),
+ U64_C (0x37dc37a5eb6e9237), U64_C (0xe5b3e57b56d79ee5),
+ U64_C (0x9f469f8cd923139f), U64_C (0xf0e7f0d317fd23f0),
+ U64_C (0x4a354a6a7f94204a), U64_C (0xda4fda9e95a944da),
+ U64_C (0x587d58fa25b0a258), U64_C (0xc903c906ca8fcfc9),
+ U64_C (0x29a429558d527c29), U64_C (0x0a280a5022145a0a),
+ U64_C (0xb1feb1e14f7f50b1), U64_C (0xa0baa0691a5dc9a0),
+ U64_C (0x6bb16b7fdad6146b), U64_C (0x852e855cab17d985),
+ U64_C (0xbdcebd8173673cbd), U64_C (0x5d695dd234ba8f5d),
+ U64_C (0x1040108050209010), U64_C (0xf4f7f4f303f507f4),
+ U64_C (0xcb0bcb16c08bddcb), U64_C (0x3ef83eedc67cd33e),
+ U64_C (0x05140528110a2d05), U64_C (0x6781671fe6ce7867),
+ U64_C (0xe4b7e47353d597e4), U64_C (0x279c2725bb4e0227),
+ U64_C (0x4119413258827341), U64_C (0x8b168b2c9d0ba78b),
+ U64_C (0xa7a6a7510153f6a7), U64_C (0x7de97dcf94fab27d),
+ U64_C (0x956e95dcfb374995), U64_C (0xd847d88e9fad56d8),
+ U64_C (0xfbcbfb8b30eb70fb), U64_C (0xee9fee2371c1cdee),
+ U64_C (0x7ced7cc791f8bb7c), U64_C (0x66856617e3cc7166),
+ U64_C (0xdd53dda68ea77bdd), U64_C (0x175c17b84b2eaf17),
+ U64_C (0x47014702468e4547), U64_C (0x9e429e84dc211a9e),
+ U64_C (0xca0fca1ec589d4ca), U64_C (0x2db42d75995a582d),
+ U64_C (0xbfc6bf9179632ebf), U64_C (0x071c07381b0e3f07),
+ U64_C (0xad8ead012347acad), U64_C (0x5a755aea2fb4b05a),
+ U64_C (0x8336836cb51bef83), U64_C (0x33cc3385ff66b633),
+ U64_C (0x6391633ff2c65c63), U64_C (0x020802100a041202),
+ U64_C (0xaa92aa39384993aa), U64_C (0x71d971afa8e2de71),
+ U64_C (0xc807c80ecf8dc6c8), U64_C (0x196419c87d32d119),
+ U64_C (0x4939497270923b49), U64_C (0xd943d9869aaf5fd9),
+ U64_C (0xf2eff2c31df931f2), U64_C (0xe3abe34b48dba8e3),
+ U64_C (0x5b715be22ab6b95b), U64_C (0x881a8834920dbc88),
+ U64_C (0x9a529aa4c8293e9a), U64_C (0x2698262dbe4c0b26),
+ U64_C (0x32c8328dfa64bf32), U64_C (0xb0fab0e94a7d59b0),
+ U64_C (0xe983e91b6acff2e9), U64_C (0x0f3c0f78331e770f),
+ U64_C (0xd573d5e6a6b733d5), U64_C (0x803a8074ba1df480),
+ U64_C (0xbec2be997c6127be), U64_C (0xcd13cd26de87ebcd),
+ U64_C (0x34d034bde4688934), U64_C (0x483d487a75903248),
+ U64_C (0xffdbffab24e354ff), U64_C (0x7af57af78ff48d7a),
+ U64_C (0x907a90f4ea3d6490), U64_C (0x5f615fc23ebe9d5f),
+ U64_C (0x2080201da0403d20), U64_C (0x68bd6867d5d00f68),
+ U64_C (0x1a681ad07234ca1a), U64_C (0xae82ae192c41b7ae),
+ U64_C (0xb4eab4c95e757db4), U64_C (0x544d549a19a8ce54),
+ U64_C (0x937693ece53b7f93), U64_C (0x2288220daa442f22),
+ U64_C (0x648d6407e9c86364), U64_C (0xf1e3f1db12ff2af1),
+ U64_C (0x73d173bfa2e6cc73), U64_C (0x124812905a248212),
+ U64_C (0x401d403a5d807a40), U64_C (0x0820084028104808),
+ U64_C (0xc32bc356e89b95c3), U64_C (0xec97ec337bc5dfec),
+ U64_C (0xdb4bdb9690ab4ddb), U64_C (0xa1bea1611f5fc0a1),
+ U64_C (0x8d0e8d1c8307918d), U64_C (0x3df43df5c97ac83d),
+ U64_C (0x976697ccf1335b97), U64_C (0x0000000000000000),
+ U64_C (0xcf1bcf36d483f9cf), U64_C (0x2bac2b4587566e2b),
+ U64_C (0x76c57697b3ece176), U64_C (0x82328264b019e682),
+ U64_C (0xd67fd6fea9b128d6), U64_C (0x1b6c1bd87736c31b),
+ U64_C (0xb5eeb5c15b7774b5), U64_C (0xaf86af112943beaf),
+ U64_C (0x6ab56a77dfd41d6a), U64_C (0x505d50ba0da0ea50),
+ U64_C (0x450945124c8a5745), U64_C (0xf3ebf3cb18fb38f3),
+ U64_C (0x30c0309df060ad30), U64_C (0xef9bef2b74c3c4ef),
+ U64_C (0x3ffc3fe5c37eda3f), U64_C (0x554955921caac755),
+ U64_C (0xa2b2a2791059dba2), U64_C (0xea8fea0365c9e9ea),
+ U64_C (0x6589650fecca6a65), U64_C (0xbad2bab9686903ba),
+ U64_C (0x2fbc2f65935e4a2f), U64_C (0xc027c04ee79d8ec0),
+ U64_C (0xde5fdebe81a160de), U64_C (0x1c701ce06c38fc1c),
+ U64_C (0xfdd3fdbb2ee746fd), U64_C (0x4d294d52649a1f4d),
+ U64_C (0x927292e4e0397692), U64_C (0x75c9758fbceafa75),
+ U64_C (0x061806301e0c3606), U64_C (0x8a128a249809ae8a),
+ U64_C (0xb2f2b2f940794bb2), U64_C (0xe6bfe66359d185e6),
+ U64_C (0x0e380e70361c7e0e), U64_C (0x1f7c1ff8633ee71f),
+ U64_C (0x62956237f7c45562), U64_C (0xd477d4eea3b53ad4),
+ U64_C (0xa89aa829324d81a8), U64_C (0x966296c4f4315296),
+ U64_C (0xf9c3f99b3aef62f9), U64_C (0xc533c566f697a3c5),
+ U64_C (0x25942535b14a1025), U64_C (0x597959f220b2ab59),
+ U64_C (0x842a8454ae15d084), U64_C (0x72d572b7a7e4c572),
+ U64_C (0x39e439d5dd72ec39), U64_C (0x4c2d4c5a6198164c),
+ U64_C (0x5e655eca3bbc945e), U64_C (0x78fd78e785f09f78),
+ U64_C (0x38e038ddd870e538), U64_C (0x8c0a8c148605988c),
+ U64_C (0xd163d1c6b2bf17d1), U64_C (0xa5aea5410b57e4a5),
+ U64_C (0xe2afe2434dd9a1e2), U64_C (0x6199612ff8c24e61),
+ U64_C (0xb3f6b3f1457b42b3), U64_C (0x21842115a5423421),
+ U64_C (0x9c4a9c94d625089c), U64_C (0x1e781ef0663cee1e),
+ U64_C (0x4311432252866143), U64_C (0xc73bc776fc93b1c7),
+ U64_C (0xfcd7fcb32be54ffc), U64_C (0x0410042014082404),
+ U64_C (0x515951b208a2e351), U64_C (0x995e99bcc72f2599),
+ U64_C (0x6da96d4fc4da226d), U64_C (0x0d340d68391a650d),
+ U64_C (0xfacffa8335e979fa), U64_C (0xdf5bdfb684a369df),
+ U64_C (0x7ee57ed79bfca97e), U64_C (0x2490243db4481924),
+ U64_C (0x3bec3bc5d776fe3b), U64_C (0xab96ab313d4b9aab),
+ U64_C (0xce1fce3ed181f0ce), U64_C (0x1144118855229911),
+ U64_C (0x8f068f0c8903838f), U64_C (0x4e254e4a6b9c044e),
+ U64_C (0xb7e6b7d1517366b7), U64_C (0xeb8beb0b60cbe0eb),
+ U64_C (0x3cf03cfdcc78c13c), U64_C (0x813e817cbf1ffd81),
+ U64_C (0x946a94d4fe354094), U64_C (0xf7fbf7eb0cf31cf7),
+ U64_C (0xb9deb9a1676f18b9), U64_C (0x134c13985f268b13),
+ U64_C (0x2cb02c7d9c58512c), U64_C (0xd36bd3d6b8bb05d3),
+ U64_C (0xe7bbe76b5cd38ce7), U64_C (0x6ea56e57cbdc396e),
+ U64_C (0xc437c46ef395aac4), U64_C (0x030c03180f061b03),
+ U64_C (0x5645568a13acdc56), U64_C (0x440d441a49885e44),
+ U64_C (0x7fe17fdf9efea07f), U64_C (0xa99ea921374f88a9),
+ U64_C (0x2aa82a4d8254672a), U64_C (0xbbd6bbb16d6b0abb),
+ U64_C (0xc123c146e29f87c1), U64_C (0x535153a202a6f153),
+ U64_C (0xdc57dcae8ba572dc), U64_C (0x0b2c0b582716530b),
+ U64_C (0x9d4e9d9cd327019d), U64_C (0x6cad6c47c1d82b6c),
+ U64_C (0x31c43195f562a431), U64_C (0x74cd7487b9e8f374),
+ U64_C (0xf6fff6e309f115f6), U64_C (0x4605460a438c4c46),
+ U64_C (0xac8aac092645a5ac), U64_C (0x891e893c970fb589),
+ U64_C (0x145014a04428b414), U64_C (0xe1a3e15b42dfbae1),
+ U64_C (0x165816b04e2ca616), U64_C (0x3ae83acdd274f73a),
+ U64_C (0x69b9696fd0d20669), U64_C (0x092409482d124109),
+ U64_C (0x70dd70a7ade0d770), U64_C (0xb6e2b6d954716fb6),
+ U64_C (0xd067d0ceb7bd1ed0), U64_C (0xed93ed3b7ec7d6ed),
+ U64_C (0xcc17cc2edb85e2cc), U64_C (0x4215422a57846842),
+ U64_C (0x985a98b4c22d2c98), U64_C (0xa4aaa4490e55eda4),
+ U64_C (0x28a0285d88507528), U64_C (0x5c6d5cda31b8865c),
+ U64_C (0xf8c7f8933fed6bf8), U64_C (0x86228644a411c286),
+ };
+
+
+
+static void
+whirlpool_init (void *ctx)
+{
+ whirlpool_context_t *context = ctx;
+
+ memset (context, 0, sizeof (*context));
+}
+
+
+/*
+ * Transform block.
+ */
+static void
+whirlpool_transform (whirlpool_context_t *context, const unsigned char *data)
+{
+ whirlpool_block_t data_block;
+ whirlpool_block_t key;
+ whirlpool_block_t state;
+ whirlpool_block_t block;
+ unsigned int r;
+ unsigned int i;
+
+ buffer_to_block (data, data_block, i);
+ block_copy (key, context->hash_state, i);
+ block_copy (state, context->hash_state, i);
+ block_xor (state, data_block, i);
+
+ for (r = 0; r < R; r++)
+ {
+ /* Compute round key K^r. */
+
+ block[0] = (C0[(key[0] >> 56) & 0xFF] ^ C1[(key[7] >> 48) & 0xFF] ^
+ C2[(key[6] >> 40) & 0xFF] ^ C3[(key[5] >> 32) & 0xFF] ^
+ C4[(key[4] >> 24) & 0xFF] ^ C5[(key[3] >> 16) & 0xFF] ^
+ C6[(key[2] >> 8) & 0xFF] ^ C7[(key[1] >> 0) & 0xFF] ^ rc[r]);
+ block[1] = (C0[(key[1] >> 56) & 0xFF] ^ C1[(key[0] >> 48) & 0xFF] ^
+ C2[(key[7] >> 40) & 0xFF] ^ C3[(key[6] >> 32) & 0xFF] ^
+ C4[(key[5] >> 24) & 0xFF] ^ C5[(key[4] >> 16) & 0xFF] ^
+ C6[(key[3] >> 8) & 0xFF] ^ C7[(key[2] >> 0) & 0xFF]);
+ block[2] = (C0[(key[2] >> 56) & 0xFF] ^ C1[(key[1] >> 48) & 0xFF] ^
+ C2[(key[0] >> 40) & 0xFF] ^ C3[(key[7] >> 32) & 0xFF] ^
+ C4[(key[6] >> 24) & 0xFF] ^ C5[(key[5] >> 16) & 0xFF] ^
+ C6[(key[4] >> 8) & 0xFF] ^ C7[(key[3] >> 0) & 0xFF]);
+ block[3] = (C0[(key[3] >> 56) & 0xFF] ^ C1[(key[2] >> 48) & 0xFF] ^
+ C2[(key[1] >> 40) & 0xFF] ^ C3[(key[0] >> 32) & 0xFF] ^
+ C4[(key[7] >> 24) & 0xFF] ^ C5[(key[6] >> 16) & 0xFF] ^
+ C6[(key[5] >> 8) & 0xFF] ^ C7[(key[4] >> 0) & 0xFF]);
+ block[4] = (C0[(key[4] >> 56) & 0xFF] ^ C1[(key[3] >> 48) & 0xFF] ^
+ C2[(key[2] >> 40) & 0xFF] ^ C3[(key[1] >> 32) & 0xFF] ^
+ C4[(key[0] >> 24) & 0xFF] ^ C5[(key[7] >> 16) & 0xFF] ^
+ C6[(key[6] >> 8) & 0xFF] ^ C7[(key[5] >> 0) & 0xFF]);
+ block[5] = (C0[(key[5] >> 56) & 0xFF] ^ C1[(key[4] >> 48) & 0xFF] ^
+ C2[(key[3] >> 40) & 0xFF] ^ C3[(key[2] >> 32) & 0xFF] ^
+ C4[(key[1] >> 24) & 0xFF] ^ C5[(key[0] >> 16) & 0xFF] ^
+ C6[(key[7] >> 8) & 0xFF] ^ C7[(key[6] >> 0) & 0xFF]);
+ block[6] = (C0[(key[6] >> 56) & 0xFF] ^ C1[(key[5] >> 48) & 0xFF] ^
+ C2[(key[4] >> 40) & 0xFF] ^ C3[(key[3] >> 32) & 0xFF] ^
+ C4[(key[2] >> 24) & 0xFF] ^ C5[(key[1] >> 16) & 0xFF] ^
+ C6[(key[0] >> 8) & 0xFF] ^ C7[(key[7] >> 0) & 0xFF]);
+ block[7] = (C0[(key[7] >> 56) & 0xFF] ^ C1[(key[6] >> 48) & 0xFF] ^
+ C2[(key[5] >> 40) & 0xFF] ^ C3[(key[4] >> 32) & 0xFF] ^
+ C4[(key[3] >> 24) & 0xFF] ^ C5[(key[2] >> 16) & 0xFF] ^
+ C6[(key[1] >> 8) & 0xFF] ^ C7[(key[0] >> 0) & 0xFF]);
+ block_copy (key, block, i);
+
+ /* Apply r-th round transformation. */
+
+ block[0] = (C0[(state[0] >> 56) & 0xFF] ^ C1[(state[7] >> 48) & 0xFF] ^
+ C2[(state[6] >> 40) & 0xFF] ^ C3[(state[5] >> 32) & 0xFF] ^
+ C4[(state[4] >> 24) & 0xFF] ^ C5[(state[3] >> 16) & 0xFF] ^
+ C6[(state[2] >> 8) & 0xFF] ^ C7[(state[1] >> 0) & 0xFF] ^ key[0]);
+ block[1] = (C0[(state[1] >> 56) & 0xFF] ^ C1[(state[0] >> 48) & 0xFF] ^
+ C2[(state[7] >> 40) & 0xFF] ^ C3[(state[6] >> 32) & 0xFF] ^
+ C4[(state[5] >> 24) & 0xFF] ^ C5[(state[4] >> 16) & 0xFF] ^
+ C6[(state[3] >> 8) & 0xFF] ^ C7[(state[2] >> 0) & 0xFF] ^ key[1]);
+ block[2] = (C0[(state[2] >> 56) & 0xFF] ^ C1[(state[1] >> 48) & 0xFF] ^
+ C2[(state[0] >> 40) & 0xFF] ^ C3[(state[7] >> 32) & 0xFF] ^
+ C4[(state[6] >> 24) & 0xFF] ^ C5[(state[5] >> 16) & 0xFF] ^
+ C6[(state[4] >> 8) & 0xFF] ^ C7[(state[3] >> 0) & 0xFF] ^ key[2]);
+ block[3] = (C0[(state[3] >> 56) & 0xFF] ^ C1[(state[2] >> 48) & 0xFF] ^
+ C2[(state[1] >> 40) & 0xFF] ^ C3[(state[0] >> 32) & 0xFF] ^
+ C4[(state[7] >> 24) & 0xFF] ^ C5[(state[6] >> 16) & 0xFF] ^
+ C6[(state[5] >> 8) & 0xFF] ^ C7[(state[4] >> 0) & 0xFF] ^ key[3]);
+ block[4] = (C0[(state[4] >> 56) & 0xFF] ^ C1[(state[3] >> 48) & 0xFF] ^
+ C2[(state[2] >> 40) & 0xFF] ^ C3[(state[1] >> 32) & 0xFF] ^
+ C4[(state[0] >> 24) & 0xFF] ^ C5[(state[7] >> 16) & 0xFF] ^
+ C6[(state[6] >> 8) & 0xFF] ^ C7[(state[5] >> 0) & 0xFF] ^ key[4]);
+ block[5] = (C0[(state[5] >> 56) & 0xFF] ^ C1[(state[4] >> 48) & 0xFF] ^
+ C2[(state[3] >> 40) & 0xFF] ^ C3[(state[2] >> 32) & 0xFF] ^
+ C4[(state[1] >> 24) & 0xFF] ^ C5[(state[0] >> 16) & 0xFF] ^
+ C6[(state[7] >> 8) & 0xFF] ^ C7[(state[6] >> 0) & 0xFF] ^ key[5]);
+ block[6] = (C0[(state[6] >> 56) & 0xFF] ^ C1[(state[5] >> 48) & 0xFF] ^
+ C2[(state[4] >> 40) & 0xFF] ^ C3[(state[3] >> 32) & 0xFF] ^
+ C4[(state[2] >> 24) & 0xFF] ^ C5[(state[1] >> 16) & 0xFF] ^
+ C6[(state[0] >> 8) & 0xFF] ^ C7[(state[7] >> 0) & 0xFF] ^ key[6]);
+ block[7] = (C0[(state[7] >> 56) & 0xFF] ^ C1[(state[6] >> 48) & 0xFF] ^
+ C2[(state[5] >> 40) & 0xFF] ^ C3[(state[4] >> 32) & 0xFF] ^
+ C4[(state[3] >> 24) & 0xFF] ^ C5[(state[2] >> 16) & 0xFF] ^
+ C6[(state[1] >> 8) & 0xFF] ^ C7[(state[0] >> 0) & 0xFF] ^ key[7]);
+ block_copy (state, block, i);
+ }
+
+ /* Compression. */
+
+ block_xor (context->hash_state, data_block, i);
+ block_xor (context->hash_state, state, i);
+}
+
+static void
+whirlpool_add (whirlpool_context_t *context,
+ const void *buffer_arg, size_t buffer_n)
+{
+ const unsigned char *buffer = buffer_arg;
+ u64 buffer_size;
+ unsigned int carry;
+ unsigned int i;
+
+ buffer_size = buffer_n;
+
+ if (context->count == BLOCK_SIZE)
+ {
+ /* Flush the buffer. */
+ whirlpool_transform (context, context->buffer);
+ /*_gcry_burn_stack (80+6*sizeof(void*));*/ /* FIXME */
+ context->count = 0;
+ }
+ if (! buffer)
+ return; /* Nothing to add. */
+
+ if (context->count)
+ {
+ while (buffer_n && (context->count < BLOCK_SIZE))
+ {
+ context->buffer[context->count++] = *buffer++;
+ buffer_n--;
+ }
+ whirlpool_add (context, NULL, 0);
+ if (!buffer_n)
+ /* Done. */
+ return;
+ }
+ /*_gcry_burn_stack (80+6*sizeof(void*));*/ /* FIXME */
+
+ while (buffer_n >= BLOCK_SIZE)
+ {
+ whirlpool_transform (context, buffer);
+ context->count = 0;
+ buffer_n -= BLOCK_SIZE;
+ buffer += BLOCK_SIZE;
+ }
+ while (buffer_n && (context->count < BLOCK_SIZE))
+ {
+ context->buffer[context->count++] = *buffer++;
+ buffer_n--;
+ }
+
+ /* Update bit counter. */
+ carry = 0;
+ buffer_size <<= 3;
+ for (i = 1; i <= 32; i++)
+ {
+ if (! (buffer_size || carry))
+ break;
+
+ carry += context->length[32 - i] + (buffer_size & 0xFF);
+ context->length[32 - i] = carry;
+ buffer_size >>= 8;
+ carry >>= 8;
+ }
+ gcry_assert (! (buffer_size || carry));
+}
+
+static void
+whirlpool_write (void *ctx, const void *buffer, size_t buffer_n)
+{
+ whirlpool_context_t *context = ctx;
+
+ whirlpool_add (context, buffer, buffer_n);
+}
+
+static void
+whirlpool_final (void *ctx)
+{
+ whirlpool_context_t *context = ctx;
+ unsigned int i;
+
+ /* Flush. */
+ whirlpool_add (context, NULL, 0);
+
+ /* Pad. */
+ context->buffer[context->count++] = 0x80;
+
+ if (context->count > 32)
+ {
+ /* An extra block is necessary. */
+ while (context->count < 64)
+ context->buffer[context->count++] = 0;
+ whirlpool_add (context, NULL, 0);
+ }
+ while (context->count < 32)
+ context->buffer[context->count++] = 0;
+
+ /* Add length of message. */
+ memcpy (context->buffer + context->count, context->length, 32);
+ context->count += 32;
+ whirlpool_add (context, NULL, 0);
+
+ block_to_buffer (context->buffer, context->hash_state, i);
+}
+
+static byte *
+whirlpool_read (void *ctx)
+{
+ whirlpool_context_t *context = ctx;
+
+ return context->buffer;
+}
+
+gcry_md_spec_t _gcry_digest_spec_whirlpool =
+ {
+ "WHIRLPOOL", NULL, 0, NULL, 64,
+ whirlpool_init, whirlpool_write, whirlpool_final, whirlpool_read,
+ sizeof (whirlpool_context_t)
+ };
diff --git a/grub-core/lib/libgcrypt_wrap/cipher_wrap.h b/grub-core/lib/libgcrypt_wrap/cipher_wrap.h
new file mode 100644
index 0000000..59febae
--- /dev/null
+++ b/grub-core/lib/libgcrypt_wrap/cipher_wrap.h
@@ -0,0 +1,92 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2009 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GRUB_GCRY_WRAP_HEADER
+#define GRUB_GCRY_WRAP_HEADER 1
+
+#include <grub/types.h>
+#include <grub/mm.h>
+#include <grub/misc.h>
+#include <grub/dl.h>
+#include <grub/crypto.h>
+
+#ifdef GRUB_CPU_WORDS_BIGENDIAN
+#define WORDS_BIGENDIAN
+#else
+#undef WORDS_BIGENDIAN
+#endif
+
+#define __GNU_LIBRARY__
+
+#define DIM ARRAY_SIZE
+
+typedef grub_uint64_t u64;
+typedef grub_uint32_t u32;
+typedef grub_uint16_t u16;
+typedef grub_uint8_t byte;
+typedef grub_size_t size_t;
+
+#define U64_C(c) (c ## ULL)
+
+#define _gcry_burn_stack grub_burn_stack
+#define log_error(fmt, args...) grub_dprintf ("crypto", fmt, ## args)
+
+
+#define PUBKEY_FLAG_NO_BLINDING (1 << 0)
+
+#define CIPHER_INFO_NO_WEAK_KEY 1
+
+#define HAVE_U64_TYPEDEF 1
+
+typedef union {
+ int a;
+ short b;
+ char c[1];
+ long d;
+#ifdef HAVE_U64_TYPEDEF
+ u64 e;
+#endif
+ float f;
+ double g;
+} PROPERLY_ALIGNED_TYPE;
+
+#define gcry_assert(x) grub_assert_real(GRUB_FILE, __LINE__, x)
+
+static inline void
+grub_assert_real (const char *file, int line, int cond)
+{
+ if (!cond)
+ grub_fatal ("Assertion failed at %s:%d\n", file, line);
+}
+
+/* Selftests are in separate modules. */
+static inline char *
+selftest (void)
+{
+ return NULL;
+}
+
+static inline int
+fips_mode (void)
+{
+ return 0;
+}
+
+#define memset grub_memset
+
+#endif
diff --git a/grub-core/lib/mips/relocator.c b/grub-core/lib/mips/relocator.c
new file mode 100644
index 0000000..537b0af
--- /dev/null
+++ b/grub-core/lib/mips/relocator.c
@@ -0,0 +1,149 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2009 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/mm.h>
+#include <grub/misc.h>
+
+#include <grub/types.h>
+#include <grub/types.h>
+#include <grub/err.h>
+#include <grub/cache.h>
+
+#include <grub/mips/relocator.h>
+#include <grub/relocator_private.h>
+
+/* Do we need mips64? */
+
+extern grub_uint8_t grub_relocator_forward_start;
+extern grub_uint8_t grub_relocator_forward_end;
+extern grub_uint8_t grub_relocator_backward_start;
+extern grub_uint8_t grub_relocator_backward_end;
+
+#define REGW_SIZEOF (2 * sizeof (grub_uint32_t))
+#define JUMP_SIZEOF (2 * sizeof (grub_uint32_t))
+
+#define RELOCATOR_SRC_SIZEOF(x) (&grub_relocator_##x##_end \
+ - &grub_relocator_##x##_start)
+#define RELOCATOR_SIZEOF(x) (RELOCATOR_SRC_SIZEOF(x) \
+ + REGW_SIZEOF * 3)
+grub_size_t grub_relocator_align = sizeof (grub_uint32_t);
+grub_size_t grub_relocator_forward_size;
+grub_size_t grub_relocator_backward_size;
+grub_size_t grub_relocator_jumper_size = JUMP_SIZEOF + REGW_SIZEOF;
+
+void
+grub_cpu_relocator_init (void)
+{
+ grub_relocator_forward_size = RELOCATOR_SIZEOF(forward);
+ grub_relocator_backward_size = RELOCATOR_SIZEOF(backward);
+}
+
+static void
+write_reg (int regn, grub_uint32_t val, void **target)
+{
+ /* lui $r, (val+0x8000). */
+ *(grub_uint32_t *) *target = ((0x3c00 | regn) << 16) | ((val + 0x8000) >> 16);
+ *target = ((grub_uint32_t *) *target) + 1;
+ /* addiu $r, $r, val. */
+ *(grub_uint32_t *) *target = (((0x2400 | regn << 5 | regn) << 16)
+ | (val & 0xffff));
+ *target = ((grub_uint32_t *) *target) + 1;
+}
+
+static void
+write_jump (int regn, void **target)
+{
+ /* j $r. */
+ *(grub_uint32_t *) *target = (regn<<21) | 0x8;
+ *target = ((grub_uint32_t *) *target) + 1;
+ /* nop. */
+ *(grub_uint32_t *) *target = 0;
+ *target = ((grub_uint32_t *) *target) + 1;
+}
+
+void
+grub_cpu_relocator_jumper (void *rels, grub_addr_t addr)
+{
+ write_reg (1, addr, &rels);
+ write_jump (1, &rels);
+}
+
+void
+grub_cpu_relocator_backward (void *ptr0, void *src, void *dest,
+ grub_size_t size)
+{
+ void *ptr = ptr0;
+ write_reg (8, (grub_uint32_t) src, &ptr);
+ write_reg (9, (grub_uint32_t) dest, &ptr);
+ write_reg (10, (grub_uint32_t) size, &ptr);
+ grub_memcpy (ptr, &grub_relocator_backward_start,
+ RELOCATOR_SRC_SIZEOF (backward));
+}
+
+void
+grub_cpu_relocator_forward (void *ptr0, void *src, void *dest,
+ grub_size_t size)
+{
+ void *ptr = ptr0;
+ write_reg (8, (grub_uint32_t) src, &ptr);
+ write_reg (9, (grub_uint32_t) dest, &ptr);
+ write_reg (10, (grub_uint32_t) size, &ptr);
+ grub_memcpy (ptr, &grub_relocator_forward_start,
+ RELOCATOR_SRC_SIZEOF (forward));
+}
+
+grub_err_t
+grub_relocator32_boot (struct grub_relocator *rel,
+ struct grub_relocator32_state state)
+{
+ grub_relocator_chunk_t ch;
+ void *ptr;
+ grub_err_t err;
+ void *relst;
+ grub_size_t relsize;
+ grub_size_t stateset_size = 31 * REGW_SIZEOF + JUMP_SIZEOF;
+ unsigned i;
+ grub_addr_t vtarget;
+
+ err = grub_relocator_alloc_chunk_align (rel, &ch, 0,
+ (0xffffffff - stateset_size)
+ + 1, stateset_size,
+ sizeof (grub_uint32_t),
+ GRUB_RELOCATOR_PREFERENCE_NONE);
+ if (err)
+ return err;
+
+ ptr = get_virtual_current_address (ch);
+ for (i = 1; i < 32; i++)
+ write_reg (i, state.gpr[i], &ptr);
+ write_jump (state.jumpreg, &ptr);
+
+ vtarget = (grub_addr_t) grub_map_memory (get_physical_target_address (ch),
+ stateset_size);
+
+ err = grub_relocator_prepare_relocs (rel, vtarget, &relst, &relsize);
+ if (err)
+ return err;
+
+ grub_arch_sync_caches ((void *) relst, relsize);
+
+ ((void (*) (void)) relst) ();
+
+ /* Not reached. */
+ return GRUB_ERR_NONE;
+}
diff --git a/grub-core/lib/mips/relocator_asm.S b/grub-core/lib/mips/relocator_asm.S
new file mode 100644
index 0000000..1d142a4
--- /dev/null
+++ b/grub-core/lib/mips/relocator_asm.S
@@ -0,0 +1,61 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2009 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/symbol.h>
+
+ .p2align 4 /* force 16-byte alignment */
+
+ .set noreorder
+ .set nomacro
+
+VARIABLE (grub_relocator_forward_start)
+ move $a0, $9
+ move $a1, $10
+
+copycont1:
+ lb $11,0($8)
+ sb $11,0($9)
+ addiu $8, $8, 1
+ addiu $10, $10, -1
+ bne $10, $0, copycont1
+ addiu $9, $9, 1
+
+#include "../../kern/mips/cache_flush.S"
+
+VARIABLE (grub_relocator_forward_end)
+
+VARIABLE (grub_relocator_backward_start)
+ move $a0, $9
+ move $a1, $10
+
+ addu $9, $9, $10
+ addu $8, $8, $10
+ /* Backward movsl is implicitly off-by-one. compensate that. */
+ addiu $9, $9, -1
+ addiu $8, $8, -1
+copycont2:
+ lb $11,0($8)
+ sb $11,0($9)
+ addiu $8, $8, -1
+ addiu $10, $10, -1
+ bne $10, $0, copycont2
+ addiu $9, $9, -1
+
+#include "../../kern/mips/cache_flush.S"
+
+VARIABLE (grub_relocator_backward_end)
diff --git a/grub-core/lib/mips/setjmp.S b/grub-core/lib/mips/setjmp.S
new file mode 100644
index 0000000..8259c9d
--- /dev/null
+++ b/grub-core/lib/mips/setjmp.S
@@ -0,0 +1,68 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2003,2007,2009 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/symbol.h>
+#include <grub/dl.h>
+
+ .file "setjmp.S"
+
+GRUB_MOD_LICENSE ("GPLv3+")
+
+ .text
+
+/*
+ * int grub_setjmp (grub_jmp_buf env)
+ */
+FUNCTION(grub_setjmp)
+ sw $s0, 0($a0)
+ sw $s1, 4($a0)
+ sw $s2, 8($a0)
+ sw $s3, 12($a0)
+ sw $s4, 16($a0)
+ sw $s5, 20($a0)
+ sw $s6, 24($a0)
+ sw $s7, 28($a0)
+ sw $s8, 32($a0)
+ sw $gp, 36($a0)
+ sw $sp, 40($a0)
+ sw $ra, 44($a0)
+ move $v0, $zero
+ move $v1, $zero
+ jr $ra
+/*
+ * int grub_longjmp (grub_jmp_buf env, int val)
+ */
+FUNCTION(grub_longjmp)
+ lw $s0, 0($a0)
+ lw $s1, 4($a0)
+ lw $s2, 8($a0)
+ lw $s3, 12($a0)
+ lw $s4, 16($a0)
+ lw $s5, 20($a0)
+ lw $s6, 24($a0)
+ lw $s7, 28($a0)
+ lw $s8, 32($a0)
+ lw $gp, 36($a0)
+ lw $sp, 40($a0)
+ lw $ra, 44($a0)
+ move $v0, $a1
+ bne $v0, $zero, 1f
+ addiu $v0, $v0, 1
+1:
+ move $v1, $zero
+ jr $ra
diff --git a/grub-core/lib/pbkdf2.c b/grub-core/lib/pbkdf2.c
new file mode 100644
index 0000000..09b8c73
--- /dev/null
+++ b/grub-core/lib/pbkdf2.c
@@ -0,0 +1,105 @@
+/* gc-pbkdf2-sha1.c --- Password-Based Key Derivation Function a'la PKCS#5
+ Copyright (C) 2002, 2003, 2004, 2005, 2006, 2009 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+/* Written by Simon Josefsson. */
+/* Imported from gnulib. */
+
+#include <grub/crypto.h>
+#include <grub/mm.h>
+#include <grub/misc.h>
+#include <grub/dl.h>
+
+GRUB_MOD_LICENSE ("GPLv2+");
+
+/* Implement PKCS#5 PBKDF2 as per RFC 2898. The PRF to use is HMAC variant
+ of digest supplied by MD. Inputs are the password P of length PLEN,
+ the salt S of length SLEN, the iteration counter C (> 0), and the
+ desired derived output length DKLEN. Output buffer is DK which
+ must have room for at least DKLEN octets. The output buffer will
+ be filled with the derived data. */
+gcry_err_code_t
+grub_crypto_pbkdf2 (const struct gcry_md_spec *md,
+ const grub_uint8_t *P, grub_size_t Plen,
+ const grub_uint8_t *S, grub_size_t Slen,
+ unsigned int c,
+ grub_uint8_t *DK, grub_size_t dkLen)
+{
+ unsigned int hLen = md->mdlen;
+ grub_uint8_t U[md->mdlen];
+ grub_uint8_t T[md->mdlen];
+ unsigned int u;
+ unsigned int l;
+ unsigned int r;
+ unsigned int i;
+ unsigned int k;
+ gcry_err_code_t rc;
+ grub_uint8_t *tmp;
+ grub_size_t tmplen = Slen + 4;
+
+ if (c == 0)
+ return GPG_ERR_INV_ARG;
+
+ if (dkLen == 0)
+ return GPG_ERR_INV_ARG;
+
+ if (dkLen > 4294967295U)
+ return GPG_ERR_INV_ARG;
+
+ l = ((dkLen - 1) / hLen) + 1;
+ r = dkLen - (l - 1) * hLen;
+
+ tmp = grub_malloc (tmplen);
+ if (tmp == NULL)
+ return GPG_ERR_OUT_OF_MEMORY;
+
+ grub_memcpy (tmp, S, Slen);
+
+ for (i = 1; i <= l; i++)
+ {
+ grub_memset (T, 0, hLen);
+
+ for (u = 1; u <= c; u++)
+ {
+ if (u == 1)
+ {
+ tmp[Slen + 0] = (i & 0xff000000) >> 24;
+ tmp[Slen + 1] = (i & 0x00ff0000) >> 16;
+ tmp[Slen + 2] = (i & 0x0000ff00) >> 8;
+ tmp[Slen + 3] = (i & 0x000000ff) >> 0;
+
+ rc = grub_crypto_hmac_buffer (md, P, Plen, tmp, tmplen, U);
+ }
+ else
+ rc = grub_crypto_hmac_buffer (md, P, Plen, U, hLen, U);
+
+ if (rc != GPG_ERR_NO_ERROR)
+ {
+ grub_free (tmp);
+ return rc;
+ }
+
+ for (k = 0; k < hLen; k++)
+ T[k] ^= U[k];
+ }
+
+ grub_memcpy (DK + (i - 1) * hLen, T, i == l ? r : hLen);
+ }
+
+ grub_free (tmp);
+
+ return GPG_ERR_NO_ERROR;
+}
diff --git a/grub-core/lib/posix_wrap/assert.h b/grub-core/lib/posix_wrap/assert.h
new file mode 100644
index 0000000..94cfdd5
--- /dev/null
+++ b/grub-core/lib/posix_wrap/assert.h
@@ -0,0 +1,33 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2009, 2010 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GRUB_POSIX_ASSERT_H
+#define GRUB_POSIX_ASSERT_H 1
+
+#include <grub/misc.h>
+
+#define assert(x) assert_real(__FILE__, __LINE__, x)
+
+static inline void
+assert_real (const char *file, int line, int cond)
+{
+ if (!cond)
+ grub_fatal ("Assertion failed at %s:%d\n", file, line);
+}
+
+#endif
diff --git a/grub-core/lib/posix_wrap/ctype.h b/grub-core/lib/posix_wrap/ctype.h
new file mode 100644
index 0000000..2dc3e53
--- /dev/null
+++ b/grub-core/lib/posix_wrap/ctype.h
@@ -0,0 +1,103 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2009, 2010 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GRUB_POSIX_CTYPE_H
+#define GRUB_POSIX_CTYPE_H 1
+
+#include <grub/misc.h>
+
+static inline int
+toupper (int c)
+{
+ return grub_toupper (c);
+}
+
+static inline int
+isspace (int c)
+{
+ return grub_isspace (c);
+}
+
+static inline int
+isdigit (int c)
+{
+ return grub_isdigit (c);
+}
+
+static inline int
+islower (int c)
+{
+ return (c >= 'a' && c <= 'z');
+}
+
+static inline int
+isupper (int c)
+{
+ return (c >= 'A' && c <= 'Z');
+}
+
+static inline int
+isxdigit (int c)
+{
+ return (c >= 'a' && c <= 'f') || (c >= 'A' && c <= 'F')
+ || (c >= '0' && c <= '9');
+}
+
+static inline int
+isprint (int c)
+{
+ return grub_isprint (c);
+}
+
+static inline int
+iscntrl (int c)
+{
+ return !grub_isprint (c);
+}
+
+static inline int
+isgraph (int c)
+{
+ return grub_isprint (c) && !grub_isspace (c);
+}
+
+static inline int
+isalnum (int c)
+{
+ return grub_isalpha (c) || grub_isdigit (c);
+}
+
+static inline int
+ispunct (int c)
+{
+ return grub_isprint (c) && !grub_isspace (c) && !isalnum (c);
+}
+
+static inline int
+isalpha (int c)
+{
+ return grub_isalpha (c);
+}
+
+static inline int
+tolower (int c)
+{
+ return grub_tolower (c);
+}
+
+#endif
diff --git a/grub-core/lib/posix_wrap/errno.h b/grub-core/lib/posix_wrap/errno.h
new file mode 100644
index 0000000..9031722
--- /dev/null
+++ b/grub-core/lib/posix_wrap/errno.h
@@ -0,0 +1,28 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2009, 2010 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GRUB_POSIX_ERRNO_H
+#define GRUB_POSIX_ERRNO_H 1
+
+#include <grub/err.h>
+
+#define errno grub_errno
+#define EINVAL GRUB_ERR_BAD_NUMBER
+#define ENOMEM GRUB_ERR_OUT_OF_MEMORY
+
+#endif
diff --git a/grub-core/lib/posix_wrap/inttypes.h b/grub-core/lib/posix_wrap/inttypes.h
new file mode 100644
index 0000000..a12c43b
--- /dev/null
+++ b/grub-core/lib/posix_wrap/inttypes.h
@@ -0,0 +1 @@
+#include <sys/types.h>
diff --git a/grub-core/lib/posix_wrap/langinfo.h b/grub-core/lib/posix_wrap/langinfo.h
new file mode 100644
index 0000000..72b5b96
--- /dev/null
+++ b/grub-core/lib/posix_wrap/langinfo.h
@@ -0,0 +1,38 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2009, 2010 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GRUB_POSIX_LANGINFO_H
+#define GRUB_POSIX_LANGINFO_H 1
+
+#include <localcharset.h>
+
+typedef enum { CODESET } nl_item;
+
+static inline char *
+nl_langinfo (nl_item item)
+{
+ switch (item)
+ {
+ case CODESET:
+ return "UTF-8";
+ default:
+ return "";
+ }
+}
+
+#endif
diff --git a/grub-core/lib/posix_wrap/limits.h b/grub-core/lib/posix_wrap/limits.h
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/grub-core/lib/posix_wrap/limits.h
diff --git a/grub-core/lib/posix_wrap/localcharset.h b/grub-core/lib/posix_wrap/localcharset.h
new file mode 100644
index 0000000..502d860
--- /dev/null
+++ b/grub-core/lib/posix_wrap/localcharset.h
@@ -0,0 +1,28 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2009, 2010 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GRUB_POSIX_LOCALCHARSET_H
+#define GRUB_POSIX_LOCALCHARSET_H 1
+
+static inline const char *
+locale_charset (void)
+{
+ return "UTF-8";
+}
+
+#endif
diff --git a/grub-core/lib/posix_wrap/locale.h b/grub-core/lib/posix_wrap/locale.h
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/grub-core/lib/posix_wrap/locale.h
diff --git a/grub-core/lib/posix_wrap/stdint.h b/grub-core/lib/posix_wrap/stdint.h
new file mode 100644
index 0000000..a12c43b
--- /dev/null
+++ b/grub-core/lib/posix_wrap/stdint.h
@@ -0,0 +1 @@
+#include <sys/types.h>
diff --git a/grub-core/lib/posix_wrap/stdio.h b/grub-core/lib/posix_wrap/stdio.h
new file mode 100644
index 0000000..701fcea
--- /dev/null
+++ b/grub-core/lib/posix_wrap/stdio.h
@@ -0,0 +1,29 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2009, 2010 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GRUB_POSIX_STDIO_H
+#define GRUB_POSIX_STDIO_H 1
+
+#include <grub/misc.h>
+#include <grub/file.h>
+
+typedef struct grub_file FILE;
+
+#define EOF -1
+
+#endif
diff --git a/grub-core/lib/posix_wrap/stdlib.h b/grub-core/lib/posix_wrap/stdlib.h
new file mode 100644
index 0000000..4c725f6
--- /dev/null
+++ b/grub-core/lib/posix_wrap/stdlib.h
@@ -0,0 +1,57 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2009, 2010 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GRUB_POSIX_STDLIB_H
+#define GRUB_POSIX_STDLIB_H 1
+
+#include <grub/mm.h>
+#include <grub/misc.h>
+
+static inline void
+free (void *ptr)
+{
+ grub_free (ptr);
+}
+
+static inline void *
+malloc (grub_size_t size)
+{
+ return grub_malloc (size);
+}
+
+static inline void *
+calloc (grub_size_t size, grub_size_t nelem)
+{
+ return grub_zalloc (size * nelem);
+}
+
+static inline void *
+realloc (void *ptr, grub_size_t size)
+{
+ return grub_realloc (ptr, size);
+}
+
+static inline void
+abort (void)
+{
+ grub_abort ();
+}
+
+#define MB_CUR_MAX 6
+
+#endif
diff --git a/grub-core/lib/posix_wrap/string.h b/grub-core/lib/posix_wrap/string.h
new file mode 100644
index 0000000..4224836
--- /dev/null
+++ b/grub-core/lib/posix_wrap/string.h
@@ -0,0 +1,42 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2009, 2010 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GRUB_POSIX_STRING_H
+#define GRUB_POSIX_STRING_H 1
+
+#include <grub/misc.h>
+
+static inline grub_size_t
+strlen (const char *s)
+{
+ return grub_strlen (s);
+}
+
+static inline int
+strcmp (const char *s1, const char *s2)
+{
+ return grub_strcmp (s1, s2);
+}
+
+static inline int
+strcasecmp (const char *s1, const char *s2)
+{
+ return grub_strcasecmp (s1, s2);
+}
+
+#endif
diff --git a/grub-core/lib/posix_wrap/sys/types.h b/grub-core/lib/posix_wrap/sys/types.h
new file mode 100644
index 0000000..69e4950
--- /dev/null
+++ b/grub-core/lib/posix_wrap/sys/types.h
@@ -0,0 +1,46 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2009, 2010 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GRUB_POSIX_SYS_TYPES_H
+#define GRUB_POSIX_SYS_TYPES_H 1
+
+#include <grub/misc.h>
+
+typedef grub_size_t size_t;
+typedef enum { false = 0, true = 1 } bool;
+
+#define ULONG_MAX GRUB_ULONG_MAX
+#define UCHAR_MAX 0xff
+
+typedef grub_uint8_t uint8_t;
+typedef grub_uint16_t uint16_t;
+typedef grub_uint32_t uint32_t;
+typedef grub_uint64_t uint64_t;
+
+typedef grub_int8_t int8_t;
+typedef grub_int16_t int16_t;
+typedef grub_int32_t int32_t;
+typedef grub_int64_t int64_t;
+
+#ifdef GRUB_CPU_WORDS_BIGENDIAN
+#define WORDS_BIGENDIAN
+#else
+#undef WORDS_BIGENDIAN
+#endif
+
+#endif
diff --git a/grub-core/lib/posix_wrap/unistd.h b/grub-core/lib/posix_wrap/unistd.h
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/grub-core/lib/posix_wrap/unistd.h
diff --git a/grub-core/lib/posix_wrap/wchar.h b/grub-core/lib/posix_wrap/wchar.h
new file mode 100644
index 0000000..fd56fd3
--- /dev/null
+++ b/grub-core/lib/posix_wrap/wchar.h
@@ -0,0 +1,25 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2009, 2010 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef GRUB_POSIX_WCHAR_H
+#define GRUB_POSIX_WCHAR_H 1
+
+/* UCS-4. */
+typedef grub_uint32_t wchar_t;
+
+#endif
diff --git a/grub-core/lib/posix_wrap/wctype.h b/grub-core/lib/posix_wrap/wctype.h
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/grub-core/lib/posix_wrap/wctype.h
diff --git a/grub-core/lib/powerpc/relocator.c b/grub-core/lib/powerpc/relocator.c
new file mode 100644
index 0000000..85dfbea
--- /dev/null
+++ b/grub-core/lib/powerpc/relocator.c
@@ -0,0 +1,142 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2009,2010 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/mm.h>
+#include <grub/misc.h>
+
+#include <grub/types.h>
+#include <grub/types.h>
+#include <grub/err.h>
+#include <grub/cache.h>
+
+#include <grub/powerpc/relocator.h>
+#include <grub/relocator_private.h>
+
+extern grub_uint8_t grub_relocator_forward_start;
+extern grub_uint8_t grub_relocator_forward_end;
+extern grub_uint8_t grub_relocator_backward_start;
+extern grub_uint8_t grub_relocator_backward_end;
+
+#define REGW_SIZEOF (2 * sizeof (grub_uint32_t))
+#define JUMP_SIZEOF (sizeof (grub_uint32_t))
+
+#define RELOCATOR_SRC_SIZEOF(x) (&grub_relocator_##x##_end \
+ - &grub_relocator_##x##_start)
+#define RELOCATOR_SIZEOF(x) (RELOCATOR_SRC_SIZEOF(x) \
+ + REGW_SIZEOF * 3)
+grub_size_t grub_relocator_align = sizeof (grub_uint32_t);
+grub_size_t grub_relocator_forward_size;
+grub_size_t grub_relocator_backward_size;
+grub_size_t grub_relocator_jumper_size = JUMP_SIZEOF + REGW_SIZEOF;
+
+void
+grub_cpu_relocator_init (void)
+{
+ grub_relocator_forward_size = RELOCATOR_SIZEOF(forward);
+ grub_relocator_backward_size = RELOCATOR_SIZEOF(backward);
+}
+
+static void
+write_reg (int regn, grub_uint32_t val, void **target)
+{
+ /* lis r, val >> 16 */
+ *(grub_uint32_t *) *target =
+ ((0x3c00 | (regn << 5)) << 16) | (val >> 16);
+ *target = ((grub_uint32_t *) *target) + 1;
+ /* ori r, r, val & 0xffff. */
+ *(grub_uint32_t *) *target = (((0x6000 | regn << 5 | regn) << 16)
+ | (val & 0xffff));
+ *target = ((grub_uint32_t *) *target) + 1;
+}
+
+static void
+write_jump (void **target)
+{
+ /* blr. */
+ *(grub_uint32_t *) *target = 0x4e800020;
+ *target = ((grub_uint32_t *) *target) + 1;
+}
+
+void
+grub_cpu_relocator_jumper (void *rels, grub_addr_t addr)
+{
+ write_reg (GRUB_PPC_JUMP_REGISTER, addr, &rels);
+ write_jump (&rels);
+}
+
+void
+grub_cpu_relocator_backward (void *ptr0, void *src, void *dest,
+ grub_size_t size)
+{
+ void *ptr = ptr0;
+ write_reg (8, (grub_uint32_t) src, &ptr);
+ write_reg (9, (grub_uint32_t) dest, &ptr);
+ write_reg (10, (grub_uint32_t) size, &ptr);
+ grub_memcpy (ptr, &grub_relocator_backward_start,
+ RELOCATOR_SRC_SIZEOF (backward));
+}
+
+void
+grub_cpu_relocator_forward (void *ptr0, void *src, void *dest,
+ grub_size_t size)
+{
+ void *ptr = ptr0;
+ write_reg (8, (grub_uint32_t) src, &ptr);
+ write_reg (9, (grub_uint32_t) dest, &ptr);
+ write_reg (10, (grub_uint32_t) size, &ptr);
+ grub_memcpy (ptr, &grub_relocator_forward_start,
+ RELOCATOR_SRC_SIZEOF (forward));
+}
+
+grub_err_t
+grub_relocator32_boot (struct grub_relocator *rel,
+ struct grub_relocator32_state state)
+{
+ void *ptr;
+ grub_err_t err;
+ void *relst;
+ grub_size_t relsize;
+ grub_size_t stateset_size = 32 * REGW_SIZEOF + JUMP_SIZEOF;
+ unsigned i;
+ grub_relocator_chunk_t ch;
+
+ err = grub_relocator_alloc_chunk_align (rel, &ch, 0,
+ (0xffffffff - stateset_size)
+ + 1, stateset_size,
+ sizeof (grub_uint32_t),
+ GRUB_RELOCATOR_PREFERENCE_NONE);
+ if (err)
+ return err;
+
+ ptr = get_virtual_current_address (ch);
+ for (i = 0; i < 32; i++)
+ write_reg (i, state.gpr[i], &ptr);
+ write_jump (&ptr);
+
+ err = grub_relocator_prepare_relocs (rel, get_physical_target_address (ch),
+ &relst, &relsize);
+ if (err)
+ return err;
+
+ grub_arch_sync_caches ((void *) relst, relsize);
+
+ ((void (*) (void)) relst) ();
+
+ /* Not reached. */
+ return GRUB_ERR_NONE;
+}
diff --git a/grub-core/lib/powerpc/relocator_asm.S b/grub-core/lib/powerpc/relocator_asm.S
new file mode 100644
index 0000000..355e9c8
--- /dev/null
+++ b/grub-core/lib/powerpc/relocator_asm.S
@@ -0,0 +1,60 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2009,2010 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/symbol.h>
+
+ .p2align 4 /* force 16-byte alignment */
+
+VARIABLE (grub_relocator_forward_start)
+ mr 3, 9
+ mr 4, 10
+
+copycont1:
+ lbz 11,0(8)
+ stb 11,0(9)
+ addi 8, 8, 0x1
+ addi 9, 9, 0x1
+ addi 10, 10, -1
+ cmpwi 10, 0
+ bne copycont1
+
+#include "../../kern/powerpc/cache_flush.S"
+
+VARIABLE (grub_relocator_forward_end)
+
+VARIABLE (grub_relocator_backward_start)
+ mr 3, 9
+ mr 4, 10
+
+ add 9, 9, 10
+ add 8, 8, 10
+ /* Backward movsl is implicitly off-by-one. compensate that. */
+ addi 9, 9, -1
+ addi 8, 8, -1
+copycont2:
+ lbz 11,0(8)
+ stb 11,0(9)
+ addi 8, 8, -1
+ addi 9, 9, -1
+ addi 10, 10, -1
+ cmpwi 10, 0
+ bne copycont2
+
+#include "../../kern/powerpc/cache_flush.S"
+
+VARIABLE (grub_relocator_backward_end)
diff --git a/grub-core/lib/powerpc/setjmp.S b/grub-core/lib/powerpc/setjmp.S
new file mode 100644
index 0000000..8c7540e
--- /dev/null
+++ b/grub-core/lib/powerpc/setjmp.S
@@ -0,0 +1,87 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2004,2007 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/symbol.h>
+#include <grub/dl.h>
+
+ .file "setjmp.S"
+
+GRUB_MOD_LICENSE ("GPLv3+")
+
+ .text
+
+/*
+ * int grub_setjmp (grub_jmp_buf env)
+ */
+FUNCTION(grub_setjmp)
+ stw 1, 0(3)
+ stw 14, 4(3)
+ stw 15, 8(3)
+ stw 16, 12(3)
+ stw 17, 16(3)
+ stw 18, 20(3)
+ stw 19, 24(3)
+ stw 20, 28(3)
+ stw 21, 32(3)
+ stw 22, 36(3)
+ stw 23, 40(3)
+ stw 24, 44(3)
+ stw 25, 48(3)
+ stw 26, 52(3)
+ stw 27, 56(3)
+ stw 28, 60(3)
+ stw 29, 64(3)
+ stw 30, 68(3)
+ mflr 4
+ stw 4, 72(3)
+ mfcr 4
+ stw 4, 76(3)
+ li 3, 0
+ blr
+
+/*
+ * int grub_longjmp (grub_jmp_buf env, int val)
+ */
+FUNCTION(grub_longjmp)
+ lwz 1, 0(3)
+ lwz 14, 4(3)
+ lwz 15, 8(3)
+ lwz 16, 12(3)
+ lwz 17, 16(3)
+ lwz 18, 20(3)
+ lwz 19, 24(3)
+ lwz 20, 28(3)
+ lwz 21, 32(3)
+ lwz 22, 36(3)
+ lwz 23, 40(3)
+ lwz 24, 44(3)
+ lwz 25, 48(3)
+ lwz 26, 52(3)
+ lwz 27, 56(3)
+ lwz 28, 60(3)
+ lwz 29, 64(3)
+ lwz 30, 68(3)
+ lwz 5, 72(3)
+ mtlr 5
+ lwz 5, 76(3)
+ mtcr 5
+ mr. 3, 4
+ bne 1f
+ li 3, 1
+1: blr
+
diff --git a/grub-core/lib/reed_solomon.c b/grub-core/lib/reed_solomon.c
new file mode 100644
index 0000000..e500ba3
--- /dev/null
+++ b/grub-core/lib/reed_solomon.c
@@ -0,0 +1,527 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2010 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifdef TEST
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#define xmalloc malloc
+#define grub_memset memset
+#define grub_memcpy memcpy
+#endif
+
+#ifndef STANDALONE
+#ifdef TEST
+typedef unsigned int grub_size_t;
+typedef unsigned char grub_uint8_t;
+typedef unsigned short grub_uint16_t;
+#else
+#include <grub/types.h>
+#include <grub/reed_solomon.h>
+#include <grub/util/misc.h>
+#include <grub/misc.h>
+#endif
+#endif
+
+#ifdef STANDALONE
+#ifdef TEST
+typedef unsigned int grub_size_t;
+typedef unsigned char grub_uint8_t;
+typedef unsigned short grub_uint16_t;
+#else
+#include <grub/types.h>
+#include <grub/misc.h>
+#endif
+void
+grub_reed_solomon_recover (void *ptr_, grub_size_t s, grub_size_t rs);
+#endif
+
+#define GF_SIZE 8
+typedef grub_uint8_t gf_single_t;
+typedef grub_uint16_t gf_double_t;
+#define GF_POLYNOMIAL 0x1d
+#define GF_INVERT2 0x8e
+#if defined (STANDALONE) && !defined (TEST)
+static char *gf_invert __attribute__ ((section(".text"))) = (void *) 0x100000;
+static char *scratch __attribute__ ((section(".text"))) = (void *) 0x100100;
+#else
+#if defined (STANDALONE)
+static char *scratch;
+#endif
+static grub_uint8_t gf_invert[256];
+#endif
+
+#define SECTOR_SIZE 512
+#define MAX_BLOCK_SIZE (200 * SECTOR_SIZE)
+
+static gf_single_t
+gf_reduce (gf_double_t a)
+{
+ int i;
+ for (i = GF_SIZE - 1; i >= 0; i--)
+ if (a & (1ULL << (i + GF_SIZE)))
+ a ^= (((gf_double_t) GF_POLYNOMIAL) << i);
+ return a & ((1ULL << GF_SIZE) - 1);
+}
+
+static gf_single_t
+gf_mul (gf_single_t a, gf_single_t b)
+{
+ gf_double_t res = 0;
+ int i;
+ for (i = 0; i < GF_SIZE; i++)
+ if (b & (1 << i))
+ res ^= ((gf_double_t) a) << i;
+ return gf_reduce (res);
+}
+
+static void
+init_inverts (void)
+{
+ gf_single_t a = 1, ai = 1;
+ do
+ {
+ a = gf_mul (a, 2);
+ ai = gf_mul (ai, GF_INVERT2);
+ gf_invert[a] = ai;
+ }
+ while (a != 1);
+}
+
+static gf_single_t
+pol_evaluate (gf_single_t *pol, grub_size_t degree, gf_single_t x)
+{
+ int i;
+ gf_single_t xn = 1, s = 0;
+ for (i = degree; i >= 0; i--)
+ {
+ s ^= gf_mul (pol[i], xn);
+ xn = gf_mul (x, xn);
+ }
+ return s;
+}
+
+#if !defined (STANDALONE)
+static void
+rs_encode (gf_single_t *data, grub_size_t s, grub_size_t rs)
+{
+ gf_single_t *rs_polynomial, a = 1;
+ int i, j;
+ gf_single_t *m;
+ m = xmalloc ((s + rs) * sizeof (gf_single_t));
+ grub_memcpy (m, data, s * sizeof (gf_single_t));
+ grub_memset (m + s, 0, rs * sizeof (gf_single_t));
+ rs_polynomial = xmalloc ((rs + 1) * sizeof (gf_single_t));
+ grub_memset (rs_polynomial, 0, (rs + 1) * sizeof (gf_single_t));
+ rs_polynomial[rs] = 1;
+ /* Multiply with X - a^r */
+ for (j = 0; j < rs; j++)
+ {
+ if (a & (1 << (GF_SIZE - 1)))
+ {
+ a <<= 1;
+ a ^= GF_POLYNOMIAL;
+ }
+ else
+ a <<= 1;
+ for (i = 0; i < rs; i++)
+ rs_polynomial[i] = rs_polynomial[i + 1] ^ gf_mul (a, rs_polynomial[i]);
+ rs_polynomial[rs] = gf_mul (a, rs_polynomial[rs]);
+ }
+ for (j = 0; j < s; j++)
+ if (m[j])
+ {
+ gf_single_t f = m[j];
+ for (i = 0; i <= rs; i++)
+ m[i+j] ^= gf_mul (rs_polynomial[i], f);
+ }
+ free (rs_polynomial);
+ grub_memcpy (data + s, m + s, rs * sizeof (gf_single_t));
+ free (m);
+}
+#endif
+
+static void
+syndroms (gf_single_t *m, grub_size_t s, grub_size_t rs,
+ gf_single_t *sy)
+{
+ gf_single_t xn = 1;
+ unsigned i;
+ for (i = 0; i < rs; i++)
+ {
+ if (xn & (1 << (GF_SIZE - 1)))
+ {
+ xn <<= 1;
+ xn ^= GF_POLYNOMIAL;
+ }
+ else
+ xn <<= 1;
+ sy[i] = pol_evaluate (m, s + rs - 1, xn);
+ }
+}
+
+static void
+gauss_eliminate (gf_single_t *eq, int n, int m, int *chosen)
+{
+ int i, j;
+
+ for (i = 0 ; i < n; i++)
+ {
+ int nzidx;
+ int k;
+ gf_single_t r;
+ for (nzidx = 0; nzidx < m && (eq[i * (m + 1) + nzidx] == 0);
+ nzidx++);
+ if (nzidx == m)
+ continue;
+ chosen[i] = nzidx;
+ r = gf_invert [eq[i * (m + 1) + nzidx]];
+ for (j = 0; j < m + 1; j++)
+ eq[i * (m + 1) + j] = gf_mul (eq[i * (m + 1) + j], r);
+ for (j = i + 1; j < n; j++)
+ {
+ gf_single_t rr = eq[j * (m + 1) + nzidx];
+ for (k = 0; k < m + 1; k++)
+ eq[j * (m + 1) + k] ^= gf_mul (eq[i * (m + 1) + k], rr);
+ }
+ }
+}
+
+static void
+gauss_solve (gf_single_t *eq, int n, int m, gf_single_t *sol)
+{
+ int *chosen;
+ int i, j;
+
+#ifndef STANDALONE
+ chosen = xmalloc (n * sizeof (int));
+#else
+ chosen = (void *) scratch;
+ scratch += n * sizeof (int);
+#endif
+ for (i = 0; i < n; i++)
+ chosen[i] = -1;
+ for (i = 0; i < m; i++)
+ sol[i] = 0;
+ gauss_eliminate (eq, n, m, chosen);
+ for (i = n - 1; i >= 0; i--)
+ {
+ gf_single_t s = 0;
+ if (chosen[i] == -1)
+ continue;
+ for (j = 0; j < m; j++)
+ s ^= gf_mul (eq[i * (m + 1) + j], sol[j]);
+ s ^= eq[i * (m + 1) + m];
+ sol[chosen[i]] = s;
+ }
+#ifndef STANDALONE
+ free (chosen);
+#else
+ scratch -= n * sizeof (int);
+#endif
+}
+
+static void
+rs_recover (gf_single_t *m, grub_size_t s, grub_size_t rs)
+{
+ grub_size_t rs2 = rs / 2;
+ gf_single_t *sigma;
+ gf_single_t *errpot;
+ int *errpos;
+ gf_single_t *sy;
+ int errnum = 0;
+ int i, j;
+
+#ifndef STANDALONE
+ sigma = xmalloc (rs2 * sizeof (gf_single_t));
+ errpot = xmalloc (rs2 * sizeof (gf_single_t));
+ errpos = xmalloc (rs2 * sizeof (int));
+ sy = xmalloc (rs * sizeof (gf_single_t));
+#else
+ sigma = (void *) scratch;
+ scratch += rs2 * sizeof (gf_single_t);
+ errpot = (void *) scratch;
+ scratch += rs2 * sizeof (gf_single_t);
+ errpos = (void *) scratch;
+ scratch += rs2 * sizeof (int);
+ sy = (void *) scratch;
+ scratch += rs * sizeof (gf_single_t);
+#endif
+
+ syndroms (m, s, rs, sy);
+
+ {
+ gf_single_t *eq;
+
+#ifndef STANDALONE
+ eq = xmalloc (rs2 * (rs2 + 1) * sizeof (gf_single_t));
+#else
+ eq = (void *) scratch;
+ scratch += rs2 * (rs2 + 1) * sizeof (gf_single_t);
+#endif
+
+ for (i = 0; i < (int) rs; i++)
+ if (sy[i] != 0)
+ break;
+
+ /* No error detected. */
+ if (i == (int) rs)
+ return;
+
+ for (i = 0; i < (int) rs2; i++)
+ for (j = 0; j < (int) rs2 + 1; j++)
+ eq[i * (rs2 + 1) + j] = sy[i+j];
+
+ for (i = 0; i < (int) rs2; i++)
+ sigma[i] = 0;
+
+ gauss_solve (eq, rs2, rs2, sigma);
+
+#ifndef STANDALONE
+ free (eq);
+#else
+ scratch -= rs2 * (rs2 + 1) * sizeof (gf_single_t);
+#endif
+ }
+
+ {
+ gf_single_t xn = 1, yn = 1;
+ for (i = 0; i < (int) (rs + s); i++)
+ {
+ gf_single_t ev = (gf_mul (pol_evaluate (sigma, rs2 - 1, xn), xn) ^ 1);
+ if (ev == 0)
+ {
+ errpot[errnum] = yn;
+ errpos[errnum++] = s + rs - i - 1;
+ }
+ yn = gf_mul (yn, 2);
+ xn = gf_mul (xn, GF_INVERT2);
+ }
+ }
+ {
+ gf_single_t *errvals;
+ gf_single_t *eq;
+
+#ifndef STANDALONE
+ eq = xmalloc (rs * (errnum + 1) * sizeof (gf_single_t));
+ errvals = xmalloc (errnum * sizeof (int));
+#else
+ eq = (void *) scratch;
+ scratch += rs * (errnum + 1) * sizeof (gf_single_t);
+ errvals = (void *) scratch;
+ scratch += errnum * sizeof (int);
+#endif
+
+ for (j = 0; j < errnum; j++)
+ eq[j] = errpot[j];
+ eq[errnum] = sy[0];
+ for (i = 1; i < (int) rs; i++)
+ {
+ for (j = 0; j < (int) errnum; j++)
+ eq[(errnum + 1) * i + j] = gf_mul (errpot[j],
+ eq[(errnum + 1) * (i - 1) + j]);
+ eq[(errnum + 1) * i + errnum] = sy[i];
+ }
+
+ gauss_solve (eq, rs, errnum, errvals);
+
+ for (i = 0; i < (int) errnum; i++)
+ m[errpos[i]] ^= errvals[i];
+#ifndef STANDALONE
+ free (eq);
+ free (errvals);
+#else
+ scratch -= rs * (errnum + 1) * sizeof (gf_single_t);
+ scratch -= errnum * sizeof (int);
+#endif
+ }
+#ifndef STANDALONE
+ free (sigma);
+ free (errpot);
+ free (errpos);
+ free (sy);
+#else
+ scratch -= rs2 * sizeof (gf_single_t);
+ scratch -= rs2 * sizeof (gf_single_t);
+ scratch -= rs2 * sizeof (int);
+ scratch -= rs * sizeof (gf_single_t);
+#endif
+}
+
+static void
+decode_block (gf_single_t *ptr, grub_size_t s,
+ gf_single_t *rptr, grub_size_t rs)
+{
+ int i, j;
+ for (i = 0; i < SECTOR_SIZE; i++)
+ {
+ grub_size_t ds = (s + SECTOR_SIZE - 1 - i) / SECTOR_SIZE;
+ grub_size_t rr = (rs + SECTOR_SIZE - 1 - i) / SECTOR_SIZE;
+ gf_single_t m[ds + rr];
+
+ /* Nothing to do. */
+ if (!ds || !rr)
+ continue;
+
+ for (j = 0; j < (int) ds; j++)
+ m[j] = ptr[SECTOR_SIZE * j + i];
+ for (j = 0; j < (int) rr; j++)
+ m[j + ds] = rptr[SECTOR_SIZE * j + i];
+
+ rs_recover (m, ds, rr);
+
+ for (j = 0; j < (int) ds; j++)
+ ptr[SECTOR_SIZE * j + i] = m[j];
+ }
+}
+
+#if !defined (STANDALONE)
+static void
+encode_block (gf_single_t *ptr, grub_size_t s,
+ gf_single_t *rptr, grub_size_t rs)
+{
+ int i, j;
+ for (i = 0; i < SECTOR_SIZE; i++)
+ {
+ grub_size_t ds = (s + SECTOR_SIZE - 1 - i) / SECTOR_SIZE;
+ grub_size_t rr = (rs + SECTOR_SIZE - 1 - i) / SECTOR_SIZE;
+ gf_single_t m[ds + rr];
+ for (j = 0; j < ds; j++)
+ m[j] = ptr[SECTOR_SIZE * j + i];
+ rs_encode (m, ds, rr);
+ for (j = 0; j < rr; j++)
+ rptr[SECTOR_SIZE * j + i] = m[j + ds];
+ }
+}
+#endif
+
+#if !defined (STANDALONE)
+void
+grub_reed_solomon_add_redundancy (void *buffer, grub_size_t data_size,
+ grub_size_t redundancy)
+{
+ grub_size_t s = data_size;
+ grub_size_t rs = redundancy;
+ gf_single_t *ptr = buffer;
+ gf_single_t *rptr = ptr + s;
+
+ /* Nothing to do. */
+ if (!rs)
+ return;
+
+ while (s > 0)
+ {
+ grub_size_t tt;
+ grub_size_t cs, crs;
+ cs = s;
+ crs = rs;
+ tt = cs + crs;
+ if (tt > MAX_BLOCK_SIZE)
+ {
+ cs = ((cs * (MAX_BLOCK_SIZE / 512)) / tt) * 512;
+ crs = ((crs * (MAX_BLOCK_SIZE / 512)) / tt) * 512;
+ }
+ encode_block (ptr, cs, rptr, crs);
+ ptr += cs;
+ rptr += crs;
+ s -= cs;
+ rs -= crs;
+ }
+}
+#endif
+
+void
+grub_reed_solomon_recover (void *ptr_, grub_size_t s, grub_size_t rs)
+{
+ gf_single_t *ptr = ptr_;
+ gf_single_t *rptr = ptr + s;
+
+ /* Nothing to do. */
+ if (!rs)
+ return;
+
+#if defined (STANDALONE)
+ init_inverts ();
+#endif
+
+ while (s > 0)
+ {
+ grub_size_t tt;
+ grub_size_t cs, crs;
+ cs = s;
+ crs = rs;
+ tt = cs + crs;
+ if (tt > MAX_BLOCK_SIZE)
+ {
+ cs = ((cs * (MAX_BLOCK_SIZE / 512)) / tt) * 512;
+ crs = ((crs * (MAX_BLOCK_SIZE / 512)) / tt) * 512;
+ }
+ decode_block (ptr, cs, rptr, crs);
+ ptr += cs;
+ rptr += crs;
+ s -= cs;
+ rs -= crs;
+ }
+}
+
+#ifdef TEST
+int
+main (int argc, char **argv)
+{
+ FILE *in, *out;
+ grub_size_t s, rs;
+ char *buf;
+
+#ifdef STANDALONE
+ scratch = xmalloc (1048576);
+#endif
+
+#ifndef STANDALONE
+ init_inverts ();
+#endif
+
+ in = fopen ("tst.bin", "rb");
+ if (!in)
+ return 1;
+ fseek (in, 0, SEEK_END);
+ s = ftell (in);
+ fseek (in, 0, SEEK_SET);
+ rs = s / 3;
+ buf = xmalloc (s + rs + SECTOR_SIZE);
+ fread (buf, 1, s, in);
+
+ grub_reed_solomon_add_redundancy (buf, s, rs);
+
+ out = fopen ("tst_rs.bin", "wb");
+ fwrite (buf, 1, s + rs, out);
+ fclose (out);
+
+ grub_memset (buf + 512 * 15, 0, 512);
+
+ out = fopen ("tst_dam.bin", "wb");
+ fwrite (buf, 1, s + rs, out);
+ fclose (out);
+ grub_reed_solomon_recover (buf, s, rs);
+
+ out = fopen ("tst_rec.bin", "wb");
+ fwrite (buf, 1, s, out);
+ fclose (out);
+
+ return 0;
+}
+#endif
diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c
new file mode 100644
index 0000000..6eb20b8
--- /dev/null
+++ b/grub-core/lib/relocator.c
@@ -0,0 +1,1602 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2009, 2010 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/relocator.h>
+#include <grub/relocator_private.h>
+#include <grub/mm_private.h>
+#include <grub/misc.h>
+#include <grub/cache.h>
+#include <grub/memory.h>
+#include <grub/dl.h>
+
+GRUB_MOD_LICENSE ("GPLv3+");
+
+struct grub_relocator
+{
+ struct grub_relocator_chunk *chunks;
+ grub_phys_addr_t postchunks;
+ grub_phys_addr_t highestaddr;
+ grub_phys_addr_t highestnonpostaddr;
+ grub_size_t relocators_size;
+};
+
+struct grub_relocator_subchunk
+{
+ enum {CHUNK_TYPE_IN_REGION, CHUNK_TYPE_REGION_START,
+#if GRUB_RELOCATOR_HAVE_FIRMWARE_REQUESTS
+ CHUNK_TYPE_FIRMWARE, CHUNK_TYPE_LEFTOVER
+#endif
+ } type;
+ grub_mm_region_t reg;
+ grub_phys_addr_t start;
+ grub_size_t size;
+ grub_size_t pre_size;
+ struct grub_relocator_extra_block *extra;
+#if GRUB_RELOCATOR_HAVE_LEFTOVERS
+ struct grub_relocator_fw_leftover *pre, *post;
+#endif
+};
+
+struct grub_relocator_chunk
+{
+ struct grub_relocator_chunk *next;
+ grub_phys_addr_t src;
+ void *srcv;
+ grub_phys_addr_t target;
+ grub_size_t size;
+ struct grub_relocator_subchunk *subchunks;
+ unsigned nsubchunks;
+};
+
+struct grub_relocator_extra_block
+{
+ struct grub_relocator_extra_block *next;
+ struct grub_relocator_extra_block **prev;
+ grub_phys_addr_t start;
+ grub_phys_addr_t end;
+};
+
+#if GRUB_RELOCATOR_HAVE_LEFTOVERS
+struct grub_relocator_fw_leftover
+{
+ struct grub_relocator_fw_leftover *next;
+ struct grub_relocator_fw_leftover **prev;
+ grub_phys_addr_t quantstart;
+ grub_uint8_t freebytes[GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT / 8];
+};
+
+static struct grub_relocator_fw_leftover *leftovers;
+#endif
+
+static struct grub_relocator_extra_block *extra_blocks;
+
+void *
+get_virtual_current_address (grub_relocator_chunk_t in)
+{
+ return in->srcv;
+}
+
+grub_phys_addr_t
+get_physical_target_address (grub_relocator_chunk_t in)
+{
+ return in->target;
+}
+
+struct grub_relocator *
+grub_relocator_new (void)
+{
+ struct grub_relocator *ret;
+
+ grub_cpu_relocator_init ();
+
+ ret = grub_zalloc (sizeof (struct grub_relocator));
+ if (!ret)
+ return NULL;
+
+ ret->postchunks = ~(grub_phys_addr_t) 0;
+ ret->relocators_size = grub_relocator_jumper_size;
+ grub_dprintf ("relocator", "relocators_size=%lu\n",
+ (unsigned long) ret->relocators_size);
+ return ret;
+}
+
+#define DIGITSORT_BITS 8
+#define DIGITSORT_MASK ((1 << DIGITSORT_BITS) - 1)
+#define BITS_IN_BYTE 8
+
+#define max(a, b) (((a) > (b)) ? (a) : (b))
+#define min(a, b) (((a) < (b)) ? (a) : (b))
+
+static inline int
+is_start (int type)
+{
+ return !(type & 1) && (type != COLLISION_START);
+}
+
+static void
+allocate_regstart (grub_phys_addr_t addr, grub_size_t size, grub_mm_region_t rb,
+ grub_mm_region_t *regancestor, grub_mm_header_t hancestor)
+{
+ grub_addr_t newreg_start, newreg_raw_start
+ = (grub_addr_t) rb + (addr - grub_vtop (rb)) + size;
+ grub_addr_t newreg_size, newreg_presize;
+ grub_mm_header_t new_header;
+ grub_mm_header_t hb = (grub_mm_header_t) (rb + 1);
+
+#ifdef DEBUG_RELOCATOR_NOMEM_DPRINTF
+ grub_dprintf ("relocator", "ra = %p, rb = %p\n", regancestor, rb);
+#endif
+ newreg_start = ALIGN_UP (newreg_raw_start, GRUB_MM_ALIGN);
+ newreg_presize = newreg_start - newreg_raw_start;
+ newreg_size = rb->size - (newreg_start - (grub_addr_t) rb);
+ if ((hb->size << GRUB_MM_ALIGN_LOG2) >= newreg_start
+ - (grub_addr_t) rb)
+ {
+ grub_mm_header_t newhnext = hb->next;
+ grub_size_t newhsize = ((hb->size << GRUB_MM_ALIGN_LOG2)
+ - (newreg_start
+ - (grub_addr_t) rb)) >> GRUB_MM_ALIGN_LOG2;
+ new_header = (void *) (newreg_start + sizeof (*rb));
+ if (newhnext == hb)
+ newhnext = new_header;
+ new_header->next = newhnext;
+ new_header->size = newhsize;
+ new_header->magic = GRUB_MM_FREE_MAGIC;
+ }
+ else
+ {
+ new_header = hb->next;
+ if (new_header == hb)
+ new_header = (void *) (newreg_start + sizeof (*rb));
+ }
+ {
+ struct grub_mm_header *newregfirst = rb->first;
+ struct grub_mm_region *newregnext = rb->next;
+ struct grub_mm_region *newreg = (void *) newreg_start;
+ hancestor->next = new_header;
+ if (newregfirst == hb)
+ newregfirst = new_header;
+ newreg->first = newregfirst;
+ newreg->next = newregnext;
+ newreg->pre_size = newreg_presize;
+ newreg->size = newreg_size;
+ *regancestor = newreg;
+ {
+ grub_mm_header_t h = newreg->first, hp = NULL;
+ do
+ {
+ if ((void *) h < (void *) (newreg + 1))
+ grub_fatal ("Failed to adjust memory region: %p, %p, %p, %p, %p",
+ newreg, newreg->first, h, hp, hb);
+#ifdef DEBUG_RELOCATOR_NOMEM_DPRINTF
+ if ((void *) h == (void *) (newreg + 1))
+ grub_dprintf ("relocator",
+ "Free start memory region: %p, %p, %p, %p, %p",
+ newreg, newreg->first, h, hp, hb);
+#endif
+ hp = h;
+ h = h->next;
+ }
+ while (h != newreg->first);
+ }
+ }
+}
+
+static void
+allocate_inreg (grub_phys_addr_t paddr, grub_size_t size,
+ grub_mm_header_t hb, grub_mm_header_t hbp,
+ grub_mm_region_t rb)
+{
+ struct grub_mm_header *foll = NULL;
+ grub_addr_t vaddr = (grub_addr_t) hb + (paddr - grub_vtop (hb));
+
+#ifdef DEBUG_RELOCATOR_NOMEM_DPRINTF
+ grub_dprintf ("relocator", "inreg paddr = 0x%lx, size = %lu,"
+ " hb = %p, hbp = %p, rb = %p, vaddr = 0x%lx\n",
+ (unsigned long) paddr, (unsigned long) size, hb, hbp,
+ rb, (unsigned long) vaddr);
+#endif
+
+ if (ALIGN_UP (vaddr + size, GRUB_MM_ALIGN) + GRUB_MM_ALIGN
+ <= (grub_addr_t) (hb + hb->size))
+ {
+ foll = (void *) ALIGN_UP (vaddr + size, GRUB_MM_ALIGN);
+ foll->magic = GRUB_MM_FREE_MAGIC;
+ foll->size = hb + hb->size - foll;
+#ifdef DEBUG_RELOCATOR_NOMEM_DPRINTF
+ grub_dprintf ("relocator", "foll = %p, foll->size = %lu\n", foll,
+ (unsigned long) foll->size);
+#endif
+ }
+
+ if (vaddr - (grub_addr_t) hb >= sizeof (*hb))
+ {
+ hb->size = ((vaddr - (grub_addr_t) hb) >> GRUB_MM_ALIGN_LOG2);
+ if (foll)
+ {
+ foll->next = hb;
+ hbp->next = foll;
+ if (rb->first == hb)
+ {
+ rb->first = foll;
+ }
+ }
+ }
+ else
+ {
+ if (foll)
+ {
+ foll->next = hb->next;
+ }
+ else
+ foll = hb->next;
+
+ hbp->next = foll;
+ if (rb->first == hb)
+ {
+ rb->first = foll;
+ }
+ if (rb->first == hb)
+ {
+ rb->first = (void *) (rb + 1);
+ }
+ }
+}
+
+#if GRUB_RELOCATOR_HAVE_LEFTOVERS
+static void
+check_leftover (struct grub_relocator_fw_leftover *lo)
+{
+ unsigned i;
+ for (i = 0; i < sizeof (lo->freebytes); i++)
+ if (lo->freebytes[i] != 0xff)
+ return;
+ grub_relocator_firmware_free_region (lo->quantstart,
+ GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT);
+ *lo->prev = lo->next;
+ if (lo->next)
+ lo->next->prev = lo->prev;
+}
+#endif
+
+static void
+free_subchunk (const struct grub_relocator_subchunk *subchu)
+{
+ switch (subchu->type)
+ {
+ case CHUNK_TYPE_REGION_START:
+ {
+ grub_mm_region_t r1, r2, *rp;
+ grub_mm_header_t h;
+ grub_size_t pre_size;
+ r1 = subchu->reg;
+ r2 = (grub_mm_region_t) ALIGN_UP ((grub_addr_t) subchu->reg
+ + (grub_vtop (subchu->reg)
+ - subchu->start) + subchu->size,
+ GRUB_MM_ALIGN);
+ for (rp = &grub_mm_base; *rp && *rp != r2; rp = &((*rp)->next));
+ pre_size = subchu->pre_size;
+
+ if (*rp)
+ {
+ grub_mm_header_t h2, *hp;
+ r1->first = r2->first;
+ r1->next = r2->next;
+ r1->pre_size = pre_size;
+ r1->size = r2->size + (r2 - r1) * sizeof (*r2);
+ *rp = r1;
+ h = (grub_mm_header_t) (r1 + 1);
+ h->next = r2->first;
+ h->magic = GRUB_MM_FREE_MAGIC;
+ h->size = (r2 - r1 - 1);
+ for (hp = &r2->first, h2 = *hp; h2->next != r2->first;
+ hp = &(h2->next), h2 = *hp)
+ if (h2 == (grub_mm_header_t) (r2 + 1))
+ break;
+ if (h2 == (grub_mm_header_t) (r2 + 1))
+ {
+ h->size = h2->size + (h2 - h);
+ h->next = h2->next;
+ *hp = h;
+ if (hp == &r2->first)
+ {
+ for (h2 = r2->first; h2->next != r2->first; h2 = h2->next);
+ h2->next = h;
+ }
+ }
+ else
+ {
+ h2->next = h;
+ }
+ }
+ else
+ {
+ r1->pre_size = pre_size;
+ r1->size = (r2 - r1) * sizeof (*r2);
+ /* Find where to insert this region.
+ Put a smaller one before bigger ones,
+ to prevent fragmentation. */
+ for (rp = &grub_mm_base; *rp; rp = &((*rp)->next))
+ if ((*rp)->size > r1->size)
+ break;
+ r1->next = *rp;
+ *rp = r1->next;
+ h = (grub_mm_header_t) (r1 + 1);
+ r1->first = h;
+ h->next = h;
+ h->magic = GRUB_MM_FREE_MAGIC;
+ h->size = (r2 - r1 - 1);
+ }
+ for (r2 = grub_mm_base; r2; r2 = r2->next)
+ if ((grub_addr_t) r2 + r2->size == (grub_addr_t) r1)
+ break;
+ if (r2)
+ {
+ grub_mm_header_t hl2, hl, g;
+ g = (grub_mm_header_t) ((grub_addr_t) r2 + r2->size);
+ g->size = (grub_mm_header_t) r1 - g;
+ r2->size += r1->size;
+ for (hl = r2->first; hl->next != r2->first; hl = hl->next);
+ for (hl2 = r1->first; hl2->next != r1->first; hl2 = hl2->next);
+ hl2->next = r2->first;
+ r2->first = r1->first;
+ hl->next = r2->first;
+ *rp = (*rp)->next;
+ grub_free (g + 1);
+ }
+ break;
+ }
+ case CHUNK_TYPE_IN_REGION:
+ {
+ grub_mm_header_t h = (grub_mm_header_t) ALIGN_DOWN ((grub_addr_t) subchu->start,
+ GRUB_MM_ALIGN);
+ h->size
+ = ((subchu->start + subchu->size + GRUB_MM_ALIGN - 1) / GRUB_MM_ALIGN)
+ - (subchu->start / GRUB_MM_ALIGN) - 1;
+ h->next = h;
+ h->magic = GRUB_MM_ALLOC_MAGIC;
+ grub_free (h + 1);
+ break;
+ }
+#if GRUB_RELOCATOR_HAVE_FIRMWARE_REQUESTS
+ case CHUNK_TYPE_FIRMWARE:
+ case CHUNK_TYPE_LEFTOVER:
+ {
+ grub_addr_t fstart, fend;
+ fstart = ALIGN_UP (subchu->start,
+ GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT);
+ fend = ALIGN_DOWN (subchu->start + subchu->size,
+ GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT);
+ if (fstart < fend)
+ grub_relocator_firmware_free_region (fstart, fend - fstart);
+#if GRUB_RELOCATOR_HAVE_LEFTOVERS
+ if (subchu->pre)
+ {
+ int off = subchu->start - fstart
+ - GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT;
+ grub_memset (subchu->pre->freebytes + off / 8 + 1,
+ 0xff, sizeof (subchu->pre->freebytes) - off / 8 - 1);
+ subchu->pre->freebytes[off / 8] |= ~((1 << (off % 8)) - 1);
+ check_leftover (subchu->pre);
+ }
+ if (subchu->post)
+ {
+ int off = subchu->start + subchu->size - fend;
+ grub_memset (subchu->pre->freebytes,
+ 0xff, sizeof (subchu->pre->freebytes) - off / 8);
+ subchu->pre->freebytes[off / 8] |= ((1 << (8 - (off % 8))) - 1);
+ check_leftover (subchu->post);
+ }
+#endif
+ *subchu->extra->prev = subchu->extra->next;
+ grub_free (subchu->extra);
+ }
+ break;
+#endif
+ }
+}
+
+static int
+malloc_in_range (struct grub_relocator *rel,
+ grub_addr_t start, grub_addr_t end, grub_addr_t align,
+ grub_size_t size, struct grub_relocator_chunk *res,
+ int from_low_priv, int collisioncheck)
+{
+ grub_mm_region_t r, *ra, base_saved;
+ struct grub_relocator_mmap_event *events = NULL, *eventt = NULL, *t;
+ /* 128 is just in case of additional malloc (shouldn't happen). */
+ unsigned maxevents = 2 + 128;
+ grub_mm_header_t p, pa;
+ unsigned *counter;
+ int nallocs = 0;
+ unsigned j, N = 0;
+ grub_addr_t target = 0;
+
+ grub_dprintf ("relocator",
+ "trying to allocate in 0x%lx-0x%lx aligned 0x%lx size 0x%lx\n",
+ (unsigned long) start, (unsigned long) end,
+ (unsigned long) align, (unsigned long) size);
+
+ start = ALIGN_UP (start, align);
+ end = ALIGN_DOWN (end - size, align) + size;
+
+ if (end < start + size)
+ return 0;
+
+ /* We have to avoid any allocations when filling scanline events.
+ Hence 2-stages.
+ */
+ for (r = grub_mm_base; r; r = r->next)
+ {
+ p = r->first;
+ do
+ {
+ if ((grub_addr_t) p < (grub_addr_t) (r + 1)
+ || (grub_addr_t) p >= (grub_addr_t) (r + 1) + r->size)
+ grub_fatal ("%d: out of range pointer: %p\n", __LINE__, p);
+ maxevents += 2;
+ p = p->next;
+ }
+ while (p != r->first);
+ maxevents += 4;
+ }
+
+ if (collisioncheck && rel)
+ {
+ struct grub_relocator_chunk *chunk;
+ for (chunk = rel->chunks; chunk; chunk = chunk->next)
+ maxevents += 2;
+ }
+
+#if GRUB_RELOCATOR_HAVE_FIRMWARE_REQUESTS
+ {
+ struct grub_relocator_extra_block *cur;
+ for (cur = extra_blocks; cur; cur = cur->next)
+ maxevents += 2;
+ }
+ for (r = grub_mm_base; r; r = r->next)
+ maxevents += 2;
+
+ maxevents += grub_relocator_firmware_get_max_events ();
+#endif
+
+#if GRUB_RELOCATOR_HAVE_LEFTOVERS
+ {
+ struct grub_relocator_fw_leftover *cur;
+ for (cur = leftovers; cur; cur = cur->next)
+ {
+ int l = 0;
+ unsigned i;
+ for (i = 0; i < GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT; i++)
+ {
+ if (l != ((cur->freebytes[i / 8] >> (i % 8)) & 1))
+ maxevents++;
+ l = ((cur->freebytes[i / 8] >> (i % 8)) & 1);
+ }
+ if (l)
+ maxevents++;
+ }
+ }
+#endif
+
+ events = grub_malloc (maxevents * sizeof (events[0]));
+ eventt = grub_malloc (maxevents * sizeof (events[0]));
+ counter = grub_malloc ((DIGITSORT_MASK + 2) * sizeof (counter[0]));
+ if (!events || !eventt || !counter)
+ {
+ grub_dprintf ("relocator", "events or counter allocation failed %d\n",
+ maxevents);
+ grub_free (events);
+ grub_free (eventt);
+ grub_free (counter);
+ return 0;
+ }
+
+ if (collisioncheck && rel)
+ {
+ struct grub_relocator_chunk *chunk;
+ for (chunk = rel->chunks; chunk; chunk = chunk->next)
+ {
+ events[N].type = COLLISION_START;
+ events[N].pos = chunk->target;
+ N++;
+ events[N].type = COLLISION_END;
+ events[N].pos = chunk->target + chunk->size;
+ N++;
+ }
+ }
+
+#if GRUB_RELOCATOR_HAVE_FIRMWARE_REQUESTS
+ for (r = grub_mm_base; r; r = r->next)
+ {
+ grub_dprintf ("relocator", "Blocking at 0x%lx-0x%lx\n",
+ (unsigned long) r - r->pre_size,
+ (unsigned long) (r + 1) + r->size);
+ events[N].type = FIRMWARE_BLOCK_START;
+ events[N].pos = (grub_addr_t) r - r->pre_size;
+ N++;
+ events[N].type = FIRMWARE_BLOCK_END;
+ events[N].pos = (grub_addr_t) (r + 1) + r->size;
+ N++;
+ }
+ {
+ struct grub_relocator_extra_block *cur;
+ for (cur = extra_blocks; cur; cur = cur->next)
+ {
+ grub_dprintf ("relocator", "Blocking at 0x%lx-0x%lx\n",
+ (unsigned long) cur->start, (unsigned long) cur->end);
+ events[N].type = FIRMWARE_BLOCK_START;
+ events[N].pos = cur->start;
+ N++;
+ events[N].type = FIRMWARE_BLOCK_END;
+ events[N].pos = cur->end;
+ N++;
+ }
+ }
+
+ N += grub_relocator_firmware_fill_events (events + N);
+
+#if GRUB_RELOCATOR_HAVE_LEFTOVERS
+ {
+ struct grub_relocator_fw_leftover *cur;
+ for (cur = leftovers; cur; cur = cur->next)
+ {
+ unsigned i;
+ int l = 0;
+ for (i = 0; i < GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT; i++)
+ {
+ if (l != ((cur->freebytes[i / 8] >> (i % 8)) & 1))
+ {
+ events[N].type = l ? REG_LEFTOVER_END : REG_LEFTOVER_START;
+ events[N].pos = cur->quantstart + i;
+ events[N].leftover = cur;
+ N++;
+ }
+ l = ((cur->freebytes[i / 8] >> (i % 8)) & 1);
+ }
+ if (l)
+ {
+ events[N].type = REG_LEFTOVER_END;
+ events[N].pos = cur->quantstart + i;
+ events[N].leftover = cur;
+ N++;
+ }
+ }
+ }
+#endif
+#endif
+
+ /* No malloc from this point. */
+ base_saved = grub_mm_base;
+ grub_mm_base = NULL;
+
+ for (ra = &base_saved, r = *ra; r; ra = &(r->next), r = *ra)
+ {
+ pa = r->first;
+ p = pa->next;
+ if (p->magic == GRUB_MM_ALLOC_MAGIC)
+ continue;
+ do
+ {
+ if (p->magic != GRUB_MM_FREE_MAGIC)
+ grub_fatal (__FILE__":%d free magic broken at %p (0x%x)\n",
+ __LINE__, p, p->magic);
+ if (p == (grub_mm_header_t) (r + 1))
+ {
+ events[N].type = REG_BEG_START;
+ events[N].pos = grub_vtop (r) - r->pre_size;
+ events[N].reg = r;
+ events[N].regancestor = ra;
+ events[N].head = p;
+ events[N].hancestor = pa;
+ N++;
+ events[N].type = REG_BEG_END;
+ events[N].pos = grub_vtop (p + p->size) - sizeof (*r)
+ - sizeof (struct grub_mm_header);
+ N++;
+ }
+ else
+ {
+ events[N].type = IN_REG_START;
+ events[N].pos = grub_vtop (p);
+ events[N].head = p;
+ events[N].hancestor = pa;
+ events[N].reg = r;
+ N++;
+ events[N].type = IN_REG_END;
+ events[N].pos = grub_vtop (p + p->size);
+ N++;
+ }
+ pa = p;
+ p = pa->next;
+ }
+ while (pa != r->first);
+ }
+
+ /* Put ending events after starting events. */
+ {
+ int st = 0, e = N / 2;
+ for (j = 0; j < N; j++)
+ if (is_start (events[j].type) || events[j].type == COLLISION_START)
+ eventt[st++] = events[j];
+ else
+ eventt[e++] = events[j];
+ t = eventt;
+ eventt = events;
+ events = t;
+ }
+
+ {
+ unsigned i;
+ for (i = 0; i < (BITS_IN_BYTE * sizeof (grub_addr_t) / DIGITSORT_BITS);
+ i++)
+ {
+ memset (counter, 0, (1 + (1 << DIGITSORT_BITS)) * sizeof (counter[0]));
+ for (j = 0; j < N; j++)
+ counter[((events[j].pos >> (DIGITSORT_BITS * i))
+ & DIGITSORT_MASK) + 1]++;
+ for (j = 0; j <= DIGITSORT_MASK; j++)
+ counter[j+1] += counter[j];
+ for (j = 0; j < N; j++)
+ eventt[counter[((events[j].pos >> (DIGITSORT_BITS * i))
+ & DIGITSORT_MASK)]++] = events[j];
+ t = eventt;
+ eventt = events;
+ events = t;
+ }
+ }
+
+#if GRUB_RELOCATOR_HAVE_FIRMWARE_REQUESTS
+ retry:
+#endif
+
+ /* Now events are nicely sorted. */
+ {
+ int nstarted = 0, ncollisions = 0, nstartedfw = 0, nblockfw = 0;
+#if GRUB_RELOCATOR_HAVE_LEFTOVERS
+ int nlefto = 0;
+#else
+ const int nlefto = 0;
+#endif
+ grub_addr_t starta = 0;
+ for (j = from_low_priv ? 0 : N - 1; from_low_priv ? j < N : (j + 1);
+ from_low_priv ? j++ : j--)
+ {
+ int isinsidebefore, isinsideafter;
+ isinsidebefore = (!ncollisions && (nstarted || (((nlefto || nstartedfw)
+ && !nblockfw))));
+ switch (events[j].type)
+ {
+#if GRUB_RELOCATOR_HAVE_FIRMWARE_REQUESTS
+ case REG_FIRMWARE_START:
+ nstartedfw++;
+ break;
+
+ case REG_FIRMWARE_END:
+ nstartedfw--;
+ break;
+
+ case FIRMWARE_BLOCK_START:
+ nblockfw++;
+ break;
+
+ case FIRMWARE_BLOCK_END:
+ nblockfw--;
+ break;
+#endif
+
+#if GRUB_RELOCATOR_HAVE_LEFTOVERS
+ case REG_LEFTOVER_START:
+ nlefto++;
+ break;
+
+ case REG_LEFTOVER_END:
+ nlefto--;
+ break;
+#endif
+
+ case COLLISION_START:
+ ncollisions++;
+ break;
+
+ case COLLISION_END:
+ ncollisions--;
+ break;
+
+ case IN_REG_START:
+ case REG_BEG_START:
+ nstarted++;
+ break;
+
+ case IN_REG_END:
+ case REG_BEG_END:
+ nstarted--;
+ break;
+ }
+ isinsideafter = (!ncollisions && (nstarted || ((nlefto || nstartedfw)
+ && !nblockfw)));
+ if (!isinsidebefore && isinsideafter)
+ starta = from_low_priv ? ALIGN_UP (events[j].pos, align)
+ : ALIGN_DOWN (events[j].pos - size, align) + size;
+ if (isinsidebefore && !isinsideafter && from_low_priv)
+ {
+ target = starta;
+ if (target < start)
+ target = start;
+ if (target + size <= end && target + size <= events[j].pos)
+ /* Found an usable address. */
+ goto found;
+ }
+ if (isinsidebefore && !isinsideafter && !from_low_priv)
+ {
+ target = starta - size;
+ if (target > end - size)
+ target = end - size;
+ if (target >= start && target >= events[j].pos)
+ goto found;
+ }
+ }
+ }
+
+ grub_mm_base = base_saved;
+ grub_free (events);
+ grub_free (eventt);
+ grub_free (counter);
+ return 0;
+
+ found:
+ {
+ int inreg = 0, regbeg = 0, ncol = 0;
+#if GRUB_RELOCATOR_HAVE_FIRMWARE_REQUESTS
+ int fwin = 0, fwb = 0, fwlefto = 0;
+#endif
+ int last_start = 0;
+ for (j = 0; j < N; j++)
+ {
+ int typepre;
+ if (ncol)
+ typepre = -1;
+ else if (regbeg)
+ typepre = CHUNK_TYPE_REGION_START;
+ else if (inreg)
+ typepre = CHUNK_TYPE_IN_REGION;
+#if GRUB_RELOCATOR_HAVE_FIRMWARE_REQUESTS
+ else if (fwin && !fwb)
+ typepre = CHUNK_TYPE_FIRMWARE;
+ else if (fwlefto && !fwb)
+ typepre = CHUNK_TYPE_LEFTOVER;
+#endif
+ else
+ typepre = -1;
+
+ if (j != 0 && events[j - 1].pos != events[j].pos)
+ {
+ grub_addr_t alloc_start, alloc_end;
+ alloc_start = max (events[j - 1].pos, target);
+ alloc_end = min (events[j].pos, target + size);
+ if (alloc_end > alloc_start)
+ {
+ switch (typepre)
+ {
+ case CHUNK_TYPE_REGION_START:
+ allocate_regstart (alloc_start, alloc_end - alloc_start,
+ events[last_start].reg,
+ events[last_start].regancestor,
+ events[last_start].hancestor);
+ /* TODO: maintain a reverse lookup tree for hancestor. */
+ {
+ unsigned k;
+ for (k = 0; k < N; k++)
+ if (events[k].hancestor == events[last_start].head)
+ events[k].hancestor = events[last_start].hancestor;
+ }
+ break;
+ case CHUNK_TYPE_IN_REGION:
+ allocate_inreg (alloc_start, alloc_end - alloc_start,
+ events[last_start].head,
+ events[last_start].hancestor,
+ events[last_start].reg);
+ {
+ unsigned k;
+ for (k = 0; k < N; k++)
+ if (events[k].hancestor == events[last_start].head)
+ events[k].hancestor = events[last_start].hancestor;
+ }
+ break;
+#if GRUB_RELOCATOR_HAVE_FIRMWARE_REQUESTS
+ case CHUNK_TYPE_FIRMWARE:
+ {
+ grub_addr_t fstart, fend;
+ fstart
+ = ALIGN_DOWN (alloc_start,
+ GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT);
+ fend
+ = ALIGN_UP (alloc_end,
+ GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT);
+#ifdef DEBUG_RELOCATOR_NOMEM_DPRINTF
+ grub_dprintf ("relocator", "requesting %lx-%lx\n",
+ (unsigned long) fstart,
+ (unsigned long) fend);
+#endif
+ /* The failure here can be very expensive. */
+ if (!grub_relocator_firmware_alloc_region (fstart,
+ fend - fstart))
+ {
+ if (from_low_priv)
+ start = fend;
+ else
+ end = fstart;
+ goto retry;
+ }
+ break;
+ }
+#endif
+
+#if GRUB_RELOCATOR_HAVE_LEFTOVERS
+ case CHUNK_TYPE_LEFTOVER:
+ {
+ unsigned offstart = alloc_start
+ % GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT;
+ unsigned offend = alloc_end
+ % GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT;
+ struct grub_relocator_fw_leftover *lo
+ = events[last_start].leftover;
+ lo->freebytes[offstart / 8]
+ &= ((1 << (8 - (start % 8))) - 1);
+ grub_memset (lo->freebytes + (offstart + 7) / 8, 0,
+ offend / 8 - (offstart + 7) / 8);
+ lo->freebytes[offend / 8] &= ~((1 << (offend % 8)) - 1);
+ }
+ break;
+#endif
+ }
+ nallocs++;
+ }
+ }
+
+ switch (events[j].type)
+ {
+ case REG_BEG_START:
+ case IN_REG_START:
+ if (events[j].type == REG_BEG_START &&
+ (grub_addr_t) (events[j].reg + 1) > target)
+ regbeg++;
+ else
+ inreg++;
+ last_start = j;
+ break;
+
+ case REG_BEG_END:
+ case IN_REG_END:
+ if (regbeg)
+ regbeg--;
+ else
+ inreg--;
+ break;
+
+#if GRUB_RELOCATOR_HAVE_FIRMWARE_REQUESTS
+ case REG_FIRMWARE_START:
+ fwin++;
+ break;
+
+ case REG_FIRMWARE_END:
+ fwin--;
+ break;
+
+ case FIRMWARE_BLOCK_START:
+ fwb++;
+ break;
+
+ case FIRMWARE_BLOCK_END:
+ fwb--;
+ break;
+#endif
+
+#if GRUB_RELOCATOR_HAVE_LEFTOVERS
+ case REG_LEFTOVER_START:
+ fwlefto++;
+ break;
+
+ case REG_LEFTOVER_END:
+ fwlefto--;
+ break;
+#endif
+ case COLLISION_START:
+ ncol++;
+ break;
+ case COLLISION_END:
+ ncol--;
+ break;
+ }
+
+ }
+ }
+
+ /* Malloc is available again. */
+ grub_mm_base = base_saved;
+
+ {
+ int last_start = 0;
+ int inreg = 0, regbeg = 0, ncol = 0;
+#if GRUB_RELOCATOR_HAVE_FIRMWARE_REQUESTS
+ int fwin = 0, fwlefto = 0, fwb = 0;
+#endif
+ unsigned cural = 0;
+ int oom = 0;
+ res->subchunks = grub_malloc (sizeof (res->subchunks[0]) * nallocs);
+ if (!res->subchunks)
+ oom = 1;
+ res->nsubchunks = nallocs;
+
+ for (j = 0; j < N; j++)
+ {
+ int typepre;
+ if (ncol)
+ typepre = -1;
+ else if (regbeg)
+ typepre = CHUNK_TYPE_REGION_START;
+ else if (inreg)
+ typepre = CHUNK_TYPE_IN_REGION;
+#if GRUB_RELOCATOR_HAVE_FIRMWARE_REQUESTS
+ else if (fwin && !fwb)
+ typepre = CHUNK_TYPE_FIRMWARE;
+ else if (fwlefto && !fwb)
+ typepre = CHUNK_TYPE_LEFTOVER;
+#endif
+ else
+ typepre = -1;
+
+ if (j != 0 && events[j - 1].pos != events[j].pos)
+ {
+ grub_addr_t alloc_start, alloc_end;
+ struct grub_relocator_subchunk tofree;
+ struct grub_relocator_subchunk *curschu = &tofree;
+ if (!oom)
+ curschu = &res->subchunks[cural];
+ alloc_start = max (events[j - 1].pos, target);
+ alloc_end = min (events[j].pos, target + size);
+ if (alloc_end > alloc_start)
+ {
+ grub_dprintf ("relocator", "subchunk 0x%lx-0x%lx, %d\n",
+ (unsigned long) alloc_start,
+ (unsigned long) alloc_end, typepre);
+ curschu->type = typepre;
+ curschu->start = alloc_start;
+ curschu->size = alloc_end - alloc_start;
+ if (typepre == CHUNK_TYPE_REGION_START
+ || typepre == CHUNK_TYPE_IN_REGION)
+ {
+ curschu->reg = events[last_start].reg;
+ curschu->pre_size = alloc_start - events[j - 1].pos;
+ }
+ if (!oom && (typepre == CHUNK_TYPE_REGION_START
+#if GRUB_RELOCATOR_HAVE_FIRMWARE_REQUESTS
+ || typepre == CHUNK_TYPE_FIRMWARE
+#endif
+ ))
+ {
+ struct grub_relocator_extra_block *ne;
+ ne = grub_malloc (sizeof (*ne));
+ if (!ne)
+ {
+ oom = 1;
+ grub_memcpy (&tofree, curschu, sizeof (tofree));
+ }
+ else
+ {
+ ne->start = alloc_start;
+ ne->end = alloc_end;
+ ne->next = extra_blocks;
+ ne->prev = &extra_blocks;
+ if (extra_blocks)
+ extra_blocks->prev = &(ne->next);
+ extra_blocks = ne;
+ curschu->extra = ne;
+ }
+ }
+#if GRUB_RELOCATOR_HAVE_FIRMWARE_REQUESTS
+ if (!oom && typepre == CHUNK_TYPE_FIRMWARE)
+ {
+ grub_addr_t fstart, fend;
+
+ fstart
+ = ALIGN_DOWN (alloc_start,
+ GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT);
+ fend
+ = ALIGN_UP (alloc_end,
+ GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT);
+
+#if GRUB_RELOCATOR_HAVE_LEFTOVERS
+ {
+ struct grub_relocator_fw_leftover *lo1 = NULL;
+ struct grub_relocator_fw_leftover *lo2 = NULL;
+ if (fstart != alloc_start)
+ lo1 = grub_malloc (sizeof (*lo1));
+ if (fend != alloc_end)
+ lo2 = grub_malloc (sizeof (*lo2));
+ if ((!lo1 && fstart != alloc_start)
+ || (!lo2 && fend != alloc_end))
+ {
+ struct grub_relocator_extra_block *ne;
+ grub_free (lo1);
+ grub_free (lo2);
+ lo1 = NULL;
+ lo2 = NULL;
+ oom = 1;
+ grub_memcpy (&tofree, curschu, sizeof (tofree));
+ ne = extra_blocks;
+ extra_blocks = extra_blocks->next;
+ grub_free (ne);
+ }
+ if (lo1)
+ {
+ lo1->quantstart = fstart;
+ grub_memset (lo1->freebytes, 0xff,
+ (alloc_start - fstart) / 8);
+ lo1->freebytes[(alloc_start - fstart) / 8]
+ = (1 << ((alloc_start - fstart) % 8)) - 1;
+ grub_memset (lo1->freebytes
+ + ((alloc_start - fstart) / 8) + 1, 0,
+ sizeof (lo1->freebytes)
+ - (alloc_start - fstart) / 8 - 1);
+ lo1->next = leftovers;
+ lo1->prev = &leftovers;
+ if (leftovers)
+ leftovers->prev = &lo1->next;
+ leftovers = lo1;
+ }
+ if (lo2)
+ {
+ lo2->quantstart
+ = fend - GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT;
+ grub_memset (lo2->freebytes, 0,
+ (alloc_end - lo2->quantstart) / 8);
+ lo2->freebytes[(alloc_end - lo2->quantstart) / 8]
+ = ~((1 << ((alloc_end - lo2->quantstart) % 8)) - 1);
+ grub_memset (lo2->freebytes
+ + ((alloc_end - lo2->quantstart) / 8)
+ + 1, 0, sizeof (lo2->freebytes)
+ - (alloc_end - lo2->quantstart) / 8 - 1);
+ lo2->prev = &leftovers;
+ if (leftovers)
+ leftovers->prev = &lo2->next;
+ lo2->next = leftovers;
+ leftovers = lo2;
+ }
+ curschu->pre = lo1;
+ curschu->post = lo2;
+ }
+#endif
+ }
+
+#if GRUB_RELOCATOR_HAVE_LEFTOVERS
+ if (typepre == CHUNK_TYPE_LEFTOVER)
+ {
+ curschu->pre = events[last_start].leftover;
+ curschu->post = events[last_start].leftover;
+ }
+#endif
+
+#endif
+ if (!oom)
+ cural++;
+ else
+ free_subchunk (&tofree);
+ }
+ }
+
+ switch (events[j].type)
+ {
+ case REG_BEG_START:
+ case IN_REG_START:
+ if (events[j].type == REG_BEG_START &&
+ (grub_addr_t) (events[j].reg + 1) > target)
+ regbeg++;
+ else
+ inreg++;
+ last_start = j;
+ break;
+
+ case REG_BEG_END:
+ case IN_REG_END:
+ inreg = regbeg = 0;
+ break;
+
+#if GRUB_RELOCATOR_HAVE_FIRMWARE_REQUESTS
+ case REG_FIRMWARE_START:
+ fwin++;
+ break;
+
+ case REG_FIRMWARE_END:
+ fwin--;
+ break;
+
+ case FIRMWARE_BLOCK_START:
+ fwb++;
+ break;
+
+ case FIRMWARE_BLOCK_END:
+ fwb--;
+ break;
+#endif
+
+#if GRUB_RELOCATOR_HAVE_LEFTOVERS
+ case REG_LEFTOVER_START:
+ fwlefto++;
+ break;
+
+ case REG_LEFTOVER_END:
+ fwlefto--;
+ break;
+#endif
+ case COLLISION_START:
+ ncol++;
+ break;
+ case COLLISION_END:
+ ncol--;
+ break;
+ }
+ }
+ if (oom)
+ {
+ unsigned i;
+ for (i = 0; i < cural; i++)
+ free_subchunk (&res->subchunks[i]);
+ grub_free (res->subchunks);
+ grub_dprintf ("relocator", "allocation failed with out-of-memory\n");
+ return 0;
+ }
+ }
+
+ res->src = target;
+ res->size = size;
+ grub_dprintf ("relocator", "allocated: 0x%lx+0x%lx\n", (unsigned long) target,
+ (unsigned long) size);
+
+ return 1;
+}
+
+static void
+adjust_limits (struct grub_relocator *rel,
+ grub_phys_addr_t *min_addr, grub_phys_addr_t *max_addr,
+ grub_phys_addr_t in_min, grub_phys_addr_t in_max)
+{
+ struct grub_relocator_chunk *chunk;
+
+ *min_addr = 0;
+ *max_addr = rel->postchunks;
+
+ /* Keep chunks in memory in the same order as they'll be after relocation. */
+ for (chunk = rel->chunks; chunk; chunk = chunk->next)
+ {
+ if (chunk->target > in_max && chunk->src < *max_addr
+ && chunk->src < rel->postchunks)
+ *max_addr = chunk->src;
+ if (chunk->target + chunk->size <= in_min
+ && chunk->src + chunk->size > *min_addr
+ && chunk->src < rel->postchunks)
+ *min_addr = chunk->src + chunk->size;
+ }
+}
+
+grub_err_t
+grub_relocator_alloc_chunk_addr (struct grub_relocator *rel,
+ grub_relocator_chunk_t *out,
+ grub_phys_addr_t target, grub_size_t size)
+{
+ struct grub_relocator_chunk *chunk;
+ grub_phys_addr_t min_addr = 0, max_addr;
+
+ if (target > ~size)
+ return grub_error (GRUB_ERR_OUT_OF_RANGE, "address is out of range");
+
+ adjust_limits (rel, &min_addr, &max_addr, target, target);
+
+ for (chunk = rel->chunks; chunk; chunk = chunk->next)
+ if ((chunk->target <= target && target < chunk->target + chunk->size)
+ || (target <= chunk->target && chunk->target < target + size))
+ return grub_error (GRUB_ERR_BAD_ARGUMENT, "overlap detected");
+
+ chunk = grub_malloc (sizeof (struct grub_relocator_chunk));
+ if (!chunk)
+ return grub_errno;
+
+ grub_dprintf ("relocator",
+ "min_addr = 0x%llx, max_addr = 0x%llx, target = 0x%llx\n",
+ (unsigned long long) min_addr, (unsigned long long) max_addr,
+ (unsigned long long) target);
+
+ do
+ {
+ /* A trick to improve Linux allocation. */
+#if defined (__i386__) || defined (__x86_64__)
+ if (target < 0x100000)
+ if (malloc_in_range (rel, rel->highestnonpostaddr, ~(grub_addr_t)0, 1,
+ size, chunk, 0, 1))
+ {
+ if (rel->postchunks > chunk->src)
+ rel->postchunks = chunk->src;
+ break;
+ }
+#endif
+ if (malloc_in_range (rel, target, max_addr, 1, size, chunk, 1, 0))
+ break;
+
+ if (malloc_in_range (rel, min_addr, target, 1, size, chunk, 0, 0))
+ break;
+
+ if (malloc_in_range (rel, rel->highestnonpostaddr, ~(grub_addr_t)0, 1,
+ size, chunk, 0, 1))
+ {
+ if (rel->postchunks > chunk->src)
+ rel->postchunks = chunk->src;
+ break;
+ }
+
+ grub_dprintf ("relocator", "not allocated\n");
+ grub_free (chunk);
+ return grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of memory");
+ }
+ while (0);
+
+ grub_dprintf ("relocator", "allocated 0x%llx/0x%llx\n",
+ (unsigned long long) chunk->src, (unsigned long long) target);
+
+ if (rel->highestaddr < target + size)
+ rel->highestaddr = target + size;
+
+ if (rel->highestaddr < chunk->src + size)
+ rel->highestaddr = chunk->src + size;
+
+ if (chunk->src < rel->postchunks)
+ {
+ if (rel->highestnonpostaddr < target + size)
+ rel->highestnonpostaddr = target + size;
+
+ if (rel->highestnonpostaddr < chunk->src + size)
+ rel->highestnonpostaddr = chunk->src + size;
+ }
+
+ grub_dprintf ("relocator", "relocators_size=%ld\n",
+ (unsigned long) rel->relocators_size);
+
+ if (chunk->src < target)
+ rel->relocators_size += grub_relocator_backward_size;
+ if (chunk->src > target)
+ rel->relocators_size += grub_relocator_forward_size;
+
+ grub_dprintf ("relocator", "relocators_size=%ld\n",
+ (unsigned long) rel->relocators_size);
+
+ chunk->target = target;
+ chunk->size = size;
+ chunk->next = rel->chunks;
+ rel->chunks = chunk;
+ grub_dprintf ("relocator", "cur = %p, next = %p\n", rel->chunks,
+ rel->chunks->next);
+
+ chunk->srcv = grub_map_memory (chunk->src, chunk->size);
+ *out = chunk;
+#ifdef DEBUG_RELOCATOR
+ grub_memset (chunk->srcv, 0xfa, chunk->size);
+ grub_mm_check ();
+#endif
+ return GRUB_ERR_NONE;
+}
+
+grub_err_t
+grub_relocator_alloc_chunk_align (struct grub_relocator *rel,
+ grub_relocator_chunk_t *out,
+ grub_phys_addr_t min_addr,
+ grub_phys_addr_t max_addr,
+ grub_size_t size, grub_size_t align,
+ int preference)
+{
+ grub_addr_t min_addr2 = 0, max_addr2;
+ struct grub_relocator_chunk *chunk;
+
+ if (max_addr > ~size)
+ max_addr = ~size;
+
+#ifdef GRUB_MACHINE_PCBIOS
+ if (min_addr < 0x1000)
+ min_addr = 0x1000;
+#endif
+
+ grub_dprintf ("relocator", "chunks = %p\n", rel->chunks);
+
+ chunk = grub_malloc (sizeof (struct grub_relocator_chunk));
+ if (!chunk)
+ return grub_errno;
+
+ if (malloc_in_range (rel, min_addr, max_addr, align,
+ size, chunk,
+ preference != GRUB_RELOCATOR_PREFERENCE_HIGH, 1))
+ {
+ grub_dprintf ("relocator", "allocated 0x%llx/0x%llx\n",
+ (unsigned long long) chunk->src,
+ (unsigned long long) chunk->src);
+ grub_dprintf ("relocator", "chunks = %p\n", rel->chunks);
+ chunk->target = chunk->src;
+ chunk->size = size;
+ chunk->next = rel->chunks;
+ rel->chunks = chunk;
+ chunk->srcv = grub_map_memory (chunk->src, chunk->size);
+ *out = chunk;
+ return GRUB_ERR_NONE;
+ }
+
+ adjust_limits (rel, &min_addr2, &max_addr2, min_addr, max_addr);
+ grub_dprintf ("relocator", "Adjusted limits from %lx-%lx to %lx-%lx\n",
+ (unsigned long) min_addr, (unsigned long) max_addr,
+ (unsigned long) min_addr2, (unsigned long) max_addr2);
+
+ do
+ {
+ if (malloc_in_range (rel, min_addr2, max_addr2, align,
+ size, chunk, 1, 1))
+ break;
+
+ if (malloc_in_range (rel, rel->highestnonpostaddr, ~(grub_addr_t)0, 1,
+ size, chunk, 0, 1))
+ {
+ if (rel->postchunks > chunk->src)
+ rel->postchunks = chunk->src;
+ break;
+ }
+
+ return grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of memory");
+ }
+ while (0);
+
+ {
+ int found = 0;
+ auto int NESTED_FUNC_ATTR hook (grub_uint64_t, grub_uint64_t,
+ grub_memory_type_t);
+ int NESTED_FUNC_ATTR hook (grub_uint64_t addr, grub_uint64_t sz,
+ grub_memory_type_t type)
+ {
+ grub_uint64_t candidate;
+ if (type != GRUB_MEMORY_AVAILABLE)
+ return 0;
+ candidate = ALIGN_UP (addr, align);
+ if (candidate < min_addr)
+ candidate = ALIGN_UP (min_addr, align);
+ if (candidate + size > addr + sz
+ || candidate > ALIGN_DOWN (max_addr, align))
+ return 0;
+ if (preference == GRUB_RELOCATOR_PREFERENCE_HIGH)
+ candidate = ALIGN_DOWN (min (addr + sz - size, max_addr), align);
+ if (!found || (preference == GRUB_RELOCATOR_PREFERENCE_HIGH
+ && candidate > chunk->target))
+ chunk->target = candidate;
+ if (!found || (preference == GRUB_RELOCATOR_PREFERENCE_LOW
+ && candidate < chunk->target))
+ chunk->target = candidate;
+ found = 1;
+ return 0;
+ }
+
+ grub_machine_mmap_iterate (hook);
+ if (!found)
+ return grub_error (GRUB_ERR_BAD_OS, "couldn't find suitable memory target");
+ }
+ while (1)
+ {
+ struct grub_relocator_chunk *chunk2;
+ for (chunk2 = rel->chunks; chunk2; chunk2 = chunk2->next)
+ if ((chunk2->target <= chunk->target
+ && chunk->target < chunk2->target + chunk2->size)
+ || (chunk2->target <= chunk->target + size
+ && chunk->target + size < chunk2->target + chunk2->size)
+ || (chunk->target <= chunk2->target && chunk2->target
+ < chunk->target + size)
+ || (chunk->target <= chunk2->target + chunk2->size
+ && chunk2->target + chunk2->size < chunk->target + size))
+ {
+ if (preference == GRUB_RELOCATOR_PREFERENCE_HIGH)
+ chunk->target = ALIGN_DOWN (chunk2->target, align);
+ else
+ chunk->target = ALIGN_UP (chunk2->target + chunk2->size, align);
+ break;
+ }
+ if (!chunk2)
+ break;
+ }
+
+ grub_dprintf ("relocator", "relocators_size=%ld\n",
+ (unsigned long) rel->relocators_size);
+
+ if (chunk->src < chunk->target)
+ rel->relocators_size += grub_relocator_backward_size;
+ if (chunk->src > chunk->target)
+ rel->relocators_size += grub_relocator_forward_size;
+
+ grub_dprintf ("relocator", "relocators_size=%ld\n",
+ (unsigned long) rel->relocators_size);
+
+ chunk->size = size;
+ chunk->next = rel->chunks;
+ rel->chunks = chunk;
+ grub_dprintf ("relocator", "cur = %p, next = %p\n", rel->chunks,
+ rel->chunks->next);
+ chunk->srcv = grub_map_memory (chunk->src, chunk->size);
+ *out = chunk;
+#ifdef DEBUG_RELOCATOR
+ grub_memset (chunk->srcv, 0xfa, chunk->size);
+ grub_mm_check ();
+#endif
+ return GRUB_ERR_NONE;
+}
+
+void
+grub_relocator_unload (struct grub_relocator *rel)
+{
+ struct grub_relocator_chunk *chunk, *next;
+ if (!rel)
+ return;
+ for (chunk = rel->chunks; chunk; chunk = next)
+ {
+ unsigned i;
+ for (i = 0; i < chunk->nsubchunks; i++)
+ free_subchunk (&chunk->subchunks[i]);
+ grub_unmap_memory (chunk->srcv, chunk->size);
+ next = chunk->next;
+ grub_free (chunk->subchunks);
+ grub_free (chunk);
+ }
+ grub_free (rel);
+}
+
+grub_err_t
+grub_relocator_prepare_relocs (struct grub_relocator *rel, grub_addr_t addr,
+ void **relstart, grub_size_t *relsize)
+{
+ grub_uint8_t *rels;
+ grub_uint8_t *rels0;
+ struct grub_relocator_chunk *sorted;
+ grub_size_t nchunks = 0;
+ unsigned j;
+ struct grub_relocator_chunk movers_chunk;
+
+ grub_dprintf ("relocator", "Preparing relocs (size=%ld)\n",
+ (unsigned long) rel->relocators_size);
+
+ if (!malloc_in_range (rel, 0, ~(grub_addr_t)0 - rel->relocators_size + 1,
+ grub_relocator_align,
+ rel->relocators_size, &movers_chunk, 1, 1))
+ return grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of memory");
+ movers_chunk.srcv = rels = rels0
+ = grub_map_memory (movers_chunk.src, movers_chunk.size);
+
+ if (relsize)
+ *relsize = rel->relocators_size;
+
+ grub_dprintf ("relocator", "Relocs allocated at %p\n", movers_chunk.srcv);
+
+ {
+ unsigned i;
+ grub_size_t count[257];
+ struct grub_relocator_chunk *from, *to, *tmp;
+
+ grub_memset (count, 0, sizeof (count));
+
+ {
+ struct grub_relocator_chunk *chunk;
+ for (chunk = rel->chunks; chunk; chunk = chunk->next)
+ {
+ grub_dprintf ("relocator", "chunk %p->%p, 0x%lx\n",
+ (void *) chunk->src, (void *) chunk->target,
+ (unsigned long) chunk->size);
+ nchunks++;
+ count[(chunk->src & 0xff) + 1]++;
+ }
+ }
+ from = grub_malloc (nchunks * sizeof (sorted[0]));
+ to = grub_malloc (nchunks * sizeof (sorted[0]));
+ if (!from || !to)
+ {
+ grub_free (from);
+ grub_free (to);
+ return grub_errno;
+ }
+
+ for (j = 0; j < 256; j++)
+ count[j+1] += count[j];
+
+ {
+ struct grub_relocator_chunk *chunk;
+ for (chunk = rel->chunks; chunk; chunk = chunk->next)
+ from[count[chunk->src & 0xff]++] = *chunk;
+ }
+
+ for (i = 1; i < GRUB_CPU_SIZEOF_VOID_P; i++)
+ {
+ grub_memset (count, 0, sizeof (count));
+ for (j = 0; j < nchunks; j++)
+ count[((from[j].src >> (8 * i)) & 0xff) + 1]++;
+ for (j = 0; j < 256; j++)
+ count[j+1] += count[j];
+ for (j = 0; j < nchunks; j++)
+ to[count[(from[j].src >> (8 * i)) & 0xff]++] = from[j];
+ tmp = to;
+ to = from;
+ from = tmp;
+ }
+ sorted = from;
+ grub_free (to);
+ }
+
+ for (j = 0; j < nchunks; j++)
+ {
+ grub_dprintf ("relocator", "sorted chunk %p->%p, 0x%lx\n",
+ (void *) sorted[j].src, (void *) sorted[j].target,
+ (unsigned long) sorted[j].size);
+ if (sorted[j].src < sorted[j].target)
+ {
+ grub_cpu_relocator_backward ((void *) rels,
+ sorted[j].srcv,
+ grub_map_memory (sorted[j].target,
+ sorted[j].size),
+ sorted[j].size);
+ rels += grub_relocator_backward_size;
+ }
+ if (sorted[j].src > sorted[j].target)
+ {
+ grub_cpu_relocator_forward ((void *) rels,
+ sorted[j].srcv,
+ grub_map_memory (sorted[j].target,
+ sorted[j].size),
+ sorted[j].size);
+ rels += grub_relocator_forward_size;
+ }
+ if (sorted[j].src == sorted[j].target)
+ grub_arch_sync_caches (sorted[j].srcv, sorted[j].size);
+ }
+ grub_cpu_relocator_jumper ((void *) rels, (grub_addr_t) addr);
+ *relstart = rels0;
+ grub_free (sorted);
+ return GRUB_ERR_NONE;
+}
+
+void
+grub_mm_check_real (char *file, int line)
+{
+ grub_mm_region_t r;
+ grub_mm_header_t p, pa;
+
+ for (r = grub_mm_base; r; r = r->next)
+ {
+ pa = r->first;
+ p = pa->next;
+ if (p->magic == GRUB_MM_ALLOC_MAGIC)
+ continue;
+ do
+ {
+ if ((grub_addr_t) p < (grub_addr_t) (r + 1)
+ || (grub_addr_t) p >= (grub_addr_t) (r + 1) + r->size)
+ grub_fatal ("%s:%d: out of range pointer: %p\n", file, line, p);
+ if (p->magic != GRUB_MM_FREE_MAGIC)
+ grub_fatal ("%s:%d free magic broken at %p (0x%x)\n", file,
+ line, p, p->magic);
+ pa = p;
+ p = pa->next;
+ }
+ while (pa != r->first);
+ }
+}
diff --git a/grub-core/lib/setjmp.S b/grub-core/lib/setjmp.S
new file mode 100644
index 0000000..c39c91b
--- /dev/null
+++ b/grub-core/lib/setjmp.S
@@ -0,0 +1,13 @@
+#if defined(__i386__)
+#include "./i386/setjmp.S"
+#elif defined(__x86_64__)
+#include "./x86_64/setjmp.S"
+#elif defined(__sparc__)
+#include "./sparc64/setjmp.S"
+#elif defined(__mips__)
+#include "./mips/setjmp.S"
+#elif defined(__powerpc__)
+#include "./powerpc/setjmp.S"
+#else
+#error "Unknwon target cpu type"
+#endif
diff --git a/grub-core/lib/sparc64/setjmp.S b/grub-core/lib/sparc64/setjmp.S
new file mode 100644
index 0000000..5c2ec2c
--- /dev/null
+++ b/grub-core/lib/sparc64/setjmp.S
@@ -0,0 +1,50 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2005,2007,2009 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/symbol.h>
+#include <grub/dl.h>
+
+ .file "setjmp.S"
+
+GRUB_MOD_LICENSE ("GPLv3+")
+
+ .text
+
+/*
+ * int grub_setjmp (grub_jmp_buf env)
+ */
+FUNCTION(grub_setjmp)
+ stx %o7, [%o0 + 0x00]
+ stx %sp, [%o0 + 0x08]
+ stx %fp, [%o0 + 0x10]
+ retl
+ clr %o0
+
+/*
+ * int grub_longjmp (grub_jmp_buf env, int val)
+ */
+FUNCTION(grub_longjmp)
+ ldx [%o0 + 0x10], %g1
+ movrz %o1, 1, %o1
+ flushw
+ ldx [%o0 + 0x00], %o7
+ ldx [%o0 + 0x08], %fp
+ sub %fp, 192, %sp
+ stx %g1, [%sp + 2047 + (14 * 8)]
+ retl
+ restore %o1, 0, %o0
diff --git a/grub-core/lib/x86_64/relocator_asm.S b/grub-core/lib/x86_64/relocator_asm.S
new file mode 100644
index 0000000..2ab6d8c
--- /dev/null
+++ b/grub-core/lib/x86_64/relocator_asm.S
@@ -0,0 +1,85 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2009 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/symbol.h>
+#include <grub/i386/memory.h>
+
+ .p2align 2
+
+VARIABLE(grub_relocator_backward_start)
+ /* mov imm32, %rax */
+ .byte 0x48
+ .byte 0xb8
+VARIABLE(grub_relocator_backward_dest)
+ .long 0, 0
+ movq %rax, %rdi
+
+ /* mov imm64, %rax */
+ .byte 0x48
+ .byte 0xb8
+VARIABLE(grub_relocator_backward_src)
+ .long 0, 0
+ movq %rax, %rsi
+
+ /* mov imm64, %rcx */
+ .byte 0x48
+ .byte 0xb9
+VARIABLE(grub_relocator_backward_chunk_size)
+ .long 0, 0
+
+ add %rcx, %rsi
+ add %rcx, %rdi
+
+ /* Backward movsb is implicitly off-by-one. compensate that. */
+ sub $1, %rsi
+ sub $1, %rdi
+
+ /* Backward copy. */
+ std
+
+ rep
+ movsb
+VARIABLE(grub_relocator_backward_end)
+
+
+VARIABLE(grub_relocator_forward_start)
+ /* mov imm64, %rax */
+ .byte 0x48
+ .byte 0xb8
+VARIABLE(grub_relocator_forward_dest)
+ .long 0, 0
+ movq %rax, %rdi
+
+ /* mov imm64, %rax */
+ .byte 0x48
+ .byte 0xb8
+VARIABLE(grub_relocator_forward_src)
+ .long 0, 0
+ movq %rax, %rsi
+
+ /* mov imm64, %rcx */
+ .byte 0x48
+ .byte 0xb9
+VARIABLE(grub_relocator_forward_chunk_size)
+ .long 0, 0
+
+ /* Forward copy. */
+ cld
+ rep
+ movsb
+VARIABLE(grub_relocator_forward_end)
diff --git a/grub-core/lib/x86_64/setjmp.S b/grub-core/lib/x86_64/setjmp.S
new file mode 100644
index 0000000..b1f1b22
--- /dev/null
+++ b/grub-core/lib/x86_64/setjmp.S
@@ -0,0 +1,68 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2003,2007 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <grub/symbol.h>
+#include <grub/dl.h>
+
+ .file "setjmp.S"
+
+GRUB_MOD_LICENSE ("GPLv3+")
+
+ .text
+
+/*
+ * jmp_buf:
+ * rbx rsp rbp r12 r13 r14 r15 rip
+ * 0 8 16 24 32 40 48 56
+ */
+
+/*
+ * int grub_setjmp (grub_jmp_buf env)
+ */
+FUNCTION(grub_setjmp)
+ pop %rsi /* Return address, and adjust the stack */
+ xorq %rax, %rax
+ movq %rbx, 0(%rdi) /* RBX */
+ movq %rsp, 8(%rdi) /* RSP */
+ push %rsi
+ movq %rbp, 16(%rdi) /* RBP */
+ movq %r12, 24(%rdi) /* R12 */
+ movq %r13, 32(%rdi) /* R13 */
+ movq %r14, 40(%rdi) /* R14 */
+ movq %r15, 48(%rdi) /* R15 */
+ movq %rsi, 56(%rdi) /* RSI */
+ ret
+
+/*
+ * int grub_longjmp (grub_jmp_buf env, int val)
+ */
+FUNCTION(grub_longjmp)
+ movl %esi, %eax
+ orl %eax, %eax
+ jnz 1f
+ incl %eax
+1:
+
+ movq (%rdi), %rbx
+ movq 8(%rdi), %rsp
+ movq 16(%rdi), %rbp
+ movq 24(%rdi), %r12
+ movq 32(%rdi), %r13
+ movq 40(%rdi), %r14
+ movq 48(%rdi), %r15
+ jmp *56(%rdi)
diff --git a/grub-core/lib/xzembed/xz.h b/grub-core/lib/xzembed/xz.h
new file mode 100644
index 0000000..f0a7dbb
--- /dev/null
+++ b/grub-core/lib/xzembed/xz.h
@@ -0,0 +1,180 @@
+/* xz.h - XZ decompressor */
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2010 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+/*
+ * This file is based on code from XZ embedded project
+ * http://tukaani.org/xz/embedded.html
+ */
+
+#ifndef XZ_H
+#define XZ_H
+
+#include <stdint.h>
+
+/**
+ * enum xz_ret - Return codes
+ * @XZ_OK: Everything is OK so far. More input or more output
+ * space is required to continue.
+ * @XZ_STREAM_END: Operation finished successfully.
+ * @XZ_MEMLIMIT_ERROR: Not enough memory was preallocated at decoder
+ * initialization time.
+ * @XZ_FORMAT_ERROR: File format was not recognized (wrong magic bytes).
+ * @XZ_OPTIONS_ERROR: This implementation doesn't support the requested
+ * compression options. In the decoder this means that
+ * the header CRC32 matches, but the header itself
+ * specifies something that we don't support.
+ * @XZ_DATA_ERROR: Compressed data is corrupt.
+ * @XZ_BUF_ERROR: Cannot make any progress. Details are slightly
+ * different between multi-call and single-call mode;
+ * more information below.
+ *
+ * In multi-call mode, XZ_BUF_ERROR is returned when two consecutive calls
+ * to XZ code cannot consume any input and cannot produce any new output.
+ * This happens when there is no new input available, or the output buffer
+ * is full while at least one output byte is still pending. Assuming your
+ * code is not buggy, you can get this error only when decoding a compressed
+ * stream that is truncated or otherwise corrupt.
+ *
+ * In single-call mode, XZ_BUF_ERROR is returned only when the output buffer
+ * is too small, or the compressed input is corrupt in a way that makes the
+ * decoder produce more output than the caller expected. When it is
+ * (relatively) clear that the compressed input is truncated, XZ_DATA_ERROR
+ * is used instead of XZ_BUF_ERROR.
+ */
+enum xz_ret {
+ XZ_OK,
+ XZ_STREAM_END,
+ XZ_MEMLIMIT_ERROR,
+ XZ_FORMAT_ERROR,
+ XZ_OPTIONS_ERROR,
+ XZ_DATA_ERROR,
+ XZ_BUF_ERROR
+};
+
+/**
+ * struct xz_buf - Passing input and output buffers to XZ code
+ * @in: Beginning of the input buffer. This may be NULL if and only
+ * if in_pos is equal to in_size.
+ * @in_pos: Current position in the input buffer. This must not exceed
+ * in_size.
+ * @in_size: Size of the input buffer
+ * @out: Beginning of the output buffer. This may be NULL if and only
+ * if out_pos is equal to out_size.
+ * @out_pos: Current position in the output buffer. This must not exceed
+ * out_size.
+ * @out_size: Size of the output buffer
+ *
+ * Only the contents of the output buffer from out[out_pos] onward, and
+ * the variables in_pos and out_pos are modified by the XZ code.
+ */
+struct xz_buf {
+ const uint8_t *in;
+ size_t in_pos;
+ size_t in_size;
+
+ uint8_t *out;
+ size_t out_pos;
+ size_t out_size;
+};
+
+/**
+ * struct xz_dec - Opaque type to hold the XZ decoder state
+ */
+struct xz_dec;
+
+/**
+ * xz_dec_init() - Allocate and initialize a XZ decoder state
+ * @dict_max: Maximum size of the LZMA2 dictionary (history buffer) for
+ * multi-call decoding, or special value of zero to indicate
+ * single-call decoding mode.
+ *
+ * If dict_max > 0, the decoder is initialized to work in multi-call mode.
+ * dict_max number of bytes of memory is preallocated for the LZMA2
+ * dictionary. This way there is no risk that xz_dec_run() could run out
+ * of memory, since xz_dec_run() will never allocate any memory. Instead,
+ * if the preallocated dictionary is too small for decoding the given input
+ * stream, xz_dec_run() will return XZ_MEMLIMIT_ERROR. Thus, it is important
+ * to know what kind of data will be decoded to avoid allocating excessive
+ * amount of memory for the dictionary.
+ *
+ * LZMA2 dictionary is always 2^n bytes or 2^n + 2^(n-1) bytes (the latter
+ * sizes are less common in practice). In the kernel, dictionary sizes of
+ * 64 KiB, 128 KiB, 256 KiB, 512 KiB, and 1 MiB are probably the only
+ * reasonable values.
+ *
+ * If dict_max == 0, the decoder is initialized to work in single-call mode.
+ * In single-call mode, xz_dec_run() decodes the whole stream at once. The
+ * caller must provide enough output space or the decoding will fail. The
+ * output space is used as the dictionary buffer, which is why there is
+ * no need to allocate the dictionary as part of the decoder's internal
+ * state.
+ *
+ * Because the output buffer is used as the workspace, streams encoded using
+ * a big dictionary are not a problem in single-call. It is enough that the
+ * output buffer is is big enough to hold the actual uncompressed data; it
+ * can be smaller than the dictionary size stored in the stream headers.
+ *
+ * On success, xz_dec_init() returns a pointer to struct xz_dec, which is
+ * ready to be used with xz_dec_run(). On error, xz_dec_init() returns NULL.
+ */
+struct xz_dec * xz_dec_init(uint32_t dict_max);
+
+/**
+ * xz_dec_run() - Run the XZ decoder
+ * @s: Decoder state allocated using xz_dec_init()
+ * @b: Input and output buffers
+ *
+ * In multi-call mode, this function may return any of the values listed in
+ * enum xz_ret.
+ *
+ * In single-call mode, this function never returns XZ_OK. If an error occurs
+ * in single-call mode (return value is not XZ_STREAM_END), b->in_pos and
+ * b->out_pos are not modified, and the contents of the output buffer from
+ * b->out[b->out_pos] onward are undefined.
+ *
+ * NOTE: In single-call mode, the contents of the output buffer are undefined
+ * also after XZ_BUF_ERROR. This is because with some filter chains, there
+ * may be a second pass over the output buffer, and this pass cannot be
+ * properly done if the output buffer is truncated. Thus, you cannot give
+ * the single-call decoder a too small buffer and then expect to get that
+ * amount valid data from the beginning of the stream. You must use the
+ * multi-call decoder if you don't want to uncompress the whole stream.
+ */
+enum xz_ret xz_dec_run(struct xz_dec *s, struct xz_buf *b);
+
+/**
+ * xz_dec_reset() - Reset an already allocated decoder state
+ * @s: Decoder state allocated using xz_dec_init()
+ *
+ * This function can be used to reset the multi-call decoder state without
+ * freeing and reallocating memory with xz_dec_end() and xz_dec_init().
+ *
+ * In single-call mode, xz_dec_reset() is always called in the beginning of
+ * xz_dec_run(). Thus, explicit call to xz_dec_reset() is useful only in
+ * multi-call mode.
+ */
+void xz_dec_reset(struct xz_dec *s);
+
+/**
+ * xz_dec_end() - Free the memory allocated for the decoder state
+ * @s: Decoder state allocated using xz_dec_init(). If s is NULL,
+ * this function does nothing.
+ */
+void xz_dec_end(struct xz_dec *s);
+
+#endif
diff --git a/grub-core/lib/xzembed/xz_config.h b/grub-core/lib/xzembed/xz_config.h
new file mode 100644
index 0000000..0af0d2b
--- /dev/null
+++ b/grub-core/lib/xzembed/xz_config.h
@@ -0,0 +1,141 @@
+/* xz_config.h - Private includes and definitions for userspace use */
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2010 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+/*
+ * This file is based on code from XZ embedded project
+ * http://tukaani.org/xz/embedded.html
+ */
+
+#ifndef XZ_CONFIG_H
+#define XZ_CONFIG_H
+
+/* Enable BCJ filter decoders. */
+
+#if defined(__i386__) || defined(__x86_64__)
+ #define XZ_DEC_X86
+#endif
+
+#ifdef __powerpc__
+ #define XZ_DEC_POWERPC
+#endif
+
+#ifdef __ia64__
+ #define XZ_DEC_IA64
+#endif
+
+#ifdef __arm__
+ #define XZ_DEC_ARM
+#endif
+
+#ifdef __thumb__
+ #define XZ_DEC_ARMTHUMB
+#endif
+
+#ifdef __sparc__
+ #define XZ_DEC_SPARC
+#endif
+
+
+#include "xz.h"
+#include <stdlib.h>
+
+#define kmalloc(size, flags) malloc(size)
+#define kfree(ptr) free(ptr)
+#define vmalloc(size) malloc(size)
+#define vfree(ptr) free(ptr)
+
+#define memeq(a, b, size) (memcmp(a, b, size) == 0)
+#define memzero(buf, size) memset(buf, 0, size)
+
+#define min(x, y) ((x) < (y) ? (x) : (y))
+#define min_t(type, x, y) min(x, y)
+
+/*
+ * Some functions have been marked with __always_inline to keep the
+ * performance reasonable even when the compiler is optimizing for
+ * small code size. You may be able to save a few bytes by #defining
+ * __always_inline to plain inline, but don't complain if the code
+ * becomes slow.
+ *
+ * NOTE: System headers on GNU/Linux may #define this macro already,
+ * so if you want to change it, it you need to #undef it first.
+ */
+#ifndef __always_inline
+# ifdef __GNUC__
+# define __always_inline \
+ inline __attribute__((__always_inline__))
+# else
+# define __always_inline inline
+# endif
+#endif
+
+/*
+ * Some functions are marked to never be inlined to reduce stack usage.
+ * If you don't care about stack usage, you may want to modify this so
+ * that noinline_for_stack is #defined to be empty even when using GCC.
+ * Doing so may save a few bytes in binary size.
+ */
+#ifndef noinline_for_stack
+# ifdef __GNUC__
+# define noinline_for_stack __attribute__((__noinline__))
+# else
+# define noinline_for_stack
+# endif
+#endif
+
+/* Inline functions to access unaligned unsigned 32-bit integers */
+static inline uint32_t get_unaligned_le32(const uint8_t *buf)
+{
+ return (uint32_t)buf[0]
+ | ((uint32_t)buf[1] << 8)
+ | ((uint32_t)buf[2] << 16)
+ | ((uint32_t)buf[3] << 24);
+}
+
+static inline uint32_t get_unaligned_be32(const uint8_t *buf)
+{
+ return (uint32_t)(buf[0] << 24)
+ | ((uint32_t)buf[1] << 16)
+ | ((uint32_t)buf[2] << 8)
+ | (uint32_t)buf[3];
+}
+
+static inline void put_unaligned_le32(uint32_t val, uint8_t *buf)
+{
+ buf[0] = (uint8_t)val;
+ buf[1] = (uint8_t)(val >> 8);
+ buf[2] = (uint8_t)(val >> 16);
+ buf[3] = (uint8_t)(val >> 24);
+}
+
+static inline void put_unaligned_be32(uint32_t val, uint8_t *buf)
+{
+ buf[0] = (uint8_t)(val >> 24);
+ buf[1] = (uint8_t)(val >> 16);
+ buf[2] = (uint8_t)(val >> 8);
+ buf[3] = (uint8_t)val;
+}
+
+/*
+ * Use get_unaligned_le32() also for aligned access for simplicity. On
+ * little endian systems, #define get_le32(ptr) (*(const uint32_t *)(ptr))
+ * could save a few bytes in code size.
+ */
+#define get_le32 get_unaligned_le32
+
+#endif
diff --git a/grub-core/lib/xzembed/xz_dec_bcj.c b/grub-core/lib/xzembed/xz_dec_bcj.c
new file mode 100644
index 0000000..f517b0a
--- /dev/null
+++ b/grub-core/lib/xzembed/xz_dec_bcj.c
@@ -0,0 +1,578 @@
+/* xz_dec_bcj.c - Branch/Call/Jump (BCJ) filter decoders */
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2010 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+/*
+ * This file is based on code from XZ embedded project
+ * http://tukaani.org/xz/embedded.html
+ */
+
+#include "xz_private.h"
+
+struct xz_dec_bcj {
+ /* Type of the BCJ filter being used */
+ enum {
+ BCJ_X86 = 4, /* x86 or x86-64 */
+ BCJ_POWERPC = 5, /* Big endian only */
+ BCJ_IA64 = 6, /* Big or little endian */
+ BCJ_ARM = 7, /* Little endian only */
+ BCJ_ARMTHUMB = 8, /* Little endian only */
+ BCJ_SPARC = 9 /* Big or little endian */
+ } type;
+
+ /*
+ * Return value of the next filter in the chain. We need to preserve
+ * this information across calls, because we must not call the next
+ * filter anymore once it has returned XZ_STREAM_END.
+ */
+ enum xz_ret ret;
+
+ /* True if we are operating in single-call mode. */
+ bool single_call;
+
+ /*
+ * Absolute position relative to the beginning of the uncompressed
+ * data (in a single .xz Block). We care only about the lowest 32
+ * bits so this doesn't need to be uint64_t even with big files.
+ */
+ uint32_t pos;
+
+ /* x86 filter state */
+ uint32_t x86_prev_mask;
+
+ /* Temporary space to hold the variables from struct xz_buf */
+ uint8_t *out;
+ size_t out_pos;
+ size_t out_size;
+
+ struct {
+ /* Amount of already filtered data in the beginning of buf */
+ size_t filtered;
+
+ /* Total amount of data currently stored in buf */
+ size_t size;
+
+ /*
+ * Buffer to hold a mix of filtered and unfiltered data. This
+ * needs to be big enough to hold Alignment + 2 * Look-ahead:
+ *
+ * Type Alignment Look-ahead
+ * x86 1 4
+ * PowerPC 4 0
+ * IA-64 16 0
+ * ARM 4 0
+ * ARM-Thumb 2 2
+ * SPARC 4 0
+ */
+ uint8_t buf[16];
+ } temp;
+};
+
+#ifdef XZ_DEC_X86
+/*
+ * This is macro used to test the most significant byte of a memory address
+ * in an x86 instruction.
+ */
+#define bcj_x86_test_msbyte(b) ((b) == 0x00 || (b) == 0xFF)
+
+static noinline_for_stack size_t bcj_x86(
+ struct xz_dec_bcj *s, uint8_t *buf, size_t size)
+{
+ static const bool mask_to_allowed_status[8]
+ = { true, true, true, false, true, false, false, false };
+
+ static const uint8_t mask_to_bit_num[8] = { 0, 1, 2, 2, 3, 3, 3, 3 };
+
+ size_t i;
+ size_t prev_pos = (size_t)-1;
+ uint32_t prev_mask = s->x86_prev_mask;
+ uint32_t src;
+ uint32_t dest;
+ uint32_t j;
+ uint8_t b;
+
+ if (size <= 4)
+ return 0;
+
+ size -= 4;
+ for (i = 0; i < size; ++i) {
+ if ((buf[i] & 0xFE) != 0xE8)
+ continue;
+
+ prev_pos = i - prev_pos;
+ if (prev_pos > 3) {
+ prev_mask = 0;
+ } else {
+ prev_mask = (prev_mask << (prev_pos - 1)) & 7;
+ if (prev_mask != 0) {
+ b = buf[i + 4 - mask_to_bit_num[prev_mask]];
+ if (!mask_to_allowed_status[prev_mask]
+ || bcj_x86_test_msbyte(b)) {
+ prev_pos = i;
+ prev_mask = (prev_mask << 1) | 1;
+ continue;
+ }
+ }
+ }
+
+ prev_pos = i;
+
+ if (bcj_x86_test_msbyte(buf[i + 4])) {
+ src = get_unaligned_le32(buf + i + 1);
+ while (true) {
+ dest = src - (s->pos + (uint32_t)i + 5);
+ if (prev_mask == 0)
+ break;
+
+ j = mask_to_bit_num[prev_mask] * 8;
+ b = (uint8_t)(dest >> (24 - j));
+ if (!bcj_x86_test_msbyte(b))
+ break;
+
+ src = dest ^ (((uint32_t)1 << (32 - j)) - 1);
+ }
+
+ dest &= 0x01FFFFFF;
+ dest |= (uint32_t)0 - (dest & 0x01000000);
+ put_unaligned_le32(dest, buf + i + 1);
+ i += 4;
+ } else {
+ prev_mask = (prev_mask << 1) | 1;
+ }
+ }
+
+ prev_pos = i - prev_pos;
+ s->x86_prev_mask = prev_pos > 3 ? 0 : prev_mask << (prev_pos - 1);
+ return i;
+}
+#endif
+
+#ifdef XZ_DEC_POWERPC
+static noinline_for_stack size_t bcj_powerpc(
+ struct xz_dec_bcj *s, uint8_t *buf, size_t size)
+{
+ size_t i;
+ uint32_t instr;
+
+ for (i = 0; i + 4 <= size; i += 4) {
+ instr = get_unaligned_be32(buf + i);
+ if ((instr & 0xFC000003) == 0x48000001) {
+ instr &= 0x03FFFFFC;
+ instr -= s->pos + (uint32_t)i;
+ instr &= 0x03FFFFFC;
+ instr |= 0x48000001;
+ put_unaligned_be32(instr, buf + i);
+ }
+ }
+
+ return i;
+}
+#endif
+
+#ifdef XZ_DEC_IA64
+static noinline_for_stack size_t bcj_ia64(
+ struct xz_dec_bcj *s, uint8_t *buf, size_t size)
+{
+ static const uint8_t branch_table[32] = {
+ 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0,
+ 4, 4, 6, 6, 0, 0, 7, 7,
+ 4, 4, 0, 0, 4, 4, 0, 0
+ };
+
+ /*
+ * The local variables take a little bit stack space, but it's less
+ * than what LZMA2 decoder takes, so it doesn't make sense to reduce
+ * stack usage here without doing that for the LZMA2 decoder too.
+ */
+
+ /* Loop counters */
+ size_t i;
+ size_t j;
+
+ /* Instruction slot (0, 1, or 2) in the 128-bit instruction word */
+ uint32_t slot;
+
+ /* Bitwise offset of the instruction indicated by slot */
+ uint32_t bit_pos;
+
+ /* bit_pos split into byte and bit parts */
+ uint32_t byte_pos;
+ uint32_t bit_res;
+
+ /* Address part of an instruction */
+ uint32_t addr;
+
+ /* Mask used to detect which instructions to convert */
+ uint32_t mask;
+
+ /* 41-bit instruction stored somewhere in the lowest 48 bits */
+ uint64_t instr;
+
+ /* Instruction normalized with bit_res for easier manipulation */
+ uint64_t norm;
+
+ for (i = 0; i + 16 <= size; i += 16) {
+ mask = branch_table[buf[i] & 0x1F];
+ for (slot = 0, bit_pos = 5; slot < 3; ++slot, bit_pos += 41) {
+ if (((mask >> slot) & 1) == 0)
+ continue;
+
+ byte_pos = bit_pos >> 3;
+ bit_res = bit_pos & 7;
+ instr = 0;
+ for (j = 0; j < 6; ++j)
+ instr |= (uint64_t)(buf[i + j + byte_pos])
+ << (8 * j);
+
+ norm = instr >> bit_res;
+
+ if (((norm >> 37) & 0x0F) == 0x05
+ && ((norm >> 9) & 0x07) == 0) {
+ addr = (norm >> 13) & 0x0FFFFF;
+ addr |= ((uint32_t)(norm >> 36) & 1) << 20;
+ addr <<= 4;
+ addr -= s->pos + (uint32_t)i;
+ addr >>= 4;
+
+ norm &= ~((uint64_t)0x8FFFFF << 13);
+ norm |= (uint64_t)(addr & 0x0FFFFF) << 13;
+ norm |= (uint64_t)(addr & 0x100000)
+ << (36 - 20);
+
+ instr &= (1 << bit_res) - 1;
+ instr |= norm << bit_res;
+
+ for (j = 0; j < 6; j++)
+ buf[i + j + byte_pos]
+ = (uint8_t)(instr >> (8 * j));
+ }
+ }
+ }
+
+ return i;
+}
+#endif
+
+#ifdef XZ_DEC_ARM
+static noinline_for_stack size_t bcj_arm(
+ struct xz_dec_bcj *s, uint8_t *buf, size_t size)
+{
+ size_t i;
+ uint32_t addr;
+
+ for (i = 0; i + 4 <= size; i += 4) {
+ if (buf[i + 3] == 0xEB) {
+ addr = (uint32_t)buf[i] | ((uint32_t)buf[i + 1] << 8)
+ | ((uint32_t)buf[i + 2] << 16);
+ addr <<= 2;
+ addr -= s->pos + (uint32_t)i + 8;
+ addr >>= 2;
+ buf[i] = (uint8_t)addr;
+ buf[i + 1] = (uint8_t)(addr >> 8);
+ buf[i + 2] = (uint8_t)(addr >> 16);
+ }
+ }
+
+ return i;
+}
+#endif
+
+#ifdef XZ_DEC_ARMTHUMB
+static noinline_for_stack size_t bcj_armthumb(
+ struct xz_dec_bcj *s, uint8_t *buf, size_t size)
+{
+ size_t i;
+ uint32_t addr;
+
+ for (i = 0; i + 4 <= size; i += 2) {
+ if ((buf[i + 1] & 0xF8) == 0xF0
+ && (buf[i + 3] & 0xF8) == 0xF8) {
+ addr = (((uint32_t)buf[i + 1] & 0x07) << 19)
+ | ((uint32_t)buf[i] << 11)
+ | (((uint32_t)buf[i + 3] & 0x07) << 8)
+ | (uint32_t)buf[i + 2];
+ addr <<= 1;
+ addr -= s->pos + (uint32_t)i + 4;
+ addr >>= 1;
+ buf[i + 1] = (uint8_t)(0xF0 | ((addr >> 19) & 0x07));
+ buf[i] = (uint8_t)(addr >> 11);
+ buf[i + 3] = (uint8_t)(0xF8 | ((addr >> 8) & 0x07));
+ buf[i + 2] = (uint8_t)addr;
+ i += 2;
+ }
+ }
+
+ return i;
+}
+#endif
+
+#ifdef XZ_DEC_SPARC
+static noinline_for_stack size_t bcj_sparc(
+ struct xz_dec_bcj *s, uint8_t *buf, size_t size)
+{
+ size_t i;
+ uint32_t instr;
+
+ for (i = 0; i + 4 <= size; i += 4) {
+ instr = get_unaligned_be32(buf + i);
+ if ((instr >> 22) == 0x100 || (instr >> 22) == 0x1FF) {
+ instr <<= 2;
+ instr -= s->pos + (uint32_t)i;
+ instr >>= 2;
+ instr = ((uint32_t)0x40000000 - (instr & 0x400000))
+ | 0x40000000 | (instr & 0x3FFFFF);
+ put_unaligned_be32(instr, buf + i);
+ }
+ }
+
+ return i;
+}
+#endif
+
+/*
+ * Apply the selected BCJ filter. Update *pos and s->pos to match the amount
+ * of data that got filtered.
+ *
+ * NOTE: This is implemented as a switch statement to avoid using function
+ * pointers, which could be problematic in the kernel boot code, which must
+ * avoid pointers to static data (at least on x86).
+ */
+static void bcj_apply(struct xz_dec_bcj *s,
+ uint8_t *buf, size_t *pos, size_t size)
+{
+ size_t filtered;
+
+ buf += *pos;
+ size -= *pos;
+
+ switch (s->type) {
+#ifdef XZ_DEC_X86
+ case BCJ_X86:
+ filtered = bcj_x86(s, buf, size);
+ break;
+#endif
+#ifdef XZ_DEC_POWERPC
+ case BCJ_POWERPC:
+ filtered = bcj_powerpc(s, buf, size);
+ break;
+#endif
+#ifdef XZ_DEC_IA64
+ case BCJ_IA64:
+ filtered = bcj_ia64(s, buf, size);
+ break;
+#endif
+#ifdef XZ_DEC_ARM
+ case BCJ_ARM:
+ filtered = bcj_arm(s, buf, size);
+ break;
+#endif
+#ifdef XZ_DEC_ARMTHUMB
+ case BCJ_ARMTHUMB:
+ filtered = bcj_armthumb(s, buf, size);
+ break;
+#endif
+#ifdef XZ_DEC_SPARC
+ case BCJ_SPARC:
+ filtered = bcj_sparc(s, buf, size);
+ break;
+#endif
+ default:
+ /* Never reached but silence compiler warnings. */
+ filtered = 0;
+ break;
+ }
+
+ *pos += filtered;
+ s->pos += filtered;
+}
+
+/*
+ * Flush pending filtered data from temp to the output buffer.
+ * Move the remaining mixture of possibly filtered and unfiltered
+ * data to the beginning of temp.
+ */
+static void bcj_flush(struct xz_dec_bcj *s, struct xz_buf *b)
+{
+ size_t copy_size;
+
+ copy_size = min_t(size_t, s->temp.filtered, b->out_size - b->out_pos);
+ memcpy(b->out + b->out_pos, s->temp.buf, copy_size);
+ b->out_pos += copy_size;
+
+ s->temp.filtered -= copy_size;
+ s->temp.size -= copy_size;
+ memmove(s->temp.buf, s->temp.buf + copy_size, s->temp.size);
+}
+
+/*
+ * The BCJ filter functions are primitive in sense that they process the
+ * data in chunks of 1-16 bytes. To hide this issue, this function does
+ * some buffering.
+ */
+enum xz_ret xz_dec_bcj_run(struct xz_dec_bcj *s,
+ struct xz_dec_lzma2 *lzma2, struct xz_buf *b)
+{
+ size_t out_start;
+
+ /*
+ * Flush pending already filtered data to the output buffer. Return
+ * immediatelly if we couldn't flush everything, or if the next
+ * filter in the chain had already returned XZ_STREAM_END.
+ */
+ if (s->temp.filtered > 0) {
+ bcj_flush(s, b);
+ if (s->temp.filtered > 0)
+ return XZ_OK;
+
+ if (s->ret == XZ_STREAM_END)
+ return XZ_STREAM_END;
+ }
+
+ /*
+ * If we have more output space than what is currently pending in
+ * temp, copy the unfiltered data from temp to the output buffer
+ * and try to fill the output buffer by decoding more data from the
+ * next filter in the chain. Apply the BCJ filter on the new data
+ * in the output buffer. If everything cannot be filtered, copy it
+ * to temp and rewind the output buffer position accordingly.
+ */
+ if (s->temp.size < b->out_size - b->out_pos) {
+ out_start = b->out_pos;
+ memcpy(b->out + b->out_pos, s->temp.buf, s->temp.size);
+ b->out_pos += s->temp.size;
+
+ s->ret = xz_dec_lzma2_run(lzma2, b);
+ if (s->ret != XZ_STREAM_END
+ && (s->ret != XZ_OK || s->single_call))
+ return s->ret;
+
+ bcj_apply(s, b->out, &out_start, b->out_pos);
+
+ /*
+ * As an exception, if the next filter returned XZ_STREAM_END,
+ * we can do that too, since the last few bytes that remain
+ * unfiltered are meant to remain unfiltered.
+ */
+ if (s->ret == XZ_STREAM_END)
+ return XZ_STREAM_END;
+
+ s->temp.size = b->out_pos - out_start;
+ b->out_pos -= s->temp.size;
+ memcpy(s->temp.buf, b->out + b->out_pos, s->temp.size);
+ }
+
+ /*
+ * If we have unfiltered data in temp, try to fill by decoding more
+ * data from the next filter. Apply the BCJ filter on temp. Then we
+ * hopefully can fill the actual output buffer by copying filtered
+ * data from temp. A mix of filtered and unfiltered data may be left
+ * in temp; it will be taken care on the next call to this function.
+ */
+ if (s->temp.size > 0) {
+ /* Make b->out{,_pos,_size} temporarily point to s->temp. */
+ s->out = b->out;
+ s->out_pos = b->out_pos;
+ s->out_size = b->out_size;
+ b->out = s->temp.buf;
+ b->out_pos = s->temp.size;
+ b->out_size = sizeof(s->temp.buf);
+
+ s->ret = xz_dec_lzma2_run(lzma2, b);
+
+ s->temp.size = b->out_pos;
+ b->out = s->out;
+ b->out_pos = s->out_pos;
+ b->out_size = s->out_size;
+
+ if (s->ret != XZ_OK && s->ret != XZ_STREAM_END)
+ return s->ret;
+
+ bcj_apply(s, s->temp.buf, &s->temp.filtered, s->temp.size);
+
+ /*
+ * If the next filter returned XZ_STREAM_END, we mark that
+ * everything is filtered, since the last unfiltered bytes
+ * of the stream are meant to be left as is.
+ */
+ if (s->ret == XZ_STREAM_END)
+ s->temp.filtered = s->temp.size;
+
+ bcj_flush(s, b);
+ if (s->temp.filtered > 0)
+ return XZ_OK;
+ }
+
+ return s->ret;
+}
+
+#ifdef GRUB_EMBED_DECOMPRESSOR
+struct xz_dec_bcj bcj;
+#endif
+
+struct xz_dec_bcj * xz_dec_bcj_create(bool single_call)
+{
+ struct xz_dec_bcj *s;
+#ifdef GRUB_EMBED_DECOMPRESSOR
+ s = &bcj;
+#else
+ s = kmalloc(sizeof(*s), GFP_KERNEL);
+#endif
+ if (s != NULL)
+ s->single_call = single_call;
+
+ return s;
+}
+
+enum xz_ret xz_dec_bcj_reset(
+ struct xz_dec_bcj *s, uint8_t id)
+{
+ switch (id) {
+#ifdef XZ_DEC_X86
+ case BCJ_X86:
+#endif
+#ifdef XZ_DEC_POWERPC
+ case BCJ_POWERPC:
+#endif
+#ifdef XZ_DEC_IA64
+ case BCJ_IA64:
+#endif
+#ifdef XZ_DEC_ARM
+ case BCJ_ARM:
+#endif
+#ifdef XZ_DEC_ARMTHUMB
+ case BCJ_ARMTHUMB:
+#endif
+#ifdef XZ_DEC_SPARC
+ case BCJ_SPARC:
+#endif
+ break;
+
+ default:
+ /* Unsupported Filter ID */
+ return XZ_OPTIONS_ERROR;
+ }
+
+ s->type = id;
+ s->ret = XZ_OK;
+ s->pos = 0;
+ s->x86_prev_mask = 0;
+ s->temp.filtered = 0;
+ s->temp.size = 0;
+
+ return XZ_OK;
+}
diff --git a/grub-core/lib/xzembed/xz_dec_lzma2.c b/grub-core/lib/xzembed/xz_dec_lzma2.c
new file mode 100644
index 0000000..7899e9e
--- /dev/null
+++ b/grub-core/lib/xzembed/xz_dec_lzma2.c
@@ -0,0 +1,1182 @@
+/* xz_dec_lzma2.c - LZMA2 decoder */
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2010 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+/*
+ * This file is based on code from XZ embedded project
+ * http://tukaani.org/xz/embedded.html
+ */
+
+#include "xz_private.h"
+#include "xz_lzma2.h"
+
+/*
+ * Range decoder initialization eats the first five bytes of each LZMA chunk.
+ */
+#define RC_INIT_BYTES 5
+
+/*
+ * Minimum number of usable input buffer to safely decode one LZMA symbol.
+ * The worst case is that we decode 22 bits using probabilities and 26
+ * direct bits. This may decode at maximum of 20 bytes of input. However,
+ * lzma_main() does an extra normalization before returning, thus we
+ * need to put 21 here.
+ */
+#define LZMA_IN_REQUIRED 21
+
+/*
+ * Dictionary (history buffer)
+ *
+ * These are always true:
+ * start <= pos <= full <= end
+ * pos <= limit <= end
+ *
+ * In multi-call mode, also these are true:
+ * end == size
+ * size <= allocated
+ *
+ * Most of these variables are size_t to support single-call mode,
+ * in which the dictionary variables address the actual output
+ * buffer directly.
+ */
+struct dictionary {
+ /* Beginning of the history buffer */
+ uint8_t *buf;
+
+ /* Old position in buf (before decoding more data) */
+ size_t start;
+
+ /* Position in buf */
+ size_t pos;
+
+ /*
+ * How full dictionary is. This is used to detect corrupt input that
+ * would read beyond the beginning of the uncompressed stream.
+ */
+ size_t full;
+
+ /* Write limit; we don't write to buf[limit] or later bytes. */
+ size_t limit;
+
+ /*
+ * End of the dictionary buffer. In multi-call mode, this is
+ * the same as the dictionary size. In single-call mode, this
+ * indicates the size of the output buffer.
+ */
+ size_t end;
+
+ /*
+ * Size of the dictionary as specified in Block Header. This is used
+ * together with "full" to detect corrupt input that would make us
+ * read beyond the beginning of the uncompressed stream.
+ */
+ uint32_t size;
+
+ /*
+ * Amount of memory allocated for the dictionary. A special
+ * value of zero indicates that we are in single-call mode,
+ * where the output buffer works as the dictionary.
+ */
+ uint32_t allocated;
+};
+
+/* Range decoder */
+struct rc_dec {
+ uint32_t range;
+ uint32_t code;
+
+ /*
+ * Number of initializing bytes remaining to be read
+ * by rc_read_init().
+ */
+ uint32_t init_bytes_left;
+
+ /*
+ * Buffer from which we read our input. It can be either
+ * temp.buf or the caller-provided input buffer.
+ */
+ const uint8_t *in;
+ size_t in_pos;
+ size_t in_limit;
+};
+
+/* Probabilities for a length decoder. */
+struct lzma_len_dec {
+ /* Probability of match length being at least 10 */
+ uint16_t choice;
+
+ /* Probability of match length being at least 18 */
+ uint16_t choice2;
+
+ /* Probabilities for match lengths 2-9 */
+ uint16_t low[POS_STATES_MAX][LEN_LOW_SYMBOLS];
+
+ /* Probabilities for match lengths 10-17 */
+ uint16_t mid[POS_STATES_MAX][LEN_MID_SYMBOLS];
+
+ /* Probabilities for match lengths 18-273 */
+ uint16_t high[LEN_HIGH_SYMBOLS];
+};
+
+struct lzma_dec {
+ /*
+ * LZMA properties or related bit masks (number of literal
+ * context bits, a mask dervied from the number of literal
+ * position bits, and a mask dervied from the number
+ * position bits)
+ */
+ uint32_t lc;
+ uint32_t literal_pos_mask; /* (1 << lp) - 1 */
+ uint32_t pos_mask; /* (1 << pb) - 1 */
+
+ /* Types of the most recently seen LZMA symbols */
+ enum lzma_state state;
+
+ /* Distances of latest four matches */
+ uint32_t rep0;
+ uint32_t rep1;
+ uint32_t rep2;
+ uint32_t rep3;
+
+ /*
+ * Length of a match. This is updated so that dict_repeat can
+ * be called again to finish repeating the whole match.
+ */
+ uint32_t len;
+
+ /* If 1, it's a match. Otherwise it's a single 8-bit literal. */
+ uint16_t is_match[STATES][POS_STATES_MAX];
+
+ /* If 1, it's a repeated match. The distance is one of rep0 .. rep3. */
+ uint16_t is_rep[STATES];
+
+ /*
+ * If 0, distance of a repeated match is rep0.
+ * Otherwise check is_rep1.
+ */
+ uint16_t is_rep0[STATES];
+
+ /*
+ * If 0, distance of a repeated match is rep1.
+ * Otherwise check is_rep2.
+ */
+ uint16_t is_rep1[STATES];
+
+ /* If 0, distance of a repeated match is rep2. Otherwise it is rep3. */
+ uint16_t is_rep2[STATES];
+
+ /*
+ * If 1, the repeated match has length of one byte. Otherwise
+ * the length is decoded from rep_len_decoder.
+ */
+ uint16_t is_rep0_long[STATES][POS_STATES_MAX];
+
+ /*
+ * Probability tree for the highest two bits of the match
+ * distance. There is a separate probability tree for match
+ * lengths of 2 (i.e. MATCH_LEN_MIN), 3, 4, and [5, 273].
+ */
+ uint16_t dist_slot[DIST_STATES][DIST_SLOTS];
+
+ /*
+ * Probility trees for additional bits for match distance
+ * when the distance is in the range [4, 127].
+ */
+ uint16_t dist_special[FULL_DISTANCES - DIST_MODEL_END];
+
+ /*
+ * Probability tree for the lowest four bits of a match
+ * distance that is equal to or greater than 128.
+ */
+ uint16_t dist_align[ALIGN_SIZE];
+
+ /* Length of a normal match */
+ struct lzma_len_dec match_len_dec;
+
+ /* Length of a repeated match */
+ struct lzma_len_dec rep_len_dec;
+
+ /* Probabilities of literals */
+ uint16_t literal[LITERAL_CODERS_MAX][LITERAL_CODER_SIZE];
+};
+
+struct xz_dec_lzma2 {
+ /* LZMA2 */
+ struct {
+ /* Position in xz_dec_lzma2_run(). */
+ enum lzma2_seq {
+ SEQ_CONTROL,
+ SEQ_UNCOMPRESSED_1,
+ SEQ_UNCOMPRESSED_2,
+ SEQ_COMPRESSED_0,
+ SEQ_COMPRESSED_1,
+ SEQ_PROPERTIES,
+ SEQ_LZMA_PREPARE,
+ SEQ_LZMA_RUN,
+ SEQ_COPY
+ } sequence;
+
+ /*
+ * Next position after decoding the compressed size of
+ * the chunk.
+ */
+ enum lzma2_seq next_sequence;
+
+ /* Uncompressed size of LZMA chunk (2 MiB at maximum) */
+ uint32_t uncompressed;
+
+ /*
+ * Compressed size of LZMA chunk or compressed/uncompressed
+ * size of uncompressed chunk (64 KiB at maximum)
+ */
+ uint32_t compressed;
+
+ /*
+ * True if dictionary reset is needed. This is false before
+ * the first chunk (LZMA or uncompressed).
+ */
+ bool need_dict_reset;
+
+ /*
+ * True if new LZMA properties are needed. This is false
+ * before the first LZMA chunk.
+ */
+ bool need_props;
+ } lzma2;
+
+ /*
+ * Temporary buffer which holds small number of input bytes between
+ * decoder calls. See lzma2_lzma() for details.
+ */
+ struct {
+ uint32_t size;
+ uint8_t buf[3 * LZMA_IN_REQUIRED];
+ } temp;
+
+ struct dictionary dict;
+ struct rc_dec rc;
+ struct lzma_dec lzma;
+};
+
+/**************
+ * Dictionary *
+ **************/
+
+/*
+ * Reset the dictionary state. When in single-call mode, set up the beginning
+ * of the dictionary to point to the actual output buffer.
+ */
+static void dict_reset(struct dictionary *dict, struct xz_buf *b)
+{
+ if (dict->allocated == 0) {
+ dict->buf = b->out + b->out_pos;
+ dict->end = b->out_size - b->out_pos;
+ }
+ dict->start = 0;
+ dict->pos = 0;
+ dict->limit = 0;
+ dict->full = 0;
+}
+
+/* Set dictionary write limit */
+static void dict_limit(struct dictionary *dict, size_t out_max)
+{
+ if (dict->end - dict->pos <= out_max)
+ dict->limit = dict->end;
+ else
+ dict->limit = dict->pos + out_max;
+}
+
+/* Return true if at least one byte can be written into the dictionary. */
+static inline bool dict_has_space(const struct dictionary *dict)
+{
+ return dict->pos < dict->limit;
+}
+
+/*
+ * Get a byte from the dictionary at the given distance. The distance is
+ * assumed to valid, or as a special case, zero when the dictionary is
+ * still empty. This special case is needed for single-call decoding to
+ * avoid writing a '\0' to the end of the destination buffer.
+ */
+static inline uint32_t dict_get(
+ const struct dictionary *dict, uint32_t dist)
+{
+ size_t offset = dict->pos - dist - 1;
+
+ if (dist >= dict->pos)
+ offset += dict->end;
+
+ return dict->full > 0 ? dict->buf[offset] : 0;
+}
+
+/*
+ * Put one byte into the dictionary. It is assumed that there is space for it.
+ */
+static inline void dict_put(struct dictionary *dict, uint8_t byte)
+{
+ dict->buf[dict->pos++] = byte;
+
+ if (dict->full < dict->pos)
+ dict->full = dict->pos;
+}
+
+/*
+ * Repeat given number of bytes from the given distance. If the distance is
+ * invalid, false is returned. On success, true is returned and *len is
+ * updated to indicate how many bytes were left to be repeated.
+ */
+static bool dict_repeat(
+ struct dictionary *dict, uint32_t *len, uint32_t dist)
+{
+ size_t back;
+ uint32_t left;
+
+ if (dist >= dict->full || dist >= dict->size)
+ return false;
+
+ left = min_t(size_t, dict->limit - dict->pos, *len);
+ *len -= left;
+
+ back = dict->pos - dist - 1;
+ if (dist >= dict->pos)
+ back += dict->end;
+
+ do {
+ dict->buf[dict->pos++] = dict->buf[back++];
+ if (back == dict->end)
+ back = 0;
+ } while (--left > 0);
+
+ if (dict->full < dict->pos)
+ dict->full = dict->pos;
+
+ return true;
+}
+
+/* Copy uncompressed data as is from input to dictionary and output buffers. */
+static void dict_uncompressed(
+ struct dictionary *dict, struct xz_buf *b, uint32_t *left)
+{
+ size_t copy_size;
+
+ while (*left > 0 && b->in_pos < b->in_size
+ && b->out_pos < b->out_size) {
+ copy_size = min(b->in_size - b->in_pos,
+ b->out_size - b->out_pos);
+ if (copy_size > dict->end - dict->pos)
+ copy_size = dict->end - dict->pos;
+ if (copy_size > *left)
+ copy_size = *left;
+
+ *left -= copy_size;
+
+ memcpy(dict->buf + dict->pos, b->in + b->in_pos, copy_size);
+ dict->pos += copy_size;
+
+ if (dict->full < dict->pos)
+ dict->full = dict->pos;
+
+ if (dict->allocated != 0) {
+ if (dict->pos == dict->end)
+ dict->pos = 0;
+
+ memcpy(b->out + b->out_pos, b->in + b->in_pos,
+ copy_size);
+ }
+
+ dict->start = dict->pos;
+
+ b->out_pos += copy_size;
+ b->in_pos += copy_size;
+
+ }
+}
+
+/*
+ * Flush pending data from dictionary to b->out. It is assumed that there is
+ * enough space in b->out. This is guaranteed because caller uses dict_limit()
+ * before decoding data into the dictionary.
+ */
+static uint32_t dict_flush(struct dictionary *dict, struct xz_buf *b)
+{
+ size_t copy_size = dict->pos - dict->start;
+
+ if (dict->allocated != 0) {
+ if (dict->pos == dict->end)
+ dict->pos = 0;
+
+ memcpy(b->out + b->out_pos, dict->buf + dict->start,
+ copy_size);
+ }
+
+ dict->start = dict->pos;
+ b->out_pos += copy_size;
+ return copy_size;
+}
+
+/*****************
+ * Range decoder *
+ *****************/
+
+/* Reset the range decoder. */
+static void rc_reset(struct rc_dec *rc)
+{
+ rc->range = (uint32_t)-1;
+ rc->code = 0;
+ rc->init_bytes_left = RC_INIT_BYTES;
+}
+
+/*
+ * Read the first five initial bytes into rc->code if they haven't been
+ * read already. (Yes, the first byte gets completely ignored.)
+ */
+static bool rc_read_init(struct rc_dec *rc, struct xz_buf *b)
+{
+ while (rc->init_bytes_left > 0) {
+ if (b->in_pos == b->in_size)
+ return false;
+
+ rc->code = (rc->code << 8) + b->in[b->in_pos++];
+ --rc->init_bytes_left;
+ }
+
+ return true;
+}
+
+/* Return true if there may not be enough input for the next decoding loop. */
+static inline bool rc_limit_exceeded(const struct rc_dec *rc)
+{
+ return rc->in_pos > rc->in_limit;
+}
+
+/*
+ * Return true if it is possible (from point of view of range decoder) that
+ * we have reached the end of the LZMA chunk.
+ */
+static inline bool rc_is_finished(const struct rc_dec *rc)
+{
+ return rc->code == 0;
+}
+
+/* Read the next input byte if needed. */
+static __always_inline void rc_normalize(struct rc_dec *rc)
+{
+ if (rc->range < RC_TOP_VALUE) {
+ rc->range <<= RC_SHIFT_BITS;
+ rc->code = (rc->code << RC_SHIFT_BITS) + rc->in[rc->in_pos++];
+ }
+}
+
+/*
+ * Decode one bit. In some versions, this function has been splitted in three
+ * functions so that the compiler is supposed to be able to more easily avoid
+ * an extra branch. In this particular version of the LZMA decoder, this
+ * doesn't seem to be a good idea (tested with GCC 3.3.6, 3.4.6, and 4.3.3
+ * on x86). Using a non-splitted version results in nicer looking code too.
+ *
+ * NOTE: This must return an int. Do not make it return a bool or the speed
+ * of the code generated by GCC 3.x decreases 10-15 %. (GCC 4.3 doesn't care,
+ * and it generates 10-20 % faster code than GCC 3.x from this file anyway.)
+ */
+static __always_inline int rc_bit(struct rc_dec *rc, uint16_t *prob)
+{
+ uint32_t bound;
+ int bit;
+
+ rc_normalize(rc);
+ bound = (rc->range >> RC_BIT_MODEL_TOTAL_BITS) * *prob;
+ if (rc->code < bound) {
+ rc->range = bound;
+ *prob += (RC_BIT_MODEL_TOTAL - *prob) >> RC_MOVE_BITS;
+ bit = 0;
+ } else {
+ rc->range -= bound;
+ rc->code -= bound;
+ *prob -= *prob >> RC_MOVE_BITS;
+ bit = 1;
+ }
+
+ return bit;
+}
+
+/* Decode a bittree starting from the most significant bit. */
+static __always_inline uint32_t rc_bittree(
+ struct rc_dec *rc, uint16_t *probs, uint32_t limit)
+{
+ uint32_t symbol = 1;
+
+ do {
+ if (rc_bit(rc, &probs[symbol]))
+ symbol = (symbol << 1) + 1;
+ else
+ symbol <<= 1;
+ } while (symbol < limit);
+
+ return symbol;
+}
+
+/* Decode a bittree starting from the least significant bit. */
+static __always_inline void rc_bittree_reverse(struct rc_dec *rc,
+ uint16_t *probs, uint32_t *dest, uint32_t limit)
+{
+ uint32_t symbol = 1;
+ uint32_t i = 0;
+
+ do {
+ if (rc_bit(rc, &probs[symbol])) {
+ symbol = (symbol << 1) + 1;
+ *dest += 1 << i;
+ } else {
+ symbol <<= 1;
+ }
+ } while (++i < limit);
+}
+
+/* Decode direct bits (fixed fifty-fifty probability) */
+static inline void rc_direct(
+ struct rc_dec *rc, uint32_t *dest, uint32_t limit)
+{
+ uint32_t mask;
+
+ do {
+ rc_normalize(rc);
+ rc->range >>= 1;
+ rc->code -= rc->range;
+ mask = (uint32_t)0 - (rc->code >> 31);
+ rc->code += rc->range & mask;
+ *dest = (*dest << 1) + (mask + 1);
+ } while (--limit > 0);
+}
+
+/********
+ * LZMA *
+ ********/
+
+/* Get pointer to literal coder probability array. */
+static uint16_t * lzma_literal_probs(struct xz_dec_lzma2 *s)
+{
+ uint32_t prev_byte = dict_get(&s->dict, 0);
+ uint32_t low = prev_byte >> (8 - s->lzma.lc);
+ uint32_t high = (s->dict.pos & s->lzma.literal_pos_mask) << s->lzma.lc;
+ return s->lzma.literal[low + high];
+}
+
+/* Decode a literal (one 8-bit byte) */
+static void lzma_literal(struct xz_dec_lzma2 *s)
+{
+ uint16_t *probs;
+ uint32_t symbol;
+ uint32_t match_byte;
+ uint32_t match_bit;
+ uint32_t offset;
+ uint32_t i;
+
+ probs = lzma_literal_probs(s);
+
+ if (lzma_state_is_literal(s->lzma.state)) {
+ symbol = rc_bittree(&s->rc, probs, 0x100);
+ } else {
+ symbol = 1;
+ match_byte = dict_get(&s->dict, s->lzma.rep0) << 1;
+ offset = 0x100;
+
+ do {
+ match_bit = match_byte & offset;
+ match_byte <<= 1;
+ i = offset + match_bit + symbol;
+
+ if (rc_bit(&s->rc, &probs[i])) {
+ symbol = (symbol << 1) + 1;
+ offset &= match_bit;
+ } else {
+ symbol <<= 1;
+ offset &= ~match_bit;
+ }
+ } while (symbol < 0x100);
+ }
+
+ dict_put(&s->dict, (uint8_t)symbol);
+ lzma_state_literal(&s->lzma.state);
+}
+
+/* Decode the length of the match into s->lzma.len. */
+static void lzma_len(struct xz_dec_lzma2 *s, struct lzma_len_dec *l,
+ uint32_t pos_state)
+{
+ uint16_t *probs;
+ uint32_t limit;
+
+ if (!rc_bit(&s->rc, &l->choice)) {
+ probs = l->low[pos_state];
+ limit = LEN_LOW_SYMBOLS;
+ s->lzma.len = MATCH_LEN_MIN;
+ } else {
+ if (!rc_bit(&s->rc, &l->choice2)) {
+ probs = l->mid[pos_state];
+ limit = LEN_MID_SYMBOLS;
+ s->lzma.len = MATCH_LEN_MIN + LEN_LOW_SYMBOLS;
+ } else {
+ probs = l->high;
+ limit = LEN_HIGH_SYMBOLS;
+ s->lzma.len = MATCH_LEN_MIN + LEN_LOW_SYMBOLS
+ + LEN_MID_SYMBOLS;
+ }
+ }
+
+ s->lzma.len += rc_bittree(&s->rc, probs, limit) - limit;
+}
+
+/* Decode a match. The distance will be stored in s->lzma.rep0. */
+static void lzma_match(struct xz_dec_lzma2 *s, uint32_t pos_state)
+{
+ uint16_t *probs;
+ uint32_t dist_slot;
+ uint32_t limit;
+
+ lzma_state_match(&s->lzma.state);
+
+ s->lzma.rep3 = s->lzma.rep2;
+ s->lzma.rep2 = s->lzma.rep1;
+ s->lzma.rep1 = s->lzma.rep0;
+
+ lzma_len(s, &s->lzma.match_len_dec, pos_state);
+
+ probs = s->lzma.dist_slot[lzma_get_dist_state(s->lzma.len)];
+ dist_slot = rc_bittree(&s->rc, probs, DIST_SLOTS) - DIST_SLOTS;
+
+ if (dist_slot < DIST_MODEL_START) {
+ s->lzma.rep0 = dist_slot;
+ } else {
+ limit = (dist_slot >> 1) - 1;
+ s->lzma.rep0 = 2 + (dist_slot & 1);
+
+ if (dist_slot < DIST_MODEL_END) {
+ s->lzma.rep0 <<= limit;
+ probs = s->lzma.dist_special + s->lzma.rep0
+ - dist_slot - 1;
+ rc_bittree_reverse(&s->rc, probs,
+ &s->lzma.rep0, limit);
+ } else {
+ rc_direct(&s->rc, &s->lzma.rep0, limit - ALIGN_BITS);
+ s->lzma.rep0 <<= ALIGN_BITS;
+ rc_bittree_reverse(&s->rc, s->lzma.dist_align,
+ &s->lzma.rep0, ALIGN_BITS);
+ }
+ }
+}
+
+/*
+ * Decode a repeated match. The distance is one of the four most recently
+ * seen matches. The distance will be stored in s->lzma.rep0.
+ */
+static void lzma_rep_match(struct xz_dec_lzma2 *s, uint32_t pos_state)
+{
+ uint32_t tmp;
+
+ if (!rc_bit(&s->rc, &s->lzma.is_rep0[s->lzma.state])) {
+ if (!rc_bit(&s->rc, &s->lzma.is_rep0_long[
+ s->lzma.state][pos_state])) {
+ lzma_state_short_rep(&s->lzma.state);
+ s->lzma.len = 1;
+ return;
+ }
+ } else {
+ if (!rc_bit(&s->rc, &s->lzma.is_rep1[s->lzma.state])) {
+ tmp = s->lzma.rep1;
+ } else {
+ if (!rc_bit(&s->rc, &s->lzma.is_rep2[s->lzma.state])) {
+ tmp = s->lzma.rep2;
+ } else {
+ tmp = s->lzma.rep3;
+ s->lzma.rep3 = s->lzma.rep2;
+ }
+
+ s->lzma.rep2 = s->lzma.rep1;
+ }
+
+ s->lzma.rep1 = s->lzma.rep0;
+ s->lzma.rep0 = tmp;
+ }
+
+ lzma_state_long_rep(&s->lzma.state);
+ lzma_len(s, &s->lzma.rep_len_dec, pos_state);
+}
+
+/* LZMA decoder core */
+static bool lzma_main(struct xz_dec_lzma2 *s)
+{
+ uint32_t pos_state;
+
+ /*
+ * If the dictionary was reached during the previous call, try to
+ * finish the possibly pending repeat in the dictionary.
+ */
+ if (dict_has_space(&s->dict) && s->lzma.len > 0)
+ dict_repeat(&s->dict, &s->lzma.len, s->lzma.rep0);
+
+ /*
+ * Decode more LZMA symbols. One iteration may consume up to
+ * LZMA_IN_REQUIRED - 1 bytes.
+ */
+ while (dict_has_space(&s->dict) && !rc_limit_exceeded(&s->rc)) {
+ pos_state = s->dict.pos & s->lzma.pos_mask;
+
+ if (!rc_bit(&s->rc, &s->lzma.is_match[
+ s->lzma.state][pos_state])) {
+ lzma_literal(s);
+ } else {
+ if (rc_bit(&s->rc, &s->lzma.is_rep[s->lzma.state]))
+ lzma_rep_match(s, pos_state);
+ else
+ lzma_match(s, pos_state);
+
+ if (!dict_repeat(&s->dict, &s->lzma.len, s->lzma.rep0))
+ return false;
+ }
+ }
+
+ /*
+ * Having the range decoder always normalized when we are outside
+ * this function makes it easier to correctly handle end of the chunk.
+ */
+ rc_normalize(&s->rc);
+
+ return true;
+}
+
+/*
+ * Reset the LZMA decoder and range decoder state. Dictionary is nore reset
+ * here, because LZMA state may be reset without resetting the dictionary.
+ */
+static void lzma_reset(struct xz_dec_lzma2 *s)
+{
+ uint16_t *probs;
+ size_t i;
+
+ s->lzma.state = STATE_LIT_LIT;
+ s->lzma.rep0 = 0;
+ s->lzma.rep1 = 0;
+ s->lzma.rep2 = 0;
+ s->lzma.rep3 = 0;
+
+ /*
+ * All probabilities are initialized to the same value. This hack
+ * makes the code smaller by avoiding a separate loop for each
+ * probability array.
+ *
+ * This could be optimized so that only that part of literal
+ * probabilities that are actually required. In the common case
+ * we would write 12 KiB less.
+ */
+ probs = s->lzma.is_match[0];
+ for (i = 0; i < PROBS_TOTAL; ++i)
+ probs[i] = RC_BIT_MODEL_TOTAL / 2;
+
+ rc_reset(&s->rc);
+}
+
+/*
+ * Decode and validate LZMA properties (lc/lp/pb) and calculate the bit masks
+ * from the decoded lp and pb values. On success, the LZMA decoder state is
+ * reset and true is returned.
+ */
+static bool lzma_props(struct xz_dec_lzma2 *s, uint8_t props)
+{
+ if (props > (4 * 5 + 4) * 9 + 8)
+ return false;
+
+ s->lzma.pos_mask = 0;
+ while (props >= 9 * 5) {
+ props -= 9 * 5;
+ ++s->lzma.pos_mask;
+ }
+
+ s->lzma.pos_mask = (1 << s->lzma.pos_mask) - 1;
+
+ s->lzma.literal_pos_mask = 0;
+ while (props >= 9) {
+ props -= 9;
+ ++s->lzma.literal_pos_mask;
+ }
+
+ s->lzma.lc = props;
+
+ if (s->lzma.lc + s->lzma.literal_pos_mask > 4)
+ return false;
+
+ s->lzma.literal_pos_mask = (1 << s->lzma.literal_pos_mask) - 1;
+
+ lzma_reset(s);
+
+ return true;
+}
+
+/*********
+ * LZMA2 *
+ *********/
+
+/*
+ * The LZMA decoder assumes that if the input limit (s->rc.in_limit) hasn't
+ * been exceeded, it is safe to read up to LZMA_IN_REQUIRED bytes. This
+ * wrapper function takes care of making the LZMA decoder's assumption safe.
+ *
+ * As long as there is plenty of input left to be decoded in the current LZMA
+ * chunk, we decode directly from the caller-supplied input buffer until
+ * there's LZMA_IN_REQUIRED bytes left. Those remaining bytes are copied into
+ * s->temp.buf, which (hopefully) gets filled on the next call to this
+ * function. We decode a few bytes from the temporary buffer so that we can
+ * continue decoding from the caller-supplied input buffer again.
+ */
+static bool lzma2_lzma(struct xz_dec_lzma2 *s, struct xz_buf *b)
+{
+ size_t in_avail;
+ uint32_t tmp;
+
+ in_avail = b->in_size - b->in_pos;
+ if (s->temp.size > 0 || s->lzma2.compressed == 0) {
+ tmp = 2 * LZMA_IN_REQUIRED - s->temp.size;
+ if (tmp > s->lzma2.compressed - s->temp.size)
+ tmp = s->lzma2.compressed - s->temp.size;
+ if (tmp > in_avail)
+ tmp = in_avail;
+
+ memcpy(s->temp.buf + s->temp.size, b->in + b->in_pos, tmp);
+
+ if (s->temp.size + tmp == s->lzma2.compressed) {
+ memzero(s->temp.buf + s->temp.size + tmp,
+ sizeof(s->temp.buf)
+ - s->temp.size - tmp);
+ s->rc.in_limit = s->temp.size + tmp;
+ } else if (s->temp.size + tmp < LZMA_IN_REQUIRED) {
+ s->temp.size += tmp;
+ b->in_pos += tmp;
+ return true;
+ } else {
+ s->rc.in_limit = s->temp.size + tmp - LZMA_IN_REQUIRED;
+ }
+
+ s->rc.in = s->temp.buf;
+ s->rc.in_pos = 0;
+
+ if (!lzma_main(s) || s->rc.in_pos > s->temp.size + tmp)
+ return false;
+
+ s->lzma2.compressed -= s->rc.in_pos;
+
+ if (s->rc.in_pos < s->temp.size) {
+ s->temp.size -= s->rc.in_pos;
+ memmove(s->temp.buf, s->temp.buf + s->rc.in_pos,
+ s->temp.size);
+ return true;
+ }
+
+ b->in_pos += s->rc.in_pos - s->temp.size;
+ s->temp.size = 0;
+ }
+
+ in_avail = b->in_size - b->in_pos;
+ if (in_avail >= LZMA_IN_REQUIRED) {
+ s->rc.in = b->in;
+ s->rc.in_pos = b->in_pos;
+
+ if (in_avail >= s->lzma2.compressed + LZMA_IN_REQUIRED)
+ s->rc.in_limit = b->in_pos + s->lzma2.compressed;
+ else
+ s->rc.in_limit = b->in_size - LZMA_IN_REQUIRED;
+
+ if (!lzma_main(s))
+ return false;
+
+ in_avail = s->rc.in_pos - b->in_pos;
+ if (in_avail > s->lzma2.compressed)
+ return false;
+
+ s->lzma2.compressed -= in_avail;
+ b->in_pos = s->rc.in_pos;
+ }
+
+ in_avail = b->in_size - b->in_pos;
+ if (in_avail < LZMA_IN_REQUIRED) {
+ if (in_avail > s->lzma2.compressed)
+ in_avail = s->lzma2.compressed;
+
+ memcpy(s->temp.buf, b->in + b->in_pos, in_avail);
+ s->temp.size = in_avail;
+ b->in_pos += in_avail;
+ }
+
+ return true;
+}
+
+/*
+ * Take care of the LZMA2 control layer, and forward the job of actual LZMA
+ * decoding or copying of uncompressed chunks to other functions.
+ */
+enum xz_ret xz_dec_lzma2_run(
+ struct xz_dec_lzma2 *s, struct xz_buf *b)
+{
+ uint32_t tmp;
+
+ while (b->in_pos < b->in_size || s->lzma2.sequence == SEQ_LZMA_RUN) {
+ switch (s->lzma2.sequence) {
+ case SEQ_CONTROL:
+ /*
+ * LZMA2 control byte
+ *
+ * Exact values:
+ * 0x00 End marker
+ * 0x01 Dictionary reset followed by
+ * an uncompressed chunk
+ * 0x02 Uncompressed chunk (no dictionary reset)
+ *
+ * Highest three bits (s->control & 0xE0):
+ * 0xE0 Dictionary reset, new properties and state
+ * reset, followed by LZMA compressed chunk
+ * 0xC0 New properties and state reset, followed
+ * by LZMA compressed chunk (no dictionary
+ * reset)
+ * 0xA0 State reset using old properties,
+ * followed by LZMA compressed chunk (no
+ * dictionary reset)
+ * 0x80 LZMA chunk (no dictionary or state reset)
+ *
+ * For LZMA compressed chunks, the lowest five bits
+ * (s->control & 1F) are the highest bits of the
+ * uncompressed size (bits 16-20).
+ *
+ * A new LZMA2 stream must begin with a dictionary
+ * reset. The first LZMA chunk must set new
+ * properties and reset the LZMA state.
+ *
+ * Values that don't match anything described above
+ * are invalid and we return XZ_DATA_ERROR.
+ */
+ tmp = b->in[b->in_pos++];
+
+ if (tmp >= 0xE0 || tmp == 0x01) {
+ s->lzma2.need_props = true;
+ s->lzma2.need_dict_reset = false;
+ dict_reset(&s->dict, b);
+ } else if (s->lzma2.need_dict_reset) {
+ return XZ_DATA_ERROR;
+ }
+
+ if (tmp >= 0x80) {
+ s->lzma2.uncompressed = (tmp & 0x1F) << 16;
+ s->lzma2.sequence = SEQ_UNCOMPRESSED_1;
+
+ if (tmp >= 0xC0) {
+ /*
+ * When there are new properties,
+ * state reset is done at
+ * SEQ_PROPERTIES.
+ */
+ s->lzma2.need_props = false;
+ s->lzma2.next_sequence
+ = SEQ_PROPERTIES;
+
+ } else if (s->lzma2.need_props) {
+ return XZ_DATA_ERROR;
+
+ } else {
+ s->lzma2.next_sequence
+ = SEQ_LZMA_PREPARE;
+ if (tmp >= 0xA0)
+ lzma_reset(s);
+ }
+ } else {
+ if (tmp == 0x00)
+ return XZ_STREAM_END;
+
+ if (tmp > 0x02)
+ return XZ_DATA_ERROR;
+
+ s->lzma2.sequence = SEQ_COMPRESSED_0;
+ s->lzma2.next_sequence = SEQ_COPY;
+ }
+
+ break;
+
+ case SEQ_UNCOMPRESSED_1:
+ s->lzma2.uncompressed
+ += (uint32_t)b->in[b->in_pos++] << 8;
+ s->lzma2.sequence = SEQ_UNCOMPRESSED_2;
+ break;
+
+ case SEQ_UNCOMPRESSED_2:
+ s->lzma2.uncompressed
+ += (uint32_t)b->in[b->in_pos++] + 1;
+ s->lzma2.sequence = SEQ_COMPRESSED_0;
+ break;
+
+ case SEQ_COMPRESSED_0:
+ s->lzma2.compressed
+ = (uint32_t)b->in[b->in_pos++] << 8;
+ s->lzma2.sequence = SEQ_COMPRESSED_1;
+ break;
+
+ case SEQ_COMPRESSED_1:
+ s->lzma2.compressed
+ += (uint32_t)b->in[b->in_pos++] + 1;
+ s->lzma2.sequence = s->lzma2.next_sequence;
+ break;
+
+ case SEQ_PROPERTIES:
+ if (!lzma_props(s, b->in[b->in_pos++]))
+ return XZ_DATA_ERROR;
+
+ s->lzma2.sequence = SEQ_LZMA_PREPARE;
+
+ case SEQ_LZMA_PREPARE:
+ if (s->lzma2.compressed < RC_INIT_BYTES)
+ return XZ_DATA_ERROR;
+
+ if (!rc_read_init(&s->rc, b))
+ return XZ_OK;
+
+ s->lzma2.compressed -= RC_INIT_BYTES;
+ s->lzma2.sequence = SEQ_LZMA_RUN;
+
+ case SEQ_LZMA_RUN:
+ /*
+ * Set dictionary limit to indicate how much we want
+ * to be encoded at maximum. Decode new data into the
+ * dictionary. Flush the new data from dictionary to
+ * b->out. Check if we finished decoding this chunk.
+ * In case the dictionary got full but we didn't fill
+ * the output buffer yet, we may run this loop
+ * multiple times without changing s->lzma2.sequence.
+ */
+ dict_limit(&s->dict, min_t(size_t,
+ b->out_size - b->out_pos,
+ s->lzma2.uncompressed));
+ if (!lzma2_lzma(s, b))
+ return XZ_DATA_ERROR;
+
+ s->lzma2.uncompressed -= dict_flush(&s->dict, b);
+
+ if (s->lzma2.uncompressed == 0) {
+ if (s->lzma2.compressed > 0 || s->lzma.len > 0
+ || !rc_is_finished(&s->rc))
+ return XZ_DATA_ERROR;
+
+ rc_reset(&s->rc);
+ s->lzma2.sequence = SEQ_CONTROL;
+
+ } else if (b->out_pos == b->out_size
+ || (b->in_pos == b->in_size
+ && s->temp.size
+ < s->lzma2.compressed)) {
+ return XZ_OK;
+ }
+
+ break;
+
+ case SEQ_COPY:
+ dict_uncompressed(&s->dict, b, &s->lzma2.compressed);
+ if (s->lzma2.compressed > 0)
+ return XZ_OK;
+
+ s->lzma2.sequence = SEQ_CONTROL;
+ break;
+ }
+ }
+
+ return XZ_OK;
+}
+
+#ifdef GRUB_EMBED_DECOMPRESSOR
+#include <grub/decompressor.h>
+static struct xz_dec_lzma2 lzma2;
+#endif
+
+struct xz_dec_lzma2 * xz_dec_lzma2_create(uint32_t dict_max)
+{
+ struct xz_dec_lzma2 *s;
+
+#ifndef GRUB_EMBED_DECOMPRESSOR
+ /* Maximum supported dictionary by this implementation is 3 GiB. */
+ if (dict_max > ((uint32_t)3 << 30))
+ return NULL;
+
+ s = kmalloc(sizeof(*s), GFP_KERNEL);
+ if (s == NULL)
+ return NULL;
+
+ if (dict_max > 0) {
+ s->dict.buf = vmalloc(dict_max);
+ if (s->dict.buf == NULL) {
+ kfree(s);
+ return NULL;
+ }
+ }
+
+#else
+ s = &lzma2;
+ s->dict.buf = grub_decompressor_scratch;
+#endif
+
+ s->dict.allocated = dict_max;
+
+ return s;
+}
+
+enum xz_ret xz_dec_lzma2_reset(
+ struct xz_dec_lzma2 *s, uint8_t props)
+{
+ /* This limits dictionary size to 3 GiB (39) to keep parsing simpler. */
+ if (props > ( min (DICT_BIT_SIZE,39)) )
+ return XZ_OPTIONS_ERROR;
+
+ s->dict.size = 2 + (props & 1);
+ s->dict.size <<= (props >> 1) + 11;
+
+#ifndef GRUB_EMBED_DECOMPRESSOR
+ if (s->dict.allocated > 0 && s->dict.allocated < s->dict.size)
+ {
+ /* enlarge dictionary buffer */
+ uint8_t * newdict = realloc(s->dict.buf,s->dict.size);
+
+ if (! newdict)
+ return XZ_MEMLIMIT_ERROR;
+
+ s->dict.buf = newdict;
+ s->dict.allocated = s->dict.size;
+ }
+#endif
+ s->dict.end = s->dict.size;
+
+ s->lzma.len = 0;
+
+ s->lzma2.sequence = SEQ_CONTROL;
+ s->lzma2.need_dict_reset = true;
+
+ s->temp.size = 0;
+
+ return XZ_OK;
+}
+
+void xz_dec_lzma2_end(struct xz_dec_lzma2 *s __attribute__ ((unused)))
+{
+#ifndef GRUB_EMBED_DECOMPRESSOR
+ if (s->dict.allocated > 0)
+ vfree(s->dict.buf);
+
+ kfree(s);
+#endif
+}
diff --git a/grub-core/lib/xzembed/xz_dec_stream.c b/grub-core/lib/xzembed/xz_dec_stream.c
new file mode 100644
index 0000000..3bf201d
--- /dev/null
+++ b/grub-core/lib/xzembed/xz_dec_stream.c
@@ -0,0 +1,919 @@
+/* xz_dec_stream.c - .xz Stream decoder */
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2010 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+/*
+ * This file is based on code from XZ embedded project
+ * http://tukaani.org/xz/embedded.html
+ */
+
+#include "xz_config.h"
+#include "xz_private.h"
+#include "xz_stream.h"
+
+#include <grub/crypto.h>
+
+/* Hash used to validate the Index field */
+struct xz_dec_hash {
+ vli_type unpadded;
+ vli_type uncompressed;
+#ifndef GRUB_EMBED_DECOMPRESSOR
+ uint8_t *crc32_context;
+#endif
+};
+
+struct xz_dec {
+ /* Position in dec_main() */
+ enum {
+ SEQ_STREAM_HEADER,
+ SEQ_BLOCK_START,
+ SEQ_BLOCK_HEADER,
+ SEQ_BLOCK_UNCOMPRESS,
+ SEQ_BLOCK_PADDING,
+ SEQ_BLOCK_CHECK,
+ SEQ_INDEX,
+ SEQ_INDEX_PADDING,
+ SEQ_INDEX_CRC32,
+ SEQ_STREAM_FOOTER
+ } sequence;
+
+ /* Position in variable-length integers and Check fields */
+ uint32_t pos;
+
+ /* Variable-length integer decoded by dec_vli() */
+ vli_type vli;
+
+ /* Saved in_pos and out_pos */
+ size_t in_start;
+ size_t out_start;
+
+ /* CRC32 value in Block or Index */
+ uint32_t crc32_temp; /* need for crc32_validate*/
+ uint8_t *crc32_context;
+
+ /* True if CRC32 is calculated from uncompressed data */
+ bool has_crc32;
+
+ /* True if we are operating in single-call mode. */
+ bool single_call;
+
+ /*
+ * True if the next call to xz_dec_run() is allowed to return
+ * XZ_BUF_ERROR.
+ */
+ bool allow_buf_error;
+
+ /* Information stored in Block Header */
+ struct {
+ /*
+ * Value stored in the Compressed Size field, or
+ * VLI_UNKNOWN if Compressed Size is not present.
+ */
+ vli_type compressed;
+
+ /*
+ * Value stored in the Uncompressed Size field, or
+ * VLI_UNKNOWN if Uncompressed Size is not present.
+ */
+ vli_type uncompressed;
+
+ /* Size of the Block Header field */
+ uint32_t size;
+ } block_header;
+
+ /* Information collected when decoding Blocks */
+ struct {
+ /* Observed compressed size of the current Block */
+ vli_type compressed;
+
+ /* Observed uncompressed size of the current Block */
+ vli_type uncompressed;
+
+ /* Number of Blocks decoded so far */
+ vli_type count;
+
+ /*
+ * Hash calculated from the Block sizes. This is used to
+ * validate the Index field.
+ */
+ struct xz_dec_hash hash;
+ } block;
+
+ /* Variables needed when verifying the Index field */
+ struct {
+ /* Position in dec_index() */
+ enum {
+ SEQ_INDEX_COUNT,
+ SEQ_INDEX_UNPADDED,
+ SEQ_INDEX_UNCOMPRESSED
+ } sequence;
+
+ /* Size of the Index in bytes */
+ vli_type size;
+
+ /* Number of Records (matches block.count in valid files) */
+ vli_type count;
+
+ /*
+ * Hash calculated from the Records (matches block.hash in
+ * valid files).
+ */
+ struct xz_dec_hash hash;
+ } index;
+
+ /*
+ * Temporary buffer needed to hold Stream Header, Block Header,
+ * and Stream Footer. The Block Header is the biggest (1 KiB)
+ * so we reserve space according to that. buf[] has to be aligned
+ * to a multiple of four bytes; the size_t variables before it
+ * should guarantee this.
+ */
+ struct {
+ size_t pos;
+ size_t size;
+ uint8_t buf[1024];
+ } temp;
+
+ struct xz_dec_lzma2 *lzma2;
+
+#ifdef XZ_DEC_BCJ
+ struct xz_dec_bcj *bcj;
+ bool bcj_active;
+#endif
+};
+
+/*
+ * Fill s->temp by copying data starting from b->in[b->in_pos]. Caller
+ * must have set s->temp.pos to indicate how much data we are supposed
+ * to copy into s->temp.buf. Return true once s->temp.pos has reached
+ * s->temp.size.
+ */
+static bool fill_temp(struct xz_dec *s, struct xz_buf *b)
+{
+ size_t copy_size = min_t(size_t,
+ b->in_size - b->in_pos, s->temp.size - s->temp.pos);
+
+ memcpy(s->temp.buf + s->temp.pos, b->in + b->in_pos, copy_size);
+ b->in_pos += copy_size;
+ s->temp.pos += copy_size;
+
+ if (s->temp.pos == s->temp.size) {
+ s->temp.pos = 0;
+ return true;
+ }
+
+ return false;
+}
+
+/* Decode a variable-length integer (little-endian base-128 encoding) */
+static enum xz_ret dec_vli(struct xz_dec *s,
+ const uint8_t *in, size_t *in_pos, size_t in_size)
+{
+ uint8_t byte;
+
+ if (s->pos == 0)
+ s->vli = 0;
+
+ while (*in_pos < in_size) {
+ byte = in[*in_pos];
+ ++*in_pos;
+
+ s->vli |= (vli_type)(byte & 0x7F) << s->pos;
+
+ if ((byte & 0x80) == 0) {
+ /* Don't allow non-minimal encodings. */
+ if (byte == 0 && s->pos != 0)
+ return XZ_DATA_ERROR;
+
+ s->pos = 0;
+ return XZ_STREAM_END;
+ }
+
+ s->pos += 7;
+ if (s->pos == 7 * VLI_BYTES_MAX)
+ return XZ_DATA_ERROR;
+ }
+
+ return XZ_OK;
+}
+
+/*
+ * Decode the Compressed Data field from a Block. Update and validate
+ * the observed compressed and uncompressed sizes of the Block so that
+ * they don't exceed the values possibly stored in the Block Header
+ * (validation assumes that no integer overflow occurs, since vli_type
+ * is normally uint64_t). Update the CRC32 if presence of the CRC32
+ * field was indicated in Stream Header.
+ *
+ * Once the decoding is finished, validate that the observed sizes match
+ * the sizes possibly stored in the Block Header. Update the hash and
+ * Block count, which are later used to validate the Index field.
+ */
+static enum xz_ret dec_block(struct xz_dec *s, struct xz_buf *b)
+{
+ enum xz_ret ret;
+
+ s->in_start = b->in_pos;
+ s->out_start = b->out_pos;
+
+#ifdef XZ_DEC_BCJ
+ if (s->bcj_active)
+ ret = xz_dec_bcj_run(s->bcj, s->lzma2, b);
+ else
+#endif
+ ret = xz_dec_lzma2_run(s->lzma2, b);
+
+ s->block.compressed += b->in_pos - s->in_start;
+ s->block.uncompressed += b->out_pos - s->out_start;
+
+ /*
+ * There is no need to separately check for VLI_UNKNOWN, since
+ * the observed sizes are always smaller than VLI_UNKNOWN.
+ */
+ if (s->block.compressed > s->block_header.compressed
+ || s->block.uncompressed
+ > s->block_header.uncompressed)
+ return XZ_DATA_ERROR;
+
+#ifndef GRUB_EMBED_DECOMPRESSOR
+ if (s->has_crc32)
+ GRUB_MD_CRC32->write(s->crc32_context,b->out + s->out_start,
+ b->out_pos - s->out_start);
+#endif
+
+ if (ret == XZ_STREAM_END) {
+ if (s->block_header.compressed != VLI_UNKNOWN
+ && s->block_header.compressed
+ != s->block.compressed)
+ return XZ_DATA_ERROR;
+
+ if (s->block_header.uncompressed != VLI_UNKNOWN
+ && s->block_header.uncompressed
+ != s->block.uncompressed)
+ return XZ_DATA_ERROR;
+
+ s->block.hash.unpadded += s->block_header.size
+ + s->block.compressed;
+ if (s->has_crc32)
+ s->block.hash.unpadded += 4;
+
+ s->block.hash.uncompressed += s->block.uncompressed;
+
+#ifndef GRUB_EMBED_DECOMPRESSOR
+ GRUB_MD_CRC32->write(s->block.hash.crc32_context,
+ (const uint8_t *)&s->block.hash, 2 * sizeof(vli_type));
+#endif
+
+ ++s->block.count;
+ }
+
+ return ret;
+}
+
+/* Update the Index size and the CRC32 value. */
+static void index_update(struct xz_dec *s, const struct xz_buf *b)
+{
+ size_t in_used = b->in_pos - s->in_start;
+ s->index.size += in_used;
+#ifndef GRUB_EMBED_DECOMPRESSOR
+ GRUB_MD_CRC32->write(s->crc32_context,b->in + s->in_start, in_used);
+#endif
+}
+
+/*
+ * Decode the Number of Records, Unpadded Size, and Uncompressed Size
+ * fields from the Index field. That is, Index Padding and CRC32 are not
+ * decoded by this function.
+ *
+ * This can return XZ_OK (more input needed), XZ_STREAM_END (everything
+ * successfully decoded), or XZ_DATA_ERROR (input is corrupt).
+ */
+static enum xz_ret dec_index(struct xz_dec *s, struct xz_buf *b)
+{
+ enum xz_ret ret;
+
+ do {
+ ret = dec_vli(s, b->in, &b->in_pos, b->in_size);
+ if (ret != XZ_STREAM_END) {
+ index_update(s, b);
+ return ret;
+ }
+
+ switch (s->index.sequence) {
+ case SEQ_INDEX_COUNT:
+ s->index.count = s->vli;
+
+ /*
+ * Validate that the Number of Records field
+ * indicates the same number of Records as
+ * there were Blocks in the Stream.
+ */
+ if (s->index.count != s->block.count)
+ return XZ_DATA_ERROR;
+
+ s->index.sequence = SEQ_INDEX_UNPADDED;
+ break;
+
+ case SEQ_INDEX_UNPADDED:
+ s->index.hash.unpadded += s->vli;
+ s->index.sequence = SEQ_INDEX_UNCOMPRESSED;
+ break;
+
+ case SEQ_INDEX_UNCOMPRESSED:
+ s->index.hash.uncompressed += s->vli;
+
+#ifndef GRUB_EMBED_DECOMPRESSOR
+ GRUB_MD_CRC32->write(s->index.hash.crc32_context,
+ (const uint8_t *)&s->index.hash, 2 * sizeof(vli_type));
+#endif
+
+ --s->index.count;
+ s->index.sequence = SEQ_INDEX_UNPADDED;
+ break;
+ }
+ } while (s->index.count > 0);
+
+ return XZ_STREAM_END;
+}
+
+/*
+ * Validate that the next four input bytes match the value of s->crc32.
+ * s->pos must be zero when starting to validate the first byte.
+ */
+static enum xz_ret crc32_validate(struct xz_dec *s, struct xz_buf *b)
+{
+#ifndef GRUB_EMBED_DECOMPRESSOR
+ if(s->crc32_temp == 0)
+ {
+ GRUB_MD_CRC32->final(s->crc32_context);
+ s->crc32_temp = get_unaligned_be32(GRUB_MD_CRC32->read(s->crc32_context));
+ }
+#endif
+
+ do {
+ if (b->in_pos == b->in_size)
+ return XZ_OK;
+
+#ifndef GRUB_EMBED_DECOMPRESSOR
+ if (((s->crc32_temp >> s->pos) & 0xFF) != b->in[b->in_pos++])
+ return XZ_DATA_ERROR;
+#endif
+
+ s->pos += 8;
+
+ } while (s->pos < 32);
+
+#ifndef GRUB_EMBED_DECOMPRESSOR
+ GRUB_MD_CRC32->init(s->crc32_context);
+#endif
+ s->crc32_temp = 0;
+ s->pos = 0;
+
+ return XZ_STREAM_END;
+}
+
+/* Decode the Stream Header field (the first 12 bytes of the .xz Stream). */
+static enum xz_ret dec_stream_header(struct xz_dec *s)
+{
+ if (! memeq(s->temp.buf, HEADER_MAGIC, HEADER_MAGIC_SIZE))
+ return XZ_FORMAT_ERROR;
+
+#ifndef GRUB_EMBED_DECOMPRESSOR
+ uint8_t crc32_context[GRUB_MD_CRC32->contextsize];
+
+ GRUB_MD_CRC32->init(crc32_context);
+ GRUB_MD_CRC32->write(crc32_context,s->temp.buf + HEADER_MAGIC_SIZE, 2);
+ GRUB_MD_CRC32->final(crc32_context);
+
+ uint32_t resultcrc = get_unaligned_be32(GRUB_MD_CRC32->read(crc32_context));
+ uint32_t readcrc = get_unaligned_le32(s->temp.buf + HEADER_MAGIC_SIZE + 2);
+
+ if(resultcrc != readcrc)
+ return XZ_DATA_ERROR;
+#endif
+
+ /*
+ * Decode the Stream Flags field. Of integrity checks, we support
+ * only none (Check ID = 0) and CRC32 (Check ID = 1).
+ */
+ if (s->temp.buf[HEADER_MAGIC_SIZE] != 0
+ || s->temp.buf[HEADER_MAGIC_SIZE + 1] > 1)
+ return XZ_OPTIONS_ERROR;
+
+ s->has_crc32 = s->temp.buf[HEADER_MAGIC_SIZE + 1];
+
+ return XZ_OK;
+}
+
+/* Decode the Stream Footer field (the last 12 bytes of the .xz Stream) */
+static enum xz_ret dec_stream_footer(struct xz_dec *s)
+{
+ if (! memeq(s->temp.buf + 10, FOOTER_MAGIC, FOOTER_MAGIC_SIZE))
+ return XZ_DATA_ERROR;
+
+#ifndef GRUB_EMBED_DECOMPRESSOR
+ uint8_t crc32_context[GRUB_MD_CRC32->contextsize];
+
+ GRUB_MD_CRC32->init(crc32_context);
+ GRUB_MD_CRC32->write(crc32_context, s->temp.buf + 4, 6);
+ GRUB_MD_CRC32->final(crc32_context);
+
+ uint32_t resultcrc = get_unaligned_be32(GRUB_MD_CRC32->read(crc32_context));
+ uint32_t readcrc = get_unaligned_le32(s->temp.buf);
+
+ if(resultcrc != readcrc)
+ return XZ_DATA_ERROR;
+#endif
+
+ /*
+ * Validate Backward Size. Note that we never added the size of the
+ * Index CRC32 field to s->index.size, thus we use s->index.size / 4
+ * instead of s->index.size / 4 - 1.
+ */
+ if ((s->index.size >> 2) != get_le32(s->temp.buf + 4))
+ return XZ_DATA_ERROR;
+
+ if (s->temp.buf[8] != 0 || s->temp.buf[9] != s->has_crc32)
+ return XZ_DATA_ERROR;
+
+ /*
+ * Use XZ_STREAM_END instead of XZ_OK to be more convenient
+ * for the caller.
+ */
+ return XZ_STREAM_END;
+}
+
+/* Decode the Block Header and initialize the filter chain. */
+static enum xz_ret dec_block_header(struct xz_dec *s)
+{
+ enum xz_ret ret;
+
+ /*
+ * Validate the CRC32. We know that the temp buffer is at least
+ * eight bytes so this is safe.
+ */
+ s->temp.size -= 4;
+#ifndef GRUB_EMBED_DECOMPRESSOR
+ uint8_t crc32_context[GRUB_MD_CRC32->contextsize];
+
+ GRUB_MD_CRC32->init(crc32_context);
+ GRUB_MD_CRC32->write(crc32_context, s->temp.buf, s->temp.size);
+ GRUB_MD_CRC32->final(crc32_context);
+
+ uint32_t resultcrc = get_unaligned_be32(GRUB_MD_CRC32->read(crc32_context));
+ uint32_t readcrc = get_unaligned_le32(s->temp.buf + s->temp.size);
+
+ if (resultcrc != readcrc)
+ return XZ_DATA_ERROR;
+#endif
+
+ s->temp.pos = 2;
+
+ /*
+ * Catch unsupported Block Flags. We support only one or two filters
+ * in the chain, so we catch that with the same test.
+ */
+#ifdef XZ_DEC_BCJ
+ if (s->temp.buf[1] & 0x3E)
+#else
+ if (s->temp.buf[1] & 0x3F)
+#endif
+ return XZ_OPTIONS_ERROR;
+
+ /* Compressed Size */
+ if (s->temp.buf[1] & 0x40) {
+ if (dec_vli(s, s->temp.buf, &s->temp.pos, s->temp.size)
+ != XZ_STREAM_END)
+ return XZ_DATA_ERROR;
+
+ s->block_header.compressed = s->vli;
+ } else {
+ s->block_header.compressed = VLI_UNKNOWN;
+ }
+
+ /* Uncompressed Size */
+ if (s->temp.buf[1] & 0x80) {
+ if (dec_vli(s, s->temp.buf, &s->temp.pos, s->temp.size)
+ != XZ_STREAM_END)
+ return XZ_DATA_ERROR;
+
+ s->block_header.uncompressed = s->vli;
+ } else {
+ s->block_header.uncompressed = VLI_UNKNOWN;
+ }
+
+#ifdef XZ_DEC_BCJ
+ /* If there are two filters, the first one must be a BCJ filter. */
+ s->bcj_active = s->temp.buf[1] & 0x01;
+ if (s->bcj_active) {
+ if (s->temp.size - s->temp.pos < 2)
+ return XZ_OPTIONS_ERROR;
+
+ ret = xz_dec_bcj_reset(s->bcj, s->temp.buf[s->temp.pos++]);
+ if (ret != XZ_OK)
+ return ret;
+
+ /*
+ * We don't support custom start offset,
+ * so Size of Properties must be zero.
+ */
+ if (s->temp.buf[s->temp.pos++] != 0x00)
+ return XZ_OPTIONS_ERROR;
+ }
+#endif
+
+ /* Valid Filter Flags always take at least two bytes. */
+ if (s->temp.size - s->temp.pos < 2)
+ return XZ_DATA_ERROR;
+
+ /* Filter ID = LZMA2 */
+ if (s->temp.buf[s->temp.pos++] != 0x21)
+ return XZ_OPTIONS_ERROR;
+
+ /* Size of Properties = 1-byte Filter Properties */
+ if (s->temp.buf[s->temp.pos++] != 0x01)
+ return XZ_OPTIONS_ERROR;
+
+ /* Filter Properties contains LZMA2 dictionary size. */
+ if (s->temp.size - s->temp.pos < 1)
+ return XZ_DATA_ERROR;
+
+ ret = xz_dec_lzma2_reset(s->lzma2, s->temp.buf[s->temp.pos++]);
+ if (ret != XZ_OK)
+ return ret;
+
+ /* The rest must be Header Padding. */
+ while (s->temp.pos < s->temp.size)
+ if (s->temp.buf[s->temp.pos++] != 0x00)
+ return XZ_OPTIONS_ERROR;
+
+ s->temp.pos = 0;
+ s->block.compressed = 0;
+ s->block.uncompressed = 0;
+
+ return XZ_OK;
+}
+
+static enum xz_ret dec_main(struct xz_dec *s, struct xz_buf *b)
+{
+ enum xz_ret ret;
+
+ /*
+ * Store the start position for the case when we are in the middle
+ * of the Index field.
+ */
+ s->in_start = b->in_pos;
+
+ while (true) {
+ switch (s->sequence) {
+ case SEQ_STREAM_HEADER:
+ /*
+ * Stream Header is copied to s->temp, and then
+ * decoded from there. This way if the caller
+ * gives us only little input at a time, we can
+ * still keep the Stream Header decoding code
+ * simple. Similar approach is used in many places
+ * in this file.
+ */
+ if (!fill_temp(s, b))
+ return XZ_OK;
+
+ ret = dec_stream_header(s);
+ if (ret != XZ_OK)
+ return ret;
+
+ s->sequence = SEQ_BLOCK_START;
+
+ case SEQ_BLOCK_START:
+ /* We need one byte of input to continue. */
+ if (b->in_pos == b->in_size)
+ return XZ_OK;
+
+ /* See if this is the beginning of the Index field. */
+ if (b->in[b->in_pos] == 0) {
+ s->in_start = b->in_pos++;
+ s->sequence = SEQ_INDEX;
+ break;
+ }
+
+ /*
+ * Calculate the size of the Block Header and
+ * prepare to decode it.
+ */
+ s->block_header.size
+ = ((uint32_t)b->in[b->in_pos] + 1) * 4;
+
+ s->temp.size = s->block_header.size;
+ s->temp.pos = 0;
+ s->sequence = SEQ_BLOCK_HEADER;
+
+ case SEQ_BLOCK_HEADER:
+ if (!fill_temp(s, b))
+ return XZ_OK;
+
+ ret = dec_block_header(s);
+ if (ret != XZ_OK)
+ return ret;
+
+ s->sequence = SEQ_BLOCK_UNCOMPRESS;
+
+ case SEQ_BLOCK_UNCOMPRESS:
+ ret = dec_block(s, b);
+ if (ret != XZ_STREAM_END)
+ return ret;
+
+ s->sequence = SEQ_BLOCK_PADDING;
+
+ case SEQ_BLOCK_PADDING:
+ /*
+ * Size of Compressed Data + Block Padding
+ * must be a multiple of four. We don't need
+ * s->block.compressed for anything else
+ * anymore, so we use it here to test the size
+ * of the Block Padding field.
+ */
+ while (s->block.compressed & 3) {
+ if (b->in_pos == b->in_size)
+ return XZ_OK;
+
+ if (b->in[b->in_pos++] != 0)
+ return XZ_DATA_ERROR;
+
+ ++s->block.compressed;
+ }
+
+ s->sequence = SEQ_BLOCK_CHECK;
+
+ case SEQ_BLOCK_CHECK:
+ if (s->has_crc32) {
+ ret = crc32_validate(s, b);
+ if (ret != XZ_STREAM_END)
+ return ret;
+ }
+
+ s->sequence = SEQ_BLOCK_START;
+ break;
+
+ case SEQ_INDEX:
+ ret = dec_index(s, b);
+ if (ret != XZ_STREAM_END)
+ return ret;
+
+ s->sequence = SEQ_INDEX_PADDING;
+
+ case SEQ_INDEX_PADDING:
+ while ((s->index.size + (b->in_pos - s->in_start))
+ & 3) {
+ if (b->in_pos == b->in_size) {
+ index_update(s, b);
+ return XZ_OK;
+ }
+
+ if (b->in[b->in_pos++] != 0)
+ return XZ_DATA_ERROR;
+ }
+
+ /* Finish the CRC32 value and Index size. */
+ index_update(s, b);
+
+#ifndef GRUB_EMBED_DECOMPRESSOR
+ /* Compare the hashes to validate the Index field. */
+ GRUB_MD_CRC32->final(s->block.hash.crc32_context);
+ GRUB_MD_CRC32->final(s->index.hash.crc32_context);
+ uint32_t block_crc = *(uint32_t*)GRUB_MD_CRC32->read(s->block.hash.crc32_context);
+ uint32_t index_crc = *(uint32_t*)GRUB_MD_CRC32->read(s->index.hash.crc32_context);
+
+ if (s->block.hash.unpadded != s->index.hash.unpadded
+ || s->block.hash.uncompressed != s->index.hash.uncompressed
+ || block_crc != index_crc)
+ {
+ return XZ_DATA_ERROR;
+ }
+#endif
+
+ s->sequence = SEQ_INDEX_CRC32;
+
+ case SEQ_INDEX_CRC32:
+ ret = crc32_validate(s, b);
+ if (ret != XZ_STREAM_END)
+ return ret;
+
+ s->temp.size = STREAM_HEADER_SIZE;
+ s->sequence = SEQ_STREAM_FOOTER;
+
+ case SEQ_STREAM_FOOTER:
+ if (!fill_temp(s, b))
+ return XZ_OK;
+
+ return dec_stream_footer(s);
+ }
+ }
+
+ /* Never reached */
+}
+
+/*
+ * xz_dec_run() is a wrapper for dec_main() to handle some special cases in
+ * multi-call and single-call decoding.
+ *
+ * In multi-call mode, we must return XZ_BUF_ERROR when it seems clear that we
+ * are not going to make any progress anymore. This is to prevent the caller
+ * from calling us infinitely when the input file is truncated or otherwise
+ * corrupt. Since zlib-style API allows that the caller fills the input buffer
+ * only when the decoder doesn't produce any new output, we have to be careful
+ * to avoid returning XZ_BUF_ERROR too easily: XZ_BUF_ERROR is returned only
+ * after the second consecutive call to xz_dec_run() that makes no progress.
+ *
+ * In single-call mode, if we couldn't decode everything and no error
+ * occurred, either the input is truncated or the output buffer is too small.
+ * Since we know that the last input byte never produces any output, we know
+ * that if all the input was consumed and decoding wasn't finished, the file
+ * must be corrupt. Otherwise the output buffer has to be too small or the
+ * file is corrupt in a way that decoding it produces too big output.
+ *
+ * If single-call decoding fails, we reset b->in_pos and b->out_pos back to
+ * their original values. This is because with some filter chains there won't
+ * be any valid uncompressed data in the output buffer unless the decoding
+ * actually succeeds (that's the price to pay of using the output buffer as
+ * the workspace).
+ */
+enum xz_ret xz_dec_run(struct xz_dec *s, struct xz_buf *b)
+{
+ size_t in_start;
+ size_t out_start;
+ enum xz_ret ret;
+
+ if (s->single_call)
+ xz_dec_reset(s);
+
+ in_start = b->in_pos;
+ out_start = b->out_pos;
+ ret = dec_main(s, b);
+
+ if (s->single_call) {
+ if (ret == XZ_OK)
+ ret = b->in_pos == b->in_size
+ ? XZ_DATA_ERROR : XZ_BUF_ERROR;
+
+ if (ret != XZ_STREAM_END) {
+ b->in_pos = in_start;
+ b->out_pos = out_start;
+ }
+
+ } else if (ret == XZ_OK && in_start == b->in_pos
+ && out_start == b->out_pos) {
+ if (s->allow_buf_error)
+ ret = XZ_BUF_ERROR;
+
+ s->allow_buf_error = true;
+ } else {
+ s->allow_buf_error = false;
+ }
+
+ return ret;
+}
+
+#ifdef GRUB_EMBED_DECOMPRESSOR
+struct xz_dec decoder;
+#endif
+
+struct xz_dec * xz_dec_init(uint32_t dict_max)
+{
+ struct xz_dec *s;
+#ifdef GRUB_EMBED_DECOMPRESSOR
+ s = &decoder;
+#else
+ s = kmalloc(sizeof(*s), GFP_KERNEL);
+ if (s == NULL)
+ return NULL;
+#endif
+
+#ifndef GRUB_EMBED_DECOMPRESSOR
+ /* prepare CRC32 calculators */
+ if(GRUB_MD_CRC32 == NULL)
+ {
+ kfree(s);
+ return NULL;
+ }
+
+ s->crc32_context = kmalloc(GRUB_MD_CRC32->contextsize, GFP_KERNEL);
+ if (s->crc32_context == NULL)
+ {
+ kfree(s);
+ return NULL;
+ }
+
+ s->index.hash.crc32_context = kmalloc(GRUB_MD_CRC32->contextsize, GFP_KERNEL);
+ if (s->index.hash.crc32_context == NULL)
+ {
+ kfree(s->crc32_context);
+ kfree(s);
+ return NULL;
+ }
+
+ s->block.hash.crc32_context = kmalloc(GRUB_MD_CRC32->contextsize, GFP_KERNEL);
+ if (s->block.hash.crc32_context == NULL)
+ {
+ kfree(s->index.hash.crc32_context);
+ kfree(s->crc32_context);
+ kfree(s);
+ return NULL;
+ }
+
+
+ GRUB_MD_CRC32->init(s->crc32_context);
+ GRUB_MD_CRC32->init(s->index.hash.crc32_context);
+ GRUB_MD_CRC32->init(s->block.hash.crc32_context);
+#endif
+
+ s->crc32_temp = 0;
+
+ s->single_call = dict_max == 0;
+
+#ifdef XZ_DEC_BCJ
+ s->bcj = xz_dec_bcj_create(s->single_call);
+ if (s->bcj == NULL)
+ goto error_bcj;
+#endif
+
+ s->lzma2 = xz_dec_lzma2_create(dict_max);
+ if (s->lzma2 == NULL)
+ goto error_lzma2;
+
+ xz_dec_reset(s);
+ return s;
+
+error_lzma2:
+#ifdef XZ_DEC_BCJ
+ xz_dec_bcj_end(s->bcj);
+error_bcj:
+#endif
+#ifndef GRUB_EMBED_DECOMPRESSOR
+ kfree(s);
+#endif
+ return NULL;
+}
+
+void xz_dec_reset(struct xz_dec *s)
+{
+ s->sequence = SEQ_STREAM_HEADER;
+ s->allow_buf_error = false;
+ s->pos = 0;
+
+ {
+#ifndef GRUB_EMBED_DECOMPRESSOR
+ uint8_t *t;
+ t = s->block.hash.crc32_context;
+#endif
+ memzero(&s->block, sizeof(s->block));
+#ifndef GRUB_EMBED_DECOMPRESSOR
+ s->block.hash.crc32_context = t;
+ t = s->index.hash.crc32_context;
+#endif
+ memzero(&s->index, sizeof(s->index));
+#ifndef GRUB_EMBED_DECOMPRESSOR
+ s->index.hash.crc32_context = t;
+#endif
+ }
+ s->temp.pos = 0;
+ s->temp.size = STREAM_HEADER_SIZE;
+
+#ifndef GRUB_EMBED_DECOMPRESSOR
+ GRUB_MD_CRC32->init(s->crc32_context);
+ GRUB_MD_CRC32->init(s->index.hash.crc32_context);
+ GRUB_MD_CRC32->init(s->block.hash.crc32_context);
+#endif
+ s->crc32_temp = 0;
+}
+
+void xz_dec_end(struct xz_dec *s)
+{
+ if (s != NULL) {
+ xz_dec_lzma2_end(s->lzma2);
+#ifndef GRUB_EMBED_DECOMPRESSOR
+ kfree(s->index.hash.crc32_context);
+ kfree(s->block.hash.crc32_context);
+ kfree(s->crc32_context);
+#endif
+#ifdef XZ_DEC_BCJ
+ xz_dec_bcj_end(s->bcj);
+#endif
+#ifndef GRUB_EMBED_DECOMPRESSOR
+ kfree(s);
+#endif
+ }
+}
diff --git a/grub-core/lib/xzembed/xz_lzma2.h b/grub-core/lib/xzembed/xz_lzma2.h
new file mode 100644
index 0000000..15e553d
--- /dev/null
+++ b/grub-core/lib/xzembed/xz_lzma2.h
@@ -0,0 +1,236 @@
+/* xz_lzma2.h - LZMA2 definitions */
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2010 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+/*
+ * This file is based on code from XZ embedded project
+ * http://tukaani.org/xz/embedded.html
+ */
+
+#ifndef XZ_LZMA2_H
+#define XZ_LZMA2_H
+
+/* dictionary size hard limit
+ * actual size limit is calculated as shown in 5.3.1
+ * http://tukaani.org/xz/xz-file-format.txt
+ *
+ * if bits > 39 dictionary_size = UINT32_MAX
+ * else
+ * dictionary_size = 2 | (bits & 1);
+ * dictionary_size <<= bits / 2 + 11;
+ *
+ * i.e.
+ * 0 - 4 KiB
+ * 6 - 32 KiB
+ * 30 - 128MiB
+ * 39 - 3072 MiB
+ * 40 - 4096 MiB - 1 B
+ * note: implementation supports 39 at maximum
+ */
+#define DICT_BIT_SIZE 30
+
+/* Range coder constants */
+#define RC_SHIFT_BITS 8
+#define RC_TOP_BITS 24
+#define RC_TOP_VALUE (1 << RC_TOP_BITS)
+#define RC_BIT_MODEL_TOTAL_BITS 11
+#define RC_BIT_MODEL_TOTAL (1 << RC_BIT_MODEL_TOTAL_BITS)
+#define RC_MOVE_BITS 5
+
+/*
+ * Maximum number of position states. A position state is the lowest pb
+ * number of bits of the current uncompressed offset. In some places there
+ * are different sets of probabilities for different position states.
+ */
+#define POS_STATES_MAX (1 << 4)
+
+/*
+ * This enum is used to track which LZMA symbols have occurred most recently
+ * and in which order. This information is used to predict the next symbol.
+ *
+ * Symbols:
+ * - Literal: One 8-bit byte
+ * - Match: Repeat a chunk of data at some distance
+ * - Long repeat: Multi-byte match at a recently seen distance
+ * - Short repeat: One-byte repeat at a recently seen distance
+ *
+ * The symbol names are in from STATE_oldest_older_previous. REP means
+ * either short or long repeated match, and NONLIT means any non-literal.
+ */
+enum lzma_state {
+ STATE_LIT_LIT,
+ STATE_MATCH_LIT_LIT,
+ STATE_REP_LIT_LIT,
+ STATE_SHORTREP_LIT_LIT,
+ STATE_MATCH_LIT,
+ STATE_REP_LIT,
+ STATE_SHORTREP_LIT,
+ STATE_LIT_MATCH,
+ STATE_LIT_LONGREP,
+ STATE_LIT_SHORTREP,
+ STATE_NONLIT_MATCH,
+ STATE_NONLIT_REP
+};
+
+/* Total number of states */
+#define STATES 12
+
+/* The lowest 7 states indicate that the previous state was a literal. */
+#define LIT_STATES 7
+
+/* Indicate that the latest symbol was a literal. */
+static inline void lzma_state_literal(enum lzma_state *state)
+{
+ if (*state <= STATE_SHORTREP_LIT_LIT)
+ *state = STATE_LIT_LIT;
+ else if (*state <= STATE_LIT_SHORTREP)
+ *state -= 3;
+ else
+ *state -= 6;
+}
+
+/* Indicate that the latest symbol was a match. */
+static inline void lzma_state_match(enum lzma_state *state)
+{
+ *state = *state < LIT_STATES ? STATE_LIT_MATCH : STATE_NONLIT_MATCH;
+}
+
+/* Indicate that the latest state was a long repeated match. */
+static inline void lzma_state_long_rep(enum lzma_state *state)
+{
+ *state = *state < LIT_STATES ? STATE_LIT_LONGREP : STATE_NONLIT_REP;
+}
+
+/* Indicate that the latest symbol was a short match. */
+static inline void lzma_state_short_rep(enum lzma_state *state)
+{
+ *state = *state < LIT_STATES ? STATE_LIT_SHORTREP : STATE_NONLIT_REP;
+}
+
+/* Test if the previous symbol was a literal. */
+static inline bool lzma_state_is_literal(enum lzma_state state)
+{
+ return state < LIT_STATES;
+}
+
+/* Each literal coder is divided in three sections:
+ * - 0x001-0x0FF: Without match byte
+ * - 0x101-0x1FF: With match byte; match bit is 0
+ * - 0x201-0x2FF: With match byte; match bit is 1
+ *
+ * Match byte is used when the previous LZMA symbol was something else than
+ * a literal (that is, it was some kind of match).
+ */
+#define LITERAL_CODER_SIZE 0x300
+
+/* Maximum number of literal coders */
+#define LITERAL_CODERS_MAX (1 << 4)
+
+/* Minimum length of a match is two bytes. */
+#define MATCH_LEN_MIN 2
+
+/* Match length is encoded with 4, 5, or 10 bits.
+ *
+ * Length Bits
+ * 2-9 4 = Choice=0 + 3 bits
+ * 10-17 5 = Choice=1 + Choice2=0 + 3 bits
+ * 18-273 10 = Choice=1 + Choice2=1 + 8 bits
+ */
+#define LEN_LOW_BITS 3
+#define LEN_LOW_SYMBOLS (1 << LEN_LOW_BITS)
+#define LEN_MID_BITS 3
+#define LEN_MID_SYMBOLS (1 << LEN_MID_BITS)
+#define LEN_HIGH_BITS 8
+#define LEN_HIGH_SYMBOLS (1 << LEN_HIGH_BITS)
+#define LEN_SYMBOLS (LEN_LOW_SYMBOLS + LEN_MID_SYMBOLS + LEN_HIGH_SYMBOLS)
+
+/*
+ * Maximum length of a match is 273 which is a result of the encoding
+ * described above.
+ */
+#define MATCH_LEN_MAX (MATCH_LEN_MIN + LEN_SYMBOLS - 1)
+
+/*
+ * Different sets of probabilities are used for match distances that have
+ * very short match length: Lengths of 2, 3, and 4 bytes have a separate
+ * set of probabilities for each length. The matches with longer length
+ * use a shared set of probabilities.
+ */
+#define DIST_STATES 4
+
+/*
+ * Get the index of the appropriate probability array for decoding
+ * the distance slot.
+ */
+static inline uint32_t lzma_get_dist_state(uint32_t len)
+{
+ return len < DIST_STATES + MATCH_LEN_MIN
+ ? len - MATCH_LEN_MIN : DIST_STATES - 1;
+}
+
+/*
+ * The highest two bits of a 32-bit match distance are encoded using six bits.
+ * This six-bit value is called a distance slot. This way encoding a 32-bit
+ * value takes 6-36 bits, larger values taking more bits.
+ */
+#define DIST_SLOT_BITS 6
+#define DIST_SLOTS (1 << DIST_SLOT_BITS)
+
+/* Match distances up to 127 are fully encoded using probabilities. Since
+ * the highest two bits (distance slot) are always encoded using six bits,
+ * the distances 0-3 don't need any additional bits to encode, since the
+ * distance slot itself is the same as the actual distance. DIST_MODEL_START
+ * indicates the first distance slot where at least one additional bit is
+ * needed.
+ */
+#define DIST_MODEL_START 4
+
+/*
+ * Match distances greater than 127 are encoded in three pieces:
+ * - distance slot: the highest two bits
+ * - direct bits: 2-26 bits below the highest two bits
+ * - alignment bits: four lowest bits
+ *
+ * Direct bits don't use any probabilities.
+ *
+ * The distance slot value of 14 is for distances 128-191.
+ */
+#define DIST_MODEL_END 14
+
+/* Distance slots that indicate a distance <= 127. */
+#define FULL_DISTANCES_BITS (DIST_MODEL_END / 2)
+#define FULL_DISTANCES (1 << FULL_DISTANCES_BITS)
+
+/*
+ * For match distances greater than 127, only the highest two bits and the
+ * lowest four bits (alignment) is encoded using probabilities.
+ */
+#define ALIGN_BITS 4
+#define ALIGN_SIZE (1 << ALIGN_BITS)
+#define ALIGN_MASK (ALIGN_SIZE - 1)
+
+/* Total number of all probability variables */
+#define PROBS_TOTAL (1846 + LITERAL_CODERS_MAX * LITERAL_CODER_SIZE)
+
+/*
+ * LZMA remembers the four most recent match distances. Reusing these
+ * distances tends to take less space than re-encoding the actual
+ * distance value.
+ */
+#define REPS 4
+
+#endif
diff --git a/grub-core/lib/xzembed/xz_private.h b/grub-core/lib/xzembed/xz_private.h
new file mode 100644
index 0000000..fc845c9
--- /dev/null
+++ b/grub-core/lib/xzembed/xz_private.h
@@ -0,0 +1,96 @@
+/* xz_private.h - Private includes and definitions */
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2010 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+/*
+ * This file is based on code from XZ embedded project
+ * http://tukaani.org/xz/embedded.html
+ */
+
+#ifndef XZ_PRIVATE_H
+#define XZ_PRIVATE_H
+
+/*
+ * For userspace builds, use a separate header to define the required
+ * macros and functions. This makes it easier to adapt the code into
+ * different environments and avoids clutter in the Linux kernel tree.
+ */
+#include "xz_config.h"
+
+/*
+ * If any of the BCJ filter decoders are wanted, define XZ_DEC_BCJ.
+ * XZ_DEC_BCJ is used to enable generic support for BCJ decoders.
+ */
+#ifndef XZ_DEC_BCJ
+# if defined(XZ_DEC_X86) || defined(XZ_DEC_POWERPC) \
+ || defined(XZ_DEC_IA64) || defined(XZ_DEC_ARM) \
+ || defined(XZ_DEC_ARM) || defined(XZ_DEC_ARMTHUMB) \
+ || defined(XZ_DEC_SPARC)
+# define XZ_DEC_BCJ
+# endif
+#endif
+
+/*
+ * Allocate memory for LZMA2 decoder. xz_dec_lzma2_reset() must be used
+ * before calling xz_dec_lzma2_run().
+ */
+struct xz_dec_lzma2 * xz_dec_lzma2_create(
+ uint32_t dict_max);
+
+/*
+ * Decode the LZMA2 properties (one byte) and reset the decoder. Return
+ * XZ_OK on success, XZ_MEMLIMIT_ERROR if the preallocated dictionary is not
+ * big enough, and XZ_OPTIONS_ERROR if props indicates something that this
+ * decoder doesn't support.
+ */
+enum xz_ret xz_dec_lzma2_reset(
+ struct xz_dec_lzma2 *s, uint8_t props);
+
+/* Decode raw LZMA2 stream from b->in to b->out. */
+enum xz_ret xz_dec_lzma2_run(
+ struct xz_dec_lzma2 *s, struct xz_buf *b);
+
+/* Free the memory allocated for the LZMA2 decoder. */
+void xz_dec_lzma2_end(struct xz_dec_lzma2 *s);
+
+/*
+ * Allocate memory for BCJ decoders. xz_dec_bcj_reset() must be used before
+ * calling xz_dec_bcj_run().
+ */
+struct xz_dec_bcj * xz_dec_bcj_create(bool single_call);
+
+/*
+ * Decode the Filter ID of a BCJ filter. This implementation doesn't
+ * support custom start offsets, so no decoding of Filter Properties
+ * is needed. Returns XZ_OK if the given Filter ID is supported.
+ * Otherwise XZ_OPTIONS_ERROR is returned.
+ */
+enum xz_ret xz_dec_bcj_reset(
+ struct xz_dec_bcj *s, uint8_t id);
+
+/*
+ * Decode raw BCJ + LZMA2 stream. This must be used only if there actually is
+ * a BCJ filter in the chain. If the chain has only LZMA2, xz_dec_lzma2_run()
+ * must be called directly.
+ */
+enum xz_ret xz_dec_bcj_run(struct xz_dec_bcj *s,
+ struct xz_dec_lzma2 *lzma2, struct xz_buf *b);
+
+/* Free the memory allocated for the BCJ filters. */
+#define xz_dec_bcj_end(s) kfree(s)
+
+#endif
diff --git a/grub-core/lib/xzembed/xz_stream.h b/grub-core/lib/xzembed/xz_stream.h
new file mode 100644
index 0000000..f58397a
--- /dev/null
+++ b/grub-core/lib/xzembed/xz_stream.h
@@ -0,0 +1,53 @@
+/* xz_stream.h - Definitions for handling the .xz file format */
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2010 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+/*
+ * This file is based on code from XZ embedded project
+ * http://tukaani.org/xz/embedded.html
+ */
+
+#ifndef XZ_STREAM_H
+#define XZ_STREAM_H
+
+/*
+ * See the .xz file format specification at
+ * http://tukaani.org/xz/xz-file-format.txt
+ * to understand the container format.
+ */
+
+#define STREAM_HEADER_SIZE 12
+
+#define HEADER_MAGIC "\3757zXZ\0"
+#define HEADER_MAGIC_SIZE 6
+
+#define FOOTER_MAGIC "YZ"
+#define FOOTER_MAGIC_SIZE 2
+
+/*
+ * Variable-length integer can hold a 63-bit unsigned integer, or a special
+ * value to indicate that the value is unknown.
+ */
+typedef uint64_t vli_type;
+
+#define VLI_MAX ((vli_type)-1 / 2)
+#define VLI_UNKNOWN ((vli_type)-1)
+
+/* Maximum encoded size of a VLI */
+#define VLI_BYTES_MAX (sizeof(vli_type) * 8 / 7)
+
+#endif
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 13:11:17 +0000