diff --git a/crypto/build.gradle b/crypto/build.gradle
index c9ee98142..a1cfb7773 100644
--- a/crypto/build.gradle
+++ b/crypto/build.gradle
@@ -48,7 +48,6 @@ dependencies {
implementation 'com.google.android.material:material:1.3.0'
// Crypto
implementation 'org.bouncycastle:bcprov-jdk15on:1.65.01'
- implementation 'com.lambdapioneer.argon2kt:argon2kt:1.2.0'
androidTestImplementation 'androidx.test:runner:1.3.0'
androidTestImplementation 'androidx.test:rules:1.3.0'
diff --git a/crypto/src/main/java/com/kunzisoft/encrypt/NativeLib.kt b/crypto/src/main/java/com/kunzisoft/encrypt/NativeLib.kt
index c743e4fa0..fbfdbc638 100644
--- a/crypto/src/main/java/com/kunzisoft/encrypt/NativeLib.kt
+++ b/crypto/src/main/java/com/kunzisoft/encrypt/NativeLib.kt
@@ -31,6 +31,7 @@ object NativeLib {
if (!isLoaded) {
try {
System.loadLibrary("final-key")
+ System.loadLibrary("argon2")
} catch (e: UnsatisfiedLinkError) {
return false
}
diff --git a/crypto/src/main/java/com/kunzisoft/encrypt/aes/AESProvider.kt b/crypto/src/main/java/com/kunzisoft/encrypt/aes/AESProvider.kt
index feeca53a6..5a26cdc80 100644
--- a/crypto/src/main/java/com/kunzisoft/encrypt/aes/AESProvider.kt
+++ b/crypto/src/main/java/com/kunzisoft/encrypt/aes/AESProvider.kt
@@ -27,7 +27,6 @@ class AESProvider : Provider("AESProvider", 1.0, "") {
}
companion object {
-
private const val serialVersionUID = -3846349284296062658L
}
diff --git a/crypto/src/main/java/com/kunzisoft/encrypt/argon2/Argon2Transformer.kt b/crypto/src/main/java/com/kunzisoft/encrypt/argon2/Argon2Transformer.kt
index e7c2706f3..c15c0464f 100644
--- a/crypto/src/main/java/com/kunzisoft/encrypt/argon2/Argon2Transformer.kt
+++ b/crypto/src/main/java/com/kunzisoft/encrypt/argon2/Argon2Transformer.kt
@@ -1,8 +1,6 @@
package com.kunzisoft.encrypt.argon2
-import com.lambdapioneer.argon2kt.Argon2Kt
-import com.lambdapioneer.argon2kt.Argon2Mode
-import com.lambdapioneer.argon2kt.Argon2Version
+import com.kunzisoft.encrypt.NativeLib
object Argon2Transformer {
@@ -14,26 +12,22 @@ object Argon2Transformer {
iterations: Long,
version: Int): ByteArray {
+ NativeLib.init()
val argon2Type = when(type) {
- Argon2Type.ARGON2_I -> Argon2Mode.ARGON2_I
- Argon2Type.ARGON2_D -> Argon2Mode.ARGON2_D
- Argon2Type.ARGON2_ID -> Argon2Mode.ARGON2_ID
+ Argon2Type.ARGON2_I -> NativeArgon2KeyTransformer.CType.ARGON2_I
+ Argon2Type.ARGON2_D -> NativeArgon2KeyTransformer.CType.ARGON2_D
+ Argon2Type.ARGON2_ID -> NativeArgon2KeyTransformer.CType.ARGON2_ID
}
- val argon2Version = when(version) {
- 0x10 -> Argon2Version.V10
- 0x13 -> Argon2Version.V13
- else -> Argon2Version.V13
- }
-
- return Argon2Kt().hash(
- argon2Type,
+ return NativeArgon2KeyTransformer.nTransformKey(
+ argon2Type.cValue,
password,
salt,
- iterations.toInt(),
- memory.toInt(),
parallelism.toInt(),
- 32,
- argon2Version).rawHashAsByteArray()
+ memory.toInt(),
+ iterations.toInt(),
+ ByteArray(0),
+ ByteArray(0),
+ version)
}
}
\ No newline at end of file
diff --git a/crypto/src/main/java/com/kunzisoft/encrypt/argon2/NativeArgon2KeyTransformer.java b/crypto/src/main/java/com/kunzisoft/encrypt/argon2/NativeArgon2KeyTransformer.java
new file mode 100644
index 000000000..b3bc34601
--- /dev/null
+++ b/crypto/src/main/java/com/kunzisoft/encrypt/argon2/NativeArgon2KeyTransformer.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2017 Brian Pellin, Jeremy Jamet / Kunzisoft.
+ *
+ * This file is part of KeePassDX.
+ *
+ * KeePassDX is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * KeePassDX is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with KeePassDX. If not, see .
+ *
+ */
+package com.kunzisoft.encrypt.argon2;
+
+import java.io.IOException;
+
+public class NativeArgon2KeyTransformer {
+
+ enum CType {
+ ARGON2_D(0),
+ ARGON2_I(1),
+ ARGON2_ID(2);
+
+ int cValue = 0;
+
+ CType(int i) {
+ cValue = i;
+ }
+ }
+
+ public static native byte[] nTransformKey(int type, byte[] password, byte[] salt, int parallelism,
+ int memory, int iterations, byte[] secretKey,
+ byte[] associatedData, int version) throws IOException;
+}
diff --git a/crypto/src/main/jni/CMakeLists.txt b/crypto/src/main/jni/CMakeLists.txt
index 68e85cdd4..51536c990 100644
--- a/crypto/src/main/jni/CMakeLists.txt
+++ b/crypto/src/main/jni/CMakeLists.txt
@@ -1,3 +1,4 @@
cmake_minimum_required(VERSION 3.4.1)
-add_subdirectory(final_key)
+add_subdirectory(aes)
+add_subdirectory(argon2)
diff --git a/crypto/src/main/jni/final_key/CMakeLists.txt b/crypto/src/main/jni/aes/CMakeLists.txt
similarity index 96%
rename from crypto/src/main/jni/final_key/CMakeLists.txt
rename to crypto/src/main/jni/aes/CMakeLists.txt
index b5556c4ae..431ca13fd 100644
--- a/crypto/src/main/jni/final_key/CMakeLists.txt
+++ b/crypto/src/main/jni/aes/CMakeLists.txt
@@ -7,7 +7,7 @@ include_directories(sha/)
add_library(
final-key SHARED
- kpd_jni.c
+ aes_jni.c
aes/aescrypt.c
aes/aeskey.c
aes/aes_modes.c
diff --git a/crypto/src/main/jni/final_key/aes/aes.h b/crypto/src/main/jni/aes/aes/aes.h
similarity index 57%
rename from crypto/src/main/jni/final_key/aes/aes.h
rename to crypto/src/main/jni/aes/aes/aes.h
index 8ccf06b12..46d1f6bdd 100644
--- a/crypto/src/main/jni/final_key/aes/aes.h
+++ b/crypto/src/main/jni/aes/aes/aes.h
@@ -1,21 +1,28 @@
/*
----------------------------------------------------------------------------
-Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
+ ---------------------------------------------------------------------------
+ Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved.
-The redistribution and use of this software (with or without changes)
-is allowed without the payment of fees or royalties provided that:
+ LICENSE TERMS
- source code distributions include the above copyright notice, this
- list of conditions and the following disclaimer;
+ The redistribution and use of this software (with or without changes)
+ is allowed without the payment of fees or royalties provided that:
- binary distributions include the above copyright notice, this list
- of conditions and the following disclaimer in their documentation.
+ 1. source code distributions include the above copyright notice, this
+ list of conditions and the following disclaimer;
-This software is provided 'as is' with no explicit or implied warranties
-in respect of its operation, including, but not limited to, correctness
-and fitness for purpose.
----------------------------------------------------------------------------
-Issue Date: 02/09/2018
+ 2. binary distributions include the above copyright notice, this list
+ of conditions and the following disclaimer in their documentation;
+
+ 3. the name of the copyright holder is not used to endorse products
+ built using this software without specific written permission.
+
+ DISCLAIMER
+
+ This software is provided 'as is' with no explicit or implied warranties
+ in respect of its properties, including, but not limited to, correctness
+ and/or fitness for purpose.
+ ---------------------------------------------------------------------------
+ Issue Date: 20/12/2007
This file contains the definitions required to use AES in C. See aesopt.h
for optimisation details.
@@ -26,7 +33,7 @@ Issue Date: 02/09/2018
#include
-/* This include is used to find 8 & 32 bit unsigned integer types */
+/* This include is used to find 8 & 32 bit unsigned integer types */
#include "brg_types.h"
#if defined(__cplusplus)
@@ -34,30 +41,24 @@ extern "C"
{
#endif
-#define AES_128 /* if a fast 128 bit key scheduler is needed */
-#define AES_192 /* if a fast 192 bit key scheduler is needed */
-#define AES_256 /* if a fast 256 bit key scheduler is needed */
-#define AES_VAR /* if variable key size scheduler is needed */
-#if 1
-# define AES_MODES /* if support is needed for modes in the C code */
-#endif /* (these will use AES_NI if it is present) */
-#if 0 /* add this to make direct calls to the AES_NI */
-# /* implemented CBC and CTR modes available */
-# define ADD_AESNI_MODE_CALLS
-#endif
+#define AES_128 /* if a fast 128 bit key scheduler is needed */
+#define AES_192 /* if a fast 192 bit key scheduler is needed */
+#define AES_256 /* if a fast 256 bit key scheduler is needed */
+#define AES_VAR /* if variable key size scheduler is needed */
+#define AES_MODES /* if support is needed for modes */
-/* The following must also be set in assembler files if being used */
+/* The following must also be set in assembler files if being used */
-#define AES_ENCRYPT /* if support for encryption is needed */
-#define AES_DECRYPT /* if support for decryption is needed */
+#define AES_ENCRYPT /* if support for encryption is needed */
+#define AES_DECRYPT /* if support for decryption is needed */
+#define AES_REV_DKS /* define to reverse decryption key schedule */
-#define AES_BLOCK_SIZE_P2 4 /* AES block size as a power of 2 */
-#define AES_BLOCK_SIZE (1 << AES_BLOCK_SIZE_P2) /* AES block size */
-#define N_COLS 4 /* the number of columns in the state */
+#define AES_BLOCK_SIZE 16 /* the AES block size in bytes */
+#define N_COLS 4 /* the number of columns in the state */
-/* The key schedule length is 11, 13 or 15 16-byte blocks for 128, */
-/* 192 or 256-bit keys respectively. That is 176, 208 or 240 bytes */
-/* or 44, 52 or 60 32-bit words. */
+/* The key schedule length is 11, 13 or 15 16-byte blocks for 128, */
+/* 192 or 256-bit keys respectively. That is 176, 208 or 240 bytes */
+/* or 44, 52 or 60 32-bit words. */
#if defined( AES_VAR ) || defined( AES_256 )
#define KS_LENGTH 60
@@ -69,46 +70,25 @@ extern "C"
#define AES_RETURN INT_RETURN
-/* the character array 'inf' in the following structures is used */
-/* to hold AES context information. This AES code uses cx->inf.b[0] */
-/* to hold the number of rounds multiplied by 16. The other three */
-/* elements can be used by code that implements additional modes */
+/* the character array 'inf' in the following structures is used */
+/* to hold AES context information. This AES code uses cx->inf.b[0] */
+/* to hold the number of rounds multiplied by 16. The other three */
+/* elements can be used by code that implements additional modes */
typedef union
-{ uint32_t l;
- uint8_t b[4];
+{ uint_32t l;
+ uint_8t b[4];
} aes_inf;
-/* Macros for detecting whether a given context was initialized for */
-/* use with encryption or decryption code. These should only be used */
-/* by e.g. language bindings which lose type information when the */
-/* context pointer is passed to the calling language's runtime. */
-#define IS_ENCRYPTION_CTX(cx) (((cx)->inf.b[2] & (uint8_t)0x01) == 1)
-#define IS_DECRYPTION_CTX(cx) (((cx)->inf.b[2] & (uint8_t)0x01) == 0)
-
-#ifdef _MSC_VER
-# pragma warning( disable : 4324 )
-#endif
-
-#if defined(_MSC_VER) && defined(_WIN64)
-#define ALIGNED_(x) __declspec(align(x))
-#elif defined(__GNUC__) && defined(__x86_64__)
-#define ALIGNED_(x) __attribute__ ((aligned(x)))
-#else
-#define ALIGNED_(x)
-#endif
-
-typedef struct ALIGNED_(16)
-{ uint32_t ks[KS_LENGTH];
+typedef struct
+{ uint_32t ks[KS_LENGTH];
aes_inf inf;
-} aes_crypt_ctx;
+} aes_encrypt_ctx;
-typedef aes_crypt_ctx aes_encrypt_ctx;
-typedef aes_crypt_ctx aes_decrypt_ctx;
-
-#ifdef _MSC_VER
-# pragma warning( default : 4324 )
-#endif
+typedef struct
+{ uint_32t ks[KS_LENGTH];
+ aes_inf inf;
+} aes_decrypt_ctx;
/* This routine must be called before first use if non-static */
/* tables are being used */
@@ -166,14 +146,14 @@ AES_RETURN aes_decrypt(const unsigned char *in, unsigned char *out, const aes_de
/* Multiple calls to the following subroutines for multiple block */
/* ECB, CBC, CFB, OFB and CTR mode encryption can be used to handle */
-/* long messages incrementally provided that the context AND the iv */
+/* long messages incremantally provided that the context AND the iv */
/* are preserved between all such calls. For the ECB and CBC modes */
/* each individual call within a series of incremental calls must */
/* process only full blocks (i.e. len must be a multiple of 16) but */
/* the CFB, OFB and CTR mode calls can handle multiple incremental */
-/* calls of any length. Each mode is reset when a new AES key is */
-/* set but ECB needs no reset and CBC can be reset without setting */
-/* a new key by setting a new IV value. To reset CFB, OFB and CTR */
+/* calls of any length. Each mode is reset when a new AES key is */
+/* set but ECB and CBC operations can be reset without setting a */
+/* new key by setting a new IV value. To reset CFB, OFB and CTR */
/* without setting the key, aes_mode_reset() must be called and the */
/* IV must be set. NOTE: All these calls update the IV on exit so */
/* this has to be reset if a new operation with the same IV as the */
@@ -218,59 +198,6 @@ AES_RETURN aes_ctr_crypt(const unsigned char *ibuf, unsigned char *obuf,
#endif
-#if 0 && defined( ADD_AESNI_MODE_CALLS )
-# define USE_AES_CONTEXT
-#endif
-
-#ifdef ADD_AESNI_MODE_CALLS
-# ifdef USE_AES_CONTEXT
-
-AES_RETURN aes_CBC_encrypt(const unsigned char *in,
- unsigned char *out,
- unsigned char ivec[16],
- unsigned long length,
- const aes_encrypt_ctx cx[1]);
-
-AES_RETURN aes_CBC_decrypt(const unsigned char *in,
- unsigned char *out,
- unsigned char ivec[16],
- unsigned long length,
- const aes_decrypt_ctx cx[1]);
-
-AES_RETURN AES_CTR_encrypt(const unsigned char *in,
- unsigned char *out,
- const unsigned char ivec[8],
- const unsigned char nonce[4],
- unsigned long length,
- const aes_encrypt_ctx cx[1]);
-
-# else
-
-void aes_CBC_encrypt(const unsigned char *in,
- unsigned char *out,
- unsigned char ivec[16],
- unsigned long length,
- unsigned char *key,
- int number_of_rounds);
-
-void aes_CBC_decrypt(const unsigned char *in,
- unsigned char *out,
- unsigned char ivec[16],
- unsigned long length,
- unsigned char *key,
- int number_of_rounds);
-
-void aes_CTR_encrypt(const unsigned char *in,
- unsigned char *out,
- const unsigned char ivec[8],
- const unsigned char nonce[4],
- unsigned long length,
- const unsigned char *key,
- int number_of_rounds);
-
-# endif
-#endif
-
#if defined(__cplusplus)
}
#endif
diff --git a/crypto/src/main/jni/final_key/aes/aes.txt b/crypto/src/main/jni/aes/aes/aes.txt
similarity index 77%
rename from crypto/src/main/jni/final_key/aes/aes.txt
rename to crypto/src/main/jni/aes/aes/aes.txt
index 25710f29e..ca165632b 100644
--- a/crypto/src/main/jni/final_key/aes/aes.txt
+++ b/crypto/src/main/jni/aes/aes/aes.txt
@@ -2,67 +2,8 @@
An AES (Rijndael) Implementation in C/C++ (as specified in FIPS-197)
====================================================================
-Change (26/09/2018)
-===================
-
-1. Changes to test programs to allow them to be built on Linux/GCC
- (with thanks to Michael Mohr).
-
-2. Rationalisation of the defines DLL_IMPORT, DYNAMIC_DLL and USE_DLL
- in the test code - now DLL_IMPORT and DLL_DYNAMIC_LOAD
-
-3. Update the test_avs test to allow the testing of static, DLL and
- dynamically loaded DLL libraries.
-
-Change (21/05/2018)
-===================
-
-1. Properly dectect presence of AESNI when using GCC (my thanks to
- Peter Gutmann for this fix)
-
-Changes (6/12/2016)
-====================
-
-1. Changed function definition of has_aes_ni() to has_aes_ni(void),
- suggested by Peter Gutmann
-
-2. Changed the default location for the vsyasm assembler to:
- C:\Program Files\yasm
-
-Changes (27/09/2015)
-====================
-
-1. Added automatic dynamic table initialisation (my thanks to
- Henrik S. Gaßmann who proposed this addition).
-
-Changes (09/09/2014)
-====================
-
-1. Added the ability to use Intel's hardware support for AES
- with GCC on Windows and Linux
-
-Changes (01/09/2014)
-====================
-
-1. Clarify some user choices in the file aes_amd64.asm
-
-2. Change the detection of the x86 and x86_64 processors
- in aesopt.h to allow assembler code use with GCC
-
-Changes (14/11/2013)
-====================
-
-1. Added the ability to use Intel's hardware support for AES
- on Windows using Microsoft Visual Studio.
-
-2. Added the include 'stdint.h' and used the uint_t instead
- of the old uint_t (e.g. uint_32t is now uint32_t).
-
-3. Added a missing .text directive in aes_x86_v2.asm that caused
- runtime errors in one build configuration.
-
-Changes (16/04/2007)
-====================
+Changes in this Version (16/04/2007)
+====================================
These changes remove errors in the VC++ build files and add some
improvements in file naming consitency and portability. There are
@@ -118,11 +59,6 @@ In addition AES modes are implemented in the files:
aes_modes.c AES modes with optional support for VIA ACE detection and use
aes_via_ace.h the header file for VIA ACE support
-and Intel hardware support for AES (AES_NI) is implemented in the files
-
-aes_ni.h defines for AES_NI implementation
-aes_ni.c the AES_NI implementation
-
Other associated files for testing and support are:
aesaux.h header for auxilliary routines for testsing
@@ -152,105 +88,104 @@ A. Versions
The code can be used to build static and dynamic libraries, each in five
versions:
- Key scheduling code in C, encrypt/decrypt in:
+ C uses C source code only
+ ASM_X86_V1C large table x86 assembler code for encrypt/decrypt
+ ASM_X86_V2 compressed table x86 assembler for encrypt/decrypt and keying
+ ASM_X86_V2C compressed table x86 assembler code for encrypt/decrypt
+ ASM_AMD64 compressed table x86 assembler code for encrypt/decrypt
- C C source code (win32 and x64)
- ASM_X86_V1C large table x86 assembler code (win32)
- ASM_X86_V2C compressed table x86 assembler code (win32)
- ASM_AMD64 compressed table x64 assembler code (x64)
-
- Key scheduling and encrypt/decrypt code in assembler:
-
- ASM_X86_V2 compressed table x86 assembler (win32)
+The C version can be compiled for Win32 or x64, the x86 assembler versions
+are for Win32 only and the AMD64 version for x64 only.
-The C version can be compiled for Win32 or x64 whereas the x86 and x64
-assembler versions are for Win32 and x64 respectively.
+B. Types
+--------
-If Intel's hardware support for AES (AES_NI) is available, it can be used
-with either the C or the ASM_AMD64 version. If ASM_AMD64 is to be used, it
-is important that the define USE_INTEL_AES_IF_PRESENT in asm_amd64.asm is
-set to the same value as it has in aesopt.h
+The code makes use of types defined as uint_t where is the length
+of the type, for example, the unsigned 32-bit type is 'uint_32t'. These are
+NOT the same as the fixed width integer types in C99, inttypes.h and stdint.h
+since several attempts to use these types have shown that support for them is
+still highly variable. But a regular expression search and replace in VC++
+with search on 'uint_{:z}t' and a replace with 'uint\1_t' will convert these
+types to C99 types (there should be similar search/replace facilities on other
+systems).
-B. YASM
+C. YASM
-------
If you wish to use the x86 assembler files you will also need the YASM open
source x86 assembler (r1331 or later) for Windows which can be obtained from:
- http://www.tortall.net/projects/yasm/
+ http://www.tortall.net/projects/yasm/
-This assembler (vsyasm.exe) should be placed in the directory:
+This assembler should be placed in the bin directory used by VC++, which, for
+Visual Stduio 2005, is typically:
- C:\Program Files\yasm
+ C:\Program Files (x86)\Microsoft Visual Studio 8\VC\bin
-C. Configuration
+You will also need to move the yasm.rules file from this distribution into
+the directory where Visual Studio 2005 expects to find it, which is typically:
+
+ C:\Program Files (x86)\Microsoft Visual Studio 8\VC\VCProjectDefaults
+
+Alternatively you can configure the path for rules files within Visual Studio.
+
+D. Configuration
----------------
-The following configurations are available as projects for Visual Studio
+The following configurations are available as projects for Visual Studio 2005
but the following descriptions should allow them to be built in other x86
-environments
+environments:
lib_generic_c Win32 and x64
- headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs.h
- (+ aes_ni.h for AES_NI)
+ headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs,h
C source: aescrypt.c, aeskey.c, aestab.c, aes_modes.c
- (+ aes_ni.c for AES_NI)
defines
-
dll_generic_c Win32 and x64
- headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs.h
- (+ aes_ni.h for AES_NI)
+ headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs,h
C source: aescrypt.c, aeskey.c, aestab.c, aes_modes.c
- (+ aes_ni.c for AES_NI)
defines DLL_EXPORT
lib_asm_x86_v1c Win32
- headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs.h
+ headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs,h
C source: aeskey.c, aestab.c, aes_modes.c
x86 assembler: aes_x86_v1.asm
defines ASM_X86_V1C (set for C and assembler files)
-
- dll_asm_x86_v1c Win32
- headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs.h
+ dll_asm_x86_v1c Win32
+ headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs,h
C source: aeskey.c, aestab.c, aes_modes.c
x86 assembler: aes_x86_v1.asm
defines DLL_EXPORT, ASM_X86_V1C (set for C and assembler files)
lib_asm_x86_v2c Win32
- headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs.h
+ headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs,h
C source: aeskey.c, aestab.c, aes_modes.c
x86 assembler: aes_x86_v2.asm
defines ASM_X86_V2C (set for C and assembler files)
-
- dll_asm_x86_v2c Win32
- headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs.h
+ dll_asm_x86_v2c Win32
+ headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs,h
C source: aeskey.c, aestab.c, aes_modes.c
x86 assembler: aes_x86_v1.asm
defines DLL_EXPORT, ASM_X86_V2C (set for C and assembler files)
lib_asm_x86_v2 Win32
- headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs.h
+ headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs,h
C source: aes_modes.c
x86 assembler: aes_x86_v1.asm
defines ASM_X86_V2 (set for C and assembler files)
-
- dll_asm_x86_v2 Win32
- headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs.h
+ dll_asm_x86_v2 Win32
+ headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs,h
C source: aes_modes.c
x86 assembler: aes_x86_v1.asm
defines DLL_EXPORT, ASM_AMD64_C (set for C and assembler files)
lib_asm_amd64_c x64
- headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs.h
- (+ aes_ni.h for AES_NI)
- C source: aes_modes.c (+ aes_ni.c for AES_NI)
+ headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs,h
+ C source: aes_modes.c
x86 assembler: aes_amd64.asm
- defines ASM_AMD64_C (set for C and assembler files)
-
- dll_asm_amd64_c x64
- headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs.h
- (+ aes_ni.h for AES_NI)
- C source: aes_modes.c (+ aes_ni.c for AES_NI)
+ defines ASM_X86_V2 (set for C and assembler files)
+ dll_asm_amd64_c x64
+ headers: aes.h, aesopt.h, aestab.h, brg_endian.h, tdefs,h
+ C source: aes_modes.c
x86 assembler: aes_amd64.asm
defines DLL_EXPORT, ASM_AMD64_C (set for C and assembler files)
@@ -260,27 +195,28 @@ ASM_X86_V1C is defined if using the version 1 assembler code (aescrypt1.asm).
The defines in the assember file must match those in aes.h and
aesopt.h). Also remember to include/exclude the right assembler
and C files in the build to avoid undefined or multiply defined
- symbols - include aes_x86_v1.asm and exclude aescrypt.c
+ symbols - include aescrypt1.asm and exclude aescrypt.c and
+ aescrypt2.asm.
-ASM_X86_V2 is defined if using the version 2 assembler code (aes_x86_v2.asm).
+ASM_X86_V2 is defined if using the version 2 assembler code (aescrypt2.asm).
This version provides a full, self contained assembler version
and does not use any C source code files except for the mutiple
block encryption modes that are provided by aes_modes.c. The define
- ASM_X86_V2 must be set on the YASM command line (or in aes_x86_v2.asm)
- to use this version and all C files except aec_modes.c and, for the
+ ASM_X86_V2 must be set on the YASM command line (or in aescrypt2.asm)
+ to use this version and all C files except aec_modes.c and. for the
DLL build, aestab.c must be excluded from the build.
-ASM_X86_V2C is defined when using the version 2 assembler code (aes_x86_v2.asm)
+ASM_X86_V2C is defined when using the version 2 assembler code (aescrypt2.asm)
with faster key scheduling provided by the in C code (the options in
the assember file must match those in aes.h and aesopt.h). In this
- case aeskey.c and aestab.c are needed with aes_x86_v2.asm and the
+ case aeskey.c and aestab.c are needed with aescrypt2.asm and the
define ASM_X86_V2C must be set for both the C files and for
- aes_x86_v2.asm in the build commands(or in aesopt.h and aes_x86_v2.asm).
- Include aes_x86_v2.asm, aeskey.c and aestab.c, exclude aescrypt.c for
+ asecrypt2.asm command lines (or in aesopt.h and aescrypt2.asm).
+ Include aescrypt2.asm aeskey.c and aestab.c, exclude aescrypt.c for
this option.
ASM_AMD64_C is defined when using the AMD64 assembly code because the C key
- scheduling is used in this case.
+ scheduling is sued in this case.
DLL_EXPORT must be defined to generate the DLL version of the code and
to run tests on it
@@ -310,11 +246,11 @@ Libraries
in the aes root directory depending on the platform(win32 or
x64) and the build (release or debug). After any of these is
- built it is then copied into the aes\lib directory, which is
- the library location that is subsequently used for testing.
- Hence testing is always for the last static library built.
+ built it is then copied into aes.lib, which is the library
+ that is subsequently used for testing. Hence testing is for
+ the last static library built.
-Dynamic These libraries are named:
+Dynamic The static libraries are named:
Libraries
aes_lib_generic_c.dll
aes_lib_asm_x86_v1c.dll
@@ -341,31 +277,18 @@ Libraries
aes_dll_.pdb the symbol file
After any DLL is built it and its three related files are then
- copied to the aes\dll directory, which is the library location
- used in subsequent testing. Hence testing is always for the
- last DLL built.
-
-D. Testing
+ copied into aes.lib, aes.lib, aes,exp and aes.pdb, which are
+ the libraries used for testing. Hence testing is for the last
+ static library or DLL built.
+
+E. Testing
----------
These tests require that the test vector files are placed in the 'testvals'
-subdirectory. If the AES Algorithm Validation Suite tests are used then
+subdirectory. If the AES Algorithm Validation Suite tests will be use3d then
the *.fax files need to be put in the 'testvals\fax' subdirectory. This is
covered in more detail below.
-The projects test_lib and time_lib are used to test and time the last static
-library built. They use the files:
-
- test_lib: Win32 (x64 for the C and AMD64 versions)
- headers: aes.h, aescpp.h, brg_types.h, aesaux.h and aestst.h
- C source: aesaux.c, aesrav.c
- defines:
-
- time_lib: Win32 (x64 for the C and AMD64 versions)
- headers: aes.h, aescpp.h, brg_types.h, aesaux.h, aestst.h and rdtsc.h
- C source: aesaux.c, aestmr.c
- defines:
-
The projects test_dll and time_dll are used to test and time the last DLL
built. These use the files:
@@ -379,15 +302,26 @@ built. These use the files:
C source: aesaux.c, aestmr.c
defines: DLL_IMPORT
-and default to linkingto with the AES DLL using dynamic (run-time) linking. Implicit
-linking can be used by adding the lib file associated with the AES DLL (in the aes\dll
-sub-directory) to the build (under project Properties|Linker in Visual Studio) and
-removing the DLL_DYNAMIC_LOAD define (under project Properties|C/C++|Preprocessor).
+and link to the DLL using explicit linking. However, if the lib file associated
+with the DLL is linked into this project and the symbol DYNAMIC_LINK in aestst.h
+is left undefined, then implicit linking will be used
-0 Link is linked into this project and the symbol
-DLL_DYNAMIC_LOAD is left undefined, then implicit linking will be used
+The projects test_lib and time_lib are used to test and time the last static LIB
+built. They use the files:
-The above tests take command line arguments that determine which test are run
+ test_lib: Win32 (x64 for the C and AMD64 versions)
+ headers: aes.h, aescpp.h, brg_types.h, aesaux.h and aestst.h
+ C source: aesaux.c, aesrav.c
+ defines:
+
+ time_lib: Win32 (x64 for the C and AMD64 versions)
+ headers: aes.h, aescpp.h, brg_types.h, aesaux.h, aestst.h and rdtsc.h
+ C source: aesaux.c, aestmr.c
+ defines:
+
+and link to the last static library built.
+
+The above test take command line arguments that determine which test are run
as follows:
test_lib /t:[knec] /k:[468]
@@ -405,8 +339,8 @@ the brackets) and have the following meanings:
e: generate ECB Monte Carlo Test files
c: generate CBC Monte Carlo Test files
-and the characters giving the lengths are digits representing the key lengths
-in 32-bit units (4, 6, 8 for lengths of 128, 192 or 256 bits respectively).
+and the characters giving the lengths are digits representing the lengths in
+32-bit units.\n\n");
The project test_modes tests the AES modes. It uses the files:
@@ -417,7 +351,7 @@ The project test_modes tests the AES modes. It uses the files:
which again links to the last library built.
-E. Other Applications
+F. Other Applications
---------------------
These are:
@@ -436,8 +370,8 @@ These are:
These applications are linked to the last static library built or, if
DLL_IMPORT is defined during compilation, to the last DLL built.
-F. Use of the VIA ACE Cryptography Engine (x86 only)
-----------------------------------------------------
+G. Use of the VIA ACE Cryptography Engine
+-----------------------------------------
The use of the code with the VIA ACE cryptography engine in described in the
file via_ace.txt. In outline aes_modes.c is used and USE_VIA_ACE_IF_PRESENT
@@ -448,7 +382,7 @@ support is needed and AES assembler is being used only the ASM_X86_V1C and
ASM_X86_V2C versions should be used since ASM_X86_V2 and ASM_AMD64 do not
support the VIA ACE engine.
-G. The AES Test Vector Files
+H. The AES Test Vector Files
----------------------------
These files fall in the following groups (where is a two digit
@@ -476,7 +410,7 @@ The AES Algorithm Validation Suite tests can be run for ECB, CBC, CFB and
OFB modes (CFB1 and CFB8 are not implemented). The test routine uses the
*.fax test files, which should be placed in the 'testvals\fax' subdirectory.
-H. The Basic AES Calling Interface
+I. The Basic AES Calling Interface
----------------------------------
The basic AES code keeps its state in a context, there being different
@@ -487,8 +421,8 @@ contexts for encryption and decryption:
The AES code is initialised with the call
- aes_init(void)
-
+ aes_init(void)
+
although this is only essential if the option to generate the AES tables at
run-time has been set in the options (i.e.fixed tables are not being used).
@@ -527,7 +461,7 @@ Encryption and decryption for a single 16 byte block is then achieved using:
The above subroutines return a value of EXIT_SUCCESS or EXIT_FAILURE
depending on whether the operation succeeded or failed.
-I. The Calling Interface for the AES Modes
+J. The Calling Interface for the AES Modes
------------------------------------------
The subroutines for the AES modes, ECB, CBC, CFB, OFB and CTR, each process
@@ -590,8 +524,8 @@ Please note the following IMPORTANT points about the AES mode subroutines:
key must be set or a reset must be issued (see
below).
- 3. For modes with IVs, the IV value is an input AND
- an output since it is updated after each call to
+ 3. For modes with IVs, the IV value is an inpu AND
+ an ouput since it is updated after each call to
the value needed for any subsequent incremental
call(s). If the mode is reset, the IV hence has
to be set (or reset) as well.
@@ -612,11 +546,11 @@ Please note the following IMPORTANT points about the AES mode subroutines:
7. CFB, OFB and CTR modes only use AES encryption
operations and contexts and do not need AES
- decryption operations.
+ decrytpion operations.
8. AES keys remain valid across resets and changes
of mode (but encryption and decryption keys must
both be set if they are needed).
- Brian Gladman 26/09/2018
-
\ No newline at end of file
+ Brian Gladman 22/07/2008
+
\ No newline at end of file
diff --git a/crypto/src/main/jni/final_key/aes/aes_amd64.asm b/crypto/src/main/jni/aes/aes/aes_amd64.asm
similarity index 85%
rename from crypto/src/main/jni/final_key/aes/aes_amd64.asm
rename to crypto/src/main/jni/aes/aes/aes_amd64.asm
index 7de6ba2c8..9111f812b 100644
--- a/crypto/src/main/jni/final_key/aes/aes_amd64.asm
+++ b/crypto/src/main/jni/aes/aes/aes_amd64.asm
@@ -1,21 +1,28 @@
; ---------------------------------------------------------------------------
-; Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
-;
-; The redistribution and use of this software (with or without changes)
-; is allowed without the payment of fees or royalties provided that:
-;
-; source code distributions include the above copyright notice, this
-; list of conditions and the following disclaimer;
-;
-; binary distributions include the above copyright notice, this list
-; of conditions and the following disclaimer in their documentation.
-;
+; Copyright (c) 1998-2007, Brian Gladman, Worcester, UK. All rights reserved.
+;
+; LICENSE TERMS
+;
+; The free distribution and use of this software is allowed (with or without
+; changes) provided that:
+;
+; 1. source code distributions include the above copyright notice, this
+; list of conditions and the following disclaimer;
+;
+; 2. binary distributions include the above copyright notice, this list
+; of conditions and the following disclaimer in their documentation;
+;
+; 3. the name of the copyright holder is not used to endorse products
+; built using this software without specific written permission.
+;
+; DISCLAIMER
+;
; This software is provided 'as is' with no explicit or implied warranties
-; in respect of its operation, including, but not limited to, correctness
-; and fitness for purpose.
+; in respect of its properties, including, but not limited to, correctness
+; and/or fitness for purpose.
; ---------------------------------------------------------------------------
-; Issue Date: 27/10/2018
+; Issue 20/12/2007
;
; I am grateful to Dag Arne Osvik for many discussions of the techniques that
; can be used to optimise AES assembler code on AMD64/EM64T architectures.
@@ -44,10 +51,7 @@
; used if __GNUC__ is defined.
;
; Define _SEH_ to include support for Win64 structured exception handling
-; (this requires YASM version 0.6 or later).
-;
-; In order to use this code in Windows kernel mode, set the NO_PAGING define
-; to disable structured exception handling and paging.
+; (this requires YASM version 0.6 or later).
;
; This code provides the standard AES block size (128 bits, 16 bytes) and the
; three standard AES key sizes (128, 192 and 256 bits). It has the same call
@@ -73,40 +77,19 @@
; AES_RETURN aes_decrypt_key(const unsigned char key[],
; unsigned int len, const aes_decrypt_ctx cx[1]);
;
-; where is 128, 192 or 256. In the last two calls the length can be in
+; where is 128, 102 or 256. In the last two calls the length can be in
; either bits or bytes.
-
-;----------------------------------------------------------------------------
-
-; Use of this assembler code in Windows kernel mode requires structured
-; exception handling and memory paging to be disabled
-%ifdef NO_PAGING
-%undef _SEH_
-%define set_page nopage
-%else
-%define set_page
-%endif
-
+;
; Comment in/out the following lines to obtain the desired subroutines. These
-; selections MUST match those in the C header files aes.h and aesopt.h
-%ifdef INTEL_AES_POSSIBLE
-%define USE_INTEL_AES_IF_PRESENT
-%endif
+; selections MUST match those in the C header file aes.h
+
%define AES_128 ; define if AES with 128 bit keys is needed
%define AES_192 ; define if AES with 192 bit keys is needed
%define AES_256 ; define if AES with 256 bit keys is needed
%define AES_VAR ; define if a variable key size is needed
%define ENCRYPTION ; define if encryption is needed
%define DECRYPTION ; define if decryption is needed
-;----------------------------------------------------------------------------
-
-%ifdef USE_INTEL_AES_IF_PRESENT
-%define aes_ni(x) aes_ %+ x %+ _i
-%undef AES_REV_DKS
-%else
-%define aes_ni(x) aes_ %+ x
-%define AES_REV_DKS
-%endif
+%define AES_REV_DKS ; define if key decryption schedule is reversed
%define LAST_ROUND_TABLES ; define for the faster version using extra tables
@@ -143,15 +126,15 @@
; | decryption round N-1 | = INV_MIX_COL[ | encryption round N-1 | ]
; hi: | decryption round N | = | encryption round N |
;
-; This layout is faster when the assembler key scheduling is used (not
-; used here).
+; This layout is faster when the assembler key scheduling provided here
+; is used.
;
; The DLL interface must use the _stdcall convention in which the number
-; of bytes of parameter space is added after an @ to the rouutine's name.
+; of bytes of parameter space is added after an @ to the sutine's name.
; We must also remove our parameters from the stack before return (see
; the do_exit macro). Define DLL_EXPORT for the Dynamic Link Library version.
-; %define DLL_EXPORT
+;%define DLL_EXPORT
; End of user defines
@@ -688,12 +671,12 @@
%ifdef ENCRYPTION
- global aes_ni(encrypt)
+ global aes_encrypt
%ifdef DLL_EXPORT
- export aes_ni(encrypt)
+ export aes_encrypt
%endif
- section .data align=64 set_page
+ section .data align=64
align 64
enc_tab:
enc_vals u8
@@ -701,40 +684,40 @@ enc_tab:
enc_vals w8
%endif
- section .text align=16 set_page
+ section .text align=16
align 16
%ifdef _SEH_
-proc_frame aes_ni(encrypt)
- alloc_stack 7*8 ; 7 to align stack to 16 bytes
- save_reg rsi,4*8
- save_reg rdi,5*8
- save_reg rbx,1*8
- save_reg rbp,2*8
- save_reg r12,3*8
+proc_frame aes_encrypt
+ alloc_stack 7*8 ; 7 to align stack to 16 bytes
+ save_reg rsi,4*8
+ save_reg rdi,5*8
+ save_reg rbx,1*8
+ save_reg rbp,2*8
+ save_reg r12,3*8
end_prologue
mov rdi, rcx ; input pointer
mov [rsp+0*8], rdx ; output pointer
%else
- aes_ni(encrypt):
- %ifdef __GNUC__
- sub rsp, 4*8 ; gnu/linux binary interface
- mov [rsp+0*8], rsi ; output pointer
- mov r8, rdx ; context
- %else
- sub rsp, 6*8 ; windows binary interface
- mov [rsp+4*8], rsi
- mov [rsp+5*8], rdi
- mov rdi, rcx ; input pointer
- mov [rsp+0*8], rdx ; output pointer
- %endif
- mov [rsp+1*8], rbx ; input pointer in rdi
- mov [rsp+2*8], rbp ; output pointer in [rsp]
- mov [rsp+3*8], r12 ; context in r8
+ aes_encrypt:
+ %ifdef __GNUC__
+ sub rsp, 4*8 ; gnu/linux binary interface
+ mov [rsp+0*8], rsi ; output pointer
+ mov r8, rdx ; context
+ %else
+ sub rsp, 6*8 ; windows binary interface
+ mov [rsp+4*8], rsi
+ mov [rsp+5*8], rdi
+ mov rdi, rcx ; input pointer
+ mov [rsp+0*8], rdx ; output pointer
+ %endif
+ mov [rsp+1*8], rbx ; input pointer in rdi
+ mov [rsp+2*8], rbp ; output pointer in [rsp]
+ mov [rsp+3*8], r12 ; context in r8
%endif
movzx esi, byte [kptr+4*KS_LENGTH]
- lea tptr, [rel enc_tab]
+ lea tptr,[enc_tab wrt rip]
sub kptr, fofs
mov eax, [rdi+0*4]
@@ -786,25 +769,25 @@ end_prologue
add rsp, 4*8
ret
%else
- mov rsi, [rsp+4*8]
- mov rdi, [rsp+5*8]
- %ifdef _SEH_
- add rsp, 7*8
- ret
- endproc_frame
- %else
- add rsp, 6*8
- ret
- %endif
+ mov rsi, [rsp+4*8]
+ mov rdi, [rsp+5*8]
+ %ifdef _SEH_
+ add rsp, 7*8
+ ret
+ endproc_frame
+ %else
+ add rsp, 6*8
+ ret
+ %endif
%endif
%endif
%ifdef DECRYPTION
- global aes_ni(decrypt)
+ global aes_decrypt
%ifdef DLL_EXPORT
- export aes_ni(decrypt)
+ export aes_decrypt
%endif
section .data
@@ -819,36 +802,36 @@ dec_tab:
align 16
%ifdef _SEH_
-proc_frame aes_ni(decrypt)
- alloc_stack 7*8 ; 7 to align stack to 16 bytes
- save_reg rsi,4*8
- save_reg rdi,5*8
- save_reg rbx,1*8
- save_reg rbp,2*8
- save_reg r12,3*8
+proc_frame aes_decrypt
+ alloc_stack 7*8 ; 7 to align stack to 16 bytes
+ save_reg rsi,4*8
+ save_reg rdi,5*8
+ save_reg rbx,1*8
+ save_reg rbp,2*8
+ save_reg r12,3*8
end_prologue
mov rdi, rcx ; input pointer
mov [rsp+0*8], rdx ; output pointer
%else
- aes_ni(decrypt):
- %ifdef __GNUC__
- sub rsp, 4*8 ; gnu/linux binary interface
- mov [rsp+0*8], rsi ; output pointer
- mov r8, rdx ; context
- %else
- sub rsp, 6*8 ; windows binary interface
- mov [rsp+4*8], rsi
- mov [rsp+5*8], rdi
- mov rdi, rcx ; input pointer
- mov [rsp+0*8], rdx ; output pointer
- %endif
- mov [rsp+1*8], rbx ; input pointer in rdi
- mov [rsp+2*8], rbp ; output pointer in [rsp]
- mov [rsp+3*8], r12 ; context in r8
+ aes_decrypt:
+ %ifdef __GNUC__
+ sub rsp, 4*8 ; gnu/linux binary interface
+ mov [rsp+0*8], rsi ; output pointer
+ mov r8, rdx ; context
+ %else
+ sub rsp, 6*8 ; windows binary interface
+ mov [rsp+4*8], rsi
+ mov [rsp+5*8], rdi
+ mov rdi, rcx ; input pointer
+ mov [rsp+0*8], rdx ; output pointer
+ %endif
+ mov [rsp+1*8], rbx ; input pointer in rdi
+ mov [rsp+2*8], rbp ; output pointer in [rsp]
+ mov [rsp+3*8], r12 ; context in r8
%endif
- movzx esi, byte[kptr+4*KS_LENGTH]
- lea tptr, [rel dec_tab]
+ movzx esi,byte[kptr+4*KS_LENGTH]
+ lea tptr,[dec_tab wrt rip]
sub kptr, rofs
mov eax, [rdi+0*4]
@@ -905,16 +888,16 @@ end_prologue
add rsp, 4*8
ret
%else
- mov rsi, [rsp+4*8]
- mov rdi, [rsp+5*8]
- %ifdef _SEH_
- add rsp, 7*8
- ret
- endproc_frame
- %else
- add rsp, 6*8
- ret
- %endif
+ mov rsi, [rsp+4*8]
+ mov rdi, [rsp+5*8]
+ %ifdef _SEH_
+ add rsp, 7*8
+ ret
+ endproc_frame
+ %else
+ add rsp, 6*8
+ ret
+ %endif
%endif
%endif
diff --git a/crypto/src/main/jni/final_key/aes/aes_modes.c b/crypto/src/main/jni/aes/aes/aes_modes.c
similarity index 85%
rename from crypto/src/main/jni/final_key/aes/aes_modes.c
rename to crypto/src/main/jni/aes/aes/aes_modes.c
index add177f2d..01320b966 100644
--- a/crypto/src/main/jni/final_key/aes/aes_modes.c
+++ b/crypto/src/main/jni/aes/aes/aes_modes.c
@@ -1,21 +1,28 @@
/*
----------------------------------------------------------------------------
-Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
+ ---------------------------------------------------------------------------
+ Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved.
-The redistribution and use of this software (with or without changes)
-is allowed without the payment of fees or royalties provided that:
+ LICENSE TERMS
- source code distributions include the above copyright notice, this
- list of conditions and the following disclaimer;
+ The redistribution and use of this software (with or without changes)
+ is allowed without the payment of fees or royalties provided that:
- binary distributions include the above copyright notice, this list
- of conditions and the following disclaimer in their documentation.
+ 1. source code distributions include the above copyright notice, this
+ list of conditions and the following disclaimer;
-This software is provided 'as is' with no explicit or implied warranties
-in respect of its operation, including, but not limited to, correctness
-and fitness for purpose.
----------------------------------------------------------------------------
-Issue Date: 20/12/2007
+ 2. binary distributions include the above copyright notice, this list
+ of conditions and the following disclaimer in their documentation;
+
+ 3. the name of the copyright holder is not used to endorse products
+ built using this software without specific written permission.
+
+ DISCLAIMER
+
+ This software is provided 'as is' with no explicit or implied warranties
+ in respect of its properties, including, but not limited to, correctness
+ and/or fitness for purpose.
+ ---------------------------------------------------------------------------
+ Issue Date: 20/12/2007
These subroutines implement multiple block AES modes for ECB, CBC, CFB,
OFB and CTR encryption, The code provides support for the VIA Advanced
@@ -27,7 +34,6 @@ Issue Date: 20/12/2007
#include
#include
-#include
#include "aesopt.h"
@@ -49,7 +55,7 @@ extern "C"
#define FAST_BUFFER_OPERATIONS
-#define lp32(x) ((uint32_t*)(x))
+#define lp32(x) ((uint_32t*)(x))
#if defined( USE_VIA_ACE_IF_PRESENT )
@@ -66,21 +72,13 @@ aligned_array(unsigned long, dec_hybrid_table, 12, 16) = NEH_DEC_HYBRID_DATA;
/* NOTE: These control word macros must only be used after */
/* a key has been set up because they depend on key size */
-/* See the VIA ACE documentation for key type information */
-/* and aes_via_ace.h for non-default NEH_KEY_TYPE values */
-
-#ifndef NEH_KEY_TYPE
-# define NEH_KEY_TYPE NEH_HYBRID
-#endif
#if NEH_KEY_TYPE == NEH_LOAD
-#define kd_adr(c) ((uint8_t*)(c)->ks)
+#define kd_adr(c) ((uint_8t*)(c)->ks)
#elif NEH_KEY_TYPE == NEH_GENERATE
-#define kd_adr(c) ((uint8_t*)(c)->ks + (c)->inf.b[0])
-#elif NEH_KEY_TYPE == NEH_HYBRID
-#define kd_adr(c) ((uint8_t*)(c)->ks + ((c)->inf.b[0] == 160 ? 160 : 0))
+#define kd_adr(c) ((uint_8t*)(c)->ks + (c)->inf.b[0])
#else
-#error no key type defined for VIA ACE
+#define kd_adr(c) ((uint_8t*)(c)->ks + ((c)->inf.b[0] == 160 ? 160 : 0))
#endif
#else
@@ -107,25 +105,25 @@ aligned_array(unsigned long, dec_hybrid_table, 12, 16) = NEH_DEC_HYBRID_DATA;
/* test the code for detecting and setting pointer alignment */
AES_RETURN aes_test_alignment_detection(unsigned int n) /* 4 <= n <= 16 */
-{ uint8_t p[16];
- uint32_t i, count_eq = 0, count_neq = 0;
+{ uint_8t p[16];
+ uint_32t i, count_eq = 0, count_neq = 0;
- if(n < 4 || n > 16)
- return EXIT_FAILURE;
+ if(n < 4 || n > 16)
+ return EXIT_FAILURE;
- for(i = 0; i < n; ++i)
- {
- uint8_t *qf = ALIGN_FLOOR(p + i, n),
- *qh = ALIGN_CEIL(p + i, n);
-
- if(qh == qf)
- ++count_eq;
- else if(qh == qf + n)
- ++count_neq;
- else
- return EXIT_FAILURE;
- }
- return (count_eq != 1 || count_neq != n - 1 ? EXIT_FAILURE : EXIT_SUCCESS);
+ for(i = 0; i < n; ++i)
+ {
+ uint_8t *qf = ALIGN_FLOOR(p + i, n),
+ *qh = ALIGN_CEIL(p + i, n);
+
+ if(qh == qf)
+ ++count_eq;
+ else if(qh == qf + n)
+ ++count_neq;
+ else
+ return EXIT_FAILURE;
+ }
+ return (count_eq != 1 || count_neq != n - 1 ? EXIT_FAILURE : EXIT_SUCCESS);
}
AES_RETURN aes_mode_reset(aes_encrypt_ctx ctx[1])
@@ -136,7 +134,7 @@ AES_RETURN aes_mode_reset(aes_encrypt_ctx ctx[1])
AES_RETURN aes_ecb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, const aes_encrypt_ctx ctx[1])
-{ int nb = len >> AES_BLOCK_SIZE_P2;
+{ int nb = len >> 4;
if(len & (AES_BLOCK_SIZE - 1))
return EXIT_FAILURE;
@@ -144,7 +142,7 @@ AES_RETURN aes_ecb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
#if defined( USE_VIA_ACE_IF_PRESENT )
if(ctx->inf.b[1] == 0xff)
- { uint8_t *ksp = (uint8_t*)(ctx->ks);
+ { uint_8t *ksp = (uint_8t*)(ctx->ks);
via_cwd(cwd, hybrid, enc, 2 * ctx->inf.b[0] - 192);
if(ALIGN_OFFSET( ctx, 16 ))
@@ -155,8 +153,8 @@ AES_RETURN aes_ecb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
via_ecb_op5(ksp, cwd, ibuf, obuf, nb);
}
else
- { aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
- uint8_t *ip, *op;
+ { aligned_auto(uint_8t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
+ uint_8t *ip, *op;
while(nb)
{
@@ -188,7 +186,7 @@ AES_RETURN aes_ecb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
while(nb--)
{
if(aes_encrypt(ibuf, obuf, ctx) != EXIT_SUCCESS)
- return EXIT_FAILURE;
+ return EXIT_FAILURE;
ibuf += AES_BLOCK_SIZE;
obuf += AES_BLOCK_SIZE;
}
@@ -198,7 +196,7 @@ AES_RETURN aes_ecb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
AES_RETURN aes_ecb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, const aes_decrypt_ctx ctx[1])
-{ int nb = len >> AES_BLOCK_SIZE_P2;
+{ int nb = len >> 4;
if(len & (AES_BLOCK_SIZE - 1))
return EXIT_FAILURE;
@@ -206,7 +204,7 @@ AES_RETURN aes_ecb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
#if defined( USE_VIA_ACE_IF_PRESENT )
if(ctx->inf.b[1] == 0xff)
- { uint8_t *ksp = kd_adr(ctx);
+ { uint_8t *ksp = kd_adr(ctx);
via_cwd(cwd, hybrid, dec, 2 * ctx->inf.b[0] - 192);
if(ALIGN_OFFSET( ctx, 16 ))
@@ -217,8 +215,8 @@ AES_RETURN aes_ecb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
via_ecb_op5(ksp, cwd, ibuf, obuf, nb);
}
else
- { aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
- uint8_t *ip, *op;
+ { aligned_auto(uint_8t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
+ uint_8t *ip, *op;
while(nb)
{
@@ -250,7 +248,7 @@ AES_RETURN aes_ecb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
while(nb--)
{
if(aes_decrypt(ibuf, obuf, ctx) != EXIT_SUCCESS)
- return EXIT_FAILURE;
+ return EXIT_FAILURE;
ibuf += AES_BLOCK_SIZE;
obuf += AES_BLOCK_SIZE;
}
@@ -260,7 +258,7 @@ AES_RETURN aes_ecb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
AES_RETURN aes_cbc_encrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, const aes_encrypt_ctx ctx[1])
-{ int nb = len >> AES_BLOCK_SIZE_P2;
+{ int nb = len >> 4;
if(len & (AES_BLOCK_SIZE - 1))
return EXIT_FAILURE;
@@ -268,8 +266,8 @@ AES_RETURN aes_cbc_encrypt(const unsigned char *ibuf, unsigned char *obuf,
#if defined( USE_VIA_ACE_IF_PRESENT )
if(ctx->inf.b[1] == 0xff)
- { uint8_t *ksp = (uint8_t*)(ctx->ks), *ivp = iv;
- aligned_auto(uint8_t, liv, AES_BLOCK_SIZE, 16);
+ { uint_8t *ksp = (uint_8t*)(ctx->ks), *ivp = iv;
+ aligned_auto(uint_8t, liv, AES_BLOCK_SIZE, 16);
via_cwd(cwd, hybrid, enc, 2 * ctx->inf.b[0] - 192);
if(ALIGN_OFFSET( ctx, 16 ))
@@ -286,8 +284,8 @@ AES_RETURN aes_cbc_encrypt(const unsigned char *ibuf, unsigned char *obuf,
via_cbc_op7(ksp, cwd, ibuf, obuf, nb, ivp, ivp);
}
else
- { aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
- uint8_t *ip, *op;
+ { aligned_auto(uint_8t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
+ uint_8t *ip, *op;
while(nb)
{
@@ -328,7 +326,7 @@ AES_RETURN aes_cbc_encrypt(const unsigned char *ibuf, unsigned char *obuf,
lp32(iv)[2] ^= lp32(ibuf)[2];
lp32(iv)[3] ^= lp32(ibuf)[3];
if(aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS)
- return EXIT_FAILURE;
+ return EXIT_FAILURE;
memcpy(obuf, iv, AES_BLOCK_SIZE);
ibuf += AES_BLOCK_SIZE;
obuf += AES_BLOCK_SIZE;
@@ -346,7 +344,7 @@ AES_RETURN aes_cbc_encrypt(const unsigned char *ibuf, unsigned char *obuf,
iv[12] ^= ibuf[12]; iv[13] ^= ibuf[13];
iv[14] ^= ibuf[14]; iv[15] ^= ibuf[15];
if(aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS)
- return EXIT_FAILURE;
+ return EXIT_FAILURE;
memcpy(obuf, iv, AES_BLOCK_SIZE);
ibuf += AES_BLOCK_SIZE;
obuf += AES_BLOCK_SIZE;
@@ -358,7 +356,7 @@ AES_RETURN aes_cbc_encrypt(const unsigned char *ibuf, unsigned char *obuf,
AES_RETURN aes_cbc_decrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, const aes_decrypt_ctx ctx[1])
{ unsigned char tmp[AES_BLOCK_SIZE];
- int nb = len >> AES_BLOCK_SIZE_P2;
+ int nb = len >> 4;
if(len & (AES_BLOCK_SIZE - 1))
return EXIT_FAILURE;
@@ -366,8 +364,8 @@ AES_RETURN aes_cbc_decrypt(const unsigned char *ibuf, unsigned char *obuf,
#if defined( USE_VIA_ACE_IF_PRESENT )
if(ctx->inf.b[1] == 0xff)
- { uint8_t *ksp = kd_adr(ctx), *ivp = iv;
- aligned_auto(uint8_t, liv, AES_BLOCK_SIZE, 16);
+ { uint_8t *ksp = kd_adr(ctx), *ivp = iv;
+ aligned_auto(uint_8t, liv, AES_BLOCK_SIZE, 16);
via_cwd(cwd, hybrid, dec, 2 * ctx->inf.b[0] - 192);
if(ALIGN_OFFSET( ctx, 16 ))
@@ -384,8 +382,8 @@ AES_RETURN aes_cbc_decrypt(const unsigned char *ibuf, unsigned char *obuf,
via_cbc_op6(ksp, cwd, ibuf, obuf, nb, ivp);
}
else
- { aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
- uint8_t *ip, *op;
+ { aligned_auto(uint_8t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
+ uint_8t *ip, *op;
while(nb)
{
@@ -422,7 +420,7 @@ AES_RETURN aes_cbc_decrypt(const unsigned char *ibuf, unsigned char *obuf,
{
memcpy(tmp, ibuf, AES_BLOCK_SIZE);
if(aes_decrypt(ibuf, obuf, ctx) != EXIT_SUCCESS)
- return EXIT_FAILURE;
+ return EXIT_FAILURE;
lp32(obuf)[0] ^= lp32(iv)[0];
lp32(obuf)[1] ^= lp32(iv)[1];
lp32(obuf)[2] ^= lp32(iv)[2];
@@ -437,7 +435,7 @@ AES_RETURN aes_cbc_decrypt(const unsigned char *ibuf, unsigned char *obuf,
{
memcpy(tmp, ibuf, AES_BLOCK_SIZE);
if(aes_decrypt(ibuf, obuf, ctx) != EXIT_SUCCESS)
- return EXIT_FAILURE;
+ return EXIT_FAILURE;
obuf[ 0] ^= iv[ 0]; obuf[ 1] ^= iv[ 1];
obuf[ 2] ^= iv[ 2]; obuf[ 3] ^= iv[ 3];
obuf[ 4] ^= iv[ 4]; obuf[ 5] ^= iv[ 5];
@@ -469,14 +467,14 @@ AES_RETURN aes_cfb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
b_pos = (b_pos == AES_BLOCK_SIZE ? 0 : b_pos);
}
- if((nb = (len - cnt) >> AES_BLOCK_SIZE_P2) != 0) /* process whole blocks */
+ if((nb = (len - cnt) >> 4) != 0) /* process whole blocks */
{
#if defined( USE_VIA_ACE_IF_PRESENT )
if(ctx->inf.b[1] == 0xff)
{ int m;
- uint8_t *ksp = (uint8_t*)(ctx->ks), *ivp = iv;
- aligned_auto(uint8_t, liv, AES_BLOCK_SIZE, 16);
+ uint_8t *ksp = (uint_8t*)(ctx->ks), *ivp = iv;
+ aligned_auto(uint_8t, liv, AES_BLOCK_SIZE, 16);
via_cwd(cwd, hybrid, enc, 2 * ctx->inf.b[0] - 192);
if(ALIGN_OFFSET( ctx, 16 ))
@@ -496,8 +494,8 @@ AES_RETURN aes_cfb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
cnt += nb * AES_BLOCK_SIZE;
}
else /* input, output or both are unaligned */
- { aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
- uint8_t *ip, *op;
+ { aligned_auto(uint_8t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
+ uint_8t *ip, *op;
while(nb)
{
@@ -530,7 +528,7 @@ AES_RETURN aes_cfb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
{
assert(b_pos == 0);
if(aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS)
- return EXIT_FAILURE;
+ return EXIT_FAILURE;
lp32(obuf)[0] = lp32(iv)[0] ^= lp32(ibuf)[0];
lp32(obuf)[1] = lp32(iv)[1] ^= lp32(ibuf)[1];
lp32(obuf)[2] = lp32(iv)[2] ^= lp32(ibuf)[2];
@@ -545,7 +543,7 @@ AES_RETURN aes_cfb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
{
assert(b_pos == 0);
if(aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS)
- return EXIT_FAILURE;
+ return EXIT_FAILURE;
obuf[ 0] = iv[ 0] ^= ibuf[ 0]; obuf[ 1] = iv[ 1] ^= ibuf[ 1];
obuf[ 2] = iv[ 2] ^= ibuf[ 2]; obuf[ 3] = iv[ 3] ^= ibuf[ 3];
obuf[ 4] = iv[ 4] ^= ibuf[ 4]; obuf[ 5] = iv[ 5] ^= ibuf[ 5];
@@ -564,7 +562,7 @@ AES_RETURN aes_cfb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
while(cnt < len)
{
if(!b_pos && aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS)
- return EXIT_FAILURE;
+ return EXIT_FAILURE;
while(cnt < len && b_pos < AES_BLOCK_SIZE)
{
@@ -575,7 +573,7 @@ AES_RETURN aes_cfb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
b_pos = (b_pos == AES_BLOCK_SIZE ? 0 : b_pos);
}
- ctx->inf.b[2] = (uint8_t)b_pos;
+ ctx->inf.b[2] = (uint_8t)b_pos;
return EXIT_SUCCESS;
}
@@ -584,7 +582,7 @@ AES_RETURN aes_cfb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
{ int cnt = 0, b_pos = (int)ctx->inf.b[2], nb;
if(b_pos) /* complete any partial block */
- { uint8_t t;
+ { uint_8t t;
while(b_pos < AES_BLOCK_SIZE && cnt < len)
{
@@ -597,14 +595,14 @@ AES_RETURN aes_cfb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
b_pos = (b_pos == AES_BLOCK_SIZE ? 0 : b_pos);
}
- if((nb = (len - cnt) >> AES_BLOCK_SIZE_P2) != 0) /* process whole blocks */
+ if((nb = (len - cnt) >> 4) != 0) /* process whole blocks */
{
#if defined( USE_VIA_ACE_IF_PRESENT )
if(ctx->inf.b[1] == 0xff)
{ int m;
- uint8_t *ksp = (uint8_t*)(ctx->ks), *ivp = iv;
- aligned_auto(uint8_t, liv, AES_BLOCK_SIZE, 16);
+ uint_8t *ksp = (uint_8t*)(ctx->ks), *ivp = iv;
+ aligned_auto(uint_8t, liv, AES_BLOCK_SIZE, 16);
via_cwd(cwd, hybrid, dec, 2 * ctx->inf.b[0] - 192);
if(ALIGN_OFFSET( ctx, 16 ))
@@ -624,8 +622,8 @@ AES_RETURN aes_cfb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
cnt += nb * AES_BLOCK_SIZE;
}
else /* input, output or both are unaligned */
- { aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
- uint8_t *ip, *op;
+ { aligned_auto(uint_8t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
+ uint_8t *ip, *op;
while(nb)
{
@@ -655,11 +653,11 @@ AES_RETURN aes_cfb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
# ifdef FAST_BUFFER_OPERATIONS
if(!ALIGN_OFFSET( ibuf, 4 ) && !ALIGN_OFFSET( obuf, 4 ) &&!ALIGN_OFFSET( iv, 4 ))
while(cnt + AES_BLOCK_SIZE <= len)
- { uint32_t t;
+ { uint_32t t;
assert(b_pos == 0);
if(aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS)
- return EXIT_FAILURE;
+ return EXIT_FAILURE;
t = lp32(ibuf)[0], lp32(obuf)[0] = t ^ lp32(iv)[0], lp32(iv)[0] = t;
t = lp32(ibuf)[1], lp32(obuf)[1] = t ^ lp32(iv)[1], lp32(iv)[1] = t;
t = lp32(ibuf)[2], lp32(obuf)[2] = t ^ lp32(iv)[2], lp32(iv)[2] = t;
@@ -671,11 +669,11 @@ AES_RETURN aes_cfb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
else
# endif
while(cnt + AES_BLOCK_SIZE <= len)
- { uint8_t t;
+ { uint_8t t;
assert(b_pos == 0);
if(aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS)
- return EXIT_FAILURE;
+ return EXIT_FAILURE;
t = ibuf[ 0], obuf[ 0] = t ^ iv[ 0], iv[ 0] = t;
t = ibuf[ 1], obuf[ 1] = t ^ iv[ 1], iv[ 1] = t;
t = ibuf[ 2], obuf[ 2] = t ^ iv[ 2], iv[ 2] = t;
@@ -700,10 +698,10 @@ AES_RETURN aes_cfb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
}
while(cnt < len)
- { uint8_t t;
+ { uint_8t t;
if(!b_pos && aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS)
- return EXIT_FAILURE;
+ return EXIT_FAILURE;
while(cnt < len && b_pos < AES_BLOCK_SIZE)
{
@@ -716,7 +714,7 @@ AES_RETURN aes_cfb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
b_pos = (b_pos == AES_BLOCK_SIZE ? 0 : b_pos);
}
- ctx->inf.b[2] = (uint8_t)b_pos;
+ ctx->inf.b[2] = (uint_8t)b_pos;
return EXIT_SUCCESS;
}
@@ -735,14 +733,14 @@ AES_RETURN aes_ofb_crypt(const unsigned char *ibuf, unsigned char *obuf,
b_pos = (b_pos == AES_BLOCK_SIZE ? 0 : b_pos);
}
- if((nb = (len - cnt) >> AES_BLOCK_SIZE_P2) != 0) /* process whole blocks */
+ if((nb = (len - cnt) >> 4) != 0) /* process whole blocks */
{
#if defined( USE_VIA_ACE_IF_PRESENT )
if(ctx->inf.b[1] == 0xff)
{ int m;
- uint8_t *ksp = (uint8_t*)(ctx->ks), *ivp = iv;
- aligned_auto(uint8_t, liv, AES_BLOCK_SIZE, 16);
+ uint_8t *ksp = (uint_8t*)(ctx->ks), *ivp = iv;
+ aligned_auto(uint_8t, liv, AES_BLOCK_SIZE, 16);
via_cwd(cwd, hybrid, enc, 2 * ctx->inf.b[0] - 192);
if(ALIGN_OFFSET( ctx, 16 ))
@@ -762,8 +760,8 @@ AES_RETURN aes_ofb_crypt(const unsigned char *ibuf, unsigned char *obuf,
cnt += nb * AES_BLOCK_SIZE;
}
else /* input, output or both are unaligned */
- { aligned_auto(uint8_t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
- uint8_t *ip, *op;
+ { aligned_auto(uint_8t, buf, BFR_BLOCKS * AES_BLOCK_SIZE, 16);
+ uint_8t *ip, *op;
while(nb)
{
@@ -796,7 +794,7 @@ AES_RETURN aes_ofb_crypt(const unsigned char *ibuf, unsigned char *obuf,
{
assert(b_pos == 0);
if(aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS)
- return EXIT_FAILURE;
+ return EXIT_FAILURE;
lp32(obuf)[0] = lp32(iv)[0] ^ lp32(ibuf)[0];
lp32(obuf)[1] = lp32(iv)[1] ^ lp32(ibuf)[1];
lp32(obuf)[2] = lp32(iv)[2] ^ lp32(ibuf)[2];
@@ -811,7 +809,7 @@ AES_RETURN aes_ofb_crypt(const unsigned char *ibuf, unsigned char *obuf,
{
assert(b_pos == 0);
if(aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS)
- return EXIT_FAILURE;
+ return EXIT_FAILURE;
obuf[ 0] = iv[ 0] ^ ibuf[ 0]; obuf[ 1] = iv[ 1] ^ ibuf[ 1];
obuf[ 2] = iv[ 2] ^ ibuf[ 2]; obuf[ 3] = iv[ 3] ^ ibuf[ 3];
obuf[ 4] = iv[ 4] ^ ibuf[ 4]; obuf[ 5] = iv[ 5] ^ ibuf[ 5];
@@ -830,7 +828,7 @@ AES_RETURN aes_ofb_crypt(const unsigned char *ibuf, unsigned char *obuf,
while(cnt < len)
{
if(!b_pos && aes_encrypt(iv, iv, ctx) != EXIT_SUCCESS)
- return EXIT_FAILURE;
+ return EXIT_FAILURE;
while(cnt < len && b_pos < AES_BLOCK_SIZE)
{
@@ -841,7 +839,7 @@ AES_RETURN aes_ofb_crypt(const unsigned char *ibuf, unsigned char *obuf,
b_pos = (b_pos == AES_BLOCK_SIZE ? 0 : b_pos);
}
- ctx->inf.b[2] = (uint8_t)b_pos;
+ ctx->inf.b[2] = (uint_8t)b_pos;
return EXIT_SUCCESS;
}
@@ -853,18 +851,18 @@ AES_RETURN aes_ctr_crypt(const unsigned char *ibuf, unsigned char *obuf,
int i, blen, b_pos = (int)(ctx->inf.b[2]);
#if defined( USE_VIA_ACE_IF_PRESENT )
- aligned_auto(uint8_t, buf, BFR_LENGTH, 16);
+ aligned_auto(uint_8t, buf, BFR_LENGTH, 16);
if(ctx->inf.b[1] == 0xff && ALIGN_OFFSET( ctx, 16 ))
return EXIT_FAILURE;
#else
- uint8_t buf[BFR_LENGTH];
+ uint_8t buf[BFR_LENGTH];
#endif
if(b_pos)
{
memcpy(buf, cbuf, AES_BLOCK_SIZE);
if(aes_ecb_encrypt(buf, buf, AES_BLOCK_SIZE, ctx) != EXIT_SUCCESS)
- return EXIT_FAILURE;
+ return EXIT_FAILURE;
while(b_pos < AES_BLOCK_SIZE && len)
{
@@ -880,7 +878,7 @@ AES_RETURN aes_ctr_crypt(const unsigned char *ibuf, unsigned char *obuf,
{
blen = (len > BFR_LENGTH ? BFR_LENGTH : len), len -= blen;
- for(i = 0, ip = buf; i < (blen >> AES_BLOCK_SIZE_P2); ++i)
+ for(i = 0, ip = buf; i < (blen >> 4); ++i)
{
memcpy(ip, cbuf, AES_BLOCK_SIZE);
ctr_inc(cbuf);
@@ -899,7 +897,7 @@ AES_RETURN aes_ctr_crypt(const unsigned char *ibuf, unsigned char *obuf,
else
#endif
if(aes_ecb_encrypt(buf, buf, i * AES_BLOCK_SIZE, ctx) != EXIT_SUCCESS)
- return EXIT_FAILURE;
+ return EXIT_FAILURE;
i = 0; ip = buf;
# ifdef FAST_BUFFER_OPERATIONS
@@ -937,7 +935,7 @@ AES_RETURN aes_ctr_crypt(const unsigned char *ibuf, unsigned char *obuf,
*obuf++ = *ibuf++ ^ ip[b_pos++];
}
- ctx->inf.b[2] = (uint8_t)b_pos;
+ ctx->inf.b[2] = (uint_8t)b_pos;
return EXIT_SUCCESS;
}
diff --git a/crypto/src/main/jni/final_key/aes/aes_via_ace.h b/crypto/src/main/jni/aes/aes/aes_via_ace.h
similarity index 90%
rename from crypto/src/main/jni/final_key/aes/aes_via_ace.h
rename to crypto/src/main/jni/aes/aes/aes_via_ace.h
index 2af04002d..e6cc76af9 100644
--- a/crypto/src/main/jni/final_key/aes/aes_via_ace.h
+++ b/crypto/src/main/jni/aes/aes/aes_via_ace.h
@@ -1,20 +1,28 @@
/*
-Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
+ ---------------------------------------------------------------------------
+ Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved.
-The redistribution and use of this software (with or without changes)
-is allowed without the payment of fees or royalties provided that:
+ LICENSE TERMS
- source code distributions include the above copyright notice, this
- list of conditions and the following disclaimer;
+ The redistribution and use of this software (with or without changes)
+ is allowed without the payment of fees or royalties provided that:
- binary distributions include the above copyright notice, this list
- of conditions and the following disclaimer in their documentation.
+ 1. source code distributions include the above copyright notice, this
+ list of conditions and the following disclaimer;
-This software is provided 'as is' with no explicit or implied warranties
-in respect of its operation, including, but not limited to, correctness
-and fitness for purpose.
----------------------------------------------------------------------------
-Issue Date: 20/12/2007
+ 2. binary distributions include the above copyright notice, this list
+ of conditions and the following disclaimer in their documentation;
+
+ 3. the name of the copyright holder is not used to endorse products
+ built using this software without specific written permission.
+
+ DISCLAIMER
+
+ This software is provided 'as is' with no explicit or implied warranties
+ in respect of its properties, including, but not limited to, correctness
+ and/or fitness for purpose.
+ ---------------------------------------------------------------------------
+ Issue Date: 20/12/20077
*/
#ifndef AES_VIA_ACE_H
@@ -164,8 +172,7 @@ INLINE int has_cpuid(void)
INLINE int is_via_cpu(void)
{ char ret_value;
__asm
- { push ebx
- xor eax,eax /* use CPUID to get vendor */
+ { xor eax,eax /* use CPUID to get vendor */
cpuid /* identity string */
xor eax,eax /* is it "CentaurHauls" ? */
sub ebx,0x746e6543 /* 'Cent' */
@@ -179,7 +186,6 @@ INLINE int is_via_cpu(void)
or dl,al /* & store result in flags */
mov [via_flags],dl /* set VIA detected flag */
mov ret_value,al /* able to change it */
- pop ebx
}
return (int)ret_value;
}
@@ -187,7 +193,8 @@ INLINE int is_via_cpu(void)
INLINE int read_via_flags(void)
{ char ret_value = 0;
__asm
- { mov eax,0xC0000000 /* Centaur extended CPUID */
+ {
+ mov eax,0xC0000000 /* Centaur extended CPUID */
cpuid
mov edx,0xc0000001 /* >= 0xc0000001 if support */
cmp eax,edx /* for VIA extended feature */
@@ -206,7 +213,8 @@ no_rng:
INLINE unsigned int via_rng_in(void *buf)
{ char ret_value = 0x1f;
__asm
- { push edi
+ {
+ push edi
mov edi,buf /* input buffer address */
xor edx,edx /* try to fetch 8 bytes */
NEH_RNG /* do RNG read operation */
@@ -219,7 +227,7 @@ INLINE unsigned int via_rng_in(void *buf)
INLINE void via_ecb_op5(
const void *k, const void *c, const void *s, void *d, int l)
{ __asm
- { push ebx
+ {
NEH_REKEY
mov ebx, (k)
mov edx, (c)
@@ -227,14 +235,13 @@ INLINE void via_ecb_op5(
mov edi, (d)
mov ecx, (l)
NEH_ECB
- pop ebx
}
}
INLINE void via_cbc_op6(
const void *k, const void *c, const void *s, void *d, int l, void *v)
{ __asm
- { push ebx
+ {
NEH_REKEY
mov ebx, (k)
mov edx, (c)
@@ -243,14 +250,13 @@ INLINE void via_cbc_op6(
mov ecx, (l)
mov eax, (v)
NEH_CBC
- pop ebx
}
}
INLINE void via_cbc_op7(
const void *k, const void *c, const void *s, void *d, int l, void *v, void *w)
{ __asm
- { push ebx
+ {
NEH_REKEY
mov ebx, (k)
mov edx, (c)
@@ -265,14 +271,13 @@ INLINE void via_cbc_op7(
movsd
movsd
movsd
- pop ebx
}
}
INLINE void via_cfb_op6(
const void *k, const void *c, const void *s, void *d, int l, void *v)
{ __asm
- { push ebx
+ {
NEH_REKEY
mov ebx, (k)
mov edx, (c)
@@ -281,14 +286,13 @@ INLINE void via_cfb_op6(
mov ecx, (l)
mov eax, (v)
NEH_CFB
- pop ebx
}
}
INLINE void via_cfb_op7(
const void *k, const void *c, const void *s, void *d, int l, void *v, void *w)
{ __asm
- { push ebx
+ {
NEH_REKEY
mov ebx, (k)
mov edx, (c)
@@ -303,14 +307,13 @@ INLINE void via_cfb_op7(
movsd
movsd
movsd
- pop ebx
}
}
INLINE void via_ofb_op6(
const void *k, const void *c, const void *s, void *d, int l, void *v)
{ __asm
- { push ebx
+ {
NEH_REKEY
mov ebx, (k)
mov edx, (c)
@@ -319,7 +322,6 @@ INLINE void via_ofb_op6(
mov ecx, (l)
mov eax, (v)
NEH_OFB
- pop ebx
}
}
@@ -350,10 +352,6 @@ INLINE int has_cpuid(void)
INLINE int is_via_cpu(void)
{ int val;
- asm("pushl %eax\n\t");
- asm("pushl %ebx\n\t");
- asm("pushl %ecx\n\t");
- asm("pushl %edx\n\t");
asm("xorl %eax,%eax\n\t");
asm("cpuid\n\t");
asm("xorl %eax,%eax\n\t");
@@ -364,10 +362,6 @@ INLINE int is_via_cpu(void)
asm("subl $0x736c7561,%ecx\n\t");
asm("orl %ecx,%eax\n\t");
asm("movl %%eax,%0\n\t" : "=m" (val));
- asm("popl %edx\n\t");
- asm("popl %ecx\n\t");
- asm("popl %ebx\n\t");
- asm("popl %eax\n\t");
val = (val ? 0 : 1);
via_flags = (val | NEH_CPU_READ);
return val;
@@ -405,7 +399,6 @@ INLINE int via_rng_in(void *buf)
INLINE volatile void via_ecb_op5(
const void *k, const void *c, const void *s, void *d, int l)
{
- asm("pushl %ebx\n\t");
NEH_REKEY;
asm("movl %0, %%ebx\n\t" : : "m" (k));
asm("movl %0, %%edx\n\t" : : "m" (c));
@@ -413,13 +406,11 @@ INLINE volatile void via_ecb_op5(
asm("movl %0, %%edi\n\t" : : "m" (d));
asm("movl %0, %%ecx\n\t" : : "m" (l));
NEH_ECB;
- asm("popl %ebx\n\t");
}
INLINE volatile void via_cbc_op6(
const void *k, const void *c, const void *s, void *d, int l, void *v)
{
- asm("pushl %ebx\n\t");
NEH_REKEY;
asm("movl %0, %%ebx\n\t" : : "m" (k));
asm("movl %0, %%edx\n\t" : : "m" (c));
@@ -428,13 +419,11 @@ INLINE volatile void via_cbc_op6(
asm("movl %0, %%ecx\n\t" : : "m" (l));
asm("movl %0, %%eax\n\t" : : "m" (v));
NEH_CBC;
- asm("popl %ebx\n\t");
}
INLINE volatile void via_cbc_op7(
const void *k, const void *c, const void *s, void *d, int l, void *v, void *w)
{
- asm("pushl %ebx\n\t");
NEH_REKEY;
asm("movl %0, %%ebx\n\t" : : "m" (k));
asm("movl %0, %%edx\n\t" : : "m" (c));
@@ -446,13 +435,11 @@ INLINE volatile void via_cbc_op7(
asm("movl %eax,%esi\n\t");
asm("movl %0, %%edi\n\t" : : "m" (w));
asm("movsl; movsl; movsl; movsl\n\t");
- asm("popl %ebx\n\t");
}
INLINE volatile void via_cfb_op6(
const void *k, const void *c, const void *s, void *d, int l, void *v)
{
- asm("pushl %ebx\n\t");
NEH_REKEY;
asm("movl %0, %%ebx\n\t" : : "m" (k));
asm("movl %0, %%edx\n\t" : : "m" (c));
@@ -461,13 +448,11 @@ INLINE volatile void via_cfb_op6(
asm("movl %0, %%ecx\n\t" : : "m" (l));
asm("movl %0, %%eax\n\t" : : "m" (v));
NEH_CFB;
- asm("popl %ebx\n\t");
}
INLINE volatile void via_cfb_op7(
const void *k, const void *c, const void *s, void *d, int l, void *v, void *w)
{
- asm("pushl %ebx\n\t");
NEH_REKEY;
asm("movl %0, %%ebx\n\t" : : "m" (k));
asm("movl %0, %%edx\n\t" : : "m" (c));
@@ -479,13 +464,11 @@ INLINE volatile void via_cfb_op7(
asm("movl %eax,%esi\n\t");
asm("movl %0, %%edi\n\t" : : "m" (w));
asm("movsl; movsl; movsl; movsl\n\t");
- asm("popl %ebx\n\t");
}
INLINE volatile void via_ofb_op6(
const void *k, const void *c, const void *s, void *d, int l, void *v)
{
- asm("pushl %ebx\n\t");
NEH_REKEY;
asm("movl %0, %%ebx\n\t" : : "m" (k));
asm("movl %0, %%edx\n\t" : : "m" (c));
@@ -494,7 +477,6 @@ INLINE volatile void via_ofb_op6(
asm("movl %0, %%ecx\n\t" : : "m" (l));
asm("movl %0, %%eax\n\t" : : "m" (v));
NEH_OFB;
- asm("popl %ebx\n\t");
}
#else
diff --git a/crypto/src/main/jni/final_key/aes/aes_x86_v1.asm b/crypto/src/main/jni/aes/aes/aes_x86_v1.asm
similarity index 95%
rename from crypto/src/main/jni/final_key/aes/aes_x86_v1.asm
rename to crypto/src/main/jni/aes/aes/aes_x86_v1.asm
index 786b25f87..e13292632 100644
--- a/crypto/src/main/jni/final_key/aes/aes_x86_v1.asm
+++ b/crypto/src/main/jni/aes/aes/aes_x86_v1.asm
@@ -1,19 +1,26 @@
; ---------------------------------------------------------------------------
-; Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
+; Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved.
+;
+; LICENSE TERMS
;
; The redistribution and use of this software (with or without changes)
; is allowed without the payment of fees or royalties provided that:
;
-; source code distributions include the above copyright notice, this
-; list of conditions and the following disclaimer;
+; 1. source code distributions include the above copyright notice, this
+; list of conditions and the following disclaimer;
;
-; binary distributions include the above copyright notice, this list
-; of conditions and the following disclaimer in their documentation.
+; 2. binary distributions include the above copyright notice, this list
+; of conditions and the following disclaimer in their documentation;
+;
+; 3. the name of the copyright holder is not used to endorse products
+; built using this software without specific written permission.
+;
+; DISCLAIMER
;
; This software is provided 'as is' with no explicit or implied warranties
-; in respect of its operation, including, but not limited to, correctness
-; and fitness for purpose.
+; in respect of its properties, including, but not limited to, correctness
+; and/or fitness for purpose.
; ---------------------------------------------------------------------------
; Issue 13/08/2008
;
@@ -60,15 +67,7 @@
;
; where is 128, 102 or 256. In the last two calls the length can be in
; either bits or bytes.
-
-; Use of this assembler code in Windows kernel mode requires memory paging
-; to be disabled
-%ifdef NO_PAGING
-%define set_page nopage
-%else
-%define set_page
-%endif
-
+;
; Comment in/out the following lines to obtain the desired subroutines. These
; selections MUST match those in the C header file aes.h
@@ -134,8 +133,6 @@ stk_spc equ 20 ; stack space
; End of user defines
- section .text align=32 set_page
-
%ifdef AES_VAR
%ifndef AES_128
%define AES_128
@@ -356,6 +353,8 @@ stk_spc equ 20 ; stack space
%endmacro
+ section .text align=32
+
; AES Encryption Subroutine
align 32
@@ -565,6 +564,8 @@ stk_spc equ 20 ; stack space
%endmacro
+ section .text
+
; AES Decryption Subroutine
align 32
diff --git a/crypto/src/main/jni/final_key/aes/aes_x86_v2.asm b/crypto/src/main/jni/aes/aes/aes_x86_v2.asm
similarity index 96%
rename from crypto/src/main/jni/final_key/aes/aes_x86_v2.asm
rename to crypto/src/main/jni/aes/aes/aes_x86_v2.asm
index 139b4b7b5..ddceb2593 100644
--- a/crypto/src/main/jni/final_key/aes/aes_x86_v2.asm
+++ b/crypto/src/main/jni/aes/aes/aes_x86_v2.asm
@@ -1,21 +1,28 @@
; ---------------------------------------------------------------------------
-; Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
+; Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved.
+;
+; LICENSE TERMS
;
; The redistribution and use of this software (with or without changes)
; is allowed without the payment of fees or royalties provided that:
;
-; source code distributions include the above copyright notice, this
-; list of conditions and the following disclaimer;
+; 1. source code distributions include the above copyright notice, this
+; list of conditions and the following disclaimer;
;
-; binary distributions include the above copyright notice, this list
-; of conditions and the following disclaimer in their documentation.
+; 2. binary distributions include the above copyright notice, this list
+; of conditions and the following disclaimer in their documentation;
+;
+; 3. the name of the copyright holder is not used to endorse products
+; built using this software without specific written permission.
+;
+; DISCLAIMER
;
; This software is provided 'as is' with no explicit or implied warranties
-; in respect of its operation, including, but not limited to, correctness
-; and fitness for purpose.
+; in respect of its properties, including, but not limited to, correctness
+; and/or fitness for purpose.
; ---------------------------------------------------------------------------
-; Issue Date: 20/11/2013
+; Issue 13/08/2008
;
; This code requires either ASM_X86_V2 or ASM_X86_V2C to be set in aesopt.h
; and the same define to be set here as well. If AES_V2C is set this file
@@ -72,14 +79,6 @@
; where is 128, 102 or 256. In the last two calls the length can be in
; either bits or bytes.
-; Use of this assembler code in Windows kernel mode requires memory paging
-; to be disabled
-%ifdef NO_PAGING
-%define set_page nopage
-%else
-%define set_page
-%endif
-
; The DLL interface must use the _stdcall convention in which the number
; of bytes of parameter space is added after an @ to the sutine's name.
; We must also remove our parameters from the stack before return (see
@@ -146,8 +145,6 @@
;
; End of user defines
- section .text align=32 set_page
-
%ifdef AES_VAR
%ifndef AES_128
%define AES_128
@@ -349,7 +346,7 @@
; Apply S-Box to the 4 bytes in a 32-bit word and rotate byte positions
%ifdef REDUCE_CODE_SIZE
-
+
global _ls_sub
_ls_sub: ; ls_sub(t,n) = ls_box(t,n)
mov ecx,[esp+8]
@@ -414,7 +411,25 @@ stk_spc equ 16 ; stack space
%define ENCRYPTION_TABLE
-%macro _enc_round 0
+%ifdef REDUCE_CODE_SIZE
+
+enc_round:
+ add ebp,16
+ mov esi,[ebp+8]
+ mov edi,[ebp+12]
+ push ebp
+ rnd_fun nr_xor, nr_mov
+ mov eax,ebp
+ pop ebp
+ mov ecx,esi
+ mov edx,edi
+ xor eax,[ebp]
+ xor ebx,[ebp+4]
+ ret
+
+%else
+
+%macro enc_round 0
add ebp,16
mov esi,[ebp+8]
@@ -430,18 +445,6 @@ stk_spc equ 16 ; stack space
%endmacro
-%ifdef REDUCE_CODE_SIZE
-
-enc_round:
- _enc_round
- ret
-
-%else
-
-%macro enc_round 0
- _enc_round
-%endmacro
-
%endif
%macro enc_last_round 0
@@ -458,7 +461,10 @@ enc_round:
%endmacro
+ section .text align=32
+
; AES Encryption Subroutine
+
align 32
do_name _aes_encrypt,12
push ebp
@@ -783,6 +789,51 @@ enc_round:
%endif
+%ifdef ENCRYPTION_TABLE
+
+; S-box data - 256 entries
+
+ section .data align=32
+ align 32
+
+%define u8(x) 0, x, x, f3(x), f2(x), x, x, f3(x)
+
+enc_tab:
+ db u8(0x63),u8(0x7c),u8(0x77),u8(0x7b),u8(0xf2),u8(0x6b),u8(0x6f),u8(0xc5)
+ db u8(0x30),u8(0x01),u8(0x67),u8(0x2b),u8(0xfe),u8(0xd7),u8(0xab),u8(0x76)
+ db u8(0xca),u8(0x82),u8(0xc9),u8(0x7d),u8(0xfa),u8(0x59),u8(0x47),u8(0xf0)
+ db u8(0xad),u8(0xd4),u8(0xa2),u8(0xaf),u8(0x9c),u8(0xa4),u8(0x72),u8(0xc0)
+ db u8(0xb7),u8(0xfd),u8(0x93),u8(0x26),u8(0x36),u8(0x3f),u8(0xf7),u8(0xcc)
+ db u8(0x34),u8(0xa5),u8(0xe5),u8(0xf1),u8(0x71),u8(0xd8),u8(0x31),u8(0x15)
+ db u8(0x04),u8(0xc7),u8(0x23),u8(0xc3),u8(0x18),u8(0x96),u8(0x05),u8(0x9a)
+ db u8(0x07),u8(0x12),u8(0x80),u8(0xe2),u8(0xeb),u8(0x27),u8(0xb2),u8(0x75)
+ db u8(0x09),u8(0x83),u8(0x2c),u8(0x1a),u8(0x1b),u8(0x6e),u8(0x5a),u8(0xa0)
+ db u8(0x52),u8(0x3b),u8(0xd6),u8(0xb3),u8(0x29),u8(0xe3),u8(0x2f),u8(0x84)
+ db u8(0x53),u8(0xd1),u8(0x00),u8(0xed),u8(0x20),u8(0xfc),u8(0xb1),u8(0x5b)
+ db u8(0x6a),u8(0xcb),u8(0xbe),u8(0x39),u8(0x4a),u8(0x4c),u8(0x58),u8(0xcf)
+ db u8(0xd0),u8(0xef),u8(0xaa),u8(0xfb),u8(0x43),u8(0x4d),u8(0x33),u8(0x85)
+ db u8(0x45),u8(0xf9),u8(0x02),u8(0x7f),u8(0x50),u8(0x3c),u8(0x9f),u8(0xa8)
+ db u8(0x51),u8(0xa3),u8(0x40),u8(0x8f),u8(0x92),u8(0x9d),u8(0x38),u8(0xf5)
+ db u8(0xbc),u8(0xb6),u8(0xda),u8(0x21),u8(0x10),u8(0xff),u8(0xf3),u8(0xd2)
+ db u8(0xcd),u8(0x0c),u8(0x13),u8(0xec),u8(0x5f),u8(0x97),u8(0x44),u8(0x17)
+ db u8(0xc4),u8(0xa7),u8(0x7e),u8(0x3d),u8(0x64),u8(0x5d),u8(0x19),u8(0x73)
+ db u8(0x60),u8(0x81),u8(0x4f),u8(0xdc),u8(0x22),u8(0x2a),u8(0x90),u8(0x88)
+ db u8(0x46),u8(0xee),u8(0xb8),u8(0x14),u8(0xde),u8(0x5e),u8(0x0b),u8(0xdb)
+ db u8(0xe0),u8(0x32),u8(0x3a),u8(0x0a),u8(0x49),u8(0x06),u8(0x24),u8(0x5c)
+ db u8(0xc2),u8(0xd3),u8(0xac),u8(0x62),u8(0x91),u8(0x95),u8(0xe4),u8(0x79)
+ db u8(0xe7),u8(0xc8),u8(0x37),u8(0x6d),u8(0x8d),u8(0xd5),u8(0x4e),u8(0xa9)
+ db u8(0x6c),u8(0x56),u8(0xf4),u8(0xea),u8(0x65),u8(0x7a),u8(0xae),u8(0x08)
+ db u8(0xba),u8(0x78),u8(0x25),u8(0x2e),u8(0x1c),u8(0xa6),u8(0xb4),u8(0xc6)
+ db u8(0xe8),u8(0xdd),u8(0x74),u8(0x1f),u8(0x4b),u8(0xbd),u8(0x8b),u8(0x8a)
+ db u8(0x70),u8(0x3e),u8(0xb5),u8(0x66),u8(0x48),u8(0x03),u8(0xf6),u8(0x0e)
+ db u8(0x61),u8(0x35),u8(0x57),u8(0xb9),u8(0x86),u8(0xc1),u8(0x1d),u8(0x9e)
+ db u8(0xe1),u8(0xf8),u8(0x98),u8(0x11),u8(0x69),u8(0xd9),u8(0x8e),u8(0x94)
+ db u8(0x9b),u8(0x1e),u8(0x87),u8(0xe9),u8(0xce),u8(0x55),u8(0x28),u8(0xdf)
+ db u8(0x8c),u8(0xa1),u8(0x89),u8(0x0d),u8(0xbf),u8(0xe6),u8(0x42),u8(0x68)
+ db u8(0x41),u8(0x99),u8(0x2d),u8(0x0f),u8(0xb0),u8(0x54),u8(0xbb),u8(0x16)
+
+%endif
+
%ifdef DECRYPTION
%define DECRYPTION_TABLE
@@ -852,7 +903,29 @@ enc_round:
%endif
%endmacro
-%macro _dec_round 0
+%ifdef REDUCE_CODE_SIZE
+
+dec_round:
+%ifdef AES_REV_DKS
+ add ebp,16
+%else
+ sub ebp,16
+%endif
+ mov esi,[ebp+8]
+ mov edi,[ebp+12]
+ push ebp
+ irn_fun ni_xor, ni_mov
+ mov ebx,ebp
+ pop ebp
+ mov ecx,esi
+ mov edx,edi
+ xor eax,[ebp]
+ xor ebx,[ebp+4]
+ ret
+
+%else
+
+%macro dec_round 0
%ifdef AES_REV_DKS
add ebp,16
@@ -872,19 +945,6 @@ enc_round:
%endmacro
-%ifdef REDUCE_CODE_SIZE
-
- align 32
-dec_round:
- _dec_round
- ret
-
-%else
-
-%macro dec_round 0
- _dec_round
-%endmacro
-
%endif
%macro dec_last_round 0
@@ -905,7 +965,10 @@ dec_round:
%endmacro
+ section .text
+
; AES Decryption Subroutine
+
align 32
do_name _aes_decrypt,12
push ebp
@@ -1305,56 +1368,15 @@ dec_end:
%endif
-%endif
-
- section .data align=32 set_page
-
-%ifdef ENCRYPTION_TABLE
-
-; S-box data - 256 entries
-
-%define u8(x) 0, x, x, f3(x), f2(x), x, x, f3(x)
-
-enc_tab:
- db u8(0x63),u8(0x7c),u8(0x77),u8(0x7b),u8(0xf2),u8(0x6b),u8(0x6f),u8(0xc5)
- db u8(0x30),u8(0x01),u8(0x67),u8(0x2b),u8(0xfe),u8(0xd7),u8(0xab),u8(0x76)
- db u8(0xca),u8(0x82),u8(0xc9),u8(0x7d),u8(0xfa),u8(0x59),u8(0x47),u8(0xf0)
- db u8(0xad),u8(0xd4),u8(0xa2),u8(0xaf),u8(0x9c),u8(0xa4),u8(0x72),u8(0xc0)
- db u8(0xb7),u8(0xfd),u8(0x93),u8(0x26),u8(0x36),u8(0x3f),u8(0xf7),u8(0xcc)
- db u8(0x34),u8(0xa5),u8(0xe5),u8(0xf1),u8(0x71),u8(0xd8),u8(0x31),u8(0x15)
- db u8(0x04),u8(0xc7),u8(0x23),u8(0xc3),u8(0x18),u8(0x96),u8(0x05),u8(0x9a)
- db u8(0x07),u8(0x12),u8(0x80),u8(0xe2),u8(0xeb),u8(0x27),u8(0xb2),u8(0x75)
- db u8(0x09),u8(0x83),u8(0x2c),u8(0x1a),u8(0x1b),u8(0x6e),u8(0x5a),u8(0xa0)
- db u8(0x52),u8(0x3b),u8(0xd6),u8(0xb3),u8(0x29),u8(0xe3),u8(0x2f),u8(0x84)
- db u8(0x53),u8(0xd1),u8(0x00),u8(0xed),u8(0x20),u8(0xfc),u8(0xb1),u8(0x5b)
- db u8(0x6a),u8(0xcb),u8(0xbe),u8(0x39),u8(0x4a),u8(0x4c),u8(0x58),u8(0xcf)
- db u8(0xd0),u8(0xef),u8(0xaa),u8(0xfb),u8(0x43),u8(0x4d),u8(0x33),u8(0x85)
- db u8(0x45),u8(0xf9),u8(0x02),u8(0x7f),u8(0x50),u8(0x3c),u8(0x9f),u8(0xa8)
- db u8(0x51),u8(0xa3),u8(0x40),u8(0x8f),u8(0x92),u8(0x9d),u8(0x38),u8(0xf5)
- db u8(0xbc),u8(0xb6),u8(0xda),u8(0x21),u8(0x10),u8(0xff),u8(0xf3),u8(0xd2)
- db u8(0xcd),u8(0x0c),u8(0x13),u8(0xec),u8(0x5f),u8(0x97),u8(0x44),u8(0x17)
- db u8(0xc4),u8(0xa7),u8(0x7e),u8(0x3d),u8(0x64),u8(0x5d),u8(0x19),u8(0x73)
- db u8(0x60),u8(0x81),u8(0x4f),u8(0xdc),u8(0x22),u8(0x2a),u8(0x90),u8(0x88)
- db u8(0x46),u8(0xee),u8(0xb8),u8(0x14),u8(0xde),u8(0x5e),u8(0x0b),u8(0xdb)
- db u8(0xe0),u8(0x32),u8(0x3a),u8(0x0a),u8(0x49),u8(0x06),u8(0x24),u8(0x5c)
- db u8(0xc2),u8(0xd3),u8(0xac),u8(0x62),u8(0x91),u8(0x95),u8(0xe4),u8(0x79)
- db u8(0xe7),u8(0xc8),u8(0x37),u8(0x6d),u8(0x8d),u8(0xd5),u8(0x4e),u8(0xa9)
- db u8(0x6c),u8(0x56),u8(0xf4),u8(0xea),u8(0x65),u8(0x7a),u8(0xae),u8(0x08)
- db u8(0xba),u8(0x78),u8(0x25),u8(0x2e),u8(0x1c),u8(0xa6),u8(0xb4),u8(0xc6)
- db u8(0xe8),u8(0xdd),u8(0x74),u8(0x1f),u8(0x4b),u8(0xbd),u8(0x8b),u8(0x8a)
- db u8(0x70),u8(0x3e),u8(0xb5),u8(0x66),u8(0x48),u8(0x03),u8(0xf6),u8(0x0e)
- db u8(0x61),u8(0x35),u8(0x57),u8(0xb9),u8(0x86),u8(0xc1),u8(0x1d),u8(0x9e)
- db u8(0xe1),u8(0xf8),u8(0x98),u8(0x11),u8(0x69),u8(0xd9),u8(0x8e),u8(0x94)
- db u8(0x9b),u8(0x1e),u8(0x87),u8(0xe9),u8(0xce),u8(0x55),u8(0x28),u8(0xdf)
- db u8(0x8c),u8(0xa1),u8(0x89),u8(0x0d),u8(0xbf),u8(0xe6),u8(0x42),u8(0x68)
- db u8(0x41),u8(0x99),u8(0x2d),u8(0x0f),u8(0xb0),u8(0x54),u8(0xbb),u8(0x16)
-
%endif
%ifdef DECRYPTION_TABLE
; Inverse S-box data - 256 entries
+ section .data
+ align 32
+
%define v8(x) fe(x), f9(x), fd(x), fb(x), fe(x), f9(x), fd(x), x
dec_tab:
@@ -1394,3 +1416,4 @@ dec_tab:
%endif
end
+
diff --git a/crypto/src/main/jni/final_key/aes/aescpp.h b/crypto/src/main/jni/aes/aes/aescpp.h
similarity index 79%
rename from crypto/src/main/jni/final_key/aes/aescpp.h
rename to crypto/src/main/jni/aes/aes/aescpp.h
index 16b919112..291b4e09b 100644
--- a/crypto/src/main/jni/final_key/aes/aescpp.h
+++ b/crypto/src/main/jni/aes/aes/aescpp.h
@@ -1,21 +1,28 @@
/*
----------------------------------------------------------------------------
-Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
+ ---------------------------------------------------------------------------
+ Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved.
-The redistribution and use of this software (with or without changes)
-is allowed without the payment of fees or royalties provided that:
+ LICENSE TERMS
- source code distributions include the above copyright notice, this
- list of conditions and the following disclaimer;
+ The redistribution and use of this software (with or without changes)
+ is allowed without the payment of fees or royalties provided that:
- binary distributions include the above copyright notice, this list
- of conditions and the following disclaimer in their documentation.
+ 1. source code distributions include the above copyright notice, this
+ list of conditions and the following disclaimer;
-This software is provided 'as is' with no explicit or implied warranties
-in respect of its operation, including, but not limited to, correctness
-and fitness for purpose.
----------------------------------------------------------------------------
-Issue Date: 20/12/2007
+ 2. binary distributions include the above copyright notice, this list
+ of conditions and the following disclaimer in their documentation;
+
+ 3. the name of the copyright holder is not used to endorse products
+ built using this software without specific written permission.
+
+ DISCLAIMER
+
+ This software is provided 'as is' with no explicit or implied warranties
+ in respect of its properties, including, but not limited to, correctness
+ and/or fitness for purpose.
+ ---------------------------------------------------------------------------
+ Issue Date: 20/12/2007
This file contains the definitions required to use AES (Rijndael) in C++.
*/
diff --git a/crypto/src/main/jni/final_key/aes/aescrypt.c b/crypto/src/main/jni/aes/aes/aescrypt.c
similarity index 75%
rename from crypto/src/main/jni/final_key/aes/aescrypt.c
rename to crypto/src/main/jni/aes/aes/aescrypt.c
index 4c2b0db1c..f11e56c34 100644
--- a/crypto/src/main/jni/final_key/aes/aescrypt.c
+++ b/crypto/src/main/jni/aes/aes/aescrypt.c
@@ -1,33 +1,33 @@
/*
----------------------------------------------------------------------------
-Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
+ ---------------------------------------------------------------------------
+ Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved.
-The redistribution and use of this software (with or without changes)
-is allowed without the payment of fees or royalties provided that:
+ LICENSE TERMS
- source code distributions include the above copyright notice, this
- list of conditions and the following disclaimer;
+ The redistribution and use of this software (with or without changes)
+ is allowed without the payment of fees or royalties provided that:
- binary distributions include the above copyright notice, this list
- of conditions and the following disclaimer in their documentation.
+ 1. source code distributions include the above copyright notice, this
+ list of conditions and the following disclaimer;
-This software is provided 'as is' with no explicit or implied warranties
-in respect of its operation, including, but not limited to, correctness
-and fitness for purpose.
----------------------------------------------------------------------------
-Issue Date: 20/12/2007
+ 2. binary distributions include the above copyright notice, this list
+ of conditions and the following disclaimer in their documentation;
+
+ 3. the name of the copyright holder is not used to endorse products
+ built using this software without specific written permission.
+
+ DISCLAIMER
+
+ This software is provided 'as is' with no explicit or implied warranties
+ in respect of its properties, including, but not limited to, correctness
+ and/or fitness for purpose.
+ ---------------------------------------------------------------------------
+ Issue Date: 20/12/2007
*/
#include "aesopt.h"
#include "aestab.h"
-#if defined( USE_INTEL_AES_IF_PRESENT )
-# include "aes_ni.h"
-#else
-/* map names here to provide the external API ('name' -> 'aes_name') */
-# define aes_xi(x) aes_ ## x
-#endif
-
#if defined(__cplusplus)
extern "C"
{
@@ -51,11 +51,11 @@ extern "C"
#if ( FUNCS_IN_C & ENCRYPTION_IN_C )
/* Visual C++ .Net v7.1 provides the fastest encryption code when using
- Pentium optimisation with small code but this is poor for decryption
+ Pentium optimiation with small code but this is poor for decryption
so we need to control this with the following VC++ pragmas
*/
-#if defined( _MSC_VER ) && !defined( _WIN64 ) && !defined( __clang__ )
+#if defined( _MSC_VER ) && !defined( _WIN64 )
#pragma optimize( "s", on )
#endif
@@ -94,32 +94,32 @@ extern "C"
#define fwd_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ no_table(x,t_use(s,box),fwd_var,rf1,c))
#endif
-AES_RETURN aes_xi(encrypt)(const unsigned char *in, unsigned char *out, const aes_encrypt_ctx cx[1])
-{ uint32_t locals(b0, b1);
- const uint32_t *kp;
+AES_RETURN aes_encrypt(const unsigned char *in, unsigned char *out, const aes_encrypt_ctx cx[1])
+{ uint_32t locals(b0, b1);
+ const uint_32t *kp;
#if defined( dec_fmvars )
dec_fmvars; /* declare variables for fwd_mcol() if needed */
#endif
- if(cx->inf.b[0] != 10 * AES_BLOCK_SIZE && cx->inf.b[0] != 12 * AES_BLOCK_SIZE && cx->inf.b[0] != 14 * AES_BLOCK_SIZE)
- return EXIT_FAILURE;
+ if( cx->inf.b[0] != 10 * 16 && cx->inf.b[0] != 12 * 16 && cx->inf.b[0] != 14 * 16 )
+ return EXIT_FAILURE;
- kp = cx->ks;
+ kp = cx->ks;
state_in(b0, in, kp);
#if (ENC_UNROLL == FULL)
switch(cx->inf.b[0])
{
- case 14 * AES_BLOCK_SIZE:
+ case 14 * 16:
round(fwd_rnd, b1, b0, kp + 1 * N_COLS);
round(fwd_rnd, b0, b1, kp + 2 * N_COLS);
kp += 2 * N_COLS;
- case 12 * AES_BLOCK_SIZE:
+ case 12 * 16:
round(fwd_rnd, b1, b0, kp + 1 * N_COLS);
round(fwd_rnd, b0, b1, kp + 2 * N_COLS);
kp += 2 * N_COLS;
- case 10 * AES_BLOCK_SIZE:
+ case 10 * 16:
round(fwd_rnd, b1, b0, kp + 1 * N_COLS);
round(fwd_rnd, b0, b1, kp + 2 * N_COLS);
round(fwd_rnd, b1, b0, kp + 3 * N_COLS);
@@ -135,8 +135,8 @@ AES_RETURN aes_xi(encrypt)(const unsigned char *in, unsigned char *out, const ae
#else
#if (ENC_UNROLL == PARTIAL)
- { uint32_t rnd;
- for(rnd = 0; rnd < (cx->inf.b[0] >> 5) - 1ul; ++rnd)
+ { uint_32t rnd;
+ for(rnd = 0; rnd < (cx->inf.b[0] >> 5) - 1; ++rnd)
{
kp += N_COLS;
round(fwd_rnd, b1, b0, kp);
@@ -146,8 +146,8 @@ AES_RETURN aes_xi(encrypt)(const unsigned char *in, unsigned char *out, const ae
kp += N_COLS;
round(fwd_rnd, b1, b0, kp);
#else
- { uint32_t rnd;
- for(rnd = 0; rnd < (cx->inf.b[0] >> 4) - 1ul; ++rnd)
+ { uint_32t rnd;
+ for(rnd = 0; rnd < (cx->inf.b[0] >> 4) - 1; ++rnd)
{
kp += N_COLS;
round(fwd_rnd, b1, b0, kp);
@@ -168,11 +168,11 @@ AES_RETURN aes_xi(encrypt)(const unsigned char *in, unsigned char *out, const ae
#if ( FUNCS_IN_C & DECRYPTION_IN_C)
/* Visual C++ .Net v7.1 provides the fastest encryption code when using
- Pentium optimisation with small code but this is poor for decryption
+ Pentium optimiation with small code but this is poor for decryption
so we need to control this with the following VC++ pragmas
*/
-#if defined( _MSC_VER ) && !defined( _WIN64 ) && !defined( __clang__ )
+#if defined( _MSC_VER ) && !defined( _WIN64 )
#pragma optimize( "t", on )
#endif
@@ -212,7 +212,7 @@ AES_RETURN aes_xi(encrypt)(const unsigned char *in, unsigned char *out, const ae
#endif
/* This code can work with the decryption key schedule in the */
-/* order that is used for encryption (where the 1st decryption */
+/* order that is used for encrytpion (where the 1st decryption */
/* round key is at the high end ot the schedule) or with a key */
/* schedule that has been reversed to put the 1st decryption */
/* round key at the low end of the schedule in memory (when */
@@ -226,15 +226,15 @@ AES_RETURN aes_xi(encrypt)(const unsigned char *in, unsigned char *out, const ae
#define rnd_key(n) (kp - n * N_COLS)
#endif
-AES_RETURN aes_xi(decrypt)(const unsigned char *in, unsigned char *out, const aes_decrypt_ctx cx[1])
-{ uint32_t locals(b0, b1);
+AES_RETURN aes_decrypt(const unsigned char *in, unsigned char *out, const aes_decrypt_ctx cx[1])
+{ uint_32t locals(b0, b1);
#if defined( dec_imvars )
dec_imvars; /* declare variables for inv_mcol() if needed */
#endif
- const uint32_t *kp;
+ const uint_32t *kp;
- if(cx->inf.b[0] != 10 * AES_BLOCK_SIZE && cx->inf.b[0] != 12 * AES_BLOCK_SIZE && cx->inf.b[0] != 14 * AES_BLOCK_SIZE)
- return EXIT_FAILURE;
+ if( cx->inf.b[0] != 10 * 16 && cx->inf.b[0] != 12 * 16 && cx->inf.b[0] != 14 * 16 )
+ return EXIT_FAILURE;
kp = cx->ks + (key_ofs ? (cx->inf.b[0] >> 2) : 0);
state_in(b0, in, kp);
@@ -244,13 +244,13 @@ AES_RETURN aes_xi(decrypt)(const unsigned char *in, unsigned char *out, const ae
kp = cx->ks + (key_ofs ? 0 : (cx->inf.b[0] >> 2));
switch(cx->inf.b[0])
{
- case 14 * AES_BLOCK_SIZE:
+ case 14 * 16:
round(inv_rnd, b1, b0, rnd_key(-13));
round(inv_rnd, b0, b1, rnd_key(-12));
- case 12 * AES_BLOCK_SIZE:
+ case 12 * 16:
round(inv_rnd, b1, b0, rnd_key(-11));
round(inv_rnd, b0, b1, rnd_key(-10));
- case 10 * AES_BLOCK_SIZE:
+ case 10 * 16:
round(inv_rnd, b1, b0, rnd_key(-9));
round(inv_rnd, b0, b1, rnd_key(-8));
round(inv_rnd, b1, b0, rnd_key(-7));
@@ -266,8 +266,8 @@ AES_RETURN aes_xi(decrypt)(const unsigned char *in, unsigned char *out, const ae
#else
#if (DEC_UNROLL == PARTIAL)
- { uint32_t rnd;
- for(rnd = 0; rnd < (cx->inf.b[0] >> 5) - 1ul; ++rnd)
+ { uint_32t rnd;
+ for(rnd = 0; rnd < (cx->inf.b[0] >> 5) - 1; ++rnd)
{
kp = rnd_key(1);
round(inv_rnd, b1, b0, kp);
@@ -277,8 +277,8 @@ AES_RETURN aes_xi(decrypt)(const unsigned char *in, unsigned char *out, const ae
kp = rnd_key(1);
round(inv_rnd, b1, b0, kp);
#else
- { uint32_t rnd;
- for(rnd = 0; rnd < (cx->inf.b[0] >> 4) - 1ul; ++rnd)
+ { uint_32t rnd;
+ for(rnd = 0; rnd < (cx->inf.b[0] >> 4) - 1; ++rnd)
{
kp = rnd_key(1);
round(inv_rnd, b1, b0, kp);
diff --git a/crypto/src/main/jni/final_key/aes/aeskey.c b/crypto/src/main/jni/aes/aes/aeskey.c
similarity index 79%
rename from crypto/src/main/jni/final_key/aes/aeskey.c
rename to crypto/src/main/jni/aes/aes/aeskey.c
index 11ed11add..fb122b244 100644
--- a/crypto/src/main/jni/final_key/aes/aeskey.c
+++ b/crypto/src/main/jni/aes/aes/aeskey.c
@@ -1,33 +1,33 @@
/*
----------------------------------------------------------------------------
-Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
+ ---------------------------------------------------------------------------
+ Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved.
-The redistribution and use of this software (with or without changes)
-is allowed without the payment of fees or royalties provided that:
+ LICENSE TERMS
- source code distributions include the above copyright notice, this
- list of conditions and the following disclaimer;
+ The redistribution and use of this software (with or without changes)
+ is allowed without the payment of fees or royalties provided that:
- binary distributions include the above copyright notice, this list
- of conditions and the following disclaimer in their documentation.
+ 1. source code distributions include the above copyright notice, this
+ list of conditions and the following disclaimer;
-This software is provided 'as is' with no explicit or implied warranties
-in respect of its operation, including, but not limited to, correctness
-and fitness for purpose.
----------------------------------------------------------------------------
-Issue Date: 20/12/2007
+ 2. binary distributions include the above copyright notice, this list
+ of conditions and the following disclaimer in their documentation;
+
+ 3. the name of the copyright holder is not used to endorse products
+ built using this software without specific written permission.
+
+ DISCLAIMER
+
+ This software is provided 'as is' with no explicit or implied warranties
+ in respect of its properties, including, but not limited to, correctness
+ and/or fitness for purpose.
+ ---------------------------------------------------------------------------
+ Issue Date: 20/12/2007
*/
#include "aesopt.h"
#include "aestab.h"
-#if defined( USE_INTEL_AES_IF_PRESENT )
-# include "aes_ni.h"
-#else
-/* map names here to provide the external API ('name' -> 'aes_name') */
-# define aes_xi(x) aes_ ## x
-#endif
-
#ifdef USE_VIA_ACE_IF_PRESENT
# include "aes_via_ace.h"
#endif
@@ -37,13 +37,6 @@ extern "C"
{
#endif
-/* Use the low bit in the context's inf.b[2] as a flag to
- indicate whether a context was initialized for encryption
- or decryption.
-*/
-#define MARK_AS_ENCRYPTION_CTX(cx) (cx)->inf.b[2] |= (uint8_t)0x01
-#define MARK_AS_DECRYPTION_CTX(cx) (cx)->inf.b[2] &= (uint8_t)0xfe
-
/* Initialise the key schedule from the user supplied key. The key
length can be specified in bytes, with legal values of 16, 24
and 32, or in bits, with legal values of 128, 192 and 256. These
@@ -64,9 +57,9 @@ extern "C"
#if defined( REDUCE_CODE_SIZE )
# define ls_box ls_sub
- uint32_t ls_sub(const uint32_t t, const uint32_t n);
+ uint_32t ls_sub(const uint_32t t, const uint_32t n);
# define inv_mcol im_sub
- uint32_t im_sub(const uint32_t x);
+ uint_32t im_sub(const uint_32t x);
# ifdef ENC_KS_UNROLL
# undef ENC_KS_UNROLL
# endif
@@ -86,8 +79,8 @@ extern "C"
k[4*(i)+7] = ss[3] ^= ss[2]; \
}
-AES_RETURN aes_xi(encrypt_key128)(const unsigned char *key, aes_encrypt_ctx cx[1])
-{ uint32_t ss[4];
+AES_RETURN aes_encrypt_key128(const unsigned char *key, aes_encrypt_ctx cx[1])
+{ uint_32t ss[4];
cx->ks[0] = ss[0] = word_in(key, 0);
cx->ks[1] = ss[1] = word_in(key, 1);
@@ -101,20 +94,19 @@ AES_RETURN aes_xi(encrypt_key128)(const unsigned char *key, aes_encrypt_ctx cx[1
ke4(cx->ks, 6); ke4(cx->ks, 7);
ke4(cx->ks, 8);
#else
- { uint32_t i;
+ { uint_32t i;
for(i = 0; i < 9; ++i)
ke4(cx->ks, i);
}
#endif
ke4(cx->ks, 9);
cx->inf.l = 0;
- cx->inf.b[0] = 10 * AES_BLOCK_SIZE;
+ cx->inf.b[0] = 10 * 16;
#ifdef USE_VIA_ACE_IF_PRESENT
if(VIA_ACE_AVAILABLE)
cx->inf.b[1] = 0xff;
#endif
- MARK_AS_ENCRYPTION_CTX(cx);
return EXIT_SUCCESS;
}
@@ -135,10 +127,10 @@ AES_RETURN aes_xi(encrypt_key128)(const unsigned char *key, aes_encrypt_ctx cx[1
k[6*(i)+11] = ss[5] ^= ss[4]; \
}
-AES_RETURN aes_xi(encrypt_key192)(const unsigned char *key, aes_encrypt_ctx cx[1])
-{ uint32_t ss[6];
+AES_RETURN aes_encrypt_key192(const unsigned char *key, aes_encrypt_ctx cx[1])
+{ uint_32t ss[6];
- cx->ks[0] = ss[0] = word_in(key, 0);
+ cx->ks[0] = ss[0] = word_in(key, 0);
cx->ks[1] = ss[1] = word_in(key, 1);
cx->ks[2] = ss[2] = word_in(key, 2);
cx->ks[3] = ss[3] = word_in(key, 3);
@@ -151,20 +143,19 @@ AES_RETURN aes_xi(encrypt_key192)(const unsigned char *key, aes_encrypt_ctx cx[1
ke6(cx->ks, 4); ke6(cx->ks, 5);
ke6(cx->ks, 6);
#else
- { uint32_t i;
+ { uint_32t i;
for(i = 0; i < 7; ++i)
ke6(cx->ks, i);
}
#endif
kef6(cx->ks, 7);
cx->inf.l = 0;
- cx->inf.b[0] = 12 * AES_BLOCK_SIZE;
+ cx->inf.b[0] = 12 * 16;
#ifdef USE_VIA_ACE_IF_PRESENT
if(VIA_ACE_AVAILABLE)
cx->inf.b[1] = 0xff;
#endif
- MARK_AS_ENCRYPTION_CTX(cx);
return EXIT_SUCCESS;
}
@@ -187,8 +178,8 @@ AES_RETURN aes_xi(encrypt_key192)(const unsigned char *key, aes_encrypt_ctx cx[1
k[8*(i)+15] = ss[7] ^= ss[6]; \
}
-AES_RETURN aes_xi(encrypt_key256)(const unsigned char *key, aes_encrypt_ctx cx[1])
-{ uint32_t ss[8];
+AES_RETURN aes_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1])
+{ uint_32t ss[8];
cx->ks[0] = ss[0] = word_in(key, 0);
cx->ks[1] = ss[1] = word_in(key, 1);
@@ -204,25 +195,39 @@ AES_RETURN aes_xi(encrypt_key256)(const unsigned char *key, aes_encrypt_ctx cx[1
ke8(cx->ks, 2); ke8(cx->ks, 3);
ke8(cx->ks, 4); ke8(cx->ks, 5);
#else
- { uint32_t i;
+ { uint_32t i;
for(i = 0; i < 6; ++i)
ke8(cx->ks, i);
}
#endif
kef8(cx->ks, 6);
cx->inf.l = 0;
- cx->inf.b[0] = 14 * AES_BLOCK_SIZE;
+ cx->inf.b[0] = 14 * 16;
#ifdef USE_VIA_ACE_IF_PRESENT
if(VIA_ACE_AVAILABLE)
cx->inf.b[1] = 0xff;
#endif
- MARK_AS_ENCRYPTION_CTX(cx);
return EXIT_SUCCESS;
}
#endif
+#if defined( AES_VAR )
+
+AES_RETURN aes_encrypt_key(const unsigned char *key, int key_len, aes_encrypt_ctx cx[1])
+{
+ switch(key_len)
+ {
+ case 16: case 128: return aes_encrypt_key128(key, cx);
+ case 24: case 192: return aes_encrypt_key192(key, cx);
+ case 32: case 256: return aes_encrypt_key256(key, cx);
+ default: return EXIT_FAILURE;
+ }
+}
+
+#endif
+
#endif
#if (FUNCS_IN_C & DEC_KEYING_IN_C)
@@ -311,13 +316,12 @@ AES_RETURN aes_xi(encrypt_key256)(const unsigned char *key, aes_encrypt_ctx cx[1
#endif
-AES_RETURN aes_xi(decrypt_key128)(const unsigned char *key, aes_decrypt_ctx cx[1])
-{ uint32_t ss[5];
+AES_RETURN aes_decrypt_key128(const unsigned char *key, aes_decrypt_ctx cx[1])
+{ uint_32t ss[5];
#if defined( d_vars )
d_vars;
#endif
-
- cx->ks[v(40,(0))] = ss[0] = word_in(key, 0);
+ cx->ks[v(40,(0))] = ss[0] = word_in(key, 0);
cx->ks[v(40,(1))] = ss[1] = word_in(key, 1);
cx->ks[v(40,(2))] = ss[2] = word_in(key, 2);
cx->ks[v(40,(3))] = ss[3] = word_in(key, 3);
@@ -329,7 +333,7 @@ AES_RETURN aes_xi(decrypt_key128)(const unsigned char *key, aes_decrypt_ctx cx[1
kd4(cx->ks, 6); kd4(cx->ks, 7);
kd4(cx->ks, 8); kdl4(cx->ks, 9);
#else
- { uint32_t i;
+ { uint_32t i;
for(i = 0; i < 10; ++i)
k4e(cx->ks, i);
#if !(DEC_ROUND == NO_TABLES)
@@ -339,13 +343,12 @@ AES_RETURN aes_xi(decrypt_key128)(const unsigned char *key, aes_decrypt_ctx cx[1
}
#endif
cx->inf.l = 0;
- cx->inf.b[0] = 10 * AES_BLOCK_SIZE;
+ cx->inf.b[0] = 10 * 16;
#ifdef USE_VIA_ACE_IF_PRESENT
if(VIA_ACE_AVAILABLE)
cx->inf.b[1] = 0xff;
#endif
- MARK_AS_DECRYPTION_CTX(cx);
return EXIT_SUCCESS;
}
@@ -392,22 +395,19 @@ AES_RETURN aes_xi(decrypt_key128)(const unsigned char *key, aes_decrypt_ctx cx[1
ss[3] ^= ss[2]; k[v(48,(6*(i))+ 9)] = ss[3]; \
}
-AES_RETURN aes_xi(decrypt_key192)(const unsigned char *key, aes_decrypt_ctx cx[1])
-{ uint32_t ss[7];
+AES_RETURN aes_decrypt_key192(const unsigned char *key, aes_decrypt_ctx cx[1])
+{ uint_32t ss[7];
#if defined( d_vars )
d_vars;
#endif
-
cx->ks[v(48,(0))] = ss[0] = word_in(key, 0);
cx->ks[v(48,(1))] = ss[1] = word_in(key, 1);
cx->ks[v(48,(2))] = ss[2] = word_in(key, 2);
cx->ks[v(48,(3))] = ss[3] = word_in(key, 3);
#ifdef DEC_KS_UNROLL
- ss[4] = word_in(key, 4);
- ss[5] = word_in(key, 5);
- cx->ks[v(48, (4))] = ff(ss[4]);
- cx->ks[v(48, (5))] = ff(ss[5]);
+ cx->ks[v(48,(4))] = ff(ss[4] = word_in(key, 4));
+ cx->ks[v(48,(5))] = ff(ss[5] = word_in(key, 5));
kdf6(cx->ks, 0); kd6(cx->ks, 1);
kd6(cx->ks, 2); kd6(cx->ks, 3);
kd6(cx->ks, 4); kd6(cx->ks, 5);
@@ -415,7 +415,7 @@ AES_RETURN aes_xi(decrypt_key192)(const unsigned char *key, aes_decrypt_ctx cx[1
#else
cx->ks[v(48,(4))] = ss[4] = word_in(key, 4);
cx->ks[v(48,(5))] = ss[5] = word_in(key, 5);
- { uint32_t i;
+ { uint_32t i;
for(i = 0; i < 7; ++i)
k6e(cx->ks, i);
@@ -427,13 +427,12 @@ AES_RETURN aes_xi(decrypt_key192)(const unsigned char *key, aes_decrypt_ctx cx[1
}
#endif
cx->inf.l = 0;
- cx->inf.b[0] = 12 * AES_BLOCK_SIZE;
+ cx->inf.b[0] = 12 * 16;
#ifdef USE_VIA_ACE_IF_PRESENT
if(VIA_ACE_AVAILABLE)
cx->inf.b[1] = 0xff;
#endif
- MARK_AS_DECRYPTION_CTX(cx);
return EXIT_SUCCESS;
}
@@ -487,26 +486,21 @@ AES_RETURN aes_xi(decrypt_key192)(const unsigned char *key, aes_decrypt_ctx cx[1
ss[3] ^= ss[2]; k[v(56,(8*(i))+11)] = ss[3]; \
}
-AES_RETURN aes_xi(decrypt_key256)(const unsigned char *key, aes_decrypt_ctx cx[1])
-{ uint32_t ss[9];
+AES_RETURN aes_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1])
+{ uint_32t ss[9];
#if defined( d_vars )
d_vars;
#endif
-
cx->ks[v(56,(0))] = ss[0] = word_in(key, 0);
cx->ks[v(56,(1))] = ss[1] = word_in(key, 1);
cx->ks[v(56,(2))] = ss[2] = word_in(key, 2);
cx->ks[v(56,(3))] = ss[3] = word_in(key, 3);
#ifdef DEC_KS_UNROLL
- ss[4] = word_in(key, 4);
- ss[5] = word_in(key, 5);
- ss[6] = word_in(key, 6);
- ss[7] = word_in(key, 7);
- cx->ks[v(56,(4))] = ff(ss[4]);
- cx->ks[v(56,(5))] = ff(ss[5]);
- cx->ks[v(56,(6))] = ff(ss[6]);
- cx->ks[v(56,(7))] = ff(ss[7]);
+ cx->ks[v(56,(4))] = ff(ss[4] = word_in(key, 4));
+ cx->ks[v(56,(5))] = ff(ss[5] = word_in(key, 5));
+ cx->ks[v(56,(6))] = ff(ss[6] = word_in(key, 6));
+ cx->ks[v(56,(7))] = ff(ss[7] = word_in(key, 7));
kdf8(cx->ks, 0); kd8(cx->ks, 1);
kd8(cx->ks, 2); kd8(cx->ks, 3);
kd8(cx->ks, 4); kd8(cx->ks, 5);
@@ -516,7 +510,7 @@ AES_RETURN aes_xi(decrypt_key256)(const unsigned char *key, aes_decrypt_ctx cx[1
cx->ks[v(56,(5))] = ss[5] = word_in(key, 5);
cx->ks[v(56,(6))] = ss[6] = word_in(key, 6);
cx->ks[v(56,(7))] = ss[7] = word_in(key, 7);
- { uint32_t i;
+ { uint_32t i;
for(i = 0; i < 6; ++i)
k8e(cx->ks, i);
@@ -528,46 +522,34 @@ AES_RETURN aes_xi(decrypt_key256)(const unsigned char *key, aes_decrypt_ctx cx[1
}
#endif
cx->inf.l = 0;
- cx->inf.b[0] = 14 * AES_BLOCK_SIZE;
+ cx->inf.b[0] = 14 * 16;
#ifdef USE_VIA_ACE_IF_PRESENT
if(VIA_ACE_AVAILABLE)
cx->inf.b[1] = 0xff;
#endif
- MARK_AS_DECRYPTION_CTX(cx);
return EXIT_SUCCESS;
}
#endif
-#endif
-
#if defined( AES_VAR )
-AES_RETURN aes_encrypt_key(const unsigned char *key, int key_len, aes_encrypt_ctx cx[1])
-{
- switch(key_len)
- {
- case 16: case 128: return aes_encrypt_key128(key, cx);
- case 24: case 192: return aes_encrypt_key192(key, cx);
- case 32: case 256: return aes_encrypt_key256(key, cx);
- default: return EXIT_FAILURE;
- }
-}
-
AES_RETURN aes_decrypt_key(const unsigned char *key, int key_len, aes_decrypt_ctx cx[1])
{
- switch(key_len)
- {
- case 16: case 128: return aes_decrypt_key128(key, cx);
- case 24: case 192: return aes_decrypt_key192(key, cx);
- case 32: case 256: return aes_decrypt_key256(key, cx);
- default: return EXIT_FAILURE;
- }
+ switch(key_len)
+ {
+ case 16: case 128: return aes_decrypt_key128(key, cx);
+ case 24: case 192: return aes_decrypt_key192(key, cx);
+ case 32: case 256: return aes_decrypt_key256(key, cx);
+ default: return EXIT_FAILURE;
+ }
}
#endif
+#endif
+
#if defined(__cplusplus)
}
#endif
diff --git a/crypto/src/main/jni/final_key/aes/aesopt.h b/crypto/src/main/jni/aes/aes/aesopt.h
similarity index 80%
rename from crypto/src/main/jni/final_key/aes/aesopt.h
rename to crypto/src/main/jni/aes/aes/aesopt.h
index 9dfa3f111..3c77b87f6 100644
--- a/crypto/src/main/jni/final_key/aes/aesopt.h
+++ b/crypto/src/main/jni/aes/aes/aesopt.h
@@ -1,21 +1,28 @@
/*
----------------------------------------------------------------------------
-Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
+ ---------------------------------------------------------------------------
+ Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved.
-The redistribution and use of this software (with or without changes)
-is allowed without the payment of fees or royalties provided that:
+ LICENSE TERMS
- source code distributions include the above copyright notice, this
- list of conditions and the following disclaimer;
+ The redistribution and use of this software (with or without changes)
+ is allowed without the payment of fees or royalties provided that:
- binary distributions include the above copyright notice, this list
- of conditions and the following disclaimer in their documentation.
+ 1. source code distributions include the above copyright notice, this
+ list of conditions and the following disclaimer;
-This software is provided 'as is' with no explicit or implied warranties
-in respect of its operation, including, but not limited to, correctness
-and fitness for purpose.
----------------------------------------------------------------------------
-Issue Date: 20/12/2007
+ 2. binary distributions include the above copyright notice, this list
+ of conditions and the following disclaimer in their documentation;
+
+ 3. the name of the copyright holder is not used to endorse products
+ built using this software without specific written permission.
+
+ DISCLAIMER
+
+ This software is provided 'as is' with no explicit or implied warranties
+ in respect of its properties, including, but not limited to, correctness
+ and/or fitness for purpose.
+ ---------------------------------------------------------------------------
+ Issue Date: 20/12/2007
This file contains the compilation options for AES (Rijndael) and code
that is common across encryption, key scheduling and table generation.
@@ -37,8 +44,8 @@ Issue Date: 20/12/2007
The cipher interface is implemented as an array of bytes in which lower
AES bit sequence indexes map to higher numeric significance within bytes.
- uint8_t (an unsigned 8-bit type)
- uint32_t (an unsigned 32-bit type)
+ uint_8t (an unsigned 8-bit type)
+ uint_32t (an unsigned 32-bit type)
struct aes_encrypt_ctx (structure for the cipher encryption context)
struct aes_decrypt_ctx (structure for the cipher decryption context)
AES_RETURN the function return type
@@ -64,7 +71,7 @@ Issue Date: 20/12/2007
Class AESencrypt for encryption
- Constructors:
+ Construtors:
AESencrypt(void)
AESencrypt(const unsigned char *key) - 128 bit key
Members:
@@ -74,7 +81,7 @@ Issue Date: 20/12/2007
AES_RETURN encrypt(const unsigned char *in, unsigned char *out) const
Class AESdecrypt for encryption
- Constructors:
+ Construtors:
AESdecrypt(void)
AESdecrypt(const unsigned char *key) - 128 bit key
Members:
@@ -161,47 +168,14 @@ Issue Date: 20/12/2007
# error The algorithm byte order is not defined
#endif
-/* 2. Intel AES AND VIA ACE SUPPORT */
+/* 2. VIA ACE SUPPORT */
-#if defined( __GNUC__ ) && defined( __i386__ ) && !defined(__BEOS__) \
- || defined( _WIN32 ) && defined( _M_IX86 ) && !(defined( _WIN64 ) \
- || defined( _WIN32_WCE ) || defined( _MSC_VER ) && ( _MSC_VER <= 800 ))
+#if defined( __GNUC__ ) && defined( __i386__ ) \
+ || defined( _WIN32 ) && defined( _M_IX86 ) \
+ && !(defined( _WIN64 ) || defined( _WIN32_WCE ) || defined( _MSC_VER ) && ( _MSC_VER <= 800 ))
# define VIA_ACE_POSSIBLE
#endif
-/* AESNI is supported by all Windows x64 compilers, but for Linux/GCC
- we have to test for SSE 2, SSE 3, and AES to before enabling it; */
-#if !defined( INTEL_AES_POSSIBLE )
-# if defined( _WIN64 ) && defined( _MSC_VER ) \
- || defined( __GNUC__ ) && defined( __x86_64__ ) && \
- defined( __SSE2__ ) && defined( __SSE3__ ) && \
- defined( __AES__ )
-# define INTEL_AES_POSSIBLE
-# endif
-#endif
-
-/* Define this option if support for the Intel AESNI is required
- If USE_INTEL_AES_IF_PRESENT is defined then AESNI will be used
- if it is detected (both present and enabled).
-
- AESNI uses a decryption key schedule with the first decryption
- round key at the high end of the key schedule with the following
- round keys at lower positions in memory. So AES_REV_DKS must NOT
- be defined when AESNI will be used. Although it is unlikely that
- assembler code will be used with an AESNI build, if it is then
- AES_REV_DKS must NOT be defined when the assembler files are
- built (the definition of USE_INTEL_AES_IF_PRESENT in the assembler
- code files must match that here if they are used).
-*/
-
-#if defined( INTEL_AES_POSSIBLE )
-# if 1 && !defined( USE_INTEL_AES_IF_PRESENT )
-# define USE_INTEL_AES_IF_PRESENT
-# endif
-#elif defined( USE_INTEL_AES_IF_PRESENT )
-# error: AES_NI is not available on this platform
-#endif
-
/* Define this option if support for the VIA ACE is required. This uses
inline assembler instructions and is only implemented for the Microsoft,
Intel and GCC compilers. If VIA ACE is known to be present, then defining
@@ -215,11 +189,10 @@ Issue Date: 20/12/2007
but there are very large performance gains if this can be arranged.
VIA ACE also requires the decryption key schedule to be in reverse
order (which later checks below ensure).
-
- AES_REV_DKS must be set for assembler code used with a VIA ACE build
*/
-#if 1 && defined( VIA_ACE_POSSIBLE ) && !defined( USE_VIA_ACE_IF_PRESENT )
+/* Disable VIA ACE cpu detection which crashes on x86 android devices */
+#if 0 && defined( VIA_ACE_POSSIBLE ) && !defined( USE_VIA_ACE_IF_PRESENT )
# define USE_VIA_ACE_IF_PRESENT
#endif
@@ -256,14 +229,8 @@ Issue Date: 20/12/2007
# define ASM_AMD64_C
#endif
-#if defined( __i386 ) || defined( _M_IX86 )
-# define A32_
-#elif defined( __x86_64__ ) || defined( _M_X64 )
-# define A64_
-#endif
-
#if (defined ( ASM_X86_V1C ) || defined( ASM_X86_V2 ) || defined( ASM_X86_V2C )) \
- && !defined( A32_ ) || defined( ASM_AMD64_C ) && !defined( A64_ )
+ && !defined( _M_IX86 ) || defined( ASM_AMD64_C ) && !defined( _M_X64 )
# error Assembler code is only available for x86 and AMD64 systems
#endif
@@ -289,7 +256,7 @@ Issue Date: 20/12/2007
/* 5. LOOP UNROLLING
- The code for encryption and decryption cycles through a number of rounds
+ The code for encryption and decrytpion cycles through a number of rounds
that can be implemented either in a loop or by expanding the code into a
long sequence of instructions, the latter producing a larger program but
one that will often be much faster. The latter is called loop unrolling.
@@ -325,7 +292,7 @@ Issue Date: 20/12/2007
/* 6. FAST FINITE FIELD OPERATIONS
If this section is included, tables are used to provide faster finite
- field arithmetic (this has no effect if STATIC_TABLES is defined).
+ field arithmetic (this has no effect if FIXED_TABLES is defined).
*/
#if 1
# define FF_TABLES
@@ -334,9 +301,9 @@ Issue Date: 20/12/2007
/* 7. INTERNAL STATE VARIABLE FORMAT
The internal state of Rijndael is stored in a number of local 32-bit
- word variables which can be defined either as an array or as individual
+ word varaibles which can be defined either as an array or as individual
names variables. Include this section if you want to store these local
- variables in arrays. Otherwise individual local variables will be used.
+ varaibles in arrays. Otherwise individual local variables will be used.
*/
#if 1
# define ARRAYS
@@ -349,26 +316,26 @@ Issue Date: 20/12/2007
must be called to compute them before the code is first used.
*/
#if 1 && !(defined( _MSC_VER ) && ( _MSC_VER <= 800 ))
-# define STATIC_TABLES
+# define FIXED_TABLES
#endif
/* 9. MASKING OR CASTING FROM LONGER VALUES TO BYTES
- In some systems it is better to mask longer values to extract bytes
+ In some systems it is better to mask longer values to extract bytes
rather than using a cast. This option allows this choice.
*/
#if 0
-# define to_byte(x) ((uint8_t)(x))
+# define to_byte(x) ((uint_8t)(x))
#else
# define to_byte(x) ((x) & 0xff)
#endif
/* 10. TABLE ALIGNMENT
- On some systems speed will be improved by aligning the AES large lookup
+ On some sytsems speed will be improved by aligning the AES large lookup
tables on particular boundaries. This define should be set to a power of
two giving the desired alignment. It can be left undefined if alignment
- is not needed. This option is specific to the Microsoft VC++ compiler -
+ is not needed. This option is specific to the Microsft VC++ compiler -
it seems to sometimes cause trouble for the VC++ version 6 compiler.
*/
@@ -393,7 +360,7 @@ Issue Date: 20/12/2007
up using tables. The basic tables are each 256 32-bit words, with either
one or four tables being required for each round function depending on
how much speed is required. The encryption and decryption round functions
- are different and the last encryption and decryption round functions are
+ are different and the last encryption and decrytpion round functions are
different again making four different round functions in all.
This means that:
@@ -467,16 +434,10 @@ Issue Date: 20/12/2007
# define USE_VIA_ACE_IF_PRESENT
#endif
-/* define to reverse decryption key schedule */
-#if 1 || defined( USE_VIA_ACE_IF_PRESENT ) && !defined ( AES_REV_DKS )
+#if defined( USE_VIA_ACE_IF_PRESENT ) && !defined ( AES_REV_DKS )
# define AES_REV_DKS
#endif
-/* Intel AESNI uses a decryption key schedule in the encryption order */
-#if defined( USE_INTEL_AES_IF_PRESENT ) && defined ( AES_REV_DKS )
-# undef AES_REV_DKS
-#endif
-
/* Assembler support requires the use of platform byte order */
#if ( defined( ASM_X86_V1C ) || defined( ASM_X86_V2C ) || defined( ASM_AMD64_C ) ) \
@@ -492,7 +453,7 @@ Issue Date: 20/12/2007
a column number c to the way the state array variable is to be held.
The first define below maps the state into an array x[c] whereas the
second form maps the state into a number of individual variables x0,
- x1, etc. Another form could map individual state columns to machine
+ x1, etc. Another form could map individual state colums to machine
register names.
*/
@@ -569,7 +530,7 @@ Issue Date: 20/12/2007
#elif defined( bswap_32 )
# define aes_sw32 bswap_32
#else
-# define brot(x,n) (((uint32_t)(x) << n) | ((uint32_t)(x) >> (32 - n)))
+# define brot(x,n) (((uint_32t)(x) << n) | ((uint_32t)(x) >> (32 - n)))
# define aes_sw32(x) ((brot((x),8) & 0x00ff00ff) | (brot((x),24) & 0xff00ff00))
#endif
@@ -585,32 +546,32 @@ Issue Date: 20/12/2007
*/
#if ( ALGORITHM_BYTE_ORDER == IS_LITTLE_ENDIAN )
-# define upr(x,n) (((uint32_t)(x) << (8 * (n))) | ((uint32_t)(x) >> (32 - 8 * (n))))
-# define ups(x,n) ((uint32_t) (x) << (8 * (n)))
+# define upr(x,n) (((uint_32t)(x) << (8 * (n))) | ((uint_32t)(x) >> (32 - 8 * (n))))
+# define ups(x,n) ((uint_32t) (x) << (8 * (n)))
# define bval(x,n) to_byte((x) >> (8 * (n)))
# define bytes2word(b0, b1, b2, b3) \
- (((uint32_t)(b3) << 24) | ((uint32_t)(b2) << 16) | ((uint32_t)(b1) << 8) | (b0))
+ (((uint_32t)(b3) << 24) | ((uint_32t)(b2) << 16) | ((uint_32t)(b1) << 8) | (b0))
#endif
#if ( ALGORITHM_BYTE_ORDER == IS_BIG_ENDIAN )
-# define upr(x,n) (((uint32_t)(x) >> (8 * (n))) | ((uint32_t)(x) << (32 - 8 * (n))))
-# define ups(x,n) ((uint32_t) (x) >> (8 * (n)))
+# define upr(x,n) (((uint_32t)(x) >> (8 * (n))) | ((uint_32t)(x) << (32 - 8 * (n))))
+# define ups(x,n) ((uint_32t) (x) >> (8 * (n)))
# define bval(x,n) to_byte((x) >> (24 - 8 * (n)))
# define bytes2word(b0, b1, b2, b3) \
- (((uint32_t)(b0) << 24) | ((uint32_t)(b1) << 16) | ((uint32_t)(b2) << 8) | (b3))
+ (((uint_32t)(b0) << 24) | ((uint_32t)(b1) << 16) | ((uint_32t)(b2) << 8) | (b3))
#endif
#if defined( SAFE_IO )
-# define word_in(x,c) bytes2word(((const uint8_t*)(x)+4*c)[0], ((const uint8_t*)(x)+4*c)[1], \
- ((const uint8_t*)(x)+4*c)[2], ((const uint8_t*)(x)+4*c)[3])
-# define word_out(x,c,v) { ((uint8_t*)(x)+4*c)[0] = bval(v,0); ((uint8_t*)(x)+4*c)[1] = bval(v,1); \
- ((uint8_t*)(x)+4*c)[2] = bval(v,2); ((uint8_t*)(x)+4*c)[3] = bval(v,3); }
+# define word_in(x,c) bytes2word(((const uint_8t*)(x)+4*c)[0], ((const uint_8t*)(x)+4*c)[1], \
+ ((const uint_8t*)(x)+4*c)[2], ((const uint_8t*)(x)+4*c)[3])
+# define word_out(x,c,v) { ((uint_8t*)(x)+4*c)[0] = bval(v,0); ((uint_8t*)(x)+4*c)[1] = bval(v,1); \
+ ((uint_8t*)(x)+4*c)[2] = bval(v,2); ((uint_8t*)(x)+4*c)[3] = bval(v,3); }
#elif ( ALGORITHM_BYTE_ORDER == PLATFORM_BYTE_ORDER )
-# define word_in(x,c) (*((uint32_t*)(x)+(c)))
-# define word_out(x,c,v) (*((uint32_t*)(x)+(c)) = (v))
+# define word_in(x,c) (*((uint_32t*)(x)+(c)))
+# define word_out(x,c,v) (*((uint_32t*)(x)+(c)) = (v))
#else
-# define word_in(x,c) aes_sw32(*((uint32_t*)(x)+(c)))
-# define word_out(x,c,v) (*((uint32_t*)(x)+(c)) = aes_sw32(v))
+# define word_in(x,c) aes_sw32(*((uint_32t*)(x)+(c)))
+# define word_out(x,c,v) (*((uint_32t*)(x)+(c)) = aes_sw32(v))
#endif
/* the finite field modular polynomial and elements */
@@ -620,17 +581,17 @@ Issue Date: 20/12/2007
/* multiply four bytes in GF(2^8) by 'x' {02} in parallel */
-#define gf_c1 0x80808080
-#define gf_c2 0x7f7f7f7f
-#define gf_mulx(x) ((((x) & gf_c2) << 1) ^ ((((x) & gf_c1) >> 7) * BPOLY))
+#define m1 0x80808080
+#define m2 0x7f7f7f7f
+#define gf_mulx(x) ((((x) & m2) << 1) ^ ((((x) & m1) >> 7) * BPOLY))
/* The following defines provide alternative definitions of gf_mulx that might
give improved performance if a fast 32-bit multiply is not available. Note
that a temporary variable u needs to be defined where gf_mulx is used.
-#define gf_mulx(x) (u = (x) & gf_c1, u |= (u >> 1), ((x) & gf_c2) << 1) ^ ((u >> 3) | (u >> 6))
-#define gf_c4 (0x01010101 * BPOLY)
-#define gf_mulx(x) (u = (x) & gf_c1, ((x) & gf_c2) << 1) ^ ((u - (u >> 7)) & gf_c4)
+#define gf_mulx(x) (u = (x) & m1, u |= (u >> 1), ((x) & m2) << 1) ^ ((u >> 3) | (u >> 6))
+#define m4 (0x01010101 * BPOLY)
+#define gf_mulx(x) (u = (x) & m1, ((x) & m2) << 1) ^ ((u - (u >> 7)) & m4)
*/
/* Work out which tables are needed for the different options */
@@ -695,7 +656,7 @@ Issue Date: 20/12/2007
#if !(defined( REDUCE_CODE_SIZE ) && (defined( ASM_X86_V2 ) || defined( ASM_X86_V2C )))
# if ((FUNCS_IN_C & ENC_KEYING_IN_C) || (FUNCS_IN_C & DEC_KEYING_IN_C))
# if KEY_SCHED == ONE_TABLE
-# if !defined( FL1_SET ) && !defined( FL4_SET )
+# if !defined( FL1_SET ) && !defined( FL4_SET )
# define LS1_SET
# endif
# elif KEY_SCHED == FOUR_TABLES
@@ -744,14 +705,14 @@ Issue Date: 20/12/2007
/* perform forward and inverse column mix operation on four bytes in long word x in */
/* parallel. NOTE: x must be a simple variable, NOT an expression in these macros. */
-#if !(defined( REDUCE_CODE_SIZE ) && (defined( ASM_X86_V2 ) || defined( ASM_X86_V2C )))
+#if !(defined( REDUCE_CODE_SIZE ) && (defined( ASM_X86_V2 ) || defined( ASM_X86_V2C )))
#if defined( FM4_SET ) /* not currently used */
# define fwd_mcol(x) four_tables(x,t_use(f,m),vf1,rf1,0)
#elif defined( FM1_SET ) /* not currently used */
# define fwd_mcol(x) one_table(x,upr,t_use(f,m),vf1,rf1,0)
#else
-# define dec_fmvars uint32_t g2
+# define dec_fmvars uint_32t g2
# define fwd_mcol(x) (g2 = gf_mulx(x), g2 ^ upr((x) ^ g2, 3) ^ upr((x), 2) ^ upr((x), 1))
#endif
@@ -760,7 +721,7 @@ Issue Date: 20/12/2007
#elif defined( IM1_SET )
# define inv_mcol(x) one_table(x,upr,t_use(i,m),vf1,rf1,0)
#else
-# define dec_imvars uint32_t g2, g4, g9
+# define dec_imvars uint_32t g2, g4, g9
# define inv_mcol(x) (g2 = gf_mulx(x), g4 = gf_mulx(g2), g9 = (x) ^ gf_mulx(g4), g4 ^= g9, \
(x) ^ g2 ^ g4 ^ upr(g2 ^ g9, 3) ^ upr(g4, 2) ^ upr(g9, 1))
#endif
diff --git a/crypto/src/main/jni/final_key/aes/aestab.c b/crypto/src/main/jni/aes/aes/aestab.c
similarity index 85%
rename from crypto/src/main/jni/final_key/aes/aestab.c
rename to crypto/src/main/jni/aes/aes/aestab.c
index 3d48edf3e..1ac3739c8 100644
--- a/crypto/src/main/jni/final_key/aes/aestab.c
+++ b/crypto/src/main/jni/aes/aes/aestab.c
@@ -1,21 +1,28 @@
/*
----------------------------------------------------------------------------
-Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
+ ---------------------------------------------------------------------------
+ Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved.
-The redistribution and use of this software (with or without changes)
-is allowed without the payment of fees or royalties provided that:
+ LICENSE TERMS
- source code distributions include the above copyright notice, this
- list of conditions and the following disclaimer;
+ The redistribution and use of this software (with or without changes)
+ is allowed without the payment of fees or royalties provided that:
- binary distributions include the above copyright notice, this list
- of conditions and the following disclaimer in their documentation.
+ 1. source code distributions include the above copyright notice, this
+ list of conditions and the following disclaimer;
-This software is provided 'as is' with no explicit or implied warranties
-in respect of its operation, including, but not limited to, correctness
-and fitness for purpose.
----------------------------------------------------------------------------
-Issue Date: 20/12/2007
+ 2. binary distributions include the above copyright notice, this list
+ of conditions and the following disclaimer in their documentation;
+
+ 3. the name of the copyright holder is not used to endorse products
+ built using this software without specific written permission.
+
+ DISCLAIMER
+
+ This software is provided 'as is' with no explicit or implied warranties
+ in respect of its properties, including, but not limited to, correctness
+ and/or fitness for purpose.
+ ---------------------------------------------------------------------------
+ Issue Date: 20/12/2007
*/
#define DO_TABLES
@@ -23,7 +30,7 @@ Issue Date: 20/12/2007
#include "aes.h"
#include "aesopt.h"
-#if defined(STATIC_TABLES)
+#if defined(FIXED_TABLES)
#define sb_data(w) {\
w(0x63), w(0x7c), w(0x77), w(0x7b), w(0xf2), w(0x6b), w(0x6f), w(0xc5),\
@@ -150,7 +157,7 @@ Issue Date: 20/12/2007
#endif
-#if defined(STATIC_TABLES) || !defined(FF_TABLES)
+#if defined(FIXED_TABLES) || !defined(FF_TABLES)
#define f2(x) ((x<<1) ^ (((x>>7) & 1) * WPOLY))
#define f4(x) ((x<<2) ^ (((x>>6) & 1) * WPOLY) ^ (((x>>6) & 2) * WPOLY))
@@ -180,7 +187,7 @@ extern "C"
{
#endif
-#if defined(STATIC_TABLES)
+#if defined(FIXED_TABLES)
/* implemented in case of wrong call for fixed tables */
@@ -195,7 +202,7 @@ AES_RETURN aes_init(void)
#define gf_inv(x) ((x) ? pow[ 255 - log[x]] : 0)
-#else
+#else
/* It will generally be sensible to use tables to compute finite
field multiplies and inverses but where memory is scarse this
@@ -208,8 +215,8 @@ AES_RETURN aes_init(void)
used so that locals within fi can be bytes rather than words
*/
-static uint8_t hibit(const uint32_t x)
-{ uint8_t r = (uint8_t)((x >> 1) | (x >> 2));
+static uint_8t hibit(const uint_32t x)
+{ uint_8t r = (uint_8t)((x >> 1) | (x >> 2));
r |= (r >> 2);
r |= (r >> 4);
@@ -218,10 +225,10 @@ static uint8_t hibit(const uint32_t x)
/* return the inverse of the finite field element x */
-static uint8_t gf_inv(const uint8_t x)
-{ uint8_t p1 = x, p2 = BPOLY, n1 = hibit(x), n2 = 0x80, v1 = 1, v2 = 0;
+static uint_8t gf_inv(const uint_8t x)
+{ uint_8t p1 = x, p2 = BPOLY, n1 = hibit(x), n2 = 0x80, v1 = 1, v2 = 0;
- if(x < 2)
+ if(x < 2)
return x;
for( ; ; )
@@ -229,20 +236,20 @@ static uint8_t gf_inv(const uint8_t x)
if(n1)
while(n2 >= n1) /* divide polynomial p2 by p1 */
{
- n2 /= n1; /* shift smaller polynomial left */
+ n2 /= n1; /* shift smaller polynomial left */
p2 ^= (p1 * n2) & 0xff; /* and remove from larger one */
- v2 ^= v1 * n2; /* shift accumulated value and */
+ v2 ^= v1 * n2; /* shift accumulated value and */
n2 = hibit(p2); /* add into result */
}
else
return v1;
- if(n2) /* repeat with values swapped */
+ if(n2) /* repeat with values swapped */
while(n1 >= n2)
{
- n1 /= n2;
- p1 ^= p2 * n1;
- v1 ^= v2 * n1;
+ n1 /= n2;
+ p1 ^= p2 * n1;
+ v1 ^= v2 * n1;
n1 = hibit(p1);
}
else
@@ -253,14 +260,14 @@ static uint8_t gf_inv(const uint8_t x)
#endif
/* The forward and inverse affine transformations used in the S-box */
-uint8_t fwd_affine(const uint8_t x)
-{ uint32_t w = x;
+uint_8t fwd_affine(const uint_8t x)
+{ uint_32t w = x;
w ^= (w << 1) ^ (w << 2) ^ (w << 3) ^ (w << 4);
return 0x63 ^ ((w ^ (w >> 8)) & 0xff);
}
-uint8_t inv_affine(const uint8_t x)
-{ uint32_t w = x;
+uint_8t inv_affine(const uint_8t x)
+{ uint_32t w = x;
w = (w << 1) ^ (w << 3) ^ (w << 6);
return 0x05 ^ ((w ^ (w >> 8)) & 0xff);
}
@@ -268,11 +275,11 @@ uint8_t inv_affine(const uint8_t x)
static int init = 0;
AES_RETURN aes_init(void)
-{ uint32_t i, w;
+{ uint_32t i, w;
#if defined(FF_TABLES)
- uint8_t pow[512], log[256];
+ uint_8t pow[512], log[256];
if(init)
return EXIT_SUCCESS;
@@ -284,9 +291,9 @@ AES_RETURN aes_init(void)
i = 0; w = 1;
do
{
- pow[i] = (uint8_t)w;
- pow[i + 255] = (uint8_t)w;
- log[w] = (uint8_t)i++;
+ pow[i] = (uint_8t)w;
+ pow[i + 255] = (uint_8t)w;
+ log[w] = (uint_8t)i++;
w ^= (w << 1) ^ (w & 0x80 ? WPOLY : 0);
}
while (w != 1);
@@ -303,9 +310,9 @@ AES_RETURN aes_init(void)
}
for(i = 0; i < 256; ++i)
- { uint8_t b;
+ { uint_8t b;
- b = fwd_affine(gf_inv((uint8_t)i));
+ b = fwd_affine(gf_inv((uint_8t)i));
w = bytes2word(f2(b), b, b, f3(b));
#if defined( SBX_SET )
@@ -343,7 +350,7 @@ AES_RETURN aes_init(void)
t_set(l,s)[3][i] = upr(w,3);
#endif
- b = gf_inv(inv_affine((uint8_t)i));
+ b = gf_inv(inv_affine((uint_8t)i));
w = bytes2word(fe(b), f9(b), fd(b), fb(b));
#if defined( IM1_SET ) /* tables for the inverse mix column operation */
@@ -383,33 +390,6 @@ AES_RETURN aes_init(void)
return EXIT_SUCCESS;
}
-/*
- Automatic code initialisation (suggested by by Henrik S. Gaßmann)
- based on code provided by Joe Lowe and placed in the public domain at:
- http://stackoverflow.com/questions/1113409/attribute-constructor-equivalent-in-vc
-*/
-
-#ifdef _MSC_VER
-
-#pragma section(".CRT$XCU", read)
-
-__declspec(allocate(".CRT$XCU")) void (__cdecl *aes_startup)(void) = aes_init;
-
-#elif defined(__GNUC__)
-
-static void aes_startup(void) __attribute__((constructor));
-
-static void aes_startup(void)
-{
- aes_init();
-}
-
-#else
-
-#pragma message( "dynamic tables must be initialised manually on your system" )
-
-#endif
-
#endif
#if defined(__cplusplus)
diff --git a/crypto/src/main/jni/final_key/aes/aestab.h b/crypto/src/main/jni/aes/aes/aestab.h
similarity index 63%
rename from crypto/src/main/jni/final_key/aes/aestab.h
rename to crypto/src/main/jni/aes/aes/aestab.h
index 8fe32d180..6b573cfcd 100644
--- a/crypto/src/main/jni/final_key/aes/aestab.h
+++ b/crypto/src/main/jni/aes/aes/aestab.h
@@ -1,21 +1,28 @@
/*
----------------------------------------------------------------------------
-Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
+ ---------------------------------------------------------------------------
+ Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved.
-The redistribution and use of this software (with or without changes)
-is allowed without the payment of fees or royalties provided that:
+ LICENSE TERMS
- source code distributions include the above copyright notice, this
- list of conditions and the following disclaimer;
+ The redistribution and use of this software (with or without changes)
+ is allowed without the payment of fees or royalties provided that:
- binary distributions include the above copyright notice, this list
- of conditions and the following disclaimer in their documentation.
+ 1. source code distributions include the above copyright notice, this
+ list of conditions and the following disclaimer;
-This software is provided 'as is' with no explicit or implied warranties
-in respect of its operation, including, but not limited to, correctness
-and fitness for purpose.
----------------------------------------------------------------------------
-Issue Date: 20/12/2007
+ 2. binary distributions include the above copyright notice, this list
+ of conditions and the following disclaimer in their documentation;
+
+ 3. the name of the copyright holder is not used to endorse products
+ built using this software without specific written permission.
+
+ DISCLAIMER
+
+ This software is provided 'as is' with no explicit or implied warranties
+ in respect of its properties, including, but not limited to, correctness
+ and/or fitness for purpose.
+ ---------------------------------------------------------------------------
+ Issue Date: 20/12/2007
This file contains the code for declaring the tables needed to implement
AES. The file aesopt.h is assumed to be included before this header file.
@@ -29,7 +36,7 @@ Issue Date: 20/12/2007
that control the calls to aes_init() and the aes_init() routine itself will
have to be changed for a specific implementation. If global variables are
available it will generally be preferable to use them with the precomputed
- STATIC_TABLES option that uses static global tables.
+ FIXED_TABLES option that uses static global tables.
The following defines can be used to control the way the tables
are defined, initialised and used in embedded environments that
@@ -69,7 +76,7 @@ extern "C" {
#define t_set(m,n) t_##m##n
#define t_use(m,n) t_##m##n
-#if defined(STATIC_TABLES)
+#if defined(FIXED_TABLES)
# if !defined( __GNUC__ ) && (defined( __MSDOS__ ) || defined( __WIN16__ ))
/* make tables far data to avoid using too much DGROUP space (PG) */
# define CONST const far
@@ -98,56 +105,56 @@ extern "C" {
# define XP_DIR
#endif
-#if defined(DO_TABLES) && defined(STATIC_TABLES)
+#if defined(DO_TABLES) && defined(FIXED_TABLES)
#define d_1(t,n,b,e) EXTERN ALIGN CONST XP_DIR t n[256] = b(e)
#define d_4(t,n,b,e,f,g,h) EXTERN ALIGN CONST XP_DIR t n[4][256] = { b(e), b(f), b(g), b(h) }
-EXTERN ALIGN CONST uint32_t t_dec(r,c)[RC_LENGTH] = rc_data(w0);
+EXTERN ALIGN CONST uint_32t t_dec(r,c)[RC_LENGTH] = rc_data(w0);
#else
#define d_1(t,n,b,e) EXTERN ALIGN CONST XP_DIR t n[256]
#define d_4(t,n,b,e,f,g,h) EXTERN ALIGN CONST XP_DIR t n[4][256]
-EXTERN ALIGN CONST uint32_t t_dec(r,c)[RC_LENGTH];
+EXTERN ALIGN CONST uint_32t t_dec(r,c)[RC_LENGTH];
#endif
#if defined( SBX_SET )
- d_1(uint8_t, t_dec(s,box), sb_data, h0);
+ d_1(uint_8t, t_dec(s,box), sb_data, h0);
#endif
#if defined( ISB_SET )
- d_1(uint8_t, t_dec(i,box), isb_data, h0);
+ d_1(uint_8t, t_dec(i,box), isb_data, h0);
#endif
#if defined( FT1_SET )
- d_1(uint32_t, t_dec(f,n), sb_data, u0);
+ d_1(uint_32t, t_dec(f,n), sb_data, u0);
#endif
#if defined( FT4_SET )
- d_4(uint32_t, t_dec(f,n), sb_data, u0, u1, u2, u3);
+ d_4(uint_32t, t_dec(f,n), sb_data, u0, u1, u2, u3);
#endif
#if defined( FL1_SET )
- d_1(uint32_t, t_dec(f,l), sb_data, w0);
+ d_1(uint_32t, t_dec(f,l), sb_data, w0);
#endif
#if defined( FL4_SET )
- d_4(uint32_t, t_dec(f,l), sb_data, w0, w1, w2, w3);
+ d_4(uint_32t, t_dec(f,l), sb_data, w0, w1, w2, w3);
#endif
#if defined( IT1_SET )
- d_1(uint32_t, t_dec(i,n), isb_data, v0);
+ d_1(uint_32t, t_dec(i,n), isb_data, v0);
#endif
#if defined( IT4_SET )
- d_4(uint32_t, t_dec(i,n), isb_data, v0, v1, v2, v3);
+ d_4(uint_32t, t_dec(i,n), isb_data, v0, v1, v2, v3);
#endif
#if defined( IL1_SET )
- d_1(uint32_t, t_dec(i,l), isb_data, w0);
+ d_1(uint_32t, t_dec(i,l), isb_data, w0);
#endif
#if defined( IL4_SET )
- d_4(uint32_t, t_dec(i,l), isb_data, w0, w1, w2, w3);
+ d_4(uint_32t, t_dec(i,l), isb_data, w0, w1, w2, w3);
#endif
#if defined( LS1_SET )
#if defined( FL1_SET )
#undef LS1_SET
#else
- d_1(uint32_t, t_dec(l,s), sb_data, w0);
+ d_1(uint_32t, t_dec(l,s), sb_data, w0);
#endif
#endif
@@ -155,15 +162,15 @@ EXTERN ALIGN CONST uint32_t t_dec(r,c)[RC_LENGTH];
#if defined( FL4_SET )
#undef LS4_SET
#else
- d_4(uint32_t, t_dec(l,s), sb_data, w0, w1, w2, w3);
+ d_4(uint_32t, t_dec(l,s), sb_data, w0, w1, w2, w3);
#endif
#endif
#if defined( IM1_SET )
- d_1(uint32_t, t_dec(i,m), mm_data, v0);
+ d_1(uint_32t, t_dec(i,m), mm_data, v0);
#endif
#if defined( IM4_SET )
- d_4(uint32_t, t_dec(i,m), mm_data, v0, v1, v2, v3);
+ d_4(uint_32t, t_dec(i,m), mm_data, v0, v1, v2, v3);
#endif
#if defined(__cplusplus)
diff --git a/crypto/src/main/jni/final_key/aes/aesxam.c b/crypto/src/main/jni/aes/aes/aesxam.c
similarity index 89%
rename from crypto/src/main/jni/final_key/aes/aesxam.c
rename to crypto/src/main/jni/aes/aes/aesxam.c
index b5dc30e7b..e454aefc1 100644
--- a/crypto/src/main/jni/final_key/aes/aesxam.c
+++ b/crypto/src/main/jni/aes/aes/aesxam.c
@@ -1,21 +1,28 @@
/*
----------------------------------------------------------------------------
-Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
+ ---------------------------------------------------------------------------
+ Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved.
-The redistribution and use of this software (with or without changes)
-is allowed without the payment of fees or royalties provided that:
+ LICENSE TERMS
- source code distributions include the above copyright notice, this
- list of conditions and the following disclaimer;
+ The redistribution and use of this software (with or without changes)
+ is allowed without the payment of fees or royalties provided that:
- binary distributions include the above copyright notice, this list
- of conditions and the following disclaimer in their documentation.
+ 1. source code distributions include the above copyright notice, this
+ list of conditions and the following disclaimer;
-This software is provided 'as is' with no explicit or implied warranties
-in respect of its operation, including, but not limited to, correctness
-and fitness for purpose.
----------------------------------------------------------------------------
-Issue Date: 25/09/2018
+ 2. binary distributions include the above copyright notice, this list
+ of conditions and the following disclaimer in their documentation;
+
+ 3. the name of the copyright holder is not used to endorse products
+ built using this software without specific written permission.
+
+ DISCLAIMER
+
+ This software is provided 'as is' with no explicit or implied warranties
+ in respect of its properties, including, but not limited to, correctness
+ and/or fitness for purpose.
+ ---------------------------------------------------------------------------
+ Issue Date: 20/12/2007
*/
// An example of the use of AES (Rijndael) for file encryption. This code
@@ -117,24 +124,6 @@ Issue Date: 25/09/2018
#include "aes.h"
#include "rdtsc.h"
-#if !defined( _MSC_VER )
-// substitute for MSVC fopen_s() on Unix/Linux
-int fopen_s(FILE** pFile, const char *filename, const char *mode)
-{
- char ul_name[64], *d = ul_name;
- const char *s = filename;
- FILE * fp;
-
- do{
- *d++ = (char)(*s == '\\' ? '/' : *s);
- }
- while(*s++);
-
- *pFile = fp = fopen(ul_name, mode);
- return fp == NULL;
-}
-#endif
-
#define BLOCK_LEN 16
#define OK 0
@@ -177,8 +166,8 @@ int encfile(FILE *fin, FILE *fout, aes_encrypt_ctx ctx[1])
{ unsigned char dbuf[3 * BLOCK_LEN];
unsigned long i, len, wlen = BLOCK_LEN;
- // When ciphertext stealing is used, we need three ciphertext blocks
- // so we use a buffer that is three times the block length. The buffer
+ // When ciphertext stealing is used, we three ciphertext blocks so
+ // we use a buffer that is three times the block length. The buffer
// pointers b1, b2 and b3 point to the buffer positions of three
// ciphertext blocks, b3 being the most recent and b1 being the
// oldest. We start with the IV in b1 and the block to be decrypted
@@ -265,8 +254,8 @@ int decfile(FILE *fin, FILE *fout, aes_decrypt_ctx ctx[1])
{ unsigned char dbuf[3 * BLOCK_LEN], buf[BLOCK_LEN];
unsigned long i, len, wlen = BLOCK_LEN;
- // When ciphertext stealing is used, we need three ciphertext blocks
- // so we use a buffer that is three times the block length. The buffer
+ // When ciphertext stealing is used, we three ciphertext blocks so
+ // we use a buffer that is three times the block length. The buffer
// pointers b1, b2 and b3 point to the buffer positions of three
// ciphertext blocks, b3 being the most recent and b1 being the
// oldest. We start with the IV in b1 and the block to be decrypted
@@ -394,13 +383,13 @@ int main(int argc, char *argv[])
key_len = i / 2;
- if(fopen_s(&fin, argv[1], "rb")) // try to open the input file
+ if(!(fin = fopen(argv[1], "rb"))) // try to open the input file
{
printf("The input file: %s could not be opened\n", argv[1]);
err = -5; goto exit;
}
- if(fopen_s(&fout, argv[2], "wb")) // try to open the output file
+ if(!(fout = fopen(argv[2], "wb"))) // try to open the output file
{
printf("The output file: %s could not be opened\n", argv[2]);
err = -6; goto exit;
diff --git a/crypto/src/main/jni/final_key/sha/brg_endian.h b/crypto/src/main/jni/aes/aes/brg_endian.h
similarity index 80%
rename from crypto/src/main/jni/final_key/sha/brg_endian.h
rename to crypto/src/main/jni/aes/aes/brg_endian.h
index ecde4694b..e3cf0d11d 100644
--- a/crypto/src/main/jni/final_key/sha/brg_endian.h
+++ b/crypto/src/main/jni/aes/aes/brg_endian.h
@@ -1,21 +1,28 @@
/*
----------------------------------------------------------------------------
-Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
+ ---------------------------------------------------------------------------
+ Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved.
-The redistribution and use of this software (with or without changes)
-is allowed without the payment of fees or royalties provided that:
+ LICENSE TERMS
- source code distributions include the above copyright notice, this
- list of conditions and the following disclaimer;
+ The redistribution and use of this software (with or without changes)
+ is allowed without the payment of fees or royalties provided that:
- binary distributions include the above copyright notice, this list
- of conditions and the following disclaimer in their documentation.
+ 1. source code distributions include the above copyright notice, this
+ list of conditions and the following disclaimer;
-This software is provided 'as is' with no explicit or implied warranties
-in respect of its operation, including, but not limited to, correctness
-and fitness for purpose.
----------------------------------------------------------------------------
-Issue Date: 20/12/2007
+ 2. binary distributions include the above copyright notice, this list
+ of conditions and the following disclaimer in their documentation;
+
+ 3. the name of the copyright holder is not used to endorse products
+ built using this software without specific written permission.
+
+ DISCLAIMER
+
+ This software is provided 'as is' with no explicit or implied warranties
+ in respect of its properties, including, but not limited to, correctness
+ and/or fitness for purpose.
+ ---------------------------------------------------------------------------
+ Issue Date: 20/12/2007
*/
#ifndef _BRG_ENDIAN_H
@@ -24,12 +31,6 @@ Issue Date: 20/12/2007
#define IS_BIG_ENDIAN 4321 /* byte 0 is most significant (mc68k) */
#define IS_LITTLE_ENDIAN 1234 /* byte 0 is least significant (i386) */
-/* This is needed when using clang with MSVC to avoid including */
-/* endian.h and byteswap.h which are not present on Windows */
-#if defined( _MSC_VER ) && defined( __clang__ )
-# undef __GNUC__
-#endif
-
/* Include files where endian defines and byteswap functions may reside */
#if defined( __sun )
# include
diff --git a/crypto/src/main/jni/aes/aes/brg_types.h b/crypto/src/main/jni/aes/aes/brg_types.h
new file mode 100644
index 000000000..5b199fcb0
--- /dev/null
+++ b/crypto/src/main/jni/aes/aes/brg_types.h
@@ -0,0 +1,226 @@
+/*
+ ---------------------------------------------------------------------------
+ Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved.
+
+ LICENSE TERMS
+
+ The redistribution and use of this software (with or without changes)
+ is allowed without the payment of fees or royalties provided that:
+
+ 1. source code distributions include the above copyright notice, this
+ list of conditions and the following disclaimer;
+
+ 2. binary distributions include the above copyright notice, this list
+ of conditions and the following disclaimer in their documentation;
+
+ 3. the name of the copyright holder is not used to endorse products
+ built using this software without specific written permission.
+
+ DISCLAIMER
+
+ This software is provided 'as is' with no explicit or implied warranties
+ in respect of its properties, including, but not limited to, correctness
+ and/or fitness for purpose.
+ ---------------------------------------------------------------------------
+ Issue Date: 20/12/2007
+
+ The unsigned integer types defined here are of the form uint_t where
+ is the length of the type; for example, the unsigned 32-bit type is
+ 'uint_32t'. These are NOT the same as the 'C99 integer types' that are
+ defined in the inttypes.h and stdint.h headers since attempts to use these
+ types have shown that support for them is still highly variable. However,
+ since the latter are of the form uint_t, a regular expression search
+ and replace (in VC++ search on 'uint_{:z}t' and replace with 'uint\1_t')
+ can be used to convert the types used here to the C99 standard types.
+*/
+
+#ifndef _BRG_TYPES_H
+#define _BRG_TYPES_H
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+#include
+
+#if defined( _MSC_VER ) && ( _MSC_VER >= 1300 )
+# include
+# define ptrint_t intptr_t
+#elif defined( __ECOS__ )
+# define intptr_t unsigned int
+# define ptrint_t intptr_t
+#elif defined( __GNUC__ ) && ( __GNUC__ >= 3 )
+# include
+# define ptrint_t intptr_t
+#else
+# define ptrint_t int
+#endif
+
+#ifndef BRG_UI8
+# define BRG_UI8
+# if UCHAR_MAX == 255u
+ typedef unsigned char uint_8t;
+# else
+# error Please define uint_8t as an 8-bit unsigned integer type in brg_types.h
+# endif
+#endif
+
+#ifndef BRG_UI16
+# define BRG_UI16
+# if USHRT_MAX == 65535u
+ typedef unsigned short uint_16t;
+# else
+# error Please define uint_16t as a 16-bit unsigned short type in brg_types.h
+# endif
+#endif
+
+#ifndef BRG_UI32
+# define BRG_UI32
+# if UINT_MAX == 4294967295u
+# define li_32(h) 0x##h##u
+ typedef unsigned int uint_32t;
+# elif ULONG_MAX == 4294967295u
+# define li_32(h) 0x##h##ul
+ typedef unsigned long uint_32t;
+# elif defined( _CRAY )
+# error This code needs 32-bit data types, which Cray machines do not provide
+# else
+# error Please define uint_32t as a 32-bit unsigned integer type in brg_types.h
+# endif
+#endif
+
+#ifndef BRG_UI64
+# if defined( __BORLANDC__ ) && !defined( __MSDOS__ )
+# define BRG_UI64
+# define li_64(h) 0x##h##ui64
+ typedef unsigned __int64 uint_64t;
+# elif defined( _MSC_VER ) && ( _MSC_VER < 1300 ) /* 1300 == VC++ 7.0 */
+# define BRG_UI64
+# define li_64(h) 0x##h##ui64
+ typedef unsigned __int64 uint_64t;
+# elif defined( __sun ) && defined( ULONG_MAX ) && ULONG_MAX == 0xfffffffful
+# define BRG_UI64
+# define li_64(h) 0x##h##ull
+ typedef unsigned long long uint_64t;
+# elif defined( __MVS__ )
+# define BRG_UI64
+# define li_64(h) 0x##h##ull
+ typedef unsigned int long long uint_64t;
+# elif defined( UINT_MAX ) && UINT_MAX > 4294967295u
+# if UINT_MAX == 18446744073709551615u
+# define BRG_UI64
+# define li_64(h) 0x##h##u
+ typedef unsigned int uint_64t;
+# endif
+# elif defined( ULONG_MAX ) && ULONG_MAX > 4294967295u
+# if ULONG_MAX == 18446744073709551615ul
+# define BRG_UI64
+# define li_64(h) 0x##h##ul
+ typedef unsigned long uint_64t;
+# endif
+# elif defined( ULLONG_MAX ) && ULLONG_MAX > 4294967295u
+# if ULLONG_MAX == 18446744073709551615ull
+# define BRG_UI64
+# define li_64(h) 0x##h##ull
+ typedef unsigned long long uint_64t;
+# endif
+# elif defined( ULONG_LONG_MAX ) && ULONG_LONG_MAX > 4294967295u
+# if ULONG_LONG_MAX == 18446744073709551615ull
+# define BRG_UI64
+# define li_64(h) 0x##h##ull
+ typedef unsigned long long uint_64t;
+# endif
+# endif
+#endif
+
+#if !defined( BRG_UI64 )
+# if defined( NEED_UINT_64T )
+# error Please define uint_64t as an unsigned 64 bit type in brg_types.h
+# endif
+#endif
+
+#ifndef RETURN_VALUES
+# define RETURN_VALUES
+# if defined( DLL_EXPORT )
+# if defined( _MSC_VER ) || defined ( __INTEL_COMPILER )
+# define VOID_RETURN __declspec( dllexport ) void __stdcall
+# define INT_RETURN __declspec( dllexport ) int __stdcall
+# elif defined( __GNUC__ )
+# define VOID_RETURN __declspec( __dllexport__ ) void
+# define INT_RETURN __declspec( __dllexport__ ) int
+# else
+# error Use of the DLL is only available on the Microsoft, Intel and GCC compilers
+# endif
+# elif defined( DLL_IMPORT )
+# if defined( _MSC_VER ) || defined ( __INTEL_COMPILER )
+# define VOID_RETURN __declspec( dllimport ) void __stdcall
+# define INT_RETURN __declspec( dllimport ) int __stdcall
+# elif defined( __GNUC__ )
+# define VOID_RETURN __declspec( __dllimport__ ) void
+# define INT_RETURN __declspec( __dllimport__ ) int
+# else
+# error Use of the DLL is only available on the Microsoft, Intel and GCC compilers
+# endif
+# elif defined( __WATCOMC__ )
+# define VOID_RETURN void __cdecl
+# define INT_RETURN int __cdecl
+# else
+# define VOID_RETURN void
+# define INT_RETURN int
+# endif
+#endif
+
+/* These defines are used to detect and set the memory alignment of pointers.
+ Note that offsets are in bytes.
+
+ ALIGN_OFFSET(x,n) return the positive or zero offset of
+ the memory addressed by the pointer 'x'
+ from an address that is aligned on an
+ 'n' byte boundary ('n' is a power of 2)
+
+ ALIGN_FLOOR(x,n) return a pointer that points to memory
+ that is aligned on an 'n' byte boundary
+ and is not higher than the memory address
+ pointed to by 'x' ('n' is a power of 2)
+
+ ALIGN_CEIL(x,n) return a pointer that points to memory
+ that is aligned on an 'n' byte boundary
+ and is not lower than the memory address
+ pointed to by 'x' ('n' is a power of 2)
+*/
+
+#define ALIGN_OFFSET(x,n) (((ptrint_t)(x)) & ((n) - 1))
+#define ALIGN_FLOOR(x,n) ((uint_8t*)(x) - ( ((ptrint_t)(x)) & ((n) - 1)))
+#define ALIGN_CEIL(x,n) ((uint_8t*)(x) + (-((ptrint_t)(x)) & ((n) - 1)))
+
+/* These defines are used to declare buffers in a way that allows
+ faster operations on longer variables to be used. In all these
+ defines 'size' must be a power of 2 and >= 8. NOTE that the
+ buffer size is in bytes but the type length is in bits
+
+ UNIT_TYPEDEF(x,size) declares a variable 'x' of length
+ 'size' bits
+
+ BUFR_TYPEDEF(x,size,bsize) declares a buffer 'x' of length 'bsize'
+ bytes defined as an array of variables
+ each of 'size' bits (bsize must be a
+ multiple of size / 8)
+
+ UNIT_CAST(x,size) casts a variable to a type of
+ length 'size' bits
+
+ UPTR_CAST(x,size) casts a pointer to a pointer to a
+ varaiable of length 'size' bits
+*/
+
+#define UI_TYPE(size) uint_##size##t
+#define UNIT_TYPEDEF(x,size) typedef UI_TYPE(size) x
+#define BUFR_TYPEDEF(x,size,bsize) typedef UI_TYPE(size) x[bsize / (size >> 3)]
+#define UNIT_CAST(x,size) ((UI_TYPE(size) )(x))
+#define UPTR_CAST(x,size) ((UI_TYPE(size)*)(x))
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif
diff --git a/crypto/src/main/jni/final_key/aes/rfc3686.c b/crypto/src/main/jni/aes/aes/rfc3686.c
similarity index 92%
rename from crypto/src/main/jni/final_key/aes/rfc3686.c
rename to crypto/src/main/jni/aes/aes/rfc3686.c
index 15917509d..b1ca20b08 100644
--- a/crypto/src/main/jni/final_key/aes/rfc3686.c
+++ b/crypto/src/main/jni/aes/aes/rfc3686.c
@@ -1,22 +1,3 @@
-/*
----------------------------------------------------------------------------
-Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
-
-The redistribution and use of this software (with or without changes)
-is allowed without the payment of fees or royalties provided that:
-
-source code distributions include the above copyright notice, this
-list of conditions and the following disclaimer;
-
-binary distributions include the above copyright notice, this list
-of conditions and the following disclaimer in their documentation.
-
-This software is provided 'as is' with no explicit or implied warranties
-in respect of its operation, including, but not limited to, correctness
-and fitness for purpose.
----------------------------------------------------------------------------
-Issue Date: 20/11/2013
-*/
#include
#include
@@ -331,21 +312,16 @@ void rfc3686_test(void)
{ aes_encrypt_ctx aes_ctx[1];
unsigned char ctr_buf[AES_BLOCK_SIZE];
unsigned char obuf[36];
- unsigned int i, err = 0;
+ unsigned int i;
for( i = 0 ; i < sizeof(tests) / sizeof(test_str) ; ++i )
{
aes_encrypt_key(tests[i].key, tests[i].k_len, aes_ctx);
rfc3686_init(tests[i].nonce, tests[i].iv, ctr_buf);
rfc3686_crypt(tests[i].p_txt, obuf, tests[i].m_len, ctr_buf, aes_ctx);
- if(memcmp(obuf, tests[i].c_txt, tests[i].m_len) != 0)
- {
- err++;
- printf("error\n");
- }
+ if(memcmp(obuf, tests[i].c_txt, tests[i].m_len) != 0)
+ printf("\nerror");
}
- if(!err)
- printf("RFC3686 Tests Passed\n");
}
int main(void)
diff --git a/crypto/src/main/jni/final_key/aes/tablegen.c b/crypto/src/main/jni/aes/aes/tablegen.c
similarity index 90%
rename from crypto/src/main/jni/final_key/aes/tablegen.c
rename to crypto/src/main/jni/aes/aes/tablegen.c
index eded5a4f5..78719abba 100644
--- a/crypto/src/main/jni/final_key/aes/tablegen.c
+++ b/crypto/src/main/jni/aes/aes/tablegen.c
@@ -1,27 +1,33 @@
/*
----------------------------------------------------------------------------
-Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
+ ---------------------------------------------------------------------------
+ Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved.
-The redistribution and use of this software (with or without changes)
-is allowed without the payment of fees or royalties provided that:
+ LICENSE TERMS
- source code distributions include the above copyright notice, this
- list of conditions and the following disclaimer;
+ The redistribution and use of this software (with or without changes)
+ is allowed without the payment of fees or royalties provided that:
- binary distributions include the above copyright notice, this list
- of conditions and the following disclaimer in their documentation.
+ 1. source code distributions include the above copyright notice, this
+ list of conditions and the following disclaimer;
-This software is provided 'as is' with no explicit or implied warranties
-in respect of its operation, including, but not limited to, correctness
-and fitness for purpose.
----------------------------------------------------------------------------
-Issue Date: 20/12/2007
+ 2. binary distributions include the above copyright notice, this list
+ of conditions and the following disclaimer in their documentation;
+
+ 3. the name of the copyright holder is not used to endorse products
+ built using this software without specific written permission.
+
+ DISCLAIMER
+
+ This software is provided 'as is' with no explicit or implied warranties
+ in respect of its properties, including, but not limited to, correctness
+ and/or fitness for purpose.
+ ---------------------------------------------------------------------------
+ Issue Date: 20/12/2007
*/
#define DO_TABLES
#include
-#include "aesaux.h"
#include "aesopt.h"
#define sb_data(w) {\
@@ -164,7 +170,7 @@ Issue Date: 20/12/2007
void rtab(FILE *f, unsigned char *h, const unsigned int t[RC_LENGTH])
{ int i;
- fprintf(f, "\nuint32_t %s[RC_LENGTH] = \n{", h);
+ fprintf(f, "\nuint_32t %s[RC_LENGTH] = \n{", h);
for(i = 0; i < RC_LENGTH; ++i)
{
@@ -182,7 +188,7 @@ void rtab(FILE *f, unsigned char *h, const unsigned int t[RC_LENGTH])
void btab_1(FILE *f, unsigned char *h, const unsigned char t[256])
{ int i;
- fprintf(f, "\nuint8_t %s[256] = \n{", h);
+ fprintf(f, "\nuint_8t %s[256] = \n{", h);
for(i = 0; i < 256; ++i)
{
@@ -200,7 +206,7 @@ void btab_1(FILE *f, unsigned char *h, const unsigned char t[256])
void wtab_1(FILE *f, unsigned char *h, const unsigned int t[256])
{ int i;
- fprintf(f, "\nuint32_t %s[256] = \n{", h);
+ fprintf(f, "\nuint_32t %s[256] = \n{", h);
for(i = 0; i < 256; ++i)
{
@@ -218,7 +224,7 @@ void wtab_1(FILE *f, unsigned char *h, const unsigned int t[256])
void wtab_4(FILE *f, unsigned char *h, const unsigned int t[4][256])
{ int i, j;
- fprintf(f, "\nuint32_t %s[4][256] = \n{", h);
+ fprintf(f, "\nuint_32t %s[4][256] = \n{", h);
for(i = 0; i < 4; ++i)
{
@@ -245,13 +251,8 @@ void wtab_4(FILE *f, unsigned char *h, const unsigned int t[4][256])
int main(void)
{ FILE *f;
- char *fn = "aestab2.c";
- if(fopen_s(&f, fn, "w"))
- {
- printf("\nCannot open %s for output\n", fn);
- return -1;
- }
+ f = fopen("aestab2.c", "w");
fprintf(f, "\n#include \"aes.h\"\n");
fprintf(f, "\n#define RC_LENGTH (5 * (AES_BLOCK_SIZE / 4 - 2))\n");
diff --git a/crypto/src/main/jni/aes/aes/vb.txt b/crypto/src/main/jni/aes/aes/vb.txt
new file mode 100644
index 000000000..c5a365b40
--- /dev/null
+++ b/crypto/src/main/jni/aes/aes/vb.txt
@@ -0,0 +1,263 @@
+
+Private Const BlockLength = 16 ' maximum block length in bytes
+Private Const BlockLengthMax = 32 ' maximum block length in bytes
+Private Const KeyLengthMax = 32 ' maximum block length in bytes
+Private Const KeyScheduleLengthMax = 64 ' maximum key schedule length in bytes
+
+Private Type EncCtx ' type to hold the AES encryption context data
+ Ekey(0 To KeyScheduleLengthMax - 1) As Long
+End Type
+
+Private Type DecCtx ' type to hold the AES decryption context data
+ Ekey(0 To KeyScheduleLengthMax - 1) As Long
+End Type
+
+Private Type Key ' type to hold user key data
+ K(0 To KeyLengthMax - 1) As Byte
+End Type
+
+Private Type InOut ' type to hold cipher input and output blocks
+ IO(0 To BlockLength - 1) As Byte
+End Type
+
+Private Type BigInOut ' type to hold cipher input and output blocks
+ IO(0 To 128 * BlockLength - 1) As Byte
+End Type
+
+Rem Change "c:\temp\" in the following lines to the directory path where the AES DLL is located
+Private Declare Function AesEncryptKey128 Lib "c:\temp\aes.dll" _
+ Alias "_aes_encrypt_key128@8" (K As Key, C As EncCtx) As Integer
+Private Declare Function AesEncryptKey192 Lib "c:\temp\aes.dll" _
+ Alias "_aes_encrypt_key192@8" (K As Key, C As EncCtx) As Integer
+Private Declare Function AesEncryptKey256 Lib "c:\temp\aes.dll" _
+ Alias "_aes_encrypt_key256@8" (K As Key, C As EncCtx) As Integer
+Private Declare Function AesEncryptKey Lib "c:\temp\aes.dll" _
+ Alias "_aes_encrypt_key@12" (K As Key, ByVal N As Integer, C As EncCtx) As Integer
+Private Declare Function AesEncrypt Lib "c:\temp\aes.dll" _
+ Alias "_aes_encrypt@12" (Ib As InOut, Ob As InOut, C As EncCtx) As Integer
+Private Declare Function AesDecryptKey128 Lib "c:\temp\aes.dll" _
+ Alias "_aes_decrypt_key128@8" (K As Key, C As DecCtx) As Integer
+Private Declare Function AesDecryptKey192 Lib "c:\temp\aes.dll" _
+ Alias "_aes_decrypt_key192@8" (K As Key, C As DecCtx) As Integer
+Private Declare Function AesDecryptKey256 Lib "c:\temp\aes.dll" _
+ Alias "_aes_decrypt_key256@8" (K As Key, C As DecCtx) As Integer
+Private Declare Function AesDecryptKey Lib "c:\temp\aes.dll" _
+ Alias "_aes_decrypt_key@12" (K As Key, ByVal N As Long, C As DecCtx) As Integer
+Private Declare Function AesDecrypt Lib "c:\temp\aes.dll" _
+ Alias "_aes_decrypt@12" (Ib As InOut, Ob As InOut, C As DecCtx) As Integer
+
+Private Declare Function AesModeReset Lib "c:\temp\aes.dll" Alias "_aes_mode_reset@4" _
+ (C As EncCtx) As Integer
+Private Declare Function AesEcbEncrypt Lib "c:\temp\aes.dll" Alias "_aes_ecb_encrypt@16" _
+ (Ib As BigInOut, Ob As BigInOut, ByVal N As Long, C As EncCtx) As Integer
+Private Declare Function AesEcbDecrypt Lib "c:\temp\aes.dll" Alias "_aes_ecb_decrypt@16" _
+ (Ib As BigInOut, Ob As BigInOut, ByVal N As Long, C As DecCtx) As Integer
+Private Declare Function AesCbcEncrypt Lib "c:\temp\aes.dll" Alias "_aes_cbc_encrypt@20" _
+ (Ib As BigInOut, Ob As BigInOut, ByVal N As Long, Iv As InOut, C As EncCtx) As Integer
+Private Declare Function AesCbcDecrypt Lib "c:\temp\aes.dll" Alias "_aes_cbc_decrypt@20" _
+ (Ib As BigInOut, Ob As BigInOut, ByVal N As Long, Iv As InOut, C As DecCtx) As Integer
+Private Declare Function AesCfbEncrypt Lib "c:\temp\aes.dll" Alias "_aes_cfb_encrypt@20" _
+ (Ib As BigInOut, Ob As BigInOut, ByVal N As Long, Iv As InOut, C As EncCtx) As Integer
+Private Declare Function AesCfbDecrypt Lib "c:\temp\aes.dll" Alias "_aes_cfb_decrypt@20" _
+ (Ib As BigInOut, Ob As BigInOut, ByVal N As Long, Iv As InOut, C As EncCtx) As Integer
+Private Declare Function AesOfbCrypt Lib "c:\temp\aes.dll" Alias "_aes_ofb_crypt@20" _
+ (Ib As BigInOut, Ob As BigInOut, ByVal N As Long, Iv As InOut, C As EncCtx) As Integer
+Private Declare Function AesCtrCrypt Lib "c:\temp\aes.dll" Alias "_aes_ctr_crypt@24" _
+ (Ib As BigInOut, Ob As BigInOut, ByVal N As Long, Iv As InOut, ByVal CtrFn As Long, C As EncCtx) As Integer
+
+Private Sub Hex(X As Byte) ' output a byte in hexadecimal format
+Dim H As Byte
+H = Int(X / 16)
+If H < 10 Then Debug.Print Chr(48 + H); Else Debug.Print Chr(87 + H);
+H = Int(X Mod 16)
+If H < 10 Then Debug.Print Chr(48 + H); Else Debug.Print Chr(87 + H);
+End Sub
+
+Private Sub OutKey(S As String, B As Key, ByVal KeyL As Integer) ' display a key value
+Debug.Print: Debug.Print S;
+For i = 0 To KeyL - 1
+ Hex B.K(i)
+Next i
+End Sub
+
+Private Sub OutBlock(S As String, B As InOut) ' display an input/output block
+Debug.Print: Debug.Print S;
+For i = 0 To BlockLength - 1
+ Hex B.IO(i)
+Next i
+End Sub
+
+Private Sub OutBigBlock(S As String, B As BigInOut) ' display an input/output block
+Debug.Print: Debug.Print S;
+For i = 0 To BlockLength - 1
+ Hex B.IO(i)
+Next i
+Debug.Print " ... ";
+For i = 127 * BlockLength To 128 * BlockLength - 1
+ Hex B.IO(i)
+Next i
+End Sub
+
+Private Sub CtrInc(Ctr As InOut)
+ Ctr.IO(0) = Ctr.IO(0) + 1
+ If (Ctr.IO(0) = 0) Then
+ Ctr.IO(1) = Ctr.IO(1) + 1
+ If (Ctr.IO(1) = 0) Then
+ Ctr.IO(2) = Ctr.IO(2) + 1
+ If (Ctr.IO(3) = 0) Then
+ Ctr.IO(3) = Ctr.IO(3) + 1
+ End If
+ End If
+ End If
+End Sub
+
+Rem The following Main routine should output the following in the immediate window:
+Rem Variable Key Length ( 16 )
+Rem Key = 00000000000000000000000000000000
+Rem Input = 00000000000000000000000000000000
+Rem Encrypted Text = 66e94bd4ef8a2c3b884cfa59ca342b2e
+Rem Decrypted Text = 00000000000000000000000000000000
+Rem Variable Key Length ( 24 )
+Rem Key = 000000000000000000000000000000000000000000000000
+Rem Input = 00000000000000000000000000000000
+Rem Encrypted Text = aae06992acbf52a3e8f4a96ec9300bd7
+Rem Decrypted Text = 00000000000000000000000000000000
+Rem Variable Key Length ( 32 )
+Rem Key = 0000000000000000000000000000000000000000000000000000000000000000
+Rem Input = 00000000000000000000000000000000
+Rem Encrypted Text = dc95c078a2408989ad48a21492842087
+Rem Decrypted Text = 00000000000000000000000000000000
+Rem Fixed Key Length ( 128 )
+Rem Key = 00000000000000000000000000000000
+Rem Input = 00000000000000000000000000000000
+Rem Encrypted Text = 66e94bd4ef8a2c3b884cfa59ca342b2e
+Rem Decrypted Text = 00000000000000000000000000000000
+Rem Fixed Key Length ( 192 )
+Rem Key = 000000000000000000000000000000000000000000000000
+Rem Input = 00000000000000000000000000000000
+Rem Encrypted Text = aae06992acbf52a3e8f4a96ec9300bd7
+Rem Decrypted Text = 00000000000000000000000000000000
+Rem Fixed Key Length ( 256 )
+Rem Key = 0000000000000000000000000000000000000000000000000000000000000000
+Rem Input = 00000000000000000000000000000000
+Rem Encrypted Text = dc95c078a2408989ad48a21492842087
+Rem Decrypted Text = 00000000000000000000000000000000
+
+Sub Main()
+Dim Key As Key ' all these variables are initialised
+Dim Ib As InOut, Ob As InOut, Rb As InOut ' to zero by VBA
+Dim Iv1 As InOut, Iv2 As InOut
+Dim Ecx As EncCtx
+Dim Dcx As DecCtx
+Dim RetVal As Integer
+
+For KeyL = 16 To 32 Step 8
+Debug.Print "Variable Key Length ("; KeyL; ")";
+OutKey "Key = ", Key, KeyL
+OutBlock "Input = ", Ib
+RetVal = AesEncryptKey(Key, KeyL, Ecx) ' set an all zero encryption key
+RetVal = AesEncrypt(Ib, Ob, Ecx) ' encrypt Ib to Ob
+OutBlock "Encrypted Text = ", Ob
+RetVal = AesDecryptKey(Key, KeyL, Dcx) ' set an all zero decryption key
+RetVal = AesDecrypt(Ob, Rb, Dcx) ' decrypt Ob to Rb
+OutBlock "Decrypted Text = ", Rb
+Debug.Print
+Next KeyL
+
+Debug.Print
+KeyL = 128: Debug.Print "Fixed Key Length ("; KeyL; ")";
+OutKey "Key = ", Key, 16
+OutBlock "Input = ", Ib
+RetVal = AesEncryptKey128(Key, Ecx) ' set an all zero encryption key
+RetVal = AesEncrypt(Ib, Ob, Ecx) ' encrypt Ib to Ob
+OutBlock "Encrypted Text = ", Ob
+RetVal = AesDecryptKey128(Key, Dcx) ' set an all zero decryption key
+RetVal = AesDecrypt(Ob, Rb, Dcx) ' decrypt Ob to Rb
+OutBlock "Decrypted Text = ", Rb
+Debug.Print
+
+Debug.Print
+KeyL = 192: Debug.Print "Fixed Key Length ("; KeyL; ")";
+OutKey "Key = ", Key, 24
+OutBlock "Input = ", Ib
+RetVal = AesEncryptKey192(Key, Ecx) ' set an all zero encryption key
+RetVal = AesEncrypt(Ib, Ob, Ecx) ' encrypt Ib to Ob
+OutBlock "Encrypted Text = ", Ob
+RetVal = AesDecryptKey192(Key, Dcx) ' set an all zero decryption key
+RetVal = AesDecrypt(Ob, Rb, Dcx) ' decrypt Ob to Rb
+OutBlock "Decrypted Text = ", Rb
+Debug.Print
+
+Debug.Print
+KeyL = 256: Debug.Print "Fixed Key Length ("; KeyL; ")";
+OutKey "Key = ", Key, 32
+OutBlock "Input = ", Ib
+RetVal = AesEncryptKey256(Key, Ecx) ' set an all zero encryption key
+RetVal = AesEncrypt(Ib, Ob, Ecx) ' encrypt Ib to Ob
+OutBlock "Encrypted Text = ", Ob
+RetVal = AesDecryptKey256(Key, Dcx) ' set an all zero decryption key
+RetVal = AesDecrypt(Ob, Rb, Dcx) ' decrypt Ob to Rb
+OutBlock "Decrypted Text = ", Rb
+Debug.Print
+
+Debug.Print
+KeyL = 128: Debug.Print "Fixed Key Length ("; KeyL; ")";
+OutKey "Key = ", Key, 16
+OutBlock "Input = ", Ib
+RetVal = AesEncryptKey128(Key, Ecx) ' set an all zero encryption key
+OutBlock "Encrypted Text = ", Ob
+RetVal = AesDecryptKey128(Key, Dcx) ' set an all zero decryption key
+OutBlock "Decrypted Text = ", Rb
+Debug.Print
+
+Debug.Print
+KeyL = 128: Debug.Print "Fixed Key Length ("; KeyL; ")";
+OutKey "Key = ", Key, 16
+RetVal = AesEncryptKey128(Key, Ecx) ' set an all zero encryption key
+RetVal = AesDecryptKey128(Key, Dcx) ' set an all zero decryption key
+Dim Pt1 As BigInOut, Pt2 As BigInOut, Ct As BigInOut
+
+For i = 0 To 128 * BlockLength - 1
+ Pt1.IO(i) = i Mod 256
+Next i
+
+OutBigBlock "ECB Input = ", Pt1
+RetVal = AesEcbEncrypt(Pt1, Ct, 128 * BlockLength, Ecx)
+OutBigBlock "Encrypted Text = ", Ct
+RetVal = AesEcbDecrypt(Ct, Pt2, 128 * BlockLength, Dcx)
+OutBigBlock "Decrypted Text = ", Pt2
+Debug.Print
+
+OutBigBlock "CBC Mode Input = ", Pt1
+RetVal = AesCbcEncrypt(Pt1, Ct, 128 * BlockLength, Iv1, Ecx)
+OutBigBlock "Encrypted Text = ", Ct
+RetVal = AesCbcDecrypt(Ct, Pt2, 128 * BlockLength, Iv2, Dcx)
+OutBigBlock "Decrypted Text = ", Pt2
+Debug.Print
+
+OutBigBlock "CFB Mode Input = ", Pt1
+RetVal = AesCfbEncrypt(Pt1, Ct, 128 * BlockLength, Iv1, Ecx)
+OutBigBlock "Encrypted Text = ", Ct
+RetVal = AesCfbDecrypt(Ct, Pt2, 128 * BlockLength, Iv2, Ecx)
+OutBigBlock "Decrypted Text = ", Pt2
+Debug.Print
+
+OutBigBlock "OFB Mode Input = ", Pt1
+RetVal = AesOfbCrypt(Pt1, Ct, 128 * BlockLength, Iv1, Ecx)
+OutBigBlock "Encrypted Text = ", Ct
+RetVal = AesOfbCrypt(Ct, Pt2, 128 * BlockLength, Iv2, Ecx)
+OutBigBlock "Decrypted Text = ", Pt2
+Debug.Print
+
+#If False Then
+Rem CTR Mode is not working because of a problem with the 'AddressOf' operator
+OutBigBlock "CTR Mode Input = ", Pt1
+RetVal = AesCtrCrypt(Pt1, Ct, 128 * BlockLength, Iv1, AddressOf CtrInc, Ecx)
+OutBigBlock "Encrypted Text = ", Ct
+RetVal = AesCtrCrypt(Ct, Pt2, 128 * BlockLength, Iv2, AddressOf CtrInc, Ecx)
+OutBigBlock "Decrypted Text = ", Pt2
+Debug.Print
+#End If
+
+Debug.Print
+End Sub
diff --git a/crypto/src/main/jni/aes/aes/vbaxam.doc b/crypto/src/main/jni/aes/aes/vbaxam.doc
new file mode 100644
index 000000000..c3461ff80
Binary files /dev/null and b/crypto/src/main/jni/aes/aes/vbaxam.doc differ
diff --git a/crypto/src/main/jni/aes/aes/via_ace.txt b/crypto/src/main/jni/aes/aes/via_ace.txt
new file mode 100644
index 000000000..55c802ecc
--- /dev/null
+++ b/crypto/src/main/jni/aes/aes/via_ace.txt
@@ -0,0 +1,158 @@
+
+Support for the VIA Nehemiah Advanced Cryptography Engine (ACE)
+---------------------------------------------------------------
+
+A. Introduction
+
+The AES code now supports the VIA ACE engine. The engine is invoked by the
+multiple block AES modes calls in aes_modes.c and not by the basic AES code.
+
+The define USE_VIA_ACE_IF_PRESENT is defined if VIA ACE detection and use is
+required with fallback to the normal AES code if it is not present.
+
+The define ASSUME_VIA_ACE_PRESENT is used when it is known that the VIA ACE
+engine will always be present. Note, however, that this code will not work
+correctly if the VIA ACE engine is either not present or turned off.
+
+To enable ACE support the appropriate defines in section 2 of the options in
+aesopt.h must be set. If ACE support is required then key scheduling must
+use the C code so only the generic C code in Win32 mode, ASM_X86_V1C and
+ASM_X86_V2C assembler code can be used (i.e ASM_X86_V2 and ASM_AMD64_C do
+NOT support VIA ACE).
+
+B. Using ACE
+
+ACE is used in the code that implements the subroutines used for the multiple
+block AES modes defined in aes_modes.h:
+
+ // used to reset modes to their start point without entering a new key
+ AES_RETURN aes_mode_reset(aes_encrypt_ctx cx[1]);
+
+ AES_RETURN aes_ecb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
+ int len, const aes_encrypt_ctx cx[1]);
+
+ AES_RETURN aes_ecb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
+ int len, const aes_decrypt_ctx cx[1]);
+
+ AES_RETURN aes_cbc_encrypt(const unsigned char *ibuf, unsigned char *obuf,
+ int len, unsigned char *iv, const aes_encrypt_ctx cx[1]);
+
+ AES_RETURN aes_cbc_decrypt(const unsigned char *ibuf, unsigned char *obuf,
+ int len, unsigned char *iv, const aes_decrypt_ctx cx[1]);
+
+ AES_RETURN aes_cfb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
+ int len, unsigned char *iv, aes_encrypt_ctx cx[1]);
+
+ AES_RETURN aes_cfb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
+ int len, unsigned char *iv, aes_encrypt_ctx cx[1]);
+
+ #define aes_ofb_encrypt aes_ofb_crypt
+ #define aes_ofb_decrypt aes_ofb_crypt
+
+ AES_RETURN aes_ofb_crypt(const unsigned char *ibuf, unsigned char *obuf,
+ int len, unsigned char *iv, aes_encrypt_ctx cx[1]);
+
+ typedef void cbuf_inc(unsigned char *cbuf);
+
+ #define aes_ctr_encrypt aes_ctr_crypt
+ #define aes_ctr_decrypt aes_ctr_crypt
+
+ AES_RETURN aes_ctr_crypt(const unsigned char *ibuf, unsigned char *obuf,
+ int len, unsigned char *cbuf, cbuf_inc ctr_inc, aes_encrypt_ctx cx[1]);
+
+Note that the single block AES calls defined in aes.h:
+
+ AES_RETURN aes_encrypt(const unsigned char *in, unsigned char *out,
+ const aes_encrypt_ctx cx[1]);
+
+ AES_RETURN aes_decrypt(const unsigned char *in, unsigned char *out,
+ const aes_decrypt_ctx cx[1]);
+
+do NOT provide ACE support and should not be used if the ACE engine is
+available and ACE support is required.
+
+C. Constraints and Optimisation
+
+There are several constraints that have to be observed when ACE is used if
+the best performance is to be achieved:
+
+1. As usual the appropriate key set up subroutine must be called before any
+ of the above subroutines are used.
+
+2. The AES contexts - aes_encryption_ctx and aes_decryption_ctx - used with
+ these subroutines MUST be 16 byte aligned. Failure to align AES contexts
+ will often cause memory alignment exceptions.
+
+3. The buffers used for inputs, outputs and IVs do not need to be 16 byte
+ aligned but the speed that is achieved will be much higher if this can be
+ arranged. In a flat address space (as now typical in 32-bit systems) this
+ means that: (a) that the lower nibble of all buffer addresses must be
+ zero, and (b) the compiler used must arrange to load the data and stack
+ segments on 16 byte address boundaries. The Microsoft VC++ compiler can
+ align all variables in this way (see the example macros for doing this in
+ aes_via_ace.txt). However it seems that the GCC compiler will only do this
+ for static global variables but not for variables placed on the stack, that
+ is local variables.
+
+4. The data length in bytes (len) in calls to the ECB and CBC subroutines
+ must be a multiple of the 16 byte block length. An error return will
+ occur if this is not so.
+
+5. The data length in all calls to the CFB, OFB and CTR subroutines must also
+ be a multiple of 16 bytes if the VIA ACE engine is to be used. Otherwise
+ these lengths can be of any value but the subroutines will only proceed at
+ full speed for lengths that are multiples of 16 bytes. The CFB, OFB and
+ CTR subroutines are incremental, with subsequent calls continuing from
+ where previous calls finished. The subroutine aes_mode_reset() can be used
+ to restart a mode without a key change but is not needed after a new key is
+ entered. Such a reset is not needed when the data lengths in all individual
+ calls to the AES mode subroutines are multiples of 16 bytes.
+
+6. Note that the AES context contains mode details so only one type of mode
+ can be run from a context at any one time. A reset is necessary if a new
+ mode is used without a new context or a new key.
+
+D. Expected Speeds
+
+The speeds that have been obtained using a 1.2 GHz VIA C3 processor with
+this code are given below (note that since CTR mode is not available in
+the VIA hardware it is not present in the aligned timing figures):
+
+AES Timing (Cycles/Byte) with the VIA ACE Engine (aligned in C)
+Mode Blocks: 1 10 100 1000 Peak Throughput
+ecb encrypt 8.25 1.36 0.69 0.63 1.9 Gbytes/second
+ecb decrypt 8.75 1.41 0.70 0.64 1.9 Gbytes/second
+cbc encrypt 11.56 2.41 1.47 1.38 870 Mbytes/second
+cbc decrypt 12.37 2.38 1.47 1.38 870 Mbytes/second
+cfb encrypt 11.93 2.46 1.48 1.38 870 Mbytes/second
+cfb decrypt 12.18 2.36 1.47 1.38 870 Mbytes/second
+ofb encrypt 13.31 3.88 2.92 2.82 425 Mbytes/second
+ofb decrypt 13.31 3.88 2.92 2.82 425 Mbytes/second
+
+AES Timing (Cycles/Byte) with the VIA ACE Engine (unaligned in C)
+Mode Blocks: 1 10 100 1000 Peak Throughput
+ecb encrypt 17.68 4.31 3.15 3.05 390 Mbytes/second
+ecb decrypt 18.12 4.36 3.17 3.06 390 Mbytes/second
+cbc encrypt 20.68 5.70 4.39 4.27 280 Mbytes/second
+cbc decrypt 21.87 5.75 4.34 4.21 285 Mbytes/second
+cfb encrypt 21.06 5.81 4.43 4.31 280 Mbytes/second
+cfb decrypt 21.37 5.72 4.36 4.24 285 Mbytes/second
+ofb encrypt 22.43 7.23 5.85 5.72 210 Mbytes/second
+ofb decrypt 22.43 7.34 5.86 5.73 210 Mbytes/second
+ctr encrypt 16.43 6.90 6.00 5.89 205 Mbytes/second
+ctr decrypt 16.43 6.90 6.00 5.89 205 Mbytes/second
+
+AES Timing (Cycles/Byte) with the VIA ACE Engine (unaligned assembler)
+Mode Blocks: 1 10 100 1000 Peak Throughput
+ecb encrypt 11.87 2.89 1.91 1.83 660 Mbytes/second
+ecb decrypt 12.18 2.83 1.97 1.87 640 Mbytes/second
+cbc encrypt 14.87 4.13 3.11 3.01 400 Mbytes/second
+cbc decrypt 14.43 3.87 2.89 2.80 430 Mbytes/second
+cfb encrypt 14.75 4.12 3.10 3.01 400 Mbytes/second
+cfb decrypt 14.12 4.10 2.88 2.79 430 Mbytes/second
+ofb encrypt 15.25 5.36 4.37 4.27 280 Mbytes/second
+ofb decrypt 15.25 5.36 4.36 4.27 280 Mbytes/second
+ctr encrypt 13.31 4.79 4.01 3.94 305 Mbytes/second
+ctr decrypt 13.31 4.79 4.01 3.94 305 Mbytes/second
+
+ Brian Gladman, Worcester, UK
diff --git a/crypto/src/main/jni/final_key/kpd_jni.c b/crypto/src/main/jni/aes/aes_jni.c
similarity index 88%
rename from crypto/src/main/jni/final_key/kpd_jni.c
rename to crypto/src/main/jni/aes/aes_jni.c
index 77e1dbcbe..63d69ca02 100644
--- a/crypto/src/main/jni/final_key/kpd_jni.c
+++ b/crypto/src/main/jni/aes/aes_jni.c
@@ -42,19 +42,19 @@ static JavaVM *cached_vm;
static jclass bad_arg, no_mem, bad_padding, short_buf, block_size;
typedef enum {
- ENCRYPTION,
- DECRYPTION,
- FINALIZED
+ ENCRYPTION,
+ DECRYPTION,
+ FINALIZED
} edir_t;
#define AES_BLOCK_SIZE 16
#define CACHE_SIZE 32
typedef struct _aes_state {
- edir_t direction;
- uint32_t cache_len;
- uint8_t iv[16], cache[CACHE_SIZE];
- uint8_t ctx[sizeof(aes_encrypt_ctx)]; // 244
+ edir_t direction;
+ uint32_t cache_len;
+ uint8_t iv[16], cache[CACHE_SIZE];
+ uint8_t ctx[sizeof(aes_encrypt_ctx)]; // 244
} aes_state;
#define ENC_CTX(state) (((aes_encrypt_ctx *)((state)->ctx)))
@@ -164,16 +164,16 @@ JNIEXPORT void JNICALL Java_com_kunzisoft_encrypt_aes_NativeAESCipherSpi_nCleanu
*/
JNIEXPORT jint JNICALL Java_com_kunzisoft_encrypt_aes_NativeAESCipherSpi_nUpdate(JNIEnv *env, jobject this,
- jlong state, jbyteArray input, jint inputOffset, jint inputLen, jbyteArray output, jint outputOffset, jint outputSize) {
+ jlong state, jbyteArray input, jint inputOffset, jint inputLen, jbyteArray output, jint outputOffset, jint outputSize) {
int aes_ret;
uint32_t outLen, bytes2cache, cryptLen;
void *in, *out;
uint8_t *c_input, *c_output;
aes_state *c_state;
-#if defined(KPD_DEBUG)
- __android_log_print(ANDROID_LOG_INFO, "kpd_jni.c/nUpdate", "entry: inputLen=%d, outputSize=%d", inputLen, outputSize);
-#endif
+ #if defined(KPD_DEBUG)
+ __android_log_print(ANDROID_LOG_INFO, "aes_jni.c/nUpdate", "entry: inputLen=%d, outputSize=%d", inputLen, outputSize);
+ #endif
// step 1: first, some housecleaning
if( !inputLen || !outputSize || outputOffset < 0 || !input || !output ) {
@@ -247,9 +247,9 @@ JNIEXPORT jint JNICALL Java_com_kunzisoft_encrypt_aes_NativeAESCipherSpi_nUpdate
free(in);
free(out);
-#if defined(KPD_DEBUG)
- __android_log_print(ANDROID_LOG_INFO, "kpd_jni.c/nUpdate", "exit: outLen=%d", outLen);
-#endif
+ #if defined(KPD_DEBUG)
+ __android_log_print(ANDROID_LOG_INFO, "aes_jni.c/nUpdate", "exit: outLen=%d", outLen);
+ #endif
return outLen;
}
@@ -259,15 +259,15 @@ JNIEXPORT jint JNICALL Java_com_kunzisoft_encrypt_aes_NativeAESCipherSpi_nUpdate
outputSize must be at least 16 for decryption
*/
JNIEXPORT jint JNICALL Java_com_kunzisoft_encrypt_aes_NativeAESCipherSpi_nFinal(JNIEnv *env, jobject this,
- jlong state, jboolean doPadding, jbyteArray output, jint outputOffset, jint outputSize) {
+ jlong state, jboolean doPadding, jbyteArray output, jint outputOffset, jint outputSize) {
int i;
uint32_t padValue, paddedCacheLen;
uint8_t final_output[CACHE_SIZE] __attribute__ ((aligned (16)));
aes_state *c_state;
-#if defined(KPD_DEBUG)
- __android_log_print(ANDROID_LOG_INFO, "kpd_jni.c/nFinal", "entry: outputOffset=%d, outputSize=%d", outputOffset, outputSize);
-#endif
+ #if defined(KPD_DEBUG)
+ __android_log_print(ANDROID_LOG_INFO, "aes_jni.c/nFinal", "entry: outputOffset=%d, outputSize=%d", outputOffset, outputSize);
+ #endif
if( !output || outputOffset < 0 ) {
(*env)->ThrowNew(env, bad_arg, "Invalid argument(s) passed to nFinal");
@@ -286,9 +286,9 @@ JNIEXPORT jint JNICALL Java_com_kunzisoft_encrypt_aes_NativeAESCipherSpi_nFinal(
return c_state->cache_len;
}
-#if defined(KPD_DEBUG)
- __android_log_print(ANDROID_LOG_INFO, "kpd_jni.c/nFinal", "crypto operation starts");
-#endif
+ #if defined(KPD_DEBUG)
+ __android_log_print(ANDROID_LOG_INFO, "aes_jni.c/nFinal", "crypto operation starts");
+ #endif
if( c_state->direction == ENCRYPTION ) {
if( c_state->cache_len >= 16 ) {
@@ -309,9 +309,9 @@ JNIEXPORT jint JNICALL Java_com_kunzisoft_encrypt_aes_NativeAESCipherSpi_nFinal(
}
(*env)->SetByteArrayRegion(env, output, outputOffset, paddedCacheLen, (jbyte *)final_output);
c_state->direction = FINALIZED;
-#if defined(KPD_DEBUG)
- __android_log_print(ANDROID_LOG_INFO, "kpd_jni.c/nFinal", "encryption operation completed, returning %d bytes", paddedCacheLen);
-#endif
+ #if defined(KPD_DEBUG)
+ __android_log_print(ANDROID_LOG_INFO, "aes_jni.c/nFinal", "encryption operation completed, returning %d bytes", paddedCacheLen);
+ #endif
return paddedCacheLen;
} else { // DECRYPTION
@@ -334,17 +334,17 @@ JNIEXPORT jint JNICALL Java_com_kunzisoft_encrypt_aes_NativeAESCipherSpi_nFinal(
badPadding = padValue > AES_BLOCK_SIZE;
if (!badPadding) {
- for(i = paddedCacheLen-1; final_output[i] == padValue && i >= 0; i--) {
- if (final_output[i] != padValue) {
- badPadding = 1;
- break;
+ for(i = paddedCacheLen-1; final_output[i] == padValue && i >= 0; i--) {
+ if (final_output[i] != padValue) {
+ badPadding = 1;
+ break;
+ }
}
- }
}
-#if defined(KPD_DEBUG)
- __android_log_print(ANDROID_LOG_INFO, "kpd_jni.c/nFinal", "padValue=%d", padValue);
-#endif
+ #if defined(KPD_DEBUG)
+ __android_log_print(ANDROID_LOG_INFO, "aes_jni.c/nFinal", "padValue=%d", padValue);
+ #endif
if( badPadding ) {
(*env)->ThrowNew(env, bad_padding, "Failed to verify padding during decryption");
return -1;
@@ -354,9 +354,9 @@ JNIEXPORT jint JNICALL Java_com_kunzisoft_encrypt_aes_NativeAESCipherSpi_nFinal(
(*env)->SetByteArrayRegion(env, output, outputOffset, outputSize, (jbyte *)final_output);
c_state->direction = FINALIZED;
-#if defined(KPD_DEBUG)
- __android_log_print(ANDROID_LOG_INFO, "kpd_jni.c/nFinal", "decryption operation completed, returning %d bytes", outputSize);
-#endif
+ #if defined(KPD_DEBUG)
+ __android_log_print(ANDROID_LOG_INFO, "aes_jni.c/nFinal", "decryption operation completed, returning %d bytes", outputSize);
+ #endif
return outputSize;
}
}
@@ -375,19 +375,19 @@ JNIEXPORT jint JNICALL Java_com_kunzisoft_encrypt_aes_NativeAESCipherSpi_nGetCac
#define MASTER_KEY_SIZE 32
typedef struct _master_key {
- uint64_t rounds;
- uint32_t done[2];
- pthread_mutex_t lock1, lock2; // these lock the two halves of the key material
- uint8_t c_seed[MASTER_KEY_SIZE] __attribute__ ((aligned (16)));
- uint8_t key1[MASTER_KEY_SIZE] __attribute__ ((aligned (16)));
- uint8_t key2[MASTER_KEY_SIZE] __attribute__ ((aligned (16)));
+ uint64_t rounds;
+ uint32_t done[2];
+ pthread_mutex_t lock1, lock2; // these lock the two halves of the key material
+ uint8_t c_seed[MASTER_KEY_SIZE] __attribute__ ((aligned (16)));
+ uint8_t key1[MASTER_KEY_SIZE] __attribute__ ((aligned (16)));
+ uint8_t key2[MASTER_KEY_SIZE] __attribute__ ((aligned (16)));
} master_key;
uint32_t generate_key_material(void *arg) {
-#if defined(KPD_PROFILE)
+ #if defined(KPD_PROFILE)
struct timespec start, end;
-#endif
+ #endif
uint32_t i, flip = 0;
uint8_t *key1, *key2;
master_key *mk = (master_key *)arg;
@@ -404,9 +404,9 @@ uint32_t generate_key_material(void *arg) {
pthread_exit( (void *)(-1) );
}
-#if defined(KPD_PROFILE)
+ #if defined(KPD_PROFILE)
clock_gettime(CLOCK_THREAD_CPUTIME_ID, &start);
-#endif
+ #endif
aes_encrypt_key256(mk->c_seed, e_ctx);
for (i = 0; i < mk->rounds; i++) {
@@ -419,13 +419,13 @@ uint32_t generate_key_material(void *arg) {
}
}
-#if defined(KPD_PROFILE)
+ #if defined(KPD_PROFILE)
clock_gettime(CLOCK_THREAD_CPUTIME_ID, &end);
if( key1 == mk->key1 )
- __android_log_print(ANDROID_LOG_INFO, "kpd_jni.c/nTransformKey", "Thread 1 master key transformation took ~%d seconds", (end.tv_sec-start.tv_sec));
+ __android_log_print(ANDROID_LOG_INFO, "aes_jni.c/nTransformMasterKey", "Thread 1 master key transformation took ~%d seconds", (end.tv_sec-start.tv_sec));
else
- __android_log_print(ANDROID_LOG_INFO, "kpd_jni.c/nTransformKey", "Thread 2 master key transformation took ~%d seconds", (end.tv_sec-start.tv_sec));
-#endif
+ __android_log_print(ANDROID_LOG_INFO, "aes_jni.c/nTransformMasterKey", "Thread 2 master key transformation took ~%d seconds", (end.tv_sec-start.tv_sec));
+ #endif
if( key1 == mk->key1 ) {
mk->done[0] = 1;
@@ -523,3 +523,4 @@ JNIEXPORT jbyteArray JNICALL Java_com_kunzisoft_encrypt_aes_NativeAESKeyTransfor
return result;
}
#undef MASTER_KEY_SIZE
+
diff --git a/crypto/src/main/jni/final_key/sha/Android.mk b/crypto/src/main/jni/aes/sha/Android.mk
similarity index 78%
rename from crypto/src/main/jni/final_key/sha/Android.mk
rename to crypto/src/main/jni/aes/sha/Android.mk
index 6f260061d..bfdad4e5c 100644
--- a/crypto/src/main/jni/final_key/sha/Android.mk
+++ b/crypto/src/main/jni/aes/sha/Android.mk
@@ -1,9 +1,14 @@
LOCAL_PATH := $(call my-dir)
+
include $(CLEAR_VARS)
+
LOCAL_MODULE := sha
+
LOCAL_SRC_FILES := \
sha1.c \
sha2.c \
hmac.c
-LOCAL_EXPORT_C_INCLUDES := $(LOCAL_PATH)
+
+LOCAL_CFLAGS := -DUSE_SHA256
+
include $(BUILD_STATIC_LIBRARY)
diff --git a/crypto/src/main/jni/final_key/aes/brg_endian.h b/crypto/src/main/jni/aes/sha/brg_endian.h
similarity index 66%
rename from crypto/src/main/jni/final_key/aes/brg_endian.h
rename to crypto/src/main/jni/aes/sha/brg_endian.h
index c0e32b7cb..2011c4aa3 100644
--- a/crypto/src/main/jni/final_key/aes/brg_endian.h
+++ b/crypto/src/main/jni/aes/sha/brg_endian.h
@@ -1,45 +1,49 @@
/*
----------------------------------------------------------------------------
-Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
+ ---------------------------------------------------------------------------
+ Copyright (c) 2003, Dr Brian Gladman, Worcester, UK. All rights reserved.
-The redistribution and use of this software (with or without changes)
-is allowed without the payment of fees or royalties provided that:
+ LICENSE TERMS
- source code distributions include the above copyright notice, this
- list of conditions and the following disclaimer;
+ The free distribution and use of this software in both source and binary
+ form is allowed (with or without changes) provided that:
- binary distributions include the above copyright notice, this list
- of conditions and the following disclaimer in their documentation.
+ 1. distributions of this source code include the above copyright
+ notice, this list of conditions and the following disclaimer;
-This software is provided 'as is' with no explicit or implied warranties
-in respect of its operation, including, but not limited to, correctness
-and fitness for purpose.
----------------------------------------------------------------------------
-Issue Date: 10/09/2018
+ 2. distributions in binary form include the above copyright
+ notice, this list of conditions and the following disclaimer
+ in the documentation and/or other associated materials;
+
+ 3. the copyright holder's name is not used to endorse products
+ built using this software without specific written permission.
+
+ ALTERNATIVELY, provided that this notice is retained in full, this product
+ may be distributed under the terms of the GNU General Public License (GPL),
+ in which case the provisions of the GPL apply INSTEAD OF those given above.
+
+ DISCLAIMER
+
+ This software is provided 'as is' with no explicit or implied warranties
+ in respect of its properties, including, but not limited to, correctness
+ and/or fitness for purpose.
+ ---------------------------------------------------------------------------
+ Issue 20/10/2006
*/
-#ifndef _BRG_ENDIAN_H
-#define _BRG_ENDIAN_H
+#ifndef BRG_ENDIAN_H
+#define BRG_ENDIAN_H
#define IS_BIG_ENDIAN 4321 /* byte 0 is most significant (mc68k) */
#define IS_LITTLE_ENDIAN 1234 /* byte 0 is least significant (i386) */
-/* This is needed when using clang with MSVC to avoid including */
-/* endian.h and byteswap.h which are not present on Windows */
-#if defined( _MSC_VER ) && defined( __clang__ )
-# undef __GNUC__
-#endif
-
/* Include files where endian defines and byteswap functions may reside */
-#if defined( __sun )
-# include
-#elif defined( __FreeBSD__ ) || defined( __OpenBSD__ ) || defined( __NetBSD__ )
+#if defined( __FreeBSD__ ) || defined( __OpenBSD__ ) || defined( __NetBSD__ )
# include
#elif defined( BSD ) && ( BSD >= 199103 ) || defined( __APPLE__ ) || \
defined( __CYGWIN32__ ) || defined( __DJGPP__ ) || defined( __osf__ )
# include
#elif defined( __linux__ ) || defined( __GNUC__ ) || defined( __GNU_LIBRARY__ )
-# if !defined( __MINGW32__ ) && !defined( _AIX )
+# if !defined( __MINGW32__ )
# include
# if !defined( __BEOS__ )
# include
@@ -48,20 +52,8 @@ Issue Date: 10/09/2018
#endif
/* Now attempt to set the define for platform byte order using any */
-/* of the four forms SYMBOL, _SYMBOL, __SYMBOL & __SYMBOL__, ... */
-/* which seem to encompass most endian symbol definitions */
-
-#if defined( __ORDER_BIG_ENDIAN__ ) && defined( __ORDER_LITTLE_ENDIAN__ )
-# if defined( __BYTE_ORDER__ ) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
-# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
-# elif defined( __BYTE_ORDER__ ) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
-# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
-# endif
-#elif defined( __ORDER_BIG_ENDIAN__ )
-# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
-#elif defined( __ORDER_LITTLE_ENDIAN__ )
-# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN
-#endif
+/* of the four forms SYMBOL, _SYMBOL, __SYMBOL & __SYMBOL__, which */
+/* seem to encompass most endian symbol definitions */
#if defined( BIG_ENDIAN ) && defined( LITTLE_ENDIAN )
# if defined( BYTE_ORDER ) && BYTE_ORDER == BIG_ENDIAN
@@ -128,7 +120,7 @@ Issue Date: 10/09/2018
defined( __MRC__ ) || defined( __MVS__ ) || defined( __MWERKS__ ) || \
defined( sparc ) || defined( __sparc) || defined( SYMANTEC_C ) || \
defined( __VOS__ ) || defined( __TIGCC__ ) || defined( __TANDEM ) || \
- defined( THINK_C ) || defined( __VMCMS__ ) || defined( _AIX )
+ defined( THINK_C ) || defined( __VMCMS__ )
# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN
#elif 0 /* **** EDIT HERE IF NECESSARY **** */
diff --git a/crypto/src/main/jni/aes/sha/brg_types.h b/crypto/src/main/jni/aes/sha/brg_types.h
new file mode 100644
index 000000000..fefb09a5a
--- /dev/null
+++ b/crypto/src/main/jni/aes/sha/brg_types.h
@@ -0,0 +1,184 @@
+/*
+ ---------------------------------------------------------------------------
+ Copyright (c) 1998-2006, Brian Gladman, Worcester, UK. All rights reserved.
+
+ LICENSE TERMS
+
+ The free distribution and use of this software in both source and binary
+ form is allowed (with or without changes) provided that:
+
+ 1. distributions of this source code include the above copyright
+ notice, this list of conditions and the following disclaimer;
+
+ 2. distributions in binary form include the above copyright
+ notice, this list of conditions and the following disclaimer
+ in the documentation and/or other associated materials;
+
+ 3. the copyright holder's name is not used to endorse products
+ built using this software without specific written permission.
+
+ ALTERNATIVELY, provided that this notice is retained in full, this product
+ may be distributed under the terms of the GNU General Public License (GPL),
+ in which case the provisions of the GPL apply INSTEAD OF those given above.
+
+ DISCLAIMER
+
+ This software is provided 'as is' with no explicit or implied warranties
+ in respect of its properties, including, but not limited to, correctness
+ and/or fitness for purpose.
+ ---------------------------------------------------------------------------
+ Issue 09/09/2006
+
+ The unsigned integer types defined here are of the form uint_t where
+ is the length of the type; for example, the unsigned 32-bit type is
+ 'uint_32t'. These are NOT the same as the 'C99 integer types' that are
+ defined in the inttypes.h and stdint.h headers since attempts to use these
+ types have shown that support for them is still highly variable. However,
+ since the latter are of the form uint_t, a regular expression search
+ and replace (in VC++ search on 'uint_{:z}t' and replace with 'uint\1_t')
+ can be used to convert the types used here to the C99 standard types.
+*/
+
+#ifndef BRG_TYPES_H
+#define BRG_TYPES_H
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+#include
+
+#ifndef BRG_UI8
+# define BRG_UI8
+# if UCHAR_MAX == 255u
+ typedef unsigned char uint_8t;
+# else
+# error Please define uint_8t as an 8-bit unsigned integer type in brg_types.h
+# endif
+#endif
+
+#ifndef BRG_UI16
+# define BRG_UI16
+# if USHRT_MAX == 65535u
+ typedef unsigned short uint_16t;
+# else
+# error Please define uint_16t as a 16-bit unsigned short type in brg_types.h
+# endif
+#endif
+
+#ifndef BRG_UI32
+# define BRG_UI32
+# if UINT_MAX == 4294967295u
+# define li_32(h) 0x##h##u
+ typedef unsigned int uint_32t;
+# elif ULONG_MAX == 4294967295u
+# define li_32(h) 0x##h##ul
+ typedef unsigned long uint_32t;
+# elif defined( _CRAY )
+# error This code needs 32-bit data types, which Cray machines do not provide
+# else
+# error Please define uint_32t as a 32-bit unsigned integer type in brg_types.h
+# endif
+#endif
+
+#ifndef BRG_UI64
+# if defined( __BORLANDC__ ) && !defined( __MSDOS__ )
+# define BRG_UI64
+# define li_64(h) 0x##h##ull
+ typedef unsigned __int64 uint_64t;
+# elif defined( _MSC_VER ) && ( _MSC_VER < 1300 ) /* 1300 == VC++ 7.0 */
+# define BRG_UI64
+# define li_64(h) 0x##h##ui64
+ typedef unsigned __int64 uint_64t;
+# elif defined( __sun ) && defined(ULONG_MAX) && ULONG_MAX == 0xfffffffful
+# define BRG_UI64
+# define li_64(h) 0x##h##ull
+ typedef unsigned long long uint_64t;
+# elif defined( UINT_MAX ) && UINT_MAX > 4294967295u
+# if UINT_MAX == 18446744073709551615u
+# define BRG_UI64
+# define li_64(h) 0x##h##u
+ typedef unsigned int uint_64t;
+# endif
+# elif defined( ULONG_MAX ) && ULONG_MAX > 4294967295u
+# if ULONG_MAX == 18446744073709551615ul
+# define BRG_UI64
+# define li_64(h) 0x##h##ul
+ typedef unsigned long uint_64t;
+# endif
+# elif defined( ULLONG_MAX ) && ULLONG_MAX > 4294967295u
+# if ULLONG_MAX == 18446744073709551615ull
+# define BRG_UI64
+# define li_64(h) 0x##h##ull
+ typedef unsigned long long uint_64t;
+# endif
+# elif defined( ULONG_LONG_MAX ) && ULONG_LONG_MAX > 4294967295u
+# if ULONG_LONG_MAX == 18446744073709551615ull
+# define BRG_UI64
+# define li_64(h) 0x##h##ull
+ typedef unsigned long long uint_64t;
+# endif
+# endif
+#endif
+
+#if defined( NEED_UINT_64T ) && !defined( BRG_UI64 )
+# error Please define uint_64t as an unsigned 64 bit type in brg_types.h
+#endif
+
+#ifndef RETURN_VALUES
+# define RETURN_VALUES
+# if defined( DLL_EXPORT )
+# if defined( _MSC_VER ) || defined ( __INTEL_COMPILER )
+# define VOID_RETURN __declspec( dllexport ) void __stdcall
+# define INT_RETURN __declspec( dllexport ) int __stdcall
+# elif defined( __GNUC__ )
+# define VOID_RETURN __declspec( __dllexport__ ) void
+# define INT_RETURN __declspec( __dllexport__ ) int
+# else
+# error Use of the DLL is only available on the Microsoft, Intel and GCC compilers
+# endif
+# elif defined( DLL_IMPORT )
+# if defined( _MSC_VER ) || defined ( __INTEL_COMPILER )
+# define VOID_RETURN __declspec( dllimport ) void __stdcall
+# define INT_RETURN __declspec( dllimport ) int __stdcall
+# elif defined( __GNUC__ )
+# define VOID_RETURN __declspec( __dllimport__ ) void
+# define INT_RETURN __declspec( __dllimport__ ) int
+# else
+# error Use of the DLL is only available on the Microsoft, Intel and GCC compilers
+# endif
+# elif defined( __WATCOMC__ )
+# define VOID_RETURN void __cdecl
+# define INT_RETURN int __cdecl
+# else
+# define VOID_RETURN void
+# define INT_RETURN int
+# endif
+#endif
+
+/* These defines are used to declare buffers in a way that allows
+ faster operations on longer variables to be used. In all these
+ defines 'size' must be a power of 2 and >= 8
+
+ dec_unit_type(size,x) declares a variable 'x' of length
+ 'size' bits
+
+ dec_bufr_type(size,bsize,x) declares a buffer 'x' of length 'bsize'
+ bytes defined as an array of variables
+ each of 'size' bits (bsize must be a
+ multiple of size / 8)
+
+ ptr_cast(x,size) casts a pointer to a pointer to a
+ varaiable of length 'size' bits
+*/
+
+#define ui_type(size) uint_##size##t
+#define dec_unit_type(size,x) typedef ui_type(size) x
+#define dec_bufr_type(size,bsize,x) typedef ui_type(size) x[bsize / (size >> 3)]
+#define ptr_cast(x,size) ((ui_type(size)*)(x))
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif
diff --git a/crypto/src/main/jni/aes/sha/hmac.c b/crypto/src/main/jni/aes/sha/hmac.c
new file mode 100644
index 000000000..1c0c582c7
--- /dev/null
+++ b/crypto/src/main/jni/aes/sha/hmac.c
@@ -0,0 +1,144 @@
+/*
+ ---------------------------------------------------------------------------
+ Copyright (c) 2002, Dr Brian Gladman, Worcester, UK. All rights reserved.
+
+ LICENSE TERMS
+
+ The free distribution and use of this software in both source and binary
+ form is allowed (with or without changes) provided that:
+
+ 1. distributions of this source code include the above copyright
+ notice, this list of conditions and the following disclaimer;
+
+ 2. distributions in binary form include the above copyright
+ notice, this list of conditions and the following disclaimer
+ in the documentation and/or other associated materials;
+
+ 3. the copyright holder's name is not used to endorse products
+ built using this software without specific written permission.
+
+ ALTERNATIVELY, provided that this notice is retained in full, this product
+ may be distributed under the terms of the GNU General Public License (GPL),
+ in which case the provisions of the GPL apply INSTEAD OF those given above.
+
+ DISCLAIMER
+
+ This software is provided 'as is' with no explicit or implied warranties
+ in respect of its properties, including, but not limited to, correctness
+ and/or fitness for purpose.
+ ---------------------------------------------------------------------------
+ Issue Date: 26/08/2003
+
+ This is an implementation of HMAC, the FIPS standard keyed hash function
+*/
+
+#include "hmac.h"
+
+#if defined(__cplusplus)
+extern "C"
+{
+#endif
+
+/* initialise the HMAC context to zero */
+void hmac_sha_begin(hmac_ctx cx[1])
+{
+ memset(cx, 0, sizeof(hmac_ctx));
+}
+
+/* input the HMAC key (can be called multiple times) */
+int hmac_sha_key(const unsigned char key[], unsigned long key_len, hmac_ctx cx[1])
+{
+ if(cx->klen == HMAC_IN_DATA) /* error if further key input */
+ return HMAC_BAD_MODE; /* is attempted in data mode */
+
+ if(cx->klen + key_len > HASH_INPUT_SIZE) /* if the key has to be hashed */
+ {
+ if(cx->klen <= HASH_INPUT_SIZE) /* if the hash has not yet been */
+ { /* started, initialise it and */
+ sha_begin(cx->ctx); /* hash stored key characters */
+ sha_hash(cx->key, cx->klen, cx->ctx);
+ }
+
+ sha_hash(key, key_len, cx->ctx); /* hash long key data into hash */
+ }
+ else /* otherwise store key data */
+ memcpy(cx->key + cx->klen, key, key_len);
+
+ cx->klen += key_len; /* update the key length count */
+ return HMAC_OK;
+}
+
+/* input the HMAC data (can be called multiple times) - */
+/* note that this call terminates the key input phase */
+void hmac_sha_data(const unsigned char data[], unsigned long data_len, hmac_ctx cx[1])
+{ unsigned int i;
+
+ if(cx->klen != HMAC_IN_DATA) /* if not yet in data phase */
+ {
+ if(cx->klen > HASH_INPUT_SIZE) /* if key is being hashed */
+ { /* complete the hash and */
+ sha_end(cx->key, cx->ctx); /* store the result as the */
+ cx->klen = HASH_OUTPUT_SIZE; /* key and set new length */
+ }
+
+ /* pad the key if necessary */
+ memset(cx->key + cx->klen, 0, HASH_INPUT_SIZE - cx->klen);
+
+ /* xor ipad into key value */
+ for(i = 0; i < (HASH_INPUT_SIZE >> 2); ++i)
+ ((uint_32t*)cx->key)[i] ^= 0x36363636;
+
+ /* and start hash operation */
+ sha_begin(cx->ctx);
+ sha_hash(cx->key, HASH_INPUT_SIZE, cx->ctx);
+
+ /* mark as now in data mode */
+ cx->klen = HMAC_IN_DATA;
+ }
+
+ /* hash the data (if any) */
+ if(data_len)
+ sha_hash(data, data_len, cx->ctx);
+}
+
+/* compute and output the MAC value */
+void hmac_sha_end(unsigned char mac[], unsigned long mac_len, hmac_ctx cx[1])
+{ unsigned char dig[HASH_OUTPUT_SIZE];
+ unsigned int i;
+
+ /* if no data has been entered perform a null data phase */
+ if(cx->klen != HMAC_IN_DATA)
+ hmac_sha_data((const unsigned char*)0, 0, cx);
+
+ sha_end(dig, cx->ctx); /* complete the inner hash */
+
+ /* set outer key value using opad and removing ipad */
+ for(i = 0; i < (HASH_INPUT_SIZE >> 2); ++i)
+ ((uint_32t*)cx->key)[i] ^= 0x36363636 ^ 0x5c5c5c5c;
+
+ /* perform the outer hash operation */
+ sha_begin(cx->ctx);
+ sha_hash(cx->key, HASH_INPUT_SIZE, cx->ctx);
+ sha_hash(dig, HASH_OUTPUT_SIZE, cx->ctx);
+ sha_end(dig, cx->ctx);
+
+ /* output the hash value */
+ for(i = 0; i < mac_len; ++i)
+ mac[i] = dig[i];
+}
+
+/* 'do it all in one go' subroutine */
+void hmac_sha(const unsigned char key[], unsigned long key_len,
+ const unsigned char data[], unsigned long data_len,
+ unsigned char mac[], unsigned long mac_len)
+{ hmac_ctx cx[1];
+
+ hmac_sha_begin(cx);
+ hmac_sha_key(key, key_len, cx);
+ hmac_sha_data(data, data_len, cx);
+ hmac_sha_end(mac, mac_len, cx);
+}
+
+#if defined(__cplusplus)
+}
+#endif
diff --git a/crypto/src/main/jni/aes/sha/hmac.h b/crypto/src/main/jni/aes/sha/hmac.h
new file mode 100644
index 000000000..a1131ee9e
--- /dev/null
+++ b/crypto/src/main/jni/aes/sha/hmac.h
@@ -0,0 +1,101 @@
+/*
+ ---------------------------------------------------------------------------
+ Copyright (c) 2002, Dr Brian Gladman, Worcester, UK. All rights reserved.
+
+ LICENSE TERMS
+
+ The free distribution and use of this software in both source and binary
+ form is allowed (with or without changes) provided that:
+
+ 1. distributions of this source code include the above copyright
+ notice, this list of conditions and the following disclaimer;
+
+ 2. distributions in binary form include the above copyright
+ notice, this list of conditions and the following disclaimer
+ in the documentation and/or other associated materials;
+
+ 3. the copyright holder's name is not used to endorse products
+ built using this software without specific written permission.
+
+ ALTERNATIVELY, provided that this notice is retained in full, this product
+ may be distributed under the terms of the GNU General Public License (GPL),
+ in which case the provisions of the GPL apply INSTEAD OF those given above.
+
+ DISCLAIMER
+
+ This software is provided 'as is' with no explicit or implied warranties
+ in respect of its properties, including, but not limited to, correctness
+ and/or fitness for purpose.
+ ---------------------------------------------------------------------------
+ Issue Date: 26/08/2003
+
+ This is an implementation of HMAC, the FIPS standard keyed hash function
+*/
+
+#ifndef _HMAC_H
+#define _HMAC_H
+
+#include
+
+#if defined(__cplusplus)
+extern "C"
+{
+#endif
+
+#if !defined(USE_SHA1) && !defined(USE_SHA256)
+#error define USE_SHA1 or USE_SHA256 to set the HMAC hash algorithm
+#endif
+
+#ifdef USE_SHA1
+
+#include "sha1.h"
+
+#define HASH_INPUT_SIZE SHA1_BLOCK_SIZE
+#define HASH_OUTPUT_SIZE SHA1_DIGEST_SIZE
+#define sha_ctx sha1_ctx
+#define sha_begin sha1_begin
+#define sha_hash sha1_hash
+#define sha_end sha1_end
+
+#endif
+
+#ifdef USE_SHA256
+
+#include "sha2.h"
+
+#define HASH_INPUT_SIZE SHA256_BLOCK_SIZE
+#define HASH_OUTPUT_SIZE SHA256_DIGEST_SIZE
+#define sha_ctx sha256_ctx
+#define sha_begin sha256_begin
+#define sha_hash sha256_hash
+#define sha_end sha256_end
+
+#endif
+
+#define HMAC_OK 0
+#define HMAC_BAD_MODE -1
+#define HMAC_IN_DATA 0xffffffff
+
+typedef struct
+{ unsigned char key[HASH_INPUT_SIZE];
+ sha_ctx ctx[1];
+ unsigned long klen;
+} hmac_ctx;
+
+void hmac_sha_begin(hmac_ctx cx[1]);
+
+int hmac_sha_key(const unsigned char key[], unsigned long key_len, hmac_ctx cx[1]);
+
+void hmac_sha_data(const unsigned char data[], unsigned long data_len, hmac_ctx cx[1]);
+
+void hmac_sha_end(unsigned char mac[], unsigned long mac_len, hmac_ctx cx[1]);
+
+void hmac_sha(const unsigned char key[], unsigned long key_len,
+ const unsigned char data[], unsigned long data_len,
+ unsigned char mac[], unsigned long mac_len);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif
diff --git a/crypto/src/main/jni/final_key/sha/pwd2key.c b/crypto/src/main/jni/aes/sha/pwd2key.c
similarity index 70%
rename from crypto/src/main/jni/final_key/sha/pwd2key.c
rename to crypto/src/main/jni/aes/sha/pwd2key.c
index 4f04d3041..d3c6abbf4 100644
--- a/crypto/src/main/jni/final_key/sha/pwd2key.c
+++ b/crypto/src/main/jni/aes/sha/pwd2key.c
@@ -1,24 +1,36 @@
/*
----------------------------------------------------------------------------
-Copyright (c) 1998-2010, Brian Gladman, Worcester, UK. All rights reserved.
+ ---------------------------------------------------------------------------
+ Copyright (c) 2002, Dr Brian Gladman, Worcester, UK. All rights reserved.
-The redistribution and use of this software (with or without changes)
-is allowed without the payment of fees or royalties provided that:
+ LICENSE TERMS
- source code distributions include the above copyright notice, this
- list of conditions and the following disclaimer;
+ The free distribution and use of this software in both source and binary
+ form is allowed (with or without changes) provided that:
- binary distributions include the above copyright notice, this list
- of conditions and the following disclaimer in their documentation.
+ 1. distributions of this source code include the above copyright
+ notice, this list of conditions and the following disclaimer;
-This software is provided 'as is' with no explicit or implied warranties
-in respect of its operation, including, but not limited to, correctness
-and fitness for purpose.
----------------------------------------------------------------------------
-Issue Date: 20/12/2007
+ 2. distributions in binary form include the above copyright
+ notice, this list of conditions and the following disclaimer
+ in the documentation and/or other associated materials;
-This is an implementation of RFC2898, which specifies key derivation from
-a password and a salt value.
+ 3. the copyright holder's name is not used to endorse products
+ built using this software without specific written permission.
+
+ ALTERNATIVELY, provided that this notice is retained in full, this product
+ may be distributed under the terms of the GNU General Public License (GPL),
+ in which case the provisions of the GPL apply INSTEAD OF those given above.
+
+ DISCLAIMER
+
+ This software is provided 'as is' with no explicit or implied warranties
+ in respect of its properties, including, but not limited to, correctness
+ and/or fitness for purpose.
+ ---------------------------------------------------------------------------
+ Issue Date: 26/08/2003
+
+ This is an implementation of RFC2898, which specifies key derivation from
+ a password and a salt value.
*/
#include
@@ -37,12 +49,12 @@ void derive_key(const unsigned char pwd[], /* the PASSWORD */
unsigned char key[], /* space for the output key */
unsigned int key_len)/* and its required length */
{
- unsigned int i, j, k, n_blk, h_size;
- unsigned char uu[HMAC_MAX_OUTPUT_SIZE], ux[HMAC_MAX_OUTPUT_SIZE];
+ unsigned int i, j, k, n_blk;
+ unsigned char uu[HASH_OUTPUT_SIZE], ux[HASH_OUTPUT_SIZE];
hmac_ctx c1[1], c2[1], c3[1];
/* set HMAC context (c1) for password */
- h_size = hmac_sha_begin(HMAC_SHA1, c1);
+ hmac_sha_begin(c1);
hmac_sha_key(pwd, pwd_len, c1);
/* set HMAC context (c2) for password and salt */
@@ -50,12 +62,12 @@ void derive_key(const unsigned char pwd[], /* the PASSWORD */
hmac_sha_data(salt, salt_len, c2);
/* find the number of SHA blocks in the key */
- n_blk = 1 + (key_len - 1) / h_size;
+ n_blk = 1 + (key_len - 1) / HASH_OUTPUT_SIZE;
for(i = 0; i < n_blk; ++i) /* for each block in key */
{
/* ux[] holds the running xor value */
- memset(ux, 0, h_size);
+ memset(ux, 0, HASH_OUTPUT_SIZE);
/* set HMAC context (c3) for password and salt */
memcpy(c3, c2, sizeof(hmac_ctx));
@@ -73,10 +85,10 @@ void derive_key(const unsigned char pwd[], /* the PASSWORD */
hmac_sha_data(uu, k, c3);
/* obtain HMAC for uu[] */
- hmac_sha_end(uu, h_size, c3);
+ hmac_sha_end(uu, HASH_OUTPUT_SIZE, c3);
/* xor into the running xor block */
- for(k = 0; k < h_size; ++k)
+ for(k = 0; k < HASH_OUTPUT_SIZE; ++k)
ux[k] ^= uu[k];
/* set HMAC context (c3) for password */
@@ -84,8 +96,8 @@ void derive_key(const unsigned char pwd[], /* the PASSWORD */
}
/* compile key blocks into the key output */
- j = 0; k = i * h_size;
- while(j < h_size && k < key_len)
+ j = 0; k = i * HASH_OUTPUT_SIZE;
+ while(j < HASH_OUTPUT_SIZE && k < key_len)
key[k++] = ux[j++];
}
}
diff --git a/crypto/src/main/jni/aes/sha/pwd2key.h b/crypto/src/main/jni/aes/sha/pwd2key.h
new file mode 100644
index 000000000..d95a5b9fb
--- /dev/null
+++ b/crypto/src/main/jni/aes/sha/pwd2key.h
@@ -0,0 +1,57 @@
+/*
+ ---------------------------------------------------------------------------
+ Copyright (c) 2002, Dr Brian Gladman, Worcester, UK. All rights reserved.
+
+ LICENSE TERMS
+
+ The free distribution and use of this software in both source and binary
+ form is allowed (with or without changes) provided that:
+
+ 1. distributions of this source code include the above copyright
+ notice, this list of conditions and the following disclaimer;
+
+ 2. distributions in binary form include the above copyright
+ notice, this list of conditions and the following disclaimer
+ in the documentation and/or other associated materials;
+
+ 3. the copyright holder's name is not used to endorse products
+ built using this software without specific written permission.
+
+ ALTERNATIVELY, provided that this notice is retained in full, this product
+ may be distributed under the terms of the GNU General Public License (GPL),
+ in which case the provisions of the GPL apply INSTEAD OF those given above.
+
+ DISCLAIMER
+
+ This software is provided 'as is' with no explicit or implied warranties
+ in respect of its properties, including, but not limited to, correctness
+ and/or fitness for purpose.
+ ---------------------------------------------------------------------------
+ Issue Date: 26/08/2003
+
+ This is an implementation of RFC2898, which specifies key derivation from
+ a password and a salt value.
+*/
+
+#ifndef PWD2KEY_H
+#define PWD2KEY_H
+
+#if defined(__cplusplus)
+extern "C"
+{
+#endif
+
+void derive_key(
+ const unsigned char pwd[], /* the PASSWORD, and */
+ unsigned int pwd_len, /* its length */
+ const unsigned char salt[], /* the SALT and its */
+ unsigned int salt_len, /* length */
+ unsigned int iter, /* the number of iterations */
+ unsigned char key[], /* space for the output key */
+ unsigned int key_len); /* and its required length */
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif
diff --git a/crypto/src/main/jni/final_key/sha/sha1.c b/crypto/src/main/jni/aes/sha/sha1.c
similarity index 66%
rename from crypto/src/main/jni/final_key/sha/sha1.c
rename to crypto/src/main/jni/aes/sha/sha1.c
index 80d040af0..bb5474287 100644
--- a/crypto/src/main/jni/final_key/sha/sha1.c
+++ b/crypto/src/main/jni/aes/sha/sha1.c
@@ -1,21 +1,36 @@
/*
----------------------------------------------------------------------------
-Copyright (c) 1998-2010, Brian Gladman, Worcester, UK. All rights reserved.
+ ---------------------------------------------------------------------------
+ Copyright (c) 2002, Dr Brian Gladman, Worcester, UK. All rights reserved.
-The redistribution and use of this software (with or without changes)
-is allowed without the payment of fees or royalties provided that:
+ LICENSE TERMS
- source code distributions include the above copyright notice, this
- list of conditions and the following disclaimer;
+ The free distribution and use of this software in both source and binary
+ form is allowed (with or without changes) provided that:
- binary distributions include the above copyright notice, this list
- of conditions and the following disclaimer in their documentation.
+ 1. distributions of this source code include the above copyright
+ notice, this list of conditions and the following disclaimer;
-This software is provided 'as is' with no explicit or implied warranties
-in respect of its operation, including, but not limited to, correctness
-and fitness for purpose.
----------------------------------------------------------------------------
-Issue Date: 20/12/2007
+ 2. distributions in binary form include the above copyright
+ notice, this list of conditions and the following disclaimer
+ in the documentation and/or other associated materials;
+
+ 3. the copyright holder's name is not used to endorse products
+ built using this software without specific written permission.
+
+ ALTERNATIVELY, provided that this notice is retained in full, this product
+ may be distributed under the terms of the GNU General Public License (GPL),
+ in which case the provisions of the GPL apply INSTEAD OF those given above.
+
+ DISCLAIMER
+
+ This software is provided 'as is' with no explicit or implied warranties
+ in respect of its properties, including, but not limited to, correctness
+ and/or fitness for purpose.
+ ---------------------------------------------------------------------------
+ Issue Date: 01/08/2005
+
+ This is a byte oriented version of SHA1 that operates on arrays of bytes
+ stored in memory.
*/
#include /* for memcpy() etc. */
@@ -30,7 +45,6 @@ extern "C"
#if defined( _MSC_VER ) && ( _MSC_VER > 800 )
#pragma intrinsic(memcpy)
-#pragma intrinsic(memset)
#endif
#if 0 && defined(_MSC_VER)
@@ -53,7 +67,7 @@ extern "C"
#if defined(SWAP_BYTES)
#define bsw_32(p,n) \
- { int _i = (n); while(_i--) ((uint32_t*)p)[_i] = bswap_32(((uint32_t*)p)[_i]); }
+ { int _i = (n); while(_i--) ((uint_32t*)p)[_i] = bswap_32(((uint_32t*)p)[_i]); }
#else
#define bsw_32(p,n)
#endif
@@ -100,13 +114,13 @@ extern "C"
one_cycle(v, 1,2,3,4,0, f,k,hf(i+4))
VOID_RETURN sha1_compile(sha1_ctx ctx[1])
-{ uint32_t *w = ctx->wbuf;
+{ uint_32t *w = ctx->wbuf;
#ifdef ARRAY
- uint32_t v[5];
- memcpy(v, ctx->hash, sizeof(ctx->hash));
+ uint_32t v[5];
+ memcpy(v, ctx->hash, 5 * sizeof(uint_32t));
#else
- uint32_t v0, v1, v2, v3, v4;
+ uint_32t v0, v1, v2, v3, v4;
v0 = ctx->hash[0]; v1 = ctx->hash[1];
v2 = ctx->hash[2]; v3 = ctx->hash[3];
v4 = ctx->hash[4];
@@ -157,7 +171,7 @@ VOID_RETURN sha1_compile(sha1_ctx ctx[1])
VOID_RETURN sha1_begin(sha1_ctx ctx[1])
{
- memset(ctx, 0, sizeof(sha1_ctx));
+ ctx->count[0] = ctx->count[1] = 0;
ctx->hash[0] = 0x67452301;
ctx->hash[1] = 0xefcdab89;
ctx->hash[2] = 0x98badcfe;
@@ -166,78 +180,43 @@ VOID_RETURN sha1_begin(sha1_ctx ctx[1])
}
/* SHA1 hash data in an array of bytes into hash buffer and */
-/* call the hash_compile function as required. For both the */
-/* bit and byte orientated versions, the block length 'len' */
-/* must not be greater than 2^32 - 1 bits (2^29 - 1 bytes) */
+/* call the hash_compile function as required. */
VOID_RETURN sha1_hash(const unsigned char data[], unsigned long len, sha1_ctx ctx[1])
-{ uint32_t pos = (uint32_t)((ctx->count[0] >> 3) & SHA1_MASK);
+{ uint_32t pos = (uint_32t)(ctx->count[0] & SHA1_MASK),
+ space = SHA1_BLOCK_SIZE - pos;
const unsigned char *sp = data;
- unsigned char *w = (unsigned char*)ctx->wbuf;
-#if SHA1_BITS == 1
- uint32_t ofs = (ctx->count[0] & 7);
-#else
- len <<= 3;
-#endif
+
if((ctx->count[0] += len) < len)
++(ctx->count[1]);
-#if SHA1_BITS == 1
- if(ofs) /* if not on a byte boundary */
+
+ while(len >= space) /* tranfer whole blocks if possible */
{
- if(ofs + len < 8) /* if no added bytes are needed */
- {
- w[pos] |= (*sp >> ofs);
- }
- else /* otherwise and add bytes */
- { unsigned char part = w[pos];
-
- while((int)(ofs + (len -= 8)) >= 0)
- {
- w[pos++] = part | (*sp >> ofs);
- part = *sp++ << (8 - ofs);
- if(pos == SHA1_BLOCK_SIZE)
- {
- bsw_32(w, SHA1_BLOCK_SIZE >> 2);
- sha1_compile(ctx); pos = 0;
- }
- }
-
- w[pos] = part;
- }
+ memcpy(((unsigned char*)ctx->wbuf) + pos, sp, space);
+ sp += space; len -= space; space = SHA1_BLOCK_SIZE; pos = 0;
+ bsw_32(ctx->wbuf, SHA1_BLOCK_SIZE >> 2);
+ sha1_compile(ctx);
}
- else /* data is byte aligned */
-#endif
- { uint32_t space = SHA1_BLOCK_SIZE - pos;
- while(len >= (space << 3))
- {
- memcpy(w + pos, sp, space);
- bsw_32(w, SHA1_BLOCK_SIZE >> 2);
- sha1_compile(ctx);
- sp += space; len -= (space << 3);
- space = SHA1_BLOCK_SIZE; pos = 0;
- }
- memcpy(w + pos, sp, (len + 7 * SHA1_BITS) >> 3);
- }
+ memcpy(((unsigned char*)ctx->wbuf) + pos, sp, len);
}
/* SHA1 final padding and digest calculation */
VOID_RETURN sha1_end(unsigned char hval[], sha1_ctx ctx[1])
-{ uint32_t i = (uint32_t)((ctx->count[0] >> 3) & SHA1_MASK), m1;
+{ uint_32t i = (uint_32t)(ctx->count[0] & SHA1_MASK);
/* put bytes in the buffer in an order in which references to */
/* 32-bit words will put bytes with lower addresses into the */
/* top of 32 bit words on BOTH big and little endian machines */
- bsw_32(ctx->wbuf, (i + 3 + SHA1_BITS) >> 2);
+ bsw_32(ctx->wbuf, (i + 3) >> 2);
/* we now need to mask valid bytes and add the padding which is */
/* a single 1 bit and as many zero bits as necessary. Note that */
/* we can always add the first padding byte here because the */
/* buffer always has at least one empty slot */
- m1 = (unsigned char)0x80 >> (ctx->count[0] & 7);
- ctx->wbuf[i >> 2] &= ((0xffffff00 | (~m1 + 1)) << 8 * (~i & 3));
- ctx->wbuf[i >> 2] |= (m1 << 8 * (~i & 3));
+ ctx->wbuf[i >> 2] &= 0xffffff80 << 8 * (~i & 3);
+ ctx->wbuf[i >> 2] |= 0x00000080 << 8 * (~i & 3);
/* we need 9 or more empty positions, one for the padding byte */
/* (above) and eight for the length count. If there is not */
@@ -258,14 +237,14 @@ VOID_RETURN sha1_end(unsigned char hval[], sha1_ctx ctx[1])
/* wrong byte order on little endian machines but this is */
/* corrected later since they are only ever used as 32-bit */
/* word values. */
- ctx->wbuf[14] = ctx->count[1];
- ctx->wbuf[15] = ctx->count[0];
+ ctx->wbuf[14] = (ctx->count[1] << 3) | (ctx->count[0] >> 29);
+ ctx->wbuf[15] = ctx->count[0] << 3;
sha1_compile(ctx);
/* extract the hash value as bytes in case the hash buffer is */
/* misaligned for 32-bit words */
for(i = 0; i < SHA1_DIGEST_SIZE; ++i)
- hval[i] = ((ctx->hash[i >> 2] >> (8 * (~i & 3))) & 0xff);
+ hval[i] = (unsigned char)(ctx->hash[i >> 2] >> (8 * (~i & 3)));
}
VOID_RETURN sha1(unsigned char hval[], const unsigned char data[], unsigned long len)
diff --git a/crypto/src/main/jni/aes/sha/sha1.h b/crypto/src/main/jni/aes/sha/sha1.h
new file mode 100644
index 000000000..65ee6d39e
--- /dev/null
+++ b/crypto/src/main/jni/aes/sha/sha1.h
@@ -0,0 +1,73 @@
+/*
+ ---------------------------------------------------------------------------
+ Copyright (c) 2002, Dr Brian Gladman, Worcester, UK. All rights reserved.
+
+ LICENSE TERMS
+
+ The free distribution and use of this software in both source and binary
+ form is allowed (with or without changes) provided that:
+
+ 1. distributions of this source code include the above copyright
+ notice, this list of conditions and the following disclaimer;
+
+ 2. distributions in binary form include the above copyright
+ notice, this list of conditions and the following disclaimer
+ in the documentation and/or other associated materials;
+
+ 3. the copyright holder's name is not used to endorse products
+ built using this software without specific written permission.
+
+ ALTERNATIVELY, provided that this notice is retained in full, this product
+ may be distributed under the terms of the GNU General Public License (GPL),
+ in which case the provisions of the GPL apply INSTEAD OF those given above.
+
+ DISCLAIMER
+
+ This software is provided 'as is' with no explicit or implied warranties
+ in respect of its properties, including, but not limited to, correctness
+ and/or fitness for purpose.
+ ---------------------------------------------------------------------------
+ Issue Date: 01/08/2005
+*/
+
+#ifndef _SHA1_H
+#define _SHA1_H
+
+#include
+#include "brg_types.h"
+
+#define SHA1_BLOCK_SIZE 64
+#define SHA1_DIGEST_SIZE 20
+
+#if defined(__cplusplus)
+extern "C"
+{
+#endif
+
+/* type to hold the SHA256 context */
+
+typedef struct
+{ uint_32t count[2];
+ uint_32t hash[5];
+ uint_32t wbuf[16];
+} sha1_ctx;
+
+/* Note that these prototypes are the same for both bit and */
+/* byte oriented implementations. However the length fields */
+/* are in bytes or bits as appropriate for the version used */
+/* and bit sequences are input as arrays of bytes in which */
+/* bit sequences run from the most to the least significant */
+/* end of each byte */
+
+VOID_RETURN sha1_compile(sha1_ctx ctx[1]);
+
+VOID_RETURN sha1_begin(sha1_ctx ctx[1]);
+VOID_RETURN sha1_hash(const unsigned char data[], unsigned long len, sha1_ctx ctx[1]);
+VOID_RETURN sha1_end(unsigned char hval[], sha1_ctx ctx[1]);
+VOID_RETURN sha1(unsigned char hval[], const unsigned char data[], unsigned long len);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif
diff --git a/crypto/src/main/jni/aes/sha/sha1b.c b/crypto/src/main/jni/aes/sha/sha1b.c
new file mode 100644
index 000000000..2063af60a
--- /dev/null
+++ b/crypto/src/main/jni/aes/sha/sha1b.c
@@ -0,0 +1,287 @@
+/*
+ ---------------------------------------------------------------------------
+ Copyright (c) 2002, Dr Brian Gladman, Worcester, UK. All rights reserved.
+
+ LICENSE TERMS
+
+ The free distribution and use of this software in both source and binary
+ form is allowed (with or without changes) provided that:
+
+ 1. distributions of this source code include the above copyright
+ notice, this list of conditions and the following disclaimer;
+
+ 2. distributions in binary form include the above copyright
+ notice, this list of conditions and the following disclaimer
+ in the documentation and/or other associated materials;
+
+ 3. the copyright holder's name is not used to endorse products
+ built using this software without specific written permission.
+
+ ALTERNATIVELY, provided that this notice is retained in full, this product
+ may be distributed under the terms of the GNU General Public License (GPL),
+ in which case the provisions of the GPL apply INSTEAD OF those given above.
+
+ DISCLAIMER
+
+ This software is provided 'as is' with no explicit or implied warranties
+ in respect of its properties, including, but not limited to, correctness
+ and/or fitness for purpose.
+ ---------------------------------------------------------------------------
+ Issue Date: 01/08/2005
+
+ This is a bit oriented version of SHA1 that operates on arrays of bytes
+ stored in memory.
+*/
+
+#include /* for memcpy() etc. */
+
+#include "sha1.h"
+#include "brg_endian.h"
+
+#if defined(__cplusplus)
+extern "C"
+{
+#endif
+
+#if defined( _MSC_VER ) && ( _MSC_VER > 800 )
+#pragma intrinsic(memcpy)
+#endif
+
+#if 0 && defined(_MSC_VER)
+#define rotl32 _lrotl
+#define rotr32 _lrotr
+#else
+#define rotl32(x,n) (((x) << n) | ((x) >> (32 - n)))
+#define rotr32(x,n) (((x) >> n) | ((x) << (32 - n)))
+#endif
+
+#if !defined(bswap_32)
+#define bswap_32(x) (rotr32((x), 24) & 0x00ff00ff | rotr32((x), 8) & 0xff00ff00)
+#endif
+
+#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN)
+#define SWAP_BYTES
+#else
+#undef SWAP_BYTES
+#endif
+
+#if defined(SWAP_BYTES)
+#define bsw_32(p,n) \
+ { int _i = (n); while(_i--) ((uint_32t*)p)[_i] = bswap_32(((uint_32t*)p)[_i]); }
+#else
+#define bsw_32(p,n)
+#endif
+
+#define SHA1_MASK (SHA1_BLOCK_SIZE - 1)
+
+#if 0
+
+#define ch(x,y,z) (((x) & (y)) ^ (~(x) & (z)))
+#define parity(x,y,z) ((x) ^ (y) ^ (z))
+#define maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+
+#else /* Discovered by Rich Schroeppel and Colin Plumb */
+
+#define ch(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
+#define parity(x,y,z) ((x) ^ (y) ^ (z))
+#define maj(x,y,z) (((x) & (y)) | ((z) & ((x) ^ (y))))
+
+#endif
+
+/* Compile 64 bytes of hash data into SHA1 context. Note */
+/* that this routine assumes that the byte order in the */
+/* ctx->wbuf[] at this point is in such an order that low */
+/* address bytes in the ORIGINAL byte stream in this buffer */
+/* will go to the high end of 32-bit words on BOTH big and */
+/* little endian systems */
+
+#ifdef ARRAY
+#define q(n) v[n]
+#else
+#define q(n) v##n
+#endif
+
+#define one_cycle(a,b,c,d,e,f,k,h) \
+ q(e) += rotr32(q(a),27) + f(q(b),q(c),q(d)) + k + h;\
+ q(b) = rotr32(q(b), 2)
+
+#define five_cycle(f,k,i) \
+ one_cycle(0,1,2,3,4, f,k,hf(i )); \
+ one_cycle(4,0,1,2,3, f,k,hf(i+1)); \
+ one_cycle(3,4,0,1,2, f,k,hf(i+2)); \
+ one_cycle(2,3,4,0,1, f,k,hf(i+3)); \
+ one_cycle(1,2,3,4,0, f,k,hf(i+4))
+
+VOID_RETURN sha1_compile(sha1_ctx ctx[1])
+{ uint_32t *w = ctx->wbuf;
+
+#ifdef ARRAY
+ uint_32t v[5];
+ memcpy(v, ctx->hash, 5 * sizeof(uint_32t));
+#else
+ uint_32t v0, v1, v2, v3, v4;
+ v0 = ctx->hash[0]; v1 = ctx->hash[1];
+ v2 = ctx->hash[2]; v3 = ctx->hash[3];
+ v4 = ctx->hash[4];
+#endif
+
+#define hf(i) w[i]
+
+ five_cycle(ch, 0x5a827999, 0);
+ five_cycle(ch, 0x5a827999, 5);
+ five_cycle(ch, 0x5a827999, 10);
+ one_cycle(0,1,2,3,4, ch, 0x5a827999, hf(15)); \
+
+#undef hf
+#define hf(i) \
+ (w[(i) & 15] = rotl32(w[((i) + 13) & 15] ^ w[((i) + 8) & 15] \
+ ^ w[((i) + 2) & 15] ^ w[(i) & 15], 1))
+
+ one_cycle(4,0,1,2,3, ch, 0x5a827999, hf(16));
+ one_cycle(3,4,0,1,2, ch, 0x5a827999, hf(17));
+ one_cycle(2,3,4,0,1, ch, 0x5a827999, hf(18));
+ one_cycle(1,2,3,4,0, ch, 0x5a827999, hf(19));
+
+ five_cycle(parity, 0x6ed9eba1, 20);
+ five_cycle(parity, 0x6ed9eba1, 25);
+ five_cycle(parity, 0x6ed9eba1, 30);
+ five_cycle(parity, 0x6ed9eba1, 35);
+
+ five_cycle(maj, 0x8f1bbcdc, 40);
+ five_cycle(maj, 0x8f1bbcdc, 45);
+ five_cycle(maj, 0x8f1bbcdc, 50);
+ five_cycle(maj, 0x8f1bbcdc, 55);
+
+ five_cycle(parity, 0xca62c1d6, 60);
+ five_cycle(parity, 0xca62c1d6, 65);
+ five_cycle(parity, 0xca62c1d6, 70);
+ five_cycle(parity, 0xca62c1d6, 75);
+
+#ifdef ARRAY
+ ctx->hash[0] += v[0]; ctx->hash[1] += v[1];
+ ctx->hash[2] += v[2]; ctx->hash[3] += v[3];
+ ctx->hash[4] += v[4];
+#else
+ ctx->hash[0] += v0; ctx->hash[1] += v1;
+ ctx->hash[2] += v2; ctx->hash[3] += v3;
+ ctx->hash[4] += v4;
+#endif
+}
+
+VOID_RETURN sha1_begin(sha1_ctx ctx[1])
+{
+ ctx->count[0] = ctx->count[1] = 0;
+ ctx->hash[0] = 0x67452301;
+ ctx->hash[1] = 0xefcdab89;
+ ctx->hash[2] = 0x98badcfe;
+ ctx->hash[3] = 0x10325476;
+ ctx->hash[4] = 0xc3d2e1f0;
+}
+
+/* SHA1 hash data in an array of bytes into hash buffer and */
+/* call the hash_compile function as required. */
+
+VOID_RETURN sha1_hash(const unsigned char data[], unsigned long len, sha1_ctx ctx[1])
+{ uint_32t pos = (uint_32t)((ctx->count[0] >> 3) & SHA1_MASK),
+ ofs = (ctx->count[0] & 7);
+ const unsigned char *sp = data;
+ unsigned char *w = (unsigned char*)ctx->wbuf;
+
+ if((ctx->count[0] += len) < len)
+ ++(ctx->count[1]);
+
+ if(ofs) /* if not on a byte boundary */
+ {
+ if(ofs + len < 8) /* if no added bytes are needed */
+ {
+ w[pos] |= (*sp >> ofs);
+ }
+ else /* otherwise and add bytes */
+ { unsigned char part = w[pos];
+
+ while((int)(ofs + (len -= 8)) >= 0)
+ {
+ w[pos++] = part | (*sp >> ofs);
+ part = *sp++ << (8 - ofs);
+ if(pos == SHA1_BLOCK_SIZE)
+ {
+ bsw_32(w, SHA1_BLOCK_SIZE >> 2);
+ sha1_compile(ctx); pos = 0;
+ }
+ }
+
+ w[pos] = part;
+ }
+ }
+ else /* data is byte aligned */
+ { uint_32t space = SHA1_BLOCK_SIZE - pos;
+
+ while((int)(len - 8 * space) >= 0)
+ {
+ len -= 8 * space;
+ memcpy(w + pos, sp, space);
+ sp += space;
+ space = SHA1_BLOCK_SIZE;
+ bsw_32(w, SHA1_BLOCK_SIZE >> 2);
+ sha1_compile(ctx); pos = 0;
+ }
+ memcpy(w + pos, sp, (len + 7) >> 3);
+ }
+}
+
+/* SHA1 final padding and digest calculation */
+
+VOID_RETURN sha1_end(unsigned char hval[], sha1_ctx ctx[1])
+{ uint_32t i = (uint_32t)((ctx->count[0] >> 3) & SHA1_MASK), m1;
+
+ /* put bytes in the buffer in an order in which references to */
+ /* 32-bit words will put bytes with lower addresses into the */
+ /* top of 32 bit words on BOTH big and little endian machines */
+ bsw_32(ctx->wbuf, (i + 4) >> 2);
+
+ /* we now need to mask valid bytes and add the padding which is */
+ /* a single 1 bit and as many zero bits as necessary. Note that */
+ /* we can always add the first padding byte here because the */
+ /* buffer always has at least one empty slot */
+ m1 = (unsigned char)0x80 >> (ctx->count[0] & 7);
+ ctx->wbuf[i >> 2] &= ((0xffffff00 | (~m1 + 1)) << 8 * (~i & 3));
+ ctx->wbuf[i >> 2] |= (m1 << 8 * (~i & 3));
+
+ /* we need 9 or more empty positions, one for the padding byte */
+ /* (above) and eight for the length count. If there is not */
+ /* enough space, pad and empty the buffer */
+ if(i > SHA1_BLOCK_SIZE - 9)
+ {
+ if(i < 60) ctx->wbuf[15] = 0;
+ sha1_compile(ctx);
+ i = 0;
+ }
+ else /* compute a word index for the empty buffer positions */
+ i = (i >> 2) + 1;
+
+ while(i < 14) /* and zero pad all but last two positions */
+ ctx->wbuf[i++] = 0;
+
+ /* the following 32-bit length fields are assembled in the */
+ /* wrong byte order on little endian machines but this is */
+ /* corrected later since they are only ever used as 32-bit */
+ /* word values. */
+ ctx->wbuf[14] = ctx->count[1];
+ ctx->wbuf[15] = ctx->count[0];
+ sha1_compile(ctx);
+
+ /* extract the hash value as bytes in case the hash buffer is */
+ /* misaligned for 32-bit words */
+ for(i = 0; i < SHA1_DIGEST_SIZE; ++i)
+ hval[i] = (unsigned char)(ctx->hash[i >> 2] >> (8 * (~i & 3)));
+}
+
+VOID_RETURN sha1(unsigned char hval[], const unsigned char data[], unsigned long len)
+{ sha1_ctx cx[1];
+
+ sha1_begin(cx); sha1_hash(data, len, cx); sha1_end(hval, cx);
+}
+
+#if defined(__cplusplus)
+}
+#endif
diff --git a/crypto/src/main/jni/aes/sha/sha2.c b/crypto/src/main/jni/aes/sha/sha2.c
new file mode 100644
index 000000000..c711a5f3b
--- /dev/null
+++ b/crypto/src/main/jni/aes/sha/sha2.c
@@ -0,0 +1,772 @@
+/*
+ ---------------------------------------------------------------------------
+ Copyright (c) 2002, Dr Brian Gladman, Worcester, UK. All rights reserved.
+
+ LICENSE TERMS
+
+ The free distribution and use of this software in both source and binary
+ form is allowed (with or without changes) provided that:
+
+ 1. distributions of this source code include the above copyright
+ notice, this list of conditions and the following disclaimer;
+
+ 2. distributions in binary form include the above copyright
+ notice, this list of conditions and the following disclaimer
+ in the documentation and/or other associated materials;
+
+ 3. the copyright holder's name is not used to endorse products
+ built using this software without specific written permission.
+
+ ALTERNATIVELY, provided that this notice is retained in full, this product
+ may be distributed under the terms of the GNU General Public License (GPL),
+ in which case the provisions of the GPL apply INSTEAD OF those given above.
+
+ DISCLAIMER
+
+ This software is provided 'as is' with no explicit or implied warranties
+ in respect of its properties, including, but not limited to, correctness
+ and/or fitness for purpose.
+ ---------------------------------------------------------------------------
+ Issue Date: 01/08/2005
+
+ This is a byte oriented version of SHA2 that operates on arrays of bytes
+ stored in memory. This code implements sha256, sha384 and sha512 but the
+ latter two functions rely on efficient 64-bit integer operations that
+ may not be very efficient on 32-bit machines
+
+ The sha256 functions use a type 'sha256_ctx' to hold details of the
+ current hash state and uses the following three calls:
+
+ void sha256_begin(sha256_ctx ctx[1])
+ void sha256_hash(const unsigned char data[],
+ unsigned long len, sha256_ctx ctx[1])
+ void sha_end1(unsigned char hval[], sha256_ctx ctx[1])
+
+ The first subroutine initialises a hash computation by setting up the
+ context in the sha256_ctx context. The second subroutine hashes 8-bit
+ bytes from array data[] into the hash state withinh sha256_ctx context,
+ the number of bytes to be hashed being given by the the unsigned long
+ integer len. The third subroutine completes the hash calculation and
+ places the resulting digest value in the array of 8-bit bytes hval[].
+
+ The sha384 and sha512 functions are similar and use the interfaces:
+
+ void sha384_begin(sha384_ctx ctx[1]);
+ void sha384_hash(const unsigned char data[],
+ unsigned long len, sha384_ctx ctx[1]);
+ void sha384_end(unsigned char hval[], sha384_ctx ctx[1]);
+
+ void sha512_begin(sha512_ctx ctx[1]);
+ void sha512_hash(const unsigned char data[],
+ unsigned long len, sha512_ctx ctx[1]);
+ void sha512_end(unsigned char hval[], sha512_ctx ctx[1]);
+
+ In addition there is a function sha2 that can be used to call all these
+ functions using a call with a hash length parameter as follows:
+
+ int sha2_begin(unsigned long len, sha2_ctx ctx[1]);
+ void sha2_hash(const unsigned char data[],
+ unsigned long len, sha2_ctx ctx[1]);
+ void sha2_end(unsigned char hval[], sha2_ctx ctx[1]);
+
+ My thanks to Erik Andersen for testing this code
+ on big-endian systems and for his assistance with corrections
+*/
+
+#if 0
+#define UNROLL_SHA2 /* for SHA2 loop unroll */
+#endif
+
+#include /* for memcpy() etc. */
+
+#include "sha2.h"
+#include "brg_endian.h"
+
+#if defined(__cplusplus)
+extern "C"
+{
+#endif
+
+#if defined( _MSC_VER ) && ( _MSC_VER > 800 )
+#pragma intrinsic(memcpy)
+#endif
+
+#if 0 && defined(_MSC_VER)
+#define rotl32 _lrotl
+#define rotr32 _lrotr
+#else
+#define rotl32(x,n) (((x) << n) | ((x) >> (32 - n)))
+#define rotr32(x,n) (((x) >> n) | ((x) << (32 - n)))
+#endif
+
+#if !defined(bswap_32)
+#define bswap_32(x) ((rotr32((x), 24) & 0x00ff00ff) | (rotr32((x), 8) & 0xff00ff00))
+#endif
+
+#if (PLATFORM_BYTE_ORDER == IS_LITTLE_ENDIAN)
+#define SWAP_BYTES
+#else
+#undef SWAP_BYTES
+#endif
+
+#if 0
+
+#define ch(x,y,z) (((x) & (y)) ^ (~(x) & (z)))
+#define maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+
+#else /* Thanks to Rich Schroeppel and Colin Plumb for the following */
+
+#define ch(x,y,z) ((z) ^ ((x) & ((y) ^ (z))))
+#define maj(x,y,z) (((x) & (y)) | ((z) & ((x) ^ (y))))
+
+#endif
+
+/* round transforms for SHA256 and SHA512 compression functions */
+
+#define vf(n,i) v[(n - i) & 7]
+
+#define hf(i) (p[i & 15] += \
+ g_1(p[(i + 14) & 15]) + p[(i + 9) & 15] + g_0(p[(i + 1) & 15]))
+
+#define v_cycle(i,j) \
+ vf(7,i) += (j ? hf(i) : p[i]) + k_0[i+j] \
+ + s_1(vf(4,i)) + ch(vf(4,i),vf(5,i),vf(6,i)); \
+ vf(3,i) += vf(7,i); \
+ vf(7,i) += s_0(vf(0,i))+ maj(vf(0,i),vf(1,i),vf(2,i))
+
+#if defined(SHA_224) || defined(SHA_256)
+
+#define SHA256_MASK (SHA256_BLOCK_SIZE - 1)
+
+#if defined(SWAP_BYTES)
+#define bsw_32(p,n) \
+ { int _i = (n); while(_i--) ((uint_32t*)p)[_i] = bswap_32(((uint_32t*)p)[_i]); }
+#else
+#define bsw_32(p,n)
+#endif
+
+#define s_0(x) (rotr32((x), 2) ^ rotr32((x), 13) ^ rotr32((x), 22))
+#define s_1(x) (rotr32((x), 6) ^ rotr32((x), 11) ^ rotr32((x), 25))
+#define g_0(x) (rotr32((x), 7) ^ rotr32((x), 18) ^ ((x) >> 3))
+#define g_1(x) (rotr32((x), 17) ^ rotr32((x), 19) ^ ((x) >> 10))
+#define k_0 k256
+
+/* rotated SHA256 round definition. Rather than swapping variables as in */
+/* FIPS-180, different variables are 'rotated' on each round, returning */
+/* to their starting positions every eight rounds */
+
+#define q(n) v##n
+
+#define one_cycle(a,b,c,d,e,f,g,h,k,w) \
+ q(h) += s_1(q(e)) + ch(q(e), q(f), q(g)) + k + w; \
+ q(d) += q(h); q(h) += s_0(q(a)) + maj(q(a), q(b), q(c))
+
+/* SHA256 mixing data */
+
+const uint_32t k256[64] =
+{ 0x428a2f98ul, 0x71374491ul, 0xb5c0fbcful, 0xe9b5dba5ul,
+ 0x3956c25bul, 0x59f111f1ul, 0x923f82a4ul, 0xab1c5ed5ul,
+ 0xd807aa98ul, 0x12835b01ul, 0x243185beul, 0x550c7dc3ul,
+ 0x72be5d74ul, 0x80deb1feul, 0x9bdc06a7ul, 0xc19bf174ul,
+ 0xe49b69c1ul, 0xefbe4786ul, 0x0fc19dc6ul, 0x240ca1ccul,
+ 0x2de92c6ful, 0x4a7484aaul, 0x5cb0a9dcul, 0x76f988daul,
+ 0x983e5152ul, 0xa831c66dul, 0xb00327c8ul, 0xbf597fc7ul,
+ 0xc6e00bf3ul, 0xd5a79147ul, 0x06ca6351ul, 0x14292967ul,
+ 0x27b70a85ul, 0x2e1b2138ul, 0x4d2c6dfcul, 0x53380d13ul,
+ 0x650a7354ul, 0x766a0abbul, 0x81c2c92eul, 0x92722c85ul,
+ 0xa2bfe8a1ul, 0xa81a664bul, 0xc24b8b70ul, 0xc76c51a3ul,
+ 0xd192e819ul, 0xd6990624ul, 0xf40e3585ul, 0x106aa070ul,
+ 0x19a4c116ul, 0x1e376c08ul, 0x2748774cul, 0x34b0bcb5ul,
+ 0x391c0cb3ul, 0x4ed8aa4aul, 0x5b9cca4ful, 0x682e6ff3ul,
+ 0x748f82eeul, 0x78a5636ful, 0x84c87814ul, 0x8cc70208ul,
+ 0x90befffaul, 0xa4506cebul, 0xbef9a3f7ul, 0xc67178f2ul,
+};
+
+/* Compile 64 bytes of hash data into SHA256 digest value */
+/* NOTE: this routine assumes that the byte order in the */
+/* ctx->wbuf[] at this point is such that low address bytes */
+/* in the ORIGINAL byte stream will go into the high end of */
+/* words on BOTH big and little endian systems */
+
+VOID_RETURN sha256_compile(sha256_ctx ctx[1])
+{
+#if !defined(UNROLL_SHA2)
+
+ uint_32t j, *p = ctx->wbuf, v[8];
+
+ memcpy(v, ctx->hash, 8 * sizeof(uint_32t));
+
+ for(j = 0; j < 64; j += 16)
+ {
+ v_cycle( 0, j); v_cycle( 1, j);
+ v_cycle( 2, j); v_cycle( 3, j);
+ v_cycle( 4, j); v_cycle( 5, j);
+ v_cycle( 6, j); v_cycle( 7, j);
+ v_cycle( 8, j); v_cycle( 9, j);
+ v_cycle(10, j); v_cycle(11, j);
+ v_cycle(12, j); v_cycle(13, j);
+ v_cycle(14, j); v_cycle(15, j);
+ }
+
+ ctx->hash[0] += v[0]; ctx->hash[1] += v[1];
+ ctx->hash[2] += v[2]; ctx->hash[3] += v[3];
+ ctx->hash[4] += v[4]; ctx->hash[5] += v[5];
+ ctx->hash[6] += v[6]; ctx->hash[7] += v[7];
+
+#else
+
+ uint_32t *p = ctx->wbuf,v0,v1,v2,v3,v4,v5,v6,v7;
+
+ v0 = ctx->hash[0]; v1 = ctx->hash[1];
+ v2 = ctx->hash[2]; v3 = ctx->hash[3];
+ v4 = ctx->hash[4]; v5 = ctx->hash[5];
+ v6 = ctx->hash[6]; v7 = ctx->hash[7];
+
+ one_cycle(0,1,2,3,4,5,6,7,k256[ 0],p[ 0]);
+ one_cycle(7,0,1,2,3,4,5,6,k256[ 1],p[ 1]);
+ one_cycle(6,7,0,1,2,3,4,5,k256[ 2],p[ 2]);
+ one_cycle(5,6,7,0,1,2,3,4,k256[ 3],p[ 3]);
+ one_cycle(4,5,6,7,0,1,2,3,k256[ 4],p[ 4]);
+ one_cycle(3,4,5,6,7,0,1,2,k256[ 5],p[ 5]);
+ one_cycle(2,3,4,5,6,7,0,1,k256[ 6],p[ 6]);
+ one_cycle(1,2,3,4,5,6,7,0,k256[ 7],p[ 7]);
+ one_cycle(0,1,2,3,4,5,6,7,k256[ 8],p[ 8]);
+ one_cycle(7,0,1,2,3,4,5,6,k256[ 9],p[ 9]);
+ one_cycle(6,7,0,1,2,3,4,5,k256[10],p[10]);
+ one_cycle(5,6,7,0,1,2,3,4,k256[11],p[11]);
+ one_cycle(4,5,6,7,0,1,2,3,k256[12],p[12]);
+ one_cycle(3,4,5,6,7,0,1,2,k256[13],p[13]);
+ one_cycle(2,3,4,5,6,7,0,1,k256[14],p[14]);
+ one_cycle(1,2,3,4,5,6,7,0,k256[15],p[15]);
+
+ one_cycle(0,1,2,3,4,5,6,7,k256[16],hf( 0));
+ one_cycle(7,0,1,2,3,4,5,6,k256[17],hf( 1));
+ one_cycle(6,7,0,1,2,3,4,5,k256[18],hf( 2));
+ one_cycle(5,6,7,0,1,2,3,4,k256[19],hf( 3));
+ one_cycle(4,5,6,7,0,1,2,3,k256[20],hf( 4));
+ one_cycle(3,4,5,6,7,0,1,2,k256[21],hf( 5));
+ one_cycle(2,3,4,5,6,7,0,1,k256[22],hf( 6));
+ one_cycle(1,2,3,4,5,6,7,0,k256[23],hf( 7));
+ one_cycle(0,1,2,3,4,5,6,7,k256[24],hf( 8));
+ one_cycle(7,0,1,2,3,4,5,6,k256[25],hf( 9));
+ one_cycle(6,7,0,1,2,3,4,5,k256[26],hf(10));
+ one_cycle(5,6,7,0,1,2,3,4,k256[27],hf(11));
+ one_cycle(4,5,6,7,0,1,2,3,k256[28],hf(12));
+ one_cycle(3,4,5,6,7,0,1,2,k256[29],hf(13));
+ one_cycle(2,3,4,5,6,7,0,1,k256[30],hf(14));
+ one_cycle(1,2,3,4,5,6,7,0,k256[31],hf(15));
+
+ one_cycle(0,1,2,3,4,5,6,7,k256[32],hf( 0));
+ one_cycle(7,0,1,2,3,4,5,6,k256[33],hf( 1));
+ one_cycle(6,7,0,1,2,3,4,5,k256[34],hf( 2));
+ one_cycle(5,6,7,0,1,2,3,4,k256[35],hf( 3));
+ one_cycle(4,5,6,7,0,1,2,3,k256[36],hf( 4));
+ one_cycle(3,4,5,6,7,0,1,2,k256[37],hf( 5));
+ one_cycle(2,3,4,5,6,7,0,1,k256[38],hf( 6));
+ one_cycle(1,2,3,4,5,6,7,0,k256[39],hf( 7));
+ one_cycle(0,1,2,3,4,5,6,7,k256[40],hf( 8));
+ one_cycle(7,0,1,2,3,4,5,6,k256[41],hf( 9));
+ one_cycle(6,7,0,1,2,3,4,5,k256[42],hf(10));
+ one_cycle(5,6,7,0,1,2,3,4,k256[43],hf(11));
+ one_cycle(4,5,6,7,0,1,2,3,k256[44],hf(12));
+ one_cycle(3,4,5,6,7,0,1,2,k256[45],hf(13));
+ one_cycle(2,3,4,5,6,7,0,1,k256[46],hf(14));
+ one_cycle(1,2,3,4,5,6,7,0,k256[47],hf(15));
+
+ one_cycle(0,1,2,3,4,5,6,7,k256[48],hf( 0));
+ one_cycle(7,0,1,2,3,4,5,6,k256[49],hf( 1));
+ one_cycle(6,7,0,1,2,3,4,5,k256[50],hf( 2));
+ one_cycle(5,6,7,0,1,2,3,4,k256[51],hf( 3));
+ one_cycle(4,5,6,7,0,1,2,3,k256[52],hf( 4));
+ one_cycle(3,4,5,6,7,0,1,2,k256[53],hf( 5));
+ one_cycle(2,3,4,5,6,7,0,1,k256[54],hf( 6));
+ one_cycle(1,2,3,4,5,6,7,0,k256[55],hf( 7));
+ one_cycle(0,1,2,3,4,5,6,7,k256[56],hf( 8));
+ one_cycle(7,0,1,2,3,4,5,6,k256[57],hf( 9));
+ one_cycle(6,7,0,1,2,3,4,5,k256[58],hf(10));
+ one_cycle(5,6,7,0,1,2,3,4,k256[59],hf(11));
+ one_cycle(4,5,6,7,0,1,2,3,k256[60],hf(12));
+ one_cycle(3,4,5,6,7,0,1,2,k256[61],hf(13));
+ one_cycle(2,3,4,5,6,7,0,1,k256[62],hf(14));
+ one_cycle(1,2,3,4,5,6,7,0,k256[63],hf(15));
+
+ ctx->hash[0] += v0; ctx->hash[1] += v1;
+ ctx->hash[2] += v2; ctx->hash[3] += v3;
+ ctx->hash[4] += v4; ctx->hash[5] += v5;
+ ctx->hash[6] += v6; ctx->hash[7] += v7;
+#endif
+}
+
+/* SHA256 hash data in an array of bytes into hash buffer */
+/* and call the hash_compile function as required. */
+
+VOID_RETURN sha256_hash(const unsigned char data[], unsigned long len, sha256_ctx ctx[1])
+{ uint_32t pos = (uint_32t)(ctx->count[0] & SHA256_MASK),
+ space = SHA256_BLOCK_SIZE - pos;
+ const unsigned char *sp = data;
+
+ if((ctx->count[0] += len) < len)
+ ++(ctx->count[1]);
+
+ while(len >= space) /* tranfer whole blocks while possible */
+ {
+ memcpy(((unsigned char*)ctx->wbuf) + pos, sp, space);
+ sp += space; len -= space; space = SHA256_BLOCK_SIZE; pos = 0;
+ bsw_32(ctx->wbuf, SHA256_BLOCK_SIZE >> 2)
+ sha256_compile(ctx);
+ }
+
+ memcpy(((unsigned char*)ctx->wbuf) + pos, sp, len);
+}
+
+/* SHA256 Final padding and digest calculation */
+
+static void sha_end1(unsigned char hval[], sha256_ctx ctx[1], const unsigned int hlen)
+{ uint_32t i = (uint_32t)(ctx->count[0] & SHA256_MASK);
+
+ /* put bytes in the buffer in an order in which references to */
+ /* 32-bit words will put bytes with lower addresses into the */
+ /* top of 32 bit words on BOTH big and little endian machines */
+ bsw_32(ctx->wbuf, (i + 3) >> 2)
+
+ /* we now need to mask valid bytes and add the padding which is */
+ /* a single 1 bit and as many zero bits as necessary. Note that */
+ /* we can always add the first padding byte here because the */
+ /* buffer always has at least one empty slot */
+ ctx->wbuf[i >> 2] &= 0xffffff80 << 8 * (~i & 3);
+ ctx->wbuf[i >> 2] |= 0x00000080 << 8 * (~i & 3);
+
+ /* we need 9 or more empty positions, one for the padding byte */
+ /* (above) and eight for the length count. If there is not */
+ /* enough space pad and empty the buffer */
+ if(i > SHA256_BLOCK_SIZE - 9)
+ {
+ if(i < 60) ctx->wbuf[15] = 0;
+ sha256_compile(ctx);
+ i = 0;
+ }
+ else /* compute a word index for the empty buffer positions */
+ i = (i >> 2) + 1;
+
+ while(i < 14) /* and zero pad all but last two positions */
+ ctx->wbuf[i++] = 0;
+
+ /* the following 32-bit length fields are assembled in the */
+ /* wrong byte order on little endian machines but this is */
+ /* corrected later since they are only ever used as 32-bit */
+ /* word values. */
+ ctx->wbuf[14] = (ctx->count[1] << 3) | (ctx->count[0] >> 29);
+ ctx->wbuf[15] = ctx->count[0] << 3;
+ sha256_compile(ctx);
+
+ /* extract the hash value as bytes in case the hash buffer is */
+ /* mislaigned for 32-bit words */
+ for(i = 0; i < hlen; ++i)
+ hval[i] = (unsigned char)(ctx->hash[i >> 2] >> (8 * (~i & 3)));
+}
+
+#endif
+
+#if defined(SHA_224)
+
+const uint_32t i224[8] =
+{
+ 0xc1059ed8ul, 0x367cd507ul, 0x3070dd17ul, 0xf70e5939ul,
+ 0xffc00b31ul, 0x68581511ul, 0x64f98fa7ul, 0xbefa4fa4ul
+};
+
+VOID_RETURN sha224_begin(sha224_ctx ctx[1])
+{
+ ctx->count[0] = ctx->count[1] = 0;
+ memcpy(ctx->hash, i224, 8 * sizeof(uint_32t));
+}
+
+VOID_RETURN sha224_end(unsigned char hval[], sha224_ctx ctx[1])
+{
+ sha_end1(hval, ctx, SHA224_DIGEST_SIZE);
+}
+
+VOID_RETURN sha224(unsigned char hval[], const unsigned char data[], unsigned long len)
+{ sha224_ctx cx[1];
+
+ sha224_begin(cx);
+ sha224_hash(data, len, cx);
+ sha_end1(hval, cx, SHA224_DIGEST_SIZE);
+}
+
+#endif
+
+#if defined(SHA_256)
+
+const uint_32t i256[8] =
+{
+ 0x6a09e667ul, 0xbb67ae85ul, 0x3c6ef372ul, 0xa54ff53aul,
+ 0x510e527ful, 0x9b05688cul, 0x1f83d9abul, 0x5be0cd19ul
+};
+
+VOID_RETURN sha256_begin(sha256_ctx ctx[1])
+{
+ ctx->count[0] = ctx->count[1] = 0;
+ memcpy(ctx->hash, i256, 8 * sizeof(uint_32t));
+}
+
+VOID_RETURN sha256_end(unsigned char hval[], sha256_ctx ctx[1])
+{
+ sha_end1(hval, ctx, SHA256_DIGEST_SIZE);
+}
+
+VOID_RETURN sha256(unsigned char hval[], const unsigned char data[], unsigned long len)
+{ sha256_ctx cx[1];
+
+ sha256_begin(cx);
+ sha256_hash(data, len, cx);
+ sha_end1(hval, cx, SHA256_DIGEST_SIZE);
+}
+
+#endif
+
+#if defined(SHA_384) || defined(SHA_512)
+
+#define SHA512_MASK (SHA512_BLOCK_SIZE - 1)
+
+#define rotr64(x,n) (((x) >> n) | ((x) << (64 - n)))
+
+#if !defined(bswap_64)
+#define bswap_64(x) (((uint_64t)(bswap_32((uint_32t)(x)))) << 32 | bswap_32((uint_32t)((x) >> 32)))
+#endif
+
+#if defined(SWAP_BYTES)
+#define bsw_64(p,n) \
+ { int _i = (n); while(_i--) ((uint_64t*)p)[_i] = bswap_64(((uint_64t*)p)[_i]); }
+#else
+#define bsw_64(p,n)
+#endif
+
+/* SHA512 mixing function definitions */
+
+#ifdef s_0
+# undef s_0
+# undef s_1
+# undef g_0
+# undef g_1
+# undef k_0
+#endif
+
+#define s_0(x) (rotr64((x), 28) ^ rotr64((x), 34) ^ rotr64((x), 39))
+#define s_1(x) (rotr64((x), 14) ^ rotr64((x), 18) ^ rotr64((x), 41))
+#define g_0(x) (rotr64((x), 1) ^ rotr64((x), 8) ^ ((x) >> 7))
+#define g_1(x) (rotr64((x), 19) ^ rotr64((x), 61) ^ ((x) >> 6))
+#define k_0 k512
+
+/* SHA384/SHA512 mixing data */
+
+const uint_64t k512[80] =
+{
+ li_64(428a2f98d728ae22), li_64(7137449123ef65cd),
+ li_64(b5c0fbcfec4d3b2f), li_64(e9b5dba58189dbbc),
+ li_64(3956c25bf348b538), li_64(59f111f1b605d019),
+ li_64(923f82a4af194f9b), li_64(ab1c5ed5da6d8118),
+ li_64(d807aa98a3030242), li_64(12835b0145706fbe),
+ li_64(243185be4ee4b28c), li_64(550c7dc3d5ffb4e2),
+ li_64(72be5d74f27b896f), li_64(80deb1fe3b1696b1),
+ li_64(9bdc06a725c71235), li_64(c19bf174cf692694),
+ li_64(e49b69c19ef14ad2), li_64(efbe4786384f25e3),
+ li_64(0fc19dc68b8cd5b5), li_64(240ca1cc77ac9c65),
+ li_64(2de92c6f592b0275), li_64(4a7484aa6ea6e483),
+ li_64(5cb0a9dcbd41fbd4), li_64(76f988da831153b5),
+ li_64(983e5152ee66dfab), li_64(a831c66d2db43210),
+ li_64(b00327c898fb213f), li_64(bf597fc7beef0ee4),
+ li_64(c6e00bf33da88fc2), li_64(d5a79147930aa725),
+ li_64(06ca6351e003826f), li_64(142929670a0e6e70),
+ li_64(27b70a8546d22ffc), li_64(2e1b21385c26c926),
+ li_64(4d2c6dfc5ac42aed), li_64(53380d139d95b3df),
+ li_64(650a73548baf63de), li_64(766a0abb3c77b2a8),
+ li_64(81c2c92e47edaee6), li_64(92722c851482353b),
+ li_64(a2bfe8a14cf10364), li_64(a81a664bbc423001),
+ li_64(c24b8b70d0f89791), li_64(c76c51a30654be30),
+ li_64(d192e819d6ef5218), li_64(d69906245565a910),
+ li_64(f40e35855771202a), li_64(106aa07032bbd1b8),
+ li_64(19a4c116b8d2d0c8), li_64(1e376c085141ab53),
+ li_64(2748774cdf8eeb99), li_64(34b0bcb5e19b48a8),
+ li_64(391c0cb3c5c95a63), li_64(4ed8aa4ae3418acb),
+ li_64(5b9cca4f7763e373), li_64(682e6ff3d6b2b8a3),
+ li_64(748f82ee5defb2fc), li_64(78a5636f43172f60),
+ li_64(84c87814a1f0ab72), li_64(8cc702081a6439ec),
+ li_64(90befffa23631e28), li_64(a4506cebde82bde9),
+ li_64(bef9a3f7b2c67915), li_64(c67178f2e372532b),
+ li_64(ca273eceea26619c), li_64(d186b8c721c0c207),
+ li_64(eada7dd6cde0eb1e), li_64(f57d4f7fee6ed178),
+ li_64(06f067aa72176fba), li_64(0a637dc5a2c898a6),
+ li_64(113f9804bef90dae), li_64(1b710b35131c471b),
+ li_64(28db77f523047d84), li_64(32caab7b40c72493),
+ li_64(3c9ebe0a15c9bebc), li_64(431d67c49c100d4c),
+ li_64(4cc5d4becb3e42b6), li_64(597f299cfc657e2a),
+ li_64(5fcb6fab3ad6faec), li_64(6c44198c4a475817)
+};
+
+/* Compile 128 bytes of hash data into SHA384/512 digest */
+/* NOTE: this routine assumes that the byte order in the */
+/* ctx->wbuf[] at this point is such that low address bytes */
+/* in the ORIGINAL byte stream will go into the high end of */
+/* words on BOTH big and little endian systems */
+
+VOID_RETURN sha512_compile(sha512_ctx ctx[1])
+{ uint_64t v[8], *p = ctx->wbuf;
+ uint_32t j;
+
+ memcpy(v, ctx->hash, 8 * sizeof(uint_64t));
+
+ for(j = 0; j < 80; j += 16)
+ {
+ v_cycle( 0, j); v_cycle( 1, j);
+ v_cycle( 2, j); v_cycle( 3, j);
+ v_cycle( 4, j); v_cycle( 5, j);
+ v_cycle( 6, j); v_cycle( 7, j);
+ v_cycle( 8, j); v_cycle( 9, j);
+ v_cycle(10, j); v_cycle(11, j);
+ v_cycle(12, j); v_cycle(13, j);
+ v_cycle(14, j); v_cycle(15, j);
+ }
+
+ ctx->hash[0] += v[0]; ctx->hash[1] += v[1];
+ ctx->hash[2] += v[2]; ctx->hash[3] += v[3];
+ ctx->hash[4] += v[4]; ctx->hash[5] += v[5];
+ ctx->hash[6] += v[6]; ctx->hash[7] += v[7];
+}
+
+/* Compile 128 bytes of hash data into SHA256 digest value */
+/* NOTE: this routine assumes that the byte order in the */
+/* ctx->wbuf[] at this point is in such an order that low */
+/* address bytes in the ORIGINAL byte stream placed in this */
+/* buffer will now go to the high end of words on BOTH big */
+/* and little endian systems */
+
+VOID_RETURN sha512_hash(const unsigned char data[], unsigned long len, sha512_ctx ctx[1])
+{ uint_32t pos = (uint_32t)(ctx->count[0] & SHA512_MASK),
+ space = SHA512_BLOCK_SIZE - pos;
+ const unsigned char *sp = data;
+
+ if((ctx->count[0] += len) < len)
+ ++(ctx->count[1]);
+
+ while(len >= space) /* tranfer whole blocks while possible */
+ {
+ memcpy(((unsigned char*)ctx->wbuf) + pos, sp, space);
+ sp += space; len -= space; space = SHA512_BLOCK_SIZE; pos = 0;
+ bsw_64(ctx->wbuf, SHA512_BLOCK_SIZE >> 3);
+ sha512_compile(ctx);
+ }
+
+ memcpy(((unsigned char*)ctx->wbuf) + pos, sp, len);
+}
+
+/* SHA384/512 Final padding and digest calculation */
+
+static void sha_end2(unsigned char hval[], sha512_ctx ctx[1], const unsigned int hlen)
+{ uint_32t i = (uint_32t)(ctx->count[0] & SHA512_MASK);
+
+ /* put bytes in the buffer in an order in which references to */
+ /* 32-bit words will put bytes with lower addresses into the */
+ /* top of 32 bit words on BOTH big and little endian machines */
+ bsw_64(ctx->wbuf, (i + 7) >> 3);
+
+ /* we now need to mask valid bytes and add the padding which is */
+ /* a single 1 bit and as many zero bits as necessary. Note that */
+ /* we can always add the first padding byte here because the */
+ /* buffer always has at least one empty slot */
+ ctx->wbuf[i >> 3] &= li_64(ffffffffffffff00) << 8 * (~i & 7);
+ ctx->wbuf[i >> 3] |= li_64(0000000000000080) << 8 * (~i & 7);
+
+ /* we need 17 or more empty byte positions, one for the padding */
+ /* byte (above) and sixteen for the length count. If there is */
+ /* not enough space pad and empty the buffer */
+ if(i > SHA512_BLOCK_SIZE - 17)
+ {
+ if(i < 120) ctx->wbuf[15] = 0;
+ sha512_compile(ctx);
+ i = 0;
+ }
+ else
+ i = (i >> 3) + 1;
+
+ while(i < 14)
+ ctx->wbuf[i++] = 0;
+
+ /* the following 64-bit length fields are assembled in the */
+ /* wrong byte order on little endian machines but this is */
+ /* corrected later since they are only ever used as 64-bit */
+ /* word values. */
+ ctx->wbuf[14] = (ctx->count[1] << 3) | (ctx->count[0] >> 61);
+ ctx->wbuf[15] = ctx->count[0] << 3;
+ sha512_compile(ctx);
+
+ /* extract the hash value as bytes in case the hash buffer is */
+ /* misaligned for 32-bit words */
+ for(i = 0; i < hlen; ++i)
+ hval[i] = (unsigned char)(ctx->hash[i >> 3] >> (8 * (~i & 7)));
+}
+
+#endif
+
+#if defined(SHA_384)
+
+/* SHA384 initialisation data */
+
+const uint_64t i384[80] =
+{
+ li_64(cbbb9d5dc1059ed8), li_64(629a292a367cd507),
+ li_64(9159015a3070dd17), li_64(152fecd8f70e5939),
+ li_64(67332667ffc00b31), li_64(8eb44a8768581511),
+ li_64(db0c2e0d64f98fa7), li_64(47b5481dbefa4fa4)
+};
+
+VOID_RETURN sha384_begin(sha384_ctx ctx[1])
+{
+ ctx->count[0] = ctx->count[1] = 0;
+ memcpy(ctx->hash, i384, 8 * sizeof(uint_64t));
+}
+
+VOID_RETURN sha384_end(unsigned char hval[], sha384_ctx ctx[1])
+{
+ sha_end2(hval, ctx, SHA384_DIGEST_SIZE);
+}
+
+VOID_RETURN sha384(unsigned char hval[], const unsigned char data[], unsigned long len)
+{ sha384_ctx cx[1];
+
+ sha384_begin(cx);
+ sha384_hash(data, len, cx);
+ sha_end2(hval, cx, SHA384_DIGEST_SIZE);
+}
+
+#endif
+
+#if defined(SHA_512)
+
+/* SHA512 initialisation data */
+
+const uint_64t i512[80] =
+{
+ li_64(6a09e667f3bcc908), li_64(bb67ae8584caa73b),
+ li_64(3c6ef372fe94f82b), li_64(a54ff53a5f1d36f1),
+ li_64(510e527fade682d1), li_64(9b05688c2b3e6c1f),
+ li_64(1f83d9abfb41bd6b), li_64(5be0cd19137e2179)
+};
+
+VOID_RETURN sha512_begin(sha512_ctx ctx[1])
+{
+ ctx->count[0] = ctx->count[1] = 0;
+ memcpy(ctx->hash, i512, 8 * sizeof(uint_64t));
+}
+
+VOID_RETURN sha512_end(unsigned char hval[], sha512_ctx ctx[1])
+{
+ sha_end2(hval, ctx, SHA512_DIGEST_SIZE);
+}
+
+VOID_RETURN sha512(unsigned char hval[], const unsigned char data[], unsigned long len)
+{ sha512_ctx cx[1];
+
+ sha512_begin(cx);
+ sha512_hash(data, len, cx);
+ sha_end2(hval, cx, SHA512_DIGEST_SIZE);
+}
+
+#endif
+
+#if defined(SHA_2)
+
+#define CTX_224(x) ((x)->uu->ctx256)
+#define CTX_256(x) ((x)->uu->ctx256)
+#define CTX_384(x) ((x)->uu->ctx512)
+#define CTX_512(x) ((x)->uu->ctx512)
+
+/* SHA2 initialisation */
+
+INT_RETURN sha2_begin(unsigned long len, sha2_ctx ctx[1])
+{
+ switch(len)
+ {
+#if defined(SHA_224)
+ case 224:
+ case 28: CTX_256(ctx)->count[0] = CTX_256(ctx)->count[1] = 0;
+ memcpy(CTX_256(ctx)->hash, i224, 32);
+ ctx->sha2_len = 28; return EXIT_SUCCESS;
+#endif
+#if defined(SHA_256)
+ case 256:
+ case 32: CTX_256(ctx)->count[0] = CTX_256(ctx)->count[1] = 0;
+ memcpy(CTX_256(ctx)->hash, i256, 32);
+ ctx->sha2_len = 32; return EXIT_SUCCESS;
+#endif
+#if defined(SHA_384)
+ case 384:
+ case 48: CTX_384(ctx)->count[0] = CTX_384(ctx)->count[1] = 0;
+ memcpy(CTX_384(ctx)->hash, i384, 64);
+ ctx->sha2_len = 48; return EXIT_SUCCESS;
+#endif
+#if defined(SHA_512)
+ case 512:
+ case 64: CTX_512(ctx)->count[0] = CTX_512(ctx)->count[1] = 0;
+ memcpy(CTX_512(ctx)->hash, i512, 64);
+ ctx->sha2_len = 64; return EXIT_SUCCESS;
+#endif
+ default: return EXIT_FAILURE;
+ }
+}
+
+VOID_RETURN sha2_hash(const unsigned char data[], unsigned long len, sha2_ctx ctx[1])
+{
+ switch(ctx->sha2_len)
+ {
+#if defined(SHA_224)
+ case 28: sha224_hash(data, len, CTX_224(ctx)); return;
+#endif
+#if defined(SHA_256)
+ case 32: sha256_hash(data, len, CTX_256(ctx)); return;
+#endif
+#if defined(SHA_384)
+ case 48: sha384_hash(data, len, CTX_384(ctx)); return;
+#endif
+#if defined(SHA_512)
+ case 64: sha512_hash(data, len, CTX_512(ctx)); return;
+#endif
+ }
+}
+
+VOID_RETURN sha2_end(unsigned char hval[], sha2_ctx ctx[1])
+{
+ switch(ctx->sha2_len)
+ {
+#if defined(SHA_224)
+ case 28: sha_end1(hval, CTX_224(ctx), SHA224_DIGEST_SIZE); return;
+#endif
+#if defined(SHA_256)
+ case 32: sha_end1(hval, CTX_256(ctx), SHA256_DIGEST_SIZE); return;
+#endif
+#if defined(SHA_384)
+ case 48: sha_end2(hval, CTX_384(ctx), SHA384_DIGEST_SIZE); return;
+#endif
+#if defined(SHA_512)
+ case 64: sha_end2(hval, CTX_512(ctx), SHA512_DIGEST_SIZE); return;
+#endif
+ }
+}
+
+INT_RETURN sha2(unsigned char hval[], unsigned long size,
+ const unsigned char data[], unsigned long len)
+{ sha2_ctx cx[1];
+
+ if(sha2_begin(size, cx) == EXIT_SUCCESS)
+ {
+ sha2_hash(data, len, cx); sha2_end(hval, cx); return EXIT_SUCCESS;
+ }
+ else
+ return EXIT_FAILURE;
+}
+
+#endif
+
+#if defined(__cplusplus)
+}
+#endif
diff --git a/crypto/src/main/jni/aes/sha/sha2.h b/crypto/src/main/jni/aes/sha/sha2.h
new file mode 100644
index 000000000..6ab8907c1
--- /dev/null
+++ b/crypto/src/main/jni/aes/sha/sha2.h
@@ -0,0 +1,151 @@
+/*
+ ---------------------------------------------------------------------------
+ Copyright (c) 2002, Dr Brian Gladman, Worcester, UK. All rights reserved.
+
+ LICENSE TERMS
+
+ The free distribution and use of this software in both source and binary
+ form is allowed (with or without changes) provided that:
+
+ 1. distributions of this source code include the above copyright
+ notice, this list of conditions and the following disclaimer;
+
+ 2. distributions in binary form include the above copyright
+ notice, this list of conditions and the following disclaimer
+ in the documentation and/or other associated materials;
+
+ 3. the copyright holder's name is not used to endorse products
+ built using this software without specific written permission.
+
+ ALTERNATIVELY, provided that this notice is retained in full, this product
+ may be distributed under the terms of the GNU General Public License (GPL),
+ in which case the provisions of the GPL apply INSTEAD OF those given above.
+
+ DISCLAIMER
+
+ This software is provided 'as is' with no explicit or implied warranties
+ in respect of its properties, including, but not limited to, correctness
+ and/or fitness for purpose.
+ ---------------------------------------------------------------------------
+ Issue Date: 01/08/2005
+*/
+
+#ifndef _SHA2_H
+#define _SHA2_H
+
+#include
+
+#define SHA_64BIT
+
+/* define the hash functions that you need */
+#define SHA_2 /* for dynamic hash length */
+#define SHA_224
+#define SHA_256
+#ifdef SHA_64BIT
+# define SHA_384
+# define SHA_512
+# define NEED_UINT_64T
+#endif
+
+#include "brg_types.h"
+
+#if defined(__cplusplus)
+extern "C"
+{
+#endif
+
+/* Note that the following function prototypes are the same */
+/* for both the bit and byte oriented implementations. But */
+/* the length fields are in bytes or bits as is appropriate */
+/* for the version used. Bit sequences are arrays of bytes */
+/* in which bit sequence indexes increase from the most to */
+/* the least significant end of each byte */
+
+#define SHA224_DIGEST_SIZE 28
+#define SHA224_BLOCK_SIZE 64
+#define SHA256_DIGEST_SIZE 32
+#define SHA256_BLOCK_SIZE 64
+
+/* type to hold the SHA256 (and SHA224) context */
+
+typedef struct
+{ uint_32t count[2];
+ uint_32t hash[8];
+ uint_32t wbuf[16];
+} sha256_ctx;
+
+typedef sha256_ctx sha224_ctx;
+
+VOID_RETURN sha256_compile(sha256_ctx ctx[1]);
+
+VOID_RETURN sha224_begin(sha224_ctx ctx[1]);
+#define sha224_hash sha256_hash
+VOID_RETURN sha224_end(unsigned char hval[], sha224_ctx ctx[1]);
+VOID_RETURN sha224(unsigned char hval[], const unsigned char data[], unsigned long len);
+
+VOID_RETURN sha256_begin(sha256_ctx ctx[1]);
+VOID_RETURN sha256_hash(const unsigned char data[], unsigned long len, sha256_ctx ctx[1]);
+VOID_RETURN sha256_end(unsigned char hval[], sha256_ctx ctx[1]);
+VOID_RETURN sha256(unsigned char hval[], const unsigned char data[], unsigned long len);
+
+#ifndef SHA_64BIT
+
+typedef struct
+{ union
+ { sha256_ctx ctx256[1];
+ } uu[1];
+ uint_32t sha2_len;
+} sha2_ctx;
+
+#define SHA2_MAX_DIGEST_SIZE SHA256_DIGEST_SIZE
+
+#else
+
+#define SHA384_DIGEST_SIZE 48
+#define SHA384_BLOCK_SIZE 128
+#define SHA512_DIGEST_SIZE 64
+#define SHA512_BLOCK_SIZE 128
+#define SHA2_MAX_DIGEST_SIZE SHA512_DIGEST_SIZE
+
+/* type to hold the SHA384 (and SHA512) context */
+
+typedef struct
+{ uint_64t count[2];
+ uint_64t hash[8];
+ uint_64t wbuf[16];
+} sha512_ctx;
+
+typedef sha512_ctx sha384_ctx;
+
+typedef struct
+{ union
+ { sha256_ctx ctx256[1];
+ sha512_ctx ctx512[1];
+ } uu[1];
+ uint_32t sha2_len;
+} sha2_ctx;
+
+VOID_RETURN sha512_compile(sha512_ctx ctx[1]);
+
+VOID_RETURN sha384_begin(sha384_ctx ctx[1]);
+#define sha384_hash sha512_hash
+VOID_RETURN sha384_end(unsigned char hval[], sha384_ctx ctx[1]);
+VOID_RETURN sha384(unsigned char hval[], const unsigned char data[], unsigned long len);
+
+VOID_RETURN sha512_begin(sha512_ctx ctx[1]);
+VOID_RETURN sha512_hash(const unsigned char data[], unsigned long len, sha512_ctx ctx[1]);
+VOID_RETURN sha512_end(unsigned char hval[], sha512_ctx ctx[1]);
+VOID_RETURN sha512(unsigned char hval[], const unsigned char data[], unsigned long len);
+
+INT_RETURN sha2_begin(unsigned long size, sha2_ctx ctx[1]);
+VOID_RETURN sha2_hash(const unsigned char data[], unsigned long len, sha2_ctx ctx[1]);
+VOID_RETURN sha2_end(unsigned char hval[], sha2_ctx ctx[1]);
+INT_RETURN sha2(unsigned char hval[], unsigned long size, const unsigned char data[], unsigned long len);
+
+#endif
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif
diff --git a/crypto/src/main/jni/final_key/sha/sha2.c b/crypto/src/main/jni/aes/sha/sha2b.c
similarity index 72%
rename from crypto/src/main/jni/final_key/sha/sha2.c
rename to crypto/src/main/jni/aes/sha/sha2b.c
index 27ba32655..e0aafc931 100644
--- a/crypto/src/main/jni/final_key/sha/sha2.c
+++ b/crypto/src/main/jni/aes/sha/sha2b.c
@@ -1,73 +1,83 @@
/*
----------------------------------------------------------------------------
-Copyright (c) 1998-2010, Brian Gladman, Worcester, UK. All rights reserved.
+ ---------------------------------------------------------------------------
+ Copyright (c) 2002, Dr Brian Gladman, Worcester, UK. All rights reserved.
-The redistribution and use of this software (with or without changes)
-is allowed without the payment of fees or royalties provided that:
+ LICENSE TERMS
- source code distributions include the above copyright notice, this
- list of conditions and the following disclaimer;
+ The free distribution and use of this software in both source and binary
+ form is allowed (with or without changes) provided that:
- binary distributions include the above copyright notice, this list
- of conditions and the following disclaimer in their documentation.
+ 1. distributions of this source code include the above copyright
+ notice, this list of conditions and the following disclaimer;
-This software is provided 'as is' with no explicit or implied warranties
-in respect of its operation, including, but not limited to, correctness
-and fitness for purpose.
----------------------------------------------------------------------------
-Issue Date: 20/12/2007
+ 2. distributions in binary form include the above copyright
+ notice, this list of conditions and the following disclaimer
+ in the documentation and/or other associated materials;
-This code implements sha256, sha384 and sha512 but the latter two
-functions rely on efficient 64-bit integer operations that may not be
-very efficient on 32-bit machines
+ 3. the copyright holder's name is not used to endorse products
+ built using this software without specific written permission.
-The sha256 functions use a type 'sha256_ctx' to hold details of the
-current hash state and uses the following three calls:
+ ALTERNATIVELY, provided that this notice is retained in full, this product
+ may be distributed under the terms of the GNU General Public License (GPL),
+ in which case the provisions of the GPL apply INSTEAD OF those given above.
- void sha256_begin( sha256_ctx ctx[1] )
- void sha256_hash( const unsigned char data[],
- unsigned long len, sha256_ctx ctx[1] )
- void sha_end1( unsigned char hval[], sha256_ctx ctx[1] )
+ DISCLAIMER
-The first subroutine initialises a hash computation by setting up the
-context in the sha256_ctx context. The second subroutine hashes 8-bit
-bytes from array data[] into the hash state withinh sha256_ctx context,
-the number of bytes to be hashed being given by the the unsigned long
-integer len. The third subroutine completes the hash calculation and
-places the resulting digest value in the array of 8-bit bytes hval[].
+ This software is provided 'as is' with no explicit or implied warranties
+ in respect of its properties, including, but not limited to, correctness
+ and/or fitness for purpose.
+ ---------------------------------------------------------------------------
+ Issue Date: 01/08/2005
-The sha384 and sha512 functions are similar and use the interfaces:
+ This is a bit oriented version of SHA2 that operates on arrays of bytes
+ stored in memory. This code implements sha256, sha384 and sha512 but the
+ latter two functions rely on efficient 64-bit integer operations that
+ may not be very efficient on 32-bit machines
- void sha384_begin( sha384_ctx ctx[1] );
- void sha384_hash( const unsigned char data[],
- unsigned long len, sha384_ctx ctx[1] );
- void sha384_end( unsigned char hval[], sha384_ctx ctx[1] );
+ The sha256 functions use a type 'sha256_ctx' to hold details of the
+ current hash state and uses the following three calls:
- void sha512_begin( sha512_ctx ctx[1] );
- void sha512_hash( const unsigned char data[],
- unsigned long len, sha512_ctx ctx[1] );
- void sha512_end( unsigned char hval[], sha512_ctx ctx[1] );
+ void sha256_begin(sha256_ctx ctx[1])
+ void sha256_hash(const unsigned char data[],
+ unsigned long len, sha256_ctx ctx[1])
+ void sha_end1(unsigned char hval[], sha256_ctx ctx[1])
-In addition there is a function sha2 that can be used to call all these
-functions using a call with a hash length parameter as follows:
+ The first subroutine initialises a hash computation by setting up the
+ context in the sha256_ctx context. The second subroutine hashes 8-bit
+ bytes from array data[] into the hash state withinh sha256_ctx context,
+ the number of bytes to be hashed being given by the the unsigned long
+ integer len. The third subroutine completes the hash calculation and
+ places the resulting digest value in the array of 8-bit bytes hval[].
- int sha2_begin( unsigned long len, sha2_ctx ctx[1] );
- void sha2_hash( const unsigned char data[],
- unsigned long len, sha2_ctx ctx[1] );
- void sha2_end( unsigned char hval[], sha2_ctx ctx[1] );
+ The sha384 and sha512 functions are similar and use the interfaces:
-The data block length in any one call to any of these hash functions must
-be no more than 2^32 - 1 bits or 2^29 - 1 bytes.
+ void sha384_begin(sha384_ctx ctx[1]);
+ void sha384_hash(const unsigned char data[],
+ unsigned long len, sha384_ctx ctx[1]);
+ void sha384_end(unsigned char hval[], sha384_ctx ctx[1]);
-My thanks to Erik Andersen for testing this code
-on big-endian systems and for his assistance with corrections
+ void sha512_begin(sha512_ctx ctx[1]);
+ void sha512_hash(const unsigned char data[],
+ unsigned long len, sha512_ctx ctx[1]);
+ void sha512_end(unsigned char hval[], sha512_ctx ctx[1]);
+
+ In addition there is a function sha2 that can be used to call all these
+ functions using a call with a hash length parameter as follows:
+
+ int sha2_begin(unsigned long len, sha2_ctx ctx[1]);
+ void sha2_hash(const unsigned char data[],
+ unsigned long len, sha2_ctx ctx[1]);
+ void sha2_end(unsigned char hval[], sha2_ctx ctx[1]);
+
+ My thanks to Erik Andersen for testing this code
+ on big-endian systems and for his assistance with corrections
*/
#if 1
-#define UNROLL_SHA2 /* for SHA2 loop unroll */
+#define UNROLL_SHA2 /* for SHA2 loop unroll */
#endif
-#include /* for memcpy() etc. */
+#include /* for memcpy() etc. */
#include "sha2.h"
#include "brg_endian.h"
@@ -79,7 +89,6 @@ extern "C"
#if defined( _MSC_VER ) && ( _MSC_VER > 800 )
#pragma intrinsic(memcpy)
-#pragma intrinsic(memset)
#endif
#if 0 && defined(_MSC_VER)
@@ -131,7 +140,7 @@ extern "C"
#if defined(SWAP_BYTES)
#define bsw_32(p,n) \
- { int _i = (n); while(_i--) ((uint32_t*)p)[_i] = bswap_32(((uint32_t*)p)[_i]); }
+ { int _i = (n); while(_i--) ((uint_32t*)p)[_i] = bswap_32(((uint_32t*)p)[_i]); }
#else
#define bsw_32(p,n)
#endif
@@ -154,7 +163,7 @@ extern "C"
/* SHA256 mixing data */
-const uint32_t k256[64] =
+const uint_32t k256[64] =
{ 0x428a2f98ul, 0x71374491ul, 0xb5c0fbcful, 0xe9b5dba5ul,
0x3956c25bul, 0x59f111f1ul, 0x923f82a4ul, 0xab1c5ed5ul,
0xd807aa98ul, 0x12835b01ul, 0x243185beul, 0x550c7dc3ul,
@@ -183,9 +192,9 @@ VOID_RETURN sha256_compile(sha256_ctx ctx[1])
{
#if !defined(UNROLL_SHA2)
- uint32_t j, *p = ctx->wbuf, v[8];
+ uint_32t j, *p = ctx->wbuf, v[8];
- memcpy(v, ctx->hash, sizeof(ctx->hash));
+ memcpy(v, ctx->hash, 8 * sizeof(uint_32t));
for(j = 0; j < 64; j += 16)
{
@@ -206,7 +215,7 @@ VOID_RETURN sha256_compile(sha256_ctx ctx[1])
#else
- uint32_t *p = ctx->wbuf,v0,v1,v2,v3,v4,v5,v6,v7;
+ uint_32t *p = ctx->wbuf,v0,v1,v2,v3,v4,v5,v6,v7;
v0 = ctx->hash[0]; v1 = ctx->hash[1];
v2 = ctx->hash[2]; v3 = ctx->hash[3];
@@ -292,18 +301,14 @@ VOID_RETURN sha256_compile(sha256_ctx ctx[1])
/* and call the hash_compile function as required. */
VOID_RETURN sha256_hash(const unsigned char data[], unsigned long len, sha256_ctx ctx[1])
-{ uint32_t pos = (uint32_t)((ctx->count[0] >> 3) & SHA256_MASK);
+{ uint_32t pos = (uint_32t)((ctx->count[0] >> 3) & SHA256_MASK),
+ ofs = (ctx->count[0] & 7);
const unsigned char *sp = data;
unsigned char *w = (unsigned char*)ctx->wbuf;
-#if SHA2_BITS == 1
- uint32_t ofs = (ctx->count[0] & 7);
-#else
- len <<= 3;
-#endif
+
if((ctx->count[0] += len) < len)
++(ctx->count[1]);
-#if SHA2_BITS == 1
if(ofs) /* if not on a byte boundary */
{
if(ofs + len < 8) /* if no added bytes are needed */
@@ -328,30 +333,30 @@ VOID_RETURN sha256_hash(const unsigned char data[], unsigned long len, sha256_ct
}
}
else /* data is byte aligned */
-#endif
- { uint32_t space = SHA256_BLOCK_SIZE - pos;
+ { uint_32t space = SHA256_BLOCK_SIZE - pos;
- while(len >= (space << 3))
+ while((int)(len - 8 * space) >= 0)
{
+ len -= 8 * space;
memcpy(w + pos, sp, space);
+ sp += space;
+ space = SHA256_BLOCK_SIZE;
bsw_32(w, SHA256_BLOCK_SIZE >> 2);
- sha256_compile(ctx);
- sp += space; len -= (space << 3);
- space = SHA256_BLOCK_SIZE; pos = 0;
+ sha256_compile(ctx); pos = 0;
}
- memcpy(w + pos, sp, (len + 7 * SHA2_BITS) >> 3);
+ memcpy(w + pos, sp, (len + 7) >> 3);
}
}
/* SHA256 Final padding and digest calculation */
static void sha_end1(unsigned char hval[], sha256_ctx ctx[1], const unsigned int hlen)
-{ uint32_t i = (uint32_t)((ctx->count[0] >> 3) & SHA256_MASK), m1;
+{ uint_32t i = (uint_32t)((ctx->count[0] >> 3) & SHA256_MASK), m1;
/* put bytes in the buffer in an order in which references to */
/* 32-bit words will put bytes with lower addresses into the */
/* top of 32 bit words on BOTH big and little endian machines */
- bsw_32(ctx->wbuf, (i + 3 + SHA2_BITS) >> 2)
+ bsw_32(ctx->wbuf, (i + 4) >> 2)
/* we now need to mask valid bytes and add the padding which is */
/* a single 1 bit and as many zero bits as necessary. Note that */
@@ -385,16 +390,16 @@ static void sha_end1(unsigned char hval[], sha256_ctx ctx[1], const unsigned int
sha256_compile(ctx);
/* extract the hash value as bytes in case the hash buffer is */
- /* misaligned for 32-bit words */
+ /* mislaigned for 32-bit words */
for(i = 0; i < hlen; ++i)
- hval[i] = ((ctx->hash[i >> 2] >> (8 * (~i & 3))) & 0xff);
+ hval[i] = (unsigned char)(ctx->hash[i >> 2] >> (8 * (~i & 3)));
}
#endif
#if defined(SHA_224)
-const uint32_t i224[8] =
+const uint_32t i224[8] =
{
0xc1059ed8ul, 0x367cd507ul, 0x3070dd17ul, 0xf70e5939ul,
0xffc00b31ul, 0x68581511ul, 0x64f98fa7ul, 0xbefa4fa4ul
@@ -402,8 +407,8 @@ const uint32_t i224[8] =
VOID_RETURN sha224_begin(sha224_ctx ctx[1])
{
- memset(ctx, 0, sizeof(sha224_ctx));
- memcpy(ctx->hash, i224, sizeof(ctx->hash));
+ ctx->count[0] = ctx->count[1] = 0;
+ memcpy(ctx->hash, i224, 8 * sizeof(uint_32t));
}
VOID_RETURN sha224_end(unsigned char hval[], sha224_ctx ctx[1])
@@ -423,7 +428,7 @@ VOID_RETURN sha224(unsigned char hval[], const unsigned char data[], unsigned lo
#if defined(SHA_256)
-const uint32_t i256[8] =
+const uint_32t i256[8] =
{
0x6a09e667ul, 0xbb67ae85ul, 0x3c6ef372ul, 0xa54ff53aul,
0x510e527ful, 0x9b05688cul, 0x1f83d9abul, 0x5be0cd19ul
@@ -431,8 +436,8 @@ const uint32_t i256[8] =
VOID_RETURN sha256_begin(sha256_ctx ctx[1])
{
- memset(ctx, 0, sizeof(sha256_ctx));
- memcpy(ctx->hash, i256, sizeof(ctx->hash));
+ ctx->count[0] = ctx->count[1] = 0;
+ memcpy(ctx->hash, i256, 8 * sizeof(uint_32t));
}
VOID_RETURN sha256_end(unsigned char hval[], sha256_ctx ctx[1])
@@ -457,12 +462,12 @@ VOID_RETURN sha256(unsigned char hval[], const unsigned char data[], unsigned lo
#define rotr64(x,n) (((x) >> n) | ((x) << (64 - n)))
#if !defined(bswap_64)
-#define bswap_64(x) (((uint64_t)(bswap_32((uint32_t)(x)))) << 32 | bswap_32((uint32_t)((x) >> 32)))
+#define bswap_64(x) (((uint_64t)(bswap_32((uint_32t)(x)))) << 32 | bswap_32((uint_32t)((x) >> 32)))
#endif
#if defined(SWAP_BYTES)
#define bsw_64(p,n) \
- { int _i = (n); while(_i--) ((uint64_t*)p)[_i] = bswap_64(((uint64_t*)p)[_i]); }
+ { int _i = (n); while(_i--) ((uint_64t*)p)[_i] = bswap_64(((uint_64t*)p)[_i]); }
#else
#define bsw_64(p,n)
#endif
@@ -485,7 +490,7 @@ VOID_RETURN sha256(unsigned char hval[], const unsigned char data[], unsigned lo
/* SHA384/SHA512 mixing data */
-const uint64_t k512[80] =
+const uint_64t k512[80] =
{
li_64(428a2f98d728ae22), li_64(7137449123ef65cd),
li_64(b5c0fbcfec4d3b2f), li_64(e9b5dba58189dbbc),
@@ -536,10 +541,10 @@ const uint64_t k512[80] =
/* words on BOTH big and little endian systems */
VOID_RETURN sha512_compile(sha512_ctx ctx[1])
-{ uint64_t v[8], *p = ctx->wbuf;
- uint32_t j;
+{ uint_64t v[8], *p = ctx->wbuf;
+ uint_32t j;
- memcpy(v, ctx->hash, sizeof(ctx->hash));
+ memcpy(v, ctx->hash, 8 * sizeof(uint_64t));
for(j = 0; j < 80; j += 16)
{
@@ -567,19 +572,14 @@ VOID_RETURN sha512_compile(sha512_ctx ctx[1])
/* and little endian systems */
VOID_RETURN sha512_hash(const unsigned char data[], unsigned long len, sha512_ctx ctx[1])
-{ uint32_t pos = (uint32_t)(ctx->count[0] >> 3) & SHA512_MASK;
+{ uint_32t pos = (uint_32t)(ctx->count[0] >> 3) & SHA512_MASK,
+ ofs = (uint_32t)(ctx->count[0] & 7);
const unsigned char *sp = data;
unsigned char *w = (unsigned char*)ctx->wbuf;
-#if SHA2_BITS == 1
- uint32_t ofs = (ctx->count[0] & 7);
-#else
- len <<= 3;
-#endif
if((ctx->count[0] += len) < len)
++(ctx->count[1]);
-#if SHA2_BITS == 1
if(ofs) /* if not on a byte boundary */
{
if(ofs + len < 8) /* if no added bytes are needed */
@@ -604,31 +604,31 @@ VOID_RETURN sha512_hash(const unsigned char data[], unsigned long len, sha512_ct
}
}
else /* data is byte aligned */
-#endif
- { uint32_t space = SHA512_BLOCK_SIZE - pos;
+ { uint_32t space = SHA512_BLOCK_SIZE - pos;
- while(len >= (space << 3))
+ while((int)(len - 8 * space) >= 0)
{
+ len -= 8 * space;
memcpy(w + pos, sp, space);
+ sp += space;
+ space = SHA512_BLOCK_SIZE;
bsw_64(w, SHA512_BLOCK_SIZE >> 3);
- sha512_compile(ctx);
- sp += space; len -= (space << 3);
- space = SHA512_BLOCK_SIZE; pos = 0;
+ sha512_compile(ctx); pos = 0;
}
- memcpy(w + pos, sp, (len + 7 * SHA2_BITS) >> 3);
+ memcpy(w + pos, sp, (len + 7) >> 3);
}
}
/* SHA384/512 Final padding and digest calculation */
static void sha_end2(unsigned char hval[], sha512_ctx ctx[1], const unsigned int hlen)
-{ uint32_t i = (uint32_t)((ctx->count[0] >> 3) & SHA512_MASK);
- uint64_t m1;
+{ uint_32t i = (uint_32t)((ctx->count[0] >> 3) & SHA512_MASK);
+ uint_64t m1;
/* put bytes in the buffer in an order in which references to */
/* 32-bit words will put bytes with lower addresses into the */
/* top of 32 bit words on BOTH big and little endian machines */
- bsw_64(ctx->wbuf, (i + 7 + SHA2_BITS) >> 3);
+ bsw_64(ctx->wbuf, (i + 8) >> 3);
/* we now need to mask valid bytes and add the padding which is */
/* a single 1 bit and as many zero bits as necessary. Note that */
@@ -664,7 +664,7 @@ static void sha_end2(unsigned char hval[], sha512_ctx ctx[1], const unsigned int
/* extract the hash value as bytes in case the hash buffer is */
/* misaligned for 32-bit words */
for(i = 0; i < hlen; ++i)
- hval[i] = ((ctx->hash[i >> 3] >> (8 * (~i & 7))) & 0xff);
+ hval[i] = (unsigned char)(ctx->hash[i >> 3] >> (8 * (~i & 7)));
}
#endif
@@ -673,7 +673,7 @@ static void sha_end2(unsigned char hval[], sha512_ctx ctx[1], const unsigned int
/* SHA384 initialisation data */
-const uint64_t i384[80] =
+const uint_64t i384[80] =
{
li_64(cbbb9d5dc1059ed8), li_64(629a292a367cd507),
li_64(9159015a3070dd17), li_64(152fecd8f70e5939),
@@ -683,8 +683,8 @@ const uint64_t i384[80] =
VOID_RETURN sha384_begin(sha384_ctx ctx[1])
{
- memset(ctx, 0, sizeof(sha384_ctx));
- memcpy(ctx->hash, i384, sizeof(ctx->hash));
+ ctx->count[0] = ctx->count[1] = 0;
+ memcpy(ctx->hash, i384, 8 * sizeof(uint_64t));
}
VOID_RETURN sha384_end(unsigned char hval[], sha384_ctx ctx[1])
@@ -706,7 +706,7 @@ VOID_RETURN sha384(unsigned char hval[], const unsigned char data[], unsigned lo
/* SHA512 initialisation data */
-static const uint64_t i512[SHA512_DIGEST_SIZE >> 3] =
+const uint_64t i512[80] =
{
li_64(6a09e667f3bcc908), li_64(bb67ae8584caa73b),
li_64(3c6ef372fe94f82b), li_64(a54ff53a5f1d36f1),
@@ -714,74 +714,10 @@ static const uint64_t i512[SHA512_DIGEST_SIZE >> 3] =
li_64(1f83d9abfb41bd6b), li_64(5be0cd19137e2179)
};
-/* FIPS PUB 180-4: SHA-512/256 */
-
-static const uint64_t i512_256[SHA512_DIGEST_SIZE >> 3] =
-{
- li_64(22312194fc2bf72c), li_64(9f555fa3c84c64c2),
- li_64(2393b86b6f53b151), li_64(963877195940eabd),
- li_64(96283ee2a88effe3), li_64(be5e1e2553863992),
- li_64(2b0199fc2c85b8aa), li_64(0eb72ddc81c52ca2),
-};
-
-/* FIPS PUB 180-4: SHA-512/224 */
-
-static const uint64_t i512_224[SHA512_DIGEST_SIZE >> 3] =
-{
- li_64(8c3d37c819544da2), li_64(73e1996689dcd4d6),
- li_64(1dfab7ae32ff9c82), li_64(679dd514582f9fcf),
- li_64(0f6d2b697bd44da8), li_64(77e36f7304c48942),
- li_64(3f9d85a86a1d36c8), li_64(1112e6ad91d692a1),
-};
-
-/* FIPS PUB 180-4: SHA-512/192 (unsanctioned; facilitates using AES-192) */
-
-static const uint64_t i512_192[SHA512_DIGEST_SIZE >> 3] =
-{
- li_64(010176140648b233), li_64(db92aeb1eebadd6f),
- li_64(83a9e27aa1d5ea62), li_64(ec95f77eb609b4e1),
- li_64(71a99185c75caefa), li_64(006e8f08baf32e3c),
- li_64(6a2b21abd2db2aec), li_64(24926cdbd918a27f),
-};
-
-/* FIPS PUB 180-4: SHA-512/128 (unsanctioned; facilitates using AES-128) */
-
-static const uint64_t i512_128[SHA512_DIGEST_SIZE >> 3] =
-{
- li_64(c953a21464c3e8cc), li_64(06cc9cfd166a34b5),
- li_64(647e88dabf8b24ab), li_64(8513e4dc05a078ac),
- li_64(7266fcfb7cba0534), li_64(854a78e2ecd19b93),
- li_64(8618061711cec2dd), li_64(b20d8506efb929b1),
-};
-
VOID_RETURN sha512_begin(sha512_ctx ctx[1])
{
- memset(ctx, 0, sizeof(sha512_ctx));
- memcpy(ctx->hash, i512, sizeof(ctx->hash));
-}
-
-VOID_RETURN sha512_256_begin(sha512_ctx ctx[1])
-{
- memset(ctx, 0, sizeof(sha512_ctx));
- memcpy(ctx->hash, i512_256, sizeof(ctx->hash));
-}
-
-VOID_RETURN sha512_224_begin(sha512_ctx ctx[1])
-{
- memset(ctx, 0, sizeof(sha512_ctx));
- memcpy(ctx->hash, i512_224, sizeof(ctx->hash));
-}
-
-VOID_RETURN sha512_192_begin(sha512_ctx ctx[1])
-{
- memset(ctx, 0, sizeof(sha512_ctx));
- memcpy(ctx->hash, i512_192, sizeof(ctx->hash));
-}
-
-VOID_RETURN sha512_128_begin(sha512_ctx ctx[1])
-{
- memset(ctx, 0, sizeof(sha512_ctx));
- memcpy(ctx->hash, i512_128, sizeof(ctx->hash));
+ ctx->count[0] = ctx->count[1] = 0;
+ memcpy(ctx->hash, i512, 8 * sizeof(uint_64t));
}
VOID_RETURN sha512_end(unsigned char hval[], sha512_ctx ctx[1])
@@ -789,64 +725,12 @@ VOID_RETURN sha512_end(unsigned char hval[], sha512_ctx ctx[1])
sha_end2(hval, ctx, SHA512_DIGEST_SIZE);
}
-VOID_RETURN sha512_256_end(unsigned char hval[], sha512_ctx ctx[1])
-{
- sha_end2(hval, ctx, SHA512_256_DIGEST_SIZE);
-}
-
-VOID_RETURN sha512_224_end(unsigned char hval[], sha512_ctx ctx[1])
-{
- sha_end2(hval, ctx, SHA512_224_DIGEST_SIZE);
-}
-
-VOID_RETURN sha512_192_end(unsigned char hval[], sha512_ctx ctx[1])
-{
- sha_end2(hval, ctx, SHA512_192_DIGEST_SIZE);
-}
-
-VOID_RETURN sha512_128_end(unsigned char hval[], sha512_ctx ctx[1])
-{
- sha_end2(hval, ctx, SHA512_128_DIGEST_SIZE);
-}
-
VOID_RETURN sha512(unsigned char hval[], const unsigned char data[], unsigned long len)
{ sha512_ctx cx[1];
sha512_begin(cx);
sha512_hash(data, len, cx);
- sha512_end(hval, cx);
-}
-
-VOID_RETURN sha512_256(unsigned char hval[], const unsigned char data[], unsigned long len)
-{ sha512_ctx cx[1];
-
- sha512_256_begin(cx);
- sha512_256_hash(data, len, cx);
- sha512_256_end(hval, cx);
-}
-
-VOID_RETURN sha512_224(unsigned char hval[], const unsigned char data[], unsigned long len)
-{ sha512_ctx cx[1];
-
- sha512_224_begin(cx);
- sha512_224_hash(data, len, cx);
- sha512_224_end(hval, cx);
-}
-
-VOID_RETURN sha512_192(unsigned char hval[], const unsigned char data[], unsigned long len)
-{ sha512_ctx cx[1];
-
- sha512_192_begin(cx);
- sha512_192_hash(data, len, cx);
- sha512_192_end(hval, cx);
-}
-
-VOID_RETURN sha512_128(unsigned char hval[], const unsigned char data[], unsigned long len)
-{ sha512_ctx cx[1];
-
- sha512_128_begin(cx);
- sha512_128_hash(data, len, cx);
- sha512_128_end(hval, cx);
+ sha_end2(hval, cx, SHA512_DIGEST_SIZE);
}
#endif
diff --git a/crypto/src/main/jni/final_key/sha/shasum.c b/crypto/src/main/jni/aes/sha/shasum.c
similarity index 54%
rename from crypto/src/main/jni/final_key/sha/shasum.c
rename to crypto/src/main/jni/aes/sha/shasum.c
index fb8898f88..b6a175129 100644
--- a/crypto/src/main/jni/final_key/sha/shasum.c
+++ b/crypto/src/main/jni/aes/sha/shasum.c
@@ -1,22 +1,3 @@
-/*
----------------------------------------------------------------------------
-Copyright (c) 1998-2010, Brian Gladman, Worcester, UK. All rights reserved.
-
-The redistribution and use of this software (with or without changes)
-is allowed without the payment of fees or royalties provided that:
-
- source code distributions include the above copyright notice, this
- list of conditions and the following disclaimer;
-
- binary distributions include the above copyright notice, this list
- of conditions and the following disclaimer in their documentation.
-
-This software is provided 'as is' with no explicit or implied warranties
-in respect of its operation, including, but not limited to, correctness
-and fitness for purpose.
----------------------------------------------------------------------------
-Issue Date: 20/12/2007
-*/
#include
#include
diff --git a/crypto/src/main/jni/argon2/CMakeLists.txt b/crypto/src/main/jni/argon2/CMakeLists.txt
new file mode 100644
index 000000000..3074eb052
--- /dev/null
+++ b/crypto/src/main/jni/argon2/CMakeLists.txt
@@ -0,0 +1,17 @@
+cmake_minimum_required(VERSION 3.4.1)
+
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=c89 -pthread")
+
+include_directories(include/)
+include_directories(src/)
+
+add_library(
+ argon2 SHARED
+ src/argon2.c
+ src/core.c
+ src/encoding.c
+ src/ref.c
+ src/thread.c
+ src/blake2/blake2b.c
+ argon2_jni.c
+)
diff --git a/crypto/src/main/jni/argon2/argon2_jni.c b/crypto/src/main/jni/argon2/argon2_jni.c
new file mode 100644
index 000000000..d4504a96c
--- /dev/null
+++ b/crypto/src/main/jni/argon2/argon2_jni.c
@@ -0,0 +1,192 @@
+/*
+ * Copyright 2020 Jeremy Jamet / Kunzisoft.
+ *
+ * This file is part of KeePassDX.
+ *
+ * KeePassDX is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * KeePassDX is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with KeePassDX. If not, see .
+ *
+ */
+
+#include
+#include
+#include
+
+#include "argon2.h"
+#include "core.h"
+
+static JavaVM *cached_vm;
+static jclass bad_arg, io, no_mem;
+
+JNIEXPORT jint JNICALL JNI_OnLoad( JavaVM *vm, void *reserved ) {
+ JNIEnv *env;
+ jclass cls;
+
+ cached_vm = vm;
+ if((*vm)->GetEnv(vm, (void **)&env, JNI_VERSION_1_6))
+ return JNI_ERR;
+
+ cls = (*env)->FindClass(env, "java/lang/IllegalArgumentException");
+ if( cls == NULL )
+ return JNI_ERR;
+ bad_arg = (*env)->NewGlobalRef(env, cls);
+ if( bad_arg == NULL )
+ return JNI_ERR;
+
+ cls = (*env)->FindClass(env, "java/io/IOException");
+ if( cls == NULL )
+ return JNI_ERR;
+ io = (*env)->NewGlobalRef(env, cls);
+ if( io == NULL )
+ return JNI_ERR;
+ cls = (*env)->FindClass(env, "java/lang/OutOfMemoryError");
+ if( cls == NULL )
+ return JNI_ERR;
+ no_mem = (*env)->NewGlobalRef(env, cls);
+ if( no_mem == NULL )
+ return JNI_ERR;
+
+ /*
+ cls = (*env)->FindClass(env, "javax/crypto/BadPaddingException");
+ if( cls == NULL )
+ return JNI_ERR;
+ bad_padding = (*env)->NewGlobalRef(env, cls);
+
+ cls = (*env)->FindClass(env, "javax/crypto/ShortBufferException");
+ if( cls == NULL )
+ return JNI_ERR;
+ short_buf = (*env)->NewGlobalRef(env, cls);
+
+ cls = (*env)->FindClass(env, "javax/crypto/IllegalBlockSizeException");
+ if( cls == NULL )
+ return JNI_ERR;
+ block_size = (*env)->NewGlobalRef(env, cls);
+
+ aes_init();
+ */
+
+ return JNI_VERSION_1_6;
+}
+
+// called on garbage collection
+JNIEXPORT void JNICALL JNI_OnUnload( JavaVM *vm, void *reserved ) {
+JNIEnv *env;
+ if((*vm)->GetEnv(vm, (void **)&env, JNI_VERSION_1_6)) {
+ return;
+ }
+ (*env)->DeleteGlobalRef(env, bad_arg);
+ (*env)->DeleteGlobalRef(env, io);
+ (*env)->DeleteGlobalRef(env, no_mem);
+
+ /*
+ (*env)->DeleteGlobalRef(env, bad_padding);
+ (*env)->DeleteGlobalRef(env, short_buf);
+ (*env)->DeleteGlobalRef(env, block_size);
+ */
+
+ return;
+}
+
+
+
+uint32_t getJNIArray(JNIEnv *env, jbyteArray array, uint8_t **output) {
+ if (array == NULL) {
+ *output = NULL;
+ return 0;
+ }
+
+ uint32_t len = (*env)->GetArrayLength(env, array);
+ uint8_t *buf = (uint8_t *)malloc(len);
+ (*env)->GetByteArrayRegion(env, array, 0, len, (jbyte*) buf);
+
+ *output = buf;
+
+ return len;
+}
+
+void throwExceptionF(JNIEnv *env, jclass exception, const char *format, ...) {
+ char message[512];
+
+ va_list args;
+ va_start(args, format);
+ snprintf(message, 512, format, args);
+ va_end(args);
+
+ (*env)->ThrowNew(env, exception, message);
+}
+
+#define ARGON2_HASHLEN 32
+
+JNIEXPORT jbyteArray
+JNICALL Java_com_kunzisoft_encrypt_argon2_NativeArgon2KeyTransformer_nTransformKey(JNIEnv *env,
+ jobject this, jint type, jbyteArray password, jbyteArray salt, jint parallelism, jint memory,
+ jint iterations, jbyteArray secretKey, jbyteArray associatedData, jint version) {
+
+ argon2_context context;
+ uint8_t *out;
+
+ out = (uint8_t *) malloc(ARGON2_HASHLEN);
+ if (out == NULL) {
+ throwExceptionF(env, no_mem, "Not enough memory for output hash array");
+ return NULL;
+ }
+
+ uint8_t *passwordBuf;
+ uint32_t passwordLen = getJNIArray(env, password, &passwordBuf);
+ uint8_t *saltBuf;
+ uint32_t saltLen = getJNIArray(env, salt, &saltBuf);
+ uint8_t *secretBuf;
+ uint32_t secretLen = getJNIArray(env, secretKey, &secretBuf);
+ uint8_t *adBuf;
+ uint32_t adLen = getJNIArray(env, associatedData, &adBuf);
+
+ context.out = out;
+ context.outlen = ARGON2_HASHLEN;
+ context.pwd = passwordBuf;
+ context.pwdlen = passwordLen;
+ context.salt = saltBuf;
+ context.saltlen = saltLen;
+ context.secret = secretBuf;
+ context.secretlen = secretLen;
+ context.ad = adBuf;
+ context.adlen = adLen;
+ context.t_cost = (uint32_t) iterations;
+ context.m_cost = (uint32_t) memory;
+ context.lanes = (uint32_t) parallelism;
+ context.threads = (uint32_t) parallelism;
+ context.allocate_cbk = NULL;
+ context.free_cbk = NULL;
+ context.flags = ARGON2_DEFAULT_FLAGS;
+ context.version = (uint32_t) version;
+
+ int argonResult = argon2_ctx(&context, (argon2_type) type);
+
+ jbyteArray result;
+ if (argonResult != ARGON2_OK) {
+ throwExceptionF(env, io, "Hash failed with code=%d", argonResult);
+ result = NULL;
+ } else {
+ result = (*env)->NewByteArray(env, ARGON2_HASHLEN);
+ (*env)->SetByteArrayRegion(env, result, 0, ARGON2_HASHLEN, (jbyte *) out);
+
+ }
+
+ clear_internal_memory(out, ARGON2_HASHLEN);
+ free(out);
+ if (passwordBuf != NULL) { free(passwordBuf); }
+ if (saltBuf != NULL) { free(saltBuf); }
+ if (secretBuf != NULL) { free(secretBuf); }
+ if (adBuf != NULL) { free(adBuf); }
+
+ return result;
+}
diff --git a/crypto/src/main/jni/argon2/include/argon2.h b/crypto/src/main/jni/argon2/include/argon2.h
new file mode 100644
index 000000000..05bdcf10f
--- /dev/null
+++ b/crypto/src/main/jni/argon2/include/argon2.h
@@ -0,0 +1,434 @@
+/*
+ * Argon2 reference source code package - reference C implementations
+ *
+ * Copyright 2015
+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
+ *
+ * You may use this work under the terms of a Creative Commons CC0 1.0
+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of
+ * these licenses can be found at:
+ *
+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * You should have received a copy of both of these licenses along with this
+ * software. If not, they may be obtained at the above URLs.
+ */
+
+#ifndef ARGON2_H
+#define ARGON2_H
+
+#include
+#include
+#include
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+/* Symbols visibility control */
+#ifdef A2_VISCTL
+#define ARGON2_PUBLIC __attribute__((visibility("default")))
+#elif _MSC_VER
+#define ARGON2_PUBLIC __declspec(dllexport)
+#else
+#define ARGON2_PUBLIC
+#endif
+
+/*
+ * Argon2 input parameter restrictions
+ */
+
+/* Minimum and maximum number of lanes (degree of parallelism) */
+#define ARGON2_MIN_LANES UINT32_C(1)
+#define ARGON2_MAX_LANES UINT32_C(0xFFFFFF)
+
+/* Minimum and maximum number of threads */
+#define ARGON2_MIN_THREADS UINT32_C(1)
+#define ARGON2_MAX_THREADS UINT32_C(0xFFFFFF)
+
+/* Number of synchronization points between lanes per pass */
+#define ARGON2_SYNC_POINTS UINT32_C(4)
+
+/* Minimum and maximum digest size in bytes */
+#define ARGON2_MIN_OUTLEN UINT32_C(4)
+#define ARGON2_MAX_OUTLEN UINT32_C(0xFFFFFFFF)
+
+/* Minimum and maximum number of memory blocks (each of BLOCK_SIZE bytes) */
+#define ARGON2_MIN_MEMORY (2 * ARGON2_SYNC_POINTS) /* 2 blocks per slice */
+
+#define ARGON2_MIN(a, b) ((a) < (b) ? (a) : (b))
+/* Max memory size is addressing-space/2, topping at 2^32 blocks (4 TB) */
+#define ARGON2_MAX_MEMORY_BITS \
+ ARGON2_MIN(UINT32_C(32), (sizeof(void *) * CHAR_BIT - 10 - 1))
+#define ARGON2_MAX_MEMORY \
+ ARGON2_MIN(UINT32_C(0xFFFFFFFF), UINT64_C(1) << ARGON2_MAX_MEMORY_BITS)
+
+/* Minimum and maximum number of passes */
+#define ARGON2_MIN_TIME UINT32_C(1)
+#define ARGON2_MAX_TIME UINT32_C(0xFFFFFFFF)
+
+/* Minimum and maximum password length in bytes */
+#define ARGON2_MIN_PWD_LENGTH UINT32_C(0)
+#define ARGON2_MAX_PWD_LENGTH UINT32_C(0xFFFFFFFF)
+
+/* Minimum and maximum associated data length in bytes */
+#define ARGON2_MIN_AD_LENGTH UINT32_C(0)
+#define ARGON2_MAX_AD_LENGTH UINT32_C(0xFFFFFFFF)
+
+/* Minimum and maximum salt length in bytes */
+#define ARGON2_MIN_SALT_LENGTH UINT32_C(8)
+#define ARGON2_MAX_SALT_LENGTH UINT32_C(0xFFFFFFFF)
+
+/* Minimum and maximum key length in bytes */
+#define ARGON2_MIN_SECRET UINT32_C(0)
+#define ARGON2_MAX_SECRET UINT32_C(0xFFFFFFFF)
+
+/* Flags to determine which fields are securely wiped (default = no wipe). */
+#define ARGON2_DEFAULT_FLAGS UINT32_C(0)
+#define ARGON2_FLAG_CLEAR_PASSWORD (UINT32_C(1) << 0)
+#define ARGON2_FLAG_CLEAR_SECRET (UINT32_C(1) << 1)
+
+/* Global flag to determine if we are wiping internal memory buffers. This flag
+ * is defined in core.c and deafults to 1 (wipe internal memory). */
+extern int FLAG_clear_internal_memory;
+
+/* Error codes */
+typedef enum Argon2_ErrorCodes {
+ ARGON2_OK = 0,
+
+ ARGON2_OUTPUT_PTR_NULL = -1,
+
+ ARGON2_OUTPUT_TOO_SHORT = -2,
+ ARGON2_OUTPUT_TOO_LONG = -3,
+
+ ARGON2_PWD_TOO_SHORT = -4,
+ ARGON2_PWD_TOO_LONG = -5,
+
+ ARGON2_SALT_TOO_SHORT = -6,
+ ARGON2_SALT_TOO_LONG = -7,
+
+ ARGON2_AD_TOO_SHORT = -8,
+ ARGON2_AD_TOO_LONG = -9,
+
+ ARGON2_SECRET_TOO_SHORT = -10,
+ ARGON2_SECRET_TOO_LONG = -11,
+
+ ARGON2_TIME_TOO_SMALL = -12,
+ ARGON2_TIME_TOO_LARGE = -13,
+
+ ARGON2_MEMORY_TOO_LITTLE = -14,
+ ARGON2_MEMORY_TOO_MUCH = -15,
+
+ ARGON2_LANES_TOO_FEW = -16,
+ ARGON2_LANES_TOO_MANY = -17,
+
+ ARGON2_PWD_PTR_MISMATCH = -18, /* NULL ptr with non-zero length */
+ ARGON2_SALT_PTR_MISMATCH = -19, /* NULL ptr with non-zero length */
+ ARGON2_SECRET_PTR_MISMATCH = -20, /* NULL ptr with non-zero length */
+ ARGON2_AD_PTR_MISMATCH = -21, /* NULL ptr with non-zero length */
+
+ ARGON2_MEMORY_ALLOCATION_ERROR = -22,
+
+ ARGON2_FREE_MEMORY_CBK_NULL = -23,
+ ARGON2_ALLOCATE_MEMORY_CBK_NULL = -24,
+
+ ARGON2_INCORRECT_PARAMETER = -25,
+ ARGON2_INCORRECT_TYPE = -26,
+
+ ARGON2_OUT_PTR_MISMATCH = -27,
+
+ ARGON2_THREADS_TOO_FEW = -28,
+ ARGON2_THREADS_TOO_MANY = -29,
+
+ ARGON2_MISSING_ARGS = -30,
+
+ ARGON2_ENCODING_FAIL = -31,
+
+ ARGON2_DECODING_FAIL = -32,
+
+ ARGON2_THREAD_FAIL = -33,
+
+ ARGON2_DECODING_LENGTH_FAIL = -34,
+
+ ARGON2_VERIFY_MISMATCH = -35
+} argon2_error_codes;
+
+/* Memory allocator types --- for external allocation */
+typedef int (*allocate_fptr)(uint8_t **memory, size_t bytes_to_allocate);
+typedef void (*deallocate_fptr)(uint8_t *memory, size_t bytes_to_allocate);
+
+/* Argon2 external data structures */
+
+/*
+ *****
+ * Context: structure to hold Argon2 inputs:
+ * output array and its length,
+ * password and its length,
+ * salt and its length,
+ * secret and its length,
+ * associated data and its length,
+ * number of passes, amount of used memory (in KBytes, can be rounded up a bit)
+ * number of parallel threads that will be run.
+ * All the parameters above affect the output hash value.
+ * Additionally, two function pointers can be provided to allocate and
+ * deallocate the memory (if NULL, memory will be allocated internally).
+ * Also, three flags indicate whether to erase password, secret as soon as they
+ * are pre-hashed (and thus not needed anymore), and the entire memory
+ *****
+ * Simplest situation: you have output array out[8], password is stored in
+ * pwd[32], salt is stored in salt[16], you do not have keys nor associated
+ * data. You need to spend 1 GB of RAM and you run 5 passes of Argon2d with
+ * 4 parallel lanes.
+ * You want to erase the password, but you're OK with last pass not being
+ * erased. You want to use the default memory allocator.
+ * Then you initialize:
+ Argon2_Context(out,8,pwd,32,salt,16,NULL,0,NULL,0,5,1<<20,4,4,NULL,NULL,true,false,false,false)
+ */
+typedef struct Argon2_Context {
+ uint8_t *out; /* output array */
+ uint32_t outlen; /* digest length */
+
+ uint8_t *pwd; /* password array */
+ uint32_t pwdlen; /* password length */
+
+ uint8_t *salt; /* salt array */
+ uint32_t saltlen; /* salt length */
+
+ uint8_t *secret; /* key array */
+ uint32_t secretlen; /* key length */
+
+ uint8_t *ad; /* associated data array */
+ uint32_t adlen; /* associated data length */
+
+ uint32_t t_cost; /* number of passes */
+ uint32_t m_cost; /* amount of memory requested (KB) */
+ uint32_t lanes; /* number of lanes */
+ uint32_t threads; /* maximum number of threads */
+
+ uint32_t version; /* version number */
+
+ allocate_fptr allocate_cbk; /* pointer to memory allocator */
+ deallocate_fptr free_cbk; /* pointer to memory deallocator */
+
+ uint32_t flags; /* array of bool options */
+} argon2_context;
+
+/* Argon2 primitive type */
+typedef enum Argon2_type {
+ Argon2_d = 0,
+ Argon2_i = 1,
+ Argon2_id = 2
+} argon2_type;
+
+/* Version of the algorithm */
+typedef enum Argon2_version {
+ ARGON2_VERSION_10 = 0x10,
+ ARGON2_VERSION_13 = 0x13,
+ ARGON2_VERSION_NUMBER = ARGON2_VERSION_13
+} argon2_version;
+
+/*
+ * Function that gives the string representation of an argon2_type.
+ * @param type The argon2_type that we want the string for
+ * @param uppercase Whether the string should have the first letter uppercase
+ * @return NULL if invalid type, otherwise the string representation.
+ */
+ARGON2_PUBLIC const char *argon2_type2string(argon2_type type, int uppercase);
+
+/*
+ * Function that performs memory-hard hashing with certain degree of parallelism
+ * @param context Pointer to the Argon2 internal structure
+ * @return Error code if smth is wrong, ARGON2_OK otherwise
+ */
+ARGON2_PUBLIC int argon2_ctx(argon2_context *context, argon2_type type);
+
+/**
+ * Hashes a password with Argon2i, producing an encoded hash
+ * @param t_cost Number of iterations
+ * @param m_cost Sets memory usage to m_cost kibibytes
+ * @param parallelism Number of threads and compute lanes
+ * @param pwd Pointer to password
+ * @param pwdlen Password size in bytes
+ * @param salt Pointer to salt
+ * @param saltlen Salt size in bytes
+ * @param hashlen Desired length of the hash in bytes
+ * @param encoded Buffer where to write the encoded hash
+ * @param encodedlen Size of the buffer (thus max size of the encoded hash)
+ * @pre Different parallelism levels will give different results
+ * @pre Returns ARGON2_OK if successful
+ */
+ARGON2_PUBLIC int argon2i_hash_encoded(const uint32_t t_cost,
+ const uint32_t m_cost,
+ const uint32_t parallelism,
+ const void *pwd, const size_t pwdlen,
+ const void *salt, const size_t saltlen,
+ const size_t hashlen, char *encoded,
+ const size_t encodedlen);
+
+/**
+ * Hashes a password with Argon2i, producing a raw hash by allocating memory at
+ * @hash
+ * @param t_cost Number of iterations
+ * @param m_cost Sets memory usage to m_cost kibibytes
+ * @param parallelism Number of threads and compute lanes
+ * @param pwd Pointer to password
+ * @param pwdlen Password size in bytes
+ * @param salt Pointer to salt
+ * @param saltlen Salt size in bytes
+ * @param hash Buffer where to write the raw hash - updated by the function
+ * @param hashlen Desired length of the hash in bytes
+ * @pre Different parallelism levels will give different results
+ * @pre Returns ARGON2_OK if successful
+ */
+ARGON2_PUBLIC int argon2i_hash_raw(const uint32_t t_cost, const uint32_t m_cost,
+ const uint32_t parallelism, const void *pwd,
+ const size_t pwdlen, const void *salt,
+ const size_t saltlen, void *hash,
+ const size_t hashlen);
+
+ARGON2_PUBLIC int argon2d_hash_encoded(const uint32_t t_cost,
+ const uint32_t m_cost,
+ const uint32_t parallelism,
+ const void *pwd, const size_t pwdlen,
+ const void *salt, const size_t saltlen,
+ const size_t hashlen, char *encoded,
+ const size_t encodedlen);
+
+ARGON2_PUBLIC int argon2d_hash_raw(const uint32_t t_cost, const uint32_t m_cost,
+ const uint32_t parallelism, const void *pwd,
+ const size_t pwdlen, const void *salt,
+ const size_t saltlen, void *hash,
+ const size_t hashlen);
+
+ARGON2_PUBLIC int argon2id_hash_encoded(const uint32_t t_cost,
+ const uint32_t m_cost,
+ const uint32_t parallelism,
+ const void *pwd, const size_t pwdlen,
+ const void *salt, const size_t saltlen,
+ const size_t hashlen, char *encoded,
+ const size_t encodedlen);
+
+ARGON2_PUBLIC int argon2id_hash_raw(const uint32_t t_cost,
+ const uint32_t m_cost,
+ const uint32_t parallelism, const void *pwd,
+ const size_t pwdlen, const void *salt,
+ const size_t saltlen, void *hash,
+ const size_t hashlen);
+
+/* generic function underlying the above ones */
+ARGON2_PUBLIC int argon2_hash(const uint32_t t_cost, const uint32_t m_cost,
+ const uint32_t parallelism, const void *pwd,
+ const size_t pwdlen, const void *salt,
+ const size_t saltlen, void *hash,
+ const size_t hashlen, char *encoded,
+ const size_t encodedlen, argon2_type type,
+ const uint32_t version);
+
+/**
+ * Verifies a password against an encoded string
+ * Encoded string is restricted as in validate_inputs()
+ * @param encoded String encoding parameters, salt, hash
+ * @param pwd Pointer to password
+ * @pre Returns ARGON2_OK if successful
+ */
+ARGON2_PUBLIC int argon2i_verify(const char *encoded, const void *pwd,
+ const size_t pwdlen);
+
+ARGON2_PUBLIC int argon2d_verify(const char *encoded, const void *pwd,
+ const size_t pwdlen);
+
+ARGON2_PUBLIC int argon2id_verify(const char *encoded, const void *pwd,
+ const size_t pwdlen);
+
+/* generic function underlying the above ones */
+ARGON2_PUBLIC int argon2_verify(const char *encoded, const void *pwd,
+ const size_t pwdlen, argon2_type type);
+
+/**
+ * Argon2d: Version of Argon2 that picks memory blocks depending
+ * on the password and salt. Only for side-channel-free
+ * environment!!
+ *****
+ * @param context Pointer to current Argon2 context
+ * @return Zero if successful, a non zero error code otherwise
+ */
+ARGON2_PUBLIC int argon2d_ctx(argon2_context *context);
+
+/**
+ * Argon2i: Version of Argon2 that picks memory blocks
+ * independent on the password and salt. Good for side-channels,
+ * but worse w.r.t. tradeoff attacks if only one pass is used.
+ *****
+ * @param context Pointer to current Argon2 context
+ * @return Zero if successful, a non zero error code otherwise
+ */
+ARGON2_PUBLIC int argon2i_ctx(argon2_context *context);
+
+/**
+ * Argon2id: Version of Argon2 where the first half-pass over memory is
+ * password-independent, the rest are password-dependent (on the password and
+ * salt). OK against side channels (they reduce to 1/2-pass Argon2i), and
+ * better with w.r.t. tradeoff attacks (similar to Argon2d).
+ *****
+ * @param context Pointer to current Argon2 context
+ * @return Zero if successful, a non zero error code otherwise
+ */
+ARGON2_PUBLIC int argon2id_ctx(argon2_context *context);
+
+/**
+ * Verify if a given password is correct for Argon2d hashing
+ * @param context Pointer to current Argon2 context
+ * @param hash The password hash to verify. The length of the hash is
+ * specified by the context outlen member
+ * @return Zero if successful, a non zero error code otherwise
+ */
+ARGON2_PUBLIC int argon2d_verify_ctx(argon2_context *context, const char *hash);
+
+/**
+ * Verify if a given password is correct for Argon2i hashing
+ * @param context Pointer to current Argon2 context
+ * @param hash The password hash to verify. The length of the hash is
+ * specified by the context outlen member
+ * @return Zero if successful, a non zero error code otherwise
+ */
+ARGON2_PUBLIC int argon2i_verify_ctx(argon2_context *context, const char *hash);
+
+/**
+ * Verify if a given password is correct for Argon2id hashing
+ * @param context Pointer to current Argon2 context
+ * @param hash The password hash to verify. The length of the hash is
+ * specified by the context outlen member
+ * @return Zero if successful, a non zero error code otherwise
+ */
+ARGON2_PUBLIC int argon2id_verify_ctx(argon2_context *context,
+ const char *hash);
+
+/* generic function underlying the above ones */
+ARGON2_PUBLIC int argon2_verify_ctx(argon2_context *context, const char *hash,
+ argon2_type type);
+
+/**
+ * Get the associated error message for given error code
+ * @return The error message associated with the given error code
+ */
+ARGON2_PUBLIC const char *argon2_error_message(int error_code);
+
+/**
+ * Returns the encoded hash length for the given input parameters
+ * @param t_cost Number of iterations
+ * @param m_cost Memory usage in kibibytes
+ * @param parallelism Number of threads; used to compute lanes
+ * @param saltlen Salt size in bytes
+ * @param hashlen Hash size in bytes
+ * @return The encoded hash length in bytes
+ */
+ARGON2_PUBLIC size_t argon2_encodedlen(uint32_t t_cost, uint32_t m_cost,
+ uint32_t parallelism, uint32_t saltlen,
+ uint32_t hashlen, argon2_type type);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif
diff --git a/crypto/src/main/jni/argon2/src/CMakeLists.txt b/crypto/src/main/jni/argon2/src/CMakeLists.txt
new file mode 100644
index 000000000..431ca13fd
--- /dev/null
+++ b/crypto/src/main/jni/argon2/src/CMakeLists.txt
@@ -0,0 +1,22 @@
+cmake_minimum_required(VERSION 3.4.1)
+
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DUSE_SHA256")
+
+include_directories(aes/)
+include_directories(sha/)
+
+add_library(
+ final-key SHARED
+ aes_jni.c
+ aes/aescrypt.c
+ aes/aeskey.c
+ aes/aes_modes.c
+ aes/aestab.c
+ sha/hmac.c
+ sha/sha1.c
+ sha/sha2.c
+)
+
+find_library(log-lib log)
+
+target_link_libraries(final-key ${log-lib})
diff --git a/crypto/src/main/jni/argon2/src/argon2.c b/crypto/src/main/jni/argon2/src/argon2.c
new file mode 100644
index 000000000..bf73d3935
--- /dev/null
+++ b/crypto/src/main/jni/argon2/src/argon2.c
@@ -0,0 +1,437 @@
+/*
+ * Argon2 reference source code package - reference C implementations
+ *
+ * Copyright 2015
+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
+ *
+ * You may use this work under the terms of a Creative Commons CC0 1.0
+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of
+ * these licenses can be found at:
+ *
+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * You should have received a copy of both of these licenses along with this
+ * software. If not, they may be obtained at the above URLs.
+ */
+
+#include
+#include
+#include
+
+#include "argon2.h"
+#include "encoding.h"
+#include "core.h"
+
+const char *argon2_type2string(argon2_type type, int uppercase) {
+ switch (type) {
+ default:
+ case Argon2_d:
+ return uppercase ? "Argon2d" : "argon2d";
+ case Argon2_i:
+ return uppercase ? "Argon2i" : "argon2i";
+ case Argon2_id:
+ return uppercase ? "Argon2id" : "argon2id";
+ }
+
+ return NULL;
+}
+
+int argon2_ctx(argon2_context *context, argon2_type type) {
+ /* 1. Validate all inputs */
+ int result = validate_inputs(context);
+ uint32_t memory_blocks, segment_length;
+ argon2_instance_t instance;
+
+ if (ARGON2_OK != result) {
+ return result;
+ }
+
+ if (Argon2_d != type && Argon2_i != type && Argon2_id != type) {
+ return ARGON2_INCORRECT_TYPE;
+ }
+
+ /* 2. Align memory size */
+ /* Minimum memory_blocks = 8L blocks, where L is the number of lanes */
+ memory_blocks = context->m_cost;
+
+ if (memory_blocks < 2 * ARGON2_SYNC_POINTS * context->lanes) {
+ memory_blocks = 2 * ARGON2_SYNC_POINTS * context->lanes;
+ }
+
+ segment_length = memory_blocks / (context->lanes * ARGON2_SYNC_POINTS);
+ /* Ensure that all segments have equal length */
+ memory_blocks = segment_length * (context->lanes * ARGON2_SYNC_POINTS);
+
+ instance.version = context->version;
+ instance.memory = NULL;
+ instance.passes = context->t_cost;
+ instance.memory_blocks = memory_blocks;
+ instance.segment_length = segment_length;
+ instance.lane_length = segment_length * ARGON2_SYNC_POINTS;
+ instance.lanes = context->lanes;
+ instance.threads = context->threads;
+ instance.type = type;
+
+ /* 3. Initialization: Hashing inputs, allocating memory, filling first
+ * blocks
+ */
+ result = initialize(&instance, context);
+
+ if (ARGON2_OK != result) {
+ return result;
+ }
+
+ /* 4. Filling memory */
+ result = fill_memory_blocks(&instance);
+
+ if (ARGON2_OK != result) {
+ return result;
+ }
+ /* 5. Finalization */
+ finalize(context, &instance);
+
+ return ARGON2_OK;
+}
+
+int argon2_hash(const uint32_t t_cost, const uint32_t m_cost,
+ const uint32_t parallelism, const void *pwd,
+ const size_t pwdlen, const void *salt, const size_t saltlen,
+ void *hash, const size_t hashlen, char *encoded,
+ const size_t encodedlen, argon2_type type,
+ const uint32_t version){
+
+ argon2_context context;
+ int result;
+ uint8_t *out;
+
+ if (hashlen > ARGON2_MAX_OUTLEN) {
+ return ARGON2_OUTPUT_TOO_LONG;
+ }
+
+ if (hashlen < ARGON2_MIN_OUTLEN) {
+ return ARGON2_OUTPUT_TOO_SHORT;
+ }
+
+ out = malloc(hashlen);
+ if (!out) {
+ return ARGON2_MEMORY_ALLOCATION_ERROR;
+ }
+
+ context.out = (uint8_t *)out;
+ context.outlen = (uint32_t)hashlen;
+ context.pwd = CONST_CAST(uint8_t *)pwd;
+ context.pwdlen = (uint32_t)pwdlen;
+ context.salt = CONST_CAST(uint8_t *)salt;
+ context.saltlen = (uint32_t)saltlen;
+ context.secret = NULL;
+ context.secretlen = 0;
+ context.ad = NULL;
+ context.adlen = 0;
+ context.t_cost = t_cost;
+ context.m_cost = m_cost;
+ context.lanes = parallelism;
+ context.threads = parallelism;
+ context.allocate_cbk = NULL;
+ context.free_cbk = NULL;
+ context.flags = ARGON2_DEFAULT_FLAGS;
+ context.version = version;
+
+ result = argon2_ctx(&context, type);
+
+ if (result != ARGON2_OK) {
+ clear_internal_memory(out, hashlen);
+ free(out);
+ return result;
+ }
+
+ /* if raw hash requested, write it */
+ if (hash) {
+ memcpy(hash, out, hashlen);
+ }
+
+ /* if encoding requested, write it */
+ if (encoded && encodedlen) {
+ if (encode_string(encoded, encodedlen, &context, type) != ARGON2_OK) {
+ clear_internal_memory(out, hashlen); /* wipe buffers if error */
+ clear_internal_memory(encoded, encodedlen);
+ free(out);
+ return ARGON2_ENCODING_FAIL;
+ }
+ }
+ clear_internal_memory(out, hashlen);
+ free(out);
+
+ return ARGON2_OK;
+}
+
+int argon2i_hash_encoded(const uint32_t t_cost, const uint32_t m_cost,
+ const uint32_t parallelism, const void *pwd,
+ const size_t pwdlen, const void *salt,
+ const size_t saltlen, const size_t hashlen,
+ char *encoded, const size_t encodedlen) {
+
+ return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen,
+ NULL, hashlen, encoded, encodedlen, Argon2_i,
+ ARGON2_VERSION_NUMBER);
+}
+
+int argon2i_hash_raw(const uint32_t t_cost, const uint32_t m_cost,
+ const uint32_t parallelism, const void *pwd,
+ const size_t pwdlen, const void *salt,
+ const size_t saltlen, void *hash, const size_t hashlen) {
+
+ return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen,
+ hash, hashlen, NULL, 0, Argon2_i, ARGON2_VERSION_NUMBER);
+}
+
+int argon2d_hash_encoded(const uint32_t t_cost, const uint32_t m_cost,
+ const uint32_t parallelism, const void *pwd,
+ const size_t pwdlen, const void *salt,
+ const size_t saltlen, const size_t hashlen,
+ char *encoded, const size_t encodedlen) {
+
+ return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen,
+ NULL, hashlen, encoded, encodedlen, Argon2_d,
+ ARGON2_VERSION_NUMBER);
+}
+
+int argon2d_hash_raw(const uint32_t t_cost, const uint32_t m_cost,
+ const uint32_t parallelism, const void *pwd,
+ const size_t pwdlen, const void *salt,
+ const size_t saltlen, void *hash, const size_t hashlen) {
+
+ return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen,
+ hash, hashlen, NULL, 0, Argon2_d, ARGON2_VERSION_NUMBER);
+}
+
+int argon2id_hash_encoded(const uint32_t t_cost, const uint32_t m_cost,
+ const uint32_t parallelism, const void *pwd,
+ const size_t pwdlen, const void *salt,
+ const size_t saltlen, const size_t hashlen,
+ char *encoded, const size_t encodedlen) {
+
+ return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen,
+ NULL, hashlen, encoded, encodedlen, Argon2_id,
+ ARGON2_VERSION_NUMBER);
+}
+
+int argon2id_hash_raw(const uint32_t t_cost, const uint32_t m_cost,
+ const uint32_t parallelism, const void *pwd,
+ const size_t pwdlen, const void *salt,
+ const size_t saltlen, void *hash, const size_t hashlen) {
+ return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen,
+ hash, hashlen, NULL, 0, Argon2_id,
+ ARGON2_VERSION_NUMBER);
+}
+
+static int argon2_compare(const uint8_t *b1, const uint8_t *b2, size_t len) {
+ size_t i;
+ uint8_t d = 0U;
+
+ for (i = 0U; i < len; i++) {
+ d |= b1[i] ^ b2[i];
+ }
+ return (int)((1 & ((d - 1) >> 8)) - 1);
+}
+
+int argon2_verify(const char *encoded, const void *pwd, const size_t pwdlen,
+ argon2_type type) {
+
+ argon2_context ctx;
+ uint8_t *desired_result = NULL;
+
+ int ret = ARGON2_OK;
+
+ size_t encoded_len;
+ uint32_t max_field_len;
+
+ if (encoded == NULL) {
+ return ARGON2_DECODING_FAIL;
+ }
+
+ encoded_len = strlen(encoded);
+ if (encoded_len > UINT32_MAX) {
+ return ARGON2_DECODING_FAIL;
+ }
+
+ /* No field can be longer than the encoded length */
+ max_field_len = (uint32_t)encoded_len;
+
+ ctx.saltlen = max_field_len;
+ ctx.outlen = max_field_len;
+
+ ctx.salt = malloc(ctx.saltlen);
+ ctx.out = malloc(ctx.outlen);
+ if (!ctx.salt || !ctx.out) {
+ ret = ARGON2_MEMORY_ALLOCATION_ERROR;
+ goto fail;
+ }
+
+ ctx.pwd = (uint8_t *)pwd;
+ ctx.pwdlen = pwdlen;
+
+ ret = decode_string(&ctx, encoded, type);
+ if (ret != ARGON2_OK) {
+ goto fail;
+ }
+
+ /* Set aside the desired result, and get a new buffer. */
+ desired_result = ctx.out;
+ ctx.out = malloc(ctx.outlen);
+ if (!ctx.out) {
+ ret = ARGON2_MEMORY_ALLOCATION_ERROR;
+ goto fail;
+ }
+
+ ret = argon2_verify_ctx(&ctx, (char *)desired_result, type);
+ if (ret != ARGON2_OK) {
+ goto fail;
+ }
+
+fail:
+ free(ctx.salt);
+ free(ctx.out);
+ free(desired_result);
+
+ return ret;
+}
+
+int argon2i_verify(const char *encoded, const void *pwd, const size_t pwdlen) {
+
+ return argon2_verify(encoded, pwd, pwdlen, Argon2_i);
+}
+
+int argon2d_verify(const char *encoded, const void *pwd, const size_t pwdlen) {
+
+ return argon2_verify(encoded, pwd, pwdlen, Argon2_d);
+}
+
+int argon2id_verify(const char *encoded, const void *pwd, const size_t pwdlen) {
+
+ return argon2_verify(encoded, pwd, pwdlen, Argon2_id);
+}
+
+int argon2d_ctx(argon2_context *context) {
+ return argon2_ctx(context, Argon2_d);
+}
+
+int argon2i_ctx(argon2_context *context) {
+ return argon2_ctx(context, Argon2_i);
+}
+
+int argon2id_ctx(argon2_context *context) {
+ return argon2_ctx(context, Argon2_id);
+}
+
+int argon2_verify_ctx(argon2_context *context, const char *hash,
+ argon2_type type) {
+ int ret = argon2_ctx(context, type);
+ if (ret != ARGON2_OK) {
+ return ret;
+ }
+
+ if (argon2_compare((uint8_t *)hash, context->out, context->outlen)) {
+ return ARGON2_VERIFY_MISMATCH;
+ }
+
+ return ARGON2_OK;
+}
+
+int argon2d_verify_ctx(argon2_context *context, const char *hash) {
+ return argon2_verify_ctx(context, hash, Argon2_d);
+}
+
+int argon2i_verify_ctx(argon2_context *context, const char *hash) {
+ return argon2_verify_ctx(context, hash, Argon2_i);
+}
+
+int argon2id_verify_ctx(argon2_context *context, const char *hash) {
+ return argon2_verify_ctx(context, hash, Argon2_id);
+}
+
+const char *argon2_error_message(int error_code) {
+ switch (error_code) {
+ case ARGON2_OK:
+ return "OK";
+ case ARGON2_OUTPUT_PTR_NULL:
+ return "Output pointer is NULL";
+ case ARGON2_OUTPUT_TOO_SHORT:
+ return "Output is too short";
+ case ARGON2_OUTPUT_TOO_LONG:
+ return "Output is too long";
+ case ARGON2_PWD_TOO_SHORT:
+ return "Password is too short";
+ case ARGON2_PWD_TOO_LONG:
+ return "Password is too long";
+ case ARGON2_SALT_TOO_SHORT:
+ return "Salt is too short";
+ case ARGON2_SALT_TOO_LONG:
+ return "Salt is too long";
+ case ARGON2_AD_TOO_SHORT:
+ return "Associated data is too short";
+ case ARGON2_AD_TOO_LONG:
+ return "Associated data is too long";
+ case ARGON2_SECRET_TOO_SHORT:
+ return "Secret is too short";
+ case ARGON2_SECRET_TOO_LONG:
+ return "Secret is too long";
+ case ARGON2_TIME_TOO_SMALL:
+ return "Time cost is too small";
+ case ARGON2_TIME_TOO_LARGE:
+ return "Time cost is too large";
+ case ARGON2_MEMORY_TOO_LITTLE:
+ return "Memory cost is too small";
+ case ARGON2_MEMORY_TOO_MUCH:
+ return "Memory cost is too large";
+ case ARGON2_LANES_TOO_FEW:
+ return "Too few lanes";
+ case ARGON2_LANES_TOO_MANY:
+ return "Too many lanes";
+ case ARGON2_PWD_PTR_MISMATCH:
+ return "Password pointer is NULL, but password length is not 0";
+ case ARGON2_SALT_PTR_MISMATCH:
+ return "Salt pointer is NULL, but salt length is not 0";
+ case ARGON2_SECRET_PTR_MISMATCH:
+ return "Secret pointer is NULL, but secret length is not 0";
+ case ARGON2_AD_PTR_MISMATCH:
+ return "Associated data pointer is NULL, but ad length is not 0";
+ case ARGON2_MEMORY_ALLOCATION_ERROR:
+ return "Memory allocation error";
+ case ARGON2_FREE_MEMORY_CBK_NULL:
+ return "The free memory callback is NULL";
+ case ARGON2_ALLOCATE_MEMORY_CBK_NULL:
+ return "The allocate memory callback is NULL";
+ case ARGON2_INCORRECT_PARAMETER:
+ return "Argon2_Context context is NULL";
+ case ARGON2_INCORRECT_TYPE:
+ return "There is no such version of Argon2";
+ case ARGON2_OUT_PTR_MISMATCH:
+ return "Output pointer mismatch";
+ case ARGON2_THREADS_TOO_FEW:
+ return "Not enough threads";
+ case ARGON2_THREADS_TOO_MANY:
+ return "Too many threads";
+ case ARGON2_MISSING_ARGS:
+ return "Missing arguments";
+ case ARGON2_ENCODING_FAIL:
+ return "Encoding failed";
+ case ARGON2_DECODING_FAIL:
+ return "Decoding failed";
+ case ARGON2_THREAD_FAIL:
+ return "Threading failure";
+ case ARGON2_DECODING_LENGTH_FAIL:
+ return "Some of encoded parameters are too long or too short";
+ case ARGON2_VERIFY_MISMATCH:
+ return "The password does not match the supplied hash";
+ default:
+ return "Unknown error code";
+ }
+}
+
+size_t argon2_encodedlen(uint32_t t_cost, uint32_t m_cost, uint32_t parallelism,
+ uint32_t saltlen, uint32_t hashlen, argon2_type type) {
+ return strlen("$$v=$m=,t=,p=$$") + strlen(argon2_type2string(type, 0)) +
+ numlen(t_cost) + numlen(m_cost) + numlen(parallelism) +
+ b64len(saltlen) + b64len(hashlen) + numlen(ARGON2_VERSION_NUMBER) + 1;
+}
diff --git a/crypto/src/main/jni/argon2/src/blake2/blake2-impl.h b/crypto/src/main/jni/argon2/src/blake2/blake2-impl.h
new file mode 100644
index 000000000..80f970377
--- /dev/null
+++ b/crypto/src/main/jni/argon2/src/blake2/blake2-impl.h
@@ -0,0 +1,156 @@
+/*
+ * Argon2 reference source code package - reference C implementations
+ *
+ * Copyright 2015
+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
+ *
+ * You may use this work under the terms of a Creative Commons CC0 1.0
+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of
+ * these licenses can be found at:
+ *
+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * You should have received a copy of both of these licenses along with this
+ * software. If not, they may be obtained at the above URLs.
+ */
+
+#ifndef PORTABLE_BLAKE2_IMPL_H
+#define PORTABLE_BLAKE2_IMPL_H
+
+#include
+#include
+
+#if defined(_MSC_VER)
+#define BLAKE2_INLINE __inline
+#elif defined(__GNUC__) || defined(__clang__)
+#define BLAKE2_INLINE __inline__
+#else
+#define BLAKE2_INLINE
+#endif
+
+/* Argon2 Team - Begin Code */
+/*
+ Not an exhaustive list, but should cover the majority of modern platforms
+ Additionally, the code will always be correct---this is only a performance
+ tweak.
+*/
+#if (defined(__BYTE_ORDER__) && \
+ (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__)) || \
+ defined(__LITTLE_ENDIAN__) || defined(__ARMEL__) || defined(__MIPSEL__) || \
+ defined(__AARCH64EL__) || defined(__amd64__) || defined(__i386__) || \
+ defined(_M_IX86) || defined(_M_X64) || defined(_M_AMD64) || \
+ defined(_M_ARM)
+#define NATIVE_LITTLE_ENDIAN
+#endif
+/* Argon2 Team - End Code */
+
+static BLAKE2_INLINE uint32_t load32(const void *src) {
+#if defined(NATIVE_LITTLE_ENDIAN)
+ uint32_t w;
+ memcpy(&w, src, sizeof w);
+ return w;
+#else
+ const uint8_t *p = (const uint8_t *)src;
+ uint32_t w = *p++;
+ w |= (uint32_t)(*p++) << 8;
+ w |= (uint32_t)(*p++) << 16;
+ w |= (uint32_t)(*p++) << 24;
+ return w;
+#endif
+}
+
+static BLAKE2_INLINE uint64_t load64(const void *src) {
+#if defined(NATIVE_LITTLE_ENDIAN)
+ uint64_t w;
+ memcpy(&w, src, sizeof w);
+ return w;
+#else
+ const uint8_t *p = (const uint8_t *)src;
+ uint64_t w = *p++;
+ w |= (uint64_t)(*p++) << 8;
+ w |= (uint64_t)(*p++) << 16;
+ w |= (uint64_t)(*p++) << 24;
+ w |= (uint64_t)(*p++) << 32;
+ w |= (uint64_t)(*p++) << 40;
+ w |= (uint64_t)(*p++) << 48;
+ w |= (uint64_t)(*p++) << 56;
+ return w;
+#endif
+}
+
+static BLAKE2_INLINE void store32(void *dst, uint32_t w) {
+#if defined(NATIVE_LITTLE_ENDIAN)
+ memcpy(dst, &w, sizeof w);
+#else
+ uint8_t *p = (uint8_t *)dst;
+ *p++ = (uint8_t)w;
+ w >>= 8;
+ *p++ = (uint8_t)w;
+ w >>= 8;
+ *p++ = (uint8_t)w;
+ w >>= 8;
+ *p++ = (uint8_t)w;
+#endif
+}
+
+static BLAKE2_INLINE void store64(void *dst, uint64_t w) {
+#if defined(NATIVE_LITTLE_ENDIAN)
+ memcpy(dst, &w, sizeof w);
+#else
+ uint8_t *p = (uint8_t *)dst;
+ *p++ = (uint8_t)w;
+ w >>= 8;
+ *p++ = (uint8_t)w;
+ w >>= 8;
+ *p++ = (uint8_t)w;
+ w >>= 8;
+ *p++ = (uint8_t)w;
+ w >>= 8;
+ *p++ = (uint8_t)w;
+ w >>= 8;
+ *p++ = (uint8_t)w;
+ w >>= 8;
+ *p++ = (uint8_t)w;
+ w >>= 8;
+ *p++ = (uint8_t)w;
+#endif
+}
+
+static BLAKE2_INLINE uint64_t load48(const void *src) {
+ const uint8_t *p = (const uint8_t *)src;
+ uint64_t w = *p++;
+ w |= (uint64_t)(*p++) << 8;
+ w |= (uint64_t)(*p++) << 16;
+ w |= (uint64_t)(*p++) << 24;
+ w |= (uint64_t)(*p++) << 32;
+ w |= (uint64_t)(*p++) << 40;
+ return w;
+}
+
+static BLAKE2_INLINE void store48(void *dst, uint64_t w) {
+ uint8_t *p = (uint8_t *)dst;
+ *p++ = (uint8_t)w;
+ w >>= 8;
+ *p++ = (uint8_t)w;
+ w >>= 8;
+ *p++ = (uint8_t)w;
+ w >>= 8;
+ *p++ = (uint8_t)w;
+ w >>= 8;
+ *p++ = (uint8_t)w;
+ w >>= 8;
+ *p++ = (uint8_t)w;
+}
+
+static BLAKE2_INLINE uint32_t rotr32(const uint32_t w, const unsigned c) {
+ return (w >> c) | (w << (32 - c));
+}
+
+static BLAKE2_INLINE uint64_t rotr64(const uint64_t w, const unsigned c) {
+ return (w >> c) | (w << (64 - c));
+}
+
+void clear_internal_memory(void *v, size_t n);
+
+#endif
diff --git a/crypto/src/main/jni/argon2/src/blake2/blake2.h b/crypto/src/main/jni/argon2/src/blake2/blake2.h
new file mode 100644
index 000000000..0168e0ff0
--- /dev/null
+++ b/crypto/src/main/jni/argon2/src/blake2/blake2.h
@@ -0,0 +1,91 @@
+/*
+ * Argon2 reference source code package - reference C implementations
+ *
+ * Copyright 2015
+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
+ *
+ * You may use this work under the terms of a Creative Commons CC0 1.0
+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of
+ * these licenses can be found at:
+ *
+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * You should have received a copy of both of these licenses along with this
+ * software. If not, they may be obtained at the above URLs.
+ */
+
+#ifndef PORTABLE_BLAKE2_H
+#define PORTABLE_BLAKE2_H
+
+#include
+#include
+#include
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+enum blake2b_constant {
+ BLAKE2B_BLOCKBYTES = 128,
+ BLAKE2B_OUTBYTES = 64,
+ BLAKE2B_KEYBYTES = 64,
+ BLAKE2B_SALTBYTES = 16,
+ BLAKE2B_PERSONALBYTES = 16
+};
+
+#pragma pack(push, 1)
+typedef struct __blake2b_param {
+ uint8_t digest_length; /* 1 */
+ uint8_t key_length; /* 2 */
+ uint8_t fanout; /* 3 */
+ uint8_t depth; /* 4 */
+ uint32_t leaf_length; /* 8 */
+ uint64_t node_offset; /* 16 */
+ uint8_t node_depth; /* 17 */
+ uint8_t inner_length; /* 18 */
+ uint8_t reserved[14]; /* 32 */
+ uint8_t salt[BLAKE2B_SALTBYTES]; /* 48 */
+ uint8_t personal[BLAKE2B_PERSONALBYTES]; /* 64 */
+} blake2b_param;
+#pragma pack(pop)
+
+typedef struct __blake2b_state {
+ uint64_t h[8];
+ uint64_t t[2];
+ uint64_t f[2];
+ uint8_t buf[BLAKE2B_BLOCKBYTES];
+ unsigned buflen;
+ unsigned outlen;
+ uint8_t last_node;
+} blake2b_state;
+
+/* Ensure param structs have not been wrongly padded */
+/* Poor man's static_assert */
+enum {
+ blake2_size_check_0 = 1 / !!(CHAR_BIT == 8),
+ blake2_size_check_2 =
+ 1 / !!(sizeof(blake2b_param) == sizeof(uint64_t) * CHAR_BIT)
+};
+
+/* Streaming API */
+int blake2b_init(blake2b_state *S, size_t outlen);
+int blake2b_init_key(blake2b_state *S, size_t outlen, const void *key,
+ size_t keylen);
+int blake2b_init_param(blake2b_state *S, const blake2b_param *P);
+int blake2b_update(blake2b_state *S, const void *in, size_t inlen);
+int blake2b_final(blake2b_state *S, void *out, size_t outlen);
+
+/* Simple API */
+int blake2b(void *out, size_t outlen, const void *in, size_t inlen,
+ const void *key, size_t keylen);
+
+/* Argon2 Team - Begin Code */
+int blake2b_long(void *out, size_t outlen, const void *in, size_t inlen);
+/* Argon2 Team - End Code */
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif
diff --git a/crypto/src/main/jni/argon2/src/blake2/blake2b.c b/crypto/src/main/jni/argon2/src/blake2/blake2b.c
new file mode 100644
index 000000000..156476e77
--- /dev/null
+++ b/crypto/src/main/jni/argon2/src/blake2/blake2b.c
@@ -0,0 +1,390 @@
+/*
+ * Argon2 reference source code package - reference C implementations
+ *
+ * Copyright 2015
+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
+ *
+ * You may use this work under the terms of a Creative Commons CC0 1.0
+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of
+ * these licenses can be found at:
+ *
+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * You should have received a copy of both of these licenses along with this
+ * software. If not, they may be obtained at the above URLs.
+ */
+
+#include
+#include
+#include
+
+#include "blake2.h"
+#include "blake2-impl.h"
+
+static const uint64_t blake2b_IV[8] = {
+ UINT64_C(0x6a09e667f3bcc908), UINT64_C(0xbb67ae8584caa73b),
+ UINT64_C(0x3c6ef372fe94f82b), UINT64_C(0xa54ff53a5f1d36f1),
+ UINT64_C(0x510e527fade682d1), UINT64_C(0x9b05688c2b3e6c1f),
+ UINT64_C(0x1f83d9abfb41bd6b), UINT64_C(0x5be0cd19137e2179)};
+
+static const unsigned int blake2b_sigma[12][16] = {
+ {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15},
+ {14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3},
+ {11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4},
+ {7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8},
+ {9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13},
+ {2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9},
+ {12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11},
+ {13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10},
+ {6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5},
+ {10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0},
+ {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15},
+ {14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3},
+};
+
+static BLAKE2_INLINE void blake2b_set_lastnode(blake2b_state *S) {
+ S->f[1] = (uint64_t)-1;
+}
+
+static BLAKE2_INLINE void blake2b_set_lastblock(blake2b_state *S) {
+ if (S->last_node) {
+ blake2b_set_lastnode(S);
+ }
+ S->f[0] = (uint64_t)-1;
+}
+
+static BLAKE2_INLINE void blake2b_increment_counter(blake2b_state *S,
+ uint64_t inc) {
+ S->t[0] += inc;
+ S->t[1] += (S->t[0] < inc);
+}
+
+static BLAKE2_INLINE void blake2b_invalidate_state(blake2b_state *S) {
+ clear_internal_memory(S, sizeof(*S)); /* wipe */
+ blake2b_set_lastblock(S); /* invalidate for further use */
+}
+
+static BLAKE2_INLINE void blake2b_init0(blake2b_state *S) {
+ memset(S, 0, sizeof(*S));
+ memcpy(S->h, blake2b_IV, sizeof(S->h));
+}
+
+int blake2b_init_param(blake2b_state *S, const blake2b_param *P) {
+ const unsigned char *p = (const unsigned char *)P;
+ unsigned int i;
+
+ if (NULL == P || NULL == S) {
+ return -1;
+ }
+
+ blake2b_init0(S);
+ /* IV XOR Parameter Block */
+ for (i = 0; i < 8; ++i) {
+ S->h[i] ^= load64(&p[i * sizeof(S->h[i])]);
+ }
+ S->outlen = P->digest_length;
+ return 0;
+}
+
+/* Sequential blake2b initialization */
+int blake2b_init(blake2b_state *S, size_t outlen) {
+ blake2b_param P;
+
+ if (S == NULL) {
+ return -1;
+ }
+
+ if ((outlen == 0) || (outlen > BLAKE2B_OUTBYTES)) {
+ blake2b_invalidate_state(S);
+ return -1;
+ }
+
+ /* Setup Parameter Block for unkeyed BLAKE2 */
+ P.digest_length = (uint8_t)outlen;
+ P.key_length = 0;
+ P.fanout = 1;
+ P.depth = 1;
+ P.leaf_length = 0;
+ P.node_offset = 0;
+ P.node_depth = 0;
+ P.inner_length = 0;
+ memset(P.reserved, 0, sizeof(P.reserved));
+ memset(P.salt, 0, sizeof(P.salt));
+ memset(P.personal, 0, sizeof(P.personal));
+
+ return blake2b_init_param(S, &P);
+}
+
+int blake2b_init_key(blake2b_state *S, size_t outlen, const void *key,
+ size_t keylen) {
+ blake2b_param P;
+
+ if (S == NULL) {
+ return -1;
+ }
+
+ if ((outlen == 0) || (outlen > BLAKE2B_OUTBYTES)) {
+ blake2b_invalidate_state(S);
+ return -1;
+ }
+
+ if ((key == 0) || (keylen == 0) || (keylen > BLAKE2B_KEYBYTES)) {
+ blake2b_invalidate_state(S);
+ return -1;
+ }
+
+ /* Setup Parameter Block for keyed BLAKE2 */
+ P.digest_length = (uint8_t)outlen;
+ P.key_length = (uint8_t)keylen;
+ P.fanout = 1;
+ P.depth = 1;
+ P.leaf_length = 0;
+ P.node_offset = 0;
+ P.node_depth = 0;
+ P.inner_length = 0;
+ memset(P.reserved, 0, sizeof(P.reserved));
+ memset(P.salt, 0, sizeof(P.salt));
+ memset(P.personal, 0, sizeof(P.personal));
+
+ if (blake2b_init_param(S, &P) < 0) {
+ blake2b_invalidate_state(S);
+ return -1;
+ }
+
+ {
+ uint8_t block[BLAKE2B_BLOCKBYTES];
+ memset(block, 0, BLAKE2B_BLOCKBYTES);
+ memcpy(block, key, keylen);
+ blake2b_update(S, block, BLAKE2B_BLOCKBYTES);
+ /* Burn the key from stack */
+ clear_internal_memory(block, BLAKE2B_BLOCKBYTES);
+ }
+ return 0;
+}
+
+static void blake2b_compress(blake2b_state *S, const uint8_t *block) {
+ uint64_t m[16];
+ uint64_t v[16];
+ unsigned int i, r;
+
+ for (i = 0; i < 16; ++i) {
+ m[i] = load64(block + i * sizeof(m[i]));
+ }
+
+ for (i = 0; i < 8; ++i) {
+ v[i] = S->h[i];
+ }
+
+ v[8] = blake2b_IV[0];
+ v[9] = blake2b_IV[1];
+ v[10] = blake2b_IV[2];
+ v[11] = blake2b_IV[3];
+ v[12] = blake2b_IV[4] ^ S->t[0];
+ v[13] = blake2b_IV[5] ^ S->t[1];
+ v[14] = blake2b_IV[6] ^ S->f[0];
+ v[15] = blake2b_IV[7] ^ S->f[1];
+
+#define G(r, i, a, b, c, d) \
+ do { \
+ a = a + b + m[blake2b_sigma[r][2 * i + 0]]; \
+ d = rotr64(d ^ a, 32); \
+ c = c + d; \
+ b = rotr64(b ^ c, 24); \
+ a = a + b + m[blake2b_sigma[r][2 * i + 1]]; \
+ d = rotr64(d ^ a, 16); \
+ c = c + d; \
+ b = rotr64(b ^ c, 63); \
+ } while ((void)0, 0)
+
+#define ROUND(r) \
+ do { \
+ G(r, 0, v[0], v[4], v[8], v[12]); \
+ G(r, 1, v[1], v[5], v[9], v[13]); \
+ G(r, 2, v[2], v[6], v[10], v[14]); \
+ G(r, 3, v[3], v[7], v[11], v[15]); \
+ G(r, 4, v[0], v[5], v[10], v[15]); \
+ G(r, 5, v[1], v[6], v[11], v[12]); \
+ G(r, 6, v[2], v[7], v[8], v[13]); \
+ G(r, 7, v[3], v[4], v[9], v[14]); \
+ } while ((void)0, 0)
+
+ for (r = 0; r < 12; ++r) {
+ ROUND(r);
+ }
+
+ for (i = 0; i < 8; ++i) {
+ S->h[i] = S->h[i] ^ v[i] ^ v[i + 8];
+ }
+
+#undef G
+#undef ROUND
+}
+
+int blake2b_update(blake2b_state *S, const void *in, size_t inlen) {
+ const uint8_t *pin = (const uint8_t *)in;
+
+ if (inlen == 0) {
+ return 0;
+ }
+
+ /* Sanity check */
+ if (S == NULL || in == NULL) {
+ return -1;
+ }
+
+ /* Is this a reused state? */
+ if (S->f[0] != 0) {
+ return -1;
+ }
+
+ if (S->buflen + inlen > BLAKE2B_BLOCKBYTES) {
+ /* Complete current block */
+ size_t left = S->buflen;
+ size_t fill = BLAKE2B_BLOCKBYTES - left;
+ memcpy(&S->buf[left], pin, fill);
+ blake2b_increment_counter(S, BLAKE2B_BLOCKBYTES);
+ blake2b_compress(S, S->buf);
+ S->buflen = 0;
+ inlen -= fill;
+ pin += fill;
+ /* Avoid buffer copies when possible */
+ while (inlen > BLAKE2B_BLOCKBYTES) {
+ blake2b_increment_counter(S, BLAKE2B_BLOCKBYTES);
+ blake2b_compress(S, pin);
+ inlen -= BLAKE2B_BLOCKBYTES;
+ pin += BLAKE2B_BLOCKBYTES;
+ }
+ }
+ memcpy(&S->buf[S->buflen], pin, inlen);
+ S->buflen += (unsigned int)inlen;
+ return 0;
+}
+
+int blake2b_final(blake2b_state *S, void *out, size_t outlen) {
+ uint8_t buffer[BLAKE2B_OUTBYTES] = {0};
+ unsigned int i;
+
+ /* Sanity checks */
+ if (S == NULL || out == NULL || outlen < S->outlen) {
+ return -1;
+ }
+
+ /* Is this a reused state? */
+ if (S->f[0] != 0) {
+ return -1;
+ }
+
+ blake2b_increment_counter(S, S->buflen);
+ blake2b_set_lastblock(S);
+ memset(&S->buf[S->buflen], 0, BLAKE2B_BLOCKBYTES - S->buflen); /* Padding */
+ blake2b_compress(S, S->buf);
+
+ for (i = 0; i < 8; ++i) { /* Output full hash to temp buffer */
+ store64(buffer + sizeof(S->h[i]) * i, S->h[i]);
+ }
+
+ memcpy(out, buffer, S->outlen);
+ clear_internal_memory(buffer, sizeof(buffer));
+ clear_internal_memory(S->buf, sizeof(S->buf));
+ clear_internal_memory(S->h, sizeof(S->h));
+ return 0;
+}
+
+int blake2b(void *out, size_t outlen, const void *in, size_t inlen,
+ const void *key, size_t keylen) {
+ blake2b_state S;
+ int ret = -1;
+
+ /* Verify parameters */
+ if (NULL == in && inlen > 0) {
+ goto fail;
+ }
+
+ if (NULL == out || outlen == 0 || outlen > BLAKE2B_OUTBYTES) {
+ goto fail;
+ }
+
+ if ((NULL == key && keylen > 0) || keylen > BLAKE2B_KEYBYTES) {
+ goto fail;
+ }
+
+ if (keylen > 0) {
+ if (blake2b_init_key(&S, outlen, key, keylen) < 0) {
+ goto fail;
+ }
+ } else {
+ if (blake2b_init(&S, outlen) < 0) {
+ goto fail;
+ }
+ }
+
+ if (blake2b_update(&S, in, inlen) < 0) {
+ goto fail;
+ }
+ ret = blake2b_final(&S, out, outlen);
+
+fail:
+ clear_internal_memory(&S, sizeof(S));
+ return ret;
+}
+
+/* Argon2 Team - Begin Code */
+int blake2b_long(void *pout, size_t outlen, const void *in, size_t inlen) {
+ uint8_t *out = (uint8_t *)pout;
+ blake2b_state blake_state;
+ uint8_t outlen_bytes[sizeof(uint32_t)] = {0};
+ int ret = -1;
+
+ if (outlen > UINT32_MAX) {
+ goto fail;
+ }
+
+ /* Ensure little-endian byte order! */
+ store32(outlen_bytes, (uint32_t)outlen);
+
+#define TRY(statement) \
+ do { \
+ ret = statement; \
+ if (ret < 0) { \
+ goto fail; \
+ } \
+ } while ((void)0, 0)
+
+ if (outlen <= BLAKE2B_OUTBYTES) {
+ TRY(blake2b_init(&blake_state, outlen));
+ TRY(blake2b_update(&blake_state, outlen_bytes, sizeof(outlen_bytes)));
+ TRY(blake2b_update(&blake_state, in, inlen));
+ TRY(blake2b_final(&blake_state, out, outlen));
+ } else {
+ uint32_t toproduce;
+ uint8_t out_buffer[BLAKE2B_OUTBYTES];
+ uint8_t in_buffer[BLAKE2B_OUTBYTES];
+ TRY(blake2b_init(&blake_state, BLAKE2B_OUTBYTES));
+ TRY(blake2b_update(&blake_state, outlen_bytes, sizeof(outlen_bytes)));
+ TRY(blake2b_update(&blake_state, in, inlen));
+ TRY(blake2b_final(&blake_state, out_buffer, BLAKE2B_OUTBYTES));
+ memcpy(out, out_buffer, BLAKE2B_OUTBYTES / 2);
+ out += BLAKE2B_OUTBYTES / 2;
+ toproduce = (uint32_t)outlen - BLAKE2B_OUTBYTES / 2;
+
+ while (toproduce > BLAKE2B_OUTBYTES) {
+ memcpy(in_buffer, out_buffer, BLAKE2B_OUTBYTES);
+ TRY(blake2b(out_buffer, BLAKE2B_OUTBYTES, in_buffer,
+ BLAKE2B_OUTBYTES, NULL, 0));
+ memcpy(out, out_buffer, BLAKE2B_OUTBYTES / 2);
+ out += BLAKE2B_OUTBYTES / 2;
+ toproduce -= BLAKE2B_OUTBYTES / 2;
+ }
+
+ memcpy(in_buffer, out_buffer, BLAKE2B_OUTBYTES);
+ TRY(blake2b(out_buffer, toproduce, in_buffer, BLAKE2B_OUTBYTES, NULL,
+ 0));
+ memcpy(out, out_buffer, toproduce);
+ }
+fail:
+ clear_internal_memory(&blake_state, sizeof(blake_state));
+ return ret;
+#undef TRY
+}
+/* Argon2 Team - End Code */
diff --git a/crypto/src/main/jni/argon2/src/blake2/blamka-round-ref.h b/crypto/src/main/jni/argon2/src/blake2/blamka-round-ref.h
new file mode 100644
index 000000000..db9864d7e
--- /dev/null
+++ b/crypto/src/main/jni/argon2/src/blake2/blamka-round-ref.h
@@ -0,0 +1,56 @@
+/*
+ * Argon2 reference source code package - reference C implementations
+ *
+ * Copyright 2015
+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
+ *
+ * You may use this work under the terms of a Creative Commons CC0 1.0
+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of
+ * these licenses can be found at:
+ *
+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * You should have received a copy of both of these licenses along with this
+ * software. If not, they may be obtained at the above URLs.
+ */
+
+#ifndef BLAKE_ROUND_MKA_H
+#define BLAKE_ROUND_MKA_H
+
+#include "blake2.h"
+#include "blake2-impl.h"
+
+/*designed by the Lyra PHC team */
+static BLAKE2_INLINE uint64_t fBlaMka(uint64_t x, uint64_t y) {
+ const uint64_t m = UINT64_C(0xFFFFFFFF);
+ const uint64_t xy = (x & m) * (y & m);
+ return x + y + 2 * xy;
+}
+
+#define G(a, b, c, d) \
+ do { \
+ a = fBlaMka(a, b); \
+ d = rotr64(d ^ a, 32); \
+ c = fBlaMka(c, d); \
+ b = rotr64(b ^ c, 24); \
+ a = fBlaMka(a, b); \
+ d = rotr64(d ^ a, 16); \
+ c = fBlaMka(c, d); \
+ b = rotr64(b ^ c, 63); \
+ } while ((void)0, 0)
+
+#define BLAKE2_ROUND_NOMSG(v0, v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, \
+ v12, v13, v14, v15) \
+ do { \
+ G(v0, v4, v8, v12); \
+ G(v1, v5, v9, v13); \
+ G(v2, v6, v10, v14); \
+ G(v3, v7, v11, v15); \
+ G(v0, v5, v10, v15); \
+ G(v1, v6, v11, v12); \
+ G(v2, v7, v8, v13); \
+ G(v3, v4, v9, v14); \
+ } while ((void)0, 0)
+
+#endif
diff --git a/crypto/src/main/jni/argon2/src/core.c b/crypto/src/main/jni/argon2/src/core.c
new file mode 100644
index 000000000..b18f236cf
--- /dev/null
+++ b/crypto/src/main/jni/argon2/src/core.c
@@ -0,0 +1,605 @@
+/*
+ * Argon2 reference source code package - reference C implementations
+ *
+ * Copyright 2015
+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
+ *
+ * You may use this work under the terms of a Creative Commons CC0 1.0
+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of
+ * these licenses can be found at:
+ *
+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * You should have received a copy of both of these licenses along with this
+ * software. If not, they may be obtained at the above URLs.
+ */
+
+/*For memory wiping*/
+#ifdef _MSC_VER
+#include
+#include /* For SecureZeroMemory */
+#endif
+#if defined __STDC_LIB_EXT1__
+#define __STDC_WANT_LIB_EXT1__ 1
+#endif
+#define VC_GE_2005(version) (version >= 1400)
+
+#include
+#include
+#include
+#include
+
+#include "core.h"
+#include "thread.h"
+#include "blake2/blake2.h"
+#include "blake2/blake2-impl.h"
+
+#ifdef GENKAT
+#include "genkat.h"
+#endif
+
+#if defined(__clang__)
+#if __has_attribute(optnone)
+#define NOT_OPTIMIZED __attribute__((optnone))
+#endif
+#elif defined(__GNUC__)
+#define GCC_VERSION \
+ (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__)
+#if GCC_VERSION >= 40400
+#define NOT_OPTIMIZED __attribute__((optimize("O0")))
+#endif
+#endif
+#ifndef NOT_OPTIMIZED
+#define NOT_OPTIMIZED
+#endif
+
+/***************Instance and Position constructors**********/
+void init_block_value(block *b, uint8_t in) { memset(b->v, in, sizeof(b->v)); }
+
+void copy_block(block *dst, const block *src) {
+ memcpy(dst->v, src->v, sizeof(uint64_t) * ARGON2_QWORDS_IN_BLOCK);
+}
+
+void xor_block(block *dst, const block *src) {
+ int i;
+ for (i = 0; i < ARGON2_QWORDS_IN_BLOCK; ++i) {
+ dst->v[i] ^= src->v[i];
+ }
+}
+
+static void load_block(block *dst, const void *input) {
+ unsigned i;
+ for (i = 0; i < ARGON2_QWORDS_IN_BLOCK; ++i) {
+ dst->v[i] = load64((const uint8_t *)input + i * sizeof(dst->v[i]));
+ }
+}
+
+static void store_block(void *output, const block *src) {
+ unsigned i;
+ for (i = 0; i < ARGON2_QWORDS_IN_BLOCK; ++i) {
+ store64((uint8_t *)output + i * sizeof(src->v[i]), src->v[i]);
+ }
+}
+
+/***************Memory functions*****************/
+
+int allocate_memory(const argon2_context *context, uint8_t **memory,
+ size_t num, size_t size) {
+ size_t memory_size = num*size;
+ if (memory == NULL) {
+ return ARGON2_MEMORY_ALLOCATION_ERROR;
+ }
+
+ /* 1. Check for multiplication overflow */
+ if (size != 0 && memory_size / size != num) {
+ return ARGON2_MEMORY_ALLOCATION_ERROR;
+ }
+
+ /* 2. Try to allocate with appropriate allocator */
+ if (context->allocate_cbk) {
+ (context->allocate_cbk)(memory, memory_size);
+ } else {
+ *memory = malloc(memory_size);
+ }
+
+ if (*memory == NULL) {
+ return ARGON2_MEMORY_ALLOCATION_ERROR;
+ }
+
+ return ARGON2_OK;
+}
+
+void free_memory(const argon2_context *context, uint8_t *memory,
+ size_t num, size_t size) {
+ size_t memory_size = num*size;
+ clear_internal_memory(memory, memory_size);
+ if (context->free_cbk) {
+ (context->free_cbk)(memory, memory_size);
+ } else {
+ free(memory);
+ }
+}
+
+void NOT_OPTIMIZED secure_wipe_memory(void *v, size_t n) {
+#if defined(_MSC_VER) && VC_GE_2005(_MSC_VER)
+ SecureZeroMemory(v, n);
+#elif defined memset_s
+ memset_s(v, n, 0, n);
+#elif defined(__OpenBSD__)
+ explicit_bzero(v, n);
+#else
+ static void *(*const volatile memset_sec)(void *, int, size_t) = &memset;
+ memset_sec(v, 0, n);
+#endif
+}
+
+/* Memory clear flag defaults to true. */
+int FLAG_clear_internal_memory = 1;
+void clear_internal_memory(void *v, size_t n) {
+ if (FLAG_clear_internal_memory && v) {
+ secure_wipe_memory(v, n);
+ }
+}
+
+void finalize(const argon2_context *context, argon2_instance_t *instance) {
+ if (context != NULL && instance != NULL) {
+ block blockhash;
+ uint32_t l;
+
+ copy_block(&blockhash, instance->memory + instance->lane_length - 1);
+
+ /* XOR the last blocks */
+ for (l = 1; l < instance->lanes; ++l) {
+ uint32_t last_block_in_lane =
+ l * instance->lane_length + (instance->lane_length - 1);
+ xor_block(&blockhash, instance->memory + last_block_in_lane);
+ }
+
+ /* Hash the result */
+ {
+ uint8_t blockhash_bytes[ARGON2_BLOCK_SIZE];
+ store_block(blockhash_bytes, &blockhash);
+ blake2b_long(context->out, context->outlen, blockhash_bytes,
+ ARGON2_BLOCK_SIZE);
+ /* clear blockhash and blockhash_bytes */
+ clear_internal_memory(blockhash.v, ARGON2_BLOCK_SIZE);
+ clear_internal_memory(blockhash_bytes, ARGON2_BLOCK_SIZE);
+ }
+
+#ifdef GENKAT
+ print_tag(context->out, context->outlen);
+#endif
+
+ free_memory(context, (uint8_t *)instance->memory,
+ instance->memory_blocks, sizeof(block));
+ }
+}
+
+uint32_t index_alpha(const argon2_instance_t *instance,
+ const argon2_position_t *position, uint32_t pseudo_rand,
+ int same_lane) {
+ /*
+ * Pass 0:
+ * This lane : all already finished segments plus already constructed
+ * blocks in this segment
+ * Other lanes : all already finished segments
+ * Pass 1+:
+ * This lane : (SYNC_POINTS - 1) last segments plus already constructed
+ * blocks in this segment
+ * Other lanes : (SYNC_POINTS - 1) last segments
+ */
+ uint32_t reference_area_size;
+ uint64_t relative_position;
+ uint32_t start_position, absolute_position;
+
+ if (0 == position->pass) {
+ /* First pass */
+ if (0 == position->slice) {
+ /* First slice */
+ reference_area_size =
+ position->index - 1; /* all but the previous */
+ } else {
+ if (same_lane) {
+ /* The same lane => add current segment */
+ reference_area_size =
+ position->slice * instance->segment_length +
+ position->index - 1;
+ } else {
+ reference_area_size =
+ position->slice * instance->segment_length +
+ ((position->index == 0) ? (-1) : 0);
+ }
+ }
+ } else {
+ /* Second pass */
+ if (same_lane) {
+ reference_area_size = instance->lane_length -
+ instance->segment_length + position->index -
+ 1;
+ } else {
+ reference_area_size = instance->lane_length -
+ instance->segment_length +
+ ((position->index == 0) ? (-1) : 0);
+ }
+ }
+
+ /* 1.2.4. Mapping pseudo_rand to 0.. and produce
+ * relative position */
+ relative_position = pseudo_rand;
+ relative_position = relative_position * relative_position >> 32;
+ relative_position = reference_area_size - 1 -
+ (reference_area_size * relative_position >> 32);
+
+ /* 1.2.5 Computing starting position */
+ start_position = 0;
+
+ if (0 != position->pass) {
+ start_position = (position->slice == ARGON2_SYNC_POINTS - 1)
+ ? 0
+ : (position->slice + 1) * instance->segment_length;
+ }
+
+ /* 1.2.6. Computing absolute position */
+ absolute_position = (start_position + relative_position) %
+ instance->lane_length; /* absolute position */
+ return absolute_position;
+}
+
+#ifdef _WIN32
+static unsigned __stdcall fill_segment_thr(void *thread_data)
+#else
+static void *fill_segment_thr(void *thread_data)
+#endif
+{
+ argon2_thread_data *my_data = thread_data;
+ fill_segment(my_data->instance_ptr, my_data->pos);
+ argon2_thread_exit();
+ return 0;
+}
+
+int fill_memory_blocks(argon2_instance_t *instance) {
+ uint32_t r, s;
+ argon2_thread_handle_t *thread = NULL;
+ argon2_thread_data *thr_data = NULL;
+ int rc = ARGON2_OK;
+
+ if (instance == NULL || instance->lanes == 0) {
+ rc = ARGON2_THREAD_FAIL;
+ goto fail;
+ }
+
+ /* 1. Allocating space for threads */
+ thread = calloc(instance->lanes, sizeof(argon2_thread_handle_t));
+ if (thread == NULL) {
+ rc = ARGON2_MEMORY_ALLOCATION_ERROR;
+ goto fail;
+ }
+
+ thr_data = calloc(instance->lanes, sizeof(argon2_thread_data));
+ if (thr_data == NULL) {
+ rc = ARGON2_MEMORY_ALLOCATION_ERROR;
+ goto fail;
+ }
+
+ for (r = 0; r < instance->passes; ++r) {
+ for (s = 0; s < ARGON2_SYNC_POINTS; ++s) {
+ uint32_t l;
+
+ /* 2. Calling threads */
+ for (l = 0; l < instance->lanes; ++l) {
+ argon2_position_t position;
+
+ /* 2.1 Join a thread if limit is exceeded */
+ if (l >= instance->threads) {
+ if (argon2_thread_join(thread[l - instance->threads])) {
+ rc = ARGON2_THREAD_FAIL;
+ goto fail;
+ }
+ }
+
+ /* 2.2 Create thread */
+ position.pass = r;
+ position.lane = l;
+ position.slice = (uint8_t)s;
+ position.index = 0;
+ thr_data[l].instance_ptr =
+ instance; /* preparing the thread input */
+ memcpy(&(thr_data[l].pos), &position,
+ sizeof(argon2_position_t));
+ if (argon2_thread_create(&thread[l], &fill_segment_thr,
+ (void *)&thr_data[l])) {
+ rc = ARGON2_THREAD_FAIL;
+ goto fail;
+ }
+
+ /* fill_segment(instance, position); */
+ /*Non-thread equivalent of the lines above */
+ }
+
+ /* 3. Joining remaining threads */
+ for (l = instance->lanes - instance->threads; l < instance->lanes;
+ ++l) {
+ if (argon2_thread_join(thread[l])) {
+ rc = ARGON2_THREAD_FAIL;
+ goto fail;
+ }
+ }
+ }
+
+#ifdef GENKAT
+ internal_kat(instance, r); /* Print all memory blocks */
+#endif
+ }
+
+fail:
+ if (thread != NULL) {
+ free(thread);
+ }
+ if (thr_data != NULL) {
+ free(thr_data);
+ }
+ return rc;
+}
+
+int validate_inputs(const argon2_context *context) {
+ if (NULL == context) {
+ return ARGON2_INCORRECT_PARAMETER;
+ }
+
+ if (NULL == context->out) {
+ return ARGON2_OUTPUT_PTR_NULL;
+ }
+
+ /* Validate output length */
+ if (ARGON2_MIN_OUTLEN > context->outlen) {
+ return ARGON2_OUTPUT_TOO_SHORT;
+ }
+
+ if (ARGON2_MAX_OUTLEN < context->outlen) {
+ return ARGON2_OUTPUT_TOO_LONG;
+ }
+
+ /* Validate password (required param) */
+ if (NULL == context->pwd) {
+ if (0 != context->pwdlen) {
+ return ARGON2_PWD_PTR_MISMATCH;
+ }
+ }
+
+ if (ARGON2_MIN_PWD_LENGTH > context->pwdlen) {
+ return ARGON2_PWD_TOO_SHORT;
+ }
+
+ if (ARGON2_MAX_PWD_LENGTH < context->pwdlen) {
+ return ARGON2_PWD_TOO_LONG;
+ }
+
+ /* Validate salt (required param) */
+ if (NULL == context->salt) {
+ if (0 != context->saltlen) {
+ return ARGON2_SALT_PTR_MISMATCH;
+ }
+ }
+
+ if (ARGON2_MIN_SALT_LENGTH > context->saltlen) {
+ return ARGON2_SALT_TOO_SHORT;
+ }
+
+ if (ARGON2_MAX_SALT_LENGTH < context->saltlen) {
+ return ARGON2_SALT_TOO_LONG;
+ }
+
+ /* Validate secret (optional param) */
+ if (NULL == context->secret) {
+ if (0 != context->secretlen) {
+ return ARGON2_SECRET_PTR_MISMATCH;
+ }
+ } else {
+ if (ARGON2_MIN_SECRET > context->secretlen) {
+ return ARGON2_SECRET_TOO_SHORT;
+ }
+ if (ARGON2_MAX_SECRET < context->secretlen) {
+ return ARGON2_SECRET_TOO_LONG;
+ }
+ }
+
+ /* Validate associated data (optional param) */
+ if (NULL == context->ad) {
+ if (0 != context->adlen) {
+ return ARGON2_AD_PTR_MISMATCH;
+ }
+ } else {
+ if (ARGON2_MIN_AD_LENGTH > context->adlen) {
+ return ARGON2_AD_TOO_SHORT;
+ }
+ if (ARGON2_MAX_AD_LENGTH < context->adlen) {
+ return ARGON2_AD_TOO_LONG;
+ }
+ }
+
+ /* Validate memory cost */
+ if (ARGON2_MIN_MEMORY > context->m_cost) {
+ return ARGON2_MEMORY_TOO_LITTLE;
+ }
+
+ if (ARGON2_MAX_MEMORY < context->m_cost) {
+ return ARGON2_MEMORY_TOO_MUCH;
+ }
+
+ if (context->m_cost < 8 * context->lanes) {
+ return ARGON2_MEMORY_TOO_LITTLE;
+ }
+
+ /* Validate time cost */
+ if (ARGON2_MIN_TIME > context->t_cost) {
+ return ARGON2_TIME_TOO_SMALL;
+ }
+
+ if (ARGON2_MAX_TIME < context->t_cost) {
+ return ARGON2_TIME_TOO_LARGE;
+ }
+
+ /* Validate lanes */
+ if (ARGON2_MIN_LANES > context->lanes) {
+ return ARGON2_LANES_TOO_FEW;
+ }
+
+ if (ARGON2_MAX_LANES < context->lanes) {
+ return ARGON2_LANES_TOO_MANY;
+ }
+
+ /* Validate threads */
+ if (ARGON2_MIN_THREADS > context->threads) {
+ return ARGON2_THREADS_TOO_FEW;
+ }
+
+ if (ARGON2_MAX_THREADS < context->threads) {
+ return ARGON2_THREADS_TOO_MANY;
+ }
+
+ if (NULL != context->allocate_cbk && NULL == context->free_cbk) {
+ return ARGON2_FREE_MEMORY_CBK_NULL;
+ }
+
+ if (NULL == context->allocate_cbk && NULL != context->free_cbk) {
+ return ARGON2_ALLOCATE_MEMORY_CBK_NULL;
+ }
+
+ return ARGON2_OK;
+}
+
+void fill_first_blocks(uint8_t *blockhash, const argon2_instance_t *instance) {
+ uint32_t l;
+ /* Make the first and second block in each lane as G(H0||i||0) or
+ G(H0||i||1) */
+ uint8_t blockhash_bytes[ARGON2_BLOCK_SIZE];
+ for (l = 0; l < instance->lanes; ++l) {
+
+ store32(blockhash + ARGON2_PREHASH_DIGEST_LENGTH, 0);
+ store32(blockhash + ARGON2_PREHASH_DIGEST_LENGTH + 4, l);
+ blake2b_long(blockhash_bytes, ARGON2_BLOCK_SIZE, blockhash,
+ ARGON2_PREHASH_SEED_LENGTH);
+ load_block(&instance->memory[l * instance->lane_length + 0],
+ blockhash_bytes);
+
+ store32(blockhash + ARGON2_PREHASH_DIGEST_LENGTH, 1);
+ blake2b_long(blockhash_bytes, ARGON2_BLOCK_SIZE, blockhash,
+ ARGON2_PREHASH_SEED_LENGTH);
+ load_block(&instance->memory[l * instance->lane_length + 1],
+ blockhash_bytes);
+ }
+ clear_internal_memory(blockhash_bytes, ARGON2_BLOCK_SIZE);
+}
+
+void initial_hash(uint8_t *blockhash, argon2_context *context,
+ argon2_type type) {
+ blake2b_state BlakeHash;
+ uint8_t value[sizeof(uint32_t)];
+
+ if (NULL == context || NULL == blockhash) {
+ return;
+ }
+
+ blake2b_init(&BlakeHash, ARGON2_PREHASH_DIGEST_LENGTH);
+
+ store32(&value, context->lanes);
+ blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
+
+ store32(&value, context->outlen);
+ blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
+
+ store32(&value, context->m_cost);
+ blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
+
+ store32(&value, context->t_cost);
+ blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
+
+ store32(&value, context->version);
+ blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
+
+ store32(&value, (uint32_t)type);
+ blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
+
+ store32(&value, context->pwdlen);
+ blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
+
+ if (context->pwd != NULL) {
+ blake2b_update(&BlakeHash, (const uint8_t *)context->pwd,
+ context->pwdlen);
+
+ if (context->flags & ARGON2_FLAG_CLEAR_PASSWORD) {
+ secure_wipe_memory(context->pwd, context->pwdlen);
+ context->pwdlen = 0;
+ }
+ }
+
+ store32(&value, context->saltlen);
+ blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
+
+ if (context->salt != NULL) {
+ blake2b_update(&BlakeHash, (const uint8_t *)context->salt,
+ context->saltlen);
+ }
+
+ store32(&value, context->secretlen);
+ blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
+
+ if (context->secret != NULL) {
+ blake2b_update(&BlakeHash, (const uint8_t *)context->secret,
+ context->secretlen);
+
+ if (context->flags & ARGON2_FLAG_CLEAR_SECRET) {
+ secure_wipe_memory(context->secret, context->secretlen);
+ context->secretlen = 0;
+ }
+ }
+
+ store32(&value, context->adlen);
+ blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
+
+ if (context->ad != NULL) {
+ blake2b_update(&BlakeHash, (const uint8_t *)context->ad,
+ context->adlen);
+ }
+
+ blake2b_final(&BlakeHash, blockhash, ARGON2_PREHASH_DIGEST_LENGTH);
+}
+
+int initialize(argon2_instance_t *instance, argon2_context *context) {
+ uint8_t blockhash[ARGON2_PREHASH_SEED_LENGTH];
+ int result = ARGON2_OK;
+
+ if (instance == NULL || context == NULL)
+ return ARGON2_INCORRECT_PARAMETER;
+ instance->context_ptr = context;
+
+ /* 1. Memory allocation */
+ result = allocate_memory(context, (uint8_t **)&(instance->memory),
+ instance->memory_blocks, sizeof(block));
+ if (result != ARGON2_OK) {
+ return result;
+ }
+
+ /* 2. Initial hashing */
+ /* H_0 + 8 extra bytes to produce the first blocks */
+ /* uint8_t blockhash[ARGON2_PREHASH_SEED_LENGTH]; */
+ /* Hashing all inputs */
+ initial_hash(blockhash, context, instance->type);
+ /* Zeroing 8 extra bytes */
+ clear_internal_memory(blockhash + ARGON2_PREHASH_DIGEST_LENGTH,
+ ARGON2_PREHASH_SEED_LENGTH -
+ ARGON2_PREHASH_DIGEST_LENGTH);
+
+#ifdef GENKAT
+ initial_kat(blockhash, context, instance->type);
+#endif
+
+ /* 3. Creating first blocks, we always have at least two blocks in a slice
+ */
+ fill_first_blocks(blockhash, instance);
+ /* Clearing the hash */
+ clear_internal_memory(blockhash, ARGON2_PREHASH_SEED_LENGTH);
+
+ return ARGON2_OK;
+}
diff --git a/crypto/src/main/jni/argon2/src/core.h b/crypto/src/main/jni/argon2/src/core.h
new file mode 100644
index 000000000..a73a01f3d
--- /dev/null
+++ b/crypto/src/main/jni/argon2/src/core.h
@@ -0,0 +1,234 @@
+/*
+ * Argon2 reference source code package - reference C implementations
+ *
+ * Copyright 2015
+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
+ *
+ * You may use this work under the terms of a Creative Commons CC0 1.0
+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of
+ * these licenses can be found at:
+ *
+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * You should have received a copy of both of these licenses along with this
+ * software. If not, they may be obtained at the above URLs.
+ */
+
+#ifndef ARGON2_CORE_H
+#define ARGON2_CORE_H
+
+#include "argon2.h"
+
+#if defined(_MSC_VER)
+#define ALIGN(n) __declspec(align(16))
+#elif defined(__GNUC__) || defined(__clang)
+#define ALIGN(x) __attribute__((__aligned__(x)))
+#else
+#define ALIGN(x)
+#endif
+
+#define CONST_CAST(x) (x)(uintptr_t)
+
+/**********************Argon2 internal constants*******************************/
+
+enum argon2_core_constants {
+ /* Memory block size in bytes */
+ ARGON2_BLOCK_SIZE = 1024,
+ ARGON2_QWORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 8,
+ ARGON2_OWORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 16,
+
+ /* Number of pseudo-random values generated by one call to Blake in Argon2i
+ to
+ generate reference block positions */
+ ARGON2_ADDRESSES_IN_BLOCK = 128,
+
+ /* Pre-hashing digest length and its extension*/
+ ARGON2_PREHASH_DIGEST_LENGTH = 64,
+ ARGON2_PREHASH_SEED_LENGTH = 72
+};
+
+/*************************Argon2 internal data types***********************/
+
+/*
+ * Structure for the (1KB) memory block implemented as 128 64-bit words.
+ * Memory blocks can be copied, XORed. Internal words can be accessed by [] (no
+ * bounds checking).
+ */
+typedef struct block_ { uint64_t v[ARGON2_QWORDS_IN_BLOCK]; } block;
+
+/*****************Functions that work with the block******************/
+
+/* Initialize each byte of the block with @in */
+void init_block_value(block *b, uint8_t in);
+
+/* Copy block @src to block @dst */
+void copy_block(block *dst, const block *src);
+
+/* XOR @src onto @dst bytewise */
+void xor_block(block *dst, const block *src);
+
+/*
+ * Argon2 instance: memory pointer, number of passes, amount of memory, type,
+ * and derived values.
+ * Used to evaluate the number and location of blocks to construct in each
+ * thread
+ */
+typedef struct Argon2_instance_t {
+ block *memory; /* Memory pointer */
+ uint32_t version;
+ uint32_t passes; /* Number of passes */
+ uint32_t memory_blocks; /* Number of blocks in memory */
+ uint32_t segment_length;
+ uint32_t lane_length;
+ uint32_t lanes;
+ uint32_t threads;
+ argon2_type type;
+ int print_internals; /* whether to print the memory blocks */
+ argon2_context *context_ptr; /* points back to original context */
+} argon2_instance_t;
+
+/*
+ * Argon2 position: where we construct the block right now. Used to distribute
+ * work between threads.
+ */
+typedef struct Argon2_position_t {
+ uint32_t pass;
+ uint32_t lane;
+ uint8_t slice;
+ uint32_t index;
+} argon2_position_t;
+
+/*Struct that holds the inputs for thread handling FillSegment*/
+typedef struct Argon2_thread_data {
+ argon2_instance_t *instance_ptr;
+ argon2_position_t pos;
+} argon2_thread_data;
+
+/*************************Argon2 core functions********************************/
+
+/* Allocates memory to the given pointer, uses the appropriate allocator as
+ * specified in the context. Total allocated memory is num*size.
+ * @param context argon2_context which specifies the allocator
+ * @param memory pointer to the pointer to the memory
+ * @param size the size in bytes for each element to be allocated
+ * @param num the number of elements to be allocated
+ * @return ARGON2_OK if @memory is a valid pointer and memory is allocated
+ */
+int allocate_memory(const argon2_context *context, uint8_t **memory,
+ size_t num, size_t size);
+
+/*
+ * Frees memory at the given pointer, uses the appropriate deallocator as
+ * specified in the context. Also cleans the memory using clear_internal_memory.
+ * @param context argon2_context which specifies the deallocator
+ * @param memory pointer to buffer to be freed
+ * @param size the size in bytes for each element to be deallocated
+ * @param num the number of elements to be deallocated
+ */
+void free_memory(const argon2_context *context, uint8_t *memory,
+ size_t num, size_t size);
+
+/* Function that securely cleans the memory. This ignores any flags set
+ * regarding clearing memory. Usually one just calls clear_internal_memory.
+ * @param mem Pointer to the memory
+ * @param s Memory size in bytes
+ */
+void secure_wipe_memory(void *v, size_t n);
+
+/* Function that securely clears the memory if FLAG_clear_internal_memory is
+ * set. If the flag isn't set, this function does nothing.
+ * @param mem Pointer to the memory
+ * @param s Memory size in bytes
+ */
+void clear_internal_memory(void *v, size_t n);
+
+/*
+ * Computes absolute position of reference block in the lane following a skewed
+ * distribution and using a pseudo-random value as input
+ * @param instance Pointer to the current instance
+ * @param position Pointer to the current position
+ * @param pseudo_rand 32-bit pseudo-random value used to determine the position
+ * @param same_lane Indicates if the block will be taken from the current lane.
+ * If so we can reference the current segment
+ * @pre All pointers must be valid
+ */
+uint32_t index_alpha(const argon2_instance_t *instance,
+ const argon2_position_t *position, uint32_t pseudo_rand,
+ int same_lane);
+
+/*
+ * Function that validates all inputs against predefined restrictions and return
+ * an error code
+ * @param context Pointer to current Argon2 context
+ * @return ARGON2_OK if everything is all right, otherwise one of error codes
+ * (all defined in
+ */
+int validate_inputs(const argon2_context *context);
+
+/*
+ * Hashes all the inputs into @a blockhash[PREHASH_DIGEST_LENGTH], clears
+ * password and secret if needed
+ * @param context Pointer to the Argon2 internal structure containing memory
+ * pointer, and parameters for time and space requirements.
+ * @param blockhash Buffer for pre-hashing digest
+ * @param type Argon2 type
+ * @pre @a blockhash must have at least @a PREHASH_DIGEST_LENGTH bytes
+ * allocated
+ */
+void initial_hash(uint8_t *blockhash, argon2_context *context,
+ argon2_type type);
+
+/*
+ * Function creates first 2 blocks per lane
+ * @param instance Pointer to the current instance
+ * @param blockhash Pointer to the pre-hashing digest
+ * @pre blockhash must point to @a PREHASH_SEED_LENGTH allocated values
+ */
+void fill_first_blocks(uint8_t *blockhash, const argon2_instance_t *instance);
+
+/*
+ * Function allocates memory, hashes the inputs with Blake, and creates first
+ * two blocks. Returns the pointer to the main memory with 2 blocks per lane
+ * initialized
+ * @param context Pointer to the Argon2 internal structure containing memory
+ * pointer, and parameters for time and space requirements.
+ * @param instance Current Argon2 instance
+ * @return Zero if successful, -1 if memory failed to allocate. @context->state
+ * will be modified if successful.
+ */
+int initialize(argon2_instance_t *instance, argon2_context *context);
+
+/*
+ * XORing the last block of each lane, hashing it, making the tag. Deallocates
+ * the memory.
+ * @param context Pointer to current Argon2 context (use only the out parameters
+ * from it)
+ * @param instance Pointer to current instance of Argon2
+ * @pre instance->state must point to necessary amount of memory
+ * @pre context->out must point to outlen bytes of memory
+ * @pre if context->free_cbk is not NULL, it should point to a function that
+ * deallocates memory
+ */
+void finalize(const argon2_context *context, argon2_instance_t *instance);
+
+/*
+ * Function that fills the segment using previous segments also from other
+ * threads
+ * @param context current context
+ * @param instance Pointer to the current instance
+ * @param position Current position
+ * @pre all block pointers must be valid
+ */
+void fill_segment(const argon2_instance_t *instance,
+ argon2_position_t position);
+
+/*
+ * Function that fills the entire memory t_cost times based on the first two
+ * blocks in each lane
+ * @param instance Pointer to the current instance
+ * @return ARGON2_OK if successful, @context->state
+ */
+int fill_memory_blocks(argon2_instance_t *instance);
+
+#endif
diff --git a/crypto/src/main/jni/argon2/src/encoding.c b/crypto/src/main/jni/argon2/src/encoding.c
new file mode 100644
index 000000000..4fd965b23
--- /dev/null
+++ b/crypto/src/main/jni/argon2/src/encoding.c
@@ -0,0 +1,450 @@
+/*
+ * Argon2 reference source code package - reference C implementations
+ *
+ * Copyright 2015
+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
+ *
+ * You may use this work under the terms of a Creative Commons CC0 1.0
+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of
+ * these licenses can be found at:
+ *
+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * You should have received a copy of both of these licenses along with this
+ * software. If not, they may be obtained at the above URLs.
+ */
+
+#include
+#include
+#include
+#include
+#include "encoding.h"
+#include "core.h"
+
+/*
+ * Example code for a decoder and encoder of "hash strings", with Argon2
+ * parameters.
+ *
+ * This code comprises three sections:
+ *
+ * -- The first section contains generic Base64 encoding and decoding
+ * functions. It is conceptually applicable to any hash function
+ * implementation that uses Base64 to encode and decode parameters,
+ * salts and outputs. It could be made into a library, provided that
+ * the relevant functions are made public (non-static) and be given
+ * reasonable names to avoid collisions with other functions.
+ *
+ * -- The second section is specific to Argon2. It encodes and decodes
+ * the parameters, salts and outputs. It does not compute the hash
+ * itself.
+ *
+ * The code was originally written by Thomas Pornin ,
+ * to whom comments and remarks may be sent. It is released under what
+ * should amount to Public Domain or its closest equivalent; the
+ * following mantra is supposed to incarnate that fact with all the
+ * proper legal rituals:
+ *
+ * ---------------------------------------------------------------------
+ * This file is provided under the terms of Creative Commons CC0 1.0
+ * Public Domain Dedication. To the extent possible under law, the
+ * author (Thomas Pornin) has waived all copyright and related or
+ * neighboring rights to this file. This work is published from: Canada.
+ * ---------------------------------------------------------------------
+ *
+ * Copyright (c) 2015 Thomas Pornin
+ */
+
+/* ==================================================================== */
+/*
+ * Common code; could be shared between different hash functions.
+ *
+ * Note: the Base64 functions below assume that uppercase letters (resp.
+ * lowercase letters) have consecutive numerical codes, that fit on 8
+ * bits. All modern systems use ASCII-compatible charsets, where these
+ * properties are true. If you are stuck with a dinosaur of a system
+ * that still defaults to EBCDIC then you already have much bigger
+ * interoperability issues to deal with.
+ */
+
+/*
+ * Some macros for constant-time comparisons. These work over values in
+ * the 0..255 range. Returned value is 0x00 on "false", 0xFF on "true".
+ */
+#define EQ(x, y) ((((0U - ((unsigned)(x) ^ (unsigned)(y))) >> 8) & 0xFF) ^ 0xFF)
+#define GT(x, y) ((((unsigned)(y) - (unsigned)(x)) >> 8) & 0xFF)
+#define GE(x, y) (GT(y, x) ^ 0xFF)
+#define LT(x, y) GT(y, x)
+#define LE(x, y) GE(y, x)
+
+/*
+ * Convert value x (0..63) to corresponding Base64 character.
+ */
+static int b64_byte_to_char(unsigned x) {
+ return (LT(x, 26) & (x + 'A')) |
+ (GE(x, 26) & LT(x, 52) & (x + ('a' - 26))) |
+ (GE(x, 52) & LT(x, 62) & (x + ('0' - 52))) | (EQ(x, 62) & '+') |
+ (EQ(x, 63) & '/');
+}
+
+/*
+ * Convert character c to the corresponding 6-bit value. If character c
+ * is not a Base64 character, then 0xFF (255) is returned.
+ */
+static unsigned b64_char_to_byte(int c) {
+ unsigned x;
+
+ x = (GE(c, 'A') & LE(c, 'Z') & (c - 'A')) |
+ (GE(c, 'a') & LE(c, 'z') & (c - ('a' - 26))) |
+ (GE(c, '0') & LE(c, '9') & (c - ('0' - 52))) | (EQ(c, '+') & 62) |
+ (EQ(c, '/') & 63);
+ return x | (EQ(x, 0) & (EQ(c, 'A') ^ 0xFF));
+}
+
+/*
+ * Convert some bytes to Base64. 'dst_len' is the length (in characters)
+ * of the output buffer 'dst'; if that buffer is not large enough to
+ * receive the result (including the terminating 0), then (size_t)-1
+ * is returned. Otherwise, the zero-terminated Base64 string is written
+ * in the buffer, and the output length (counted WITHOUT the terminating
+ * zero) is returned.
+ */
+static size_t to_base64(char *dst, size_t dst_len, const void *src,
+ size_t src_len) {
+ size_t olen;
+ const unsigned char *buf;
+ unsigned acc, acc_len;
+
+ olen = (src_len / 3) << 2;
+ switch (src_len % 3) {
+ case 2:
+ olen++;
+ /* fall through */
+ case 1:
+ olen += 2;
+ break;
+ }
+ if (dst_len <= olen) {
+ return (size_t)-1;
+ }
+ acc = 0;
+ acc_len = 0;
+ buf = (const unsigned char *)src;
+ while (src_len-- > 0) {
+ acc = (acc << 8) + (*buf++);
+ acc_len += 8;
+ while (acc_len >= 6) {
+ acc_len -= 6;
+ *dst++ = (char)b64_byte_to_char((acc >> acc_len) & 0x3F);
+ }
+ }
+ if (acc_len > 0) {
+ *dst++ = (char)b64_byte_to_char((acc << (6 - acc_len)) & 0x3F);
+ }
+ *dst++ = 0;
+ return olen;
+}
+
+/*
+ * Decode Base64 chars into bytes. The '*dst_len' value must initially
+ * contain the length of the output buffer '*dst'; when the decoding
+ * ends, the actual number of decoded bytes is written back in
+ * '*dst_len'.
+ *
+ * Decoding stops when a non-Base64 character is encountered, or when
+ * the output buffer capacity is exceeded. If an error occurred (output
+ * buffer is too small, invalid last characters leading to unprocessed
+ * buffered bits), then NULL is returned; otherwise, the returned value
+ * points to the first non-Base64 character in the source stream, which
+ * may be the terminating zero.
+ */
+static const char *from_base64(void *dst, size_t *dst_len, const char *src) {
+ size_t len;
+ unsigned char *buf;
+ unsigned acc, acc_len;
+
+ buf = (unsigned char *)dst;
+ len = 0;
+ acc = 0;
+ acc_len = 0;
+ for (;;) {
+ unsigned d;
+
+ d = b64_char_to_byte(*src);
+ if (d == 0xFF) {
+ break;
+ }
+ src++;
+ acc = (acc << 6) + d;
+ acc_len += 6;
+ if (acc_len >= 8) {
+ acc_len -= 8;
+ if ((len++) >= *dst_len) {
+ return NULL;
+ }
+ *buf++ = (acc >> acc_len) & 0xFF;
+ }
+ }
+
+ /*
+ * If the input length is equal to 1 modulo 4 (which is
+ * invalid), then there will remain 6 unprocessed bits;
+ * otherwise, only 0, 2 or 4 bits are buffered. The buffered
+ * bits must also all be zero.
+ */
+ if (acc_len > 4 || (acc & (((unsigned)1 << acc_len) - 1)) != 0) {
+ return NULL;
+ }
+ *dst_len = len;
+ return src;
+}
+
+/*
+ * Decode decimal integer from 'str'; the value is written in '*v'.
+ * Returned value is a pointer to the next non-decimal character in the
+ * string. If there is no digit at all, or the value encoding is not
+ * minimal (extra leading zeros), or the value does not fit in an
+ * 'unsigned long', then NULL is returned.
+ */
+static const char *decode_decimal(const char *str, unsigned long *v) {
+ const char *orig;
+ unsigned long acc;
+
+ acc = 0;
+ for (orig = str;; str++) {
+ int c;
+
+ c = *str;
+ if (c < '0' || c > '9') {
+ break;
+ }
+ c -= '0';
+ if (acc > (ULONG_MAX / 10)) {
+ return NULL;
+ }
+ acc *= 10;
+ if ((unsigned long)c > (ULONG_MAX - acc)) {
+ return NULL;
+ }
+ acc += (unsigned long)c;
+ }
+ if (str == orig || (*orig == '0' && str != (orig + 1))) {
+ return NULL;
+ }
+ *v = acc;
+ return str;
+}
+
+/* ==================================================================== */
+/*
+ * Code specific to Argon2.
+ *
+ * The code below applies the following format:
+ *
+ * $argon2[$v=]$m=,t=,p=$$
+ *
+ * where is either 'd', 'id', or 'i', is a decimal integer (positive,
+ * fits in an 'unsigned long'), and is Base64-encoded data (no '=' padding
+ * characters, no newline or whitespace).
+ *
+ * The last two binary chunks (encoded in Base64) are, in that order,
+ * the salt and the output. Both are required. The binary salt length and the
+ * output length must be in the allowed ranges defined in argon2.h.
+ *
+ * The ctx struct must contain buffers large enough to hold the salt and pwd
+ * when it is fed into decode_string.
+ */
+
+int decode_string(argon2_context *ctx, const char *str, argon2_type type) {
+
+/* check for prefix */
+#define CC(prefix) \
+ do { \
+ size_t cc_len = strlen(prefix); \
+ if (strncmp(str, prefix, cc_len) != 0) { \
+ return ARGON2_DECODING_FAIL; \
+ } \
+ str += cc_len; \
+ } while ((void)0, 0)
+
+/* optional prefix checking with supplied code */
+#define CC_opt(prefix, code) \
+ do { \
+ size_t cc_len = strlen(prefix); \
+ if (strncmp(str, prefix, cc_len) == 0) { \
+ str += cc_len; \
+ { code; } \
+ } \
+ } while ((void)0, 0)
+
+/* Decoding prefix into decimal */
+#define DECIMAL(x) \
+ do { \
+ unsigned long dec_x; \
+ str = decode_decimal(str, &dec_x); \
+ if (str == NULL) { \
+ return ARGON2_DECODING_FAIL; \
+ } \
+ (x) = dec_x; \
+ } while ((void)0, 0)
+
+/* Decoding base64 into a binary buffer */
+#define BIN(buf, max_len, len) \
+ do { \
+ size_t bin_len = (max_len); \
+ str = from_base64(buf, &bin_len, str); \
+ if (str == NULL || bin_len > UINT32_MAX) { \
+ return ARGON2_DECODING_FAIL; \
+ } \
+ (len) = (uint32_t)bin_len; \
+ } while ((void)0, 0)
+
+ size_t maxsaltlen = ctx->saltlen;
+ size_t maxoutlen = ctx->outlen;
+ int validation_result;
+ const char* type_string;
+
+ /* We should start with the argon2_type we are using */
+ type_string = argon2_type2string(type, 0);
+ if (!type_string) {
+ return ARGON2_INCORRECT_TYPE;
+ }
+
+ CC("$");
+ CC(type_string);
+
+ /* Reading the version number if the default is suppressed */
+ ctx->version = ARGON2_VERSION_10;
+ CC_opt("$v=", DECIMAL(ctx->version));
+
+ CC("$m=");
+ DECIMAL(ctx->m_cost);
+ CC(",t=");
+ DECIMAL(ctx->t_cost);
+ CC(",p=");
+ DECIMAL(ctx->lanes);
+ ctx->threads = ctx->lanes;
+
+ CC("$");
+ BIN(ctx->salt, maxsaltlen, ctx->saltlen);
+ CC("$");
+ BIN(ctx->out, maxoutlen, ctx->outlen);
+
+ /* The rest of the fields get the default values */
+ ctx->secret = NULL;
+ ctx->secretlen = 0;
+ ctx->ad = NULL;
+ ctx->adlen = 0;
+ ctx->allocate_cbk = NULL;
+ ctx->free_cbk = NULL;
+ ctx->flags = ARGON2_DEFAULT_FLAGS;
+
+ /* On return, must have valid context */
+ validation_result = validate_inputs(ctx);
+ if (validation_result != ARGON2_OK) {
+ return validation_result;
+ }
+
+ /* Can't have any additional characters */
+ if (*str == 0) {
+ return ARGON2_OK;
+ } else {
+ return ARGON2_DECODING_FAIL;
+ }
+#undef CC
+#undef CC_opt
+#undef DECIMAL
+#undef BIN
+}
+
+int encode_string(char *dst, size_t dst_len, argon2_context *ctx,
+ argon2_type type) {
+#define SS(str) \
+ do { \
+ size_t pp_len = strlen(str); \
+ if (pp_len >= dst_len) { \
+ return ARGON2_ENCODING_FAIL; \
+ } \
+ memcpy(dst, str, pp_len + 1); \
+ dst += pp_len; \
+ dst_len -= pp_len; \
+ } while ((void)0, 0)
+
+#define SX(x) \
+ do { \
+ char tmp[30]; \
+ sprintf(tmp, "%lu", (unsigned long)(x)); \
+ SS(tmp); \
+ } while ((void)0, 0)
+
+#define SB(buf, len) \
+ do { \
+ size_t sb_len = to_base64(dst, dst_len, buf, len); \
+ if (sb_len == (size_t)-1) { \
+ return ARGON2_ENCODING_FAIL; \
+ } \
+ dst += sb_len; \
+ dst_len -= sb_len; \
+ } while ((void)0, 0)
+
+ const char* type_string = argon2_type2string(type, 0);
+ int validation_result = validate_inputs(ctx);
+
+ if (!type_string) {
+ return ARGON2_ENCODING_FAIL;
+ }
+
+ if (validation_result != ARGON2_OK) {
+ return validation_result;
+ }
+
+
+ SS("$");
+ SS(type_string);
+
+ SS("$v=");
+ SX(ctx->version);
+
+ SS("$m=");
+ SX(ctx->m_cost);
+ SS(",t=");
+ SX(ctx->t_cost);
+ SS(",p=");
+ SX(ctx->lanes);
+
+ SS("$");
+ SB(ctx->salt, ctx->saltlen);
+
+ SS("$");
+ SB(ctx->out, ctx->outlen);
+ return ARGON2_OK;
+
+#undef SS
+#undef SX
+#undef SB
+}
+
+size_t b64len(uint32_t len) {
+ size_t olen = ((size_t)len / 3) << 2;
+
+ switch (len % 3) {
+ case 2:
+ olen++;
+ /* fall through */
+ case 1:
+ olen += 2;
+ break;
+ }
+
+ return olen;
+}
+
+size_t numlen(uint32_t num) {
+ size_t len = 1;
+ while (num >= 10) {
+ ++len;
+ num = num / 10;
+ }
+ return len;
+}
+
diff --git a/crypto/src/main/jni/argon2/src/encoding.h b/crypto/src/main/jni/argon2/src/encoding.h
new file mode 100644
index 000000000..1c1ec8b94
--- /dev/null
+++ b/crypto/src/main/jni/argon2/src/encoding.h
@@ -0,0 +1,57 @@
+/*
+ * Argon2 reference source code package - reference C implementations
+ *
+ * Copyright 2015
+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
+ *
+ * You may use this work under the terms of a Creative Commons CC0 1.0
+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of
+ * these licenses can be found at:
+ *
+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * You should have received a copy of both of these licenses along with this
+ * software. If not, they may be obtained at the above URLs.
+ */
+
+#ifndef ENCODING_H
+#define ENCODING_H
+#include "argon2.h"
+
+#define ARGON2_MAX_DECODED_LANES UINT32_C(255)
+#define ARGON2_MIN_DECODED_SALT_LEN UINT32_C(8)
+#define ARGON2_MIN_DECODED_OUT_LEN UINT32_C(12)
+
+/*
+* encode an Argon2 hash string into the provided buffer. 'dst_len'
+* contains the size, in characters, of the 'dst' buffer; if 'dst_len'
+* is less than the number of required characters (including the
+* terminating 0), then this function returns ARGON2_ENCODING_ERROR.
+*
+* on success, ARGON2_OK is returned.
+*/
+int encode_string(char *dst, size_t dst_len, argon2_context *ctx,
+ argon2_type type);
+
+/*
+* Decodes an Argon2 hash string into the provided structure 'ctx'.
+* The only fields that must be set prior to this call are ctx.saltlen and
+* ctx.outlen (which must be the maximal salt and out length values that are
+* allowed), ctx.salt and ctx.out (which must be buffers of the specified
+* length), and ctx.pwd and ctx.pwdlen which must hold a valid password.
+*
+* Invalid input string causes an error. On success, the ctx is valid and all
+* fields have been initialized.
+*
+* Returned value is ARGON2_OK on success, other ARGON2_ codes on error.
+*/
+int decode_string(argon2_context *ctx, const char *str, argon2_type type);
+
+/* Returns the length of the encoded byte stream with length len */
+size_t b64len(uint32_t len);
+
+/* Returns the length of the encoded number num */
+size_t numlen(uint32_t num);
+
+#endif
diff --git a/crypto/src/main/jni/argon2/src/opt.c b/crypto/src/main/jni/argon2/src/opt.c
new file mode 100644
index 000000000..3d2ed5ffb
--- /dev/null
+++ b/crypto/src/main/jni/argon2/src/opt.c
@@ -0,0 +1,186 @@
+/*
+ * Argon2 reference source code package - reference C implementations
+ *
+ * Copyright 2015
+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
+ *
+ * You may use this work under the terms of a Creative Commons CC0 1.0
+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of
+ * these licenses can be found at:
+ *
+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * You should have received a copy of both of these licenses along with this
+ * software. If not, they may be obtained at the above URLs.
+ */
+
+#include
+#include
+#include
+
+#include "argon2.h"
+#include "opt.h"
+
+#include "blake2/blake2.h"
+#include "blake2/blamka-round-opt.h"
+
+void fill_block(__m128i *state, const block *ref_block, block *next_block,
+ int with_xor) {
+ __m128i block_XY[ARGON2_OWORDS_IN_BLOCK];
+ unsigned int i;
+
+ if (with_xor) {
+ for (i = 0; i < ARGON2_OWORDS_IN_BLOCK; i++) {
+ state[i] = _mm_xor_si128(
+ state[i], _mm_loadu_si128((const __m128i *)ref_block->v + i));
+ block_XY[i] = _mm_xor_si128(
+ state[i], _mm_loadu_si128((const __m128i *)next_block->v + i));
+ }
+ } else {
+ for (i = 0; i < ARGON2_OWORDS_IN_BLOCK; i++) {
+ block_XY[i] = state[i] = _mm_xor_si128(
+ state[i], _mm_loadu_si128((const __m128i *)ref_block->v + i));
+ }
+ }
+
+ for (i = 0; i < 8; ++i) {
+ BLAKE2_ROUND(state[8 * i + 0], state[8 * i + 1], state[8 * i + 2],
+ state[8 * i + 3], state[8 * i + 4], state[8 * i + 5],
+ state[8 * i + 6], state[8 * i + 7]);
+ }
+
+ for (i = 0; i < 8; ++i) {
+ BLAKE2_ROUND(state[8 * 0 + i], state[8 * 1 + i], state[8 * 2 + i],
+ state[8 * 3 + i], state[8 * 4 + i], state[8 * 5 + i],
+ state[8 * 6 + i], state[8 * 7 + i]);
+ }
+
+ for (i = 0; i < ARGON2_OWORDS_IN_BLOCK; i++) {
+ state[i] = _mm_xor_si128(state[i], block_XY[i]);
+ _mm_storeu_si128((__m128i *)next_block->v + i, state[i]);
+ }
+}
+
+static void next_addresses(block *address_block, block *input_block) {
+ /*Temporary zero-initialized blocks*/
+ __m128i zero_block[ARGON2_OWORDS_IN_BLOCK];
+ __m128i zero2_block[ARGON2_OWORDS_IN_BLOCK];
+
+ memset(zero_block, 0, sizeof(zero_block));
+ memset(zero2_block, 0, sizeof(zero2_block));
+
+ /*Increasing index counter*/
+ input_block->v[6]++;
+
+ /*First iteration of G*/
+ fill_block(zero_block, input_block, address_block, 0);
+
+ /*Second iteration of G*/
+ fill_block(zero2_block, address_block, address_block, 0);
+}
+
+void fill_segment(const argon2_instance_t *instance,
+ argon2_position_t position) {
+ block *ref_block = NULL, *curr_block = NULL;
+ block address_block, input_block;
+ uint64_t pseudo_rand, ref_index, ref_lane;
+ uint32_t prev_offset, curr_offset;
+ uint32_t starting_index, i;
+ __m128i state[64];
+ int data_independent_addressing;
+
+ if (instance == NULL) {
+ return;
+ }
+
+ data_independent_addressing =
+ (instance->type == Argon2_i) ||
+ (instance->type == Argon2_id && (position.pass == 0) &&
+ (position.slice < ARGON2_SYNC_POINTS / 2));
+
+ if (data_independent_addressing) {
+ init_block_value(&input_block, 0);
+
+ input_block.v[0] = position.pass;
+ input_block.v[1] = position.lane;
+ input_block.v[2] = position.slice;
+ input_block.v[3] = instance->memory_blocks;
+ input_block.v[4] = instance->passes;
+ input_block.v[5] = instance->type;
+ }
+
+ starting_index = 0;
+
+ if ((0 == position.pass) && (0 == position.slice)) {
+ starting_index = 2; /* we have already generated the first two blocks */
+
+ /* Don't forget to generate the first block of addresses: */
+ if (data_independent_addressing) {
+ next_addresses(&address_block, &input_block);
+ }
+ }
+
+ /* Offset of the current block */
+ curr_offset = position.lane * instance->lane_length +
+ position.slice * instance->segment_length + starting_index;
+
+ if (0 == curr_offset % instance->lane_length) {
+ /* Last block in this lane */
+ prev_offset = curr_offset + instance->lane_length - 1;
+ } else {
+ /* Previous block */
+ prev_offset = curr_offset - 1;
+ }
+
+ memcpy(state, ((instance->memory + prev_offset)->v), ARGON2_BLOCK_SIZE);
+
+ for (i = starting_index; i < instance->segment_length;
+ ++i, ++curr_offset, ++prev_offset) {
+ /*1.1 Rotating prev_offset if needed */
+ if (curr_offset % instance->lane_length == 1) {
+ prev_offset = curr_offset - 1;
+ }
+
+ /* 1.2 Computing the index of the reference block */
+ /* 1.2.1 Taking pseudo-random value from the previous block */
+ if (data_independent_addressing) {
+ if (i % ARGON2_ADDRESSES_IN_BLOCK == 0) {
+ next_addresses(&address_block, &input_block);
+ }
+ pseudo_rand = address_block.v[i % ARGON2_ADDRESSES_IN_BLOCK];
+ } else {
+ pseudo_rand = instance->memory[prev_offset].v[0];
+ }
+
+ /* 1.2.2 Computing the lane of the reference block */
+ ref_lane = ((pseudo_rand >> 32)) % instance->lanes;
+
+ if ((position.pass == 0) && (position.slice == 0)) {
+ /* Can not reference other lanes yet */
+ ref_lane = position.lane;
+ }
+
+ /* 1.2.3 Computing the number of possible reference block within the
+ * lane.
+ */
+ position.index = i;
+ ref_index = index_alpha(instance, &position, pseudo_rand & 0xFFFFFFFF,
+ ref_lane == position.lane);
+
+ /* 2 Creating a new block */
+ ref_block =
+ instance->memory + instance->lane_length * ref_lane + ref_index;
+ curr_block = instance->memory + curr_offset;
+ if (ARGON2_VERSION_10 == instance->version) {
+ /* version 1.2.1 and earlier: overwrite, not XOR */
+ fill_block(state, ref_block, curr_block, 0);
+ } else {
+ if(0 == position.pass) {
+ fill_block(state, ref_block, curr_block, 0);
+ } else {
+ fill_block(state, ref_block, curr_block, 1);
+ }
+ }
+ }
+}
diff --git a/crypto/src/main/jni/argon2/src/opt.h b/crypto/src/main/jni/argon2/src/opt.h
new file mode 100644
index 000000000..0d09de98f
--- /dev/null
+++ b/crypto/src/main/jni/argon2/src/opt.h
@@ -0,0 +1,35 @@
+/*
+ * Argon2 reference source code package - reference C implementations
+ *
+ * Copyright 2015
+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
+ *
+ * You may use this work under the terms of a Creative Commons CC0 1.0
+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of
+ * these licenses can be found at:
+ *
+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * You should have received a copy of both of these licenses along with this
+ * software. If not, they may be obtained at the above URLs.
+ */
+
+#ifndef ARGON2_OPT_H
+#define ARGON2_OPT_H
+
+#include "core.h"
+#include
+
+/*
+ * Function fills a new memory block and optionally XORs the old block over the new one.
+ * Memory must be initialized.
+ * @param state Pointer to the just produced block. Content will be updated(!)
+ * @param ref_block Pointer to the reference block
+ * @param next_block Pointer to the block to be XORed over. May coincide with @ref_block
+ * @param with_xor Whether to XOR into the new block (1) or just overwrite (0)
+ * @pre all block pointers must be valid
+ */
+void fill_block(__m128i *s, const block *ref_block, block *next_block, int with_xor);
+
+#endif /* ARGON2_OPT_H */
diff --git a/crypto/src/main/jni/argon2/src/ref.c b/crypto/src/main/jni/argon2/src/ref.c
new file mode 100644
index 000000000..fcffdd47d
--- /dev/null
+++ b/crypto/src/main/jni/argon2/src/ref.c
@@ -0,0 +1,185 @@
+/*
+ * Argon2 reference source code package - reference C implementations
+ *
+ * Copyright 2015
+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
+ *
+ * You may use this work under the terms of a Creative Commons CC0 1.0
+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of
+ * these licenses can be found at:
+ *
+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * You should have received a copy of both of these licenses along with this
+ * software. If not, they may be obtained at the above URLs.
+ */
+
+#include
+#include
+#include
+
+#include "argon2.h"
+#include "ref.h"
+
+#include "blake2/blamka-round-ref.h"
+#include "blake2/blake2-impl.h"
+#include "blake2/blake2.h"
+
+
+void fill_block(const block *prev_block, const block *ref_block,
+ block *next_block, int with_xor) {
+ block blockR, block_tmp;
+ unsigned i;
+
+ copy_block(&blockR, ref_block);
+ xor_block(&blockR, prev_block);
+ copy_block(&block_tmp, &blockR);
+ /* Now blockR = ref_block + prev_block and block_tmp = ref_block + prev_block */
+ if (with_xor) {
+ /* Saving the next block contents for XOR over: */
+ xor_block(&block_tmp, next_block);
+ /* Now blockR = ref_block + prev_block and
+ block_tmp = ref_block + prev_block + next_block */
+ }
+
+ /* Apply Blake2 on columns of 64-bit words: (0,1,...,15) , then
+ (16,17,..31)... finally (112,113,...127) */
+ for (i = 0; i < 8; ++i) {
+ BLAKE2_ROUND_NOMSG(
+ blockR.v[16 * i], blockR.v[16 * i + 1], blockR.v[16 * i + 2],
+ blockR.v[16 * i + 3], blockR.v[16 * i + 4], blockR.v[16 * i + 5],
+ blockR.v[16 * i + 6], blockR.v[16 * i + 7], blockR.v[16 * i + 8],
+ blockR.v[16 * i + 9], blockR.v[16 * i + 10], blockR.v[16 * i + 11],
+ blockR.v[16 * i + 12], blockR.v[16 * i + 13], blockR.v[16 * i + 14],
+ blockR.v[16 * i + 15]);
+ }
+
+ /* Apply Blake2 on rows of 64-bit words: (0,1,16,17,...112,113), then
+ (2,3,18,19,...,114,115).. finally (14,15,30,31,...,126,127) */
+ for (i = 0; i < 8; i++) {
+ BLAKE2_ROUND_NOMSG(
+ blockR.v[2 * i], blockR.v[2 * i + 1], blockR.v[2 * i + 16],
+ blockR.v[2 * i + 17], blockR.v[2 * i + 32], blockR.v[2 * i + 33],
+ blockR.v[2 * i + 48], blockR.v[2 * i + 49], blockR.v[2 * i + 64],
+ blockR.v[2 * i + 65], blockR.v[2 * i + 80], blockR.v[2 * i + 81],
+ blockR.v[2 * i + 96], blockR.v[2 * i + 97], blockR.v[2 * i + 112],
+ blockR.v[2 * i + 113]);
+ }
+
+ copy_block(next_block, &block_tmp);
+ xor_block(next_block, &blockR);
+}
+
+static void next_addresses(block *address_block, block *input_block,
+ const block *zero_block) {
+ input_block->v[6]++;
+ fill_block(zero_block, input_block, address_block, 0);
+ fill_block(zero_block, address_block, address_block, 0);
+}
+
+void fill_segment(const argon2_instance_t *instance,
+ argon2_position_t position) {
+ block *ref_block = NULL, *curr_block = NULL;
+ block address_block, input_block, zero_block;
+ uint64_t pseudo_rand, ref_index, ref_lane;
+ uint32_t prev_offset, curr_offset;
+ uint32_t starting_index;
+ uint32_t i;
+ int data_independent_addressing;
+
+ if (instance == NULL) {
+ return;
+ }
+
+ data_independent_addressing =
+ (instance->type == Argon2_i) ||
+ (instance->type == Argon2_id && (position.pass == 0) &&
+ (position.slice < ARGON2_SYNC_POINTS / 2));
+
+ if (data_independent_addressing) {
+ init_block_value(&zero_block, 0);
+ init_block_value(&input_block, 0);
+
+ input_block.v[0] = position.pass;
+ input_block.v[1] = position.lane;
+ input_block.v[2] = position.slice;
+ input_block.v[3] = instance->memory_blocks;
+ input_block.v[4] = instance->passes;
+ input_block.v[5] = instance->type;
+ }
+
+ starting_index = 0;
+
+ if ((0 == position.pass) && (0 == position.slice)) {
+ starting_index = 2; /* we have already generated the first two blocks */
+
+ /* Don't forget to generate the first block of addresses: */
+ if (data_independent_addressing) {
+ next_addresses(&address_block, &input_block, &zero_block);
+ }
+ }
+
+ /* Offset of the current block */
+ curr_offset = position.lane * instance->lane_length +
+ position.slice * instance->segment_length + starting_index;
+
+ if (0 == curr_offset % instance->lane_length) {
+ /* Last block in this lane */
+ prev_offset = curr_offset + instance->lane_length - 1;
+ } else {
+ /* Previous block */
+ prev_offset = curr_offset - 1;
+ }
+
+ for (i = starting_index; i < instance->segment_length;
+ ++i, ++curr_offset, ++prev_offset) {
+ /*1.1 Rotating prev_offset if needed */
+ if (curr_offset % instance->lane_length == 1) {
+ prev_offset = curr_offset - 1;
+ }
+
+ /* 1.2 Computing the index of the reference block */
+ /* 1.2.1 Taking pseudo-random value from the previous block */
+ if (data_independent_addressing) {
+ if (i % ARGON2_ADDRESSES_IN_BLOCK == 0) {
+ next_addresses(&address_block, &input_block, &zero_block);
+ }
+ pseudo_rand = address_block.v[i % ARGON2_ADDRESSES_IN_BLOCK];
+ } else {
+ pseudo_rand = instance->memory[prev_offset].v[0];
+ }
+
+ /* 1.2.2 Computing the lane of the reference block */
+ ref_lane = ((pseudo_rand >> 32)) % instance->lanes;
+
+ if ((position.pass == 0) && (position.slice == 0)) {
+ /* Can not reference other lanes yet */
+ ref_lane = position.lane;
+ }
+
+ /* 1.2.3 Computing the number of possible reference block within the
+ * lane.
+ */
+ position.index = i;
+ ref_index = index_alpha(instance, &position, pseudo_rand & 0xFFFFFFFF,
+ ref_lane == position.lane);
+
+ /* 2 Creating a new block */
+ ref_block =
+ instance->memory + instance->lane_length * ref_lane + ref_index;
+ curr_block = instance->memory + curr_offset;
+ if (ARGON2_VERSION_10 == instance->version) {
+ /* version 1.2.1 and earlier: overwrite, not XOR */
+ fill_block(instance->memory + prev_offset, ref_block, curr_block, 0);
+ } else {
+ if(0 == position.pass) {
+ fill_block(instance->memory + prev_offset, ref_block,
+ curr_block, 0);
+ } else {
+ fill_block(instance->memory + prev_offset, ref_block,
+ curr_block, 1);
+ }
+ }
+ }
+}
diff --git a/crypto/src/main/jni/argon2/src/ref.h b/crypto/src/main/jni/argon2/src/ref.h
new file mode 100644
index 000000000..68ebdcc97
--- /dev/null
+++ b/crypto/src/main/jni/argon2/src/ref.h
@@ -0,0 +1,35 @@
+/*
+ * Argon2 reference source code package - reference C implementations
+ *
+ * Copyright 2015
+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
+ *
+ * You may use this work under the terms of a Creative Commons CC0 1.0
+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of
+ * these licenses can be found at:
+ *
+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * You should have received a copy of both of these licenses along with this
+ * software. If not, they may be obtained at the above URLs.
+ */
+
+#ifndef ARGON2_REF_H
+#define ARGON2_REF_H
+
+#include "core.h"
+
+/*
+ * Function fills a new memory block and optionally XORs the old block over the new one.
+ * @next_block must be initialized.
+ * @param prev_block Pointer to the previous block
+ * @param ref_block Pointer to the reference block
+ * @param next_block Pointer to the block to be constructed
+ * @param with_xor Whether to XOR into the new block (1) or just overwrite (0)
+ * @pre all block pointers must be valid
+ */
+void fill_block(const block *prev_block, const block *ref_block,
+ block *next_block, int with_xor);
+
+#endif /* ARGON2_REF_H */
diff --git a/crypto/src/main/jni/argon2/src/thread.c b/crypto/src/main/jni/argon2/src/thread.c
new file mode 100644
index 000000000..5de2c1339
--- /dev/null
+++ b/crypto/src/main/jni/argon2/src/thread.c
@@ -0,0 +1,53 @@
+/*
+ * Argon2 reference source code package - reference C implementations
+ *
+ * Copyright 2015
+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
+ *
+ * You may use this work under the terms of a Creative Commons CC0 1.0
+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of
+ * these licenses can be found at:
+ *
+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * You should have received a copy of both of these licenses along with this
+ * software. If not, they may be obtained at the above URLs.
+ */
+
+#include "thread.h"
+#if defined(_WIN32)
+#include
+#endif
+
+int argon2_thread_create(argon2_thread_handle_t *handle,
+ argon2_thread_func_t func, void *args) {
+ if (NULL == handle || func == NULL) {
+ return -1;
+ }
+#if defined(_WIN32)
+ *handle = _beginthreadex(NULL, 0, func, args, 0, NULL);
+ return *handle != 0 ? 0 : -1;
+#else
+ return pthread_create(handle, NULL, func, args);
+#endif
+}
+
+int argon2_thread_join(argon2_thread_handle_t handle) {
+#if defined(_WIN32)
+ if (WaitForSingleObject((HANDLE)handle, INFINITE) == WAIT_OBJECT_0) {
+ return CloseHandle((HANDLE)handle) != 0 ? 0 : -1;
+ }
+ return -1;
+#else
+ return pthread_join(handle, NULL);
+#endif
+}
+
+void argon2_thread_exit(void) {
+#if defined(_WIN32)
+ _endthreadex(0);
+#else
+ pthread_exit(NULL);
+#endif
+}
diff --git a/crypto/src/main/jni/argon2/src/thread.h b/crypto/src/main/jni/argon2/src/thread.h
new file mode 100644
index 000000000..f04bb4078
--- /dev/null
+++ b/crypto/src/main/jni/argon2/src/thread.h
@@ -0,0 +1,63 @@
+/*
+ * Argon2 reference source code package - reference C implementations
+ *
+ * Copyright 2015
+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
+ *
+ * You may use this work under the terms of a Creative Commons CC0 1.0
+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of
+ * these licenses can be found at:
+ *
+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * You should have received a copy of both of these licenses along with this
+ * software. If not, they may be obtained at the above URLs.
+ */
+
+#ifndef ARGON2_THREAD_H
+#define ARGON2_THREAD_H
+/*
+ Here we implement an abstraction layer for the simpĺe requirements
+ of the Argon2 code. We only require 3 primitives---thread creation,
+ joining, and termination---so full emulation of the pthreads API
+ is unwarranted. Currently we wrap pthreads and Win32 threads.
+
+ The API defines 2 types: the function pointer type,
+ argon2_thread_func_t,
+ and the type of the thread handle---argon2_thread_handle_t.
+*/
+#if defined(_WIN32)
+#include
+typedef unsigned(__stdcall *argon2_thread_func_t)(void *);
+typedef uintptr_t argon2_thread_handle_t;
+#else
+#include
+typedef void *(*argon2_thread_func_t)(void *);
+typedef pthread_t argon2_thread_handle_t;
+#endif
+
+/* Creates a thread
+ * @param handle pointer to a thread handle, which is the output of this
+ * function. Must not be NULL.
+ * @param func A function pointer for the thread's entry point. Must not be
+ * NULL.
+ * @param args Pointer that is passed as an argument to @func. May be NULL.
+ * @return 0 if @handle and @func are valid pointers and a thread is successfuly
+ * created.
+ */
+int argon2_thread_create(argon2_thread_handle_t *handle,
+ argon2_thread_func_t func, void *args);
+
+/* Waits for a thread to terminate
+ * @param handle Handle to a thread created with argon2_thread_create.
+ * @return 0 if @handle is a valid handle, and joining completed successfully.
+*/
+int argon2_thread_join(argon2_thread_handle_t handle);
+
+/* Terminate the current thread. Must be run inside a thread created by
+ * argon2_thread_create.
+*/
+void argon2_thread_exit(void);
+
+#endif
diff --git a/crypto/src/main/jni/final_key/aes/brg_types.h b/crypto/src/main/jni/final_key/aes/brg_types.h
deleted file mode 100644
index ce3a1e7b5..000000000
--- a/crypto/src/main/jni/final_key/aes/brg_types.h
+++ /dev/null
@@ -1,217 +0,0 @@
-/*
----------------------------------------------------------------------------
-Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
-
-The redistribution and use of this software (with or without changes)
-is allowed without the payment of fees or royalties provided that:
-
- source code distributions include the above copyright notice, this
- list of conditions and the following disclaimer;
-
- binary distributions include the above copyright notice, this list
- of conditions and the following disclaimer in their documentation.
-
-This software is provided 'as is' with no explicit or implied warranties
-in respect of its operation, including, but not limited to, correctness
-and fitness for purpose.
----------------------------------------------------------------------------
-Issue Date: 30/09/2017
-*/
-
-#ifndef _BRG_TYPES_H
-#define _BRG_TYPES_H
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-#include
-#include
-
-#if defined( _MSC_VER ) && ( _MSC_VER >= 1300 )
-# include
-# define ptrint_t intptr_t
-#elif defined( __ECOS__ )
-# define intptr_t unsigned int
-# define ptrint_t intptr_t
-#elif defined( __GNUC__ ) && ( __GNUC__ >= 3 ) && !(defined( __HAIKU__ ) || defined( __VxWorks__ ))
-# define ptrint_t intptr_t
-#else
-# define ptrint_t int
-#endif
-
-/* define unsigned 8-bit type if not available in stdint.h */
-#if !defined(UINT8_MAX)
- typedef unsigned char uint8_t;
-#endif
-
-/* define unsigned 16-bit type if not available in stdint.h */
-#if !defined(UINT16_MAX)
- typedef unsigned short uint16_t;
-#endif
-
-/* define unsigned 32-bit type if not available in stdint.h and define the
- macro li_32(h) which converts a sequence of eight hexadecimal characters
- into a 32 bit constant
-*/
-#if defined(UINT_MAX) && UINT_MAX == 4294967295u
-# define li_32(h) 0x##h##u
-# if !defined(UINT32_MAX)
- typedef unsigned int uint32_t;
-# endif
-#elif defined(ULONG_MAX) && ULONG_MAX == 4294967295u
-# define li_32(h) 0x##h##ul
-# if !defined(UINT32_MAX)
- typedef unsigned long uint32_t;
-# endif
-#elif defined( _CRAY )
-# error This code needs 32-bit data types, which Cray machines do not provide
-#else
-# error Please define uint32_t as a 32-bit unsigned integer type in brg_types.h
-#endif
-
-/* define unsigned 64-bit type if not available in stdint.h and define the
- macro li_64(h) which converts a sequence of eight hexadecimal characters
- into a 64 bit constant
-*/
-#if defined( __BORLANDC__ ) && !defined( __MSDOS__ )
-# define li_64(h) 0x##h##ui64
-# if !defined(UINT64_MAX)
- typedef unsigned __int64 uint64_t;
-# endif
-#elif defined( _MSC_VER ) && ( _MSC_VER < 1300 ) /* 1300 == VC++ 7.0 */
-# define li_64(h) 0x##h##ui64
-# if !defined(UINT64_MAX)
- typedef unsigned __int64 uint64_t;
-# endif
-#elif defined( __sun ) && defined( ULONG_MAX ) && ULONG_MAX == 0xfffffffful
-# define li_64(h) 0x##h##ull
-# if !defined(UINT64_MAX)
- typedef unsigned long long uint64_t;
-# endif
-#elif defined( __MVS__ )
-# define li_64(h) 0x##h##ull
-# if !defined(UINT64_MAX)
- typedef unsigned long long uint64_t;
-# endif
-#elif defined( UINT_MAX ) && UINT_MAX > 4294967295u
-# if UINT_MAX == 18446744073709551615u
-# define li_64(h) 0x##h##u
-# if !defined(UINT64_MAX)
- typedef unsigned int uint64_t;
-# endif
-# endif
-#elif defined( ULONG_MAX ) && ULONG_MAX > 4294967295u
-# if ULONG_MAX == 18446744073709551615ul
-# define li_64(h) 0x##h##ul
-# if !defined(UINT64_MAX) && !defined(_UINT64_T)
- typedef unsigned long uint64_t;
-# endif
-# endif
-#elif defined( ULLONG_MAX ) && ULLONG_MAX > 4294967295u
-# if ULLONG_MAX == 18446744073709551615ull
-# define li_64(h) 0x##h##ull
-# if !defined(UINT64_MAX) && !defined( __HAIKU__ )
- typedef unsigned long long uint64_t;
-# endif
-# endif
-#elif defined( ULONG_LONG_MAX ) && ULONG_LONG_MAX > 4294967295u
-# if ULONG_LONG_MAX == 18446744073709551615ull
-# define li_64(h) 0x##h##ull
-# if !defined(UINT64_MAX)
- typedef unsigned long long uint64_t;
-# endif
-# endif
-#endif
-
-#if !defined( li_64 )
-# if defined( NEED_UINT_64T )
-# error Please define uint64_t as an unsigned 64 bit type in brg_types.h
-# endif
-#endif
-
-#ifndef RETURN_VALUES
-# define RETURN_VALUES
-# if defined( DLL_EXPORT )
-# if defined( _MSC_VER ) || defined ( __INTEL_COMPILER )
-# define VOID_RETURN __declspec( dllexport ) void __stdcall
-# define INT_RETURN __declspec( dllexport ) int __stdcall
-# elif defined( __GNUC__ )
-# define VOID_RETURN __declspec( __dllexport__ ) void
-# define INT_RETURN __declspec( __dllexport__ ) int
-# else
-# error Use of the DLL is only available on the Microsoft, Intel and GCC compilers
-# endif
-# elif defined( DLL_IMPORT )
-# if defined( _MSC_VER ) || defined ( __INTEL_COMPILER )
-# define VOID_RETURN __declspec( dllimport ) void __stdcall
-# define INT_RETURN __declspec( dllimport ) int __stdcall
-# elif defined( __GNUC__ )
-# define VOID_RETURN __declspec( __dllimport__ ) void
-# define INT_RETURN __declspec( __dllimport__ ) int
-# else
-# error Use of the DLL is only available on the Microsoft, Intel and GCC compilers
-# endif
-# elif defined( __WATCOMC__ )
-# define VOID_RETURN void __cdecl
-# define INT_RETURN int __cdecl
-# else
-# define VOID_RETURN void
-# define INT_RETURN int
-# endif
-#endif
-
-/* These defines are used to detect and set the memory alignment of pointers.
- Note that offsets are in bytes.
-
- ALIGN_OFFSET(x,n) return the positive or zero offset of
- the memory addressed by the pointer 'x'
- from an address that is aligned on an
- 'n' byte boundary ('n' is a power of 2)
-
- ALIGN_FLOOR(x,n) return a pointer that points to memory
- that is aligned on an 'n' byte boundary
- and is not higher than the memory address
- pointed to by 'x' ('n' is a power of 2)
-
- ALIGN_CEIL(x,n) return a pointer that points to memory
- that is aligned on an 'n' byte boundary
- and is not lower than the memory address
- pointed to by 'x' ('n' is a power of 2)
-*/
-
-#define ALIGN_OFFSET(x,n) (((ptrint_t)(x)) & ((n) - 1))
-#define ALIGN_FLOOR(x,n) ((uint8_t*)(x) - ( ((ptrint_t)(x)) & ((n) - 1)))
-#define ALIGN_CEIL(x,n) ((uint8_t*)(x) + (-((ptrint_t)(x)) & ((n) - 1)))
-
-/* These defines are used to declare buffers in a way that allows
- faster operations on longer variables to be used. In all these
- defines 'size' must be a power of 2 and >= 8. NOTE that the
- buffer size is in bytes but the type length is in bits
-
- UNIT_TYPEDEF(x,size) declares a variable 'x' of length
- 'size' bits
-
- BUFR_TYPEDEF(x,size,bsize) declares a buffer 'x' of length 'bsize'
- bytes defined as an array of variables
- each of 'size' bits (bsize must be a
- multiple of size / 8)
-
- UNIT_CAST(x,size) casts a variable to a type of
- length 'size' bits
-
- UPTR_CAST(x,size) casts a pointer to a pointer to a
- variable of length 'size' bits
-*/
-
-#define UI_TYPE(size) uint##size##_t
-#define UNIT_TYPEDEF(x,size) typedef UI_TYPE(size) x
-#define BUFR_TYPEDEF(x,size,bsize) typedef UI_TYPE(size) x[bsize / (size >> 3)]
-#define UNIT_CAST(x,size) ((UI_TYPE(size) )(x))
-#define UPTR_CAST(x,size) ((UI_TYPE(size)*)(x))
-
-#if defined(__cplusplus)
-}
-#endif
-
-#endif
diff --git a/crypto/src/main/jni/final_key/sha/brg_types.h b/crypto/src/main/jni/final_key/sha/brg_types.h
deleted file mode 100644
index ce3a1e7b5..000000000
--- a/crypto/src/main/jni/final_key/sha/brg_types.h
+++ /dev/null
@@ -1,217 +0,0 @@
-/*
----------------------------------------------------------------------------
-Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.
-
-The redistribution and use of this software (with or without changes)
-is allowed without the payment of fees or royalties provided that:
-
- source code distributions include the above copyright notice, this
- list of conditions and the following disclaimer;
-
- binary distributions include the above copyright notice, this list
- of conditions and the following disclaimer in their documentation.
-
-This software is provided 'as is' with no explicit or implied warranties
-in respect of its operation, including, but not limited to, correctness
-and fitness for purpose.
----------------------------------------------------------------------------
-Issue Date: 30/09/2017
-*/
-
-#ifndef _BRG_TYPES_H
-#define _BRG_TYPES_H
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-#include
-#include
-
-#if defined( _MSC_VER ) && ( _MSC_VER >= 1300 )
-# include
-# define ptrint_t intptr_t
-#elif defined( __ECOS__ )
-# define intptr_t unsigned int
-# define ptrint_t intptr_t
-#elif defined( __GNUC__ ) && ( __GNUC__ >= 3 ) && !(defined( __HAIKU__ ) || defined( __VxWorks__ ))
-# define ptrint_t intptr_t
-#else
-# define ptrint_t int
-#endif
-
-/* define unsigned 8-bit type if not available in stdint.h */
-#if !defined(UINT8_MAX)
- typedef unsigned char uint8_t;
-#endif
-
-/* define unsigned 16-bit type if not available in stdint.h */
-#if !defined(UINT16_MAX)
- typedef unsigned short uint16_t;
-#endif
-
-/* define unsigned 32-bit type if not available in stdint.h and define the
- macro li_32(h) which converts a sequence of eight hexadecimal characters
- into a 32 bit constant
-*/
-#if defined(UINT_MAX) && UINT_MAX == 4294967295u
-# define li_32(h) 0x##h##u
-# if !defined(UINT32_MAX)
- typedef unsigned int uint32_t;
-# endif
-#elif defined(ULONG_MAX) && ULONG_MAX == 4294967295u
-# define li_32(h) 0x##h##ul
-# if !defined(UINT32_MAX)
- typedef unsigned long uint32_t;
-# endif
-#elif defined( _CRAY )
-# error This code needs 32-bit data types, which Cray machines do not provide
-#else
-# error Please define uint32_t as a 32-bit unsigned integer type in brg_types.h
-#endif
-
-/* define unsigned 64-bit type if not available in stdint.h and define the
- macro li_64(h) which converts a sequence of eight hexadecimal characters
- into a 64 bit constant
-*/
-#if defined( __BORLANDC__ ) && !defined( __MSDOS__ )
-# define li_64(h) 0x##h##ui64
-# if !defined(UINT64_MAX)
- typedef unsigned __int64 uint64_t;
-# endif
-#elif defined( _MSC_VER ) && ( _MSC_VER < 1300 ) /* 1300 == VC++ 7.0 */
-# define li_64(h) 0x##h##ui64
-# if !defined(UINT64_MAX)
- typedef unsigned __int64 uint64_t;
-# endif
-#elif defined( __sun ) && defined( ULONG_MAX ) && ULONG_MAX == 0xfffffffful
-# define li_64(h) 0x##h##ull
-# if !defined(UINT64_MAX)
- typedef unsigned long long uint64_t;
-# endif
-#elif defined( __MVS__ )
-# define li_64(h) 0x##h##ull
-# if !defined(UINT64_MAX)
- typedef unsigned long long uint64_t;
-# endif
-#elif defined( UINT_MAX ) && UINT_MAX > 4294967295u
-# if UINT_MAX == 18446744073709551615u
-# define li_64(h) 0x##h##u
-# if !defined(UINT64_MAX)
- typedef unsigned int uint64_t;
-# endif
-# endif
-#elif defined( ULONG_MAX ) && ULONG_MAX > 4294967295u
-# if ULONG_MAX == 18446744073709551615ul
-# define li_64(h) 0x##h##ul
-# if !defined(UINT64_MAX) && !defined(_UINT64_T)
- typedef unsigned long uint64_t;
-# endif
-# endif
-#elif defined( ULLONG_MAX ) && ULLONG_MAX > 4294967295u
-# if ULLONG_MAX == 18446744073709551615ull
-# define li_64(h) 0x##h##ull
-# if !defined(UINT64_MAX) && !defined( __HAIKU__ )
- typedef unsigned long long uint64_t;
-# endif
-# endif
-#elif defined( ULONG_LONG_MAX ) && ULONG_LONG_MAX > 4294967295u
-# if ULONG_LONG_MAX == 18446744073709551615ull
-# define li_64(h) 0x##h##ull
-# if !defined(UINT64_MAX)
- typedef unsigned long long uint64_t;
-# endif
-# endif
-#endif
-
-#if !defined( li_64 )
-# if defined( NEED_UINT_64T )
-# error Please define uint64_t as an unsigned 64 bit type in brg_types.h
-# endif
-#endif
-
-#ifndef RETURN_VALUES
-# define RETURN_VALUES
-# if defined( DLL_EXPORT )
-# if defined( _MSC_VER ) || defined ( __INTEL_COMPILER )
-# define VOID_RETURN __declspec( dllexport ) void __stdcall
-# define INT_RETURN __declspec( dllexport ) int __stdcall
-# elif defined( __GNUC__ )
-# define VOID_RETURN __declspec( __dllexport__ ) void
-# define INT_RETURN __declspec( __dllexport__ ) int
-# else
-# error Use of the DLL is only available on the Microsoft, Intel and GCC compilers
-# endif
-# elif defined( DLL_IMPORT )
-# if defined( _MSC_VER ) || defined ( __INTEL_COMPILER )
-# define VOID_RETURN __declspec( dllimport ) void __stdcall
-# define INT_RETURN __declspec( dllimport ) int __stdcall
-# elif defined( __GNUC__ )
-# define VOID_RETURN __declspec( __dllimport__ ) void
-# define INT_RETURN __declspec( __dllimport__ ) int
-# else
-# error Use of the DLL is only available on the Microsoft, Intel and GCC compilers
-# endif
-# elif defined( __WATCOMC__ )
-# define VOID_RETURN void __cdecl
-# define INT_RETURN int __cdecl
-# else
-# define VOID_RETURN void
-# define INT_RETURN int
-# endif
-#endif
-
-/* These defines are used to detect and set the memory alignment of pointers.
- Note that offsets are in bytes.
-
- ALIGN_OFFSET(x,n) return the positive or zero offset of
- the memory addressed by the pointer 'x'
- from an address that is aligned on an
- 'n' byte boundary ('n' is a power of 2)
-
- ALIGN_FLOOR(x,n) return a pointer that points to memory
- that is aligned on an 'n' byte boundary
- and is not higher than the memory address
- pointed to by 'x' ('n' is a power of 2)
-
- ALIGN_CEIL(x,n) return a pointer that points to memory
- that is aligned on an 'n' byte boundary
- and is not lower than the memory address
- pointed to by 'x' ('n' is a power of 2)
-*/
-
-#define ALIGN_OFFSET(x,n) (((ptrint_t)(x)) & ((n) - 1))
-#define ALIGN_FLOOR(x,n) ((uint8_t*)(x) - ( ((ptrint_t)(x)) & ((n) - 1)))
-#define ALIGN_CEIL(x,n) ((uint8_t*)(x) + (-((ptrint_t)(x)) & ((n) - 1)))
-
-/* These defines are used to declare buffers in a way that allows
- faster operations on longer variables to be used. In all these
- defines 'size' must be a power of 2 and >= 8. NOTE that the
- buffer size is in bytes but the type length is in bits
-
- UNIT_TYPEDEF(x,size) declares a variable 'x' of length
- 'size' bits
-
- BUFR_TYPEDEF(x,size,bsize) declares a buffer 'x' of length 'bsize'
- bytes defined as an array of variables
- each of 'size' bits (bsize must be a
- multiple of size / 8)
-
- UNIT_CAST(x,size) casts a variable to a type of
- length 'size' bits
-
- UPTR_CAST(x,size) casts a pointer to a pointer to a
- variable of length 'size' bits
-*/
-
-#define UI_TYPE(size) uint##size##_t
-#define UNIT_TYPEDEF(x,size) typedef UI_TYPE(size) x
-#define BUFR_TYPEDEF(x,size,bsize) typedef UI_TYPE(size) x[bsize / (size >> 3)]
-#define UNIT_CAST(x,size) ((UI_TYPE(size) )(x))
-#define UPTR_CAST(x,size) ((UI_TYPE(size)*)(x))
-
-#if defined(__cplusplus)
-}
-#endif
-
-#endif
diff --git a/crypto/src/main/jni/final_key/sha/hmac.c b/crypto/src/main/jni/final_key/sha/hmac.c
deleted file mode 100644
index 4b53b7468..000000000
--- a/crypto/src/main/jni/final_key/sha/hmac.c
+++ /dev/null
@@ -1,209 +0,0 @@
-/*
----------------------------------------------------------------------------
-Copyright (c) 1998-2010, Brian Gladman, Worcester, UK. All rights reserved.
-
-The redistribution and use of this software (with or without changes)
-is allowed without the payment of fees or royalties provided that:
-
- source code distributions include the above copyright notice, this
- list of conditions and the following disclaimer;
-
- binary distributions include the above copyright notice, this list
- of conditions and the following disclaimer in their documentation.
-
-This software is provided 'as is' with no explicit or implied warranties
-in respect of its operation, including, but not limited to, correctness
-and fitness for purpose.
----------------------------------------------------------------------------
-Issue Date: 20/12/2007
-
-This is an implementation of HMAC, the FIPS standard keyed hash function
-*/
-
-#include "hmac.h"
-
-#if defined(__cplusplus)
-extern "C"
-{
-#endif
-
-/* initialise the HMAC context to zero */
-int hmac_sha_begin(enum hmac_hash hash, hmac_ctx cx[1])
-{
- memset(cx, 0, sizeof(hmac_ctx));
- switch(hash)
- {
-#ifdef SHA_1
- case HMAC_SHA1:
- cx->f_begin = sha1_begin;
- cx->f_hash = sha1_hash;
- cx->f_end = sha1_end;
- cx->input_len = SHA1_BLOCK_SIZE;
- cx->output_len = SHA1_DIGEST_SIZE;
- break;
-#endif
-#ifdef SHA_224
- case HMAC_SHA224:
- cx->f_begin = sha224_begin;
- cx->f_hash = sha224_hash;
- cx->f_end = sha224_end;
- cx->input_len = SHA224_BLOCK_SIZE;
- cx->output_len = SHA224_DIGEST_SIZE;
- break;
-#endif
-#ifdef SHA_256
- case HMAC_SHA256:
- cx->f_begin = sha256_begin;
- cx->f_hash = sha256_hash;
- cx->f_end = sha256_end;
- cx->input_len = SHA256_BLOCK_SIZE;
- cx->output_len = SHA256_DIGEST_SIZE;
- break;
-#endif
-#ifdef SHA_384
- case HMAC_SHA384:
- cx->f_begin = sha384_begin;
- cx->f_hash = sha384_hash;
- cx->f_end = sha384_end;
- cx->input_len = SHA384_BLOCK_SIZE;
- cx->output_len = SHA384_DIGEST_SIZE;
- break;
-#endif
-#ifdef SHA_512
- case HMAC_SHA512:
- cx->f_begin = sha512_begin;
- cx->f_hash = sha512_hash;
- cx->f_end = sha512_end;
- cx->input_len = SHA512_BLOCK_SIZE;
- cx->output_len = SHA512_DIGEST_SIZE;
- break;
- case HMAC_SHA512_256:
- cx->f_begin = sha512_256_begin;
- cx->f_hash = sha512_256_hash;
- cx->f_end = sha512_256_end;
- cx->input_len = SHA512_256_BLOCK_SIZE;
- cx->output_len = SHA512_256_DIGEST_SIZE;
- break;
- case HMAC_SHA512_224:
- cx->f_begin = sha512_224_begin;
- cx->f_hash = sha512_224_hash;
- cx->f_end = sha512_224_end;
- cx->input_len = SHA512_224_BLOCK_SIZE;
- cx->output_len = SHA512_224_DIGEST_SIZE;
- break;
- case HMAC_SHA512_192:
- cx->f_begin = sha512_192_begin;
- cx->f_hash = sha512_192_hash;
- cx->f_end = sha512_192_end;
- cx->input_len = SHA512_192_BLOCK_SIZE;
- cx->output_len = SHA512_192_DIGEST_SIZE;
- break;
- case HMAC_SHA512_128:
- cx->f_begin = sha512_128_begin;
- cx->f_hash = sha512_128_hash;
- cx->f_end = sha512_128_end;
- cx->input_len = SHA512_128_BLOCK_SIZE;
- cx->output_len = SHA512_128_DIGEST_SIZE;
- break;
-#endif
- }
- return cx->output_len;
-}
-
-/* input the HMAC key (can be called multiple times) */
-int hmac_sha_key(const unsigned char key[], unsigned long key_len, hmac_ctx cx[1])
-{
- if(cx->klen == HMAC_IN_DATA) /* error if further key input */
- return EXIT_FAILURE; /* is attempted in data mode */
-
- if(cx->klen + key_len > cx->input_len) /* if the key has to be hashed */
- {
- if(cx->klen <= cx->input_len) /* if the hash has not yet been */
- { /* started, initialise it and */
- cx->f_begin(cx->sha_ctx); /* hash stored key characters */
- cx->f_hash(cx->key, cx->klen, cx->sha_ctx);
- }
-
- cx->f_hash(key, key_len, cx->sha_ctx); /* hash long key data into hash */
- }
- else /* otherwise store key data */
- memcpy(cx->key + cx->klen, key, key_len);
-
- cx->klen += key_len; /* update the key length count */
- return EXIT_SUCCESS;
-}
-
-/* input the HMAC data (can be called multiple times) - */
-/* note that this call terminates the key input phase */
-void hmac_sha_data(const unsigned char data[], unsigned long data_len, hmac_ctx cx[1])
-{ unsigned int i;
-
- if(cx->klen != HMAC_IN_DATA) /* if not yet in data phase */
- {
- if(cx->klen > cx->input_len) /* if key is being hashed */
- { /* complete the hash and */
- cx->f_end(cx->key, cx->sha_ctx); /* store the result as the */
- cx->klen = cx->output_len; /* key and set new length */
- }
-
- /* pad the key if necessary */
- memset(cx->key + cx->klen, 0, cx->input_len - cx->klen);
-
- /* xor ipad into key value */
- for(i = 0; i < (cx->input_len >> 2); ++i)
- ((uint32_t*)cx->key)[i] ^= 0x36363636;
-
- /* and start hash operation */
- cx->f_begin(cx->sha_ctx);
- cx->f_hash(cx->key, cx->input_len, cx->sha_ctx);
-
- /* mark as now in data mode */
- cx->klen = HMAC_IN_DATA;
- }
-
- /* hash the data (if any) */
- if(data_len)
- cx->f_hash(data, data_len, cx->sha_ctx);
-}
-
-/* compute and output the MAC value */
-void hmac_sha_end(unsigned char mac[], unsigned long mac_len, hmac_ctx cx[1])
-{ unsigned char dig[HMAC_MAX_OUTPUT_SIZE];
- unsigned int i;
-
- /* if no data has been entered perform a null data phase */
- if(cx->klen != HMAC_IN_DATA)
- hmac_sha_data((const unsigned char*)0, 0, cx);
-
- cx->f_end(dig, cx->sha_ctx); /* complete the inner hash */
-
- /* set outer key value using opad and removing ipad */
- for(i = 0; i < (cx->input_len >> 2); ++i)
- ((uint32_t*)cx->key)[i] ^= 0x36363636 ^ 0x5c5c5c5c;
-
- /* perform the outer hash operation */
- cx->f_begin(cx->sha_ctx);
- cx->f_hash(cx->key, cx->input_len, cx->sha_ctx);
- cx->f_hash(dig, cx->output_len, cx->sha_ctx);
- cx->f_end(dig, cx->sha_ctx);
-
- /* output the hash value */
- for(i = 0; i < mac_len; ++i)
- mac[i] = dig[i];
-}
-
-/* 'do it all in one go' subroutine */
-void hmac_sha(enum hmac_hash hash, const unsigned char key[], unsigned long key_len,
- const unsigned char data[], unsigned long data_len,
- unsigned char mac[], unsigned long mac_len)
-{ hmac_ctx cx[1];
-
- hmac_sha_begin(hash, cx);
- hmac_sha_key(key, key_len, cx);
- hmac_sha_data(data, data_len, cx);
- hmac_sha_end(mac, mac_len, cx);
-}
-
-#if defined(__cplusplus)
-}
-#endif
diff --git a/crypto/src/main/jni/final_key/sha/hmac.h b/crypto/src/main/jni/final_key/sha/hmac.h
deleted file mode 100644
index f2d0d19b3..000000000
--- a/crypto/src/main/jni/final_key/sha/hmac.h
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
----------------------------------------------------------------------------
-Copyright (c) 1998-2010, Brian Gladman, Worcester, UK. All rights reserved.
-
-The redistribution and use of this software (with or without changes)
-is allowed without the payment of fees or royalties provided that:
-
- source code distributions include the above copyright notice, this
- list of conditions and the following disclaimer;
-
- binary distributions include the above copyright notice, this list
- of conditions and the following disclaimer in their documentation.
-
-This software is provided 'as is' with no explicit or implied warranties
-in respect of its operation, including, but not limited to, correctness
-and fitness for purpose.
----------------------------------------------------------------------------
-Issue Date: 20/12/2007
-
-This is an implementation of HMAC, the FIPS standard keyed hash function
-*/
-
-#ifndef _HMAC2_H
-#define _HMAC2_H
-
-#include
-#include
-
-#if defined(__cplusplus)
-extern "C"
-{
-#endif
-
-#if !defined(_SHA1_H)
-# include "sha1.h"
-#endif
-
-#if !defined(_SHA2_H)
-# include "sha2.h"
-#endif
-
-#if !defined(_SHA2_H)
-#define HMAC_BLOCK_SIZE SHA1_BLOCK_SIZE
-#define HMAC_MAX_OUTPUT_SIZE SHA1_DIGEST_SIZE
-#else
-#define HMAC_BLOCK_SIZE SHA2_MAX_BLOCK_SIZE
-#define HMAC_MAX_OUTPUT_SIZE SHA2_MAX_DIGEST_SIZE
-#endif
-
-#define HMAC_IN_DATA 0xffffffff
-
-enum hmac_hash
-{
-#ifdef _SHA1_H
- HMAC_SHA1,
-#endif
-#ifdef _SHA2_H
-# ifdef SHA_224
- HMAC_SHA224,
-# endif
-# ifdef SHA_256
- HMAC_SHA256,
-# endif
-# ifdef SHA_384
- HMAC_SHA384,
-# endif
-# ifdef SHA_512
- HMAC_SHA512,
- HMAC_SHA512_256,
- HMAC_SHA512_224,
- HMAC_SHA512_192,
- HMAC_SHA512_128
-# endif
-#endif
-};
-
-typedef VOID_RETURN hf_begin(void*);
-typedef VOID_RETURN hf_hash(const void*, unsigned long len, void*);
-typedef VOID_RETURN hf_end(void*, void*);
-
-typedef struct
-{ hf_begin *f_begin;
- hf_hash *f_hash;
- hf_end *f_end;
- unsigned char key[HMAC_BLOCK_SIZE];
- union
- {
-#ifdef _SHA1_H
- sha1_ctx u_sha1;
-#endif
-#ifdef _SHA2_H
-# ifdef SHA_224
- sha224_ctx u_sha224;
-# endif
-# ifdef SHA_256
- sha256_ctx u_sha256;
-# endif
-# ifdef SHA_384
- sha384_ctx u_sha384;
-# endif
-# ifdef SHA_512
- sha512_ctx u_sha512;
-# endif
-#endif
- } sha_ctx[1];
- unsigned long input_len;
- unsigned long output_len;
- unsigned long klen;
-} hmac_ctx;
-
-/* returns the length of hash digest for the hash used */
-/* mac_len must not be greater than this */
-int hmac_sha_begin(enum hmac_hash hash, hmac_ctx cx[1]);
-
-int hmac_sha_key(const unsigned char key[], unsigned long key_len, hmac_ctx cx[1]);
-
-void hmac_sha_data(const unsigned char data[], unsigned long data_len, hmac_ctx cx[1]);
-
-void hmac_sha_end(unsigned char mac[], unsigned long mac_len, hmac_ctx cx[1]);
-
-void hmac_sha(enum hmac_hash hash, const unsigned char key[], unsigned long key_len,
- const unsigned char data[], unsigned long data_len,
- unsigned char mac[], unsigned long mac_len);
-
-#if defined(__cplusplus)
-}
-#endif
-
-#endif
diff --git a/crypto/src/main/jni/final_key/sha/pwd2key.h b/crypto/src/main/jni/final_key/sha/pwd2key.h
deleted file mode 100644
index b9ba42114..000000000
--- a/crypto/src/main/jni/final_key/sha/pwd2key.h
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
----------------------------------------------------------------------------
-Copyright (c) 1998-2010, Brian Gladman, Worcester, UK. All rights reserved.
-
-The redistribution and use of this software (with or without changes)
-is allowed without the payment of fees or royalties provided that:
-
- source code distributions include the above copyright notice, this
- list of conditions and the following disclaimer;
-
- binary distributions include the above copyright notice, this list
- of conditions and the following disclaimer in their documentation.
-
-This software is provided 'as is' with no explicit or implied warranties
-in respect of its operation, including, but not limited to, correctness
-and fitness for purpose.
----------------------------------------------------------------------------
-Issue Date: 20/12/2007
-
-This is an implementation of RFC2898, which specifies key derivation from
-a password and a salt value.
-*/
-
-#ifndef PWD2KEY_H
-#define PWD2KEY_H
-
-#if defined(__cplusplus)
-extern "C"
-{
-#endif
-
-void derive_key(
- const unsigned char pwd[], /* the PASSWORD, and */
- unsigned int pwd_len, /* its length */
- const unsigned char salt[], /* the SALT and its */
- unsigned int salt_len, /* length */
- unsigned int iter, /* the number of iterations */
- unsigned char key[], /* space for the output key */
- unsigned int key_len); /* and its required length */
-
-#if defined(__cplusplus)
-}
-#endif
-
-#endif
diff --git a/crypto/src/main/jni/final_key/sha/sha1.h b/crypto/src/main/jni/final_key/sha/sha1.h
deleted file mode 100644
index 9f352f72a..000000000
--- a/crypto/src/main/jni/final_key/sha/sha1.h
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
----------------------------------------------------------------------------
-Copyright (c) 1998-2010, Brian Gladman, Worcester, UK. All rights reserved.
-
-The redistribution and use of this software (with or without changes)
-is allowed without the payment of fees or royalties provided that:
-
- source code distributions include the above copyright notice, this
- list of conditions and the following disclaimer;
-
- binary distributions include the above copyright notice, this list
- of conditions and the following disclaimer in their documentation.
-
-This software is provided 'as is' with no explicit or implied warranties
-in respect of its operation, including, but not limited to, correctness
-and fitness for purpose.
----------------------------------------------------------------------------
-Issue Date: 20/12/2007
-*/
-
-#ifndef _SHA1_H
-#define _SHA1_H
-
-/* define for bit or byte oriented SHA */
-#if 1
-# define SHA1_BITS 0 /* byte oriented */
-#else
-# define SHA1_BITS 1 /* bit oriented */
-#endif
-
-#define SHA_1
-
-#include
-#include "brg_types.h"
-
-#define SHA1_BLOCK_SIZE 64
-#define SHA1_DIGEST_SIZE 20
-
-#if defined(__cplusplus)
-extern "C"
-{
-#endif
-
-/* type to hold the SHA256 context */
-
-typedef struct
-{ uint32_t count[2];
- uint32_t hash[SHA1_DIGEST_SIZE >> 2];
- uint32_t wbuf[SHA1_BLOCK_SIZE >> 2];
-} sha1_ctx;
-
-/* Note that these prototypes are the same for both bit and */
-/* byte oriented implementations. However the length fields */
-/* are in bytes or bits as appropriate for the version used */
-/* and bit sequences are input as arrays of bytes in which */
-/* bit sequences run from the most to the least significant */
-/* end of each byte. The value 'len' in sha1_hash for the */
-/* byte oriented version of SHA1 is limited to 2^29 bytes, */
-/* but multiple calls will handle longer data blocks. */
-
-VOID_RETURN sha1_compile(sha1_ctx ctx[1]);
-
-VOID_RETURN sha1_begin(sha1_ctx ctx[1]);
-VOID_RETURN sha1_hash(const unsigned char data[], unsigned long len, sha1_ctx ctx[1]);
-VOID_RETURN sha1_end(unsigned char hval[], sha1_ctx ctx[1]);
-VOID_RETURN sha1(unsigned char hval[], const unsigned char data[], unsigned long len);
-
-#if defined(__cplusplus)
-}
-#endif
-
-#endif
diff --git a/crypto/src/main/jni/final_key/sha/sha2.h b/crypto/src/main/jni/final_key/sha/sha2.h
deleted file mode 100644
index e99042196..000000000
--- a/crypto/src/main/jni/final_key/sha/sha2.h
+++ /dev/null
@@ -1,183 +0,0 @@
-/*
----------------------------------------------------------------------------
-Copyright (c) 1998-2010, Brian Gladman, Worcester, UK. All rights reserved.
-
-The redistribution and use of this software (with or without changes)
-is allowed without the payment of fees or royalties provided that:
-
- source code distributions include the above copyright notice, this
- list of conditions and the following disclaimer;
-
- binary distributions include the above copyright notice, this list
- of conditions and the following disclaimer in their documentation.
-
-This software is provided 'as is' with no explicit or implied warranties
-in respect of its operation, including, but not limited to, correctness
-and fitness for purpose.
----------------------------------------------------------------------------
-Issue Date: 20/12/2007
-*/
-
-#ifndef _SHA2_H
-#define _SHA2_H
-
-#include
-
-/* define for bit or byte oriented SHA */
-#if 1
-# define SHA2_BITS 0 /* byte oriented */
-#else
-# define SHA2_BITS 1 /* bit oriented */
-#endif
-
-/* define the hash functions that you need */
-/* define for 64-bit SHA384 and SHA512 */
-#define SHA_64BIT
-#define SHA_2 /* for dynamic hash length */
-#define SHA_224
-#define SHA_256
-#ifdef SHA_64BIT
-# define SHA_384
-# define SHA_512
-# define NEED_uint64_t
-#endif
-
-#define SHA2_MAX_DIGEST_SIZE 64
-#define SHA2_MAX_BLOCK_SIZE 128
-
-#include "brg_types.h"
-
-#if defined(__cplusplus)
-extern "C"
-{
-#endif
-
-/* Note that the following function prototypes are the same */
-/* for both the bit and byte oriented implementations. But */
-/* the length fields are in bytes or bits as is appropriate */
-/* for the version used. Bit sequences are arrays of bytes */
-/* in which bit sequence indexes increase from the most to */
-/* the least significant end of each byte. The value 'len' */
-/* in sha_hash for the byte oriented versions of SHA2 */
-/* is limited to 2^29 bytes, but multiple calls will handle */
-/* longer data blocks. */
-
-#define SHA224_DIGEST_SIZE 28
-#define SHA224_BLOCK_SIZE 64
-
-#define SHA256_DIGEST_SIZE 32
-#define SHA256_BLOCK_SIZE 64
-
-/* type to hold the SHA256 (and SHA224) context */
-
-typedef struct
-{ uint32_t count[2];
- uint32_t hash[SHA256_DIGEST_SIZE >> 2];
- uint32_t wbuf[SHA256_BLOCK_SIZE >> 2];
-} sha256_ctx;
-
-typedef sha256_ctx sha224_ctx;
-
-VOID_RETURN sha256_compile(sha256_ctx ctx[1]);
-
-VOID_RETURN sha224_begin(sha224_ctx ctx[1]);
-#define sha224_hash sha256_hash
-VOID_RETURN sha224_end(unsigned char hval[], sha224_ctx ctx[1]);
-VOID_RETURN sha224(unsigned char hval[], const unsigned char data[], unsigned long len);
-
-VOID_RETURN sha256_begin(sha256_ctx ctx[1]);
-VOID_RETURN sha256_hash(const unsigned char data[], unsigned long len, sha256_ctx ctx[1]);
-VOID_RETURN sha256_end(unsigned char hval[], sha256_ctx ctx[1]);
-VOID_RETURN sha256(unsigned char hval[], const unsigned char data[], unsigned long len);
-
-#ifndef SHA_64BIT
-
-typedef struct
-{ union
- { sha256_ctx ctx256[1];
- } uu[1];
- uint32_t sha2_len;
-} sha2_ctx;
-
-#else
-
-#define SHA384_DIGEST_SIZE 48
-#define SHA384_BLOCK_SIZE 128
-
-#define SHA512_DIGEST_SIZE 64
-#define SHA512_BLOCK_SIZE 128
-
-#define SHA512_128_DIGEST_SIZE 16
-#define SHA512_128_BLOCK_SIZE SHA512_BLOCK_SIZE
-
-#define SHA512_192_DIGEST_SIZE 24
-#define SHA512_192_BLOCK_SIZE SHA512_BLOCK_SIZE
-
-#define SHA512_224_DIGEST_SIZE 28
-#define SHA512_224_BLOCK_SIZE SHA512_BLOCK_SIZE
-
-#define SHA512_256_DIGEST_SIZE 32
-#define SHA512_256_BLOCK_SIZE SHA512_BLOCK_SIZE
-
-/* type to hold the SHA384 (and SHA512) context */
-
-typedef struct
-{ uint64_t count[2];
- uint64_t hash[SHA512_DIGEST_SIZE >> 3];
- uint64_t wbuf[SHA512_BLOCK_SIZE >> 3];
-} sha512_ctx;
-
-typedef sha512_ctx sha384_ctx;
-
-typedef struct
-{ union
- { sha256_ctx ctx256[1];
- sha512_ctx ctx512[1];
- } uu[1];
- uint32_t sha2_len;
-} sha2_ctx;
-
-VOID_RETURN sha512_compile(sha512_ctx ctx[1]);
-
-VOID_RETURN sha384_begin(sha384_ctx ctx[1]);
-#define sha384_hash sha512_hash
-VOID_RETURN sha384_end(unsigned char hval[], sha384_ctx ctx[1]);
-VOID_RETURN sha384(unsigned char hval[], const unsigned char data[], unsigned long len);
-
-VOID_RETURN sha512_begin(sha512_ctx ctx[1]);
-VOID_RETURN sha512_hash(const unsigned char data[], unsigned long len, sha512_ctx ctx[1]);
-VOID_RETURN sha512_end(unsigned char hval[], sha512_ctx ctx[1]);
-VOID_RETURN sha512(unsigned char hval[], const unsigned char data[], unsigned long len);
-
-VOID_RETURN sha512_256_begin(sha512_ctx ctx[1]);
-#define sha512_256_hash sha512_hash
-VOID_RETURN sha512_256_end(unsigned char hval[], sha512_ctx ctx[1]);
-VOID_RETURN sha512_256(unsigned char hval[], const unsigned char data[], unsigned long len);
-
-VOID_RETURN sha512_224_begin(sha512_ctx ctx[1]);
-#define sha512_224_hash sha512_hash
-VOID_RETURN sha512_224_end(unsigned char hval[], sha512_ctx ctx[1]);
-VOID_RETURN sha512_224(unsigned char hval[], const unsigned char data[], unsigned long len);
-
-VOID_RETURN sha512_192_begin(sha512_ctx ctx[1]);
-#define sha512_192_hash sha512_hash
-VOID_RETURN sha512_192_end(unsigned char hval[], sha512_ctx ctx[1]);
-VOID_RETURN sha512_192(unsigned char hval[], const unsigned char data[], unsigned long len);
-
-VOID_RETURN sha512_128_begin(sha512_ctx ctx[1]);
-#define sha512_128_hash sha512_hash
-VOID_RETURN sha512_128_end(unsigned char hval[], sha512_ctx ctx[1]);
-VOID_RETURN sha512_128(unsigned char hval[], const unsigned char data[], unsigned long len);
-
-INT_RETURN sha2_begin(unsigned long size, sha2_ctx ctx[1]);
-VOID_RETURN sha2_hash(const unsigned char data[], unsigned long len, sha2_ctx ctx[1]);
-VOID_RETURN sha2_end(unsigned char hval[], sha2_ctx ctx[1]);
-INT_RETURN sha2(unsigned char hval[], unsigned long size, const unsigned char data[], unsigned long len);
-
-#endif
-
-#if defined(__cplusplus)
-}
-#endif
-
-#endif