changes) provided that:

1. source code distributions include the above copyright notice, this

list of conditions and the following disclaimer;

2. binary distributions include the above copyright notice, this list

of conditions and the following disclaimer in their documentation;

3. the name of the copyright holder is not used to endorse products

built using this software without specific written permission.

DISCLAIMER

This software is provided 'as is' with no explicit or implied warranties

in respect of its properties, including, but not limited to, correctness

and/or fitness for purpose.

---------------------------------------------------------------------------

Issue Date: 20/12/2007

This file contains the definitions required to use AES in C. See aesopt.h

for optimisation details.

*/

/* Adapted for TrueCrypt */

#ifndef _AES_H

#define _AES_H

#include "Common/Tcdefs.h"

#ifndef EXIT_SUCCESS

#define EXIT_SUCCESS 0

#define EXIT_FAILURE 1

#endif

#define INT_RETURN int

#if defined(__cplusplus)

extern "C"

{

#endif

// #define AES_128 /* define if AES with 128 bit keys is needed */

// #define AES_192 /* define if AES with 192 bit keys is needed */

#define AES_256 /* define if AES with 256 bit keys is needed */

// #define AES_VAR /* define if a variable key size is needed */

// #define AES_MODES /* define if support is needed for modes */

/* The following must also be set in assembler files if being used */

#define AES_ENCRYPT /* if support for encryption is needed */

#define AES_DECRYPT /* if support for decryption is needed */

#define AES_ERR_CHK /* for parameter checks & error return codes */

#define AES_REV_DKS /* define to reverse decryption key schedule */

#define AES_BLOCK_SIZE 16 /* the AES block size in bytes */

#define N_COLS 4 /* the number of columns in the state */

/* The key schedule length is 11, 13 or 15 16-byte blocks for 128, */

/* 192 or 256-bit keys respectively. That is 176, 208 or 240 bytes */

/* or 44, 52 or 60 32-bit words. */

#if defined( AES_VAR ) || defined( AES_256 )

#define KS_LENGTH 60

#elif defined( AES_192 )

#define KS_LENGTH 52

#else

#define KS_LENGTH 44

#endif

#if defined( AES_ERR_CHK )

#define AES_RETURN INT_RETURN

#else

#define AES_RETURN VOID_RETURN

#endif

/* the character array 'inf' in the following structures is used */

/* to hold AES context information. This AES code uses cx->inf.b[0] */

/* to hold the number of rounds multiplied by 16. The other three */

/* elements can be used by code that implements additional modes */

typedef union

{ uint_32t l;

uint_8t b[4];

} aes_inf;

typedef struct

{ uint_32t ks[KS_LENGTH];

aes_inf inf;

} aes_encrypt_ctx;

typedef struct

{ uint_32t ks[KS_LENGTH];

aes_inf inf;

} aes_decrypt_ctx;

/* This routine must be called before first use if non-static */

/* tables are being used */

AES_RETURN aes_init(void);

/* Key lengths in the range 16 <= key_len <= 32 are given in bytes, */

/* those in the range 128 <= key_len <= 256 are given in bits */

#if defined( AES_ENCRYPT )

#if defined(AES_128) || defined(AES_VAR)

AES_RETURN aes_encrypt_key128(const unsigned char *key, aes_encrypt_ctx cx[1]);

#endif

#if defined(AES_192) || defined(AES_VAR)

AES_RETURN aes_encrypt_key192(const unsigned char *key, aes_encrypt_ctx cx[1]);

#endif

#if defined(AES_256) || defined(AES_VAR)

AES_RETURN aes_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1]);

#endif

#if defined(AES_VAR)

AES_RETURN aes_encrypt_key(const unsigned char *key, int key_len, aes_encrypt_ctx cx[1]);

#endif

#endif

#if defined( AES_DECRYPT )

#if defined(AES_128) || defined(AES_VAR)

AES_RETURN aes_decrypt_key128(const unsigned char *key, aes_decrypt_ctx cx[1]);

#endif

#if defined(AES_192) || defined(AES_VAR)

AES_RETURN aes_decrypt_key192(const unsigned char *key, aes_decrypt_ctx cx[1]);

#endif

#if defined(AES_256) || defined(AES_VAR)

AES_RETURN aes_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1]);

#endif

#if defined(AES_VAR)

AES_RETURN aes_decrypt_key(const unsigned char *key, int key_len, aes_decrypt_ctx cx[1]);

#endif

#endif

#if defined(AES_MODES)

/* Multiple calls to the following subroutines for multiple block */

/* ECB, CBC, CFB, OFB and CTR mode encryption can be used to handle */

/* long messages incremantally provided that the context AND the iv */

/* are preserved between all such calls. For the ECB and CBC modes */

/* each individual call within a series of incremental calls must */

/* process only full blocks (i.e. len must be a multiple of 16) but */

/* the CFB, OFB and CTR mode calls can handle multiple incremental */

/* calls of any length. Each mode is reset when a new AES key is */

/* set but ECB and CBC operations can be reset without setting a */

/* new key by setting a new IV value. To reset CFB, OFB and CTR */

/* without setting the key, aes_mode_reset() must be called and the */

/* IV must be set. NOTE: All these calls update the IV on exit so */

/* this has to be reset if a new operation with the same IV as the */

/* previous one is required (or decryption follows encryption with */

/* the same IV array). */

AES_RETURN aes_test_alignment_detection(unsigned int n);

AES_RETURN aes_ecb_encrypt(const unsigned char *ibuf, unsigned char *obuf,

int len, const aes_encrypt_ctx cx[1]);

AES_RETURN aes_ecb_decrypt(const unsigned char *ibuf, unsigned char *obuf,

int len, const aes_decrypt_ctx cx[1]);

AES_RETURN aes_cbc_encrypt(const unsigned char *ibuf, unsigned char *obuf,

int len, unsigned char *iv, const aes_encrypt_ctx cx[1]);

/*

Derived from source code of TrueCrypt 7.1a, which is

Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed

by the TrueCrypt License 3.0.

Modifications and additions to the original source code (contained in this file)

and all other portions of this file are Copyright (c) 2013-2017 IDRIX

and are governed by the Apache License 2.0 the full text of which is

contained in the file License.txt included in VeraCrypt binary and source

code distribution packages.

*/

#ifndef TC_HEADER_Crypto_Aes_Hw_Cpu

#define TC_HEADER_Crypto_Aes_Hw_Cpu

#include "Common/Tcdefs.h"

#if defined(__cplusplus)

extern "C"

{

#endif

#if defined (TC_WINDOWS_BOOT)

#endif

void aes_hw_cpu_enable_sse ();

#if defined(__cplusplus)

}

#endif

#endif // TC_HEADER_Crypto_Aes_Hw_Cpu

used for dynamically variable block sizes is designed to expand

to a compile time constant whenever possible but will expand to

conditional clauses on some branches (I am grateful to Frank

Yellin for this construction)

*/

#define fwd_var(x,r,c)\

( r == 0 ? ( c == 0 ? s(x,0) : c == 1 ? s(x,1) : c == 2 ? s(x,2) : s(x,3))\

: r == 1 ? ( c == 0 ? s(x,1) : c == 1 ? s(x,2) : c == 2 ? s(x,3) : s(x,0))\

: r == 2 ? ( c == 0 ? s(x,2) : c == 1 ? s(x,3) : c == 2 ? s(x,0) : s(x,1))\

: ( c == 0 ? s(x,3) : c == 1 ? s(x,0) : c == 2 ? s(x,1) : s(x,2)))

#if defined(FT4_SET)

#undef dec_fmvars

#define fwd_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(f,n),fwd_var,rf1,c))

#elif defined(FT1_SET)

#undef dec_fmvars

#define fwd_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,upr,t_use(f,n),fwd_var,rf1,c))

#else

#define fwd_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ fwd_mcol(no_table(x,t_use(s,box),fwd_var,rf1,c)))

#endif

#if defined(FL4_SET)

#define fwd_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(f,l),fwd_var,rf1,c))

#elif defined(FL1_SET)

#define fwd_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,ups,t_use(f,l),fwd_var,rf1,c))

#else

#define fwd_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ no_table(x,t_use(s,box),fwd_var,rf1,c))

#endif

{ uint_32t locals(b0, b1);

const uint_32t *kp;

#if defined( dec_fmvars )

dec_fmvars; /* declare variables for fwd_mcol() if needed */

#endif

#if defined( AES_ERR_CHK )

if( cx->inf.b[0] != 10 * 16 && cx->inf.b[0] != 12 * 16 && cx->inf.b[0] != 14 * 16 )

return EXIT_FAILURE;

#endif

kp = cx->ks;

state_in(b0, in, kp);

#if (ENC_UNROLL == FULL)

switch(cx->inf.b[0])

{

case 14 * 16:

round(fwd_rnd, b1, b0, kp + 1 * N_COLS);

round(fwd_rnd, b0, b1, kp + 2 * N_COLS);

kp += 2 * N_COLS;

case 12 * 16:

round(fwd_rnd, b1, b0, kp + 1 * N_COLS);

round(fwd_rnd, b0, b1, kp + 2 * N_COLS);

kp += 2 * N_COLS;

case 10 * 16:

round(fwd_rnd, b1, b0, kp + 1 * N_COLS);

round(fwd_rnd, b0, b1, kp + 2 * N_COLS);

round(fwd_rnd, b1, b0, kp + 3 * N_COLS);

#elif defined(IT1_SET)

#undef dec_imvars

#define inv_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,upr,t_use(i,n),inv_var,rf1,c))

#else

#define inv_rnd(y,x,k,c) (s(y,c) = inv_mcol((k)[c] ^ no_table(x,t_use(i,box),inv_var,rf1,c)))

#endif

#if defined(IL4_SET)

#define inv_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(i,l),inv_var,rf1,c))

#elif defined(IL1_SET)

#define inv_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,ups,t_use(i,l),inv_var,rf1,c))

#else

#define inv_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ no_table(x,t_use(i,box),inv_var,rf1,c))

#endif

/* This code can work with the decryption key schedule in the */

/* order that is used for encrytpion (where the 1st decryption */

/* round key is at the high end ot the schedule) or with a key */

/* schedule that has been reversed to put the 1st decryption */

/* round key at the low end of the schedule in memory (when */

/* AES_REV_DKS is defined) */

#ifdef AES_REV_DKS

#define key_ofs 0

#define rnd_key(n) (kp + n * N_COLS)

#else

#define key_ofs 1

#define rnd_key(n) (kp - n * N_COLS)

#endif

{ uint_32t locals(b0, b1);

#if defined( dec_imvars )

dec_imvars; /* declare variables for inv_mcol() if needed */

#endif

const uint_32t *kp;

#if defined( AES_ERR_CHK )

if( cx->inf.b[0] != 10 * 16 && cx->inf.b[0] != 12 * 16 && cx->inf.b[0] != 14 * 16 )

return EXIT_FAILURE;

#endif

kp = cx->ks + (key_ofs ? (cx->inf.b[0] >> 2) : 0);

state_in(b0, in, kp);

#if (DEC_UNROLL == FULL)

kp = cx->ks + (key_ofs ? 0 : (cx->inf.b[0] >> 2));

switch(cx->inf.b[0])

{

case 14 * 16:

round(inv_rnd, b1, b0, rnd_key(-13));

round(inv_rnd, b0, b1, rnd_key(-12));

case 12 * 16:

round(inv_rnd, b1, b0, rnd_key(-11));

round(inv_rnd, b0, b1, rnd_key(-10));

case 10 * 16:

round(inv_rnd, b1, b0, rnd_key(-9));

round(inv_rnd, b0, b1, rnd_key(-8));

round(inv_rnd, b1, b0, rnd_key(-7));

round(inv_rnd, b0, b1, rnd_key(-6));

#include "Camellia.h"

#include "Common/Endian.h"

#include "Crypto/cpu.h"

#include "Crypto/misc.h"

#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)

/* camellia.c ver 1.2.0-x86_64_asm1.1

*

* Copyright (c) 2006,2007

* NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved.

*

* SuperCop integration:

*

* VeraCrypt integration:

*

* Redistribution and use in source and binary forms, with or without

* modification, are permitted provided that the following conditions

* are met:

* 1. Redistributions of source code must retain the above copyright

* notice, this list of conditions and the following disclaimer as

* the first lines of this file unmodified.

* 2. Redistributions in binary form must reproduce the above copyright

* notice, this list of conditions and the following disclaimer in the

* documentation and/or other materials provided with the distribution.

*

* THIS SOFTWARE IS PROVIDED BY NTT ``AS IS'' AND ANY EXPRESS OR

* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES

* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.

* IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT,

* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,

* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY

* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF

* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

*/

/*

* Algorithm Specification

* http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html

*/

/* Adapted for VeraCrypt */

#include "Common/Crypto.h"

#ifndef _WIN32

extern int IsAesHwCpuSupported ();

#endif

/* key constants */

#define CAMELLIA_SIGMA1L (0xA09E667FL)

#define CAMELLIA_SIGMA1R (0x3BCC908BL)

#define CAMELLIA_SIGMA2L (0xB67AE858L)

#define CAMELLIA_SIGMA2R (0x4CAA73B2L)

#define CAMELLIA_SIGMA3L (0xC6EF372FL)

#define CAMELLIA_SIGMA3R (0xE94F82BEL)

#define CAMELLIA_SIGMA4L (0x54FF53A5L)

#define CAMELLIA_SIGMA4R (0xF1D36F1CL)

#define CAMELLIA_SIGMA5L (0x10E527FAL)

#define CAMELLIA_SIGMA5R (0xDE682D1DL)

#define CAMELLIA_SIGMA6L (0xB05688C2L)

#define CAMELLIA_SIGMA6R (0xB3E6C1FDL)

/*

* macros

*/

# define GETU32(p) bswap_32(*((uint32 *)(p)))

# define PUTU32(ct, st) {*((uint32 *)(ct)) = bswap_32((st));}

#define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])

#define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])

/* rotation right shift 1byte */

#define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))

/* rotation left shift 1bit */

CamelliaSubkeyR(25) = subr(25);

tl = subl(23) ^ (subr(23) & ~subr(25));

dw = tl & subl(25), tr = subr(23) ^ CAMELLIA_RL1(dw);

CamelliaSubkeyL(26) = tl ^ subl(27);

CamelliaSubkeyR(26) = tr ^ subr(27);

CamelliaSubkeyL(27) = subl(26) ^ subl(28);

CamelliaSubkeyR(27) = subr(26) ^ subr(28);

CamelliaSubkeyL(28) = subl(27) ^ subl(29);

CamelliaSubkeyR(28) = subr(27) ^ subr(29);

CamelliaSubkeyL(29) = subl(28) ^ subl(30);

CamelliaSubkeyR(29) = subr(28) ^ subr(30);

CamelliaSubkeyL(30) = subl(29) ^ subl(31);

CamelliaSubkeyR(30) = subr(29) ^ subr(31);

CamelliaSubkeyL(31) = subl(30);

CamelliaSubkeyR(31) = subr(30);

CamelliaSubkeyL(32) = subl(32) ^ subl(31);

CamelliaSubkeyR(32) = subr(32) ^ subr(31);

return;

}

void camellia_encrypt(const unsigned __int8 *inBlock, unsigned __int8 *outBlock, unsigned __int8 *ks)

{

camellia_encrypt_asm (ks, outBlock, inBlock);

}

void camellia_decrypt(const unsigned __int8 *inBlock, unsigned __int8 *outBlock, unsigned __int8 *ks)

{

camellia_decrypt_asm (ks, outBlock, inBlock);

}

{

#if !defined (_UEFI)

if ((blockCount >= 16) && IsCpuIntel() && IsAesHwCpuSupported () && HasSAVX()) /* on AMD cpu, AVX is too slow */

{

#if defined (TC_WINDOWS_DRIVER)

XSTATE_SAVE SaveState;

if (NT_SUCCESS (KeSaveExtendedProcessorStateVC(XSTATE_MASK_GSSE, &SaveState)))

{

#endif

while (blockCount >= 16)

{

camellia_ecb_enc_16way (instance, out_blk, in_blk);

out_blk += 16 * 16;

in_blk += 16 * 16;

blockCount -= 16;

}

#if defined (TC_WINDOWS_DRIVER)

KeRestoreExtendedProcessorStateVC(&SaveState);

}

#endif

}

#endif

while (blockCount >= 2)

{

camellia_enc_blk2 (instance, out_blk, in_blk);

out_blk += 2 * 16;

in_blk += 2 * 16;

blockCount -= 2;

}

if (blockCount)

camellia_encrypt (in_blk, out_blk, instance);

}

{

#if !defined (_UEFI)

if ((blockCount >= 16) && IsCpuIntel() && IsAesHwCpuSupported () && HasSAVX()) /* on AMD cpu, AVX is too slow */

{

#if defined (TC_WINDOWS_DRIVER)

XSTATE_SAVE SaveState;

if (NT_SUCCESS (KeSaveExtendedProcessorStateVC(XSTATE_MASK_GSSE, &SaveState)))

{

#endif

while (blockCount >= 16)

{

camellia_ecb_dec_16way (instance, out_blk, in_blk);

out_blk += 16 * 16;

in_blk += 16 * 16;

blockCount -= 16;

}

#if defined (TC_WINDOWS_DRIVER)

KeRestoreExtendedProcessorStateVC(&SaveState);

}

#endif

}

#endif

while (blockCount >= 2)

{

camellia_dec_blk2 (instance, out_blk, in_blk);

out_blk += 2 * 16;

in_blk += 2 * 16;

blockCount -= 2;

}

#ifndef HEADER_Crypto_Camellia

#define HEADER_Crypto_Camellia

#include "Common/Tcdefs.h"

#include "config.h"

#ifdef __cplusplus

extern "C"

{

#endif

#define CAMELLIA_KS 34 * 8

/* userKey is always 32-bytes long */

/* size of ks is 34*8 bytes */

void camellia_set_key(const unsigned __int8 userKey[], unsigned __int8 *ks);

void camellia_encrypt(const unsigned __int8 *inBlock, unsigned __int8 *outBlock, unsigned __int8 *ks);

void camellia_decrypt(const unsigned __int8 *inBlock, unsigned __int8 *outBlock, unsigned __int8 *ks);

#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)

#endif

#ifdef __cplusplus

}

#endif

#endif // HEADER_Crypto_Camellia

</ProjectConfiguration>

<ProjectConfiguration Include="Debug|x64">

<Configuration>Debug</Configuration>

<Platform>x64</Platform>

</ProjectConfiguration>

<ProjectConfiguration Include="Release|ARM64">

<Configuration>Release</Configuration>

<Platform>ARM64</Platform>

</ProjectConfiguration>

<ProjectConfiguration Include="Release|Win32">

<Configuration>Release</Configuration>

<Platform>Win32</Platform>

</ProjectConfiguration>

<ProjectConfiguration Include="Release|x64">

<Configuration>Release</Configuration>

<Platform>x64</Platform>

</ProjectConfiguration>

</ItemGroup>

<PropertyGroup Label="Globals">

<ProjectGuid>{993245CF-6B70-47EE-91BB-39F8FC6DC0E7}</ProjectGuid>

<RootNamespace>Crypto</RootNamespace>

<Keyword>Win32Proj</Keyword>

<WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>

<ProjectName>Crypto</ProjectName>

</PropertyGroup>

<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />

<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">

<ConfigurationType>StaticLibrary</ConfigurationType>

<CharacterSet>Unicode</CharacterSet>

<PlatformToolset>v142</PlatformToolset>

</PropertyGroup>

<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">

<ConfigurationType>StaticLibrary</ConfigurationType>

<CharacterSet>Unicode</CharacterSet>

<PlatformToolset>v142</PlatformToolset>

</PropertyGroup>

<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">

<ConfigurationType>StaticLibrary</ConfigurationType>

<CharacterSet>Unicode</CharacterSet>

<PlatformToolset>v142</PlatformToolset>

</PropertyGroup>

<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">

<ConfigurationType>StaticLibrary</ConfigurationType>

<CharacterSet>Unicode</CharacterSet>

<PlatformToolset>v142</PlatformToolset>

</PropertyGroup>

<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">

<ConfigurationType>StaticLibrary</ConfigurationType>

<CharacterSet>Unicode</CharacterSet>

<PlatformToolset>v142</PlatformToolset>

</PropertyGroup>

<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">

<ConfigurationType>StaticLibrary</ConfigurationType>

<CharacterSet>Unicode</CharacterSet>

<PlatformToolset>v142</PlatformToolset>

</PropertyGroup>

<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />

<ImportGroup Label="ExtensionSettings">

</ImportGroup>

<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">

<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />

<Import Project="$(VCTargetsPath)Microsoft.CPP.UpgradeFromVC71.props" />

</ImportGroup>

<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">

<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />

<Import Project="$(VCTargetsPath)Microsoft.CPP.UpgradeFromVC71.props" />

</ImportGroup>

<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">

<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />

<Import Project="$(VCTargetsPath)Microsoft.CPP.UpgradeFromVC71.props" />

</ImportGroup>

<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="PropertySheets">

<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />

<Import Project="$(VCTargetsPath)Microsoft.CPP.UpgradeFromVC71.props" />

</ImportGroup>

<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">

<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />

<Import Project="$(VCTargetsPath)Microsoft.CPP.UpgradeFromVC71.props" />

</ImportGroup>

<ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="PropertySheets">

<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />

<Import Project="$(VCTargetsPath)Microsoft.CPP.UpgradeFromVC71.props" />

</ImportGroup>

<PropertyGroup Label="UserMacros" />

<PropertyGroup>

<_ProjectFileVersion>10.0.40219.1</_ProjectFileVersion>

</PropertyGroup>

<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">

<ClCompile>

<Optimization>Disabled</Optimization>

<AdditionalIncludeDirectories>$(ProjectDir)\..;$(ProjectDir)\..\Common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>

<PreprocessorDefinitions>WIN32;DEBUG;_DEBUG;_LIB;_CRT_SECURE_NO_DEPRECATE;_CRT_NON_CONFORMING_SWPRINTFS;%(PreprocessorDefinitions)</PreprocessorDefinitions>

<MinimalRebuild>true</MinimalRebuild>

<BasicRuntimeChecks>Default</BasicRuntimeChecks>

<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>

<BufferSecurityCheck>false</BufferSecurityCheck>

<PrecompiledHeader>

</PrecompiledHeader>

<WarningLevel>Level4</WarningLevel>

<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>

<DisableSpecificWarnings>4100;4127;4201;%(DisableSpecificWarnings)</DisableSpecificWarnings>

</ClCompile>

<Lib>

<OutputFile>$(OutDir)Crypto.lib</OutputFile>

</Lib>

</ItemDefinitionGroup>

<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">

<Midl>

<TargetEnvironment>X64</TargetEnvironment>

</Midl>

<ClCompile>

<Optimization>Disabled</Optimization>

<AdditionalIncludeDirectories>$(ProjectDir)\..;$(ProjectDir)\..\Common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>

<PreprocessorDefinitions>WIN32;DEBUG;_DEBUG;_LIB;_CRT_SECURE_NO_DEPRECATE;_CRT_NON_CONFORMING_SWPRINTFS;%(PreprocessorDefinitions)</PreprocessorDefinitions>

<MinimalRebuild>true</MinimalRebuild>

<BasicRuntimeChecks>Default</BasicRuntimeChecks>

<AdditionalIncludeDirectories>$(ProjectDir)\..;$(ProjectDir)\..\Common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>

<PreprocessorDefinitions>WIN32;DEBUG;_DEBUG;_LIB;_CRT_SECURE_NO_DEPRECATE;_CRT_NON_CONFORMING_SWPRINTFS;%(PreprocessorDefinitions)</PreprocessorDefinitions>

<MinimalRebuild>true</MinimalRebuild>

<BasicRuntimeChecks>Default</BasicRuntimeChecks>

<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>

<BufferSecurityCheck>false</BufferSecurityCheck>

<PrecompiledHeader>

</PrecompiledHeader>

<WarningLevel>Level4</WarningLevel>

<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>

<DisableSpecificWarnings>4100;4127;4201;%(DisableSpecificWarnings)</DisableSpecificWarnings>

</ClCompile>

<Lib>

<OutputFile>$(OutDir)Crypto.lib</OutputFile>

</Lib>

</ItemDefinitionGroup>

<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">

<ClCompile>

<Optimization>MaxSpeed</Optimization>

<AdditionalIncludeDirectories>$(ProjectDir)\..;$(ProjectDir)\..\Common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>

<PreprocessorDefinitions>WIN32;NDEBUG;_LIB;_CRT_SECURE_NO_DEPRECATE;_CRT_NON_CONFORMING_SWPRINTFS;%(PreprocessorDefinitions)</PreprocessorDefinitions>

<RuntimeLibrary>MultiThreaded</RuntimeLibrary>

<BufferSecurityCheck>true</BufferSecurityCheck>

<PrecompiledHeader>

</PrecompiledHeader>

<AssemblerOutput>All</AssemblerOutput>

<AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>

<WarningLevel>Level4</WarningLevel>

<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>

<DisableSpecificWarnings>4100;4127;4201;%(DisableSpecificWarnings)</DisableSpecificWarnings>

</ClCompile>

<Lib>

<OutputFile>$(OutDir)Crypto.lib</OutputFile>

<AdditionalLibraryDirectories>$(TargetDir);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>

</Lib>

</ItemDefinitionGroup>

<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">

<Midl>

<TargetEnvironment>X64</TargetEnvironment>

</Midl>

<ClCompile>

<Optimization>MaxSpeed</Optimization>

<AdditionalIncludeDirectories>$(ProjectDir)\..;$(ProjectDir)\..\Common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>

<PreprocessorDefinitions>WIN32;NDEBUG;_LIB;_CRT_SECURE_NO_DEPRECATE;_CRT_NON_CONFORMING_SWPRINTFS;%(PreprocessorDefinitions)</PreprocessorDefinitions>

<RuntimeLibrary>MultiThreaded</RuntimeLibrary>

<BufferSecurityCheck>true</BufferSecurityCheck>

<PrecompiledHeader>

</PrecompiledHeader>

<AssemblerOutput>All</AssemblerOutput>

<AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>

<WarningLevel>Level4</WarningLevel>

<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>

<DisableSpecificWarnings>4100;4127;4201;%(DisableSpecificWarnings)</DisableSpecificWarnings>

</ClCompile>

<Lib>

<OutputFile>$(OutDir)Crypto.lib</OutputFile>

<AdditionalLibraryDirectories>$(TargetDir);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>

</Lib>

</ItemDefinitionGroup>

<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">

<Midl />

<ClCompile>

<Optimization>MaxSpeed</Optimization>

<AdditionalIncludeDirectories>$(ProjectDir)\..;$(ProjectDir)\..\Common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>

<PreprocessorDefinitions>WIN32;NDEBUG;_LIB;_CRT_SECURE_NO_DEPRECATE;_CRT_NON_CONFORMING_SWPRINTFS;%(PreprocessorDefinitions)</PreprocessorDefinitions>

<RuntimeLibrary>MultiThreaded</RuntimeLibrary>

<BufferSecurityCheck>true</BufferSecurityCheck>

<PrecompiledHeader>

</PrecompiledHeader>

<AssemblerOutput>All</AssemblerOutput>

<AssemblerListingLocation>$(IntDir)</AssemblerListingLocation>

<WarningLevel>Level4</WarningLevel>

<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>

<DisableSpecificWarnings>4100;4127;4201;%(DisableSpecificWarnings)</DisableSpecificWarnings>

</ClCompile>

<Lib>

<OutputFile>$(OutDir)Crypto.lib</OutputFile>

<AdditionalLibraryDirectories>$(TargetDir);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>

</Lib>

</ItemDefinitionGroup>

<ItemGroup>

<CustomBuild Include="Aes_hw_cpu.asm">

<Command Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">echo %(Filename)%(Extension) &amp; nasm.exe -Xvc -f win32 -Ox -g --prefix _ -o "$(TargetDir)\%(Filename).obj" "%(FullPath)"

</Command>

<Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>

<Command Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">echo %(Filename)%(Extension) &amp; nasm.exe -Xvc -f win64 -Ox -g -o "$(TargetDir)\%(Filename).obj" "%(FullPath)"

</Command>

<Command Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">echo %(Filename)%(Extension) &amp; nasm.exe -Xvc -f win64 -Ox -g -o "$(TargetDir)\%(Filename).obj" "%(FullPath)"

</Command>

<Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>

<Outputs Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>

<Command Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">echo %(Filename)%(Extension) &amp; nasm.exe -Xvc -f win32 -Ox --prefix _ -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)"

</Command>

<Outputs Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>

<Command Condition="'$(Configuration)|$(Platform)'=='Release|x64'">echo %(Filename)%(Extension) &amp; nasm.exe -Xvc -f win64 -Ox -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)"

</Command>

<Command Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">echo %(Filename)%(Extension) &amp; nasm.exe -Xvc -f win64 -Ox -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)"

</Command>

<Outputs Condition="'$(Configuration)|$(Platform)'=='Release|x64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>

<Outputs Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">$(TargetDir)\%(Filename).obj;%(Outputs)</Outputs>

<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">true</ExcludedFromBuild>

<ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">true</ExcludedFromBuild>

</CustomBuild>

<CustomBuild Include="Aes_x64.asm">

/*

This code is written by kerukuro for cppcrypto library (http://cppcrypto.sourceforge.net/)

and released into public domain.

*/

/* Modified for VeraCrypt with speed optimization for C implementation */

#include "Sha2.h"

#include "Common/Endian.h"

#include "Crypto/cpu.h"

#include "Crypto/misc.h"

#if defined(_UEFI) || defined(CRYPTOPP_DISABLE_ASM)

#define NO_OPTIMIZED_VERSIONS

#endif

#ifndef NO_OPTIMIZED_VERSIONS

#if defined(__cplusplus)

extern "C"

{

#endif

#if CRYPTOPP_BOOL_X64

void sha512_rorx(const void* M, void* D, uint_64t l);

void sha512_sse4(const void* M, uint_64t D[8], uint_64t l);

void sha512_avx(const void* M, void* D, uint_64t l);

#endif

#if CRYPTOPP_BOOL_X64 || ((CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32) && !defined (TC_MACOSX))

#endif

#if defined(__cplusplus)

}

#endif

#endif

typedef void (*transformFn)(sha512_ctx* ctx, void* m, uint_64t num_blks);

transformFn transfunc = NULL;

static const uint_64t K[80] = {

LL(0x428a2f98d728ae22), LL(0x7137449123ef65cd), LL(0xb5c0fbcfec4d3b2f), LL(0xe9b5dba58189dbbc),

LL(0x3956c25bf348b538), LL(0x59f111f1b605d019), LL(0x923f82a4af194f9b), LL(0xab1c5ed5da6d8118),

LL(0xd807aa98a3030242), LL(0x12835b0145706fbe), LL(0x243185be4ee4b28c), LL(0x550c7dc3d5ffb4e2),

LL(0x72be5d74f27b896f), LL(0x80deb1fe3b1696b1), LL(0x9bdc06a725c71235), LL(0xc19bf174cf692694),

LL(0xe49b69c19ef14ad2), LL(0xefbe4786384f25e3), LL(0x0fc19dc68b8cd5b5), LL(0x240ca1cc77ac9c65),

LL(0x2de92c6f592b0275), LL(0x4a7484aa6ea6e483), LL(0x5cb0a9dcbd41fbd4), LL(0x76f988da831153b5),

LL(0x983e5152ee66dfab), LL(0xa831c66d2db43210), LL(0xb00327c898fb213f), LL(0xbf597fc7beef0ee4),

LL(0xc6e00bf33da88fc2), LL(0xd5a79147930aa725), LL(0x06ca6351e003826f), LL(0x142929670a0e6e70),

LL(0x27b70a8546d22ffc), LL(0x2e1b21385c26c926), LL(0x4d2c6dfc5ac42aed), LL(0x53380d139d95b3df),

LL(0x650a73548baf63de), LL(0x766a0abb3c77b2a8), LL(0x81c2c92e47edaee6), LL(0x92722c851482353b),

LL(0xa2bfe8a14cf10364), LL(0xa81a664bbc423001), LL(0xc24b8b70d0f89791), LL(0xc76c51a30654be30),

LL(0xd192e819d6ef5218), LL(0xd69906245565a910), LL(0xf40e35855771202a), LL(0x106aa07032bbd1b8),

LL(0x19a4c116b8d2d0c8), LL(0x1e376c085141ab53), LL(0x2748774cdf8eeb99), LL(0x34b0bcb5e19b48a8),

LL(0x391c0cb3c5c95a63), LL(0x4ed8aa4ae3418acb), LL(0x5b9cca4f7763e373), LL(0x682e6ff3d6b2b8a3),

LL(0x748f82ee5defb2fc), LL(0x78a5636f43172f60), LL(0x84c87814a1f0ab72), LL(0x8cc702081a6439ec),

LL(0x90befffa23631e28), LL(0xa4506cebde82bde9), LL(0xbef9a3f7b2c67915), LL(0xc67178f2e372532b),

LL(0xca273eceea26619c), LL(0xd186b8c721c0c207), LL(0xeada7dd6cde0eb1e), LL(0xf57d4f7fee6ed178),

LL(0x06f067aa72176fba), LL(0x0a637dc5a2c898a6), LL(0x113f9804bef90dae), LL(0x1b710b35131c471b),

total += len * 8;

ctx->count[0] = pos;

ctx->count[1] = total;

}

void sha512(unsigned char * result, const unsigned char* source, uint_64t sourceLen)

{

sha512_ctx ctx;

sha512_begin(&ctx);

sha512_hash(source, sourceLen, &ctx);

sha512_end(result, &ctx);

}

/////////////////////////////

#ifndef NO_OPTIMIZED_VERSIONS

#if defined(__cplusplus)

extern "C"

{

#endif

#if CRYPTOPP_BOOL_X64

void sha256_sse4(void *input_data, uint_32t digest[8], uint_64t num_blks);

void sha256_rorx(void *input_data, uint_32t digest[8], uint_64t num_blks);

void sha256_avx(void *input_data, uint_32t digest[8], uint_64t num_blks);

#endif

#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32

#endif

#if defined(__cplusplus)

}

#endif

#endif

CRYPTOPP_ALIGN_DATA(16) static const uint_32t SHA256_K[64] CRYPTOPP_SECTION_ALIGN16 = {

0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,

0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,

0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,

0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,

0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,

0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,

0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,

0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2

};

#if (defined(CRYPTOPP_X86_ASM_AVAILABLE) || defined(CRYPTOPP_X32_ASM_AVAILABLE))

#ifdef _MSC_VER

# pragma warning(disable: 4100 4731)

#endif

static void CRYPTOPP_FASTCALL X86_SHA256_HashBlocks(uint_32t *state, const uint_32t *data, size_t len)

{

#define LOCALS_SIZE 8*4 + 16*4 + 4*WORD_SZ

#define H(i) [BASE+ASM_MOD(1024+7-(i),8)*4]

#define G(i) H(i+1)

AS2( and eax, ecx )\

AS2( xor eax, B(i) )/* Maj(A,B,C) = B^((A^B)&(B^C) */\

AS2( mov AS_REG_7d, ebx )\

AS2( ror ebx, 2 )\

AS2( add eax, edx )/* T1 + Maj(A,B,C) */\

AS2( add edx, D(i) )\

AS2( mov D(i), edx )\

AS2( ror AS_REG_7d, 22 )\

AS2( xor AS_REG_7d, ebx )\

AS2( ror ebx, 11 )\

AS2( xor AS_REG_7d, ebx )\

AS2( add eax, AS_REG_7d )/* T1 + S0(A) + Maj(A,B,C) */\

AS2( mov H(i), eax )\

// Unroll the use of CRYPTOPP_BOOL_X64 in assembler math. The GAS assembler on X32 (version 2.25)

// complains "Error: invalid operands (*ABS* and *UND* sections) for `*` and `-`"

#if CRYPTOPP_BOOL_X64

#define SWAP_COPY(i) \

AS2( mov WORD_REG(bx), [WORD_REG(dx)+i*WORD_SZ])\

AS1( bswap WORD_REG(bx))\

AS2( mov [Wt(i*2+1)], WORD_REG(bx))

#else // X86 and X32

#define SWAP_COPY(i) \

AS2( mov WORD_REG(bx), [WORD_REG(dx)+i*WORD_SZ])\

AS1( bswap WORD_REG(bx))\

AS2( mov [Wt(i)], WORD_REG(bx))

#endif

#if defined(__GNUC__)

#if CRYPTOPP_BOOL_X64

#endif

__asm__ __volatile__

(

#if CRYPTOPP_BOOL_X64

"lea %4, %%r8;"

#endif

INTEL_NOPREFIX

#endif

#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32

#ifndef __GNUC__

AS2( mov edi, [len])

AS2( lea WORD_REG(si), [SHA256_K+48*4])

#endif

#if !defined(_MSC_VER) || (_MSC_VER < 1400)

AS_PUSH_IF86(bx)

#endif

AS_PUSH_IF86(bp)

AS2( mov ebx, esp)

AS2( and esp, -16)

AS2( sub WORD_REG(sp), LOCALS_SIZE)

AS_PUSH_IF86(bx)

#endif

AS2( mov STATE_SAVE, WORD_REG(cx))

AS2( mov DATA_SAVE, WORD_REG(dx))

AS2( lea WORD_REG(ax), [WORD_REG(di) + WORD_REG(dx)])

AS2( mov DATA_END, WORD_REG(ax))

AS2( mov K_END, WORD_REG(si))

/*

* Copyright (c) 2013-2017 IDRIX

* Governed by the Apache License 2.0 the full text of which is contained

* in the file License.txt included in VeraCrypt binary and source

* code distribution packages.

*/

#ifndef _SHA2_H

#define _SHA2_H

#include "Common/Tcdefs.h"

#include "Common/Endian.h"

#include "Crypto/config.h"

#if defined(__cplusplus)

extern "C" {

#endif

#define SHA256_DIGEST_SIZE 32

#define SHA256_BLOCK_SIZE 64

#define SHA512_DIGEST_SIZE 64

#define SHA512_BLOCK_SIZE 128

#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)

#define SHA2_ALIGN CRYPTOPP_ALIGN_DATA(32)

#else

#define SHA2_ALIGN CRYPTOPP_ALIGN_DATA(16)

#endif

typedef struct

{ uint_64t count[2];

SHA2_ALIGN uint_64t hash[8];

SHA2_ALIGN uint_64t wbuf[16];

} sha512_ctx;

typedef struct

{ uint_32t count[2];

SHA2_ALIGN uint_32t hash[8];

SHA2_ALIGN uint_32t wbuf[16];

} sha256_ctx;

void sha512_begin(sha512_ctx* ctx);

void sha512_hash(const unsigned char * source, uint_64t sourceLen, sha512_ctx *ctx);

void sha512_end(unsigned char * result, sha512_ctx* ctx);

void sha512(unsigned char * result, const unsigned char* source, uint_64t sourceLen);

void sha256_begin(sha256_ctx* ctx);

void sha256_hash(const unsigned char * source, uint_32t sourceLen, sha256_ctx *ctx);

void sha256_end(unsigned char * result, sha256_ctx* ctx);

void sha256(unsigned char * result, const unsigned char* source, uint_32t sourceLen);

#if defined(__cplusplus)

}

#endif

#endif

/* LibTomCrypt, modular cryptographic library -- Tom St Denis

*

* LibTomCrypt is a library that provides various cryptographic

* algorithms in a highly modular and flexible manner.

*

* The library is free for all purposes without any express

* guarantee it works.

*

* Tom St Denis, tomstdenis@gmail.com, http://libtom.org

*

*/

/* Adapted for VeraCrypt */

#include <memory.h>

#include "Common/Tcdefs.h"

#include "Common/Endian.h"

#include "Sha2Small.h"

#pragma optimize ("tl", on)

typedef unsigned __int32 uint32;

#include <stdlib.h>

#pragma intrinsic(_lrotr)

#define RORc(x,n) _lrotr(x,n)

/******************************************************************************/

/*

The K array

*/

static const uint32 K[64] = {

0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL,

0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL,

0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL,

0xc19bf174UL, 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,

0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 0x983e5152UL,

0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 0xc6e00bf3UL, 0xd5a79147UL,

0x06ca6351UL, 0x14292967UL, 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL,

0x53380d13UL, 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,

0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 0xd192e819UL,

0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 0x19a4c116UL, 0x1e376c08UL,

0x2748774cUL, 0x34b0bcb5UL, 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL,

0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,

0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL

};

/*

Various logical functions

*/

static void

stage3(STREEBOG_CTX *CTX)

{

STREEBOG_ALIGN(16) unsigned long long buf[8];

memset(buf, 0x00, sizeof buf);

memcpy(buf, (CTX->buffer), CTX->bufsize);

memcpy((CTX->buffer), buf, 8 * sizeof (unsigned long long));

memset(buf, 0x00, sizeof buf);

#ifndef __GOST3411_BIG_ENDIAN__

buf[0] = ((unsigned long long) CTX->bufsize) << 3;

#else

buf[0] = BSWAP64(((unsigned long long) CTX->bufsize) << 3);

#endif

pad(CTX);

g((CTX->h), (CTX->N), (const unsigned char *) (CTX->buffer));

add512((CTX->N), buf, (CTX->N));

add512((CTX->Sigma), (const unsigned long long *) CTX->buffer,

(CTX->Sigma));

g((CTX->h), buffer0, (const unsigned char *) (CTX->N));

g((CTX->h), buffer0, (const unsigned char *) (CTX->Sigma));

memcpy((CTX->hash), (CTX->h), 8 * sizeof(unsigned long long));

}

{

size_t chunksize;

while (len > 63 && CTX->bufsize == 0)

{

stage2(CTX, data);

data += 64;

len -= 64;

}

while (len)

{

chunksize = 64 - CTX->bufsize;

if (chunksize > len)

chunksize = len;

memcpy(&CTX->buffer[CTX->bufsize], data, chunksize);

CTX->bufsize += chunksize;

len -= chunksize;

data += chunksize;

if (CTX->bufsize == 64)

{

stage2(CTX, CTX->buffer);

CTX->bufsize = 0;

}

}

}

{

stage3(CTX);

CTX->bufsize = 0;

if (CTX->digest_size == 256)

memcpy(digest, &(CTX->hash[4]), 32);

else

memcpy(digest, CTX->hash, 64);

}

* All rights reserved.

*/

/* Adapted to VeraCrypt */

#ifndef STREEBOG_H

#define STREEBOG_H

#include "Common/Tcdefs.h"

#include "config.h"

#ifdef __cplusplus

extern "C" {

#endif

#define STREEBOG_ALIGN(a) CRYPTOPP_ALIGN_DATA(a)

typedef STREEBOG_ALIGN(16) struct _STREEBOG_CTX

{

STREEBOG_ALIGN(16) unsigned char buffer[64];

STREEBOG_ALIGN(16) unsigned long long hash[8];

STREEBOG_ALIGN(16) unsigned long long h[8];

STREEBOG_ALIGN(16) unsigned long long N[8];

STREEBOG_ALIGN(16) unsigned long long Sigma[8];

size_t bufsize;

unsigned int digest_size;

} STREEBOG_CTX;

void STREEBOG_init(STREEBOG_CTX *ctx);

void STREEBOG_init256(STREEBOG_CTX *ctx);

#ifdef __cplusplus

}

#endif

#endif

*/

/* Adapted for TrueCrypt */

/* Adapted for VeraCrypt */

#ifdef TC_WINDOWS_BOOT

#pragma optimize ("tl", on)

#endif

#include "Twofish.h"

#include "Common/Endian.h"

#ifndef TC_MINIMIZE_CODE_SIZE

#include "misc.h"

/* C implementation based on code written by kerukuro for cppcrypto library

(http://cppcrypto.sourceforge.net/) and released into public domain.

With ideas from Botan library (C) 1999-2007 Jack Lloyd

Botan is released under the Simplified BSD License (see license.txt)

*/

#if !defined (_MSC_VER) || defined(_M_X64)

#define UNROLL_TWOFISH

#endif

#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)

/* these are 64-bit assembly implementation taken from https://github.com/jkivilin/supercop-blockciphers

*/

#if defined(__cplusplus)

extern "C"

{

#endif

#if defined(__cplusplus)

}

#endif

{

while (blockCount >= 3)

{

twofish_enc_blk3 (instance, out_blk, in_blk);

out_blk += 3 * 16;

in_blk += 3 * 16;

blockCount -= 3;

}

if (blockCount == 2)

{

twofish_enc_blk2 (instance, out_blk, in_blk);

}

else

{

twofish_enc_blk (instance, out_blk, in_blk);

}

}

{

while (blockCount >= 3)

{

twofish_dec_blk3 (instance, out_blk, in_blk);

out_blk += 3 * 16;

in_blk += 3 * 16;

blockCount -= 3;

}

if (blockCount == 2)

{

twofish_dec_blk2 (instance, out_blk, in_blk);

}

else

{

twofish_dec_blk (instance, out_blk, in_blk);

}

}

#endif

{

0xa9, 0x67, 0xb3, 0xe8, 0x04, 0xfd, 0xa3, 0x76, 0x9a, 0x92, 0x80, 0x78, 0xe4, 0xdd, 0xd1, 0x38,

0x0d, 0xc6, 0x35, 0x98, 0x18, 0xf7, 0xec, 0x6c, 0x43, 0x75, 0x37, 0x26, 0xfa, 0x13, 0x94, 0x48,

0xf2, 0xd0, 0x8b, 0x30, 0x84, 0x54, 0xdf, 0x23, 0x19, 0x5b, 0x3d, 0x59, 0xf3, 0xae, 0xa2, 0x82,

0x63, 0x01, 0x83, 0x2e, 0xd9, 0x51, 0x9b, 0x7c, 0xa6, 0xeb, 0xa5, 0xbe, 0x16, 0x0c, 0xe3, 0x61,

0xc0, 0x8c, 0x3a, 0xf5, 0x73, 0x2c, 0x25, 0x0b, 0xbb, 0x4e, 0x89, 0x6b, 0x53, 0x6a, 0xb4, 0xf1,

0xe1, 0xe6, 0xbd, 0x45, 0xe2, 0xf4, 0xb6, 0x66, 0xcc, 0x95, 0x03, 0x56, 0xd4, 0x1c, 0x1e, 0xd7,

0xfb, 0xc3, 0x8e, 0xb5, 0xe9, 0xcf, 0xbf, 0xba, 0xea, 0x77, 0x39, 0xaf, 0x33, 0xc9, 0x62, 0x71,

0x81, 0x79, 0x09, 0xad, 0x24, 0xcd, 0xf9, 0xd8, 0xe5, 0xc5, 0xb9, 0x4d, 0x44, 0x08, 0x86, 0xe7,

0xa1, 0x1d, 0xaa, 0xed, 0x06, 0x70, 0xb2, 0xd2, 0x41, 0x7b, 0xa0, 0x11, 0x31, 0xc2, 0x27, 0x90,

0x20, 0xf6, 0x60, 0xff, 0x96, 0x5c, 0xb1, 0xab, 0x9e, 0x9c, 0x52, 0x1b, 0x5f, 0x93, 0x0a, 0xef,

0x91, 0x85, 0x49, 0xee, 0x2d, 0x4f, 0x8f, 0x3b, 0x47, 0x87, 0x6d, 0x46, 0xd6, 0x3e, 0x69, 0x64,

0x2a, 0xce, 0xcb, 0x2f, 0xfc, 0x97, 0x05, 0x7a, 0xac, 0x7f, 0xd5, 0x1a, 0x4b, 0x0e, 0xa7, 0x5a,

0x28, 0x14, 0x3f, 0x29, 0x88, 0x3c, 0x4c, 0x02, 0xb8, 0xda, 0xb0, 0x17, 0x55, 0x1f, 0x8a, 0x7d,

0x57, 0xc7, 0x8d, 0x74, 0xb7, 0xc4, 0x9f, 0x72, 0x7e, 0x15, 0x22, 0x12, 0x58, 0x07, 0x99, 0x34,

0x6e, 0x50, 0xde, 0x68, 0x65, 0xbc, 0xdb, 0xf8, 0xc8, 0xa8, 0x2b, 0x40, 0xdc, 0xfe, 0x32, 0xa4,

0xca, 0x10, 0x21, 0xf0, 0xd3, 0x5d, 0x0f, 0x00, 0x6f, 0x9d, 0x36, 0x42, 0x4a, 0x5e, 0xc1, 0xe0

},

{

0x75, 0xf3, 0xc6, 0xf4, 0xdb, 0x7b, 0xfb, 0xc8, 0x4a, 0xd3, 0xe6, 0x6b, 0x45, 0x7d, 0xe8, 0x4b,

0xd6, 0x32, 0xd8, 0xfd, 0x37, 0x71, 0xf1, 0xe1, 0x30, 0x0f, 0xf8, 0x1b, 0x87, 0xfa, 0x06, 0x3f,

0x5e, 0xba, 0xae, 0x5b, 0x8a, 0x00, 0xbc, 0x9d, 0x6d, 0xc1, 0xb1, 0x0e, 0x80, 0x5d, 0xd2, 0xd5,

0xa0, 0x84, 0x07, 0x14, 0xb5, 0x90, 0x2c, 0xa3, 0xb2, 0x73, 0x4c, 0x54, 0x92, 0x74, 0x36, 0x51,

0x38, 0xb0, 0xbd, 0x5a, 0xfc, 0x60, 0x62, 0x96, 0x6c, 0x42, 0xf7, 0x10, 0x7c, 0x28, 0x27, 0x8c,

0x13, 0x95, 0x9c, 0xc7, 0x24, 0x46, 0x3b, 0x70, 0xca, 0xe3, 0x85, 0xcb, 0x11, 0xd0, 0x93, 0xb8,

0xa6, 0x83, 0x20, 0xff, 0x9f, 0x77, 0xc3, 0xcc, 0x03, 0x6f, 0x08, 0xbf, 0x40, 0xe7, 0x2b, 0xe2,

0x79, 0x0c, 0xaa, 0x82, 0x41, 0x3a, 0xea, 0xb9, 0xe4, 0x9a, 0xa4, 0x97, 0x7e, 0xda, 0x7a, 0x17,

0x66, 0x94, 0xa1, 0x1d, 0x3d, 0xf0, 0xde, 0xb3, 0x0b, 0x72, 0xa7, 0x1c, 0xef, 0xd1, 0x53, 0x3e,

0x8f, 0x33, 0x26, 0x5f, 0xec, 0x76, 0x2a, 0x49, 0x81, 0x88, 0xee, 0x21, 0xc4, 0x1a, 0xeb, 0xd9,

0xc5, 0x39, 0x99, 0xcd, 0xad, 0x31, 0x8b, 0x01, 0x18, 0x23, 0xdd, 0x1f, 0x4e, 0x2d, 0xf9, 0x48,

f0 = ks->mk_tab[0][x0 & 0xFF] ^ ks->mk_tab[1][(x0 >> 8) & 0xFF] ^ ks->mk_tab[2][(x0 >> 16) & 0xFF] ^ ks->mk_tab[3][(x0 >> 24) & 0xFF]; \

f1 = ks->mk_tab[0][(x1 >> 24) & 0xFF] ^ ks->mk_tab[1][x1 & 0xFF] ^ ks->mk_tab[2][(x1 >> 8) & 0xFF] ^ ks->mk_tab[3][(x1 >> 16) & 0xFF]; \

f0 += f1; \

f1 += f0 + rk[2 * (r) + 9]; \

f0 += rk[2 * (r) + 8];

#define ROUNDA(r) \

ROUNDT(x0, x1, r) \

x2 = rotr32(x2 ^ f0, 1); \

x3 = rotl32(x3, 1) ^ f1;

#define ROUNDB(r) \

ROUNDT(x2, x3, r) \

x0 = rotr32(x0 ^ f0, 1); \

x1 = rotl32(x1, 1) ^ f1;

#define RROUNDA(r) \

ROUNDT(x0, x1, r) \

x2 = rotl32(x2, 1) ^ f0; \

x3 = rotr32(x3 ^ f1, 1);

#define RROUNDB(r) \

ROUNDT(x2, x3, r) \

x0 = rotl32(x0, 1) ^ f0; \

x1 = rotr32(x1 ^ f1, 1);

void twofish_set_key(TwofishInstance *instance, const u4byte in_key[])

{

union {

uint32 S32[4];

} us;

unsigned int i;

us.S32[0] = RS[0][key[0]] ^ RS[1][key[1]] ^ RS[2][key[2]] ^ RS[3][key[3]] ^ RS[4][key[4]] ^ RS[5][key[5]] ^ RS[6][key[6]] ^ RS[7][key[7]];

us.S32[1] = RS[0][key[8]] ^ RS[1][key[9]] ^ RS[2][key[10]] ^ RS[3][key[11]] ^ RS[4][key[12]] ^ RS[5][key[13]] ^ RS[6][key[14]] ^ RS[7][key[15]];

us.S32[2] = RS[0][key[16]] ^ RS[1][key[17]] ^ RS[2][key[18]] ^ RS[3][key[19]] ^ RS[4][key[20]] ^ RS[5][key[21]] ^ RS[6][key[22]] ^ RS[7][key[23]];

us.S32[3] = RS[0][key[24]] ^ RS[1][key[25]] ^ RS[2][key[26]] ^ RS[3][key[27]] ^ RS[4][key[28]] ^ RS[5][key[29]] ^ RS[6][key[30]] ^ RS[7][key[31]];

for (i = 0; i < 256; ++i)

{

instance->mk_tab[0][i] = MDSQ[0][Q[0][Q[0][Q[1][Q[1][i] ^ us.S8[0]] ^ us.S8[4]] ^ us.S8[8]] ^ us.S8[12]];

instance->mk_tab[1][i] = MDSQ[1][Q[0][Q[1][Q[1][Q[0][i] ^ us.S8[1]] ^ us.S8[5]] ^ us.S8[9]] ^ us.S8[13]];

instance->mk_tab[2][i] = MDSQ[2][Q[1][Q[0][Q[0][Q[0][i] ^ us.S8[2]] ^ us.S8[6]] ^ us.S8[10]] ^ us.S8[14]];

instance->mk_tab[3][i] = MDSQ[3][Q[1][Q[1][Q[0][Q[1][i] ^ us.S8[3]] ^ us.S8[7]] ^ us.S8[11]] ^ us.S8[15]];

}

for (i = 0; i != 40; i += 2)

{

uint32 a = MDSQ[0][Q[0][Q[0][Q[1][Q[1][i] ^ key[24]] ^ key[16]] ^ key[8]] ^ key[0]] ^ MDSQ[1][Q[0][Q[1][Q[1][Q[0][i] ^ key[25]] ^ key[17]] ^ key[9]] ^ key[1]]

^ MDSQ[2][Q[1][Q[0][Q[0][Q[0][i] ^ key[26]] ^ key[18]] ^ key[10]] ^ key[2]] ^ MDSQ[3][Q[1][Q[1][Q[0][Q[1][i] ^ key[27]] ^ key[19]] ^ key[11]] ^ key[3]];

uint32 b = rotl32(MDSQ[0][Q[0][Q[0][Q[1][Q[1][i + 1] ^ key[28]] ^ key[20]] ^ key[12]] ^ key[4]] ^ MDSQ[1][Q[0][Q[1][Q[1][Q[0][i + 1] ^ key[29]] ^ key[21]] ^ key[13]] ^ key[5]]

^ MDSQ[2][Q[1][Q[0][Q[0][Q[0][i + 1] ^ key[30]] ^ key[22]] ^ key[14]] ^ key[6]] ^ MDSQ[3][Q[1][Q[1][Q[0][Q[1][i + 1] ^ key[31]] ^ key[23]] ^ key[15]] ^ key[7]], 8);

a += b;

#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)

if (i < 8)

{

instance->w[i] = a;

instance->w[i + 1] = rotl32(a + b, 9);

}

else

{

instance->k[i - 8] = a;

#define rotr(x,n) _lrotr(x,n)

#define rotl(x,n) _lrotl(x,n)

#else

#define rotr(x,n) (((x)>>(n))|((x)<<(32-(n))))

#define rotl(x,n) (((x)<<(n))|((x)>>(32-(n))))

#endif

#endif

typedef struct

{

#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)

u4byte mk_tab[4][256], w[8], k[32];

#else

u4byte l_key[40];

#ifdef TC_MINIMIZE_CODE_SIZE

u4byte s_key[4];

#ifdef TC_WINDOWS_BOOT_TWOFISH

u4byte mk_tab[4 * 256];

#endif

#else

u4byte mk_tab[4][256];

#endif

#endif

} TwofishInstance;

#define TWOFISH_KS sizeof(TwofishInstance)

/* in_key must be 32-bytes long */

void twofish_set_key(TwofishInstance *instance, const u4byte in_key[]);

#if CRYPTOPP_BOOL_X64 && !defined(CRYPTOPP_DISABLE_ASM)

#else

void twofish_encrypt(TwofishInstance *instance, const u4byte in_blk[4], u4byte out_blk[4]);

void twofish_decrypt(TwofishInstance *instance, const u4byte in_blk[4], u4byte out_blk[4]);

#endif

#if defined(__cplusplus)

}

#endif

#endif // TWOFISH_H

L[3] = Whirlpool_C[0*256 + K.ch[3 * 8 + 7]] ^ Whirlpool_C[1*256 + K.ch[2 * 8 + 6]] ^ Whirlpool_C[2*256 + K.ch[1 * 8 + 5]] ^ Whirlpool_C[3*256 + K.ch[0 * 8 + 4]] ^ Whirlpool_C[4*256 + K.ch[7 * 8 + 3]] ^ Whirlpool_C[5*256 + K.ch[6 * 8 + 2]] ^ Whirlpool_C[6*256 + K.ch[5 * 8 + 1]] ^ Whirlpool_C[7*256 + K.ch[4 * 8 + 0]];

L[4] = Whirlpool_C[0*256 + K.ch[4 * 8 + 7]] ^ Whirlpool_C[1*256 + K.ch[3 * 8 + 6]] ^ Whirlpool_C[2*256 + K.ch[2 * 8 + 5]] ^ Whirlpool_C[3*256 + K.ch[1 * 8 + 4]] ^ Whirlpool_C[4*256 + K.ch[0 * 8 + 3]] ^ Whirlpool_C[5*256 + K.ch[7 * 8 + 2]] ^ Whirlpool_C[6*256 + K.ch[6 * 8 + 1]] ^ Whirlpool_C[7*256 + K.ch[5 * 8 + 0]];

L[5] = Whirlpool_C[0*256 + K.ch[5 * 8 + 7]] ^ Whirlpool_C[1*256 + K.ch[4 * 8 + 6]] ^ Whirlpool_C[2*256 + K.ch[3 * 8 + 5]] ^ Whirlpool_C[3*256 + K.ch[2 * 8 + 4]] ^ Whirlpool_C[4*256 + K.ch[1 * 8 + 3]] ^ Whirlpool_C[5*256 + K.ch[0 * 8 + 2]] ^ Whirlpool_C[6*256 + K.ch[7 * 8 + 1]] ^ Whirlpool_C[7*256 + K.ch[6 * 8 + 0]];

L[6] = Whirlpool_C[0*256 + K.ch[6 * 8 + 7]] ^ Whirlpool_C[1*256 + K.ch[5 * 8 + 6]] ^ Whirlpool_C[2*256 + K.ch[4 * 8 + 5]] ^ Whirlpool_C[3*256 + K.ch[3 * 8 + 4]] ^ Whirlpool_C[4*256 + K.ch[2 * 8 + 3]] ^ Whirlpool_C[5*256 + K.ch[1 * 8 + 2]] ^ Whirlpool_C[6*256 + K.ch[0 * 8 + 1]] ^ Whirlpool_C[7*256 + K.ch[7 * 8 + 0]];

L[7] = Whirlpool_C[0*256 + K.ch[7 * 8 + 7]] ^ Whirlpool_C[1*256 + K.ch[6 * 8 + 6]] ^ Whirlpool_C[2*256 + K.ch[5 * 8 + 5]] ^ Whirlpool_C[3*256 + K.ch[4 * 8 + 4]] ^ Whirlpool_C[4*256 + K.ch[3 * 8 + 3]] ^ Whirlpool_C[5*256 + K.ch[2 * 8 + 2]] ^ Whirlpool_C[6*256 + K.ch[1 * 8 + 1]] ^ Whirlpool_C[7*256 + K.ch[0 * 8 + 0]];

L[0] = (K.ll[0] = L[0]) ^ Whirlpool_C[0*256 + state.ch[0 * 8 + 7]] ^ Whirlpool_C[1*256 + state.ch[7 * 8 + 6]] ^ Whirlpool_C[2*256 + state.ch[6 * 8 + 5]] ^ Whirlpool_C[3*256 + state.ch[5 * 8 + 4]] ^ Whirlpool_C[4*256 + state.ch[4 * 8 + 3]] ^ Whirlpool_C[5*256 + state.ch[3 * 8 + 2]] ^ Whirlpool_C[6*256 + state.ch[2 * 8 + 1]] ^ Whirlpool_C[7*256 + state.ch[1 * 8 + 0]];

L[1] = (K.ll[1] = L[1]) ^ Whirlpool_C[0*256 + state.ch[1 * 8 + 7]] ^ Whirlpool_C[1*256 + state.ch[0 * 8 + 6]] ^ Whirlpool_C[2*256 + state.ch[7 * 8 + 5]] ^ Whirlpool_C[3*256 + state.ch[6 * 8 + 4]] ^ Whirlpool_C[4*256 + state.ch[5 * 8 + 3]] ^ Whirlpool_C[5*256 + state.ch[4 * 8 + 2]] ^ Whirlpool_C[6*256 + state.ch[3 * 8 + 1]] ^ Whirlpool_C[7*256 + state.ch[2 * 8 + 0]];

L[2] = (K.ll[2] = L[2]) ^ Whirlpool_C[0*256 + state.ch[2 * 8 + 7]] ^ Whirlpool_C[1*256 + state.ch[1 * 8 + 6]] ^ Whirlpool_C[2*256 + state.ch[0 * 8 + 5]] ^ Whirlpool_C[3*256 + state.ch[7 * 8 + 4]] ^ Whirlpool_C[4*256 + state.ch[6 * 8 + 3]] ^ Whirlpool_C[5*256 + state.ch[5 * 8 + 2]] ^ Whirlpool_C[6*256 + state.ch[4 * 8 + 1]] ^ Whirlpool_C[7*256 + state.ch[3 * 8 + 0]];

L[3] = (K.ll[3] = L[3]) ^ Whirlpool_C[0*256 + state.ch[3 * 8 + 7]] ^ Whirlpool_C[1*256 + state.ch[2 * 8 + 6]] ^ Whirlpool_C[2*256 + state.ch[1 * 8 + 5]] ^ Whirlpool_C[3*256 + state.ch[0 * 8 + 4]] ^ Whirlpool_C[4*256 + state.ch[7 * 8 + 3]] ^ Whirlpool_C[5*256 + state.ch[6 * 8 + 2]] ^ Whirlpool_C[6*256 + state.ch[5 * 8 + 1]] ^ Whirlpool_C[7*256 + state.ch[4 * 8 + 0]];

L[4] = (K.ll[4] = L[4]) ^ Whirlpool_C[0*256 + state.ch[4 * 8 + 7]] ^ Whirlpool_C[1*256 + state.ch[3 * 8 + 6]] ^ Whirlpool_C[2*256 + state.ch[2 * 8 + 5]] ^ Whirlpool_C[3*256 + state.ch[1 * 8 + 4]] ^ Whirlpool_C[4*256 + state.ch[0 * 8 + 3]] ^ Whirlpool_C[5*256 + state.ch[7 * 8 + 2]] ^ Whirlpool_C[6*256 + state.ch[6 * 8 + 1]] ^ Whirlpool_C[7*256 + state.ch[5 * 8 + 0]];

L[5] = (K.ll[5] = L[5]) ^ Whirlpool_C[0*256 + state.ch[5 * 8 + 7]] ^ Whirlpool_C[1*256 + state.ch[4 * 8 + 6]] ^ Whirlpool_C[2*256 + state.ch[3 * 8 + 5]] ^ Whirlpool_C[3*256 + state.ch[2 * 8 + 4]] ^ Whirlpool_C[4*256 + state.ch[1 * 8 + 3]] ^ Whirlpool_C[5*256 + state.ch[0 * 8 + 2]] ^ Whirlpool_C[6*256 + state.ch[7 * 8 + 1]] ^ Whirlpool_C[7*256 + state.ch[6 * 8 + 0]];

L[6] = (K.ll[6] = L[6]) ^ Whirlpool_C[0*256 + state.ch[6 * 8 + 7]] ^ Whirlpool_C[1*256 + state.ch[5 * 8 + 6]] ^ Whirlpool_C[2*256 + state.ch[4 * 8 + 5]] ^ Whirlpool_C[3*256 + state.ch[3 * 8 + 4]] ^ Whirlpool_C[4*256 + state.ch[2 * 8 + 3]] ^ Whirlpool_C[5*256 + state.ch[1 * 8 + 2]] ^ Whirlpool_C[6*256 + state.ch[0 * 8 + 1]] ^ Whirlpool_C[7*256 + state.ch[7 * 8 + 0]];

L[7] = (K.ll[7] = L[7]) ^ Whirlpool_C[0*256 + state.ch[7 * 8 + 7]] ^ Whirlpool_C[1*256 + state.ch[6 * 8 + 6]] ^ Whirlpool_C[2*256 + state.ch[5 * 8 + 5]] ^ Whirlpool_C[3*256 + state.ch[4 * 8 + 4]] ^ Whirlpool_C[4*256 + state.ch[3 * 8 + 3]] ^ Whirlpool_C[5*256 + state.ch[2 * 8 + 2]] ^ Whirlpool_C[6*256 + state.ch[1 * 8 + 1]] ^ Whirlpool_C[7*256 + state.ch[0 * 8 + 0]];

memcpy(state.ll, L, sizeof(L));

} while (++r < 10);

i = 0; do digest[i] ^= L[i] ^ (block)[i]; while (++i < 8);

}

}

static uint64 HashMultipleBlocks(WHIRLPOOL_CTX * const ctx, const uint64 *input, uint64 length)

{

uint64* dataBuf = ctx->data;

do

{

#if BYTE_ORDER == BIG_ENDIAN

WhirlpoolTransform(ctx->state, input);

#else

WhirlpoolTransform(ctx->state, dataBuf);

#endif

input += 8;

length -= 64;

}

while (length >= 64);

return length;

}

/**

* Initialize the hashing state.

*/

void WHIRLPOOL_init(WHIRLPOOL_CTX * const ctx) {

ctx->countHi = 0;

ctx->countLo = 0;

memset (ctx->data, 0, 8 * sizeof (uint64));

memset (ctx->state, 0, 8 * sizeof (uint64));

}

/**

* Delivers input data to the hashing algorithm.

*

* @param source plaintext data to hash.

* @param sourceBits how many bits of plaintext to process.

*

* This method maintains the invariant: bufferBits < DIGESTBITS

*/

void WHIRLPOOL_add(const unsigned char * input,

unsigned __int32 sourceBytes,

WHIRLPOOL_CTX * const ctx)

{

uint64 num, oldCountLo = ctx->countLo, oldCountHi = ctx->countHi;

uint64 len = sourceBytes;

if ((ctx->countLo = oldCountLo + (uint64)len) < oldCountLo)

ctx->countHi++; // carry from low to high

if (ctx->countHi < oldCountHi)

return;

else

{

uint64* dataBuf = ctx->data;

num = oldCountLo & 63;

if (num != 0) // process left over data

{

if (num+len >= 64)

{

memcpy(data+num, input, (size_t) (64-num));

HashMultipleBlocks(ctx, dataBuf, 64);

input += (64-num);

len -= (64-num);

// drop through and do the rest

}

else

{

memcpy(data+num, input, (size_t) len);

return;

}

}

// now process the input data in blocks of 64 bytes and save the leftovers to ctx->data

if (len >= 64)

{

if (input == data)

{

HashMultipleBlocks(ctx, dataBuf, 64);

return;

}

else if (IsAligned16(input))

{

uint64 leftOver = HashMultipleBlocks(ctx, (uint64 *)input, len);

input += (len - leftOver);

len = leftOver;

}

else

do

{ // copy input first if it's not aligned correctly

memcpy(data, input, 64);

HashMultipleBlocks(ctx, dataBuf, 64);

input+=64;

len-=64;

} while (len >= 64);

}

if (len && data != input)

memcpy(data, input, (size_t) len);

}

}

/**

* Get the hash value from the hashing state.

*

* This method uses the invariant: bufferBits < DIGESTBITS

*/

void WHIRLPOOL_finalize(WHIRLPOOL_CTX * const ctx,

unsigned char * result)

{

unsigned int num = ctx->countLo & 63;

uint64* dataBuf = ctx->data;

uint64* stateBuf = ctx->state;

data[num++] = 0x80;

if (num <= 32)

memset(data+num, 0, 32-num);

else

{

memset(data+num, 0, 64-num);

HashMultipleBlocks(ctx, dataBuf, 64);

memset(data, 0, 32);

}

#if BYTE_ORDER == LITTLE_ENDIAN

#endif

dataBuf[4] = 0;

dataBuf[5] = 0;

dataBuf[6] = (ctx->countLo >> (8*sizeof(uint64)-3)) + (ctx->countHi << 3);

dataBuf[7] = ctx->countLo << 3;

WhirlpoolTransform(stateBuf, dataBuf);

#if BYTE_ORDER == LITTLE_ENDIAN

#endif

memcpy(result, stateBuf, 64);

}

#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE

#ifndef _M_X64

#ifdef _MSC_VER

#if _MSC_VER < 1900

__inline __m128i _mm_set_epi64x(int64 i0, int64 i1) {

union {

int64 q[2];

int32 r[4];

} u;

u.q[0] = i1; u.q[1] = i0;

// this is inefficient, but other solutions are worse

return _mm_setr_epi32(u.r[0], u.r[1], u.r[2], u.r[3]);

}

#pragma warning(disable:4799)

__inline __m128i _mm_set1_epi64x(int64 a)

{

union {

__m64 m;

long long ii;

} u;

u.ii = a;

return _mm_set1_epi64(u.m);

}

#pragma warning(default:4799)

#endif

#endif

#endif

#define U32V(v) (v)

#define ROTL32(x,n) rotl32(x, n)

#define U32TO8_LITTLE(p, v) (((uint32*)(p))[0] = (v))

#define U8TO32_LITTLE(v) *((uint32*)(v))

#define ROTATE(v,c) (ROTL32(v,c))

#define XOR(v,w) ((v) ^ (w))

#define PLUS(v,w) (U32V((v) + (w)))

#define PLUSONE(v) (PLUS((v),1))

#define QUARTERROUND(a,b,c,d) \

x[a] = PLUS(x[a],x[b]); x[d] = ROTATE(XOR(x[d],x[a]),16); \

x[c] = PLUS(x[c],x[d]); x[b] = ROTATE(XOR(x[b],x[c]),12); \

x[a] = PLUS(x[a],x[b]); x[d] = ROTATE(XOR(x[d],x[a]), 8); \

x[c] = PLUS(x[c],x[d]); x[b] = ROTATE(XOR(x[b],x[c]), 7);

static void salsa20_wordtobyte(uint8 output[64],const uint32 input[16], unsigned int r)

{

uint32 x[16];

int i;

for (i = 0;i < 16;++i) x[i] = input[i];

for (i = r;i > 0;--i) {

QUARTERROUND( 0, 4, 8,12)

QUARTERROUND( 1, 5, 9,13)

QUARTERROUND( 2, 6,10,14)

QUARTERROUND( 3, 7,11,15)

QUARTERROUND( 0, 5,10,15)

// see http://predef.sourceforge.net/prearch.html

#if (defined(_M_IX86) || defined(__i386__) || defined(__i386) || defined(_X86_) || defined(__I86__) || defined(__INTEL__)) && !CRYPTOPP_BOOL_X32

#define CRYPTOPP_BOOL_X86 1

#else

#define CRYPTOPP_BOOL_X86 0

#endif

#if (defined(_M_X64) || defined(__x86_64__)) && !CRYPTOPP_BOOL_X32

#define CRYPTOPP_BOOL_X64 1

#else

#define CRYPTOPP_BOOL_X64 0

#endif

// Undo the ASM and Intrinsic related defines due to X32.

#if CRYPTOPP_BOOL_X32

# undef CRYPTOPP_BOOL_X64

# undef CRYPTOPP_X64_ASM_AVAILABLE

# undef CRYPTOPP_X64_MASM_AVAILABLE

#endif

#if !defined(CRYPTOPP_NO_UNALIGNED_DATA_ACCESS) && !defined(CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS)

#if (CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || defined(__powerpc__) || (__ARM_FEATURE_UNALIGNED >= 1))

#define CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS

#endif

#endif

// this version of the macro is fastest on Pentium 3 and Pentium 4 with MSVC 6 SP5 w/ Processor Pack

#define GETBYTE(x, y) (unsigned int)((unsigned char)((x)>>(8*(y))))

// these may be faster on other CPUs/compilers

// #define GETBYTE(x, y) (unsigned int)(((x)>>(8*(y)))&255)

#endif

#endif

#if (defined(__AES__) && defined(__PCLMUL__)) || defined(__INTEL_COMPILER) || CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE

#if defined(TC_WINDOWS_DRIVER) || defined (_UEFI)

#if defined(__cplusplus)

extern "C" {

#endif

extern __m128i _mm_clmulepi64_si128(__m128i v1, __m128i v2,

const int imm8);

extern __m128i _mm_aeskeygenassist_si128(__m128i ckey, const int rcon);

extern __m128i _mm_aesimc_si128(__m128i v);

extern __m128i _mm_aesenc_si128(__m128i v, __m128i rkey);

extern __m128i _mm_aesenclast_si128(__m128i v, __m128i rkey);

extern __m128i _mm_aesdec_si128(__m128i v, __m128i rkey);

extern __m128i _mm_aesdeclast_si128(__m128i v, __m128i rkey);

#if defined(__cplusplus)

}

#endif

#else

#include <wmmintrin.h>

#endif

#endif

#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64

#if defined(__cplusplus)

extern "C" {

#endif

#define CRYPTOPP_CPUID_AVAILABLE

#define TC_AES_HW_CPU

#endif

// these should not be used directly

extern volatile int g_x86DetectionDone;

extern volatile int g_hasSSE2;

extern volatile int g_hasISSE;

extern volatile int g_hasMMX;

extern volatile int g_hasAVX;

extern volatile int g_hasAVX2;

extern volatile int g_hasBMI2;

extern volatile int g_hasSSE42;

extern volatile int g_hasSSE41;

extern volatile int g_hasSSSE3;

extern volatile int g_hasAESNI;

extern volatile int g_hasCLMUL;

extern volatile int g_isP4;

extern volatile int g_hasRDRAND;

extern volatile int g_hasRDSEED;

extern volatile int g_isIntel;

extern volatile int g_isAMD;

extern volatile uint32 g_cacheLineSize;

void DetectX86Features(); // must be called at the start of the program/driver

int CpuId(uint32 input, uint32 output[4]);

// disable all CPU extended features (e.g. SSE, AVX, AES) that may have

// been enabled by DetectX86Features.

void DisableCPUExtendedFeatures ();

#ifdef CRYPTOPP_BOOL_X64

#define HasSSE2() 1

/*

This code is written by kerukuro for cppcrypto library (http://cppcrypto.sourceforge.net/)

and released into public domain.

*/

#include "kuznyechik.h"

#include "cpu.h"

#include "misc.h"

#ifdef _MSC_VER

#define inline __forceinline

#endif

#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE

#endif

//#define CPPCRYPTO_DEBUG

252, 238, 221, 17, 207, 110, 49, 22, 251, 196, 250, 218, 35, 197, 4, 77, 233, 119, 240, 219, 147, 46, 153, 186, 23, 54, 241, 187, 20, 205, 95, 193,

249, 24, 101, 90, 226, 92, 239, 33, 129, 28, 60, 66, 139, 1, 142, 79, 5, 132, 2, 174, 227, 106, 143, 160, 6, 11, 237, 152, 127, 212, 211, 31,

235, 52, 44, 81, 234, 200, 72, 171, 242, 42, 104, 162, 253, 58, 206, 204, 181, 112, 14, 86, 8, 12, 118, 18, 191, 114, 19, 71, 156, 183, 93, 135,

21, 161, 150, 41, 16, 123, 154, 199, 243, 145, 120, 111, 157, 158, 178, 177, 50, 117, 25, 61, 255, 53, 138, 126, 109, 84, 198, 128, 195, 189, 13, 87,

223, 245, 36, 169, 62, 168, 67, 201, 215, 121, 214, 246, 124, 34, 185, 3, 224, 15, 236, 222, 122, 148, 176, 188, 220, 232, 40, 80, 78, 51, 10, 74,

167, 151, 96, 115, 30, 0, 98, 68, 26, 184, 56, 130, 100, 159, 38, 65, 173, 69, 70, 146, 39, 94, 85, 47, 140, 163, 165, 125, 105, 213, 149, 59,

7, 88, 179, 64, 134, 172, 29, 247, 48, 55, 107, 228, 136, 217, 231, 137, 225, 27, 131, 73, 76, 63, 248, 254, 141, 83, 170, 144, 202, 216, 133, 97,

32, 113, 103, 164, 45, 43, 9, 91, 203, 155, 37, 208, 190, 229, 108, 82, 89, 166, 116, 210, 230, 244, 180, 192, 209, 102, 175, 194, 57, 75, 99, 182

};

165, 45, 50, 143, 14, 48, 56, 192, 84, 230, 158, 57, 85, 126, 82, 145, 100, 3, 87, 90, 28, 96, 7, 24, 33, 114, 168, 209, 41, 198, 164, 63,

224, 39, 141, 12, 130, 234, 174, 180, 154, 99, 73, 229, 66, 228, 21, 183, 200, 6, 112, 157, 65, 117, 25, 201, 170, 252, 77, 191, 42, 115, 132, 213,

195, 175, 43, 134, 167, 177, 178, 91, 70, 211, 159, 253, 212, 15, 156, 47, 155, 67, 239, 217, 121, 182, 83, 127, 193, 240, 35, 231, 37, 94, 181, 30,

162, 223, 166, 254, 172, 34, 249, 226, 74, 188, 53, 202, 238, 120, 5, 107, 81, 225, 89, 163, 242, 113, 86, 17, 106, 137, 148, 101, 140, 187, 119, 60,

123, 40, 171, 210, 49, 222, 196, 95, 204, 207, 118, 44, 184, 216, 46, 54, 219, 105, 179, 20, 149, 190, 98, 161, 59, 22, 102, 233, 92, 108, 109, 173,

55, 97, 75, 185, 227, 186, 241, 160, 133, 131, 218, 71, 197, 176, 51, 250, 150, 111, 110, 194, 246, 80, 255, 93, 169, 142, 23, 27, 151, 125, 236, 88,

247, 31, 251, 124, 9, 13, 122, 103, 69, 135, 220, 232, 79, 29, 78, 4, 235, 248, 243, 62, 61, 189, 138, 136, 221, 205, 11, 19, 152, 2, 147, 128,

144, 208, 36, 52, 203, 237, 244, 206, 153, 16, 68, 64, 146, 58, 1, 38, 18, 26, 72, 104, 245, 129, 139, 199, 214, 32, 10, 8, 0, 76, 215, 116

};

static const uint64 T[16][256][2] = {

{

{LL(0x9680c07a0cd5fbe9), LL(0xb5aec91b93871119)}, {LL(0xce1a17b28ce00819), LL(0x0af2fef8abfc327b)}, {LL(0x77dcb250a2d0cbbf), LL(0x89c7884eefcabdc0)}, {LL(0xd642635e1a104162), LL(0xc01393d33c12c469)},

{LL(0x2f46659822e5384f), LL(0x369bbfadd7b19ea2)}, {LL(0xe74a6f116a39b338), LL(0xefc0cb2f2997703c)}, {LL(0x4d567d06c2b71ffb), LL(0x68fe0f96fd783508)}, {LL(0x7379a4c39bf8884a), LL(0xaa09c5a389e794c7)},

{LL(0x33bb07e78d3d32c1), LL(0xdfb49f6b267241b7)}, {LL(0xf79b37188e997c6a), LL(0x637e3c1d7223d420)}, {LL(0x49f36b95fb9f5c0e), LL(0x4b30427b9b551c0f)}, {LL(0xd2e775cd23380297), LL(0xe3ddde3e5a3fed6e)},

{LL(0x15ccaace4282ec0b), LL(0xd7a23875c503166a)}, {LL(0x8dd35b6af83b12a5), LL(0xf7fae10dcf048998)}, {LL(0x2be3730b1bcd7bba), LL(0x1555f240b19cb7a5)}, {LL(0xf286c5df28bb5f33), LL(0x3862f35aec946656)},

{LL(0x6b21d02f0d08c131), LL(0x60e8a8881e0962d5)}, {LL(0x670dea59467004ed), LL(0x05797f7cb47e19dc)}, {LL(0xeb665567214176e4), LL(0x8a511cdb83e00b35)}, {LL(0xa8af19bf559a6c58), LL(0x7759032ee718b0d6)},

{LL(0x0b82c319104e261e), LL(0xceeadf2407373c9d)}, {LL(0x126253a119b40fc9), LL(0x7cd930a5684351fe)}, {LL(0xa917fdebca900cf4), LL(0x0f8b81841f822ba7)}, {LL(0xbcdb57258812e0ff), LL(0xd829b9f1da813dcd)},

{LL(0x0931c8b1ed5ae685), LL(0x3e8d18b334c0c97f)}, {LL(0xe86dba9b435fd6d3), LL(0x02e459e6488d65a6)}, {LL(0x912e391557e3182b), LL(0x1ed5c1cb3ec7568d)}, {LL(0xc6933b57feb08e30), LL(0x4cad64e167a66075)},

{LL(0x87e97c27777f5417), LL(0x41c2bc8330a92e74)}, {LL(0xdbd6bd7cce62e412), LL(0xdd50c68d6eff2411)}, {LL(0xaa1c1217a88eacc3), LL(0x873ec4b9d4ef4534)}, {LL(0xa6302861e3f6691f), LL(0xe2af134d7e983e3d)},

{LL(0xc72bdf0361baee9c), LL(0x347fe64b9f3cfb04)}, {LL(0xfa0fe93a5aebd91a), LL(0x7e3d694320ce3458)}, {LL(0x3f973d91c645f71d), LL(0xba25489f8c053abe)}, {LL(0xfbb70d6ec5e1b9b6), LL(0x06efebe9d854af29)},

{LL(0xb3fc82afa1748514), LL(0x350d2b38bb9b2857)}, {LL(0x24c4a68132ab1e51), LL(0xf8716089d086a23f)}, {LL(0xb4527bc0fa4266d6), LL(0x9e7623e816db6fc3)}, {LL(0xe15c722aae053056), LL(0x3c6941557c4dacd9)},

{LL(0x531814d1907bd5ee), LL(0x71b6e8c73f4c1fff)}, {LL(0xd1ec9a314126a2a0), LL(0x6b689b03915283fd)}, {LL(0x4af884699981fc39), LL(0xc38507465038729c)}, {LL(0x01b8e4549f0a60ac), LL(0x78d282aaf89a9b71)},

{LL(0xf18d2a234aa5ff04), LL(0xb0d7b66727f908c5)}, {LL(0x7a486c7276a26ecf), LL(0x9484dd10bd275db8)}, {LL(0xa026355a27caea71), LL(0x310699372b42e2d8)}, {LL(0x06161d3bc43c836e), LL(0xd3a98a7a55dadce5)},

{LL(0x51ab1f796d6f1575), LL(0x81d12f500cbbea1d)}, {LL(0x02b30ba8fd14c09b), LL(0xf067c79733f7f5e2)}, {LL(0xf490d8e4ec87dc5d), LL(0xebcb7920b94ebab3)}, {LL(0x3b322b02ff6db4e8), LL(0x99eb0572ea2813b9)},

{LL(0xc9b4eeddd7d6ebdb), LL(0xa189f62806bc75ef)}, {LL(0xcca91c1a71f4c882), LL(0xfa95396f980bc799)}, {LL(0xda6e5928516884be), LL(0xa58244279665bf60)}, {LL(0xb24466fb3e7ee5b8), LL(0x4ddfa9924301b326)},

{LL(0xdf73abeff74aa7e7), LL(0xfe9e8b6008d20d16)}, {LL(0xd8dd5280ac7c4425), LL(0x55e583b0a5924a82)}, {LL(0x40c2a32416c5ba8b), LL(0x75bd5ac8af95d570)}, {LL(0xd35f9199bc32623b), LL(0x9b0f5c94a2a5761f)},

{LL(0x31080c4f7029f25a), LL(0x2fd358fc1585b455)}, {LL(0x5b913834e22b53c7), LL(0x37e972def3164df1)}, {LL(0xfeaaffa963c39aef), LL(0x5df324ae46e31d5f)}, {LL(0x5f342ea7db031032), LL(0x14273f33953b64f6)},

{LL(0x9fb108cbe18f1d6c), LL(0x8b23d1a8a747d866)}, {LL(0x1cfd627fafd80a8e), LL(0xe92f20c6f1c3df15)}, {LL(0xe6f28b45f533d394), LL(0x97124985d10deb4d)}, {LL(0x236a5fee699dfd93), LL(0x530a68597dc6e5ab)},

{LL(0xe5f964b9972d73a3), LL(0x1fa70cb81a6085de)}, {LL(0x8a7da205a30df167), LL(0x5c81e9dd6244ce0c)}, {LL(0xa32ddaa645d44a46), LL(0xb9b3dc0ae02f8c4b)}, {LL(0x6a99347b9202a19d), LL(0x183a2a22e693f9a4)},

{LL(0x31f0dc1c90fa2ebe), LL(0x7898fb40648a4d2c)}, {LL(0x944740add0087bab), LL(0xc2e3365b6ff9ae07)}, {LL(0x485e3e19ac7702ae), LL(0x2fe7461d3613a360)}, {LL(0x0d804b35bf31ee51), LL(0x402bc22a75e507cb)},

{LL(0xdfcb6f4ddad4c812), LL(0x84a9e21ec92383a4)}, {LL(0xe9129e37a763288f), LL(0x097231673ebf6b8c)}, {LL(0x78e0ed525e55431d), LL(0x70a572d422de940d)}, {LL(0x6d3f2ea398756cf4), LL(0xfeafaa7b5dbc6911)},

{LL(0xe5dcda557a8aa9d3), LL(0x6e833cc43b1d1606)}, {LL(0x45de752c1346ecff), LL(0x6fcc843743f6a4ab)}, {LL(0x5d81fde86a572d47), LL(0xa1ed9eb249715e7c)}, {LL(0xa5b79cb140f25515), LL(0xba7bcd1b0b73e32b)},

{LL(0x66d847a7a8d1238b), LL(0x6c1d8fe1cb08b19f)}, {LL(0xbca61b225b3bfba0), LL(0x5380181771b363bd)}, {LL(0x3eec8987ebb81ef5), LL(0x76c464bbf1e1be65)}, {LL(0x2fc876e9667e4e28), LL(0x642006758d5c68be)},

{LL(0x242f1fed56da0157), LL(0xf69223ef1be8b030)}, {LL(0x636d746f81ef33b2), LL(0xd729fa09b890e019)}, {LL(0x7d55de9a776b5324), LL(0xcb91073c5146c58b)}, {LL(0xceef9023571298cf), LL(0x964d80d0b59e557f)},

{LL(0xc0bdcaef4e88c789), LL(0xbfcbd0a250b2dc77)}, {LL(0x1124ff6e8dc650dd), LL(0x12e462ce7cbdd6db)}, {LL(0x824a92a5b083e555), LL(0x25447cac8052ddd8)}, {LL(0xda7e5c85f3ead82b), LL(0x3f9d97f6babbd222)},

{LL(0x1f76a5a2945c0f9b), LL(0x3b6232bc99915fd3)}, {LL(0xb3ba4eb92079cbeb), LL(0x5ddc87ece4d890f4)}, {LL(0x9d3c370724dfeace), LL(0x1e264e1019c3820b)}, {LL(0x47426b82d73532e5), LL(0x21bbd9e6a3785029)},

{LL(0x96db5e03147ba5b1), LL(0x8c946b8a8f775a85)}, {LL(0x54fa8a429e80bc22), LL(0x7d28e6f93f4b7270)}, {LL(0xc446f670056eb8bd), LL(0x23256ac3536df7b0)}, {LL(0x15dfc3f1c6202fe9), LL(0x8e0ad8af7f62fd1c)},

{LL(0x07292d66ed4dce23), LL(0xf54328399316a504)}, {LL(0x70d595afc85abd75), LL(0x8bbac51624a3c240)}, {LL(0x90bc7c329bee049f), LL(0x5e0d8c3a6c2685c0)}, {LL(0x1ac3966abd621fa2), LL(0x80564754ea090e55)},

{LL(0xa72b821f84818b0f), LL(0xf40c90caebfd17a9)}, {LL(0xd1993581c34e9754), LL(0xad2fb26c2c0f0aac)}, {LL(0x679648f0ca094c86), LL(0x4bc74068bb4fcbde)}, {LL(0xc221d4418afb1993), LL(0xf1bc8d73b03c28f5)},

{LL(0x256110ba34026e5a), LL(0xd148ec666bafca71)}, {LL(0x8a7fea58268c1b3d), LL(0xde5bcb6e862f8b95)}, {LL(0xb85d27bd10dd8494), LL(0xcf6ea276726c487a)}, {LL(0x77fcb8c925177356), LL(0x7ef9ed2fb7b56744)},

{LL(0x62237b38e3375cbf), LL(0xf0f33580c8d79a58)}, {LL(0xeb8e80996310f695), LL(0x47056cb6de319f0e)}, {LL(0x4b8c2fe00adcb3b9), LL(0x464ad445a6da2da3)}, {LL(0x2a7d45214f405e11), LL(0xdf14739dfec43938)},

{LL(0x28e15b8f8b33800b), LL(0x91632e4c1e4acdba)}, {LL(0xff1f4c3fc7e8b671), LL(0xeed57b90d1141853)}, {LL(0xc508f92767b6d7b0), LL(0x04ffa54a232a8df1)}, {LL(0x2b334a762d98311c), LL(0xf8cebc148e834379)},

{LL(0x42f7584afe0b22dc), LL(0x9a8fac0ed0e001af)}, {LL(0x61f16ac1459ceda8), LL(0x995ea7d8581e149b)}, {LL(0x3a17b518a05e61c1), LL(0xea2adedaf23e95a2)}, {LL(0x89adfba18027aa2a), LL(0xb7f6593616e60556)},

{LL(0x0000000000000000), LL(0x0000000000000000)}, {LL(0xee3bb3514a2ee6ac), LL(0xfc31195eada9ce88)}, {LL(0xfaaa7ff7eed6a648), LL(0x55e10e78a28c49d5)}, {LL(0xd7fe17b04cdb367a), LL(0x7fb655dccf5ed5e9)}

}

};

static const uint64 C[32][2] = {

{LL(0xb87a486c7276a26e), LL(0x019484dd10bd275d)}, {LL(0xb3f490d8e4ec87dc), LL(0x02ebcb7920b94eba)}, {LL(0x0b8ed8b4969a25b2), LL(0x037f4fa4300469e7)}, {LL(0xa52be3730b1bcd7b), LL(0x041555f240b19cb7)},

{LL(0x1d51ab1f796d6f15), LL(0x0581d12f500cbbea)}, {LL(0x16df73abeff74aa7), LL(0x06fe9e8b6008d20d)}, {LL(0xaea53bc79d81e8c9), LL(0x076a1a5670b5f550)}, {LL(0x895605e6163659f6), LL(0x082aaa2780a1fbad)},

{LL(0x312c4d8a6440fb98), LL(0x09be2efa901cdcf0)}, {LL(0x3aa2953ef2dade2a), LL(0x0ac1615ea018b517)}, {LL(0x82d8dd5280ac7c44), LL(0x0b55e583b0a5924a)}, {LL(0x2c7de6951d2d948d), LL(0x0c3fffd5c010671a)},

{LL(0x9407aef96f5b36e3), LL(0x0dab7b08d0ad4047)}, {LL(0x9f89764df9c11351), LL(0x0ed434ace0a929a0)}, {LL(0x27f33e218bb7b13f), LL(0x0f40b071f0140efd)}, {LL(0xd1ac0a0f2c6cb22f), LL(0x1054974ec3813599)},

{LL(0x69d642635e1a1041), LL(0x11c01393d33c12c4)}, {LL(0x62589ad7c88035f3), LL(0x12bf5c37e3387b23)}, {LL(0xda22d2bbbaf6979d), LL(0x132bd8eaf3855c7e)}, {LL(0x7487e97c27777f54), LL(0x1441c2bc8330a92e)},

{LL(0xccfda1105501dd3a), LL(0x15d54661938d8e73)}, {LL(0xc77379a4c39bf888), LL(0x16aa09c5a389e794)}, {LL(0x7f0931c8b1ed5ae6), LL(0x173e8d18b334c0c9)}, {LL(0x58fa0fe93a5aebd9), LL(0x187e3d694320ce34)},

{LL(0xe0804785482c49b7), LL(0x19eab9b4539de969)}, {LL(0xeb0e9f31deb66c05), LL(0x1a95f6106399808e)}, {LL(0x5374d75dacc0ce6b), LL(0x1b0172cd7324a7d3)}, {LL(0xfdd1ec9a314126a2), LL(0x1c6b689b03915283)},

{LL(0x45aba4f6433784cc), LL(0x1dffec46132c75de)}, {LL(0x4e257c42d5ada17e), LL(0x1e80a3e223281c39)}, {LL(0xf65f342ea7db0310), LL(0x1f14273f33953b64)}, {LL(0x619b141e58d8a75e), LL(0x20a8ed9c45c16af1)}

};

#define LS(x1,x2,t1,t2) { \

}

#define ILS(x1,x2,t1,t2) { \

}

#define ILSS(x1,x2,t1,t2) { \

}

#define ISI(val) { \

(val)[0] = IS[(val)[0]]; \

(val)[1] = IS[(val)[1]]; \

(val)[2] = IS[(val)[2]]; \

(val)[3] = IS[(val)[3]]; \

(val)[4] = IS[(val)[4]]; \

(val)[5] = IS[(val)[5]]; \

(val)[6] = IS[(val)[6]]; \

(val)[7] = IS[(val)[7]]; \

}

#define F(k00,k01,k10,k11,i,o00,o01,o10,o11) { \

o10 = k00; \

o11 = k01; \

k00 ^= C[i][0]; \

k01 ^= C[i][1]; \

LS(k00, k01, o00, o01); \

o00 ^= k10; \

o01 ^= k11; \

}

#define FK(k00,k01,k10,k11,ist) { \

for (i = 0; i < 8; i += 2) \

{ \

F(k00, k01, k10, k11, i + ist, t00, t01, t10, t11); \

F(t00, t01, t10, t11, i + 1 + ist, k00, k01, k10, k11); \

} \

}

{

#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && !defined(_UEFI) && (!defined (TC_WINDOWS_DRIVER) || (!defined (DEBUG) && defined (_WIN64)))

if(HasSSE2())

{

kuznyechik_set_key_simd (key, kds);

}

else

#endif

{

int i;

uint64 k00 = *(const uint64*)key;

uint64 k01 = *(((const uint64*)key) + 1);

uint64 k10 = *(((const uint64*)key) + 2);

uint64 k11 = *(((const uint64*)key) + 3);

uint64 t00, t01, t10, t11;

kds->rke[0] = k00;

kds->rke[1] = k01;

kds->rke[2] = k10;

kds->rke[3] = k11;

FK(k00, k01, k10, k11, 0);

kds->rke[4] = k00;

kds->rke[5] = k01;

kds->rke[6] = k10;

kds->rke[7] = k11;

FK(k00, k01, k10, k11, 8);

kds->rke[8] = k00;

kds->rke[9] = k01;

kds->rke[10] = k10;

kds->rke[11] = k11;

FK(k00, k01, k10, k11, 16);

kds->rke[12] = k00;

kds->rke[13] = k01;

kds->rke[14] = k10;

kds->rke[15] = k11;

FK(k00, k01, k10, k11, 24);

kds->rke[16] = k00;

kds->rke[17] = k01;

kds->rke[18] = k10;

kds->rke[19] = k11;

kds->rkd[0] = kds->rke[0];

kds->rkd[1] = kds->rke[1];

for (i = 1; i < 10; i++)

{

uint64 t1 = kds->rke[2*i], t2 = kds->rke[2*i+1];

kds->rkd[2*i] = t1; kds->rkd[2*i + 1] = t2;

ILSS(t1, t2, kds->rkd[2*i], kds->rkd[2*i+1]);

}

}

#ifdef CPPCRYPTO_DEBUG

for(int i = 0; i < 10; i++)

printf("key[%d]: { 0x%016I64X, 0x%016I64X }\n", i, kds->rke[2*i], kds->rke[2*i+1]);

#endif

}

{

#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && !defined(_UEFI) && (!defined (TC_WINDOWS_DRIVER) || (!defined (DEBUG) && defined (_WIN64)))

if(HasSSE2())

{

kuznyechik_encrypt_block_simd (out, in, kds);

}

else

#endif

{

uint64 x1 = *(const uint64*)in;

uint64 x2 = *(((const uint64*)in)+1);

uint64 t1, t2;

x1 ^= kds->rke[0];

x2 ^= kds->rke[1];

LS(x1, x2, t1, t2);

t1 ^= kds->rke[2];

t2 ^= kds->rke[3];

LS(t1, t2, x1, x2);

x1 ^= kds->rke[4];

x2 ^= kds->rke[5];

LS(x1, x2, t1, t2);

t1 ^= kds->rke[6];

t2 ^= kds->rke[7];

LS(t1, t2, x1, x2);

x1 ^= kds->rke[8];

x2 ^= kds->rke[9];

LS(x1, x2, t1, t2);

t1 ^= kds->rke[10];

t2 ^= kds->rke[11];

LS(t1, t2, x1, x2);

x1 ^= kds->rke[12];

x2 ^= kds->rke[13];

LS(x1, x2, t1, t2);

t1 ^= kds->rke[14];

t2 ^= kds->rke[15];

LS(t1, t2, x1, x2);

x1 ^= kds->rke[16];

x2 ^= kds->rke[17];

LS(x1, x2, t1, t2);

t1 ^= kds->rke[18];

t2 ^= kds->rke[19];

*(uint64*)out = t1;

*(((uint64*)out) + 1) = t2;

}

}

{

#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && !defined(_UEFI) && (!defined (DEBUG) || !defined (TC_WINDOWS_DRIVER))

if(HasSSE2())

{

kuznyechik_encrypt_blocks_simd (out, in, blocks, kds);

}

else

#endif

{

while (blocks)

{

kuznyechik_encrypt_block (out, in, kds);

in += 16;

out += 16;

blocks--;

}

}

}

{

#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && !defined(_UEFI) && (!defined (TC_WINDOWS_DRIVER) || (!defined (DEBUG) && defined (_WIN64)))

if(HasSSE2())

{

kuznyechik_decrypt_block_simd (out, in, kds);

}

else

#endif

{

uint64 x1 = *(const uint64*)in;

uint64 x2 = *(((const uint64*)in) + 1);

uint64 t1, t2;

ILSS(x1, x2, t1, t2);

t1 ^= kds->rkd[18];

t2 ^= kds->rkd[19];

ILS(t1, t2, x1, x2);

x1 ^= kds->rkd[16];

x2 ^= kds->rkd[17];

ILS(x1, x2, t1, t2);

t1 ^= kds->rkd[14];

t2 ^= kds->rkd[15];

ILS(t1, t2, x1, x2);

x1 ^= kds->rkd[12];

x2 ^= kds->rkd[13];

ILS(x1, x2, t1, t2);

t1 ^= kds->rkd[10];

t2 ^= kds->rkd[11];

ILS(t1, t2, x1, x2);

x1 ^= kds->rkd[8];

x2 ^= kds->rkd[9];

ILS(x1, x2, t1, t2);

t1 ^= kds->rkd[6];

t2 ^= kds->rkd[7];

ILS(t1, t2, x1, x2);

x1 ^= kds->rkd[4];

x2 ^= kds->rkd[5];

ILS(x1, x2, t1, t2);

t1 ^= kds->rkd[2];

t2 ^= kds->rkd[3];

t1 ^= kds->rkd[0];

t2 ^= kds->rkd[1];

*(uint64*)out = t1;

*(((uint64*)out) + 1) = t2;

}

}

{

#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && !defined(_UEFI) && (!defined (DEBUG) || !defined (TC_WINDOWS_DRIVER))

if(HasSSE2())

{

kuznyechik_decrypt_blocks_simd (out, in, blocks, kds);

}

else

#endif

{

while (blocks)

{

kuznyechik_decrypt_block (out, in, kds);

in += 16;

out += 16;

blocks--;

}

}

}

#if 0

static inline uint8_t mul_gf(uint8_t x, uint8_t y, uint16_t p) {

uint8_t r = 0;

uint8_t hbit = 0;

while (y) {

if (y & 1)

r ^= x;

hbit = x & 0x80;

x <<= 1;

if (hbit == 0x80)

x ^= p;

/*

This code is written by kerukuro for cppcrypto library (http://cppcrypto.sourceforge.net/)

and released into public domain.

*/

/* Adapted to VeraCrypt */

#ifndef CPPCRYPTO_KUZNYECHIK_H

#define CPPCRYPTO_KUZNYECHIK_H

#include "Common/Tcdefs.h"

#ifdef __cplusplus

extern "C" {

#endif

typedef struct _kuznyechik_kds

{

uint64 rke[20];

uint64 rkd[20];

} kuznyechik_kds;

#define KUZNYECHIK_KS (sizeof(kuznyechik_kds))

#ifdef __cplusplus

}

#endif

#endif

#define ROUND_ENC_1x(round_) { \

temporary1_ = _mm_loadu_si128((const __m128i *) &roundKeys_[2 * round_]); \

data_ = _mm_xor_si128(data_, temporary1_); \

applyLSTransformation(data_); \

}

#define ROUND_ENC_2x(round_) { \

temporary11_ = _mm_loadu_si128((const __m128i *) &roundKeys_[2 * round_]); \

data1_ = _mm_xor_si128(data1_, temporary11_); \

data2_ = _mm_xor_si128(data2_, temporary11_); \

applyLSTransformation_2(data1_, data2_); \

}

#define ROUND_ENC_3x(round_) { \

temporary11_ = _mm_loadu_si128((const __m128i *) &roundKeys_[2 * round_]); \

data1_ = _mm_xor_si128(data1_, temporary11_); \

data2_ = _mm_xor_si128(data2_, temporary11_); \

data3_ = _mm_xor_si128(data3_, temporary11_); \

applyLSTransformation_3(data1_, data2_, data3_); \

}

#define ROUND_ENC_4x(round_) { \

temporary11_ = _mm_loadu_si128((const __m128i *) &roundKeys_[2 * round_]); \

data1_ = _mm_xor_si128(data1_, temporary11_); \

data2_ = _mm_xor_si128(data2_, temporary11_); \

data3_ = _mm_xor_si128(data3_, temporary11_); \

data4_ = _mm_xor_si128(data4_, temporary11_); \

applyLSTransformation_4(data1_, data2_, data3_,data4_); \

}

{

const uint_64t *roundKeys_ = (const uint_64t *) kds->rke;

__m128i data_;

__m128i temporary1_, temporary2_;

__m128i addresses1_, addresses2_;

int round_;

data_ = _mm_loadu_si128((const __m128i*) in);

#ifdef UNROLL_LOOPS

ROUND_ENC_1x (0);

ROUND_ENC_1x (1);

ROUND_ENC_1x (2);

ROUND_ENC_1x (3);

ROUND_ENC_1x (4);

ROUND_ENC_1x (5);

ROUND_ENC_1x (6);

ROUND_ENC_1x (7);

ROUND_ENC_1x (8);

round_ = 9;

#else

for (round_ = 0; round_ < 9; round_++)

ROUND_ENC_1x (round_);

#endif

temporary1_ = _mm_loadu_si128((const __m128i *) &roundKeys_[2 * round_]);

data_ = _mm_xor_si128(data_, temporary1_);

_mm_storeu_si128((__m128i*) out, data_);

}

{

const uint_64t *roundKeys_ = (const uint_64t *) kds->rke;

__m128i data1_, data2_, data3_, data4_;

__m128i temporary11_, temporary12_;

__m128i addresses11_, addresses12_;

__m128i temporary21_, temporary22_;

__m128i addresses21_, addresses22_;

__m128i temporary31_, temporary32_;

__m128i addresses31_, addresses32_;

__m128i temporary41_, temporary42_;

__m128i addresses41_, addresses42_;

int round_;

while (blocks >= 4)

{

data1_ = _mm_loadu_si128((const __m128i*) in);

data2_ = _mm_loadu_si128((const __m128i*) (in + 16));

data3_ = _mm_loadu_si128((const __m128i*) (in + 32));

data4_ = _mm_loadu_si128((const __m128i*) (in + 48));

#ifdef UNROLL_LOOPS

ROUND_ENC_4x (0);

ROUND_ENC_4x (1);

ROUND_ENC_4x (2);

ROUND_ENC_4x (3);

ROUND_ENC_4x (4);

ROUND_ENC_4x (5);

ROUND_ENC_4x (6);

ROUND_ENC_4x (7);

#define ROUND_DEC_1X(round_) { \

applyInversedLSTransformation(data_); \

cache1_ = _mm_loadu_si128((const __m128i *) &roundKeys_[2 * round_]); \

data_ = _mm_xor_si128(data_, cache1_); \

}

#define ROUND_DEC_2X(round_) { \

applyInversedLSTransformation_2(data1_, data2_); \

cache11_ = _mm_loadu_si128((const __m128i *) &roundKeys_[2 * round_]); \

data1_ = _mm_xor_si128(data1_, cache11_); \

data2_ = _mm_xor_si128(data2_, cache11_); \

}

#define ROUND_DEC_3X(round_) { \

applyInversedLSTransformation_3(data1_, data2_,data3_); \

cache11_ = _mm_loadu_si128((const __m128i *) &roundKeys_[2 * round_]); \

data1_ = _mm_xor_si128(data1_, cache11_); \

data2_ = _mm_xor_si128(data2_, cache11_); \

data3_ = _mm_xor_si128(data3_, cache11_); \

}

#define ROUND_DEC_4X(round_) { \

applyInversedLSTransformation_4(data1_, data2_,data3_,data4_); \

cache11_ = _mm_loadu_si128((const __m128i *) &roundKeys_[2 * round_]); \

data1_ = _mm_xor_si128(data1_, cache11_); \

data2_ = _mm_xor_si128(data2_, cache11_); \

data3_ = _mm_xor_si128(data3_, cache11_); \

data4_ = _mm_xor_si128(data4_, cache11_); \

}

{

const uint_64t *roundKeys_ = kds->rkd;

__m128i data_;

#ifndef UNROLL_LOOPS

int round_;

#endif

block_t temporary_;

int byteIndex_;

__m128i cache1_, cache2_;

__m128i addresses1_, addresses2_;

data_ = _mm_loadu_si128((const __m128i*) in);

applySTransformation(data_);

#ifdef UNROLL_LOOPS

ROUND_DEC_1X (9);

ROUND_DEC_1X (8);

ROUND_DEC_1X (7);

ROUND_DEC_1X (6);

ROUND_DEC_1X (5);

ROUND_DEC_1X (4);

ROUND_DEC_1X (3);

ROUND_DEC_1X (2);

ROUND_DEC_1X (1);

#else

for (round_ = NumberOfRounds - 1; round_ > 0; --round_)

ROUND_DEC_1X(round_);

#endif

applyInversedSTransformation(data_);

cache1_ = _mm_loadu_si128((const __m128i *) &roundKeys_[0]);

data_ = _mm_xor_si128(data_, cache1_);

_mm_storeu_si128((__m128i*) out, data_);

}

{

const uint_64t *roundKeys_ = kds->rkd;

__m128i data1_, data2_,data3_,data4_;

#ifndef UNROLL_LOOPS

int round_;

#endif

block_t temporary1_;

block_t temporary2_;

block_t temporary3_;

block_t temporary4_;

int byteIndex_;

__m128i cache11_, cache12_;

__m128i cache21_, cache22_;

__m128i cache31_, cache32_;

__m128i cache41_, cache42_;

__m128i addresses11_, addresses12_;

__m128i addresses21_, addresses22_;

__m128i addresses31_, addresses32_;

__m128i addresses41_, addresses42_;

while (blocks >= 4)

{

data1_ = _mm_loadu_si128((const __m128i*) in);

data2_ = _mm_loadu_si128((const __m128i*) (in + 16));

data3_ = _mm_loadu_si128((const __m128i*) (in + 32));

data4_ = _mm_loadu_si128((const __m128i*) (in + 48));

applySTransformation_4(data1_, data2_,data3_,data4_);

#ifdef UNROLL_LOOPS

data2_ = _mm_loadu_si128((const __m128i*) (in + 16));

applySTransformation_2(data1_, data2_);

#ifdef UNROLL_LOOPS

ROUND_DEC_2X (9);

ROUND_DEC_2X (8);

ROUND_DEC_2X (7);

ROUND_DEC_2X (6);

ROUND_DEC_2X (5);

ROUND_DEC_2X (4);

ROUND_DEC_2X (3);

ROUND_DEC_2X (2);

ROUND_DEC_2X (1);

#else

for (round_ = NumberOfRounds - 1; round_ > 0; --round_)

ROUND_DEC_2X(round_);

#endif

applyInversedSTransformation_2(data1_,data2_);

cache11_ = _mm_loadu_si128((const __m128i *) &roundKeys_[0]);

data1_ = _mm_xor_si128(data1_, cache11_);

data2_ = _mm_xor_si128(data2_, cache11_);

_mm_storeu_si128((__m128i*) out, data1_);

_mm_storeu_si128((__m128i*) (out + 16), data2_);

}

else if (blocks)

kuznyechik_decrypt_block_simd (out, in, kds);

}

{

scheduleEncryptionRoundKeysForGost15 (kds->rke, key);

scheduleDecryptionRoundKeysForGost15 (kds->rkd, key);

}

#endif

#elif _MSC_VER >= 1400 || (_MSC_VER >= 1300 && !defined(_DLL))

return _byteswap_ulong(value);

#elif CRYPTOPP_FAST_ROTATE(32)

// 5 instructions with rotate instruction, 9 without

return (rotr32(value, 8U) & 0xff00ff00) | (rotl32(value, 8U) & 0x00ff00ff);

#else

// 6 instructions with rotate instruction, 8 without

value = ((value & 0xFF00FF00) >> 8) | ((value & 0x00FF00FF) << 8);

return rotl32(value, 16U);

#endif

}

#ifndef TC_NO_COMPILER_INT64

VC_INLINE uint64 ByteReverseWord64(uint64 value)

{

#if defined(__GNUC__) && defined(CRYPTOPP_X86_ASM_AVAILABLE) && defined(__x86_64__)

__asm__ ("bswap %0" : "=r" (value) : "0" (value));

return value;

#elif defined(CRYPTOPP_BYTESWAP_AVAILABLE)

return bswap_64(value);

#elif defined(_MSC_VER) && _MSC_VER >= 1300

return _byteswap_uint64(value);

#else

value = ((value & LL(0xFF00FF00FF00FF00)) >> 8) | ((value & LL(0x00FF00FF00FF00FF)) << 8);

value = ((value & LL(0xFFFF0000FFFF0000)) >> 16) | ((value & LL(0x0000FFFF0000FFFF)) << 16);

return rotl64(value, 32U);

#endif

}

{

size_t i, count = byteCount/sizeof(uint64);

for (i=0; i<count; i++)

out[i] = ByteReverseWord64(in[i]);

}

#endif

#ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS

#define GetAlignmentOf(T) 1

#elif (_MSC_VER >= 1300)

#define GetAlignmentOf(T) __alignof(T)

#elif defined(__GNUC__)

#define GetAlignmentOf(T) __alignof__(T)

#else

#define GetAlignmentOf(T) sizeof(T)

#endif

#define IsPowerOf2(n) (((n) > 0) && (((n) & ((n)-1)) == 0))

#define ModPowerOf2(a,b) ((a) & ((b)-1))

#define IsAlignedOn(p,alignment) ((alignment==1) || (IsPowerOf2(alignment) ? ModPowerOf2((size_t)p, alignment) == 0 : (size_t)p % alignment == 0))

#define IsAligned16(p) IsAlignedOn(p, GetAlignmentOf(uint64))

#ifdef __cplusplus

}

#endif

// rdrand.cpp - written and placed in public domain by Jeffrey Walton and Uri Blumenthal.

/* modified for VeraCrypt */

#include "chacha256.h"

#include "cpu.h"

#include "misc.h"

int RDRAND_getBytes(unsigned char* buf, size_t bufLen)

{

if (!buf || !HasRDRAND())

return 0;

if (bufLen)

MASM_RDRAND_GenerateBlock(buf, bufLen);

return 1;

}

int RDSEED_getBytes(unsigned char* buf, size_t bufLen)

{

if (!buf || !HasRDSEED())

return 0;

if (bufLen)

MASM_RDSEED_GenerateBlock(buf, bufLen);

return 1;

}

* or just the one. So, this definitions allows disable corresponding parts

* of t1ha library.

*

* // To disable t1ha0(), t1ha0_32le(), t1ha0_32be() and all AES-NI.

* #define T1HA0_DISABLED

*

* // To disable t1ha1_le() and t1ha1_be().

* #define T1HA1_DISABLED

*

* // To disable t1ha2_atonce(), t1ha2_atonce128() and so on.

* #define T1HA2_DISABLED

*

*****************************************************************************/

#define T1HA_VERSION_MAJOR 2

#define T1HA_VERSION_MINOR 1

#define T1HA_VERSION_RELEASE 0

#include "Common/Tcdefs.h"

#include "config.h"

#include "misc.h"

#ifdef __cplusplus

extern "C" {

#endif

#define T1HA_ALIGN_PREFIX CRYPTOPP_ALIGN_DATA(32)

#define T1HA_ALIGN_SUFFIX

#ifdef _MSC_VER

#define uint16_t uint16

#define uint32_t uint32

#define uint64_t uint64

#endif

typedef union T1HA_ALIGN_PREFIX t1ha_state256 {

uint8_t bytes[32];

uint32_t u32[8];

uint64_t u64[4];

struct {

uint64_t a, b, c, d;

} n;

} t1ha_state256_t T1HA_ALIGN_SUFFIX;

typedef struct t1ha_context {

t1ha_state256_t state;

t1ha_state256_t buffer;

size_t partial;

uint64_t total;

} t1ha_context_t;

/******************************************************************************

*

* t1ha2 = 64 and 128-bit, SLIGHTLY MORE ATTENTION FOR QUALITY AND STRENGTH.

*

* - The recommended version of "Fast Positive Hash" with good quality

* for checksum, hash tables and fingerprinting.

* - Portable and extremely efficiency on modern 64-bit CPUs.

* Designed for 64-bit little-endian platforms,

* in other cases will runs slowly.