-2010-07-25 Niels Möller <nisse@lysator.liu.se>
+2013-05-28 Niels Möller <nisse@lysator.liu.se>
+
+ * Released nettle-2.7.1.
+
+2013-05-21 Niels Möller <nisse@lysator.liu.se>
+
+ From master (2013-05-20):
+ * arm/v6/sha1-compress.asm: Moved into v6 directory, since it uses
+ the v6 instruction uadd8, sel and rev.
+ * arm/v6/sha256-compress.asm: Likewise.
+
+ From master (2013-05-15):
+ * configure.ac (asm_path): Handle armv6 and armv7 differently from
+ older ARMs. Add the arm/v6 directory to asm_path when appropriate.
+
+ * arm/v6/aes-encrypt-internal.asm: Moved into v6 directory. Uses
+ the uxtb instruction which is not available for older ARMs.
+ * arm/v6/aes-decrypt-internal.asm: Likewise.
+
+2013-05-21 Niels Möller <nisse@lysator.liu.se>
+
+ * configure.ac: Changed version number to 2.7.1.
+ (LIBHOGWEED_MINOR): Bumped library version, to 4.7.
+ (LIBHOGWEED_MINOR): And to 2.5.
+
+2013-05-17 Niels Möller <nisse@lysator.liu.se>
+
+ From master branch:
+ * ecc-j-to-a.c (ecc_j_to_a): Fixed ecc_modp_mul call, to avoid
+ invalid overlap of arguments to mpn_mul_n. Problem tracked down by
+ Magnus Holmgren.
+
+2013-04-24 Niels Möller <nisse@lysator.liu.se>
+
+ * Released nettle-2.7.
+
+2013-04-23 Niels Möller <nisse@lysator.liu.se>
+
+ From Martin Storsjö:
+ * x86_64/sha256-compress.asm: Add forgotten W64_EXIT.
+ * x86_64/sha512-compress.asm: Likewise.
+ * x86_64/salsa20-crypt.asm (Lpartial): Don't return via W64_EXIT
+ within this subfunction.
+ * x86_64/machine.m4 (W64_ENTRY): Use movdqu instead of movdqa for
+ saving xmm registers, since the stack is not guaranteed to be
+ 16-byte aligned on win64. Take pushed xmm registers into account
+ when reading the fifth parameter from the stack.
+
+ * Makefile.in: Consistently use EXEEXT_FOR_BUILD.
+
+2013-04-21 Niels Möller <nisse@lysator.liu.se>
+
+ * Makefile.in (DISTFILES): Added mini-gmp.c and mini-gmp.h.
+ (distdir): Use find, for identifying assembly files to copy.
+
+2013-04-18 Niels Möller <nisse@lysator.liu.se>
+
+ * configure.ac: Recognize cpu type "arm*", not just "armv7*'.
+
+ * arm/aes-encrypt-internal.asm: Updated include of aes.m4.
+ * arm/aes-decrypt-internal.asm: Likewise.
+
+ * Makefile.in (distdir): Updated for ARM reorganization.
+
+ * configure.ac (asm_path): Generalized, can now be a list of
+ directories. On ARM, check for neon instructions, and add arm/neon
+ if appropriate. New command line options
+ --enable-arm-neon/--disable-arm-neon, for overriding the default.
+
+ arm/neon: New subdirectory, for assembly files making use of neon
+ instructions.
+
+ arm: Renamed directory, from...
+ armv7: ...old name.
+
+ * aclocal.m4 (NETTLE_CHECK_ARM_NEON): New macro.
+
+ * nettle.texinfo (Keyed hash functions): Document UMAC.
+
+ * umac.h (UMAC32_DIGEST_SIZE, UMAC64_DIGEST_SIZE)
+ (UMAC96_DIGEST_SIZE, UMAC128_DIGEST_SIZE): New constants.
+ (UMAC_DATA_SIZE): New name, for consistency with hash functions.
+ Updated all uses.
+ (UMAC_BLOCK_SIZE): ... old name.
+
+2013-04-17 Niels Möller <nisse@lysator.liu.se>
+
+ * examples/nettle-benchmark.c (main): Benchmark salsa20r12.
+
+ * nettle-internal.c (nettle_salsa20r12): Cipher struct for
+ benchmarking only.
+ * nettle-internal.h (nettle_salsa20): Declare it.
+
+ * Makefile.in (eccdata): Depend on mini-gmp files. Drop -lgmp.
+
+ * eccdata.c: Use mini-gmp, to avoid gmp dependency and associated
+ configure tests for the *build* system. Replaced mpz_submul_ui by
+ mpz_mul_ui + mpz_sub, and gmp_printf and gmp_fprintf by calls to
+ mpz_out_str.
+
+ * mini-gmp.h, mini-gmp.c: New files, copied from gmp-5.1.1.
+
+2013-04-16 Niels Möller <nisse@lysator.liu.se>
+
+ * umac-set-key.c (BE_SWAP32_N): Fixed dummy definition used for
+ big-endian systems.
+
+ * Makefile.in (TARGETS): Deleted eccdata, it should be build only
+ when public key support is enabled.
+ (clean-here): Exlicitly list it here.
+
+ * asm.m4 (m4_log2): New macro, similar to the one in gmp.
+ (ALIGN): Changed to take alignment in bytes. Updated all callers,
+ currently used only in x86 and x86_64 files.
+
+ * umac.h (umac32_ctx, umac64_ctx, umac96_ctx, umac128_ctx): Make
+ block count an uint64_t. Reorder some elements to put short values
+ together.
+ * umac-l2.c (_umac_l2, _umac_l2_final): Make count argument an uint64_t.
+ (_umac_l2): Deleted redundant memcpy.
+ (_umac_l2, _umac_l2_final): Store input buffer at end of the
+ poly64/poly128 state. Deleted l1_out from corresponding context
+ structs, and updated all callers.
+
+ * configure.ac: Changed version number to 2.7.
+ (LIBNETTLE_MINOR): Bumped library version, to 4.6.
+ (LIBHOGWEED_MINOR): And to 2.4.
+
+ * Makefile.in (distdir): Include files from armv7 subdirectory.
+
+ * x86_64/umac-nh-n.asm: New file, 3.5 time speedup.
+
+ * umac32.c (umac32_digest): Fix nonce caching.
+ * umac64.c (umac64_digest): Likewise.
+
+ * testsuite/umac-test.c (test_incr): New function.
+ (test_main): Test nonce increment.
+
+ * misc/umac/umac.py: UMAC reference implementation.
+ * misc/umac/rijndael.py: AES implementation used by umac.py.
+ * misc/umac/mkvectors: Script to generate UMAC test vectors.
+ * misc/umac/vectors.out: Generated test vectors.
+
+ * umac32.c (umac32_digest): Fix nonce increment, use INCREMENT
+ macro.
+ * umac64.c (umac64_digest): Likewise.
+ * umac96.c (umac96_digest): Likewise.
+ * umac128.c (umac128_digest): Likewise.
+
+ * macros.h (INCREMENT): Allow size == 1.
+
+2013-04-15 Niels Möller <nisse@lysator.liu.se>
+
+ * x86_64/umac-nh.asm: New file. 4.4 time speedup.
+
+ * armv7/umac-nh-n.asm: New file. 2.0-2.3 time speedup.
+
+ * testsuite/umac-test.c (test_align): Fixed memory leak.
+
+2013-04-12 Niels Möller <nisse@lysator.liu.se>
+
+ * armv7/umac-nh.asm: New file. 2.4 time speedup.
+
+ * armv7/machine.m4 (D0REG, D1REG): New macros.
+
+ * configure.ac (asm_replace_list): Added umac-nh.asm and
+ umac-nh-n.asm.
+
+ * testsuite/umac-test.c: Test different alignments for the
+ message.
+
+2013-04-11 Niels Möller <nisse@lysator.liu.se>
+
+ * umac-nh-n.c (_umac_nh_n): Rewrote as a single pass over the
+ message data.
+
+ * examples/nettle-benchmark.c (time_umac): New function.
+ (main): Call it.
+
+ * umac-set-key.c (_umac_set_key): Drop byteswapping of l3_key2, it
+ can be xored directly to the pad in native byteorder.
+ * umac-l3.c (_umac_l3): Drop key_2 argument, let caller do that
+ xor. Updated all callers.
+ * umac32.c (umac32_digest): Adapt to l3 changes.
+ * umac64.c (umac64_digest): Likewise.
+ * umac96.c (umac96_digest): Likewise.
+ * umac128.c (umac128_digest): Likewise.
+
+ Initial implementation of umac.
+ * umac.h: New file.
+ * umac-nh.c: New file.
+ * umac-nh-n.c: New file.
+ * umac-poly64.c: New file.
+ * umac-poly128.c: New file.
+ * umac-l2.c: New file.
+ * umac-l3.c: New file.
+ * Makefile.in (nettle_SOURCES): Added umac source files.
+ (HEADERS): Added umac.h.
+ * testsuite/umac-test.c: New file.
+ * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added umac-test.c.
+
+ * ecc-mul-a.c (ecc_mul_a): Avoid using mp_bitcnt_t, for
+ compatibility with older GMP versions.
+ * ecc-mul-g.c (ecc_mul_g): Likewise.
+ * eccdata.c (ecc_mul_binary): Likewise.
+ * sec-modinv.c (sec_modinv): Likewise.
+
+ * x86_64/sha3-permute.asm: Go via memory for moves between general
+ registers and xmm registers.
+
+2013-04-06 Niels Möller <nisse@lysator.liu.se>
+
+ From Edgar E. Iglesias:
+ * sha3.c (_sha3_update): Fix condition for when the block buffer
+ is full.
+
+2013-04-04 Niels Möller <nisse@lysator.liu.se>
+
+ * ecc-point.c (ecc_point_get): Allow NULL x or y, ignore
+ corresponding coordinate.
+
+ * nettle.texinfo (Elliptic curves): Document high-level ECDSA
+ support.
+
+ From Martin Storsjö. Fallback functions for older GMP releases.
+ * gmp-glue.c (mpn_copyd, mpn_copyi, mpn_zero): New functions.
+ * gmp-glue.h: Declare them.
+ (mpn_sqr): Fallback macro.
+
+ * gmp-glue.h (cnd_add_n, cnd_sub_n): Moved here, define in terms
+ of mpn_cnd_add_n and mpn_sub_n if available, otherwise in terms of
+ mpn_addmul_1 and mpn_submul_1. This seems to be an improvement for
+ subtraction, but more questionable for addition.
+
+ * ecc-internal.h: Include gmp-glue.h. Deleted corresponding
+ include in all files using ecc-internal.h.
+ (cnd_add_n, cnd_sub_n): Moved from here.
+
+2013-04-03 Niels Möller <nisse@lysator.liu.se>
+
+ * ecc-point-mul-g.c (ecc_point_mul_g): New file and function.
+ * ecc-point-mul.c (ecc_point_mul): New file and function.
+ * ecc.h: Updated declarations and name mangling.
+ * Makefile.in (hogweed_SOURCES): Added ecc-point-mul.c and
+ ecc-point-mul-g.c.
+
+ * testsuite/salsa20-test.c (test_main): Tests for salsa20r12,
+ contributed by Nikos Mavrogiannopoulos.
+
+2013-03-26 Niels Möller <nisse@lysator.liu.se>
+
+ * armv7/salsa20-core-internal.asm: New file. 45% speedup.
+
+2013-03-25 Niels Möller <nisse@lysator.liu.se>
+
+ From Martin Storsjö:
+ * examples/timing.c: New file, extracted from nettle-benchmark.c.
+ * examples/timing.h: New file.
+ * examples/Makefile.in (SOURCES): Added timing.c.
+ (DISTFILES): Added timing.h.
+ (BENCH_OBJS, ECC_BENCH_OBJS, HOGWEED_BENCH_OBJS): Added timing.o.
+ * examples/nettle-benchmark.c: Use timing.h.
+ * examples/hogweed-benchmark.c: Likewise.
+ * examples/ecc-benchmark.c: Likewise.
+
+ From Nikos Mavrogiannopoulos:
+ * salsa20r12-crypt.c (salsa20r12_crypt): New file and function.
+ * salsa20.h (salsa20r12_crypt): Declare.
+ * Makefile.in (nettle_SOURCES): Added salsa20r12-crypt.c.
+
+ From Martin Storsjö:
+ * examples/hogweed-benchmark.c: Include local headers.
+ * testsuite/ecdsa-keygen-test.c: Likewise.
+ * x86_64/sha3-permute.asm: Workaround for Apple's assembler; write
+ movq instructions as movd.
+
+ * Makefile.in (hogweed_PURE_OBJS): Don't include OPT_ASM_SOURCES
+ twice.
+
+2013-03-15 Niels Möller <nisse@lysator.liu.se>
+
+ * armv7/sha3-permute.asm: New file. 4.5 time speedup.
+
+ * armv7/machine.m4 (QREG): New macro.
+
+2013-03-14 Niels Möller <nisse@lysator.liu.se>
+
+ * configure.ac (asm_replace_list): Added sha3-permute.asm,
+ revering 2012-12-30 change. 34% speedup on intel i5, from 2190
+ cycles for the C implementation down to 1630.
+
+ * armv7/sha512-compress.asm: Optimized. Keep expanded data in
+ registers, exploit parallelism. Another 70% speedup.
+
+ * testsuite/sha512-test.c (test_main): Additional test vectors,
+ including some longer than 128 bytes.
+
+2013-03-13 Niels Möller <nisse@lysator.liu.se>
+
+ * armv7/sha512-compress.asm: New file, using neon instructions.
+ 2.3 time speedup.
+
+ * configure.ac (asm_replace_list): Added sha512-compress.asm.
+ * x86_64/machine.m4 (OFFSET64): New macro.
+ * x86_64/sha512-compress.asm: New file, 20% speedup.
+
+ * sha512-compress.c (ROUND): Eliminated a temporary, analogous to
+ sha256 change below.
+
+ * x86_64/sha256-compress.asm: New file, 16% speedup (benchmarked
+ on intel i5).
+
+2013-03-11 Niels Möller <nisse@lysator.liu.se>
+
+ * armv7/sha256-compress.asm: New file, 25% speedup.
+
+ * configure.ac (asm_replace_list): Added sha256-compress.asm.
+
+ * sha256-compress.c (ROUND): Eliminated a temporary.
+
+ * armv7/sha1-compress.asm: New file, 9% speedup.
+
+ * testsuite/testutils.c (test_hash): Test different alignments for
+ the hash input.
+
+2013-03-08 Niels Möller <nisse@lysator.liu.se>
+
+ * armv7/aes-decrypt-internal.asm: New file, 15% speedup.
+ * armv7/aes-encrypt-internal.asm: New file, 25% speedup.
+ * armv7/aes.m4: New file.
+
+2013-03-07 Niels Möller <nisse@lysator.liu.se>
+
+ * gmp-glue.c (mpz_limbs_cmp): Don't use PTR and SIZ macros.
+
+ * Makefile.in (aesdata, desdata, twofishdata, shadata, gcmdata)
+ (eccdata): Arrange for compiling these programs for running on the
+ build system, also when cross compiling everything else.
+
+ * config.make.in (CC_FOR_BUILD, EXEEXT_FOR_BUILD): New variables.
+
+ * configure.ac: Use GMP_PROG_CC_FOR_BUILD and
+ GMP_PROG_EXEEXT_FOR_BUILD.
+
+ * aclocal.m4 (GMP_PROG_CC_FOR_BUILD, GMP_PROG_CC_FOR_BUILD_WORKS)
+ (GMP_PROG_EXEEXT_FOR_BUILD): New macros, based on GMP's.
+
+ * aesdata.c: Deleted includes of config.h and nettle-types.h. Use
+ unsigned char and unsigned long instead of stdint.h types.
+
+ * desdata.c: Deleted includes of config.h and desCode.h.
+ (main): Return 1 on invalid argument. Don't use ROR macro. Use
+ unsigned long instead of uint32_t, and make it work if unsigned
+ long is larger than 32 bits.
+
+ * gcmdata.c: Deleted include of config.h and use UNUSED macro.
+ * shadata.c: Likewise.
+
+ * twofishdata.c: Deleted include of nettle-types.h. Use unsigned
+ char instead of stdint.h types.
+
+ * x86_64/ecc-521-modp.asm: New file. 2.4 time speedup.
+
+2013-03-06 Niels Möller <nisse@lysator.liu.se>
+
+ * x86_64/ecc-384-modp.asm: New file, 3 time speedup.
+ * x86_64/ecc-256-redc.asm: New file, 2.5 time speedup.
+ * x86_64/ecc-224-modp.asm: New file, 5 time speedup over C
+ version.
+
+2013-03-05 Niels Möller <nisse@lysator.liu.se>
+
+ * configure.ac (asm_optional_list): Added ecc-521-modp.asm.
+ * ecc-521.c: Check HAVE_NATIVE_ecc_521_modp, and use native
+ version if available.
+ * armv7/ecc-521-modp.asm: New file, 2 time speedup over C version.
+
+2013-03-04 Niels Möller <nisse@lysator.liu.se>
+
+ * configure.ac (asm_optional_list): Added ecc-384-modp.asm. Deleted
+ bogus reference to $asm_search_list.
+ * ecc-384.c: Check HAVE_NATIVE_ecc_384_modp, and use native
+ version if available.
+ * armv7/ecc-384-modp.asm: New file, 3 time speedup over C version.
+
+2013-03-03 Niels Möller <nisse@lysator.liu.se>
+
+ * ecc-256.c: Fixed definition of USE_REDC.
+
+2013-03-01 Niels Möller <nisse@lysator.liu.se>
+
+ * ecc-256.c: Check HAVE_NATIVE_ecc_256_redc, and use native
+ version if available.
+ * armv7/ecc-256-redc.asm: New file, 4 time speedup over C version.
+
+ * testsuite/ecc-redc-test.c: Increased test count.
+
+ * ecc-224.c: Check HAVE_NATIVE_ecc_224_modp, and use native
+ version if available.
+ * armv7/ecc-224-modp.asm: New file, 4.5 time speedup over C
+ version.
+
+ * configure.ac (asm_optional_list): Added ecc-224-modp.asm.
+ (OPT_ASM_SOURCES): Fixed assignment.
+
+2013-02-28 Niels Möller <nisse@lysator.liu.se>
+
+ * x86_64/ecc-192-modp.asm: Reorganized to reduce number of
+ additions. Use setc instruction.
+
+ * examples/Makefile.in: Let $(HOGWEED_TARGETS) depend on
+ ../libhogweed.a.
+
+ * armv7/ecc-192-modp.asm: New file. 2.5 time speedup over C
+ version.
+
+2013-02-27 Niels Möller <nisse@lysator.liu.se>
+
+ * ecc-192.c: Check HAVE_NATIVE_ecc_192_modp, and use native
+ version if available.
+ (ecc_192_modp): Fixed carry handling bug in 32-bit version.
+
+ * x86_64/ecc-192-modp.asm: New file. 3.8 times speedup over C
+ version.
+
+ * configure.ac (OPT_ASM_SOURCES): New substituted variable.
+ (asm_replace_list, asm_optional_list): New variables. For files in
+ asm_optional_list, also add them to OPT_ASM_SOURCES and define
+ appropriate HAVE_NATIVE_* symbols found.
+
+ * Makefile.in (OPT_ASM_SOURCES): New variable. Used for setting
+ hogweed_OBJS and hogweed_PURE_OBJS.
+
+ * testsuite/ecc-mod-test.c: Increased test count.
+
+ * ecc-384.c (ecc_384_modp): Fixed typo which broke carry handling
+ in the 64-bit version.
+
+ * examples/ecc-benchmark.c (bench_add_jjj): Typo fix, benchmark
+ the right function.
+
+ * gmp-glue.h: Check if GMP provides mpz_limbs_read (expected in
+ next release).
+ * gmp-glue.c: Use GMP's mpz_limbs_read and friends if available.
+ Renamed all functions for consistency with GMP. Updated all
+ callers.
+
+2013-02-20 Niels Möller <nisse@lysator.liu.se>
+
+ * examples/Makefile.in (HOGWEED_TARGETS): Added
+ hogweed-benchmark$(EXEEXT).
+ (SOURCES): Added hogweed-benchmark.c.
+ (hogweed-benchmark$(EXEEXT)): New target.
+
+ * examples/hogweed-benchmark.c: New file.
+
+ * ecdsa-keygen.c (ecdsa_generate_keypair): New file and function.
+ * Makefile.in (hogweed_SOURCES): Added ecdsa-keygen.c.
+ * testsuite/ecdsa-keygen-test.c: New testcase.
+ * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
+ ecdsa-keygen-test.c.
+
+ * nettle-internal.h (TMP_ALLOC): Added missing parentheses.
+
+2013-02-18 Niels Möller <nisse@lysator.liu.se>
+
+ * testsuite/ecdsa-verify-test.c: New testcase.
+ * testsuite/ecdsa-sign-test.c: New testcase.
+ * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
+ ecdsa-sign-test.c and ecdsa-verify-test.c.
+ * testsuite/testutils.h: Include ecdsa.h.
+ (SHEX): Deleted const cast.
+
+ * ecc-point.c: New file, struct ecc_point abstraction.
+ * ecc-scalar.c: New file, struct ecc_scalar abstraction.
+ * ecc-random.c (ecc_modq_random, ecc_scalar_random): New file, new
+ functions.
+ * ecc-hash.c (ecc_hash): New file and function.
+ * ecc-ecdsa-sign.c: New file, low-level signing interface.
+ * ecc-ecdsa-verify.c: New file, low-level ecdsa verify.
+ * ecdsa-sign.c: (ecdsa_sign): New file and function.
+ * ecdsa-verify.c (ecdsa_verify): New file and function.
+ * ecdsa.h: New header file.
+ * ecc.h: Declare ecc_point and ecc_scalar functions.
+ * ecc-internal.h: Added declarations.
+ * Makefile.in (hogweed_SOURCES): Added new source files.
+ (HEADERS): Added ecdsa.h.
+
+ * gmp-glue.c (_mpz_set_mpn): New convenience function.
+ (_mpn_set_base256): New function.
+ (_gmp_alloc_limbs): New function.
+ (_gmp_free_limbs): New function.
+ * gmp-glue.h: Corresponding declarations. Include nettle-stdinh.h.
+
+ * examples/Makefile.in (HOGWEED_TARGETS): Renamed, was
+ RSA_TARGETS. Added ecc-benchmark$(EXEEXT).
+ (SOURCES): Added ecc-benchmark.c.
+ (ecc-benchmark$(EXEEXT)): New target.
+
+ * examples/ecc-benchmark.c: New file, benchmarking ecc primitives.
+
+2013-02-15 Niels Möller <nisse@lysator.liu.se>
+
+ Integrate ecc_mul_a.
+ * ecc-a-to-j.c: New file.
+ * ecc-add-jjj.c: New file.
+ * ecc-mul-a.c: New file.
+ * Makefile.in (hogweed_SOURCES): Added new files.
+ * testsuite/ecc-mul-a-test.c: New file.
+ * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
+ ecc-mul-a-test.c.
+
+ * testsuite/testutils.c: Removed redundant includes.
+ (die): New function.
+
+ Integrate ecc_mul_g.
+ * ecc.h: New file.
+ * ecc-j-to-a.c: New file.
+ * ecc-size.c: New file.
+ * ecc-add-jja.c: New file.
+ * ecc-dup-jj.c: New file.
+ * ecc-mul-g.c: New file.
+ * sec-tabselect.c: New file.
+ * Makefile.in (hogweed_SOURCES): Added new files.
+ (HEADERS): Added ecc.h
+ * testsuite/ecc-mul-g-test.c: New file.
+ * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
+ ecc-mul-g-test.c.
+ * testsuite/testutils.c (xalloc_limbs): New function.
+ (test_mpn): New function.
+ (test_ecc_point): New function.
+ (test_ecc_mul_a): New function.
+ (test_ecc_mul_j): New function.
+ * testsuite/testutils.h: Corresponding declarations.
+
+ Integrate ECC internals.
+ * ecc-curve.h: New file.
+ * ecc-internal.h: New file.
+ * cnd-copy.c: New file.
+ * ecc-192.c: New file.
+ * ecc-224.c: New file.
+ * ecc-256.c: New file.
+ * ecc-384.c: New file.
+ * ecc-521.c: New file.
+ * ecc-generic-modp.c: New file.
+ * ecc-generic-modq.c: New file.
+ * ecc-generic-redc.c: New file.
+ * ecc-mod.c: New file.
+ * ecc-modp.c: New file.
+ * ecc-modq.c: New file.
+ * sec-add-1.c: New file.
+ * sec-modinv.c: New file.
+ * sec-sub-1.c: New file.
+ * Makefile.in (hogweed_SOURCES): Added new files.
+ (HEADERS): Added ecc-curve.h.
+ (DISTFILES): Added ecc-internal.h.
+ * testsuite/ecc-mod-test.c: New file.
+ * testsuite/ecc-modinv-test.c: New file.
+ * testsuite/ecc-redc-test.c: New file.
+ * testsuite/testutils.c (ecc_curves): New constant array.
+ * testsuite/testutils.h: Include ecc-related headers. Declare
+ ecc_curves array.
+ * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added ecc-mod-test.c
+ ecc-modinv-test.c ecc-redc-test.c.
+
+ * gmp-glue.c: New file, mpn <-> mpz conversions.
+ * gmp-glue.h: New file.
+ * Makefile.in: Added to hogweed_SOURCES and DISTFILES, respectively.
+
+ * eccdata.c: New program, for generating ECC-related tables.
+ * Makefile.in (ecc-192.h, ecc-224.h, ecc-256.h, ecc-384.h)
+ (ecc-512.h): New generated files.
+
+2013-02-19 Niels Möller <nisse@lysator.liu.se>
+
+ * armv7/memxor.asm (memxor): Software pipelining for the aligned
+ case. Runs at 6 cycles (0.5 cycles per byte). Delayed push of
+ registers until we know how many registers we need.
+ (memxor3): Use 3-way unrolling also for aligned memxor3.
+ Runs at 8 cycles (0.67 cycles per byte)
+
+2013-02-14 Niels Möller <nisse@lysator.liu.se>
+
+ * configure.ac: Find GMP's GMP_NUMB_BITS. Substitute in Makefile.
+ * config.make.in (GMP_NUMB_BITS): New variable.
+
+ * examples/rsa-keygen.c (uint_arg): New function.
+ (main): New options -s and -e, to specify key size and public
+ exponent. Increased default key size to 2048.
+
+2013-02-12 Niels Möller <nisse@lysator.liu.se>
+
+ * armv7/memxor.asm (memxor): Optimized aligned case, using 3-way
+ unrolling.
+
+2013-02-06 Niels Möller <nisse@lysator.liu.se>
+
+ * armv7/memxor.asm (memxor, memxor3): Optimized aligned case, now
+ runs at 0.75 cycles/byte.
+
+ * armv7/README: New file.
+ * armv7/machine.m4: New (empty) file.
+ * armv7/memxor.asm: Initial assembly implementation.
+
+ * config.m4.in: Substitute ASM_TYPE_PROGBITS as TYPE_PROGBITS.
+
+ * config.make.in: Added .s to the suffix list.
+
+ * Makefile.in (.asm.s): Use a separate make target for .asm
+ preprocessing. Include asm.d, which the corresponding
+ dependencies.
+
+ * configure.ac (asm_file_list): Collect assembly files into this
+ variable.
+ (asm.d): Make config.status write dependencies for .s files into
+ asm.d.
+ (ASM_ALIGN_LOG): Set to "no" when appropriate.
+ (ASM_TYPE_FUNCTION): Default to "@function".
+ (ASM_TYPE_PROGBITS): New substituted variable, set in the same way
+ as ASM_TYPE_FUNCTION.
+ (ASM_MARK_NOEXEC_STACK): Use TYPE_PROGBITS.
+ (asm_path): Set up asm_path for armv7.
+
+ * asm.m4: Use changecom to disable m4 quoting. Use divert to
+ suppress output.
+
+2013-02-05 Niels Möller <nisse@lysator.liu.se>
+
+ * testsuite/rsa-keygen-test.c (test_main): Updated expected
+ signatures, after the nettle_mpz_random change below.
+ * testsuite/dsa-test.c (test_main): Likewise. Also fixed the
+ dsa256 test to actually use the expected signature.
+
+2013-01-31 Niels Möller <nisse@lysator.liu.se>
+
+ * bignum-random.c (nettle_mpz_random): Increased number of extra
+ bits to 64, following FIPS 186-3.
+
+2013-01-16 Niels Möller <nisse@lysator.liu.se>
+
+ * Released nettle-2.6.
+
+2013-01-12 Niels Möller <nisse@lysator.liu.se>
+
+ * configure.ac: Use AC_LANG_SOURCE.
+
+2013-01-02 Niels Möller <nisse@lysator.liu.se>
+
+ * configure.ac (LIBNETTLE_MINOR): Bumped library version, to 4.5.
+ (LIBHOGWEED_MINOR): And to 2.3.
+
+ * examples/Makefile.in: Explicit rules for building objects in
+ parent directory.
+ * tools/Makefile.in: Likewise.
+ * testsuite/Makefile.in: Likewise.
+
+2013-01-01 Niels Möller <nisse@lysator.liu.se>
+
+ * nettle.texinfo (Recommended hash functions): Document additional
+ sha3 functions.
+
+ * examples/nettle-benchmark.c (main): Benchmark additional sha3
+ functions.
+
+2012-12-30 Niels Möller <nisse@lysator.liu.se>
+
+ * sha3-224.c, sha3-224-meta.c: New files.
+ * sha3-384.c, sha3-384-meta.c: New files.
+ * sha3-512.c, sha3-512-meta.c: New files.
+ * sha3.h: Prototypes for sha3 with sizes 224, 384 and 512.
+ * nettle-meta.h: Declare nettle_sha3_224, nettle_sha3_384 and
+ nettle_sha3_512.
+ * Makefile.in (nettle_SOURCES): Added new sha3 files.
+
+ * testsuite/sha3-224-test.c: New file.
+ * testsuite/sha3-384-test.c: New file.
+ * testsuite/sha3-512-test.c: New file.
+ * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added new sha3 test files.
+
+ * configure.ac: Disabled use of sha3-permute.asm.
+
+2012-12-20 Niels Möller <nisse@lysator.liu.se>
+
+ From Tim Rühsen:
+ * testsuite/des-compat-test.c (pt): Use proper prototype, use
+ const.
+ * testsuite/testutils.c (test_dsa_key): Deleted spurious
+ semicolon.
+
+2012-12-15 Niels Möller <nisse@lysator.liu.se>
+
+ Based on a patch from Alon Bar-Lev:
+ * Makefile.in (LIBTARGETS, SHLIBTARGET): Define as empty if static
+ or shared libraries, respectively, are disabled.
+ (TARGETS): Deleted @IF_SHARED@ conditional, now in the definition
+ of SHLIBTARGET.
+
+ From Alon Bar-Lev:
+ * configure.ac: Check for ar program. New option --disable-static.
+ * config.make.in (AR): Use configured value.
+
+2012-12-13 Niels Möller <nisse@lysator.liu.se>
+
+ * x86_64/sha3-permute.asm: Rewrote, to keep all state in
+ registers. 2400 cycles on x86_64, only slightly faster than the
+ current C code.
+
+2012-12-09 Niels Möller <nisse@lysator.liu.se>
+
+ * sha3-permute.c (sha3_permute): Rewrote to do permutation in
+ place. 80% speedup on x86_64, 2500 cycles.
+
+2012-12-04 Niels Möller <nisse@lysator.liu.se>
+
+ * ctr.c (ctr_crypt): Fix bug reported by Tim Kosse. Don't
+ increment the counter when length is zero (was broken for the
+ in-place case).
+
+ * testsuite/ctr-test.c (test_main): Added test with zero-length
+ data.
+ * testsuite/testutils.c (test_cipher_ctr): Check the ctr value
+ after encrypt and decrypt.
+
+2012-12-03 Niels Möller <nisse@lysator.liu.se>
+
+ * sha3-permute.c (sha3_permute): Optimized, to reduce number of
+ passes over the data. 20% speedup on x86_64, 4700 cycles.
+
+ * configure.ac: Added sha3-permute.asm.
+
+ * x86_64/sha3-permute.asm: New file. 30% speedup over current C
+ code, 4300 cycles.
+
+ * nettle.texinfo (Hash functions): Split into several sections,
+ separating recommended hash functions and legacy hash functions.
+ Document sha3-256.
+
+2012-12-02 Niels Möller <nisse@lysator.liu.se>
+
+ Split sha.h into new files sha1.h and sha2.h. Replaced all
+ internal usage of sha.h in all files.
+ * sha.h: Kept for compatibility, just includes both new files.
+ * sha1.h: New file.
+ * sha2.h: New file.
+ * Makefile.in (HEADERS): Added sha1.h and sha2.h.
+
+2012-11-28 Niels Möller <nisse@lysator.liu.se>
+
+ From Fredrik Thulin:
+ * testsuite/pbkdf2-test.c (test_main): Add PBKDF2-HMAC-SHA512 test
+ cases.
+
+2012-11-15 Niels Möller <nisse@lysator.liu.se>
+
+ * sha3-permute.c (sha3_permute): Use ULL suffix on round
+ constants. Avoid passing shift count 0 to ROTL64.
+
+ * sha3.c (sha3_absorb): Fixed big-endian code. Need macros.h.
+
+ * macros.h (LE_READ_UINT64): New macro.
+
+2012-11-13 Niels Möller <nisse@lysator.liu.se>
+
+ * sha3-permute.c (sha3_permute): Micro optimizations. Partial
+ unrolling. Use lookup table for the permutation. On an x86_64,
+ execution time reduced from appr. 13000 cycles to appr. 6000.
+
+ * examples/nettle-benchmark.c (TIME_CYCLES): New macro.
+ (bench_sha1_compress, bench_salsa20_core): Use it.
+ (bench_sha3_permute): New function.
+ (main): Call bench_sha3_permute.
+
+2012-11-12 Niels Möller <nisse@lysator.liu.se>
+
+ * examples/nettle-benchmark.c (main): Benchmark sha3_256.
+
+ * sha3-permute.c: New file. Permutation function for sha3, aka
+ Keccak.
+ * sha3.h: New header file.
+ * sha3.c: New file, absorption and padding for sha3.
+ * sha3-256.c: New file.
+ * sha3-256-meta.c: New file.
+ * nettle-meta.h (nettle_sha3_256): Declare.
+ * Makefile.in (nettle_SOURCES): Added sha3 files.
+ (HEADERS): Added sha3.h.
+ * testsuite/sha3.awk: New file. Script to extract test vectors.
+ * testsuite/sha3-256-test.c: New file.
+ * testsuite/sha3-permute-test.c: New file.
+ * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
+ sha3-permute-test.c and sha3-256-test.c.
+ (DISTFILES): Added sha3.awk.
+ * testsuite/.test-rules.make: Added sha3 targets.
+
+ * macros.h (LE_WRITE_UINT64): New macro.
+ * write-le64.c (_nettle_write_le64): New file and function.
+ * nettle-write.h (_nettle_write_le64): Declare. Also deleted
+ declaration of non-existent _nettle_write_be64.
+ * Makefile.in (nettle_SOURCES): Added write-le64.c.
+
+ * macros.h (ROTL64): New macro, moved from...
+ * sha512-compress.c (ROTL64): ... old location, deleted.
+
+ * serpent-internal.h [HAVE_NATIVE_64_BIT] (DROTL32): Renamed from...
+ (ROTL64): ... old name.
+ (DRSHIFT32): Renamed from ...
+ (RSHIFT64): ... old name.
+ * serpent-encrypt.c (LINEAR_TRANSFORMATION64): Updated for above
+ renames.
+ * serpent-decrypt.c (LINEAR_TRANSFORMATION64_INVERSE): Likewise.
+
+2012-11-11 Niels Möller <nisse@lysator.liu.se>
+
+ From Nikos Mavrogiannopoulos:
+ * nettle.texinfo (Hash functions): Added documentation for
+ gosthash94.
+ * examples/nettle-benchmark.c (main): Benchmark gosthash94.
+
+2012-11-10 Niels Möller <nisse@lysator.liu.se>
+
+ * nettle.texinfo (nettle_hashes, nettle_ciphers): Use deftypevr,
+ not deftypevrx. Spotted by Nikos Mavrogiannopoulos.
+
+2012-11-08 Niels Möller <nisse@lysator.liu.se>
+
+ Gost hash function, ported from Aleksey Kravchenko's rhash library
+ by Nikos Mavrogiannopoulos.
+ * gosthash94.c: New file.
+ * gosthash94.h: New file.
+ * gosthash94-meta.c: New file.
+ * nettle-meta.h (nettle_gosthash94): Declare.
+ * Makefile.in (nettle_SOURCES): Added gosthash94.c and
+ gosthash94-meta.c.
+ (HEADERS): Added gosthash94.h.
+ * testsuite/gosthash94-test.c: New file.
+ * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
+ gosthash94-test.c.
+
+2012-10-29 Niels Möller <nisse@lysator.liu.se>
+
+ From Martin Storsjö:
+ * configure.ac (dummy-dep-files): Avoid non-posix \|-operator in
+ sed regexp.
+
+2012-10-29 Niels Möller <nisse@lysator.liu.se>
+
+ * x86_64/salsa20-core-internal.asm: New file.
+ * configure.ac: Added salsa20-core-internal.asm.
+ * examples/nettle-benchmark.c (bench_salsa20_core): New function.
+
+2012-10-27 Niels Möller <nisse@lysator.liu.se>
+
+ * testsuite/Makefile.in (TS_SOURCES, CXX_SOURCES): Include sources
+ unconditionally.
+ (TS_CXX): Moved @IF_CXX@ conditional here.
+ (DISTFILES): Use $(SOURCES), which now includes all C source
+ files. testutils.c was lost in a the 2012-09-20 change.
+
+ * x86_64/salsa20-crypt.asm: Include x86_64/salsa20.m4.
+ Make all exits go via .Lend and W64_EXIT.
+
+ * x86_64/salsa20.m4: New file, extracted from
+ x86_64/salsa20-crypt.asm.
+
+2012-10-26 Niels Möller <nisse@lysator.liu.se>
+
+ * configure.ac (LIBNETTLE_LINK, LIBHOGWEED_LIBS): Add $(CFLAGS) on
+ the link command line. Reported by Dennis Clarke.
+
+2012-10-03 Niels Möller <nisse@lysator.liu.se>
+
+ From: Nikos Mavrogiannopoulos:
+ * testsuite/testutils.c (test_hash): On failure, print the
+ expected and returned hash values.
+
+2012-09-23 Niels Möller <nisse@lysator.liu.se>
+
+ * Makefile.in (nettle_SOURCES): Added salsa20-core-internal.c.
+
+ * salsa20-core-internal.c (_salsa20_core): New file and function,
+ extracted from salsa20_crypt.
+ * salsa20.h (_salsa20_core): Declare it.
+ * salsa20-crypt.c (salsa20_crypt): Use _salsa20_core.
+
+2012-09-21 Niels Möller <nisse@lysator.liu.se>
+
+ * pbkdf2.c (pbkdf2): assert that iterations > 0. Reorganized
+ loops.
+
+ * nettle.texinfo (Cipher functions): Stress that the salsa20 hash
+ function is not suitable as a general hash function.
+
+2012-09-20 Simon Josefsson <simon@josefsson.org>
+
+ * pbkdf2-hmac-sha1.c, pbkdf2-hmac-sha256.c: New files.
+ * pbkdf2.h (pbkdf2_hmac_sha1, pbkdf2_hmac_sha256): New prototypes.
+ * Makefile.in (nettle_SOURCES): Add pbkdf2-hmac-sha1.c and
+ pbkdf2-hmac-sha256.c.
+ * nettle.texinfo (Key derivation functions): Improve.
+ * testsuite/pbkdf2-test.c (test_main): Test new functions.
+
+2012-09-20 Niels Möller <nisse@lysator.liu.se>
+
+ * pbkdf2.c (pbkdf2): Reordered arguments, for consistency.
+ * pbkdf2.h (PBKDF2): Analogous reordering.
+ * testsuite/pbkdf2-test.c: Adapted to new argument order. Also use
+ LDATA for the salt.
+ * nettle.texinfo (Key derivation functions): Updated documented
+ pbkdf2 prototype.
+
+ * testsuite/Makefile.in (VALGRIND): New variable, to make valgrind
+ checking easier.
+
+ * configure.ac: New substitution IF_CXX, replacing CXX_TESTS.
+ (dummy-dep-files): Handle .cxx files.
+
+ * testsuite/Makefile.in: Use IF_CXX. Include dependency file for
+ cxx-test.o.
+
+2012-09-19 Niels Möller <nisse@lysator.liu.se>
+
+ From Tim Rühsen:
+ * examples/rsa-encrypt.c (main): Added missing mpz_clear.
+ * examples/rsa-keygen.c (main): Added missing deallocation.
+
+ * testsuite/meta-hash-test.c (test_main): Validate
+ NETTLE_MAX_HASH_DIGEST_SIZE.
+
+ * pbkdf2.h (PBKDF2): New macro.
+ * testsuite/pbkdf2-test.c: Use it.
+
+2012-09-12 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Mention addition of PBKDF2.
+ * pbkdf2.c (pbkdf2): New file and function.
+ * pbkdf2.h: Declare it.
+ * Makefile.in (nettle_SOURCES): Add pbkdf2.c.
+ (HEADERS): Add pbkdf2.h.
+ * nettle.texinfo (Key derivation functions): New section.
+ * testsuite/pbkdf2-test.c: New test case.
+ * testsuite/Makefile.in (TS_NETTLE_SOURCES): Add pbkdf2-test.c.
+ * testsuite/.test-rules.make (pbkdf2-test): New target.
+
+2012-09-16 Niels Möller <nisse@lysator.liu.se>
+
+ * testsuite/: Overhaul of testsuite, affecting almost all files.
+ + Use struct tstring for allocated strings, and deallocate before
+ exit.
+ + Changed most test functions to take struct tstring as arguments.
+ + Made all test_main return on success.
+
+ * testsuite/testutils.h (struct tstring): New struct type.
+ (H2, HL, MEMEQH, SUCCESS): Deleted macros.
+ (SHEX, SDATA): New macros.
+ (H): Redefined to track storage.
+
+ * testsuite/testutils.c (tstring_alloc): New function.
+ (tstring_clear): New function.
+ (tstring_data): New function.
+ (tstring_hex): New function.
+ (tstring_print_hex): New function.
+ (decode_hex_length): Made static.
+ (decode_hex): Made static. No return value, abort on error.
+ (main): Expect test_main to return, and call tstring_clear before
+ exit.
+ (test_dsa_key): Added missing mpz_clear.
+ (test_mac): Deleted unused function.
+
+ * testsuite/rsa2sexp-test.c (test_main): Added missing
+ nettle_buffer_clear.
+
+ * testsuite/yarrow-test.c (open_file): Don't leak filename.
+ (test_main): fclose input file properly.
+
+ * testsuite/sexp-format-test.c (test_main): Added missing calls to
+ nettle_buffer_clear and mpz_clear.
+
+ * testsuite/serpent-test.c (tstring_hex_reverse): New function,
+ replacing...
+ (decode_hex_reverse): ... deleted function.
+ (RHEX): New macro, replacing...
+ (RH, RHL): ... deleted macros.
+
+ * testsuite/rsa2sexp-test.c (test_main): Added missing
+ nettle_buffer_clear.
+
+ * testsuite/random-prime-test.c (test_main): Added missing
+ mpz_clear.
+
+ * realloc.c (nettle_realloc): Only call libc realloc if length >
+ 0, otherwise call free. Fixes a small memory leak.
+ (nettle_xrealloc): Likewise.
+
+ * run-tests (test_program): Don't quote $EMULATOR; allow it to
+ expand to program and arguments (e.g., valgrind).
+
+ * tools/pkcs1-conv.c (convert_public_key): Added missing calls to
+ dsa_public_key_clear and rsa_public_key_clear.
+ (main): Added missing nettle_buffer_clear.
+
+2012-09-10 Niels Möller <nisse@lysator.liu.se>
+
+ * examples/eratosthenes.c (main): Explicitly deallocate storage
+ before exit.
+
+ * examples/io.c (read_file): Explicitly treat an empty file as an
+ error. Rearrange loop, check for short fread return value.
+
+ * desdata.c: Don't declare printf, include <stdio.h> instead. Also
+ deleted casts of printf return value.
+
+ From Tim Rühsen:
+ * examples/nettle-benchmark.c (die): Use PRINTF_STYLE attribute.
+ * pgp-encode.c (pgp_put_rsa_sha1_signature): Deleted unused variable.
+ * rsa2openpgp.c (rsa_keypair_to_openpgp): Likewise.
+ * examples/base16enc.c (main): Deleted useless allocations.
+
+2012-09-07 Niels Möller <nisse@lysator.liu.se>
+
+ * examples/nettle-benchmark.c (die): Add NORETURN attribute. Patch
+ from Tim Rühsen.
+ * tools/misc.h (die, werror): Use PRINTF_STYLE and NORETURN macros
+ for attributes. Patch from Tim Rühsen.
+
+ * examples/io.h (werror): Use PRINTF_STYLE macro.
+
+2012-08-22 Niels Möller <nisse@lysator.liu.se>
+
+ From Sam Thursfield <sam.thursfield@codethink.co.uk>:
+ * configure.ac: Make documentation optional, to avoid requiring
+ TeX. New option --disable-documentation, and Makefile substitution
+ IF_DOCUMENTATION.
+ * Makefile.in: Use IF_DOCUMENTATION.
+
+2012-07-12 Niels Möller <nisse@lysator.liu.se>
+
+ * asm.m4 (ALIGN): Use << operator rather than **, with m4 eval.
+ The latter is not supported by BSD m4.
+
+2012-07-07 Niels Möller <nisse@lysator.liu.se>
+
+ Copyright headers: Updated FSF address. Patch from David Woodhouse.
+
+ * examples/Makefile.in (BENCH_LIBS): Added -lm, needed for the
+ ldexp function. Reported by Anthony G. Basile.
+
+ * configure.ac: Changed version number to 2.6.
+
+ * Released nettle-2.5.
+
+2012-07-05 Niels Möller <nisse@lysator.liu.se>
+
+ * x86_64/salsa20-crypt.asm (salsa20_crypt): Write the 64-bit movq
+ instructions as "movd", since that makes the osx assembler
+ happier. Assembles to the same machine code on gnu/linux.
+
+2012-07-03 Niels Möller <nisse@lysator.liu.se>
+
+ * aclocal.m4 (LSH_FUNC_ALLOCA): In the config.h boilerplate,
+ include malloc.h if it exists, also when compiling with gcc.
+ Needed for cross-compiling with --host=i586-mingw32msvc.
+
+ * examples/base16dec.c: Don't #include files using <nettle/...>,
+ we don't want to pick up installed versions. On windows, include
+ <fcntl.h>, needed for _setmode.
+ * examples/base16enc.c: Likewise.
+ * examples/base64dec.c: Likewise.
+ * examples/base64enc.c: Likewise
+
+ * nettle.texinfo (Cipher functions): Document Salsa20.
+
+2012-06-25 Niels Möller <nisse@lysator.liu.se>
+
+ * pkcs1.c (_pkcs1_signature_prefix): Renamed function, adding a
+ leading underscore. Updated all callers.
+
+ * bignum-next-prime.c (nettle_next_prime): Consistently use the
+ type nettle_random_func * (rather then just nettle_random_func)
+ when passing the function pointer as argument. Similar change for
+ nettle_progress_func. Should have been done for the 2.0 release,
+ but a few arguments were overlooked.
+ * bignum-random-prime.c (_nettle_generate_pocklington_prime)
+ (nettle_random_prime): Likewise.
+ * bignum-random.c (nettle_mpz_random_size, nettle_mpz_random):
+ Likewise.
+ * dsa-keygen.c (dsa_generate_keypair): Likewise.
+ * dsa-sha1-sign.c (dsa_sha1_sign_digest, dsa_sha1_sign): Likewise.
+ * dsa-sha256-sign.c (dsa_sha256_sign_digest, dsa_sha256_sign):
+ Likewise.
+ * dsa-sign.c (_dsa_sign): Likewise.
+ * pkcs1-encrypt.c (pkcs1_encrypt): Likewise.
+ * rsa-blind.c (_rsa_blind): Likewise.
+ * rsa-decrypt-tr.c (rsa_decrypt_tr): Likewise.
+ * rsa-encrypt.c (rsa_encrypt): Likewise.
+ * rsa-keygen.c (rsa_generate_keypair): Likewise.
+ * rsa-pkcs1-sign-tr.c (rsa_pkcs1_sign_tr): Likewise.
+
+ * cbc.c (cbc_encrypt, cbc_decrypt): Similarly, use the type
+ nettle_crypt_func * rather than just nettle_crypt_func.
+ * ctr.c (ctr_crypt): Likewise.
+ * gcm.c (gcm_set_key): Likewise.
+
+ * testsuite/des-compat-test.c (test_main): Disable declarations of
+ disabled functions and variables, to avoid warnings. No verbose
+ output unless verbose flag is set.
+
+2012-06-09 Niels Möller <nisse@lysator.liu.se>
+
+ * examples/Makefile.in (SOURCES): Added base16dec.c, forgotten
+ earlier.
+
+ General pkcs1 signatures, with a "DigestInfo" input. Suggested by
+ Nikos Mavrogiannopoulos.
+ * Makefile.in (hogweed_SOURCES): Added pkcs1-rsa-digest.c,
+ rsa-pkcs1-sign.c, rsa-pkcs1-sign-tr.c, and rsa-pkcs1-verify.c.
+
+ * pkcs1-rsa-digest.c (pkcs1_rsa_digest_encode): New file and
+ function.
+ * pkcs1.h: Declare it.
+
+ * rsa-pkcs1-verify.c (rsa_pkcs1_verify): New file and function.
+ * rsa-pkcs1-sign.c (rsa_pkcs1_sign): New file and function.
+ * rsa-pkcs1-sign-tr.c (rsa_pkcs1_sign_tr): New file and function,
+ contributed by Nikos Mavrogiannopoulos.
+ * rsa.h: Declare new functions.
+
+ * rsa.h (_rsa_blind, _rsa_unblind): Declare functions.
+ * rsa-blind.c (_rsa_blind, _rsa_unblind): Functions moved to a
+ separate file, renamed and made non-static. Moved from...
+ * rsa-decrypt-tr.c: ... here.
+
+2012-06-03 Niels Möller <nisse@lysator.liu.se>
+
+ * testsuite/pkcs1-test.c (test_main): Include leading zero in
+ expected result.
+
+ * pkcs1.c (pkcs1_signature_prefix): Return pointer to where the
+ digest should be written. Let the size input be the key size in
+ octets, rather then key size - 1.
+ * pkcs1-rsa-*.c: Updated for above.
+ * rsa-*-sign.c, rsa-*-verify.c: Pass key->size, not key->size - 1.
+
+2012-05-18 Niels Möller <nisse@lysator.liu.se>
+
+ * pkcs1-encrypt.c (pkcs1_encrypt): New file and function.
+ * rsa-encrypt.c (rsa_encrypt): Use pkcs1_encrypt.
+
+2012-05-09 Niels Möller <nisse@lysator.liu.se>
+
+ * rsa-decrypt-tr.c (rsa_decrypt_tr): Added missing mpz_clear,
+ spotted by Nikos Mavrogiannopoulos.
+
+2012-05-07 Niels Möller <nisse@lysator.liu.se>
+
+ * nettle-types.h (_STDINT_HAVE_INT_FAST32_T): Define here, to
+ force nettle-stdint.h to not try to define the int_fast*_t types.
+ Avoids compilation problems with gnutls on SunOS-5.8, where the
+ definitions here collide with gnulib's.
+
+2012-04-23 Niels Möller <nisse@lysator.liu.se>
+
+ * nettle-internal.h (NETTLE_MAX_BIGNUM_SIZE): New constant. Based
+ on NETTLE_MAX_BIGNUM_BITS, rounded upwards. Replaced all uses of
+ NETTLE_MAX_BIGNUM_BITS.
+
+2012-04-19 Niels Möller <nisse@lysator.liu.se>
+
+ * list-obj-sizes.awk: Use decimal rather than hexadecimal output.
+ (hex2int): Use local variables.
+
+2012-04-18 Niels Möller <nisse@lysator.liu.se>
+
+ * x86_64/salsa20-crypt.asm: New file.
+
+2012-04-17 Niels Möller <nisse@lysator.liu.se>
+
+ * testsuite/salsa20-test.c (test_salsa20_stream): Check that
+ salsa20_crypt doesn't write beyond the given destination area.
+ (test_salsa20): Likewise.
+
+ * salsa20-crypt.c: Renamed file, from...
+ * salsa20.c: ... old name.
+
+ * x86_64/machine.m4 (WREG): New macro.
+
+ * salsa20.c (salsa20_hash): Deleted function, inlined into
+ salsa20_crypt.
+ (salsa20_set_key, salsa20_set_iv): Moved, to...
+ * salsa20-set-key.c: ...new file.
+
+2012-04-15 Niels Möller <nisse@lysator.liu.se>
+
+ * testsuite/salsa20-test.c (test_salsa20_stream): New function.
+ (test_main): Tests for encrypting more than one block at a time.
+
+2012-04-14 Niels Möller <nisse@lysator.liu.se>
+
+ * examples/io.c (write_file): Use write_string.
+
+ * examples/Makefile.in (base64enc): New targets. Also
+ added missing io.o dependency to several other targets.
+ (base64dec, base16enc, base16dec): Likewise.
+
+ * examples/base64enc.c: New file, based on example code
+ contributed by Jeronimo Pellegrini.
+ * examples/base64dec.c: Likewise.
+ * examples/base16enc.c: Likewise.
+ * examples/base16dec.c: Likewise.
+
+ * examples/rsa-encrypt.c (process_file): Reorganized fread loop.
+ (usage): New function.
+ (main): Implemented --help option.
+
+ * examples/rsa-decrypt.c (process_file): Improved error message
+ for too short input file.
+
+ * aes-set-decrypt-key.c (gf2_log, gf2_exp): Deleted tables.
+ (mult, inv_mix_column): Deleted functions.
+ (mtable): New table.
+ (MIX_COLUMN): New macro.
+ (aes_invert_key): Use MIX_COLUMN and mtable.
+
+ * aesdata.c (compute_mtable): New table, for the inv mix column
+ operation in aes_invert_key.
+
+2012-04-13 Niels Möller <nisse@lysator.liu.se>
+
+ * aes-set-encrypt-key.c (aes_set_encrypt_key): Use LE_READ_UINT32.
+ Tabulate the needed "round constants".
+ (xtime): Deleted function.
+
+ * aes-internal.h (SUBBYTE): Cast to uint32_t. Use B0, ..., B3
+ macros.
+
+2012-04-09 Niels Möller <nisse@lysator.liu.se>
+
+ Timing resistant RSA decryption, based on RSA blinding code
+ contributed by Nikos Mavrogiannopoulos.
+ * rsa-decrypt-tr.c (rsa_decrypt_tr): New function.
+ (rsa_blind): Helper function.
+ (rsa_unblind): Helper function.
+ * rsa.h: Declare rsa_decrypt_tr. Some cleanups, no longer include
+ nettle-meta.h, more consistent declarations of function pointer
+ arguments.
+ * testsuite/rsa-encrypt-test.c (test_main): Test rsa_decrypt_tr.
+ Check for writes past the end of the message area.
+
+ * Makefile.in (hogweed_SOURCES): Added pkcs1-decrypt.c.
+ * rsa-decrypt.c (rsa_decrypt): Use pkcs1_decrypt.
+ * pkcs1-decrypt.c (pkcs1_decrypt): New file and function,
+ extracted from rsa_decrypt.
+
+2012-04-01 Niels Möller <nisse@lysator.liu.se>
+
+ * salsa20.c (LE_SWAP32): Typo fix for big-endian case.
+ (QROUND): New macro.
+ (salsa20_hash): Use it.
+
+2012-03-31 Niels Möller <nisse@lysator.liu.se>
+
+ * salsa20.c: (salsa20_set_iv): Deleted size argument, only one
+ size allowed.
+ (U8TO32_LITTLE): Deleted macro. Use LE_READ_UINT32 instead, which
+ avoids unaligned reads.
+ (salsa20_set_key): Rearranged slightly, to avoid unnecessary
+ byte-to-word conversions.
+
+ (LE_SWAP32): Renamed macro from...
+ (U32TO32_LITTLE): ... old name.
+ (U32TO8_LITTLE): Deleted macro.
+ (salsa20_wordtobyte): Renamed function to...
+ (salsa20_hash): ... new name. Changed output argument from byte
+ array to word array. Use memxor3, which brings a considerable
+ performance gain.
+
+ * nettle-internal.c (salsa20_set_key_hack): Updated salsa20_set_iv
+ call.
+ * testsuite/salsa20-test.c (test_salsa20): Deleted iv_length
+ argument, updated all calls.
+
+ * salsa20.h (SALSA20_BLOCK_SIZE): New constant.
+ (_SALSA20_INPUT_LENGTH): New constant.
+ * salsa20.c: Use these constants.
+
+ * salsa20.c (ROTL32): Deleted macro, use the one from macros.h
+ instead, with reversed order of arguments.
+ (ROTATE, XOR, PLUS, PLUSONE): Deleted macros, use ROTL32 and
+ builtin operators directly.
+
+ Unification of rotation macros.
+ * macros.h (ROTL32): New macro, to replace (almost) all other
+ rotation macros.
+
+ * aes-set-encrypt-key.c: Include macros.h.
+ (aes_set_encrypt_key): Use ROTL32.
+ * aes-internal.h (ROTBYTE, ROTRBYTE): Deleted macros.
+
+ * camellia-internal.h (ROL32): Deleted macro.
+ (ROTL128): Renamed for consistency, from...
+ (ROL128): ... old name.
+ * camellia-crypt-internal.c: Updated for renamed rotation macros.
+ * camellia-set-encrypt-key.c: Likewise.
+ * cast128.c (ROL): Deleted macro.
+ (F1, F2, F3): Updated to use ROTL32 (reversed order of arguments).
+ Also added proper do { ... } while (0) wrappers.
+
+ * ripemd160-compress.c (ROL32): Deleted macro.
+ (R): Updated to use ROTL32 (reversed order of arguments).
+
+ * serpent-internal.h (ROL32): Deleted macro.
+ (ROTL64): Renamed (from ROL64) and reorderd arguments, for
+ consistency.
+ (RSHIFT64): Reordered arguments, for consistency.
+ * serpent-decrypt.c: Updated for renamed rotation macros, with
+ reversed argument order.
+ * serpent-encrypt.c: Likewise.
+ * serpent-set-key.c: Likewise.
+
+ * sha1-compress.c (ROTL): Deleted macro, use ROTL32 instead.
+
+ * sha256-compress.c (ROTR): Deleted macro. Replaced by ROTL32,
+ with complemented shift count.
+ (SHR): Deleted macro, use plain shift operator instead.
+
+ * sha512-compress.c (ROTR): Deleted macro, replaced by...
+ (ROTL64): ...new macro, with complemented shift count
+ (SHR): Deleted macro, use plain shift operator instead.
+ (S0, S1, s0, s1): Updated accordingly.
+
+2012-03-30 Niels Möller <nisse@lysator.liu.se>
+
+ * nettle-internal.c (nettle_salsa20): Cipher struct for
+ benchmarking only. Sets a fix zero IV, and ignores block size.
+ * nettle-internal.h (nettle_salsa20): Declare it.
+
+ * examples/nettle-benchmark.c (block_cipher_p): New function.
+ (time_cipher): Use block_cipher_p.
+ (main): Include salsa20 in benchmark.
+
+ * Makefile.in (soname link): Fixed logic.
+ (nettle_SOURCES): Removed nettle-internal.c, so that it's not
+ part of the library...
+ (internal_SOURCES): ...and put it here.
+ * testsuite/Makefile.in (TEST_OBJS): Added ../nettle-internal.o.
+ * examples/Makefile.in (BENCH_OBJS): New variable, to simplify the
+ nettle-benchmark rule. Also link with ../nettle-internal.o.
+
+2012-03-29 Niels Möller <nisse@lysator.liu.se>
+
+ Implementation of Salsa20, contributed by Simon Josefsson.
+ * salsa20.h: New file.
+ * salsa20.c: New file.
+ * Makefile.in (nettle_SOURCES): Added salsa20.c
+ (HEADERS): Added salsa20.h.
+ * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added salsa20-test.c.
+ * testsuite/salsa20-test.c: New test case.
+
+ * Makefile.in (soname links): Adding missing space before ].
+
+2012-03-23 Niels Möller <nisse@lysator.liu.se>
+
+ * arcfour.h (arcfour_stream): Deleted obsolete prototype.
+
+2012-03-05 Niels Möller <nisse@lysator.liu.se>
+
+ * configure.ac (enable_shared): Build shared libraries by default.
+
+2012-03-04 Niels Möller <nisse@lysator.liu.se>
+
+ * configure.ac (LIBNETTLE_MINOR): Bumped library version, to 4.4.
+ (LIBHOGWEED_MINOR): And to 2.2.
+
+2012-02-27 Niels Möller <nisse@lysator.liu.se>
+
+ * list-obj-sizes.awk: Recognize elf64 objects.
+
+ * Makefile.in (.texinfo.dvi): Pass -b option to texi2dvi.
+
+ * Makefile.in (TARGETS): Added twofishdata.
+ (SOURCES): Added twofishdata.c.
+ (twofishdata): New rule.
+
+ * twofish.c (q0, q1): Made const, and reformatted to match the
+ twofishdata program.
+
+ * twofishdata.c: Resurrected old file. Used to be called
+ generate_q.c, when the twofish code was contributed back in 1999.
+
+ * nettle.texinfo: Documentation for base16 and base64 encoding.
+ Text contributed by Jeronimo Pellegrini
+ <pellegrini@mpcnet.com.br>, back in April 2006.
+
+2012-02-18 Niels Möller <nisse@lysator.liu.se>
+
+ * run-tests, getopt.c, getopt1.c, getopt.h: These files were moved
+ to the top-level in the conversion to an independent git
+ repository. They used to be symlinks to lsh files, from the
+ subdirectories which use them.
+
+ * Makefile.in: Build and distribute getopt files. Distribute
+ run-tests script.
+ * examples/Makefile.in: Adapt to getopt files and the run-tests
+ script now located in the parent directory.
+ * testsuite/Makefile.in: Likewise.
+ * tools/Makefile.in: Likewise.
+
+ * index.html: Converted to xhtml (from lsh repository, change
+ dated 2012-02-03). Updated git instructions.
+
+ * nettle.texinfo: Updated charset declaration.
+ * misc/plan.html: Likewise.
+
+2012-01-17 Niels Möller <nisse@lysator.liu.se>
+
+ * testsuite/Makefile.in (DISTFILES): Added setup-env.
+
+ * examples/rsa-decrypt.c (main): Use _setmode rather than setmode,
+ suggested by Eli Zaretskii. Affects windows builds only.
+ * examples/rsa-encrypt.c: Likewise.
+
+ * Makefile.in ($(LIBNETTLE_FORLINK)): Always create a .lib symlink
+ to the library file. Use LN_S.
+ ($(LIBHOGWEED_FORLINK)): Likewise.
+
+ (install-shared-nettle): Use LN_S.
+ (install-shared-hogweed): Likewise.
+
+ * configure.ac: Use AC_PROG_LN_S.
+ * config.make.in (LN_S): New substitution.
+
+ * testsuite/setup-env: New file. Wine workaround. Can't get
+ ../.lib into wine's dll search path, so create additional
+ symlinks.
+ * testsuite/teardown-env: ...and delete them here. Also delete
+ file testtmp.
+ * examples/setup-env: Similar links setup here.
+ * examples/teardown-env: ... and deleted.
+
+2012-01-07 Niels Möller <nisse@lysator.liu.se>
+
+ * examples/Makefile.in (check): Add ../.lib to PATH, like in
+ testsuite/Makefile. Needed for w*ndows. Reported by Eli Zaretskii.
+
+2011-11-25 Niels Möller <nisse@lysator.liu.se>
+
+ From Martin Storsjö:
+ * x86_64/machine.m4 (W64_ENTRY, W64_EXIT): New macros for
+ supporting W64 ABI.
+ * x86_64: Updated all assembly files to use them.
+
+ * configure.ac (W64_ABI): New variable, set when compiling for
+ W64 ABI (64-bit M$ windows).
+ * config.m4.in (W64_ABI): Define, from configure substitution.
+
+2011-11-24 Niels Möller <nisse@lysator.liu.se>
+
+ From Martin Storsjö:
+ * examples/Makefile.in (check): Pass $(EMULATOR) and $(EXEEXT) in
+ the environment of run-tests.
+ * examples/rsa-encrypt-test: Use $EXEEXT and $EMULATOR.
+ * examples/rsa-sign-test: Likewise.
+ * examples/rsa-verify-test: Likewise.
+ * examples/setup-env: Likewise.
+
+ * testsuite/Makefile.in (check): Pass $(EXEEXT) in the environment of
+ run-tests.
+ * testsuite/pkcs1-conv-test: Use $EXEEXT and $EMULATOR. Ignore \r
+ in rsa-sign output.
+
+ * examples/rsa-decrypt.c (main) [WIN32]: Set stdout/stdin to
+ binary mode.
+ * examples/rsa-encrypt.c (main): Likewise.
+
+2011-11-24 Niels Möller <nisse@lysator.liu.se>
+
+ * configure.ac (HAVE_NATIVE_64_BIT): Workaround to get it set to 1
+ on w64.
+
+ * serpent-internal.h (ROL64): Use (uint64_t) 1 rather than 1L, for
+ M$ w64.
+ (RSHIFT64): Likewise. Also added a missing parenthesis.
+
+2011-11-24 Niels Möller <nisse@lysator.liu.se>
+
+ From Martin Storsjö:
+ * testsuite/symbols-test: Use $NM, falling back to nm if undefined.
+ * testsuite/Makefile.in (check): Pass $(NM) in the environment of
+ run-tests.
+ * config.make.in (NM): Set NM.
+
+ * testsuite/sexp-conv-test: Use $EMULATOR when running test
+ programs. Also ignore \r for output in the non-canonical output
+ formats.
+ * testsuite/Makefile.in (check): Pass $(EMULATOR) in the
+ environment of run-tests.
+ * configure.ac (EMULATOR): New substituted variable. Set to wine
+ or wine64 when cross compiling for windows, otherwise empty.
+ * config.make.in (EMULATOR): Set from autoconf value.
+
+2011-11-20 Niels Möller <nisse@lysator.liu.se>
+
+ * x86/camellia-crypt-internal.asm: Take ALIGNOF_UINT64_T into
+ account when getting the offset for the subkeys. Differs between
+ w32 and other systems. w32 problem identified by Martin Storsjö.
+
+ * config.m4.in: Define ALIGNOF_UINT64_T (from configure).
+
+ * configure.ac: Check alignment of uint64_t, and also use AC_SUBST
+ for use in config.m4.in.
+
+2011-11-19 Niels Möller <nisse@lysator.liu.se>
+
+ Cygwin/mingw32 improvements contributed by Martin Storsjö:
+ * Makefile.in (IMPLICIT_TARGETS): New variable for DLL link
+ libraries.
+ (clean-here): Delete the DLL import libraries.
+
+ * configure.ac: Setup installation of DLL files in $bindir.
+ (IF_DLL, LIBNETTLE_FILE_SRC, LIBHOGWEED_FILE_SRC): New
+ substitutions.
+
+ * config.make.in (LIBNETTLE_FILE_SRC): Substitute new autoconf
+ variable.
+ (LIBHOGWEED_FILE_SRC): Likewise.
+
+ * Makefile.in (install-dll-nettle, uninstall-dll-nettle): New
+ target for installing the DLL file in $bindir.
+ (install-shared-nettle): Conditionally
+ depend on install-dll-nettle. Use LIBNETTLE_FILE_SRC.
+ (uninstall-shared-nettle): Conditionally depend on
+ install-dll-nettle.
+ (various hogweed targets): Analogous changes.
+
+ * configure.ac: Unify shared lib setup for cygwin and mingw.
+
+2011-10-31 Niels Möller <nisse@lysator.liu.se>
+
+ * configure.ac (LIBHOGWEED_LIBS): Typo fix for the darwin case.
+ Spotted by Martin Storsjö.
+
+2011-10-25 Niels Möller <nisse@lysator.liu.se>
+
+ * configure.ac (LIBHOGWEED_LIBS): cygwin fix, added
+ libnettle.dll.a. Reported by Volker Zell.
+
+2011-10-18 Niels Möller <nisse@lysator.liu.se>
+
+ * configure.ac: Improved setup för darwin shared libraries.
+ Patch contributed by Ryan Schmidt.
+
+2011-10-03 Niels Möller <nisse@lysator.liu.se>
+
+ * x86_64/memxor.asm: Implemented sse2-loop. Configured at compile
+ time, and currently disabled.
+
+ * testsuite/testutils.h (ASSERT): Write message to stderr.
+
+ * testsuite/memxor-test.c: Use 16-byte alignment for "fully
+ aligned" operands.
+
+2011-09-03 Niels Möller <nisse@lysator.liu.se>
+
+ * x86/camellia-crypt-internal.asm: Use "l"-suffix on instructions
+ more consistently. Reportedly, freebsd and netbsd systems with
+ clang are more picky about this.
+
+ * configure.ac: Changed version number to 2.5.
+
+ * Released nettle-2.4.
+
+ * configure.ac (LIBNETTLE_MINOR): Bumped library version, to 4.3.
+
+ * gcm-aes.c: Include config.h.
+ * tools/nettle-lfib-stream.c: Likewise.
+
+ * ripemd160-compress.c: Added missing include of config.h. Needed
+ for correct operation on big-endian systems.
+
+2011-09-02 Niels Möller <nisse@amfibolit.hack.org>
+
+ * configure.ac: Changed version number to 2.4.
+
+ * Released nettle-2.3.
+
+2011-08-30 Niels Möller <nisse@lysator.liu.se>
+
+ * testsuite/hmac-test.c: Added tests for hmac-ripemd160.
+
+ * hmac.h: Declare hmac-ripemd160 related functions.
+
+ * Makefile.in (nettle_SOURCES): Added hmac-ripemd160.c.
+
+2011-08-30 Niels Möller <nisse@amfibolit.hack.org>
+
+ * nettle.texinfo (Hash functions): Document ripemd-160.
+
+ * hmac-ripemd160.c: New file.
+
+ * hmac.h: Declare hmac-ripemd160 functions.
+
+2011-08-29 Niels Möller <nisse@lysator.liu.se>
+
+ * sha256.c (sha256_update): Updated MD_UPDATE call for new
+ conventions.
+ (sha256_write_digest): Use MD_PAD rather than MD_FINAL, and insert
+ the length manually.
+ * sha512.c: Analogous changes.
+
+ * sha1.c (COMPRESS): New macro.
+ (sha1_update): Updated MD_UPDATE call for new conventions.
+ (sha1_digest): Use MD_PAD rather than MD_FINAL, and insert the
+ length manually.
+
+ * ripemd160.c (ripemd160_init): Use memcpy for initializing the
+ state vector.
+ (COMPRESS): New macro.
+ (ripemd160_update): Use MD_UPDATE.
+ (ripemd160_digest): Inline ripemd160_final processing. Use MD_PAD
+ and _nettle_write_le32.
+ (ripemd160_final): Deleted function.
+
+ * ripemd160.h (struct ripemd160_ctx): Use a 64-bit block count.
+ Renamed digest to state.
+
+ * md5.c (md5_init): Use memcpy for initializing the state vector.
+ (COMPRESS): New macro, wrapping _nettle_md5_compress.
+ (md5_update): Use MD_UPDATE.
+ (md5_digest): Inline md5_final processing. Use MD_PAD and
+ _nettle_write_le32.
+ (md5_final): Deleted.
+
+ * md5.h (struct md5_ctx): Renamed some fields, for consistency.
+
+ * md4.h (struct md4_ctx): Renamed some fields, for consistency.
+
+ * md4.c (md4_init): Use memcpy for initializing the state vector.
+ (md4_update): Use MD_UPDATE.
+ (md4_digest): Inline md4_final processing, using MD_PAD. Use
+ _nettle_write_le32.
+ (md4_block): Renamed, to...
+ (md4_compress): ... new name. Take ctx pinter as argument.
+ (md4_final): Deleted function.
+
+ * md2.c (md2_update): Use MD_UPDATE.
+
+ * macros.h (MD_UPDATE): Added incr argument. Invoke compression
+ function with ctx pointer as argument, rather than ctx->state.
+ (MD_FINAL): Just pad, don't store length field. Renamed to MD_PAD.
+ (MD_PAD): Analogous change of compression invocations.
+
+ * sha512.c: (COMPRESS): New macro wrapping _nettle_sha512_compress.
+ (sha512_update): Use MD_UPDATE.
+ (sha512_final): Deleted function.
+ (sha512_write_digest): Use MD_FINAL.
+
+ * sha256.c (COMPRESS): New macro wrapping _nettle_sha256_compress.
+ (SHA256_INCR): Deleted macro.
+ (sha256_update): Use MD_UPDATE.
+ (sha256_final): Deleted function.
+ (sha256_write_digest): New function, replacing sha256_final, and
+ using MD_FINAL.
+ (sha256_digest): Use sha256_write_digest.
+ (sha224_digest): Likewise.
+
+ * tools/nettle-hash.c (list_algorithms): Fixed typo in header.
+
+ * sha1.c (SHA1_DATA_LENGTH): Deleted unused macro.
+ (sha1_init): Use memcpy to initialize the state vector.
+ (SHA1_INCR): Deleted macro.
+ (sha1_update): Use MD_UPDATE macro, to reduce code duplication.
+ (sha1_digest): Use MD_FINAL macro.
+ (sha1_final): Deleted function.
+
+ * sha.h (struct sha1_ctx): Renamed attribute digest to state.
+
+ * macros.h (MD_UPDATE): New macro.
+ (MD_FINAL): New macro.
+
+2011-08-28 Niels Möller <nisse@lysator.liu.se>
+
+ * ripemd160.c (ripemd160_final): Use LE_WRITE_UINT32. Deleted byte
+ swapping at the end, leaving it to ripemd160_digest.
+ (ripemd160_digest): Use _nettle_write_le32.
+
+ * Makefile.in (nettle_SOURCES): Added write-le32.c.
+
+ * md5.c (md5_digest): Use _nettle_write_le32.
+
+ * write-le32.c (_nettle_write_le32): New file and function.
+
+ * ripemd160-compress.c (ROL32): Renamed macro (was "rol"). Deleted
+ x86 version using inline assembly; at least gcc-4.4.5 recognizes
+ shift-and-or expressions which are in fact rotations.
+ (_nettle_ripemd160_compress): Use LE_READ_UINT32.
+
+ * configure.ac (LIBNETTLE_MINOR): Bumped library version, to 4.2.
+
+ * testsuite/meta-hash-test.c: Updated for the addition of
+ ripemd-160.
+
+ * testsuite/.test-rules.make: Added rule for ripemd160-test.
+
+ * examples/nettle-benchmark.c (main): Benchmark ripemd-160.
+
+2011-08-28 Niels Möller <nisse@lysator.liu.se>
+
+ RIPEMD-160 hash function. Ported from libgcrypt by Andres Mejia.
+ * testsuite/ripemd160-test.c: New file.
+ * ripemd160.h: New file.
+ * nettle-meta.h: Declare nettle_ripemd160.
+ * ripemd160.c: New file, ported from libgcrypt.
+ * ripemd160-compress.c: Likewise.
+ * ripemd160-meta.c: New file.
+ * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
+ ripemd160-test.c.
+ * nettle-meta-hashes.c (nettle_hashes): Added nettle_ripemd160.
+ * Makefile.in (nettle_SOURCES): Added ripemd160.c,
+ ripemd160-compress.c, and ripemd160-meta.c.
+ (HEADERS): Added ripemd160.h.
+
+2011-08-10 Niels Möller <nisse@amfibolit.hack.org>
+
+ * nettle.texinfo: Fixed mis-placed const in various prototypes.
+ Spotted by Tatsuhiro Tsujikawa.
+
+2011-07-24 Niels Möller <nisse@lysator.liu.se>
+
+ * Makefile.in (PKGCONFIG_FILES, pkgconfigdir): New variables.
+ (DISTFILES): Added nettle.pc.in and hogweed.pc.in.
+ (nettle.pc, hogweed.pc): New targets (invoking config.status).
+ (install-pkgconfig, uninstall-pkgconfig): New targets.
+ (install-here): Depend on install-pkgconfig.
+ (uninstall-here): Depend on uninstall-pkgconfig.
+ (distclean-here): Delete nettle.pc and hogweed.pc.
+
+2011-07-20 Niels Möller <nisse@lysator.liu.se>
+
+ * configure.ac: Generate nettle.pc and hogweed.pc.
+
+ * nettle.pc.in, hogweed.pc.in: New files.
+
+2011-07-17 Niels Möller <nisse@lysator.liu.se>
+
+ * nettle-internal.h: Added missing extern declarations.
+
+2011-07-11 Niels Möller <nisse@lysator.liu.se>
+
+ * configure.ac: Changed version number to 2.3.
+
+ * Released nettle-2.2.
+
+ * Makefile.in (DISTFILES): Distribute COPYING.LIB, not COPYING,
+
+2011-07-07 Niels Möller <nisse@lysator.liu.se>
+
+ * tools/misc.h (werror): Removed incorrect noreturn attribute from
+ declaration.
+
+ * examples/io.c (read_file): Bug fix, in dependence of initial
+ size on max_size.
+
+2011-07-01 Niels Möller <nisse@lysator.liu.se>
+
+ * cbc.c (CBC_BUFFER_LIMIT): Reduced to 512 bytes.
+ (cbc_decrypt): For in-place operation, use overlapping memxor3 and
+ eliminate a memcpy.
+
+ * ctr.c (ctr_crypt): Reorganized to call the encryption function
+ with several blocks at a time. Handle the case of a single block
+ specially.
+
+ * x86_64/memxor.asm: Added ALIGN for shifting loop. Deleted
+ obsolete ifelse.
+
+2011-06-30 Niels Möller <nisse@lysator.liu.se>
+
+ * configure.ac: Link in serpent-decrypt.asm, if found.
+
+ * x86_64/serpent-decrypt.asm: Added an SSE2 loop, doing four
+ blocks at a time in parallel.
+
+ * x86_64/serpent-encrypt.asm: Include serpent.m4. Deleted a
+ redundant label.
+
+ * x86_64/serpent.m4: New file, with serpent-related macros.
+
+2011-06-29 Niels Möller <nisse@lysator.liu.se>
+
+ * x86_64/serpent-decrypt.asm: Wrote main (32-bit) loop.
+ (SBOX0I, SBOX1I, SBOX7I): Fixed bugs.
+
+ * nettle.texinfo (Copyright): Updated for license change to
+ LGPLv2+. Updated copyriight info on serpent.
+
+ * NEWS: Updated information for nettle-2.2.
+
+ * x86_64/serpent-decrypt.asm: New file.
+
+ * x86_64/serpent-encrypt.asm: Fixed .file pseudo op.
+
+ * testsuite/testutils.c (test_cipher_ctr): Display more info on
+ failure.
+
+ * examples/nettle-benchmark.c (bench_ctr): New function.
+ (time_cipher): Also benchmark CTR mode.
+
+ * configure.ac (LIBNETTLE_MINOR): Updated library version number
+ to 4.1.
+ (LIBHOGWEED_MINOR): And to 2.1.
+
+2011-06-22 Niels Möller <nisse@lysator.liu.se>
+
+ * configure.ac: Use pwd -P when examining lib directories.
+ Link in serpent-encrypt.asm, if found.
+
+2011-06-21 Niels Möller <nisse@lysator.liu.se>
+
+ * serpent-decrypt.c (SBOX3_INVERSE): Eliminated temporaries.
+ (SBOX4_INVERSE): Likewise.
+ (SBOX5_INVERSE): Likewise.
+ (SBOX6_INVERSE): Likewise.
+ (SBOX7_INVERSE): Likewise.
+ (All SBOX_INVERSE-macros): Deleted type argument, and updated users.
+
+2011-06-20 Niels Möller <nisse@lysator.liu.se>
+
+ * serpent-decrypt.c: Renamed arguments in sbox macros.
+ (SBOX0_INVERSE): Eliminated temporaries.
+ (SBOX1_INVERSE): Likewise.
+ (SBOX2_INVERSE): Likewise.
+
+ * x86_64/serpent-encrypt.asm: Added an SSE2 loop, doing four
+ blocks at a time in parallel.
+
+ * testsuite/serpent-test.c (test_main): Added some more multiple
+ block tests.
+
+2011-06-15 Niels Möller <nisse@lysator.liu.se>
+
+ * configure.ac (libdir): On 64-bit Linux, we used to assume that
+ libraries are installed according to the FHS. Since at least
+ Fedora and Gentoo follow the FHS convention, while at least Debian
+ doesn't, we have to try to figure out which convention is used.
+
+2011-06-14 Niels Möller <nisse@lysator.liu.se>
+
+ * x86_64/serpent-encrypt.asm: Slight simplification of loop logic.
+
+ * x86_64/serpent-encrypt.asm: New file.
+
+2011-06-12 Niels Möller <nisse@lysator.liu.se>
+
+ * testsuite/serpent-test.c (test_main): Added tests with multiple
+ blocks at a time.
+
+ * serpent-encrypt.c (SBOX6): Renamed arguments. Eliminated
+ temporaries.
+ (SBOX7): Likewise.
+ (All SBOX-macros): Deleted type argument, and updated users.
+
+ * configure.ac: Display summary at the end of configure..
+ (asm_path): Set only if enable_assember is yes.
+
+2011-06-10 Niels Möller <nisse@lysator.liu.se>
+
+ * serpent-encrypt.c (SBOX5): Renamed arguments. Eliminated
+ temporaries.
+
+2011-06-09 Niels Möller <nisse@lysator.liu.se>
+
+ * serpent-encrypt.c (SBOX4): Renamed arguments. Eliminated
+ temporaries.
+
+ * configure.ac (LIBNETTLE_LINK, LIBHOGWEED_LINK): Cygwin fix, from
+ Vincent Torri.
+
+2011-06-08 Niels Möller <nisse@lysator.liu.se>
+
+ * examples/eratosthenes.c (find_first_one): Fixed c99-style
+ declaration. Reported by Sebastian Reitenbach.
+ (find_first_one): Declare the lookup table as static const, and
+ use unsigned char rather than unsigned..
+
+2011-06-07 Niels Möller <nisse@lysator.liu.se>
+
+ * serpent-encrypt.c (SBOX0): Renamed arguments. Eliminated
+ temporaries.
+ (SBOX1): Likewise.
+ (SBOX2): Likewise.
+ (SBOX3): Likewise.
+
+2011-06-06 Niels Möller <nisse@lysator.liu.se>
+
+ * Makefile.in (DISTFILES): Added serpent-internal.h.
+ (nettle_SOURCES): Replaced serpent.c by serpent-set-key.c,
+ serpent-encrypt.c, and serpent-decrypt.c.
+
+ * serpent.c: Replaced by several new files.
+ * serpent-set-key.c: New file.
+ * serpent-encrypt.c: New file.
+ * serpent-decrypt.c: New file.
+ * serpent-internal.h: New file.
+
+ * serpent.c [HAVE_NATIVE_64_BIT]: Process two blocks at a time in
+ parallel. Measured speedup of 10%--25% (higher for encryption) on
+ x86_64.
+
+2011-06-01 Niels Möller <nisse@lysator.liu.se>
+
+ * serpent.c (ROUNDS): Deleted macro.
+ (serpent_block_t): Deleted array typedef.
+ (KEYXOR): New macro, replacing BLOCK_XOR.
+ (BLOCK_COPY, SBOX, SBOX_INVERSE): Deleted macros.
+ (LINEAR_TRANSFORMATION): Use four separate arguments.
+ (LINEAR_TRANSFORMATION_INVERSE): Likewise.
+ (ROUND): Take separate arguments for all input and output words.
+ (ROUND_INVERSE): Likewise.
+ (ROUND_LAST, ROUND_FIRST_INVERSE): Deleted macros.
+ (serpent_set_key): Moved loop termination test.
+ (serpent_encrypt): Rewrote with unrolling of just eight rounds,
+ and without serpent_block_t.
+ (serpent_decrypt): Likewise.
+
+ * serpent.c: Added do { ... } while (0) around block macros.
+ (serpent_key_t): Deleted array typedef.
+ (ROL32, ROR32): Renamed macros, were rol and ror.
+ (KS_RECURRENCE, KS): New macros.
+ (serpent_key_pad): Renamed, from...
+ (serpent_key_prepare): ...old name.
+ (serpent_subkeys_generate): Deleted function.
+ (serpent_set_key): Rewrote the generation of subkeys. Reduced both
+ temporary storage and code size (less unrolling)
+
+2011-05-31 Niels Möller <nisse@lysator.liu.se>
+
+ * testsuite/serpent-test.c (test_main): Enabled test with short,
+ 40-bit, key.
+
+ * serpent.c (byte_swap_32): Deleted macro.
+ (serpent_key_prepare): Use LE_READ_UINT32. Don't require aligned
+ input, and support arbitrary key sizes.
+
+2011-05-30 Simon Josefsson <simon@josefsson.org>
+
+ * serpent.c: Rewrite, based on libgcrypt code. License changed
+ from GPL to LGPL.
+ * serpent_sboxes.h: Removed.
+ * Makefile.in: Drop serpent_sboxes.h.
+
+2011-05-31 Niels Möller <nisse@lysator.liu.se>
+
+ * testsuite/serpent-test.c (test_main): Added some tests for
+ padding of keys of length which is not a multiple of four bytes.
+
+2011-05-30 Simon Josefsson <simon@josefsson.org>
+
+ * testsuite/serpent-test.c (test_main): Add test vectors from
+ libgcrypt.
+
+2011-05-21 Niels Möller <nisse@lysator.liu.se>
+
+ * dsa-keygen.c (dsa_generate_keypair): Avoid double init of mpz
+ variable. Spotted by Nikos Mavrogiannopoulos.
+
+2011-05-06 Niels Möller <nisse@lysator.liu.se>
+
+ * configure.ac: Fix link flags for shared libraries on Solaris,
+ which needs -h to set the soname. Patch contributed by Dagobert
+ Michelsen.
+
+2011-05-06 Niels Möller <nisse@lysator.liu.se>
+
+ * configure.ac: New configure option --enable-gcov.
+
+ * arcfour.h (arcfour_stream): Deleted obsolete define.
+
+2011-04-27 Niels Möller <nisse@lysator.liu.se>
+
+ * tools/nettle-hash.c (find_algorithm): Require exact match.
+
+2011-04-15 Niels Möller <nisse@lysator.liu.se>
+
+ Reverted broken byte-order change from 2001-06-17:
+ * serpent.c (serpent_set_key): Use correct byteorder.
+ (serpent_encrypt): Likewise.
+ (serpent_decrypt): Likewise.
+
+ * testsuite/serpent-test.c (decode_hex_reverse): New function.
+ (RH, RHL): New macros.
+ (test_main): Byte reverse inputs and outputs for the testvectors
+ taken from the serpent submission package. Enable test vectors
+ from http://www.cs.technion.ac.il/~biham/Reports/Serpent/.
+
+2011-03-23 Niels Möller <nisse@lysator.liu.se>
+
+ * tools/sexp-conv.c (xalloc): Deleted function, now it's in misc.c
+ instead.
+
+ * configure.ac: Use LSH_FUNC_STRERROR.
+
+ * tools/Makefile.in (TARGETS): Added nettle-hash, and related
+ build rules.
+ (SOURCES): Added nettle-hash.c.
+
+ * tools/misc.c (xalloc): New function.
+
+ * tools/pkcs1-conv.c (main): Made the OPT_* constants local, and
+ fixed numerical values to start with non-ASCII 0x300.
+
+ * tools/nettle-hash.c: New file.
+
+2011-03-23 Niels Möller <nisse@lysator.liu.se>
+
+ Contributed by Daniel Kahn Gillmor:
+ * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added
+ meta-hash-test.c, meta-cipher-test.c, and meta-armor-test.c.
+
+ * testsuite/meta-hash-test.c: New file.
+ * testsuite/meta-cipher-test.c: New file.
+ * testsuite/meta-armor-test.c: New file.
+
+ * nettle.texinfo: Document nettle_hashes and nettle_ciphers.
+
+ * nettle-meta.h: Declare algorithm lists nettle_ciphers,
+ nettle_hashes, nettle_armors.
+
+ * Makefile.in (nettle_SOURCES): Added nettle-meta-hashes.c,
+ nettle-meta-ciphers.c, and nettle-meta-armors.c.
+
+ * nettle-meta-armors.c: New file.
+ * nettle-meta-ciphers.c: New file.
+ * nettle-meta-hashes.c: New file.
+
+2011-02-18 Niels Möller <nisse@lysator.liu.se>
+
+ * arcfour.c (arcfour_stream): Deleted function. It's not very
+ useful, and neither documented nor tested.
+
+2011-02-16 Niels Möller <nisse@lysator.liu.se>
+
+ * cbc.h (CBC_ENCRYPT): Avoid using NULL; we don't ensure that it
+ is defined.
+ (CBC_DECRYPT): Likewise.
+
+ * gcm-aes.c (gcm_aes_set_iv): Use GCM_SET_IV.
+ (gcm_aes_set_key): Deleted cast.
+ (gcm_aes_encrypt): Likewise.
+ (gcm_aes_decrypt): Likewise.
+ (gcm_aes_digest): Likewise.
+ (gcm_aes_update): One less argument to GCM_UPDATE.
+
+ * gcm.h (GCM_SET_KEY): Added cast to nettle_crypt_func *. Help
+ compiler type checking despite this cast.
+ (GCM_ENCRYPT): Likewise.
+ (GCM_DECRYPT): Likewise.
+ (GCM_DIGEST): Likewise.
+ (GCM_SET_IV): New macro, for completeness.
+ (GCM_UPDATE): Deleted unused argument encrypt.
+
+2011-02-14 Niels Möller <nisse@lysator.liu.se>
+
+ * nettle.texinfo: Split node on cipher modes, and started on
+ the GCM documentation.
+
+ * testsuite/gcm-test.c (test_gcm_aes): Deleted function, replaced
+ by test_aead.
+ (test_main): Use test_aead.
+
+ * testsuite/testutils.c (test_aead): New function, replacing
+ test_gcm_aes and before that test_cipher_gcm.
+
+ * nettle-internal.c (nettle_gcm_aes128): New const struct.
+ (nettle_gcm_aes192): Likewise.
+ (nettle_gcm_aes256): Likewise.
+
+ * nettle-internal.h (struct nettle_aead): Tentative interface for
+ authenticated encryption with associated data.
+
+ * examples/nettle-benchmark.c (time_gcm): Renamed. Updated for
+ gcm_aes_auth to gcm_aes_update renaming. Benchmark both encryption
+ and hashing.
+ (time_gmac): ...old name.
+
+ * nettle-internal.c (des_set_key_hack): Don't touch the bits
+ parity, since thay are now ignored.
+ (des3_set_key_hack): Likewise.
+
+ * cast128-meta.c (nettle_cast128): Don't pass keysize.
+ * nettle-meta.h (_NETTLE_CIPHER_FIX): Deleted keysize parameter
+ derived from the appropriate constant instead.
+
+ * testsuite/gcm-test.c (test_gcm_aes): Updated for gcm_aes_auth to
+ gcm_aes_update renaming.
+
+2011-02-13 Niels Möller <nisse@lysator.liu.se>
+
+ * gcm.h (GCM_UPDATE): Renamed, from...
+ (GCM_AUTH): ...old name.
+
+ * gcm-aes.c (gcm_aes_update): Renamed, from...
+ (gcm_aes_auth): ...old name.
+
+ * gcm.c (gcm_update): Renamed, and fixed an assert. From...
+ (gcm_auth): ...old name.
+
+ * gcm.h (GCM_TABLE_BITS): Increase table size to 8 bits,
+ corresponding to 4 KByte of key-dependent tables.
+
+2011-02-10 Niels Möller <nisse@lysator.liu.se>
+
+ * x86_64/memxor.asm: New file. Improves performance by 22% for the
+ unaligned01 case and 35% for the unaligned12 case, benchmarked on
+ Intel SU1400.
+
+ * examples/nettle-benchmark.c (cgt_works_p): New function.
+ (cgt_time_start): Likewise.
+ (cgt_time_end): Likewise.
+ (clock_time_start): Likewise.
+ (clock_time_end): Likewise.
+ (time_function): Read clock via function pointers time_start and
+ time_end, so we can select method at runtime.
+ (xalloc): Use die function.
+ (main): Choose timing function. If available, try clock_gettime,
+ and fall back to clock if it doesn't exist.
+
+ * examples/nettle-benchmark.c (die): New function.
+ (TIME_END, TIME_START): Check return value from clock_gettime.
+
+ * gcm.h (union gcm_block): Use correct length for w array.
+
+ * testsuite/gcm-test.c (test_main): Added the rest of the
+ testcases from the spec.
+
+2011-02-09 Niels Möller <nisse@lysator.liu.se>
+
+ * testsuite/gcm-test.c (test_main): Enabled testcases 5 and 6,
+ with different IV lengths.
+
+ * gcm-aes.c (gcm_aes_set_iv): Updated for gcm_set_iv change.
+
+ * gcm.c (gcm_hash_sizes): New function.
+ (gcm_set_iv): Added support for IVs of arbitrary size. Needed
+ another argument, for the hash subkey.
+ (gcm_digest): Use gcm_hash_sizes.
+
+ * examples/nettle-benchmark.c (time_gmac): Use gcm_aes interface.
+
+ * testsuite/gcm-test.c (test_gcm_aes): New function, replacing
+ test_cipher_gcm and using the new gcm_aes interface.
+ (test_main): Updated to use test_gcm_aes.
+ * testsuite/testutils.c (test_cipher_gcm): Deleted function.
+
+ * Makefile.in (nettle_SOURCES): Added gcm-aes.c.
+
+ * gcm.c (gcm_set_key): Replaced context argument by a struct
+ gcm_key *.
+ (gcm_hash): Replaced context argument by a struct gcm_key * and a
+ pointer to the hashing state block.
+ (gcm_auth): Added struct gcm_key * argument.
+ (gcm_encrypt): Likewise.
+ (gcm_decrypt): Likewise.
+ (gcm_digest): Likewise.
+
+ * gcm-aes.c: New file.
+ (gcm_aes_set_key): New function.
+ (gcm_aes_set_iv): Likewise.
+ (gcm_aes_auth): Likewise.
+ (gcm_aes_encrypt): Likewise.
+ (gcm_aes_decrypt): Likewise.
+ (gcm_aes_digest): Likewise.
+
+ * gcm.h (struct gcm_key): Moved the key-dependent and
+ message-independent state to its own struct.
+ (struct gcm_ctx): ... and removed it here.
+ (GCM_CTX): New macro.
+ (GCM_SET_KEY): Likewise.
+ (GCM_AUTH): Likewise.
+ (GCM_ENCRYPT): Likewise.
+ (GCM_DECRYPT): Likewise.
+ (GCM_DIGEST): Likewise.
+ (struct gcm_aes_ctx): New struct.
+
+2011-02-08 Niels Möller <nisse@lysator.liu.se>
+
+ * gcm.h (struct gcm_ctx): The hash key is now always an array,
+ named h, with array size depending on GCM_TABLE_BITS.
+ * gcm.c (gcm_gf_shift): Added a separate result argument.
+ (gcm_gf_mul): Compile bitwise version only when GCM_TABLE_BITS ==
+ 0. Simplified interface with just two arguments pointing to
+ complete blocks.
+ (gcm_gf_shift_4, gcm_gf_shift_8): Renamed table-based functions, from...
+ (gcm_gf_shift_chunk): ... old name.
+ (gcm_gf_mul): Renamed both table-based versions and made the
+ argument types compatible with the bitwise gcm_gf_mul.
+ (gcm_gf_mul_chunk): ... the old name.
+ (gcm_set_key): Initialize the table using adds and shifts only.
+ When GCM_TABLE_BITS > 0, this eliminates the only use of the
+ bitwise multiplication.
+ (gcm_hash): Simplified, now that we have the same interface for
+ gcm_gf_mul, regardless of table size.
+
+ * gcm.c (GHASH_POLYNOMIAL): Use unsigned long for this constant.
+ (gcm_gf_shift_chunk): Fixed bugs for the big endian 64-bit case,
+ e.g., sparc64. For both 4-bit and 8-bit tables.
+
+ * gcm.c: Use the new union gcm_block for all gf operations.
+
+ * gcm.h (union gcm_block): New union, used to enforce alignment.
+
+2011-02-07 Niels Möller <nisse@lysator.liu.se>
+
+ * gcm.c (gcm_gf_shift_chunk) : Bug fix for little-endian 8-bit
+ tables.
+
+ * gcm.c (gcm_gf_mul_chunk): Special case first and last iteration.
+ (gcm_gf_add): New function, a special case of memxor. Use it for
+ all memxor calls with word-aligned 16 byte blocks. Improves
+ performance to 152 cycles/byte with no tables, 28 cycles per byte
+ with 4-bit tables and 10.5 cycles per byte with 8-bit tables.
+
+ Introduced 8-bit tables. If enabled, gives gmac performance of 19
+ cycles per byte (still on intel x86_64).
+ * gcm.c (gcm_gf_shift_chunk): New implementation for 8-bit tables.
+ (gcm_gf_mul_chunk): Likewise.
+ (gcm_set_key): Generate 8-bit tables.
+
+ * Makefile.in (SOURCES): Added gcmdata.c.
+
+ * gcm.h (GCM_TABLE_BITS): Set to 4.
+
+2011-02-06 Niels Möller <nisse@lysator.liu.se>
+
+ * Makefile.in (TARGETS): Added gcmdata.
+ (gcmdata): New rule.
+
+ Introduced 4-bit tables. Gives gmac performance of 45 cycles per
+ byte (still on intel x86_64).
+ * gcm.c (gcm_gf_shift): Renamed. Tweaked little-endian masks.
+ (gcm_rightshift): ... old name.
+ (gcm_gf_mul): New argument for the output. Added length argument
+ for one of the inputs (implicitly padding with zeros).
+ (shift_table): New table (in 4-bit and 8-bit versions), generated
+ by gcmdata.
+ (gcm_gf_shift_chunk): New function shifting 4 bits at
+ a time.
+ (gcm_gf_mul_chunk): New function processing 4 bits at a time.
+ (gcm_set_key): Generation of 4-bit key table.
+ (gcm_hash): Use tables, when available.
+
+ * gcmdata.c (main): New file.
+
+ * gcm.c (gcm_rightshift): Moved the reduction of the shifted out
+ bit here.
+ (gcm_gf_mul): Updated for gcm_rightshift change. Improves gmac
+ performance to 181 cycles/byte.
+
+ * gcm.c (gcm_gf_mul): Rewrote. Still uses the bitwise algorithm from the
+ specification, but with separate byte and bit loops. Improves gmac
+ performance a bit further, to 227 cycles/byte.
+
+ * gcm.c (gcm_rightshift): Complete rewrite, to use word rather
+ than byte operations. Improves gmac performance from 830 cycles /
+ byte to (still poor) 268 cycles per byte on intel x86_64.
+
+2011-02-05 Niels Möller <nisse@lysator.liu.se>
+
+ * examples/nettle-benchmark.c (time_gmac): New function.
+ (main): Call time_gmac.
+
+ * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added gcm-test.c.
+
+ * testsuite/testutils.c (test_cipher_gcm): New function,
+ contributed by Nikos Mavrogiannopoulos.
+
+ * testsuite/gcm-test.c: New file, contributed by Nikos
+ Mavrogiannopoulos.
+
+ * Makefile.in (nettle_SOURCES): Added gcm.c.
+ (HEADERS): Added gcm.h.
+
+ * gcm.c: New file, contributed by Nikos Mavrogiannopoulos.
+ * gcm.h: New file, contributed by Nikos Mavrogiannopoulos.
+
+ * macros.h (INCREMENT): New macro, moved from ctr.c. Deleted third
+ argument.
+ * ctr.c: Use INCREMENT macro from macros.h, deleted local version.
+
+2011-01-07 Niels Möller <nisse@lysator.liu.se>
+
+ * testsuite/Makefile.in (check): Add ../.lib to PATH, since that's
+ where w*ndows looks for dlls.
+
+ * testsuite/testutils.c (test_cipher_stream): More debug output on
+ failure.
+
+2010-12-14 Niels Möller <nisse@lysator.liu.se>
+
+ * nettle-types.h: Deleted some unnecessary parenthesis from
+ function typedefs.
+ (nettle_realloc_func): Moved typedef here...
+ * realloc.h: ...from here.
+
+ * buffer.c (nettle_buffer_init_realloc): Use an explicit pointer
+ for realloc argument.
+
+2010-12-07 Niels Möller <nisse@lysator.liu.se>
+
+ * nettle.texinfo (Copyright): Updated info on blowfish.
+
+2010-11-26 Niels Möller <nisse@lysator.liu.se>
+
+ Reapplied optimizations (150% speedup on x86_32) and other fixes,
+ relicensing them as LGPL.
+ * blowfish.c (do_encrypt): Renamed, to...
+ (encrypt): ...new name.
+ (F): Added context argument. Shift input explicitly, instead of
+ reading individual bytes via memory.
+ (R): Added context argument.
+ (encrypt): Deleted a bunch of local variables. Using the context
+ pointer for everything should consume less registers.
+ (decrypt): Likewise.
+ (initial_ctx): Arrange constants into a struct, to simplify key
+ setup.
+ (blowfish_set_key): Some simplification.
+
+2010-11-26 Simon Josefsson <simon@josefsson.org>
+
+ * blowfish.c: New version ported from libgcrypt. License changed
+ from GPL to LGPL.
+
+2010-11-25 Niels Möller <nisse@lysator.liu.se>
+
+ * Makefile.in (install-shared-nettle): Use INSTALL_DATA, which
+ clears the execute permission bits.
+ (install-shared-hogweed): Likewise.
+
+2010-11-16 Niels Möller <nisse@lysator.liu.se>
+
+ * configure.ac: Updated gmp url.
+
+2010-11-01 Niels Möller <nisse@lysator.liu.se>
+
+ * tools/misc.c (werror): Don't call exit (copy&paste-error).
+
+2010-10-26 Niels Möller <nisse@lysator.liu.se>
+
+ * examples/rsa-encrypt.c (main): No extra message for bad options.
+
+ * examples/rsa-keygen.c (main): Added long options. Deleted -?,
+ and fixed handling of bad options.
+
+ * examples/next-prime.c (main): Deleted -?, and fixed handling of
+ bad options.
+ * examples/random-prime.c (main): Likewise.
+
+2010-10-22 Niels Möller <nisse@lysator.liu.se>
+
+ * examples/nettle-benchmark.c (main): Added long options. Deleted -?,
+ and fixed handling of bad options.
+
+ * examples/eratosthenes.c (main): Added long options. Deleted -?,
+ and fixed handling of bad options. Renamed -s to -q (long option
+ --quiet).
+
+ * tools/pkcs1-conv.c (main): Deleted short alias -? for --help,
+ and fixed handling of bad options.
+ * tools/sexp-conv.c (parse_options): Likewise.
+
+2010-10-06 Niels Möller <nisse@lysator.liu.se>
+
+ * memxor.c (memxor3): Optimized.
+ (memxor3_common_alignment): New function.
+ (memxor3_different_alignment_b): New function.
+ (memxor3_different_alignment_ab): New function.
+ (memxor3_different_alignment_all): New function.
+
+ * examples/nettle-benchmark.c (time_function): Reorganized, to
+ reduce overhead.
+ (time_memxor): Also benchmark memxor3.
+
+ * x86_64/memxor.asm: New file.
+
+ * examples/nettle-benchmark.c (overhead): New global variable.
+ (time_function): Compensate for call overhead.
+ (bench_nothing, time_overhead): New functions.
+ (time_memxor): Tweaked src size, making it an integral number of
+ words.
+ (main): Call time_overhead.
+
+2010-10-01 Niels Möller <nisse@lysator.liu.se>
+
+ * x86_64/camellia-crypt-internal.asm (ROUND): Reordered sbox
+ lookups.
+
+ * testsuite/memxor-test.c: Also test memxor3.
+
+2010-09-30 Niels Möller <nisse@lysator.liu.se>
+
+ * configure.ac: Link in memxor.asm, if found.
+
+ * testsuite/testutils.c (test_cipher_cbc): Print more info when
+ failing.
+
+ * testsuite/memxor-test.c (test_xor): Added verbose printout.
+
+ * examples/nettle-benchmark.c (time_memxor): Count size of
+ unsigned long as "block size" for memxor.
+
+2010-09-24 Niels Möller <nisse@lysator.liu.se>
+
+ * testsuite/.test-rules.make: Added rule for memxor-test.
+ * testsuite/Makefile.in (TS_NETTLE_SOURCES): Added memxor-test.c
+ * testsuite/memxor-test.c: New file.
+
+ * memxor.c (memxor_common_alignment): New function.
+ (memxor_different_alignment): New function.
+ (memxor): Optimized to do word-operations rather than byte
+ operations.
+
+ * configure.ac (HAVE_NATIVE_64_BIT): New config.h define.
+
+ Partial revert of 2010-09-20 changes.
+ * camellia-set-encrypt-key.c (camellia_set_encrypt_key):
+ Reintroduce CAMELLIA_F_HALF_INV, for 32-bit machines.
+ * camellia-crypt-internal.c (CAMELLIA_ROUNDSM): Two variants,
+ differing in where addition of the key is done.
+ * x86/camellia-crypt-internal.asm: Moved addition of key.
+
+2010-09-22 Niels Möller <nisse@lysator.liu.se>
+
+ * examples/nettle-benchmark.c (BENCH_INTERVAL): Changed unit to
+ seconds.
+ (time_function): Use clock_gettime with CLOCK_PROCESS_CPUTIME_ID,
+ if available. This gives better accuracy, at least on recent
+ linux.
+ (BENCH_INTERVAL): Reduced to 0.1 s.
+ (struct bench_memxor_info): New struct.
+ (bench_memxor): New function.
+ (time_memxor): New function.
+ (main): Use time_memxor. Added optional argument used to limit the
+ algorithms being benchmarked.
+ (GET_CYCLE_COUNTER): Define also for x86_64.
+ (time_memxor): Improved display.
+
+ * examples/Makefile.in (nettle-benchmark): Link using
+ $(BENCH_LIBS) rather than $(LIBS).
+
+ * configure.ac: Check for clock_gettime, and add -lrt to
+ BENCH_LIBS if needed.
+
+2010-09-20 Niels Möller <nisse@lysator.liu.se>
+
+ * configure.ac: Less quoting when invoking $CC, to allow CC="gcc
+ -m32".
+
+ * x86/camellia-crypt-internal.asm (ROUND): Adapted to new key
+ convention, moving key xor to the end.
+
+ * camellia-set-encrypt-key.c (CAMELLIA_F_HALF_INV): Deleted macro.
+ (camellia_set_encrypt_key): Deleted the CAMELLIA_F_HALF_INV
+ operations intended for moving the key xor into the middle of the
+ round.
+
+ * camellia-crypt-internal.c (CAMELLIA_ROUNDSM): Moved addition of
+ key to the end, to use a 64-bit xor operation.
+
+ * x86_64/camellia-crypt-internal.asm: New file.
+
+ * x86_64/machine.m4 (LREG, HREG, XREG): New macros.
+
+2010-09-17 Niels Möller <nisse@lysator.liu.se>
+
+ * configure.ac: Support shared libraries (dlls) with mingw32.
+ Contributed by David Hoyt.
+
+2010-07-25 Niels Möller <nisse@lysator.liu.se>
+
+ * configure.ac: Changed version number to nettle-2.2.
* Released nettle-2.1.
Bumped soname to libnettle.so.4, and reset LIBNETTLE_MINOR to
zero.
- * x86/machine.m4 (LREG, HREG): Moved macros here, from...
+ * x86/machine.m4 (LREG, HREG): Moved macros here, from...
* x86/aes.m4: ...here.
* x86/camellia-crypt-internal.asm: New file.
rsa_sha512_verify and rsa_sha512_verify_digest.
* camellia.h (struct camellia_ctx): Eliminate the two unused
- subkeys, and renumber the remaining ones.
+ subkeys, and renumber the remaining ones.
* camellia-crypt-internal.c (_camellia_crypt): Updated for
renumbered subkeys.
* camellia-set-encrypt-key.c (camellia_set_encrypt_key): Likewise.
(camellia_setup128): Deleted.
(camellia_setup256): Deleted.
-2010-07-24 Niels Möller <nisse@lysator.liu.se>
+2010-07-24 Niels Möller <nisse@lysator.liu.se>
* camellia-set-encrypt-key.c (camellia_set_encrypt_key): Reduced
code size, no complete loop unroll. Use one loop for each phase of
function passing the sbox table to _camellia_crypt.
* camellia-crypt-internal.c (_camellia_crypt): New file, with main
encrypt/decrypt function.
- * Makefile.in (nettle_SOURCES): Updated list of camellia source files.
+ * Makefile.in (nettle_SOURCES): Updated list of camellia source files.
(DISTFILES): Added camellia-internal.h.
-2010-07-20 Niels Möller <nisse@lysator.liu.se>
+2010-07-20 Niels Möller <nisse@lysator.liu.se>
* camellia-meta.c: Use _NETTLE_CIPHER_SEP_SET_KEY.
* camellia.h (struct camellia_ctx): Use type uint64_t for subkeys.
-2010-07-07 Niels Möller <nisse@lysator.liu.se>
+2010-07-07 Niels Möller <nisse@lysator.liu.se>
* aes.h (aes_encrypt, aes_decrypt): Declare ctx argument as const.
Also updated implementation.
(camellia_decrypt): ...New function, analogous to
camellia_encrypt.
-2010-07-06 Niels Möller <nisse@lysator.liu.se>
+2010-07-06 Niels Möller <nisse@lysator.liu.se>
* camellia.c, camellia.h: New files, copied from
http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/camellia-LGPL-1.2.0.tar.gz.
* testsuite/camellia-test.c: New file.
-2010-07-05 Niels Möller <nisse@lysator.liu.se>
+2010-07-05 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo: Document new conventions for weak key and des
parity checks. Document des_check_parity.
* blowfish.c (initial_ctx): Deleted status value.
(blowfish_encrypt): Ignore status attribute.
(blowfish_decrypt): Likewise.
- (blowfish_set_key): return result from weak key check, without
+ (blowfish_set_key): Return result from weak key check, without
setting the status attribute.
* blowfish.h (enum blowfish_error): Deleted.
* Makefile.in (des_headers): Deleted parity.h.
-2010-06-30 Niels Möller <nisse@lysator.liu.se>
+2010-06-30 Niels Möller <nisse@lysator.liu.se>
* testsuite/des-test.c (test_des): New function.
(test_weak): New function.
(des_set_key): Deleted parity checking code. Replaced old weak-key
detection code by a call to des_weak_p.
-2010-06-04 Niels Möller <nisse@lysator.liu.se>
+2010-06-04 Niels Möller <nisse@lysator.liu.se>
* testsuite/testutils.c (test_dsa_key): Updated for new name
DSA_SHA1_MIN_P_BITS.
(dsa_openssl_private_key_from_der_iterator): Enforce 160-bit limit
on q and x. Renamed parameter limit to p_max_bits.
-2010-06-03 Niels Möller <nisse@lysator.liu.se>
+2010-06-03 Niels Möller <nisse@lysator.liu.se>
* testsuite/dsa-test.c (test_main): Added test for dsa-sha256.
-2010-06-02 Niels Möller <nisse@lysator.liu.se>
+2010-06-02 Niels Möller <nisse@lysator.liu.se>
* testsuite/dsa-test.c (test_main): Provide expected value of the
signature.
signature.
(test_dsa256): Likewise.
-2010-06-01 Niels Möller <nisse@lysator.liu.se>
+2010-06-01 Niels Möller <nisse@lysator.liu.se>
* testsuite/rsa-keygen-test.c (test_main): Updated expected
signatures.
(nettle_random_prime): Likewise, added top_bits_set argument.
Invoke progress callback when a prime is generated.
-2010-05-26 Niels Möller <nisse@lysator.liu.se>
+2010-05-26 Niels Möller <nisse@lysator.liu.se>
* dsa-keygen.c (dsa_generate_keypair): Use
_nettle_generate_pocklington_prime. Deleted old key generation
then Maurer's algorithm, calling the new
_nettle_generate_pocklington_prime for the final search.
-2010-05-25 Niels Möller <nisse@lysator.liu.se>
+2010-05-25 Niels Möller <nisse@lysator.liu.se>
* testsuite/dsa-test.c (test_main): Updated for dsa testing
changes.
primes using Pocklington's theorem. Takes both p_size and q_size
as arguments.
-2010-05-20 Niels Möller <nisse@lysator.liu.se>
+2010-05-20 Niels Möller <nisse@lysator.liu.se>
* bignum-random-prime.c (miller_rabin_pocklington): Fixed broken
logic when Miller-rabin succeeds early.
-2010-04-09 Niels Möller <nisse@lysator.liu.se>
+2010-04-09 Niels Möller <nisse@lysator.liu.se>
* bignum-next-prime.c: Include stdlib.h, needed for alloca on
freebsd.
* bignum-random-prime.c (nettle_random_prime): New file, new
function.
-2010-03-31 Niels Möller <nisse@lysator.liu.se>
+2010-03-31 Niels Möller <nisse@lysator.liu.se>
* examples/nettle-benchmark.c (main): Benchmark sha224.
-2010-03-30 Niels Möller <nisse@lysator.liu.se>
+2010-03-30 Niels Möller <nisse@lysator.liu.se>
* testsuite/testutils.c (DSA_VERIFY): Updated for dsa_sha1_verify
rename.
* dsa-sign.c (_dsa_sign): New general signing function, for any
hash. Returns success code, like the rsa signture functions.
-2010-03-29 Niels Möller <nisse@lysator.liu.se>
+2010-03-29 Niels Möller <nisse@lysator.liu.se>
* configure.ac (ABI): Attempt to use a better, ABI-dependant,
default value for libdir.
* configure.ac (ABI): Detect which ABI the compiler is using.
On x86_64, also check for __arch64__.
-2010-03-28 Niels Möller <nisse@lysator.liu.se>
+2010-03-28 Niels Möller <nisse@lysator.liu.se>
* configure.ac (asm_path): For x86_64, check if compiler is
generating 32-bit code.
-2010-03-27 Niels Möller <nisse@lysator.liu.se>
+2010-03-27 Niels Möller <nisse@lysator.liu.se>
* testsuite/hmac-test.c (test_main): Rewrote rest of tests to use
HMAC_TEST, and added more tests from Daniel Kahn Gillmor and from
* hmac-sha224.c: New file.
-2010-03-26 Niels Möller <nisse@lysator.liu.se>
+2010-03-26 Niels Möller <nisse@lysator.liu.se>
* testsuite/hmac-test.c (HMAC_TEST): New macro.
(test_main): Use HMAC_TEST for the md5 and sha1 tests, and add
* sha224-meta.c: New file.
-2010-03-25 Niels Möller <nisse@lysator.liu.se>
+2010-03-25 Niels Möller <nisse@lysator.liu.se>
* hmac-sha384.c: New file.
(sha384_init): New function.
(sha384_digest): New function.
-2010-03-24 Niels Möller <nisse@lysator.liu.se>
+2010-03-24 Niels Möller <nisse@lysator.liu.se>
* sha512.c: (sha512_digest): Simplified handling of any final
partial word of the digest.
* testsuite/Makefile.in: Added hogweed dependency for the test
programs.
-2010-03-23 Niels Möller <nisse@lysator.liu.se>
+2010-03-23 Niels Möller <nisse@lysator.liu.se>
* testsuite/rsa-test.c (test_main): Test signing with sha512.
* rsa-sha512-sign.c: New file.
* pkcs1-rsa-sha512.c: New file.
-2010-03-22 Niels Möller <nisse@lysator.liu.se>
+2010-03-22 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (nettle_SOURCES): Added hmac-sha512.c.
* sha512-meta.c: New file.
* sha512.c: New file.
-2010-03-06 Niels Möller <nisse@lysator.liu.se>
+2010-03-06 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (distdir): Include x86_64 assembler files.
-2010-01-20 Niels Möller <nisse@lysator.liu.se>
+2010-01-20 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Check for mpz_powm_sec.
-2010-01-13 Niels Möller <nisse@lysator.liu.se>
+2010-01-13 Niels Möller <nisse@lysator.liu.se>
* Makefile.in ($(LIBHOGWEED_FORLINK)): Depend on
$(LIBNETTLE_FORLINK).
libhogweed.so work, without having to use RTLD_GLOBAL.
(LIBHOGWEED_LINK): Added -L., to find our libnettle.so.
-2009-10-21 Niels Möller <nisse@lysator.liu.se>
+2009-10-21 Niels Möller <nisse@lysator.liu.se>
* tools/Makefile.in (pkcs1-conv$(EXEEXT)): Added dependency on
../libhogweed.a.
-2009-10-19 Niels Möller <nisse@lysator.liu.se>
+2009-10-19 Niels Möller <nisse@lysator.liu.se>
* tools/pkcs1-conv.c: Updated for dsa/der interface change.
(dsa_openssl_private_key_from_der): Likewise.
* dsa.h: Corresponding changees to prototypes and #defines.
-2009-10-12 Niels Möller <nisse@lysator.liu.se>
+2009-10-12 Niels Möller <nisse@lysator.liu.se>
* sexp-format.c: Removed conditioning on HAVE_LIBGMP.
* testsuite/rsa2sexp-test.c (test_main): Updated testcase for
"rsa-pkcs1".
-2009-10-11 Niels Möller <nisse@lysator.liu.se>
+2009-10-11 Niels Möller <nisse@lysator.liu.se>
* rsa2sexp.c (rsa_keypair_to_sexp): Changed default algorithm name
to "rsa-pkcs1".
-2009-09-20 Niels Möller <nisse@lysator.liu.se>
+2009-09-20 Niels Möller <nisse@lysator.liu.se>
* x86/sha1-compress.asm: Improved performance by 17% on AMD K7,
by letting loopmix scramble the instruction order.
-2009-09-15 Niels Möller <nisse@lysator.liu.se>
+2009-09-15 Niels Möller <nisse@lysator.liu.se>
* x86/sha1-compress.asm: Cleanup, removing old cruft. Slight
improvement to ROUND_F1_NOEXP. Slight reduction of
dependency-chains.
-2009-08-25 Niels Möller <nisse@lysator.liu.se>
+2009-08-25 Niels Möller <nisse@lysator.liu.se>
* x86/sha1-compress.asm: Eliminated tmp variable for f3 rounds.
* examples/nettle-benchmark.c (bench_sha1_compress): New function,
for precise benchmarking of the compression function.
-2009-06-08 Niels Möller <nisse@lysator.liu.se>
+2009-06-08 Niels Möller <nisse@lysator.liu.se>
* Released nettle-2.0.
-2009-06-04 Niels Möller <nisse@lysator.liu.se>
+2009-06-04 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Set version to 2.0
-2009-05-30 Niels Möller <nisse@lysator.liu.se>
+2009-05-30 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (.texinfo.info): Don't use a temporary output file
$@T, trust makeinfo to remove output file on errors.
-2009-05-19 Niels Möller <nisse@lysator.liu.se>
+2009-05-19 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo: Changed license to public domain.
-2009-05-11 Niels Möller <nisse@lysator.liu.se>
+2009-05-11 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo: Fixes from Karl Berry. Added some more index
terms.
-2009-03-06 Niels Möller <nisse@lysator.liu.se>
+2009-03-06 Niels Möller <nisse@lysator.liu.se>
* x86_64/aes-encrypt-internal.asm: Reduced unrolling. Keep state
in %eax--%edx only.
(XREG): Fixed bug in handling of %r8 and %r9.
(AES_ROUND): Use MOVE_HREG.
-2009-02-10 Niels Möller <nisse@lysator.liu.se>
+2009-02-10 Niels Möller <nisse@lysator.liu.se>
* base16-meta.c (base16_encode_update_wrapper): Mark ctx argument
as UNUSED.
* tools/output.h (struct sexp_output): Removed union with single
element, and updated all users. New attribute soft_newline.
-2008-12-22 Niels Möller <nisse@lysator.liu.se>
+2008-12-22 Niels Möller <nisse@lysator.liu.se>
* Makefile.in ($(des_headers)): Create files in $(srcdir).
-2008-11-28 Niels Möller <nisse@lysator.liu.se>
+2008-11-28 Niels Möller <nisse@lysator.liu.se>
* testsuite/cxx-test.cxx: Include <cstdio>.
-2008-11-22 Niels Möller <nisse@lysator.liu.se>
+2008-11-22 Niels Möller <nisse@lysator.liu.se>
* yarrow256.c (yarrow256_fast_reseed): Set ctx->seeded = 1, so
that it is set if and only if the aes context has been initialized
(yarrow256_seed): No need to set ctx->seeded here.
(yarrow256_update): Likewise.
-2008-11-04 Niels Möller <nisse@lysator.liu.se>
+2008-11-04 Niels Möller <nisse@lysator.liu.se>
* examples/next-prime.c (main): Avoid using gmp_fprintf, to stay
compatible with gmp-3.1.
-2008-11-01 Niels Möller <nisse@lysator.liu.se>
+2008-11-01 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo: Updated for 2.0. New section on linking.
types to nettle-types.h. Use non-pointer types, so that the types
can be used to declare functions. Updated all users.
-2008-10-31 Niels Möller <nisse@lysator.liu.se>
+2008-10-31 Niels Möller <nisse@lysator.liu.se>
* testsuite/yarrow-test.c (test_main): Updated for seed file
changes.
* sha-example.c (display_hex): Use %02x, not %2x.
-2008-10-30 Niels Möller <nisse@lysator.liu.se>
+2008-10-30 Niels Möller <nisse@lysator.liu.se>
* tools/sexp-conv.c (main): Fixed file locking.
-2008-10-25 Niels Möller <nisse@lysator.liu.se>
+2008-10-25 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Set version to 2.0rc1.
* examples/Makefile.in (next-prime$(EXEEXT)): Added -lnettle to
linker.
-2008-10-24 Niels Möller <nisse@lysator.liu.se>
+2008-10-24 Niels Möller <nisse@lysator.liu.se>
* sha256.c (ROUND): Simplified macro.
* yarrow.h (struct yarrow256_ctx): Deleted seed_file buffer.
-2008-09-17 Niels Möller <nisse@lysator.liu.se>
+2008-09-17 Niels Möller <nisse@lysator.liu.se>
* x86/arcfour-crypt.asm: Improved loop logic, and unrolled
loop twice. Gave a modest speedup.
-2008-09-15 Niels Möller <nisse@lysator.liu.se>
+2008-09-15 Niels Möller <nisse@lysator.liu.se>
* yarrow256.c (yarrow256_seed): Disallow length == 0.
* x86_64/aes-decrypt-internal.asm: New file.
-2008-09-13 Niels Möller <nisse@lysator.liu.se>
+2008-09-13 Niels Möller <nisse@lysator.liu.se>
* x86/aes-encrypt-internal.asm: Replaced pushl and popl in the
loop with movl. Eliminated redundant movl.
(AES_ROUND): Use movzbl together with LREG and HREG.
(AES_SUBST_BYTE): Likewise.
-2008-09-10 Niels Möller <nisse@lysator.liu.se>
+2008-09-10 Niels Möller <nisse@lysator.liu.se>
* x86_64/sha1-compress.asm: Avoid using registers %rbx and %rbp,
which must be preserved.
-2008-09-08 Niels Möller <nisse@lysator.liu.se>
+2008-09-08 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (stamp-h.in): Use $(AUTOHEADER).
* x86_64/machine.m4: New file, new directory.
-2008-08-28 Niels Möller <nisse@lysator.liu.se>
+2008-08-28 Niels Möller <nisse@lysator.liu.se>
* examples/eratosthenes.c (main): Rewrote block-wise sieving to
use less memory. New options -s and -v.
-2008-08-27 Niels Möller <nisse@lysator.liu.se>
+2008-08-27 Niels Möller <nisse@lysator.liu.se>
* testsuite/sexp-conv-test (print_raw, print_nl): Use printf.
Updated testcases with comments; comments are now preserved.
* configure.ac: Check for fcntl file locking.
-2008-08-26 Niels Möller <nisse@lysator.liu.se>
+2008-08-26 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (tags-here): Put TAGS file in the source directory.
* examples/Makefile.in (tags): Likewise.
* testsuite/Makefile.in (tags): Likewise.
* tools/Makefile.in (tags): Likewise.
-2008-02-29 Niels Möller <nisse@lysator.liu.se>
+2008-02-29 Niels Möller <nisse@lysator.liu.se>
* examples/Makefile.in (SOURCES): Added next-prime.c.
-2008-01-05 Niels Möller <nisse@lysator.liu.se>
+2008-01-05 Niels Möller <nisse@lysator.liu.se>
* examples/Makefile.in (TARGETS): Added eratosthenes and next-prime.
(next-prime, eratosthenes): New rules.
* configure.ac: Check for sizeof(long).
-2008-01-03 Niels Möller <nisse@lysator.liu.se>
+2008-01-03 Niels Möller <nisse@lysator.liu.se>
* examples/nettle-benchmark.c (main): Removed incorrect UNUSED
from declaration.
* bignum-next-prime.c: Moved the bignum_next_prime function to a
separate file.
-2007-09-08 Niels Möller <nisse@lysator.liu.se>
+2007-09-08 Niels Möller <nisse@lysator.liu.se>
* sparc64/aes-encrypt-internal.asm: The directory with the aes.m4
include file was renamed from "sparc" to "sparc32". Updated include.
* sparc32/aes-encrypt-internal.asm: Likewise.
* sparc32/aes-decrypt-internal.asm: Likewise.
-2007-09-07 Niels Möller <nisse@lysator.liu.se>
+2007-09-07 Niels Möller <nisse@lysator.liu.se>
* examples/read_rsa_key.c: Include stdlib.h.
-2007-06-02 Niels Möller <nisse@lysator.liu.se>
+2007-06-02 Niels Möller <nisse@lysator.liu.se>
* Makefile.in: Typo fixes to install targets, spotted by Magnus
Holmgren.
-2007-05-14 Niels Möller <niels@s3.kth.se>
+2007-05-14 Niels Möller <niels@s3.kth.se>
* configure.ac: Fixed copy-and-paste errors in shared library
name setup.
* testsuite/Makefile.in (TS_NETTLE_SOURCES, TS_HOGWEED_SOURCES):
Separate test cases using nettle and those also using hogweed.
-2007-04-05 Niels Möller <nisse@lysator.liu.se>
+2007-04-05 Niels Möller <nisse@lysator.liu.se>
* Moved in CVS tree. Also renamed directory sparc to sparc32.
-2007-02-24 Niels Möller <nisse@lysator.liu.se>
+2007-02-24 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (clean-here): Remove .lib directory.
(distclean-here): Remove machine.m4.
-2006-12-05 Niels Möller <nisse@lysator.liu.se>
+2006-12-05 Niels Möller <nisse@lysator.liu.se>
* configure.ac: AC_PREREQ 2.61, for AC_PROG_MKDIR_P.
* config.make.in (datarootdir): New directory variable (for
autoconf-2.61).
-2006-11-28 Niels Möller <nisse@lysator.liu.se>
+2006-11-28 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Bumped version to 1.16.
* Released nettle-1.15.
-2006-11-27 Niels Möller <nisse@lysator.liu.se>
+2006-11-27 Niels Möller <nisse@lysator.liu.se>
* NEWS: New entry for nettle-1.15.
* COPYING, INSTALL, install-sh, texinfo.tex: Updated files, from
automake-1.10.
-2006-11-27 Niels Möller <niels@s3.kth.se>
+2006-11-27 Niels Möller <niels@s3.kth.se>
* tools/Makefile.in (install): Use MKDIR_P to create installation
directory. Install only one file at a time.
* configure.ac: Use AC_PROG_MKDIR_P.
-2006-11-24 Niels Möller <nisse@lysator.liu.se>
+2006-11-24 Niels Möller <nisse@lysator.liu.se>
* testsuite/yarrow-test.c (test_main): Use gold-bug.txt as input
file, instead of rfc1750.txt.
* testsuite/rfc1750.txt: Deleted file. Debian considers RFC:s
non-free, and it was expired anyway. Replaced by gold-bug.txt.
-2006-11-24 Niels Möller <niels@s3.kth.se>
+2006-11-24 Niels Möller <niels@s3.kth.se>
* Almost all header files: Added C++ guards.
* testsuite/cxx-test.cxx: New testcase, trying to use nettle from
a C++ program.
-2006-08-28 Niels Möller <niels@s3.kth.se>
+2006-08-28 Niels Möller <niels@s3.kth.se>
* index.html: Added section on language bindings.
-2006-06-10 Niels Möller <niels@s3.kth.se>
+2006-06-10 Niels Möller <niels@s3.kth.se>
* configure.ac: Darwin shared library support, from Grant
Robinsson.
-2006-05-18 Niels Möller <nisse@lysator.liu.se>
+2006-05-18 Niels Möller <nisse@lysator.liu.se>
* src/nettle/x86/aes.asm: Deleted unused file.
(install-here, install-shared, install-info, install-headers): Use
plain mkdir, not $(INSTALL) -d.
-2006-05-16 Niels Möller <niels@s3.kth.se>
+2006-05-16 Niels Möller <niels@s3.kth.se>
Merged from the lsh experimental branch.
-2006-04-26 Niels Möller <nisse@lysator.liu.se>
+2006-04-26 Niels Möller <nisse@lysator.liu.se>
* examples/rsa-decrypt.c: Don't include "getopt.h", since it's not used.
* examples/nettle-benchmark.c: Include "getopt.h".
* asm.m4 (ALIGN): New macro. Takes a logarithmic argument, and
expands to a .align directive.
-2006-04-21 Niels Möller <nisse@lysator.liu.se>
+2006-04-21 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo (Public-key algorithms): Say that the public key
operations are undocumented, not unsupported. Reported by Jeronimo
Pellegrini.
-2006-04-08 Niels Möller <nisse@lysator.liu.se>
+2006-04-08 Niels Möller <nisse@lysator.liu.se>
* tools/pkcs1-conv.c (read_pem): Fixed c99-style declaration.
- Reported by Henrik Grubbström.
+ Reported by Henrik Grubbström.
-2006-01-31 Niels Möller <niels@s3.kth.se>
+2006-01-31 Niels Möller <niels@s3.kth.se>
* examples/rsa-verify.c: Fixed typo in usage message.
-2005-12-05 Niels Möller <nisse@lysator.liu.se>
+2005-12-05 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Bumped version to 1.15,
* configure.ac (SHLIBMINOR): Increased minor number. Library
version is now libnettle.so.2.5, soname still libnettle.so.2.
-2005-11-28 Niels Möller <nisse@lysator.liu.se>
+2005-11-28 Niels Möller <nisse@lysator.liu.se>
* config.make.in (INSTALL): Don't substitute INSTALL, INSTALL_DATA
and friends here, to get a correct a relative filename for
and friends here.
* Makefile.in (INSTALL): Likewise.
-2005-11-27 Niels Möller <nisse@lysator.liu.se>
+2005-11-27 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (.texinfo.pdf): New rule. Avoid dependency on
intermediate .dvi and .ps files.
* Makefile.in (install-info, install-headers): Don't use $< and
$?; Solaris make doesn't support them in explicit rules.
-2005-11-26 Niels Möller <nisse@lysator.liu.se>
+2005-11-26 Niels Möller <nisse@lysator.liu.se>
* testsuite/Makefile.in: Include .test-rules.make, which contains
the rules for all the test executables.
* testsuite/.test-rules.make: Automatically generated file for
building the test programs.
-2005-11-25 Niels Möller <nisse@lysator.liu.se>
+2005-11-25 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Disable assembler when compiling with rntcl.
* examples/Makefile.in: Use explicit rules for all executable
targets. Use $(EXEEXT) and $(OBJEXT) more consistently.
-2005-11-25 Niels Möller <niels@s3.kth.se>
+2005-11-25 Niels Möller <niels@s3.kth.se>
* testsuite/Makefile.in: Avoid using single-suffix rule to build
executables.
-2005-11-24 Niels Möller <niels@s3.kth.se>
+2005-11-24 Niels Möller <niels@s3.kth.se>
* Makefile.in (distdir): Use [ -f, not [ -e, since the latter
is less portable, and not supported by Solaris /bin/sh.
-2005-11-23 Niels Möller <niels@s3.kth.se>
+2005-11-23 Niels Möller <niels@s3.kth.se>
* testsuite/Makefile.in (DISTFILES): Added teardown-env.
* testsuite/teardown-env: New file. Delete files created by the
testsuite.
-2005-11-21 Niels Möller <nisse@lysator.liu.se>
+2005-11-21 Niels Möller <nisse@lysator.liu.se>
* testsuite/testutils.c (main): Fixed check for -v option. Spotted
by Goran K.
-2005-11-21 Niels Möller <niels@s3.kth.se>
+2005-11-21 Niels Möller <niels@s3.kth.se>
* ctr.h (CTR_CTX, CTR_CRYPT): Fixed bugs, spotted by Goran K.
-2005-11-20 Niels Möller <nisse@lysator.liu.se>
+2005-11-20 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (nettle_SOURCES): Added der2rsa.c.
* asn1.h: Added name mangling defines, and a few new declarations.
-2005-11-13 Niels Möller <nisse@lysator.liu.se>
+2005-11-13 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (nettle_SOURCES): Added der-iterator.c.
(HEADERS): Added asn1.h.
* der-iterator.c: New file.
* asn1.h: New file.
-2005-11-07 Niels Möller <nisse@lysator.liu.se>
+2005-11-07 Niels Möller <nisse@lysator.liu.se>
* examples/nettle-benchmark.c: Check HAVE_UNISTD_H.
* config.guess, config.sub: In the CVS tree, moved files to the
lsh top-level directory.
-2005-10-23 Niels Möller <nisse@lysator.liu.se>
+2005-10-23 Niels Möller <nisse@lysator.liu.se>
* sparc64/arcfour-crypt.asm: New file, almost the same as
sparc/arcfour-crypt.asm.
read accesses at SRC; could be improved int he case that SRC and
DST have compatible alignment.
-2005-10-19 Niels Möller <niels@s3.kth.se>
+2005-10-19 Niels Möller <niels@s3.kth.se>
* testsuite/arcfour-test.c (test_main): New testcase with 512
bytes of data.
-2005-10-19 Niels Möller <nisse@lysator.liu.se>
+2005-10-19 Niels Möller <nisse@lysator.liu.se>
* sparc/arcfour-crypt.asm: Fixed bug, spotted by Mikael Kalms. We
must order the store at [CTX+I] before the load of [CTX+SI+SJ].
-2005-10-18 Niels Möller <nisse@lysator.liu.se>
+2005-10-18 Niels Möller <nisse@lysator.liu.se>
* sparc/arcfour-crypt.asm: Special unrolled code if SRC and DST
have compatible alignment. Improves performance by 20%, but I'm
numbers. Convert in the same way as for positive numbers, and then
subtract the appropriate power of two.
-2005-10-17 Niels Möller <nisse@lysator.liu.se>
+2005-10-17 Niels Möller <nisse@lysator.liu.se>
* bignum.c (nettle_mpz_from_octets): Improved loop. Removed the
- digit temporary (suggested by Torbjörn Granlund).
+ digit temporary (suggested by Torbjörn Granlund).
* sparc/arcfour-crypt.asm: Improved instruction scheduling.
* x86/arcfour-crypt.asm: Use ARCFOUR_I and ARCFOUR_J
* asm.m4 (ARCFOUR): New struct.
-2005-10-17 Niels Möller <niels@s3.kth.se>
+2005-10-17 Niels Möller <niels@s3.kth.se>
* aes-internal.h (struct aes_table): Deleted idx and sparc_idx
arrays.
* aes-decrypt.c (_aes_decrypt_table): Likewise.
* asm.m4 (AES): Likewise
-2005-10-16 Niels Möller <nisse@lysator.liu.se>
+2005-10-16 Niels Möller <nisse@lysator.liu.se>
* tools/input.c (sexp_get_char): Use unsigned for the done flag.
them as arguments.
(AES_FINAL_ROUND): New macro.
-2005-10-15 Niels Möller <nisse@lysator.liu.se>
+2005-10-15 Niels Möller <nisse@lysator.liu.se>
* configure.ac (OBJDUMP): Substitute the program false if objdump
is not found.
* sparc/aes-encrypt-internal.asm: New file.
-2005-10-14 Niels Möller <nisse@lysator.liu.se>
+2005-10-14 Niels Möller <nisse@lysator.liu.se>
* x86/aes-decrypt.asm, x86/aes-encrypt.asm: Deleted files.
* aes-decrypt-internal.c (_nettle_aes_decrypt): New AES decryption
function, analogous to _nettle_aes_encrypt.
-2005-10-14 Niels Möller <niels@s3.kth.se>
+2005-10-14 Niels Möller <niels@s3.kth.se>
* aes-internal.h (AES_ROUND, AES_FINAL_ROUND): New macros.
* sha1-compress.c: Added debugging code.
* md5-compress.c: Likewise.
-2005-10-13 Niels Möller <niels@s3.kth.se>
+2005-10-13 Niels Möller <niels@s3.kth.se>
* config.m4.in (ASM_MARK_NOEXEC_STACK): Use a diversion, to
substitute the value of ASM_MARK_NOEXEC_STACK at the end of each
* sparc64/aes.asm: New file. Copy of sparc/aes.asm, with minor
changes to the stack frame layout. Patch contributed by Henrik
- Grubbström. Not yet tested.
+ Grubbström. Not yet tested.
* x86/md5-compress.asm: Skip copying of input to the stack, and
don't allocate space for it.
* configure.ac (asm_path): Check for sparc64, and use sparc64
subdirectory. Link in md5-compress.asm, if it exists.
-2005-10-13 Niels Möller <nisse@lysator.liu.se>
+2005-10-13 Niels Möller <nisse@lysator.liu.se>
* x86/md5-compress.asm (REF): Fixed calculation of offset.
-2005-10-12 Niels Möller <nisse@lysator.liu.se>
+2005-10-12 Niels Möller <nisse@lysator.liu.se>
* x86/machine.m4 (OFFSET): Moved macro, used to be in...
* x86/sha1-compress.asm (OFFSET): ... removed macro.
* x86/md5-compress.asm: New file, with first attempt at md5
assembler. Not yet working.
-2005-10-11 Niels Möller <nisse@lysator.liu.se>
+2005-10-11 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (nettle_SOURCES): Added md5-compress.c.
* md5-compress.c (_nettle_md5_compress): New file and new function.
-2005-10-10 Niels Möller <niels@s3.kth.se>
+2005-10-10 Niels Möller <niels@s3.kth.se>
* testsuite/Makefile.in (EXTRA_SOURCES, EXTRA_TARGETS): New
variables, for test cases that are not run by default.
* sha1.c (sha1_block): Deleted function; inlined where used.
(SHA1_INCR): New macro for incrementing the block count.
-2005-10-06 Niels Möller <nisse@lysator.liu.se>
+2005-10-06 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Bumped version to 1.14.
$(DISTFILES) from source and build directories. For some reason,
$? failed to find stamp-h.in in the source directory.
-2005-10-05 Niels Möller <nisse@lysator.liu.se>
+2005-10-05 Niels Möller <nisse@lysator.liu.se>
* x86/aes-decrypt.asm: Use C_NAME(_nettle_aes_decrypt_table) when
using the AES_SUBST_BYTE macro. Use PROLOGUE and EPILOGUE.
compute offsets mod 16, since m4 on FreeBSD 49.RELEASE and NetBSD
doesn't implement & correctly in eval.
-2005-10-03 Niels Möller <nisse@lysator.liu.se>
+2005-10-03 Niels Möller <nisse@lysator.liu.se>
* x86/sha1-compress.asm (OFFSET): New macro.
(F3): Eliminated a movl.
(ROUND): New argument, for k. When using F3, it's TMP3, on the
stack, otherwise, it is kept in TMP2, a register.
-2005-10-03 Niels Möller <niels@s3.kth.se>
+2005-10-03 Niels Möller <niels@s3.kth.se>
* examples/nettle-openssl.c: Use correct block sizes for openssl
ciphers.
* examples/nettle-benchmark.c: Also display cycles per block.
-2005-10-02 Niels Möller <nisse@lysator.liu.se>
+2005-10-02 Niels Möller <nisse@lysator.liu.se>
* sha1-compress.c (_nettle_sha1_compress): Updated to new
interface. Now responsible for byte conversion.
argument is now a pointer to the input data in unaligned,
big-endian form.
-2005-09-28 Niels Möller <niels@s3.kth.se>
+2005-09-28 Niels Möller <niels@s3.kth.se>
* sha1.c (sha1_final): Call sha1_block, don't call the compression
function _nettle_sha1_compress directly.
* examples/nettle-openssl.c: Updated openssl des glue to use the
new openssl des interface. Added glue for arcfour and aes.
-2005-09-27 Niels Möller <nisse@lysator.liu.se>
+2005-09-27 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo (RSA): Improved text about the RSA patent.
Use @documentencoding ISO-8859-1.
-2005-09-07 Niels Möller <niels@s3.kth.se>
+2005-09-07 Niels Möller <niels@s3.kth.se>
* tools/sexp-conv.c (parse_options): New option --raw-hash, for
compatibility with lsh-1.x. Equivalent to --hash.
-2005-09-06 Niels Möller <niels@s3.kth.se>
+2005-09-06 Niels Möller <niels@s3.kth.se>
* tools/sexp-conv.c (main): With --hash, output a newline after
each hash.
-2005-07-02 Niels Möller <nisse@lysator.liu.se>
+2005-07-02 Niels Möller <nisse@lysator.liu.se>
* testsuite/Makefile.in (TS_SOURCES): Added ctr-test.c.
* nettle-types.h: New file. Automatically generated declarations
are now in nettle-stdint.h.
-2005-03-17 Niels Möller <niels@s3.kth.se>
+2005-03-17 Niels Möller <niels@s3.kth.se>
* config.guess: Support Solaris on x86_64. Fix by Henrik
- Grubbström.
+ Grubbström.
-2005-01-03 Niels Möller <niels@s3.kth.se>
+2005-01-03 Niels Möller <niels@s3.kth.se>
* examples/io.h: Include RSA declarations only when public key
algorithms are enabled. Problem reported by Meilof Veeningen
<meilof@gmail.com>.
-2004-12-07 Niels Möller <nisse@lysator.liu.se>
+2004-12-07 Niels Möller <nisse@lysator.liu.se>
* Makefile.in: Install directories, using $(INSTALL) -d, only if
they don't exist already.
-2004-12-05 Niels Möller <nisse@lysator.liu.se>
+2004-12-05 Niels Möller <nisse@lysator.liu.se>
* config.make.in (.PRECIOUS): Reverted earlier change. We need
.PRECIOUS to stop GNU make from deleting object files for the test
programs.
-2004-12-02 Niels Möller <nisse@lysator.liu.se>
+2004-12-02 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (.SUFFIXES): Moved from Makefile.in to...
* config.make.in (.SUFFIXES): ... here. This helps compilation
(clean distclean mostlyclean maintainer-clean): Don't use the -C
flag when invoking make, for compatibility with Solaris make.
-2004-12-02 Niels Möller <niels@s3.kth.se>
+2004-12-02 Niels Möller <niels@s3.kth.se>
* Makefile.in (aesdata, desdata): Commented out the explicit
targets.
(shadata): Avoid using $< in non-pattern rule.
-2004-12-01 Niels Möller <nisse@lysator.liu.se>
+2004-12-01 Niels Möller <nisse@lysator.liu.se>
* config.make.in: Added a default target.
-2004-11-29 Niels Möller <nisse@lysator.liu.se>
+2004-11-29 Niels Möller <nisse@lysator.liu.se>
* testsuite/Makefile.in: Use .$(OBJEXT). Explicitly set .SUFFIXES.
* Makefile.in: Use .$(OBJEXT).
-2004-11-28 Niels Möller <nisse@lysator.liu.se>
+2004-11-28 Niels Möller <nisse@lysator.liu.se>
* tools/Makefile.in (nettle-lfib-stream): Avoid using $< in
non-suffix rule.
* tools/Makefile.in: Likewise.
* testsuite/Makefile.in: Likewise.
-2004-11-24 Niels Möller <niels@s3.kth.se>
+2004-11-24 Niels Möller <niels@s3.kth.se>
* configure.ac: Fixed typo, preventing the creation of dependency
files.
-2004-11-23 Niels Möller <nisse@lysator.liu.se>
+2004-11-23 Niels Möller <nisse@lysator.liu.se>
* Makefile.in: Use DEP_INCLUDE.
* tools/Makefile.in: Likewise.
* configure.ac (dummy-dep-files): Generate only of dependency
tracking is enabled.
-2004-11-18 Niels Möller <nisse@lysator.liu.se>
+2004-11-18 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (clean-here): The clean target should not delete the
dependency files. Moved to the distclean target.
* configure.ac (ASM_SYMBOL_PREFIX): Fixed test.
(dummy-dep-files): Added quotes to sed command.
-2004-11-17 Niels Möller <nisse@lysator.liu.se>
+2004-11-17 Niels Möller <nisse@lysator.liu.se>
* testsuite/symbols-test: Try plain nm if nm -g doesn't work.
* configure.ac (ASM_SYMBOL_PREFIX): Check if global symbols have a
leading underscore.
-2004-11-16 Niels Möller <nisse@lysator.liu.se>
+2004-11-16 Niels Möller <nisse@lysator.liu.se>
* Deleted getopt.c, getopt.h and getopt1.c from the CVS tree. Link
them from shared copies in lsh/misc instead.
-2004-11-14 Niels Möller <nisse@lysator.liu.se>
+2004-11-14 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (DEP_FILES): Try include with only one macro
argument to be expanted.
* configure.ac (dummy-dep-files): Create dummy dependency files,
so that they can be included by the makefiles.
-2004-11-13 Niels Möller <nisse@lysator.liu.se>
+2004-11-13 Niels Möller <nisse@lysator.liu.se>
* Makefile.in: Don't use -include, as it's GNU make specific.
* examples/Makefile.in, tools/Makefile.in, testsuite/Makefile.in:
cast.h, des.h. Renamed symbol HAVE_LIBCRYPTO to WITH_OPENSSL. New
configure option --disable-openssl.
-2004-11-04 Niels Möller <nisse@lysator.liu.se>
+2004-11-04 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Bumped version to 1.13.
* Released nettle-1.12.
-2004-11-04 Niels Möller <niels@s3.kth.se>
+2004-11-04 Niels Möller <niels@s3.kth.se>
* nettle.texinfo (UPDATED-FOR): Bumped to 1.12.
-2004-11-02 Niels Möller <nisse@lysator.liu.se>
+2004-11-02 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo (Cipher functions): Updated AES documentation,
for aes_set_encrypt_key and aes_set_decrypt_key.
pattern. (This file really lives in the lsh tree, as
lsh/acinclude.m4. For a complete ChangeLog, see lsh/Changelog).
-2004-10-26 Niels Möller <nisse@lysator.liu.se>
+2004-10-26 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Bumped version to 1.12.
* x86/arcfour-crypt.asm: Use movzbl when extending %cl to 32 bits.
-2004-10-24 Niels Möller <nisse@lysator.liu.se>
+2004-10-24 Niels Möller <nisse@lysator.liu.se>
* x86/arcfour-crypt.asm: Reverted the latest two changes; update
bost src and dst pointers in the loop, and use plain addb when
updating j. These two previous changes slowed the code down on AMD
Duron.
-2004-10-21 Niels Möller <nisse@lysator.liu.se>
+2004-10-21 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (install-shared): Use $(INSTALL_PROGRAM).
* Makefile.in (DISTFILES): Added asm.m4.
-2004-10-21 Niels Möller <niels@s3.kth.se>
+2004-10-21 Niels Möller <niels@s3.kth.se>
* examples/Makefile.in: Deleted all configure-related rules,
except the one rebuilding this Makefile. One should run make at
Rewrote the configure-related rules, mostly based on the example
in the autoconf manual.
-2004-10-20 Niels Möller <nisse@lysator.liu.se>
+2004-10-20 Niels Möller <nisse@lysator.liu.se>
* examples/nettle-openssl.c (NCOMPAT): Disable openssl backwards
compatibility.
* testsuite/Makefile.in: Likewise
* tools/Makefile.in: Likewise.
-2004-10-20 Niels Möller <niels@s3.kth.se>
+2004-10-20 Niels Möller <niels@s3.kth.se>
* Makefile.in: In the assembler rules, there's no need to look in
$(srcdir) for the input file.
* x86/arcfour-crypt.asm (nettle_arcfour_crypt): Replaced addb ->
addl + andl $0xff, improving speed on PPro by another 15%.
-2004-10-20 Niels Möller <nisse@lysator.liu.se>
+2004-10-20 Niels Möller <nisse@lysator.liu.se>
* tools/Makefile.in (install): Support DESTDIR.
(uninstall): New target.
* config.make.in (COMPILE): Add $(INCLUDE) to the line.
-2004-10-19 Niels Möller <nisse@lysator.liu.se>
+2004-10-19 Niels Möller <nisse@lysator.liu.se>
Stop using automake. Replaced each Makefile.am with a hand-written
Makefile.in.
* .bootstrap: Don't run aclocal and automake.
* config.make.in: New file, with shared Makefile variables and rules.
-2004-10-18 Niels Möller <nisse@lysator.liu.se>
+2004-10-18 Niels Möller <nisse@lysator.liu.se>
* x86/arcfour-crypt.asm (nettle_arcfour_crypt): Replace incb ->
incl + andl, to improve speed on PPro and PII. Suggested by
Fredrik Olsson.
-2004-10-08 Niels Möller <niels@s3.kth.se>
+2004-10-08 Niels Möller <niels@s3.kth.se>
* examples/rsa-encrypt-test: Avoid reading and executing a file at
the same time.
* examples/setup-env: Likewise.
-2004-10-06 Niels Möller <niels@s3.kth.se>
+2004-10-06 Niels Möller <niels@s3.kth.se>
* testsuite/symbols-test: Ignore __i686.get_pc_thunk.bx and
similar symbols.
-2004-10-05 Niels Möller <nisse@lysator.liu.se>
+2004-10-05 Niels Möller <nisse@lysator.liu.se>
* twofish.c (q_table): Use a const pointer array.
* list-obj-sizes.awk: Fixes to handle multiple .data and .rodata
sections. Also fixed to handle the last file correctly.
-2004-09-23 Niels Möller <nisse@lysator.liu.se>
+2004-09-23 Niels Möller <nisse@lysator.liu.se>
* configure.ac (SHLIBLINK, SHLIBLIBS): On cygwin, linking needs
-Wl,--whole-archive $(OBJECTS) -Wl,--no-whole-archive $(LIBS).
-2004-09-22 Niels Möller <niels@s3.kth.se>
+2004-09-22 Niels Möller <niels@s3.kth.se>
* configure.ac: Setup SHLIBFORLINK and friends for cygwin.
(SHLIBSONAME): Check if this name is empty, which is the case on
cygwin, before using it.
-2004-08-31 Niels Möller <nisse@lysator.liu.se>
+2004-08-31 Niels Möller <nisse@lysator.liu.se>
* configure.ac: New command line option --disable-pic. Use
LSH_CCPIC.
* Makefile.am (libnettle_a_CFLAGS): Added $(CCPIC), to attempt to
build also the static library as position independent code.
-2004-08-24 Niels Möller <nisse@lysator.liu.se>
+2004-08-24 Niels Möller <nisse@lysator.liu.se>
* des-compat.c (des_cbc_cksum): Pad input with NUL's, if it's not
an integral number of blocks.
-2004-08-24 Niels Möller <niels@s3.kth.se>
+2004-08-24 Niels Möller <niels@s3.kth.se>
* testsuite/arctwo-test.c, arctwo.h, arctwo.c
(arctwo_set_key_ekb): Fixed typo; it should be "ekb", not "ebk".
* macros.h (LE_READ_UINT16, LE_WRITE_UINT16): New macros.
-2004-08-23 Niels Möller <nisse@lysator.liu.se>
+2004-08-23 Niels Möller <nisse@lysator.liu.se>
* testsuite/md5-test.c (test_main): Added collision, found in 2004.
(test_main): Added second collision.
-2004-08-23 Niels Möller <niels@s3.kth.se>
+2004-08-23 Niels Möller <niels@s3.kth.se>
* testsuite/md5-test.c (test_main): Added first half of a
collision test case.
* des-compat.h (const_des_cblock): New bogus type. Disabled use of
const, for compatibility with openssl.
-2004-06-08 Niels Möller <niels@s3.kth.se>
+2004-06-08 Niels Möller <niels@s3.kth.se>
* aesdata.c: Renamed log and ilog to gf2_log and gf2_exp.
-2004-04-07 Niels Möller <nisse@lysator.liu.se>
+2004-04-07 Niels Möller <nisse@lysator.liu.se>
* aes-set-encrypt-key.c (log, ilog): Deleted unused tables.
* aes-set-decrypt-key.c (gf2_log, gf2_exp, mult): Renamed tables,
were log and ilog.
-2004-03-20 Niels Möller <nisse@lysator.liu.se>
+2004-03-20 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Use AC_CONFIG_AUX_DIR([.]).
-2004-03-18 Niels Möller <niels@s3.kth.se>
+2004-03-18 Niels Möller <niels@s3.kth.se>
* examples/io.c (read_file): Display a message if fopen fails.
-2004-03-05 Niels Möller <nisse@lysator.liu.se>
+2004-03-05 Niels Möller <nisse@lysator.liu.se>
* Released nettle-1.10.
* configure.ac (SHLIBMINOR): Shared library version is now 2.2.
-2004-03-04 Niels Möller <nisse@lysator.liu.se>
+2004-03-04 Niels Möller <nisse@lysator.liu.se>
* testsuite/symbols-test: Pass -g flag to nm.
-2004-03-02 Niels Möller <nisse@lysator.liu.se>
+2004-03-02 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Fixed EXEEXT workaround.
-2004-03-02 Niels Möller <niels@s3.kth.se>
+2004-03-02 Niels Möller <niels@s3.kth.se>
* configure.ac: Added workaround to get the correct $(EXEEXT)=''
when compiling with rntcl.
-2004-03-02 Niels Möller <nisse@lysator.liu.se>
+2004-03-02 Niels Möller <nisse@lysator.liu.se>
* testsuite/Makefile.am (noinst_PROGRAMS): Put test program list
here, to let automake add $(EXEEXT).
* configure.ac (RSA_EXAMPLES): Append $(EXEEXT) to the filenames.
-2004-03-01 Niels Möller <nisse@lysator.liu.se>
+2004-03-01 Niels Möller <nisse@lysator.liu.se>
* examples/rsa-keygen.c, examples/rsa-encrypt.c,
examples/rsa-decrypt.c: Include "getopt.h" instead of <unistd.h>.
* testsuite/testutils.c (main): Don't use getopt. Then we don't
need to include <unistd.h>.
-2004-03-01 Niels Möller <niels@s3.kth.se>
+2004-03-01 Niels Möller <niels@s3.kth.se>
* config.guess: Copied from automake-1.8.2. Hacked to recognize
Windows_NT (and Windows_95 and Windows_98) running on "x86" and
* install-sh: Removed from CVS repository. Let automake supply it.
-2004-02-26 Niels Möller <nisse@lysator.liu.se>
+2004-02-26 Niels Möller <nisse@lysator.liu.se>
* nettle-meta.h (nettle_crypt_func): Typedef moved to cbc.h.
Include cbc.h instead.
for typing the f argument. Reverted the const change, for
compatibility with nettle_crypt_func.
-2004-02-25 Niels Möller <nisse@lysator.liu.se>
+2004-02-25 Niels Möller <nisse@lysator.liu.se>
* testsuite/des-compat-test.c: Use des_cblock for typing more of
the variables. Use const. Got rid of most of the explicit casts.
* des-compat.c (des_cbc_cksum): Dereference DST pointer.
-2004-02-25 Niels Möller <niels@s3.kth.se>
+2004-02-25 Niels Möller <niels@s3.kth.se>
* pgp.h: Include nettle-types.h.
-2004-02-24 Niels Möller <nisse@lysator.liu.se>
+2004-02-24 Niels Möller <nisse@lysator.liu.se>
* testsuite/symbols-test: Allow symbols starting with double
underscores, like on darwin.
-2004-02-17 Niels Möller <niels@s3.kth.se>
+2004-02-17 Niels Möller <niels@s3.kth.se>
* Makefile.am: Protected %-rules used for building pure objects,
and for assembler files, by automake conditionals. Needed for
* testsuite/testutils.c (xalloc): xalloc(0) should work also on
systems where malloc(0) returns NULL.
-2004-02-16 Niels Möller <niels@s3.kth.se>
+2004-02-16 Niels Möller <niels@s3.kth.se>
* Makefile.am (%.o: %.asm): Added comment about OSF1 make problem.
-2004-02-15 Niels Möller <nisse@lysator.liu.se>
+2004-02-15 Niels Möller <nisse@lysator.liu.se>
* testsuite/testutils.h: #include nettle-types.h instead of
inttypes.h.
-2004-02-12 Niels Möller <nisse@lysator.liu.se>
+2004-02-12 Niels Möller <nisse@lysator.liu.se>
* examples/rsa-encrypt-test: Use -r option when invoking
rsa-encrypt. Needed for the test to work on systems with no
/dev/urandom.
-2004-02-12 Niels Möller <niels@s3.kth.se>
+2004-02-12 Niels Möller <niels@s3.kth.se>
* configure.ac (CPPFLAGS, LDFLAGS): No spaces after -I and -L, as
some C compilers, in particular True64 cc, don't like that.
-2004-02-08 Niels Möller <nisse@lysator.liu.se>
+2004-02-08 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Bumped version number to 1.10.
-2004-02-07 Niels Möller <nisse@lysator.liu.se>
+2004-02-07 Niels Möller <nisse@lysator.liu.se>
* Released nettle-1.9.
* Makefile.am (nodist_libnettleinclude_HEADERS): nettle-types.h
should not be distributed.
-2004-02-06 Niels Möller <niels@s3.kth.se>
+2004-02-06 Niels Möller <niels@s3.kth.se>
* x86/sha1-compress.asm: Rename round -> ROUND.
* x86/sha1-compress.asm (EXPAND): Fixed the rotation part of the
data expansion.
-2004-02-06 Niels Möller <nisse@lysator.liu.se>
+2004-02-06 Niels Möller <nisse@lysator.liu.se>
* x86/sha1-compress.asm: Assembler implementation of
sha1_compress. (Not yet working).
moved to...
* sha1-compress.c: ... New file.
-2004-02-05 Niels Möller <nisse@lysator.liu.se>
+2004-02-05 Niels Möller <nisse@lysator.liu.se>
* examples/rsa-encrypt.c (process_file): Copy the leftover to the
start of the buffer, when preparing for the final processing.
* arcfour.c (arcfour_stream): Likewise.
* arcfour-crypt.c (arcfour_crypt): Likewise.
-2004-02-05 Niels Möller <niels@s3.kth.se>
+2004-02-05 Niels Möller <niels@s3.kth.se>
* x86/arcfour-crypt.asm (nettle_arcfour_crypt): Must store the new
i, j at the end of the loop.
* arcfour-crypt.c (arcfour_crypt): New file.
* arcfour.c (arcfour_crypt): Optimization suggested by Jonas
- Walldén. Makes arcfour up to 50% faster on x86 and ppc, and
+ Walldén. Makes arcfour up to 50% faster on x86 and ppc, and
probably on other architectures as well.
-2004-01-31 Niels Möller <nisse@lysator.liu.se>
+2004-01-31 Niels Möller <nisse@lysator.liu.se>
* configure.ac (AX_CREATE_STDINT_H): Also look for uint32_t and
friends in sys/types.h.
-2004-01-11 Niels Möller <nisse@harpo.hack.org>
+2004-01-11 Niels Möller <nisse@harpo.hack.org>
* Makefile.am (libnettleinclude_HEADERS): Added bignum.h,
memxor.h, pkcs1.h and rsa-compat.h.
* configure.ac: Bumped version to 1.9.
-2004-01-10 Niels Möller <nisse@harpo.hack.org>
+2004-01-10 Niels Möller <nisse@harpo.hack.org>
* Released nettle-1.8.
* configure.ac (SHLIBMAJOR): Bumped to 2.
-2004-01-09 Niels Möller <nisse@harpo.hack.org>
+2004-01-09 Niels Möller <nisse@harpo.hack.org>
* examples/rsa-encrypt-test: New testcase.
* examples/io.c (write_string): Treat short item count as an error.
-2004-01-08 Niels Möller <niels@s3.kth.se>
+2004-01-08 Niels Möller <niels@s3.kth.se>
* index.html: Added instructions for CVS access.
imposing a hard limit on what can be allocated. Updated all users
of alloca.
-2004-01-07 Niels Möller <nisse@harpo.hack.org>
+2004-01-07 Niels Möller <nisse@harpo.hack.org>
* nettle-types.h: New (generated) file, to be used instead of
including <inttypes.h> directly. Updated all users of inttypes.h.
* configure.ac (AX_CREATE_STDINT_H): Create nettle-types.h.
-2003-11-16 Niels Möller <nisse@harpo.hack.org>
+2003-11-16 Niels Möller <nisse@harpo.hack.org>
* yarrow256.c (yarrow256_seed): Use const for the seed_file input.
-2003-11-12 Niels Möller <niels@s3.kth.se>
+2003-11-12 Niels Möller <niels@s3.kth.se>
* list-obj-sizes.awk: New function for decoding hex values, with a
new function hex2int. Also implemented calculation of total
the $FILTER environment variable as a regexp for restricting the
object files that are considered.
-2003-09-21 Niels Möller <nisse@cuckoo.hack.org>
+2003-09-21 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/rsa-encrypt-test.c (test_main): Don't use gmp_printf,
as it seems it's only available with the newer gmp. Use
mpz_out_str instead.
-2003-09-19 Niels Möller <niels@s3.kth.se>
+2003-09-19 Niels Möller <niels@s3.kth.se>
* examples/Makefile.am (EXTRA_DIST): Added rsa-session.h.
* configure.ac (RSA_EXAMPLES): Added rsa-encrypt and rsa-decrypt.
-2003-09-01 Niels Möller <nisse@cuckoo.hack.org>
+2003-09-01 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/testutils.c (print_hex): Use const.
-2003-08-30 Niels Möller <niels@s3.kth.se>
+2003-08-30 Niels Möller <niels@s3.kth.se>
* md2.c, md2.h: Added reference to RFC 1319.
* md4.c, md4.h: Added reference to RFC 1320
-2003-08-26 Niels Möller <niels@s3.kth.se>
+2003-08-26 Niels Möller <niels@s3.kth.se>
* Makefile.am: Added md2 and md5 files. Deleted the print-path
hack.
* md2.c, md2.h, md2-meta.c: New files, implemented md2.
* md4.c, md4.h, md4-meta.c: New files, implemented md4.
-2003-08-17 Niels Möller <nisse@cuckoo.hack.org>
+2003-08-17 Niels Möller <nisse@cuckoo.hack.org>
* desCode.h (des_keymap, des_bigmap): Deleted extern declarations,
they conficted with the static definition in des.c. Reported by
* des.c (DesSmallFipsEncrypt, DesSmallFipsDecrypt): Moved
definitions after the definition of the des_kemap array.
-2003-08-11 Niels Möller <nisse@cuckoo.hack.org>
+2003-08-11 Niels Möller <nisse@cuckoo.hack.org>
* rsa-encrypt.c (rsa_encrypt): Bugfix contributed by
leg@terra.com.br.
-2003-06-10 Niels Möller <niels@s3.kth.se>
+2003-06-10 Niels Möller <niels@s3.kth.se>
* Makefile.am (EXTRA_DIST): Distribute sha-example.c.
-2003-06-05 Niels Möller <nisse@lysator.liu.se>
+2003-06-05 Niels Möller <nisse@lysator.liu.se>
* Makefile.am (DISTCLEANFILES): Delete .s files.
-2003-05-27 Niels Möller <nisse@cuckoo.hack.org>
+2003-05-27 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/symbols-test: And allow symbols that start at the
beginning of the line, as output by AIX nm.
-2003-05-26 Niels Möller <nisse@cuckoo.hack.org>
+2003-05-26 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/symbols-test: Allow symbols to start with a dot.
-2003-05-14 Niels Möller <niels@s3.kth.se>
+2003-05-14 Niels Möller <niels@s3.kth.se>
* pgp.h (enum pgp_subpacket_tag): Copied values from RFC 2440.
Renamed PGP_SUBPACKET_ISSUER to PGP_SUBPACKET_ISSUER_KEY_ID.
-2003-05-13 Niels Möller <nisse@cuckoo.hack.org>
+2003-05-13 Niels Möller <nisse@cuckoo.hack.org>
* pgp.h: Do proper namemangling for pgp_put_public_rsa_key and
pgp_put_rsa_sha1_signature.
* pgp-encode.c (pgp_put_mpi): Fixed nettle_mpz_get_str_256 call.
-2003-05-12 Niels Möller <nisse@cuckoo.hack.org>
+2003-05-12 Niels Möller <nisse@cuckoo.hack.org>
* rsa2openpgp.c (rsa_keypair_to_openpgp): Some bugfixes.
* Reordered includes in most or all .c-files. All should now
include config.h.
-2003-05-12 Niels Möller <niels@s3.kth.se>
+2003-05-12 Niels Möller <niels@s3.kth.se>
* configure.ac: Use LSH_FUNC_ALLOCA.
-2003-04-25 Niels Möller <niels@s3.kth.se>
+2003-04-25 Niels Möller <niels@s3.kth.se>
* Makefile.am (libnettle_a_SOURCES): Added hmac-sha256.c.
* hmac-sha256.c (hmac_sha256_digest): New file.
-2003-04-22 Niels Möller <nisse@cuckoo.hack.org>
+2003-04-22 Niels Möller <nisse@cuckoo.hack.org>
* sha-example.c (display_hex): Simplified by using printf better.
* sha-example.c: Example program, for inclusion in the manual.
Fixed bugs reported by Mark Arking.
-2003-04-14 Niels Möller <niels@s3.kth.se>
+2003-04-14 Niels Möller <niels@s3.kth.se>
* x86/aes-encrypt.asm (nettle_aes_encrypt): Fixed references to
_nettle_aes_encrypt_table.
* x86/aes-decrypt.asm (nettle_aes_decrypt): Fixed references to
_nettle_aes_decrypt_table.
-2003-04-12 Niels Möller <nisse@cuckoo.hack.org>
+2003-04-12 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/Makefile.am (TS_SH): New test case symbols-test.
(EXTRA_PROGRAMS): Added testutils, as a kludge to
declares a function also use #define to provide a shorter more
readable name without the prefix.
-2003-03-11 Niels Möller <nisse@cuckoo.hack.org>
+2003-03-11 Niels Möller <nisse@cuckoo.hack.org>
* Released nettle-1.7.
* nettle.texinfo (DSA): New section.
(RSA): Updated documentation.
-2003-03-02 Niels Möller <nisse@cuckoo.hack.org>
+2003-03-02 Niels Möller <nisse@cuckoo.hack.org>
* examples/nettle-benchmark.c (time_cipher): Don't use GNU C
non-constant initializers.
* configure.ac: Use LSH_GCC_ATTRIBUTES.
-2003-02-19 Niels Möller <nisse@cuckoo.hack.org>
+2003-02-19 Niels Möller <nisse@cuckoo.hack.org>
* acinclude.m4: Deleted file from cvs, use a link to lsh's
acinclude.m4 instead.
-2003-02-16 Niels Möller <nisse@cuckoo.hack.org>
+2003-02-16 Niels Möller <nisse@cuckoo.hack.org>
* Makefile.am (libnettleinclude_HEADERS): Added macros.h.
* tools/Makefile.am (EXTRA_DIST): Added getopt.h.
-2003-02-14 Niels Möller <niels@s3.kth.se>
+2003-02-14 Niels Möller <niels@s3.kth.se>
* Makefile.am (print_path): Added target to print the used PATH,
for debugging.
(print-path): Moved dependency to all-local.
-2003-02-11 Niels Möller <niels@s3.kth.se>
+2003-02-11 Niels Möller <niels@s3.kth.se>
* buffer.c (nettle_buffer_copy): Bug fix, it didn't return any
value.
-2003-02-11 Niels Möller <nisse@cuckoo.hack.org>
+2003-02-11 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/sexp-format-test.c (test_main): Added test for %( and
%).
* buffer.c (nettle_buffer_init_realloc): New function.
* buffer-init.c (nettle_buffer_init): Use nettle_buffer_init_realloc.
-2003-02-10 Niels Möller <nisse@cuckoo.hack.org>
+2003-02-10 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/sexp-format-test.c (test_main): New test with tokens
in the format string.
(sexp_vformat): Implemented support for literals in the format
string.
-2003-02-06 Niels Möller <nisse@lysator.liu.se>
+2003-02-06 Niels Möller <nisse@lysator.liu.se>
* testsuite/sexp-conv-test (print_raw, print_nl): New functions.
The testfunctions use these instead of using echo directly.
Use the test input '3:"\x' instead of '2:"\', to be friendlier to
sysv echo.
-2003-02-05 Niels Möller <nisse@lysator.liu.se>
+2003-02-05 Niels Möller <nisse@lysator.liu.se>
* des-compat.h (des_set_key): Different name mangling, if this
file is included, des_set_key should refer to a function that
* configure.ac (LDFLAGS): --with-lib-path should add to LDFLAGS,
not replace it.
-2003-01-30 Niels Möller <nisse@cuckoo.hack.org>
+2003-01-30 Niels Möller <nisse@cuckoo.hack.org>
* tools/output.c (sexp_put_string): Fixed handling of escapable
characters. The code generated random escape sequences for
* testsuite/sexp-conv-test: More tests for hex and base64 input
and output.
-2003-01-30 Niels Möller <niels@s3.kth.se>
+2003-01-30 Niels Möller <niels@s3.kth.se>
* sexp2bignum.c (nettle_mpz_set_sexp): Call sexp_iterator_next on
success. That means the iterator argument can't be const.
-2003-01-29 Niels Möller <niels@s3.kth.se>
+2003-01-29 Niels Möller <niels@s3.kth.se>
* tools/Makefile.am (LDADD): Add libnettle.a, for the dependency.
-2003-01-27 Niels Möller <nisse@cuckoo.hack.org>
+2003-01-27 Niels Möller <nisse@cuckoo.hack.org>
* sexp2dsa.c (dsa_signature_from_sexp): New function.
* rsa.c (rsa_public_key_init, rsa_public_key_clear)
(rsa_public_key_prepare): Renamed functions.
-2003-01-23 Niels Möller <nisse@cuckoo.hack.org>
+2003-01-23 Niels Möller <nisse@cuckoo.hack.org>
* Makefile.am (libnettle_a_SOURCES): Added new rsa and pkcs1
files. Removed old rsa_md5.c and rsa_sha1.c.
* testsuite/pkcs1-test.c: New test.
-2003-01-22 Niels Möller <niels@s3.kth.se>
+2003-01-22 Niels Möller <niels@s3.kth.se>
* examples/Makefile.am (nettle_benchmark_LDADD): Use
OPENSSL_LIBFLAGS.
* configure.ac (OPENSSL_LIBFLAGS): If libcrypto is found, add
-lcrypto to OPENSSL_LIBFLAGS, not the plain LDFLAGS.
-2003-01-20 Niels Möller <nisse@cuckoo.hack.org>
+2003-01-20 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/Makefile.am (CLEANFILES): Delete test.in, test1.out
and test2.out.
-2003-01-17 Niels Möller <niels@s3.kth.se>
+2003-01-17 Niels Möller <niels@s3.kth.se>
* examples/Makefile.am (AM_CPPFLAGS): Use AM_CPPFLAGS instead of
AM_CFLAGS.
* testsuite/Makefile.am (AM_CPPFLAGS): Likewise.
-2003-01-16 Niels Möller <niels@s3.kth.se>
+2003-01-16 Niels Möller <niels@s3.kth.se>
* testsuite/Makefile.am (check): Can't use quotes around
$(srcdir).
-2003-01-14 Niels Möller <nisse@lysator.liu.se>
+2003-01-14 Niels Möller <nisse@lysator.liu.se>
* testsuite/Makefile.am (check): Don't use "run-tests" as a
target, as it's confused with the file with the same name.
* .bootstrap: Added missing #! /bin/sh.
-2003-01-12 Niels Möller <nisse@cuckoo.hack.org>
+2003-01-12 Niels Möller <nisse@cuckoo.hack.org>
* buffer.c (nettle_buffer_reset): New function.
(nettle_buffer_copy): New function.
(sexp_convert_list): Use sexp_parse.
(main): Likewise.
-2003-01-08 Niels Möller <niels@s3.kth.se>
+2003-01-08 Niels Möller <niels@s3.kth.se>
* tools/sexp-conv.c (parse_options): Initialize prefer_hex.
-2003-01-07 Niels Möller <nisse@cuckoo.hack.org>
+2003-01-07 Niels Möller <nisse@cuckoo.hack.org>
* Makefile.am (des_headers): Refer to the desdata binary using
$(EXEEXT).
-2003-01-01 Niels Möller <nisse@cuckoo.hack.org>
+2003-01-01 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/sexp-conv-test: New tests for hex and base64 literal
output.
(parse_options): Implemented -s hex, for output using hex rather
than base64.
-2002-12-30 Niels Möller <nisse@cuckoo.hack.org>
+2002-12-30 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/rsa2sexp-test.c: Don't include rsa.h (done by
testutils.h, if enabled).
* rsa-encrypt.c: Likewise.
* rsa-compat.c: Likewise.
-2002-12-04 Niels Möller <niels@s3.kth.se>
+2002-12-04 Niels Möller <niels@s3.kth.se>
* testsuite/Makefile.am (LDADD): Added path to ../libnettle.a,
which is redundant except for the dependency.
-2002-12-04 Niels Möller <nisse@cuckoo.hack.org>
+2002-12-04 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/sexp-format-test.c (test_main): Use %0s instead of %z.
New test for %t.
* buffer.c (nettle_buffer_grow): Fixed assertion.
-2002-11-22 Niels Möller <niels@s3.kth.se>
+2002-11-22 Niels Möller <niels@s3.kth.se>
* buffer.c: Include assert.h.
-2002-11-21 Niels Möller <nisse@cuckoo.hack.org>
+2002-11-21 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/testutils.c (print_hex): Add line breaks.
* configure.ac: Check for gcc:s __attribute__.
-2002-11-16 Niels Möller <nisse@cuckoo.hack.org>
+2002-11-16 Niels Möller <nisse@cuckoo.hack.org>
* sexp2dsa.c, sexp2rsa.c: (macro GET): Check sign of parsed
numbers.
* sexp2bignum.c (nettle_mpz_set_sexp): In the first check against
limit, added some margin to allow for sign octets.
-2002-11-15 Niels Möller <nisse@cuckoo.hack.org>
+2002-11-15 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/testutils.h (LDATA): Use sizeof instead of strlen. Now
handles strings including NUL-characters. But works only with
* sexp.c (sexp_iterator_get_uint32): New function.
-2002-11-10 Niels Möller <nisse@cuckoo.hack.org>
+2002-11-10 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/sexp-conv-test: Use input files without any trailing
newline character, in order to stress the end of file handling.
* sexp-format.c (sexp_vformat): Abort if format string contains
unhandled characters.
-2002-11-08 Niels Möller <niels@s3.kth.se>
+2002-11-08 Niels Möller <niels@s3.kth.se>
* des-compat.c (des_ecb3_encrypt): Don't use struct initialization
(c89 doesn't allow non-constant initializers). Reported by James
* examples/nettle-openssl.c: Moved from the top-level directory.
Should *not* be included in the nettle library.
-2002-11-08 Niels Möller <nisse@cuckoo.hack.org>
+2002-11-08 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/testutils.c (test_dsa_key): Bugfix for renamed DSA
constant (noted by James Ralston).
-2002-11-07 Niels Möller <niels@s3.kth.se>
+2002-11-07 Niels Möller <niels@s3.kth.se>
* testsuite/run-tests: Copied new version rom lsh/src/testsuite.
This version handles test scripts located in $srcdir.
* tools/Makefile.am (AM_CFLAGS): Likewise.
* testsuite/Makefile.am (AM_CFLAGS): Likewise.
-2002-11-07 Niels Möller <nisse@cuckoo.hack.org>
+2002-11-07 Niels Möller <nisse@cuckoo.hack.org>
* Makefile.am (SUBDIRS): Added tools.
(libnettle_a_SOURCES): Added sexp-transport-format.c,
* testsuite/sexp-conv-test: Moved test from examples directory.
Updated path to sexp-conv, now in ../tools/sexp-conv.
-2002-11-03 Niels Möller <nisse@cuckoo.hack.org>
+2002-11-03 Niels Möller <nisse@cuckoo.hack.org>
* sexp-format.c, sexp_format.c: Renamed sexp_format.c to
sexp-format.c.
* sexp2rsa.c (rsa_keypair_from_sexp_alist): New function.
(rsa_keypair_from_sexp): Use it.
-2002-11-01 Niels Möller <niels@s3.kth.se>
+2002-11-01 Niels Möller <niels@s3.kth.se>
* examples/Makefile.am (LDADD): Use -lnettle, instead of an
explicit filename libnettle.a, so that we will use the shared
($(SHLIBFORLINK)): When building libnettle.so, create a link from
.lib/$SHLIBSONAME. Needed at runtime, for the testsuite.
-2002-11-01 Niels Möller <nisse@lysator.liu.se>
+2002-11-01 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Fixed definitions using SHLIBMAJOR and SHLIBMINOR.
Also AC_SUBST SHLIBMAJOR and SHLIBMINOR. Reported by James
Ralston.
-2002-10-31 Niels Möller <niels@s3.kth.se>
+2002-10-31 Niels Möller <niels@s3.kth.se>
* examples/sexp-conv.c(sexp_put_list_start): Deleted function.
(sexp_put_list_end): Likewise.
(sexp_convert_item): Implemented transport mode, using
sexp_input_start_coding and sexp_input_end_coding.
-2002-10-30 Niels Möller <nisse@cuckoo.hack.org>
+2002-10-30 Niels Möller <nisse@cuckoo.hack.org>
* Makefile.am: Added base16 files.
* base16.h, base16-encode.c, base16-decode.c, base16-meta.c: New
files.
-2002-10-28 Niels Möller <nisse@cuckoo.hack.org>
+2002-10-28 Niels Möller <nisse@cuckoo.hack.org>
* examples/sexp-conv.c (struct hex_decode_ctx): New hex decoding
functions.
(sexp_get_raw_char): New function.
(sexp_get_char): Use sexp_get_raw_char.
-2002-10-26 Niels Möller <nisse@cuckoo.hack.org>
+2002-10-26 Niels Möller <nisse@cuckoo.hack.org>
* examples/sexp-conv.c (sexp_put_length): Bugfix, don't output any
leading zero.
* examples/sexp-conv-test: Test for echo -n vs echo '\c'. Added a
few tests for canonical output.
-2002-10-25 Niels Möller <niels@s3.kth.se>
+2002-10-25 Niels Möller <niels@s3.kth.se>
* examples/sexp-conv.c (struct sexp_input): Deleted the mode from
the state, that should be passed as argument to relevant
* base64-decode.c (base64_decode_single): Simplified, got rid of
the done variable.
-2002-10-25 Niels Möller <nisse@cuckoo.hack.org>
+2002-10-25 Niels Möller <nisse@cuckoo.hack.org>
* examples/sexp-conv.c (sexp_put_newline): Return void, die on
error.
sexp_skip_token): Likewise.
(sexp_convert_item): Die on error.
-2002-10-24 Niels Möller <nisse@cuckoo.hack.org>
+2002-10-24 Niels Möller <nisse@cuckoo.hack.org>
* examples/sexp-conv-test: Doesn't need echo -n anymore.
(sexp_convert_file): New function.
(main): Use sexp_convert_file.
-2002-10-23 Niels Möller <nisse@cuckoo.hack.org>
+2002-10-23 Niels Möller <nisse@cuckoo.hack.org>
* examples/Makefile.am (TS_PROGS): Added sexp-conv-test.
(sexp_convert_item): Use sexp_skip_token to skip the end of a
"[display-type]".
-2002-10-22 Niels Möller <nisse@cuckoo.hack.org>
+2002-10-22 Niels Möller <nisse@cuckoo.hack.org>
* examples/sexp-conv-test: New test program.
* examples/sexp-conv.c: Added output functions.
-2002-10-21 Pontus Sk
öld <pont@soua.net>
+2002-10-21 Pontus Sk
öld <pont@soua.net>
* base64-encode.c (base64_encode_raw): Fixed null statement
amongst variable declarations, broke compilation for non C99
compilers.
-2002-10-21 Niels Möller <nisse@lysator.liu.se>
+2002-10-21 Niels Möller <nisse@lysator.liu.se>
* examples/sexp-conv.c: New sexp conversion program.
-2002-10-21 Niels Möller <niels@s3.kth.se>
+2002-10-21 Niels Möller <niels@s3.kth.se>
* Makefile.am (libnettle_a_SOURCES): Added
sexp-format-transport.c.
* sexp.c (sexp_iterator_next): Abort if iterator type is boogus.
-2002-10-19 Niels Möller <nisse@cuckoo.hack.org>
+2002-10-19 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/testutils.c (test_armor): Updated to new armor
conventions.
* base64-decode.c: New file.
-2002-10-09 Niels Möller <nisse@cuckoo.hack.org>
+2002-10-09 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/Makefile.am (TS_PROGS): Added dsa-keygen-test.
nettle_progress_func typedefs here...
* rsa.h: ... from here.
-2002-10-07 Niels Möller <nisse@cuckoo.hack.org>
+2002-10-07 Niels Möller <nisse@cuckoo.hack.org>
* sexp.h (enum sexp_type): Deleted SEXP_START.
not needed anymore.
(sexp_iterator_exit_list): Likewise.
-2002-10-06 Niels Möller <nisse@cuckoo.hack.org>
+2002-10-06 Niels Möller <nisse@cuckoo.hack.org>
* sexp2rsa.c (get_value): No need to call sexp_iterator_next
anymore.
* rsa2openpgp.c (rsa_keypair_to_openpgp): New file, new function.
-2002-10-04 Niels Möller <niels@s3.kth.se>
+2002-10-04 Niels Möller <niels@s3.kth.se>
* examples/rsa-keygen.c: Use malloc, instead of asprintf.
-2002-10-03 Niels Möller <nisse@cuckoo.hack.org>
+2002-10-03 Niels Möller <nisse@cuckoo.hack.org>
* Released nettle-1.6.
* examples/Makefile.am (EXTRA_DIST): Distribute setup-env and
teardown-env.
-2002-10-02 Niels Möller <nisse@cuckoo.hack.org>
+2002-10-02 Niels Möller <nisse@cuckoo.hack.org>
* examples/rsa-keygen.c (main): Comment on the lax security of the
private key file.
* index.html: Added link to mailing list.
-2002-10-02 Niels Möller <niels@s3.kth.se>
+2002-10-02 Niels Möller <niels@s3.kth.se>
* Makefile.am: Fixed assembler rules, and shared libraries.
* configure.ac: Fixed the enable-shared option.
-2002-10-01 Niels Möller <nisse@cuckoo.hack.org>
+2002-10-01 Niels Möller <nisse@cuckoo.hack.org>
* configure.ac: New option --enable-shared, and a first attempt at
building a shared library (*without* using libtool).
* Makefile.am: A first attempt at rules for building a shared
libnettle.so.
-2002-10-01 Niels Möller <niels@s3.kth.se>
+2002-10-01 Niels Möller <niels@s3.kth.se>
* examples/run-tests (test_program): Use basename.
* base64.h (BASE64_DECODE_LENGTH): Comment fix.
-2002-09-30 Niels Möller <nisse@cuckoo.hack.org>
+2002-09-30 Niels Möller <nisse@cuckoo.hack.org>
* sexp2rsa.c (rsa_keypair_from_sexp): Bugfix: Call
rsa_prepare_public_key and rsa_prepare_private_key.
towards the start, in order to support overlapping areas.
(base64_encode): Broke out some common code from the switch..
-2002-09-30 Niels Möller <niels@s3.kth.se>
+2002-09-30 Niels Möller <niels@s3.kth.se>
* sexp_format.c (sexp_format): Don't mix code and declarations.
-2002-09-29 Niels Möller <nisse@cuckoo.hack.org>
+2002-09-29 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/Makefile.am (TS_PROGS): Added buffer-test
sexp-format-test rsa2sexp-test sexp2rsa-test.
* bignum.c (nettle_mpz_sizeinbase_256): New function.
-2002-09-28 Niels Möller <nisse@cuckoo.hack.org>
+2002-09-28 Niels Möller <nisse@cuckoo.hack.org>
* sexp.c (sexp_iterator_assoc): Return 0 for missing or duplicate
keys. Now passes all the tests.
* sexp.c, sexp.h: New files, implementing an sexp-parser.
-2002-08-27 Niels Möller <niels@s3.kth.se>
+2002-08-27 Niels Möller <niels@s3.kth.se>
* Makefile.am (DISTCLEANFILES): make distclean should delete the
assembler-related symlinks.
-2002-08-26 Niels Möller <nisse@cuckoo.hack.org>
+2002-08-26 Niels Möller <nisse@cuckoo.hack.org>
* Makefile.am (%.o: %.asm): Create an empty (and unused)
dependency file, to make the make/automake dependency tracking
happier.
-2002-07-18 Niels Möller <niels@s3.kth.se>
+2002-07-18 Niels Möller <niels@s3.kth.se>
* examples/nettle-benchmark.c (main): Try openssl's ciphers as
well, if available.
* configure.ac: Don't use -ggdb3 with gcc-2.96.
Check for openssl's libcrypto (for benchmarking).
-2002-05-16 Niels Möller <nisse@cuckoo.hack.org>
+2002-05-16 Niels Möller <nisse@cuckoo.hack.org>
* sparc/aes.asm: Deleted registers i and t3.
(_aes_crypt): Moved some registers around. We now use input
(_aes_crypt): Deleted cruft from the old source loop.
(AES_LOAD): Eliminated t3.
-2002-05-15 Niels Möller <nisse@cuckoo.hack.org>
+2002-05-15 Niels Möller <nisse@cuckoo.hack.org>
* sparc/aes.asm (AES_ROUND): New macro.
(_aes_crypt): Use AES_ROUND for first word of the
loop.
(_aes_crypt): Deleted moves of constants into t2.
-2002-05-15 Niels Möller <niels@s3.kth.se>
+2002-05-15 Niels Möller <niels@s3.kth.se>
* x86/aes-encrypt.asm (aes_encrypt): Use AES_SUBST_BYTE.
* x86/aes-decrypt.asm (aes_decrypt): Likewise.
testsuite/aes-test, when aes.c has been compiled with debugging
printouts of intermediate state.
-2002-05-15 Niels Möller <nisse@cuckoo.hack.org>
+2002-05-15 Niels Möller <nisse@cuckoo.hack.org>
* sparc/aes.asm: (_aes_crypt): Restore %fp at end of function, to
make %fp available for other uses.
allocated for wtxt, so that we stay clean of the reserved %g
registers.
-2002-05-14 Niels Möller <nisse@cuckoo.hack.org>
+2002-05-14 Niels Möller <nisse@cuckoo.hack.org>
* sparc/aes.asm: Avoid using %g6 and %g7, as they are reserved for
operating sytem use. Use %i5 and %o7 instead. Also moved %g4 to %g1.
(_aes_crypt): Allocate only 32 bytes local storage on the stack.
Calculate wtxt and tmp using offsets from %sp, not %fp.
-2002-05-14 Niels Möller <niels@s3.kth.se>
+2002-05-14 Niels Möller <niels@s3.kth.se>
* x86/aes-encrypt.asm (aes_encrypt): Replaced first quarter of the
round function with an invocation of AES_ROUND.
(aes_encrypt, aes_decrypt): Added an outer loop, so that we can
encrypt more than one block at a time.
-2002-05-07 Niels Möller <niels@s3.kth.se>
+2002-05-07 Niels Möller <niels@s3.kth.se>
* configure.ac: Generate config.m4.
* aes-encrypt-table.c: New file, table moved out from
aes-encrypt.c.
-2002-05-06 Niels Möller <niels@s3.kth.se>
+2002-05-06 Niels Möller <niels@s3.kth.se>
* configure.ac (CFLAGS): Don't enable -Waggregate-return.
-2002-05-05 Niels Möller <nisse@lysator.liu.se>
+2002-05-05 Niels Möller <nisse@lysator.liu.se>
* configure.ac: Pass no arguments to AM_INIT_AUTOMAKE.
-2002-05-05 Niels Möller <nisse@cuckoo.hack.org>
+2002-05-05 Niels Möller <nisse@cuckoo.hack.org>
* configure.ac: Update for automake-1.6.
* configure.ac: Renamed file, used to be configure.in.
-2002-03-20 Niels Möller <nisse@cuckoo.hack.org>
+2002-03-20 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/run-tests (test_program): Added missing single quote.
-2002-03-20 Niels Möller <nisse@lysator.liu.se>
+2002-03-20 Niels Möller <nisse@lysator.liu.se>
* testsuite/run-tests (test_program): Test the exit status of the
right process.
-2002-03-19 Pontus Sk
öld <pont@it.uu.se>
+2002-03-19 Pontus Sk
öld <pont@it.uu.se>
* testsuite/run-tests: Removed /bin/bashisms to use with /bin/sh.
-2002-03-18 Niels Möller <nisse@cuckoo.hack.org>
+2002-03-18 Niels Möller <nisse@cuckoo.hack.org>
* rsa-keygen.c (rsa_generate_keypair): Output a newline after a
non-empty line of 'e':s (bad e was chosen, try again).
-2002-03-16 Niels Möller <nisse@cuckoo.hack.org>
+2002-03-16 Niels Möller <nisse@cuckoo.hack.org>
* configure.in (asm_path): AC_CONFIG_LINKS adds $srcdir
automatically.
-2002-03-14 Niels Möller <nisse@cuckoo.hack.org>
+2002-03-14 Niels Möller <nisse@cuckoo.hack.org>
* sparc/aes.asm, x86/aes.asm: Added copyright notice.
* configure.in (asm_path): For now, disable x86 assembler code.
Bumped version to 1.6.
-2002-02-25 Niels Möller <nisse@cuckoo.hack.org>
+2002-02-25 Niels Möller <nisse@cuckoo.hack.org>
* sparc/aes.asm (_aes_crypt): Moved increment of src into the
source_loop. Also fixed stop condition, the loop was run 5 times,
instructions to fill nop:s, and put branch instructions on even
word addresses.
-2002-02-22 Niels Möller <nisse@cuckoo.hack.org>
+2002-02-22 Niels Möller <nisse@cuckoo.hack.org>
* sparc/aes.asm (_aes_crypt): Moved some more additions out of the
inner loop, using additional registers.
(_aes_crypt): Deleted one more addition from the inner loop, by
using the subkey pointer.
-2002-02-19 Niels Möller <nisse@cuckoo.hack.org>
+2002-02-19 Niels Möller <nisse@cuckoo.hack.org>
* configure.in (asm_path): Renamed "path" to "asm_path". Also look
for a machine.m4.
-2002-02-16 Niels Möller <nisse@cuckoo.hack.org>
+2002-02-16 Niels Möller <nisse@cuckoo.hack.org>
* sparc/aes.asm: Use that IDX2(j) == j ^ 2
(_aes_crypt): In the final loop, use ctx+round to access the
subkeys, no need for an extra register.
-2002-02-15 Niels Möller <nisse@cuckoo.hack.org>
+2002-02-15 Niels Möller <nisse@cuckoo.hack.org>
* sparc/aes.asm (_aes_crypt): Renaming variables, allocating
locals starting from %l0.
* sparc/aes.asm (_aes_crypt): Use symbolic names for the fucntion
arguments.
-2002-02-14 Niels Möller <nisse@cuckoo.hack.org>
+2002-02-14 Niels Möller <nisse@cuckoo.hack.org>
* sparc/aes.asm: Copied gcc assembler code for _aes_crypt.
* aes-encrypt.c, aes-decrypt.c: New files; moved encryption and
decryption funktions, and needed tables, into separate files.
-2002-02-13 Niels Möller <nisse@cuckoo.hack.org>
+2002-02-13 Niels Möller <nisse@cuckoo.hack.org>
* aes.c (aes_encrypt): Don't unroll the innerloop.
(aes_encrypt): Don't unroll the loop for the final round.
* aes.c (aes_decrypt): Rewrote to use the bigger tables.
-2002-02-12 Niels Möller <nisse@cuckoo.hack.org>
+2002-02-12 Niels Möller <nisse@cuckoo.hack.org>
* aes.c (aes_encrypt): Interleave computation and output in the
final round.
saving one redundant register pointing to idx.
(idx_row): New macro. Include asm.m4.
-2002-02-11 Niels Möller <nisse@cuckoo.hack.org>
+2002-02-11 Niels Möller <nisse@cuckoo.hack.org>
* sparc/aes.asm (key_addition_8to32): Cleaned up.
Deleted gcc-generated debugging information.
* sparc/aes.asm: New file. Not yet tuned in any way (it's just the
code generated by gcc).
-2002-02-11 Niels Möller <nisse@lysator.liu.se>
+2002-02-11 Niels Möller <nisse@lysator.liu.se>
* x86/aes.asm, x86/aes_tables.asm: New assembler implementation by
Rafael Sevilla.
-2002-02-06 Niels Möller <nisse@cuckoo.hack.org>
+2002-02-06 Niels Möller <nisse@cuckoo.hack.org>
Applied patch from Dan Egnor improving the base64 code.
* base64.h (BASE64_ENCODE_LENGTH): New macro.
* testsuite/testutils.c (test_armor): Updated.
* configure.in: Use AC_PREREQ(2.50).
-2002-02-01 Niels Möller <nisse@cuckoo.hack.org>
+2002-02-01 Niels Möller <nisse@cuckoo.hack.org>
* Released nettle-1.5.
-2002-01-31 Niels Möller <nisse@cuckoo.hack.org>
+2002-01-31 Niels Möller <nisse@cuckoo.hack.org>
* acinclude.m4: Commented out gmp-related macros, they're probably
not needed anymore.
-2002-01-31 Niels Möller <nisse@lysator.liu.se>
+2002-01-31 Niels Möller <nisse@lysator.liu.se>
* configure.in: Added command line options --with-lib-path and
--with-include-path. Use the RPATH-macros to get correct flags for
* acinclude.m4: New file.
-2002-01-31 Niels Möller <nisse@cuckoo.hack.org>
+2002-01-31 Niels Möller <nisse@cuckoo.hack.org>
* nettle.texinfo (Randomness): New subsection on Yarrow.
-2002-01-30 Niels Möller <nisse@cuckoo.hack.org>
+2002-01-30 Niels Möller <nisse@cuckoo.hack.org>
* nettle.texinfo (Randomness): New chapter.
Spell checking and ispell configuration.
* md5.c: Added reference to RFC 1321.
-2002-01-24 Niels Möller <nisse@cuckoo.hack.org>
+2002-01-24 Niels Möller <nisse@cuckoo.hack.org>
* nettle.texinfo (Public-key algorithms): Minor fixes.
-2002-01-22 Niels Möller <nisse@cuckoo.hack.org>
+2002-01-22 Niels Möller <nisse@cuckoo.hack.org>
* nettle.texinfo (Nettle soup): New chapter.
(Hash functions): New subsection on struct nettle_hash.
* base64.c, base64.h, base64-meta.c: New files, hacked by Dan
Egnor.
-2002-01-16 Niels Möller <nisse@cuckoo.hack.org>
+2002-01-16 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/yarrow-test.c: Deleted ran_array code, use
knuth-lfib.h instead.
* knuth-lfib.c, knuth-lfib.h: New files, implementing a
non-cryptographic prng.
-2002-01-15 Niels Möller <nisse@cuckoo.hack.org>
+2002-01-15 Niels Möller <nisse@cuckoo.hack.org>
* hmac-sha1.c: New file.
-2002-01-14 Niels Möller <nisse@cuckoo.hack.org>
+2002-01-14 Niels Möller <nisse@cuckoo.hack.org>
* configure.in: Bumped version to 1.1.
* rsa.h (struct rsa_private_key): Deleted public key and d from
the struct, as they are not needed. Added size attribute.
-2002-01-12 Niels Möller <nisse@cuckoo.hack.org>
+2002-01-12 Niels Möller <nisse@cuckoo.hack.org>
* Makefile.am: Added *-meta files.
* examples/nettle-benchmark.c: Use the interface in nettle-meta.h.
-2002-01-11 Niels Möller <nisse@cuckoo.hack.org>
+2002-01-11 Niels Möller <nisse@cuckoo.hack.org>
Don't use m4 for generating test programs, it's way overkill. Use
the C preprocessor instead.
* nettle-meta.h, md5-meta.c, sha1-meta.c, sha256-meta.c: New
files.
-2002-01-09 Niels Möller <nisse@cuckoo.hack.org>
+2002-01-09 Niels Möller <nisse@cuckoo.hack.org>
* rsa-compat.c: Updated for new md5 and rsa conventions.
* bignum.c (nettle_mpz_get_str_256): Declare the input argument
const.
-2001-12-14 Niels Möller <nisse@cuckoo.hack.org>
+2001-12-14 Niels Möller <nisse@cuckoo.hack.org>
* Makefile.am (EXTRA_DIST): Added $(des_headers). Changed
dependencies for $(des_headers) to depend only on the source file
desdata.c, not on the executable.
-2001-12-12 Niels Möller <nisse@cuckoo.hack.org>
+2001-12-12 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/yarrow-test.c (main): Updated testcase to match fixed
generator. Send verbose output to stdout, not stderr.
(yarrow256_init): Initialize seed_file and counter to zero, to
ease debugging.
-2001-12-07 Niels Möller <nisse@cuckoo.hack.org>
+2001-12-07 Niels Möller <nisse@cuckoo.hack.org>
* bignum.c (nettle_mpz_get_str_256): Fixed handling of leading
zeroes.
-2001-12-05 Niels Möller <nisse@cuckoo.hack.org>
+2001-12-05 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/yarrow-test.c (main): Updated test to match the fixed
key event estimator.
* README: Added a paragraph on copyright.
-2001-11-15 Niels Möller <nisse@cuckoo.hack.org>
+2001-11-15 Niels Möller <nisse@cuckoo.hack.org>
* yarrow256.c (yarrow256_force_reseed): New function.
-2001-11-14 Niels Möller <nisse@ehand.com>
+2001-11-14 Niels Möller <nisse@ehand.com>
* testsuite/yarrow-test.c (main): Use yarrow256_is_seeded.
(yarrow256_is_seeded): New function.
(yarrow256_update): Use yarrow256_needed_sources.
-2001-11-14 Niels Möller <nisse@cuckoo.hack.org>
+2001-11-14 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/yarrow-test.out: Updated, to match the seed-file aware
generator.
* yarrow256.c (yarrow256_seed): New function.
(yarrow_fast_reseed): Create new seed file contents.
-2001-11-13 Niels Möller <nisse@cuckoo.hack.org>
+2001-11-13 Niels Möller <nisse@cuckoo.hack.org>
* yarrow.h: Deleted yarrow160 declarations.
-2001-11-02 Niels Möller <nisse@ehand.com>
+2001-11-02 Niels Möller <nisse@ehand.com>
* yarrow256.c (yarrow256_init): Fixed order of code and
declarations.
-2001-10-30 Niels Möller <nisse@ehand.com>
+2001-10-30 Niels Möller <nisse@ehand.com>
* rsa-compat.h: Added real prototypes and declarations.
* testsuite/Makefile.am: Added bignum-test.
- * testsuite/run-tests (test_program): Check the xit code more
+ * testsuite/run-tests (test_program): Check the exit code more
carefully, and treat 77 as skip. This convention was borrowed from
autotest.
* testsuite/bignum-test.m4: New file.
-2001-10-15 Niels Möller <nisse@ehand.com>
+2001-10-15 Niels Möller <nisse@ehand.com>
* testsuite/Makefile.am (EXTRA_DIST): Include rfc1750.txt in the
distribution.
-2001-10-14 Niels Möller <nisse@cuckoo.hack.org>
+2001-10-14 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/des-test.m4: Added testcase taken from applied
cryptography.
* testsuite/yarrow-test.c: Added verbose flag, disabled by
default.
-2001-10-12 Niels Möller <nisse@ehand.com>
+2001-10-12 Niels Möller <nisse@ehand.com>
* examples/nettle-benchmark.c: Added more ciphers.
* configure.in: Output examples/Makefile.
-2001-10-12 Niels Möller <nisse@cuckoo.hack.org>
+2001-10-12 Niels Möller <nisse@cuckoo.hack.org>
* examples/nettle-benchmark.c: New benchmarking program.
-2001-10-10 Niels Möller <nisse@ehand.com>
+2001-10-10 Niels Möller <nisse@ehand.com>
* testsuite/yarrow-test.c: Open rfc1750.txt. Hash input and
output, and compare to expected values.
* testsuite/yarrow-test.c (main): Better output of entropy
estimates at the end.
-2001-10-09 Niels Möller <nisse@ehand.com>
+2001-10-09 Niels Möller <nisse@ehand.com>
* testsuite/Makefile.am (TS_PROGS): Added yarrow-test.
* Makefile.am (libnettle_a_SOURCES): Added yarrow_key_event.c.
-2001-10-08 Niels Möller <nisse@cuckoo.hack.org>
+2001-10-08 Niels Möller <nisse@cuckoo.hack.org>
* yarrow.h (struct yarrow_key_event_ctx): New struct.
each request.
(YARROW_GATE_THRESHOLD): Deleted constant.
-2001-10-07 Niels Möller <nisse@cuckoo.hack.org>
+2001-10-07 Niels Möller <nisse@cuckoo.hack.org>
* Makefile.am: Added yarrow files.
* sha.h: Renamed sha1.h to sha.h, and added declarations for
sha256.
-2001-10-05 Niels Möller <nisse@ehand.com>
+2001-10-05 Niels Möller <nisse@ehand.com>
* testsuite/aes-test.m4: Added a comment with NIST test vectors.
-2001-10-04 Niels Möller <nisse@ehand.com>
+2001-10-04 Niels Möller <nisse@ehand.com>
* rsa.h, rsa-compat.h, yarrow.h: New files.
-2001-09-25 Niels Möller <nisse@cuckoo.hack.org>
+2001-09-25 Niels Möller <nisse@cuckoo.hack.org>
* Released version 1.0.
-2001-09-25 Niels Möller <nisse@ehand.com>
+2001-09-25 Niels Möller <nisse@ehand.com>
* sha1.c: Include stdlib.h, for abort.
* AUTHORS: Added a reference to the manual.
-2001-09-25 Niels Möller <nisse@lysator.liu.se>
+2001-09-25 Niels Möller <nisse@lysator.liu.se>
* des-compat.c (des_cbc_cksum): Bug fix, local variable was
declared in the middle of a block.
-2001-09-19 Niels Möller <nisse@cuckoo.hack.org>
+2001-09-19 Niels Möller <nisse@cuckoo.hack.org>
* nettle.texinfo (Compatibility functions): New section,
mentioning md5-compat.h and des-compat.h.
-2001-09-18 Niels Möller <nisse@ehand.com>
+2001-09-18 Niels Möller <nisse@ehand.com>
* index.html: New file.
-2001-09-16 Niels Möller <nisse@cuckoo.hack.org>
+2001-09-16 Niels Möller <nisse@cuckoo.hack.org>
* nettle.texinfo: Added description of des3. Minor fixes.
(des_ncbc_encrypt): Bug fixed.
(des_cbc_encrypt): Rewritten as a wrapper around des_ncbc_encrypt.
-2001-09-14 Niels Möller <nisse@ehand.com>
+2001-09-14 Niels Möller <nisse@ehand.com>
* testsuite/des-compat-test.c: New file, copied from libdes
(freeswan). All implemented functions but des_cbc_cksum seems to
* des-compat.c (des_cbc_cksum): Implemented.
(des_key_sched): Fixed return values.
-2001-09-11 Niels Möller <nisse@cuckoo.hack.org>
+2001-09-11 Niels Möller <nisse@cuckoo.hack.org>
* Makefile.am: Added des-compat.c and des-compat.h
* des-compat.h: Define DES_ENCRYPT and DES_DECRYPT. Bugfixes.
-2001-09-10 Niels Möller <nisse@ehand.com>
+2001-09-10 Niels Möller <nisse@ehand.com>
* nettle.texinfo (Copyright): Added copyright information for
serpent.
functions.
(Cipher Block Chaining): This section more or less complete now.
-2001-09-09 Niels Möller <nisse@cuckoo.hack.org>
+2001-09-09 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/cbc-test.m4: Record intermediate values in a comment.
* testsuite/des3-test.m4: Likewise.
* des3.c: New file, implementing triple des.
-2001-09-06 Niels Möller <nisse@cuckoo.hack.org>
+2001-09-06 Niels Möller <nisse@cuckoo.hack.org>
* cbc.c, cbc.h: New files, for general CBC encryption.
* des-compat.h: Added some prototypes.
-2001-09-05 Niels Möller <nisse@ehand.com>
+2001-09-05 Niels Möller <nisse@ehand.com>
* testsuite/Makefile.am (TS_PROGS): Added md5-compat-test.
* md5-compat.c, md5-compat.h: New files, implementing an RFC
1321-style interface.
-2001-09-02 Niels Möller <nisse@cuckoo.hack.org>
+2001-09-02 Niels Möller <nisse@cuckoo.hack.org>
* twofish.c (twofish_decrypt): Fixed for();-bug in the block-loop.
Spotted by Jean-Pierre.
(twofish_encrypt): Likewise.
-2001-07-03 Niels Möller <nisse@ehand.com>
+2001-07-03 Niels Möller <nisse@ehand.com>
* testsuite/testutils.c: Include string.h.
* twofish.c: Include string.h.
-2001-06-17 Niels Möller <nisse@lysator.liu.se>
+2001-06-17 Niels Möller <nisse@lysator.liu.se>
* Makefile.am (des_headers): Dont use $(srcdir)/-prefixes as that
seems to break with GNU make 3.79.1.
not <stdint.h>.
Include <stdlib.h>.
-2001-06-17 Niels Möller <nisse@cuckoo.hack.org>
+2001-06-17 Niels Möller <nisse@cuckoo.hack.org>
* Use <inttypes.h>, not <stdint.h>.
* Makefile.am (libnettle_a_SOURCES): Added twofish.
-2001-06-16 Niels Möller <nisse@cuckoo.hack.org>
+2001-06-16 Niels Möller <nisse@cuckoo.hack.org>
* testsuite/blowfish-test.m4: Fixed test.
* blowfish.h (struct blowfish_ctx): Use the correct size for the p
array.
-2001-06-15 Niels Möller <nisse@ehand.com>
+2001-06-15 Niels Möller <nisse@ehand.com>
* testsuite/blowfish-test.m4: Fixed testcase, use correct key
length.
* testsuite/Makefile.am (TS_PROGS): Added tests for twofish and
blowfish.
-2001-06-13 Niels Möller <nisse@ehand.com>
+2001-06-13 Niels Möller <nisse@ehand.com>
* Makefile.am (libnettle_a_SOURCES): Added serpent files.
-2001-06-12 Niels Möller <nisse@cuckoo.hack.org>
+2001-06-12 Niels Möller <nisse@cuckoo.hack.org>
* des.c (des_encrypt, des_decrypt): Assert that the key setup was
successful.
* Makefile.am: Added desCore and sha1.
-2001-04-17 Niels Möller <nisse@cuckoo.hack.org>
+2001-04-17 Niels Möller <nisse@cuckoo.hack.org>
* install-sh: Copied the standard install script.
(libnettleinclude_HEADERS): Install headers in
$(libnettleincludedir).
-2001-04-13 Niels Möller <nisse@cuckoo.hack.org>
+2001-04-13 Niels Möller <nisse@cuckoo.hack.org>
* Initial checkin.
INSTALL_STRIP_PROGRAM = $(INSTALL_PROGRAM) -s
MKDIR_P = @MKDIR_P@
+OPT_ASM_SOURCES = @OPT_ASM_SOURCES@
+
SUBDIRS = tools testsuite examples
include config.make
PRE_CPPFLAGS = -I.
# FIXME: Add configuration of LIBEXT?
-LIBTARGETS = libnettle.a @IF_HOGWEED@ libhogweed.a
-SHLIBTARGETS = $(LIBNETTLE_FORLINK) @IF_HOGWEED@ $(LIBHOGWEED_FORLINK)
+LIBTARGETS = @IF_STATIC@ libnettle.a @IF_HOGWEED@ libhogweed.a
+SHLIBTARGETS = @IF_SHARED@ $(LIBNETTLE_FORLINK) @IF_HOGWEED@ $(LIBHOGWEED_FORLINK)
+
+getopt_SOURCES = getopt.c getopt1.c
+getopt_TARGETS = $(getopt_SOURCES:.c=.$(OBJEXT))
+
+internal_SOURCES = nettle-internal.c
+internal_TARGETS = $(internal_SOURCES:.c=.$(OBJEXT))
-TARGETS = aesdata$(EXEEXT) desdata$(EXEEXT) shadata$(EXEEXT) \
- $(LIBTARGETS) @IF_SHARED@ $(SHLIBTARGETS)
+TARGETS = aesdata$(EXEEXT_FOR_BUILD) desdata$(EXEEXT_FOR_BUILD) \
+ twofishdata$(EXEEXT_FOR_BUILD) shadata$(EXEEXT_FOR_BUILD) \
+ gcmdata$(EXEEXT_FOR_BUILD) \
+ $(getopt_TARGETS) $(internal_TARGETS) \
+ $(LIBTARGETS) $(SHLIBTARGETS)
+IMPLICIT_TARGETS = @IF_DLL@ $(LIBNETTLE_FILE) $(LIBHOGWEED_FILE)
-DOCTARGETS = nettle.info nettle.html nettle.pdf
+DOCTARGETS = @IF_DOCUMENTATION@ nettle.info nettle.html nettle.pdf
+
+PKGCONFIG_FILES = nettle.pc @IF_HOGWEED@ hogweed.pc
+pkgconfigdir = $(libdir)/pkgconfig
all check install uninstall:
$(MAKE) $@-here
aes-encrypt-internal.c aes-encrypt.c aes-encrypt-table.c \
aes-set-encrypt-key.c aes-set-decrypt-key.c aes-meta.c \
arcfour.c arcfour-crypt.c arcfour-meta.c \
- arctwo.c arctwo-meta.c \
+ arctwo.c arctwo-meta.c gosthash94-meta.c \
base16-encode.c base16-decode.c base16-meta.c \
base64-encode.c base64-decode.c base64-meta.c \
camellia-crypt.c camellia-crypt-internal.c \
camellia-table.c camellia-meta.c \
cast128.c cast128-meta.c \
blowfish.c \
- cbc.c ctr.c \
+ cbc.c ctr.c gcm.c gcm-aes.c \
des.c \
des3.c des-compat.c \
- hmac.c hmac-md5.c hmac-sha1.c \
+ hmac.c hmac-md5.c hmac-ripemd160.c hmac-sha1.c \
hmac-sha224.c hmac-sha256.c hmac-sha384.c hmac-sha512.c \
+ pbkdf2.c pbkdf2-hmac-sha1.c pbkdf2-hmac-sha256.c \
knuth-lfib.c \
md2.c md2-meta.c md4.c md4-meta.c \
md5.c md5-compress.c md5-compat.c md5-meta.c \
+ gosthash94.c \
+ ripemd160.c ripemd160-compress.c ripemd160-meta.c \
+ salsa20-core-internal.c \
+ salsa20-crypt.c salsa20r12-crypt.c salsa20-set-key.c \
sha1.c sha1-compress.c sha1-meta.c \
sha256.c sha256-compress.c sha224-meta.c sha256-meta.c \
sha512.c sha512-compress.c sha384-meta.c sha512-meta.c \
- serpent.c serpent-meta.c \
+ sha3.c sha3-permute.c \
+ sha3-224.c sha3-224-meta.c sha3-256.c sha3-256-meta.c \
+ sha3-384.c sha3-384-meta.c sha3-512.c sha3-512-meta.c\
+ serpent-set-key.c serpent-encrypt.c serpent-decrypt.c \
+ serpent-meta.c \
twofish.c twofish-meta.c \
+ umac-nh.c umac-nh-n.c umac-l2.c umac-l3.c \
+ umac-poly64.c umac-poly128.c umac-set-key.c \
+ umac32.c umac64.c umac96.c umac128.c \
yarrow256.c yarrow_key_event.c \
buffer.c buffer-init.c realloc.c \
- nettle-internal.c write-be32.c
+ nettle-meta-hashes.c nettle-meta-ciphers.c \
+ nettle-meta-armors.c \
+ write-be32.c write-le32.c write-le64.c
hogweed_SOURCES = sexp.c sexp-format.c \
sexp-transport.c sexp-transport-format.c \
bignum.c bignum-next-prime.c \
bignum-random.c bignum-random-prime.c \
sexp2bignum.c \
- pkcs1.c pkcs1-rsa-md5.c pkcs1-rsa-sha1.c \
+ pkcs1.c pkcs1-encrypt.c pkcs1-decrypt.c \
+ pkcs1-rsa-digest.c pkcs1-rsa-md5.c pkcs1-rsa-sha1.c \
pkcs1-rsa-sha256.c pkcs1-rsa-sha512.c \
rsa.c rsa-sign.c rsa-verify.c \
+ rsa-pkcs1-sign.c rsa-pkcs1-sign-tr.c rsa-pkcs1-verify.c \
rsa-md5-sign.c rsa-md5-verify.c \
rsa-sha1-sign.c rsa-sha1-verify.c \
rsa-sha256-sign.c rsa-sha256-verify.c \
rsa-sha512-sign.c rsa-sha512-verify.c \
- rsa-encrypt.c rsa-decrypt.c \
- rsa-keygen.c rsa-compat.c \
+ rsa-encrypt.c rsa-decrypt.c rsa-decrypt-tr.c \
+ rsa-keygen.c rsa-compat.c rsa-blind.c \
rsa2sexp.c sexp2rsa.c \
dsa.c dsa-sign.c dsa-verify.c dsa-keygen.c \
dsa-sha1-sign.c dsa-sha1-verify.c \
dsa-sha256-sign.c dsa-sha256-verify.c \
dsa2sexp.c sexp2dsa.c \
pgp-encode.c rsa2openpgp.c \
- der-iterator.c der2rsa.c der2dsa.c
+ der-iterator.c der2rsa.c der2dsa.c \
+ sec-add-1.c sec-sub-1.c sec-modinv.c sec-tabselect.c \
+ gmp-glue.c cnd-copy.c \
+ ecc-mod.c ecc-generic-modp.c ecc-generic-modq.c \
+ ecc-modp.c ecc-modq.c ecc-generic-redc.c \
+ ecc-192.c ecc-224.c ecc-256.c ecc-384.c ecc-521.c \
+ ecc-size.c ecc-j-to-a.c ecc-a-to-j.c \
+ ecc-dup-jj.c ecc-add-jja.c ecc-add-jjj.c \
+ ecc-mul-g.c ecc-mul-a.c ecc-hash.c ecc-random.c \
+ ecc-point.c ecc-scalar.c ecc-point-mul.c ecc-point-mul-g.c \
+ ecc-ecdsa-sign.c ecdsa-sign.c \
+ ecc-ecdsa-verify.c ecdsa-verify.c ecdsa-keygen.c
HEADERS = aes.h arcfour.h arctwo.h asn1.h bignum.h blowfish.h \
base16.h base64.h buffer.h camellia.h cast128.h \
cbc.h ctr.h \
- des.h des-compat.h dsa.h \
- hmac.h \
+ des.h des-compat.h dsa.h ecc-curve.h ecc.h ecdsa.h \
+ gcm.h gosthash94.h hmac.h \
knuth-lfib.h \
macros.h \
md2.h md4.h \
md5.h md5-compat.h \
memxor.h \
nettle-meta.h nettle-types.h \
- pgp.h pkcs1.h realloc.h rsa.h rsa-compat.h \
- sexp.h \
- serpent.h sha.h twofish.h \
- yarrow.h
+ pbkdf2.h \
+ pgp.h pkcs1.h realloc.h ripemd160.h rsa.h rsa-compat.h \
+ salsa20.h sexp.h \
+ serpent.h sha.h sha1.h sha2.h sha3.h twofish.h \
+ umac.h yarrow.h
INSTALL_HEADERS = $(HEADERS) nettle-stdint.h
-SOURCES = $(nettle_SOURCES) $(hogweed_SOURCES) aesdata.c desdata.c shadata.c
+SOURCES = $(nettle_SOURCES) $(hogweed_SOURCES) \
+ $(getopt_SOURCES) $(internal_SOURCES) \
+ aesdata.c desdata.c twofishdata.c shadata.c gcmdata.c eccdata.c
-DISTFILES = $(SOURCES) $(HEADERS) .bootstrap aclocal.m4 configure.ac \
+DISTFILES = $(SOURCES) $(HEADERS) getopt.h .bootstrap run-tests \
+ aclocal.m4 configure.ac \
configure stamp-h.in \
config.guess config.sub install-sh texinfo.tex \
config.h.in config.m4.in config.make.in Makefile.in \
- README AUTHORS COPYING COPYING.LIB INSTALL NEWS TODO ChangeLog \
+ README AUTHORS COPYING.LIB INSTALL NEWS TODO ChangeLog \
+ nettle.pc.in hogweed.pc.in \
memxor.c $(des_headers) descore.README \
- aes-internal.h camellia-internal.h cast128_sboxes.h desinfo.h desCode.h \
- serpent_sboxes.h nettle-internal.h nettle-write.h prime-list.h \
- asm.m4 \
+ aes-internal.h camellia-internal.h serpent-internal.h \
+ cast128_sboxes.h desinfo.h desCode.h \
+ nettle-internal.h nettle-write.h prime-list.h \
+ gmp-glue.h ecc-internal.h \
+ mini-gmp.h mini-gmp.c asm.m4 \
nettle.texinfo nettle.info nettle.html nettle.pdf sha-example.c
# Rules building static libraries
nettle_OBJS = $(nettle_SOURCES:.c=.$(OBJEXT)) $(LIBOBJS)
nettle_PURE_OBJS = $(nettle_OBJS:.$(OBJEXT)=.p$(OBJEXT))
-hogweed_OBJS = $(hogweed_SOURCES:.c=.$(OBJEXT))
+hogweed_OBJS = $(hogweed_SOURCES:.c=.$(OBJEXT)) $(OPT_ASM_SOURCES:.asm=.$(OBJEXT))
hogweed_PURE_OBJS = $(hogweed_OBJS:.$(OBJEXT)=.p$(OBJEXT))
-# FIXME: Do we really need to delete the archive first?
libnettle.a: $(nettle_OBJS)
-rm -f $@
$(AR) $(ARFLAGS) $@ $(nettle_OBJS)
$(RANLIB) $@
-# FIXME: Do we really need to delete the archive first?
libhogweed.a: $(hogweed_OBJS)
-rm -f $@
$(AR) $(ARFLAGS) $@ $(hogweed_OBJS)
$(COMPILE) $(CCPIC_MAYBE) -c $< \
&& $(DEP_PROCESS)
-# Rules building shared libraries
+# Rules building shared libraries.
$(LIBNETTLE_FORLINK): $(nettle_PURE_OBJS)
$(LIBNETTLE_LINK) $(nettle_PURE_OBJS) -o $@ $(LIBNETTLE_LIBS)
-mkdir .lib 2>/dev/null
- [ -z "$(LIBNETTLE_SONAME)" ] || (cd .lib \
- && ln -sf ../$(LIBNETTLE_FORLINK) $(LIBNETTLE_SONAME))
+ (cd .lib \
+ && rm -f $(LIBNETTLE_FORLINK) \
+ && $(LN_S) ../$(LIBNETTLE_FORLINK) $(LIBNETTLE_FORLINK) \
+ && [ -z "$(LIBNETTLE_SONAME)" ] \
+ || { rm -f $(LIBNETTLE_SONAME) \
+ && $(LN_S) $(LIBNETTLE_FORLINK) $(LIBNETTLE_SONAME) ; } )
$(LIBHOGWEED_FORLINK): $(hogweed_PURE_OBJS) $(LIBNETTLE_FORLINK)
$(LIBHOGWEED_LINK) $(hogweed_PURE_OBJS) -o $@ $(LIBHOGWEED_LIBS)
-mkdir .lib 2>/dev/null
- [ -z "$(LIBHOGWEED_SONAME)" ] || (cd .lib \
- && ln -sf ../$(LIBHOGWEED_FORLINK) $(LIBHOGWEED_SONAME))
+ (cd .lib \
+ && rm -f $(LIBHOGWEED_FORLINK) \
+ && $(LN_S) ../$(LIBHOGWEED_FORLINK) $(LIBHOGWEED_FORLINK) \
+ && [ -z "$(LIBHOGWEED_SONAME)" ] \
+ || { rm -f $(LIBHOGWEED_SONAME) \
+ && $(LN_S) $(LIBHOGWEED_FORLINK) $(LIBHOGWEED_SONAME) ; } )
.c.p$(OBJEXT):
$(COMPILE) $(SHLIBCFLAGS) -c $< -o $@ \
&& $(DEP_PROCESS)
-# For Solaris and BSD make, we have to use an explicit rule for each executable
-aesdata$(EXEEXT): aesdata.$(OBJEXT)
- $(LINK) aesdata.$(OBJEXT) $(LIBS) -o aesdata$(EXEEXT)
+# For Solaris and BSD make, we have to use an explicit rule for each
+# executable. Avoid object file targets to make it easy to run the
+# right compiler.
+aesdata$(EXEEXT_FOR_BUILD): aesdata.c
+ $(CC_FOR_BUILD) `test -f aesdata.c || echo '$(srcdir)/'`aesdata.c \
+ -o aesdata$(EXEEXT_FOR_BUILD)
+
+desdata$(EXEEXT_FOR_BUILD): desdata.c
+ $(CC_FOR_BUILD) `test -f desdata.c || echo '$(srcdir)/'`desdata.c \
+ -o desdata$(EXEEXT_FOR_BUILD)
-desdata$(EXEEXT): desdata.$(OBJEXT)
- $(LINK) desdata.$(OBJEXT) $(LIBS) -o desdata$(EXEEXT)
+twofishdata$(EXEEXT_FOR_BUILD): twofishdata.c
+ $(CC_FOR_BUILD) `test -f twofishdata.c || echo '$(srcdir)/'`twofishdata.c \
+ -o twofishdata$(EXEEXT_FOR_BUILD)
-shadata$(EXEEXT): shadata.$(OBJEXT)
- $(LINK) shadata.$(OBJEXT) $(LIBS) -lm -o shadata$(EXEEXT)
+shadata$(EXEEXT_FOR_BUILD): shadata.c
+ $(CC_FOR_BUILD) `test -f shadata.c || echo '$(srcdir)/'`shadata.c -lm \
+ -o shadata$(EXEEXT_FOR_BUILD)
-# .$(OBJEXT)$(EXEEXT):
-# $(LINK) $< $(LIBS) -o $@
+gcmdata$(EXEEXT_FOR_BUILD): gcmdata.c
+ $(CC_FOR_BUILD) `test -f gcmdata.c || echo '$(srcdir)/'`gcmdata.c \
+ -o gcmdata$(EXEEXT_FOR_BUILD)
+
+eccdata$(EXEEXT_FOR_BUILD): eccdata.c mini-gmp.c mini-gmp.h
+ $(CC_FOR_BUILD) `test -f eccdata.c || echo '$(srcdir)/'`eccdata.c \
+ -o eccdata$(EXEEXT_FOR_BUILD)
# desCore rules
# It seems using $(srcdir)/ doesn't work with GNU make 3.79.1
des.$(OBJEXT): des.c des.h $(des_headers)
-.asm.$(OBJEXT):
- $(M4) $(srcdir)/asm.m4 machine.m4 config.m4 \
- $< >$*.s
- $(COMPILE) $(CCPIC_MAYBE) -c $*.s
- echo "$@ : $< $(srcdir)/asm.m4 machine.m4 config.m4" >$@.d
-
-.asm.p$(OBJEXT):
- $(M4) $(srcdir)/asm.m4 machine.m4 config.m4 \
- $< >$*.s
- $(COMPILE) $(SHLIBCFLAGS) -c $*.s -o $@
- echo "$@ : $< $(srcdir)/asm.m4 machine.m4 config.m4" >$@.d
+# Generate ECC files.
+# Some possible choices for 192:
+# k = 15, c = 4, 64 entries, ~3 KB
+# k = 20, c = 6, 128 entries, ~6 KB
+# k = 10, c = 6, 256 entries, ~12 KB
+# k = 7, c = 6, 320 entries, ~15 KB
+# k = 9, c = 7, 512 entries, ~24 KB
+ecc-192.h: eccdata.stamp
+ ./eccdata$(EXEEXT_FOR_BUILD) 192 7 6 $(GMP_NUMB_BITS) > $@T && mv $@T $@
+# Some possible choices for 224:
+# k = 18, c = 4, 64 entries, ~4 KB
+# k = 24, c = 6, 128 entries, ~8 KB
+# k = 12, c = 6, 256 entries, ~16 KB
+# k = 8, c = 6, 320 entries, ~20 KB
+# k = 10, c = 7, 512 entries, ~32 KB
+ecc-224.h: eccdata.stamp
+ ./eccdata$(EXEEXT_FOR_BUILD) 224 12 6 $(GMP_NUMB_BITS) > $@T && mv $@T $@
+# Some possible choices for 256:
+# k = 20, c = 4, 64 entries, ~4 KB
+# k = 27, c = 6, 128 entries, ~8 KB
+# k = 14, c = 6, 256 entries, ~16 KB
+# k = 9, c = 6, 320 entries, ~20 KB
+# k = 12, c = 7, 512 entries, ~32 KB
+ecc-256.h: eccdata.stamp
+ ./eccdata$(EXEEXT_FOR_BUILD) 256 14 6 $(GMP_NUMB_BITS) > $@T && mv $@T $@
+# Some possible choices for 384:
+# k = 31, c = 4, 64 entries, ~6 KB
+# k = 41, c = 6, 128 entries, ~12 KB
+# k = 20, c = 6, 256 entries, ~24 KB
+# k = 14, c = 6, 320 entries, ~30 KB
+# k = 18, c = 7, 512 entries, ~48 KB
+ecc-384.h: eccdata.stamp
+ ./eccdata$(EXEEXT_FOR_BUILD) 384 41 6 $(GMP_NUMB_BITS) > $@T && mv $@T $@
+# Some possible choices for 521:
+# k = 42, c = 4, 64 entries, ~9 KB
+# k = 56, c = 6, 128 entries, ~18 KB
+# k = 28, c = 6, 256 entries, ~35 KB
+# k = 19, c = 6, 320 entries, ~44 KB
+# k = 24, c = 7, 512 entries, ~70 KB
+ecc-521.h: eccdata.stamp
+ ./eccdata$(EXEEXT_FOR_BUILD) 521 56 6 $(GMP_NUMB_BITS) > $@T && mv $@T $@
+
+eccdata.stamp: eccdata.c
+ $(MAKE) eccdata$(EXEEXT_FOR_BUILD)
+ echo stamp > eccdata.stamp
+
+ecc-192.$(OBJEXT): ecc-192.h
+ecc-224.$(OBJEXT): ecc-224.h
+ecc-256.$(OBJEXT): ecc-256.h
+ecc-384.$(OBJEXT): ecc-384.h
+ecc-521.$(OBJEXT): ecc-521.h
+
+ecc-192.p$(OBJEXT): ecc-192.h
+ecc-224.p$(OBJEXT): ecc-224.h
+ecc-256.p$(OBJEXT): ecc-256.h
+ecc-384.p$(OBJEXT): ecc-384.h
+ecc-521.p$(OBJEXT): ecc-521.h
+
+.asm.s:
+ $(M4) $(srcdir)/asm.m4 machine.m4 config.m4 $< >$@T \
+ && test -s $@T && mv -f $@T $@
+
+.s.$(OBJEXT):
+ $(COMPILE) $(CCPIC_MAYBE) -c $<
+
+.s.p$(OBJEXT):
+ $(COMPILE) $(SHLIBCFLAGS) -c $< -o $@
# Texinfo rules
.texinfo.info:
&& test -s $@T && mv -f $@T $@
.texinfo.dvi:
- cd $(srcdir) && texi2dvi `basename "$<"`
+ cd $(srcdir) && texi2dvi -b `basename "$<"`
.dvi.ps:
cd $(srcdir) && dvips -Ppdf -G0 -o `basename "$<" .dvi`.ps `basename "$<"`
config.m4: config.m4.in config.status
./config.status $@
+nettle.pc: nettle.pc.in config.status
+ ./config.status $@
+
+hogweed.pc: hogweed.pc.in config.status
+ ./config.status $@
+
# Installation
-install-here: install-info install-headers install-static \
+install-doc: @IF_DOCUMENTATION@ install-info
+install-here: install-doc install-headers install-static install-pkgconfig \
@IF_SHARED@ install-shared-nettle @IF_HOGWEED@ install-shared-hogweed
install-static: $(LIBTARGETS)
$(INSTALL_DATA) $$f $(DESTDIR)$(libdir) ; \
done
-install-shared-nettle: $(LIBNETTLE_FORLINK)
+install-dll-nettle:
+ $(MKDIR_P) $(DESTDIR)$(bindir)
+ $(INSTALL_DATA) $(LIBNETTLE_FORLINK) $(DESTDIR)$(bindir)/$(LIBNETTLE_FORLINK)
+
+install-shared-nettle: $(LIBNETTLE_FORLINK) @IF_DLL@ install-dll-nettle
$(MKDIR_P) $(DESTDIR)$(libdir)
- $(INSTALL_PROGRAM) $(LIBNETTLE_FORLINK) $(DESTDIR)$(libdir)/$(LIBNETTLE_FILE)
+ $(INSTALL_DATA) $(LIBNETTLE_FILE_SRC) $(DESTDIR)$(libdir)/$(LIBNETTLE_FILE)
[ -z "$(LIBNETTLE_SONAME)" ] \
|| (cd $(DESTDIR)$(libdir) \
- && ln -sf $(LIBNETTLE_FILE) $(LIBNETTLE_SONAME) \
- && ln -sf $(LIBNETTLE_FILE) $(LIBNETTLE_FORLINK))
+ && rm -f $(LIBNETTLE_SONAME) $(LIBNETTLE_FORLINK) \
+ && $(LN_S) $(LIBNETTLE_FILE) $(LIBNETTLE_SONAME) \
+ && $(LN_S) $(LIBNETTLE_FILE) $(LIBNETTLE_FORLINK))
+
+install-dll-hogweed:
+ $(MKDIR_P) $(DESTDIR)$(bindir)
+ $(INSTALL_DATA) $(LIBHOGWEED_FORLINK) $(DESTDIR)$(bindir)/$(LIBHOGWEED_FORLINK)
-install-shared-hogweed: $(LIBHOGWEED_FORLINK)
+install-shared-hogweed: $(LIBHOGWEED_FORLINK) @IF_DLL@ install-dll-hogweed
$(MKDIR_P) $(DESTDIR)$(libdir)
- $(INSTALL_PROGRAM) $(LIBHOGWEED_FORLINK) $(DESTDIR)$(libdir)/$(LIBHOGWEED_FILE)
+ $(INSTALL_DATA) $(LIBHOGWEED_FILE_SRC) $(DESTDIR)$(libdir)/$(LIBHOGWEED_FILE)
[ -z "$(LIBHOGWEED_SONAME)" ] \
|| (cd $(DESTDIR)$(libdir) \
- && ln -sf $(LIBHOGWEED_FILE) $(LIBHOGWEED_SONAME) \
- && ln -sf $(LIBHOGWEED_FILE) $(LIBHOGWEED_FORLINK))
+ && rm -f $(LIBHOGWEED_SONAME) $(LIBHOGWEED_FORLINK) \
+ && $(LN_S) $(LIBHOGWEED_FILE) $(LIBHOGWEED_SONAME) \
+ && $(LN_S) $(LIBHOGWEED_FILE) $(LIBHOGWEED_FORLINK))
# I'd like to use makes VPATH search to locate the files to be
# installed. But it seems most make programs don't set $<, $^, $? and
$(INSTALL_DATA) "$(srcdir)/$$f" $(DESTDIR)$(includedir)/nettle ; \
fi ; done
+install-pkgconfig: $(PKGCONFIG_FILES)
+ $(MKDIR_P) $(DESTDIR)$(pkgconfigdir)
+ for f in $(PKGCONFIG_FILES) ; do \
+ $(INSTALL_DATA) "$$f" $(DESTDIR)$(pkgconfigdir) ; \
+ done
+
# Uninstall
uninstall-here: uninstall-info uninstall-headers uninstall-static \
- @IF_SHARED@ uninstall-shared
+ uninstall-pkgconfig @IF_SHARED@ uninstall-shared
uninstall-static:
for f in $(LIBTARGETS) ; do \
# FIXME: Leaves the links around
uninstall-shared: uninstall-shared-nettle @IF_HOGWEED@ uninstall-shared-hogweed
-uninstall-shared-nettle:
+uninstall-dll-nettle:
+ rm -f $(DESTDIR)$(bindir)/$(LIBNETTLE_FORLINK)
+
+uninstall-shared-nettle: @IF_DLL@ uninstall-dll-nettle
rm -f $(DESTDIR)$(libdir)/$(LIBNETTLE_FILE)
[ -z "$(LIBNETTLE_SONAME)" ] \
|| rm -f $(LIBNETTLE_SONAME) $(LIBNETTLE_FORLINK)
-uninstall-shared-hogweed:
+uninstall-dll-hogweed:
+ rm -f $(DESTDIR)$(bindir)/$(LIBHOGWEED_FORLINK)
+
+uninstall-shared-hogweed: @IF_DLL@ uninstall-dll-hogweed
rm -f $(DESTDIR)$(libdir)/$(LIBHOGWEED_FILE)
[ -z "$(LIBHOGWEED_SONAME)" ] \
|| rm -f $(LIBHOGWEED_SONAME) $(LIBHOGWEED_FORLINK)
+uninstall-pkgconfig:
+ for f in $(PKGCONFIG_FILES) ; do \
+ rm -f $(DESTDIR)$(pkgconfigdir)/$$f ; \
+ done
+
# Distribution
distdir = $(PACKAGE_NAME)-$(PACKAGE_VERSION)
top_distdir = $(distdir)
else cp "$(srcdir)/$$f" "$(distdir)" ; \
fi ; \
done
- set -e; for d in sparc32 sparc64 x86 x86_64; do \
+ set -e; for d in sparc32 sparc64 x86 x86_64 arm arm/neon arm/v6; do \
mkdir "$(distdir)/$$d" ; \
- cp $(srcdir)/$$d/*.asm $(srcdir)/$$d/*.m4 "$(distdir)/$$d" ; \
+ find "$(srcdir)/$$d" -maxdepth 1 '(' -name '*.asm' -o -name '*.m4' ')' \
+ -exec cp '{}' "$(distdir)/$$d" ';' ; \
done
set -e; for d in $(SUBDIRS); do \
sd="$(distdir)/$$d" ; \
$(rm_distcheck)
clean-here:
- -rm -f $(TARGETS) *.$(OBJEXT) *.p$(OBJEXT) *.s
+ -rm -f $(TARGETS) $(IMPLICIT_TARGETS) *.$(OBJEXT) *.p$(OBJEXT) *.s \
+ ecc-192.h ecc-224.h ecc-256.h ecc-384.h ecc-521.h \
+ eccdata$(EXEEXT_FOR_BUILD) eccdata.stamp
-rm -rf .lib
distclean-here: clean-here
-rm -f config.h stamp-h config.log config.status machine.m4 \
- config.make config.m4 Makefile nettle-stdint.h *.asm *.d
+ config.make config.m4 Makefile nettle-stdint.h \
+ nettle.pc hogweed.pc \
+ *.asm *.d
maintainer-clean-here:
-rm -f $(DOCTARGETS) *.dvi *.ps
tags-here:
etags -o $(srcdir)/TAGS $(srcdir)/*.c $(srcdir)/*.h
-DEP_FILES = $(SOURCES:.c=.$(OBJEXT).d) $(SOURCES:.c=.p$(OBJEXT).d)
+DEP_FILES = $(SOURCES:.c=.$(OBJEXT).d) $(SOURCES:.c=.p$(OBJEXT).d) asm.d
@DEP_INCLUDE@ $(DEP_FILES)
+NEWS for the 2.7.1 release
+
+ This is a bugfix release.
+
+ Bug fixes:
+
+ * Fixed a bug in the new ECC code. The ecc_j_to_a function
+ called GMP:s mpn_mul_n (via ecc_modp_mul) with overlapping
+ input and output arguments, which is not supported.
+
+ * The assembly files for SHA1, SHA256 and AES depend on ARMv6
+ instructions, breaking nettle-2.7 for pre-v6 ARM processors.
+ The configure script now enables those assembly files only
+ when building for ARMv6 or later.
+
+ * Use a more portable C expression for rotations. The
+ previous version used the following "standard" expression
+ for 32-bit rotation:
+
+ (x << n) | (x >> (32 - n))
+
+ But this gives undefined behavior (according to the C
+ specification) for n = 0. The rotate expression is replaced
+ by the more portable:
+
+ (x << n) | (x >> ((-n)&31))
+
+ This change affects only CAST128, which uses non-constant
+ rotation counts. Unfortunately, the new expression is poorly
+ optimized by released versions of gcc, making CAST128 a bit
+ slower. This is being fixed by the gcc hackers, see
+ http://gcc.gnu.org/bugzilla/show_bug.cgi?id=57157.
+
+ The following problems have been reported, but are *not* fixed
+ in this release:
+
+ * ARM assembly files use instruction syntax which is not
+ supported by all assemblers. Workaround: Use a current
+ version of GNU as, or configure with --disable-assembler.
+
+ * Configuring with --disable-static doesn't work on windows.
+
+ The libraries are intended to be binary compatible with
+ nettle-2.2 and later. The shared library names are
+ libnettle.so.4.7 and libhogweed.so.2.5, with sonames still
+ libnettle.so.4 and libhogweed.so.2.
+
+NEWS for the 2.7 release
+
+ This release includes an implementation of elliptic curve
+ cryptography (ECC) and optimizations for the ARM architecture.
+ This work was done at the offices of South Pole AB, and
+ generously funded by the .SE Internet Fund.
+
+ Bug fixes:
+
+ * Fixed a bug in the buffer handling for incremental SHA3
+ hashing, with a possible buffer overflow. Patch by Edgar
+ E. Iglesias.
+
+ New features:
+
+ * Support for ECDSA signatures. Elliptic curve operations over
+ the following curves: secp192r1, secp224r1, secp256r1,
+ secp384r1 and secp521r1, including x86_64 and ARM assembly
+ for the most important primitives.
+
+ * Support for UMAC, including x86_64 and ARM assembly.
+
+ * Support for 12-round salsa20, "salsa20r12", as specified by
+ eSTREAM. Contributed by Nikos Mavrogiannopoulos.
+
+ Optimizations:
+
+ * ARM assembly code for several additional algorithms,
+ including AES, Salsa20, and the SHA family of hash
+ functions.
+
+ * x86_64 assembly for SHA256, SHA512, and SHA3. (SHA3 assembly
+ was included in the 2.6 release, but disabled due to poor
+ performance on some AMD processors. Hopefully, that
+ performance problem is fixed now).
+
+ The ARM code was tested and benchmarked on Cortex-A9. Some of
+ the functions use "neon" instructions. The configure script
+ decides if neon instructions can be used, and the command line
+ options --enable-arm-neon and --disable-arm-neon can be used
+ to override its choice. Feedback appreciated.
+
+ The libraries are intended to be binary compatible with
+ nettle-2.2 and later. The shared library names are
+ libnettle.so.4.6 and libhogweed.so.2.4, with sonames still
+ libnettle.so.4 and libhogweed.so.2.
+
+NEWS for the 2.6 release
+
+ Bug fixes:
+
+ * Fixed a bug in ctr_crypt. For zero length (which should be a
+ NOP), it sometimes incremented the counter. Reported by Tim
+ Kosse.
+
+ * Fixed a small memory leak in nettle_realloc and
+ nettle_xrealloc.
+
+ New features:
+
+ * Support for PKCS #5 PBKDF2, to generate a key from a
+ password or passphrase. Contributed by Simon Josefsson.
+ Specification in RFC 2898 and test vectors in RFC 6070.
+
+ * Support for SHA3.
+
+ * Support for the GOST R 34.11-94 hash algorithm. Ported from
+ librhash by Nikos Mavrogiannopoulos. Written by Aleksey
+ Kravchenko. More information in RFC4357. Test vectors taken
+ from the GOST hash wikipedia page.
+
+ Miscellaneous:
+
+ * The include file <nettle/sha.h> has been split into
+ <nettle/sha1.h> and <nettle/sha2.h>. For now, sha.h is kept
+ for backwards compatibility and it simply includes both
+ files, but applications are encouraged to use the new names.
+ The new SHA3 functions are declared in <nettle/sha3.h>.
+
+ * Testsuite can be run under valgrind, using
+
+ make check EMULATOR='$(VALGRIND)'
+
+ For this to work, test programs and other executables now
+ deallocate storage.
+
+ * New configure options --disable-documentation and
+ --disable-static. Contributed by Sam Thursfield and Alon
+ Bar-Lev, respectively.
+
+ * The section on hash functions in the manual is split into
+ separate nodes for recommended hash functions and legacy
+ hash functions.
+
+ * Various smaller improvements, most of them portability
+ fixes. Credits go to David Woodhouse, Tim Rühsen, Martin
+ Storsjö, Nikos Mavrogiannopoulos, Fredrik Thulin and Dennis
+ Clarke.
+
+ Finally, a note on the naming of the various "SHA" hash
+ functions. Naming is a bit inconsistent; we have, e.g.,
+
+ SHA1: sha1_digest
+ SHA2: sha256_digest (not sha2_256_digest)
+ SHA3: sha3_256_digest
+
+ Renaming the SHA2 functions to make Nettle's naming more
+ consistent has been considered, but the current naming follows
+ common usage. Most documents (including the specification for
+ SHA2) refer to 256-bit SHA2 as "SHA-256" or "SHA256" rather
+ than "SHA2-256".
+
+ The libraries are intended to be binary compatible with
+ nettle-2.2 and later. The shared library names are
+ libnettle.so.4.5 and libhogweed.so.2.3, with sonames still
+ libnettle.so.4 and libhogweed.so.2
+
+NEWS for the 2.5 release
+
+ This release includes important portability fixes for Windows
+ and MacOS. There are also a few new features.
+
+ First a *warning*: Some internal functions have been removed
+ from the library. Since the functions in question are internal
+ and not documented, this is not considered a change of ABI or
+ API. Programs explicitly using any of these functions will
+ break.
+
+ * The function pkcs1_signature_prefix has been renamed to
+ _pkcs1_signature_prefix, and with slightly different
+ behavior.
+
+ * The file nettle-internal.c is no longer included in the
+ library (the features defined there are used by the
+ benchmark and test programs, and were never intended for
+ public use).
+
+ New features:
+
+ * Support for the salsa20 stream cipher, including x86_64
+ assembler. Originally contributed by Simon Josefsson, based
+ on the reference implementation, then further optimized.
+
+ * Tentative interface for timing-resistant RSA functions,
+ contributed by Nikos Mavrogiannopoulos.
+
+ * A more general interface for PKCS#1 signatures, taking the
+ input in the form of a "DigestInfo". Suggested by Nikos
+ Mavrogiannopoulos.
+
+ Configuration:
+
+ * Building of shared libraries (./configure --enable-shared)
+ is now enabled by default.
+
+ * Various portability fixes for MacOS and M$ Windows. A lot of
+ this work done by Martin Storsjö.
+
+ * In particular, Nettle now hopefully works on 64-bit Windows
+ builds, "W64", including the x86_64 assembly code.
+
+ Miscellaneous:
+
+ * Documentation and example programs for the base16 and base64
+ functions. Was contributed by Jeronimo Pellegrini back in
+ 2006, but unfortunately forgotten until now.
+
+ * Use an additional table to avoid GF2^8 multiplications in
+ aes_invert_key (mainly used by aes_set_decrypt_key). Also
+ tabulate round constants in aes_set_encrypt_key.
+
+ * The nettle repository has been migrated from cvs to git,
+ with a public repository at
+ http://git.lysator.liu.se/nettle. To make it independent of
+ the LSH repository, a few files have been moved around.
+ While at it, files have also been converted from latin-1 to
+ utf-8.
+
+ The libraries are intended to be binary compatible with
+ nettle-2.2 and later. The shared library names are
+ libnettle.so.4.4 and libhogweed.so.2.2, with sonames still
+ libnettle.so.4 and libhogweed.so.2
+
+NEWS for the 2.4 release
+
+ This is a bugfix release only. It turned out ripemd160 in the
+ 2.3 release was broken on all big-endian systems, due to a
+ missing include of config.h. nettle-2.4 fixes this.
+
+ The library is intended to be binary compatible with
+ nettle-2.2 and nettle-2.3. The shared library names are
+ libnettle.so.4.3 and libhogweed.so.2.1, with sonames still
+ libnettle.so.4 and libhogweed.so.2.
+
+NEWS for the 2.3 release
+
+ * Support for the ripemd-160 hash function.
+
+ * Generates and installs nettle.pc and hogweed.pc files, for
+ use with pkg-config. Feedback appreciated. For projects
+ using autoconf, the traditional non-pkg-config ways of
+ detecting libraries, and setting LIBS and LDFLAGS, is still
+ recommended.
+
+ * Fixed a bug which made the testsuite fail in the GCM test on
+ certain platforms. Should not affect any documented features
+ of the library.
+
+ * Reorganization of the code for the various Merkle-Damgård
+ hash functions. Some fields in the context structs for md4,
+ md5 and sha1 have been renamed, for consistency.
+ Applications should not peek inside these structs, and the
+ ABI is unchanged.
+
+ * In the manual, fixed mis-placed const in certain function
+ prototypes.
+
+ The library is intended to be binary compatible with
+ nettle-2.2. The shared library names are libnettle.so.4.2 and
+ libhogweed.so.2.1, with sonames still libnettle.so.4 and
+ libhogweed.so.2.
+
+NEWS for the 2.2 release
+
+ Licensing change:
+
+ * Relicensed as LGPL v2.1 or later (user's option).
+
+ * Replaced blowfish and serpent implementation. New code is
+ based on the LGPLed code in libgcrypt.
+
+ New features:
+
+ * Support for Galois/Counter Mode (GCM).
+
+ * New interface for enumerating (most) available algorithms,
+ contributed by Daniel Kahn Gillmor.
+
+ * New tool nettle-hash. Can generate hash digests using any
+ supported hash function, with output compatible with md5sum
+ and friends from GNU coreutils. Checking (like md5sum -c)
+ not yet implemented.
+
+ Bug fixes:
+
+ * The old serpent code had a byte order bug (introduced by
+ yours truly about ten years ago). New serpent implementation
+ does not interoperate with earlier versions of nettle.
+
+ * Fixed ABI-dependent libdir default for Linux-based systems
+ which do not follow the Linux File Hierarchy Standard, e.g.,
+ Debian GNU/Linux.
+
+ Optimizations:
+
+ * x86_64 implemention of serpent.
+
+ * x86_64 implemention of camellia.
+
+ * Optimized memxor using word rather than byte operations.
+ Both generic C and x86_64 assembler.
+
+ * Eliminated a memcpy for in-place CBC decrypt.
+
+ Miscellaneous:
+
+ * In command line tools, no longer support -? for requesting
+ help, since using it without shell quoting is a dangerous
+ habit. Use long option --help instead.
+
+ The shared library names are libnettle.so.4.1 and
+ libhogweed.so.2.1, with sonames libnettle.so.4 and
+ libhogweed.so.2.
+
NEWS for the 2.1 release
*Important*: this release breaks source and binary
of the library.
Nettle is free software; you can redistribute it and/or modify it under
-the terms of the GNU General Public License as published by the Free
-Software Foundation. See the file COPYING for details. Most, but not
-all, of Nettle can also be used under the terms of the GNU Lesser
-General Public License; please read the Copyright section of the
-manual if you want to exercise this option.
+the terms of the GNU Lesser General Public License as published by the Free
+Software Foundation. See the file COPYING.LIB for details.
Build nettle with the usual ./configure && make && make check && make
install. Read the manual. Mail me if you have any questions or
suggestions.
-You can also build Nettle from cvs, using
-
- cvs -d :pserver:anonymous@cvs.lysator.liu.se:/cvsroot/lsh login
- [ empty password ]
- cvs -d :pserver:anonymous@cvs.lysator.liu.se:/cvsroot/lsh co nettle
-
-If you get it from cvs, you need to build it with
-
- ./.bootstrap && ./configure && make && make check
+You can also build Nettle from git, see
+http://www.lysator.liu.se/~nisse/nettle/ for current instructions.
You may want to subscribe to the nettle-bugs mailing list. See
<URL: http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs>.
Happy hacking,
-/Niels Möller <nisse@lysator.liu.se>
+/Niels Möller <nisse@lysator.liu.se>
Valgrind reports errors on the des-compat test program. Investigate.
-
-Change the convention for declaring function pointers. Instead of for
-example
-
- typedef void *
- nettle_realloc_func(void *ctx, void *p, unsigned length);
-
-use
-
- typedef void
- nettle_realloc_func(void *ctx, void *p, unsigned length);
-
The make rules for building position independent *_p.o files doesn't
get dependencies right.
#else /* defined __GNUC__ */
# if HAVE_ALLOCA_H
# include <alloca.h>
+# else
+/* Needed for alloca on windows, also with gcc */
+# if HAVE_MALLOC_H
+# include <malloc.h>
+# endif
# endif
#endif
])])
rm -f conftest*
])
+dnl GMP_PROG_CC_FOR_BUILD
+dnl ---------------------
+dnl Establish CC_FOR_BUILD, a C compiler for the build system.
+dnl
+dnl If CC_FOR_BUILD is set then it's expected to work, likewise the old
+dnl style HOST_CC, otherwise some likely candidates are tried, the same as
+dnl configfsf.guess.
+
+AC_DEFUN([GMP_PROG_CC_FOR_BUILD],
+[AC_REQUIRE([AC_PROG_CC])
+if test -n "$CC_FOR_BUILD"; then
+ GMP_PROG_CC_FOR_BUILD_WORKS($CC_FOR_BUILD,,
+ [AC_MSG_ERROR([Specified CC_FOR_BUILD doesn't seem to work])])
+elif test -n "$HOST_CC"; then
+ GMP_PROG_CC_FOR_BUILD_WORKS($HOST_CC,
+ [CC_FOR_BUILD=$HOST_CC],
+ [AC_MSG_ERROR([Specified HOST_CC doesn't seem to work])])
+elif test $cross_compiling = no ; then
+ CC_FOR_BUILD="$CC"
+else
+ for i in cc gcc c89 c99; do
+ GMP_PROG_CC_FOR_BUILD_WORKS($i,
+ [CC_FOR_BUILD=$i
+ break])
+ done
+ if test -z "$CC_FOR_BUILD"; then
+ AC_MSG_ERROR([Cannot find a build system compiler])
+ fi
+fi
+
+AC_ARG_VAR(CC_FOR_BUILD,[build system C compiler])
+AC_SUBST(CC_FOR_BUILD)
+])
+
+
+dnl GMP_PROG_CC_FOR_BUILD_WORKS(cc/cflags[,[action-if-good][,action-if-bad]])
+dnl -------------------------------------------------------------------------
+dnl See if the given cc/cflags works on the build system.
+dnl
+dnl It seems easiest to just use the default compiler output, rather than
+dnl figuring out the .exe or whatever at this stage.
+
+AC_DEFUN([GMP_PROG_CC_FOR_BUILD_WORKS],
+[AC_MSG_CHECKING([build system compiler $1])
+# remove anything that might look like compiler output to our "||" expression
+rm -f conftest* a.out b.out a.exe a_out.exe
+cat >conftest.c <<EOF
+int
+main ()
+{
+ exit(0);
+}
+EOF
+gmp_compile="$1 conftest.c"
+cc_for_build_works=no
+if AC_TRY_EVAL(gmp_compile); then
+ if (./a.out || ./b.out || ./a.exe || ./a_out.exe || ./conftest) >&AC_FD_CC 2>&1; then
+ cc_for_build_works=yes
+ fi
+fi
+rm -f conftest* a.out b.out a.exe a_out.exe
+AC_MSG_RESULT($cc_for_build_works)
+if test "$cc_for_build_works" = yes; then
+ ifelse([$2],,:,[$2])
+else
+ ifelse([$3],,:,[$3])
+fi
+])
+
+dnl GMP_PROG_EXEEXT_FOR_BUILD
+dnl -------------------------
+dnl Determine EXEEXT_FOR_BUILD, the build system executable suffix.
+dnl
+dnl The idea is to find what "-o conftest$foo" will make it possible to run
+dnl the program with ./conftest. On Unix-like systems this is of course
+dnl nothing, for DOS it's ".exe", or for a strange RISC OS foreign file
+dnl system cross compile it can be ",ff8" apparently. Not sure if the
+dnl latter actually applies to a build-system executable, maybe it doesn't,
+dnl but it won't hurt to try.
+
+AC_DEFUN([GMP_PROG_EXEEXT_FOR_BUILD],
+[AC_REQUIRE([GMP_PROG_CC_FOR_BUILD])
+AC_CACHE_CHECK([for build system executable suffix],
+ gmp_cv_prog_exeext_for_build,
+[if test $cross_compiling = no ; then
+ gmp_cv_prog_exeext_for_build="$EXEEXT"
+else
+ cat >conftest.c <<EOF
+int
+main ()
+{
+ exit (0);
+}
+EOF
+ for i in .exe ,ff8 ""; do
+ gmp_compile="$CC_FOR_BUILD conftest.c -o conftest$i"
+ if AC_TRY_EVAL(gmp_compile); then
+ if (./conftest) 2>&AC_FD_CC; then
+ gmp_cv_prog_exeext_for_build=$i
+ break
+ fi
+ fi
+ done
+ rm -f conftest*
+ if test "${gmp_cv_prog_exeext_for_build+set}" != set; then
+ AC_MSG_ERROR([Cannot determine executable suffix])
+ fi
+fi
+])
+AC_SUBST(EXEEXT_FOR_BUILD,$gmp_cv_prog_exeext_for_build)
+])
+
+dnl NETTLE_CHECK_ARM_NEON
+dnl ---------------------
+dnl Check if ARM Neon instructions should be used.
+dnl Obeys enable_arm_neon, which should be set earlier.
+AC_DEFUN([NETTLE_CHECK_ARM_NEON],
+[if test "$enable_arm_neon" = auto ; then
+ if test "$cross_compiling" = yes ; then
+ dnl Check if compiler/assembler accepts it,
+ dnl without an explicit .fpu neon directive.
+ AC_CACHE_CHECK([if assembler accepts Neon instructions],
+ nettle_cv_asm_arm_neon,
+ [GMP_TRY_ASSEMBLE([
+.text
+foo:
+ vmlal.u32 q1, d0, d1
+],
+ [nettle_cv_asm_arm_neon=yes],
+ [nettle_cv_asm_arm_neon=no])])
+ enable_arm_neon="$nettle_cv_asm_arm_neon"
+ else
+ AC_MSG_CHECKING([if /proc/cpuinfo claims neon support])
+ if grep '^Features.*:.* neon' /proc/cpuinfo >/dev/null ; then
+ enable_arm_neon=yes
+ else
+ enable_arm_neon=no
+ fi
+ AC_MSG_RESULT($enable_arm_neon)
+ fi
+fi
+])
+
dnl @synopsis AX_CREATE_STDINT_H [( HEADER-TO-GENERATE [, HEADERS-TO-CHECK])]
dnl
dnl the "ISO C9X: 7.18 Integer types <stdint.h>" section requires the
dnl file will include it directly. No need for fuzzy HAVE_STDINT_H things...
dnl
dnl @, (status: used on new platforms) (see http://ac-archive.sf.net/gstdint/)
-dnl @version $Id: aclocal.m4,v 1.1 2007/05/03 20:49:15 nisse Exp $
dnl @author Guido Draheim <guidod@gmx.de>
AC_DEFUN([AX_CREATE_STDINT_H],
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001 Niels Möller
+ * Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_AES_INTERNAL_H_INCLUDED
const uint8_t *src);
/* Macros */
-#define ROTBYTE(x) (((x) >> 8) | (((x) & 0xff) << 24))
-#define ROTRBYTE(x) (((x) << 8) | (((x) >> 24) & 0xff))
-#define SUBBYTE(x, box) (((box)[((x) & 0xff)]) | \
- ((box)[(((x) >> 8) & 0xff)] << 8) | \
- ((box)[(((x) >> 16) & 0xff)] << 16) | \
- ((box)[(((x) >> 24) & 0xff)] << 24))
-
/* Get the byte with index 0, 1, 2 and 3 */
#define B0(x) ((x) & 0xff)
#define B1(x) (((x) >> 8) & 0xff)
#define B2(x) (((x) >> 16) & 0xff)
#define B3(x) (((x) >> 24) & 0xff)
+#define SUBBYTE(x, box) ((uint32_t)(box)[B0(x)] \
+ | ((uint32_t)(box)[B1(x)] << 8) \
+ | ((uint32_t)(box)[B2(x)] << 16) \
+ | ((uint32_t)(box)[B3(x)] << 24))
+
#define AES_ROUND(T, w0, w1, w2, w3, k) \
(( T->table[0][ B0(w0) ] \
^ T->table[1][ B1(w1) ] \
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2000, 2001, 2002 Rafael R. Sevilla, Niels Möller
+ * Copyright (C) 2000, 2001, 2002 Rafael R. Sevilla, Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
/* Originally written by Rafael R. Sevilla <dido@pacific.net.ph> */
#include "aes-internal.h"
-/* Tables for computations in the AES GF2 field. */
-static const uint8_t gf2_log[0x100] =
-{
- 0x00,0x00,0x19,0x01,0x32,0x02,0x1a,0xc6,
- 0x4b,0xc7,0x1b,0x68,0x33,0xee,0xdf,0x03,
- 0x64,0x04,0xe0,0x0e,0x34,0x8d,0x81,0xef,
- 0x4c,0x71,0x08,0xc8,0xf8,0x69,0x1c,0xc1,
- 0x7d,0xc2,0x1d,0xb5,0xf9,0xb9,0x27,0x6a,
- 0x4d,0xe4,0xa6,0x72,0x9a,0xc9,0x09,0x78,
- 0x65,0x2f,0x8a,0x05,0x21,0x0f,0xe1,0x24,
- 0x12,0xf0,0x82,0x45,0x35,0x93,0xda,0x8e,
- 0x96,0x8f,0xdb,0xbd,0x36,0xd0,0xce,0x94,
- 0x13,0x5c,0xd2,0xf1,0x40,0x46,0x83,0x38,
- 0x66,0xdd,0xfd,0x30,0xbf,0x06,0x8b,0x62,
- 0xb3,0x25,0xe2,0x98,0x22,0x88,0x91,0x10,
- 0x7e,0x6e,0x48,0xc3,0xa3,0xb6,0x1e,0x42,
- 0x3a,0x6b,0x28,0x54,0xfa,0x85,0x3d,0xba,
- 0x2b,0x79,0x0a,0x15,0x9b,0x9f,0x5e,0xca,
- 0x4e,0xd4,0xac,0xe5,0xf3,0x73,0xa7,0x57,
- 0xaf,0x58,0xa8,0x50,0xf4,0xea,0xd6,0x74,
- 0x4f,0xae,0xe9,0xd5,0xe7,0xe6,0xad,0xe8,
- 0x2c,0xd7,0x75,0x7a,0xeb,0x16,0x0b,0xf5,
- 0x59,0xcb,0x5f,0xb0,0x9c,0xa9,0x51,0xa0,
- 0x7f,0x0c,0xf6,0x6f,0x17,0xc4,0x49,0xec,
- 0xd8,0x43,0x1f,0x2d,0xa4,0x76,0x7b,0xb7,
- 0xcc,0xbb,0x3e,0x5a,0xfb,0x60,0xb1,0x86,
- 0x3b,0x52,0xa1,0x6c,0xaa,0x55,0x29,0x9d,
- 0x97,0xb2,0x87,0x90,0x61,0xbe,0xdc,0xfc,
- 0xbc,0x95,0xcf,0xcd,0x37,0x3f,0x5b,0xd1,
- 0x53,0x39,0x84,0x3c,0x41,0xa2,0x6d,0x47,
- 0x14,0x2a,0x9e,0x5d,0x56,0xf2,0xd3,0xab,
- 0x44,0x11,0x92,0xd9,0x23,0x20,0x2e,0x89,
- 0xb4,0x7c,0xb8,0x26,0x77,0x99,0xe3,0xa5,
- 0x67,0x4a,0xed,0xde,0xc5,0x31,0xfe,0x18,
- 0x0d,0x63,0x8c,0x80,0xc0,0xf7,0x70,0x07,
-};
+#include "macros.h"
-static const uint8_t gf2_exp[0x100] =
+/* NOTE: We don't include rotated versions of the table. */
+static const uint32_t mtable[0x100] =
{
- 0x01,0x03,0x05,0x0f,0x11,0x33,0x55,0xff,
- 0x1a,0x2e,0x72,0x96,0xa1,0xf8,0x13,0x35,
- 0x5f,0xe1,0x38,0x48,0xd8,0x73,0x95,0xa4,
- 0xf7,0x02,0x06,0x0a,0x1e,0x22,0x66,0xaa,
- 0xe5,0x34,0x5c,0xe4,0x37,0x59,0xeb,0x26,
- 0x6a,0xbe,0xd9,0x70,0x90,0xab,0xe6,0x31,
- 0x53,0xf5,0x04,0x0c,0x14,0x3c,0x44,0xcc,
- 0x4f,0xd1,0x68,0xb8,0xd3,0x6e,0xb2,0xcd,
- 0x4c,0xd4,0x67,0xa9,0xe0,0x3b,0x4d,0xd7,
- 0x62,0xa6,0xf1,0x08,0x18,0x28,0x78,0x88,
- 0x83,0x9e,0xb9,0xd0,0x6b,0xbd,0xdc,0x7f,
- 0x81,0x98,0xb3,0xce,0x49,0xdb,0x76,0x9a,
- 0xb5,0xc4,0x57,0xf9,0x10,0x30,0x50,0xf0,
- 0x0b,0x1d,0x27,0x69,0xbb,0xd6,0x61,0xa3,
- 0xfe,0x19,0x2b,0x7d,0x87,0x92,0xad,0xec,
- 0x2f,0x71,0x93,0xae,0xe9,0x20,0x60,0xa0,
- 0xfb,0x16,0x3a,0x4e,0xd2,0x6d,0xb7,0xc2,
- 0x5d,0xe7,0x32,0x56,0xfa,0x15,0x3f,0x41,
- 0xc3,0x5e,0xe2,0x3d,0x47,0xc9,0x40,0xc0,
- 0x5b,0xed,0x2c,0x74,0x9c,0xbf,0xda,0x75,
- 0x9f,0xba,0xd5,0x64,0xac,0xef,0x2a,0x7e,
- 0x82,0x9d,0xbc,0xdf,0x7a,0x8e,0x89,0x80,
- 0x9b,0xb6,0xc1,0x58,0xe8,0x23,0x65,0xaf,
- 0xea,0x25,0x6f,0xb1,0xc8,0x43,0xc5,0x54,
- 0xfc,0x1f,0x21,0x63,0xa5,0xf4,0x07,0x09,
- 0x1b,0x2d,0x77,0x99,0xb0,0xcb,0x46,0xca,
- 0x45,0xcf,0x4a,0xde,0x79,0x8b,0x86,0x91,
- 0xa8,0xe3,0x3e,0x42,0xc6,0x51,0xf3,0x0e,
- 0x12,0x36,0x5a,0xee,0x29,0x7b,0x8d,0x8c,
- 0x8f,0x8a,0x85,0x94,0xa7,0xf2,0x0d,0x17,
- 0x39,0x4b,0xdd,0x7c,0x84,0x97,0xa2,0xfd,
- 0x1c,0x24,0x6c,0xb4,0xc7,0x52,0xf6,0x01,
+ 0x00000000,0x0b0d090e,0x161a121c,0x1d171b12,
+ 0x2c342438,0x27392d36,0x3a2e3624,0x31233f2a,
+ 0x58684870,0x5365417e,0x4e725a6c,0x457f5362,
+ 0x745c6c48,0x7f516546,0x62467e54,0x694b775a,
+ 0xb0d090e0,0xbbdd99ee,0xa6ca82fc,0xadc78bf2,
+ 0x9ce4b4d8,0x97e9bdd6,0x8afea6c4,0x81f3afca,
+ 0xe8b8d890,0xe3b5d19e,0xfea2ca8c,0xf5afc382,
+ 0xc48cfca8,0xcf81f5a6,0xd296eeb4,0xd99be7ba,
+ 0x7bbb3bdb,0x70b632d5,0x6da129c7,0x66ac20c9,
+ 0x578f1fe3,0x5c8216ed,0x41950dff,0x4a9804f1,
+ 0x23d373ab,0x28de7aa5,0x35c961b7,0x3ec468b9,
+ 0x0fe75793,0x04ea5e9d,0x19fd458f,0x12f04c81,
+ 0xcb6bab3b,0xc066a235,0xdd71b927,0xd67cb029,
+ 0xe75f8f03,0xec52860d,0xf1459d1f,0xfa489411,
+ 0x9303e34b,0x980eea45,0x8519f157,0x8e14f859,
+ 0xbf37c773,0xb43ace7d,0xa92dd56f,0xa220dc61,
+ 0xf66d76ad,0xfd607fa3,0xe07764b1,0xeb7a6dbf,
+ 0xda595295,0xd1545b9b,0xcc434089,0xc74e4987,
+ 0xae053edd,0xa50837d3,0xb81f2cc1,0xb31225cf,
+ 0x82311ae5,0x893c13eb,0x942b08f9,0x9f2601f7,
+ 0x46bde64d,0x4db0ef43,0x50a7f451,0x5baafd5f,
+ 0x6a89c275,0x6184cb7b,0x7c93d069,0x779ed967,
+ 0x1ed5ae3d,0x15d8a733,0x08cfbc21,0x03c2b52f,
+ 0x32e18a05,0x39ec830b,0x24fb9819,0x2ff69117,
+ 0x8dd64d76,0x86db4478,0x9bcc5f6a,0x90c15664,
+ 0xa1e2694e,0xaaef6040,0xb7f87b52,0xbcf5725c,
+ 0xd5be0506,0xdeb30c08,0xc3a4171a,0xc8a91e14,
+ 0xf98a213e,0xf2872830,0xef903322,0xe49d3a2c,
+ 0x3d06dd96,0x360bd498,0x2b1ccf8a,0x2011c684,
+ 0x1132f9ae,0x1a3ff0a0,0x0728ebb2,0x0c25e2bc,
+ 0x656e95e6,0x6e639ce8,0x737487fa,0x78798ef4,
+ 0x495ab1de,0x4257b8d0,0x5f40a3c2,0x544daacc,
+ 0xf7daec41,0xfcd7e54f,0xe1c0fe5d,0xeacdf753,
+ 0xdbeec879,0xd0e3c177,0xcdf4da65,0xc6f9d36b,
+ 0xafb2a431,0xa4bfad3f,0xb9a8b62d,0xb2a5bf23,
+ 0x83868009,0x888b8907,0x959c9215,0x9e919b1b,
+ 0x470a7ca1,0x4c0775af,0x51106ebd,0x5a1d67b3,
+ 0x6b3e5899,0x60335197,0x7d244a85,0x7629438b,
+ 0x1f6234d1,0x146f3ddf,0x097826cd,0x02752fc3,
+ 0x335610e9,0x385b19e7,0x254c02f5,0x2e410bfb,
+ 0x8c61d79a,0x876cde94,0x9a7bc586,0x9176cc88,
+ 0xa055f3a2,0xab58faac,0xb64fe1be,0xbd42e8b0,
+ 0xd4099fea,0xdf0496e4,0xc2138df6,0xc91e84f8,
+ 0xf83dbbd2,0xf330b2dc,0xee27a9ce,0xe52aa0c0,
+ 0x3cb1477a,0x37bc4e74,0x2aab5566,0x21a65c68,
+ 0x10856342,0x1b886a4c,0x069f715e,0x0d927850,
+ 0x64d90f0a,0x6fd40604,0x72c31d16,0x79ce1418,
+ 0x48ed2b32,0x43e0223c,0x5ef7392e,0x55fa3020,
+ 0x01b79aec,0x0aba93e2,0x17ad88f0,0x1ca081fe,
+ 0x2d83bed4,0x268eb7da,0x3b99acc8,0x3094a5c6,
+ 0x59dfd29c,0x52d2db92,0x4fc5c080,0x44c8c98e,
+ 0x75ebf6a4,0x7ee6ffaa,0x63f1e4b8,0x68fcedb6,
+ 0xb1670a0c,0xba6a0302,0xa77d1810,0xac70111e,
+ 0x9d532e34,0x965e273a,0x8b493c28,0x80443526,
+ 0xe90f427c,0xe2024b72,0xff155060,0xf418596e,
+ 0xc53b6644,0xce366f4a,0xd3217458,0xd82c7d56,
+ 0x7a0ca137,0x7101a839,0x6c16b32b,0x671bba25,
+ 0x5638850f,0x5d358c01,0x40229713,0x4b2f9e1d,
+ 0x2264e947,0x2969e049,0x347efb5b,0x3f73f255,
+ 0x0e50cd7f,0x055dc471,0x184adf63,0x1347d66d,
+ 0xcadc31d7,0xc1d138d9,0xdcc623cb,0xd7cb2ac5,
+ 0xe6e815ef,0xede51ce1,0xf0f207f3,0xfbff0efd,
+ 0x92b479a7,0x99b970a9,0x84ae6bbb,0x8fa362b5,
+ 0xbe805d9f,0xb58d5491,0xa89a4f83,0xa397468d,
};
-static unsigned
-mult(unsigned a, unsigned b)
-{
- return (a && b) ? gf2_exp[ (gf2_log[a] + gf2_log[b]) % 255] : 0;
-}
-
-static void
-inv_mix_column(uint32_t *a)
-{
- uint8_t c[4][4];
- unsigned i, j;
-
- for (j = 0; j < 4; j++)
- {
- for(i = 0; i < 4; i++)
- {
- c[j][i] = mult(0xe, (a[j] >> i*8) & 0xff)
- ^ mult(0xb, (a[j] >> ((i+1)%4)*8) & 0xff)
- ^ mult(0xd, (a[j] >> ((i+2)%4)*8) & 0xff)
- ^ mult(0x9, (a[j] >> ((i+3)%4)*8) & 0xff);
- }
- }
- for (i = 0; i < 4; i++)
- {
- a[i] = 0;
- for(j = 0; j < 4; j++)
- a[i] |= c[i][j] << (j*8);
- }
-}
+#define MIX_COLUMN(T, key) do { \
+ uint32_t _k, _nk, _t; \
+ _k = (key); \
+ _nk = T[_k & 0xff]; \
+ _k >>= 8; \
+ _t = T[_k & 0xff]; \
+ _nk ^= ROTL32(8, _t); \
+ _k >>= 8; \
+ _t = T[_k & 0xff]; \
+ _nk ^= ROTL32(16, _t); \
+ _k >>= 8; \
+ _t = T[_k & 0xff]; \
+ _nk ^= ROTL32(24, _t); \
+ (key) = _nk; \
+ } while(0)
+
#define SWAP(a, b) \
do { uint32_t t_swap = (a); (a) = (b); (b) = t_swap; } while(0)
}
/* Transform all subkeys but the first and last. */
- for (i = 4; i < 4 * nrounds; i += 4)
- inv_mix_column(dst->keys + i);
+ for (i = 4; i < 4 * nrounds; i++)
+ MIX_COLUMN (mtable, dst->keys[i]);
}
void
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2000, 2001, 2002 Rafael R. Sevilla, Niels Möller
+ * Copyright (C) 2000, 2001, 2002 Rafael R. Sevilla, Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
/* Originally written by Rafael R. Sevilla <dido@pacific.net.ph> */
#include <assert.h>
#include "aes-internal.h"
-
-static unsigned
-xtime(unsigned x)
-{
- assert (x < 0x100);
-
- x <<= 1;
- if (x & 0x100)
- x ^= 0x11b;
-
- assert (x < 0x100);
-
- return x;
-}
+#include "macros.h"
void
aes_set_encrypt_key(struct aes_ctx *ctx,
unsigned keysize, const uint8_t *key)
{
+ static const uint8_t rcon[10] = {
+ 0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80,0x1b,0x36,
+ };
unsigned nk, nr, i, lastkey;
- uint32_t temp, rcon;
+ uint32_t temp;
+ const uint8_t *rp;
assert(keysize >= AES_MIN_KEY_SIZE);
assert(keysize <= AES_MAX_KEY_SIZE);
lastkey = (AES_BLOCK_SIZE/4) * (nr + 1);
ctx->nrounds = nr;
- rcon = 1;
- for (i=0; i<nk; i++)
- {
- ctx->keys[i] = key[i*4] + (key[i*4+1]<<8) + (key[i*4+2]<<16) +
- (key[i*4+3]<<24);
- }
+
+ for (i=0, rp = rcon; i<nk; i++)
+ ctx->keys[i] = LE_READ_UINT32(key + i*4);
for (i=nk; i<lastkey; i++)
{
temp = ctx->keys[i-1];
if (i % nk == 0)
- {
- temp = SUBBYTE(ROTBYTE(temp), aes_sbox) ^ rcon;
- rcon = (uint32_t)xtime((uint8_t)rcon&0xff);
- }
+ temp = SUBBYTE(ROTL32(24, temp), aes_sbox) ^ *rp++;
+
else if (nk > 6 && (i%nk) == 4)
- {
- temp = SUBBYTE(temp, aes_sbox);
- }
+ temp = SUBBYTE(temp, aes_sbox);
+
ctx->keys[i] = ctx->keys[i-nk] ^ temp;
}
}
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001 Niels Möller
+ * Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_AES_H_INCLUDED
-#if HAVE_CONFIG_H
-# include "config.h"
-#endif
-
#include <assert.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
-#include "nettle-types.h"
-
#if 1
# define BYTE_FORMAT "0x%02x"
# define BYTE_COLUMNS 8
# define BYTE_COLUMNS 0x10
#endif
-#define WORD_FORMAT "0x%08x"
+#define WORD_FORMAT "0x%08lx"
#define WORD_COLUMNS 4
-uint8_t sbox[0x100];
-uint8_t isbox[0x100];
+unsigned char sbox[0x100];
+unsigned char isbox[0x100];
-uint8_t gf2_log[0x100];
-uint8_t gf2_exp[0x100];
+unsigned char gf2_log[0x100];
+unsigned char gf2_exp[0x100];
-uint32_t dtable[4][0x100];
-uint32_t itable[4][0x100];
+unsigned long dtable[4][0x100];
+unsigned long itable[4][0x100];
+unsigned long mtable[4][0x100];
static unsigned
xtime(unsigned x)
{
unsigned s = sbox[i];
unsigned j;
- uint32_t t =( ( (s ^ xtime(s)) << 24)
+ unsigned long t =( ( (s ^ xtime(s)) << 24)
| (s << 16) | (s << 8)
| xtime(s) );
{
unsigned s = isbox[i];
unsigned j;
- uint32_t t = ( (mult(s, 0xb) << 24)
- | (mult(s, 0xd) << 16)
- | (mult(s, 0x9) << 8)
- | (mult(s, 0xe) ));
+ unsigned long t = ( (mult(s, 0xb) << 24)
+ | (mult(s, 0xd) << 16)
+ | (mult(s, 0x9) << 8)
+ | (mult(s, 0xe) ));
for (j = 0; j<4; j++, t = (t << 8) | (t >> 24))
itable[j][i] = t;
}
}
+/* Used for key inversion, inverse mix column. No sbox. */
static void
-display_byte_table(const char *name, uint8_t *table)
+compute_mtable(void)
+{
+ unsigned i;
+ for (i = 0; i<0x100; i++)
+ {
+ unsigned j;
+ unsigned long t = ( (mult(i, 0xb) << 24)
+ | (mult(i, 0xd) << 16)
+ | (mult(i, 0x9) << 8)
+ | (mult(i, 0xe) ));
+
+ for (j = 0; j<4; j++, t = (t << 8) | (t >> 24))
+ mtable[j][i] = t;
+ }
+}
+
+static void
+display_byte_table(const char *name, unsigned char *table)
{
unsigned i, j;
}
static void
-display_table(const char *name, uint32_t table[][0x100])
+display_table(const char *name, unsigned long table[][0x100])
{
unsigned i, j, k;
compute_itable();
display_table("itable", itable);
-
+
+ compute_mtable();
+ display_table("mtable", mtable);
+
return 0;
}
else if (argc == 2)
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001, 2004 Niels Möller
+ * Copyright (C) 2001, 2004 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001 Niels Möller
+ * Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
ctx->i = ctx->j = 0;
}
-void
-arcfour_stream(struct arcfour_ctx *ctx,
- unsigned length, uint8_t *dst)
-{
- register uint8_t i, j;
- register int si, sj;
-
- i = ctx->i; j = ctx->j;
- while(length--)
- {
- i++; i &= 0xff;
- si = ctx->S[i];
- j += si; j &= 0xff;
- sj = ctx->S[i] = ctx->S[j];
- ctx->S[j] = si;
- *dst++ = ctx->S[ (si + sj) & 0xff ];
- }
- ctx->i = i; ctx->j = j;
-}
-
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001 Niels Möller
+ * Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_ARCFOUR_H_INCLUDED
/* Name mangling */
#define arcfour_set_key nettle_arcfour_set_key
#define arcfour_crypt nettle_arcfour_crypt
-#define arcfour_stream nettle_arcfour_stream
/* Minimum and maximum keysizes, and a reasonable default. In
* octets.*/
unsigned length, uint8_t *dst,
const uint8_t *src);
-void
-arcfour_stream(struct arcfour_ctx *ctx,
- unsigned length, uint8_t *dst);
-
#ifdef __cplusplus
}
#endif
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
* Copyright (C) 2004 Simon Josefsson
* Copyright (C) 2003 Nikos Mavroyanopoulos
* Copyright (C) 2004 Free Software Foundation, Inc.
- * Copyright (C) 2004 Niels Möller
+ * Copyright (C) 2004 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
/* This implementation was written by Nikos Mavroyanopoulos for GNUTLS
* as a Libgcrypt module (gnutls/lib/x509/rc2.c) and later adapted for
* direct use by Libgcrypt by Werner Koch and later adapted for direct
- * use by Nettle by Simon Josefsson and Niels Möller.
+ * use by Nettle by Simon Josefsson and Niels Möller.
*
* The implementation here is based on Peter Gutmann's RRC.2 paper and
* RFC 2268.
/* nettle, low-level cryptographics library
*
* Copyright (C) 2004 Simon Josefsson
- * Copyright (C) 2002, 2004 Niels Möller
+ * Copyright (C) 2002, 2004 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_ARCTWO_H_INCLUDED
--- /dev/null
+C Loads one word, and adds it to the subkey. Uses T0
+C AES_LOAD(SRC, KEY, REG)
+define(<AES_LOAD>, <
+ ldrb $3, [$1], #+1
+ ldrb T0, [$1], #+1
+ orr $3, T0, lsl #8
+ ldrb T0, [$1], #+1
+ orr $3, T0, lsl #16
+ ldrb T0, [$1], #+1
+ orr $3, T0, lsl #24
+ ldr T0, [$2], #+4
+ eor $3, T0
+>)
+C Stores one word. Destroys input.
+C AES_STORE(DST, X)
+define(<AES_STORE>, <
+ strb $2, [$1], #+1
+ ror $2, $2, #8
+ strb $2, [$1], #+1
+ ror $2, $2, #8
+ strb $2, [$1], #+1
+ ror $2, $2, #8
+ strb $2, [$1], #+1
+>)
+
+C 53 instr.
+C It's tempting to use eor with rotation, but that's slower.
+C AES_ENCRYPT_ROUND(x0,x1,x2,x3,w0,w1,w2,w3,key)
+define(<AES_ENCRYPT_ROUND>, <
+ uxtb T0, $1
+ ldr $5, [TABLE, T0, lsl #2]
+ uxtb T0, $2
+ ldr $6, [TABLE, T0, lsl #2]
+ uxtb T0, $3
+ ldr $7, [TABLE, T0, lsl #2]
+ uxtb T0, $4
+ ldr $8, [TABLE, T0, lsl #2]
+
+ uxtb T0, $2, ror #8
+ add TABLE, TABLE, #1024
+ ldr T0, [TABLE, T0, lsl #2]
+ eor $5, $5, T0
+ uxtb T0, $3, ror #8
+ ldr T0, [TABLE, T0, lsl #2]
+ eor $6, $6, T0
+ uxtb T0, $4, ror #8
+ ldr T0, [TABLE, T0, lsl #2]
+ eor $7, $7, T0
+ uxtb T0, $1, ror #8
+ ldr T0, [TABLE, T0, lsl #2]
+ eor $8, $8, T0
+
+ uxtb T0, $3, ror #16
+ add TABLE, TABLE, #1024
+ ldr T0, [TABLE, T0, lsl #2]
+ eor $5, $5, T0
+ uxtb T0, $4, ror #16
+ ldr T0, [TABLE, T0, lsl #2]
+ eor $6, $6, T0
+ uxtb T0, $1, ror #16
+ ldr T0, [TABLE, T0, lsl #2]
+ eor $7, $7, T0
+ uxtb T0, $2, ror #16
+ ldr T0, [TABLE, T0, lsl #2]
+ eor $8, $8, T0
+
+ uxtb T0, $4, ror #24
+ add TABLE, TABLE, #1024
+ ldr T0, [TABLE, T0, lsl #2]
+ eor $5, $5, T0
+ uxtb T0, $1, ror #24
+ ldr T0, [TABLE, T0, lsl #2]
+ eor $6, $6, T0
+ uxtb T0, $2, ror #24
+ ldr T0, [TABLE, T0, lsl #2]
+ eor $7, $7, T0
+ uxtb T0, $3, ror #24
+ ldr T0, [TABLE, T0, lsl #2]
+
+ ldm $9!, {$1,$2,$3,$4}
+ eor $8, $8, T0
+ sub TABLE, TABLE, #3072
+ eor $5, $5, $1
+ eor $6, $6, $2
+ eor $7, $7, $3
+ eor $8, $8, $4
+>)
+
+define(<AES_DECRYPT_ROUND>, <
+ uxtb T0, $1
+ ldr $5, [TABLE, T0, lsl #2]
+ uxtb T0, $2
+ ldr $6, [TABLE, T0, lsl #2]
+ uxtb T0, $3
+ ldr $7, [TABLE, T0, lsl #2]
+ uxtb T0, $4
+ ldr $8, [TABLE, T0, lsl #2]
+
+ uxtb T0, $4, ror #8
+ add TABLE, TABLE, #1024
+ ldr T0, [TABLE, T0, lsl #2]
+ eor $5, $5, T0
+ uxtb T0, $1, ror #8
+ ldr T0, [TABLE, T0, lsl #2]
+ eor $6, $6, T0
+ uxtb T0, $2, ror #8
+ ldr T0, [TABLE, T0, lsl #2]
+ eor $7, $7, T0
+ uxtb T0, $3, ror #8
+ ldr T0, [TABLE, T0, lsl #2]
+ eor $8, $8, T0
+
+ uxtb T0, $3, ror #16
+ add TABLE, TABLE, #1024
+ ldr T0, [TABLE, T0, lsl #2]
+ eor $5, $5, T0
+ uxtb T0, $4, ror #16
+ ldr T0, [TABLE, T0, lsl #2]
+ eor $6, $6, T0
+ uxtb T0, $1, ror #16
+ ldr T0, [TABLE, T0, lsl #2]
+ eor $7, $7, T0
+ uxtb T0, $2, ror #16
+ ldr T0, [TABLE, T0, lsl #2]
+ eor $8, $8, T0
+
+ uxtb T0, $2, ror #24
+ add TABLE, TABLE, #1024
+ ldr T0, [TABLE, T0, lsl #2]
+ eor $5, $5, T0
+ uxtb T0, $3, ror #24
+ ldr T0, [TABLE, T0, lsl #2]
+ eor $6, $6, T0
+ uxtb T0, $4, ror #24
+ ldr T0, [TABLE, T0, lsl #2]
+ eor $7, $7, T0
+ uxtb T0, $1, ror #24
+ ldr T0, [TABLE, T0, lsl #2]
+
+ ldm $9!, {$1,$2,$3,$4}
+ eor $8, $8, T0
+ sub TABLE, TABLE, #3072
+ eor $5, $5, $1
+ eor $6, $6, $2
+ eor $7, $7, $3
+ eor $8, $8, $4
+>)
+
+C AES_FINAL_ROUND(a,b,c,d,key,res)
+define(<AES_FINAL_ROUND>, <
+ uxtb T0, $1
+ ldrb $6, [TABLE, T0]
+ uxtb T0, $2, ror #8
+ ldrb T0, [TABLE, T0]
+ eor $6, $6, T0, lsl #8
+ uxtb T0, $3, ror #16
+ ldrb T0, [TABLE, T0]
+ eor $6, $6, T0, lsl #16
+ uxtb T0, $4, ror #24
+ ldrb T0, [TABLE, T0]
+ eor $6, $6, T0, lsl #24
+ ldr T0, [$5], #+4
+ eor $6, T0
+>)
--- /dev/null
+C nettle, low-level cryptographics library
+C
+C Copyright (C) 2013, Niels Möller
+C
+C The nettle library is free software; you can redistribute it and/or modify
+C it under the terms of the GNU Lesser General Public License as published by
+C the Free Software Foundation; either version 2.1 of the License, or (at your
+C option) any later version.
+C
+C The nettle library is distributed in the hope that it will be useful, but
+C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+C License for more details.
+C
+C You should have received a copy of the GNU Lesser General Public License
+C along with the nettle library; see the file COPYING.LIB. If not, write to
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
+
+ .file "ecc-192-modp.asm"
+ .arm
+
+define(<HP>, <r0>) C Overlaps unused ecc argument
+define(<RP>, <r1>)
+
+define(<T0>, <r2>)
+define(<T1>, <r3>)
+define(<T2>, <r4>)
+define(<T3>, <r5>)
+define(<T4>, <r6>)
+define(<T5>, <r7>)
+define(<T6>, <r8>)
+define(<T7>, <r10>)
+define(<H0>, <T0>) C Overlaps T0 and T1
+define(<H1>, <T1>)
+define(<C2>, <HP>)
+define(<C4>, <r12>)
+
+ C ecc_192_modp (const struct ecc_curve *ecc, mp_limb_t *rp)
+ .text
+ .align 2
+
+PROLOGUE(nettle_ecc_192_modp)
+ push {r4,r5,r6,r7,r8,r10}
+ C Reduce two words at a time
+ add HP, RP, #48
+ add RP, RP, #8
+ ldmdb HP!, {H0,H1}
+ ldm RP, {T2,T3,T4,T5,T6,T7}
+ mov C4, #0
+ adds T4, T4, H0
+ adcs T5, T5, H1
+ adcs T6, T6, H0
+ adcs T7, T7, H1
+ C Need to add carry to T2 and T4, do T4 later.
+ adc C4, C4, #0
+
+ ldmdb HP!, {H0,H1}
+ mov C2, #0
+ adcs T2, T2, H0
+ adcs T3, T3, H1
+ adcs T4, T4, H0
+ adcs T5, T5, H1
+ C Need to add carry to T0 and T2, do T2 later
+ adc C2, C2, #0
+
+ ldmdb RP!, {T0, T1}
+ adcs T0, T0, T6
+ adcs T1, T1, T7
+ adcs T2, T2, T6
+ adcs T3, T3, T7
+ adc C4, C4, #0
+
+ adds T2, T2, C2
+ adcs T3, T3, #0
+ adcs T4, T4, C4
+ adcs T5, T5, #0
+ mov C2, #0
+ adc C2, C2, #0
+
+ C Add in final carry
+ adcs T0, T0, #0
+ adcs T1, T1, #0
+ adcs T2, T2, C2
+ adcs T3, T3, #0
+ adcs T4, T4, #0
+ adc T5, T5, #0
+
+ stm RP, {T0,T1,T2,T3,T4,T5}
+
+ pop {r4,r5,r6,r7,r8,r10}
+ bx lr
+EPILOGUE(nettle_ecc_192_modp)
--- /dev/null
+C nettle, low-level cryptographics library
+C
+C Copyright (C) 2013, Niels Möller
+C
+C The nettle library is free software; you can redistribute it and/or modify
+C it under the terms of the GNU Lesser General Public License as published by
+C the Free Software Foundation; either version 2.1 of the License, or (at your
+C option) any later version.
+C
+C The nettle library is distributed in the hope that it will be useful, but
+C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+C License for more details.
+C
+C You should have received a copy of the GNU Lesser General Public License
+C along with the nettle library; see the file COPYING.LIB. If not, write to
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
+
+ .file "ecc-224-modp.asm"
+ .arm
+
+define(<RP>, <r1>)
+define(<H>, <r0>) C Overlaps unused ecc argument
+
+define(<T0>, <r2>)
+define(<T1>, <r3>)
+define(<T2>, <r4>)
+define(<T3>, <r5>)
+define(<T4>, <r6>)
+define(<T5>, <r7>)
+define(<T6>, <r8>)
+define(<N3>, <r10>)
+define(<L0>, <r11>)
+define(<L1>, <r12>)
+define(<L2>, <lr>)
+
+ C ecc_224_modp (const struct ecc_curve *ecc, mp_limb_t *rp)
+ .text
+ .align 2
+
+PROLOGUE(nettle_ecc_224_modp)
+ push {r4,r5,r6,r7,r8,r10,r11,lr}
+
+ add L2, RP, #28
+ ldm L2, {T0,T1,T2,T3,T4,T5,T6}
+ mov H, #0
+
+ adds T0, T0, T4
+ adcs T1, T1, T5
+ adcs T2, T2, T6
+ adc H, H, #0
+
+ C This switch from adcs to sbcs takes carry into account with
+ C correct sign, but it always subtracts 1 too much. We arrange
+ C to also add B^7 + 1 below, so the effect is adding p. This
+ C addition of p also ensures that the result never is
+ C negative.
+
+ sbcs N3, T3, T0
+ sbcs T4, T4, T1
+ sbcs T5, T5, T2
+ sbcs T6, T6, H
+ mov H, #1 C This is the B^7
+ sbc H, #0
+ subs T6, T6, T3
+ sbc H, #0
+
+ C Now subtract from low half
+ ldm RP!, {L0,L1,L2}
+
+ C Clear carry, with the sbcs, this is the 1.
+ adds RP, #0
+
+ sbcs T0, L0, T0
+ sbcs T1, L1, T1
+ sbcs T2, L2, T2
+ ldm RP!, {T3,L0,L1,L2}
+ sbcs T3, T3, N3
+ sbcs T4, L0, T4
+ sbcs T5, L1, T5
+ sbcs T6, L2, T6
+ rsc H, H, #0
+
+ C Now -2 <= H <= 0 is the borrow, so subtract (B^3 - 1) |H|
+ C Use (B^3 - 1) H = <H, H, H> if -1 <=H <= 0, and
+ C (B^3 - 1) H = <1,B-1, B-1, B-2> if H = -2
+ subs T0, T0, H
+ asr L1, H, #1
+ sbcs T1, T1, L1
+ eor H, H, L1
+ sbcs T2, T2, L1
+ sbcs T3, T3, H
+ sbcs T4, T4, #0
+ sbcs T5, T5, #0
+ sbcs T6, T6, #0
+ sbcs H, H, H
+
+ C Final borrow, subtract (B^3 - 1) |H|
+ subs T0, T0, H
+ sbcs T1, T1, H
+ sbcs T2, T2, H
+ sbcs T3, T3, #0
+ sbcs T4, T4, #0
+ sbcs T5, T5, #0
+ sbcs T6, T6, #0
+
+ stmdb RP, {T0,T1,T2,T3,T4,T5,T6}
+
+ pop {r4,r5,r6,r7,r8,r10,r11,pc}
+EPILOGUE(nettle_ecc_224_modp)
--- /dev/null
+C nettle, low-level cryptographics library
+C
+C Copyright (C) 2013, Niels Möller
+C
+C The nettle library is free software; you can redistribute it and/or modify
+C it under the terms of the GNU Lesser General Public License as published by
+C the Free Software Foundation; either version 2.1 of the License, or (at your
+C option) any later version.
+C
+C The nettle library is distributed in the hope that it will be useful, but
+C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+C License for more details.
+C
+C You should have received a copy of the GNU Lesser General Public License
+C along with the nettle library; see the file COPYING.LIB. If not, write to
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
+
+ .file "ecc-256-redc.asm"
+ .arm
+
+define(<RP>, <r1>)
+
+define(<T0>, <r0>) C Overlaps unused ecc argument
+define(<T1>, <r2>)
+define(<T2>, <r3>)
+define(<T3>, <r4>)
+define(<T4>, <r5>)
+define(<T5>, <r6>)
+define(<T6>, <r7>)
+define(<T7>, <r8>)
+define(<F0>, <r10>)
+define(<F1>, <r11>)
+define(<F2>, <r12>)
+define(<F3>, <lr>)
+
+ C ecc_256_redc (const struct ecc_curve *ecc, mp_limb_t *rp)
+ .text
+ .align 2
+
+PROLOGUE(nettle_ecc_256_redc)
+ push {r4,r5,r6,r7,r8,r10,r11,lr}
+
+ ldm RP!, {T0,T1,T2,T3,T4,T5,T6,T7}
+
+ C Set <F3,F2,F1> to the high 4 limbs of (B^2-B+1)<T2,T1,T0>
+ C T2 T1
+ C T2 T1 T0
+ C - T2 T1 T0
+ C -------------
+ C F3 F2 F1 F0
+
+
+ adds F1, T0, T2
+ adcs F2, T1, #0
+ adc F3, T2, #0
+
+ subs F0, T1, T0
+ sbcs F1, F1, T1 C Could also be rsc ?
+ sbcs F2, F2, T2
+ sbc F3, F3, #0
+
+ C Add:
+ C T10 T9 T8 T7 T6 T5 T4 T3
+ C + F3 F2 F1 F0 T0 T2 T1 T0
+ C --------------------------
+ C T7 T6 T5 T4 T3 T2 T1 T0
+
+ adds T3, T3, T0
+ adcs T1, T4, T1
+ adcs T2, T5, T2
+ adcs T6, T6, T0
+ mov T0, T3 C FIXME: Be more clever?
+ mov T3, T6
+ adcs T4, T7, F0
+
+ ldm RP!, {T5,T6,T7}
+ adcs T5, T5, F1
+ adcs T6, T6, F2
+ adcs T7, T7, F3
+
+ C New F3, F2, F1, F0, also adding in carry
+ adcs F1, T0, T2
+ adcs F2, T1, #0
+ adc F3, T2, #0
+
+ subs F0, T1, T0
+ sbcs F1, F1, T1 C Could also be rsc ?
+ sbcs F2, F2, T2
+ sbc F3, F3, #0
+
+ C Start adding
+ adds T3, T3, T0
+ adcs T1, T4, T1
+ adcs T2, T5, T2
+ adcs T6, T6, T0
+ mov T0, T3 C FIXME: Be more clever?
+ mov T3, T6
+ adcs T4, T7, F0
+
+ ldm RP!, {T5,T6,T7}
+ adcs T5, T5, F1
+ adcs T6, T6, F2
+ adcs T7, T7, F3
+
+ C Final iteration, eliminate only T0, T1
+ C Set <F2, F1, F0> to the high 3 limbs of (B^2-B+1)<T1,T0>
+
+ C T1 T0 T1
+ C - T1 T0
+ C -------------
+ C F2 F1 F0
+
+ C First add in carry
+ adcs F1, T0, #0
+ adcs F2, T1, #0
+ subs F0, T1, T0
+ sbcs F1, F1, T1
+ sbc F2, F2, #0
+
+ C Add:
+ C T9 T8 T7 T6 T5 T4 T3 T2
+ C + F2 F1 F0 T0 0 T1 T0 0
+ C --------------------------
+ C F2 F1 T7 T6 T5 T4 T3 T2
+
+ adds T3, T3, T0
+ adcs T4, T4, T1
+ adcs T5, T5, #0
+ adcs T6, T6, T0
+ adcs T7, T7, F0
+ ldm RP!, {T0, T1}
+ mov F3, #0
+ adcs F1, F1, T0
+ adcs F2, F2, T1
+
+ C Sum is < B^8 + p, so it's enough to fold carry once,
+ C If carry, add in
+ C B^7 - B^6 - B^3 + 1 = <0, B-2, B-1, B-1, B-1, 0, 0, 1>
+
+ C Mask from carry flag, leaving carry intact
+ adc F3, F3, #0
+ rsb F3, F3, #0
+
+ adcs T0, T2, #0
+ adcs T1, T3, #0
+ adcs T2, T4, #0
+ adcs T3, T5, F3
+ adcs T4, T6, F3
+ adcs T5, T7, F3
+ and F3, F3, #-2
+ adcs T6, F1, F3
+ adcs T7, F2, #0
+
+ sub RP, RP, #64
+ stm RP, {T0,T1,T2,T3,T4,T5,T6,T7}
+
+ pop {r4,r5,r6,r7,r8,r10,r11,pc}
+EPILOGUE(nettle_ecc_256_redc)
--- /dev/null
+C nettle, low-level cryptographics library
+C
+C Copyright (C) 2013, Niels Möller
+C
+C The nettle library is free software; you can redistribute it and/or modify
+C it under the terms of the GNU Lesser General Public License as published by
+C the Free Software Foundation; either version 2.1 of the License, or (at your
+C option) any later version.
+C
+C The nettle library is distributed in the hope that it will be useful, but
+C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+C License for more details.
+C
+C You should have received a copy of the GNU Lesser General Public License
+C along with the nettle library; see the file COPYING.LIB. If not, write to
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
+
+ .file "ecc-384-modp.asm"
+ .arm
+
+define(<RP>, <r1>)
+define(<T0>, <r0>)
+define(<T1>, <r2>)
+define(<T2>, <r3>)
+define(<T3>, <r4>)
+define(<F0>, <r5>)
+define(<F1>, <r6>)
+define(<F2>, <r7>)
+define(<F3>, <r8>)
+define(<F4>, <r10>)
+define(<N>, <r12>)
+define(<H>, <lr>)
+
+ C ecc_384_modp (const struct ecc_curve *ecc, mp_limb_t *rp)
+ .text
+ .align 2
+
+PROLOGUE(nettle_ecc_384_modp)
+ push {r4,r5,r6,r7,r8,r10,lr}
+
+ add RP, RP, #80
+ ldm RP, {T0, T1, T2, T3} C 20-23
+
+ C First get top 4 limbs, which need folding twice, as
+ C
+ C T3 T2 T1 T0
+ C T3 T2 T1
+ C -T3
+ C ----------------
+ C F4 F3 F2 F1 F0
+ C
+ C Start with
+ C
+ C T3 T1 T0
+ C T1
+ C -T3
+ C -----------
+ C F2 F1 F0 Always fits
+
+ adds F0, T0, T1
+ adcs F1, T1, #0
+ adcs F2, T3, #0
+ subs F0, F0, T3
+ sbcs F1, F1, #0
+ sbcs F2, F2, #0
+
+ C T3 T2 T2 0
+ C F2 F1 F0
+ C ----------------
+ C F4 F3 F2 F1 F0
+
+ mov F4, #0
+ adds F1, F1, T2
+ adcs F2, F2, T2
+ adcs F3, T3, #0
+ adcs F4, F4, #0
+
+ C Add in to high part
+ sub RP, RP, #32
+ ldm RP, {T0, T1, T2, T3} C 12-15
+ mov H, #0
+ adds F0, T0, F0
+ adcs F1, T1, F1
+ adcs F2, T2, F2
+ adcs F3, T3, F3
+ adcs F4, F4, #0 C Do F4 later
+
+ C Add to low part, keeping carry (positive or negative) in H
+ sub RP, RP, #48
+ ldm RP, {T0, T1, T2, T3} C 0-3
+ mov H, #0
+ adds T0, T0, F0
+ adcs T1, T1, F1
+ adcs T2, T2, F2
+ adcs T3, T3, F3
+ adc H, H, #0
+ subs T1, T1, F0
+ sbcs T2, T2, F1
+ sbcs T3, T3, F2
+ sbc H, H, #0
+ adds T3, T3, F0
+ adc H, H, #0
+
+ stm RP!, {T0,T1,T2,T3} C 0-3
+ mov N, #2
+.Loop:
+ ldm RP, {T0,T1,T2,T3} C 4-7
+
+ C First, propagate carry
+ adds T0, T0, H
+ asr H, #31 C Sign extend
+ adcs T1, T1, H
+ adcs T2, T2, H
+ adcs T3, T3, H
+ adc H, H, #0
+
+ C +B^4 term
+ adds T0, T0, F0
+ adcs T1, T1, F1
+ adcs T2, T2, F2
+ adcs T3, T3, F3
+ adc H, H, #0
+
+ C +B^3 terms
+ ldr F0, [RP, #+48] C 16
+ adds T0, T0, F1
+ adcs T1, T1, F2
+ adcs T2, T2, F3
+ adcs T3, T3, F0
+ adc H, H, #0
+
+ C -B
+ ldr F1, [RP, #+52] C 17-18
+ ldr F2, [RP, #+56]
+ subs T0, T0, F3
+ sbcs T1, T1, F0
+ sbcs T2, T2, F1
+ sbcs T3, T3, F2
+ sbcs H, H, #0
+
+ C +1
+ ldr F3, [RP, #+60] C 19
+ adds T0, T0, F0
+ adcs T1, T1, F1
+ adcs T2, T2, F2
+ adcs T3, T3, F3
+ adc H, H, #0
+ subs N, N, #1
+ stm RP!, {T0,T1,T2,T3}
+ bne .Loop
+
+ C Fold high limbs, we need to add in
+ C
+ C F4 F4 0 -F4 F4 H H 0 -H H
+ C
+ C We always have F4 >= 0, but we can have H < 0.
+ C Sign extension gets tricky when F4 = 0 and H < 0.
+ sub RP, RP, #48
+
+ ldm RP, {T0,T1,T2,T3} C 0-3
+
+ C H H 0 -H H
+ C ----------------
+ C S H F3 F2 F1 F0
+ C
+ C Define S = H >> 31 (asr), we then have
+ C
+ C F0 = H
+ C F1 = S - H
+ C F2 = - [H > 0]
+ C F3 = H - [H > 0]
+ C H = H + S
+ C
+ C And we get underflow in S - H iff H > 0
+
+ C H = 0 H > 0 H = -1
+ mov F0, H C 0 H -1
+ asr H, #31
+ subs F1, H, F0 C 0,C=1 -H,C=0 0,C=1
+ sbc F2, F2, F2 C 0 -1 0
+ sbc F3, F0, #0 C 0 H-1 -1
+
+ adds T0, T0, F0
+ adcs T1, T1, F1
+ adcs T2, T2, F2
+ adcs T3, T3, F3
+ adc H, H, F0 C 0+cy H+cy -2+cy
+
+ stm RP!, {T0,T1,T2,T3} C 0-3
+ ldm RP, {T0,T1,T2,T3} C 4-7
+
+ C F4 0 -F4
+ C ---------
+ C F3 F2 F1
+
+ rsbs F1, F4, #0
+ sbc F2, F2, F2
+ sbc F3, F4, #0
+
+ C Sign extend H
+ adds F0, F4, H
+ asr H, H, #31
+ adcs F1, F1, H
+ adcs F2, F2, H
+ adcs F3, F3, H
+ adcs F4, F4, H
+ adc H, H, #0
+
+ adds T0, T0, F0
+ adcs T1, T1, F1
+ adcs T2, T2, F2
+ adcs T3, T3, F3
+
+ stm RP!, {T0,T1,T2,T3} C 4-7
+ ldm RP, {T0,T1,T2,T3} C 8-11
+
+ adcs T0, T0, F4
+ adcs T1, T1, H
+ adcs T2, T2, H
+ adcs T3, T3, H
+ adc H, H, #0
+
+ stm RP, {T0,T1,T2,T3} C 8-11
+
+ C Final (unlikely) carry
+ sub RP, RP, #32
+ ldm RP, {T0,T1,T2,T3} C 0-3
+ C Fold H into F0-F4
+ mov F0, H
+ asr H, #31
+ subs F1, H, F0
+ sbc F2, F2, F2
+ sbc F3, F0, #0
+ add F4, F0, H
+
+ adds T0, T0, F0
+ adcs T1, T1, F1
+ adcs T2, T2, F2
+ adcs T3, T3, F3
+
+ stm RP!, {T0,T1,T2,T3} C 0-3
+ ldm RP, {T0,T1,T2,T3} C 4-7
+ adcs T0, T0, F4
+ adcs T1, T1, H
+ adcs T2, T2, H
+ adcs T3, T3, H
+ stm RP!, {T0,T1,T2,T3} C 4-7
+ ldm RP, {T0,T1,T2,T3} C 8-11
+ adcs T0, T0, H
+ adcs T1, T1, H
+ adcs T2, T2, H
+ adcs T3, T3, H
+ stm RP!, {T0,T1,T2,T3} C 8-11
+ pop {r4,r5,r6,r7,r8,r10,pc}
+EPILOGUE(nettle_ecc_384_modp)
--- /dev/null
+C nettle, low-level cryptographics library
+C
+C Copyright (C) 2013, Niels Möller
+C
+C The nettle library is free software; you can redistribute it and/or modify
+C it under the terms of the GNU Lesser General Public License as published by
+C the Free Software Foundation; either version 2.1 of the License, or (at your
+C option) any later version.
+C
+C The nettle library is distributed in the hope that it will be useful, but
+C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+C License for more details.
+C
+C You should have received a copy of the GNU Lesser General Public License
+C along with the nettle library; see the file COPYING.LIB. If not, write to
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
+
+ .file "ecc-521-modp.asm"
+ .arm
+
+define(<HP>, <r0>)
+define(<RP>, <r1>)
+define(<T0>, <r2>)
+define(<T1>, <r3>)
+define(<T2>, <r4>)
+define(<F0>, <r5>)
+define(<F1>, <r6>)
+define(<F2>, <r7>)
+define(<F3>, <r8>)
+define(<H>, <r12>)
+define(<N>, <lr>)
+
+ C ecc_521_modp (const struct ecc_curve *ecc, mp_limb_t *rp)
+ .text
+.Lc511:
+ .int 511
+
+ .align 2
+
+PROLOGUE(nettle_ecc_521_modp)
+ push {r4,r5,r6,r7,r8,lr}
+
+ C Use that B^17 = 2^23 (mod p)
+ ldr F3, [RP, #+68] C 17
+ add HP, RP, #72 C 18
+ ldr T0, [RP] C 0
+ adds T0, T0, F3, lsl #23
+ str T0, [RP], #+4
+ mov N, #5
+
+ C 5 iterations, reading limbs 18-20, 21-23, 24-26, 27-29, 30-32
+ C and adding to limbs 1-3, 4-6, 7-9, 19-12, 13-15
+.Loop:
+ ldm RP, {T0,T1,T2} C 1+3*k -- 3+3*k
+ lsr F0, F3, #9
+ ldm HP!, {F1,F2,F3} C 18+3*k -- 20+3*k
+ orr F0, F0, F1, lsl #23
+ lsr F1, F1, #9
+ orr F1, F1, F2, lsl #23
+ lsr F2, F2, #9
+ orr F2, F2, F3, lsl #23
+ adcs T0, T0, F0
+ adcs T1, T1, F1
+ adcs T2, T2, F2
+ sub N, N, #1
+ stm RP!,{T0,T1,T2}
+ teq N, #0
+ bne .Loop
+
+ ldr F0, [RP], #-64 C 16
+ ldr F1, [HP] C 33
+ ldr T0, .Lc511
+
+ C Handling of high limbs
+ C F0 = rp[16] + carry in + F3 >> 9
+ adcs F0, F0, F3, lsr #9
+ C Copy low 9 bits to H, then shift right including carry
+ and H, F0, T0
+ rrx F0, F0
+ lsr F0, F0, #8
+ C Add in F1 = rp[33], with weight 2^1056 = 2^14
+ adds F0, F0, F1, lsl #14
+ lsr F1, F1, #18
+ adc F1, F1, #0
+
+ ldm RP, {T0, T1} C 0-1
+ adds T0, T0, F0
+ adcs T1, T1, F1
+ stm RP!, {T0, T1}
+
+ ldm RP, {T0,T1,T2,F0,F1,F2,F3} C 2-8
+ adcs T0, T0, #0
+ adcs T1, T1, #0
+ adcs T2, T2, #0
+ adcs F0, F0, #0
+ adcs F1, F1, #0
+ adcs F2, F2, #0
+ adcs F3, F3, #0
+ stm RP!, {T0,T1,T2,F0,F1,F2,F3} C 2-8
+ ldm RP, {T0,T1,T2,F0,F1,F2,F3} C 9-15
+ adcs T0, T0, #0
+ adcs T1, T1, #0
+ adcs T2, T2, #0
+ adcs F0, F0, #0
+ adcs F1, F1, #0
+ adcs F2, F2, #0
+ adcs F3, F3, #0
+ adcs H, H, #0
+ stm RP, {T0,T1,T2,F0,F1,F2,F3,H} C 9-16
+
+ pop {r4,r5,r6,r7,r8,pc}
+EPILOGUE(nettle_ecc_521_modp)
--- /dev/null
+define(<QREG>, <ifelse(
+ $1, d0, q0,
+ $1, d2, q1,
+ $1, d4, q2,
+ $1, d6, q3,
+ $1, d8, q4,
+ $1, d10, q5,
+ $1, d12, q6,
+ $1, d14, q7,
+ $1, d16, q8,
+ $1, d18, q9,
+ $1, d20, q10,
+ $1, d22, q11,
+ $1, d24, q12,
+ $1, d26, q13,
+ $1, d28, q14,
+ $1, d30, q15,
+ <NO REGISTER>)>)dnl
+
+define(<D0REG>, <ifelse(
+ $1, q0, d0,
+ $1, q1, d2,
+ $1, q2, d4,
+ $1, q3, d6,
+ $1, q4, d8,
+ $1, q5, d10,
+ $1, q6, d12,
+ $1, q7, d14,
+ $1, q8, d16,
+ $1, q9, d18,
+ $1, q10, d20,
+ $1, q11, d22,
+ $1, q12, d24,
+ $1, q13, d26,
+ $1, q14, d28,
+ $1, q15, d30,
+ <NO REGISTER>)>)dnl
+
+define(<D1REG>, <ifelse(
+ $1, q0, d1,
+ $1, q1, d3,
+ $1, q2, d5,
+ $1, q3, d7,
+ $1, q4, d9,
+ $1, q5, d11,
+ $1, q6, d13,
+ $1, q7, d15,
+ $1, q8, d17,
+ $1, q9, d19,
+ $1, q10, d21,
+ $1, q11, d23,
+ $1, q12, d25,
+ $1, q13, d27,
+ $1, q14, d29,
+ $1, q15, d31,
+ <NO REGISTER>)>)dnl
--- /dev/null
+C -*- mode: asm; asm-comment-char: ?C; -*-
+C nettle, low-level cryptographics library
+C
+C Copyright (C) 2013, Niels Möller
+C
+C The nettle library is free software; you can redistribute it and/or modify
+C it under the terms of the GNU Lesser General Public License as published by
+C the Free Software Foundation; either version 2.1 of the License, or (at your
+C option) any later version.
+C
+C The nettle library is distributed in the hope that it will be useful, but
+C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+C License for more details.
+C
+C You should have received a copy of the GNU Lesser General Public License
+C along with the nettle library; see the file COPYING.LIB. If not, write to
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
+
+C Possible speedups:
+C
+C The ldm instruction can do load two registers per cycle,
+C if the address is two-word aligned. Or three registers in two
+C cycles, regardless of alignment.
+
+C Register usage:
+
+define(<DST>, <r0>)
+define(<SRC>, <r1>)
+define(<N>, <r2>)
+define(<CNT>, <r6>)
+define(<TNC>, <r12>)
+
+ .syntax unified
+
+ .file "memxor.asm"
+
+ .text
+ .arm
+
+ C memxor(uint8_t *dst, const uint8_t *src, size_t n)
+ .align 4
+PROLOGUE(memxor)
+ cmp N, #0
+ beq .Lmemxor_done
+
+ cmp N, #7
+ bcs .Lmemxor_large
+
+ C Simple byte loop
+.Lmemxor_bytes:
+ ldrb r3, [SRC], #+1
+ ldrb r12, [DST]
+ eor r3, r12
+ strb r3, [DST], #+1
+ subs N, #1
+ bne .Lmemxor_bytes
+
+.Lmemxor_done:
+ bx lr
+
+.Lmemxor_align_loop:
+ ldrb r3, [SRC], #+1
+ ldrb r12, [DST]
+ eor r3, r12
+ strb r3, [DST], #+1
+ sub N, #1
+
+.Lmemxor_large:
+ tst DST, #3
+ bne .Lmemxor_align_loop
+
+ C We have at least 4 bytes left to do here.
+ sub N, #4
+
+ ands r3, SRC, #3
+ beq .Lmemxor_same
+
+ C Different alignment case.
+ C v original SRC
+ C +-------+------+
+ C |SRC |SRC+4 |
+ C +---+---+------+
+ C |DST |
+ C +-------+
+ C
+ C With little-endian, we need to do
+ C DST[i] ^= (SRC[i] >> CNT) ^ (SRC[i+1] << TNC)
+
+ push {r4,r5,r6}
+
+ lsl CNT, r3, #3
+ bic SRC, #3
+ rsb TNC, CNT, #32
+
+ ldr r4, [SRC], #+4
+
+ tst N, #4
+ itet eq
+ moveq r5, r4
+ subne N, #4
+ beq .Lmemxor_odd
+
+.Lmemxor_word_loop:
+ ldr r5, [SRC], #+4
+ ldr r3, [DST]
+ eor r3, r3, r4, lsr CNT
+ eor r3, r3, r5, lsl TNC
+ str r3, [DST], #+4
+.Lmemxor_odd:
+ ldr r4, [SRC], #+4
+ ldr r3, [DST]
+ eor r3, r3, r5, lsr CNT
+ eor r3, r3, r4, lsl TNC
+ str r3, [DST], #+4
+ subs N, #8
+ bcs .Lmemxor_word_loop
+ adds N, #8
+ beq .Lmemxor_odd_done
+
+ C We have TNC/8 left-over bytes in r4, high end
+ lsr r4, CNT
+ ldr r3, [DST]
+ eor r3, r4
+
+ pop {r4,r5,r6}
+
+ C Store bytes, one by one.
+.Lmemxor_leftover:
+ strb r3, [DST], #+1
+ subs N, #1
+ beq .Lmemxor_done
+ subs TNC, #8
+ lsr r3, #8
+ bne .Lmemxor_leftover
+ b .Lmemxor_bytes
+.Lmemxor_odd_done:
+ pop {r4,r5,r6}
+ bx lr
+
+.Lmemxor_same:
+ push {r4,r5,r6,r7,r8,r10,r11,r14} C lr is the link register
+
+ subs N, #8
+ bcc .Lmemxor_same_end
+
+ ldmia SRC!, {r3, r4, r5}
+ C Keep address for loads in r14
+ mov r14, DST
+ ldmia r14!, {r6, r7, r8}
+ subs N, #12
+ eor r10, r3, r6
+ eor r11, r4, r7
+ eor r12, r5, r8
+ bcc .Lmemxor_same_final_store
+ subs N, #12
+ ldmia r14!, {r6, r7, r8}
+ bcc .Lmemxor_same_wind_down
+
+ C 6 cycles per iteration, 0.50 cycles/byte. For this speed,
+ C loop starts at offset 0x11c in the object file.
+
+.Lmemxor_same_loop:
+ C r10-r12 contains values to be stored at DST
+ C r6-r8 contains values read from r14, in advance
+ ldmia SRC!, {r3, r4, r5}
+ subs N, #12
+ stmia DST!, {r10, r11, r12}
+ eor r10, r3, r6
+ eor r11, r4, r7
+ eor r12, r5, r8
+ ldmia r14!, {r6, r7, r8}
+ bcs .Lmemxor_same_loop
+
+.Lmemxor_same_wind_down:
+ C Wind down code
+ ldmia SRC!, {r3, r4, r5}
+ stmia DST!, {r10, r11, r12}
+ eor r10, r3, r6
+ eor r11, r4, r7
+ eor r12, r5, r8
+.Lmemxor_same_final_store:
+ stmia DST!, {r10, r11, r12}
+
+.Lmemxor_same_end:
+ C We have 0-11 bytes left to do, and N holds number of bytes -12.
+ adds N, #4
+ bcc .Lmemxor_same_lt_8
+ C Do 8 bytes more, leftover is in N
+ ldmia SRC!, {r3, r4}
+ ldmia DST, {r6, r7}
+ eor r3, r6
+ eor r4, r7
+ stmia DST!, {r3, r4}
+ pop {r4,r5,r6,r7,r8,r10,r11,r14}
+ beq .Lmemxor_done
+ b .Lmemxor_bytes
+
+.Lmemxor_same_lt_8:
+ pop {r4,r5,r6,r7,r8,r10,r11,r14}
+ adds N, #4
+ bcc .Lmemxor_same_lt_4
+
+ ldr r3, [SRC], #+4
+ ldr r12, [DST]
+ eor r3, r12
+ str r3, [DST], #+4
+ beq .Lmemxor_done
+ b .Lmemxor_bytes
+
+.Lmemxor_same_lt_4:
+ adds N, #4
+ beq .Lmemxor_done
+ b .Lmemxor_bytes
+
+EPILOGUE(memxor)
+
+define(<DST>, <r0>)
+define(<AP>, <r1>)
+define(<BP>, <r2>)
+define(<N>, <r3>)
+undefine(<CNT>)
+undefine(<TNC>)
+
+C Temporaries r4-r7
+define(<ACNT>, <r8>)
+define(<ATNC>, <r10>)
+define(<BCNT>, <r11>)
+define(<BTNC>, <r12>)
+
+ C memxor3(uint8_t *dst, const uint8_t *a, const uint8_t *b, size_t n)
+ .align 2
+PROLOGUE(memxor3)
+ cmp N, #0
+ beq .Lmemxor3_ret
+
+ push {r4,r5,r6,r7,r8,r10,r11}
+ cmp N, #7
+
+ add AP, N
+ add BP, N
+ add DST, N
+
+ bcs .Lmemxor3_large
+
+ C Simple byte loop
+.Lmemxor3_bytes:
+ ldrb r4, [AP, #-1]!
+ ldrb r5, [BP, #-1]!
+ eor r4, r5
+ strb r4, [DST, #-1]!
+ subs N, #1
+ bne .Lmemxor3_bytes
+
+.Lmemxor3_done:
+ pop {r4,r5,r6,r7,r8,r10,r11}
+.Lmemxor3_ret:
+ bx lr
+
+.Lmemxor3_align_loop:
+ ldrb r4, [AP, #-1]!
+ ldrb r5, [BP, #-1]!
+ eor r5, r4
+ strb r5, [DST, #-1]!
+ sub N, #1
+
+.Lmemxor3_large:
+ tst DST, #3
+ bne .Lmemxor3_align_loop
+
+ C We have at least 4 bytes left to do here.
+ sub N, #4
+ ands ACNT, AP, #3
+ lsl ACNT, #3
+ beq .Lmemxor3_a_aligned
+
+ ands BCNT, BP, #3
+ lsl BCNT, #3
+ bne .Lmemxor3_uu
+
+ C Swap
+ mov r4, AP
+ mov AP, BP
+ mov BP, r4
+
+.Lmemxor3_au:
+ C NOTE: We have the relevant shift count in ACNT, not BCNT
+
+ C AP is aligned, BP is not
+ C v original SRC
+ C +-------+------+
+ C |SRC-4 |SRC |
+ C +---+---+------+
+ C |DST-4 |
+ C +-------+
+ C
+ C With little-endian, we need to do
+ C DST[i-i] ^= (SRC[i-i] >> CNT) ^ (SRC[i] << TNC)
+ rsb ATNC, ACNT, #32
+ bic BP, #3
+
+ ldr r4, [BP]
+
+ tst N, #4
+ itet eq
+ moveq r5, r4
+ subne N, #4
+ beq .Lmemxor3_au_odd
+
+.Lmemxor3_au_loop:
+ ldr r5, [BP, #-4]!
+ ldr r6, [AP, #-4]!
+ eor r6, r6, r4, lsl ATNC
+ eor r6, r6, r5, lsr ACNT
+ str r6, [DST, #-4]!
+.Lmemxor3_au_odd:
+ ldr r4, [BP, #-4]!
+ ldr r6, [AP, #-4]!
+ eor r6, r6, r5, lsl ATNC
+ eor r6, r6, r4, lsr ACNT
+ str r6, [DST, #-4]!
+ subs N, #8
+ bcs .Lmemxor3_au_loop
+ adds N, #8
+ beq .Lmemxor3_done
+
+ C Leftover bytes in r4, low end
+ ldr r5, [AP, #-4]
+ eor r4, r5, r4, lsl ATNC
+
+.Lmemxor3_au_leftover:
+ C Store a byte at a time
+ ror r4, #24
+ strb r4, [DST, #-1]!
+ subs N, #1
+ beq .Lmemxor3_done
+ subs ACNT, #8
+ sub AP, #1
+ bne .Lmemxor3_au_leftover
+ b .Lmemxor3_bytes
+
+.Lmemxor3_a_aligned:
+ ands ACNT, BP, #3
+ lsl ACNT, #3
+ bne .Lmemxor3_au ;
+
+ C a, b and dst all have the same alignment.
+ subs N, #8
+ bcc .Lmemxor3_aligned_word_end
+
+ C This loop runs at 8 cycles per iteration. It has been
+ C observed running at only 7 cycles, for this speed, the loop
+ C started at offset 0x2ac in the object file.
+
+ C FIXME: consider software pipelining, similarly to the memxor
+ C loop.
+
+.Lmemxor3_aligned_word_loop:
+ ldmdb AP!, {r4,r5,r6}
+ ldmdb BP!, {r7,r8,r10}
+ subs N, #12
+ eor r4, r7
+ eor r5, r8
+ eor r6, r10
+ stmdb DST!, {r4, r5,r6}
+ bcs .Lmemxor3_aligned_word_loop
+
+.Lmemxor3_aligned_word_end:
+ C We have 0-11 bytes left to do, and N holds number of bytes -12.
+ adds N, #4
+ bcc .Lmemxor3_aligned_lt_8
+ C Do 8 bytes more, leftover is in N
+ ldmdb AP!, {r4, r5}
+ ldmdb BP!, {r6, r7}
+ eor r4, r6
+ eor r5, r7
+ stmdb DST!, {r4,r5}
+ beq .Lmemxor3_done
+ b .Lmemxor3_bytes
+
+.Lmemxor3_aligned_lt_8:
+ adds N, #4
+ bcc .Lmemxor3_aligned_lt_4
+
+ ldr r4, [AP,#-4]!
+ ldr r5, [BP,#-4]!
+ eor r4, r5
+ str r4, [DST,#-4]!
+ beq .Lmemxor3_done
+ b .Lmemxor3_bytes
+
+.Lmemxor3_aligned_lt_4:
+ adds N, #4
+ beq .Lmemxor3_done
+ b .Lmemxor3_bytes
+
+.Lmemxor3_uu:
+
+ cmp ACNT, BCNT
+ bic AP, #3
+ bic BP, #3
+ rsb ATNC, ACNT, #32
+
+ bne .Lmemxor3_uud
+
+ C AP and BP are unaligned in the same way
+
+ ldr r4, [AP]
+ ldr r6, [BP]
+ eor r4, r6
+
+ tst N, #4
+ itet eq
+ moveq r5, r4
+ subne N, #4
+ beq .Lmemxor3_uu_odd
+
+.Lmemxor3_uu_loop:
+ ldr r5, [AP, #-4]!
+ ldr r6, [BP, #-4]!
+ eor r5, r6
+ lsl r4, ATNC
+ eor r4, r4, r5, lsr ACNT
+ str r4, [DST, #-4]!
+.Lmemxor3_uu_odd:
+ ldr r4, [AP, #-4]!
+ ldr r6, [BP, #-4]!
+ eor r4, r6
+ lsl r5, ATNC
+ eor r5, r5, r4, lsr ACNT
+ str r5, [DST, #-4]!
+ subs N, #8
+ bcs .Lmemxor3_uu_loop
+ adds N, #8
+ beq .Lmemxor3_done
+
+ C Leftover bytes in a4, low end
+ ror r4, ACNT
+.Lmemxor3_uu_leftover:
+ ror r4, #24
+ strb r4, [DST, #-1]!
+ subs N, #1
+ beq .Lmemxor3_done
+ subs ACNT, #8
+ bne .Lmemxor3_uu_leftover
+ b .Lmemxor3_bytes
+
+.Lmemxor3_uud:
+ C Both AP and BP unaligned, and in different ways
+ rsb BTNC, BCNT, #32
+
+ ldr r4, [AP]
+ ldr r6, [BP]
+
+ tst N, #4
+ ittet eq
+ moveq r5, r4
+ moveq r7, r6
+ subne N, #4
+ beq .Lmemxor3_uud_odd
+
+.Lmemxor3_uud_loop:
+ ldr r5, [AP, #-4]!
+ ldr r7, [BP, #-4]!
+ lsl r4, ATNC
+ eor r4, r4, r6, lsl BTNC
+ eor r4, r4, r5, lsr ACNT
+ eor r4, r4, r7, lsr BCNT
+ str r4, [DST, #-4]!
+.Lmemxor3_uud_odd:
+ ldr r4, [AP, #-4]!
+ ldr r6, [BP, #-4]!
+ lsl r5, ATNC
+ eor r5, r5, r7, lsl BTNC
+ eor r5, r5, r4, lsr ACNT
+ eor r5, r5, r6, lsr BCNT
+ str r5, [DST, #-4]!
+ subs N, #8
+ bcs .Lmemxor3_uud_loop
+ adds N, #8
+ beq .Lmemxor3_done
+
+ C FIXME: More clever left-over handling? For now, just adjust pointers.
+ add AP, AP, ACNT, lsr #3
+ add BP, BP, BCNT, lsr #3
+ b .Lmemxor3_bytes
+EPILOGUE(memxor3)
--- /dev/null
+C nettle, low-level cryptographics library
+C
+C Copyright (C) 2013 Niels Möller
+C
+C The nettle library is free software; you can redistribute it and/or modify
+C it under the terms of the GNU Lesser General Public License as published by
+C the Free Software Foundation; either version 2.1 of the License, or (at your
+C option) any later version.
+C
+C The nettle library is distributed in the hope that it will be useful, but
+C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+C License for more details.
+C
+C You should have received a copy of the GNU Lesser General Public License
+C along with the nettle library; see the file COPYING.LIB. If not, write to
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
+
+ .file "salsa20-core-internal.asm"
+ .fpu neon
+
+define(<DST>, <r0>)
+define(<SRC>, <r1>)
+define(<ROUNDS>, <r2>)
+
+define(<X0>, <q0>)
+define(<X1>, <q1>)
+define(<X2>, <q2>)
+define(<X3>, <q3>)
+define(<T0>, <q8>)
+define(<T1>, <q9>)
+define(<M0101>, <q10>)
+define(<M0110>, <q11>)
+define(<M0011>, <q12>)
+define(<S1>, <q13>)
+define(<S2>, <q14>)
+define(<S3>, <q15>)
+
+define(<QROUND>, <
+ vadd.i32 T0, $1, $4
+ vshl.i32 T1, T0, #7
+ vshr.u32 T0, T0, #25
+ veor $2, $2, T0
+ veor $2, $2, T1
+
+ vadd.i32 T0, $1, $2
+ vshl.i32 T1, T0, #9
+ vshr.u32 T0, T0, #23
+ veor $3, $3, T0
+ veor $3, $3, T1
+
+ vadd.i32 T0, $2, $3
+ vshl.i32 T1, T0, #13
+ vshr.u32 T0, T0, #19
+ veor $4, $4, T0
+ veor $4, $4, T1
+
+ vadd.i32 T0, $3, $4
+ vshl.i32 T1, T0, #18
+ vshr.u32 T0, T0, #14
+ veor $1, $1, T0
+ veor $1, $1, T1
+>)
+
+ .text
+ .align 4
+.Lmasks:
+ .int 0,-1, 0,-1
+ .int 0,-1,-1, 0
+ .int 0, 0,-1,-1
+
+ C _salsa20_core(uint32_t *dst, const uint32_t *src, unsigned rounds)
+
+PROLOGUE(_nettle_salsa20_core)
+ vldm SRC, {X0,X1,X2,X3}
+
+ C Input rows:
+ C 0 1 2 3 X0
+ C 4 5 6 7 X1
+ C 8 9 10 11 X2
+ C 12 13 14 15 X3
+ C Permuted to:
+ C 0 5 10 15
+ C 4 9 14 3
+ C 8 13 2 7
+ C 12 1 6 11
+
+ C FIXME: Construct in some other way?
+ adr r12, .Lmasks
+ vldm r12, {M0101, M0110, M0011}
+
+ vmov S1, X1
+ vmov S2, X2
+ vmov S3, X3
+
+ C Swaps in columns 1, 3:
+ C 0 5 2 7 X0 ^
+ C 4 1 6 3 T0 v
+ C 8 13 10 15 T1 ^
+ C 12 9 14 11 X3 v
+ vmov T0, X1
+ vmov T1, X2
+ vbit T0, X0, M0101
+ vbit X0, X1, M0101
+ vbit T1, X3, M0101
+ vbit X3, X2, M0101
+
+ C Swaps in column 1, 2:
+ C 0 5 2 7 X0
+ C 4 9 14 3 X1 ^
+ C 8 13 10 15 T1 |
+ C 12 1 6 11 X3 v
+ vmov X1, T0
+ vbit X1, X3, M0110
+ vbit X3, T0, M0110
+
+ C Swaps in columm 2,3:
+ C 0 5 10 15 X0 ^
+ C 4 9 14 3 X1 |
+ C 8 13 2 7 X2 v
+ C 12 1 6 11 X3
+ vmov X2, T1
+ vbit X2, X0, M0011
+ vbit X0, T1, M0011
+
+.Loop:
+ QROUND(X0, X1, X2, X3)
+
+ C Rotate rows, to get
+ C 0 5 10 15
+ C 3 4 9 14 >>> 1
+ C 2 7 8 13 >>> 2
+ C 1 6 11 12 >>> 3
+ vext.32 X1, X1, X1, #3
+ vext.32 X2, X2, X2, #2
+ vext.32 X3, X3, X3, #1
+
+ QROUND(X0, X3, X2, X1)
+
+ subs ROUNDS, ROUNDS, #2
+ C Inverse rotation
+ vext.32 X1, X1, X1, #1
+ vext.32 X2, X2, X2, #2
+ vext.32 X3, X3, X3, #3
+
+ bhi .Loop
+
+ C Inverse swaps
+ vmov T1, X2
+ vbit T1, X0, M0011
+ vbit X0, X2, M0011
+
+ vmov T0, X1
+ vbit T0, X3, M0110
+ vbit X3, X1, M0110
+
+ vmov X1, T0
+ vmov X2, T1
+ vbit X1, X0, M0101
+ vbit X0, T0, M0101
+ vbit X2, X3, M0101
+ vbit X3, T1, M0101
+
+ vld1.64 {T0}, [SRC]
+ vadd.u32 X0, X0, T0
+ vadd.u32 X1, X1, S1
+ vadd.u32 X2, X2, S2
+ vadd.u32 X3, X3, S3
+
+ vstm DST, {X0,X1,X2,X3}
+ bx lr
+EPILOGUE(_nettle_salsa20_core)
+
+divert(-1)
+define salsastate
+p/x $q0.u32
+p/x $q1.u32
+p/x $q2.u32
+p/x $q3.u32
+end
--- /dev/null
+C nettle, low-level cryptographics library
+C
+C Copyright (C) 2013 Niels Möller
+C
+C The nettle library is free software; you can redistribute it and/or modify
+C it under the terms of the GNU Lesser General Public License as published by
+C the Free Software Foundation; either version 2.1 of the License, or (at your
+C option) any later version.
+C
+C The nettle library is distributed in the hope that it will be useful, but
+C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+C License for more details.
+C
+C You should have received a copy of the GNU Lesser General Public License
+C along with the nettle library; see the file COPYING.LIB. If not, write to
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
+
+ .file "sha3-permute.asm"
+ .fpu neon
+
+define(<CTX>, <r0>)
+define(<COUNT>, <r1>)
+define(<RC>, <r2>)
+C First column
+define(<A0>, <d0>)
+define(<A5>, <d2>)
+define(<A10>, <d3>)
+define(<A15>, <d4>)
+define(<A20>, <d5>)
+
+define(<A1>, <d6>)
+define(<A2>, <d7>)
+define(<A3>, <d8>)
+define(<A4>, <d9>)
+
+define(<A6>, <d16>)
+define(<A7>, <d17>)
+define(<A8>, <d18>)
+define(<A9>, <d19>)
+
+define(<A11>, <d20>)
+define(<A12>, <d21>)
+define(<A13>, <d22>)
+define(<A14>, <d23>)
+
+define(<A16>, <d24>)
+define(<A17>, <d25>)
+define(<A18>, <d26>)
+define(<A19>, <d27>)
+
+define(<A21>, <d28>)
+define(<A22>, <d29>)
+define(<A23>, <d30>)
+define(<A24>, <d31>)
+
+define(<T0>, <d10>)
+define(<T1>, <d11>)
+
+define(<C0>, <d1>)
+define(<C1>, <d12>)
+define(<C2>, <d13>)
+define(<C3>, <d14>)
+define(<C4>, <d15>)
+
+
+C ROL(DST, SRC, COUNT)
+C Must have SRC != DST
+define(<ROL>, <
+ vshr.u64 $1, $2, #eval(64-$3)
+ vsli.i64 $1, $2, #$3
+ >)
+C sha3_permute(struct sha3_ctx *ctx)
+
+ .text
+ .align 3
+.Lrc:
+ .quad 0x0000000000000001
+ .quad 0x0000000000008082
+ .quad 0x800000000000808A
+ .quad 0x8000000080008000
+ .quad 0x000000000000808B
+ .quad 0x0000000080000001
+ .quad 0x8000000080008081
+ .quad 0x8000000000008009
+ .quad 0x000000000000008A
+ .quad 0x0000000000000088
+ .quad 0x0000000080008009
+ .quad 0x000000008000000A
+ .quad 0x000000008000808B
+ .quad 0x800000000000008B
+ .quad 0x8000000000008089
+ .quad 0x8000000000008003
+ .quad 0x8000000000008002
+ .quad 0x8000000000000080
+ .quad 0x000000000000800A
+ .quad 0x800000008000000A
+ .quad 0x8000000080008081
+ .quad 0x8000000000008080
+ .quad 0x0000000080000001
+ .quad 0x8000000080008008
+
+PROLOGUE(nettle_sha3_permute)
+ vpush {d8-d15}
+
+ vld1.64 {A0}, [CTX]!
+ vldm CTX!, {A1,A2,A3,A4}
+ vld1.64 {A5}, [CTX]!
+ vldm CTX!, {A6,A7,A8,A9}
+ vld1.64 {A10}, [CTX]!
+ vldm CTX!, {A11,A12,A13,A14}
+ vld1.64 {A15}, [CTX]!
+ vldm CTX!, {A16,A17,A18,A19}
+ vld1.64 {A20}, [CTX]!
+ vldm CTX, {A21,A22,A23,A24}
+ sub CTX, CTX, #168
+
+ mov COUNT, #24
+ adr RC, .Lrc
+
+ .align 3
+.Loop:
+ veor QREG(T0), QREG(A5), QREG(A15)
+ veor C0, A0, T0
+ veor C0, C0, T1
+ veor QREG(C1), QREG(A1), QREG(A6)
+ veor QREG(C1), QREG(C1), QREG(A11)
+ veor QREG(C1), QREG(C1), QREG(A16)
+ veor QREG(C1), QREG(C1), QREG(A21)
+
+ veor QREG(C3), QREG(A3), QREG(A8)
+ veor QREG(C3), QREG(C3), QREG(A13)
+ veor QREG(C3), QREG(C3), QREG(A18)
+ veor QREG(C3), QREG(C3), QREG(A23)
+
+ C D0 = C4 ^ (C1 <<< 1)
+ C NOTE: Using ROL macro (and vsli) is slightly slower.
+ vshl.i64 T0, C1, #1
+ vshr.u64 T1, C1, #63
+ veor T0, T0, C4
+ veor T0, T0, T1
+ vmov T1, T0
+ veor A0, A0, T0
+ veor QREG(A5), QREG(A5), QREG(T0)
+ veor QREG(A15), QREG(A15), QREG(T0)
+
+ C D1 = C0 ^ (C2 <<< 1)
+ C D2 = C1 ^ (C3 <<< 1)
+ ROL(T0, C2, 1)
+ ROL(T1, C3, 1)
+ veor T0, T0, C0
+ veor T1, T1, C1
+ veor QREG(A1), QREG(A1), QREG(T0)
+ veor QREG(A6), QREG(A6), QREG(T0)
+ veor QREG(A11), QREG(A11), QREG(T0)
+ veor QREG(A16), QREG(A16), QREG(T0)
+ veor QREG(A21), QREG(A21), QREG(T0)
+
+ C D3 = C2 ^ (C4 <<< 1)
+ C D4 = C3 ^ (C0 <<< 1)
+ ROL(T0, C4, 1)
+ ROL(T1, C0, 1)
+ veor T0, T0, C2
+ veor T1, T1, C3
+ veor QREG(A3), QREG(A3), QREG(T0)
+ veor QREG(A8), QREG(A8), QREG(T0)
+ veor QREG(A13), QREG(A13), QREG(T0)
+ veor QREG(A18), QREG(A18), QREG(T0)
+ veor QREG(A23), QREG(A23), QREG(T0)
+
+ ROL( T0, A1, 1)
+ ROL( A1, A6, 44)
+ ROL( A6, A9, 20)
+ ROL( A9, A22, 61)
+ ROL(A22, A14, 39)
+ ROL(A14, A20, 18)
+ ROL(A20, A2, 62)
+ ROL( A2, A12, 43)
+ ROL(A12, A13, 25)
+ ROL(A13, A19, 8)
+ ROL(A19, A23, 56)
+ ROL(A23, A15, 41)
+ ROL(A15, A4, 27)
+ ROL( A4, A24, 14)
+ ROL(A24, A21, 2)
+ ROL(A21, A8, 55)
+ ROL( A8, A16, 45)
+ ROL(A16, A5, 36)
+ ROL( A5, A3, 28)
+ ROL( A3, A18, 21)
+ ROL(A18, A17, 15)
+ ROL(A17, A11, 10)
+ ROL(A11, A7, 6)
+ ROL( A7, A10, 3)
+ C New A10 value left in T0
+
+ vbic C0, A2, A1
+ vbic C1, A3, A2
+ vbic C2, A4, A3
+ vbic C3, A0, A4
+ vbic C4, A1, A0
+
+ veor A0, A0, C0
+ vld1.64 {C0}, [RC :64]!
+ veor QREG(A1), QREG(A1), QREG(C1)
+ veor QREG(A3), QREG(A3), QREG(C3)
+ veor A0, A0, C0
+
+ vbic C0, A7, A6
+ vbic C1, A8, A7
+ vbic C2, A9, A8
+ vbic C3, A5, A9
+ vbic C4, A6, A5
+
+ veor A5, A5, C0
+ veor QREG(A6), QREG(A6), QREG(C1)
+ veor QREG(A8), QREG(A8), QREG(C3)
+
+ vbic C0, A12, A11
+ vbic C1, A13, A12
+ vbic C2, A14, A13
+ vbic C3, T0, A14
+ vbic C4, A11, T0
+
+ veor A10, T0, C0
+ veor QREG(A11), QREG(A11), QREG(C1)
+ veor QREG(A13), QREG(A13), QREG(C3)
+
+ vbic C0, A17, A16
+ vbic C1, A18, A17
+ vbic C2, A19, A18
+ vbic C3, A15, A19
+ vbic C4, A16, A15
+
+ veor A15, A15, C0
+ veor QREG(A16), QREG(A16), QREG(C1)
+ veor QREG(A18), QREG(A18), QREG(C3)
+
+ vbic C0, A22, A21
+ vbic C1, A23, A22
+ vbic C2, A24, A23
+ vbic C3, A20, A24
+ vbic C4, A21, A20
+
+ subs COUNT, COUNT, #1
+ veor A20, A20, C0
+ veor QREG(A21), QREG(A21), QREG(C1)
+ veor QREG(A23), QREG(A23), QREG(C3)
+
+ bne .Loop
+
+ vst1.64 {A0}, [CTX]!
+ vstm CTX!, {A1,A2,A3,A4}
+ vst1.64 {A5}, [CTX]!
+ vstm CTX!, {A6,A7,A8,A9}
+ vst1.64 {A10}, [CTX]!
+ vstm CTX!, {A11,A12,A13,A14}
+ vst1.64 {A15}, [CTX]!
+ vstm CTX!, {A16,A17,A18,A19}
+ vst1.64 {A20}, [CTX]!
+ vstm CTX, {A21,A22,A23,A24}
+
+ vpop {d8-d15}
+ bx lr
+EPILOGUE(nettle_sha3_permute)
--- /dev/null
+C nettle, low-level cryptographics library
+C
+C Copyright (C) 2013 Niels Möller
+C
+C The nettle library is free software; you can redistribute it and/or modify
+C it under the terms of the GNU Lesser General Public License as published by
+C the Free Software Foundation; either version 2.1 of the License, or (at your
+C option) any later version.
+C
+C The nettle library is distributed in the hope that it will be useful, but
+C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+C License for more details.
+C
+C You should have received a copy of the GNU Lesser General Public License
+C along with the nettle library; see the file COPYING.LIB. If not, write to
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
+
+ .file "sha512-compress.asm"
+ .fpu neon
+
+define(<STATE>, <r0>)
+define(<INPUT>, <r1>)
+define(<K>, <r2>)
+define(<COUNT>, <r3>)
+define(<SHIFT>, <r12>)
+
+define(<SA>, <d0>)
+define(<SB>, <d1>)
+define(<SC>, <d2>)
+define(<SD>, <d3>)
+define(<SE>, <d4>)
+define(<SF>, <d5>)
+define(<SG>, <d6>)
+define(<SH>, <d7>)
+define(<QSAB>, <q0>)
+define(<QSCD>, <q1>)
+define(<QSEF>, <q2>)
+define(<QSGH>, <q3>)
+
+C d8-d15 are callee-save
+define(<DT0>, <d8>)
+define(<DT1>, <d9>)
+define(<QT01>, <q4>)
+define(<DT2>, <d10>)
+define(<DT3>, <d11>)
+define(<QT23>, <q5>)
+define(<DT4>, <d12>)
+define(<DT5>, <d13>)
+define(<QT45>, <q6>)
+
+C Used only when reading the input, can overlap with state
+define(<DT6>, <d0>)
+define(<DT7>, <d1>)
+define(<QT67>, <q0>)
+
+define(<DW0>, <d16>)
+define(<DW1>, <d17>)
+define(<DW2>, <d18>)
+define(<DW3>, <d19>)
+define(<DW4>, <d20>)
+define(<DW5>, <d21>)
+define(<DW6>, <d22>)
+define(<DW7>, <d23>)
+define(<DW8>, <d24>)
+define(<DW9>, <d25>)
+define(<DW10>, <d26>)
+define(<DW11>, <d27>)
+define(<DW12>, <d28>)
+define(<DW13>, <d29>)
+define(<DW14>, <d30>)
+define(<DW15>, <d31>)
+define(<QW0001>, <q8>)
+define(<QW0203>, <q9>)
+define(<QW0405>, <q10>)
+define(<QW0607>, <q11>)
+define(<QW0809>, <q12>)
+define(<QW1011>, <q13>)
+define(<QW1213>, <q14>)
+define(<QW1415>, <q15>)
+
+define(<EXPAND_ME>, <$1>)
+define(<W>, <EXPAND_ME(<DW>eval(($1) % 16))>)
+
+C If x = W(i+14), y = w(i+1), we xor in parallel
+C
+C x << 45 y << 63
+C x >> 19 y >> 1
+C x << 3 y << 56
+C x >> 61 y >> 8
+C xor x >> 6 y >> 7
+C -----------------------------
+C DT0 DT1
+define(<EXPN>, <
+ vshl.i64 DT0, W($1+14), #45
+ vshl.i64 DT1, W($1 + 1), #63
+ vshr.u64 DT2, W($1+14), #19
+ vshr.u64 DT3, W($1 + 1), #1
+ vshl.i64 DT4, W($1+14), #3
+ vshl.i64 DT5, W($1 + 1), #56
+ veor.i64 QT01, QT01, QT23
+ vshr.u64 DT2, W($1+14), #61
+ vshr.u64 DT3, W($1 + 1), #8
+ veor.i64 QT01, QT01, QT45
+ vshr.u64 DT4, W($1+14), #6
+ vshr.u64 DT5, W($1 + 1), #7
+ veor.i64 QT01, QT01, QT23
+ vadd.i64 W($1), W($1), W($1 + 9)
+ veor.i64 QT01, QT01, QT45
+ vadd.i64 W($1), W($1), DT0
+ vadd.i64 W($1), W($1), DT1
+>)
+
+C ROUND(A,B,C,D,E,F,G,H,i)
+C
+C H += S1(E) + Choice(E,F,G) + K + W
+C D += H
+C H += S0(A) + Majority(A,B,C)
+C
+C Where
+C
+C S1(E) = E<<<50 ^ E<<<46 ^ E<<<23
+C S0(A) = A<<<36 ^ A<<<30 ^ A<<<25
+C Choice (E, F, G) = G^(E&(F^G))
+C Majority (A,B,C) = (A&B) + (C&(A^B))
+
+C Do S1 and S0 in parallel
+C
+C e << 50 a << 36
+C e >> 14 a >> 28
+C e << 46 a << 30
+C e >> 18 a >> 34
+C e << 23 a << 25
+C xor e >> 41 a >> 39
+C ----------------------------
+C DT0 DT1
+define(<ROUND>, <
+ vshl.i64 DT0, $5, #50
+ vshl.i64 DT1, $1, #36
+ vshr.u64 DT2, $5, #14
+ vshr.u64 DT3, $1, #28
+ vshl.i64 DT4, $5, #46
+ vshl.i64 DT5, $1, #30
+ veor QT01, QT01, QT23
+ vshr.u64 DT2, $5, #18
+ vshr.u64 DT3, $1, #34
+ veor QT01, QT01, QT45
+ vshl.i64 DT4, $5, #23
+ vshl.i64 DT5, $1, #25
+ veor QT01, QT01, QT23
+ vshr.u64 DT2, $5, #41
+ vshr.u64 DT3, $1, #39
+ veor QT01, QT01, QT45
+ veor DT4, $6, $7
+ veor DT5, $1, $2
+ vand DT4, DT4, $5
+ vand DT5, DT5, $3
+ veor DT4, DT4, $7
+ veor QT01, QT01, QT23
+ vand DT2, $1, $2
+ vldr DT3, [K,#eval(8*$9)]
+ vadd.i64 $8, $8, W($9)
+ vadd.i64 QT01, QT01, QT45
+ vadd.i64 $8, $8, DT3
+ vadd.i64 $8, $8, DT0
+ vadd.i64 DT1, DT1, DT2
+ vadd.i64 $4, $4, $8
+ vadd.i64 $8, $8, DT1
+>)
+
+ C void
+ C _nettle_sha512_compress(uint64_t *state, const uint8_t *input, const uint64_t *k)
+
+ .text
+ .align 2
+
+PROLOGUE(_nettle_sha512_compress)
+ vpush {d8,d9,d10,d11,d12,d13}
+
+ ands SHIFT, INPUT, #7
+ and INPUT, INPUT, #-8
+ vld1.8 {DT5}, [INPUT :64]
+ addne INPUT, INPUT, #8
+ addeq SHIFT, SHIFT, #8
+ lsl SHIFT, SHIFT, #3
+
+ C Put right shift in DT0 and DT1, aka QT01
+ neg SHIFT, SHIFT
+ vmov.i32 DT0, #0
+ vmov.32 DT0[0], SHIFT
+ vmov DT1, DT0
+ C Put left shift in DT2 and DT3, aka QT23
+ add SHIFT, SHIFT, #64
+ vmov.i32 DT2, #0
+ vmov.32 DT2[0], SHIFT
+ vmov DT3, DT2
+ vshl.u64 DT5, DT5, DT0
+
+ C Set w[i] <-- w[i-1] >> RSHIFT + w[i] << LSHIFT
+ vld1.8 {W(0),W(1),W(2),W(3)}, [INPUT :64]!
+ vshl.u64 QT67, QW0001, QT01 C Right shift
+ vshl.u64 QW0001, QW0001, QT23 C Left shift
+ veor W(0), W(0), DT5
+ veor W(1), W(1), DT6
+ vrev64.8 QW0001, QW0001
+ vshl.u64 QT45, QW0203, QT01 C Right shift
+ vshl.u64 QW0203, QW0203, QT23 C Left shift
+ veor W(2), W(2), DT7
+ veor W(3), W(3), DT4
+ vrev64.8 QW0203, QW0203
+
+ vld1.8 {W(4),W(5),W(6),W(7)}, [INPUT :64]!
+ vshl.u64 QT67, QW0405, QT01 C Right shift
+ vshl.u64 QW0405, QW0405, QT23 C Left shift
+ veor W(4), W(4), DT5
+ veor W(5), W(5), DT6
+ vrev64.8 QW0405, QW0405
+ vshl.u64 QT45, QW0607, QT01 C Right shift
+ vshl.u64 QW0607, QW0607, QT23 C Left shift
+ veor W(6), W(6), DT7
+ veor W(7), W(7), DT4
+ vrev64.8 QW0607, QW0607
+
+ vld1.8 {W(8),W(9),W(10),W(11)}, [INPUT :64]!
+ vshl.u64 QT67, QW0809, QT01 C Right shift
+ vshl.u64 QW0809, QW0809, QT23 C Left shift
+ veor W(8), W(8), DT5
+ veor W(9), W(9), DT6
+ vrev64.8 QW0809, QW0809
+ vshl.u64 QT45, QW1011, QT01 C Right shift
+ vshl.u64 QW1011, QW1011, QT23 C Left shift
+ veor W(10), W(10), DT7
+ veor W(11), W(11), DT4
+ vrev64.8 QW1011, QW1011
+
+ vld1.8 {W(12),W(13),W(14),W(15)}, [INPUT :64]!
+ vshl.u64 QT67, QW1213, QT01 C Right shift
+ vshl.u64 QW1213, QW1213, QT23 C Left shift
+ veor W(12), W(12), DT5
+ veor W(13), W(13), DT6
+ vrev64.8 QW1213, QW1213
+ vshl.u64 QT45, QW1415, QT01 C Right shift
+ vshl.u64 QW1415, QW1415, QT23 C Left shift
+ veor W(14), W(14), DT7
+ veor W(15), W(15), DT4
+ vrev64.8 QW1415, QW1415
+
+ vldm STATE, {SA,SB,SC,SD,SE,SF,SG,SH}
+
+ ROUND(SA,SB,SC,SD,SE,SF,SG,SH, 0)
+ ROUND(SH,SA,SB,SC,SD,SE,SF,SG, 1)
+ ROUND(SG,SH,SA,SB,SC,SD,SE,SF, 2)
+ ROUND(SF,SG,SH,SA,SB,SC,SD,SE, 3)
+ ROUND(SE,SF,SG,SH,SA,SB,SC,SD, 4)
+ ROUND(SD,SE,SF,SG,SH,SA,SB,SC, 5)
+ ROUND(SC,SD,SE,SF,SG,SH,SA,SB, 6)
+ ROUND(SB,SC,SD,SE,SF,SG,SH,SA, 7)
+
+ ROUND(SA,SB,SC,SD,SE,SF,SG,SH, 8)
+ ROUND(SH,SA,SB,SC,SD,SE,SF,SG, 9)
+ ROUND(SG,SH,SA,SB,SC,SD,SE,SF, 10)
+ ROUND(SF,SG,SH,SA,SB,SC,SD,SE, 11)
+ ROUND(SE,SF,SG,SH,SA,SB,SC,SD, 12)
+ ROUND(SD,SE,SF,SG,SH,SA,SB,SC, 13)
+ ROUND(SC,SD,SE,SF,SG,SH,SA,SB, 14)
+ ROUND(SB,SC,SD,SE,SF,SG,SH,SA, 15)
+
+ add K, K, #128
+
+ mov COUNT, #4
+.Loop:
+
+ EXPN( 0) ROUND(SA,SB,SC,SD,SE,SF,SG,SH, 0)
+ EXPN( 1) ROUND(SH,SA,SB,SC,SD,SE,SF,SG, 1)
+ EXPN( 2) ROUND(SG,SH,SA,SB,SC,SD,SE,SF, 2)
+ EXPN( 3) ROUND(SF,SG,SH,SA,SB,SC,SD,SE, 3)
+ EXPN( 4) ROUND(SE,SF,SG,SH,SA,SB,SC,SD, 4)
+ EXPN( 5) ROUND(SD,SE,SF,SG,SH,SA,SB,SC, 5)
+ EXPN( 6) ROUND(SC,SD,SE,SF,SG,SH,SA,SB, 6)
+ EXPN( 7) ROUND(SB,SC,SD,SE,SF,SG,SH,SA, 7)
+ EXPN( 8) ROUND(SA,SB,SC,SD,SE,SF,SG,SH, 8)
+ EXPN( 9) ROUND(SH,SA,SB,SC,SD,SE,SF,SG, 9)
+ EXPN(10) ROUND(SG,SH,SA,SB,SC,SD,SE,SF, 10)
+ EXPN(11) ROUND(SF,SG,SH,SA,SB,SC,SD,SE, 11)
+ EXPN(12) ROUND(SE,SF,SG,SH,SA,SB,SC,SD, 12)
+ EXPN(13) ROUND(SD,SE,SF,SG,SH,SA,SB,SC, 13)
+ EXPN(14) ROUND(SC,SD,SE,SF,SG,SH,SA,SB, 14)
+ subs COUNT, COUNT, #1
+ EXPN(15) ROUND(SB,SC,SD,SE,SF,SG,SH,SA, 15)
+ add K, K, #128
+ bne .Loop
+
+ vld1.64 {DW0, DW1, DW2, DW3}, [STATE]
+ vadd.i64 QSAB, QSAB, QW0001
+ vadd.i64 QSCD, QSCD, QW0203
+ vst1.64 {SA,SB,SC,SD}, [STATE]!
+ vld1.64 {DW0, DW1, DW2, DW3}, [STATE]
+ vadd.i64 QSEF, QSEF, QW0001
+ vadd.i64 QSGH, QSGH, QW0203
+ vst1.64 {SE,SF,SG,SH}, [STATE]!
+
+ vpop {d8,d9,d10,d11,d12,d13}
+ bx lr
+EPILOGUE(_nettle_sha512_compress)
+
+divert(-1)
+define shastate
+p/x $d0.u64
+p/x $d1.u64
+p/x $d2.u64
+p/x $d3.u64
+p/x $d4.u64
+p/x $d5.u64
+p/x $d6.u64
+p/x $d7.u64
+end
--- /dev/null
+C nettle, low-level cryptographics library
+C
+C Copyright (C) 2013 Niels Möller
+C
+C The nettle library is free software; you can redistribute it and/or modify
+C it under the terms of the GNU Lesser General Public License as published by
+C the Free Software Foundation; either version 2.1 of the License, or (at your
+C option) any later version.
+C
+C The nettle library is distributed in the hope that it will be useful, but
+C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+C License for more details.
+C
+C You should have received a copy of the GNU Lesser General Public License
+C along with the nettle library; see the file COPYING.LIB. If not, write to
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
+
+ .file "umac-nh.asm"
+ .fpu neon
+
+define(<OUT>, <r0>)
+define(<ITERS>, <r1>)
+define(<KEY>, <r2>)
+define(<LENGTH>, <r3>)
+define(<MSG>, <r12>)
+define(<SHIFT>, <r14>)
+
+define(<QA>, <q0>)
+define(<QB>, <q1>)
+define(<QY0>, <q3>) C Accumulates for the first two operations.
+define(<DM>, <d4>)
+define(<QY1>, <q4>) C Used for 3 and 4 iterations.
+define(<QC>, <q5>)
+define(<QD>, <q6>)
+define(<QLEFT>, <q8>)
+define(<QRIGHT>, <q9>)
+define(<QT0>, <q10>)
+define(<QT1>, <q11>)
+define(<QT2>, <q12>)
+define(<QK0>, <q13>)
+define(<QK1>, <q14>)
+define(<QK2>, <q15>)
+
+C FIXME: Try permuting subkeys using vld4, vzip or similar.
+
+ .text
+ .align 3
+
+PROLOGUE(_nettle_umac_nh_n)
+ ldr MSG, [sp]
+ str lr, [sp, #-4]!
+
+ C Setup for 64-bit aligned reads
+ ands SHIFT, MSG, #7
+ and MSG, MSG, #-8
+ vld1.8 {DM}, [MSG :64]
+ addne MSG, MSG, #8
+ addeq SHIFT, SHIFT, #8
+
+ C FIXME: Combine as rsb ?
+ lsl SHIFT, SHIFT, #3
+ neg SHIFT, SHIFT
+
+ C Right shift in QRIGHT (both halves)
+ vmov.i32 D0REG(QRIGHT)[0], SHIFT
+ vmov.32 D1REG(QRIGHT), D0REG(QRIGHT)
+ add SHIFT, SHIFT, #64
+
+ vmov.i32 D0REG(QLEFT)[0], SHIFT
+ vmov.32 D1REG(QLEFT), D0REG(QLEFT)
+ cmp r1, #3
+ vmov.i64 QY0, #0
+
+ vshl.u64 DM, DM, D0REG(QRIGHT)
+ bcc .Lnh2
+ beq .Lnh3
+
+.Lnh4:
+ C Permute key words, so we in each iteration have them in order
+ C
+ C P0: [0, 4,1, 5] P1: [ 2, 6, 3, 7] P2: [ 4, 8, 5, 9] P3: [ 6,10, 7,11]
+ C P4: [8,12,9,13] P5: [10,14,11,15] P6: [12,16,13,17] P7: [14,18,15,19]
+ C
+ C Also arrange the message words, so we get them as
+ C M0: [0,0,1,1] M1: [ 2, 2, 3, 3] M2: [ 4, 4, 5, 5] M3: [ 6, 6, 7, 7]
+ C M4: [8,8,9,9] M5: [10,10,11,11] M6: [12,12,13,13] M7: [14,14,15,15]
+ C
+ C Then, accumulate Y0 (first two "iters") using
+ C
+ C Y0 += (M0+P0) * (M2+P2) + (M1+P1) * (M3+P3)
+ C Y1 += (M0+P4) * (M2+P6) + (M1+P5) * (M3+P7)
+ C
+ C Next iteration is then
+ C
+ C Y0 += (M4+P4) * (M6+P6) + (M5+P5) * (M7 + P7)
+ C Y1 += (M4+P6) * (M6+P8) + (M5+P7) * (M7 + P11)
+ C
+ C So we can reuse P4, P5, P6, P7 from the previous iteration.
+
+ C How to for in registers? We need 4 Q regs for P0-P3, and one
+ C more for the last read key. We need at least two regiters
+ C for the message (QA and QB, more if we want to expand only
+ C once). For the Y0 update, we can let the factors overwrite
+ C P0-P3, and for the Y1 update, we can overwrite M0-M3.
+
+ vpush {q4,q5,q6}
+ vld1.32 {QK0,QK1}, [KEY]!
+ vld1.32 {QK2}, [KEY]!
+ vmov QT0, QK1
+ vmov QT1, QK2
+
+ C Permute keys. QK2 us untouched, permuted subkeys put in QK0,QK1,QT0,QT1
+ vtrn.32 QK0, QK1 C Gives us [0, 4, 2, 6] and [1, 5, 3, 7]
+ vswp D1REG(QK0), D0REG(QK1) C Gives us [0, 4, 1, 5] and [2, 6, 3, 7]
+ vtrn.32 QT0, QT1 C Gives us [4,8,6,10] and [5 ,9,7,11]
+ vswp D1REG(QT0), D0REG(QT1) C Gives us [4,8,5, 9] and [6,10,7,11]
+
+ vmov.i64 QY1, #0
+.Loop4:
+ C Set m[i] <-- m[i-1] >> RSHIFT + m[i] << LSHIFT
+ vld1.8 {QA, QB}, [MSG :64]!
+ vshl.u64 QC, QA, QRIGHT
+ vshl.u64 QD, QB, QRIGHT
+ vshl.u64 QA, QA, QLEFT
+ vshl.u64 QB, QB, QLEFT
+ veor D0REG(QA), D0REG(QA), DM
+ veor D1REG(QA), D1REG(QA), D0REG(QC)
+ veor D0REG(QB), D0REG(QB), D1REG(QC)
+ veor D1REG(QB), D1REG(QB), D0REG(QD)
+ vmov DM, D1REG(QD)
+
+ C Explode message (too bad there's no vadd with scalar)
+ vdup.32 D1REG(QD), D1REG(QB)[1]
+ vdup.32 D0REG(QD), D1REG(QB)[0]
+ vdup.32 D1REG(QC), D0REG(QB)[1]
+ vdup.32 D0REG(QC), D0REG(QB)[0]
+ vdup.32 D1REG(QB), D1REG(QA)[1]
+ vdup.32 D0REG(QB), D1REG(QA)[0]
+ vdup.32 D1REG(QA), D0REG(QA)[1]
+ vdup.32 D0REG(QA), D0REG(QA)[0]
+
+ vadd.i32 QK0, QK0, QA
+ vadd.i32 QK1, QK1, QB
+ vadd.i32 QT0, QT0, QC
+ vadd.i32 QT1, QT1, QD
+
+ vmlal.u32 QY0, D0REG(QK0), D0REG(QT0)
+ vmlal.u32 QY0, D1REG(QK0), D1REG(QT0)
+ vmlal.u32 QY0, D0REG(QK1), D0REG(QT1)
+ vmlal.u32 QY0, D1REG(QK1), D1REG(QT1)
+
+ C Next 4 subkeys
+ vld1.32 {QT0,QT1}, [KEY]!
+ vmov QK0, QK2
+ vmov QK1, QT0
+ vmov QK2, QT1 C Save
+ vtrn.32 QK0, QK1 C Gives us [8,12,10,14] and [9,13,11,15]
+ vswp D1REG(QK0), D0REG(QK1) C Gives us [8,12,9,13] and [10,14,11,15]
+ vtrn.32 QT0, QT1 C Gives us [12,16,14,18] and [13,17,15,19]
+ vswp D1REG(QT0), D0REG(QT1) C Gives us [12,16,13,17] and [14,18,15,19]
+
+ vadd.i32 QA, QA, QK0
+ vadd.i32 QB, QB, QK1
+ vadd.i32 QC, QC, QT0
+ vadd.i32 QD, QD, QT1
+
+ subs LENGTH, LENGTH, #32
+
+ vmlal.u32 QY1, D0REG(QA), D0REG(QC)
+ vmlal.u32 QY1, D1REG(QA), D1REG(QC)
+ vmlal.u32 QY1, D0REG(QB), D0REG(QD)
+ vmlal.u32 QY1, D1REG(QB), D1REG(QD)
+
+ bhi .Loop4
+
+ vst1.64 {QY0, QY1}, [OUT]
+
+ vpop {q4,q5,q6}
+
+ ldr pc, [sp], #+4
+
+.Lnh3:
+ vpush {q4}
+ vld1.32 {QK0,QK1}, [KEY]!
+ vmov.i64 QY1, #0
+.Loop3:
+ C Set m[i] <-- m[i-1] >> RSHIFT + m[i] << LSHIFT
+ vld1.8 {QA, QB}, [MSG :64]!
+ vshl.u64 QT0, QA, QRIGHT
+ vshl.u64 QT1, QB, QRIGHT
+ vshl.u64 QA, QA, QLEFT
+ vshl.u64 QB, QB, QLEFT
+ veor D0REG(QA), D0REG(QA), DM
+ veor D1REG(QA), D1REG(QA), D0REG(QT0)
+ veor D0REG(QB), D0REG(QB), D1REG(QT0)
+ veor D1REG(QB), D1REG(QB), D0REG(QT1)
+ vmov DM, D1REG(QT1)
+
+ vld1.32 {QK2}, [KEY]!
+ C Construct factors, with low half corresponding to first iteration,
+ C and high half corresponding to the second iteration.
+ vmov QT0, QK1
+ vtrn.32 QK0, QT0 C Gives us [0, 4, 2, 6] and [1, 5, 3, 7]
+ vswp D1REG(QK0), D0REG(QT0) C Gives us [0, 4, 1, 5] and [2, 6, 3, 7]
+ vdup.32 D0REG(QT1), D0REG(QA)[0]
+ vdup.32 D1REG(QT1), D0REG(QA)[1]
+ vadd.i32 QT1, QT1, QK0
+
+ vmov QK0, QK2 C Save for next iteration
+ vtrn.32 QK1, QK2 C Gives us [4, 8, 2, 1] and [1, 5, 3, 7]
+ vswp D1REG(QK1), D0REG(QK2) C Gives us [4, 8, 1, 5] and [2, 1, 3, 7]
+
+ vdup.32 D0REG(QT2), D0REG(QB)[0]
+ vdup.32 D1REG(QT2), D0REG(QB)[1]
+ vadd.i32 QK1, QK1, QT2
+ vmlal.u32 QY0, D0REG(QT1), D0REG(QK1)
+ vmlal.u32 QY0, D1REG(QT1), D1REG(QK1)
+
+ vdup.32 D0REG(QT1), D1REG(QA)[0]
+ vdup.32 D1REG(QT1), D1REG(QA)[1]
+ vadd.i32 QT0, QT0, QT1
+ vdup.32 D0REG(QT1), D1REG(QB)[0]
+ vdup.32 D1REG(QT1), D1REG(QB)[1]
+ vadd.i32 QK2, QK2, QT1
+
+ vmlal.u32 QY0, D0REG(QT0), D0REG(QK2)
+ vmlal.u32 QY0, D1REG(QT0), D1REG(QK2)
+
+ vld1.32 {QK1}, [KEY]!
+ vadd.i32 QA, QA, QK0
+ vadd.i32 QB, QB, QK1
+ subs LENGTH, LENGTH, #32
+ vmlal.u32 QY1, D0REG(QA), D0REG(QB)
+ vmlal.u32 QY1, D1REG(QA), D1REG(QB)
+ bhi .Loop3
+
+ vadd.i64 D0REG(QY1), D0REG(QY1), D1REG(QY1)
+ vst1.64 {D0REG(QY0), D1REG(QY0), D0REG(QY1)}, [OUT]
+
+ vpop {q4}
+
+ ldr pc, [sp], #+4
+
+.Lnh2:
+ vld1.32 {QK0}, [KEY]!
+.Loop2:
+ C Set m[i] <-- m[i-1] >> RSHIFT + m[i] << LSHIFT
+ vld1.8 {QA, QB}, [MSG :64]!
+ vshl.u64 QT0, QA, QRIGHT
+ vshl.u64 QT1, QB, QRIGHT
+ vshl.u64 QA, QA, QLEFT
+ vshl.u64 QB, QB, QLEFT
+ veor D0REG(QA), D0REG(QA), DM
+ veor D1REG(QA), D1REG(QA), D0REG(QT0)
+ veor D0REG(QB), D0REG(QB), D1REG(QT0)
+ veor D1REG(QB), D1REG(QB), D0REG(QT1)
+ vmov DM, D1REG(QT1)
+
+ vld1.32 {QK1,QK2}, [KEY]!
+ C Construct factors, with low half corresponding to first iteration,
+ C and high half corresponding to the second iteration.
+ vmov QT0, QK1
+ vtrn.32 QK0, QT0 C Gives us [0, 4, 2, 6] and [1, 5, 3, 7]
+ vswp D1REG(QK0), D0REG(QT0) C Gives us [0, 4, 1, 5] and [2, 6, 3, 7]
+ vdup.32 D0REG(QT1), D0REG(QA)[0]
+ vdup.32 D1REG(QT1), D0REG(QA)[1]
+ vadd.i32 QT1, QT1, QK0
+
+ vmov QK0, QK2 C Save for next iteration
+ vtrn.32 QK1, QK2 C Gives us [4, 8, 6, 10] and [5, 9, 7, 11]
+ vswp D1REG(QK1), D0REG(QK2) C Gives us [4, 8, 5, 9] and [6, 10, 7, 11]
+
+ vdup.32 D0REG(QT2), D0REG(QB)[0]
+ vdup.32 D1REG(QT2), D0REG(QB)[1]
+ vadd.i32 QK1, QK1, QT2
+ vmlal.u32 QY0, D0REG(QT1), D0REG(QK1)
+ vmlal.u32 QY0, D1REG(QT1), D1REG(QK1)
+
+ vdup.32 D0REG(QT1), D1REG(QA)[0]
+ vdup.32 D1REG(QT1), D1REG(QA)[1]
+ vadd.i32 QT0, QT0, QT1
+ vdup.32 D0REG(QT1), D1REG(QB)[0]
+ vdup.32 D1REG(QT1), D1REG(QB)[1]
+ vadd.i32 QK2, QK2, QT1
+
+ subs LENGTH, LENGTH, #32
+
+ vmlal.u32 QY0, D0REG(QT0), D0REG(QK2)
+ vmlal.u32 QY0, D1REG(QT0), D1REG(QK2)
+
+ bhi .Loop2
+ vst1.64 {QY0}, [OUT]
+
+.Lend:
+ ldr pc, [sp], #+4
+EPILOGUE(_nettle_umac_nh_n)
--- /dev/null
+C nettle, low-level cryptographics library
+C
+C Copyright (C) 2013 Niels Möller
+C
+C The nettle library is free software; you can redistribute it and/or modify
+C it under the terms of the GNU Lesser General Public License as published by
+C the Free Software Foundation; either version 2.1 of the License, or (at your
+C option) any later version.
+C
+C The nettle library is distributed in the hope that it will be useful, but
+C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+C License for more details.
+C
+C You should have received a copy of the GNU Lesser General Public License
+C along with the nettle library; see the file COPYING.LIB. If not, write to
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
+
+ .file "umac-nh.asm"
+ .fpu neon
+
+define(<KEY>, <r0>)
+define(<LENGTH>, <r1>)
+define(<MSG>, <r2>)
+define(<SHIFT>, <r3>)
+
+define(<QA>, <q0>)
+define(<QB>, <q1>)
+define(<DM>, <d16>)
+define(<QLEFT>, <q9>)
+define(<QRIGHT>, <q10>)
+define(<QY>, <q11>)
+define(<QT0>, <q12>)
+define(<QT1>, <q13>)
+define(<QK0>, <q14>)
+define(<QK1>, <q15>)
+
+ .text
+ .align 3
+
+PROLOGUE(_nettle_umac_nh)
+ C Setup for 64-bit aligned reads
+ ands SHIFT, MSG, #7
+ and MSG, MSG, #-8
+ vld1.8 {DM}, [MSG :64]
+ addne MSG, MSG, #8
+ addeq SHIFT, SHIFT, #8
+
+ C FIXME: Combine as rsb ?
+ lsl SHIFT, SHIFT, #3
+ neg SHIFT, SHIFT
+
+ C Right shift in QRIGHT (both halves)
+ vmov.i32 D0REG(QRIGHT)[0], SHIFT
+ vmov.32 D1REG(QRIGHT), D0REG(QRIGHT)
+ add SHIFT, SHIFT, #64
+
+ vmov.i32 D0REG(QLEFT)[0], SHIFT
+ vmov.32 D1REG(QLEFT), D0REG(QLEFT)
+
+ vmov.i64 QY, #0
+
+ vshl.u64 DM, DM, D0REG(QRIGHT)
+.Loop:
+ C Set m[i] <-- m[i-1] >> RSHIFT + m[i] << LSHIFT
+ vld1.8 {QA, QB}, [MSG :64]!
+ vshl.u64 QT0, QA, QRIGHT
+ vshl.u64 QT1, QB, QRIGHT
+ vshl.u64 QA, QA, QLEFT
+ vshl.u64 QB, QB, QLEFT
+ veor D0REG(QA), D0REG(QA), DM
+ veor D1REG(QA), D1REG(QA), D0REG(QT0)
+ veor D0REG(QB), D0REG(QB), D1REG(QT0)
+ veor D1REG(QB), D1REG(QB), D0REG(QT1)
+ vmov DM, D1REG(QT1)
+
+ vld1.i32 {QK0, QK1}, [KEY]!
+ vadd.i32 QA, QA, QK0
+ vadd.i32 QB, QB, QK1
+ subs LENGTH, LENGTH, #32
+ vmlal.u32 QY, D0REG(QA), D0REG(QB)
+ vmlal.u32 QY, D1REG(QA), D1REG(QB)
+ bhi .Loop
+
+ vadd.i64 D0REG(QY), D0REG(QY), D1REG(QY)
+ vmov r0, r1, D0REG(QY)
+ bx lr
+EPILOGUE(_nettle_umac_nh)
--- /dev/null
+C nettle, low-level cryptographics library
+C
+C Copyright (C) 2013 Niels Möller
+C
+C The nettle library is free software; you can redistribute it and/or modify
+C it under the terms of the GNU Lesser General Public License as published by
+C the Free Software Foundation; either version 2.1 of the License, or (at your
+C option) any later version.
+C
+C The nettle library is distributed in the hope that it will be useful, but
+C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+C License for more details.
+C
+C You should have received a copy of the GNU Lesser General Public License
+C along with the nettle library; see the file COPYING.LIB. If not, write to
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
+
+include_src(<arm/aes.m4>)
+
+C Benchmarked at at 785, 914, 1051 cycles/block on cortex A9,
+C for 128, 192 and 256 bit key sizes. Unclear why it is slower
+C than _aes_encrypt.
+
+define(<CTX>, <r0>)
+define(<TABLE>, <r1>)
+define(<LENGTH>, <r2>)
+define(<DST>, <r3>)
+define(<SRC>, <r12>)
+
+define(<W0>, <r4>)
+define(<W1>, <r5>)
+define(<W2>, <r6>)
+define(<W3>, <r7>)
+define(<T0>, <r8>)
+define(<KEY>, <r10>)
+define(<ROUND>, <r11>)
+
+define(<X0>, <r2>) C Overlaps LENGTH, SRC, DST
+define(<X1>, <r3>)
+define(<X2>, <r12>)
+define(<X3>, <r14>) C lr
+
+
+ .file "aes-decrypt-internal.asm"
+
+ C _aes_decrypt(struct aes_context *ctx,
+ C const struct aes_table *T,
+ C unsigned length, uint8_t *dst,
+ C uint8_t *src)
+ .text
+ .align 2
+PROLOGUE(_nettle_aes_decrypt)
+ teq LENGTH, #0
+ beq .Lend
+ ldr SRC, [sp]
+
+ push {r4,r5,r6,r7,r8,r10,r11,lr}
+.Lblock_loop:
+ mov KEY, CTX
+ AES_LOAD(SRC,KEY,W0)
+ AES_LOAD(SRC,KEY,W1)
+ AES_LOAD(SRC,KEY,W2)
+ AES_LOAD(SRC,KEY,W3)
+
+ push {LENGTH, DST, SRC}
+ ldr ROUND, [CTX, #+AES_NROUNDS]
+ add TABLE, TABLE, #AES_TABLE0
+
+ b .Lentry
+ .align 2
+.Lround_loop:
+ C Transform X -> W
+ AES_DECRYPT_ROUND(X0, X1, X2, X3, W0, W1, W2, W3, KEY)
+
+.Lentry:
+ subs ROUND, ROUND,#2
+ C Transform W -> X
+ AES_DECRYPT_ROUND(W0, W1, W2, W3, X0, X1, X2, X3, KEY)
+
+ bne .Lround_loop
+
+ sub TABLE, TABLE, #AES_TABLE0
+ C Final round
+ AES_FINAL_ROUND(X0, X3, X2, X1, KEY, W0)
+ AES_FINAL_ROUND(X1, X0, X3, X2, KEY, W1)
+ AES_FINAL_ROUND(X2, X1, X0, X3, KEY, W2)
+ AES_FINAL_ROUND(X3, X2, X1, X0, KEY, W3)
+
+ pop {LENGTH, DST, SRC}
+
+ AES_STORE(DST,W0)
+ AES_STORE(DST,W1)
+ AES_STORE(DST,W2)
+ AES_STORE(DST,W3)
+
+ subs LENGTH, LENGTH, #16
+ bhi .Lblock_loop
+
+ pop {r4,r5,r6,r7,r8,r10,r11,pc}
+
+.Lend:
+ bx lr
+EPILOGUE(_nettle_aes_decrypt)
--- /dev/null
+C nettle, low-level cryptographics library
+C
+C Copyright (C) 2013 Niels Möller
+C
+C The nettle library is free software; you can redistribute it and/or modify
+C it under the terms of the GNU Lesser General Public License as published by
+C the Free Software Foundation; either version 2.1 of the License, or (at your
+C option) any later version.
+C
+C The nettle library is distributed in the hope that it will be useful, but
+C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+C License for more details.
+C
+C You should have received a copy of the GNU Lesser General Public License
+C along with the nettle library; see the file COPYING.LIB. If not, write to
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
+
+include_src(<arm/aes.m4>)
+
+C Benchmarked at at 693, 824, 950 cycles/block on cortex A9,
+C for 128, 192 and 256 bit key sizes.
+
+C Possible improvements: More efficient load and store with
+C aligned accesses. Better scheduling.
+
+define(<CTX>, <r0>)
+define(<TABLE>, <r1>)
+define(<LENGTH>, <r2>)
+define(<DST>, <r3>)
+define(<SRC>, <r12>)
+
+define(<W0>, <r4>)
+define(<W1>, <r5>)
+define(<W2>, <r6>)
+define(<W3>, <r7>)
+define(<T0>, <r8>)
+define(<KEY>, <r10>)
+define(<ROUND>, <r11>)
+
+define(<X0>, <r2>) C Overlaps LENGTH, SRC, DST
+define(<X1>, <r3>)
+define(<X2>, <r12>)
+define(<X3>, <r14>) C lr
+
+
+ .file "aes-encrypt-internal.asm"
+
+ C _aes_encrypt(struct aes_context *ctx,
+ C const struct aes_table *T,
+ C unsigned length, uint8_t *dst,
+ C uint8_t *src)
+ .text
+ .align 2
+PROLOGUE(_nettle_aes_encrypt)
+ teq LENGTH, #0
+ beq .Lend
+ ldr SRC, [sp]
+
+ push {r4,r5,r6,r7,r8,r10,r11,lr}
+.Lblock_loop:
+ mov KEY, CTX
+ AES_LOAD(SRC,KEY,W0)
+ AES_LOAD(SRC,KEY,W1)
+ AES_LOAD(SRC,KEY,W2)
+ AES_LOAD(SRC,KEY,W3)
+
+ push {LENGTH, DST, SRC}
+ ldr ROUND, [CTX, #+AES_NROUNDS]
+ add TABLE, TABLE, #AES_TABLE0
+
+ b .Lentry
+ .align 2
+.Lround_loop:
+ C Transform X -> W
+ AES_ENCRYPT_ROUND(X0, X1, X2, X3, W0, W1, W2, W3, KEY)
+
+.Lentry:
+ subs ROUND, ROUND,#2
+ C Transform W -> X
+ AES_ENCRYPT_ROUND(W0, W1, W2, W3, X0, X1, X2, X3, KEY)
+
+ bne .Lround_loop
+
+ sub TABLE, TABLE, #AES_TABLE0
+ C Final round
+ AES_FINAL_ROUND(X0, X1, X2, X3, KEY, W0)
+ AES_FINAL_ROUND(X1, X2, X3, X0, KEY, W1)
+ AES_FINAL_ROUND(X2, X3, X0, X1, KEY, W2)
+ AES_FINAL_ROUND(X3, X0, X1, X2, KEY, W3)
+
+ pop {LENGTH, DST, SRC}
+
+ AES_STORE(DST,W0)
+ AES_STORE(DST,W1)
+ AES_STORE(DST,W2)
+ AES_STORE(DST,W3)
+
+ subs LENGTH, LENGTH, #16
+ bhi .Lblock_loop
+
+ pop {r4,r5,r6,r7,r8,r10,r11,pc}
+
+.Lend:
+ bx lr
+EPILOGUE(_nettle_aes_encrypt)
--- /dev/null
+C nettle, low-level cryptographics library
+C
+C Copyright (C) 2013 Niels Möller
+C
+C The nettle library is free software; you can redistribute it and/or modify
+C it under the terms of the GNU Lesser General Public License as published by
+C the Free Software Foundation; either version 2.1 of the License, or (at your
+C option) any later version.
+C
+C The nettle library is distributed in the hope that it will be useful, but
+C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+C License for more details.
+C
+C You should have received a copy of the GNU Lesser General Public License
+C along with the nettle library; see the file COPYING.LIB. If not, write to
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
+
+ .file "sha1-compress.asm"
+
+define(<STATE>, <r0>)
+define(<INPUT>, <r1>)
+define(<SA>, <r2>)
+define(<SB>, <r3>)
+define(<SC>, <r4>)
+define(<SD>, <r5>)
+define(<SE>, <r6>)
+define(<T0>, <r7>)
+define(<SHIFT>, <r8>)
+define(<WPREV>, <r10>)
+define(<W>, <r12>)
+define(<K>, <lr>)
+
+C FIXME: Could avoid a mov with even and odd variants.
+define(<LOAD>, <
+ ldr T0, [INPUT], #+4
+ sel W, WPREV, T0
+ ror W, W, SHIFT
+ mov WPREV, T0
+ rev W, W
+ str W, [SP,#eval(4*$1)]
+>)
+define(<EXPN>, <
+ ldr W, [sp, #+eval(4*$1)]
+ ldr T0, [sp, #+eval(4*(($1 + 2) % 16))]
+ eor W, W, T0
+ ldr T0, [sp, #+eval(4*(($1 + 8) % 16))]
+ eor W, W, T0
+ ldr T0, [sp, #+eval(4*(($1 + 13) % 16))]
+ eor W, W, T0
+ ror W, W, #31
+ str W, [sp, #+eval(4*$1)]
+>)
+
+C F1(B,C,D) = D^(B&(C^D))
+C ROUND1(A,B,C,D,E)
+define(<ROUND1>, <
+ eor T0, $3, $4
+ add $5, $5, K
+ and T0, T0, $2
+ add $5, $5, $1, ror #27
+ eor T0, T0, $4
+ add $5, $5, W
+ ror $2, $2, #2
+ add $5, $5, T0
+>)
+C F2(B,C,D) = B^C^D
+define(<ROUND2>, <
+ eor T0, $2, $4
+ add $5, $5, K
+ eor T0, T0, $3
+ add $5, $5, $1, ror #27
+ add $5, $5, W
+ ror $2, $2, #2
+ add $5, $5, T0
+>)
+C F3(B,C,D) = (B&C) | (D & (B|C)) = (B & (C ^ D)) + (C & D)
+define(<ROUND3>, <
+ eor T0, $3, $4
+ add $5, $5, K
+ and T0, T0, $2
+ add $5, $5, $1, ror #27
+ add $5, $5, T0
+ add $5, $5, W
+ and T0, $3, $4
+ ror $2, $2, #2
+ add $5, $5, T0
+>)
+ C void _nettle_sha1_compress(uint32_t *state, const uint8_t *input)
+
+ .text
+ .align 2
+.LK1:
+ .int 0x5A827999
+.LK2:
+ .int 0x6ED9EBA1
+.LK3:
+ .int 0x8F1BBCDC
+
+PROLOGUE(_nettle_sha1_compress)
+ push {r4,r5,r6,r7,r8,r10,lr}
+ sub sp, sp, #64
+
+ C Sets SHIFT to 8*low bits of input pointer. Sets up GE flags
+ C as follows, corresponding to bytes to be used from WPREV
+ C SHIFT 0 8 16 24
+ C CPSR.GE 0000 1110 1100 1000
+ ands SHIFT, INPUT, #3
+ and INPUT, INPUT, $-4
+ ldr WPREV, [INPUT]
+ addne INPUT, INPUT, #4 C Unaligned input
+ lsl SHIFT, SHIFT, #3
+ mov T0, #0
+ movne T0, #-1
+ lsl W, T0, SHIFT
+ uadd8 T0, T0, W C Sets APSR.GE bits
+
+ ldr K, .LK1
+ ldm STATE, {SA,SB,SC,SD,SE}
+
+ LOAD( 0) ROUND1(SA, SB, SC, SD, SE)
+ LOAD( 1) ROUND1(SE, SA, SB, SC, SD)
+ LOAD( 2) ROUND1(SD, SE, SA, SB, SC)
+ LOAD( 3) ROUND1(SC, SD, SE, SA, SB)
+ LOAD( 4) ROUND1(SB, SC, SD, SE, SA)
+
+ LOAD( 5) ROUND1(SA, SB, SC, SD, SE)
+ LOAD( 6) ROUND1(SE, SA, SB, SC, SD)
+ LOAD( 7) ROUND1(SD, SE, SA, SB, SC)
+ LOAD( 8) ROUND1(SC, SD, SE, SA, SB)
+ LOAD( 9) ROUND1(SB, SC, SD, SE, SA)
+
+ LOAD(10) ROUND1(SA, SB, SC, SD, SE)
+ LOAD(11) ROUND1(SE, SA, SB, SC, SD)
+ LOAD(12) ROUND1(SD, SE, SA, SB, SC)
+ LOAD(13) ROUND1(SC, SD, SE, SA, SB)
+ LOAD(14) ROUND1(SB, SC, SD, SE, SA)
+
+ LOAD(15) ROUND1(SA, SB, SC, SD, SE)
+ EXPN( 0) ROUND1(SE, SA, SB, SC, SD)
+ EXPN( 1) ROUND1(SD, SE, SA, SB, SC)
+ EXPN( 2) ROUND1(SC, SD, SE, SA, SB)
+ EXPN( 3) ROUND1(SB, SC, SD, SE, SA)
+
+ ldr K, .LK2
+ EXPN( 4) ROUND2(SA, SB, SC, SD, SE)
+ EXPN( 5) ROUND2(SE, SA, SB, SC, SD)
+ EXPN( 6) ROUND2(SD, SE, SA, SB, SC)
+ EXPN( 7) ROUND2(SC, SD, SE, SA, SB)
+ EXPN( 8) ROUND2(SB, SC, SD, SE, SA)
+
+ EXPN( 9) ROUND2(SA, SB, SC, SD, SE)
+ EXPN(10) ROUND2(SE, SA, SB, SC, SD)
+ EXPN(11) ROUND2(SD, SE, SA, SB, SC)
+ EXPN(12) ROUND2(SC, SD, SE, SA, SB)
+ EXPN(13) ROUND2(SB, SC, SD, SE, SA)
+
+ EXPN(14) ROUND2(SA, SB, SC, SD, SE)
+ EXPN(15) ROUND2(SE, SA, SB, SC, SD)
+ EXPN( 0) ROUND2(SD, SE, SA, SB, SC)
+ EXPN( 1) ROUND2(SC, SD, SE, SA, SB)
+ EXPN( 2) ROUND2(SB, SC, SD, SE, SA)
+
+ EXPN( 3) ROUND2(SA, SB, SC, SD, SE)
+ EXPN( 4) ROUND2(SE, SA, SB, SC, SD)
+ EXPN( 5) ROUND2(SD, SE, SA, SB, SC)
+ EXPN( 6) ROUND2(SC, SD, SE, SA, SB)
+ EXPN( 7) ROUND2(SB, SC, SD, SE, SA)
+
+ ldr K, .LK3
+ EXPN( 8) ROUND3(SA, SB, SC, SD, SE)
+ EXPN( 9) ROUND3(SE, SA, SB, SC, SD)
+ EXPN(10) ROUND3(SD, SE, SA, SB, SC)
+ EXPN(11) ROUND3(SC, SD, SE, SA, SB)
+ EXPN(12) ROUND3(SB, SC, SD, SE, SA)
+
+ EXPN(13) ROUND3(SA, SB, SC, SD, SE)
+ EXPN(14) ROUND3(SE, SA, SB, SC, SD)
+ EXPN(15) ROUND3(SD, SE, SA, SB, SC)
+ EXPN( 0) ROUND3(SC, SD, SE, SA, SB)
+ EXPN( 1) ROUND3(SB, SC, SD, SE, SA)
+
+ EXPN( 2) ROUND3(SA, SB, SC, SD, SE)
+ EXPN( 3) ROUND3(SE, SA, SB, SC, SD)
+ EXPN( 4) ROUND3(SD, SE, SA, SB, SC)
+ EXPN( 5) ROUND3(SC, SD, SE, SA, SB)
+ EXPN( 6) ROUND3(SB, SC, SD, SE, SA)
+
+ EXPN( 7) ROUND3(SA, SB, SC, SD, SE)
+ EXPN( 8) ROUND3(SE, SA, SB, SC, SD)
+ EXPN( 9) ROUND3(SD, SE, SA, SB, SC)
+ EXPN(10) ROUND3(SC, SD, SE, SA, SB)
+ EXPN(11) ROUND3(SB, SC, SD, SE, SA)
+
+ ldr K, .LK4
+ EXPN(12) ROUND2(SA, SB, SC, SD, SE)
+ EXPN(13) ROUND2(SE, SA, SB, SC, SD)
+ EXPN(14) ROUND2(SD, SE, SA, SB, SC)
+ EXPN(15) ROUND2(SC, SD, SE, SA, SB)
+ EXPN( 0) ROUND2(SB, SC, SD, SE, SA)
+
+ EXPN( 1) ROUND2(SA, SB, SC, SD, SE)
+ EXPN( 2) ROUND2(SE, SA, SB, SC, SD)
+ EXPN( 3) ROUND2(SD, SE, SA, SB, SC)
+ EXPN( 4) ROUND2(SC, SD, SE, SA, SB)
+ EXPN( 5) ROUND2(SB, SC, SD, SE, SA)
+
+ EXPN( 6) ROUND2(SA, SB, SC, SD, SE)
+ EXPN( 7) ROUND2(SE, SA, SB, SC, SD)
+ EXPN( 8) ROUND2(SD, SE, SA, SB, SC)
+ EXPN( 9) ROUND2(SC, SD, SE, SA, SB)
+ EXPN(10) ROUND2(SB, SC, SD, SE, SA)
+
+ EXPN(11) ROUND2(SA, SB, SC, SD, SE)
+ EXPN(12) ROUND2(SE, SA, SB, SC, SD)
+ EXPN(13) ROUND2(SD, SE, SA, SB, SC)
+ EXPN(14) ROUND2(SC, SD, SE, SA, SB)
+ EXPN(15) ROUND2(SB, SC, SD, SE, SA)
+
+ C Use registers we no longer need.
+ ldm STATE, {INPUT,T0,SHIFT,W,K}
+ add SA, SA, INPUT
+ add SB, SB, T0
+ add SC, SC, SHIFT
+ add SD, SD, W
+ add SE, SE, K
+ add sp, sp, #64
+ stm STATE, {SA,SB,SC,SD,SE}
+ pop {r4,r5,r6,r7,r8,r10,pc}
+EPILOGUE(_nettle_sha1_compress)
+
+.LK4:
+ .int 0xCA62C1D6
--- /dev/null
+C nettle, low-level cryptographics library
+C
+C Copyright (C) 2013 Niels Möller
+C
+C The nettle library is free software; you can redistribute it and/or modify
+C it under the terms of the GNU Lesser General Public License as published by
+C the Free Software Foundation; either version 2.1 of the License, or (at your
+C option) any later version.
+C
+C The nettle library is distributed in the hope that it will be useful, but
+C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+C License for more details.
+C
+C You should have received a copy of the GNU Lesser General Public License
+C along with the nettle library; see the file COPYING.LIB. If not, write to
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
+
+ .file "sha256-compress.asm"
+
+define(<STATE>, <r0>)
+define(<INPUT>, <r1>)
+define(<K>, <r2>)
+define(<SA>, <r3>)
+define(<SB>, <r4>)
+define(<SC>, <r5>)
+define(<SD>, <r6>)
+define(<SE>, <r7>)
+define(<SF>, <r8>)
+define(<SG>, <r10>)
+define(<SH>, <r11>)
+define(<T0>, <r12>)
+define(<T1>, <r1>) C Overlap INPUT
+define(<COUNT>, <r0>) C Overlap STATE
+define(<W>, <r14>)
+
+C Used for data load
+define(<I0>, <r3>)
+define(<I1>, <r4>)
+define(<I2>, <r5>)
+define(<I3>, <r6>)
+define(<I4>, <r7>)
+define(<DST>, <r8>)
+define(<SHIFT>, <r10>)
+define(<ILEFT>, <r11>)
+
+define(<EXPN>, <
+ ldr W, [sp, #+eval(4*$1)]
+ ldr T0, [sp, #+eval(4*(($1 + 14) % 16))]
+ ror T1, T0, #17
+ eor T1, T1, T0, ror #19
+ eor T1, T1, T0, lsr #10
+ add W, W, T1
+ ldr T0, [sp, #+eval(4*(($1 + 9) % 16))]
+ add W, W, T0
+ ldr T0, [sp, #+eval(4*(($1 + 1) % 16))]
+ ror T1, T0, #7
+ eor T1, T1, T0, ror #18
+ eor T1, T1, T0, lsr #3
+ add W, W, T1
+ str W, [sp, #+eval(4*$1)]
+>)
+
+C ROUND(A,B,C,D,E,F,G,H)
+C
+C H += S1(E) + Choice(E,F,G) + K + W
+C D += H
+C H += S0(A) + Majority(A,B,C)
+C
+C Where
+C
+C S1(E) = E<<<26 ^ E<<<21 ^ E<<<7
+C S0(A) = A<<<30 ^ A<<<19 ^ A<<<10
+C Choice (E, F, G) = G^(E&(F^G))
+C Majority (A,B,C) = (A&B) + (C&(A^B))
+
+define(<ROUND>, <
+ ror T0, $5, #6
+ eor T0, T0, $5, ror #11
+ eor T0, T0, $5, ror #25
+ add $8, $8, T0
+ eor T0, $6, $7
+ and T0, T0, $5
+ eor T0, T0, $7
+ add $8,$8, T0
+ ldr T0, [K], #+4
+ add $8, $8, W
+ add $8, $8, T0
+ add $4, $4, $8
+ ror T0, $1, #2
+ eor T0, T0, $1, ror #13
+ eor T0, T0, $1, ror #22
+ add $8, $8, T0
+ and T0, $1, $2
+ add $8, $8, T0
+ eor T0, $1, $2
+ and T0, T0, $3
+ add $8, $8, T0
+>)
+
+define(<NOEXPN>, <
+ ldr W, [sp, + $1]
+ add $1, $1, #4
+>)
+ C void
+ C _nettle_sha256_compress(uint32_t *state, const uint8_t *input, const uint32_t *k)
+
+ .text
+ .align 2
+
+PROLOGUE(_nettle_sha256_compress)
+ push {r4,r5,r6,r7,r8,r10,r11,r14}
+ sub sp, sp, #68
+ str STATE, [sp, +#64]
+
+ C Load data up front, since we don't have enough registers
+ C to load and shift on-the-fly
+ ands SHIFT, INPUT, #3
+ and INPUT, INPUT, $-4
+ ldr I0, [INPUT]
+ addne INPUT, INPUT, #4
+ lsl SHIFT, SHIFT, #3
+ mov T0, #0
+ movne T0, #-1
+ lsl I1, T0, SHIFT
+ uadd8 T0, T0, I1 C Sets APSR.GE bits
+
+ mov DST, sp
+ mov ILEFT, #4
+.Lcopy:
+ ldm INPUT!, {I1,I2,I3,I4}
+ sel I0, I0, I1
+ ror I0, I0, SHIFT
+ rev I0, I0
+ sel I1, I1, I2
+ ror I1, I1, SHIFT
+ rev I1, I1
+ sel I2, I2, I3
+ ror I2, I2, SHIFT
+ rev I2, I2
+ sel I3, I3, I4
+ ror I3, I3, SHIFT
+ rev I3, I3
+ subs ILEFT, ILEFT, #1
+ stm DST!, {I0,I1,I2,I3}
+ mov I0, I4
+ bne .Lcopy
+
+ ldm STATE, {SA,SB,SC,SD,SE,SF,SG,SH}
+
+ mov COUNT,#0
+
+.Loop1:
+ NOEXPN(COUNT) ROUND(SA,SB,SC,SD,SE,SF,SG,SH)
+ NOEXPN(COUNT) ROUND(SH,SA,SB,SC,SD,SE,SF,SG)
+ NOEXPN(COUNT) ROUND(SG,SH,SA,SB,SC,SD,SE,SF)
+ NOEXPN(COUNT) ROUND(SF,SG,SH,SA,SB,SC,SD,SE)
+ NOEXPN(COUNT) ROUND(SE,SF,SG,SH,SA,SB,SC,SD)
+ NOEXPN(COUNT) ROUND(SD,SE,SF,SG,SH,SA,SB,SC)
+ NOEXPN(COUNT) ROUND(SC,SD,SE,SF,SG,SH,SA,SB)
+ NOEXPN(COUNT) ROUND(SB,SC,SD,SE,SF,SG,SH,SA)
+ cmp COUNT,#64
+ bne .Loop1
+
+ mov COUNT, #3
+.Loop2:
+
+ EXPN( 0) ROUND(SA,SB,SC,SD,SE,SF,SG,SH)
+ EXPN( 1) ROUND(SH,SA,SB,SC,SD,SE,SF,SG)
+ EXPN( 2) ROUND(SG,SH,SA,SB,SC,SD,SE,SF)
+ EXPN( 3) ROUND(SF,SG,SH,SA,SB,SC,SD,SE)
+ EXPN( 4) ROUND(SE,SF,SG,SH,SA,SB,SC,SD)
+ EXPN( 5) ROUND(SD,SE,SF,SG,SH,SA,SB,SC)
+ EXPN( 6) ROUND(SC,SD,SE,SF,SG,SH,SA,SB)
+ EXPN( 7) ROUND(SB,SC,SD,SE,SF,SG,SH,SA)
+ EXPN( 8) ROUND(SA,SB,SC,SD,SE,SF,SG,SH)
+ EXPN( 9) ROUND(SH,SA,SB,SC,SD,SE,SF,SG)
+ EXPN(10) ROUND(SG,SH,SA,SB,SC,SD,SE,SF)
+ EXPN(11) ROUND(SF,SG,SH,SA,SB,SC,SD,SE)
+ EXPN(12) ROUND(SE,SF,SG,SH,SA,SB,SC,SD)
+ EXPN(13) ROUND(SD,SE,SF,SG,SH,SA,SB,SC)
+ EXPN(14) ROUND(SC,SD,SE,SF,SG,SH,SA,SB)
+ subs COUNT, COUNT, #1
+ EXPN(15) ROUND(SB,SC,SD,SE,SF,SG,SH,SA)
+ bne .Loop2
+
+ ldr STATE, [sp, +#64]
+ C No longer needed registers
+ ldm STATE, {r1,r2,r12,r14}
+ add SA, SA, r1
+ add SB, SB, r2
+ add SC, SC, r12
+ add SD, SD, r14
+ stm STATE!, {SA,SB,SC,SD}
+ ldm STATE, {r1,r2,r12,r14}
+ add SE, SE, r1
+ add SF, SF, r2
+ add SG, SG, r12
+ add SH, SH, r14
+ stm STATE!, {SE,SF,SG,SH}
+ add sp, sp, #68
+ pop {r4,r5,r6,r7,r8,r10,r11,pc}
+EPILOGUE(_nettle_sha256_compress)
+divert(-1)
changequote(<,>)dnl
dnl (progn (modify-syntax-entry ?< "(>") (modify-syntax-entry ?> ")<") )
dnl FORTRAN style comment character
define(<C>, <
dnl>)dnl
+dnl Disable m4 comment processing, since the default, #, is used for
+dnl constants on some architectures, in particular ARM.
+changecom()dnl
dnl Including files from the srcdir
define(<include_src>, <include(srcdir/$1)>)dnl
<ifelse(ELF_STYLE,yes,
<.size C_NAME($1), . - C_NAME($1)>,<>)>)
-dnl Argument to ALIGN is always logarithmic
-dnl Can't use << operator with our choice of quote characters...
+define(<m4_log2>, <m4_log2_internal($1,1,0)>)
+define(<m4_log2_internal>,
+<ifelse($3, 10, <not-a-power-of-two>,
+$1, $2, $3,
+<m4_log2_internal($1, eval(2*$2), eval(1 + $3))>)>)
+
+dnl Argument to ALIGN is always in bytes, and converted to a
+dnl logarithmic .align if necessary.
+
define(<ALIGN>,
-<.align ifelse(ALIGN_LOG,yes,$1,eval(2 ** $1))>)
+<.align ifelse(ALIGN_LOG,yes,<m4_log2($1)>,$1)
+>)
dnl Struct defining macros
STRUCT(TABLE1, AES_TABLE_SIZE)
STRUCT(TABLE2, AES_TABLE_SIZE)
STRUCT(TABLE3, AES_TABLE_SIZE)
+
+divert
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2005 Niels Möller
+ * Copyright (C) 2005 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_ASN1_H_INCLUDED
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_BASE16_H_INCLUDED
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Dan Egnor, Niels Möller
+ * Copyright (C) 2002 Dan Egnor, Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller, Dan Egnor
+ * Copyright (C) 2002 Niels Möller, Dan Egnor
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_BASE64_H_INCLUDED
/* We have at most 4 buffered bits, and a total of (4 + length * 8) bits. */
#define BASE64_ENCODE_LENGTH(length) (((length) * 8 + 4)/6)
-/* Maximum lengbth of output generated by base64_encode_final. */
+/* Maximum length of output generated by base64_encode_final. */
#define BASE64_ENCODE_FINAL_LENGTH 3
/* Exact length of output generated by base64_encode_raw, including
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* NOTE: The mpz_nextprime in current GMP is unoptimized. */
void
nettle_next_prime(mpz_t p, mpz_t n, unsigned count, unsigned prime_limit,
- void *progress_ctx, nettle_progress_func progress)
+ void *progress_ctx, nettle_progress_func *progress)
{
mpz_t tmp;
TMP_DECL(moduli, unsigned, NUMBER_OF_PRIMES);
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2010 Niels Möller
+ * Copyright (C) 2010 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
void
_nettle_generate_pocklington_prime (mpz_t p, mpz_t r,
unsigned bits, int top_bits_set,
- void *ctx, nettle_random_func random,
+ void *ctx, nettle_random_func *random,
const mpz_t p0,
const mpz_t q,
const mpz_t p0q)
the variant in fips186-3). */
void
nettle_random_prime(mpz_t p, unsigned bits, int top_bits_set,
- void *random_ctx, nettle_random_func random,
- void *progress_ctx, nettle_progress_func progress)
+ void *random_ctx, nettle_random_func *random,
+ void *progress_ctx, nettle_progress_func *progress)
{
assert (bits >= 3);
if (bits <= 10)
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
void
nettle_mpz_random_size(mpz_t x,
- void *ctx, nettle_random_func random,
+ void *ctx, nettle_random_func *random,
unsigned bits)
{
unsigned length = (bits + 7) / 8;
- TMP_DECL(data, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
+ TMP_DECL(data, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
TMP_ALLOC(data, length);
random(ctx, length, data);
/* Returns a random number x, 0 <= x < n */
void
nettle_mpz_random(mpz_t x,
- void *ctx, nettle_random_func random,
+ void *ctx, nettle_random_func *random,
const mpz_t n)
{
/* NOTE: This leaves some bias, which may be bad for DSA. A better
*/
/* Add a few bits extra, to decrease the bias from the final modulo
- * operation. */
+ * operation. NIST FIPS 186-3 specifies 64 extra bits, for use with
+ * DSA. */
nettle_mpz_random_size(x,
ctx, random,
- mpz_sizeinbase(n, 2) + 16);
+ mpz_sizeinbase(n, 2) + 64);
mpz_fdiv_r(x, x, n);
}
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001 Niels Möller
+ * Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001 Niels Möller
+ * Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_BIGNUM_H_INCLUDED
/* Returns a uniformly distributed random number 0 <= x < 2^n */
void
nettle_mpz_random_size(mpz_t x,
- void *ctx, nettle_random_func random,
+ void *ctx, nettle_random_func *random,
unsigned bits);
/* Returns a number x, almost uniformly random in the range
* 0 <= x < n. */
void
nettle_mpz_random(mpz_t x,
- void *ctx, nettle_random_func random,
+ void *ctx, nettle_random_func *random,
const mpz_t n);
void
nettle_next_prime(mpz_t p, mpz_t n, unsigned count, unsigned prime_limit,
- void *progress_ctx, nettle_progress_func progress);
+ void *progress_ctx, nettle_progress_func *progress);
void
nettle_random_prime(mpz_t p, unsigned bits, int top_bits_set,
- void *ctx, nettle_random_func random,
- void *progress_ctx, nettle_progress_func progress);
+ void *ctx, nettle_random_func *random,
+ void *progress_ctx, nettle_progress_func *progress);
void
_nettle_generate_pocklington_prime (mpz_t p, mpz_t r,
unsigned bits, int top_bits_set,
- void *ctx, nettle_random_func random,
+ void *ctx, nettle_random_func *random,
const mpz_t p0,
const mpz_t q,
const mpz_t p0q);
* ISBN 0-471-11709-9. Pages 336 ff.
*/
-/* NOTE: This file is distributed under the GPL, not the LGPL. */
-
/* nettle, low-level cryptographics library
*
- * Copyright (C) 1998, 2001
- * Free Software Foundation, Inc, Ray Dassen, Niels Möller
- *
- * This file is part of GNUPG.
- *
- * GNUPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * GNUPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ * Copyright (C) 2010 Simon Josefsson
+ * Copyright (C) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
+/* This file is derived from cipher/blowfish.c in Libgcrypt v1.4.6.
+ The adaption to Nettle was made by Simon Josefsson on 2010-11-23.
+ Changes include removing the selftest, renaming u32/byte types to
+ uint32_t/uint8_t, renaming BLOWFISH_ROUNDS to _BLOWFISH_ROUNDS
+ (from Nettle's blowfish.h), dropping the libgcrypt wrapper
+ functions, fixing #include's, remove support for non-16 rounds
+ (there are no test vectors), adding FOR_BLOCK iterations, and
+ running indent on the code. */
+
#if HAVE_CONFIG_H
-# include "config.h"
+#include "config.h"
#endif
#include <assert.h>
#include "macros.h"
-/* Initial keysetup state */
+/* precomputed S boxes */
static const struct blowfish_ctx
-initial_ctx =
-{ /* precomputed S boxes */
+initial_ctx = {
{
- {
- 0xD1310BA6,0x98DFB5AC,0x2FFD72DB,0xD01ADFB7,0xB8E1AFED,0x6A267E96,
- 0xBA7C9045,0xF12C7F99,0x24A19947,0xB3916CF7,0x0801F2E2,0x858EFC16,
- 0x636920D8,0x71574E69,0xA458FEA3,0xF4933D7E,0x0D95748F,0x728EB658,
- 0x718BCD58,0x82154AEE,0x7B54A41D,0xC25A59B5,0x9C30D539,0x2AF26013,
- 0xC5D1B023,0x286085F0,0xCA417918,0xB8DB38EF,0x8E79DCB0,0x603A180E,
- 0x6C9E0E8B,0xB01E8A3E,0xD71577C1,0xBD314B27,0x78AF2FDA,0x55605C60,
- 0xE65525F3,0xAA55AB94,0x57489862,0x63E81440,0x55CA396A,0x2AAB10B6,
- 0xB4CC5C34,0x1141E8CE,0xA15486AF,0x7C72E993,0xB3EE1411,0x636FBC2A,
- 0x2BA9C55D,0x741831F6,0xCE5C3E16,0x9B87931E,0xAFD6BA33,0x6C24CF5C,
- 0x7A325381,0x28958677,0x3B8F4898,0x6B4BB9AF,0xC4BFE81B,0x66282193,
- 0x61D809CC,0xFB21A991,0x487CAC60,0x5DEC8032,0xEF845D5D,0xE98575B1,
- 0xDC262302,0xEB651B88,0x23893E81,0xD396ACC5,0x0F6D6FF3,0x83F44239,
- 0x2E0B4482,0xA4842004,0x69C8F04A,0x9E1F9B5E,0x21C66842,0xF6E96C9A,
- 0x670C9C61,0xABD388F0,0x6A51A0D2,0xD8542F68,0x960FA728,0xAB5133A3,
- 0x6EEF0B6C,0x137A3BE4,0xBA3BF050,0x7EFB2A98,0xA1F1651D,0x39AF0176,
- 0x66CA593E,0x82430E88,0x8CEE8619,0x456F9FB4,0x7D84A5C3,0x3B8B5EBE,
- 0xE06F75D8,0x85C12073,0x401A449F,0x56C16AA6,0x4ED3AA62,0x363F7706,
- 0x1BFEDF72,0x429B023D,0x37D0D724,0xD00A1248,0xDB0FEAD3,0x49F1C09B,
- 0x075372C9,0x80991B7B,0x25D479D8,0xF6E8DEF7,0xE3FE501A,0xB6794C3B,
- 0x976CE0BD,0x04C006BA,0xC1A94FB6,0x409F60C4,0x5E5C9EC2,0x196A2463,
- 0x68FB6FAF,0x3E6C53B5,0x1339B2EB,0x3B52EC6F,0x6DFC511F,0x9B30952C,
- 0xCC814544,0xAF5EBD09,0xBEE3D004,0xDE334AFD,0x660F2807,0x192E4BB3,
- 0xC0CBA857,0x45C8740F,0xD20B5F39,0xB9D3FBDB,0x5579C0BD,0x1A60320A,
- 0xD6A100C6,0x402C7279,0x679F25FE,0xFB1FA3CC,0x8EA5E9F8,0xDB3222F8,
- 0x3C7516DF,0xFD616B15,0x2F501EC8,0xAD0552AB,0x323DB5FA,0xFD238760,
- 0x53317B48,0x3E00DF82,0x9E5C57BB,0xCA6F8CA0,0x1A87562E,0xDF1769DB,
- 0xD542A8F6,0x287EFFC3,0xAC6732C6,0x8C4F5573,0x695B27B0,0xBBCA58C8,
- 0xE1FFA35D,0xB8F011A0,0x10FA3D98,0xFD2183B8,0x4AFCB56C,0x2DD1D35B,
- 0x9A53E479,0xB6F84565,0xD28E49BC,0x4BFB9790,0xE1DDF2DA,0xA4CB7E33,
- 0x62FB1341,0xCEE4C6E8,0xEF20CADA,0x36774C01,0xD07E9EFE,0x2BF11FB4,
- 0x95DBDA4D,0xAE909198,0xEAAD8E71,0x6B93D5A0,0xD08ED1D0,0xAFC725E0,
- 0x8E3C5B2F,0x8E7594B7,0x8FF6E2FB,0xF2122B64,0x8888B812,0x900DF01C,
- 0x4FAD5EA0,0x688FC31C,0xD1CFF191,0xB3A8C1AD,0x2F2F2218,0xBE0E1777,
- 0xEA752DFE,0x8B021FA1,0xE5A0CC0F,0xB56F74E8,0x18ACF3D6,0xCE89E299,
- 0xB4A84FE0,0xFD13E0B7,0x7CC43B81,0xD2ADA8D9,0x165FA266,0x80957705,
- 0x93CC7314,0x211A1477,0xE6AD2065,0x77B5FA86,0xC75442F5,0xFB9D35CF,
- 0xEBCDAF0C,0x7B3E89A0,0xD6411BD3,0xAE1E7E49,0x00250E2D,0x2071B35E,
- 0x226800BB,0x57B8E0AF,0x2464369B,0xF009B91E,0x5563911D,0x59DFA6AA,
- 0x78C14389,0xD95A537F,0x207D5BA2,0x02E5B9C5,0x83260376,0x6295CFA9,
- 0x11C81968,0x4E734A41,0xB3472DCA,0x7B14A94A,0x1B510052,0x9A532915,
- 0xD60F573F,0xBC9BC6E4,0x2B60A476,0x81E67400,0x08BA6FB5,0x571BE91F,
- 0xF296EC6B,0x2A0DD915,0xB6636521,0xE7B9F9B6,0xFF34052E,0xC5855664,
- 0x53B02D5D,0xA99F8FA1,0x08BA4799,0x6E85076A
- }, {
- 0x4B7A70E9,0xB5B32944,0xDB75092E,0xC4192623,0xAD6EA6B0,0x49A7DF7D,
- 0x9CEE60B8,0x8FEDB266,0xECAA8C71,0x699A17FF,0x5664526C,0xC2B19EE1,
- 0x193602A5,0x75094C29,0xA0591340,0xE4183A3E,0x3F54989A,0x5B429D65,
- 0x6B8FE4D6,0x99F73FD6,0xA1D29C07,0xEFE830F5,0x4D2D38E6,0xF0255DC1,
- 0x4CDD2086,0x8470EB26,0x6382E9C6,0x021ECC5E,0x09686B3F,0x3EBAEFC9,
- 0x3C971814,0x6B6A70A1,0x687F3584,0x52A0E286,0xB79C5305,0xAA500737,
- 0x3E07841C,0x7FDEAE5C,0x8E7D44EC,0x5716F2B8,0xB03ADA37,0xF0500C0D,
- 0xF01C1F04,0x0200B3FF,0xAE0CF51A,0x3CB574B2,0x25837A58,0xDC0921BD,
- 0xD19113F9,0x7CA92FF6,0x94324773,0x22F54701,0x3AE5E581,0x37C2DADC,
- 0xC8B57634,0x9AF3DDA7,0xA9446146,0x0FD0030E,0xECC8C73E,0xA4751E41,
- 0xE238CD99,0x3BEA0E2F,0x3280BBA1,0x183EB331,0x4E548B38,0x4F6DB908,
- 0x6F420D03,0xF60A04BF,0x2CB81290,0x24977C79,0x5679B072,0xBCAF89AF,
- 0xDE9A771F,0xD9930810,0xB38BAE12,0xDCCF3F2E,0x5512721F,0x2E6B7124,
- 0x501ADDE6,0x9F84CD87,0x7A584718,0x7408DA17,0xBC9F9ABC,0xE94B7D8C,
- 0xEC7AEC3A,0xDB851DFA,0x63094366,0xC464C3D2,0xEF1C1847,0x3215D908,
- 0xDD433B37,0x24C2BA16,0x12A14D43,0x2A65C451,0x50940002,0x133AE4DD,
- 0x71DFF89E,0x10314E55,0x81AC77D6,0x5F11199B,0x043556F1,0xD7A3C76B,
- 0x3C11183B,0x5924A509,0xF28FE6ED,0x97F1FBFA,0x9EBABF2C,0x1E153C6E,
- 0x86E34570,0xEAE96FB1,0x860E5E0A,0x5A3E2AB3,0x771FE71C,0x4E3D06FA,
- 0x2965DCB9,0x99E71D0F,0x803E89D6,0x5266C825,0x2E4CC978,0x9C10B36A,
- 0xC6150EBA,0x94E2EA78,0xA5FC3C53,0x1E0A2DF4,0xF2F74EA7,0x361D2B3D,
- 0x1939260F,0x19C27960,0x5223A708,0xF71312B6,0xEBADFE6E,0xEAC31F66,
- 0xE3BC4595,0xA67BC883,0xB17F37D1,0x018CFF28,0xC332DDEF,0xBE6C5AA5,
- 0x65582185,0x68AB9802,0xEECEA50F,0xDB2F953B,0x2AEF7DAD,0x5B6E2F84,
- 0x1521B628,0x29076170,0xECDD4775,0x619F1510,0x13CCA830,0xEB61BD96,
- 0x0334FE1E,0xAA0363CF,0xB5735C90,0x4C70A239,0xD59E9E0B,0xCBAADE14,
- 0xEECC86BC,0x60622CA7,0x9CAB5CAB,0xB2F3846E,0x648B1EAF,0x19BDF0CA,
- 0xA02369B9,0x655ABB50,0x40685A32,0x3C2AB4B3,0x319EE9D5,0xC021B8F7,
- 0x9B540B19,0x875FA099,0x95F7997E,0x623D7DA8,0xF837889A,0x97E32D77,
- 0x11ED935F,0x16681281,0x0E358829,0xC7E61FD6,0x96DEDFA1,0x7858BA99,
- 0x57F584A5,0x1B227263,0x9B83C3FF,0x1AC24696,0xCDB30AEB,0x532E3054,
- 0x8FD948E4,0x6DBC3128,0x58EBF2EF,0x34C6FFEA,0xFE28ED61,0xEE7C3C73,
- 0x5D4A14D9,0xE864B7E3,0x42105D14,0x203E13E0,0x45EEE2B6,0xA3AAABEA,
- 0xDB6C4F15,0xFACB4FD0,0xC742F442,0xEF6ABBB5,0x654F3B1D,0x41CD2105,
- 0xD81E799E,0x86854DC7,0xE44B476A,0x3D816250,0xCF62A1F2,0x5B8D2646,
- 0xFC8883A0,0xC1C7B6A3,0x7F1524C3,0x69CB7492,0x47848A0B,0x5692B285,
- 0x095BBF00,0xAD19489D,0x1462B174,0x23820E00,0x58428D2A,0x0C55F5EA,
- 0x1DADF43E,0x233F7061,0x3372F092,0x8D937E41,0xD65FECF1,0x6C223BDB,
- 0x7CDE3759,0xCBEE7460,0x4085F2A7,0xCE77326E,0xA6078084,0x19F8509E,
- 0xE8EFD855,0x61D99735,0xA969A7AA,0xC50C06C2,0x5A04ABFC,0x800BCADC,
- 0x9E447A2E,0xC3453484,0xFDD56705,0x0E1E9EC9,0xDB73DBD3,0x105588CD,
- 0x675FDA79,0xE3674340,0xC5C43465,0x713E38D8,0x3D28F89E,0xF16DFF20,
- 0x153E21E7,0x8FB03D4A,0xE6E39F2B,0xDB83ADF7
- }, {
- 0xE93D5A68,0x948140F7,0xF64C261C,0x94692934,0x411520F7,0x7602D4F7,
- 0xBCF46B2E,0xD4A20068,0xD4082471,0x3320F46A,0x43B7D4B7,0x500061AF,
- 0x1E39F62E,0x97244546,0x14214F74,0xBF8B8840,0x4D95FC1D,0x96B591AF,
- 0x70F4DDD3,0x66A02F45,0xBFBC09EC,0x03BD9785,0x7FAC6DD0,0x31CB8504,
- 0x96EB27B3,0x55FD3941,0xDA2547E6,0xABCA0A9A,0x28507825,0x530429F4,
- 0x0A2C86DA,0xE9B66DFB,0x68DC1462,0xD7486900,0x680EC0A4,0x27A18DEE,
- 0x4F3FFEA2,0xE887AD8C,0xB58CE006,0x7AF4D6B6,0xAACE1E7C,0xD3375FEC,
- 0xCE78A399,0x406B2A42,0x20FE9E35,0xD9F385B9,0xEE39D7AB,0x3B124E8B,
- 0x1DC9FAF7,0x4B6D1856,0x26A36631,0xEAE397B2,0x3A6EFA74,0xDD5B4332,
- 0x6841E7F7,0xCA7820FB,0xFB0AF54E,0xD8FEB397,0x454056AC,0xBA489527,
- 0x55533A3A,0x20838D87,0xFE6BA9B7,0xD096954B,0x55A867BC,0xA1159A58,
- 0xCCA92963,0x99E1DB33,0xA62A4A56,0x3F3125F9,0x5EF47E1C,0x9029317C,
- 0xFDF8E802,0x04272F70,0x80BB155C,0x05282CE3,0x95C11548,0xE4C66D22,
- 0x48C1133F,0xC70F86DC,0x07F9C9EE,0x41041F0F,0x404779A4,0x5D886E17,
- 0x325F51EB,0xD59BC0D1,0xF2BCC18F,0x41113564,0x257B7834,0x602A9C60,
- 0xDFF8E8A3,0x1F636C1B,0x0E12B4C2,0x02E1329E,0xAF664FD1,0xCAD18115,
- 0x6B2395E0,0x333E92E1,0x3B240B62,0xEEBEB922,0x85B2A20E,0xE6BA0D99,
- 0xDE720C8C,0x2DA2F728,0xD0127845,0x95B794FD,0x647D0862,0xE7CCF5F0,
- 0x5449A36F,0x877D48FA,0xC39DFD27,0xF33E8D1E,0x0A476341,0x992EFF74,
- 0x3A6F6EAB,0xF4F8FD37,0xA812DC60,0xA1EBDDF8,0x991BE14C,0xDB6E6B0D,
- 0xC67B5510,0x6D672C37,0x2765D43B,0xDCD0E804,0xF1290DC7,0xCC00FFA3,
- 0xB5390F92,0x690FED0B,0x667B9FFB,0xCEDB7D9C,0xA091CF0B,0xD9155EA3,
- 0xBB132F88,0x515BAD24,0x7B9479BF,0x763BD6EB,0x37392EB3,0xCC115979,
- 0x8026E297,0xF42E312D,0x6842ADA7,0xC66A2B3B,0x12754CCC,0x782EF11C,
- 0x6A124237,0xB79251E7,0x06A1BBE6,0x4BFB6350,0x1A6B1018,0x11CAEDFA,
- 0x3D25BDD8,0xE2E1C3C9,0x44421659,0x0A121386,0xD90CEC6E,0xD5ABEA2A,
- 0x64AF674E,0xDA86A85F,0xBEBFE988,0x64E4C3FE,0x9DBC8057,0xF0F7C086,
- 0x60787BF8,0x6003604D,0xD1FD8346,0xF6381FB0,0x7745AE04,0xD736FCCC,
- 0x83426B33,0xF01EAB71,0xB0804187,0x3C005E5F,0x77A057BE,0xBDE8AE24,
- 0x55464299,0xBF582E61,0x4E58F48F,0xF2DDFDA2,0xF474EF38,0x8789BDC2,
- 0x5366F9C3,0xC8B38E74,0xB475F255,0x46FCD9B9,0x7AEB2661,0x8B1DDF84,
- 0x846A0E79,0x915F95E2,0x466E598E,0x20B45770,0x8CD55591,0xC902DE4C,
- 0xB90BACE1,0xBB8205D0,0x11A86248,0x7574A99E,0xB77F19B6,0xE0A9DC09,
- 0x662D09A1,0xC4324633,0xE85A1F02,0x09F0BE8C,0x4A99A025,0x1D6EFE10,
- 0x1AB93D1D,0x0BA5A4DF,0xA186F20F,0x2868F169,0xDCB7DA83,0x573906FE,
- 0xA1E2CE9B,0x4FCD7F52,0x50115E01,0xA70683FA,0xA002B5C4,0x0DE6D027,
- 0x9AF88C27,0x773F8641,0xC3604C06,0x61A806B5,0xF0177A28,0xC0F586E0,
- 0x006058AA,0x30DC7D62,0x11E69ED7,0x2338EA63,0x53C2DD94,0xC2C21634,
- 0xBBCBEE56,0x90BCB6DE,0xEBFC7DA1,0xCE591D76,0x6F05E409,0x4B7C0188,
- 0x39720A3D,0x7C927C24,0x86E3725F,0x724D9DB9,0x1AC15BB4,0xD39EB8FC,
- 0xED545578,0x08FCA5B5,0xD83D7CD3,0x4DAD0FC4,0x1E50EF5E,0xB161E6F8,
- 0xA28514D9,0x6C51133C,0x6FD5C7E7,0x56E14EC4,0x362ABFCE,0xDDC6C837,
- 0xD79A3234,0x92638212,0x670EFA8E,0x406000E0
- }, {
- 0x3A39CE37,0xD3FAF5CF,0xABC27737,0x5AC52D1B,0x5CB0679E,0x4FA33742,
- 0xD3822740,0x99BC9BBE,0xD5118E9D,0xBF0F7315,0xD62D1C7E,0xC700C47B,
- 0xB78C1B6B,0x21A19045,0xB26EB1BE,0x6A366EB4,0x5748AB2F,0xBC946E79,
- 0xC6A376D2,0x6549C2C8,0x530FF8EE,0x468DDE7D,0xD5730A1D,0x4CD04DC6,
- 0x2939BBDB,0xA9BA4650,0xAC9526E8,0xBE5EE304,0xA1FAD5F0,0x6A2D519A,
- 0x63EF8CE2,0x9A86EE22,0xC089C2B8,0x43242EF6,0xA51E03AA,0x9CF2D0A4,
- 0x83C061BA,0x9BE96A4D,0x8FE51550,0xBA645BD6,0x2826A2F9,0xA73A3AE1,
- 0x4BA99586,0xEF5562E9,0xC72FEFD3,0xF752F7DA,0x3F046F69,0x77FA0A59,
- 0x80E4A915,0x87B08601,0x9B09E6AD,0x3B3EE593,0xE990FD5A,0x9E34D797,
- 0x2CF0B7D9,0x022B8B51,0x96D5AC3A,0x017DA67D,0xD1CF3ED6,0x7C7D2D28,
- 0x1F9F25CF,0xADF2B89B,0x5AD6B472,0x5A88F54C,0xE029AC71,0xE019A5E6,
- 0x47B0ACFD,0xED93FA9B,0xE8D3C48D,0x283B57CC,0xF8D56629,0x79132E28,
- 0x785F0191,0xED756055,0xF7960E44,0xE3D35E8C,0x15056DD4,0x88F46DBA,
- 0x03A16125,0x0564F0BD,0xC3EB9E15,0x3C9057A2,0x97271AEC,0xA93A072A,
- 0x1B3F6D9B,0x1E6321F5,0xF59C66FB,0x26DCF319,0x7533D928,0xB155FDF5,
- 0x03563482,0x8ABA3CBB,0x28517711,0xC20AD9F8,0xABCC5167,0xCCAD925F,
- 0x4DE81751,0x3830DC8E,0x379D5862,0x9320F991,0xEA7A90C2,0xFB3E7BCE,
- 0x5121CE64,0x774FBE32,0xA8B6E37E,0xC3293D46,0x48DE5369,0x6413E680,
- 0xA2AE0810,0xDD6DB224,0x69852DFD,0x09072166,0xB39A460A,0x6445C0DD,
- 0x586CDECF,0x1C20C8AE,0x5BBEF7DD,0x1B588D40,0xCCD2017F,0x6BB4E3BB,
- 0xDDA26A7E,0x3A59FF45,0x3E350A44,0xBCB4CDD5,0x72EACEA8,0xFA6484BB,
- 0x8D6612AE,0xBF3C6F47,0xD29BE463,0x542F5D9E,0xAEC2771B,0xF64E6370,
- 0x740E0D8D,0xE75B1357,0xF8721671,0xAF537D5D,0x4040CB08,0x4EB4E2CC,
- 0x34D2466A,0x0115AF84,0xE1B00428,0x95983A1D,0x06B89FB4,0xCE6EA048,
- 0x6F3F3B82,0x3520AB82,0x011A1D4B,0x277227F8,0x611560B1,0xE7933FDC,
- 0xBB3A792B,0x344525BD,0xA08839E1,0x51CE794B,0x2F32C9B7,0xA01FBAC9,
- 0xE01CC87E,0xBCC7D1F6,0xCF0111C3,0xA1E8AAC7,0x1A908749,0xD44FBD9A,
- 0xD0DADECB,0xD50ADA38,0x0339C32A,0xC6913667,0x8DF9317C,0xE0B12B4F,
- 0xF79E59B7,0x43F5BB3A,0xF2D519FF,0x27D9459C,0xBF97222C,0x15E6FC2A,
- 0x0F91FC71,0x9B941525,0xFAE59361,0xCEB69CEB,0xC2A86459,0x12BAA8D1,
- 0xB6C1075E,0xE3056A0C,0x10D25065,0xCB03A442,0xE0EC6E0E,0x1698DB3B,
- 0x4C98A0BE,0x3278E964,0x9F1F9532,0xE0D392DF,0xD3A0342B,0x8971F21E,
- 0x1B0A7441,0x4BA3348C,0xC5BE7120,0xC37632D8,0xDF359F8D,0x9B992F2E,
- 0xE60B6F47,0x0FE3F11D,0xE54CDA54,0x1EDAD891,0xCE6279CF,0xCD3E7E6F,
- 0x1618B166,0xFD2C1D05,0x848FD2C5,0xF6FB2299,0xF523F357,0xA6327623,
- 0x93A83531,0x56CCCD02,0xACF08162,0x5A75EBB5,0x6E163697,0x88D273CC,
- 0xDE966292,0x81B949D0,0x4C50901B,0x71C65614,0xE6C6C7BD,0x327A140A,
- 0x45E1D006,0xC3F27B9A,0xC9AA53FD,0x62A80F00,0xBB25BFE2,0x35BDD2F6,
- 0x71126905,0xB2040222,0xB6CBCF7C,0xCD769C2B,0x53113EC0,0x1640E3D3,
- 0x38ABBD60,0x2547ADF0,0xBA38209C,0xF746CE76,0x77AFA1C5,0x20756060,
- 0x85CBFE4E,0x8AE88DD8,0x7AAAF9B0,0x4CF9AA7E,0x1948C25C,0x02FB8A8C,
- 0x01C36AE4,0xD6EBE1F9,0x90D4F869,0xA65CDEA0,0x3F09252D,0xC208E69F,
- 0xB74E6132,0xCE77E25B,0x578FDFE3,0x3AC372E6
+ { /* ks0 */
+ 0xD1310BA6, 0x98DFB5AC, 0x2FFD72DB, 0xD01ADFB7, 0xB8E1AFED, 0x6A267E96,
+ 0xBA7C9045, 0xF12C7F99, 0x24A19947, 0xB3916CF7, 0x0801F2E2, 0x858EFC16,
+ 0x636920D8, 0x71574E69, 0xA458FEA3, 0xF4933D7E, 0x0D95748F, 0x728EB658,
+ 0x718BCD58, 0x82154AEE, 0x7B54A41D, 0xC25A59B5, 0x9C30D539, 0x2AF26013,
+ 0xC5D1B023, 0x286085F0, 0xCA417918, 0xB8DB38EF, 0x8E79DCB0, 0x603A180E,
+ 0x6C9E0E8B, 0xB01E8A3E, 0xD71577C1, 0xBD314B27, 0x78AF2FDA, 0x55605C60,
+ 0xE65525F3, 0xAA55AB94, 0x57489862, 0x63E81440, 0x55CA396A, 0x2AAB10B6,
+ 0xB4CC5C34, 0x1141E8CE, 0xA15486AF, 0x7C72E993, 0xB3EE1411, 0x636FBC2A,
+ 0x2BA9C55D, 0x741831F6, 0xCE5C3E16, 0x9B87931E, 0xAFD6BA33, 0x6C24CF5C,
+ 0x7A325381, 0x28958677, 0x3B8F4898, 0x6B4BB9AF, 0xC4BFE81B, 0x66282193,
+ 0x61D809CC, 0xFB21A991, 0x487CAC60, 0x5DEC8032, 0xEF845D5D, 0xE98575B1,
+ 0xDC262302, 0xEB651B88, 0x23893E81, 0xD396ACC5, 0x0F6D6FF3, 0x83F44239,
+ 0x2E0B4482, 0xA4842004, 0x69C8F04A, 0x9E1F9B5E, 0x21C66842, 0xF6E96C9A,
+ 0x670C9C61, 0xABD388F0, 0x6A51A0D2, 0xD8542F68, 0x960FA728, 0xAB5133A3,
+ 0x6EEF0B6C, 0x137A3BE4, 0xBA3BF050, 0x7EFB2A98, 0xA1F1651D, 0x39AF0176,
+ 0x66CA593E, 0x82430E88, 0x8CEE8619, 0x456F9FB4, 0x7D84A5C3, 0x3B8B5EBE,
+ 0xE06F75D8, 0x85C12073, 0x401A449F, 0x56C16AA6, 0x4ED3AA62, 0x363F7706,
+ 0x1BFEDF72, 0x429B023D, 0x37D0D724, 0xD00A1248, 0xDB0FEAD3, 0x49F1C09B,
+ 0x075372C9, 0x80991B7B, 0x25D479D8, 0xF6E8DEF7, 0xE3FE501A, 0xB6794C3B,
+ 0x976CE0BD, 0x04C006BA, 0xC1A94FB6, 0x409F60C4, 0x5E5C9EC2, 0x196A2463,
+ 0x68FB6FAF, 0x3E6C53B5, 0x1339B2EB, 0x3B52EC6F, 0x6DFC511F, 0x9B30952C,
+ 0xCC814544, 0xAF5EBD09, 0xBEE3D004, 0xDE334AFD, 0x660F2807, 0x192E4BB3,
+ 0xC0CBA857, 0x45C8740F, 0xD20B5F39, 0xB9D3FBDB, 0x5579C0BD, 0x1A60320A,
+ 0xD6A100C6, 0x402C7279, 0x679F25FE, 0xFB1FA3CC, 0x8EA5E9F8, 0xDB3222F8,
+ 0x3C7516DF, 0xFD616B15, 0x2F501EC8, 0xAD0552AB, 0x323DB5FA, 0xFD238760,
+ 0x53317B48, 0x3E00DF82, 0x9E5C57BB, 0xCA6F8CA0, 0x1A87562E, 0xDF1769DB,
+ 0xD542A8F6, 0x287EFFC3, 0xAC6732C6, 0x8C4F5573, 0x695B27B0, 0xBBCA58C8,
+ 0xE1FFA35D, 0xB8F011A0, 0x10FA3D98, 0xFD2183B8, 0x4AFCB56C, 0x2DD1D35B,
+ 0x9A53E479, 0xB6F84565, 0xD28E49BC, 0x4BFB9790, 0xE1DDF2DA, 0xA4CB7E33,
+ 0x62FB1341, 0xCEE4C6E8, 0xEF20CADA, 0x36774C01, 0xD07E9EFE, 0x2BF11FB4,
+ 0x95DBDA4D, 0xAE909198, 0xEAAD8E71, 0x6B93D5A0, 0xD08ED1D0, 0xAFC725E0,
+ 0x8E3C5B2F, 0x8E7594B7, 0x8FF6E2FB, 0xF2122B64, 0x8888B812, 0x900DF01C,
+ 0x4FAD5EA0, 0x688FC31C, 0xD1CFF191, 0xB3A8C1AD, 0x2F2F2218, 0xBE0E1777,
+ 0xEA752DFE, 0x8B021FA1, 0xE5A0CC0F, 0xB56F74E8, 0x18ACF3D6, 0xCE89E299,
+ 0xB4A84FE0, 0xFD13E0B7, 0x7CC43B81, 0xD2ADA8D9, 0x165FA266, 0x80957705,
+ 0x93CC7314, 0x211A1477, 0xE6AD2065, 0x77B5FA86, 0xC75442F5, 0xFB9D35CF,
+ 0xEBCDAF0C, 0x7B3E89A0, 0xD6411BD3, 0xAE1E7E49, 0x00250E2D, 0x2071B35E,
+ 0x226800BB, 0x57B8E0AF, 0x2464369B, 0xF009B91E, 0x5563911D, 0x59DFA6AA,
+ 0x78C14389, 0xD95A537F, 0x207D5BA2, 0x02E5B9C5, 0x83260376, 0x6295CFA9,
+ 0x11C81968, 0x4E734A41, 0xB3472DCA, 0x7B14A94A, 0x1B510052, 0x9A532915,
+ 0xD60F573F, 0xBC9BC6E4, 0x2B60A476, 0x81E67400, 0x08BA6FB5, 0x571BE91F,
+ 0xF296EC6B, 0x2A0DD915, 0xB6636521, 0xE7B9F9B6, 0xFF34052E, 0xC5855664,
+ 0x53B02D5D, 0xA99F8FA1, 0x08BA4799, 0x6E85076A
+ },
+ { /* ks1 */
+ 0x4B7A70E9, 0xB5B32944, 0xDB75092E, 0xC4192623, 0xAD6EA6B0, 0x49A7DF7D,
+ 0x9CEE60B8, 0x8FEDB266, 0xECAA8C71, 0x699A17FF, 0x5664526C, 0xC2B19EE1,
+ 0x193602A5, 0x75094C29, 0xA0591340, 0xE4183A3E, 0x3F54989A, 0x5B429D65,
+ 0x6B8FE4D6, 0x99F73FD6, 0xA1D29C07, 0xEFE830F5, 0x4D2D38E6, 0xF0255DC1,
+ 0x4CDD2086, 0x8470EB26, 0x6382E9C6, 0x021ECC5E, 0x09686B3F, 0x3EBAEFC9,
+ 0x3C971814, 0x6B6A70A1, 0x687F3584, 0x52A0E286, 0xB79C5305, 0xAA500737,
+ 0x3E07841C, 0x7FDEAE5C, 0x8E7D44EC, 0x5716F2B8, 0xB03ADA37, 0xF0500C0D,
+ 0xF01C1F04, 0x0200B3FF, 0xAE0CF51A, 0x3CB574B2, 0x25837A58, 0xDC0921BD,
+ 0xD19113F9, 0x7CA92FF6, 0x94324773, 0x22F54701, 0x3AE5E581, 0x37C2DADC,
+ 0xC8B57634, 0x9AF3DDA7, 0xA9446146, 0x0FD0030E, 0xECC8C73E, 0xA4751E41,
+ 0xE238CD99, 0x3BEA0E2F, 0x3280BBA1, 0x183EB331, 0x4E548B38, 0x4F6DB908,
+ 0x6F420D03, 0xF60A04BF, 0x2CB81290, 0x24977C79, 0x5679B072, 0xBCAF89AF,
+ 0xDE9A771F, 0xD9930810, 0xB38BAE12, 0xDCCF3F2E, 0x5512721F, 0x2E6B7124,
+ 0x501ADDE6, 0x9F84CD87, 0x7A584718, 0x7408DA17, 0xBC9F9ABC, 0xE94B7D8C,
+ 0xEC7AEC3A, 0xDB851DFA, 0x63094366, 0xC464C3D2, 0xEF1C1847, 0x3215D908,
+ 0xDD433B37, 0x24C2BA16, 0x12A14D43, 0x2A65C451, 0x50940002, 0x133AE4DD,
+ 0x71DFF89E, 0x10314E55, 0x81AC77D6, 0x5F11199B, 0x043556F1, 0xD7A3C76B,
+ 0x3C11183B, 0x5924A509, 0xF28FE6ED, 0x97F1FBFA, 0x9EBABF2C, 0x1E153C6E,
+ 0x86E34570, 0xEAE96FB1, 0x860E5E0A, 0x5A3E2AB3, 0x771FE71C, 0x4E3D06FA,
+ 0x2965DCB9, 0x99E71D0F, 0x803E89D6, 0x5266C825, 0x2E4CC978, 0x9C10B36A,
+ 0xC6150EBA, 0x94E2EA78, 0xA5FC3C53, 0x1E0A2DF4, 0xF2F74EA7, 0x361D2B3D,
+ 0x1939260F, 0x19C27960, 0x5223A708, 0xF71312B6, 0xEBADFE6E, 0xEAC31F66,
+ 0xE3BC4595, 0xA67BC883, 0xB17F37D1, 0x018CFF28, 0xC332DDEF, 0xBE6C5AA5,
+ 0x65582185, 0x68AB9802, 0xEECEA50F, 0xDB2F953B, 0x2AEF7DAD, 0x5B6E2F84,
+ 0x1521B628, 0x29076170, 0xECDD4775, 0x619F1510, 0x13CCA830, 0xEB61BD96,
+ 0x0334FE1E, 0xAA0363CF, 0xB5735C90, 0x4C70A239, 0xD59E9E0B, 0xCBAADE14,
+ 0xEECC86BC, 0x60622CA7, 0x9CAB5CAB, 0xB2F3846E, 0x648B1EAF, 0x19BDF0CA,
+ 0xA02369B9, 0x655ABB50, 0x40685A32, 0x3C2AB4B3, 0x319EE9D5, 0xC021B8F7,
+ 0x9B540B19, 0x875FA099, 0x95F7997E, 0x623D7DA8, 0xF837889A, 0x97E32D77,
+ 0x11ED935F, 0x16681281, 0x0E358829, 0xC7E61FD6, 0x96DEDFA1, 0x7858BA99,
+ 0x57F584A5, 0x1B227263, 0x9B83C3FF, 0x1AC24696, 0xCDB30AEB, 0x532E3054,
+ 0x8FD948E4, 0x6DBC3128, 0x58EBF2EF, 0x34C6FFEA, 0xFE28ED61, 0xEE7C3C73,
+ 0x5D4A14D9, 0xE864B7E3, 0x42105D14, 0x203E13E0, 0x45EEE2B6, 0xA3AAABEA,
+ 0xDB6C4F15, 0xFACB4FD0, 0xC742F442, 0xEF6ABBB5, 0x654F3B1D, 0x41CD2105,
+ 0xD81E799E, 0x86854DC7, 0xE44B476A, 0x3D816250, 0xCF62A1F2, 0x5B8D2646,
+ 0xFC8883A0, 0xC1C7B6A3, 0x7F1524C3, 0x69CB7492, 0x47848A0B, 0x5692B285,
+ 0x095BBF00, 0xAD19489D, 0x1462B174, 0x23820E00, 0x58428D2A, 0x0C55F5EA,
+ 0x1DADF43E, 0x233F7061, 0x3372F092, 0x8D937E41, 0xD65FECF1, 0x6C223BDB,
+ 0x7CDE3759, 0xCBEE7460, 0x4085F2A7, 0xCE77326E, 0xA6078084, 0x19F8509E,
+ 0xE8EFD855, 0x61D99735, 0xA969A7AA, 0xC50C06C2, 0x5A04ABFC, 0x800BCADC,
+ 0x9E447A2E, 0xC3453484, 0xFDD56705, 0x0E1E9EC9, 0xDB73DBD3, 0x105588CD,
+ 0x675FDA79, 0xE3674340, 0xC5C43465, 0x713E38D8, 0x3D28F89E, 0xF16DFF20,
+ 0x153E21E7, 0x8FB03D4A, 0xE6E39F2B, 0xDB83ADF7
+ },
+ { /* ks2 */
+ 0xE93D5A68, 0x948140F7, 0xF64C261C, 0x94692934, 0x411520F7, 0x7602D4F7,
+ 0xBCF46B2E, 0xD4A20068, 0xD4082471, 0x3320F46A, 0x43B7D4B7, 0x500061AF,
+ 0x1E39F62E, 0x97244546, 0x14214F74, 0xBF8B8840, 0x4D95FC1D, 0x96B591AF,
+ 0x70F4DDD3, 0x66A02F45, 0xBFBC09EC, 0x03BD9785, 0x7FAC6DD0, 0x31CB8504,
+ 0x96EB27B3, 0x55FD3941, 0xDA2547E6, 0xABCA0A9A, 0x28507825, 0x530429F4,
+ 0x0A2C86DA, 0xE9B66DFB, 0x68DC1462, 0xD7486900, 0x680EC0A4, 0x27A18DEE,
+ 0x4F3FFEA2, 0xE887AD8C, 0xB58CE006, 0x7AF4D6B6, 0xAACE1E7C, 0xD3375FEC,
+ 0xCE78A399, 0x406B2A42, 0x20FE9E35, 0xD9F385B9, 0xEE39D7AB, 0x3B124E8B,
+ 0x1DC9FAF7, 0x4B6D1856, 0x26A36631, 0xEAE397B2, 0x3A6EFA74, 0xDD5B4332,
+ 0x6841E7F7, 0xCA7820FB, 0xFB0AF54E, 0xD8FEB397, 0x454056AC, 0xBA489527,
+ 0x55533A3A, 0x20838D87, 0xFE6BA9B7, 0xD096954B, 0x55A867BC, 0xA1159A58,
+ 0xCCA92963, 0x99E1DB33, 0xA62A4A56, 0x3F3125F9, 0x5EF47E1C, 0x9029317C,
+ 0xFDF8E802, 0x04272F70, 0x80BB155C, 0x05282CE3, 0x95C11548, 0xE4C66D22,
+ 0x48C1133F, 0xC70F86DC, 0x07F9C9EE, 0x41041F0F, 0x404779A4, 0x5D886E17,
+ 0x325F51EB, 0xD59BC0D1, 0xF2BCC18F, 0x41113564, 0x257B7834, 0x602A9C60,
+ 0xDFF8E8A3, 0x1F636C1B, 0x0E12B4C2, 0x02E1329E, 0xAF664FD1, 0xCAD18115,
+ 0x6B2395E0, 0x333E92E1, 0x3B240B62, 0xEEBEB922, 0x85B2A20E, 0xE6BA0D99,
+ 0xDE720C8C, 0x2DA2F728, 0xD0127845, 0x95B794FD, 0x647D0862, 0xE7CCF5F0,
+ 0x5449A36F, 0x877D48FA, 0xC39DFD27, 0xF33E8D1E, 0x0A476341, 0x992EFF74,
+ 0x3A6F6EAB, 0xF4F8FD37, 0xA812DC60, 0xA1EBDDF8, 0x991BE14C, 0xDB6E6B0D,
+ 0xC67B5510, 0x6D672C37, 0x2765D43B, 0xDCD0E804, 0xF1290DC7, 0xCC00FFA3,
+ 0xB5390F92, 0x690FED0B, 0x667B9FFB, 0xCEDB7D9C, 0xA091CF0B, 0xD9155EA3,
+ 0xBB132F88, 0x515BAD24, 0x7B9479BF, 0x763BD6EB, 0x37392EB3, 0xCC115979,
+ 0x8026E297, 0xF42E312D, 0x6842ADA7, 0xC66A2B3B, 0x12754CCC, 0x782EF11C,
+ 0x6A124237, 0xB79251E7, 0x06A1BBE6, 0x4BFB6350, 0x1A6B1018, 0x11CAEDFA,
+ 0x3D25BDD8, 0xE2E1C3C9, 0x44421659, 0x0A121386, 0xD90CEC6E, 0xD5ABEA2A,
+ 0x64AF674E, 0xDA86A85F, 0xBEBFE988, 0x64E4C3FE, 0x9DBC8057, 0xF0F7C086,
+ 0x60787BF8, 0x6003604D, 0xD1FD8346, 0xF6381FB0, 0x7745AE04, 0xD736FCCC,
+ 0x83426B33, 0xF01EAB71, 0xB0804187, 0x3C005E5F, 0x77A057BE, 0xBDE8AE24,
+ 0x55464299, 0xBF582E61, 0x4E58F48F, 0xF2DDFDA2, 0xF474EF38, 0x8789BDC2,
+ 0x5366F9C3, 0xC8B38E74, 0xB475F255, 0x46FCD9B9, 0x7AEB2661, 0x8B1DDF84,
+ 0x846A0E79, 0x915F95E2, 0x466E598E, 0x20B45770, 0x8CD55591, 0xC902DE4C,
+ 0xB90BACE1, 0xBB8205D0, 0x11A86248, 0x7574A99E, 0xB77F19B6, 0xE0A9DC09,
+ 0x662D09A1, 0xC4324633, 0xE85A1F02, 0x09F0BE8C, 0x4A99A025, 0x1D6EFE10,
+ 0x1AB93D1D, 0x0BA5A4DF, 0xA186F20F, 0x2868F169, 0xDCB7DA83, 0x573906FE,
+ 0xA1E2CE9B, 0x4FCD7F52, 0x50115E01, 0xA70683FA, 0xA002B5C4, 0x0DE6D027,
+ 0x9AF88C27, 0x773F8641, 0xC3604C06, 0x61A806B5, 0xF0177A28, 0xC0F586E0,
+ 0x006058AA, 0x30DC7D62, 0x11E69ED7, 0x2338EA63, 0x53C2DD94, 0xC2C21634,
+ 0xBBCBEE56, 0x90BCB6DE, 0xEBFC7DA1, 0xCE591D76, 0x6F05E409, 0x4B7C0188,
+ 0x39720A3D, 0x7C927C24, 0x86E3725F, 0x724D9DB9, 0x1AC15BB4, 0xD39EB8FC,
+ 0xED545578, 0x08FCA5B5, 0xD83D7CD3, 0x4DAD0FC4, 0x1E50EF5E, 0xB161E6F8,
+ 0xA28514D9, 0x6C51133C, 0x6FD5C7E7, 0x56E14EC4, 0x362ABFCE, 0xDDC6C837,
+ 0xD79A3234, 0x92638212, 0x670EFA8E, 0x406000E0
+ },
+ { /* ks3 */
+ 0x3A39CE37, 0xD3FAF5CF, 0xABC27737, 0x5AC52D1B, 0x5CB0679E, 0x4FA33742,
+ 0xD3822740, 0x99BC9BBE, 0xD5118E9D, 0xBF0F7315, 0xD62D1C7E, 0xC700C47B,
+ 0xB78C1B6B, 0x21A19045, 0xB26EB1BE, 0x6A366EB4, 0x5748AB2F, 0xBC946E79,
+ 0xC6A376D2, 0x6549C2C8, 0x530FF8EE, 0x468DDE7D, 0xD5730A1D, 0x4CD04DC6,
+ 0x2939BBDB, 0xA9BA4650, 0xAC9526E8, 0xBE5EE304, 0xA1FAD5F0, 0x6A2D519A,
+ 0x63EF8CE2, 0x9A86EE22, 0xC089C2B8, 0x43242EF6, 0xA51E03AA, 0x9CF2D0A4,
+ 0x83C061BA, 0x9BE96A4D, 0x8FE51550, 0xBA645BD6, 0x2826A2F9, 0xA73A3AE1,
+ 0x4BA99586, 0xEF5562E9, 0xC72FEFD3, 0xF752F7DA, 0x3F046F69, 0x77FA0A59,
+ 0x80E4A915, 0x87B08601, 0x9B09E6AD, 0x3B3EE593, 0xE990FD5A, 0x9E34D797,
+ 0x2CF0B7D9, 0x022B8B51, 0x96D5AC3A, 0x017DA67D, 0xD1CF3ED6, 0x7C7D2D28,
+ 0x1F9F25CF, 0xADF2B89B, 0x5AD6B472, 0x5A88F54C, 0xE029AC71, 0xE019A5E6,
+ 0x47B0ACFD, 0xED93FA9B, 0xE8D3C48D, 0x283B57CC, 0xF8D56629, 0x79132E28,
+ 0x785F0191, 0xED756055, 0xF7960E44, 0xE3D35E8C, 0x15056DD4, 0x88F46DBA,
+ 0x03A16125, 0x0564F0BD, 0xC3EB9E15, 0x3C9057A2, 0x97271AEC, 0xA93A072A,
+ 0x1B3F6D9B, 0x1E6321F5, 0xF59C66FB, 0x26DCF319, 0x7533D928, 0xB155FDF5,
+ 0x03563482, 0x8ABA3CBB, 0x28517711, 0xC20AD9F8, 0xABCC5167, 0xCCAD925F,
+ 0x4DE81751, 0x3830DC8E, 0x379D5862, 0x9320F991, 0xEA7A90C2, 0xFB3E7BCE,
+ 0x5121CE64, 0x774FBE32, 0xA8B6E37E, 0xC3293D46, 0x48DE5369, 0x6413E680,
+ 0xA2AE0810, 0xDD6DB224, 0x69852DFD, 0x09072166, 0xB39A460A, 0x6445C0DD,
+ 0x586CDECF, 0x1C20C8AE, 0x5BBEF7DD, 0x1B588D40, 0xCCD2017F, 0x6BB4E3BB,
+ 0xDDA26A7E, 0x3A59FF45, 0x3E350A44, 0xBCB4CDD5, 0x72EACEA8, 0xFA6484BB,
+ 0x8D6612AE, 0xBF3C6F47, 0xD29BE463, 0x542F5D9E, 0xAEC2771B, 0xF64E6370,
+ 0x740E0D8D, 0xE75B1357, 0xF8721671, 0xAF537D5D, 0x4040CB08, 0x4EB4E2CC,
+ 0x34D2466A, 0x0115AF84, 0xE1B00428, 0x95983A1D, 0x06B89FB4, 0xCE6EA048,
+ 0x6F3F3B82, 0x3520AB82, 0x011A1D4B, 0x277227F8, 0x611560B1, 0xE7933FDC,
+ 0xBB3A792B, 0x344525BD, 0xA08839E1, 0x51CE794B, 0x2F32C9B7, 0xA01FBAC9,
+ 0xE01CC87E, 0xBCC7D1F6, 0xCF0111C3, 0xA1E8AAC7, 0x1A908749, 0xD44FBD9A,
+ 0xD0DADECB, 0xD50ADA38, 0x0339C32A, 0xC6913667, 0x8DF9317C, 0xE0B12B4F,
+ 0xF79E59B7, 0x43F5BB3A, 0xF2D519FF, 0x27D9459C, 0xBF97222C, 0x15E6FC2A,
+ 0x0F91FC71, 0x9B941525, 0xFAE59361, 0xCEB69CEB, 0xC2A86459, 0x12BAA8D1,
+ 0xB6C1075E, 0xE3056A0C, 0x10D25065, 0xCB03A442, 0xE0EC6E0E, 0x1698DB3B,
+ 0x4C98A0BE, 0x3278E964, 0x9F1F9532, 0xE0D392DF, 0xD3A0342B, 0x8971F21E,
+ 0x1B0A7441, 0x4BA3348C, 0xC5BE7120, 0xC37632D8, 0xDF359F8D, 0x9B992F2E,
+ 0xE60B6F47, 0x0FE3F11D, 0xE54CDA54, 0x1EDAD891, 0xCE6279CF, 0xCD3E7E6F,
+ 0x1618B166, 0xFD2C1D05, 0x848FD2C5, 0xF6FB2299, 0xF523F357, 0xA6327623,
+ 0x93A83531, 0x56CCCD02, 0xACF08162, 0x5A75EBB5, 0x6E163697, 0x88D273CC,
+ 0xDE966292, 0x81B949D0, 0x4C50901B, 0x71C65614, 0xE6C6C7BD, 0x327A140A,
+ 0x45E1D006, 0xC3F27B9A, 0xC9AA53FD, 0x62A80F00, 0xBB25BFE2, 0x35BDD2F6,
+ 0x71126905, 0xB2040222, 0xB6CBCF7C, 0xCD769C2B, 0x53113EC0, 0x1640E3D3,
+ 0x38ABBD60, 0x2547ADF0, 0xBA38209C, 0xF746CE76, 0x77AFA1C5, 0x20756060,
+ 0x85CBFE4E, 0x8AE88DD8, 0x7AAAF9B0, 0x4CF9AA7E, 0x1948C25C, 0x02FB8A8C,
+ 0x01C36AE4, 0xD6EBE1F9, 0x90D4F869, 0xA65CDEA0, 0x3F09252D, 0xC208E69F,
+ 0xB74E6132, 0xCE77E25B, 0x578FDFE3, 0x3AC372E6
}
},
- /* p constants */
- {
- 0x243F6A88,0x85A308D3,0x13198A2E,0x03707344,0xA4093822,0x299F31D0,
- 0x082EFA98,0xEC4E6C89,0x452821E6,0x38D01377,0xBE5466CF,0x34E90C6C,
- 0xC0AC29B7,0xC97C50DD,0x3F84D5B5,0xB5470917,0x9216D5D9,0x8979FB1B
- },
+ { /* ps */
+ 0x243F6A88, 0x85A308D3, 0x13198A2E, 0x03707344, 0xA4093822, 0x299F31D0,
+ 0x082EFA98, 0xEC4E6C89, 0x452821E6, 0x38D01377, 0xBE5466CF, 0x34E90C6C,
+ 0xC0AC29B7, 0xC97C50DD, 0x3F84D5B5, 0xB5470917, 0x9216D5D9, 0x8979FB1B
+ }
};
/* It's unfortunate to have to pick the bytes apart in the round
- * function. Werner's GNUPG code stored took the address of x, and
- * then read the individual bytes depending on the endianness. But xr
- * and xl ought to live in registers, so I'm not sure that really is a
- * good way to do it. */
+ * function. Werner's gnupg/libgcrypt code took the address of x, and
+ * then read the individual bytes depending on the endianness. But
+ * since xr and xl ought to live in registers, copying via memory is a
+ * bad idea. */
#define F(c, x) \
((( (c->s[0][(x>>24) &0xff] + c->s[1][(x>>16) & 0xff]) \
^ c->s[2][(x>>8) & 0xff]) + c->s[3][x & 0xff]) & 0xffffffff)
-#define R(c, l, r, i) do { l ^= c->p[i]; r ^= F(c, l); } while(0)
+#define R(c, l,r,i) do { l ^= c->p[i]; r ^= F(c,l); } while(0)
static void
-encrypt(const struct blowfish_ctx *bc, uint32_t *ret_xl, uint32_t *ret_xr)
+encrypt (const struct blowfish_ctx *ctx, uint32_t * ret_xl,
+ uint32_t * ret_xr)
{
uint32_t xl, xr;
xl = *ret_xl;
xr = *ret_xr;
- R(bc, xl, xr, 0);
- R(bc, xr, xl, 1);
- R(bc, xl, xr, 2);
- R(bc, xr, xl, 3);
- R(bc, xl, xr, 4);
- R(bc, xr, xl, 5);
- R(bc, xl, xr, 6);
- R(bc, xr, xl, 7);
- R(bc, xl, xr, 8);
- R(bc, xr, xl, 9);
- R(bc, xl, xr, 10);
- R(bc, xr, xl, 11);
- R(bc, xl, xr, 12);
- R(bc, xr, xl, 13);
- R(bc, xl, xr, 14);
- R(bc, xr, xl, 15);
- xl ^= bc->p[_BLOWFISH_ROUNDS];
- xr ^= bc->p[_BLOWFISH_ROUNDS+1];
+ R (ctx, xl, xr, 0);
+ R (ctx, xr, xl, 1);
+ R (ctx, xl, xr, 2);
+ R (ctx, xr, xl, 3);
+ R (ctx, xl, xr, 4);
+ R (ctx, xr, xl, 5);
+ R (ctx, xl, xr, 6);
+ R (ctx, xr, xl, 7);
+ R (ctx, xl, xr, 8);
+ R (ctx, xr, xl, 9);
+ R (ctx, xl, xr, 10);
+ R (ctx, xr, xl, 11);
+ R (ctx, xl, xr, 12);
+ R (ctx, xr, xl, 13);
+ R (ctx, xl, xr, 14);
+ R (ctx, xr, xl, 15);
+
+ xl ^= ctx->p[_BLOWFISH_ROUNDS];
+ xr ^= ctx->p[_BLOWFISH_ROUNDS + 1];
*ret_xl = xr;
*ret_xr = xl;
}
static void
-decrypt(const struct blowfish_ctx *bc, uint32_t *ret_xl, uint32_t *ret_xr )
+decrypt (const struct blowfish_ctx *ctx, uint32_t * ret_xl, uint32_t * ret_xr)
{
uint32_t xl, xr;
xl = *ret_xl;
xr = *ret_xr;
- R(bc, xl, xr, 17);
- R(bc, xr, xl, 16);
- R(bc, xl, xr, 15);
- R(bc, xr, xl, 14);
- R(bc, xl, xr, 13);
- R(bc, xr, xl, 12);
- R(bc, xl, xr, 11);
- R(bc, xr, xl, 10);
- R(bc, xl, xr, 9);
- R(bc, xr, xl, 8);
- R(bc, xl, xr, 7);
- R(bc, xr, xl, 6);
- R(bc, xl, xr, 5);
- R(bc, xr, xl, 4);
- R(bc, xl, xr, 3);
- R(bc, xr, xl, 2);
-
- xl ^= bc->p[1];
- xr ^= bc->p[0];
+ R (ctx, xl, xr, 17);
+ R (ctx, xr, xl, 16);
+ R (ctx, xl, xr, 15);
+ R (ctx, xr, xl, 14);
+ R (ctx, xl, xr, 13);
+ R (ctx, xr, xl, 12);
+ R (ctx, xl, xr, 11);
+ R (ctx, xr, xl, 10);
+ R (ctx, xl, xr, 9);
+ R (ctx, xr, xl, 8);
+ R (ctx, xl, xr, 7);
+ R (ctx, xr, xl, 6);
+ R (ctx, xl, xr, 5);
+ R (ctx, xr, xl, 4);
+ R (ctx, xl, xr, 3);
+ R (ctx, xr, xl, 2);
+
+ xl ^= ctx->p[1];
+ xr ^= ctx->p[0];
*ret_xl = xr;
*ret_xr = xl;
#undef R
void
-blowfish_encrypt(const struct blowfish_ctx *bc, unsigned length,
- uint8_t *outbuf, const uint8_t *inbuf)
+blowfish_encrypt (const struct blowfish_ctx *ctx,
+ unsigned length, uint8_t * dst, const uint8_t * src)
{
- uint32_t d1, d2;
-
- FOR_BLOCKS(length, outbuf, inbuf, BLOWFISH_BLOCK_SIZE)
- {
- d1 = READ_UINT32(inbuf);
- d2 = READ_UINT32(inbuf+ 4);
-
- encrypt( bc, &d1, &d2 );
-
- WRITE_UINT32(outbuf, d1);
- WRITE_UINT32(outbuf + 4, d2);
- }
+ FOR_BLOCKS (length, dst, src, BLOWFISH_BLOCK_SIZE)
+ {
+ uint32_t d1, d2;
+
+ d1 = src[0] << 24 | src[1] << 16 | src[2] << 8 | src[3];
+ d2 = src[4] << 24 | src[5] << 16 | src[6] << 8 | src[7];
+ encrypt (ctx, &d1, &d2);
+ dst[0] = (d1 >> 24) & 0xff;
+ dst[1] = (d1 >> 16) & 0xff;
+ dst[2] = (d1 >> 8) & 0xff;
+ dst[3] = d1 & 0xff;
+ dst[4] = (d2 >> 24) & 0xff;
+ dst[5] = (d2 >> 16) & 0xff;
+ dst[6] = (d2 >> 8) & 0xff;
+ dst[7] = d2 & 0xff;
+ }
}
-
void
-blowfish_decrypt(const struct blowfish_ctx *bc, unsigned length,
- uint8_t *outbuf, const uint8_t *inbuf )
+blowfish_decrypt (const struct blowfish_ctx *ctx,
+ unsigned length, uint8_t * dst, const uint8_t * src)
{
- uint32_t d1, d2;
-
- FOR_BLOCKS(length, outbuf, inbuf, BLOWFISH_BLOCK_SIZE)
- {
- d1 = READ_UINT32(inbuf);
- d2 = READ_UINT32(inbuf+ 4);
-
- decrypt( bc, &d1, &d2 );
-
- WRITE_UINT32(outbuf, d1);
- WRITE_UINT32(outbuf + 4, d2);
- }
+ FOR_BLOCKS (length, dst, src, BLOWFISH_BLOCK_SIZE)
+ {
+ uint32_t d1, d2;
+
+ d1 = src[0] << 24 | src[1] << 16 | src[2] << 8 | src[3];
+ d2 = src[4] << 24 | src[5] << 16 | src[6] << 8 | src[7];
+ decrypt (ctx, &d1, &d2);
+ dst[0] = (d1 >> 24) & 0xff;
+ dst[1] = (d1 >> 16) & 0xff;
+ dst[2] = (d1 >> 8) & 0xff;
+ dst[3] = d1 & 0xff;
+ dst[4] = (d2 >> 24) & 0xff;
+ dst[5] = (d2 >> 16) & 0xff;
+ dst[6] = (d2 >> 8) & 0xff;
+ dst[7] = d2 & 0xff;
+ }
}
int
-blowfish_set_key(struct blowfish_ctx *ctx,
- unsigned keylen, const uint8_t *key)
+blowfish_set_key (struct blowfish_ctx *ctx,
+ unsigned length, const uint8_t * key)
{
- int i, j;
- uint32_t data, datal, datar;
+ int i, j;
+ uint32_t data, datal, datar;
- *ctx = initial_ctx;
+ *ctx = initial_ctx;
- for(i=j=0; i < _BLOWFISH_ROUNDS+2; i++ )
- {
- data = key[j] << 24 | key[(j+1) % keylen] <<16
- | key[(j+2)%keylen] << 8 | key[(j+3)%keylen];
-
- ctx->p[i] ^= data;
- j = (j+4) % keylen;
- }
+ for (i = j = 0; i < _BLOWFISH_ROUNDS + 2; i++)
+ {
+ data = (key[j] << 24) | (key[(j+1) % length] << 16)
+ | (key[(j+2) % length] << 8) | key[(j+3) % length];
+ ctx->p[i] ^= data;
+ j = (j + 4) % length;
+ }
- datal = datar = 0;
- for(i=0; i < _BLOWFISH_ROUNDS+2; i += 2 )
- {
- encrypt( ctx, &datal, &datar );
- ctx->p[i] = datal;
- ctx->p[i+1] = datar;
- }
- for(i=0; i < 256; i += 2 )
- {
- encrypt( ctx, &datal, &datar );
- ctx->s[0][i] = datal;
- ctx->s[0][i+1] = datar;
- }
- for(i=0; i < 256; i += 2 )
- {
- encrypt( ctx, &datal, &datar );
- ctx->s[1][i] = datal;
- ctx->s[1][i+1] = datar;
- }
- for(i=0; i < 256; i += 2 )
- {
- encrypt( ctx, &datal, &datar );
- ctx->s[2][i] = datal;
- ctx->s[2][i+1] = datar;
- }
- for(i=0; i < 256; i += 2 )
+ datal = datar = 0;
+ for (i = 0; i < _BLOWFISH_ROUNDS + 2; i += 2)
+ {
+ encrypt (ctx, &datal, &datar);
+ ctx->p[i] = datal;
+ ctx->p[i + 1] = datar;
+ }
+
+ for (j = 0; j < 4; j++)
+ for (i = 0; i < 256; i += 2)
{
- encrypt( ctx, &datal, &datar );
- ctx->s[3][i] = datal;
- ctx->s[3][i+1] = datar;
- }
+ encrypt (ctx, &datal, &datar);
+ ctx->s[j][i] = datal;
+ ctx->s[j][i + 1] = datar;
+ }
+
+ /* Check for weak key. A weak key is a key in which a value in
+ the P-array (here c) occurs more than once per table. */
+ for (i = 0; i < 255; i++)
+ {
+ for (j = i + 1; j < 256; j++)
+ {
+ if ((ctx->s[0][i] == ctx->s[0][j])
+ || (ctx->s[1][i] == ctx->s[1][j])
+ || (ctx->s[2][i] == ctx->s[2][j])
+ || (ctx->s[3][i] == ctx->s[3][j]))
+ return 0;
+ }
+ }
- /* Check for weak key. A weak key is a key in which a value in */
- /* the P-array (here c) occurs more than once per table. */
- for(i=0; i < 255; i++ )
- for( j=i+1; j < 256; j++)
- if( (ctx->s[0][i] == ctx->s[0][j]) || (ctx->s[1][i] == ctx->s[1][j]) ||
- (ctx->s[2][i] == ctx->s[2][j]) || (ctx->s[3][i] == ctx->s[3][j]) )
- return 0;
-
- return 1;
+ return 1;
}
/* nettle, low-level cryptographics library
*
- * Copyright (C) 1998, 2001 FSF, Ray Dassen, Niels Möller
+ * Copyright (C) 1998, 2001 FSF, Ray Dassen, Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_BLOWFISH_H_INCLUDED
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
void
nettle_buffer_init_realloc(struct nettle_buffer *buffer,
void *realloc_ctx,
- nettle_realloc_func realloc)
+ nettle_realloc_func *realloc)
{
buffer->contents = NULL;
buffer->alloc = 0;
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_BUFFER_H_INCLUDED
void
nettle_buffer_init_realloc(struct nettle_buffer *buffer,
void *realloc_ctx,
- nettle_realloc_func realloc);
+ nettle_realloc_func *realloc);
/* Initializes a buffer of fix size */
void
* Copyright (C) 2006,2007
* NTT (Nippon Telegraph and Telephone Corporation).
*
- * Copyright (C) 2010 Niels Möller
+ * Copyright (C) 2010 Niels Möller
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
#endif
#include <assert.h>
+#include <limits.h>
#include "camellia-internal.h"
__kl = (k) >> 32; \
__kr = (k) & 0xffffffff; \
__t = __xl & __kl; \
- __xr ^= ROL32(1, __t); \
+ __xr ^= ROTL32(1, __t); \
__xl ^= (__xr | __kr); \
(x) = ((uint64_t) __xl << 32) | __xr; \
} while (0)
__kr = (k) & 0xffffffff; \
__xl ^= (__xr | __kr); \
__t = __xl & __kl; \
- __xr ^= ROL32(1, __t); \
+ __xr ^= ROTL32(1, __t); \
(x) = ((uint64_t) __xl << 32) | __xr; \
} while (0)
+#if HAVE_NATIVE_64_BIT
#define CAMELLIA_ROUNDSM(T, x, k, y) do { \
uint32_t __il, __ir; \
__ir \
- = T->sp1110[(x) & 0xff] \
- ^ T->sp0222[((x) >> 24) & 0xff] \
- ^ T->sp3033[((x) >> 16) & 0xff] \
- ^ T->sp4404[((x) >> 8) & 0xff]; \
+ = T->sp1110[(x) & 0xff] \
+ ^ T->sp0222[((x) >> 24) & 0xff] \
+ ^ T->sp3033[((x) >> 16) & 0xff] \
+ ^ T->sp4404[((x) >> 8) & 0xff]; \
/* ir == (t6^t7^t8),(t5^t7^t8),(t5^t6^t8),(t5^t6^t7) */ \
__il \
- = T->sp1110[ (x) >> 56] \
- ^ T->sp0222[((x) >> 48) & 0xff] \
- ^ T->sp3033[((x) >> 40) & 0xff] \
- ^ T->sp4404[((x) >> 32) & 0xff]; \
+ = T->sp1110[ (x) >> 56] \
+ ^ T->sp0222[((x) >> 48) & 0xff] \
+ ^ T->sp3033[((x) >> 40) & 0xff] \
+ ^ T->sp4404[((x) >> 32) & 0xff]; \
+ /* il == (t1^t3^t4),(t1^t2^t4),(t1^t2^t3),(t2^t3^t4) */ \
+ __ir ^= __il; \
+ /* ir == (t1^t3^t4^t6^t7^t8),(t1^t2^t4^t5^t7^t8), \
+ (t1^t2^t3^t5^t6^t8),(t2^t3^t4^t5^t6^t7) \
+ == y1,y2,y3,y4 */ \
+ __il = ROTL32(24, __il); \
+ /* il == (t2^t3^t4),(t1^t3^t4),(t1^t2^t4),(t1^t2^t3) */ \
+ __il ^= __ir; \
+ /* il == (t1^t2^t6^t7^t8),(t2^t3^t5^t7^t8), \
+ (t3^t4^t5^t6^t8),(t1^t4^t5^t6^t7) \
+ == y5,y6,y7,y8 */ \
+ y ^= (k); \
+ y ^= ((uint64_t) __ir << 32) | __il; \
+ } while (0)
+#else /* !HAVE_NATIVE_64_BIT */
+#define CAMELLIA_ROUNDSM(T, x, k, y) do { \
+ uint32_t __il, __ir; \
+ __ir \
+ = T->sp1110[(x) & 0xff] \
+ ^ T->sp0222[((x) >> 24) & 0xff] \
+ ^ T->sp3033[((x) >> 16) & 0xff] \
+ ^ T->sp4404[((x) >> 8) & 0xff]; \
+ /* ir == (t6^t7^t8),(t5^t7^t8),(t5^t6^t8),(t5^t6^t7) */ \
+ __il \
+ = T->sp1110[ (x) >> 56] \
+ ^ T->sp0222[((x) >> 48) & 0xff] \
+ ^ T->sp3033[((x) >> 40) & 0xff] \
+ ^ T->sp4404[((x) >> 32) & 0xff]; \
/* il == (t1^t3^t4),(t1^t2^t4),(t1^t2^t3),(t2^t3^t4) */ \
__il ^= (k) >> 32; \
__ir ^= (k) & 0xffffffff; \
__ir ^= __il; \
/* ir == (t1^t3^t4^t6^t7^t8),(t1^t2^t4^t5^t7^t8), \
- (t1^t2^t3^t5^t6^t8),(t2^t3^t4^t5^t6^t7) \
- == y1,y2,y3,y4 */ \
- __il = ROL32(24, __il); \
+ (t1^t2^t3^t5^t6^t8),(t2^t3^t4^t5^t6^t7) \
+ == y1,y2,y3,y4 */ \
+ __il = ROTL32(24, __il); \
/* il == (t2^t3^t4),(t1^t3^t4),(t1^t2^t4),(t1^t2^t3) */ \
__il ^= __ir; \
/* il == (t1^t2^t6^t7^t8),(t2^t3^t5^t7^t8), \
- (t3^t4^t5^t6^t8),(t1^t4^t5^t6^t7) \
- == y5,y6,y7,y8 */ \
+ (t3^t4^t5^t6^t8),(t1^t4^t5^t6^t7) \
+ == y5,y6,y7,y8 */ \
y ^= ((uint64_t) __ir << 32) | __il; \
} while (0)
+#endif
void
_camellia_crypt(const struct camellia_ctx *ctx,
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2010 Niels Möller
+ * Copyright (C) 2010 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* Copyright (C) 2006,2007
* NTT (Nippon Telegraph and Telephone Corporation).
*
- * Copyright (C) 2010 Niels Möller
+ * Copyright (C) 2010 Niels Möller
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* macros
*/
-/* Rotation of 32-bit values. */
-#define ROL32(bits, x) (((x) << (bits)) | ((x) >> (32 - (bits))))
-
/* Destructive rotation of 128 bit values. */
-#define ROL128(bits, xl, xr) do { \
+#define ROTL128(bits, xl, xr) do { \
uint64_t __rol128_t = (xl); \
(xl) = ((xl) << (bits)) | ((xr) >> (64 - (bits))); \
(xr) = ((xr) << (bits)) | (__rol128_t >> (64 - (bits))); \
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2010 Niels Möller
+ * Copyright (C) 2010 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2010 Niels Möller
+ * Copyright (C) 2010 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
* Copyright (C) 2006,2007
* NTT (Nippon Telegraph and Telephone Corporation).
*
- * Copyright (C) 2010 Niels Möller
+ * Copyright (C) 2010 Niels Möller
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
#endif
#include <assert.h>
+#include <limits.h>
#include "camellia-internal.h"
^ CAMELLIA_SP3033((__i >> 40) & 0xff) \
^ CAMELLIA_SP4404((__i >> 32) & 0xff); \
__yl ^= __yr; \
- __yr = ROL32(24, __yr); \
+ __yr = ROTL32(24, __yr); \
__yr ^= __yl; \
(y) = ((uint64_t) __yl << 32) | __yr; \
} while (0)
-#define CAMELLIA_F_HALF_INV(x) do { \
- uint32_t __t, __w; \
- __t = (x) >> 32; \
- __w = __t ^(x); \
- __w = ROL32(8, __w); \
- (x) = ((uint64_t) __w << 32) | (__t ^ __w); \
+#if ! HAVE_NATIVE_64_BIT
+#define CAMELLIA_F_HALF_INV(x) do { \
+ uint32_t __t, __w; \
+ __t = (x) >> 32; \
+ __w = __t ^(x); \
+ __w = ROTL32(8, __w); \
+ (x) = ((uint64_t) __w << 32) | (__t ^ __w); \
} while (0)
+#endif
void
camellia_set_encrypt_key(struct camellia_ctx *ctx,
* generate KL dependent subkeys
*/
subkey[0] = k0; subkey[1] = k1;
- ROL128(15, k0, k1);
+ ROTL128(15, k0, k1);
subkey[4] = k0; subkey[5] = k1;
- ROL128(30, k0, k1);
+ ROTL128(30, k0, k1);
subkey[10] = k0; subkey[11] = k1;
- ROL128(15, k0, k1);
+ ROTL128(15, k0, k1);
subkey[13] = k1;
- ROL128(17, k0, k1);
+ ROTL128(17, k0, k1);
subkey[16] = k0; subkey[17] = k1;
- ROL128(17, k0, k1);
+ ROTL128(17, k0, k1);
subkey[18] = k0; subkey[19] = k1;
- ROL128(17, k0, k1);
+ ROTL128(17, k0, k1);
subkey[22] = k0; subkey[23] = k1;
/* generate KA. D1 is k0, d2 is k1. */
/* generate KA dependent subkeys */
subkey[2] = k0; subkey[3] = k1;
- ROL128(15, k0, k1);
+ ROTL128(15, k0, k1);
subkey[6] = k0; subkey[7] = k1;
- ROL128(15, k0, k1);
+ ROTL128(15, k0, k1);
subkey[8] = k0; subkey[9] = k1;
- ROL128(15, k0, k1);
+ ROTL128(15, k0, k1);
subkey[12] = k0;
- ROL128(15, k0, k1);
+ ROTL128(15, k0, k1);
subkey[14] = k0; subkey[15] = k1;
- ROL128(34, k0, k1);
+ ROTL128(34, k0, k1);
subkey[20] = k0; subkey[21] = k1;
- ROL128(17, k0, k1);
+ ROTL128(17, k0, k1);
subkey[24] = k0; subkey[25] = k1;
}
else
}
/* generate KL dependent subkeys */
subkey[0] = k0; subkey[1] = k1;
- ROL128(45, k0, k1);
+ ROTL128(45, k0, k1);
subkey[12] = k0; subkey[13] = k1;
- ROL128(15, k0, k1);
+ ROTL128(15, k0, k1);
subkey[16] = k0; subkey[17] = k1;
- ROL128(17, k0, k1);
+ ROTL128(17, k0, k1);
subkey[22] = k0; subkey[23] = k1;
- ROL128(34, k0, k1);
+ ROTL128(34, k0, k1);
subkey[30] = k0; subkey[31] = k1;
/* generate KR dependent subkeys */
- ROL128(15, k2, k3);
+ ROTL128(15, k2, k3);
subkey[4] = k2; subkey[5] = k3;
- ROL128(15, k2, k3);
+ ROTL128(15, k2, k3);
subkey[8] = k2; subkey[9] = k3;
- ROL128(30, k2, k3);
+ ROTL128(30, k2, k3);
subkey[18] = k2; subkey[19] = k3;
- ROL128(34, k2, k3);
+ ROTL128(34, k2, k3);
subkey[26] = k2; subkey[27] = k3;
- ROL128(34, k2, k3);
+ ROTL128(34, k2, k3);
/* generate KA */
/* The construction of KA is done as
k2 ^= w;
/* generate KA dependent subkeys */
- ROL128(15, k0, k1);
+ ROTL128(15, k0, k1);
subkey[6] = k0; subkey[7] = k1;
- ROL128(30, k0, k1);
+ ROTL128(30, k0, k1);
subkey[14] = k0; subkey[15] = k1;
- ROL128(32, k0, k1);
+ ROTL128(32, k0, k1);
subkey[24] = k0; subkey[25] = k1;
- ROL128(17, k0, k1);
+ ROTL128(17, k0, k1);
subkey[28] = k0; subkey[29] = k1;
/* generate KB dependent subkeys */
subkey[2] = k2; subkey[3] = k3;
- ROL128(30, k2, k3);
+ ROTL128(30, k2, k3);
subkey[10] = k2; subkey[11] = k3;
- ROL128(30, k2, k3);
+ ROTL128(30, k2, k3);
subkey[20] = k2; subkey[21] = k3;
- ROL128(51, k2, k3);
+ ROTL128(51, k2, k3);
subkey[32] = k2; subkey[33] = k3;
}
and xor the result into the 32 high bits, but it still generates
worse code than for explicit 32-bit operations. */
kw2 ^= (kw2 & ~subkey[i+1]) << 32;
- dw = (kw2 & subkey[i+1]) >> 32; kw2 ^= ROL32(1, dw);
+ dw = (kw2 & subkey[i+1]) >> 32; kw2 ^= ROTL32(1, dw);
subkey[i+3] ^= kw2;
subkey[i+5] ^= kw2;
subkey[i+4] ^= kw4;
subkey[i+2] ^= kw4;
kw4 ^= (kw4 & ~subkey[i]) << 32;
- dw = (kw4 & subkey[i]) >> 32; kw4 ^= ROL32(1, dw);
+ dw = (kw4 & subkey[i]) >> 32; kw4 ^= ROTL32(1, dw);
}
subkey[6] ^= kw4;
{
tl = (subkey[i+2] >> 32) ^ (subkey[i+2] & ~subkey[i]);
dw = tl & (subkey[i] >> 32);
- tr = subkey[i+2] ^ ROL32(1, dw);
+ tr = subkey[i+2] ^ ROTL32(1, dw);
ctx->keys[i-2] = subkey[i-2] ^ ( ((uint64_t) tl << 32) | tr);
ctx->keys[i-1] = subkey[i];
tl = (subkey[i-1] >> 32) ^ (subkey[i-1] & ~subkey[i+1]);
dw = tl & (subkey[i+1] >> 32);
- tr = subkey[i-1] ^ ROL32(1, dw);
+ tr = subkey[i-1] ^ ROTL32(1, dw);
ctx->keys[i+1] = subkey[i+3] ^ ( ((uint64_t) tl << 32) | tr);
ctx->keys[i+2] = subkey[i+2] ^ subkey[i+4];
ctx->keys[i-2] = subkey[i-2];
ctx->keys[i-1] = subkey[i] ^ subkey[i-1];
+#if !HAVE_NATIVE_64_BIT
for (i = 0; i < ctx->nkeys; i += 8)
{
/* apply the inverse of the last half of F-function */
CAMELLIA_F_HALF_INV(ctx->keys[i+5]);
CAMELLIA_F_HALF_INV(ctx->keys[i+6]);
}
+#endif
}
/* Copyright (C) 2006,2007
* NTT (Nippon Telegraph and Telephone Corporation).
*
- * Copyright (C) 2010 Niels Möller
+ * Copyright (C) 2010 Niels Möller
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* Copyright (C) 2006,2007
* NTT (Nippon Telegraph and Telephone Corporation).
*
- * Copyright (C) 2010 Niels Möller
+ * Copyright (C) 2010 Niels Möller
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
#include "cast128.h"
const struct nettle_cipher nettle_cast128
-= _NETTLE_CIPHER_FIX(cast128, CAST128, 128);
+= _NETTLE_CIPHER_FIX(cast128, CAST128);
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001 Niels Möller
+ * Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
#define U8c(x) ( (uint8_t) ((x>>8)&0xff) )
#define U8d(x) ( (uint8_t) ((x)&0xff) )
-/* Circular left shift */
-#define ROL(x, n) ( ((x)<<(n)) | ((x)>>(32-(n))) )
-
/* CAST-128 uses three different round functions */
-#define F1(l, r, i) \
- t = ROL(ctx->keys[i] + r, ctx->keys[i+16]); \
- l ^= ((cast_sbox1[U8a(t)] ^ cast_sbox2[U8b(t)]) \
- - cast_sbox3[U8c(t)]) + cast_sbox4[U8d(t)];
-#define F2(l, r, i) \
- t = ROL(ctx->keys[i] ^ r, ctx->keys[i+16]); \
- l ^= ((cast_sbox1[U8a(t)] - cast_sbox2[U8b(t)]) \
- + cast_sbox3[U8c(t)]) ^ cast_sbox4[U8d(t)];
-#define F3(l, r, i) \
- t = ROL(ctx->keys[i] - r, ctx->keys[i+16]); \
- l ^= ((cast_sbox1[U8a(t)] + cast_sbox2[U8b(t)]) \
- ^ cast_sbox3[U8c(t)]) - cast_sbox4[U8d(t)];
+#define F1(l, r, i) do { \
+ t = ROTL32(ctx->keys[i+16], ctx->keys[i] + r); \
+ l ^= ((cast_sbox1[U8a(t)] ^ cast_sbox2[U8b(t)]) \
+ - cast_sbox3[U8c(t)]) + cast_sbox4[U8d(t)]; \
+ } while (0)
+#define F2(l, r, i) do { \
+ t = ROTL32( ctx->keys[i+16], ctx->keys[i] ^ r); \
+ l ^= ((cast_sbox1[U8a(t)] - cast_sbox2[U8b(t)]) \
+ + cast_sbox3[U8c(t)]) ^ cast_sbox4[U8d(t)]; \
+ } while (0)
+#define F3(l, r, i) do { \
+ t = ROTL32(ctx->keys[i+16], ctx->keys[i] - r); \
+ l ^= ((cast_sbox1[U8a(t)] + cast_sbox2[U8b(t)]) \
+ ^ cast_sbox3[U8c(t)]) - cast_sbox4[U8d(t)]; \
+ } while (0)
/***** Encryption Function *****/
if ((i*4+3) < keybytes) x[i] |= (uint32_t)rawkey[i*4+3];
}
/* FIXME: For the shorter key sizes, the last 4 subkeys are not
- used, and need not be generatedd, nor stored. */
+ used, and need not be generated, nor stored. */
/* Generate 32 subkeys, four at a time */
for (i = 0; i < 32; i+=4) {
switch (i & 4) {
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001 Niels Möller
+ * Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_CAST128_H_INCLUDED
/*
- * $Id: cast128_sboxes.h,v 1.1 2007/04/05 14:20:35 nisse Exp $
- *
* CAST-128 in C
* Written by Steve Reid <sreid@sea-to-sky.net>
* 100% Public Domain - no warranty
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001 Niels Möller
+ * Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
#include "nettle-internal.h"
void
-cbc_encrypt(void *ctx, nettle_crypt_func f,
+cbc_encrypt(void *ctx, nettle_crypt_func *f,
unsigned block_size, uint8_t *iv,
unsigned length, uint8_t *dst,
const uint8_t *src)
}
}
-/* Requires that dst != src */
-static void
-cbc_decrypt_internal(void *ctx, nettle_crypt_func f,
- unsigned block_size, uint8_t *iv,
- unsigned length, uint8_t *dst,
- const uint8_t *src)
-{
- assert(length);
- assert( !(length % block_size) );
- assert(src != dst);
-
- /* Decrypt in ECB mode */
- f(ctx, length, dst, src);
-
- /* XOR the cryptotext, shifted one block */
- memxor(dst, iv, block_size);
- memxor(dst + block_size, src, length - block_size);
- memcpy(iv, src + length - block_size, block_size);
-}
-
/* Don't allocate any more space than this on the stack */
-#define CBC_BUFFER_LIMIT 4096
+#define CBC_BUFFER_LIMIT 512
void
-cbc_decrypt(void *ctx, nettle_crypt_func f,
+cbc_decrypt(void *ctx, nettle_crypt_func *f,
unsigned block_size, uint8_t *iv,
unsigned length, uint8_t *dst,
const uint8_t *src)
return;
if (src != dst)
- cbc_decrypt_internal(ctx, f, block_size, iv,
- length, dst, src);
+ {
+ /* Decrypt in ECB mode */
+ f(ctx, length, dst, src);
+
+ /* XOR the cryptotext, shifted one block */
+ memxor(dst, iv, block_size);
+ memxor(dst + block_size, src, length - block_size);
+ memcpy(iv, src + length - block_size, block_size);
+ }
+
else
{
- /* We need a copy of the ciphertext, so we can't ECB decrypt in
- * place.
- *
- * If length is small, we allocate a complete copy of src on the
- * stack. Otherwise, we allocate a block of size at most
- * CBC_BUFFER_LIMIT, and process that amount of data at a
- * time.
- *
- * NOTE: We assume that block_size <= CBC_BUFFER_LIMIT. */
+ /* For in-place CBC, we decrypt into a temporary buffer of size
+ * at most CBC_BUFFER_LIMIT, and process that amount of data at
+ * a time. */
+
+ /* NOTE: We assume that block_size <= CBC_BUFFER_LIMIT, and we
+ depend on memxor3 working from the end of the area, allowing
+ certain overlapping operands. */
+
+ TMP_DECL(buffer, uint8_t, CBC_BUFFER_LIMIT);
+ TMP_DECL(initial_iv, uint8_t, NETTLE_MAX_CIPHER_BLOCK_SIZE);
unsigned buffer_size;
buffer_size
= CBC_BUFFER_LIMIT - (CBC_BUFFER_LIMIT % block_size);
- {
- TMP_DECL(buffer, uint8_t, CBC_BUFFER_LIMIT);
- TMP_ALLOC(buffer, buffer_size);
-
- for ( ; length > buffer_size;
- length -= buffer_size, dst += buffer_size, src += buffer_size)
- {
- memcpy(buffer, src, buffer_size);
- cbc_decrypt_internal(ctx, f, block_size, iv,
- buffer_size, dst, buffer);
- }
- /* Now, we have at most CBC_BUFFER_LIMIT octets left */
- memcpy(buffer, src, length);
-
- cbc_decrypt_internal(ctx, f, block_size, iv,
- length, dst, buffer);
- }
+ TMP_ALLOC(buffer, buffer_size);
+ TMP_ALLOC(initial_iv, block_size);
+
+ for ( ; length > buffer_size;
+ length -= buffer_size, src += buffer_size, dst += buffer_size)
+ {
+ f(ctx, buffer_size, buffer, src);
+ memcpy(initial_iv, iv, block_size);
+ memcpy(iv, src + buffer_size - block_size, block_size);
+ memxor3(dst + block_size, buffer + block_size, src,
+ buffer_size - block_size);
+ memxor3(dst, buffer, initial_iv, block_size);
+ }
+
+ f(ctx, length, buffer, src);
+ memcpy(initial_iv, iv, block_size);
+ /* Copies last block */
+ memcpy(iv, src + length - block_size, block_size);
+ /* Writes all but first block, reads all but last block. */
+ memxor3(dst + block_size, buffer + block_size, src,
+ length - block_size);
+ /* Writes first block. */
+ memxor3(dst, buffer, initial_iv, block_size);
}
}
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001 Niels Möller
+ * Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_CBC_H_INCLUDED
#define cbc_decrypt nettle_cbc_decrypt
void
-cbc_encrypt(void *ctx, nettle_crypt_func f,
+cbc_encrypt(void *ctx, nettle_crypt_func *f,
unsigned block_size, uint8_t *iv,
unsigned length, uint8_t *dst,
const uint8_t *src);
void
-cbc_decrypt(void *ctx, nettle_crypt_func f,
+cbc_decrypt(void *ctx, nettle_crypt_func *f,
unsigned block_size, uint8_t *iv,
unsigned length, uint8_t *dst,
const uint8_t *src);
#define CBC_SET_IV(ctx, data) \
memcpy((ctx)->iv, (data), sizeof((ctx)->iv))
+/* NOTE: Avoid using NULL, as we don't include anything defining it. */
#define CBC_ENCRYPT(self, f, length, dst, src) \
-(0 ? ((f)(&(self)->ctx, 0, NULL, NULL)) \
+(0 ? ((f)(&(self)->ctx, 0, (void *)0, (void *)0)) \
: cbc_encrypt((void *) &(self)->ctx, \
(nettle_crypt_func *) (f), \
sizeof((self)->iv), (self)->iv, \
(length), (dst), (src)))
#define CBC_DECRYPT(self, f, length, dst, src) \
-(0 ? ((f)(&(self)->ctx, 0, NULL, NULL)) \
+(0 ? ((f)(&(self)->ctx, 0, (void *)0, (void *)0)) \
: cbc_decrypt((void *) &(self)->ctx, \
(nettle_crypt_func *) (f), \
sizeof((self)->iv), (self)->iv, \
--- /dev/null
+/* cnd-copy.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "ecc-internal.h"
+
+void
+cnd_copy (int cnd, mp_limb_t *rp, const mp_limb_t *ap, mp_size_t n)
+{
+ mp_limb_t mask, keep;
+ mp_size_t i;
+
+ mask = -(mp_limb_t) (cnd !=0);
+ keep = ~mask;
+
+ for (i = 0; i < n; i++)
+ rp[i] = (rp[i] & keep) + (ap[i] & mask);
+}
#! /bin/sh
# Attempt to guess a canonical system name.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-# 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
+# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
+# 2011 Free Software Foundation, Inc.
-timestamp='2005-03-17'
+timestamp='2011-08-20'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
#
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
-# Originally written by Per Bothner <per@bothner.com>.
-# Please send patches to <config-patches@gnu.org>. Submit a context
-# diff and a properly formatted ChangeLog entry.
+
+# Originally written by Per Bothner. Please send patches (context
+# diff format) to <config-patches@gnu.org> and include a ChangeLog
+# entry.
#
# This script attempts to guess a canonical system name similar to
# config.sub. If it succeeds, it prints the system name on stdout, and
# exits with 0. Otherwise, it exits with 1.
#
-# The plan is that this can be called by configure scripts if you
-# don't specify an explicit build system type.
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
me=`echo "$0" | sed -e 's,.*/,,'`
GNU config.guess ($timestamp)
Originally written by Per Bothner.
-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
-Free Software Foundation, Inc.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
+2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free
+Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
while test $# -gt 0 ; do
case $1 in
--time-stamp | --time* | -t )
- echo "$timestamp" ; exit 0 ;;
+ echo "$timestamp" ; exit ;;
--version | -v )
- echo "$version" ; exit 0 ;;
+ echo "$version" ; exit ;;
--help | --h* | -h )
- echo "$usage"; exit 0 ;;
+ echo "$usage"; exit ;;
-- ) # Stop option processing
shift; break ;;
- ) # Use stdin as input.
trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
: ${TMPDIR=/tmp} ;
- { tmp=`(umask 077 && mktemp -d -q "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
{ test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
{ tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
{ echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
;;
,,*) CC_FOR_BUILD=$CC ;;
,*,*) CC_FOR_BUILD=$HOST_CC ;;
-esac ;'
+esac ; set_cc_for_build= ;'
# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
# (ghazi@noc.rutgers.edu 1994-08-24)
arm*) machine=arm-unknown ;;
sh3el) machine=shl-unknown ;;
sh3eb) machine=sh-unknown ;;
+ sh5el) machine=sh5le-unknown ;;
*) machine=${UNAME_MACHINE_ARCH}-unknown ;;
esac
# The Operating System including object format, if it has switched
arm*|i386|m68k|ns32k|sh3*|sparc|vax)
eval $set_cc_for_build
if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
- | grep __ELF__ >/dev/null
+ | grep -q __ELF__
then
# Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
# Return netbsd for either. FIX?
fi
;;
*)
- os=netbsd
+ os=netbsd
;;
esac
# The OS release
# contains redundant information, the shorter form:
# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
echo "${machine}-${os}${release}"
- exit 0 ;;
- amiga:OpenBSD:*:*)
- echo m68k-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
- arc:OpenBSD:*:*)
- echo mipsel-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
- hp300:OpenBSD:*:*)
- echo m68k-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
- mac68k:OpenBSD:*:*)
- echo m68k-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
- macppc:OpenBSD:*:*)
- echo powerpc-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
- mvme68k:OpenBSD:*:*)
- echo m68k-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
- mvme88k:OpenBSD:*:*)
- echo m88k-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
- mvmeppc:OpenBSD:*:*)
- echo powerpc-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
- pegasos:OpenBSD:*:*)
- echo powerpc-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
- pmax:OpenBSD:*:*)
- echo mipsel-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
- sgi:OpenBSD:*:*)
- echo mipseb-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
- sun3:OpenBSD:*:*)
- echo m68k-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
- wgrisc:OpenBSD:*:*)
- echo mipsel-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
*:OpenBSD:*:*)
- echo ${UNAME_MACHINE}-unknown-openbsd${UNAME_RELEASE}
- exit 0 ;;
+ UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
+ echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
+ exit ;;
+ *:ekkoBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
+ exit ;;
+ *:SolidBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE}
+ exit ;;
+ macppc:MirBSD:*:*)
+ echo powerpc-unknown-mirbsd${UNAME_RELEASE}
+ exit ;;
+ *:MirBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
+ exit ;;
alpha:OSF1:*:*)
- if test $UNAME_RELEASE = "V4.0"; then
+ case $UNAME_RELEASE in
+ *4.0)
UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
- fi
+ ;;
+ *5.*)
+ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
+ ;;
+ esac
# According to Compaq, /usr/sbin/psrinfo has been available on
# OSF/1 and Tru64 systems produced since 1995. I hope that
# covers most systems running today. This code pipes the CPU
"EV7.9 (21364A)")
UNAME_MACHINE="alphaev79" ;;
esac
+ # A Pn.n version is a patched version.
# A Vn.n version is a released version.
# A Tn.n version is a released field test version.
# A Xn.n version is an unreleased experimental baselevel.
# 1.2 uses "1.2" for uname -r.
- echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
- exit 0 ;;
- Alpha*:OpenVMS:*:*)
- echo alpha-hp-vms
- exit 0 ;;
+ echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+ # Reset EXIT trap before exiting to avoid spurious non-zero exit code.
+ exitcode=$?
+ trap '' 0
+ exit $exitcode ;;
Alpha\ *:Windows_NT*:*)
# How do we know it's Interix rather than the generic POSIX subsystem?
# Should we change UNAME_MACHINE based on the output of uname instead
# of the specific Alpha model?
echo alpha-pc-interix
- exit 0 ;;
+ exit ;;
21064:Windows_NT:50:3)
echo alpha-dec-winnt3.5
- exit 0 ;;
+ exit ;;
Amiga*:UNIX_System_V:4.0:*)
echo m68k-unknown-sysv4
- exit 0;;
+ exit ;;
*:[Aa]miga[Oo][Ss]:*:*)
echo ${UNAME_MACHINE}-unknown-amigaos
- exit 0 ;;
+ exit ;;
*:[Mm]orph[Oo][Ss]:*:*)
echo ${UNAME_MACHINE}-unknown-morphos
- exit 0 ;;
+ exit ;;
*:OS/390:*:*)
echo i370-ibm-openedition
- exit 0 ;;
+ exit ;;
+ *:z/VM:*:*)
+ echo s390-ibm-zvmoe
+ exit ;;
*:OS400:*:*)
- echo powerpc-ibm-os400
- exit 0 ;;
+ echo powerpc-ibm-os400
+ exit ;;
arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
echo arm-acorn-riscix${UNAME_RELEASE}
- exit 0;;
+ exit ;;
+ arm:riscos:*:*|arm:RISCOS:*:*)
+ echo arm-unknown-riscos
+ exit ;;
SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
echo hppa1.1-hitachi-hiuxmpp
- exit 0;;
+ exit ;;
Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
# akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
if test "`(/bin/universe) 2>/dev/null`" = att ; then
else
echo pyramid-pyramid-bsd
fi
- exit 0 ;;
+ exit ;;
NILE*:*:*:dcosx)
echo pyramid-pyramid-svr4
- exit 0 ;;
+ exit ;;
DRS?6000:unix:4.0:6*)
echo sparc-icl-nx6
- exit 0 ;;
- DRS?6000:UNIX_SV:4.2*:7*)
+ exit ;;
+ DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
case `/usr/bin/uname -p` in
- sparc) echo sparc-icl-nx7 && exit 0 ;;
+ sparc) echo sparc-icl-nx7; exit ;;
esac ;;
+ s390x:SunOS:*:*)
+ echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
sun4H:SunOS:5.*:*)
echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
- exit 0 ;;
+ exit ;;
sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
- exit 0 ;;
- i86pc:SunOS:5.*:*)
- case "`optisa \`isainfo\``" in
- amd64)
- echo x86_64-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
- ;;
- *)
- echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
- ;;
- esac
- exit 0 ;;
+ exit ;;
+ i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*)
+ echo i386-pc-auroraux${UNAME_RELEASE}
+ exit ;;
+ i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
+ eval $set_cc_for_build
+ SUN_ARCH="i386"
+ # If there is a compiler, see if it is configured for 64-bit objects.
+ # Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
+ # This test works for both compilers.
+ if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+ if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
+ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+ grep IS_64BIT_ARCH >/dev/null
+ then
+ SUN_ARCH="x86_64"
+ fi
+ fi
+ echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
sun4*:SunOS:6*:*)
# According to config.sub, this is the proper way to canonicalize
# SunOS6. Hard to guess exactly what SunOS6 will be like, but
# it's likely to be more like Solaris than SunOS4.
echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
- exit 0 ;;
+ exit ;;
sun4*:SunOS:*:*)
case "`/usr/bin/arch -k`" in
Series*|S4*)
esac
# Japanese Language versions have a version number like `4.1.3-JL'.
echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
- exit 0 ;;
+ exit ;;
sun3*:SunOS:*:*)
echo m68k-sun-sunos${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
sun*:*:4.2BSD:*)
UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
echo sparc-sun-sunos${UNAME_RELEASE}
;;
esac
- exit 0 ;;
+ exit ;;
aushp:SunOS:*:*)
echo sparc-auspex-sunos${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
# The situation for MiNT is a little confusing. The machine name
# can be virtually everything (everything which is not
# "atarist" or "atariste" at least should have a processor
# MiNT. But MiNT is downward compatible to TOS, so this should
# be no problem.
atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
- echo m68k-atari-mint${UNAME_RELEASE}
- exit 0 ;;
+ echo m68k-atari-mint${UNAME_RELEASE}
+ exit ;;
atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
echo m68k-atari-mint${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
*falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
- echo m68k-atari-mint${UNAME_RELEASE}
- exit 0 ;;
+ echo m68k-atari-mint${UNAME_RELEASE}
+ exit ;;
milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
- echo m68k-milan-mint${UNAME_RELEASE}
- exit 0 ;;
+ echo m68k-milan-mint${UNAME_RELEASE}
+ exit ;;
hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
- echo m68k-hades-mint${UNAME_RELEASE}
- exit 0 ;;
+ echo m68k-hades-mint${UNAME_RELEASE}
+ exit ;;
*:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
- echo m68k-unknown-mint${UNAME_RELEASE}
- exit 0 ;;
+ echo m68k-unknown-mint${UNAME_RELEASE}
+ exit ;;
+ m68k:machten:*:*)
+ echo m68k-apple-machten${UNAME_RELEASE}
+ exit ;;
powerpc:machten:*:*)
echo powerpc-apple-machten${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
RISC*:Mach:*:*)
echo mips-dec-mach_bsd4.3
- exit 0 ;;
+ exit ;;
RISC*:ULTRIX:*:*)
echo mips-dec-ultrix${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
VAX*:ULTRIX*:*:*)
echo vax-dec-ultrix${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
2020:CLIX:*:* | 2430:CLIX:*:*)
echo clipper-intergraph-clix${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
mips:*:*:UMIPS | mips:*:*:RISCos)
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
exit (-1);
}
EOF
- $CC_FOR_BUILD -o $dummy $dummy.c \
- && $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \
- && exit 0
+ $CC_FOR_BUILD -o $dummy $dummy.c &&
+ dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
+ SYSTEM_NAME=`$dummy $dummyarg` &&
+ { echo "$SYSTEM_NAME"; exit; }
echo mips-mips-riscos${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
Motorola:PowerMAX_OS:*:*)
echo powerpc-motorola-powermax
- exit 0 ;;
+ exit ;;
Motorola:*:4.3:PL8-*)
echo powerpc-harris-powermax
- exit 0 ;;
+ exit ;;
Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
echo powerpc-harris-powermax
- exit 0 ;;
+ exit ;;
Night_Hawk:Power_UNIX:*:*)
echo powerpc-harris-powerunix
- exit 0 ;;
+ exit ;;
m88k:CX/UX:7*:*)
echo m88k-harris-cxux7
- exit 0 ;;
+ exit ;;
m88k:*:4*:R4*)
echo m88k-motorola-sysv4
- exit 0 ;;
+ exit ;;
m88k:*:3*:R3*)
echo m88k-motorola-sysv3
- exit 0 ;;
+ exit ;;
AViiON:dgux:*:*)
- # DG/UX returns AViiON for all architectures
- UNAME_PROCESSOR=`/usr/bin/uname -p`
+ # DG/UX returns AViiON for all architectures
+ UNAME_PROCESSOR=`/usr/bin/uname -p`
if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
then
if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
else
echo i586-dg-dgux${UNAME_RELEASE}
fi
- exit 0 ;;
+ exit ;;
M88*:DolphinOS:*:*) # DolphinOS (SVR3)
echo m88k-dolphin-sysv3
- exit 0 ;;
+ exit ;;
M88*:*:R3*:*)
# Delta 88k system running SVR3
echo m88k-motorola-sysv3
- exit 0 ;;
+ exit ;;
XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
echo m88k-tektronix-sysv3
- exit 0 ;;
+ exit ;;
Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
echo m68k-tektronix-bsd
- exit 0 ;;
+ exit ;;
*:IRIX*:*:*)
echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
- exit 0 ;;
+ exit ;;
????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
- echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
- exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX '
+ echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
+ exit ;; # Note that: echo "'`uname -s`'" gives 'AIX '
i*86:AIX:*:*)
echo i386-ibm-aix
- exit 0 ;;
+ exit ;;
ia64:AIX:*:*)
if [ -x /usr/bin/oslevel ] ; then
IBM_REV=`/usr/bin/oslevel`
IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
fi
echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
- exit 0 ;;
+ exit ;;
*:AIX:2:3)
if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
eval $set_cc_for_build
exit(0);
}
EOF
- $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0
- echo rs6000-ibm-aix3.2.5
+ if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
+ then
+ echo "$SYSTEM_NAME"
+ else
+ echo rs6000-ibm-aix3.2.5
+ fi
elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
echo rs6000-ibm-aix3.2.4
else
echo rs6000-ibm-aix3.2
fi
- exit 0 ;;
- *:AIX:*:[45])
+ exit ;;
+ *:AIX:*:[4567])
IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
IBM_ARCH=rs6000
IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
fi
echo ${IBM_ARCH}-ibm-aix${IBM_REV}
- exit 0 ;;
+ exit ;;
*:AIX:*:*)
echo rs6000-ibm-aix
- exit 0 ;;
+ exit ;;
ibmrt:4.4BSD:*|romp-ibm:BSD:*)
echo romp-ibm-bsd4.4
- exit 0 ;;
+ exit ;;
ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and
echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to
- exit 0 ;; # report: romp-ibm BSD 4.3
+ exit ;; # report: romp-ibm BSD 4.3
*:BOSX:*:*)
echo rs6000-bull-bosx
- exit 0 ;;
+ exit ;;
DPX/2?00:B.O.S.:*:*)
echo m68k-bull-sysv3
- exit 0 ;;
+ exit ;;
9000/[34]??:4.3bsd:1.*:*)
echo m68k-hp-bsd
- exit 0 ;;
+ exit ;;
hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
echo m68k-hp-bsd4.4
- exit 0 ;;
+ exit ;;
9000/[34678]??:HP-UX:*:*)
HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
case "${UNAME_MACHINE}" in
9000/[678][0-9][0-9])
if [ -x /usr/bin/getconf ]; then
sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
- sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
- case "${sc_cpu_version}" in
- 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
- 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
- 532) # CPU_PA_RISC2_0
- case "${sc_kernel_bits}" in
- 32) HP_ARCH="hppa2.0n" ;;
- 64) HP_ARCH="hppa2.0w" ;;
+ sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+ case "${sc_cpu_version}" in
+ 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+ 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+ 532) # CPU_PA_RISC2_0
+ case "${sc_kernel_bits}" in
+ 32) HP_ARCH="hppa2.0n" ;;
+ 64) HP_ARCH="hppa2.0w" ;;
'') HP_ARCH="hppa2.0" ;; # HP-UX 10.20
- esac ;;
- esac
+ esac ;;
+ esac
fi
if [ "${HP_ARCH}" = "" ]; then
eval $set_cc_for_build
- sed 's/^ //' << EOF >$dummy.c
+ sed 's/^ //' << EOF >$dummy.c
- #define _HPUX_SOURCE
- #include <stdlib.h>
- #include <unistd.h>
+ #define _HPUX_SOURCE
+ #include <stdlib.h>
+ #include <unistd.h>
- int main ()
- {
- #if defined(_SC_KERNEL_BITS)
- long bits = sysconf(_SC_KERNEL_BITS);
- #endif
- long cpu = sysconf (_SC_CPU_VERSION);
+ int main ()
+ {
+ #if defined(_SC_KERNEL_BITS)
+ long bits = sysconf(_SC_KERNEL_BITS);
+ #endif
+ long cpu = sysconf (_SC_CPU_VERSION);
- switch (cpu)
- {
- case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
- case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
- case CPU_PA_RISC2_0:
- #if defined(_SC_KERNEL_BITS)
- switch (bits)
- {
- case 64: puts ("hppa2.0w"); break;
- case 32: puts ("hppa2.0n"); break;
- default: puts ("hppa2.0"); break;
- } break;
- #else /* !defined(_SC_KERNEL_BITS) */
- puts ("hppa2.0"); break;
- #endif
- default: puts ("hppa1.0"); break;
- }
- exit (0);
- }
+ switch (cpu)
+ {
+ case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+ case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+ case CPU_PA_RISC2_0:
+ #if defined(_SC_KERNEL_BITS)
+ switch (bits)
+ {
+ case 64: puts ("hppa2.0w"); break;
+ case 32: puts ("hppa2.0n"); break;
+ default: puts ("hppa2.0"); break;
+ } break;
+ #else /* !defined(_SC_KERNEL_BITS) */
+ puts ("hppa2.0"); break;
+ #endif
+ default: puts ("hppa1.0"); break;
+ }
+ exit (0);
+ }
EOF
(CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
test -z "$HP_ARCH" && HP_ARCH=hppa
esac
if [ ${HP_ARCH} = "hppa2.0w" ]
then
- # avoid double evaluation of $set_cc_for_build
- test -n "$CC_FOR_BUILD" || eval $set_cc_for_build
- if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E -) | grep __LP64__ >/dev/null
+ eval $set_cc_for_build
+
+ # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
+ # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler
+ # generating 64-bit code. GNU and HP use different nomenclature:
+ #
+ # $ CC_FOR_BUILD=cc ./config.guess
+ # => hppa2.0w-hp-hpux11.23
+ # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
+ # => hppa64-hp-hpux11.23
+
+ if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
+ grep -q __LP64__
then
HP_ARCH="hppa2.0w"
else
fi
fi
echo ${HP_ARCH}-hp-hpux${HPUX_REV}
- exit 0 ;;
+ exit ;;
ia64:HP-UX:*:*)
HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
echo ia64-hp-hpux${HPUX_REV}
- exit 0 ;;
+ exit ;;
3050*:HI-UX:*:*)
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
exit (0);
}
EOF
- $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0
+ $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
+ { echo "$SYSTEM_NAME"; exit; }
echo unknown-hitachi-hiuxwe2
- exit 0 ;;
+ exit ;;
9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
echo hppa1.1-hp-bsd
- exit 0 ;;
+ exit ;;
9000/8??:4.3bsd:*:*)
echo hppa1.0-hp-bsd
- exit 0 ;;
+ exit ;;
*9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
echo hppa1.0-hp-mpeix
- exit 0 ;;
+ exit ;;
hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
echo hppa1.1-hp-osf
- exit 0 ;;
+ exit ;;
hp8??:OSF1:*:*)
echo hppa1.0-hp-osf
- exit 0 ;;
+ exit ;;
i*86:OSF1:*:*)
if [ -x /usr/sbin/sysversion ] ; then
echo ${UNAME_MACHINE}-unknown-osf1mk
else
echo ${UNAME_MACHINE}-unknown-osf1
fi
- exit 0 ;;
+ exit ;;
parisc*:Lites*:*:*)
echo hppa1.1-hp-lites
- exit 0 ;;
+ exit ;;
C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
echo c1-convex-bsd
- exit 0 ;;
+ exit ;;
C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
if getsysinfo -f scalar_acc
then echo c32-convex-bsd
else echo c2-convex-bsd
fi
- exit 0 ;;
+ exit ;;
C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
echo c34-convex-bsd
- exit 0 ;;
+ exit ;;
C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
echo c38-convex-bsd
- exit 0 ;;
+ exit ;;
C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
echo c4-convex-bsd
- exit 0 ;;
+ exit ;;
CRAY*Y-MP:*:*:*)
echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
- exit 0 ;;
+ exit ;;
CRAY*[A-Z]90:*:*:*)
echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
-e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
-e 's/\.[^.]*$/.X/'
- exit 0 ;;
+ exit ;;
CRAY*TS:*:*:*)
echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
- exit 0 ;;
+ exit ;;
CRAY*T3E:*:*:*)
echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
- exit 0 ;;
+ exit ;;
CRAY*SV1:*:*:*)
echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
- exit 0 ;;
+ exit ;;
*:UNICOS/mp:*:*)
- echo nv1-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
- exit 0 ;;
+ echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
- FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
- FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
- echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
- exit 0 ;;
+ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+ FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+ echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+ exit ;;
5000:UNIX_System_V:4.*:*)
- FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
- FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
- echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
- exit 0 ;;
+ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+ FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
+ echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+ exit ;;
i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
sparc*:BSD/OS:*:*)
echo sparc-unknown-bsdi${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
*:BSD/OS:*:*)
echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
*:FreeBSD:*:*)
- # Determine whether the default compiler uses glibc.
- eval $set_cc_for_build
- sed 's/^ //' << EOF >$dummy.c
- #include <features.h>
- #if __GLIBC__ >= 2
- LIBC=gnu
- #else
- LIBC=
- #endif
-EOF
- eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
- # GNU/KFreeBSD systems have a "k" prefix to indicate we are using
- # FreeBSD's kernel, but not the complete OS.
- case ${LIBC} in gnu) kernel_only='k' ;; esac
- echo ${UNAME_MACHINE}-unknown-${kernel_only}freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC}
- exit 0 ;;
+ UNAME_PROCESSOR=`/usr/bin/uname -p`
+ case ${UNAME_PROCESSOR} in
+ amd64)
+ echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+ *)
+ echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+ esac
+ exit ;;
i*:CYGWIN*:*)
echo ${UNAME_MACHINE}-pc-cygwin
- exit 0 ;;
- i*:MINGW*:*)
+ exit ;;
+ *:MINGW*:*)
echo ${UNAME_MACHINE}-pc-mingw32
- exit 0 ;;
+ exit ;;
+ i*:windows32*:*)
+ # uname -m includes "-pc" on this system.
+ echo ${UNAME_MACHINE}-mingw32
+ exit ;;
i*:PW*:*)
echo ${UNAME_MACHINE}-pc-pw32
- exit 0 ;;
- x86:Interix*:[34]*)
- echo i586-pc-interix${UNAME_RELEASE}|sed -e 's/\..*//'
- exit 0 ;;
- [x3456]86:Windows_95:* | [x3456]86:Windows_98:* | [x3456]86:Windows_NT:*)
+ exit ;;
+ *:Interix*:*)
+ case ${UNAME_MACHINE} in
+ x86)
+ echo i586-pc-interix${UNAME_RELEASE}
+ exit ;;
+ authenticamd | genuineintel | EM64T)
+ echo x86_64-unknown-interix${UNAME_RELEASE}
+ exit ;;
+ IA64)
+ echo ia64-unknown-interix${UNAME_RELEASE}
+ exit ;;
+ esac ;;
+ [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
echo i${UNAME_MACHINE}-pc-mks
- exit 0 ;;
+ exit ;;
+ 8664:Windows_NT:*)
+ echo x86_64-pc-mks
+ exit ;;
i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
# How do we know it's Interix rather than the generic POSIX subsystem?
# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
# UNAME_MACHINE based on the output of uname instead of i386?
echo i586-pc-interix
- exit 0 ;;
+ exit ;;
i*:UWIN*:*)
echo ${UNAME_MACHINE}-pc-uwin
- exit 0 ;;
+ exit ;;
+ amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
+ echo x86_64-unknown-cygwin
+ exit ;;
p*:CYGWIN*:*)
echo powerpcle-unknown-cygwin
- exit 0 ;;
+ exit ;;
prep*:SunOS:5.*:*)
echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
- exit 0 ;;
+ exit ;;
*:GNU:*:*)
# the GNU system
echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
- exit 0 ;;
+ exit ;;
*:GNU/*:*:*)
# other systems with GNU libc and userland
echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu
- exit 0 ;;
+ exit ;;
i*86:Minix:*:*)
echo ${UNAME_MACHINE}-pc-minix
- exit 0 ;;
+ exit ;;
+ alpha:Linux:*:*)
+ case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+ EV5) UNAME_MACHINE=alphaev5 ;;
+ EV56) UNAME_MACHINE=alphaev56 ;;
+ PCA56) UNAME_MACHINE=alphapca56 ;;
+ PCA57) UNAME_MACHINE=alphapca56 ;;
+ EV6) UNAME_MACHINE=alphaev6 ;;
+ EV67) UNAME_MACHINE=alphaev67 ;;
+ EV68*) UNAME_MACHINE=alphaev68 ;;
+ esac
+ objdump --private-headers /bin/sh | grep -q ld.so.1
+ if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
+ echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
+ exit ;;
arm*:Linux:*:*)
+ eval $set_cc_for_build
+ if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
+ | grep -q __ARM_EABI__
+ then
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ else
+ if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \
+ | grep -q __ARM_PCS_VFP
+ then
+ echo ${UNAME_MACHINE}-unknown-linux-gnueabi
+ else
+ echo ${UNAME_MACHINE}-unknown-linux-gnueabihf
+ fi
+ fi
+ exit ;;
+ avr32*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
- exit 0 ;;
+ exit ;;
cris:Linux:*:*)
echo cris-axis-linux-gnu
- exit 0 ;;
- ia64:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-gnu
- exit 0 ;;
- m68*:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-gnu
- exit 0 ;;
- mips:Linux:*:*)
+ exit ;;
+ crisv32:Linux:*:*)
+ echo crisv32-axis-linux-gnu
+ exit ;;
+ frv:Linux:*:*)
+ echo frv-unknown-linux-gnu
+ exit ;;
+ i*86:Linux:*:*)
+ LIBC=gnu
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
- #undef CPU
- #undef mips
- #undef mipsel
- #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
- CPU=mipsel
- #else
- #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
- CPU=mips
- #else
- CPU=
- #endif
+ #ifdef __dietlibc__
+ LIBC=dietlibc
#endif
EOF
- eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
- test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0
- ;;
- mips64:Linux:*:*)
+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'`
+ echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
+ exit ;;
+ ia64:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ m32r*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ m68*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ mips:Linux:*:* | mips64:Linux:*:*)
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
#undef CPU
- #undef mips64
- #undef mips64el
+ #undef ${UNAME_MACHINE}
+ #undef ${UNAME_MACHINE}el
#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
- CPU=mips64el
+ CPU=${UNAME_MACHINE}el
#else
#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
- CPU=mips64
+ CPU=${UNAME_MACHINE}
#else
CPU=
#endif
#endif
EOF
- eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
- test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0
+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'`
+ test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
;;
- ppc:Linux:*:*)
- echo powerpc-unknown-linux-gnu
- exit 0 ;;
- ppc64:Linux:*:*)
- echo powerpc64-unknown-linux-gnu
- exit 0 ;;
- alpha:Linux:*:*)
- case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
- EV5) UNAME_MACHINE=alphaev5 ;;
- EV56) UNAME_MACHINE=alphaev56 ;;
- PCA56) UNAME_MACHINE=alphapca56 ;;
- PCA57) UNAME_MACHINE=alphapca56 ;;
- EV6) UNAME_MACHINE=alphaev6 ;;
- EV67) UNAME_MACHINE=alphaev67 ;;
- EV68*) UNAME_MACHINE=alphaev68 ;;
- esac
- objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
- if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
- echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
- exit 0 ;;
+ or32:Linux:*:*)
+ echo or32-unknown-linux-gnu
+ exit ;;
+ padre:Linux:*:*)
+ echo sparc-unknown-linux-gnu
+ exit ;;
+ parisc64:Linux:*:* | hppa64:Linux:*:*)
+ echo hppa64-unknown-linux-gnu
+ exit ;;
parisc:Linux:*:* | hppa:Linux:*:*)
# Look for CPU level
case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
PA8*) echo hppa2.0-unknown-linux-gnu ;;
*) echo hppa-unknown-linux-gnu ;;
esac
- exit 0 ;;
- parisc64:Linux:*:* | hppa64:Linux:*:*)
- echo hppa64-unknown-linux-gnu
- exit 0 ;;
+ exit ;;
+ ppc64:Linux:*:*)
+ echo powerpc64-unknown-linux-gnu
+ exit ;;
+ ppc:Linux:*:*)
+ echo powerpc-unknown-linux-gnu
+ exit ;;
s390:Linux:*:* | s390x:Linux:*:*)
echo ${UNAME_MACHINE}-ibm-linux
- exit 0 ;;
+ exit ;;
sh64*:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-gnu
- exit 0 ;;
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
sh*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
- exit 0 ;;
+ exit ;;
sparc:Linux:*:* | sparc64:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
- exit 0 ;;
+ exit ;;
+ tile*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ vax:Linux:*:*)
+ echo ${UNAME_MACHINE}-dec-linux-gnu
+ exit ;;
x86_64:Linux:*:*)
echo x86_64-unknown-linux-gnu
- exit 0 ;;
- i*86:Linux:*:*)
- # The BFD linker knows what the default object file format is, so
- # first see if it will tell us. cd to the root directory to prevent
- # problems with other programs or directories called `ld' in the path.
- # Set LC_ALL=C to ensure ld outputs messages in English.
- ld_supported_targets=`cd /; LC_ALL=C ld --help 2>&1 \
- | sed -ne '/supported targets:/!d
- s/[ ][ ]*/ /g
- s/.*supported targets: *//
- s/ .*//
- p'`
- case "$ld_supported_targets" in
- elf32-i386)
- TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu"
- ;;
- a.out-i386-linux)
- echo "${UNAME_MACHINE}-pc-linux-gnuaout"
- exit 0 ;;
- coff-i386)
- echo "${UNAME_MACHINE}-pc-linux-gnucoff"
- exit 0 ;;
- "")
- # Either a pre-BFD a.out linker (linux-gnuoldld) or
- # one that does not give us useful --help.
- echo "${UNAME_MACHINE}-pc-linux-gnuoldld"
- exit 0 ;;
- esac
- # Determine whether the default compiler is a.out or elf
- eval $set_cc_for_build
- sed 's/^ //' << EOF >$dummy.c
- #include <features.h>
- #ifdef __ELF__
- # ifdef __GLIBC__
- # if __GLIBC__ >= 2
- LIBC=gnu
- # else
- LIBC=gnulibc1
- # endif
- # else
- LIBC=gnulibc1
- # endif
- #else
- #ifdef __INTEL_COMPILER
- LIBC=gnu
- #else
- LIBC=gnuaout
- #endif
- #endif
- #ifdef __dietlibc__
- LIBC=dietlibc
- #endif
-EOF
- eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
- test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0
- test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0
- ;;
+ exit ;;
+ xtensa*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
i*86:DYNIX/ptx:4*:*)
# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
# earlier versions are messed up and put the nodename in both
# sysname and nodename.
echo i386-sequent-sysv4
- exit 0 ;;
+ exit ;;
i*86:UNIX_SV:4.2MP:2.*)
- # Unixware is an offshoot of SVR4, but it has its own version
- # number series starting with 2...
- # I am not positive that other SVR4 systems won't match this,
+ # Unixware is an offshoot of SVR4, but it has its own version
+ # number series starting with 2...
+ # I am not positive that other SVR4 systems won't match this,
# I just have to hope. -- rms.
- # Use sysv4.2uw... so that sysv4* matches it.
+ # Use sysv4.2uw... so that sysv4* matches it.
echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
- exit 0 ;;
+ exit ;;
i*86:OS/2:*:*)
# If we were able to find `uname', then EMX Unix compatibility
# is probably installed.
echo ${UNAME_MACHINE}-pc-os2-emx
- exit 0 ;;
+ exit ;;
i*86:XTS-300:*:STOP)
echo ${UNAME_MACHINE}-unknown-stop
- exit 0 ;;
+ exit ;;
i*86:atheos:*:*)
echo ${UNAME_MACHINE}-unknown-atheos
- exit 0 ;;
- i*86:syllable:*:*)
+ exit ;;
+ i*86:syllable:*:*)
echo ${UNAME_MACHINE}-pc-syllable
- exit 0 ;;
- i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
+ exit ;;
+ i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*)
echo i386-unknown-lynxos${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
i*86:*DOS:*:*)
echo ${UNAME_MACHINE}-pc-msdosdjgpp
- exit 0 ;;
+ exit ;;
i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
else
echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
fi
- exit 0 ;;
- i*86:*:5:[78]*)
+ exit ;;
+ i*86:*:5:[678]*)
+ # UnixWare 7.x, OpenUNIX and OpenServer 6.
case `/bin/uname -X | grep "^Machine"` in
*486*) UNAME_MACHINE=i486 ;;
*Pentium) UNAME_MACHINE=i586 ;;
*Pent*|*Celeron) UNAME_MACHINE=i686 ;;
esac
echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
- exit 0 ;;
+ exit ;;
i*86:*:3.2:*)
if test -f /usr/options/cb.name; then
UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
else
echo ${UNAME_MACHINE}-pc-sysv32
fi
- exit 0 ;;
+ exit ;;
pc:*:*:*)
# Left here for compatibility:
- # uname -m prints for DJGPP always 'pc', but it prints nothing about
- # the processor, so we play safe by assuming i386.
- echo i386-pc-msdosdjgpp
- exit 0 ;;
+ # uname -m prints for DJGPP always 'pc', but it prints nothing about
+ # the processor, so we play safe by assuming i586.
+ # Note: whatever this is, it MUST be the same as what config.sub
+ # prints for the "djgpp" host, or else GDB configury will decide that
+ # this is a cross-build.
+ echo i586-pc-msdosdjgpp
+ exit ;;
Intel:Mach:3*:*)
echo i386-pc-mach3
- exit 0 ;;
+ exit ;;
paragon:*:*:*)
echo i860-intel-osf1
- exit 0 ;;
+ exit ;;
i860:*:4.*:*) # i860-SVR4
if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
else # Add other i860-SVR4 vendors below as they are discovered.
echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4
fi
- exit 0 ;;
+ exit ;;
mini*:CTIX:SYS*5:*)
# "miniframe"
echo m68010-convergent-sysv
- exit 0 ;;
+ exit ;;
mc68k:UNIX:SYSTEM5:3.51m)
echo m68k-convergent-sysv
- exit 0 ;;
+ exit ;;
M680?0:D-NIX:5.3:*)
echo m68k-diab-dnix
- exit 0 ;;
- M68*:*:R3V[567]*:*)
- test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;;
- 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0)
+ exit ;;
+ M68*:*:R3V[5678]*:*)
+ test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
+ 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
OS_REL=''
test -r /etc/.relid \
&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
- && echo i486-ncr-sysv4.3${OS_REL} && exit 0
+ && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
- && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;;
+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
- /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
- && echo i486-ncr-sysv4 && exit 0 ;;
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && { echo i486-ncr-sysv4; exit; } ;;
+ NCR*:*:4.2:* | MPRAS*:*:4.2:*)
+ OS_REL='.3'
+ test -r /etc/.relid \
+ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+ /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; }
+ /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \
+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
echo m68k-unknown-lynxos${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
mc68030:UNIX_System_V:4.*:*)
echo m68k-atari-sysv4
- exit 0 ;;
+ exit ;;
TSUNAMI:LynxOS:2.*:*)
echo sparc-unknown-lynxos${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
rs6000:LynxOS:2.*:*)
echo rs6000-unknown-lynxos${UNAME_RELEASE}
- exit 0 ;;
- PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*)
+ exit ;;
+ PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*)
echo powerpc-unknown-lynxos${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
SM[BE]S:UNIX_SV:*:*)
echo mips-dde-sysv${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
RM*:ReliantUNIX-*:*:*)
echo mips-sni-sysv4
- exit 0 ;;
+ exit ;;
RM*:SINIX-*:*:*)
echo mips-sni-sysv4
- exit 0 ;;
+ exit ;;
*:SINIX-*:*:*)
if uname -p 2>/dev/null >/dev/null ; then
UNAME_MACHINE=`(uname -p) 2>/dev/null`
else
echo ns32k-sni-sysv
fi
- exit 0 ;;
- PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
- # says <Richard.M.Bartel@ccMail.Census.GOV>
- echo i586-unisys-sysv4
- exit 0 ;;
+ exit ;;
+ PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+ # says <Richard.M.Bartel@ccMail.Census.GOV>
+ echo i586-unisys-sysv4
+ exit ;;
*:UNIX_System_V:4*:FTX*)
# From Gerald Hewes <hewes@openmarket.com>.
# How about differentiating between stratus architectures? -djm
echo hppa1.1-stratus-sysv4
- exit 0 ;;
+ exit ;;
*:*:*:FTX*)
# From seanf@swdc.stratus.com.
echo i860-stratus-sysv4
- exit 0 ;;
+ exit ;;
+ i*86:VOS:*:*)
+ # From Paul.Green@stratus.com.
+ echo ${UNAME_MACHINE}-stratus-vos
+ exit ;;
*:VOS:*:*)
# From Paul.Green@stratus.com.
echo hppa1.1-stratus-vos
- exit 0 ;;
+ exit ;;
mc68*:A/UX:*:*)
echo m68k-apple-aux${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
news*:NEWS-OS:6*:*)
echo mips-sony-newsos6
- exit 0 ;;
+ exit ;;
R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
if [ -d /usr/nec ]; then
- echo mips-nec-sysv${UNAME_RELEASE}
+ echo mips-nec-sysv${UNAME_RELEASE}
else
- echo mips-unknown-sysv${UNAME_RELEASE}
+ echo mips-unknown-sysv${UNAME_RELEASE}
fi
- exit 0 ;;
+ exit ;;
BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.
echo powerpc-be-beos
- exit 0 ;;
+ exit ;;
BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only.
echo powerpc-apple-beos
- exit 0 ;;
+ exit ;;
BePC:BeOS:*:*) # BeOS running on Intel PC compatible.
echo i586-pc-beos
- exit 0 ;;
+ exit ;;
+ BePC:Haiku:*:*) # Haiku running on Intel PC compatible.
+ echo i586-pc-haiku
+ exit ;;
SX-4:SUPER-UX:*:*)
echo sx4-nec-superux${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
SX-5:SUPER-UX:*:*)
echo sx5-nec-superux${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
SX-6:SUPER-UX:*:*)
echo sx6-nec-superux${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
+ SX-7:SUPER-UX:*:*)
+ echo sx7-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-8:SUPER-UX:*:*)
+ echo sx8-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-8R:SUPER-UX:*:*)
+ echo sx8r-nec-superux${UNAME_RELEASE}
+ exit ;;
Power*:Rhapsody:*:*)
echo powerpc-apple-rhapsody${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
*:Rhapsody:*:*)
echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
*:Darwin:*:*)
- case `uname -p` in
- *86) UNAME_PROCESSOR=i686 ;;
- powerpc) UNAME_PROCESSOR=powerpc ;;
+ UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
+ case $UNAME_PROCESSOR in
+ i386)
+ eval $set_cc_for_build
+ if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+ if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
+ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+ grep IS_64BIT_ARCH >/dev/null
+ then
+ UNAME_PROCESSOR="x86_64"
+ fi
+ fi ;;
+ unknown) UNAME_PROCESSOR=powerpc ;;
esac
echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
*:procnto*:*:* | *:QNX:[0123456789]*:*)
UNAME_PROCESSOR=`uname -p`
if test "$UNAME_PROCESSOR" = "x86"; then
UNAME_MACHINE=pc
fi
echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
*:QNX:*:4*)
echo i386-pc-qnx
- exit 0 ;;
+ exit ;;
+ NEO-?:NONSTOP_KERNEL:*:*)
+ echo neo-tandem-nsk${UNAME_RELEASE}
+ exit ;;
+ NSE-?:NONSTOP_KERNEL:*:*)
+ echo nse-tandem-nsk${UNAME_RELEASE}
+ exit ;;
NSR-?:NONSTOP_KERNEL:*:*)
echo nsr-tandem-nsk${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
*:NonStop-UX:*:*)
echo mips-compaq-nonstopux
- exit 0 ;;
+ exit ;;
BS2000:POSIX*:*:*)
echo bs2000-siemens-sysv
- exit 0 ;;
+ exit ;;
DS/*:UNIX_System_V:*:*)
echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
- exit 0 ;;
+ exit ;;
*:Plan9:*:*)
# "uname -m" is not consistent, so use $cputype instead. 386
# is converted to i386 for consistency with other x86
UNAME_MACHINE="$cputype"
fi
echo ${UNAME_MACHINE}-unknown-plan9
- exit 0 ;;
+ exit ;;
*:TOPS-10:*:*)
echo pdp10-unknown-tops10
- exit 0 ;;
+ exit ;;
*:TENEX:*:*)
echo pdp10-unknown-tenex
- exit 0 ;;
+ exit ;;
KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
echo pdp10-dec-tops20
- exit 0 ;;
+ exit ;;
XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
echo pdp10-xkl-tops20
- exit 0 ;;
+ exit ;;
*:TOPS-20:*:*)
echo pdp10-unknown-tops20
- exit 0 ;;
+ exit ;;
*:ITS:*:*)
echo pdp10-unknown-its
- exit 0 ;;
+ exit ;;
SEI:*:*:SEIUX)
- echo mips-sei-seiux${UNAME_RELEASE}
- exit 0 ;;
- *:DRAGONFLY:*:*)
- echo ${UNAME_MACHINE}-unknown-dragonfly${UNAME_RELEASE}
- exit 0 ;;
+ echo mips-sei-seiux${UNAME_RELEASE}
+ exit ;;
+ *:DragonFly:*:*)
+ echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+ exit ;;
+ *:*VMS:*:*)
+ UNAME_MACHINE=`(uname -p) 2>/dev/null`
+ case "${UNAME_MACHINE}" in
+ A*) echo alpha-dec-vms ; exit ;;
+ I*) echo ia64-dec-vms ; exit ;;
+ V*) echo vax-dec-vms ; exit ;;
+ esac ;;
+ *:XENIX:*:SysV)
+ echo i386-pc-xenix
+ exit ;;
+ i*86:skyos:*:*)
+ echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
+ exit ;;
+ i*86:rdos:*:*)
+ echo ${UNAME_MACHINE}-pc-rdos
+ exit ;;
+ i*86:AROS:*:*)
+ echo ${UNAME_MACHINE}-pc-aros
+ exit ;;
esac
#echo '(No uname command or uname output not recognized.)' 1>&2
#include <sys/param.h>
printf ("m68k-sony-newsos%s\n",
#ifdef NEWSOS4
- "4"
+ "4"
#else
- ""
+ ""
#endif
- ); exit (0);
+ ); exit (0);
#endif
#endif
#if defined (__arm) && defined (__acorn) && defined (__unix)
- printf ("arm-acorn-riscix"); exit (0);
+ printf ("arm-acorn-riscix\n"); exit (0);
#endif
#if defined (hp300) && !defined (hpux)
}
EOF
-$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && $dummy && exit 0
+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
+ { echo "$SYSTEM_NAME"; exit; }
# Apollos put the system type in the environment.
-test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; }
+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
# Convex versions that predate uname can use getsysinfo(1)
case `getsysinfo -f cpu_type` in
c1*)
echo c1-convex-bsd
- exit 0 ;;
+ exit ;;
c2*)
if getsysinfo -f scalar_acc
then echo c32-convex-bsd
else echo c2-convex-bsd
fi
- exit 0 ;;
+ exit ;;
c34*)
echo c34-convex-bsd
- exit 0 ;;
+ exit ;;
c38*)
echo c38-convex-bsd
- exit 0 ;;
+ exit ;;
c4*)
echo c4-convex-bsd
- exit 0 ;;
+ exit ;;
esac
fi
the operating system you are using. It is advised that you
download the most up to date version of the config scripts from
- ftp://ftp.gnu.org/pub/gnu/config/
+ http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
+and
+ http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
If the version you run ($0) is already up to date, please
send the following data and any information you think might be
/* config.h.in. Generated from configure.ac by autoheader. */
+/* Define if building universal (internal helper macro) */
+#undef AC_APPLE_UNIVERSAL_BUILD
+
+/* The normal alignment of `uint64_t', in bytes. */
+#undef ALIGNOF_UINT64_T
+
/* Define to one of `_getb67', `GETB67', `getb67' for Cray-2 and Cray-YMP
systems. This function is required for `alloca.c' support on those systems.
*/
*/
#undef HAVE_ALLOCA_H
+/* Define if clock_gettime is available */
+#undef HAVE_CLOCK_GETTIME
+
/* Define if fcntl file locking is available */
#undef HAVE_FCNTL_LOCKING
/* Define if mpz_powm_sec is available (appeared in GMP-5) */
#undef HAVE_MPZ_POWM_SEC
+/* Define to 1 each of the following for which a native (ie. CPU specific)
+ implementation of the corresponding routine exists. */
+#undef HAVE_NATIVE_ecc_192_modp
+#undef HAVE_NATIVE_ecc_192_redc
+#undef HAVE_NATIVE_ecc_224_modp
+#undef HAVE_NATIVE_ecc_224_redc
+#undef HAVE_NATIVE_ecc_256_modp
+#undef HAVE_NATIVE_ecc_256_redc
+#undef HAVE_NATIVE_ecc_384_modp
+#undef HAVE_NATIVE_ecc_384_redc
+#undef HAVE_NATIVE_ecc_521_modp
+#undef HAVE_NATIVE_ecc_521_redc
+
/* Define to 1 if you have the <openssl/aes.h> header file. */
#undef HAVE_OPENSSL_AES_H
/* Define to 1 if you have the <stdlib.h> header file. */
#undef HAVE_STDLIB_H
+/* Define to 1 if you have the `strerror' function. */
+#undef HAVE_STRERROR
+
/* Define to 1 if you have the <strings.h> header file. */
#undef HAVE_STRINGS_H
/* Define to the one symbol short name of this package. */
#undef PACKAGE_TARNAME
+/* Define to the home page for this package. */
+#undef PACKAGE_URL
+
/* Define to the version of this package. */
#undef PACKAGE_VERSION
/* Define if you have openssl's libcrypto (used for benchmarking) */
#undef WITH_OPENSSL
-/* Define to 1 if your processor stores words with the most significant byte
- first (like Motorola and SPARC, unlike Intel and VAX). */
-#undef WORDS_BIGENDIAN
+/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
+ significant byte first (like Motorola and SPARC, unlike Intel). */
+#if defined AC_APPLE_UNIVERSAL_BUILD
+# if defined __BIG_ENDIAN__
+# define WORDS_BIGENDIAN 1
+# endif
+#else
+# ifndef WORDS_BIGENDIAN
+# undef WORDS_BIGENDIAN
+# endif
+#endif
/* Define to empty if `const' does not conform to ANSI C. */
#undef const
#else /* defined __GNUC__ */
# if HAVE_ALLOCA_H
# include <alloca.h>
+# else
+/* Needed for alloca on windows, also with gcc */
+# if HAVE_MALLOC_H
+# include <malloc.h>
+# endif
# endif
#endif
+#if HAVE_STRERROR
+#define STRERROR strerror
+#else
+#define STRERROR(x) (sys_errlist[x])
+#endif
+
+
#if __GNUC__ && HAVE_GCC_ATTRIBUTE
# define NORETURN __attribute__ ((__noreturn__))
# define PRINTF_STYLE(f, a) __attribute__ ((__format__ (__printf__, f, a)))
# define UNUSED
#endif
+
+#if defined(__x86_64__) || defined(__arch64__)
+# define HAVE_NATIVE_64_BIT 1
+#else
+/* Needs include of <limits.h> before use. */
+# define HAVE_NATIVE_64_BIT (SIZEOF_LONG * CHAR_BIT >= 64)
+#endif
+
define(<C_NAME>, <@ASM_SYMBOL_PREFIX@><$1>)dnl
define(<ELF_STYLE>, <@ASM_ELF_STYLE@>)dnl
define(<TYPE_FUNCTION>, <@ASM_TYPE_FUNCTION@>)dnl
+define(<TYPE_PROGBITS>, <@ASM_TYPE_PROGBITS@>)dnl
define(<ALIGN_LOG>, <@ASM_ALIGN_LOG@>)dnl
+define(<ALIGNOF_UINT64_T>, <@ALIGNOF_UINT64_T@>)dnl
+define(<W64_ABI>, <@W64_ABI@>)dnl
divert(1)
@ASM_MARK_NOEXEC_STACK@
divert
LDFLAGS = @LDFLAGS@
LIBS = @LIBS@
LIBOBJS = @LIBOBJS@
+EMULATOR = @EMULATOR@
+NM = @NM@
OBJEXT = @OBJEXT@
EXEEXT = @EXEEXT@
+CC_FOR_BUILD = @CC_FOR_BUILD@
+EXEEXT_FOR_BUILD = @EXEEXT_FOR_BUILD@
+
DEP_FLAGS = @DEP_FLAGS@
DEP_PROCESS = @DEP_PROCESS@
LIBNETTLE_MINOR = @LIBNETTLE_MINOR@
LIBNETTLE_SONAME = @LIBNETTLE_SONAME@
LIBNETTLE_FILE = @LIBNETTLE_FILE@
+LIBNETTLE_FILE_SRC = @LIBNETTLE_FILE_SRC@
LIBNETTLE_FORLINK = @LIBNETTLE_FORLINK@
LIBNETTLE_LIBS = @LIBNETTLE_LIBS@
LIBNETTLE_LINK = @LIBNETTLE_LINK@
LIBHOGWEED_MINOR = @LIBHOGWEED_MINOR@
LIBHOGWEED_SONAME = @LIBHOGWEED_SONAME@
LIBHOGWEED_FILE = @LIBHOGWEED_FILE@
+LIBHOGWEED_FILE_SRC = @LIBHOGWEED_FILE_SRC@
LIBHOGWEED_FORLINK = @LIBHOGWEED_FORLINK@
LIBHOGWEED_LIBS = @LIBHOGWEED_LIBS@
LIBHOGWEED_LINK = @LIBHOGWEED_LINK@
-AR = ar
+GMP_NUMB_BITS = @GMP_NUMB_BITS@
+
+AR = @AR@
ARFLAGS = cru
AUTOCONF = autoconf
AUTOHEADER = autoheader
M4 = @M4@
MAKEINFO = makeinfo
RANLIB = @RANLIB@
+LN_S = @LN_S@
prefix = @prefix@
exec_prefix = @exec_prefix@
# compile was broken when .SUFFIXES was moved here from Makefile.in.
.SUFFIXES:
-.SUFFIXES: .asm .c .$(OBJEXT) .p$(OBJEXT) .html .dvi .info .exe .pdf .ps .texinfo
+.SUFFIXES: .asm .s .c .$(OBJEXT) .p$(OBJEXT) .html .dvi .info .exe .pdf .ps .texinfo
# Disable builtin rule
%$(EXEEXT) : %.c
#! /bin/sh
# Configuration validation subroutine script.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-# 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
+# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
+# 2011 Free Software Foundation, Inc.
-timestamp='2004-03-12'
+timestamp='2011-08-23'
# This file is (in principle) common to ALL GNU software.
# The presence of a machine in this file suggests that SOME GNU software
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330,
-# Boston, MA 02111-1307, USA.
-
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
+
# Please send patches to <config-patches@gnu.org>. Submit a context
-# diff and a properly formatted ChangeLog entry.
+# diff and a properly formatted GNU ChangeLog entry.
#
# Configuration subroutine to validate and canonicalize a configuration type.
# Supply the specified configuration type as an argument.
# If it is invalid, we print an error message on stderr and exit with code 1.
# Otherwise, we print the canonical config type on stdout and succeed.
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+
# This file is supposed to be the same for all GNU packages
# and recognize all the CPU types, system types and aliases
# that are meaningful with *any* GNU software.
version="\
GNU config.sub ($timestamp)
-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
-Free Software Foundation, Inc.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
+2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free
+Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
while test $# -gt 0 ; do
case $1 in
--time-stamp | --time* | -t )
- echo "$timestamp" ; exit 0 ;;
+ echo "$timestamp" ; exit ;;
--version | -v )
- echo "$version" ; exit 0 ;;
+ echo "$version" ; exit ;;
--help | --h* | -h )
- echo "$usage"; exit 0 ;;
+ echo "$usage"; exit ;;
-- ) # Stop option processing
shift; break ;;
- ) # Use stdin as input.
*local*)
# First pass through any local machine types.
echo $1
- exit 0;;
+ exit ;;
* )
break ;;
# Here we must recognize all the valid KERNEL-OS combinations.
maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
case $maybe_os in
- nto-qnx* | linux-gnu* | linux-dietlibc | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | \
- kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*)
+ nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \
+ linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
+ knetbsd*-gnu* | netbsd*-gnu* | \
+ kopensolaris*-gnu* | \
+ storm-chaos* | os2-emx* | rtmk-nova*)
os=-$maybe_os
basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
;;
-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
- -apple | -axis)
+ -apple | -axis | -knuth | -cray | -microblaze)
os=
basic_machine=$1
;;
+ -bluegene*)
+ os=-cnk
+ ;;
-sim | -cisco | -oki | -wec | -winbond)
os=
basic_machine=$1
os=-chorusos
basic_machine=$1
;;
- -chorusrdb)
- os=-chorusrdb
+ -chorusrdb)
+ os=-chorusrdb
basic_machine=$1
- ;;
+ ;;
-hiux*)
os=-hiuxwe2
;;
+ -sco6)
+ os=-sco5v6
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
-sco5)
os=-sco3.2v5
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
# Don't forget version if it is 3.2v4 or newer.
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
;;
+ -sco5v6*)
+ # Don't forget version if it is 3.2v4 or newer.
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
-sco*)
os=-sco3.2v2
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
| am33_2.0 \
- | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \
+ | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
+ | be32 | be64 \
+ | bfin \
| c4x | clipper \
| d10v | d30v | dlx | dsp16xx \
- | fr30 | frv \
+ | fido | fr30 | frv \
| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
| i370 | i860 | i960 | ia64 \
| ip2k | iq2000 \
- | m32r | m32rle | m68000 | m68k | m88k | mcore \
+ | le32 | le64 \
+ | lm32 \
+ | m32c | m32r | m32rle | m68000 | m68k | m88k \
+ | maxq | mb | microblaze | mcore | mep | metag \
| mips | mipsbe | mipseb | mipsel | mipsle \
| mips16 \
| mips64 | mips64el \
- | mips64vr | mips64vrel \
+ | mips64octeon | mips64octeonel \
| mips64orion | mips64orionel \
+ | mips64r5900 | mips64r5900el \
+ | mips64vr | mips64vrel \
| mips64vr4100 | mips64vr4100el \
| mips64vr4300 | mips64vr4300el \
| mips64vr5000 | mips64vr5000el \
+ | mips64vr5900 | mips64vr5900el \
| mipsisa32 | mipsisa32el \
| mipsisa32r2 | mipsisa32r2el \
| mipsisa64 | mipsisa64el \
| mipsisa64sr71k | mipsisa64sr71kel \
| mipstx39 | mipstx39el \
| mn10200 | mn10300 \
+ | moxie \
+ | mt \
| msp430 \
+ | nds32 | nds32le | nds32be \
+ | nios | nios2 \
| ns16k | ns32k \
- | openrisc | or32 \
+ | open8 \
+ | or32 \
| pdp10 | pdp11 | pj | pjl \
- | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
+ | powerpc | powerpc64 | powerpc64le | powerpcle \
| pyramid \
- | sh | sh[1234] | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
+ | rx \
+ | score \
+ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
| sh64 | sh64le \
- | sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv8 | sparcv9 | sparcv9b \
- | strongarm \
- | tahoe | thumb | tic4x | tic80 | tron \
- | v850 | v850e \
+ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
+ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \
+ | spu \
+ | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \
+ | ubicom32 \
+ | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \
| we32k \
- | x86 | xscale | xstormy16 | xtensa \
- | z8k)
+ | x86 | xc16x | xstormy16 | xtensa \
+ | z8k | z80)
basic_machine=$basic_machine-unknown
;;
- m6811 | m68hc11 | m6812 | m68hc12)
+ c54x)
+ basic_machine=tic54x-unknown
+ ;;
+ c55x)
+ basic_machine=tic55x-unknown
+ ;;
+ c6x)
+ basic_machine=tic6x-unknown
+ ;;
+ m6811 | m68hc11 | m6812 | m68hc12 | picochip)
# Motorola 68HC11/12.
basic_machine=$basic_machine-unknown
os=-none
;;
m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
;;
+ ms1)
+ basic_machine=mt-unknown
+ ;;
+
+ strongarm | thumb | xscale)
+ basic_machine=arm-unknown
+ ;;
+
+ xscaleeb)
+ basic_machine=armeb-unknown
+ ;;
+
+ xscaleel)
+ basic_machine=armel-unknown
+ ;;
# We use `pc' rather than `unknown'
# because (1) that's what they normally are, and
| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
| arm-* | armbe-* | armle-* | armeb-* | armv*-* \
- | avr-* \
- | bs2000-* \
- | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
- | clipper-* | cydra-* \
+ | avr-* | avr32-* \
+ | be32-* | be64-* \
+ | bfin-* | bs2000-* \
+ | c[123]* | c30-* | [cjt]90-* | c4x-* \
+ | clipper-* | craynv-* | cydra-* \
| d10v-* | d30v-* | dlx-* \
| elxsi-* \
- | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \
+ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
| h8300-* | h8500-* \
| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
| i*86-* | i860-* | i960-* | ia64-* \
| ip2k-* | iq2000-* \
- | m32r-* | m32rle-* \
+ | le32-* | le64-* \
+ | lm32-* \
+ | m32c-* | m32r-* | m32rle-* \
| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
- | m88110-* | m88k-* | mcore-* \
+ | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \
| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
| mips16-* \
| mips64-* | mips64el-* \
- | mips64vr-* | mips64vrel-* \
+ | mips64octeon-* | mips64octeonel-* \
| mips64orion-* | mips64orionel-* \
+ | mips64r5900-* | mips64r5900el-* \
+ | mips64vr-* | mips64vrel-* \
| mips64vr4100-* | mips64vr4100el-* \
| mips64vr4300-* | mips64vr4300el-* \
| mips64vr5000-* | mips64vr5000el-* \
+ | mips64vr5900-* | mips64vr5900el-* \
| mipsisa32-* | mipsisa32el-* \
| mipsisa32r2-* | mipsisa32r2el-* \
| mipsisa64-* | mipsisa64el-* \
| mipsisa64sb1-* | mipsisa64sb1el-* \
| mipsisa64sr71k-* | mipsisa64sr71kel-* \
| mipstx39-* | mipstx39el-* \
+ | mmix-* \
+ | mt-* \
| msp430-* \
- | none-* | np1-* | nv1-* | ns16k-* | ns32k-* \
+ | nds32-* | nds32le-* | nds32be-* \
+ | nios-* | nios2-* \
+ | none-* | np1-* | ns16k-* | ns32k-* \
+ | open8-* \
| orion-* \
| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
- | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
+ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
| pyramid-* \
- | romp-* | rs6000-* \
- | sh-* | sh[1234]-* | sh[23]e-* | sh[34]eb-* | shbe-* \
+ | romp-* | rs6000-* | rx-* \
+ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
- | sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \
- | sparcv8-* | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
- | tahoe-* | thumb-* \
+ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
+ | sparclite-* \
+ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \
+ | tahoe-* \
| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
+ | tile*-* \
| tron-* \
- | v850-* | v850e-* | vax-* \
+ | ubicom32-* \
+ | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \
+ | vax-* \
| we32k-* \
- | x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \
- | xtensa-* \
+ | x86-* | x86_64-* | xc16x-* | xps100-* \
+ | xstormy16-* | xtensa*-* \
| ymp-* \
- | z8k-*)
+ | z8k-* | z80-*)
+ ;;
+ # Recognize the basic CPU types without company name, with glob match.
+ xtensa*)
+ basic_machine=$basic_machine-unknown
;;
# Recognize the various machine names and aliases which stand
# for a CPU type and a company and sometimes even an OS.
basic_machine=a29k-amd
os=-udi
;;
- abacus)
+ abacus)
basic_machine=abacus-unknown
;;
adobe68k)
basic_machine=m68k-apollo
os=-bsd
;;
+ aros)
+ basic_machine=i386-pc
+ os=-aros
+ ;;
aux)
basic_machine=m68k-apple
os=-aux
basic_machine=ns32k-sequent
os=-dynix
;;
+ blackfin)
+ basic_machine=bfin-unknown
+ os=-linux
+ ;;
+ blackfin-*)
+ basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'`
+ os=-linux
+ ;;
+ bluegene*)
+ basic_machine=powerpc-ibm
+ os=-cnk
+ ;;
+ c54x-*)
+ basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ c55x-*)
+ basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ c6x-*)
+ basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
c90)
basic_machine=c90-cray
os=-unicos
;;
+ cegcc)
+ basic_machine=arm-unknown
+ os=-cegcc
+ ;;
convex-c1)
basic_machine=c1-convex
os=-bsd
basic_machine=j90-cray
os=-unicos
;;
- cr16c)
- basic_machine=cr16c-unknown
+ craynv)
+ basic_machine=craynv-cray
+ os=-unicosmp
+ ;;
+ cr16 | cr16-*)
+ basic_machine=cr16-unknown
os=-elf
;;
crds | unos)
basic_machine=m68k-crds
;;
+ crisv32 | crisv32-* | etraxfs*)
+ basic_machine=crisv32-axis
+ ;;
cris | cris-* | etrax*)
basic_machine=cris-axis
;;
basic_machine=m88k-motorola
os=-sysv3
;;
+ dicos)
+ basic_machine=i686-pc
+ os=-dicos
+ ;;
+ djgpp)
+ basic_machine=i586-pc
+ os=-msdosdjgpp
+ ;;
dpx20 | dpx20-*)
basic_machine=rs6000-bull
os=-bosx
basic_machine=m68k-isi
os=-sysv
;;
+ m68knommu)
+ basic_machine=m68k-unknown
+ os=-linux
+ ;;
+ m68knommu-*)
+ basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'`
+ os=-linux
+ ;;
m88k-omron*)
basic_machine=m88k-omron
;;
basic_machine=ns32k-utek
os=-sysv
;;
+ microblaze)
+ basic_machine=microblaze-xilinx
+ ;;
mingw32)
basic_machine=i386-pc
os=-mingw32
;;
+ mingw32ce)
+ basic_machine=arm-unknown
+ os=-mingw32ce
+ ;;
miniframe)
basic_machine=m68000-convergent
;;
mips3*)
basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
;;
- mmix*)
- basic_machine=mmix-knuth
- os=-mmixware
- ;;
monitor)
basic_machine=m68k-rom68k
os=-coff
basic_machine=i386-pc
os=-msdos
;;
+ ms1-*)
+ basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
+ ;;
mvs)
basic_machine=i370-ibm
os=-mvs
;;
+ nacl)
+ basic_machine=le32-unknown
+ os=-nacl
+ ;;
ncr3000)
basic_machine=i486-ncr
os=-sysv4
np1)
basic_machine=np1-gould
;;
- nv1)
- basic_machine=nv1-cray
- os=-unicosmp
+ neo-tandem)
+ basic_machine=neo-tandem
+ ;;
+ nse-tandem)
+ basic_machine=nse-tandem
;;
nsr-tandem)
basic_machine=nsr-tandem
basic_machine=hppa1.1-oki
os=-proelf
;;
- or32 | or32-*)
+ openrisc | openrisc-*)
basic_machine=or32-unknown
- os=-coff
;;
os400)
basic_machine=powerpc-ibm
basic_machine=i860-intel
os=-osf
;;
+ parisc)
+ basic_machine=hppa-unknown
+ os=-linux
+ ;;
+ parisc-*)
+ basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'`
+ os=-linux
+ ;;
pbd)
basic_machine=sparc-tti
;;
pc532 | pc532-*)
basic_machine=ns32k-pc532
;;
+ pc98)
+ basic_machine=i386-pc
+ ;;
+ pc98-*)
+ basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
pentium | p5 | k5 | k6 | nexgen | viac3)
basic_machine=i586-pc
;;
;;
power) basic_machine=power-ibm
;;
- ppc) basic_machine=powerpc-unknown
+ ppc | ppcbe) basic_machine=powerpc-unknown
;;
- ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ppc-* | ppcbe-*)
+ basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
ppcle | powerpclittle | ppc-le | powerpc-little)
basic_machine=powerpcle-unknown
basic_machine=i586-unknown
os=-pw32
;;
+ rdos)
+ basic_machine=i386-pc
+ os=-rdos
+ ;;
rom68k)
basic_machine=m68k-rom68k
os=-coff
sb1el)
basic_machine=mipsisa64sb1el-unknown
;;
+ sde)
+ basic_machine=mipsisa32-sde
+ os=-elf
+ ;;
sei)
basic_machine=mips-sei
os=-seiux
basic_machine=sh-hitachi
os=-hms
;;
+ sh5el)
+ basic_machine=sh5le-unknown
+ ;;
sh64)
basic_machine=sh64-unknown
;;
basic_machine=i860-stratus
os=-sysv4
;;
+ strongarm-* | thumb-*)
+ basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
sun2)
basic_machine=m68000-sun
;;
basic_machine=t90-cray
os=-unicos
;;
- tic54x | c54x*)
- basic_machine=tic54x-unknown
- os=-coff
- ;;
- tic55x | c55x*)
- basic_machine=tic55x-unknown
- os=-coff
- ;;
- tic6x | c6x*)
- basic_machine=tic6x-unknown
- os=-coff
+ tile*)
+ basic_machine=$basic_machine-unknown
+ os=-linux-gnu
;;
tx39)
basic_machine=mipstx39-unknown
basic_machine=hppa1.1-winbond
os=-proelf
;;
+ xbox)
+ basic_machine=i686-pc
+ os=-mingw32
+ ;;
xps | xps100)
basic_machine=xps100-honeywell
;;
+ xscale-* | xscalee[bl]-*)
+ basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'`
+ ;;
ymp)
basic_machine=ymp-cray
os=-unicos
basic_machine=z8k-unknown
os=-sim
;;
+ z80-*-coff)
+ basic_machine=z80-unknown
+ os=-sim
+ ;;
none)
basic_machine=none-none
os=-none
romp)
basic_machine=romp-ibm
;;
+ mmix)
+ basic_machine=mmix-knuth
+ ;;
rs6000)
basic_machine=rs6000-ibm
;;
we32k)
basic_machine=we32k-att
;;
- sh3 | sh4 | sh[34]eb | sh[1234]le | sh[23]ele)
+ sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele)
basic_machine=sh-unknown
;;
- sh64)
- basic_machine=sh64-unknown
- ;;
- sparc | sparcv8 | sparcv9 | sparcv9b)
+ sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
basic_machine=sparc-sun
;;
cydra)
if [ x"$os" != x"" ]
then
case $os in
- # First match some system type aliases
- # that might get confused with valid system types.
+ # First match some system type aliases
+ # that might get confused with valid system types.
# -solaris* is a basic system type, with this one exception.
+ -auroraux)
+ os=-auroraux
+ ;;
-solaris1 | -solaris1.*)
os=`echo $os | sed -e 's|solaris1|sunos4|'`
;;
# Each alternative MUST END IN A *, to match a version number.
# -sysv* is not here because it comes later, after sysvr4.
-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
- | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
- | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
+ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
+ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \
+ | -sym* | -kopensolaris* \
| -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
- | -aos* \
+ | -aos* | -aros* \
| -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
| -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
- | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* | -openbsd* \
+ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
+ | -openbsd* | -solidbsd* \
| -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
| -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
| -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
| -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
- | -chorusos* | -chorusrdb* \
+ | -chorusos* | -chorusrdb* | -cegcc* \
| -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
- | -mingw32* | -linux-gnu* | -linux-uclibc* | -uxpv* | -beos* | -mpeix* | -udk* \
+ | -mingw32* | -linux-gnu* | -linux-android* \
+ | -linux-newlib* | -linux-uclibc* \
+ | -uxpv* | -beos* | -mpeix* | -udk* \
| -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
| -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
| -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
| -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
| -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
- | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly*)
+ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
+ | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*)
# Remember, each alternative MUST END IN *, to match a version number.
;;
-qnx*)
os=`echo $os | sed -e 's|nto|nto-qnx|'`
;;
-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
- | -windows* | -osx | -abug | -netware* | -os9* | -beos* \
+ | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
| -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
;;
-mac*)
-opened*)
os=-openedition
;;
- -os400*)
+ -os400*)
os=-os400
;;
-wince*)
-sinix*)
os=-sysv4
;;
- -tpf*)
+ -tpf*)
os=-tpf
;;
-triton*)
-kaos*)
os=-kaos
;;
+ -zvmoe)
+ os=-zvmoe
+ ;;
+ -dicos*)
+ os=-dicos
+ ;;
+ -nacl*)
+ ;;
-none)
;;
*)
# system, and we'll never get to this point.
case $basic_machine in
+ score-*)
+ os=-elf
+ ;;
+ spu-*)
+ os=-elf
+ ;;
*-acorn)
os=-riscix1.2
;;
arm*-semi)
os=-aout
;;
- c4x-* | tic4x-*)
- os=-coff
- ;;
+ c4x-* | tic4x-*)
+ os=-coff
+ ;;
+ tic54x-*)
+ os=-coff
+ ;;
+ tic55x-*)
+ os=-coff
+ ;;
+ tic6x-*)
+ os=-coff
+ ;;
# This must come before the *-dec entry.
pdp10-*)
os=-tops20
m68*-cisco)
os=-aout
;;
+ mep-*)
+ os=-elf
+ ;;
mips*-cisco)
os=-elf
;;
*-be)
os=-beos
;;
+ *-haiku)
+ os=-haiku
+ ;;
*-ibm)
os=-aix
;;
+ *-knuth)
+ os=-mmixware
+ ;;
*-wec)
os=-proelf
;;
-sunos*)
vendor=sun
;;
- -aix*)
+ -cnk*|-aix*)
vendor=ibm
;;
-beos*)
esac
echo $basic_machine$os
-exit 0
+exit
# Local variables:
# eval: (add-hook 'write-file-hooks 'time-stamp)
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.61 for nettle 2.1.
+# Generated by GNU Autoconf 2.69 for nettle 2.7.1.
#
# Report bugs to <nettle-bugs@lists.lysator.liu.se>.
#
-# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
-# 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+#
+# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
+#
+#
# This configure script is free software; the Free Software Foundation
# gives unlimited permission to copy, distribute and modify it.
-## --------------------- ##
-## M4sh Initialization. ##
-## --------------------- ##
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
# Be more Bourne compatible
DUALCASE=1; export DUALCASE # for MKS sh
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
emulate sh
NULLCMD=:
- # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
+ # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
# is contrary to our usage. Disable this feature.
alias -g '${1+"$@"}'='"$@"'
setopt NO_GLOB_SUBST
else
- case `(set -o) 2>/dev/null` in
- *posix*) set -o posix ;;
+ case `(set -o) 2>/dev/null` in #(
+ *posix*) :
+ set -o posix ;; #(
+ *) :
+ ;;
esac
-
fi
-
-
-# PATH needs CR
-# Avoid depending upon Character Ranges.
-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
-as_cr_digits='0123456789'
-as_cr_alnum=$as_cr_Letters$as_cr_digits
-
-# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
- echo "#! /bin/sh" >conf$$.sh
- echo "exit 0" >>conf$$.sh
- chmod +x conf$$.sh
- if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
- PATH_SEPARATOR=';'
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+# Prefer a ksh shell builtin over an external printf program on Solaris,
+# but without wasting forks for bash or zsh.
+if test -z "$BASH_VERSION$ZSH_VERSION" \
+ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='print -r --'
+ as_echo_n='print -rn --'
+elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='printf %s\n'
+ as_echo_n='printf %s'
+else
+ if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+ as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+ as_echo_n='/usr/ucb/echo -n'
else
- PATH_SEPARATOR=:
+ as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+ as_echo_n_body='eval
+ arg=$1;
+ case $arg in #(
+ *"$as_nl"*)
+ expr "X$arg" : "X\\(.*\\)$as_nl";
+ arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+ esac;
+ expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+ '
+ export as_echo_n_body
+ as_echo_n='sh -c $as_echo_n_body as_echo'
fi
- rm -f conf$$.sh
+ export as_echo_body
+ as_echo='sh -c $as_echo_body as_echo'
fi
-# Support unset when possible.
-if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
- as_unset=unset
-else
- as_unset=false
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ PATH_SEPARATOR=:
+ (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+ (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+ PATH_SEPARATOR=';'
+ }
fi
# there to prevent editors from complaining about space-tab.
# (If _AS_PATH_WALK were called with IFS unset, it would disable word
# splitting by setting IFS to empty value.)
-as_nl='
-'
IFS=" "" $as_nl"
# Find who we are. Look in the path if we contain no directory separator.
-case $0 in
+as_myself=
+case $0 in #((
*[\\/]* ) as_myself=$0 ;;
*) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
-done
+ test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+ done
IFS=$as_save_IFS
;;
as_myself=$0
fi
if test ! -f "$as_myself"; then
- echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
- { (exit 1); exit 1; }
+ $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+ exit 1
fi
-# Work around bugs in pre-3.0 UWIN ksh.
-for as_var in ENV MAIL MAILPATH
-do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+# Unset variables that we do not need and which cause bugs (e.g. in
+# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
+# suppresses any "Segmentation fault" message there. '((' could
+# trigger a bug in pdksh 5.2.14.
+for as_var in BASH_ENV ENV MAIL MAILPATH
+do eval test x\${$as_var+set} = xset \
+ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
done
PS1='$ '
PS2='> '
PS4='+ '
# NLS nuisances.
-for as_var in \
- LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \
- LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \
- LC_TELEPHONE LC_TIME
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# CDPATH.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+# Use a proper internal environment variable to ensure we don't fall
+ # into an infinite loop, continuously re-executing ourselves.
+ if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then
+ _as_can_reexec=no; export _as_can_reexec;
+ # We cannot yet assume a decent shell, so we have to provide a
+# neutralization value for shells without unset; and this also
+# works around shells that cannot unset nonexistent variables.
+# Preserve -v and -x to the replacement shell.
+BASH_ENV=/dev/null
+ENV=/dev/null
+(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
+case $- in # ((((
+ *v*x* | *x*v* ) as_opts=-vx ;;
+ *v* ) as_opts=-v ;;
+ *x* ) as_opts=-x ;;
+ * ) as_opts= ;;
+esac
+exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
+# Admittedly, this is quite paranoid, since all the known shells bail
+# out after a failed `exec'.
+$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
+as_fn_exit 255
+ fi
+ # We don't want this to propagate to other subprocesses.
+ { _as_can_reexec=; unset _as_can_reexec;}
+if test "x$CONFIG_SHELL" = x; then
+ as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then :
+ emulate sh
+ NULLCMD=:
+ # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '\${1+\"\$@\"}'='\"\$@\"'
+ setopt NO_GLOB_SUBST
+else
+ case \`(set -o) 2>/dev/null\` in #(
+ *posix*) :
+ set -o posix ;; #(
+ *) :
+ ;;
+esac
+fi
+"
+ as_required="as_fn_return () { (exit \$1); }
+as_fn_success () { as_fn_return 0; }
+as_fn_failure () { as_fn_return 1; }
+as_fn_ret_success () { return 0; }
+as_fn_ret_failure () { return 1; }
+
+exitcode=0
+as_fn_success || { exitcode=1; echo as_fn_success failed.; }
+as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
+as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
+as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
+if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then :
+
+else
+ exitcode=1; echo positional parameters were not saved.
+fi
+test x\$exitcode = x0 || exit 1
+test -x / || exit 1"
+ as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
+ as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
+ eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
+ test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1
+test \$(( 1 + 1 )) = 2 || exit 1"
+ if (eval "$as_required") 2>/dev/null; then :
+ as_have_required=yes
+else
+ as_have_required=no
+fi
+ if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then :
+
+else
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_found=false
+for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
do
- if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then
- eval $as_var=C; export $as_var
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ as_found=:
+ case $as_dir in #(
+ /*)
+ for as_base in sh bash ksh sh5; do
+ # Try only shells that exist, to save several forks.
+ as_shell=$as_dir/$as_base
+ if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
+ { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then :
+ CONFIG_SHELL=$as_shell as_have_required=yes
+ if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then :
+ break 2
+fi
+fi
+ done;;
+ esac
+ as_found=false
+done
+$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
+ { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then :
+ CONFIG_SHELL=$SHELL as_have_required=yes
+fi; }
+IFS=$as_save_IFS
+
+
+ if test "x$CONFIG_SHELL" != x; then :
+ export CONFIG_SHELL
+ # We cannot yet assume a decent shell, so we have to provide a
+# neutralization value for shells without unset; and this also
+# works around shells that cannot unset nonexistent variables.
+# Preserve -v and -x to the replacement shell.
+BASH_ENV=/dev/null
+ENV=/dev/null
+(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
+case $- in # ((((
+ *v*x* | *x*v* ) as_opts=-vx ;;
+ *v* ) as_opts=-v ;;
+ *x* ) as_opts=-x ;;
+ * ) as_opts= ;;
+esac
+exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
+# Admittedly, this is quite paranoid, since all the known shells bail
+# out after a failed `exec'.
+$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
+exit 255
+fi
+
+ if test x$as_have_required = xno; then :
+ $as_echo "$0: This script requires a shell more modern than all"
+ $as_echo "$0: the shells that I found on your system."
+ if test x${ZSH_VERSION+set} = xset ; then
+ $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should"
+ $as_echo "$0: be upgraded to zsh 4.3.4 or later."
else
- ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+ $as_echo "$0: Please tell bug-autoconf@gnu.org and
+$0: nettle-bugs@lists.lysator.liu.se about your system,
+$0: including any error possibly output before this
+$0: message. Then install a modern shell, or manually run
+$0: the script under such a shell if you do have one."
fi
-done
+ exit 1
+fi
+fi
+fi
+SHELL=${CONFIG_SHELL-/bin/sh}
+export SHELL
+# Unset more variables known to interfere with behavior of common tools.
+CLICOLOR_FORCE= GREP_OPTIONS=
+unset CLICOLOR_FORCE GREP_OPTIONS
+
+## --------------------- ##
+## M4sh Shell Functions. ##
+## --------------------- ##
+# as_fn_unset VAR
+# ---------------
+# Portably unset VAR.
+as_fn_unset ()
+{
+ { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+
+# as_fn_set_status STATUS
+# -----------------------
+# Set $? to STATUS, without forking.
+as_fn_set_status ()
+{
+ return $1
+} # as_fn_set_status
+
+# as_fn_exit STATUS
+# -----------------
+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+ set +e
+ as_fn_set_status $1
+ exit $1
+} # as_fn_exit
+
+# as_fn_mkdir_p
+# -------------
+# Create "$as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+
+ case $as_dir in #(
+ -*) as_dir=./$as_dir;;
+ esac
+ test -d "$as_dir" || eval $as_mkdir_p || {
+ as_dirs=
+ while :; do
+ case $as_dir in #(
+ *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+ *) as_qdir=$as_dir;;
+ esac
+ as_dirs="'$as_qdir' $as_dirs"
+ as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_dir" : 'X\(//\)[^/]' \| \
+ X"$as_dir" : 'X\(//\)$' \| \
+ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ test -d "$as_dir" && break
+ done
+ test -z "$as_dirs" || eval "mkdir $as_dirs"
+ } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
+
+
+} # as_fn_mkdir_p
+
+# as_fn_executable_p FILE
+# -----------------------
+# Test if FILE is an executable regular file.
+as_fn_executable_p ()
+{
+ test -f "$1" && test -x "$1"
+} # as_fn_executable_p
+# as_fn_append VAR VALUE
+# ----------------------
+# Append the text in VALUE to the end of the definition contained in VAR. Take
+# advantage of any shell optimizations that allow amortized linear growth over
+# repeated appends, instead of the typical quadratic growth present in naive
+# implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+ eval 'as_fn_append ()
+ {
+ eval $1+=\$2
+ }'
+else
+ as_fn_append ()
+ {
+ eval $1=\$$1\$2
+ }
+fi # as_fn_append
+
+# as_fn_arith ARG...
+# ------------------
+# Perform arithmetic evaluation on the ARGs, and store the result in the
+# global $as_val. Take advantage of shells that can avoid forks. The arguments
+# must be portable across $(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+ eval 'as_fn_arith ()
+ {
+ as_val=$(( $* ))
+ }'
+else
+ as_fn_arith ()
+ {
+ as_val=`expr "$@" || test $? -eq 1`
+ }
+fi # as_fn_arith
+
+
+# as_fn_error STATUS ERROR [LINENO LOG_FD]
+# ----------------------------------------
+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+# script with STATUS, using 1 if that was 0.
+as_fn_error ()
+{
+ as_status=$1; test $as_status -eq 0 && as_status=1
+ if test "$4"; then
+ as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+ fi
+ $as_echo "$as_me: error: $2" >&2
+ as_fn_exit $as_status
+} # as_fn_error
-# Required to use basename.
if expr a : '\(a\)' >/dev/null 2>&1 &&
test "X`expr 00001 : '.*\(...\)'`" = X001; then
as_expr=expr
as_basename=false
fi
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+ as_dirname=dirname
+else
+ as_dirname=false
+fi
-# Name of the executable.
as_me=`$as_basename -- "$0" ||
$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
X"$0" : 'X\(//\)$' \| \
X"$0" : 'X\(/\)' \| . 2>/dev/null ||
-echo X/"$0" |
+$as_echo X/"$0" |
sed '/^.*\/\([^/][^/]*\)\/*$/{
s//\1/
q
}
s/.*/./; q'`
-# CDPATH.
-$as_unset CDPATH
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
-if test "x$CONFIG_SHELL" = x; then
- if (eval ":") 2>/dev/null; then
- as_have_required=yes
-else
- as_have_required=no
-fi
+ as_lineno_1=$LINENO as_lineno_1a=$LINENO
+ as_lineno_2=$LINENO as_lineno_2a=$LINENO
+ eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" &&
+ test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || {
+ # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-)
+ sed -n '
+ p
+ /[$]LINENO/=
+ ' <$as_myself |
+ sed '
+ s/[$]LINENO.*/&-/
+ t lineno
+ b
+ :lineno
+ N
+ :loop
+ s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+ t loop
+ s/-\n.*//
+ ' >$as_me.lineno &&
+ chmod +x "$as_me.lineno" ||
+ { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
- if test $as_have_required = yes && (eval ":
-(as_func_return () {
- (exit \$1)
-}
-as_func_success () {
- as_func_return 0
-}
-as_func_failure () {
- as_func_return 1
-}
-as_func_ret_success () {
- return 0
-}
-as_func_ret_failure () {
- return 1
+ # If we had to re-execute with $CONFIG_SHELL, we're ensured to have
+ # already done that, so ensure we don't try to do so again and fall
+ # in an infinite loop. This has already happened in practice.
+ _as_can_reexec=no; export _as_can_reexec
+ # Don't try to exec as it changes $[0], causing all sort of problems
+ # (the dirname of $[0] is not the place where we might find the
+ # original and so on. Autoconf is especially sensitive to this).
+ . "./$as_me.lineno"
+ # Exit status is that of the last command.
+ exit
}
-exitcode=0
-if as_func_success; then
- :
-else
- exitcode=1
- echo as_func_success failed.
-fi
-
-if as_func_failure; then
- exitcode=1
- echo as_func_failure succeeded.
-fi
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in #(((((
+-n*)
+ case `echo 'xy\c'` in
+ *c*) ECHO_T=' ';; # ECHO_T is single tab character.
+ xy) ECHO_C='\c';;
+ *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
+ ECHO_T=' ';;
+ esac;;
+*)
+ ECHO_N='-n';;
+esac
-if as_func_ret_success; then
- :
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+ rm -f conf$$.dir/conf$$.file
else
- exitcode=1
- echo as_func_ret_success failed.
-fi
-
-if as_func_ret_failure; then
- exitcode=1
- echo as_func_ret_failure succeeded.
+ rm -f conf$$.dir
+ mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+ if ln -s conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s='ln -s'
+ # ... but there are two gotchas:
+ # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+ # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+ # In both cases, we have to default to `cp -pR'.
+ ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+ as_ln_s='cp -pR'
+ elif ln conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s=ln
+ else
+ as_ln_s='cp -pR'
+ fi
+else
+ as_ln_s='cp -pR'
fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
-if ( set x; as_func_ret_success y && test x = \"\$1\" ); then
- :
+if mkdir -p . 2>/dev/null; then
+ as_mkdir_p='mkdir -p "$as_dir"'
else
- exitcode=1
- echo positional parameters were not saved.
+ test -d ./-p && rmdir ./-p
+ as_mkdir_p=false
fi
-test \$exitcode = 0) || { (exit 1); exit 1; }
+as_test_x='test -x'
+as_executable_p=as_fn_executable_p
-(
- as_lineno_1=\$LINENO
- as_lineno_2=\$LINENO
- test \"x\$as_lineno_1\" != \"x\$as_lineno_2\" &&
- test \"x\`expr \$as_lineno_1 + 1\`\" = \"x\$as_lineno_2\") || { (exit 1); exit 1; }
-") 2> /dev/null; then
- :
-else
- as_candidate_shells=
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- case $as_dir in
- /*)
- for as_base in sh bash ksh sh5; do
- as_candidate_shells="$as_candidate_shells $as_dir/$as_base"
- done;;
- esac
-done
-IFS=$as_save_IFS
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
- for as_shell in $as_candidate_shells $SHELL; do
- # Try only shells that exist, to save several forks.
- if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
- { ("$as_shell") 2> /dev/null <<\_ASEOF
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
- emulate sh
- NULLCMD=:
- # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '${1+"$@"}'='"$@"'
- setopt NO_GLOB_SUBST
-else
- case `(set -o) 2>/dev/null` in
- *posix*) set -o posix ;;
-esac
-fi
+test -n "$DJDIR" || exec 7<&0 </dev/null
+exec 6>&1
+# Name of the host.
+# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status,
+# so uname gets run too.
+ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
-:
-_ASEOF
-}; then
- CONFIG_SHELL=$as_shell
- as_have_required=yes
- if { "$as_shell" 2> /dev/null <<\_ASEOF
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
- emulate sh
- NULLCMD=:
- # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
- # is contrary to our usage. Disable this feature.
- alias -g '${1+"$@"}'='"$@"'
- setopt NO_GLOB_SUBST
-else
- case `(set -o) 2>/dev/null` in
- *posix*) set -o posix ;;
-esac
+#
+# Initializations.
+#
+ac_default_prefix=/usr/local
+ac_clean_files=
+ac_config_libobj_dir=.
+LIBOBJS=
+cross_compiling=no
+subdirs=
+MFLAGS=
+MAKEFLAGS=
-fi
-
-
-:
-(as_func_return () {
- (exit $1)
-}
-as_func_success () {
- as_func_return 0
-}
-as_func_failure () {
- as_func_return 1
-}
-as_func_ret_success () {
- return 0
-}
-as_func_ret_failure () {
- return 1
-}
-
-exitcode=0
-if as_func_success; then
- :
-else
- exitcode=1
- echo as_func_success failed.
-fi
-
-if as_func_failure; then
- exitcode=1
- echo as_func_failure succeeded.
-fi
-
-if as_func_ret_success; then
- :
-else
- exitcode=1
- echo as_func_ret_success failed.
-fi
-
-if as_func_ret_failure; then
- exitcode=1
- echo as_func_ret_failure succeeded.
-fi
-
-if ( set x; as_func_ret_success y && test x = "$1" ); then
- :
-else
- exitcode=1
- echo positional parameters were not saved.
-fi
-
-test $exitcode = 0) || { (exit 1); exit 1; }
-
-(
- as_lineno_1=$LINENO
- as_lineno_2=$LINENO
- test "x$as_lineno_1" != "x$as_lineno_2" &&
- test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2") || { (exit 1); exit 1; }
-
-_ASEOF
-}; then
- break
-fi
-
-fi
-
- done
-
- if test "x$CONFIG_SHELL" != x; then
- for as_var in BASH_ENV ENV
- do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
- done
- export CONFIG_SHELL
- exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"}
-fi
-
-
- if test $as_have_required = no; then
- echo This script requires a shell more modern than all the
- echo shells that I found on your system. Please install a
- echo modern shell, or manually run the script under such a
- echo shell if you do have one.
- { (exit 1); exit 1; }
-fi
-
-
-fi
-
-fi
-
-
-
-(eval "as_func_return () {
- (exit \$1)
-}
-as_func_success () {
- as_func_return 0
-}
-as_func_failure () {
- as_func_return 1
-}
-as_func_ret_success () {
- return 0
-}
-as_func_ret_failure () {
- return 1
-}
-
-exitcode=0
-if as_func_success; then
- :
-else
- exitcode=1
- echo as_func_success failed.
-fi
-
-if as_func_failure; then
- exitcode=1
- echo as_func_failure succeeded.
-fi
-
-if as_func_ret_success; then
- :
-else
- exitcode=1
- echo as_func_ret_success failed.
-fi
-
-if as_func_ret_failure; then
- exitcode=1
- echo as_func_ret_failure succeeded.
-fi
-
-if ( set x; as_func_ret_success y && test x = \"\$1\" ); then
- :
-else
- exitcode=1
- echo positional parameters were not saved.
-fi
-
-test \$exitcode = 0") || {
- echo No shell found that supports shell functions.
- echo Please tell autoconf@gnu.org about your system,
- echo including any error possibly output before this
- echo message
-}
-
-
-
- as_lineno_1=$LINENO
- as_lineno_2=$LINENO
- test "x$as_lineno_1" != "x$as_lineno_2" &&
- test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || {
-
- # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
- # uniformly replaced by the line number. The first 'sed' inserts a
- # line-number line after each line using $LINENO; the second 'sed'
- # does the real work. The second script uses 'N' to pair each
- # line-number line with the line containing $LINENO, and appends
- # trailing '-' during substitution so that $LINENO is not a special
- # case at line end.
- # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
- # scripts with optimization help from Paolo Bonzini. Blame Lee
- # E. McMahon (1931-1989) for sed's syntax. :-)
- sed -n '
- p
- /[$]LINENO/=
- ' <$as_myself |
- sed '
- s/[$]LINENO.*/&-/
- t lineno
- b
- :lineno
- N
- :loop
- s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
- t loop
- s/-\n.*//
- ' >$as_me.lineno &&
- chmod +x "$as_me.lineno" ||
- { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
- { (exit 1); exit 1; }; }
-
- # Don't try to exec as it changes $[0], causing all sort of problems
- # (the dirname of $[0] is not the place where we might find the
- # original and so on. Autoconf is especially sensitive to this).
- . "./$as_me.lineno"
- # Exit status is that of the last command.
- exit
-}
-
-
-if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
- as_dirname=dirname
-else
- as_dirname=false
-fi
-
-ECHO_C= ECHO_N= ECHO_T=
-case `echo -n x` in
--n*)
- case `echo 'x\c'` in
- *c*) ECHO_T=' ';; # ECHO_T is single tab character.
- *) ECHO_C='\c';;
- esac;;
-*)
- ECHO_N='-n';;
-esac
-
-if expr a : '\(a\)' >/dev/null 2>&1 &&
- test "X`expr 00001 : '.*\(...\)'`" = X001; then
- as_expr=expr
-else
- as_expr=false
-fi
-
-rm -f conf$$ conf$$.exe conf$$.file
-if test -d conf$$.dir; then
- rm -f conf$$.dir/conf$$.file
-else
- rm -f conf$$.dir
- mkdir conf$$.dir
-fi
-echo >conf$$.file
-if ln -s conf$$.file conf$$ 2>/dev/null; then
- as_ln_s='ln -s'
- # ... but there are two gotchas:
- # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
- # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
- # In both cases, we have to default to `cp -p'.
- ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
- as_ln_s='cp -p'
-elif ln conf$$.file conf$$ 2>/dev/null; then
- as_ln_s=ln
-else
- as_ln_s='cp -p'
-fi
-rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
-rmdir conf$$.dir 2>/dev/null
-
-if mkdir -p . 2>/dev/null; then
- as_mkdir_p=:
-else
- test -d ./-p && rmdir ./-p
- as_mkdir_p=false
-fi
-
-if test -x / >/dev/null 2>&1; then
- as_test_x='test -x'
-else
- if ls -dL / >/dev/null 2>&1; then
- as_ls_L_option=L
- else
- as_ls_L_option=
- fi
- as_test_x='
- eval sh -c '\''
- if test -d "$1"; then
- test -d "$1/.";
- else
- case $1 in
- -*)set "./$1";;
- esac;
- case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in
- ???[sx]*):;;*)false;;esac;fi
- '\'' sh
- '
-fi
-as_executable_p=$as_test_x
-
-# Sed expression to map a string onto a valid CPP name.
-as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
-
-# Sed expression to map a string onto a valid variable name.
-as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
-
-
-
-exec 7<&0 </dev/null 6>&1
-
-# Name of the host.
-# hostname on some systems (SVR3.2, Linux) returns a bogus exit status,
-# so uname gets run too.
-ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
-
-#
-# Initializations.
-#
-ac_default_prefix=/usr/local
-ac_clean_files=
-ac_config_libobj_dir=.
-LIBOBJS=
-cross_compiling=no
-subdirs=
-MFLAGS=
-MAKEFLAGS=
-SHELL=${CONFIG_SHELL-/bin/sh}
-
-# Identity of this package.
-PACKAGE_NAME='nettle'
-PACKAGE_TARNAME='nettle'
-PACKAGE_VERSION='2.1'
-PACKAGE_STRING='nettle 2.1'
-PACKAGE_BUGREPORT='nettle-bugs@lists.lysator.liu.se'
+# Identity of this package.
+PACKAGE_NAME='nettle'
+PACKAGE_TARNAME='nettle'
+PACKAGE_VERSION='2.7.1'
+PACKAGE_STRING='nettle 2.7.1'
+PACKAGE_BUGREPORT='nettle-bugs@lists.lysator.liu.se'
+PACKAGE_URL=''
ac_unique_file="arcfour.c"
# Factoring default headers for most tests.
# include <unistd.h>
#endif"
-ac_subst_vars='SHELL
-PATH_SEPARATOR
-PACKAGE_NAME
-PACKAGE_TARNAME
-PACKAGE_VERSION
-PACKAGE_STRING
-PACKAGE_BUGREPORT
-exec_prefix
-prefix
-program_transform_name
-bindir
-sbindir
-libexecdir
-datarootdir
-datadir
-sysconfdir
-sharedstatedir
-localstatedir
-includedir
-oldincludedir
-docdir
-infodir
-htmldir
-dvidir
-pdfdir
-psdir
-libdir
-localedir
-mandir
-DEFS
-ECHO_C
-ECHO_N
-ECHO_T
-LIBS
-build_alias
-host_alias
-target_alias
-build
-build_cpu
-build_vendor
-build_os
-host
-host_cpu
-host_vendor
-host_os
-CC
-CFLAGS
-LDFLAGS
-CPPFLAGS
-ac_ct_CC
-EXEEXT
-OBJEXT
-CXX
-CXXFLAGS
-ac_ct_CXX
-CXX_TESTS
-SET_MAKE
-RANLIB
-NM
-OBJDUMP
-INSTALL_PROGRAM
-INSTALL_SCRIPT
-INSTALL_DATA
-DEP_INCLUDE
-DEP_FLAGS
-DEP_PROCESS
-CCPIC
-CCPIC_MAYBE
-ASM_SYMBOL_PREFIX
-ASM_ELF_STYLE
-ASM_TYPE_FUNCTION
-ASM_MARK_NOEXEC_STACK
-ASM_ALIGN_LOG
-SHLIBCFLAGS
-LIBNETTLE_MAJOR
-LIBNETTLE_MINOR
-LIBNETTLE_FORLINK
-LIBNETTLE_SONAME
-LIBNETTLE_FILE
-LIBNETTLE_LINK
-LIBNETTLE_LIBS
-LIBHOGWEED_MAJOR
-LIBHOGWEED_MINOR
-LIBHOGWEED_FORLINK
-LIBHOGWEED_SONAME
-LIBHOGWEED_FILE
-LIBHOGWEED_LINK
-LIBHOGWEED_LIBS
-M4
-CPP
-GREP
-EGREP
-ALLOCA
-LIBOBJS
-IF_HOGWEED
-IF_SHARED
+ac_subst_vars='LTLIBOBJS
+BENCH_LIBS
OPENSSL_LIBFLAGS
-LTLIBOBJS'
+IF_DLL
+IF_DOCUMENTATION
+IF_SHARED
+IF_STATIC
+IF_HOGWEED
+MAKEINFO
+GMP_NUMB_BITS
+LIBOBJS
+ALLOCA
+ALIGNOF_UINT64_T
+EGREP
+GREP
+CPP
+M4
+LIBHOGWEED_LIBS
+LIBHOGWEED_LINK
+LIBHOGWEED_FILE_SRC
+LIBHOGWEED_FILE
+LIBHOGWEED_SONAME
+LIBHOGWEED_FORLINK
+LIBHOGWEED_MINOR
+LIBHOGWEED_MAJOR
+LIBNETTLE_LIBS
+LIBNETTLE_LINK
+LIBNETTLE_FILE_SRC
+LIBNETTLE_FILE
+LIBNETTLE_SONAME
+LIBNETTLE_FORLINK
+LIBNETTLE_MINOR
+LIBNETTLE_MAJOR
+SHLIBCFLAGS
+EMULATOR
+W64_ABI
+ASM_ALIGN_LOG
+ASM_MARK_NOEXEC_STACK
+ASM_TYPE_PROGBITS
+ASM_TYPE_FUNCTION
+ASM_ELF_STYLE
+ASM_SYMBOL_PREFIX
+CCPIC_MAYBE
+CCPIC
+OPT_ASM_SOURCES
+DEP_PROCESS
+DEP_FLAGS
+DEP_INCLUDE
+EXEEXT_FOR_BUILD
+CC_FOR_BUILD
+LN_S
+MKDIR_P
+INSTALL_DATA
+INSTALL_SCRIPT
+INSTALL_PROGRAM
+AR
+OBJDUMP
+NM
+RANLIB
+SET_MAKE
+IF_CXX
+ac_ct_CXX
+CXXFLAGS
+CXX
+OBJEXT
+EXEEXT
+ac_ct_CC
+CPPFLAGS
+LDFLAGS
+CFLAGS
+CC
+host_os
+host_vendor
+host_cpu
+host
+build_os
+build_vendor
+build_cpu
+build
+target_alias
+host_alias
+build_alias
+LIBS
+ECHO_T
+ECHO_N
+ECHO_C
+DEFS
+mandir
+localedir
+libdir
+psdir
+pdfdir
+dvidir
+htmldir
+infodir
+docdir
+oldincludedir
+includedir
+localstatedir
+sharedstatedir
+sysconfdir
+datadir
+datarootdir
+libexecdir
+sbindir
+bindir
+program_transform_name
+prefix
+exec_prefix
+PACKAGE_URL
+PACKAGE_BUGREPORT
+PACKAGE_STRING
+PACKAGE_VERSION
+PACKAGE_TARNAME
+PACKAGE_NAME
+PATH_SEPARATOR
+SHELL'
ac_subst_files=''
+ac_user_opts='
+enable_option_checking
+with_include_path
+with_lib_path
+enable_public_key
+enable_assembler
+enable_static
+enable_shared
+enable_pic
+enable_openssl
+enable_gcov
+enable_documentation
+enable_arm_neon
+enable_dependency_tracking
+'
ac_precious_vars='build_alias
host_alias
target_alias
CXX
CXXFLAGS
CCC
+CC_FOR_BUILD
CPP'
# Initialize some variables set by options.
ac_init_help=
ac_init_version=false
+ac_unrecognized_opts=
+ac_unrecognized_sep=
# The variables have the same names as the options, with
# dashes changed to underlines.
cache_file=/dev/null
fi
case $ac_option in
- *=*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
- *) ac_optarg=yes ;;
+ *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
+ *=) ac_optarg= ;;
+ *) ac_optarg=yes ;;
esac
# Accept the important Cygnus configure options, so we can diagnose typos.
datarootdir=$ac_optarg ;;
-disable-* | --disable-*)
- ac_feature=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
+ ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
# Reject names that are not valid shell variable names.
- expr "x$ac_feature" : ".*[^-._$as_cr_alnum]" >/dev/null &&
- { echo "$as_me: error: invalid feature name: $ac_feature" >&2
- { (exit 1); exit 1; }; }
- ac_feature=`echo $ac_feature | sed 's/[-.]/_/g'`
- eval enable_$ac_feature=no ;;
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid feature name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"enable_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval enable_$ac_useropt=no ;;
-docdir | --docdir | --docdi | --doc | --do)
ac_prev=docdir ;;
dvidir=$ac_optarg ;;
-enable-* | --enable-*)
- ac_feature=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
+ ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
# Reject names that are not valid shell variable names.
- expr "x$ac_feature" : ".*[^-._$as_cr_alnum]" >/dev/null &&
- { echo "$as_me: error: invalid feature name: $ac_feature" >&2
- { (exit 1); exit 1; }; }
- ac_feature=`echo $ac_feature | sed 's/[-.]/_/g'`
- eval enable_$ac_feature=\$ac_optarg ;;
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid feature name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"enable_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval enable_$ac_useropt=\$ac_optarg ;;
-exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
| --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
ac_init_version=: ;;
-with-* | --with-*)
- ac_package=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
+ ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
# Reject names that are not valid shell variable names.
- expr "x$ac_package" : ".*[^-._$as_cr_alnum]" >/dev/null &&
- { echo "$as_me: error: invalid package name: $ac_package" >&2
- { (exit 1); exit 1; }; }
- ac_package=`echo $ac_package | sed 's/[-.]/_/g'`
- eval with_$ac_package=\$ac_optarg ;;
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid package name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"with_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval with_$ac_useropt=\$ac_optarg ;;
-without-* | --without-*)
- ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'`
+ ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
# Reject names that are not valid shell variable names.
- expr "x$ac_package" : ".*[^-._$as_cr_alnum]" >/dev/null &&
- { echo "$as_me: error: invalid package name: $ac_package" >&2
- { (exit 1); exit 1; }; }
- ac_package=`echo $ac_package | sed 's/[-.]/_/g'`
- eval with_$ac_package=no ;;
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid package name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"with_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval with_$ac_useropt=no ;;
--x)
# Obsolete; use --with-x.
| --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
x_libraries=$ac_optarg ;;
- -*) { echo "$as_me: error: unrecognized option: $ac_option
-Try \`$0 --help' for more information." >&2
- { (exit 1); exit 1; }; }
+ -*) as_fn_error $? "unrecognized option: \`$ac_option'
+Try \`$0 --help' for more information"
;;
*=*)
ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
# Reject names that are not valid shell variable names.
- expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null &&
- { echo "$as_me: error: invalid variable name: $ac_envvar" >&2
- { (exit 1); exit 1; }; }
+ case $ac_envvar in #(
+ '' | [0-9]* | *[!_$as_cr_alnum]* )
+ as_fn_error $? "invalid variable name: \`$ac_envvar'" ;;
+ esac
eval $ac_envvar=\$ac_optarg
export $ac_envvar ;;
*)
# FIXME: should be removed in autoconf 3.0.
- echo "$as_me: WARNING: you should use --build, --host, --target" >&2
+ $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
- echo "$as_me: WARNING: invalid host type: $ac_option" >&2
- : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}
+ $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
+ : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}"
;;
esac
if test -n "$ac_prev"; then
ac_option=--`echo $ac_prev | sed 's/_/-/g'`
- { echo "$as_me: error: missing argument to $ac_option" >&2
- { (exit 1); exit 1; }; }
+ as_fn_error $? "missing argument to $ac_option"
fi
-# Be sure to have absolute directory names.
+if test -n "$ac_unrecognized_opts"; then
+ case $enable_option_checking in
+ no) ;;
+ fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;;
+ *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
+ esac
+fi
+
+# Check all directory arguments for consistency.
for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
datadir sysconfdir sharedstatedir localstatedir includedir \
oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
libdir localedir mandir
do
eval ac_val=\$$ac_var
+ # Remove trailing slashes.
+ case $ac_val in
+ */ )
+ ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
+ eval $ac_var=\$ac_val;;
+ esac
+ # Be sure to have absolute directory names.
case $ac_val in
[\\/$]* | ?:[\\/]* ) continue;;
NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
esac
- { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2
- { (exit 1); exit 1; }; }
+ as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val"
done
# There might be people who depend on the old broken behavior: `$host'
if test "x$host_alias" != x; then
if test "x$build_alias" = x; then
cross_compiling=maybe
- echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host.
- If a cross compiler is detected then cross compile mode will be used." >&2
elif test "x$build_alias" != "x$host_alias"; then
cross_compiling=yes
fi
ac_pwd=`pwd` && test -n "$ac_pwd" &&
ac_ls_di=`ls -di .` &&
ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
- { echo "$as_me: error: Working directory cannot be determined" >&2
- { (exit 1); exit 1; }; }
+ as_fn_error $? "working directory cannot be determined"
test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
- { echo "$as_me: error: pwd does not report name of working directory" >&2
- { (exit 1); exit 1; }; }
+ as_fn_error $? "pwd does not report name of working directory"
# Find the source files, if location was not specified.
if test -z "$srcdir"; then
ac_srcdir_defaulted=yes
# Try the directory containing this script, then the parent directory.
- ac_confdir=`$as_dirname -- "$0" ||
-$as_expr X"$0" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$0" : 'X\(//\)[^/]' \| \
- X"$0" : 'X\(//\)$' \| \
- X"$0" : 'X\(/\)' \| . 2>/dev/null ||
-echo X"$0" |
+ ac_confdir=`$as_dirname -- "$as_myself" ||
+$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_myself" : 'X\(//\)[^/]' \| \
+ X"$as_myself" : 'X\(//\)$' \| \
+ X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_myself" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
s//\1/
q
fi
if test ! -r "$srcdir/$ac_unique_file"; then
test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
- { echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2
- { (exit 1); exit 1; }; }
+ as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir"
fi
ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
ac_abs_confdir=`(
- cd "$srcdir" && test -r "./$ac_unique_file" || { echo "$as_me: error: $ac_msg" >&2
- { (exit 1); exit 1; }; }
+ cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg"
pwd)`
# When building in place, set srcdir=.
if test "$ac_abs_confdir" = "$ac_pwd"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures nettle 2.1 to adapt to many kinds of systems.
+\`configure' configures nettle 2.7.1 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
--help=short display options specific to this package
--help=recursive display the short help of all the included packages
-V, --version display version information and exit
- -q, --quiet, --silent do not print \`checking...' messages
+ -q, --quiet, --silent do not print \`checking ...' messages
--cache-file=FILE cache test results in FILE [disabled]
-C, --config-cache alias for \`--cache-file=config.cache'
-n, --no-create do not create output files
Installation directories:
--prefix=PREFIX install architecture-independent files in PREFIX
- [$ac_default_prefix]
+ [$ac_default_prefix]
--exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
- [PREFIX]
+ [PREFIX]
By default, \`make install' will install all the files in
\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify
For better control, use the options below.
Fine tuning of the installation directories:
- --bindir=DIR user executables [EPREFIX/bin]
- --sbindir=DIR system admin executables [EPREFIX/sbin]
- --libexecdir=DIR program executables [EPREFIX/libexec]
- --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
- --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
- --localstatedir=DIR modifiable single-machine data [PREFIX/var]
- --libdir=DIR object code libraries [EPREFIX/lib]
- --includedir=DIR C header files [PREFIX/include]
- --oldincludedir=DIR C header files for non-gcc [/usr/include]
- --datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
- --datadir=DIR read-only architecture-independent data [DATAROOTDIR]
- --infodir=DIR info documentation [DATAROOTDIR/info]
- --localedir=DIR locale-dependent data [DATAROOTDIR/locale]
- --mandir=DIR man documentation [DATAROOTDIR/man]
- --docdir=DIR documentation root [DATAROOTDIR/doc/nettle]
- --htmldir=DIR html documentation [DOCDIR]
- --dvidir=DIR dvi documentation [DOCDIR]
- --pdfdir=DIR pdf documentation [DOCDIR]
- --psdir=DIR ps documentation [DOCDIR]
+ --bindir=DIR user executables [EPREFIX/bin]
+ --sbindir=DIR system admin executables [EPREFIX/sbin]
+ --libexecdir=DIR program executables [EPREFIX/libexec]
+ --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
+ --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
+ --localstatedir=DIR modifiable single-machine data [PREFIX/var]
+ --libdir=DIR object code libraries [EPREFIX/lib]
+ --includedir=DIR C header files [PREFIX/include]
+ --oldincludedir=DIR C header files for non-gcc [/usr/include]
+ --datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
+ --datadir=DIR read-only architecture-independent data [DATAROOTDIR]
+ --infodir=DIR info documentation [DATAROOTDIR/info]
+ --localedir=DIR locale-dependent data [DATAROOTDIR/locale]
+ --mandir=DIR man documentation [DATAROOTDIR/man]
+ --docdir=DIR documentation root [DATAROOTDIR/doc/nettle]
+ --htmldir=DIR html documentation [DOCDIR]
+ --dvidir=DIR dvi documentation [DOCDIR]
+ --pdfdir=DIR pdf documentation [DOCDIR]
+ --psdir=DIR ps documentation [DOCDIR]
_ACEOF
cat <<\_ACEOF
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of nettle 2.1:";;
+ short | recursive ) echo "Configuration of nettle 2.7.1:";;
esac
cat <<\_ACEOF
Optional Features:
+ --disable-option-checking ignore unrecognized --enable/--with options
--disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
--enable-FEATURE[=ARG] include FEATURE [ARG=yes]
--disable-public-key Disable public key algorithms
--disable-assembler Disable assembler code
- --enable-shared Build a shared library
+ --disable-static Do not build any static library
+ --disable-shared Do not build any shared library
--disable-pic Do not try to compile library files as position
independent code
--disable-openssl Do not include openssl glue in the benchmark program
+ --enable-gcov Instrument for gcov (requires a modern gcc)
+ --disable-documentation Omit building and installing the documentation.
+ (default=auto)
+ --enable-arm-neon Enable ARM Neon assembly. (default=auto)
--disable-dependency-tracking
Disable dependency tracking. Dependency tracking
doesn't work with BSD make
LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
nonstandard directory <lib dir>
LIBS libraries to pass to the linker, e.g. -l<library>
- CPPFLAGS C/C++/Objective C preprocessor flags, e.g. -I<include dir> if
+ CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
you have headers in a nonstandard directory <include dir>
CXX C++ compiler command
CXXFLAGS C++ compiler flags
+ CC_FOR_BUILD
+ build system C compiler
CPP C preprocessor
Use these variables to override the choices made by `configure' or to help
if test "$ac_init_help" = "recursive"; then
# If there are subdirs, report their specific --help.
for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
- test -d "$ac_dir" || continue
+ test -d "$ac_dir" ||
+ { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
+ continue
ac_builddir=.
case "$ac_dir" in
.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
*)
- ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
+ ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
# A ".." for each directory in $ac_dir_suffix.
- ac_top_builddir_sub=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,/..,g;s,/,,'`
+ ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
case $ac_top_builddir_sub in
"") ac_top_builddir_sub=. ac_top_build_prefix= ;;
*) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
echo &&
$SHELL "$ac_srcdir/configure" --help=recursive
else
- echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
+ $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
fi || ac_status=$?
cd "$ac_pwd" || { ac_status=$?; break; }
done
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-nettle configure 2.1
-generated by GNU Autoconf 2.61
+nettle configure 2.7.1
+generated by GNU Autoconf 2.69
-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
-2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+Copyright (C) 2012 Free Software Foundation, Inc.
This configure script is free software; the Free Software Foundation
gives unlimited permission to copy, distribute and modify it.
_ACEOF
exit
fi
-cat >config.log <<_ACEOF
-This file contains any messages produced by compilers while
-running configure, to aid debugging if configure makes a mistake.
-It was created by nettle $as_me 2.1, which was
-generated by GNU Autoconf 2.61. Invocation command line was
+## ------------------------ ##
+## Autoconf initialization. ##
+## ------------------------ ##
- $ $0 $@
+# ac_fn_c_try_compile LINENO
+# --------------------------
+# Try to compile conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_compile ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ rm -f conftest.$ac_objext
+ if { { ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compile") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
-_ACEOF
-exec 5>>config.log
+ ac_retval=1
+fi
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_compile
+
+# ac_fn_cxx_try_compile LINENO
+# ----------------------------
+# Try to compile conftest.$ac_ext, and return whether this succeeded.
+ac_fn_cxx_try_compile ()
{
-cat <<_ASUNAME
-## --------- ##
-## Platform. ##
-## --------- ##
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ rm -f conftest.$ac_objext
+ if { { ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compile") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && {
+ test -z "$ac_cxx_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
-hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
-uname -m = `(uname -m) 2>/dev/null || echo unknown`
-uname -r = `(uname -r) 2>/dev/null || echo unknown`
-uname -s = `(uname -s) 2>/dev/null || echo unknown`
-uname -v = `(uname -v) 2>/dev/null || echo unknown`
+ ac_retval=1
+fi
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+ as_fn_set_status $ac_retval
-/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
-/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown`
+} # ac_fn_cxx_try_compile
-/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown`
-/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown`
-/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
-/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown`
-/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown`
-/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown`
-/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown`
+# ac_fn_c_try_cpp LINENO
+# ----------------------
+# Try to preprocess conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_cpp ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if { { ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } > conftest.i && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
-_ASUNAME
+ ac_retval=1
+fi
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+ as_fn_set_status $ac_retval
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- echo "PATH: $as_dir"
-done
-IFS=$as_save_IFS
+} # ac_fn_c_try_cpp
-} >&5
+# ac_fn_c_check_type LINENO TYPE VAR INCLUDES
+# -------------------------------------------
+# Tests whether TYPE exists after having included INCLUDES, setting cache
+# variable VAR accordingly.
+ac_fn_c_check_type ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval \${$3+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ eval "$3=no"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+if (sizeof ($2))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+if (sizeof (($2)))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
-cat >&5 <<_ACEOF
+else
+ eval "$3=yes"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+} # ac_fn_c_check_type
-## ----------- ##
-## Core tests. ##
-## ----------- ##
+# ac_fn_c_try_run LINENO
+# ----------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes
+# that executables *can* be run.
+ac_fn_c_try_run ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && { ac_try='./conftest$ac_exeext'
+ { { case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; }; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: program exited with status $ac_status" >&5
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+ ac_retval=$ac_status
+fi
+ rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_run
+
+# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES
+# -------------------------------------------------------
+# Tests whether HEADER exists and can be compiled using the include files in
+# INCLUDES, setting the cache variable VAR accordingly.
+ac_fn_c_check_header_compile ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval \${$3+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+#include <$2>
_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ eval "$3=yes"
+else
+ eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+} # ac_fn_c_check_header_compile
-# Keep a trace of the command line.
-# Strip out --no-create and --no-recursion so they do not pile up.
-# Strip out --silent because we don't want to record it for future runs.
-# Also quote any args containing shell meta-characters.
-# Make two passes to allow for proper duplicate-argument suppression.
-ac_configure_args=
-ac_configure_args0=
-ac_configure_args1=
-ac_must_keep_next=false
-for ac_pass in 1 2
-do
- for ac_arg
- do
- case $ac_arg in
- -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
- -q | -quiet | --quiet | --quie | --qui | --qu | --q \
- | -silent | --silent | --silen | --sile | --sil)
- continue ;;
- *\'*)
- ac_arg=`echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
- esac
- case $ac_pass in
- 1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;;
- 2)
- ac_configure_args1="$ac_configure_args1 '$ac_arg'"
- if test $ac_must_keep_next = true; then
- ac_must_keep_next=false # Got value, back to normal.
- else
- case $ac_arg in
- *=* | --config-cache | -C | -disable-* | --disable-* \
- | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
- | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
- | -with-* | --with-* | -without-* | --without-* | --x)
- case "$ac_configure_args0 " in
- "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
- esac
- ;;
- -* ) ac_must_keep_next=true ;;
- esac
- fi
- ac_configure_args="$ac_configure_args '$ac_arg'"
- ;;
- esac
- done
-done
-$as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; }
-$as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; }
-
-# When interrupted or exit'd, cleanup temporary files, and complete
-# config.log. We remove comments because anyway the quotes in there
-# would cause problems or look ugly.
-# WARNING: Use '\'' to represent an apostrophe within the trap.
-# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
-trap 'exit_status=$?
- # Save into config.log some information that might help in debugging.
- {
- echo
-
- cat <<\_ASBOX
-## ---------------- ##
-## Cache variables. ##
-## ---------------- ##
-_ASBOX
- echo
- # The following way of writing the cache mishandles newlines in values,
-(
- for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
- eval ac_val=\$$ac_var
- case $ac_val in #(
- *${as_nl}*)
- case $ac_var in #(
- *_cv_*) { echo "$as_me:$LINENO: WARNING: Cache variable $ac_var contains a newline." >&5
-echo "$as_me: WARNING: Cache variable $ac_var contains a newline." >&2;} ;;
- esac
- case $ac_var in #(
- _ | IFS | as_nl) ;; #(
- *) $as_unset $ac_var ;;
- esac ;;
- esac
- done
- (set) 2>&1 |
- case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
- *${as_nl}ac_space=\ *)
- sed -n \
- "s/'\''/'\''\\\\'\'''\''/g;
- s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
- ;; #(
- *)
- sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
- ;;
- esac |
- sort
-)
- echo
-
- cat <<\_ASBOX
-## ----------------- ##
-## Output variables. ##
-## ----------------- ##
-_ASBOX
- echo
- for ac_var in $ac_subst_vars
- do
- eval ac_val=\$$ac_var
- case $ac_val in
- *\'\''*) ac_val=`echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
- esac
- echo "$ac_var='\''$ac_val'\''"
- done | sort
- echo
-
- if test -n "$ac_subst_files"; then
- cat <<\_ASBOX
-## ------------------- ##
-## File substitutions. ##
-## ------------------- ##
-_ASBOX
- echo
- for ac_var in $ac_subst_files
- do
- eval ac_val=\$$ac_var
- case $ac_val in
- *\'\''*) ac_val=`echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
- esac
- echo "$ac_var='\''$ac_val'\''"
- done | sort
- echo
- fi
-
- if test -s confdefs.h; then
- cat <<\_ASBOX
-## ----------- ##
-## confdefs.h. ##
-## ----------- ##
-_ASBOX
- echo
- cat confdefs.h
- echo
- fi
- test "$ac_signal" != 0 &&
- echo "$as_me: caught signal $ac_signal"
- echo "$as_me: exit $exit_status"
- } >&5
- rm -f core *.core core.conftest.* &&
- rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
- exit $exit_status
-' 0
-for ac_signal in 1 2 13 15; do
- trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal
-done
-ac_signal=0
-
-# confdefs.h avoids OS command line length limits that DEFS can exceed.
-rm -f -r conftest* confdefs.h
-
-# Predefined preprocessor variables.
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_NAME "$PACKAGE_NAME"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_VERSION "$PACKAGE_VERSION"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_STRING "$PACKAGE_STRING"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
-_ACEOF
-
-
-# Let the site file select an alternate cache file if it wants to.
-# Prefer explicitly selected file to automatically selected ones.
-if test -n "$CONFIG_SITE"; then
- set x "$CONFIG_SITE"
-elif test "x$prefix" != xNONE; then
- set x "$prefix/share/config.site" "$prefix/etc/config.site"
-else
- set x "$ac_default_prefix/share/config.site" \
- "$ac_default_prefix/etc/config.site"
-fi
-shift
-for ac_site_file
-do
- if test -r "$ac_site_file"; then
- { echo "$as_me:$LINENO: loading site script $ac_site_file" >&5
-echo "$as_me: loading site script $ac_site_file" >&6;}
- sed 's/^/| /' "$ac_site_file" >&5
- . "$ac_site_file"
- fi
-done
-
-if test -r "$cache_file"; then
- # Some versions of bash will fail to source /dev/null (special
- # files actually), so we avoid doing that.
- if test -f "$cache_file"; then
- { echo "$as_me:$LINENO: loading cache $cache_file" >&5
-echo "$as_me: loading cache $cache_file" >&6;}
- case $cache_file in
- [\\/]* | ?:[\\/]* ) . "$cache_file";;
- *) . "./$cache_file";;
- esac
- fi
-else
- { echo "$as_me:$LINENO: creating cache $cache_file" >&5
-echo "$as_me: creating cache $cache_file" >&6;}
- >$cache_file
-fi
-
-# Check that the precious variables saved in the cache have kept the same
-# value.
-ac_cache_corrupted=false
-for ac_var in $ac_precious_vars; do
- eval ac_old_set=\$ac_cv_env_${ac_var}_set
- eval ac_new_set=\$ac_env_${ac_var}_set
- eval ac_old_val=\$ac_cv_env_${ac_var}_value
- eval ac_new_val=\$ac_env_${ac_var}_value
- case $ac_old_set,$ac_new_set in
- set,)
- { echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
-echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
- ac_cache_corrupted=: ;;
- ,set)
- { echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5
-echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
- ac_cache_corrupted=: ;;
- ,);;
- *)
- if test "x$ac_old_val" != "x$ac_new_val"; then
- { echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5
-echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
- { echo "$as_me:$LINENO: former value: $ac_old_val" >&5
-echo "$as_me: former value: $ac_old_val" >&2;}
- { echo "$as_me:$LINENO: current value: $ac_new_val" >&5
-echo "$as_me: current value: $ac_new_val" >&2;}
- ac_cache_corrupted=:
- fi;;
- esac
- # Pass precious variables to config.status.
- if test "$ac_new_set" = set; then
- case $ac_new_val in
- *\'*) ac_arg=$ac_var=`echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
- *) ac_arg=$ac_var=$ac_new_val ;;
- esac
- case " $ac_configure_args " in
- *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
- *) ac_configure_args="$ac_configure_args '$ac_arg'" ;;
- esac
- fi
-done
-if $ac_cache_corrupted; then
- { echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5
-echo "$as_me: error: changes in the environment can compromise the build" >&2;}
- { { echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5
-echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;}
- { (exit 1); exit 1; }; }
-fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-
-
-# Needed to stop autoconf from looking for files in parent directories.
-ac_aux_dir=
-for ac_dir in . "$srcdir"/.; do
- if test -f "$ac_dir/install-sh"; then
- ac_aux_dir=$ac_dir
- ac_install_sh="$ac_aux_dir/install-sh -c"
- break
- elif test -f "$ac_dir/install.sh"; then
- ac_aux_dir=$ac_dir
- ac_install_sh="$ac_aux_dir/install.sh -c"
- break
- elif test -f "$ac_dir/shtool"; then
- ac_aux_dir=$ac_dir
- ac_install_sh="$ac_aux_dir/shtool install -c"
- break
- fi
-done
-if test -z "$ac_aux_dir"; then
- { { echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in . \"$srcdir\"/." >&5
-echo "$as_me: error: cannot find install-sh or install.sh in . \"$srcdir\"/." >&2;}
- { (exit 1); exit 1; }; }
-fi
-
-# These three variables are undocumented and unsupported,
-# and are intended to be withdrawn in a future Autoconf release.
-# They can cause serious problems if a builder's source tree is in a directory
-# whose full name contains unusual characters.
-ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var.
-ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var.
-ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
-
-
-
-ac_config_headers="$ac_config_headers config.h"
-
-
-LIBNETTLE_MAJOR=4
-LIBNETTLE_MINOR=0
-
-LIBHOGWEED_MAJOR=2
-LIBHOGWEED_MINOR=0
-
-# Make sure we can run config.sub.
-$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
- { { echo "$as_me:$LINENO: error: cannot run $SHELL $ac_aux_dir/config.sub" >&5
-echo "$as_me: error: cannot run $SHELL $ac_aux_dir/config.sub" >&2;}
- { (exit 1); exit 1; }; }
-
-{ echo "$as_me:$LINENO: checking build system type" >&5
-echo $ECHO_N "checking build system type... $ECHO_C" >&6; }
-if test "${ac_cv_build+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_build_alias=$build_alias
-test "x$ac_build_alias" = x &&
- ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"`
-test "x$ac_build_alias" = x &&
- { { echo "$as_me:$LINENO: error: cannot guess build type; you must specify one" >&5
-echo "$as_me: error: cannot guess build type; you must specify one" >&2;}
- { (exit 1); exit 1; }; }
-ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` ||
- { { echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&5
-echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $ac_build_alias failed" >&2;}
- { (exit 1); exit 1; }; }
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_build" >&5
-echo "${ECHO_T}$ac_cv_build" >&6; }
-case $ac_cv_build in
-*-*-*) ;;
-*) { { echo "$as_me:$LINENO: error: invalid value of canonical build" >&5
-echo "$as_me: error: invalid value of canonical build" >&2;}
- { (exit 1); exit 1; }; };;
-esac
-build=$ac_cv_build
-ac_save_IFS=$IFS; IFS='-'
-set x $ac_cv_build
-shift
-build_cpu=$1
-build_vendor=$2
-shift; shift
-# Remember, the first character of IFS is used to create $*,
-# except with old shells:
-build_os=$*
-IFS=$ac_save_IFS
-case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
-
-
-{ echo "$as_me:$LINENO: checking host system type" >&5
-echo $ECHO_N "checking host system type... $ECHO_C" >&6; }
-if test "${ac_cv_host+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if test "x$host_alias" = x; then
- ac_cv_host=$ac_cv_build
-else
- ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` ||
- { { echo "$as_me:$LINENO: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&5
-echo "$as_me: error: $SHELL $ac_aux_dir/config.sub $host_alias failed" >&2;}
- { (exit 1); exit 1; }; }
-fi
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_host" >&5
-echo "${ECHO_T}$ac_cv_host" >&6; }
-case $ac_cv_host in
-*-*-*) ;;
-*) { { echo "$as_me:$LINENO: error: invalid value of canonical host" >&5
-echo "$as_me: error: invalid value of canonical host" >&2;}
- { (exit 1); exit 1; }; };;
-esac
-host=$ac_cv_host
-ac_save_IFS=$IFS; IFS='-'
-set x $ac_cv_host
-shift
-host_cpu=$1
-host_vendor=$2
-shift; shift
-# Remember, the first character of IFS is used to create $*,
-# except with old shells:
-host_os=$*
-IFS=$ac_save_IFS
-case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
-
-
-
-# Command line options
-
-# Check whether --with-include-path was given.
-if test "${with_include_path+set}" = set; then
- withval=$with_include_path;
-else
- with_include_path=''
-fi
-
-
-if test x$with_include_path != x ; then
- CPPFLAGS="$CPPFLAGS -I`echo $with_include_path | sed 's/:/ -I/g'`"
-fi
-
-
-# Check whether --with-lib-path was given.
-if test "${with_lib_path+set}" = set; then
- withval=$with_lib_path;
-else
- with_lib_path=''
-fi
-
-
-if test x$with_lib_path != x ; then
- LDFLAGS="$LDFLAGS -L`echo $with_lib_path | sed 's/:/ -L/g'`"
-fi
-
-# Check whether --enable-public-key was given.
-if test "${enable_public_key+set}" = set; then
- enableval=$enable_public_key;
-else
- enable_public_key=yes
-fi
-
-
-# Check whether --enable-assembler was given.
-if test "${enable_assembler+set}" = set; then
- enableval=$enable_assembler;
-else
- enable_assembler=yes
-fi
-
-
-# Check whether --enable-shared was given.
-if test "${enable_shared+set}" = set; then
- enableval=$enable_shared;
-else
- enable_shared=no
-fi
-
-
-# Check whether --enable-pic was given.
-if test "${enable_pic+set}" = set; then
- enableval=$enable_pic;
-else
- enable_pic=yes
-fi
-
-
-# Check whether --enable-openssl was given.
-if test "${enable_openssl+set}" = set; then
- enableval=$enable_openssl;
-else
- enable_openssl=yes
-fi
-
-
-{ echo "$as_me:$LINENO: checking for -R flag" >&5
-echo $ECHO_N "checking for -R flag... $ECHO_C" >&6; }
-RPATHFLAG=''
-case "$host_os" in
- osf1*) RPATHFLAG="-rpath " ;;
- irix6.*|irix5.*) RPATHFLAG="-rpath " ;;
- solaris*)
- if test "$TCC" = "yes"; then
- # tcc doesn't know about -R
- RPATHFLAG="-Wl,-R,"
- else
- RPATHFLAG=-R
- fi
- ;;
- linux*) RPATHFLAG="-Wl,-rpath," ;;
- *) RPATHFLAG="" ;;
-esac
-
-if test x$RPATHFLAG = x ; then
- { echo "$as_me:$LINENO: result: none" >&5
-echo "${ECHO_T}none" >&6; }
-else
- { echo "$as_me:$LINENO: result: using $RPATHFLAG" >&5
-echo "${ECHO_T}using $RPATHFLAG" >&6; }
-fi
-
-RPATH_CANDIDATE_REAL_DIRS=''
-RPATH_CANDIDATE_DIRS=''
-
-{ echo "$as_me:$LINENO: result: Searching for libraries" >&5
-echo "${ECHO_T}Searching for libraries" >&6; }
-
-for d in `echo $with_lib_path | sed 's/:/ /g'` \
- `echo $exec_prefix | sed "s@^NONE@$prefix/lib@g" | sed "s@^NONE@$ac_default_prefix/lib@g"` \
- /usr/local/lib /sw/local/lib /sw/lib \
- /usr/gnu/lib /opt/gnu/lib /sw/gnu/lib /usr/freeware/lib /usr/pkg/lib ; do
- { echo "$as_me:$LINENO: checking $d" >&5
-echo $ECHO_N "checking $d... $ECHO_C" >&6; }
-ac_exists=no
-if test -d "$d/." ; then
- ac_real_dir=`cd $d && pwd`
- if test -n "$ac_real_dir" ; then
- ac_exists=yes
- for old in RPATH_CANDIDATE_REAL_DIRS ; do
- ac_found=no
- if test x$ac_real_dir = x$old ; then
- ac_found=yes;
- break;
- fi
- done
- if test $ac_found = yes ; then
- { echo "$as_me:$LINENO: result: already added" >&5
-echo "${ECHO_T}already added" >&6; }
- else
- { echo "$as_me:$LINENO: result: added" >&5
-echo "${ECHO_T}added" >&6; }
- # LDFLAGS="$LDFLAGS -L $d"
- RPATH_CANDIDATE_REAL_DIRS="$ac_real_dir $RPATH_CANDIDATE_REAL_DIRS"
- RPATH_CANDIDATE_DIRS="$d $RPATH_CANDIDATE_DIRS"
- fi
- fi
-fi
-if test $ac_exists = no ; then
- { echo "$as_me:$LINENO: result: not found" >&5
-echo "${ECHO_T}not found" >&6; }
-fi
-
-done
-
-
-# Checks for programs.
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
-set dummy ${ac_tool_prefix}gcc; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_CC+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_CC="${ac_tool_prefix}gcc"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { echo "$as_me:$LINENO: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6; }
-else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_CC"; then
- ac_ct_CC=$CC
- # Extract the first word of "gcc", so it can be a program name with args.
-set dummy gcc; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_ac_ct_CC="gcc"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
- { echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
-echo "${ECHO_T}$ac_ct_CC" >&6; }
-else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
- if test "x$ac_ct_CC" = x; then
- CC=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&5
-echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&2;}
-ac_tool_warned=yes ;;
-esac
- CC=$ac_ct_CC
- fi
-else
- CC="$ac_cv_prog_CC"
-fi
-
-if test -z "$CC"; then
- if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
-set dummy ${ac_tool_prefix}cc; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_CC+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_CC="${ac_tool_prefix}cc"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { echo "$as_me:$LINENO: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6; }
-else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-
- fi
-fi
-if test -z "$CC"; then
- # Extract the first word of "cc", so it can be a program name with args.
-set dummy cc; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_CC+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
- ac_prog_rejected=no
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
- ac_prog_rejected=yes
- continue
- fi
- ac_cv_prog_CC="cc"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-IFS=$as_save_IFS
-
-if test $ac_prog_rejected = yes; then
- # We found a bogon in the path, so make sure we never use it.
- set dummy $ac_cv_prog_CC
- shift
- if test $# != 0; then
- # We chose a different compiler from the bogus one.
- # However, it has the same basename, so the bogon will be chosen
- # first if we set CC to just the basename; use the full file name.
- shift
- ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
- fi
-fi
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { echo "$as_me:$LINENO: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6; }
-else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-
-fi
-if test -z "$CC"; then
- if test -n "$ac_tool_prefix"; then
- for ac_prog in cl.exe
- do
- # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
-set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_CC+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if test -n "$CC"; then
- ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
- { echo "$as_me:$LINENO: result: $CC" >&5
-echo "${ECHO_T}$CC" >&6; }
-else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-
- test -n "$CC" && break
- done
-fi
-if test -z "$CC"; then
- ac_ct_CC=$CC
- for ac_prog in cl.exe
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if test -n "$ac_ct_CC"; then
- ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_ac_ct_CC="$ac_prog"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
- { echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
-echo "${ECHO_T}$ac_ct_CC" >&6; }
-else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-
- test -n "$ac_ct_CC" && break
-done
-
- if test "x$ac_ct_CC" = x; then
- CC=""
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&5
-echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&2;}
-ac_tool_warned=yes ;;
-esac
- CC=$ac_ct_CC
- fi
-fi
-
-fi
-
-
-test -z "$CC" && { { echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH
-See \`config.log' for more details." >&5
-echo "$as_me: error: no acceptable C compiler found in \$PATH
-See \`config.log' for more details." >&2;}
- { (exit 1); exit 1; }; }
-
-# Provide some information about the compiler.
-echo "$as_me:$LINENO: checking for C compiler version" >&5
-ac_compiler=`set X $ac_compile; echo $2`
-{ (ac_try="$ac_compiler --version >&5"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compiler --version >&5") 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }
-{ (ac_try="$ac_compiler -v >&5"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compiler -v >&5") 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }
-{ (ac_try="$ac_compiler -V >&5"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compiler -V >&5") 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }
-
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-ac_clean_files_save=$ac_clean_files
-ac_clean_files="$ac_clean_files a.out a.exe b.out"
-# Try to create an executable without -o first, disregard a.out.
-# It will help us diagnose broken compilers, and finding out an intuition
-# of exeext.
-{ echo "$as_me:$LINENO: checking for C compiler default output file name" >&5
-echo $ECHO_N "checking for C compiler default output file name... $ECHO_C" >&6; }
-ac_link_default=`echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
-#
-# List of possible output files, starting from the most likely.
-# The algorithm is not robust to junk in `.', hence go to wildcards (a.*)
-# only as a last resort. b.out is created by i960 compilers.
-ac_files='a_out.exe a.exe conftest.exe a.out conftest a.* conftest.* b.out'
-#
-# The IRIX 6 linker writes into existing files which may not be
-# executable, retaining their permissions. Remove them first so a
-# subsequent execution test works.
-ac_rmfiles=
-for ac_file in $ac_files
-do
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.o | *.obj ) ;;
- * ) ac_rmfiles="$ac_rmfiles $ac_file";;
- esac
-done
-rm -f $ac_rmfiles
-
-if { (ac_try="$ac_link_default"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link_default") 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; then
- # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
-# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
-# in a Makefile. We should not override ac_cv_exeext if it was cached,
-# so that the user can short-circuit this test for compilers unknown to
-# Autoconf.
-for ac_file in $ac_files ''
-do
- test -f "$ac_file" || continue
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.o | *.obj )
- ;;
- [ab].out )
- # We found the default executable, but exeext='' is most
- # certainly right.
- break;;
- *.* )
- if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
- then :; else
- ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
- fi
- # We set ac_cv_exeext here because the later test for it is not
- # safe: cross compilers may not add the suffix if given an `-o'
- # argument, so we may need to know it at that point already.
- # Even if this section looks crufty: it has the advantage of
- # actually working.
- break;;
- * )
- break;;
- esac
-done
-test "$ac_cv_exeext" = no && ac_cv_exeext=
-
-else
- ac_file=''
-fi
-
-{ echo "$as_me:$LINENO: result: $ac_file" >&5
-echo "${ECHO_T}$ac_file" >&6; }
-if test -z "$ac_file"; then
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-{ { echo "$as_me:$LINENO: error: C compiler cannot create executables
-See \`config.log' for more details." >&5
-echo "$as_me: error: C compiler cannot create executables
-See \`config.log' for more details." >&2;}
- { (exit 77); exit 77; }; }
-fi
-
-ac_exeext=$ac_cv_exeext
-
-# Check that the compiler produces executables we can run. If not, either
-# the compiler is broken, or we cross compile.
-{ echo "$as_me:$LINENO: checking whether the C compiler works" >&5
-echo $ECHO_N "checking whether the C compiler works... $ECHO_C" >&6; }
-# FIXME: These cross compiler hacks should be removed for Autoconf 3.0
-# If not cross compiling, check that we can run a simple program.
-if test "$cross_compiling" != yes; then
- if { ac_try='./$ac_file'
- { (case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- cross_compiling=no
- else
- if test "$cross_compiling" = maybe; then
- cross_compiling=yes
- else
- { { echo "$as_me:$LINENO: error: cannot run C compiled programs.
-If you meant to cross compile, use \`--host'.
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot run C compiled programs.
-If you meant to cross compile, use \`--host'.
-See \`config.log' for more details." >&2;}
- { (exit 1); exit 1; }; }
- fi
- fi
-fi
-{ echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
-
-rm -f a.out a.exe conftest$ac_cv_exeext b.out
-ac_clean_files=$ac_clean_files_save
-# Check that the compiler produces executables we can run. If not, either
-# the compiler is broken, or we cross compile.
-{ echo "$as_me:$LINENO: checking whether we are cross compiling" >&5
-echo $ECHO_N "checking whether we are cross compiling... $ECHO_C" >&6; }
-{ echo "$as_me:$LINENO: result: $cross_compiling" >&5
-echo "${ECHO_T}$cross_compiling" >&6; }
-
-{ echo "$as_me:$LINENO: checking for suffix of executables" >&5
-echo $ECHO_N "checking for suffix of executables... $ECHO_C" >&6; }
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; then
- # If both `conftest.exe' and `conftest' are `present' (well, observable)
-# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will
-# work properly (i.e., refer to `conftest.exe'), while it won't with
-# `rm'.
-for ac_file in conftest.exe conftest conftest.*; do
- test -f "$ac_file" || continue
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.o | *.obj ) ;;
- *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
- break;;
- * ) break;;
- esac
-done
-else
- { { echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot compute suffix of executables: cannot compile and link
-See \`config.log' for more details." >&2;}
- { (exit 1); exit 1; }; }
-fi
-
-rm -f conftest$ac_cv_exeext
-{ echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5
-echo "${ECHO_T}$ac_cv_exeext" >&6; }
-
-rm -f conftest.$ac_ext
-EXEEXT=$ac_cv_exeext
-ac_exeext=$EXEEXT
-{ echo "$as_me:$LINENO: checking for suffix of object files" >&5
-echo $ECHO_N "checking for suffix of object files... $ECHO_C" >&6; }
-if test "${ac_cv_objext+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.o conftest.obj
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; then
- for ac_file in conftest.o conftest.obj conftest.*; do
- test -f "$ac_file" || continue;
- case $ac_file in
- *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf ) ;;
- *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
- break;;
- esac
-done
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-{ { echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot compute suffix of object files: cannot compile
-See \`config.log' for more details." >&2;}
- { (exit 1); exit 1; }; }
-fi
-
-rm -f conftest.$ac_cv_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_objext" >&5
-echo "${ECHO_T}$ac_cv_objext" >&6; }
-OBJEXT=$ac_cv_objext
-ac_objext=$OBJEXT
-{ echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5
-echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6; }
-if test "${ac_cv_c_compiler_gnu+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-int
-main ()
-{
-#ifndef __GNUC__
- choke me
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_compiler_gnu=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_compiler_gnu=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-ac_cv_c_compiler_gnu=$ac_compiler_gnu
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5
-echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6; }
-GCC=`test $ac_compiler_gnu = yes && echo yes`
-ac_test_CFLAGS=${CFLAGS+set}
-ac_save_CFLAGS=$CFLAGS
-{ echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5
-echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6; }
-if test "${ac_cv_prog_cc_g+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_save_c_werror_flag=$ac_c_werror_flag
- ac_c_werror_flag=yes
- ac_cv_prog_cc_g=no
- CFLAGS="-g"
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_prog_cc_g=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- CFLAGS=""
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- :
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_c_werror_flag=$ac_save_c_werror_flag
- CFLAGS="-g"
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_prog_cc_g=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- ac_c_werror_flag=$ac_save_c_werror_flag
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5
-echo "${ECHO_T}$ac_cv_prog_cc_g" >&6; }
-if test "$ac_test_CFLAGS" = set; then
- CFLAGS=$ac_save_CFLAGS
-elif test $ac_cv_prog_cc_g = yes; then
- if test "$GCC" = yes; then
- CFLAGS="-g -O2"
- else
- CFLAGS="-g"
- fi
-else
- if test "$GCC" = yes; then
- CFLAGS="-O2"
- else
- CFLAGS=
- fi
-fi
-{ echo "$as_me:$LINENO: checking for $CC option to accept ISO C89" >&5
-echo $ECHO_N "checking for $CC option to accept ISO C89... $ECHO_C" >&6; }
-if test "${ac_cv_prog_cc_c89+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_cv_prog_cc_c89=no
-ac_save_CC=$CC
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <stdarg.h>
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
-struct buf { int x; };
-FILE * (*rcsopen) (struct buf *, struct stat *, int);
-static char *e (p, i)
- char **p;
- int i;
-{
- return p[i];
-}
-static char *f (char * (*g) (char **, int), char **p, ...)
-{
- char *s;
- va_list v;
- va_start (v,p);
- s = g (p, va_arg (v,int));
- va_end (v);
- return s;
-}
-
-/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
- function prototypes and stuff, but not '\xHH' hex character constants.
- These don't provoke an error unfortunately, instead are silently treated
- as 'x'. The following induces an error, until -std is added to get
- proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an
- array size at least. It's necessary to write '\x00'==0 to get something
- that's true only with -std. */
-int osf4_cc_array ['\x00' == 0 ? 1 : -1];
-
-/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
- inside strings and character constants. */
-#define FOO(x) 'x'
-int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
-
-int test (int i, double x);
-struct s1 {int (*f) (int a);};
-struct s2 {int (*f) (double a);};
-int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
-int argc;
-char **argv;
-int
-main ()
-{
-return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1];
- ;
- return 0;
-}
-_ACEOF
-for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
- -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
-do
- CC="$ac_save_CC $ac_arg"
- rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_prog_cc_c89=$ac_arg
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext
- test "x$ac_cv_prog_cc_c89" != "xno" && break
-done
-rm -f conftest.$ac_ext
-CC=$ac_save_CC
-
-fi
-# AC_CACHE_VAL
-case "x$ac_cv_prog_cc_c89" in
- x)
- { echo "$as_me:$LINENO: result: none needed" >&5
-echo "${ECHO_T}none needed" >&6; } ;;
- xno)
- { echo "$as_me:$LINENO: result: unsupported" >&5
-echo "${ECHO_T}unsupported" >&6; } ;;
- *)
- CC="$CC $ac_cv_prog_cc_c89"
- { echo "$as_me:$LINENO: result: $ac_cv_prog_cc_c89" >&5
-echo "${ECHO_T}$ac_cv_prog_cc_c89" >&6; } ;;
-esac
-
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-# When $CC foo.c -o foo creates both foo and foo.exe, autoconf picks
-# up the foo.exe and sets exeext to .exe. That is correct for cygwin,
-# which has some kind of magic link from foo to foo.exe, but not for
-# rntcl. A better check for the cygwin case would check if the
-# contents of foo and foo.exe are equal; in the rntcl case, foo is a
-# sh script, and foo.exe is a windows executable.
-
-if test "x$CC" = xrntcl ; then
- { echo "$as_me:$LINENO: Compiling with rntcl; clearing EXEEXT and disabling assembler" >&5
-echo "$as_me: Compiling with rntcl; clearing EXEEXT and disabling assembler" >&6;}
- ac_exeext=''
- ac_cv_exeext=''
- EXEEXT=''
- enable_assembler=no
-fi
-
-# Used by the testsuite only
-ac_ext=cpp
-ac_cpp='$CXXCPP $CPPFLAGS'
-ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
-if test -z "$CXX"; then
- if test -n "$CCC"; then
- CXX=$CCC
- else
- if test -n "$ac_tool_prefix"; then
- for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC
- do
- # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
-set dummy $ac_tool_prefix$ac_prog; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_CXX+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if test -n "$CXX"; then
- ac_cv_prog_CXX="$CXX" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_CXX="$ac_tool_prefix$ac_prog"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-CXX=$ac_cv_prog_CXX
-if test -n "$CXX"; then
- { echo "$as_me:$LINENO: result: $CXX" >&5
-echo "${ECHO_T}$CXX" >&6; }
-else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-
- test -n "$CXX" && break
- done
-fi
-if test -z "$CXX"; then
- ac_ct_CXX=$CXX
- for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_ac_ct_CXX+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if test -n "$ac_ct_CXX"; then
- ac_cv_prog_ac_ct_CXX="$ac_ct_CXX" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_ac_ct_CXX="$ac_prog"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CXX=$ac_cv_prog_ac_ct_CXX
-if test -n "$ac_ct_CXX"; then
- { echo "$as_me:$LINENO: result: $ac_ct_CXX" >&5
-echo "${ECHO_T}$ac_ct_CXX" >&6; }
-else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-
- test -n "$ac_ct_CXX" && break
-done
-
- if test "x$ac_ct_CXX" = x; then
- CXX="g++"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&5
-echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&2;}
-ac_tool_warned=yes ;;
-esac
- CXX=$ac_ct_CXX
- fi
-fi
-
- fi
-fi
-# Provide some information about the compiler.
-echo "$as_me:$LINENO: checking for C++ compiler version" >&5
-ac_compiler=`set X $ac_compile; echo $2`
-{ (ac_try="$ac_compiler --version >&5"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compiler --version >&5") 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }
-{ (ac_try="$ac_compiler -v >&5"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compiler -v >&5") 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }
-{ (ac_try="$ac_compiler -V >&5"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compiler -V >&5") 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }
-
-{ echo "$as_me:$LINENO: checking whether we are using the GNU C++ compiler" >&5
-echo $ECHO_N "checking whether we are using the GNU C++ compiler... $ECHO_C" >&6; }
-if test "${ac_cv_cxx_compiler_gnu+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-
-int
-main ()
-{
-#ifndef __GNUC__
- choke me
-#endif
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_cxx_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_compiler_gnu=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_compiler_gnu=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-ac_cv_cxx_compiler_gnu=$ac_compiler_gnu
-
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_cxx_compiler_gnu" >&5
-echo "${ECHO_T}$ac_cv_cxx_compiler_gnu" >&6; }
-GXX=`test $ac_compiler_gnu = yes && echo yes`
-ac_test_CXXFLAGS=${CXXFLAGS+set}
-ac_save_CXXFLAGS=$CXXFLAGS
-{ echo "$as_me:$LINENO: checking whether $CXX accepts -g" >&5
-echo $ECHO_N "checking whether $CXX accepts -g... $ECHO_C" >&6; }
-if test "${ac_cv_prog_cxx_g+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_save_cxx_werror_flag=$ac_cxx_werror_flag
- ac_cxx_werror_flag=yes
- ac_cv_prog_cxx_g=no
- CXXFLAGS="-g"
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+# ac_fn_c_compute_int LINENO EXPR VAR INCLUDES
+# --------------------------------------------
+# Tries to find the compile-time value of EXPR in a program that includes
+# INCLUDES, setting VAR accordingly. Returns whether the value could be
+# computed
+ac_fn_c_compute_int ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if test "$cross_compiling" = yes; then
+ # Depending upon the size, compute the lo and hi bounds.
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-
+$4
int
main ()
{
+static int test_array [1 - 2 * !(($2) >= 0)];
+test_array [0] = 0;
+return test_array [0];
;
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_cxx_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_prog_cxx_g=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- CXXFLAGS=""
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_lo=0 ac_mid=0
+ while :; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-
+$4
int
main ()
{
+static int test_array [1 - 2 * !(($2) <= $ac_mid)];
+test_array [0] = 0;
+return test_array [0];
;
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_cxx_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- :
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_hi=$ac_mid; break
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cxx_werror_flag=$ac_save_cxx_werror_flag
- CXXFLAGS="-g"
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ as_fn_arith $ac_mid + 1 && ac_lo=$as_val
+ if test $ac_lo -le $ac_mid; then
+ ac_lo= ac_hi=
+ break
+ fi
+ as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-
+$4
int
main ()
{
+static int test_array [1 - 2 * !(($2) < 0)];
+test_array [0] = 0;
+return test_array [0];
;
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_cxx_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_prog_cxx_g=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- ac_cxx_werror_flag=$ac_save_cxx_werror_flag
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_prog_cxx_g" >&5
-echo "${ECHO_T}$ac_cv_prog_cxx_g" >&6; }
-if test "$ac_test_CXXFLAGS" = set; then
- CXXFLAGS=$ac_save_CXXFLAGS
-elif test $ac_cv_prog_cxx_g = yes; then
- if test "$GXX" = yes; then
- CXXFLAGS="-g -O2"
- else
- CXXFLAGS="-g"
- fi
-else
- if test "$GXX" = yes; then
- CXXFLAGS="-O2"
- else
- CXXFLAGS=
- fi
-fi
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-ac_ext=cpp
-ac_cpp='$CXXCPP $CPPFLAGS'
-ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
-
-
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_hi=-1 ac_mid=-1
+ while :; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-
+$4
int
main ()
{
-return 0;
+static int test_array [1 - 2 * !(($2) >= $ac_mid)];
+test_array [0] = 0;
+return test_array [0];
+
;
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_cxx_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- CXX_TESTS='cxx-test$(EXEEXT)'
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- CXX_TESTS=''
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-{ echo "$as_me:$LINENO: checking whether ${MAKE-make} sets \$(MAKE)" >&5
-echo $ECHO_N "checking whether ${MAKE-make} sets \$(MAKE)... $ECHO_C" >&6; }
-set x ${MAKE-make}; ac_make=`echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'`
-if { as_var=ac_cv_prog_make_${ac_make}_set; eval "test \"\${$as_var+set}\" = set"; }; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.make <<\_ACEOF
-SHELL = /bin/sh
-all:
- @echo '@@@%%%=$(MAKE)=@@@%%%'
-_ACEOF
-# GNU make sometimes prints "make[1]: Entering...", which would confuse us.
-case `${MAKE-make} -f conftest.make 2>/dev/null` in
- *@@@%%%=?*=@@@%%%*)
- eval ac_cv_prog_make_${ac_make}_set=yes;;
- *)
- eval ac_cv_prog_make_${ac_make}_set=no;;
-esac
-rm -f conftest.make
-fi
-if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then
- { echo "$as_me:$LINENO: result: yes" >&5
-echo "${ECHO_T}yes" >&6; }
- SET_MAKE=
-else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
- SET_MAKE="MAKE=${MAKE-make}"
-fi
-
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
-set dummy ${ac_tool_prefix}ranlib; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_RANLIB+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if test -n "$RANLIB"; then
- ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-RANLIB=$ac_cv_prog_RANLIB
-if test -n "$RANLIB"; then
- { echo "$as_me:$LINENO: result: $RANLIB" >&5
-echo "${ECHO_T}$RANLIB" >&6; }
-else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_RANLIB"; then
- ac_ct_RANLIB=$RANLIB
- # Extract the first word of "ranlib", so it can be a program name with args.
-set dummy ranlib; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if test -n "$ac_ct_RANLIB"; then
- ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_ac_ct_RANLIB="ranlib"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
-if test -n "$ac_ct_RANLIB"; then
- { echo "$as_me:$LINENO: result: $ac_ct_RANLIB" >&5
-echo "${ECHO_T}$ac_ct_RANLIB" >&6; }
-else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
-
- if test "x$ac_ct_RANLIB" = x; then
- RANLIB=":"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&5
-echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&2;}
-ac_tool_warned=yes ;;
-esac
- RANLIB=$ac_ct_RANLIB
- fi
-else
- RANLIB="$ac_cv_prog_RANLIB"
-fi
-
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}nm", so it can be a program name with args.
-set dummy ${ac_tool_prefix}nm; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_NM+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if test -n "$NM"; then
- ac_cv_prog_NM="$NM" # Let the user override the test.
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_lo=$ac_mid; break
else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_NM="${ac_tool_prefix}nm"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-IFS=$as_save_IFS
-
-fi
+ as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val
+ if test $ac_mid -le $ac_hi; then
+ ac_lo= ac_hi=
+ break
+ fi
+ as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val
fi
-NM=$ac_cv_prog_NM
-if test -n "$NM"; then
- { echo "$as_me:$LINENO: result: $NM" >&5
-echo "${ECHO_T}$NM" >&6; }
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ ac_lo= ac_hi=
fi
-
-
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
-if test -z "$ac_cv_prog_NM"; then
- ac_ct_NM=$NM
- # Extract the first word of "nm", so it can be a program name with args.
-set dummy nm; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_ac_ct_NM+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if test -n "$ac_ct_NM"; then
- ac_cv_prog_ac_ct_NM="$ac_ct_NM" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_ac_ct_NM="nm"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-IFS=$as_save_IFS
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+# Binary search between lo and hi bounds.
+while test "x$ac_lo" != "x$ac_hi"; do
+ as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) <= $ac_mid)];
+test_array [0] = 0;
+return test_array [0];
-fi
-fi
-ac_ct_NM=$ac_cv_prog_ac_ct_NM
-if test -n "$ac_ct_NM"; then
- { echo "$as_me:$LINENO: result: $ac_ct_NM" >&5
-echo "${ECHO_T}$ac_ct_NM" >&6; }
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_hi=$ac_mid
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val
fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+done
+case $ac_lo in #((
+?*) eval "$3=\$ac_lo"; ac_retval=0 ;;
+'') ac_retval=1 ;;
+esac
+ else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+static long int longval () { return $2; }
+static unsigned long int ulongval () { return $2; }
+#include <stdio.h>
+#include <stdlib.h>
+int
+main ()
+{
- if test "x$ac_ct_NM" = x; then
- NM="strings"
+ FILE *f = fopen ("conftest.val", "w");
+ if (! f)
+ return 1;
+ if (($2) < 0)
+ {
+ long int i = longval ();
+ if (i != ($2))
+ return 1;
+ fprintf (f, "%ld", i);
+ }
else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&5
-echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&2;}
-ac_tool_warned=yes ;;
-esac
- NM=$ac_ct_NM
- fi
+ {
+ unsigned long int i = ulongval ();
+ if (i != ($2))
+ return 1;
+ fprintf (f, "%lu", i);
+ }
+ /* Do not output a trailing newline, as this causes \r\n confusion
+ on some platforms. */
+ return ferror (f) || fclose (f) != 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ echo >>conftest.val; read $3 <conftest.val; ac_retval=0
else
- NM="$ac_cv_prog_NM"
+ ac_retval=1
fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+rm -f conftest.val
-# Used only for the GNU-stack configure test.
-if test -n "$ac_tool_prefix"; then
- # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args.
-set dummy ${ac_tool_prefix}objdump; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_OBJDUMP+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if test -n "$OBJDUMP"; then
- ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-OBJDUMP=$ac_cv_prog_OBJDUMP
-if test -n "$OBJDUMP"; then
- { echo "$as_me:$LINENO: result: $OBJDUMP" >&5
-echo "${ECHO_T}$OBJDUMP" >&6; }
-else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
-fi
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+ as_fn_set_status $ac_retval
+} # ac_fn_c_compute_int
+# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES
+# -------------------------------------------------------
+# Tests whether HEADER exists, giving a warning if it cannot be compiled using
+# the include files in INCLUDES and setting the cache variable VAR
+# accordingly.
+ac_fn_c_check_header_mongrel ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if eval \${$3+:} false; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval \${$3+:} false; then :
+ $as_echo_n "(cached) " >&6
fi
-if test -z "$ac_cv_prog_OBJDUMP"; then
- ac_ct_OBJDUMP=$OBJDUMP
- # Extract the first word of "objdump", so it can be a program name with args.
-set dummy objdump; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_prog_ac_ct_OBJDUMP+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if test -n "$ac_ct_OBJDUMP"; then
- ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test.
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_prog_ac_ct_OBJDUMP="objdump"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
-done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP
-if test -n "$ac_ct_OBJDUMP"; then
- { echo "$as_me:$LINENO: result: $ac_ct_OBJDUMP" >&5
-echo "${ECHO_T}$ac_ct_OBJDUMP" >&6; }
+ # Is the header compilable?
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5
+$as_echo_n "checking $2 usability... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+#include <$2>
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_header_compiler=yes
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ ac_header_compiler=no
fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5
+$as_echo "$ac_header_compiler" >&6; }
- if test "x$ac_ct_OBJDUMP" = x; then
- OBJDUMP="false"
- else
- case $cross_compiling:$ac_tool_warned in
-yes:)
-{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&5
-echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools
-whose name does not start with the host triplet. If you think this
-configuration is useful to you, please write to autoconf@gnu.org." >&2;}
-ac_tool_warned=yes ;;
-esac
- OBJDUMP=$ac_ct_OBJDUMP
- fi
+# Is the header present?
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5
+$as_echo_n "checking $2 presence... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <$2>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ ac_header_preproc=yes
else
- OBJDUMP="$ac_cv_prog_OBJDUMP"
-fi
-
-
-if test "x$ac_cv_prog_cc_stdc" = xno ; then
- { { echo "$as_me:$LINENO: error: the C compiler doesn't handle ANSI-C" >&5
-echo "$as_me: error: the C compiler doesn't handle ANSI-C" >&2;}
- { (exit 1); exit 1; }; } #'
+ ac_header_preproc=no
fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5
+$as_echo "$ac_header_preproc" >&6; }
-# Find a good install program. We prefer a C program (faster),
-# so one script is as good as another. But avoid the broken or
-# incompatible versions:
-# SysV /etc/install, /usr/sbin/install
-# SunOS /usr/etc/install
-# IRIX /sbin/install
-# AIX /bin/install
-# AmigaOS /C/install, which installs bootblocks on floppy discs
-# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
-# AFS /usr/afsws/bin/install, which mishandles nonexistent args
-# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
-# OS/2's system install, which has a completely different semantic
-# ./install, which can be erroneously created by make from ./install.sh.
-{ echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5
-echo $ECHO_N "checking for a BSD-compatible install... $ECHO_C" >&6; }
-if test -z "$INSTALL"; then
-if test "${ac_cv_path_install+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- # Account for people who put trailing slashes in PATH elements.
-case $as_dir/ in
- ./ | .// | /cC/* | \
- /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
- ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \
- /usr/ucb/* ) ;;
- *)
- # OSF1 and SCO ODT 3.0 have their own names for install.
- # Don't use installbsd from OSF since it installs stuff as root
- # by default.
- for ac_prog in ginstall scoinst install; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then
- if test $ac_prog = install &&
- grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
- # AIX install. It has an incompatible calling convention.
- :
- elif test $ac_prog = install &&
- grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
- # program-specific install script used by HP pwplus--don't use.
- :
- else
- ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
- break 3
- fi
- fi
- done
- done
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #((
+ yes:no: )
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5
+$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
+$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
+ ;;
+ no:yes:* )
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5
+$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5
+$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5
+$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5
+$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
+$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
+( $as_echo "## ----------------------------------------------- ##
+## Report this to nettle-bugs@lists.lysator.liu.se ##
+## ----------------------------------------------- ##"
+ ) | sed "s/^/$as_me: WARNING: /" >&2
;;
esac
-done
-IFS=$as_save_IFS
-
-
-fi
- if test "${ac_cv_path_install+set}" = set; then
- INSTALL=$ac_cv_path_install
- else
- # As a last resort, use the slow shell script. Don't cache a
- # value for INSTALL within a source directory, because that will
- # break other packages using the cache if that directory is
- # removed, or if the value is a relative name.
- INSTALL=$ac_install_sh
- fi
-fi
-{ echo "$as_me:$LINENO: result: $INSTALL" >&5
-echo "${ECHO_T}$INSTALL" >&6; }
-
-# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
-# It thinks the first close brace ends the variable substitution.
-test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
-
-test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
-
-test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
-
-
-# According to the autoconf manual, needs install-sh from
-# autoconf-2.60 or automake-1.10 to avoid races.
-{ echo "$as_me:$LINENO: checking for a thread-safe mkdir -p" >&5
-echo $ECHO_N "checking for a thread-safe mkdir -p... $ECHO_C" >&6; }
-if test -z "$MKDIR_P"; then
- if test "${ac_cv_path_mkdir+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval \${$3+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_prog in mkdir gmkdir; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; } || continue
- case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #(
- 'mkdir (GNU coreutils) '* | \
- 'mkdir (coreutils) '* | \
- 'mkdir (fileutils) '4.1*)
- ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext
- break 3;;
- esac
- done
- done
-done
-IFS=$as_save_IFS
-
+ eval "$3=\$ac_header_compiler"
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
fi
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
- if test "${ac_cv_path_mkdir+set}" = set; then
- MKDIR_P="$ac_cv_path_mkdir -p"
- else
- # As a last resort, use the slow shell script. Don't cache a
- # value for MKDIR_P within a source directory, because that will
- # break other packages using the cache if that directory is
- # removed, or if the value is a relative name.
- test -d ./--version && rmdir ./--version
- MKDIR_P="$ac_install_sh -d"
+} # ac_fn_c_check_header_mongrel
+
+# ac_fn_c_try_link LINENO
+# -----------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_link ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ rm -f conftest.$ac_objext conftest$ac_exeext
+ if { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext && {
+ test "$cross_compiling" = yes ||
+ test -x conftest$ac_exeext
+ }; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
fi
-{ echo "$as_me:$LINENO: result: $MKDIR_P" >&5
-echo "${ECHO_T}$MKDIR_P" >&6; }
+ # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
+ # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
+ # interfere with the next link command; also delete a directory that is
+ # left behind by Apple's compiler. We do this before executing the actions.
+ rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+ as_fn_set_status $ac_retval
+} # ac_fn_c_try_link
-# Check whether --enable-dependency_tracking was given.
-if test "${enable_dependency_tracking+set}" = set; then
- enableval=$enable_dependency_tracking;
+# ac_fn_c_check_func LINENO FUNC VAR
+# ----------------------------------
+# Tests whether FUNC exists, setting the cache variable VAR accordingly
+ac_fn_c_check_func ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval \${$3+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- enable_dependency_tracking=yes
-fi
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+/* Define $2 to an innocuous variant, in case <limits.h> declares $2.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $2 innocuous_$2
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $2 (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
-DEP_FLAGS=''
-DEP_PROCESS='true'
-if test x$enable_dependency_tracking = xyes ; then
- if test x$GCC = xyes ; then
- gcc_version=`gcc --version | head -1`
- case "$gcc_version" in
- 2.*|*[!0-9.]2.*)
- enable_dependency_tracking=no
- { echo "$as_me:$LINENO: WARNING: Dependency tracking disabled, gcc-3.x is needed" >&5
-echo "$as_me: WARNING: Dependency tracking disabled, gcc-3.x is needed" >&2;}
- ;;
- *)
- DEP_FLAGS='-MT $@ -MD -MP -MF $@.d'
- DEP_PROCESS='true'
- ;;
- esac
- else
- enable_dependency_tracking=no
- { echo "$as_me:$LINENO: WARNING: Dependency tracking disabled" >&5
-echo "$as_me: WARNING: Dependency tracking disabled" >&2;}
- fi
-fi
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
-if test x$enable_dependency_tracking = xyes ; then
- DEP_INCLUDE='include '
+#undef $2
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $2 ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$2 || defined __stub___$2
+choke me
+#endif
+
+int
+main ()
+{
+return $2 ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ eval "$3=yes"
else
- DEP_INCLUDE='# '
+ eval "$3=no"
fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+} # ac_fn_c_check_func
+cat >config.log <<_ACEOF
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+It was created by nettle $as_me 2.7.1, which was
+generated by GNU Autoconf 2.69. Invocation command line was
+ $ $0 $@
+_ACEOF
+exec 5>>config.log
+{
+cat <<_ASUNAME
+## --------- ##
+## Platform. ##
+## --------- ##
-if test x$enable_dependency_tracking = xyes ; then
- # Since the makefiles use include to get the dependency files, we must
- # make sure that the files exist. We generate some more files than are
- # actually needed.
+hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
- ac_config_commands="$ac_config_commands dummy-dep-files"
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
+/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown`
-fi
+/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown`
+/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
+/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown`
+/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown`
+/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown`
+/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown`
-# Figure out ABI. Currently, configurable only be setting CFLAGS.
-ABI=standard
+_ASUNAME
-case "$host_cpu" in
- x86_64 | amd64)
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ $as_echo "PATH: $as_dir"
+ done
+IFS=$as_save_IFS
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
+} >&5
-#if defined(__x86_64__) || defined(__arch64__)
-#error 64-bit x86
-#endif
+cat >&5 <<_ACEOF
-int
-main ()
-{
- ;
- return 0;
-}
+## ----------- ##
+## Core tests. ##
+## ----------- ##
+
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ABI=32
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+# Keep a trace of the command line.
+# Strip out --no-create and --no-recursion so they do not pile up.
+# Strip out --silent because we don't want to record it for future runs.
+# Also quote any args containing shell meta-characters.
+# Make two passes to allow for proper duplicate-argument suppression.
+ac_configure_args=
+ac_configure_args0=
+ac_configure_args1=
+ac_must_keep_next=false
+for ac_pass in 1 2
+do
+ for ac_arg
+ do
+ case $ac_arg in
+ -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+ | -silent | --silent | --silen | --sile | --sil)
+ continue ;;
+ *\'*)
+ ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ esac
+ case $ac_pass in
+ 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
+ 2)
+ as_fn_append ac_configure_args1 " '$ac_arg'"
+ if test $ac_must_keep_next = true; then
+ ac_must_keep_next=false # Got value, back to normal.
+ else
+ case $ac_arg in
+ *=* | --config-cache | -C | -disable-* | --disable-* \
+ | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
+ | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
+ | -with-* | --with-* | -without-* | --without-* | --x)
+ case "$ac_configure_args0 " in
+ "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
+ esac
+ ;;
+ -* ) ac_must_keep_next=true ;;
+ esac
+ fi
+ as_fn_append ac_configure_args " '$ac_arg'"
+ ;;
+ esac
+ done
+done
+{ ac_configure_args0=; unset ac_configure_args0;}
+{ ac_configure_args1=; unset ac_configure_args1;}
+
+# When interrupted or exit'd, cleanup temporary files, and complete
+# config.log. We remove comments because anyway the quotes in there
+# would cause problems or look ugly.
+# WARNING: Use '\'' to represent an apostrophe within the trap.
+# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
+trap 'exit_status=$?
+ # Save into config.log some information that might help in debugging.
+ {
+ echo
+
+ $as_echo "## ---------------- ##
+## Cache variables. ##
+## ---------------- ##"
+ echo
+ # The following way of writing the cache mishandles newlines in values,
+(
+ for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
+ eval ac_val=\$$ac_var
+ case $ac_val in #(
+ *${as_nl}*)
+ case $ac_var in #(
+ *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+ esac
+ case $ac_var in #(
+ _ | IFS | as_nl) ;; #(
+ BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+ *) { eval $ac_var=; unset $ac_var;} ;;
+ esac ;;
+ esac
+ done
+ (set) 2>&1 |
+ case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
+ *${as_nl}ac_space=\ *)
+ sed -n \
+ "s/'\''/'\''\\\\'\'''\''/g;
+ s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
+ ;; #(
+ *)
+ sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+ ;;
+ esac |
+ sort
+)
+ echo
+
+ $as_echo "## ----------------- ##
+## Output variables. ##
+## ----------------- ##"
+ echo
+ for ac_var in $ac_subst_vars
+ do
+ eval ac_val=\$$ac_var
+ case $ac_val in
+ *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+ esac
+ $as_echo "$ac_var='\''$ac_val'\''"
+ done | sort
+ echo
+
+ if test -n "$ac_subst_files"; then
+ $as_echo "## ------------------- ##
+## File substitutions. ##
+## ------------------- ##"
+ echo
+ for ac_var in $ac_subst_files
+ do
+ eval ac_val=\$$ac_var
+ case $ac_val in
+ *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+ esac
+ $as_echo "$ac_var='\''$ac_val'\''"
+ done | sort
+ echo
+ fi
+
+ if test -s confdefs.h; then
+ $as_echo "## ----------- ##
+## confdefs.h. ##
+## ----------- ##"
+ echo
+ cat confdefs.h
+ echo
+ fi
+ test "$ac_signal" != 0 &&
+ $as_echo "$as_me: caught signal $ac_signal"
+ $as_echo "$as_me: exit $exit_status"
+ } >&5
+ rm -f core *.core core.conftest.* &&
+ rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
+ exit $exit_status
+' 0
+for ac_signal in 1 2 13 15; do
+ trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal
+done
+ac_signal=0
+
+# confdefs.h avoids OS command line length limits that DEFS can exceed.
+rm -f -r conftest* confdefs.h
+
+$as_echo "/* confdefs.h */" > confdefs.h
+# Predefined preprocessor variables.
- ABI=64
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_NAME "$PACKAGE_NAME"
+_ACEOF
-fi
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
+_ACEOF
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- ;;
- *sparc*)
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_VERSION "$PACKAGE_VERSION"
_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#if defined(__sparcv9) || defined(__arch64__)
-#error 64-bit sparc
-#endif
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_STRING "$PACKAGE_STRING"
+_ACEOF
-int
-main ()
-{
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
+_ACEOF
- ;
- return 0;
-}
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_URL "$PACKAGE_URL"
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ABI=32
+# Let the site file select an alternate cache file if it wants to.
+# Prefer an explicitly selected file to automatically selected ones.
+ac_site_file1=NONE
+ac_site_file2=NONE
+if test -n "$CONFIG_SITE"; then
+ # We do not want a PATH search for config.site.
+ case $CONFIG_SITE in #((
+ -*) ac_site_file1=./$CONFIG_SITE;;
+ */*) ac_site_file1=$CONFIG_SITE;;
+ *) ac_site_file1=./$CONFIG_SITE;;
+ esac
+elif test "x$prefix" != xNONE; then
+ ac_site_file1=$prefix/share/config.site
+ ac_site_file2=$prefix/etc/config.site
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
- ABI=64
-
+ ac_site_file1=$ac_default_prefix/share/config.site
+ ac_site_file2=$ac_default_prefix/etc/config.site
fi
+for ac_site_file in "$ac_site_file1" "$ac_site_file2"
+do
+ test "x$ac_site_file" = xNONE && continue
+ if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
+$as_echo "$as_me: loading site script $ac_site_file" >&6;}
+ sed 's/^/| /' "$ac_site_file" >&5
+ . "$ac_site_file" \
+ || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "failed to load site script $ac_site_file
+See \`config.log' for more details" "$LINENO" 5; }
+ fi
+done
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- ;;
-esac
-
-if test "x$ABI" != xstandard ; then
- { echo "$as_me:$LINENO: Compiler uses $ABI-bit ABI. To change, set CC." >&5
-echo "$as_me: Compiler uses $ABI-bit ABI. To change, set CC." >&6;}
- if test "$libdir" = '${exec_prefix}/lib' ; then
- # Try setting a better default
- case "$host_cpu:$host_os:$ABI" in
- *:solaris*:32|*:sunos*:32)
- libdir='${exec_prefix}/lib'
- ;;
- *:solaris*:64|*:sunos*:64)
- libdir='${exec_prefix}/lib/64'
- ;;
- # According to the fhs, all architectures except IA64
- # puts 32-bit libraries in lib, and 64-bit in lib64.
- *:linux*:32)
- libdir='${exec_prefix}/lib'
- ;;
- *:linux*:64)
- libdir='${exec_prefix}/lib64'
- ;;
- # On freebsd, it seems 32-bit libraries are in lib32,
- # and 64-bit in lib. Don't know about "kfreebsd", does
- # it follow the Linux fhs conventions?
- *:freebsd*:32)
- libdir='${exec_prefix}/lib32'
- ;;
- *:freebsd*:64)
- libdir='${exec_prefix}/lib'
- ;;
- *)
- { echo "$as_me:$LINENO: WARNING: Don't know where to install $ABI-bit libraries on this system." >&5
-echo "$as_me: WARNING: Don't know where to install $ABI-bit libraries on this system." >&2;}; #'
+if test -r "$cache_file"; then
+ # Some versions of bash will fail to source /dev/null (special files
+ # actually), so we avoid doing that. DJGPP emulates it as a regular file.
+ if test /dev/null != "$cache_file" && test -f "$cache_file"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
+$as_echo "$as_me: loading cache $cache_file" >&6;}
+ case $cache_file in
+ [\\/]* | ?:[\\/]* ) . "$cache_file";;
+ *) . "./$cache_file";;
+ esac
+ fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
+$as_echo "$as_me: creating cache $cache_file" >&6;}
+ >$cache_file
+fi
+# Check that the precious variables saved in the cache have kept the same
+# value.
+ac_cache_corrupted=false
+for ac_var in $ac_precious_vars; do
+ eval ac_old_set=\$ac_cv_env_${ac_var}_set
+ eval ac_new_set=\$ac_env_${ac_var}_set
+ eval ac_old_val=\$ac_cv_env_${ac_var}_value
+ eval ac_new_val=\$ac_env_${ac_var}_value
+ case $ac_old_set,$ac_new_set in
+ set,)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+ ac_cache_corrupted=: ;;
+ ,set)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
+ ac_cache_corrupted=: ;;
+ ,);;
+ *)
+ if test "x$ac_old_val" != "x$ac_new_val"; then
+ # differences in whitespace do not lead to failure.
+ ac_old_val_w=`echo x $ac_old_val`
+ ac_new_val_w=`echo x $ac_new_val`
+ if test "$ac_old_val_w" != "$ac_new_val_w"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
+$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
+ ac_cache_corrupted=:
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
+$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
+ eval $ac_var=\$ac_old_val
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5
+$as_echo "$as_me: former value: \`$ac_old_val'" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5
+$as_echo "$as_me: current value: \`$ac_new_val'" >&2;}
+ fi;;
+ esac
+ # Pass precious variables to config.status.
+ if test "$ac_new_set" = set; then
+ case $ac_new_val in
+ *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
+ *) ac_arg=$ac_var=$ac_new_val ;;
+ esac
+ case " $ac_configure_args " in
+ *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
+ *) as_fn_append ac_configure_args " '$ac_arg'" ;;
esac
- { echo "$as_me:$LINENO: Libraries to be installed in $libdir." >&5
-echo "$as_me: Libraries to be installed in $libdir." >&6;}
fi
+done
+if $ac_cache_corrupted; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
+$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
+ as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5
fi
+## -------------------- ##
+## Main body of script. ##
+## -------------------- ##
-# Select assembler code
-asm_path=
-case "$host_cpu" in
- i?86* | k[5-8]* | pentium* | athlon)
- asm_path=x86
- ;;
- x86_64 | amd64)
- if test "$ABI" = 64 ; then
- asm_path=x86_64
- else
- asm_path=x86
- fi
- ;;
- *sparc*)
- if test "$ABI" = 64 ; then
- asm_path=sparc64
- else
- asm_path=sparc32
- fi
- ;;
- *)
- enable_assembler=no
- ;;
-esac
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
-# echo "enable_assembler: $enable_assembler, asm_path: $asm_path"
-if test "x$enable_assembler" = xyes ; then
- if test -n "$asm_path"; then
- { echo "$as_me:$LINENO: Looking for assembler files in $asm_path/." >&5
-echo "$as_me: Looking for assembler files in $asm_path/." >&6;}
- found=no
- for tmp_f in aes-encrypt-internal.asm aes-decrypt-internal.asm \
- arcfour-crypt.asm camellia-crypt-internal.asm \
- md5-compress.asm sha1-compress.asm machine.m4; do
-# echo "Looking for $srcdir/$asm_path/$tmp_f"
- if test -f "$srcdir/$asm_path/$tmp_f"; then
-# echo found
- found=yes
- ac_config_links="$ac_config_links $tmp_f:$asm_path/$tmp_f"
- fi
- done
- if test "$found" = no; then
- enable_assembler=no
- { echo "$as_me:$LINENO: WARNING: No assembler files found." >&5
-echo "$as_me: WARNING: No assembler files found." >&2;}
- fi
+
+# Needed to stop autoconf from looking for files in parent directories.
+ac_aux_dir=
+for ac_dir in . "$srcdir"/.; do
+ if test -f "$ac_dir/install-sh"; then
+ ac_aux_dir=$ac_dir
+ ac_install_sh="$ac_aux_dir/install-sh -c"
+ break
+ elif test -f "$ac_dir/install.sh"; then
+ ac_aux_dir=$ac_dir
+ ac_install_sh="$ac_aux_dir/install.sh -c"
+ break
+ elif test -f "$ac_dir/shtool"; then
+ ac_aux_dir=$ac_dir
+ ac_install_sh="$ac_aux_dir/shtool install -c"
+ break
fi
+done
+if test -z "$ac_aux_dir"; then
+ as_fn_error $? "cannot find install-sh, install.sh, or shtool in . \"$srcdir\"/." "$LINENO" 5
fi
-{ echo "$as_me:$LINENO: checking CCPIC" >&5
-echo $ECHO_N "checking CCPIC... $ECHO_C" >&6; }
-if test "${lsh_cv_sys_ccpic+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
+# These three variables are undocumented and unsupported,
+# and are intended to be withdrawn in a future Autoconf release.
+# They can cause serious problems if a builder's source tree is in a directory
+# whose full name contains unusual characters.
+ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var.
+ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var.
+ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
- if test -z "$CCPIC" ; then
- if test "$GCC" = yes ; then
- case "$host_os" in
- bsdi4.*) CCPIC="-fPIC" ;;
- bsdi*) CCPIC="" ;;
- darwin*) CCPIC="-fPIC" ;;
- # Could also use -fpic, depending on the number of symbol references
- solaris*) CCPIC="-fPIC" ;;
- cygwin*) CCPIC="" ;;
- mingw32*) CCPIC="" ;;
- *) CCPIC="-fpic" ;;
- esac
- else
- case "$host_os" in
- darwin*) CCPIC="-fPIC" ;;
- irix*) CCPIC="-share" ;;
- hpux*) CCPIC="+z"; ;;
- *freebsd*) CCPIC="-fpic" ;;
- sco*|sysv4.*) CCPIC="-KPIC -dy -Bdynamic" ;;
- solaris*) CCPIC="-KPIC -Bdynamic" ;;
- winnt*) CCPIC="-shared" ;;
- *) CCPIC="" ;;
- esac
- fi
- fi
- OLD_CFLAGS="$CFLAGS"
- CFLAGS="$CFLAGS $CCPIC"
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-int
-main ()
-{
-exit(0);
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
+
+ac_config_headers="$ac_config_headers config.h"
+
+
+LIBNETTLE_MAJOR=4
+LIBNETTLE_MINOR=7
+
+LIBHOGWEED_MAJOR=2
+LIBHOGWEED_MINOR=5
+
+# Make sure we can run config.sub.
+$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
+ as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5
+$as_echo_n "checking build system type... " >&6; }
+if ${ac_cv_build+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_build_alias=$build_alias
+test "x$ac_build_alias" = x &&
+ ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"`
+test "x$ac_build_alias" = x &&
+ as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5
+ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` ||
+ as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5
+$as_echo "$ac_cv_build" >&6; }
+case $ac_cv_build in
+*-*-*) ;;
+*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;;
esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- lsh_cv_sys_ccpic="$CCPIC"
+build=$ac_cv_build
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_build
+shift
+build_cpu=$1
+build_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+build_os=$*
+IFS=$ac_save_IFS
+case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5
+$as_echo_n "checking host system type... " >&6; }
+if ${ac_cv_host+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test "x$host_alias" = x; then
+ ac_cv_host=$ac_cv_build
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` ||
+ as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5
+fi
- lsh_cv_sys_ccpic=''
fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5
+$as_echo "$ac_cv_host" >&6; }
+case $ac_cv_host in
+*-*-*) ;;
+*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;;
+esac
+host=$ac_cv_host
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_host
+shift
+host_cpu=$1
+host_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+host_os=$*
+IFS=$ac_save_IFS
+case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- CFLAGS="$OLD_CFLAGS"
-fi
-CCPIC="$lsh_cv_sys_ccpic"
-{ echo "$as_me:$LINENO: result: $CCPIC" >&5
-echo "${ECHO_T}$CCPIC" >&6; }
+# Command line options
+# Check whether --with-include-path was given.
+if test "${with_include_path+set}" = set; then :
+ withval=$with_include_path;
+else
+ with_include_path=''
+fi
-SHLIBCFLAGS="$CCPIC"
-case "$host_os" in
- cygwin*)
- LIBNETTLE_FORLINK='cygnettle-$(LIBNETTLE_MAJOR)-$(LIBNETTLE_MINOR).dll'
- LIBNETTLE_SONAME=''
- LIBNETTLE_FILE='libnettle.dll.a'
- LIBNETTLE_LINK='$(CC) $(LDFLAGS) -shared -Wl,--out-implib=$(LIBNETTLE_LIBFILE) -Wl,--export-all-symbols -Wl,--enable-auto-import -Wl,--whole-archive'
- LIBNETTLE_LIBS='-Wl,--no-whole-archive $(LIBS)'
+if test x$with_include_path != x ; then
+ CPPFLAGS="$CPPFLAGS -I`echo $with_include_path | sed 's/:/ -I/g'`"
+fi
- LIBHOGWEED_FORLINK='cyghogweed-$(LIBHOGWEED_MAJOR)-$(LIBHOGWEED_MINOR).dll'
- LIBHOGWEED_SONAME=''
- LIBHOGWEED_FILE='libhogweed.dll.a'
- LIBHOGWEED_LINK='$(CC) $(LDFLAGS) -shared -Wl,--out-implib=$(LIBHOGWEED_LIBFILE) -Wl,--export-all-symbols -Wl,--enable-auto-import -Wl,--whole-archive'
- LIBHOGWEED_LIBS='-Wl,--no-whole-archive $(LIBS)'
- ;;
- darwin*)
- LIBNETTLE_FORLINK=libnettle.dylib
- LIBNETTLE_SONAME='$(LIBNETTLE_FORLINK).$(LIBNETTLE_MAJOR)'
- LIBNETTLE_FILE='$(LIBNETTLE_SONAME).$(LIBNETTLE_MINOR)'
- LIBNETTLE_LINK='$(CC) -dynamiclib $(LDFLAGS)'
- LIBNETTLE_LIBS=''
- LIBHOGWEED_FORLINK=libhogweed.dylib
- LIBHOGWEED_SONAME='$(LIBHOGWEED_FORLINK).$(LIBHOGWEED_MAJOR)'
- LIBHOGWEED_FILE='$(LIBHOGWEED_SONAME).$(LIBHOGWEED_MINOR)'
- LIBHOGWEED_LINK='$(CC) -dynamiclib $(LDFLAGS)'
- LIBHOGWEED_LIBS=''
- ;;
- *)
- LIBNETTLE_FORLINK=libnettle.so
- LIBNETTLE_SONAME='$(LIBNETTLE_FORLINK).$(LIBNETTLE_MAJOR)'
- LIBNETTLE_FILE='$(LIBNETTLE_SONAME).$(LIBNETTLE_MINOR)'
- LIBNETTLE_LINK='$(CC) $(LDFLAGS) -shared -Wl,-soname=$(LIBNETTLE_SONAME)'
- LIBNETTLE_LIBS=''
+# Check whether --with-lib-path was given.
+if test "${with_lib_path+set}" = set; then :
+ withval=$with_lib_path;
+else
+ with_lib_path=''
+fi
- LIBHOGWEED_FORLINK=libhogweed.so
- LIBHOGWEED_SONAME='$(LIBHOGWEED_FORLINK).$(LIBHOGWEED_MAJOR)'
- LIBHOGWEED_FILE='$(LIBHOGWEED_SONAME).$(LIBHOGWEED_MINOR)'
- LIBHOGWEED_LINK='$(CC) $(LDFLAGS) -L. -shared -Wl,-soname=$(LIBHOGWEED_SONAME)'
- # Requested by debian, to make linking with only -lhogweed work
- # (does not work in general, e.g., with static linking all of
- # -lhogweed -lgmp -lnettle are still required). Also makes dlopen
- # of libhogweed.so work, without having to use RTLD_GLOBAL.
- # Depends on -L. above, to locate nettle.so.
- LIBHOGWEED_LIBS='-lnettle -lgmp'
- ;;
-esac
-if test "x$enable_pic" = xyes; then
- CCPIC_MAYBE="$CCPIC"
+if test x$with_lib_path != x ; then
+ LDFLAGS="$LDFLAGS -L`echo $with_lib_path | sed 's/:/ -L/g'`"
+fi
+
+# Check whether --enable-public-key was given.
+if test "${enable_public_key+set}" = set; then :
+ enableval=$enable_public_key;
else
- CCPIC_MAYBE=''
+ enable_public_key=yes
fi
-ASM_SYMBOL_PREFIX=''
-ASM_ELF_STYLE='no'
-ASM_TYPE_FUNCTION=''
-ASM_MARK_NOEXEC_STACK=''
-ASM_ALIGN_LOG=''
+# Check whether --enable-assembler was given.
+if test "${enable_assembler+set}" = set; then :
+ enableval=$enable_assembler;
+else
+ enable_assembler=yes
+fi
-if test x$enable_assembler = xyes ; then
- { echo "$as_me:$LINENO: checking if globals are prefixed by underscore" >&5
-echo $ECHO_N "checking if globals are prefixed by underscore... $ECHO_C" >&6; }
-if test "${nettle_cv_asm_underscore+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+
+# Check whether --enable-static was given.
+if test "${enable_static+set}" = set; then :
+ enableval=$enable_static;
else
- # Default is no underscore
- nettle_cv_asm_underscore=no
- cat >conftest.$ac_ext <<_ACEOF
-int a_global_symbol;
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- $NM conftest.$OBJEXT >conftest.out
- if grep _a_global_symbol conftest.out >/dev/null ; then
- nettle_cv_asm_underscore=yes
- elif grep a_global_symbol conftest.out >/dev/null ; then
- nettle_cv_asm_underscore=no
- else
- { echo "$as_me:$LINENO: WARNING: nm doesn't list a_global_symbol at all" >&5
-echo "$as_me: WARNING: nm doesn't list a_global_symbol at all" >&2;}
- fi
+ enable_static=yes
+fi
+
+
+# Check whether --enable-shared was given.
+if test "${enable_shared+set}" = set; then :
+ enableval=$enable_shared;
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ enable_shared=yes
+fi
- { echo "$as_me:$LINENO: WARNING: test program with a single global could not be compiled!?" >&5
-echo "$as_me: WARNING: test program with a single global could not be compiled!?" >&2;}
+
+# Check whether --enable-pic was given.
+if test "${enable_pic+set}" = set; then :
+ enableval=$enable_pic;
+else
+ enable_pic=yes
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+# Check whether --enable-openssl was given.
+if test "${enable_openssl+set}" = set; then :
+ enableval=$enable_openssl;
+else
+ enable_openssl=yes
fi
-{ echo "$as_me:$LINENO: result: $nettle_cv_asm_underscore" >&5
-echo "${ECHO_T}$nettle_cv_asm_underscore" >&6; }
- if test x$nettle_cv_asm_underscore = xyes ; then
- ASM_SYMBOL_PREFIX='_'
- fi
- { echo "$as_me:$LINENO: checking if we should use a .note.GNU-stack section" >&5
-echo $ECHO_N "checking if we should use a .note.GNU-stack section... $ECHO_C" >&6; }
-if test "${nettle_cv_asm_gnu_stack+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+
+# Check whether --enable-gcov was given.
+if test "${enable_gcov+set}" = set; then :
+ enableval=$enable_gcov;
else
- # Default
- nettle_cv_asm_gnu_stack=no
+ enable_gcov=no
+fi
- cat >conftest.c <<EOF
-int foo() { return 0; }
-EOF
- nettle_compile="$CC $CFLAGS $CPPFLAGS -c conftest.c >conftest.out 2>&1"
- if { (eval echo "$as_me:$LINENO: \"$nettle_compile\"") >&5
- (eval $nettle_compile) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; then
- cat conftest.out >&5
- $OBJDUMP -x conftest.o | grep '\.note\.GNU-stack' > /dev/null \
- && nettle_cv_asm_gnu_stack=yes
- else
- cat conftest.out >&5
- echo "configure: failed program was:" >&5
- cat conftest.s >&5
- fi
- rm -f conftest.*
+
+# Check whether --enable-documentation was given.
+if test "${enable_documentation+set}" = set; then :
+ enableval=$enable_documentation;
+else
+ enable_documentation=auto
fi
-{ echo "$as_me:$LINENO: result: $nettle_cv_asm_gnu_stack" >&5
-echo "${ECHO_T}$nettle_cv_asm_gnu_stack" >&6; }
- if test x$nettle_cv_asm_gnu_stack = xyes ; then
- ASM_MARK_NOEXEC_STACK='.section .note.GNU-stack,"",@progbits'
- fi
- { echo "$as_me:$LINENO: checking for ELF-style .type,%function pseudo-ops" >&5
-echo $ECHO_N "checking for ELF-style .type,%function pseudo-ops... $ECHO_C" >&6; }
-if test "${nettle_cv_asm_type_percent_function+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+
+# Check whether --enable-arm-neon was given.
+if test "${enable_arm_neon+set}" = set; then :
+ enableval=$enable_arm_neon;
else
- cat >conftest.s <<EOF
+ enable_arm_neon=auto
+fi
-.text
-.globl foo
-.type foo,%function
-foo:
-.Lend:
-.size foo, .Lend - foo
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for -R flag" >&5
+$as_echo_n "checking for -R flag... " >&6; }
+RPATHFLAG=''
+case "$host_os" in
+ osf1*) RPATHFLAG="-rpath " ;;
+ irix6.*|irix5.*) RPATHFLAG="-rpath " ;;
+ solaris*)
+ if test "$TCC" = "yes"; then
+ # tcc doesn't know about -R
+ RPATHFLAG="-Wl,-R,"
+ else
+ RPATHFLAG=-R
+ fi
+ ;;
+ linux*) RPATHFLAG="-Wl,-rpath," ;;
+ *) RPATHFLAG="" ;;
+esac
-EOF
-gmp_assemble="$CC $CFLAGS $CPPFLAGS -c conftest.s >conftest.out 2>&1"
-if { (eval echo "$as_me:$LINENO: \"$gmp_assemble\"") >&5
- (eval $gmp_assemble) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; then
- cat conftest.out >&5
- nettle_cv_asm_type_percent_function=yes
+if test x$RPATHFLAG = x ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5
+$as_echo "none" >&6; }
else
- cat conftest.out >&5
- echo "configure: failed program was:" >&5
- cat conftest.s >&5
- nettle_cv_asm_type_percent_function=no
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: using $RPATHFLAG" >&5
+$as_echo "using $RPATHFLAG" >&6; }
fi
-rm -f conftest*
+RPATH_CANDIDATE_REAL_DIRS=''
+RPATH_CANDIDATE_DIRS=''
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: Searching for libraries" >&5
+$as_echo "Searching for libraries" >&6; }
+
+for d in `echo $with_lib_path | sed 's/:/ /g'` \
+ `echo $exec_prefix | sed "s@^NONE@$prefix/lib@g" | sed "s@^NONE@$ac_default_prefix/lib@g"` \
+ /usr/local/lib /sw/local/lib /sw/lib \
+ /usr/gnu/lib /opt/gnu/lib /sw/gnu/lib /usr/freeware/lib /usr/pkg/lib ; do
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking $d" >&5
+$as_echo_n "checking $d... " >&6; }
+ac_exists=no
+if test -d "$d/." ; then
+ ac_real_dir=`cd $d && pwd`
+ if test -n "$ac_real_dir" ; then
+ ac_exists=yes
+ for old in RPATH_CANDIDATE_REAL_DIRS ; do
+ ac_found=no
+ if test x$ac_real_dir = x$old ; then
+ ac_found=yes;
+ break;
+ fi
+ done
+ if test $ac_found = yes ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: already added" >&5
+$as_echo "already added" >&6; }
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: added" >&5
+$as_echo "added" >&6; }
+ # LDFLAGS="$LDFLAGS -L $d"
+ RPATH_CANDIDATE_REAL_DIRS="$ac_real_dir $RPATH_CANDIDATE_REAL_DIRS"
+ RPATH_CANDIDATE_DIRS="$d $RPATH_CANDIDATE_DIRS"
+ fi
+ fi
fi
-{ echo "$as_me:$LINENO: result: $nettle_cv_asm_type_percent_function" >&5
-echo "${ECHO_T}$nettle_cv_asm_type_percent_function" >&6; }
+if test $ac_exists = no ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
+$as_echo "not found" >&6; }
+fi
+
+done
- { echo "$as_me:$LINENO: checking for ELF-style .type,#function pseudo-ops" >&5
-echo $ECHO_N "checking for ELF-style .type,#function pseudo-ops... $ECHO_C" >&6; }
-if test "${nettle_cv_asm_type_hash_function+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+
+# Checks for programs.
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}gcc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- cat >conftest.s <<EOF
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_CC="${ac_tool_prefix}gcc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
-.text
-.globl foo
-.type foo,#function
-foo:
-.Lend:
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
-.size foo, .Lend - foo
-EOF
-gmp_assemble="$CC $CFLAGS $CPPFLAGS -c conftest.s >conftest.out 2>&1"
-if { (eval echo "$as_me:$LINENO: \"$gmp_assemble\"") >&5
- (eval $gmp_assemble) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; then
- cat conftest.out >&5
- nettle_cv_asm_type_hash_function=yes
-else
- cat conftest.out >&5
- echo "configure: failed program was:" >&5
- cat conftest.s >&5
- nettle_cv_asm_type_hash_function=no
fi
-rm -f conftest*
+if test -z "$ac_cv_prog_CC"; then
+ ac_ct_CC=$CC
+ # Extract the first word of "gcc", so it can be a program name with args.
+set dummy gcc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_CC="gcc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
fi
-{ echo "$as_me:$LINENO: result: $nettle_cv_asm_type_hash_function" >&5
-echo "${ECHO_T}$nettle_cv_asm_type_hash_function" >&6; }
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
- if test x$nettle_cv_asm_type_percent_function = xyes ; then
- ASM_ELF_STYLE='yes'
- ASM_TYPE_FUNCTION='%function'
+ if test "x$ac_ct_CC" = x; then
+ CC=""
else
- if test x$nettle_cv_asm_type_hash_function = xyes ; then
- ASM_ELF_STYLE='yes'
- ASM_TYPE_FUNCTION='#function'
- fi
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ CC=$ac_ct_CC
fi
- { echo "$as_me:$LINENO: checking if .align assembly directive is logarithmic" >&5
-echo $ECHO_N "checking if .align assembly directive is logarithmic... $ECHO_C" >&6; }
-if test "${nettle_cv_asm_align_log+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
else
- cat >conftest.s <<EOF
-
-.align 3
+ CC="$ac_cv_prog_CC"
+fi
-EOF
-gmp_assemble="$CC $CFLAGS $CPPFLAGS -c conftest.s >conftest.out 2>&1"
-if { (eval echo "$as_me:$LINENO: \"$gmp_assemble\"") >&5
- (eval $gmp_assemble) 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; then
- cat conftest.out >&5
- nettle_cv_asm_align_log=yes
+if test -z "$CC"; then
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}cc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- cat conftest.out >&5
- echo "configure: failed program was:" >&5
- cat conftest.s >&5
- nettle_cv_asm_align_log=no
-fi
-rm -f conftest*
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_CC="${ac_tool_prefix}cc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
fi
-{ echo "$as_me:$LINENO: result: $nettle_cv_asm_align_log" >&5
-echo "${ECHO_T}$nettle_cv_asm_align_log" >&6; }
- if test x$nettle_cv_asm_align_log = xyes ; then
- ASM_ALIGN_LOG='yes'
- fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-# Extract the first word of "m4", so it can be a program name with args.
-set dummy m4; ac_word=$2
-{ echo "$as_me:$LINENO: checking for $ac_word" >&5
-echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; }
-if test "${ac_cv_path_M4+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+ fi
+fi
+if test -z "$CC"; then
+ # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- case $M4 in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_M4="$M4" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+ ac_prog_rejected=no
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_path_M4="$as_dir/$ac_word$ac_exec_ext"
- echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
+ ac_prog_rejected=yes
+ continue
+ fi
+ ac_cv_prog_CC="cc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
-done
+ done
IFS=$as_save_IFS
- test -z "$ac_cv_path_M4" && ac_cv_path_M4="m4"
- ;;
-esac
+if test $ac_prog_rejected = yes; then
+ # We found a bogon in the path, so make sure we never use it.
+ set dummy $ac_cv_prog_CC
+ shift
+ if test $# != 0; then
+ # We chose a different compiler from the bogus one.
+ # However, it has the same basename, so the bogon will be chosen
+ # first if we set CC to just the basename; use the full file name.
+ shift
+ ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
+ fi
fi
-M4=$ac_cv_path_M4
-if test -n "$M4"; then
- { echo "$as_me:$LINENO: result: $M4" >&5
-echo "${ECHO_T}$M4" >&6; }
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
else
- { echo "$as_me:$LINENO: result: no" >&5
-echo "${ECHO_T}no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
-
-# Checks for typedefs, structures, and compiler characteristics.
-{ echo "$as_me:$LINENO: checking for an ANSI C-conforming const" >&5
-echo $ECHO_N "checking for an ANSI C-conforming const... $ECHO_C" >&6; }
-if test "${ac_cv_c_const+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+if test -z "$CC"; then
+ if test -n "$ac_tool_prefix"; then
+ for ac_prog in cl.exe
+ do
+ # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
-int
-main ()
-{
-/* FIXME: Include the comments suggested by Paul. */
-#ifndef __cplusplus
- /* Ultrix mips cc rejects this. */
- typedef int charset[2];
- const charset cs;
- /* SunOS 4.1.1 cc rejects this. */
- char const *const *pcpcc;
- char **ppc;
- /* NEC SVR4.0.2 mips cc rejects this. */
- struct point {int x, y;};
- static struct point const zero = {0,0};
- /* AIX XL C 1.02.0.0 rejects this.
- It does not let you subtract one const X* pointer from another in
- an arm of an if-expression whose if-part is not a constant
- expression */
- const char *g = "string";
- pcpcc = &g + (g ? g-g : 0);
- /* HPUX 7.0 cc rejects these. */
- ++pcpcc;
- ppc = (char**) pcpcc;
- pcpcc = (char const *const *) ppc;
- { /* SCO 3.2v4 cc rejects this. */
- char *t;
- char const *s = 0 ? (char *) 0 : (char const *) 0;
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
- *t++ = 0;
- if (s) return 0;
- }
- { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */
- int x[] = {25, 17};
- const int *foo = &x[0];
- ++foo;
- }
- { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */
- typedef const int *iptr;
- iptr p = 0;
- ++p;
- }
- { /* AIX XL C 1.02.0.0 rejects this saying
- "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
- struct s { int j; const int *ap[3]; };
- struct s *b; b->j = 5;
- }
- { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
- const int foo = 10;
- if (!foo) return 0;
- }
- return !cs[0] && !zero.x;
-#endif
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_c_const=yes
+ test -n "$CC" && break
+ done
+fi
+if test -z "$CC"; then
+ ac_ct_CC=$CC
+ for ac_prog in cl.exe
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_CC+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_CC="$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
- ac_cv_c_const=no
fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_c_const" >&5
-echo "${ECHO_T}$ac_cv_c_const" >&6; }
-if test $ac_cv_c_const = no; then
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
-cat >>confdefs.h <<\_ACEOF
-#define const
-_ACEOF
+
+ test -n "$ac_ct_CC" && break
+done
+
+ if test "x$ac_ct_CC" = x; then
+ CC=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ CC=$ac_ct_CC
+ fi
+fi
fi
-{ echo "$as_me:$LINENO: checking for inline" >&5
-echo $ECHO_N "checking for inline... $ECHO_C" >&6; }
-if test "${ac_cv_c_inline+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_cv_c_inline=no
-for ac_kw in inline __inline__ __inline; do
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#ifndef __cplusplus
-typedef int foo_t;
-static $ac_kw foo_t static_foo () {return 0; }
-$ac_kw foo_t foo () {return 0; }
-#endif
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
+test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "no acceptable C compiler found in \$PATH
+See \`config.log' for more details" "$LINENO" 5; }
+
+# Provide some information about the compiler.
+$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
+set X $ac_compile
+ac_compiler=$2
+for ac_option in --version -v -V -qversion; do
+ { { ac_try="$ac_compiler $ac_option >&5"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compiler $ac_option >&5") 2>conftest.err
ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_c_inline=$ac_kw
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- test "$ac_cv_c_inline" != no && break
+ if test -s conftest.err; then
+ sed '10a\
+... rest of stderr output deleted ...
+ 10q' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ fi
+ rm -f conftest.er1 conftest.err
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
done
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_c_inline" >&5
-echo "${ECHO_T}$ac_cv_c_inline" >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int
+main ()
+{
-case $ac_cv_c_inline in
- inline | yes) ;;
- *)
- case $ac_cv_c_inline in
- no) ac_val=;;
- *) ac_val=$ac_cv_c_inline;;
- esac
- cat >>confdefs.h <<_ACEOF
-#ifndef __cplusplus
-#define inline $ac_val
-#endif
+ ;
+ return 0;
+}
_ACEOF
- ;;
-esac
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
+# Try to create an executable without -o first, disregard a.out.
+# It will help us diagnose broken compilers, and finding out an intuition
+# of exeext.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
+$as_echo_n "checking whether the C compiler works... " >&6; }
+ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-{ echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5
-echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6; }
-# On Suns, sometimes $CPP names a directory.
-if test -n "$CPP" && test -d "$CPP"; then
- CPP=
-fi
-if test -z "$CPP"; then
- if test "${ac_cv_prog_CPP+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- # Double quotes because CPP needs to be expanded
- for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
- do
- ac_preproc_ok=false
-for ac_c_preproc_warn_flag in '' yes
+# The possible output files:
+ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
+
+ac_rmfiles=
+for ac_file in $ac_files
do
- # Use a header file that comes with gcc, so configuring glibc
- # with a fresh cross-compiler works.
- # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- # <limits.h> exists even on freestanding compilers.
- # On the NeXT, cc -E runs the code through the compiler's parser,
- # not just through cpp. "Syntax error" is here to catch this case.
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
- Syntax error
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+ * ) ac_rmfiles="$ac_rmfiles $ac_file";;
+ esac
+done
+rm -f $ac_rmfiles
+
+if { { ac_try="$ac_link_default"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link_default") 2>&5
ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null && {
- test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
- test ! -s conftest.err
- }; then
- :
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then :
+ # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
+# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
+# in a Makefile. We should not override ac_cv_exeext if it was cached,
+# so that the user can short-circuit this test for compilers unknown to
+# Autoconf.
+for ac_file in $ac_files ''
+do
+ test -f "$ac_file" || continue
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
+ ;;
+ [ab].out )
+ # We found the default executable, but exeext='' is most
+ # certainly right.
+ break;;
+ *.* )
+ if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
+ then :; else
+ ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+ fi
+ # We set ac_cv_exeext here because the later test for it is not
+ # safe: cross compilers may not add the suffix if given an `-o'
+ # argument, so we may need to know it at that point already.
+ # Even if this section looks crufty: it has the advantage of
+ # actually working.
+ break;;
+ * )
+ break;;
+ esac
+done
+test "$ac_cv_exeext" = no && ac_cv_exeext=
+
else
- echo "$as_me: failed program was:" >&5
+ ac_file=''
+fi
+if test -z "$ac_file"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+$as_echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
- # Broken: fails on valid input.
-continue
+{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "C compiler cannot create executables
+See \`config.log' for more details" "$LINENO" 5; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
+$as_echo_n "checking for C compiler default output file name... " >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
+$as_echo "$ac_file" >&6; }
+ac_exeext=$ac_cv_exeext
-rm -f conftest.err conftest.$ac_ext
-
- # OK, works on sane cases. Now check whether nonexistent headers
- # can be detected and how.
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <ac_nonexistent.h>
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
+rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
+ac_clean_files=$ac_clean_files_save
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
+$as_echo_n "checking for suffix of executables... " >&6; }
+if { { ac_try="$ac_link"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>&5
ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null && {
- test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
- test ! -s conftest.err
- }; then
- # Broken: success on invalid input.
-continue
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- # Passes both tests.
-ac_preproc_ok=:
-break
-fi
-
-rm -f conftest.err conftest.$ac_ext
-
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then :
+ # If both `conftest.exe' and `conftest' are `present' (well, observable)
+# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will
+# work properly (i.e., refer to `conftest.exe'), while it won't with
+# `rm'.
+for ac_file in conftest.exe conftest conftest.*; do
+ test -f "$ac_file" || continue
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+ *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+ break;;
+ * ) break;;
+ esac
done
-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.err conftest.$ac_ext
-if $ac_preproc_ok; then
- break
-fi
-
- done
- ac_cv_prog_CPP=$CPP
-
-fi
- CPP=$ac_cv_prog_CPP
else
- ac_cv_prog_CPP=$CPP
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details" "$LINENO" 5; }
fi
-{ echo "$as_me:$LINENO: result: $CPP" >&5
-echo "${ECHO_T}$CPP" >&6; }
-ac_preproc_ok=false
-for ac_c_preproc_warn_flag in '' yes
-do
- # Use a header file that comes with gcc, so configuring glibc
- # with a fresh cross-compiler works.
- # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- # <limits.h> exists even on freestanding compilers.
- # On the NeXT, cc -E runs the code through the compiler's parser,
- # not just through cpp. "Syntax error" is here to catch this case.
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+rm -f conftest conftest$ac_cv_exeext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
+$as_echo "$ac_cv_exeext" >&6; }
+
+rm -f conftest.$ac_ext
+EXEEXT=$ac_cv_exeext
+ac_exeext=$EXEEXT
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
- Syntax error
+#include <stdio.h>
+int
+main ()
+{
+FILE *f = fopen ("conftest.out", "w");
+ return ferror (f) || fclose (f) != 0;
+
+ ;
+ return 0;
+}
_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
+ac_clean_files="$ac_clean_files conftest.out"
+# Check that the compiler produces executables we can run. If not, either
+# the compiler is broken, or we cross compile.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
+$as_echo_n "checking whether we are cross compiling... " >&6; }
+if test "$cross_compiling" != yes; then
+ { { ac_try="$ac_link"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>&5
ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null && {
- test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
- test ! -s conftest.err
- }; then
- :
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- # Broken: fails on valid input.
-continue
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+ if { ac_try='./conftest$ac_cv_exeext'
+ { { case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; }; then
+ cross_compiling=no
+ else
+ if test "$cross_compiling" = maybe; then
+ cross_compiling=yes
+ else
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot run C compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details" "$LINENO" 5; }
+ fi
+ fi
fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
+$as_echo "$cross_compiling" >&6; }
-rm -f conftest.err conftest.$ac_ext
-
- # OK, works on sane cases. Now check whether nonexistent headers
- # can be detected and how.
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
+ac_clean_files=$ac_clean_files_save
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
+$as_echo_n "checking for suffix of object files... " >&6; }
+if ${ac_cv_objext+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-#include <ac_nonexistent.h>
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
+rm -f conftest.o conftest.obj
+if { { ac_try="$ac_compile"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compile") 2>&5
ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null && {
- test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
- test ! -s conftest.err
- }; then
- # Broken: success on invalid input.
-continue
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then :
+ for ac_file in conftest.o conftest.obj conftest.*; do
+ test -f "$ac_file" || continue;
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
+ *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
+ break;;
+ esac
+done
else
- echo "$as_me: failed program was:" >&5
+ $as_echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
- # Passes both tests.
-ac_preproc_ok=:
-break
+{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot compute suffix of object files: cannot compile
+See \`config.log' for more details" "$LINENO" 5; }
fi
-
-rm -f conftest.err conftest.$ac_ext
-
-done
-# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
-rm -f conftest.err conftest.$ac_ext
-if $ac_preproc_ok; then
- :
-else
- { { echo "$as_me:$LINENO: error: C preprocessor \"$CPP\" fails sanity check
-See \`config.log' for more details." >&5
-echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check
-See \`config.log' for more details." >&2;}
- { (exit 1); exit 1; }; }
+rm -f conftest.$ac_cv_objext conftest.$ac_ext
fi
-
-ac_ext=c
-ac_cpp='$CPP $CPPFLAGS'
-ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
-ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
-ac_compiler_gnu=$ac_cv_c_compiler_gnu
-
-
-{ echo "$as_me:$LINENO: checking for grep that handles long lines and -e" >&5
-echo $ECHO_N "checking for grep that handles long lines and -e... $ECHO_C" >&6; }
-if test "${ac_cv_path_GREP+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- # Extract the first word of "grep ggrep" to use in msg output
-if test -z "$GREP"; then
-set dummy grep ggrep; ac_prog_name=$2
-if test "${ac_cv_path_GREP+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
+$as_echo "$ac_cv_objext" >&6; }
+OBJEXT=$ac_cv_objext
+ac_objext=$OBJEXT
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5
+$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
+if ${ac_cv_c_compiler_gnu+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- ac_path_GREP_found=false
-# Loop through the user's path and test for each of PROGNAME-LIST
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_prog in grep ggrep; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
- { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue
- # Check for GNU ac_path_GREP and select it if it is found.
- # Check for GNU $ac_path_GREP
-case `"$ac_path_GREP" --version 2>&1` in
-*GNU*)
- ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
-*)
- ac_count=0
- echo $ECHO_N "0123456789$ECHO_C" >"conftest.in"
- while :
- do
- cat "conftest.in" "conftest.in" >"conftest.tmp"
- mv "conftest.tmp" "conftest.in"
- cp "conftest.in" "conftest.nl"
- echo 'GREP' >> "conftest.nl"
- "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- ac_count=`expr $ac_count + 1`
- if test $ac_count -gt ${ac_path_GREP_max-0}; then
- # Best one so far, save it but keep looking for a better one
- ac_cv_path_GREP="$ac_path_GREP"
- ac_path_GREP_max=$ac_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test $ac_count -gt 10 && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
-
-
- $ac_path_GREP_found && break 3
- done
-done
-
-done
-IFS=$as_save_IFS
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int
+main ()
+{
+#ifndef __GNUC__
+ choke me
+#endif
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_compiler_gnu=yes
+else
+ ac_compiler_gnu=no
fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_c_compiler_gnu=$ac_compiler_gnu
-GREP="$ac_cv_path_GREP"
-if test -z "$GREP"; then
- { { echo "$as_me:$LINENO: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5
-echo "$as_me: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;}
- { (exit 1); exit 1; }; }
fi
-
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
+$as_echo "$ac_cv_c_compiler_gnu" >&6; }
+if test $ac_compiler_gnu = yes; then
+ GCC=yes
else
- ac_cv_path_GREP=$GREP
+ GCC=
fi
+ac_test_CFLAGS=${CFLAGS+set}
+ac_save_CFLAGS=$CFLAGS
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
+$as_echo_n "checking whether $CC accepts -g... " >&6; }
+if ${ac_cv_prog_cc_g+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_save_c_werror_flag=$ac_c_werror_flag
+ ac_c_werror_flag=yes
+ ac_cv_prog_cc_g=no
+ CFLAGS="-g"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int
+main ()
+{
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_path_GREP" >&5
-echo "${ECHO_T}$ac_cv_path_GREP" >&6; }
- GREP="$ac_cv_path_GREP"
-
-
-{ echo "$as_me:$LINENO: checking for egrep" >&5
-echo $ECHO_N "checking for egrep... $ECHO_C" >&6; }
-if test "${ac_cv_path_EGREP+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
- then ac_cv_path_EGREP="$GREP -E"
- else
- # Extract the first word of "egrep" to use in msg output
-if test -z "$EGREP"; then
-set dummy egrep; ac_prog_name=$2
-if test "${ac_cv_path_EGREP+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_prog_cc_g=yes
else
- ac_path_EGREP_found=false
-# Loop through the user's path and test for each of PROGNAME-LIST
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_prog in egrep; do
- for ac_exec_ext in '' $ac_executable_extensions; do
- ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
- { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue
- # Check for GNU ac_path_EGREP and select it if it is found.
- # Check for GNU $ac_path_EGREP
-case `"$ac_path_EGREP" --version 2>&1` in
-*GNU*)
- ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
-*)
- ac_count=0
- echo $ECHO_N "0123456789$ECHO_C" >"conftest.in"
- while :
- do
- cat "conftest.in" "conftest.in" >"conftest.tmp"
- mv "conftest.tmp" "conftest.in"
- cp "conftest.in" "conftest.nl"
- echo 'EGREP' >> "conftest.nl"
- "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
- diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
- ac_count=`expr $ac_count + 1`
- if test $ac_count -gt ${ac_path_EGREP_max-0}; then
- # Best one so far, save it but keep looking for a better one
- ac_cv_path_EGREP="$ac_path_EGREP"
- ac_path_EGREP_max=$ac_count
- fi
- # 10*(2^10) chars as input seems more than enough
- test $ac_count -gt 10 && break
- done
- rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
-esac
+ CFLAGS=""
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int
+main ()
+{
- $ac_path_EGREP_found && break 3
- done
-done
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
-done
-IFS=$as_save_IFS
+else
+ ac_c_werror_flag=$ac_save_c_werror_flag
+ CFLAGS="-g"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int
+main ()
+{
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_prog_cc_g=yes
fi
-
-EGREP="$ac_cv_path_EGREP"
-if test -z "$EGREP"; then
- { { echo "$as_me:$LINENO: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&5
-echo "$as_me: error: no acceptable $ac_prog_name could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" >&2;}
- { (exit 1); exit 1; }; }
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
-
-else
- ac_cv_path_EGREP=$EGREP
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
-
-
- fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ ac_c_werror_flag=$ac_save_c_werror_flag
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_path_EGREP" >&5
-echo "${ECHO_T}$ac_cv_path_EGREP" >&6; }
- EGREP="$ac_cv_path_EGREP"
-
-
-{ echo "$as_me:$LINENO: checking for uid_t in sys/types.h" >&5
-echo $ECHO_N "checking for uid_t in sys/types.h... $ECHO_C" >&6; }
-if test "${ac_cv_type_uid_t+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <sys/types.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- $EGREP "uid_t" >/dev/null 2>&1; then
- ac_cv_type_uid_t=yes
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
+$as_echo "$ac_cv_prog_cc_g" >&6; }
+if test "$ac_test_CFLAGS" = set; then
+ CFLAGS=$ac_save_CFLAGS
+elif test $ac_cv_prog_cc_g = yes; then
+ if test "$GCC" = yes; then
+ CFLAGS="-g -O2"
+ else
+ CFLAGS="-g"
+ fi
else
- ac_cv_type_uid_t=no
-fi
-rm -f conftest*
-
+ if test "$GCC" = yes; then
+ CFLAGS="-O2"
+ else
+ CFLAGS=
+ fi
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_uid_t" >&5
-echo "${ECHO_T}$ac_cv_type_uid_t" >&6; }
-if test $ac_cv_type_uid_t = no; then
-
-cat >>confdefs.h <<\_ACEOF
-#define uid_t int
-_ACEOF
-
-
-cat >>confdefs.h <<\_ACEOF
-#define gid_t int
-_ACEOF
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5
+$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
+if ${ac_cv_prog_cc_c89+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_cv_prog_cc_c89=no
+ac_save_CC=$CC
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdarg.h>
+#include <stdio.h>
+struct stat;
+/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
+struct buf { int x; };
+FILE * (*rcsopen) (struct buf *, struct stat *, int);
+static char *e (p, i)
+ char **p;
+ int i;
+{
+ return p[i];
+}
+static char *f (char * (*g) (char **, int), char **p, ...)
+{
+ char *s;
+ va_list v;
+ va_start (v,p);
+ s = g (p, va_arg (v,int));
+ va_end (v);
+ return s;
+}
-fi
+/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
+ function prototypes and stuff, but not '\xHH' hex character constants.
+ These don't provoke an error unfortunately, instead are silently treated
+ as 'x'. The following induces an error, until -std is added to get
+ proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an
+ array size at least. It's necessary to write '\x00'==0 to get something
+ that's true only with -std. */
+int osf4_cc_array ['\x00' == 0 ? 1 : -1];
-{ echo "$as_me:$LINENO: checking for ANSI C header files" >&5
-echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6; }
-if test "${ac_cv_header_stdc+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <stdlib.h>
-#include <stdarg.h>
-#include <string.h>
-#include <float.h>
+/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
+ inside strings and character constants. */
+#define FOO(x) 'x'
+int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
+int test (int i, double x);
+struct s1 {int (*f) (int a);};
+struct s2 {int (*f) (double a);};
+int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
+int argc;
+char **argv;
int
main ()
{
-
+return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1];
;
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_header_stdc=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_header_stdc=no
+for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
+ -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+do
+ CC="$ac_save_CC $ac_arg"
+ if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_prog_cc_c89=$ac_arg
fi
+rm -f core conftest.err conftest.$ac_objext
+ test "x$ac_cv_prog_cc_c89" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-
-if test $ac_cv_header_stdc = yes; then
- # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <string.h>
-
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- $EGREP "memchr" >/dev/null 2>&1; then
- :
-else
- ac_cv_header_stdc=no
fi
-rm -f conftest*
+# AC_CACHE_VAL
+case "x$ac_cv_prog_cc_c89" in
+ x)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
+$as_echo "none needed" >&6; } ;;
+ xno)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
+$as_echo "unsupported" >&6; } ;;
+ *)
+ CC="$CC $ac_cv_prog_cc_c89"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
+$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
+esac
+if test "x$ac_cv_prog_cc_c89" != xno; then :
fi
-if test $ac_cv_header_stdc = yes; then
- # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <stdlib.h>
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- $EGREP "free" >/dev/null 2>&1; then
- :
-else
- ac_cv_header_stdc=no
-fi
-rm -f conftest*
+# When $CC foo.c -o foo creates both foo and foo.exe, autoconf picks
+# up the foo.exe and sets exeext to .exe. That is correct for cygwin,
+# which has some kind of magic link from foo to foo.exe, but not for
+# rntcl. A better check for the cygwin case would check if the
+# contents of foo and foo.exe are equal; in the rntcl case, foo is a
+# sh script, and foo.exe is a windows executable.
+
+if test "x$CC" = xrntcl ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: Compiling with rntcl; clearing EXEEXT and disabling assembler" >&5
+$as_echo "$as_me: Compiling with rntcl; clearing EXEEXT and disabling assembler" >&6;}
+ ac_exeext=''
+ ac_cv_exeext=''
+ EXEEXT=''
+ enable_assembler=no
fi
-if test $ac_cv_header_stdc = yes; then
- # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
- if test "$cross_compiling" = yes; then
- :
+# Used by the testsuite only
+ac_ext=cpp
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+if test -z "$CXX"; then
+ if test -n "$CCC"; then
+ CXX=$CCC
+ else
+ if test -n "$ac_tool_prefix"; then
+ for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC
+ do
+ # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CXX+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <ctype.h>
-#include <stdlib.h>
-#if ((' ' & 0x0FF) == 0x020)
-# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
-# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
-#else
-# define ISLOWER(c) \
- (('a' <= (c) && (c) <= 'i') \
- || ('j' <= (c) && (c) <= 'r') \
- || ('s' <= (c) && (c) <= 'z'))
-# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
-#endif
-
-#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
-int
-main ()
-{
- int i;
- for (i = 0; i < 256; i++)
- if (XOR (islower (i), ISLOWER (i))
- || toupper (i) != TOUPPER (i))
- return 2;
- return 0;
-}
-_ACEOF
-rm -f conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
- { (case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- :
+ if test -n "$CXX"; then
+ ac_cv_prog_CXX="$CXX" # Let the user override the test.
else
- echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_CXX="$ac_tool_prefix$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
-( exit $ac_status )
-ac_cv_header_stdc=no
fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-
-
fi
+CXX=$ac_cv_prog_CXX
+if test -n "$CXX"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CXX" >&5
+$as_echo "$CXX" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5
-echo "${ECHO_T}$ac_cv_header_stdc" >&6; }
-if test $ac_cv_header_stdc = yes; then
-cat >>confdefs.h <<\_ACEOF
-#define STDC_HEADERS 1
-_ACEOF
+ test -n "$CXX" && break
+ done
fi
-
-# On IRIX 5.3, sys/types and inttypes.h are conflicting.
-
-
-
-
-
-
-
-
-
-for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
- inttypes.h stdint.h unistd.h
+if test -z "$CXX"; then
+ ac_ct_CXX=$CXX
+ for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC
do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- eval "$as_ac_Header=yes"
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_CXX+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ if test -n "$ac_ct_CXX"; then
+ ac_cv_prog_ac_ct_CXX="$ac_ct_CXX" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_CXX="$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
- eval "$as_ac_Header=no"
fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
- { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-
+ac_ct_CXX=$ac_cv_prog_ac_ct_CXX
+if test -n "$ac_ct_CXX"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CXX" >&5
+$as_echo "$ac_ct_CXX" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
-done
+ test -n "$ac_ct_CXX" && break
+done
-{ echo "$as_me:$LINENO: checking for size_t" >&5
-echo $ECHO_N "checking for size_t... $ECHO_C" >&6; }
-if test "${ac_cv_type_size_t+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-typedef size_t ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
- return 0;
-if (sizeof (ac__type_new_))
- return 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
+ if test "x$ac_ct_CXX" = x; then
+ CXX="g++"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ CXX=$ac_ct_CXX
+ fi
+fi
+
+ fi
+fi
+# Provide some information about the compiler.
+$as_echo "$as_me:${as_lineno-$LINENO}: checking for C++ compiler version" >&5
+set X $ac_compile
+ac_compiler=$2
+for ac_option in --version -v -V -qversion; do
+ { { ac_try="$ac_compiler $ac_option >&5"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compiler $ac_option >&5") 2>conftest.err
ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_type_size_t=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_type_size_t=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_size_t" >&5
-echo "${ECHO_T}$ac_cv_type_size_t" >&6; }
-if test $ac_cv_type_size_t = yes; then
- :
-else
-
-cat >>confdefs.h <<_ACEOF
-#define size_t unsigned int
-_ACEOF
-
-fi
+ if test -s conftest.err; then
+ sed '10a\
+... rest of stderr output deleted ...
+ 10q' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ fi
+ rm -f conftest.er1 conftest.err
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+done
-{ echo "$as_me:$LINENO: checking whether time.h and sys/time.h may both be included" >&5
-echo $ECHO_N "checking whether time.h and sys/time.h may both be included... $ECHO_C" >&6; }
-if test "${ac_cv_header_time+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C++ compiler" >&5
+$as_echo_n "checking whether we are using the GNU C++ compiler... " >&6; }
+if ${ac_cv_cxx_compiler_gnu+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-#include <sys/types.h>
-#include <sys/time.h>
-#include <time.h>
int
main ()
{
-if ((struct tm *) 0)
-return 0;
+#ifndef __GNUC__
+ choke me
+#endif
+
;
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_header_time=yes
+if ac_fn_cxx_try_compile "$LINENO"; then :
+ ac_compiler_gnu=yes
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_header_time=no
+ ac_compiler_gnu=no
fi
-
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_header_time" >&5
-echo "${ECHO_T}$ac_cv_header_time" >&6; }
-if test $ac_cv_header_time = yes; then
-
-cat >>confdefs.h <<\_ACEOF
-#define TIME_WITH_SYS_TIME 1
-_ACEOF
+ac_cv_cxx_compiler_gnu=$ac_compiler_gnu
fi
-
-# Used by eratosthenes.c
-{ echo "$as_me:$LINENO: checking for long" >&5
-echo $ECHO_N "checking for long... $ECHO_C" >&6; }
-if test "${ac_cv_type_long+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cxx_compiler_gnu" >&5
+$as_echo "$ac_cv_cxx_compiler_gnu" >&6; }
+if test $ac_compiler_gnu = yes; then
+ GXX=yes
else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ GXX=
+fi
+ac_test_CXXFLAGS=${CXXFLAGS+set}
+ac_save_CXXFLAGS=$CXXFLAGS
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CXX accepts -g" >&5
+$as_echo_n "checking whether $CXX accepts -g... " >&6; }
+if ${ac_cv_prog_cxx_g+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_save_cxx_werror_flag=$ac_cxx_werror_flag
+ ac_cxx_werror_flag=yes
+ ac_cv_prog_cxx_g=no
+ CXXFLAGS="-g"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-$ac_includes_default
-typedef long ac__type_new_;
+
int
main ()
{
-if ((ac__type_new_ *) 0)
- return 0;
-if (sizeof (ac__type_new_))
- return 0;
+
;
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_type_long=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_type_long=no
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_long" >&5
-echo "${ECHO_T}$ac_cv_type_long" >&6; }
-
-# The cast to long int works around a bug in the HP C Compiler
-# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
-# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
-# This bug is HP SR number 8606223364.
-{ echo "$as_me:$LINENO: checking size of long" >&5
-echo $ECHO_N "checking size of long... $ECHO_C" >&6; }
-if test "${ac_cv_sizeof_long+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+if ac_fn_cxx_try_compile "$LINENO"; then :
+ ac_cv_prog_cxx_g=yes
else
- if test "$cross_compiling" = yes; then
- # Depending upon the size, compute the lo and hi bounds.
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ CXXFLAGS=""
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-$ac_includes_default
- typedef long ac__type_sizeof_;
+
int
main ()
{
-static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) >= 0)];
-test_array [0] = 0
;
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_lo=0 ac_mid=0
- while :; do
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+
+else
+ ac_cxx_werror_flag=$ac_save_cxx_werror_flag
+ CXXFLAGS="-g"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-$ac_includes_default
- typedef long ac__type_sizeof_;
+
int
main ()
{
-static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) <= $ac_mid)];
-test_array [0] = 0
;
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_hi=$ac_mid; break
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_lo=`expr $ac_mid + 1`
- if test $ac_lo -le $ac_mid; then
- ac_lo= ac_hi=
- break
- fi
- ac_mid=`expr 2 '*' $ac_mid + 1`
+if ac_fn_cxx_try_compile "$LINENO"; then :
+ ac_cv_prog_cxx_g=yes
fi
-
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- done
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ ac_cxx_werror_flag=$ac_save_cxx_werror_flag
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cxx_g" >&5
+$as_echo "$ac_cv_prog_cxx_g" >&6; }
+if test "$ac_test_CXXFLAGS" = set; then
+ CXXFLAGS=$ac_save_CXXFLAGS
+elif test $ac_cv_prog_cxx_g = yes; then
+ if test "$GXX" = yes; then
+ CXXFLAGS="-g -O2"
+ else
+ CXXFLAGS="-g"
+ fi
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ if test "$GXX" = yes; then
+ CXXFLAGS="-O2"
+ else
+ CXXFLAGS=
+ fi
+fi
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+
+ac_ext=cpp
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+
+
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-$ac_includes_default
- typedef long ac__type_sizeof_;
+
int
main ()
{
-static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) < 0)];
-test_array [0] = 0
-
+return 0;
;
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_hi=-1 ac_mid=-1
- while :; do
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
- typedef long ac__type_sizeof_;
-int
-main ()
-{
-static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) >= $ac_mid)];
-test_array [0] = 0
+if ac_fn_cxx_try_compile "$LINENO"; then :
+ IF_CXX=''
+else
+ IF_CXX='#'
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- ;
- return 0;
-}
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5
+$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; }
+set x ${MAKE-make}
+ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'`
+if eval \${ac_cv_prog_make_${ac_make}_set+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat >conftest.make <<\_ACEOF
+SHELL = /bin/sh
+all:
+ @echo '@@@%%%=$(MAKE)=@@@%%%'
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
+# GNU make sometimes prints "make[1]: Entering ...", which would confuse us.
+case `${MAKE-make} -f conftest.make 2>/dev/null` in
+ *@@@%%%=?*=@@@%%%*)
+ eval ac_cv_prog_make_${ac_make}_set=yes;;
+ *)
+ eval ac_cv_prog_make_${ac_make}_set=no;;
esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_lo=$ac_mid; break
+rm -f conftest.make
+fi
+if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ SET_MAKE=
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ SET_MAKE="MAKE=${MAKE-make}"
+fi
- ac_hi=`expr '(' $ac_mid ')' - 1`
- if test $ac_mid -le $ac_hi; then
- ac_lo= ac_hi=
- break
- fi
- ac_mid=`expr 2 '*' $ac_mid`
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ranlib; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_RANLIB+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$RANLIB"; then
+ ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+RANLIB=$ac_cv_prog_RANLIB
+if test -n "$RANLIB"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5
+$as_echo "$RANLIB" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+if test -z "$ac_cv_prog_RANLIB"; then
+ ac_ct_RANLIB=$RANLIB
+ # Extract the first word of "ranlib", so it can be a program name with args.
+set dummy ranlib; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_RANLIB+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_RANLIB"; then
+ ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_RANLIB="ranlib"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
done
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+IFS=$as_save_IFS
- ac_lo= ac_hi=
fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-# Binary search between lo and hi bounds.
-while test "x$ac_lo" != "x$ac_hi"; do
- ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo`
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
- typedef long ac__type_sizeof_;
-int
-main ()
-{
-static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) <= $ac_mid)];
-test_array [0] = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_hi=$ac_mid
+ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
+if test -n "$ac_ct_RANLIB"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5
+$as_echo "$ac_ct_RANLIB" >&6; }
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_lo=`expr '(' $ac_mid ')' + 1`
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-done
-case $ac_lo in
-?*) ac_cv_sizeof_long=$ac_lo;;
-'') if test "$ac_cv_type_long" = yes; then
- { { echo "$as_me:$LINENO: error: cannot compute sizeof (long)
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot compute sizeof (long)
-See \`config.log' for more details." >&2;}
- { (exit 77); exit 77; }; }
- else
- ac_cv_sizeof_long=0
- fi ;;
+ if test "x$ac_ct_RANLIB" = x; then
+ RANLIB=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
esac
+ RANLIB=$ac_ct_RANLIB
+ fi
else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
- typedef long ac__type_sizeof_;
-static long int longval () { return (long int) (sizeof (ac__type_sizeof_)); }
-static unsigned long int ulongval () { return (long int) (sizeof (ac__type_sizeof_)); }
-#include <stdio.h>
-#include <stdlib.h>
-int
-main ()
-{
-
- FILE *f = fopen ("conftest.val", "w");
- if (! f)
- return 1;
- if (((long int) (sizeof (ac__type_sizeof_))) < 0)
- {
- long int i = longval ();
- if (i != ((long int) (sizeof (ac__type_sizeof_))))
- return 1;
- fprintf (f, "%ld\n", i);
- }
- else
- {
- unsigned long int i = ulongval ();
- if (i != ((long int) (sizeof (ac__type_sizeof_))))
- return 1;
- fprintf (f, "%lu\n", i);
- }
- return ferror (f) || fclose (f) != 0;
+ RANLIB="$ac_cv_prog_RANLIB"
+fi
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
- { (case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_sizeof_long=`cat conftest.val`
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}nm", so it can be a program name with args.
+set dummy ${ac_tool_prefix}nm; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_NM+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ if test -n "$NM"; then
+ ac_cv_prog_NM="$NM" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_NM="${ac_tool_prefix}nm"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
-( exit $ac_status )
-if test "$ac_cv_type_long" = yes; then
- { { echo "$as_me:$LINENO: error: cannot compute sizeof (long)
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot compute sizeof (long)
-See \`config.log' for more details." >&2;}
- { (exit 77); exit 77; }; }
- else
- ac_cv_sizeof_long=0
- fi
fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
fi
-rm -f conftest.val
+NM=$ac_cv_prog_NM
+if test -n "$NM"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NM" >&5
+$as_echo "$NM" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_sizeof_long" >&5
-echo "${ECHO_T}$ac_cv_sizeof_long" >&6; }
-
-
-
-cat >>confdefs.h <<_ACEOF
-#define SIZEOF_LONG $ac_cv_sizeof_long
-_ACEOF
-
-
-
-
-
-for ac_header in openssl/blowfish.h openssl/des.h openssl/cast.h openssl/aes.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
- { echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
- { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
+if test -z "$ac_cv_prog_NM"; then
+ ac_ct_NM=$NM
+ # Extract the first word of "nm", so it can be a program name with args.
+set dummy nm; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_NM+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- # Is the header compilable?
-{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_header_compiler=yes
+ if test -n "$ac_ct_NM"; then
+ ac_cv_prog_ac_ct_NM="$ac_ct_NM" # Let the user override the test.
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_NM="nm"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
- ac_header_compiler=no
+fi
+fi
+ac_ct_NM=$ac_cv_prog_ac_ct_NM
+if test -n "$ac_ct_NM"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NM" >&5
+$as_echo "$ac_ct_NM" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6; }
-
-# Is the header present?
-{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <$ac_header>
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
+ if test "x$ac_ct_NM" = x; then
+ NM="strings"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null && {
- test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
- test ! -s conftest.err
- }; then
- ac_header_preproc=yes
+ NM=$ac_ct_NM
+ fi
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_header_preproc=no
+ NM="$ac_cv_prog_NM"
fi
-rm -f conftest.err conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6; }
+# Used only for the GNU-stack configure test.
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args.
+set dummy ${ac_tool_prefix}objdump; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_OBJDUMP+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$OBJDUMP"; then
+ ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
- yes:no: )
- { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
- ac_header_preproc=yes
- ;;
- no:yes:* )
- { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
-echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
- ( cat <<\_ASBOX
-## ----------------------------------------------- ##
-## Report this to nettle-bugs@lists.lysator.liu.se ##
-## ----------------------------------------------- ##
-_ASBOX
- ) | sed "s/^/$as_me: WARNING: /" >&2
- ;;
-esac
-{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+fi
+OBJDUMP=$ac_cv_prog_OBJDUMP
+if test -n "$OBJDUMP"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5
+$as_echo "$OBJDUMP" >&6; }
else
- eval "$as_ac_Header=\$ac_header_preproc"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
- { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
+
fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
+if test -z "$ac_cv_prog_OBJDUMP"; then
+ ac_ct_OBJDUMP=$OBJDUMP
+ # Extract the first word of "objdump", so it can be a program name with args.
+set dummy objdump; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_OBJDUMP+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_OBJDUMP"; then
+ ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_OBJDUMP="objdump"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP
+if test -n "$ac_ct_OBJDUMP"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5
+$as_echo "$ac_ct_OBJDUMP" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+ if test "x$ac_ct_OBJDUMP" = x; then
+ OBJDUMP="false"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ OBJDUMP=$ac_ct_OBJDUMP
+ fi
else
- enable_openssl=no
- break
+ OBJDUMP="$ac_cv_prog_OBJDUMP"
fi
-done
-
-
-# The Ultrix 4.2 mips builtin alloca declared by alloca.h only works
-# for constant arguments. Useless!
-{ echo "$as_me:$LINENO: checking for working alloca.h" >&5
-echo $ECHO_N "checking for working alloca.h... $ECHO_C" >&6; }
-if test "${ac_cv_working_alloca_h+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}ar", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ar; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_AR+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <alloca.h>
-int
-main ()
-{
-char *p = (char *) alloca (2 * sizeof (int));
- if (p) return 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext &&
- $as_test_x conftest$ac_exeext; then
- ac_cv_working_alloca_h=yes
+ if test -n "$AR"; then
+ ac_cv_prog_AR="$AR" # Let the user override the test.
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_AR="${ac_tool_prefix}ar"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
- ac_cv_working_alloca_h=no
fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
- conftest$ac_exeext conftest.$ac_ext
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_working_alloca_h" >&5
-echo "${ECHO_T}$ac_cv_working_alloca_h" >&6; }
-if test $ac_cv_working_alloca_h = yes; then
+AR=$ac_cv_prog_AR
+if test -n "$AR"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5
+$as_echo "$AR" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_ALLOCA_H 1
-_ACEOF
fi
-
-{ echo "$as_me:$LINENO: checking for alloca" >&5
-echo $ECHO_N "checking for alloca... $ECHO_C" >&6; }
-if test "${ac_cv_func_alloca_works+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+if test -z "$ac_cv_prog_AR"; then
+ ac_ct_AR=$AR
+ # Extract the first word of "ar", so it can be a program name with args.
+set dummy ar; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_AR+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#ifdef __GNUC__
-# define alloca __builtin_alloca
-#else
-# ifdef _MSC_VER
-# include <malloc.h>
-# define alloca _alloca
-# else
-# ifdef HAVE_ALLOCA_H
-# include <alloca.h>
-# else
-# ifdef _AIX
- #pragma alloca
-# else
-# ifndef alloca /* predefined by HP cc +Olibcalls */
-char *alloca ();
-# endif
-# endif
-# endif
-# endif
-#endif
-
-int
-main ()
-{
-char *p = (char *) alloca (1);
- if (p) return 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext &&
- $as_test_x conftest$ac_exeext; then
- ac_cv_func_alloca_works=yes
+ if test -n "$ac_ct_AR"; then
+ ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_prog_ac_ct_AR="ar"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
- ac_cv_func_alloca_works=no
+fi
+fi
+ac_ct_AR=$ac_cv_prog_ac_ct_AR
+if test -n "$ac_ct_AR"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5
+$as_echo "$ac_ct_AR" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
- conftest$ac_exeext conftest.$ac_ext
+ if test "x$ac_ct_AR" = x; then
+ AR="false"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ AR=$ac_ct_AR
+ fi
+else
+ AR="$ac_cv_prog_AR"
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_alloca_works" >&5
-echo "${ECHO_T}$ac_cv_func_alloca_works" >&6; }
-if test $ac_cv_func_alloca_works = yes; then
-cat >>confdefs.h <<\_ACEOF
-#define HAVE_ALLOCA 1
-_ACEOF
+if test "x$ac_cv_prog_cc_stdc" = xno ; then
+ as_fn_error $? "the C compiler doesn't handle ANSI-C" "$LINENO" 5 #'
+fi
+# Find a good install program. We prefer a C program (faster),
+# so one script is as good as another. But avoid the broken or
+# incompatible versions:
+# SysV /etc/install, /usr/sbin/install
+# SunOS /usr/etc/install
+# IRIX /sbin/install
+# AIX /bin/install
+# AmigaOS /C/install, which installs bootblocks on floppy discs
+# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
+# AFS /usr/afsws/bin/install, which mishandles nonexistent args
+# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
+# OS/2's system install, which has a completely different semantic
+# ./install, which can be erroneously created by make from ./install.sh.
+# Reject install programs that cannot install multiple files.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5
+$as_echo_n "checking for a BSD-compatible install... " >&6; }
+if test -z "$INSTALL"; then
+if ${ac_cv_path_install+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- # The SVR3 libPW and SVR4 libucb both contain incompatible functions
-# that cause trouble. Some versions do not even contain alloca or
-# contain a buggy version. If you still want to use their alloca,
-# use ar to extract alloca.o from them instead of compiling alloca.c.
-
-ALLOCA=\${LIBOBJDIR}alloca.$ac_objext
-
-cat >>confdefs.h <<\_ACEOF
-#define C_ALLOCA 1
-_ACEOF
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ # Account for people who put trailing slashes in PATH elements.
+case $as_dir/ in #((
+ ./ | .// | /[cC]/* | \
+ /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
+ ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \
+ /usr/ucb/* ) ;;
+ *)
+ # OSF1 and SCO ODT 3.0 have their own names for install.
+ # Don't use installbsd from OSF since it installs stuff as root
+ # by default.
+ for ac_prog in ginstall scoinst install; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then
+ if test $ac_prog = install &&
+ grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+ # AIX install. It has an incompatible calling convention.
+ :
+ elif test $ac_prog = install &&
+ grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+ # program-specific install script used by HP pwplus--don't use.
+ :
+ else
+ rm -rf conftest.one conftest.two conftest.dir
+ echo one > conftest.one
+ echo two > conftest.two
+ mkdir conftest.dir
+ if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" &&
+ test -s conftest.one && test -s conftest.two &&
+ test -s conftest.dir/conftest.one &&
+ test -s conftest.dir/conftest.two
+ then
+ ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
+ break 3
+ fi
+ fi
+ fi
+ done
+ done
+ ;;
+esac
+ done
+IFS=$as_save_IFS
-{ echo "$as_me:$LINENO: checking whether \`alloca.c' needs Cray hooks" >&5
-echo $ECHO_N "checking whether \`alloca.c' needs Cray hooks... $ECHO_C" >&6; }
-if test "${ac_cv_os_cray+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#if defined CRAY && ! defined CRAY2
-webecray
-#else
-wenotbecray
-#endif
+rm -rf conftest.one conftest.two conftest.dir
-_ACEOF
-if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
- $EGREP "webecray" >/dev/null 2>&1; then
- ac_cv_os_cray=yes
-else
- ac_cv_os_cray=no
fi
-rm -f conftest*
-
+ if test "${ac_cv_path_install+set}" = set; then
+ INSTALL=$ac_cv_path_install
+ else
+ # As a last resort, use the slow shell script. Don't cache a
+ # value for INSTALL within a source directory, because that will
+ # break other packages using the cache if that directory is
+ # removed, or if the value is a relative name.
+ INSTALL=$ac_install_sh
+ fi
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_os_cray" >&5
-echo "${ECHO_T}$ac_cv_os_cray" >&6; }
-if test $ac_cv_os_cray = yes; then
- for ac_func in _getb67 GETB67 getb67; do
- as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
- For example, HP-UX 11i <limits.h> declares gettimeofday. */
-#define $ac_func innocuous_$ac_func
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5
+$as_echo "$INSTALL" >&6; }
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func (); below.
- Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- <limits.h> exists even on freestanding compilers. */
+# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
+# It thinks the first close brace ends the variable substitution.
+test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
+test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
-#undef $ac_func
+test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
-int
-main ()
-{
-return $ac_func ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext &&
- $as_test_x conftest$ac_exeext; then
- eval "$as_ac_var=yes"
+# According to the autoconf manual, needs install-sh from
+# autoconf-2.60 or automake-1.10 to avoid races.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a thread-safe mkdir -p" >&5
+$as_echo_n "checking for a thread-safe mkdir -p... " >&6; }
+if test -z "$MKDIR_P"; then
+ if ${ac_cv_path_mkdir+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in mkdir gmkdir; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext" || continue
+ case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #(
+ 'mkdir (GNU coreutils) '* | \
+ 'mkdir (coreutils) '* | \
+ 'mkdir (fileutils) '4.1*)
+ ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext
+ break 3;;
+ esac
+ done
+ done
+ done
+IFS=$as_save_IFS
- eval "$as_ac_var=no"
fi
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
- conftest$ac_exeext conftest.$ac_ext
+ test -d ./--version && rmdir ./--version
+ if test "${ac_cv_path_mkdir+set}" = set; then
+ MKDIR_P="$ac_cv_path_mkdir -p"
+ else
+ # As a last resort, use the slow shell script. Don't cache a
+ # value for MKDIR_P within a source directory, because that will
+ # break other packages using the cache if that directory is
+ # removed, or if the value is a relative name.
+ MKDIR_P="$ac_install_sh -d"
+ fi
fi
-ac_res=`eval echo '${'$as_ac_var'}'`
- { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5
+$as_echo "$MKDIR_P" >&6; }
-cat >>confdefs.h <<_ACEOF
-#define CRAY_STACKSEG_END $ac_func
-_ACEOF
- break
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5
+$as_echo_n "checking whether ln -s works... " >&6; }
+LN_S=$as_ln_s
+if test "$LN_S" = "ln -s"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5
+$as_echo "no, using $LN_S" >&6; }
fi
- done
-fi
-{ echo "$as_me:$LINENO: checking stack direction for C alloca" >&5
-echo $ECHO_N "checking stack direction for C alloca... $ECHO_C" >&6; }
-if test "${ac_cv_c_stack_direction+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if test "$cross_compiling" = yes; then
- ac_cv_c_stack_direction=0
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
+# Compiler tests for the build system
+
+if test -n "$CC_FOR_BUILD"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking build system compiler $CC_FOR_BUILD" >&5
+$as_echo_n "checking build system compiler $CC_FOR_BUILD... " >&6; }
+# remove anything that might look like compiler output to our "||" expression
+rm -f conftest* a.out b.out a.exe a_out.exe
+cat >conftest.c <<EOF
int
-find_stack_direction ()
+main ()
{
- static char *addr = 0;
- auto char dummy;
- if (addr == 0)
- {
- addr = &dummy;
- return find_stack_direction ();
- }
- else
- return (&dummy > addr) ? 1 : -1;
+ exit(0);
}
+EOF
+gmp_compile="$CC_FOR_BUILD conftest.c"
+cc_for_build_works=no
+if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$gmp_compile\""; } >&5
+ (eval $gmp_compile) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ if (./a.out || ./b.out || ./a.exe || ./a_out.exe || ./conftest) >&5 2>&1; then
+ cc_for_build_works=yes
+ fi
+fi
+rm -f conftest* a.out b.out a.exe a_out.exe
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cc_for_build_works" >&5
+$as_echo "$cc_for_build_works" >&6; }
+if test "$cc_for_build_works" = yes; then
+ :
+else
+ as_fn_error $? "Specified CC_FOR_BUILD doesn't seem to work" "$LINENO" 5
+fi
+elif test -n "$HOST_CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking build system compiler $HOST_CC" >&5
+$as_echo_n "checking build system compiler $HOST_CC... " >&6; }
+# remove anything that might look like compiler output to our "||" expression
+rm -f conftest* a.out b.out a.exe a_out.exe
+cat >conftest.c <<EOF
int
main ()
{
- return find_stack_direction () < 0;
+ exit(0);
}
-_ACEOF
-rm -f conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
- { (case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_try") 2>&5
+EOF
+gmp_compile="$HOST_CC conftest.c"
+cc_for_build_works=no
+if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$gmp_compile\""; } >&5
+ (eval $gmp_compile) 2>&5
ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_c_stack_direction=1
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ if (./a.out || ./b.out || ./a.exe || ./a_out.exe || ./conftest) >&5 2>&1; then
+ cc_for_build_works=yes
+ fi
+fi
+rm -f conftest* a.out b.out a.exe a_out.exe
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cc_for_build_works" >&5
+$as_echo "$cc_for_build_works" >&6; }
+if test "$cc_for_build_works" = yes; then
+ CC_FOR_BUILD=$HOST_CC
else
- echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ as_fn_error $? "Specified HOST_CC doesn't seem to work" "$LINENO" 5
+fi
-( exit $ac_status )
-ac_cv_c_stack_direction=-1
+elif test $cross_compiling = no ; then
+ CC_FOR_BUILD="$CC"
+else
+ for i in cc gcc c89 c99; do
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking build system compiler $i" >&5
+$as_echo_n "checking build system compiler $i... " >&6; }
+# remove anything that might look like compiler output to our "||" expression
+rm -f conftest* a.out b.out a.exe a_out.exe
+cat >conftest.c <<EOF
+int
+main ()
+{
+ exit(0);
+}
+EOF
+gmp_compile="$i conftest.c"
+cc_for_build_works=no
+if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$gmp_compile\""; } >&5
+ (eval $gmp_compile) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ if (./a.out || ./b.out || ./a.exe || ./a_out.exe || ./conftest) >&5 2>&1; then
+ cc_for_build_works=yes
+ fi
fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f conftest* a.out b.out a.exe a_out.exe
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cc_for_build_works" >&5
+$as_echo "$cc_for_build_works" >&6; }
+if test "$cc_for_build_works" = yes; then
+ CC_FOR_BUILD=$i
+ break
+else
+ :
fi
-
+ done
+ if test -z "$CC_FOR_BUILD"; then
+ as_fn_error $? "Cannot find a build system compiler" "$LINENO" 5
+ fi
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_c_stack_direction" >&5
-echo "${ECHO_T}$ac_cv_c_stack_direction" >&6; }
-cat >>confdefs.h <<_ACEOF
-#define STACK_DIRECTION $ac_cv_c_stack_direction
-_ACEOF
-fi
-for ac_header in malloc.h
-do
-as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
- { echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
- { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for build system executable suffix" >&5
+$as_echo_n "checking for build system executable suffix... " >&6; }
+if ${gmp_cv_prog_exeext_for_build+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- # Is the header compilable?
-{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
-echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-#include <$ac_header>
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_header_compiler=yes
+ if test $cross_compiling = no ; then
+ gmp_cv_prog_exeext_for_build="$EXEEXT"
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ cat >conftest.c <<EOF
+int
+main ()
+{
+ exit (0);
+}
+EOF
+ for i in .exe ,ff8 ""; do
+ gmp_compile="$CC_FOR_BUILD conftest.c -o conftest$i"
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$gmp_compile\""; } >&5
+ (eval $gmp_compile) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ if (./conftest) 2>&5; then
+ gmp_cv_prog_exeext_for_build=$i
+ break
+ fi
+ fi
+ done
+ rm -f conftest*
+ if test "${gmp_cv_prog_exeext_for_build+set}" != set; then
+ as_fn_error $? "Cannot determine executable suffix" "$LINENO" 5
+ fi
+fi
- ac_header_compiler=no
fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gmp_cv_prog_exeext_for_build" >&5
+$as_echo "$gmp_cv_prog_exeext_for_build" >&6; }
+EXEEXT_FOR_BUILD=$gmp_cv_prog_exeext_for_build
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-echo "${ECHO_T}$ac_header_compiler" >&6; }
-# Is the header present?
-{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
-echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <$ac_header>
-_ACEOF
-if { (ac_try="$ac_cpp conftest.$ac_ext"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } >/dev/null && {
- test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
- test ! -s conftest.err
- }; then
- ac_header_preproc=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
- ac_header_preproc=no
+# Check whether --enable-dependency_tracking was given.
+if test "${enable_dependency_tracking+set}" = set; then :
+ enableval=$enable_dependency_tracking;
+else
+ enable_dependency_tracking=yes
fi
-rm -f conftest.err conftest.$ac_ext
-{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-echo "${ECHO_T}$ac_header_preproc" >&6; }
-# So? What about this header?
-case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
- yes:no: )
- { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
- ac_header_preproc=yes
- ;;
- no:yes:* )
- { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
-echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
- { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
- ( cat <<\_ASBOX
-## ----------------------------------------------- ##
-## Report this to nettle-bugs@lists.lysator.liu.se ##
-## ----------------------------------------------- ##
-_ASBOX
- ) | sed "s/^/$as_me: WARNING: /" >&2
- ;;
-esac
-{ echo "$as_me:$LINENO: checking for $ac_header" >&5
-echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
-if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- eval "$as_ac_Header=\$ac_header_preproc"
+DEP_FLAGS=''
+DEP_PROCESS='true'
+if test x$enable_dependency_tracking = xyes ; then
+ if test x$GCC = xyes ; then
+ gcc_version=`gcc --version | head -1`
+ case "$gcc_version" in
+ 2.*|*[!0-9.]2.*)
+ enable_dependency_tracking=no
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Dependency tracking disabled, gcc-3.x is needed" >&5
+$as_echo "$as_me: WARNING: Dependency tracking disabled, gcc-3.x is needed" >&2;}
+ ;;
+ *)
+ DEP_FLAGS='-MT $@ -MD -MP -MF $@.d'
+ DEP_PROCESS='true'
+ ;;
+ esac
+ else
+ enable_dependency_tracking=no
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Dependency tracking disabled" >&5
+$as_echo "$as_me: WARNING: Dependency tracking disabled" >&2;}
+ fi
fi
-ac_res=`eval echo '${'$as_ac_Header'}'`
- { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
+if test x$enable_dependency_tracking = xyes ; then
+ DEP_INCLUDE='include '
+else
+ DEP_INCLUDE='# '
fi
-if test `eval echo '${'$as_ac_Header'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
-_ACEOF
-fi
-done
+if test x$enable_dependency_tracking = xyes ; then
+ # Since the makefiles use include to get the dependency files, we must
+ # make sure that the files exist. We generate some more files than are
+ # actually needed.
+
+ ac_config_commands="$ac_config_commands dummy-dep-files"
+
+fi
+
+# Figure out ABI. Currently, configurable only by setting CFLAGS.
+ABI=standard
-# Needed by the supplied memcmp.c
-{ echo "$as_me:$LINENO: checking whether byte ordering is bigendian" >&5
-echo $ECHO_N "checking whether byte ordering is bigendian... $ECHO_C" >&6; }
-if test "${ac_cv_c_bigendian+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- # See if sys/param.h defines the BYTE_ORDER macro.
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+case "$host_cpu" in
+ x86_64 | amd64)
+
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-#include <sys/types.h>
-#include <sys/param.h>
+
+#if defined(__x86_64__) || defined(__arch64__)
+#error 64-bit x86
+#endif
int
main ()
{
-#if ! (defined BYTE_ORDER && defined BIG_ENDIAN && defined LITTLE_ENDIAN \
- && BYTE_ORDER && BIG_ENDIAN && LITTLE_ENDIAN)
- bogus endian macros
-#endif
;
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- # It does; now see whether it defined to BIG_ENDIAN or not.
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+ ABI=32
+
+else
+
+ ABI=64
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ ;;
+ *sparc*)
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-#include <sys/types.h>
-#include <sys/param.h>
+
+#if defined(__sparcv9) || defined(__arch64__)
+#error 64-bit sparc
+#endif
int
main ()
{
-#if BYTE_ORDER != BIG_ENDIAN
- not big endian
-#endif
;
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_c_bigendian=yes
+if ac_fn_c_try_compile "$LINENO"; then :
+
+ ABI=32
+
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
- ac_cv_c_bigendian=no
+ ABI=64
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ ;;
+esac
+
+if test "x$ABI" != xstandard ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: Compiler uses $ABI-bit ABI. To change, set CC." >&5
+$as_echo "$as_me: Compiler uses $ABI-bit ABI. To change, set CC." >&6;}
+ if test "$libdir" = '${exec_prefix}/lib' ; then
+ # Try setting a better default
+ case "$host_cpu:$host_os:$ABI" in
+ *:solaris*:32|*:sunos*:32)
+ libdir='${exec_prefix}/lib'
+ ;;
+ *:solaris*:64|*:sunos*:64)
+ libdir='${exec_prefix}/lib/64'
+ ;;
+ # Linux conventions are a mess... According to the Linux File
+ # Hierarchy Standard, all architectures except IA64 puts 32-bit
+ # libraries in lib, and 64-bit in lib64. Some distributions,
+ # e.g., Fedora and Gentoo, adhere to this standard, while at
+ # least Debian has decided to put 64-bit libraries in lib and
+ # 32-bit libraries in lib32.
+
+ # We try to figure out the convention, except if we're cross
+ # compiling. We use lib${ABI} if /usr/lib${ABI} exists and
+ # appears to not be a symlink to a different name.
+ *:linux*:32|*:linux*:64)
+ if test "$cross_compiling" = yes ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Cross compiling for linux. Can't guess if libraries go in lib${ABI} or lib." >&5
+$as_echo "$as_me: WARNING: Cross compiling for linux. Can't guess if libraries go in lib${ABI} or lib." >&2;}; else
+ # The dash builtin pwd tries to be "helpful" and remember
+ # symlink names. Use -P option, and hope it's portable enough.
+ test -d /usr/lib${ABI} \
+ && (cd /usr/lib${ABI} && pwd -P | grep >/dev/null "/lib${ABI}"'$') \
+ && libdir='${exec_prefix}/'"lib${ABI}"
+ fi
+ ;;
+ # On freebsd, it seems 32-bit libraries are in lib32,
+ # and 64-bit in lib. Don't know about "kfreebsd", does
+ # it follow the Linux fhs conventions?
+ *:freebsd*:32)
+ libdir='${exec_prefix}/lib32'
+ ;;
+ *:freebsd*:64)
+ libdir='${exec_prefix}/lib'
+ ;;
+ *)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Don't know where to install $ABI-bit libraries on this system." >&5
+$as_echo "$as_me: WARNING: Don't know where to install $ABI-bit libraries on this system." >&2;};
+ esac
+ { $as_echo "$as_me:${as_lineno-$LINENO}: Libraries to be installed in $libdir." >&5
+$as_echo "$as_me: Libraries to be installed in $libdir." >&6;}
+ fi
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+# Select assembler code
+asm_path=
+if test "x$enable_assembler" = xyes ; then
+ case "$host_cpu" in
+ i?86* | k[5-8]* | pentium* | athlon)
+ asm_path=x86
+ ;;
+ x86_64 | amd64)
+ if test "$ABI" = 64 ; then
+ asm_path=x86_64
+ else
+ asm_path=x86
+ fi
+ ;;
+ *sparc*)
+ if test "$ABI" = 64 ; then
+ asm_path=sparc64
+ else
+ asm_path=sparc32
+ fi
+ ;;
+ armv6* | armv7*)
+ if test "$enable_arm_neon" = auto ; then
+ if test "$cross_compiling" = yes ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if assembler accepts Neon instructions" >&5
+$as_echo_n "checking if assembler accepts Neon instructions... " >&6; }
+if ${nettle_cv_asm_arm_neon+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat >conftest.s <<EOF
+
+.text
+foo:
+ vmlal.u32 q1, d0, d1
+
+EOF
+gmp_assemble="$CC $CFLAGS $CPPFLAGS -c conftest.s >conftest.out 2>&1"
+if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$gmp_assemble\""; } >&5
+ (eval $gmp_assemble) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ cat conftest.out >&5
+ nettle_cv_asm_arm_neon=yes
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ cat conftest.out >&5
+ echo "configure: failed program was:" >&5
+ cat conftest.s >&5
+ nettle_cv_asm_arm_neon=no
+fi
+rm -f conftest*
- # It does not; compile a test program.
-if test "$cross_compiling" = yes; then
- # try to guess the endianness by grepping values into an object file
- ac_cv_c_bigendian=unknown
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-short int ascii_mm[] = { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 };
-short int ascii_ii[] = { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 };
-void _ascii () { char *s = (char *) ascii_mm; s = (char *) ascii_ii; }
-short int ebcdic_ii[] = { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 };
-short int ebcdic_mm[] = { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 };
-void _ebcdic () { char *s = (char *) ebcdic_mm; s = (char *) ebcdic_ii; }
-int
-main ()
-{
- _ascii (); _ebcdic ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- if grep BIGenDianSyS conftest.$ac_objext >/dev/null ; then
- ac_cv_c_bigendian=yes
fi
-if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then
- if test "$ac_cv_c_bigendian" = unknown; then
- ac_cv_c_bigendian=no
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $nettle_cv_asm_arm_neon" >&5
+$as_echo "$nettle_cv_asm_arm_neon" >&6; }
+ enable_arm_neon="$nettle_cv_asm_arm_neon"
else
- # finding both strings is unlikely to happen, but who knows?
- ac_cv_c_bigendian=unknown
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if /proc/cpuinfo claims neon support" >&5
+$as_echo_n "checking if /proc/cpuinfo claims neon support... " >&6; }
+ if grep '^Features.*:.* neon' /proc/cpuinfo >/dev/null ; then
+ enable_arm_neon=yes
+ else
+ enable_arm_neon=no
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_arm_neon" >&5
+$as_echo "$enable_arm_neon" >&6; }
fi
fi
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-fi
+ asm_path="arm/v6 arm"
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-int
-main ()
-{
+ if test "x$enable_arm_neon" = xyes ; then
+ asm_path="arm/neon $asm_path"
+ fi
+ ;;
+ arm*)
+ asm_path=arm
+ ;;
+ *)
+ enable_assembler=no
+ ;;
+ esac
+fi
- /* Are we little or big endian? From Harbison&Steele. */
- union
- {
- long int l;
- char c[sizeof (long int)];
- } u;
- u.l = 1;
- return u.c[sizeof (long int) - 1] == 1;
+# Files which replace a C source file (or otherwise don't correspond
+# to a new object file).
+asm_replace_list="aes-encrypt-internal.asm aes-decrypt-internal.asm \
+ arcfour-crypt.asm camellia-crypt-internal.asm \
+ md5-compress.asm memxor.asm \
+ salsa20-crypt.asm salsa20-core-internal.asm \
+ serpent-encrypt.asm serpent-decrypt.asm \
+ sha1-compress.asm sha256-compress.asm sha512-compress.asm \
+ sha3-permute.asm umac-nh.asm umac-nh-n.asm machine.m4"
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
- { (case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_c_bigendian=no
-else
- echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+# Assembler files which generate additional object files if they are used.
+asm_optional_list=""
-( exit $ac_status )
-ac_cv_c_bigendian=yes
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+if test "x$enable_public_key" = "xyes" ; then
+ asm_optional_list="ecc-192-modp.asm ecc-224-modp.asm ecc-256-redc.asm \
+ ecc-384-modp.asm ecc-521-modp.asm"
fi
+OPT_ASM_SOURCES=""
-fi
+asm_file_list=""
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_c_bigendian" >&5
-echo "${ECHO_T}$ac_cv_c_bigendian" >&6; }
-case $ac_cv_c_bigendian in
- yes)
+if test "x$enable_assembler" = xyes ; then
+ if test -n "$asm_path"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: Looking for assembler files in $asm_path." >&5
+$as_echo "$as_me: Looking for assembler files in $asm_path." >&6;}
+ for tmp_f in $asm_replace_list ; do
+ for asm_dir in $asm_path ; do
+ if test -f "$srcdir/$asm_dir/$tmp_f"; then
+ asm_file_list="$asm_file_list $tmp_f"
+ ac_config_links="$ac_config_links $tmp_f:$asm_dir/$tmp_f"
+
+ break
+ fi
+ done
+ done
+ for tmp_o in $asm_optional_list ; do
+ for asm_dir in $asm_path ; do
+ if test -f "$srcdir/$asm_dir/$tmp_o"; then
+ asm_file_list="$asm_file_list $tmp_o"
+ ac_config_links="$ac_config_links $tmp_o:$asm_dir/$tmp_o"
-cat >>confdefs.h <<\_ACEOF
-#define WORDS_BIGENDIAN 1
+ while read tmp_func ; do
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_NATIVE_$tmp_func 1
_ACEOF
- ;;
- no)
- ;;
- *)
- { { echo "$as_me:$LINENO: error: unknown endianness
-presetting ac_cv_c_bigendian=no (or yes) will help" >&5
-echo "$as_me: error: unknown endianness
-presetting ac_cv_c_bigendian=no (or yes) will help" >&2;}
- { (exit 1); exit 1; }; } ;;
-esac
+ eval HAVE_NATIVE_$tmp_func=yes
+ done <<EOF
+`sed -n 's/[^ ]*PROLOGUE(_*\(nettle_\)*\([^)]*\)).*$/\2/p' < "$srcdir/$asm_dir/$tmp_o"`
+EOF
+ OPT_ASM_SOURCES="$OPT_ASM_SOURCES $tmp_o"
+ break
+ fi
+ done
+ done
+ if test -z "$asm_file_list"; then
+ enable_assembler=no
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: No assembler files found." >&5
+$as_echo "$as_me: WARNING: No assembler files found." >&2;}
+ fi
+ fi
+fi
-for ac_func in memxor
-do
-as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
-{ echo "$as_me:$LINENO: checking for $ac_func" >&5
-echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
-if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
- For example, HP-UX 11i <limits.h> declares gettimeofday. */
-#define $ac_func innocuous_$ac_func
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char $ac_func (); below.
- Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- <limits.h> exists even on freestanding compilers. */
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-#undef $ac_func
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char $ac_func ();
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined __stub_$ac_func || defined __stub___$ac_func
-choke me
-#endif
+# Besides getting correct dependencies, the explicit rules also tell
+# make that the .s files "ought to exist", so they are preferred over
+# .c files.
+ac_config_commands="$ac_config_commands asm.d"
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking CCPIC" >&5
+$as_echo_n "checking CCPIC... " >&6; }
+if ${lsh_cv_sys_ccpic+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ if test -z "$CCPIC" ; then
+ if test "$GCC" = yes ; then
+ case "$host_os" in
+ bsdi4.*) CCPIC="-fPIC" ;;
+ bsdi*) CCPIC="" ;;
+ darwin*) CCPIC="-fPIC" ;;
+ # Could also use -fpic, depending on the number of symbol references
+ solaris*) CCPIC="-fPIC" ;;
+ cygwin*) CCPIC="" ;;
+ mingw32*) CCPIC="" ;;
+ *) CCPIC="-fpic" ;;
+ esac
+ else
+ case "$host_os" in
+ darwin*) CCPIC="-fPIC" ;;
+ irix*) CCPIC="-share" ;;
+ hpux*) CCPIC="+z"; ;;
+ *freebsd*) CCPIC="-fpic" ;;
+ sco*|sysv4.*) CCPIC="-KPIC -dy -Bdynamic" ;;
+ solaris*) CCPIC="-KPIC -Bdynamic" ;;
+ winnt*) CCPIC="-shared" ;;
+ *) CCPIC="" ;;
+ esac
+ fi
+ fi
+ OLD_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS $CCPIC"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
int
main ()
{
-return $ac_func ();
+exit(0);
;
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext &&
- $as_test_x conftest$ac_exeext; then
- eval "$as_ac_var=yes"
+if ac_fn_c_try_compile "$LINENO"; then :
+ lsh_cv_sys_ccpic="$CCPIC"
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- eval "$as_ac_var=no"
+ lsh_cv_sys_ccpic=''
fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ CFLAGS="$OLD_CFLAGS"
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
- conftest$ac_exeext conftest.$ac_ext
fi
-ac_res=`eval echo '${'$as_ac_var'}'`
- { echo "$as_me:$LINENO: result: $ac_res" >&5
-echo "${ECHO_T}$ac_res" >&6; }
-if test `eval echo '${'$as_ac_var'}'` = yes; then
- cat >>confdefs.h <<_ACEOF
-#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
-_ACEOF
-else
- case " $LIBOBJS " in
- *" $ac_func.$ac_objext "* ) ;;
- *) LIBOBJS="$LIBOBJS $ac_func.$ac_objext"
- ;;
-esac
+CCPIC="$lsh_cv_sys_ccpic"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CCPIC" >&5
+$as_echo "$CCPIC" >&6; }
-fi
-done
+SHLIBCFLAGS="$CCPIC"
+IF_DLL='#'
+LIBNETTLE_FILE_SRC='$(LIBNETTLE_FORLINK)'
+LIBHOGWEED_FILE_SRC='$(LIBHOGWEED_FORLINK)'
+EMULATOR=''
+W64_ABI=no
-{ echo "$as_me:$LINENO: checking for __attribute__" >&5
-echo $ECHO_N "checking for __attribute__... $ECHO_C" >&6; }
-if test "${lsh_cv_c_attribute+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
+case "$host_os" in
+ mingw32*|cygwin*)
+ # The actual DLLs, e.g. libnettle-$major-$minor.dll, are normally
+ # installed into the bin dir (or more exactly $libdir/../bin, for
+ # automake), while libnettle.dll.a, which is a stub file for
+ # linking to the DLL, is installed into the lib dir.
+ case "$host_os" in
+ mingw32*)
+ LIBNETTLE_FORLINK='libnettle-$(LIBNETTLE_MAJOR)-$(LIBNETTLE_MINOR).dll'
+ LIBHOGWEED_FORLINK='libhogweed-$(LIBHOGWEED_MAJOR)-$(LIBHOGWEED_MINOR).dll'
+ ;;
+ cygwin*)
+ LIBNETTLE_FORLINK='cygnettle-$(LIBNETTLE_MAJOR)-$(LIBNETTLE_MINOR).dll'
+ LIBHOGWEED_FORLINK='cyghogweed-$(LIBHOGWEED_MAJOR)-$(LIBHOGWEED_MINOR).dll'
+ ;;
+ esac
+ if test "x$cross_compiling" = xyes ; then
+ case "$ABI" in
+ 64)
+ EMULATOR=wine64
+ ;;
+ *)
+ EMULATOR=wine
+ ;;
+ esac
+ fi
+ if test "x$ABI" = x64 ; then
+ W64_ABI=yes
+ fi
+ LIBNETTLE_SONAME=''
+ LIBNETTLE_FILE='libnettle.dll.a'
+ LIBNETTLE_FILE_SRC='$(LIBNETTLE_FILE)'
+ LIBNETTLE_LINK='$(CC) $(CFLAGS) $(LDFLAGS) -shared -Wl,--out-implib=$(LIBNETTLE_FILE) -Wl,--export-all-symbols -Wl,--enable-auto-import -Wl,--whole-archive'
+ LIBNETTLE_LIBS='-Wl,--no-whole-archive $(LIBS)'
-#include <stdlib.h>
+ LIBHOGWEED_SONAME=''
+ LIBHOGWEED_FILE='libhogweed.dll.a'
+ LIBHOGWEED_FILE_SRC='$(LIBHOGWEED_FILE)'
+ LIBHOGWEED_LINK='$(CC) $(CFLAGS) $(LDFLAGS) -shared -Wl,--out-implib=$(LIBHOGWEED_FILE) -Wl,--export-all-symbols -Wl,--enable-auto-import -Wl,--whole-archive'
+ LIBHOGWEED_LIBS='-Wl,--no-whole-archive $(LIBS) libnettle.dll.a'
+ IF_DLL=''
+ ;;
+ darwin*)
+ LIBNETTLE_FORLINK=libnettle.dylib
+ LIBNETTLE_SONAME='libnettle.$(LIBNETTLE_MAJOR).dylib'
+ LIBNETTLE_FILE='libnettle.$(LIBNETTLE_MAJOR).$(LIBNETTLE_MINOR).dylib'
+ LIBNETTLE_LINK='$(CC) $(CFLAGS) -dynamiclib $(LDFLAGS) -install_name ${libdir}/$(LIBNETTLE_SONAME) -compatibility_version $(LIBNETTLE_MAJOR) -current_version $(LIBNETTLE_MAJOR).$(LIBNETTLE_MINOR)'
+ LIBNETTLE_LIBS=''
-static void foo(void) __attribute__ ((noreturn));
+ LIBHOGWEED_FORLINK=libhogweed.dylib
+ LIBHOGWEED_SONAME='libhogweed.$(LIBHOGWEED_MAJOR).dylib'
+ LIBHOGWEED_FILE='libhogweed.$(LIBHOGWEED_MAJOR).$(LIBHOGWEED_MINOR).dylib'
+ LIBHOGWEED_LINK='$(CC) $(CFLAGS) -dynamiclib -L. $(LDFLAGS) -install_name ${libdir}/$(LIBHOGWEED_SONAME) -compatibility_version $(LIBHOGWEED_MAJOR) -current_version $(LIBHOGWEED_MAJOR).$(LIBHOGWEED_MINOR)'
+ LIBHOGWEED_LIBS='-lnettle -lgmp'
+ ;;
+ solaris*)
+ # Sun's ld uses -h to set the soname, and this option is passed
+ # through by both Sun's compiler and gcc. Might not work with GNU
+ # ld, but it's unusual to use GNU ld on Solaris.
+ LIBNETTLE_FORLINK=libnettle.so
+ LIBNETTLE_SONAME='$(LIBNETTLE_FORLINK).$(LIBNETTLE_MAJOR)'
+ LIBNETTLE_FILE='$(LIBNETTLE_SONAME).$(LIBNETTLE_MINOR)'
+ LIBNETTLE_LINK='$(CC) $(CFLAGS) $(LDFLAGS) -G -h $(LIBNETTLE_SONAME)'
+ LIBNETTLE_LIBS=''
-static void __attribute__ ((noreturn))
-foo(void)
-{
- exit(1);
-}
+ LIBHOGWEED_FORLINK=libhogweed.so
+ LIBHOGWEED_SONAME='$(LIBHOGWEED_FORLINK).$(LIBHOGWEED_MAJOR)'
+ LIBHOGWEED_FILE='$(LIBHOGWEED_SONAME).$(LIBHOGWEED_MINOR)'
+ LIBHOGWEED_LINK='$(CC) $(CFLAGS) $(LDFLAGS) -L. -G -h $(LIBHOGWEED_SONAME)'
+ LIBHOGWEED_LIBS='-lnettle -lgmp'
+ ;;
+ *)
+ LIBNETTLE_FORLINK=libnettle.so
+ LIBNETTLE_SONAME='$(LIBNETTLE_FORLINK).$(LIBNETTLE_MAJOR)'
+ LIBNETTLE_FILE='$(LIBNETTLE_SONAME).$(LIBNETTLE_MINOR)'
+ LIBNETTLE_LINK='$(CC) $(CFLAGS) $(LDFLAGS) -shared -Wl,-soname=$(LIBNETTLE_SONAME)'
+ LIBNETTLE_LIBS=''
-int
-main ()
-{
+ LIBHOGWEED_FORLINK=libhogweed.so
+ LIBHOGWEED_SONAME='$(LIBHOGWEED_FORLINK).$(LIBHOGWEED_MAJOR)'
+ LIBHOGWEED_FILE='$(LIBHOGWEED_SONAME).$(LIBHOGWEED_MINOR)'
+ LIBHOGWEED_LINK='$(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -Wl,-soname=$(LIBHOGWEED_SONAME)'
+ # Requested by debian, to make linking with only -lhogweed work
+ # (does not work in general, e.g., with static linking all of
+ # -lhogweed -lgmp -lnettle are still required). Also makes dlopen
+ # of libhogweed.so work, without having to use RTLD_GLOBAL.
+ # Depends on -L. above, to locate nettle.so.
+ LIBHOGWEED_LIBS='-lnettle -lgmp'
+ ;;
+esac
- ;
- return 0;
-}
+if test "x$enable_pic" = xyes; then
+ CCPIC_MAYBE="$CCPIC"
+else
+ CCPIC_MAYBE=''
+fi
+
+
+ASM_SYMBOL_PREFIX=''
+ASM_ELF_STYLE='no'
+# GNU as default is to use @
+ASM_TYPE_FUNCTION='@function'
+ASM_TYPE_PROGBITS='@progbits'
+ASM_MARK_NOEXEC_STACK=''
+ASM_ALIGN_LOG=''
+
+if test x$enable_assembler = xyes ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if globals are prefixed by underscore" >&5
+$as_echo_n "checking if globals are prefixed by underscore... " >&6; }
+if ${nettle_cv_asm_underscore+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ # Default is no underscore
+ nettle_cv_asm_underscore=no
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int a_global_symbol;
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- lsh_cv_c_attribute=yes
+if ac_fn_c_try_compile "$LINENO"; then :
+ $NM conftest.$OBJEXT >conftest.out
+ if grep _a_global_symbol conftest.out >/dev/null ; then
+ nettle_cv_asm_underscore=yes
+ elif grep a_global_symbol conftest.out >/dev/null ; then
+ nettle_cv_asm_underscore=no
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: nm doesn't list a_global_symbol at all" >&5
+$as_echo "$as_me: WARNING: nm doesn't list a_global_symbol at all" >&2;}
+ fi
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- lsh_cv_c_attribute=no
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: test program with a single global could not be compiled!?" >&5
+$as_echo "$as_me: WARNING: test program with a single global could not be compiled!?" >&2;}
fi
-
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
-{ echo "$as_me:$LINENO: result: $lsh_cv_c_attribute" >&5
-echo "${ECHO_T}$lsh_cv_c_attribute" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $nettle_cv_asm_underscore" >&5
+$as_echo "$nettle_cv_asm_underscore" >&6; }
+ if test x$nettle_cv_asm_underscore = xyes ; then
+ ASM_SYMBOL_PREFIX='_'
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ELF-style .type,%function pseudo-ops" >&5
+$as_echo_n "checking for ELF-style .type,%function pseudo-ops... " >&6; }
+if ${nettle_cv_asm_type_percent_function+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat >conftest.s <<EOF
+.text
+.globl foo
+.type foo,%function
+foo:
+.Lend:
-if test "x$lsh_cv_c_attribute" = "xyes"; then
- cat >>confdefs.h <<\_ACEOF
-#define HAVE_GCC_ATTRIBUTE 1
-_ACEOF
+.size foo, .Lend - foo
+EOF
+gmp_assemble="$CC $CFLAGS $CPPFLAGS -c conftest.s >conftest.out 2>&1"
+if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$gmp_assemble\""; } >&5
+ (eval $gmp_assemble) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ cat conftest.out >&5
+ nettle_cv_asm_type_percent_function=yes
+else
+ cat conftest.out >&5
+ echo "configure: failed program was:" >&5
+ cat conftest.s >&5
+ nettle_cv_asm_type_percent_function=no
fi
+rm -f conftest*
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $nettle_cv_asm_type_percent_function" >&5
+$as_echo "$nettle_cv_asm_type_percent_function" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ELF-style .type,#function pseudo-ops" >&5
+$as_echo_n "checking for ELF-style .type,#function pseudo-ops... " >&6; }
+if ${nettle_cv_asm_type_hash_function+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat >conftest.s <<EOF
+.text
+.globl foo
+.type foo,#function
+foo:
+.Lend:
-# According to Simon Josefsson, looking for uint32_t and friends in
-# sys/types.h is needed on some systems, in particular cygwin.
-# ------ AX CREATE STDINT H -------------------------------------
-{ echo "$as_me:$LINENO: checking for stdint types" >&5
-echo $ECHO_N "checking for stdint types... $ECHO_C" >&6; }
-ac_stdint_h=`echo nettle-stdint.h`
-# try to shortcircuit - if the default include path of the compiler
-# can find a "stdint.h" header then we assume that all compilers can.
-if test "${ac_cv_header_stdint_t+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
+.size foo, .Lend - foo
-old_CXXFLAGS="$CXXFLAGS" ; CXXFLAGS=""
-old_CPPFLAGS="$CPPFLAGS" ; CPPFLAGS=""
-old_CFLAGS="$CFLAGS" ; CFLAGS=""
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <stdint.h>
-int
-main ()
-{
-int_least32_t v = 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
+EOF
+gmp_assemble="$CC $CFLAGS $CPPFLAGS -c conftest.s >conftest.out 2>&1"
+if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$gmp_assemble\""; } >&5
+ (eval $gmp_assemble) 2>&5
ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_stdint_result="(assuming C99 compatible system)"
- ac_cv_header_stdint_t="stdint.h";
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ cat conftest.out >&5
+ nettle_cv_asm_type_hash_function=yes
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_header_stdint_t=""
+ cat conftest.out >&5
+ echo "configure: failed program was:" >&5
+ cat conftest.s >&5
+ nettle_cv_asm_type_hash_function=no
fi
+rm -f conftest*
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-CXXFLAGS="$old_CXXFLAGS"
-CPPFLAGS="$old_CPPFLAGS"
-CFLAGS="$old_CFLAGS"
fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $nettle_cv_asm_type_hash_function" >&5
+$as_echo "$nettle_cv_asm_type_hash_function" >&6; }
+ if test x$nettle_cv_asm_type_percent_function = xyes ; then
+ ASM_ELF_STYLE='yes'
+ ASM_TYPE_FUNCTION='%function'
+ ASM_TYPE_PROGBITS='%progbits'
+ else
+ if test x$nettle_cv_asm_type_hash_function = xyes ; then
+ ASM_ELF_STYLE='yes'
+ ASM_TYPE_FUNCTION='#function'
+ ASM_TYPE_PROGBITS='#progbits'
+ fi
+ fi
-v="... $ac_cv_header_stdint_h"
-if test "$ac_stdint_h" = "stdint.h" ; then
- { echo "$as_me:$LINENO: result: (are you sure you want them in ./stdint.h?)" >&5
-echo "${ECHO_T}(are you sure you want them in ./stdint.h?)" >&6; }
-elif test "$ac_stdint_h" = "inttypes.h" ; then
- { echo "$as_me:$LINENO: result: (are you sure you want them in ./inttypes.h?)" >&5
-echo "${ECHO_T}(are you sure you want them in ./inttypes.h?)" >&6; }
-elif test "_$ac_cv_header_stdint_t" = "_" ; then
- { echo "$as_me:$LINENO: result: (putting them into $ac_stdint_h)$v" >&5
-echo "${ECHO_T}(putting them into $ac_stdint_h)$v" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we should use a .note.GNU-stack section" >&5
+$as_echo_n "checking if we should use a .note.GNU-stack section... " >&6; }
+if ${nettle_cv_asm_gnu_stack+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- ac_cv_header_stdint="$ac_cv_header_stdint_t"
- { echo "$as_me:$LINENO: result: $ac_cv_header_stdint (shortcircuit)" >&5
-echo "${ECHO_T}$ac_cv_header_stdint (shortcircuit)" >&6; }
-fi
-
-if test "_$ac_cv_header_stdint_t" = "_" ; then # can not shortcircuit..
-
+ # Default
+ nettle_cv_asm_gnu_stack=no
-inttype_headers=`echo sys/types.h | sed -e 's/,/ /g'`
+ cat >conftest.c <<EOF
+int foo() { return 0; }
+EOF
+ nettle_compile="$CC $CFLAGS $CPPFLAGS -c conftest.c >conftest.out 2>&1"
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$nettle_compile\""; } >&5
+ (eval $nettle_compile) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ cat conftest.out >&5
+ $OBJDUMP -x conftest.o | grep '\.note\.GNU-stack' > /dev/null \
+ && nettle_cv_asm_gnu_stack=yes
+ else
+ cat conftest.out >&5
+ echo "configure: failed program was:" >&5
+ cat conftest.s >&5
+ fi
+ rm -f conftest.*
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $nettle_cv_asm_gnu_stack" >&5
+$as_echo "$nettle_cv_asm_gnu_stack" >&6; }
+ if test x$nettle_cv_asm_gnu_stack = xyes ; then
+ ASM_MARK_NOEXEC_STACK='.section .note.GNU-stack,"",TYPE_PROGBITS'
+ fi
-ac_cv_stdint_result="(no helpful system typedefs seen)"
-{ echo "$as_me:$LINENO: checking for stdint uintptr_t" >&5
-echo $ECHO_N "checking for stdint uintptr_t... $ECHO_C" >&6; }
-if test "${ac_cv_header_stdint_x+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if .align assembly directive is logarithmic" >&5
+$as_echo_n "checking if .align assembly directive is logarithmic... " >&6; }
+if ${nettle_cv_asm_align_log+:} false; then :
+ $as_echo_n "(cached) " >&6
else
+ cat >conftest.s <<EOF
- ac_cv_header_stdint_x="" # the 1997 typedefs (inttypes.h)
- { echo "$as_me:$LINENO: result: (..)" >&5
-echo "${ECHO_T}(..)" >&6; }
- for i in stdint.h inttypes.h sys/inttypes.h $inttype_headers ; do
- unset ac_cv_type_uintptr_t
- unset ac_cv_type_uint64_t
- { echo "$as_me:$LINENO: checking for uintptr_t" >&5
-echo $ECHO_N "checking for uintptr_t... $ECHO_C" >&6; }
-if test "${ac_cv_type_uintptr_t+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <$i>
+.align 3
-typedef uintptr_t ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
- return 0;
-if (sizeof (ac__type_new_))
- return 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
+EOF
+gmp_assemble="$CC $CFLAGS $CPPFLAGS -c conftest.s >conftest.out 2>&1"
+if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$gmp_assemble\""; } >&5
+ (eval $gmp_assemble) 2>&5
ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_type_uintptr_t=yes
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ cat conftest.out >&5
+ nettle_cv_asm_align_log=yes
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_type_uintptr_t=no
+ cat conftest.out >&5
+ echo "configure: failed program was:" >&5
+ cat conftest.s >&5
+ nettle_cv_asm_align_log=no
fi
+rm -f conftest*
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_uintptr_t" >&5
-echo "${ECHO_T}$ac_cv_type_uintptr_t" >&6; }
-if test $ac_cv_type_uintptr_t = yes; then
- ac_cv_header_stdint_x=$i
-else
- continue
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $nettle_cv_asm_align_log" >&5
+$as_echo "$nettle_cv_asm_align_log" >&6; }
+ ASM_ALIGN_LOG="$nettle_cv_asm_align_log"
fi
- { echo "$as_me:$LINENO: checking for uint64_t" >&5
-echo $ECHO_N "checking for uint64_t... $ECHO_C" >&6; }
-if test "${ac_cv_type_uint64_t+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include<$i>
-typedef uint64_t ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
- return 0;
-if (sizeof (ac__type_new_))
- return 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_type_uint64_t=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
- ac_cv_type_uint64_t=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_uint64_t" >&5
-echo "${ECHO_T}$ac_cv_type_uint64_t" >&6; }
-if test $ac_cv_type_uint64_t = yes; then
- and64="/uint64_t"
-else
- and64=""
-fi
- ac_cv_stdint_result="(seen uintptr_t$and64 in $i)"
- break;
- done
- { echo "$as_me:$LINENO: checking for stdint uintptr_t" >&5
-echo $ECHO_N "checking for stdint uintptr_t... $ECHO_C" >&6; }
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_header_stdint_x" >&5
-echo "${ECHO_T}$ac_cv_header_stdint_x" >&6; }
-if test "_$ac_cv_header_stdint_x" = "_" ; then
-{ echo "$as_me:$LINENO: checking for stdint uint32_t" >&5
-echo $ECHO_N "checking for stdint uint32_t... $ECHO_C" >&6; }
-if test "${ac_cv_header_stdint_o+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_cv_header_stdint_o="" # the 1995 typedefs (sys/inttypes.h)
- { echo "$as_me:$LINENO: result: (..)" >&5
-echo "${ECHO_T}(..)" >&6; }
- for i in inttypes.h sys/inttypes.h stdint.h $inttype_headers ; do
- unset ac_cv_type_uint32_t
- unset ac_cv_type_uint64_t
- { echo "$as_me:$LINENO: checking for uint32_t" >&5
-echo $ECHO_N "checking for uint32_t... $ECHO_C" >&6; }
-if test "${ac_cv_type_uint32_t+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <$i>
-typedef uint32_t ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
- return 0;
-if (sizeof (ac__type_new_))
- return 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_type_uint32_t=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
- ac_cv_type_uint32_t=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_uint32_t" >&5
-echo "${ECHO_T}$ac_cv_type_uint32_t" >&6; }
-if test $ac_cv_type_uint32_t = yes; then
- ac_cv_header_stdint_o=$i
-else
- continue
-fi
- { echo "$as_me:$LINENO: checking for uint64_t" >&5
-echo $ECHO_N "checking for uint64_t... $ECHO_C" >&6; }
-if test "${ac_cv_type_uint64_t+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include<$i>
-typedef uint64_t ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
- return 0;
-if (sizeof (ac__type_new_))
- return 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_type_uint64_t=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
- ac_cv_type_uint64_t=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_uint64_t" >&5
-echo "${ECHO_T}$ac_cv_type_uint64_t" >&6; }
-if test $ac_cv_type_uint64_t = yes; then
- and64="/uint64_t"
-else
- and64=""
-fi
- ac_cv_stdint_result="(seen uint32_t$and64 in $i)"
- break;
- done
- { echo "$as_me:$LINENO: checking for stdint uint32_t" >&5
-echo $ECHO_N "checking for stdint uint32_t... $ECHO_C" >&6; }
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_header_stdint_o" >&5
-echo "${ECHO_T}$ac_cv_header_stdint_o" >&6; }
-fi
-if test "_$ac_cv_header_stdint_x" = "_" ; then
-if test "_$ac_cv_header_stdint_o" = "_" ; then
-{ echo "$as_me:$LINENO: checking for stdint u_int32_t" >&5
-echo $ECHO_N "checking for stdint u_int32_t... $ECHO_C" >&6; }
-if test "${ac_cv_header_stdint_u+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- ac_cv_header_stdint_u="" # the BSD typedefs (sys/types.h)
- { echo "$as_me:$LINENO: result: (..)" >&5
-echo "${ECHO_T}(..)" >&6; }
- for i in sys/types.h inttypes.h sys/inttypes.h $inttype_headers ; do
- unset ac_cv_type_u_int32_t
- unset ac_cv_type_u_int64_t
- { echo "$as_me:$LINENO: checking for u_int32_t" >&5
-echo $ECHO_N "checking for u_int32_t... $ECHO_C" >&6; }
-if test "${ac_cv_type_u_int32_t+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+
+
+
+
+
+
+
+
+
+
+
+# Extract the first word of "m4", so it can be a program name with args.
+set dummy m4; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_M4+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <$i>
+ case $M4 in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_M4="$M4" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_path_M4="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
-typedef u_int32_t ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
- return 0;
-if (sizeof (ac__type_new_))
- return 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
+ test -z "$ac_cv_path_M4" && ac_cv_path_M4="m4"
+ ;;
esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_type_u_int32_t=yes
+fi
+M4=$ac_cv_path_M4
+if test -n "$M4"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $M4" >&5
+$as_echo "$M4" >&6; }
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_type_u_int32_t=no
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_u_int32_t" >&5
-echo "${ECHO_T}$ac_cv_type_u_int32_t" >&6; }
-if test $ac_cv_type_u_int32_t = yes; then
- ac_cv_header_stdint_u=$i
-else
- continue
+
+
+if test "x$enable_gcov" = "xyes"; then
+ CFLAGS="$CFLAGS -ftest-coverage -fprofile-arcs"
fi
- { echo "$as_me:$LINENO: checking for u_int64_t" >&5
-echo $ECHO_N "checking for u_int64_t... $ECHO_C" >&6; }
-if test "${ac_cv_type_u_int64_t+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+# Checks for typedefs, structures, and compiler characteristics.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5
+$as_echo_n "checking for an ANSI C-conforming const... " >&6; }
+if ${ac_cv_c_const+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-#include<$i>
-typedef u_int64_t ac__type_new_;
int
main ()
{
-if ((ac__type_new_ *) 0)
- return 0;
-if (sizeof (ac__type_new_))
- return 0;
+
+#ifndef __cplusplus
+ /* Ultrix mips cc rejects this sort of thing. */
+ typedef int charset[2];
+ const charset cs = { 0, 0 };
+ /* SunOS 4.1.1 cc rejects this. */
+ char const *const *pcpcc;
+ char **ppc;
+ /* NEC SVR4.0.2 mips cc rejects this. */
+ struct point {int x, y;};
+ static struct point const zero = {0,0};
+ /* AIX XL C 1.02.0.0 rejects this.
+ It does not let you subtract one const X* pointer from another in
+ an arm of an if-expression whose if-part is not a constant
+ expression */
+ const char *g = "string";
+ pcpcc = &g + (g ? g-g : 0);
+ /* HPUX 7.0 cc rejects these. */
+ ++pcpcc;
+ ppc = (char**) pcpcc;
+ pcpcc = (char const *const *) ppc;
+ { /* SCO 3.2v4 cc rejects this sort of thing. */
+ char tx;
+ char *t = &tx;
+ char const *s = 0 ? (char *) 0 : (char const *) 0;
+
+ *t++ = 0;
+ if (s) return 0;
+ }
+ { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */
+ int x[] = {25, 17};
+ const int *foo = &x[0];
+ ++foo;
+ }
+ { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */
+ typedef const int *iptr;
+ iptr p = 0;
+ ++p;
+ }
+ { /* AIX XL C 1.02.0.0 rejects this sort of thing, saying
+ "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
+ struct s { int j; const int *ap[3]; } bx;
+ struct s *b = &bx; b->j = 5;
+ }
+ { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
+ const int foo = 10;
+ if (!foo) return 0;
+ }
+ return !cs[0] && !zero.x;
+#endif
+
;
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_type_u_int64_t=yes
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_c_const=yes
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_type_u_int64_t=no
+ ac_cv_c_const=no
fi
-
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_u_int64_t" >&5
-echo "${ECHO_T}$ac_cv_type_u_int64_t" >&6; }
-if test $ac_cv_type_u_int64_t = yes; then
- and64="/u_int64_t"
-else
- and64=""
-fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5
+$as_echo "$ac_cv_c_const" >&6; }
+if test $ac_cv_c_const = no; then
- ac_cv_stdint_result="(seen u_int32_t$and64 in $i)"
- break;
- done
- { echo "$as_me:$LINENO: checking for stdint u_int32_t" >&5
-echo $ECHO_N "checking for stdint u_int32_t... $ECHO_C" >&6; }
+$as_echo "#define const /**/" >>confdefs.h
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_header_stdint_u" >&5
-echo "${ECHO_T}$ac_cv_header_stdint_u" >&6; }
-fi fi
-if test "_$ac_cv_header_stdint_x" = "_" ; then
- { echo "$as_me:$LINENO: checking for stdint datatype model" >&5
-echo $ECHO_N "checking for stdint datatype model... $ECHO_C" >&6; }
- { echo "$as_me:$LINENO: result: (..)" >&5
-echo "${ECHO_T}(..)" >&6; }
- { echo "$as_me:$LINENO: checking for char" >&5
-echo $ECHO_N "checking for char... $ECHO_C" >&6; }
-if test "${ac_cv_type_char+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
-typedef char ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
- return 0;
-if (sizeof (ac__type_new_))
- return 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_type_char=yes
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5
+$as_echo_n "checking for inline... " >&6; }
+if ${ac_cv_c_inline+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ ac_cv_c_inline=no
+for ac_kw in inline __inline__ __inline; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#ifndef __cplusplus
+typedef int foo_t;
+static $ac_kw foo_t static_foo () {return 0; }
+$ac_kw foo_t foo () {return 0; }
+#endif
- ac_cv_type_char=no
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_c_inline=$ac_kw
fi
-
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_char" >&5
-echo "${ECHO_T}$ac_cv_type_char" >&6; }
+ test "$ac_cv_c_inline" != no && break
+done
-# The cast to long int works around a bug in the HP C Compiler
-# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
-# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
-# This bug is HP SR number 8606223364.
-{ echo "$as_me:$LINENO: checking size of char" >&5
-echo $ECHO_N "checking size of char... $ECHO_C" >&6; }
-if test "${ac_cv_sizeof_char+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- if test "$cross_compiling" = yes; then
- # Depending upon the size, compute the lo and hi bounds.
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
- typedef char ac__type_sizeof_;
-int
-main ()
-{
-static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) >= 0)];
-test_array [0] = 0
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5
+$as_echo "$ac_cv_c_inline" >&6; }
- ;
- return 0;
-}
+case $ac_cv_c_inline in
+ inline | yes) ;;
+ *)
+ case $ac_cv_c_inline in
+ no) ac_val=;;
+ *) ac_val=$ac_cv_c_inline;;
+ esac
+ cat >>confdefs.h <<_ACEOF
+#ifndef __cplusplus
+#define inline $ac_val
+#endif
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
+ ;;
esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_lo=0 ac_mid=0
- while :; do
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
+$as_echo_n "checking how to run the C preprocessor... " >&6; }
+# On Suns, sometimes $CPP names a directory.
+if test -n "$CPP" && test -d "$CPP"; then
+ CPP=
+fi
+if test -z "$CPP"; then
+ if ${ac_cv_prog_CPP+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ # Double quotes because CPP needs to be expanded
+ for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
+ do
+ ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-$ac_includes_default
- typedef char ac__type_sizeof_;
-int
-main ()
-{
-static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) <= $ac_mid)];
-test_array [0] = 0
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
- ;
- return 0;
-}
+else
+ # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether nonexistent headers
+ # can be detected and how.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_hi=$ac_mid; break
+if ac_fn_c_try_cpp "$LINENO"; then :
+ # Broken: success on invalid input.
+continue
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
- ac_lo=`expr $ac_mid + 1`
- if test $ac_lo -le $ac_mid; then
- ac_lo= ac_hi=
- break
- fi
- ac_mid=`expr 2 '*' $ac_mid + 1`
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+ break
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- done
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ done
+ ac_cv_prog_CPP=$CPP
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+fi
+ CPP=$ac_cv_prog_CPP
+else
+ ac_cv_prog_CPP=$CPP
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
+$as_echo "$CPP" >&6; }
+ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-$ac_includes_default
- typedef char ac__type_sizeof_;
-int
-main ()
-{
-static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) < 0)];
-test_array [0] = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_hi=-1 ac_mid=-1
- while :; do
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
- typedef char ac__type_sizeof_;
-int
-main ()
-{
-static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) >= $ac_mid)];
-test_array [0] = 0
+if ac_fn_c_try_cpp "$LINENO"; then :
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_lo=$ac_mid; break
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_hi=`expr '(' $ac_mid ')' - 1`
- if test $ac_mid -le $ac_hi; then
- ac_lo= ac_hi=
- break
- fi
- ac_mid=`expr 2 '*' $ac_mid`
+ # Broken: fails on valid input.
+continue
fi
+rm -f conftest.err conftest.i conftest.$ac_ext
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- done
+ # OK, works on sane cases. Now check whether nonexistent headers
+ # can be detected and how.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ # Broken: success on invalid input.
+continue
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_lo= ac_hi=
+ # Passes both tests.
+ac_preproc_ok=:
+break
fi
+rm -f conftest.err conftest.i conftest.$ac_ext
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+
+else
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
+See \`config.log' for more details" "$LINENO" 5; }
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-# Binary search between lo and hi bounds.
-while test "x$ac_lo" != "x$ac_hi"; do
- ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo`
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
- typedef char ac__type_sizeof_;
-int
-main ()
-{
-static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) <= $ac_mid)];
-test_array [0] = 0
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
+$as_echo_n "checking for grep that handles long lines and -e... " >&6; }
+if ${ac_cv_path_GREP+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -z "$GREP"; then
+ ac_path_GREP_found=false
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in grep ggrep; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
+ as_fn_executable_p "$ac_path_GREP" || continue
+# Check for GNU ac_path_GREP and select it if it is found.
+ # Check for GNU $ac_path_GREP
+case `"$ac_path_GREP" --version 2>&1` in
+*GNU*)
+ ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
+*)
+ ac_count=0
+ $as_echo_n 0123456789 >"conftest.in"
+ while :
+ do
+ cat "conftest.in" "conftest.in" >"conftest.tmp"
+ mv "conftest.tmp" "conftest.in"
+ cp "conftest.in" "conftest.nl"
+ $as_echo 'GREP' >> "conftest.nl"
+ "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
+ if test $ac_count -gt ${ac_path_GREP_max-0}; then
+ # Best one so far, save it but keep looking for a better one
+ ac_cv_path_GREP="$ac_path_GREP"
+ ac_path_GREP_max=$ac_count
+ fi
+ # 10*(2^10) chars as input seems more than enough
+ test $ac_count -gt 10 && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_hi=$ac_mid
+
+ $ac_path_GREP_found && break 3
+ done
+ done
+ done
+IFS=$as_save_IFS
+ if test -z "$ac_cv_path_GREP"; then
+ as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+ fi
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ ac_cv_path_GREP=$GREP
+fi
- ac_lo=`expr '(' $ac_mid ')' + 1`
fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
+$as_echo "$ac_cv_path_GREP" >&6; }
+ GREP="$ac_cv_path_GREP"
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-done
-case $ac_lo in
-?*) ac_cv_sizeof_char=$ac_lo;;
-'') if test "$ac_cv_type_char" = yes; then
- { { echo "$as_me:$LINENO: error: cannot compute sizeof (char)
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot compute sizeof (char)
-See \`config.log' for more details." >&2;}
- { (exit 77); exit 77; }; }
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
+$as_echo_n "checking for egrep... " >&6; }
+if ${ac_cv_path_EGREP+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
+ then ac_cv_path_EGREP="$GREP -E"
else
- ac_cv_sizeof_char=0
- fi ;;
+ if test -z "$EGREP"; then
+ ac_path_EGREP_found=false
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in egrep; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
+ as_fn_executable_p "$ac_path_EGREP" || continue
+# Check for GNU ac_path_EGREP and select it if it is found.
+ # Check for GNU $ac_path_EGREP
+case `"$ac_path_EGREP" --version 2>&1` in
+*GNU*)
+ ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
+*)
+ ac_count=0
+ $as_echo_n 0123456789 >"conftest.in"
+ while :
+ do
+ cat "conftest.in" "conftest.in" >"conftest.tmp"
+ mv "conftest.tmp" "conftest.in"
+ cp "conftest.in" "conftest.nl"
+ $as_echo 'EGREP' >> "conftest.nl"
+ "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
+ if test $ac_count -gt ${ac_path_EGREP_max-0}; then
+ # Best one so far, save it but keep looking for a better one
+ ac_cv_path_EGREP="$ac_path_EGREP"
+ ac_path_EGREP_max=$ac_count
+ fi
+ # 10*(2^10) chars as input seems more than enough
+ test $ac_count -gt 10 && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
esac
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
- typedef char ac__type_sizeof_;
-static long int longval () { return (long int) (sizeof (ac__type_sizeof_)); }
-static unsigned long int ulongval () { return (long int) (sizeof (ac__type_sizeof_)); }
-#include <stdio.h>
-#include <stdlib.h>
-int
-main ()
-{
-
- FILE *f = fopen ("conftest.val", "w");
- if (! f)
- return 1;
- if (((long int) (sizeof (ac__type_sizeof_))) < 0)
- {
- long int i = longval ();
- if (i != ((long int) (sizeof (ac__type_sizeof_))))
- return 1;
- fprintf (f, "%ld\n", i);
- }
- else
- {
- unsigned long int i = ulongval ();
- if (i != ((long int) (sizeof (ac__type_sizeof_))))
- return 1;
- fprintf (f, "%lu\n", i);
- }
- return ferror (f) || fclose (f) != 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
- { (case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_sizeof_char=`cat conftest.val`
+ $ac_path_EGREP_found && break 3
+ done
+ done
+ done
+IFS=$as_save_IFS
+ if test -z "$ac_cv_path_EGREP"; then
+ as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+ fi
else
- echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ ac_cv_path_EGREP=$EGREP
+fi
-( exit $ac_status )
-if test "$ac_cv_type_char" = yes; then
- { { echo "$as_me:$LINENO: error: cannot compute sizeof (char)
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot compute sizeof (char)
-See \`config.log' for more details." >&2;}
- { (exit 77); exit 77; }; }
- else
- ac_cv_sizeof_char=0
fi
fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-rm -f conftest.val
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_sizeof_char" >&5
-echo "${ECHO_T}$ac_cv_sizeof_char" >&6; }
-
-
-
-cat >>confdefs.h <<_ACEOF
-#define SIZEOF_CHAR $ac_cv_sizeof_char
-_ACEOF
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
+$as_echo "$ac_cv_path_EGREP" >&6; }
+ EGREP="$ac_cv_path_EGREP"
- { echo "$as_me:$LINENO: checking for short" >&5
-echo $ECHO_N "checking for short... $ECHO_C" >&6; }
-if test "${ac_cv_type_short+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for uid_t in sys/types.h" >&5
+$as_echo_n "checking for uid_t in sys/types.h... " >&6; }
+if ${ac_cv_type_uid_t+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-$ac_includes_default
-typedef short ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
- return 0;
-if (sizeof (ac__type_new_))
- return 0;
- ;
- return 0;
-}
+#include <sys/types.h>
+
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_type_short=yes
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "uid_t" >/dev/null 2>&1; then :
+ ac_cv_type_uid_t=yes
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ ac_cv_type_uid_t=no
+fi
+rm -f conftest*
- ac_cv_type_short=no
fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_uid_t" >&5
+$as_echo "$ac_cv_type_uid_t" >&6; }
+if test $ac_cv_type_uid_t = no; then
+
+$as_echo "#define uid_t int" >>confdefs.h
+
+
+$as_echo "#define gid_t int" >>confdefs.h
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_short" >&5
-echo "${ECHO_T}$ac_cv_type_short" >&6; }
-# The cast to long int works around a bug in the HP C Compiler
-# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
-# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
-# This bug is HP SR number 8606223364.
-{ echo "$as_me:$LINENO: checking size of short" >&5
-echo $ECHO_N "checking size of short... $ECHO_C" >&6; }
-if test "${ac_cv_sizeof_short+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
+$as_echo_n "checking for ANSI C header files... " >&6; }
+if ${ac_cv_header_stdc+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- if test "$cross_compiling" = yes; then
- # Depending upon the size, compute the lo and hi bounds.
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-$ac_includes_default
- typedef short ac__type_sizeof_;
-int
-main ()
-{
-static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) >= 0)];
-test_array [0] = 0
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <float.h>
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_lo=0 ac_mid=0
- while :; do
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
- typedef short ac__type_sizeof_;
int
main ()
{
-static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) <= $ac_mid)];
-test_array [0] = 0
;
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_hi=$ac_mid; break
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_header_stdc=yes
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_lo=`expr $ac_mid + 1`
- if test $ac_lo -le $ac_mid; then
- ac_lo= ac_hi=
- break
- fi
- ac_mid=`expr 2 '*' $ac_mid + 1`
+ ac_cv_header_stdc=no
fi
-
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- done
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
- typedef short ac__type_sizeof_;
-int
-main ()
-{
-static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) < 0)];
-test_array [0] = 0
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_hi=-1 ac_mid=-1
- while :; do
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+if test $ac_cv_header_stdc = yes; then
+ # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-$ac_includes_default
- typedef short ac__type_sizeof_;
-int
-main ()
-{
-static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) >= $ac_mid)];
-test_array [0] = 0
+#include <string.h>
- ;
- return 0;
-}
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_lo=$ac_mid; break
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_hi=`expr '(' $ac_mid ')' - 1`
- if test $ac_mid -le $ac_hi; then
- ac_lo= ac_hi=
- break
- fi
- ac_mid=`expr 2 '*' $ac_mid`
-fi
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "memchr" >/dev/null 2>&1; then :
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- done
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_lo= ac_hi=
+ ac_cv_header_stdc=no
fi
+rm -f conftest*
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-# Binary search between lo and hi bounds.
-while test "x$ac_lo" != "x$ac_hi"; do
- ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo`
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+if test $ac_cv_header_stdc = yes; then
+ # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-$ac_includes_default
- typedef short ac__type_sizeof_;
-int
-main ()
-{
-static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) <= $ac_mid)];
-test_array [0] = 0
+#include <stdlib.h>
- ;
- return 0;
-}
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_hi=$ac_mid
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "free" >/dev/null 2>&1; then :
+
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ ac_cv_header_stdc=no
+fi
+rm -f conftest*
- ac_lo=`expr '(' $ac_mid ')' + 1`
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-done
-case $ac_lo in
-?*) ac_cv_sizeof_short=$ac_lo;;
-'') if test "$ac_cv_type_short" = yes; then
- { { echo "$as_me:$LINENO: error: cannot compute sizeof (short)
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot compute sizeof (short)
-See \`config.log' for more details." >&2;}
- { (exit 77); exit 77; }; }
- else
- ac_cv_sizeof_short=0
- fi ;;
-esac
+if test $ac_cv_header_stdc = yes; then
+ # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
+ if test "$cross_compiling" = yes; then :
+ :
else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-$ac_includes_default
- typedef short ac__type_sizeof_;
-static long int longval () { return (long int) (sizeof (ac__type_sizeof_)); }
-static unsigned long int ulongval () { return (long int) (sizeof (ac__type_sizeof_)); }
-#include <stdio.h>
+#include <ctype.h>
#include <stdlib.h>
+#if ((' ' & 0x0FF) == 0x020)
+# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+#else
+# define ISLOWER(c) \
+ (('a' <= (c) && (c) <= 'i') \
+ || ('j' <= (c) && (c) <= 'r') \
+ || ('s' <= (c) && (c) <= 'z'))
+# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
+#endif
+
+#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
int
main ()
{
-
- FILE *f = fopen ("conftest.val", "w");
- if (! f)
- return 1;
- if (((long int) (sizeof (ac__type_sizeof_))) < 0)
- {
- long int i = longval ();
- if (i != ((long int) (sizeof (ac__type_sizeof_))))
- return 1;
- fprintf (f, "%ld\n", i);
- }
- else
- {
- unsigned long int i = ulongval ();
- if (i != ((long int) (sizeof (ac__type_sizeof_))))
- return 1;
- fprintf (f, "%lu\n", i);
- }
- return ferror (f) || fclose (f) != 0;
-
- ;
+ int i;
+ for (i = 0; i < 256; i++)
+ if (XOR (islower (i), ISLOWER (i))
+ || toupper (i) != TOUPPER (i))
+ return 2;
return 0;
}
_ACEOF
-rm -f conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
- { (case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_sizeof_short=`cat conftest.val`
+if ac_fn_c_try_run "$LINENO"; then :
+
else
- echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ ac_cv_header_stdc=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5
+$as_echo "$ac_cv_header_stdc" >&6; }
+if test $ac_cv_header_stdc = yes; then
+
+$as_echo "#define STDC_HEADERS 1" >>confdefs.h
+
+fi
+
+# On IRIX 5.3, sys/types and inttypes.h are conflicting.
+for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
+ inttypes.h stdint.h unistd.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
+"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
-( exit $ac_status )
-if test "$ac_cv_type_short" = yes; then
- { { echo "$as_me:$LINENO: error: cannot compute sizeof (short)
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot compute sizeof (short)
-See \`config.log' for more details." >&2;}
- { (exit 77); exit 77; }; }
- else
- ac_cv_sizeof_short=0
- fi
fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-rm -f conftest.val
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_sizeof_short" >&5
-echo "${ECHO_T}$ac_cv_sizeof_short" >&6; }
+done
+
+
+ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default"
+if test "x$ac_cv_type_size_t" = xyes; then :
+else
cat >>confdefs.h <<_ACEOF
-#define SIZEOF_SHORT $ac_cv_sizeof_short
+#define size_t unsigned int
_ACEOF
+fi
- { echo "$as_me:$LINENO: checking for int" >&5
-echo $ECHO_N "checking for int... $ECHO_C" >&6; }
-if test "${ac_cv_type_int+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether time.h and sys/time.h may both be included" >&5
+$as_echo_n "checking whether time.h and sys/time.h may both be included... " >&6; }
+if ${ac_cv_header_time+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-$ac_includes_default
-typedef int ac__type_new_;
+#include <sys/types.h>
+#include <sys/time.h>
+#include <time.h>
+
int
main ()
{
-if ((ac__type_new_ *) 0)
- return 0;
-if (sizeof (ac__type_new_))
- return 0;
+if ((struct tm *) 0)
+return 0;
;
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_type_int=yes
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_header_time=yes
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_type_int=no
+ ac_cv_header_time=no
fi
-
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_int" >&5
-echo "${ECHO_T}$ac_cv_type_int" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_time" >&5
+$as_echo "$ac_cv_header_time" >&6; }
+if test $ac_cv_header_time = yes; then
+
+$as_echo "#define TIME_WITH_SYS_TIME 1" >>confdefs.h
+
+fi
# The cast to long int works around a bug in the HP C Compiler
# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
# This bug is HP SR number 8606223364.
-{ echo "$as_me:$LINENO: checking size of int" >&5
-echo $ECHO_N "checking size of int... $ECHO_C" >&6; }
-if test "${ac_cv_sizeof_int+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of long" >&5
+$as_echo_n "checking size of long... " >&6; }
+if ${ac_cv_sizeof_long+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- if test "$cross_compiling" = yes; then
- # Depending upon the size, compute the lo and hi bounds.
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
- typedef int ac__type_sizeof_;
-int
-main ()
-{
-static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) >= 0)];
-test_array [0] = 0
-
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_lo=0 ac_mid=0
- while :; do
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
- typedef int ac__type_sizeof_;
-int
-main ()
-{
-static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) <= $ac_mid)];
-test_array [0] = 0
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long))" "ac_cv_sizeof_long" "$ac_includes_default"; then :
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_hi=$ac_mid; break
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_lo=`expr $ac_mid + 1`
- if test $ac_lo -le $ac_mid; then
- ac_lo= ac_hi=
- break
- fi
- ac_mid=`expr 2 '*' $ac_mid + 1`
+ if test "$ac_cv_type_long" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (long)
+See \`config.log' for more details" "$LINENO" 5; }
+ else
+ ac_cv_sizeof_long=0
+ fi
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- done
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long" >&5
+$as_echo "$ac_cv_sizeof_long" >&6; }
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
- typedef int ac__type_sizeof_;
-int
-main ()
-{
-static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) < 0)];
-test_array [0] = 0
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_hi=-1 ac_mid=-1
- while :; do
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
- typedef int ac__type_sizeof_;
-int
-main ()
-{
-static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) >= $ac_mid)];
-test_array [0] = 0
- ;
- return 0;
-}
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_LONG $ac_cv_sizeof_long
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_lo=$ac_mid; break
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
- ac_hi=`expr '(' $ac_mid ')' - 1`
- if test $ac_mid -le $ac_hi; then
- ac_lo= ac_hi=
- break
- fi
- ac_mid=`expr 2 '*' $ac_mid`
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- done
+# The cast to long int works around a bug in the HP C Compiler,
+# see AC_CHECK_SIZEOF for more information.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking alignment of uint64_t" >&5
+$as_echo_n "checking alignment of uint64_t... " >&6; }
+if ${ac_cv_alignof_uint64_t+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ if ac_fn_c_compute_int "$LINENO" "(long int) offsetof (ac__type_alignof_, y)" "ac_cv_alignof_uint64_t" "$ac_includes_default
+#ifndef offsetof
+# define offsetof(type, member) ((char *) &((type *) 0)->member - (char *) 0)
+#endif
+typedef struct { char x; uint64_t y; } ac__type_alignof_;"; then :
- ac_lo= ac_hi=
+else
+ if test "$ac_cv_type_uint64_t" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute alignment of uint64_t
+See \`config.log' for more details" "$LINENO" 5; }
+ else
+ ac_cv_alignof_uint64_t=0
+ fi
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_alignof_uint64_t" >&5
+$as_echo "$ac_cv_alignof_uint64_t" >&6; }
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-# Binary search between lo and hi bounds.
-while test "x$ac_lo" != "x$ac_hi"; do
- ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo`
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
+
+
+cat >>confdefs.h <<_ACEOF
+#define ALIGNOF_UINT64_T $ac_cv_alignof_uint64_t
+_ACEOF
+
+
+
+ALIGNOF_UINT64_T="$ac_cv_alignof_uint64_t"
+
+
+for ac_header in openssl/blowfish.h openssl/des.h openssl/cast.h openssl/aes.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+
+else
+ enable_openssl=no
+ break
+fi
+
+done
+
+
+# The Ultrix 4.2 mips builtin alloca declared by alloca.h only works
+# for constant arguments. Useless!
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for working alloca.h" >&5
+$as_echo_n "checking for working alloca.h... " >&6; }
+if ${ac_cv_working_alloca_h+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-$ac_includes_default
- typedef int ac__type_sizeof_;
+#include <alloca.h>
int
main ()
{
-static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) <= $ac_mid)];
-test_array [0] = 0
-
+char *p = (char *) alloca (2 * sizeof (int));
+ if (p) return 0;
;
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_hi=$ac_mid
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_working_alloca_h=yes
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ ac_cv_working_alloca_h=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_working_alloca_h" >&5
+$as_echo "$ac_cv_working_alloca_h" >&6; }
+if test $ac_cv_working_alloca_h = yes; then
+
+$as_echo "#define HAVE_ALLOCA_H 1" >>confdefs.h
- ac_lo=`expr '(' $ac_mid ')' + 1`
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-done
-case $ac_lo in
-?*) ac_cv_sizeof_int=$ac_lo;;
-'') if test "$ac_cv_type_int" = yes; then
- { { echo "$as_me:$LINENO: error: cannot compute sizeof (int)
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot compute sizeof (int)
-See \`config.log' for more details." >&2;}
- { (exit 77); exit 77; }; }
- else
- ac_cv_sizeof_int=0
- fi ;;
-esac
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for alloca" >&5
+$as_echo_n "checking for alloca... " >&6; }
+if ${ac_cv_func_alloca_works+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-$ac_includes_default
- typedef int ac__type_sizeof_;
-static long int longval () { return (long int) (sizeof (ac__type_sizeof_)); }
-static unsigned long int ulongval () { return (long int) (sizeof (ac__type_sizeof_)); }
-#include <stdio.h>
-#include <stdlib.h>
+#ifdef __GNUC__
+# define alloca __builtin_alloca
+#else
+# ifdef _MSC_VER
+# include <malloc.h>
+# define alloca _alloca
+# else
+# ifdef HAVE_ALLOCA_H
+# include <alloca.h>
+# else
+# ifdef _AIX
+ #pragma alloca
+# else
+# ifndef alloca /* predefined by HP cc +Olibcalls */
+void *alloca (size_t);
+# endif
+# endif
+# endif
+# endif
+#endif
+
int
main ()
{
-
- FILE *f = fopen ("conftest.val", "w");
- if (! f)
- return 1;
- if (((long int) (sizeof (ac__type_sizeof_))) < 0)
- {
- long int i = longval ();
- if (i != ((long int) (sizeof (ac__type_sizeof_))))
- return 1;
- fprintf (f, "%ld\n", i);
- }
- else
- {
- unsigned long int i = ulongval ();
- if (i != ((long int) (sizeof (ac__type_sizeof_))))
- return 1;
- fprintf (f, "%lu\n", i);
- }
- return ferror (f) || fclose (f) != 0;
-
+char *p = (char *) alloca (1);
+ if (p) return 0;
;
return 0;
-}
-_ACEOF
-rm -f conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
- { (case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_sizeof_int=`cat conftest.val`
-else
- echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-( exit $ac_status )
-if test "$ac_cv_type_int" = yes; then
- { { echo "$as_me:$LINENO: error: cannot compute sizeof (int)
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot compute sizeof (int)
-See \`config.log' for more details." >&2;}
- { (exit 77); exit 77; }; }
- else
- ac_cv_sizeof_int=0
- fi
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_func_alloca_works=yes
+else
+ ac_cv_func_alloca_works=no
fi
-rm -f conftest.val
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_sizeof_int" >&5
-echo "${ECHO_T}$ac_cv_sizeof_int" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_alloca_works" >&5
+$as_echo "$ac_cv_func_alloca_works" >&6; }
+if test $ac_cv_func_alloca_works = yes; then
+$as_echo "#define HAVE_ALLOCA 1" >>confdefs.h
-cat >>confdefs.h <<_ACEOF
-#define SIZEOF_INT $ac_cv_sizeof_int
-_ACEOF
+else
+ # The SVR3 libPW and SVR4 libucb both contain incompatible functions
+# that cause trouble. Some versions do not even contain alloca or
+# contain a buggy version. If you still want to use their alloca,
+# use ar to extract alloca.o from them instead of compiling alloca.c.
+
+ALLOCA=\${LIBOBJDIR}alloca.$ac_objext
+$as_echo "#define C_ALLOCA 1" >>confdefs.h
- { echo "$as_me:$LINENO: checking for long" >&5
-echo $ECHO_N "checking for long... $ECHO_C" >&6; }
-if test "${ac_cv_type_long+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether \`alloca.c' needs Cray hooks" >&5
+$as_echo_n "checking whether \`alloca.c' needs Cray hooks... " >&6; }
+if ${ac_cv_os_cray+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-$ac_includes_default
-typedef long ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
- return 0;
-if (sizeof (ac__type_new_))
- return 0;
- ;
- return 0;
-}
+#if defined CRAY && ! defined CRAY2
+webecray
+#else
+wenotbecray
+#endif
+
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_type_long=yes
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "webecray" >/dev/null 2>&1; then :
+ ac_cv_os_cray=yes
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ ac_cv_os_cray=no
+fi
+rm -f conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_os_cray" >&5
+$as_echo "$ac_cv_os_cray" >&6; }
+if test $ac_cv_os_cray = yes; then
+ for ac_func in _getb67 GETB67 getb67; do
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+
+cat >>confdefs.h <<_ACEOF
+#define CRAY_STACKSEG_END $ac_func
+_ACEOF
- ac_cv_type_long=no
+ break
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_long" >&5
-echo "${ECHO_T}$ac_cv_type_long" >&6; }
-# The cast to long int works around a bug in the HP C Compiler
-# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
-# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
-# This bug is HP SR number 8606223364.
-{ echo "$as_me:$LINENO: checking size of long" >&5
-echo $ECHO_N "checking size of long... $ECHO_C" >&6; }
-if test "${ac_cv_sizeof_long+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking stack direction for C alloca" >&5
+$as_echo_n "checking stack direction for C alloca... " >&6; }
+if ${ac_cv_c_stack_direction+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- if test "$cross_compiling" = yes; then
- # Depending upon the size, compute the lo and hi bounds.
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ if test "$cross_compiling" = yes; then :
+ ac_cv_c_stack_direction=0
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
$ac_includes_default
- typedef long ac__type_sizeof_;
int
-main ()
+find_stack_direction (int *addr, int depth)
{
-static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) >= 0)];
-test_array [0] = 0
-
- ;
- return 0;
+ int dir, dummy = 0;
+ if (! addr)
+ addr = &dummy;
+ *addr = addr < &dummy ? 1 : addr == &dummy ? 0 : -1;
+ dir = depth ? find_stack_direction (addr, depth - 1) : 0;
+ return dir + dummy;
}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_lo=0 ac_mid=0
- while :; do
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
- typedef long ac__type_sizeof_;
+
int
-main ()
+main (int argc, char **argv)
{
-static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) <= $ac_mid)];
-test_array [0] = 0
-
- ;
- return 0;
+ return find_stack_direction (0, argc + !argv + 20) < 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_hi=$ac_mid; break
+if ac_fn_c_try_run "$LINENO"; then :
+ ac_cv_c_stack_direction=1
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ ac_cv_c_stack_direction=-1
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
- ac_lo=`expr $ac_mid + 1`
- if test $ac_lo -le $ac_mid; then
- ac_lo= ac_hi=
- break
- fi
- ac_mid=`expr 2 '*' $ac_mid + 1`
fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_stack_direction" >&5
+$as_echo "$ac_cv_c_stack_direction" >&6; }
+cat >>confdefs.h <<_ACEOF
+#define STACK_DIRECTION $ac_cv_c_stack_direction
+_ACEOF
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- done
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
+fi
+
+for ac_header in malloc.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "malloc.h" "ac_cv_header_malloc_h" "$ac_includes_default"
+if test "x$ac_cv_header_malloc_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_MALLOC_H 1
+_ACEOF
+
+fi
+
+done
+
+
+for ac_func in strerror
+do :
+ ac_fn_c_check_func "$LINENO" "strerror" "ac_cv_func_strerror"
+if test "x$ac_cv_func_strerror" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_STRERROR 1
_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+
+fi
+done
+
+
+
+# Needed by the supplied memcmp.c
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether byte ordering is bigendian" >&5
+$as_echo_n "checking whether byte ordering is bigendian... " >&6; }
+if ${ac_cv_c_bigendian+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_cv_c_bigendian=unknown
+ # See if we're dealing with a universal compiler.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-$ac_includes_default
- typedef long ac__type_sizeof_;
+#ifndef __APPLE_CC__
+ not a universal capable compiler
+ #endif
+ typedef int dummy;
+
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+ # Check for potential -arch flags. It is not universal unless
+ # there are at least two -arch flags with different values.
+ ac_arch=
+ ac_prev=
+ for ac_word in $CC $CFLAGS $CPPFLAGS $LDFLAGS; do
+ if test -n "$ac_prev"; then
+ case $ac_word in
+ i?86 | x86_64 | ppc | ppc64)
+ if test -z "$ac_arch" || test "$ac_arch" = "$ac_word"; then
+ ac_arch=$ac_word
+ else
+ ac_cv_c_bigendian=universal
+ break
+ fi
+ ;;
+ esac
+ ac_prev=
+ elif test "x$ac_word" = "x-arch"; then
+ ac_prev=arch
+ fi
+ done
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ if test $ac_cv_c_bigendian = unknown; then
+ # See if sys/param.h defines the BYTE_ORDER macro.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+ #include <sys/param.h>
+
int
main ()
{
-static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) < 0)];
-test_array [0] = 0
+#if ! (defined BYTE_ORDER && defined BIG_ENDIAN \
+ && defined LITTLE_ENDIAN && BYTE_ORDER && BIG_ENDIAN \
+ && LITTLE_ENDIAN)
+ bogus endian macros
+ #endif
;
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_hi=-1 ac_mid=-1
- while :; do
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ # It does; now see whether it defined to BIG_ENDIAN or not.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-$ac_includes_default
- typedef long ac__type_sizeof_;
+#include <sys/types.h>
+ #include <sys/param.h>
+
int
main ()
{
-static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) >= $ac_mid)];
-test_array [0] = 0
+#if BYTE_ORDER != BIG_ENDIAN
+ not big endian
+ #endif
;
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_lo=$ac_mid; break
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_hi=`expr '(' $ac_mid ')' - 1`
- if test $ac_mid -le $ac_hi; then
- ac_lo= ac_hi=
- break
- fi
- ac_mid=`expr 2 '*' $ac_mid`
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- done
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_c_bigendian=yes
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_lo= ac_hi=
+ ac_cv_c_bigendian=no
fi
-
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
-
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-# Binary search between lo and hi bounds.
-while test "x$ac_lo" != "x$ac_hi"; do
- ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo`
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ fi
+ if test $ac_cv_c_bigendian = unknown; then
+ # See if <limits.h> defines _LITTLE_ENDIAN or _BIG_ENDIAN (e.g., Solaris).
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-$ac_includes_default
- typedef long ac__type_sizeof_;
+#include <limits.h>
+
int
main ()
{
-static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) <= $ac_mid)];
-test_array [0] = 0
+#if ! (defined _LITTLE_ENDIAN || defined _BIG_ENDIAN)
+ bogus endian macros
+ #endif
;
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_hi=$ac_mid
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_lo=`expr '(' $ac_mid ')' + 1`
-fi
-
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-done
-case $ac_lo in
-?*) ac_cv_sizeof_long=$ac_lo;;
-'') if test "$ac_cv_type_long" = yes; then
- { { echo "$as_me:$LINENO: error: cannot compute sizeof (long)
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot compute sizeof (long)
-See \`config.log' for more details." >&2;}
- { (exit 77); exit 77; }; }
- else
- ac_cv_sizeof_long=0
- fi ;;
-esac
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ # It does; now see whether it defined to _BIG_ENDIAN or not.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-$ac_includes_default
- typedef long ac__type_sizeof_;
-static long int longval () { return (long int) (sizeof (ac__type_sizeof_)); }
-static unsigned long int ulongval () { return (long int) (sizeof (ac__type_sizeof_)); }
-#include <stdio.h>
-#include <stdlib.h>
+#include <limits.h>
+
int
main ()
{
-
- FILE *f = fopen ("conftest.val", "w");
- if (! f)
- return 1;
- if (((long int) (sizeof (ac__type_sizeof_))) < 0)
- {
- long int i = longval ();
- if (i != ((long int) (sizeof (ac__type_sizeof_))))
- return 1;
- fprintf (f, "%ld\n", i);
- }
- else
- {
- unsigned long int i = ulongval ();
- if (i != ((long int) (sizeof (ac__type_sizeof_))))
- return 1;
- fprintf (f, "%lu\n", i);
- }
- return ferror (f) || fclose (f) != 0;
+#ifndef _BIG_ENDIAN
+ not big endian
+ #endif
;
return 0;
}
_ACEOF
-rm -f conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
- { (case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_sizeof_long=`cat conftest.val`
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_c_bigendian=yes
else
- echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-( exit $ac_status )
-if test "$ac_cv_type_long" = yes; then
- { { echo "$as_me:$LINENO: error: cannot compute sizeof (long)
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot compute sizeof (long)
-See \`config.log' for more details." >&2;}
- { (exit 77); exit 77; }; }
- else
- ac_cv_sizeof_long=0
- fi
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+ ac_cv_c_bigendian=no
fi
-rm -f conftest.val
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_sizeof_long" >&5
-echo "${ECHO_T}$ac_cv_sizeof_long" >&6; }
-
-
-
-cat >>confdefs.h <<_ACEOF
-#define SIZEOF_LONG $ac_cv_sizeof_long
-_ACEOF
-
-
- { echo "$as_me:$LINENO: checking for void*" >&5
-echo $ECHO_N "checking for void*... $ECHO_C" >&6; }
-if test "${ac_cv_type_voidp+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ fi
+ if test $ac_cv_c_bigendian = unknown; then
+ # Compile a test program.
+ if test "$cross_compiling" = yes; then :
+ # Try to guess by grepping values from an object file.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-$ac_includes_default
-typedef void* ac__type_new_;
+short int ascii_mm[] =
+ { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 };
+ short int ascii_ii[] =
+ { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 };
+ int use_ascii (int i) {
+ return ascii_mm[i] + ascii_ii[i];
+ }
+ short int ebcdic_ii[] =
+ { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 };
+ short int ebcdic_mm[] =
+ { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 };
+ int use_ebcdic (int i) {
+ return ebcdic_mm[i] + ebcdic_ii[i];
+ }
+ extern int foo;
+
int
main ()
{
-if ((ac__type_new_ *) 0)
- return 0;
-if (sizeof (ac__type_new_))
- return 0;
+return use_ascii (foo) == use_ebcdic (foo);
;
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_type_voidp=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_type_voidp=no
+if ac_fn_c_try_compile "$LINENO"; then :
+ if grep BIGenDianSyS conftest.$ac_objext >/dev/null; then
+ ac_cv_c_bigendian=yes
+ fi
+ if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then
+ if test "$ac_cv_c_bigendian" = unknown; then
+ ac_cv_c_bigendian=no
+ else
+ # finding both strings is unlikely to happen, but who knows?
+ ac_cv_c_bigendian=unknown
+ fi
+ fi
fi
-
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_voidp" >&5
-echo "${ECHO_T}$ac_cv_type_voidp" >&6; }
-
-# The cast to long int works around a bug in the HP C Compiler
-# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
-# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
-# This bug is HP SR number 8606223364.
-{ echo "$as_me:$LINENO: checking size of void*" >&5
-echo $ECHO_N "checking size of void*... $ECHO_C" >&6; }
-if test "${ac_cv_sizeof_voidp+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
else
- if test "$cross_compiling" = yes; then
- # Depending upon the size, compute the lo and hi bounds.
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
$ac_includes_default
- typedef void* ac__type_sizeof_;
int
main ()
{
-static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) >= 0)];
-test_array [0] = 0
+
+ /* Are we little or big endian? From Harbison&Steele. */
+ union
+ {
+ long int l;
+ char c[sizeof (long int)];
+ } u;
+ u.l = 1;
+ return u.c[sizeof (long int) - 1] == 1;
;
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
+if ac_fn_c_try_run "$LINENO"; then :
+ ac_cv_c_bigendian=no
+else
+ ac_cv_c_bigendian=yes
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_bigendian" >&5
+$as_echo "$ac_cv_c_bigendian" >&6; }
+ case $ac_cv_c_bigendian in #(
+ yes)
+ $as_echo "#define WORDS_BIGENDIAN 1" >>confdefs.h
+;; #(
+ no)
+ ;; #(
+ universal)
+
+$as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h
+
+ ;; #(
+ *)
+ as_fn_error $? "unknown endianness
+ presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;;
+ esac
+
+ac_fn_c_check_func "$LINENO" "memxor" "ac_cv_func_memxor"
+if test "x$ac_cv_func_memxor" = xyes; then :
+ $as_echo "#define HAVE_MEMXOR 1" >>confdefs.h
+
+else
+ case " $LIBOBJS " in
+ *" memxor.$ac_objext "* ) ;;
+ *) LIBOBJS="$LIBOBJS memxor.$ac_objext"
+ ;;
esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_lo=0 ac_mid=0
- while :; do
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+
+fi
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for __attribute__" >&5
+$as_echo_n "checking for __attribute__... " >&6; }
+if ${lsh_cv_c_attribute+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-$ac_includes_default
- typedef void* ac__type_sizeof_;
+
+#include <stdlib.h>
+
+static void foo(void) __attribute__ ((noreturn));
+
+static void __attribute__ ((noreturn))
+foo(void)
+{
+ exit(1);
+}
+
int
main ()
{
-static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) <= $ac_mid)];
-test_array [0] = 0
;
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_hi=$ac_mid; break
+if ac_fn_c_try_compile "$LINENO"; then :
+ lsh_cv_c_attribute=yes
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ lsh_cv_c_attribute=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lsh_cv_c_attribute" >&5
+$as_echo "$lsh_cv_c_attribute" >&6; }
+
+
+if test "x$lsh_cv_c_attribute" = "xyes"; then
+ $as_echo "#define HAVE_GCC_ATTRIBUTE 1" >>confdefs.h
- ac_lo=`expr $ac_mid + 1`
- if test $ac_lo -le $ac_mid; then
- ac_lo= ac_hi=
- break
- fi
- ac_mid=`expr 2 '*' $ac_mid + 1`
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- done
+
+
+# According to Simon Josefsson, looking for uint32_t and friends in
+# sys/types.h is needed on some systems, in particular cygwin.
+# ------ AX CREATE STDINT H -------------------------------------
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for stdint types" >&5
+$as_echo_n "checking for stdint types... " >&6; }
+ac_stdint_h=`echo nettle-stdint.h`
+# try to shortcircuit - if the default include path of the compiler
+# can find a "stdint.h" header then we assume that all compilers can.
+if ${ac_cv_header_stdint_t+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+old_CXXFLAGS="$CXXFLAGS" ; CXXFLAGS=""
+old_CPPFLAGS="$CPPFLAGS" ; CPPFLAGS=""
+old_CFLAGS="$CFLAGS" ; CFLAGS=""
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-$ac_includes_default
- typedef void* ac__type_sizeof_;
+#include <stdint.h>
int
main ()
{
-static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) < 0)];
-test_array [0] = 0
-
+int_least32_t v = 0;
;
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_hi=-1 ac_mid=-1
- while :; do
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
- typedef void* ac__type_sizeof_;
-int
-main ()
-{
-static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) >= $ac_mid)];
-test_array [0] = 0
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_stdint_result="(assuming C99 compatible system)"
+ ac_cv_header_stdint_t="stdint.h";
+else
+ ac_cv_header_stdint_t=""
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+CXXFLAGS="$old_CXXFLAGS"
+CPPFLAGS="$old_CPPFLAGS"
+CFLAGS="$old_CFLAGS"
+fi
- ;
- return 0;
-}
+
+v="... $ac_cv_header_stdint_h"
+if test "$ac_stdint_h" = "stdint.h" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: (are you sure you want them in ./stdint.h?)" >&5
+$as_echo "(are you sure you want them in ./stdint.h?)" >&6; }
+elif test "$ac_stdint_h" = "inttypes.h" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: (are you sure you want them in ./inttypes.h?)" >&5
+$as_echo "(are you sure you want them in ./inttypes.h?)" >&6; }
+elif test "_$ac_cv_header_stdint_t" = "_" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: (putting them into $ac_stdint_h)$v" >&5
+$as_echo "(putting them into $ac_stdint_h)$v" >&6; }
+else
+ ac_cv_header_stdint="$ac_cv_header_stdint_t"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdint (shortcircuit)" >&5
+$as_echo "$ac_cv_header_stdint (shortcircuit)" >&6; }
+fi
+
+if test "_$ac_cv_header_stdint_t" = "_" ; then # can not shortcircuit..
+
+
+inttype_headers=`echo sys/types.h | sed -e 's/,/ /g'`
+
+ac_cv_stdint_result="(no helpful system typedefs seen)"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for stdint uintptr_t" >&5
+$as_echo_n "checking for stdint uintptr_t... " >&6; }
+if ${ac_cv_header_stdint_x+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ ac_cv_header_stdint_x="" # the 1997 typedefs (inttypes.h)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: (..)" >&5
+$as_echo "(..)" >&6; }
+ for i in stdint.h inttypes.h sys/inttypes.h $inttype_headers ; do
+ unset ac_cv_type_uintptr_t
+ unset ac_cv_type_uint64_t
+ ac_fn_c_check_type "$LINENO" "uintptr_t" "ac_cv_type_uintptr_t" "#include <$i>
+"
+if test "x$ac_cv_type_uintptr_t" = xyes; then :
+ ac_cv_header_stdint_x=$i
+else
+ continue
+fi
+
+ ac_fn_c_check_type "$LINENO" "uint64_t" "ac_cv_type_uint64_t" "#include<$i>
+"
+if test "x$ac_cv_type_uint64_t" = xyes; then :
+ and64="/uint64_t"
+else
+ and64=""
+fi
+
+ ac_cv_stdint_result="(seen uintptr_t$and64 in $i)"
+ break;
+ done
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for stdint uintptr_t" >&5
+$as_echo_n "checking for stdint uintptr_t... " >&6; }
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdint_x" >&5
+$as_echo "$ac_cv_header_stdint_x" >&6; }
+
+if test "_$ac_cv_header_stdint_x" = "_" ; then
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for stdint uint32_t" >&5
+$as_echo_n "checking for stdint uint32_t... " >&6; }
+if ${ac_cv_header_stdint_o+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ ac_cv_header_stdint_o="" # the 1995 typedefs (sys/inttypes.h)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: (..)" >&5
+$as_echo "(..)" >&6; }
+ for i in inttypes.h sys/inttypes.h stdint.h $inttype_headers ; do
+ unset ac_cv_type_uint32_t
+ unset ac_cv_type_uint64_t
+ ac_fn_c_check_type "$LINENO" "uint32_t" "ac_cv_type_uint32_t" "#include <$i>
+"
+if test "x$ac_cv_type_uint32_t" = xyes; then :
+ ac_cv_header_stdint_o=$i
+else
+ continue
+fi
+
+ ac_fn_c_check_type "$LINENO" "uint64_t" "ac_cv_type_uint64_t" "#include<$i>
+"
+if test "x$ac_cv_type_uint64_t" = xyes; then :
+ and64="/uint64_t"
+else
+ and64=""
+fi
+
+ ac_cv_stdint_result="(seen uint32_t$and64 in $i)"
+ break;
+ done
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for stdint uint32_t" >&5
+$as_echo_n "checking for stdint uint32_t... " >&6; }
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdint_o" >&5
+$as_echo "$ac_cv_header_stdint_o" >&6; }
+fi
+
+if test "_$ac_cv_header_stdint_x" = "_" ; then
+if test "_$ac_cv_header_stdint_o" = "_" ; then
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for stdint u_int32_t" >&5
+$as_echo_n "checking for stdint u_int32_t... " >&6; }
+if ${ac_cv_header_stdint_u+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ ac_cv_header_stdint_u="" # the BSD typedefs (sys/types.h)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: (..)" >&5
+$as_echo "(..)" >&6; }
+ for i in sys/types.h inttypes.h sys/inttypes.h $inttype_headers ; do
+ unset ac_cv_type_u_int32_t
+ unset ac_cv_type_u_int64_t
+ ac_fn_c_check_type "$LINENO" "u_int32_t" "ac_cv_type_u_int32_t" "#include <$i>
+"
+if test "x$ac_cv_type_u_int32_t" = xyes; then :
+ ac_cv_header_stdint_u=$i
+else
+ continue
+fi
+
+ ac_fn_c_check_type "$LINENO" "u_int64_t" "ac_cv_type_u_int64_t" "#include<$i>
+"
+if test "x$ac_cv_type_u_int64_t" = xyes; then :
+ and64="/u_int64_t"
+else
+ and64=""
+fi
+
+ ac_cv_stdint_result="(seen u_int32_t$and64 in $i)"
+ break;
+ done
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for stdint u_int32_t" >&5
+$as_echo_n "checking for stdint u_int32_t... " >&6; }
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdint_u" >&5
+$as_echo "$ac_cv_header_stdint_u" >&6; }
+fi fi
+
+if test "_$ac_cv_header_stdint_x" = "_" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for stdint datatype model" >&5
+$as_echo_n "checking for stdint datatype model... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: (..)" >&5
+$as_echo "(..)" >&6; }
+ # The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of char" >&5
+$as_echo_n "checking size of char... " >&6; }
+if ${ac_cv_sizeof_char+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (char))" "ac_cv_sizeof_char" "$ac_includes_default"; then :
+
+else
+ if test "$ac_cv_type_char" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (char)
+See \`config.log' for more details" "$LINENO" 5; }
+ else
+ ac_cv_sizeof_char=0
+ fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_char" >&5
+$as_echo "$ac_cv_sizeof_char" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_CHAR $ac_cv_sizeof_char
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_lo=$ac_mid; break
+
+
+ # The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of short" >&5
+$as_echo_n "checking size of short... " >&6; }
+if ${ac_cv_sizeof_short+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (short))" "ac_cv_sizeof_short" "$ac_includes_default"; then :
- ac_hi=`expr '(' $ac_mid ')' - 1`
- if test $ac_mid -le $ac_hi; then
- ac_lo= ac_hi=
- break
- fi
- ac_mid=`expr 2 '*' $ac_mid`
+else
+ if test "$ac_cv_type_short" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (short)
+See \`config.log' for more details" "$LINENO" 5; }
+ else
+ ac_cv_sizeof_short=0
+ fi
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- done
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_short" >&5
+$as_echo "$ac_cv_sizeof_short" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_SHORT $ac_cv_sizeof_short
+_ACEOF
+
+
+ # The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of int" >&5
+$as_echo_n "checking size of int... " >&6; }
+if ${ac_cv_sizeof_int+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (int))" "ac_cv_sizeof_int" "$ac_includes_default"; then :
- ac_lo= ac_hi=
+else
+ if test "$ac_cv_type_int" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (int)
+See \`config.log' for more details" "$LINENO" 5; }
+ else
+ ac_cv_sizeof_int=0
+ fi
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_int" >&5
+$as_echo "$ac_cv_sizeof_int" >&6; }
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-# Binary search between lo and hi bounds.
-while test "x$ac_lo" != "x$ac_hi"; do
- ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo`
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
- typedef void* ac__type_sizeof_;
-int
-main ()
-{
-static int test_array [1 - 2 * !(((long int) (sizeof (ac__type_sizeof_))) <= $ac_mid)];
-test_array [0] = 0
- ;
- return 0;
-}
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_INT $ac_cv_sizeof_int
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_hi=$ac_mid
+
+
+ # The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of long" >&5
+$as_echo_n "checking size of long... " >&6; }
+if ${ac_cv_sizeof_long+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long))" "ac_cv_sizeof_long" "$ac_includes_default"; then :
- ac_lo=`expr '(' $ac_mid ')' + 1`
+else
+ if test "$ac_cv_type_long" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (long)
+See \`config.log' for more details" "$LINENO" 5; }
+ else
+ ac_cv_sizeof_long=0
+ fi
fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-done
-case $ac_lo in
-?*) ac_cv_sizeof_voidp=$ac_lo;;
-'') if test "$ac_cv_type_voidp" = yes; then
- { { echo "$as_me:$LINENO: error: cannot compute sizeof (void*)
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot compute sizeof (void*)
-See \`config.log' for more details." >&2;}
- { (exit 77); exit 77; }; }
- else
- ac_cv_sizeof_voidp=0
- fi ;;
-esac
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-$ac_includes_default
- typedef void* ac__type_sizeof_;
-static long int longval () { return (long int) (sizeof (ac__type_sizeof_)); }
-static unsigned long int ulongval () { return (long int) (sizeof (ac__type_sizeof_)); }
-#include <stdio.h>
-#include <stdlib.h>
-int
-main ()
-{
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long" >&5
+$as_echo "$ac_cv_sizeof_long" >&6; }
- FILE *f = fopen ("conftest.val", "w");
- if (! f)
- return 1;
- if (((long int) (sizeof (ac__type_sizeof_))) < 0)
- {
- long int i = longval ();
- if (i != ((long int) (sizeof (ac__type_sizeof_))))
- return 1;
- fprintf (f, "%ld\n", i);
- }
- else
- {
- unsigned long int i = ulongval ();
- if (i != ((long int) (sizeof (ac__type_sizeof_))))
- return 1;
- fprintf (f, "%lu\n", i);
- }
- return ferror (f) || fclose (f) != 0;
- ;
- return 0;
-}
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_LONG $ac_cv_sizeof_long
_ACEOF
-rm -f conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
- { (case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
- ac_cv_sizeof_voidp=`cat conftest.val`
+
+
+ # The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of void*" >&5
+$as_echo_n "checking size of void*... " >&6; }
+if ${ac_cv_sizeof_voidp+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (void*))" "ac_cv_sizeof_voidp" "$ac_includes_default"; then :
-( exit $ac_status )
-if test "$ac_cv_type_voidp" = yes; then
- { { echo "$as_me:$LINENO: error: cannot compute sizeof (void*)
-See \`config.log' for more details." >&5
-echo "$as_me: error: cannot compute sizeof (void*)
-See \`config.log' for more details." >&2;}
- { (exit 77); exit 77; }; }
+else
+ if test "$ac_cv_type_voidp" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (void*)
+See \`config.log' for more details" "$LINENO" 5; }
else
ac_cv_sizeof_voidp=0
fi
fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
-fi
-rm -f conftest.val
+
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_sizeof_voidp" >&5
-echo "${ECHO_T}$ac_cv_sizeof_voidp" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_voidp" >&5
+$as_echo "$ac_cv_sizeof_voidp" >&6; }
222/*|444/*) name="$name (unusual dsptype)" ;;
*) name="$name (very unusal model)" ;;
esac
- { echo "$as_me:$LINENO: result: combined for stdint datatype model... $name" >&5
-echo "${ECHO_T}combined for stdint datatype model... $name" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: combined for stdint datatype model... $name" >&5
+$as_echo "combined for stdint datatype model... $name" >&6; }
fi
if test "_$ac_cv_header_stdint_x" != "_" ; then
ac_cv_header_stdint="stddef.h"
fi
-{ echo "$as_me:$LINENO: checking for extra inttypes in chosen header" >&5
-echo $ECHO_N "checking for extra inttypes in chosen header... $ECHO_C" >&6; }
-{ echo "$as_me:$LINENO: result: ($ac_cv_header_stdint)" >&5
-echo "${ECHO_T}($ac_cv_header_stdint)" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for extra inttypes in chosen header" >&5
+$as_echo_n "checking for extra inttypes in chosen header... " >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: ($ac_cv_header_stdint)" >&5
+$as_echo "($ac_cv_header_stdint)" >&6; }
unset ac_cv_type_int_least32_t
unset ac_cv_type_int_fast32_t
-{ echo "$as_me:$LINENO: checking for int_least32_t" >&5
-echo $ECHO_N "checking for int_least32_t... $ECHO_C" >&6; }
-if test "${ac_cv_type_int_least32_t+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <$ac_cv_header_stdint>
-
-typedef int_least32_t ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
- return 0;
-if (sizeof (ac__type_new_))
- return 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_type_int_least32_t=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_type_int_least32_t=no
-fi
+ac_fn_c_check_type "$LINENO" "int_least32_t" "ac_cv_type_int_least32_t" "#include <$ac_cv_header_stdint>
+"
+if test "x$ac_cv_type_int_least32_t" = xyes; then :
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_int_least32_t" >&5
-echo "${ECHO_T}$ac_cv_type_int_least32_t" >&6; }
-
-{ echo "$as_me:$LINENO: checking for int_fast32_t" >&5
-echo $ECHO_N "checking for int_fast32_t... $ECHO_C" >&6; }
-if test "${ac_cv_type_int_fast32_t+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include<$ac_cv_header_stdint>
-
-typedef int_fast32_t ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
- return 0;
-if (sizeof (ac__type_new_))
- return 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_type_int_fast32_t=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
- ac_cv_type_int_fast32_t=no
-fi
+ac_fn_c_check_type "$LINENO" "int_fast32_t" "ac_cv_type_int_fast32_t" "#include<$ac_cv_header_stdint>
+"
+if test "x$ac_cv_type_int_fast32_t" = xyes; then :
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_int_fast32_t" >&5
-echo "${ECHO_T}$ac_cv_type_int_fast32_t" >&6; }
-
-{ echo "$as_me:$LINENO: checking for intmax_t" >&5
-echo $ECHO_N "checking for intmax_t... $ECHO_C" >&6; }
-if test "${ac_cv_type_intmax_t+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-#include <$ac_cv_header_stdint>
-
-typedef intmax_t ac__type_new_;
-int
-main ()
-{
-if ((ac__type_new_ *) 0)
- return 0;
-if (sizeof (ac__type_new_))
- return 0;
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
- ac_cv_type_intmax_t=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
- ac_cv_type_intmax_t=no
-fi
+ac_fn_c_check_type "$LINENO" "intmax_t" "ac_cv_type_intmax_t" "#include <$ac_cv_header_stdint>
+"
+if test "x$ac_cv_type_intmax_t" = xyes; then :
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_type_intmax_t" >&5
-echo "${ECHO_T}$ac_cv_type_intmax_t" >&6; }
fi # shortcircut to system "stdint.h"
ac_cv_stdint_message="using $CC"
fi
-{ echo "$as_me:$LINENO: result: make use of $ac_cv_header_stdint in $ac_stdint_h $ac_cv_stdint_result" >&5
-echo "${ECHO_T}make use of $ac_cv_header_stdint in $ac_stdint_h $ac_cv_stdint_result" >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: make use of $ac_cv_header_stdint in $ac_stdint_h $ac_cv_stdint_result" >&5
+$as_echo "make use of $ac_cv_header_stdint in $ac_stdint_h $ac_cv_stdint_result" >&6; }
# ----------------- DONE inttypes.h checks START header -------------
ac_config_commands="$ac_config_commands $ac_stdint_h"
# Check for file locking. We (AC_PROG_CC?) have already checked for
# sys/types.h and unistd.h.
-{ echo "$as_me:$LINENO: checking for fcntl file locking" >&5
-echo $ECHO_N "checking for fcntl file locking... $ECHO_C" >&6; }
-if test "${nettle_cv_fcntl_locking+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for fcntl file locking" >&5
+$as_echo_n "checking for fcntl file locking... " >&6; }
+if ${nettle_cv_fcntl_locking+:} false; then :
+ $as_echo_n "(cached) " >&6
else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#if HAVE_SYS_TYPES_H
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext
-if { (ac_try="$ac_compile"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_compile") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest.$ac_objext; then
+if ac_fn_c_try_compile "$LINENO"; then :
nettle_cv_fcntl_locking=yes
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- nettle_cv_fcntl_locking=no
+ nettle_cv_fcntl_locking=no
fi
-
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
-{ echo "$as_me:$LINENO: result: $nettle_cv_fcntl_locking" >&5
-echo "${ECHO_T}$nettle_cv_fcntl_locking" >&6; }
-
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $nettle_cv_fcntl_locking" >&5
+$as_echo "$nettle_cv_fcntl_locking" >&6; }
if test "x$nettle_cv_fcntl_locking" = "xyes" ; then
- cat >>confdefs.h <<\_ACEOF
-#define HAVE_FCNTL_LOCKING 1
-_ACEOF
+ $as_echo "#define HAVE_FCNTL_LOCKING 1" >>confdefs.h
fi
# Checks for libraries
-
-{ echo "$as_me:$LINENO: checking for __gmpz_getlimbn in -lgmp" >&5
-echo $ECHO_N "checking for __gmpz_getlimbn in -lgmp... $ECHO_C" >&6; }
-if test "${ac_cv_lib_gmp___gmpz_getlimbn+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for __gmpz_getlimbn in -lgmp" >&5
+$as_echo_n "checking for __gmpz_getlimbn in -lgmp... " >&6; }
+if ${ac_cv_lib_gmp___gmpz_getlimbn+:} false; then :
+ $as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
LIBS="-lgmp $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
/* Override any GCC internal prototype to avoid an error.
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext &&
- $as_test_x conftest$ac_exeext; then
+if ac_fn_c_try_link "$LINENO"; then :
ac_cv_lib_gmp___gmpz_getlimbn=yes
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_lib_gmp___gmpz_getlimbn=no
+ ac_cv_lib_gmp___gmpz_getlimbn=no
fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
- conftest$ac_exeext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_lib_gmp___gmpz_getlimbn" >&5
-echo "${ECHO_T}$ac_cv_lib_gmp___gmpz_getlimbn" >&6; }
-if test $ac_cv_lib_gmp___gmpz_getlimbn = yes; then
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gmp___gmpz_getlimbn" >&5
+$as_echo "$ac_cv_lib_gmp___gmpz_getlimbn" >&6; }
+if test "x$ac_cv_lib_gmp___gmpz_getlimbn" = xyes; then :
cat >>confdefs.h <<_ACEOF
#define HAVE_LIBGMP 1
_ACEOF
LIBS="-lgmp $LIBS"
else
- { echo "$as_me:$LINENO: WARNING: GNU MP not found, or not 3.1 or up, see http://www.swox.com/gmp.
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: GNU MP not found, or not 3.1 or up, see http://gmplib.org/.
Support for public key algorithms will be unavailable." >&5
-echo "$as_me: WARNING: GNU MP not found, or not 3.1 or up, see http://www.swox.com/gmp.
+$as_echo "$as_me: WARNING: GNU MP not found, or not 3.1 or up, see http://gmplib.org/.
Support for public key algorithms will be unavailable." >&2;}
enable_public_key=no
fi
# Add -R flags needed to run programs linked with gmp
if test $cross_compiling = no -a "x$RPATHFLAG" != x ; then
ac_success=no
- if test "$cross_compiling" = yes; then
+ if test "$cross_compiling" = yes; then :
:
else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int main(int argc, char **argv) { return 0; }
_ACEOF
-rm -f conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
- { (case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
+if ac_fn_c_try_run "$LINENO"; then :
ac_success=yes
else
- echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-( exit $ac_status )
-ac_success=no
+ ac_success=no
fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
fi
-
if test $ac_success = no ; then
- { echo "$as_me:$LINENO: checking Running simple test program failed. Trying -R flags" >&5
-echo $ECHO_N "checking Running simple test program failed. Trying -R flags... $ECHO_C" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking Running simple test program failed. Trying -R flags" >&5
+$as_echo_n "checking Running simple test program failed. Trying -R flags... " >&6; }
ac_remaining_dirs=''
ac_rpath_save_LDFLAGS="$LDFLAGS"
for d in $RPATH_CANDIDATE_DIRS ; do
if test $ac_success = yes ; then
ac_remaining_dirs="$ac_remaining_dirs $d"
- else
- LDFLAGS="$RPATHFLAG$d $LDFLAGS"
- if test "$cross_compiling" = yes; then
- :
-else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-int main(int argc, char **argv) { return 0; }
-_ACEOF
-rm -f conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
- { (case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_try") 2>&5
- ac_status=$?
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); }; }; then
+ else
+ LDFLAGS="$RPATHFLAG$d $LDFLAGS"
+ if test "$cross_compiling" = yes; then :
+ :
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int main(int argc, char **argv) { return 0; }
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
ac_success=yes
ac_rpath_save_LDFLAGS="$LDFLAGS"
- { echo "$as_me:$LINENO: result: adding $RPATHFLAG$d" >&5
-echo "${ECHO_T}adding $RPATHFLAG$d" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: adding $RPATHFLAG$d" >&5
+$as_echo "adding $RPATHFLAG$d" >&6; }
else
- echo "$as_me: program exited with status $ac_status" >&5
-echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
-( exit $ac_status )
-ac_remaining_dirs="$ac_remaining_dirs $d"
+ ac_remaining_dirs="$ac_remaining_dirs $d"
fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
fi
-
LDFLAGS="$ac_rpath_save_LDFLAGS"
fi
done
RPATH_CANDIDATE_DIRS=$ac_remaining_dirs
fi
if test $ac_success = no ; then
- { echo "$as_me:$LINENO: result: failed" >&5
-echo "${ECHO_T}failed" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5
+$as_echo "failed" >&6; }
fi
fi
+# Check for gmp limb size
+nettle_cv_gmp_numb_bits=0
+if test "$enable_public_key" = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GMP limb size" >&5
+$as_echo_n "checking for GMP limb size... " >&6; }
+ if ac_fn_c_compute_int "$LINENO" "GMP_NUMB_BITS" "nettle_cv_gmp_numb_bits" "#include <gmp.h>"; then :
-
-{ echo "$as_me:$LINENO: checking for __gmpz_powm_sec" >&5
-echo $ECHO_N "checking for __gmpz_powm_sec... $ECHO_C" >&6; }
-if test "${ac_cv_func___gmpz_powm_sec+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
else
- cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
-/* end confdefs.h. */
-/* Define __gmpz_powm_sec to an innocuous variant, in case <limits.h> declares __gmpz_powm_sec.
- For example, HP-UX 11i <limits.h> declares gettimeofday. */
-#define __gmpz_powm_sec innocuous___gmpz_powm_sec
-
-/* System header to define __stub macros and hopefully few prototypes,
- which can conflict with char __gmpz_powm_sec (); below.
- Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
- <limits.h> exists even on freestanding compilers. */
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot find value of GMP_NUMB_BITS
+See \`config.log' for more details" "$LINENO" 5; }
+fi
-#ifdef __STDC__
-# include <limits.h>
-#else
-# include <assert.h>
-#endif
-#undef __gmpz_powm_sec
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $nettle_cv_gmp_numb_bits bits" >&5
+$as_echo "$nettle_cv_gmp_numb_bits bits" >&6; }
+fi
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char __gmpz_powm_sec ();
-/* The GNU C library defines this for functions which it implements
- to always fail with ENOSYS. Some functions are actually named
- something starting with __ and the normal name is an alias. */
-#if defined __stub___gmpz_powm_sec || defined __stub_____gmpz_powm_sec
-choke me
-#endif
+GMP_NUMB_BITS="$nettle_cv_gmp_numb_bits"
-int
-main ()
-{
-return __gmpz_powm_sec ();
- ;
- return 0;
-}
-_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext &&
- $as_test_x conftest$ac_exeext; then
- ac_cv_func___gmpz_powm_sec=yes
-else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
- ac_cv_func___gmpz_powm_sec=no
-fi
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
- conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func___gmpz_powm_sec" >&5
-echo "${ECHO_T}$ac_cv_func___gmpz_powm_sec" >&6; }
-if test $ac_cv_func___gmpz_powm_sec = yes; then
- cat >>confdefs.h <<\_ACEOF
-#define HAVE_MPZ_POWM_SEC 1
-_ACEOF
+ac_fn_c_check_func "$LINENO" "__gmpz_powm_sec" "ac_cv_func___gmpz_powm_sec"
+if test "x$ac_cv_func___gmpz_powm_sec" = xyes; then :
+ $as_echo "#define HAVE_MPZ_POWM_SEC 1" >>confdefs.h
fi
-
if test "x$enable_public_key" = xyes ; then
- cat >>confdefs.h <<\_ACEOF
-#define WITH_HOGWEED 1
-_ACEOF
+ $as_echo "#define WITH_HOGWEED 1" >>confdefs.h
IF_HOGWEED=''
else
IF_HOGWEED='#'
fi
+if test "x$enable_static" = xyes ; then
+ IF_STATIC=''
+else
+ IF_STATIC='#'
+fi
+
if test "x$enable_shared" = xyes ; then
IF_SHARED=''
else
IF_SHARED='#'
fi
+# Documentation tools
+if test "x$enable_documentation" != "xno"; then
+ # Extract the first word of "makeinfo", so it can be a program name with args.
+set dummy makeinfo; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_MAKEINFO+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $MAKEINFO in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_MAKEINFO="$MAKEINFO" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_path_MAKEINFO="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ test -z "$ac_cv_path_MAKEINFO" && ac_cv_path_MAKEINFO="not-found"
+ ;;
+esac
+fi
+MAKEINFO=$ac_cv_path_MAKEINFO
+if test -n "$MAKEINFO"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAKEINFO" >&5
+$as_echo "$MAKEINFO" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+
+ if test "x$MAKEINFO" != "xnot-found"; then
+ enable_documentation=yes
+
+ else
+ if test "x$enable_documentation" == "xauto" ; then
+ enable_documentation=no
+ else
+ as_fn_error $? "Cannot find 'makeinfo', required for documentation." "$LINENO" 5
+ fi
+ fi
+fi
+
+if test "x$enable_documentation" = "xyes" ; then
+ IF_DOCUMENTATION=''
+else
+ IF_DOCUMENTATION='#'
+fi
+
+
+
+
# Check for openssl's libcrypto (used only for benchmarking)
if test x$enable_openssl = xyes ; then
- { echo "$as_me:$LINENO: checking for BF_ecb_encrypt in -lcrypto" >&5
-echo $ECHO_N "checking for BF_ecb_encrypt in -lcrypto... $ECHO_C" >&6; }
-if test "${ac_cv_lib_crypto_BF_ecb_encrypt+set}" = set; then
- echo $ECHO_N "(cached) $ECHO_C" >&6
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for BF_ecb_encrypt in -lcrypto" >&5
+$as_echo_n "checking for BF_ecb_encrypt in -lcrypto... " >&6; }
+if ${ac_cv_lib_crypto_BF_ecb_encrypt+:} false; then :
+ $as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
LIBS="-lcrypto $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
-/* confdefs.h. */
-_ACEOF
-cat confdefs.h >>conftest.$ac_ext
-cat >>conftest.$ac_ext <<_ACEOF
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
/* Override any GCC internal prototype to avoid an error.
return 0;
}
_ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
-if { (ac_try="$ac_link"
-case "(($ac_try" in
- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
- *) ac_try_echo=$ac_try;;
-esac
-eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
- (eval "$ac_link") 2>conftest.er1
- ac_status=$?
- grep -v '^ *+' conftest.er1 >conftest.err
- rm -f conftest.er1
- cat conftest.err >&5
- echo "$as_me:$LINENO: \$? = $ac_status" >&5
- (exit $ac_status); } && {
- test -z "$ac_c_werror_flag" ||
- test ! -s conftest.err
- } && test -s conftest$ac_exeext &&
- $as_test_x conftest$ac_exeext; then
+if ac_fn_c_try_link "$LINENO"; then :
ac_cv_lib_crypto_BF_ecb_encrypt=yes
else
- echo "$as_me: failed program was:" >&5
-sed 's/^/| /' conftest.$ac_ext >&5
-
- ac_cv_lib_crypto_BF_ecb_encrypt=no
+ ac_cv_lib_crypto_BF_ecb_encrypt=no
fi
-
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
- conftest$ac_exeext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
-{ echo "$as_me:$LINENO: result: $ac_cv_lib_crypto_BF_ecb_encrypt" >&5
-echo "${ECHO_T}$ac_cv_lib_crypto_BF_ecb_encrypt" >&6; }
-if test $ac_cv_lib_crypto_BF_ecb_encrypt = yes; then
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_BF_ecb_encrypt" >&5
+$as_echo "$ac_cv_lib_crypto_BF_ecb_encrypt" >&6; }
+if test "x$ac_cv_lib_crypto_BF_ecb_encrypt" = xyes; then :
OPENSSL_LIBFLAGS='-lcrypto'
else
enable_openssl=no
fi
+if test x$enable_openssl = xyes ; then
+ $as_echo "#define WITH_OPENSSL 1" >>confdefs.h
+
+fi
+
-if test x$enable_openssl = xyes ; then
- cat >>confdefs.h <<\_ACEOF
-#define WITH_OPENSSL 1
+
+
+# clock_gettime is in librt on *-*-osf5.1 and on glibc, so add -lrt to
+# BENCH_LIBS if needed. On linux (tested on x86_32, 2.6.26),
+# clock_getres reports ns accuracy, while in a quick test on osf
+# clock_getres said only 1 millisecond.
+
+old_LIBS="$LIBS"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing clock_gettime" >&5
+$as_echo_n "checking for library containing clock_gettime... " >&6; }
+if ${ac_cv_search_clock_gettime+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char clock_gettime ();
+int
+main ()
+{
+return clock_gettime ();
+ ;
+ return 0;
+}
_ACEOF
+for ac_lib in '' rt; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_clock_gettime=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if ${ac_cv_search_clock_gettime+:} false; then :
+ break
+fi
+done
+if ${ac_cv_search_clock_gettime+:} false; then :
+
+else
+ ac_cv_search_clock_gettime=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_clock_gettime" >&5
+$as_echo "$ac_cv_search_clock_gettime" >&6; }
+ac_res=$ac_cv_search_clock_gettime
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+
+$as_echo "#define HAVE_CLOCK_GETTIME 1" >>confdefs.h
fi
+BENCH_LIBS="$LIBS"
+LIBS="$old_LIBS"
+
# Set these flags *last*, or else the test programs won't compile
if test x$GCC = xyes ; then
# Using -ggdb3 makes (some versions of) Redhat's gcc-2.96 dump core
- if "$CC" --version | grep '^2\.96$' 1>/dev/null 2>&1; then
+ if $CC --version | grep '^2\.96$' 1>/dev/null 2>&1; then
true
else
CFLAGS="$CFLAGS -ggdb3"
fi
# FIXME: It would be better to actually test if this option works and/or is needed.
# Or perhaps use -funsigned-char.
- if "$CC" --version | grep 'gcc.* 4\.' 1>/dev/null 2>&1; then
+ if $CC --version | grep 'gcc.* 4\.' 1>/dev/null 2>&1; then
CFLAGS="$CFLAGS -Wno-pointer-sign"
fi
CFLAGS="$CFLAGS -Wall -W \
ac_config_files="$ac_config_files tools/Makefile testsuite/Makefile examples/Makefile"
+ac_config_files="$ac_config_files nettle.pc hogweed.pc"
+
cat >confcache <<\_ACEOF
# This file is a shell script that caches the results of configure
case $ac_val in #(
*${as_nl}*)
case $ac_var in #(
- *_cv_*) { echo "$as_me:$LINENO: WARNING: Cache variable $ac_var contains a newline." >&5
-echo "$as_me: WARNING: Cache variable $ac_var contains a newline." >&2;} ;;
+ *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
esac
case $ac_var in #(
_ | IFS | as_nl) ;; #(
- *) $as_unset $ac_var ;;
+ BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+ *) { eval $ac_var=; unset $ac_var;} ;;
esac ;;
esac
done
(set) 2>&1 |
case $as_nl`(ac_space=' '; set) 2>&1` in #(
*${as_nl}ac_space=\ *)
- # `set' does not quote correctly, so add quotes (double-quote
- # substitution turns \\\\ into \\, and sed turns \\ into \).
+ # `set' does not quote correctly, so add quotes: double-quote
+ # substitution turns \\\\ into \\, and sed turns \\ into \.
sed -n \
"s/'/'\\\\''/g;
s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
:end' >>confcache
if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
if test -w "$cache_file"; then
- test "x$cache_file" != "x/dev/null" &&
- { echo "$as_me:$LINENO: updating cache $cache_file" >&5
-echo "$as_me: updating cache $cache_file" >&6;}
- cat confcache >$cache_file
+ if test "x$cache_file" != "x/dev/null"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
+$as_echo "$as_me: updating cache $cache_file" >&6;}
+ if test ! -f "$cache_file" || test -h "$cache_file"; then
+ cat confcache >"$cache_file"
+ else
+ case $cache_file in #(
+ */* | ?:*)
+ mv -f confcache "$cache_file"$$ &&
+ mv -f "$cache_file"$$ "$cache_file" ;; #(
+ *)
+ mv -f confcache "$cache_file" ;;
+ esac
+ fi
+ fi
else
- { echo "$as_me:$LINENO: not updating unwritable cache $cache_file" >&5
-echo "$as_me: not updating unwritable cache $cache_file" >&6;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
+$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
fi
fi
rm -f confcache
ac_libobjs=
ac_ltlibobjs=
+U=
for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
# 1. Remove the extension, and $U if already installed.
ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
- ac_i=`echo "$ac_i" | sed "$ac_script"`
+ ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
# 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR
# will be set to the directory where LIBOBJS objects are built.
- ac_libobjs="$ac_libobjs \${LIBOBJDIR}$ac_i\$U.$ac_objext"
- ac_ltlibobjs="$ac_ltlibobjs \${LIBOBJDIR}$ac_i"'$U.lo'
+ as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
+ as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo'
done
LIBOBJS=$ac_libobjs
-: ${CONFIG_STATUS=./config.status}
+
+: "${CONFIG_STATUS=./config.status}"
+ac_write_fail=0
ac_clean_files_save=$ac_clean_files
ac_clean_files="$ac_clean_files $CONFIG_STATUS"
-{ echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5
-echo "$as_me: creating $CONFIG_STATUS" >&6;}
-cat >$CONFIG_STATUS <<_ACEOF
+{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
+$as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
+as_write_fail=0
+cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
#! $SHELL
# Generated by $as_me.
# Run this file to recreate the current configuration.
debug=false
ac_cs_recheck=false
ac_cs_silent=false
-SHELL=\${CONFIG_SHELL-$SHELL}
-_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
-## --------------------- ##
-## M4sh Initialization. ##
-## --------------------- ##
+SHELL=\${CONFIG_SHELL-$SHELL}
+export SHELL
+_ASEOF
+cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
# Be more Bourne compatible
DUALCASE=1; export DUALCASE # for MKS sh
-if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
emulate sh
NULLCMD=:
- # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
+ # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
# is contrary to our usage. Disable this feature.
alias -g '${1+"$@"}'='"$@"'
setopt NO_GLOB_SUBST
else
- case `(set -o) 2>/dev/null` in
- *posix*) set -o posix ;;
+ case `(set -o) 2>/dev/null` in #(
+ *posix*) :
+ set -o posix ;; #(
+ *) :
+ ;;
esac
-
fi
-
-
-# PATH needs CR
-# Avoid depending upon Character Ranges.
-as_cr_letters='abcdefghijklmnopqrstuvwxyz'
-as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
-as_cr_Letters=$as_cr_letters$as_cr_LETTERS
-as_cr_digits='0123456789'
-as_cr_alnum=$as_cr_Letters$as_cr_digits
-
-# The user is always right.
-if test "${PATH_SEPARATOR+set}" != set; then
- echo "#! /bin/sh" >conf$$.sh
- echo "exit 0" >>conf$$.sh
- chmod +x conf$$.sh
- if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
- PATH_SEPARATOR=';'
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+# Prefer a ksh shell builtin over an external printf program on Solaris,
+# but without wasting forks for bash or zsh.
+if test -z "$BASH_VERSION$ZSH_VERSION" \
+ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='print -r --'
+ as_echo_n='print -rn --'
+elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='printf %s\n'
+ as_echo_n='printf %s'
+else
+ if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+ as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+ as_echo_n='/usr/ucb/echo -n'
else
- PATH_SEPARATOR=:
+ as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+ as_echo_n_body='eval
+ arg=$1;
+ case $arg in #(
+ *"$as_nl"*)
+ expr "X$arg" : "X\\(.*\\)$as_nl";
+ arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+ esac;
+ expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+ '
+ export as_echo_n_body
+ as_echo_n='sh -c $as_echo_n_body as_echo'
fi
- rm -f conf$$.sh
+ export as_echo_body
+ as_echo='sh -c $as_echo_body as_echo'
fi
-# Support unset when possible.
-if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
- as_unset=unset
-else
- as_unset=false
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ PATH_SEPARATOR=:
+ (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+ (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+ PATH_SEPARATOR=';'
+ }
fi
# there to prevent editors from complaining about space-tab.
# (If _AS_PATH_WALK were called with IFS unset, it would disable word
# splitting by setting IFS to empty value.)
-as_nl='
-'
IFS=" "" $as_nl"
# Find who we are. Look in the path if we contain no directory separator.
-case $0 in
+as_myself=
+case $0 in #((
*[\\/]* ) as_myself=$0 ;;
*) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
- test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
-done
+ test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+ done
IFS=$as_save_IFS
;;
as_myself=$0
fi
if test ! -f "$as_myself"; then
- echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
- { (exit 1); exit 1; }
+ $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+ exit 1
fi
-# Work around bugs in pre-3.0 UWIN ksh.
-for as_var in ENV MAIL MAILPATH
-do ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
+# Unset variables that we do not need and which cause bugs (e.g. in
+# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
+# suppresses any "Segmentation fault" message there. '((' could
+# trigger a bug in pdksh 5.2.14.
+for as_var in BASH_ENV ENV MAIL MAILPATH
+do eval test x\${$as_var+set} = xset \
+ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
done
PS1='$ '
PS2='> '
PS4='+ '
# NLS nuisances.
-for as_var in \
- LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \
- LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \
- LC_TELEPHONE LC_TIME
-do
- if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then
- eval $as_var=C; export $as_var
- else
- ($as_unset $as_var) >/dev/null 2>&1 && $as_unset $as_var
- fi
-done
-
-# Required to use basename.
-if expr a : '\(a\)' >/dev/null 2>&1 &&
- test "X`expr 00001 : '.*\(...\)'`" = X001; then
- as_expr=expr
-else
- as_expr=false
-fi
-
-if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
- as_basename=basename
-else
- as_basename=false
-fi
-
-
-# Name of the executable.
-as_me=`$as_basename -- "$0" ||
-$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
- X"$0" : 'X\(//\)$' \| \
- X"$0" : 'X\(/\)' \| . 2>/dev/null ||
-echo X/"$0" |
- sed '/^.*\/\([^/][^/]*\)\/*$/{
- s//\1/
- q
- }
- /^X\/\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\/\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
# CDPATH.
-$as_unset CDPATH
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+# as_fn_error STATUS ERROR [LINENO LOG_FD]
+# ----------------------------------------
+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+# script with STATUS, using 1 if that was 0.
+as_fn_error ()
+{
+ as_status=$1; test $as_status -eq 0 && as_status=1
+ if test "$4"; then
+ as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+ fi
+ $as_echo "$as_me: error: $2" >&2
+ as_fn_exit $as_status
+} # as_fn_error
- as_lineno_1=$LINENO
- as_lineno_2=$LINENO
- test "x$as_lineno_1" != "x$as_lineno_2" &&
- test "x`expr $as_lineno_1 + 1`" = "x$as_lineno_2" || {
- # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
- # uniformly replaced by the line number. The first 'sed' inserts a
- # line-number line after each line using $LINENO; the second 'sed'
- # does the real work. The second script uses 'N' to pair each
- # line-number line with the line containing $LINENO, and appends
- # trailing '-' during substitution so that $LINENO is not a special
- # case at line end.
- # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
- # scripts with optimization help from Paolo Bonzini. Blame Lee
- # E. McMahon (1931-1989) for sed's syntax. :-)
- sed -n '
- p
- /[$]LINENO/=
- ' <$as_myself |
- sed '
- s/[$]LINENO.*/&-/
- t lineno
- b
- :lineno
- N
- :loop
- s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
- t loop
- s/-\n.*//
- ' >$as_me.lineno &&
- chmod +x "$as_me.lineno" ||
- { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
- { (exit 1); exit 1; }; }
+# as_fn_set_status STATUS
+# -----------------------
+# Set $? to STATUS, without forking.
+as_fn_set_status ()
+{
+ return $1
+} # as_fn_set_status
- # Don't try to exec as it changes $[0], causing all sort of problems
- # (the dirname of $[0] is not the place where we might find the
- # original and so on. Autoconf is especially sensitive to this).
- . "./$as_me.lineno"
- # Exit status is that of the last command.
- exit
+# as_fn_exit STATUS
+# -----------------
+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+ set +e
+ as_fn_set_status $1
+ exit $1
+} # as_fn_exit
+
+# as_fn_unset VAR
+# ---------------
+# Portably unset VAR.
+as_fn_unset ()
+{
+ { eval $1=; unset $1;}
}
+as_unset=as_fn_unset
+# as_fn_append VAR VALUE
+# ----------------------
+# Append the text in VALUE to the end of the definition contained in VAR. Take
+# advantage of any shell optimizations that allow amortized linear growth over
+# repeated appends, instead of the typical quadratic growth present in naive
+# implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+ eval 'as_fn_append ()
+ {
+ eval $1+=\$2
+ }'
+else
+ as_fn_append ()
+ {
+ eval $1=\$$1\$2
+ }
+fi # as_fn_append
+
+# as_fn_arith ARG...
+# ------------------
+# Perform arithmetic evaluation on the ARGs, and store the result in the
+# global $as_val. Take advantage of shells that can avoid forks. The arguments
+# must be portable across $(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+ eval 'as_fn_arith ()
+ {
+ as_val=$(( $* ))
+ }'
+else
+ as_fn_arith ()
+ {
+ as_val=`expr "$@" || test $? -eq 1`
+ }
+fi # as_fn_arith
+
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+ test "X`expr 00001 : '.*\(...\)'`" = X001; then
+ as_expr=expr
+else
+ as_expr=false
+fi
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+ as_basename=basename
+else
+ as_basename=false
+fi
if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
as_dirname=dirname
as_dirname=false
fi
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+ X"$0" : 'X\(//\)$' \| \
+ X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+ sed '/^.*\/\([^/][^/]*\)\/*$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
ECHO_C= ECHO_N= ECHO_T=
-case `echo -n x` in
+case `echo -n x` in #(((((
-n*)
- case `echo 'x\c'` in
+ case `echo 'xy\c'` in
*c*) ECHO_T=' ';; # ECHO_T is single tab character.
- *) ECHO_C='\c';;
+ xy) ECHO_C='\c';;
+ *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
+ ECHO_T=' ';;
esac;;
*)
ECHO_N='-n';;
esac
-if expr a : '\(a\)' >/dev/null 2>&1 &&
- test "X`expr 00001 : '.*\(...\)'`" = X001; then
- as_expr=expr
-else
- as_expr=false
-fi
-
rm -f conf$$ conf$$.exe conf$$.file
if test -d conf$$.dir; then
rm -f conf$$.dir/conf$$.file
else
rm -f conf$$.dir
- mkdir conf$$.dir
-fi
-echo >conf$$.file
-if ln -s conf$$.file conf$$ 2>/dev/null; then
- as_ln_s='ln -s'
- # ... but there are two gotchas:
- # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
- # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
- # In both cases, we have to default to `cp -p'.
- ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
- as_ln_s='cp -p'
-elif ln conf$$.file conf$$ 2>/dev/null; then
- as_ln_s=ln
-else
- as_ln_s='cp -p'
+ mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+ if ln -s conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s='ln -s'
+ # ... but there are two gotchas:
+ # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+ # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+ # In both cases, we have to default to `cp -pR'.
+ ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+ as_ln_s='cp -pR'
+ elif ln conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s=ln
+ else
+ as_ln_s='cp -pR'
+ fi
+else
+ as_ln_s='cp -pR'
fi
rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
rmdir conf$$.dir 2>/dev/null
+
+# as_fn_mkdir_p
+# -------------
+# Create "$as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+
+ case $as_dir in #(
+ -*) as_dir=./$as_dir;;
+ esac
+ test -d "$as_dir" || eval $as_mkdir_p || {
+ as_dirs=
+ while :; do
+ case $as_dir in #(
+ *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+ *) as_qdir=$as_dir;;
+ esac
+ as_dirs="'$as_qdir' $as_dirs"
+ as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_dir" : 'X\(//\)[^/]' \| \
+ X"$as_dir" : 'X\(//\)$' \| \
+ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ test -d "$as_dir" && break
+ done
+ test -z "$as_dirs" || eval "mkdir $as_dirs"
+ } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
+
+
+} # as_fn_mkdir_p
if mkdir -p . 2>/dev/null; then
- as_mkdir_p=:
+ as_mkdir_p='mkdir -p "$as_dir"'
else
test -d ./-p && rmdir ./-p
as_mkdir_p=false
fi
-if test -x / >/dev/null 2>&1; then
- as_test_x='test -x'
-else
- if ls -dL / >/dev/null 2>&1; then
- as_ls_L_option=L
- else
- as_ls_L_option=
- fi
- as_test_x='
- eval sh -c '\''
- if test -d "$1"; then
- test -d "$1/.";
- else
- case $1 in
- -*)set "./$1";;
- esac;
- case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in
- ???[sx]*):;;*)false;;esac;fi
- '\'' sh
- '
-fi
-as_executable_p=$as_test_x
+
+# as_fn_executable_p FILE
+# -----------------------
+# Test if FILE is an executable regular file.
+as_fn_executable_p ()
+{
+ test -f "$1" && test -x "$1"
+} # as_fn_executable_p
+as_test_x='test -x'
+as_executable_p=as_fn_executable_p
# Sed expression to map a string onto a valid CPP name.
as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
exec 6>&1
+## ----------------------------------- ##
+## Main body of $CONFIG_STATUS script. ##
+## ----------------------------------- ##
+_ASEOF
+test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1
-# Save the log message, to keep $[0] and so on meaningful, and to
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# Save the log message, to keep $0 and so on meaningful, and to
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by nettle $as_me 2.1, which was
-generated by GNU Autoconf 2.61. Invocation command line was
+This file was extended by nettle $as_me 2.7.1, which was
+generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
CONFIG_HEADERS = $CONFIG_HEADERS
_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF
+case $ac_config_files in *"
+"*) set x $ac_config_files; shift; ac_config_files=$*;;
+esac
+
+case $ac_config_headers in *"
+"*) set x $ac_config_headers; shift; ac_config_headers=$*;;
+esac
+
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
# Files that config.status was made for.
config_files="$ac_config_files"
config_headers="$ac_config_headers"
_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
ac_cs_usage="\
-\`$as_me' instantiates files from templates according to the
-current configuration.
+\`$as_me' instantiates files and other configuration actions
+from templates according to the current configuration. Unless the files
+and actions are specified as TAGs, all are instantiated by default.
-Usage: $0 [OPTIONS] [FILE]...
+Usage: $0 [OPTION]... [TAG]...
-h, --help print this help, then exit
-V, --version print version number and configuration settings, then exit
- -q, --quiet do not print progress messages
+ --config print configuration, then exit
+ -q, --quiet, --silent
+ do not print progress messages
-d, --debug don't remove temporary files
--recheck update $as_me by reconfiguring in the same conditions
- --file=FILE[:TEMPLATE]
- instantiate the configuration file FILE
- --header=FILE[:TEMPLATE]
- instantiate the configuration header FILE
+ --file=FILE[:TEMPLATE]
+ instantiate the configuration file FILE
+ --header=FILE[:TEMPLATE]
+ instantiate the configuration header FILE
Configuration files:
$config_files
Configuration commands:
$config_commands
-Report bugs to <bug-autoconf@gnu.org>."
+Report bugs to <nettle-bugs@lists.lysator.liu.se>."
_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-nettle config.status 2.1
-configured by $0, generated by GNU Autoconf 2.61,
- with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
+nettle config.status 2.7.1
+configured by $0, generated by GNU Autoconf 2.69,
+ with options \\"\$ac_cs_config\\"
-Copyright (C) 2006 Free Software Foundation, Inc.
+Copyright (C) 2012 Free Software Foundation, Inc.
This config.status script is free software; the Free Software Foundation
gives unlimited permission to copy, distribute and modify it."
srcdir='$srcdir'
INSTALL='$INSTALL'
MKDIR_P='$MKDIR_P'
+test -n "\$AWK" || AWK=awk
_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
-# If no file are specified by the user, then we need to provide default
-# value. By we need to know if files were specified by the user.
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# The default lists apply if the user does not specify any file.
ac_need_defaults=:
while test $# != 0
do
case $1 in
- --*=*)
+ --*=?*)
ac_option=`expr "X$1" : 'X\([^=]*\)='`
ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
ac_shift=:
;;
+ --*=)
+ ac_option=`expr "X$1" : 'X\([^=]*\)='`
+ ac_optarg=
+ ac_shift=:
+ ;;
*)
ac_option=$1
ac_optarg=$2
-recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
ac_cs_recheck=: ;;
--version | --versio | --versi | --vers | --ver | --ve | --v | -V )
- echo "$ac_cs_version"; exit ;;
+ $as_echo "$ac_cs_version"; exit ;;
+ --config | --confi | --conf | --con | --co | --c )
+ $as_echo "$ac_cs_config"; exit ;;
--debug | --debu | --deb | --de | --d | -d )
debug=: ;;
--file | --fil | --fi | --f )
$ac_shift
- CONFIG_FILES="$CONFIG_FILES $ac_optarg"
+ case $ac_optarg in
+ *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ '') as_fn_error $? "missing file argument" ;;
+ esac
+ as_fn_append CONFIG_FILES " '$ac_optarg'"
ac_need_defaults=false;;
--header | --heade | --head | --hea )
$ac_shift
- CONFIG_HEADERS="$CONFIG_HEADERS $ac_optarg"
+ case $ac_optarg in
+ *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ esac
+ as_fn_append CONFIG_HEADERS " '$ac_optarg'"
ac_need_defaults=false;;
--he | --h)
# Conflict between --help and --header
- { echo "$as_me: error: ambiguous option: $1
-Try \`$0 --help' for more information." >&2
- { (exit 1); exit 1; }; };;
+ as_fn_error $? "ambiguous option: \`$1'
+Try \`$0 --help' for more information.";;
--help | --hel | -h )
- echo "$ac_cs_usage"; exit ;;
+ $as_echo "$ac_cs_usage"; exit ;;
-q | -quiet | --quiet | --quie | --qui | --qu | --q \
| -silent | --silent | --silen | --sile | --sil | --si | --s)
ac_cs_silent=: ;;
# This is an error.
- -*) { echo "$as_me: error: unrecognized option: $1
-Try \`$0 --help' for more information." >&2
- { (exit 1); exit 1; }; } ;;
+ -*) as_fn_error $? "unrecognized option: \`$1'
+Try \`$0 --help' for more information." ;;
- *) ac_config_targets="$ac_config_targets $1"
+ *) as_fn_append ac_config_targets " $1"
ac_need_defaults=false ;;
esac
fi
_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
if \$ac_cs_recheck; then
- echo "running CONFIG_SHELL=$SHELL $SHELL $0 "$ac_configure_args \$ac_configure_extra_args " --no-create --no-recursion" >&6
- CONFIG_SHELL=$SHELL
+ set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
+ shift
+ \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
+ CONFIG_SHELL='$SHELL'
export CONFIG_SHELL
- exec $SHELL "$0"$ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
+ exec "\$@"
fi
_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
exec 5>>config.log
{
echo
sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
## Running $as_me. ##
_ASBOX
- echo "$ac_log"
+ $as_echo "$ac_log"
} >&5
_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
#
# INIT-COMMANDS
#
+ asm_file_list="$asm_file_list"
+
# variables for create stdint.h replacement
PACKAGE="$PACKAGE"
VERSION="$VERSION"
ac_stdint_h="$ac_stdint_h"
-_ac_stdint_h=`echo "_$PACKAGE-$ac_stdint_h" | $as_tr_cpp`
+_ac_stdint_h=`$as_echo "_$PACKAGE-$ac_stdint_h" | $as_tr_cpp`
ac_cv_stdint_message="$ac_cv_stdint_message"
ac_cv_header_stdint_t="$ac_cv_header_stdint_t"
ac_cv_header_stdint_x="$ac_cv_header_stdint_x"
_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# Handling of arguments.
for ac_config_target in $ac_config_targets
case $ac_config_target in
"config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
"dummy-dep-files") CONFIG_COMMANDS="$CONFIG_COMMANDS dummy-dep-files" ;;
- "$tmp_f") CONFIG_LINKS="$CONFIG_LINKS $tmp_f:$asm_path/$tmp_f" ;;
+ "$tmp_f") CONFIG_LINKS="$CONFIG_LINKS $tmp_f:$asm_dir/$tmp_f" ;;
+ "$tmp_o") CONFIG_LINKS="$CONFIG_LINKS $tmp_o:$asm_dir/$tmp_o" ;;
+ "asm.d") CONFIG_COMMANDS="$CONFIG_COMMANDS asm.d" ;;
"$ac_stdint_h") CONFIG_COMMANDS="$CONFIG_COMMANDS $ac_stdint_h" ;;
"config.make") CONFIG_FILES="$CONFIG_FILES config.make" ;;
"config.m4") CONFIG_FILES="$CONFIG_FILES config.m4" ;;
"tools/Makefile") CONFIG_FILES="$CONFIG_FILES tools/Makefile" ;;
"testsuite/Makefile") CONFIG_FILES="$CONFIG_FILES testsuite/Makefile" ;;
"examples/Makefile") CONFIG_FILES="$CONFIG_FILES examples/Makefile" ;;
+ "nettle.pc") CONFIG_FILES="$CONFIG_FILES nettle.pc" ;;
+ "hogweed.pc") CONFIG_FILES="$CONFIG_FILES hogweed.pc" ;;
- *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5
-echo "$as_me: error: invalid argument: $ac_config_target" >&2;}
- { (exit 1); exit 1; }; };;
+ *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
esac
done
# after its creation but before its name has been assigned to `$tmp'.
$debug ||
{
- tmp=
+ tmp= ac_tmp=
trap 'exit_status=$?
- { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status
+ : "${ac_tmp:=$tmp}"
+ { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status
' 0
- trap '{ (exit 1); exit 1; }' 1 2 13 15
+ trap 'as_fn_exit 1' 1 2 13 15
}
# Create a (secure) tmp directory for tmp files.
{
tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
- test -n "$tmp" && test -d "$tmp"
+ test -d "$tmp"
} ||
{
tmp=./conf$$-$RANDOM
(umask 077 && mkdir "$tmp")
-} ||
-{
- echo "$me: cannot create a temporary directory in ." >&2
- { (exit 1); exit 1; }
-}
-
-#
-# Set up the sed scripts for CONFIG_FILES section.
-#
+} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5
+ac_tmp=$tmp
-# No need to generate the scripts if there are no CONFIG_FILES.
-# This happens for instance when ./config.status config.h
+# Set up the scripts for CONFIG_FILES section.
+# No need to generate them if there are no CONFIG_FILES.
+# This happens for instance with `./config.status config.h'.
if test -n "$CONFIG_FILES"; then
-_ACEOF
-
-
-
-ac_delim='%!_!# '
-for ac_last_try in false false false false false :; do
- cat >conf$$subs.sed <<_ACEOF
-SHELL!$SHELL$ac_delim
-PATH_SEPARATOR!$PATH_SEPARATOR$ac_delim
-PACKAGE_NAME!$PACKAGE_NAME$ac_delim
-PACKAGE_TARNAME!$PACKAGE_TARNAME$ac_delim
-PACKAGE_VERSION!$PACKAGE_VERSION$ac_delim
-PACKAGE_STRING!$PACKAGE_STRING$ac_delim
-PACKAGE_BUGREPORT!$PACKAGE_BUGREPORT$ac_delim
-exec_prefix!$exec_prefix$ac_delim
-prefix!$prefix$ac_delim
-program_transform_name!$program_transform_name$ac_delim
-bindir!$bindir$ac_delim
-sbindir!$sbindir$ac_delim
-libexecdir!$libexecdir$ac_delim
-datarootdir!$datarootdir$ac_delim
-datadir!$datadir$ac_delim
-sysconfdir!$sysconfdir$ac_delim
-sharedstatedir!$sharedstatedir$ac_delim
-localstatedir!$localstatedir$ac_delim
-includedir!$includedir$ac_delim
-oldincludedir!$oldincludedir$ac_delim
-docdir!$docdir$ac_delim
-infodir!$infodir$ac_delim
-htmldir!$htmldir$ac_delim
-dvidir!$dvidir$ac_delim
-pdfdir!$pdfdir$ac_delim
-psdir!$psdir$ac_delim
-libdir!$libdir$ac_delim
-localedir!$localedir$ac_delim
-mandir!$mandir$ac_delim
-DEFS!$DEFS$ac_delim
-ECHO_C!$ECHO_C$ac_delim
-ECHO_N!$ECHO_N$ac_delim
-ECHO_T!$ECHO_T$ac_delim
-LIBS!$LIBS$ac_delim
-build_alias!$build_alias$ac_delim
-host_alias!$host_alias$ac_delim
-target_alias!$target_alias$ac_delim
-build!$build$ac_delim
-build_cpu!$build_cpu$ac_delim
-build_vendor!$build_vendor$ac_delim
-build_os!$build_os$ac_delim
-host!$host$ac_delim
-host_cpu!$host_cpu$ac_delim
-host_vendor!$host_vendor$ac_delim
-host_os!$host_os$ac_delim
-CC!$CC$ac_delim
-CFLAGS!$CFLAGS$ac_delim
-LDFLAGS!$LDFLAGS$ac_delim
-CPPFLAGS!$CPPFLAGS$ac_delim
-ac_ct_CC!$ac_ct_CC$ac_delim
-EXEEXT!$EXEEXT$ac_delim
-OBJEXT!$OBJEXT$ac_delim
-CXX!$CXX$ac_delim
-CXXFLAGS!$CXXFLAGS$ac_delim
-ac_ct_CXX!$ac_ct_CXX$ac_delim
-CXX_TESTS!$CXX_TESTS$ac_delim
-SET_MAKE!$SET_MAKE$ac_delim
-RANLIB!$RANLIB$ac_delim
-NM!$NM$ac_delim
-OBJDUMP!$OBJDUMP$ac_delim
-INSTALL_PROGRAM!$INSTALL_PROGRAM$ac_delim
-INSTALL_SCRIPT!$INSTALL_SCRIPT$ac_delim
-INSTALL_DATA!$INSTALL_DATA$ac_delim
-DEP_INCLUDE!$DEP_INCLUDE$ac_delim
-DEP_FLAGS!$DEP_FLAGS$ac_delim
-DEP_PROCESS!$DEP_PROCESS$ac_delim
-CCPIC!$CCPIC$ac_delim
-CCPIC_MAYBE!$CCPIC_MAYBE$ac_delim
-ASM_SYMBOL_PREFIX!$ASM_SYMBOL_PREFIX$ac_delim
-ASM_ELF_STYLE!$ASM_ELF_STYLE$ac_delim
-ASM_TYPE_FUNCTION!$ASM_TYPE_FUNCTION$ac_delim
-ASM_MARK_NOEXEC_STACK!$ASM_MARK_NOEXEC_STACK$ac_delim
-ASM_ALIGN_LOG!$ASM_ALIGN_LOG$ac_delim
-SHLIBCFLAGS!$SHLIBCFLAGS$ac_delim
-LIBNETTLE_MAJOR!$LIBNETTLE_MAJOR$ac_delim
-LIBNETTLE_MINOR!$LIBNETTLE_MINOR$ac_delim
-LIBNETTLE_FORLINK!$LIBNETTLE_FORLINK$ac_delim
-LIBNETTLE_SONAME!$LIBNETTLE_SONAME$ac_delim
-LIBNETTLE_FILE!$LIBNETTLE_FILE$ac_delim
-LIBNETTLE_LINK!$LIBNETTLE_LINK$ac_delim
-LIBNETTLE_LIBS!$LIBNETTLE_LIBS$ac_delim
-LIBHOGWEED_MAJOR!$LIBHOGWEED_MAJOR$ac_delim
-LIBHOGWEED_MINOR!$LIBHOGWEED_MINOR$ac_delim
-LIBHOGWEED_FORLINK!$LIBHOGWEED_FORLINK$ac_delim
-LIBHOGWEED_SONAME!$LIBHOGWEED_SONAME$ac_delim
-LIBHOGWEED_FILE!$LIBHOGWEED_FILE$ac_delim
-LIBHOGWEED_LINK!$LIBHOGWEED_LINK$ac_delim
-LIBHOGWEED_LIBS!$LIBHOGWEED_LIBS$ac_delim
-M4!$M4$ac_delim
-CPP!$CPP$ac_delim
-GREP!$GREP$ac_delim
-EGREP!$EGREP$ac_delim
-ALLOCA!$ALLOCA$ac_delim
-LIBOBJS!$LIBOBJS$ac_delim
-IF_HOGWEED!$IF_HOGWEED$ac_delim
-IF_SHARED!$IF_SHARED$ac_delim
-OPENSSL_LIBFLAGS!$OPENSSL_LIBFLAGS$ac_delim
-_ACEOF
-
- if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then
- break
- elif $ac_last_try; then
- { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
-echo "$as_me: error: could not make $CONFIG_STATUS" >&2;}
- { (exit 1); exit 1; }; }
- else
- ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
- fi
-done
-ac_eof=`sed -n '/^CEOF[0-9]*$/s/CEOF/0/p' conf$$subs.sed`
-if test -n "$ac_eof"; then
- ac_eof=`echo "$ac_eof" | sort -nru | sed 1q`
- ac_eof=`expr $ac_eof + 1`
+ac_cr=`echo X | tr X '\015'`
+# On cygwin, bash can eat \r inside `` if the user requested igncr.
+# But we know of no other shell where ac_cr would be empty at this
+# point, so we can use a bashism as a fallback.
+if test "x$ac_cr" = x; then
+ eval ac_cr=\$\'\\r\'
+fi
+ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
+if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
+ ac_cs_awk_cr='\\r'
+else
+ ac_cs_awk_cr=$ac_cr
fi
-cat >>$CONFIG_STATUS <<_ACEOF
-cat >"\$tmp/subs-1.sed" <<\CEOF$ac_eof
-/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
-_ACEOF
-sed '
-s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g
-s/^/s,@/; s/!/@,|#_!!_#|/
-:n
-t n
-s/'"$ac_delim"'$/,g/; t
-s/$/\\/; p
-N; s/^.*\n//; s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g; b n
-' >>$CONFIG_STATUS <conf$$subs.sed
-rm -f conf$$subs.sed
-cat >>$CONFIG_STATUS <<_ACEOF
-CEOF$ac_eof
+echo 'BEGIN {' >"$ac_tmp/subs1.awk" &&
_ACEOF
+{
+ echo "cat >conf$$subs.awk <<_ACEOF" &&
+ echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
+ echo "_ACEOF"
+} >conf$$subs.sh ||
+ as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'`
ac_delim='%!_!# '
for ac_last_try in false false false false false :; do
- cat >conf$$subs.sed <<_ACEOF
-LTLIBOBJS!$LTLIBOBJS$ac_delim
-_ACEOF
+ . ./conf$$subs.sh ||
+ as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
- if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 1; then
+ ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
+ if test $ac_delim_n = $ac_delim_num; then
break
elif $ac_last_try; then
- { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
-echo "$as_me: error: could not make $CONFIG_STATUS" >&2;}
- { (exit 1); exit 1; }; }
+ as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
else
ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
fi
done
+rm -f conf$$subs.sh
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK &&
+_ACEOF
+sed -n '
+h
+s/^/S["/; s/!.*/"]=/
+p
+g
+s/^[^!]*!//
+:repl
+t repl
+s/'"$ac_delim"'$//
+t delim
+:nl
+h
+s/\(.\{148\}\)..*/\1/
+t more1
+s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
+p
+n
+b repl
+:more1
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t nl
+:delim
+h
+s/\(.\{148\}\)..*/\1/
+t more2
+s/["\\]/\\&/g; s/^/"/; s/$/"/
+p
+b
+:more2
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t delim
+' <conf$$subs.awk | sed '
+/^[^""]/{
+ N
+ s/\n//
+}
+' >>$CONFIG_STATUS || ac_write_fail=1
+rm -f conf$$subs.awk
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+_ACAWK
+cat >>"\$ac_tmp/subs1.awk" <<_ACAWK &&
+ for (key in S) S_is_set[key] = 1
+ FS = "\a"
-ac_eof=`sed -n '/^CEOF[0-9]*$/s/CEOF/0/p' conf$$subs.sed`
-if test -n "$ac_eof"; then
- ac_eof=`echo "$ac_eof" | sort -nru | sed 1q`
- ac_eof=`expr $ac_eof + 1`
-fi
+}
+{
+ line = $ 0
+ nfields = split(line, field, "@")
+ substed = 0
+ len = length(field[1])
+ for (i = 2; i < nfields; i++) {
+ key = field[i]
+ keylen = length(key)
+ if (S_is_set[key]) {
+ value = S[key]
+ line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
+ len += length(value) + length(field[++i])
+ substed = 1
+ } else
+ len += 1 + keylen
+ }
+
+ print line
+}
-cat >>$CONFIG_STATUS <<_ACEOF
-cat >"\$tmp/subs-2.sed" <<\CEOF$ac_eof
-/@[a-zA-Z_][a-zA-Z_0-9]*@/!b end
+_ACAWK
_ACEOF
-sed '
-s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g
-s/^/s,@/; s/!/@,|#_!!_#|/
-:n
-t n
-s/'"$ac_delim"'$/,g/; t
-s/$/\\/; p
-N; s/^.*\n//; s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g; b n
-' >>$CONFIG_STATUS <conf$$subs.sed
-rm -f conf$$subs.sed
-cat >>$CONFIG_STATUS <<_ACEOF
-:end
-s/|#_!!_#|//g
-CEOF$ac_eof
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
+ sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
+else
+ cat
+fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \
+ || as_fn_error $? "could not setup config files machinery" "$LINENO" 5
_ACEOF
-
-# VPATH may cause trouble with some makes, so we remove $(srcdir),
-# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and
+# VPATH may cause trouble with some makes, so we remove sole $(srcdir),
+# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and
# trailing colons and then remove the whole line if VPATH becomes empty
# (actually we leave an empty line to preserve line numbers).
if test "x$srcdir" = x.; then
- ac_vpsub='/^[ ]*VPATH[ ]*=/{
-s/:*\$(srcdir):*/:/
-s/:*\${srcdir}:*/:/
-s/:*@srcdir@:*/:/
-s/^\([^=]*=[ ]*\):*/\1/
+ ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{
+h
+s///
+s/^/:/
+s/[ ]*$/:/
+s/:\$(srcdir):/:/g
+s/:\${srcdir}:/:/g
+s/:@srcdir@:/:/g
+s/^:*//
s/:*$//
+x
+s/\(=[ ]*\).*/\1/
+G
+s/\n//
s/^[^=]*=[ ]*$//
}'
fi
-cat >>$CONFIG_STATUS <<\_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
fi # test -n "$CONFIG_FILES"
+# Set up the scripts for CONFIG_HEADERS section.
+# No need to generate them if there are no CONFIG_HEADERS.
+# This happens for instance with `./config.status Makefile'.
+if test -n "$CONFIG_HEADERS"; then
+cat >"$ac_tmp/defines.awk" <<\_ACAWK ||
+BEGIN {
+_ACEOF
+
+# Transform confdefs.h into an awk script `defines.awk', embedded as
+# here-document in config.status, that substitutes the proper values into
+# config.h.in to produce config.h.
+
+# Create a delimiter string that does not exist in confdefs.h, to ease
+# handling of long lines.
+ac_delim='%!_!# '
+for ac_last_try in false false :; do
+ ac_tt=`sed -n "/$ac_delim/p" confdefs.h`
+ if test -z "$ac_tt"; then
+ break
+ elif $ac_last_try; then
+ as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5
+ else
+ ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+ fi
+done
+
+# For the awk script, D is an array of macro values keyed by name,
+# likewise P contains macro parameters if any. Preserve backslash
+# newline sequences.
+
+ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]*
+sed -n '
+s/.\{148\}/&'"$ac_delim"'/g
+t rset
+:rset
+s/^[ ]*#[ ]*define[ ][ ]*/ /
+t def
+d
+:def
+s/\\$//
+t bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3"/p
+s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p
+d
+:bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3\\\\\\n"\\/p
+t cont
+s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p
+t cont
+d
+:cont
+n
+s/.\{148\}/&'"$ac_delim"'/g
+t clear
+:clear
+s/\\$//
+t bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/"/p
+d
+:bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p
+b cont
+' <confdefs.h | sed '
+s/'"$ac_delim"'/"\\\
+"/g' >>$CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ for (key in D) D_is_set[key] = 1
+ FS = "\a"
+}
+/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ {
+ line = \$ 0
+ split(line, arg, " ")
+ if (arg[1] == "#") {
+ defundef = arg[2]
+ mac1 = arg[3]
+ } else {
+ defundef = substr(arg[1], 2)
+ mac1 = arg[2]
+ }
+ split(mac1, mac2, "(") #)
+ macro = mac2[1]
+ prefix = substr(line, 1, index(line, defundef) - 1)
+ if (D_is_set[macro]) {
+ # Preserve the white space surrounding the "#".
+ print prefix "define", macro P[macro] D[macro]
+ next
+ } else {
+ # Replace #undef with comments. This is necessary, for example,
+ # in the case of _POSIX_SOURCE, which is predefined and required
+ # on some systems where configure will not decide to define it.
+ if (defundef == "undef") {
+ print "/*", prefix defundef, macro, "*/"
+ next
+ }
+ }
+}
+{ print }
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+ as_fn_error $? "could not setup config headers machinery" "$LINENO" 5
+fi # test -n "$CONFIG_HEADERS"
+
-for ac_tag in :F $CONFIG_FILES :H $CONFIG_HEADERS :L $CONFIG_LINKS :C $CONFIG_COMMANDS
+eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS :L $CONFIG_LINKS :C $CONFIG_COMMANDS"
+shift
+for ac_tag
do
case $ac_tag in
:[FHLC]) ac_mode=$ac_tag; continue;;
esac
case $ac_mode$ac_tag in
:[FHL]*:*);;
- :L* | :C*:*) { { echo "$as_me:$LINENO: error: Invalid tag $ac_tag." >&5
-echo "$as_me: error: Invalid tag $ac_tag." >&2;}
- { (exit 1); exit 1; }; };;
+ :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;;
:[FH]-) ac_tag=-:-;;
:[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
esac
for ac_f
do
case $ac_f in
- -) ac_f="$tmp/stdin";;
+ -) ac_f="$ac_tmp/stdin";;
*) # Look for the file first in the build tree, then in the source tree
# (if the path is not absolute). The absolute path cannot be DOS-style,
# because $ac_f cannot contain `:'.
[\\/$]*) false;;
*) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
esac ||
- { { echo "$as_me:$LINENO: error: cannot find input file: $ac_f" >&5
-echo "$as_me: error: cannot find input file: $ac_f" >&2;}
- { (exit 1); exit 1; }; };;
+ as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;;
esac
- ac_file_inputs="$ac_file_inputs $ac_f"
+ case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
+ as_fn_append ac_file_inputs " '$ac_f'"
done
# Let's still pretend it is `configure' which instantiates (i.e., don't
# use $as_me), people would be surprised to read:
# /* config.h. Generated by config.status. */
- configure_input="Generated from "`IFS=:
- echo $* | sed 's|^[^:]*/||;s|:[^:]*/|, |g'`" by configure."
+ configure_input='Generated from '`
+ $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
+ `' by configure.'
if test x"$ac_file" != x-; then
configure_input="$ac_file. $configure_input"
- { echo "$as_me:$LINENO: creating $ac_file" >&5
-echo "$as_me: creating $ac_file" >&6;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
+$as_echo "$as_me: creating $ac_file" >&6;}
fi
+ # Neutralize special characters interpreted by sed in replacement strings.
+ case $configure_input in #(
+ *\&* | *\|* | *\\* )
+ ac_sed_conf_input=`$as_echo "$configure_input" |
+ sed 's/[\\\\&|]/\\\\&/g'`;; #(
+ *) ac_sed_conf_input=$configure_input;;
+ esac
case $ac_tag in
- *:-:* | *:-) cat >"$tmp/stdin";;
+ *:-:* | *:-) cat >"$ac_tmp/stdin" \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;;
esac
;;
esac
X"$ac_file" : 'X\(//\)[^/]' \| \
X"$ac_file" : 'X\(//\)$' \| \
X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
-echo X"$ac_file" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- { as_dir="$ac_dir"
- case $as_dir in #(
- -*) as_dir=./$as_dir;;
- esac
- test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || {
- as_dirs=
- while :; do
- case $as_dir in #(
- *\'*) as_qdir=`echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #(
- *) as_qdir=$as_dir;;
- esac
- as_dirs="'$as_qdir' $as_dirs"
- as_dir=`$as_dirname -- "$as_dir" ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
-echo X"$as_dir" |
+$as_echo X"$ac_file" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
s//\1/
q
q
}
s/.*/./; q'`
- test -d "$as_dir" && break
- done
- test -z "$as_dirs" || eval "mkdir $as_dirs"
- } || test -d "$as_dir" || { { echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5
-echo "$as_me: error: cannot create directory $as_dir" >&2;}
- { (exit 1); exit 1; }; }; }
+ as_dir="$ac_dir"; as_fn_mkdir_p
ac_builddir=.
case "$ac_dir" in
.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
*)
- ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
+ ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
# A ".." for each directory in $ac_dir_suffix.
- ac_top_builddir_sub=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,/..,g;s,/,,'`
+ ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
case $ac_top_builddir_sub in
"") ac_top_builddir_sub=. ac_top_build_prefix= ;;
*) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
esac
_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# If the template does not know about datarootdir, expand it.
# FIXME: This hack should be removed a few years after 2.60.
ac_datarootdir_hack=; ac_datarootdir_seen=
-
-case `sed -n '/datarootdir/ {
+ac_sed_dataroot='
+/datarootdir/ {
p
q
}
/@docdir@/p
/@infodir@/p
/@localedir@/p
-/@mandir@/p
-' $ac_file_inputs` in
+/@mandir@/p'
+case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
*datarootdir*) ac_datarootdir_seen=yes;;
*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
- { echo "$as_me:$LINENO: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
-echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
_ACEOF
-cat >>$CONFIG_STATUS <<_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_datarootdir_hack='
s&@datadir@&$datadir&g
s&@docdir@&$docdir&g
s&@infodir@&$infodir&g
s&@localedir@&$localedir&g
s&@mandir@&$mandir&g
- s&\\\${datarootdir}&$datarootdir&g' ;;
+ s&\\\${datarootdir}&$datarootdir&g' ;;
esac
_ACEOF
# Neutralize VPATH when `$srcdir' = `.'.
# Shell code in configure.ac might set extrasub.
# FIXME: do we really want to maintain this feature?
-cat >>$CONFIG_STATUS <<_ACEOF
- sed "$ac_vpsub
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_sed_extra="$ac_vpsub
$extrasub
_ACEOF
-cat >>$CONFIG_STATUS <<\_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
:t
/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
-s&@configure_input@&$configure_input&;t t
+s|@configure_input@|$ac_sed_conf_input|;t t
s&@top_builddir@&$ac_top_builddir_sub&;t t
+s&@top_build_prefix@&$ac_top_build_prefix&;t t
s&@srcdir@&$ac_srcdir&;t t
s&@abs_srcdir@&$ac_abs_srcdir&;t t
s&@top_srcdir@&$ac_top_srcdir&;t t
s&@INSTALL@&$ac_INSTALL&;t t
s&@MKDIR_P@&$ac_MKDIR_P&;t t
$ac_datarootdir_hack
-" $ac_file_inputs | sed -f "$tmp/subs-1.sed" | sed -f "$tmp/subs-2.sed" >$tmp/out
+"
+eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \
+ >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5
test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
- { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } &&
- { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } &&
- { echo "$as_me:$LINENO: WARNING: $ac_file contains a reference to the variable \`datarootdir'
-which seems to be undefined. Please make sure it is defined." >&5
-echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
-which seems to be undefined. Please make sure it is defined." >&2;}
-
- rm -f "$tmp/stdin"
+ { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } &&
+ { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \
+ "$ac_tmp/out"`; test -z "$ac_out"; } &&
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined. Please make sure it is defined" >&5
+$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined. Please make sure it is defined" >&2;}
+
+ rm -f "$ac_tmp/stdin"
case $ac_file in
- -) cat "$tmp/out"; rm -f "$tmp/out";;
- *) rm -f "$ac_file"; mv "$tmp/out" $ac_file;;
- esac
+ -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";;
+ *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";;
+ esac \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5
;;
:H)
#
# CONFIG_HEADER
#
-_ACEOF
-
-# Transform confdefs.h into a sed script `conftest.defines', that
-# substitutes the proper values into config.h.in to produce config.h.
-rm -f conftest.defines conftest.tail
-# First, append a space to every undef/define line, to ease matching.
-echo 's/$/ /' >conftest.defines
-# Then, protect against being on the right side of a sed subst, or in
-# an unquoted here document, in config.status. If some macros were
-# called several times there might be several #defines for the same
-# symbol, which is useless. But do not sort them, since the last
-# AC_DEFINE must be honored.
-ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]*
-# These sed commands are passed to sed as "A NAME B PARAMS C VALUE D", where
-# NAME is the cpp macro being defined, VALUE is the value it is being given.
-# PARAMS is the parameter list in the macro definition--in most cases, it's
-# just an empty string.
-ac_dA='s,^\\([ #]*\\)[^ ]*\\([ ]*'
-ac_dB='\\)[ (].*,\\1define\\2'
-ac_dC=' '
-ac_dD=' ,'
-
-uniq confdefs.h |
- sed -n '
- t rset
- :rset
- s/^[ ]*#[ ]*define[ ][ ]*//
- t ok
- d
- :ok
- s/[\\&,]/\\&/g
- s/^\('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/ '"$ac_dA"'\1'"$ac_dB"'\2'"${ac_dC}"'\3'"$ac_dD"'/p
- s/^\('"$ac_word_re"'\)[ ]*\(.*\)/'"$ac_dA"'\1'"$ac_dB$ac_dC"'\2'"$ac_dD"'/p
- ' >>conftest.defines
-
-# Remove the space that was appended to ease matching.
-# Then replace #undef with comments. This is necessary, for
-# example, in the case of _POSIX_SOURCE, which is predefined and required
-# on some systems where configure will not decide to define it.
-# (The regexp can be short, since the line contains either #define or #undef.)
-echo 's/ $//
-s,^[ #]*u.*,/* & */,' >>conftest.defines
-
-# Break up conftest.defines:
-ac_max_sed_lines=50
-
-# First sed command is: sed -f defines.sed $ac_file_inputs >"$tmp/out1"
-# Second one is: sed -f defines.sed "$tmp/out1" >"$tmp/out2"
-# Third one will be: sed -f defines.sed "$tmp/out2" >"$tmp/out1"
-# et cetera.
-ac_in='$ac_file_inputs'
-ac_out='"$tmp/out1"'
-ac_nxt='"$tmp/out2"'
-
-while :
-do
- # Write a here document:
- cat >>$CONFIG_STATUS <<_ACEOF
- # First, check the format of the line:
- cat >"\$tmp/defines.sed" <<\\CEOF
-/^[ ]*#[ ]*undef[ ][ ]*$ac_word_re[ ]*\$/b def
-/^[ ]*#[ ]*define[ ][ ]*$ac_word_re[( ]/b def
-b
-:def
-_ACEOF
- sed ${ac_max_sed_lines}q conftest.defines >>$CONFIG_STATUS
- echo 'CEOF
- sed -f "$tmp/defines.sed"' "$ac_in >$ac_out" >>$CONFIG_STATUS
- ac_in=$ac_out; ac_out=$ac_nxt; ac_nxt=$ac_in
- sed 1,${ac_max_sed_lines}d conftest.defines >conftest.tail
- grep . conftest.tail >/dev/null || break
- rm -f conftest.defines
- mv conftest.tail conftest.defines
-done
-rm -f conftest.defines conftest.tail
-
-echo "ac_result=$ac_in" >>$CONFIG_STATUS
-cat >>$CONFIG_STATUS <<\_ACEOF
if test x"$ac_file" != x-; then
- echo "/* $configure_input */" >"$tmp/config.h"
- cat "$ac_result" >>"$tmp/config.h"
- if diff $ac_file "$tmp/config.h" >/dev/null 2>&1; then
- { echo "$as_me:$LINENO: $ac_file is unchanged" >&5
-echo "$as_me: $ac_file is unchanged" >&6;}
+ {
+ $as_echo "/* $configure_input */" \
+ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs"
+ } >"$ac_tmp/config.h" \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+ if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5
+$as_echo "$as_me: $ac_file is unchanged" >&6;}
else
- rm -f $ac_file
- mv "$tmp/config.h" $ac_file
+ rm -f "$ac_file"
+ mv "$ac_tmp/config.h" "$ac_file" \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5
fi
else
- echo "/* $configure_input */"
- cat "$ac_result"
+ $as_echo "/* $configure_input */" \
+ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \
+ || as_fn_error $? "could not create -" "$LINENO" 5
fi
- rm -f "$tmp/out12"
;;
:L)
#
# CONFIG_LINK
#
- { echo "$as_me:$LINENO: linking $srcdir/$ac_source to $ac_file" >&5
-echo "$as_me: linking $srcdir/$ac_source to $ac_file" >&6;}
+ if test "$ac_source" = "$ac_file" && test "$srcdir" = '.'; then
+ :
+ else
+ # Prefer the file from the source tree if names are identical.
+ if test "$ac_source" = "$ac_file" || test ! -r "$ac_source"; then
+ ac_source=$srcdir/$ac_source
+ fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: linking $ac_source to $ac_file" >&5
+$as_echo "$as_me: linking $ac_source to $ac_file" >&6;}
- if test ! -r "$srcdir/$ac_source"; then
- { { echo "$as_me:$LINENO: error: $srcdir/$ac_source: file not found" >&5
-echo "$as_me: error: $srcdir/$ac_source: file not found" >&2;}
- { (exit 1); exit 1; }; }
- fi
- rm -f "$ac_file"
+ if test ! -r "$ac_source"; then
+ as_fn_error $? "$ac_source: file not found" "$LINENO" 5
+ fi
+ rm -f "$ac_file"
- # Try a relative symlink, then a hard link, then a copy.
- case $srcdir in
- [\\/$]* | ?:[\\/]* ) ac_rel_source=$srcdir/$ac_source ;;
- *) ac_rel_source=$ac_top_build_prefix$srcdir/$ac_source ;;
- esac
- ln -s "$ac_rel_source" "$ac_file" 2>/dev/null ||
- ln "$srcdir/$ac_source" "$ac_file" 2>/dev/null ||
- cp -p "$srcdir/$ac_source" "$ac_file" ||
- { { echo "$as_me:$LINENO: error: cannot link or copy $srcdir/$ac_source to $ac_file" >&5
-echo "$as_me: error: cannot link or copy $srcdir/$ac_source to $ac_file" >&2;}
- { (exit 1); exit 1; }; }
+ # Try a relative symlink, then a hard link, then a copy.
+ case $ac_source in
+ [\\/$]* | ?:[\\/]* ) ac_rel_source=$ac_source ;;
+ *) ac_rel_source=$ac_top_build_prefix$ac_source ;;
+ esac
+ ln -s "$ac_rel_source" "$ac_file" 2>/dev/null ||
+ ln "$ac_source" "$ac_file" 2>/dev/null ||
+ cp -p "$ac_source" "$ac_file" ||
+ as_fn_error $? "cannot link or copy $ac_source to $ac_file" "$LINENO" 5
+ fi
;;
- :C) { echo "$as_me:$LINENO: executing $ac_file commands" >&5
-echo "$as_me: executing $ac_file commands" >&6;}
+ :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5
+$as_echo "$as_me: executing $ac_file commands" >&6;}
;;
esac
case $ac_file$ac_mode in
- "dummy-dep-files":C) (cd "$srcdir" && find . -name '*.c' -print) \
- | sed 's/\.c$//' | (while read f; do echo > "$f.o.d"; echo > "$f.po.d"; done)
+ "dummy-dep-files":C) (cd "$srcdir" && find . '(' -name '*.c' -o -name '*.cxx' ')' -print) \
+ | sed 's/\.c\(xx\)\{0,1\}$//' | (while read f; do echo > "$f.o.d"; echo > "$f.po.d"; done)
;;
+ "asm.d":C) for f in $asm_file_list
+ do
+ case $f in
+ *.asm)
+ echo "`basename $f .asm`.s : $f "'$(srcdir)/asm.m4 machine.m4 config.m4'
+ ;;
+ esac
+ done > asm.d
+ ;;
"$ac_stdint_h":C)
-{ echo "$as_me:$LINENO: creating $ac_stdint_h : $_ac_stdint_h" >&5
-echo "$as_me: creating $ac_stdint_h : $_ac_stdint_h" >&6;}
+{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_stdint_h : $_ac_stdint_h" >&5
+$as_echo "$as_me: creating $ac_stdint_h : $_ac_stdint_h" >&6;}
ac_stdint=$tmp/_stdint.h
echo "#ifndef" $_ac_stdint_h >$ac_stdint
#endif
STDINT_EOF
if cmp -s $ac_stdint_h $ac_stdint 2>/dev/null; then
- { echo "$as_me:$LINENO: $ac_stdint_h is unchanged" >&5
-echo "$as_me: $ac_stdint_h is unchanged" >&6;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_stdint_h is unchanged" >&5
+$as_echo "$as_me: $ac_stdint_h is unchanged" >&6;}
else
ac_dir=`$as_dirname -- "$ac_stdint_h" ||
$as_expr X"$ac_stdint_h" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
X"$ac_stdint_h" : 'X\(//\)[^/]' \| \
X"$ac_stdint_h" : 'X\(//\)$' \| \
X"$ac_stdint_h" : 'X\(/\)' \| . 2>/dev/null ||
-echo X"$ac_stdint_h" |
- sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
- s//\1/
- q
- }
- /^X\(\/\/\)[^/].*/{
- s//\1/
- q
- }
- /^X\(\/\/\)$/{
- s//\1/
- q
- }
- /^X\(\/\).*/{
- s//\1/
- q
- }
- s/.*/./; q'`
- { as_dir="$ac_dir"
- case $as_dir in #(
- -*) as_dir=./$as_dir;;
- esac
- test -d "$as_dir" || { $as_mkdir_p && mkdir -p "$as_dir"; } || {
- as_dirs=
- while :; do
- case $as_dir in #(
- *\'*) as_qdir=`echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #(
- *) as_qdir=$as_dir;;
- esac
- as_dirs="'$as_qdir' $as_dirs"
- as_dir=`$as_dirname -- "$as_dir" ||
-$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
- X"$as_dir" : 'X\(//\)[^/]' \| \
- X"$as_dir" : 'X\(//\)$' \| \
- X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
-echo X"$as_dir" |
+$as_echo X"$ac_stdint_h" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
s//\1/
q
q
}
s/.*/./; q'`
- test -d "$as_dir" && break
- done
- test -z "$as_dirs" || eval "mkdir $as_dirs"
- } || test -d "$as_dir" || { { echo "$as_me:$LINENO: error: cannot create directory $as_dir" >&5
-echo "$as_me: error: cannot create directory $as_dir" >&2;}
- { (exit 1); exit 1; }; }; }
+ as_dir="$ac_dir"; as_fn_mkdir_p
rm -f $ac_stdint_h
mv $ac_stdint $ac_stdint_h
fi
done # for ac_tag
-{ (exit 0); exit 0; }
+as_fn_exit 0
_ACEOF
-chmod +x $CONFIG_STATUS
ac_clean_files=$ac_clean_files_save
+test $ac_write_fail = 0 ||
+ as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5
+
# configure is writing to config.log, and then calls config.status.
# config.status does its own redirection, appending to config.log.
exec 5>>config.log
# Use ||, not &&, to avoid exiting from the if with $? = 1, which
# would make configure fail if this is the last instruction.
- $ac_cs_success || { (exit 1); exit 1; }
-fi
-
-
+ $ac_cs_success || as_fn_exit 1
+fi
+if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
+$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: summary of build options:
+
+ Version: ${PACKAGE_STRING}
+ Host type: ${host}
+ ABI: ${ABI}
+ Assembly files: ${asm_path:-none}
+ Install prefix: ${prefix}
+ Library directory: ${libdir}
+ Compiler: ${CC}
+ Static libraries: ${enable_static}
+ Shared libraries: ${enable_shared}
+ Public key crypto: ${enable_public_key}
+ Documentation: ${enable_documentation}
+" >&5
+$as_echo "$as_me: summary of build options:
+
+ Version: ${PACKAGE_STRING}
+ Host type: ${host}
+ ABI: ${ABI}
+ Assembly files: ${asm_path:-none}
+ Install prefix: ${prefix}
+ Library directory: ${libdir}
+ Compiler: ${CC}
+ Static libraries: ${enable_static}
+ Shared libraries: ${enable_shared}
+ Public key crypto: ${enable_public_key}
+ Documentation: ${enable_documentation}
+" >&6;}
dnl Process this file with autoconf to produce a configure script.
-AC_INIT([nettle], [2.1], [nettle-bugs@lists.lysator.liu.se])
+AC_INIT([nettle], [2.7.1], [nettle-bugs@lists.lysator.liu.se])
AC_PREREQ(2.61)
AC_CONFIG_SRCDIR([arcfour.c])
# Needed to stop autoconf from looking for files in parent directories.
AC_CONFIG_HEADER([config.h])
LIBNETTLE_MAJOR=4
-LIBNETTLE_MINOR=0
+LIBNETTLE_MINOR=7
LIBHOGWEED_MAJOR=2
-LIBHOGWEED_MINOR=0
+LIBHOGWEED_MINOR=5
AC_CANONICAL_HOST
AC_HELP_STRING([--disable-assembler],[Disable assembler code]),,
[enable_assembler=yes])
+AC_ARG_ENABLE(static,
+ AC_HELP_STRING([--disable-static], [Do not build any static library]),,
+ [enable_static=yes])
+
AC_ARG_ENABLE(shared,
- AC_HELP_STRING([--enable-shared], [Build a shared library]),,
- [enable_shared=no])
+ AC_HELP_STRING([--disable-shared], [Do not build any shared library]),,
+ [enable_shared=yes])
AC_ARG_ENABLE(pic,
AC_HELP_STRING([--disable-pic],
AC_ARG_ENABLE(openssl,
AC_HELP_STRING([--disable-openssl], [Do not include openssl glue in the benchmark program]),,
[enable_openssl=yes])
-
+
+AC_ARG_ENABLE(gcov,
+ AC_HELP_STRING([--enable-gcov], [Instrument for gcov (requires a modern gcc)]),,
+ [enable_gcov=no])
+
+AC_ARG_ENABLE(documentation,
+ AC_HELP_STRING([--disable-documentation], [Omit building and installing the documentation. (default=auto)]),,
+ [enable_documentation=auto])
+
+AC_ARG_ENABLE(arm-neon,
+ AC_HELP_STRING([--enable-arm-neon], [Enable ARM Neon assembly. (default=auto)]),,
+ [enable_arm_neon=auto])
+
LSH_RPATH_INIT([`echo $with_lib_path | sed 's/:/ /g'` \
`echo $exec_prefix | sed "s@^NONE@$prefix/lib@g" | sed "s@^NONE@$ac_default_prefix/lib@g"` \
/usr/local/lib /sw/local/lib /sw/lib \
AC_PROG_CXX
AC_LANG_PUSH(C++)
-AC_TRY_COMPILE([],[return 0;],[CXX_TESTS='cxx-test$(EXEEXT)'], [CXX_TESTS=''])
-AC_SUBST([CXX_TESTS])
+AC_TRY_COMPILE([],[return 0;],[IF_CXX=''], [IF_CXX='#'])
+AC_SUBST([IF_CXX])
AC_LANG_POP
AC_PROG_MAKE_SET
AC_CHECK_TOOL(NM, nm, strings)
# Used only for the GNU-stack configure test.
AC_CHECK_TOOL(OBJDUMP, objdump, false)
+AC_CHECK_TOOL(AR, ar, false)
if test "x$ac_cv_prog_cc_stdc" = xno ; then
AC_ERROR([the C compiler doesn't handle ANSI-C]) #'
# autoconf-2.60 or automake-1.10 to avoid races.
AC_PROG_MKDIR_P
+AC_PROG_LN_S
+
+# Compiler tests for the build system
+GMP_PROG_CC_FOR_BUILD
+GMP_PROG_EXEEXT_FOR_BUILD
+
LSH_DEPENDENCY_TRACKING
if test x$enable_dependency_tracking = xyes ; then
# actually needed.
AC_CONFIG_COMMANDS([dummy-dep-files],
- [(cd "$srcdir" && find . -name '*.c' -print) \
- | sed 's/\.c$//' | (while read f; do echo > "$f.o.d"; echo > "$f.po.d"; done)
+ [(cd "$srcdir" && find . '(' -name '*.c' -o -name '*.cxx' ')' -print) \
+ | sed 's/\.c\(xx\)\{0,1\}$//' | (while read f; do echo > "$f.o.d"; echo > "$f.po.d"; done)
])
fi
-# Figure out ABI. Currently, configurable only be setting CFLAGS.
+# Figure out ABI. Currently, configurable only by setting CFLAGS.
ABI=standard
case "$host_cpu" in
*:solaris*:64|*:sunos*:64)
libdir='${exec_prefix}/lib/64'
;;
- # According to the fhs, all architectures except IA64
- # puts 32-bit libraries in lib, and 64-bit in lib64.
- *:linux*:32)
- libdir='${exec_prefix}/lib'
- ;;
- *:linux*:64)
- libdir='${exec_prefix}/lib64'
+ # Linux conventions are a mess... According to the Linux File
+ # Hierarchy Standard, all architectures except IA64 puts 32-bit
+ # libraries in lib, and 64-bit in lib64. Some distributions,
+ # e.g., Fedora and Gentoo, adhere to this standard, while at
+ # least Debian has decided to put 64-bit libraries in lib and
+ # 32-bit libraries in lib32.
+
+ # We try to figure out the convention, except if we're cross
+ # compiling. We use lib${ABI} if /usr/lib${ABI} exists and
+ # appears to not be a symlink to a different name.
+ *:linux*:32|*:linux*:64)
+ if test "$cross_compiling" = yes ; then
+ AC_MSG_WARN([Cross compiling for linux. Can't guess if libraries go in lib${ABI} or lib.]); dnl '
+ else
+ # The dash builtin pwd tries to be "helpful" and remember
+ # symlink names. Use -P option, and hope it's portable enough.
+ test -d /usr/lib${ABI} \
+ && (cd /usr/lib${ABI} && pwd -P | grep >/dev/null "/lib${ABI}"'$') \
+ && libdir='${exec_prefix}/'"lib${ABI}"
+ fi
;;
# On freebsd, it seems 32-bit libraries are in lib32,
# and 64-bit in lib. Don't know about "kfreebsd", does
libdir='${exec_prefix}/lib'
;;
*)
- AC_MSG_WARN([Don't know where to install $ABI-bit libraries on this system.]); #'
+ AC_MSG_WARN([Don't know where to install $ABI-bit libraries on this system.]); dnl '
esac
AC_MSG_NOTICE([Libraries to be installed in $libdir.])
# Select assembler code
asm_path=
-case "$host_cpu" in
- [i?86* | k[5-8]* | pentium* | athlon])
- asm_path=x86
- ;;
- [x86_64 | amd64])
- if test "$ABI" = 64 ; then
- asm_path=x86_64
- else
+if test "x$enable_assembler" = xyes ; then
+ case "$host_cpu" in
+ [i?86* | k[5-8]* | pentium* | athlon])
asm_path=x86
- fi
- ;;
- *sparc*)
- if test "$ABI" = 64 ; then
- asm_path=sparc64
- else
- asm_path=sparc32
- fi
- ;;
- *)
- enable_assembler=no
- ;;
-esac
+ ;;
+ [x86_64 | amd64])
+ if test "$ABI" = 64 ; then
+ asm_path=x86_64
+ else
+ asm_path=x86
+ fi
+ ;;
+ *sparc*)
+ if test "$ABI" = 64 ; then
+ asm_path=sparc64
+ else
+ asm_path=sparc32
+ fi
+ ;;
+ armv6* | armv7*)
+ NETTLE_CHECK_ARM_NEON
+
+ asm_path="arm/v6 arm"
+
+ if test "x$enable_arm_neon" = xyes ; then
+ asm_path="arm/neon $asm_path"
+ fi
+ ;;
+ arm*)
+ asm_path=arm
+ ;;
+ *)
+ enable_assembler=no
+ ;;
+ esac
+fi
+
+# Files which replace a C source file (or otherwise don't correspond
+# to a new object file).
+asm_replace_list="aes-encrypt-internal.asm aes-decrypt-internal.asm \
+ arcfour-crypt.asm camellia-crypt-internal.asm \
+ md5-compress.asm memxor.asm \
+ salsa20-crypt.asm salsa20-core-internal.asm \
+ serpent-encrypt.asm serpent-decrypt.asm \
+ sha1-compress.asm sha256-compress.asm sha512-compress.asm \
+ sha3-permute.asm umac-nh.asm umac-nh-n.asm machine.m4"
+
+# Assembler files which generate additional object files if they are used.
+asm_optional_list=""
+
+if test "x$enable_public_key" = "xyes" ; then
+ asm_optional_list="ecc-192-modp.asm ecc-224-modp.asm ecc-256-redc.asm \
+ ecc-384-modp.asm ecc-521-modp.asm"
+fi
-# echo "enable_assembler: $enable_assembler, asm_path: $asm_path"
+OPT_ASM_SOURCES=""
+
+asm_file_list=""
if test "x$enable_assembler" = xyes ; then
if test -n "$asm_path"; then
- AC_MSG_NOTICE([Looking for assembler files in $asm_path/.])
- found=no
- for tmp_f in aes-encrypt-internal.asm aes-decrypt-internal.asm \
- arcfour-crypt.asm camellia-crypt-internal.asm \
- md5-compress.asm sha1-compress.asm machine.m4; do
-# echo "Looking for $srcdir/$asm_path/$tmp_f"
- if test -f "$srcdir/$asm_path/$tmp_f"; then
-# echo found
- found=yes
- AC_CONFIG_LINKS($tmp_f:$asm_path/$tmp_f)
- fi
+ AC_MSG_NOTICE([Looking for assembler files in $asm_path.])
+ for tmp_f in $asm_replace_list ; do
+ for asm_dir in $asm_path ; do
+ if test -f "$srcdir/$asm_dir/$tmp_f"; then
+ asm_file_list="$asm_file_list $tmp_f"
+ AC_CONFIG_LINKS($tmp_f:$asm_dir/$tmp_f)
+ break
+ fi
+ done
done
- if test "$found" = no; then
+ dnl Workaround for AC_CONFIG_LINKS, which complains if we use the
+ dnl same destination argument $tmp_f multiple times.
+ for tmp_o in $asm_optional_list ; do
+ for asm_dir in $asm_path ; do
+ if test -f "$srcdir/$asm_dir/$tmp_o"; then
+ asm_file_list="$asm_file_list $tmp_o"
+ AC_CONFIG_LINKS($tmp_o:$asm_dir/$tmp_o)
+ while read tmp_func ; do
+ AC_DEFINE_UNQUOTED(HAVE_NATIVE_$tmp_func)
+ eval HAVE_NATIVE_$tmp_func=yes
+ done <<EOF
+[`sed -n 's/[^ ]*PROLOGUE(_*\(nettle_\)*\([^)]*\)).*$/\2/p' < "$srcdir/$asm_dir/$tmp_o"`]
+EOF
+ OPT_ASM_SOURCES="$OPT_ASM_SOURCES $tmp_o"
+ break
+ fi
+ done
+ done
+ if test -z "$asm_file_list"; then
enable_assembler=no
AC_MSG_WARN([No assembler files found.])
fi
fi
fi
+AC_SUBST([OPT_ASM_SOURCES])
+
+AH_VERBATIM([HAVE_NATIVE],
+[/* Define to 1 each of the following for which a native (ie. CPU specific)
+ implementation of the corresponding routine exists. */
+#undef HAVE_NATIVE_ecc_192_modp
+#undef HAVE_NATIVE_ecc_192_redc
+#undef HAVE_NATIVE_ecc_224_modp
+#undef HAVE_NATIVE_ecc_224_redc
+#undef HAVE_NATIVE_ecc_256_modp
+#undef HAVE_NATIVE_ecc_256_redc
+#undef HAVE_NATIVE_ecc_384_modp
+#undef HAVE_NATIVE_ecc_384_redc
+#undef HAVE_NATIVE_ecc_521_modp
+#undef HAVE_NATIVE_ecc_521_redc])
+
+# Besides getting correct dependencies, the explicit rules also tell
+# make that the .s files "ought to exist", so they are preferred over
+# .c files.
+AC_CONFIG_COMMANDS([asm.d],
+ [ for f in $asm_file_list
+ do
+ case $f in
+ *.asm)
+ echo "`basename $f .asm`.s : $f "'$(srcdir)/asm.m4 machine.m4 config.m4'
+ ;;
+ esac
+ done > asm.d
+ ],
+ [ asm_file_list="$asm_file_list" ]
+)
+
LSH_CCPIC
SHLIBCFLAGS="$CCPIC"
+IF_DLL='#'
+LIBNETTLE_FILE_SRC='$(LIBNETTLE_FORLINK)'
+LIBHOGWEED_FILE_SRC='$(LIBHOGWEED_FORLINK)'
+EMULATOR=''
+W64_ABI=no
+
case "$host_os" in
- cygwin*)
- LIBNETTLE_FORLINK='cygnettle-$(LIBNETTLE_MAJOR)-$(LIBNETTLE_MINOR).dll'
+ mingw32*|cygwin*)
+ # The actual DLLs, e.g. libnettle-$major-$minor.dll, are normally
+ # installed into the bin dir (or more exactly $libdir/../bin, for
+ # automake), while libnettle.dll.a, which is a stub file for
+ # linking to the DLL, is installed into the lib dir.
+ case "$host_os" in
+ mingw32*)
+ LIBNETTLE_FORLINK='libnettle-$(LIBNETTLE_MAJOR)-$(LIBNETTLE_MINOR).dll'
+ LIBHOGWEED_FORLINK='libhogweed-$(LIBHOGWEED_MAJOR)-$(LIBHOGWEED_MINOR).dll'
+ ;;
+ cygwin*)
+ LIBNETTLE_FORLINK='cygnettle-$(LIBNETTLE_MAJOR)-$(LIBNETTLE_MINOR).dll'
+ LIBHOGWEED_FORLINK='cyghogweed-$(LIBHOGWEED_MAJOR)-$(LIBHOGWEED_MINOR).dll'
+ ;;
+ esac
+ if test "x$cross_compiling" = xyes ; then
+ case "$ABI" in
+ 64)
+ EMULATOR=wine64
+ ;;
+ *)
+ EMULATOR=wine
+ ;;
+ esac
+ fi
+ if test "x$ABI" = x64 ; then
+ W64_ABI=yes
+ fi
LIBNETTLE_SONAME=''
LIBNETTLE_FILE='libnettle.dll.a'
- LIBNETTLE_LINK='$(CC) $(LDFLAGS) -shared -Wl,--out-implib=$(LIBNETTLE_LIBFILE) -Wl,--export-all-symbols -Wl,--enable-auto-import -Wl,--whole-archive'
+ LIBNETTLE_FILE_SRC='$(LIBNETTLE_FILE)'
+ LIBNETTLE_LINK='$(CC) $(CFLAGS) $(LDFLAGS) -shared -Wl,--out-implib=$(LIBNETTLE_FILE) -Wl,--export-all-symbols -Wl,--enable-auto-import -Wl,--whole-archive'
LIBNETTLE_LIBS='-Wl,--no-whole-archive $(LIBS)'
- LIBHOGWEED_FORLINK='cyghogweed-$(LIBHOGWEED_MAJOR)-$(LIBHOGWEED_MINOR).dll'
LIBHOGWEED_SONAME=''
LIBHOGWEED_FILE='libhogweed.dll.a'
- LIBHOGWEED_LINK='$(CC) $(LDFLAGS) -shared -Wl,--out-implib=$(LIBHOGWEED_LIBFILE) -Wl,--export-all-symbols -Wl,--enable-auto-import -Wl,--whole-archive'
- LIBHOGWEED_LIBS='-Wl,--no-whole-archive $(LIBS)'
+ LIBHOGWEED_FILE_SRC='$(LIBHOGWEED_FILE)'
+ LIBHOGWEED_LINK='$(CC) $(CFLAGS) $(LDFLAGS) -shared -Wl,--out-implib=$(LIBHOGWEED_FILE) -Wl,--export-all-symbols -Wl,--enable-auto-import -Wl,--whole-archive'
+ LIBHOGWEED_LIBS='-Wl,--no-whole-archive $(LIBS) libnettle.dll.a'
+ IF_DLL=''
;;
darwin*)
LIBNETTLE_FORLINK=libnettle.dylib
+ LIBNETTLE_SONAME='libnettle.$(LIBNETTLE_MAJOR).dylib'
+ LIBNETTLE_FILE='libnettle.$(LIBNETTLE_MAJOR).$(LIBNETTLE_MINOR).dylib'
+ LIBNETTLE_LINK='$(CC) $(CFLAGS) -dynamiclib $(LDFLAGS) -install_name ${libdir}/$(LIBNETTLE_SONAME) -compatibility_version $(LIBNETTLE_MAJOR) -current_version $(LIBNETTLE_MAJOR).$(LIBNETTLE_MINOR)'
+ LIBNETTLE_LIBS=''
+
+ LIBHOGWEED_FORLINK=libhogweed.dylib
+ LIBHOGWEED_SONAME='libhogweed.$(LIBHOGWEED_MAJOR).dylib'
+ LIBHOGWEED_FILE='libhogweed.$(LIBHOGWEED_MAJOR).$(LIBHOGWEED_MINOR).dylib'
+ LIBHOGWEED_LINK='$(CC) $(CFLAGS) -dynamiclib -L. $(LDFLAGS) -install_name ${libdir}/$(LIBHOGWEED_SONAME) -compatibility_version $(LIBHOGWEED_MAJOR) -current_version $(LIBHOGWEED_MAJOR).$(LIBHOGWEED_MINOR)'
+ LIBHOGWEED_LIBS='-lnettle -lgmp'
+ ;;
+ solaris*)
+ # Sun's ld uses -h to set the soname, and this option is passed
+ # through by both Sun's compiler and gcc. Might not work with GNU
+ # ld, but it's unusual to use GNU ld on Solaris.
+ LIBNETTLE_FORLINK=libnettle.so
LIBNETTLE_SONAME='$(LIBNETTLE_FORLINK).$(LIBNETTLE_MAJOR)'
LIBNETTLE_FILE='$(LIBNETTLE_SONAME).$(LIBNETTLE_MINOR)'
- LIBNETTLE_LINK='$(CC) -dynamiclib $(LDFLAGS)'
+ LIBNETTLE_LINK='$(CC) $(CFLAGS) $(LDFLAGS) -G -h $(LIBNETTLE_SONAME)'
LIBNETTLE_LIBS=''
- LIBHOGWEED_FORLINK=libhogweed.dylib
+ LIBHOGWEED_FORLINK=libhogweed.so
LIBHOGWEED_SONAME='$(LIBHOGWEED_FORLINK).$(LIBHOGWEED_MAJOR)'
LIBHOGWEED_FILE='$(LIBHOGWEED_SONAME).$(LIBHOGWEED_MINOR)'
- LIBHOGWEED_LINK='$(CC) -dynamiclib $(LDFLAGS)'
- LIBHOGWEED_LIBS=''
+ LIBHOGWEED_LINK='$(CC) $(CFLAGS) $(LDFLAGS) -L. -G -h $(LIBHOGWEED_SONAME)'
+ LIBHOGWEED_LIBS='-lnettle -lgmp'
;;
*)
LIBNETTLE_FORLINK=libnettle.so
LIBNETTLE_SONAME='$(LIBNETTLE_FORLINK).$(LIBNETTLE_MAJOR)'
LIBNETTLE_FILE='$(LIBNETTLE_SONAME).$(LIBNETTLE_MINOR)'
- LIBNETTLE_LINK='$(CC) $(LDFLAGS) -shared -Wl,-soname=$(LIBNETTLE_SONAME)'
+ LIBNETTLE_LINK='$(CC) $(CFLAGS) $(LDFLAGS) -shared -Wl,-soname=$(LIBNETTLE_SONAME)'
LIBNETTLE_LIBS=''
LIBHOGWEED_FORLINK=libhogweed.so
LIBHOGWEED_SONAME='$(LIBHOGWEED_FORLINK).$(LIBHOGWEED_MAJOR)'
LIBHOGWEED_FILE='$(LIBHOGWEED_SONAME).$(LIBHOGWEED_MINOR)'
- LIBHOGWEED_LINK='$(CC) $(LDFLAGS) -L. -shared -Wl,-soname=$(LIBHOGWEED_SONAME)'
+ LIBHOGWEED_LINK='$(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -Wl,-soname=$(LIBHOGWEED_SONAME)'
# Requested by debian, to make linking with only -lhogweed work
# (does not work in general, e.g., with static linking all of
# -lhogweed -lgmp -lnettle are still required). Also makes dlopen
ASM_SYMBOL_PREFIX=''
ASM_ELF_STYLE='no'
-ASM_TYPE_FUNCTION=''
+# GNU as default is to use @
+ASM_TYPE_FUNCTION='@function'
+ASM_TYPE_PROGBITS='@progbits'
ASM_MARK_NOEXEC_STACK=''
ASM_ALIGN_LOG=''
[ # Default is no underscore
nettle_cv_asm_underscore=no
AC_COMPILE_IFELSE(
- [int a_global_symbol;],
+ [AC_LANG_SOURCE([int a_global_symbol;])],
[ $NM conftest.$OBJEXT >conftest.out
if grep _a_global_symbol conftest.out >/dev/null ; then
nettle_cv_asm_underscore=yes
ASM_SYMBOL_PREFIX='_'
fi
- AC_CACHE_CHECK([if we should use a .note.GNU-stack section],
- nettle_cv_asm_gnu_stack,
- [ # Default
- nettle_cv_asm_gnu_stack=no
-
- cat >conftest.c <<EOF
-int foo() { return 0; }
-EOF
- nettle_compile="$CC $CFLAGS $CPPFLAGS -c conftest.c >conftest.out 2>&1"
- if AC_TRY_EVAL(nettle_compile); then
- cat conftest.out >&AC_FD_CC
- $OBJDUMP -x conftest.o | grep '\.note\.GNU-stack' > /dev/null \
- && nettle_cv_asm_gnu_stack=yes
- else
- cat conftest.out >&AC_FD_CC
- echo "configure: failed program was:" >&AC_FD_CC
- cat conftest.s >&AC_FD_CC
- fi
- rm -f conftest.*])
- if test x$nettle_cv_asm_gnu_stack = xyes ; then
- ASM_MARK_NOEXEC_STACK='.section .note.GNU-stack,"",@progbits'
- fi
-
AC_CACHE_CHECK([for ELF-style .type,%function pseudo-ops],
[nettle_cv_asm_type_percent_function],
[GMP_TRY_ASSEMBLE([
if test x$nettle_cv_asm_type_percent_function = xyes ; then
ASM_ELF_STYLE='yes'
ASM_TYPE_FUNCTION='%function'
+ ASM_TYPE_PROGBITS='%progbits'
else
if test x$nettle_cv_asm_type_hash_function = xyes ; then
ASM_ELF_STYLE='yes'
ASM_TYPE_FUNCTION='#function'
+ ASM_TYPE_PROGBITS='#progbits'
+ fi
+ fi
+
+ AC_CACHE_CHECK([if we should use a .note.GNU-stack section],
+ nettle_cv_asm_gnu_stack,
+ [ # Default
+ nettle_cv_asm_gnu_stack=no
+
+ cat >conftest.c <<EOF
+int foo() { return 0; }
+EOF
+ nettle_compile="$CC $CFLAGS $CPPFLAGS -c conftest.c >conftest.out 2>&1"
+ if AC_TRY_EVAL(nettle_compile); then
+ cat conftest.out >&AC_FD_CC
+ $OBJDUMP -x conftest.o | grep '\.note\.GNU-stack' > /dev/null \
+ && nettle_cv_asm_gnu_stack=yes
+ else
+ cat conftest.out >&AC_FD_CC
+ echo "configure: failed program was:" >&AC_FD_CC
+ cat conftest.s >&AC_FD_CC
fi
+ rm -f conftest.*])
+ if test x$nettle_cv_asm_gnu_stack = xyes ; then
+ ASM_MARK_NOEXEC_STACK='.section .note.GNU-stack,"",TYPE_PROGBITS'
fi
+
AC_CACHE_CHECK([if .align assembly directive is logarithmic],
[nettle_cv_asm_align_log],
[GMP_TRY_ASSEMBLE([
],
[nettle_cv_asm_align_log=yes],
[nettle_cv_asm_align_log=no])])
- if test x$nettle_cv_asm_align_log = xyes ; then
- ASM_ALIGN_LOG='yes'
- fi
+ ASM_ALIGN_LOG="$nettle_cv_asm_align_log"
fi
AC_SUBST(ASM_SYMBOL_PREFIX)
AC_SUBST(ASM_ELF_STYLE)
AC_SUBST(ASM_TYPE_FUNCTION)
+AC_SUBST(ASM_TYPE_PROGBITS)
AC_SUBST(ASM_MARK_NOEXEC_STACK)
AC_SUBST(ASM_ALIGN_LOG)
+AC_SUBST(W64_ABI)
+AC_SUBST(EMULATOR)
AC_SUBST(SHLIBCFLAGS)
AC_SUBST(LIBNETTLE_FORLINK)
AC_SUBST(LIBNETTLE_SONAME)
AC_SUBST(LIBNETTLE_FILE)
+AC_SUBST(LIBNETTLE_FILE_SRC)
AC_SUBST(LIBNETTLE_LINK)
AC_SUBST(LIBNETTLE_LIBS)
AC_SUBST(LIBHOGWEED_FORLINK)
AC_SUBST(LIBHOGWEED_SONAME)
AC_SUBST(LIBHOGWEED_FILE)
+AC_SUBST(LIBHOGWEED_FILE_SRC)
AC_SUBST(LIBHOGWEED_LINK)
AC_SUBST(LIBHOGWEED_LIBS)
AC_PATH_PROG(M4, m4, m4)
+if test "x$enable_gcov" = "xyes"; then
+ CFLAGS="$CFLAGS -ftest-coverage -fprofile-arcs"
+fi
+
# Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST
AC_C_INLINE
AC_TYPE_UID_T
AC_TYPE_SIZE_T
AC_HEADER_TIME
-# Used by eratosthenes.c
AC_CHECK_SIZEOF(long)
+AC_CHECK_ALIGNOF(uint64_t)
+
+ALIGNOF_UINT64_T="$ac_cv_alignof_uint64_t"
+AC_SUBST(ALIGNOF_UINT64_T)
AC_CHECK_HEADERS([openssl/blowfish.h openssl/des.h openssl/cast.h openssl/aes.h],,
[enable_openssl=no
break])
LSH_FUNC_ALLOCA
+LSH_FUNC_STRERROR
# Needed by the supplied memcmp.c
AC_C_BIGENDIAN
# Checks for libraries
AC_CHECK_LIB(gmp, __gmpz_getlimbn,,
[AC_MSG_WARN(
-[GNU MP not found, or not 3.1 or up, see http://www.swox.com/gmp.
+[GNU MP not found, or not 3.1 or up, see http://gmplib.org/.
Support for public key algorithms will be unavailable.])]
enable_public_key=no)
# Add -R flags needed to run programs linked with gmp
LSH_RPATH_FIX
+# Check for gmp limb size
+nettle_cv_gmp_numb_bits=0
+if test "$enable_public_key" = yes; then
+ AC_MSG_CHECKING([for GMP limb size])
+ AC_COMPUTE_INT(nettle_cv_gmp_numb_bits, [GMP_NUMB_BITS],
+ [#include <gmp.h>],
+ [AC_MSG_FAILURE([cannot find value of GMP_NUMB_BITS])])
+
+ AC_MSG_RESULT([$nettle_cv_gmp_numb_bits bits])
+fi
+
+GMP_NUMB_BITS="$nettle_cv_gmp_numb_bits"
+AC_SUBST([GMP_NUMB_BITS])
+
AH_TEMPLATE([HAVE_MPZ_POWM_SEC], [Define if mpz_powm_sec is available (appeared in GMP-5)])
AC_CHECK_FUNC(__gmpz_powm_sec, [AC_DEFINE(HAVE_MPZ_POWM_SEC)])
IF_HOGWEED='#'
fi
+if test "x$enable_static" = xyes ; then
+ IF_STATIC=''
+else
+ IF_STATIC='#'
+fi
+
if test "x$enable_shared" = xyes ; then
IF_SHARED=''
else
IF_SHARED='#'
fi
+# Documentation tools
+if test "x$enable_documentation" != "xno"; then
+ AC_PATH_PROG(MAKEINFO, makeinfo, not-found)
+
+ if test "x$MAKEINFO" != "xnot-found"; then
+ enable_documentation=yes
+ AC_SUBST(MAKEINFO)
+ else
+ if test "x$enable_documentation" == "xauto" ; then
+ enable_documentation=no
+ else
+ AC_MSG_ERROR([Cannot find 'makeinfo', required for documentation.])
+ fi
+ fi
+fi
+
+if test "x$enable_documentation" = "xyes" ; then
+ IF_DOCUMENTATION=''
+else
+ IF_DOCUMENTATION='#'
+fi
+
AC_SUBST(IF_HOGWEED)
+AC_SUBST(IF_STATIC)
AC_SUBST(IF_SHARED)
+AC_SUBST(IF_DOCUMENTATION)
+AC_SUBST(IF_DLL)
OPENSSL_LIBFLAGS=''
fi
AH_TEMPLATE([WITH_OPENSSL],
- [Define if you have openssl's libcrypto (used for benchmarking)])
+ [Define if you have openssl's libcrypto (used for benchmarking)]) dnl'
if test x$enable_openssl = xyes ; then
AC_DEFINE(WITH_OPENSSL)
AC_SUBST(OPENSSL_LIBFLAGS)
+AH_BOTTOM(
+[#if defined(__x86_64__) || defined(__arch64__)
+# define HAVE_NATIVE_64_BIT 1
+#else
+/* Needs include of <limits.h> before use. */
+# define HAVE_NATIVE_64_BIT (SIZEOF_LONG * CHAR_BIT >= 64)
+#endif
+])
+
+# clock_gettime is in librt on *-*-osf5.1 and on glibc, so add -lrt to
+# BENCH_LIBS if needed. On linux (tested on x86_32, 2.6.26),
+# clock_getres reports ns accuracy, while in a quick test on osf
+# clock_getres said only 1 millisecond.
+
+old_LIBS="$LIBS"
+AC_SEARCH_LIBS(clock_gettime, rt, [
+ AC_DEFINE([HAVE_CLOCK_GETTIME],1,[Define if clock_gettime is available])])
+BENCH_LIBS="$LIBS"
+LIBS="$old_LIBS"
+
+AC_SUBST(BENCH_LIBS)
+
# Set these flags *last*, or else the test programs won't compile
if test x$GCC = xyes ; then
# Using -ggdb3 makes (some versions of) Redhat's gcc-2.96 dump core
- if "$CC" --version | grep '^2\.96$' 1>/dev/null 2>&1; then
+ if $CC --version | grep '^2\.96$' 1>/dev/null 2>&1; then
true
else
CFLAGS="$CFLAGS -ggdb3"
fi
# FIXME: It would be better to actually test if this option works and/or is needed.
# Or perhaps use -funsigned-char.
- if "$CC" --version | grep 'gcc.* 4\.' 1>/dev/null 2>&1; then
+ if $CC --version | grep 'gcc.* 4\.' 1>/dev/null 2>&1; then
CFLAGS="$CFLAGS -Wno-pointer-sign"
fi
CFLAGS="$CFLAGS -Wall -W \
AC_CONFIG_FILES([config.make config.m4 Makefile])
AC_CONFIG_FILES([tools/Makefile testsuite/Makefile examples/Makefile])
+AC_CONFIG_FILES([nettle.pc hogweed.pc])
AC_OUTPUT
+AC_MSG_NOTICE([summary of build options:
+
+ Version: ${PACKAGE_STRING}
+ Host type: ${host}
+ ABI: ${ABI}
+ Assembly files: ${asm_path:-none}
+ Install prefix: ${prefix}
+ Library directory: ${libdir}
+ Compiler: ${CC}
+ Static libraries: ${enable_static}
+ Shared libraries: ${enable_shared}
+ Public key crypto: ${enable_public_key}
+ Documentation: ${enable_documentation}
+])
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2005 Niels Möller
+ * Copyright (C) 2005 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
#include "ctr.h"
+#include "macros.h"
#include "memxor.h"
#include "nettle-internal.h"
-#define INCREMENT(size, counter, i) \
-do { \
- if (++(ctr)[(size) - 1] == 0) \
- { \
- unsigned i = size - 1; \
- while (i > 0 && ++(ctr)[--i] == 0) \
- ; \
- } \
-} while (0)
-
+#define NBLOCKS 4
+
void
-ctr_crypt(void *ctx, nettle_crypt_func f,
+ctr_crypt(void *ctx, nettle_crypt_func *f,
unsigned block_size, uint8_t *ctr,
unsigned length, uint8_t *dst,
const uint8_t *src)
{
- TMP_DECL(buffer, uint8_t, NETTLE_MAX_CIPHER_BLOCK_SIZE);
- TMP_ALLOC(buffer, block_size);
-
if (src != dst)
{
- for (; length >= block_size; length -= block_size, src += block_size, dst += block_size)
+ if (length == block_size)
{
f(ctx, block_size, dst, ctr);
+ INCREMENT(block_size, ctr);
memxor(dst, src, block_size);
- INCREMENT(block_size, ctr, i);
+ }
+ else
+ {
+ unsigned left;
+ uint8_t *p;
+
+ for (p = dst, left = length;
+ left >= block_size;
+ left -= block_size, p += block_size)
+ {
+ memcpy (p, ctr, block_size);
+ INCREMENT(block_size, ctr);
+ }
+
+ f(ctx, length - left, dst, dst);
+ memxor(dst, src, length - left);
+
+ if (left)
+ {
+ TMP_DECL(buffer, uint8_t, NETTLE_MAX_CIPHER_BLOCK_SIZE);
+ TMP_ALLOC(buffer, block_size);
+
+ f(ctx, block_size, buffer, ctr);
+ INCREMENT(block_size, ctr);
+ memxor3(dst + length - left, src + length - left, buffer, left);
+ }
}
}
else
{
- for (; length >= block_size; length -= block_size, src += block_size, dst += block_size)
+ if (length > block_size)
{
- f(ctx, block_size, buffer, ctr);
- memxor3(dst, src, buffer, block_size);
- INCREMENT(block_size, ctr, i);
- }
- }
- if (length > 0)
- {
- /* A final partial block */
+ TMP_DECL(buffer, uint8_t, NBLOCKS * NETTLE_MAX_CIPHER_BLOCK_SIZE);
+ unsigned chunk = NBLOCKS * block_size;
+
+ TMP_ALLOC(buffer, chunk);
+
+ for (; length >= chunk;
+ length -= chunk, src += chunk, dst += chunk)
+ {
+ unsigned n;
+ uint8_t *p;
+ for (n = 0, p = buffer; n < NBLOCKS; n++, p += block_size)
+ {
+ memcpy (p, ctr, block_size);
+ INCREMENT(block_size, ctr);
+ }
+ f(ctx, chunk, buffer, buffer);
+ memxor(dst, buffer, chunk);
+ }
- f(ctx, block_size, buffer, ctr);
- memxor3(dst, src, buffer, length);
- INCREMENT(block_size, ctr, i);
+ if (length > 0)
+ {
+ /* Final, possibly partial, blocks */
+ for (chunk = 0; chunk < length; chunk += block_size)
+ {
+ memcpy (buffer + chunk, ctr, block_size);
+ INCREMENT(block_size, ctr);
+ }
+ f(ctx, chunk, buffer, buffer);
+ memxor3(dst, src, buffer, length);
+ }
+ }
+ else if (length > 0)
+ {
+ TMP_DECL(buffer, uint8_t, NETTLE_MAX_CIPHER_BLOCK_SIZE);
+ TMP_ALLOC(buffer, block_size);
+
+ f(ctx, block_size, buffer, ctr);
+ INCREMENT(block_size, ctr);
+ memxor3(dst, src, buffer, length);
+ }
}
}
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2005 Niels Möller
+ * Copyright (C) 2005 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_CTR_H_INCLUDED
#define ctr_crypt nettle_ctr_crypt
void
-ctr_crypt(void *ctx, nettle_crypt_func f,
+ctr_crypt(void *ctx, nettle_crypt_func *f,
unsigned block_size, uint8_t *ctr,
unsigned length, uint8_t *dst,
const uint8_t *src);
#define CTR_CRYPT(self, f, length, dst, src) \
(0 ? ((f)(&(self)->ctx, 0, NULL, NULL)) \
: ctr_crypt((void *) &(self)->ctx, \
- (nettle_crypt_func) (f), \
+ (nettle_crypt_func *) (f), \
sizeof((self)->ctr), (self)->ctr, \
(length), (dst), (src)))
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2005 Niels Möller
+ * Copyright (C) 2005 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2005, 2009 Niels Möller, Magnus Holmgren
+ * Copyright (C) 2005, 2009 Niels Möller, Magnus Holmgren
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
&& mpz_sgn(pub->y) > 0);
}
-/* FIXME: Rename this and the next function to something
- openssl-specific? */
int
dsa_openssl_private_key_from_der_iterator(struct dsa_public_key *pub,
struct dsa_private_key *priv,
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2005 Niels Möller
+ * Copyright (C) 2005 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001 Niels Möller
+ * Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001 Niels Möller
+ * Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_DES_COMPAT_H_INCLUDED
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001 Niels Möller
+ * Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
/* des - fast & portable DES encryption & decryption.
/* nettle, low-level cryptographics library
*
- * Copyright (C) 1992, 2001, Dana L. How, Niels Möller
+ * Copyright (C) 1992, 2001, Dana L. How, Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
/*
* Please see the file `../lib/descore.README' for the complete copyright
* notice.
*
- * Slightly edited by Niels Möller, 1997
+ * Slightly edited by Niels Möller, 1997
*/
#ifndef NETTLE_DES_H_INCLUDED
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001 Niels Möller
+ * Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* desCode.h
*
- * $Id: desCode.h,v 1.1 2007/04/05 14:20:35 nisse Exp $ */
+ */
/* des - fast & portable DES encryption & decryption.
* Copyright (C) 1992 Dana L. How
You should have received a copy of the GNU Library General Public License
along with this program; if not, write to the Free Software
-Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA
Author's address: how@isl.stanford.edu
-$Id: descore.README,v 1.1 2007/04/05 14:20:35 nisse Exp $
-
==>> To compile after untarring/unsharring, just `make' <<==
*
* Generate tables used by des.c and desCode.h.
*
- * $Id: desdata.c,v 1.1 2007/04/05 14:20:35 nisse Exp $ */
+ */
/*
* des - fast & portable DES encryption & decryption.
*
*/
-#if HAVE_CONFIG_H
-# include "config.h"
-#endif
+#include <stdio.h>
#include "desinfo.h"
-#include "desCode.h"
-
/* list of weak and semi-weak keys
7, 5, 3, 1, 6, 4, 2, 0,
};
-int printf(const char *, ...);
-
int
-main(int argc UNUSED, char **argv UNUSED)
+main(int argc, char **argv)
{
- uint32_t d, i, j, k, l, m, n, s;
+ unsigned long d, i, j, k, l, m, n, s; /* Always at least 32 bits */
char b[256], ksr[56];
+ if (argc <= 1)
+ return 1;
+
switch ( argv[1][0] ) {
+default:
+ return 1;
/*
* <<< make the key parity table >>>
*/
case 'p':
- (void)printf(
+ printf(
"/* automagically produced - do not fuss with this information */\n\n");
/* store parity information */
/* print it out */
for ( i = 0; i < 256; i++ ) {
- (void)printf("%d,", b[i]);
+ printf("%d,", b[i]);
if ( (i & 31) == 31 )
- (void)printf("\n");
+ printf("\n");
}
break;
*/
case 'r':
- (void)printf("/* automagically made - do not fuss with this */\n\n");
+ printf("/* automagically made - do not fuss with this */\n\n");
/* KL specifies the initial key bit positions */
for (i = 0; i < 56; i++)
m = ksr[KC[korder[j]] - 1];
m = (m / 8) * 7 + (m % 8) - 1;
m = 55 - m;
- (void)printf(" %2ld,", (long) m);
+ printf(" %2ld,", (long) m);
if ((j % 12) == 11)
- (void)printf("\n");
+ printf("\n");
}
- (void)printf("\n");
+ printf("\n");
}
break;
*/
case 'k':
- (void)printf("/* automagically made - do not fuss with this */\n\n");
+ printf("/* automagically made - do not fuss with this */\n\n");
for ( i = 0; i <= 7 ; i++ ) {
s = sorder[i];
/* perform p permutation */
for ( m = j = 0; j < 32; j++ )
if ( n & (1 << (SP[j] - 1)) )
- m |= (1 << j);
+ m |= (1UL << j);
/* rotate right (alg keeps everything rotated by 1) */
- ROR(m, 1, 31);
+ m = (m >> 1) | ((m & 1) << 31);
/* print it out */
- (void)printf(" 0x%08lx,", (long) m);
+ printf(" 0x%08lx,", m);
if ( ( d & 3 ) == 3 )
- (void)printf("\n");
+ printf("\n");
}
- (void)printf("\n");
+ printf("\n");
}
break;
* Tables describing DES rather than just this implementation.
* These are used in desdata but NOT in runtime code.
*
- * $Id: desinfo.h,v 1.1 2007/04/05 14:20:35 nisse Exp $ */
+ */
/* des - fast & portable DES encryption & decryption.
* Copyright (C) 1992 Dana L. How
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
int
dsa_generate_keypair(struct dsa_public_key *pub,
struct dsa_private_key *key,
- void *random_ctx, nettle_random_func random,
- void *progress_ctx, nettle_progress_func progress,
+ void *random_ctx, nettle_random_func *random,
+ void *progress_ctx, nettle_progress_func *progress,
unsigned p_bits, unsigned q_bits)
{
mpz_t p0, p0q, r;
if (progress)
progress (progress_ctx, 'g');
- mpz_init_set(r, pub->q);
+ mpz_set(r, pub->q);
mpz_sub_ui(r, r, 2);
nettle_mpz_random(key->x, random_ctx, random, r);
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2010 Niels Möller
+ * Copyright (C) 2010 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
int
dsa_sha1_sign_digest(const struct dsa_public_key *pub,
const struct dsa_private_key *key,
- void *random_ctx, nettle_random_func random,
+ void *random_ctx, nettle_random_func *random,
const uint8_t *digest,
struct dsa_signature *signature)
{
int
dsa_sha1_sign(const struct dsa_public_key *pub,
const struct dsa_private_key *key,
- void *random_ctx, nettle_random_func random,
+ void *random_ctx, nettle_random_func *random,
struct sha1_ctx *hash,
struct dsa_signature *signature)
{
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002, 2003, 2010 Niels Möller
+ * Copyright (C) 2002, 2003, 2010 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2010 Niels Möller
+ * Copyright (C) 2010 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
int
dsa_sha256_sign_digest(const struct dsa_public_key *pub,
const struct dsa_private_key *key,
- void *random_ctx, nettle_random_func random,
+ void *random_ctx, nettle_random_func *random,
const uint8_t *digest,
struct dsa_signature *signature)
{
int
dsa_sha256_sign(const struct dsa_public_key *pub,
const struct dsa_private_key *key,
- void *random_ctx, nettle_random_func random,
+ void *random_ctx, nettle_random_func *random,
struct sha256_ctx *hash,
struct dsa_signature *signature)
{
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2010 Niels Möller
+ * Copyright (C) 2010 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002, 2010 Niels Möller
+ * Copyright (C) 2002, 2010 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
int
_dsa_sign(const struct dsa_public_key *pub,
const struct dsa_private_key *key,
- void *random_ctx, nettle_random_func random,
+ void *random_ctx, nettle_random_func *random,
unsigned digest_size,
const uint8_t *digest,
struct dsa_signature *signature)
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002, 2003 Niels Möller
+ * Copyright (C) 2002, 2003 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_DSA_H_INCLUDED
#include "nettle-types.h"
-#include "sha.h"
-
-/* For nettle_random_func */
-#include "nettle-meta.h"
+#include "sha1.h"
+#include "sha2.h"
#ifdef __cplusplus
extern "C" {
int
dsa_sha1_sign(const struct dsa_public_key *pub,
const struct dsa_private_key *key,
- void *random_ctx, nettle_random_func random,
+ void *random_ctx, nettle_random_func *random,
struct sha1_ctx *hash,
struct dsa_signature *signature);
int
dsa_sha256_sign(const struct dsa_public_key *pub,
const struct dsa_private_key *key,
- void *random_ctx, nettle_random_func random,
+ void *random_ctx, nettle_random_func *random,
struct sha256_ctx *hash,
struct dsa_signature *signature);
int
dsa_sha1_sign_digest(const struct dsa_public_key *pub,
const struct dsa_private_key *key,
- void *random_ctx, nettle_random_func random,
+ void *random_ctx, nettle_random_func *random,
const uint8_t *digest,
struct dsa_signature *signature);
int
dsa_sha256_sign_digest(const struct dsa_public_key *pub,
const struct dsa_private_key *key,
- void *random_ctx, nettle_random_func random,
+ void *random_ctx, nettle_random_func *random,
const uint8_t *digest,
struct dsa_signature *signature);
dsa_generate_keypair(struct dsa_public_key *pub,
struct dsa_private_key *key,
- void *random_ctx, nettle_random_func random,
+ void *random_ctx, nettle_random_func *random,
- void *progress_ctx, nettle_progress_func progress,
+ void *progress_ctx, nettle_progress_func *progress,
unsigned p_bits, unsigned q_bits);
/* Keys in sexp form. */
int
_dsa_sign(const struct dsa_public_key *pub,
const struct dsa_private_key *key,
- void *random_ctx, nettle_random_func random,
+ void *random_ctx, nettle_random_func *random,
unsigned digest_size,
const uint8_t *digest,
struct dsa_signature *signature);
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002, 2009 Niels Möller, Magnus Holmgren
+ * Copyright (C) 2002, 2009 Niels Möller, Magnus Holmgren
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
--- /dev/null
+/* ecc-192.c */
+
+/* Compile time constant (but machine dependent) tables. */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "ecc-internal.h"
+
+#define USE_REDC 0
+
+#include "ecc-192.h"
+
+#if HAVE_NATIVE_ecc_192_modp
+
+#define ecc_192_modp nettle_ecc_192_modp
+void
+ecc_192_modp (const struct ecc_curve *ecc, mp_limb_t *rp);
+
+/* Use that p = 2^{192} - 2^64 - 1, to eliminate 128 bits at a time. */
+
+#elif GMP_NUMB_BITS == 32
+/* p is 6 limbs, p = B^6 - B^2 - 1 */
+static void
+ecc_192_modp (const struct ecc_curve *ecc UNUSED, mp_limb_t *rp)
+{
+ mp_limb_t cy;
+
+ /* Reduce from 12 to 9 limbs (top limb small)*/
+ cy = mpn_add_n (rp + 2, rp + 2, rp + 8, 4);
+ cy = sec_add_1 (rp + 6, rp + 6, 2, cy);
+ cy += mpn_add_n (rp + 4, rp + 4, rp + 8, 4);
+ assert (cy <= 2);
+
+ rp[8] = cy;
+
+ /* Reduce from 9 to 6 limbs */
+ cy = mpn_add_n (rp, rp, rp + 6, 3);
+ cy = sec_add_1 (rp + 3, rp + 3, 2, cy);
+ cy += mpn_add_n (rp + 2, rp + 2, rp + 6, 3);
+ cy = sec_add_1 (rp + 5, rp + 5, 1, cy);
+
+ assert (cy <= 1);
+ cy = cnd_add_n (cy, rp, ecc_Bmodp, 6);
+ assert (cy == 0);
+}
+#elif GMP_NUMB_BITS == 64
+/* p is 3 limbs, p = B^3 - B - 1 */
+static void
+ecc_192_modp (const struct ecc_curve *ecc UNUSED, mp_limb_t *rp)
+{
+ mp_limb_t cy;
+
+ /* Reduce from 6 to 5 limbs (top limb small)*/
+ cy = mpn_add_n (rp + 1, rp + 1, rp + 4, 2);
+ cy = sec_add_1 (rp + 3, rp + 3, 1, cy);
+ cy += mpn_add_n (rp + 2, rp + 2, rp + 4, 2);
+ assert (cy <= 2);
+
+ rp[4] = cy;
+
+ /* Reduce from 5 to 4 limbs (high limb small) */
+ cy = mpn_add_n (rp, rp, rp + 3, 2);
+ cy = sec_add_1 (rp + 2, rp + 2, 1, cy);
+ cy += mpn_add_n (rp + 1, rp + 1, rp + 3, 2);
+
+ assert (cy <= 1);
+ cy = cnd_add_n (cy, rp, ecc_Bmodp, 3);
+ assert (cy == 0);
+}
+
+#else
+#define ecc_192_modp ecc_generic_modp
+#endif
+
+const struct ecc_curve nettle_secp_192r1 =
+{
+ 192,
+ ECC_LIMB_SIZE,
+ ECC_BMODP_SIZE,
+ ECC_BMODQ_SIZE,
+ USE_REDC,
+ ECC_REDC_SIZE,
+ ECC_PIPPENGER_K,
+ ECC_PIPPENGER_C,
+ ecc_p,
+ ecc_b,
+ ecc_q,
+ ecc_g,
+ ecc_redc_g,
+ ecc_192_modp,
+ ecc_generic_redc,
+ ecc_192_modp,
+ ecc_generic_modq,
+ ecc_Bmodp,
+ ecc_Bmodp_shifted,
+ ecc_pp1h,
+ ecc_redc_ppm1,
+ ecc_unit,
+ ecc_Bmodq,
+ ecc_Bmodq_shifted,
+ ecc_qp1h,
+ ecc_table
+};
+
--- /dev/null
+/* ecc-224.c.c */
+
+/* Compile time constant (but machine dependent) tables. */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "ecc-internal.h"
+
+#if HAVE_NATIVE_ecc_224_modp
+
+#define USE_REDC 0
+#define ecc_224_modp nettle_ecc_224_modp
+void
+ecc_224_modp (const struct ecc_curve *ecc, mp_limb_t *rp);
+
+#else
+#define USE_REDC (ECC_REDC_SIZE != 0)
+#define ecc_224_modp ecc_generic_modp
+#endif
+
+#include "ecc-224.h"
+
+const struct ecc_curve nettle_secp_224r1 =
+{
+ 224,
+ ECC_LIMB_SIZE,
+ ECC_BMODP_SIZE,
+ ECC_BMODQ_SIZE,
+ USE_REDC,
+ ECC_REDC_SIZE,
+ ECC_PIPPENGER_K,
+ ECC_PIPPENGER_C,
+ ecc_p,
+ ecc_b,
+ ecc_q,
+ ecc_g,
+ ecc_redc_g,
+ ecc_224_modp,
+ ecc_generic_redc,
+ USE_REDC ? ecc_generic_redc : ecc_224_modp,
+ ecc_generic_modq,
+ ecc_Bmodp,
+ ecc_Bmodp_shifted,
+ ecc_pp1h,
+ ecc_redc_ppm1,
+ ecc_unit,
+ ecc_Bmodq,
+ ecc_Bmodq_shifted,
+ ecc_qp1h,
+ ecc_table
+};
--- /dev/null
+/* ecc-256.c.c */
+
+/* Compile time constant (but machine dependent) tables. */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "ecc-internal.h"
+
+#if HAVE_NATIVE_ecc_256_redc
+# define USE_REDC 1
+#else
+# define USE_REDC (ECC_REDC_SIZE != 0)
+#endif
+
+#include "ecc-256.h"
+
+#if HAVE_NATIVE_ecc_256_redc
+# define ecc_256_redc nettle_ecc_256_redc
+void
+ecc_256_redc (const struct ecc_curve *ecc, mp_limb_t *rp);
+#else /* !HAVE_NATIVE_ecc_256_redc */
+# define ecc_256_redc ecc_generic_redc
+#endif
+
+#if ECC_BMODP_SIZE < ECC_LIMB_SIZE
+#define ecc_256_modp ecc_generic_modp
+#define ecc_256_modq ecc_generic_modq
+#elif GMP_NUMB_BITS == 64
+
+static void
+ecc_256_modp (const struct ecc_curve *ecc, mp_limb_t *rp)
+{
+ mp_limb_t u1, u0;
+ mp_size_t n;
+
+ n = 2*ecc->size;
+ u1 = rp[--n];
+ u0 = rp[n-1];
+
+ /* This is not particularly fast, but should work well with assembly implementation. */
+ for (; n >= ecc->size; n--)
+ {
+ mp_limb_t q2, q1, q0, t, cy;
+
+ /* <q2, q1, q0> = v * u1 + <u1,u0>, with v = 2^32 - 1:
+
+ +---+---+
+ | u1| u0|
+ +---+---+
+ |-u1|
+ +-+-+-+
+ | u1|
+ +---+-+-+-+-+
+ | q2| q1| q0|
+ +---+---+---+
+ */
+ q1 = u1 - (u1 > u0);
+ q0 = u0 - u1;
+ t = u1 << 32;
+ q0 += t;
+ t = (u1 >> 32) + (q0 < t) + 1;
+ q1 += t;
+ q2 = q1 < t;
+
+ /* Compute candidate remainder */
+ u1 = u0 + (q1 << 32) - q1;
+ t = -(mp_limb_t) (u1 > q0);
+ u1 -= t & 0xffffffff;
+ q1 += t;
+ q2 += t + (q1 < t);
+
+ assert (q2 < 2);
+
+ /* We multiply by two low limbs of p, 2^96 - 1, so we could use
+ shifts rather than mul. */
+ t = mpn_submul_1 (rp + n - 4, ecc->p, 2, q1);
+ t += cnd_sub_n (q2, rp + n - 3, ecc->p, 1);
+ t += (-q2) & 0xffffffff;
+
+ u0 = rp[n-2];
+ cy = (u0 < t);
+ u0 -= t;
+ t = (u1 < cy);
+ u1 -= cy;
+ u1 += cnd_add_n (t, rp + n - 4, ecc->p, 3);
+ u1 -= (-t) & 0xffffffff;
+ }
+ rp[2] = u0;
+ rp[3] = u1;
+}
+
+static void
+ecc_256_modq (const struct ecc_curve *ecc, mp_limb_t *rp)
+{
+ mp_limb_t u2, u1, u0;
+ mp_size_t n;
+
+ n = 2*ecc->size;
+ u2 = rp[--n];
+ u1 = rp[n-1];
+
+ /* This is not particularly fast, but should work well with assembly implementation. */
+ for (; n >= ecc->size; n--)
+ {
+ mp_limb_t q2, q1, q0, t, c1, c0;
+
+ u0 = rp[n-2];
+
+ /* <q2, q1, q0> = v * u2 + <u2,u1>, same method as above.
+
+ +---+---+
+ | u2| u1|
+ +---+---+
+ |-u2|
+ +-+-+-+
+ | u2|
+ +---+-+-+-+-+
+ | q2| q1| q0|
+ +---+---+---+
+ */
+ q1 = u2 - (u2 > u1);
+ q0 = u1 - u2;
+ t = u2 << 32;
+ q0 += t;
+ t = (u2 >> 32) + (q0 < t) + 1;
+ q1 += t;
+ q2 = q1 < t;
+
+ /* Compute candidate remainder, <u1, u0> - <q2, q1> * (2^128 - 2^96 + 2^64 - 1)
+ <u1, u0> + 2^64 q2 + (2^96 - 2^64 + 1) q1 (mod 2^128)
+
+ +---+---+
+ | u1| u0|
+ +---+---+
+ | q2| q1|
+ +---+---+
+ |-q1|
+ +-+-+-+
+ | q1|
+ --+-+-+-+---+
+ | u2| u1|
+ +---+---+
+ */
+ u2 = u1 + q2 - q1;
+ u1 = u0 + q1;
+ u2 += (u1 < q1);
+ u2 += (q1 << 32);
+
+ t = -(mp_limb_t) (u2 >= q0);
+ q1 += t;
+ q2 += t + (q1 < t);
+ u1 += t;
+ u2 += (t << 32) + (u1 < t);
+
+ assert (q2 < 2);
+
+ c0 = cnd_sub_n (q2, rp + n - 3, ecc->q, 1);
+ c0 += (-q2) & ecc->q[1];
+ t = mpn_submul_1 (rp + n - 4, ecc->q, 2, q1);
+ c0 += t;
+ c1 = c0 < t;
+
+ /* Construct underflow condition. */
+ c1 += (u1 < c0);
+ t = - (mp_limb_t) (u2 < c1);
+
+ u1 -= c0;
+ u2 -= c1;
+
+ /* Conditional add of p */
+ u1 += t;
+ u2 += (t<<32) + (u0 < t);
+
+ t = cnd_add_n (t, rp + n - 4, ecc->q, 2);
+ u1 += t;
+ u2 += (u1 < t);
+ }
+ rp[2] = u1;
+ rp[3] = u2;
+}
+
+#else
+#error Unsupported parameters
+#endif
+
+const struct ecc_curve nettle_secp_256r1 =
+{
+ 256,
+ ECC_LIMB_SIZE,
+ ECC_BMODP_SIZE,
+ ECC_BMODQ_SIZE,
+ USE_REDC,
+ ECC_REDC_SIZE,
+ ECC_PIPPENGER_K,
+ ECC_PIPPENGER_C,
+ ecc_p,
+ ecc_b,
+ ecc_q,
+ ecc_g,
+ ecc_redc_g,
+ ecc_256_modp,
+ ecc_256_redc,
+ USE_REDC ? ecc_256_redc : ecc_256_modp,
+ ecc_256_modq,
+ ecc_Bmodp,
+ ecc_Bmodp_shifted,
+ ecc_pp1h,
+ ecc_redc_ppm1,
+ ecc_unit,
+ ecc_Bmodq,
+ ecc_Bmodq_shifted,
+ ecc_qp1h,
+ ecc_table
+};
--- /dev/null
+/* ecc-384.c.c */
+
+/* Compile time constant (but machine dependent) tables. */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "ecc-internal.h"
+
+#define USE_REDC 0
+
+#include "ecc-384.h"
+
+#if HAVE_NATIVE_ecc_384_modp
+#define ecc_384_modp nettle_ecc_384_modp
+void
+ecc_384_modp (const struct ecc_curve *ecc, mp_limb_t *rp);
+#elif GMP_NUMB_BITS == 32
+
+/* Use that 2^{384} = 2^{128} + 2^{96} - 2^{32} + 1, and eliminate 256
+ bits at a time.
+
+ We can get carry == 2 in the first iteration, and I think *only* in
+ the first iteration. */
+
+/* p is 12 limbs, and B^12 - p = B^4 + B^3 - B + 1. We can eliminate
+ almost 8 at a time. Do only 7, to avoid additional carry
+ propagation, followed by 5. */
+static void
+ecc_384_modp (const struct ecc_curve *ecc, mp_limb_t *rp)
+{
+ mp_limb_t cy, bw;
+
+ /* Reduce from 24 to 17 limbs. */
+ cy = mpn_add_n (rp + 4, rp + 4, rp + 16, 8);
+ cy = sec_add_1 (rp + 12, rp + 12, 3, cy);
+
+ bw = mpn_sub_n (rp + 5, rp + 5, rp + 16, 8);
+ bw = sec_sub_1 (rp + 13, rp + 13, 3, bw);
+
+ cy += mpn_add_n (rp + 7, rp + 7, rp + 16, 8);
+ cy = sec_add_1 (rp + 15, rp + 15, 1, cy);
+
+ cy += mpn_add_n (rp + 8, rp + 8, rp + 16, 8);
+ assert (bw <= cy);
+ cy -= bw;
+
+ assert (cy <= 2);
+ rp[16] = cy;
+
+ /* Reduce from 17 to 12 limbs */
+ cy = mpn_add_n (rp, rp, rp + 12, 5);
+ cy = sec_add_1 (rp + 5, rp + 5, 3, cy);
+
+ bw = mpn_sub_n (rp + 1, rp + 1, rp + 12, 5);
+ bw = sec_sub_1 (rp + 6, rp + 6, 6, bw);
+
+ cy += mpn_add_n (rp + 3, rp + 3, rp + 12, 5);
+ cy = sec_add_1 (rp + 8, rp + 8, 1, cy);
+
+ cy += mpn_add_n (rp + 4, rp + 4, rp + 12, 5);
+ cy = sec_add_1 (rp + 9, rp + 9, 3, cy);
+
+ assert (cy >= bw);
+ cy -= bw;
+ assert (cy <= 1);
+ cy = cnd_add_n (cy, rp, ecc->Bmodp, ECC_LIMB_SIZE);
+ assert (cy == 0);
+}
+#elif GMP_NUMB_BITS == 64
+/* p is 6 limbs, and B^6 - p = B^2 + 2^32 (B - 1) + 1. Eliminate 3
+ (almost 4) limbs at a time. */
+static void
+ecc_384_modp (const struct ecc_curve *ecc, mp_limb_t *rp)
+{
+ mp_limb_t tp[6];
+ mp_limb_t cy;
+
+ /* Reduce from 12 to 9 limbs */
+ tp[0] = 0; /* FIXME: Could use mpn_sub_nc */
+ mpn_copyi (tp + 1, rp + 8, 3);
+ tp[4] = rp[11] - mpn_sub_n (tp, tp, rp + 8, 4);
+ tp[5] = mpn_lshift (tp, tp, 5, 32);
+
+ cy = mpn_add_n (rp + 2, rp + 2, rp + 8, 4);
+ cy = sec_add_1 (rp + 6, rp + 6, 2, cy);
+
+ cy += mpn_add_n (rp + 2, rp + 2, tp, 6);
+ cy += mpn_add_n (rp + 4, rp + 4, rp + 8, 4);
+
+ assert (cy <= 2);
+ rp[8] = cy;
+
+ /* Reduce from 9 to 6 limbs */
+ tp[0] = 0;
+ mpn_copyi (tp + 1, rp + 6, 2);
+ tp[3] = rp[8] - mpn_sub_n (tp, tp, rp + 6, 3);
+ tp[4] = mpn_lshift (tp, tp, 4, 32);
+
+ cy = mpn_add_n (rp, rp, rp + 6, 3);
+ cy = sec_add_1 (rp + 3, rp + 3, 2, cy);
+ cy += mpn_add_n (rp, rp, tp, 5);
+ cy += mpn_add_n (rp + 2, rp + 2, rp + 6, 3);
+
+ cy = sec_add_1 (rp + 5, rp + 5, 1, cy);
+ assert (cy <= 1);
+
+ cy = cnd_add_n (cy, rp, ecc->Bmodp, ECC_LIMB_SIZE);
+ assert (cy == 0);
+}
+#else
+#define ecc_384_modp ecc_generic_modp
+#endif
+
+const struct ecc_curve nettle_secp_384r1 =
+{
+ 384,
+ ECC_LIMB_SIZE,
+ ECC_BMODP_SIZE,
+ ECC_BMODQ_SIZE,
+ USE_REDC,
+ ECC_REDC_SIZE,
+ ECC_PIPPENGER_K,
+ ECC_PIPPENGER_C,
+ ecc_p,
+ ecc_b,
+ ecc_q,
+ ecc_g,
+ ecc_redc_g,
+ ecc_384_modp,
+ ECC_REDC_SIZE != 0 ? ecc_generic_redc : NULL,
+ ecc_384_modp,
+ ecc_generic_modq,
+ ecc_Bmodp,
+ ecc_Bmodp_shifted,
+ ecc_pp1h,
+ ecc_redc_ppm1,
+ ecc_unit,
+ ecc_Bmodq,
+ ecc_Bmodq_shifted,
+ ecc_qp1h,
+ ecc_table
+};
--- /dev/null
+/* ecc-521.c.c */
+
+/* Compile time constant (but machine dependent) tables. */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "ecc-internal.h"
+
+#define USE_REDC 0
+
+#include "ecc-521.h"
+
+#if HAVE_NATIVE_ecc_521_modp
+#define ecc_521_modp nettle_ecc_521_modp
+void
+ecc_521_modp (const struct ecc_curve *ecc, mp_limb_t *rp);
+
+#else
+
+#define B_SHIFT (521 % GMP_NUMB_BITS)
+#define BMODP_SHIFT (GMP_NUMB_BITS - B_SHIFT)
+#define BMODP ((mp_limb_t) 1 << BMODP_SHIFT)
+
+/* Result may be *slightly* larger than 2^521 */
+static void
+ecc_521_modp (const struct ecc_curve *ecc UNUSED, mp_limb_t *rp)
+{
+ /* FIXME: Should use mpn_addlsh_n_ip1 */
+ mp_limb_t hi;
+ /* Reduce from 2*ECC_LIMB_SIZE to ECC_LIMB_SIZE + 1 */
+ rp[ECC_LIMB_SIZE]
+ = mpn_addmul_1 (rp, rp + ECC_LIMB_SIZE, ECC_LIMB_SIZE, BMODP);
+ hi = mpn_addmul_1 (rp, rp + ECC_LIMB_SIZE, 1, BMODP);
+ hi = sec_add_1 (rp + 1, rp + 1, ECC_LIMB_SIZE - 1, hi);
+
+ /* Combine hi with top bits, and add in. */
+ hi = (hi << BMODP_SHIFT) | (rp[ECC_LIMB_SIZE-1] >> B_SHIFT);
+ rp[ECC_LIMB_SIZE-1] = (rp[ECC_LIMB_SIZE-1]
+ & (((mp_limb_t) 1 << B_SHIFT)-1))
+ + sec_add_1 (rp, rp, ECC_LIMB_SIZE - 1, hi);
+}
+#endif
+
+const struct ecc_curve nettle_secp_521r1 =
+{
+ 521,
+ ECC_LIMB_SIZE,
+ ECC_BMODP_SIZE,
+ ECC_BMODQ_SIZE,
+ USE_REDC,
+ ECC_REDC_SIZE,
+ ECC_PIPPENGER_K,
+ ECC_PIPPENGER_C,
+ ecc_p,
+ ecc_b,
+ ecc_q,
+ ecc_g,
+ ecc_redc_g,
+ ecc_521_modp,
+ ecc_generic_redc,
+ ecc_521_modp,
+ ecc_generic_modq,
+ ecc_Bmodp,
+ ecc_Bmodp_shifted,
+ ecc_pp1h,
+ ecc_redc_ppm1,
+ ecc_unit,
+ ecc_Bmodq,
+ ecc_Bmodq_shifted,
+ ecc_qp1h,
+ ecc_table
+};
+
--- /dev/null
+/* ecc-a-to-j.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "ecc.h"
+#include "ecc-internal.h"
+
+void
+ecc_a_to_j (const struct ecc_curve *ecc,
+ int initial,
+ mp_limb_t *r, const mp_limb_t *p)
+{
+ if (ecc->use_redc && initial)
+ {
+ mpn_copyd (r + ecc->size, p, 2*ecc->size);
+
+ mpn_zero (r, ecc->size);
+ ecc->modp (ecc, r);
+
+ mpn_zero (r + ecc->size, ecc->size);
+ ecc->modp (ecc, r + ecc->size);
+ }
+ else if (r != p)
+ mpn_copyi (r, p, 2*ecc->size);
+
+ mpn_copyi (r + 2*ecc->size, ecc->unit, ecc->size);
+}
--- /dev/null
+/* ecc-dup-jj.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "ecc.h"
+#include "ecc-internal.h"
+
+/* NOTE: Behaviour for corner cases:
+
+ + p = 0 ==> r = 0 (invalid except if also q = 0)
+
+ + q = 0 ==> r = invalid
+
+ + p = -q ==> r = 0, correct!
+
+ + p = q ==> r = 0, invalid
+*/
+
+mp_size_t
+ecc_add_jja_itch (const struct ecc_curve *ecc)
+{
+ return ECC_ADD_JJA_ITCH (ecc->size);
+}
+
+void
+ecc_add_jja (const struct ecc_curve *ecc,
+ mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q,
+ mp_limb_t *scratch)
+{
+ /* Formulas, from djb,
+ http://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b):
+
+ Computation Operation Live variables
+
+ ZZ = Z_1^2 sqr ZZ
+ H = X_2*ZZ - X_1 mul (djb: U_2) ZZ, H
+ HH = H^2 sqr ZZ, H, HH
+ ZZZ = ZZ*Z_1 mul ZZ, H, HH, ZZZ
+ Z_3 = (Z_1+H)^2-ZZ-HH sqr H, HH, ZZZ
+ W = 2 (Y_2*ZZZ - Y_1) mul (djb: S_2) H, HH, W
+ I = 4*HH H, W, I
+ J = H*I mul W, I, J
+ V = X_1*I mul W, J, V
+ X_3 = W^2-J-2*V sqr W, J, V
+ Y_3 = W*(V-X_3)-2*Y_1*J mul, mul
+ */
+#define zz scratch
+#define h (scratch + ecc->size)
+#define hh (scratch + 2*ecc->size)
+#define w (scratch + 3*ecc->size)
+#define j (scratch + 4*ecc->size)
+#define v scratch
+
+#define x1 p
+#define y1 (p + ecc->size)
+#define z1 (p + 2*ecc->size)
+#define x2 q
+#define y2 (q + ecc->size)
+
+ /* zz */
+ ecc_modp_sqr (ecc, zz, z1);
+ /* h*/
+ ecc_modp_mul (ecc, h, x2, zz);
+ ecc_modp_sub (ecc, h, h, x1);
+ /* hh */
+ ecc_modp_sqr (ecc, hh, h);
+ /* Do z^3 early, store at w. */
+ ecc_modp_mul (ecc, w, zz, z1);
+ /* z_3, use j area for scratch */
+ ecc_modp_add (ecc, r + 2*ecc->size, p + 2*ecc->size, h);
+ ecc_modp_sqr (ecc, j, r + 2*ecc->size);
+ ecc_modp_sub (ecc, j, j, zz);
+ ecc_modp_sub (ecc, r + 2*ecc->size, j, hh);
+
+ /* w */
+ ecc_modp_mul (ecc, j, y2, w);
+ ecc_modp_sub (ecc, w, j, y1);
+ ecc_modp_mul_1 (ecc, w, w, 2);
+
+ /* i replaces hh, j */
+ ecc_modp_mul_1 (ecc, hh, hh, 4);
+ ecc_modp_mul (ecc, j, hh, h);
+
+ /* v */
+ ecc_modp_mul (ecc, v, x1, hh);
+
+ /* x_3, use (h, hh) as sqratch */
+ ecc_modp_sqr (ecc, h, w);
+ ecc_modp_sub (ecc, r, h, j);
+ ecc_modp_submul_1 (ecc, r, v, 2);
+
+ /* y_3, use (h, hh) as sqratch */
+ ecc_modp_mul (ecc, h, y1, j); /* frees j */
+ ecc_modp_sub (ecc, r + ecc->size, v, r);
+ ecc_modp_mul (ecc, j, r + ecc->size, w);
+ ecc_modp_submul_1 (ecc, j, h, 2);
+ mpn_copyi (r + ecc->size, j, ecc->size);
+}
--- /dev/null
+/* ecc-add-jjj.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "ecc.h"
+#include "ecc-internal.h"
+
+mp_size_t
+ecc_add_jjj_itch (const struct ecc_curve *ecc)
+{
+ /* Needs 8 * ecc->size */
+ return ECC_ADD_JJJ_ITCH (ecc->size);
+}
+
+void
+ecc_add_jjj (const struct ecc_curve *ecc,
+ mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q,
+ mp_limb_t *scratch)
+{
+ /* Formulas, from djb,
+ http://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-2007-bl:
+
+ Computation Operation Live variables
+
+ Z1Z1 = Z1^2 sqr Z1Z1
+ Z2Z2 = Z2^2 sqr Z1Z1, Z2Z2
+ U1 = X1*Z2Z2 mul Z1Z1, Z2Z2, U1
+ U2 = X2*Z1Z1 mul Z1Z1, Z2Z2, U1, U2
+ H = U2-U1 Z1Z1, Z2Z2, U1, H
+ Z3 = ((Z1+Z2)^2-Z1Z1-Z2Z2)*H sqr, mul Z1Z1, Z2Z2, U1, H
+ S1 = Y1*Z2*Z2Z2 mul, mul Z1Z1, U1, H, S1
+ S2 = Y2*Z1*Z1Z1 mul, mul U1, H, S1, S2
+ W = 2*(S2-S1) (djb: r) U1, H, S1, W
+ I = (2*H)^2 sqr U1, H, S1, W, I
+ J = H*I mul U1, S1, W, J, V
+ V = U1*I mul S1, W, J, V
+ X3 = W^2-J-2*V sqr S1, W, J, V
+ Y3 = W*(V-X3)-2*S1*J mul, mul
+ */
+ mp_limb_t *z1z1 = scratch;
+ mp_limb_t *z2z2 = scratch + ecc->size;
+ mp_limb_t *u1 = scratch + 2*ecc->size;
+ mp_limb_t *u2 = scratch + 3*ecc->size;
+ mp_limb_t *s1 = scratch; /* overlap z1z1 */
+ mp_limb_t *s2 = scratch + ecc->size; /* overlap z2z2 */
+ mp_limb_t *i = scratch + 4*ecc->size;
+ mp_limb_t *j = scratch + 5*ecc->size;
+ mp_limb_t *v = scratch + 6*ecc->size;
+
+ /* z1^2, z2^2, u1 = x1 x2^2, u2 = x2 z1^2 - u1 */
+ ecc_modp_sqr (ecc, z1z1, p + 2*ecc->size);
+ ecc_modp_sqr (ecc, z2z2, q + 2*ecc->size);
+ ecc_modp_mul (ecc, u1, p, z2z2);
+ ecc_modp_mul (ecc, u2, q, z1z1);
+ ecc_modp_sub (ecc, u2, u2, u1); /* Store h in u2 */
+
+ /* z3, use i, j, v as scratch, result at i. */
+ ecc_modp_add (ecc, i, p + 2*ecc->size, q + 2*ecc->size);
+ ecc_modp_sqr (ecc, v, i);
+ ecc_modp_sub (ecc, v, v, z1z1);
+ ecc_modp_sub (ecc, v, v, z2z2);
+ ecc_modp_mul (ecc, i, v, u2);
+ /* Delayed write, to support in-place operation. */
+
+ /* s1 = y1 z2^3, s2 = y2 z1^3, scratch at j and v */
+ ecc_modp_mul (ecc, j, z1z1, p + 2*ecc->size); /* z1^3 */
+ ecc_modp_mul (ecc, v, z2z2, q + 2*ecc->size); /* z2^3 */
+ ecc_modp_mul (ecc, s1, p + ecc->size, v);
+ ecc_modp_mul (ecc, v, j, q + ecc->size);
+ ecc_modp_sub (ecc, s2, v, s1);
+ ecc_modp_mul_1 (ecc, s2, s2, 2);
+
+ /* Store z3 */
+ mpn_copyi (r + 2*ecc->size, i, ecc->size);
+
+ /* i, j, v */
+ ecc_modp_sqr (ecc, i, u2);
+ ecc_modp_mul_1 (ecc, i, i, 4);
+ ecc_modp_mul (ecc, j, u2, i);
+ ecc_modp_mul (ecc, v, u1, i);
+
+ /* now, u1, u2 and i are free for reuse .*/
+ /* x3, use u1, u2 as scratch */
+ ecc_modp_sqr (ecc, u1, s2);
+ ecc_modp_sub (ecc, r, u1, j);
+ ecc_modp_submul_1 (ecc, r, v, 2);
+
+ /* y3 */
+ ecc_modp_mul (ecc, u1, s1, j); /* Frees j */
+ ecc_modp_sub (ecc, u2, v, r); /* Frees v */
+ ecc_modp_mul (ecc, i, s2, u2);
+ ecc_modp_submul_1 (ecc, i, u1, 2);
+ mpn_copyi (r + ecc->size, i, ecc->size);
+}
--- /dev/null
+/* ecc-curve.h */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#ifndef NETTLE_ECC_CURVE_H_INCLUDED
+#define NETTLE_ECC_CURVE_H_INCLUDED
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* The contets of this struct is internal. */
+struct ecc_curve;
+
+extern const struct ecc_curve nettle_secp_192r1;
+extern const struct ecc_curve nettle_secp_224r1;
+extern const struct ecc_curve nettle_secp_256r1;
+extern const struct ecc_curve nettle_secp_384r1;
+extern const struct ecc_curve nettle_secp_521r1;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* NETTLE_ECC_CURVE_H_INCLUDED */
--- /dev/null
+/* ecc-dup-jj.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "ecc.h"
+#include "ecc-internal.h"
+
+/* NOTE: Behaviour for corner cases:
+
+ + p = 0 ==> r = 0, correct!
+*/
+mp_size_t
+ecc_dup_jj_itch (const struct ecc_curve *ecc)
+{
+ return ECC_DUP_JJ_ITCH (ecc->size);
+}
+
+void
+ecc_dup_jj (const struct ecc_curve *ecc,
+ mp_limb_t *r, const mp_limb_t *p,
+ mp_limb_t *scratch)
+{
+ /* Formulas (from djb,
+ http://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b):
+
+ Computation Operation Live variables
+ delta = z^2 sqr delta
+ gamma = y^2 sqr delta, gamma
+ z' = (y+z)^2-gamma-delta sqr delta, gamma
+ alpha = 3*(x-delta)*(x+delta) mul gamma, beta, alpha
+ beta = x*gamma mul gamma, beta, alpha
+ x' = alpha^2-8*beta sqr gamma, beta, alpha
+ y' = alpha*(4*beta-x')-8*gamma^2 mul, sqr
+ */
+
+#define delta scratch
+#define gamma (scratch + ecc->size)
+#define beta (scratch + 2*ecc->size)
+#define g2 (scratch + 3*ecc->size)
+#define sum (scratch + 4*ecc->size)
+#define alpha scratch /* Overlap delta */
+
+#define xp p
+#define yp (p + ecc->size)
+#define zp (p + 2*ecc->size)
+
+ /* delta */
+ ecc_modp_sqr (ecc, delta, zp);
+
+ /* gamma */
+ ecc_modp_sqr (ecc, gamma, yp);
+
+ /* z'. Can use beta area as scratch. */
+ ecc_modp_add (ecc, r + 2*ecc->size, yp, zp);
+ ecc_modp_sqr (ecc, beta, r + 2*ecc->size);
+ ecc_modp_sub (ecc, beta, beta, gamma);
+ ecc_modp_sub (ecc, r + 2*ecc->size, beta, delta);
+
+ /* alpha. Can use beta area as scratch, and overwrite delta. */
+ ecc_modp_add (ecc, sum, xp, delta);
+ ecc_modp_sub (ecc, delta, xp, delta);
+ ecc_modp_mul (ecc, beta, sum, delta);
+ ecc_modp_mul_1 (ecc, alpha, beta, 3);
+
+ /* beta */
+ ecc_modp_mul (ecc, beta, xp, gamma);
+
+ /* Do gamma^2 and 4*beta early, to get them out of the way. We can
+ then use the old area at gamma as scratch. */
+ ecc_modp_sqr (ecc, g2, gamma);
+ ecc_modp_mul_1 (ecc, sum, beta, 4);
+
+ /* x' */
+ ecc_modp_sqr (ecc, gamma, alpha); /* Overwrites gamma and beta */
+ ecc_modp_submul_1 (ecc, gamma, sum, 2);
+ mpn_copyi (r, gamma, ecc->size);
+
+ /* y' */
+ ecc_modp_sub (ecc, sum, sum, r);
+ ecc_modp_mul (ecc, gamma, sum, alpha);
+ ecc_modp_submul_1 (ecc, gamma, g2, 8);
+ mpn_copyi (r + ecc->size, gamma, ecc->size);
+}
--- /dev/null
+/* ecc-ecdsa-sign.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+#include <stdlib.h>
+
+#include "ecdsa.h"
+#include "ecc-internal.h"
+
+/* Low-level ECDSA signing */
+
+mp_size_t
+ecc_ecdsa_sign_itch (const struct ecc_curve *ecc)
+{
+ /* Needs 3*ecc->size + scratch for ecc_mul_g. */
+ return ECC_ECDSA_SIGN_ITCH (ecc->size);
+}
+
+/* NOTE: Caller should check if r or s is zero. */
+void
+ecc_ecdsa_sign (const struct ecc_curve *ecc,
+ const mp_limb_t *zp,
+ /* Random nonce, must be invertible mod ecc group
+ order. */
+ const mp_limb_t *kp,
+ unsigned length, const uint8_t *digest,
+ mp_limb_t *rp, mp_limb_t *sp,
+ mp_limb_t *scratch)
+{
+ mp_limb_t cy;
+#define P scratch
+#define kinv scratch /* Needs 5*ecc->size for computation */
+#define hp (scratch + ecc->size) /* NOTE: ecc->size + 1 limbs! */
+#define tp (scratch + 2*ecc->size)
+ /* Procedure, according to RFC 6090, "KT-I". q denotes the group
+ order.
+
+ 1. k <-- uniformly random, 0 < k < q
+
+ 2. R <-- (r_x, r_y) = k g
+
+ 3. s1 <-- r_x mod q
+
+ 4. s2 <-- (h + z*s1)/k mod q.
+ */
+
+ ecc_mul_g (ecc, P, kp, P + 3*ecc->size);
+ /* x coordinate only */
+ ecc_j_to_a (ecc, 3, rp, P, P + 3*ecc->size);
+
+ /* We need to reduce x coordinate mod ecc->q. It should already
+ be < 2*ecc->q, so one subtraction should suffice. */
+ cy = mpn_sub_n (scratch, rp, ecc->q, ecc->size);
+ cnd_copy (cy == 0, rp, scratch, ecc->size);
+
+ /* Invert k, uses 5 * ecc->size including scratch */
+ mpn_copyi (hp, kp, ecc->size);
+ ecc_modq_inv (ecc, kinv, hp, tp);
+
+ /* Process hash digest */
+ ecc_hash (ecc, hp, length, digest);
+
+ ecc_modq_mul (ecc, tp, zp, rp);
+ ecc_modq_add (ecc, hp, hp, tp);
+ ecc_modq_mul (ecc, tp, hp, kinv);
+
+ mpn_copyi (sp, tp, ecc->size);
+#undef P
+#undef hp
+#undef kinv
+#undef tp
+}
--- /dev/null
+/* ecc-ecdsa-verify.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+#include <stdlib.h>
+
+#include "ecdsa.h"
+#include "ecc-internal.h"
+
+/* Low-level ECDSA verify */
+
+static int
+zero_p (const mp_limb_t *xp, mp_size_t n)
+{
+ while (n > 0)
+ if (xp[--n] > 0)
+ return 0;
+ return 1;
+}
+
+static int
+ecdsa_in_range (const struct ecc_curve *ecc, const mp_limb_t *xp)
+{
+ return !zero_p (xp, ecc->size)
+ && mpn_cmp (xp, ecc->q, ecc->size) < 0;
+}
+
+mp_size_t
+ecc_ecdsa_verify_itch (const struct ecc_curve *ecc)
+{
+ /* Largest storage need is for the ecc_mul_a call, 6 * ecc->size +
+ ECC_MUL_A_ITCH (size) */
+ return ECC_ECDSA_VERIFY_ITCH (ecc->size);
+}
+
+/* FIXME: Use faster primitives, not requiring side-channel silence. */
+int
+ecc_ecdsa_verify (const struct ecc_curve *ecc,
+ const mp_limb_t *pp, /* Public key */
+ unsigned length, const uint8_t *digest,
+ const mp_limb_t *rp, const mp_limb_t *sp,
+ mp_limb_t *scratch)
+{
+ /* Procedure, according to RFC 6090, "KT-I". q denotes the group
+ order.
+
+ 1. Check 0 < r, s < q.
+
+ 2. s' <-- s^{-1} (mod q)
+
+ 3. u1 <-- h * s' (mod q)
+
+ 4. u2 <-- r * s' (mod q)
+
+ 5. R = u1 G + u2 Y
+
+ 6. Signature is valid if R_x = r (mod q).
+ */
+
+#define P2 scratch
+#define P1 (scratch + 3*ecc->size)
+#define sinv (scratch + 3*ecc->size)
+#define u2 (scratch + 4*ecc->size)
+#define hp (scratch + 4*ecc->size)
+#define u1 (scratch + 6*ecc->size)
+
+ if (! (ecdsa_in_range (ecc, rp)
+ && ecdsa_in_range (ecc, sp)))
+ return 0;
+
+ /* FIXME: Micro optimizations: Either simultaneous multiplication.
+ Or convert to projective coordinates (can be done without
+ division, I think), and write an ecc_add_ppp. */
+
+ /* Compute sinv, use P2 as scratch */
+ mpn_copyi (sinv + ecc->size, sp, ecc->size);
+ ecc_modq_inv (ecc, sinv, sinv + ecc->size, P2);
+
+ /* u2 = r / s, P2 = u2 * Y */
+ ecc_modq_mul (ecc, u2, rp, sinv);
+
+ /* Total storage: 5*ecc->size + ECC_MUL_A_ITCH (ecc->size) */
+ ecc_mul_a (ecc, 1, P2, u2, pp, u2 + ecc->size);
+
+ /* u1 = h / s, P1 = u1 * G */
+ ecc_hash (ecc, hp, length, digest);
+ ecc_modq_mul (ecc, u1, hp, sinv);
+
+ /* u = 0 can happen only if h = 0 or h = q, which is extremely
+ unlikely. */
+ if (!zero_p (u1, ecc->size))
+ {
+ /* Total storage: 6*ecc->size + ECC_MUL_G_ITCH (ecc->size) */
+ ecc_mul_g (ecc, P1, u1, u1 + ecc->size);
+
+ /* NOTE: ecc_add_jjj and/or ecc_j_to_a will produce garbage in
+ case u1 G = +/- u2 V. However, anyone who gets his or her
+ hands on a signature where this happens during verification,
+ can also get the private key as z = +/- u1 / u_2 (mod q). And
+ then it doesn't matter very much if verification of
+ signatures with that key succeeds or fails.
+
+ u1 G = - u2 V can never happen for a correctly generated
+ signature, since it implies k = 0.
+
+ u1 G = u2 V is possible, if we are unlucky enough to get h /
+ s_1 = z. Hitting that is about as unlikely as finding the
+ private key by guessing.
+ */
+ /* Total storage: 6*ecc->size + ECC_ADD_JJJ_ITCH (ecc->size) */
+ ecc_add_jjj (ecc, P1, P1, P2, u1);
+ }
+ ecc_j_to_a (ecc, 3, P2, P1, u1);
+
+ if (mpn_cmp (P2, ecc->q, ecc->size) >= 0)
+ mpn_sub_n (P2, P2, ecc->q, ecc->size);
+
+ return (mpn_cmp (rp, P2, ecc->size) == 0);
+#undef P2
+#undef P1
+#undef sinv
+#undef u2
+#undef hp
+#undef u1
+}
--- /dev/null
+/* ecc-generic-modp.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "ecc-internal.h"
+
+void
+ecc_generic_modp (const struct ecc_curve *ecc, mp_limb_t *rp)
+{
+ assert (ecc->Bmodp_size < ecc->size);
+
+ ecc_mod (rp, 2*ecc->size, ecc->size, ecc->Bmodp, ecc->Bmodp_size,
+ ecc->Bmodp_shifted,
+ ecc->size * GMP_NUMB_BITS - ecc->bit_size);
+}
--- /dev/null
+/* ecc-generic-modq.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "ecc-internal.h"
+
+void
+ecc_generic_modq (const struct ecc_curve *ecc, mp_limb_t *rp)
+{
+ assert (ecc->Bmodq_size < ecc->size);
+
+ ecc_mod (rp, 2*ecc->size, ecc->size, ecc->Bmodq, ecc->Bmodq_size,
+ ecc->Bmodq_shifted,
+ ecc->size * GMP_NUMB_BITS - ecc->bit_size);
+}
--- /dev/null
+/* ecc-generic-redc.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "ecc-internal.h"
+
+void
+ecc_generic_redc (const struct ecc_curve *ecc, mp_limb_t *rp)
+{
+ unsigned i;
+ mp_limb_t hi, cy;
+ unsigned shift = ecc->size * GMP_NUMB_BITS - ecc->bit_size;
+ mp_size_t k = ecc->redc_size;
+
+ assert (k != 0);
+ if (k > 0)
+ {
+ /* Use that 1 = p + 1, and that at least one low limb of p + 1 is zero. */
+ for (i = 0; i < ecc->size; i++)
+ rp[i] = mpn_addmul_1 (rp + i + k,
+ ecc->redc_ppm1, ecc->size - k, rp[i]);
+ hi = mpn_add_n (rp, rp, rp + ecc->size, ecc->size);
+ if (shift > 0)
+ {
+ hi = (hi << shift) | (rp[ecc->size - 1] >> (GMP_NUMB_BITS - shift));
+ rp[ecc->size - 1] = (rp[ecc->size - 1]
+ & (((mp_limb_t) 1 << (GMP_NUMB_BITS - shift)) - 1))
+ + mpn_addmul_1 (rp, ecc->Bmodp_shifted, ecc->size-1, hi);
+
+ }
+ else
+ {
+ cy = cnd_sub_n (hi, rp, ecc->p, ecc->size);
+ assert (cy == hi);
+ }
+ }
+ else
+ {
+ /* Use that 1 = - (p - 1), and that at least one low limb of p -
+ 1 is zero. */
+ k = -k;
+ for (i = 0; i < ecc->size; i++)
+ rp[i] = mpn_submul_1 (rp + i + k,
+ ecc->redc_ppm1, ecc->size - k, rp[i]);
+ hi = mpn_sub_n (rp, rp + ecc->size, rp, ecc->size);
+ cy = cnd_add_n (hi, rp, ecc->p, ecc->size);
+ assert (cy == hi);
+
+ if (shift > 0)
+ {
+ /* Result is always < 2p, provided that
+ 2^shift * Bmodp_shifted <= p */
+ hi = (rp[ecc->size - 1] >> (GMP_NUMB_BITS - shift));
+ rp[ecc->size - 1] = (rp[ecc->size - 1]
+ & (((mp_limb_t) 1 << (GMP_NUMB_BITS - shift)) - 1))
+ + mpn_addmul_1 (rp, ecc->Bmodp_shifted, ecc->size-1, hi);
+ }
+ }
+}
--- /dev/null
+/* ecdsa-hash.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "ecc-internal.h"
+
+/* Convert hash value to an integer. If the digest is larger than
+ the ecc bit size, then we must truncate it and use the leftmost
+ bits. */
+
+/* NOTE: We don't considered the hash value to be secret, so it's ok
+ if the running time of this conversion depends on h.
+
+ Requires ecc->size + 1 limbs, the extra limb may be needed for
+ unusual limb sizes.
+*/
+void
+ecc_hash (const struct ecc_curve *ecc,
+ mp_limb_t *hp,
+ unsigned length, const uint8_t *digest)
+{
+ if (length > ((unsigned) ecc->bit_size + 7) / 8)
+ length = (ecc->bit_size + 7) / 8;
+
+ mpn_set_base256 (hp, ecc->size + 1, digest, length);
+
+ if (8 * length > ecc->bit_size)
+ /* We got a few extra bits, at the low end. Discard them. */
+ mpn_rshift (hp, hp, ecc->size + 1, 8*length - ecc->bit_size);
+}
--- /dev/null
+/* ecc-internal.h */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#ifndef NETTLE_ECC_INTERNAL_H_INCLUDED
+#define NETTLE_ECC_INTERNAL_H_INCLUDED
+
+#include <gmp.h>
+
+#include "nettle-types.h"
+#include "ecc-curve.h"
+#include "gmp-glue.h"
+
+/* Name mangling */
+#define ecc_generic_modp _nettle_ecc_generic_modp
+#define ecc_generic_redc _nettle_ecc_generic_redc
+#define ecc_generic_modq _nettle_ecc_generic_modq
+#define ecc_modp_add _nettle_ecc_modp_add
+#define ecc_modp_sub _nettle_ecc_modp_sub
+#define ecc_modp_sub_1 _nettle_ecc_modp_sub_1
+#define ecc_modp_mul_1 _nettle_ecc_modp_mul_1
+#define ecc_modp_addmul_1 _nettle_ecc_modp_addmul_1
+#define ecc_modp_submul_1 _nettle_ecc_modp_submul_1
+#define ecc_modp_mul _nettle_ecc_modp_mul
+#define ecc_modp_sqr _nettle_ecc_modp_sqr
+#define ecc_modp_inv _nettle_ecc_modp_inv
+#define ecc_modq_mul _nettle_ecc_modq_mul
+#define ecc_modq_add _nettle_ecc_modq_add
+#define ecc_modq_inv _nettle_ecc_modq_inv
+#define ecc_modq_random _nettle_ecc_modq_random
+#define ecc_mod _nettle_ecc_mod
+#define ecc_hash _nettle_ecc_hash
+#define cnd_copy _nettle_cnd_copy
+#define sec_add_1 _nettle_sec_add_1
+#define sec_sub_1 _nettle_sec_sub_1
+#define sec_tabselect _nettle_sec_tabselect
+#define sec_modinv _nettle_sec_modinv
+
+#define ECC_MAX_SIZE ((521 + GMP_NUMB_BITS - 1) / GMP_NUMB_BITS)
+
+/* Window size for ecc_mul_a. Using 4 bits seems like a good choice,
+ for both Intel x86_64 and ARM Cortex A9. For the larger curves, of
+ 384 and 521 bits, we could improve seepd by a few percent if we go
+ up to 5 bits, but I don't think that's worth doubling the
+ storage. */
+#define ECC_MUL_A_WBITS 4
+
+/* Reduces from 2*ecc->size to ecc->size. */
+/* Required to return a result < 2q. This property is inherited by
+ modp_mul and modp_add. */
+typedef void ecc_mod_func (const struct ecc_curve *ecc, mp_limb_t *rp);
+
+/* Represents an elliptic curve of the form
+
+ y^2 = x^3 - 3x + b (mod p)
+*/
+struct ecc_curve
+{
+ unsigned short bit_size;
+ /* Limb size of elements in the base field, size of a point is
+ 2*size in affine coordinates and 3*size in jacobian
+ coordinates. */
+ unsigned short size;
+ unsigned short Bmodp_size;
+ unsigned short Bmodq_size;
+ unsigned short use_redc;
+ /* +k if p+1 has k low zero limbs, -k if p-1 has k low zero
+ limbs. */
+ short redc_size;
+ unsigned short pippenger_k;
+ unsigned short pippenger_c;
+
+ /* The prime p. */
+ const mp_limb_t *p;
+ const mp_limb_t *b;
+ /* Group order. */
+ const mp_limb_t *q;
+ /* Generator, x coordinate followed by y (affine coordinates). */
+ const mp_limb_t *g;
+ /* Generator with coordinates in Montgomery form. */
+ const mp_limb_t *redc_g;
+
+ ecc_mod_func *modp;
+ ecc_mod_func *redc;
+ ecc_mod_func *reduce;
+ ecc_mod_func *modq;
+
+ /* B^size mod p. Expected to have at least 32 leading zeros
+ (equality for secp_256r1). */
+ const mp_limb_t *Bmodp;
+ /* 2^{bit_size} - p, same value as above, but shifted. */
+ const mp_limb_t *Bmodp_shifted;
+ /* (p+1)/2 */
+ const mp_limb_t *pp1h;
+ /* p +/- 1, for redc, excluding |redc_size| low limbs. */
+ const mp_limb_t *redc_ppm1;
+ /* For redc, same as Bmodp, otherwise 1. */
+ const mp_limb_t *unit;
+
+ /* Similarly, B^size mod q */
+ const mp_limb_t *Bmodq;
+ /* 2^{bit_size} - q, same value as above, but shifted. */
+ const mp_limb_t *Bmodq_shifted;
+ /* (q+1)/2 */
+ const mp_limb_t *qp1h;
+
+ /* Tables for multiplying by the generator, size determined by k and
+ c. The first 2^c entries are defined by
+
+ T[ j_0 + j_1 2 + ... + j_{c-1} 2^{c-1} ]
+ = j_0 g + j_1 2^k g + ... + j_{c-1} 2^{k(c-1)} g
+
+ The following entries differ by powers of 2^{kc},
+
+ T[i] = 2^{kc} T[i-2^c]
+ */
+ const mp_limb_t *pippenger_table;
+};
+
+/* In-place reduction. */
+ecc_mod_func ecc_generic_modp;
+ecc_mod_func ecc_generic_redc;
+ecc_mod_func ecc_generic_modq;
+
+
+void
+ecc_modp_add (const struct ecc_curve *ecc, mp_limb_t *rp,
+ const mp_limb_t *ap, const mp_limb_t *bp);
+void
+ecc_modp_sub (const struct ecc_curve *ecc, mp_limb_t *rp,
+ const mp_limb_t *ap, const mp_limb_t *bp);
+
+void
+ecc_modp_sub_1 (const struct ecc_curve *ecc, mp_limb_t *rp,
+ const mp_limb_t *ap, mp_limb_t b);
+
+void
+ecc_modp_mul_1 (const struct ecc_curve *ecc, mp_limb_t *rp,
+ const mp_limb_t *ap, const mp_limb_t b);
+
+void
+ecc_modp_addmul_1 (const struct ecc_curve *ecc, mp_limb_t *rp,
+ const mp_limb_t *ap, mp_limb_t b);
+void
+ecc_modp_submul_1 (const struct ecc_curve *ecc, mp_limb_t *rp,
+ const mp_limb_t *ap, mp_limb_t b);
+
+/* NOTE: mul and sqr needs 2*ecc->size limbs at rp */
+void
+ecc_modp_mul (const struct ecc_curve *ecc, mp_limb_t *rp,
+ const mp_limb_t *ap, const mp_limb_t *bp);
+
+void
+ecc_modp_sqr (const struct ecc_curve *ecc, mp_limb_t *rp,
+ const mp_limb_t *ap);
+
+void
+ecc_modp_inv (const struct ecc_curve *ecc, mp_limb_t *rp, mp_limb_t *ap,
+ mp_limb_t *scratch);
+
+/* mod q operations. */
+void
+ecc_modq_mul (const struct ecc_curve *ecc, mp_limb_t *rp,
+ const mp_limb_t *ap, const mp_limb_t *bp);
+void
+ecc_modq_add (const struct ecc_curve *ecc, mp_limb_t *rp,
+ const mp_limb_t *ap, const mp_limb_t *bp);
+
+void
+ecc_modq_inv (const struct ecc_curve *ecc, mp_limb_t *rp, mp_limb_t *ap,
+ mp_limb_t *scratch);
+
+void
+ecc_modq_random (const struct ecc_curve *ecc, mp_limb_t *xp,
+ void *ctx, nettle_random_func *random, mp_limb_t *scratch);
+
+void
+ecc_mod (mp_limb_t *rp, mp_size_t rn, mp_size_t mn,
+ const mp_limb_t *bp, mp_size_t bn,
+ const mp_limb_t *b_shifted, unsigned shift);
+
+void
+ecc_hash (const struct ecc_curve *ecc,
+ mp_limb_t *hp,
+ unsigned length, const uint8_t *digest);
+
+void
+cnd_copy (int cnd, mp_limb_t *rp, const mp_limb_t *ap, mp_size_t n);
+
+mp_limb_t
+sec_add_1 (mp_limb_t *rp, mp_limb_t *ap, mp_size_t n, mp_limb_t b);
+
+mp_limb_t
+sec_sub_1 (mp_limb_t *rp, mp_limb_t *ap, mp_size_t n, mp_limb_t b);
+
+void
+sec_tabselect (mp_limb_t *rp, mp_size_t rn,
+ const mp_limb_t *table, unsigned tn,
+ unsigned k);
+
+void
+sec_modinv (mp_limb_t *vp, mp_limb_t *ap, mp_size_t n,
+ const mp_limb_t *mp, const mp_limb_t *mp1h, mp_size_t bit_size,
+ mp_limb_t *scratch);
+
+/* Current scratch needs: */
+#define ECC_MODINV_ITCH(size) (3*(size))
+#define ECC_J_TO_A_ITCH(size) (5*(size))
+#define ECC_DUP_JA_ITCH(size) (5*(size))
+#define ECC_DUP_JJ_ITCH(size) (5*(size))
+#define ECC_ADD_JJA_ITCH(size) (6*(size))
+#define ECC_ADD_JJJ_ITCH(size) (8*(size))
+#define ECC_MUL_G_ITCH(size) (9*(size))
+#if ECC_MUL_A_WBITS == 0
+#define ECC_MUL_A_ITCH(size) (12*(size))
+#else
+#define ECC_MUL_A_ITCH(size) \
+ (((3 << ECC_MUL_A_WBITS) + 11) * (size))
+#endif
+#define ECC_ECDSA_SIGN_ITCH(size) (12*(size))
+#define ECC_ECDSA_VERIFY_ITCH(size) \
+ (6*(size) + ECC_MUL_A_ITCH ((size)))
+#define ECC_MODQ_RANDOM_ITCH(size) (size)
+#define ECC_HASH_ITCH(size) (1+(size))
+
+#endif /* NETTLE_ECC_INTERNAL_H_INCLUDED */
--- /dev/null
+/* ecc-j-to-a.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "ecc.h"
+#include "ecc-internal.h"
+
+mp_size_t
+ecc_j_to_a_itch (const struct ecc_curve *ecc)
+{
+ /* Needs 2*ecc->size + scratch for ecc_modq_inv */
+ return ECC_J_TO_A_ITCH (ecc->size);
+}
+
+void
+ecc_j_to_a (const struct ecc_curve *ecc,
+ int flags,
+ mp_limb_t *r, const mp_limb_t *p,
+ mp_limb_t *scratch)
+{
+#define izp scratch
+#define up (scratch + ecc->size)
+#define iz2p (scratch + ecc->size)
+#define iz3p (scratch + 2*ecc->size)
+#define izBp (scratch + 3*ecc->size)
+#define tp scratch
+
+ mp_limb_t cy;
+
+ if (ecc->use_redc)
+ {
+ /* Set v = (r_z / B^2)^-1,
+
+ r_x = p_x v^2 / B^3 = ((v/B * v)/B * p_x)/B
+ r_y = p_y v^3 / B^4 = (((v/B * v)/B * v)/B * p_x)/B
+
+ Skip the first redc, if we want to stay in Montgomery
+ representation.
+ */
+
+ mpn_copyi (up, p + 2*ecc->size, ecc->size);
+ mpn_zero (up + ecc->size, ecc->size);
+ ecc->redc (ecc, up);
+ mpn_zero (up + ecc->size, ecc->size);
+ ecc->redc (ecc, up);
+
+ ecc_modp_inv (ecc, izp, up, up + ecc->size);
+
+ if (flags & 1)
+ {
+ /* Divide this common factor by B */
+ mpn_copyi (izBp, izp, ecc->size);
+ mpn_zero (izBp + ecc->size, ecc->size);
+ ecc->redc (ecc, izBp);
+
+ ecc_modp_mul (ecc, iz2p, izp, izBp);
+ }
+ else
+ ecc_modp_sqr (ecc, iz2p, izp);
+ }
+ else
+ {
+ /* Set s = p_z^{-1}, r_x = p_x s^2, r_y = p_y s^3 */
+
+ mpn_copyi (up, p+2*ecc->size, ecc->size); /* p_z */
+ ecc_modp_inv (ecc, izp, up, up + ecc->size);
+
+ ecc_modp_sqr (ecc, iz2p, izp);
+ }
+
+ ecc_modp_mul (ecc, iz3p, iz2p, p);
+ /* ecc_modp (and ecc_modp_mul) may return a value up to 2p - 1, so
+ do a conditional subtraction. */
+ cy = mpn_sub_n (r, iz3p, ecc->p, ecc->size);
+ cnd_copy (cy, r, iz3p, ecc->size);
+
+ if (flags & 2)
+ /* Skip y coordinate */
+ return;
+
+ ecc_modp_mul (ecc, iz3p, iz2p, izp);
+ ecc_modp_mul (ecc, tp, iz3p, p + ecc->size);
+ /* And a similar subtraction. */
+ cy = mpn_sub_n (r + ecc->size, tp, ecc->p, ecc->size);
+ cnd_copy (cy, r + ecc->size, tp, ecc->size);
+
+#undef izp
+#undef up
+#undef iz2p
+#undef iz3p
+#undef tp
+}
--- /dev/null
+/* ecc-mod.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "ecc-internal.h"
+
+/* Computes r mod m, where m is of size mn. bp holds B^mn mod m, as mn
+ limbs, but the upper mn - bn libms are zero. */
+void
+ecc_mod (mp_limb_t *rp, mp_size_t rn, mp_size_t mn,
+ const mp_limb_t *bp, mp_size_t bn,
+ const mp_limb_t *b_shifted, unsigned shift)
+{
+ mp_limb_t hi;
+ mp_size_t sn = mn - bn;
+ mp_size_t i;
+
+ assert (sn > 0);
+
+ /* FIXME: Could use mpn_addmul_2. */
+ /* Eliminate sn = mn - bn limbs at a time */
+ if (bp[bn-1] < ((mp_limb_t) 1 << (GMP_NUMB_BITS - 1)))
+ {
+ /* Multiply sn + 1 limbs at a time, so we get a mn+1 limb
+ product. Then we can absorb the carry in the high limb */
+ while (rn > 2 * mn - bn)
+ {
+ rn -= sn;
+
+ for (i = 0; i <= sn; i++)
+ rp[rn+i-1] = mpn_addmul_1 (rp + rn - mn - 1 + i, bp, bn, rp[rn+i-1]);
+ rp[rn-1] = rp[rn+sn-1]
+ + mpn_add_n (rp + rn - sn - 1, rp + rn - sn - 1, rp + rn - 1, sn);
+ }
+ goto final_limbs;
+ }
+ else
+ {
+ while (rn >= 2 * mn - bn)
+ {
+ rn -= sn;
+
+ for (i = 0; i < sn; i++)
+ rp[rn+i] = mpn_addmul_1 (rp + rn - mn + i, bp, bn, rp[rn+i]);
+
+ hi = mpn_add_n (rp + rn - sn, rp + rn - sn, rp + rn, sn);
+ hi = cnd_add_n (hi, rp + rn - mn, bp, mn);
+ assert (hi == 0);
+ }
+ }
+
+ if (rn > mn)
+ {
+ final_limbs:
+ sn = rn - mn;
+
+ for (i = 0; i < sn; i++)
+ rp[mn+i] = mpn_addmul_1 (rp + i, bp, bn, rp[mn+i]);
+
+ hi = mpn_add_n (rp + bn, rp + bn, rp + mn, sn);
+ hi = sec_add_1 (rp + bn + sn, rp + bn + sn, mn - bn - sn, hi);
+ }
+
+ if (shift > 0)
+ {
+ /* Combine hi with top bits, add in */
+ hi = (hi << shift) | (rp[mn-1] >> (GMP_NUMB_BITS - shift));
+ rp[mn-1] = (rp[mn-1] & (((mp_limb_t) 1 << (GMP_NUMB_BITS - shift)) - 1))
+ + mpn_addmul_1 (rp, b_shifted, mn-1, hi);
+ }
+ else
+ {
+ hi = cnd_add_n (hi, rp, bp, mn);
+ assert (hi == 0);
+ }
+}
--- /dev/null
+/* ecc-modp.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "ecc-internal.h"
+
+/* Routines for modp arithmetic. All values are ecc->size limbs, but
+ not necessarily < p. */
+
+void
+ecc_modp_add (const struct ecc_curve *ecc, mp_limb_t *rp,
+ const mp_limb_t *ap, const mp_limb_t *bp)
+{
+ mp_limb_t cy;
+ cy = mpn_add_n (rp, ap, bp, ecc->size);
+ cy = cnd_add_n (cy, rp, ecc->Bmodp, ecc->size);
+ cy = cnd_add_n (cy, rp, ecc->Bmodp, ecc->size);
+ assert (cy == 0);
+}
+
+void
+ecc_modp_sub (const struct ecc_curve *ecc, mp_limb_t *rp,
+ const mp_limb_t *ap, const mp_limb_t *bp)
+{
+ mp_limb_t cy;
+ cy = mpn_sub_n (rp, ap, bp, ecc->size);
+ cy = cnd_sub_n (cy, rp, ecc->Bmodp, ecc->size);
+ cy = cnd_sub_n (cy, rp, ecc->Bmodp, ecc->size);
+ assert (cy == 0);
+}
+
+void
+ecc_modp_sub_1 (const struct ecc_curve *ecc, mp_limb_t *rp,
+ const mp_limb_t *ap, mp_limb_t b)
+{
+ mp_size_t i;
+
+ for (i = 0; i < ecc->size; i++)
+ {
+ mp_limb_t cy = ap[i] < b;
+ rp[i] = ap[i] - b;
+ b = cy;
+ }
+ b = cnd_sub_n (b, rp, ecc->Bmodp, ecc->size);
+ assert (b == 0);
+}
+
+void
+ecc_modp_mul_1 (const struct ecc_curve *ecc, mp_limb_t *rp,
+ const mp_limb_t *ap, mp_limb_t b)
+{
+ mp_limb_t hi;
+
+ assert (b <= 0xffffffff);
+ hi = mpn_mul_1 (rp, ap, ecc->size, b);
+ hi = mpn_addmul_1 (rp, ecc->Bmodp, ecc->size, hi);
+ assert (hi <= 1);
+ hi = cnd_add_n (hi, rp, ecc->Bmodp, ecc->size);
+ /* Sufficient if b < B^size / p */
+ assert (hi == 0);
+}
+
+void
+ecc_modp_addmul_1 (const struct ecc_curve *ecc, mp_limb_t *rp,
+ const mp_limb_t *ap, mp_limb_t b)
+{
+ mp_limb_t hi;
+
+ assert (b <= 0xffffffff);
+ hi = mpn_addmul_1 (rp, ap, ecc->size, b);
+ hi = mpn_addmul_1 (rp, ecc->Bmodp, ecc->size, hi);
+ assert (hi <= 1);
+ hi = cnd_add_n (hi, rp, ecc->Bmodp, ecc->size);
+ /* Sufficient roughly if b < B^size / p */
+ assert (hi == 0);
+}
+
+void
+ecc_modp_submul_1 (const struct ecc_curve *ecc, mp_limb_t *rp,
+ const mp_limb_t *ap, mp_limb_t b)
+{
+ mp_limb_t hi;
+
+ assert (b <= 0xffffffff);
+ hi = mpn_submul_1 (rp, ap, ecc->size, b);
+ hi = mpn_submul_1 (rp, ecc->Bmodp, ecc->size, hi);
+ assert (hi <= 1);
+ hi = cnd_sub_n (hi, rp, ecc->Bmodp, ecc->size);
+ /* Sufficient roughly if b < B^size / p */
+ assert (hi == 0);
+}
+
+/* NOTE: mul and sqr needs 2*ecc->size limbs at rp */
+void
+ecc_modp_mul (const struct ecc_curve *ecc, mp_limb_t *rp,
+ const mp_limb_t *ap, const mp_limb_t *bp)
+{
+ mpn_mul_n (rp, ap, bp, ecc->size);
+ ecc->reduce (ecc, rp);
+}
+
+void
+ecc_modp_sqr (const struct ecc_curve *ecc, mp_limb_t *rp,
+ const mp_limb_t *ap)
+{
+ mpn_sqr (rp, ap, ecc->size);
+ ecc->reduce (ecc, rp);
+}
+
+void
+ecc_modp_inv (const struct ecc_curve *ecc, mp_limb_t *rp, mp_limb_t *ap,
+ mp_limb_t *scratch)
+{
+ sec_modinv (rp, ap, ecc->size, ecc->p, ecc->pp1h, ecc->bit_size, scratch);
+}
+
--- /dev/null
+/* ecc-modq.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "ecc-internal.h"
+
+/* Arithmetic mod q, the group order. */
+
+void
+ecc_modq_add (const struct ecc_curve *ecc, mp_limb_t *rp,
+ const mp_limb_t *ap, const mp_limb_t *bp)
+{
+ mp_limb_t cy;
+ cy = mpn_add_n (rp, ap, bp, ecc->size);
+ cy = cnd_add_n (cy, rp, ecc->Bmodq, ecc->size);
+ cy = cnd_add_n (cy, rp, ecc->Bmodq, ecc->size);
+ assert (cy == 0);
+}
+
+void
+ecc_modq_mul (const struct ecc_curve *ecc, mp_limb_t *rp,
+ const mp_limb_t *ap, const mp_limb_t *bp)
+{
+ mpn_mul_n (rp, ap, bp, ecc->size);
+ ecc->modq (ecc, rp);
+}
+
+void
+ecc_modq_inv (const struct ecc_curve *ecc, mp_limb_t *rp, mp_limb_t *ap,
+ mp_limb_t *scratch)
+{
+ sec_modinv (rp, ap, ecc->size, ecc->q, ecc->qp1h, ecc->bit_size, scratch);
+}
--- /dev/null
+/* ecc-mul-a.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "ecc.h"
+#include "ecc-internal.h"
+
+mp_size_t
+ecc_mul_a_itch (const struct ecc_curve *ecc)
+{
+ /* Binary algorithm needs 6*ecc->size + scratch for ecc_add_jja.
+ Current total is 12 ecc->size, at most 864 bytes.
+
+ Window algorithm needs (3<<w) * ecc->size for the table,
+ 3*ecc->size for a temporary point, and scratch for
+ ecc_add_jjj. */
+ return ECC_MUL_A_ITCH (ecc->size);
+}
+
+#if ECC_MUL_A_WBITS == 0
+void
+ecc_mul_a (const struct ecc_curve *ecc,
+ int initial, mp_limb_t *r,
+ const mp_limb_t *np, const mp_limb_t *p,
+ mp_limb_t *scratch)
+{
+#define tp scratch
+#define pj (scratch + 3*ecc->size)
+#define scratch_out (scratch + 6*ecc->size)
+
+ int is_zero;
+
+ unsigned i;
+
+ ecc_a_to_j (ecc, initial, pj, p);
+ mpn_zero (r, 3*ecc->size);
+
+ for (i = ecc->size, is_zero = 1; i-- > 0; )
+ {
+ mp_limb_t w = np[i];
+ mp_limb_t bit;
+
+ for (bit = (mp_limb_t) 1 << (GMP_NUMB_BITS - 1);
+ bit > 0;
+ bit >>= 1)
+ {
+ int digit;
+
+ ecc_dup_jj (ecc, r, r, scratch_out);
+ ecc_add_jja (ecc, tp, r, pj, scratch_out);
+
+ digit = (w & bit) > 0;
+ /* If is_zero is set, r is the zero point,
+ and ecc_add_jja produced garbage. */
+ cnd_copy (is_zero, tp, pj, 3*ecc->size);
+ is_zero &= ~digit;
+ /* If we had a one-bit, use the sum. */
+ cnd_copy (digit, r, tp, 3*ecc->size);
+ }
+ }
+}
+#else /* ECC_MUL_A_WBITS > 1 */
+
+#define TABLE_SIZE (1U << ECC_MUL_A_WBITS)
+#define TABLE_MASK (TABLE_SIZE - 1)
+
+#define TABLE(j) (table + (j) * 3*ecc->size)
+
+static void
+table_init (const struct ecc_curve *ecc,
+ mp_limb_t *table, unsigned bits,
+ int initial, const mp_limb_t *p,
+ mp_limb_t *scratch)
+{
+ unsigned size = 1 << bits;
+ unsigned j;
+
+ mpn_zero (TABLE(0), 3*ecc->size);
+ ecc_a_to_j (ecc, initial, TABLE(1), p);
+
+ for (j = 2; j < size; j += 2)
+ {
+ ecc_dup_jj (ecc, TABLE(j), TABLE(j/2), scratch);
+ ecc_add_jja (ecc, TABLE(j+1), TABLE(j), TABLE(1), scratch);
+ }
+}
+
+void
+ecc_mul_a (const struct ecc_curve *ecc,
+ int initial, mp_limb_t *r,
+ const mp_limb_t *np, const mp_limb_t *p,
+ mp_limb_t *scratch)
+{
+#define tp scratch
+#define table (scratch + 3*ecc->size)
+ mp_limb_t *scratch_out = table + (3*ecc->size << ECC_MUL_A_WBITS);
+ int is_zero = 0;
+
+ /* Avoid the mp_bitcnt_t type for compatibility with older GMP
+ versions. */
+ unsigned blocks = (ecc->bit_size + ECC_MUL_A_WBITS - 1) / ECC_MUL_A_WBITS;
+ unsigned bit_index = (blocks-1) * ECC_MUL_A_WBITS;
+
+ mp_size_t limb_index = bit_index / GMP_NUMB_BITS;
+ unsigned shift = bit_index % GMP_NUMB_BITS;
+ mp_limb_t w, bits;
+
+ table_init (ecc, table, ECC_MUL_A_WBITS, initial, p, scratch_out);
+
+ w = np[limb_index];
+ bits = w >> shift;
+ if (limb_index < ecc->size - 1)
+ bits |= np[limb_index + 1] << (GMP_NUMB_BITS - shift);
+
+ assert (bits < TABLE_SIZE);
+
+ sec_tabselect (r, 3*ecc->size, table, TABLE_SIZE, bits);
+ is_zero = (bits == 0);
+
+ for (;;)
+ {
+ unsigned j;
+ if (shift >= ECC_MUL_A_WBITS)
+ {
+ shift -= ECC_MUL_A_WBITS;
+ bits = w >> shift;
+ }
+ else
+ {
+ if (limb_index == 0)
+ {
+ assert (shift == 0);
+ break;
+ }
+ bits = w << (ECC_MUL_A_WBITS - shift);
+ w = np[--limb_index];
+ shift = shift + GMP_NUMB_BITS - ECC_MUL_A_WBITS;
+ bits |= w >> shift;
+ }
+ for (j = 0; j < ECC_MUL_A_WBITS; j++)
+ ecc_dup_jj (ecc, r, r, scratch_out);
+
+ bits &= TABLE_MASK;
+ sec_tabselect (tp, 3*ecc->size, table, TABLE_SIZE, bits);
+ cnd_copy (is_zero, r, tp, 3*ecc->size);
+ ecc_add_jjj (ecc, tp, tp, r, scratch_out);
+
+ /* Use the sum when valid. ecc_add_jja produced garbage if
+ is_zero != 0 or bits == 0, . */
+ cnd_copy (bits & (is_zero - 1), r, tp, 3*ecc->size);
+ is_zero &= (bits == 0);
+ }
+#undef table
+#undef tp
+}
+
+#endif /* ECC_MUL_A_WBITS > 1 */
--- /dev/null
+/* ecc-mul-g.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "ecc.h"
+#include "ecc-internal.h"
+
+mp_size_t
+ecc_mul_g_itch (const struct ecc_curve *ecc)
+{
+ /* Needs 3*ecc->size + scratch for ecc_add_jja. */
+ return ECC_MUL_G_ITCH (ecc->size);
+}
+
+void
+ecc_mul_g (const struct ecc_curve *ecc, mp_limb_t *r,
+ const mp_limb_t *np, mp_limb_t *scratch)
+{
+ /* Scratch need determined by the ecc_add_jja call. Current total is
+ 9 * ecc->size, at most 648 bytes. */
+#define tp scratch
+#define scratch_out (scratch + 3*ecc->size)
+
+ unsigned k, c;
+ unsigned i, j;
+ unsigned bit_rows;
+
+ int is_zero;
+
+ k = ecc->pippenger_k;
+ c = ecc->pippenger_c;
+
+ bit_rows = (ecc->bit_size + k - 1) / k;
+
+ mpn_zero (r, 3*ecc->size);
+
+ for (i = k, is_zero = 1; i-- > 0; )
+ {
+ ecc_dup_jj (ecc, r, r, scratch);
+ for (j = 0; j * c < bit_rows; j++)
+ {
+ unsigned bits;
+ /* Avoid the mp_bitcnt_t type for compatibility with older GMP
+ versions. */
+ unsigned bit_index;
+
+ /* Extract c bits from n, stride k, starting at i + kcj,
+ ending at i + k (cj + c - 1)*/
+ for (bits = 0, bit_index = i + k*(c*j+c); bit_index > i + k*c*j; )
+ {
+ mp_size_t limb_index;
+ unsigned shift;
+
+ bit_index -= k;
+
+ limb_index = bit_index / GMP_NUMB_BITS;
+ if (limb_index >= ecc->size)
+ continue;
+
+ shift = bit_index % GMP_NUMB_BITS;
+ bits = (bits << 1) | ((np[limb_index] >> shift) & 1);
+ }
+ sec_tabselect (tp, 2*ecc->size,
+ (ecc->pippenger_table
+ + (2*ecc->size * (mp_size_t) j << c)),
+ 1<<c, bits);
+ cnd_copy (is_zero, r, tp, 2*ecc->size);
+ cnd_copy (is_zero, r + 2*ecc->size, ecc->unit, ecc->size);
+
+ ecc_add_jja (ecc, tp, r, tp, scratch_out);
+ /* Use the sum when valid. ecc_add_jja produced garbage if
+ is_zero != 0 or bits == 0, . */
+ cnd_copy (bits & (is_zero - 1), r, tp, 3*ecc->size);
+ is_zero &= (bits == 0);
+ }
+ }
+#undef tp
+#undef scratch_out
+}
--- /dev/null
+/* ecc-point-mul-g.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "ecc.h"
+#include "ecc-internal.h"
+#include "nettle-internal.h"
+
+void
+ecc_point_mul_g (struct ecc_point *r, const struct ecc_scalar *n)
+{
+ TMP_DECL(scratch, mp_limb_t, 3*ECC_MAX_SIZE + ECC_MUL_G_ITCH (ECC_MAX_SIZE));
+ mp_limb_t size = r->ecc->size;
+ mp_size_t itch = 3*size + ECC_MUL_G_ITCH (size);
+
+ assert (r->ecc == n->ecc);
+
+ TMP_ALLOC (scratch, itch);
+
+ ecc_mul_g (r->ecc, scratch, n->p, scratch + 3*size);
+ ecc_j_to_a (r->ecc, 1, r->p, scratch, scratch + 3*size);
+}
--- /dev/null
+/* ecc-point-mul.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "ecc.h"
+#include "ecc-internal.h"
+
+void
+ecc_point_mul (struct ecc_point *r, const struct ecc_scalar *n,
+ const struct ecc_point *p)
+{
+ mp_limb_t size = p->ecc->size;
+ mp_size_t itch = 3*size + ECC_MUL_A_ITCH (size);
+ mp_limb_t *scratch = gmp_alloc_limbs (itch);
+
+ assert (n->ecc == p->ecc);
+ assert (r->ecc == p->ecc);
+
+ ecc_mul_a (p->ecc, 1, scratch, n->p, p->p, scratch + 3*size);
+ ecc_j_to_a (r->ecc, 1, r->p, scratch, scratch + 3*size);
+ gmp_free_limbs (scratch, itch);
+}
--- /dev/null
+/* ecc-point.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "ecc.h"
+#include "ecc-internal.h"
+
+void
+ecc_point_init (struct ecc_point *p, const struct ecc_curve *ecc)
+{
+ p->ecc = ecc;
+ p->p = gmp_alloc_limbs (2*ecc->size);
+}
+
+void
+ecc_point_clear (struct ecc_point *p)
+{
+ gmp_free_limbs (p->p, 2*p->ecc->size);
+}
+
+int
+ecc_point_set (struct ecc_point *p, const mpz_t x, const mpz_t y)
+{
+ mp_size_t size;
+ mpz_t lhs, rhs;
+ mpz_t t;
+ int res;
+
+ size = p->ecc->size;
+
+ if (mpz_sgn (x) < 0 || mpz_limbs_cmp (x, p->ecc->p, size) >= 0
+ || mpz_sgn (y) < 0 || mpz_limbs_cmp (y, p->ecc->p, size) >= 0)
+ return 0;
+
+ mpz_init (lhs);
+ mpz_init (rhs);
+
+ /* Check that y^2 = x^3 - 3*x + b (mod p) */
+ mpz_mul (lhs, y, y);
+ mpz_mul (rhs, x, x);
+ mpz_sub_ui (rhs, rhs, 3);
+ mpz_mul (rhs, rhs, x);
+ mpz_add (rhs, rhs, mpz_roinit_n (t, p->ecc->b, size));
+
+ res = mpz_congruent_p (lhs, rhs, mpz_roinit_n (t, p->ecc->p, size));
+
+ mpz_clear (lhs);
+ mpz_clear (rhs);
+
+ if (!res)
+ return 0;
+
+ mpz_limbs_copy (p->p, x, size);
+ mpz_limbs_copy (p->p + size, y, size);
+
+ return 1;
+}
+
+void
+ecc_point_get (const struct ecc_point *p, mpz_t x, mpz_t y)
+{
+ mp_size_t size = p->ecc->size;
+ if (x)
+ mpz_set_n (x, p->p, size);
+ if (y)
+ mpz_set_n (y, p->p + size, size);
+}
--- /dev/null
+/* ecc-random.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "ecc.h"
+#include "ecc-internal.h"
+#include "nettle-internal.h"
+
+static int
+zero_p (const struct ecc_curve *ecc,
+ const mp_limb_t *xp)
+{
+ mp_limb_t t;
+ mp_size_t i;
+
+ for (i = t = 0; i < ecc->size; i++)
+ t |= xp[i];
+
+ return t == 0;
+}
+
+static int
+ecdsa_in_range (const struct ecc_curve *ecc,
+ const mp_limb_t *xp, mp_limb_t *scratch)
+{
+ /* Check if 0 < x < q, with data independent timing. */
+ return !zero_p (ecc, xp)
+ & (mpn_sub_n (scratch, xp, ecc->q, ecc->size) != 0);
+}
+
+void
+ecc_modq_random (const struct ecc_curve *ecc, mp_limb_t *xp,
+ void *ctx, nettle_random_func *random, mp_limb_t *scratch)
+{
+ uint8_t *buf = (uint8_t *) scratch;
+ unsigned nbytes = (ecc->bit_size + 7)/8;
+
+ /* The bytes ought to fit in the scratch area, unless we have very
+ unusual limb and byte sizes. */
+ assert (nbytes <= ecc->size * sizeof (mp_limb_t));
+
+ do
+ {
+ /* q and p are of the same bitsize. */
+ random (ctx, nbytes, buf);
+ buf[0] &= 0xff >> (nbytes * 8 - ecc->bit_size);
+
+ mpn_set_base256 (xp, ecc->size, buf, nbytes);
+ }
+ while (!ecdsa_in_range (ecc, xp, scratch));
+}
+
+void
+ecc_scalar_random (struct ecc_scalar *x,
+ void *random_ctx, nettle_random_func *random)
+{
+ TMP_DECL (scratch, mp_limb_t, ECC_MODQ_RANDOM_ITCH (ECC_MAX_SIZE));
+ TMP_ALLOC (scratch, ECC_MODQ_RANDOM_ITCH (x->ecc->size));
+
+ ecc_modq_random (x->ecc, x->p, random_ctx, random, scratch);
+}
+
+
--- /dev/null
+/* ecc-scalar.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "ecc.h"
+#include "ecc-internal.h"
+
+void
+ecc_scalar_init (struct ecc_scalar *s, const struct ecc_curve *ecc)
+{
+ s->ecc = ecc;
+ s->p = gmp_alloc_limbs (ecc->size);
+}
+
+void
+ecc_scalar_clear (struct ecc_scalar *s)
+{
+ gmp_free_limbs (s->p, s->ecc->size);
+}
+
+int
+ecc_scalar_set (struct ecc_scalar *s, const mpz_t z)
+{
+ mp_size_t size = s->ecc->size;
+
+ if (mpz_sgn (z) <= 0 || mpz_limbs_cmp (z, s->ecc->q, size) >= 0)
+ return 0;
+
+ mpz_limbs_copy (s->p, z, size);
+ return 1;
+}
+
+void
+ecc_scalar_get (const struct ecc_scalar *s, mpz_t z)
+{
+ mpz_set_n (z, s->p, s->ecc->size);
+}
--- /dev/null
+/* ecc-size.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "ecc.h"
+#include "ecc-internal.h"
+
+mp_size_t
+ecc_size (const struct ecc_curve *ecc)
+{
+ return ecc->size;
+}
+
+mp_size_t
+ecc_size_a (const struct ecc_curve *ecc)
+{
+ return 2*ecc->size;
+}
+
+mp_size_t
+ecc_size_j (const struct ecc_curve *ecc)
+{
+ return 3*ecc->size;
+}
--- /dev/null
+/* ecc.h */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#ifndef NETTLE_ECC_H_INCLUDED
+#define NETTLE_ECC_H_INCLUDED
+
+#include <gmp.h>
+
+#include "nettle-types.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Name mangling */
+#define ecc_point_init nettle_ecc_point_init
+#define ecc_point_clear nettle_ecc_point_clear
+#define ecc_point_set nettle_ecc_point_set
+#define ecc_point_get nettle_ecc_point_get
+#define ecc_point_mul nettle_ecc_point_mul
+#define ecc_point_mul_g nettle_ecc_point_mul_g
+#define ecc_scalar_init nettle_ecc_scalar_init
+#define ecc_scalar_clear nettle_ecc_scalar_clear
+#define ecc_scalar_set nettle_ecc_scalar_set
+#define ecc_scalar_get nettle_ecc_scalar_get
+#define ecc_scalar_random nettle_ecc_scalar_random
+#define ecc_point_mul nettle_ecc_point_mul
+#define ecc_size nettle_ecc_size
+#define ecc_size_a nettle_ecc_size_a
+#define ecc_size_j nettle_ecc_size_j
+#define ecc_a_to_a_itch nettle_ecc_a_to_a_itch
+#define ecc_a_to_a nettle_ecc_a_to_a
+#define ecc_a_to_j nettle_ecc_a_to_j
+#define ecc_j_to_a_itch nettle_ecc_j_to_a_itch
+#define ecc_j_to_a nettle_ecc_j_to_a
+#define ecc_dup_ja_itch nettle_ecc_dup_ja_itch
+#define ecc_dup_ja nettle_ecc_dup_ja
+#define ecc_dup_jj_itch nettle_ecc_dup_jj_itch
+#define ecc_dup_jj nettle_ecc_dup_jj
+#define ecc_add_jja_itch nettle_ecc_add_jja_itch
+#define ecc_add_jja nettle_ecc_add_jja
+#define ecc_add_jjj_itch nettle_ecc_add_jjj_itch
+#define ecc_add_jjj nettle_ecc_add_jjj
+#define ecc_mul_g_itch nettle_ecc_mul_g_itch
+#define ecc_mul_g nettle_ecc_mul_g
+#define ecc_mul_a_itch nettle_ecc_mul_a_itch
+#define ecc_mul_a nettle_ecc_mul_a
+
+struct ecc_curve;
+
+/* High level interface, for ECDSA, DH, etc */
+
+/* Represents a point on the ECC curve */
+struct ecc_point
+{
+ const struct ecc_curve *ecc;
+ /* Allocated using the same allocation function as GMP. */
+ mp_limb_t *p;
+};
+
+/* Represents a non-zero scalar, an element of Z_q^*, where q is the
+ group order of the curve. */
+struct ecc_scalar
+{
+ const struct ecc_curve *ecc;
+ /* Allocated using the same allocation function as GMP. */
+ mp_limb_t *p;
+};
+
+void
+ecc_point_init (struct ecc_point *p, const struct ecc_curve *ecc);
+void
+ecc_point_clear (struct ecc_point *p);
+
+/* Fails and returns zero if the point is not on the curve. */
+int
+ecc_point_set (struct ecc_point *p, const mpz_t x, const mpz_t y);
+void
+ecc_point_get (const struct ecc_point *p, mpz_t x, mpz_t y);
+
+void
+ecc_scalar_init (struct ecc_scalar *s, const struct ecc_curve *ecc);
+void
+ecc_scalar_clear (struct ecc_scalar *s);
+
+/* Fails and returns zero if the scalar is not in the proper range. */
+int
+ecc_scalar_set (struct ecc_scalar *s, const mpz_t z);
+void
+ecc_scalar_get (const struct ecc_scalar *s, mpz_t z);
+/* Generates a random scalar, suitable as an ECDSA private key or a
+ ECDH exponent. */
+void
+ecc_scalar_random (struct ecc_scalar *s,
+ void *random_ctx, nettle_random_func *random);
+
+/* Computes r = n p */
+void
+ecc_point_mul (struct ecc_point *r, const struct ecc_scalar *n,
+ const struct ecc_point *p);
+
+/* Computes r = n g */
+void
+ecc_point_mul_g (struct ecc_point *r, const struct ecc_scalar *n);
+
+\f
+/* Low-level interface */
+
+/* Points on a curve are represented as arrays of mp_limb_t. For some
+ curves, point coordinates are represented in montgomery form. We
+ use either affine coordinates x,y, or Jacobian coordinates X, Y, Z,
+ where x = X/Z^2 and y = X/Z^2.
+
+ Since we use additive notation for the groups, the infinity point
+ on the curve is denoted 0. The infinity point can be represented
+ with x = y = 0 in affine coordinates, and Z = 0 in Jacobian
+ coordinates. However, note that most of the ECC functions do *not*
+ support infinity as an input or output.
+*/
+
+/* FIXME: Also provided some compile time constants? */
+
+/* Returns the size of a single coordinate. */
+mp_size_t
+ecc_size (const struct ecc_curve *ecc);
+
+/* Size of a point, using affine coordinates x, y. */
+mp_size_t
+ecc_size_a (const struct ecc_curve *ecc);
+
+/* Size of a point, using jacobian coordinates X, Y and Z. */
+mp_size_t
+ecc_size_j (const struct ecc_curve *ecc);
+
+/* FIXME: Rename the low-level (and side-channel silent) functions to
+ _ecc_*, and provide public ecc_* functions which handle the
+ infinity points properly? */
+
+/* Converts the affine coordinates of a point into montgomery form, if
+ used for this curve. */
+mp_size_t
+ecc_a_to_a_itch (const struct ecc_curve *ecc);
+void
+ecc_a_to_a (const struct ecc_curve *ecc,
+ mp_limb_t *r, const mp_limb_t *p,
+ mp_limb_t *scratch);
+
+/* Converts a point P in affine coordinates into a point R in jacobian
+ coordinates. If INITIAL is non-zero, and the curve uses montgomery
+ coordinates, also convert coordinates to montgomery form. */
+void
+ecc_a_to_j (const struct ecc_curve *ecc,
+ int initial,
+ mp_limb_t *r, const mp_limb_t *p);
+
+/* Converts a point P in jacobian coordinates into a point R in affine
+ coordinates. If FLAGS has bit 0 set, and the curve uses montgomery
+ coordinates, also undo the montgomery conversion. If flags has bit
+ 1 set, produce x coordinate only. */
+mp_size_t
+ecc_j_to_a_itch (const struct ecc_curve *ecc);
+void
+ecc_j_to_a (const struct ecc_curve *ecc,
+ int flags,
+ mp_limb_t *r, const mp_limb_t *p,
+ mp_limb_t *scratch);
+
+/* Group operations */
+
+
+/* Point doubling, with jacobian output and affine input. Corner
+ cases: Correctly sets R = 0 (r_Z = 0) if p = 0 or 2p = 0. */
+mp_size_t
+ecc_dup_ja_itch (const struct ecc_curve *ecc);
+void
+ecc_dup_ja (const struct ecc_curve *ecc,
+ mp_limb_t *r, const mp_limb_t *p,
+ mp_limb_t *scratch);
+
+/* Point doubling, with jacobian input and output. Corner cases:
+ Correctly sets R = 0 (r_Z = 0) if p = 0 or 2p = 0. */
+mp_size_t
+ecc_dup_jj_itch (const struct ecc_curve *ecc);
+void
+ecc_dup_jj (const struct ecc_curve *ecc,
+ mp_limb_t *r, const mp_limb_t *p,
+ mp_limb_t *scratch);
+
+
+/* Point addition, with jacobian output, one jacobian input and one
+ affine input. Corner cases: Fails for the cases
+
+ P = Q != 0 Duplication of non-zero point
+ P = 0, Q != 0 or P != 0, Q = 0 One input zero
+
+ Correctly gives R = 0 if P = Q = 0 or P = -Q. */
+mp_size_t
+ecc_add_jja_itch (const struct ecc_curve *ecc);
+void
+ecc_add_jja (const struct ecc_curve *ecc,
+ mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q,
+ mp_limb_t *scratch);
+
+/* Point addition with Jacobian input and output. */
+mp_size_t
+ecc_add_jjj_itch (const struct ecc_curve *ecc);
+void
+ecc_add_jjj (const struct ecc_curve *ecc,
+ mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q,
+ mp_limb_t *scratch);
+
+
+/* Computes N * the group generator. N is an array of ecc_size()
+ limbs. It must be in the range 0 < N < group order, then R != 0,
+ and the algorithm can work without any intermediate values getting
+ to zero. */
+mp_size_t
+ecc_mul_g_itch (const struct ecc_curve *ecc);
+void
+ecc_mul_g (const struct ecc_curve *ecc, mp_limb_t *r,
+ const mp_limb_t *np, mp_limb_t *scratch);
+
+/* Computes N * P. The scalar N is the same as for ecc_mul_g. P is a
+ non-zero point on the curve, in affine coordinates. Pass a non-zero
+ INITIAL if the point coordinates have not previously been converted
+ to Montgomery representation. Output R is a non-zero point, in
+ Jacobian coordinates. */
+mp_size_t
+ecc_mul_a_itch (const struct ecc_curve *ecc);
+void
+ecc_mul_a (const struct ecc_curve *ecc,
+ int initial, mp_limb_t *r,
+ const mp_limb_t *np, const mp_limb_t *p,
+ mp_limb_t *scratch);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* NETTLE_ECC_H_INCLUDED */
--- /dev/null
+/* eccdata.c */
+
+/* Generate compile time constant (but machine dependent) tables. */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "mini-gmp.c"
+
+/* Affine coordinates, for simplicity. Infinity point represented as x
+ == y == 0. */
+struct ecc_point
+{
+ mpz_t x;
+ mpz_t y;
+};
+
+/* Represents an elliptic curve of the form
+
+ y^2 = x^3 - 3x + b (mod p)
+*/
+struct ecc_curve
+{
+ unsigned bit_size;
+ unsigned pippenger_k;
+ unsigned pippenger_c;
+
+ /* Prime */
+ mpz_t p;
+ mpz_t b;
+
+ /* Curve order */
+ mpz_t q;
+ struct ecc_point g;
+
+ /* Table for pippenger's algorithm.
+ Element
+
+ i 2^c + j_0 + j_1 2 + j_2 2^2 + ... + j_{c-1} 2^{c-1}
+
+ holds
+
+ 2^{ikc} ( j_0 + j_1 2^k + j_2 2^{2k} + ... + j_{c-1} 2^{(c-1)k}) g
+ */
+ mp_size_t table_size;
+ struct ecc_point *table;
+
+ /* If non-NULL, holds 2g, 3g, 4g */
+ struct ecc_point *ref;
+};
+
+static void
+ecc_init (struct ecc_point *p)
+{
+ mpz_init (p->x);
+ mpz_init (p->y);
+}
+
+static void
+ecc_clear (struct ecc_point *p)
+{
+ mpz_clear (p->x);
+ mpz_clear (p->y);
+}
+
+static int
+ecc_zero_p (const struct ecc_point *p)
+{
+ return mpz_sgn (p->x) == 0 && mpz_sgn (p->y) == 0;
+}
+
+static int
+ecc_equal_p (const struct ecc_point *p, const struct ecc_point *q)
+{
+ return mpz_cmp (p->x, q->x) == 0 && mpz_cmp (p->y, q->y) == 0;
+}
+
+static void
+ecc_set_zero (struct ecc_point *r)
+{
+ mpz_set_ui (r->x, 0);
+ mpz_set_ui (r->y, 0);
+}
+
+static void
+ecc_set (struct ecc_point *r, const struct ecc_point *p)
+{
+ mpz_set (r->x, p->x);
+ mpz_set (r->y, p->y);
+}
+
+static void
+ecc_dup (const struct ecc_curve *ecc,
+ struct ecc_point *r, const struct ecc_point *p)
+{
+ if (ecc_zero_p (p))
+ ecc_set_zero (r);
+
+ else
+ {
+ mpz_t m, t, x, y;
+
+ mpz_init (m);
+ mpz_init (t);
+ mpz_init (x);
+ mpz_init (y);
+
+ /* m = (2 y)^-1 */
+ mpz_mul_ui (m, p->y, 2);
+ mpz_invert (m, m, ecc->p);
+
+ /* t = 3 (x^2 - 1) * m */
+ mpz_mul (t, p->x, p->x);
+ mpz_mod (t, t, ecc->p);
+ mpz_sub_ui (t, t, 1);
+ mpz_mul_ui (t, t, 3);
+ mpz_mul (t, t, m);
+
+ /* x' = t^2 - 2 x */
+ mpz_mul (x, t, t);
+ /* mpz_submul_ui (x, p->x, 2); not available in mini-gmp */
+ mpz_mul_ui (m, p->x, 2);
+ mpz_sub (x, x, m);
+ mpz_mod (x, x, ecc->p);
+
+ /* y' = (x - x') * t - y */
+ mpz_sub (y, p->x, x);
+ mpz_mul (y, y, t);
+ mpz_sub (y, y, p->y);
+ mpz_mod (y, y, ecc->p);
+
+ mpz_swap (x, r->x);
+ mpz_swap (y, r->y);
+
+ mpz_clear (m);
+ mpz_clear (t);
+ mpz_clear (x);
+ mpz_clear (y);
+ }
+}
+
+static void
+ecc_add (const struct ecc_curve *ecc,
+ struct ecc_point *r, const struct ecc_point *p, const struct ecc_point *q)
+{
+ if (ecc_zero_p (p))
+ ecc_set (r, q);
+
+ else if (ecc_zero_p (q))
+ ecc_set (r, p);
+
+ else if (mpz_cmp (p->x, q->x) == 0)
+ {
+ if (mpz_cmp (p->y, q->y) == 0)
+ ecc_dup (ecc, r, p);
+ else
+ ecc_set_zero (r);
+ }
+ else
+ {
+ mpz_t s, t, x, y;
+ mpz_init (s);
+ mpz_init (t);
+ mpz_init (x);
+ mpz_init (y);
+
+ /* t = (q_y - p_y) / (q_x - p_x) */
+ mpz_sub (t, q->x, p->x);
+ mpz_invert (t, t, ecc->p);
+ mpz_sub (s, q->y, p->y);
+ mpz_mul (t, t, s);
+ mpz_mod (t, t, ecc->p);
+
+ /* x' = t^2 - p_x - q_x */
+ mpz_mul (x, t, t);
+ mpz_sub (x, x, p->x);
+ mpz_sub (x, x, q->x);
+ mpz_mod (x, x, ecc->p);
+
+ /* y' = (x - x') * t - y */
+ mpz_sub (y, p->x, x);
+ mpz_mul (y, y, t);
+ mpz_sub (y, y, p->y);
+ mpz_mod (y, y, ecc->p);
+
+ mpz_swap (x, r->x);
+ mpz_swap (y, r->y);
+
+ mpz_clear (s);
+ mpz_clear (t);
+ mpz_clear (x);
+ mpz_clear (y);
+ }
+}
+
+static void
+ecc_mul_binary (const struct ecc_curve *ecc,
+ struct ecc_point *r, const mpz_t n, const struct ecc_point *p)
+{
+ /* Avoid the mp_bitcnt_t type for compatibility with older GMP
+ versions. */
+ unsigned k;
+
+ assert (r != p);
+ assert (mpz_sgn (n) > 0);
+
+ ecc_set (r, p);
+
+ /* Index of highest one bit */
+ for (k = mpz_sizeinbase (n, 2) - 1; k-- > 0; )
+ {
+ ecc_dup (ecc, r, r);
+ if (mpz_tstbit (n, k))
+ ecc_add (ecc, r, r, p);
+ }
+}
+
+static struct ecc_point *
+ecc_alloc (size_t n)
+{
+ struct ecc_point *p = malloc (n * sizeof(*p));
+ size_t i;
+
+ if (!p)
+ {
+ fprintf (stderr, "Virtual memory exhausted.\n");
+ exit (EXIT_FAILURE);
+ }
+ for (i = 0; i < n; i++)
+ ecc_init (&p[i]);
+
+ return p;
+}
+
+static void
+ecc_set_str (struct ecc_point *p,
+ const char *x, const char *y)
+{
+ mpz_set_str (p->x, x, 16);
+ mpz_set_str (p->y, y, 16);
+}
+
+static void
+ecc_curve_init_str (struct ecc_curve *ecc,
+ const char *p, const char *b, const char *q,
+ const char *gx, const char *gy)
+{
+ mpz_init_set_str (ecc->p, p, 16);
+ mpz_init_set_str (ecc->b, b, 16);
+ mpz_init_set_str (ecc->q, q, 16);
+ ecc_init (&ecc->g);
+ ecc_set_str (&ecc->g, gx, gy);
+
+ ecc->pippenger_k = 0;
+ ecc->pippenger_c = 0;
+ ecc->table = NULL;
+
+ ecc->ref = NULL;
+}
+
+static void
+ecc_curve_init (struct ecc_curve *ecc, unsigned bit_size)
+{
+ switch (bit_size)
+ {
+ case 192:
+ ecc_curve_init_str (ecc,
+ /* p = 2^{192} - 2^{64} - 1 */
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE"
+ "FFFFFFFFFFFFFFFF",
+
+ "64210519e59c80e70fa7e9ab72243049"
+ "feb8deecc146b9b1",
+
+ "ffffffffffffffffffffffff99def836"
+ "146bc9b1b4d22831",
+
+ "188da80eb03090f67cbf20eb43a18800"
+ "f4ff0afd82ff1012",
+
+ "07192b95ffc8da78631011ed6b24cdd5"
+ "73f977a11e794811");
+ ecc->ref = ecc_alloc (3);
+ ecc_set_str (&ecc->ref[0], /* 2 g */
+ "dafebf5828783f2ad35534631588a3f629a70fb16982a888",
+ "dd6bda0d993da0fa46b27bbc141b868f59331afa5c7e93ab");
+
+ ecc_set_str (&ecc->ref[1], /* 3 g */
+ "76e32a2557599e6edcd283201fb2b9aadfd0d359cbb263da",
+ "782c37e372ba4520aa62e0fed121d49ef3b543660cfd05fd");
+
+ ecc_set_str (&ecc->ref[2], /* 4 g */
+ "35433907297cc378b0015703374729d7a4fe46647084e4ba",
+ "a2649984f2135c301ea3acb0776cd4f125389b311db3be32");
+
+ break;
+ case 224:
+ ecc_curve_init_str (ecc,
+ /* p = 2^{224} - 2^{96} + 1 */
+ "ffffffffffffffffffffffffffffffff"
+ "000000000000000000000001",
+
+ "b4050a850c04b3abf54132565044b0b7"
+ "d7bfd8ba270b39432355ffb4",
+
+ "ffffffffffffffffffffffffffff16a2"
+ "e0b8f03e13dd29455c5c2a3d",
+
+ "b70e0cbd6bb4bf7f321390b94a03c1d3"
+ "56c21122343280d6115c1d21",
+
+ "bd376388b5f723fb4c22dfe6cd4375a0"
+ "5a07476444d5819985007e34");
+
+ ecc->ref = ecc_alloc (3);
+ ecc_set_str (&ecc->ref[0], /* 2 g */
+ "706a46dc76dcb76798e60e6d89474788d16dc18032d268fd1a704fa6",
+ "1c2b76a7bc25e7702a704fa986892849fca629487acf3709d2e4e8bb");
+
+ ecc_set_str (&ecc->ref[1], /* 3 g */
+ "df1b1d66a551d0d31eff822558b9d2cc75c2180279fe0d08fd896d04",
+ "a3f7f03cadd0be444c0aa56830130ddf77d317344e1af3591981a925");
+
+ ecc_set_str (&ecc->ref[2], /* 4 g */
+ "ae99feebb5d26945b54892092a8aee02912930fa41cd114e40447301",
+ "482580a0ec5bc47e88bc8c378632cd196cb3fa058a7114eb03054c9");
+
+ break;
+ case 256:
+ ecc_curve_init_str (ecc,
+ /* p = 2^{256} - 2^{224} + 2^{192} + 2^{96} - 1 */
+ "FFFFFFFF000000010000000000000000"
+ "00000000FFFFFFFFFFFFFFFFFFFFFFFF",
+
+ "5AC635D8AA3A93E7B3EBBD55769886BC"
+ "651D06B0CC53B0F63BCE3C3E27D2604B",
+
+ "FFFFFFFF00000000FFFFFFFFFFFFFFFF"
+ "BCE6FAADA7179E84F3B9CAC2FC632551",
+
+ "6B17D1F2E12C4247F8BCE6E563A440F2"
+ "77037D812DEB33A0F4A13945D898C296",
+
+ "4FE342E2FE1A7F9B8EE7EB4A7C0F9E16"
+ "2BCE33576B315ECECBB6406837BF51F5");
+
+ ecc->ref = ecc_alloc (3);
+ ecc_set_str (&ecc->ref[0], /* 2 g */
+ "7cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc47669978",
+ "7775510db8ed040293d9ac69f7430dbba7dade63ce982299e04b79d227873d1");
+
+ ecc_set_str (&ecc->ref[1], /* 3 g */
+ "5ecbe4d1a6330a44c8f7ef951d4bf165e6c6b721efada985fb41661bc6e7fd6c",
+ "8734640c4998ff7e374b06ce1a64a2ecd82ab036384fb83d9a79b127a27d5032");
+
+ ecc_set_str (&ecc->ref[2], /* 4 g */
+ "e2534a3532d08fbba02dde659ee62bd0031fe2db785596ef509302446b030852",
+ "e0f1575a4c633cc719dfee5fda862d764efc96c3f30ee0055c42c23f184ed8c6");
+
+ break;
+ case 384:
+ ecc_curve_init_str (ecc,
+ /* p = 2^{384} - 2^{128} - 2^{96} + 2^{32} - 1 */
+ "ffffffffffffffffffffffffffffffff"
+ "fffffffffffffffffffffffffffffffe"
+ "ffffffff0000000000000000ffffffff",
+
+ "b3312fa7e23ee7e4988e056be3f82d19"
+ "181d9c6efe8141120314088f5013875a"
+ "c656398d8a2ed19d2a85c8edd3ec2aef",
+
+ "ffffffffffffffffffffffffffffffff"
+ "ffffffffffffffffc7634d81f4372ddf"
+ "581a0db248b0a77aecec196accc52973",
+
+ "aa87ca22be8b05378eb1c71ef320ad74"
+ "6e1d3b628ba79b9859f741e082542a38"
+ "5502f25dbf55296c3a545e3872760ab7",
+
+ "3617de4a96262c6f5d9e98bf9292dc29"
+ "f8f41dbd289a147ce9da3113b5f0b8c0"
+ "0a60b1ce1d7e819d7a431d7c90ea0e5f");
+
+ ecc->ref = ecc_alloc (3);
+ ecc_set_str (&ecc->ref[0], /* 2 g */
+ "8d999057ba3d2d969260045c55b97f089025959a6f434d651d207d19fb96e9e4fe0e86ebe0e64f85b96a9c75295df61",
+ "8e80f1fa5b1b3cedb7bfe8dffd6dba74b275d875bc6cc43e904e505f256ab4255ffd43e94d39e22d61501e700a940e80");
+
+ ecc_set_str (&ecc->ref[1], /* 3 g */
+ "77a41d4606ffa1464793c7e5fdc7d98cb9d3910202dcd06bea4f240d3566da6b408bbae5026580d02d7e5c70500c831",
+ "c995f7ca0b0c42837d0bbe9602a9fc998520b41c85115aa5f7684c0edc111eacc24abd6be4b5d298b65f28600a2f1df1");
+
+ ecc_set_str (&ecc->ref[2], /* 4 g */
+ "138251cd52ac9298c1c8aad977321deb97e709bd0b4ca0aca55dc8ad51dcfc9d1589a1597e3a5120e1efd631c63e1835",
+ "cacae29869a62e1631e8a28181ab56616dc45d918abc09f3ab0e63cf792aa4dced7387be37bba569549f1c02b270ed67");
+
+ break;
+ case 521:
+ ecc_curve_init_str (ecc,
+ "1ff" /* p = 2^{521} - 1 */
+ "ffffffffffffffffffffffffffffffff"
+ "ffffffffffffffffffffffffffffffff"
+ "ffffffffffffffffffffffffffffffff"
+ "ffffffffffffffffffffffffffffffff",
+
+ "051"
+ "953eb9618e1c9a1f929a21a0b68540ee"
+ "a2da725b99b315f3b8b489918ef109e1"
+ "56193951ec7e937b1652c0bd3bb1bf07"
+ "3573df883d2c34f1ef451fd46b503f00",
+
+ "1ff"
+ "ffffffffffffffffffffffffffffffff"
+ "fffffffffffffffffffffffffffffffa"
+ "51868783bf2f966b7fcc0148f709a5d0"
+ "3bb5c9b8899c47aebb6fb71e91386409",
+
+ "c6"
+ "858e06b70404e9cd9e3ecb662395b442"
+ "9c648139053fb521f828af606b4d3dba"
+ "a14b5e77efe75928fe1dc127a2ffa8de"
+ "3348b3c1856a429bf97e7e31c2e5bd66",
+
+ "118"
+ "39296a789a3bc0045c8a5fb42c7d1bd9"
+ "98f54449579b446817afbd17273e662c"
+ "97ee72995ef42640c550b9013fad0761"
+ "353c7086a272c24088be94769fd16650");
+
+ ecc->ref = ecc_alloc (3);
+ ecc_set_str (&ecc->ref[0], /* 2 g */
+ "433c219024277e7e682fcb288148c282747403279b1ccc06352c6e5505d769be97b3b204da6ef55507aa104a3a35c5af41cf2fa364d60fd967f43e3933ba6d783d",
+ "f4bb8cc7f86db26700a7f3eceeeed3f0b5c6b5107c4da97740ab21a29906c42dbbb3e377de9f251f6b93937fa99a3248f4eafcbe95edc0f4f71be356d661f41b02");
+
+ ecc_set_str (&ecc->ref[1], /* 3 g */
+ "1a73d352443de29195dd91d6a64b5959479b52a6e5b123d9ab9e5ad7a112d7a8dd1ad3f164a3a4832051da6bd16b59fe21baeb490862c32ea05a5919d2ede37ad7d",
+ "13e9b03b97dfa62ddd9979f86c6cab814f2f1557fa82a9d0317d2f8ab1fa355ceec2e2dd4cf8dc575b02d5aced1dec3c70cf105c9bc93a590425f588ca1ee86c0e5");
+
+ ecc_set_str (&ecc->ref[2], /* 4 g */
+ "35b5df64ae2ac204c354b483487c9070cdc61c891c5ff39afc06c5d55541d3ceac8659e24afe3d0750e8b88e9f078af066a1d5025b08e5a5e2fbc87412871902f3",
+ "82096f84261279d2b673e0178eb0b4abb65521aef6e6e32e1b5ae63fe2f19907f279f283e54ba385405224f750a95b85eebb7faef04699d1d9e21f47fc346e4d0d");
+
+ break;
+ default:
+ fprintf (stderr, "No known curve for size %d\n", bit_size);
+ exit(EXIT_FAILURE);
+ }
+ ecc->bit_size = bit_size;
+}
+
+static void
+ecc_pippenger_precompute (struct ecc_curve *ecc, unsigned k, unsigned c)
+{
+ unsigned p = (ecc->bit_size + k-1) / k;
+ unsigned M = (p + c-1)/c;
+ unsigned i, j;
+
+ ecc->pippenger_k = k;
+ ecc->pippenger_c = c;
+ ecc->table_size = M << c;
+ ecc->table = ecc_alloc (ecc->table_size);
+
+ /* Compute the first 2^c entries */
+ ecc_set_zero (&ecc->table[0]);
+ ecc_set (&ecc->table[1], &ecc->g);
+
+ for (j = 2; j < (1U<<c); j <<= 1)
+ {
+ /* T[j] = 2^k T[j/2] */
+ ecc_dup (ecc, &ecc->table[j], &ecc->table[j/2]);
+ for (i = 1; i < k; i++)
+ ecc_dup (ecc, &ecc->table[j], &ecc->table[j]);
+
+ for (i = 1; i < j; i++)
+ ecc_add (ecc, &ecc->table[j + i], &ecc->table[j], &ecc->table[i]);
+ }
+ for (j = 1<<c; j < ecc->table_size; j++)
+ {
+ /* T[j] = 2^{kc} T[j-2^c] */
+ ecc_dup (ecc, &ecc->table[j], &ecc->table[j - (1<<c)]);
+ for (i = 1; i < k*c; i++)
+ ecc_dup (ecc, &ecc->table[j], &ecc->table[j]);
+ }
+}
+
+static void
+ecc_mul_pippenger (const struct ecc_curve *ecc,
+ struct ecc_point *r, const mpz_t n_input)
+{
+ mpz_t n;
+ unsigned k, c;
+ unsigned i, j;
+ unsigned bit_rows;
+
+ mpz_init (n);
+
+ mpz_mod (n, n_input, ecc->q);
+ ecc_set_zero (r);
+
+ k = ecc->pippenger_k;
+ c = ecc->pippenger_c;
+
+ bit_rows = (ecc->bit_size + k - 1) / k;
+
+ for (i = k; i-- > 0; )
+ {
+ ecc_dup (ecc, r, r);
+ for (j = 0; j * c < bit_rows; j++)
+ {
+ unsigned bits;
+ mp_size_t bit_index;
+
+ /* Extract c bits of the exponent, stride k, starting at i + kcj, ending at
+ i + k (cj + c - 1)*/
+ for (bits = 0, bit_index = i + k*(c*j+c); bit_index > i + k*c*j; )
+ {
+ bit_index -= k;
+ bits = (bits << 1) | mpz_tstbit (n, bit_index);
+ }
+
+ ecc_add (ecc, r, r, &ecc->table[(j << c) | bits]);
+ }
+ }
+ mpz_clear (n);
+}
+
+#define ASSERT_EQUAL(p, q) do { \
+ if (!ecc_equal_p (p, q)) \
+ { \
+ fprintf (stderr, "%s:%d: ASSERT_EQUAL (%s, %s) failed.\n", \
+ __FILE__, __LINE__, #p, #q); \
+ fprintf (stderr, "p = ("); \
+ mpz_out_str (stderr, 16, (p)->x); \
+ fprintf (stderr, ",\n "); \
+ mpz_out_str (stderr, 16, (p)->y); \
+ fprintf (stderr, ")\nq = ("); \
+ mpz_out_str (stderr, 16, (q)->x); \
+ fprintf (stderr, ",\n "); \
+ mpz_out_str (stderr, 16, (q)->y); \
+ fprintf (stderr, ")\n"); \
+ abort(); \
+ } \
+ } while (0)
+
+#define ASSERT_ZERO(p) do { \
+ if (!ecc_zero_p (p)) \
+ { \
+ fprintf (stderr, "%s:%d: ASSERT_ZERO (%s) failed.\n", \
+ __FILE__, __LINE__, #p); \
+ fprintf (stderr, "p = ("); \
+ mpz_out_str (stderr, 16, (p)->x); \
+ fprintf (stderr, ",\n "); \
+ mpz_out_str (stderr, 16, (p)->y); \
+ fprintf (stderr, ")\n"); \
+ abort(); \
+ } \
+ } while (0)
+
+static void
+ecc_curve_check (const struct ecc_curve *ecc)
+{
+ struct ecc_point p, q;
+ mpz_t n;
+
+ ecc_init (&p);
+ ecc_init (&q);
+ mpz_init (n);
+
+ ecc_dup (ecc, &p, &ecc->g);
+ if (ecc->ref)
+ ASSERT_EQUAL (&p, &ecc->ref[0]);
+ else
+ {
+ fprintf (stderr, "g2 = ");
+ mpz_out_str (stderr, 16, p.x);
+ fprintf (stderr, "\n ");
+ mpz_out_str (stderr, 16, p.y);
+ fprintf (stderr, "\n");
+ }
+ ecc_add (ecc, &q, &p, &ecc->g);
+ if (ecc->ref)
+ ASSERT_EQUAL (&q, &ecc->ref[1]);
+ else
+ {
+ fprintf (stderr, "g3 = ");
+ mpz_out_str (stderr, 16, q.x);
+ fprintf (stderr, "\n ");
+ mpz_out_str (stderr, 16, q.y);
+ fprintf (stderr, "\n");
+ }
+
+ ecc_add (ecc, &q, &q, &ecc->g);
+ if (ecc->ref)
+ ASSERT_EQUAL (&q, &ecc->ref[2]);
+ else
+ {
+ fprintf (stderr, "g4 = ");
+ mpz_out_str (stderr, 16, q.x);
+ fprintf (stderr, "\n ");
+ mpz_out_str (stderr, 16, q.y);
+ fprintf (stderr, "\n");
+ }
+
+ ecc_dup (ecc, &q, &p);
+ if (ecc->ref)
+ ASSERT_EQUAL (&q, &ecc->ref[2]);
+ else
+ {
+ fprintf (stderr, "g4 = ");
+ mpz_out_str (stderr, 16, q.x);
+ fprintf (stderr, "\n ");
+ mpz_out_str (stderr, 16, q.y);
+ fprintf (stderr, "\n");
+ }
+
+ ecc_mul_binary (ecc, &p, ecc->q, &ecc->g);
+ ASSERT_ZERO (&p);
+
+ ecc_mul_pippenger (ecc, &q, ecc->q);
+ ASSERT_ZERO (&q);
+
+ ecc_clear (&p);
+ ecc_clear (&q);
+ mpz_clear (n);
+}
+
+static void
+output_digits (const mpz_t x,
+ unsigned size, unsigned bits_per_limb)
+{
+ mpz_t t;
+ mpz_t mask;
+ mpz_t limb;
+ unsigned i;
+ const char *suffix;
+
+ mpz_init (t);
+ mpz_init (mask);
+ mpz_init (limb);
+
+ mpz_setbit (mask, bits_per_limb);
+ mpz_sub_ui (mask, mask, 1);
+
+ suffix = bits_per_limb > 32 ? "ULL" : "UL";
+
+ mpz_init_set (t, x);
+
+ for (i = 0; i < size; i++)
+ {
+ if ( (i % 8) == 0)
+ printf("\n ");
+
+ mpz_and (limb, mask, t);
+ printf (" 0x");
+ mpz_out_str (stdout, 16, limb);
+ printf ("%s,", suffix);
+ mpz_tdiv_q_2exp (t, t, bits_per_limb);
+ }
+
+ mpz_clear (t);
+ mpz_clear (mask);
+ mpz_clear (limb);
+}
+
+static void
+output_bignum (const char *name, const mpz_t x,
+ unsigned size, unsigned bits_per_limb)
+{
+ printf ("static const mp_limb_t %s[%d] = {", name, size);
+ output_digits (x, size, bits_per_limb);
+ printf("\n};\n");
+}
+
+static void
+output_point (const char *name, const struct ecc_point *p,
+ unsigned size, unsigned bits_per_limb)
+{
+ if (name)
+ printf("static const mp_limb_t %s[%u] = {", name, 2*size);
+
+ output_digits (p->x, size, bits_per_limb);
+ output_digits (p->y, size, bits_per_limb);
+
+ if (name)
+ printf("\n};\n");
+}
+
+static void
+output_point_redc (const char *name, const struct ecc_curve *ecc,
+ const struct ecc_point *p,
+ unsigned size, unsigned bits_per_limb)
+{
+ mpz_t t;
+ mpz_init (t);
+
+ if (name)
+ printf("static const mp_limb_t %s[%u] = {", name, 2*size);
+
+ mpz_mul_2exp (t, p->x, size * bits_per_limb);
+ mpz_mod (t, t, ecc->p);
+
+ output_digits (t, size, bits_per_limb);
+
+ mpz_mul_2exp (t, p->y, size * bits_per_limb);
+ mpz_mod (t, t, ecc->p);
+
+ output_digits (t, size, bits_per_limb);
+
+ if (name)
+ printf("\n};\n");
+
+ mpz_clear (t);
+}
+
+static unsigned
+output_modulo (const char *name, const mpz_t x,
+ unsigned size, unsigned bits_per_limb)
+{
+ mpz_t mod;
+ unsigned bits;
+
+ mpz_init (mod);
+
+ mpz_setbit (mod, bits_per_limb * size);
+ mpz_mod (mod, mod, x);
+
+ bits = mpz_sizeinbase (mod, 2);
+ assert (bits <= size * bits_per_limb - 32);
+
+ output_bignum (name, mod, size, bits_per_limb);
+
+ mpz_clear (mod);
+ return bits;
+}
+
+static void
+output_curve (const struct ecc_curve *ecc, unsigned bits_per_limb)
+{
+ unsigned limb_size = (ecc->bit_size + bits_per_limb - 1)/bits_per_limb;
+ unsigned i;
+ unsigned bits;
+ int redc_limbs;
+ mpz_t t;
+
+ mpz_init (t);
+
+ printf ("/* For NULL. */\n#include <stddef.h>\n");
+
+ printf ("#define ECC_LIMB_SIZE %u\n", limb_size);
+ printf ("#define ECC_PIPPENGER_K %u\n", ecc->pippenger_k);
+ printf ("#define ECC_PIPPENGER_C %u\n", ecc->pippenger_c);
+
+ output_bignum ("ecc_p", ecc->p, limb_size, bits_per_limb);
+ output_bignum ("ecc_b", ecc->b, limb_size, bits_per_limb);
+ output_bignum ("ecc_q", ecc->q, limb_size, bits_per_limb);
+ output_point ("ecc_g", &ecc->g, limb_size, bits_per_limb);
+ output_point_redc ("ecc_redc_g", ecc, &ecc->g, limb_size, bits_per_limb);
+
+ bits = output_modulo ("ecc_Bmodp", ecc->p, limb_size, bits_per_limb);
+ printf ("#define ECC_BMODP_SIZE %u\n",
+ (bits + bits_per_limb - 1) / bits_per_limb);
+ bits = output_modulo ("ecc_Bmodq", ecc->q, limb_size, bits_per_limb);
+ printf ("#define ECC_BMODQ_SIZE %u\n",
+ (bits + bits_per_limb - 1) / bits_per_limb);
+
+ if (ecc->bit_size < limb_size * bits_per_limb)
+ {
+ int shift;
+
+ mpz_set_ui (t, 0);
+ mpz_setbit (t, ecc->bit_size);
+ mpz_sub (t, t, ecc->p);
+ output_bignum ("ecc_Bmodp_shifted", t, limb_size, bits_per_limb);
+
+ shift = limb_size * bits_per_limb - ecc->bit_size;
+ if (shift > 0)
+ {
+ /* Check condition for reducing hi limbs. If s is the
+ normalization shift and n is the bit size (so that s + n
+ = limb_size * bite_per_limb), then we need
+
+ (2^n - 1) + (2^s - 1) (2^n - p) < 2p
+
+ or equivalently,
+
+ 2^s (2^n - p) <= p
+
+ To a allow a carry limb to be added in at the same time,
+ substitute s+1 for s.
+ */
+ /* FIXME: For ecdsa verify, we actually need the stricter
+ inequality < 2 q. */
+ mpz_mul_2exp (t, t, shift + 1);
+ if (mpz_cmp (t, ecc->p) > 0)
+ {
+ fprintf (stderr, "Reduction condition failed for %u-bit curve.\n",
+ ecc->bit_size);
+ exit (EXIT_FAILURE);
+ }
+ }
+ mpz_set_ui (t, 0);
+ mpz_setbit (t, ecc->bit_size);
+ mpz_sub (t, t, ecc->q);
+ output_bignum ("ecc_Bmodq_shifted", t, limb_size, bits_per_limb);
+ }
+ else
+ {
+ printf ("#define ecc_Bmodp_shifted ecc_Bmodp\n");
+ printf ("#define ecc_Bmodq_shifted ecc_Bmodq\n");
+ }
+
+ mpz_add_ui (t, ecc->p, 1);
+ mpz_fdiv_q_2exp (t, t, 1);
+ output_bignum ("ecc_pp1h", t, limb_size, bits_per_limb);
+
+ mpz_add_ui (t, ecc->q, 1);
+ mpz_fdiv_q_2exp (t, t, 1);
+ output_bignum ("ecc_qp1h", t, limb_size, bits_per_limb);
+
+ /* Trailing zeros in p+1 correspond to trailing ones in p. */
+ redc_limbs = mpz_scan0 (ecc->p, 0) / bits_per_limb;
+ if (redc_limbs > 0)
+ {
+ mpz_add_ui (t, ecc->p, 1);
+ mpz_fdiv_q_2exp (t, t, redc_limbs * bits_per_limb);
+ output_bignum ("ecc_redc_ppm1", t, limb_size - redc_limbs, bits_per_limb);
+ }
+ else
+ {
+ /* Trailing zeros in p-1 correspond to zeros just above the low
+ bit of p */
+ redc_limbs = mpz_scan1 (ecc->p, 1) / bits_per_limb;
+ if (redc_limbs > 0)
+ {
+ printf ("#define ecc_redc_ppm1 (ecc_p + %d)\n",
+ redc_limbs);
+ redc_limbs = -redc_limbs;
+ }
+ else
+ printf ("#define ecc_redc_ppm1 NULL\n");
+ }
+ printf ("#define ECC_REDC_SIZE %d\n", redc_limbs);
+
+ printf ("#if USE_REDC\n");
+ printf ("#define ecc_unit ecc_Bmodp\n");
+
+ printf ("static const mp_limb_t ecc_table[%lu] = {",
+ (unsigned long) (2*ecc->table_size * limb_size));
+ for (i = 0; i < ecc->table_size; i++)
+ output_point_redc (NULL, ecc, &ecc->table[i], limb_size, bits_per_limb);
+
+ printf("\n};\n");
+
+ printf ("#else\n");
+
+ mpz_init_set_ui (t, 1);
+ output_bignum ("ecc_unit", t, limb_size, bits_per_limb);
+
+ printf ("static const mp_limb_t ecc_table[%lu] = {",
+ (unsigned long) (2*ecc->table_size * limb_size));
+ for (i = 0; i < ecc->table_size; i++)
+ output_point (NULL, &ecc->table[i], limb_size, bits_per_limb);
+
+ printf("\n};\n");
+ printf ("#endif\n");
+
+ mpz_clear (t);
+}
+
+int
+main (int argc, char **argv)
+{
+ struct ecc_curve ecc;
+
+ if (argc < 4)
+ {
+ fprintf (stderr, "Usage: %s CURVE-BITS K C [BITS-PER-LIMB]\n", argv[0]);
+ return EXIT_FAILURE;
+ }
+
+ ecc_curve_init (&ecc, atoi(argv[1]));
+
+ ecc_pippenger_precompute (&ecc, atoi(argv[2]), atoi(argv[3]));
+
+ fprintf (stderr, "Table size: %lu entries\n",
+ (unsigned long) ecc.table_size);
+
+ ecc_curve_check (&ecc);
+
+ if (argc > 4)
+ output_curve (&ecc, atoi(argv[4]));
+
+ return EXIT_SUCCESS;
+}
--- /dev/null
+/* ecdsa-keygen.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+#include <stdlib.h>
+
+#include "ecdsa.h"
+#include "ecc-internal.h"
+#include "nettle-internal.h"
+
+void
+ecdsa_generate_keypair (struct ecc_point *pub,
+ struct ecc_scalar *key,
+ void *random_ctx, nettle_random_func *random)
+{
+ TMP_DECL(p, mp_limb_t, 3*ECC_MAX_SIZE + ECC_MUL_G_ITCH (ECC_MAX_SIZE));
+ mp_size_t itch = 3*pub->ecc->size + ECC_MUL_G_ITCH (pub->ecc->size);
+
+ assert (key->ecc == pub->ecc);
+
+ TMP_ALLOC (p, itch);
+
+ ecc_modq_random (key->ecc, key->p, random_ctx, random, p);
+ ecc_mul_g (pub->ecc, p, key->p, p + 3*pub->ecc->size);
+ ecc_j_to_a (pub->ecc, 1, pub->p, p, p + 3*pub->ecc->size);
+}
--- /dev/null
+/* ecdsa-sign.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+#include <stdlib.h>
+
+#include "ecdsa.h"
+#include "ecc-internal.h"
+#include "nettle-internal.h"
+
+void
+ecdsa_sign (const struct ecc_scalar *key,
+ void *random_ctx, nettle_random_func *random,
+ unsigned digest_length,
+ const uint8_t *digest,
+ struct dsa_signature *signature)
+{
+ /* At most 936 bytes. */
+ TMP_DECL(k, mp_limb_t, ECC_MAX_SIZE + ECC_ECDSA_SIGN_ITCH (ECC_MAX_SIZE));
+ mp_limb_t size = key->ecc->size;
+ mp_limb_t *rp = mpz_limbs_write (signature->r, size);
+ mp_limb_t *sp = mpz_limbs_write (signature->s, size);
+
+ TMP_ALLOC (k, size + ECC_ECDSA_SIGN_ITCH (size));
+
+ /* Timing reveals the number of rounds through this loop, but the
+ timing is still independent of the secret k finally used. */
+ do
+ {
+ ecc_modq_random (key->ecc, k, random_ctx, random, k + size);
+ ecc_ecdsa_sign (key->ecc, key->p, k, digest_length, digest,
+ rp, sp, k + size);
+ mpz_limbs_finish (signature->r, size);
+ mpz_limbs_finish (signature->s, size);
+ }
+ while (mpz_sgn (signature->r) == 0 || mpz_sgn (signature->s) == 0);
+}
--- /dev/null
+/* ecc-ecdsa-verify.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+#include <stdlib.h>
+
+#include "ecdsa.h"
+#include "ecc-internal.h"
+
+int
+ecdsa_verify (const struct ecc_point *pub,
+ unsigned length, const uint8_t *digest,
+ const struct dsa_signature *signature)
+{
+ mp_limb_t size = pub->ecc->size;
+ mp_size_t itch = 2*size + ECC_ECDSA_VERIFY_ITCH (size);
+ /* For ECC_MUL_A_WBITS == 0, at most 1512 bytes. With
+ ECC_MUL_A_WBITS == 4, currently needs 67 * ecc->size, at most
+ 4824 bytes. Don't use stack allocation for this. */
+ mp_limb_t *scratch = gmp_alloc_limbs (itch);
+ int res;
+
+#define rp scratch
+#define sp (scratch + size)
+#define scratch_out (scratch + 2*size)
+
+ if (mpz_sgn (signature->r) <= 0 || mpz_size (signature->r) > size
+ || mpz_sgn (signature->s) <= 0 || mpz_size (signature->s) > size)
+ return 0;
+
+ mpz_limbs_copy (rp, signature->r, size);
+ mpz_limbs_copy (sp, signature->s, size);
+
+ res = ecc_ecdsa_verify (pub->ecc, pub->p, length, digest, rp, sp, scratch_out);
+
+ gmp_free_limbs (scratch, itch);
+
+ return res;
+#undef rp
+#undef sp
+#undef scratch_out
+}
--- /dev/null
+/* ecdsa.h */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#ifndef NETTLE_ECDSA_H_INCLUDED
+#define NETTLE_ECDSA_H_INCLUDED
+
+#include "ecc.h"
+#include "dsa.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Name mangling */
+#define ecdsa_sign nettle_ecdsa_sign
+#define ecdsa_verify nettle_ecdsa_verify
+#define ecdsa_generate_keypair nettle_ecdsa_generate_keypair
+#define ecc_ecdsa_sign nettle_ecc_ecdsa_sign
+#define ecc_ecdsa_sign_itch nettle_ecc_ecdsa_sign_itch
+#define ecc_ecdsa_verify nettle_ecc_ecdsa_verify
+#define ecc_ecdsa_verify_itch nettle_ecc_ecdsa_verify_itch
+
+/* High level ECDSA functions.
+ *
+ * A public key is represented as a struct ecc_point, and a private
+ * key as a struct ecc_scalar. FIXME: Introduce some aliases? */
+void
+ecdsa_sign (const struct ecc_scalar *key,
+ void *random_ctx, nettle_random_func *random,
+ unsigned digest_length,
+ const uint8_t *digest,
+ struct dsa_signature *signature);
+
+int
+ecdsa_verify (const struct ecc_point *pub,
+ unsigned length, const uint8_t *digest,
+ const struct dsa_signature *signature);
+
+void
+ecdsa_generate_keypair (struct ecc_point *pub,
+ struct ecc_scalar *key,
+ void *random_ctx, nettle_random_func *random);
+
+/* Low-level ECDSA functions. */
+mp_size_t
+ecc_ecdsa_sign_itch (const struct ecc_curve *ecc);
+
+void
+ecc_ecdsa_sign (const struct ecc_curve *ecc,
+ const mp_limb_t *zp,
+ /* Random nonce, must be invertible mod ecc group
+ order. */
+ const mp_limb_t *kp,
+ unsigned length, const uint8_t *digest,
+ mp_limb_t *rp, mp_limb_t *sp,
+ mp_limb_t *scratch);
+
+mp_size_t
+ecc_ecdsa_verify_itch (const struct ecc_curve *ecc);
+
+int
+ecc_ecdsa_verify (const struct ecc_curve *ecc,
+ const mp_limb_t *pp, /* Public key */
+ unsigned length, const uint8_t *digest,
+ const mp_limb_t *rp, const mp_limb_t *sp,
+ mp_limb_t *scratch);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* NETTLE_ECDSA_H_INCLUDED */
PRE_LDFLAGS = -L..
OPENSSL_LIBFLAGS = @OPENSSL_LIBFLAGS@
-RSA_TARGETS = rsa-keygen$(EXEEXT) rsa-sign$(EXEEXT) \
- rsa-verify$(EXEEXT) rsa-encrypt$(EXEEXT) rsa-decrypt$(EXEEXT)
-TARGETS = nettle-benchmark$(EXEEXT) eratosthenes$(EXEEXT) @IF_HOGWEED@ $(RSA_TARGETS) next-prime$(EXEEXT) random-prime$(EXEEXT)
-SOURCES = nettle-benchmark.c eratosthenes.c next-prime.c random-prime.c \
+BENCH_LIBS = @BENCH_LIBS@ -lm
+
+HOGWEED_TARGETS = rsa-keygen$(EXEEXT) rsa-sign$(EXEEXT) \
+ rsa-verify$(EXEEXT) rsa-encrypt$(EXEEXT) rsa-decrypt$(EXEEXT) \
+ next-prime$(EXEEXT) random-prime$(EXEEXT) \
+ hogweed-benchmark$(EXEEXT) ecc-benchmark$(EXEEXT)
+
+ENC_TARGETS = base16enc$(EXEEXT) base16dec$(EXEEXT) \
+ base64enc$(EXEEXT) base64dec$(EXEEXT)
+TARGETS = nettle-benchmark$(EXEEXT) eratosthenes$(EXEEXT) \
+ $(ENC_TARGETS) @IF_HOGWEED@ $(HOGWEED_TARGETS)
+
+SOURCES = nettle-benchmark.c hogweed-benchmark.c ecc-benchmark.c \
+ eratosthenes.c next-prime.c random-prime.c \
nettle-openssl.c \
- io.c read_rsa_key.c getopt.c getopt1.c \
- rsa-encrypt.c rsa-decrypt.c rsa-keygen.c rsa-sign.c rsa-verify.c
+ io.c read_rsa_key.c \
+ rsa-encrypt.c rsa-decrypt.c rsa-keygen.c rsa-sign.c rsa-verify.c \
+ base16enc.c base16dec.c base64enc.c base64dec.c timing.c
-GETOPT_OBJS = getopt.$(OBJEXT) getopt1.$(OBJEXT)
+
+GETOPT_OBJS = ../getopt.$(OBJEXT) ../getopt1.$(OBJEXT)
TS_ALL = rsa-sign-test rsa-verify-test rsa-encrypt-test
-DISTFILES= $(SOURCES) Makefile.in $(TS_ALL) run-tests setup-env teardown-env \
- io.h rsa-session.h getopt.h
+DISTFILES= $(SOURCES) Makefile.in $(TS_ALL) setup-env teardown-env \
+ io.h rsa-session.h timing.h
all: $(TARGETS)
.c.$(OBJEXT):
$(COMPILE) -c $< && $(DEP_PROCESS)
+# NOTE: If we required GNU make, we could use a single rule with $(@F)
+# or $(notdir $@)
+../getopt.$(OBJEXT):
+ ( cd .. && $(MAKE) getopt.$(OBJEXT))
+../getopt1.$(OBJEXT):
+ ( cd .. && $(MAKE) getopt1.$(OBJEXT))
+../nettle-internal.$(OBJEXT):
+ ( cd .. && $(MAKE) nettle-internal.$(OBJEXT))
+
# For Solaris and BSD make, we have to use an explicit rule for each executable
-next-prime$(EXEEXT): next-prime.$(OBJEXT) $(GETOPT_OBJS) ../libhogweed.a
+next-prime$(EXEEXT): next-prime.$(OBJEXT) $(GETOPT_OBJS)
$(LINK) next-prime.$(OBJEXT) $(GETOPT_OBJS) \
-lhogweed -lnettle $(LIBS) -o next-prime$(EXEEXT)
-random-prime$(EXEEXT): random-prime.$(OBJEXT) $(GETOPT_OBJS) ../libhogweed.a
+random-prime$(EXEEXT): random-prime.$(OBJEXT) io.$(OBJEXT) $(GETOPT_OBJS)
$(LINK) random-prime.$(OBJEXT) io.$(OBJEXT) $(GETOPT_OBJS) \
-lhogweed -lnettle $(LIBS) -o random-prime$(EXEEXT)
-rsa-keygen$(EXEEXT): rsa-keygen.$(OBJEXT) $(GETOPT_OBJS)
+rsa-keygen$(EXEEXT): rsa-keygen.$(OBJEXT) io.$(OBJEXT) $(GETOPT_OBJS)
$(LINK) rsa-keygen.$(OBJEXT) io.$(OBJEXT) $(GETOPT_OBJS) \
-lhogweed -lnettle $(LIBS) -o rsa-keygen$(EXEEXT)
-rsa-sign$(EXEEXT): rsa-sign.$(OBJEXT) read_rsa_key.$(OBJEXT)
+rsa-sign$(EXEEXT): rsa-sign.$(OBJEXT) io.$(OBJEXT) read_rsa_key.$(OBJEXT)
$(LINK) rsa-sign.$(OBJEXT) io.$(OBJEXT) read_rsa_key.$(OBJEXT) \
-lhogweed -lnettle $(LIBS) -o rsa-sign$(EXEEXT)
-rsa-verify$(EXEEXT): rsa-verify.$(OBJEXT) read_rsa_key.$(OBJEXT)
+rsa-verify$(EXEEXT): rsa-verify.$(OBJEXT) io.$(OBJEXT) read_rsa_key.$(OBJEXT)
$(LINK) rsa-verify.$(OBJEXT) io.$(OBJEXT) read_rsa_key.$(OBJEXT) \
-lhogweed -lnettle $(LIBS) -o rsa-verify$(EXEEXT)
-rsa-encrypt$(EXEEXT): rsa-encrypt.$(OBJEXT) read_rsa_key.$(OBJEXT) $(GETOPT_OBJS)
+rsa-encrypt$(EXEEXT): rsa-encrypt.$(OBJEXT) io.$(OBJEXT) read_rsa_key.$(OBJEXT) $(GETOPT_OBJS)
$(LINK) rsa-encrypt.$(OBJEXT) io.$(OBJEXT) read_rsa_key.$(OBJEXT) \
$(GETOPT_OBJS) \
-lhogweed -lnettle $(LIBS) -o rsa-encrypt$(EXEEXT)
-rsa-decrypt$(EXEEXT): rsa-decrypt.$(OBJEXT) read_rsa_key.$(OBJEXT)
+rsa-decrypt$(EXEEXT): rsa-decrypt.$(OBJEXT) io.$(OBJEXT) read_rsa_key.$(OBJEXT)
$(LINK) rsa-decrypt.$(OBJEXT) io.$(OBJEXT) read_rsa_key.$(OBJEXT) \
-lhogweed -lnettle $(LIBS) -o rsa-decrypt$(EXEEXT)
+base16enc$(EXEEXT): base16enc.$(OBJEXT) io.$(OBJEXT)
+ $(LINK) base16enc.$(OBJEXT) io.$(OBJEXT) \
+ -lnettle $(LIBS) -o base16enc$(EXEEXT)
+
+base16dec$(EXEEXT): base16dec.$(OBJEXT) io.$(OBJEXT)
+ $(LINK) base16dec.$(OBJEXT) io.$(OBJEXT) \
+ -lnettle $(LIBS) -o base16dec$(EXEEXT)
+
+base64enc$(EXEEXT): base64enc.$(OBJEXT) io.$(OBJEXT)
+ $(LINK) base64enc.$(OBJEXT) io.$(OBJEXT) \
+ -lnettle $(LIBS) -o base64enc$(EXEEXT)
+
+base64dec$(EXEEXT): base64dec.$(OBJEXT) io.$(OBJEXT)
+ $(LINK) base64dec.$(OBJEXT) io.$(OBJEXT) \
+ -lnettle $(LIBS) -o base64dec$(EXEEXT)
+
eratosthenes$(EXEEXT): eratosthenes.$(OBJEXT) $(GETOPT_OBJS)
$(LINK) eratosthenes.$(OBJEXT) $(GETOPT_OBJS) -o eratosthenes$(EXEEXT)
-nettle-benchmark$(EXEEXT): nettle-benchmark.$(OBJEXT) nettle-openssl.$(OBJEXT) $(GETOPT_OBJS)
- $(LINK) nettle-benchmark.$(OBJEXT) nettle-openssl.$(OBJEXT) io.$(OBJEXT) $(GETOPT_OBJS) \
- -lnettle $(LIBS) $(OPENSSL_LIBFLAGS) -o nettle-benchmark$(EXEEXT)
+BENCH_OBJS = nettle-benchmark.$(OBJEXT) nettle-openssl.$(OBJEXT) \
+ $(GETOPT_OBJS) ../nettle-internal.$(OBJEXT) timing.$(OBJEXT)
+nettle-benchmark$(EXEEXT): $(BENCH_OBJS)
+ $(LINK) $(BENCH_OBJS) -lnettle $(BENCH_LIBS) $(OPENSSL_LIBFLAGS) -o nettle-benchmark$(EXEEXT)
-$(TARGETS) : io.$(OBJEXT) ../libnettle.a
+ECC_BENCH_OBJS = ecc-benchmark.$(OBJEXT) timing.$(OBJEXT)
+ecc-benchmark$(EXEEXT): $(ECC_BENCH_OBJS)
+ $(LINK) $(ECC_BENCH_OBJS) -lhogweed -lnettle $(BENCH_LIBS) $(LIBS) \
+ -o ecc-benchmark$(EXEEXT)
+
+HOGWEED_BENCH_OBJS = hogweed-benchmark.$(OBJEXT) timing.$(OBJEXT)
+hogweed-benchmark$(EXEEXT): $(HOGWEED_BENCH_OBJS)
+ $(LINK) $(HOGWEED_BENCH_OBJS) \
+ -lhogweed -lnettle $(BENCH_LIBS) $(LIBS) $(OPENSSL_LIBFLAGS) \
+ -o hogweed-benchmark$(EXEEXT)
+$(TARGETS) : io.$(OBJEXT) ../libnettle.a
+$(HOGWEED_TARGETS): ../libhogweed.a
check: $(TS_ALL)
- LD_LIBRARY_PATH=../.lib srcdir="$(srcdir)" \
- "$(srcdir)"/run-tests $(TS_ALL)
+ LD_LIBRARY_PATH=../.lib PATH="../.lib:$$PATH" srcdir="$(srcdir)" \
+ EMULATOR="$(EMULATOR)" EXEEXT="$(EXEEXT)" \
+ "$(top_srcdir)"/run-tests $(TS_ALL)
Makefile: $(srcdir)/Makefile.in ../config.status
cd .. && $(SHELL) ./config.status examples/$@
--- /dev/null
+/* base16dec -- an decoder for base16
+ *
+ * Copyright (C) 2006, 2012 Jeronimo Pellegrini, Niels Möller
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <errno.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#ifdef WIN32
+#include <fcntl.h>
+#endif
+
+#include "base16.h"
+
+#include "io.h"
+
+#define CHUNK_SIZE 16392
+
+/* The maximum number of bytes generated for each chunk: */
+#define DECODED_SIZE BASE16_DECODE_LENGTH(CHUNK_SIZE)
+
+
+/*
+ * Reads base-16 encoded from stdin, writes decoded to stdout.
+ */
+int
+main(int argc UNUSED, char **argv UNUSED)
+{
+ /* "buffer" will hold the bytes from disk: */
+ uint8_t * buffer = xalloc (CHUNK_SIZE);
+
+ /* "result" will hold bytes before output: */
+ uint8_t * result = xalloc (DECODED_SIZE);
+
+ /* We need a Base16 context for decoding: */
+ struct base16_decode_ctx b16_ctx;
+
+ /* Init the context: */
+ base16_decode_init (&b16_ctx);
+
+#ifdef WIN32
+ _setmode(1, O_BINARY);
+#endif
+
+ for (;;)
+ {
+ int nbytes; /* Number of bytes read frmo disk at each iteration */
+ unsigned decoded_bytes; /* Bytes actually generated at each iteration */
+
+ nbytes = fread(buffer, 1, CHUNK_SIZE, stdin);
+
+ if (nbytes < CHUNK_SIZE && ferror(stdin))
+ {
+ werror ("Error reading file: %s\n", strerror(errno));
+ return EXIT_FAILURE;
+ }
+
+ decoded_bytes = BASE16_DECODE_LENGTH(nbytes);
+
+ /* Decodes one chunk: */
+ if (!base16_decode_update(&b16_ctx, &decoded_bytes, result, nbytes, buffer))
+ {
+ werror ("Error decoding input (not base16?)\n");
+ return EXIT_FAILURE;
+ }
+
+ if (!write_string (stdout, decoded_bytes, result))
+ {
+ werror ("Error writing file: %s\n", strerror(errno));
+ return EXIT_FAILURE;
+ }
+ if (nbytes < CHUNK_SIZE)
+ {
+ /* Check if decoding finalized OK: */
+ if (!base16_decode_final(&b16_ctx))
+ {
+ werror("Decoding did not finish properly.\n");
+ return EXIT_FAILURE;
+ }
+ break;
+ }
+ }
+
+ if (fflush (stdout) != 0)
+ {
+ werror ("Error writing file: %s\n", strerror(errno));
+ return EXIT_FAILURE;
+ }
+
+ free (buffer);
+ free (result);
+
+ return EXIT_SUCCESS;
+}
+
--- /dev/null
+/* base16enc -- an encoder for base16
+ *
+ * Copyright (C) 2006, 2012 Jeronimo Pellegrini, Niels Möller
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <errno.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#ifdef WIN32
+#include <fcntl.h>
+#endif
+
+#include "base16.h"
+
+#include "io.h"
+
+/* The number of bytes read in each iteration, we do one line at a time: */
+#define CHUNK_SIZE 36
+
+/* The *maximum* size of an encoded chunk: */
+#define ENCODED_SIZE BASE16_ENCODE_LENGTH(CHUNK_SIZE)
+
+/*
+ * Reads bytes from standard input and writes base64-encoded
+ * on standard output.
+ */
+int
+main(int argc UNUSED, char **argv UNUSED)
+{
+
+#ifdef WIN32
+ _setmode(0, O_BINARY);
+#endif
+
+ /* There is no context to initialize. */
+
+ for (;;)
+ {
+ /* "buffer" will hold the bytes from disk: */
+ uint8_t buffer[CHUNK_SIZE];
+ /* "result" will hold bytes before output: */
+ uint8_t result[ENCODED_SIZE + 1];
+ unsigned nbytes; /* Number of bytes read from stdin */
+ int encoded_bytes; /* Total number of bytes encoded per iteration */
+
+ nbytes = fread(buffer,1,CHUNK_SIZE,stdin);
+
+ /* We overwrite result with more data */
+ base16_encode_update(result, nbytes, buffer);
+ encoded_bytes = BASE16_ENCODE_LENGTH(nbytes);
+ result[encoded_bytes++] = '\n';
+
+ if (nbytes < CHUNK_SIZE)
+ {
+ if (ferror(stdin))
+ {
+ werror ("Error reading file: %s\n", strerror(errno));
+ return EXIT_FAILURE;
+ }
+ if (!write_string (stdout, encoded_bytes, result)
+ || fflush (stdout) != 0)
+ {
+ werror ("Error writing file: %s\n", strerror(errno));
+ return EXIT_FAILURE;
+ }
+ return EXIT_SUCCESS;
+ }
+ /* The result vector is printed */
+ if (!write_string(stdout,encoded_bytes, result))
+ {
+ werror ("Error writing file: %s\n", strerror(errno));
+ return EXIT_FAILURE;
+ }
+ }
+}
+
--- /dev/null
+/* base64dec -- an decoder for base64
+ *
+ * Copyright (C) 2006, 2012 Jeronimo Pellegrini, Niels Möller
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <errno.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#ifdef WIN32
+#include <fcntl.h>
+#endif
+
+#include "base64.h"
+
+#include "io.h"
+
+#define CHUNK_SIZE 16392
+
+/* The maximum number of bytes generated for each chunk: */
+#define DECODED_SIZE BASE64_DECODE_LENGTH(CHUNK_SIZE)
+
+
+/*
+ * Reads base-64 encoded from stdin, writes decoded to stdout.
+ */
+int
+main(int argc UNUSED, char **argv UNUSED)
+{
+ /* "buffer" will hold the bytes from disk: */
+ uint8_t * buffer = xalloc (CHUNK_SIZE);
+
+ /* "result" will hold bytes before output: */
+ uint8_t * result = xalloc (DECODED_SIZE);
+
+ /* We need a Base64 context for decoding: */
+ struct base64_decode_ctx b64_ctx;
+
+ /* Init the context: */
+ base64_decode_init(&b64_ctx);
+
+#ifdef WIN32
+ _setmode(1, O_BINARY);
+#endif
+
+ for (;;)
+ {
+ int nbytes; /* Number of bytes read frmo disk at each iteration */
+ unsigned decoded_bytes; /* Bytes actually generated at each iteration */
+
+ nbytes = fread(buffer, 1, CHUNK_SIZE, stdin);
+
+ if (nbytes < CHUNK_SIZE && ferror(stdin))
+ {
+ werror ("Error reading file: %s\n", strerror(errno));
+ return EXIT_FAILURE;
+ }
+
+ decoded_bytes = BASE64_DECODE_LENGTH(nbytes);
+
+ /* Decodes one chunk: */
+ if (!base64_decode_update(&b64_ctx, &decoded_bytes, result, nbytes, buffer))
+ {
+ werror ("Error decoding input (not base64?)\n");
+ return EXIT_FAILURE;
+ }
+
+ if (!write_string (stdout, decoded_bytes, result))
+ {
+ werror ("Error writing file: %s\n", strerror(errno));
+ return EXIT_FAILURE;
+ }
+
+ if (nbytes < CHUNK_SIZE)
+ {
+ /* Check if decoding finalized OK: */
+ if (!base64_decode_final(&b64_ctx))
+ {
+ werror ("Decoding did not finish properly.\n");
+ return EXIT_FAILURE;
+ }
+ break;
+ }
+ }
+
+ if (fflush (stdout) != 0)
+ {
+ werror ("Error writing file: %s\n", strerror(errno));
+ return EXIT_FAILURE;
+ }
+
+ free (buffer);
+ free (result);
+
+ return EXIT_SUCCESS;
+}
--- /dev/null
+/* base64enc -- an encoder for base64
+ *
+ * Copyright (C) 2006, 2012 Jeronimo Pellegrini, Niels Möller
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <errno.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#ifdef WIN32
+#include <fcntl.h>
+#endif
+
+#include "base64.h"
+
+#include "io.h"
+
+/* The number of bytes read in each iteration, we do one line at a time: */
+#define CHUNK_SIZE 54
+
+/* The *maximum* size of an encoded chunk: */
+#define ENCODED_SIZE BASE64_ENCODE_LENGTH(CHUNK_SIZE)
+
+/*
+ * Reads bytes from standard input and writes base64-encoded
+ * on standard output.
+ */
+int
+main(int argc UNUSED, char **argv UNUSED)
+{
+ struct base64_encode_ctx b64_ctx;
+
+ /* Init the context: */
+ base64_encode_init(&b64_ctx);
+
+#ifdef WIN32
+ _setmode(0, O_BINARY);
+#endif
+
+ for (;;)
+ {
+ /* "buffer" will hold the bytes from disk: */
+ uint8_t buffer[CHUNK_SIZE];
+ /* "result" is the result vector: */
+ uint8_t result[ENCODED_SIZE + BASE64_ENCODE_FINAL_LENGTH + 1];
+ unsigned nbytes; /* Number of bytes read from stdin */
+ int encoded_bytes; /* total number of bytes encoded per iteration */
+ nbytes = fread(buffer,1,CHUNK_SIZE,stdin);
+
+ /* We overwrite result with more data */
+ encoded_bytes = base64_encode_update(&b64_ctx, result, nbytes, buffer);
+
+ if (nbytes < CHUNK_SIZE)
+ {
+ if (ferror(stdin))
+ {
+ werror ("Error reading file: %s\n", strerror(errno));
+ return EXIT_FAILURE;
+ }
+ encoded_bytes += base64_encode_final(&b64_ctx,result + encoded_bytes);
+
+ result[encoded_bytes++] = '\n';
+ if (!write_string (stdout, encoded_bytes, result)
+ || fflush (stdout) != 0)
+ {
+ werror ("Error writing file: %s\n", strerror(errno));
+ return EXIT_FAILURE;
+ }
+ return EXIT_SUCCESS;
+ }
+
+ /* The result vector is written */
+ result[encoded_bytes++] = '\n';
+ if (!write_string (stdout, encoded_bytes, result))
+ {
+ werror ("Error writing file: %s\n", strerror(errno));
+ return EXIT_FAILURE;
+ }
+ }
+}
--- /dev/null
+/* ecc-benchmark.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <errno.h>
+
+#include <time.h>
+
+#include "timing.h"
+
+#include "../ecc.h"
+#include "../ecc-internal.h"
+#include "../gmp-glue.h"
+
+#define BENCH_INTERVAL 0.1
+
+static void NORETURN PRINTF_STYLE(1,2)
+die(const char *format, ...)
+{
+ va_list args;
+ va_start(args, format);
+ vfprintf(stderr, format, args);
+ va_end(args);
+
+ exit(EXIT_FAILURE);
+}
+
+static void *
+xalloc (size_t size)
+{
+ void *p = malloc (size);
+ if (!p)
+ {
+ fprintf (stderr, "Virtual memory exhausted\n");
+ abort ();
+ }
+ return p;
+}
+
+static mp_limb_t *
+xalloc_limbs (mp_size_t size)
+{
+ return xalloc (size * sizeof(mp_limb_t));
+}
+
+/* Returns second per function call */
+static double
+time_function(void (*f)(void *arg), void *arg)
+{
+ unsigned ncalls;
+ double elapsed;
+
+ /* Warm up */
+ f(arg);
+ for (ncalls = 10 ;;)
+ {
+ unsigned i;
+
+ time_start();
+ for (i = 0; i < ncalls; i++)
+ f(arg);
+ elapsed = time_end();
+ if (elapsed > BENCH_INTERVAL)
+ break;
+ else if (elapsed < BENCH_INTERVAL / 10)
+ ncalls *= 10;
+ else
+ ncalls *= 2;
+ }
+ return elapsed / ncalls;
+}
+
+static int
+modinv_gcd (const struct ecc_curve *ecc,
+ mp_limb_t *rp, mp_limb_t *ap, mp_limb_t *tp)
+{
+ mp_size_t size = ecc->size;
+ mp_limb_t *up = tp;
+ mp_limb_t *vp = tp + size+1;
+ mp_limb_t *gp = tp + 2*(size+1);
+ mp_limb_t *sp = tp + 3*(size+1);
+ mp_size_t gn, sn;
+
+ mpn_copyi (up, ap, size);
+ mpn_copyi (vp, ecc->p, size);
+ gn = mpn_gcdext (gp, sp, &sn, up, size, vp, size);
+ if (gn != 1 || gp[0] != 1)
+ return 0;
+
+ if (sn < 0)
+ mpn_sub (sp, ecc->p, size, sp, -sn);
+ else if (sn < size)
+ /* Zero-pad. */
+ mpn_zero (sp + sn, size - sn);
+
+ mpn_copyi (rp, sp, size);
+ return 1;
+}
+
+struct ecc_ctx {
+ const struct ecc_curve *ecc;
+ mp_limb_t *rp;
+ mp_limb_t *ap;
+ mp_limb_t *bp;
+ mp_limb_t *tp;
+};
+
+static void
+bench_modp (void *p)
+{
+ struct ecc_ctx *ctx = (struct ecc_ctx *) p;
+ mpn_copyi (ctx->rp, ctx->ap, 2*ctx->ecc->size);
+ ctx->ecc->modp (ctx->ecc, ctx->rp);
+}
+
+static void
+bench_redc (void *p)
+{
+ struct ecc_ctx *ctx = (struct ecc_ctx *) p;
+ mpn_copyi (ctx->rp, ctx->ap, 2*ctx->ecc->size);
+ ctx->ecc->redc (ctx->ecc, ctx->rp);
+}
+
+static void
+bench_modq (void *p)
+{
+ struct ecc_ctx *ctx = (struct ecc_ctx *) p;
+ mpn_copyi (ctx->rp, ctx->ap, 2*ctx->ecc->size);
+ ctx->ecc->modq (ctx->ecc, ctx->rp);
+}
+
+static void
+bench_modinv (void *p)
+{
+ struct ecc_ctx *ctx = (struct ecc_ctx *) p;
+ mpn_copyi (ctx->rp + ctx->ecc->size, ctx->ap, ctx->ecc->size);
+ ecc_modp_inv (ctx->ecc, ctx->rp, ctx->rp + ctx->ecc->size, ctx->tp);
+}
+
+static void
+bench_modinv_gcd (void *p)
+{
+ struct ecc_ctx *ctx = (struct ecc_ctx *) p;
+ mpn_copyi (ctx->rp + ctx->ecc->size, ctx->ap, ctx->ecc->size);
+ modinv_gcd (ctx->ecc, ctx->rp, ctx->rp + ctx->ecc->size, ctx->tp);
+}
+
+static void
+bench_dup_jj (void *p)
+{
+ struct ecc_ctx *ctx = (struct ecc_ctx *) p;
+ ecc_dup_jj (ctx->ecc, ctx->rp, ctx->ap, ctx->tp);
+}
+
+static void
+bench_add_jja (void *p)
+{
+ struct ecc_ctx *ctx = (struct ecc_ctx *) p;
+ ecc_add_jja (ctx->ecc, ctx->rp, ctx->ap, ctx->bp, ctx->tp);
+}
+
+static void
+bench_add_jjj (void *p)
+{
+ struct ecc_ctx *ctx = (struct ecc_ctx *) p;
+ ecc_add_jjj (ctx->ecc, ctx->rp, ctx->ap, ctx->bp, ctx->tp);
+}
+
+static void
+bench_mul_g (void *p)
+{
+ struct ecc_ctx *ctx = (struct ecc_ctx *) p;
+ ecc_mul_g (ctx->ecc, ctx->rp, ctx->ap, ctx->tp);
+}
+
+static void
+bench_mul_a (void *p)
+{
+ struct ecc_ctx *ctx = (struct ecc_ctx *) p;
+ ecc_mul_a (ctx->ecc, 1, ctx->rp, ctx->ap, ctx->bp, ctx->tp);
+}
+
+static void
+bench_curve (const struct ecc_curve *ecc)
+{
+ struct ecc_ctx ctx;
+ double modp, redc, modq, modinv, modinv_gcd,
+ dup_jj, add_jja, add_jjj,
+ mul_g, mul_a;
+
+ mp_limb_t mask;
+
+ ctx.ecc = ecc;
+ ctx.rp = xalloc_limbs (3*ecc->size);
+ ctx.ap = xalloc_limbs (3*ecc->size);
+ ctx.bp = xalloc_limbs (3*ecc->size);
+ ctx.tp = xalloc_limbs (ECC_MUL_A_ITCH (ecc->size));
+
+ mpn_random (ctx.ap, 3*ecc->size);
+ mpn_random (ctx.bp, 3*ecc->size);
+
+ mask = (~(mp_limb_t) 0) >> (ecc->size * GMP_NUMB_BITS - ecc->bit_size);
+ ctx.ap[ecc->size - 1] &= mask;
+ ctx.ap[2*ecc->size - 1] &= mask;
+ ctx.ap[3*ecc->size - 1] &= mask;
+ ctx.bp[ecc->size - 1] &= mask;
+ ctx.bp[2*ecc->size - 1] &= mask;
+ ctx.bp[3*ecc->size - 1] &= mask;
+
+ modp = time_function (bench_modp, &ctx);
+ redc = ecc->redc ? time_function (bench_redc, &ctx) : 0;
+
+ modq = time_function (bench_modq, &ctx);
+
+ modinv = time_function (bench_modinv, &ctx);
+ modinv_gcd = time_function (bench_modinv_gcd, &ctx);
+ dup_jj = time_function (bench_dup_jj, &ctx);
+ add_jja = time_function (bench_add_jja, &ctx);
+ add_jjj = time_function (bench_add_jjj, &ctx);
+ mul_g = time_function (bench_mul_g, &ctx);
+ mul_a = time_function (bench_mul_a, &ctx);
+
+ free (ctx.rp);
+ free (ctx.ap);
+ free (ctx.bp);
+ free (ctx.tp);
+
+ printf ("%4d %6.4f %6.4f %6.4f %6.2f %6.3f %6.3f %6.3f %6.3f %6.1f %6.1f\n",
+ ecc->bit_size, 1e6 * modp, 1e6 * redc, 1e6 * modq,
+ 1e6 * modinv, 1e6 * modinv_gcd,
+ 1e6 * dup_jj, 1e6 * add_jja, 1e6 * add_jjj,
+ 1e6 * mul_g, 1e6 * mul_a);
+}
+
+const struct ecc_curve * const curves[] = {
+ &nettle_secp_192r1,
+ &nettle_secp_224r1,
+ &nettle_secp_256r1,
+ &nettle_secp_384r1,
+ &nettle_secp_521r1,
+};
+
+#define numberof(x) (sizeof (x) / sizeof ((x)[0]))
+
+int
+main (int argc UNUSED, char **argv UNUSED)
+{
+ unsigned i;
+
+ time_init();
+ printf ("%4s %6s %6s %6s %6s %6s %6s %6s %6s %6s %6s (us)\n",
+ "size", "modp", "redc", "modq", "modinv", "mi_gcd",
+ "dup_jj", "ad_jja", "ad_jjj",
+ "mul_g", "mul_a");
+ for (i = 0; i < numberof (curves); i++)
+ bench_curve (curves[i]);
+
+ return EXIT_SUCCESS;
+}
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2007 Niels Möller
+ * Copyright (C) 2007 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
static unsigned
find_first_one (unsigned long x)
{
- unsigned table[0x101] =
+ static const unsigned char table[0x101] =
{
15, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
7,
};
+ unsigned i = 0;
+
/* Isolate least significant bit */
x &= -x;
- unsigned i = 0;
#if NEED_HANDLE_LARGE_LONG
#ifndef SIZEOF_LONG
/* Can not be tested by the preprocessor. May generate warnings
int verbose = 0;
int c;
- while ( (c = getopt(argc, argv, "?svb:")) != -1)
+ enum { OPT_HELP = 300 };
+ static const struct option options[] =
+ {
+ /* Name, args, flag, val */
+ { "help", no_argument, NULL, OPT_HELP },
+ { "verbose", no_argument, NULL, 'v' },
+ { "block-size", required_argument, NULL, 'b' },
+ { "quiet", required_argument, NULL, 'q' },
+ { NULL, 0, NULL, 0}
+ };
+
+ while ( (c = getopt_long(argc, argv, "svb:", options, NULL)) != -1)
switch (c)
{
- case '?':
+ case OPT_HELP:
usage();
- return EXIT_FAILURE;
+ return EXIT_SUCCESS;
case 'b':
block_nbits = CHAR_BIT * atosize(optarg);
if (!block_nbits)
}
break;
- case 's':
+ case 'q':
silent = 1;
break;
verbose++;
break;
+ case '?':
+ return EXIT_FAILURE;
+
default:
abort();
}
printf("%lu\n", n);
}
}
+
+ free(sieve);
+ free(block);
+
return EXIT_SUCCESS;
}
+++ /dev/null
-/* Declarations for getopt.
- Copyright (C) 1989-1994, 1996-1999, 2001 Free Software Foundation, Inc.
- This file is part of the GNU C Library.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2, or (at your option)
- any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software Foundation,
- Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */
-
-#ifndef _GETOPT_H
-
-#ifndef __need_getopt
-# define _GETOPT_H 1
-#endif
-
-/* If __GNU_LIBRARY__ is not already defined, either we are being used
- standalone, or this is the first header included in the source file.
- If we are being used with glibc, we need to include <features.h>, but
- that does not exist if we are standalone. So: if __GNU_LIBRARY__ is
- not defined, include <ctype.h>, which will pull in <features.h> for us
- if it's from glibc. (Why ctype.h? It's guaranteed to exist and it
- doesn't flood the namespace with stuff the way some other headers do.) */
-#if !defined __GNU_LIBRARY__
-# include <ctype.h>
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* For communication from `getopt' to the caller.
- When `getopt' finds an option that takes an argument,
- the argument value is returned here.
- Also, when `ordering' is RETURN_IN_ORDER,
- each non-option ARGV-element is returned here. */
-
-extern char *optarg;
-
-/* Index in ARGV of the next element to be scanned.
- This is used for communication to and from the caller
- and for communication between successive calls to `getopt'.
-
- On entry to `getopt', zero means this is the first call; initialize.
-
- When `getopt' returns -1, this is the index of the first of the
- non-option elements that the caller should itself scan.
-
- Otherwise, `optind' communicates from one call to the next
- how much of ARGV has been scanned so far. */
-
-extern int optind;
-
-/* Callers store zero here to inhibit the error message `getopt' prints
- for unrecognized options. */
-
-extern int opterr;
-
-/* Set to an option character which was unrecognized. */
-
-extern int optopt;
-
-#ifndef __need_getopt
-/* Describe the long-named options requested by the application.
- The LONG_OPTIONS argument to getopt_long or getopt_long_only is a vector
- of `struct option' terminated by an element containing a name which is
- zero.
-
- The field `has_arg' is:
- no_argument (or 0) if the option does not take an argument,
- required_argument (or 1) if the option requires an argument,
- optional_argument (or 2) if the option takes an optional argument.
-
- If the field `flag' is not NULL, it points to a variable that is set
- to the value given in the field `val' when the option is found, but
- left unchanged if the option is not found.
-
- To have a long-named option do something other than set an `int' to
- a compiled-in constant, such as set a value from `optarg', set the
- option's `flag' field to zero and its `val' field to a nonzero
- value (the equivalent single-letter option character, if there is
- one). For long options that have a zero `flag' field, `getopt'
- returns the contents of the `val' field. */
-
-struct option
-{
-# if (defined __STDC__ && __STDC__) || defined __cplusplus
- const char *name;
-# else
- char *name;
-# endif
- /* has_arg can't be an enum because some compilers complain about
- type mismatches in all the code that assumes it is an int. */
- int has_arg;
- int *flag;
- int val;
-};
-
-/* Names for the values of the `has_arg' field of `struct option'. */
-
-# define no_argument 0
-# define required_argument 1
-# define optional_argument 2
-#endif /* need getopt */
-
-
-/* Get definitions and prototypes for functions to process the
- arguments in ARGV (ARGC of them, minus the program name) for
- options given in OPTS.
-
- Return the option character from OPTS just read. Return -1 when
- there are no more options. For unrecognized options, or options
- missing arguments, `optopt' is set to the option letter, and '?' is
- returned.
-
- The OPTS string is a list of characters which are recognized option
- letters, optionally followed by colons, specifying that that letter
- takes an argument, to be placed in `optarg'.
-
- If a letter in OPTS is followed by two colons, its argument is
- optional. This behavior is specific to the GNU `getopt'.
-
- The argument `--' causes premature termination of argument
- scanning, explicitly telling `getopt' that there are no more
- options.
-
- If OPTS begins with `--', then non-option arguments are treated as
- arguments to the option '\0'. This behavior is specific to the GNU
- `getopt'. */
-
-#if (defined __STDC__ && __STDC__) || defined __cplusplus
-# ifdef __GNU_LIBRARY__
-/* Many other libraries have conflicting prototypes for getopt, with
- differences in the consts, in stdlib.h. To avoid compilation
- errors, only prototype getopt for the GNU C library. */
-extern int getopt (int argc, char *const *argv, const char *shortopts);
-# else /* not __GNU_LIBRARY__ */
-extern int getopt ();
-# endif /* __GNU_LIBRARY__ */
-
-# ifndef __need_getopt
-extern int getopt_long (int argc, char *const *argv, const char *shortopts,
- const struct option *longopts, int *longind);
-extern int getopt_long_only (int argc, char *const *argv,
- const char *shortopts,
- const struct option *longopts, int *longind);
-
-/* Internal only. Users should not call this directly. */
-extern int _getopt_internal (int argc, char *const *argv,
- const char *shortopts,
- const struct option *longopts, int *longind,
- int long_only);
-# endif
-#else /* not __STDC__ */
-extern int getopt ();
-# ifndef __need_getopt
-extern int getopt_long ();
-extern int getopt_long_only ();
-
-extern int _getopt_internal ();
-# endif
-#endif /* __STDC__ */
-
-#ifdef __cplusplus
-}
-#endif
-
-/* Make sure we later can get all the definitions and declarations. */
-#undef __need_getopt
-
-#endif /* getopt.h */
--- /dev/null
+/* hogweed-benchmark.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <errno.h>
+
+#include <time.h>
+
+#include "timing.h"
+
+#include "dsa.h"
+#include "rsa.h"
+
+#include "nettle-meta.h"
+#include "sexp.h"
+#include "knuth-lfib.h"
+
+#include "../ecdsa.h"
+#include "../ecc-internal.h"
+#include "../gmp-glue.h"
+
+#if WITH_OPENSSL
+#include <openssl/ec.h>
+#include <openssl/ecdsa.h>
+#include <openssl/objects.h>
+#endif
+
+#define BENCH_INTERVAL 0.1
+
+static void NORETURN PRINTF_STYLE(1,2)
+die(const char *format, ...)
+{
+ va_list args;
+ va_start(args, format);
+ vfprintf(stderr, format, args);
+ va_end(args);
+
+ exit(EXIT_FAILURE);
+}
+
+static void *
+xalloc (size_t size)
+{
+ void *p = malloc (size);
+ if (!p)
+ {
+ fprintf (stderr, "Virtual memory exhausted\n");
+ abort ();
+ }
+ return p;
+}
+
+static uint8_t *
+hash_string (const struct nettle_hash *hash,
+ unsigned length, const char *s)
+{
+ void *ctx = xalloc (hash->context_size);
+ uint8_t *digest = xalloc (hash->digest_size);
+ hash->init (ctx);
+ hash->update (ctx, length, s);
+ hash->digest (ctx, hash->digest_size, digest);
+ free (ctx);
+
+ return digest;
+}
+
+struct alg {
+ const char *name;
+ unsigned size;
+ void *(*init) (unsigned size);
+ void (*sign) (void *);
+ void (*verify)(void *);
+ void (*clear) (void *);
+};
+
+/* Returns second per function call */
+static double
+time_function(void (*f)(void *arg), void *arg)
+{
+ unsigned ncalls;
+ double elapsed;
+
+ /* Warm up */
+ f(arg);
+ for (ncalls = 10 ;;)
+ {
+ unsigned i;
+
+ time_start();
+ for (i = 0; i < ncalls; i++)
+ f(arg);
+ elapsed = time_end();
+ if (elapsed > BENCH_INTERVAL)
+ break;
+ else if (elapsed < BENCH_INTERVAL / 10)
+ ncalls *= 10;
+ else
+ ncalls *= 2;
+ }
+ return elapsed / ncalls;
+}
+
+static void
+bench_alg (const struct alg *alg)
+{
+ double sign;
+ double verify;
+ void *ctx;
+
+ ctx = alg->init(alg->size);
+
+ sign = time_function (alg->sign, ctx);
+ verify = time_function (alg->verify, ctx);
+
+ alg->clear (ctx);
+
+ printf("%15s %4d %9.4f %9.4f\n",
+ alg->name, alg->size, 1e-3/sign, 1e-3/verify);
+}
+
+struct rsa_ctx
+{
+ struct rsa_public_key pub;
+ struct rsa_private_key key;
+ uint8_t *digest;
+ mpz_t s;
+};
+
+static void *
+bench_rsa_init (unsigned size)
+{
+ char rsa1024[] =
+ "{KDExOnByaXZhdGUta2V5KDE0OnJzYS1wa2NzMS1zaGExKDE6bjEyOToA90+K5EmjbFJBeJD"
+ " xP2KD2Df+0Twc9425uB+vhqTrVijtd2PnwEQDfR2VoducgkKcXJzYYyCNILQJbFAi2Km/sD"
+ " jImERBqDtaI217Ze+tOKEmImexYTAgFuqEptp2F3M4DqgRQ7s/3nJQ/bPE5Hfi1OZhJSShu"
+ " I80ATTU4fUgrPspKDE6ZTM6AQABKSgxOmQxMjk6APAhKckzvxxkWfHJOpXDACWnaSKcbbvo"
+ " vtWK3pGr/F2ya7CrLtE+uOx5F1sLs9G+/7flCy5k4uNILIYg4VTirZ1zQ8fNKPrjK1VMRls"
+ " JiRRU/0VAs9d7HdncJfs6rbvRQbCRSRYURo4hWir3Lq8V3UUQVBprc4dO+uWmplvwQ5qxKS"
+ " gxOnA2NToA+8aIVkdbk8Jg8dJOuzc7m/hZnwkKSs6eVDw4N/2T0CJKGJYT+B3Ct+fPkxhUR"
+ " ggd2DQ9OpkTra7SXHTNkzdPVSkoMTpxNjU6APt11P8vXNnGYF0OC/cPsR8zhSYuFmtRuX6G"
+ " ES+DdG0VCU07UeNQkok1UoW5sXqY0IGr1jkJq8AMSgKoNbLQ6w8pKDE6YTY0Ohzkxsan/8F"
+ " wQDHgQbrIduXKVXaj0fONzKu8EXOTfUAYf0pdBsOlnq/+QVsPIrS6v7oNHK253YFEG84SdX"
+ " kcktUpKDE6YjY1OgCR+cRtY3RWY+f6/TWK9gwPndv03xpasLWrMm71ky1aSbT9pasS9+opR"
+ " tAiGzthfSbFsBiLQgb3VOr+AeIybT+XKSgxOmM2NDojigqARWN5u1CVDVuD2L2ManpoGiM6"
+ " kQ6FaJjqRjxeRRKFrQxGJa9tM1hqStxokC1oJidgaOLGnn60iwzToug9KSkp}";
+
+ char rsa2048[] =
+ "{KDExOnByaXZhdGUta2V5KDE0OnJzYS1wa2NzMS1zaGExKDE6bjI1NzoAtxWXiglIdunDK48"
+ " 8I0vW0wTqnh/riW9pLk8n1F8MUPBFdhvkkl0bDQqSJPUvSHy+w4fLVwcEzeI4qFyo3b2Avz"
+ " JK20MFbt/WfHD1TbxuK8rNqXyqmqjJ9vgjtV9nPzAz7CM9ogs3/RJHpcfZPQF15ifizleUZ"
+ " aQT0GAXHZL7cePj10yGI2u3hgTkokVzdNC/1T34guKYpErg0pt0B/KejWpsFTb84z3tkR+B"
+ " YVx07p/OoByZwoABgncS/uALl31fRS8jyJ2JqUiZOqe7XoO9hkDHYNCWUGUfNGQ7ZgVp9+e"
+ " NQpracSjrp6Jnrj7r/oxJUx5ZDVNi18AzQadE/oKOrSkoMTplMzoBAAEpKDE6ZDI1NjogBT"
+ " C5vaHk2kF+LtDvw2XRBj0aZq7FHK0ioklvBSicR0l+vKYfSxVeFIk22YLphJfAjtFraRjYA"
+ " Uaze3E1Rt1rkxoweupKV++lWAQvElOaaR/LErirz/Vysjdck1D1ZjLOi+NNofSq2DWbsvY1"
+ " iznZhQRP3lVf6XBls0iXrYs4gb0pBZqXLQW+j9Ihx6eantf1/6ZMKPgCkzcAZ0ABsCfaFSg"
+ " ouNCzilblsgFEspEbb8QqrNQoStS3F/gMwWgDsr3+vQzBqt+7ykWoCJ9wctbYy9kEPq+hX3"
+ " GP0hG6HdS81r9E8pgdf3wloNNMzYUHwn7poXGpOi8tG0pmR56TqD/BKSgxOnAxMjk6AN4AJ"
+ " TiGPm9We2ga3Y0jpTfA3mWpUbhYgaXYLWA1/riniwq16fqxRIkWQT/O2KKpBVe6WSvNYq9u"
+ " lM8N6bdPtDytJs6AOXy0X5vtJ953ZYVMhHbhmUxhIL9I+s0O1+LxMF8b9U4CrFyaTxd8Un/"
+ " FXP1BvYJRrkoup6HYvOlGx36lKSgxOnExMjk6ANMfrfH6z/3o7K56aW6kSiloDDbKZQ0+W5"
+ " 8LzP2ZOBLf6LX6jLhN3olU1Z0KGTM0S/1AxvwGjuRqhu+LcOJ7oUCUH3uusR5c5nSnArYPq"
+ " +0wbco4BQngot/HmGN7U0EDsIWqPt/qoa/b8bCk+TOwJlknNq/PnZU26SPj48XS05lpKSgx"
+ " OmExMjk6AJM2n3gLNW3ZeH5BindkktQU9qWNkV5geqDCaNyrEZ3bpI1WsrEGSj9p3Zz1ipz"
+ " a3msdbLJqQS26c72WKUzg8tFltR0s1HJInjolGtIgdNbfNdwrn9+RbQjL2VyPokOg0wXO4W"
+ " 14wlmqDhax33dRJmfe50964MvaglkGA8fhorrtKSgxOmIxMjk6AKMe+vrX2xRHf3dfxU5jS"
+ " ZmsdqNuxZzx7UB5kazvUU/kCJ1yNH/CSoq5LULkpovVgFDwV84qEwWQ+SjkCBg1hWWsDJc3"
+ " ZkobZUQENigM+72LiYiQt/PlyHI2eRuEEdNN0nm0DFhdpQeHXLoq/RBerYJ8tdgpBYxgnMn"
+ " KLhaOykbhKSgxOmMxMjg6MVlKj2bjb7qFQVkLO1OPg28jSrtRpnQCR+qegN4ZmNam/qbest"
+ " 8yn0JQ6gxX7PvP382+jx7uHHWHYYqPq/Flf8gqtOOcjqS5TJgVHz3F3xHWquo1ZofGtCMro"
+ " Dd2c0xjRjIVGvLV6Ngs+HRdljRav40vRpTyEoEdlzHBQiILesopKSk=}";
+
+ struct rsa_ctx *ctx;
+ struct sexp_iterator i;
+
+ int res;
+
+ ctx = xalloc(sizeof(*ctx));
+
+ rsa_public_key_init (&ctx->pub);
+ rsa_private_key_init (&ctx->key);
+ mpz_init (ctx->s);
+
+ /* NOTE: Base64-decodes the strings in-place */
+ if (size == 1024)
+ res = sexp_transport_iterator_first (&i, sizeof(rsa1024) - 1, rsa1024);
+ else if (size == 2048)
+ res = sexp_transport_iterator_first (&i, sizeof(rsa2048) - 1, rsa2048);
+ else
+ die ("Internal error.\n");
+
+ if (! (res
+ && sexp_iterator_check_type (&i, "private-key")
+ && sexp_iterator_check_type (&i, "rsa-pkcs1-sha1")
+ && rsa_keypair_from_sexp_alist (&ctx->pub, &ctx->key, 0, &i)))
+ die ("Internal error.\n");
+
+ ctx->digest = hash_string (&nettle_sha256, 3, "foo");
+
+ rsa_sha256_sign_digest (&ctx->key, ctx->digest, ctx->s);
+
+ return ctx;
+}
+
+static void
+bench_rsa_sign (void *p)
+{
+ struct rsa_ctx *ctx = (struct rsa_ctx *) p;
+
+ mpz_t s;
+ mpz_init (s);
+ rsa_sha256_sign_digest (&ctx->key, ctx->digest, s);
+ mpz_clear (s);
+}
+
+static void
+bench_rsa_verify (void *p)
+{
+ struct rsa_ctx *ctx = (struct rsa_ctx *) p;
+ int res = rsa_sha256_verify_digest (&ctx->pub, ctx->digest, ctx->s);
+ if (!res)
+ die ("Internal error, rsa_sha256_verify_digest failed.\n");
+}
+
+static void
+bench_rsa_clear (void *p)
+{
+ struct rsa_ctx *ctx = (struct rsa_ctx *) p;
+
+ rsa_public_key_clear (&ctx->pub);
+ rsa_private_key_clear (&ctx->key);
+ mpz_clear (ctx->s);
+
+ free (ctx->digest);
+ free (ctx);
+}
+
+struct dsa_ctx
+{
+ struct dsa_public_key pub;
+ struct dsa_private_key key;
+ struct knuth_lfib_ctx lfib;
+ struct dsa_signature s;
+ uint8_t *digest;
+};
+
+static void *
+bench_dsa_init (unsigned size)
+{
+ struct dsa_ctx *ctx;
+ struct sexp_iterator i;
+
+ char dsa1024[] =
+ "{KDExOnByaXZhdGUta2V5KDM6ZHNhKDE6cDEyOToA2q4hOXEClLMXXMOl9xaPcGC/GeGmCMv"
+ " VCaaW0uWc50DvvmJDPQPdCehyfZr/1dv2UDbx06TC7ls/IFd+BsDzGBRxqIQ44J20cn+0gt"
+ " NMIXAocE1QhCCFaT5gXrk8zMlqBEGaP3RdpgxNanEXkTj2Wma8r1GtrLX3HPafio62jicpK"
+ " DE6cTIxOgDN9pcW3exdVAesC9WsxwCGoJK24ykoMTpnMTI5OgCJr9DmKdiE0WJZB7HACESv"
+ " Tpg1qZgc8E15byQ+OsHUyOTRrJRTcrgKZJW7dFRJ9cXmyi7XYCd3bJtu/2HRHLY1vd4qMvU"
+ " 7Y8x08ooCoABGV7nGqcmdQfEho1OY6TZh2NikmPKZLeur3PZFpcZ8Dl+KVWtwC55plNC7Om"
+ " iAQy8MaCkoMTp5MTI5OgDakk0LOUQwzOKt9FHOBmBKrWsvTm7549eScTUqH4OMm3btjUsXz"
+ " MmlqEe+imwQCOW/AE3Xw9pXZeETWK0jlLe8k5vnKcNskerFwZ1eQKtOPPQty8IqQ9PEfF6B"
+ " 0oVQiJg2maHUDWFnDkIBd7ZR1z8FnZMUxH9mH4kEUo6YQgtCdykoMTp4MjA6cOl3ijiiMjI"
+ " pesFD8jxESWb2mn8pKSk=}";
+
+ ctx = xalloc(sizeof(*ctx));
+
+ dsa_public_key_init (&ctx->pub);
+ dsa_private_key_init (&ctx->key);
+ dsa_signature_init (&ctx->s);
+ knuth_lfib_init (&ctx->lfib, 1);
+
+ if (size != 1024)
+ die ("Internal error.\n");
+
+ if (! (sexp_transport_iterator_first (&i, sizeof(dsa1024) - 1, dsa1024)
+ && sexp_iterator_check_type (&i, "private-key")
+ && sexp_iterator_check_type (&i, "dsa")
+ && dsa_keypair_from_sexp_alist (&ctx->pub, &ctx->key, 0, DSA_SHA1_Q_BITS, &i)) )
+ die ("Internal error.\n");
+
+ ctx->digest = hash_string (&nettle_sha1, 3, "foo");
+
+ dsa_sha1_sign_digest (&ctx->pub, &ctx->key,
+ &ctx->lfib, (nettle_random_func *)knuth_lfib_random,
+ ctx->digest, &ctx->s);
+
+ return ctx;
+}
+
+static void
+bench_dsa_sign (void *p)
+{
+ struct dsa_ctx *ctx = (struct dsa_ctx *) p;
+ struct dsa_signature s;
+
+ dsa_signature_init (&s);
+ dsa_sha1_sign_digest (&ctx->pub, &ctx->key,
+ &ctx->lfib, (nettle_random_func *)knuth_lfib_random,
+ ctx->digest, &s);
+ dsa_signature_clear (&s);
+}
+
+static void
+bench_dsa_verify (void *p)
+{
+ struct dsa_ctx *ctx = (struct dsa_ctx *) p;
+ int res = dsa_sha1_verify_digest (&ctx->pub, ctx->digest, &ctx->s);
+ if (!res)
+ die ("Internal error, dsa_sha1_verify_digest failed.\n");
+}
+
+static void
+bench_dsa_clear (void *p)
+{
+ struct dsa_ctx *ctx = (struct dsa_ctx *) p;
+ dsa_public_key_clear (&ctx->pub);
+ dsa_private_key_clear (&ctx->key);
+ dsa_signature_clear (&ctx->s);
+ free (ctx->digest);
+ free (ctx);
+}
+
+struct ecdsa_ctx
+{
+ struct ecc_point pub;
+ struct ecc_scalar key;
+ struct knuth_lfib_ctx rctx;
+ unsigned digest_size;
+ uint8_t *digest;
+ struct dsa_signature s;
+};
+
+static void *
+bench_ecdsa_init (unsigned size)
+{
+ struct ecdsa_ctx *ctx;
+ const struct ecc_curve *ecc;
+
+ const char *xs;
+ const char *ys;
+ const char *zs;
+ mpz_t x, y, z;
+
+ ctx = xalloc (sizeof(*ctx));
+
+ dsa_signature_init (&ctx->s);
+ knuth_lfib_init (&ctx->rctx, 17);
+
+ switch (size)
+ {
+ case 192:
+ ecc = &nettle_secp_192r1;
+ xs = "8e8e07360350fb6b7ad8370cfd32fa8c6bba785e6e200599";
+ ys = "7f82ddb58a43d59ff8dc66053002b918b99bd01bd68d6736";
+ zs = "f2e620e086d658b4b507996988480917640e4dc107808bdd";
+ ctx->digest = hash_string (&nettle_sha1, 3, "abc");
+ ctx->digest_size = 20;
+ break;
+ case 224:
+ ecc = &nettle_secp_224r1;
+ xs = "993bf363f4f2bc0f255f22563980449164e9c894d9efd088d7b77334";
+ ys = "b75fff9849997d02d135140e4d0030944589586e22df1fc4b629082a";
+ zs = "cdfd01838247f5de3cc70b688418046f10a2bfaca6de9ec836d48c27";
+ ctx->digest = hash_string (&nettle_sha224, 3, "abc");
+ ctx->digest_size = 28;
+ break;
+
+ /* From RFC 4754 */
+ case 256:
+ ecc = &nettle_secp_256r1;
+ xs = "2442A5CC 0ECD015F A3CA31DC 8E2BBC70 BF42D60C BCA20085 E0822CB0 4235E970";
+ ys = "6FC98BD7 E50211A4 A27102FA 3549DF79 EBCB4BF2 46B80945 CDDFE7D5 09BBFD7D";
+ zs = "DC51D386 6A15BACD E33D96F9 92FCA99D A7E6EF09 34E70975 59C27F16 14C88A7F";
+ ctx->digest = hash_string (&nettle_sha256, 3, "abc");
+ ctx->digest_size = 32;
+ break;
+ case 384:
+ ecc = &nettle_secp_384r1;
+ xs = "96281BF8 DD5E0525 CA049C04 8D345D30 82968D10 FEDF5C5A CA0C64E6 465A97EA"
+ "5CE10C9D FEC21797 41571072 1F437922";
+ ys = "447688BA 94708EB6 E2E4D59F 6AB6D7ED FF9301D2 49FE49C3 3096655F 5D502FAD"
+ "3D383B91 C5E7EDAA 2B714CC9 9D5743CA";
+ zs = "0BEB6466 34BA8773 5D77AE48 09A0EBEA 865535DE 4C1E1DCB 692E8470 8E81A5AF"
+ "62E528C3 8B2A81B3 5309668D 73524D9F";
+ ctx->digest = hash_string (&nettle_sha384, 3, "abc");
+ ctx->digest_size = 48;
+ break;
+ case 521:
+ ecc = &nettle_secp_521r1;
+ xs = "0151518F 1AF0F563 517EDD54 85190DF9 5A4BF57B 5CBA4CF2 A9A3F647 4725A35F"
+ "7AFE0A6D DEB8BEDB CD6A197E 592D4018 8901CECD 650699C9 B5E456AE A5ADD190"
+ "52A8";
+ ys = "006F3B14 2EA1BFFF 7E2837AD 44C9E4FF 6D2D34C7 3184BBAD 90026DD5 E6E85317"
+ "D9DF45CA D7803C6C 20035B2F 3FF63AFF 4E1BA64D 1C077577 DA3F4286 C58F0AEA"
+ "E643";
+ zs = "0065FDA3 409451DC AB0A0EAD 45495112 A3D813C1 7BFD34BD F8C1209D 7DF58491"
+ "20597779 060A7FF9 D704ADF7 8B570FFA D6F062E9 5C7E0C5D 5481C5B1 53B48B37"
+ "5FA1";
+
+ ctx->digest = hash_string (&nettle_sha512, 3, "abc");
+ ctx->digest_size = 64;
+ break;
+ default:
+ die ("Internal error.\n");
+ }
+ ecc_point_init (&ctx->pub, ecc);
+ ecc_scalar_init (&ctx->key, ecc);
+
+ mpz_init_set_str (x, xs, 16);
+ mpz_init_set_str (y, ys, 16);
+ mpz_init_set_str (z, zs, 16);
+
+ ecc_point_set (&ctx->pub, x, y);
+ ecc_scalar_set (&ctx->key, z);
+
+ mpz_clear (x);
+ mpz_clear (y);
+ mpz_clear (z);
+
+ ecdsa_sign (&ctx->key,
+ &ctx->rctx, (nettle_random_func *) knuth_lfib_random,
+ ctx->digest_size, ctx->digest,
+ &ctx->s);
+
+ return ctx;
+}
+
+static void
+bench_ecdsa_sign (void *p)
+{
+ struct ecdsa_ctx *ctx = (struct ecdsa_ctx *) p;
+ struct dsa_signature s;
+
+ dsa_signature_init (&s);
+ ecdsa_sign (&ctx->key,
+ &ctx->rctx, (nettle_random_func *) knuth_lfib_random,
+ ctx->digest_size, ctx->digest,
+ &s);
+ dsa_signature_clear (&s);
+}
+
+static void
+bench_ecdsa_verify (void *p)
+{
+ struct ecdsa_ctx *ctx = (struct ecdsa_ctx *) p;
+ int res = ecdsa_verify (&ctx->pub,
+ ctx->digest_size, ctx->digest,
+ &ctx->s);
+ if (!res)
+ die ("Internal error, _ecdsa_verify failed.\n");
+}
+
+static void
+bench_ecdsa_clear (void *p)
+{
+ struct ecdsa_ctx *ctx = (struct ecdsa_ctx *) p;
+
+ ecc_point_clear (&ctx->pub);
+ ecc_scalar_clear (&ctx->key);
+ dsa_signature_clear (&ctx->s);
+ free (ctx->digest);
+
+ free (ctx);
+}
+
+#if WITH_OPENSSL
+struct openssl_ctx
+{
+ EC_KEY *key;
+ ECDSA_SIG *signature;
+ unsigned digest_length;
+ uint8_t *digest;
+};
+
+static void *
+bench_openssl_init (unsigned size)
+{
+ struct openssl_ctx *ctx = xalloc (sizeof (*ctx));
+
+ /* Apparently, secp192r1 and secp256r1 are missing */
+ switch (size)
+ {
+#if 0
+ case 192:
+ ctx->key = EC_KEY_new_by_curve_name (NID_secp192r1);
+ ctx->digest_length = 24; /* truncated */
+ ctx->digest = hash_string (&nettle_sha224, 3, "abc");
+ break;
+#endif
+ case 224:
+ ctx->key = EC_KEY_new_by_curve_name (NID_secp224r1);
+ ctx->digest_length = SHA224_DIGEST_SIZE;
+ ctx->digest = hash_string (&nettle_sha224, 3, "abc");
+ break;
+#if 0
+ case 256:
+ ctx->key = EC_KEY_new_by_curve_name (NID_secp256r1);
+ ctx->digest_length = SHA256_DIGEST_SIZE;
+ ctx->digest = hash_string (&nettle_sha256, 3, "abc");
+ break;
+#endif
+ case 384:
+ ctx->key = EC_KEY_new_by_curve_name (NID_secp384r1);
+ ctx->digest_length = SHA384_DIGEST_SIZE;
+ ctx->digest = hash_string (&nettle_sha384, 3, "abc");
+ break;
+ case 521:
+ ctx->key = EC_KEY_new_by_curve_name (NID_secp521r1);
+ ctx->digest_length = SHA512_DIGEST_SIZE;
+ ctx->digest = hash_string (&nettle_sha512, 3, "abc");
+ break;
+ default:
+ die ("Internal error.\n");
+ }
+ assert (ctx->key);
+
+ if (!EC_KEY_generate_key( ctx->key))
+ die ("Openssl EC_KEY_generate_key failed.\n");
+
+ ctx->signature = ECDSA_do_sign (ctx->digest, ctx->digest_length, ctx->key);
+
+ return ctx;
+}
+
+static void
+bench_openssl_sign (void *p)
+{
+ const struct openssl_ctx *ctx = (const struct openssl_ctx *) p;
+ ECDSA_SIG *sig = ECDSA_do_sign (ctx->digest, ctx->digest_length, ctx->key);
+ ECDSA_SIG_free (sig);
+}
+
+static void
+bench_openssl_verify (void *p)
+{
+ const struct openssl_ctx *ctx = (const struct openssl_ctx *) p;
+ int res = ECDSA_do_verify (ctx->digest, ctx->digest_length,
+ ctx->signature, ctx->key);
+ if (res != 1)
+ die ("Openssl ECDSA_do_verify failed.\n");
+}
+static void
+bench_openssl_clear (void *p)
+{
+ struct openssl_ctx *ctx = (struct openssl_ctx *) p;
+ ECDSA_SIG_free (ctx->signature);
+ EC_KEY_free (ctx->key);
+ free (ctx->digest);
+ free (ctx);
+}
+#endif
+
+struct alg alg_list[] = {
+ { "rsa", 1024, bench_rsa_init, bench_rsa_sign, bench_rsa_verify, bench_rsa_clear },
+ { "rsa", 2048, bench_rsa_init, bench_rsa_sign, bench_rsa_verify, bench_rsa_clear },
+ { "dsa", 1024, bench_dsa_init, bench_dsa_sign, bench_dsa_verify, bench_dsa_clear },
+#if 0
+ { "dsa",2048, bench_dsa_init, bench_dsa_sign, bench_dsa_verify, bench_dsa_clear },
+#endif
+ { "ecdsa", 192, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
+ { "ecdsa", 224, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
+ { "ecdsa", 256, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
+ { "ecdsa", 384, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
+ { "ecdsa", 521, bench_ecdsa_init, bench_ecdsa_sign, bench_ecdsa_verify, bench_ecdsa_clear },
+#if WITH_OPENSSL
+ { "ecdsa (openssl)", 224, bench_openssl_init, bench_openssl_sign, bench_openssl_verify, bench_openssl_clear },
+ { "ecdsa (openssl)", 384, bench_openssl_init, bench_openssl_sign, bench_openssl_verify, bench_openssl_clear },
+ { "ecdsa (openssl)", 521, bench_openssl_init, bench_openssl_sign, bench_openssl_verify, bench_openssl_clear },
+#endif
+};
+
+#define numberof(x) (sizeof (x) / sizeof ((x)[0]))
+
+int
+main (int argc, char **argv)
+{
+ const char *filter = NULL;
+ unsigned i;
+
+ if (argc > 1)
+ filter = argv[1];
+
+ time_init();
+ printf ("%15s %4s %9s %9s\n",
+ "name", "size", "sign/ms", "verify/ms");
+
+ for (i = 0; i < numberof(alg_list); i++)
+ if (!filter || strstr (alg_list[i].name, filter))
+ bench_alg (&alg_list[i]);
+
+ return EXIT_SUCCESS;
+}
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
unsigned
read_file(const char *name, unsigned max_size, char **contents)
{
- unsigned size;
- unsigned done;
+ unsigned size, done;
char *buffer;
FILE *f;
werror("Opening `%s' failed: %s\n", name, strerror(errno));
return 0;
}
- buffer = NULL;
- if (max_size && max_size < 100)
- size = max_size;
- else
- size = 100;
-
- for (size = 100, done = 0;
- (!max_size || done < max_size) && !feof(f);
- size *= 2)
+ size = 100;
+
+ for (buffer = NULL, done = 0;; size *= 2)
{
char *p;
buffer = p;
done += fread(buffer + done, 1, size - done, f);
- if (ferror(f))
- goto fail;
+ if (done < size)
+ {
+ /* Short count means EOF or read error */
+ if (ferror(f))
+ {
+ fprintf (stderr, "Reading `%s' failed: %s\n",
+ name, strerror(errno));
+
+ goto fail;
+ }
+ if (done == 0)
+ /* Treat empty file as error */
+ goto fail;
+
+ break;
+ }
+
+ if (size == max_size)
+ break;
}
fclose(f);
}
int
-write_file(const char *name, unsigned size, const char *buffer)
+write_string(FILE *f, unsigned size, const char *buffer)
{
- FILE *f = fopen(name, "wb");
- unsigned res;
-
- if (!f)
- return 0;
-
- res = fwrite(buffer, 1, size, f);
-
- if (res < size)
- res = 0;
+ size_t res = fwrite(buffer, 1, size, f);
- return fclose(f) == 0 && res > 0;
+ return res == size;
}
int
-write_string(FILE *f, unsigned size, const char *buffer)
+write_file(const char *name, unsigned size, const char *buffer)
{
- size_t res = fwrite(buffer, 1, size, f);
+ FILE *f = fopen(name, "wb");
+ int res;
+
+ if (!f)
+ return 0;
- return res == size;
+ res = write_string(f, size, buffer);
+ return fclose(f) == 0 && res;
}
int
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_EXAMPLES_IO_H_INCLUDED
xalloc(size_t size);
void
-werror(const char *format, ...)
-#if __GNUC___
- __attribute__((__format__ (__printf__,1, 2)))
-#endif
- ;
-
-/* If size is > 0, read at most that many bytes. If size == 0,
- * read until EOF. Allocates the buffer dynamically. */
+werror(const char *format, ...) PRINTF_STYLE(1, 2);
+
+/* If size is > 0, read at most that many bytes. If size == 0, read
+ * until EOF. Allocates the buffer dynamically. An empty file is
+ * treated as an error; return value is zero, and no space is
+ * allocated. The returned data is NUL-terminated, for convenience. */
+
unsigned
read_file(const char *name, unsigned size, char **buffer);
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001, 2010 Niels Möller
+ * Copyright (C) 2001, 2010 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
#include <assert.h>
#include <errno.h>
#include <math.h>
+#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
+#include "timing.h"
+
#include "aes.h"
#include "arcfour.h"
#include "blowfish.h"
#include "cast128.h"
#include "cbc.h"
+#include "ctr.h"
#include "des.h"
+#include "gcm.h"
+#include "memxor.h"
+#include "salsa20.h"
#include "serpent.h"
-#include "sha.h"
+#include "sha1.h"
+#include "sha2.h"
+#include "sha3.h"
#include "twofish.h"
+#include "umac.h"
#include "nettle-meta.h"
#include "nettle-internal.h"
static double frequency = 0.0;
-/* Process BENCH_BLOCK bytes at a time, for BENCH_INTERVAL clocks. */
+/* Process BENCH_BLOCK bytes at a time, for BENCH_INTERVAL seconds. */
#define BENCH_BLOCK 10240
-#define BENCH_INTERVAL (CLOCKS_PER_SEC / 4)
-
-/* Total MB:s, for MB/s figures. */
-#define BENCH_TOTAL 10.0
+#define BENCH_INTERVAL 0.1
/* FIXME: Proper configure test for rdtsc? */
#ifndef WITH_CYCLE_COUNTER
-# if defined(__GNUC__) && defined(__i386__)
+# if defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__))
# define WITH_CYCLE_COUNTER 1
# else
# define WITH_CYCLE_COUNTER 0
#endif
#if WITH_CYCLE_COUNTER
+# if defined(__i386__)
#define GET_CYCLE_COUNTER(hi, lo) \
__asm__("xorl %%eax,%%eax\n" \
"movl %%ebx, %%edi\n" \
: "=a" (lo), "=d" (hi) \
: /* No inputs. */ \
: "%edi", "%ecx", "cc")
+# elif defined(__x86_64__)
+#define GET_CYCLE_COUNTER(hi, lo) \
+ __asm__("xorl %%eax,%%eax\n" \
+ "mov %%rbx, %%r10\n" \
+ "cpuid\n" \
+ "rdtsc\n" \
+ "mov %%r10, %%rbx\n" \
+ : "=a" (lo), "=d" (hi) \
+ : /* No inputs. */ \
+ : "%r10", "%rcx", "cc")
+# endif
#define BENCH_ITERATIONS 10
#endif
+static void NORETURN PRINTF_STYLE(1,2)
+die(const char *format, ...)
+{
+ va_list args;
+ va_start(args, format);
+ vfprintf(stderr, format, args);
+ va_end(args);
+
+ exit(EXIT_FAILURE);
+}
+
+static double overhead = 0.0;
+
/* Returns second per function call */
static double
time_function(void (*f)(void *arg), void *arg)
{
- clock_t before;
- clock_t after;
- clock_t done;
unsigned ncalls;
-
- before = clock();
- done = before + BENCH_INTERVAL;
- ncalls = 0;
-
- do
+ double elapsed;
+
+ for (ncalls = 10 ;;)
{
- f(arg);
- after = clock();
- ncalls++;
+ unsigned i;
+
+ time_start();
+ for (i = 0; i < ncalls; i++)
+ f(arg);
+ elapsed = time_end();
+ if (elapsed > BENCH_INTERVAL)
+ break;
+ else if (elapsed < BENCH_INTERVAL / 10)
+ ncalls *= 10;
+ else
+ ncalls *= 2;
}
- while (after < done);
-
- return ((double)(after - before)) / CLOCKS_PER_SEC / ncalls;
+ return elapsed / ncalls - overhead;
+}
+
+static void
+bench_nothing(void *arg UNUSED)
+{
+ return;
+}
+
+struct bench_memxor_info
+{
+ uint8_t *dst;
+ const uint8_t *src;
+ const uint8_t *other;
+};
+
+static void
+bench_memxor(void *arg)
+{
+ struct bench_memxor_info *info = arg;
+ memxor (info->dst, info->src, BENCH_BLOCK);
+}
+
+static void
+bench_memxor3(void *arg)
+{
+ struct bench_memxor_info *info = arg;
+ memxor3 (info->dst, info->src, info->other, BENCH_BLOCK);
}
struct bench_hash_info
BENCH_BLOCK, info->data, info->data);
}
+static void
+bench_ctr(void *arg)
+{
+ struct bench_cbc_info *info = arg;
+ ctr_crypt(info->ctx, info->crypt,
+ info->block_size, info->iv,
+ BENCH_BLOCK, info->data, info->data);
+}
+
/* Set data[i] = floor(sqrt(i)) */
static void
init_data(uint8_t *data)
{
void *p = malloc(size);
if (!p)
- {
- fprintf(stderr, "Virtual memory exhausted.\n");
- abort();
- }
+ die("Virtual memory exhausted.\n");
return p;
}
static void
+time_overhead(void)
+{
+ overhead = time_function(bench_nothing, NULL);
+ printf("benchmark call overhead: %7f us", overhead * 1e6);
+ if (frequency > 0.0)
+ printf("%7.2f cycles\n", overhead * frequency);
+ printf("\n");
+}
+
+
+
+static void
+time_memxor(void)
+{
+ struct bench_memxor_info info;
+ uint8_t src[BENCH_BLOCK + sizeof(long)];
+ uint8_t other[BENCH_BLOCK + sizeof(long)];
+ uint8_t dst[BENCH_BLOCK];
+
+ info.src = src;
+ info.dst = dst;
+
+ display ("memxor", "aligned", sizeof(unsigned long),
+ time_function(bench_memxor, &info));
+ info.src = src + 1;
+ display ("memxor", "unaligned", sizeof(unsigned long),
+ time_function(bench_memxor, &info));
+
+ info.src = src;
+ info.other = other;
+ display ("memxor3", "aligned", sizeof(unsigned long),
+ time_function(bench_memxor3, &info));
+
+ info.other = other + 1;
+ display ("memxor3", "unaligned01", sizeof(unsigned long),
+ time_function(bench_memxor3, &info));
+ info.src = src + 1;
+ display ("memxor3", "unaligned11", sizeof(unsigned long),
+ time_function(bench_memxor3, &info));
+ info.other = other + 2;
+ display ("memxor3", "unaligned12", sizeof(unsigned long),
+ time_function(bench_memxor3, &info));
+}
+
+static void
time_hash(const struct nettle_hash *hash)
{
static uint8_t data[BENCH_BLOCK];
struct bench_hash_info info;
+
info.ctx = xalloc(hash->context_size);
info.update = hash->update;
info.data = data;
}
static void
+time_umac(void)
+{
+ static uint8_t data[BENCH_BLOCK];
+ struct bench_hash_info info;
+ struct umac32_ctx ctx32;
+ struct umac64_ctx ctx64;
+ struct umac96_ctx ctx96;
+ struct umac128_ctx ctx128;
+
+ uint8_t key[16];
+
+ umac32_set_key (&ctx32, key);
+ info.ctx = &ctx32;
+ info.update = (nettle_hash_update_func *) umac32_update;
+ info.data = data;
+
+ display("umac32", "update", UMAC_DATA_SIZE,
+ time_function(bench_hash, &info));
+
+ umac64_set_key (&ctx64, key);
+ info.ctx = &ctx64;
+ info.update = (nettle_hash_update_func *) umac64_update;
+ info.data = data;
+
+ display("umac64", "update", UMAC_DATA_SIZE,
+ time_function(bench_hash, &info));
+
+ umac96_set_key (&ctx96, key);
+ info.ctx = &ctx96;
+ info.update = (nettle_hash_update_func *) umac96_update;
+ info.data = data;
+
+ display("umac96", "update", UMAC_DATA_SIZE,
+ time_function(bench_hash, &info));
+
+ umac128_set_key (&ctx128, key);
+ info.ctx = &ctx128;
+ info.update = (nettle_hash_update_func *) umac128_update;
+ info.data = data;
+
+ display("umac128", "update", UMAC_DATA_SIZE,
+ time_function(bench_hash, &info));
+}
+
+static void
+time_gcm(void)
+{
+ static uint8_t data[BENCH_BLOCK];
+ struct bench_hash_info hinfo;
+ struct bench_cipher_info cinfo;
+ struct gcm_aes_ctx ctx;
+
+ uint8_t key[16];
+ uint8_t iv[GCM_IV_SIZE];
+
+ gcm_aes_set_key(&ctx, sizeof(key), key);
+ gcm_aes_set_iv(&ctx, sizeof(iv), iv);
+
+ hinfo.ctx = &ctx;
+ hinfo.update = (nettle_hash_update_func *) gcm_aes_update;
+ hinfo.data = data;
+
+ display("gcm-aes", "update", GCM_BLOCK_SIZE,
+ time_function(bench_hash, &hinfo));
+
+ cinfo.ctx = &ctx;
+ cinfo.crypt = (nettle_crypt_func *) gcm_aes_encrypt;
+ cinfo.data = data;
+
+ display("gcm-aes", "encrypt", GCM_BLOCK_SIZE,
+ time_function(bench_cipher, &cinfo));
+
+ cinfo.crypt = (nettle_crypt_func *) gcm_aes_decrypt;
+
+ display("gcm-aes", "decrypt", GCM_BLOCK_SIZE,
+ time_function(bench_cipher, &cinfo));
+}
+
+static int
+prefix_p(const char *prefix, const char *s)
+{
+ size_t i;
+ for (i = 0; prefix[i]; i++)
+ if (prefix[i] != s[i])
+ return 0;
+ return 1;
+}
+
+static int
+block_cipher_p(const struct nettle_cipher *cipher)
+{
+ /* Don't use nettle cbc and ctr for openssl ciphers. */
+ return cipher->block_size > 0 && !prefix_p("openssl", cipher->name);
+}
+
+static void
time_cipher(const struct nettle_cipher *cipher)
{
void *ctx = xalloc(cipher->context_size);
time_function(bench_cipher, &info));
}
- /* Don't use nettle cbc to benchmark openssl ciphers */
- if (cipher->block_size && cipher->name[0] != 'o')
+ if (block_cipher_p(cipher))
{
uint8_t *iv = xalloc(cipher->block_size);
display(cipher->name, "CBC decrypt", cipher->block_size,
time_function(bench_cbc_decrypt, &info));
}
+
+ /* Do CTR mode */
+ {
+ struct bench_cbc_info info;
+ info.ctx = ctx;
+ info.crypt = cipher->encrypt;
+ info.data = data;
+ info.block_size = cipher->block_size;
+ info.iv = iv;
+
+ memset(iv, 0, sizeof(iv));
+
+ cipher->set_encrypt_key(ctx, cipher->key_size, key);
+
+ display(cipher->name, "CTR", cipher->block_size,
+ time_function(bench_ctr, &info));
+ }
+
free(iv);
}
free(ctx);
free(key);
}
+/* Try to get accurate cycle times for assembler functions. */
+#if WITH_CYCLE_COUNTER
static int
compare_double(const void *ap, const void *bp)
{
return 0;
}
-/* Try to get accurate cycle times for assembler functions. */
+#define TIME_CYCLES(t, code) do { \
+ double tc_count[5]; \
+ uint32_t tc_start_lo, tc_start_hi, tc_end_lo, tc_end_hi; \
+ unsigned tc_i, tc_j; \
+ for (tc_j = 0; tc_j < 5; tc_j++) \
+ { \
+ tc_i = 0; \
+ GET_CYCLE_COUNTER(tc_start_hi, tc_start_lo); \
+ for (; tc_i < BENCH_ITERATIONS; tc_i++) \
+ { code; } \
+ \
+ GET_CYCLE_COUNTER(tc_end_hi, tc_end_lo); \
+ \
+ tc_end_hi -= (tc_start_hi + (tc_start_lo > tc_end_lo)); \
+ tc_end_lo -= tc_start_lo; \
+ \
+ tc_count[tc_j] = ldexp(tc_end_hi, 32) + tc_end_lo; \
+ } \
+ qsort(tc_count, 5, sizeof(double), compare_double); \
+ (t) = tc_count[2] / BENCH_ITERATIONS; \
+} while (0)
+
static void
bench_sha1_compress(void)
{
-#if WITH_CYCLE_COUNTER
uint32_t state[_SHA1_DIGEST_LENGTH];
- uint8_t data[BENCH_ITERATIONS * SHA1_DATA_SIZE];
- uint32_t start_lo, start_hi, end_lo, end_hi;
+ uint8_t data[SHA1_DATA_SIZE];
+ double t;
- double count[5];
-
- uint8_t *p;
- unsigned i, j;
+ TIME_CYCLES (t, _nettle_sha1_compress(state, data));
- for (j = 0; j < 5; j++)
- {
- i = 0;
- p = data;
- GET_CYCLE_COUNTER(start_hi, start_lo);
- for (; i < BENCH_ITERATIONS; i++, p += SHA1_DATA_SIZE)
- _nettle_sha1_compress(state, p);
+ printf("sha1_compress: %.2f cycles\n", t);
+}
- GET_CYCLE_COUNTER(end_hi, end_lo);
+static void
+bench_salsa20_core(void)
+{
+ uint32_t state[_SALSA20_INPUT_LENGTH];
+ double t;
- end_hi -= (start_hi + (start_lo > end_lo));
- end_lo -= start_lo;
+ TIME_CYCLES (t, _nettle_salsa20_core(state, state, 20));
+ printf("salsa20_core: %.2f cycles\n", t);
+}
- count[j] = ldexp(end_hi, 32) + end_lo;
- }
+static void
+bench_sha3_permute(void)
+{
+ struct sha3_state state;
+ double t;
- qsort(count, 5, sizeof(double), compare_double);
- printf("sha1_compress: %.2f cycles\n\n", count[2] / BENCH_ITERATIONS);
-#endif
+ TIME_CYCLES (t, sha3_permute (&state));
+ printf("sha3_permute: %.2f cycles (%.2f / round)\n", t, t / 24.0);
}
+#else
+#define bench_sha1_compress()
+#define bench_salsa20_core()
+#define bench_sha3_permute()
+#endif
#if WITH_OPENSSL
# define OPENSSL(x) x,
{
unsigned i;
int c;
+ const char *alg;
const struct nettle_hash *hashes[] =
{
&nettle_sha1, OPENSSL(&nettle_openssl_sha1)
&nettle_sha224, &nettle_sha256,
&nettle_sha384, &nettle_sha512,
+ &nettle_sha3_224, &nettle_sha3_256,
+ &nettle_sha3_384, &nettle_sha3_512,
+ &nettle_ripemd160, &nettle_gosthash94,
NULL
};
&nettle_des3,
&nettle_serpent256,
&nettle_twofish128, &nettle_twofish192, &nettle_twofish256,
+ &nettle_salsa20, &nettle_salsa20r12,
NULL
};
- while ( (c = getopt(argc, argv, "f:")) != -1)
+ enum { OPT_HELP = 300 };
+ static const struct option options[] =
+ {
+ /* Name, args, flag, val */
+ { "help", no_argument, NULL, OPT_HELP },
+ { "clock-frequency", required_argument, NULL, 'f' },
+ { NULL, 0, NULL, 0 }
+ };
+
+ while ( (c = getopt_long(argc, argv, "f:", options, NULL)) != -1)
switch (c)
{
case 'f':
if (frequency > 0.0)
break;
- case ':': case '?':
- fprintf(stderr, "Usage: nettle-benchmark [-f clock frequency]\n");
+ case OPT_HELP:
+ printf("Usage: nettle-benchmark [-f clock frequency] [alg]\n");
+ return EXIT_SUCCESS;
+
+ case '?':
return EXIT_FAILURE;
default:
abort();
}
+ alg = argv[optind];
+
+ time_init();
bench_sha1_compress();
+ bench_salsa20_core();
+ bench_sha3_permute();
+ printf("\n");
+ time_overhead();
header();
- for (i = 0; hashes[i]; i++)
- time_hash(hashes[i]);
+ if (!alg || strstr ("memxor", alg))
+ {
+ time_memxor();
+ printf("\n");
+ }
+ for (i = 0; hashes[i]; i++)
+ if (!alg || strstr(hashes[i]->name, alg))
+ time_hash(hashes[i]);
+
+ if (!alg || strstr ("umac", alg))
+ time_umac();
+
for (i = 0; ciphers[i]; i++)
- time_cipher(ciphers[i]);
-
+ if (!alg || strstr(ciphers[i]->name, alg))
+ time_cipher(ciphers[i]);
+
+ if (!alg || strstr ("gcm", alg))
+ {
+ printf("\n");
+ time_gcm();
+ }
+
return 0;
}
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2007 Niels Möller
+ * Copyright (C) 2007 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
clock_t start;
clock_t end;
- enum { OPT_FACTORIAL = -100 };
+ enum { OPT_HELP = 300 };
+
static const struct option options[] =
{
/* Name, args, flag, val */
- { "help", no_argument, NULL, '?' },
+ { "help", no_argument, NULL, OPT_HELP },
{ "verbose", no_argument, NULL, 'v' },
{ "factorial", no_argument, NULL, 'f' },
{ "sieve-limit", required_argument, NULL, 's' },
{ NULL, 0, NULL, 0}
};
- while ( (c = getopt_long(argc, argv, "v?s:", options, NULL)) != -1)
+ while ( (c = getopt_long(argc, argv, "vs:", options, NULL)) != -1)
switch (c)
{
case 'v':
verbose = 1;
break;
- case '?':
+ case OPT_HELP:
usage();
- return EXIT_FAILURE;
+ return EXIT_SUCCESS;
case 'f':
factorial = 1;
break;
return EXIT_FAILURE;
}
break;
+ case '?':
+ return EXIT_FAILURE;
default:
abort();
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2010 Niels Möller
+ * Copyright (C) 2010 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
clock_t start;
clock_t end;
+ enum { OPT_HELP = 300 };
static const struct option options[] =
{
/* Name, args, flag, val */
- { "help", no_argument, NULL, '?' },
+ { "help", no_argument, NULL, OPT_HELP },
{ "verbose", no_argument, NULL, 'v' },
{ "random", required_argument, NULL, 'r' },
{ NULL, 0, NULL, 0}
};
- while ( (c = getopt_long(argc, argv, "v?r:", options, NULL)) != -1)
+ while ( (c = getopt_long(argc, argv, "vr:", options, NULL)) != -1)
switch (c)
{
case 'v':
case 'r':
random_file = optarg;
break;
- case '?':
+ case OPT_HELP:
usage();
+ return EXIT_SUCCESS;
+ case '?':
return EXIT_FAILURE;
default:
abort();
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
+#ifdef WIN32
+#include <fcntl.h>
+#endif
/* string.h must be included before gmp.h */
#include "aes.h"
unsigned padding;
size = fread(buffer, 1, BUF_FINAL, in);
- if (size < BUF_FINAL || ferror(in))
+ if (size < BUF_FINAL)
{
- werror("Reading input failed: %s\n", strerror(errno));
+ if (ferror(in))
+ werror("Reading input failed: %s\n", strerror(errno));
+ else
+ werror("Unexpected EOF on input.\n");
return 0;
}
{
size = fread(buffer + BUF_FINAL, 1, BUF_SIZE, in);
- if (ferror(in))
+ if (size < BUF_SIZE && ferror(in))
{
werror("Reading input failed: %s\n", strerror(errno));
return 0;
return EXIT_FAILURE;
}
+#ifdef WIN32
+ _setmode(0, O_BINARY);
+ _setmode(1, O_BINARY);
+#endif
+
if (!read_version(stdin))
{
werror("Bad version number in input file.\n");
data="$srcdir/nettle-benchmark.c"
-if [ -x rsa-encrypt ] ; then
- if ./rsa-encrypt -r rsa-decrypt testkey.pub < "$data" > testciphertext ; then
+if [ -x rsa-encrypt$EXEEXT ] ; then
+ if $EMULATOR ./rsa-encrypt -r rsa-decrypt$EXEEXT testkey.pub < "$data" > testciphertext ; then
:
else
exit 1
fi
- if ./rsa-decrypt testkey < testciphertext > testcleartext ; then
+ if $EMULATOR ./rsa-decrypt testkey < testciphertext > testcleartext ; then
:
else
exit 1
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
+#include <assert.h>
#include <ctype.h>
#include <errno.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
+#ifdef WIN32
+#include <fcntl.h>
+#endif
/* string.h must be included before gmp.h */
#include "bignum.h"
return res;
}
+#define BLOCK_SIZE (AES_BLOCK_SIZE * 100)
+
static int
process_file(struct rsa_session *ctx,
FILE *in, FILE *out)
{
- uint8_t buffer[AES_BLOCK_SIZE * 100];
- unsigned leftover;
- unsigned padding;
-
- padding = leftover = 0;
+ uint8_t buffer[BLOCK_SIZE + SHA1_DIGEST_SIZE];
for (;;)
{
- size_t size = fread(buffer, 1, sizeof(buffer), in);
- if (ferror(in))
- {
- werror("Reading input failed: %s\n", strerror(errno));
- return 0;
- }
-
+ size_t size = fread(buffer, 1, BLOCK_SIZE, in);
hmac_sha1_update(&ctx->hmac, size, buffer);
- if (size < sizeof(buffer))
+
+ if (size < BLOCK_SIZE)
{
- /* Setting padding != ends the loop */
+ unsigned leftover;
+ unsigned padding;
+
+ if (ferror(in))
+ {
+ werror("Reading input failed: %s\n", strerror(errno));
+ return 0;
+ }
+
leftover = size % AES_BLOCK_SIZE;
padding = AES_BLOCK_SIZE - leftover;
- size -= leftover;
- if (!size)
- break;
+ assert (size + padding <= BLOCK_SIZE);
+
+ if (padding > 1)
+ yarrow256_random(&ctx->yarrow, padding - 1, buffer + size);
+
+ size += padding;
+
+ buffer[size - 1] = padding;
+ CBC_ENCRYPT(&ctx->aes, aes_encrypt, size, buffer, buffer);
+
+ assert (size + SHA1_DIGEST_SIZE <= sizeof(buffer));
+
+ hmac_sha1_digest(&ctx->hmac, SHA1_DIGEST_SIZE, buffer + size);
+ size += SHA1_DIGEST_SIZE;
+
+ if (!write_string(out, size, buffer))
+ {
+ werror("Writing output failed: %s\n", strerror(errno));
+ return 0;
+ }
+ return 1;
}
CBC_ENCRYPT(&ctx->aes, aes_encrypt, size, buffer, buffer);
werror("Writing output failed: %s\n", strerror(errno));
return 0;
}
-
- if (padding)
- {
- if (leftover)
- memcpy(buffer, buffer + size, leftover);
-
- break;
- }
- }
- if (padding > 1)
- yarrow256_random(&ctx->yarrow, padding - 1, buffer + leftover);
-
- buffer[AES_BLOCK_SIZE - 1] = padding;
- CBC_ENCRYPT(&ctx->aes, aes_encrypt, AES_BLOCK_SIZE, buffer, buffer);
- hmac_sha1_digest(&ctx->hmac, SHA1_DIGEST_SIZE, buffer + AES_BLOCK_SIZE);
-
- if (!write_string(out, AES_BLOCK_SIZE + SHA1_DIGEST_SIZE, buffer))
- {
- werror("Writing output failed: %s\n", strerror(errno));
- return 0;
}
+}
- return 1;
+static void
+usage (FILE *out)
+{
+ fprintf (out, "Usage: rsa-encrypt [OPTIONS] PUBLIC-KEY < cleartext\n"
+ "Options:\n"
+ " -r, --random=FILE seed file for randomness generator\n"
+ " --help display this help\n");
}
int
int c;
const char *random_name = NULL;
+
+ enum { OPT_HELP = 300 };
+
+ static const struct option options[] =
+ {
+ /* Name, args, flag, val */
+ { "help", no_argument, NULL, OPT_HELP },
+ { "random", required_argument, NULL, 'r' },
+ { NULL, 0, NULL, 0}
+ };
- while ( (c = getopt(argc, argv, "o:r:")) != -1)
+ while ( (c = getopt_long(argc, argv, "o:r:", options, NULL)) != -1)
switch (c)
{
case 'r':
break;
case '?':
- if (isprint (optopt))
- werror("Unknown option `-%c'.\n", optopt);
- else
- werror("Unknown option character `\\x%x'.\n",
- optopt);
return EXIT_FAILURE;
+
+ case OPT_HELP:
+ usage(stdout);
+ return EXIT_SUCCESS;
default:
abort();
}
if (argc != 1)
{
- werror("Usage: rsa-encrypt [-r random-file] PUBLIC-KEY < cleartext\n");
+ usage (stderr);
return EXIT_FAILURE;
}
rsa_session_set_encrypt_key(&ctx, &info);
+#ifdef WIN32
+ _setmode(0, O_BINARY);
+ _setmode(1, O_BINARY);
+#endif
+
write_version(stdout);
mpz_init(x);
}
write_bignum(stdout, x);
-
+
+ mpz_clear (x);
+
if (!process_file(&ctx,
stdin, stdout))
return EXIT_FAILURE;
-
+
rsa_public_key_clear(&key);
return EXIT_SUCCESS;
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
#include "getopt.h"
-#define KEYSIZE 900
+#define DEFAULT_KEYSIZE 2048
#define ESIZE 30
static void
fputc(c, stderr);
}
+static unsigned long
+uint_arg (char c, const char *arg)
+{
+ unsigned long val;
+ char *end;
+
+ val = strtoul(arg, &end, 0);
+ if (*arg == '\0' || *end != '\0')
+ {
+ werror ("Invalid integer argument for -%c option.\n", c);
+ exit (EXIT_FAILURE);
+ }
+
+ return val;
+}
int
main(int argc, char **argv)
struct nettle_buffer pub_buffer;
struct nettle_buffer priv_buffer;
- while ( (c = getopt(argc, argv, "o:r:")) != -1)
+ unsigned long key_size = DEFAULT_KEYSIZE;
+ unsigned long key_e = 0;
+
+ enum { OPT_HELP = 300 };
+ static const struct option options[] =
+ {
+ /* Name, args, flag, val */
+ { "help", no_argument, NULL, OPT_HELP },
+ { "random", required_argument, NULL, 'r' },
+ { NULL, 0, NULL, 0}
+ };
+
+ while ( (c = getopt_long(argc, argv, "o:r:e:s:", options, NULL)) != -1)
switch (c)
- {
+ {
case 'o':
priv_name = optarg;
break;
case 'r':
random_name = optarg;
break;
-
+
+ case 's':
+ key_size = uint_arg ('s', optarg);
+ break;
+
+ case 'e':
+ key_e = uint_arg ('e', optarg);
+ break;
+
+ case OPT_HELP:
+ printf("FIXME: Usage information.\n");
+ return EXIT_SUCCESS;
+
case '?':
- if (isprint (optopt))
- werror("Unknown option `-%c'.\n", optopt);
- else
- werror("Unknown option character `\\x%x'.\n",
- optopt);
return EXIT_FAILURE;
+
default:
abort();
}
rsa_public_key_init(&pub);
rsa_private_key_init(&priv);
+ if (key_e)
+ mpz_set_ui (pub.e, key_e);
+
if (!rsa_generate_keypair
(&pub, &priv,
(void *) &yarrow, (nettle_random_func *) yarrow256_random,
NULL, progress,
- KEYSIZE, ESIZE))
+ key_size, key_e == 0 ? ESIZE : 0))
{
werror("Key generation failed.\n");
return EXIT_FAILURE;
return EXIT_FAILURE;
}
+ nettle_buffer_clear(&priv_buffer);
+ nettle_buffer_clear(&pub_buffer);
+ rsa_public_key_clear(&pub);
+ rsa_private_key_clear(&priv);
+ free (pub_name);
+
return EXIT_SUCCESS;
}
data="$srcdir/nettle-benchmark.c"
-if [ -x rsa-sign ] ; then
- if ./rsa-sign testkey < "$data" > testsignature ; then
+if [ -x rsa-sign$EXEEXT ] ; then
+ if $EMULATOR ./rsa-sign testkey < "$data" > testsignature ; then
exit 0;
else
exit 1
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
data="$srcdir/nettle-benchmark.c"
-if [ -x rsa-verify ] ; then
- ./rsa-sign testkey < "$data" > testsignature \
- && ./rsa-verify testkey.pub testsignature < "$data" \
+if [ -x rsa-verify$EXEEXT ] ; then
+ $EMULATOR ./rsa-sign testkey < "$data" > testsignature \
+ && $EMULATOR ./rsa-verify testkey.pub testsignature < "$data" \
|| exit 1;
# Try modifying the data
sed s/128/129/ < "$data" >testdata
- if ./rsa-verify testkey.pub testsignature < testdata 2>/dev/null; then
+ if $EMULATOR ./rsa-verify testkey.pub testsignature < testdata 2>/dev/null; then
exit 1
fi
# Try modifying the signature
sed s/1/2/ <testsignature > testsignature2
- if ./rsa-verify testkey.pub testsignature2 < "$data" 2>/dev/null; then
+ if $EMULATOR ./rsa-verify testkey.pub testsignature2 < "$data" 2>/dev/null; then
exit 1;
fi
exit 0
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
+++ /dev/null
-#! /bin/sh
-
-failed=0
-all=0
-
-debug='no'
-testflags=''
-
-if [ -z "$srcdir" ] ; then
- srcdir=`pwd`
-fi
-
-export srcdir
-
-# When used in make rules, we sometimes get the filenames VPATH
-# expanded, but usually not.
-find_program () {
- case "$1" in
- */*)
- echo "$1"
- ;;
- *)
- if [ -x "$1" ] ; then
- echo "./$1"
- else
- echo "$srcdir/$1"
- fi
- ;;
- esac
-}
-
-env_program () {
- if [ -x "$1" ] ; then
- if "$1"; then : ; else
- echo FAIL: $1
- exit 1
- fi
- fi
-}
-
-test_program () {
- testname=`basename "$1" .exe`
- testname=`basename "$testname" -test`
- "$1" $testflags
- case "$?" in
- 0)
- echo PASS: $testname
- all=`expr $all + 1`
- ;;
- 77)
- echo SKIP: $testname
- ;;
- *)
- echo FAIL: $testname
- failed=`expr $failed + 1`
- all=`expr $all + 1`
- ;;
- esac
-}
-
-env_program `find_program setup-env`
-
-while test $# != 0
-do
- case "$1" in
- --debug)
- debug=yes
- ;;
- -v)
- testflags='-v'
- ;;
- -*)
- echo >&2 'Unknown option `'"$1'"
- exit 1
- ;;
- *)
- break
- ;;
- esac
- shift
-done
-
-if [ $# -eq 0 ] ; then
- for f in *-test; do test_program "./$f"; done
-else
- for f in "$@" ; do test_program `find_program "$f"`; done
-fi
-
-if [ $failed -eq 0 ] ; then
- banner="All $all tests passed"
-else
- banner="$failed of $all tests failed"
-fi
-dashes=`echo "$banner" | sed s/./=/g`
-echo "$dashes"
-echo "$banner"
-echo "$dashes"
-
-if [ "x$debug" = xno ] ; then
- env_program `find_program teardown-env`
-fi
-
-[ "$failed" -eq 0 ]
-
set -e
-if [ -x rsa-keygen ] ; then
- ./rsa-keygen -r rsa-decrypt -o testkey || exit 1
+# Workaround, it seems difficult to convince wine to put ../lib into PATH.
+case "$EMULATOR" in
+ wine*)
+ for f in ../.lib/*.dll ; do
+ ln -sf "$f" .
+ done
+ ;;
+esac
+
+if [ -x rsa-keygen$EXEEXT ] ; then
+ $EMULATOR ./rsa-keygen -r rsa-decrypt$EXEEXT -o testkey || exit 1
fi
#! /bin/sh
-rm -rf testkey testkey.pub testsignature testsignature2 testdata \
+rm -rf testkey testkey.pub testsignature testsignature2 \
+ testdata testtmp \
testciphertext testcleartext
-
+case "$EMULATOR" in
+ wine*)
+ find . -type l -name '*.dll' -exec rm -f '{}' ';'
+ ;;
+esac
--- /dev/null
+/* timing.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "timing.h"
+
+#include <errno.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+
+#if HAVE_CLOCK_GETTIME && defined CLOCK_PROCESS_CPUTIME_ID
+#define TRY_CLOCK_GETTIME 1
+struct timespec cgt_start;
+
+static void NORETURN PRINTF_STYLE(1,2)
+die(const char *format, ...)
+{
+ va_list args;
+ va_start(args, format);
+ vfprintf(stderr, format, args);
+ va_end(args);
+
+ exit(EXIT_FAILURE);
+}
+
+static int
+cgt_works_p(void)
+{
+ struct timespec now;
+ return clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &now) == 0;
+}
+
+static void
+cgt_time_start(void)
+{
+ if (clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &cgt_start) < 0)
+ die("clock_gettime failed: %s\n", strerror(errno));
+}
+
+static double
+cgt_time_end(void)
+{
+ struct timespec end;
+ if (clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &end) < 0)
+ die("clock_gettime failed: %s\n", strerror(errno));
+
+ return end.tv_sec - cgt_start.tv_sec
+ + 1e-9 * (end.tv_nsec - cgt_start.tv_nsec);
+}
+#endif /* !HAVE_CLOCK_GETTIME */
+
+static clock_t clock_start;
+
+static void
+clock_time_start(void)
+{
+ clock_start = clock();
+}
+
+static double
+clock_time_end(void)
+{
+ return (double) (clock() - (clock_start)) / CLOCKS_PER_SEC;
+}
+
+void (*time_start)(void) = clock_time_start;
+double (*time_end)(void) = clock_time_end;
+
+void time_init(void)
+{
+ /* Choose timing function */
+#if TRY_CLOCK_GETTIME
+ if (cgt_works_p())
+ {
+ time_start = cgt_time_start;
+ time_end = cgt_time_end;
+ }
+ else
+ {
+ fprintf(stderr, "clock_gettime not working, falling back to clock\n");
+ time_start = clock_time_start;
+ time_end = clock_time_end;
+ }
+#endif
+}
--- /dev/null
+/* timing.h */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#ifndef NETTLE_EXAMPLES_TIMING_H_INCLUDED
+#define NETTLE_EXAMPLES_TIMING_H_INCLUDED
+
+void time_init(void);
+extern void (*time_start)(void);
+extern double (*time_end)(void);
+
+#endif /* NETTLE_EXAMPLES_TIMING_H_INCLUDED */
--- /dev/null
+/* gcm_aes.c
+ *
+ * Galois counter mode using AES as the underlying cipher.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2011 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "gcm.h"
+
+void
+gcm_aes_set_key(struct gcm_aes_ctx *ctx, unsigned length, const uint8_t *key)
+{
+ GCM_SET_KEY(ctx, aes_set_encrypt_key, aes_encrypt, length, key);
+}
+
+void
+gcm_aes_set_iv(struct gcm_aes_ctx *ctx,
+ unsigned length, const uint8_t *iv)
+{
+ GCM_SET_IV(ctx, length, iv);
+}
+
+void
+gcm_aes_update(struct gcm_aes_ctx *ctx, unsigned length, const uint8_t *data)
+{
+ GCM_UPDATE(ctx, length, data);
+}
+
+void
+gcm_aes_encrypt(struct gcm_aes_ctx *ctx,
+ unsigned length, uint8_t *dst, const uint8_t *src)
+{
+ GCM_ENCRYPT(ctx, aes_encrypt, length, dst, src);
+}
+
+void
+gcm_aes_decrypt(struct gcm_aes_ctx *ctx,
+ unsigned length, uint8_t *dst, const uint8_t *src)
+{
+ GCM_DECRYPT(ctx, aes_encrypt, length, dst, src);
+}
+
+void
+gcm_aes_digest(struct gcm_aes_ctx *ctx,
+ unsigned length, uint8_t *digest)
+{
+ GCM_DIGEST(ctx, aes_encrypt, length, digest);
+
+}
--- /dev/null
+/* gcm.h
+ *
+ * Galois counter mode, specified by NIST,
+ * http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
+ *
+ * See also the gcm paper at
+ * http://www.cryptobarn.com/papers/gcm-spec.pdf.
+ */
+
+/* NOTE: Tentative interface, subject to change. No effort will be
+ made to avoid incompatible changes. */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2011 Niels Möller
+ * Copyright (C) 2011 Katholieke Universiteit Leuven
+ *
+ * Contributed by Nikos Mavrogiannopoulos
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "gcm.h"
+
+#include "memxor.h"
+#include "nettle-internal.h"
+#include "macros.h"
+
+#define GHASH_POLYNOMIAL 0xE1UL
+
+static void
+gcm_gf_add (union gcm_block *r, const union gcm_block *x, const union gcm_block *y)
+{
+ r->w[0] = x->w[0] ^ y->w[0];
+ r->w[1] = x->w[1] ^ y->w[1];
+#if SIZEOF_LONG == 4
+ r->w[2] = x->w[2] ^ y->w[2];
+ r->w[3] = x->w[3] ^ y->w[3];
+#endif
+}
+/* Multiplication by 010...0; a big-endian shift right. If the bit
+ shifted out is one, the defining polynomial is added to cancel it
+ out. r == x is allowed. */
+static void
+gcm_gf_shift (union gcm_block *r, const union gcm_block *x)
+{
+ long mask;
+
+ /* Shift uses big-endian representation. */
+#if WORDS_BIGENDIAN
+# if SIZEOF_LONG == 4
+ mask = - (x->w[3] & 1);
+ r->w[3] = (x->w[3] >> 1) | ((x->w[2] & 1) << 31);
+ r->w[2] = (x->w[2] >> 1) | ((x->w[1] & 1) << 31);
+ r->w[1] = (x->w[1] >> 1) | ((x->w[0] & 1) << 31);
+ r->w[0] = (x->w[0] >> 1) ^ (mask & (GHASH_POLYNOMIAL << 24));
+# elif SIZEOF_LONG == 8
+ mask = - (x->w[1] & 1);
+ r->w[1] = (x->w[1] >> 1) | ((x->w[0] & 1) << 63);
+ r->w[0] = (x->w[0] >> 1) ^ (mask & (GHASH_POLYNOMIAL << 56));
+# else
+# error Unsupported word size. */
+#endif
+#else /* ! WORDS_BIGENDIAN */
+# if SIZEOF_LONG == 4
+#define RSHIFT_WORD(x) \
+ ((((x) & 0xfefefefeUL) >> 1) \
+ | (((x) & 0x00010101) << 15))
+ mask = - ((x->w[3] >> 24) & 1);
+ r->w[3] = RSHIFT_WORD(x->w[3]) | ((x->w[2] >> 17) & 0x80);
+ r->w[2] = RSHIFT_WORD(x->w[2]) | ((x->w[1] >> 17) & 0x80);
+ r->w[1] = RSHIFT_WORD(x->w[1]) | ((x->w[0] >> 17) & 0x80);
+ r->w[0] = RSHIFT_WORD(x->w[0]) ^ (mask & GHASH_POLYNOMIAL);
+# elif SIZEOF_LONG == 8
+#define RSHIFT_WORD(x) \
+ ((((x) & 0xfefefefefefefefeUL) >> 1) \
+ | (((x) & 0x0001010101010101UL) << 15))
+ mask = - ((x->w[1] >> 56) & 1);
+ r->w[1] = RSHIFT_WORD(x->w[1]) | ((x->w[0] >> 49) & 0x80);
+ r->w[0] = RSHIFT_WORD(x->w[0]) ^ (mask & GHASH_POLYNOMIAL);
+# else
+# error Unsupported word size. */
+# endif
+# undef RSHIFT_WORD
+#endif /* ! WORDS_BIGENDIAN */
+}
+
+#if GCM_TABLE_BITS == 0
+/* Sets x <- x * y mod r, using the plain bitwise algorithm from the
+ specification. y may be shorter than a full block, missing bytes
+ are assumed zero. */
+static void
+gcm_gf_mul (union gcm_block *x, const union gcm_block *y)
+{
+ union gcm_block V;
+ union gcm_block Z;
+ unsigned i;
+
+ memcpy(V.b, x, sizeof(V));
+ memset(Z.b, 0, sizeof(Z));
+
+ for (i = 0; i < GCM_BLOCK_SIZE; i++)
+ {
+ uint8_t b = y->b[i];
+ unsigned j;
+ for (j = 0; j < 8; j++, b <<= 1)
+ {
+ if (b & 0x80)
+ gcm_gf_add(&Z, &Z, &V);
+
+ gcm_gf_shift(&V, &V);
+ }
+ }
+ memcpy (x->b, Z.b, sizeof(Z));
+}
+#else /* GCM_TABLE_BITS != 0 */
+
+# if WORDS_BIGENDIAN
+# define W(left,right) (0x##left##right)
+# else
+# define W(left,right) (0x##right##left)
+# endif
+
+# if GCM_TABLE_BITS == 4
+static const uint16_t
+shift_table[0x10] = {
+ W(00,00),W(1c,20),W(38,40),W(24,60),W(70,80),W(6c,a0),W(48,c0),W(54,e0),
+ W(e1,00),W(fd,20),W(d9,40),W(c5,60),W(91,80),W(8d,a0),W(a9,c0),W(b5,e0),
+};
+
+static void
+gcm_gf_shift_4(union gcm_block *x)
+{
+ unsigned long *w = x->w;
+ unsigned long reduce;
+
+ /* Shift uses big-endian representation. */
+#if WORDS_BIGENDIAN
+# if SIZEOF_LONG == 4
+ reduce = shift_table[w[3] & 0xf];
+ w[3] = (w[3] >> 4) | ((w[2] & 0xf) << 28);
+ w[2] = (w[2] >> 4) | ((w[1] & 0xf) << 28);
+ w[1] = (w[1] >> 4) | ((w[0] & 0xf) << 28);
+ w[0] = (w[0] >> 4) ^ (reduce << 16);
+# elif SIZEOF_LONG == 8
+ reduce = shift_table[w[1] & 0xf];
+ w[1] = (w[1] >> 4) | ((w[0] & 0xf) << 60);
+ w[0] = (w[0] >> 4) ^ (reduce << 48);
+# else
+# error Unsupported word size. */
+#endif
+#else /* ! WORDS_BIGENDIAN */
+# if SIZEOF_LONG == 4
+#define RSHIFT_WORD(x) \
+ ((((x) & 0xf0f0f0f0UL) >> 4) \
+ | (((x) & 0x000f0f0f) << 12))
+ reduce = shift_table[(w[3] >> 24) & 0xf];
+ w[3] = RSHIFT_WORD(w[3]) | ((w[2] >> 20) & 0xf0);
+ w[2] = RSHIFT_WORD(w[2]) | ((w[1] >> 20) & 0xf0);
+ w[1] = RSHIFT_WORD(w[1]) | ((w[0] >> 20) & 0xf0);
+ w[0] = RSHIFT_WORD(w[0]) ^ reduce;
+# elif SIZEOF_LONG == 8
+#define RSHIFT_WORD(x) \
+ ((((x) & 0xf0f0f0f0f0f0f0f0UL) >> 4) \
+ | (((x) & 0x000f0f0f0f0f0f0fUL) << 12))
+ reduce = shift_table[(w[1] >> 56) & 0xf];
+ w[1] = RSHIFT_WORD(w[1]) | ((w[0] >> 52) & 0xf0);
+ w[0] = RSHIFT_WORD(w[0]) ^ reduce;
+# else
+# error Unsupported word size. */
+# endif
+# undef RSHIFT_WORD
+#endif /* ! WORDS_BIGENDIAN */
+}
+
+static void
+gcm_gf_mul (union gcm_block *x, const union gcm_block *table)
+{
+ union gcm_block Z;
+ unsigned i;
+
+ memset(Z.b, 0, sizeof(Z));
+
+ for (i = GCM_BLOCK_SIZE; i-- > 0;)
+ {
+ uint8_t b = x->b[i];
+
+ gcm_gf_shift_4(&Z);
+ gcm_gf_add(&Z, &Z, &table[b & 0xf]);
+ gcm_gf_shift_4(&Z);
+ gcm_gf_add(&Z, &Z, &table[b >> 4]);
+ }
+ memcpy (x->b, Z.b, sizeof(Z));
+}
+# elif GCM_TABLE_BITS == 8
+static const uint16_t
+shift_table[0x100] = {
+ W(00,00),W(01,c2),W(03,84),W(02,46),W(07,08),W(06,ca),W(04,8c),W(05,4e),
+ W(0e,10),W(0f,d2),W(0d,94),W(0c,56),W(09,18),W(08,da),W(0a,9c),W(0b,5e),
+ W(1c,20),W(1d,e2),W(1f,a4),W(1e,66),W(1b,28),W(1a,ea),W(18,ac),W(19,6e),
+ W(12,30),W(13,f2),W(11,b4),W(10,76),W(15,38),W(14,fa),W(16,bc),W(17,7e),
+ W(38,40),W(39,82),W(3b,c4),W(3a,06),W(3f,48),W(3e,8a),W(3c,cc),W(3d,0e),
+ W(36,50),W(37,92),W(35,d4),W(34,16),W(31,58),W(30,9a),W(32,dc),W(33,1e),
+ W(24,60),W(25,a2),W(27,e4),W(26,26),W(23,68),W(22,aa),W(20,ec),W(21,2e),
+ W(2a,70),W(2b,b2),W(29,f4),W(28,36),W(2d,78),W(2c,ba),W(2e,fc),W(2f,3e),
+ W(70,80),W(71,42),W(73,04),W(72,c6),W(77,88),W(76,4a),W(74,0c),W(75,ce),
+ W(7e,90),W(7f,52),W(7d,14),W(7c,d6),W(79,98),W(78,5a),W(7a,1c),W(7b,de),
+ W(6c,a0),W(6d,62),W(6f,24),W(6e,e6),W(6b,a8),W(6a,6a),W(68,2c),W(69,ee),
+ W(62,b0),W(63,72),W(61,34),W(60,f6),W(65,b8),W(64,7a),W(66,3c),W(67,fe),
+ W(48,c0),W(49,02),W(4b,44),W(4a,86),W(4f,c8),W(4e,0a),W(4c,4c),W(4d,8e),
+ W(46,d0),W(47,12),W(45,54),W(44,96),W(41,d8),W(40,1a),W(42,5c),W(43,9e),
+ W(54,e0),W(55,22),W(57,64),W(56,a6),W(53,e8),W(52,2a),W(50,6c),W(51,ae),
+ W(5a,f0),W(5b,32),W(59,74),W(58,b6),W(5d,f8),W(5c,3a),W(5e,7c),W(5f,be),
+ W(e1,00),W(e0,c2),W(e2,84),W(e3,46),W(e6,08),W(e7,ca),W(e5,8c),W(e4,4e),
+ W(ef,10),W(ee,d2),W(ec,94),W(ed,56),W(e8,18),W(e9,da),W(eb,9c),W(ea,5e),
+ W(fd,20),W(fc,e2),W(fe,a4),W(ff,66),W(fa,28),W(fb,ea),W(f9,ac),W(f8,6e),
+ W(f3,30),W(f2,f2),W(f0,b4),W(f1,76),W(f4,38),W(f5,fa),W(f7,bc),W(f6,7e),
+ W(d9,40),W(d8,82),W(da,c4),W(db,06),W(de,48),W(df,8a),W(dd,cc),W(dc,0e),
+ W(d7,50),W(d6,92),W(d4,d4),W(d5,16),W(d0,58),W(d1,9a),W(d3,dc),W(d2,1e),
+ W(c5,60),W(c4,a2),W(c6,e4),W(c7,26),W(c2,68),W(c3,aa),W(c1,ec),W(c0,2e),
+ W(cb,70),W(ca,b2),W(c8,f4),W(c9,36),W(cc,78),W(cd,ba),W(cf,fc),W(ce,3e),
+ W(91,80),W(90,42),W(92,04),W(93,c6),W(96,88),W(97,4a),W(95,0c),W(94,ce),
+ W(9f,90),W(9e,52),W(9c,14),W(9d,d6),W(98,98),W(99,5a),W(9b,1c),W(9a,de),
+ W(8d,a0),W(8c,62),W(8e,24),W(8f,e6),W(8a,a8),W(8b,6a),W(89,2c),W(88,ee),
+ W(83,b0),W(82,72),W(80,34),W(81,f6),W(84,b8),W(85,7a),W(87,3c),W(86,fe),
+ W(a9,c0),W(a8,02),W(aa,44),W(ab,86),W(ae,c8),W(af,0a),W(ad,4c),W(ac,8e),
+ W(a7,d0),W(a6,12),W(a4,54),W(a5,96),W(a0,d8),W(a1,1a),W(a3,5c),W(a2,9e),
+ W(b5,e0),W(b4,22),W(b6,64),W(b7,a6),W(b2,e8),W(b3,2a),W(b1,6c),W(b0,ae),
+ W(bb,f0),W(ba,32),W(b8,74),W(b9,b6),W(bc,f8),W(bd,3a),W(bf,7c),W(be,be),
+};
+
+static void
+gcm_gf_shift_8(union gcm_block *x)
+{
+ unsigned long *w = x->w;
+ unsigned long reduce;
+
+ /* Shift uses big-endian representation. */
+#if WORDS_BIGENDIAN
+# if SIZEOF_LONG == 4
+ reduce = shift_table[w[3] & 0xff];
+ w[3] = (w[3] >> 8) | ((w[2] & 0xff) << 24);
+ w[2] = (w[2] >> 8) | ((w[1] & 0xff) << 24);
+ w[1] = (w[1] >> 8) | ((w[0] & 0xff) << 24);
+ w[0] = (w[0] >> 8) ^ (reduce << 16);
+# elif SIZEOF_LONG == 8
+ reduce = shift_table[w[1] & 0xff];
+ w[1] = (w[1] >> 8) | ((w[0] & 0xff) << 56);
+ w[0] = (w[0] >> 8) ^ (reduce << 48);
+# else
+# error Unsupported word size. */
+#endif
+#else /* ! WORDS_BIGENDIAN */
+# if SIZEOF_LONG == 4
+ reduce = shift_table[(w[3] >> 24) & 0xff];
+ w[3] = (w[3] << 8) | (w[2] >> 24);
+ w[2] = (w[2] << 8) | (w[1] >> 24);
+ w[1] = (w[1] << 8) | (w[0] >> 24);
+ w[0] = (w[0] << 8) ^ reduce;
+# elif SIZEOF_LONG == 8
+ reduce = shift_table[(w[1] >> 56) & 0xff];
+ w[1] = (w[1] << 8) | (w[0] >> 56);
+ w[0] = (w[0] << 8) ^ reduce;
+# else
+# error Unsupported word size. */
+# endif
+#endif /* ! WORDS_BIGENDIAN */
+}
+
+static void
+gcm_gf_mul (union gcm_block *x, const union gcm_block *table)
+{
+ union gcm_block Z;
+ unsigned i;
+
+ memcpy(Z.b, table[x->b[GCM_BLOCK_SIZE-1]].b, GCM_BLOCK_SIZE);
+
+ for (i = GCM_BLOCK_SIZE-2; i > 0; i--)
+ {
+ gcm_gf_shift_8(&Z);
+ gcm_gf_add(&Z, &Z, &table[x->b[i]]);
+ }
+ gcm_gf_shift_8(&Z);
+ gcm_gf_add(x, &Z, &table[x->b[0]]);
+}
+
+# else /* GCM_TABLE_BITS != 8 */
+# error Unsupported table size.
+# endif /* GCM_TABLE_BITS != 8 */
+
+#undef W
+
+#endif /* GCM_TABLE_BITS */
+
+/* Increment the rightmost 32 bits. */
+#define INC32(block) INCREMENT(4, (block.b) + GCM_BLOCK_SIZE - 4)
+
+/* Initialization of GCM.
+ * @ctx: The context of GCM
+ * @cipher: The context of the underlying block cipher
+ * @f: The underlying cipher encryption function
+ */
+void
+gcm_set_key(struct gcm_key *key,
+ void *cipher, nettle_crypt_func *f)
+{
+ /* Middle element if GCM_TABLE_BITS > 0, otherwise the first
+ element */
+ unsigned i = (1<<GCM_TABLE_BITS)/2;
+
+ /* H */
+ memset(key->h[0].b, 0, GCM_BLOCK_SIZE);
+ f (cipher, GCM_BLOCK_SIZE, key->h[i].b, key->h[0].b);
+
+#if GCM_TABLE_BITS
+ /* Algorithm 3 from the gcm paper. First do powers of two, then do
+ the rest by adding. */
+ while (i /= 2)
+ gcm_gf_shift(&key->h[i], &key->h[2*i]);
+ for (i = 2; i < 1<<GCM_TABLE_BITS; i *= 2)
+ {
+ unsigned j;
+ for (j = 1; j < i; j++)
+ gcm_gf_add(&key->h[i+j], &key->h[i],&key->h[j]);
+ }
+#endif
+}
+
+static void
+gcm_hash(const struct gcm_key *key, union gcm_block *x,
+ unsigned length, const uint8_t *data)
+{
+ for (; length >= GCM_BLOCK_SIZE;
+ length -= GCM_BLOCK_SIZE, data += GCM_BLOCK_SIZE)
+ {
+ memxor (x->b, data, GCM_BLOCK_SIZE);
+ gcm_gf_mul (x, key->h);
+ }
+ if (length > 0)
+ {
+ memxor (x->b, data, length);
+ gcm_gf_mul (x, key->h);
+ }
+}
+
+static void
+gcm_hash_sizes(const struct gcm_key *key, union gcm_block *x,
+ uint64_t auth_size, uint64_t data_size)
+{
+ uint8_t buffer[GCM_BLOCK_SIZE];
+
+ data_size *= 8;
+ auth_size *= 8;
+
+ WRITE_UINT64 (buffer, auth_size);
+ WRITE_UINT64 (buffer + 8, data_size);
+
+ gcm_hash(key, x, GCM_BLOCK_SIZE, buffer);
+}
+
+/*
+ * @length: The size of the iv (fixed for now to GCM_NONCE_SIZE)
+ * @iv: The iv
+ */
+void
+gcm_set_iv(struct gcm_ctx *ctx, const struct gcm_key *key,
+ unsigned length, const uint8_t *iv)
+{
+ if (length == GCM_IV_SIZE)
+ {
+ memcpy (ctx->iv.b, iv, GCM_BLOCK_SIZE - 4);
+ ctx->iv.b[GCM_BLOCK_SIZE - 4] = 0;
+ ctx->iv.b[GCM_BLOCK_SIZE - 3] = 0;
+ ctx->iv.b[GCM_BLOCK_SIZE - 2] = 0;
+ ctx->iv.b[GCM_BLOCK_SIZE - 1] = 1;
+ }
+ else
+ {
+ memset(ctx->iv.b, 0, GCM_BLOCK_SIZE);
+ gcm_hash(key, &ctx->iv, length, iv);
+ gcm_hash_sizes(key, &ctx->iv, 0, length);
+ }
+
+ memcpy (ctx->ctr.b, ctx->iv.b, GCM_BLOCK_SIZE);
+ INC32 (ctx->ctr);
+
+ /* Reset the rest of the message-dependent state. */
+ memset(ctx->x.b, 0, sizeof(ctx->x));
+ ctx->auth_size = ctx->data_size = 0;
+}
+
+void
+gcm_update(struct gcm_ctx *ctx, const struct gcm_key *key,
+ unsigned length, const uint8_t *data)
+{
+ assert(ctx->auth_size % GCM_BLOCK_SIZE == 0);
+ assert(ctx->data_size == 0);
+
+ gcm_hash(key, &ctx->x, length, data);
+
+ ctx->auth_size += length;
+}
+
+static void
+gcm_crypt(struct gcm_ctx *ctx, void *cipher, nettle_crypt_func *f,
+ unsigned length, uint8_t *dst, const uint8_t *src)
+{
+ uint8_t buffer[GCM_BLOCK_SIZE];
+
+ if (src != dst)
+ {
+ for (; length >= GCM_BLOCK_SIZE;
+ (length -= GCM_BLOCK_SIZE,
+ src += GCM_BLOCK_SIZE, dst += GCM_BLOCK_SIZE))
+ {
+ f (cipher, GCM_BLOCK_SIZE, dst, ctx->ctr.b);
+ memxor (dst, src, GCM_BLOCK_SIZE);
+ INC32 (ctx->ctr);
+ }
+ }
+ else
+ {
+ for (; length >= GCM_BLOCK_SIZE;
+ (length -= GCM_BLOCK_SIZE,
+ src += GCM_BLOCK_SIZE, dst += GCM_BLOCK_SIZE))
+ {
+ f (cipher, GCM_BLOCK_SIZE, buffer, ctx->ctr.b);
+ memxor3 (dst, src, buffer, GCM_BLOCK_SIZE);
+ INC32 (ctx->ctr);
+ }
+ }
+ if (length > 0)
+ {
+ /* A final partial block */
+ f (cipher, GCM_BLOCK_SIZE, buffer, ctx->ctr.b);
+ memxor3 (dst, src, buffer, length);
+ INC32 (ctx->ctr);
+ }
+}
+
+void
+gcm_encrypt (struct gcm_ctx *ctx, const struct gcm_key *key,
+ void *cipher, nettle_crypt_func *f,
+ unsigned length, uint8_t *dst, const uint8_t *src)
+{
+ assert(ctx->data_size % GCM_BLOCK_SIZE == 0);
+
+ gcm_crypt(ctx, cipher, f, length, dst, src);
+ gcm_hash(key, &ctx->x, length, dst);
+
+ ctx->data_size += length;
+}
+
+void
+gcm_decrypt(struct gcm_ctx *ctx, const struct gcm_key *key,
+ void *cipher, nettle_crypt_func *f,
+ unsigned length, uint8_t *dst, const uint8_t *src)
+{
+ assert(ctx->data_size % GCM_BLOCK_SIZE == 0);
+
+ gcm_hash(key, &ctx->x, length, src);
+ gcm_crypt(ctx, cipher, f, length, dst, src);
+
+ ctx->data_size += length;
+}
+
+void
+gcm_digest(struct gcm_ctx *ctx, const struct gcm_key *key,
+ void *cipher, nettle_crypt_func *f,
+ unsigned length, uint8_t *digest)
+{
+ uint8_t buffer[GCM_BLOCK_SIZE];
+
+ assert (length <= GCM_BLOCK_SIZE);
+
+ gcm_hash_sizes(key, &ctx->x, ctx->auth_size, ctx->data_size);
+
+ f (cipher, GCM_BLOCK_SIZE, buffer, ctx->iv.b);
+ memxor3 (digest, ctx->x.b, buffer, length);
+
+ return;
+}
--- /dev/null
+/* gcm.h
+ *
+ * Galois counter mode, specified by NIST,
+ * http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
+ *
+ */
+
+/* NOTE: Tentative interface, subject to change. No effort will be
+ made to avoid incompatible changes. */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2011 Niels Möller
+ * Copyright (C) 2011 Katholieke Universiteit Leuven
+ *
+ * Contributed by Nikos Mavrogiannopoulos
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#ifndef NETTLE_GCM_H_INCLUDED
+#define NETTLE_GCM_H_INCLUDED
+
+#include "aes.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Name mangling */
+#define gcm_set_key nettle_gcm_set_key
+#define gcm_set_iv nettle_gcm_set_iv
+#define gcm_update nettle_gcm_update
+#define gcm_encrypt nettle_gcm_encrypt
+#define gcm_decrypt nettle_gcm_decrypt
+#define gcm_digest nettle_gcm_digest
+
+#define gcm_aes_set_key nettle_gcm_aes_set_key
+#define gcm_aes_set_iv nettle_gcm_aes_set_iv
+#define gcm_aes_update nettle_gcm_aes_update
+#define gcm_aes_encrypt nettle_gcm_aes_encrypt
+#define gcm_aes_decrypt nettle_gcm_aes_decrypt
+#define gcm_aes_digest nettle_gcm_aes_digest
+
+#define GCM_BLOCK_SIZE 16
+#define GCM_IV_SIZE (GCM_BLOCK_SIZE - 4)
+
+#define GCM_TABLE_BITS 8
+
+/* To make sure that we have proper alignment. */
+union gcm_block
+{
+ uint8_t b[GCM_BLOCK_SIZE];
+ unsigned long w[GCM_BLOCK_SIZE / sizeof(unsigned long)];
+};
+
+/* Hashing subkey */
+struct gcm_key
+{
+ union gcm_block h[1 << GCM_TABLE_BITS];
+};
+
+/* Per-message state, depending on the iv */
+struct gcm_ctx {
+ /* Original counter block */
+ union gcm_block iv;
+ /* Updated for each block. */
+ union gcm_block ctr;
+ /* Hashing state */
+ union gcm_block x;
+ uint64_t auth_size;
+ uint64_t data_size;
+};
+
+/* FIXME: Should use const for the cipher context. Then needs const for
+ nettle_crypt_func, which also rules out using that abstraction for
+ arcfour. */
+void
+gcm_set_key(struct gcm_key *key,
+ void *cipher, nettle_crypt_func *f);
+
+void
+gcm_set_iv(struct gcm_ctx *ctx, const struct gcm_key *key,
+ unsigned length, const uint8_t *iv);
+
+void
+gcm_update(struct gcm_ctx *ctx, const struct gcm_key *key,
+ unsigned length, const uint8_t *data);
+
+void
+gcm_encrypt(struct gcm_ctx *ctx, const struct gcm_key *key,
+ void *cipher, nettle_crypt_func *f,
+ unsigned length, uint8_t *dst, const uint8_t *src);
+
+void
+gcm_decrypt(struct gcm_ctx *ctx, const struct gcm_key *key,
+ void *cipher, nettle_crypt_func *f,
+ unsigned length, uint8_t *dst, const uint8_t *src);
+
+void
+gcm_digest(struct gcm_ctx *ctx, const struct gcm_key *key,
+ void *cipher, nettle_crypt_func *f,
+ unsigned length, uint8_t *digest);
+
+/* Convenience macrology (not sure how useful it is) */
+
+/* All-in-one context, with cipher, hash subkey, and message state. */
+#define GCM_CTX(type) \
+{ type cipher; struct gcm_key key; struct gcm_ctx gcm; }
+
+/* NOTE: Avoid using NULL, as we don't include anything defining it. */
+#define GCM_SET_KEY(ctx, set_key, encrypt, length, data) \
+ do { \
+ (set_key)(&(ctx)->cipher, (length), (data)); \
+ if (0) (encrypt)(&(ctx)->cipher, 0, (void *)0, (void *)0); \
+ gcm_set_key(&(ctx)->key, &(ctx)->cipher, \
+ (nettle_crypt_func *) (encrypt)); \
+ } while (0)
+
+#define GCM_SET_IV(ctx, length, data) \
+ gcm_set_iv(&(ctx)->gcm, &(ctx)->key, (length), (data))
+
+#define GCM_UPDATE(ctx, length, data) \
+ gcm_update(&(ctx)->gcm, &(ctx)->key, (length), (data))
+
+#define GCM_ENCRYPT(ctx, encrypt, length, dst, src) \
+ (0 ? (encrypt)(&(ctx)->cipher, 0, (void *)0, (void *)0) \
+ : gcm_encrypt(&(ctx)->gcm, &(ctx)->key, &(ctx)->cipher, \
+ (nettle_crypt_func *) (encrypt), \
+ (length), (dst), (src)))
+
+#define GCM_DECRYPT(ctx, encrypt, length, dst, src) \
+ (0 ? (encrypt)(&(ctx)->cipher, 0, (void *)0, (void *)0) \
+ : gcm_decrypt(&(ctx)->gcm, &(ctx)->key, &(ctx)->cipher, \
+ (nettle_crypt_func *) (encrypt), \
+ (length), (dst), (src)))
+
+#define GCM_DIGEST(ctx, encrypt, length, digest) \
+ (0 ? (encrypt)(&(ctx)->cipher, 0, (void *)0, (void *)0) \
+ : gcm_digest(&(ctx)->gcm, &(ctx)->key, &(ctx)->cipher, \
+ (nettle_crypt_func *) (encrypt), \
+ (length), (digest)))
+
+struct gcm_aes_ctx GCM_CTX(struct aes_ctx);
+
+void
+gcm_aes_set_key(struct gcm_aes_ctx *ctx,
+ unsigned length, const uint8_t *key);
+
+void
+gcm_aes_set_iv(struct gcm_aes_ctx *ctx,
+ unsigned length, const uint8_t *iv);
+
+void
+gcm_aes_update(struct gcm_aes_ctx *ctx,
+ unsigned length, const uint8_t *data);
+
+void
+gcm_aes_encrypt(struct gcm_aes_ctx *ctx,
+ unsigned length, uint8_t *dst, const uint8_t *src);
+
+void
+gcm_aes_decrypt(struct gcm_aes_ctx *ctx,
+ unsigned length, uint8_t *dst, const uint8_t *src);
+
+void
+gcm_aes_digest(struct gcm_aes_ctx *ctx, unsigned length, uint8_t *digest);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* NETTLE_GCM_H_INCLUDED */
--- /dev/null
+/* gcmdata.c
+ *
+ * Galois counter mode, specified by NIST,
+ * http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
+ *
+ */
+
+/* Generation of fixed multiplication tables. */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2011 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#define GHASH_POLYNOMIAL 0xE1
+
+
+/* When x is shifted out over the block edge, add multiples of the
+ defining polynomial to eliminate each bit. */
+static unsigned
+reduce(unsigned x)
+{
+ unsigned p = GHASH_POLYNOMIAL << 1;
+ unsigned y = 0;
+ for (; x; x >>= 1, p <<= 1)
+ if (x & 1)
+ y ^= p;
+ return y;
+}
+
+int
+main(int argc, char **argv)
+{
+ unsigned i;
+ printf("4-bit table:\n");
+
+ for (i = 0; i<16; i++)
+ {
+ unsigned x;
+ if (i && !(i%8))
+ printf("\n");
+
+ x = reduce(i << 4);
+ printf("W(%02x,%02x),", x >> 8, x & 0xff);
+ }
+ printf("\n\n");
+ printf("8-bit table:\n");
+ for (i = 0; i<256; i++)
+ {
+ unsigned x;
+ if (i && !(i%8))
+ printf("\n");
+
+ x = reduce(i);
+ printf("W(%02x,%02x),", x >> 8, x & 0xff);
+ }
+ printf("\n");
+ return EXIT_SUCCESS;
+}
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software Foundation,
- Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301, USA. */
\f
/* This tells Alpha OSF/1 not to define a getopt prototype in <stdio.h>.
Ditto for AIX 3.2 and <stdlib.h>. */
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software Foundation,
- Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301, USA. */
#ifndef _GETOPT_H
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software Foundation,
- Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301, USA. */
\f
#ifdef HAVE_CONFIG_H
#include <config.h>
--- /dev/null
+/* gmp-glue.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+#include <stdlib.h>
+
+#include "gmp-glue.h"
+
+#if !GMP_HAVE_mpz_limbs_read
+
+/* This implementation tries to make a minimal use of GMP internals.
+ We access and _mp_size and _mp_d, but not _mp_alloc. */
+
+/* Use macros compatible with gmp-impl.h. */
+#define ABS(x) ((x) >= 0 ? (x) : -(x))
+#define PTR(x) ((x)->_mp_d)
+#define SIZ(x) ((x)->_mp_size)
+#define ABSIZ(x) ABS (SIZ (x))
+
+#define MPN_NORMALIZE(xp, xn) do { \
+ while ( (xn) > 0 && (xp)[xn-1] == 0) \
+ (xn)--; \
+ } while (0)
+
+/* NOTE: Makes an unnecessary realloc if allocation is already large
+ enough, but looking at _mp_alloc may break in future GMP
+ versions. */
+#define MPZ_REALLOC(x, n) \
+ (ABSIZ(x) >= (n) ? PTR(x) : (_mpz_realloc ((x),(n)), PTR (x)))
+
+#define MPZ_NEWALLOC MPZ_REALLOC
+
+/* Read access to mpz numbers. */
+
+/* Return limb pointer, for read-only operations. Use mpz_size to get
+ the number of limbs. */
+const mp_limb_t *
+mpz_limbs_read (mpz_srcptr x)
+{
+ return PTR (x);
+}
+
+/* Write access to mpz numbers. */
+
+/* Get a limb pointer for writing, previous contents may be
+ destroyed. */
+mp_limb_t *
+mpz_limbs_write (mpz_ptr x, mp_size_t n)
+{
+ assert (n > 0);
+ return MPZ_NEWALLOC (x, n);
+}
+
+/* Get a limb pointer for writing, previous contents is intact. */
+mp_limb_t *
+mpz_limbs_modify (mpz_ptr x, mp_size_t n)
+{
+ assert (n > 0);
+ return MPZ_REALLOC (x, n);
+}
+
+void
+mpz_limbs_finish (mpz_ptr x, mp_size_t n)
+{
+ assert (n >= 0);
+ MPN_NORMALIZE (PTR(x), n);
+
+ SIZ (x) = n;
+}
+
+/* Needs some ugly casts. */
+mpz_srcptr
+mpz_roinit_n (mpz_ptr x, const mp_limb_t *xp, mp_size_t xs)
+{
+ mp_size_t xn = ABS (xs);
+
+ MPN_NORMALIZE (xp, xn);
+
+ x->_mp_size = xs < 0 ? -xn : xn;
+ x->_mp_alloc = 0;
+ x->_mp_d = (mp_limb_t *) xp;
+ return x;
+}
+#endif /* !GMP_HAVE_mpz_limbs_read */
+
+#if !GMP_HAVE_mpn_copyd
+void
+mpn_copyd (mp_ptr dst, mp_srcptr src, mp_size_t n)
+{
+ mp_size_t i;
+ for (i = n - 1; i >= 0; i--)
+ dst[i] = src[i];
+}
+
+void
+mpn_copyi (mp_ptr dst, mp_srcptr src, mp_size_t n)
+{
+ mp_size_t i;
+ for (i = 0; i < n; i++)
+ dst[i] = src[i];
+}
+
+void
+mpn_zero (mp_ptr ptr, mp_size_t n)
+{
+ mp_size_t i;
+ for (i = 0; i < n; i++)
+ ptr[i] = 0;
+}
+#endif /* !GMP_HAVE_mpn_copyd */
+
+/* Additional convenience functions. */
+
+int
+mpz_limbs_cmp (mpz_srcptr a, const mp_limb_t *bp, mp_size_t bn)
+{
+ mp_size_t an = mpz_size (a);
+ assert (mpz_sgn (a) >= 0);
+ assert (bn >= 0);
+
+ if (an < bn)
+ return -1;
+ if (an > bn)
+ return 1;
+ if (an == 0)
+ return 0;
+
+ return mpn_cmp (mpz_limbs_read(a), bp, an);
+}
+
+/* Get a pointer to an n limb area, for read-only operation. n must be
+ greater or equal to the current size, and the mpz is zero-padded if
+ needed. */
+const mp_limb_t *
+mpz_limbs_read_n (mpz_ptr x, mp_size_t n)
+{
+ mp_size_t xn = mpz_size (x);
+ mp_ptr xp;
+
+ assert (xn <= n);
+
+ xp = mpz_limbs_modify (x, n);
+
+ if (xn < n)
+ mpn_zero (xp + xn, n - xn);
+
+ return xp;
+}
+
+void
+mpz_limbs_copy (mp_limb_t *xp, mpz_srcptr x, mp_size_t n)
+{
+ mp_size_t xn = mpz_size (x);
+
+ assert (xn <= n);
+ mpn_copyi (xp, mpz_limbs_read (x), xn);
+ if (xn < n)
+ mpn_zero (xp + xn, n - xn);
+}
+
+void
+mpz_set_n (mpz_t r, const mp_limb_t *xp, mp_size_t xn)
+{
+ mpn_copyi (mpz_limbs_write (r, xn), xp, xn);
+ mpz_limbs_finish (r, xn);
+}
+
+void
+mpn_set_base256 (mp_limb_t *rp, mp_size_t rn,
+ const uint8_t *xp, size_t xn)
+{
+ size_t xi;
+ mp_limb_t out;
+ unsigned bits;
+ for (xi = xn, out = bits = 0; xi > 0 && rn > 0; )
+ {
+ mp_limb_t in = xp[--xi];
+ out |= (in << bits) & GMP_NUMB_MASK;
+ bits += 8;
+ if (bits >= GMP_NUMB_BITS)
+ {
+ *rp++ = out;
+ rn--;
+
+ bits -= GMP_NUMB_BITS;
+ out = in >> (8 - bits);
+ }
+ }
+ if (rn > 0)
+ {
+ *rp++ = out;
+ if (--rn > 0)
+ mpn_zero (rp, rn);
+ }
+}
+
+mp_limb_t *
+gmp_alloc_limbs (mp_size_t n)
+{
+
+ void *(*alloc_func)(size_t);
+
+ assert (n > 0);
+
+ mp_get_memory_functions (&alloc_func, NULL, NULL);
+ return (mp_limb_t *) alloc_func ( (size_t) n * sizeof(mp_limb_t));
+}
+
+void
+gmp_free_limbs (mp_limb_t *p, mp_size_t n)
+{
+ void (*free_func)(void *, size_t);
+ assert (n > 0);
+ assert (p != 0);
+ mp_get_memory_functions (NULL, NULL, &free_func);
+
+ free_func (p, (size_t) n * sizeof(mp_limb_t));
+}
--- /dev/null
+/* gmp-glue.h */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#ifndef NETTLE_GMP_GLUE_H_INCLUDED
+#define NETTLE_GMP_GLUE_H_INCLUDED
+
+#include <gmp.h>
+
+#include "nettle-stdint.h"
+
+#ifdef mpz_limbs_read
+#define GMP_HAVE_mpz_limbs_read 1
+#else
+#define GMP_HAVE_mpz_limbs_read 0
+#endif
+
+#ifdef mpn_copyd
+#define GMP_HAVE_mpn_copyd 1
+#else
+#define GMP_HAVE_mpn_copyd 0
+#endif
+
+/* Name mangling. */
+#if !GMP_HAVE_mpz_limbs_read
+#define mpz_limbs_read _nettle_mpz_limbs_read
+#define mpz_limbs_write _nettle_mpz_limbs_write
+#define mpz_limbs_modify _nettle_mpz_limbs_modify
+#define mpz_limbs_finish _nettle_mpz_limbs_finish
+#define mpz_roinit_n _nettle_mpz_roinit_n
+#endif
+
+#if !GMP_HAVE_mpn_copyd
+#define mpn_copyd _nettle_mpn_copyd
+#define mpn_copyi _nettle_mpn_copyi
+#define mpn_zero _nettle_mpn_zero
+#endif
+
+#ifndef mpn_sqr
+#define mpn_sqr(rp, ap, n) mpn_mul_n((rp), (ap), (ap), (n))
+#endif
+
+#define mpz_limbs_cmp _nettle_mpz_limbs_cmp
+#define mpz_limbs_read_n _nettle_mpz_limbs_read_n
+#define mpz_limbs_copy _nettle_mpz_limbs_copy
+#define mpz_set_n _nettle_mpz_set_n
+#define mpn_set_base256 _nettle_mpn_set_base256
+#define gmp_alloc_limbs _nettle_gmp_alloc_limbs
+#define gmp_free_limbs _nettle_gmp_free_limbs
+
+/* Use only in-place operations, so we can fall back to addmul_1/submul_1 */
+#ifdef mpn_cnd_add_n
+# define cnd_add_n(cnd, rp, ap, n) mpn_cnd_add_n ((cnd), (rp), (rp), (ap), (n))
+# define cnd_sub_n(cnd, rp, ap, n) mpn_cnd_sub_n ((cnd), (rp), (rp), (ap), (n))
+#else
+# define cnd_add_n(cnd, rp, ap, n) mpn_addmul_1 ((rp), (ap), (n), (cnd) != 0)
+# define cnd_sub_n(cnd, rp, ap, n) mpn_submul_1 ((rp), (ap), (n), (cnd) != 0)
+#endif
+
+/* Some functions for interfacing between mpz and mpn code. Signs of
+ the mpz numbers are generally ignored. */
+
+#if !GMP_HAVE_mpz_limbs_read
+/* Read access to mpz numbers. */
+
+/* Return limb pointer, for read-only operations. Use mpz_size to get
+ the number of limbs. */
+const mp_limb_t *
+mpz_limbs_read (const mpz_srcptr x);
+
+/* Write access to mpz numbers. */
+
+/* Get a limb pointer for writing, previous contents may be
+ destroyed. */
+mp_limb_t *
+mpz_limbs_write (mpz_ptr x, mp_size_t n);
+
+/* Get a limb pointer for writing, previous contents is intact. */
+mp_limb_t *
+mpz_limbs_modify (mpz_ptr x, mp_size_t n);
+
+/* Update size. */
+void
+mpz_limbs_finish (mpz_ptr x, mp_size_t n);
+
+/* Using an mpn number as an mpz. Can be used for read-only access
+ only. x must not be cleared or reallocated. */
+mpz_srcptr
+mpz_roinit_n (mpz_ptr x, const mp_limb_t *xp, mp_size_t xs);
+
+#endif /* !GMP_HAVE_mpz_limbs_read */
+
+#if !GMP_HAVE_mpn_copyd
+/* Copy elements, backwards */
+void
+mpn_copyd (mp_ptr dst, mp_srcptr src, mp_size_t n);
+
+/* Copy elements, forwards */
+void
+mpn_copyi (mp_ptr dst, mp_srcptr src, mp_size_t n);
+
+/* Zero elements */
+void
+mpn_zero (mp_ptr ptr, mp_size_t n);
+#endif /* !GMP_HAVE_mpn_copyd */
+
+/* Convenience functions */
+int
+mpz_limbs_cmp (mpz_srcptr a, const mp_limb_t *bp, mp_size_t bn);
+
+/* Get a pointer to an n limb area, for read-only operation. n must be
+ greater or equal to the current size, and the mpz is zero-padded if
+ needed. */
+const mp_limb_t *
+mpz_limbs_read_n (mpz_ptr x, mp_size_t n);
+
+/* Copy limbs, with zero-padding. */
+/* FIXME: Reorder arguments, on the theory that the first argument of
+ an _mpz_* fucntion should be an mpz_t? Or rename to _mpz_get_limbs,
+ with argument order consistent with mpz_get_*. */
+void
+mpz_limbs_copy (mp_limb_t *xp, mpz_srcptr x, mp_size_t n);
+
+void
+mpz_set_n (mpz_t r, const mp_limb_t *xp, mp_size_t xn);
+
+/* Like mpn_set_str, but always writes rn limbs. If input is larger,
+ higher bits are ignored. */
+void
+mpn_set_base256 (mp_limb_t *rp, mp_size_t rn,
+ const uint8_t *xp, size_t xn);
+
+
+mp_limb_t *
+gmp_alloc_limbs (mp_size_t n);
+
+void
+gmp_free_limbs (mp_limb_t *p, mp_size_t n);
+
+
+#endif /* NETTLE_GMP_GLUE_H_INCLUDED */
--- /dev/null
+/* gosthash94-meta.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Nikos Mavrogiannopoulos, Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "nettle-meta.h"
+
+#include "gosthash94.h"
+
+const struct nettle_hash nettle_gosthash94
+= _NETTLE_HASH(gosthash94, GOSTHASH94);
--- /dev/null
+/* gost.c - an implementation of GOST Hash Function
+ * based on the Russian Standard GOST R 34.11-94.
+ * See also RFC 4357.
+ *
+ * Copyright: 2009-2012 Aleksey Kravchenko <rhash.admin@gmail.com>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included
+ * in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+ * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+ * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+ * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+/*
+ * Ported to nettle by Nikos Mavrogiannopoulos.
+ */
+
+#if HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <assert.h>
+#include <string.h>
+
+#include "macros.h"
+#include "nettle-write.h"
+#include "gosthash94.h"
+
+/* pre-initialized GOST lookup tables based on rotated S-Box */
+static const uint32_t gosthash94_sbox[4][256] = {
+ {
+ 0x72000, 0x75000, 0x74800, 0x71000, 0x76800,
+ 0x74000, 0x70000, 0x77000, 0x73000, 0x75800,
+ 0x70800, 0x76000, 0x73800, 0x77800, 0x72800,
+ 0x71800, 0x5A000, 0x5D000, 0x5C800, 0x59000,
+ 0x5E800, 0x5C000, 0x58000, 0x5F000, 0x5B000,
+ 0x5D800, 0x58800, 0x5E000, 0x5B800, 0x5F800,
+ 0x5A800, 0x59800, 0x22000, 0x25000, 0x24800,
+ 0x21000, 0x26800, 0x24000, 0x20000, 0x27000,
+ 0x23000, 0x25800, 0x20800, 0x26000, 0x23800,
+ 0x27800, 0x22800, 0x21800, 0x62000, 0x65000,
+ 0x64800, 0x61000, 0x66800, 0x64000, 0x60000,
+ 0x67000, 0x63000, 0x65800, 0x60800, 0x66000,
+ 0x63800, 0x67800, 0x62800, 0x61800, 0x32000,
+ 0x35000, 0x34800, 0x31000, 0x36800, 0x34000,
+ 0x30000, 0x37000, 0x33000, 0x35800, 0x30800,
+ 0x36000, 0x33800, 0x37800, 0x32800, 0x31800,
+ 0x6A000, 0x6D000, 0x6C800, 0x69000, 0x6E800,
+ 0x6C000, 0x68000, 0x6F000, 0x6B000, 0x6D800,
+ 0x68800, 0x6E000, 0x6B800, 0x6F800, 0x6A800,
+ 0x69800, 0x7A000, 0x7D000, 0x7C800, 0x79000,
+ 0x7E800, 0x7C000, 0x78000, 0x7F000, 0x7B000,
+ 0x7D800, 0x78800, 0x7E000, 0x7B800, 0x7F800,
+ 0x7A800, 0x79800, 0x52000, 0x55000, 0x54800,
+ 0x51000, 0x56800, 0x54000, 0x50000, 0x57000,
+ 0x53000, 0x55800, 0x50800, 0x56000, 0x53800,
+ 0x57800, 0x52800, 0x51800, 0x12000, 0x15000,
+ 0x14800, 0x11000, 0x16800, 0x14000, 0x10000,
+ 0x17000, 0x13000, 0x15800, 0x10800, 0x16000,
+ 0x13800, 0x17800, 0x12800, 0x11800, 0x1A000,
+ 0x1D000, 0x1C800, 0x19000, 0x1E800, 0x1C000,
+ 0x18000, 0x1F000, 0x1B000, 0x1D800, 0x18800,
+ 0x1E000, 0x1B800, 0x1F800, 0x1A800, 0x19800,
+ 0x42000, 0x45000, 0x44800, 0x41000, 0x46800,
+ 0x44000, 0x40000, 0x47000, 0x43000, 0x45800,
+ 0x40800, 0x46000, 0x43800, 0x47800, 0x42800,
+ 0x41800, 0xA000, 0xD000, 0xC800, 0x9000,
+ 0xE800, 0xC000, 0x8000, 0xF000, 0xB000,
+ 0xD800, 0x8800, 0xE000, 0xB800, 0xF800,
+ 0xA800, 0x9800, 0x2000, 0x5000, 0x4800,
+ 0x1000, 0x6800, 0x4000, 0x0, 0x7000,
+ 0x3000, 0x5800, 0x800, 0x6000, 0x3800,
+ 0x7800, 0x2800, 0x1800, 0x3A000, 0x3D000,
+ 0x3C800, 0x39000, 0x3E800, 0x3C000, 0x38000,
+ 0x3F000, 0x3B000, 0x3D800, 0x38800, 0x3E000,
+ 0x3B800, 0x3F800, 0x3A800, 0x39800, 0x2A000,
+ 0x2D000, 0x2C800, 0x29000, 0x2E800, 0x2C000,
+ 0x28000, 0x2F000, 0x2B000, 0x2D800, 0x28800,
+ 0x2E000, 0x2B800, 0x2F800, 0x2A800, 0x29800,
+ 0x4A000, 0x4D000, 0x4C800, 0x49000, 0x4E800,
+ 0x4C000, 0x48000, 0x4F000, 0x4B000, 0x4D800,
+ 0x48800, 0x4E000, 0x4B800, 0x4F800, 0x4A800,
+ 0x49800
+ }, {
+ 0x3A80000, 0x3C00000, 0x3880000, 0x3E80000, 0x3D00000,
+ 0x3980000, 0x3A00000, 0x3900000, 0x3F00000, 0x3F80000,
+ 0x3E00000, 0x3B80000, 0x3B00000, 0x3800000, 0x3C80000,
+ 0x3D80000, 0x6A80000, 0x6C00000, 0x6880000, 0x6E80000,
+ 0x6D00000, 0x6980000, 0x6A00000, 0x6900000, 0x6F00000,
+ 0x6F80000, 0x6E00000, 0x6B80000, 0x6B00000, 0x6800000,
+ 0x6C80000, 0x6D80000, 0x5280000, 0x5400000, 0x5080000,
+ 0x5680000, 0x5500000, 0x5180000, 0x5200000, 0x5100000,
+ 0x5700000, 0x5780000, 0x5600000, 0x5380000, 0x5300000,
+ 0x5000000, 0x5480000, 0x5580000, 0xA80000, 0xC00000,
+ 0x880000, 0xE80000, 0xD00000, 0x980000, 0xA00000,
+ 0x900000, 0xF00000, 0xF80000, 0xE00000, 0xB80000,
+ 0xB00000, 0x800000, 0xC80000, 0xD80000, 0x280000,
+ 0x400000, 0x80000, 0x680000, 0x500000, 0x180000,
+ 0x200000, 0x100000, 0x700000, 0x780000, 0x600000,
+ 0x380000, 0x300000, 0x0, 0x480000, 0x580000,
+ 0x4280000, 0x4400000, 0x4080000, 0x4680000, 0x4500000,
+ 0x4180000, 0x4200000, 0x4100000, 0x4700000, 0x4780000,
+ 0x4600000, 0x4380000, 0x4300000, 0x4000000, 0x4480000,
+ 0x4580000, 0x4A80000, 0x4C00000, 0x4880000, 0x4E80000,
+ 0x4D00000, 0x4980000, 0x4A00000, 0x4900000, 0x4F00000,
+ 0x4F80000, 0x4E00000, 0x4B80000, 0x4B00000, 0x4800000,
+ 0x4C80000, 0x4D80000, 0x7A80000, 0x7C00000, 0x7880000,
+ 0x7E80000, 0x7D00000, 0x7980000, 0x7A00000, 0x7900000,
+ 0x7F00000, 0x7F80000, 0x7E00000, 0x7B80000, 0x7B00000,
+ 0x7800000, 0x7C80000, 0x7D80000, 0x7280000, 0x7400000,
+ 0x7080000, 0x7680000, 0x7500000, 0x7180000, 0x7200000,
+ 0x7100000, 0x7700000, 0x7780000, 0x7600000, 0x7380000,
+ 0x7300000, 0x7000000, 0x7480000, 0x7580000, 0x2280000,
+ 0x2400000, 0x2080000, 0x2680000, 0x2500000, 0x2180000,
+ 0x2200000, 0x2100000, 0x2700000, 0x2780000, 0x2600000,
+ 0x2380000, 0x2300000, 0x2000000, 0x2480000, 0x2580000,
+ 0x3280000, 0x3400000, 0x3080000, 0x3680000, 0x3500000,
+ 0x3180000, 0x3200000, 0x3100000, 0x3700000, 0x3780000,
+ 0x3600000, 0x3380000, 0x3300000, 0x3000000, 0x3480000,
+ 0x3580000, 0x6280000, 0x6400000, 0x6080000, 0x6680000,
+ 0x6500000, 0x6180000, 0x6200000, 0x6100000, 0x6700000,
+ 0x6780000, 0x6600000, 0x6380000, 0x6300000, 0x6000000,
+ 0x6480000, 0x6580000, 0x5A80000, 0x5C00000, 0x5880000,
+ 0x5E80000, 0x5D00000, 0x5980000, 0x5A00000, 0x5900000,
+ 0x5F00000, 0x5F80000, 0x5E00000, 0x5B80000, 0x5B00000,
+ 0x5800000, 0x5C80000, 0x5D80000, 0x1280000, 0x1400000,
+ 0x1080000, 0x1680000, 0x1500000, 0x1180000, 0x1200000,
+ 0x1100000, 0x1700000, 0x1780000, 0x1600000, 0x1380000,
+ 0x1300000, 0x1000000, 0x1480000, 0x1580000, 0x2A80000,
+ 0x2C00000, 0x2880000, 0x2E80000, 0x2D00000, 0x2980000,
+ 0x2A00000, 0x2900000, 0x2F00000, 0x2F80000, 0x2E00000,
+ 0x2B80000, 0x2B00000, 0x2800000, 0x2C80000, 0x2D80000,
+ 0x1A80000, 0x1C00000, 0x1880000, 0x1E80000, 0x1D00000,
+ 0x1980000, 0x1A00000, 0x1900000, 0x1F00000, 0x1F80000,
+ 0x1E00000, 0x1B80000, 0x1B00000, 0x1800000, 0x1C80000,
+ 0x1D80000
+ }, {
+ 0x30000002, 0x60000002, 0x38000002, 0x8000002,
+ 0x28000002, 0x78000002, 0x68000002, 0x40000002,
+ 0x20000002, 0x50000002, 0x48000002, 0x70000002,
+ 0x2, 0x18000002, 0x58000002, 0x10000002,
+ 0xB0000005, 0xE0000005, 0xB8000005, 0x88000005,
+ 0xA8000005, 0xF8000005, 0xE8000005, 0xC0000005,
+ 0xA0000005, 0xD0000005, 0xC8000005, 0xF0000005,
+ 0x80000005, 0x98000005, 0xD8000005, 0x90000005,
+ 0x30000005, 0x60000005, 0x38000005, 0x8000005,
+ 0x28000005, 0x78000005, 0x68000005, 0x40000005,
+ 0x20000005, 0x50000005, 0x48000005, 0x70000005,
+ 0x5, 0x18000005, 0x58000005, 0x10000005,
+ 0x30000000, 0x60000000, 0x38000000, 0x8000000,
+ 0x28000000, 0x78000000, 0x68000000, 0x40000000,
+ 0x20000000, 0x50000000, 0x48000000, 0x70000000,
+ 0x0, 0x18000000, 0x58000000, 0x10000000,
+ 0xB0000003, 0xE0000003, 0xB8000003, 0x88000003,
+ 0xA8000003, 0xF8000003, 0xE8000003, 0xC0000003,
+ 0xA0000003, 0xD0000003, 0xC8000003, 0xF0000003,
+ 0x80000003, 0x98000003, 0xD8000003, 0x90000003,
+ 0x30000001, 0x60000001, 0x38000001, 0x8000001,
+ 0x28000001, 0x78000001, 0x68000001, 0x40000001,
+ 0x20000001, 0x50000001, 0x48000001, 0x70000001,
+ 0x1, 0x18000001, 0x58000001, 0x10000001,
+ 0xB0000000, 0xE0000000, 0xB8000000, 0x88000000,
+ 0xA8000000, 0xF8000000, 0xE8000000, 0xC0000000,
+ 0xA0000000, 0xD0000000, 0xC8000000, 0xF0000000,
+ 0x80000000, 0x98000000, 0xD8000000, 0x90000000,
+ 0xB0000006, 0xE0000006, 0xB8000006, 0x88000006,
+ 0xA8000006, 0xF8000006, 0xE8000006, 0xC0000006,
+ 0xA0000006, 0xD0000006, 0xC8000006, 0xF0000006,
+ 0x80000006, 0x98000006, 0xD8000006, 0x90000006,
+ 0xB0000001, 0xE0000001, 0xB8000001, 0x88000001,
+ 0xA8000001, 0xF8000001, 0xE8000001, 0xC0000001,
+ 0xA0000001, 0xD0000001, 0xC8000001, 0xF0000001,
+ 0x80000001, 0x98000001, 0xD8000001, 0x90000001,
+ 0x30000003, 0x60000003, 0x38000003, 0x8000003,
+ 0x28000003, 0x78000003, 0x68000003, 0x40000003,
+ 0x20000003, 0x50000003, 0x48000003, 0x70000003,
+ 0x3, 0x18000003, 0x58000003, 0x10000003,
+ 0x30000004, 0x60000004, 0x38000004, 0x8000004,
+ 0x28000004, 0x78000004, 0x68000004, 0x40000004,
+ 0x20000004, 0x50000004, 0x48000004, 0x70000004,
+ 0x4, 0x18000004, 0x58000004, 0x10000004,
+ 0xB0000002, 0xE0000002, 0xB8000002, 0x88000002,
+ 0xA8000002, 0xF8000002, 0xE8000002, 0xC0000002,
+ 0xA0000002, 0xD0000002, 0xC8000002, 0xF0000002,
+ 0x80000002, 0x98000002, 0xD8000002, 0x90000002,
+ 0xB0000004, 0xE0000004, 0xB8000004, 0x88000004,
+ 0xA8000004, 0xF8000004, 0xE8000004, 0xC0000004,
+ 0xA0000004, 0xD0000004, 0xC8000004, 0xF0000004,
+ 0x80000004, 0x98000004, 0xD8000004, 0x90000004,
+ 0x30000006, 0x60000006, 0x38000006, 0x8000006,
+ 0x28000006, 0x78000006, 0x68000006, 0x40000006,
+ 0x20000006, 0x50000006, 0x48000006, 0x70000006,
+ 0x6, 0x18000006, 0x58000006, 0x10000006,
+ 0xB0000007, 0xE0000007, 0xB8000007, 0x88000007,
+ 0xA8000007, 0xF8000007, 0xE8000007, 0xC0000007,
+ 0xA0000007, 0xD0000007, 0xC8000007, 0xF0000007,
+ 0x80000007, 0x98000007, 0xD8000007, 0x90000007,
+ 0x30000007, 0x60000007, 0x38000007, 0x8000007,
+ 0x28000007, 0x78000007, 0x68000007, 0x40000007,
+ 0x20000007, 0x50000007, 0x48000007, 0x70000007,
+ 0x7, 0x18000007, 0x58000007, 0x10000007
+ }, {
+ 0xE8, 0xD8, 0xA0, 0x88, 0x98, 0xF8, 0xA8, 0xC8, 0x80, 0xD0,
+ 0xF0, 0xB8, 0xB0, 0xC0, 0x90, 0xE0, 0x7E8, 0x7D8, 0x7A0, 0x788,
+ 0x798, 0x7F8, 0x7A8, 0x7C8, 0x780, 0x7D0, 0x7F0, 0x7B8, 0x7B0, 0x7C0,
+ 0x790, 0x7E0, 0x6E8, 0x6D8, 0x6A0, 0x688, 0x698, 0x6F8, 0x6A8, 0x6C8,
+ 0x680, 0x6D0, 0x6F0, 0x6B8, 0x6B0, 0x6C0, 0x690, 0x6E0, 0x68, 0x58,
+ 0x20, 0x8, 0x18, 0x78, 0x28, 0x48, 0x0, 0x50, 0x70, 0x38,
+ 0x30, 0x40, 0x10, 0x60, 0x2E8, 0x2D8, 0x2A0, 0x288, 0x298, 0x2F8,
+ 0x2A8, 0x2C8, 0x280, 0x2D0, 0x2F0, 0x2B8, 0x2B0, 0x2C0, 0x290, 0x2E0,
+ 0x3E8, 0x3D8, 0x3A0, 0x388, 0x398, 0x3F8, 0x3A8, 0x3C8, 0x380, 0x3D0,
+ 0x3F0, 0x3B8, 0x3B0, 0x3C0, 0x390, 0x3E0, 0x568, 0x558, 0x520, 0x508,
+ 0x518, 0x578, 0x528, 0x548, 0x500, 0x550, 0x570, 0x538, 0x530, 0x540,
+ 0x510, 0x560, 0x268, 0x258, 0x220, 0x208, 0x218, 0x278, 0x228, 0x248,
+ 0x200, 0x250, 0x270, 0x238, 0x230, 0x240, 0x210, 0x260, 0x4E8, 0x4D8,
+ 0x4A0, 0x488, 0x498, 0x4F8, 0x4A8, 0x4C8, 0x480, 0x4D0, 0x4F0, 0x4B8,
+ 0x4B0, 0x4C0, 0x490, 0x4E0, 0x168, 0x158, 0x120, 0x108, 0x118, 0x178,
+ 0x128, 0x148, 0x100, 0x150, 0x170, 0x138, 0x130, 0x140, 0x110, 0x160,
+ 0x1E8, 0x1D8, 0x1A0, 0x188, 0x198, 0x1F8, 0x1A8, 0x1C8, 0x180, 0x1D0,
+ 0x1F0, 0x1B8, 0x1B0, 0x1C0, 0x190, 0x1E0, 0x768, 0x758, 0x720, 0x708,
+ 0x718, 0x778, 0x728, 0x748, 0x700, 0x750, 0x770, 0x738, 0x730, 0x740,
+ 0x710, 0x760, 0x368, 0x358, 0x320, 0x308, 0x318, 0x378, 0x328, 0x348,
+ 0x300, 0x350, 0x370, 0x338, 0x330, 0x340, 0x310, 0x360, 0x5E8, 0x5D8,
+ 0x5A0, 0x588, 0x598, 0x5F8, 0x5A8, 0x5C8, 0x580, 0x5D0, 0x5F0, 0x5B8,
+ 0x5B0, 0x5C0, 0x590, 0x5E0, 0x468, 0x458, 0x420, 0x408, 0x418, 0x478,
+ 0x428, 0x448, 0x400, 0x450, 0x470, 0x438, 0x430, 0x440, 0x410, 0x460,
+ 0x668, 0x658, 0x620, 0x608, 0x618, 0x678, 0x628, 0x648, 0x600, 0x650,
+ 0x670, 0x638, 0x630, 0x640, 0x610, 0x660
+ }
+};
+
+/**
+ * Initialize algorithm context before calculating hash
+ * with test parameters set.
+ *
+ * @param ctx context to initalize
+ */
+void
+gosthash94_init (struct gosthash94_ctx *ctx)
+{
+ memset (ctx, 0, sizeof (struct gosthash94_ctx));
+}
+
+/*
+ * A macro that performs a full encryption round of GOST 28147-89.
+ * Temporary variables tmp assumed and variables r and l for left and right
+ * blocks.
+ */
+#define GOST_ENCRYPT_ROUND(key1, key2, sbox) \
+ tmp = (key1) + r; \
+ l ^= (sbox)[0][tmp & 0xff] ^ (sbox)[1][(tmp >> 8) & 0xff] ^ \
+ (sbox)[2][(tmp >> 16) & 0xff] ^ (sbox)[3][tmp >> 24]; \
+ tmp = (key2) + l; \
+ r ^= (sbox)[0][tmp & 0xff] ^ (sbox)[1][(tmp >> 8) & 0xff] ^ \
+ (sbox)[2][(tmp >> 16) & 0xff] ^ (sbox)[3][tmp >> 24];
+
+/* encrypt a block with the given key */
+#define GOST_ENCRYPT(result, i, key, hash, sbox) \
+ r = hash[i], l = hash[i + 1]; \
+ GOST_ENCRYPT_ROUND(key[0], key[1], sbox) \
+ GOST_ENCRYPT_ROUND(key[2], key[3], sbox) \
+ GOST_ENCRYPT_ROUND(key[4], key[5], sbox) \
+ GOST_ENCRYPT_ROUND(key[6], key[7], sbox) \
+ GOST_ENCRYPT_ROUND(key[0], key[1], sbox) \
+ GOST_ENCRYPT_ROUND(key[2], key[3], sbox) \
+ GOST_ENCRYPT_ROUND(key[4], key[5], sbox) \
+ GOST_ENCRYPT_ROUND(key[6], key[7], sbox) \
+ GOST_ENCRYPT_ROUND(key[0], key[1], sbox) \
+ GOST_ENCRYPT_ROUND(key[2], key[3], sbox) \
+ GOST_ENCRYPT_ROUND(key[4], key[5], sbox) \
+ GOST_ENCRYPT_ROUND(key[6], key[7], sbox) \
+ GOST_ENCRYPT_ROUND(key[7], key[6], sbox) \
+ GOST_ENCRYPT_ROUND(key[5], key[4], sbox) \
+ GOST_ENCRYPT_ROUND(key[3], key[2], sbox) \
+ GOST_ENCRYPT_ROUND(key[1], key[0], sbox) \
+ result[i] = l, result[i + 1] = r;
+
+/**
+ * The core transformation. Process a 512-bit block.
+ *
+ * @param hash intermediate message hash
+ * @param block the message block to process
+ */
+static void
+gost_block_compress (struct gosthash94_ctx *ctx, const uint32_t *block)
+{
+ unsigned i;
+ uint32_t key[8], u[8], v[8], w[8], s[8];
+ uint32_t l, r, tmp;
+
+ /* u := hash, v := <256-bit message block> */
+ memcpy (u, ctx->hash, sizeof (u));
+ memcpy (v, block, sizeof (v));
+
+ /* w := u xor v */
+ w[0] = u[0] ^ v[0], w[1] = u[1] ^ v[1];
+ w[2] = u[2] ^ v[2], w[3] = u[3] ^ v[3];
+ w[4] = u[4] ^ v[4], w[5] = u[5] ^ v[5];
+ w[6] = u[6] ^ v[6], w[7] = u[7] ^ v[7];
+
+ /* calculate keys, encrypt hash and store result to the s[] array */
+ for (i = 0;; i += 2)
+ {
+ /* key generation: key_i := P(w) */
+ key[0] =
+ (w[0] & 0x000000ff) | ((w[2] & 0x000000ff) << 8) |
+ ((w[4] & 0x000000ff) << 16) | ((w[6] & 0x000000ff) << 24);
+ key[1] =
+ ((w[0] & 0x0000ff00) >> 8) | (w[2] & 0x0000ff00) |
+ ((w[4] & 0x0000ff00) << 8) | ((w[6] & 0x0000ff00) << 16);
+ key[2] =
+ ((w[0] & 0x00ff0000) >> 16) | ((w[2] & 0x00ff0000) >> 8) |
+ (w[4] & 0x00ff0000) | ((w[6] & 0x00ff0000) << 8);
+ key[3] =
+ ((w[0] & 0xff000000) >> 24) | ((w[2] & 0xff000000) >> 16) |
+ ((w[4] & 0xff000000) >> 8) | (w[6] & 0xff000000);
+ key[4] =
+ (w[1] & 0x000000ff) | ((w[3] & 0x000000ff) << 8) |
+ ((w[5] & 0x000000ff) << 16) | ((w[7] & 0x000000ff) << 24);
+ key[5] =
+ ((w[1] & 0x0000ff00) >> 8) | (w[3] & 0x0000ff00) |
+ ((w[5] & 0x0000ff00) << 8) | ((w[7] & 0x0000ff00) << 16);
+ key[6] =
+ ((w[1] & 0x00ff0000) >> 16) | ((w[3] & 0x00ff0000) >> 8) |
+ (w[5] & 0x00ff0000) | ((w[7] & 0x00ff0000) << 8);
+ key[7] =
+ ((w[1] & 0xff000000) >> 24) | ((w[3] & 0xff000000) >> 16) |
+ ((w[5] & 0xff000000) >> 8) | (w[7] & 0xff000000);
+
+ /* encryption: s_i := E_{key_i} (h_i) */
+ GOST_ENCRYPT (s, i, key, ctx->hash, gosthash94_sbox);
+
+ if (i == 0)
+ {
+ /* w:= A(u) ^ A^2(v) */
+ w[0] = u[2] ^ v[4], w[1] = u[3] ^ v[5];
+ w[2] = u[4] ^ v[6], w[3] = u[5] ^ v[7];
+ w[4] = u[6] ^ (v[0] ^= v[2]);
+ w[5] = u[7] ^ (v[1] ^= v[3]);
+ w[6] = (u[0] ^= u[2]) ^ (v[2] ^= v[4]);
+ w[7] = (u[1] ^= u[3]) ^ (v[3] ^= v[5]);
+ }
+ else if ((i & 2) != 0)
+ {
+ if (i == 6)
+ break;
+
+ /* w := A^2(u) xor A^4(v) xor C_3; u := A(u) xor C_3 */
+ /* C_3=0xff00ffff000000ffff0000ff00ffff0000ff00ff00ff00ffff00ff00ff00ff00 */
+ u[2] ^= u[4] ^ 0x000000ff;
+ u[3] ^= u[5] ^ 0xff00ffff;
+ u[4] ^= 0xff00ff00;
+ u[5] ^= 0xff00ff00;
+ u[6] ^= 0x00ff00ff;
+ u[7] ^= 0x00ff00ff;
+ u[0] ^= 0x00ffff00;
+ u[1] ^= 0xff0000ff;
+
+ w[0] = u[4] ^ v[0];
+ w[2] = u[6] ^ v[2];
+ w[4] = u[0] ^ (v[4] ^= v[6]);
+ w[6] = u[2] ^ (v[6] ^= v[0]);
+ w[1] = u[5] ^ v[1];
+ w[3] = u[7] ^ v[3];
+ w[5] = u[1] ^ (v[5] ^= v[7]);
+ w[7] = u[3] ^ (v[7] ^= v[1]);
+ }
+ else
+ {
+ /* i==4 here */
+ /* w:= A( A^2(u) xor C_3 ) xor A^6(v) */
+ w[0] = u[6] ^ v[4], w[1] = u[7] ^ v[5];
+ w[2] = u[0] ^ v[6], w[3] = u[1] ^ v[7];
+ w[4] = u[2] ^ (v[0] ^= v[2]);
+ w[5] = u[3] ^ (v[1] ^= v[3]);
+ w[6] = (u[4] ^= u[6]) ^ (v[2] ^= v[4]);
+ w[7] = (u[5] ^= u[7]) ^ (v[3] ^= v[5]);
+ }
+ }
+
+ /* step hash function: x(block, hash) := psi^61(hash xor psi(block xor psi^12(S))) */
+
+ /* 12 rounds of the LFSR and xor in <message block> */
+ u[0] = block[0] ^ s[6];
+ u[1] = block[1] ^ s[7];
+ u[2] =
+ block[2] ^ (s[0] << 16) ^ (s[0] >> 16) ^ (s[0] & 0xffff) ^ (s[1] &
+ 0xffff)
+ ^ (s[1] >> 16) ^ (s[2] << 16) ^ s[6] ^ (s[6] << 16) ^ (s[7] &
+ 0xffff0000)
+ ^ (s[7] >> 16);
+ u[3] =
+ block[3] ^ (s[0] & 0xffff) ^ (s[0] << 16) ^ (s[1] & 0xffff) ^ (s[1]
+ <<
+ 16)
+ ^ (s[1] >> 16) ^ (s[2] << 16) ^ (s[2] >> 16) ^ (s[3] << 16) ^ s[6]
+ ^ (s[6] << 16) ^ (s[6] >> 16) ^ (s[7] & 0xffff) ^ (s[7] << 16) ^
+ (s[7] >> 16);
+ u[4] =
+ block[4] ^ (s[0] & 0xffff0000) ^ (s[0] << 16) ^ (s[0] >> 16) ^
+ (s[1] & 0xffff0000) ^ (s[1] >> 16) ^ (s[2] << 16) ^ (s[2] >> 16) ^
+ (s[3] << 16) ^ (s[3] >> 16) ^ (s[4] << 16) ^ (s[6] << 16) ^ (s[6]
+ >> 16)
+ ^ (s[7] & 0xffff) ^ (s[7] << 16) ^ (s[7] >> 16);
+ u[5] =
+ block[5] ^ (s[0] << 16) ^ (s[0] >> 16) ^ (s[0] & 0xffff0000) ^
+ (s[1] & 0xffff) ^ s[2] ^ (s[2] >> 16) ^ (s[3] << 16) ^ (s[3] >> 16)
+ ^ (s[4] << 16) ^ (s[4] >> 16) ^ (s[5] << 16) ^ (s[6] << 16) ^ (s[6]
+ >>
+ 16)
+ ^ (s[7] & 0xffff0000) ^ (s[7] << 16) ^ (s[7] >> 16);
+ u[6] =
+ block[6] ^ s[0] ^ (s[1] >> 16) ^ (s[2] << 16) ^ s[3] ^ (s[3] >> 16)
+ ^ (s[4] << 16) ^ (s[4] >> 16) ^ (s[5] << 16) ^ (s[5] >> 16) ^ s[6]
+ ^ (s[6] << 16) ^ (s[6] >> 16) ^ (s[7] << 16);
+ u[7] =
+ block[7] ^ (s[0] & 0xffff0000) ^ (s[0] << 16) ^ (s[1] & 0xffff) ^
+ (s[1] << 16) ^ (s[2] >> 16) ^ (s[3] << 16) ^ s[4] ^ (s[4] >> 16) ^
+ (s[5] << 16) ^ (s[5] >> 16) ^ (s[6] >> 16) ^ (s[7] & 0xffff) ^
+ (s[7] << 16) ^ (s[7] >> 16);
+
+ /* 1 round of the LFSR (a mixing transformation) and xor with <hash> */
+ v[0] = ctx->hash[0] ^ (u[1] << 16) ^ (u[0] >> 16);
+ v[1] = ctx->hash[1] ^ (u[2] << 16) ^ (u[1] >> 16);
+ v[2] = ctx->hash[2] ^ (u[3] << 16) ^ (u[2] >> 16);
+ v[3] = ctx->hash[3] ^ (u[4] << 16) ^ (u[3] >> 16);
+ v[4] = ctx->hash[4] ^ (u[5] << 16) ^ (u[4] >> 16);
+ v[5] = ctx->hash[5] ^ (u[6] << 16) ^ (u[5] >> 16);
+ v[6] = ctx->hash[6] ^ (u[7] << 16) ^ (u[6] >> 16);
+ v[7] =
+ ctx->
+ hash[7] ^ (u[0] & 0xffff0000) ^ (u[0] << 16) ^ (u[1] & 0xffff0000)
+ ^ (u[1] << 16) ^ (u[6] << 16) ^ (u[7] & 0xffff0000) ^ (u[7] >> 16);
+
+ /* 61 rounds of LFSR, mixing up hash */
+ ctx->hash[0] = (v[0] & 0xffff0000) ^ (v[0] << 16) ^ (v[0] >> 16) ^
+ (v[1] >> 16) ^ (v[1] & 0xffff0000) ^ (v[2] << 16) ^
+ (v[3] >> 16) ^ (v[4] << 16) ^ (v[5] >> 16) ^ v[5] ^
+ (v[6] >> 16) ^ (v[7] << 16) ^ (v[7] >> 16) ^ (v[7] & 0xffff);
+ ctx->hash[1] = (v[0] << 16) ^ (v[0] >> 16) ^ (v[0] & 0xffff0000) ^
+ (v[1] & 0xffff) ^ v[2] ^ (v[2] >> 16) ^ (v[3] << 16) ^
+ (v[4] >> 16) ^ (v[5] << 16) ^ (v[6] << 16) ^ v[6] ^
+ (v[7] & 0xffff0000) ^ (v[7] >> 16);
+ ctx->hash[2] = (v[0] & 0xffff) ^ (v[0] << 16) ^ (v[1] << 16) ^
+ (v[1] >> 16) ^ (v[1] & 0xffff0000) ^ (v[2] << 16) ^ (v[3] >> 16) ^
+ v[3] ^ (v[4] << 16) ^ (v[5] >> 16) ^ v[6] ^ (v[6] >> 16) ^
+ (v[7] & 0xffff) ^ (v[7] << 16) ^ (v[7] >> 16);
+ ctx->hash[3] = (v[0] << 16) ^ (v[0] >> 16) ^ (v[0] & 0xffff0000) ^
+ (v[1] & 0xffff0000) ^ (v[1] >> 16) ^ (v[2] << 16) ^
+ (v[2] >> 16) ^ v[2] ^ (v[3] << 16) ^ (v[4] >> 16) ^ v[4] ^
+ (v[5] << 16) ^ (v[6] << 16) ^ (v[7] & 0xffff) ^ (v[7] >> 16);
+ ctx->hash[4] =
+ (v[0] >> 16) ^ (v[1] << 16) ^ v[1] ^ (v[2] >> 16) ^ v[2] ^ (v[3] <<
+ 16) ^
+ (v[3] >> 16) ^ v[3] ^ (v[4] << 16) ^ (v[5] >> 16) ^ v[5] ^ (v[6] <<
+ 16) ^
+ (v[6] >> 16) ^ (v[7] << 16);
+ ctx->hash[5] =
+ (v[0] << 16) ^ (v[0] & 0xffff0000) ^ (v[1] << 16) ^ (v[1] >> 16) ^
+ (v[1] & 0xffff0000) ^ (v[2] << 16) ^ v[2] ^ (v[3] >> 16) ^ v[3] ^
+ (v[4] << 16) ^ (v[4] >> 16) ^ v[4] ^ (v[5] << 16) ^ (v[6] << 16) ^
+ (v[6] >> 16) ^ v[6] ^ (v[7] << 16) ^ (v[7] >> 16) ^ (v[7] &
+ 0xffff0000);
+ ctx->hash[6] =
+ v[0] ^ v[2] ^ (v[2] >> 16) ^ v[3] ^ (v[3] << 16) ^ v[4] ^ (v[4] >>
+ 16) ^
+ (v[5] << 16) ^ (v[5] >> 16) ^ v[5] ^ (v[6] << 16) ^ (v[6] >> 16) ^
+ v[6] ^ (v[7] << 16) ^ v[7];
+ ctx->hash[7] =
+ v[0] ^ (v[0] >> 16) ^ (v[1] << 16) ^ (v[1] >> 16) ^ (v[2] << 16) ^
+ (v[3] >> 16) ^ v[3] ^ (v[4] << 16) ^ v[4] ^ (v[5] >> 16) ^ v[5] ^
+ (v[6] << 16) ^ (v[6] >> 16) ^ (v[7] << 16) ^ v[7];
+}
+
+/**
+ * This function calculates hash value by 256-bit blocks.
+ * It updates 256-bit check sum as follows:
+ * *(uint256_t)(ctx->sum) += *(uint256_t*)block;
+ * and then updates intermediate hash value ctx->hash
+ * by calling gost_block_compress().
+ *
+ * @param ctx algorithm context
+ * @param block the 256-bit message block to process
+ */
+static void
+gost_compute_sum_and_hash (struct gosthash94_ctx *ctx, const uint8_t *block)
+{
+ uint32_t block_le[8];
+ unsigned i, carry;
+
+ /* compute the 256-bit sum */
+ for (i = carry = 0; i < 8; i++, block += 4)
+ {
+ block_le[i] = LE_READ_UINT32(block);
+ ctx->sum[i] += carry;
+ carry = (ctx->sum[i] < carry);
+ ctx->sum[i] += block_le[i];
+ carry += (ctx->sum[i] < block_le[i]);
+ }
+
+ /* update message hash */
+ gost_block_compress (ctx, block_le);
+}
+
+/**
+ * Calculate message hash.
+ * Can be called repeatedly with chunks of the message to be hashed.
+ *
+ * @param ctx the algorithm context containing current hashing state
+ * @param msg message chunk
+ * @param size length of the message chunk
+ */
+void
+gosthash94_update (struct gosthash94_ctx *ctx,
+ unsigned length, const uint8_t *msg)
+{
+ unsigned index = (unsigned) ctx->length & 31;
+ ctx->length += length;
+
+ /* fill partial block */
+ if (index)
+ {
+ unsigned left = GOSTHASH94_DATA_SIZE - index;
+ memcpy (ctx->message + index, msg, (length < left ? length : left));
+ if (length < left)
+ return;
+
+ /* process partial block */
+ gost_compute_sum_and_hash (ctx, ctx->message);
+ msg += left;
+ length -= left;
+ }
+ while (length >= GOSTHASH94_DATA_SIZE)
+ {
+ gost_compute_sum_and_hash (ctx, msg);
+ msg += GOSTHASH94_DATA_SIZE;
+ length -= GOSTHASH94_DATA_SIZE;
+ }
+ if (length)
+ {
+ /* save leftovers */
+ memcpy (ctx->message, msg, length);
+ }
+}
+
+/**
+ * Finish hashing and store message digest into given array.
+ *
+ * @param ctx the algorithm context containing current hashing state
+ * @param result calculated hash in binary form
+ */
+void
+gosthash94_digest (struct gosthash94_ctx *ctx,
+ unsigned length, uint8_t *result)
+{
+ unsigned index = ctx->length & 31;
+ uint32_t msg32[8];
+
+ assert(length <= GOSTHASH94_DIGEST_SIZE);
+
+ /* pad the last block with zeroes and hash it */
+ if (index > 0)
+ {
+ memset (ctx->message + index, 0, 32 - index);
+ gost_compute_sum_and_hash (ctx, ctx->message);
+ }
+
+ /* hash the message length and the sum */
+ msg32[0] = ctx->length << 3;
+ msg32[1] = ctx->length >> 29;
+ memset (msg32 + 2, 0, sizeof (uint32_t) * 6);
+
+ gost_block_compress (ctx, msg32);
+ gost_block_compress (ctx, ctx->sum);
+
+ /* convert hash state to result bytes */
+ _nettle_write_le32(length, result, ctx->hash);
+ gosthash94_init (ctx);
+}
--- /dev/null
+/* gosthash94.h
+ *
+ * The GOST R 34.11-94 hash function, described in RFC 5831.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Nikos Mavrogiannopoulos, Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Interface based on rhash gost.h. */
+
+/* Copyright: 2009-2012 Aleksey Kravchenko <rhash.admin@gmail.com>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included
+ * in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+ * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+ * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+ * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+/*
+ * Ported to nettle by Nikos Mavrogiannopoulos.
+ */
+
+#ifndef NETTLE_GOSTHASH94_H_INCLUDED
+#define NETTLE_GOSTHASH94_H_INCLUDED
+
+#include "nettle-types.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define gosthash94_init nettle_gosthash94_init
+#define gosthash94_update nettle_gosthash94_update
+#define gosthash94_digest nettle_gosthash94_digest
+
+#define GOSTHASH94_DATA_SIZE 32
+#define GOSTHASH94_DIGEST_SIZE 32
+
+struct gosthash94_ctx
+{
+ uint32_t hash[8]; /* algorithm 256-bit state */
+ uint32_t sum[8]; /* sum of processed message blocks */
+ uint8_t message[GOSTHASH94_DATA_SIZE]; /* 256-bit buffer for leftovers */
+ uint64_t length; /* number of processed bytes */
+};
+
+void gosthash94_init(struct gosthash94_ctx *ctx);
+void gosthash94_update(struct gosthash94_ctx *ctx,
+ unsigned length, const uint8_t *msg);
+void gosthash94_digest(struct gosthash94_ctx *ctx,
+ unsigned length, uint8_t *result);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* NETTLE_GOSTHASH94_H_INCLUDED */
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
--- /dev/null
+/* hmac-ripemd160.c
+ *
+ * HMAC-RIPEMD160 message authentication code.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2011 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "hmac.h"
+
+void
+hmac_ripemd160_set_key(struct hmac_ripemd160_ctx *ctx,
+ unsigned key_length, const uint8_t *key)
+{
+ HMAC_SET_KEY(ctx, &nettle_ripemd160, key_length, key);
+}
+
+void
+hmac_ripemd160_update(struct hmac_ripemd160_ctx *ctx,
+ unsigned length, const uint8_t *data)
+{
+ ripemd160_update(&ctx->state, length, data);
+}
+
+void
+hmac_ripemd160_digest(struct hmac_ripemd160_ctx *ctx,
+ unsigned length, uint8_t *digest)
+{
+ HMAC_DIGEST(ctx, &nettle_ripemd160, length, digest);
+}
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2003, 2010 Niels Möller
+ * Copyright (C) 2003, 2010 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2003 Niels Möller
+ * Copyright (C) 2003 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2003, 2010 Niels Möller
+ * Copyright (C) 2003, 2010 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2003, 2010 Niels Möller
+ * Copyright (C) 2003, 2010 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001 Niels Möller
+ * Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001, 2002 Niels Möller
+ * Copyright (C) 2001, 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_HMAC_H_INCLUDED
#include "nettle-meta.h"
#include "md5.h"
-#include "sha.h"
+#include "ripemd160.h"
+#include "sha1.h"
+#include "sha2.h"
#ifdef __cplusplus
extern "C" {
#define hmac_md5_set_key nettle_hmac_md5_set_key
#define hmac_md5_update nettle_hmac_md5_update
#define hmac_md5_digest nettle_hmac_md5_digest
+#define hmac_ripemd160_set_key nettle_hmac_ripemd160_set_key
+#define hmac_ripemd160_update nettle_hmac_ripemd160_update
+#define hmac_ripemd160_digest nettle_hmac_ripemd160_digest
#define hmac_sha1_set_key nettle_hmac_sha1_set_key
#define hmac_sha1_update nettle_hmac_sha1_update
#define hmac_sha1_digest nettle_hmac_sha1_digest
unsigned length, uint8_t *digest);
+/* hmac-ripemd160 */
+struct hmac_ripemd160_ctx HMAC_CTX(struct ripemd160_ctx);
+
+void
+hmac_ripemd160_set_key(struct hmac_ripemd160_ctx *ctx,
+ unsigned key_length, const uint8_t *key);
+
+void
+hmac_ripemd160_update(struct hmac_ripemd160_ctx *ctx,
+ unsigned length, const uint8_t *data);
+
+void
+hmac_ripemd160_digest(struct hmac_ripemd160_ctx *ctx,
+ unsigned length, uint8_t *digest);
+
+
/* hmac-sha1 */
struct hmac_sha1_ctx HMAC_CTX(struct sha1_ctx);
--- /dev/null
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+# Uses Requires.private and Libs.private, under the assumption that
+# when using shared libraries, the ELF dependencies from libhogweed.so
+# to nettle and gmp work.
+
+Name: Hogweed
+Description: Nettle low-level cryptographic library (public-key algorithms)
+URL: http://www.lysator.liu.se/~nisse/nettle
+Version: @PACKAGE_VERSION@
+Requires.private: nettle
+Libs: -L${libdir} -lhogweed
+Libs.private: -lgmp
+Cflags: -I${includedir}
+
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* Includes code copied verbatim from Knuth's TAOCP.
*
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
/* NOTE: This generator is totally inappropriate for cryptographic
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
/* NOTE: This generator is totally inappropriate for cryptographic
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001, 2010 Niels Möller
+ * Copyright (C) 2001, 2010 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_MACROS_H_INCLUDED
} while(0)
/* And the other, little-endian, byteorder */
+#define LE_READ_UINT64(p) \
+( (((uint64_t) (p)[7]) << 56) \
+ | (((uint64_t) (p)[6]) << 48) \
+ | (((uint64_t) (p)[5]) << 40) \
+ | (((uint64_t) (p)[4]) << 32) \
+ | (((uint64_t) (p)[3]) << 24) \
+ | (((uint64_t) (p)[2]) << 16) \
+ | (((uint64_t) (p)[1]) << 8) \
+ | ((uint64_t) (p)[0]))
+
+#define LE_WRITE_UINT64(p, i) \
+do { \
+ (p)[7] = ((i) >> 56) & 0xff; \
+ (p)[6] = ((i) >> 48) & 0xff; \
+ (p)[5] = ((i) >> 40) & 0xff; \
+ (p)[4] = ((i) >> 32) & 0xff; \
+ (p)[3] = ((i) >> 24) & 0xff; \
+ (p)[2] = ((i) >> 16) & 0xff; \
+ (p)[1] = ((i) >> 8) & 0xff; \
+ (p)[0] = (i) & 0xff; \
+} while (0)
+
#define LE_READ_UINT32(p) \
( (((uint32_t) (p)[3]) << 24) \
| (((uint32_t) (p)[2]) << 16) \
(dst) += (blocksize), \
(src) += (blocksize)) )
+#define ROTL32(n,x) (((x)<<(n)) | ((x)>>(32-(n))))
+
+#define ROTL64(n,x) (((x)<<(n)) | ((x)>>(64-(n))))
+
+/* Requires that size > 0 */
+#define INCREMENT(size, ctr) \
+ do { \
+ unsigned increment_i = (size) - 1; \
+ if (++(ctr)[increment_i] == 0) \
+ while (increment_i > 0 \
+ && ++(ctr)[--increment_i] == 0 ) \
+ ; \
+ } while (0)
+
+
+/* Helper macro for Merkle-Damgård hash functions. Assumes the context
+ structs includes the following fields:
+
+ xxx count_low, count_high; // Two word block count
+ uint8_t block[...]; // Buffer holding one block
+ unsigned int index; // Index into block
+*/
+
+/* FIXME: Should probably switch to using uint64_t for the count, but
+ due to alignment and byte order that may be an ABI change. */
+
+#define MD_INCR(ctx) ((ctx)->count_high += !++(ctx)->count_low)
+
+/* Takes the compression function f as argument. NOTE: also clobbers
+ length and data. */
+#define MD_UPDATE(ctx, length, data, f, incr) \
+ do { \
+ if ((ctx)->index) \
+ { \
+ /* Try to fill partial block */ \
+ unsigned __md_left = sizeof((ctx)->block) - (ctx)->index; \
+ if ((length) < __md_left) \
+ { \
+ memcpy((ctx)->block + (ctx)->index, (data), (length)); \
+ (ctx)->index += (length); \
+ goto __md_done; /* Finished */ \
+ } \
+ else \
+ { \
+ memcpy((ctx)->block + (ctx)->index, (data), __md_left); \
+ \
+ f((ctx), (ctx)->block); \
+ (incr); \
+ \
+ (data) += __md_left; \
+ (length) -= __md_left; \
+ } \
+ } \
+ while ((length) >= sizeof((ctx)->block)) \
+ { \
+ f((ctx), (data)); \
+ (incr); \
+ \
+ (data) += sizeof((ctx)->block); \
+ (length) -= sizeof((ctx)->block); \
+ } \
+ memcpy ((ctx)->block, (data), (length)); \
+ (ctx)->index = (length); \
+ __md_done: \
+ ; \
+ } while (0)
+
+/* Pads the block to a block boundary with the bit pattern 1 0*,
+ leaving size octets for the length field at the end. If needed,
+ compresses the block and starts a new one. */
+#define MD_PAD(ctx, size, f) \
+ do { \
+ unsigned __md_i; \
+ __md_i = (ctx)->index; \
+ \
+ /* Set the first char of padding to 0x80. This is safe since there \
+ is always at least one byte free */ \
+ \
+ assert(__md_i < sizeof((ctx)->block)); \
+ (ctx)->block[__md_i++] = 0x80; \
+ \
+ if (__md_i > (sizeof((ctx)->block) - 2*sizeof((ctx)->count_low))) \
+ { /* No room for length in this block. Process it and \
+ pad with another one */ \
+ memset((ctx)->block + __md_i, 0, sizeof((ctx)->block) - __md_i); \
+ \
+ f((ctx), (ctx)->block); \
+ __md_i = 0; \
+ } \
+ memset((ctx)->block + __md_i, 0, \
+ sizeof((ctx)->block) - (size) - __md_i); \
+ \
+ } while (0)
+
#endif /* NETTLE_MACROS_H_INCLUDED */
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2003 Niels Möller
+ * Copyright (C) 2003 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2003 Niels Möller, Andreas Sigfridsson
+ * Copyright (C) 2003 Niels Möller, Andreas Sigfridsson
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
/* This code originates from the Python Cryptography Toolkit, version 1.0.1.
- Further hacked by Andreas Sigfridsson and Niels Möller. Original license:
+ Further hacked by Andreas Sigfridsson and Niels Möller. Original license:
===================================================================
Distribute and use freely; there are no restrictions on further
}
}
-#if 0
-static void
-md2_final(struct md2_ctx *ctx)
-{
- unsigned left = MD2_DATA_SIZE - ctx->index;
- memset(ctx->block + ctx->index, left, left);
- md2_transform(ctx, ctx->block);
-}
-#endif
-
void
md2_init(struct md2_ctx *ctx)
{
unsigned length,
const uint8_t *data)
{
- if (ctx->index)
- {
- /* Try to fill partial block */
- unsigned left = MD2_DATA_SIZE - ctx->index;
- if (length < left)
- {
- memcpy(ctx->block + ctx->index, data, length);
- ctx->index += length;
- return; /* Finished */
- }
- else
- {
- memcpy(ctx->block + ctx->index, data, left);
- md2_transform(ctx, ctx->block);
- data += left;
- length -= left;
- }
- }
- while (length >= MD2_DATA_SIZE)
- {
- md2_transform(ctx, data);
- data += MD2_DATA_SIZE;
- length -= MD2_DATA_SIZE;
- }
- if ((ctx->index = length)) /* This assignment is intended */
- /* Buffer leftovers */
- memcpy(ctx->block, data, length);
+ MD_UPDATE(ctx, length, data, md2_transform, (void)0);
}
void
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2003 Niels Möller
+ * Copyright (C) 2003 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_MD2_H_INCLUDED
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2003 Niels Möller, Marcus Comstedt
+ * Copyright (C) 2003 Niels Möller, Marcus Comstedt
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
/* Based on the public domain md5 code, and modified by Marcus
#include "md4.h"
#include "macros.h"
+#include "nettle-write.h"
/* A block, treated as a sequence of 32-bit words. */
#define MD4_DATA_LENGTH 16
md4_transform(uint32_t *digest, const uint32_t *data);
static void
-md4_block(struct md4_ctx *ctx, const uint8_t *block);
-
-static void
-md4_final(struct md4_ctx *ctx);
+md4_compress(struct md4_ctx *ctx, const uint8_t *block);
+/* FIXME: Could be an alias for md5_init */
void
md4_init(struct md4_ctx *ctx)
{
/* Same constants as for md5. */
- ctx->digest[0] = 0x67452301;
- ctx->digest[1] = 0xefcdab89;
- ctx->digest[2] = 0x98badcfe;
- ctx->digest[3] = 0x10325476;
+ const uint32_t iv[_MD4_DIGEST_LENGTH] =
+ {
+ 0x67452301,
+ 0xefcdab89,
+ 0x98badcfe,
+ 0x10325476,
+ };
+ memcpy(ctx->state, iv, sizeof(ctx->state));
- ctx->count_l = ctx->count_h = 0;
+ ctx->count_low = ctx->count_high = 0;
ctx->index = 0;
}
unsigned length,
const uint8_t *data)
{
- if (ctx->index)
- {
- /* Try to fill partial block */
- unsigned left = MD4_DATA_SIZE - ctx->index;
- if (length < left)
- {
- memcpy(ctx->block + ctx->index, data, length);
- ctx->index += length;
- return; /* Finished */
- }
- else
- {
- memcpy(ctx->block + ctx->index, data, left);
- md4_block(ctx, ctx->block);
- data += left;
- length -= left;
- }
- }
- while (length >= MD4_DATA_SIZE)
- {
- md4_block(ctx, data);
- data += MD4_DATA_SIZE;
- length -= MD4_DATA_SIZE;
- }
- if ((ctx->index = length)) /* This assignment is intended */
- /* Buffer leftovers */
- memcpy(ctx->block, data, length);
+ MD_UPDATE(ctx, length, data, md4_compress, MD_INCR(ctx));
}
void
unsigned length,
uint8_t *digest)
{
+ uint32_t data[MD4_DATA_LENGTH];
unsigned i;
- unsigned words;
- unsigned leftover;
-
+
assert(length <= MD4_DIGEST_SIZE);
- md4_final(ctx);
-
- words = length / 4;
- leftover = length % 4;
-
- /* Little endian order */
- for (i = 0; i < words; i++, digest += 4)
- LE_WRITE_UINT32(digest, ctx->digest[i]);
+ MD_PAD(ctx, 8, md4_compress);
+ for (i = 0; i < MD4_DATA_LENGTH - 2; i++)
+ data[i] = LE_READ_UINT32(ctx->block + 4*i);
- if (leftover)
- {
- uint32_t word;
- unsigned j;
+ /* There are 512 = 2^9 bits in one block
+ * Little-endian order => Least significant word first */
+
+ data[MD4_DATA_LENGTH-1] = (ctx->count_high << 9) | (ctx->count_low >> 23);
+ data[MD4_DATA_LENGTH-2] = (ctx->count_low << 9) | (ctx->index << 3);
+ md4_transform(ctx->state, data);
- assert(i < _MD4_DIGEST_LENGTH);
-
- /* Still least significant byte first. */
- for (word = ctx->digest[i], j = 0; j < leftover;
- j++, word >>= 8)
- digest[j] = word & 0xff;
- }
+ _nettle_write_le32(length, digest, ctx->state);
md4_init(ctx);
}
}
static void
-md4_block(struct md4_ctx *ctx, const uint8_t *block)
+md4_compress(struct md4_ctx *ctx, const uint8_t *block)
{
uint32_t data[MD4_DATA_LENGTH];
unsigned i;
- /* Update block count */
- if (!++ctx->count_l)
- ++ctx->count_h;
-
/* Endian independent conversion */
for (i = 0; i<16; i++, block += 4)
data[i] = LE_READ_UINT32(block);
- md4_transform(ctx->digest, data);
-}
-
-/* Final wrapup - pad to MD4_DATA_SIZE-byte boundary with the bit
- * pattern 1 0* (64-bit count of bits processed, LSB-first) */
-
-static void
-md4_final(struct md4_ctx *ctx)
-{
- uint32_t data[MD4_DATA_LENGTH];
- unsigned i;
- unsigned words;
-
- i = ctx->index;
-
- /* Set the first char of padding to 0x80. This is safe since there
- * is always at least one byte free */
- assert(i < MD4_DATA_SIZE);
- ctx->block[i++] = 0x80;
-
- /* Fill rest of word */
- for( ; i & 3; i++)
- ctx->block[i] = 0;
-
- /* i is now a multiple of the word size 4 */
- words = i >> 2;
- for (i = 0; i < words; i++)
- data[i] = LE_READ_UINT32(ctx->block + 4*i);
-
- if (words > (MD4_DATA_LENGTH-2))
- { /* No room for length in this block. Process it and
- * pad with another one */
- for (i = words ; i < MD4_DATA_LENGTH; i++)
- data[i] = 0;
- md4_transform(ctx->digest, data);
- for (i = 0; i < (MD4_DATA_LENGTH-2); i++)
- data[i] = 0;
- }
- else
- for (i = words ; i < MD4_DATA_LENGTH - 2; i++)
- data[i] = 0;
-
- /* There are 512 = 2^9 bits in one block
- * Little-endian order => Least significant word first */
-
- data[MD4_DATA_LENGTH-1] = (ctx->count_h << 9) | (ctx->count_l >> 23);
- data[MD4_DATA_LENGTH-2] = (ctx->count_l << 9) | (ctx->index << 3);
- md4_transform(ctx->digest, data);
+ md4_transform(ctx->state, data);
}
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2003 Niels Möller
+ * Copyright (C) 2003 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_MD4_H_INCLUDED
/* Digest is kept internally as 4 32-bit words. */
#define _MD4_DIGEST_LENGTH 4
+/* FIXME: Identical to md5_ctx */
struct md4_ctx
{
- uint32_t digest[_MD4_DIGEST_LENGTH];
- uint32_t count_l, count_h; /* Block count */
- uint8_t block[MD4_DATA_SIZE]; /* Block buffer */
- unsigned index; /* Into buffer */
+ uint32_t state[_MD4_DIGEST_LENGTH];
+ uint32_t count_low, count_high; /* Block count */
+ uint8_t block[MD4_DATA_SIZE]; /* Block buffer */
+ unsigned index; /* Into buffer */
};
void
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001 Niels Möller
+ * Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001 Niels Möller
+ * Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_MD5_COMPAT_H_INCLUDED
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001, 2005 Niels Möller
+ * Copyright (C) 2001, 2005 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
/* Based on public domain code hacked by Colin Plumb, Andrew Kuchling, and
- * Niels Möller. */
+ * Niels Möller. */
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001 Niels Möller
+ * Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
/* Based on public domain code hacked by Colin Plumb, Andrew Kuchling, and
- * Niels Möller. */
+ * Niels Möller. */
#if HAVE_CONFIG_H
# include "config.h"
#include "md5.h"
#include "macros.h"
-
-static void
-md5_final(struct md5_ctx *ctx);
+#include "nettle-write.h"
void
md5_init(struct md5_ctx *ctx)
{
- ctx->digest[0] = 0x67452301;
- ctx->digest[1] = 0xefcdab89;
- ctx->digest[2] = 0x98badcfe;
- ctx->digest[3] = 0x10325476;
-
- ctx->count_l = ctx->count_h = 0;
+ const uint32_t iv[_MD5_DIGEST_LENGTH] =
+ {
+ 0x67452301,
+ 0xefcdab89,
+ 0x98badcfe,
+ 0x10325476,
+ };
+ memcpy(ctx->state, iv, sizeof(ctx->state));
+ ctx->count_low = ctx->count_high = 0;
ctx->index = 0;
}
-#define MD5_INCR(ctx) ((ctx)->count_h += !++(ctx)->count_l)
+#define COMPRESS(ctx, data) (_nettle_md5_compress((ctx)->state, (data)))
void
md5_update(struct md5_ctx *ctx,
unsigned length,
const uint8_t *data)
{
- if (ctx->index)
- {
- /* Try to fill partial block */
- unsigned left = MD5_DATA_SIZE - ctx->index;
- if (length < left)
- {
- memcpy(ctx->block + ctx->index, data, length);
- ctx->index += length;
- return; /* Finished */
- }
- else
- {
- memcpy(ctx->block + ctx->index, data, left);
-
- _nettle_md5_compress(ctx->digest, ctx->block);
- MD5_INCR(ctx);
-
- data += left;
- length -= left;
- }
- }
- while (length >= MD5_DATA_SIZE)
- {
- _nettle_md5_compress(ctx->digest, data);
- MD5_INCR(ctx);
-
- data += MD5_DATA_SIZE;
- length -= MD5_DATA_SIZE;
- }
- if ((ctx->index = length)) /* This assignment is intended */
- /* Buffer leftovers */
- memcpy(ctx->block, data, length);
+ MD_UPDATE(ctx, length, data, COMPRESS, MD_INCR(ctx));
}
void
unsigned length,
uint8_t *digest)
{
- unsigned i;
- unsigned words;
- unsigned leftover;
+ uint32_t high, low;
assert(length <= MD5_DIGEST_SIZE);
- md5_final(ctx);
-
- words = length / 4;
- leftover = length % 4;
-
- /* Little endian order */
- for (i = 0; i < words; i++, digest += 4)
- LE_WRITE_UINT32(digest, ctx->digest[i]);
+ MD_PAD(ctx, 8, COMPRESS);
- if (leftover)
- {
- uint32_t word;
- unsigned j;
+ /* There are 512 = 2^9 bits in one block */
+ high = (ctx->count_high << 9) | (ctx->count_low >> 23);
+ low = (ctx->count_low << 9) | (ctx->index << 3);
- assert(i < _MD5_DIGEST_LENGTH);
-
- /* Still least significant byte first. */
- for (word = ctx->digest[i], j = 0; j < leftover;
- j++, word >>= 8)
- digest[j] = word & 0xff;
- }
- md5_init(ctx);
-}
-
-/* Final wrapup - pad to MD5_DATA_SIZE-byte boundary with the bit
- * pattern 1 0* (64-bit count of bits processed, LSB-first) */
-
-static void
-md5_final(struct md5_ctx *ctx)
-{
- uint32_t bitcount_high;
- uint32_t bitcount_low;
- unsigned i;
-
- i = ctx->index;
+ LE_WRITE_UINT32(ctx->block + (MD5_DATA_SIZE - 8), low);
+ LE_WRITE_UINT32(ctx->block + (MD5_DATA_SIZE - 4), high);
+ _nettle_md5_compress(ctx->state, ctx->block);
- /* Set the first char of padding to 0x80. This is safe since there
- * is always at least one byte free */
- assert(i < MD5_DATA_SIZE);
- ctx->block[i++] = 0x80;
-
- if (i > (MD5_DATA_SIZE - 8))
- {
- /* No room for length in this block. Process it and
- pad with another one */
- memset(ctx->block + i, 0, MD5_DATA_SIZE - i);
-
- _nettle_md5_compress(ctx->digest, ctx->block);
- i = 0;
- }
- if (i < (MD5_DATA_SIZE - 8))
- memset(ctx->block + i, 0, (MD5_DATA_SIZE - 8) - i);
-
- /* There are 512 = 2^9 bits in one block
- * Little-endian order => Least significant word first */
-
- bitcount_low = (ctx->count_l << 9) | (ctx->index << 3);
- bitcount_high = (ctx->count_h << 9) | (ctx->count_l >> 23);
- LE_WRITE_UINT32(ctx->block + (MD5_DATA_SIZE - 8), bitcount_low);
- LE_WRITE_UINT32(ctx->block + (MD5_DATA_SIZE - 4), bitcount_high);
-
- _nettle_md5_compress(ctx->digest, ctx->block);
+ _nettle_write_le32(length, digest, ctx->state);
+ md5_init(ctx);
}
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001 Niels Möller
+ * Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_MD5_H_INCLUDED
struct md5_ctx
{
- uint32_t digest[_MD5_DIGEST_LENGTH];
- uint32_t count_l, count_h; /* Block count */
+ uint32_t state[_MD5_DIGEST_LENGTH];
+ uint32_t count_low, count_high; /* Block count */
uint8_t block[MD5_DATA_SIZE]; /* Block buffer */
unsigned index; /* Into buffer */
};
/* memxor.c
*
- * $Id: memxor.c,v 1.1 2007/04/05 14:20:35 nisse Exp $
*/
-/* XOR LEN bytes starting at SRCADDR onto DESTADDR. Result undefined
- if the source overlaps with the destination.
- Return DESTADDR. */
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 1991, 1993, 1995 Free Software Foundation, Inc.
+ * Copyright (C) 2010 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Implementation inspired by memcmp in glibc, contributed to the FSF
+ by Torbjorn Granlund.
+ */
#if HAVE_CONFIG_H
# include "config.h"
#endif
+#include <limits.h>
+
#include "memxor.h"
+typedef unsigned long int word_t;
+
+#if SIZEOF_LONG & (SIZEOF_LONG - 1)
+#error Word size must be a power of two
+#endif
+
+#define ALIGN_OFFSET(p) ((uintptr_t) (p) % sizeof(word_t))
+
+#ifndef WORDS_BIGENDIAN
+#define MERGE(w0, sh_1, w1, sh_2) (((w0) >> (sh_1)) | ((w1) << (sh_2)))
+#else
+#define MERGE(w0, sh_1, w1, sh_2) (((w0) << (sh_1)) | ((w1) >> (sh_2)))
+#endif
+
+#define WORD_T_THRESH 16
+
+/* XOR word-aligned areas. n is the number of words, not bytes. */
+static void
+memxor_common_alignment (word_t *dst, const word_t *src, size_t n)
+{
+ /* FIXME: Require n > 0? */
+ /* FIXME: Unroll four times, like memcmp? Probably not worth the
+ effort. */
+
+ if (n & 1)
+ {
+ *dst++ ^= *src++;
+ n--;
+ }
+ for (; n >= 2; dst += 2, src += 2, n -= 2)
+ {
+ dst[0] ^= src[0];
+ dst[1] ^= src[1];
+ }
+}
+
+/* XOR *un-aligned* src-area onto aligned dst area. n is number of
+ words, not bytes. Assumes we can read complete words at the start
+ and end of the src operand. */
+static void
+memxor_different_alignment (word_t *dst, const uint8_t *src, size_t n)
+{
+ size_t i;
+ int shl, shr;
+ const word_t *src_word;
+ unsigned offset = ALIGN_OFFSET (src);
+ word_t s0, s1;
+
+ shl = CHAR_BIT * offset;
+ shr = CHAR_BIT * (sizeof(word_t) - offset);
+
+ src_word = (const word_t *) ((uintptr_t) src & -SIZEOF_LONG);
+
+ /* FIXME: Unroll four times, like memcmp? */
+ i = n & 1;
+ s0 = src_word[i];
+ if (i)
+ {
+ s1 = src_word[0];
+ dst[0] ^= MERGE (s1, shl, s0, shr);
+ }
+
+ for (; i < n; i += 2)
+ {
+ s1 = src_word[i+1];
+ dst[i] ^= MERGE(s0, shl, s1, shr);
+ s0 = src_word[i+2];
+ dst[i+1] ^= MERGE(s1, shl, s0, shr);
+ }
+}
+
+/* Performance, Intel SU1400 (x86_64): 0.25 cycles/byte aligned, 0.45
+ cycles/byte unaligned. */
+
+/* XOR LEN bytes starting at SRCADDR onto DESTADDR. Result undefined
+ if the source overlaps with the destination. Return DESTADDR. */
uint8_t *
memxor(uint8_t *dst, const uint8_t *src, size_t n)
{
- size_t i;
- for (i = 0; i<n; i++)
- dst[i] ^= src[i];
+ uint8_t *orig_dst = dst;
- return dst;
+ if (n >= WORD_T_THRESH)
+ {
+ /* There are at least some bytes to compare. No need to test
+ for N == 0 in this alignment loop. */
+ while (ALIGN_OFFSET (dst))
+ {
+ *dst++ ^= *src++;
+ n--;
+ }
+ if (ALIGN_OFFSET (src))
+ memxor_different_alignment ((word_t *) dst, src, n / sizeof(word_t));
+ else
+ memxor_common_alignment ((word_t *) dst, (const word_t *) src, n / sizeof(word_t));
+
+ dst += n & -SIZEOF_LONG;
+ src += n & -SIZEOF_LONG;
+ n = n & (SIZEOF_LONG - 1);
+ }
+ for (; n > 0; n--)
+ *dst++ ^= *src++;
+
+ return orig_dst;
}
+
+/* XOR word-aligned areas. n is the number of words, not bytes. */
+static void
+memxor3_common_alignment (word_t *dst,
+ const word_t *a, const word_t *b, size_t n)
+{
+ /* FIXME: Require n > 0? */
+ while (n-- > 0)
+ dst[n] = a[n] ^ b[n];
+}
+
+static void
+memxor3_different_alignment_b (word_t *dst,
+ const word_t *a, const uint8_t *b, unsigned offset, size_t n)
+{
+ int shl, shr;
+ const word_t *b_word;
+
+ word_t s0, s1;
+
+ shl = CHAR_BIT * offset;
+ shr = CHAR_BIT * (sizeof(word_t) - offset);
+
+ b_word = (const word_t *) ((uintptr_t) b & -SIZEOF_LONG);
+
+ if (n & 1)
+ {
+ n--;
+ s1 = b_word[n];
+ s0 = b_word[n+1];
+ dst[n] = a[n] ^ MERGE (s1, shl, s0, shr);
+ }
+ else
+ s1 = b_word[n];
+
+ while (n > 0)
+ {
+ n -= 2;
+ s0 = b_word[n+1];
+ dst[n+1] = a[n+1] ^ MERGE(s0, shl, s1, shr);
+ s1 = b_word[n];
+ dst[n] = a[n] ^ MERGE(s1, shl, s0, shr);
+ }
+}
+
+static void
+memxor3_different_alignment_ab (word_t *dst,
+ const uint8_t *a, const uint8_t *b,
+ unsigned offset, size_t n)
+{
+ int shl, shr;
+ const word_t *a_word;
+ const word_t *b_word;
+
+ word_t s0, s1;
+
+ shl = CHAR_BIT * offset;
+ shr = CHAR_BIT * (sizeof(word_t) - offset);
+
+ a_word = (const word_t *) ((uintptr_t) a & -SIZEOF_LONG);
+ b_word = (const word_t *) ((uintptr_t) b & -SIZEOF_LONG);
+
+ if (n & 1)
+ {
+ n--;
+ s1 = a_word[n] ^ b_word[n];
+ s0 = a_word[n+1] ^ b_word[n+1];
+ dst[n] = MERGE (s1, shl, s0, shr);
+ }
+ else
+ s1 = a_word[n] ^ b_word[n];
+
+ while (n > 0)
+ {
+ n -= 2;
+ s0 = a_word[n+1] ^ b_word[n+1];
+ dst[n+1] = MERGE(s0, shl, s1, shr);
+ s1 = a_word[n] ^ b_word[n];
+ dst[n] = MERGE(s1, shl, s0, shr);
+ }
+}
+
+static void
+memxor3_different_alignment_all (word_t *dst,
+ const uint8_t *a, const uint8_t *b,
+ unsigned a_offset, unsigned b_offset,
+ size_t n)
+{
+ int al, ar, bl, br;
+ const word_t *a_word;
+ const word_t *b_word;
+
+ word_t a0, a1, b0, b1;
+
+ al = CHAR_BIT * a_offset;
+ ar = CHAR_BIT * (sizeof(word_t) - a_offset);
+ bl = CHAR_BIT * b_offset;
+ br = CHAR_BIT * (sizeof(word_t) - b_offset);
+
+ a_word = (const word_t *) ((uintptr_t) a & -SIZEOF_LONG);
+ b_word = (const word_t *) ((uintptr_t) b & -SIZEOF_LONG);
+
+ if (n & 1)
+ {
+ n--;
+ a1 = a_word[n]; a0 = a_word[n+1];
+ b1 = b_word[n]; b0 = b_word[n+1];
+
+ dst[n] = MERGE (a1, al, a0, ar) ^ MERGE (b1, bl, b0, br);
+ }
+ else
+ {
+ a1 = a_word[n];
+ b1 = b_word[n];
+ }
+
+ while (n > 0)
+ {
+ n -= 2;
+ a0 = a_word[n+1]; b0 = b_word[n+1];
+ dst[n+1] = MERGE(a0, al, a1, ar) ^ MERGE(b0, bl, b1, br);
+ a1 = a_word[n]; b1 = b_word[n];
+ dst[n] = MERGE(a1, al, a0, ar) ^ MERGE(b1, bl, b0, br);
+ }
+}
+
+/* Current implementation processes data in descending order, to
+ support overlapping operation with one of the sources overlapping
+ the start of the destination area. This feature is used only
+ internally by cbc decrypt, and it is not advertised or documented
+ to nettle users. */
uint8_t *
memxor3(uint8_t *dst, const uint8_t *a, const uint8_t *b, size_t n)
{
- size_t i;
- for (i = 0; i<n; i++)
- dst[i] = a[i] ^ b[i];
+ if (n >= WORD_T_THRESH)
+ {
+ unsigned i;
+ unsigned a_offset;
+ unsigned b_offset;
+ size_t nwords;
+
+ for (i = ALIGN_OFFSET(dst + n); i > 0; i--)
+ {
+ n--;
+ dst[n] = a[n] ^ b[n];
+ }
+
+ a_offset = ALIGN_OFFSET(a + n);
+ b_offset = ALIGN_OFFSET(b + n);
+
+ nwords = n / sizeof (word_t);
+ n %= sizeof (word_t);
+
+ if (a_offset == b_offset)
+ {
+ if (!a_offset)
+ memxor3_common_alignment((word_t *) (dst + n),
+ (const word_t *) (a + n),
+ (const word_t *) (b + n), nwords);
+ else
+ memxor3_different_alignment_ab((word_t *) (dst + n),
+ a + n, b + n, a_offset,
+ nwords);
+ }
+ else if (!a_offset)
+ memxor3_different_alignment_b((word_t *) (dst + n),
+ (const word_t *) (a + n), b + n,
+ b_offset, nwords);
+ else if (!b_offset)
+ memxor3_different_alignment_b((word_t *) (dst + n),
+ (const word_t *) (b + n), a + n,
+ a_offset, nwords);
+ else
+ memxor3_different_alignment_all((word_t *) (dst + n), a + n, b + n,
+ a_offset, b_offset, nwords);
+
+ }
+ while (n-- > 0)
+ dst[n] = a[n] ^ b[n];
return dst;
}
-
--- /dev/null
+/* mini-gmp, a minimalistic implementation of a GNU GMP subset.
+
+ Contributed to the GNU project by Niels Möller
+
+Copyright 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1999, 2000, 2001,
+2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013
+Free Software Foundation, Inc.
+
+This file is part of the GNU MP Library.
+
+The GNU MP Library is free software; you can redistribute it and/or modify
+it under the terms of the GNU Lesser General Public License as published by
+the Free Software Foundation; either version 3 of the License, or (at your
+option) any later version.
+
+The GNU MP Library is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+License for more details.
+
+You should have received a copy of the GNU Lesser General Public License
+along with the GNU MP Library. If not, see http://www.gnu.org/licenses/. */
+
+/* NOTE: All functions in this file which are not declared in
+ mini-gmp.h are internal, and are not intended to be compatible
+ neither with GMP nor with future versions of mini-gmp. */
+
+/* Much of the material copied from GMP files, including: gmp-impl.h,
+ longlong.h, mpn/generic/add_n.c, mpn/generic/addmul_1.c,
+ mpn/generic/lshift.c, mpn/generic/mul_1.c,
+ mpn/generic/mul_basecase.c, mpn/generic/rshift.c,
+ mpn/generic/sbpi1_div_qr.c, mpn/generic/sub_n.c,
+ mpn/generic/submul_1.c. */
+
+#include <assert.h>
+#include <ctype.h>
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "mini-gmp.h"
+
+\f
+/* Macros */
+#define GMP_LIMB_BITS (sizeof(mp_limb_t) * CHAR_BIT)
+
+#define GMP_LIMB_MAX (~ (mp_limb_t) 0)
+#define GMP_LIMB_HIGHBIT ((mp_limb_t) 1 << (GMP_LIMB_BITS - 1))
+
+#define GMP_HLIMB_BIT ((mp_limb_t) 1 << (GMP_LIMB_BITS / 2))
+#define GMP_LLIMB_MASK (GMP_HLIMB_BIT - 1)
+
+#define GMP_ULONG_BITS (sizeof(unsigned long) * CHAR_BIT)
+#define GMP_ULONG_HIGHBIT ((unsigned long) 1 << (GMP_ULONG_BITS - 1))
+
+#define GMP_ABS(x) ((x) >= 0 ? (x) : -(x))
+#define GMP_NEG_CAST(T,x) (-((T)((x) + 1) - 1))
+
+#define GMP_MIN(a, b) ((a) < (b) ? (a) : (b))
+#define GMP_MAX(a, b) ((a) > (b) ? (a) : (b))
+
+#define gmp_assert_nocarry(x) do { \
+ mp_limb_t __cy = x; \
+ assert (__cy == 0); \
+ } while (0)
+
+#define gmp_clz(count, x) do { \
+ mp_limb_t __clz_x = (x); \
+ unsigned __clz_c; \
+ for (__clz_c = 0; \
+ (__clz_x & ((mp_limb_t) 0xff << (GMP_LIMB_BITS - 8))) == 0; \
+ __clz_c += 8) \
+ __clz_x <<= 8; \
+ for (; (__clz_x & GMP_LIMB_HIGHBIT) == 0; __clz_c++) \
+ __clz_x <<= 1; \
+ (count) = __clz_c; \
+ } while (0)
+
+#define gmp_ctz(count, x) do { \
+ mp_limb_t __ctz_x = (x); \
+ unsigned __ctz_c = 0; \
+ gmp_clz (__ctz_c, __ctz_x & - __ctz_x); \
+ (count) = GMP_LIMB_BITS - 1 - __ctz_c; \
+ } while (0)
+
+#define gmp_add_ssaaaa(sh, sl, ah, al, bh, bl) \
+ do { \
+ mp_limb_t __x; \
+ __x = (al) + (bl); \
+ (sh) = (ah) + (bh) + (__x < (al)); \
+ (sl) = __x; \
+ } while (0)
+
+#define gmp_sub_ddmmss(sh, sl, ah, al, bh, bl) \
+ do { \
+ mp_limb_t __x; \
+ __x = (al) - (bl); \
+ (sh) = (ah) - (bh) - ((al) < (bl)); \
+ (sl) = __x; \
+ } while (0)
+
+#define gmp_umul_ppmm(w1, w0, u, v) \
+ do { \
+ mp_limb_t __x0, __x1, __x2, __x3; \
+ unsigned __ul, __vl, __uh, __vh; \
+ mp_limb_t __u = (u), __v = (v); \
+ \
+ __ul = __u & GMP_LLIMB_MASK; \
+ __uh = __u >> (GMP_LIMB_BITS / 2); \
+ __vl = __v & GMP_LLIMB_MASK; \
+ __vh = __v >> (GMP_LIMB_BITS / 2); \
+ \
+ __x0 = (mp_limb_t) __ul * __vl; \
+ __x1 = (mp_limb_t) __ul * __vh; \
+ __x2 = (mp_limb_t) __uh * __vl; \
+ __x3 = (mp_limb_t) __uh * __vh; \
+ \
+ __x1 += __x0 >> (GMP_LIMB_BITS / 2);/* this can't give carry */ \
+ __x1 += __x2; /* but this indeed can */ \
+ if (__x1 < __x2) /* did we get it? */ \
+ __x3 += GMP_HLIMB_BIT; /* yes, add it in the proper pos. */ \
+ \
+ (w1) = __x3 + (__x1 >> (GMP_LIMB_BITS / 2)); \
+ (w0) = (__x1 << (GMP_LIMB_BITS / 2)) + (__x0 & GMP_LLIMB_MASK); \
+ } while (0)
+
+#define gmp_udiv_qrnnd_preinv(q, r, nh, nl, d, di) \
+ do { \
+ mp_limb_t _qh, _ql, _r, _mask; \
+ gmp_umul_ppmm (_qh, _ql, (nh), (di)); \
+ gmp_add_ssaaaa (_qh, _ql, _qh, _ql, (nh) + 1, (nl)); \
+ _r = (nl) - _qh * (d); \
+ _mask = -(mp_limb_t) (_r > _ql); /* both > and >= are OK */ \
+ _qh += _mask; \
+ _r += _mask & (d); \
+ if (_r >= (d)) \
+ { \
+ _r -= (d); \
+ _qh++; \
+ } \
+ \
+ (r) = _r; \
+ (q) = _qh; \
+ } while (0)
+
+#define gmp_udiv_qr_3by2(q, r1, r0, n2, n1, n0, d1, d0, dinv) \
+ do { \
+ mp_limb_t _q0, _t1, _t0, _mask; \
+ gmp_umul_ppmm ((q), _q0, (n2), (dinv)); \
+ gmp_add_ssaaaa ((q), _q0, (q), _q0, (n2), (n1)); \
+ \
+ /* Compute the two most significant limbs of n - q'd */ \
+ (r1) = (n1) - (d1) * (q); \
+ gmp_sub_ddmmss ((r1), (r0), (r1), (n0), (d1), (d0)); \
+ gmp_umul_ppmm (_t1, _t0, (d0), (q)); \
+ gmp_sub_ddmmss ((r1), (r0), (r1), (r0), _t1, _t0); \
+ (q)++; \
+ \
+ /* Conditionally adjust q and the remainders */ \
+ _mask = - (mp_limb_t) ((r1) >= _q0); \
+ (q) += _mask; \
+ gmp_add_ssaaaa ((r1), (r0), (r1), (r0), _mask & (d1), _mask & (d0)); \
+ if ((r1) >= (d1)) \
+ { \
+ if ((r1) > (d1) || (r0) >= (d0)) \
+ { \
+ (q)++; \
+ gmp_sub_ddmmss ((r1), (r0), (r1), (r0), (d1), (d0)); \
+ } \
+ } \
+ } while (0)
+
+/* Swap macros. */
+#define MP_LIMB_T_SWAP(x, y) \
+ do { \
+ mp_limb_t __mp_limb_t_swap__tmp = (x); \
+ (x) = (y); \
+ (y) = __mp_limb_t_swap__tmp; \
+ } while (0)
+#define MP_SIZE_T_SWAP(x, y) \
+ do { \
+ mp_size_t __mp_size_t_swap__tmp = (x); \
+ (x) = (y); \
+ (y) = __mp_size_t_swap__tmp; \
+ } while (0)
+#define MP_BITCNT_T_SWAP(x,y) \
+ do { \
+ mp_bitcnt_t __mp_bitcnt_t_swap__tmp = (x); \
+ (x) = (y); \
+ (y) = __mp_bitcnt_t_swap__tmp; \
+ } while (0)
+#define MP_PTR_SWAP(x, y) \
+ do { \
+ mp_ptr __mp_ptr_swap__tmp = (x); \
+ (x) = (y); \
+ (y) = __mp_ptr_swap__tmp; \
+ } while (0)
+#define MP_SRCPTR_SWAP(x, y) \
+ do { \
+ mp_srcptr __mp_srcptr_swap__tmp = (x); \
+ (x) = (y); \
+ (y) = __mp_srcptr_swap__tmp; \
+ } while (0)
+
+#define MPN_PTR_SWAP(xp,xs, yp,ys) \
+ do { \
+ MP_PTR_SWAP (xp, yp); \
+ MP_SIZE_T_SWAP (xs, ys); \
+ } while(0)
+#define MPN_SRCPTR_SWAP(xp,xs, yp,ys) \
+ do { \
+ MP_SRCPTR_SWAP (xp, yp); \
+ MP_SIZE_T_SWAP (xs, ys); \
+ } while(0)
+
+#define MPZ_PTR_SWAP(x, y) \
+ do { \
+ mpz_ptr __mpz_ptr_swap__tmp = (x); \
+ (x) = (y); \
+ (y) = __mpz_ptr_swap__tmp; \
+ } while (0)
+#define MPZ_SRCPTR_SWAP(x, y) \
+ do { \
+ mpz_srcptr __mpz_srcptr_swap__tmp = (x); \
+ (x) = (y); \
+ (y) = __mpz_srcptr_swap__tmp; \
+ } while (0)
+
+\f
+/* Memory allocation and other helper functions. */
+static void
+gmp_die (const char *msg)
+{
+ fprintf (stderr, "%s\n", msg);
+ abort();
+}
+
+static void *
+gmp_default_alloc (size_t size)
+{
+ void *p;
+
+ assert (size > 0);
+
+ p = malloc (size);
+ if (!p)
+ gmp_die("gmp_default_alloc: Virtual memory exhausted.");
+
+ return p;
+}
+
+static void *
+gmp_default_realloc (void *old, size_t old_size, size_t new_size)
+{
+ mp_ptr p;
+
+ p = realloc (old, new_size);
+
+ if (!p)
+ gmp_die("gmp_default_realoc: Virtual memory exhausted.");
+
+ return p;
+}
+
+static void
+gmp_default_free (void *p, size_t size)
+{
+ free (p);
+}
+
+static void * (*gmp_allocate_func) (size_t) = gmp_default_alloc;
+static void * (*gmp_reallocate_func) (void *, size_t, size_t) = gmp_default_realloc;
+static void (*gmp_free_func) (void *, size_t) = gmp_default_free;
+
+void
+mp_get_memory_functions (void *(**alloc_func) (size_t),
+ void *(**realloc_func) (void *, size_t, size_t),
+ void (**free_func) (void *, size_t))
+{
+ if (alloc_func)
+ *alloc_func = gmp_allocate_func;
+
+ if (realloc_func)
+ *realloc_func = gmp_reallocate_func;
+
+ if (free_func)
+ *free_func = gmp_free_func;
+}
+
+void
+mp_set_memory_functions (void *(*alloc_func) (size_t),
+ void *(*realloc_func) (void *, size_t, size_t),
+ void (*free_func) (void *, size_t))
+{
+ if (!alloc_func)
+ alloc_func = gmp_default_alloc;
+ if (!realloc_func)
+ realloc_func = gmp_default_realloc;
+ if (!free_func)
+ free_func = gmp_default_free;
+
+ gmp_allocate_func = alloc_func;
+ gmp_reallocate_func = realloc_func;
+ gmp_free_func = free_func;
+}
+
+#define gmp_xalloc(size) ((*gmp_allocate_func)((size)))
+#define gmp_free(p) ((*gmp_free_func) ((p), 0))
+
+static mp_ptr
+gmp_xalloc_limbs (mp_size_t size)
+{
+ return gmp_xalloc (size * sizeof (mp_limb_t));
+}
+
+static mp_ptr
+gmp_xrealloc_limbs (mp_ptr old, mp_size_t size)
+{
+ assert (size > 0);
+ return (*gmp_reallocate_func) (old, 0, size * sizeof (mp_limb_t));
+}
+
+\f
+/* MPN interface */
+
+void
+mpn_copyi (mp_ptr d, mp_srcptr s, mp_size_t n)
+{
+ mp_size_t i;
+ for (i = 0; i < n; i++)
+ d[i] = s[i];
+}
+
+void
+mpn_copyd (mp_ptr d, mp_srcptr s, mp_size_t n)
+{
+ while (n-- > 0)
+ d[n] = s[n];
+}
+
+int
+mpn_cmp (mp_srcptr ap, mp_srcptr bp, mp_size_t n)
+{
+ for (; n > 0; n--)
+ {
+ if (ap[n-1] < bp[n-1])
+ return -1;
+ else if (ap[n-1] > bp[n-1])
+ return 1;
+ }
+ return 0;
+}
+
+static int
+mpn_cmp4 (mp_srcptr ap, mp_size_t an, mp_srcptr bp, mp_size_t bn)
+{
+ if (an > bn)
+ return 1;
+ else if (an < bn)
+ return -1;
+ else
+ return mpn_cmp (ap, bp, an);
+}
+
+static mp_size_t
+mpn_normalized_size (mp_srcptr xp, mp_size_t n)
+{
+ for (; n > 0 && xp[n-1] == 0; n--)
+ ;
+ return n;
+}
+
+#define mpn_zero_p(xp, n) (mpn_normalized_size ((xp), (n)) == 0)
+
+mp_limb_t
+mpn_add_1 (mp_ptr rp, mp_srcptr ap, mp_size_t n, mp_limb_t b)
+{
+ mp_size_t i;
+
+ assert (n > 0);
+
+ for (i = 0; i < n; i++)
+ {
+ mp_limb_t r = ap[i] + b;
+ /* Carry out */
+ b = (r < b);
+ rp[i] = r;
+ }
+ return b;
+}
+
+mp_limb_t
+mpn_add_n (mp_ptr rp, mp_srcptr ap, mp_srcptr bp, mp_size_t n)
+{
+ mp_size_t i;
+ mp_limb_t cy;
+
+ for (i = 0, cy = 0; i < n; i++)
+ {
+ mp_limb_t a, b, r;
+ a = ap[i]; b = bp[i];
+ r = a + cy;
+ cy = (r < cy);
+ r += b;
+ cy += (r < b);
+ rp[i] = r;
+ }
+ return cy;
+}
+
+mp_limb_t
+mpn_add (mp_ptr rp, mp_srcptr ap, mp_size_t an, mp_srcptr bp, mp_size_t bn)
+{
+ mp_limb_t cy;
+
+ assert (an >= bn);
+
+ cy = mpn_add_n (rp, ap, bp, bn);
+ if (an > bn)
+ cy = mpn_add_1 (rp + bn, ap + bn, an - bn, cy);
+ return cy;
+}
+
+mp_limb_t
+mpn_sub_1 (mp_ptr rp, mp_srcptr ap, mp_size_t n, mp_limb_t b)
+{
+ mp_size_t i;
+
+ assert (n > 0);
+
+ for (i = 0; i < n; i++)
+ {
+ mp_limb_t a = ap[i];
+ /* Carry out */
+ mp_limb_t cy = a < b;;
+ rp[i] = a - b;
+ b = cy;
+ }
+ return b;
+}
+
+mp_limb_t
+mpn_sub_n (mp_ptr rp, mp_srcptr ap, mp_srcptr bp, mp_size_t n)
+{
+ mp_size_t i;
+ mp_limb_t cy;
+
+ for (i = 0, cy = 0; i < n; i++)
+ {
+ mp_limb_t a, b;
+ a = ap[i]; b = bp[i];
+ b += cy;
+ cy = (b < cy);
+ cy += (a < b);
+ rp[i] = a - b;
+ }
+ return cy;
+}
+
+mp_limb_t
+mpn_sub (mp_ptr rp, mp_srcptr ap, mp_size_t an, mp_srcptr bp, mp_size_t bn)
+{
+ mp_limb_t cy;
+
+ assert (an >= bn);
+
+ cy = mpn_sub_n (rp, ap, bp, bn);
+ if (an > bn)
+ cy = mpn_sub_1 (rp + bn, ap + bn, an - bn, cy);
+ return cy;
+}
+
+mp_limb_t
+mpn_mul_1 (mp_ptr rp, mp_srcptr up, mp_size_t n, mp_limb_t vl)
+{
+ mp_limb_t ul, cl, hpl, lpl;
+
+ assert (n >= 1);
+
+ cl = 0;
+ do
+ {
+ ul = *up++;
+ gmp_umul_ppmm (hpl, lpl, ul, vl);
+
+ lpl += cl;
+ cl = (lpl < cl) + hpl;
+
+ *rp++ = lpl;
+ }
+ while (--n != 0);
+
+ return cl;
+}
+
+mp_limb_t
+mpn_addmul_1 (mp_ptr rp, mp_srcptr up, mp_size_t n, mp_limb_t vl)
+{
+ mp_limb_t ul, cl, hpl, lpl, rl;
+
+ assert (n >= 1);
+
+ cl = 0;
+ do
+ {
+ ul = *up++;
+ gmp_umul_ppmm (hpl, lpl, ul, vl);
+
+ lpl += cl;
+ cl = (lpl < cl) + hpl;
+
+ rl = *rp;
+ lpl = rl + lpl;
+ cl += lpl < rl;
+ *rp++ = lpl;
+ }
+ while (--n != 0);
+
+ return cl;
+}
+
+mp_limb_t
+mpn_submul_1 (mp_ptr rp, mp_srcptr up, mp_size_t n, mp_limb_t vl)
+{
+ mp_limb_t ul, cl, hpl, lpl, rl;
+
+ assert (n >= 1);
+
+ cl = 0;
+ do
+ {
+ ul = *up++;
+ gmp_umul_ppmm (hpl, lpl, ul, vl);
+
+ lpl += cl;
+ cl = (lpl < cl) + hpl;
+
+ rl = *rp;
+ lpl = rl - lpl;
+ cl += lpl > rl;
+ *rp++ = lpl;
+ }
+ while (--n != 0);
+
+ return cl;
+}
+
+mp_limb_t
+mpn_mul (mp_ptr rp, mp_srcptr up, mp_size_t un, mp_srcptr vp, mp_size_t vn)
+{
+ assert (un >= vn);
+ assert (vn >= 1);
+
+ /* We first multiply by the low order limb. This result can be
+ stored, not added, to rp. We also avoid a loop for zeroing this
+ way. */
+
+ rp[un] = mpn_mul_1 (rp, up, un, vp[0]);
+ rp += 1, vp += 1, vn -= 1;
+
+ /* Now accumulate the product of up[] and the next higher limb from
+ vp[]. */
+
+ while (vn >= 1)
+ {
+ rp[un] = mpn_addmul_1 (rp, up, un, vp[0]);
+ rp += 1, vp += 1, vn -= 1;
+ }
+ return rp[un - 1];
+}
+
+void
+mpn_mul_n (mp_ptr rp, mp_srcptr ap, mp_srcptr bp, mp_size_t n)
+{
+ mpn_mul (rp, ap, n, bp, n);
+}
+
+void
+mpn_sqr (mp_ptr rp, mp_srcptr ap, mp_size_t n)
+{
+ mpn_mul (rp, ap, n, ap, n);
+}
+
+mp_limb_t
+mpn_lshift (mp_ptr rp, mp_srcptr up, mp_size_t n, unsigned int cnt)
+{
+ mp_limb_t high_limb, low_limb;
+ unsigned int tnc;
+ mp_size_t i;
+ mp_limb_t retval;
+
+ assert (n >= 1);
+ assert (cnt >= 1);
+ assert (cnt < GMP_LIMB_BITS);
+
+ up += n;
+ rp += n;
+
+ tnc = GMP_LIMB_BITS - cnt;
+ low_limb = *--up;
+ retval = low_limb >> tnc;
+ high_limb = (low_limb << cnt);
+
+ for (i = n - 1; i != 0; i--)
+ {
+ low_limb = *--up;
+ *--rp = high_limb | (low_limb >> tnc);
+ high_limb = (low_limb << cnt);
+ }
+ *--rp = high_limb;
+
+ return retval;
+}
+
+mp_limb_t
+mpn_rshift (mp_ptr rp, mp_srcptr up, mp_size_t n, unsigned int cnt)
+{
+ mp_limb_t high_limb, low_limb;
+ unsigned int tnc;
+ mp_size_t i;
+ mp_limb_t retval;
+
+ assert (n >= 1);
+ assert (cnt >= 1);
+ assert (cnt < GMP_LIMB_BITS);
+
+ tnc = GMP_LIMB_BITS - cnt;
+ high_limb = *up++;
+ retval = (high_limb << tnc);
+ low_limb = high_limb >> cnt;
+
+ for (i = n - 1; i != 0; i--)
+ {
+ high_limb = *up++;
+ *rp++ = low_limb | (high_limb << tnc);
+ low_limb = high_limb >> cnt;
+ }
+ *rp = low_limb;
+
+ return retval;
+}
+
+\f
+/* MPN division interface. */
+mp_limb_t
+mpn_invert_3by2 (mp_limb_t u1, mp_limb_t u0)
+{
+ mp_limb_t r, p, m;
+ unsigned ul, uh;
+ unsigned ql, qh;
+
+ /* First, do a 2/1 inverse. */
+ /* The inverse m is defined as floor( (B^2 - 1 - u1)/u1 ), so that 0 <
+ * B^2 - (B + m) u1 <= u1 */
+ assert (u1 >= GMP_LIMB_HIGHBIT);
+
+ ul = u1 & GMP_LLIMB_MASK;
+ uh = u1 >> (GMP_LIMB_BITS / 2);
+
+ qh = ~u1 / uh;
+ r = ((~u1 - (mp_limb_t) qh * uh) << (GMP_LIMB_BITS / 2)) | GMP_LLIMB_MASK;
+
+ p = (mp_limb_t) qh * ul;
+ /* Adjustment steps taken from udiv_qrnnd_c */
+ if (r < p)
+ {
+ qh--;
+ r += u1;
+ if (r >= u1) /* i.e. we didn't get carry when adding to r */
+ if (r < p)
+ {
+ qh--;
+ r += u1;
+ }
+ }
+ r -= p;
+
+ /* Do a 3/2 division (with half limb size) */
+ p = (r >> (GMP_LIMB_BITS / 2)) * qh + r;
+ ql = (p >> (GMP_LIMB_BITS / 2)) + 1;
+
+ /* By the 3/2 method, we don't need the high half limb. */
+ r = (r << (GMP_LIMB_BITS / 2)) + GMP_LLIMB_MASK - ql * u1;
+
+ if (r >= (p << (GMP_LIMB_BITS / 2)))
+ {
+ ql--;
+ r += u1;
+ }
+ m = ((mp_limb_t) qh << (GMP_LIMB_BITS / 2)) + ql;
+ if (r >= u1)
+ {
+ m++;
+ r -= u1;
+ }
+
+ if (u0 > 0)
+ {
+ mp_limb_t th, tl;
+ r = ~r;
+ r += u0;
+ if (r < u0)
+ {
+ m--;
+ if (r >= u1)
+ {
+ m--;
+ r -= u1;
+ }
+ r -= u1;
+ }
+ gmp_umul_ppmm (th, tl, u0, m);
+ r += th;
+ if (r < th)
+ {
+ m--;
+ if (r > u1 || (r == u1 && tl > u0))
+ m--;
+ }
+ }
+
+ return m;
+}
+
+struct gmp_div_inverse
+{
+ /* Normalization shift count. */
+ unsigned shift;
+ /* Normalized divisor (d0 unused for mpn_div_qr_1) */
+ mp_limb_t d1, d0;
+ /* Inverse, for 2/1 or 3/2. */
+ mp_limb_t di;
+};
+
+static void
+mpn_div_qr_1_invert (struct gmp_div_inverse *inv, mp_limb_t d)
+{
+ unsigned shift;
+
+ assert (d > 0);
+ gmp_clz (shift, d);
+ inv->shift = shift;
+ inv->d1 = d << shift;
+ inv->di = mpn_invert_limb (inv->d1);
+}
+
+static void
+mpn_div_qr_2_invert (struct gmp_div_inverse *inv,
+ mp_limb_t d1, mp_limb_t d0)
+{
+ unsigned shift;
+
+ assert (d1 > 0);
+ gmp_clz (shift, d1);
+ inv->shift = shift;
+ if (shift > 0)
+ {
+ d1 = (d1 << shift) | (d0 >> (GMP_LIMB_BITS - shift));
+ d0 <<= shift;
+ }
+ inv->d1 = d1;
+ inv->d0 = d0;
+ inv->di = mpn_invert_3by2 (d1, d0);
+}
+
+static void
+mpn_div_qr_invert (struct gmp_div_inverse *inv,
+ mp_srcptr dp, mp_size_t dn)
+{
+ assert (dn > 0);
+
+ if (dn == 1)
+ mpn_div_qr_1_invert (inv, dp[0]);
+ else if (dn == 2)
+ mpn_div_qr_2_invert (inv, dp[1], dp[0]);
+ else
+ {
+ unsigned shift;
+ mp_limb_t d1, d0;
+
+ d1 = dp[dn-1];
+ d0 = dp[dn-2];
+ assert (d1 > 0);
+ gmp_clz (shift, d1);
+ inv->shift = shift;
+ if (shift > 0)
+ {
+ d1 = (d1 << shift) | (d0 >> (GMP_LIMB_BITS - shift));
+ d0 = (d0 << shift) | (dp[dn-3] >> (GMP_LIMB_BITS - shift));
+ }
+ inv->d1 = d1;
+ inv->d0 = d0;
+ inv->di = mpn_invert_3by2 (d1, d0);
+ }
+}
+
+/* Not matching current public gmp interface, rather corresponding to
+ the sbpi1_div_* functions. */
+static mp_limb_t
+mpn_div_qr_1_preinv (mp_ptr qp, mp_srcptr np, mp_size_t nn,
+ const struct gmp_div_inverse *inv)
+{
+ mp_limb_t d, di;
+ mp_limb_t r;
+ mp_ptr tp = NULL;
+
+ if (inv->shift > 0)
+ {
+ tp = gmp_xalloc_limbs (nn);
+ r = mpn_lshift (tp, np, nn, inv->shift);
+ np = tp;
+ }
+ else
+ r = 0;
+
+ d = inv->d1;
+ di = inv->di;
+ while (nn-- > 0)
+ {
+ mp_limb_t q;
+
+ gmp_udiv_qrnnd_preinv (q, r, r, np[nn], d, di);
+ if (qp)
+ qp[nn] = q;
+ }
+ if (inv->shift > 0)
+ gmp_free (tp);
+
+ return r >> inv->shift;
+}
+
+static mp_limb_t
+mpn_div_qr_1 (mp_ptr qp, mp_srcptr np, mp_size_t nn, mp_limb_t d)
+{
+ assert (d > 0);
+
+ /* Special case for powers of two. */
+ if (d > 1 && (d & (d-1)) == 0)
+ {
+ unsigned shift;
+ mp_limb_t r = np[0] & (d-1);
+ gmp_ctz (shift, d);
+ if (qp)
+ mpn_rshift (qp, np, nn, shift);
+
+ return r;
+ }
+ else
+ {
+ struct gmp_div_inverse inv;
+ mpn_div_qr_1_invert (&inv, d);
+ return mpn_div_qr_1_preinv (qp, np, nn, &inv);
+ }
+}
+
+static void
+mpn_div_qr_2_preinv (mp_ptr qp, mp_ptr rp, mp_srcptr np, mp_size_t nn,
+ const struct gmp_div_inverse *inv)
+{
+ unsigned shift;
+ mp_size_t i;
+ mp_limb_t d1, d0, di, r1, r0;
+ mp_ptr tp;
+
+ assert (nn >= 2);
+ shift = inv->shift;
+ d1 = inv->d1;
+ d0 = inv->d0;
+ di = inv->di;
+
+ if (shift > 0)
+ {
+ tp = gmp_xalloc_limbs (nn);
+ r1 = mpn_lshift (tp, np, nn, shift);
+ np = tp;
+ }
+ else
+ r1 = 0;
+
+ r0 = np[nn - 1];
+
+ for (i = nn - 2; i >= 0; i--)
+ {
+ mp_limb_t n0, q;
+ n0 = np[i];
+ gmp_udiv_qr_3by2 (q, r1, r0, r1, r0, n0, d1, d0, di);
+
+ if (qp)
+ qp[i] = q;
+ }
+
+ if (shift > 0)
+ {
+ assert ((r0 << (GMP_LIMB_BITS - shift)) == 0);
+ r0 = (r0 >> shift) | (r1 << (GMP_LIMB_BITS - shift));
+ r1 >>= shift;
+
+ gmp_free (tp);
+ }
+
+ rp[1] = r1;
+ rp[0] = r0;
+}
+
+#if 0
+static void
+mpn_div_qr_2 (mp_ptr qp, mp_ptr rp, mp_srcptr np, mp_size_t nn,
+ mp_limb_t d1, mp_limb_t d0)
+{
+ struct gmp_div_inverse inv;
+ assert (nn >= 2);
+
+ mpn_div_qr_2_invert (&inv, d1, d0);
+ mpn_div_qr_2_preinv (qp, rp, np, nn, &inv);
+}
+#endif
+
+static void
+mpn_div_qr_pi1 (mp_ptr qp,
+ mp_ptr np, mp_size_t nn, mp_limb_t n1,
+ mp_srcptr dp, mp_size_t dn,
+ mp_limb_t dinv)
+{
+ mp_size_t i;
+
+ mp_limb_t d1, d0;
+ mp_limb_t cy, cy1;
+ mp_limb_t q;
+
+ assert (dn > 2);
+ assert (nn >= dn);
+ assert ((dp[dn-1] & GMP_LIMB_HIGHBIT) != 0);
+
+ d1 = dp[dn - 1];
+ d0 = dp[dn - 2];
+
+ /* Iteration variable is the index of the q limb.
+ *
+ * We divide <n1, np[dn-1+i], np[dn-2+i], np[dn-3+i],..., np[i]>
+ * by <d1, d0, dp[dn-3], ..., dp[0] >
+ */
+
+ for (i = nn - dn; i >= 0; i--)
+ {
+ mp_limb_t n0 = np[dn-1+i];
+
+ if (n1 == d1 && n0 == d0)
+ {
+ q = GMP_LIMB_MAX;
+ mpn_submul_1 (np+i, dp, dn, q);
+ n1 = np[dn-1+i]; /* update n1, last loop's value will now be invalid */
+ }
+ else
+ {
+ gmp_udiv_qr_3by2 (q, n1, n0, n1, n0, np[dn-2+i], d1, d0, dinv);
+
+ cy = mpn_submul_1 (np + i, dp, dn-2, q);
+
+ cy1 = n0 < cy;
+ n0 = n0 - cy;
+ cy = n1 < cy1;
+ n1 = n1 - cy1;
+ np[dn-2+i] = n0;
+
+ if (cy != 0)
+ {
+ n1 += d1 + mpn_add_n (np + i, np + i, dp, dn - 1);
+ q--;
+ }
+ }
+
+ if (qp)
+ qp[i] = q;
+ }
+
+ np[dn - 1] = n1;
+}
+
+static void
+mpn_div_qr_preinv (mp_ptr qp, mp_ptr np, mp_size_t nn,
+ mp_srcptr dp, mp_size_t dn,
+ const struct gmp_div_inverse *inv)
+{
+ assert (dn > 0);
+ assert (nn >= dn);
+
+ if (dn == 1)
+ np[0] = mpn_div_qr_1_preinv (qp, np, nn, inv);
+ else if (dn == 2)
+ mpn_div_qr_2_preinv (qp, np, np, nn, inv);
+ else
+ {
+ mp_limb_t nh;
+ unsigned shift;
+
+ assert (dp[dn-1] & GMP_LIMB_HIGHBIT);
+
+ shift = inv->shift;
+ if (shift > 0)
+ nh = mpn_lshift (np, np, nn, shift);
+ else
+ nh = 0;
+
+ assert (inv->d1 == dp[dn-1]);
+ assert (inv->d0 == dp[dn-2]);
+
+ mpn_div_qr_pi1 (qp, np, nn, nh, dp, dn, inv->di);
+
+ if (shift > 0)
+ gmp_assert_nocarry (mpn_rshift (np, np, dn, shift));
+ }
+}
+
+static void
+mpn_div_qr (mp_ptr qp, mp_ptr np, mp_size_t nn, mp_srcptr dp, mp_size_t dn)
+{
+ struct gmp_div_inverse inv;
+ mp_ptr tp = NULL;
+
+ assert (dn > 0);
+ assert (nn >= dn);
+
+ mpn_div_qr_invert (&inv, dp, dn);
+ if (dn > 2 && inv.shift > 0)
+ {
+ tp = gmp_xalloc_limbs (dn);
+ gmp_assert_nocarry (mpn_lshift (tp, dp, dn, inv.shift));
+ dp = tp;
+ }
+ mpn_div_qr_preinv (qp, np, nn, dp, dn, &inv);
+ if (tp)
+ gmp_free (tp);
+}
+
+\f
+/* MPN base conversion. */
+static unsigned
+mpn_base_power_of_two_p (unsigned b)
+{
+ switch (b)
+ {
+ case 2: return 1;
+ case 4: return 2;
+ case 8: return 3;
+ case 16: return 4;
+ case 32: return 5;
+ case 64: return 6;
+ case 128: return 7;
+ case 256: return 8;
+ default: return 0;
+ }
+}
+
+struct mpn_base_info
+{
+ /* bb is the largest power of the base which fits in one limb, and
+ exp is the corresponding exponent. */
+ unsigned exp;
+ mp_limb_t bb;
+};
+
+static void
+mpn_get_base_info (struct mpn_base_info *info, mp_limb_t b)
+{
+ mp_limb_t m;
+ mp_limb_t p;
+ unsigned exp;
+
+ m = GMP_LIMB_MAX / b;
+ for (exp = 1, p = b; p <= m; exp++)
+ p *= b;
+
+ info->exp = exp;
+ info->bb = p;
+}
+
+static mp_bitcnt_t
+mpn_limb_size_in_base_2 (mp_limb_t u)
+{
+ unsigned shift;
+
+ assert (u > 0);
+ gmp_clz (shift, u);
+ return GMP_LIMB_BITS - shift;
+}
+
+static size_t
+mpn_get_str_bits (unsigned char *sp, unsigned bits, mp_srcptr up, mp_size_t un)
+{
+ unsigned char mask;
+ size_t sn, j;
+ mp_size_t i;
+ int shift;
+
+ sn = ((un - 1) * GMP_LIMB_BITS + mpn_limb_size_in_base_2 (up[un-1])
+ + bits - 1) / bits;
+
+ mask = (1U << bits) - 1;
+
+ for (i = 0, j = sn, shift = 0; j-- > 0;)
+ {
+ unsigned char digit = up[i] >> shift;
+
+ shift += bits;
+
+ if (shift >= GMP_LIMB_BITS && ++i < un)
+ {
+ shift -= GMP_LIMB_BITS;
+ digit |= up[i] << (bits - shift);
+ }
+ sp[j] = digit & mask;
+ }
+ return sn;
+}
+
+/* We generate digits from the least significant end, and reverse at
+ the end. */
+static size_t
+mpn_limb_get_str (unsigned char *sp, mp_limb_t w,
+ const struct gmp_div_inverse *binv)
+{
+ mp_size_t i;
+ for (i = 0; w > 0; i++)
+ {
+ mp_limb_t h, l, r;
+
+ h = w >> (GMP_LIMB_BITS - binv->shift);
+ l = w << binv->shift;
+
+ gmp_udiv_qrnnd_preinv (w, r, h, l, binv->d1, binv->di);
+ assert ( (r << (GMP_LIMB_BITS - binv->shift)) == 0);
+ r >>= binv->shift;
+
+ sp[i] = r;
+ }
+ return i;
+}
+
+static size_t
+mpn_get_str_other (unsigned char *sp,
+ int base, const struct mpn_base_info *info,
+ mp_ptr up, mp_size_t un)
+{
+ struct gmp_div_inverse binv;
+ size_t sn;
+ size_t i;
+
+ mpn_div_qr_1_invert (&binv, base);
+
+ sn = 0;
+
+ if (un > 1)
+ {
+ struct gmp_div_inverse bbinv;
+ mpn_div_qr_1_invert (&bbinv, info->bb);
+
+ do
+ {
+ mp_limb_t w;
+ size_t done;
+ w = mpn_div_qr_1_preinv (up, up, un, &bbinv);
+ un -= (up[un-1] == 0);
+ done = mpn_limb_get_str (sp + sn, w, &binv);
+
+ for (sn += done; done < info->exp; done++)
+ sp[sn++] = 0;
+ }
+ while (un > 1);
+ }
+ sn += mpn_limb_get_str (sp + sn, up[0], &binv);
+
+ /* Reverse order */
+ for (i = 0; 2*i + 1 < sn; i++)
+ {
+ unsigned char t = sp[i];
+ sp[i] = sp[sn - i - 1];
+ sp[sn - i - 1] = t;
+ }
+
+ return sn;
+}
+
+size_t
+mpn_get_str (unsigned char *sp, int base, mp_ptr up, mp_size_t un)
+{
+ unsigned bits;
+
+ assert (un > 0);
+ assert (up[un-1] > 0);
+
+ bits = mpn_base_power_of_two_p (base);
+ if (bits)
+ return mpn_get_str_bits (sp, bits, up, un);
+ else
+ {
+ struct mpn_base_info info;
+
+ mpn_get_base_info (&info, base);
+ return mpn_get_str_other (sp, base, &info, up, un);
+ }
+}
+
+static mp_size_t
+mpn_set_str_bits (mp_ptr rp, const unsigned char *sp, size_t sn,
+ unsigned bits)
+{
+ mp_size_t rn;
+ size_t j;
+ unsigned shift;
+
+ for (j = sn, rn = 0, shift = 0; j-- > 0; )
+ {
+ if (shift == 0)
+ {
+ rp[rn++] = sp[j];
+ shift += bits;
+ }
+ else
+ {
+ rp[rn-1] |= (mp_limb_t) sp[j] << shift;
+ shift += bits;
+ if (shift >= GMP_LIMB_BITS)
+ {
+ shift -= GMP_LIMB_BITS;
+ if (shift > 0)
+ rp[rn++] = (mp_limb_t) sp[j] >> (bits - shift);
+ }
+ }
+ }
+ rn = mpn_normalized_size (rp, rn);
+ return rn;
+}
+
+static mp_size_t
+mpn_set_str_other (mp_ptr rp, const unsigned char *sp, size_t sn,
+ mp_limb_t b, const struct mpn_base_info *info)
+{
+ mp_size_t rn;
+ mp_limb_t w;
+ unsigned first;
+ unsigned k;
+ size_t j;
+
+ first = 1 + (sn - 1) % info->exp;
+
+ j = 0;
+ w = sp[j++];
+ for (k = 1; k < first; k++)
+ w = w * b + sp[j++];
+
+ rp[0] = w;
+
+ for (rn = (w > 0); j < sn;)
+ {
+ mp_limb_t cy;
+
+ w = sp[j++];
+ for (k = 1; k < info->exp; k++)
+ w = w * b + sp[j++];
+
+ cy = mpn_mul_1 (rp, rp, rn, info->bb);
+ cy += mpn_add_1 (rp, rp, rn, w);
+ if (cy > 0)
+ rp[rn++] = cy;
+ }
+ assert (j == sn);
+
+ return rn;
+}
+
+mp_size_t
+mpn_set_str (mp_ptr rp, const unsigned char *sp, size_t sn, int base)
+{
+ unsigned bits;
+
+ if (sn == 0)
+ return 0;
+
+ bits = mpn_base_power_of_two_p (base);
+ if (bits)
+ return mpn_set_str_bits (rp, sp, sn, bits);
+ else
+ {
+ struct mpn_base_info info;
+
+ mpn_get_base_info (&info, base);
+ return mpn_set_str_other (rp, sp, sn, base, &info);
+ }
+}
+
+\f
+/* MPZ interface */
+void
+mpz_init (mpz_t r)
+{
+ r->_mp_alloc = 1;
+ r->_mp_size = 0;
+ r->_mp_d = gmp_xalloc_limbs (1);
+}
+
+/* The utility of this function is a bit limited, since many functions
+ assings the result variable using mpz_swap. */
+void
+mpz_init2 (mpz_t r, mp_bitcnt_t bits)
+{
+ mp_size_t rn;
+
+ bits -= (bits != 0); /* Round down, except if 0 */
+ rn = 1 + bits / GMP_LIMB_BITS;
+
+ r->_mp_alloc = rn;
+ r->_mp_size = 0;
+ r->_mp_d = gmp_xalloc_limbs (rn);
+}
+
+void
+mpz_clear (mpz_t r)
+{
+ gmp_free (r->_mp_d);
+}
+
+static void *
+mpz_realloc (mpz_t r, mp_size_t size)
+{
+ size = GMP_MAX (size, 1);
+
+ r->_mp_d = gmp_xrealloc_limbs (r->_mp_d, size);
+ r->_mp_alloc = size;
+
+ if (GMP_ABS (r->_mp_size) > size)
+ r->_mp_size = 0;
+
+ return r->_mp_d;
+}
+
+/* Realloc for an mpz_t WHAT if it has less than NEEDED limbs. */
+#define MPZ_REALLOC(z,n) ((n) > (z)->_mp_alloc \
+ ? mpz_realloc(z,n) \
+ : (z)->_mp_d)
+\f
+/* MPZ assignment and basic conversions. */
+void
+mpz_set_si (mpz_t r, signed long int x)
+{
+ if (x >= 0)
+ mpz_set_ui (r, x);
+ else /* (x < 0) */
+ {
+ r->_mp_size = -1;
+ r->_mp_d[0] = GMP_NEG_CAST (unsigned long int, x);
+ }
+}
+
+void
+mpz_set_ui (mpz_t r, unsigned long int x)
+{
+ if (x > 0)
+ {
+ r->_mp_size = 1;
+ r->_mp_d[0] = x;
+ }
+ else
+ r->_mp_size = 0;
+}
+
+void
+mpz_set (mpz_t r, const mpz_t x)
+{
+ /* Allow the NOP r == x */
+ if (r != x)
+ {
+ mp_size_t n;
+ mp_ptr rp;
+
+ n = GMP_ABS (x->_mp_size);
+ rp = MPZ_REALLOC (r, n);
+
+ mpn_copyi (rp, x->_mp_d, n);
+ r->_mp_size = x->_mp_size;
+ }
+}
+
+void
+mpz_init_set_si (mpz_t r, signed long int x)
+{
+ mpz_init (r);
+ mpz_set_si (r, x);
+}
+
+void
+mpz_init_set_ui (mpz_t r, unsigned long int x)
+{
+ mpz_init (r);
+ mpz_set_ui (r, x);
+}
+
+void
+mpz_init_set (mpz_t r, const mpz_t x)
+{
+ mpz_init (r);
+ mpz_set (r, x);
+}
+
+int
+mpz_fits_slong_p (const mpz_t u)
+{
+ mp_size_t us = u->_mp_size;
+
+ if (us == 0)
+ return 1;
+ else if (us == 1)
+ return u->_mp_d[0] < GMP_LIMB_HIGHBIT;
+ else if (us == -1)
+ return u->_mp_d[0] <= GMP_LIMB_HIGHBIT;
+ else
+ return 0;
+}
+
+int
+mpz_fits_ulong_p (const mpz_t u)
+{
+ mp_size_t us = u->_mp_size;
+
+ return us == 0 || us == 1;
+}
+
+long int
+mpz_get_si (const mpz_t u)
+{
+ mp_size_t us = u->_mp_size;
+
+ if (us > 0)
+ return (long) (u->_mp_d[0] & ~GMP_LIMB_HIGHBIT);
+ else if (us < 0)
+ return (long) (- u->_mp_d[0] | GMP_LIMB_HIGHBIT);
+ else
+ return 0;
+}
+
+unsigned long int
+mpz_get_ui (const mpz_t u)
+{
+ return u->_mp_size == 0 ? 0 : u->_mp_d[0];
+}
+
+size_t
+mpz_size (const mpz_t u)
+{
+ return GMP_ABS (u->_mp_size);
+}
+
+mp_limb_t
+mpz_getlimbn (const mpz_t u, mp_size_t n)
+{
+ if (n >= 0 && n < GMP_ABS (u->_mp_size))
+ return u->_mp_d[n];
+ else
+ return 0;
+}
+
+\f
+/* Conversions and comparison to double. */
+void
+mpz_set_d (mpz_t r, double x)
+{
+ int sign;
+ mp_ptr rp;
+ mp_size_t rn, i;
+ double B;
+ double Bi;
+ mp_limb_t f;
+
+ /* x != x is true when x is a NaN, and x == x * 0.5 is true when x is
+ zero or infinity. */
+ if (x == 0.0 || x != x || x == x * 0.5)
+ {
+ r->_mp_size = 0;
+ return;
+ }
+
+ if (x < 0.0)
+ {
+ x = - x;
+ sign = 1;
+ }
+ else
+ sign = 0;
+
+ if (x < 1.0)
+ {
+ r->_mp_size = 0;
+ return;
+ }
+ B = 2.0 * (double) GMP_LIMB_HIGHBIT;
+ Bi = 1.0 / B;
+ for (rn = 1; x >= B; rn++)
+ x *= Bi;
+
+ rp = MPZ_REALLOC (r, rn);
+
+ f = (mp_limb_t) x;
+ x -= f;
+ assert (x < 1.0);
+ rp[rn-1] = f;
+ for (i = rn-1; i-- > 0; )
+ {
+ x = B * x;
+ f = (mp_limb_t) x;
+ x -= f;
+ assert (x < 1.0);
+ rp[i] = f;
+ }
+
+ r->_mp_size = sign ? - rn : rn;
+}
+
+void
+mpz_init_set_d (mpz_t r, double x)
+{
+ mpz_init (r);
+ mpz_set_d (r, x);
+}
+
+double
+mpz_get_d (const mpz_t u)
+{
+ mp_size_t un;
+ double x;
+ double B = 2.0 * (double) GMP_LIMB_HIGHBIT;
+
+ un = GMP_ABS (u->_mp_size);
+
+ if (un == 0)
+ return 0.0;
+
+ x = u->_mp_d[--un];
+ while (un > 0)
+ x = B*x + u->_mp_d[--un];
+
+ if (u->_mp_size < 0)
+ x = -x;
+
+ return x;
+}
+
+int
+mpz_cmpabs_d (const mpz_t x, double d)
+{
+ mp_size_t xn;
+ double B, Bi;
+ mp_size_t i;
+
+ xn = x->_mp_size;
+ d = GMP_ABS (d);
+
+ if (xn != 0)
+ {
+ xn = GMP_ABS (xn);
+
+ B = 2.0 * (double) GMP_LIMB_HIGHBIT;
+ Bi = 1.0 / B;
+
+ /* Scale d so it can be compared with the top limb. */
+ for (i = 1; i < xn; i++)
+ d *= Bi;
+
+ if (d >= B)
+ return -1;
+
+ /* Compare floor(d) to top limb, subtract and cancel when equal. */
+ for (i = xn; i-- > 0;)
+ {
+ mp_limb_t f, xl;
+
+ f = (mp_limb_t) d;
+ xl = x->_mp_d[i];
+ if (xl > f)
+ return 1;
+ else if (xl < f)
+ return -1;
+ d = B * (d - f);
+ }
+ }
+ return - (d > 0.0);
+}
+
+int
+mpz_cmp_d (const mpz_t x, double d)
+{
+ if (x->_mp_size < 0)
+ {
+ if (d >= 0.0)
+ return -1;
+ else
+ return -mpz_cmpabs_d (x, d);
+ }
+ else
+ {
+ if (d < 0.0)
+ return 1;
+ else
+ return mpz_cmpabs_d (x, d);
+ }
+}
+
+\f
+/* MPZ comparisons and the like. */
+int
+mpz_sgn (const mpz_t u)
+{
+ mp_size_t usize = u->_mp_size;
+
+ if (usize > 0)
+ return 1;
+ else if (usize < 0)
+ return -1;
+ else
+ return 0;
+}
+
+int
+mpz_cmp_si (const mpz_t u, long v)
+{
+ mp_size_t usize = u->_mp_size;
+
+ if (usize < -1)
+ return -1;
+ else if (v >= 0)
+ return mpz_cmp_ui (u, v);
+ else if (usize >= 0)
+ return 1;
+ else /* usize == -1 */
+ {
+ mp_limb_t ul = u->_mp_d[0];
+ if ((mp_limb_t)GMP_NEG_CAST (unsigned long int, v) < ul)
+ return -1;
+ else if ( (mp_limb_t)GMP_NEG_CAST (unsigned long int, v) > ul)
+ return 1;
+ }
+ return 0;
+}
+
+int
+mpz_cmp_ui (const mpz_t u, unsigned long v)
+{
+ mp_size_t usize = u->_mp_size;
+
+ if (usize > 1)
+ return 1;
+ else if (usize < 0)
+ return -1;
+ else
+ {
+ mp_limb_t ul = (usize > 0) ? u->_mp_d[0] : 0;
+ if (ul > v)
+ return 1;
+ else if (ul < v)
+ return -1;
+ }
+ return 0;
+}
+
+int
+mpz_cmp (const mpz_t a, const mpz_t b)
+{
+ mp_size_t asize = a->_mp_size;
+ mp_size_t bsize = b->_mp_size;
+
+ if (asize > bsize)
+ return 1;
+ else if (asize < bsize)
+ return -1;
+ else if (asize > 0)
+ return mpn_cmp (a->_mp_d, b->_mp_d, asize);
+ else if (asize < 0)
+ return -mpn_cmp (a->_mp_d, b->_mp_d, -asize);
+ else
+ return 0;
+}
+
+int
+mpz_cmpabs_ui (const mpz_t u, unsigned long v)
+{
+ mp_size_t un = GMP_ABS (u->_mp_size);
+ mp_limb_t ul;
+
+ if (un > 1)
+ return 1;
+
+ ul = (un == 1) ? u->_mp_d[0] : 0;
+
+ if (ul > v)
+ return 1;
+ else if (ul < v)
+ return -1;
+ else
+ return 0;
+}
+
+int
+mpz_cmpabs (const mpz_t u, const mpz_t v)
+{
+ return mpn_cmp4 (u->_mp_d, GMP_ABS (u->_mp_size),
+ v->_mp_d, GMP_ABS (v->_mp_size));
+}
+
+void
+mpz_abs (mpz_t r, const mpz_t u)
+{
+ if (r != u)
+ mpz_set (r, u);
+
+ r->_mp_size = GMP_ABS (r->_mp_size);
+}
+
+void
+mpz_neg (mpz_t r, const mpz_t u)
+{
+ if (r != u)
+ mpz_set (r, u);
+
+ r->_mp_size = -r->_mp_size;
+}
+
+void
+mpz_swap (mpz_t u, mpz_t v)
+{
+ MP_SIZE_T_SWAP (u->_mp_size, v->_mp_size);
+ MP_SIZE_T_SWAP (u->_mp_alloc, v->_mp_alloc);
+ MP_PTR_SWAP (u->_mp_d, v->_mp_d);
+}
+
+\f
+/* MPZ addition and subtraction */
+
+/* Adds to the absolute value. Returns new size, but doesn't store it. */
+static mp_size_t
+mpz_abs_add_ui (mpz_t r, const mpz_t a, unsigned long b)
+{
+ mp_size_t an;
+ mp_ptr rp;
+ mp_limb_t cy;
+
+ an = GMP_ABS (a->_mp_size);
+ if (an == 0)
+ {
+ r->_mp_d[0] = b;
+ return b > 0;
+ }
+
+ rp = MPZ_REALLOC (r, an + 1);
+
+ cy = mpn_add_1 (rp, a->_mp_d, an, b);
+ rp[an] = cy;
+ an += (cy > 0);
+
+ return an;
+}
+
+/* Subtract from the absolute value. Returns new size, (or -1 on underflow),
+ but doesn't store it. */
+static mp_size_t
+mpz_abs_sub_ui (mpz_t r, const mpz_t a, unsigned long b)
+{
+ mp_size_t an = GMP_ABS (a->_mp_size);
+ mp_ptr rp = MPZ_REALLOC (r, an);
+
+ if (an == 0)
+ {
+ rp[0] = b;
+ return -(b > 0);
+ }
+ else if (an == 1 && a->_mp_d[0] < b)
+ {
+ rp[0] = b - a->_mp_d[0];
+ return -1;
+ }
+ else
+ {
+ gmp_assert_nocarry (mpn_sub_1 (rp, a->_mp_d, an, b));
+ return mpn_normalized_size (rp, an);
+ }
+}
+
+void
+mpz_add_ui (mpz_t r, const mpz_t a, unsigned long b)
+{
+ if (a->_mp_size >= 0)
+ r->_mp_size = mpz_abs_add_ui (r, a, b);
+ else
+ r->_mp_size = -mpz_abs_sub_ui (r, a, b);
+}
+
+void
+mpz_sub_ui (mpz_t r, const mpz_t a, unsigned long b)
+{
+ if (a->_mp_size < 0)
+ r->_mp_size = -mpz_abs_add_ui (r, a, b);
+ else
+ r->_mp_size = mpz_abs_sub_ui (r, a, b);
+}
+
+void
+mpz_ui_sub (mpz_t r, unsigned long a, const mpz_t b)
+{
+ if (b->_mp_size < 0)
+ r->_mp_size = mpz_abs_add_ui (r, b, a);
+ else
+ r->_mp_size = -mpz_abs_sub_ui (r, b, a);
+}
+
+static mp_size_t
+mpz_abs_add (mpz_t r, const mpz_t a, const mpz_t b)
+{
+ mp_size_t an = GMP_ABS (a->_mp_size);
+ mp_size_t bn = GMP_ABS (b->_mp_size);
+ mp_size_t rn;
+ mp_ptr rp;
+ mp_limb_t cy;
+
+ rn = GMP_MAX (an, bn);
+ rp = MPZ_REALLOC (r, rn + 1);
+ if (an >= bn)
+ cy = mpn_add (rp, a->_mp_d, an, b->_mp_d, bn);
+ else
+ cy = mpn_add (rp, b->_mp_d, bn, a->_mp_d, an);
+
+ rp[rn] = cy;
+
+ return rn + (cy > 0);
+}
+
+static mp_size_t
+mpz_abs_sub (mpz_t r, const mpz_t a, const mpz_t b)
+{
+ mp_size_t an = GMP_ABS (a->_mp_size);
+ mp_size_t bn = GMP_ABS (b->_mp_size);
+ int cmp;
+ mp_ptr rp;
+
+ cmp = mpn_cmp4 (a->_mp_d, an, b->_mp_d, bn);
+ if (cmp > 0)
+ {
+ rp = MPZ_REALLOC (r, an);
+ gmp_assert_nocarry (mpn_sub (rp, a->_mp_d, an, b->_mp_d, bn));
+ return mpn_normalized_size (rp, an);
+ }
+ else if (cmp < 0)
+ {
+ rp = MPZ_REALLOC (r, bn);
+ gmp_assert_nocarry (mpn_sub (rp, b->_mp_d, bn, a->_mp_d, an));
+ return -mpn_normalized_size (rp, bn);
+ }
+ else
+ return 0;
+}
+
+void
+mpz_add (mpz_t r, const mpz_t a, const mpz_t b)
+{
+ mp_size_t rn;
+
+ if ( (a->_mp_size ^ b->_mp_size) >= 0)
+ rn = mpz_abs_add (r, a, b);
+ else
+ rn = mpz_abs_sub (r, a, b);
+
+ r->_mp_size = a->_mp_size >= 0 ? rn : - rn;
+}
+
+void
+mpz_sub (mpz_t r, const mpz_t a, const mpz_t b)
+{
+ mp_size_t rn;
+
+ if ( (a->_mp_size ^ b->_mp_size) >= 0)
+ rn = mpz_abs_sub (r, a, b);
+ else
+ rn = mpz_abs_add (r, a, b);
+
+ r->_mp_size = a->_mp_size >= 0 ? rn : - rn;
+}
+
+\f
+/* MPZ multiplication */
+void
+mpz_mul_si (mpz_t r, const mpz_t u, long int v)
+{
+ if (v < 0)
+ {
+ mpz_mul_ui (r, u, GMP_NEG_CAST (unsigned long int, v));
+ mpz_neg (r, r);
+ }
+ else
+ mpz_mul_ui (r, u, (unsigned long int) v);
+}
+
+void
+mpz_mul_ui (mpz_t r, const mpz_t u, unsigned long int v)
+{
+ mp_size_t un;
+ mpz_t t;
+ mp_ptr tp;
+ mp_limb_t cy;
+
+ un = GMP_ABS (u->_mp_size);
+
+ if (un == 0 || v == 0)
+ {
+ r->_mp_size = 0;
+ return;
+ }
+
+ mpz_init2 (t, (un + 1) * GMP_LIMB_BITS);
+
+ tp = t->_mp_d;
+ cy = mpn_mul_1 (tp, u->_mp_d, un, v);
+ tp[un] = cy;
+
+ t->_mp_size = un + (cy > 0);
+ if (u->_mp_size < 0)
+ t->_mp_size = - t->_mp_size;
+
+ mpz_swap (r, t);
+ mpz_clear (t);
+}
+
+void
+mpz_mul (mpz_t r, const mpz_t u, const mpz_t v)
+{
+ int sign;
+ mp_size_t un, vn, rn;
+ mpz_t t;
+ mp_ptr tp;
+
+ un = GMP_ABS (u->_mp_size);
+ vn = GMP_ABS (v->_mp_size);
+
+ if (un == 0 || vn == 0)
+ {
+ r->_mp_size = 0;
+ return;
+ }
+
+ sign = (u->_mp_size ^ v->_mp_size) < 0;
+
+ mpz_init2 (t, (un + vn) * GMP_LIMB_BITS);
+
+ tp = t->_mp_d;
+ if (un >= vn)
+ mpn_mul (tp, u->_mp_d, un, v->_mp_d, vn);
+ else
+ mpn_mul (tp, v->_mp_d, vn, u->_mp_d, un);
+
+ rn = un + vn;
+ rn -= tp[rn-1] == 0;
+
+ t->_mp_size = sign ? - rn : rn;
+ mpz_swap (r, t);
+ mpz_clear (t);
+}
+
+void
+mpz_mul_2exp (mpz_t r, const mpz_t u, mp_bitcnt_t bits)
+{
+ mp_size_t un, rn;
+ mp_size_t limbs;
+ unsigned shift;
+ mp_ptr rp;
+
+ un = GMP_ABS (u->_mp_size);
+ if (un == 0)
+ {
+ r->_mp_size = 0;
+ return;
+ }
+
+ limbs = bits / GMP_LIMB_BITS;
+ shift = bits % GMP_LIMB_BITS;
+
+ rn = un + limbs + (shift > 0);
+ rp = MPZ_REALLOC (r, rn);
+ if (shift > 0)
+ {
+ mp_limb_t cy = mpn_lshift (rp + limbs, u->_mp_d, un, shift);
+ rp[rn-1] = cy;
+ rn -= (cy == 0);
+ }
+ else
+ mpn_copyd (rp + limbs, u->_mp_d, un);
+
+ while (limbs > 0)
+ rp[--limbs] = 0;
+
+ r->_mp_size = (u->_mp_size < 0) ? - rn : rn;
+}
+
+\f
+/* MPZ division */
+enum mpz_div_round_mode { GMP_DIV_FLOOR, GMP_DIV_CEIL, GMP_DIV_TRUNC };
+
+/* Allows q or r to be zero. Returns 1 iff remainder is non-zero. */
+static int
+mpz_div_qr (mpz_t q, mpz_t r,
+ const mpz_t n, const mpz_t d, enum mpz_div_round_mode mode)
+{
+ mp_size_t ns, ds, nn, dn, qs;
+ ns = n->_mp_size;
+ ds = d->_mp_size;
+
+ if (ds == 0)
+ gmp_die("mpz_div_qr: Divide by zero.");
+
+ if (ns == 0)
+ {
+ if (q)
+ q->_mp_size = 0;
+ if (r)
+ r->_mp_size = 0;
+ return 0;
+ }
+
+ nn = GMP_ABS (ns);
+ dn = GMP_ABS (ds);
+
+ qs = ds ^ ns;
+
+ if (nn < dn)
+ {
+ if (mode == GMP_DIV_CEIL && qs >= 0)
+ {
+ /* q = 1, r = n - d */
+ if (r)
+ mpz_sub (r, n, d);
+ if (q)
+ mpz_set_ui (q, 1);
+ }
+ else if (mode == GMP_DIV_FLOOR && qs < 0)
+ {
+ /* q = -1, r = n + d */
+ if (r)
+ mpz_add (r, n, d);
+ if (q)
+ mpz_set_si (q, -1);
+ }
+ else
+ {
+ /* q = 0, r = d */
+ if (r)
+ mpz_set (r, n);
+ if (q)
+ q->_mp_size = 0;
+ }
+ return 1;
+ }
+ else
+ {
+ mp_ptr np, qp;
+ mp_size_t qn, rn;
+ mpz_t tq, tr;
+
+ mpz_init (tr);
+ mpz_set (tr, n);
+ np = tr->_mp_d;
+
+ qn = nn - dn + 1;
+
+ if (q)
+ {
+ mpz_init2 (tq, qn * GMP_LIMB_BITS);
+ qp = tq->_mp_d;
+ }
+ else
+ qp = NULL;
+
+ mpn_div_qr (qp, np, nn, d->_mp_d, dn);
+
+ if (qp)
+ {
+ qn -= (qp[qn-1] == 0);
+
+ tq->_mp_size = qs < 0 ? -qn : qn;
+ }
+ rn = mpn_normalized_size (np, dn);
+ tr->_mp_size = ns < 0 ? - rn : rn;
+
+ if (mode == GMP_DIV_FLOOR && qs < 0 && rn != 0)
+ {
+ if (q)
+ mpz_sub_ui (tq, tq, 1);
+ if (r)
+ mpz_add (tr, tr, d);
+ }
+ else if (mode == GMP_DIV_CEIL && qs >= 0 && rn != 0)
+ {
+ if (q)
+ mpz_add_ui (tq, tq, 1);
+ if (r)
+ mpz_sub (tr, tr, d);
+ }
+
+ if (q)
+ {
+ mpz_swap (tq, q);
+ mpz_clear (tq);
+ }
+ if (r)
+ mpz_swap (tr, r);
+
+ mpz_clear (tr);
+
+ return rn != 0;
+ }
+}
+
+void
+mpz_cdiv_qr (mpz_t q, mpz_t r, const mpz_t n, const mpz_t d)
+{
+ mpz_div_qr (q, r, n, d, GMP_DIV_CEIL);
+}
+
+void
+mpz_fdiv_qr (mpz_t q, mpz_t r, const mpz_t n, const mpz_t d)
+{
+ mpz_div_qr (q, r, n, d, GMP_DIV_FLOOR);
+}
+
+void
+mpz_tdiv_qr (mpz_t q, mpz_t r, const mpz_t n, const mpz_t d)
+{
+ mpz_div_qr (q, r, n, d, GMP_DIV_TRUNC);
+}
+
+void
+mpz_cdiv_q (mpz_t q, const mpz_t n, const mpz_t d)
+{
+ mpz_div_qr (q, NULL, n, d, GMP_DIV_CEIL);
+}
+
+void
+mpz_fdiv_q (mpz_t q, const mpz_t n, const mpz_t d)
+{
+ mpz_div_qr (q, NULL, n, d, GMP_DIV_FLOOR);
+}
+
+void
+mpz_tdiv_q (mpz_t q, const mpz_t n, const mpz_t d)
+{
+ mpz_div_qr (q, NULL, n, d, GMP_DIV_TRUNC);
+}
+
+void
+mpz_cdiv_r (mpz_t r, const mpz_t n, const mpz_t d)
+{
+ mpz_div_qr (NULL, r, n, d, GMP_DIV_CEIL);
+}
+
+void
+mpz_fdiv_r (mpz_t r, const mpz_t n, const mpz_t d)
+{
+ mpz_div_qr (NULL, r, n, d, GMP_DIV_FLOOR);
+}
+
+void
+mpz_tdiv_r (mpz_t r, const mpz_t n, const mpz_t d)
+{
+ mpz_div_qr (NULL, r, n, d, GMP_DIV_TRUNC);
+}
+
+void
+mpz_mod (mpz_t r, const mpz_t n, const mpz_t d)
+{
+ if (d->_mp_size >= 0)
+ mpz_div_qr (NULL, r, n, d, GMP_DIV_FLOOR);
+ else
+ mpz_div_qr (NULL, r, n, d, GMP_DIV_CEIL);
+}
+
+static void
+mpz_div_q_2exp (mpz_t q, const mpz_t u, mp_bitcnt_t bit_index,
+ enum mpz_div_round_mode mode)
+{
+ mp_size_t un, qn;
+ mp_size_t limb_cnt;
+ mp_ptr qp;
+ mp_limb_t adjust;
+
+ un = u->_mp_size;
+ if (un == 0)
+ {
+ q->_mp_size = 0;
+ return;
+ }
+ limb_cnt = bit_index / GMP_LIMB_BITS;
+ qn = GMP_ABS (un) - limb_cnt;
+ bit_index %= GMP_LIMB_BITS;
+
+ if (mode == ((un > 0) ? GMP_DIV_CEIL : GMP_DIV_FLOOR)) /* un != 0 here. */
+ /* Note: Below, the final indexing at limb_cnt is valid because at
+ that point we have qn > 0. */
+ adjust = (qn <= 0
+ || !mpn_zero_p (u->_mp_d, limb_cnt)
+ || (u->_mp_d[limb_cnt]
+ & (((mp_limb_t) 1 << bit_index) - 1)));
+ else
+ adjust = 0;
+
+ if (qn <= 0)
+ qn = 0;
+
+ else
+ {
+ qp = MPZ_REALLOC (q, qn);
+
+ if (bit_index != 0)
+ {
+ mpn_rshift (qp, u->_mp_d + limb_cnt, qn, bit_index);
+ qn -= qp[qn - 1] == 0;
+ }
+ else
+ {
+ mpn_copyi (qp, u->_mp_d + limb_cnt, qn);
+ }
+ }
+
+ q->_mp_size = qn;
+
+ mpz_add_ui (q, q, adjust);
+ if (un < 0)
+ mpz_neg (q, q);
+}
+
+static void
+mpz_div_r_2exp (mpz_t r, const mpz_t u, mp_bitcnt_t bit_index,
+ enum mpz_div_round_mode mode)
+{
+ mp_size_t us, un, rn;
+ mp_ptr rp;
+ mp_limb_t mask;
+
+ us = u->_mp_size;
+ if (us == 0 || bit_index == 0)
+ {
+ r->_mp_size = 0;
+ return;
+ }
+ rn = (bit_index + GMP_LIMB_BITS - 1) / GMP_LIMB_BITS;
+ assert (rn > 0);
+
+ rp = MPZ_REALLOC (r, rn);
+ un = GMP_ABS (us);
+
+ mask = GMP_LIMB_MAX >> (rn * GMP_LIMB_BITS - bit_index);
+
+ if (rn > un)
+ {
+ /* Quotient (with truncation) is zero, and remainder is
+ non-zero */
+ if (mode == ((us > 0) ? GMP_DIV_CEIL : GMP_DIV_FLOOR)) /* us != 0 here. */
+ {
+ /* Have to negate and sign extend. */
+ mp_size_t i;
+ mp_limb_t cy;
+
+ for (cy = 1, i = 0; i < un; i++)
+ {
+ mp_limb_t s = ~u->_mp_d[i] + cy;
+ cy = s < cy;
+ rp[i] = s;
+ }
+ assert (cy == 0);
+ for (; i < rn - 1; i++)
+ rp[i] = GMP_LIMB_MAX;
+
+ rp[rn-1] = mask;
+ us = -us;
+ }
+ else
+ {
+ /* Just copy */
+ if (r != u)
+ mpn_copyi (rp, u->_mp_d, un);
+
+ rn = un;
+ }
+ }
+ else
+ {
+ if (r != u)
+ mpn_copyi (rp, u->_mp_d, rn - 1);
+
+ rp[rn-1] = u->_mp_d[rn-1] & mask;
+
+ if (mode == ((us > 0) ? GMP_DIV_CEIL : GMP_DIV_FLOOR)) /* us != 0 here. */
+ {
+ /* If r != 0, compute 2^{bit_count} - r. */
+ mp_size_t i;
+
+ for (i = 0; i < rn && rp[i] == 0; i++)
+ ;
+ if (i < rn)
+ {
+ /* r > 0, need to flip sign. */
+ rp[i] = ~rp[i] + 1;
+ for (i++; i < rn; i++)
+ rp[i] = ~rp[i];
+
+ rp[rn-1] &= mask;
+
+ /* us is not used for anything else, so we can modify it
+ here to indicate flipped sign. */
+ us = -us;
+ }
+ }
+ }
+ rn = mpn_normalized_size (rp, rn);
+ r->_mp_size = us < 0 ? -rn : rn;
+}
+
+void
+mpz_cdiv_q_2exp (mpz_t r, const mpz_t u, mp_bitcnt_t cnt)
+{
+ mpz_div_q_2exp (r, u, cnt, GMP_DIV_CEIL);
+}
+
+void
+mpz_fdiv_q_2exp (mpz_t r, const mpz_t u, mp_bitcnt_t cnt)
+{
+ mpz_div_q_2exp (r, u, cnt, GMP_DIV_FLOOR);
+}
+
+void
+mpz_tdiv_q_2exp (mpz_t r, const mpz_t u, mp_bitcnt_t cnt)
+{
+ mpz_div_q_2exp (r, u, cnt, GMP_DIV_TRUNC);
+}
+
+void
+mpz_cdiv_r_2exp (mpz_t r, const mpz_t u, mp_bitcnt_t cnt)
+{
+ mpz_div_r_2exp (r, u, cnt, GMP_DIV_CEIL);
+}
+
+void
+mpz_fdiv_r_2exp (mpz_t r, const mpz_t u, mp_bitcnt_t cnt)
+{
+ mpz_div_r_2exp (r, u, cnt, GMP_DIV_FLOOR);
+}
+
+void
+mpz_tdiv_r_2exp (mpz_t r, const mpz_t u, mp_bitcnt_t cnt)
+{
+ mpz_div_r_2exp (r, u, cnt, GMP_DIV_TRUNC);
+}
+
+void
+mpz_divexact (mpz_t q, const mpz_t n, const mpz_t d)
+{
+ gmp_assert_nocarry (mpz_div_qr (q, NULL, n, d, GMP_DIV_TRUNC));
+}
+
+int
+mpz_divisible_p (const mpz_t n, const mpz_t d)
+{
+ return mpz_div_qr (NULL, NULL, n, d, GMP_DIV_TRUNC) == 0;
+}
+
+static unsigned long
+mpz_div_qr_ui (mpz_t q, mpz_t r,
+ const mpz_t n, unsigned long d, enum mpz_div_round_mode mode)
+{
+ mp_size_t ns, qn;
+ mp_ptr qp;
+ mp_limb_t rl;
+ mp_size_t rs;
+
+ ns = n->_mp_size;
+ if (ns == 0)
+ {
+ if (q)
+ q->_mp_size = 0;
+ if (r)
+ r->_mp_size = 0;
+ return 0;
+ }
+
+ qn = GMP_ABS (ns);
+ if (q)
+ qp = MPZ_REALLOC (q, qn);
+ else
+ qp = NULL;
+
+ rl = mpn_div_qr_1 (qp, n->_mp_d, qn, d);
+ assert (rl < d);
+
+ rs = rl > 0;
+ rs = (ns < 0) ? -rs : rs;
+
+ if (rl > 0 && ( (mode == GMP_DIV_FLOOR && ns < 0)
+ || (mode == GMP_DIV_CEIL && ns >= 0)))
+ {
+ if (q)
+ gmp_assert_nocarry (mpn_add_1 (qp, qp, qn, 1));
+ rl = d - rl;
+ rs = -rs;
+ }
+
+ if (r)
+ {
+ r->_mp_d[0] = rl;
+ r->_mp_size = rs;
+ }
+ if (q)
+ {
+ qn -= (qp[qn-1] == 0);
+ assert (qn == 0 || qp[qn-1] > 0);
+
+ q->_mp_size = (ns < 0) ? - qn : qn;
+ }
+
+ return rl;
+}
+
+unsigned long
+mpz_cdiv_qr_ui (mpz_t q, mpz_t r, const mpz_t n, unsigned long d)
+{
+ return mpz_div_qr_ui (q, r, n, d, GMP_DIV_CEIL);
+}
+
+unsigned long
+mpz_fdiv_qr_ui (mpz_t q, mpz_t r, const mpz_t n, unsigned long d)
+{
+ return mpz_div_qr_ui (q, r, n, d, GMP_DIV_FLOOR);
+}
+
+unsigned long
+mpz_tdiv_qr_ui (mpz_t q, mpz_t r, const mpz_t n, unsigned long d)
+{
+ return mpz_div_qr_ui (q, r, n, d, GMP_DIV_TRUNC);
+}
+
+unsigned long
+mpz_cdiv_q_ui (mpz_t q, const mpz_t n, unsigned long d)
+{
+ return mpz_div_qr_ui (q, NULL, n, d, GMP_DIV_CEIL);
+}
+
+unsigned long
+mpz_fdiv_q_ui (mpz_t q, const mpz_t n, unsigned long d)
+{
+ return mpz_div_qr_ui (q, NULL, n, d, GMP_DIV_FLOOR);
+}
+
+unsigned long
+mpz_tdiv_q_ui (mpz_t q, const mpz_t n, unsigned long d)
+{
+ return mpz_div_qr_ui (q, NULL, n, d, GMP_DIV_TRUNC);
+}
+
+unsigned long
+mpz_cdiv_r_ui (mpz_t r, const mpz_t n, unsigned long d)
+{
+ return mpz_div_qr_ui (NULL, r, n, d, GMP_DIV_CEIL);
+}
+unsigned long
+mpz_fdiv_r_ui (mpz_t r, const mpz_t n, unsigned long d)
+{
+ return mpz_div_qr_ui (NULL, r, n, d, GMP_DIV_FLOOR);
+}
+unsigned long
+mpz_tdiv_r_ui (mpz_t r, const mpz_t n, unsigned long d)
+{
+ return mpz_div_qr_ui (NULL, r, n, d, GMP_DIV_TRUNC);
+}
+
+unsigned long
+mpz_cdiv_ui (const mpz_t n, unsigned long d)
+{
+ return mpz_div_qr_ui (NULL, NULL, n, d, GMP_DIV_CEIL);
+}
+
+unsigned long
+mpz_fdiv_ui (const mpz_t n, unsigned long d)
+{
+ return mpz_div_qr_ui (NULL, NULL, n, d, GMP_DIV_FLOOR);
+}
+
+unsigned long
+mpz_tdiv_ui (const mpz_t n, unsigned long d)
+{
+ return mpz_div_qr_ui (NULL, NULL, n, d, GMP_DIV_TRUNC);
+}
+
+unsigned long
+mpz_mod_ui (mpz_t r, const mpz_t n, unsigned long d)
+{
+ return mpz_div_qr_ui (NULL, r, n, d, GMP_DIV_FLOOR);
+}
+
+void
+mpz_divexact_ui (mpz_t q, const mpz_t n, unsigned long d)
+{
+ gmp_assert_nocarry (mpz_div_qr_ui (q, NULL, n, d, GMP_DIV_TRUNC));
+}
+
+int
+mpz_divisible_ui_p (const mpz_t n, unsigned long d)
+{
+ return mpz_div_qr_ui (NULL, NULL, n, d, GMP_DIV_TRUNC) == 0;
+}
+
+\f
+/* GCD */
+static mp_limb_t
+mpn_gcd_11 (mp_limb_t u, mp_limb_t v)
+{
+ unsigned shift;
+
+ assert ( (u | v) > 0);
+
+ if (u == 0)
+ return v;
+ else if (v == 0)
+ return u;
+
+ gmp_ctz (shift, u | v);
+
+ u >>= shift;
+ v >>= shift;
+
+ if ( (u & 1) == 0)
+ MP_LIMB_T_SWAP (u, v);
+
+ while ( (v & 1) == 0)
+ v >>= 1;
+
+ while (u != v)
+ {
+ if (u > v)
+ {
+ u -= v;
+ do
+ u >>= 1;
+ while ( (u & 1) == 0);
+ }
+ else
+ {
+ v -= u;
+ do
+ v >>= 1;
+ while ( (v & 1) == 0);
+ }
+ }
+ return u << shift;
+}
+
+unsigned long
+mpz_gcd_ui (mpz_t g, const mpz_t u, unsigned long v)
+{
+ mp_size_t un;
+
+ if (v == 0)
+ {
+ if (g)
+ mpz_abs (g, u);
+ }
+ else
+ {
+ un = GMP_ABS (u->_mp_size);
+ if (un != 0)
+ v = mpn_gcd_11 (mpn_div_qr_1 (NULL, u->_mp_d, un, v), v);
+
+ if (g)
+ mpz_set_ui (g, v);
+ }
+
+ return v;
+}
+
+static mp_bitcnt_t
+mpz_make_odd (mpz_t r, const mpz_t u)
+{
+ mp_size_t un, rn, i;
+ mp_ptr rp;
+ unsigned shift;
+
+ un = GMP_ABS (u->_mp_size);
+ assert (un > 0);
+
+ for (i = 0; u->_mp_d[i] == 0; i++)
+ ;
+
+ gmp_ctz (shift, u->_mp_d[i]);
+
+ rn = un - i;
+ rp = MPZ_REALLOC (r, rn);
+ if (shift > 0)
+ {
+ mpn_rshift (rp, u->_mp_d + i, rn, shift);
+ rn -= (rp[rn-1] == 0);
+ }
+ else
+ mpn_copyi (rp, u->_mp_d + i, rn);
+
+ r->_mp_size = rn;
+ return i * GMP_LIMB_BITS + shift;
+}
+
+void
+mpz_gcd (mpz_t g, const mpz_t u, const mpz_t v)
+{
+ mpz_t tu, tv;
+ mp_bitcnt_t uz, vz, gz;
+
+ if (u->_mp_size == 0)
+ {
+ mpz_abs (g, v);
+ return;
+ }
+ if (v->_mp_size == 0)
+ {
+ mpz_abs (g, u);
+ return;
+ }
+
+ mpz_init (tu);
+ mpz_init (tv);
+
+ uz = mpz_make_odd (tu, u);
+ vz = mpz_make_odd (tv, v);
+ gz = GMP_MIN (uz, vz);
+
+ if (tu->_mp_size < tv->_mp_size)
+ mpz_swap (tu, tv);
+
+ mpz_tdiv_r (tu, tu, tv);
+ if (tu->_mp_size == 0)
+ {
+ mpz_swap (g, tv);
+ }
+ else
+ for (;;)
+ {
+ int c;
+
+ mpz_make_odd (tu, tu);
+ c = mpz_cmp (tu, tv);
+ if (c == 0)
+ {
+ mpz_swap (g, tu);
+ break;
+ }
+ if (c < 0)
+ mpz_swap (tu, tv);
+
+ if (tv->_mp_size == 1)
+ {
+ mp_limb_t vl = tv->_mp_d[0];
+ mp_limb_t ul = mpz_tdiv_ui (tu, vl);
+ mpz_set_ui (g, mpn_gcd_11 (ul, vl));
+ break;
+ }
+ mpz_sub (tu, tu, tv);
+ }
+ mpz_clear (tu);
+ mpz_clear (tv);
+ mpz_mul_2exp (g, g, gz);
+}
+
+void
+mpz_gcdext (mpz_t g, mpz_t s, mpz_t t, const mpz_t u, const mpz_t v)
+{
+ mpz_t tu, tv, s0, s1, t0, t1;
+ mp_bitcnt_t uz, vz, gz;
+ mp_bitcnt_t power;
+
+ if (u->_mp_size == 0)
+ {
+ /* g = 0 u + sgn(v) v */
+ signed long sign = mpz_sgn (v);
+ mpz_abs (g, v);
+ if (s)
+ mpz_set_ui (s, 0);
+ if (t)
+ mpz_set_si (t, sign);
+ return;
+ }
+
+ if (v->_mp_size == 0)
+ {
+ /* g = sgn(u) u + 0 v */
+ signed long sign = mpz_sgn (u);
+ mpz_abs (g, u);
+ if (s)
+ mpz_set_si (s, sign);
+ if (t)
+ mpz_set_ui (t, 0);
+ return;
+ }
+
+ mpz_init (tu);
+ mpz_init (tv);
+ mpz_init (s0);
+ mpz_init (s1);
+ mpz_init (t0);
+ mpz_init (t1);
+
+ uz = mpz_make_odd (tu, u);
+ vz = mpz_make_odd (tv, v);
+ gz = GMP_MIN (uz, vz);
+
+ uz -= gz;
+ vz -= gz;
+
+ /* Cofactors corresponding to odd gcd. gz handled later. */
+ if (tu->_mp_size < tv->_mp_size)
+ {
+ mpz_swap (tu, tv);
+ MPZ_SRCPTR_SWAP (u, v);
+ MPZ_PTR_SWAP (s, t);
+ MP_BITCNT_T_SWAP (uz, vz);
+ }
+
+ /* Maintain
+ *
+ * u = t0 tu + t1 tv
+ * v = s0 tu + s1 tv
+ *
+ * where u and v denote the inputs with common factors of two
+ * eliminated, and det (s0, t0; s1, t1) = 2^p. Then
+ *
+ * 2^p tu = s1 u - t1 v
+ * 2^p tv = -s0 u + t0 v
+ */
+
+ /* After initial division, tu = q tv + tu', we have
+ *
+ * u = 2^uz (tu' + q tv)
+ * v = 2^vz tv
+ *
+ * or
+ *
+ * t0 = 2^uz, t1 = 2^uz q
+ * s0 = 0, s1 = 2^vz
+ */
+
+ mpz_setbit (t0, uz);
+ mpz_tdiv_qr (t1, tu, tu, tv);
+ mpz_mul_2exp (t1, t1, uz);
+
+ mpz_setbit (s1, vz);
+ power = uz + vz;
+
+ if (tu->_mp_size > 0)
+ {
+ mp_bitcnt_t shift;
+ shift = mpz_make_odd (tu, tu);
+ mpz_mul_2exp (t0, t0, shift);
+ mpz_mul_2exp (s0, s0, shift);
+ power += shift;
+
+ for (;;)
+ {
+ int c;
+ c = mpz_cmp (tu, tv);
+ if (c == 0)
+ break;
+
+ if (c < 0)
+ {
+ /* tv = tv' + tu
+ *
+ * u = t0 tu + t1 (tv' + tu) = (t0 + t1) tu + t1 tv'
+ * v = s0 tu + s1 (tv' + tu) = (s0 + s1) tu + s1 tv' */
+
+ mpz_sub (tv, tv, tu);
+ mpz_add (t0, t0, t1);
+ mpz_add (s0, s0, s1);
+
+ shift = mpz_make_odd (tv, tv);
+ mpz_mul_2exp (t1, t1, shift);
+ mpz_mul_2exp (s1, s1, shift);
+ }
+ else
+ {
+ mpz_sub (tu, tu, tv);
+ mpz_add (t1, t0, t1);
+ mpz_add (s1, s0, s1);
+
+ shift = mpz_make_odd (tu, tu);
+ mpz_mul_2exp (t0, t0, shift);
+ mpz_mul_2exp (s0, s0, shift);
+ }
+ power += shift;
+ }
+ }
+
+ /* Now tv = odd part of gcd, and -s0 and t0 are corresponding
+ cofactors. */
+
+ mpz_mul_2exp (tv, tv, gz);
+ mpz_neg (s0, s0);
+
+ /* 2^p g = s0 u + t0 v. Eliminate one factor of two at a time. To
+ adjust cofactors, we need u / g and v / g */
+
+ mpz_divexact (s1, v, tv);
+ mpz_abs (s1, s1);
+ mpz_divexact (t1, u, tv);
+ mpz_abs (t1, t1);
+
+ while (power-- > 0)
+ {
+ /* s0 u + t0 v = (s0 - v/g) u - (t0 + u/g) v */
+ if (mpz_odd_p (s0) || mpz_odd_p (t0))
+ {
+ mpz_sub (s0, s0, s1);
+ mpz_add (t0, t0, t1);
+ }
+ mpz_divexact_ui (s0, s0, 2);
+ mpz_divexact_ui (t0, t0, 2);
+ }
+
+ /* Arrange so that |s| < |u| / 2g */
+ mpz_add (s1, s0, s1);
+ if (mpz_cmpabs (s0, s1) > 0)
+ {
+ mpz_swap (s0, s1);
+ mpz_sub (t0, t0, t1);
+ }
+ if (u->_mp_size < 0)
+ mpz_neg (s0, s0);
+ if (v->_mp_size < 0)
+ mpz_neg (t0, t0);
+
+ mpz_swap (g, tv);
+ if (s)
+ mpz_swap (s, s0);
+ if (t)
+ mpz_swap (t, t0);
+
+ mpz_clear (tu);
+ mpz_clear (tv);
+ mpz_clear (s0);
+ mpz_clear (s1);
+ mpz_clear (t0);
+ mpz_clear (t1);
+}
+
+void
+mpz_lcm (mpz_t r, const mpz_t u, const mpz_t v)
+{
+ mpz_t g;
+
+ if (u->_mp_size == 0 || v->_mp_size == 0)
+ {
+ r->_mp_size = 0;
+ return;
+ }
+
+ mpz_init (g);
+
+ mpz_gcd (g, u, v);
+ mpz_divexact (g, u, g);
+ mpz_mul (r, g, v);
+
+ mpz_clear (g);
+ mpz_abs (r, r);
+}
+
+void
+mpz_lcm_ui (mpz_t r, const mpz_t u, unsigned long v)
+{
+ if (v == 0 || u->_mp_size == 0)
+ {
+ r->_mp_size = 0;
+ return;
+ }
+
+ v /= mpz_gcd_ui (NULL, u, v);
+ mpz_mul_ui (r, u, v);
+
+ mpz_abs (r, r);
+}
+
+int
+mpz_invert (mpz_t r, const mpz_t u, const mpz_t m)
+{
+ mpz_t g, tr;
+ int invertible;
+
+ if (u->_mp_size == 0 || mpz_cmpabs_ui (m, 1) <= 0)
+ return 0;
+
+ mpz_init (g);
+ mpz_init (tr);
+
+ mpz_gcdext (g, tr, NULL, u, m);
+ invertible = (mpz_cmp_ui (g, 1) == 0);
+
+ if (invertible)
+ {
+ if (tr->_mp_size < 0)
+ {
+ if (m->_mp_size >= 0)
+ mpz_add (tr, tr, m);
+ else
+ mpz_sub (tr, tr, m);
+ }
+ mpz_swap (r, tr);
+ }
+
+ mpz_clear (g);
+ mpz_clear (tr);
+ return invertible;
+}
+
+\f
+/* Higher level operations (sqrt, pow and root) */
+
+void
+mpz_pow_ui (mpz_t r, const mpz_t b, unsigned long e)
+{
+ unsigned long bit;
+ mpz_t tr;
+ mpz_init_set_ui (tr, 1);
+
+ for (bit = GMP_ULONG_HIGHBIT; bit > 0; bit >>= 1)
+ {
+ mpz_mul (tr, tr, tr);
+ if (e & bit)
+ mpz_mul (tr, tr, b);
+ }
+ mpz_swap (r, tr);
+ mpz_clear (tr);
+}
+
+void
+mpz_ui_pow_ui (mpz_t r, unsigned long blimb, unsigned long e)
+{
+ mpz_t b;
+ mpz_init_set_ui (b, blimb);
+ mpz_pow_ui (r, b, e);
+ mpz_clear (b);
+}
+
+void
+mpz_powm (mpz_t r, const mpz_t b, const mpz_t e, const mpz_t m)
+{
+ mpz_t tr;
+ mpz_t base;
+ mp_size_t en, mn;
+ mp_srcptr mp;
+ struct gmp_div_inverse minv;
+ unsigned shift;
+ mp_ptr tp = NULL;
+
+ en = GMP_ABS (e->_mp_size);
+ mn = GMP_ABS (m->_mp_size);
+ if (mn == 0)
+ gmp_die ("mpz_powm: Zero modulo.");
+
+ if (en == 0)
+ {
+ mpz_set_ui (r, 1);
+ return;
+ }
+
+ mp = m->_mp_d;
+ mpn_div_qr_invert (&minv, mp, mn);
+ shift = minv.shift;
+
+ if (shift > 0)
+ {
+ /* To avoid shifts, we do all our reductions, except the final
+ one, using a *normalized* m. */
+ minv.shift = 0;
+
+ tp = gmp_xalloc_limbs (mn);
+ gmp_assert_nocarry (mpn_lshift (tp, mp, mn, shift));
+ mp = tp;
+ }
+
+ mpz_init (base);
+
+ if (e->_mp_size < 0)
+ {
+ if (!mpz_invert (base, b, m))
+ gmp_die ("mpz_powm: Negative exponent and non-invertibe base.");
+ }
+ else
+ {
+ mp_size_t bn;
+ mpz_abs (base, b);
+
+ bn = base->_mp_size;
+ if (bn >= mn)
+ {
+ mpn_div_qr_preinv (NULL, base->_mp_d, base->_mp_size, mp, mn, &minv);
+ bn = mn;
+ }
+
+ /* We have reduced the absolute value. Now take care of the
+ sign. Note that we get zero represented non-canonically as
+ m. */
+ if (b->_mp_size < 0)
+ {
+ mp_ptr bp = MPZ_REALLOC (base, mn);
+ gmp_assert_nocarry (mpn_sub (bp, mp, mn, bp, bn));
+ bn = mn;
+ }
+ base->_mp_size = mpn_normalized_size (base->_mp_d, bn);
+ }
+ mpz_init_set_ui (tr, 1);
+
+ while (en-- > 0)
+ {
+ mp_limb_t w = e->_mp_d[en];
+ mp_limb_t bit;
+
+ for (bit = GMP_LIMB_HIGHBIT; bit > 0; bit >>= 1)
+ {
+ mpz_mul (tr, tr, tr);
+ if (w & bit)
+ mpz_mul (tr, tr, base);
+ if (tr->_mp_size > mn)
+ {
+ mpn_div_qr_preinv (NULL, tr->_mp_d, tr->_mp_size, mp, mn, &minv);
+ tr->_mp_size = mpn_normalized_size (tr->_mp_d, mn);
+ }
+ }
+ }
+
+ /* Final reduction */
+ if (tr->_mp_size >= mn)
+ {
+ minv.shift = shift;
+ mpn_div_qr_preinv (NULL, tr->_mp_d, tr->_mp_size, mp, mn, &minv);
+ tr->_mp_size = mpn_normalized_size (tr->_mp_d, mn);
+ }
+ if (tp)
+ gmp_free (tp);
+
+ mpz_swap (r, tr);
+ mpz_clear (tr);
+ mpz_clear (base);
+}
+
+void
+mpz_powm_ui (mpz_t r, const mpz_t b, unsigned long elimb, const mpz_t m)
+{
+ mpz_t e;
+ mpz_init_set_ui (e, elimb);
+ mpz_powm (r, b, e, m);
+ mpz_clear (e);
+}
+
+/* x=trunc(y^(1/z)), r=y-x^z */
+void
+mpz_rootrem (mpz_t x, mpz_t r, const mpz_t y, unsigned long z)
+{
+ int sgn;
+ mpz_t t, u;
+
+ sgn = y->_mp_size < 0;
+ if (sgn && (z & 1) == 0)
+ gmp_die ("mpz_rootrem: Negative argument, with even root.");
+ if (z == 0)
+ gmp_die ("mpz_rootrem: Zeroth root.");
+
+ if (mpz_cmpabs_ui (y, 1) <= 0) {
+ mpz_set (x, y);
+ if (r)
+ r->_mp_size = 0;
+ return;
+ }
+
+ mpz_init (t);
+ mpz_init (u);
+ mpz_setbit (t, mpz_sizeinbase (y, 2) / z + 1);
+
+ if (z == 2) /* simplify sqrt loop: z-1 == 1 */
+ do {
+ mpz_swap (u, t); /* u = x */
+ mpz_tdiv_q (t, y, u); /* t = y/x */
+ mpz_add (t, t, u); /* t = y/x + x */
+ mpz_tdiv_q_2exp (t, t, 1); /* x'= (y/x + x)/2 */
+ } while (mpz_cmpabs (t, u) < 0); /* |x'| < |x| */
+ else /* z != 2 */ {
+ mpz_t v;
+
+ mpz_init (v);
+ if (sgn)
+ mpz_neg (t, t);
+
+ do {
+ mpz_swap (u, t); /* u = x */
+ mpz_pow_ui (t, u, z - 1); /* t = x^(z-1) */
+ mpz_tdiv_q (t, y, t); /* t = y/x^(z-1) */
+ mpz_mul_ui (v, u, z - 1); /* v = x*(z-1) */
+ mpz_add (t, t, v); /* t = y/x^(z-1) + x*(z-1) */
+ mpz_tdiv_q_ui (t, t, z); /* x'=(y/x^(z-1) + x*(z-1))/z */
+ } while (mpz_cmpabs (t, u) < 0); /* |x'| < |x| */
+
+ mpz_clear (v);
+ }
+
+ if (r) {
+ mpz_pow_ui (t, u, z);
+ mpz_sub (r, y, t);
+ }
+ mpz_swap (x, u);
+ mpz_clear (u);
+ mpz_clear (t);
+}
+
+int
+mpz_root (mpz_t x, const mpz_t y, unsigned long z)
+{
+ int res;
+ mpz_t r;
+
+ mpz_init (r);
+ mpz_rootrem (x, r, y, z);
+ res = r->_mp_size == 0;
+ mpz_clear (r);
+
+ return res;
+}
+
+/* Compute s = floor(sqrt(u)) and r = u - s^2. Allows r == NULL */
+void
+mpz_sqrtrem (mpz_t s, mpz_t r, const mpz_t u)
+{
+ mpz_rootrem (s, r, u, 2);
+}
+
+void
+mpz_sqrt (mpz_t s, const mpz_t u)
+{
+ mpz_rootrem (s, NULL, u, 2);
+}
+
+\f
+/* Combinatorics */
+
+void
+mpz_fac_ui (mpz_t x, unsigned long n)
+{
+ if (n < 2) {
+ mpz_set_ui (x, 1);
+ return;
+ }
+ mpz_set_ui (x, n);
+ for (;--n > 1;)
+ mpz_mul_ui (x, x, n);
+}
+
+void
+mpz_bin_uiui (mpz_t r, unsigned long n, unsigned long k)
+{
+ mpz_t t;
+
+ if (k > n) {
+ r->_mp_size = 0;
+ return;
+ }
+ mpz_fac_ui (r, n);
+ mpz_init (t);
+ mpz_fac_ui (t, k);
+ mpz_divexact (r, r, t);
+ mpz_fac_ui (t, n - k);
+ mpz_divexact (r, r, t);
+ mpz_clear (t);
+}
+
+\f
+/* Logical operations and bit manipulation. */
+
+/* Numbers are treated as if represented in two's complement (and
+ infinitely sign extended). For a negative values we get the two's
+ complement from -x = ~x + 1, where ~ is bitwise complementt.
+ Negation transforms
+
+ xxxx10...0
+
+ into
+
+ yyyy10...0
+
+ where yyyy is the bitwise complement of xxxx. So least significant
+ bits, up to and including the first one bit, are unchanged, and
+ the more significant bits are all complemented.
+
+ To change a bit from zero to one in a negative number, subtract the
+ corresponding power of two from the absolute value. This can never
+ underflow. To change a bit from one to zero, add the corresponding
+ power of two, and this might overflow. E.g., if x = -001111, the
+ two's complement is 110001. Clearing the least significant bit, we
+ get two's complement 110000, and -010000. */
+
+int
+mpz_tstbit (const mpz_t d, mp_bitcnt_t bit_index)
+{
+ mp_size_t limb_index;
+ unsigned shift;
+ mp_size_t ds;
+ mp_size_t dn;
+ mp_limb_t w;
+ int bit;
+
+ ds = d->_mp_size;
+ dn = GMP_ABS (ds);
+ limb_index = bit_index / GMP_LIMB_BITS;
+ if (limb_index >= dn)
+ return ds < 0;
+
+ shift = bit_index % GMP_LIMB_BITS;
+ w = d->_mp_d[limb_index];
+ bit = (w >> shift) & 1;
+
+ if (ds < 0)
+ {
+ /* d < 0. Check if any of the bits below is set: If so, our bit
+ must be complemented. */
+ if (shift > 0 && (w << (GMP_LIMB_BITS - shift)) > 0)
+ return bit ^ 1;
+ while (limb_index-- > 0)
+ if (d->_mp_d[limb_index] > 0)
+ return bit ^ 1;
+ }
+ return bit;
+}
+
+static void
+mpz_abs_add_bit (mpz_t d, mp_bitcnt_t bit_index)
+{
+ mp_size_t dn, limb_index;
+ mp_limb_t bit;
+ mp_ptr dp;
+
+ dn = GMP_ABS (d->_mp_size);
+
+ limb_index = bit_index / GMP_LIMB_BITS;
+ bit = (mp_limb_t) 1 << (bit_index % GMP_LIMB_BITS);
+
+ if (limb_index >= dn)
+ {
+ mp_size_t i;
+ /* The bit should be set outside of the end of the number.
+ We have to increase the size of the number. */
+ dp = MPZ_REALLOC (d, limb_index + 1);
+
+ dp[limb_index] = bit;
+ for (i = dn; i < limb_index; i++)
+ dp[i] = 0;
+ dn = limb_index + 1;
+ }
+ else
+ {
+ mp_limb_t cy;
+
+ dp = d->_mp_d;
+
+ cy = mpn_add_1 (dp + limb_index, dp + limb_index, dn - limb_index, bit);
+ if (cy > 0)
+ {
+ dp = MPZ_REALLOC (d, dn + 1);
+ dp[dn++] = cy;
+ }
+ }
+
+ d->_mp_size = (d->_mp_size < 0) ? - dn : dn;
+}
+
+static void
+mpz_abs_sub_bit (mpz_t d, mp_bitcnt_t bit_index)
+{
+ mp_size_t dn, limb_index;
+ mp_ptr dp;
+ mp_limb_t bit;
+
+ dn = GMP_ABS (d->_mp_size);
+ dp = d->_mp_d;
+
+ limb_index = bit_index / GMP_LIMB_BITS;
+ bit = (mp_limb_t) 1 << (bit_index % GMP_LIMB_BITS);
+
+ assert (limb_index < dn);
+
+ gmp_assert_nocarry (mpn_sub_1 (dp + limb_index, dp + limb_index,
+ dn - limb_index, bit));
+ dn -= (dp[dn-1] == 0);
+ d->_mp_size = (d->_mp_size < 0) ? - dn : dn;
+}
+
+void
+mpz_setbit (mpz_t d, mp_bitcnt_t bit_index)
+{
+ if (!mpz_tstbit (d, bit_index))
+ {
+ if (d->_mp_size >= 0)
+ mpz_abs_add_bit (d, bit_index);
+ else
+ mpz_abs_sub_bit (d, bit_index);
+ }
+}
+
+void
+mpz_clrbit (mpz_t d, mp_bitcnt_t bit_index)
+{
+ if (mpz_tstbit (d, bit_index))
+ {
+ if (d->_mp_size >= 0)
+ mpz_abs_sub_bit (d, bit_index);
+ else
+ mpz_abs_add_bit (d, bit_index);
+ }
+}
+
+void
+mpz_combit (mpz_t d, mp_bitcnt_t bit_index)
+{
+ if (mpz_tstbit (d, bit_index) ^ (d->_mp_size < 0))
+ mpz_abs_sub_bit (d, bit_index);
+ else
+ mpz_abs_add_bit (d, bit_index);
+}
+
+void
+mpz_com (mpz_t r, const mpz_t u)
+{
+ mpz_neg (r, u);
+ mpz_sub_ui (r, r, 1);
+}
+
+void
+mpz_and (mpz_t r, const mpz_t u, const mpz_t v)
+{
+ mp_size_t un, vn, rn, i;
+ mp_ptr up, vp, rp;
+
+ mp_limb_t ux, vx, rx;
+ mp_limb_t uc, vc, rc;
+ mp_limb_t ul, vl, rl;
+
+ un = GMP_ABS (u->_mp_size);
+ vn = GMP_ABS (v->_mp_size);
+ if (un < vn)
+ {
+ MPZ_SRCPTR_SWAP (u, v);
+ MP_SIZE_T_SWAP (un, vn);
+ }
+ if (vn == 0)
+ {
+ r->_mp_size = 0;
+ return;
+ }
+
+ uc = u->_mp_size < 0;
+ vc = v->_mp_size < 0;
+ rc = uc & vc;
+
+ ux = -uc;
+ vx = -vc;
+ rx = -rc;
+
+ /* If the smaller input is positive, higher limbs don't matter. */
+ rn = vx ? un : vn;
+
+ rp = MPZ_REALLOC (r, rn + rc);
+
+ up = u->_mp_d;
+ vp = v->_mp_d;
+
+ for (i = 0; i < vn; i++)
+ {
+ ul = (up[i] ^ ux) + uc;
+ uc = ul < uc;
+
+ vl = (vp[i] ^ vx) + vc;
+ vc = vl < vc;
+
+ rl = ( (ul & vl) ^ rx) + rc;
+ rc = rl < rc;
+ rp[i] = rl;
+ }
+ assert (vc == 0);
+
+ for (; i < rn; i++)
+ {
+ ul = (up[i] ^ ux) + uc;
+ uc = ul < uc;
+
+ rl = ( (ul & vx) ^ rx) + rc;
+ rc = rl < rc;
+ rp[i] = rl;
+ }
+ if (rc)
+ rp[rn++] = rc;
+ else
+ rn = mpn_normalized_size (rp, rn);
+
+ r->_mp_size = rx ? -rn : rn;
+}
+
+void
+mpz_ior (mpz_t r, const mpz_t u, const mpz_t v)
+{
+ mp_size_t un, vn, rn, i;
+ mp_ptr up, vp, rp;
+
+ mp_limb_t ux, vx, rx;
+ mp_limb_t uc, vc, rc;
+ mp_limb_t ul, vl, rl;
+
+ un = GMP_ABS (u->_mp_size);
+ vn = GMP_ABS (v->_mp_size);
+ if (un < vn)
+ {
+ MPZ_SRCPTR_SWAP (u, v);
+ MP_SIZE_T_SWAP (un, vn);
+ }
+ if (vn == 0)
+ {
+ mpz_set (r, u);
+ return;
+ }
+
+ uc = u->_mp_size < 0;
+ vc = v->_mp_size < 0;
+ rc = uc | vc;
+
+ ux = -uc;
+ vx = -vc;
+ rx = -rc;
+
+ /* If the smaller input is negative, by sign extension higher limbs
+ don't matter. */
+ rn = vx ? vn : un;
+
+ rp = MPZ_REALLOC (r, rn + rc);
+
+ up = u->_mp_d;
+ vp = v->_mp_d;
+
+ for (i = 0; i < vn; i++)
+ {
+ ul = (up[i] ^ ux) + uc;
+ uc = ul < uc;
+
+ vl = (vp[i] ^ vx) + vc;
+ vc = vl < vc;
+
+ rl = ( (ul | vl) ^ rx) + rc;
+ rc = rl < rc;
+ rp[i] = rl;
+ }
+ assert (vc == 0);
+
+ for (; i < rn; i++)
+ {
+ ul = (up[i] ^ ux) + uc;
+ uc = ul < uc;
+
+ rl = ( (ul | vx) ^ rx) + rc;
+ rc = rl < rc;
+ rp[i] = rl;
+ }
+ if (rc)
+ rp[rn++] = rc;
+ else
+ rn = mpn_normalized_size (rp, rn);
+
+ r->_mp_size = rx ? -rn : rn;
+}
+
+void
+mpz_xor (mpz_t r, const mpz_t u, const mpz_t v)
+{
+ mp_size_t un, vn, i;
+ mp_ptr up, vp, rp;
+
+ mp_limb_t ux, vx, rx;
+ mp_limb_t uc, vc, rc;
+ mp_limb_t ul, vl, rl;
+
+ un = GMP_ABS (u->_mp_size);
+ vn = GMP_ABS (v->_mp_size);
+ if (un < vn)
+ {
+ MPZ_SRCPTR_SWAP (u, v);
+ MP_SIZE_T_SWAP (un, vn);
+ }
+ if (vn == 0)
+ {
+ mpz_set (r, u);
+ return;
+ }
+
+ uc = u->_mp_size < 0;
+ vc = v->_mp_size < 0;
+ rc = uc ^ vc;
+
+ ux = -uc;
+ vx = -vc;
+ rx = -rc;
+
+ rp = MPZ_REALLOC (r, un + rc);
+
+ up = u->_mp_d;
+ vp = v->_mp_d;
+
+ for (i = 0; i < vn; i++)
+ {
+ ul = (up[i] ^ ux) + uc;
+ uc = ul < uc;
+
+ vl = (vp[i] ^ vx) + vc;
+ vc = vl < vc;
+
+ rl = (ul ^ vl ^ rx) + rc;
+ rc = rl < rc;
+ rp[i] = rl;
+ }
+ assert (vc == 0);
+
+ for (; i < un; i++)
+ {
+ ul = (up[i] ^ ux) + uc;
+ uc = ul < uc;
+
+ rl = (ul ^ ux) + rc;
+ rc = rl < rc;
+ rp[i] = rl;
+ }
+ if (rc)
+ rp[un++] = rc;
+ else
+ un = mpn_normalized_size (rp, un);
+
+ r->_mp_size = rx ? -un : un;
+}
+
+static unsigned
+gmp_popcount_limb (mp_limb_t x)
+{
+ unsigned c;
+
+ /* Do 16 bits at a time, to avoid limb-sized constants. */
+ for (c = 0; x > 0; x >>= 16)
+ {
+ unsigned w = ((x >> 1) & 0x5555) + (x & 0x5555);
+ w = ((w >> 2) & 0x3333) + (w & 0x3333);
+ w = ((w >> 4) & 0x0f0f) + (w & 0x0f0f);
+ w = (w >> 8) + (w & 0x00ff);
+ c += w;
+ }
+ return c;
+}
+
+mp_bitcnt_t
+mpz_popcount (const mpz_t u)
+{
+ mp_size_t un, i;
+ mp_bitcnt_t c;
+
+ un = u->_mp_size;
+
+ if (un < 0)
+ return ~(mp_bitcnt_t) 0;
+
+ for (c = 0, i = 0; i < un; i++)
+ c += gmp_popcount_limb (u->_mp_d[i]);
+
+ return c;
+}
+
+mp_bitcnt_t
+mpz_hamdist (const mpz_t u, const mpz_t v)
+{
+ mp_size_t un, vn, i;
+ mp_limb_t uc, vc, ul, vl, comp;
+ mp_srcptr up, vp;
+ mp_bitcnt_t c;
+
+ un = u->_mp_size;
+ vn = v->_mp_size;
+
+ if ( (un ^ vn) < 0)
+ return ~(mp_bitcnt_t) 0;
+
+ if (un < 0)
+ {
+ assert (vn < 0);
+ un = -un;
+ vn = -vn;
+ uc = vc = 1;
+ comp = - (mp_limb_t) 1;
+ }
+ else
+ uc = vc = comp = 0;
+
+ up = u->_mp_d;
+ vp = v->_mp_d;
+
+ if (un < vn)
+ MPN_SRCPTR_SWAP (up, un, vp, vn);
+
+ for (i = 0, c = 0; i < vn; i++)
+ {
+ ul = (up[i] ^ comp) + uc;
+ uc = ul < uc;
+
+ vl = (vp[i] ^ comp) + vc;
+ vc = vl < vc;
+
+ c += gmp_popcount_limb (ul ^ vl);
+ }
+ assert (vc == 0);
+
+ for (; i < un; i++)
+ {
+ ul = (up[i] ^ comp) + uc;
+ uc = ul < uc;
+
+ c += gmp_popcount_limb (ul ^ comp);
+ }
+
+ return c;
+}
+
+mp_bitcnt_t
+mpz_scan1 (const mpz_t u, mp_bitcnt_t starting_bit)
+{
+ mp_ptr up;
+ mp_size_t us, un, i;
+ mp_limb_t limb, ux, uc;
+ unsigned cnt;
+
+ up = u->_mp_d;
+ us = u->_mp_size;
+ un = GMP_ABS (us);
+ i = starting_bit / GMP_LIMB_BITS;
+
+ /* Past the end there's no 1 bits for u>=0, or an immediate 1 bit
+ for u<0. Notice this test picks up any u==0 too. */
+ if (i >= un)
+ return (us >= 0 ? ~(mp_bitcnt_t) 0 : starting_bit);
+
+ if (us < 0)
+ {
+ ux = GMP_LIMB_MAX;
+ uc = mpn_zero_p (up, i);
+ }
+ else
+ ux = uc = 0;
+
+ limb = (ux ^ up[i]) + uc;
+ uc = limb < uc;
+
+ /* Mask to 0 all bits before starting_bit, thus ignoring them. */
+ limb &= (GMP_LIMB_MAX << (starting_bit % GMP_LIMB_BITS));
+
+ while (limb == 0)
+ {
+ i++;
+ if (i == un)
+ {
+ assert (uc == 0);
+ /* For the u > 0 case, this can happen only for the first
+ masked limb. For the u < 0 case, it happens when the
+ highest limbs of the absolute value are all ones. */
+ return (us >= 0 ? ~(mp_bitcnt_t) 0 : un * GMP_LIMB_BITS);
+ }
+ limb = (ux ^ up[i]) + uc;
+ uc = limb < uc;
+ }
+ gmp_ctz (cnt, limb);
+ return (mp_bitcnt_t) i * GMP_LIMB_BITS + cnt;
+}
+
+mp_bitcnt_t
+mpz_scan0 (const mpz_t u, mp_bitcnt_t starting_bit)
+{
+ mp_ptr up;
+ mp_size_t us, un, i;
+ mp_limb_t limb, ux, uc;
+ unsigned cnt;
+
+ up = u->_mp_d;
+ us = u->_mp_size;
+ un = GMP_ABS (us);
+ i = starting_bit / GMP_LIMB_BITS;
+
+ /* When past end, there's an immediate 0 bit for u>=0, or no 0 bits for
+ u<0. Notice this test picks up all cases of u==0 too. */
+ if (i >= un)
+ return (us >= 0 ? starting_bit : ~(mp_bitcnt_t) 0);
+
+ if (us < 0)
+ {
+ ux = GMP_LIMB_MAX;
+ uc = mpn_zero_p (up, i);
+ }
+ else
+ ux = uc = 0;
+
+ limb = (ux ^ up[i]) + uc;
+ uc = limb < uc;
+
+ /* Mask to 1 all bits before starting_bit, thus ignoring them. */
+ limb |= ((mp_limb_t) 1 << (starting_bit % GMP_LIMB_BITS)) - 1;
+
+ while (limb == GMP_LIMB_MAX)
+ {
+ i++;
+ if (i == un)
+ {
+ assert (uc == 0);
+ return (us >= 0 ? un * GMP_LIMB_BITS : ~(mp_bitcnt_t) 0);
+ }
+ limb = (ux ^ up[i]) + uc;
+ uc = limb < uc;
+ }
+ gmp_ctz (cnt, ~limb);
+ return (mp_bitcnt_t) i * GMP_LIMB_BITS + cnt;
+}
+
+\f
+/* MPZ base conversion. */
+
+size_t
+mpz_sizeinbase (const mpz_t u, int base)
+{
+ mp_size_t un;
+ mp_srcptr up;
+ mp_ptr tp;
+ mp_bitcnt_t bits;
+ struct gmp_div_inverse bi;
+ size_t ndigits;
+
+ assert (base >= 2);
+ assert (base <= 36);
+
+ un = GMP_ABS (u->_mp_size);
+ if (un == 0)
+ return 1;
+
+ up = u->_mp_d;
+
+ bits = (un - 1) * GMP_LIMB_BITS + mpn_limb_size_in_base_2 (up[un-1]);
+ switch (base)
+ {
+ case 2:
+ return bits;
+ case 4:
+ return (bits + 1) / 2;
+ case 8:
+ return (bits + 2) / 3;
+ case 16:
+ return (bits + 3) / 4;
+ case 32:
+ return (bits + 4) / 5;
+ /* FIXME: Do something more clever for the common case of base
+ 10. */
+ }
+
+ tp = gmp_xalloc_limbs (un);
+ mpn_copyi (tp, up, un);
+ mpn_div_qr_1_invert (&bi, base);
+
+ for (ndigits = 0; un > 0; ndigits++)
+ {
+ mpn_div_qr_1_preinv (tp, tp, un, &bi);
+ un -= (tp[un-1] == 0);
+ }
+ gmp_free (tp);
+ return ndigits;
+}
+
+char *
+mpz_get_str (char *sp, int base, const mpz_t u)
+{
+ unsigned bits;
+ const char *digits;
+ mp_size_t un;
+ size_t i, sn;
+
+ if (base >= 0)
+ {
+ digits = "0123456789abcdefghijklmnopqrstuvwxyz";
+ }
+ else
+ {
+ base = -base;
+ digits = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+ }
+ if (base <= 1)
+ base = 10;
+ if (base > 36)
+ return NULL;
+
+ sn = 1 + mpz_sizeinbase (u, base);
+ if (!sp)
+ sp = gmp_xalloc (1 + sn);
+
+ un = GMP_ABS (u->_mp_size);
+
+ if (un == 0)
+ {
+ sp[0] = '0';
+ sp[1] = '\0';
+ return sp;
+ }
+
+ i = 0;
+
+ if (u->_mp_size < 0)
+ sp[i++] = '-';
+
+ bits = mpn_base_power_of_two_p (base);
+
+ if (bits)
+ /* Not modified in this case. */
+ sn = i + mpn_get_str_bits ((unsigned char *) sp + i, bits, u->_mp_d, un);
+ else
+ {
+ struct mpn_base_info info;
+ mp_ptr tp;
+
+ mpn_get_base_info (&info, base);
+ tp = gmp_xalloc_limbs (un);
+ mpn_copyi (tp, u->_mp_d, un);
+
+ sn = i + mpn_get_str_other ((unsigned char *) sp + i, base, &info, tp, un);
+ gmp_free (tp);
+ }
+
+ for (; i < sn; i++)
+ sp[i] = digits[(unsigned char) sp[i]];
+
+ sp[sn] = '\0';
+ return sp;
+}
+
+int
+mpz_set_str (mpz_t r, const char *sp, int base)
+{
+ unsigned bits;
+ mp_size_t rn, alloc;
+ mp_ptr rp;
+ size_t sn;
+ size_t dn;
+ int sign;
+ unsigned char *dp;
+
+ assert (base == 0 || (base >= 2 && base <= 36));
+
+ while (isspace( (unsigned char) *sp))
+ sp++;
+
+ if (*sp == '-')
+ {
+ sign = 1;
+ sp++;
+ }
+ else
+ sign = 0;
+
+ if (base == 0)
+ {
+ if (*sp == '0')
+ {
+ sp++;
+ if (*sp == 'x' || *sp == 'X')
+ {
+ base = 16;
+ sp++;
+ }
+ else if (*sp == 'b' || *sp == 'B')
+ {
+ base = 2;
+ sp++;
+ }
+ else
+ base = 8;
+ }
+ else
+ base = 10;
+ }
+
+ sn = strlen (sp);
+ dp = gmp_xalloc (sn + (sn == 0));
+
+ for (dn = 0; *sp; sp++)
+ {
+ unsigned digit;
+
+ if (isspace ((unsigned char) *sp))
+ continue;
+ if (*sp >= '0' && *sp <= '9')
+ digit = *sp - '0';
+ else if (*sp >= 'a' && *sp <= 'z')
+ digit = *sp - 'a' + 10;
+ else if (*sp >= 'A' && *sp <= 'Z')
+ digit = *sp - 'A' + 10;
+ else
+ digit = base; /* fail */
+
+ if (digit >= base)
+ {
+ gmp_free (dp);
+ r->_mp_size = 0;
+ return -1;
+ }
+
+ dp[dn++] = digit;
+ }
+
+ bits = mpn_base_power_of_two_p (base);
+
+ if (bits > 0)
+ {
+ alloc = (sn * bits + GMP_LIMB_BITS - 1) / GMP_LIMB_BITS;
+ rp = MPZ_REALLOC (r, alloc);
+ rn = mpn_set_str_bits (rp, dp, dn, bits);
+ }
+ else
+ {
+ struct mpn_base_info info;
+ mpn_get_base_info (&info, base);
+ alloc = (sn + info.exp - 1) / info.exp;
+ rp = MPZ_REALLOC (r, alloc);
+ rn = mpn_set_str_other (rp, dp, dn, base, &info);
+ }
+ assert (rn <= alloc);
+ gmp_free (dp);
+
+ r->_mp_size = sign ? - rn : rn;
+
+ return 0;
+}
+
+int
+mpz_init_set_str (mpz_t r, const char *sp, int base)
+{
+ mpz_init (r);
+ return mpz_set_str (r, sp, base);
+}
+
+size_t
+mpz_out_str (FILE *stream, int base, const mpz_t x)
+{
+ char *str;
+ size_t len;
+
+ str = mpz_get_str (NULL, base, x);
+ len = strlen (str);
+ len = fwrite (str, 1, len, stream);
+ gmp_free (str);
+ return len;
+}
+
+\f
+static int
+gmp_detect_endian (void)
+{
+ static const int i = 1;
+ const unsigned char *p = (const unsigned char *) &i;
+ if (*p == 1)
+ /* Little endian */
+ return -1;
+ else
+ /* Big endian */
+ return 1;
+}
+
+/* Import and export. Does not support nails. */
+void
+mpz_import (mpz_t r, size_t count, int order, size_t size, int endian,
+ size_t nails, const void *src)
+{
+ const unsigned char *p;
+ ptrdiff_t word_step;
+ mp_ptr rp;
+ mp_size_t rn;
+
+ /* The current (partial) limb. */
+ mp_limb_t limb;
+ /* The number of bytes already copied to this limb (starting from
+ the low end). */
+ size_t bytes;
+ /* The index where the limb should be stored, when completed. */
+ mp_size_t i;
+
+ if (nails != 0)
+ gmp_die ("mpz_import: Nails not supported.");
+
+ assert (order == 1 || order == -1);
+ assert (endian >= -1 && endian <= 1);
+
+ if (endian == 0)
+ endian = gmp_detect_endian ();
+
+ p = (unsigned char *) src;
+
+ word_step = (order != endian) ? 2 * size : 0;
+
+ /* Process bytes from the least significant end, so point p at the
+ least significant word. */
+ if (order == 1)
+ {
+ p += size * (count - 1);
+ word_step = - word_step;
+ }
+
+ /* And at least significant byte of that word. */
+ if (endian == 1)
+ p += (size - 1);
+
+ rn = (size * count + sizeof(mp_limb_t) - 1) / sizeof(mp_limb_t);
+ rp = MPZ_REALLOC (r, rn);
+
+ for (limb = 0, bytes = 0, i = 0; count > 0; count--, p += word_step)
+ {
+ size_t j;
+ for (j = 0; j < size; j++, p -= (ptrdiff_t) endian)
+ {
+ limb |= (mp_limb_t) *p << (bytes++ * CHAR_BIT);
+ if (bytes == sizeof(mp_limb_t))
+ {
+ rp[i++] = limb;
+ bytes = 0;
+ limb = 0;
+ }
+ }
+ }
+ if (bytes > 0)
+ rp[i++] = limb;
+ assert (i == rn);
+
+ r->_mp_size = mpn_normalized_size (rp, i);
+}
+
+void *
+mpz_export (void *r, size_t *countp, int order, size_t size, int endian,
+ size_t nails, const mpz_t u)
+{
+ unsigned char *p;
+ ptrdiff_t word_step;
+ size_t count, k;
+ mp_size_t un;
+
+ /* The current (partial) limb. */
+ mp_limb_t limb;
+ /* The number of bytes left to to in this limb. */
+ size_t bytes;
+ /* The index where the limb was read. */
+ mp_size_t i;
+
+ if (nails != 0)
+ gmp_die ("mpz_import: Nails not supported.");
+
+ assert (order == 1 || order == -1);
+ assert (endian >= -1 && endian <= 1);
+ assert (size > 0 || u->_mp_size == 0);
+
+ un = GMP_ABS (u->_mp_size);
+ if (un == 0)
+ {
+ if (countp)
+ *countp = 0;
+ return r;
+ }
+
+ /* Count bytes in top limb. */
+ for (limb = u->_mp_d[un-1], k = 0; limb > 0; k++, limb >>= CHAR_BIT)
+ ;
+
+ assert (k > 0);
+
+ count = (k + (un-1) * sizeof (mp_limb_t) + size - 1) / size;
+
+ if (!r)
+ r = gmp_xalloc (count * size);
+
+ if (endian == 0)
+ endian = gmp_detect_endian ();
+
+ p = (unsigned char *) r;
+
+ word_step = (order != endian) ? 2 * size : 0;
+
+ /* Process bytes from the least significant end, so point p at the
+ least significant word. */
+ if (order == 1)
+ {
+ p += size * (count - 1);
+ word_step = - word_step;
+ }
+
+ /* And at least significant byte of that word. */
+ if (endian == 1)
+ p += (size - 1);
+
+ for (bytes = 0, i = 0, k = 0; k < count; k++, p += word_step)
+ {
+ size_t j;
+ for (j = 0; j < size; j++, p -= (ptrdiff_t) endian)
+ {
+ if (bytes == 0)
+ {
+ if (i < un)
+ limb = u->_mp_d[i++];
+ bytes = sizeof (mp_limb_t);
+ }
+ *p = limb;
+ limb >>= CHAR_BIT;
+ bytes--;
+ }
+ }
+ assert (i == un);
+ assert (k == count);
+
+ if (countp)
+ *countp = count;
+
+ return r;
+}
--- /dev/null
+/* mini-gmp, a minimalistic implementation of a GNU GMP subset.
+
+Copyright 2011, 2012, 2013 Free Software Foundation, Inc.
+
+This file is part of the GNU MP Library.
+
+The GNU MP Library is free software; you can redistribute it and/or modify
+it under the terms of the GNU Lesser General Public License as published by
+the Free Software Foundation; either version 3 of the License, or (at your
+option) any later version.
+
+The GNU MP Library is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+License for more details.
+
+You should have received a copy of the GNU Lesser General Public License
+along with the GNU MP Library. If not, see http://www.gnu.org/licenses/. */
+
+/* About mini-gmp: This is a minimal implementation of a subset of the
+ GMP interface. It is intended for inclusion into applications which
+ have modest bignums needs, as a fallback when the real GMP library
+ is not installed.
+
+ This file defines the public interface. */
+
+#ifndef __MINI_GMP_H__
+#define __MINI_GMP_H__
+
+/* For size_t */
+#include <stddef.h>
+
+#if defined (__cplusplus)
+extern "C" {
+#endif
+
+void mp_set_memory_functions (void *(*) (size_t),
+ void *(*) (void *, size_t, size_t),
+ void (*) (void *, size_t));
+
+void mp_get_memory_functions (void *(**) (size_t),
+ void *(**) (void *, size_t, size_t),
+ void (**) (void *, size_t));
+
+typedef unsigned long mp_limb_t;
+typedef long mp_size_t;
+typedef unsigned long mp_bitcnt_t;
+
+typedef mp_limb_t *mp_ptr;
+typedef const mp_limb_t *mp_srcptr;
+
+typedef struct
+{
+ int _mp_alloc; /* Number of *limbs* allocated and pointed
+ to by the _mp_d field. */
+ int _mp_size; /* abs(_mp_size) is the number of limbs the
+ last field points to. If _mp_size is
+ negative this is a negative number. */
+ mp_limb_t *_mp_d; /* Pointer to the limbs. */
+} __mpz_struct;
+
+typedef __mpz_struct mpz_t[1];
+
+typedef __mpz_struct *mpz_ptr;
+typedef const __mpz_struct *mpz_srcptr;
+
+void mpn_copyi (mp_ptr, mp_srcptr, mp_size_t);
+void mpn_copyd (mp_ptr, mp_srcptr, mp_size_t);
+
+int mpn_cmp (mp_srcptr, mp_srcptr, mp_size_t);
+
+mp_limb_t mpn_add_1 (mp_ptr, mp_srcptr, mp_size_t, mp_limb_t);
+mp_limb_t mpn_add_n (mp_ptr, mp_srcptr, mp_srcptr, mp_size_t);
+mp_limb_t mpn_add (mp_ptr, mp_srcptr, mp_size_t, mp_srcptr, mp_size_t);
+
+mp_limb_t mpn_sub_1 (mp_ptr, mp_srcptr, mp_size_t, mp_limb_t);
+mp_limb_t mpn_sub_n (mp_ptr, mp_srcptr, mp_srcptr, mp_size_t);
+mp_limb_t mpn_sub (mp_ptr, mp_srcptr, mp_size_t, mp_srcptr, mp_size_t);
+
+mp_limb_t mpn_mul_1 (mp_ptr, mp_srcptr, mp_size_t, mp_limb_t);
+mp_limb_t mpn_addmul_1 (mp_ptr, mp_srcptr, mp_size_t, mp_limb_t);
+mp_limb_t mpn_submul_1 (mp_ptr, mp_srcptr, mp_size_t, mp_limb_t);
+
+mp_limb_t mpn_mul (mp_ptr, mp_srcptr, mp_size_t, mp_srcptr, mp_size_t);
+void mpn_mul_n (mp_ptr, mp_srcptr, mp_srcptr, mp_size_t);
+void mpn_sqr (mp_ptr, mp_srcptr, mp_size_t);
+
+mp_limb_t mpn_lshift (mp_ptr, mp_srcptr, mp_size_t, unsigned int);
+mp_limb_t mpn_rshift (mp_ptr, mp_srcptr, mp_size_t, unsigned int);
+
+mp_limb_t mpn_invert_3by2 (mp_limb_t, mp_limb_t);
+#define mpn_invert_limb(x) mpn_invert_3by2 ((x), 0)
+
+size_t mpn_get_str (unsigned char *, int, mp_ptr, mp_size_t);
+mp_size_t mpn_set_str (mp_ptr, const unsigned char *, size_t, int);
+
+void mpz_init (mpz_t);
+void mpz_init2 (mpz_t, mp_bitcnt_t);
+void mpz_clear (mpz_t);
+
+#define mpz_odd_p(z) (((z)->_mp_size != 0) & (int) (z)->_mp_d[0])
+#define mpz_even_p(z) (! mpz_odd_p (z))
+
+int mpz_sgn (const mpz_t);
+int mpz_cmp_si (const mpz_t, long);
+int mpz_cmp_ui (const mpz_t, unsigned long);
+int mpz_cmp (const mpz_t, const mpz_t);
+int mpz_cmpabs_ui (const mpz_t, unsigned long);
+int mpz_cmpabs (const mpz_t, const mpz_t);
+int mpz_cmp_d (const mpz_t, double);
+int mpz_cmpabs_d (const mpz_t, double);
+
+void mpz_abs (mpz_t, const mpz_t);
+void mpz_neg (mpz_t, const mpz_t);
+void mpz_swap (mpz_t, mpz_t);
+
+void mpz_add_ui (mpz_t, const mpz_t, unsigned long);
+void mpz_add (mpz_t, const mpz_t, const mpz_t);
+void mpz_sub_ui (mpz_t, const mpz_t, unsigned long);
+void mpz_ui_sub (mpz_t, unsigned long, const mpz_t);
+void mpz_sub (mpz_t, const mpz_t, const mpz_t);
+
+void mpz_mul_si (mpz_t, const mpz_t, long int);
+void mpz_mul_ui (mpz_t, const mpz_t, unsigned long int);
+void mpz_mul (mpz_t, const mpz_t, const mpz_t);
+void mpz_mul_2exp (mpz_t, const mpz_t, mp_bitcnt_t);
+
+void mpz_cdiv_qr (mpz_t, mpz_t, const mpz_t, const mpz_t);
+void mpz_fdiv_qr (mpz_t, mpz_t, const mpz_t, const mpz_t);
+void mpz_tdiv_qr (mpz_t, mpz_t, const mpz_t, const mpz_t);
+void mpz_cdiv_q (mpz_t, const mpz_t, const mpz_t);
+void mpz_fdiv_q (mpz_t, const mpz_t, const mpz_t);
+void mpz_tdiv_q (mpz_t, const mpz_t, const mpz_t);
+void mpz_cdiv_r (mpz_t, const mpz_t, const mpz_t);
+void mpz_fdiv_r (mpz_t, const mpz_t, const mpz_t);
+void mpz_tdiv_r (mpz_t, const mpz_t, const mpz_t);
+
+void mpz_cdiv_q_2exp (mpz_t, const mpz_t, mp_bitcnt_t);
+void mpz_fdiv_q_2exp (mpz_t, const mpz_t, mp_bitcnt_t);
+void mpz_tdiv_q_2exp (mpz_t, const mpz_t, mp_bitcnt_t);
+void mpz_cdiv_r_2exp (mpz_t, const mpz_t, mp_bitcnt_t);
+void mpz_fdiv_r_2exp (mpz_t, const mpz_t, mp_bitcnt_t);
+void mpz_tdiv_r_2exp (mpz_t, const mpz_t, mp_bitcnt_t);
+
+void mpz_mod (mpz_t, const mpz_t, const mpz_t);
+
+void mpz_divexact (mpz_t, const mpz_t, const mpz_t);
+
+int mpz_divisible_p (const mpz_t, const mpz_t);
+
+unsigned long mpz_cdiv_qr_ui (mpz_t, mpz_t, const mpz_t, unsigned long);
+unsigned long mpz_fdiv_qr_ui (mpz_t, mpz_t, const mpz_t, unsigned long);
+unsigned long mpz_tdiv_qr_ui (mpz_t, mpz_t, const mpz_t, unsigned long);
+unsigned long mpz_cdiv_q_ui (mpz_t, const mpz_t, unsigned long);
+unsigned long mpz_fdiv_q_ui (mpz_t, const mpz_t, unsigned long);
+unsigned long mpz_tdiv_q_ui (mpz_t, const mpz_t, unsigned long);
+unsigned long mpz_cdiv_r_ui (mpz_t, const mpz_t, unsigned long);
+unsigned long mpz_fdiv_r_ui (mpz_t, const mpz_t, unsigned long);
+unsigned long mpz_tdiv_r_ui (mpz_t, const mpz_t, unsigned long);
+unsigned long mpz_cdiv_ui (const mpz_t, unsigned long);
+unsigned long mpz_fdiv_ui (const mpz_t, unsigned long);
+unsigned long mpz_tdiv_ui (const mpz_t, unsigned long);
+
+unsigned long mpz_mod_ui (mpz_t, const mpz_t, unsigned long);
+
+void mpz_divexact_ui (mpz_t, const mpz_t, unsigned long);
+
+int mpz_divisible_ui_p (const mpz_t, unsigned long);
+
+unsigned long mpz_gcd_ui (mpz_t, const mpz_t, unsigned long);
+void mpz_gcd (mpz_t, const mpz_t, const mpz_t);
+void mpz_gcdext (mpz_t, mpz_t, mpz_t, const mpz_t, const mpz_t);
+void mpz_lcm_ui (mpz_t, const mpz_t, unsigned long);
+void mpz_lcm (mpz_t, const mpz_t, const mpz_t);
+int mpz_invert (mpz_t, const mpz_t, const mpz_t);
+
+void mpz_sqrtrem (mpz_t, mpz_t, const mpz_t);
+void mpz_sqrt (mpz_t, const mpz_t);
+
+void mpz_pow_ui (mpz_t, const mpz_t, unsigned long);
+void mpz_ui_pow_ui (mpz_t, unsigned long, unsigned long);
+void mpz_powm (mpz_t, const mpz_t, const mpz_t, const mpz_t);
+void mpz_powm_ui (mpz_t, const mpz_t, unsigned long, const mpz_t);
+
+void mpz_rootrem (mpz_t, mpz_t, const mpz_t, unsigned long);
+int mpz_root (mpz_t, const mpz_t, unsigned long);
+
+void mpz_fac_ui (mpz_t, unsigned long);
+void mpz_bin_uiui (mpz_t, unsigned long, unsigned long);
+
+int mpz_tstbit (const mpz_t, mp_bitcnt_t);
+void mpz_setbit (mpz_t, mp_bitcnt_t);
+void mpz_clrbit (mpz_t, mp_bitcnt_t);
+void mpz_combit (mpz_t, mp_bitcnt_t);
+
+void mpz_com (mpz_t, const mpz_t);
+void mpz_and (mpz_t, const mpz_t, const mpz_t);
+void mpz_ior (mpz_t, const mpz_t, const mpz_t);
+void mpz_xor (mpz_t, const mpz_t, const mpz_t);
+
+mp_bitcnt_t mpz_popcount (const mpz_t);
+mp_bitcnt_t mpz_hamdist (const mpz_t, const mpz_t);
+mp_bitcnt_t mpz_scan0 (const mpz_t, mp_bitcnt_t);
+mp_bitcnt_t mpz_scan1 (const mpz_t, mp_bitcnt_t);
+
+int mpz_fits_slong_p (const mpz_t);
+int mpz_fits_ulong_p (const mpz_t);
+long int mpz_get_si (const mpz_t);
+unsigned long int mpz_get_ui (const mpz_t);
+double mpz_get_d (const mpz_t);
+size_t mpz_size (const mpz_t);
+mp_limb_t mpz_getlimbn (const mpz_t, mp_size_t);
+
+void mpz_set_si (mpz_t, signed long int);
+void mpz_set_ui (mpz_t, unsigned long int);
+void mpz_set (mpz_t, const mpz_t);
+void mpz_set_d (mpz_t, double);
+
+void mpz_init_set_si (mpz_t, signed long int);
+void mpz_init_set_ui (mpz_t, unsigned long int);
+void mpz_init_set (mpz_t, const mpz_t);
+void mpz_init_set_d (mpz_t, double);
+
+size_t mpz_sizeinbase (const mpz_t, int);
+char *mpz_get_str (char *, int, const mpz_t);
+int mpz_set_str (mpz_t, const char *, int);
+int mpz_init_set_str (mpz_t, const char *, int);
+
+/* This long list taken from gmp.h. */
+/* For reference, "defined(EOF)" cannot be used here. In g++ 2.95.4,
+ <iostream> defines EOF but not FILE. */
+#if defined (FILE) \
+ || defined (H_STDIO) \
+ || defined (_H_STDIO) /* AIX */ \
+ || defined (_STDIO_H) /* glibc, Sun, SCO */ \
+ || defined (_STDIO_H_) /* BSD, OSF */ \
+ || defined (__STDIO_H) /* Borland */ \
+ || defined (__STDIO_H__) /* IRIX */ \
+ || defined (_STDIO_INCLUDED) /* HPUX */ \
+ || defined (__dj_include_stdio_h_) /* DJGPP */ \
+ || defined (_FILE_DEFINED) /* Microsoft */ \
+ || defined (__STDIO__) /* Apple MPW MrC */ \
+ || defined (_MSL_STDIO_H) /* Metrowerks */ \
+ || defined (_STDIO_H_INCLUDED) /* QNX4 */ \
+ || defined (_ISO_STDIO_ISO_H) /* Sun C++ */ \
+ || defined (__STDIO_LOADED) /* VMS */
+size_t mpz_out_str (FILE *, int, const mpz_t);
+#endif
+
+void mpz_import (mpz_t, size_t, int, size_t, int, size_t, const void *);
+void *mpz_export (void *, size_t *, int, size_t, int, size_t, const mpz_t);
+
+#if defined (__cplusplus)
+}
+#endif
+#endif /* __MINI_GMP_H__ */
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
#include <stdlib.h>
#include "nettle-internal.h"
-#include "des.h"
#include "blowfish.h"
+#include "des.h"
+#include "gcm.h"
+#include "salsa20.h"
-/* DES uses a different signature for the key set function.
- * And we have to adjust parity. */
+/* DES uses a different signature for the key set function. We ignore
+ the return value indicating weak keys. */
static void
-des_set_key_hack(void *c, unsigned length, const uint8_t *key)
+des_set_key_hack(void *ctx, unsigned length, const uint8_t *key)
{
- struct des_ctx *ctx = c;
- uint8_t pkey[DES_KEY_SIZE];
-
assert(length == DES_KEY_SIZE);
- des_fix_parity(DES_KEY_SIZE, pkey, key);
- if (!des_set_key(ctx, pkey))
- abort();
+ des_set_key(ctx, key);
}
static void
-des3_set_key_hack(void *c, unsigned length, const uint8_t *key)
+des3_set_key_hack(void *ctx, unsigned length, const uint8_t *key)
{
- struct des3_ctx *ctx = c;
- uint8_t pkey[DES3_KEY_SIZE];
-
assert(length == DES3_KEY_SIZE);
- des_fix_parity(DES3_KEY_SIZE, pkey, key);
- if (!des3_set_key(ctx, pkey))
- abort();
+ des3_set_key(ctx, key);
}
+/* NOTE: A bit ugly. Ignores weak keys, and pretends the set:key
+ functions have no return value. */
const struct nettle_cipher
nettle_des = {
"des", sizeof(struct des_ctx),
(nettle_crypt_func *) des3_decrypt
};
-/* NOTE: This is not as nice as one might think, as it will crash if
- * we try to encrypt something with a weak key. */
+/* NOTE: This is not as nice as one might think, as we pretend
+ blowfish_set_key has no return value. */
const struct nettle_cipher
nettle_blowfish128 = _NETTLE_CIPHER(blowfish, BLOWFISH, 128);
+
+/* Sets a fix zero iv. For benchmarking only. */
+static void
+salsa20_set_key_hack(void *ctx, unsigned length, const uint8_t *key)
+{
+ static const uint8_t iv[SALSA20_IV_SIZE];
+ salsa20_set_key (ctx, length, key);
+ salsa20_set_iv (ctx, iv);
+}
+
+/* Claim zero block size, to classify as a stream cipher. */
+const struct nettle_cipher
+nettle_salsa20 = {
+ "salsa20", sizeof(struct salsa20_ctx),
+ 0, SALSA20_KEY_SIZE,
+ salsa20_set_key_hack, salsa20_set_key_hack,
+ (nettle_crypt_func *) salsa20_crypt,
+ (nettle_crypt_func *) salsa20_crypt
+};
+
+const struct nettle_cipher
+nettle_salsa20r12 = {
+ "salsa20r12", sizeof(struct salsa20_ctx),
+ 0, SALSA20_KEY_SIZE,
+ salsa20_set_key_hack, salsa20_set_key_hack,
+ (nettle_crypt_func *) salsa20r12_crypt,
+ (nettle_crypt_func *) salsa20r12_crypt
+};
+
+const struct nettle_aead
+nettle_gcm_aes128 = _NETTLE_AEAD(gcm, GCM, aes, 128);
+const struct nettle_aead
+nettle_gcm_aes192 = _NETTLE_AEAD(gcm, GCM, aes, 192);
+const struct nettle_aead
+nettle_gcm_aes256 = _NETTLE_AEAD(gcm, GCM, aes, 256);
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_INTERNAL_H_INCLUDED
#if HAVE_ALLOCA
# define TMP_DECL(name, type, max) type *name
-# define TMP_ALLOC(name, size) (name = alloca(sizeof (*name) * size))
+# define TMP_ALLOC(name, size) (name = alloca(sizeof (*name) * (size)))
#else /* !HAVE_ALLOCA */
# define TMP_DECL(name, type, max) type name[max]
# define TMP_ALLOC(name, size) \
-do { if (size > (sizeof(name) / sizeof(name[0]))) abort(); } while (0)
+ do { if ((size) > (sizeof(name) / sizeof(name[0]))) abort(); } while (0)
#endif
/* Arbitrary limits which apply to systems that don't have alloca */
#define NETTLE_MAX_BIGNUM_BITS 10000
+#define NETTLE_MAX_BIGNUM_SIZE ((NETTLE_MAX_BIGNUM_BITS + 7)/8)
#define NETTLE_MAX_HASH_BLOCK_SIZE 128
#define NETTLE_MAX_HASH_DIGEST_SIZE 64
#define NETTLE_MAX_SEXP_ASSOC 17
extern const struct nettle_cipher nettle_blowfish128;
-/* Glue to openssl, for comparative benchmarking. The corresponding
- * code is not included in the nettle library, as that would make the
- * shared library depend on openssl. Instead, look at
+/* For benchmarking only, sets no iv and lies about the block size. */
+extern const struct nettle_cipher nettle_salsa20;
+extern const struct nettle_cipher nettle_salsa20r12;
+
+/* Glue to openssl, for comparative benchmarking. Code in
* examples/nettle-openssl.c. */
extern const struct nettle_cipher nettle_openssl_aes128;
extern const struct nettle_cipher nettle_openssl_aes192;
extern const struct nettle_hash nettle_openssl_md5;
extern const struct nettle_hash nettle_openssl_sha1;
+/* Tentative interface for "authenticated encryption with associated
+ data" algorithms. Should be moved to nettle-meta.h when stable. */
+struct nettle_aead
+{
+ const char *name;
+
+ unsigned context_size;
+ /* Block size of the input, and the size of the output digest */
+ unsigned block_size;
+
+ /* Suggested key size; other sizes are sometimes possible. */
+ unsigned key_size;
+
+ nettle_set_key_func *set_key;
+ nettle_set_key_func *set_iv;
+ nettle_hash_update_func *update;
+ nettle_crypt_func *encrypt;
+ nettle_crypt_func *decrypt;
+ nettle_hash_digest_func *digest;
+};
+
+#define _NETTLE_AEAD(type, TYPE, name, key_size) { \
+ #type "-" #name #key_size, \
+ sizeof(struct type##_##name##_ctx), \
+ TYPE##_BLOCK_SIZE, \
+ key_size / 8, \
+ (nettle_set_key_func *) type##_##name##_set_key, \
+ (nettle_set_key_func *) type##_##name##_set_iv, \
+ (nettle_hash_update_func *) type##_##name##_update, \
+ (nettle_crypt_func *) type##_##name##_encrypt, \
+ (nettle_crypt_func *) type##_##name##_decrypt, \
+ (nettle_hash_digest_func *) type##_##name##_digest, \
+}
+
+extern const struct nettle_aead nettle_gcm_aes128;
+extern const struct nettle_aead nettle_gcm_aes192;
+extern const struct nettle_aead nettle_gcm_aes256;
+
+extern const struct nettle_aead nettle_gcm_camellia128;
+extern const struct nettle_aead nettle_gcm_camellia192;
+extern const struct nettle_aead nettle_gcm_camellia256;
+
+extern const struct nettle_aead nettle_gcm_serpent128;
+extern const struct nettle_aead nettle_gcm_serpent192;
+extern const struct nettle_aead nettle_gcm_serpent256;
+
+extern const struct nettle_aead nettle_gcm_twofish128;
+extern const struct nettle_aead nettle_gcm_twofish192;
+extern const struct nettle_aead nettle_gcm_twofish256;
+
#endif /* NETTLE_INTERNAL_H_INCLUDED */
--- /dev/null
+/* nettle-meta-armors.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2011 Daniel Kahn Gillmor
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <stddef.h>
+#include "nettle-meta.h"
+
+const struct nettle_armor * const nettle_armors[] = {
+ &nettle_base64,
+ &nettle_base16,
+ NULL
+};
--- /dev/null
+/* nettle-meta-ciphers.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2011 Daniel Kahn Gillmor
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <stddef.h>
+#include "nettle-meta.h"
+
+const struct nettle_cipher * const nettle_ciphers[] = {
+ &nettle_aes128,
+ &nettle_aes192,
+ &nettle_aes256,
+ &nettle_arcfour128,
+ &nettle_camellia128,
+ &nettle_camellia192,
+ &nettle_camellia256,
+ &nettle_cast128,
+ &nettle_serpent128,
+ &nettle_serpent192,
+ &nettle_serpent256,
+ &nettle_twofish128,
+ &nettle_twofish192,
+ &nettle_twofish256,
+ &nettle_arctwo40,
+ &nettle_arctwo64,
+ &nettle_arctwo128,
+ &nettle_arctwo_gutmann128,
+ NULL
+};
--- /dev/null
+/* nettle-meta-hashes.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2011 Daniel Kahn Gillmor
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <stddef.h>
+#include "nettle-meta.h"
+
+const struct nettle_hash * const nettle_hashes[] = {
+ &nettle_md2,
+ &nettle_md4,
+ &nettle_md5,
+ &nettle_ripemd160,
+ &nettle_sha1,
+ &nettle_sha224,
+ &nettle_sha256,
+ &nettle_sha384,
+ &nettle_sha512,
+ NULL
+};
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_META_H_INCLUDED
nettle_crypt_func *decrypt;
};
-#define _NETTLE_CIPHER(name, NAME, keysize) { \
- #name #keysize, \
+#define _NETTLE_CIPHER(name, NAME, key_size) { \
+ #name #key_size, \
sizeof(struct name##_ctx), \
NAME##_BLOCK_SIZE, \
- keysize / 8, \
+ key_size / 8, \
(nettle_set_key_func *) name##_set_key, \
(nettle_set_key_func *) name##_set_key, \
(nettle_crypt_func *) name##_encrypt, \
(nettle_crypt_func *) name##_decrypt, \
}
-#define _NETTLE_CIPHER_SEP(name, NAME, keysize) { \
- #name #keysize, \
+#define _NETTLE_CIPHER_SEP(name, NAME, key_size) { \
+ #name #key_size, \
sizeof(struct name##_ctx), \
NAME##_BLOCK_SIZE, \
- keysize / 8, \
+ key_size / 8, \
(nettle_set_key_func *) name##_set_encrypt_key, \
(nettle_set_key_func *) name##_set_decrypt_key, \
(nettle_crypt_func *) name##_encrypt, \
(nettle_crypt_func *) name##_decrypt, \
}
-#define _NETTLE_CIPHER_SEP_SET_KEY(name, NAME, keysize) {\
- #name #keysize, \
+#define _NETTLE_CIPHER_SEP_SET_KEY(name, NAME, key_size) {\
+ #name #key_size, \
sizeof(struct name##_ctx), \
NAME##_BLOCK_SIZE, \
- keysize / 8, \
+ key_size / 8, \
(nettle_set_key_func *) name##_set_encrypt_key, \
(nettle_set_key_func *) name##_set_decrypt_key, \
(nettle_crypt_func *) name##_crypt, \
(nettle_crypt_func *) name##_crypt, \
}
-#define _NETTLE_CIPHER_FIX(name, NAME, keysize) { \
+#define _NETTLE_CIPHER_FIX(name, NAME) { \
#name, \
sizeof(struct name##_ctx), \
NAME##_BLOCK_SIZE, \
- keysize / 8, \
+ NAME##_KEY_SIZE, \
(nettle_set_key_func *) name##_set_key, \
(nettle_set_key_func *) name##_set_key, \
(nettle_crypt_func *) name##_encrypt, \
(nettle_crypt_func *) name##_decrypt, \
}
+/* null-terminated list of ciphers implemented by this version of nettle */
+extern const struct nettle_cipher * const nettle_ciphers[];
+
extern const struct nettle_cipher nettle_aes128;
extern const struct nettle_cipher nettle_aes192;
extern const struct nettle_cipher nettle_aes256;
(nettle_hash_digest_func *) name##_digest \
}
+/* null-terminated list of digests implemented by this version of nettle */
+extern const struct nettle_hash * const nettle_hashes[];
+
extern const struct nettle_hash nettle_md2;
extern const struct nettle_hash nettle_md4;
extern const struct nettle_hash nettle_md5;
+extern const struct nettle_hash nettle_gosthash94;
+extern const struct nettle_hash nettle_ripemd160;
extern const struct nettle_hash nettle_sha1;
extern const struct nettle_hash nettle_sha224;
extern const struct nettle_hash nettle_sha256;
extern const struct nettle_hash nettle_sha384;
extern const struct nettle_hash nettle_sha512;
+extern const struct nettle_hash nettle_sha3_224;
+extern const struct nettle_hash nettle_sha3_256;
+extern const struct nettle_hash nettle_sha3_384;
+extern const struct nettle_hash nettle_sha3_512;
struct nettle_armor
{
(nettle_armor_decode_final_func *) name##_decode_final, \
}
+/* null-terminated list of armor schemes implemented by this version of nettle */
+extern const struct nettle_armor * const nettle_armors[];
+
extern const struct nettle_armor nettle_base64;
extern const struct nettle_armor nettle_base16;
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2005 Niels Möller
+ * Copyright (C) 2005 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_TYPES_H
#define NETTLE_TYPES_H
+/* Pretend these types always exists. Nettle doesn't use them. */
+#define _STDINT_HAVE_INT_FAST32_T 1
+
#include "nettle-stdint.h"
#ifdef __cplusplus
#endif
/* Randomness. Used by key generation and dsa signature creation. */
-typedef void (nettle_random_func)(void *ctx,
- unsigned length, uint8_t *dst);
+typedef void nettle_random_func(void *ctx,
+ unsigned length, uint8_t *dst);
/* Progress report function, mainly for key generation. */
-typedef void (nettle_progress_func)(void *ctx,
- int c);
+typedef void nettle_progress_func(void *ctx, int c);
+
+/* Realloc function, used by struct nettle_buffer. */
+typedef void *nettle_realloc_func(void *ctx, void *p, unsigned length);
/* Ciphers */
-typedef void (nettle_set_key_func)(void *ctx,
- unsigned length,
- const uint8_t *key);
+typedef void nettle_set_key_func(void *ctx,
+ unsigned length,
+ const uint8_t *key);
/* Uses a void * for cipher contexts.
context, but we use the same typedef for stream ciphers where the
internal state changes during the encryption. */
-typedef void (nettle_crypt_func)(void *ctx,
- unsigned length, uint8_t *dst,
- const uint8_t *src);
+typedef void nettle_crypt_func(void *ctx,
+ unsigned length, uint8_t *dst,
+ const uint8_t *src);
/* Hash algorithms */
-typedef void (nettle_hash_init_func)(void *ctx);
-typedef void (nettle_hash_update_func)(void *ctx,
- unsigned length,
- const uint8_t *src);
-typedef void (nettle_hash_digest_func)(void *ctx,
- unsigned length, uint8_t *dst);
+typedef void nettle_hash_init_func(void *ctx);
+typedef void nettle_hash_update_func(void *ctx,
+ unsigned length,
+ const uint8_t *src);
+typedef void nettle_hash_digest_func(void *ctx,
+ unsigned length, uint8_t *dst);
/* ASCII armor codecs. NOTE: Experimental and subject to change. */
-typedef unsigned (nettle_armor_length_func)(unsigned length);
-typedef void (nettle_armor_init_func)(void *ctx);
+typedef unsigned nettle_armor_length_func(unsigned length);
+typedef void nettle_armor_init_func(void *ctx);
-typedef unsigned (nettle_armor_encode_update_func)(void *ctx,
- uint8_t *dst,
- unsigned src_length,
- const uint8_t *src);
+typedef unsigned nettle_armor_encode_update_func(void *ctx,
+ uint8_t *dst,
+ unsigned src_length,
+ const uint8_t *src);
-typedef unsigned (nettle_armor_encode_final_func)(void *ctx, uint8_t *dst);
+typedef unsigned nettle_armor_encode_final_func(void *ctx, uint8_t *dst);
-typedef int (nettle_armor_decode_update_func)(void *ctx,
- unsigned *dst_length,
- uint8_t *dst,
- unsigned src_length,
- const uint8_t *src);
+typedef int nettle_armor_decode_update_func(void *ctx,
+ unsigned *dst_length,
+ uint8_t *dst,
+ unsigned src_length,
+ const uint8_t *src);
-typedef int (nettle_armor_decode_final_func)(void *ctx);
+typedef int nettle_armor_decode_final_func(void *ctx);
#ifdef __cplusplus
}
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2010 Niels Möller
+ * Copyright (C) 2010 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_WRITE_H_INCLUDED
/* Write the word array at SRC to the byte array at DST, using little
endian (le) or big endian (be) byte order, and truncating the
result to LENGTH bytes. */
+
+/* FIXME: Use a macro shortcut to memcpy for native endianness. */
void
_nettle_write_be32(unsigned length, uint8_t *dst,
uint32_t *src);
void
_nettle_write_le32(unsigned length, uint8_t *dst,
uint32_t *src);
+
void
-_nettle_write_be64(unsigned length, uint8_t *dst,
+_nettle_write_le64(unsigned length, uint8_t *dst,
uint64_t *src);
#endif /* NETTLE_WRITE_H_INCLUDED */
- <html lang="en">
+<html lang="en">
<head>
<title>Nettle: a low-level cryptographic library</title>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="description" content="Nettle: a low-level cryptographic library">
-<meta name="generator" content="makeinfo 4.6">
+<meta name="generator" content="makeinfo 4.13">
+<link title="Top" rel="top" href="#Top">
+<link href="http://www.gnu.org/software/texinfo/" rel="generator-home" title="Texinfo Homepage">
<!--
-This manual is for the Nettle library (version 2.1), a
+This manual is for the Nettle library (version 2.7), a
low-level cryptographic library.
- <p>Originally written 2001 by Niels Möller, updated 2010.
+Originally written 2001 by Niels Möller, updated 2013.
- <blockquote>
-This manual is placed in the public domain. You may freely copy it, in
-whole or in part, with or without modification. Attribution is
-appreciated, but not required.
-</blockquote>
+ This manual is placed in the public domain. You may freely copy
+ it, in whole or in part, with or without modification. Attribution
+ is appreciated, but not required.
-->
<meta http-equiv="Content-Style-Type" content="text/css">
<style type="text/css"><!--
pre.smallformat { font-family:inherit; font-size:smaller }
pre.smallexample { font-size:smaller }
pre.smalllisp { font-size:smaller }
+ span.sc { font-variant:small-caps }
+ span.roman { font-family:serif; font-weight:normal; }
+ span.sansserif { font-family:sans-serif; font-weight:normal; }
--></style>
</head>
<body>
<h1 class="settitle">Nettle: a low-level cryptographic library</h1>
-
-<div class="contents">
+ <div class="contents">
<h2>Table of Contents</h2>
<ul>
<li><a name="toc_Top" href="#Top">Nettle</a>
-<li><a name="toc_Introduction" href="#Introduction">Introduction</a>
-<li><a name="toc_Copyright" href="#Copyright">Copyright</a>
-<li><a name="toc_Conventions" href="#Conventions">Conventions</a>
-<li><a name="toc_Example" href="#Example">Example</a>
-<li><a name="toc_Linking" href="#Linking">Linking</a>
-<li><a name="toc_Reference" href="#Reference">Reference</a>
+<li><a name="toc_Introduction" href="#Introduction">1 Introduction</a>
+<li><a name="toc_Copyright" href="#Copyright">2 Copyright</a>
+<li><a name="toc_Conventions" href="#Conventions">3 Conventions</a>
+<li><a name="toc_Example" href="#Example">4 Example</a>
+<li><a name="toc_Linking" href="#Linking">5 Linking</a>
+<li><a name="toc_Reference" href="#Reference">6 Reference</a>
+<ul>
+<li><a href="#Hash-functions">6.1 Hash functions</a>
<ul>
-<li><a href="#Hash%20functions">Hash functions</a>
+<li><a href="#Recommended-hash-functions">6.1.1 Recommended hash functions</a>
<ul>
-<li><a href="#Hash%20functions"><small>MD5</small></a>
-<li><a href="#Hash%20functions"><small>MD2</small></a>
-<li><a href="#Hash%20functions"><small>MD4</small></a>
-<li><a href="#Hash%20functions"><small>SHA1</small></a>
-<li><a href="#Hash%20functions"><small>SHA256</small></a>
-<li><a href="#Hash%20functions"><small>SHA224</small></a>
-<li><a href="#Hash%20functions"><small>SHA512</small></a>
-<li><a href="#Hash%20functions"><small>SHA384</small></a>
-<li><a href="#Hash%20functions"><code>struct nettle_hash</code></a>
+<li><a href="#Recommended-hash-functions">6.1.1.1 <acronym>SHA256</acronym></a>
+<li><a href="#Recommended-hash-functions">6.1.1.2 <acronym>SHA224</acronym></a>
+<li><a href="#Recommended-hash-functions">6.1.1.3 <acronym>SHA512</acronym></a>
+<li><a href="#Recommended-hash-functions">6.1.1.4 <acronym>SHA384</acronym></a>
+<li><a href="#Recommended-hash-functions">6.1.1.5 <acronym>SHA3-224</acronym></a>
+<li><a href="#Recommended-hash-functions">6.1.1.6 <acronym>SHA3-256</acronym></a>
+<li><a href="#Recommended-hash-functions">6.1.1.7 <acronym>SHA3-384</acronym></a>
+<li><a href="#Recommended-hash-functions">6.1.1.8 <acronym>SHA3-512</acronym></a>
</li></ul>
-<li><a href="#Cipher%20functions">Cipher functions</a>
+<li><a href="#Legacy-hash-functions">6.1.2 Legacy hash functions</a>
<ul>
-<li><a href="#Cipher%20functions">AES</a>
-<li><a href="#Cipher%20functions">ARCFOUR</a>
-<li><a href="#Cipher%20functions">ARCTWO</a>
-<li><a href="#Cipher%20functions">BLOWFISH</a>
-<li><a href="#Cipher%20functions">Camellia</a>
-<li><a href="#Cipher%20functions">CAST128</a>
-<li><a href="#Cipher%20functions">DES</a>
-<li><a href="#Cipher%20functions">DES3</a>
-<li><a href="#Cipher%20functions">SERPENT</a>
-<li><a href="#Cipher%20functions">TWOFISH</a>
-<li><a href="#Cipher%20functions"><code>struct nettle_cipher</code></a>
+<li><a href="#Legacy-hash-functions">6.1.2.1 <acronym>MD5</acronym></a>
+<li><a href="#Legacy-hash-functions">6.1.2.2 <acronym>MD2</acronym></a>
+<li><a href="#Legacy-hash-functions">6.1.2.3 <acronym>MD4</acronym></a>
+<li><a href="#Legacy-hash-functions">6.1.2.4 <acronym>RIPEMD160</acronym></a>
+<li><a href="#Legacy-hash-functions">6.1.2.5 <acronym>SHA1</acronym></a>
+<li><a href="#Legacy-hash-functions">6.1.2.6 <acronym>GOSTHASH94</acronym></a>
</li></ul>
-<li><a href="#Cipher%20modes">Cipher modes</a>
+<li><a href="#nettle_005fhash-abstraction">6.1.3 The nettle_hash abstraction</a>
+</li></ul>
+<li><a href="#Cipher-functions">6.2 Cipher functions</a>
<ul>
-<li><a href="#Cipher%20modes">Cipher Block Chaining</a>
-<li><a href="#Cipher%20modes">Counter mode</a>
+<li><a href="#Cipher-functions">6.2.1 AES</a>
+<li><a href="#Cipher-functions">6.2.2 ARCFOUR</a>
+<li><a href="#Cipher-functions">6.2.3 ARCTWO</a>
+<li><a href="#Cipher-functions">6.2.4 BLOWFISH</a>
+<li><a href="#Cipher-functions">6.2.5 Camellia</a>
+<li><a href="#Cipher-functions">6.2.6 CAST128</a>
+<li><a href="#Cipher-functions">6.2.7 DES</a>
+<li><a href="#Cipher-functions">6.2.8 DES3</a>
+<li><a href="#Cipher-functions">6.2.9 Salsa20</a>
+<li><a href="#Cipher-functions">6.2.10 SERPENT</a>
+<li><a href="#Cipher-functions">6.2.11 TWOFISH</a>
+<li><a href="#Cipher-functions">6.2.12 <code>struct nettle_cipher</code></a>
</li></ul>
-<li><a href="#Keyed%20hash%20functions">Keyed Hash Functions</a>
+<li><a href="#Cipher-modes">6.3 Cipher modes</a>
<ul>
-<li><a href="#Keyed%20hash%20functions"><small>HMAC</small></a>
-<li><a href="#Keyed%20hash%20functions">Concrete <small>HMAC</small> functions</a>
+<li><a href="#CBC">6.3.1 Cipher Block Chaining</a>
+<li><a href="#CTR">6.3.2 Counter mode</a>
+<li><a href="#GCM">6.3.3 Galois counter mode</a>
<ul>
-<li><a href="#Keyed%20hash%20functions"><small>HMAC-MD5</small></a>
-<li><a href="#Keyed%20hash%20functions"><small>HMAC-SHA1</small></a>
-<li><a href="#Keyed%20hash%20functions"><small>HMAC-SHA256</small></a>
-<li><a href="#Keyed%20hash%20functions"><small>HMAC-SHA512</small></a>
+<li><a href="#GCM">6.3.3.1 General <acronym>GCM</acronym> interface</a>
+<li><a href="#GCM">6.3.3.2 <acronym>GCM</acronym> helper macros</a>
+<li><a href="#GCM">6.3.3.3 <acronym>GCM</acronym>-<acronym>AES</acronym> interface</a>
</li></ul>
</li></ul>
-<li><a href="#Public-key%20algorithms">Public-key algorithms</a>
+<li><a href="#Keyed-hash-functions">6.4 Keyed Hash Functions</a>
+<ul>
+<li><a href="#Keyed-hash-functions">6.4.1 <acronym>HMAC</acronym></a>
+<li><a href="#Keyed-hash-functions">6.4.2 Concrete <acronym>HMAC</acronym> functions</a>
<ul>
-<li><a href="#RSA"><small>RSA</small></a>
-<li><a href="#RSA">Nettle's <small>RSA</small> support</a>
-<li><a href="#DSA">Nettle's <small>DSA</small> support</a>
+<li><a href="#Keyed-hash-functions">6.4.2.1 <acronym>HMAC-MD5</acronym></a>
+<li><a href="#Keyed-hash-functions">6.4.2.2 <acronym>HMAC-RIPEMD160</acronym></a>
+<li><a href="#Keyed-hash-functions">6.4.2.3 <acronym>HMAC-SHA1</acronym></a>
+<li><a href="#Keyed-hash-functions">6.4.2.4 <acronym>HMAC-SHA256</acronym></a>
+<li><a href="#Keyed-hash-functions">6.4.2.5 <acronym>HMAC-SHA512</acronym></a>
</li></ul>
-<li><a href="#Randomness">Randomness</a>
+<li><a href="#Keyed-hash-functions">6.4.3 <acronym>UMAC</acronym></a>
+</li></ul>
+<li><a href="#Key-derivation-functions">6.5 Key derivation Functions</a>
+<ul>
+<li><a href="#Key-derivation-functions">6.5.1 <acronym>PBKDF2</acronym></a>
+<li><a href="#Key-derivation-functions">6.5.2 Concrete <acronym>PBKDF2</acronym> functions</a>
+<ul>
+<li><a href="#Key-derivation-functions">6.5.2.1 <acronym>PBKDF2-HMAC-SHA1</acronym></a>
+<li><a href="#Key-derivation-functions">6.5.2.2 <acronym>PBKDF2-HMAC-SHA256</acronym></a>
+</li></ul>
+</li></ul>
+<li><a href="#Public_002dkey-algorithms">6.6 Public-key algorithms</a>
<ul>
-<li><a href="#Randomness">Yarrow</a>
+<li><a href="#RSA">6.6.1 <acronym>RSA</acronym></a>
+<li><a href="#RSA">6.6.2 Nettle's <acronym>RSA</acronym> support</a>
+<li><a href="#DSA">6.6.3 <acronym>DSA</acronym></a>
+<li><a href="#DSA">6.6.4 Nettle's <acronym>DSA</acronym> support</a>
+<li><a href="#Elliptic-curves">6.6.5 <acronym>Elliptic curves</acronym></a>
+<ul>
+<li><a href="#Elliptic-curves">6.6.5.1 Side-channel silence</a>
</li></ul>
-<li><a href="#Miscellaneous%20functions">Miscellaneous functions</a>
-<li><a href="#Compatibility%20functions">Compatibility functions</a>
+<li><a href="#Elliptic-curves">6.6.6 ECDSA</a>
</li></ul>
-<li><a name="toc_Nettle%20soup" href="#Nettle%20soup">Traditional Nettle Soup</a>
-<li><a name="toc_Installation" href="#Installation">Installation</a>
+<li><a href="#Randomness">6.7 Randomness</a>
+<ul>
+<li><a href="#Randomness">6.7.1 Yarrow</a>
+</li></ul>
+<li><a href="#ASCII-encoding">6.8 ASCII encoding</a>
+<li><a href="#Miscellaneous-functions">6.9 Miscellaneous functions</a>
+<li><a href="#Compatibility-functions">6.10 Compatibility functions</a>
+</li></ul>
+<li><a name="toc_Nettle-soup" href="#Nettle-soup">7 Traditional Nettle Soup</a>
+<li><a name="toc_Installation" href="#Installation">8 Installation</a>
<li><a name="toc_Index" href="#Index">Function and Concept Index</a>
</li></ul>
</div>
+
<div class="node">
+<a name="Top"></a>
<p><hr>
-Node: <a name="Top">Top</a>,
Next: <a rel="next" accesskey="n" href="#Introduction">Introduction</a>,
Previous: <a rel="previous" accesskey="p" href="#dir">(dir)</a>,
Up: <a rel="up" accesskey="u" href="#dir">(dir)</a>
-<br>
+
</div>
+<!-- node-name, next, previous, up -->
<h2 class="unnumbered">Nettle</h2>
<p>This document describes the Nettle low-level cryptographic library. You
can use the library directly from your C programs, or write or use an
object-oriented wrapper for your favorite language or application.
-This manual is for the Nettle library (version 2.1), a
+ <p>This manual is for the Nettle library (version 2.7), a
low-level cryptographic library.
- <p>Originally written 2001 by Niels Möller, updated 2010.
+ <p>Originally written 2001 by Niels Möller, updated 2013.
<blockquote>
This manual is placed in the public domain. You may freely copy it, in
whole or in part, with or without modification. Attribution is
appreciated, but not required.
</blockquote>
-
+
<ul class="menu">
<li><a accesskey="1" href="#Introduction">Introduction</a>: What is Nettle?
<li><a accesskey="2" href="#Copyright">Copyright</a>: Your rights.
<li><a accesskey="3" href="#Conventions">Conventions</a>: General interface conventions.
<li><a accesskey="4" href="#Example">Example</a>: An example program.
-<li><a accesskey="5" href="#Linking">Linking</a>: Linking with the libnettle and libhogweed.
+<li><a accesskey="5" href="#Linking">Linking</a>: Linking with libnettle and libhogweed.
<li><a accesskey="6" href="#Reference">Reference</a>: All Nettle functions and features.
-<li><a accesskey="7" href="#Nettle%20soup">Nettle soup</a>: For the serious nettle hacker.
+<li><a accesskey="7" href="#Nettle-soup">Nettle soup</a>: For the serious nettle hacker.
<li><a accesskey="8" href="#Installation">Installation</a>: How to install Nettle.
-<li><a accesskey="9" href="#Index">Index</a>: Function and concept index.
-</ul>
+<li><a accesskey="9" href="#Index">Index</a>: Function and concept index.
+
+</li></ul>
+<p>--- The Detailed Node Listing ---
+
+<p>Reference
+
+</p>
+<ul class="menu">
+<li><a href="#Hash-functions">Hash functions</a>
+<li><a href="#Cipher-functions">Cipher functions</a>
+<li><a href="#Cipher-modes">Cipher modes</a>
+<li><a href="#Keyed-hash-functions">Keyed hash functions</a>
+<li><a href="#Key-derivation-functions">Key derivation functions</a>
+<li><a href="#Public_002dkey-algorithms">Public-key algorithms</a>
+<li><a href="#Randomness">Randomness</a>
+<li><a href="#ASCII-encoding">ASCII encoding</a>
+<li><a href="#Miscellaneous-functions">Miscellaneous functions</a>
+<li><a href="#Compatibility-functions">Compatibility functions</a>
+
+</li></ul>
+<p>Cipher modes
+
+</p>
+<ul class="menu">
+<li><a href="#CBC">CBC</a>
+<li><a href="#CTR">CTR</a>
+<li><a href="#GCM">GCM</a>
+
+</li></ul>
+<p>Public-key algorithms
+
+</p>
+<ul class="menu">
+<li><a href="#RSA">RSA</a>: The RSA public key algorithm.
+<li><a href="#DSA">DSA</a>: The DSA digital signature algorithm.
+<li><a href="#Elliptic-curves">Elliptic curves</a>: Elliptic curves and ECDSA
+
+ </ul>
<div class="node">
+<a name="Introduction"></a>
<p><hr>
-Node: <a name="Introduction">Introduction</a>,
Next: <a rel="next" accesskey="n" href="#Copyright">Copyright</a>,
Previous: <a rel="previous" accesskey="p" href="#Top">Top</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
-<br>
+
</div>
-<h2 class="chapter">Introduction</h2>
+<!-- node-name, next, previous, up -->
+<h2 class="chapter">1 Introduction</h2>
<p>Nettle is a cryptographic library that is designed to fit easily in more
or less any context: In crypto toolkits for object-oriented languages
put it to use.
<div class="node">
+<a name="Copyright"></a>
<p><hr>
-Node: <a name="Copyright">Copyright</a>,
Next: <a rel="next" accesskey="n" href="#Conventions">Conventions</a>,
Previous: <a rel="previous" accesskey="p" href="#Introduction">Introduction</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
-<br>
+
</div>
-<h2 class="chapter">Copyright</h2>
+<!-- node-name, next, previous, up -->
+<h2 class="chapter">2 Copyright</h2>
-<p>Nettle is distributed under the GNU General Public License (GPL) (see
-the file COPYING for details). However, most of the individual files
-are dual licensed under less restrictive licenses like the GNU Lesser
-General Public License (LGPL), or are in the public domain. This means
-that if you don't use the parts of nettle that are GPL-only, you have
-the option to use the Nettle library just as if it were licensed under
-the LGPL. To find the current status of particular files, you have to
-read the copyright notices at the top of the files.
+<p>Nettle is distributed under the GNU Lesser General Public License
+(LGPL), see the file COPYING.LIB for details. A few of the individual
+files are in the public domain. To find the current status of particular
+files, you have to read the copyright notices at the top of the files.
<p>This manual is in the public domain. You may freely copy it in whole or
in part, e.g., into documentation of programs that build on Nettle.
<p>A list of the supported algorithms, their origins and licenses:
<dl>
-<dt><em>AES</em>
- <dd>The implementation of the AES cipher (also known as rijndael) is written
+<dt><em>AES</em><dd>The implementation of the AES cipher (also known as rijndael) is written
by Rafael Sevilla. Assembler for x86 by Rafael Sevilla and
-Niels Möller, Sparc assembler by Niels Möller. Released under the
+Niels Möller, Sparc assembler by Niels Möller. Released under the
LGPL.
- <br><dt><em>ARCFOUR</em>
- <dd>The implementation of the ARCFOUR (also known as RC4) cipher is written
-by Niels Möller. Released under the LGPL.
+ <br><dt><em>ARCFOUR</em><dd>The implementation of the ARCFOUR (also known as RC4) cipher is written
+by Niels Möller. Released under the LGPL.
- <br><dt><em>ARCTWO</em>
- <dd>The implementation of the ARCTWO (also known as RC2) cipher is written
+ <br><dt><em>ARCTWO</em><dd>The implementation of the ARCTWO (also known as RC2) cipher is written
by Nikos Mavroyanopoulos and modified by Werner Koch and Simon
Josefsson. Released under the LGPL.
- <br><dt><em>BLOWFISH</em>
- <dd>The implementation of the BLOWFISH cipher is written by Werner Koch,
-copyright owned by the Free Software Foundation. Also hacked by Ray
-Dassen and Niels Möller. Released under the GPL.
+ <br><dt><em>BLOWFISH</em><dd>The implementation of the BLOWFISH cipher is written by Werner Koch,
+copyright owned by the Free Software Foundation. Also hacked by Simon
+Josefsson and Niels Möller. Released under the LGPL.
- <br><dt><em>CAMELLIA</em>
- <dd>The C implementation is by Nippon Telegraph and Telephone Corporation
-(NTT), heavily modified by Niels Möller. Assembler for x86 by
-Niels Möller. Released under the LGPL.
+ <br><dt><em>CAMELLIA</em><dd>The C implementation is by Nippon Telegraph and Telephone Corporation
+(NTT), heavily modified by Niels Möller. Assembler for x86 and x86_64
+by Niels Möller. Released under the LGPL.
- <br><dt><em>CAST128</em>
- <dd>The implementation of the CAST128 cipher is written by Steve Reid.
+ <br><dt><em>CAST128</em><dd>The implementation of the CAST128 cipher is written by Steve Reid.
Released into the public domain.
- <br><dt><em>DES</em>
- <dd>The implementation of the DES cipher is written by Dana L. How, and
+ <br><dt><em>DES</em><dd>The implementation of the DES cipher is written by Dana L. How, and
released under the LGPL.
- <br><dt><em>MD2</em>
- <dd>The implementation of MD2 is written by Andrew Kuchling, and hacked
-some by Andreas Sigfridsson and Niels Möller. Python Cryptography
+ <br><dt><em>GOSTHASH94</em><dd>The C implementation of the GOST94 message digest is written by
+Aleksey Kravchenko and was ported from the rhash library by Nikos
+Mavrogiannopoulos. It is released under the MIT license.
+
+ <br><dt><em>MD2</em><dd>The implementation of MD2 is written by Andrew Kuchling, and hacked
+some by Andreas Sigfridsson and Niels Möller. Python Cryptography
Toolkit license (essentially public domain).
- <br><dt><em>MD4</em>
- <dd>This is almost the same code as for MD5 below, with modifications by
+ <br><dt><em>MD4</em><dd>This is almost the same code as for MD5 below, with modifications by
Marcus Comstedt. Released into the public domain.
- <br><dt><em>MD5</em>
- <dd>The implementation of the MD5 message digest is written by Colin Plumb.
-It has been hacked some more by Andrew Kuchling and Niels Möller.
+ <br><dt><em>MD5</em><dd>The implementation of the MD5 message digest is written by Colin Plumb.
+It has been hacked some more by Andrew Kuchling and Niels Möller.
Released into the public domain.
- <br><dt><em>SERPENT</em>
- <dd>The implementation of the SERPENT cipher is written by Ross Anderson,
-Eli Biham, and Lars Knudsen, adapted to LSH by Rafael Sevilla, and to
-Nettle by Niels Möller. Released under the GPL.
+ <br><dt><em>PBKDF2</em><dd>The C implementation of PBKDF2 is based on earlier work for Shishi and
+GnuTLS by Simon Josefsson. Released under the LGPL.
- <br><dt><em>SHA1</em>
- <dd>The C implementation of the SHA1 message digest is written by Peter
-Gutmann, and hacked some more by Andrew Kuchling and Niels Möller.
-Released into the public domain. Assembler for x86 by Niels Möller,
-released under the LGPL.
+ <br><dt><em>RIPEMD160</em><dd>The implementation of RIPEMD160 message digest is based on the code in
+libgcrypt, copyright owned by the Free Software Foundation. Ported to
+Nettle by Andres Mejia. Released under the LGPL.
+
+ <br><dt><em>SALSA20</em><dd>The C implementation of SALSA20 is based on D. J. Bernstein's reference
+implementation (in the public domain), adapted to Nettle by Simon
+Josefsson, and heavily modified by Niels Möller. Assembly for x86_64 and
+ARM by Niels Möller. Released under the LGPL.
- <br><dt><em>SHA224, SHA256, SHA384, and SHA512</em>
- <dd>Written by Niels Möller, using Peter Gutmann's SHA1 code as a model.
+ <br><dt><em>SERPENT</em><dd>The implementation of the SERPENT cipher is based on the code in libgcrypt,
+copyright owned by the Free Software Foundation. Adapted to Nettle by
+Simon Josefsson and heavily modified by Niels Möller. Assembly for
+x86_64 by Niels Möller. Released under the LGPL.
+
+ <br><dt><em>SHA1</em><dd>The C implementation of the SHA1 message digest is written by Peter
+Gutmann, and hacked some more by Andrew Kuchling and Niels Möller.
+Released into the public domain. Assembler for x86, x86_64 and ARM by
+Niels Möller, released under the LGPL.
+
+ <br><dt><em>SHA2</em><dd>Written by Niels Möller, using Peter Gutmann's SHA1 code as a model.
Released under the LGPL.
- <br><dt><em>TWOFISH</em>
- <dd>The implementation of the TWOFISH cipher is written by Ruud de Rooij.
+ <br><dt><em>SHA3</em><dd>Written by Niels Möller. Released under the LGPL.
+
+ <br><dt><em>TWOFISH</em><dd>The implementation of the TWOFISH cipher is written by Ruud de Rooij.
Released under the LGPL.
- <br><dt><em>RSA</em>
- <dd>Written by Niels Möller, released under the LGPL. Uses the GMP library
+ <br><dt><em>UMAC</em><dd>Written by Niels Möller. Released under the LGPL.
+
+ <br><dt><em>RSA</em><dd>Written by Niels Möller, released under the LGPL. Uses the GMP library
+for bignum operations.
+
+ <br><dt><em>DSA</em><dd>Written by Niels Möller, released under the LGPL. Uses the GMP library
for bignum operations.
- <br><dt><em>DSA</em>
- <dd>Written by Niels Möller, released under the LGPL. Uses the GMP library
-for bignum operations.
+ <br><dt><em>ECDSA</em><dd>Written by Niels Möller, released under the LGPL. Uses the GMP library
+for bignum operations. Development of Nettle's ECC support was funded by
+the .SE Internet Fund.
</dl>
<div class="node">
+<a name="Conventions"></a>
<p><hr>
-Node: <a name="Conventions">Conventions</a>,
Next: <a rel="next" accesskey="n" href="#Example">Example</a>,
Previous: <a rel="previous" accesskey="p" href="#Copyright">Copyright</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
-<br>
+
</div>
-<h2 class="chapter">Conventions</h2>
+<!-- node-name, next, previous, up -->
+<h2 class="chapter">3 Conventions</h2>
<p>For each supported algorithm, there is an include file that defines a
<em>context struct</em>, a few constants, and declares functions for
<p>Many of the functions lack return value and can never fail. Those
functions which can fail, return one on success and zero on failure.
+<!-- FIXME: Say something about the name mangling. -->
<div class="node">
+<a name="Example"></a>
<p><hr>
-Node: <a name="Example">Example</a>,
Next: <a rel="next" accesskey="n" href="#Linking">Linking</a>,
Previous: <a rel="previous" accesskey="p" href="#Conventions">Conventions</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
-<br>
+
</div>
-<h2 class="chapter">Example</h2>
+<!-- node-name, next, previous, up -->
+<h2 class="chapter">4 Example</h2>
<p>A simple example program that reads a file from standard input and
-writes its SHA1 checksum on standard output should give the flavor of
+writes its SHA1 check-sum on standard output should give the flavor of
Nettle.
-<pre class="example">
-
- <pre class="verbatim">#include <stdio.h>
+<pre class="example"><pre class="verbatim"> #include <stdio.h>
#include <stdlib.h>
- #include <nettle/sha.h>
+ #include <nettle/sha1.h>
#define BUF_SIZE 1000
display_hex(SHA1_DIGEST_SIZE, digest);
return EXIT_SUCCESS;
}
- </pre></pre>
-
+</pre></pre>
<p>On a typical Unix system, this program can be compiled and linked with
the command line
-<pre class="example"> cc sha-example.c -o sha-example -lnettle
- </pre>
-
-<div class="node">
+<pre class="example"> gcc sha-example.c -o sha-example -lnettle
+</pre>
+ <div class="node">
+<a name="Linking"></a>
<p><hr>
-Node: <a name="Linking">Linking</a>,
Next: <a rel="next" accesskey="n" href="#Reference">Reference</a>,
Previous: <a rel="previous" accesskey="p" href="#Example">Example</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
-<br>
+
</div>
-<h2 class="chapter">Linking</h2>
+<!-- node-name, next, previous, up -->
+<h2 class="chapter">5 Linking</h2>
-<p>Nettle actually consists of two libraries, <code>libnettle</code> and
-<code>libhogweed</code>. The <code>libhogweed</code> library contains those
+<p>Nettle actually consists of two libraries, <samp><span class="file">libnettle</span></samp> and
+<samp><span class="file">libhogweed</span></samp>. The <samp><span class="file">libhogweed</span></samp> library contains those
functions of Nettle that uses bignum operations, and depends on the GMP
library. With this division, linking works the same for both static and
dynamic libraries.
will resolve the dependencies automatically.
<div class="node">
+<a name="Reference"></a>
<p><hr>
-Node: <a name="Reference">Reference</a>,
-Next: <a rel="next" accesskey="n" href="#Nettle%20soup">Nettle soup</a>,
+Next: <a rel="next" accesskey="n" href="#Nettle-soup">Nettle soup</a>,
Previous: <a rel="previous" accesskey="p" href="#Linking">Linking</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
-<br>
+
</div>
-<h2 class="chapter">Reference</h2>
+<!-- node-name, next, previous, up -->
+<h2 class="chapter">6 Reference</h2>
<p>This chapter describes all the Nettle functions, grouped by family.
<ul class="menu">
-<li><a accesskey="1" href="#Hash%20functions">Hash functions</a>:
-<li><a accesskey="2" href="#Cipher%20functions">Cipher functions</a>:
-<li><a accesskey="3" href="#Cipher%20modes">Cipher modes</a>:
-<li><a accesskey="4" href="#Keyed%20hash%20functions">Keyed hash functions</a>:
-<li><a accesskey="5" href="#Public-key%20algorithms">Public-key algorithms</a>:
-<li><a accesskey="6" href="#Randomness">Randomness</a>:
-<li><a accesskey="7" href="#Miscellaneous%20functions">Miscellaneous functions</a>:
-<li><a accesskey="8" href="#Compatibility%20functions">Compatibility functions</a>:
+<li><a accesskey="1" href="#Hash-functions">Hash functions</a>
+<li><a accesskey="2" href="#Cipher-functions">Cipher functions</a>
+<li><a accesskey="3" href="#Cipher-modes">Cipher modes</a>
+<li><a accesskey="4" href="#Keyed-hash-functions">Keyed hash functions</a>
+<li><a accesskey="5" href="#Key-derivation-functions">Key derivation functions</a>
+<li><a accesskey="6" href="#Public_002dkey-algorithms">Public-key algorithms</a>
+<li><a accesskey="7" href="#Randomness">Randomness</a>
+<li><a accesskey="8" href="#ASCII-encoding">ASCII encoding</a>
+<li><a accesskey="9" href="#Miscellaneous-functions">Miscellaneous functions</a>
+<li><a href="#Compatibility-functions">Compatibility functions</a>
</ul>
<div class="node">
+<a name="Hash-functions"></a>
<p><hr>
-Node: <a name="Hash%20functions">Hash functions</a>,
-Next: <a rel="next" accesskey="n" href="#Cipher%20functions">Cipher functions</a>,
+Next: <a rel="next" accesskey="n" href="#Cipher-functions">Cipher functions</a>,
Previous: <a rel="previous" accesskey="p" href="#Reference">Reference</a>,
Up: <a rel="up" accesskey="u" href="#Reference">Reference</a>
-<br>
+
</div>
-<h3 class="section">Hash functions</h3>
+<!-- node-name, next, previous, up -->
+<h3 class="section">6.1 Hash functions</h3>
-<p>A cryptographic <dfn>hash function</dfn> is a function that takes variable
+<p><a name="index-Hash-function-1"></a>A cryptographic <dfn>hash function</dfn> is a function that takes variable
size strings, and maps them to strings of fixed, short, length. There
are naturally lots of collisions, as there are more possible 1MB files
than 20 byte strings. But the function is constructed such that is hard
<code>H</code> should have the following properties:
<dl>
-
- <br><dt><em>One-way</em>
- <dd>Given a hash value <code>H(x)</code> it is hard to find a string <code>x</code>
+<dt><em>One-way</em><dd><a name="index-One_002dway-2"></a>Given a hash value <code>H(x)</code> it is hard to find a string <code>x</code>
that hashes to that value.
- <br><dt><em>Collision-resistant</em>
- <dd>It is hard to find two different strings, <code>x</code> and <code>y</code>, such
+ <br><dt><em>Collision-resistant</em><dd><a name="index-Collision_002dresistant-3"></a>It is hard to find two different strings, <code>x</code> and <code>y</code>, such
that <code>H(x)</code> = <code>H(y)</code>.
</dl>
<p>The most commonly used hash functions are MD5 and SHA1. Unfortunately,
both these fail the collision-resistance requirement; cryptologists have
-found ways to construct colliding inputs. The recommended hash function
-for new applications is SHA256, even though it uses a structure similar
-to MD5 and SHA1. Constructing better hash functions is an urgent research
-problem.
+found ways to construct colliding inputs. The recommended hash functions
+for new applications are SHA2 (with main variants SHA256 and SHA512). At
+the time of this writing (December 2012), the winner of the NIST SHA3
+competition has recently been announced, and the new SHA3 (earlier known
+as Keccak) and other top SHA3 candidates may also be reasonable
+alternatives.
+
+<ul class="menu">
+<li><a accesskey="1" href="#Recommended-hash-functions">Recommended hash functions</a>
+<li><a accesskey="2" href="#Legacy-hash-functions">Legacy hash functions</a>
+<li><a accesskey="3" href="#nettle_005fhash-abstraction">nettle_hash abstraction</a>
+</ul>
+
+<div class="node">
+<a name="Recommended-hash-functions"></a>
+<p><hr>
+Next: <a rel="next" accesskey="n" href="#Legacy-hash-functions">Legacy hash functions</a>,
+Up: <a rel="up" accesskey="u" href="#Hash-functions">Hash functions</a>
+
+</div>
+
+<!-- node-name, next, previous, up -->
+<h4 class="subsection">6.1.1 Recommended hash functions</h4>
+
+<p>The following hash functions have no known weaknesses, and are suitable
+for new applications. The SHA2 family of hash functions were specified
+by <dfn>NIST</dfn>, intended as a replacement for <acronym>SHA1</acronym>.
+
+<h5 class="subsubsection">6.1.1.1 <acronym>SHA256</acronym></h5>
+
+<p>SHA256 is a member of the SHA2 family. It outputs hash values of 256
+bits, or 32 octets. Nettle defines SHA256 in <samp><span class="file"><nettle/sha2.h></span></samp>.
+
+<div class="defun">
+— Context struct: <b>struct sha256_ctx</b><var><a name="index-struct-sha256_005fctx-4"></a></var><br>
+ </div>
+
+<div class="defun">
+— Constant: <b>SHA256_DIGEST_SIZE</b><var><a name="index-SHA256_005fDIGEST_005fSIZE-5"></a></var><br>
+<blockquote><p>The size of a SHA256 digest, i.e. 32.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>SHA256_DATA_SIZE</b><var><a name="index-SHA256_005fDATA_005fSIZE-6"></a></var><br>
+<blockquote><p>The internal block size of SHA256. Useful for some special constructions,
+in particular HMAC-SHA256.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>sha256_init</b> (<var>struct sha256_ctx *ctx</var>)<var><a name="index-sha256_005finit-7"></a></var><br>
+<blockquote><p>Initialize the SHA256 state.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>sha256_update</b> (<var>struct sha256_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-sha256_005fupdate-8"></a></var><br>
+<blockquote><p>Hash some more data.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>sha256_digest</b> (<var>struct sha256_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-sha256_005fdigest-9"></a></var><br>
+<blockquote><p>Performs final processing and extracts the message digest, writing it
+to <var>digest</var>. <var>length</var> may be smaller than
+<code>SHA256_DIGEST_SIZE</code>, in which case only the first <var>length</var>
+octets of the digest are written.
+
+ <p>This function also resets the context in the same way as
+<code>sha256_init</code>.
+</p></blockquote></div>
+
+ <p>Earlier versions of nettle defined SHA256 in the header file
+<samp><span class="file"><nettle/sha.h></span></samp>, which is now deprecated, but kept for
+compatibility.
+
+<h5 class="subsubsection">6.1.1.2 <acronym>SHA224</acronym></h5>
+
+<p>SHA224 is a variant of SHA256, with a different initial state, and with
+the output truncated to 224 bits, or 28 octets. Nettle defines SHA224 in
+<samp><span class="file"><nettle/sha2.h></span></samp> (and in <samp><span class="file"><nettle/sha.h></span></samp>, for backwards
+compatibility).
+
+<div class="defun">
+— Context struct: <b>struct sha224_ctx</b><var><a name="index-struct-sha224_005fctx-10"></a></var><br>
+ </div>
+
+<div class="defun">
+— Constant: <b>SHA224_DIGEST_SIZE</b><var><a name="index-SHA224_005fDIGEST_005fSIZE-11"></a></var><br>
+<blockquote><p>The size of a SHA224 digest, i.e. 28.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>SHA224_DATA_SIZE</b><var><a name="index-SHA224_005fDATA_005fSIZE-12"></a></var><br>
+<blockquote><p>The internal block size of SHA224. Useful for some special constructions,
+in particular HMAC-SHA224.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>sha224_init</b> (<var>struct sha224_ctx *ctx</var>)<var><a name="index-sha224_005finit-13"></a></var><br>
+<blockquote><p>Initialize the SHA224 state.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>sha224_update</b> (<var>struct sha224_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-sha224_005fupdate-14"></a></var><br>
+<blockquote><p>Hash some more data.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>sha224_digest</b> (<var>struct sha224_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-sha224_005fdigest-15"></a></var><br>
+<blockquote><p>Performs final processing and extracts the message digest, writing it
+to <var>digest</var>. <var>length</var> may be smaller than
+<code>SHA224_DIGEST_SIZE</code>, in which case only the first <var>length</var>
+octets of the digest are written.
+
+ <p>This function also resets the context in the same way as
+<code>sha224_init</code>.
+</p></blockquote></div>
+
+<h5 class="subsubsection">6.1.1.3 <acronym>SHA512</acronym></h5>
+
+<p>SHA512 is a larger sibling to SHA256, with a very similar structure but
+with both the output and the internal variables of twice the size. The
+internal variables are 64 bits rather than 32, making it significantly
+slower on 32-bit computers. It outputs hash values of 512 bits, or 64
+octets. Nettle defines SHA512 in <samp><span class="file"><nettle/sha2.h></span></samp> (and in
+<samp><span class="file"><nettle/sha.h></span></samp>, for backwards compatibility).
+
+<div class="defun">
+— Context struct: <b>struct sha512_ctx</b><var><a name="index-struct-sha512_005fctx-16"></a></var><br>
+ </div>
+
+<div class="defun">
+— Constant: <b>SHA512_DIGEST_SIZE</b><var><a name="index-SHA512_005fDIGEST_005fSIZE-17"></a></var><br>
+<blockquote><p>The size of a SHA512 digest, i.e. 64.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>SHA512_DATA_SIZE</b><var><a name="index-SHA512_005fDATA_005fSIZE-18"></a></var><br>
+<blockquote><p>The internal block size of SHA512. Useful for some special constructions,
+in particular HMAC-SHA512.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>sha512_init</b> (<var>struct sha512_ctx *ctx</var>)<var><a name="index-sha512_005finit-19"></a></var><br>
+<blockquote><p>Initialize the SHA512 state.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>sha512_update</b> (<var>struct sha512_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-sha512_005fupdate-20"></a></var><br>
+<blockquote><p>Hash some more data.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>sha512_digest</b> (<var>struct sha512_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-sha512_005fdigest-21"></a></var><br>
+<blockquote><p>Performs final processing and extracts the message digest, writing it
+to <var>digest</var>. <var>length</var> may be smaller than
+<code>SHA512_DIGEST_SIZE</code>, in which case only the first <var>length</var>
+octets of the digest are written.
+
+ <p>This function also resets the context in the same way as
+<code>sha512_init</code>.
+</p></blockquote></div>
+
+<h5 class="subsubsection">6.1.1.4 <acronym>SHA384</acronym></h5>
+
+<p>SHA384 is a variant of SHA512, with a different initial state, and with
+the output truncated to 384 bits, or 48 octets. Nettle defines SHA384 in
+<samp><span class="file"><nettle/sha2.h></span></samp> (and in <samp><span class="file"><nettle/sha.h></span></samp>, for backwards
+compatibility).
+
+<div class="defun">
+— Context struct: <b>struct sha384_ctx</b><var><a name="index-struct-sha384_005fctx-22"></a></var><br>
+ </div>
+
+<div class="defun">
+— Constant: <b>SHA384_DIGEST_SIZE</b><var><a name="index-SHA384_005fDIGEST_005fSIZE-23"></a></var><br>
+<blockquote><p>The size of a SHA384 digest, i.e. 48.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>SHA384_DATA_SIZE</b><var><a name="index-SHA384_005fDATA_005fSIZE-24"></a></var><br>
+<blockquote><p>The internal block size of SHA384. Useful for some special constructions,
+in particular HMAC-SHA384.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>sha384_init</b> (<var>struct sha384_ctx *ctx</var>)<var><a name="index-sha384_005finit-25"></a></var><br>
+<blockquote><p>Initialize the SHA384 state.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>sha384_update</b> (<var>struct sha384_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-sha384_005fupdate-26"></a></var><br>
+<blockquote><p>Hash some more data.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>sha384_digest</b> (<var>struct sha384_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-sha384_005fdigest-27"></a></var><br>
+<blockquote><p>Performs final processing and extracts the message digest, writing it
+to <var>digest</var>. <var>length</var> may be smaller than
+<code>SHA384_DIGEST_SIZE</code>, in which case only the first <var>length</var>
+octets of the digest are written.
+
+ <p>This function also resets the context in the same way as
+<code>sha384_init</code>.
+</p></blockquote></div>
+
+<h5 class="subsubsection">6.1.1.5 <acronym>SHA3-224</acronym></h5>
+
+<p>The SHA3 hash functions were specified by NIST in response to weaknesses
+in SHA1, and doubts about SHA2 hash functions which structurally are
+very similar to SHA1. The standard is a result of a competition, where
+the winner, also known as Keccak, was designed by Guido Bertoni, Joan
+Daemen, Michaël Peeters and Gilles Van Assche. It is structurally very
+different from all widely used earlier hash functions. Like SHA2, there
+are several variants, with output sizes of 224, 256, 384 and 512 bits
+(28, 32, 48 and 64 octets, respectively).
+
+ <p>Nettle defines SHA3-224 in <samp><span class="file"><nettle/sha3.h></span></samp>.
+
+<div class="defun">
+— Context struct: <b>struct sha3_224_ctx</b><var><a name="index-struct-sha3_005f224_005fctx-28"></a></var><br>
+ </div>
+
+<div class="defun">
+— Constant: <b>SHA3_224_DIGEST_SIZE</b><var><a name="index-SHA3_005f224_005fDIGEST_005fSIZE-29"></a></var><br>
+<blockquote><p>The size of a SHA3_224 digest, i.e., 28.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>SHA3_224_DATA_SIZE</b><var><a name="index-SHA3_005f224_005fDATA_005fSIZE-30"></a></var><br>
+<blockquote><p>The internal block size of SHA3_224.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>sha3_224_init</b> (<var>struct sha3_224_ctx *ctx</var>)<var><a name="index-sha3_005f224_005finit-31"></a></var><br>
+<blockquote><p>Initialize the SHA3-224 state.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>sha3_224_update</b> (<var>struct sha3_224_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-sha3_005f224_005fupdate-32"></a></var><br>
+<blockquote><p>Hash some more data.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>sha3_224_digest</b> (<var>struct sha3_224_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-sha3_005f224_005fdigest-33"></a></var><br>
+<blockquote><p>Performs final processing and extracts the message digest, writing it
+to <var>digest</var>. <var>length</var> may be smaller than
+<code>SHA3_224_DIGEST_SIZE</code>, in which case only the first <var>length</var>
+octets of the digest are written.
+
+ <p>This function also resets the context.
+</p></blockquote></div>
+
+<h5 class="subsubsection">6.1.1.6 <acronym>SHA3-256</acronym></h5>
+
+<p>This is SHA3 with 256-bit output size, and possibly the most useful
+of the SHA3 hash functions.
+
+ <p>Nettle defines SHA3-256 in <samp><span class="file"><nettle/sha3.h></span></samp>.
+
+<div class="defun">
+— Context struct: <b>struct sha3_256_ctx</b><var><a name="index-struct-sha3_005f256_005fctx-34"></a></var><br>
+ </div>
+
+<div class="defun">
+— Constant: <b>SHA3_256_DIGEST_SIZE</b><var><a name="index-SHA3_005f256_005fDIGEST_005fSIZE-35"></a></var><br>
+<blockquote><p>The size of a SHA3_256 digest, i.e., 32.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>SHA3_256_DATA_SIZE</b><var><a name="index-SHA3_005f256_005fDATA_005fSIZE-36"></a></var><br>
+<blockquote><p>The internal block size of SHA3_256.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>sha3_256_init</b> (<var>struct sha3_256_ctx *ctx</var>)<var><a name="index-sha3_005f256_005finit-37"></a></var><br>
+<blockquote><p>Initialize the SHA3-256 state.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>sha3_256_update</b> (<var>struct sha3_256_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-sha3_005f256_005fupdate-38"></a></var><br>
+<blockquote><p>Hash some more data.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>sha3_256_digest</b> (<var>struct sha3_256_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-sha3_005f256_005fdigest-39"></a></var><br>
+<blockquote><p>Performs final processing and extracts the message digest, writing it
+to <var>digest</var>. <var>length</var> may be smaller than
+<code>SHA3_256_DIGEST_SIZE</code>, in which case only the first <var>length</var>
+octets of the digest are written.
+
+ <p>This function also resets the context.
+</p></blockquote></div>
+
+<h5 class="subsubsection">6.1.1.7 <acronym>SHA3-384</acronym></h5>
+
+<p>This is SHA3 with 384-bit output size.
+
+ <p>Nettle defines SHA3-384 in <samp><span class="file"><nettle/sha3.h></span></samp>.
+
+<div class="defun">
+— Context struct: <b>struct sha3_384_ctx</b><var><a name="index-struct-sha3_005f384_005fctx-40"></a></var><br>
+ </div>
+
+<div class="defun">
+— Constant: <b>SHA3_384_DIGEST_SIZE</b><var><a name="index-SHA3_005f384_005fDIGEST_005fSIZE-41"></a></var><br>
+<blockquote><p>The size of a SHA3_384 digest, i.e., 48.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>SHA3_384_DATA_SIZE</b><var><a name="index-SHA3_005f384_005fDATA_005fSIZE-42"></a></var><br>
+<blockquote><p>The internal block size of SHA3_384.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>sha3_384_init</b> (<var>struct sha3_384_ctx *ctx</var>)<var><a name="index-sha3_005f384_005finit-43"></a></var><br>
+<blockquote><p>Initialize the SHA3-384 state.
+</p></blockquote></div>
-<h3 class="subsection"><small>MD5</small></h4>
+<div class="defun">
+— Function: void <b>sha3_384_update</b> (<var>struct sha3_384_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-sha3_005f384_005fupdate-44"></a></var><br>
+<blockquote><p>Hash some more data.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>sha3_384_digest</b> (<var>struct sha3_384_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-sha3_005f384_005fdigest-45"></a></var><br>
+<blockquote><p>Performs final processing and extracts the message digest, writing it
+to <var>digest</var>. <var>length</var> may be smaller than
+<code>SHA3_384_DIGEST_SIZE</code>, in which case only the first <var>length</var>
+octets of the digest are written.
+
+ <p>This function also resets the context.
+</p></blockquote></div>
+
+<h5 class="subsubsection">6.1.1.8 <acronym>SHA3-512</acronym></h5>
+
+<p>This is SHA3 with 512-bit output size.
+
+ <p>Nettle defines SHA3-512 in <samp><span class="file"><nettle/sha3.h></span></samp>.
+
+<div class="defun">
+— Context struct: <b>struct sha3_512_ctx</b><var><a name="index-struct-sha3_005f512_005fctx-46"></a></var><br>
+ </div>
+
+<div class="defun">
+— Constant: <b>SHA3_512_DIGEST_SIZE</b><var><a name="index-SHA3_005f512_005fDIGEST_005fSIZE-47"></a></var><br>
+<blockquote><p>The size of a SHA3_512 digest, i.e. 64.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>SHA3_512_DATA_SIZE</b><var><a name="index-SHA3_005f512_005fDATA_005fSIZE-48"></a></var><br>
+<blockquote><p>The internal block size of SHA3_512.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>sha3_512_init</b> (<var>struct sha3_512_ctx *ctx</var>)<var><a name="index-sha3_005f512_005finit-49"></a></var><br>
+<blockquote><p>Initialize the SHA3-512 state.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>sha3_512_update</b> (<var>struct sha3_512_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-sha3_005f512_005fupdate-50"></a></var><br>
+<blockquote><p>Hash some more data.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>sha3_512_digest</b> (<var>struct sha3_512_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-sha3_005f512_005fdigest-51"></a></var><br>
+<blockquote><p>Performs final processing and extracts the message digest, writing it
+to <var>digest</var>. <var>length</var> may be smaller than
+<code>SHA3_512_DIGEST_SIZE</code>, in which case only the first <var>length</var>
+octets of the digest are written.
+
+ <p>This function also resets the context.
+</p></blockquote></div>
+
+<div class="node">
+<a name="Legacy-hash-functions"></a>
+<p><hr>
+Next: <a rel="next" accesskey="n" href="#nettle_005fhash-abstraction">nettle_hash abstraction</a>,
+Previous: <a rel="previous" accesskey="p" href="#Recommended-hash-functions">Recommended hash functions</a>,
+Up: <a rel="up" accesskey="u" href="#Hash-functions">Hash functions</a>
+
+</div>
+
+<!-- node-name, next, previous, up -->
+<h4 class="subsection">6.1.2 Legacy hash functions</h4>
+
+<p>The hash functions in this section all have some known weaknesses, and
+should be avoided for new applications. These hash functions are mainly
+useful for compatibility with old applications and protocols. Some are
+still considered safe as building blocks for particular constructions,
+e.g., there seems to be no known attacks against HMAC-SHA1 or even
+HMAC-MD5. In some important cases, use of a “legacy” hash function
+does not in itself make the application insecure; if a known weakness is
+relevant depends on how the hash function is used, and on the threat
+model.
+
+<h5 class="subsubsection">6.1.2.1 <acronym>MD5</acronym></h5>
<p>MD5 is a message digest function constructed by Ronald Rivest, and
described in <cite>RFC 1321</cite>. It outputs message digests of 128 bits, or
-16 octets. Nettle defines MD5 in <code><nettle/md5.h></code>.
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>struct md5_ctx</b><i>
- </i></td>
-<td align="right">Context struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>MD5_DIGEST_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-The size of an MD5 digest, i.e. 16.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>MD5_DATA_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-The internal block size of MD5. Useful for some special constructions,
+16 octets. Nettle defines MD5 in <samp><span class="file"><nettle/md5.h></span></samp>.
+
+<div class="defun">
+— Context struct: <b>struct md5_ctx</b><var><a name="index-struct-md5_005fctx-52"></a></var><br>
+ </div>
+
+<div class="defun">
+— Constant: <b>MD5_DIGEST_SIZE</b><var><a name="index-MD5_005fDIGEST_005fSIZE-53"></a></var><br>
+<blockquote><p>The size of an MD5 digest, i.e. 16.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>MD5_DATA_SIZE</b><var><a name="index-MD5_005fDATA_005fSIZE-54"></a></var><br>
+<blockquote><p>The internal block size of MD5. Useful for some special constructions,
in particular HMAC-MD5.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>md5_init</b><i> </i>(<i>struct md5_ctx *</i><var>ctx</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Initialize the MD5 state.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>md5_update</b><i> </i>(<i>struct md5_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>data</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Hash some more data.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>md5_digest</b><i> </i>(<i>struct md5_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, uint8_t *</i><var>digest</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Performs final processing and extracts the message digest, writing it
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>md5_init</b> (<var>struct md5_ctx *ctx</var>)<var><a name="index-md5_005finit-55"></a></var><br>
+<blockquote><p>Initialize the MD5 state.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>md5_update</b> (<var>struct md5_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-md5_005fupdate-56"></a></var><br>
+<blockquote><p>Hash some more data.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>md5_digest</b> (<var>struct md5_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-md5_005fdigest-57"></a></var><br>
+<blockquote><p>Performs final processing and extracts the message digest, writing it
to <var>digest</var>. <var>length</var> may be smaller than
<code>MD5_DIGEST_SIZE</code>, in which case only the first <var>length</var>
octets of the digest are written.
- <p>This function also resets the context in the same way as
+
<p>This function also resets the context in the same way as
<code>md5_init</code>.
-</td></tr>
-</table>
+</p></blockquote></div>
<p>The normal way to use MD5 is to call the functions in order: First
<code>md5_init</code>, then <code>md5_update</code> zero or more times, and finally
<p>To start over, you can call <code>md5_init</code> at any time.
-<h3 class="subsection"><small>MD2</small></h4>
+<h5 class="subsubsection">6.1.2.2 <acronym>MD2</acronym></h5>
<p>MD2 is another hash function of Ronald Rivest's, described in
<cite>RFC 1319</cite>. It outputs message digests of 128 bits, or 16 octets.
-Nettle defines MD2 in <code><nettle/md2.h></code>.
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>struct md2_ctx</b><i>
- </i></td>
-<td align="right">Context struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>MD2_DIGEST_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-The size of an MD2 digest, i.e. 16.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>MD2_DATA_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-The internal block size of MD2.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>md2_init</b><i> </i>(<i>struct md2_ctx *</i><var>ctx</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Initialize the MD2 state.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>md2_update</b><i> </i>(<i>struct md2_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>data</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Hash some more data.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>md2_digest</b><i> </i>(<i>struct md2_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, uint8_t *</i><var>digest</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Performs final processing and extracts the message digest, writing it
+Nettle defines MD2 in <samp><span class="file"><nettle/md2.h></span></samp>.
+
+<div class="defun">
+— Context struct: <b>struct md2_ctx</b><var><a name="index-struct-md2_005fctx-58"></a></var><br>
+ </div>
+
+<div class="defun">
+— Constant: <b>MD2_DIGEST_SIZE</b><var><a name="index-MD2_005fDIGEST_005fSIZE-59"></a></var><br>
+<blockquote><p>The size of an MD2 digest, i.e. 16.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>MD2_DATA_SIZE</b><var><a name="index-MD2_005fDATA_005fSIZE-60"></a></var><br>
+<blockquote><p>The internal block size of MD2.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>md2_init</b> (<var>struct md2_ctx *ctx</var>)<var><a name="index-md2_005finit-61"></a></var><br>
+<blockquote><p>Initialize the MD2 state.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>md2_update</b> (<var>struct md2_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-md2_005fupdate-62"></a></var><br>
+<blockquote><p>Hash some more data.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>md2_digest</b> (<var>struct md2_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-md2_005fdigest-63"></a></var><br>
+<blockquote><p>Performs final processing and extracts the message digest, writing it
to <var>digest</var>. <var>length</var> may be smaller than
<code>MD2_DIGEST_SIZE</code>, in which case only the first <var>length</var>
octets of the digest are written.
- <p>This function also resets the context in the same way as
+
<p>This function also resets the context in the same way as
<code>md2_init</code>.
-</td></tr>
-</table>
+</p></blockquote></div>
-<h3 class="subsection"><small>MD4</small></h4>
+<h5 class="subsubsection">6.1.2.3 <acronym>MD4</acronym></h5>
<p>MD4 is a predecessor of MD5, described in <cite>RFC 1320</cite>. Like MD5, it
is constructed by Ronald Rivest. It outputs message digests of 128 bits,
-or 16 octets. Nettle defines MD4 in <code><nettle/md4.h></code>. Use of MD4 is
+or 16 octets. Nettle defines MD4 in <samp><span class="file"><nettle/md4.h></span></samp>. Use of MD4 is
not recommended, but it is sometimes needed for compatibility with
existing applications and protocols.
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>struct md4_ctx</b><i>
- </i></td>
-<td align="right">Context struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>MD4_DIGEST_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-The size of an MD4 digest, i.e. 16.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>MD4_DATA_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-The internal block size of MD4.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>md4_init</b><i> </i>(<i>struct md4_ctx *</i><var>ctx</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Initialize the MD4 state.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>md4_update</b><i> </i>(<i>struct md4_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>data</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Hash some more data.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>md4_digest</b><i> </i>(<i>struct md4_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, uint8_t *</i><var>digest</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Performs final processing and extracts the message digest, writing it
+<div class="defun">
+— Context struct: <b>struct md4_ctx</b><var><a name="index-struct-md4_005fctx-64"></a></var><br>
+ </div>
+
+<div class="defun">
+— Constant: <b>MD4_DIGEST_SIZE</b><var><a name="index-MD4_005fDIGEST_005fSIZE-65"></a></var><br>
+<blockquote><p>The size of an MD4 digest, i.e. 16.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>MD4_DATA_SIZE</b><var><a name="index-MD4_005fDATA_005fSIZE-66"></a></var><br>
+<blockquote><p>The internal block size of MD4.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>md4_init</b> (<var>struct md4_ctx *ctx</var>)<var><a name="index-md4_005finit-67"></a></var><br>
+<blockquote><p>Initialize the MD4 state.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>md4_update</b> (<var>struct md4_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-md4_005fupdate-68"></a></var><br>
+<blockquote><p>Hash some more data.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>md4_digest</b> (<var>struct md4_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-md4_005fdigest-69"></a></var><br>
+<blockquote><p>Performs final processing and extracts the message digest, writing it
to <var>digest</var>. <var>length</var> may be smaller than
<code>MD4_DIGEST_SIZE</code>, in which case only the first <var>length</var>
octets of the digest are written.
- <p>This function also resets the context in the same way as
+
<p>This function also resets the context in the same way as
<code>md4_init</code>.
-</td></tr>
-</table>
-
-<h3 class="subsection"><small>SHA1</small></h4>
-
-<p>SHA1 is a hash function specified by <dfn>NIST</dfn> (The U.S. National Institute
-for Standards and Technology). It outputs hash values of 160 bits, or 20
-octets. Nettle defines SHA1 in <code><nettle/sha.h></code>.
-
- <p>The functions are analogous to the MD5 ones.
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>struct sha1_ctx</b><i>
- </i></td>
-<td align="right">Context struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>SHA1_DIGEST_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-The size of an SHA1 digest, i.e. 20.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>SHA1_DATA_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-The internal block size of SHA1. Useful for some special constructions,
-in particular HMAC-SHA1.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>sha1_init</b><i> </i>(<i>struct sha1_ctx *</i><var>ctx</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Initialize the SHA1 state.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>sha1_update</b><i> </i>(<i>struct sha1_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>data</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Hash some more data.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>sha1_digest</b><i> </i>(<i>struct sha1_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, uint8_t *</i><var>digest</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Performs final processing and extracts the message digest, writing it
+</p></blockquote></div>
+
+<h5 class="subsubsection">6.1.2.4 <acronym>RIPEMD160</acronym></h5>
+
+<p>RIPEMD160 is a hash function designed by Hans Dobbertin, Antoon
+Bosselaers, and Bart Preneel, as a strengthened version of RIPEMD
+(which, like MD4 and MD5, fails the collision-resistance requirement).
+It produces message digests of 160 bits, or 20 octets. Nettle defined
+RIPEMD160 in <samp><span class="file">nettle/ripemd160.h</span></samp>.
+
+<div class="defun">
+— Context struct: <b>struct ripemd160_ctx</b><var><a name="index-struct-ripemd160_005fctx-70"></a></var><br>
+ </div>
+
+<div class="defun">
+— Constant: <b>RIPEMD160_DIGEST_SIZE</b><var><a name="index-RIPEMD160_005fDIGEST_005fSIZE-71"></a></var><br>
+<blockquote><p>The size of a RIPEMD160 digest, i.e. 20.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>RIPEMD160_DATA_SIZE</b><var><a name="index-RIPEMD160_005fDATA_005fSIZE-72"></a></var><br>
+<blockquote><p>The internal block size of RIPEMD160.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>ripemd160_init</b> (<var>struct ripemd160_ctx *ctx</var>)<var><a name="index-ripemd160_005finit-73"></a></var><br>
+<blockquote><p>Initialize the RIPEMD160 state.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>ripemd160_update</b> (<var>struct ripemd160_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-ripemd160_005fupdate-74"></a></var><br>
+<blockquote><p>Hash some more data.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>ripemd160_digest</b> (<var>struct ripemd160_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-ripemd160_005fdigest-75"></a></var><br>
+<blockquote><p>Performs final processing and extracts the message digest, writing it
to <var>digest</var>. <var>length</var> may be smaller than
-<code>SHA1_DIGEST_SIZE</code>, in which case only the first <var>length</var>
+<code>RIPEMD160_DIGEST_SIZE</code>, in which case only the first <var>length</var>
octets of the digest are written.
- <p>This function also resets the context in the same way as
-<code>sha1_init</code>.
-</td></tr>
-</table>
-
-<h3 class="subsection"><small>SHA256</small></h4>
-
-<p>SHA256 is another hash function specified by <dfn>NIST</dfn>, intended as a
-replacement for <small>SHA1</small>, generating larger digests. It outputs
-hash values of 256 bits, or 32 octets. Nettle defines SHA256 in
-<code><nettle/sha.h></code>.
-
- <p>The functions are analogous to the MD5 ones.
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>struct sha256_ctx</b><i>
- </i></td>
-<td align="right">Context struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>SHA256_DIGEST_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-The size of an SHA256 digest, i.e. 32.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>SHA256_DATA_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-The internal block size of SHA256. Useful for some special constructions,
-in particular HMAC-SHA256.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>sha256_init</b><i> </i>(<i>struct sha256_ctx *</i><var>ctx</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Initialize the SHA256 state.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>sha256_update</b><i> </i>(<i>struct sha256_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>data</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Hash some more data.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>sha256_digest</b><i> </i>(<i>struct sha256_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, uint8_t *</i><var>digest</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Performs final processing and extracts the message digest, writing it
-to <var>digest</var>. <var>length</var> may be smaller than
-<code>SHA256_DIGEST_SIZE</code>, in which case only the first <var>length</var>
-octets of the digest are written.
+ <p>This function also resets the context in the same way as
+<code>ripemd160_init</code>.
+</p></blockquote></div>
- <p>This function also resets the context in the same way as
-<code>sha256_init</code>.
-</td></tr>
-</table>
+<h5 class="subsubsection">6.1.2.5 <acronym>SHA1</acronym></h5>
-<h3 class="subsection"><small>SHA224</small></h4>
+<p>SHA1 is a hash function specified by <dfn>NIST</dfn> (The U.S. National
+Institute for Standards and Technology). It outputs hash values of 160
+bits, or 20 octets. Nettle defines SHA1 in <samp><span class="file"><nettle/sha1.h></span></samp> (and
+in <samp><span class="file"><nettle/sha.h></span></samp>, for backwards compatibility).
-<p>SHA224 is a variant of SHA256, with a different initial state, and with
-the output truncated to 224 bits, or 28 octets. Nettle defines SHA224 in
-<code><nettle/sha.h></code>.
-
- <p>The functions are analogous to the MD5 ones.
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>struct sha224_ctx</b><i>
- </i></td>
-<td align="right">Context struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>SHA224_DIGEST_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-The size of an SHA224 digest, i.e. 28.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>SHA224_DATA_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-The internal block size of SHA224. Useful for some special constructions,
-in particular HMAC-SHA224.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>sha224_init</b><i> </i>(<i>struct sha224_ctx *</i><var>ctx</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Initialize the SHA224 state.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>sha224_update</b><i> </i>(<i>struct sha224_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>data</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Hash some more data.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>sha224_digest</b><i> </i>(<i>struct sha224_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, uint8_t *</i><var>digest</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Performs final processing and extracts the message digest, writing it
-to <var>digest</var>. <var>length</var> may be smaller than
-<code>SHA224_DIGEST_SIZE</code>, in which case only the first <var>length</var>
-octets of the digest are written.
+<div class="defun">
+— Context struct: <b>struct sha1_ctx</b><var><a name="index-struct-sha1_005fctx-76"></a></var><br>
+ </div>
- <p>This function also resets the context in the same way as
-<code>sha224_init</code>.
-</td></tr>
-</table>
+<div class="defun">
+— Constant: <b>SHA1_DIGEST_SIZE</b><var><a name="index-SHA1_005fDIGEST_005fSIZE-77"></a></var><br>
+<blockquote><p>The size of a SHA1 digest, i.e. 20.
+</p></blockquote></div>
-<h3 class="subsection"><small>SHA512</small></h4>
+<div class="defun">
+— Constant: <b>SHA1_DATA_SIZE</b><var><a name="index-SHA1_005fDATA_005fSIZE-78"></a></var><br>
+<blockquote><p>The internal block size of SHA1. Useful for some special constructions,
+in particular HMAC-SHA1.
+</p></blockquote></div>
-<p>SHA512 is a larger sibling to SHA256, with a very similar structure but
-with both the output and the internal variables of twice the size. The
-internal variables are 64 bits rather than 32, making it significantly
-slower on 32-bit computers. It outputs hash values of 512 bits, or 64
-octets. Nettle defines SHA512 in <code><nettle/sha.h></code>.
-
- <p>The functions are analogous to the MD5 ones.
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>struct sha512_ctx</b><i>
- </i></td>
-<td align="right">Context struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>SHA512_DIGEST_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-The size of an SHA512 digest, i.e. 64.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>SHA512_DATA_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-The internal block size of SHA512. Useful for some special constructions,
-in particular HMAC-SHA512.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>sha512_init</b><i> </i>(<i>struct sha512_ctx *</i><var>ctx</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Initialize the SHA512 state.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>sha512_update</b><i> </i>(<i>struct sha512_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>data</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Hash some more data.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>sha512_digest</b><i> </i>(<i>struct sha512_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, uint8_t *</i><var>digest</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Performs final processing and extracts the message digest, writing it
-to <var>digest</var>. <var>length</var> may be smaller than
-<code>SHA512_DIGEST_SIZE</code>, in which case only the first <var>length</var>
-octets of the digest are written.
+<div class="defun">
+— Function: void <b>sha1_init</b> (<var>struct sha1_ctx *ctx</var>)<var><a name="index-sha1_005finit-79"></a></var><br>
+<blockquote><p>Initialize the SHA1 state.
+</p></blockquote></div>
- <p>This function also resets the context in the same way as
-<code>sha512_init</code>.
-</td></tr>
-</table>
+<div class="defun">
+— Function: void <b>sha1_update</b> (<var>struct sha1_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-sha1_005fupdate-80"></a></var><br>
+<blockquote><p>Hash some more data.
+</p></blockquote></div>
-<h3 class="subsection"><small>SHA384</small></h4>
+<div class="defun">
+— Function: void <b>sha1_digest</b> (<var>struct sha1_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-sha1_005fdigest-81"></a></var><br>
+<blockquote><p>Performs final processing and extracts the message digest, writing it
+to <var>digest</var>. <var>length</var> may be smaller than
+<code>SHA1_DIGEST_SIZE</code>, in which case only the first <var>length</var>
+octets of the digest are written.
-<p>SHA384 is a variant of SHA512, with a different initial state, and with
-the output truncated to 384 bits, or 48 octets. Nettle defines SHA384 in
-<code><nettle/sha.h></code>.
-
- <p>The functions are analogous to the MD5 ones.
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>struct sha384_ctx</b><i>
- </i></td>
-<td align="right">Context struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>SHA384_DIGEST_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-The size of an SHA384 digest, i.e. 48.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>SHA384_DATA_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-The internal block size of SHA384. Useful for some special constructions,
-in particular HMAC-SHA384.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>sha384_init</b><i> </i>(<i>struct sha384_ctx *</i><var>ctx</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Initialize the SHA384 state.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>sha384_update</b><i> </i>(<i>struct sha384_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>data</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Hash some more data.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>sha384_digest</b><i> </i>(<i>struct sha384_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, uint8_t *</i><var>digest</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Performs final processing and extracts the message digest, writing it
+ <p>This function also resets the context in the same way as
+<code>sha1_init</code>.
+</p></blockquote></div>
+
+<h5 class="subsubsection">6.1.2.6 <acronym>GOSTHASH94</acronym></h5>
+
+<p>The GOST94 or GOST R 34.11-94 hash algorithm is a Soviet-era algorithm
+used in Russian government standards (see <cite>RFC 4357</cite>).
+It outputs message digests of 256 bits, or 32 octets.
+Nettle defines GOSTHASH94 in <samp><span class="file"><nettle/gosthash94.h></span></samp>.
+
+<div class="defun">
+— Context struct: <b>struct gosthash94_ctx</b><var><a name="index-struct-gosthash94_005fctx-82"></a></var><br>
+ </div>
+
+<div class="defun">
+— Constant: <b>GOSTHASH94_DIGEST_SIZE</b><var><a name="index-GOSTHASH94_005fDIGEST_005fSIZE-83"></a></var><br>
+<blockquote><p>The size of a GOSTHASH94 digest, i.e. 32.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>GOSTHASH94_DATA_SIZE</b><var><a name="index-GOSTHASH94_005fDATA_005fSIZE-84"></a></var><br>
+<blockquote><p>The internal block size of GOSTHASH94, i.e., 32.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>gosthash94_init</b> (<var>struct gosthash94_ctx *ctx</var>)<var><a name="index-gosthash94_005finit-85"></a></var><br>
+<blockquote><p>Initialize the GOSTHASH94 state.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>gosthash94_update</b> (<var>struct gosthash94_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-gosthash94_005fupdate-86"></a></var><br>
+<blockquote><p>Hash some more data.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>gosthash94_digest</b> (<var>struct gosthash94_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-gosthash94_005fdigest-87"></a></var><br>
+<blockquote><p>Performs final processing and extracts the message digest, writing it
to <var>digest</var>. <var>length</var> may be smaller than
-<code>SHA384_DIGEST_SIZE</code>, in which case only the first <var>length</var>
+<code>GOSTHASH94_DIGEST_SIZE</code>, in which case only the first <var>length</var>
octets of the digest are written.
- <p>This function also resets the context in the same way as
-<code>sha384_init</code>.
-</td></tr>
-</table>
+ <p>This function also resets the context in the same way as
+<code>gosthash94_init</code>.
+</p></blockquote></div>
+
+<div class="node">
+<a name="nettle_hash-abstraction"></a>
+<a name="nettle_005fhash-abstraction"></a>
+<p><hr>
+Previous: <a rel="previous" accesskey="p" href="#Legacy-hash-functions">Legacy hash functions</a>,
+Up: <a rel="up" accesskey="u" href="#Hash-functions">Hash functions</a>
+
+</div>
-<h3 class="subsection"><code>struct nettle_hash</code></h4>
+<!-- node-name, next, previous, up -->
+<h4 class="subsection">6.1.3 The nettle_hash abstraction</h4>
<p>Nettle includes a struct including information about the supported hash
-functions. It is defined in <code><nettle/nettle-meta.h></code>, and is used
-by Nettle's implementation of <small>HMAC</small> see <a href="#Keyed%20hash%20functions">Keyed hash functions</a>.
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b></b><code>struct nettle_hash</code><b></b><i> name context_size digest_size block_size init update digest
- </i></td>
-<td align="right">Meta struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-The last three attributes are function pointers, of types
+functions. It is defined in <samp><span class="file"><nettle/nettle-meta.h></span></samp>, and is used
+by Nettle's implementation of <acronym>HMAC</acronym> (see <a href="#Keyed-hash-functions">Keyed hash functions</a>).
+
+<div class="defun">
+— Meta struct: <code>struct nettle_hash</code><var> name context_size digest_size block_size init update digest<a name="index-g_t_0040code_007bstruct-nettle_005fhash_007d-88"></a></var><br>
+<blockquote><p>The last three attributes are function pointers, of types
<code>nettle_hash_init_func</code>, <code>nettle_hash_update_func</code>, and
<code>nettle_hash_digest_func</code>. The first argument to these functions is
<code>void *</code> pointer to a context struct, which is of size
<code>context_size</code>.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">struct nettle_hash <b>nettle_md2</b><i>
- </i></td>
-<td align="right">Constant Struct</td>
-</tr>
-
-<tr>
-<td align="left">struct nettle_hash <b>nettle_md4</b><i>
- </i></td>
-<td align="right">Constant Struct</td>
-</tr>
-
-<tr>
-<td align="left">struct nettle_hash <b>nettle_md5</b><i>
- </i></td>
-<td align="right">Constant Struct</td>
-</tr>
-
-<tr>
-<td align="left">struct nettle_hash <b>nettle_sha1</b><i>
- </i></td>
-<td align="right">Constant Struct</td>
-</tr>
-
-<tr>
-<td align="left">struct nettle_hash <b>nettle_sha224</b><i>
- </i></td>
-<td align="right">Constant Struct</td>
-</tr>
-
-<tr>
-<td align="left">struct nettle_hash <b>nettle_sha256</b><i>
- </i></td>
-<td align="right">Constant Struct</td>
-</tr>
-
-<tr>
-<td align="left">struct nettle_hash <b>nettle_sha384</b><i>
- </i></td>
-<td align="right">Constant Struct</td>
-</tr>
-
-<tr>
-<td align="left">struct nettle_hash <b>nettle_sha512</b><i>
- </i></td>
-<td align="right">Constant Struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-
- <p>These are all the hash functions that Nettle implements.
-</td></tr>
-</table>
+</p></blockquote></div>
+
+<div class="defun">
+— Constant Struct: struct nettle_hash <b>nettle_md2</b><var><a name="index-nettle_005fmd2-89"></a></var><br>
+— Constant Struct: struct nettle_hash <b>nettle_md4</b><var><a name="index-nettle_005fmd4-90"></a></var><br>
+— Constant Struct: struct nettle_hash <b>nettle_md5</b><var><a name="index-nettle_005fmd5-91"></a></var><br>
+— Constant Struct: struct nettle_hash <b>nettle_ripemd160</b><var><a name="index-nettle_005fripemd160-92"></a></var><br>
+— Constant Struct: struct nettle_hash <b>nettle_sha1</b><var><a name="index-nettle_005fsha1-93"></a></var><br>
+— Constant Struct: struct nettle_hash <b>nettle_sha224</b><var><a name="index-nettle_005fsha224-94"></a></var><br>
+— Constant Struct: struct nettle_hash <b>nettle_sha256</b><var><a name="index-nettle_005fsha256-95"></a></var><br>
+— Constant Struct: struct nettle_hash <b>nettle_sha384</b><var><a name="index-nettle_005fsha384-96"></a></var><br>
+— Constant Struct: struct nettle_hash <b>nettle_sha512</b><var><a name="index-nettle_005fsha512-97"></a></var><br>
+— Constant Struct: struct nettle_hash <b>nettle_sha3_256</b><var><a name="index-nettle_005fsha3_005f256-98"></a></var><br>
+— Constant Struct: struct nettle_hash <b>nettle_gosthash94</b><var><a name="index-nettle_005fgosthash94-99"></a></var><br>
+<blockquote><p>These are all the hash functions that Nettle implements.
+</p></blockquote></div>
+
+ <p>Nettle also exports a list of all these hashes.
+
+<div class="defun">
+— Constant Array: struct nettle_hash ** <b>nettle_hashes</b><var><a name="index-nettle_005fhashes-100"></a></var><br>
+<blockquote><p>This list can be used to dynamically enumerate or search the supported
+algorithms. NULL-terminated.
+</p></blockquote></div>
<div class="node">
+<a name="Cipher-functions"></a>
<p><hr>
-Node: <a name="Cipher%20functions">Cipher functions</a>,
-Next: <a rel="next" accesskey="n" href="#Cipher%20modes">Cipher modes</a>,
-Previous: <a rel="previous" accesskey="p" href="#Hash%20functions">Hash functions</a>,
+Next: <a rel="next" accesskey="n" href="#Cipher-modes">Cipher modes</a>,
+Previous: <a rel="previous" accesskey="p" href="#Hash-functions">Hash functions</a>,
Up: <a rel="up" accesskey="u" href="#Reference">Reference</a>
-<br>
+
</div>
-<h3 class="section">Cipher functions</h3>
+<!-- node-name, next, previous, up -->
+<h3 class="section">6.2 Cipher functions</h3>
-<p>A <dfn>cipher</dfn> is a function that takes a message or <dfn>plaintext</dfn>
+<p><a name="index-Cipher-101"></a>
+A <dfn>cipher</dfn> is a function that takes a message or <dfn>plaintext</dfn>
and a secret <dfn>key</dfn> and transforms it to a <dfn>ciphertext</dfn>. Given
only the ciphertext, but not the key, it should be hard to find the
plaintext. Given matching pairs of plaintext and ciphertext, it should
be hard to find the key.
- <p>There are two main classes of ciphers: Block ciphers and stream ciphers.
+ <p><a name="index-Block-Cipher-102"></a><a name="index-Stream-Cipher-103"></a>
+There are two main classes of ciphers: Block ciphers and stream ciphers.
<p>A block cipher can process data only in fixed size chunks, called
<dfn>blocks</dfn>. Typical block sizes are 8 or 16 octets. To encrypt
blocks, split it into blocks, and then process each block. The simplest
way is to process one block at a time, independent of each other. That
mode of operation is called <dfn>ECB</dfn>, Electronic Code Book mode.
-However, using <small>ECB</small> is usually a bad idea. For a start, plaintext blocks
+However, using <acronym>ECB</acronym> is usually a bad idea. For a start, plaintext blocks
that are equal are transformed to ciphertext blocks that are equal; that
leaks information about the plaintext. Usually you should apply the
-cipher is some "feedback mode", <dfn>CBC</dfn> (Cipher Block Chaining) and
+cipher is some “feedback mode”, <dfn>CBC</dfn> (Cipher Block Chaining) and
<dfn>CTR</dfn> (Counter mode) being two of
-of the most popular. See See <a href="#Cipher%20modes">Cipher modes</a>, for information on
-how to apply <small>CBC</small> and <small>CTR</small> with Nettle.
+of the most popular. See See <a href="#Cipher-modes">Cipher modes</a>, for information on
+how to apply <acronym>CBC</acronym> and <acronym>CTR</acronym> with Nettle.
<p>A stream cipher can be used for messages of arbitrary length. A typical
stream cipher is a keyed pseudo-random generator. To encrypt a plaintext
pick up the message on its way, and reorder, delete or repeat some of
the blocks. Even if the attacker can't decrypt the message, he can
change it so that you are not reading the same message as your friend
-wrote. If you are using a block cipher in <small>CBC</small> mode rather than
+wrote. If you are using a block cipher in <acronym>CBC</acronym> mode rather than
ECB, or are using a stream cipher, the possibilities for this sort of
attack are different, but the attacker can still make predictable
changes to the message.
<p>It is recommended to <em>always</em> use an authentication mechanism in
addition to encrypting the messages. Popular choices are Message
-Authentication Codes like <small>HMAC-SHA1</small> see <a href="#Keyed%20hash%20functions">Keyed hash functions</a>, or digital signatures like <small>RSA</small>.
+Authentication Codes like <acronym>HMAC-SHA1</acronym> (see <a href="#Keyed-hash-functions">Keyed hash functions</a>), or digital signatures like <acronym>RSA</acronym>.
- <p>Some ciphers have so called "weak keys", keys that results in
+ <p>Some ciphers have so called “weak keys”, keys that results in
undesirable structure after the key setup processing, and should be
avoided. In Nettle, most key setup functions have no return value, but
for ciphers with weak keys, the return value indicates whether or not
single key setup function that can be used for both encryption and
decryption.
-<h3 class="subsection">AES</h4>
+<h4 class="subsection">6.2.1 AES</h4>
<p>AES is a block cipher, specified by NIST as a replacement for
the older DES standard. The standard is the result of a competition
<p>Like all the AES candidates, the winning design uses a block size of 128
bits, or 16 octets, and variable key-size, 128, 192 and 256 bits (16, 24
and 32 octets) being the allowed key sizes. It does not have any weak
-keys. Nettle defines AES in <code><nettle/aes.h></code>.
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>struct aes_ctx</b><i>
- </i></td>
-<td align="right">Context struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>AES_BLOCK_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-The AES block-size, 16
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>AES_MIN_KEY_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>AES_MAX_KEY_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>AES_KEY_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Default AES key size, 32
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>aes_set_encrypt_key</b><i> </i>(<i>struct aes_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>key</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-
-<tr>
-<td align="left">void <b>aes_set_decrypt_key</b><i> </i>(<i>struct aes_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>key</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Initialize the cipher, for encryption or decryption, respectively.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>aes_invert_key</b><i> </i>(<i>struct aes_ctx *</i><var>dst</var><i>, const struct aes_ctx *</i><var>src</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Given a context <var>src</var> initialized for encryption, initializes the
+keys. Nettle defines AES in <samp><span class="file"><nettle/aes.h></span></samp>.
+
+<div class="defun">
+— Context struct: <b>struct aes_ctx</b><var><a name="index-struct-aes_005fctx-104"></a></var><br>
+ </div>
+
+<div class="defun">
+— Constant: <b>AES_BLOCK_SIZE</b><var><a name="index-AES_005fBLOCK_005fSIZE-105"></a></var><br>
+<blockquote><p>The AES block-size, 16.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>AES_MIN_KEY_SIZE</b><var><a name="index-AES_005fMIN_005fKEY_005fSIZE-106"></a></var><br>
+ </div>
+
+<div class="defun">
+— Constant: <b>AES_MAX_KEY_SIZE</b><var><a name="index-AES_005fMAX_005fKEY_005fSIZE-107"></a></var><br>
+ </div>
+
+<div class="defun">
+— Constant: <b>AES_KEY_SIZE</b><var><a name="index-AES_005fKEY_005fSIZE-108"></a></var><br>
+<blockquote><p>Default AES key size, 32.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>aes_set_encrypt_key</b> (<var>struct aes_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-aes_005fset_005fencrypt_005fkey-109"></a></var><br>
+— Function: void <b>aes_set_decrypt_key</b> (<var>struct aes_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-aes_005fset_005fdecrypt_005fkey-110"></a></var><br>
+<blockquote><p>Initialize the cipher, for encryption or decryption, respectively.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>aes_invert_key</b> (<var>struct aes_ctx *dst, const struct aes_ctx *src</var>)<var><a name="index-aes_005finvert_005fkey-111"></a></var><br>
+<blockquote><p>Given a context <var>src</var> initialized for encryption, initializes the
context struct <var>dst</var> for decryption, using the same key. If the same
context struct is passed for both <code>src</code> and <code>dst</code>, it is
converted in place. Calling <code>aes_set_encrypt_key</code> and
<code>aes_set_encrypt_key</code> and <code>aes_set_decrypt_key</code>. This function
is mainly useful for applications which needs to both encrypt and
decrypt using the <em>same</em> key.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>aes_encrypt</b><i> </i>(<i>struct aes_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>dst</var><i>, uint8_t *</i><var>src</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Encryption function. <var>length</var> must be an integral multiple of the
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>aes_encrypt</b> (<var>struct aes_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-aes_005fencrypt-112"></a></var><br>
+<blockquote><p>Encryption function. <var>length</var> must be an integral multiple of the
block size. If it is more than one block, the data is processed in ECB
mode. <code>src</code> and <code>dst</code> may be equal, but they must not overlap
in any other way.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>aes_decrypt</b><i> </i>(<i>struct aes_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>dst</var><i>, uint8_t *</i><var>src</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Analogous to <code>aes_encrypt</code>
-</td></tr>
-</table>
-
-<h3 class="subsection">ARCFOUR</h4>
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>aes_decrypt</b> (<var>struct aes_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-aes_005fdecrypt-113"></a></var><br>
+<blockquote><p>Analogous to <code>aes_encrypt</code>
+</p></blockquote></div>
+
+<h4 class="subsection">6.2.2 ARCFOUR</h4>
<p>ARCFOUR is a stream cipher, also known under the trade marked name RC4,
and it is one of the fastest ciphers around. A problem is that the key
setup of ARCFOUR is quite weak, you should never use keys with
structure, keys that are ordinary passwords, or sequences of keys like
-"secret:1", "secret:2", <small class="enddots">....</small>. If you have keys that don't look
+“secret:1”, “secret:2”, <small class="enddots">...</small>. If you have keys that don't look
like random bit strings, and you want to use ARCFOUR, always hash the
key before feeding it to ARCFOUR. Furthermore, the initial bytes of the
generated key stream leak information about the key; for this reason, it
arcfour_set_key(ctx, SHA256_DIGEST_SIZE, digest);
arcfour_crypt(ctx, sizeof(buffer), buffer, buffer);
}
- </pre>
-
- <p>Nettle defines ARCFOUR in <code><nettle/arcfour.h></code>.
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>struct arcfour_ctx</b><i>
- </i></td>
-<td align="right">Context struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>ARCFOUR_MIN_KEY_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Minimum key size, 1
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>ARCFOUR_MAX_KEY_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Maximum key size, 256
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>ARCFOUR_KEY_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Default ARCFOUR key size, 16
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>arcfour_set_key</b><i> </i>(<i>struct arcfour_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>key</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Initialize the cipher. The same function is used for both encryption and
+</pre>
+ <p>Nettle defines ARCFOUR in <samp><span class="file"><nettle/arcfour.h></span></samp>.
+
+<div class="defun">
+— Context struct: <b>struct arcfour_ctx</b><var><a name="index-struct-arcfour_005fctx-114"></a></var><br>
+ </div>
+
+<div class="defun">
+— Constant: <b>ARCFOUR_MIN_KEY_SIZE</b><var><a name="index-ARCFOUR_005fMIN_005fKEY_005fSIZE-115"></a></var><br>
+<blockquote><p>Minimum key size, 1.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>ARCFOUR_MAX_KEY_SIZE</b><var><a name="index-ARCFOUR_005fMAX_005fKEY_005fSIZE-116"></a></var><br>
+<blockquote><p>Maximum key size, 256.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>ARCFOUR_KEY_SIZE</b><var><a name="index-ARCFOUR_005fKEY_005fSIZE-117"></a></var><br>
+<blockquote><p>Default ARCFOUR key size, 16.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>arcfour_set_key</b> (<var>struct arcfour_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-arcfour_005fset_005fkey-118"></a></var><br>
+<blockquote><p>Initialize the cipher. The same function is used for both encryption and
decryption.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>arcfour_crypt</b><i> </i>(<i>struct arcfour_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>dst</var><i>, uint8_t *</i><var>src</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Encrypt some data. The same function is used for both encryption and
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>arcfour_crypt</b> (<var>struct arcfour_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-arcfour_005fcrypt-119"></a></var><br>
+<blockquote><p>Encrypt some data. The same function is used for both encryption and
decryption. Unlike the block ciphers, this function modifies the
context, so you can split the data into arbitrary chunks and encrypt
them one after another. The result is the same as if you had called
<code>arcfour_crypt</code> only once with all the data.
-</td></tr>
-</table>
+</p></blockquote></div>
-<h3 class="subsection">ARCTWO</h4>
+<h4 class="subsection">6.2.3 ARCTWO</h4>
<p>ARCTWO (also known as the trade marked name RC2) is a block cipher
specified in RFC 2268. Nettle also include a variation of the ARCTWO
parameter to key setup, the number of effective key bits, <code>ekb</code>.
This parameter can be used to artificially reduce the key size. In
practice, <code>ekb</code> is usually set equal to the input key size.
-Nettle defines ARCTWO in <code><nettle/arctwo.h></code>.
+Nettle defines ARCTWO in <samp><span class="file"><nettle/arctwo.h></span></samp>.
<p>We do not recommend the use of ARCTWO; the Nettle implementation is
provided primarily for interoperability with existing applications and
standards.
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>struct arctwo_ctx</b><i>
- </i></td>
-<td align="right">Context struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>ARCTWO_BLOCK_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-The AES block-size, 8
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>ARCTWO_MIN_KEY_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>ARCTWO_MAX_KEY_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>ARCTWO_KEY_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Default ARCTWO key size, 8
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>arctwo_set_key_ekb</b><i> </i>(<i>struct arctwo_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>key</var><i>, unsigned </i><var>ekb</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-
-<tr>
-<td align="left">void <b>arctwo_set_key</b><i> </i>(<i>struct arctwo_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>key</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-
-<tr>
-<td align="left">void <b>arctwo_set_key_gutmann</b><i> </i>(<i>struct arctwo_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>key</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Initialize the cipher. The same function is used for both encryption
+<div class="defun">
+— Context struct: <b>struct arctwo_ctx</b><var><a name="index-struct-arctwo_005fctx-120"></a></var><br>
+ </div>
+
+<div class="defun">
+— Constant: <b>ARCTWO_BLOCK_SIZE</b><var><a name="index-ARCTWO_005fBLOCK_005fSIZE-121"></a></var><br>
+<blockquote><p>The ARCTWO block-size, 8.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>ARCTWO_MIN_KEY_SIZE</b><var><a name="index-ARCTWO_005fMIN_005fKEY_005fSIZE-122"></a></var><br>
+ </div>
+
+<div class="defun">
+— Constant: <b>ARCTWO_MAX_KEY_SIZE</b><var><a name="index-ARCTWO_005fMAX_005fKEY_005fSIZE-123"></a></var><br>
+ </div>
+
+<div class="defun">
+— Constant: <b>ARCTWO_KEY_SIZE</b><var><a name="index-ARCTWO_005fKEY_005fSIZE-124"></a></var><br>
+<blockquote><p>Default ARCTWO key size, 8.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>arctwo_set_key_ekb</b> (<var>struct arctwo_ctx *ctx, unsigned length, const uint8_t *key, unsigned ekb</var>)<var><a name="index-arctwo_005fset_005fkey_005fekb-125"></a></var><br>
+— Function: void <b>arctwo_set_key</b> (<var>struct arctwo_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-arctwo_005fset_005fkey-126"></a></var><br>
+— Function: void <b>arctwo_set_key_gutmann</b> (<var>struct arctwo_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-arctwo_005fset_005fkey_005fgutmann-127"></a></var><br>
+<blockquote><p>Initialize the cipher. The same function is used for both encryption
and decryption. The first function is the most general one, which lets
you provide both the variable size key, and the desired effective key
size (in bits). The maximum value for <var>ekb</var> is 1024, and for
convenience, <code>ekb = 0</code> has the same effect as <code>ekb = 1024</code>.
- <p><code>arctwo_set_key(ctx, length, key)</code> is equivalent to
+
<p><code>arctwo_set_key(ctx, length, key)</code> is equivalent to
<code>arctwo_set_key_ekb(ctx, length, key, 8*length)</code>, and
<code>arctwo_set_key_gutmann(ctx, length, key)</code> is equivalent to
<code>arctwo_set_key_ekb(ctx, length, key, 1024)</code>
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>arctwo_encrypt</b><i> </i>(<i>struct arctwo_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>dst</var><i>, uint8_t *</i><var>src</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Encryption function. <var>length</var> must be an integral multiple of the
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>arctwo_encrypt</b> (<var>struct arctwo_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-arctwo_005fencrypt-128"></a></var><br>
+<blockquote><p>Encryption function. <var>length</var> must be an integral multiple of the
block size. If it is more than one block, the data is processed in ECB
mode. <code>src</code> and <code>dst</code> may be equal, but they must not
overlap in any other way.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>arctwo_decrypt</b><i> </i>(<i>struct arctwo_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>dst</var><i>, uint8_t *</i><var>src</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Analogous to <code>arctwo_encrypt</code>
-</td></tr>
-</table>
-
-<h3 class="subsection">BLOWFISH</h4>
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>arctwo_decrypt</b> (<var>struct arctwo_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-arctwo_005fdecrypt-129"></a></var><br>
+<blockquote><p>Analogous to <code>arctwo_encrypt</code>
+</p></blockquote></div>
+
+<h4 class="subsection">6.2.4 BLOWFISH</h4>
<p>BLOWFISH is a block cipher designed by Bruce Schneier. It uses a block
size of 64 bits (8 octets), and a variable key size, up to 448 bits. It
-has some weak keys. Nettle defines BLOWFISH in <code><nettle/blowfish.h></code>.
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>struct blowfish_ctx</b><i>
- </i></td>
-<td align="right">Context struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>BLOWFISH_BLOCK_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-The BLOWFISH block-size, 8
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>BLOWFISH_MIN_KEY_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Minimum BLOWFISH key size, 8
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>BLOWFISH_MAX_KEY_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Maximum BLOWFISH key size, 56
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>BLOWFISH_KEY_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Default BLOWFISH key size, 16
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">int <b>blowfish_set_key</b><i> </i>(<i>struct blowfish_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>key</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Initialize the cipher. The same function is used for both encryption and
+has some weak keys. Nettle defines BLOWFISH in <samp><span class="file"><nettle/blowfish.h></span></samp>.
+
+<div class="defun">
+— Context struct: <b>struct blowfish_ctx</b><var><a name="index-struct-blowfish_005fctx-130"></a></var><br>
+ </div>
+
+<div class="defun">
+— Constant: <b>BLOWFISH_BLOCK_SIZE</b><var><a name="index-BLOWFISH_005fBLOCK_005fSIZE-131"></a></var><br>
+<blockquote><p>The BLOWFISH block-size, 8.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>BLOWFISH_MIN_KEY_SIZE</b><var><a name="index-BLOWFISH_005fMIN_005fKEY_005fSIZE-132"></a></var><br>
+<blockquote><p>Minimum BLOWFISH key size, 8.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>BLOWFISH_MAX_KEY_SIZE</b><var><a name="index-BLOWFISH_005fMAX_005fKEY_005fSIZE-133"></a></var><br>
+<blockquote><p>Maximum BLOWFISH key size, 56.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>BLOWFISH_KEY_SIZE</b><var><a name="index-BLOWFISH_005fKEY_005fSIZE-134"></a></var><br>
+<blockquote><p>Default BLOWFISH key size, 16.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: int <b>blowfish_set_key</b> (<var>struct blowfish_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-blowfish_005fset_005fkey-135"></a></var><br>
+<blockquote><p>Initialize the cipher. The same function is used for both encryption and
decryption. Checks for weak keys, returning 1
for good keys and 0 for weak keys. Applications that don't care about
weak keys can ignore the return value.
- <p><code>blowfish_encrypt</code> or <code>blowfish_decrypt</code> with a weak key will
+
<p><code>blowfish_encrypt</code> or <code>blowfish_decrypt</code> with a weak key will
crash with an assert violation.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>blowfish_encrypt</b><i> </i>(<i>struct blowfish_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>dst</var><i>, uint8_t *</i><var>src</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Encryption function. <var>length</var> must be an integral multiple of the
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>blowfish_encrypt</b> (<var>struct blowfish_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-blowfish_005fencrypt-136"></a></var><br>
+<blockquote><p>Encryption function. <var>length</var> must be an integral multiple of the
block size. If it is more than one block, the data is processed in ECB
mode. <code>src</code> and <code>dst</code> may be equal, but they must not overlap
in any other way.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>blowfish_decrypt</b><i> </i>(<i>struct blowfish_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>dst</var><i>, uint8_t *</i><var>src</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Analogous to <code>blowfish_encrypt</code>
-</td></tr>
-</table>
-
-<h3 class="subsection">Camellia</h4>
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>blowfish_decrypt</b> (<var>struct blowfish_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-blowfish_005fdecrypt-137"></a></var><br>
+<blockquote><p>Analogous to <code>blowfish_encrypt</code>
+</p></blockquote></div>
+
+<h4 class="subsection">6.2.5 Camellia</h4>
<p>Camellia is a block cipher developed by Mitsubishi and Nippon Telegraph
and Telephone Corporation, described in <cite>RFC3713</cite>, and recommended
implementation released by NTT under the GNU LGPL (v2.1 or later), and
relies on the implicit patent license of the LGPL. There is also a
statement of royalty-free licensing for Camellia at
-<<code>http://www.ntt.co.jp/news/news01e/0104/010417.html</code>>, but this
+<a href="http://www.ntt.co.jp/news/news01e/0104/010417.html">http://www.ntt.co.jp/news/news01e/0104/010417.html</a>, but this
statement has some limitations which seem problematic for free software.
<p>Camellia uses a the same block size and key sizes as AES: The block size
is 128 bits (16 octets), and the supported key sizes are 128, 192, and
-256 bits. Nettle defines Camellia in <code><nettle/camellia.h></code>.
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>struct camellia_ctx</b><i>
- </i></td>
-<td align="right">Context struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>CAMELLIA_BLOCK_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-The CAMELLIA block-size, 16
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>CAMELLIA_MIN_KEY_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>CAMELLIA_MAX_KEY_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>CAMELLIA_KEY_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Default CAMELLIA key size, 32
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>camellia_set_encrypt_key</b><i> </i>(<i>struct camellia_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>key</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-
-<tr>
-<td align="left">void <b>camellia_set_decrypt_key</b><i> </i>(<i>struct camellia_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>key</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Initialize the cipher, for encryption or decryption, respectively.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>camellia_invert_key</b><i> </i>(<i>struct camellia_ctx *</i><var>dst</var><i>, const struct camellia_ctx *</i><var>src</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Given a context <var>src</var> initialized for encryption, initializes the
+256 bits. Nettle defines Camellia in <samp><span class="file"><nettle/camellia.h></span></samp>.
+
+<div class="defun">
+— Context struct: <b>struct camellia_ctx</b><var><a name="index-struct-camellia_005fctx-138"></a></var><br>
+ </div>
+
+<div class="defun">
+— Constant: <b>CAMELLIA_BLOCK_SIZE</b><var><a name="index-CAMELLIA_005fBLOCK_005fSIZE-139"></a></var><br>
+<blockquote><p>The CAMELLIA block-size, 16.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>CAMELLIA_MIN_KEY_SIZE</b><var><a name="index-CAMELLIA_005fMIN_005fKEY_005fSIZE-140"></a></var><br>
+ </div>
+
+<div class="defun">
+— Constant: <b>CAMELLIA_MAX_KEY_SIZE</b><var><a name="index-CAMELLIA_005fMAX_005fKEY_005fSIZE-141"></a></var><br>
+ </div>
+
+<div class="defun">
+— Constant: <b>CAMELLIA_KEY_SIZE</b><var><a name="index-CAMELLIA_005fKEY_005fSIZE-142"></a></var><br>
+<blockquote><p>Default CAMELLIA key size, 32.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>camellia_set_encrypt_key</b> (<var>struct camellia_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-camellia_005fset_005fencrypt_005fkey-143"></a></var><br>
+— Function: void <b>camellia_set_decrypt_key</b> (<var>struct camellia_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-camellia_005fset_005fdecrypt_005fkey-144"></a></var><br>
+<blockquote><p>Initialize the cipher, for encryption or decryption, respectively.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>camellia_invert_key</b> (<var>struct camellia_ctx *dst, const struct camellia_ctx *src</var>)<var><a name="index-camellia_005finvert_005fkey-145"></a></var><br>
+<blockquote><p>Given a context <var>src</var> initialized for encryption, initializes the
context struct <var>dst</var> for decryption, using the same key. If the same
context struct is passed for both <code>src</code> and <code>dst</code>, it is
converted in place. Calling <code>camellia_set_encrypt_key</code> and
<code>camellia_set_encrypt_key</code> and <code>camellia_set_decrypt_key</code>. This function
is mainly useful for applications which needs to both encrypt and
decrypt using the <em>same</em> key.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>camellia_crypt</b><i> </i>(<i>struct camellia_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>dst</var><i>, uint8_t *</i><var>src</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-The same function is used for both encryption and decryption.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>camellia_crypt</b> (<var>struct camellia_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-camellia_005fcrypt-146"></a></var><br>
+<blockquote><p>The same function is used for both encryption and decryption.
<var>length</var> must be an integral multiple of the block size. If it is
more than one block, the data is processed in ECB mode. <code>src</code> and
<code>dst</code> may be equal, but they must not overlap in any other way.
-</td></tr>
-</table>
+</p></blockquote></div>
-<h3 class="subsection">CAST128</h4>
+<h4 class="subsection">6.2.6 CAST128</h4>
<p>CAST-128 is a block cipher, specified in <cite>RFC 2144</cite>. It uses a 64
bit (8 octets) block size, and a variable key size of up to 128 bits.
-Nettle defines cast128 in <code><nettle/cast128.h></code>.
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>struct cast128_ctx</b><i>
- </i></td>
-<td align="right">Context struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>CAST128_BLOCK_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-The CAST128 block-size, 8
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>CAST128_MIN_KEY_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Minimum CAST128 key size, 5
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>CAST128_MAX_KEY_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Maximum CAST128 key size, 16
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>CAST128_KEY_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Default CAST128 key size, 16
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>cast128_set_key</b><i> </i>(<i>struct cast128_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>key</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Initialize the cipher. The same function is used for both encryption and
+Nettle defines cast128 in <samp><span class="file"><nettle/cast128.h></span></samp>.
+
+<div class="defun">
+— Context struct: <b>struct cast128_ctx</b><var><a name="index-struct-cast128_005fctx-147"></a></var><br>
+ </div>
+
+<div class="defun">
+— Constant: <b>CAST128_BLOCK_SIZE</b><var><a name="index-CAST128_005fBLOCK_005fSIZE-148"></a></var><br>
+<blockquote><p>The CAST128 block-size, 8.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>CAST128_MIN_KEY_SIZE</b><var><a name="index-CAST128_005fMIN_005fKEY_005fSIZE-149"></a></var><br>
+<blockquote><p>Minimum CAST128 key size, 5.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>CAST128_MAX_KEY_SIZE</b><var><a name="index-CAST128_005fMAX_005fKEY_005fSIZE-150"></a></var><br>
+<blockquote><p>Maximum CAST128 key size, 16.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>CAST128_KEY_SIZE</b><var><a name="index-CAST128_005fKEY_005fSIZE-151"></a></var><br>
+<blockquote><p>Default CAST128 key size, 16.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>cast128_set_key</b> (<var>struct cast128_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-cast128_005fset_005fkey-152"></a></var><br>
+<blockquote><p>Initialize the cipher. The same function is used for both encryption and
decryption.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>cast128_encrypt</b><i> </i>(<i>struct cast128_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>dst</var><i>, uint8_t *</i><var>src</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Encryption function. <var>length</var> must be an integral multiple of the
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>cast128_encrypt</b> (<var>struct cast128_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-cast128_005fencrypt-153"></a></var><br>
+<blockquote><p>Encryption function. <var>length</var> must be an integral multiple of the
block size. If it is more than one block, the data is processed in ECB
mode. <code>src</code> and <code>dst</code> may be equal, but they must not overlap
in any other way.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>cast128_decrypt</b><i> </i>(<i>struct cast128_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>dst</var><i>, uint8_t *</i><var>src</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Analogous to <code>cast128_encrypt</code>
-</td></tr>
-</table>
-
-<h3 class="subsection">DES</h4>
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>cast128_decrypt</b> (<var>struct cast128_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-cast128_005fdecrypt-154"></a></var><br>
+<blockquote><p>Analogous to <code>cast128_encrypt</code>
+</p></blockquote></div>
+
+<h4 class="subsection">6.2.7 DES</h4>
<p>DES is the old Data Encryption Standard, specified by NIST. It uses a
block size of 64 bits (8 octets), and a key size of 56 bits. However,
<p>The key size of DES is so small that keys can be found by brute force,
using specialized hardware or lots of ordinary work stations in
parallel. One shouldn't be using plain DES at all today, if one uses
-DES at all one should be using "triple DES", see DES3 below.
-
- <p>DES also has some weak keys. Nettle defines DES in <code><nettle/des.h></code>.
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>struct des_ctx</b><i>
- </i></td>
-<td align="right">Context struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>DES_BLOCK_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-The DES block-size, 8
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>DES_KEY_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-DES key size, 8
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">int <b>des_set_key</b><i> </i>(<i>struct des_ctx *</i><var>ctx</var><i>, const uint8_t *</i><var>key</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Initialize the cipher. The same function is used for both encryption and
+DES at all one should be using “triple DES”, see DES3 below.
+
+ <p>DES also has some weak keys. Nettle defines DES in <samp><span class="file"><nettle/des.h></span></samp>.
+
+<div class="defun">
+— Context struct: <b>struct des_ctx</b><var><a name="index-struct-des_005fctx-155"></a></var><br>
+ </div>
+
+<div class="defun">
+— Constant: <b>DES_BLOCK_SIZE</b><var><a name="index-DES_005fBLOCK_005fSIZE-156"></a></var><br>
+<blockquote><p>The DES block-size, 8.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>DES_KEY_SIZE</b><var><a name="index-DES_005fKEY_005fSIZE-157"></a></var><br>
+<blockquote><p>DES key size, 8.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: int <b>des_set_key</b> (<var>struct des_ctx *ctx, const uint8_t *key</var>)<var><a name="index-des_005fset_005fkey-158"></a></var><br>
+<blockquote><p>Initialize the cipher. The same function is used for both encryption and
decryption. Parity bits are ignored. Checks for weak keys, returning 1
for good keys and 0 for weak keys. Applications that don't care about
weak keys can ignore the return value.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>des_encrypt</b><i> </i>(<i>struct des_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>dst</var><i>, uint8_t *</i><var>src</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Encryption function. <var>length</var> must be an integral multiple of the
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>des_encrypt</b> (<var>struct des_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-des_005fencrypt-159"></a></var><br>
+<blockquote><p>Encryption function. <var>length</var> must be an integral multiple of the
block size. If it is more than one block, the data is processed in ECB
mode. <code>src</code> and <code>dst</code> may be equal, but they must not overlap
in any other way.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>des_decrypt</b><i> </i>(<i>struct des_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>dst</var><i>, uint8_t *</i><var>src</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Analogous to <code>des_encrypt</code>
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">int <b>des_check_parity</b><i> </i>(<i>unsigned </i><var>length</var><i>, const uint8_t *</i><var>key</var><i></i>)<i>;
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Checks that the given key has correct, odd, parity. Returns 1 for
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>des_decrypt</b> (<var>struct des_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-des_005fdecrypt-160"></a></var><br>
+<blockquote><p>Analogous to <code>des_encrypt</code>
+</p></blockquote></div>
+
+<div class="defun">
+— Function: int <b>des_check_parity</b> (<var>unsigned length, const uint8_t *key</var>)<var>;<a name="index-des_005fcheck_005fparity-161"></a></var><br>
+<blockquote><p>Checks that the given key has correct, odd, parity. Returns 1 for
correct parity, and 0 for bad parity.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>des_fix_parity</b><i> </i>(<i>unsigned </i><var>length</var><i>, uint8_t *</i><var>dst</var><i>, const uint8_t *</i><var>src</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Adjusts the parity bits to match DES's requirements. You need this
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>des_fix_parity</b> (<var>unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-des_005ffix_005fparity-162"></a></var><br>
+<blockquote><p>Adjusts the parity bits to match DES's requirements. You need this
function if you have created a random-looking string by a key agreement
protocol, and want to use it as a DES key. <var>dst</var> and <var>src</var> may
be equal.
-</td></tr>
-</table>
+</p></blockquote></div>
-<h3 class="subsection">DES3</h4>
+<h4 class="subsection">6.2.8 DES3</h4>
<p>The inadequate key size of DES has already been mentioned. One way to
increase the key size is to pipe together several DES boxes with
in the reverse direction. To encrypt a block with DES3, you encrypt it
using the first 56 bits of the key, then <em>decrypt</em> it using the
middle 56 bits of the key, and finally encrypt it again using the last
-56 bits of the key. This is known as "ede" triple-DES, for
-"encrypt-decrypt-encrypt".
+56 bits of the key. This is known as “ede” triple-DES, for
+“encrypt-decrypt-encrypt”.
- <p>The "ede" construction provides some backward compatibility, as you get
+ <p>The “ede” construction provides some backward compatibility, as you get
plain single DES simply by feeding the same key to all three boxes. That
should help keeping down the gate count, and the price, of hardware
circuits implementing both plain DES and DES3.
<p>DES3 has a key size of 168 bits, but just like plain DES, useless parity
bits are inserted, so that keys are represented as 24 octets (192 bits).
As a 112 bit key is large enough to make brute force attacks
-impractical, some applications uses a "two-key" variant of triple-DES.
+impractical, some applications uses a “two-key” variant of triple-DES.
In this mode, the same key bits are used for the first and the last DES
box in the pipe, while the middle box is keyed independently. The
two-key variant is believed to be secure, i.e. there are no known
attacks significantly better than brute force.
<p>Naturally, it's simple to implement triple-DES on top of Nettle's DES
-functions. Nettle includes an implementation of three-key "ede"
+functions. Nettle includes an implementation of three-key “ede”
triple-DES, it is defined in the same place as plain DES,
-<code><nettle/des.h></code>.
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>struct des3_ctx</b><i>
- </i></td>
-<td align="right">Context struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>DES3_BLOCK_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-The DES3 block-size is the same as DES_BLOCK_SIZE, 8
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>DES3_KEY_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-DES key size, 24
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">int <b>des3_set_key</b><i> </i>(<i>struct des3_ctx *</i><var>ctx</var><i>, const uint8_t *</i><var>key</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Initialize the cipher. The same function is used for both encryption and
+<samp><span class="file"><nettle/des.h></span></samp>.
+
+<div class="defun">
+— Context struct: <b>struct des3_ctx</b><var><a name="index-struct-des3_005fctx-163"></a></var><br>
+ </div>
+
+<div class="defun">
+— Constant: <b>DES3_BLOCK_SIZE</b><var><a name="index-DES3_005fBLOCK_005fSIZE-164"></a></var><br>
+<blockquote><p>The DES3 block-size is the same as DES_BLOCK_SIZE, 8.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>DES3_KEY_SIZE</b><var><a name="index-DES3_005fKEY_005fSIZE-165"></a></var><br>
+<blockquote><p>DES key size, 24.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: int <b>des3_set_key</b> (<var>struct des3_ctx *ctx, const uint8_t *key</var>)<var><a name="index-des3_005fset_005fkey-166"></a></var><br>
+<blockquote><p>Initialize the cipher. The same function is used for both encryption and
decryption. Parity bits are ignored. Checks for weak keys, returning 1
if all three keys are good keys, and 0 if one or more key is weak.
Applications that don't care about weak keys can ignore the return
value.
-</td></tr>
-</table>
+</p></blockquote></div>
<p>For random-looking strings, you can use <code>des_fix_parity</code> to adjust
the parity bits before calling <code>des3_set_key</code>.
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>des3_encrypt</b><i> </i>(<i>struct des3_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>dst</var><i>, uint8_t *</i><var>src</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Encryption function. <var>length</var> must be an integral multiple of the
+<div class="defun">
+— Function: void <b>des3_encrypt</b> (<var>struct des3_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-des3_005fencrypt-167"></a></var><br>
+<blockquote><p>Encryption function. <var>length</var> must be an integral multiple of the
block size. If it is more than one block, the data is processed in ECB
mode. <code>src</code> and <code>dst</code> may be equal, but they must not overlap
in any other way.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>des3_decrypt</b><i> </i>(<i>struct des3_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>dst</var><i>, uint8_t *</i><var>src</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Analogous to <code>des_encrypt</code>
-</td></tr>
-</table>
-
-<h3 class="subsection">SERPENT</h4>
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>des3_decrypt</b> (<var>struct des3_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-des3_005fdecrypt-168"></a></var><br>
+<blockquote><p>Analogous to <code>des_encrypt</code>
+</p></blockquote></div>
+
+<h4 class="subsection">6.2.9 Salsa20</h4>
+
+<p>Salsa20 is a fairly recent stream cipher designed by D. J. Bernstein. It
+is built on the observation that a cryptographic hash function can be
+used for encryption: Form the hash input from the secret key and a
+counter, xor the hash output and the first block of the plaintext, then
+increment the counter to process the next block (similar to CTR mode, see
+see <a href="#CTR">CTR</a>). Bernstein defined an encryption algorithm, Snuffle,
+in this way to ridicule United States export restrictions which treated hash
+functions as nice and harmless, but ciphers as dangerous munitions.
+
+ <p>Salsa20 uses the same idea, but with a new specialized hash function to
+mix key, block counter, and a couple of constants. It's also designed
+for speed; on x86_64, it is currently the fastest cipher offered by
+nettle. It uses a block size of 512 bits (64 octets) and there are two
+specified key sizes, 128 and 256 bits (16 and 32 octets).
+
+ <p><strong>Caution:</strong> The hash function used in Salsa20 is <em>not</em>
+directly applicable for use as a general hash function. It's <em>not</em>
+collision resistant if arbitrary inputs are allowed, and furthermore,
+the input and output is of fixed size.
+
+ <p>When using Salsa20 to process a message, one specifies both a key and a
+<dfn>nonce</dfn>, the latter playing a similar rôle to the initialization
+vector (<acronym>IV</acronym>) used with <acronym>CBC</acronym> or <acronym>CTR</acronym> mode. For
+this reason, Nettle uses the term <acronym>IV</acronym> to refer to the Salsa20
+nonce. One can use the same key for several messages, provided one uses
+a unique random <acronym>iv</acronym> for each message. The <acronym>iv</acronym> is 64
+bits (8 octets). The block counter is initialized to zero for each
+message, and is also 64 bits (8 octets). Nettle defines Salsa20 in
+<samp><span class="file"><nettle/salsa20.h></span></samp>.
+
+<div class="defun">
+— Context struct: <b>struct salsa20_ctx</b><var><a name="index-struct-salsa20_005fctx-169"></a></var><br>
+ </div>
+
+<div class="defun">
+— Constant: <b>SALSA20_MIN_KEY_SIZE</b><var><a name="index-SALSA20_005fMIN_005fKEY_005fSIZE-170"></a></var><br>
+— Constant: <b>SALSA20_MAX_KEY_SIZE</b><var><a name="index-SALSA20_005fMAX_005fKEY_005fSIZE-171"></a></var><br>
+<blockquote><p>The two supported key sizes, 16 and 32 octets.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>SALSA20_KEY_SIZE</b><var><a name="index-SALSA20_005fKEY_005fSIZE-172"></a></var><br>
+<blockquote><p>Recommended key size, 32.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>SALSA20_BLOCK_SIZE</b><var><a name="index-SALSA20_005fBLOCK_005fSIZE-173"></a></var><br>
+<blockquote><p>Salsa20 block size, 64.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>SALSA20_IV_SIZE</b><var><a name="index-SALSA20_005fIV_005fSIZE-174"></a></var><br>
+<blockquote><p>Size of the <acronym>IV</acronym>, 8.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>salsa20_set_key</b> (<var>struct salsa20_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-salsa20_005fset_005fkey-175"></a></var><br>
+<blockquote><p>Initialize the cipher. The same function is used for both encryption and
+decryption. Before using the cipher, you <em>must</em> also call
+<code>salsa20_set_iv</code>, see below.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>salsa20_set_iv</b> (<var>struct salsa20_ctx *ctx, const uint8_t *iv</var>)<var><a name="index-salsa20_005fset_005fiv-176"></a></var><br>
+<blockquote><p>Sets the <acronym>IV</acronym>. It is always of size <code>SALSA20_IV_SIZE</code>, 8
+octets. This function also initializes the block counter, setting it to
+zero.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>salsa20_crypt</b> (<var>struct salsa20_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-salsa20_005fcrypt-177"></a></var><br>
+<blockquote><p>Encrypts or decrypts the data of a message, using salsa20. When a
+message is encrypted using a sequence of calls to <code>salsa20_crypt</code>,
+all but the last call <em>must</em> use a length that is a multiple of
+<code>SALSA20_BLOCK_SIZE</code>.
+</p></blockquote></div>
+
+ <p>The full salsa20 cipher uses 20 rounds of mixing. Variants of Salsa20
+with fewer rounds are possible, and the 12-round variant is specified by
+eSTREAM, see <a href="http://www.ecrypt.eu.org/stream/finallist.html">http://www.ecrypt.eu.org/stream/finallist.html</a>.
+Nettle calls this variant <code>salsa20r12</code>. It uses the same context
+struct and key setup as the full salsa20 cipher, but a separate function
+for encryption and decryption.
+
+<div class="defun">
+— Function: void <b>salsa20r12_crypt</b> (<var>struct salsa20_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-salsa20r12_005fcrypt-178"></a></var><br>
+<blockquote><p>Encrypts or decrypts the data of a message, using salsa20 reduced to 12
+rounds.
+</p></blockquote></div>
+
+<h4 class="subsection">6.2.10 SERPENT</h4>
<p>SERPENT is one of the AES finalists, designed by Ross Anderson, Eli
Biham and Lars Knudsen. Thus, the interface and properties are similar
to AES'. One peculiarity is that it is quite pointless to use it with
anything but the maximum key size, smaller keys are just padded to
-larger ones. Nettle defines SERPENT in <code><nettle/serpent.h></code>.
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>struct serpent_ctx</b><i>
- </i></td>
-<td align="right">Context struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>SERPENT_BLOCK_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-The SERPENT block-size, 16
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>SERPENT_MIN_KEY_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Minimum SERPENT key size, 16
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>SERPENT_MAX_KEY_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Maximum SERPENT key size, 32
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>SERPENT_KEY_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Default SERPENT key size, 32
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>serpent_set_key</b><i> </i>(<i>struct serpent_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>key</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Initialize the cipher. The same function is used for both encryption and
+larger ones. Nettle defines SERPENT in <samp><span class="file"><nettle/serpent.h></span></samp>.
+
+<div class="defun">
+— Context struct: <b>struct serpent_ctx</b><var><a name="index-struct-serpent_005fctx-179"></a></var><br>
+ </div>
+
+<div class="defun">
+— Constant: <b>SERPENT_BLOCK_SIZE</b><var><a name="index-SERPENT_005fBLOCK_005fSIZE-180"></a></var><br>
+<blockquote><p>The SERPENT block-size, 16.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>SERPENT_MIN_KEY_SIZE</b><var><a name="index-SERPENT_005fMIN_005fKEY_005fSIZE-181"></a></var><br>
+<blockquote><p>Minimum SERPENT key size, 16.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>SERPENT_MAX_KEY_SIZE</b><var><a name="index-SERPENT_005fMAX_005fKEY_005fSIZE-182"></a></var><br>
+<blockquote><p>Maximum SERPENT key size, 32.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>SERPENT_KEY_SIZE</b><var><a name="index-SERPENT_005fKEY_005fSIZE-183"></a></var><br>
+<blockquote><p>Default SERPENT key size, 32.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>serpent_set_key</b> (<var>struct serpent_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-serpent_005fset_005fkey-184"></a></var><br>
+<blockquote><p>Initialize the cipher. The same function is used for both encryption and
decryption.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>serpent_encrypt</b><i> </i>(<i>struct serpent_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>dst</var><i>, uint8_t *</i><var>src</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Encryption function. <var>length</var> must be an integral multiple of the
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>serpent_encrypt</b> (<var>struct serpent_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-serpent_005fencrypt-185"></a></var><br>
+<blockquote><p>Encryption function. <var>length</var> must be an integral multiple of the
block size. If it is more than one block, the data is processed in ECB
mode. <code>src</code> and <code>dst</code> may be equal, but they must not overlap
in any other way.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>serpent_decrypt</b><i> </i>(<i>struct serpent_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>dst</var><i>, uint8_t *</i><var>src</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Analogous to <code>serpent_encrypt</code>
-</td></tr>
-</table>
-
-<h3 class="subsection">TWOFISH</h4>
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>serpent_decrypt</b> (<var>struct serpent_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-serpent_005fdecrypt-186"></a></var><br>
+<blockquote><p>Analogous to <code>serpent_encrypt</code>
+</p></blockquote></div>
+
+<h4 class="subsection">6.2.11 TWOFISH</h4>
<p>Another AES finalist, this one designed by Bruce Schneier and others.
-Nettle defines it in <code><nettle/twofish.h></code>.
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>struct twofish_ctx</b><i>
- </i></td>
-<td align="right">Context struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>TWOFISH_BLOCK_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-The TWOFISH block-size, 16
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>TWOFISH_MIN_KEY_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Minimum TWOFISH key size, 16
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>TWOFISH_MAX_KEY_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Maximum TWOFISH key size, 32
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>TWOFISH_KEY_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Default TWOFISH key size, 32
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>twofish_set_key</b><i> </i>(<i>struct twofish_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>key</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Initialize the cipher. The same function is used for both encryption and
+Nettle defines it in <samp><span class="file"><nettle/twofish.h></span></samp>.
+
+<div class="defun">
+— Context struct: <b>struct twofish_ctx</b><var><a name="index-struct-twofish_005fctx-187"></a></var><br>
+ </div>
+
+<div class="defun">
+— Constant: <b>TWOFISH_BLOCK_SIZE</b><var><a name="index-TWOFISH_005fBLOCK_005fSIZE-188"></a></var><br>
+<blockquote><p>The TWOFISH block-size, 16.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>TWOFISH_MIN_KEY_SIZE</b><var><a name="index-TWOFISH_005fMIN_005fKEY_005fSIZE-189"></a></var><br>
+<blockquote><p>Minimum TWOFISH key size, 16.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>TWOFISH_MAX_KEY_SIZE</b><var><a name="index-TWOFISH_005fMAX_005fKEY_005fSIZE-190"></a></var><br>
+<blockquote><p>Maximum TWOFISH key size, 32.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>TWOFISH_KEY_SIZE</b><var><a name="index-TWOFISH_005fKEY_005fSIZE-191"></a></var><br>
+<blockquote><p>Default TWOFISH key size, 32.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>twofish_set_key</b> (<var>struct twofish_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-twofish_005fset_005fkey-192"></a></var><br>
+<blockquote><p>Initialize the cipher. The same function is used for both encryption and
decryption.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>twofish_encrypt</b><i> </i>(<i>struct twofish_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>dst</var><i>, uint8_t *</i><var>src</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Encryption function. <var>length</var> must be an integral multiple of the
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>twofish_encrypt</b> (<var>struct twofish_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-twofish_005fencrypt-193"></a></var><br>
+<blockquote><p>Encryption function. <var>length</var> must be an integral multiple of the
block size. If it is more than one block, the data is processed in ECB
mode. <code>src</code> and <code>dst</code> may be equal, but they must not overlap
in any other way.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>twofish_decrypt</b><i> </i>(<i>struct twofish_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>dst</var><i>, uint8_t *</i><var>src</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Analogous to <code>twofish_encrypt</code>
-</td></tr>
-</table>
-
-<h3 class="subsection"><code>struct nettle_cipher</code></h4>
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>twofish_decrypt</b> (<var>struct twofish_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-twofish_005fdecrypt-194"></a></var><br>
+<blockquote><p>Analogous to <code>twofish_encrypt</code>
+</p></blockquote></div>
+
+<!-- @node nettle_cipher, Cipher Block Chaining, Cipher functions, Reference -->
+<!-- @comment node-name, next, previous, up -->
+<h4 class="subsection">6.2.12 <code>struct nettle_cipher</code></h4>
<p>Nettle includes a struct including information about some of the more
regular cipher functions. It should be considered a little experimental,
but can be useful for applications that need a simple way to handle
various algorithms. Nettle defines these structs in
-<code><nettle/nettle-meta.h></code>.
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b></b><code>struct nettle_cipher</code><b></b><i> name context_size block_size key_size set_encrypt_key set_decrypt_key encrypt decrypt
- </i></td>
-<td align="right">Meta struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-The last four attributes are function pointers, of types
+<samp><span class="file"><nettle/nettle-meta.h></span></samp>.
+
+<div class="defun">
+— Meta struct: <code>struct nettle_cipher</code><var> name context_size block_size key_size set_encrypt_key set_decrypt_key encrypt decrypt<a name="index-g_t_0040code_007bstruct-nettle_005fcipher_007d-195"></a></var><br>
+<blockquote><p>The last four attributes are function pointers, of types
<code>nettle_set_key_func</code> and <code>nettle_crypt_func</code>. The first
argument to these functions is a <code>void *</code> pointer to a context
struct, which is of size <code>context_size</code>.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">struct nettle_cipher <b>nettle_aes128</b><i>
- </i></td>
-<td align="right">Constant Struct</td>
-</tr>
-
-<tr>
-<td align="left">struct nettle_cipher <b>nettle_aes192</b><i>
- </i></td>
-<td align="right">Constant Struct</td>
-</tr>
-
-<tr>
-<td align="left">struct nettle_cipher <b>nettle_aes256</b><i>
- </i></td>
-<td align="right">Constant Struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-
-<tr>
-<td align="left">struct nettle_cipher <b>nettle_arctwo40;</b><i>
- </i></td>
-<td align="right">Constant Struct</td>
-</tr>
-
-<tr>
-<td align="left">struct nettle_cipher <b>nettle_arctwo64;</b><i>
- </i></td>
-<td align="right">Constant Struct</td>
-</tr>
-
-<tr>
-<td align="left">struct nettle_cipher <b>nettle_arctwo128;</b><i>
- </i></td>
-<td align="right">Constant Struct</td>
-</tr>
-
-<tr>
-<td align="left">struct nettle_cipher <b>nettle_arctwo_gutmann128;</b><i>
- </i></td>
-<td align="right">Constant Struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-
-<tr>
-<td align="left">struct nettle_cipher <b>nettle_arcfour128</b><i>
- </i></td>
-<td align="right">Constant Struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-
-<tr>
-<td align="left">struct nettle_cipher <b>nettle_camellia128</b><i>
- </i></td>
-<td align="right">Constant Struct</td>
-</tr>
-
-<tr>
-<td align="left">struct nettle_cipher <b>nettle_camellia192</b><i>
- </i></td>
-<td align="right">Constant Struct</td>
-</tr>
-
-<tr>
-<td align="left">struct nettle_cipher <b>nettle_camellia256</b><i>
- </i></td>
-<td align="right">Constant Struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-
-<tr>
-<td align="left">struct nettle_cipher <b>nettle_cast128</b><i>
- </i></td>
-<td align="right">Constant Struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-
-<tr>
-<td align="left">struct nettle_cipher <b>nettle_serpent128</b><i>
- </i></td>
-<td align="right">Constant Struct</td>
-</tr>
-
-<tr>
-<td align="left">struct nettle_cipher <b>nettle_serpent192</b><i>
- </i></td>
-<td align="right">Constant Struct</td>
-</tr>
-
-<tr>
-<td align="left">struct nettle_cipher <b>nettle_serpent256</b><i>
- </i></td>
-<td align="right">Constant Struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-
-<tr>
-<td align="left">struct nettle_cipher <b>nettle_twofish128</b><i>
- </i></td>
-<td align="right">Constant Struct</td>
-</tr>
-
-<tr>
-<td align="left">struct nettle_cipher <b>nettle_twofish192</b><i>
- </i></td>
-<td align="right">Constant Struct</td>
-</tr>
-
-<tr>
-<td align="left">struct nettle_cipher <b>nettle_twofish256</b><i>
- </i></td>
-<td align="right">Constant Struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-
-<tr>
-<td align="left">struct nettle_cipher <b>nettle_arctwo40;</b><i>
- </i></td>
-<td align="right">Constant Struct</td>
-</tr>
-
-<tr>
-<td align="left">struct nettle_cipher <b>nettle_arctwo64;</b><i>
- </i></td>
-<td align="right">Constant Struct</td>
-</tr>
-
-<tr>
-<td align="left">struct nettle_cipher <b>nettle_arctwo128;</b><i>
- </i></td>
-<td align="right">Constant Struct</td>
-</tr>
-
-<tr>
-<td align="left">struct nettle_cipher <b>nettle_arctwo_gutmann128;</b><i>
- </i></td>
-<td align="right">Constant Struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-
- <p>Nettle includes such structs for all the <em>regular</em> ciphers, i.e.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant Struct: struct nettle_cipher <b>nettle_aes128</b><var><a name="index-nettle_005faes128-196"></a></var><br>
+— Constant Struct: struct nettle_cipher <b>nettle_aes192</b><var><a name="index-nettle_005faes192-197"></a></var><br>
+— Constant Struct: struct nettle_cipher <b>nettle_aes256</b><var><a name="index-nettle_005faes256-198"></a></var><br>
+
+ — Constant Struct: struct nettle_cipher <b>nettle_arctwo40</b><var><a name="index-nettle_005farctwo40-199"></a></var><br>
+— Constant Struct: struct nettle_cipher <b>nettle_arctwo64</b><var><a name="index-nettle_005farctwo64-200"></a></var><br>
+— Constant Struct: struct nettle_cipher <b>nettle_arctwo128</b><var><a name="index-nettle_005farctwo128-201"></a></var><br>
+— Constant Struct: struct nettle_cipher <b>nettle_arctwo_gutmann128</b><var><a name="index-nettle_005farctwo_005fgutmann128-202"></a></var><br>
+
+ — Constant Struct: struct nettle_cipher <b>nettle_arcfour128</b><var><a name="index-nettle_005farcfour128-203"></a></var><br>
+
+ — Constant Struct: struct nettle_cipher <b>nettle_camellia128</b><var><a name="index-nettle_005fcamellia128-204"></a></var><br>
+— Constant Struct: struct nettle_cipher <b>nettle_camellia192</b><var><a name="index-nettle_005fcamellia192-205"></a></var><br>
+— Constant Struct: struct nettle_cipher <b>nettle_camellia256</b><var><a name="index-nettle_005fcamellia256-206"></a></var><br>
+
+ — Constant Struct: struct nettle_cipher <b>nettle_cast128</b><var><a name="index-nettle_005fcast128-207"></a></var><br>
+
+ — Constant Struct: struct nettle_cipher <b>nettle_serpent128</b><var><a name="index-nettle_005fserpent128-208"></a></var><br>
+— Constant Struct: struct nettle_cipher <b>nettle_serpent192</b><var><a name="index-nettle_005fserpent192-209"></a></var><br>
+— Constant Struct: struct nettle_cipher <b>nettle_serpent256</b><var><a name="index-nettle_005fserpent256-210"></a></var><br>
+
+ — Constant Struct: struct nettle_cipher <b>nettle_twofish128</b><var><a name="index-nettle_005ftwofish128-211"></a></var><br>
+— Constant Struct: struct nettle_cipher <b>nettle_twofish192</b><var><a name="index-nettle_005ftwofish192-212"></a></var><br>
+— Constant Struct: struct nettle_cipher <b>nettle_twofish256</b><var><a name="index-nettle_005ftwofish256-213"></a></var><br>
+<blockquote><p>Nettle includes such structs for all the <em>regular</em> ciphers, i.e.
ones without weak keys or other oddities.
-</td></tr>
-</table>
+</p></blockquote></div>
+
+ <p>Nettle also exports a list of all these ciphers without weak keys or
+other oddities.
+
+<div class="defun">
+— Constant Array: struct nettle_cipher ** <b>nettle_ciphers</b><var><a name="index-nettle_005fciphers-214"></a></var><br>
+<blockquote><p>This list can be used to dynamically enumerate or search the supported
+algorithms. NULL-terminated.
+</p></blockquote></div>
<div class="node">
+<a name="Cipher-modes"></a>
<p><hr>
-Node: <a name="Cipher%20modes">Cipher modes</a>,
-Next: <a rel="next" accesskey="n" href="#Keyed%20hash%20functions">Keyed hash functions</a>,
-Previous: <a rel="previous" accesskey="p" href="#Cipher%20functions">Cipher functions</a>,
+Next: <a rel="next" accesskey="n" href="#Keyed-hash-functions">Keyed hash functions</a>,
+Previous: <a rel="previous" accesskey="p" href="#Cipher-functions">Cipher functions</a>,
Up: <a rel="up" accesskey="u" href="#Reference">Reference</a>
-<br>
+
</div>
-<h3 class="section">Cipher modes</h3>
-
-<p>Cipher modes of operation specifies the procedure to use when
-encrypting a message that is larger than the cipher's block size. As
-explained in See <a href="#Cipher%20functions">Cipher functions</a>, splitting the message into blocks
-and processing them independently with the block cipher (Electronic Code
-Book mode, <small>ECB</small>) leaks information. Besides <small>ECB</small>,
-Nettle provides two other modes of operation: Cipher Block Chaining
-(<small>CBC</small>) and Counter mode (<small>CTR</small>). <small>CBC</small> is
-widely used, but there are a few subtle issues of information leakage.
-<small>CTR</small> was standardized more recently, and is believed to be more
-secure.
+<!-- node-name, next, previous, up -->
+<h3 class="section">6.3 Cipher modes</h3>
+
+<p>Cipher modes of operation specifies the procedure to use when encrypting
+a message that is larger than the cipher's block size. As explained in
+See <a href="#Cipher-functions">Cipher functions</a>, splitting the message into blocks and
+processing them independently with the block cipher (Electronic Code
+Book mode, <acronym>ECB</acronym>) leaks information. Besides <acronym>ECB</acronym>,
+Nettle provides three other modes of operation: Cipher Block Chaining
+(<acronym>CBC</acronym>), Counter mode (<acronym>CTR</acronym>), and Galois/Counter mode
+(<acronym>GCM</acronym>). <acronym>CBC</acronym> is widely used, but there are a few
+subtle issues of information leakage, see, e.g.,
+<a href="http://www.kb.cert.org/vuls/id/958563"><acronym>SSH</acronym> <acronym>CBC</acronym> vulnerability</a>. <acronym>CTR</acronym> and <acronym>GCM</acronym>
+were standardized more recently, and are believed to be more secure.
+<acronym>GCM</acronym> includes message authentication; for the other modes, one
+should always use a <acronym>MAC</acronym> (see <a href="#Keyed-hash-functions">Keyed hash functions</a>) or
+signature to authenticate the message.
+
+<ul class="menu">
+<li><a accesskey="1" href="#CBC">CBC</a>
+<li><a accesskey="2" href="#CTR">CTR</a>
+<li><a accesskey="3" href="#GCM">GCM</a>
+</ul>
+
+<div class="node">
+<a name="CBC"></a>
+<p><hr>
+Next: <a rel="next" accesskey="n" href="#CTR">CTR</a>,
+Previous: <a rel="previous" accesskey="p" href="#Cipher-modes">Cipher modes</a>,
+Up: <a rel="up" accesskey="u" href="#Cipher-modes">Cipher modes</a>
+
+</div>
-<h3 class="subsection">Cipher Block Chaining</h4>
+<!-- node-name, next, previous, up -->
+<h4 class="subsection">6.3.1 Cipher Block Chaining</h4>
-<p>When using <small>CBC</small> mode, plaintext blocks are not encrypted
+<p><a name="index-Cipher-Block-Chaining-215"></a><a name="index-CBC-Mode-216"></a>
+When using <acronym>CBC</acronym> mode, plaintext blocks are not encrypted
independently of each other, like in Electronic Cook Book mode. Instead,
-when encrypting a block in <small>CBC</small> mode, the previous ciphertext
+when encrypting a block in <acronym>CBC</acronym> mode, the previous ciphertext
block is XORed with the plaintext before it is fed to the block cipher.
When encrypting the first block, a random block called an <dfn>IV</dfn>, or
-Initialization Vector, is used as the "previous ciphertext block". The
+Initialization Vector, is used as the “previous ciphertext block”. The
IV should be chosen randomly, but it need not be kept secret, and can
even be transmitted in the clear together with the encrypted data.
...
C_n = E_k(C_(n-1) XOR M_n)
- </pre>
-
+</pre>
<p>Nettle's includes two functions for applying a block cipher in Cipher
-Block Chaining (<small>CBC</small>) mode, one for encryption and one for
+Block Chaining (<acronym>CBC</acronym>) mode, one for encryption and one for
decryption. These functions uses <code>void *</code> to pass cipher contexts
around.
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>cbc_encrypt</b><i> </i>(<i>void *</i><var>ctx</var><i>, nettle_crypt_func </i><var>f</var><i>, unsigned </i><var>block_size</var><i>, uint8_t *</i><var>iv</var><i>, unsigned </i><var>length</var><i>, uint8_t *</i><var>dst</var><i>, const uint8_t *</i><var>src</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-
-<tr>
-<td align="left">void <b>cbc_decrypt</b><i> </i>(<i>void *</i><var>ctx</var><i>, void </i>(<i>*</i><var>f</var><i></i>)<i></i>(<i></i>)<i>, unsigned </i><var>block_size</var><i>, uint8_t *</i><var>iv</var><i>, unsigned </i><var>length</var><i>, uint8_t *</i><var>dst</var><i>, const uint8_t *</i><var>src</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-
- <p>Applies the encryption or decryption function <var>f</var> in <small>CBC</small>
+<div class="defun">
+— Function: void <b>cbc_encrypt</b> (<var>void *ctx, nettle_crypt_func f, unsigned block_size, uint8_t *iv, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-cbc_005fencrypt-217"></a></var><br>
+— Function: void <b>cbc_decrypt</b> (<var>void *ctx, void </var>(<var>*f</var>)()<var>, unsigned block_size, uint8_t *iv, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-cbc_005fdecrypt-218"></a></var><br>
+<blockquote>
+ <p>Applies the encryption or decryption function <var>f</var> in <acronym>CBC</acronym>
mode. The final ciphertext block processed is copied into <var>iv</var>
before returning, so that large message be processed be a sequence of
calls to <code>cbc_encrypt</code>. The function <var>f</var> is of type
- <p><code>void f (void *</code><var>ctx</var><code>, unsigned </code><var>length</var><code>, uint8_t </code><var>dst</var><code>,
+
<p><code>void f (void *</code><var>ctx</var><code>, unsigned </code><var>length</var><code>, uint8_t </code><var>dst</var><code>,
const uint8_t *</code><var>src</var><code>)</code>,
- <p>and the <code>cbc_encrypt</code> and <code>cbc_decrypt</code> functions pass their
+ <p class="noindent">and the <code>cbc_encrypt</code> and <code>cbc_decrypt</code> functions pass their
argument <var>ctx</var> on to <var>f</var>.
-</td></tr>
-</table>
+</p></blockquote></div>
<p>There are also some macros to help use these functions correctly.
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>CBC_CTX</b><i> </i>(<i></i><var>context_type</var><i>, </i><var>block_size</var><i></i>)<i>
- </i></td>
-<td align="right">Macro</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Expands into
+<div class="defun">
+— Macro: <b>CBC_CTX</b> (<var>context_type, block_size</var>)<var><a name="index-CBC_005fCTX-219"></a></var><br>
+<blockquote><p>Expands to
<pre class="example"> {
context_type ctx;
uint8_t iv[block_size];
}
- </pre>
- </td></tr>
-</table>
+</pre>
+ </blockquote></div>
- <p>It can be used to define a <small>CBC</small> context struct, either directly,
+ <p>It can be used to define a <acronym>CBC</acronym> context struct, either directly,
<pre class="example"> struct CBC_CTX(struct aes_ctx, AES_BLOCK_SIZE) ctx;
- </pre>
-
+</pre>
<p>or to give it a struct tag,
<pre class="example"> struct aes_cbc_ctx CBC_CTX (struct aes_ctx, AES_BLOCK_SIZE);
- </pre>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>CBC_SET_IV</b><i> </i>(<i></i><var>ctx</var><i>, </i><var>iv</var><i></i>)<i>
- </i></td>
-<td align="right">Macro</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-First argument is a pointer to a context struct as defined by <code>CBC_CTX</code>,
+</pre>
+ <div class="defun">
+— Macro: <b>CBC_SET_IV</b> (<var>ctx, iv</var>)<var><a name="index-CBC_005fSET_005fIV-220"></a></var><br>
+<blockquote><p>First argument is a pointer to a context struct as defined by <code>CBC_CTX</code>,
and the second is a pointer to an Initialization Vector (IV) that is
copied into that context.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>CBC_ENCRYPT</b><i> </i>(<i></i><var>ctx</var><i>, </i><var>f</var><i>, </i><var>length</var><i>, </i><var>dst</var><i>, </i><var>src</var><i></i>)<i>
- </i></td>
-<td align="right">Macro</td>
-</tr>
-
-<tr>
-<td align="left"><b>CBC_DECRYPT</b><i> </i>(<i></i><var>ctx</var><i>, </i><var>f</var><i>, </i><var>length</var><i>, </i><var>dst</var><i>, </i><var>src</var><i></i>)<i>
- </i></td>
-<td align="right">Macro</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-A simpler way to invoke <code>cbc_encrypt</code> and <code>cbc_decrypt</code>. The
+</p></blockquote></div>
+
+<div class="defun">
+— Macro: <b>CBC_ENCRYPT</b> (<var>ctx, f, length, dst, src</var>)<var><a name="index-CBC_005fENCRYPT-221"></a></var><br>
+— Macro: <b>CBC_DECRYPT</b> (<var>ctx, f, length, dst, src</var>)<var><a name="index-CBC_005fDECRYPT-222"></a></var><br>
+<blockquote><p>A simpler way to invoke <code>cbc_encrypt</code> and <code>cbc_decrypt</code>. The
first argument is a pointer to a context struct as defined by
<code>CBC_CTX</code>, and the second argument is an encryption or decryption
function following Nettle's conventions. The last three arguments define
the source and destination area for the operation.
-</td></tr>
-</table>
+</p></blockquote></div>
<p>These macros use some tricks to make the compiler display a warning if
the types of <var>f</var> and <var>ctx</var> don't match, e.g. if you try to use
an <code>struct aes_ctx</code> context with the <code>des_encrypt</code> function.
-<h3 class="subsection">Counter mode</h4>
+<div class="node">
+<a name="CTR"></a>
+<p><hr>
+Next: <a rel="next" accesskey="n" href="#GCM">GCM</a>,
+Previous: <a rel="previous" accesskey="p" href="#CBC">CBC</a>,
+Up: <a rel="up" accesskey="u" href="#Cipher-modes">Cipher modes</a>
+
+</div>
+
+<!-- node-name, next, previous, up -->
+<h4 class="subsection">6.3.2 Counter mode</h4>
-<p>Counter mode (<small>CTR</small>) uses the block cipher as a keyed
+<p><a name="index-Counter-Mode-223"></a><a name="index-CTR-Mode-224"></a>
+Counter mode (<acronym>CTR</acronym>) uses the block cipher as a keyed
pseudo-random generator. The output of the generator is XORed with the
data to be encrypted. It can be understood as a way to transform a block
cipher to a stream cipher.
C_(n-1) = E_k(IC + n - 2) XOR M_(n-1)
C_n = E_k(IC + n - 1) [1..m] XOR M_n
- </pre>
-
- <p>The <small>IC</small> is the initial value for the counter, it plays a
-similar role as the <small>IV</small> for <small>CBC</small>. When adding,
-<code>IC + x</code>, <small>IC</small> is interpreted as an integer, in network
+</pre>
+ <p>The <acronym>IC</acronym> is the initial value for the counter, it plays a
+similar rôle as the <acronym>IV</acronym> for <acronym>CBC</acronym>. When adding,
+<code>IC + x</code>, <acronym>IC</acronym> is interpreted as an integer, in network
byte order. For the last block, <code>E_k(IC + n - 1) [1..m]</code> means that
the cipher output is truncated to <code>m</code> bytes.
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>ctr_crypt</b><i> </i>(<i>void *</i><var>ctx</var><i>, nettle_crypt_func </i><var>f</var><i>, unsigned </i><var>block_size</var><i>, uint8_t *</i><var>ctr</var><i>, unsigned </i><var>length</var><i>, uint8_t *</i><var>dst</var><i>, const uint8_t *</i><var>src</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-
- <p>Applies the encryption function <var>f</var> in <small>CTR</small> mode. Note that
-for <small>CTR</small> mode, encryption and decryption is the same operation,
+<div class="defun">
+— Function: void <b>ctr_crypt</b> (<var>void *ctx, nettle_crypt_func f, unsigned block_size, uint8_t *ctr, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-ctr_005fcrypt-225"></a></var><br>
+<blockquote>
+ <p>Applies the encryption function <var>f</var> in <acronym>CTR</acronym> mode. Note that
+for <acronym>CTR</acronym> mode, encryption and decryption is the same operation,
and hence <var>f</var> should always be the encryption function for the
underlying block cipher.
- <p>When a message is encrypted using a sequence of calls to
+
<p>When a message is encrypted using a sequence of calls to
<code>ctr_crypt</code>, all but the last call <em>must</em> use a length that is
a multiple of the block size.
-</td></tr>
-</table>
-
- <p>Like for <small>CBC</small>, there are also a couple of helper macros.
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>CTR_CTX</b><i> </i>(<i></i><var>context_type</var><i>, </i><var>block_size</var><i></i>)<i>
- </i></td>
-<td align="right">Macro</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Expands into
+</p></blockquote></div>
+
+ <p>Like for <acronym>CBC</acronym>, there are also a couple of helper macros.
+
+<div class="defun">
+— Macro: <b>CTR_CTX</b> (<var>context_type, block_size</var>)<var><a name="index-CTR_005fCTX-226"></a></var><br>
+<blockquote><p>Expands to
<pre class="example"> {
context_type ctx;
uint8_t ctr[block_size];
}
- </pre>
- </td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>CTR_SET_COUNTER</b><i> </i>(<i></i><var>ctx</var><i>, </i><var>iv</var><i></i>)<i>
- </i></td>
-<td align="right">Macro</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-First argument is a pointer to a context struct as defined by
+</pre>
+ </blockquote></div>
+
+<div class="defun">
+— Macro: <b>CTR_SET_COUNTER</b> (<var>ctx, iv</var>)<var><a name="index-CTR_005fSET_005fCOUNTER-227"></a></var><br>
+<blockquote><p>First argument is a pointer to a context struct as defined by
<code>CTR_CTX</code>, and the second is a pointer to an initial counter that
is copied into that context.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>CTR_CRYPT</b><i> </i>(<i></i><var>ctx</var><i>, </i><var>f</var><i>, </i><var>length</var><i>, </i><var>dst</var><i>, </i><var>src</var><i></i>)<i>
- </i></td>
-<td align="right">Macro</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-A simpler way to invoke <code>ctr_crypt</code>. The first argument is a
+</p></blockquote></div>
+
+<div class="defun">
+— Macro: <b>CTR_CRYPT</b> (<var>ctx, f, length, dst, src</var>)<var><a name="index-CTR_005fCRYPT-228"></a></var><br>
+<blockquote><p>A simpler way to invoke <code>ctr_crypt</code>. The first argument is a
pointer to a context struct as defined by <code>CTR_CTX</code>, and the second
argument is an encryption function following Nettle's conventions. The
last three arguments define the source and destination area for the
operation.
-</td></tr>
-</table>
+</p></blockquote></div>
+
+<div class="node">
+<a name="GCM"></a>
+<p><hr>
+Previous: <a rel="previous" accesskey="p" href="#CTR">CTR</a>,
+Up: <a rel="up" accesskey="u" href="#Cipher-modes">Cipher modes</a>
+
+</div>
+
+<!-- node-name, next, previous, up -->
+<h4 class="subsection">6.3.3 Galois counter mode</h4>
+
+<p><a name="index-Galois-Counter-Mode-229"></a><a name="index-GCM-230"></a>
+Galois counter mode is the combination of counter mode with message
+authentication based on universal hashing. The main objective of the
+design is to provide high performance for hardware implementations,
+where other popular <acronym>MAC</acronym> algorithms (see <a href="#Keyed-hash-functions">Keyed hash functions</a> becomes a bottleneck for high-speed hardware implementations.
+It was proposed by David A. McGrew and John Viega in 2005, and
+recommended by NIST in 2007,
+<a href="http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf">NIST Special Publication 800-38D</a>. It is constructed on top of a block
+cipher which must have a block size of 128 bits.
+
+ <p><acronym>GCM</acronym> is applied to messages of arbitrary length. The inputs
+are:
+
+ <ul>
+<li>A key, which can be used for many messages.
+<li>An initialization vector (<acronym>IV</acronym>) which <em>must</em> be unique for
+each message.
+<li>Additional authenticated data, which is to be included in the message
+authentication, but not encrypted. May be empty.
+<li>The plaintext. Maybe empty.
+</ul>
+
+ <p>The outputs are a ciphertext, of the same length as the plaintext, and a
+message digest of length 128 bits. Nettle's support for <acronym>GCM</acronym>
+consists of a low-level general interface, some convenience macros, and
+specific functions for <acronym>GCM</acronym> using <acronym>AES</acronym> as the
+underlying cipher. These interfaces are defined in <samp><span class="file"><nettle/gcm.h></span></samp>
+
+<h5 class="subsubsection">6.3.3.1 General <acronym>GCM</acronym> interface</h5>
+
+<div class="defun">
+— Context struct: <b>struct gcm_key</b><var><a name="index-struct-gcm_005fkey-231"></a></var><br>
+<blockquote><p>Message independent hash sub-key, and related tables.
+</p></blockquote></div>
+
+<div class="defun">
+— Context struct: <b>struct gcm_ctx</b><var><a name="index-struct-gcm_005fctx-232"></a></var><br>
+<blockquote><p>Holds state corresponding to a particular message.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>GCM_BLOCK_SIZE</b><var><a name="index-GCM_005fBLOCK_005fSIZE-233"></a></var><br>
+<blockquote><p><acronym>GCM</acronym>'s block size, 16.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>GCM_IV_SIZE</b><var><a name="index-GCM_005fIV_005fSIZE-234"></a></var><br>
+<blockquote><p>Recommended size of the <acronym>IV</acronym>, 12. Other sizes are allowed.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>gcm_set_key</b> (<var>struct gcm_key *key, void *cipher, nettle_crypt_func *f</var>)<var><a name="index-gcm_005fset_005fkey-235"></a></var><br>
+<blockquote><p>Initializes <var>key</var>. <var>cipher</var> gives a context struct for the
+underlying cipher, which must have been previously initialized for
+encryption, and <var>f</var> is the encryption function.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>gcm_set_iv</b> (<var>struct gcm_ctx *ctx, const struct gcm_key *key, unsigned length, const uint8_t *iv</var>)<var><a name="index-gcm_005fset_005fiv-236"></a></var><br>
+<blockquote><p>Initializes <var>ctx</var> using the given <acronym>IV</acronym>. The <var>key</var>
+argument is actually needed only if <var>length</var> differs from
+<code>GCM_IV_SIZE</code>.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>gcm_update</b> (<var>struct gcm_ctx *ctx, const struct gcm_key *key, unsigned length, const uint8_t *data</var>)<var><a name="index-gcm_005fupdate-237"></a></var><br>
+<blockquote><p>Provides associated data to be authenticated. If used, must be called
+before <code>gcm_encrypt</code> or <code>gcm_decrypt</code>. All but the last call
+for each message <em>must</em> use a length that is a multiple of the
+block size.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>gcm_encrypt</b> (<var>struct gcm_ctx *ctx, const struct gcm_key *key void *cipher, nettle_crypt_func *f, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-gcm_005fencrypt-238"></a></var><br>
+— Function: void <b>gcm_decrypt</b> (<var>struct gcm_ctx *ctx, const struct gcm_key *key, void *cipher, nettle_crypt_func *f, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-gcm_005fdecrypt-239"></a></var><br>
+<blockquote><p>Encrypts or decrypts the data of a message. <var>cipher</var> is the context
+struct for the underlying cipher and <var>f</var> is the encryption function.
+All but the last call for each message <em>must</em> use a length that is
+a multiple of the block size.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>gcm_digest</b> (<var>struct gcm_ctx *ctx, const struct gcm_key *key, void *cipher, nettle_crypt_func *f, unsigned length, uint8_t *digest</var>)<var><a name="index-gcm_005fdigest-240"></a></var><br>
+<blockquote><p>Extracts the message digest (also known “authentication tag”). This is
+the final operation when processing a message. <var>length</var> is usually
+equal to <code>GCM_BLOCK_SIZE</code>, but if you provide a smaller value,
+only the first <var>length</var> octets of the digest are written.
+</p></blockquote></div>
+
+ <p>To encrypt a message using <acronym>GCM</acronym>, first initialize a context for
+the underlying block cipher with a key to use for encryption. Then call
+the above functions in the following order: <code>gcm_set_key</code>,
+<code>gcm_set_iv</code>, <code>gcm_update</code>, <code>gcm_encrypt</code>,
+<code>gcm_digest</code>. The decryption procedure is analogous, just calling
+<code>gcm_decrypt</code> instead of <code>gcm_encrypt</code> (note that
+<acronym>GCM</acronym> decryption still uses the encryption function of the
+underlying block cipher). To process a new message, using the same key,
+call <code>gcm_set_iv</code> with a new <acronym>iv</acronym>.
+
+<h5 class="subsubsection">6.3.3.2 <acronym>GCM</acronym> helper macros</h5>
+
+<p>The following macros are defined.
+
+<div class="defun">
+— Macro: <b>GCM_CTX</b> (<var>context_type</var>)<var><a name="index-GCM_005fCTX-241"></a></var><br>
+<blockquote><p>This defines an all-in-one context struct, including the context of the
+underlying cipher, the hash sub-key, and the per-message state. It expands
+to
+ <pre class="example"> {
+ context_type cipher;
+ struct gcm_key key;
+ struct gcm_ctx gcm;
+ }
+</pre>
+ </blockquote></div>
+
+ <p>Example use:
+<pre class="example"> struct gcm_aes_ctx GCM_CTX(struct aes_ctx);
+</pre>
+ <p>The following macros operate on context structs of this form.
+
+<div class="defun">
+— Macro: <b>GCM_SET_KEY</b> (<var>ctx, set_key, encrypt, length, data</var>)<var><a name="index-GCM_005fSET_005fKEY-242"></a></var><br>
+<blockquote><p>First argument, <var>ctx</var>, is a context struct as defined
+by <code>GCM_CTX</code>. <var>set_key</var> and <var>encrypt</var> are functions for
+setting the encryption key and for encrypting data using the underlying
+cipher. <var>length</var> and <var>data</var> give the key.
+</p></blockquote></div>
+
+<div class="defun">
+— Macro: <b>GCM_SET_IV</b> (<var>ctx, length, data</var>)<var><a name="index-GCM_005fSET_005fIV-243"></a></var><br>
+<blockquote><p>First argument is a context struct as defined by
+<code>GCM_CTX</code>. <var>length</var> and <var>data</var> give the initialization
+vector (<acronym>IV</acronym>).
+</p></blockquote></div>
+
+<div class="defun">
+— Macro: <b>GCM_UPDATE</b> (<var>ctx, length, data</var>)<var><a name="index-GCM_005fUPDATE-244"></a></var><br>
+<blockquote><p>Simpler way to call <code>gcm_update</code>. First argument is a context
+struct as defined by <code>GCM_CTX</code>
+</p></blockquote></div>
+
+<div class="defun">
+— Macro: <b>GCM_ENCRYPT</b> (<var>ctx, encrypt, length, dst, src</var>)<var><a name="index-GCM_005fENCRYPT-245"></a></var><br>
+— Macro: <b>GCM_DECRYPT</b> (<var>ctx, encrypt, length, dst, src</var>)<var><a name="index-GCM_005fDECRYPT-246"></a></var><br>
+— Macro: <b>GCM_DIGEST</b> (<var>ctx, encrypt, length, digest</var>)<var><a name="index-GCM_005fDIGEST-247"></a></var><br>
+<blockquote><p>Simpler way to call <code>gcm_encrypt</code>, <code>gcm_decrypt</code> or
+<code>gcm_digest</code>. First argument is a context struct as defined by
+<code>GCM_CTX</code>. Second argument, <var>encrypt</var>, is a pointer to the
+encryption function of the underlying cipher.
+</p></blockquote></div>
+
+<h5 class="subsubsection">6.3.3.3 <acronym>GCM</acronym>-<acronym>AES</acronym> interface</h5>
+
+<p>The following functions implement the common case of <acronym>GCM</acronym> using
+<acronym>AES</acronym> as the underlying cipher.
+
+<div class="defun">
+— Context struct: <b>struct gcm_aes_ctx</b><var><a name="index-struct-gcm_005faes_005fctx-248"></a></var><br>
+<blockquote><p>The context struct, defined using <code>GCM_CTX</code>.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>gcm_aes_set_key</b> (<var>struct gcm_aes_ctx *ctx, unsigned length, const uint8_t *key</var>)<var><a name="index-gcm_005faes_005fset_005fkey-249"></a></var><br>
+<blockquote><p>Initializes <var>ctx</var> using the given key. All valid <acronym>AES</acronym> key
+sizes can be used.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>gcm_aes_set_iv</b> (<var>struct gcm_aes_ctx *ctx, unsigned length, const uint8_t *iv</var>)<var><a name="index-gcm_005faes_005fset_005fiv-250"></a></var><br>
+<blockquote><p>Initializes the per-message state, using the given <acronym>IV</acronym>.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>gcm_aes_update</b> (<var>struct gcm_aes_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-gcm_005faes_005fupdate-251"></a></var><br>
+<blockquote><p>Provides associated data to be authenticated. If used, must be called
+before <code>gcm_aes_encrypt</code> or <code>gcm_aes_decrypt</code>. All but the last call
+for each message <em>must</em> use a length that is a multiple of the
+block size.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>gcm_aes_encrypt</b> (<var>struct gcm_aes_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-gcm_005faes_005fencrypt-252"></a></var><br>
+— Function: void <b>gcm_aes_decrypt</b> (<var>struct gcm_aes_ctx *ctx, unsigned length, uint8_t *dst, const uint8_t *src</var>)<var><a name="index-gcm_005faes_005fdecrypt-253"></a></var><br>
+<blockquote><p>Encrypts or decrypts the data of a message. All but the last call for
+each message <em>must</em> use a length that is a multiple of the block
+size.
+
+ </blockquote></div>
+
+<div class="defun">
+— Function: void <b>gcm_aes_digest</b> (<var>struct gcm_aes_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-gcm_005faes_005fdigest-254"></a></var><br>
+<blockquote><p>Extracts the message digest (also known “authentication tag”). This is
+the final operation when processing a message. <var>length</var> is usually
+equal to <code>GCM_BLOCK_SIZE</code>, but if you provide a smaller value,
+only the first <var>length</var> octets of the digest are written.
+</p></blockquote></div>
<div class="node">
+<a name="Keyed-hash-functions"></a>
<p><hr>
-Node: <a name="Keyed%20hash%20functions">Keyed hash functions</a>,
-Next: <a rel="next" accesskey="n" href="#Public-key%20algorithms">Public-key algorithms</a>,
-Previous: <a rel="previous" accesskey="p" href="#Cipher%20modes">Cipher modes</a>,
+Next: <a rel="next" accesskey="n" href="#Key-derivation-functions">Key derivation functions</a>,
+Previous: <a rel="previous" accesskey="p" href="#Cipher-modes">Cipher modes</a>,
Up: <a rel="up" accesskey="u" href="#Reference">Reference</a>
-<br>
+
</div>
-<h3 class="section">Keyed Hash Functions</h3>
+<!-- node-name, next, previous, up -->
+<h3 class="section">6.4 Keyed Hash Functions</h3>
-<p>A <dfn>keyed hash function</dfn>, or <dfn>Message Authentication Code</dfn>
-(<small>MAC</small>) is a function that takes a key and a message, and
-produces fixed size <small>MAC</small>. It should be hard to compute a
-message and a matching <small>MAC</small> without knowledge of the key. It
+<p><a name="index-Keyed-Hash-Function-255"></a><a name="index-Message-Authentication-Code-256"></a><a name="index-MAC-257"></a>
+A <dfn>keyed hash function</dfn>, or <dfn>Message Authentication Code</dfn>
+(<acronym>MAC</acronym>) is a function that takes a key and a message, and
+produces fixed size <acronym>MAC</acronym>. It should be hard to compute a
+message and a matching <acronym>MAC</acronym> without knowledge of the key. It
should also be hard to compute the key given only messages and
-corresponding <small>MAC</small>s.
+corresponding <acronym>MAC</acronym>s.
<p>Keyed hash functions are useful primarily for message authentication,
when Alice and Bob shares a secret: The sender, Alice, computes the
-<small>MAC</small> and attaches it to the message. The receiver, Bob, also computes
-the <small>MAC</small> of the message, using the same key, and compares that
+<acronym>MAC</acronym> and attaches it to the message. The receiver, Bob, also computes
+the <acronym>MAC</acronym> of the message, using the same key, and compares that
to Alice's value. If they match, Bob can be assured that
the message has not been modified on its way from Alice.
<p>However, unlike digital signatures, this assurance is not transferable.
-Bob can't show the message and the <small>MAC</small> to a third party and
+Bob can't show the message and the <acronym>MAC</acronym> to a third party and
prove that Alice sent that message. Not even if he gives away the key to
the third party. The reason is that the <em>same</em> key is used on both
-sides, and anyone knowing the key can create a correct <small>MAC</small> for
+sides, and anyone knowing the key can create a correct <acronym>MAC</acronym> for
any message. If Bob believes that only he and Alice knows the key, and
-he knows that he didn't attach a <small>MAC</small> to a particular message,
+he knows that he didn't attach a <acronym>MAC</acronym> to a particular message,
he knows it must be Alice who did it. However, the third party can't
-distinguish between a <small>MAC</small> created by Alice and one created by
+distinguish between a <acronym>MAC</acronym> created by Alice and one created by
Bob.
<p>Keyed hash functions are typically a lot faster than digital signatures
as well.
-<h3 class="subsection"><small>HMAC</small></h4>
+<h4 class="subsection">6.4.1 <acronym>HMAC</acronym></h4>
-<p>One can build keyed hash functions from ordinary hash functions. Older
+<p><a name="index-HMAC-258"></a>
+One can build keyed hash functions from ordinary hash functions. Older
constructions simply concatenate secret key and message and hashes that, but
such constructions have weaknesses. A better construction is
-<small>HMAC</small>, described in <cite>RFC 2104</cite>.
+<acronym>HMAC</acronym>, described in <cite>RFC 2104</cite>.
<p>For an underlying hash function <code>H</code>, with digest size <code>l</code> and
-internal block size <code>b</code>, <small>HMAC-H</small> is constructed as
+internal block size <code>b</code>, <acronym>HMAC-H</acronym> is constructed as
follows: From a given key <code>k</code>, two distinct subkeys <code>k_i</code> and
<code>k_o</code> are constructed, both of length <code>b</code>. The
-<small>HMAC-H</small> of a message <code>m</code> is then computed as <code>H(k_o |
+<acronym>HMAC-H</acronym> of a message <code>m</code> is then computed as <code>H(k_o |
H(k_i | m))</code>, where <code>|</code> denotes string concatenation.
- <p><small>HMAC</small> keys can be of any length, but it is recommended to use
+ <p><acronym>HMAC</acronym> keys can be of any length, but it is recommended to use
keys of length <code>l</code>, the digest size of the underlying hash function
<code>H</code>. Keys that are longer than <code>b</code> are shortened to length
<code>l</code> by hashing with <code>H</code>, so arbitrarily long keys aren't
very useful.
- <p>Nettle's <small>HMAC</small> functions are defined in <code><nettle/hmac.h></code>.
+ <p>Nettle's <acronym>HMAC</acronym> functions are defined in <samp><span class="file"><nettle/hmac.h></span></samp>.
There are abstract functions that use a pointer to a <code>struct
-nettle_hash</code> to represent the underlying hash function and <code>void
-*</code> pointers that point to three different context structs for that hash
-function. There are also concrete functions for <small>HMAC-MD5</small>,
-<small>HMAC-SHA1</small>, <small>HMAC-SHA256</small>, and <small>HMAC-SHA512</small>.
-First, the abstract functions:
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>hmac_set_key</b><i> </i>(<i>void *</i><var>outer</var><i>, void *</i><var>inner</var><i>, void *</i><var>state</var><i>, const struct nettle_hash *</i><var>H</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>key</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Initializes the three context structs from the key. The <var>outer</var> and
+nettle_hash</code> to represent the underlying hash function and <code>void *</code>
+pointers that point to three different context structs for that hash
+function. There are also concrete functions for <acronym>HMAC-MD5</acronym>,
+<acronym>HMAC-RIPEMD160</acronym> <acronym>HMAC-SHA1</acronym>, <acronym>HMAC-SHA256</acronym>, and
+<acronym>HMAC-SHA512</acronym>. First, the abstract functions:
+
+<div class="defun">
+— Function: void <b>hmac_set_key</b> (<var>void *outer, void *inner, void *state, const struct nettle_hash *H, unsigned length, const uint8_t *key</var>)<var><a name="index-hmac_005fset_005fkey-259"></a></var><br>
+<blockquote><p>Initializes the three context structs from the key. The <var>outer</var> and
<var>inner</var> contexts corresponds to the subkeys <code>k_o</code> and
<code>k_i</code>. <var>state</var> is used for hashing the message, and is
initialized as a copy of the <var>inner</var> context.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>hmac_update</b><i> </i>(<i>void *</i><var>state</var><i>, const struct nettle_hash *</i><var>H</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>data</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-This function is called zero or more times to process the message.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>hmac_update</b> (<var>void *state, const struct nettle_hash *H, unsigned length, const uint8_t *data</var>)<var><a name="index-hmac_005fupdate-260"></a></var><br>
+<blockquote><p>This function is called zero or more times to process the message.
Actually, <code>hmac_update(state, H, length, data)</code> is equivalent to
<code>H->update(state, length, data)</code>, so if you wish you can use the
ordinary update function of the underlying hash function instead.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>hmac_digest</b><i> </i>(<i>const void *</i><var>outer</var><i>, const void *</i><var>inner</var><i>, void *</i><var>state</var><i>, const struct nettle_hash *</i><var>H</var><i>, unsigned </i><var>length</var><i>, uint8_t *</i><var>digest</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Extracts the <small>MAC</small> of the message, writing it to <var>digest</var>.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>hmac_digest</b> (<var>const void *outer, const void *inner, void *state, const struct nettle_hash *H, unsigned length, uint8_t *digest</var>)<var><a name="index-hmac_005fdigest-261"></a></var><br>
+<blockquote><p>Extracts the <acronym>MAC</acronym> of the message, writing it to <var>digest</var>.
<var>outer</var> and <var>inner</var> are not modified. <var>length</var> is usually
equal to <code>H->digest_size</code>, but if you provide a smaller value,
-only the first <var>length</var> octets of the <small>MAC</small> are written.
+only the first <var>length</var> octets of the <acronym>MAC</acronym> are written.
- <p>This function also resets the <var>state</var> context so that you can start
+
<p>This function also resets the <var>state</var> context so that you can start
over processing a new message (with the same key).
-</td></tr>
-</table>
+</p></blockquote></div>
- <p>Like for <small>CBC</small>, there are some macros to help use these
+ <p>Like for <acronym>CBC</acronym>, there are some macros to help use these
functions correctly.
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>HMAC_CTX</b><i> </i>(<i></i><var>type</var><i></i>)<i>
- </i></td>
-<td align="right">Macro</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Expands into
+<div class="defun">
+— Macro: <b>HMAC_CTX</b> (<var>type</var>)<var><a name="index-HMAC_005fCTX-262"></a></var><br>
+<blockquote><p>Expands to
<pre class="example"> {
type outer;
type inner;
type state;
}
- </pre>
- </td></tr>
-</table>
+</pre>
+ </blockquote></div>
- <p>It can be used to define a <small>HMAC</small> context struct, either
+ <p>It can be used to define a <acronym>HMAC</acronym> context struct, either
directly,
<pre class="example"> struct HMAC_CTX(struct md5_ctx) ctx;
- </pre>
-
+</pre>
<p>or to give it a struct tag,
<pre class="example"> struct hmac_md5_ctx HMAC_CTX (struct md5_ctx);
- </pre>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>HMAC_SET_KEY</b><i> </i>(<i></i><var>ctx</var><i>, </i><var>H</var><i>, </i><var>length</var><i>, </i><var>key</var><i></i>)<i>
- </i></td>
-<td align="right">Macro</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-<var>ctx</var> is a pointer to a context struct as defined by
+</pre>
+ <div class="defun">
+— Macro: <b>HMAC_SET_KEY</b> (<var>ctx, H, length, key</var>)<var><a name="index-HMAC_005fSET_005fKEY-263"></a></var><br>
+<blockquote><p><var>ctx</var> is a pointer to a context struct as defined by
<code>HMAC_CTX</code>, <var>H</var> is a pointer to a <code>const struct
nettle_hash</code> describing the underlying hash function (so it must match
the type of the components of <var>ctx</var>). The last two arguments specify
the secret key.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>HMAC_DIGEST</b><i> </i>(<i></i><var>ctx</var><i>, </i><var>H</var><i>, </i><var>length</var><i>, </i><var>digest</var><i></i>)<i>
- </i></td>
-<td align="right">Macro</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-<var>ctx</var> is a pointer to a context struct as defined by
+</p></blockquote></div>
+
+<div class="defun">
+— Macro: <b>HMAC_DIGEST</b> (<var>ctx, H, length, digest</var>)<var><a name="index-HMAC_005fDIGEST-264"></a></var><br>
+<blockquote><p><var>ctx</var> is a pointer to a context struct as defined by
<code>HMAC_CTX</code>, <var>H</var> is a pointer to a <code>const struct
nettle_hash</code> describing the underlying hash function. The last two
arguments specify where the digest is written.
-</td></tr>
-</table>
+</p></blockquote></div>
<p>Note that there is no <code>HMAC_UPDATE</code> macro; simply call
<code>hmac_update</code> function directly, or the update function of the
underlying hash function.
-<h3 class="subsection">Concrete <small>HMAC</small> functions</h4>
-
-<p>Now we come to the specialized <small>HMAC</small> functions, which are
-easier to use than the general <small>HMAC</small> functions.
-
-<h3 class="subsubsection"><small>HMAC-MD5</small></h5>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>struct hmac_md5_ctx</b><i>
- </i></td>
-<td align="right">Context struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>hmac_md5_set_key</b><i> </i>(<i>struct hmac_md5_ctx *</i><var>ctx</var><i>, unsigned </i><var>key_length</var><i>, const uint8_t *</i><var>key</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Initializes the context with the key.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>hmac_md5_update</b><i> </i>(<i>struct hmac_md5_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>data</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Process some more data.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>hmac_md5_digest</b><i> </i>(<i>struct hmac_md5_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, uint8_t *</i><var>digest</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Extracts the <small>MAC</small>, writing it to <var>digest</var>. <var>length</var> may be smaller than
+<h4 class="subsection">6.4.2 Concrete <acronym>HMAC</acronym> functions</h4>
+
+<p>Now we come to the specialized <acronym>HMAC</acronym> functions, which are
+easier to use than the general <acronym>HMAC</acronym> functions.
+
+<h5 class="subsubsection">6.4.2.1 <acronym>HMAC-MD5</acronym></h5>
+
+<div class="defun">
+— Context struct: <b>struct hmac_md5_ctx</b><var><a name="index-struct-hmac_005fmd5_005fctx-265"></a></var><br>
+ </div>
+
+<div class="defun">
+— Function: void <b>hmac_md5_set_key</b> (<var>struct hmac_md5_ctx *ctx, unsigned key_length, const uint8_t *key</var>)<var><a name="index-hmac_005fmd5_005fset_005fkey-266"></a></var><br>
+<blockquote><p>Initializes the context with the key.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>hmac_md5_update</b> (<var>struct hmac_md5_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-hmac_005fmd5_005fupdate-267"></a></var><br>
+<blockquote><p>Process some more data.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>hmac_md5_digest</b> (<var>struct hmac_md5_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-hmac_005fmd5_005fdigest-268"></a></var><br>
+<blockquote><p>Extracts the <acronym>MAC</acronym>, writing it to <var>digest</var>. <var>length</var> may be smaller than
<code>MD5_DIGEST_SIZE</code>, in which case only the first <var>length</var>
-octets of the <small>MAC</small> are written.
+octets of the <acronym>MAC</acronym> are written.
+
+ <p>This function also resets the context for processing new messages, with
+the same key.
+</p></blockquote></div>
+
+<h5 class="subsubsection">6.4.2.2 <acronym>HMAC-RIPEMD160</acronym></h5>
+
+<div class="defun">
+— Context struct: <b>struct hmac_ripemd160_ctx</b><var><a name="index-struct-hmac_005fripemd160_005fctx-269"></a></var><br>
+ </div>
+
+<div class="defun">
+— Function: void <b>hmac_ripemd160_set_key</b> (<var>struct hmac_ripemd160_ctx *ctx, unsigned key_length, const uint8_t *key</var>)<var><a name="index-hmac_005fripemd160_005fset_005fkey-270"></a></var><br>
+<blockquote><p>Initializes the context with the key.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>hmac_ripemd160_update</b> (<var>struct hmac_ripemd160_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-hmac_005fripemd160_005fupdate-271"></a></var><br>
+<blockquote><p>Process some more data.
+</p></blockquote></div>
- <p>This function also resets the context for processing new messages, with
+<div class="defun">
+— Function: void <b>hmac_ripemd160_digest</b> (<var>struct hmac_ripemd160_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-hmac_005fripemd160_005fdigest-272"></a></var><br>
+<blockquote><p>Extracts the <acronym>MAC</acronym>, writing it to <var>digest</var>. <var>length</var> may be smaller than
+<code>RIPEMD160_DIGEST_SIZE</code>, in which case only the first <var>length</var>
+octets of the <acronym>MAC</acronym> are written.
+
+ <p>This function also resets the context for processing new messages, with
the same key.
-</td></tr>
-</table>
-
-<h3 class="subsubsection"><small>HMAC-SHA1</small></h5>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>struct hmac_sha1_ctx</b><i>
- </i></td>
-<td align="right">Context struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>hmac_sha1_set_key</b><i> </i>(<i>struct hmac_sha1_ctx *</i><var>ctx</var><i>, unsigned </i><var>key_length</var><i>, const uint8_t *</i><var>key</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Initializes the context with the key.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>hmac_sha1_update</b><i> </i>(<i>struct hmac_sha1_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>data</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Process some more data.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>hmac_sha1_digest</b><i> </i>(<i>struct hmac_sha1_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, uint8_t *</i><var>digest</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Extracts the <small>MAC</small>, writing it to <var>digest</var>. <var>length</var> may be smaller than
+</p></blockquote></div>
+
+<h5 class="subsubsection">6.4.2.3 <acronym>HMAC-SHA1</acronym></h5>
+
+<div class="defun">
+— Context struct: <b>struct hmac_sha1_ctx</b><var><a name="index-struct-hmac_005fsha1_005fctx-273"></a></var><br>
+ </div>
+
+<div class="defun">
+— Function: void <b>hmac_sha1_set_key</b> (<var>struct hmac_sha1_ctx *ctx, unsigned key_length, const uint8_t *key</var>)<var><a name="index-hmac_005fsha1_005fset_005fkey-274"></a></var><br>
+<blockquote><p>Initializes the context with the key.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>hmac_sha1_update</b> (<var>struct hmac_sha1_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-hmac_005fsha1_005fupdate-275"></a></var><br>
+<blockquote><p>Process some more data.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>hmac_sha1_digest</b> (<var>struct hmac_sha1_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-hmac_005fsha1_005fdigest-276"></a></var><br>
+<blockquote><p>Extracts the <acronym>MAC</acronym>, writing it to <var>digest</var>. <var>length</var> may be smaller than
<code>SHA1_DIGEST_SIZE</code>, in which case only the first <var>length</var>
-octets of the <small>MAC</small> are written.
+octets of the <acronym>MAC</acronym> are written.
- <p>This function also resets the context for processing new messages, with
+
<p>This function also resets the context for processing new messages, with
the same key.
-</td></tr>
-</table>
-
-<h3 class="subsubsection"><small>HMAC-SHA256</small></h5>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>struct hmac_sha256_ctx</b><i>
- </i></td>
-<td align="right">Context struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>hmac_sha256_set_key</b><i> </i>(<i>struct hmac_sha256_ctx *</i><var>ctx</var><i>, unsigned </i><var>key_length</var><i>, const uint8_t *</i><var>key</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Initializes the context with the key.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>hmac_sha256_update</b><i> </i>(<i>struct hmac_sha256_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>data</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Process some more data.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>hmac_sha256_digest</b><i> </i>(<i>struct hmac_sha256_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, uint8_t *</i><var>digest</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Extracts the <small>MAC</small>, writing it to <var>digest</var>. <var>length</var> may be smaller than
+</p></blockquote></div>
+
+<h5 class="subsubsection">6.4.2.4 <acronym>HMAC-SHA256</acronym></h5>
+
+<div class="defun">
+— Context struct: <b>struct hmac_sha256_ctx</b><var><a name="index-struct-hmac_005fsha256_005fctx-277"></a></var><br>
+ </div>
+
+<div class="defun">
+— Function: void <b>hmac_sha256_set_key</b> (<var>struct hmac_sha256_ctx *ctx, unsigned key_length, const uint8_t *key</var>)<var><a name="index-hmac_005fsha256_005fset_005fkey-278"></a></var><br>
+<blockquote><p>Initializes the context with the key.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>hmac_sha256_update</b> (<var>struct hmac_sha256_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-hmac_005fsha256_005fupdate-279"></a></var><br>
+<blockquote><p>Process some more data.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>hmac_sha256_digest</b> (<var>struct hmac_sha256_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-hmac_005fsha256_005fdigest-280"></a></var><br>
+<blockquote><p>Extracts the <acronym>MAC</acronym>, writing it to <var>digest</var>. <var>length</var> may be smaller than
<code>SHA256_DIGEST_SIZE</code>, in which case only the first <var>length</var>
-octets of the <small>MAC</small> are written.
+octets of the <acronym>MAC</acronym> are written.
- <p>This function also resets the context for processing new messages, with
+
<p>This function also resets the context for processing new messages, with
the same key.
-</td></tr>
-</table>
-
-<h3 class="subsubsection"><small>HMAC-SHA512</small></h5>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>struct hmac_sha512_ctx</b><i>
- </i></td>
-<td align="right">Context struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>hmac_sha512_set_key</b><i> </i>(<i>struct hmac_sha512_ctx *</i><var>ctx</var><i>, unsigned </i><var>key_length</var><i>, const uint8_t *</i><var>key</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Initializes the context with the key.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>hmac_sha512_update</b><i> </i>(<i>struct hmac_sha512_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>data</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Process some more data.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>hmac_sha512_digest</b><i> </i>(<i>struct hmac_sha512_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, uint8_t *</i><var>digest</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Extracts the <small>MAC</small>, writing it to <var>digest</var>. <var>length</var> may be smaller than
+</p></blockquote></div>
+
+<h5 class="subsubsection">6.4.2.5 <acronym>HMAC-SHA512</acronym></h5>
+
+<div class="defun">
+— Context struct: <b>struct hmac_sha512_ctx</b><var><a name="index-struct-hmac_005fsha512_005fctx-281"></a></var><br>
+ </div>
+
+<div class="defun">
+— Function: void <b>hmac_sha512_set_key</b> (<var>struct hmac_sha512_ctx *ctx, unsigned key_length, const uint8_t *key</var>)<var><a name="index-hmac_005fsha512_005fset_005fkey-282"></a></var><br>
+<blockquote><p>Initializes the context with the key.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>hmac_sha512_update</b> (<var>struct hmac_sha512_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-hmac_005fsha512_005fupdate-283"></a></var><br>
+<blockquote><p>Process some more data.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>hmac_sha512_digest</b> (<var>struct hmac_sha512_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-hmac_005fsha512_005fdigest-284"></a></var><br>
+<blockquote><p>Extracts the <acronym>MAC</acronym>, writing it to <var>digest</var>. <var>length</var> may be smaller than
<code>SHA512_DIGEST_SIZE</code>, in which case only the first <var>length</var>
-octets of the <small>MAC</small> are written.
+octets of the <acronym>MAC</acronym> are written.
- <p>This function also resets the context for processing new messages, with
+
<p>This function also resets the context for processing new messages, with
the same key.
-</td></tr>
-</table>
+</p></blockquote></div>
+
+<h4 class="subsection">6.4.3 <acronym>UMAC</acronym></h4>
+
+<p><a name="index-UMAC-285"></a>
+<acronym>UMAC</acronym> is a message authentication code based on universal
+hashing, and designed for high performance on modern processors (in
+contrast to GCM, See <a href="#GCM">GCM</a>, which is designed primarily for hardware
+performance). On processors with good integer multiplication
+performance, it can be 10 times faster than SHA256 and SHA512.
+<acronym>UMAC</acronym> is specified in <cite>RFC 4418</cite>.
+
+ <p>The secret key is always 128 bits (16 octets). The key is used as an
+encryption key for the <acronym>AES</acronym> block cipher. This cipher is used
+in counter mode to generate various internal subkeys needed in
+<acronym>UMAC</acronym>. Messages are of arbitrary size, and for each message,
+<acronym>UMAC</acronym> also needs a unique nonce. Nonce values must not be
+reused for two messages with the same key, but they need not be kept
+secret.
+
+ <p>The nonce must be at least one octet, and at most 16; nonces shorter
+than 16 octets are zero-padded. Nettle's implementation of
+<acronym>UMAC</acronym> increments the nonce for automatically each message, so
+explicitly setting the nonce for each message is optional. This
+auto-increment uses network byte order and it takes the length of the
+nonce into acount. E.g., if the initial nonce is “abc” (3 octets),
+this value is zero-padded to 16 octets for the first message. For the
+next message, the nonce is incremented to “abd”, and this incremented
+value is zero-padded to 16 octets.
+
+ <p><acronym>UMAC</acronym> is defined in four variants, for different output sizes:
+32 bits (4 octest), 64 bits (8 octets), 96 bits (12 octets) and 128 bits
+(16 octets), corresponding to different tradeoffs between speed and
+security. Using a shorter output size sometimes (but not always!) gives
+the same result as using a longer output size and truncating the result.
+So it is important to use the right variant. For consistency with other
+hash and <acronym>MAC</acronym> functions, Nettle's <code>_digest</code> functions for
+<acronym>UMAC</acronym> accept a length parameter so that the output can be
+truncated to any desired size, but it is recommended to stick to the
+specified output size and select the <acronym>umac</acronym> variant
+corresponding to the desired size.
+
+ <p>The internal block size of <acronym>UMAC</acronym> is 1024 octets, and it also
+generates more than 1024 bytes of subkeys. This makes the size of the
+context struct a bit larger than other hash functions and <acronym>MAC</acronym>
+algorithms in Nettle.
+
+ <p>Nettle defines <acronym>UMAC</acronym> in <samp><span class="file"><nettle/umac.h></span></samp>.
+
+<div class="defun">
+— Context struct: <b>struct umac32_ctx</b><var><a name="index-struct-umac32_005fctx-286"></a></var><br>
+— Context struct: <b>struct umac64_ctx</b><var><a name="index-struct-umac64_005fctx-287"></a></var><br>
+— Context struct: <b>struct umac96_ctx</b><var><a name="index-struct-umac96_005fctx-288"></a></var><br>
+— Context struct: <b>struct umac128_ctx</b><var><a name="index-struct-umac128_005fctx-289"></a></var><br>
+<blockquote><p>Each <acronym>UMAC</acronym> variant uses its own context struct.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>UMAC_KEY_SIZE</b><var><a name="index-UMAC_005fKEY_005fSIZE-290"></a></var><br>
+<blockquote><p>The UMAC key size, 16.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>UMAC32_DIGEST_SIZE</b><var><a name="index-UMAC32_005fDIGEST_005fSIZE-291"></a></var><br>
+<blockquote><p>The size of an UMAC32 digest, 4.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>UMAC64_DIGEST_SIZE</b><var><a name="index-UMAC64_005fDIGEST_005fSIZE-292"></a></var><br>
+<blockquote><p>The size of an UMAC64 digest, 8.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>UMAC96_DIGEST_SIZE</b><var><a name="index-UMAC96_005fDIGEST_005fSIZE-293"></a></var><br>
+<blockquote><p>The size of an UMAC96 digest, 12.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>UMAC128_DIGEST_SIZE</b><var><a name="index-UMAC128_005fDIGEST_005fSIZE-294"></a></var><br>
+<blockquote><p>The size of an UMAC128 digest, 16.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>UMAC128_DATA_SIZE</b><var><a name="index-UMAC128_005fDATA_005fSIZE-295"></a></var><br>
+<blockquote><p>The internal block size of UMAC.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>umac32_set_key</b> (<var>struct umac32_ctx *ctx, const uint8_t *key</var>)<var><a name="index-umac32_005fset_005fkey-296"></a></var><br>
+— Function: void <b>umac64_set_key</b> (<var>struct umac64_ctx *ctx, const uint8_t *key</var>)<var><a name="index-umac64_005fset_005fkey-297"></a></var><br>
+— Function: void <b>umac96_set_key</b> (<var>struct umac96_ctx *ctx, const uint8_t *key</var>)<var><a name="index-umac96_005fset_005fkey-298"></a></var><br>
+— Function: void <b>umac128_set_key</b> (<var>struct umac128_ctx *ctx, const uint8_t *key</var>)<var><a name="index-umac128_005fset_005fkey-299"></a></var><br>
+<blockquote><p>These functions initialize the <acronym>UMAC</acronym> context struct. They also
+initialize the nonce to zero (with length 16, for auto-increment).
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>umac32_set_nonce</b> (<var>struct umac32_ctx *ctx, unsigned length, const uint8_t *nonce</var>)<var><a name="index-umac32_005fset_005fnonce-300"></a></var><br>
+— Function: void <b>umac64_set_nonce</b> (<var>struct umac64_ctx *ctx, unsigned length, const uint8_t *nonce</var>)<var><a name="index-umac64_005fset_005fnonce-301"></a></var><br>
+— Function: void <b>umac96_set_nonce</b> (<var>struct umac96_ctx *ctx, unsigned length, const uint8_t *nonce</var>)<var><a name="index-umac96_005fset_005fnonce-302"></a></var><br>
+— Function: void <b>umac128_set_nonce</b> (<var>struct umac128_ctx *ctx, unsigned length, const uint8_t *nonce</var>)<var><a name="index-umac128_005fset_005fnonce-303"></a></var><br>
+<blockquote><p>Sets the nonce to be used for the next message. In general, nonces
+should be set before processing of the message. This is not strictly
+required for <acronym>UMAC</acronym> (the nonce only affects the final processing
+generating the digest), but it is nevertheless recommended that this
+function is called <em>before</em> the first <code>_update</code> call for the
+message.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>umac32_update</b> (<var>struct umac32_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-umac32_005fupdate-304"></a></var><br>
+— Function: void <b>umac64_update</b> (<var>struct umac64_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-umac64_005fupdate-305"></a></var><br>
+— Function: void <b>umac96_update</b> (<var>struct umac96_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-umac96_005fupdate-306"></a></var><br>
+— Function: void <b>umac128_update</b> (<var>struct umac128_ctx *ctx, unsigned length, const uint8_t *data</var>)<var><a name="index-umac128_005fupdate-307"></a></var><br>
+<blockquote><p>These functions are called zero or more times to process the message.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>umac32_digest</b> (<var>struct umac32_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-umac32_005fdigest-308"></a></var><br>
+— Function: void <b>umac64_digest</b> (<var>struct umac64_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-umac64_005fdigest-309"></a></var><br>
+— Function: void <b>umac96_digest</b> (<var>struct umac96_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-umac96_005fdigest-310"></a></var><br>
+— Function: void <b>umac128_digest</b> (<var>struct umac128_ctx *ctx, unsigned length, uint8_t *digest</var>)<var><a name="index-umac128_005fdigest-311"></a></var><br>
+<blockquote><p>Extracts the <acronym>MAC</acronym> of the message, writing it to <var>digest</var>.
+<var>length</var> is usually equal to the specified output size, but if you
+provide a smaller value, only the first <var>length</var> octets of the
+<acronym>MAC</acronym> are written. These functions reset the context for
+processing of a new message with the same key. The nonce is incremented
+as described above, the new value is used unless you call the
+<code>_set_nonce</code> function explicitly for each message.
+</p></blockquote></div>
<div class="node">
+<a name="Key-derivation-functions"></a>
+<p><hr>
+Next: <a rel="next" accesskey="n" href="#Public_002dkey-algorithms">Public-key algorithms</a>,
+Previous: <a rel="previous" accesskey="p" href="#Keyed-hash-functions">Keyed hash functions</a>,
+Up: <a rel="up" accesskey="u" href="#Reference">Reference</a>
+
+</div>
+
+<!-- node-name, next, previous, up -->
+<h3 class="section">6.5 Key derivation Functions</h3>
+
+<p><a name="index-Key-Derivation-Function-312"></a><a name="index-Password-Based-Key-Derivation-Function-313"></a><a name="index-PKCS-_00235-314"></a><a name="index-KDF-315"></a><a name="index-PBKDF-316"></a>
+A <dfn>key derivation function</dfn> (<acronym>KDF</acronym>) is a function that from
+a given symmetric key derives other symmetric keys. A sub-class of KDFs
+is the <dfn>password-based key derivation functions</dfn> (<acronym>PBKDFs</acronym>),
+which take as input a password or passphrase, and its purpose is
+typically to strengthen it and protect against certain pre-computation
+attacks by using salting and expensive computation.
+
+<h4 class="subsection">6.5.1 <acronym>PBKDF2</acronym></h4>
+
+<p>The most well known PBKDF is the <code>PKCS #5 PBKDF2</code> described in
+<cite>RFC 2898</cite> which uses a pseudo-random function such as
+<acronym>HMAC-SHA1</acronym>.
+
+ <p>Nettle's <acronym>PBKDF2</acronym> functions are defined in
+<samp><span class="file"><nettle/pbkdf2.h></span></samp>. There is an abstract function that operate on
+any PRF implemented via the <code>nettle_hash_update_func</code>,
+<code>nettle_hash_digest_func</code> interfaces. There is also helper macros
+and concrete functions PBKDF2-HMAC-SHA1 and PBKDF2-HMAC-SHA256. First,
+the abstract function:
+
+<div class="defun">
+— Function: void <b>pbkdf2</b> (<var>void *mac_ctx, nettle_hash_update_func *update, nettle_hash_digest_func *digest, unsigned digest_size, unsigned iterations, unsigned salt_length, const uint8_t *salt, unsigned length, uint8_t *dst</var>)<var><a name="index-pbkdf2-317"></a></var><br>
+<blockquote><p>Derive symmetric key from a password according to PKCS #5 PBKDF2. The
+PRF is assumed to have been initialized and this function will call the
+<var>update</var> and <var>digest</var> functions passing the <var>mac_ctx</var>
+context parameter as an argument in order to compute digest of size
+<var>digest_size</var>. Inputs are the salt <var>salt</var> of length
+<var>salt_length</var>, the iteration counter <var>iterations</var> (> 0), and the
+desired derived output length <var>length</var>. The output buffer is
+<var>dst</var> which must have room for at least <var>length</var> octets.
+</p></blockquote></div>
+
+ <p>Like for CBC and HMAC, there is a macro to help use the function
+correctly.
+
+<div class="defun">
+— Macro: <b>PBKDF2</b> (<var>ctx, update, digest, digest_size, iterations, salt_length, salt, length, dst</var>)<var><a name="index-PBKDF2-318"></a></var><br>
+<blockquote><p><var>ctx</var> is a pointer to a context struct passed to the <var>update</var>
+and <var>digest</var> functions (of the types <code>nettle_hash_update_func</code>
+and <code>nettle_hash_digest_func</code> respectively) to implement the
+underlying PRF with digest size of <var>digest_size</var>. Inputs are the
+salt <var>salt</var> of length <var>salt_length</var>, the iteration counter
+<var>iterations</var> (> 0), and the desired derived output length
+<var>length</var>. The output buffer is <var>dst</var> which must have room for
+at least <var>length</var> octets.
+</p></blockquote></div>
+
+<h4 class="subsection">6.5.2 Concrete <acronym>PBKDF2</acronym> functions</h4>
+
+<p>Now we come to the specialized <acronym>PBKDF2</acronym> functions, which are
+easier to use than the general <acronym>PBKDF2</acronym> function.
+
+<h5 class="subsubsection">6.5.2.1 <acronym>PBKDF2-HMAC-SHA1</acronym></h5>
+
+<div class="defun">
+— Function: void <b>pbkdf2_hmac_sha1</b> (<var>unsigned key_length, const uint8_t *key, unsigned iterations, unsigned salt_length, const uint8_t *salt, unsigned length, uint8_t *dst</var>)<var><a name="index-pbkdf2_005fhmac_005fsha1-319"></a></var><br>
+<blockquote><p>PBKDF2 with HMAC-SHA1. Derive <var>length</var> bytes of key into buffer
+<var>dst</var> using the password <var>key</var> of length <var>key_length</var> and
+salt <var>salt</var> of length <var>salt_length</var>, with iteration counter
+<var>iterations</var> (> 0). The output buffer is <var>dst</var> which must have
+room for at least <var>length</var> octets.
+</p></blockquote></div>
+
+<h5 class="subsubsection">6.5.2.2 <acronym>PBKDF2-HMAC-SHA256</acronym></h5>
+
+<div class="defun">
+— Function: void <b>pbkdf2_hmac_sha256</b> (<var>unsigned key_length, const uint8_t *key, unsigned iterations, unsigned salt_length, const uint8_t *salt, unsigned length, uint8_t *dst</var>)<var><a name="index-pbkdf2_005fhmac_005fsha256-320"></a></var><br>
+<blockquote><p>PBKDF2 with HMAC-SHA256. Derive <var>length</var> bytes of key into buffer
+<var>dst</var> using the password <var>key</var> of length <var>key_length</var> and
+salt <var>salt</var> of length <var>salt_length</var>, with iteration counter
+<var>iterations</var> (> 0). The output buffer is <var>dst</var> which must have
+room for at least <var>length</var> octets.
+</p></blockquote></div>
+
+<div class="node">
+<a name="Public-key-algorithms"></a>
+<a name="Public_002dkey-algorithms"></a>
<p><hr>
-Node: <a name="Public-key%20algorithms">Public-key algorithms</a>,
Next: <a rel="next" accesskey="n" href="#Randomness">Randomness</a>,
-Previous: <a rel="previous" accesskey="p" href="#Keyed%20hash%20functions">Keyed hash functions</a>,
+Previous: <a rel="previous" accesskey="p" href="#Key-derivation-functions">Key derivation functions</a>,
Up: <a rel="up" accesskey="u" href="#Reference">Reference</a>
-<br>
+
</div>
-<h3 class="section">Public-key algorithms</h3>
+<!-- node-name, next, previous, up -->
+<h3 class="section">6.6 Public-key algorithms</h3>
-<p>Nettle uses <small>GMP</small>, the GNU bignum library, for all calculations
+<p>Nettle uses <acronym>GMP</acronym>, the GNU bignum library, for all calculations
with large numbers. In order to use the public-key features of Nettle,
-you must install <small>GMP</small>, at least version 3.0, before compiling
+you must install <acronym>GMP</acronym>, at least version 3.0, before compiling
Nettle, and you need to link your programs with <code>-lhogweed -lnettle
-lgmp</code>.
<p>The concept of <dfn>Public-key</dfn> encryption and digital signatures was
discovered by Whitfield Diffie and Martin E. Hellman and described in a
-paper 1976. In traditional, "symmetric", cryptography, sender and
+paper 1976. In traditional, “symmetric”, cryptography, sender and
receiver share the same keys, and these keys must be distributed in a
secure way. And if there are many users or entities that need to
communicate, each <em>pair</em> needs a shared secret key known by nobody
else.
- <p>Public-key cryptography uses trapdoor one-way functions. A
+ <p><a name="index-Public-Key-Cryptography-321"></a><a name="index-One_002dway-function-322"></a>
+Public-key cryptography uses trapdoor one-way functions. A
<dfn>one-way function</dfn> is a function <code>F</code> such that it is easy to
compute the value <code>F(x)</code> for any <code>x</code>, but given a value
<code>y</code>, it is hard to compute a corresponding <code>x</code> such that
<p>A <dfn>trapdoor one-way function</dfn> is a function <code>F</code> that is
one-way, unless one knows some secret information about <code>F</code>. If one
knows the secret, it is easy to compute both <code>F</code> and it's inverse.
-If this sounds strange, look at the <small>RSA</small> example below.
+If this sounds strange, look at the <acronym>RSA</acronym> example below.
<p>Two important uses for one-way functions with trapdoors are public-key
encryption, and digital signatures. The public-key encryption functions
that is claimed to be a signature on the message, and returns true or
false. If it returns true, that means that the three input values
matched, and the verifier can be sure that someone went through with the
-signature operation on that very message, and that the "someone" also
+signature operation on that very message, and that the “someone” also
knows the private key corresponding to the public key.
<p>The desired properties of a digital signature algorithm are as follows:
any client that connects to the service is given a random nonce message.
If the server gets a reply with a correct signature matching the nonce
message and the configured public key, the client is granted access. So
-the configuration of the server can be understood as "grant access to
+the configuration of the server can be understood as “grant access to
whoever knows the private key corresponding to this particular public
-key, and to no others".
+key, and to no others”.
<ul class="menu">
<li><a accesskey="1" href="#RSA">RSA</a>: The RSA public key algorithm.
<li><a accesskey="2" href="#DSA">DSA</a>: The DSA digital signature algorithm.
+<li><a accesskey="3" href="#Elliptic-curves">Elliptic curves</a>: Elliptic curves and ECDSA
</ul>
<div class="node">
+<a name="RSA"></a>
<p><hr>
-Node: <a name="RSA">RSA</a>,
Next: <a rel="next" accesskey="n" href="#DSA">DSA</a>,
-Previous: <a rel="previous" accesskey="p" href="#Public-key%20algorithms">Public-key algorithms</a>,
-Up: <a rel="up" accesskey="u" href="#Public-key%20algorithms">Public-key algorithms</a>
-<br>
+Previous: <a rel="previous" accesskey="p" href="#Public_002dkey-algorithms">Public-key algorithms</a>,
+Up: <a rel="up" accesskey="u" href="#Public_002dkey-algorithms">Public-key algorithms</a>
+
</div>
-<h3 class="subsection"><small>RSA</small></h4>
+<!-- node-name, next, previous, up -->
+<h4 class="subsection">6.6.1 <acronym>RSA</acronym></h4>
-<p>The <small>RSA</small> algorithm was the first practical digital signature
+<p>The <acronym>RSA</acronym> algorithm was the first practical digital signature
algorithm that was constructed. It was described 1978 in a paper by
Ronald Rivest, Adi Shamir and L.M. Adleman, and the technique was also
-patented in the <small>USA</small> in 1983. The patent expired on September 20, 2000, and since
-that day, <small>RSA</small> can be used freely, even in the <small>USA</small>.
+patented in the <acronym>USA</acronym> in 1983. The patent expired on September 20, 2000, and since
+that day, <acronym>RSA</acronym> can be used freely, even in the <acronym>USA</acronym>.
<p>It's remarkably simple to describe the trapdoor function behind
-<small>RSA</small>. The "one-way"-function used is
+<acronym>RSA</acronym>. The “one-way”-function used is
<pre class="example"> F(x) = x^e mod n
- </pre>
-
- <p>I.e. raise x to the <code>e</code>:th power, while discarding all multiples of
+</pre>
+ <p>I.e. raise x to the <code>e</code>'th power, while discarding all multiples of
<code>n</code>. The pair of numbers <code>n</code> and <code>e</code> is the public key.
<code>e</code> can be quite small, even <code>e = 3</code> has been used, although
slightly larger numbers are recommended. <code>n</code> should be about 1000
bits or larger.
<p>If <code>n</code> is large enough, and properly chosen, the inverse of F,
-the computation of <code>e</code>:th roots modulo <code>n</code>, is very difficult.
+the computation of <code>e</code>'th roots modulo <code>n</code>, is very difficult.
But, where's the trapdoor?
- <p>Let's first look at how <small>RSA</small> key-pairs are generated. First
+ <p>Let's first look at how <acronym>RSA</acronym> key-pairs are generated. First
<code>n</code> is chosen as the product of two large prime numbers <code>p</code>
and <code>q</code> of roughly the same size (so if <code>n</code> is 1000 bits,
<code>p</code> and <code>q</code> are about 500 bits each). One also computes the
<code>e</code> and <code>phi</code> must have no common factors), and that for all x,
<pre class="example"> (x^e)^d mod n = x^(ed) mod n = (x^d)^e mod n = x
- </pre>
-
+</pre>
<p>Using Euclid's algorithm, <code>d</code> can be computed quite easily from
<code>phi</code> and <code>e</code>. But it is still hard to get <code>d</code> without
knowing <code>phi</code>, which depends on the factorization of <code>n</code>.
<p>So <code>d</code> is the trapdoor, if we know <code>d</code> and <code>y = F(x)</code>, we can
recover x as <code>y^d mod n</code>. <code>d</code> is also the private half of
-the <small>RSA</small> key-pair.
+the <acronym>RSA</acronym> key-pair.
- <p>The most common signature operation for <small>RSA</small> is defined in
+ <p>The most common signature operation for <acronym>RSA</acronym> is defined in
<cite>PKCS#1</cite>, a specification by RSA Laboratories. The message to be
signed is first hashed using a cryptographic hash function, e.g.
-<small>MD5</small> or <small>SHA1</small>. Next, some padding, the <small>ASN.1</small>
-"Algorithm Identifier" for the hash function, and the message digest
+<acronym>MD5</acronym> or <acronym>SHA1</acronym>. Next, some padding, the <acronym>ASN.1</acronym>
+“Algorithm Identifier” for the hash function, and the message digest
itself, are concatenated and converted to a number <code>x</code>. The
signature is computed from <code>x</code> and the private key as <code>s = x^d
-mod n</code><a rel="footnote" href="#fn-1"><sup>1</sup></a>. The signature, <code>s</code> is a
+mod n</code><a rel="footnote" href="#fn-1" name="fnd-1"><sup>1</sup></a>. The signature, <code>s</code> is a
number of about the same size of <code>n</code>, and it usually encoded as a
sequence of octets, most significant octet first.
computed, the operation returns true if and only if the result equals
<code>x</code>.
-<h3 class="subsection">Nettle's <small>RSA</small> support</h4>
+<h4 class="subsection">6.6.2 Nettle's <acronym>RSA</acronym> support</h4>
-<p>Nettle represents <small>RSA</small> keys using two structures that contain
+<p>Nettle represents <acronym>RSA</acronym> keys using two structures that contain
large numbers (of type <code>mpz_t</code>).
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>rsa_public_key</b><i> size n e
- </i></td>
-<td align="right">Context struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-<code>size</code> is the size, in octets, of the modulo, and is used internally.
+<div class="defun">
+— Context struct: <b>rsa_public_key</b><var> size n e<a name="index-rsa_005fpublic_005fkey-323"></a></var><br>
+<blockquote><p><code>size</code> is the size, in octets, of the modulo, and is used internally.
<code>n</code> and <code>e</code> is the public key.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>rsa_private_key</b><i> size d p q a b c
- </i></td>
-<td align="right">Context struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-<code>size</code> is the size, in octets, of the modulo, and is used internally.
+</p></blockquote></div>
+
+<div class="defun">
+— Context struct: <b>rsa_private_key</b><var> size d p q a b c<a name="index-rsa_005fprivate_005fkey-324"></a></var><br>
+<blockquote><p><code>size</code> is the size, in octets, of the modulo, and is used internally.
<code>d</code> is the secret exponent, but it is not actually used when
signing. Instead, the factors <code>p</code> and <code>q</code>, and the parameters
<code>a</code>, <code>b</code> and <code>c</code> are used. They are computed from <code>p</code>,
<code>q</code> and <code>e</code> such that <code>a e mod (p - 1) = 1, b e mod (q -
1) = 1, c q mod p = 1</code>.
-</td></tr>
-</table>
+</p></blockquote></div>
<p>Before use, these structs must be initialized by calling one of
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>rsa_public_key_init</b><i> </i>(<i>struct rsa_public_key *</i><var>pub</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-
-<tr>
-<td align="left">void <b>rsa_private_key_init</b><i> </i>(<i>struct rsa_private_key *</i><var>key</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Calls <code>mpz_init</code> on all numbers in the key struct.
-</td></tr>
-</table>
+<div class="defun">
+— Function: void <b>rsa_public_key_init</b> (<var>struct rsa_public_key *pub</var>)<var><a name="index-rsa_005fpublic_005fkey_005finit-325"></a></var><br>
+— Function: void <b>rsa_private_key_init</b> (<var>struct rsa_private_key *key</var>)<var><a name="index-rsa_005fprivate_005fkey_005finit-326"></a></var><br>
+<blockquote><p>Calls <code>mpz_init</code> on all numbers in the key struct.
+</p></blockquote></div>
<p>and when finished with them, the space for the numbers must be
deallocated by calling one of
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>rsa_public_key_clear</b><i> </i>(<i>struct rsa_public_key *</i><var>pub</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-
-<tr>
-<td align="left">void <b>rsa_private_key_clear</b><i> </i>(<i>struct rsa_private_key *</i><var>key</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Calls <code>mpz_clear</code> on all numbers in the key struct.
-</td></tr>
-</table>
-
- <p>In general, Nettle's <small>RSA</small> functions deviates from Nettle's "no
-memory allocation"-policy. Space for all the numbers, both in the key structs
+<div class="defun">
+— Function: void <b>rsa_public_key_clear</b> (<var>struct rsa_public_key *pub</var>)<var><a name="index-rsa_005fpublic_005fkey_005fclear-327"></a></var><br>
+— Function: void <b>rsa_private_key_clear</b> (<var>struct rsa_private_key *key</var>)<var><a name="index-rsa_005fprivate_005fkey_005fclear-328"></a></var><br>
+<blockquote><p>Calls <code>mpz_clear</code> on all numbers in the key struct.
+</p></blockquote></div>
+
+ <p>In general, Nettle's <acronym>RSA</acronym> functions deviates from Nettle's “no
+memory allocation”-policy. Space for all the numbers, both in the key structs
above, and temporaries, are allocated dynamically. For information on how
to customize allocation, see
-See <a href="gmp.html#Custom%20Allocation">GMP Allocation</a>.
+See <a href="gmp.html#Custom-Allocation">GMP Allocation</a>.
<p>When you have assigned values to the attributes of a key, you must call
-<p>
-<table width="100%">
-<tr>
-<td align="left">int <b>rsa_public_key_prepare</b><i> </i>(<i>struct rsa_public_key *</i><var>pub</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-
-<tr>
-<td align="left">int <b>rsa_private_key_prepare</b><i> </i>(<i>struct rsa_private_key *</i><var>key</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Computes the octet size of the key (stored in the <code>size</code> attribute,
+<div class="defun">
+— Function: int <b>rsa_public_key_prepare</b> (<var>struct rsa_public_key *pub</var>)<var><a name="index-rsa_005fpublic_005fkey_005fprepare-329"></a></var><br>
+— Function: int <b>rsa_private_key_prepare</b> (<var>struct rsa_private_key *key</var>)<var><a name="index-rsa_005fprivate_005fkey_005fprepare-330"></a></var><br>
+<blockquote><p>Computes the octet size of the key (stored in the <code>size</code> attribute,
and may also do other basic sanity checks. Returns one if successful, or
zero if the key can't be used, for instance if the modulo is smaller
-than the minimum size needed for <small>RSA</small> operations specified by PKCS#1.
-</td></tr>
-</table>
+than the minimum size needed for <acronym>RSA</acronym> operations specified by PKCS#1.
+</p></blockquote></div>
<p>Before signing or verifying a message, you first hash it with the
appropriate hash function. You pass the hash function's context struct
-to the <small>RSA</small> signature function, and it will extract the message
+to the <acronym>RSA</acronym> signature function, and it will extract the message
digest and do the rest of the work. There are also alternative functions
that take the hash digest as argument.
<p>There is currently no support for using SHA224 or SHA384 with
-<small>RSA</small> signatures, since there's no gain in either computation
+<acronym>RSA</acronym> signatures, since there's no gain in either computation
time nor message size compared to using SHA256 and SHA512, respectively.
<p>Creation and verification of signatures is done with the following functions:
-<p>
-<table width="100%">
-<tr>
-<td align="left">int <b>rsa_md5_sign</b><i> </i>(<i>const struct rsa_private_key *</i><var>key</var><i>, struct md5_ctx *</i><var>hash</var><i>, mpz_t </i><var>signature</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-
-<tr>
-<td align="left">int <b>rsa_sha1_sign</b><i> </i>(<i>const struct rsa_private_key *</i><var>key</var><i>, struct sha1_ctx *</i><var>hash</var><i>, mpz_t </i><var>signature</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-
-<tr>
-<td align="left">int <b>rsa_sha256_sign</b><i> </i>(<i>const struct rsa_private_key *</i><var>key</var><i>, struct sha256_ctx *</i><var>hash</var><i>, mpz_t </i><var>signature</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-
-<tr>
-<td align="left">int <b>rsa_sha512_sign</b><i> </i>(<i>const struct rsa_private_key *</i><var>key</var><i>, struct sha512_ctx *</i><var>hash</var><i>, mpz_t </i><var>signature</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-The signature is stored in <var>signature</var> (which must have been
+<div class="defun">
+— Function: int <b>rsa_md5_sign</b> (<var>const struct rsa_private_key *key, struct md5_ctx *hash, mpz_t signature</var>)<var><a name="index-rsa_005fmd5_005fsign-331"></a></var><br>
+— Function: int <b>rsa_sha1_sign</b> (<var>const struct rsa_private_key *key, struct sha1_ctx *hash, mpz_t signature</var>)<var><a name="index-rsa_005fsha1_005fsign-332"></a></var><br>
+— Function: int <b>rsa_sha256_sign</b> (<var>const struct rsa_private_key *key, struct sha256_ctx *hash, mpz_t signature</var>)<var><a name="index-rsa_005fsha256_005fsign-333"></a></var><br>
+— Function: int <b>rsa_sha512_sign</b> (<var>const struct rsa_private_key *key, struct sha512_ctx *hash, mpz_t signature</var>)<var><a name="index-rsa_005fsha512_005fsign-334"></a></var><br>
+<blockquote><p>The signature is stored in <var>signature</var> (which must have been
<code>mpz_init</code>'ed earlier). The hash context is reset so that it can be
used for new messages. Returns one on success, or zero on failure.
Signing fails if the key is too small for the given hash size, e.g.,
it's not possible to create a signature using SHA512 and a 512-bit
-<small>RSA</small> key.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">int <b>rsa_md5_sign_digest</b><i> </i>(<i>const struct rsa_private_key *</i><var>key</var><i>, const uint8_t *</i><var>digest</var><i>, mpz_t </i><var>signature</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-
-<tr>
-<td align="left">int <b>rsa_sha1_sign_digest</b><i> </i>(<i>const struct rsa_private_key *</i><var>key</var><i>, const uint8_t *</i><var>digest</var><i>, mpz_t </i><var>signature</var><i></i>)<i>;
- </i></td>
-<td align="right">Function</td>
-</tr>
-
-<tr>
-<td align="left">int <b>rsa_sha256_sign_digest</b><i> </i>(<i>const struct rsa_private_key *</i><var>key</var><i>, const uint8_t *</i><var>digest</var><i>, mpz_t </i><var>signature</var><i></i>)<i>;
- </i></td>
-<td align="right">Function</td>
-</tr>
-
-<tr>
-<td align="left">int <b>rsa_sha512_sign_digest</b><i> </i>(<i>const struct rsa_private_key *</i><var>key</var><i>, const uint8_t *</i><var>digest</var><i>, mpz_t </i><var>signature</var><i></i>)<i>;
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Creates a signature from the given hash digest. <var>digest</var> should
+<acronym>RSA</acronym> key.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: int <b>rsa_md5_sign_digest</b> (<var>const struct rsa_private_key *key, const uint8_t *digest, mpz_t signature</var>)<var><a name="index-rsa_005fmd5_005fsign_005fdigest-335"></a></var><br>
+— Function: int <b>rsa_sha1_sign_digest</b> (<var>const struct rsa_private_key *key, const uint8_t *digest, mpz_t signature</var>)<var>;<a name="index-rsa_005fsha1_005fsign_005fdigest-336"></a></var><br>
+— Function: int <b>rsa_sha256_sign_digest</b> (<var>const struct rsa_private_key *key, const uint8_t *digest, mpz_t signature</var>)<var>;<a name="index-rsa_005fsha256_005fsign_005fdigest-337"></a></var><br>
+— Function: int <b>rsa_sha512_sign_digest</b> (<var>const struct rsa_private_key *key, const uint8_t *digest, mpz_t signature</var>)<var>;<a name="index-rsa_005fsha512_005fsign_005fdigest-338"></a></var><br>
+<blockquote><p>Creates a signature from the given hash digest. <var>digest</var> should
point to a digest of size <code>MD5_DIGEST_SIZE</code>,
<code>SHA1_DIGEST_SIZE</code>, or <code>SHA256_DIGEST_SIZE</code>, respectively. The
signature is stored in <var>signature</var> (which must have been
<code>mpz_init</code>:ed earlier). Returns one on success, or zero on failure.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">int <b>rsa_md5_verify</b><i> </i>(<i>const struct rsa_public_key *</i><var>key</var><i>, struct md5_ctx *</i><var>hash</var><i>, const mpz_t </i><var>signature</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-
-<tr>
-<td align="left">int <b>rsa_sha1_verify</b><i> </i>(<i>const struct rsa_public_key *</i><var>key</var><i>, struct sha1_ctx *</i><var>hash</var><i>, const mpz_t </i><var>signature</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-
-<tr>
-<td align="left">int <b>rsa_sha256_verify</b><i> </i>(<i>const struct rsa_public_key *</i><var>key</var><i>, struct sha256_ctx *</i><var>hash</var><i>, const mpz_t </i><var>signature</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-
-<tr>
-<td align="left">int <b>rsa_sha512_verify</b><i> </i>(<i>const struct rsa_public_key *</i><var>key</var><i>, struct sha512_ctx *</i><var>hash</var><i>, const mpz_t </i><var>signature</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Returns 1 if the signature is valid, or 0 if it isn't. In either case,
+</p></blockquote></div>
+
+<div class="defun">
+— Function: int <b>rsa_md5_verify</b> (<var>const struct rsa_public_key *key, struct md5_ctx *hash, const mpz_t signature</var>)<var><a name="index-rsa_005fmd5_005fverify-339"></a></var><br>
+— Function: int <b>rsa_sha1_verify</b> (<var>const struct rsa_public_key *key, struct sha1_ctx *hash, const mpz_t signature</var>)<var><a name="index-rsa_005fsha1_005fverify-340"></a></var><br>
+— Function: int <b>rsa_sha256_verify</b> (<var>const struct rsa_public_key *key, struct sha256_ctx *hash, const mpz_t signature</var>)<var><a name="index-rsa_005fsha256_005fverify-341"></a></var><br>
+— Function: int <b>rsa_sha512_verify</b> (<var>const struct rsa_public_key *key, struct sha512_ctx *hash, const mpz_t signature</var>)<var><a name="index-rsa_005fsha512_005fverify-342"></a></var><br>
+<blockquote><p>Returns 1 if the signature is valid, or 0 if it isn't. In either case,
the hash context is reset so that it can be used for new messages.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">int <b>rsa_md5_verify_digest</b><i> </i>(<i>const struct rsa_public_key *</i><var>key</var><i>, const uint8_t *</i><var>digest</var><i>, const mpz_t </i><var>signature</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-
-<tr>
-<td align="left">int <b>rsa_sha1_verify_digest</b><i> </i>(<i>const struct rsa_public_key *</i><var>key</var><i>, const uint8_t *</i><var>digest</var><i>, const mpz_t </i><var>signature</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-
-<tr>
-<td align="left">int <b>rsa_sha256_verify_digest</b><i> </i>(<i>const struct rsa_public_key *</i><var>key</var><i>, const uint8_t *</i><var>digest</var><i>, const mpz_t </i><var>signature</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-
-<tr>
-<td align="left">int <b>rsa_sha512_verify_digest</b><i> </i>(<i>const struct rsa_public_key *</i><var>key</var><i>, const uint8_t *</i><var>digest</var><i>, const mpz_t </i><var>signature</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Returns 1 if the signature is valid, or 0 if it isn't. <var>digest</var> should
+</p></blockquote></div>
+
+<div class="defun">
+— Function: int <b>rsa_md5_verify_digest</b> (<var>const struct rsa_public_key *key, const uint8_t *digest, const mpz_t signature</var>)<var><a name="index-rsa_005fmd5_005fverify_005fdigest-343"></a></var><br>
+— Function: int <b>rsa_sha1_verify_digest</b> (<var>const struct rsa_public_key *key, const uint8_t *digest, const mpz_t signature</var>)<var><a name="index-rsa_005fsha1_005fverify_005fdigest-344"></a></var><br>
+— Function: int <b>rsa_sha256_verify_digest</b> (<var>const struct rsa_public_key *key, const uint8_t *digest, const mpz_t signature</var>)<var><a name="index-rsa_005fsha256_005fverify_005fdigest-345"></a></var><br>
+— Function: int <b>rsa_sha512_verify_digest</b> (<var>const struct rsa_public_key *key, const uint8_t *digest, const mpz_t signature</var>)<var><a name="index-rsa_005fsha512_005fverify_005fdigest-346"></a></var><br>
+<blockquote><p>Returns 1 if the signature is valid, or 0 if it isn't. <var>digest</var> should
point to a digest of size <code>MD5_DIGEST_SIZE</code>,
<code>SHA1_DIGEST_SIZE</code>, or <code>SHA256_DIGEST_SIZE</code>, respectively.
-</td></tr>
-</table>
+</p></blockquote></div>
- <p>If you need to use the <small>RSA</small> trapdoor, the private key, in a way
+ <p>If you need to use the <acronym>RSA</acronym> trapdoor, the private key, in a way
that isn't supported by the above functions Nettle also includes a
function that computes <code>x^d mod n</code> and nothing more, using the
-<small>CRT</small> optimization.
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>rsa_compute_root</b><i> </i>(<i>struct rsa_private_key *</i><var>key</var><i>, mpz_t </i><var>x</var><i>, const mpz_t </i><var>m</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Computes <code>x = m^d</code>, efficiently.
-</td></tr>
-</table>
+<acronym>CRT</acronym> optimization.
+
+<div class="defun">
+— Function: void <b>rsa_compute_root</b> (<var>struct rsa_private_key *key, mpz_t x, const mpz_t m</var>)<var><a name="index-rsa_005fcompute_005froot-347"></a></var><br>
+<blockquote><p>Computes <code>x = m^d</code>, efficiently.
+</p></blockquote></div>
<p>At last, how do you create new keys?
-<p>
-<table width="100%">
-<tr>
-<td align="left">int <b>rsa_generate_keypair</b><i> </i>(<i>struct rsa_public_key *</i><var>pub</var><i>, struct rsa_private_key *</i><var>key</var><i>, void *</i><var>random_ctx</var><i>, nettle_random_func </i><var>random</var><i>, void *</i><var>progress_ctx</var><i>, nettle_progress_func </i><var>progress</var><i>, unsigned </i><var>n_size</var><i>, unsigned </i><var>e_size</var><i></i>)<i>;
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-There are lots of parameters. <var>pub</var> and <var>key</var> is where the
+<div class="defun">
+— Function: int <b>rsa_generate_keypair</b> (<var>struct rsa_public_key *pub, struct rsa_private_key *key, void *random_ctx, nettle_random_func random, void *progress_ctx, nettle_progress_func progress, unsigned n_size, unsigned e_size</var>)<var>;<a name="index-rsa_005fgenerate_005fkeypair-348"></a></var><br>
+<blockquote><p>There are lots of parameters. <var>pub</var> and <var>key</var> is where the
resulting key pair is stored. The structs should be initialized, but you
don't need to call <code>rsa_public_key_prepare</code> or
<code>rsa_private_key_prepare</code> after key generation.
- <p><var>random_ctx</var> and <var>random</var> is a randomness generator.
+
<p><var>random_ctx</var> and <var>random</var> is a randomness generator.
<code>random(random_ctx, length, dst)</code> should generate <code>length</code>
random octets and store them at <code>dst</code>. For advice, see
See <a href="#Randomness">Randomness</a>.
- <p><var>progress</var> and <var>progress_ctx</var> can be used to get callbacks
+
<p><var>progress</var> and <var>progress_ctx</var> can be used to get callbacks
during the key generation process, in order to uphold an illusion of
progress. <var>progress</var> can be NULL, in that case there are no
callbacks.
- <p><var>size_n</var> is the desired size of the modulo, in bits. If <var>size_e</var>
+
<p><var>size_n</var> is the desired size of the modulo, in bits. If <var>size_e</var>
is non-zero, it is the desired size of the public exponent and a random
exponent of that size is selected. But if <var>e_size</var> is zero, it is
assumed that the caller has already chosen a value for <code>e</code>, and
Returns one on success, and zero on failure. The function can fail for
example if if <var>n_size</var> is too small, or if <var>e_size</var> is zero and
<code>pub->e</code> is an even number.
-</td></tr>
-</table>
+</p></blockquote></div>
<div class="node">
+<a name="DSA"></a>
<p><hr>
-Node: <a name="DSA">DSA</a>,
+Next: <a rel="next" accesskey="n" href="#Elliptic-curves">Elliptic curves</a>,
Previous: <a rel="previous" accesskey="p" href="#RSA">RSA</a>,
-Up: <a rel="up" accesskey="u" href="#Public-key%20algorithms">Public-key algorithms</a>
-<br>
+Up: <a rel="up" accesskey="u" href="#Public_002dkey-algorithms">Public-key algorithms</a>
+
</div>
-<h3 class="subsection">Nettle's <small>DSA</small> support</h4>
+<!-- node-name, next, previous, up -->
+<h4 class="subsection">6.6.3 <acronym>DSA</acronym></h4>
-<p>The <small>DSA</small> digital signature algorithm is more complex than
-<small>RSA</small>. It was specified during the early 1990s, and in 1994 NIST
-published <small>FIPS</small> 186 which is the authoritative specification.
-Sometimes <small>DSA</small> is referred to using the acronym <small>DSS</small>,
+<p>The <acronym>DSA</acronym> digital signature algorithm is more complex than
+<acronym>RSA</acronym>. It was specified during the early 1990s, and in 1994 NIST
+published <acronym>FIPS</acronym> 186 which is the authoritative specification.
+Sometimes <acronym>DSA</acronym> is referred to using the acronym <acronym>DSS</acronym>,
for Digital Signature Standard. The most recent revision of the
-specification, FIPS186-3, was issueed in 2009, and it adds support for
-larger hash functions than <small>sha1</small>.
+specification, FIPS186-3, was issued in 2009, and it adds support for
+larger hash functions than <acronym>sha1</acronym>.
- <p>For <small>DSA</small>, the underlying mathematical problem is the
-computation of discreet logarithms. The public key consists of a large
+ <p>For <acronym>DSA</acronym>, the underlying mathematical problem is the
+computation of discrete logarithms. The public key consists of a large
prime <code>p</code>, a small prime <code>q</code> which is a factor of <code>p-1</code>,
a number <code>g</code> which generates a subgroup of order <code>q</code> modulo
<code>p</code>, and an element <code>y</code> in that subgroup.
- <p>In the original <small>DSA</small>, the size of <code>q</code> is fixed to 160
-bits, to match with the <small>SHA1</small> hash algorithm. The size of
+ <p>In the original <acronym>DSA</acronym>, the size of <code>q</code> is fixed to 160
+bits, to match with the <acronym>SHA1</acronym> hash algorithm. The size of
<code>p</code> is in principle unlimited, but the
standard specifies only nine specific sizes: <code>512 + l*64</code>, where
<code>l</code> is between 0 and 8. Thus, the maximum size of <code>p</code> is 1024
<p>The subgroup requirement means that if you compute
<pre class="example"> g^t mod p
- </pre>
-
+</pre>
<p>for all possible integers <code>t</code>, you will get precisely <code>q</code>
distinct values.
<p>The private key is a secret exponent <code>x</code>, such that
<pre class="example"> g^x = y mod p
- </pre>
-
+</pre>
<p>In mathematical speak, <code>x</code> is the <dfn>discrete logarithm</dfn> of
<code>y</code> mod <code>p</code>, with respect to the generator <code>g</code>. The size
of <code>x</code> will also be about the same size as <code>q</code>. The security of the
-<small>DSA</small> algorithm relies on the difficulty of the discrete
+<acronym>DSA</acronym> algorithm relies on the difficulty of the discrete
logarithm problem. Current algorithms to compute discrete logarithms in
-this setting, and hence crack <small>DSA</small>, are of two types. The first
+this setting, and hence crack <acronym>DSA</acronym>, are of two types. The first
type works directly in the (multiplicative) group of integers mod
<code>p</code>. The best known algorithm of this type is the Number Field
Sieve, and it's complexity is similar to the complexity of factoring
complexity <code>sqrt(q)</code>.
<p>The important point is that security depends on the size of <em>both</em>
-<code>p</code> and <code>q</code>, and they should be choosen so that the difficulty
+<code>p</code> and <code>q</code>, and they should be chosen so that the difficulty
of both discrete logarithm methods are comparable. Today, the security
-margin of the original <small>DSA</small> may be uncomfortably small. Using a
+margin of the original <acronym>DSA</acronym> may be uncomfortably small. Using a
<code>p</code> of 1024 bits implies that cracking using the number field sieve
is expected to take about the same time as factoring a 1024-bit
-<small>RSA</small> modulo, and using a <code>q</code> of size 160 bits implies
+<acronym>RSA</acronym> modulo, and using a <code>q</code> of size 160 bits implies
that cracking using Pollard-rho will take roughly <code>2^80</code> group
-operations. With the size of <code>q</code> fixed, tied to the <small>SHA1</small>
+operations. With the size of <code>q</code> fixed, tied to the <acronym>SHA1</acronym>
digest size, it may be tempting to increase the size of <code>p</code> to,
say, 4096 bits. This will provide excellent resistance against attacks
like the number field sieve which works in the large group. But it will
choose the latter attack.
<p>The signature generation algorithm is randomized; in order to create a
-<small>DSA</small> signature, you need a good source for random numbers
+<acronym>DSA</acronym> signature, you need a good source for random numbers
(see <a href="#Randomness">Randomness</a>). Let us describe the common case of a 160-bit
<code>q</code>.
<pre class="example"> r = (g^k mod p) mod q
s = k^-1 (h + x r) mod q
- </pre>
-
+</pre>
<p>The signature is the pair <code>(r, s)</code>, two 160 bit numbers. Note the
two different mod operations when computing <code>r</code>, and the use of the
secret exponent <code>x</code>.
<pre class="example"> w = s^-1 mod q
v = (g^(w h) y^(w r) mod p) mod q
- </pre>
-
+</pre>
<p>The signature is valid if <code>v = r</code>. This works out because <code>w =
s^-1 mod q = k (h + x r)^-1 mod q</code>, so that
<pre class="example"> g^(w h) y^(w r) = g^(w h) (g^x)^(w r) = g^(w (h + x r)) = g^k
- </pre>
-
+</pre>
<p>When reducing mod <code>q</code> this yields <code>r</code>. Note that when
verifying a signature, we don't know either <code>k</code> or <code>x</code>: those
numbers are secret.
- <p>If you can choose between <small>RSA</small> and <small>DSA</small>, which one is
-best? Both are believed to be secure. <small>DSA</small> gained popularity in
-the late 1990s, as a patent free alternative to <small>RSA</small>. Now that
-the <small>RSA</small> patents have expired, there's no compelling reason to
-want to use <small>DSA</small>. Today, the original <small>DSA</small> key size
+ <p>If you can choose between <acronym>RSA</acronym> and <acronym>DSA</acronym>, which one is
+best? Both are believed to be secure. <acronym>DSA</acronym> gained popularity in
+the late 1990s, as a patent free alternative to <acronym>RSA</acronym>. Now that
+the <acronym>RSA</acronym> patents have expired, there's no compelling reason to
+want to use <acronym>DSA</acronym>. Today, the original <acronym>DSA</acronym> key size
does not provide a large security margin, and it should probably be
-phased out together with <small>RSA</small> keys of 1024 bits. Using the
-revised <small>DSA</small> algorithm with a larger hash function, in
-particular, <small>SHA256</small>, a 256-bit <code>q</code>, and <code>p</code> of size
+phased out together with <acronym>RSA</acronym> keys of 1024 bits. Using the
+revised <acronym>DSA</acronym> algorithm with a larger hash function, in
+particular, <acronym>SHA256</acronym>, a 256-bit <code>q</code>, and <code>p</code> of size
2048 bits or more, should provide for a more comfortable security
margin, but these variants are not yet in wide use.
- <p><small>DSA</small> signatures are smaller than <small>RSA</small> signatures,
+ <p><acronym>DSA</acronym> signatures are smaller than <acronym>RSA</acronym> signatures,
which is important for some specialized applications.
- <p>From a practical point of view, <small>DSA</small>'s need for a good
+ <p>From a practical point of view, <acronym>DSA</acronym>'s need for a good
randomness source is a serious disadvantage. If you ever use the same
<code>k</code> (and <code>r</code>) for two different message, you leak your private
key.
-<h3 class="subsection">Nettle's <small>DSA</small> support</h4>
+<h4 class="subsection">6.6.4 Nettle's <acronym>DSA</acronym> support</h4>
-<p>Like for <small>RSA</small>, Nettle represents <small>DSA</small> keys using two
+<p>Like for <acronym>RSA</acronym>, Nettle represents <acronym>DSA</acronym> keys using two
structures, containing values of type <code>mpz_t</code>. For information on
-how to customize allocation, see See <a href="gmp.html#Custom%20Allocation">GMP Allocation</a>.
+how to customize allocation, see See <a href="gmp.html#Custom-Allocation">GMP Allocation</a>.
- <p>Most of the <small>DSA</small> functions are very similar to the
-corresponding <small>RSA</small> functions, but there are a few differences
+ <p>Most of the <acronym>DSA</acronym> functions are very similar to the
+corresponding <acronym>RSA</acronym> functions, but there are a few differences
pointed out below. For a start, there are no functions corresponding to
<code>rsa_public_key_prepare</code> and <code>rsa_private_key_prepare</code>.
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>dsa_public_key</b><i> p q g y
- </i></td>
-<td align="right">Context struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-The public parameters described above.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>dsa_private_key</b><i> x
- </i></td>
-<td align="right">Context struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-The private key <code>x</code>.
-</td></tr>
-</table>
+<div class="defun">
+— Context struct: <b>dsa_public_key</b><var> p q g y<a name="index-dsa_005fpublic_005fkey-349"></a></var><br>
+<blockquote><p>The public parameters described above.
+</p></blockquote></div>
+
+<div class="defun">
+— Context struct: <b>dsa_private_key</b><var> x<a name="index-dsa_005fprivate_005fkey-350"></a></var><br>
+<blockquote><p>The private key <code>x</code>.
+</p></blockquote></div>
<p>Before use, these structs must be initialized by calling one of
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>dsa_public_key_init</b><i> </i>(<i>struct dsa_public_key *</i><var>pub</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-
-<tr>
-<td align="left">void <b>dsa_private_key_init</b><i> </i>(<i>struct dsa_private_key *</i><var>key</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Calls <code>mpz_init</code> on all numbers in the key struct.
-</td></tr>
-</table>
+<div class="defun">
+— Function: void <b>dsa_public_key_init</b> (<var>struct dsa_public_key *pub</var>)<var><a name="index-dsa_005fpublic_005fkey_005finit-351"></a></var><br>
+— Function: void <b>dsa_private_key_init</b> (<var>struct dsa_private_key *key</var>)<var><a name="index-dsa_005fprivate_005fkey_005finit-352"></a></var><br>
+<blockquote><p>Calls <code>mpz_init</code> on all numbers in the key struct.
+</p></blockquote></div>
<p>When finished with them, the space for the numbers must be
deallocated by calling one of
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>dsa_public_key_clear</b><i> </i>(<i>struct dsa_public_key *</i><var>pub</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-
-<tr>
-<td align="left">void <b>dsa_private_key_clear</b><i> </i>(<i>struct dsa_private_key *</i><var>key</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Calls <code>mpz_clear</code> on all numbers in the key struct.
-</td></tr>
-</table>
+<div class="defun">
+— Function: void <b>dsa_public_key_clear</b> (<var>struct dsa_public_key *pub</var>)<var><a name="index-dsa_005fpublic_005fkey_005fclear-353"></a></var><br>
+— Function: void <b>dsa_private_key_clear</b> (<var>struct dsa_private_key *key</var>)<var><a name="index-dsa_005fprivate_005fkey_005fclear-354"></a></var><br>
+<blockquote><p>Calls <code>mpz_clear</code> on all numbers in the key struct.
+</p></blockquote></div>
<p>Signatures are represented using the structure below, and need to be
initialized and cleared in the same way as the key structs.
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>dsa_signature</b><i> r s
- </i></td>
-<td align="right">Context struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>dsa_signature_init</b><i> </i>(<i>struct dsa_signature *</i><var>signature</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-
-<tr>
-<td align="left">void <b>dsa_signature_clear</b><i> </i>(<i>struct dsa_signature *</i><var>signature</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-You must call <code>dsa_signature_init</code> before creating or using a
+<div class="defun">
+— Context struct: <b>dsa_signature</b><var> r s<a name="index-dsa_005fsignature-355"></a></var><br>
+ </div>
+
+<div class="defun">
+— Function: void <b>dsa_signature_init</b> (<var>struct dsa_signature *signature</var>)<var><a name="index-dsa_005fsignature_005finit-356"></a></var><br>
+— Function: void <b>dsa_signature_clear</b> (<var>struct dsa_signature *signature</var>)<var><a name="index-dsa_005fsignature_005fclear-357"></a></var><br>
+<blockquote><p>You must call <code>dsa_signature_init</code> before creating or using a
signature, and call <code>dsa_signature_clear</code> when you are finished
with it.
-</td></tr>
-</table>
+</p></blockquote></div>
<p>For signing, you need to provide both the public and the private key
-(unlike <small>RSA</small>, where the private key struct includes all
+(unlike <acronym>RSA</acronym>, where the private key struct includes all
information needed for signing), and a source for random numbers.
-Signatures can use the <small>SHA1</small> or the <small>SHA256</small> hash
-function, although the implementation of <small>DSA</small> with
-<small>SHA256</small> should be considered somewhat experimental due to lack
+Signatures can use the <acronym>SHA1</acronym> or the <acronym>SHA256</acronym> hash
+function, although the implementation of <acronym>DSA</acronym> with
+<acronym>SHA256</acronym> should be considered somewhat experimental due to lack
of official test vectors and interoperability testing.
-<p>
-<table width="100%">
-<tr>
-<td align="left">int <b>dsa_sha1_sign</b><i> </i>(<i>const struct dsa_public_key *</i><var>pub</var><i>, const struct dsa_private_key *</i><var>key</var><i>, void *</i><var>random_ctx</var><i>, nettle_random_func </i><var>random</var><i>, struct sha1_ctx *</i><var>hash</var><i>, struct dsa_signature *</i><var>signature</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-
-<tr>
-<td align="left">int <b>dsa_sha1_sign_digest</b><i> </i>(<i>const struct dsa_public_key *</i><var>pub</var><i>, const struct dsa_private_key *</i><var>key</var><i>, void *</i><var>random_ctx</var><i>, nettle_random_func </i><var>random</var><i>, const uint8_t *</i><var>digest</var><i>, struct dsa_signature *</i><var>signature</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-
-<tr>
-<td align="left">int <b>dsa_sha256_sign</b><i> </i>(<i>const struct dsa_public_key *</i><var>pub</var><i>, const struct dsa_private_key *</i><var>key</var><i>, void *</i><var>random_ctx</var><i>, nettle_random_func </i><var>random</var><i>, struct sha256_ctx *</i><var>hash</var><i>, struct dsa_signature *</i><var>signature</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-
-<tr>
-<td align="left">int <b>dsa_sha256_sign_digest</b><i> </i>(<i>const struct dsa_public_key *</i><var>pub</var><i>, const struct dsa_private_key *</i><var>key</var><i>, void *</i><var>random_ctx</var><i>, nettle_random_func </i><var>random</var><i>, const uint8_t *</i><var>digest</var><i>, struct dsa_signature *</i><var>signature</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Creates a signature from the given hash context or digest.
+<div class="defun">
+— Function: int <b>dsa_sha1_sign</b> (<var>const struct dsa_public_key *pub, const struct dsa_private_key *key, void *random_ctx, nettle_random_func random, struct sha1_ctx *hash, struct dsa_signature *signature</var>)<var><a name="index-dsa_005fsha1_005fsign-358"></a></var><br>
+— Function: int <b>dsa_sha1_sign_digest</b> (<var>const struct dsa_public_key *pub, const struct dsa_private_key *key, void *random_ctx, nettle_random_func random, const uint8_t *digest, struct dsa_signature *signature</var>)<var><a name="index-dsa_005fsha1_005fsign_005fdigest-359"></a></var><br>
+— Function: int <b>dsa_sha256_sign</b> (<var>const struct dsa_public_key *pub, const struct dsa_private_key *key, void *random_ctx, nettle_random_func random, struct sha256_ctx *hash, struct dsa_signature *signature</var>)<var><a name="index-dsa_005fsha256_005fsign-360"></a></var><br>
+— Function: int <b>dsa_sha256_sign_digest</b> (<var>const struct dsa_public_key *pub, const struct dsa_private_key *key, void *random_ctx, nettle_random_func random, const uint8_t *digest, struct dsa_signature *signature</var>)<var><a name="index-dsa_005fsha256_005fsign_005fdigest-361"></a></var><br>
+<blockquote><p>Creates a signature from the given hash context or digest.
<var>random_ctx</var> and <var>random</var> is a randomness generator.
<code>random(random_ctx, length, dst)</code> should generate <code>length</code>
random octets and store them at <code>dst</code>. For advice, see
See <a href="#Randomness">Randomness</a>. Returns one on success, or zero on failure.
Signing fails if the key size and the hash size don't match.
-</td></tr>
-</table>
+</p></blockquote></div>
<p>Verifying signatures is a little easier, since no randomness generator is
needed. The functions are
-<p>
-<table width="100%">
-<tr>
-<td align="left">int <b>dsa_sha1_verify</b><i> </i>(<i>const struct dsa_public_key *</i><var>key</var><i>, struct sha1_ctx *</i><var>hash</var><i>, const struct dsa_signature *</i><var>signature</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-
-<tr>
-<td align="left">int <b>dsa_sha1_verify_digest</b><i> </i>(<i>const struct dsa_public_key *</i><var>key</var><i>, const uint8_t *</i><var>digest</var><i>, const struct dsa_signature *</i><var>signature</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-
-<tr>
-<td align="left">int <b>dsa_sha256_verify</b><i> </i>(<i>const struct dsa_public_key *</i><var>key</var><i>, struct sha256_ctx *</i><var>hash</var><i>, const struct dsa_signature *</i><var>signature</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-
-<tr>
-<td align="left">int <b>dsa_sha256_verify_digest</b><i> </i>(<i>const struct dsa_public_key *</i><var>key</var><i>, const uint8_t *</i><var>digest</var><i>, const struct dsa_signature *</i><var>signature</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Verifies a signature. Returns 1 if the signature is valid, otherwise 0.
-</td></tr>
-</table>
+<div class="defun">
+— Function: int <b>dsa_sha1_verify</b> (<var>const struct dsa_public_key *key, struct sha1_ctx *hash, const struct dsa_signature *signature</var>)<var><a name="index-dsa_005fsha1_005fverify-362"></a></var><br>
+— Function: int <b>dsa_sha1_verify_digest</b> (<var>const struct dsa_public_key *key, const uint8_t *digest, const struct dsa_signature *signature</var>)<var><a name="index-dsa_005fsha1_005fverify_005fdigest-363"></a></var><br>
+— Function: int <b>dsa_sha256_verify</b> (<var>const struct dsa_public_key *key, struct sha256_ctx *hash, const struct dsa_signature *signature</var>)<var><a name="index-dsa_005fsha256_005fverify-364"></a></var><br>
+— Function: int <b>dsa_sha256_verify_digest</b> (<var>const struct dsa_public_key *key, const uint8_t *digest, const struct dsa_signature *signature</var>)<var><a name="index-dsa_005fsha256_005fverify_005fdigest-365"></a></var><br>
+<blockquote><p>Verifies a signature. Returns 1 if the signature is valid, otherwise 0.
+</p></blockquote></div>
<p>Key generation uses mostly the same parameters as the corresponding
-<small>RSA</small> function.
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">int <b>dsa_generate_keypair</b><i> </i>(<i>struct dsa_public_key *</i><var>pub</var><i>, struct dsa_private_key *</i><var>key</var><i>, void *</i><var>random_ctx</var><i>, nettle_random_func </i><var>random</var><i>, void *</i><var>progress_ctx</var><i>, nettle_progress_func </i><var>progress</var><i>, unsigned </i><var>p_bits</var><i>, unsigned </i><var>q_bits</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-<var>pub</var> and <var>key</var> is where the resulting key pair is stored. The
+<acronym>RSA</acronym> function.
+
+<div class="defun">
+— Function: int <b>dsa_generate_keypair</b> (<var>struct dsa_public_key *pub, struct dsa_private_key *key, void *random_ctx, nettle_random_func random, void *progress_ctx, nettle_progress_func progress, unsigned p_bits, unsigned q_bits</var>)<var><a name="index-dsa_005fgenerate_005fkeypair-366"></a></var><br>
+<blockquote><p><var>pub</var> and <var>key</var> is where the resulting key pair is stored. The
structs should be initialized before you call this function.
- <p><var>random_ctx</var> and <var>random</var> is a randomness generator.
+
<p><var>random_ctx</var> and <var>random</var> is a randomness generator.
<code>random(random_ctx, length, dst)</code> should generate <code>length</code>
random octets and store them at <code>dst</code>. For advice, see
See <a href="#Randomness">Randomness</a>.
- <p><var>progress</var> and <var>progress_ctx</var> can be used to get callbacks
+
<p><var>progress</var> and <var>progress_ctx</var> can be used to get callbacks
during the key generation process, in order to uphold an illusion of
progress. <var>progress</var> can be NULL, in that case there are no
callbacks.
- <p><var>p_bits</var> and <var>q_bits</var> are the desired sizes of <code>p</code> and
-<code>q</code>. To generate keys that conform to the original <small>DSA</small>
+
<p><var>p_bits</var> and <var>q_bits</var> are the desired sizes of <code>p</code> and
+<code>q</code>. To generate keys that conform to the original <acronym>DSA</acronym>
standard, you must use <code>q_bits = 160</code> and select <var>p_bits</var> of
the form <code>p_bits = 512 + l*64</code>, for <code>0 <= l <= 8</code>, where the
smaller sizes are no longer recommended, so you should most likely stick
to <code>p_bits = 1024</code>. Non-standard sizes are possible, in particular
-<code>p_bits</code> larger than 1024, although <small>DSA</small> implementations
+<code>p_bits</code> larger than 1024, although <acronym>DSA</acronym> implementations
can not in general be expected to support such keys. Also note that
using very large <var>p_bits</var>, with <var>q_bits</var> fixed at 160, doesn't
make much sense, because the security is also limited by the size of the
-smaller prime. Using a larger <code>q_bits</code> requires switchign to a
-larger hash function. To generate <small>DSA</small> keys for use with
-<small>SHA256</small>, use <code>q_bits = 256</code> and, e.g., <code>p_bits =
+smaller prime. Using a larger <code>q_bits</code> requires switching to a
+larger hash function. To generate <acronym>DSA</acronym> keys for use with
+<acronym>SHA256</acronym>, use <code>q_bits = 256</code> and, e.g., <code>p_bits =
2048</code>.
- <p>Returns one on success, and zero on failure. The function will fail if
+
<p>Returns one on success, and zero on failure. The function will fail if
<var>q_bits</var> is neither 160 nor 256, or if <var>p_bits</var> is unreasonably
small.
-</td></tr>
-</table>
+</p></blockquote></div>
<div class="node">
+<a name="Elliptic-curves"></a>
<p><hr>
-Node: <a name="Randomness">Randomness</a>,
-Next: <a rel="next" accesskey="n" href="#Miscellaneous%20functions">Miscellaneous functions</a>,
-Previous: <a rel="previous" accesskey="p" href="#Public-key%20algorithms">Public-key algorithms</a>,
+Previous: <a rel="previous" accesskey="p" href="#DSA">DSA</a>,
+Up: <a rel="up" accesskey="u" href="#Public_002dkey-algorithms">Public-key algorithms</a>
+
+</div>
+
+<!-- node-name, next, previous, up -->
+<h4 class="subsection">6.6.5 <acronym>Elliptic curves</acronym></h4>
+
+<p>For cryptographic purposes, an elliptic curve is a mathematical group of
+points, and computing logarithms in this group is computationally
+difficult problem. Nettle uses additive notation for elliptic curve
+groups. If P and Q are two points, and k is an
+integer, the point sum, P + Q, and the multiple k P can be
+computed efficiently, but given only two points P and Q,
+finding an integer k such that Q = k P is the elliptic
+curve discrete logarithm problem.
+
+ <p>Nettle supports standard curves which are all of the form y^2 =
+x^3 - 3 x + b (mod p), i.e., the points have coordinates (x,y),
+both considered as integers modulo a specified prime p. Curves
+are represented as a <code>struct ecc_curve</code>. Supported curves are
+declared in <samp><span class="file"><nettle/ecc-curve.h></span></samp>, e.g., <code>nettle_secp_256r1</code>
+for a standardized curve using the 256-bit prime p = 2^256 -
+2^224 + 2^192 + 2^96 - 1. The contents of these structs is not
+visible to nettle users. The “bitsize of the curve” is used as a
+shorthand for the bitsize of the curve's prime p, e.g., 256 bits
+for <code>nettle_secp_256r1</code>.
+
+<h5 class="subsubsection">6.6.5.1 Side-channel silence</h5>
+
+<p>Nettle's implementation of the elliptic curve operations is intended to
+be side-channel silent. The side-channel attacks considered are:
+
+ <ul>
+<li>Timing attacks
+If the timing of operations depends on secret values, an attacker
+interacting with your system can measure the response time, and infer
+information about your secrets, e.g., a private signature key.
+
+ <li>Attacks using memory caches
+Assume you have some secret data on a multi-user system, and that this
+data is properly protected so that other users get no direct access to
+it. If you have a process operating on the secret data, and this process
+does memory accesses depending on the data, e.g, an internal lookup
+table in some cryptographic algorithm, an attacker running a separate
+process on the same system may use behavior of internal CPU caches to
+get information about your secrets.
+</ul>
+
+ <p>Nettle's ECC implementation is designed to be <dfn>side-channel silent</dfn>,
+and not leak any information to these attacks. Timing and memory
+accesses depend only on the size of the input data and its location in
+memory, not on the actual data bits. This implies a performance penalty
+in several of the building blocks.
+
+<h4 class="subsection">6.6.6 ECDSA</h4>
+
+<p>ECDSA is a variant of the DSA digital signature scheme (see <a href="#DSA">DSA</a>),
+which works over an elliptic curve group rather than over a (subgroup
+of) integers modulo p. Like DSA, creating a signature requires a unique
+random nonce (repeating the nonce with two different messages reveals
+the private key, and any leak or bias in the generation of the nonce
+also leaks information about the key).
+
+ <p>Unlike DSA, signatures are in general not tied to any particular hash
+function or even hash size. Any hash function can be used, and the hash
+value is truncated or padded as needed to get a size matching the curve
+being used. It is recommended to use a strong cryptographic hash
+function with digest size close to the bit size of the curve, e.g.,
+SHA256 is a reasonable choice when using ECDSA signature over the curve
+secp256r1. A protocol or application using ECDSA has to specify which
+curve and which hash function to use, or provide some mechanism for
+negotiating.
+
+ <p>Nettle defines ECDSA in <samp><span class="file"><nettle/ecdsa.h></span></samp>. We first need
+to define the data types used to represent public and private keys.
+
+<div class="defun">
+— struct: <b>struct ecc_point</b><var><a name="index-struct-ecc_005fpoint-367"></a></var><br>
+<blockquote><p>Represents a point on an elliptic curve. In particular, it is used to
+represent an ECDSA public key.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>ecc_point_init</b> (<var>struct ecc_point *p, const structecc_curve *ecc</var>)<var><a name="index-ecc_005fpoint_005finit-368"></a></var><br>
+<blockquote><p>Initializes <var>p</var> to represent points on the given curve <var>ecc</var>.
+Allocates storage for the coordinates, using the same allocation
+functions as GMP.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>ecc_point_clear</b> (<var>struct ecc_point *p</var>)<var><a name="index-ecc_005fpoint_005fclear-369"></a></var><br>
+<blockquote><p>Deallocate storage.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: int <b>ecc_point_set</b> (<var>struct ecc_point *p, const mpz_t x, const mpz_t y</var>)<var><a name="index-ecc_005fpoint_005fset-370"></a></var><br>
+<blockquote><p>Check that the given coordinates represent a point on the curve. If so,
+the coordinates are copied and converted to internal representation, and
+the function returns 1. Otherwise, it returns 0. Currently, the
+infinity point (or zero point, with additive notation) i snot allowed.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>ecc_point_get</b> (<var>const struct ecc_point *p, mpz_t x, mpz_t y</var>)<var><a name="index-ecc_005fpoint_005fget-371"></a></var><br>
+<blockquote><p>Extracts the coordinate of the point <var>p</var>. The output parameters
+<var>x</var> or <var>y</var> may be NULL if the caller doesn't want that
+coordinate.
+</p></blockquote></div>
+
+<div class="defun">
+— struct: <b>struct ecc_scalar</b><var><a name="index-struct-ecc_005fscalar-372"></a></var><br>
+<blockquote><p>Represents an integer in the range 0 < x < group order, where the
+“group order” refers to the order of an ECC group. In particular, it
+is used to represent an ECDSA private key.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>ecc_scalar_init</b> (<var>struct ecc_scalar *s, const struct ecc_curve *ecc</var>)<var><a name="index-ecc_005fscalar_005finit-373"></a></var><br>
+<blockquote><p>Initializes <var>s</var> to represent a scalar suitable for the given curve
+<var>ecc</var>. Allocates storage using the same allocation functions as GMP.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>ecc_scalar_clear</b> (<var>struct ecc_scalar *s</var>)<var><a name="index-ecc_005fscalar_005fclear-374"></a></var><br>
+<blockquote><p>Deallocate storage.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: int <b>ecc_scalar_set</b> (<var>struct ecc_scalar *s, const mpz_t z</var>)<var><a name="index-ecc_005fscalar_005fset-375"></a></var><br>
+<blockquote><p>Check that <var>z</var> is in the correct range. If so, copies the value to
+<var>s</var> and returns 1, otherwise returns 0.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>ecc_scalar_get</b> (<var>const struct ecc_scalar *s, mpz_t z</var>)<var><a name="index-ecc_005fscalar_005fget-376"></a></var><br>
+<blockquote><p>Extracts the scalar, in GMP <code>mpz_t</code> representation.
+</p></blockquote></div>
+
+ <p>To create and verify ECDSA signatures, the following functions are used.
+
+<div class="defun">
+— Function: void <b>ecdsa_sign</b> (<var>const struct ecc_scalar *key, void *random_ctx, nettle_random_func *random, unsigned digest_length, const uint8_t *digest, struct dsa_signature *signature</var>)<var><a name="index-ecdsa_005fsign-377"></a></var><br>
+<blockquote><p>Uses the private key <var>key</var> to create a signature on <var>digest</var>.
+<var>random_ctx</var> and <var>random</var> is a randomness generator.
+<code>random(random_ctx, length, dst)</code> should generate <code>length</code>
+random octets and store them at <code>dst</code>. The signature is stored in
+<var>signature</var>, in the same was as for plain DSA.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: int <b>ecdsa_verify</b> (<var>const struct ecc_point *pub, unsigned length, const uint8_t *digest, const struct dsa_signature *signature</var>)<var><a name="index-ecdsa_005fverify-378"></a></var><br>
+<blockquote><p>Uses the public key <var>pub</var> to verify that <var>signature</var> is a valid
+signature for the message digest <var>digest</var> (of <var>length</var> octets).
+Returns 1 if the signature is valid, otherwise 0.
+</p></blockquote></div>
+
+ <p>Finally, to generation of new an ECDSA key pairs
+
+<div class="defun">
+— Function: void <b>ecdsa_generate_keypair</b> (<var>struct ecc_point *pub, struct ecc_scalar *key, void *random_ctx, nettle_random_func *random</var>)<var>;<a name="index-ecdsa_005fgenerate_005fkeypair-379"></a></var><br>
+<blockquote><p><var>pub</var> and <var>key</var> is where the resulting key pair is stored. The
+structs should be initialized, for the desired ECC curve, before you call this function.
+
+ <p><var>random_ctx</var> and <var>random</var> is a randomness generator.
+<code>random(random_ctx, length, dst)</code> should generate <code>length</code>
+random octets and store them at <code>dst</code>. For advice, see
+See <a href="#Randomness">Randomness</a>.
+</p></blockquote></div>
+
+<div class="node">
+<a name="Randomness"></a>
+<p><hr>
+Next: <a rel="next" accesskey="n" href="#ASCII-encoding">ASCII encoding</a>,
+Previous: <a rel="previous" accesskey="p" href="#Public_002dkey-algorithms">Public-key algorithms</a>,
Up: <a rel="up" accesskey="u" href="#Reference">Reference</a>
-<br>
+
</div>
-<h3 class="section">Randomness</h3>
+<!-- node-name, next, previous, up -->
+<h3 class="section">6.7 Randomness</h3>
-<p>A crucial ingredient in many cryptographic contexts is randomness: Let
+<p><a name="index-Randomness-380"></a>
+A crucial ingredient in many cryptographic contexts is randomness: Let
<code>p</code> be a random prime, choose a random initialization vector
<code>iv</code>, a random key <code>k</code> and a random exponent <code>e</code>, etc. In
the theories, it is assumed that you have plenty of randomness around.
two reasons:
<ul>
-
- <li>It's too easy for an attacker to guess the initial seed. Even if it will
+<li>It's too easy for an attacker to guess the initial seed. Even if it will
take some 2^32 tries before he guesses right, that's far too easy. For
-example, if the process id is 16 bits, the resolution of "current time"
+example, if the process id is 16 bits, the resolution of “current time”
is one second, and the attacker knows what day the generator was seeded,
there are only about 2^32 possibilities to try if all possible values
for the process id and time-of-day are tried.
of the generator (its seed) must be unguessable by the attacker. So
what's unguessable? It depends on what the attacker already knows. The
concept used in information theory to reason about such things is called
-"entropy", or "conditional entropy" (not to be confused with the
+“entropy”, or “conditional entropy” (not to be confused with the
thermodynamic concept with the same name). A reasonable requirement is
that the seed contains a conditional entropy of at least some 80-100
bits. This property can be explained as follows: Allow the attacker to
the seed correctly, then the conditional entropy is more than <code>n</code>
bits.
- <p>Let's look at an example. Say information about timing of received
+ <p><a name="index-Entropy-381"></a><a name="index-Conditional-entropy-382"></a>
+Let's look at an example. Say information about timing of received
network packets is used in the seeding process. If there is some random
network traffic going on, this will contribute some bits of entropy or
-"unguessability" to the seed. However, if the attacker can listen in to
+“unguessability” to the seed. However, if the attacker can listen in to
the local network, or if all but a small number of the packets were
transmitted by machines that the attacker can monitor, this additional
information makes the seed easier for the attacker to figure out. Even
used are:
<dl>
-<dt>High resolution timing of i/o activities
- <dd>Such as completed blocks from spinning hard disks, network packets, etc.
+<dt>High resolution timing of i/o activities<dd>Such as completed blocks from spinning hard disks, network packets, etc.
Getting access to such information is quite system dependent, and not
all systems include suitable hardware. If available, it's one of the
better randomness source one can find in a digital, mostly predictable,
computer.
- <br><dt>User activity
- <dd>Timing and contents of user interaction events is another popular source
+ <br><dt>User activity<dd>Timing and contents of user interaction events is another popular source
that is available for interactive programs (even if I suspect that it is
sometimes used in order to make the user feel good, not because the
quality of the input is needed or used properly). Obviously, not
available when a machine is unattended. Also beware of networks: User
-interaction that happens across a long serial cable, <small>TELNET</small>
-session, or even <small>SSH</small> session may be visible to an attacker, in
+interaction that happens across a long serial cable, <acronym>TELNET</acronym>
+session, or even <acronym>SSH</acronym> session may be visible to an attacker, in
full or partially.
- <br><dt>Audio input
- <dd>Any room, or even a microphone input that's left unconnected, is a
+ <br><dt>Audio input<dd>Any room, or even a microphone input that's left unconnected, is a
source of some random background noise, which can be fed into the
seeding process.
- <br><dt>Specialized hardware
- <dd>Hardware devices with the sole purpose of generating random data have
+ <br><dt>Specialized hardware<dd>Hardware devices with the sole purpose of generating random data have
been designed. They range from radioactive samples with an attached
Geiger counter, to amplification of the inherent noise in electronic
components such as diodes and resistors, to low-frequency sampling of
chaotic systems. Hashing successive images of a Lava lamp is a
spectacular example of the latter type.
- <br><dt>Secret information
- <dd>Secret information, such as user passwords or keys, or private files
+ <br><dt>Secret information<dd>Secret information, such as user passwords or keys, or private files
stored on disk, can provide some unguessability. A problem is that if
the information is revealed at a later time, the unguessability
vanishes. Another problem is that this kind of information tends to be
assume that no attacker has root privileges on our machine).
<p>How do we generate output from this seed, and how much can we get? Some
-generators (notably the Linux <code>/dev/random</code> generator) tries to
+generators (notably the Linux <samp><span class="file">/dev/random</span></samp> generator) tries to
estimate available entropy and restrict the amount of output. The goal
-is that if you read 128 bits from <code>/dev/random</code>, you should get 128
-"truly random" bits. This is a property that is useful in some
+is that if you read 128 bits from <samp><span class="file">/dev/random</span></samp>, you should get 128
+“truly random” bits. This is a property that is useful in some
specialized circumstances, for instance when generating key material for
a one time pad, or when working with unconditional blinding, but in most
cases, it doesn't matter much. For most application, there's no limit on
-the amount of useful "random" data that we can generate from a small
+the amount of useful “random” data that we can generate from a small
seed; what matters is that the seed is unguessable and that the
generator has good cryptographic properties.
properties of a generator are:
<dl>
-
- <br><dt><dfn>Key-hiding</dfn>
- <dd>An attacker observing the output should not be able to recover the
+<dt><dfn>Key-hiding</dfn><dd>An attacker observing the output should not be able to recover the
generator's key.
- <br><dt><dfn>Independence of outputs</dfn>
- <dd>Observing some of the output should not help the attacker to guess
+ <br><dt><dfn>Independence of outputs</dfn><dd>Observing some of the output should not help the attacker to guess
previous or future output.
- <br><dt><dfn>Forward secrecy</dfn>
- <dd>Even if an attacker compromises the generator's key, he should not be
+ <br><dt><dfn>Forward secrecy</dfn><dd>Even if an attacker compromises the generator's key, he should not be
able to guess the generator output <em>before</em> the key compromise.
- <br><dt><dfn>Recovery from key compromise</dfn>
- <dd>If an attacker compromises the generator's key, he can compute
+ <br><dt><dfn>Recovery from key compromise</dfn><dd>If an attacker compromises the generator's key, he can compute
<em>all</em> future output. This is inevitable if the generator is seeded
only once, at startup. However, the generator can provide a reseeding
mechanism, to achieve recovery from key compromise. More precisely: If
<p>Nettle includes one randomness generator that is believed to have all
the above properties, and two simpler ones.
- <p><small>ARCFOUR</small>, like any stream cipher, can be used as a randomness
+ <p><acronym>ARCFOUR</acronym>, like any stream cipher, can be used as a randomness
generator. Its output should be of reasonable quality, if the seed is
hashed properly before it is used with <code>arcfour_set_key</code>. There's
no single natural way to reseed it, but if you need reseeding, you
should be using Yarrow instead.
- <p>The "lagged Fibonacci" generator in <code><nettle/knuth-lfib.h></code> is a
+ <p>The “lagged Fibonacci” generator in <samp><span class="file"><nettle/knuth-lfib.h></span></samp> is a
fast generator with good statistical properties, but is <strong>not</strong> for
cryptographic use, and therefore not documented here. It is included
mostly because the Nettle test suite needs to generate some test data
<p>The recommended generator to use is Yarrow, described below.
-<h3 class="subsection">Yarrow</h4>
+<h4 class="subsection">6.7.1 Yarrow</h4>
<p>Yarrow is a family of pseudo-randomness generators, designed for
cryptographic use, by John Kelsey, Bruce Schneier and Niels Ferguson.
Yarrow-160 is described in a paper at
-<<code>http://www.counterpane.com/yarrow.html</code>>, and it uses <small>SHA1</small>
+<a href="http://www.counterpane.com/yarrow.html">http://www.counterpane.com/yarrow.html</a>, and it uses <acronym>SHA1</acronym>
and triple-DES, and has a 160-bit internal state. Nettle implements
-Yarrow-256, which is similar, but uses <small>SHA256</small> and
-<small>AES</small> to get an internal state of 256 bits.
+Yarrow-256, which is similar, but uses <acronym>SHA256</acronym> and
+<acronym>AES</acronym> to get an internal state of 256 bits.
<p>Yarrow was an almost finished project, the paper mentioned above is the
closest thing to a specification for it, but some smaller details are
code. Maybe a complete specification can be written later.
<p>Yarrow can use many sources (at least two are needed for proper
-reseeding), and two randomness "pools", referred to as the "slow pool" and
-the "fast pool". Input from the sources is fed alternatingly into the
+reseeding), and two randomness “pools”, referred to as the “slow pool” and
+the “fast pool”. Input from the sources is fed alternatingly into the
two pools. When one of the sources has contributed 100 bits of entropy
-to the fast pool, a "fast reseed" happens and the fast pool is mixed
+to the fast pool, a “fast reseed” happens and the fast pool is mixed
into the internal state. When at least two of the sources have
-contributed at least 160 bits each to the slow pool, a "slow reseed"
+contributed at least 160 bits each to the slow pool, a “slow reseed”
takes place. The contents of both pools are mixed into the internal
state. These procedures should ensure that the generator will eventually
recover after a key compromise.
- <p>The output is generated by using <small>AES</small> to encrypt a counter,
+ <p>The output is generated by using <acronym>AES</acronym> to encrypt a counter,
using the generator's current key. After each request for output,
another 256 bits are generated which replace the key. This ensures
forward secrecy.
Yarrow is seeded by either feeding it the contents of the previous seed
file, or feeding it input from its sources until a slow reseed happens.
- <p>Nettle defines Yarrow-256 in <code><nettle/yarrow.h></code>.
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>struct yarrow256_ctx</b><i>
- </i></td>
-<td align="right">Context struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>struct yarrow_source</b><i>
- </i></td>
-<td align="right">Context struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Information about a single source.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>YARROW256_SEED_FILE_SIZE</b><i>
- </i></td>
-<td align="right">Constant</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Recommanded size of the Yarrow-256 seed file.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>yarrow256_init</b><i> </i>(<i>struct yarrow256_ctx *</i><var>ctx</var><i>, unsigned </i><var>nsources</var><i>, struct yarrow_source *</i><var>sources</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Initializes the yarrow context, and its <var>nsources</var> sources. It's
+ <p>Nettle defines Yarrow-256 in <samp><span class="file"><nettle/yarrow.h></span></samp>.
+
+<div class="defun">
+— Context struct: <b>struct yarrow256_ctx</b><var><a name="index-struct-yarrow256_005fctx-383"></a></var><br>
+ </div>
+
+<div class="defun">
+— Context struct: <b>struct yarrow_source</b><var><a name="index-struct-yarrow_005fsource-384"></a></var><br>
+<blockquote><p>Information about a single source.
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>YARROW256_SEED_FILE_SIZE</b><var><a name="index-YARROW256_005fSEED_005fFILE_005fSIZE-385"></a></var><br>
+<blockquote><p>Recommended size of the Yarrow-256 seed file.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>yarrow256_init</b> (<var>struct yarrow256_ctx *ctx, unsigned nsources, struct yarrow_source *sources</var>)<var><a name="index-yarrow256_005finit-386"></a></var><br>
+<blockquote><p>Initializes the yarrow context, and its <var>nsources</var> sources. It's
possible to call it with <var>nsources</var>=0 and <var>sources</var>=NULL, if
you don't need the update features.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>yarrow256_seed</b><i> </i>(<i>struct yarrow256_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, uint8_t *</i><var>seed_file</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Seeds Yarrow-256 from a previous seed file. <var>length</var> should be at least
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>yarrow256_seed</b> (<var>struct yarrow256_ctx *ctx, unsigned length, uint8_t *seed_file</var>)<var><a name="index-yarrow256_005fseed-387"></a></var><br>
+<blockquote><p>Seeds Yarrow-256 from a previous seed file. <var>length</var> should be at least
<code>YARROW256_SEED_FILE_SIZE</code>, but it can be larger.
- <p>The generator will trust you that the <var>seed_file</var> data really is
+
<p>The generator will trust you that the <var>seed_file</var> data really is
unguessable. After calling this function, you <em>must</em> overwrite the old
seed file with newly generated data from <code>yarrow256_random</code>. If it's
possible for several processes to read the seed file at about the same
time, access must be coordinated using some locking mechanism.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">int <b>yarrow256_update</b><i> </i>(<i>struct yarrow256_ctx *</i><var>ctx</var><i>, unsigned </i><var>source</var><i>, unsigned </i><var>entropy</var><i>, unsigned </i><var>length</var><i>, const uint8_t *</i><var>data</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Updates the generator with data from source <var>SOURCE</var> (an index that
+</p></blockquote></div>
+
+<div class="defun">
+— Function: int <b>yarrow256_update</b> (<var>struct yarrow256_ctx *ctx, unsigned source, unsigned entropy, unsigned length, const uint8_t *data</var>)<var><a name="index-yarrow256_005fupdate-388"></a></var><br>
+<blockquote><p>Updates the generator with data from source <var>SOURCE</var> (an index that
must be smaller than the number of sources). <var>entropy</var> is your
estimated lower bound for the entropy in the data, measured in bits.
Calling update with zero <var>entropy</var> is always safe, no matter if the
data is random or not.
- <p>Returns 1 if a reseed happened, in which case an application using a
+
<p>Returns 1 if a reseed happened, in which case an application using a
seed file may want to generate new seed data with
<code>yarrow256_random</code> and overwrite the seed file. Otherwise, the
function returns 0.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>yarrow256_random</b><i> </i>(<i>struct yarrow256_ctx *</i><var>ctx</var><i>, unsigned </i><var>length</var><i>, uint8_t *</i><var>dst</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Generates <var>length</var> octets of output. The generator must be seeded
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>yarrow256_random</b> (<var>struct yarrow256_ctx *ctx, unsigned length, uint8_t *dst</var>)<var><a name="index-yarrow256_005frandom-389"></a></var><br>
+<blockquote><p>Generates <var>length</var> octets of output. The generator must be seeded
before you call this function.
- <p>If you don't need forward secrecy, e.g. if you need non-secret
+
<p>If you don't need forward secrecy, e.g. if you need non-secret
randomness for initialization vectors or padding, you can gain some
efficiency by buffering, calling this function for reasonably large
blocks of data, say 100-1000 octets at a time.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">int <b>yarrow256_is_seeded</b><i> </i>(<i>struct yarrow256_ctx *</i><var>ctx</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Returns 1 if the generator is seeded and ready to generate output,
+</p></blockquote></div>
+
+<div class="defun">
+— Function: int <b>yarrow256_is_seeded</b> (<var>struct yarrow256_ctx *ctx</var>)<var><a name="index-yarrow256_005fis_005fseeded-390"></a></var><br>
+<blockquote><p>Returns 1 if the generator is seeded and ready to generate output,
otherwise 0.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">unsigned <b>yarrow256_needed_sources</b><i> </i>(<i>struct yarrow256_ctx *</i><var>ctx</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Returns the number of sources that must reach the threshold before a
+</p></blockquote></div>
+
+<div class="defun">
+— Function: unsigned <b>yarrow256_needed_sources</b> (<var>struct yarrow256_ctx *ctx</var>)<var><a name="index-yarrow256_005fneeded_005fsources-391"></a></var><br>
+<blockquote><p>Returns the number of sources that must reach the threshold before a
slow reseed will happen. Useful primarily when the generator is unseeded.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>yarrow256_fast_reseed</b><i> </i>(<i>struct yarrow256_ctx *</i><var>ctx</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-
-<tr>
-<td align="left">void <b>yarrow256_slow_reseed</b><i> </i>(<i>struct yarrow256_ctx *</i><var>ctx</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Causes a fast or slow reseed to take place immediately, regardless of the
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>yarrow256_fast_reseed</b> (<var>struct yarrow256_ctx *ctx</var>)<var><a name="index-yarrow256_005ffast_005freseed-392"></a></var><br>
+— Function: void <b>yarrow256_slow_reseed</b> (<var>struct yarrow256_ctx *ctx</var>)<var><a name="index-yarrow256_005fslow_005freseed-393"></a></var><br>
+<blockquote><p>Causes a fast or slow reseed to take place immediately, regardless of the
current entropy estimates of the two pools. Use with care.
-</td></tr>
-</table>
+</p></blockquote></div>
<p>Nettle includes an entropy estimator for one kind of input source: User
keyboard input.
-<p>
-<table width="100%">
-<tr>
-<td align="left"><b>struct yarrow_key_event_ctx</b><i>
- </i></td>
-<td align="right">Context struct</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Information about recent key events.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">void <b>yarrow_key_event_init</b><i> </i>(<i>struct yarrow_key_event_ctx *</i><var>ctx</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-Initializes the context.
-</td></tr>
-</table>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">unsigned <b>yarrow_key_event_estimate</b><i> </i>(<i>struct yarrow_key_event_ctx *</i><var>ctx</var><i>, unsigned </i><var>key</var><i>, unsigned </i><var>time</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-<var>key</var> is the id of the key (ASCII value, hardware key code, X
+<div class="defun">
+— Context struct: <b>struct yarrow_key_event_ctx</b><var><a name="index-struct-yarrow_005fkey_005fevent_005fctx-394"></a></var><br>
+<blockquote><p>Information about recent key events.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>yarrow_key_event_init</b> (<var>struct yarrow_key_event_ctx *ctx</var>)<var><a name="index-yarrow_005fkey_005fevent_005finit-395"></a></var><br>
+<blockquote><p>Initializes the context.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: unsigned <b>yarrow_key_event_estimate</b> (<var>struct yarrow_key_event_ctx *ctx, unsigned key, unsigned time</var>)<var><a name="index-yarrow_005fkey_005fevent_005festimate-396"></a></var><br>
+<blockquote><p><var>key</var> is the id of the key (ASCII value, hardware key code, X
keysym, <small class="dots">...</small>, it doesn't matter), and <var>time</var> is the timestamp of
the event. The time must be given in units matching the resolution by
which you read the clock. If you read the clock with microsecond
ticks 10 or so microseconds at a time, <var>time</var> should be given in
units of 10 microseconds.
- <p>Returns an entropy estimate, in bits, suitable for calling
+
<p>Returns an entropy estimate, in bits, suitable for calling
<code>yarrow256_update</code>. Usually, 0, 1 or 2 bits.
-</td></tr>
-</table>
+</p></blockquote></div>
<div class="node">
+<a name="ASCII-encoding"></a>
<p><hr>
-Node: <a name="Miscellaneous%20functions">Miscellaneous functions</a>,
-Next: <a rel="next" accesskey="n" href="#Compatibility%20functions">Compatibility functions</a>,
+Next: <a rel="next" accesskey="n" href="#Miscellaneous-functions">Miscellaneous functions</a>,
Previous: <a rel="previous" accesskey="p" href="#Randomness">Randomness</a>,
Up: <a rel="up" accesskey="u" href="#Reference">Reference</a>
-<br>
+
+</div>
+
+<!-- node-name, next, previous, up -->
+<h3 class="section">6.8 ASCII encoding</h3>
+
+<p>Encryption will transform your data from text into binary format, and that
+may be a problem if you want, for example, to send the data as if it was
+plain text in an email (or store it along with descriptive text in a
+file). You may then use an encoding from binary to text: each binary byte
+is translated into a number of bytes of plain text.
+
+ <p>A base-N encoding of data is one representation of data that only uses N
+different symbols (instead of the 256 possible values of a byte).
+
+ <p>The base64 encoding will always use alphanumeric (upper and lower case)
+characters and the '+', '/' and '=' symbols to represent the data. Four
+output characters are generated for each three bytes of input. In case
+the length of the input is not a multiple of three, padding characters
+are added at the end.
+
+ <p>The base16 encoding, also known as “hexadecimal”, uses the decimal
+digits and the letters from A to F. Two hexadecimal digits are generated
+for each input byte. Base16 may be useful if you want to use the data
+for filenames or URLs, for example.
+
+ <p>Nettle supports both base64 and base16 encoding and decoding.
+
+ <p>Encoding and decoding uses a context struct to maintain its state (with
+the exception of base16 encoding, which doesn't need any). To encode or
+decode the your data, first initialize the context, then call the update
+function as many times as necessary, and complete the operation by
+calling the final function.
+
+ <p>The following functions can be used to perform base64 encoding and decoding.
+They are defined in <samp><span class="file"><nettle/base64.h></span></samp>.
+
+<div class="defun">
+— Context struct: <b>struct base64_encode_ctx</b><var><a name="index-struct-base64_005fencode_005fctx-397"></a></var><br>
+ </div>
+
+<div class="defun">
+— Function: void <b>base64_encode_init</b> (<var>struct base64_encode_ctx *ctx</var>)<var><a name="index-base64_005fencode_005finit-398"></a></var><br>
+<blockquote><p>Initializes a base64 context. This is necessary before starting an encoding
+session.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: unsigned <b>base64_encode_single</b> (<var>struct base64_encode_ctx *ctx, uint8_t *dst, uint8_t src</var>)<var><a name="index-base64_005fencode_005fsingle-399"></a></var><br>
+<blockquote><p>Encodes a single byte. Returns amount of output (always 1 or 2).
+</p></blockquote></div>
+
+<div class="defun">
+— Macro: <b>BASE64_ENCODE_LENGTH</b> (<var>length</var>)<var><a name="index-BASE64_005fENCODE_005fLENGTH-400"></a></var><br>
+<blockquote><p>The maximum number of output bytes when passing <var>length</var> input bytes
+to <code>base64_encode_update</code>.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: unsigned <b>base64_encode_update</b> (<var>struct base64_encode_ctx *ctx, uint8_t *dst, unsigned length, const uint8_t *src</var>)<var><a name="index-base64_005fencode_005fupdate-401"></a></var><br>
+<blockquote><p>After <var>ctx</var> is initialized, this function may be called to encode <var>length</var>
+bytes from <var>src</var>. The result will be placed in <var>dst</var>, and the return value
+will be the number of bytes generated. Note that <var>dst</var> must be at least of size
+BASE64_ENCODE_LENGTH(<var>length</var>).
+</p></blockquote></div>
+
+<div class="defun">
+— Constant: <b>BASE64_ENCODE_FINAL_LENGTH</b><var><a name="index-BASE64_005fENCODE_005fFINAL_005fLENGTH-402"></a></var><br>
+<blockquote><p>The maximum amount of output from <code>base64_encode_final</code>.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: unsigned <b>base64_encode_final</b> (<var>struct base64_encode_ctx *ctx, uint8_t *dst</var>)<var><a name="index-base64_005fencode_005ffinal-403"></a></var><br>
+<blockquote><p>After calling base64_encode_update one or more times, this function
+should be called to generate the final output bytes, including any
+needed paddding. The return value is the number of output bytes
+generated.
+</p></blockquote></div>
+
+<div class="defun">
+— Context struct: <b>struct base64_decode_ctx</b><var><a name="index-struct-base64_005fdecode_005fctx-404"></a></var><br>
+ </div>
+
+<div class="defun">
+— Function: void <b>base64_decode_init</b> (<var>struct base64_decode_ctx *ctx</var>)<var><a name="index-base64_005fdecode_005finit-405"></a></var><br>
+<blockquote><p>Initializes a base64 decoding context. This is necessary before starting a decoding
+session.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: int <b>base64_decode_single</b> (<var>struct base64_decode_ctx *ctx, uint8_t *dst, uint8_t src</var>)<var><a name="index-base64_005fdecode_005fsingle-406"></a></var><br>
+<blockquote><p>Decodes a single byte (<var>src</var>) and stores the result in <var>dst</var>.
+Returns amount of output (0 or 1), or -1 on errors.
+</p></blockquote></div>
+
+<div class="defun">
+— Macro: <b>BASE64_DECODE_LENGTH</b> (<var>length</var>)<var><a name="index-BASE64_005fDECODE_005fLENGTH-407"></a></var><br>
+<blockquote><p>The maximum number of output bytes when passing <var>length</var> input bytes
+to <code>base64_decode_update</code>.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>base64_decode_update</b> (<var>struct base64_decode_ctx *ctx, unsigned *dst_length, uint8_t *dst, unsigned src_length, const uint8_t *src</var>)<var><a name="index-base64_005fdecode_005fupdate-408"></a></var><br>
+<blockquote><p>After <var>ctx</var> is initialized, this function may be called to decode <var>src_length</var>
+bytes from <var>src</var>. <var>dst</var> should point to an area of size at least
+BASE64_DECODE_LENGTH(<var>length</var>), and for sanity checking, <var>dst_length</var>
+should be initialized to the size of that area before the call.
+<var>dst_length</var> is updated to the amount of decoded output. The function will return
+1 on success and 0 on error.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: int <b>base64_decode_final</b> (<var>struct base64_decode_ctx *ctx</var>)<var><a name="index-base64_005fdecode_005ffinal-409"></a></var><br>
+<blockquote><p>Check that final padding is correct. Returns 1 on success, and 0 on
+error.
+</p></blockquote></div>
+
+ <p>Similarly to the base64 functions, the following functions perform base16 encoding,
+and are defined in <samp><span class="file"><nettle/base16.h></span></samp>. Note that there is no encoding context
+necessary for doing base16 encoding.
+
+<div class="defun">
+— Function: void <b>base16_encode_single</b> (<var>uint8_t *dst, uint8_t src</var>)<var><a name="index-base16_005fencode_005fsingle-410"></a></var><br>
+<blockquote><p>Encodes a single byte. Always stores two digits in <var>dst</var>[0] and <var>dst</var>[1].
+</p></blockquote></div>
+
+<div class="defun">
+— Macro: <b>BASE16_ENCODE_LENGTH</b> (<var>length</var>)<var><a name="index-BASE16_005fENCODE_005fLENGTH-411"></a></var><br>
+<blockquote><p>The number of output bytes when passing <var>length</var> input bytes to
+<code>base16_encode_update</code>.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: void <b>base16_encode_update</b> (<var>uint8_t *dst, unsigned length, const uint8_t *src</var>)<var><a name="index-base16_005fencode_005fupdate-412"></a></var><br>
+<blockquote><p>Always stores BASE16_ENCODE_LENGTH(<var>length</var>) digits in <var>dst</var>.
+</p></blockquote></div>
+
+<div class="defun">
+— Context struct: <b>struct base16_decode_ctx</b><var><a name="index-struct-base16_005fdecode_005fctx-413"></a></var><br>
+ </div>
+
+<div class="defun">
+— Function: void <b>base16_decode_init</b> (<var>struct base16_decode_ctx *ctx</var>)<var><a name="index-base16_005fdecode_005finit-414"></a></var><br>
+<blockquote><p>Initializes a base16 decoding context. This is necessary before starting a decoding
+session.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: int <b>base16_decode_single</b> (<var>struct base16_decode_ctx *ctx, uint8_t *dst, uint8_t src</var>)<var><a name="index-base16_005fdecode_005fsingle-415"></a></var><br>
+<blockquote><p>Decodes a single byte from <var>src</var> into <var>dst</var>. Returns amount of output (0 or 1), or -1 on errors.
+</p></blockquote></div>
+
+<div class="defun">
+— Macro: <b>BASE16_DECODE_LENGTH</b> (<var>length</var>)<var><a name="index-BASE16_005fDECODE_005fLENGTH-416"></a></var><br>
+<blockquote><p>The maximum number of output bytes when passing <var>length</var> input bytes
+to <code>base16_decode_update</code>.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: int <b>base16_decode_update</b> (<var>struct base16_decode_ctx *ctx, unsigned *dst_length, uint8_t *dst, unsigned src_length, const uint8_t *src</var>)<var><a name="index-base16_005fdecode_005fupdate-417"></a></var><br>
+<blockquote><p>After <var>ctx</var> is initialized, this function may be called to decode <var>src_length</var>
+bytes from <var>src</var>. <var>dst</var> should point to an area of size at least
+BASE16_DECODE_LENGTH(<var>length</var>), and for sanity checking, <var>dst_length</var>
+should be initialized to the size of that area before the call.
+<var>dst_length</var> is updated to the amount of decoded output. The function will return
+1 on success and 0 on error.
+</p></blockquote></div>
+
+<div class="defun">
+— Function: int <b>base16_decode_final</b> (<var>struct base16_decode_ctx *ctx</var>)<var><a name="index-base16_005fdecode_005ffinal-418"></a></var><br>
+<blockquote><p>Checks that the end of data is correct (i.e., an even number of
+hexadecimal digits have been seen). Returns 1 on success, and 0 on
+error.
+</p></blockquote></div>
+
+<div class="node">
+<a name="Miscellaneous-functions"></a>
+<p><hr>
+Next: <a rel="next" accesskey="n" href="#Compatibility-functions">Compatibility functions</a>,
+Previous: <a rel="previous" accesskey="p" href="#ASCII-encoding">ASCII encoding</a>,
+Up: <a rel="up" accesskey="u" href="#Reference">Reference</a>
+
</div>
-<h3 class="section">Miscellaneous functions</h3>
-
-<p>
-<table width="100%">
-<tr>
-<td align="left">uint8_t * <b>memxor</b><i> </i>(<i>uint8_t *</i><var>dst</var><i>, const uint8_t *</i><var>src</var><i>, size_t </i><var>n</var><i></i>)<i>
- </i></td>
-<td align="right">Function</td>
-</tr>
-</table>
-<table width="95%" align="center">
-<tr><td>
-XORs the source area on top of the destination area. The interface
+<!-- node-name, next, previous, up -->
+<h3 class="section">6.9 Miscellaneous functions</h3>
+
+<div class="defun">
+— Function: uint8_t * <b>memxor</b> (<var>uint8_t *dst, const uint8_t *src, size_t n</var>)<var><a name="index-memxor-419"></a></var><br>
+<blockquote><p>XORs the source area on top of the destination area. The interface
doesn't follow the Nettle conventions, because it is intended to be
similar to the ANSI-C <code>memcpy</code> function.
-</td></tr>
-</table>
+</p></blockquote></div>
- <p><code>memxor</code> is declared in <code><nettle/memxor.h></code>.
+ <p><code>memxor</code> is declared in <samp><span class="file"><nettle/memxor.h></span></samp>.
<div class="node">
+<a name="Compatibility-functions"></a>
<p><hr>
-Node: <a name="Compatibility%20functions">Compatibility functions</a>,
-Previous: <a rel="previous" accesskey="p" href="#Miscellaneous%20functions">Miscellaneous functions</a>,
+Previous: <a rel="previous" accesskey="p" href="#Miscellaneous-functions">Miscellaneous functions</a>,
Up: <a rel="up" accesskey="u" href="#Reference">Reference</a>
-<br>
+
</div>
-<h3 class="section">Compatibility functions</h3>
+<!-- node-name, next, previous, up -->
+<h3 class="section">6.10 Compatibility functions</h3>
<p>For convenience, Nettle includes alternative interfaces to some
algorithms, for compatibility with some other popular crypto toolkits.
<p>MD5 is defined in [RFC 1321], which includes a reference implementation.
Nettle defines a compatible interface to MD5 in
-<code><nettle/md5-compat.h></code>. This file defines the typedef
+<samp><span class="file"><nettle/md5-compat.h></span></samp>. This file defines the typedef
<code>MD5_CTX</code>, and declares the functions <code>MD5Init</code>, <code>MD5Update</code> and
<code>MD5Final</code>.
- <p>Eric Young's "libdes" (also part of OpenSSL) is a quite popular DES
+ <p>Eric Young's “libdes” (also part of OpenSSL) is a quite popular DES
implementation. Nettle includes a subset if its interface in
-<code><nettle/des-compat.h></code>. This file defines the typedefs
+<samp><span class="file"><nettle/des-compat.h></span></samp>. This file defines the typedefs
<code>des_key_schedule</code> and <code>des_cblock</code>, two constants
<code>DES_ENCRYPT</code> and <code>DES_DECRYPT</code>, and declares one global
variable <code>des_check_key</code>, and the functions <code>des_cbc_cksum</code>
<code>des_set_key</code>, and <code>des_set_odd_parity</code>.
<div class="node">
+<a name="Nettle-soup"></a>
<p><hr>
-Node: <a name="Nettle%20soup">Nettle soup</a>,
Next: <a rel="next" accesskey="n" href="#Installation">Installation</a>,
Previous: <a rel="previous" accesskey="p" href="#Reference">Reference</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
-<br>
+
</div>
-<h2 class="chapter">Traditional Nettle Soup</h2>
+<!-- node-name, next, previous, up -->
+<h2 class="chapter">7 Traditional Nettle Soup</h2>
<p>For the serious nettle hacker, here is a recipe for nettle soup. 4 servings.
<p>Serve with boiled egg-halves.
+<!-- And the original Swedish version. -->
<div class="node">
+<a name="Installation"></a>
<p><hr>
-Node: <a name="Installation">Installation</a>,
Next: <a rel="next" accesskey="n" href="#Index">Index</a>,
-Previous: <a rel="previous" accesskey="p" href="#Nettle%20soup">Nettle soup</a>,
+Previous: <a rel="previous" accesskey="p" href="#Nettle-soup">Nettle soup</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
-<br>
+
</div>
-<h2 class="chapter">Installation</h2>
+<!-- node-name, next, previous, up -->
+<h2 class="chapter">8 Installation</h2>
-<p>Nettle uses <code>autoconf</code>. To build it, unpack the source and run
+<p>Nettle uses <samp><span class="command">autoconf</span></samp>. To build it, unpack the source and run
<pre class="example"> ./configure
make
make check
make install
- </pre>
-
-<p>to install in the default location, <code>/usr/local</code>. The library files
-are installed in <code>/use/local/lib/libnettle.a</code>
-<code>/use/local/lib/libhogweed.a</code> and the include files are installed
-in <code>/use/local/include/nettle/</code>.
+</pre>
+ <p class="noindent">to install in under the default prefix, <samp><span class="file">/usr/local</span></samp>.
<p>To get a list of configure options, use <code>./configure --help</code>.
- <p>By default, only static libraries are built and installed. To also build
-and install shared libraries, use the <code> --enable-shared</code> option
-to <code>./configure</code>.
+ <p>By default, both static and shared libraries are built and installed. To
+omit building the shared libraries, use the <samp><span class="option"> --disable-shared</span></samp>
+option to <samp><span class="command">./configure</span></samp>.
<p>Using GNU make is recommended. For other make programs, in particular
-BSD make, you may have to use the <code>--disable-dependency-tracking</code>
-option to <code>./configure</code>.
+BSD make, you may have to use the <samp><span class="option">--disable-dependency-tracking</span></samp>
+option to <samp><span class="command">./configure</span></samp>.
<div class="node">
+<a name="Index"></a>
<p><hr>
-Node: <a name="Index">Index</a>,
Previous: <a rel="previous" accesskey="p" href="#Installation">Installation</a>,
Up: <a rel="up" accesskey="u" href="#Top">Top</a>
-<br>
+
</div>
+<!-- node-name, next, previous, up -->
<h2 class="unnumbered">Function and Concept Index</h2>
<ul class="index-cp" compact>
-<li><code>aes_decrypt</code>: <a href="#Cipher%20functions">Cipher functions</a>
-<li><code>aes_encrypt</code>: <a href="#Cipher%20functions">Cipher functions</a>
-<li><code>aes_invert_key</code>: <a href="#Cipher%20functions">Cipher functions</a>
-<li><code>aes_set_decrypt_key</code>: <a href="#Cipher%20functions">Cipher functions</a>
-<li><code>aes_set_encrypt_key</code>: <a href="#Cipher%20functions">Cipher functions</a>
-<li><code>arcfour_crypt</code>: <a href="#Cipher%20functions">Cipher functions</a>
-<li><code>arcfour_set_key</code>: <a href="#Cipher%20functions">Cipher functions</a>
-<li><code>arctwo_decrypt</code>: <a href="#Cipher%20functions">Cipher functions</a>
-<li><code>arctwo_encrypt</code>: <a href="#Cipher%20functions">Cipher functions</a>
-<li><code>arctwo_set_key</code>: <a href="#Cipher%20functions">Cipher functions</a>
-<li><code>arctwo_set_key_ekb</code>: <a href="#Cipher%20functions">Cipher functions</a>
-<li><code>arctwo_set_key_gutmann</code>: <a href="#Cipher%20functions">Cipher functions</a>
-<li>Block Cipher: <a href="#Cipher%20functions">Cipher functions</a>
-<li><code>blowfish_decrypt</code>: <a href="#Cipher%20functions">Cipher functions</a>
-<li><code>blowfish_encrypt</code>: <a href="#Cipher%20functions">Cipher functions</a>
-<li><code>blowfish_set_key</code>: <a href="#Cipher%20functions">Cipher functions</a>
-<li><code>camellia_crypt</code>: <a href="#Cipher%20functions">Cipher functions</a>
-<li><code>camellia_invert_key</code>: <a href="#Cipher%20functions">Cipher functions</a>
-<li><code>camellia_set_decrypt_key</code>: <a href="#Cipher%20functions">Cipher functions</a>
-<li><code>camellia_set_encrypt_key</code>: <a href="#Cipher%20functions">Cipher functions</a>
-<li><code>cast128_decrypt</code>: <a href="#Cipher%20functions">Cipher functions</a>
-<li><code>cast128_encrypt</code>: <a href="#Cipher%20functions">Cipher functions</a>
-<li><code>cast128_set_key</code>: <a href="#Cipher%20functions">Cipher functions</a>
-<li>CBC Mode: <a href="#Cipher%20modes">Cipher modes</a>
-<li><code>CBC_CTX</code>: <a href="#Cipher%20modes">Cipher modes</a>
-<li><code>CBC_DECRYPT</code>: <a href="#Cipher%20modes">Cipher modes</a>
-<li><code>cbc_decrypt</code>: <a href="#Cipher%20modes">Cipher modes</a>
-<li><code>CBC_ENCRYPT</code>: <a href="#Cipher%20modes">Cipher modes</a>
-<li><code>cbc_encrypt</code>: <a href="#Cipher%20modes">Cipher modes</a>
-<li><code>CBC_SET_IV</code>: <a href="#Cipher%20modes">Cipher modes</a>
-<li>Cipher: <a href="#Cipher%20functions">Cipher functions</a>
-<li>Cipher Block Chaining: <a href="#Cipher%20modes">Cipher modes</a>
-<li>Collision-resistant: <a href="#Hash%20functions">Hash functions</a>
-<li>Conditional entropy: <a href="#Randomness">Randomness</a>
-<li>Counter Mode: <a href="#Cipher%20modes">Cipher modes</a>
-<li>CTR Mode: <a href="#Cipher%20modes">Cipher modes</a>
-<li><code>CTR_CRYPT</code>: <a href="#Cipher%20modes">Cipher modes</a>
-<li><code>ctr_crypt</code>: <a href="#Cipher%20modes">Cipher modes</a>
-<li><code>CTR_CTX</code>: <a href="#Cipher%20modes">Cipher modes</a>
-<li><code>CTR_SET_COUNTER</code>: <a href="#Cipher%20modes">Cipher modes</a>
-<li><code>des3_decrypt</code>: <a href="#Cipher%20functions">Cipher functions</a>
-<li><code>des3_encrypt</code>: <a href="#Cipher%20functions">Cipher functions</a>
-<li><code>des3_set_key</code>: <a href="#Cipher%20functions">Cipher functions</a>
-<li><code>des_check_parity</code>: <a href="#Cipher%20functions">Cipher functions</a>
-<li><code>des_decrypt</code>: <a href="#Cipher%20functions">Cipher functions</a>
-<li><code>des_encrypt</code>: <a href="#Cipher%20functions">Cipher functions</a>
-<li><code>des_fix_parity</code>: <a href="#Cipher%20functions">Cipher functions</a>
-<li><code>des_set_key</code>: <a href="#Cipher%20functions">Cipher functions</a>
-<li><code>dsa_generate_keypair</code>: <a href="#DSA">DSA</a>
-<li><code>dsa_private_key_clear</code>: <a href="#DSA">DSA</a>
-<li><code>dsa_private_key_init</code>: <a href="#DSA">DSA</a>
-<li><code>dsa_public_key_clear</code>: <a href="#DSA">DSA</a>
-<li><code>dsa_public_key_init</code>: <a href="#DSA">DSA</a>
-<li><code>dsa_sha1_sign</code>: <a href="#DSA">DSA</a>
-<li><code>dsa_sha1_sign_digest</code>: <a href="#DSA">DSA</a>
-<li><code>dsa_sha1_verify</code>: <a href="#DSA">DSA</a>
-<li><code>dsa_sha1_verify_digest</code>: <a href="#DSA">DSA</a>
-<li><code>dsa_sha256_sign</code>: <a href="#DSA">DSA</a>
-<li><code>dsa_sha256_sign_digest</code>: <a href="#DSA">DSA</a>
-<li><code>dsa_sha256_verify</code>: <a href="#DSA">DSA</a>
-<li><code>dsa_sha256_verify_digest</code>: <a href="#DSA">DSA</a>
-<li><code>dsa_signature_clear</code>: <a href="#DSA">DSA</a>
-<li><code>dsa_signature_init</code>: <a href="#DSA">DSA</a>
-<li>Entropy: <a href="#Randomness">Randomness</a>
-<li>Hash function: <a href="#Hash%20functions">Hash functions</a>
-<li><code>HMAC_CTX</code>: <a href="#Keyed%20hash%20functions">Keyed hash functions</a>
-<li><code>HMAC_DIGEST</code>: <a href="#Keyed%20hash%20functions">Keyed hash functions</a>
-<li><code>hmac_digest</code>: <a href="#Keyed%20hash%20functions">Keyed hash functions</a>
-<li><code>hmac_md5_digest</code>: <a href="#Keyed%20hash%20functions">Keyed hash functions</a>
-<li><code>hmac_md5_set_key</code>: <a href="#Keyed%20hash%20functions">Keyed hash functions</a>
-<li><code>hmac_md5_update</code>: <a href="#Keyed%20hash%20functions">Keyed hash functions</a>
-<li><code>HMAC_SET_KEY</code>: <a href="#Keyed%20hash%20functions">Keyed hash functions</a>
-<li><code>hmac_set_key</code>: <a href="#Keyed%20hash%20functions">Keyed hash functions</a>
-<li><code>hmac_sha1_digest</code>: <a href="#Keyed%20hash%20functions">Keyed hash functions</a>
-<li><code>hmac_sha1_set_key</code>: <a href="#Keyed%20hash%20functions">Keyed hash functions</a>
-<li><code>hmac_sha1_update</code>: <a href="#Keyed%20hash%20functions">Keyed hash functions</a>
-<li><code>hmac_sha256_digest</code>: <a href="#Keyed%20hash%20functions">Keyed hash functions</a>
-<li><code>hmac_sha256_set_key</code>: <a href="#Keyed%20hash%20functions">Keyed hash functions</a>
-<li><code>hmac_sha256_update</code>: <a href="#Keyed%20hash%20functions">Keyed hash functions</a>
-<li><code>hmac_sha512_digest</code>: <a href="#Keyed%20hash%20functions">Keyed hash functions</a>
-<li><code>hmac_sha512_set_key</code>: <a href="#Keyed%20hash%20functions">Keyed hash functions</a>
-<li><code>hmac_sha512_update</code>: <a href="#Keyed%20hash%20functions">Keyed hash functions</a>
-<li><code>hmac_update</code>: <a href="#Keyed%20hash%20functions">Keyed hash functions</a>
-<li>Keyed Hash Function: <a href="#Keyed%20hash%20functions">Keyed hash functions</a>
-<li>MAC: <a href="#Keyed%20hash%20functions">Keyed hash functions</a>
-<li><code>md2_digest</code>: <a href="#Hash%20functions">Hash functions</a>
-<li><code>md2_init</code>: <a href="#Hash%20functions">Hash functions</a>
-<li><code>md2_update</code>: <a href="#Hash%20functions">Hash functions</a>
-<li><code>md4_digest</code>: <a href="#Hash%20functions">Hash functions</a>
-<li><code>md4_init</code>: <a href="#Hash%20functions">Hash functions</a>
-<li><code>md4_update</code>: <a href="#Hash%20functions">Hash functions</a>
-<li><code>md5_digest</code>: <a href="#Hash%20functions">Hash functions</a>
-<li><code>md5_init</code>: <a href="#Hash%20functions">Hash functions</a>
-<li><code>md5_update</code>: <a href="#Hash%20functions">Hash functions</a>
-<li><code>memxor</code>: <a href="#Miscellaneous%20functions">Miscellaneous functions</a>
-<li>Message Authentication Code: <a href="#Keyed%20hash%20functions">Keyed hash functions</a>
-<li>One-way: <a href="#Hash%20functions">Hash functions</a>
-<li>One-way function: <a href="#Public-key%20algorithms">Public-key algorithms</a>
-<li>Public Key Cryptography: <a href="#Public-key%20algorithms">Public-key algorithms</a>
-<li>Randomness: <a href="#Randomness">Randomness</a>
-<li><code>rsa_compute_root</code>: <a href="#RSA">RSA</a>
-<li><code>rsa_generate_keypair</code>: <a href="#RSA">RSA</a>
-<li><code>rsa_md5_sign</code>: <a href="#RSA">RSA</a>
-<li><code>rsa_md5_sign_digest</code>: <a href="#RSA">RSA</a>
-<li><code>rsa_md5_verify</code>: <a href="#RSA">RSA</a>
-<li><code>rsa_md5_verify_digest</code>: <a href="#RSA">RSA</a>
-<li><code>rsa_private_key_clear</code>: <a href="#RSA">RSA</a>
-<li><code>rsa_private_key_init</code>: <a href="#RSA">RSA</a>
-<li><code>rsa_private_key_prepare</code>: <a href="#RSA">RSA</a>
-<li><code>rsa_public_key_clear</code>: <a href="#RSA">RSA</a>
-<li><code>rsa_public_key_init</code>: <a href="#RSA">RSA</a>
-<li><code>rsa_public_key_prepare</code>: <a href="#RSA">RSA</a>
-<li><code>rsa_sha1_sign</code>: <a href="#RSA">RSA</a>
-<li><code>rsa_sha1_sign_digest</code>: <a href="#RSA">RSA</a>
-<li><code>rsa_sha1_verify</code>: <a href="#RSA">RSA</a>
-<li><code>rsa_sha1_verify_digest</code>: <a href="#RSA">RSA</a>
-<li><code>rsa_sha256_sign</code>: <a href="#RSA">RSA</a>
-<li><code>rsa_sha256_sign_digest</code>: <a href="#RSA">RSA</a>
-<li><code>rsa_sha256_verify</code>: <a href="#RSA">RSA</a>
-<li><code>rsa_sha256_verify_digest</code>: <a href="#RSA">RSA</a>
-<li><code>rsa_sha512_sign</code>: <a href="#RSA">RSA</a>
-<li><code>rsa_sha512_sign_digest</code>: <a href="#RSA">RSA</a>
-<li><code>rsa_sha512_verify</code>: <a href="#RSA">RSA</a>
-<li><code>rsa_sha512_verify_digest</code>: <a href="#RSA">RSA</a>
-<li><code>serpent_decrypt</code>: <a href="#Cipher%20functions">Cipher functions</a>
-<li><code>serpent_encrypt</code>: <a href="#Cipher%20functions">Cipher functions</a>
-<li><code>serpent_set_key</code>: <a href="#Cipher%20functions">Cipher functions</a>
-<li><code>sha1_digest</code>: <a href="#Hash%20functions">Hash functions</a>
-<li><code>sha1_init</code>: <a href="#Hash%20functions">Hash functions</a>
-<li><code>sha1_update</code>: <a href="#Hash%20functions">Hash functions</a>
-<li><code>sha224_digest</code>: <a href="#Hash%20functions">Hash functions</a>
-<li><code>sha224_init</code>: <a href="#Hash%20functions">Hash functions</a>
-<li><code>sha224_update</code>: <a href="#Hash%20functions">Hash functions</a>
-<li><code>sha256_digest</code>: <a href="#Hash%20functions">Hash functions</a>
-<li><code>sha256_init</code>: <a href="#Hash%20functions">Hash functions</a>
-<li><code>sha256_update</code>: <a href="#Hash%20functions">Hash functions</a>
-<li><code>sha384_digest</code>: <a href="#Hash%20functions">Hash functions</a>
-<li><code>sha384_init</code>: <a href="#Hash%20functions">Hash functions</a>
-<li><code>sha384_update</code>: <a href="#Hash%20functions">Hash functions</a>
-<li><code>sha512_digest</code>: <a href="#Hash%20functions">Hash functions</a>
-<li><code>sha512_init</code>: <a href="#Hash%20functions">Hash functions</a>
-<li><code>sha512_update</code>: <a href="#Hash%20functions">Hash functions</a>
-<li>Stream Cipher: <a href="#Cipher%20functions">Cipher functions</a>
-<li><code>twofish_decrypt</code>: <a href="#Cipher%20functions">Cipher functions</a>
-<li><code>twofish_encrypt</code>: <a href="#Cipher%20functions">Cipher functions</a>
-<li><code>twofish_set_key</code>: <a href="#Cipher%20functions">Cipher functions</a>
-<li><code>yarrow256_fast_reseed</code>: <a href="#Randomness">Randomness</a>
-<li><code>yarrow256_init</code>: <a href="#Randomness">Randomness</a>
-<li><code>yarrow256_is_seeded</code>: <a href="#Randomness">Randomness</a>
-<li><code>yarrow256_needed_sources</code>: <a href="#Randomness">Randomness</a>
-<li><code>yarrow256_random</code>: <a href="#Randomness">Randomness</a>
-<li><code>yarrow256_seed</code>: <a href="#Randomness">Randomness</a>
-<li><code>yarrow256_slow_reseed</code>: <a href="#Randomness">Randomness</a>
-<li><code>yarrow256_update</code>: <a href="#Randomness">Randomness</a>
-<li><code>yarrow_key_event_estimate</code>: <a href="#Randomness">Randomness</a>
-<li><code>yarrow_key_event_init</code>: <a href="#Randomness">Randomness</a>
-</ul>
-
-
- <div class="footnote">
+<li><a href="#index-aes_005fdecrypt-113"><code>aes_decrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-aes_005fencrypt-112"><code>aes_encrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-aes_005finvert_005fkey-111"><code>aes_invert_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-aes_005fset_005fdecrypt_005fkey-110"><code>aes_set_decrypt_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-aes_005fset_005fencrypt_005fkey-109"><code>aes_set_encrypt_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-arcfour_005fcrypt-119"><code>arcfour_crypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-arcfour_005fset_005fkey-118"><code>arcfour_set_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-arctwo_005fdecrypt-129"><code>arctwo_decrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-arctwo_005fencrypt-128"><code>arctwo_encrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-arctwo_005fset_005fkey-126"><code>arctwo_set_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-arctwo_005fset_005fkey_005fekb-125"><code>arctwo_set_key_ekb</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-arctwo_005fset_005fkey_005fgutmann-127"><code>arctwo_set_key_gutmann</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-base16_005fdecode_005ffinal-418"><code>base16_decode_final</code></a>: <a href="#ASCII-encoding">ASCII encoding</a></li>
+<li><a href="#index-base16_005fdecode_005finit-414"><code>base16_decode_init</code></a>: <a href="#ASCII-encoding">ASCII encoding</a></li>
+<li><a href="#index-BASE16_005fDECODE_005fLENGTH-416"><code>BASE16_DECODE_LENGTH</code></a>: <a href="#ASCII-encoding">ASCII encoding</a></li>
+<li><a href="#index-base16_005fdecode_005fsingle-415"><code>base16_decode_single</code></a>: <a href="#ASCII-encoding">ASCII encoding</a></li>
+<li><a href="#index-base16_005fdecode_005fupdate-417"><code>base16_decode_update</code></a>: <a href="#ASCII-encoding">ASCII encoding</a></li>
+<li><a href="#index-BASE16_005fENCODE_005fLENGTH-411"><code>BASE16_ENCODE_LENGTH</code></a>: <a href="#ASCII-encoding">ASCII encoding</a></li>
+<li><a href="#index-base16_005fencode_005fsingle-410"><code>base16_encode_single</code></a>: <a href="#ASCII-encoding">ASCII encoding</a></li>
+<li><a href="#index-base16_005fencode_005fupdate-412"><code>base16_encode_update</code></a>: <a href="#ASCII-encoding">ASCII encoding</a></li>
+<li><a href="#index-base64_005fdecode_005ffinal-409"><code>base64_decode_final</code></a>: <a href="#ASCII-encoding">ASCII encoding</a></li>
+<li><a href="#index-base64_005fdecode_005finit-405"><code>base64_decode_init</code></a>: <a href="#ASCII-encoding">ASCII encoding</a></li>
+<li><a href="#index-BASE64_005fDECODE_005fLENGTH-407"><code>BASE64_DECODE_LENGTH</code></a>: <a href="#ASCII-encoding">ASCII encoding</a></li>
+<li><a href="#index-base64_005fdecode_005fsingle-406"><code>base64_decode_single</code></a>: <a href="#ASCII-encoding">ASCII encoding</a></li>
+<li><a href="#index-base64_005fdecode_005fupdate-408"><code>base64_decode_update</code></a>: <a href="#ASCII-encoding">ASCII encoding</a></li>
+<li><a href="#index-base64_005fencode_005ffinal-403"><code>base64_encode_final</code></a>: <a href="#ASCII-encoding">ASCII encoding</a></li>
+<li><a href="#index-base64_005fencode_005finit-398"><code>base64_encode_init</code></a>: <a href="#ASCII-encoding">ASCII encoding</a></li>
+<li><a href="#index-BASE64_005fENCODE_005fLENGTH-400"><code>BASE64_ENCODE_LENGTH</code></a>: <a href="#ASCII-encoding">ASCII encoding</a></li>
+<li><a href="#index-base64_005fencode_005fsingle-399"><code>base64_encode_single</code></a>: <a href="#ASCII-encoding">ASCII encoding</a></li>
+<li><a href="#index-base64_005fencode_005fupdate-401"><code>base64_encode_update</code></a>: <a href="#ASCII-encoding">ASCII encoding</a></li>
+<li><a href="#index-Block-Cipher-102">Block Cipher</a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-blowfish_005fdecrypt-137"><code>blowfish_decrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-blowfish_005fencrypt-136"><code>blowfish_encrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-blowfish_005fset_005fkey-135"><code>blowfish_set_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-camellia_005fcrypt-146"><code>camellia_crypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-camellia_005finvert_005fkey-145"><code>camellia_invert_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-camellia_005fset_005fdecrypt_005fkey-144"><code>camellia_set_decrypt_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-camellia_005fset_005fencrypt_005fkey-143"><code>camellia_set_encrypt_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-cast128_005fdecrypt-154"><code>cast128_decrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-cast128_005fencrypt-153"><code>cast128_encrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-cast128_005fset_005fkey-152"><code>cast128_set_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-CBC-Mode-216">CBC Mode</a>: <a href="#CBC">CBC</a></li>
+<li><a href="#index-CBC_005fCTX-219"><code>CBC_CTX</code></a>: <a href="#CBC">CBC</a></li>
+<li><a href="#index-CBC_005fDECRYPT-222"><code>CBC_DECRYPT</code></a>: <a href="#CBC">CBC</a></li>
+<li><a href="#index-cbc_005fdecrypt-218"><code>cbc_decrypt</code></a>: <a href="#CBC">CBC</a></li>
+<li><a href="#index-CBC_005fENCRYPT-221"><code>CBC_ENCRYPT</code></a>: <a href="#CBC">CBC</a></li>
+<li><a href="#index-cbc_005fencrypt-217"><code>cbc_encrypt</code></a>: <a href="#CBC">CBC</a></li>
+<li><a href="#index-CBC_005fSET_005fIV-220"><code>CBC_SET_IV</code></a>: <a href="#CBC">CBC</a></li>
+<li><a href="#index-Cipher-101">Cipher</a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-Cipher-Block-Chaining-215">Cipher Block Chaining</a>: <a href="#CBC">CBC</a></li>
+<li><a href="#index-Collision_002dresistant-3">Collision-resistant</a>: <a href="#Hash-functions">Hash functions</a></li>
+<li><a href="#index-Conditional-entropy-382">Conditional entropy</a>: <a href="#Randomness">Randomness</a></li>
+<li><a href="#index-Counter-Mode-223">Counter Mode</a>: <a href="#CTR">CTR</a></li>
+<li><a href="#index-CTR-Mode-224">CTR Mode</a>: <a href="#CTR">CTR</a></li>
+<li><a href="#index-CTR_005fCRYPT-228"><code>CTR_CRYPT</code></a>: <a href="#CTR">CTR</a></li>
+<li><a href="#index-ctr_005fcrypt-225"><code>ctr_crypt</code></a>: <a href="#CTR">CTR</a></li>
+<li><a href="#index-CTR_005fCTX-226"><code>CTR_CTX</code></a>: <a href="#CTR">CTR</a></li>
+<li><a href="#index-CTR_005fSET_005fCOUNTER-227"><code>CTR_SET_COUNTER</code></a>: <a href="#CTR">CTR</a></li>
+<li><a href="#index-des3_005fdecrypt-168"><code>des3_decrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-des3_005fencrypt-167"><code>des3_encrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-des3_005fset_005fkey-166"><code>des3_set_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-des_005fcheck_005fparity-161"><code>des_check_parity</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-des_005fdecrypt-160"><code>des_decrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-des_005fencrypt-159"><code>des_encrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-des_005ffix_005fparity-162"><code>des_fix_parity</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-des_005fset_005fkey-158"><code>des_set_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-dsa_005fgenerate_005fkeypair-366"><code>dsa_generate_keypair</code></a>: <a href="#DSA">DSA</a></li>
+<li><a href="#index-dsa_005fprivate_005fkey_005fclear-354"><code>dsa_private_key_clear</code></a>: <a href="#DSA">DSA</a></li>
+<li><a href="#index-dsa_005fprivate_005fkey_005finit-352"><code>dsa_private_key_init</code></a>: <a href="#DSA">DSA</a></li>
+<li><a href="#index-dsa_005fpublic_005fkey_005fclear-353"><code>dsa_public_key_clear</code></a>: <a href="#DSA">DSA</a></li>
+<li><a href="#index-dsa_005fpublic_005fkey_005finit-351"><code>dsa_public_key_init</code></a>: <a href="#DSA">DSA</a></li>
+<li><a href="#index-dsa_005fsha1_005fsign-358"><code>dsa_sha1_sign</code></a>: <a href="#DSA">DSA</a></li>
+<li><a href="#index-dsa_005fsha1_005fsign_005fdigest-359"><code>dsa_sha1_sign_digest</code></a>: <a href="#DSA">DSA</a></li>
+<li><a href="#index-dsa_005fsha1_005fverify-362"><code>dsa_sha1_verify</code></a>: <a href="#DSA">DSA</a></li>
+<li><a href="#index-dsa_005fsha1_005fverify_005fdigest-363"><code>dsa_sha1_verify_digest</code></a>: <a href="#DSA">DSA</a></li>
+<li><a href="#index-dsa_005fsha256_005fsign-360"><code>dsa_sha256_sign</code></a>: <a href="#DSA">DSA</a></li>
+<li><a href="#index-dsa_005fsha256_005fsign_005fdigest-361"><code>dsa_sha256_sign_digest</code></a>: <a href="#DSA">DSA</a></li>
+<li><a href="#index-dsa_005fsha256_005fverify-364"><code>dsa_sha256_verify</code></a>: <a href="#DSA">DSA</a></li>
+<li><a href="#index-dsa_005fsha256_005fverify_005fdigest-365"><code>dsa_sha256_verify_digest</code></a>: <a href="#DSA">DSA</a></li>
+<li><a href="#index-dsa_005fsignature_005fclear-357"><code>dsa_signature_clear</code></a>: <a href="#DSA">DSA</a></li>
+<li><a href="#index-dsa_005fsignature_005finit-356"><code>dsa_signature_init</code></a>: <a href="#DSA">DSA</a></li>
+<li><a href="#index-ecc_005fpoint_005fclear-369"><code>ecc_point_clear</code></a>: <a href="#Elliptic-curves">Elliptic curves</a></li>
+<li><a href="#index-ecc_005fpoint_005fget-371"><code>ecc_point_get</code></a>: <a href="#Elliptic-curves">Elliptic curves</a></li>
+<li><a href="#index-ecc_005fpoint_005finit-368"><code>ecc_point_init</code></a>: <a href="#Elliptic-curves">Elliptic curves</a></li>
+<li><a href="#index-ecc_005fpoint_005fset-370"><code>ecc_point_set</code></a>: <a href="#Elliptic-curves">Elliptic curves</a></li>
+<li><a href="#index-ecc_005fscalar_005fclear-374"><code>ecc_scalar_clear</code></a>: <a href="#Elliptic-curves">Elliptic curves</a></li>
+<li><a href="#index-ecc_005fscalar_005fget-376"><code>ecc_scalar_get</code></a>: <a href="#Elliptic-curves">Elliptic curves</a></li>
+<li><a href="#index-ecc_005fscalar_005finit-373"><code>ecc_scalar_init</code></a>: <a href="#Elliptic-curves">Elliptic curves</a></li>
+<li><a href="#index-ecc_005fscalar_005fset-375"><code>ecc_scalar_set</code></a>: <a href="#Elliptic-curves">Elliptic curves</a></li>
+<li><a href="#index-ecdsa_005fgenerate_005fkeypair-379"><code>ecdsa_generate_keypair</code></a>: <a href="#Elliptic-curves">Elliptic curves</a></li>
+<li><a href="#index-ecdsa_005fsign-377"><code>ecdsa_sign</code></a>: <a href="#Elliptic-curves">Elliptic curves</a></li>
+<li><a href="#index-ecdsa_005fverify-378"><code>ecdsa_verify</code></a>: <a href="#Elliptic-curves">Elliptic curves</a></li>
+<li><a href="#index-Entropy-381">Entropy</a>: <a href="#Randomness">Randomness</a></li>
+<li><a href="#index-Galois-Counter-Mode-229">Galois Counter Mode</a>: <a href="#GCM">GCM</a></li>
+<li><a href="#index-GCM-230">GCM</a>: <a href="#GCM">GCM</a></li>
+<li><a href="#index-gcm_005faes_005fdecrypt-253"><code>gcm_aes_decrypt</code></a>: <a href="#GCM">GCM</a></li>
+<li><a href="#index-gcm_005faes_005fdigest-254"><code>gcm_aes_digest</code></a>: <a href="#GCM">GCM</a></li>
+<li><a href="#index-gcm_005faes_005fencrypt-252"><code>gcm_aes_encrypt</code></a>: <a href="#GCM">GCM</a></li>
+<li><a href="#index-gcm_005faes_005fset_005fiv-250"><code>gcm_aes_set_iv</code></a>: <a href="#GCM">GCM</a></li>
+<li><a href="#index-gcm_005faes_005fset_005fkey-249"><code>gcm_aes_set_key</code></a>: <a href="#GCM">GCM</a></li>
+<li><a href="#index-gcm_005faes_005fupdate-251"><code>gcm_aes_update</code></a>: <a href="#GCM">GCM</a></li>
+<li><a href="#index-GCM_005fCTX-241"><code>GCM_CTX</code></a>: <a href="#GCM">GCM</a></li>
+<li><a href="#index-GCM_005fDECRYPT-246"><code>GCM_DECRYPT</code></a>: <a href="#GCM">GCM</a></li>
+<li><a href="#index-gcm_005fdecrypt-239"><code>gcm_decrypt</code></a>: <a href="#GCM">GCM</a></li>
+<li><a href="#index-GCM_005fDIGEST-247"><code>GCM_DIGEST</code></a>: <a href="#GCM">GCM</a></li>
+<li><a href="#index-gcm_005fdigest-240"><code>gcm_digest</code></a>: <a href="#GCM">GCM</a></li>
+<li><a href="#index-GCM_005fENCRYPT-245"><code>GCM_ENCRYPT</code></a>: <a href="#GCM">GCM</a></li>
+<li><a href="#index-gcm_005fencrypt-238"><code>gcm_encrypt</code></a>: <a href="#GCM">GCM</a></li>
+<li><a href="#index-GCM_005fSET_005fIV-243"><code>GCM_SET_IV</code></a>: <a href="#GCM">GCM</a></li>
+<li><a href="#index-gcm_005fset_005fiv-236"><code>gcm_set_iv</code></a>: <a href="#GCM">GCM</a></li>
+<li><a href="#index-GCM_005fSET_005fKEY-242"><code>GCM_SET_KEY</code></a>: <a href="#GCM">GCM</a></li>
+<li><a href="#index-gcm_005fset_005fkey-235"><code>gcm_set_key</code></a>: <a href="#GCM">GCM</a></li>
+<li><a href="#index-GCM_005fUPDATE-244"><code>GCM_UPDATE</code></a>: <a href="#GCM">GCM</a></li>
+<li><a href="#index-gcm_005fupdate-237"><code>gcm_update</code></a>: <a href="#GCM">GCM</a></li>
+<li><a href="#index-gosthash94_005fdigest-87"><code>gosthash94_digest</code></a>: <a href="#Legacy-hash-functions">Legacy hash functions</a></li>
+<li><a href="#index-gosthash94_005finit-85"><code>gosthash94_init</code></a>: <a href="#Legacy-hash-functions">Legacy hash functions</a></li>
+<li><a href="#index-gosthash94_005fupdate-86"><code>gosthash94_update</code></a>: <a href="#Legacy-hash-functions">Legacy hash functions</a></li>
+<li><a href="#index-Hash-function-1">Hash function</a>: <a href="#Hash-functions">Hash functions</a></li>
+<li><a href="#index-HMAC-258">HMAC</a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-HMAC_005fCTX-262"><code>HMAC_CTX</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-HMAC_005fDIGEST-264"><code>HMAC_DIGEST</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-hmac_005fdigest-261"><code>hmac_digest</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-hmac_005fmd5_005fdigest-268"><code>hmac_md5_digest</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-hmac_005fmd5_005fset_005fkey-266"><code>hmac_md5_set_key</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-hmac_005fmd5_005fupdate-267"><code>hmac_md5_update</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-hmac_005fripemd160_005fdigest-272"><code>hmac_ripemd160_digest</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-hmac_005fripemd160_005fset_005fkey-270"><code>hmac_ripemd160_set_key</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-hmac_005fripemd160_005fupdate-271"><code>hmac_ripemd160_update</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-HMAC_005fSET_005fKEY-263"><code>HMAC_SET_KEY</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-hmac_005fset_005fkey-259"><code>hmac_set_key</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-hmac_005fsha1_005fdigest-276"><code>hmac_sha1_digest</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-hmac_005fsha1_005fset_005fkey-274"><code>hmac_sha1_set_key</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-hmac_005fsha1_005fupdate-275"><code>hmac_sha1_update</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-hmac_005fsha256_005fdigest-280"><code>hmac_sha256_digest</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-hmac_005fsha256_005fset_005fkey-278"><code>hmac_sha256_set_key</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-hmac_005fsha256_005fupdate-279"><code>hmac_sha256_update</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-hmac_005fsha512_005fdigest-284"><code>hmac_sha512_digest</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-hmac_005fsha512_005fset_005fkey-282"><code>hmac_sha512_set_key</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-hmac_005fsha512_005fupdate-283"><code>hmac_sha512_update</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-hmac_005fupdate-260"><code>hmac_update</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-KDF-315">KDF</a>: <a href="#Key-derivation-functions">Key derivation functions</a></li>
+<li><a href="#index-Key-Derivation-Function-312">Key Derivation Function</a>: <a href="#Key-derivation-functions">Key derivation functions</a></li>
+<li><a href="#index-Keyed-Hash-Function-255">Keyed Hash Function</a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-MAC-257">MAC</a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-md2_005fdigest-63"><code>md2_digest</code></a>: <a href="#Legacy-hash-functions">Legacy hash functions</a></li>
+<li><a href="#index-md2_005finit-61"><code>md2_init</code></a>: <a href="#Legacy-hash-functions">Legacy hash functions</a></li>
+<li><a href="#index-md2_005fupdate-62"><code>md2_update</code></a>: <a href="#Legacy-hash-functions">Legacy hash functions</a></li>
+<li><a href="#index-md4_005fdigest-69"><code>md4_digest</code></a>: <a href="#Legacy-hash-functions">Legacy hash functions</a></li>
+<li><a href="#index-md4_005finit-67"><code>md4_init</code></a>: <a href="#Legacy-hash-functions">Legacy hash functions</a></li>
+<li><a href="#index-md4_005fupdate-68"><code>md4_update</code></a>: <a href="#Legacy-hash-functions">Legacy hash functions</a></li>
+<li><a href="#index-md5_005fdigest-57"><code>md5_digest</code></a>: <a href="#Legacy-hash-functions">Legacy hash functions</a></li>
+<li><a href="#index-md5_005finit-55"><code>md5_init</code></a>: <a href="#Legacy-hash-functions">Legacy hash functions</a></li>
+<li><a href="#index-md5_005fupdate-56"><code>md5_update</code></a>: <a href="#Legacy-hash-functions">Legacy hash functions</a></li>
+<li><a href="#index-memxor-419"><code>memxor</code></a>: <a href="#Miscellaneous-functions">Miscellaneous functions</a></li>
+<li><a href="#index-Message-Authentication-Code-256">Message Authentication Code</a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-One_002dway-2">One-way</a>: <a href="#Hash-functions">Hash functions</a></li>
+<li><a href="#index-One_002dway-function-322">One-way function</a>: <a href="#Public_002dkey-algorithms">Public-key algorithms</a></li>
+<li><a href="#index-Password-Based-Key-Derivation-Function-313">Password Based Key Derivation Function</a>: <a href="#Key-derivation-functions">Key derivation functions</a></li>
+<li><a href="#index-PBKDF-316">PBKDF</a>: <a href="#Key-derivation-functions">Key derivation functions</a></li>
+<li><a href="#index-PBKDF2-318"><code>PBKDF2</code></a>: <a href="#Key-derivation-functions">Key derivation functions</a></li>
+<li><a href="#index-pbkdf2-317"><code>pbkdf2</code></a>: <a href="#Key-derivation-functions">Key derivation functions</a></li>
+<li><a href="#index-pbkdf2_005fhmac_005fsha1-319"><code>pbkdf2_hmac_sha1</code></a>: <a href="#Key-derivation-functions">Key derivation functions</a></li>
+<li><a href="#index-pbkdf2_005fhmac_005fsha256-320"><code>pbkdf2_hmac_sha256</code></a>: <a href="#Key-derivation-functions">Key derivation functions</a></li>
+<li><a href="#index-PKCS-_00235-314">PKCS #5</a>: <a href="#Key-derivation-functions">Key derivation functions</a></li>
+<li><a href="#index-Public-Key-Cryptography-321">Public Key Cryptography</a>: <a href="#Public_002dkey-algorithms">Public-key algorithms</a></li>
+<li><a href="#index-Randomness-380">Randomness</a>: <a href="#Randomness">Randomness</a></li>
+<li><a href="#index-ripemd160_005fdigest-75"><code>ripemd160_digest</code></a>: <a href="#Legacy-hash-functions">Legacy hash functions</a></li>
+<li><a href="#index-ripemd160_005finit-73"><code>ripemd160_init</code></a>: <a href="#Legacy-hash-functions">Legacy hash functions</a></li>
+<li><a href="#index-ripemd160_005fupdate-74"><code>ripemd160_update</code></a>: <a href="#Legacy-hash-functions">Legacy hash functions</a></li>
+<li><a href="#index-rsa_005fcompute_005froot-347"><code>rsa_compute_root</code></a>: <a href="#RSA">RSA</a></li>
+<li><a href="#index-rsa_005fgenerate_005fkeypair-348"><code>rsa_generate_keypair</code></a>: <a href="#RSA">RSA</a></li>
+<li><a href="#index-rsa_005fmd5_005fsign-331"><code>rsa_md5_sign</code></a>: <a href="#RSA">RSA</a></li>
+<li><a href="#index-rsa_005fmd5_005fsign_005fdigest-335"><code>rsa_md5_sign_digest</code></a>: <a href="#RSA">RSA</a></li>
+<li><a href="#index-rsa_005fmd5_005fverify-339"><code>rsa_md5_verify</code></a>: <a href="#RSA">RSA</a></li>
+<li><a href="#index-rsa_005fmd5_005fverify_005fdigest-343"><code>rsa_md5_verify_digest</code></a>: <a href="#RSA">RSA</a></li>
+<li><a href="#index-rsa_005fprivate_005fkey_005fclear-328"><code>rsa_private_key_clear</code></a>: <a href="#RSA">RSA</a></li>
+<li><a href="#index-rsa_005fprivate_005fkey_005finit-326"><code>rsa_private_key_init</code></a>: <a href="#RSA">RSA</a></li>
+<li><a href="#index-rsa_005fprivate_005fkey_005fprepare-330"><code>rsa_private_key_prepare</code></a>: <a href="#RSA">RSA</a></li>
+<li><a href="#index-rsa_005fpublic_005fkey_005fclear-327"><code>rsa_public_key_clear</code></a>: <a href="#RSA">RSA</a></li>
+<li><a href="#index-rsa_005fpublic_005fkey_005finit-325"><code>rsa_public_key_init</code></a>: <a href="#RSA">RSA</a></li>
+<li><a href="#index-rsa_005fpublic_005fkey_005fprepare-329"><code>rsa_public_key_prepare</code></a>: <a href="#RSA">RSA</a></li>
+<li><a href="#index-rsa_005fsha1_005fsign-332"><code>rsa_sha1_sign</code></a>: <a href="#RSA">RSA</a></li>
+<li><a href="#index-rsa_005fsha1_005fsign_005fdigest-336"><code>rsa_sha1_sign_digest</code></a>: <a href="#RSA">RSA</a></li>
+<li><a href="#index-rsa_005fsha1_005fverify-340"><code>rsa_sha1_verify</code></a>: <a href="#RSA">RSA</a></li>
+<li><a href="#index-rsa_005fsha1_005fverify_005fdigest-344"><code>rsa_sha1_verify_digest</code></a>: <a href="#RSA">RSA</a></li>
+<li><a href="#index-rsa_005fsha256_005fsign-333"><code>rsa_sha256_sign</code></a>: <a href="#RSA">RSA</a></li>
+<li><a href="#index-rsa_005fsha256_005fsign_005fdigest-337"><code>rsa_sha256_sign_digest</code></a>: <a href="#RSA">RSA</a></li>
+<li><a href="#index-rsa_005fsha256_005fverify-341"><code>rsa_sha256_verify</code></a>: <a href="#RSA">RSA</a></li>
+<li><a href="#index-rsa_005fsha256_005fverify_005fdigest-345"><code>rsa_sha256_verify_digest</code></a>: <a href="#RSA">RSA</a></li>
+<li><a href="#index-rsa_005fsha512_005fsign-334"><code>rsa_sha512_sign</code></a>: <a href="#RSA">RSA</a></li>
+<li><a href="#index-rsa_005fsha512_005fsign_005fdigest-338"><code>rsa_sha512_sign_digest</code></a>: <a href="#RSA">RSA</a></li>
+<li><a href="#index-rsa_005fsha512_005fverify-342"><code>rsa_sha512_verify</code></a>: <a href="#RSA">RSA</a></li>
+<li><a href="#index-rsa_005fsha512_005fverify_005fdigest-346"><code>rsa_sha512_verify_digest</code></a>: <a href="#RSA">RSA</a></li>
+<li><a href="#index-salsa20_005fcrypt-177"><code>salsa20_crypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-salsa20_005fset_005fiv-176"><code>salsa20_set_iv</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-salsa20_005fset_005fkey-175"><code>salsa20_set_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-salsa20r12_005fcrypt-178"><code>salsa20r12_crypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-serpent_005fdecrypt-186"><code>serpent_decrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-serpent_005fencrypt-185"><code>serpent_encrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-serpent_005fset_005fkey-184"><code>serpent_set_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-sha1_005fdigest-81"><code>sha1_digest</code></a>: <a href="#Legacy-hash-functions">Legacy hash functions</a></li>
+<li><a href="#index-sha1_005finit-79"><code>sha1_init</code></a>: <a href="#Legacy-hash-functions">Legacy hash functions</a></li>
+<li><a href="#index-sha1_005fupdate-80"><code>sha1_update</code></a>: <a href="#Legacy-hash-functions">Legacy hash functions</a></li>
+<li><a href="#index-sha224_005fdigest-15"><code>sha224_digest</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
+<li><a href="#index-sha224_005finit-13"><code>sha224_init</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
+<li><a href="#index-sha224_005fupdate-14"><code>sha224_update</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
+<li><a href="#index-sha256_005fdigest-9"><code>sha256_digest</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
+<li><a href="#index-sha256_005finit-7"><code>sha256_init</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
+<li><a href="#index-sha256_005fupdate-8"><code>sha256_update</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
+<li><a href="#index-sha384_005fdigest-27"><code>sha384_digest</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
+<li><a href="#index-sha384_005finit-25"><code>sha384_init</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
+<li><a href="#index-sha384_005fupdate-26"><code>sha384_update</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
+<li><a href="#index-sha3_005f224_005fdigest-33"><code>sha3_224_digest</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
+<li><a href="#index-sha3_005f224_005finit-31"><code>sha3_224_init</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
+<li><a href="#index-sha3_005f224_005fupdate-32"><code>sha3_224_update</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
+<li><a href="#index-sha3_005f256_005fdigest-39"><code>sha3_256_digest</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
+<li><a href="#index-sha3_005f256_005finit-37"><code>sha3_256_init</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
+<li><a href="#index-sha3_005f256_005fupdate-38"><code>sha3_256_update</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
+<li><a href="#index-sha3_005f384_005fdigest-45"><code>sha3_384_digest</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
+<li><a href="#index-sha3_005f384_005finit-43"><code>sha3_384_init</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
+<li><a href="#index-sha3_005f384_005fupdate-44"><code>sha3_384_update</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
+<li><a href="#index-sha3_005f512_005fdigest-51"><code>sha3_512_digest</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
+<li><a href="#index-sha3_005f512_005finit-49"><code>sha3_512_init</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
+<li><a href="#index-sha3_005f512_005fupdate-50"><code>sha3_512_update</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
+<li><a href="#index-sha512_005fdigest-21"><code>sha512_digest</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
+<li><a href="#index-sha512_005finit-19"><code>sha512_init</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
+<li><a href="#index-sha512_005fupdate-20"><code>sha512_update</code></a>: <a href="#Recommended-hash-functions">Recommended hash functions</a></li>
+<li><a href="#index-Stream-Cipher-103">Stream Cipher</a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-twofish_005fdecrypt-194"><code>twofish_decrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-twofish_005fencrypt-193"><code>twofish_encrypt</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-twofish_005fset_005fkey-192"><code>twofish_set_key</code></a>: <a href="#Cipher-functions">Cipher functions</a></li>
+<li><a href="#index-UMAC-285">UMAC</a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-umac128_005fdigest-311"><code>umac128_digest</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-umac128_005fset_005fkey-299"><code>umac128_set_key</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-umac128_005fset_005fnonce-303"><code>umac128_set_nonce</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-umac128_005fupdate-307"><code>umac128_update</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-umac32_005fdigest-308"><code>umac32_digest</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-umac32_005fset_005fkey-296"><code>umac32_set_key</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-umac32_005fset_005fnonce-300"><code>umac32_set_nonce</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-umac32_005fupdate-304"><code>umac32_update</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-umac64_005fdigest-309"><code>umac64_digest</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-umac64_005fset_005fkey-297"><code>umac64_set_key</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-umac64_005fset_005fnonce-301"><code>umac64_set_nonce</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-umac64_005fupdate-305"><code>umac64_update</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-umac96_005fdigest-310"><code>umac96_digest</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-umac96_005fset_005fkey-298"><code>umac96_set_key</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-umac96_005fset_005fnonce-302"><code>umac96_set_nonce</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-umac96_005fupdate-306"><code>umac96_update</code></a>: <a href="#Keyed-hash-functions">Keyed hash functions</a></li>
+<li><a href="#index-yarrow256_005ffast_005freseed-392"><code>yarrow256_fast_reseed</code></a>: <a href="#Randomness">Randomness</a></li>
+<li><a href="#index-yarrow256_005finit-386"><code>yarrow256_init</code></a>: <a href="#Randomness">Randomness</a></li>
+<li><a href="#index-yarrow256_005fis_005fseeded-390"><code>yarrow256_is_seeded</code></a>: <a href="#Randomness">Randomness</a></li>
+<li><a href="#index-yarrow256_005fneeded_005fsources-391"><code>yarrow256_needed_sources</code></a>: <a href="#Randomness">Randomness</a></li>
+<li><a href="#index-yarrow256_005frandom-389"><code>yarrow256_random</code></a>: <a href="#Randomness">Randomness</a></li>
+<li><a href="#index-yarrow256_005fseed-387"><code>yarrow256_seed</code></a>: <a href="#Randomness">Randomness</a></li>
+<li><a href="#index-yarrow256_005fslow_005freseed-393"><code>yarrow256_slow_reseed</code></a>: <a href="#Randomness">Randomness</a></li>
+<li><a href="#index-yarrow256_005fupdate-388"><code>yarrow256_update</code></a>: <a href="#Randomness">Randomness</a></li>
+<li><a href="#index-yarrow_005fkey_005fevent_005festimate-396"><code>yarrow_key_event_estimate</code></a>: <a href="#Randomness">Randomness</a></li>
+<li><a href="#index-yarrow_005fkey_005fevent_005finit-395"><code>yarrow_key_event_init</code></a>: <a href="#Randomness">Randomness</a></li>
+ </ul><div class="footnote">
<hr>
-<h4>Footnotes</h4>
-<ol type="1">
-<li><a name="fn-1"></a>
-<p>Actually, the computation is not done like this, it is
+<a name="texinfo-footnotes-in-document"></a><h4>Fotnoter</h4><p class="footnote"><small>[<a name="fn-1" href="#fnd-1">1</a>]</small> Actually, the computation is not done like this, it is
done more efficiently using <code>p</code>, <code>q</code> and the Chinese remainder
-theorem (<small>CRT</small>). But the result is the same.</p>
+theorem (<acronym>CRT</acronym>). But the result is the same.</p>
+
+ <hr></div>
- </ol><hr></div>
+</body></html>
- </body></html>
+<!--
+\1f
+Local Variables:
+coding: utf-8
+End:
+-->
-This is nettle.info, produced by makeinfo version 4.6 from
+This is nettle.info, produced by makeinfo version 4.13 from
nettle.texinfo.
-This manual is for the Nettle library (version 2.1), a low-level
+This manual is for the Nettle library (version 2.7), a low-level
cryptographic library.
- Originally written 2001 by Niels Möller, updated 2010.
+ Originally written 2001 by Niels Möller, updated 2013.
This manual is placed in the public domain. You may freely copy
it, in whole or in part, with or without modification. Attribution
is appreciated, but not required.
-
+
INFO-DIR-SECTION Encryption
START-INFO-DIR-ENTRY
* Nettle: (nettle). A low-level cryptographic library.
can use the library directly from your C programs, or write or use an
object-oriented wrapper for your favorite language or application.
-This manual is for the Nettle library (version 2.1), a low-level
+ This manual is for the Nettle library (version 2.7), a low-level
cryptographic library.
- Originally written 2001 by Niels Möller, updated 2010.
+ Originally written 2001 by Niels Möller, updated 2013.
This manual is placed in the public domain. You may freely copy
it, in whole or in part, with or without modification. Attribution
is appreciated, but not required.
-
+
* Menu:
* Introduction:: What is Nettle?
* Copyright:: Your rights.
* Conventions:: General interface conventions.
* Example:: An example program.
-* Linking:: Linking with the libnettle and libhogweed.
+* Linking:: Linking with libnettle and libhogweed.
* Reference:: All Nettle functions and features.
* Nettle soup:: For the serious nettle hacker.
* Installation:: How to install Nettle.
* Index:: Function and concept index.
+ --- The Detailed Node Listing ---
+
+Reference
+
+* Hash functions::
+* Cipher functions::
+* Cipher modes::
+* Keyed hash functions::
+* Key derivation functions::
+* Public-key algorithms::
+* Randomness::
+* ASCII encoding::
+* Miscellaneous functions::
+* Compatibility functions::
+
+Cipher modes
+
+* CBC::
+* CTR::
+* GCM::
+
+Public-key algorithms
+
+* RSA:: The RSA public key algorithm.
+* DSA:: The DSA digital signature algorithm.
+* Elliptic curves:: Elliptic curves and ECDSA
+
\1f
File: nettle.info, Node: Introduction, Next: Copyright, Prev: Top, Up: Top
-Introduction
-************
+1 Introduction
+**************
Nettle is a cryptographic library that is designed to fit easily in more
or less any context: In crypto toolkits for object-oriented languages
\1f
File: nettle.info, Node: Copyright, Next: Conventions, Prev: Introduction, Up: Top
-Copyright
-*********
+2 Copyright
+***********
-Nettle is distributed under the GNU General Public License (GPL) (see
-the file COPYING for details). However, most of the individual files
-are dual licensed under less restrictive licenses like the GNU Lesser
-General Public License (LGPL), or are in the public domain. This means
-that if you don't use the parts of nettle that are GPL-only, you have
-the option to use the Nettle library just as if it were licensed under
-the LGPL. To find the current status of particular files, you have to
-read the copyright notices at the top of the files.
+Nettle is distributed under the GNU Lesser General Public License
+(LGPL), see the file COPYING.LIB for details. A few of the individual
+files are in the public domain. To find the current status of particular
+files, you have to read the copyright notices at the top of the files.
This manual is in the public domain. You may freely copy it in whole
or in part, e.g., into documentation of programs that build on Nettle.
_AES_
The implementation of the AES cipher (also known as rijndael) is
written by Rafael Sevilla. Assembler for x86 by Rafael Sevilla and
- Niels Möller, Sparc assembler by Niels Möller. Released under the
+ Niels Möller, Sparc assembler by Niels Möller. Released under the
LGPL.
_ARCFOUR_
The implementation of the ARCFOUR (also known as RC4) cipher is
- written by Niels Möller. Released under the LGPL.
+ written by Niels Möller. Released under the LGPL.
_ARCTWO_
The implementation of the ARCTWO (also known as RC2) cipher is
_BLOWFISH_
The implementation of the BLOWFISH cipher is written by Werner
Koch, copyright owned by the Free Software Foundation. Also hacked
- by Ray Dassen and Niels Möller. Released under the GPL.
+ by Simon Josefsson and Niels Möller. Released under the LGPL.
_CAMELLIA_
The C implementation is by Nippon Telegraph and Telephone
- Corporation (NTT), heavily modified by Niels Möller. Assembler for
- x86 by Niels Möller. Released under the LGPL.
+ Corporation (NTT), heavily modified by Niels Möller. Assembler for
+ x86 and x86_64 by Niels Möller. Released under the LGPL.
_CAST128_
The implementation of the CAST128 cipher is written by Steve Reid.
The implementation of the DES cipher is written by Dana L. How, and
released under the LGPL.
+_GOSTHASH94_
+ The C implementation of the GOST94 message digest is written by
+ Aleksey Kravchenko and was ported from the rhash library by Nikos
+ Mavrogiannopoulos. It is released under the MIT license.
+
_MD2_
The implementation of MD2 is written by Andrew Kuchling, and hacked
- some by Andreas Sigfridsson and Niels Möller. Python Cryptography
+ some by Andreas Sigfridsson and Niels Möller. Python Cryptography
Toolkit license (essentially public domain).
_MD4_
_MD5_
The implementation of the MD5 message digest is written by Colin
Plumb. It has been hacked some more by Andrew Kuchling and Niels
- Möller. Released into the public domain.
+ Möller. Released into the public domain.
+
+_PBKDF2_
+ The C implementation of PBKDF2 is based on earlier work for Shishi
+ and GnuTLS by Simon Josefsson. Released under the LGPL.
+
+_RIPEMD160_
+ The implementation of RIPEMD160 message digest is based on the
+ code in libgcrypt, copyright owned by the Free Software
+ Foundation. Ported to Nettle by Andres Mejia. Released under the
+ LGPL.
+
+_SALSA20_
+ The C implementation of SALSA20 is based on D. J. Bernstein's
+ reference implementation (in the public domain), adapted to Nettle
+ by Simon Josefsson, and heavily modified by Niels Möller. Assembly
+ for x86_64 and ARM by Niels Möller. Released under the LGPL.
_SERPENT_
- The implementation of the SERPENT cipher is written by Ross
- Anderson, Eli Biham, and Lars Knudsen, adapted to LSH by Rafael
- Sevilla, and to Nettle by Niels Möller. Released under the GPL.
+ The implementation of the SERPENT cipher is based on the code in
+ libgcrypt, copyright owned by the Free Software Foundation.
+ Adapted to Nettle by Simon Josefsson and heavily modified by Niels
+ Möller. Assembly for x86_64 by Niels Möller. Released under the
+ LGPL.
_SHA1_
The C implementation of the SHA1 message digest is written by Peter
- Gutmann, and hacked some more by Andrew Kuchling and Niels Möller.
- Released into the public domain. Assembler for x86 by Niels Möller,
- released under the LGPL.
+ Gutmann, and hacked some more by Andrew Kuchling and Niels Möller.
+ Released into the public domain. Assembler for x86, x86_64 and ARM
+ by Niels Möller, released under the LGPL.
-_SHA224, SHA256, SHA384, and SHA512_
- Written by Niels Möller, using Peter Gutmann's SHA1 code as a
+_SHA2_
+ Written by Niels Möller, using Peter Gutmann's SHA1 code as a
model. Released under the LGPL.
+_SHA3_
+ Written by Niels Möller. Released under the LGPL.
+
_TWOFISH_
The implementation of the TWOFISH cipher is written by Ruud de
Rooij. Released under the LGPL.
+_UMAC_
+ Written by Niels Möller. Released under the LGPL.
+
_RSA_
- Written by Niels Möller, released under the LGPL. Uses the GMP
+ Written by Niels Möller, released under the LGPL. Uses the GMP
library for bignum operations.
_DSA_
- Written by Niels Möller, released under the LGPL. Uses the GMP
+ Written by Niels Möller, released under the LGPL. Uses the GMP
library for bignum operations.
+_ECDSA_
+ Written by Niels Möller, released under the LGPL. Uses the GMP
+ library for bignum operations. Development of Nettle's ECC support
+ was funded by the .SE Internet Fund.
+
\1f
File: nettle.info, Node: Conventions, Next: Example, Prev: Copyright, Up: Top
-Conventions
-***********
+3 Conventions
+*************
For each supported algorithm, there is an include file that defines a
_context struct_, a few constants, and declares functions for operating
\1f
File: nettle.info, Node: Example, Next: Linking, Prev: Conventions, Up: Top
-Example
-*******
+4 Example
+*********
A simple example program that reads a file from standard input and
-writes its SHA1 checksum on standard output should give the flavor of
+writes its SHA1 check-sum on standard output should give the flavor of
Nettle.
#include <stdio.h>
#include <stdlib.h>
-
- #include <nettle/sha.h>
-
+
+ #include <nettle/sha1.h>
+
#define BUF_SIZE 1000
-
+
static void
display_hex(unsigned length, uint8_t *data)
{
unsigned i;
-
+
for (i = 0; i<length; i++)
printf("%02x ", data[i]);
-
+
printf("\n");
}
-
+
int
main(int argc, char **argv)
{
struct sha1_ctx ctx;
uint8_t buffer[BUF_SIZE];
uint8_t digest[SHA1_DIGEST_SIZE];
-
+
sha1_init(&ctx);
for (;;)
{
}
if (ferror(stdin))
return EXIT_FAILURE;
-
+
sha1_digest(&ctx, SHA1_DIGEST_SIZE, digest);
-
+
display_hex(SHA1_DIGEST_SIZE, digest);
- return EXIT_SUCCESS;
+ return EXIT_SUCCESS;
}
On a typical Unix system, this program can be compiled and linked
with the command line
- cc sha-example.c -o sha-example -lnettle
+ gcc sha-example.c -o sha-example -lnettle
\1f
File: nettle.info, Node: Linking, Next: Reference, Prev: Example, Up: Top
-Linking
-*******
+5 Linking
+*********
Nettle actually consists of two libraries, `libnettle' and
`libhogweed'. The `libhogweed' library contains those functions of
\1f
File: nettle.info, Node: Reference, Next: Nettle soup, Prev: Linking, Up: Top
-Reference
-*********
+6 Reference
+***********
This chapter describes all the Nettle functions, grouped by family.
* Cipher functions::
* Cipher modes::
* Keyed hash functions::
+* Key derivation functions::
* Public-key algorithms::
* Randomness::
+* ASCII encoding::
* Miscellaneous functions::
* Compatibility functions::
\1f
File: nettle.info, Node: Hash functions, Next: Cipher functions, Prev: Reference, Up: Reference
-Hash functions
-==============
+6.1 Hash functions
+==================
A cryptographic "hash function" is a function that takes variable size
strings, and maps them to strings of fixed, short, length. There are
The most commonly used hash functions are MD5 and SHA1.
Unfortunately, both these fail the collision-resistance requirement;
cryptologists have found ways to construct colliding inputs. The
-recommended hash function for new applications is SHA256, even though
-it uses a structure similar to MD5 and SHA1. Constructing better hash
-functions is an urgent research problem.
+recommended hash functions for new applications are SHA2 (with main
+variants SHA256 and SHA512). At the time of this writing (December
+2012), the winner of the NIST SHA3 competition has recently been
+announced, and the new SHA3 (earlier known as Keccak) and other top
+SHA3 candidates may also be reasonable alternatives.
+
+* Menu:
+
+* Recommended hash functions::
+* Legacy hash functions::
+* nettle_hash abstraction::
+
+\1f
+File: nettle.info, Node: Recommended hash functions, Next: Legacy hash functions, Up: Hash functions
+
+6.1.1 Recommended hash functions
+--------------------------------
+
+The following hash functions have no known weaknesses, and are suitable
+for new applications. The SHA2 family of hash functions were specified
+by "NIST", intended as a replacement for SHA1.
+
+6.1.1.1 SHA256
+..............
+
+SHA256 is a member of the SHA2 family. It outputs hash values of 256
+bits, or 32 octets. Nettle defines SHA256 in `<nettle/sha2.h>'.
+
+ -- Context struct: struct sha256_ctx
+
+ -- Constant: SHA256_DIGEST_SIZE
+ The size of a SHA256 digest, i.e. 32.
+
+ -- Constant: SHA256_DATA_SIZE
+ The internal block size of SHA256. Useful for some special
+ constructions, in particular HMAC-SHA256.
+
+ -- Function: void sha256_init (struct sha256_ctx *CTX)
+ Initialize the SHA256 state.
+
+ -- Function: void sha256_update (struct sha256_ctx *CTX, unsigned
+ LENGTH, const uint8_t *DATA)
+ Hash some more data.
+
+ -- Function: void sha256_digest (struct sha256_ctx *CTX, unsigned
+ LENGTH, uint8_t *DIGEST)
+ Performs final processing and extracts the message digest, writing
+ it to DIGEST. LENGTH may be smaller than `SHA256_DIGEST_SIZE', in
+ which case only the first LENGTH octets of the digest are written.
+
+ This function also resets the context in the same way as
+ `sha256_init'.
+
+ Earlier versions of nettle defined SHA256 in the header file
+`<nettle/sha.h>', which is now deprecated, but kept for compatibility.
+
+6.1.1.2 SHA224
+..............
+
+SHA224 is a variant of SHA256, with a different initial state, and with
+the output truncated to 224 bits, or 28 octets. Nettle defines SHA224 in
+`<nettle/sha2.h>' (and in `<nettle/sha.h>', for backwards
+compatibility).
+
+ -- Context struct: struct sha224_ctx
+
+ -- Constant: SHA224_DIGEST_SIZE
+ The size of a SHA224 digest, i.e. 28.
+
+ -- Constant: SHA224_DATA_SIZE
+ The internal block size of SHA224. Useful for some special
+ constructions, in particular HMAC-SHA224.
+
+ -- Function: void sha224_init (struct sha224_ctx *CTX)
+ Initialize the SHA224 state.
+
+ -- Function: void sha224_update (struct sha224_ctx *CTX, unsigned
+ LENGTH, const uint8_t *DATA)
+ Hash some more data.
+
+ -- Function: void sha224_digest (struct sha224_ctx *CTX, unsigned
+ LENGTH, uint8_t *DIGEST)
+ Performs final processing and extracts the message digest, writing
+ it to DIGEST. LENGTH may be smaller than `SHA224_DIGEST_SIZE', in
+ which case only the first LENGTH octets of the digest are written.
+
+ This function also resets the context in the same way as
+ `sha224_init'.
+
+6.1.1.3 SHA512
+..............
+
+SHA512 is a larger sibling to SHA256, with a very similar structure but
+with both the output and the internal variables of twice the size. The
+internal variables are 64 bits rather than 32, making it significantly
+slower on 32-bit computers. It outputs hash values of 512 bits, or 64
+octets. Nettle defines SHA512 in `<nettle/sha2.h>' (and in
+`<nettle/sha.h>', for backwards compatibility).
+
+ -- Context struct: struct sha512_ctx
+
+ -- Constant: SHA512_DIGEST_SIZE
+ The size of a SHA512 digest, i.e. 64.
+
+ -- Constant: SHA512_DATA_SIZE
+ The internal block size of SHA512. Useful for some special
+ constructions, in particular HMAC-SHA512.
+
+ -- Function: void sha512_init (struct sha512_ctx *CTX)
+ Initialize the SHA512 state.
+
+ -- Function: void sha512_update (struct sha512_ctx *CTX, unsigned
+ LENGTH, const uint8_t *DATA)
+ Hash some more data.
-MD5
----
+ -- Function: void sha512_digest (struct sha512_ctx *CTX, unsigned
+ LENGTH, uint8_t *DIGEST)
+ Performs final processing and extracts the message digest, writing
+ it to DIGEST. LENGTH may be smaller than `SHA512_DIGEST_SIZE', in
+ which case only the first LENGTH octets of the digest are written.
+
+ This function also resets the context in the same way as
+ `sha512_init'.
+
+6.1.1.4 SHA384
+..............
+
+SHA384 is a variant of SHA512, with a different initial state, and with
+the output truncated to 384 bits, or 48 octets. Nettle defines SHA384 in
+`<nettle/sha2.h>' (and in `<nettle/sha.h>', for backwards
+compatibility).
+
+ -- Context struct: struct sha384_ctx
+
+ -- Constant: SHA384_DIGEST_SIZE
+ The size of a SHA384 digest, i.e. 48.
+
+ -- Constant: SHA384_DATA_SIZE
+ The internal block size of SHA384. Useful for some special
+ constructions, in particular HMAC-SHA384.
+
+ -- Function: void sha384_init (struct sha384_ctx *CTX)
+ Initialize the SHA384 state.
+
+ -- Function: void sha384_update (struct sha384_ctx *CTX, unsigned
+ LENGTH, const uint8_t *DATA)
+ Hash some more data.
+
+ -- Function: void sha384_digest (struct sha384_ctx *CTX, unsigned
+ LENGTH, uint8_t *DIGEST)
+ Performs final processing and extracts the message digest, writing
+ it to DIGEST. LENGTH may be smaller than `SHA384_DIGEST_SIZE', in
+ which case only the first LENGTH octets of the digest are written.
+
+ This function also resets the context in the same way as
+ `sha384_init'.
+
+6.1.1.5 SHA3-224
+................
+
+The SHA3 hash functions were specified by NIST in response to weaknesses
+in SHA1, and doubts about SHA2 hash functions which structurally are
+very similar to SHA1. The standard is a result of a competition, where
+the winner, also known as Keccak, was designed by Guido Bertoni, Joan
+Daemen, Michaël Peeters and Gilles Van Assche. It is structurally very
+different from all widely used earlier hash functions. Like SHA2, there
+are several variants, with output sizes of 224, 256, 384 and 512 bits
+(28, 32, 48 and 64 octets, respectively).
+
+ Nettle defines SHA3-224 in `<nettle/sha3.h>'.
+
+ -- Context struct: struct sha3_224_ctx
+
+ -- Constant: SHA3_224_DIGEST_SIZE
+ The size of a SHA3_224 digest, i.e., 28.
+
+ -- Constant: SHA3_224_DATA_SIZE
+ The internal block size of SHA3_224.
+
+ -- Function: void sha3_224_init (struct sha3_224_ctx *CTX)
+ Initialize the SHA3-224 state.
+
+ -- Function: void sha3_224_update (struct sha3_224_ctx *CTX, unsigned
+ LENGTH, const uint8_t *DATA)
+ Hash some more data.
+
+ -- Function: void sha3_224_digest (struct sha3_224_ctx *CTX, unsigned
+ LENGTH, uint8_t *DIGEST)
+ Performs final processing and extracts the message digest, writing
+ it to DIGEST. LENGTH may be smaller than `SHA3_224_DIGEST_SIZE',
+ in which case only the first LENGTH octets of the digest are
+ written.
+
+ This function also resets the context.
+
+6.1.1.6 SHA3-256
+................
+
+This is SHA3 with 256-bit output size, and possibly the most useful of
+the SHA3 hash functions.
+
+ Nettle defines SHA3-256 in `<nettle/sha3.h>'.
+
+ -- Context struct: struct sha3_256_ctx
+
+ -- Constant: SHA3_256_DIGEST_SIZE
+ The size of a SHA3_256 digest, i.e., 32.
+
+ -- Constant: SHA3_256_DATA_SIZE
+ The internal block size of SHA3_256.
+
+ -- Function: void sha3_256_init (struct sha3_256_ctx *CTX)
+ Initialize the SHA3-256 state.
+
+ -- Function: void sha3_256_update (struct sha3_256_ctx *CTX, unsigned
+ LENGTH, const uint8_t *DATA)
+ Hash some more data.
+
+ -- Function: void sha3_256_digest (struct sha3_256_ctx *CTX, unsigned
+ LENGTH, uint8_t *DIGEST)
+ Performs final processing and extracts the message digest, writing
+ it to DIGEST. LENGTH may be smaller than `SHA3_256_DIGEST_SIZE',
+ in which case only the first LENGTH octets of the digest are
+ written.
+
+ This function also resets the context.
+
+6.1.1.7 SHA3-384
+................
+
+This is SHA3 with 384-bit output size.
+
+ Nettle defines SHA3-384 in `<nettle/sha3.h>'.
+
+ -- Context struct: struct sha3_384_ctx
+
+ -- Constant: SHA3_384_DIGEST_SIZE
+ The size of a SHA3_384 digest, i.e., 48.
+
+ -- Constant: SHA3_384_DATA_SIZE
+ The internal block size of SHA3_384.
+
+ -- Function: void sha3_384_init (struct sha3_384_ctx *CTX)
+ Initialize the SHA3-384 state.
+
+ -- Function: void sha3_384_update (struct sha3_384_ctx *CTX, unsigned
+ LENGTH, const uint8_t *DATA)
+ Hash some more data.
+
+ -- Function: void sha3_384_digest (struct sha3_384_ctx *CTX, unsigned
+ LENGTH, uint8_t *DIGEST)
+ Performs final processing and extracts the message digest, writing
+ it to DIGEST. LENGTH may be smaller than `SHA3_384_DIGEST_SIZE',
+ in which case only the first LENGTH octets of the digest are
+ written.
+
+ This function also resets the context.
+
+6.1.1.8 SHA3-512
+................
+
+This is SHA3 with 512-bit output size.
+
+ Nettle defines SHA3-512 in `<nettle/sha3.h>'.
+
+ -- Context struct: struct sha3_512_ctx
+
+ -- Constant: SHA3_512_DIGEST_SIZE
+ The size of a SHA3_512 digest, i.e. 64.
+
+ -- Constant: SHA3_512_DATA_SIZE
+ The internal block size of SHA3_512.
+
+ -- Function: void sha3_512_init (struct sha3_512_ctx *CTX)
+ Initialize the SHA3-512 state.
+
+ -- Function: void sha3_512_update (struct sha3_512_ctx *CTX, unsigned
+ LENGTH, const uint8_t *DATA)
+ Hash some more data.
+
+ -- Function: void sha3_512_digest (struct sha3_512_ctx *CTX, unsigned
+ LENGTH, uint8_t *DIGEST)
+ Performs final processing and extracts the message digest, writing
+ it to DIGEST. LENGTH may be smaller than `SHA3_512_DIGEST_SIZE',
+ in which case only the first LENGTH octets of the digest are
+ written.
+
+ This function also resets the context.
+
+\1f
+File: nettle.info, Node: Legacy hash functions, Next: nettle_hash abstraction, Prev: Recommended hash functions, Up: Hash functions
+
+6.1.2 Legacy hash functions
+---------------------------
+
+The hash functions in this section all have some known weaknesses, and
+should be avoided for new applications. These hash functions are mainly
+useful for compatibility with old applications and protocols. Some are
+still considered safe as building blocks for particular constructions,
+e.g., there seems to be no known attacks against HMAC-SHA1 or even
+HMAC-MD5. In some important cases, use of a "legacy" hash function does
+not in itself make the application insecure; if a known weakness is
+relevant depends on how the hash function is used, and on the threat
+model.
+
+6.1.2.1 MD5
+...........
MD5 is a message digest function constructed by Ronald Rivest, and
described in `RFC 1321'. It outputs message digests of 128 bits, or 16
octets. Nettle defines MD5 in `<nettle/md5.h>'.
- - Context struct: struct md5_ctx
+ -- Context struct: struct md5_ctx
- - Constant: MD5_DIGEST_SIZE
+ -- Constant: MD5_DIGEST_SIZE
The size of an MD5 digest, i.e. 16.
- - Constant: MD5_DATA_SIZE
+ -- Constant: MD5_DATA_SIZE
The internal block size of MD5. Useful for some special
constructions, in particular HMAC-MD5.
- - Function: void md5_init (struct md5_ctx *CTX)
+ -- Function: void md5_init (struct md5_ctx *CTX)
Initialize the MD5 state.
- - Function: void md5_update (struct md5_ctx *CTX, unsigned LENGTH,
+ -- Function: void md5_update (struct md5_ctx *CTX, unsigned LENGTH,
const uint8_t *DATA)
Hash some more data.
- - Function: void md5_digest (struct md5_ctx *CTX, unsigned LENGTH,
+ -- Function: void md5_digest (struct md5_ctx *CTX, unsigned LENGTH,
uint8_t *DIGEST)
Performs final processing and extracts the message digest, writing
it to DIGEST. LENGTH may be smaller than `MD5_DIGEST_SIZE', in
To start over, you can call `md5_init' at any time.
-MD2
----
+6.1.2.2 MD2
+...........
MD2 is another hash function of Ronald Rivest's, described in `RFC
1319'. It outputs message digests of 128 bits, or 16 octets. Nettle
defines MD2 in `<nettle/md2.h>'.
- - Context struct: struct md2_ctx
+ -- Context struct: struct md2_ctx
- - Constant: MD2_DIGEST_SIZE
+ -- Constant: MD2_DIGEST_SIZE
The size of an MD2 digest, i.e. 16.
- - Constant: MD2_DATA_SIZE
+ -- Constant: MD2_DATA_SIZE
The internal block size of MD2.
- - Function: void md2_init (struct md2_ctx *CTX)
+ -- Function: void md2_init (struct md2_ctx *CTX)
Initialize the MD2 state.
- - Function: void md2_update (struct md2_ctx *CTX, unsigned LENGTH,
+ -- Function: void md2_update (struct md2_ctx *CTX, unsigned LENGTH,
const uint8_t *DATA)
Hash some more data.
- - Function: void md2_digest (struct md2_ctx *CTX, unsigned LENGTH,
+ -- Function: void md2_digest (struct md2_ctx *CTX, unsigned LENGTH,
uint8_t *DIGEST)
Performs final processing and extracts the message digest, writing
it to DIGEST. LENGTH may be smaller than `MD2_DIGEST_SIZE', in
This function also resets the context in the same way as
`md2_init'.
-MD4
----
+6.1.2.3 MD4
+...........
MD4 is a predecessor of MD5, described in `RFC 1320'. Like MD5, it is
constructed by Ronald Rivest. It outputs message digests of 128 bits,
recommended, but it is sometimes needed for compatibility with existing
applications and protocols.
- - Context struct: struct md4_ctx
+ -- Context struct: struct md4_ctx
- - Constant: MD4_DIGEST_SIZE
+ -- Constant: MD4_DIGEST_SIZE
The size of an MD4 digest, i.e. 16.
- - Constant: MD4_DATA_SIZE
+ -- Constant: MD4_DATA_SIZE
The internal block size of MD4.
- - Function: void md4_init (struct md4_ctx *CTX)
+ -- Function: void md4_init (struct md4_ctx *CTX)
Initialize the MD4 state.
- - Function: void md4_update (struct md4_ctx *CTX, unsigned LENGTH,
+ -- Function: void md4_update (struct md4_ctx *CTX, unsigned LENGTH,
const uint8_t *DATA)
Hash some more data.
- - Function: void md4_digest (struct md4_ctx *CTX, unsigned LENGTH,
+ -- Function: void md4_digest (struct md4_ctx *CTX, unsigned LENGTH,
uint8_t *DIGEST)
Performs final processing and extracts the message digest, writing
it to DIGEST. LENGTH may be smaller than `MD4_DIGEST_SIZE', in
This function also resets the context in the same way as
`md4_init'.
-SHA1
-----
-
-SHA1 is a hash function specified by "NIST" (The U.S. National Institute
-for Standards and Technology). It outputs hash values of 160 bits, or 20
-octets. Nettle defines SHA1 in `<nettle/sha.h>'.
+6.1.2.4 RIPEMD160
+.................
- The functions are analogous to the MD5 ones.
+RIPEMD160 is a hash function designed by Hans Dobbertin, Antoon
+Bosselaers, and Bart Preneel, as a strengthened version of RIPEMD
+(which, like MD4 and MD5, fails the collision-resistance requirement).
+It produces message digests of 160 bits, or 20 octets. Nettle defined
+RIPEMD160 in `nettle/ripemd160.h'.
- - Context struct: struct sha1_ctx
+ -- Context struct: struct ripemd160_ctx
- - Constant: SHA1_DIGEST_SIZE
- The size of an SHA1 digest, i.e. 20.
+ -- Constant: RIPEMD160_DIGEST_SIZE
+ The size of a RIPEMD160 digest, i.e. 20.
- - Constant: SHA1_DATA_SIZE
- The internal block size of SHA1. Useful for some special
- constructions, in particular HMAC-SHA1.
+ -- Constant: RIPEMD160_DATA_SIZE
+ The internal block size of RIPEMD160.
- - Function: void sha1_init (struct sha1_ctx *CTX)
- Initialize the SHA1 state.
+ -- Function: void ripemd160_init (struct ripemd160_ctx *CTX)
+ Initialize the RIPEMD160 state.
- - Function: void sha1_update (struct sha1_ctx *CTX, unsigned LENGTH,
- const uint8_t *DATA)
+ -- Function: void ripemd160_update (struct ripemd160_ctx *CTX,
+ unsigned LENGTH, const uint8_t *DATA)
Hash some more data.
- - Function: void sha1_digest (struct sha1_ctx *CTX, unsigned LENGTH,
- uint8_t *DIGEST)
+ -- Function: void ripemd160_digest (struct ripemd160_ctx *CTX,
+ unsigned LENGTH, uint8_t *DIGEST)
Performs final processing and extracts the message digest, writing
- it to DIGEST. LENGTH may be smaller than `SHA1_DIGEST_SIZE', in
- which case only the first LENGTH octets of the digest are written.
+ it to DIGEST. LENGTH may be smaller than `RIPEMD160_DIGEST_SIZE',
+ in which case only the first LENGTH octets of the digest are
+ written.
This function also resets the context in the same way as
- `sha1_init'.
+ `ripemd160_init'.
-SHA256
-------
+6.1.2.5 SHA1
+............
-SHA256 is another hash function specified by "NIST", intended as a
-replacement for SHA1, generating larger digests. It outputs hash values
-of 256 bits, or 32 octets. Nettle defines SHA256 in `<nettle/sha.h>'.
+SHA1 is a hash function specified by "NIST" (The U.S. National
+Institute for Standards and Technology). It outputs hash values of 160
+bits, or 20 octets. Nettle defines SHA1 in `<nettle/sha1.h>' (and in
+`<nettle/sha.h>', for backwards compatibility).
- The functions are analogous to the MD5 ones.
+ -- Context struct: struct sha1_ctx
- - Context struct: struct sha256_ctx
+ -- Constant: SHA1_DIGEST_SIZE
+ The size of a SHA1 digest, i.e. 20.
- - Constant: SHA256_DIGEST_SIZE
- The size of an SHA256 digest, i.e. 32.
-
- - Constant: SHA256_DATA_SIZE
- The internal block size of SHA256. Useful for some special
- constructions, in particular HMAC-SHA256.
-
- - Function: void sha256_init (struct sha256_ctx *CTX)
- Initialize the SHA256 state.
-
- - Function: void sha256_update (struct sha256_ctx *CTX, unsigned
- LENGTH, const uint8_t *DATA)
- Hash some more data.
-
- - Function: void sha256_digest (struct sha256_ctx *CTX, unsigned
- LENGTH, uint8_t *DIGEST)
- Performs final processing and extracts the message digest, writing
- it to DIGEST. LENGTH may be smaller than `SHA256_DIGEST_SIZE', in
- which case only the first LENGTH octets of the digest are written.
-
- This function also resets the context in the same way as
- `sha256_init'.
-
-SHA224
-------
-
-SHA224 is a variant of SHA256, with a different initial state, and with
-the output truncated to 224 bits, or 28 octets. Nettle defines SHA224 in
-`<nettle/sha.h>'.
-
- The functions are analogous to the MD5 ones.
-
- - Context struct: struct sha224_ctx
-
- - Constant: SHA224_DIGEST_SIZE
- The size of an SHA224 digest, i.e. 28.
-
- - Constant: SHA224_DATA_SIZE
- The internal block size of SHA224. Useful for some special
- constructions, in particular HMAC-SHA224.
+ -- Constant: SHA1_DATA_SIZE
+ The internal block size of SHA1. Useful for some special
+ constructions, in particular HMAC-SHA1.
- - Function: void sha224_init (struct sha224_ctx *CTX)
- Initialize the SHA224 state.
+ -- Function: void sha1_init (struct sha1_ctx *CTX)
+ Initialize the SHA1 state.
- - Function: void sha224_update (struct sha224_ctx *CTX, unsigned
- LENGTH, const uint8_t *DATA)
+ -- Function: void sha1_update (struct sha1_ctx *CTX, unsigned LENGTH,
+ const uint8_t *DATA)
Hash some more data.
- - Function: void sha224_digest (struct sha224_ctx *CTX, unsigned
- LENGTH, uint8_t *DIGEST)
+ -- Function: void sha1_digest (struct sha1_ctx *CTX, unsigned LENGTH,
+ uint8_t *DIGEST)
Performs final processing and extracts the message digest, writing
- it to DIGEST. LENGTH may be smaller than `SHA224_DIGEST_SIZE', in
+ it to DIGEST. LENGTH may be smaller than `SHA1_DIGEST_SIZE', in
which case only the first LENGTH octets of the digest are written.
This function also resets the context in the same way as
- `sha224_init'.
+ `sha1_init'.
-SHA512
-------
+6.1.2.6 GOSTHASH94
+..................
-SHA512 is a larger sibling to SHA256, with a very similar structure but
-with both the output and the internal variables of twice the size. The
-internal variables are 64 bits rather than 32, making it significantly
-slower on 32-bit computers. It outputs hash values of 512 bits, or 64
-octets. Nettle defines SHA512 in `<nettle/sha.h>'.
-
- The functions are analogous to the MD5 ones.
+The GOST94 or GOST R 34.11-94 hash algorithm is a Soviet-era algorithm
+used in Russian government standards (see `RFC 4357'). It outputs
+message digests of 256 bits, or 32 octets. Nettle defines GOSTHASH94
+in `<nettle/gosthash94.h>'.
- - Context struct: struct sha512_ctx
+ -- Context struct: struct gosthash94_ctx
- - Constant: SHA512_DIGEST_SIZE
- The size of an SHA512 digest, i.e. 64.
+ -- Constant: GOSTHASH94_DIGEST_SIZE
+ The size of a GOSTHASH94 digest, i.e. 32.
- - Constant: SHA512_DATA_SIZE
- The internal block size of SHA512. Useful for some special
- constructions, in particular HMAC-SHA512.
+ -- Constant: GOSTHASH94_DATA_SIZE
+ The internal block size of GOSTHASH94, i.e., 32.
- - Function: void sha512_init (struct sha512_ctx *CTX)
- Initialize the SHA512 state.
+ -- Function: void gosthash94_init (struct gosthash94_ctx *CTX)
+ Initialize the GOSTHASH94 state.
- - Function: void sha512_update (struct sha512_ctx *CTX, unsigned
- LENGTH, const uint8_t *DATA)
+ -- Function: void gosthash94_update (struct gosthash94_ctx *CTX,
+ unsigned LENGTH, const uint8_t *DATA)
Hash some more data.
- - Function: void sha512_digest (struct sha512_ctx *CTX, unsigned
- LENGTH, uint8_t *DIGEST)
+ -- Function: void gosthash94_digest (struct gosthash94_ctx *CTX,
+ unsigned LENGTH, uint8_t *DIGEST)
Performs final processing and extracts the message digest, writing
- it to DIGEST. LENGTH may be smaller than `SHA512_DIGEST_SIZE', in
- which case only the first LENGTH octets of the digest are written.
+ it to DIGEST. LENGTH may be smaller than `GOSTHASH94_DIGEST_SIZE',
+ in which case only the first LENGTH octets of the digest are
+ written.
This function also resets the context in the same way as
- `sha512_init'.
-
-SHA384
-------
-
-SHA384 is a variant of SHA512, with a different initial state, and with
-the output truncated to 384 bits, or 48 octets. Nettle defines SHA384 in
-`<nettle/sha.h>'.
-
- The functions are analogous to the MD5 ones.
-
- - Context struct: struct sha384_ctx
-
- - Constant: SHA384_DIGEST_SIZE
- The size of an SHA384 digest, i.e. 48.
-
- - Constant: SHA384_DATA_SIZE
- The internal block size of SHA384. Useful for some special
- constructions, in particular HMAC-SHA384.
-
- - Function: void sha384_init (struct sha384_ctx *CTX)
- Initialize the SHA384 state.
-
- - Function: void sha384_update (struct sha384_ctx *CTX, unsigned
- LENGTH, const uint8_t *DATA)
- Hash some more data.
-
- - Function: void sha384_digest (struct sha384_ctx *CTX, unsigned
- LENGTH, uint8_t *DIGEST)
- Performs final processing and extracts the message digest, writing
- it to DIGEST. LENGTH may be smaller than `SHA384_DIGEST_SIZE', in
- which case only the first LENGTH octets of the digest are written.
+ `gosthash94_init'.
- This function also resets the context in the same way as
- `sha384_init'.
+\1f
+File: nettle.info, Node: nettle_hash abstraction, Prev: Legacy hash functions, Up: Hash functions
-`struct nettle_hash'
---------------------
+6.1.3 The nettle_hash abstraction
+---------------------------------
Nettle includes a struct including information about the supported hash
functions. It is defined in `<nettle/nettle-meta.h>', and is used by
-Nettle's implementation of HMAC *note Keyed hash functions::.
+Nettle's implementation of HMAC (*note Keyed hash functions::).
- - Meta struct: `struct nettle_hash' name context_size digest_size
+ -- Meta struct: `struct nettle_hash' name context_size digest_size
block_size init update digest
The last three attributes are function pointers, of types
`nettle_hash_init_func', `nettle_hash_update_func', and
`void *' pointer to a context struct, which is of size
`context_size'.
- - Constant Struct: struct nettle_hash nettle_md2
- - Constant Struct: struct nettle_hash nettle_md4
- - Constant Struct: struct nettle_hash nettle_md5
- - Constant Struct: struct nettle_hash nettle_sha1
- - Constant Struct: struct nettle_hash nettle_sha224
- - Constant Struct: struct nettle_hash nettle_sha256
- - Constant Struct: struct nettle_hash nettle_sha384
- - Constant Struct: struct nettle_hash nettle_sha512
+ -- Constant Struct: struct nettle_hash nettle_md2
+ -- Constant Struct: struct nettle_hash nettle_md4
+ -- Constant Struct: struct nettle_hash nettle_md5
+ -- Constant Struct: struct nettle_hash nettle_ripemd160
+ -- Constant Struct: struct nettle_hash nettle_sha1
+ -- Constant Struct: struct nettle_hash nettle_sha224
+ -- Constant Struct: struct nettle_hash nettle_sha256
+ -- Constant Struct: struct nettle_hash nettle_sha384
+ -- Constant Struct: struct nettle_hash nettle_sha512
+ -- Constant Struct: struct nettle_hash nettle_sha3_256
+ -- Constant Struct: struct nettle_hash nettle_gosthash94
These are all the hash functions that Nettle implements.
+ Nettle also exports a list of all these hashes.
+
+ -- Constant Array: struct nettle_hash ** nettle_hashes
+ This list can be used to dynamically enumerate or search the
+ supported algorithms. NULL-terminated.
+
\1f
File: nettle.info, Node: Cipher functions, Next: Cipher modes, Prev: Hash functions, Up: Reference
-Cipher functions
-================
+6.2 Cipher functions
+====================
A "cipher" is a function that takes a message or "plaintext" and a
secret "key" and transforms it to a "ciphertext". Given only the
It is recommended to _always_ use an authentication mechanism in
addition to encrypting the messages. Popular choices are Message
-Authentication Codes like HMAC-SHA1 *note Keyed hash functions::, or
+Authentication Codes like HMAC-SHA1 (*note Keyed hash functions::), or
digital signatures like RSA.
Some ciphers have so called "weak keys", keys that results in
struct for only one direction, even if some of the ciphers use a single
key setup function that can be used for both encryption and decryption.
-AES
----
+6.2.1 AES
+---------
AES is a block cipher, specified by NIST as a replacement for the older
DES standard. The standard is the result of a competition between
(16, 24 and 32 octets) being the allowed key sizes. It does not have
any weak keys. Nettle defines AES in `<nettle/aes.h>'.
- - Context struct: struct aes_ctx
+ -- Context struct: struct aes_ctx
- - Constant: AES_BLOCK_SIZE
- The AES block-size, 16
+ -- Constant: AES_BLOCK_SIZE
+ The AES block-size, 16.
- - Constant: AES_MIN_KEY_SIZE
+ -- Constant: AES_MIN_KEY_SIZE
- - Constant: AES_MAX_KEY_SIZE
+ -- Constant: AES_MAX_KEY_SIZE
- - Constant: AES_KEY_SIZE
- Default AES key size, 32
+ -- Constant: AES_KEY_SIZE
+ Default AES key size, 32.
- - Function: void aes_set_encrypt_key (struct aes_ctx *CTX, unsigned
+ -- Function: void aes_set_encrypt_key (struct aes_ctx *CTX, unsigned
LENGTH, const uint8_t *KEY)
- - Function: void aes_set_decrypt_key (struct aes_ctx *CTX, unsigned
+ -- Function: void aes_set_decrypt_key (struct aes_ctx *CTX, unsigned
LENGTH, const uint8_t *KEY)
Initialize the cipher, for encryption or decryption, respectively.
- - Function: void aes_invert_key (struct aes_ctx *DST, const struct
+ -- Function: void aes_invert_key (struct aes_ctx *DST, const struct
aes_ctx *SRC)
Given a context SRC initialized for encryption, initializes the
context struct DST for decryption, using the same key. If the same
applications which needs to both encrypt and decrypt using the
_same_ key.
- - Function: void aes_encrypt (struct aes_ctx *CTX, unsigned LENGTH,
- const uint8_t *DST, uint8_t *SRC)
+ -- Function: void aes_encrypt (struct aes_ctx *CTX, unsigned LENGTH,
+ uint8_t *DST, const uint8_t *SRC)
Encryption function. LENGTH must be an integral multiple of the
block size. If it is more than one block, the data is processed in
ECB mode. `src' and `dst' may be equal, but they must not overlap
in any other way.
- - Function: void aes_decrypt (struct aes_ctx *CTX, unsigned LENGTH,
- const uint8_t *DST, uint8_t *SRC)
+ -- Function: void aes_decrypt (struct aes_ctx *CTX, unsigned LENGTH,
+ uint8_t *DST, const uint8_t *SRC)
Analogous to `aes_encrypt'
-ARCFOUR
--------
+6.2.2 ARCFOUR
+-------------
ARCFOUR is a stream cipher, also known under the trade marked name RC4,
and it is one of the fastest ciphers around. A problem is that the key
setup of ARCFOUR is quite weak, you should never use keys with
structure, keys that are ordinary passwords, or sequences of keys like
-"secret:1", "secret:2", ..... If you have keys that don't look like
+"secret:1", "secret:2", .... If you have keys that don't look like
random bit strings, and you want to use ARCFOUR, always hash the key
before feeding it to ARCFOUR. Furthermore, the initial bytes of the
generated key stream leak information about the key; for this reason, it
struct sha256_ctx hash;
uint8_t digest[SHA256_DIGEST_SIZE];
uint8_t buffer[0x200];
-
+
sha256_init(&hash);
sha256_update(&hash, length, key);
sha256_digest(&hash, SHA256_DIGEST_SIZE, digest);
-
+
arcfour_set_key(ctx, SHA256_DIGEST_SIZE, digest);
arcfour_crypt(ctx, sizeof(buffer), buffer, buffer);
}
Nettle defines ARCFOUR in `<nettle/arcfour.h>'.
- - Context struct: struct arcfour_ctx
+ -- Context struct: struct arcfour_ctx
- - Constant: ARCFOUR_MIN_KEY_SIZE
- Minimum key size, 1
+ -- Constant: ARCFOUR_MIN_KEY_SIZE
+ Minimum key size, 1.
- - Constant: ARCFOUR_MAX_KEY_SIZE
- Maximum key size, 256
+ -- Constant: ARCFOUR_MAX_KEY_SIZE
+ Maximum key size, 256.
- - Constant: ARCFOUR_KEY_SIZE
- Default ARCFOUR key size, 16
+ -- Constant: ARCFOUR_KEY_SIZE
+ Default ARCFOUR key size, 16.
- - Function: void arcfour_set_key (struct arcfour_ctx *CTX, unsigned
+ -- Function: void arcfour_set_key (struct arcfour_ctx *CTX, unsigned
LENGTH, const uint8_t *KEY)
Initialize the cipher. The same function is used for both
encryption and decryption.
- - Function: void arcfour_crypt (struct arcfour_ctx *CTX, unsigned
- LENGTH, const uint8_t *DST, uint8_t *SRC)
+ -- Function: void arcfour_crypt (struct arcfour_ctx *CTX, unsigned
+ LENGTH, uint8_t *DST, const uint8_t *SRC)
Encrypt some data. The same function is used for both encryption
and decryption. Unlike the block ciphers, this function modifies
the context, so you can split the data into arbitrary chunks and
encrypt them one after another. The result is the same as if you
had called `arcfour_crypt' only once with all the data.
-ARCTWO
-------
+6.2.3 ARCTWO
+------------
ARCTWO (also known as the trade marked name RC2) is a block cipher
specified in RFC 2268. Nettle also include a variation of the ARCTWO
provided primarily for interoperability with existing applications and
standards.
- - Context struct: struct arctwo_ctx
+ -- Context struct: struct arctwo_ctx
- - Constant: ARCTWO_BLOCK_SIZE
- The AES block-size, 8
+ -- Constant: ARCTWO_BLOCK_SIZE
+ The ARCTWO block-size, 8.
- - Constant: ARCTWO_MIN_KEY_SIZE
+ -- Constant: ARCTWO_MIN_KEY_SIZE
- - Constant: ARCTWO_MAX_KEY_SIZE
+ -- Constant: ARCTWO_MAX_KEY_SIZE
- - Constant: ARCTWO_KEY_SIZE
- Default ARCTWO key size, 8
+ -- Constant: ARCTWO_KEY_SIZE
+ Default ARCTWO key size, 8.
- - Function: void arctwo_set_key_ekb (struct arctwo_ctx *CTX, unsigned
+ -- Function: void arctwo_set_key_ekb (struct arctwo_ctx *CTX, unsigned
LENGTH, const uint8_t *KEY, unsigned EKB)
- - Function: void arctwo_set_key (struct arctwo_ctx *CTX, unsigned
+ -- Function: void arctwo_set_key (struct arctwo_ctx *CTX, unsigned
LENGTH, const uint8_t *KEY)
- - Function: void arctwo_set_key_gutmann (struct arctwo_ctx *CTX,
+ -- Function: void arctwo_set_key_gutmann (struct arctwo_ctx *CTX,
unsigned LENGTH, const uint8_t *KEY)
Initialize the cipher. The same function is used for both
encryption and decryption. The first function is the most general
`arctwo_set_key_gutmann(ctx, length, key)' is equivalent to
`arctwo_set_key_ekb(ctx, length, key, 1024)'
- - Function: void arctwo_encrypt (struct arctwo_ctx *CTX, unsigned
- LENGTH, const uint8_t *DST, uint8_t *SRC)
+ -- Function: void arctwo_encrypt (struct arctwo_ctx *CTX, unsigned
+ LENGTH, uint8_t *DST, const uint8_t *SRC)
Encryption function. LENGTH must be an integral multiple of the
block size. If it is more than one block, the data is processed in
ECB mode. `src' and `dst' may be equal, but they must not overlap
in any other way.
- - Function: void arctwo_decrypt (struct arctwo_ctx *CTX, unsigned
- LENGTH, const uint8_t *DST, uint8_t *SRC)
+ -- Function: void arctwo_decrypt (struct arctwo_ctx *CTX, unsigned
+ LENGTH, uint8_t *DST, const uint8_t *SRC)
Analogous to `arctwo_encrypt'
-BLOWFISH
---------
+6.2.4 BLOWFISH
+--------------
BLOWFISH is a block cipher designed by Bruce Schneier. It uses a block
size of 64 bits (8 octets), and a variable key size, up to 448 bits. It
has some weak keys. Nettle defines BLOWFISH in `<nettle/blowfish.h>'.
- - Context struct: struct blowfish_ctx
+ -- Context struct: struct blowfish_ctx
- - Constant: BLOWFISH_BLOCK_SIZE
- The BLOWFISH block-size, 8
+ -- Constant: BLOWFISH_BLOCK_SIZE
+ The BLOWFISH block-size, 8.
- - Constant: BLOWFISH_MIN_KEY_SIZE
- Minimum BLOWFISH key size, 8
+ -- Constant: BLOWFISH_MIN_KEY_SIZE
+ Minimum BLOWFISH key size, 8.
- - Constant: BLOWFISH_MAX_KEY_SIZE
- Maximum BLOWFISH key size, 56
+ -- Constant: BLOWFISH_MAX_KEY_SIZE
+ Maximum BLOWFISH key size, 56.
- - Constant: BLOWFISH_KEY_SIZE
- Default BLOWFISH key size, 16
+ -- Constant: BLOWFISH_KEY_SIZE
+ Default BLOWFISH key size, 16.
- - Function: int blowfish_set_key (struct blowfish_ctx *CTX, unsigned
+ -- Function: int blowfish_set_key (struct blowfish_ctx *CTX, unsigned
LENGTH, const uint8_t *KEY)
Initialize the cipher. The same function is used for both
encryption and decryption. Checks for weak keys, returning 1 for
`blowfish_encrypt' or `blowfish_decrypt' with a weak key will
crash with an assert violation.
- - Function: void blowfish_encrypt (struct blowfish_ctx *CTX, unsigned
- LENGTH, const uint8_t *DST, uint8_t *SRC)
+ -- Function: void blowfish_encrypt (struct blowfish_ctx *CTX, unsigned
+ LENGTH, uint8_t *DST, const uint8_t *SRC)
Encryption function. LENGTH must be an integral multiple of the
block size. If it is more than one block, the data is processed in
ECB mode. `src' and `dst' may be equal, but they must not overlap
in any other way.
- - Function: void blowfish_decrypt (struct blowfish_ctx *CTX, unsigned
- LENGTH, const uint8_t *DST, uint8_t *SRC)
+ -- Function: void blowfish_decrypt (struct blowfish_ctx *CTX, unsigned
+ LENGTH, uint8_t *DST, const uint8_t *SRC)
Analogous to `blowfish_encrypt'
-Camellia
---------
+6.2.5 Camellia
+--------------
Camellia is a block cipher developed by Mitsubishi and Nippon Telegraph
and Telephone Corporation, described in `RFC3713', and recommended by
implementation released by NTT under the GNU LGPL (v2.1 or later), and
relies on the implicit patent license of the LGPL. There is also a
statement of royalty-free licensing for Camellia at
-<http://www.ntt.co.jp/news/news01e/0104/010417.html>, but this
+`http://www.ntt.co.jp/news/news01e/0104/010417.html', but this
statement has some limitations which seem problematic for free software.
Camellia uses a the same block size and key sizes as AES: The block
size is 128 bits (16 octets), and the supported key sizes are 128, 192,
and 256 bits. Nettle defines Camellia in `<nettle/camellia.h>'.
- - Context struct: struct camellia_ctx
+ -- Context struct: struct camellia_ctx
- - Constant: CAMELLIA_BLOCK_SIZE
- The CAMELLIA block-size, 16
+ -- Constant: CAMELLIA_BLOCK_SIZE
+ The CAMELLIA block-size, 16.
- - Constant: CAMELLIA_MIN_KEY_SIZE
+ -- Constant: CAMELLIA_MIN_KEY_SIZE
- - Constant: CAMELLIA_MAX_KEY_SIZE
+ -- Constant: CAMELLIA_MAX_KEY_SIZE
- - Constant: CAMELLIA_KEY_SIZE
- Default CAMELLIA key size, 32
+ -- Constant: CAMELLIA_KEY_SIZE
+ Default CAMELLIA key size, 32.
- - Function: void camellia_set_encrypt_key (struct camellia_ctx *CTX,
+ -- Function: void camellia_set_encrypt_key (struct camellia_ctx *CTX,
unsigned LENGTH, const uint8_t *KEY)
- - Function: void camellia_set_decrypt_key (struct camellia_ctx *CTX,
+ -- Function: void camellia_set_decrypt_key (struct camellia_ctx *CTX,
unsigned LENGTH, const uint8_t *KEY)
Initialize the cipher, for encryption or decryption, respectively.
- - Function: void camellia_invert_key (struct camellia_ctx *DST, const
+ -- Function: void camellia_invert_key (struct camellia_ctx *DST, const
struct camellia_ctx *SRC)
Given a context SRC initialized for encryption, initializes the
context struct DST for decryption, using the same key. If the same
function is mainly useful for applications which needs to both
encrypt and decrypt using the _same_ key.
- - Function: void camellia_crypt (struct camellia_ctx *CTX, unsigned
- LENGTH, const uint8_t *DST, uint8_t *SRC)
+ -- Function: void camellia_crypt (struct camellia_ctx *CTX, unsigned
+ LENGTH, uint8_t *DST, const uint8_t *SRC)
The same function is used for both encryption and decryption.
LENGTH must be an integral multiple of the block size. If it is
more than one block, the data is processed in ECB mode. `src' and
`dst' may be equal, but they must not overlap in any other way.
-CAST128
--------
+6.2.6 CAST128
+-------------
CAST-128 is a block cipher, specified in `RFC 2144'. It uses a 64 bit
(8 octets) block size, and a variable key size of up to 128 bits.
Nettle defines cast128 in `<nettle/cast128.h>'.
- - Context struct: struct cast128_ctx
+ -- Context struct: struct cast128_ctx
- - Constant: CAST128_BLOCK_SIZE
- The CAST128 block-size, 8
+ -- Constant: CAST128_BLOCK_SIZE
+ The CAST128 block-size, 8.
- - Constant: CAST128_MIN_KEY_SIZE
- Minimum CAST128 key size, 5
+ -- Constant: CAST128_MIN_KEY_SIZE
+ Minimum CAST128 key size, 5.
- - Constant: CAST128_MAX_KEY_SIZE
- Maximum CAST128 key size, 16
+ -- Constant: CAST128_MAX_KEY_SIZE
+ Maximum CAST128 key size, 16.
- - Constant: CAST128_KEY_SIZE
- Default CAST128 key size, 16
+ -- Constant: CAST128_KEY_SIZE
+ Default CAST128 key size, 16.
- - Function: void cast128_set_key (struct cast128_ctx *CTX, unsigned
+ -- Function: void cast128_set_key (struct cast128_ctx *CTX, unsigned
LENGTH, const uint8_t *KEY)
Initialize the cipher. The same function is used for both
encryption and decryption.
- - Function: void cast128_encrypt (struct cast128_ctx *CTX, unsigned
- LENGTH, const uint8_t *DST, uint8_t *SRC)
+ -- Function: void cast128_encrypt (struct cast128_ctx *CTX, unsigned
+ LENGTH, uint8_t *DST, const uint8_t *SRC)
Encryption function. LENGTH must be an integral multiple of the
block size. If it is more than one block, the data is processed in
ECB mode. `src' and `dst' may be equal, but they must not overlap
in any other way.
- - Function: void cast128_decrypt (struct cast128_ctx *CTX, unsigned
- LENGTH, const uint8_t *DST, uint8_t *SRC)
+ -- Function: void cast128_decrypt (struct cast128_ctx *CTX, unsigned
+ LENGTH, uint8_t *DST, const uint8_t *SRC)
Analogous to `cast128_encrypt'
-DES
----
+6.2.7 DES
+---------
DES is the old Data Encryption Standard, specified by NIST. It uses a
block size of 64 bits (8 octets), and a key size of 56 bits. However,
DES also has some weak keys. Nettle defines DES in `<nettle/des.h>'.
- - Context struct: struct des_ctx
+ -- Context struct: struct des_ctx
- - Constant: DES_BLOCK_SIZE
- The DES block-size, 8
+ -- Constant: DES_BLOCK_SIZE
+ The DES block-size, 8.
- - Constant: DES_KEY_SIZE
- DES key size, 8
+ -- Constant: DES_KEY_SIZE
+ DES key size, 8.
- - Function: int des_set_key (struct des_ctx *CTX, const uint8_t *KEY)
+ -- Function: int des_set_key (struct des_ctx *CTX, const uint8_t *KEY)
Initialize the cipher. The same function is used for both
encryption and decryption. Parity bits are ignored. Checks for
weak keys, returning 1 for good keys and 0 for weak keys.
Applications that don't care about weak keys can ignore the return
value.
- - Function: void des_encrypt (struct des_ctx *CTX, unsigned LENGTH,
- const uint8_t *DST, uint8_t *SRC)
+ -- Function: void des_encrypt (struct des_ctx *CTX, unsigned LENGTH,
+ uint8_t *DST, const uint8_t *SRC)
Encryption function. LENGTH must be an integral multiple of the
block size. If it is more than one block, the data is processed in
ECB mode. `src' and `dst' may be equal, but they must not overlap
in any other way.
- - Function: void des_decrypt (struct des_ctx *CTX, unsigned LENGTH,
- const uint8_t *DST, uint8_t *SRC)
+ -- Function: void des_decrypt (struct des_ctx *CTX, unsigned LENGTH,
+ uint8_t *DST, const uint8_t *SRC)
Analogous to `des_encrypt'
- - Function: int des_check_parity (unsigned LENGTH, const uint8_t *KEY);
+ -- Function: int des_check_parity (unsigned LENGTH, const uint8_t
+ *KEY);
Checks that the given key has correct, odd, parity. Returns 1 for
correct parity, and 0 for bad parity.
- - Function: void des_fix_parity (unsigned LENGTH, uint8_t *DST, const
+ -- Function: void des_fix_parity (unsigned LENGTH, uint8_t *DST, const
uint8_t *SRC)
Adjusts the parity bits to match DES's requirements. You need this
function if you have created a random-looking string by a key
agreement protocol, and want to use it as a DES key. DST and SRC
may be equal.
-DES3
-----
+6.2.8 DES3
+----------
The inadequate key size of DES has already been mentioned. One way to
increase the key size is to pipe together several DES boxes with
triple-DES, it is defined in the same place as plain DES,
`<nettle/des.h>'.
- - Context struct: struct des3_ctx
+ -- Context struct: struct des3_ctx
- - Constant: DES3_BLOCK_SIZE
- The DES3 block-size is the same as DES_BLOCK_SIZE, 8
+ -- Constant: DES3_BLOCK_SIZE
+ The DES3 block-size is the same as DES_BLOCK_SIZE, 8.
- - Constant: DES3_KEY_SIZE
- DES key size, 24
+ -- Constant: DES3_KEY_SIZE
+ DES key size, 24.
- - Function: int des3_set_key (struct des3_ctx *CTX, const uint8_t *KEY)
+ -- Function: int des3_set_key (struct des3_ctx *CTX, const uint8_t
+ *KEY)
Initialize the cipher. The same function is used for both
encryption and decryption. Parity bits are ignored. Checks for
weak keys, returning 1 if all three keys are good keys, and 0 if
For random-looking strings, you can use `des_fix_parity' to adjust
the parity bits before calling `des3_set_key'.
- - Function: void des3_encrypt (struct des3_ctx *CTX, unsigned LENGTH,
- const uint8_t *DST, uint8_t *SRC)
+ -- Function: void des3_encrypt (struct des3_ctx *CTX, unsigned LENGTH,
+ uint8_t *DST, const uint8_t *SRC)
Encryption function. LENGTH must be an integral multiple of the
block size. If it is more than one block, the data is processed in
ECB mode. `src' and `dst' may be equal, but they must not overlap
in any other way.
- - Function: void des3_decrypt (struct des3_ctx *CTX, unsigned LENGTH,
- const uint8_t *DST, uint8_t *SRC)
+ -- Function: void des3_decrypt (struct des3_ctx *CTX, unsigned LENGTH,
+ uint8_t *DST, const uint8_t *SRC)
Analogous to `des_encrypt'
-SERPENT
--------
+6.2.9 Salsa20
+-------------
+
+Salsa20 is a fairly recent stream cipher designed by D. J. Bernstein. It
+is built on the observation that a cryptographic hash function can be
+used for encryption: Form the hash input from the secret key and a
+counter, xor the hash output and the first block of the plaintext, then
+increment the counter to process the next block (similar to CTR mode,
+see *note CTR::). Bernstein defined an encryption algorithm, Snuffle,
+in this way to ridicule United States export restrictions which treated
+hash functions as nice and harmless, but ciphers as dangerous munitions.
+
+ Salsa20 uses the same idea, but with a new specialized hash function
+to mix key, block counter, and a couple of constants. It's also designed
+for speed; on x86_64, it is currently the fastest cipher offered by
+nettle. It uses a block size of 512 bits (64 octets) and there are two
+specified key sizes, 128 and 256 bits (16 and 32 octets).
+
+ *Caution:* The hash function used in Salsa20 is _not_ directly
+applicable for use as a general hash function. It's _not_ collision
+resistant if arbitrary inputs are allowed, and furthermore, the input
+and output is of fixed size.
+
+ When using Salsa20 to process a message, one specifies both a key
+and a "nonce", the latter playing a similar rôle to the initialization
+vector (IV) used with CBC or CTR mode. For this reason, Nettle uses the
+term IV to refer to the Salsa20 nonce. One can use the same key for
+several messages, provided one uses a unique random iv for each
+message. The iv is 64 bits (8 octets). The block counter is initialized
+to zero for each message, and is also 64 bits (8 octets). Nettle
+defines Salsa20 in `<nettle/salsa20.h>'.
+
+ -- Context struct: struct salsa20_ctx
+
+ -- Constant: SALSA20_MIN_KEY_SIZE
+ -- Constant: SALSA20_MAX_KEY_SIZE
+ The two supported key sizes, 16 and 32 octets.
+
+ -- Constant: SALSA20_KEY_SIZE
+ Recommended key size, 32.
+
+ -- Constant: SALSA20_BLOCK_SIZE
+ Salsa20 block size, 64.
+
+ -- Constant: SALSA20_IV_SIZE
+ Size of the IV, 8.
+
+ -- Function: void salsa20_set_key (struct salsa20_ctx *CTX, unsigned
+ LENGTH, const uint8_t *KEY)
+ Initialize the cipher. The same function is used for both
+ encryption and decryption. Before using the cipher, you _must_
+ also call `salsa20_set_iv', see below.
+
+ -- Function: void salsa20_set_iv (struct salsa20_ctx *CTX, const
+ uint8_t *IV)
+ Sets the IV. It is always of size `SALSA20_IV_SIZE', 8 octets.
+ This function also initializes the block counter, setting it to
+ zero.
+
+ -- Function: void salsa20_crypt (struct salsa20_ctx *CTX, unsigned
+ LENGTH, uint8_t *DST, const uint8_t *SRC)
+ Encrypts or decrypts the data of a message, using salsa20. When a
+ message is encrypted using a sequence of calls to `salsa20_crypt',
+ all but the last call _must_ use a length that is a multiple of
+ `SALSA20_BLOCK_SIZE'.
+
+ The full salsa20 cipher uses 20 rounds of mixing. Variants of Salsa20
+with fewer rounds are possible, and the 12-round variant is specified by
+eSTREAM, see `http://www.ecrypt.eu.org/stream/finallist.html'. Nettle
+calls this variant `salsa20r12'. It uses the same context struct and
+key setup as the full salsa20 cipher, but a separate function for
+encryption and decryption.
+
+ -- Function: void salsa20r12_crypt (struct salsa20_ctx *CTX, unsigned
+ LENGTH, uint8_t *DST, const uint8_t *SRC)
+ Encrypts or decrypts the data of a message, using salsa20 reduced
+ to 12 rounds.
+
+6.2.10 SERPENT
+--------------
SERPENT is one of the AES finalists, designed by Ross Anderson, Eli
Biham and Lars Knudsen. Thus, the interface and properties are similar
anything but the maximum key size, smaller keys are just padded to
larger ones. Nettle defines SERPENT in `<nettle/serpent.h>'.
- - Context struct: struct serpent_ctx
+ -- Context struct: struct serpent_ctx
- - Constant: SERPENT_BLOCK_SIZE
- The SERPENT block-size, 16
+ -- Constant: SERPENT_BLOCK_SIZE
+ The SERPENT block-size, 16.
- - Constant: SERPENT_MIN_KEY_SIZE
- Minimum SERPENT key size, 16
+ -- Constant: SERPENT_MIN_KEY_SIZE
+ Minimum SERPENT key size, 16.
- - Constant: SERPENT_MAX_KEY_SIZE
- Maximum SERPENT key size, 32
+ -- Constant: SERPENT_MAX_KEY_SIZE
+ Maximum SERPENT key size, 32.
- - Constant: SERPENT_KEY_SIZE
- Default SERPENT key size, 32
+ -- Constant: SERPENT_KEY_SIZE
+ Default SERPENT key size, 32.
- - Function: void serpent_set_key (struct serpent_ctx *CTX, unsigned
+ -- Function: void serpent_set_key (struct serpent_ctx *CTX, unsigned
LENGTH, const uint8_t *KEY)
Initialize the cipher. The same function is used for both
encryption and decryption.
- - Function: void serpent_encrypt (struct serpent_ctx *CTX, unsigned
- LENGTH, const uint8_t *DST, uint8_t *SRC)
+ -- Function: void serpent_encrypt (struct serpent_ctx *CTX, unsigned
+ LENGTH, uint8_t *DST, const uint8_t *SRC)
Encryption function. LENGTH must be an integral multiple of the
block size. If it is more than one block, the data is processed in
ECB mode. `src' and `dst' may be equal, but they must not overlap
in any other way.
- - Function: void serpent_decrypt (struct serpent_ctx *CTX, unsigned
- LENGTH, const uint8_t *DST, uint8_t *SRC)
+ -- Function: void serpent_decrypt (struct serpent_ctx *CTX, unsigned
+ LENGTH, uint8_t *DST, const uint8_t *SRC)
Analogous to `serpent_encrypt'
-TWOFISH
--------
+6.2.11 TWOFISH
+--------------
Another AES finalist, this one designed by Bruce Schneier and others.
Nettle defines it in `<nettle/twofish.h>'.
- - Context struct: struct twofish_ctx
+ -- Context struct: struct twofish_ctx
- - Constant: TWOFISH_BLOCK_SIZE
- The TWOFISH block-size, 16
+ -- Constant: TWOFISH_BLOCK_SIZE
+ The TWOFISH block-size, 16.
- - Constant: TWOFISH_MIN_KEY_SIZE
- Minimum TWOFISH key size, 16
+ -- Constant: TWOFISH_MIN_KEY_SIZE
+ Minimum TWOFISH key size, 16.
- - Constant: TWOFISH_MAX_KEY_SIZE
- Maximum TWOFISH key size, 32
+ -- Constant: TWOFISH_MAX_KEY_SIZE
+ Maximum TWOFISH key size, 32.
- - Constant: TWOFISH_KEY_SIZE
- Default TWOFISH key size, 32
+ -- Constant: TWOFISH_KEY_SIZE
+ Default TWOFISH key size, 32.
- - Function: void twofish_set_key (struct twofish_ctx *CTX, unsigned
+ -- Function: void twofish_set_key (struct twofish_ctx *CTX, unsigned
LENGTH, const uint8_t *KEY)
Initialize the cipher. The same function is used for both
encryption and decryption.
- - Function: void twofish_encrypt (struct twofish_ctx *CTX, unsigned
- LENGTH, const uint8_t *DST, uint8_t *SRC)
+ -- Function: void twofish_encrypt (struct twofish_ctx *CTX, unsigned
+ LENGTH, uint8_t *DST, const uint8_t *SRC)
Encryption function. LENGTH must be an integral multiple of the
block size. If it is more than one block, the data is processed in
ECB mode. `src' and `dst' may be equal, but they must not overlap
in any other way.
- - Function: void twofish_decrypt (struct twofish_ctx *CTX, unsigned
- LENGTH, const uint8_t *DST, uint8_t *SRC)
+ -- Function: void twofish_decrypt (struct twofish_ctx *CTX, unsigned
+ LENGTH, uint8_t *DST, const uint8_t *SRC)
Analogous to `twofish_encrypt'
-`struct nettle_cipher'
-----------------------
+6.2.12 `struct nettle_cipher'
+-----------------------------
Nettle includes a struct including information about some of the more
regular cipher functions. It should be considered a little experimental,
various algorithms. Nettle defines these structs in
`<nettle/nettle-meta.h>'.
- - Meta struct: `struct nettle_cipher' name context_size block_size
+ -- Meta struct: `struct nettle_cipher' name context_size block_size
key_size set_encrypt_key set_decrypt_key encrypt decrypt
The last four attributes are function pointers, of types
`nettle_set_key_func' and `nettle_crypt_func'. The first argument
to these functions is a `void *' pointer to a context struct,
which is of size `context_size'.
- - Constant Struct: struct nettle_cipher nettle_aes128
- - Constant Struct: struct nettle_cipher nettle_aes192
- - Constant Struct: struct nettle_cipher nettle_aes256
- - Constant Struct: struct nettle_cipher nettle_arctwo40;
- - Constant Struct: struct nettle_cipher nettle_arctwo64;
- - Constant Struct: struct nettle_cipher nettle_arctwo128;
- - Constant Struct: struct nettle_cipher nettle_arctwo_gutmann128;
- - Constant Struct: struct nettle_cipher nettle_arcfour128
- - Constant Struct: struct nettle_cipher nettle_camellia128
- - Constant Struct: struct nettle_cipher nettle_camellia192
- - Constant Struct: struct nettle_cipher nettle_camellia256
- - Constant Struct: struct nettle_cipher nettle_cast128
- - Constant Struct: struct nettle_cipher nettle_serpent128
- - Constant Struct: struct nettle_cipher nettle_serpent192
- - Constant Struct: struct nettle_cipher nettle_serpent256
- - Constant Struct: struct nettle_cipher nettle_twofish128
- - Constant Struct: struct nettle_cipher nettle_twofish192
- - Constant Struct: struct nettle_cipher nettle_twofish256
- - Constant Struct: struct nettle_cipher nettle_arctwo40;
- - Constant Struct: struct nettle_cipher nettle_arctwo64;
- - Constant Struct: struct nettle_cipher nettle_arctwo128;
- - Constant Struct: struct nettle_cipher nettle_arctwo_gutmann128;
+ -- Constant Struct: struct nettle_cipher nettle_aes128
+ -- Constant Struct: struct nettle_cipher nettle_aes192
+ -- Constant Struct: struct nettle_cipher nettle_aes256
+ -- Constant Struct: struct nettle_cipher nettle_arctwo40
+ -- Constant Struct: struct nettle_cipher nettle_arctwo64
+ -- Constant Struct: struct nettle_cipher nettle_arctwo128
+ -- Constant Struct: struct nettle_cipher nettle_arctwo_gutmann128
+ -- Constant Struct: struct nettle_cipher nettle_arcfour128
+ -- Constant Struct: struct nettle_cipher nettle_camellia128
+ -- Constant Struct: struct nettle_cipher nettle_camellia192
+ -- Constant Struct: struct nettle_cipher nettle_camellia256
+ -- Constant Struct: struct nettle_cipher nettle_cast128
+ -- Constant Struct: struct nettle_cipher nettle_serpent128
+ -- Constant Struct: struct nettle_cipher nettle_serpent192
+ -- Constant Struct: struct nettle_cipher nettle_serpent256
+ -- Constant Struct: struct nettle_cipher nettle_twofish128
+ -- Constant Struct: struct nettle_cipher nettle_twofish192
+ -- Constant Struct: struct nettle_cipher nettle_twofish256
Nettle includes such structs for all the _regular_ ciphers, i.e.
ones without weak keys or other oddities.
+ Nettle also exports a list of all these ciphers without weak keys or
+other oddities.
+
+ -- Constant Array: struct nettle_cipher ** nettle_ciphers
+ This list can be used to dynamically enumerate or search the
+ supported algorithms. NULL-terminated.
+
\1f
File: nettle.info, Node: Cipher modes, Next: Keyed hash functions, Prev: Cipher functions, Up: Reference
-Cipher modes
-============
-
-Cipher modes of operation specifies the procedure to use when
-encrypting a message that is larger than the cipher's block size. As
-explained in *Note Cipher functions::, splitting the message into blocks
-and processing them independently with the block cipher (Electronic Code
-Book mode, ECB) leaks information. Besides ECB, Nettle provides two
-other modes of operation: Cipher Block Chaining (CBC) and Counter mode
-(CTR). CBC is widely used, but there are a few subtle issues of
-information leakage. CTR was standardized more recently, and is
-believed to be more secure.
-
-Cipher Block Chaining
----------------------
+6.3 Cipher modes
+================
+
+Cipher modes of operation specifies the procedure to use when encrypting
+a message that is larger than the cipher's block size. As explained in
+*Note Cipher functions::, splitting the message into blocks and
+processing them independently with the block cipher (Electronic Code
+Book mode, ECB) leaks information. Besides ECB, Nettle provides three
+other modes of operation: Cipher Block Chaining (CBC), Counter mode
+(CTR), and Galois/Counter mode (GCM). CBC is widely used, but there are
+a few subtle issues of information leakage, see, e.g., SSH CBC
+vulnerability (http://www.kb.cert.org/vuls/id/958563). CTR and GCM were
+standardized more recently, and are believed to be more secure. GCM
+includes message authentication; for the other modes, one should always
+use a MAC (*note Keyed hash functions::) or signature to authenticate
+the message.
+
+* Menu:
+
+* CBC::
+* CTR::
+* GCM::
+
+\1f
+File: nettle.info, Node: CBC, Next: CTR, Prev: Cipher modes, Up: Cipher modes
+
+6.3.1 Cipher Block Chaining
+---------------------------
When using CBC mode, plaintext blocks are not encrypted independently
of each other, like in Electronic Cook Book mode. Instead, when
C_1 = E_k(IV XOR M_1)
C_2 = E_k(C_1 XOR M_2)
-
+
...
-
+
C_n = E_k(C_(n-1) XOR M_n)
Nettle's includes two functions for applying a block cipher in Cipher
Block Chaining (CBC) mode, one for encryption and one for decryption.
These functions uses `void *' to pass cipher contexts around.
- - Function: void cbc_encrypt (void *CTX, nettle_crypt_func F, unsigned
- BLOCK_SIZE, uint8_t *IV, unsigned LENGTH, uint8_t *DST, const
- uint8_t *SRC)
- - Function: void cbc_decrypt (void *CTX, void (*F)(), unsigned
+ -- Function: void cbc_encrypt (void *CTX, nettle_crypt_func F,
+ unsigned BLOCK_SIZE, uint8_t *IV, unsigned LENGTH, uint8_t
+ *DST, const uint8_t *SRC)
+ -- Function: void cbc_decrypt (void *CTX, void (*F)(), unsigned
BLOCK_SIZE, uint8_t *IV, unsigned LENGTH, uint8_t *DST, const
uint8_t *SRC)
Applies the encryption or decryption function F in CBC mode. The
There are also some macros to help use these functions correctly.
- - Macro: CBC_CTX (CONTEXT_TYPE, BLOCK_SIZE)
- Expands into
+ -- Macro: CBC_CTX (CONTEXT_TYPE, BLOCK_SIZE)
+ Expands to
{
context_type ctx;
uint8_t iv[block_size];
struct aes_cbc_ctx CBC_CTX (struct aes_ctx, AES_BLOCK_SIZE);
- - Macro: CBC_SET_IV (CTX, IV)
+ -- Macro: CBC_SET_IV (CTX, IV)
First argument is a pointer to a context struct as defined by
`CBC_CTX', and the second is a pointer to an Initialization Vector
(IV) that is copied into that context.
- - Macro: CBC_ENCRYPT (CTX, F, LENGTH, DST, SRC)
- - Macro: CBC_DECRYPT (CTX, F, LENGTH, DST, SRC)
+ -- Macro: CBC_ENCRYPT (CTX, F, LENGTH, DST, SRC)
+ -- Macro: CBC_DECRYPT (CTX, F, LENGTH, DST, SRC)
A simpler way to invoke `cbc_encrypt' and `cbc_decrypt'. The first
argument is a pointer to a context struct as defined by `CBC_CTX',
and the second argument is an encryption or decryption function
if the types of F and CTX don't match, e.g. if you try to use an
`struct aes_ctx' context with the `des_encrypt' function.
-Counter mode
-------------
+\1f
+File: nettle.info, Node: CTR, Next: GCM, Prev: CBC, Up: Cipher modes
+
+6.3.2 Counter mode
+------------------
Counter mode (CTR) uses the block cipher as a keyed pseudo-random
generator. The output of the generator is XORed with the data to be
C_1 = E_k(IC) XOR M_1
C_2 = E_k(IC + 1) XOR M_2
-
+
...
-
+
C_(n-1) = E_k(IC + n - 2) XOR M_(n-1)
C_n = E_k(IC + n - 1) [1..m] XOR M_n
- The IC is the initial value for the counter, it plays a similar role
+ The IC is the initial value for the counter, it plays a similar rôle
as the IV for CBC. When adding, `IC + x', IC is interpreted as an
integer, in network byte order. For the last block, `E_k(IC + n - 1)
[1..m]' means that the cipher output is truncated to `m' bytes.
- - Function: void ctr_crypt (void *CTX, nettle_crypt_func F, unsigned
+ -- Function: void ctr_crypt (void *CTX, nettle_crypt_func F, unsigned
BLOCK_SIZE, uint8_t *CTR, unsigned LENGTH, uint8_t *DST,
const uint8_t *SRC)
Applies the encryption function F in CTR mode. Note that for CTR
Like for CBC, there are also a couple of helper macros.
- - Macro: CTR_CTX (CONTEXT_TYPE, BLOCK_SIZE)
- Expands into
+ -- Macro: CTR_CTX (CONTEXT_TYPE, BLOCK_SIZE)
+ Expands to
{
context_type ctx;
uint8_t ctr[block_size];
}
- - Macro: CTR_SET_COUNTER (CTX, IV)
+ -- Macro: CTR_SET_COUNTER (CTX, IV)
First argument is a pointer to a context struct as defined by
`CTR_CTX', and the second is a pointer to an initial counter that
is copied into that context.
- - Macro: CTR_CRYPT (CTX, F, LENGTH, DST, SRC)
+ -- Macro: CTR_CRYPT (CTX, F, LENGTH, DST, SRC)
A simpler way to invoke `ctr_crypt'. The first argument is a
pointer to a context struct as defined by `CTR_CTX', and the second
argument is an encryption function following Nettle's conventions.
for the operation.
\1f
-File: nettle.info, Node: Keyed hash functions, Next: Public-key algorithms, Prev: Cipher modes, Up: Reference
+File: nettle.info, Node: GCM, Prev: CTR, Up: Cipher modes
+
+6.3.3 Galois counter mode
+-------------------------
+
+Galois counter mode is the combination of counter mode with message
+authentication based on universal hashing. The main objective of the
+design is to provide high performance for hardware implementations,
+where other popular MAC algorithms (*note Keyed hash functions::
+becomes a bottleneck for high-speed hardware implementations. It was
+proposed by David A. McGrew and John Viega in 2005, and recommended by
+NIST in 2007, NIST Special Publication 800-38D
+(http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf). It
+is constructed on top of a block cipher which must have a block size of
+128 bits.
+
+ GCM is applied to messages of arbitrary length. The inputs are:
+
+ * A key, which can be used for many messages.
+
+ * An initialization vector (IV) which _must_ be unique for each
+ message.
+
+ * Additional authenticated data, which is to be included in the
+ message authentication, but not encrypted. May be empty.
+
+ * The plaintext. Maybe empty.
+
+ The outputs are a ciphertext, of the same length as the plaintext,
+and a message digest of length 128 bits. Nettle's support for GCM
+consists of a low-level general interface, some convenience macros, and
+specific functions for GCM using AES as the underlying cipher. These
+interfaces are defined in `<nettle/gcm.h>'
+
+6.3.3.1 General GCM interface
+.............................
+
+ -- Context struct: struct gcm_key
+ Message independent hash sub-key, and related tables.
+
+ -- Context struct: struct gcm_ctx
+ Holds state corresponding to a particular message.
+
+ -- Constant: GCM_BLOCK_SIZE
+ GCM's block size, 16.
+
+ -- Constant: GCM_IV_SIZE
+ Recommended size of the IV, 12. Other sizes are allowed.
+
+ -- Function: void gcm_set_key (struct gcm_key *KEY, void *CIPHER,
+ nettle_crypt_func *F)
+ Initializes KEY. CIPHER gives a context struct for the underlying
+ cipher, which must have been previously initialized for
+ encryption, and F is the encryption function.
+
+ -- Function: void gcm_set_iv (struct gcm_ctx *CTX, const struct
+ gcm_key *KEY, unsigned LENGTH, const uint8_t *IV)
+ Initializes CTX using the given IV. The KEY argument is actually
+ needed only if LENGTH differs from `GCM_IV_SIZE'.
+
+ -- Function: void gcm_update (struct gcm_ctx *CTX, const struct
+ gcm_key *KEY, unsigned LENGTH, const uint8_t *DATA)
+ Provides associated data to be authenticated. If used, must be
+ called before `gcm_encrypt' or `gcm_decrypt'. All but the last call
+ for each message _must_ use a length that is a multiple of the
+ block size.
+
+ -- Function: void gcm_encrypt (struct gcm_ctx *CTX, const struct
+ gcm_key *KEY void *CIPHER, nettle_crypt_func *F, unsigned
+ LENGTH, uint8_t *DST, const uint8_t *SRC)
+ -- Function: void gcm_decrypt (struct gcm_ctx *CTX, const struct
+ gcm_key *KEY, void *CIPHER, nettle_crypt_func *F, unsigned
+ LENGTH, uint8_t *DST, const uint8_t *SRC)
+ Encrypts or decrypts the data of a message. CIPHER is the context
+ struct for the underlying cipher and F is the encryption function.
+ All but the last call for each message _must_ use a length that is
+ a multiple of the block size.
+
+ -- Function: void gcm_digest (struct gcm_ctx *CTX, const struct
+ gcm_key *KEY, void *CIPHER, nettle_crypt_func *F, unsigned
+ LENGTH, uint8_t *DIGEST)
+ Extracts the message digest (also known "authentication tag").
+ This is the final operation when processing a message. LENGTH is
+ usually equal to `GCM_BLOCK_SIZE', but if you provide a smaller
+ value, only the first LENGTH octets of the digest are written.
+
+ To encrypt a message using GCM, first initialize a context for the
+underlying block cipher with a key to use for encryption. Then call the
+above functions in the following order: `gcm_set_key', `gcm_set_iv',
+`gcm_update', `gcm_encrypt', `gcm_digest'. The decryption procedure is
+analogous, just calling `gcm_decrypt' instead of `gcm_encrypt' (note
+that GCM decryption still uses the encryption function of the
+underlying block cipher). To process a new message, using the same key,
+call `gcm_set_iv' with a new iv.
+
+6.3.3.2 GCM helper macros
+.........................
+
+The following macros are defined.
+
+ -- Macro: GCM_CTX (CONTEXT_TYPE)
+ This defines an all-in-one context struct, including the context
+ of the underlying cipher, the hash sub-key, and the per-message
+ state. It expands to
+ {
+ context_type cipher;
+ struct gcm_key key;
+ struct gcm_ctx gcm;
+ }
-Keyed Hash Functions
-====================
+ Example use:
+ struct gcm_aes_ctx GCM_CTX(struct aes_ctx);
+
+ The following macros operate on context structs of this form.
+
+ -- Macro: GCM_SET_KEY (CTX, SET_KEY, ENCRYPT, LENGTH, DATA)
+ First argument, CTX, is a context struct as defined by `GCM_CTX'.
+ SET_KEY and ENCRYPT are functions for setting the encryption key
+ and for encrypting data using the underlying cipher. LENGTH and
+ DATA give the key.
+
+ -- Macro: GCM_SET_IV (CTX, LENGTH, DATA)
+ First argument is a context struct as defined by `GCM_CTX'. LENGTH
+ and DATA give the initialization vector (IV).
+
+ -- Macro: GCM_UPDATE (CTX, LENGTH, DATA)
+ Simpler way to call `gcm_update'. First argument is a context
+ struct as defined by `GCM_CTX'
+
+ -- Macro: GCM_ENCRYPT (CTX, ENCRYPT, LENGTH, DST, SRC)
+ -- Macro: GCM_DECRYPT (CTX, ENCRYPT, LENGTH, DST, SRC)
+ -- Macro: GCM_DIGEST (CTX, ENCRYPT, LENGTH, DIGEST)
+ Simpler way to call `gcm_encrypt', `gcm_decrypt' or `gcm_digest'.
+ First argument is a context struct as defined by `GCM_CTX'. Second
+ argument, ENCRYPT, is a pointer to the encryption function of the
+ underlying cipher.
+
+6.3.3.3 GCM-AES interface
+.........................
+
+The following functions implement the common case of GCM using AES as
+the underlying cipher.
+
+ -- Context struct: struct gcm_aes_ctx
+ The context struct, defined using `GCM_CTX'.
+
+ -- Function: void gcm_aes_set_key (struct gcm_aes_ctx *CTX, unsigned
+ LENGTH, const uint8_t *KEY)
+ Initializes CTX using the given key. All valid AES key sizes can
+ be used.
+
+ -- Function: void gcm_aes_set_iv (struct gcm_aes_ctx *CTX, unsigned
+ LENGTH, const uint8_t *IV)
+ Initializes the per-message state, using the given IV.
+
+ -- Function: void gcm_aes_update (struct gcm_aes_ctx *CTX, unsigned
+ LENGTH, const uint8_t *DATA)
+ Provides associated data to be authenticated. If used, must be
+ called before `gcm_aes_encrypt' or `gcm_aes_decrypt'. All but the
+ last call for each message _must_ use a length that is a multiple
+ of the block size.
+
+ -- Function: void gcm_aes_encrypt (struct gcm_aes_ctx *CTX, unsigned
+ LENGTH, uint8_t *DST, const uint8_t *SRC)
+ -- Function: void gcm_aes_decrypt (struct gcm_aes_ctx *CTX, unsigned
+ LENGTH, uint8_t *DST, const uint8_t *SRC)
+ Encrypts or decrypts the data of a message. All but the last call
+ for each message _must_ use a length that is a multiple of the
+ block size.
+
+
+ -- Function: void gcm_aes_digest (struct gcm_aes_ctx *CTX, unsigned
+ LENGTH, uint8_t *DIGEST)
+ Extracts the message digest (also known "authentication tag").
+ This is the final operation when processing a message. LENGTH is
+ usually equal to `GCM_BLOCK_SIZE', but if you provide a smaller
+ value, only the first LENGTH octets of the digest are written.
+
+\1f
+File: nettle.info, Node: Keyed hash functions, Next: Key derivation functions, Prev: Cipher modes, Up: Reference
+
+6.4 Keyed Hash Functions
+========================
A "keyed hash function", or "Message Authentication Code" (MAC) is a
function that takes a key and a message, and produces fixed size MAC.
Keyed hash functions are typically a lot faster than digital
signatures as well.
-HMAC
-----
+6.4.1 HMAC
+----------
One can build keyed hash functions from ordinary hash functions. Older
constructions simply concatenate secret key and message and hashes
abstract functions that use a pointer to a `struct nettle_hash' to
represent the underlying hash function and `void *' pointers that point
to three different context structs for that hash function. There are
-also concrete functions for HMAC-MD5, HMAC-SHA1, HMAC-SHA256, and
-HMAC-SHA512. First, the abstract functions:
+also concrete functions for HMAC-MD5, HMAC-RIPEMD160 HMAC-SHA1,
+HMAC-SHA256, and HMAC-SHA512. First, the abstract functions:
- - Function: void hmac_set_key (void *OUTER, void *INNER, void *STATE,
+ -- Function: void hmac_set_key (void *OUTER, void *INNER, void *STATE,
const struct nettle_hash *H, unsigned LENGTH, const uint8_t
*KEY)
Initializes the three context structs from the key. The OUTER and
is used for hashing the message, and is initialized as a copy of
the INNER context.
- - Function: void hmac_update (void *STATE, const struct nettle_hash
+ -- Function: void hmac_update (void *STATE, const struct nettle_hash
*H, unsigned LENGTH, const uint8_t *DATA)
This function is called zero or more times to process the message.
Actually, `hmac_update(state, H, length, data)' is equivalent to
`H->update(state, length, data)', so if you wish you can use the
ordinary update function of the underlying hash function instead.
- - Function: void hmac_digest (const void *OUTER, const void *INNER,
+ -- Function: void hmac_digest (const void *OUTER, const void *INNER,
void *STATE, const struct nettle_hash *H, unsigned LENGTH,
uint8_t *DIGEST)
Extracts the MAC of the message, writing it to DIGEST. OUTER and
Like for CBC, there are some macros to help use these functions
correctly.
- - Macro: HMAC_CTX (TYPE)
- Expands into
+ -- Macro: HMAC_CTX (TYPE)
+ Expands to
{
type outer;
type inner;
struct hmac_md5_ctx HMAC_CTX (struct md5_ctx);
- - Macro: HMAC_SET_KEY (CTX, H, LENGTH, KEY)
+ -- Macro: HMAC_SET_KEY (CTX, H, LENGTH, KEY)
CTX is a pointer to a context struct as defined by `HMAC_CTX', H
is a pointer to a `const struct nettle_hash' describing the
underlying hash function (so it must match the type of the
components of CTX). The last two arguments specify the secret key.
- - Macro: HMAC_DIGEST (CTX, H, LENGTH, DIGEST)
+ -- Macro: HMAC_DIGEST (CTX, H, LENGTH, DIGEST)
CTX is a pointer to a context struct as defined by `HMAC_CTX', H
is a pointer to a `const struct nettle_hash' describing the
underlying hash function. The last two arguments specify where the
function directly, or the update function of the underlying hash
function.
-Concrete HMAC functions
------------------------
+6.4.2 Concrete HMAC functions
+-----------------------------
Now we come to the specialized HMAC functions, which are easier to use
than the general HMAC functions.
-HMAC-MD5
-........
+6.4.2.1 HMAC-MD5
+................
- - Context struct: struct hmac_md5_ctx
+ -- Context struct: struct hmac_md5_ctx
- - Function: void hmac_md5_set_key (struct hmac_md5_ctx *CTX, unsigned
+ -- Function: void hmac_md5_set_key (struct hmac_md5_ctx *CTX, unsigned
KEY_LENGTH, const uint8_t *KEY)
Initializes the context with the key.
- - Function: void hmac_md5_update (struct hmac_md5_ctx *CTX, unsigned
+ -- Function: void hmac_md5_update (struct hmac_md5_ctx *CTX, unsigned
LENGTH, const uint8_t *DATA)
Process some more data.
- - Function: void hmac_md5_digest (struct hmac_md5_ctx *CTX, unsigned
+ -- Function: void hmac_md5_digest (struct hmac_md5_ctx *CTX, unsigned
LENGTH, uint8_t *DIGEST)
Extracts the MAC, writing it to DIGEST. LENGTH may be smaller than
`MD5_DIGEST_SIZE', in which case only the first LENGTH octets of
This function also resets the context for processing new messages,
with the same key.
-HMAC-SHA1
-.........
+6.4.2.2 HMAC-RIPEMD160
+......................
+
+ -- Context struct: struct hmac_ripemd160_ctx
+
+ -- Function: void hmac_ripemd160_set_key (struct hmac_ripemd160_ctx
+ *CTX, unsigned KEY_LENGTH, const uint8_t *KEY)
+ Initializes the context with the key.
+
+ -- Function: void hmac_ripemd160_update (struct hmac_ripemd160_ctx
+ *CTX, unsigned LENGTH, const uint8_t *DATA)
+ Process some more data.
+
+ -- Function: void hmac_ripemd160_digest (struct hmac_ripemd160_ctx
+ *CTX, unsigned LENGTH, uint8_t *DIGEST)
+ Extracts the MAC, writing it to DIGEST. LENGTH may be smaller than
+ `RIPEMD160_DIGEST_SIZE', in which case only the first LENGTH
+ octets of the MAC are written.
+
+ This function also resets the context for processing new messages,
+ with the same key.
+
+6.4.2.3 HMAC-SHA1
+.................
- - Context struct: struct hmac_sha1_ctx
+ -- Context struct: struct hmac_sha1_ctx
- - Function: void hmac_sha1_set_key (struct hmac_sha1_ctx *CTX,
+ -- Function: void hmac_sha1_set_key (struct hmac_sha1_ctx *CTX,
unsigned KEY_LENGTH, const uint8_t *KEY)
Initializes the context with the key.
- - Function: void hmac_sha1_update (struct hmac_sha1_ctx *CTX, unsigned
- LENGTH, const uint8_t *DATA)
+ -- Function: void hmac_sha1_update (struct hmac_sha1_ctx *CTX,
+ unsigned LENGTH, const uint8_t *DATA)
Process some more data.
- - Function: void hmac_sha1_digest (struct hmac_sha1_ctx *CTX, unsigned
- LENGTH, uint8_t *DIGEST)
+ -- Function: void hmac_sha1_digest (struct hmac_sha1_ctx *CTX,
+ unsigned LENGTH, uint8_t *DIGEST)
Extracts the MAC, writing it to DIGEST. LENGTH may be smaller than
`SHA1_DIGEST_SIZE', in which case only the first LENGTH octets of
the MAC are written.
This function also resets the context for processing new messages,
with the same key.
-HMAC-SHA256
-...........
+6.4.2.4 HMAC-SHA256
+...................
- - Context struct: struct hmac_sha256_ctx
+ -- Context struct: struct hmac_sha256_ctx
- - Function: void hmac_sha256_set_key (struct hmac_sha256_ctx *CTX,
+ -- Function: void hmac_sha256_set_key (struct hmac_sha256_ctx *CTX,
unsigned KEY_LENGTH, const uint8_t *KEY)
Initializes the context with the key.
- - Function: void hmac_sha256_update (struct hmac_sha256_ctx *CTX,
+ -- Function: void hmac_sha256_update (struct hmac_sha256_ctx *CTX,
unsigned LENGTH, const uint8_t *DATA)
Process some more data.
- - Function: void hmac_sha256_digest (struct hmac_sha256_ctx *CTX,
+ -- Function: void hmac_sha256_digest (struct hmac_sha256_ctx *CTX,
unsigned LENGTH, uint8_t *DIGEST)
Extracts the MAC, writing it to DIGEST. LENGTH may be smaller than
`SHA256_DIGEST_SIZE', in which case only the first LENGTH octets
This function also resets the context for processing new messages,
with the same key.
-HMAC-SHA512
-...........
+6.4.2.5 HMAC-SHA512
+...................
- - Context struct: struct hmac_sha512_ctx
+ -- Context struct: struct hmac_sha512_ctx
- - Function: void hmac_sha512_set_key (struct hmac_sha512_ctx *CTX,
+ -- Function: void hmac_sha512_set_key (struct hmac_sha512_ctx *CTX,
unsigned KEY_LENGTH, const uint8_t *KEY)
Initializes the context with the key.
- - Function: void hmac_sha512_update (struct hmac_sha512_ctx *CTX,
+ -- Function: void hmac_sha512_update (struct hmac_sha512_ctx *CTX,
unsigned LENGTH, const uint8_t *DATA)
Process some more data.
- - Function: void hmac_sha512_digest (struct hmac_sha512_ctx *CTX,
+ -- Function: void hmac_sha512_digest (struct hmac_sha512_ctx *CTX,
unsigned LENGTH, uint8_t *DIGEST)
Extracts the MAC, writing it to DIGEST. LENGTH may be smaller than
`SHA512_DIGEST_SIZE', in which case only the first LENGTH octets
This function also resets the context for processing new messages,
with the same key.
+6.4.3 UMAC
+----------
+
+UMAC is a message authentication code based on universal hashing, and
+designed for high performance on modern processors (in contrast to GCM,
+*Note GCM::, which is designed primarily for hardware performance). On
+processors with good integer multiplication performance, it can be 10
+times faster than SHA256 and SHA512. UMAC is specified in `RFC 4418'.
+
+ The secret key is always 128 bits (16 octets). The key is used as an
+encryption key for the AES block cipher. This cipher is used in counter
+mode to generate various internal subkeys needed in UMAC. Messages are
+of arbitrary size, and for each message, UMAC also needs a unique
+nonce. Nonce values must not be reused for two messages with the same
+key, but they need not be kept secret.
+
+ The nonce must be at least one octet, and at most 16; nonces shorter
+than 16 octets are zero-padded. Nettle's implementation of UMAC
+increments the nonce for automatically each message, so explicitly
+setting the nonce for each message is optional. This auto-increment
+uses network byte order and it takes the length of the nonce into
+acount. E.g., if the initial nonce is "abc" (3 octets), this value is
+zero-padded to 16 octets for the first message. For the next message,
+the nonce is incremented to "abd", and this incremented value is
+zero-padded to 16 octets.
+
+ UMAC is defined in four variants, for different output sizes: 32
+bits (4 octest), 64 bits (8 octets), 96 bits (12 octets) and 128 bits
+(16 octets), corresponding to different tradeoffs between speed and
+security. Using a shorter output size sometimes (but not always!) gives
+the same result as using a longer output size and truncating the result.
+So it is important to use the right variant. For consistency with other
+hash and MAC functions, Nettle's `_digest' functions for UMAC accept a
+length parameter so that the output can be truncated to any desired
+size, but it is recommended to stick to the specified output size and
+select the umac variant corresponding to the desired size.
+
+ The internal block size of UMAC is 1024 octets, and it also
+generates more than 1024 bytes of subkeys. This makes the size of the
+context struct a bit larger than other hash functions and MAC
+algorithms in Nettle.
+
+ Nettle defines UMAC in `<nettle/umac.h>'.
+
+ -- Context struct: struct umac32_ctx
+ -- Context struct: struct umac64_ctx
+ -- Context struct: struct umac96_ctx
+ -- Context struct: struct umac128_ctx
+ Each UMAC variant uses its own context struct.
+
+ -- Constant: UMAC_KEY_SIZE
+ The UMAC key size, 16.
+
+ -- Constant: UMAC32_DIGEST_SIZE
+ The size of an UMAC32 digest, 4.
+
+ -- Constant: UMAC64_DIGEST_SIZE
+ The size of an UMAC64 digest, 8.
+
+ -- Constant: UMAC96_DIGEST_SIZE
+ The size of an UMAC96 digest, 12.
+
+ -- Constant: UMAC128_DIGEST_SIZE
+ The size of an UMAC128 digest, 16.
+
+ -- Constant: UMAC128_DATA_SIZE
+ The internal block size of UMAC.
+
+ -- Function: void umac32_set_key (struct umac32_ctx *CTX, const
+ uint8_t *KEY)
+ -- Function: void umac64_set_key (struct umac64_ctx *CTX, const
+ uint8_t *KEY)
+ -- Function: void umac96_set_key (struct umac96_ctx *CTX, const
+ uint8_t *KEY)
+ -- Function: void umac128_set_key (struct umac128_ctx *CTX, const
+ uint8_t *KEY)
+ These functions initialize the UMAC context struct. They also
+ initialize the nonce to zero (with length 16, for auto-increment).
+
+ -- Function: void umac32_set_nonce (struct umac32_ctx *CTX, unsigned
+ LENGTH, const uint8_t *NONCE)
+ -- Function: void umac64_set_nonce (struct umac64_ctx *CTX, unsigned
+ LENGTH, const uint8_t *NONCE)
+ -- Function: void umac96_set_nonce (struct umac96_ctx *CTX, unsigned
+ LENGTH, const uint8_t *NONCE)
+ -- Function: void umac128_set_nonce (struct umac128_ctx *CTX, unsigned
+ LENGTH, const uint8_t *NONCE)
+ Sets the nonce to be used for the next message. In general, nonces
+ should be set before processing of the message. This is not
+ strictly required for UMAC (the nonce only affects the final
+ processing generating the digest), but it is nevertheless
+ recommended that this function is called _before_ the first
+ `_update' call for the message.
+
+ -- Function: void umac32_update (struct umac32_ctx *CTX, unsigned
+ LENGTH, const uint8_t *DATA)
+ -- Function: void umac64_update (struct umac64_ctx *CTX, unsigned
+ LENGTH, const uint8_t *DATA)
+ -- Function: void umac96_update (struct umac96_ctx *CTX, unsigned
+ LENGTH, const uint8_t *DATA)
+ -- Function: void umac128_update (struct umac128_ctx *CTX, unsigned
+ LENGTH, const uint8_t *DATA)
+ These functions are called zero or more times to process the
+ message.
+
+ -- Function: void umac32_digest (struct umac32_ctx *CTX, unsigned
+ LENGTH, uint8_t *DIGEST)
+ -- Function: void umac64_digest (struct umac64_ctx *CTX, unsigned
+ LENGTH, uint8_t *DIGEST)
+ -- Function: void umac96_digest (struct umac96_ctx *CTX, unsigned
+ LENGTH, uint8_t *DIGEST)
+ -- Function: void umac128_digest (struct umac128_ctx *CTX, unsigned
+ LENGTH, uint8_t *DIGEST)
+ Extracts the MAC of the message, writing it to DIGEST. LENGTH is
+ usually equal to the specified output size, but if you provide a
+ smaller value, only the first LENGTH octets of the MAC are
+ written. These functions reset the context for processing of a new
+ message with the same key. The nonce is incremented as described
+ above, the new value is used unless you call the `_set_nonce'
+ function explicitly for each message.
+
\1f
-File: nettle.info, Node: Public-key algorithms, Next: Randomness, Prev: Keyed hash functions, Up: Reference
+File: nettle.info, Node: Key derivation functions, Next: Public-key algorithms, Prev: Keyed hash functions, Up: Reference
-Public-key algorithms
-=====================
+6.5 Key derivation Functions
+============================
+
+A "key derivation function" (KDF) is a function that from a given
+symmetric key derives other symmetric keys. A sub-class of KDFs is the
+"password-based key derivation functions" (PBKDFs), which take as input
+a password or passphrase, and its purpose is typically to strengthen it
+and protect against certain pre-computation attacks by using salting
+and expensive computation.
+
+6.5.1 PBKDF2
+------------
+
+The most well known PBKDF is the `PKCS #5 PBKDF2' described in `RFC
+2898' which uses a pseudo-random function such as HMAC-SHA1.
+
+ Nettle's PBKDF2 functions are defined in `<nettle/pbkdf2.h>'. There
+is an abstract function that operate on any PRF implemented via the
+`nettle_hash_update_func', `nettle_hash_digest_func' interfaces. There
+is also helper macros and concrete functions PBKDF2-HMAC-SHA1 and
+PBKDF2-HMAC-SHA256. First, the abstract function:
+
+ -- Function: void pbkdf2 (void *mac_ctx, nettle_hash_update_func
+ *update, nettle_hash_digest_func *digest, unsigned
+ digest_size, unsigned iterations, unsigned salt_length, const
+ uint8_t *salt, unsigned length, uint8_t *dst)
+ Derive symmetric key from a password according to PKCS #5 PBKDF2.
+ The PRF is assumed to have been initialized and this function will
+ call the UPDATE and DIGEST functions passing the MAC_CTX context
+ parameter as an argument in order to compute digest of size
+ DIGEST_SIZE. Inputs are the salt SALT of length SALT_LENGTH, the
+ iteration counter ITERATIONS (> 0), and the desired derived output
+ length LENGTH. The output buffer is DST which must have room for
+ at least LENGTH octets.
+
+ Like for CBC and HMAC, there is a macro to help use the function
+correctly.
+
+ -- Macro: PBKDF2 (CTX, UPDATE, DIGEST, DIGEST_SIZE, ITERATIONS,
+ SALT_LENGTH, SALT, LENGTH, DST)
+ CTX is a pointer to a context struct passed to the UPDATE and
+ DIGEST functions (of the types `nettle_hash_update_func' and
+ `nettle_hash_digest_func' respectively) to implement the
+ underlying PRF with digest size of DIGEST_SIZE. Inputs are the
+ salt SALT of length SALT_LENGTH, the iteration counter ITERATIONS
+ (> 0), and the desired derived output length LENGTH. The output
+ buffer is DST which must have room for at least LENGTH octets.
+
+6.5.2 Concrete PBKDF2 functions
+-------------------------------
+
+Now we come to the specialized PBKDF2 functions, which are easier to
+use than the general PBKDF2 function.
+
+6.5.2.1 PBKDF2-HMAC-SHA1
+........................
+
+ -- Function: void pbkdf2_hmac_sha1 (unsigned KEY_LENGTH, const uint8_t
+ *KEY, unsigned ITERATIONS, unsigned SALT_LENGTH, const
+ uint8_t *SALT, unsigned LENGTH, uint8_t *DST)
+ PBKDF2 with HMAC-SHA1. Derive LENGTH bytes of key into buffer DST
+ using the password KEY of length KEY_LENGTH and salt SALT of
+ length SALT_LENGTH, with iteration counter ITERATIONS (> 0). The
+ output buffer is DST which must have room for at least LENGTH
+ octets.
+
+6.5.2.2 PBKDF2-HMAC-SHA256
+..........................
+
+ -- Function: void pbkdf2_hmac_sha256 (unsigned KEY_LENGTH, const
+ uint8_t *KEY, unsigned ITERATIONS, unsigned SALT_LENGTH,
+ const uint8_t *SALT, unsigned LENGTH, uint8_t *DST)
+ PBKDF2 with HMAC-SHA256. Derive LENGTH bytes of key into buffer
+ DST using the password KEY of length KEY_LENGTH and salt SALT of
+ length SALT_LENGTH, with iteration counter ITERATIONS (> 0). The
+ output buffer is DST which must have room for at least LENGTH
+ octets.
+
+\1f
+File: nettle.info, Node: Public-key algorithms, Next: Randomness, Prev: Key derivation functions, Up: Reference
+
+6.6 Public-key algorithms
+=========================
Nettle uses GMP, the GNU bignum library, for all calculations with
large numbers. In order to use the public-key features of Nettle, you
* RSA:: The RSA public key algorithm.
* DSA:: The DSA digital signature algorithm.
+* Elliptic curves:: Elliptic curves and ECDSA
\1f
File: nettle.info, Node: RSA, Next: DSA, Prev: Public-key algorithms, Up: Public-key algorithms
-RSA
----
+6.6.1 RSA
+---------
The RSA algorithm was the first practical digital signature algorithm
that was constructed. It was described 1978 in a paper by Ronald
F(x) = x^e mod n
- I.e. raise x to the `e':th power, while discarding all multiples of
+ I.e. raise x to the `e''th power, while discarding all multiples of
`n'. The pair of numbers `n' and `e' is the public key. `e' can be
quite small, even `e = 3' has been used, although slightly larger
numbers are recommended. `n' should be about 1000 bits or larger.
If `n' is large enough, and properly chosen, the inverse of F, the
-computation of `e':th roots modulo `n', is very difficult. But,
+computation of `e''th roots modulo `n', is very difficult. But,
where's the trapdoor?
Let's first look at how RSA key-pairs are generated. First `n' is
the message in the same way as above. Then `s^e mod n' is computed, the
operation returns true if and only if the result equals `x'.
-Nettle's RSA support
---------------------
+6.6.2 Nettle's RSA support
+--------------------------
Nettle represents RSA keys using two structures that contain large
numbers (of type `mpz_t').
- - Context struct: rsa_public_key size n e
+ -- Context struct: rsa_public_key size n e
`size' is the size, in octets, of the modulo, and is used
internally. `n' and `e' is the public key.
- - Context struct: rsa_private_key size d p q a b c
+ -- Context struct: rsa_private_key size d p q a b c
`size' is the size, in octets, of the modulo, and is used
internally. `d' is the secret exponent, but it is not actually
used when signing. Instead, the factors `p' and `q', and the
Before use, these structs must be initialized by calling one of
- - Function: void rsa_public_key_init (struct rsa_public_key *PUB)
- - Function: void rsa_private_key_init (struct rsa_private_key *KEY)
+ -- Function: void rsa_public_key_init (struct rsa_public_key *PUB)
+ -- Function: void rsa_private_key_init (struct rsa_private_key *KEY)
Calls `mpz_init' on all numbers in the key struct.
and when finished with them, the space for the numbers must be
deallocated by calling one of
- - Function: void rsa_public_key_clear (struct rsa_public_key *PUB)
- - Function: void rsa_private_key_clear (struct rsa_private_key *KEY)
+ -- Function: void rsa_public_key_clear (struct rsa_public_key *PUB)
+ -- Function: void rsa_private_key_clear (struct rsa_private_key *KEY)
Calls `mpz_clear' on all numbers in the key struct.
In general, Nettle's RSA functions deviates from Nettle's "no memory
When you have assigned values to the attributes of a key, you must
call
- - Function: int rsa_public_key_prepare (struct rsa_public_key *PUB)
- - Function: int rsa_private_key_prepare (struct rsa_private_key *KEY)
+ -- Function: int rsa_public_key_prepare (struct rsa_public_key *PUB)
+ -- Function: int rsa_private_key_prepare (struct rsa_private_key *KEY)
Computes the octet size of the key (stored in the `size' attribute,
and may also do other basic sanity checks. Returns one if
successful, or zero if the key can't be used, for instance if the
Creation and verification of signatures is done with the following
functions:
- - Function: int rsa_md5_sign (const struct rsa_private_key *KEY,
+ -- Function: int rsa_md5_sign (const struct rsa_private_key *KEY,
struct md5_ctx *HASH, mpz_t SIGNATURE)
- - Function: int rsa_sha1_sign (const struct rsa_private_key *KEY,
+ -- Function: int rsa_sha1_sign (const struct rsa_private_key *KEY,
struct sha1_ctx *HASH, mpz_t SIGNATURE)
- - Function: int rsa_sha256_sign (const struct rsa_private_key *KEY,
+ -- Function: int rsa_sha256_sign (const struct rsa_private_key *KEY,
struct sha256_ctx *HASH, mpz_t SIGNATURE)
- - Function: int rsa_sha512_sign (const struct rsa_private_key *KEY,
+ -- Function: int rsa_sha512_sign (const struct rsa_private_key *KEY,
struct sha512_ctx *HASH, mpz_t SIGNATURE)
The signature is stored in SIGNATURE (which must have been
`mpz_init''ed earlier). The hash context is reset so that it can be
e.g., it's not possible to create a signature using SHA512 and a
512-bit RSA key.
- - Function: int rsa_md5_sign_digest (const struct rsa_private_key
+ -- Function: int rsa_md5_sign_digest (const struct rsa_private_key
*KEY, const uint8_t *DIGEST, mpz_t SIGNATURE)
- - Function: int rsa_sha1_sign_digest (const struct rsa_private_key
+ -- Function: int rsa_sha1_sign_digest (const struct rsa_private_key
*KEY, const uint8_t *DIGEST, mpz_t SIGNATURE);
- - Function: int rsa_sha256_sign_digest (const struct rsa_private_key
+ -- Function: int rsa_sha256_sign_digest (const struct rsa_private_key
*KEY, const uint8_t *DIGEST, mpz_t SIGNATURE);
- - Function: int rsa_sha512_sign_digest (const struct rsa_private_key
+ -- Function: int rsa_sha512_sign_digest (const struct rsa_private_key
*KEY, const uint8_t *DIGEST, mpz_t SIGNATURE);
Creates a signature from the given hash digest. DIGEST should
point to a digest of size `MD5_DIGEST_SIZE', `SHA1_DIGEST_SIZE',
SIGNATURE (which must have been `mpz_init':ed earlier). Returns
one on success, or zero on failure.
- - Function: int rsa_md5_verify (const struct rsa_public_key *KEY,
+ -- Function: int rsa_md5_verify (const struct rsa_public_key *KEY,
struct md5_ctx *HASH, const mpz_t SIGNATURE)
- - Function: int rsa_sha1_verify (const struct rsa_public_key *KEY,
+ -- Function: int rsa_sha1_verify (const struct rsa_public_key *KEY,
struct sha1_ctx *HASH, const mpz_t SIGNATURE)
- - Function: int rsa_sha256_verify (const struct rsa_public_key *KEY,
+ -- Function: int rsa_sha256_verify (const struct rsa_public_key *KEY,
struct sha256_ctx *HASH, const mpz_t SIGNATURE)
- - Function: int rsa_sha512_verify (const struct rsa_public_key *KEY,
+ -- Function: int rsa_sha512_verify (const struct rsa_public_key *KEY,
struct sha512_ctx *HASH, const mpz_t SIGNATURE)
Returns 1 if the signature is valid, or 0 if it isn't. In either
case, the hash context is reset so that it can be used for new
messages.
- - Function: int rsa_md5_verify_digest (const struct rsa_public_key
+ -- Function: int rsa_md5_verify_digest (const struct rsa_public_key
*KEY, const uint8_t *DIGEST, const mpz_t SIGNATURE)
- - Function: int rsa_sha1_verify_digest (const struct rsa_public_key
+ -- Function: int rsa_sha1_verify_digest (const struct rsa_public_key
*KEY, const uint8_t *DIGEST, const mpz_t SIGNATURE)
- - Function: int rsa_sha256_verify_digest (const struct rsa_public_key
+ -- Function: int rsa_sha256_verify_digest (const struct rsa_public_key
*KEY, const uint8_t *DIGEST, const mpz_t SIGNATURE)
- - Function: int rsa_sha512_verify_digest (const struct rsa_public_key
+ -- Function: int rsa_sha512_verify_digest (const struct rsa_public_key
*KEY, const uint8_t *DIGEST, const mpz_t SIGNATURE)
Returns 1 if the signature is valid, or 0 if it isn't. DIGEST
should point to a digest of size `MD5_DIGEST_SIZE',
isn't supported by the above functions Nettle also includes a function
that computes `x^d mod n' and nothing more, using the CRT optimization.
- - Function: void rsa_compute_root (struct rsa_private_key *KEY, mpz_t
+ -- Function: void rsa_compute_root (struct rsa_private_key *KEY, mpz_t
X, const mpz_t M)
Computes `x = m^d', efficiently.
At last, how do you create new keys?
- - Function: int rsa_generate_keypair (struct rsa_public_key *PUB,
+ -- Function: int rsa_generate_keypair (struct rsa_public_key *PUB,
struct rsa_private_key *KEY, void *RANDOM_CTX,
nettle_random_func RANDOM, void *PROGRESS_CTX,
nettle_progress_func PROGRESS, unsigned N_SIZE, unsigned
the result is the same.
\1f
-File: nettle.info, Node: DSA, Prev: RSA, Up: Public-key algorithms
+File: nettle.info, Node: DSA, Next: Elliptic curves, Prev: RSA, Up: Public-key algorithms
-Nettle's DSA support
---------------------
+6.6.3 DSA
+---------
The DSA digital signature algorithm is more complex than RSA. It was
specified during the early 1990s, and in 1994 NIST published FIPS 186
which is the authoritative specification. Sometimes DSA is referred to
using the acronym DSS, for Digital Signature Standard. The most recent
-revision of the specification, FIPS186-3, was issueed in 2009, and it
+revision of the specification, FIPS186-3, was issued in 2009, and it
adds support for larger hash functions than sha1.
For DSA, the underlying mathematical problem is the computation of
-discreet logarithms. The public key consists of a large prime `p', a
+discrete logarithms. The public key consists of a large prime `p', a
small prime `q' which is a factor of `p-1', a number `g' which
generates a subgroup of order `q' modulo `p', and an element `y' in
that subgroup.
complexity `sqrt(q)'.
The important point is that security depends on the size of _both_
-`p' and `q', and they should be choosen so that the difficulty of both
+`p' and `q', and they should be chosen so that the difficulty of both
discrete logarithm methods are comparable. Today, the security margin
of the original DSA may be uncomfortably small. Using a `p' of 1024
bits implies that cracking using the number field sieve is expected to
source is a serious disadvantage. If you ever use the same `k' (and
`r') for two different message, you leak your private key.
-Nettle's DSA support
---------------------
+6.6.4 Nettle's DSA support
+--------------------------
Like for RSA, Nettle represents DSA keys using two structures,
containing values of type `mpz_t'. For information on how to customize
start, there are no functions corresponding to `rsa_public_key_prepare'
and `rsa_private_key_prepare'.
- - Context struct: dsa_public_key p q g y
+ -- Context struct: dsa_public_key p q g y
The public parameters described above.
- - Context struct: dsa_private_key x
+ -- Context struct: dsa_private_key x
The private key `x'.
Before use, these structs must be initialized by calling one of
- - Function: void dsa_public_key_init (struct dsa_public_key *PUB)
- - Function: void dsa_private_key_init (struct dsa_private_key *KEY)
+ -- Function: void dsa_public_key_init (struct dsa_public_key *PUB)
+ -- Function: void dsa_private_key_init (struct dsa_private_key *KEY)
Calls `mpz_init' on all numbers in the key struct.
When finished with them, the space for the numbers must be
deallocated by calling one of
- - Function: void dsa_public_key_clear (struct dsa_public_key *PUB)
- - Function: void dsa_private_key_clear (struct dsa_private_key *KEY)
+ -- Function: void dsa_public_key_clear (struct dsa_public_key *PUB)
+ -- Function: void dsa_private_key_clear (struct dsa_private_key *KEY)
Calls `mpz_clear' on all numbers in the key struct.
Signatures are represented using the structure below, and need to be
initialized and cleared in the same way as the key structs.
- - Context struct: dsa_signature r s
+ -- Context struct: dsa_signature r s
- - Function: void dsa_signature_init (struct dsa_signature *SIGNATURE)
- - Function: void dsa_signature_clear (struct dsa_signature *SIGNATURE)
+ -- Function: void dsa_signature_init (struct dsa_signature *SIGNATURE)
+ -- Function: void dsa_signature_clear (struct dsa_signature *SIGNATURE)
You must call `dsa_signature_init' before creating or using a
signature, and call `dsa_signature_clear' when you are finished
with it.
of DSA with SHA256 should be considered somewhat experimental due to
lack of official test vectors and interoperability testing.
- - Function: int dsa_sha1_sign (const struct dsa_public_key *PUB, const
- struct dsa_private_key *KEY, void *RANDOM_CTX,
+ -- Function: int dsa_sha1_sign (const struct dsa_public_key *PUB,
+ const struct dsa_private_key *KEY, void *RANDOM_CTX,
nettle_random_func RANDOM, struct sha1_ctx *HASH, struct
dsa_signature *SIGNATURE)
- - Function: int dsa_sha1_sign_digest (const struct dsa_public_key
+ -- Function: int dsa_sha1_sign_digest (const struct dsa_public_key
*PUB, const struct dsa_private_key *KEY, void *RANDOM_CTX,
nettle_random_func RANDOM, const uint8_t *DIGEST, struct
dsa_signature *SIGNATURE)
- - Function: int dsa_sha256_sign (const struct dsa_public_key *PUB,
+ -- Function: int dsa_sha256_sign (const struct dsa_public_key *PUB,
const struct dsa_private_key *KEY, void *RANDOM_CTX,
nettle_random_func RANDOM, struct sha256_ctx *HASH, struct
dsa_signature *SIGNATURE)
- - Function: int dsa_sha256_sign_digest (const struct dsa_public_key
+ -- Function: int dsa_sha256_sign_digest (const struct dsa_public_key
*PUB, const struct dsa_private_key *KEY, void *RANDOM_CTX,
nettle_random_func RANDOM, const uint8_t *DIGEST, struct
dsa_signature *SIGNATURE)
Verifying signatures is a little easier, since no randomness
generator is needed. The functions are
- - Function: int dsa_sha1_verify (const struct dsa_public_key *KEY,
+ -- Function: int dsa_sha1_verify (const struct dsa_public_key *KEY,
struct sha1_ctx *HASH, const struct dsa_signature *SIGNATURE)
- - Function: int dsa_sha1_verify_digest (const struct dsa_public_key
+ -- Function: int dsa_sha1_verify_digest (const struct dsa_public_key
*KEY, const uint8_t *DIGEST, const struct dsa_signature
*SIGNATURE)
- - Function: int dsa_sha256_verify (const struct dsa_public_key *KEY,
+ -- Function: int dsa_sha256_verify (const struct dsa_public_key *KEY,
struct sha256_ctx *HASH, const struct dsa_signature
*SIGNATURE)
- - Function: int dsa_sha256_verify_digest (const struct dsa_public_key
+ -- Function: int dsa_sha256_verify_digest (const struct dsa_public_key
*KEY, const uint8_t *DIGEST, const struct dsa_signature
*SIGNATURE)
Verifies a signature. Returns 1 if the signature is valid,
Key generation uses mostly the same parameters as the corresponding
RSA function.
- - Function: int dsa_generate_keypair (struct dsa_public_key *PUB,
+ -- Function: int dsa_generate_keypair (struct dsa_public_key *PUB,
struct dsa_private_key *KEY, void *RANDOM_CTX,
nettle_random_func RANDOM, void *PROGRESS_CTX,
nettle_progress_func PROGRESS, unsigned P_BITS, unsigned
expected to support such keys. Also note that using very large
P_BITS, with Q_BITS fixed at 160, doesn't make much sense, because
the security is also limited by the size of the smaller prime.
- Using a larger `q_bits' requires switchign to a larger hash
+ Using a larger `q_bits' requires switching to a larger hash
function. To generate DSA keys for use with SHA256, use `q_bits =
256' and, e.g., `p_bits = 2048'.
small.
\1f
-File: nettle.info, Node: Randomness, Next: Miscellaneous functions, Prev: Public-key algorithms, Up: Reference
+File: nettle.info, Node: Elliptic curves, Prev: DSA, Up: Public-key algorithms
+
+6.6.5 Elliptic curves
+---------------------
+
+For cryptographic purposes, an elliptic curve is a mathematical group of
+points, and computing logarithms in this group is computationally
+difficult problem. Nettle uses additive notation for elliptic curve
+groups. If P and Q are two points, and k is an integer, the point sum,
+P + Q, and the multiple k P can be computed efficiently, but given only
+two points P and Q, finding an integer k such that Q = k P is the
+elliptic curve discrete logarithm problem.
+
+ Nettle supports standard curves which are all of the form y^2 = x^3
+- 3 x + b (mod p), i.e., the points have coordinates (x,y), both
+considered as integers modulo a specified prime p. Curves are
+represented as a `struct ecc_curve'. Supported curves are declared in
+`<nettle/ecc-curve.h>', e.g., `nettle_secp_256r1' for a standardized
+curve using the 256-bit prime p = 2^256 - 2^224 + 2^192 + 2^96 - 1. The
+contents of these structs is not visible to nettle users. The "bitsize
+of the curve" is used as a shorthand for the bitsize of the curve's
+prime p, e.g., 256 bits for `nettle_secp_256r1'.
+
+6.6.5.1 Side-channel silence
+............................
+
+Nettle's implementation of the elliptic curve operations is intended to
+be side-channel silent. The side-channel attacks considered are:
+
+ * Timing attacks If the timing of operations depends on secret
+ values, an attacker interacting with your system can measure the
+ response time, and infer information about your secrets, e.g., a
+ private signature key.
+
+ * Attacks using memory caches Assume you have some secret data on a
+ multi-user system, and that this data is properly protected so
+ that other users get no direct access to it. If you have a process
+ operating on the secret data, and this process does memory
+ accesses depending on the data, e.g, an internal lookup table in
+ some cryptographic algorithm, an attacker running a separate
+ process on the same system may use behavior of internal CPU caches
+ to get information about your secrets.
+
+ Nettle's ECC implementation is designed to be "side-channel silent",
+and not leak any information to these attacks. Timing and memory
+accesses depend only on the size of the input data and its location in
+memory, not on the actual data bits. This implies a performance penalty
+in several of the building blocks.
+
+6.6.6 ECDSA
+-----------
+
+ECDSA is a variant of the DSA digital signature scheme (*note DSA::),
+which works over an elliptic curve group rather than over a (subgroup
+of) integers modulo p. Like DSA, creating a signature requires a unique
+random nonce (repeating the nonce with two different messages reveals
+the private key, and any leak or bias in the generation of the nonce
+also leaks information about the key).
+
+ Unlike DSA, signatures are in general not tied to any particular hash
+function or even hash size. Any hash function can be used, and the hash
+value is truncated or padded as needed to get a size matching the curve
+being used. It is recommended to use a strong cryptographic hash
+function with digest size close to the bit size of the curve, e.g.,
+SHA256 is a reasonable choice when using ECDSA signature over the curve
+secp256r1. A protocol or application using ECDSA has to specify which
+curve and which hash function to use, or provide some mechanism for
+negotiating.
+
+ Nettle defines ECDSA in `<nettle/ecdsa.h>'. We first need to define
+the data types used to represent public and private keys.
+
+ -- struct: struct ecc_point
+ Represents a point on an elliptic curve. In particular, it is used
+ to represent an ECDSA public key.
+
+ -- Function: void ecc_point_init (struct ecc_point *P, const
+ structecc_curve *ECC)
+ Initializes P to represent points on the given curve ECC.
+ Allocates storage for the coordinates, using the same allocation
+ functions as GMP.
+
+ -- Function: void ecc_point_clear (struct ecc_point *P)
+ Deallocate storage.
+
+ -- Function: int ecc_point_set (struct ecc_point *P, const mpz_t X,
+ const mpz_t Y)
+ Check that the given coordinates represent a point on the curve.
+ If so, the coordinates are copied and converted to internal
+ representation, and the function returns 1. Otherwise, it returns
+ 0. Currently, the infinity point (or zero point, with additive
+ notation) i snot allowed.
+
+ -- Function: void ecc_point_get (const struct ecc_point *P, mpz_t X,
+ mpz_t Y)
+ Extracts the coordinate of the point P. The output parameters X or
+ Y may be NULL if the caller doesn't want that coordinate.
+
+ -- struct: struct ecc_scalar
+ Represents an integer in the range 0 < x < group order, where the
+ "group order" refers to the order of an ECC group. In particular,
+ it is used to represent an ECDSA private key.
+
+ -- Function: void ecc_scalar_init (struct ecc_scalar *S, const struct
+ ecc_curve *ECC)
+ Initializes S to represent a scalar suitable for the given curve
+ ECC. Allocates storage using the same allocation functions as GMP.
+
+ -- Function: void ecc_scalar_clear (struct ecc_scalar *S)
+ Deallocate storage.
+
+ -- Function: int ecc_scalar_set (struct ecc_scalar *S, const mpz_t Z)
+ Check that Z is in the correct range. If so, copies the value to S
+ and returns 1, otherwise returns 0.
+
+ -- Function: void ecc_scalar_get (const struct ecc_scalar *S, mpz_t Z)
+ Extracts the scalar, in GMP `mpz_t' representation.
+
+ To create and verify ECDSA signatures, the following functions are
+used.
+
+ -- Function: void ecdsa_sign (const struct ecc_scalar *KEY, void
+ *RANDOM_CTX, nettle_random_func *RANDOM, unsigned
+ DIGEST_LENGTH, const uint8_t *DIGEST, struct dsa_signature
+ *SIGNATURE)
+ Uses the private key KEY to create a signature on DIGEST.
+ RANDOM_CTX and RANDOM is a randomness generator.
+ `random(random_ctx, length, dst)' should generate `length' random
+ octets and store them at `dst'. The signature is stored in
+ SIGNATURE, in the same was as for plain DSA.
+
+ -- Function: int ecdsa_verify (const struct ecc_point *PUB, unsigned
+ LENGTH, const uint8_t *DIGEST, const struct dsa_signature
+ *SIGNATURE)
+ Uses the public key PUB to verify that SIGNATURE is a valid
+ signature for the message digest DIGEST (of LENGTH octets).
+ Returns 1 if the signature is valid, otherwise 0.
+
+ Finally, to generation of new an ECDSA key pairs
+
+ -- Function: void ecdsa_generate_keypair (struct ecc_point *PUB,
+ struct ecc_scalar *KEY, void *RANDOM_CTX, nettle_random_func
+ *RANDOM);
+ PUB and KEY is where the resulting key pair is stored. The structs
+ should be initialized, for the desired ECC curve, before you call
+ this function.
+
+ RANDOM_CTX and RANDOM is a randomness generator.
+ `random(random_ctx, length, dst)' should generate `length' random
+ octets and store them at `dst'. For advice, see *Note Randomness::.
+
+\1f
+File: nettle.info, Node: Randomness, Next: ASCII encoding, Prev: Public-key algorithms, Up: Reference
-Randomness
-==========
+6.7 Randomness
+==============
A crucial ingredient in many cryptographic contexts is randomness: Let
`p' be a random prime, choose a random initialization vector `iv', a
The recommended generator to use is Yarrow, described below.
-Yarrow
-------
+6.7.1 Yarrow
+------------
Yarrow is a family of pseudo-randomness generators, designed for
cryptographic use, by John Kelsey, Bruce Schneier and Niels Ferguson.
Yarrow-160 is described in a paper at
-<http://www.counterpane.com/yarrow.html>, and it uses SHA1 and
+`http://www.counterpane.com/yarrow.html', and it uses SHA1 and
triple-DES, and has a 160-bit internal state. Nettle implements
Yarrow-256, which is similar, but uses SHA256 and AES to get an
internal state of 256 bits.
Nettle defines Yarrow-256 in `<nettle/yarrow.h>'.
- - Context struct: struct yarrow256_ctx
+ -- Context struct: struct yarrow256_ctx
- - Context struct: struct yarrow_source
+ -- Context struct: struct yarrow_source
Information about a single source.
- - Constant: YARROW256_SEED_FILE_SIZE
- Recommanded size of the Yarrow-256 seed file.
+ -- Constant: YARROW256_SEED_FILE_SIZE
+ Recommended size of the Yarrow-256 seed file.
- - Function: void yarrow256_init (struct yarrow256_ctx *CTX, unsigned
+ -- Function: void yarrow256_init (struct yarrow256_ctx *CTX, unsigned
NSOURCES, struct yarrow_source *SOURCES)
Initializes the yarrow context, and its NSOURCES sources. It's
possible to call it with NSOURCES=0 and SOURCES=NULL, if you don't
need the update features.
- - Function: void yarrow256_seed (struct yarrow256_ctx *CTX, unsigned
+ -- Function: void yarrow256_seed (struct yarrow256_ctx *CTX, unsigned
LENGTH, uint8_t *SEED_FILE)
Seeds Yarrow-256 from a previous seed file. LENGTH should be at
least `YARROW256_SEED_FILE_SIZE', but it can be larger.
about the same time, access must be coordinated using some locking
mechanism.
- - Function: int yarrow256_update (struct yarrow256_ctx *CTX, unsigned
+ -- Function: int yarrow256_update (struct yarrow256_ctx *CTX, unsigned
SOURCE, unsigned ENTROPY, unsigned LENGTH, const uint8_t
*DATA)
Updates the generator with data from source SOURCE (an index that
`yarrow256_random' and overwrite the seed file. Otherwise, the
function returns 0.
- - Function: void yarrow256_random (struct yarrow256_ctx *CTX, unsigned
- LENGTH, uint8_t *DST)
+ -- Function: void yarrow256_random (struct yarrow256_ctx *CTX,
+ unsigned LENGTH, uint8_t *DST)
Generates LENGTH octets of output. The generator must be seeded
before you call this function.
efficiency by buffering, calling this function for reasonably large
blocks of data, say 100-1000 octets at a time.
- - Function: int yarrow256_is_seeded (struct yarrow256_ctx *CTX)
+ -- Function: int yarrow256_is_seeded (struct yarrow256_ctx *CTX)
Returns 1 if the generator is seeded and ready to generate output,
otherwise 0.
- - Function: unsigned yarrow256_needed_sources (struct yarrow256_ctx
+ -- Function: unsigned yarrow256_needed_sources (struct yarrow256_ctx
*CTX)
Returns the number of sources that must reach the threshold before
a slow reseed will happen. Useful primarily when the generator is
unseeded.
- - Function: void yarrow256_fast_reseed (struct yarrow256_ctx *CTX)
- - Function: void yarrow256_slow_reseed (struct yarrow256_ctx *CTX)
+ -- Function: void yarrow256_fast_reseed (struct yarrow256_ctx *CTX)
+ -- Function: void yarrow256_slow_reseed (struct yarrow256_ctx *CTX)
Causes a fast or slow reseed to take place immediately, regardless
of the current entropy estimates of the two pools. Use with care.
Nettle includes an entropy estimator for one kind of input source:
User keyboard input.
- - Context struct: struct yarrow_key_event_ctx
+ -- Context struct: struct yarrow_key_event_ctx
Information about recent key events.
- - Function: void yarrow_key_event_init (struct yarrow_key_event_ctx
+ -- Function: void yarrow_key_event_init (struct yarrow_key_event_ctx
*CTX)
Initializes the context.
- - Function: unsigned yarrow_key_event_estimate (struct
+ -- Function: unsigned yarrow_key_event_estimate (struct
yarrow_key_event_ctx *CTX, unsigned KEY, unsigned TIME)
KEY is the id of the key (ASCII value, hardware key code, X
keysym, ..., it doesn't matter), and TIME is the timestamp of the
`yarrow256_update'. Usually, 0, 1 or 2 bits.
\1f
-File: nettle.info, Node: Miscellaneous functions, Next: Compatibility functions, Prev: Randomness, Up: Reference
+File: nettle.info, Node: ASCII encoding, Next: Miscellaneous functions, Prev: Randomness, Up: Reference
+
+6.8 ASCII encoding
+==================
+
+Encryption will transform your data from text into binary format, and
+that may be a problem if you want, for example, to send the data as if
+it was plain text in an email (or store it along with descriptive text
+in a file). You may then use an encoding from binary to text: each
+binary byte is translated into a number of bytes of plain text.
+
+ A base-N encoding of data is one representation of data that only
+uses N different symbols (instead of the 256 possible values of a byte).
+
+ The base64 encoding will always use alphanumeric (upper and lower
+case) characters and the '+', '/' and '=' symbols to represent the
+data. Four output characters are generated for each three bytes of
+input. In case the length of the input is not a multiple of three,
+padding characters are added at the end.
+
+ The base16 encoding, also known as "hexadecimal", uses the decimal
+digits and the letters from A to F. Two hexadecimal digits are generated
+for each input byte. Base16 may be useful if you want to use the data
+for filenames or URLs, for example.
+
+ Nettle supports both base64 and base16 encoding and decoding.
+
+ Encoding and decoding uses a context struct to maintain its state
+(with the exception of base16 encoding, which doesn't need any). To
+encode or decode the your data, first initialize the context, then call
+the update function as many times as necessary, and complete the
+operation by calling the final function.
+
+ The following functions can be used to perform base64 encoding and
+decoding. They are defined in `<nettle/base64.h>'.
+
+ -- Context struct: struct base64_encode_ctx
+
+ -- Function: void base64_encode_init (struct base64_encode_ctx *CTX)
+ Initializes a base64 context. This is necessary before starting an
+ encoding session.
+
+ -- Function: unsigned base64_encode_single (struct base64_encode_ctx
+ *CTX, uint8_t *DST, uint8_t SRC)
+ Encodes a single byte. Returns amount of output (always 1 or 2).
+
+ -- Macro: BASE64_ENCODE_LENGTH (LENGTH)
+ The maximum number of output bytes when passing LENGTH input bytes
+ to `base64_encode_update'.
+
+ -- Function: unsigned base64_encode_update (struct base64_encode_ctx
+ *CTX, uint8_t *DST, unsigned LENGTH, const uint8_t *SRC)
+ After CTX is initialized, this function may be called to encode
+ LENGTH bytes from SRC. The result will be placed in DST, and the
+ return value will be the number of bytes generated. Note that DST
+ must be at least of size BASE64_ENCODE_LENGTH(LENGTH).
+
+ -- Constant: BASE64_ENCODE_FINAL_LENGTH
+ The maximum amount of output from `base64_encode_final'.
+
+ -- Function: unsigned base64_encode_final (struct base64_encode_ctx
+ *CTX, uint8_t *DST)
+ After calling base64_encode_update one or more times, this function
+ should be called to generate the final output bytes, including any
+ needed paddding. The return value is the number of output bytes
+ generated.
+
+ -- Context struct: struct base64_decode_ctx
+
+ -- Function: void base64_decode_init (struct base64_decode_ctx *CTX)
+ Initializes a base64 decoding context. This is necessary before
+ starting a decoding session.
+
+ -- Function: int base64_decode_single (struct base64_decode_ctx *CTX,
+ uint8_t *DST, uint8_t SRC)
+ Decodes a single byte (SRC) and stores the result in DST. Returns
+ amount of output (0 or 1), or -1 on errors.
+
+ -- Macro: BASE64_DECODE_LENGTH (LENGTH)
+ The maximum number of output bytes when passing LENGTH input bytes
+ to `base64_decode_update'.
+
+ -- Function: void base64_decode_update (struct base64_decode_ctx *CTX,
+ unsigned *DST_LENGTH, uint8_t *DST, unsigned SRC_LENGTH,
+ const uint8_t *SRC)
+ After CTX is initialized, this function may be called to decode
+ SRC_LENGTH bytes from SRC. DST should point to an area of size at
+ least BASE64_DECODE_LENGTH(LENGTH), and for sanity checking,
+ DST_LENGTH should be initialized to the size of that area before
+ the call. DST_LENGTH is updated to the amount of decoded output.
+ The function will return 1 on success and 0 on error.
+
+ -- Function: int base64_decode_final (struct base64_decode_ctx *CTX)
+ Check that final padding is correct. Returns 1 on success, and 0 on
+ error.
+
+ Similarly to the base64 functions, the following functions perform
+base16 encoding, and are defined in `<nettle/base16.h>'. Note that
+there is no encoding context necessary for doing base16 encoding.
+
+ -- Function: void base16_encode_single (uint8_t *DST, uint8_t SRC)
+ Encodes a single byte. Always stores two digits in DST[0] and
+ DST[1].
+
+ -- Macro: BASE16_ENCODE_LENGTH (LENGTH)
+ The number of output bytes when passing LENGTH input bytes to
+ `base16_encode_update'.
+
+ -- Function: void base16_encode_update (uint8_t *DST, unsigned LENGTH,
+ const uint8_t *SRC)
+ Always stores BASE16_ENCODE_LENGTH(LENGTH) digits in DST.
+
+ -- Context struct: struct base16_decode_ctx
-Miscellaneous functions
-=======================
+ -- Function: void base16_decode_init (struct base16_decode_ctx *CTX)
+ Initializes a base16 decoding context. This is necessary before
+ starting a decoding session.
- - Function: uint8_t * memxor (uint8_t *DST, const uint8_t *SRC, size_t
- N)
+ -- Function: int base16_decode_single (struct base16_decode_ctx *CTX,
+ uint8_t *DST, uint8_t SRC)
+ Decodes a single byte from SRC into DST. Returns amount of output
+ (0 or 1), or -1 on errors.
+
+ -- Macro: BASE16_DECODE_LENGTH (LENGTH)
+ The maximum number of output bytes when passing LENGTH input bytes
+ to `base16_decode_update'.
+
+ -- Function: int base16_decode_update (struct base16_decode_ctx *CTX,
+ unsigned *DST_LENGTH, uint8_t *DST, unsigned SRC_LENGTH,
+ const uint8_t *SRC)
+ After CTX is initialized, this function may be called to decode
+ SRC_LENGTH bytes from SRC. DST should point to an area of size at
+ least BASE16_DECODE_LENGTH(LENGTH), and for sanity checking,
+ DST_LENGTH should be initialized to the size of that area before
+ the call. DST_LENGTH is updated to the amount of decoded output.
+ The function will return 1 on success and 0 on error.
+
+ -- Function: int base16_decode_final (struct base16_decode_ctx *CTX)
+ Checks that the end of data is correct (i.e., an even number of
+ hexadecimal digits have been seen). Returns 1 on success, and 0 on
+ error.
+
+\1f
+File: nettle.info, Node: Miscellaneous functions, Next: Compatibility functions, Prev: ASCII encoding, Up: Reference
+
+6.9 Miscellaneous functions
+===========================
+
+ -- Function: uint8_t * memxor (uint8_t *DST, const uint8_t *SRC,
+ size_t N)
XORs the source area on top of the destination area. The interface
doesn't follow the Nettle conventions, because it is intended to be
similar to the ANSI-C `memcpy' function.
\1f
File: nettle.info, Node: Compatibility functions, Prev: Miscellaneous functions, Up: Reference
-Compatibility functions
-=======================
+6.10 Compatibility functions
+============================
For convenience, Nettle includes alternative interfaces to some
algorithms, for compatibility with some other popular crypto toolkits.
\1f
File: nettle.info, Node: Nettle soup, Next: Installation, Prev: Reference, Up: Top
-Traditional Nettle Soup
-***********************
+7 Traditional Nettle Soup
+*************************
For the serious nettle hacker, here is a recipe for nettle soup. 4
servings.
\1f
File: nettle.info, Node: Installation, Next: Index, Prev: Nettle soup, Up: Top
-Installation
-************
+8 Installation
+**************
Nettle uses `autoconf'. To build it, unpack the source and run
make check
make install
-to install in the default location, `/usr/local'. The library files are
-installed in `/use/local/lib/libnettle.a' `/use/local/lib/libhogweed.a'
-and the include files are installed in `/use/local/include/nettle/'.
+to install in under the default prefix, `/usr/local'.
To get a list of configure options, use `./configure --help'.
- By default, only static libraries are built and installed. To also
-build and install shared libraries, use the ` --enable-shared' option
-to `./configure'.
+ By default, both static and shared libraries are built and
+installed. To omit building the shared libraries, use the `
+--disable-shared' option to `./configure'.
Using GNU make is recommended. For other make programs, in particular
BSD make, you may have to use the `--disable-dependency-tracking'
Function and Concept Index
**************************
+\0\b[index\0\b]
* Menu:
-* aes_decrypt: Cipher functions.
-* aes_encrypt: Cipher functions.
-* aes_invert_key: Cipher functions.
-* aes_set_decrypt_key: Cipher functions.
-* aes_set_encrypt_key: Cipher functions.
-* arcfour_crypt: Cipher functions.
-* arcfour_set_key: Cipher functions.
-* arctwo_decrypt: Cipher functions.
-* arctwo_encrypt: Cipher functions.
-* arctwo_set_key: Cipher functions.
-* arctwo_set_key_ekb: Cipher functions.
-* arctwo_set_key_gutmann: Cipher functions.
-* Block Cipher: Cipher functions.
-* blowfish_decrypt: Cipher functions.
-* blowfish_encrypt: Cipher functions.
-* blowfish_set_key: Cipher functions.
-* camellia_crypt: Cipher functions.
-* camellia_invert_key: Cipher functions.
-* camellia_set_decrypt_key: Cipher functions.
-* camellia_set_encrypt_key: Cipher functions.
-* cast128_decrypt: Cipher functions.
-* cast128_encrypt: Cipher functions.
-* cast128_set_key: Cipher functions.
-* CBC Mode: Cipher modes.
-* CBC_CTX: Cipher modes.
-* CBC_DECRYPT: Cipher modes.
-* cbc_decrypt: Cipher modes.
-* CBC_ENCRYPT: Cipher modes.
-* cbc_encrypt: Cipher modes.
-* CBC_SET_IV: Cipher modes.
-* Cipher: Cipher functions.
-* Cipher Block Chaining: Cipher modes.
-* Collision-resistant: Hash functions.
-* Conditional entropy: Randomness.
-* Counter Mode: Cipher modes.
-* CTR Mode: Cipher modes.
-* CTR_CRYPT: Cipher modes.
-* ctr_crypt: Cipher modes.
-* CTR_CTX: Cipher modes.
-* CTR_SET_COUNTER: Cipher modes.
-* des3_decrypt: Cipher functions.
-* des3_encrypt: Cipher functions.
-* des3_set_key: Cipher functions.
-* des_check_parity: Cipher functions.
-* des_decrypt: Cipher functions.
-* des_encrypt: Cipher functions.
-* des_fix_parity: Cipher functions.
-* des_set_key: Cipher functions.
-* dsa_generate_keypair: DSA.
-* dsa_private_key_clear: DSA.
-* dsa_private_key_init: DSA.
-* dsa_public_key_clear: DSA.
-* dsa_public_key_init: DSA.
-* dsa_sha1_sign: DSA.
-* dsa_sha1_sign_digest: DSA.
-* dsa_sha1_verify: DSA.
-* dsa_sha1_verify_digest: DSA.
-* dsa_sha256_sign: DSA.
-* dsa_sha256_sign_digest: DSA.
-* dsa_sha256_verify: DSA.
-* dsa_sha256_verify_digest: DSA.
-* dsa_signature_clear: DSA.
-* dsa_signature_init: DSA.
-* Entropy: Randomness.
-* Hash function: Hash functions.
+* aes_decrypt: Cipher functions. (line 123)
+* aes_encrypt: Cipher functions. (line 116)
+* aes_invert_key: Cipher functions. (line 105)
+* aes_set_decrypt_key: Cipher functions. (line 101)
+* aes_set_encrypt_key: Cipher functions. (line 99)
+* arcfour_crypt: Cipher functions. (line 175)
+* arcfour_set_key: Cipher functions. (line 170)
+* arctwo_decrypt: Cipher functions. (line 240)
+* arctwo_encrypt: Cipher functions. (line 233)
+* arctwo_set_key: Cipher functions. (line 217)
+* arctwo_set_key_ekb: Cipher functions. (line 215)
+* arctwo_set_key_gutmann: Cipher functions. (line 219)
+* base16_decode_final: ASCII encoding. (line 139)
+* base16_decode_init: ASCII encoding. (line 116)
+* BASE16_DECODE_LENGTH: ASCII encoding. (line 125)
+* base16_decode_single: ASCII encoding. (line 121)
+* base16_decode_update: ASCII encoding. (line 131)
+* BASE16_ENCODE_LENGTH: ASCII encoding. (line 106)
+* base16_encode_single: ASCII encoding. (line 102)
+* base16_encode_update: ASCII encoding. (line 111)
+* base64_decode_final: ASCII encoding. (line 94)
+* base64_decode_init: ASCII encoding. (line 71)
+* BASE64_DECODE_LENGTH: ASCII encoding. (line 80)
+* base64_decode_single: ASCII encoding. (line 76)
+* base64_decode_update: ASCII encoding. (line 86)
+* base64_encode_final: ASCII encoding. (line 63)
+* base64_encode_init: ASCII encoding. (line 40)
+* BASE64_ENCODE_LENGTH: ASCII encoding. (line 48)
+* base64_encode_single: ASCII encoding. (line 45)
+* base64_encode_update: ASCII encoding. (line 53)
+* Block Cipher: Cipher functions. (line 12)
+* blowfish_decrypt: Cipher functions. (line 282)
+* blowfish_encrypt: Cipher functions. (line 275)
+* blowfish_set_key: Cipher functions. (line 265)
+* camellia_crypt: Cipher functions. (line 332)
+* camellia_invert_key: Cipher functions. (line 321)
+* camellia_set_decrypt_key: Cipher functions. (line 317)
+* camellia_set_encrypt_key: Cipher functions. (line 315)
+* cast128_decrypt: Cipher functions. (line 372)
+* cast128_encrypt: Cipher functions. (line 365)
+* cast128_set_key: Cipher functions. (line 360)
+* CBC Mode: CBC. (line 6)
+* CBC_CTX: CBC. (line 51)
+* CBC_DECRYPT: CBC. (line 72)
+* cbc_decrypt: CBC. (line 37)
+* CBC_ENCRYPT: CBC. (line 71)
+* cbc_encrypt: CBC. (line 34)
+* CBC_SET_IV: CBC. (line 66)
+* Cipher: Cipher functions. (line 6)
+* Cipher Block Chaining: CBC. (line 6)
+* Collision-resistant: Hash functions. (line 18)
+* Conditional entropy: Randomness. (line 51)
+* Counter Mode: CTR. (line 6)
+* CTR Mode: CTR. (line 6)
+* CTR_CRYPT: CTR. (line 60)
+* ctr_crypt: CTR. (line 36)
+* CTR_CTX: CTR. (line 48)
+* CTR_SET_COUNTER: CTR. (line 55)
+* des3_decrypt: Cipher functions. (line 494)
+* des3_encrypt: Cipher functions. (line 487)
+* des3_set_key: Cipher functions. (line 476)
+* des_check_parity: Cipher functions. (line 420)
+* des_decrypt: Cipher functions. (line 416)
+* des_encrypt: Cipher functions. (line 409)
+* des_fix_parity: Cipher functions. (line 425)
+* des_set_key: Cipher functions. (line 401)
+* dsa_generate_keypair: DSA. (line 210)
+* dsa_private_key_clear: DSA. (line 142)
+* dsa_private_key_init: DSA. (line 135)
+* dsa_public_key_clear: DSA. (line 141)
+* dsa_public_key_init: DSA. (line 134)
+* dsa_sha1_sign: DSA. (line 166)
+* dsa_sha1_sign_digest: DSA. (line 170)
+* dsa_sha1_verify: DSA. (line 190)
+* dsa_sha1_verify_digest: DSA. (line 193)
+* dsa_sha256_sign: DSA. (line 174)
+* dsa_sha256_sign_digest: DSA. (line 178)
+* dsa_sha256_verify: DSA. (line 196)
+* dsa_sha256_verify_digest: DSA. (line 199)
+* dsa_signature_clear: DSA. (line 151)
+* dsa_signature_init: DSA. (line 150)
+* ecc_point_clear: Elliptic curves. (line 84)
+* ecc_point_get: Elliptic curves. (line 96)
+* ecc_point_init: Elliptic curves. (line 79)
+* ecc_point_set: Elliptic curves. (line 88)
+* ecc_scalar_clear: Elliptic curves. (line 110)
+* ecc_scalar_get: Elliptic curves. (line 117)
+* ecc_scalar_init: Elliptic curves. (line 106)
+* ecc_scalar_set: Elliptic curves. (line 113)
+* ecdsa_generate_keypair: Elliptic curves. (line 144)
+* ecdsa_sign: Elliptic curves. (line 126)
+* ecdsa_verify: Elliptic curves. (line 135)
+* Entropy: Randomness. (line 51)
+* Galois Counter Mode: GCM. (line 6)
+* GCM: GCM. (line 6)
+* gcm_aes_decrypt: GCM. (line 167)
+* gcm_aes_digest: GCM. (line 174)
+* gcm_aes_encrypt: GCM. (line 165)
+* gcm_aes_set_iv: GCM. (line 154)
+* gcm_aes_set_key: GCM. (line 149)
+* gcm_aes_update: GCM. (line 158)
+* GCM_CTX: GCM. (line 102)
+* GCM_DECRYPT: GCM. (line 132)
+* gcm_decrypt: GCM. (line 74)
+* GCM_DIGEST: GCM. (line 133)
+* gcm_digest: GCM. (line 82)
+* GCM_ENCRYPT: GCM. (line 131)
+* gcm_encrypt: GCM. (line 71)
+* GCM_SET_IV: GCM. (line 123)
+* gcm_set_iv: GCM. (line 58)
+* GCM_SET_KEY: GCM. (line 117)
+* gcm_set_key: GCM. (line 52)
+* GCM_UPDATE: GCM. (line 127)
+* gcm_update: GCM. (line 63)
+* gosthash94_digest: Legacy hash functions.
+ (line 211)
+* gosthash94_init: Legacy hash functions.
+ (line 203)
+* gosthash94_update: Legacy hash functions.
+ (line 207)
+* Hash function: Hash functions. (line 6)
+* HMAC: Keyed hash functions.
+ (line 35)
* HMAC_CTX: Keyed hash functions.
+ (line 88)
* HMAC_DIGEST: Keyed hash functions.
+ (line 110)
* hmac_digest: Keyed hash functions.
+ (line 76)
* hmac_md5_digest: Keyed hash functions.
+ (line 140)
* hmac_md5_set_key: Keyed hash functions.
+ (line 132)
* hmac_md5_update: Keyed hash functions.
+ (line 136)
+* hmac_ripemd160_digest: Keyed hash functions.
+ (line 162)
+* hmac_ripemd160_set_key: Keyed hash functions.
+ (line 154)
+* hmac_ripemd160_update: Keyed hash functions.
+ (line 158)
* HMAC_SET_KEY: Keyed hash functions.
+ (line 104)
* hmac_set_key: Keyed hash functions.
+ (line 61)
* hmac_sha1_digest: Keyed hash functions.
+ (line 184)
* hmac_sha1_set_key: Keyed hash functions.
+ (line 176)
* hmac_sha1_update: Keyed hash functions.
+ (line 180)
* hmac_sha256_digest: Keyed hash functions.
+ (line 206)
* hmac_sha256_set_key: Keyed hash functions.
+ (line 198)
* hmac_sha256_update: Keyed hash functions.
+ (line 202)
* hmac_sha512_digest: Keyed hash functions.
+ (line 228)
* hmac_sha512_set_key: Keyed hash functions.
+ (line 220)
* hmac_sha512_update: Keyed hash functions.
+ (line 224)
* hmac_update: Keyed hash functions.
+ (line 68)
+* KDF: Key derivation functions.
+ (line 6)
+* Key Derivation Function: Key derivation functions.
+ (line 6)
* Keyed Hash Function: Keyed hash functions.
+ (line 6)
* MAC: Keyed hash functions.
-* md2_digest: Hash functions.
-* md2_init: Hash functions.
-* md2_update: Hash functions.
-* md4_digest: Hash functions.
-* md4_init: Hash functions.
-* md4_update: Hash functions.
-* md5_digest: Hash functions.
-* md5_init: Hash functions.
-* md5_update: Hash functions.
+ (line 6)
+* md2_digest: Legacy hash functions.
+ (line 79)
+* md2_init: Legacy hash functions.
+ (line 71)
+* md2_update: Legacy hash functions.
+ (line 75)
+* md4_digest: Legacy hash functions.
+ (line 112)
+* md4_init: Legacy hash functions.
+ (line 104)
+* md4_update: Legacy hash functions.
+ (line 108)
+* md5_digest: Legacy hash functions.
+ (line 41)
+* md5_init: Legacy hash functions.
+ (line 33)
+* md5_update: Legacy hash functions.
+ (line 37)
* memxor: Miscellaneous functions.
+ (line 8)
* Message Authentication Code: Keyed hash functions.
-* One-way: Hash functions.
+ (line 6)
+* One-way: Hash functions. (line 14)
* One-way function: Public-key algorithms.
+ (line 18)
+* Password Based Key Derivation Function: Key derivation functions.
+ (line 6)
+* PBKDF: Key derivation functions.
+ (line 6)
+* PBKDF2: Key derivation functions.
+ (line 43)
+* pbkdf2: Key derivation functions.
+ (line 29)
+* pbkdf2_hmac_sha1: Key derivation functions.
+ (line 63)
+* pbkdf2_hmac_sha256: Key derivation functions.
+ (line 75)
+* PKCS #5: Key derivation functions.
+ (line 6)
* Public Key Cryptography: Public-key algorithms.
-* Randomness: Randomness.
-* rsa_compute_root: RSA.
-* rsa_generate_keypair: RSA.
-* rsa_md5_sign: RSA.
-* rsa_md5_sign_digest: RSA.
-* rsa_md5_verify: RSA.
-* rsa_md5_verify_digest: RSA.
-* rsa_private_key_clear: RSA.
-* rsa_private_key_init: RSA.
-* rsa_private_key_prepare: RSA.
-* rsa_public_key_clear: RSA.
-* rsa_public_key_init: RSA.
-* rsa_public_key_prepare: RSA.
-* rsa_sha1_sign: RSA.
-* rsa_sha1_sign_digest: RSA.
-* rsa_sha1_verify: RSA.
-* rsa_sha1_verify_digest: RSA.
-* rsa_sha256_sign: RSA.
-* rsa_sha256_sign_digest: RSA.
-* rsa_sha256_verify: RSA.
-* rsa_sha256_verify_digest: RSA.
-* rsa_sha512_sign: RSA.
-* rsa_sha512_sign_digest: RSA.
-* rsa_sha512_verify: RSA.
-* rsa_sha512_verify_digest: RSA.
-* serpent_decrypt: Cipher functions.
-* serpent_encrypt: Cipher functions.
-* serpent_set_key: Cipher functions.
-* sha1_digest: Hash functions.
-* sha1_init: Hash functions.
-* sha1_update: Hash functions.
-* sha224_digest: Hash functions.
-* sha224_init: Hash functions.
-* sha224_update: Hash functions.
-* sha256_digest: Hash functions.
-* sha256_init: Hash functions.
-* sha256_update: Hash functions.
-* sha384_digest: Hash functions.
-* sha384_init: Hash functions.
-* sha384_update: Hash functions.
-* sha512_digest: Hash functions.
-* sha512_init: Hash functions.
-* sha512_update: Hash functions.
-* Stream Cipher: Cipher functions.
-* twofish_decrypt: Cipher functions.
-* twofish_encrypt: Cipher functions.
-* twofish_set_key: Cipher functions.
-* yarrow256_fast_reseed: Randomness.
-* yarrow256_init: Randomness.
-* yarrow256_is_seeded: Randomness.
-* yarrow256_needed_sources: Randomness.
-* yarrow256_random: Randomness.
-* yarrow256_seed: Randomness.
-* yarrow256_slow_reseed: Randomness.
-* yarrow256_update: Randomness.
-* yarrow_key_event_estimate: Randomness.
-* yarrow_key_event_init: Randomness.
+ (line 18)
+* Randomness: Randomness. (line 6)
+* ripemd160_digest: Legacy hash functions.
+ (line 145)
+* ripemd160_init: Legacy hash functions.
+ (line 137)
+* ripemd160_update: Legacy hash functions.
+ (line 141)
+* rsa_compute_root: RSA. (line 187)
+* rsa_generate_keypair: RSA. (line 196)
+* rsa_md5_sign: RSA. (line 130)
+* rsa_md5_sign_digest: RSA. (line 145)
+* rsa_md5_verify: RSA. (line 159)
+* rsa_md5_verify_digest: RSA. (line 171)
+* rsa_private_key_clear: RSA. (line 96)
+* rsa_private_key_init: RSA. (line 89)
+* rsa_private_key_prepare: RSA. (line 109)
+* rsa_public_key_clear: RSA. (line 95)
+* rsa_public_key_init: RSA. (line 88)
+* rsa_public_key_prepare: RSA. (line 108)
+* rsa_sha1_sign: RSA. (line 132)
+* rsa_sha1_sign_digest: RSA. (line 147)
+* rsa_sha1_verify: RSA. (line 161)
+* rsa_sha1_verify_digest: RSA. (line 173)
+* rsa_sha256_sign: RSA. (line 134)
+* rsa_sha256_sign_digest: RSA. (line 149)
+* rsa_sha256_verify: RSA. (line 163)
+* rsa_sha256_verify_digest: RSA. (line 175)
+* rsa_sha512_sign: RSA. (line 136)
+* rsa_sha512_sign_digest: RSA. (line 151)
+* rsa_sha512_verify: RSA. (line 165)
+* rsa_sha512_verify_digest: RSA. (line 177)
+* salsa20_crypt: Cipher functions. (line 557)
+* salsa20_set_iv: Cipher functions. (line 551)
+* salsa20_set_key: Cipher functions. (line 545)
+* salsa20r12_crypt: Cipher functions. (line 571)
+* serpent_decrypt: Cipher functions. (line 611)
+* serpent_encrypt: Cipher functions. (line 604)
+* serpent_set_key: Cipher functions. (line 599)
+* sha1_digest: Legacy hash functions.
+ (line 179)
+* sha1_init: Legacy hash functions.
+ (line 171)
+* sha1_update: Legacy hash functions.
+ (line 175)
+* sha224_digest: Recommended hash functions.
+ (line 70)
+* sha224_init: Recommended hash functions.
+ (line 62)
+* sha224_update: Recommended hash functions.
+ (line 66)
+* sha256_digest: Recommended hash functions.
+ (line 34)
+* sha256_init: Recommended hash functions.
+ (line 26)
+* sha256_update: Recommended hash functions.
+ (line 30)
+* sha384_digest: Recommended hash functions.
+ (line 138)
+* sha384_init: Recommended hash functions.
+ (line 130)
+* sha384_update: Recommended hash functions.
+ (line 134)
+* sha3_224_digest: Recommended hash functions.
+ (line 176)
+* sha3_224_init: Recommended hash functions.
+ (line 168)
+* sha3_224_update: Recommended hash functions.
+ (line 172)
+* sha3_256_digest: Recommended hash functions.
+ (line 208)
+* sha3_256_init: Recommended hash functions.
+ (line 200)
+* sha3_256_update: Recommended hash functions.
+ (line 204)
+* sha3_384_digest: Recommended hash functions.
+ (line 239)
+* sha3_384_init: Recommended hash functions.
+ (line 231)
+* sha3_384_update: Recommended hash functions.
+ (line 235)
+* sha3_512_digest: Recommended hash functions.
+ (line 270)
+* sha3_512_init: Recommended hash functions.
+ (line 262)
+* sha3_512_update: Recommended hash functions.
+ (line 266)
+* sha512_digest: Recommended hash functions.
+ (line 105)
+* sha512_init: Recommended hash functions.
+ (line 97)
+* sha512_update: Recommended hash functions.
+ (line 101)
+* Stream Cipher: Cipher functions. (line 12)
+* twofish_decrypt: Cipher functions. (line 647)
+* twofish_encrypt: Cipher functions. (line 640)
+* twofish_set_key: Cipher functions. (line 635)
+* UMAC: Keyed hash functions.
+ (line 238)
+* umac128_digest: Keyed hash functions.
+ (line 348)
+* umac128_set_key: Keyed hash functions.
+ (line 311)
+* umac128_set_nonce: Keyed hash functions.
+ (line 322)
+* umac128_update: Keyed hash functions.
+ (line 337)
+* umac32_digest: Keyed hash functions.
+ (line 342)
+* umac32_set_key: Keyed hash functions.
+ (line 305)
+* umac32_set_nonce: Keyed hash functions.
+ (line 316)
+* umac32_update: Keyed hash functions.
+ (line 331)
+* umac64_digest: Keyed hash functions.
+ (line 344)
+* umac64_set_key: Keyed hash functions.
+ (line 307)
+* umac64_set_nonce: Keyed hash functions.
+ (line 318)
+* umac64_update: Keyed hash functions.
+ (line 333)
+* umac96_digest: Keyed hash functions.
+ (line 346)
+* umac96_set_key: Keyed hash functions.
+ (line 309)
+* umac96_set_nonce: Keyed hash functions.
+ (line 320)
+* umac96_update: Keyed hash functions.
+ (line 335)
+* yarrow256_fast_reseed: Randomness. (line 277)
+* yarrow256_init: Randomness. (line 226)
+* yarrow256_is_seeded: Randomness. (line 267)
+* yarrow256_needed_sources: Randomness. (line 272)
+* yarrow256_random: Randomness. (line 258)
+* yarrow256_seed: Randomness. (line 232)
+* yarrow256_slow_reseed: Randomness. (line 278)
+* yarrow256_update: Randomness. (line 245)
+* yarrow_key_event_estimate: Randomness. (line 293)
+* yarrow_key_event_init: Randomness. (line 289)
\1f
Tag Table:
-Node: Top\7f544
-Node: Introduction\7f1719
-Node: Copyright\7f3281
-Node: Conventions\7f6951
-Node: Example\7f8909
-Node: Linking\7f10201
-Node: Reference\7f11030
-Node: Hash functions\7f11394
-Node: Cipher functions\7f22959
-Node: Cipher modes\7f48587
-Node: Keyed hash functions\7f54929
-Node: Public-key algorithms\7f63350
-Node: RSA\7f67262
-Node: RSA-Footnotes\7f77826
-Ref: RSA-Footnote-1\7f77879
-Node: DSA\7f78048
-Node: Randomness\7f89349
-Node: Miscellaneous functions\7f104428
-Node: Compatibility functions\7f104923
-Node: Nettle soup\7f106160
-Node: Installation\7f107149
-Node: Index\7f107992
+Node: Top\7f543
+Node: Introduction\7f2242
+Node: Copyright\7f3808
+Node: Conventions\7f8514
+Node: Example\7f10476
+Node: Linking\7f11726
+Node: Reference\7f12559
+Node: Hash functions\7f12975
+Node: Recommended hash functions\7f14533
+Node: Legacy hash functions\7f23944
+Node: nettle_hash abstraction\7f31662
+Node: Cipher functions\7f33302
+Node: Cipher modes\7f62750
+Node: CBC\7f63778
+Node: CTR\7f67052
+Node: GCM\7f69579
+Node: Keyed hash functions\7f77142
+Node: Key derivation functions\7f92106
+Node: Public-key algorithms\7f95847
+Node: RSA\7f99829
+Node: RSA-Footnotes\7f110443
+Ref: RSA-Footnote-1\7f110496
+Node: DSA\7f110665
+Node: Elliptic curves\7f121996
+Node: Randomness\7f129060
+Node: ASCII encoding\7f144164
+Node: Miscellaneous functions\7f150614
+Node: Compatibility functions\7f151122
+Node: Nettle soup\7f152369
+Node: Installation\7f153362
+Node: Index\7f154057
\1f
End Tag Table
+
+\1f
+Local Variables:
+coding: utf-8
+End:
+++ /dev/null
-<manifest>
- <request>
- <domain name="_"/>
- </request>
- <assign>
- <filesystem path="/usr/bin/nettle-lfib-stream" exec_label="none" />
- <filesystem path="/usr/bin/pkcs1-conv" exec_label="none" />
- <filesystem path="/usr/bin/sexp-conv" exec_label="none" />
- </assign>
-</manifest>
--- /dev/null
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: Nettle
+Description: Nettle low-level cryptographic library (symmetric algorithms)
+URL: http://www.lysator.liu.se/~nisse/nettle
+Version: @PACKAGE_VERSION@
+Libs: -L${libdir} -lnettle
+Cflags: -I${includedir}
@c %**start of header
@setfilename nettle.info
@settitle Nettle: a low-level cryptographic library
-@documentencoding ISO-8859-1
+@documentencoding UTF-8
@footnotestyle separate
@syncodeindex fn cp
@c %**end of header
-@set UPDATED-FOR 2.1
-@set AUTHOR Niels Möller
+@set UPDATED-FOR 2.7
+@set AUTHOR Niels Möller
@copying
This manual is for the Nettle library (version @value{UPDATED-FOR}), a
low-level cryptographic library.
-Originally written 2001 by @value{AUTHOR}, updated 2010.
+Originally written 2001 by @value{AUTHOR}, updated 2013.
@quotation
This manual is placed in the public domain. You may freely copy it, in
@end quotation
@end copying
+@ifnottex
+@macro pmod {m}
+(mod \m\)
+@end macro
+@end ifnottex
+
@titlepage
@title Nettle Manual
@subtitle For the Nettle Library version @value{UPDATED-FOR}
* Copyright:: Your rights.
* Conventions:: General interface conventions.
* Example:: An example program.
-* Linking:: Linking with the libnettle and libhogweed.
+* Linking:: Linking with libnettle and libhogweed.
* Reference:: All Nettle functions and features.
* Nettle soup:: For the serious nettle hacker.
* Installation:: How to install Nettle.
* Index:: Function and concept index.
+
+@detailmenu
+ --- The Detailed Node Listing ---
+
+Reference
+
+* Hash functions::
+* Cipher functions::
+* Cipher modes::
+* Keyed hash functions::
+* Key derivation functions::
+* Public-key algorithms::
+* Randomness::
+* ASCII encoding::
+* Miscellaneous functions::
+* Compatibility functions::
+
+Cipher modes
+
+* CBC::
+* CTR::
+* GCM::
+
+Public-key algorithms
+
+* RSA:: The RSA public key algorithm.
+* DSA:: The DSA digital signature algorithm.
+* Elliptic curves:: Elliptic curves and ECDSA
+
+@end detailmenu
@end menu
@end ifnottex
@comment node-name, next, previous, up
@chapter Copyright
-Nettle is distributed under the GNU General Public License (GPL) (see
-the file COPYING for details). However, most of the individual files
-are dual licensed under less restrictive licenses like the GNU Lesser
-General Public License (LGPL), or are in the public domain. This means
-that if you don't use the parts of nettle that are GPL-only, you have
-the option to use the Nettle library just as if it were licensed under
-the LGPL. To find the current status of particular files, you have to
-read the copyright notices at the top of the files.
+Nettle is distributed under the GNU Lesser General Public License
+(LGPL), see the file COPYING.LIB for details. A few of the individual
+files are in the public domain. To find the current status of particular
+files, you have to read the copyright notices at the top of the files.
This manual is in the public domain. You may freely copy it in whole or
in part, e.g., into documentation of programs that build on Nettle.
@item BLOWFISH
The implementation of the BLOWFISH cipher is written by Werner Koch,
-copyright owned by the Free Software Foundation. Also hacked by Ray
-Dassen and @value{AUTHOR}. Released under the GPL.
+copyright owned by the Free Software Foundation. Also hacked by Simon
+Josefsson and Niels Möller. Released under the LGPL.
@item CAMELLIA
The C implementation is by Nippon Telegraph and Telephone Corporation
-(NTT), heavily modified by @value{AUTHOR}. Assembler for x86 by
-@value{AUTHOR}. Released under the LGPL.
+(NTT), heavily modified by @value{AUTHOR}. Assembler for x86 and x86_64
+by @value{AUTHOR}. Released under the LGPL.
@item CAST128
The implementation of the CAST128 cipher is written by Steve Reid.
The implementation of the DES cipher is written by Dana L. How, and
released under the LGPL.
+@item GOSTHASH94
+The C implementation of the GOST94 message digest is written by
+Aleksey Kravchenko and was ported from the rhash library by Nikos
+Mavrogiannopoulos. It is released under the MIT license.
+
@item MD2
The implementation of MD2 is written by Andrew Kuchling, and hacked
some by Andreas Sigfridsson and @value{AUTHOR}. Python Cryptography
It has been hacked some more by Andrew Kuchling and @value{AUTHOR}.
Released into the public domain.
+@item PBKDF2
+The C implementation of PBKDF2 is based on earlier work for Shishi and
+GnuTLS by Simon Josefsson. Released under the LGPL.
+
+@item RIPEMD160
+The implementation of RIPEMD160 message digest is based on the code in
+libgcrypt, copyright owned by the Free Software Foundation. Ported to
+Nettle by Andres Mejia. Released under the LGPL.
+
+@item SALSA20
+The C implementation of SALSA20 is based on D. J. Bernstein's reference
+implementation (in the public domain), adapted to Nettle by Simon
+Josefsson, and heavily modified by Niels Möller. Assembly for x86_64 and
+ARM by Niels Möller. Released under the LGPL.
+
@item SERPENT
-The implementation of the SERPENT cipher is written by Ross Anderson,
-Eli Biham, and Lars Knudsen, adapted to LSH by Rafael Sevilla, and to
-Nettle by @value{AUTHOR}. Released under the GPL.
+The implementation of the SERPENT cipher is based on the code in libgcrypt,
+copyright owned by the Free Software Foundation. Adapted to Nettle by
+Simon Josefsson and heavily modified by Niels Möller. Assembly for
+x86_64 by Niels Möller. Released under the LGPL.
@item SHA1
The C implementation of the SHA1 message digest is written by Peter
Gutmann, and hacked some more by Andrew Kuchling and @value{AUTHOR}.
-Released into the public domain. Assembler for x86 by @value{AUTHOR},
-released under the LGPL.
+Released into the public domain. Assembler for x86, x86_64 and ARM by
+@value{AUTHOR}, released under the LGPL.
-@item SHA224, SHA256, SHA384, and SHA512
+@item SHA2
Written by @value{AUTHOR}, using Peter Gutmann's SHA1 code as a model.
Released under the LGPL.
+@item SHA3
+Written by @value{AUTHOR}. Released under the LGPL.
+
@item TWOFISH
The implementation of the TWOFISH cipher is written by Ruud de Rooij.
Released under the LGPL.
+@item UMAC
+Written by @value{AUTHOR}. Released under the LGPL.
+
@item RSA
Written by @value{AUTHOR}, released under the LGPL. Uses the GMP library
for bignum operations.
@item DSA
Written by @value{AUTHOR}, released under the LGPL. Uses the GMP library
for bignum operations.
+
+@item ECDSA
+Written by @value{AUTHOR}, released under the LGPL. Uses the GMP library
+for bignum operations. Development of Nettle's ECC support was funded by
+the .SE Internet Fund.
@end table
@node Conventions, Example, Copyright, Top
@chapter Example
A simple example program that reads a file from standard input and
-writes its SHA1 checksum on standard output should give the flavor of
+writes its SHA1 check-sum on standard output should give the flavor of
Nettle.
@example
On a typical Unix system, this program can be compiled and linked with
the command line
@example
-cc sha-example.c -o sha-example -lnettle
+gcc sha-example.c -o sha-example -lnettle
@end example
@node Linking, Reference, Example, Top
* Cipher functions::
* Cipher modes::
* Keyed hash functions::
+* Key derivation functions::
* Public-key algorithms::
* Randomness::
+* ASCII encoding::
* Miscellaneous functions::
* Compatibility functions::
@end menu
@node Hash functions, Cipher functions, Reference, Reference
@comment node-name, next, previous, up
+
@section Hash functions
@cindex Hash function
A cryptographic @dfn{hash function} is a function that takes variable
The most commonly used hash functions are MD5 and SHA1. Unfortunately,
both these fail the collision-resistance requirement; cryptologists have
-found ways to construct colliding inputs. The recommended hash function
-for new applications is SHA256, even though it uses a structure similar
-to MD5 and SHA1. Constructing better hash functions is an urgent research
-problem.
+found ways to construct colliding inputs. The recommended hash functions
+for new applications are SHA2 (with main variants SHA256 and SHA512). At
+the time of this writing (December 2012), the winner of the NIST SHA3
+competition has recently been announced, and the new SHA3 (earlier known
+as Keccak) and other top SHA3 candidates may also be reasonable
+alternatives.
+
+@menu
+* Recommended hash functions::
+* Legacy hash functions::
+* nettle_hash abstraction::
+@end menu
+
+@node Recommended hash functions, Legacy hash functions,, Hash functions
+@comment node-name, next, previous, up
+@subsection Recommended hash functions
+
+The following hash functions have no known weaknesses, and are suitable
+for new applications. The SHA2 family of hash functions were specified
+by @dfn{NIST}, intended as a replacement for @acronym{SHA1}.
+
+@subsubsection @acronym{SHA256}
+
+SHA256 is a member of the SHA2 family. It outputs hash values of 256
+bits, or 32 octets. Nettle defines SHA256 in @file{<nettle/sha2.h>}.
+
+@deftp {Context struct} {struct sha256_ctx}
+@end deftp
+
+@defvr Constant SHA256_DIGEST_SIZE
+The size of a SHA256 digest, i.e. 32.
+@end defvr
+
+@defvr Constant SHA256_DATA_SIZE
+The internal block size of SHA256. Useful for some special constructions,
+in particular HMAC-SHA256.
+@end defvr
+
+@deftypefun void sha256_init (struct sha256_ctx *@var{ctx})
+Initialize the SHA256 state.
+@end deftypefun
+
+@deftypefun void sha256_update (struct sha256_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{data})
+Hash some more data.
+@end deftypefun
+
+@deftypefun void sha256_digest (struct sha256_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{digest})
+Performs final processing and extracts the message digest, writing it
+to @var{digest}. @var{length} may be smaller than
+@code{SHA256_DIGEST_SIZE}, in which case only the first @var{length}
+octets of the digest are written.
+
+This function also resets the context in the same way as
+@code{sha256_init}.
+@end deftypefun
+
+Earlier versions of nettle defined SHA256 in the header file
+@file{<nettle/sha.h>}, which is now deprecated, but kept for
+compatibility.
+
+@subsubsection @acronym{SHA224}
+
+SHA224 is a variant of SHA256, with a different initial state, and with
+the output truncated to 224 bits, or 28 octets. Nettle defines SHA224 in
+@file{<nettle/sha2.h>} (and in @file{<nettle/sha.h>}, for backwards
+compatibility).
+
+@deftp {Context struct} {struct sha224_ctx}
+@end deftp
+
+@defvr Constant SHA224_DIGEST_SIZE
+The size of a SHA224 digest, i.e. 28.
+@end defvr
+
+@defvr Constant SHA224_DATA_SIZE
+The internal block size of SHA224. Useful for some special constructions,
+in particular HMAC-SHA224.
+@end defvr
+
+@deftypefun void sha224_init (struct sha224_ctx *@var{ctx})
+Initialize the SHA224 state.
+@end deftypefun
+
+@deftypefun void sha224_update (struct sha224_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{data})
+Hash some more data.
+@end deftypefun
+
+@deftypefun void sha224_digest (struct sha224_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{digest})
+Performs final processing and extracts the message digest, writing it
+to @var{digest}. @var{length} may be smaller than
+@code{SHA224_DIGEST_SIZE}, in which case only the first @var{length}
+octets of the digest are written.
+
+This function also resets the context in the same way as
+@code{sha224_init}.
+@end deftypefun
+
+@subsubsection @acronym{SHA512}
+
+SHA512 is a larger sibling to SHA256, with a very similar structure but
+with both the output and the internal variables of twice the size. The
+internal variables are 64 bits rather than 32, making it significantly
+slower on 32-bit computers. It outputs hash values of 512 bits, or 64
+octets. Nettle defines SHA512 in @file{<nettle/sha2.h>} (and in
+@file{<nettle/sha.h>}, for backwards compatibility).
+
+@deftp {Context struct} {struct sha512_ctx}
+@end deftp
+
+@defvr Constant SHA512_DIGEST_SIZE
+The size of a SHA512 digest, i.e. 64.
+@end defvr
+
+@defvr Constant SHA512_DATA_SIZE
+The internal block size of SHA512. Useful for some special constructions,
+in particular HMAC-SHA512.
+@end defvr
+
+@deftypefun void sha512_init (struct sha512_ctx *@var{ctx})
+Initialize the SHA512 state.
+@end deftypefun
+
+@deftypefun void sha512_update (struct sha512_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{data})
+Hash some more data.
+@end deftypefun
+
+@deftypefun void sha512_digest (struct sha512_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{digest})
+Performs final processing and extracts the message digest, writing it
+to @var{digest}. @var{length} may be smaller than
+@code{SHA512_DIGEST_SIZE}, in which case only the first @var{length}
+octets of the digest are written.
+
+This function also resets the context in the same way as
+@code{sha512_init}.
+@end deftypefun
+
+@subsubsection @acronym{SHA384}
+
+SHA384 is a variant of SHA512, with a different initial state, and with
+the output truncated to 384 bits, or 48 octets. Nettle defines SHA384 in
+@file{<nettle/sha2.h>} (and in @file{<nettle/sha.h>}, for backwards
+compatibility).
+
+@deftp {Context struct} {struct sha384_ctx}
+@end deftp
+
+@defvr Constant SHA384_DIGEST_SIZE
+The size of a SHA384 digest, i.e. 48.
+@end defvr
+
+@defvr Constant SHA384_DATA_SIZE
+The internal block size of SHA384. Useful for some special constructions,
+in particular HMAC-SHA384.
+@end defvr
+
+@deftypefun void sha384_init (struct sha384_ctx *@var{ctx})
+Initialize the SHA384 state.
+@end deftypefun
+
+@deftypefun void sha384_update (struct sha384_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{data})
+Hash some more data.
+@end deftypefun
+
+@deftypefun void sha384_digest (struct sha384_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{digest})
+Performs final processing and extracts the message digest, writing it
+to @var{digest}. @var{length} may be smaller than
+@code{SHA384_DIGEST_SIZE}, in which case only the first @var{length}
+octets of the digest are written.
+
+This function also resets the context in the same way as
+@code{sha384_init}.
+@end deftypefun
+
+@subsubsection @acronym{SHA3-224}
+
+The SHA3 hash functions were specified by NIST in response to weaknesses
+in SHA1, and doubts about SHA2 hash functions which structurally are
+very similar to SHA1. The standard is a result of a competition, where
+the winner, also known as Keccak, was designed by Guido Bertoni, Joan
+Daemen, Michaël Peeters and Gilles Van Assche. It is structurally very
+different from all widely used earlier hash functions. Like SHA2, there
+are several variants, with output sizes of 224, 256, 384 and 512 bits
+(28, 32, 48 and 64 octets, respectively).
+
+Nettle defines SHA3-224 in @file{<nettle/sha3.h>}.
+
+@deftp {Context struct} {struct sha3_224_ctx}
+@end deftp
+
+@defvr Constant SHA3_224_DIGEST_SIZE
+The size of a SHA3_224 digest, i.e., 28.
+@end defvr
+
+@defvr Constant SHA3_224_DATA_SIZE
+The internal block size of SHA3_224.
+@end defvr
+
+@deftypefun void sha3_224_init (struct sha3_224_ctx *@var{ctx})
+Initialize the SHA3-224 state.
+@end deftypefun
+
+@deftypefun void sha3_224_update (struct sha3_224_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{data})
+Hash some more data.
+@end deftypefun
+
+@deftypefun void sha3_224_digest (struct sha3_224_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{digest})
+Performs final processing and extracts the message digest, writing it
+to @var{digest}. @var{length} may be smaller than
+@code{SHA3_224_DIGEST_SIZE}, in which case only the first @var{length}
+octets of the digest are written.
+
+This function also resets the context.
+@end deftypefun
+
+@subsubsection @acronym{SHA3-256}
+
+This is SHA3 with 256-bit output size, and possibly the most useful
+of the SHA3 hash functions.
+
+Nettle defines SHA3-256 in @file{<nettle/sha3.h>}.
+
+@deftp {Context struct} {struct sha3_256_ctx}
+@end deftp
+
+@defvr Constant SHA3_256_DIGEST_SIZE
+The size of a SHA3_256 digest, i.e., 32.
+@end defvr
+
+@defvr Constant SHA3_256_DATA_SIZE
+The internal block size of SHA3_256.
+@end defvr
+
+@deftypefun void sha3_256_init (struct sha3_256_ctx *@var{ctx})
+Initialize the SHA3-256 state.
+@end deftypefun
+
+@deftypefun void sha3_256_update (struct sha3_256_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{data})
+Hash some more data.
+@end deftypefun
+
+@deftypefun void sha3_256_digest (struct sha3_256_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{digest})
+Performs final processing and extracts the message digest, writing it
+to @var{digest}. @var{length} may be smaller than
+@code{SHA3_256_DIGEST_SIZE}, in which case only the first @var{length}
+octets of the digest are written.
+
+This function also resets the context.
+@end deftypefun
+
+@subsubsection @acronym{SHA3-384}
+
+This is SHA3 with 384-bit output size.
+
+Nettle defines SHA3-384 in @file{<nettle/sha3.h>}.
+
+@deftp {Context struct} {struct sha3_384_ctx}
+@end deftp
+
+@defvr Constant SHA3_384_DIGEST_SIZE
+The size of a SHA3_384 digest, i.e., 48.
+@end defvr
+
+@defvr Constant SHA3_384_DATA_SIZE
+The internal block size of SHA3_384.
+@end defvr
+
+@deftypefun void sha3_384_init (struct sha3_384_ctx *@var{ctx})
+Initialize the SHA3-384 state.
+@end deftypefun
+
+@deftypefun void sha3_384_update (struct sha3_384_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{data})
+Hash some more data.
+@end deftypefun
+
+@deftypefun void sha3_384_digest (struct sha3_384_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{digest})
+Performs final processing and extracts the message digest, writing it
+to @var{digest}. @var{length} may be smaller than
+@code{SHA3_384_DIGEST_SIZE}, in which case only the first @var{length}
+octets of the digest are written.
+
+This function also resets the context.
+@end deftypefun
+
+@subsubsection @acronym{SHA3-512}
+
+This is SHA3 with 512-bit output size.
-@subsection @acronym{MD5}
+Nettle defines SHA3-512 in @file{<nettle/sha3.h>}.
+
+@deftp {Context struct} {struct sha3_512_ctx}
+@end deftp
+
+@defvr Constant SHA3_512_DIGEST_SIZE
+The size of a SHA3_512 digest, i.e. 64.
+@end defvr
+
+@defvr Constant SHA3_512_DATA_SIZE
+The internal block size of SHA3_512.
+@end defvr
+
+@deftypefun void sha3_512_init (struct sha3_512_ctx *@var{ctx})
+Initialize the SHA3-512 state.
+@end deftypefun
+
+@deftypefun void sha3_512_update (struct sha3_512_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{data})
+Hash some more data.
+@end deftypefun
+
+@deftypefun void sha3_512_digest (struct sha3_512_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{digest})
+Performs final processing and extracts the message digest, writing it
+to @var{digest}. @var{length} may be smaller than
+@code{SHA3_512_DIGEST_SIZE}, in which case only the first @var{length}
+octets of the digest are written.
+
+This function also resets the context.
+@end deftypefun
+
+@node Legacy hash functions, nettle_hash abstraction, Recommended hash functions, Hash functions
+@comment node-name, next, previous, up
+@subsection Legacy hash functions
+
+The hash functions in this section all have some known weaknesses, and
+should be avoided for new applications. These hash functions are mainly
+useful for compatibility with old applications and protocols. Some are
+still considered safe as building blocks for particular constructions,
+e.g., there seems to be no known attacks against HMAC-SHA1 or even
+HMAC-MD5. In some important cases, use of a ``legacy'' hash function
+does not in itself make the application insecure; if a known weakness is
+relevant depends on how the hash function is used, and on the threat
+model.
+
+@subsubsection @acronym{MD5}
MD5 is a message digest function constructed by Ronald Rivest, and
described in @cite{RFC 1321}. It outputs message digests of 128 bits, or
To start over, you can call @code{md5_init} at any time.
-@subsection @acronym{MD2}
+@subsubsection @acronym{MD2}
MD2 is another hash function of Ronald Rivest's, described in
@cite{RFC 1319}. It outputs message digests of 128 bits, or 16 octets.
@code{md2_init}.
@end deftypefun
-@subsection @acronym{MD4}
+@subsubsection @acronym{MD4}
MD4 is a predecessor of MD5, described in @cite{RFC 1320}. Like MD5, it
is constructed by Ronald Rivest. It outputs message digests of 128 bits,
@code{md4_init}.
@end deftypefun
-@subsection @acronym{SHA1}
-
-SHA1 is a hash function specified by @dfn{NIST} (The U.S. National Institute
-for Standards and Technology). It outputs hash values of 160 bits, or 20
-octets. Nettle defines SHA1 in @file{<nettle/sha.h>}.
+@subsubsection @acronym{RIPEMD160}
-The functions are analogous to the MD5 ones.
+RIPEMD160 is a hash function designed by Hans Dobbertin, Antoon
+Bosselaers, and Bart Preneel, as a strengthened version of RIPEMD
+(which, like MD4 and MD5, fails the collision-resistance requirement).
+It produces message digests of 160 bits, or 20 octets. Nettle defined
+RIPEMD160 in @file{nettle/ripemd160.h}.
-@deftp {Context struct} {struct sha1_ctx}
+@deftp {Context struct} {struct ripemd160_ctx}
@end deftp
-@defvr Constant SHA1_DIGEST_SIZE
-The size of an SHA1 digest, i.e. 20.
+@defvr Constant RIPEMD160_DIGEST_SIZE
+The size of a RIPEMD160 digest, i.e. 20.
@end defvr
-@defvr Constant SHA1_DATA_SIZE
-The internal block size of SHA1. Useful for some special constructions,
-in particular HMAC-SHA1.
+@defvr Constant RIPEMD160_DATA_SIZE
+The internal block size of RIPEMD160.
@end defvr
-@deftypefun void sha1_init (struct sha1_ctx *@var{ctx})
-Initialize the SHA1 state.
+@deftypefun void ripemd160_init (struct ripemd160_ctx *@var{ctx})
+Initialize the RIPEMD160 state.
@end deftypefun
-@deftypefun void sha1_update (struct sha1_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{data})
+@deftypefun void ripemd160_update (struct ripemd160_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{data})
Hash some more data.
@end deftypefun
-@deftypefun void sha1_digest (struct sha1_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{digest})
+@deftypefun void ripemd160_digest (struct ripemd160_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{digest})
Performs final processing and extracts the message digest, writing it
to @var{digest}. @var{length} may be smaller than
-@code{SHA1_DIGEST_SIZE}, in which case only the first @var{length}
+@code{RIPEMD160_DIGEST_SIZE}, in which case only the first @var{length}
octets of the digest are written.
This function also resets the context in the same way as
-@code{sha1_init}.
+@code{ripemd160_init}.
@end deftypefun
-@subsection @acronym{SHA256}
-
-SHA256 is another hash function specified by @dfn{NIST}, intended as a
-replacement for @acronym{SHA1}, generating larger digests. It outputs
-hash values of 256 bits, or 32 octets. Nettle defines SHA256 in
-@file{<nettle/sha.h>}.
+@subsubsection @acronym{SHA1}
-The functions are analogous to the MD5 ones.
+SHA1 is a hash function specified by @dfn{NIST} (The U.S. National
+Institute for Standards and Technology). It outputs hash values of 160
+bits, or 20 octets. Nettle defines SHA1 in @file{<nettle/sha1.h>} (and
+in @file{<nettle/sha.h>}, for backwards compatibility).
-@deftp {Context struct} {struct sha256_ctx}
-@end deftp
-
-@defvr Constant SHA256_DIGEST_SIZE
-The size of an SHA256 digest, i.e. 32.
-@end defvr
-
-@defvr Constant SHA256_DATA_SIZE
-The internal block size of SHA256. Useful for some special constructions,
-in particular HMAC-SHA256.
-@end defvr
-
-@deftypefun void sha256_init (struct sha256_ctx *@var{ctx})
-Initialize the SHA256 state.
-@end deftypefun
-
-@deftypefun void sha256_update (struct sha256_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{data})
-Hash some more data.
-@end deftypefun
-
-@deftypefun void sha256_digest (struct sha256_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{digest})
-Performs final processing and extracts the message digest, writing it
-to @var{digest}. @var{length} may be smaller than
-@code{SHA256_DIGEST_SIZE}, in which case only the first @var{length}
-octets of the digest are written.
-
-This function also resets the context in the same way as
-@code{sha256_init}.
-@end deftypefun
-
-@subsection @acronym{SHA224}
-
-SHA224 is a variant of SHA256, with a different initial state, and with
-the output truncated to 224 bits, or 28 octets. Nettle defines SHA224 in
-@file{<nettle/sha.h>}.
-
-The functions are analogous to the MD5 ones.
-
-@deftp {Context struct} {struct sha224_ctx}
-@end deftp
-
-@defvr Constant SHA224_DIGEST_SIZE
-The size of an SHA224 digest, i.e. 28.
-@end defvr
-
-@defvr Constant SHA224_DATA_SIZE
-The internal block size of SHA224. Useful for some special constructions,
-in particular HMAC-SHA224.
-@end defvr
-
-@deftypefun void sha224_init (struct sha224_ctx *@var{ctx})
-Initialize the SHA224 state.
-@end deftypefun
-
-@deftypefun void sha224_update (struct sha224_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{data})
-Hash some more data.
-@end deftypefun
-
-@deftypefun void sha224_digest (struct sha224_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{digest})
-Performs final processing and extracts the message digest, writing it
-to @var{digest}. @var{length} may be smaller than
-@code{SHA224_DIGEST_SIZE}, in which case only the first @var{length}
-octets of the digest are written.
-
-This function also resets the context in the same way as
-@code{sha224_init}.
-@end deftypefun
-
-@subsection @acronym{SHA512}
-
-SHA512 is a larger sibling to SHA256, with a very similar structure but
-with both the output and the internal variables of twice the size. The
-internal variables are 64 bits rather than 32, making it significantly
-slower on 32-bit computers. It outputs hash values of 512 bits, or 64
-octets. Nettle defines SHA512 in @file{<nettle/sha.h>}.
-
-The functions are analogous to the MD5 ones.
-
-@deftp {Context struct} {struct sha512_ctx}
+@deftp {Context struct} {struct sha1_ctx}
@end deftp
-@defvr Constant SHA512_DIGEST_SIZE
-The size of an SHA512 digest, i.e. 64.
+@defvr Constant SHA1_DIGEST_SIZE
+The size of a SHA1 digest, i.e. 20.
@end defvr
-@defvr Constant SHA512_DATA_SIZE
-The internal block size of SHA512. Useful for some special constructions,
-in particular HMAC-SHA512.
+@defvr Constant SHA1_DATA_SIZE
+The internal block size of SHA1. Useful for some special constructions,
+in particular HMAC-SHA1.
@end defvr
-@deftypefun void sha512_init (struct sha512_ctx *@var{ctx})
-Initialize the SHA512 state.
+@deftypefun void sha1_init (struct sha1_ctx *@var{ctx})
+Initialize the SHA1 state.
@end deftypefun
-@deftypefun void sha512_update (struct sha512_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{data})
+@deftypefun void sha1_update (struct sha1_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{data})
Hash some more data.
@end deftypefun
-@deftypefun void sha512_digest (struct sha512_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{digest})
+@deftypefun void sha1_digest (struct sha1_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{digest})
Performs final processing and extracts the message digest, writing it
to @var{digest}. @var{length} may be smaller than
-@code{SHA512_DIGEST_SIZE}, in which case only the first @var{length}
+@code{SHA1_DIGEST_SIZE}, in which case only the first @var{length}
octets of the digest are written.
This function also resets the context in the same way as
-@code{sha512_init}.
+@code{sha1_init}.
@end deftypefun
-@subsection @acronym{SHA384}
-SHA384 is a variant of SHA512, with a different initial state, and with
-the output truncated to 384 bits, or 48 octets. Nettle defines SHA384 in
-@file{<nettle/sha.h>}.
+@subsubsection @acronym{GOSTHASH94}
-The functions are analogous to the MD5 ones.
+The GOST94 or GOST R 34.11-94 hash algorithm is a Soviet-era algorithm
+used in Russian government standards (see @cite{RFC 4357}).
+It outputs message digests of 256 bits, or 32 octets.
+Nettle defines GOSTHASH94 in @file{<nettle/gosthash94.h>}.
-@deftp {Context struct} {struct sha384_ctx}
+@deftp {Context struct} {struct gosthash94_ctx}
@end deftp
-@defvr Constant SHA384_DIGEST_SIZE
-The size of an SHA384 digest, i.e. 48.
+@defvr Constant GOSTHASH94_DIGEST_SIZE
+The size of a GOSTHASH94 digest, i.e. 32.
@end defvr
-@defvr Constant SHA384_DATA_SIZE
-The internal block size of SHA384. Useful for some special constructions,
-in particular HMAC-SHA384.
+@defvr Constant GOSTHASH94_DATA_SIZE
+The internal block size of GOSTHASH94, i.e., 32.
@end defvr
-@deftypefun void sha384_init (struct sha384_ctx *@var{ctx})
-Initialize the SHA384 state.
+@deftypefun void gosthash94_init (struct gosthash94_ctx *@var{ctx})
+Initialize the GOSTHASH94 state.
@end deftypefun
-@deftypefun void sha384_update (struct sha384_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{data})
+@deftypefun void gosthash94_update (struct gosthash94_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{data})
Hash some more data.
@end deftypefun
-@deftypefun void sha384_digest (struct sha384_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{digest})
+@deftypefun void gosthash94_digest (struct gosthash94_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{digest})
Performs final processing and extracts the message digest, writing it
to @var{digest}. @var{length} may be smaller than
-@code{SHA384_DIGEST_SIZE}, in which case only the first @var{length}
+@code{GOSTHASH94_DIGEST_SIZE}, in which case only the first @var{length}
octets of the digest are written.
This function also resets the context in the same way as
-@code{sha384_init}.
+@code{gosthash94_init}.
@end deftypefun
-@subsection @code{struct nettle_hash}
+@node nettle_hash abstraction,, Legacy hash functions, Hash functions
+@comment node-name, next, previous, up
+@subsection The nettle_hash abstraction
Nettle includes a struct including information about the supported hash
functions. It is defined in @file{<nettle/nettle-meta.h>}, and is used
-by Nettle's implementation of @acronym{HMAC} @pxref{Keyed hash
-functions}.
+by Nettle's implementation of @acronym{HMAC} (@pxref{Keyed hash
+functions}).
@deftp {Meta struct} @code{struct nettle_hash} name context_size digest_size block_size init update digest
The last three attributes are function pointers, of types
@deftypevr {Constant Struct} {struct nettle_hash} nettle_md2
@deftypevrx {Constant Struct} {struct nettle_hash} nettle_md4
@deftypevrx {Constant Struct} {struct nettle_hash} nettle_md5
+@deftypevrx {Constant Struct} {struct nettle_hash} nettle_ripemd160
@deftypevrx {Constant Struct} {struct nettle_hash} nettle_sha1
@deftypevrx {Constant Struct} {struct nettle_hash} nettle_sha224
@deftypevrx {Constant Struct} {struct nettle_hash} nettle_sha256
@deftypevrx {Constant Struct} {struct nettle_hash} nettle_sha384
@deftypevrx {Constant Struct} {struct nettle_hash} nettle_sha512
-
+@deftypevrx {Constant Struct} {struct nettle_hash} nettle_sha3_256
+@deftypevrx {Constant Struct} {struct nettle_hash} nettle_gosthash94
These are all the hash functions that Nettle implements.
@end deftypevr
+Nettle also exports a list of all these hashes.
+
+@deftypevr {Constant Array} {struct nettle_hash **} nettle_hashes
+This list can be used to dynamically enumerate or search the supported
+algorithms. NULL-terminated.
+@end deftypevr
+
@node Cipher functions, Cipher modes, Hash functions, Reference
@comment node-name, next, previous, up
@section Cipher functions
It is recommended to @emph{always} use an authentication mechanism in
addition to encrypting the messages. Popular choices are Message
-Authentication Codes like @acronym{HMAC-SHA1} @pxref{Keyed hash
-functions}, or digital signatures like @acronym{RSA}.
+Authentication Codes like @acronym{HMAC-SHA1} (@pxref{Keyed hash
+functions}), or digital signatures like @acronym{RSA}.
Some ciphers have so called ``weak keys'', keys that results in
undesirable structure after the key setup processing, and should be
@end deftp
@defvr Constant AES_BLOCK_SIZE
-The AES block-size, 16
+The AES block-size, 16.
@end defvr
@defvr Constant AES_MIN_KEY_SIZE
@end defvr
@defvr Constant AES_KEY_SIZE
-Default AES key size, 32
+Default AES key size, 32.
@end defvr
@deftypefun void aes_set_encrypt_key (struct aes_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{key})
decrypt using the @emph{same} key.
@end deftypefun
-@deftypefun void aes_encrypt (struct aes_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{dst}, uint8_t *@var{src})
+@deftypefun void aes_encrypt (struct aes_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{dst}, const uint8_t *@var{src})
Encryption function. @var{length} must be an integral multiple of the
block size. If it is more than one block, the data is processed in ECB
mode. @code{src} and @code{dst} may be equal, but they must not overlap
in any other way.
@end deftypefun
-@deftypefun void aes_decrypt (struct aes_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{dst}, uint8_t *@var{src})
+@deftypefun void aes_decrypt (struct aes_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{dst}, const uint8_t *@var{src})
Analogous to @code{aes_encrypt}
@end deftypefun
@end deftp
@defvr Constant ARCFOUR_MIN_KEY_SIZE
-Minimum key size, 1
+Minimum key size, 1.
@end defvr
@defvr Constant ARCFOUR_MAX_KEY_SIZE
-Maximum key size, 256
+Maximum key size, 256.
@end defvr
@defvr Constant ARCFOUR_KEY_SIZE
-Default ARCFOUR key size, 16
+Default ARCFOUR key size, 16.
@end defvr
@deftypefun void arcfour_set_key (struct arcfour_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{key})
decryption.
@end deftypefun
-@deftypefun void arcfour_crypt (struct arcfour_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{dst}, uint8_t *@var{src})
+@deftypefun void arcfour_crypt (struct arcfour_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{dst}, const uint8_t *@var{src})
Encrypt some data. The same function is used for both encryption and
decryption. Unlike the block ciphers, this function modifies the
context, so you can split the data into arbitrary chunks and encrypt
@end deftp
@defvr Constant ARCTWO_BLOCK_SIZE
-The AES block-size, 8
+The ARCTWO block-size, 8.
@end defvr
@defvr Constant ARCTWO_MIN_KEY_SIZE
@end defvr
@defvr Constant ARCTWO_KEY_SIZE
-Default ARCTWO key size, 8
+Default ARCTWO key size, 8.
@end defvr
@deftypefun void arctwo_set_key_ekb (struct arctwo_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{key}, unsigned @var{ekb})
@code{arctwo_set_key_ekb(ctx, length, key, 1024)}
@end deftypefun
-@deftypefun void arctwo_encrypt (struct arctwo_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{dst}, uint8_t *@var{src})
+@deftypefun void arctwo_encrypt (struct arctwo_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{dst}, const uint8_t *@var{src})
Encryption function. @var{length} must be an integral multiple of the
block size. If it is more than one block, the data is processed in ECB
mode. @code{src} and @code{dst} may be equal, but they must not
overlap in any other way.
@end deftypefun
-@deftypefun void arctwo_decrypt (struct arctwo_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{dst}, uint8_t *@var{src})
+@deftypefun void arctwo_decrypt (struct arctwo_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{dst}, const uint8_t *@var{src})
Analogous to @code{arctwo_encrypt}
@end deftypefun
@end deftp
@defvr Constant BLOWFISH_BLOCK_SIZE
-The BLOWFISH block-size, 8
+The BLOWFISH block-size, 8.
@end defvr
@defvr Constant BLOWFISH_MIN_KEY_SIZE
-Minimum BLOWFISH key size, 8
+Minimum BLOWFISH key size, 8.
@end defvr
@defvr Constant BLOWFISH_MAX_KEY_SIZE
-Maximum BLOWFISH key size, 56
+Maximum BLOWFISH key size, 56.
@end defvr
@defvr Constant BLOWFISH_KEY_SIZE
-Default BLOWFISH key size, 16
+Default BLOWFISH key size, 16.
@end defvr
@deftypefun int blowfish_set_key (struct blowfish_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{key})
crash with an assert violation.
@end deftypefun
-@deftypefun void blowfish_encrypt (struct blowfish_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{dst}, uint8_t *@var{src})
+@deftypefun void blowfish_encrypt (struct blowfish_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{dst}, const uint8_t *@var{src})
Encryption function. @var{length} must be an integral multiple of the
block size. If it is more than one block, the data is processed in ECB
mode. @code{src} and @code{dst} may be equal, but they must not overlap
in any other way.
@end deftypefun
-@deftypefun void blowfish_decrypt (struct blowfish_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{dst}, uint8_t *@var{src})
+@deftypefun void blowfish_decrypt (struct blowfish_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{dst}, const uint8_t *@var{src})
Analogous to @code{blowfish_encrypt}
@end deftypefun
@end deftp
@defvr Constant CAMELLIA_BLOCK_SIZE
-The CAMELLIA block-size, 16
+The CAMELLIA block-size, 16.
@end defvr
@defvr Constant CAMELLIA_MIN_KEY_SIZE
@end defvr
@defvr Constant CAMELLIA_KEY_SIZE
-Default CAMELLIA key size, 32
+Default CAMELLIA key size, 32.
@end defvr
@deftypefun void camellia_set_encrypt_key (struct camellia_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{key})
decrypt using the @emph{same} key.
@end deftypefun
-@deftypefun void camellia_crypt (struct camellia_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{dst}, uint8_t *@var{src})
+@deftypefun void camellia_crypt (struct camellia_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{dst}, const uint8_t *@var{src})
The same function is used for both encryption and decryption.
@var{length} must be an integral multiple of the block size. If it is
more than one block, the data is processed in ECB mode. @code{src} and
@end deftp
@defvr Constant CAST128_BLOCK_SIZE
-The CAST128 block-size, 8
+The CAST128 block-size, 8.
@end defvr
@defvr Constant CAST128_MIN_KEY_SIZE
-Minimum CAST128 key size, 5
+Minimum CAST128 key size, 5.
@end defvr
@defvr Constant CAST128_MAX_KEY_SIZE
-Maximum CAST128 key size, 16
+Maximum CAST128 key size, 16.
@end defvr
@defvr Constant CAST128_KEY_SIZE
-Default CAST128 key size, 16
+Default CAST128 key size, 16.
@end defvr
@deftypefun void cast128_set_key (struct cast128_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{key})
decryption.
@end deftypefun
-@deftypefun void cast128_encrypt (struct cast128_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{dst}, uint8_t *@var{src})
+@deftypefun void cast128_encrypt (struct cast128_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{dst}, const uint8_t *@var{src})
Encryption function. @var{length} must be an integral multiple of the
block size. If it is more than one block, the data is processed in ECB
mode. @code{src} and @code{dst} may be equal, but they must not overlap
in any other way.
@end deftypefun
-@deftypefun void cast128_decrypt (struct cast128_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{dst}, uint8_t *@var{src})
+@deftypefun void cast128_decrypt (struct cast128_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{dst}, const uint8_t *@var{src})
Analogous to @code{cast128_encrypt}
@end deftypefun
@end deftp
@defvr Constant DES_BLOCK_SIZE
-The DES block-size, 8
+The DES block-size, 8.
@end defvr
@defvr Constant DES_KEY_SIZE
-DES key size, 8
+DES key size, 8.
@end defvr
@deftypefun int des_set_key (struct des_ctx *@var{ctx}, const uint8_t *@var{key})
weak keys can ignore the return value.
@end deftypefun
-@deftypefun void des_encrypt (struct des_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{dst}, uint8_t *@var{src})
+@deftypefun void des_encrypt (struct des_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{dst}, const uint8_t *@var{src})
Encryption function. @var{length} must be an integral multiple of the
block size. If it is more than one block, the data is processed in ECB
mode. @code{src} and @code{dst} may be equal, but they must not overlap
in any other way.
@end deftypefun
-@deftypefun void des_decrypt (struct des_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{dst}, uint8_t *@var{src})
+@deftypefun void des_decrypt (struct des_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{dst}, const uint8_t *@var{src})
Analogous to @code{des_encrypt}
@end deftypefun
@end deftp
@defvr Constant DES3_BLOCK_SIZE
-The DES3 block-size is the same as DES_BLOCK_SIZE, 8
+The DES3 block-size is the same as DES_BLOCK_SIZE, 8.
@end defvr
@defvr Constant DES3_KEY_SIZE
-DES key size, 24
+DES key size, 24.
@end defvr
@deftypefun int des3_set_key (struct des3_ctx *@var{ctx}, const uint8_t *@var{key})
For random-looking strings, you can use @code{des_fix_parity} to adjust
the parity bits before calling @code{des3_set_key}.
-@deftypefun void des3_encrypt (struct des3_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{dst}, uint8_t *@var{src})
+@deftypefun void des3_encrypt (struct des3_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{dst}, const uint8_t *@var{src})
Encryption function. @var{length} must be an integral multiple of the
block size. If it is more than one block, the data is processed in ECB
mode. @code{src} and @code{dst} may be equal, but they must not overlap
in any other way.
@end deftypefun
-@deftypefun void des3_decrypt (struct des3_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{dst}, uint8_t *@var{src})
+@deftypefun void des3_decrypt (struct des3_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{dst}, const uint8_t *@var{src})
Analogous to @code{des_encrypt}
@end deftypefun
+@subsection Salsa20
+Salsa20 is a fairly recent stream cipher designed by D. J. Bernstein. It
+is built on the observation that a cryptographic hash function can be
+used for encryption: Form the hash input from the secret key and a
+counter, xor the hash output and the first block of the plaintext, then
+increment the counter to process the next block (similar to CTR mode, see
+@pxref{CTR}). Bernstein defined an encryption algorithm, Snuffle,
+in this way to ridicule United States export restrictions which treated hash
+functions as nice and harmless, but ciphers as dangerous munitions.
+
+Salsa20 uses the same idea, but with a new specialized hash function to
+mix key, block counter, and a couple of constants. It's also designed
+for speed; on x86_64, it is currently the fastest cipher offered by
+nettle. It uses a block size of 512 bits (64 octets) and there are two
+specified key sizes, 128 and 256 bits (16 and 32 octets).
+
+@strong{Caution:} The hash function used in Salsa20 is @emph{not}
+directly applicable for use as a general hash function. It's @emph{not}
+collision resistant if arbitrary inputs are allowed, and furthermore,
+the input and output is of fixed size.
+
+When using Salsa20 to process a message, one specifies both a key and a
+@dfn{nonce}, the latter playing a similar rôle to the initialization
+vector (@acronym{IV}) used with @acronym{CBC} or @acronym{CTR} mode. For
+this reason, Nettle uses the term @acronym{IV} to refer to the Salsa20
+nonce. One can use the same key for several messages, provided one uses
+a unique random @acronym{iv} for each message. The @acronym{iv} is 64
+bits (8 octets). The block counter is initialized to zero for each
+message, and is also 64 bits (8 octets). Nettle defines Salsa20 in
+@file{<nettle/salsa20.h>}.
+
+@deftp {Context struct} {struct salsa20_ctx}
+@end deftp
+
+@defvr Constant SALSA20_MIN_KEY_SIZE
+@defvrx Constant SALSA20_MAX_KEY_SIZE
+The two supported key sizes, 16 and 32 octets.
+@end defvr
+
+@defvr Constant SALSA20_KEY_SIZE
+Recommended key size, 32.
+@end defvr
+
+@defvr Constant SALSA20_BLOCK_SIZE
+Salsa20 block size, 64.
+@end defvr
+
+@defvr Constant SALSA20_IV_SIZE
+Size of the @acronym{IV}, 8.
+@end defvr
+
+@deftypefun void salsa20_set_key (struct salsa20_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{key})
+Initialize the cipher. The same function is used for both encryption and
+decryption. Before using the cipher, you @emph{must} also call
+@code{salsa20_set_iv}, see below.
+@end deftypefun
+
+@deftypefun void salsa20_set_iv (struct salsa20_ctx *@var{ctx}, const uint8_t *@var{iv})
+Sets the @acronym{IV}. It is always of size @code{SALSA20_IV_SIZE}, 8
+octets. This function also initializes the block counter, setting it to
+zero.
+@end deftypefun
+
+@deftypefun void salsa20_crypt (struct salsa20_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{dst}, const uint8_t *@var{src})
+Encrypts or decrypts the data of a message, using salsa20. When a
+message is encrypted using a sequence of calls to @code{salsa20_crypt},
+all but the last call @emph{must} use a length that is a multiple of
+@code{SALSA20_BLOCK_SIZE}.
+@end deftypefun
+
+The full salsa20 cipher uses 20 rounds of mixing. Variants of Salsa20
+with fewer rounds are possible, and the 12-round variant is specified by
+eSTREAM, see @url{http://www.ecrypt.eu.org/stream/finallist.html}.
+Nettle calls this variant @code{salsa20r12}. It uses the same context
+struct and key setup as the full salsa20 cipher, but a separate function
+for encryption and decryption.
+
+@deftypefun void salsa20r12_crypt (struct salsa20_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{dst}, const uint8_t *@var{src})
+Encrypts or decrypts the data of a message, using salsa20 reduced to 12
+rounds.
+@end deftypefun
+
@subsection SERPENT
SERPENT is one of the AES finalists, designed by Ross Anderson, Eli
Biham and Lars Knudsen. Thus, the interface and properties are similar
@end deftp
@defvr Constant SERPENT_BLOCK_SIZE
-The SERPENT block-size, 16
+The SERPENT block-size, 16.
@end defvr
@defvr Constant SERPENT_MIN_KEY_SIZE
-Minimum SERPENT key size, 16
+Minimum SERPENT key size, 16.
@end defvr
@defvr Constant SERPENT_MAX_KEY_SIZE
-Maximum SERPENT key size, 32
+Maximum SERPENT key size, 32.
@end defvr
@defvr Constant SERPENT_KEY_SIZE
-Default SERPENT key size, 32
+Default SERPENT key size, 32.
@end defvr
@deftypefun void serpent_set_key (struct serpent_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{key})
decryption.
@end deftypefun
-@deftypefun void serpent_encrypt (struct serpent_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{dst}, uint8_t *@var{src})
+@deftypefun void serpent_encrypt (struct serpent_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{dst}, const uint8_t *@var{src})
Encryption function. @var{length} must be an integral multiple of the
block size. If it is more than one block, the data is processed in ECB
mode. @code{src} and @code{dst} may be equal, but they must not overlap
in any other way.
@end deftypefun
-@deftypefun void serpent_decrypt (struct serpent_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{dst}, uint8_t *@var{src})
+@deftypefun void serpent_decrypt (struct serpent_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{dst}, const uint8_t *@var{src})
Analogous to @code{serpent_encrypt}
@end deftypefun
@end deftp
@defvr Constant TWOFISH_BLOCK_SIZE
-The TWOFISH block-size, 16
+The TWOFISH block-size, 16.
@end defvr
@defvr Constant TWOFISH_MIN_KEY_SIZE
-Minimum TWOFISH key size, 16
+Minimum TWOFISH key size, 16.
@end defvr
@defvr Constant TWOFISH_MAX_KEY_SIZE
-Maximum TWOFISH key size, 32
+Maximum TWOFISH key size, 32.
@end defvr
@defvr Constant TWOFISH_KEY_SIZE
-Default TWOFISH key size, 32
+Default TWOFISH key size, 32.
@end defvr
@deftypefun void twofish_set_key (struct twofish_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{key})
decryption.
@end deftypefun
-@deftypefun void twofish_encrypt (struct twofish_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{dst}, uint8_t *@var{src})
+@deftypefun void twofish_encrypt (struct twofish_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{dst}, const uint8_t *@var{src})
Encryption function. @var{length} must be an integral multiple of the
block size. If it is more than one block, the data is processed in ECB
mode. @code{src} and @code{dst} may be equal, but they must not overlap
in any other way.
@end deftypefun
-@deftypefun void twofish_decrypt (struct twofish_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{dst}, uint8_t *@var{src})
+@deftypefun void twofish_decrypt (struct twofish_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{dst}, const uint8_t *@var{src})
Analogous to @code{twofish_encrypt}
@end deftypefun
@deftypevrx {Constant Struct} {struct nettle_cipher} nettle_aes192
@deftypevrx {Constant Struct} {struct nettle_cipher} nettle_aes256
-@deftypevrx {Constant Struct} {struct nettle_cipher} nettle_arctwo40;
-@deftypevrx {Constant Struct} {struct nettle_cipher} nettle_arctwo64;
-@deftypevrx {Constant Struct} {struct nettle_cipher} nettle_arctwo128;
-@deftypevrx {Constant Struct} {struct nettle_cipher} nettle_arctwo_gutmann128;
+@deftypevrx {Constant Struct} {struct nettle_cipher} nettle_arctwo40
+@deftypevrx {Constant Struct} {struct nettle_cipher} nettle_arctwo64
+@deftypevrx {Constant Struct} {struct nettle_cipher} nettle_arctwo128
+@deftypevrx {Constant Struct} {struct nettle_cipher} nettle_arctwo_gutmann128
@deftypevrx {Constant Struct} {struct nettle_cipher} nettle_arcfour128
@deftypevrx {Constant Struct} {struct nettle_cipher} nettle_twofish128
@deftypevrx {Constant Struct} {struct nettle_cipher} nettle_twofish192
@deftypevrx {Constant Struct} {struct nettle_cipher} nettle_twofish256
-
-@deftypevrx {Constant Struct} {struct nettle_cipher} nettle_arctwo40;
-@deftypevrx {Constant Struct} {struct nettle_cipher} nettle_arctwo64;
-@deftypevrx {Constant Struct} {struct nettle_cipher} nettle_arctwo128;
-@deftypevrx {Constant Struct} {struct nettle_cipher} nettle_arctwo_gutmann128;
-
Nettle includes such structs for all the @emph{regular} ciphers, i.e.
ones without weak keys or other oddities.
@end deftypevr
+Nettle also exports a list of all these ciphers without weak keys or
+other oddities.
+
+@deftypevr {Constant Array} {struct nettle_cipher **} nettle_ciphers
+This list can be used to dynamically enumerate or search the supported
+algorithms. NULL-terminated.
+@end deftypevr
+
@node Cipher modes, Keyed hash functions, Cipher functions, Reference
@comment node-name, next, previous, up
@section Cipher modes
-Cipher modes of operation specifies the procedure to use when
-encrypting a message that is larger than the cipher's block size. As
-explained in @xref{Cipher functions}, splitting the message into blocks
-and processing them independently with the block cipher (Electronic Code
+Cipher modes of operation specifies the procedure to use when encrypting
+a message that is larger than the cipher's block size. As explained in
+@xref{Cipher functions}, splitting the message into blocks and
+processing them independently with the block cipher (Electronic Code
Book mode, @acronym{ECB}) leaks information. Besides @acronym{ECB},
-Nettle provides two other modes of operation: Cipher Block Chaining
-(@acronym{CBC}) and Counter mode (@acronym{CTR}). @acronym{CBC} is
-widely used, but there are a few subtle issues of information leakage.
-@acronym{CTR} was standardized more recently, and is believed to be more
-secure.
+Nettle provides three other modes of operation: Cipher Block Chaining
+(@acronym{CBC}), Counter mode (@acronym{CTR}), and Galois/Counter mode
+(@acronym{GCM}). @acronym{CBC} is widely used, but there are a few
+subtle issues of information leakage, see, e.g.,
+@uref{http://www.kb.cert.org/vuls/id/958563, @acronym{SSH} @acronym{CBC}
+vulnerability}. @acronym{CTR} and @acronym{GCM}
+were standardized more recently, and are believed to be more secure.
+@acronym{GCM} includes message authentication; for the other modes, one
+should always use a @acronym{MAC} (@pxref{Keyed hash functions}) or
+signature to authenticate the message.
+
+@menu
+* CBC::
+* CTR::
+* GCM::
+@end menu
+
+@node CBC, CTR, Cipher modes, Cipher modes
+@comment node-name, next, previous, up
@subsection Cipher Block Chaining
@cindex Cipher Block Chaining
There are also some macros to help use these functions correctly.
@deffn Macro CBC_CTX (@var{context_type}, @var{block_size})
-Expands into
+Expands to
@example
@{
context_type ctx;
the types of @var{f} and @var{ctx} don't match, e.g. if you try to use
an @code{struct aes_ctx} context with the @code{des_encrypt} function.
+@node CTR, GCM, CBC, Cipher modes
+@comment node-name, next, previous, up
@subsection Counter mode
@cindex Counter Mode
@end example
The @acronym{IC} is the initial value for the counter, it plays a
-similar role as the @acronym{IV} for @acronym{CBC}. When adding,
+similar rôle as the @acronym{IV} for @acronym{CBC}. When adding,
@code{IC + x}, @acronym{IC} is interpreted as an integer, in network
byte order. For the last block, @code{E_k(IC + n - 1) [1..m]} means that
the cipher output is truncated to @code{m} bytes.
Like for @acronym{CBC}, there are also a couple of helper macros.
@deffn Macro CTR_CTX (@var{context_type}, @var{block_size})
-Expands into
+Expands to
@example
@{
context_type ctx;
operation.
@end deffn
+@node GCM, , CTR, Cipher modes
+@comment node-name, next, previous, up
+@subsection Galois counter mode
+
+@cindex Galois Counter Mode
+@cindex GCM
+
+Galois counter mode is the combination of counter mode with message
+authentication based on universal hashing. The main objective of the
+design is to provide high performance for hardware implementations,
+where other popular @acronym{MAC} algorithms (@pxref{Keyed hash
+functions} becomes a bottleneck for high-speed hardware implementations.
+It was proposed by David A. McGrew and John Viega in 2005, and
+recommended by NIST in 2007,
+@uref{http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf,
+NIST Special Publication 800-38D}. It is constructed on top of a block
+cipher which must have a block size of 128 bits.
+
+@acronym{GCM} is applied to messages of arbitrary length. The inputs
+are:
+
+@itemize
+@item
+A key, which can be used for many messages.
+@item
+An initialization vector (@acronym{IV}) which @emph{must} be unique for
+each message.
+@item
+Additional authenticated data, which is to be included in the message
+authentication, but not encrypted. May be empty.
+@item
+The plaintext. Maybe empty.
+@end itemize
+
+The outputs are a ciphertext, of the same length as the plaintext, and a
+message digest of length 128 bits. Nettle's support for @acronym{GCM}
+consists of a low-level general interface, some convenience macros, and
+specific functions for @acronym{GCM} using @acronym{AES} as the
+underlying cipher. These interfaces are defined in @file{<nettle/gcm.h>}
+
+@subsubsection General @acronym{GCM} interface
+
+@deftp {Context struct} {struct gcm_key}
+Message independent hash sub-key, and related tables.
+@end deftp
+
+@deftp {Context struct} {struct gcm_ctx}
+Holds state corresponding to a particular message.
+@end deftp
+
+@defvr Constant GCM_BLOCK_SIZE
+@acronym{GCM}'s block size, 16.
+@end defvr
+
+@defvr Constant GCM_IV_SIZE
+Recommended size of the @acronym{IV}, 12. Other sizes are allowed.
+@end defvr
+
+@deftypefun void gcm_set_key (struct gcm_key *@var{key}, void *@var{cipher}, nettle_crypt_func *@var{f})
+Initializes @var{key}. @var{cipher} gives a context struct for the
+underlying cipher, which must have been previously initialized for
+encryption, and @var{f} is the encryption function.
+@end deftypefun
+
+@deftypefun void gcm_set_iv (struct gcm_ctx *@var{ctx}, const struct gcm_key *@var{key}, unsigned @var{length}, const uint8_t *@var{iv})
+Initializes @var{ctx} using the given @acronym{IV}. The @var{key}
+argument is actually needed only if @var{length} differs from
+@code{GCM_IV_SIZE}.
+@end deftypefun
+
+@deftypefun void gcm_update (struct gcm_ctx *@var{ctx}, const struct gcm_key *@var{key}, unsigned @var{length}, const uint8_t *@var{data})
+Provides associated data to be authenticated. If used, must be called
+before @code{gcm_encrypt} or @code{gcm_decrypt}. All but the last call
+for each message @emph{must} use a length that is a multiple of the
+block size.
+@end deftypefun
+
+@deftypefun void gcm_encrypt (struct gcm_ctx *@var{ctx}, const struct gcm_key *@var{key} void *@var{cipher}, nettle_crypt_func *@var{f}, unsigned @var{length}, uint8_t *@var{dst}, const uint8_t *@var{src})
+@deftypefunx void gcm_decrypt (struct gcm_ctx *@var{ctx}, const struct gcm_key *@var{key}, void *@var{cipher}, nettle_crypt_func *@var{f}, unsigned @var{length}, uint8_t *@var{dst}, const uint8_t *@var{src})
+Encrypts or decrypts the data of a message. @var{cipher} is the context
+struct for the underlying cipher and @var{f} is the encryption function.
+All but the last call for each message @emph{must} use a length that is
+a multiple of the block size.
+@end deftypefun
+
+@deftypefun void gcm_digest (struct gcm_ctx *@var{ctx}, const struct gcm_key *@var{key}, void *@var{cipher}, nettle_crypt_func *@var{f}, unsigned @var{length}, uint8_t *@var{digest})
+Extracts the message digest (also known ``authentication tag''). This is
+the final operation when processing a message. @var{length} is usually
+equal to @code{GCM_BLOCK_SIZE}, but if you provide a smaller value,
+only the first @var{length} octets of the digest are written.
+@end deftypefun
+
+To encrypt a message using @acronym{GCM}, first initialize a context for
+the underlying block cipher with a key to use for encryption. Then call
+the above functions in the following order: @code{gcm_set_key},
+@code{gcm_set_iv}, @code{gcm_update}, @code{gcm_encrypt},
+@code{gcm_digest}. The decryption procedure is analogous, just calling
+@code{gcm_decrypt} instead of @code{gcm_encrypt} (note that
+@acronym{GCM} decryption still uses the encryption function of the
+underlying block cipher). To process a new message, using the same key,
+call @code{gcm_set_iv} with a new @acronym{iv}.
+
+@subsubsection @acronym{GCM} helper macros
+
+The following macros are defined.
+
+@deffn Macro GCM_CTX (@var{context_type})
+This defines an all-in-one context struct, including the context of the
+underlying cipher, the hash sub-key, and the per-message state. It expands
+to
+@example
+@{
+ context_type cipher;
+ struct gcm_key key;
+ struct gcm_ctx gcm;
+@}
+@end example
+@end deffn
+
+Example use:
+@example
+struct gcm_aes_ctx GCM_CTX(struct aes_ctx);
+@end example
+
+The following macros operate on context structs of this form.
+
+@deffn Macro GCM_SET_KEY (@var{ctx}, @var{set_key}, @var{encrypt}, @var{length}, @var{data})
+First argument, @var{ctx}, is a context struct as defined
+by @code{GCM_CTX}. @var{set_key} and @var{encrypt} are functions for
+setting the encryption key and for encrypting data using the underlying
+cipher. @var{length} and @var{data} give the key.
+@end deffn
+
+@deffn Macro GCM_SET_IV (@var{ctx}, @var{length}, @var{data})
+First argument is a context struct as defined by
+@code{GCM_CTX}. @var{length} and @var{data} give the initialization
+vector (@acronym{IV}).
+@end deffn
+
+@deffn Macro GCM_UPDATE (@var{ctx}, @var{length}, @var{data})
+Simpler way to call @code{gcm_update}. First argument is a context
+struct as defined by @code{GCM_CTX}
+@end deffn
+
+@deffn Macro GCM_ENCRYPT (@var{ctx}, @var{encrypt}, @var{length}, @var{dst}, @var{src})
+@deffnx Macro GCM_DECRYPT (@var{ctx}, @var{encrypt}, @var{length}, @var{dst}, @var{src})
+@deffnx Macro GCM_DIGEST (@var{ctx}, @var{encrypt}, @var{length}, @var{digest})
+Simpler way to call @code{gcm_encrypt}, @code{gcm_decrypt} or
+@code{gcm_digest}. First argument is a context struct as defined by
+@code{GCM_CTX}. Second argument, @var{encrypt}, is a pointer to the
+encryption function of the underlying cipher.
+@end deffn
+
+@subsubsection @acronym{GCM}-@acronym{AES} interface
+
+The following functions implement the common case of @acronym{GCM} using
+@acronym{AES} as the underlying cipher.
+
+@deftp {Context struct} {struct gcm_aes_ctx}
+The context struct, defined using @code{GCM_CTX}.
+@end deftp
+
+@deftypefun void gcm_aes_set_key (struct gcm_aes_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{key})
+Initializes @var{ctx} using the given key. All valid @acronym{AES} key
+sizes can be used.
+@end deftypefun
+
+@deftypefun void gcm_aes_set_iv (struct gcm_aes_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{iv})
+Initializes the per-message state, using the given @acronym{IV}.
+@end deftypefun
+
+@deftypefun void gcm_aes_update (struct gcm_aes_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{data})
+Provides associated data to be authenticated. If used, must be called
+before @code{gcm_aes_encrypt} or @code{gcm_aes_decrypt}. All but the last call
+for each message @emph{must} use a length that is a multiple of the
+block size.
+@end deftypefun
+
+@deftypefun void gcm_aes_encrypt (struct gcm_aes_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{dst}, const uint8_t *@var{src})
+@deftypefunx void gcm_aes_decrypt (struct gcm_aes_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{dst}, const uint8_t *@var{src})
+Encrypts or decrypts the data of a message. All but the last call for
+each message @emph{must} use a length that is a multiple of the block
+size.
+
+@end deftypefun
+
+@deftypefun void gcm_aes_digest (struct gcm_aes_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{digest})
+Extracts the message digest (also known ``authentication tag''). This is
+the final operation when processing a message. @var{length} is usually
+equal to @code{GCM_BLOCK_SIZE}, but if you provide a smaller value,
+only the first @var{length} octets of the digest are written.
+@end deftypefun
+
-@node Keyed hash functions, Public-key algorithms, Cipher modes, Reference
+
+@node Keyed hash functions, Key derivation functions, Cipher modes, Reference
@comment node-name, next, previous, up
@section Keyed Hash Functions
as well.
@subsection @acronym{HMAC}
+@cindex HMAC
One can build keyed hash functions from ordinary hash functions. Older
constructions simply concatenate secret key and message and hashes that, but
Nettle's @acronym{HMAC} functions are defined in @file{<nettle/hmac.h>}.
There are abstract functions that use a pointer to a @code{struct
-nettle_hash} to represent the underlying hash function and @code{void
-*} pointers that point to three different context structs for that hash
+nettle_hash} to represent the underlying hash function and @code{void *}
+pointers that point to three different context structs for that hash
function. There are also concrete functions for @acronym{HMAC-MD5},
-@acronym{HMAC-SHA1}, @acronym{HMAC-SHA256}, and @acronym{HMAC-SHA512}.
-First, the abstract functions:
+@acronym{HMAC-RIPEMD160} @acronym{HMAC-SHA1}, @acronym{HMAC-SHA256}, and
+@acronym{HMAC-SHA512}. First, the abstract functions:
@deftypefun void hmac_set_key (void *@var{outer}, void *@var{inner}, void *@var{state}, const struct nettle_hash *@var{H}, unsigned @var{length}, const uint8_t *@var{key})
Initializes the three context structs from the key. The @var{outer} and
functions correctly.
@deffn Macro HMAC_CTX (@var{type})
-Expands into
+Expands to
@example
@{
type outer;
the same key.
@end deftypefun
+@subsubsection @acronym{HMAC-RIPEMD160}
+
+@deftp {Context struct} {struct hmac_ripemd160_ctx}
+@end deftp
+
+@deftypefun void hmac_ripemd160_set_key (struct hmac_ripemd160_ctx *@var{ctx}, unsigned @var{key_length}, const uint8_t *@var{key})
+Initializes the context with the key.
+@end deftypefun
+
+@deftypefun void hmac_ripemd160_update (struct hmac_ripemd160_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{data})
+Process some more data.
+@end deftypefun
+
+@deftypefun void hmac_ripemd160_digest (struct hmac_ripemd160_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{digest})
+Extracts the @acronym{MAC}, writing it to @var{digest}. @var{length} may be smaller than
+@code{RIPEMD160_DIGEST_SIZE}, in which case only the first @var{length}
+octets of the @acronym{MAC} are written.
+
+This function also resets the context for processing new messages, with
+the same key.
+@end deftypefun
+
@subsubsection @acronym{HMAC-SHA1}
@deftp {Context struct} {struct hmac_sha1_ctx}
the same key.
@end deftypefun
-@node Public-key algorithms, Randomness, Keyed hash functions, Reference
+@subsection @acronym{UMAC}
+@cindex UMAC
+
+@acronym{UMAC} is a message authentication code based on universal
+hashing, and designed for high performance on modern processors (in
+contrast to GCM, @xref{GCM}, which is designed primarily for hardware
+performance). On processors with good integer multiplication
+performance, it can be 10 times faster than SHA256 and SHA512.
+@acronym{UMAC} is specified in @cite{RFC 4418}.
+
+The secret key is always 128 bits (16 octets). The key is used as an
+encryption key for the @acronym{AES} block cipher. This cipher is used
+in counter mode to generate various internal subkeys needed in
+@acronym{UMAC}. Messages are of arbitrary size, and for each message,
+@acronym{UMAC} also needs a unique nonce. Nonce values must not be
+reused for two messages with the same key, but they need not be kept
+secret.
+
+The nonce must be at least one octet, and at most 16; nonces shorter
+than 16 octets are zero-padded. Nettle's implementation of
+@acronym{UMAC} increments the nonce for automatically each message, so
+explicitly setting the nonce for each message is optional. This
+auto-increment uses network byte order and it takes the length of the
+nonce into acount. E.g., if the initial nonce is ``abc'' (3 octets),
+this value is zero-padded to 16 octets for the first message. For the
+next message, the nonce is incremented to ``abd'', and this incremented
+value is zero-padded to 16 octets.
+
+@acronym{UMAC} is defined in four variants, for different output sizes:
+32 bits (4 octest), 64 bits (8 octets), 96 bits (12 octets) and 128 bits
+(16 octets), corresponding to different tradeoffs between speed and
+security. Using a shorter output size sometimes (but not always!) gives
+the same result as using a longer output size and truncating the result.
+So it is important to use the right variant. For consistency with other
+hash and @acronym{MAC} functions, Nettle's @code{_digest} functions for
+@acronym{UMAC} accept a length parameter so that the output can be
+truncated to any desired size, but it is recommended to stick to the
+specified output size and select the @acronym{umac} variant
+corresponding to the desired size.
+
+The internal block size of @acronym{UMAC} is 1024 octets, and it also
+generates more than 1024 bytes of subkeys. This makes the size of the
+context struct a bit larger than other hash functions and @acronym{MAC}
+algorithms in Nettle.
+
+Nettle defines @acronym{UMAC} in @file{<nettle/umac.h>}.
+
+@deftp {Context struct} {struct umac32_ctx}
+@deftpx {Context struct} {struct umac64_ctx}
+@deftpx {Context struct} {struct umac96_ctx}
+@deftpx {Context struct} {struct umac128_ctx}
+Each @acronym{UMAC} variant uses its own context struct.
+@end deftp
+
+@defvr Constant UMAC_KEY_SIZE
+The UMAC key size, 16.
+@end defvr
+@defvr Constant UMAC32_DIGEST_SIZE
+The size of an UMAC32 digest, 4.
+@end defvr
+@defvr Constant UMAC64_DIGEST_SIZE
+The size of an UMAC64 digest, 8.
+@end defvr
+@defvr Constant UMAC96_DIGEST_SIZE
+The size of an UMAC96 digest, 12.
+@end defvr
+@defvr Constant UMAC128_DIGEST_SIZE
+The size of an UMAC128 digest, 16.
+@end defvr
+@defvr Constant UMAC128_DATA_SIZE
+The internal block size of UMAC.
+@end defvr
+
+@deftypefun void umac32_set_key (struct umac32_ctx *@var{ctx}, const uint8_t *@var{key})
+@deftypefunx void umac64_set_key (struct umac64_ctx *@var{ctx}, const uint8_t *@var{key})
+@deftypefunx void umac96_set_key (struct umac96_ctx *@var{ctx}, const uint8_t *@var{key})
+@deftypefunx void umac128_set_key (struct umac128_ctx *@var{ctx}, const uint8_t *@var{key})
+These functions initialize the @acronym{UMAC} context struct. They also
+initialize the nonce to zero (with length 16, for auto-increment).
+@end deftypefun
+
+@deftypefun void umac32_set_nonce (struct umac32_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{nonce})
+@deftypefunx void umac64_set_nonce (struct umac64_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{nonce})
+@deftypefunx void umac96_set_nonce (struct umac96_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{nonce})
+@deftypefunx void umac128_set_nonce (struct umac128_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{nonce})
+Sets the nonce to be used for the next message. In general, nonces
+should be set before processing of the message. This is not strictly
+required for @acronym{UMAC} (the nonce only affects the final processing
+generating the digest), but it is nevertheless recommended that this
+function is called @emph{before} the first @code{_update} call for the
+message.
+@end deftypefun
+
+@deftypefun void umac32_update (struct umac32_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{data})
+@deftypefunx void umac64_update (struct umac64_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{data})
+@deftypefunx void umac96_update (struct umac96_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{data})
+@deftypefunx void umac128_update (struct umac128_ctx *@var{ctx}, unsigned @var{length}, const uint8_t *@var{data})
+These functions are called zero or more times to process the message.
+@end deftypefun
+
+@deftypefun void umac32_digest (struct umac32_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{digest})
+@deftypefunx void umac64_digest (struct umac64_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{digest})
+@deftypefunx void umac96_digest (struct umac96_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{digest})
+@deftypefunx void umac128_digest (struct umac128_ctx *@var{ctx}, unsigned @var{length}, uint8_t *@var{digest})
+Extracts the @acronym{MAC} of the message, writing it to @var{digest}.
+@var{length} is usually equal to the specified output size, but if you
+provide a smaller value, only the first @var{length} octets of the
+@acronym{MAC} are written. These functions reset the context for
+processing of a new message with the same key. The nonce is incremented
+as described above, the new value is used unless you call the
+@code{_set_nonce} function explicitly for each message.
+@end deftypefun
+
+@node Key derivation functions, Public-key algorithms, Keyed hash functions, Reference
+@comment node-name, next, previous, up
+@section Key derivation Functions
+
+@cindex Key Derivation Function
+@cindex Password Based Key Derivation Function
+@cindex PKCS #5
+@cindex KDF
+@cindex PBKDF
+
+A @dfn{key derivation function} (@acronym{KDF}) is a function that from
+a given symmetric key derives other symmetric keys. A sub-class of KDFs
+is the @dfn{password-based key derivation functions} (@acronym{PBKDFs}),
+which take as input a password or passphrase, and its purpose is
+typically to strengthen it and protect against certain pre-computation
+attacks by using salting and expensive computation.
+
+@subsection @acronym{PBKDF2}
+The most well known PBKDF is the @code{PKCS #5 PBKDF2} described in
+@cite{RFC 2898} which uses a pseudo-random function such as
+@acronym{HMAC-SHA1}.
+
+Nettle's @acronym{PBKDF2} functions are defined in
+@file{<nettle/pbkdf2.h>}. There is an abstract function that operate on
+any PRF implemented via the @code{nettle_hash_update_func},
+@code{nettle_hash_digest_func} interfaces. There is also helper macros
+and concrete functions PBKDF2-HMAC-SHA1 and PBKDF2-HMAC-SHA256. First,
+the abstract function:
+
+@deftypefun void pbkdf2 (void *mac_ctx, nettle_hash_update_func *update, nettle_hash_digest_func *digest, unsigned digest_size, unsigned iterations, unsigned salt_length, const uint8_t *salt, unsigned length, uint8_t *dst)
+Derive symmetric key from a password according to PKCS #5 PBKDF2. The
+PRF is assumed to have been initialized and this function will call the
+@var{update} and @var{digest} functions passing the @var{mac_ctx}
+context parameter as an argument in order to compute digest of size
+@var{digest_size}. Inputs are the salt @var{salt} of length
+@var{salt_length}, the iteration counter @var{iterations} (> 0), and the
+desired derived output length @var{length}. The output buffer is
+@var{dst} which must have room for at least @var{length} octets.
+@end deftypefun
+
+Like for CBC and HMAC, there is a macro to help use the function
+correctly.
+
+@deffn Macro PBKDF2 (@var{ctx}, @var{update}, @var{digest}, @var{digest_size}, @var{iterations}, @var{salt_length}, @var{salt}, @var{length}, @var{dst})
+@var{ctx} is a pointer to a context struct passed to the @var{update}
+and @var{digest} functions (of the types @code{nettle_hash_update_func}
+and @code{nettle_hash_digest_func} respectively) to implement the
+underlying PRF with digest size of @var{digest_size}. Inputs are the
+salt @var{salt} of length @var{salt_length}, the iteration counter
+@var{iterations} (> 0), and the desired derived output length
+@var{length}. The output buffer is @var{dst} which must have room for
+at least @var{length} octets.
+@end deffn
+
+@subsection Concrete @acronym{PBKDF2} functions
+Now we come to the specialized @acronym{PBKDF2} functions, which are
+easier to use than the general @acronym{PBKDF2} function.
+
+@subsubsection @acronym{PBKDF2-HMAC-SHA1}
+
+@deftypefun void pbkdf2_hmac_sha1 (unsigned @var{key_length}, const uint8_t *@var{key}, unsigned @var{iterations}, unsigned @var{salt_length}, const uint8_t *@var{salt}, unsigned @var{length}, uint8_t *@var{dst})
+PBKDF2 with HMAC-SHA1. Derive @var{length} bytes of key into buffer
+@var{dst} using the password @var{key} of length @var{key_length} and
+salt @var{salt} of length @var{salt_length}, with iteration counter
+@var{iterations} (> 0). The output buffer is @var{dst} which must have
+room for at least @var{length} octets.
+@end deftypefun
+
+@subsubsection @acronym{PBKDF2-HMAC-SHA256}
+
+@deftypefun void pbkdf2_hmac_sha256 (unsigned @var{key_length}, const uint8_t *@var{key}, unsigned @var{iterations}, unsigned @var{salt_length}, const uint8_t *@var{salt}, unsigned @var{length}, uint8_t *@var{dst})
+PBKDF2 with HMAC-SHA256. Derive @var{length} bytes of key into buffer
+@var{dst} using the password @var{key} of length @var{key_length} and
+salt @var{salt} of length @var{salt_length}, with iteration counter
+@var{iterations} (> 0). The output buffer is @var{dst} which must have
+room for at least @var{length} octets.
+@end deftypefun
+
+@node Public-key algorithms, Randomness, Key derivation functions, Reference
@comment node-name, next, previous, up
@section Public-key algorithms
@menu
* RSA:: The RSA public key algorithm.
* DSA:: The DSA digital signature algorithm.
+* Elliptic curves:: Elliptic curves and ECDSA
@end menu
@node RSA, DSA, Public-key algorithms, Public-key algorithms
F(x) = x^e mod n
@end example
-I.e. raise x to the @code{e}:th power, while discarding all multiples of
+I.e. raise x to the @code{e}'th power, while discarding all multiples of
@code{n}. The pair of numbers @code{n} and @code{e} is the public key.
@code{e} can be quite small, even @code{e = 3} has been used, although
slightly larger numbers are recommended. @code{n} should be about 1000
bits or larger.
If @code{n} is large enough, and properly chosen, the inverse of F,
-the computation of @code{e}:th roots modulo @code{n}, is very difficult.
+the computation of @code{e}'th roots modulo @code{n}, is very difficult.
But, where's the trapdoor?
Let's first look at how @acronym{RSA} key-pairs are generated. First
@code{pub->e} is an even number.
@end deftypefun
-@node DSA, , RSA, Public-key algorithms
+@node DSA, Elliptic curves, RSA, Public-key algorithms
@comment node-name, next, previous, up
-@subsection Nettle's @acronym{DSA} support
+@subsection @acronym{DSA}
The @acronym{DSA} digital signature algorithm is more complex than
@acronym{RSA}. It was specified during the early 1990s, and in 1994 NIST
published @acronym{FIPS} 186 which is the authoritative specification.
Sometimes @acronym{DSA} is referred to using the acronym @acronym{DSS},
for Digital Signature Standard. The most recent revision of the
-specification, FIPS186-3, was issueed in 2009, and it adds support for
+specification, FIPS186-3, was issued in 2009, and it adds support for
larger hash functions than @acronym{sha1}.
For @acronym{DSA}, the underlying mathematical problem is the
-computation of discreet logarithms. The public key consists of a large
+computation of discrete logarithms. The public key consists of a large
prime @code{p}, a small prime @code{q} which is a factor of @code{p-1},
a number @code{g} which generates a subgroup of order @code{q} modulo
@code{p}, and an element @code{y} in that subgroup.
complexity @code{sqrt(q)}.
The important point is that security depends on the size of @emph{both}
-@code{p} and @code{q}, and they should be choosen so that the difficulty
+@code{p} and @code{q}, and they should be chosen so that the difficulty
of both discrete logarithm methods are comparable. Today, the security
margin of the original @acronym{DSA} may be uncomfortably small. Using a
@code{p} of 1024 bits implies that cracking using the number field sieve
can not in general be expected to support such keys. Also note that
using very large @var{p_bits}, with @var{q_bits} fixed at 160, doesn't
make much sense, because the security is also limited by the size of the
-smaller prime. Using a larger @code{q_bits} requires switchign to a
+smaller prime. Using a larger @code{q_bits} requires switching to a
larger hash function. To generate @acronym{DSA} keys for use with
@acronym{SHA256}, use @code{q_bits = 256} and, e.g., @code{p_bits =
2048}.
small.
@end deftypefun
-@node Randomness, Miscellaneous functions, Public-key algorithms, Reference
+@node Elliptic curves,, DSA, Public-key algorithms
+@comment node-name, next, previous, up
+@subsection @acronym{Elliptic curves}
+
+For cryptographic purposes, an elliptic curve is a mathematical group of
+points, and computing logarithms in this group is computationally
+difficult problem. Nettle uses additive notation for elliptic curve
+groups. If @math{P} and @math{Q} are two points, and @math{k} is an
+integer, the point sum, @math{P + Q}, and the multiple @math{k P} can be
+computed efficiently, but given only two points @math{P} and @math{Q},
+finding an integer @math{k} such that @math{Q = k P} is the elliptic
+curve discrete logarithm problem.
+
+Nettle supports standard curves which are all of the form @math{y^2 =
+x^3 - 3 x + b @pmod{p}}, i.e., the points have coordinates @math{(x,y)},
+both considered as integers modulo a specified prime @math{p}. Curves
+are represented as a @code{struct ecc_curve}. Supported curves are
+declared in @file{<nettle/ecc-curve.h>}, e.g., @code{nettle_secp_256r1}
+for a standardized curve using the 256-bit prime @math{p = 2^{256} -
+2^{224} + 2^{192} + 2^{96} - 1}. The contents of these structs is not
+visible to nettle users. The ``bitsize of the curve'' is used as a
+shorthand for the bitsize of the curve's prime @math{p}, e.g., 256 bits
+for @code{nettle_secp_256r1}.
+
+@subsubsection Side-channel silence
+Nettle's implementation of the elliptic curve operations is intended to
+be side-channel silent. The side-channel attacks considered are:
+
+@itemize
+@item Timing attacks
+If the timing of operations depends on secret values, an attacker
+interacting with your system can measure the response time, and infer
+information about your secrets, e.g., a private signature key.
+
+@item Attacks using memory caches
+Assume you have some secret data on a multi-user system, and that this
+data is properly protected so that other users get no direct access to
+it. If you have a process operating on the secret data, and this process
+does memory accesses depending on the data, e.g, an internal lookup
+table in some cryptographic algorithm, an attacker running a separate
+process on the same system may use behavior of internal CPU caches to
+get information about your secrets.
+@end itemize
+
+Nettle's ECC implementation is designed to be @dfn{side-channel silent},
+and not leak any information to these attacks. Timing and memory
+accesses depend only on the size of the input data and its location in
+memory, not on the actual data bits. This implies a performance penalty
+in several of the building blocks.
+
+@subsection ECDSA
+
+ECDSA is a variant of the DSA digital signature scheme (@pxref{DSA}),
+which works over an elliptic curve group rather than over a (subgroup
+of) integers modulo @math{p}. Like DSA, creating a signature requires a unique
+random nonce (repeating the nonce with two different messages reveals
+the private key, and any leak or bias in the generation of the nonce
+also leaks information about the key).
+
+Unlike DSA, signatures are in general not tied to any particular hash
+function or even hash size. Any hash function can be used, and the hash
+value is truncated or padded as needed to get a size matching the curve
+being used. It is recommended to use a strong cryptographic hash
+function with digest size close to the bit size of the curve, e.g.,
+SHA256 is a reasonable choice when using ECDSA signature over the curve
+secp256r1. A protocol or application using ECDSA has to specify which
+curve and which hash function to use, or provide some mechanism for
+negotiating.
+
+Nettle defines ECDSA in @file{<nettle/ecdsa.h>}. We first need
+to define the data types used to represent public and private keys.
+
+@deftp {struct} {struct ecc_point}
+Represents a point on an elliptic curve. In particular, it is used to
+represent an ECDSA public key.
+@end deftp
+
+@deftypefun void ecc_point_init (struct ecc_point *@var{p}, const structecc_curve *@var{ecc})
+Initializes @var{p} to represent points on the given curve @var{ecc}.
+Allocates storage for the coordinates, using the same allocation
+functions as GMP.
+@end deftypefun
+
+@deftypefun void ecc_point_clear (struct ecc_point *@var{p})
+Deallocate storage.
+@end deftypefun
+
+@deftypefun int ecc_point_set (struct ecc_point *@var{p}, const mpz_t @var{x}, const mpz_t @var{y})
+Check that the given coordinates represent a point on the curve. If so,
+the coordinates are copied and converted to internal representation, and
+the function returns 1. Otherwise, it returns 0. Currently, the
+infinity point (or zero point, with additive notation) i snot allowed.
+@end deftypefun
+
+@deftypefun void ecc_point_get (const struct ecc_point *@var{p}, mpz_t @var{x}, mpz_t @var{y})
+Extracts the coordinate of the point @var{p}. The output parameters
+@var{x} or @var{y} may be NULL if the caller doesn't want that
+coordinate.
+@end deftypefun
+
+@deftp {struct} {struct ecc_scalar}
+Represents an integer in the range @math{0 < x < group order}, where the
+``group order'' refers to the order of an ECC group. In particular, it
+is used to represent an ECDSA private key.
+@end deftp
+
+@deftypefun void ecc_scalar_init (struct ecc_scalar *@var{s}, const struct ecc_curve *@var{ecc})
+Initializes @var{s} to represent a scalar suitable for the given curve
+@var{ecc}. Allocates storage using the same allocation functions as GMP.
+@end deftypefun
+
+@deftypefun void ecc_scalar_clear (struct ecc_scalar *@var{s})
+Deallocate storage.
+@end deftypefun
+
+@deftypefun int ecc_scalar_set (struct ecc_scalar *@var{s}, const mpz_t @var{z})
+Check that @var{z} is in the correct range. If so, copies the value to
+@var{s} and returns 1, otherwise returns 0.
+@end deftypefun
+
+@deftypefun void ecc_scalar_get (const struct ecc_scalar *@var{s}, mpz_t @var{z})
+Extracts the scalar, in GMP @code{mpz_t} representation.
+@end deftypefun
+
+To create and verify ECDSA signatures, the following functions are used.
+
+@deftypefun void ecdsa_sign (const struct ecc_scalar *@var{key}, void *@var{random_ctx}, nettle_random_func *@var{random}, unsigned @var{digest_length}, const uint8_t *@var{digest}, struct dsa_signature *@var{signature})
+Uses the private key @var{key} to create a signature on @var{digest}.
+@var{random_ctx} and @var{random} is a randomness generator.
+@code{random(random_ctx, length, dst)} should generate @code{length}
+random octets and store them at @code{dst}. The signature is stored in
+@var{signature}, in the same was as for plain DSA.
+@end deftypefun
+
+@deftypefun int ecdsa_verify (const struct ecc_point *@var{pub}, unsigned @var{length}, const uint8_t *@var{digest}, const struct dsa_signature *@var{signature})
+Uses the public key @var{pub} to verify that @var{signature} is a valid
+signature for the message digest @var{digest} (of @var{length} octets).
+Returns 1 if the signature is valid, otherwise 0.
+@end deftypefun
+
+Finally, to generation of new an ECDSA key pairs
+
+@deftypefun void ecdsa_generate_keypair (struct ecc_point *@var{pub}, struct ecc_scalar *@var{key}, void *@var{random_ctx}, nettle_random_func *@var{random});
+@var{pub} and @var{key} is where the resulting key pair is stored. The
+structs should be initialized, for the desired ECC curve, before you call this function.
+
+@var{random_ctx} and @var{random} is a randomness generator.
+@code{random(random_ctx, length, dst)} should generate @code{length}
+random octets and store them at @code{dst}. For advice, see
+@xref{Randomness}.
+@end deftypefun
+
+@node Randomness, ASCII encoding, Public-key algorithms, Reference
@comment node-name, next, previous, up
@section Randomness
However, such a generator is inadequate for cryptography, for at least
two reasons:
+
@itemize
@item
@end deftp
@defvr Constant YARROW256_SEED_FILE_SIZE
-Recommanded size of the Yarrow-256 seed file.
+Recommended size of the Yarrow-256 seed file.
@end defvr
@deftypefun void yarrow256_init (struct yarrow256_ctx *@var{ctx}, unsigned @var{nsources}, struct yarrow_source *@var{sources})
@code{yarrow256_update}. Usually, 0, 1 or 2 bits.
@end deftypefun
-@node Miscellaneous functions, Compatibility functions, Randomness, Reference
+@node ASCII encoding, Miscellaneous functions, Randomness, Reference
+@comment node-name, next, previous, up
+@section ASCII encoding
+
+Encryption will transform your data from text into binary format, and that
+may be a problem if you want, for example, to send the data as if it was
+plain text in an email (or store it along with descriptive text in a
+file). You may then use an encoding from binary to text: each binary byte
+is translated into a number of bytes of plain text.
+
+A base-N encoding of data is one representation of data that only uses N
+different symbols (instead of the 256 possible values of a byte).
+
+The base64 encoding will always use alphanumeric (upper and lower case)
+characters and the '+', '/' and '=' symbols to represent the data. Four
+output characters are generated for each three bytes of input. In case
+the length of the input is not a multiple of three, padding characters
+are added at the end.
+
+The base16 encoding, also known as ``hexadecimal'', uses the decimal
+digits and the letters from A to F. Two hexadecimal digits are generated
+for each input byte. Base16 may be useful if you want to use the data
+for filenames or URLs, for example.
+
+Nettle supports both base64 and base16 encoding and decoding.
+
+Encoding and decoding uses a context struct to maintain its state (with
+the exception of base16 encoding, which doesn't need any). To encode or
+decode the your data, first initialize the context, then call the update
+function as many times as necessary, and complete the operation by
+calling the final function.
+
+The following functions can be used to perform base64 encoding and decoding.
+They are defined in @file{<nettle/base64.h>}.
+
+@deftp {Context struct} {struct base64_encode_ctx}
+@end deftp
+
+@deftypefun {void} base64_encode_init (struct base64_encode_ctx *@var{ctx})
+Initializes a base64 context. This is necessary before starting an encoding
+session.
+@end deftypefun
+
+
+@deftypefun {unsigned} base64_encode_single (struct base64_encode_ctx *@var{ctx}, uint8_t *@var{dst}, uint8_t @var{src})
+Encodes a single byte. Returns amount of output (always 1 or 2).
+@end deftypefun
+
+@deffn Macro BASE64_ENCODE_LENGTH (@var{length})
+The maximum number of output bytes when passing @var{length} input bytes
+to @code{base64_encode_update}.
+@end deffn
+
+@deftypefun {unsigned} base64_encode_update (struct base64_encode_ctx *@var{ctx}, uint8_t *@var{dst}, unsigned @var{length}, const uint8_t *@var{src})
+After @var{ctx} is initialized, this function may be called to encode @var{length}
+bytes from @var{src}. The result will be placed in @var{dst}, and the return value
+will be the number of bytes generated. Note that @var{dst} must be at least of size
+BASE64_ENCODE_LENGTH(@var{length}).
+@end deftypefun
+
+@defvr Constant BASE64_ENCODE_FINAL_LENGTH
+The maximum amount of output from @code{base64_encode_final}.
+@end defvr
+
+@deftypefun {unsigned} base64_encode_final (struct base64_encode_ctx *@var{ctx}, uint8_t *@var{dst})
+After calling base64_encode_update one or more times, this function
+should be called to generate the final output bytes, including any
+needed paddding. The return value is the number of output bytes
+generated.
+@end deftypefun
+
+@deftp {Context struct} {struct base64_decode_ctx}
+@end deftp
+
+@deftypefun {void} base64_decode_init (struct base64_decode_ctx *@var{ctx})
+Initializes a base64 decoding context. This is necessary before starting a decoding
+session.
+@end deftypefun
+
+@deftypefun {int} base64_decode_single (struct base64_decode_ctx *@var{ctx}, uint8_t *@var{dst}, uint8_t @var{src})
+Decodes a single byte (@var{src}) and stores the result in @var{dst}.
+Returns amount of output (0 or 1), or -1 on errors.
+@end deftypefun
+
+@deffn Macro BASE64_DECODE_LENGTH (@var{length})
+The maximum number of output bytes when passing @var{length} input bytes
+to @code{base64_decode_update}.
+@end deffn
+
+@deftypefun {void} base64_decode_update (struct base64_decode_ctx *@var{ctx}, unsigned *@var{dst_length}, uint8_t *@var{dst}, unsigned @var{src_length}, const uint8_t *@var{src})
+After @var{ctx} is initialized, this function may be called to decode @var{src_length}
+bytes from @var{src}. @var{dst} should point to an area of size at least
+BASE64_DECODE_LENGTH(@var{length}), and for sanity checking, @var{dst_length}
+should be initialized to the size of that area before the call.
+@var{dst_length} is updated to the amount of decoded output. The function will return
+1 on success and 0 on error.
+@end deftypefun
+
+@deftypefun {int} base64_decode_final (struct base64_decode_ctx *@var{ctx})
+Check that final padding is correct. Returns 1 on success, and 0 on
+error.
+@end deftypefun
+
+Similarly to the base64 functions, the following functions perform base16 encoding,
+and are defined in @file{<nettle/base16.h>}. Note that there is no encoding context
+necessary for doing base16 encoding.
+
+@deftypefun {void} base16_encode_single (uint8_t *@var{dst}, uint8_t @var{src})
+Encodes a single byte. Always stores two digits in @var{dst}[0] and @var{dst}[1].
+@end deftypefun
+
+@deffn Macro BASE16_ENCODE_LENGTH (@var{length})
+The number of output bytes when passing @var{length} input bytes to
+@code{base16_encode_update}.
+@end deffn
+
+@deftypefun {void} base16_encode_update (uint8_t *@var{dst}, unsigned @var{length}, const uint8_t *@var{src})
+Always stores BASE16_ENCODE_LENGTH(@var{length}) digits in @var{dst}.
+@end deftypefun
+
+@deftp {Context struct} {struct base16_decode_ctx}
+@end deftp
+
+@deftypefun {void} base16_decode_init (struct base16_decode_ctx *@var{ctx})
+Initializes a base16 decoding context. This is necessary before starting a decoding
+session.
+@end deftypefun
+
+@deftypefun {int} base16_decode_single (struct base16_decode_ctx *@var{ctx}, uint8_t *@var{dst}, uint8_t @var{src})
+Decodes a single byte from @var{src} into @var{dst}. Returns amount of output (0 or 1), or -1 on errors.
+@end deftypefun
+
+@deffn Macro BASE16_DECODE_LENGTH (@var{length})
+The maximum number of output bytes when passing @var{length} input bytes
+to @code{base16_decode_update}.
+@end deffn
+
+@deftypefun {int} base16_decode_update (struct base16_decode_ctx *@var{ctx}, unsigned *@var{dst_length}, uint8_t *@var{dst}, unsigned @var{src_length}, const uint8_t *@var{src})
+After @var{ctx} is initialized, this function may be called to decode @var{src_length}
+bytes from @var{src}. @var{dst} should point to an area of size at least
+BASE16_DECODE_LENGTH(@var{length}), and for sanity checking, @var{dst_length}
+should be initialized to the size of that area before the call.
+@var{dst_length} is updated to the amount of decoded output. The function will return
+1 on success and 0 on error.
+@end deftypefun
+
+@deftypefun {int} base16_decode_final (struct base16_decode_ctx *@var{ctx})
+Checks that the end of data is correct (i.e., an even number of
+hexadecimal digits have been seen). Returns 1 on success, and 0 on
+error.
+@end deftypefun
+
+@node Miscellaneous functions, Compatibility functions, ASCII encoding, Reference
@comment node-name, next, previous, up
@section Miscellaneous functions
@c And the original Swedish version.
@ignore
-Recept på nässelsoppa
+Recept på nässelsoppa
4 portioner
-1 l färska nässlor
-2 msk smör
-3 msk vetemjöl
-1 l kött- eller grönsaksbuljong
+1 l färska nässlor
+2 msk smör
+3 msk vetemjöl
+1 l kött- eller grönsaksbuljong
1/2 tsk salt
1-2 krm peppar
-(lite grädde eller mjölk)
+(lite grädde eller mjölk)
-Plocka 1 liter färska nässlor. Använd handskar! Helst små och späda
-skott, men topparna av större nässlor går också bra.
+Plocka 1 liter färska nässlor. Använd handskar! Helst små och späda
+skott, men topparna av större nässlor går också bra.
-Skölj nässlorna väl. Förväll dem ca 10 minuter i lätt saltat vatten.
-Häll av och spara spadet. Hacka nässlorna. Smält smöret, rör i mjöl och
-späd med buljong och nässelspad. Lägg i de hackade nässlorna. Om så
-önskas, häll i en skvätt mjölk eller grädde. Koka några minuter, och
-smaksätt med salt och peppar.
+Skölj nässlorna väl. Förväll dem ca 10 minuter i lätt saltat vatten.
+Häll av och spara spadet. Hacka nässlorna. Smält smöret, rör i mjöl och
+späd med buljong och nässelspad. Lägg i de hackade nässlorna. Om så
+önskas, häll i en skvätt mjölk eller grädde. Koka några minuter, och
+smaksätt med salt och peppar.
-Servera med kokta ägghalvor.
+Servera med kokta ägghalvor.
@end ignore
@node Installation, Index, Nettle soup, Top
@end example
@noindent
-to install in the default location, @file{/usr/local}. The library files
-are installed in @file{/use/local/lib/libnettle.a}
-@file{/use/local/lib/libhogweed.a} and the include files are installed
-in @file{/use/local/include/nettle/}.
+to install in under the default prefix, @file{/usr/local}.
To get a list of configure options, use @code{./configure --help}.
-By default, only static libraries are built and installed. To also build
-and install shared libraries, use the @option{ --enable-shared} option
-to @command{./configure}.
+By default, both static and shared libraries are built and installed. To
+omit building the shared libraries, use the @option{ --disable-shared}
+option to @command{./configure}.
Using GNU make is recommended. For other make programs, in particular
BSD make, you may have to use the @option{--disable-dependency-tracking}
@c LocalWords: DSA gmp FIPS DSS libdes OpenSSL ARCTWO Josefsson Nikos Andreas
@c LocalWords: Mavroyanopoulos Sigfridsson Comstedt interoperability Sparc IC
@c LocalWords: DES FIXME Rivest's plaintext ciphertext CTR XORed timestamp
-@c LocalWords: XORs cryptologists
+@c LocalWords: XORs cryptologists libnettle libhogweed GCM ECDSA NTT
+@c LocalWords: toolkits BLOWFISH Möller RIPEMD libgcrypt PBKDF Shishi
+@c LocalWords: GnuTLS Gutmann's GOSTHASH GOST Aleksey Kravchenko ECC
+@c LocalWords: rhash Mavrogiannopoulos Keccak Bertoni
+@c LocalWords: Michaël Peeters Assche Dobbertin Antoon Bosselaers KDF
+@c LocalWords: Preneel rôle McGrew Viega KDFs PBKDFs passphrase PRF
+@c LocalWords: th deallocate pre bitsize multi lookup secp startup
+@c LocalWords: typedef typedef
--- /dev/null
+libnettle
+libhogweed
--- /dev/null
+* Mon Mar 18 2013 Anas Nashif <anas.nashif@intel.com> upstream/2.4@4b072d7
+- Fixed package group
+
--- /dev/null
+<manifest>
+ <request>
+ <domain name="_"/>
+ </request>
+ <assign>
+ <filesystem path="/usr/bin/nettle-hash" exec_label="none"/>
+ <filesystem path="/usr/bin/nettle-lfib-stream" exec_label="none"/>
+ <filesystem path="/usr/bin/pkcs1-conv" exec_label="none"/>
+ <filesystem path="/usr/bin/sexp-conv" exec_label="none"/>
+ </assign>
+</manifest>
-%define nettlemajor 4
-%define hogweedmajor 2
-%define develname nettle-devel
-
-Name: nettle
-Summary: Nettle cryptographic library
-Version: 2.1_2.3
-Release: 1
-License: LGPL-2.1+ and GPL-2.0+
-Group: System/Libraries
-URL: http://www.lysator.liu.se/~nisse/nettle/
-Source0: %{name}-%{version}.tar.gz
-BuildRequires: autoconf
-BuildRequires: openssl-devel
-BuildRequires: gmp-devel
+Name: nettle
+Version: 2.7.1
+Release: 0
+Summary: Cryptographic Library
+License: LGPL-2.1+ and GPL-2.0+
+Group: Security/Crypto Libraries
+Source0: ftp://ftp.lysator.liu.se/pub/security/lsh/nettle-%{version}.tar.gz
+Source1: baselibs.conf
+Source1001: nettle.manifest
+BuildRequires: gmp-devel
+BuildRequires: pkgconfig
%description
-Nettle is a cryptographic library that is designed to fit easily in more or less any context:
-In crypto toolkits for object-oriented languages (C++, Python, Pike, ...),
-in applications like LSH or GNUPG, or even in kernel space.
+Nettle is a cryptographic library that is designed to fit easily in more or
+less any context: In crypto toolkits for object-oriented languages (C++,
+Python, Pike, ...), in applications like LSH or GNUPG, or even in kernel space.
-%package -n %develname
-Group: Development/C++
-Summary: Header files for compiling against Nettle library
-Provides: %name-devel = %{version}-%{release}
+%package -n libhogweed
-%description -n %develname
-This is the development package of nettle.
+Summary: Cryptographic Library for Public Key Algorithms
+License: LGPL-2.1+
+Group: Security/Crypto Libraries
+Provides: libhogweed.so.2
+
+%description -n libhogweed
+Nettle is a cryptographic library that is designed to fit easily in more or
+less any context: In crypto toolkits for object-oriented languages (C++,
+Python, Pike, ...), in applications like LSH or GNUPG, or even in kernel space.
+
+The libhogweed library contains public key algorithms to use with libnettle.
+
+%package -n libnettle-devel
+Summary: Cryptographic Library
+License: LGPL-2.1+
+Group: Development/Libraries
+Requires: glibc-devel
+Requires: gmp-devel
+Requires: libhogweed
+Requires: libnettle
+
+%description -n libnettle-devel
+Nettle is a cryptographic library that is designed to fit easily in more or
+less any context: In crypto toolkits for object-oriented languages (C++,
+Python, Pike, ...), in applications like LSH or GNUPG, or even in kernel space.
+
+%package -n libnettle
+
+Summary: Cryptographic Tools
+License: LGPL-2.1+ and GPL-2.0+
+Group: Security/Crypto Libraries
+Provides: libnettle.so.4
+
+%description -n libnettle
+Nettle is a cryptographic library that is designed to fit easily in more or
+less any context: In crypto toolkits for object-oriented languages (C++,
+Python, Pike, ...), in applications like LSH or GNUPG, or even in kernel space.
+
+This package contains a few command-line tools to perform cryptographic
+operations using the nettle library.
%prep
-%setup -q
+%setup -q
+cp %{SOURCE1001} .
%build
-%configure --disable-openssl --enable-shared
-make
+#%configure --disable-static \
+%configure --enable-shared
+
+make %{?_smp_mflags}
+
+%check
+make check
%install
-make install DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p"
-make install-shared DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p"
-rm -f $RPM_BUILD_ROOT%{_libdir}/*.a
-mkdir -p %{buildroot}/usr/share/license
-cp COPYING %{buildroot}/usr/share/license/%{name}
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-%files
-/usr/share/license/%{name}
-%manifest nettle.manifest
-%{_bindir}/*
-%{_infodir}/*
-%{_libdir}/libnettle.so.%{nettlemajor}*
-%{_libdir}/libhogweed.so.%{hogweedmajor}*
-
-%files -n %develname
-%{_libdir}/libnettle.so
-%{_libdir}/libhogweed.so
-%{_includedir}/nettle
+%make_install
-%post -p /sbin/ldconfig
+%post -n libnettle -p /sbin/ldconfig
-%postun -p /sbin/ldconfig
+%postun -n libnettle -p /sbin/ldconfig
+
+%post -n libhogweed -p /sbin/ldconfig
+
+%postun -n libhogweed -p /sbin/ldconfig
-%changelog
-* Wed Nov 27 2013 Keunsoon Lee <keunsoon.lee@samsung.com>
-- [Release] Update changelog for nettle-2.1_2.3
-- Add smack exec_label for several bin file
-* Fri Oct 12 2012 Kwangtae Ko <kwangtae.ko@samsung.com>
-- [Release] Update changelog for nettle-2.1_2.2
+%files -n libnettle
+%manifest %{name}.manifest
+%defattr(-,root,root)
+%doc COPYING*
+%{_libdir}/libnettle.so.*
-* Fri Oct 12 2012 Kwangtae Ko <kwangtae.ko@samsung.com>
-- [Title] Add License Information
+%files -n libhogweed
+%manifest %{name}.manifest
+%defattr(-,root,root)
+%{_libdir}/libhogweed.so.*
-* Fri Sep 21 2012 Kwangtae Ko <kwangtae.ko@samsung.com>
-- [Release] Update changelog for nettle-2.1_2.1
+%files -n libnettle-devel
+%manifest %{name}.manifest
+%defattr(-,root,root)
+%{_includedir}/nettle
+%{_libdir}/libnettle.so
+%{_libdir}/libhogweed.so
+%{_libdir}/pkgconfig/hogweed.pc
+%{_libdir}/pkgconfig/nettle.pc
-* Thu Aug 16 2012 Keunsoon Lee <keunsoon.lee@samsung.net>
-- release nettle-2.1-2
+%files -n nettle
+%manifest %{name}.manifest
+%defattr(-,root,root)
+%{_bindir}/nettle-lfib-stream
+%{_bindir}/pkcs1-conv
+%{_bindir}/sexp-conv
+%{_bindir}/nettle-hash
+
+%changelog
--- /dev/null
+/* pbkdf2-hmac-sha1.c
+ *
+ * PKCS #5 PBKDF2 used with HMAC-SHA1, see RFC 2898.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Simon Josefsson
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "pbkdf2.h"
+
+#include "hmac.h"
+
+void
+pbkdf2_hmac_sha1 (unsigned key_length, const uint8_t *key,
+ unsigned iterations,
+ unsigned salt_length, const uint8_t *salt,
+ unsigned length, uint8_t *dst)
+{
+ struct hmac_sha1_ctx sha1ctx;
+
+ hmac_sha1_set_key (&sha1ctx, key_length, key);
+ PBKDF2 (&sha1ctx, hmac_sha1_update, hmac_sha1_digest,
+ SHA1_DIGEST_SIZE, iterations, salt_length, salt, length, dst);
+}
--- /dev/null
+/* pbkdf2-hmac-sha256.c
+ *
+ * PKCS #5 PBKDF2 used with HMAC-SHA256, see RFC 2898.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Simon Josefsson
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "pbkdf2.h"
+
+#include "hmac.h"
+
+void
+pbkdf2_hmac_sha256 (unsigned key_length, const uint8_t *key,
+ unsigned iterations,
+ unsigned salt_length, const uint8_t *salt,
+ unsigned length, uint8_t *dst)
+{
+ struct hmac_sha256_ctx sha256ctx;
+
+ hmac_sha256_set_key (&sha256ctx, key_length, key);
+ PBKDF2 (&sha256ctx, hmac_sha256_update, hmac_sha256_digest,
+ SHA256_DIGEST_SIZE, iterations, salt_length, salt, length, dst);
+}
--- /dev/null
+/* pbkdf2.c
+ *
+ * PKCS #5 password-based key derivation function PBKDF2, see RFC 2898.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Simon Josefsson, Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "pbkdf2.h"
+
+#include "macros.h"
+#include "memxor.h"
+#include "nettle-internal.h"
+
+void
+pbkdf2 (void *mac_ctx,
+ nettle_hash_update_func *update,
+ nettle_hash_digest_func *digest,
+ unsigned digest_size, unsigned iterations,
+ unsigned salt_length, const uint8_t *salt,
+ unsigned length, uint8_t *dst)
+{
+ TMP_DECL(U, uint8_t, NETTLE_MAX_HASH_DIGEST_SIZE);
+ TMP_DECL(T, uint8_t, NETTLE_MAX_HASH_DIGEST_SIZE);
+
+ unsigned i;
+
+ assert (iterations > 0);
+
+ if (length == 0)
+ return;
+
+ TMP_ALLOC (U, digest_size);
+ TMP_ALLOC (T, digest_size);
+
+ for (i = 1;;
+ i++, dst += digest_size, length -= digest_size)
+ {
+ uint8_t tmp[4];
+ uint8_t *prev;
+ unsigned u;
+
+ WRITE_UINT32 (tmp, i);
+
+ update (mac_ctx, salt_length, salt);
+ update (mac_ctx, sizeof(tmp), tmp);
+ digest (mac_ctx, digest_size, T);
+
+ prev = T;
+
+ for (u = 1; u < iterations; u++, prev = U)
+ {
+ update (mac_ctx, digest_size, prev);
+ digest (mac_ctx, digest_size, U);
+
+ memxor (T, U, digest_size);
+ }
+
+ if (length <= digest_size)
+ {
+ memcpy (dst, T, length);
+ return;
+ }
+ memcpy (dst, T, digest_size);
+ }
+}
--- /dev/null
+/* pbkdf2.h
+ *
+ * PKCS #5 password-based key derivation function PBKDF2, see RFC 2898.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Simon Josefsson
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#ifndef NETTLE_PBKDF2_H_INCLUDED
+#define NETTLE_PBKDF2_H_INCLUDED
+
+#include "nettle-meta.h"
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+/* Namespace mangling */
+#define pbkdf2 nettle_pbkdf2
+#define pbkdf2_hmac_sha1 nettle_pbkdf2_hmac_sha1
+#define pbkdf2_hmac_sha256 nettle_pbkdf2_hmac_sha256
+
+void
+pbkdf2 (void *mac_ctx,
+ nettle_hash_update_func *update,
+ nettle_hash_digest_func *digest,
+ unsigned digest_size, unsigned iterations,
+ unsigned salt_length, const uint8_t *salt,
+ unsigned length, uint8_t *dst);
+
+#define PBKDF2(ctx, update, digest, digest_size, \
+ iterations, salt_length, salt, length, dst) \
+ (0 ? ((update)((ctx), 0, (uint8_t *) 0), \
+ (digest)((ctx), 0, (uint8_t *) 0)) \
+ : pbkdf2 ((ctx), \
+ (nettle_hash_update_func *)(update), \
+ (nettle_hash_digest_func *)(digest), \
+ (digest_size), (iterations), \
+ (salt_length), (salt), (length), (dst)))
+
+/* PBKDF2 with specific PRFs. */
+
+void
+pbkdf2_hmac_sha1 (unsigned key_length, const uint8_t *key,
+ unsigned iterations,
+ unsigned salt_length, const uint8_t *salt,
+ unsigned length, uint8_t *dst);
+
+void
+pbkdf2_hmac_sha256 (unsigned key_length, const uint8_t *key,
+ unsigned iterations,
+ unsigned salt_length, const uint8_t *salt,
+ unsigned length, uint8_t *dst);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* NETTLE_PBKDF2_H_INCLUDED */
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001, 2002 Niels Möller
+ * Copyright (C) 2001, 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
unsigned hash_end;
unsigned sub_packet_start;
uint8_t trailer[6];
- uint8_t digest16[2];
mpz_t s;
/* Signature packet. The packet could reasonably be both smaller and
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001, 2002 Niels Möller
+ * Copyright (C) 2001, 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_PGP_H_INCLUDED
--- /dev/null
+/* pkcs1-decrypt.c
+ *
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2001, 2012 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <string.h>
+
+#include "pkcs1.h"
+
+#include "bignum.h"
+#include "nettle-internal.h"
+
+int
+pkcs1_decrypt (unsigned key_size,
+ const mpz_t m,
+ unsigned *length, uint8_t *message)
+{
+ TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
+ uint8_t *terminator;
+ unsigned padding;
+ unsigned message_length;
+
+ TMP_ALLOC(em, key_size);
+ nettle_mpz_get_str_256(key_size, em, m);
+
+ /* Check format */
+ if (em[0] || em[1] != 2)
+ return 0;
+
+ terminator = memchr(em + 2, 0, key_size - 2);
+
+ if (!terminator)
+ return 0;
+
+ padding = terminator - (em + 2);
+ if (padding < 8)
+ return 0;
+
+ message_length = key_size - 3 - padding;
+
+ if (*length < message_length)
+ return 0;
+
+ memcpy(message, terminator + 1, message_length);
+ *length = message_length;
+
+ return 1;
+}
+
--- /dev/null
+/* pkcs1-encrypt.c
+ *
+ * The RSA publickey algorithm. PKCS#1 encryption.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2001, 2012 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "pkcs1.h"
+
+#include "bignum.h"
+#include "nettle-internal.h"
+
+int
+pkcs1_encrypt (unsigned key_size,
+ /* For padding */
+ void *random_ctx, nettle_random_func *random,
+ unsigned length, const uint8_t *message,
+ mpz_t m)
+{
+ TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
+ unsigned padding;
+ unsigned i;
+
+ /* The message is encoded as a string of the same length as the
+ * modulo n, of the form
+ *
+ * 00 02 pad 00 message
+ *
+ * where padding should be at least 8 pseudorandomly generated
+ * *non-zero* octets. */
+
+ if (length + 11 > key_size)
+ /* Message too long for this key. */
+ return 0;
+
+ /* At least 8 octets of random padding */
+ padding = key_size - length - 3;
+ assert(padding >= 8);
+
+ TMP_ALLOC(em, key_size - 1);
+ em[0] = 2;
+
+ random(random_ctx, padding, em + 1);
+
+ /* Replace 0-octets with 1 */
+ for (i = 0; i<padding; i++)
+ if (!em[i+1])
+ em[i+1] = 1;
+
+ em[padding+1] = 0;
+ memcpy(em + padding + 2, message, length);
+
+ nettle_mpz_set_str_256_u(m, key_size - 1, em);
+ return 1;
+}
--- /dev/null
+/* pkcs1-rsa-digest.c
+ *
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2001, 2003, 2012 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "pkcs1.h"
+
+#include "bignum.h"
+#include "nettle-internal.h"
+
+int
+pkcs1_rsa_digest_encode(mpz_t m, unsigned key_size,
+ unsigned di_length, const uint8_t *digest_info)
+{
+ TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
+ TMP_ALLOC(em, key_size);
+
+ if (_pkcs1_signature_prefix(key_size, em,
+ di_length, digest_info, 0))
+ {
+ nettle_mpz_set_str_256_u(m, key_size, em);
+ return 1;
+ }
+ else
+ return 0;
+}
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001, 2003 Niels Möller
+ * Copyright (C) 2001, 2003 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
};
int
-pkcs1_rsa_md5_encode(mpz_t m, unsigned size, struct md5_ctx *hash)
+pkcs1_rsa_md5_encode(mpz_t m, unsigned key_size, struct md5_ctx *hash)
{
- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
- TMP_ALLOC(em, size);
+ uint8_t *p;
+ TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
+ TMP_ALLOC(em, key_size);
- if (pkcs1_signature_prefix(size, em,
- sizeof(md5_prefix),
- md5_prefix,
- MD5_DIGEST_SIZE))
+ p = _pkcs1_signature_prefix(key_size, em,
+ sizeof(md5_prefix),
+ md5_prefix,
+ MD5_DIGEST_SIZE);
+ if (p)
{
- md5_digest(hash, MD5_DIGEST_SIZE, em + size - MD5_DIGEST_SIZE);
- nettle_mpz_set_str_256_u(m, size, em);
+ md5_digest(hash, MD5_DIGEST_SIZE, p);
+ nettle_mpz_set_str_256_u(m, key_size, em);
return 1;
}
else
}
int
-pkcs1_rsa_md5_encode_digest(mpz_t m, unsigned size, const uint8_t *digest)
+pkcs1_rsa_md5_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest)
{
- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
- TMP_ALLOC(em, size);
+ uint8_t *p;
+ TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
+ TMP_ALLOC(em, key_size);
- if (pkcs1_signature_prefix(size, em,
- sizeof(md5_prefix),
- md5_prefix,
- MD5_DIGEST_SIZE))
+ p = _pkcs1_signature_prefix(key_size, em,
+ sizeof(md5_prefix),
+ md5_prefix,
+ MD5_DIGEST_SIZE);
+ if (p)
{
- memcpy(em + size - MD5_DIGEST_SIZE, digest, MD5_DIGEST_SIZE);
- nettle_mpz_set_str_256_u(m, size, em);
+ memcpy(p, digest, MD5_DIGEST_SIZE);
+ nettle_mpz_set_str_256_u(m, key_size, em);
return 1;
}
else
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001, 2003 Niels Möller
+ * Copyright (C) 2001, 2003 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
};
int
-pkcs1_rsa_sha1_encode(mpz_t m, unsigned size, struct sha1_ctx *hash)
+pkcs1_rsa_sha1_encode(mpz_t m, unsigned key_size, struct sha1_ctx *hash)
{
- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
- TMP_ALLOC(em, size);
+ uint8_t *p;
+ TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
+ TMP_ALLOC(em, key_size);
- if (pkcs1_signature_prefix(size, em,
- sizeof(sha1_prefix),
- sha1_prefix,
- SHA1_DIGEST_SIZE))
+ p = _pkcs1_signature_prefix(key_size, em,
+ sizeof(sha1_prefix),
+ sha1_prefix,
+ SHA1_DIGEST_SIZE);
+ if (p)
{
- sha1_digest(hash, SHA1_DIGEST_SIZE, em + size - SHA1_DIGEST_SIZE);
- nettle_mpz_set_str_256_u(m, size, em);
+ sha1_digest(hash, SHA1_DIGEST_SIZE, p);
+ nettle_mpz_set_str_256_u(m, key_size, em);
return 1;
}
else
}
int
-pkcs1_rsa_sha1_encode_digest(mpz_t m, unsigned size, const uint8_t *digest)
+pkcs1_rsa_sha1_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest)
{
- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
- TMP_ALLOC(em, size);
+ uint8_t *p;
+ TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
+ TMP_ALLOC(em, key_size);
- if (pkcs1_signature_prefix(size, em,
- sizeof(sha1_prefix),
- sha1_prefix,
- SHA1_DIGEST_SIZE))
+ p = _pkcs1_signature_prefix(key_size, em,
+ sizeof(sha1_prefix),
+ sha1_prefix,
+ SHA1_DIGEST_SIZE);
+ if (p)
{
- memcpy(em + size - SHA1_DIGEST_SIZE, digest, SHA1_DIGEST_SIZE);
- nettle_mpz_set_str_256_u(m, size, em);
+ memcpy(p, digest, SHA1_DIGEST_SIZE);
+ nettle_mpz_set_str_256_u(m, key_size, em);
return 1;
}
else
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001, 2003, 2006 Niels Möller
+ * Copyright (C) 2001, 2003, 2006 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
};
int
-pkcs1_rsa_sha256_encode(mpz_t m, unsigned size, struct sha256_ctx *hash)
+pkcs1_rsa_sha256_encode(mpz_t m, unsigned key_size, struct sha256_ctx *hash)
{
- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
- TMP_ALLOC(em, size);
+ uint8_t *p;
+ TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
+ TMP_ALLOC(em, key_size);
- if (pkcs1_signature_prefix(size, em,
- sizeof(sha256_prefix),
- sha256_prefix,
- SHA256_DIGEST_SIZE))
+ p = _pkcs1_signature_prefix(key_size, em,
+ sizeof(sha256_prefix),
+ sha256_prefix,
+ SHA256_DIGEST_SIZE);
+ if (p)
{
- sha256_digest(hash, SHA256_DIGEST_SIZE, em + size - SHA256_DIGEST_SIZE);
- nettle_mpz_set_str_256_u(m, size, em);
+ sha256_digest(hash, SHA256_DIGEST_SIZE, p);
+ nettle_mpz_set_str_256_u(m, key_size, em);
return 1;
}
else
}
int
-pkcs1_rsa_sha256_encode_digest(mpz_t m, unsigned size, const uint8_t *digest)
+pkcs1_rsa_sha256_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest)
{
- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
- TMP_ALLOC(em, size);
+ uint8_t *p;
+ TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
+ TMP_ALLOC(em, key_size);
- if (pkcs1_signature_prefix(size, em,
- sizeof(sha256_prefix),
- sha256_prefix,
- SHA256_DIGEST_SIZE))
+ p = _pkcs1_signature_prefix(key_size, em,
+ sizeof(sha256_prefix),
+ sha256_prefix,
+ SHA256_DIGEST_SIZE);
+ if (p)
{
- memcpy(em + size - SHA256_DIGEST_SIZE, digest, SHA256_DIGEST_SIZE);
- nettle_mpz_set_str_256_u(m, size, em);
+ memcpy(p, digest, SHA256_DIGEST_SIZE);
+ nettle_mpz_set_str_256_u(m, key_size, em);
return 1;
}
else
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001, 2003, 2006, 2010 Niels Möller
+ * Copyright (C) 2001, 2003, 2006, 2010 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
};
int
-pkcs1_rsa_sha512_encode(mpz_t m, unsigned size, struct sha512_ctx *hash)
+pkcs1_rsa_sha512_encode(mpz_t m, unsigned key_size, struct sha512_ctx *hash)
{
- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
- TMP_ALLOC(em, size);
+ uint8_t *p;
+ TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
+ TMP_ALLOC(em, key_size);
- if (pkcs1_signature_prefix(size, em,
- sizeof(sha512_prefix),
- sha512_prefix,
- SHA512_DIGEST_SIZE))
+ p = _pkcs1_signature_prefix(key_size, em,
+ sizeof(sha512_prefix),
+ sha512_prefix,
+ SHA512_DIGEST_SIZE);
+ if (p)
{
- sha512_digest(hash, SHA512_DIGEST_SIZE,
- em + size - SHA512_DIGEST_SIZE);
- nettle_mpz_set_str_256_u(m, size, em);
+ sha512_digest(hash, SHA512_DIGEST_SIZE, p);
+ nettle_mpz_set_str_256_u(m, key_size, em);
return 1;
}
else
}
int
-pkcs1_rsa_sha512_encode_digest(mpz_t m, unsigned size, const uint8_t *digest)
+pkcs1_rsa_sha512_encode_digest(mpz_t m, unsigned key_size, const uint8_t *digest)
{
- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
- TMP_ALLOC(em, size);
+ uint8_t *p;
+ TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_SIZE);
+ TMP_ALLOC(em, key_size);
- if (pkcs1_signature_prefix(size, em,
- sizeof(sha512_prefix),
- sha512_prefix,
- SHA512_DIGEST_SIZE))
+ p = _pkcs1_signature_prefix(key_size, em,
+ sizeof(sha512_prefix),
+ sha512_prefix,
+ SHA512_DIGEST_SIZE);
+ if (p)
{
- memcpy(em + size - SHA512_DIGEST_SIZE, digest, SHA512_DIGEST_SIZE);
- nettle_mpz_set_str_256_u(m, size, em);
+ memcpy(p, digest, SHA512_DIGEST_SIZE);
+ nettle_mpz_set_str_256_u(m, key_size, em);
return 1;
}
else
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2003 Niels Möller
+ * Copyright (C) 2003 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* Formats the PKCS#1 padding, of the form
*
- * 0x01 0xff ... 0xff 0x00 id ...digest...
+ * 0x00 0x01 0xff ... 0xff 0x00 id ...digest...
*
* where the 0xff ... 0xff part consists of at least 8 octets. The
- * total size should be one less than the octet size of n.
+ * total size equals the octet size of n.
*/
-int
-pkcs1_signature_prefix(unsigned size,
- uint8_t *buffer,
- unsigned id_size,
- const uint8_t *id,
- unsigned digest_size)
+uint8_t *
+_pkcs1_signature_prefix(unsigned key_size,
+ uint8_t *buffer,
+ unsigned id_size,
+ const uint8_t *id,
+ unsigned digest_size)
{
unsigned j;
- if (size < 10 + id_size + digest_size)
- return 0;
+ if (key_size < 11 + id_size + digest_size)
+ return NULL;
- j = size - digest_size - id_size;
+ j = key_size - digest_size - id_size;
memcpy (buffer + j, id, id_size);
- buffer[0] = 1;
- buffer[--j] = 0;
+ buffer[0] = 0;
+ buffer[1] = 1;
+ buffer[j-1] = 0;
- assert(j >= 9);
- memset(buffer + 1, 0xff, j - 1);
+ assert(j >= 11);
+ memset(buffer + 2, 0xff, j - 3);
- return 1;
+ return buffer + j + id_size;
}
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2003 Niels Möller
+ * Copyright (C) 2003 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_PKCS1_H_INCLUDED
#endif
/* Name mangling */
-#define pkcs1_signature_prefix nettle_pkcs1_signature_prefix
+#define _pkcs1_signature_prefix _nettle_pkcs1_signature_prefix
+#define pkcs1_rsa_digest_encode nettle_pkcs1_rsa_digest_encode
#define pkcs1_rsa_md5_encode nettle_pkcs1_rsa_md5_encode
#define pkcs1_rsa_md5_encode_digest nettle_pkcs1_rsa_md5_encode_digest
#define pkcs1_rsa_sha1_encode nettle_pkcs1_rsa_sha1_encode
#define pkcs1_rsa_sha256_encode_digest nettle_pkcs1_rsa_sha256_encode_digest
#define pkcs1_rsa_sha512_encode nettle_pkcs1_rsa_sha512_encode
#define pkcs1_rsa_sha512_encode_digest nettle_pkcs1_rsa_sha512_encode_digest
+#define pkcs1_encrypt nettle_pkcs1_encrypt
+#define pkcs1_decrypt nettle_pkcs1_decrypt
struct md5_ctx;
struct sha1_ctx;
struct sha256_ctx;
struct sha512_ctx;
+uint8_t *
+_pkcs1_signature_prefix(unsigned key_size,
+ uint8_t *buffer,
+ unsigned id_size,
+ const uint8_t *id,
+ unsigned digest_size);
+
+int
+pkcs1_encrypt (unsigned key_size,
+ /* For padding */
+ void *random_ctx, nettle_random_func *random,
+ unsigned length, const uint8_t *message,
+ mpz_t m);
+
+int
+pkcs1_decrypt (unsigned key_size,
+ const mpz_t m,
+ unsigned *length, uint8_t *message);
+
int
-pkcs1_signature_prefix(unsigned size,
- uint8_t *buffer,
- unsigned id_size,
- const uint8_t *id,
- unsigned digest_size);
+pkcs1_rsa_digest_encode(mpz_t m, unsigned key_size,
+ unsigned di_length, const uint8_t *digest_info);
int
pkcs1_rsa_md5_encode(mpz_t m, unsigned length, struct md5_ctx *hash);
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
#include "realloc.h"
+/* NOTE: Calling libc realloc with size == 0 is not required to
+ totally free the object, it is allowed to return a valid
+ pointer. */
void *
nettle_realloc(void *ctx UNUSED, void *p, unsigned length)
{
- return realloc(p, length);
+ if (length > 0)
+ return realloc(p, length);
+
+ free(p);
+ return NULL;
}
void *
nettle_xrealloc(void *ctx UNUSED, void *p, unsigned length)
{
- void *n = realloc(p, length);
- if (length && !n)
+ if (length > 0)
{
- fprintf(stderr, "Virtual memory exhausted.\n");
- abort();
+ void *n = realloc(p, length);
+ if (!n)
+ {
+ fprintf(stderr, "Virtual memory exhausted.\n");
+ abort();
+ }
+ return n;
}
- return n;
+ free(p);
+ return NULL;
}
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_REALLOC_H_INCLUDED
extern "C" {
#endif
-typedef void *nettle_realloc_func(void *ctx, void *p, unsigned length);
-
nettle_realloc_func nettle_realloc;
nettle_realloc_func nettle_xrealloc;
--- /dev/null
+/* ripemd160-compress.c - RIPE-MD160 (Transform function) */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <string.h>
+
+#include "ripemd160.h"
+
+#include "macros.h"
+
+
+/****************
+ * Transform the message X which consists of 16 32-bit-words
+ */
+void
+_nettle_ripemd160_compress(uint32_t *state, const uint8_t *data)
+{
+ register uint32_t a,b,c,d,e;
+ uint32_t aa,bb,cc,dd,ee,t;
+ uint32_t x[16];
+
+#ifdef WORDS_BIGENDIAN
+ {
+ int i;
+ for (i=0; i < 16; i++, data += 4 )
+ x[i] = LE_READ_UINT32(data);
+ }
+#else
+ /* memcpy seems a bit faster. Benchmarked on Intel SU4100, it makes
+ the entire update function roughly 6% faster. */
+ memcpy(x, data, sizeof(x));
+#endif
+
+
+#define K0 0x00000000
+#define K1 0x5A827999
+#define K2 0x6ED9EBA1
+#define K3 0x8F1BBCDC
+#define K4 0xA953FD4E
+#define KK0 0x50A28BE6
+#define KK1 0x5C4DD124
+#define KK2 0x6D703EF3
+#define KK3 0x7A6D76E9
+#define KK4 0x00000000
+#define F0(x,y,z) ( (x) ^ (y) ^ (z) )
+#define F1(x,y,z) ( ((x) & (y)) | (~(x) & (z)) )
+#define F2(x,y,z) ( ((x) | ~(y)) ^ (z) )
+#define F3(x,y,z) ( ((x) & (z)) | ((y) & ~(z)) )
+#define F4(x,y,z) ( (x) ^ ((y) | ~(z)) )
+#define R(a,b,c,d,e,f,k,r,s) do { t = a + f(b,c,d) + k + x[r]; \
+ a = ROTL32(s,t) + e; \
+ c = ROTL32(10,c); \
+ } while(0)
+
+ /* left lane */
+ a = state[0];
+ b = state[1];
+ c = state[2];
+ d = state[3];
+ e = state[4];
+ R( a, b, c, d, e, F0, K0, 0, 11 );
+ R( e, a, b, c, d, F0, K0, 1, 14 );
+ R( d, e, a, b, c, F0, K0, 2, 15 );
+ R( c, d, e, a, b, F0, K0, 3, 12 );
+ R( b, c, d, e, a, F0, K0, 4, 5 );
+ R( a, b, c, d, e, F0, K0, 5, 8 );
+ R( e, a, b, c, d, F0, K0, 6, 7 );
+ R( d, e, a, b, c, F0, K0, 7, 9 );
+ R( c, d, e, a, b, F0, K0, 8, 11 );
+ R( b, c, d, e, a, F0, K0, 9, 13 );
+ R( a, b, c, d, e, F0, K0, 10, 14 );
+ R( e, a, b, c, d, F0, K0, 11, 15 );
+ R( d, e, a, b, c, F0, K0, 12, 6 );
+ R( c, d, e, a, b, F0, K0, 13, 7 );
+ R( b, c, d, e, a, F0, K0, 14, 9 );
+ R( a, b, c, d, e, F0, K0, 15, 8 );
+ R( e, a, b, c, d, F1, K1, 7, 7 );
+ R( d, e, a, b, c, F1, K1, 4, 6 );
+ R( c, d, e, a, b, F1, K1, 13, 8 );
+ R( b, c, d, e, a, F1, K1, 1, 13 );
+ R( a, b, c, d, e, F1, K1, 10, 11 );
+ R( e, a, b, c, d, F1, K1, 6, 9 );
+ R( d, e, a, b, c, F1, K1, 15, 7 );
+ R( c, d, e, a, b, F1, K1, 3, 15 );
+ R( b, c, d, e, a, F1, K1, 12, 7 );
+ R( a, b, c, d, e, F1, K1, 0, 12 );
+ R( e, a, b, c, d, F1, K1, 9, 15 );
+ R( d, e, a, b, c, F1, K1, 5, 9 );
+ R( c, d, e, a, b, F1, K1, 2, 11 );
+ R( b, c, d, e, a, F1, K1, 14, 7 );
+ R( a, b, c, d, e, F1, K1, 11, 13 );
+ R( e, a, b, c, d, F1, K1, 8, 12 );
+ R( d, e, a, b, c, F2, K2, 3, 11 );
+ R( c, d, e, a, b, F2, K2, 10, 13 );
+ R( b, c, d, e, a, F2, K2, 14, 6 );
+ R( a, b, c, d, e, F2, K2, 4, 7 );
+ R( e, a, b, c, d, F2, K2, 9, 14 );
+ R( d, e, a, b, c, F2, K2, 15, 9 );
+ R( c, d, e, a, b, F2, K2, 8, 13 );
+ R( b, c, d, e, a, F2, K2, 1, 15 );
+ R( a, b, c, d, e, F2, K2, 2, 14 );
+ R( e, a, b, c, d, F2, K2, 7, 8 );
+ R( d, e, a, b, c, F2, K2, 0, 13 );
+ R( c, d, e, a, b, F2, K2, 6, 6 );
+ R( b, c, d, e, a, F2, K2, 13, 5 );
+ R( a, b, c, d, e, F2, K2, 11, 12 );
+ R( e, a, b, c, d, F2, K2, 5, 7 );
+ R( d, e, a, b, c, F2, K2, 12, 5 );
+ R( c, d, e, a, b, F3, K3, 1, 11 );
+ R( b, c, d, e, a, F3, K3, 9, 12 );
+ R( a, b, c, d, e, F3, K3, 11, 14 );
+ R( e, a, b, c, d, F3, K3, 10, 15 );
+ R( d, e, a, b, c, F3, K3, 0, 14 );
+ R( c, d, e, a, b, F3, K3, 8, 15 );
+ R( b, c, d, e, a, F3, K3, 12, 9 );
+ R( a, b, c, d, e, F3, K3, 4, 8 );
+ R( e, a, b, c, d, F3, K3, 13, 9 );
+ R( d, e, a, b, c, F3, K3, 3, 14 );
+ R( c, d, e, a, b, F3, K3, 7, 5 );
+ R( b, c, d, e, a, F3, K3, 15, 6 );
+ R( a, b, c, d, e, F3, K3, 14, 8 );
+ R( e, a, b, c, d, F3, K3, 5, 6 );
+ R( d, e, a, b, c, F3, K3, 6, 5 );
+ R( c, d, e, a, b, F3, K3, 2, 12 );
+ R( b, c, d, e, a, F4, K4, 4, 9 );
+ R( a, b, c, d, e, F4, K4, 0, 15 );
+ R( e, a, b, c, d, F4, K4, 5, 5 );
+ R( d, e, a, b, c, F4, K4, 9, 11 );
+ R( c, d, e, a, b, F4, K4, 7, 6 );
+ R( b, c, d, e, a, F4, K4, 12, 8 );
+ R( a, b, c, d, e, F4, K4, 2, 13 );
+ R( e, a, b, c, d, F4, K4, 10, 12 );
+ R( d, e, a, b, c, F4, K4, 14, 5 );
+ R( c, d, e, a, b, F4, K4, 1, 12 );
+ R( b, c, d, e, a, F4, K4, 3, 13 );
+ R( a, b, c, d, e, F4, K4, 8, 14 );
+ R( e, a, b, c, d, F4, K4, 11, 11 );
+ R( d, e, a, b, c, F4, K4, 6, 8 );
+ R( c, d, e, a, b, F4, K4, 15, 5 );
+ R( b, c, d, e, a, F4, K4, 13, 6 );
+
+ aa = a; bb = b; cc = c; dd = d; ee = e;
+
+ /* right lane */
+ a = state[0];
+ b = state[1];
+ c = state[2];
+ d = state[3];
+ e = state[4];
+ R( a, b, c, d, e, F4, KK0, 5, 8);
+ R( e, a, b, c, d, F4, KK0, 14, 9);
+ R( d, e, a, b, c, F4, KK0, 7, 9);
+ R( c, d, e, a, b, F4, KK0, 0, 11);
+ R( b, c, d, e, a, F4, KK0, 9, 13);
+ R( a, b, c, d, e, F4, KK0, 2, 15);
+ R( e, a, b, c, d, F4, KK0, 11, 15);
+ R( d, e, a, b, c, F4, KK0, 4, 5);
+ R( c, d, e, a, b, F4, KK0, 13, 7);
+ R( b, c, d, e, a, F4, KK0, 6, 7);
+ R( a, b, c, d, e, F4, KK0, 15, 8);
+ R( e, a, b, c, d, F4, KK0, 8, 11);
+ R( d, e, a, b, c, F4, KK0, 1, 14);
+ R( c, d, e, a, b, F4, KK0, 10, 14);
+ R( b, c, d, e, a, F4, KK0, 3, 12);
+ R( a, b, c, d, e, F4, KK0, 12, 6);
+ R( e, a, b, c, d, F3, KK1, 6, 9);
+ R( d, e, a, b, c, F3, KK1, 11, 13);
+ R( c, d, e, a, b, F3, KK1, 3, 15);
+ R( b, c, d, e, a, F3, KK1, 7, 7);
+ R( a, b, c, d, e, F3, KK1, 0, 12);
+ R( e, a, b, c, d, F3, KK1, 13, 8);
+ R( d, e, a, b, c, F3, KK1, 5, 9);
+ R( c, d, e, a, b, F3, KK1, 10, 11);
+ R( b, c, d, e, a, F3, KK1, 14, 7);
+ R( a, b, c, d, e, F3, KK1, 15, 7);
+ R( e, a, b, c, d, F3, KK1, 8, 12);
+ R( d, e, a, b, c, F3, KK1, 12, 7);
+ R( c, d, e, a, b, F3, KK1, 4, 6);
+ R( b, c, d, e, a, F3, KK1, 9, 15);
+ R( a, b, c, d, e, F3, KK1, 1, 13);
+ R( e, a, b, c, d, F3, KK1, 2, 11);
+ R( d, e, a, b, c, F2, KK2, 15, 9);
+ R( c, d, e, a, b, F2, KK2, 5, 7);
+ R( b, c, d, e, a, F2, KK2, 1, 15);
+ R( a, b, c, d, e, F2, KK2, 3, 11);
+ R( e, a, b, c, d, F2, KK2, 7, 8);
+ R( d, e, a, b, c, F2, KK2, 14, 6);
+ R( c, d, e, a, b, F2, KK2, 6, 6);
+ R( b, c, d, e, a, F2, KK2, 9, 14);
+ R( a, b, c, d, e, F2, KK2, 11, 12);
+ R( e, a, b, c, d, F2, KK2, 8, 13);
+ R( d, e, a, b, c, F2, KK2, 12, 5);
+ R( c, d, e, a, b, F2, KK2, 2, 14);
+ R( b, c, d, e, a, F2, KK2, 10, 13);
+ R( a, b, c, d, e, F2, KK2, 0, 13);
+ R( e, a, b, c, d, F2, KK2, 4, 7);
+ R( d, e, a, b, c, F2, KK2, 13, 5);
+ R( c, d, e, a, b, F1, KK3, 8, 15);
+ R( b, c, d, e, a, F1, KK3, 6, 5);
+ R( a, b, c, d, e, F1, KK3, 4, 8);
+ R( e, a, b, c, d, F1, KK3, 1, 11);
+ R( d, e, a, b, c, F1, KK3, 3, 14);
+ R( c, d, e, a, b, F1, KK3, 11, 14);
+ R( b, c, d, e, a, F1, KK3, 15, 6);
+ R( a, b, c, d, e, F1, KK3, 0, 14);
+ R( e, a, b, c, d, F1, KK3, 5, 6);
+ R( d, e, a, b, c, F1, KK3, 12, 9);
+ R( c, d, e, a, b, F1, KK3, 2, 12);
+ R( b, c, d, e, a, F1, KK3, 13, 9);
+ R( a, b, c, d, e, F1, KK3, 9, 12);
+ R( e, a, b, c, d, F1, KK3, 7, 5);
+ R( d, e, a, b, c, F1, KK3, 10, 15);
+ R( c, d, e, a, b, F1, KK3, 14, 8);
+ R( b, c, d, e, a, F0, KK4, 12, 8);
+ R( a, b, c, d, e, F0, KK4, 15, 5);
+ R( e, a, b, c, d, F0, KK4, 10, 12);
+ R( d, e, a, b, c, F0, KK4, 4, 9);
+ R( c, d, e, a, b, F0, KK4, 1, 12);
+ R( b, c, d, e, a, F0, KK4, 5, 5);
+ R( a, b, c, d, e, F0, KK4, 8, 14);
+ R( e, a, b, c, d, F0, KK4, 7, 6);
+ R( d, e, a, b, c, F0, KK4, 6, 8);
+ R( c, d, e, a, b, F0, KK4, 2, 13);
+ R( b, c, d, e, a, F0, KK4, 13, 6);
+ R( a, b, c, d, e, F0, KK4, 14, 5);
+ R( e, a, b, c, d, F0, KK4, 0, 15);
+ R( d, e, a, b, c, F0, KK4, 3, 13);
+ R( c, d, e, a, b, F0, KK4, 9, 11);
+ R( b, c, d, e, a, F0, KK4, 11, 11);
+
+
+ t = state[1] + d + cc;
+ state[1] = state[2] + e + dd;
+ state[2] = state[3] + a + ee;
+ state[3] = state[4] + b + aa;
+ state[4] = state[0] + c + bb;
+ state[0] = t;
+}
--- /dev/null
+/* ripemd160-meta.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2011 Andres Mejia
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "nettle-meta.h"
+
+#include "ripemd160.h"
+
+const struct nettle_hash nettle_ripemd160
+= _NETTLE_HASH(ripemd160, RIPEMD160);
--- /dev/null
+/* ripemd160.c - RIPE-MD160 */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.
+ * Copyright (C) 2011 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <string.h>
+#include <assert.h>
+
+#include "ripemd160.h"
+
+#include "macros.h"
+#include "nettle-write.h"
+
+/*********************************
+ * RIPEMD-160 is not patented, see (as of 2011-08-28)
+ * http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html
+ * Note that the code uses Little Endian byteorder, which is good for
+ * 386 etc, but we must add some conversion when used on a big endian box.
+ *
+ *
+ * Pseudo-code for RIPEMD-160
+ *
+ * RIPEMD-160 is an iterative hash function that operates on 32-bit words.
+ * The round function takes as input a 5-word chaining variable and a 16-word
+ * message block and maps this to a new chaining variable. All operations are
+ * defined on 32-bit words. Padding is identical to that of MD4.
+ *
+ *
+ * RIPEMD-160: definitions
+ *
+ *
+ * nonlinear functions at bit level: exor, mux, -, mux, -
+ *
+ * f(j, x, y, z) = x XOR y XOR z (0 <= j <= 15)
+ * f(j, x, y, z) = (x AND y) OR (NOT(x) AND z) (16 <= j <= 31)
+ * f(j, x, y, z) = (x OR NOT(y)) XOR z (32 <= j <= 47)
+ * f(j, x, y, z) = (x AND z) OR (y AND NOT(z)) (48 <= j <= 63)
+ * f(j, x, y, z) = x XOR (y OR NOT(z)) (64 <= j <= 79)
+ *
+ *
+ * added constants (hexadecimal)
+ *
+ * K(j) = 0x00000000 (0 <= j <= 15)
+ * K(j) = 0x5A827999 (16 <= j <= 31) int(2**30 x sqrt(2))
+ * K(j) = 0x6ED9EBA1 (32 <= j <= 47) int(2**30 x sqrt(3))
+ * K(j) = 0x8F1BBCDC (48 <= j <= 63) int(2**30 x sqrt(5))
+ * K(j) = 0xA953FD4E (64 <= j <= 79) int(2**30 x sqrt(7))
+ * K'(j) = 0x50A28BE6 (0 <= j <= 15) int(2**30 x cbrt(2))
+ * K'(j) = 0x5C4DD124 (16 <= j <= 31) int(2**30 x cbrt(3))
+ * K'(j) = 0x6D703EF3 (32 <= j <= 47) int(2**30 x cbrt(5))
+ * K'(j) = 0x7A6D76E9 (48 <= j <= 63) int(2**30 x cbrt(7))
+ * K'(j) = 0x00000000 (64 <= j <= 79)
+ *
+ *
+ * selection of message word
+ *
+ * r(j) = j (0 <= j <= 15)
+ * r(16..31) = 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8
+ * r(32..47) = 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12
+ * r(48..63) = 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2
+ * r(64..79) = 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13
+ * r0(0..15) = 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12
+ * r0(16..31)= 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2
+ * r0(32..47)= 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13
+ * r0(48..63)= 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14
+ * r0(64..79)= 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11
+ *
+ *
+ * amount for rotate left (rol)
+ *
+ * s(0..15) = 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8
+ * s(16..31) = 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12
+ * s(32..47) = 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5
+ * s(48..63) = 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12
+ * s(64..79) = 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6
+ * s'(0..15) = 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6
+ * s'(16..31)= 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11
+ * s'(32..47)= 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5
+ * s'(48..63)= 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8
+ * s'(64..79)= 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11
+ *
+ *
+ * initial value (hexadecimal)
+ *
+ * h0 = 0x67452301; h1 = 0xEFCDAB89; h2 = 0x98BADCFE; h3 = 0x10325476;
+ * h4 = 0xC3D2E1F0;
+ *
+ *
+ * RIPEMD-160: pseudo-code
+ *
+ * It is assumed that the message after padding consists of t 16-word blocks
+ * that will be denoted with X[i][j], with 0 <= i <= t-1 and 0 <= j <= 15.
+ * The symbol [+] denotes addition modulo 2**32 and rol_s denotes cyclic left
+ * shift (rotate) over s positions.
+ *
+ *
+ * for i := 0 to t-1 {
+ * A := h0; B := h1; C := h2; D = h3; E = h4;
+ * A' := h0; B' := h1; C' := h2; D' = h3; E' = h4;
+ * for j := 0 to 79 {
+ * T := rol_s(j)(A [+] f(j, B, C, D) [+] X[i][r(j)] [+] K(j)) [+] E;
+ * A := E; E := D; D := rol_10(C); C := B; B := T;
+ * T := rol_s'(j)(A' [+] f(79-j, B', C', D') [+] X[i][r'(j)]
+ [+] K'(j)) [+] E';
+ * A' := E'; E' := D'; D' := rol_10(C'); C' := B'; B' := T;
+ * }
+ * T := h1 [+] C [+] D'; h1 := h2 [+] D [+] E'; h2 := h3 [+] E [+] A';
+ * h3 := h4 [+] A [+] B'; h4 := h0 [+] B [+] C'; h0 := T;
+ * }
+ */
+
+/* Some examples:
+ * "" 9c1185a5c5e9fc54612808977ee8f548b2258d31
+ * "a" 0bdc9d2d256b3ee9daae347be6f4dc835a467ffe
+ * "abc" 8eb208f7e05d987a9b044a8e98c6b087f15a0bfc
+ * "message digest" 5d0689ef49d2fae572b881b123a85ffa21595f36
+ * "a...z" f71c27109c692c1b56bbdceb5b9d2865b3708dbc
+ * "abcdbcde...nopq" 12a053384a9c0c88e405a06c27dcf49ada62eb2b
+ * "A...Za...z0...9" b0e20b6e3116640286ed3a87a5713079b21f5189
+ * 8 times "1234567890" 9b752e45573d4b39f4dbd3323cab82bf63326bfb
+ * 1 million times "a" 52783243c1697bdbe16d37f97f68f08325dc1528
+ */
+
+void
+ripemd160_init(struct ripemd160_ctx *ctx)
+{
+ static const uint32_t iv[_RIPEMD160_DIGEST_LENGTH] =
+ {
+ 0x67452301,
+ 0xEFCDAB89,
+ 0x98BADCFE,
+ 0x10325476,
+ 0xC3D2E1F0,
+ };
+ memcpy(ctx->state, iv, sizeof(ctx->state));
+ ctx->count_low = ctx->count_high = 0;
+ ctx->index = 0;
+}
+
+#define COMPRESS(ctx, data) (_nettle_ripemd160_compress((ctx)->state, (data)))
+
+/* Update the message digest with the contents
+ * of DATA with length LENGTH.
+ */
+void
+ripemd160_update(struct ripemd160_ctx *ctx, unsigned length, const uint8_t *data)
+{
+ MD_UPDATE(ctx, length, data, COMPRESS, MD_INCR(ctx));
+}
+
+void
+ripemd160_digest(struct ripemd160_ctx *ctx, unsigned length, uint8_t *digest)
+{
+ uint32_t high, low;
+
+ assert(length <= RIPEMD160_DIGEST_SIZE);
+
+ MD_PAD(ctx, 8, COMPRESS);
+
+ /* There are 2^9 bits in one block */
+ high = (ctx->count_high << 9) | (ctx->count_low >> 23);
+ low = (ctx->count_low << 9) | (ctx->index << 3);
+ \
+ /* append the 64 bit count */
+ LE_WRITE_UINT32(ctx->block + 56, low);
+ LE_WRITE_UINT32(ctx->block + 60, high);
+ _nettle_ripemd160_compress(ctx->state, ctx->block);
+
+ _nettle_write_le32(length, digest, ctx->state);
+ ripemd160_init(ctx);
+}
--- /dev/null
+/* ripemd160.h
+ *
+ * RIPEMD-160 hash function.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2011 Andres Mejia
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#ifndef NETTLE_RIPEMD160_H_INCLUDED
+#define NETTLE_RIPEMD160_H_INCLUDED
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "nettle-types.h"
+
+/* Name mangling */
+#define ripemd160_init nettle_ripemd160_init
+#define ripemd160_update nettle_ripemd160_update
+#define ripemd160_digest nettle_ripemd160_digest
+
+/* RIPEMD160 */
+
+#define RIPEMD160_DIGEST_SIZE 20
+#define RIPEMD160_DATA_SIZE 64
+
+/* Digest is kept internally as 5 32-bit words. */
+#define _RIPEMD160_DIGEST_LENGTH 5
+
+struct ripemd160_ctx
+{
+ uint32_t state[_RIPEMD160_DIGEST_LENGTH];
+ uint32_t count_low, count_high; /* 64-bit block count */
+ uint8_t block[RIPEMD160_DATA_SIZE];
+ unsigned int index;
+};
+
+void
+ripemd160_init(struct ripemd160_ctx *ctx);
+
+void
+ripemd160_update(struct ripemd160_ctx *ctx,
+ unsigned length,
+ const uint8_t *data);
+
+void
+ripemd160_digest(struct ripemd160_ctx *ctx,
+ unsigned length,
+ uint8_t *digest);
+
+/* Internal compression function. STATE points to 5 uint32_t words,
+ and DATA points to 64 bytes of input data, possibly unaligned. */
+void
+_nettle_ripemd160_compress(uint32_t *state, const uint8_t *data);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* NETTLE_RIPEMD160_H_INCLUDED */
--- /dev/null
+/* rsa-blind.c
+ *
+ * RSA blinding. It is used for timing resistant decryption or signing.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2001, 2012 Niels Möller, Nikos Mavrogiannopoulos
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "rsa.h"
+
+#include "bignum.h"
+
+/* Blinds the c, by computing c *= r^e (mod n), for a random r. Also
+ returns the inverse (ri), for use by rsa_unblind. */
+void
+_rsa_blind (const struct rsa_public_key *pub,
+ void *random_ctx, nettle_random_func *random,
+ mpz_t c, mpz_t ri)
+{
+ mpz_t r;
+
+ mpz_init(r);
+
+ /* c = c*(r^e)
+ * ri = r^(-1)
+ */
+ do
+ {
+ nettle_mpz_random(r, random_ctx, random, pub->n);
+ /* invert r */
+ }
+ while (!mpz_invert (ri, r, pub->n));
+
+ /* c = c*(r^e) mod n */
+ mpz_powm(r, r, pub->e, pub->n);
+ mpz_mul(c, c, r);
+ mpz_fdiv_r(c, c, pub->n);
+
+ mpz_clear(r);
+}
+
+/* c *= ri mod n */
+void
+_rsa_unblind (const struct rsa_public_key *pub, mpz_t c, const mpz_t ri)
+{
+ mpz_mul(c, c, ri);
+ mpz_fdiv_r(c, c, pub->n);
+}
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001 Niels Möller
+ * Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001 Niels Möller
+ * Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_RSA_COMPAT_H_INCLUDED
--- /dev/null
+/* rsa-decrypt-tr.c
+ *
+ * RSA decryption, using randomized RSA blinding to be more resistant
+ * to timing attacks.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2001, 2012 Niels Möller, Nikos Mavrogiannopoulos
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "rsa.h"
+
+#include "bignum.h"
+#include "pkcs1.h"
+
+int
+rsa_decrypt_tr(const struct rsa_public_key *pub,
+ const struct rsa_private_key *key,
+ void *random_ctx, nettle_random_func *random,
+ unsigned *length, uint8_t *message,
+ const mpz_t gibberish)
+{
+ mpz_t m, ri;
+ int res;
+
+ mpz_init_set(m, gibberish);
+ mpz_init (ri);
+
+ _rsa_blind (pub, random_ctx, random, m, ri);
+ rsa_compute_root(key, m, m);
+ _rsa_unblind (pub, m, ri);
+ mpz_clear (ri);
+
+ res = pkcs1_decrypt (key->size, m, length, message);
+ mpz_clear(m);
+ return res;
+}
-/* rsa_decrypt.c
+/* rsa-decrypt.c
*
* The RSA publickey algorithm. PKCS#1 encryption.
*/
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001 Niels Möller
+ * Copyright (C) 2001, 2012 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
-#include <assert.h>
-#include <stdlib.h>
-#include <string.h>
-
#include "rsa.h"
-#include "bignum.h"
-#include "nettle-internal.h"
+#include "pkcs1.h"
int
rsa_decrypt(const struct rsa_private_key *key,
unsigned *length, uint8_t *message,
const mpz_t gibberish)
{
- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
- uint8_t *terminator;
- unsigned padding;
- unsigned message_length;
-
mpz_t m;
+ int res;
mpz_init(m);
rsa_compute_root(key, m, gibberish);
- TMP_ALLOC(em, key->size);
- nettle_mpz_get_str_256(key->size, em, m);
+ res = pkcs1_decrypt (key->size, m, length, message);
mpz_clear(m);
-
- /* Check format */
- if (em[0] || em[1] != 2)
- return 0;
-
- terminator = memchr(em + 2, 0, key->size - 2);
-
- if (!terminator)
- return 0;
-
- padding = terminator - (em + 2);
- if (padding < 8)
- return 0;
-
- message_length = key->size - 3 - padding;
-
- if (*length < message_length)
- return 0;
-
- memcpy(message, terminator + 1, message_length);
- *length = message_length;
-
- return 1;
+ return res;
}
-/* rsa_encrypt.c
+/* rsa-encrypt.c
*
* The RSA publickey algorithm. PKCS#1 encryption.
*/
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001 Niels Möller
+ * Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
-#include <assert.h>
-#include <stdlib.h>
-#include <string.h>
-
#include "rsa.h"
-#include "bignum.h"
-#include "nettle-internal.h"
+#include "pkcs1.h"
int
rsa_encrypt(const struct rsa_public_key *key,
/* For padding */
- void *random_ctx, nettle_random_func random,
+ void *random_ctx, nettle_random_func *random,
unsigned length, const uint8_t *message,
- mpz_t gibbberish)
+ mpz_t gibberish)
{
- TMP_DECL(em, uint8_t, NETTLE_MAX_BIGNUM_BITS / 8);
- unsigned padding;
- unsigned i;
-
- /* The message is encoded as a string of the same length as the
- * modulo n, of the form
- *
- * 00 02 pad 00 message
- *
- * where padding should be at least 8 pseudorandomly generated
- * *non-zero* octets. */
-
- if (length + 11 > key->size)
- /* Message too long for this key. */
+ if (pkcs1_encrypt (key->size, random_ctx, random,
+ length, message, gibberish))
+ {
+ mpz_powm(gibberish, gibberish, key->e, key->n);
+ return 1;
+ }
+ else
return 0;
-
- /* At least 8 octets of random padding */
- padding = key->size - length - 3;
- assert(padding >= 8);
-
- TMP_ALLOC(em, key->size - 1);
- em[0] = 2;
-
- random(random_ctx, padding, em + 1);
-
- /* Replace 0-octets with 1 */
- for (i = 0; i<padding; i++)
- if (!em[i+1])
- em[i+1] = 1;
-
- em[padding+1] = 0;
- memcpy(em + padding + 2, message, length);
-
- nettle_mpz_set_str_256_u(gibbberish, key->size - 1, em);
- mpz_powm(gibbberish, gibbberish, key->e, key->n);
-
- return 1;
}
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
int
rsa_generate_keypair(struct rsa_public_key *pub,
struct rsa_private_key *key,
- void *random_ctx, nettle_random_func random,
- void *progress_ctx, nettle_progress_func progress,
+ void *random_ctx, nettle_random_func *random,
+ void *progress_ctx, nettle_progress_func *progress,
unsigned n_size,
unsigned e_size)
{
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001, 2003 Niels Möller
+ * Copyright (C) 2001, 2003 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
struct md5_ctx *hash,
mpz_t s)
{
- assert(key->size > 0);
-
- if (pkcs1_rsa_md5_encode(s, key->size - 1, hash))
+ if (pkcs1_rsa_md5_encode(s, key->size, hash))
{
rsa_compute_root(key, s, s);
return 1;
const uint8_t *digest,
mpz_t s)
{
- assert(key->size > 0);
-
- if (pkcs1_rsa_md5_encode_digest(s, key->size - 1, digest))
+ if (pkcs1_rsa_md5_encode_digest(s, key->size, digest))
{
rsa_compute_root(key, s, s);
return 1;
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001, 2003 Niels Möller
+ * Copyright (C) 2001, 2003 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
int res;
mpz_t m;
- assert(key->size > 0);
mpz_init(m);
- res = (pkcs1_rsa_md5_encode(m, key->size - 1, hash)
+ res = (pkcs1_rsa_md5_encode(m, key->size, hash)
&& _rsa_verify(key, m, s));
mpz_clear(m);
int res;
mpz_t m;
- assert(key->size > 0);
mpz_init(m);
- res = (pkcs1_rsa_md5_encode_digest(m, key->size - 1, digest)
+ res = (pkcs1_rsa_md5_encode_digest(m, key->size, digest)
&& _rsa_verify(key, m, s));
mpz_clear(m);
--- /dev/null
+/* rsa-pkcs1-sign-tr.c
+ *
+ * Creating timing resistant RSA signatures.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Nikos Mavrogiannopoulos
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "rsa.h"
+
+#include "pkcs1.h"
+
+int
+rsa_pkcs1_sign_tr(const struct rsa_public_key *pub,
+ const struct rsa_private_key *key,
+ void *random_ctx, nettle_random_func *random,
+ unsigned length, const uint8_t *digest_info,
+ mpz_t s)
+{
+ mpz_t ri;
+
+ if (pkcs1_rsa_digest_encode (s, key->size, length, digest_info))
+ {
+ mpz_init (ri);
+
+ _rsa_blind (pub, random_ctx, random, s, ri);
+ rsa_compute_root(key, s, s);
+ _rsa_unblind (pub, s, ri);
+
+ mpz_clear (ri);
+
+ return 1;
+ }
+ else
+ {
+ mpz_set_ui(s, 0);
+ return 0;
+ }
+}
--- /dev/null
+/* rsa-pkcs1-sign.c
+ *
+ * PKCS#1 version 1.5 signatures.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "rsa.h"
+
+#include "pkcs1.h"
+
+int
+rsa_pkcs1_sign(const struct rsa_private_key *key,
+ unsigned length, const uint8_t *digest_info,
+ mpz_t s)
+{
+ if (pkcs1_rsa_digest_encode (s, key->size, length, digest_info))
+ {
+ rsa_compute_root(key, s, s);
+ return 1;
+ }
+ else
+ {
+ mpz_set_ui(s, 0);
+ return 0;
+ }
+}
--- /dev/null
+/* rsa-pkcs1-sign.c
+ *
+ * PKCS#1 version 1.5 signatures.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "rsa.h"
+
+#include "pkcs1.h"
+
+int
+rsa_pkcs1_verify(const struct rsa_public_key *key,
+ unsigned length, const uint8_t *digest_info,
+ const mpz_t s)
+{
+ int res;
+ mpz_t m;
+
+ mpz_init (m);
+
+ res = (pkcs1_rsa_digest_encode (m, key->size, length, digest_info)
+ && _rsa_verify (key, m, s));
+
+ mpz_clear(m);
+
+ return res;
+}
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001, 2003 Niels Möller
+ * Copyright (C) 2001, 2003 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
struct sha1_ctx *hash,
mpz_t s)
{
- assert(key->size > 0);
-
- if (pkcs1_rsa_sha1_encode(s, key->size - 1, hash))
+ if (pkcs1_rsa_sha1_encode(s, key->size, hash))
{
rsa_compute_root(key, s, s);
return 1;
const uint8_t *digest,
mpz_t s)
{
- assert(key->size > 0);
-
- if (pkcs1_rsa_sha1_encode_digest(s, key->size - 1, digest))
+ if (pkcs1_rsa_sha1_encode_digest(s, key->size, digest))
{
rsa_compute_root(key, s, s);
return 1;
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001, 2003 Niels Möller
+ * Copyright (C) 2001, 2003 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
int res;
mpz_t m;
- assert(key->size > 0);
mpz_init(m);
- res = (pkcs1_rsa_sha1_encode(m, key->size - 1, hash)
+ res = (pkcs1_rsa_sha1_encode(m, key->size, hash)
&& _rsa_verify(key, m, s));
mpz_clear(m);
int res;
mpz_t m;
- assert(key->size > 0);
mpz_init(m);
- res = (pkcs1_rsa_sha1_encode_digest(m, key->size - 1, digest)
+ res = (pkcs1_rsa_sha1_encode_digest(m, key->size, digest)
&& _rsa_verify(key, m, s));
mpz_clear(m);
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001, 2003, 2006 Niels Möller
+ * Copyright (C) 2001, 2003, 2006 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
struct sha256_ctx *hash,
mpz_t s)
{
- assert(key->size > 0);
-
- if (pkcs1_rsa_sha256_encode(s, key->size - 1, hash))
+ if (pkcs1_rsa_sha256_encode(s, key->size, hash))
{
rsa_compute_root(key, s, s);
return 1;
const uint8_t *digest,
mpz_t s)
{
- assert(key->size > 0);
-
- if (pkcs1_rsa_sha256_encode_digest(s, key->size - 1, digest))
+ if (pkcs1_rsa_sha256_encode_digest(s, key->size, digest))
{
rsa_compute_root(key, s, s);
return 1;
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001, 2003, 2006 Niels Möller
+ * Copyright (C) 2001, 2003, 2006 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
int res;
mpz_t m;
- assert(key->size > 0);
mpz_init(m);
- res = (pkcs1_rsa_sha256_encode(m, key->size - 1, hash)
+ res = (pkcs1_rsa_sha256_encode(m, key->size, hash)
&&_rsa_verify(key, m, s));
mpz_clear(m);
int res;
mpz_t m;
- assert(key->size > 0);
mpz_init(m);
- res = (pkcs1_rsa_sha256_encode_digest(m, key->size - 1, digest)
+ res = (pkcs1_rsa_sha256_encode_digest(m, key->size, digest)
&& _rsa_verify(key, m, s));
mpz_clear(m);
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001, 2003, 2006, 2010 Niels Möller
+ * Copyright (C) 2001, 2003, 2006, 2010 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
struct sha512_ctx *hash,
mpz_t s)
{
- assert(key->size > 0);
-
- if (pkcs1_rsa_sha512_encode(s, key->size - 1, hash))
+ if (pkcs1_rsa_sha512_encode(s, key->size, hash))
{
rsa_compute_root(key, s, s);
return 1;
const uint8_t *digest,
mpz_t s)
{
- assert(key->size > 0);
-
- if (pkcs1_rsa_sha512_encode_digest(s, key->size - 1, digest))
+ if (pkcs1_rsa_sha512_encode_digest(s, key->size, digest))
{
rsa_compute_root(key, s, s);
return 1;
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001, 2003, 2006, 2010 Niels Möller
+ * Copyright (C) 2001, 2003, 2006, 2010 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
int res;
mpz_t m;
- assert(key->size > 0);
mpz_init(m);
- res = (pkcs1_rsa_sha512_encode(m, key->size - 1, hash)
+ res = (pkcs1_rsa_sha512_encode(m, key->size, hash)
&& _rsa_verify(key, m, s));
mpz_clear(m);
int res;
mpz_t m;
- assert(key->size > 0);
mpz_init(m);
- res = (pkcs1_rsa_sha512_encode_digest(m, key->size - 1, digest)
+ res = (pkcs1_rsa_sha512_encode_digest(m, key->size, digest)
&& _rsa_verify(key, m, s));
mpz_clear(m);
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001, 2003 Niels Möller
+ * Copyright (C) 2001, 2003 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001, 2003 Niels Möller
+ * Copyright (C) 2001, 2003 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001 Niels Möller
+ * Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001, 2002 Niels Möller
+ * Copyright (C) 2001, 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_RSA_H_INCLUDED
#include "nettle-types.h"
#include "md5.h"
-#include "sha.h"
-
-/* For nettle_random_func */
-#include "nettle-meta.h"
+#include "sha1.h"
+#include "sha2.h"
#ifdef __cplusplus
extern "C" {
#define rsa_private_key_init nettle_rsa_private_key_init
#define rsa_private_key_clear nettle_rsa_private_key_clear
#define rsa_private_key_prepare nettle_rsa_private_key_prepare
+#define rsa_pkcs1_verify nettle_rsa_pkcs1_verify
+#define rsa_pkcs1_sign nettle_rsa_pkcs1_sign
+#define rsa_pkcs1_sign_tr nettle_rsa_pkcs1_sign_tr
#define rsa_md5_sign nettle_rsa_md5_sign
#define rsa_md5_verify nettle_rsa_md5_verify
#define rsa_sha1_sign nettle_rsa_sha1_sign
#define rsa_sha512_verify_digest nettle_rsa_sha512_verify_digest
#define rsa_encrypt nettle_rsa_encrypt
#define rsa_decrypt nettle_rsa_decrypt
+#define rsa_decrypt_tr nettle_rsa_decrypt_tr
#define rsa_compute_root nettle_rsa_compute_root
#define rsa_generate_keypair nettle_rsa_generate_keypair
#define rsa_keypair_to_sexp nettle_rsa_keypair_to_sexp
#define rsa_keypair_to_openpgp nettle_rsa_keypair_to_openpgp
#define _rsa_verify _nettle_rsa_verify
#define _rsa_check_size _nettle_rsa_check_size
+#define _rsa_blind _nettle_rsa_blind
+#define _rsa_unblind _nettle_rsa_unblind
/* This limit is somewhat arbitrary. Technically, the smallest modulo
which makes sense at all is 15 = 3*5, phi(15) = 8, size 4 bits. But
/* PKCS#1 style signatures */
int
+rsa_pkcs1_sign(const struct rsa_private_key *key,
+ unsigned length, const uint8_t *digest_info,
+ mpz_t s);
+
+int
+rsa_pkcs1_sign_tr(const struct rsa_public_key *pub,
+ const struct rsa_private_key *key,
+ void *random_ctx, nettle_random_func *random,
+ unsigned length, const uint8_t *digest_info,
+ mpz_t s);
+int
+rsa_pkcs1_verify(const struct rsa_public_key *key,
+ unsigned length, const uint8_t *digest_info,
+ const mpz_t signature);
+
+int
rsa_md5_sign(const struct rsa_private_key *key,
struct md5_ctx *hash,
mpz_t signature);
int
rsa_encrypt(const struct rsa_public_key *key,
/* For padding */
- void *random_ctx, nettle_random_func random,
+ void *random_ctx, nettle_random_func *random,
unsigned length, const uint8_t *cleartext,
mpz_t cipher);
unsigned *length, uint8_t *cleartext,
const mpz_t ciphertext);
+/* Timing-resistant version, using randomized RSA blinding. */
+int
+rsa_decrypt_tr(const struct rsa_public_key *pub,
+ const struct rsa_private_key *key,
+ void *random_ctx, nettle_random_func *random,
+ unsigned *length, uint8_t *message,
+ const mpz_t gibberish);
+
/* Compute x, the e:th root of m. Calling it with x == m is allowed. */
void
rsa_compute_root(const struct rsa_private_key *key,
rsa_generate_keypair(struct rsa_public_key *pub,
struct rsa_private_key *key,
- void *random_ctx, nettle_random_func random,
- void *progress_ctx, nettle_progress_func progress,
+ void *random_ctx, nettle_random_func *random,
+ void *progress_ctx, nettle_progress_func *progress,
/* Desired size of modulo, in bits */
unsigned n_size,
unsigned
_rsa_check_size(mpz_t n);
+void
+_rsa_blind (const struct rsa_public_key *pub,
+ void *random_ctx, nettle_random_func *random,
+ mpz_t c, mpz_t ri);
+void
+_rsa_unblind (const struct rsa_public_key *pub, mpz_t c, const mpz_t ri);
+
#ifdef __cplusplus
}
#endif
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001, 2002 Niels Möller
+ * Copyright (C) 2001, 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
time_t now = time(NULL);
unsigned key_start;
- unsigned key_length;
unsigned userid_start;
struct sha1_ctx key_hash;
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
#! /bin/sh
+# Copyright (C) 2000, 2001, 2002, 2004, 2005, 2011, 2012 Niels Möller
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
failed=0
all=0
export srcdir
# When used in make rules, we sometimes get the filenames VPATH
-# expanded, but usually not.
+# expanded, but usually not.
find_program () {
case "$1" in
*/*)
test_program () {
testname=`basename "$1" .exe`
testname=`basename "$testname" -test`
- "$1" $testflags
+ if [ -z "$EMULATOR" ] || head -1 "$1" | grep '^#!' > /dev/null; then
+ "$1" $testflags
+ else
+ $EMULATOR "$1" $testflags
+ fi
case "$?" in
0)
- echo PASS: $testname
+ echo PASS: $testname
all=`expr $all + 1`
;;
77)
- echo SKIP: $testname
+ echo SKIP: $testname
;;
*)
- echo FAIL: $testname
+ echo FAIL: $testname
failed=`expr $failed + 1`
all=`expr $all + 1`
;;
testflags='-v'
;;
-*)
- echo >&2 'Unknown option `'"$1'"
+ echo >&2 'Unknown option `'"$1'"
exit 1
;;
*)
esac
shift
done
-
+
if [ $# -eq 0 ] ; then
for f in *-test; do test_program "./$f"; done
else
fi
[ "$failed" -eq 0 ]
-
--- /dev/null
+/* salsa20-core-internal.c
+ *
+ * Internal interface to the Salsa20 core function.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Simon Josefsson, Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Based on:
+ salsa20-ref.c version 20051118
+ D. J. Bernstein
+ Public domain.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+#include <string.h>
+
+#include "salsa20.h"
+
+#include "macros.h"
+
+#ifndef SALSA20_DEBUG
+# define SALSA20_DEBUG 0
+#endif
+
+#if SALSA20_DEBUG
+# include <stdio.h>
+# define DEBUG(i) do { \
+ unsigned debug_j; \
+ for (debug_j = 0; debug_j < 16; debug_j++) \
+ { \
+ if (debug_j == 0) \
+ fprintf(stderr, "%2d:", (i)); \
+ else if (debug_j % 4 == 0) \
+ fprintf(stderr, "\n "); \
+ fprintf(stderr, " %8x", x[debug_j]); \
+ } \
+ fprintf(stderr, "\n"); \
+ } while (0)
+#else
+# define DEBUG(i)
+#endif
+
+#ifdef WORDS_BIGENDIAN
+#define LE_SWAP32(v) \
+ ((ROTL32(8, v) & 0x00FF00FFUL) | \
+ (ROTL32(24, v) & 0xFF00FF00UL))
+#else
+#define LE_SWAP32(v) (v)
+#endif
+
+#define QROUND(x0, x1, x2, x3) do { \
+ x1 ^= ROTL32(7, x0 + x3); \
+ x2 ^= ROTL32(9, x1 + x0); \
+ x3 ^= ROTL32(13, x2 + x1); \
+ x0 ^= ROTL32(18, x3 + x2); \
+ } while(0)
+
+void
+_salsa20_core(uint32_t *dst, const uint32_t *src, unsigned rounds)
+{
+ uint32_t x[_SALSA20_INPUT_LENGTH];
+ unsigned i;
+
+ assert ( (rounds & 1) == 0);
+
+ memcpy (x, src, sizeof(x));
+ for (i = 0; i < rounds;i += 2)
+ {
+ DEBUG (i);
+ QROUND(x[0], x[4], x[8], x[12]);
+ QROUND(x[5], x[9], x[13], x[1]);
+ QROUND(x[10], x[14], x[2], x[6]);
+ QROUND(x[15], x[3], x[7], x[11]);
+
+ DEBUG (i+1);
+ QROUND(x[0], x[1], x[2], x[3]);
+ QROUND(x[5], x[6], x[7], x[4]);
+ QROUND(x[10], x[11], x[8], x[9]);
+ QROUND(x[15], x[12], x[13], x[14]);
+ }
+ DEBUG (i);
+
+ for (i = 0; i < _SALSA20_INPUT_LENGTH; i++)
+ {
+ uint32_t t = x[i] + src[i];
+ dst[i] = LE_SWAP32 (t);
+ }
+}
--- /dev/null
+/* salsa20-crypt.c
+ *
+ * The Salsa20 stream cipher.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Simon Josefsson
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Based on:
+ salsa20-ref.c version 20051118
+ D. J. Bernstein
+ Public domain.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <string.h>
+
+#include "salsa20.h"
+
+#include "macros.h"
+#include "memxor.h"
+
+void
+salsa20_crypt(struct salsa20_ctx *ctx,
+ unsigned length,
+ uint8_t *c,
+ const uint8_t *m)
+{
+ if (!length)
+ return;
+
+ for (;;)
+ {
+ uint32_t x[_SALSA20_INPUT_LENGTH];
+
+ _salsa20_core (x, ctx->input, 20);
+
+ ctx->input[9] += (++ctx->input[8] == 0);
+
+ /* stopping at 2^70 length per nonce is user's responsibility */
+
+ if (length <= SALSA20_BLOCK_SIZE)
+ {
+ memxor3 (c, m, (uint8_t *) x, length);
+ return;
+ }
+ memxor3 (c, m, (uint8_t *) x, SALSA20_BLOCK_SIZE);
+
+ length -= SALSA20_BLOCK_SIZE;
+ c += SALSA20_BLOCK_SIZE;
+ m += SALSA20_BLOCK_SIZE;
+ }
+}
--- /dev/null
+/* salsa20-set-key.c
+ *
+ * The Salsa20 stream cipher.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Simon Josefsson, Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Based on:
+ salsa20-ref.c version 20051118
+ D. J. Bernstein
+ Public domain.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "salsa20.h"
+
+#include "macros.h"
+
+void
+salsa20_set_key(struct salsa20_ctx *ctx,
+ unsigned length, const uint8_t *key)
+{
+ static const uint32_t sigma[4] = {
+ /* "expand 32-byte k" */
+ 0x61707865, 0x3320646e, 0x79622d32, 0x6b206574
+ };
+ static const uint32_t tau[4] = {
+ /* "expand 16-byte k" */
+ 0x61707865, 0x3120646e, 0x79622d36, 0x6b206574
+ };
+ const uint32_t *constants;
+
+ assert (length == SALSA20_MIN_KEY_SIZE || length == SALSA20_MAX_KEY_SIZE);
+
+ ctx->input[1] = LE_READ_UINT32(key + 0);
+ ctx->input[2] = LE_READ_UINT32(key + 4);
+ ctx->input[3] = LE_READ_UINT32(key + 8);
+ ctx->input[4] = LE_READ_UINT32(key + 12);
+ if (length == SALSA20_MAX_KEY_SIZE) { /* recommended */
+ ctx->input[11] = LE_READ_UINT32(key + 16);
+ ctx->input[12] = LE_READ_UINT32(key + 20);
+ ctx->input[13] = LE_READ_UINT32(key + 24);
+ ctx->input[14] = LE_READ_UINT32(key + 28);
+ constants = sigma;
+ } else { /* kbits == 128 */
+ ctx->input[11] = ctx->input[1];
+ ctx->input[12] = ctx->input[2];
+ ctx->input[13] = ctx->input[3];
+ ctx->input[14] = ctx->input[4];
+ constants = tau;
+ }
+ ctx->input[0] = constants[0];
+ ctx->input[5] = constants[1];
+ ctx->input[10] = constants[2];
+ ctx->input[15] = constants[3];
+}
+
+void
+salsa20_set_iv(struct salsa20_ctx *ctx, const uint8_t *iv)
+{
+ ctx->input[6] = LE_READ_UINT32(iv + 0);
+ ctx->input[7] = LE_READ_UINT32(iv + 4);
+ ctx->input[8] = 0;
+ ctx->input[9] = 0;
+}
--- /dev/null
+/* salsa20.h
+ *
+ * The Salsa20 stream cipher.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Simon Josefsson
+ * Copyright (C) 2001 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#ifndef NETTLE_SALSA20_H_INCLUDED
+#define NETTLE_SALSA20_H_INCLUDED
+
+#include "nettle-types.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Name mangling */
+#define salsa20_set_key nettle_salsa20_set_key
+#define salsa20_set_iv nettle_salsa20_set_iv
+#define salsa20_crypt nettle_salsa20_crypt
+#define _salsa20_core _nettle_salsa20_core
+
+#define salsa20r12_crypt nettle_salsa20r12_crypt
+
+/* Minimum and maximum keysizes, and a reasonable default. In
+ * octets.*/
+#define SALSA20_MIN_KEY_SIZE 16
+#define SALSA20_MAX_KEY_SIZE 32
+#define SALSA20_KEY_SIZE 32
+#define SALSA20_BLOCK_SIZE 64
+
+#define SALSA20_IV_SIZE 8
+
+#define _SALSA20_INPUT_LENGTH 16
+
+struct salsa20_ctx
+{
+ /* Indices 1-4 and 11-14 holds the key (two identical copies for the
+ shorter key size), indices 0, 5, 10, 15 are constant, indices 6, 7
+ are the IV, and indices 8, 9 are the block counter:
+
+ C K K K
+ K C I I
+ B B C K
+ K K K C
+ */
+ uint32_t input[_SALSA20_INPUT_LENGTH];
+};
+
+void
+salsa20_set_key(struct salsa20_ctx *ctx,
+ unsigned length, const uint8_t *key);
+
+void
+salsa20_set_iv(struct salsa20_ctx *ctx, const uint8_t *iv);
+
+void
+salsa20_crypt(struct salsa20_ctx *ctx,
+ unsigned length, uint8_t *dst,
+ const uint8_t *src);
+
+void
+salsa20r12_crypt(struct salsa20_ctx *ctx,
+ unsigned length, uint8_t *dst,
+ const uint8_t *src);
+
+void
+_salsa20_core(uint32_t *dst, const uint32_t *src, unsigned rounds);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* NETTLE_SALSA20_H_INCLUDED */
--- /dev/null
+/* salsa20r12-crypt.c
+ *
+ * The Salsa20 stream cipher.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Nikos Mavrogiannopoulos
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Based on:
+ salsa20-ref.c version 20051118
+ D. J. Bernstein
+ Public domain.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <string.h>
+
+#include "salsa20.h"
+
+#include "macros.h"
+#include "memxor.h"
+
+void
+salsa20r12_crypt(struct salsa20_ctx *ctx,
+ unsigned length,
+ uint8_t *c,
+ const uint8_t *m)
+{
+ uint32_t x[_SALSA20_INPUT_LENGTH];
+
+ if (!length)
+ return;
+
+ for (;;)
+ {
+
+ _salsa20_core (x, ctx->input, 12);
+
+ ctx->input[9] += (++ctx->input[8] == 0);
+
+ /* stopping at 2^70 length per nonce is user's responsibility */
+
+ if (length <= SALSA20_BLOCK_SIZE)
+ {
+ memxor3 (c, m, (uint8_t *) x, length);
+ return;
+ }
+ memxor3 (c, m, (uint8_t *) x, SALSA20_BLOCK_SIZE);
+
+ length -= SALSA20_BLOCK_SIZE;
+ c += SALSA20_BLOCK_SIZE;
+ m += SALSA20_BLOCK_SIZE;
+ }
+}
--- /dev/null
+/* sec-add-1.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "ecc-internal.h"
+
+mp_limb_t
+sec_add_1 (mp_limb_t *rp, mp_limb_t *ap, mp_size_t n, mp_limb_t b)
+{
+ mp_size_t i;
+ for (i = 0; i < n; i++)
+ {
+ mp_limb_t r = ap[i] + b;
+ b = (r < b);
+ rp[i] = r;
+ }
+ return b;
+}
--- /dev/null
+/* sec-modinv.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "ecc-internal.h"
+
+static void
+cnd_neg (int cnd, mp_limb_t *rp, const mp_limb_t *ap, mp_size_t n)
+{
+ mp_limb_t cy = (cnd != 0);
+ mp_limb_t mask = -cy;
+ mp_size_t i;
+
+ for (i = 0; i < n; i++)
+ {
+ mp_limb_t r = (ap[i] ^ mask) + cy;
+ cy = r < cy;
+ rp[i] = r;
+ }
+}
+
+static void
+cnd_swap (int cnd, mp_limb_t *ap, mp_limb_t *bp, mp_size_t n)
+{
+ mp_limb_t mask = - (mp_limb_t) (cnd != 0);
+ mp_size_t i;
+ for (i = 0; i < n; i++)
+ {
+ mp_limb_t a, b, t;
+ a = ap[i];
+ b = bp[i];
+ t = (a ^ b) & mask;
+ ap[i] = a ^ t;
+ bp[i] = b ^ t;
+ }
+}
+
+/* Compute a^{-1} mod m, with running time depending only on the size.
+ Also needs (m+1)/2, and m must be odd. */
+void
+sec_modinv (mp_limb_t *vp, mp_limb_t *ap, mp_size_t n,
+ const mp_limb_t *mp, const mp_limb_t *mp1h, mp_size_t bit_size,
+ mp_limb_t *scratch)
+{
+#define bp scratch
+#define dp (scratch + n)
+#define up (scratch + 2*n)
+
+ /* Avoid the mp_bitcnt_t type for compatibility with older GMP
+ versions. */
+ unsigned i;
+
+ /* Maintain
+
+ a = u * orig_a (mod m)
+ b = v * orig_a (mod m)
+
+ and b odd at all times. Initially,
+
+ a = a_orig, u = 1
+ b = m, v = 0
+ */
+
+ assert (ap != vp);
+
+ up[0] = 1;
+ mpn_zero (up+1, n - 1);
+ mpn_copyi (bp, mp, n);
+ mpn_zero (vp, n);
+
+ for (i = bit_size + GMP_NUMB_BITS * n; i-- > 0; )
+ {
+ mp_limb_t odd, swap, cy;
+
+ /* Always maintain b odd. The logic of the iteration is as
+ follows. For a, b:
+
+ odd = a & 1
+ a -= odd * b
+ if (underflow from a-b)
+ {
+ b += a, assigns old a
+ a = B^n-a
+ }
+
+ a /= 2
+
+ For u, v:
+
+ if (underflow from a - b)
+ swap u, v
+ u -= odd * v
+ if (underflow from u - v)
+ u += m
+
+ u /= 2
+ if (a one bit was shifted out)
+ u += (m+1)/2
+
+ As long as a > 0, the quantity
+
+ (bitsize of a) + (bitsize of b)
+
+ is reduced by at least one bit per iteration, hence after
+ (bit_size of orig_a) + (bit_size of m) - 1 iterations we
+ surely have a = 0. Then b = gcd(orig_a, m) and if b = 1 then
+ also v = orig_a^{-1} (mod m)
+ */
+
+ assert (bp[0] & 1);
+ odd = ap[0] & 1;
+
+ /* Which variant is fastest depends on the speed of the various
+ cnd_* functions. Assembly implementation would help. */
+#if 1
+ swap = cnd_sub_n (odd, ap, bp, n);
+ cnd_add_n (swap, bp, ap, n);
+ cnd_neg (swap, ap, ap, n);
+#else
+ swap = odd & mpn_sub_n (dp, ap, bp, n);
+ cnd_copy (swap, bp, ap, n);
+ cnd_neg (swap, dp, dp, n);
+ cnd_copy (odd, ap, dp, n);
+#endif
+
+#if 1
+ cnd_swap (swap, up, vp, n);
+ cy = cnd_sub_n (odd, up, vp, n);
+ cy -= cnd_add_n (cy, up, mp, n);
+#else
+ cy = cnd_sub_n (odd, up, vp, n);
+ cnd_add_n (swap, vp, up, n);
+ cnd_neg (swap, up, up, n);
+ cnd_add_n (cy ^ swap, up, mp, n);
+#endif
+ cy = mpn_rshift (ap, ap, n, 1);
+ assert (cy == 0);
+ cy = mpn_rshift (up, up, n, 1);
+ cy = cnd_add_n (cy, up, mp1h, n);
+ assert (cy == 0);
+ }
+ assert ( (ap[0] | ap[n-1]) == 0);
+#undef bp
+#undef dp
+#undef up
+}
--- /dev/null
+/* sec-add-1.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "ecc-internal.h"
+
+mp_limb_t
+sec_sub_1 (mp_limb_t *rp, mp_limb_t *ap, mp_size_t n, mp_limb_t b)
+{
+ mp_size_t i;
+ for (i = 0; i < n; i++)
+ {
+ mp_limb_t a;
+ a = ap[i];
+ rp[i] = a - b;
+ b = a < b;
+ }
+ return b;
+}
--- /dev/null
+/* sec-tabselect.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "ecc-internal.h"
+
+/* Copy the k'th element of the table out tn elements, each of size
+ rn. Always read complete table. Similar to gmp's mpn_tabselect. */
+/* FIXME: Should we need to volatile declare anything? */
+void
+sec_tabselect (mp_limb_t *rp, mp_size_t rn,
+ const mp_limb_t *table, unsigned tn,
+ unsigned k)
+{
+ const mp_limb_t *end = table + tn * rn;
+ const mp_limb_t *p;
+ mp_size_t i;
+
+ assert (k < tn);
+ mpn_zero (rp, rn);
+ for (p = table; p < end; p += rn, k--)
+ {
+ mp_limb_t mask = - (mp_limb_t) (k == 0);
+ for (i = 0; i < rn; i++)
+ rp[i] += mask & p[i];
+ }
+}
--- /dev/null
+/* serpent-decrypt.c
+ *
+ * The serpent block cipher.
+ *
+ * For more details on this algorithm, see the Serpent website at
+ * http://www.cl.cam.ac.uk/~rja14/serpent.html
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2011 Niels Möller
+ * Copyright (C) 2010, 2011 Simon Josefsson
+ * Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc.
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* This file is derived from cipher/serpent.c in Libgcrypt v1.4.6.
+ The adaption to Nettle was made by Simon Josefsson on 2010-12-07
+ with final touches on 2011-05-30. Changes include replacing
+ libgcrypt with nettle in the license template, renaming
+ serpent_context to serpent_ctx, renaming u32 to uint32_t, removing
+ libgcrypt stubs and selftests, modifying entry function prototypes,
+ using FOR_BLOCKS to iterate through data in encrypt/decrypt, using
+ LE_READ_UINT32 and LE_WRITE_UINT32 to access data in
+ encrypt/decrypt, and running indent on the code. */
+
+#if HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <assert.h>
+#include <limits.h>
+
+#include "serpent.h"
+
+#include "macros.h"
+#include "serpent-internal.h"
+
+/* These are the S-Boxes of Serpent. They are copied from Serpents
+ reference implementation (the optimized one, contained in
+ `floppy2') and are therefore:
+
+ Copyright (C) 1998 Ross Anderson, Eli Biham, Lars Knudsen.
+
+ To quote the Serpent homepage
+ (http://www.cl.cam.ac.uk/~rja14/serpent.html):
+
+ "Serpent is now completely in the public domain, and we impose no
+ restrictions on its use. This was announced on the 21st August at
+ the First AES Candidate Conference. The optimised implementations
+ in the submission package are now under the GNU PUBLIC LICENSE
+ (GPL), although some comments in the code still say otherwise. You
+ are welcome to use Serpent for any application." */
+
+/* S0 inverse: 13 3 11 0 10 6 5 12 1 14 4 7 15 9 8 2 */
+/* Original single-assignment form:
+
+ t01 = x2 ^ x3;
+ t02 = x0 | x1;
+ t03 = x1 | x2;
+ t04 = x2 & t01;
+ t05 = t02 ^ t01;
+ t06 = x0 | t04;
+ y2 = ~ t05;
+ t08 = x1 ^ x3;
+ t09 = t03 & t08;
+ t10 = x3 | y2;
+ y1 = t09 ^ t06;
+ t12 = x0 | t05;
+ t13 = y1 ^ t12;
+ t14 = t03 ^ t10;
+ t15 = x0 ^ x2;
+ y3 = t14 ^ t13;
+ t17 = t05 & t13;
+ t18 = t14 | t17;
+ y0 = t15 ^ t18;
+*/
+#define SBOX0_INVERSE(x0, x1, x2, x3, y0, y1, y2, y3) \
+ do { \
+ y0 = x0 ^ x2; \
+ y2 = x0 | x1; \
+ y1 = x2 ^ x3; \
+ y2 ^= y1; \
+ y1 &= x2; \
+ x2 |= x1; \
+ x1 ^= x3; \
+ y1 |= x0; \
+ x1 &= x2; \
+ y1 ^= x1; \
+ x0 |= y2; \
+ x0 ^= y1; \
+ x1 = y2 & x0; \
+ y2 = ~ y2; \
+ x3 |= y2; \
+ x3 ^= x2; \
+ y3 = x3 ^ x0; \
+ x1 |= x3; \
+ y0 ^= x1; \
+ } while (0)
+
+/* S1 inverse: 5 8 2 14 15 6 12 3 11 4 7 9 1 13 10 0 */
+/* Original single-assignment form:
+ t01 = x0 ^ x1;
+ t02 = x1 | x3;
+ t03 = x0 & x2;
+ t04 = x2 ^ t02;
+ t05 = x0 | t04;
+ t06 = t01 & t05;
+ t07 = x3 | t03;
+ t08 = x1 ^ t06;
+ t09 = t07 ^ t06;
+ t10 = t04 | t03;
+ t11 = x3 & t08;
+ y2 = ~ t09;
+ y1 = t10 ^ t11;
+ t14 = x0 | y2;
+ t15 = t06 ^ y1;
+ y3 = t01 ^ t04;
+ t17 = x2 ^ t15;
+ y0 = t14 ^ t17;
+*/
+#define SBOX1_INVERSE(x0, x1, x2, x3, y0, y1, y2, y3) \
+ do { \
+ y1 = x1 | x3; \
+ y1 ^= x2; \
+ y3 = x0 ^ x1; \
+ y0 = x0 | y1; \
+ y0 &= y3; \
+ x1 ^= y0; \
+ y3 ^= y1; \
+ x1 &= x3; \
+ y2 = x0 & x2; \
+ y1 |= y2; \
+ y2 |= x3; \
+ y2 ^= y0; \
+ y2 = ~ y2; \
+ y1 ^= x1; \
+ y0 ^= y1; \
+ y0 ^= x2; \
+ x0 |= y2; \
+ y0 ^= x0; \
+ } while (0)
+
+/* S2 inverse: 12 9 15 4 11 14 1 2 0 3 6 13 5 8 10 7 */
+/* Original single-assignment form:
+ t01 = x0 ^ x3;
+ t02 = x2 ^ x3;
+ t03 = x0 & x2;
+ t04 = x1 | t02;
+ y0 = t01 ^ t04;
+ t06 = x0 | x2;
+ t07 = x3 | y0;
+ t08 = ~ x3;
+ t09 = x1 & t06;
+ t10 = t08 | t03;
+ t11 = x1 & t07;
+ t12 = t06 & t02;
+ y3 = t09 ^ t10;
+ y1 = t12 ^ t11;
+ t15 = x2 & y3;
+ t16 = y0 ^ y1;
+ t17 = t10 ^ t15;
+ y2 = t16 ^ t17;
+*/
+#define SBOX2_INVERSE(x0, x1, x2, x3, y0, y1, y2, y3) \
+ do { \
+ y0 = x0 ^ x3; \
+ y2 = x2 ^ x3; \
+ y1 = x1 | y2; \
+ y0 ^= y1; \
+ y1 = x3 | y0; \
+ y1 &= x1; \
+ x3 = ~ x3; \
+ y3 = x0 | x2; \
+ y2 &= y3; \
+ y1 ^= y2; \
+ y3 &= x1; \
+ x0 &= x2; \
+ x0 |= x3; \
+ y3 ^= x0; \
+ x2 &= y3; \
+ x2 ^= x0; \
+ y2 = y0 ^ y1; \
+ y2 ^= x2; \
+ } while (0)
+
+/* S3 inverse: 0 9 10 7 11 14 6 13 3 5 12 2 4 8 15 1 */
+/* Original single-assignment form:
+ t01 = x2 | x3;
+ t02 = x0 | x3;
+ t03 = x2 ^ t02;
+ t04 = x1 ^ t02;
+ t05 = x0 ^ x3;
+ t06 = t04 & t03;
+ t07 = x1 & t01;
+ y2 = t05 ^ t06;
+ t09 = x0 ^ t03;
+ y0 = t07 ^ t03;
+ t11 = y0 | t05;
+ t12 = t09 & t11;
+ t13 = x0 & y2;
+ t14 = t01 ^ t05;
+ y1 = x1 ^ t12;
+ t16 = x1 | t13;
+ y3 = t14 ^ t16;
+*/
+#define SBOX3_INVERSE(x0, x1, x2, x3, y0, y1, y2, y3) \
+ do { \
+ y3 = x2 | x3; \
+ y0 = x1 & y3; \
+ y2 = x0 | x3; \
+ y1 = x2 ^ y2; \
+ y0 ^= y1; \
+ x3 ^= x0; \
+ y3 ^= x3; \
+ y2 ^= x1; \
+ y2 &= y1; \
+ y2 ^= x3; \
+ y1 ^= x0; \
+ x3 |= y0; \
+ y1 &= x3; \
+ y1 ^= x1; \
+ x0 &= y2; \
+ x0 |= x1; \
+ y3 ^= x0; \
+ } while (0)
+
+/* S4 inverse: 5 0 8 3 10 9 7 14 2 12 11 6 4 15 13 1 */
+/* Original single-assignment form:
+ t01 = x1 | x3;
+ t02 = x2 | x3;
+ t03 = x0 & t01;
+ t04 = x1 ^ t02;
+ t05 = x2 ^ x3;
+ t06 = ~ t03;
+ t07 = x0 & t04;
+ y1 = t05 ^ t07;
+ t09 = y1 | t06;
+ t10 = x0 ^ t07;
+ t11 = t01 ^ t09;
+ t12 = x3 ^ t04;
+ t13 = x2 | t10;
+ y3 = t03 ^ t12;
+ t15 = x0 ^ t04;
+ y2 = t11 ^ t13;
+ y0 = t15 ^ t09;
+*/
+#define SBOX4_INVERSE(x0, x1, x2, x3, y0, y1, y2, y3) \
+ do { \
+ y1 = x2 ^ x3; \
+ y2 = x2 | x3; \
+ y2 ^= x1; \
+ x1 |= x3; \
+ y0 = x0 ^ y2; \
+ x3 ^= y2; \
+ y2 &= x0; \
+ y1 ^= y2; \
+ y2 ^= x0; \
+ y2 |= x2; \
+ x0 &= x1; \
+ y3 = x0 ^ x3; \
+ x0 = ~ x0; \
+ x0 |= y1; \
+ y0 ^= x0; \
+ x0 ^= x1; \
+ y2 ^= x0; \
+ } while (0)
+
+/* S5 inverse: 8 15 2 9 4 1 13 14 11 6 5 3 7 12 10 0 */
+/* Original single-assignment form:
+ t01 = x0 & x3;
+ t02 = x2 ^ t01;
+ t03 = x0 ^ x3;
+ t04 = x1 & t02;
+ t05 = x0 & x2;
+ y0 = t03 ^ t04;
+ t07 = x0 & y0;
+ t08 = t01 ^ y0;
+ t09 = x1 | t05;
+ t10 = ~ x1;
+ y1 = t08 ^ t09;
+ t12 = t10 | t07;
+ t13 = y0 | y1;
+ y3 = t02 ^ t12;
+ t15 = t02 ^ t13;
+ t16 = x1 ^ x3;
+ y2 = t16 ^ t15;
+*/
+#define SBOX5_INVERSE(x0, x1, x2, x3, y0, y1, y2, y3) \
+ do { \
+ y1 = x0 & x3; \
+ y3 = x2 ^ y1; \
+ y0 = x1 & y3; \
+ y2 = x0 ^ x3; \
+ x3 ^= x1; \
+ y0 ^= y2; \
+ x2 &= x0; \
+ x0 &= y0; \
+ x2 |= x1; \
+ y1 ^= y0; \
+ y1 ^= x2; \
+ y2 = y0 | y1; \
+ y2 ^= y3; \
+ y2 ^= x3; \
+ x1 = ~ x1; \
+ x1 |= x0; \
+ y3 ^= x1; \
+ } while (0)
+
+/* S6 inverse: 15 10 1 13 5 3 6 0 4 9 14 7 2 12 8 11 */
+/* Original single-assignment form:
+ t01 = x0 ^ x2;
+ t02 = ~ x2;
+ t03 = x1 & t01;
+ t04 = x1 | t02;
+ t05 = x3 | t03;
+ t06 = x1 ^ x3;
+ t07 = x0 & t04;
+ t08 = x0 | t02;
+ t09 = t07 ^ t05;
+ y1 = t06 ^ t08;
+ y0 = ~ t09;
+ t12 = x1 & y0;
+ t13 = t01 & t05;
+ t14 = t01 ^ t12;
+ t15 = t07 ^ t13;
+ t16 = x3 | t02;
+ t17 = x0 ^ y1;
+ y3 = t17 ^ t15;
+ y2 = t16 ^ t14;
+ */
+#define SBOX6_INVERSE(x0, x1, x2, x3, y0, y1, y2, y3) \
+ do { \
+ y2 = x0 ^ x2; \
+ x2 = ~ x2; \
+ y0 = x1 ^ x3; \
+ y1 = x0 | x2; \
+ y1 ^= y0; \
+ y3 = x1 & y2; \
+ y3 |= x3; \
+ x3 |= x2; \
+ x2 |= x1; \
+ x2 &= x0; \
+ y0 = x2 ^ y3; \
+ y0 = ~ y0; \
+ y3 &= y2; \
+ y3 ^= x2; \
+ x0 ^= y1; \
+ y3 ^= x0; \
+ x1 &= y0; \
+ y2 ^= x1; \
+ y2 ^= x3; \
+ } while (0)
+
+/* S7 inverse: 3 0 6 13 9 14 15 8 5 12 11 7 10 1 4 2 */
+/* Original single-assignment form:
+ t01 = x0 & x1;
+ t02 = x0 | x1;
+ t03 = x2 | t01;
+ t04 = x3 & t02;
+ y3 = t03 ^ t04;
+ t06 = x1 ^ t04;
+ t07 = x3 ^ y3;
+ t08 = ~ t07;
+ t09 = t06 | t08;
+ t10 = x1 ^ x3;
+ t11 = x0 | x3;
+ y1 = x0 ^ t09;
+ t13 = x2 ^ t06;
+ t14 = x2 & t11;
+ t15 = x3 | y1;
+ t16 = t01 | t10;
+ y0 = t13 ^ t15;
+ y2 = t14 ^ t16;
+*/
+#define SBOX7_INVERSE(x0, x1, x2, x3, y0, y1, y2, y3) \
+ do { \
+ y3 = x0 & x1; \
+ y2 = x1 ^ x3; \
+ y2 |= y3; \
+ y1 = x0 | x3; \
+ y1 &= x2; \
+ y2 ^= y1; \
+ y3 |= x2; \
+ y0 = x0 | x1; \
+ y0 &= x3; \
+ y3 ^= y0; \
+ y0 ^= x1; \
+ y1 = x3 ^ y3; \
+ y1 = ~ y1; \
+ y1 |= y0; \
+ y0 ^= x2; \
+ y1 ^= x0; \
+ x3 |= y1; \
+ y0 ^= x3; \
+ } while (0)
+
+/* In-place inverse linear transformation. */
+#define LINEAR_TRANSFORMATION_INVERSE(x0,x1,x2,x3) \
+ do { \
+ x2 = ROTL32 (10, x2); \
+ x0 = ROTL32 (27, x0); \
+ x2 = x2 ^ x3 ^ (x1 << 7); \
+ x0 = x0 ^ x1 ^ x3; \
+ x3 = ROTL32 (25, x3); \
+ x1 = ROTL32 (31, x1); \
+ x3 = x3 ^ x2 ^ (x0 << 3); \
+ x1 = x1 ^ x0 ^ x2; \
+ x2 = ROTL32 (29, x2); \
+ x0 = ROTL32 (19, x0); \
+ } while (0)
+
+/* Round inputs are x0,x1,x2,x3 (destroyed), and round outputs are
+ y0,y1,y2,y3. */
+#define ROUND_INVERSE(which, subkey, x0,x1,x2,x3, y0,y1,y2,y3) \
+ do { \
+ LINEAR_TRANSFORMATION_INVERSE (x0,x1,x2,x3); \
+ SBOX##which##_INVERSE(x0,x1,x2,x3, y0,y1,y2,y3); \
+ KEYXOR(y0,y1,y2,y3, subkey); \
+ } while (0)
+
+#if HAVE_NATIVE_64_BIT
+
+/* In-place inverse linear transformation. */
+#define LINEAR_TRANSFORMATION64_INVERSE(x0,x1,x2,x3) \
+ do { \
+ x2 = DROTL32 (10, x2); \
+ x0 = DROTL32 (27, x0); \
+ x2 = x2 ^ x3 ^ DRSHIFT32(7, x1); \
+ x0 = x0 ^ x1 ^ x3; \
+ x3 = DROTL32 (25, x3); \
+ x1 = DROTL32 (31, x1); \
+ x3 = x3 ^ x2 ^ DRSHIFT32(3, x0); \
+ x1 = x1 ^ x0 ^ x2; \
+ x2 = DROTL32 (29, x2); \
+ x0 = DROTL32 (19, x0); \
+ } while (0)
+
+#define ROUND64_INVERSE(which, subkey, x0,x1,x2,x3, y0,y1,y2,y3) \
+ do { \
+ LINEAR_TRANSFORMATION64_INVERSE (x0,x1,x2,x3); \
+ SBOX##which##_INVERSE(x0,x1,x2,x3, y0,y1,y2,y3); \
+ KEYXOR64(y0,y1,y2,y3, subkey); \
+ } while (0)
+
+#endif /* HAVE_NATIVE_64_BIT */
+
+void
+serpent_decrypt (const struct serpent_ctx *ctx,
+ unsigned length, uint8_t * dst, const uint8_t * src)
+{
+ assert( !(length % SERPENT_BLOCK_SIZE));
+
+#if HAVE_NATIVE_64_BIT
+ if (length & SERPENT_BLOCK_SIZE)
+#else
+ while (length >= SERPENT_BLOCK_SIZE)
+#endif
+ {
+ uint32_t x0,x1,x2,x3, y0,y1,y2,y3;
+ unsigned k;
+
+ x0 = LE_READ_UINT32 (src);
+ x1 = LE_READ_UINT32 (src + 4);
+ x2 = LE_READ_UINT32 (src + 8);
+ x3 = LE_READ_UINT32 (src + 12);
+
+ /* Inverse of special round */
+ KEYXOR (x0,x1,x2,x3, ctx->keys[32]);
+ SBOX7_INVERSE (x0,x1,x2,x3, y0,y1,y2,y3);
+ KEYXOR (y0,y1,y2,y3, ctx->keys[31]);
+
+ k = 24;
+ goto start32;
+ while (k > 0)
+ {
+ k -= 8;
+ ROUND_INVERSE (7, ctx->keys[k+7], x0,x1,x2,x3, y0,y1,y2,y3);
+ start32:
+ ROUND_INVERSE (6, ctx->keys[k+6], y0,y1,y2,y3, x0,x1,x2,x3);
+ ROUND_INVERSE (5, ctx->keys[k+5], x0,x1,x2,x3, y0,y1,y2,y3);
+ ROUND_INVERSE (4, ctx->keys[k+4], y0,y1,y2,y3, x0,x1,x2,x3);
+ ROUND_INVERSE (3, ctx->keys[k+3], x0,x1,x2,x3, y0,y1,y2,y3);
+ ROUND_INVERSE (2, ctx->keys[k+2], y0,y1,y2,y3, x0,x1,x2,x3);
+ ROUND_INVERSE (1, ctx->keys[k+1], x0,x1,x2,x3, y0,y1,y2,y3);
+ ROUND_INVERSE (0, ctx->keys[k], y0,y1,y2,y3, x0,x1,x2,x3);
+ }
+
+ LE_WRITE_UINT32 (dst, x0);
+ LE_WRITE_UINT32 (dst + 4, x1);
+ LE_WRITE_UINT32 (dst + 8, x2);
+ LE_WRITE_UINT32 (dst + 12, x3);
+
+ src += SERPENT_BLOCK_SIZE;
+ dst += SERPENT_BLOCK_SIZE;
+ length -= SERPENT_BLOCK_SIZE;
+ }
+#if HAVE_NATIVE_64_BIT
+ FOR_BLOCKS(length, dst, src, 2*SERPENT_BLOCK_SIZE)
+ {
+ uint64_t x0,x1,x2,x3, y0,y1,y2,y3;
+ unsigned k;
+
+ x0 = LE_READ_UINT32 (src);
+ x1 = LE_READ_UINT32 (src + 4);
+ x2 = LE_READ_UINT32 (src + 8);
+ x3 = LE_READ_UINT32 (src + 12);
+
+ x0 <<= 32; x0 |= LE_READ_UINT32 (src + 16);
+ x1 <<= 32; x1 |= LE_READ_UINT32 (src + 20);
+ x2 <<= 32; x2 |= LE_READ_UINT32 (src + 24);
+ x3 <<= 32; x3 |= LE_READ_UINT32 (src + 28);
+
+ /* Inverse of special round */
+ KEYXOR64 (x0,x1,x2,x3, ctx->keys[32]);
+ SBOX7_INVERSE (x0,x1,x2,x3, y0,y1,y2,y3);
+ KEYXOR64 (y0,y1,y2,y3, ctx->keys[31]);
+
+ k = 24;
+ goto start64;
+ while (k > 0)
+ {
+ k -= 8;
+ ROUND64_INVERSE (7, ctx->keys[k+7], x0,x1,x2,x3, y0,y1,y2,y3);
+ start64:
+ ROUND64_INVERSE (6, ctx->keys[k+6], y0,y1,y2,y3, x0,x1,x2,x3);
+ ROUND64_INVERSE (5, ctx->keys[k+5], x0,x1,x2,x3, y0,y1,y2,y3);
+ ROUND64_INVERSE (4, ctx->keys[k+4], y0,y1,y2,y3, x0,x1,x2,x3);
+ ROUND64_INVERSE (3, ctx->keys[k+3], x0,x1,x2,x3, y0,y1,y2,y3);
+ ROUND64_INVERSE (2, ctx->keys[k+2], y0,y1,y2,y3, x0,x1,x2,x3);
+ ROUND64_INVERSE (1, ctx->keys[k+1], x0,x1,x2,x3, y0,y1,y2,y3);
+ ROUND64_INVERSE (0, ctx->keys[k], y0,y1,y2,y3, x0,x1,x2,x3);
+ }
+
+ LE_WRITE_UINT32 (dst + 16, x0);
+ LE_WRITE_UINT32 (dst + 20, x1);
+ LE_WRITE_UINT32 (dst + 24, x2);
+ LE_WRITE_UINT32 (dst + 28, x3);
+ x0 >>= 32; LE_WRITE_UINT32 (dst, x0);
+ x1 >>= 32; LE_WRITE_UINT32 (dst + 4, x1);
+ x2 >>= 32; LE_WRITE_UINT32 (dst + 8, x2);
+ x3 >>= 32; LE_WRITE_UINT32 (dst + 12, x3);
+ }
+#endif /* HAVE_NATIVE_64_BIT */
+}
--- /dev/null
+/* serpent-encrypt.c
+ *
+ * The serpent block cipher.
+ *
+ * For more details on this algorithm, see the Serpent website at
+ * http://www.cl.cam.ac.uk/~rja14/serpent.html
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2011 Niels Möller
+ * Copyright (C) 2010, 2011 Simon Josefsson
+ * Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc.
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* This file is derived from cipher/serpent.c in Libgcrypt v1.4.6.
+ The adaption to Nettle was made by Simon Josefsson on 2010-12-07
+ with final touches on 2011-05-30. Changes include replacing
+ libgcrypt with nettle in the license template, renaming
+ serpent_context to serpent_ctx, renaming u32 to uint32_t, removing
+ libgcrypt stubs and selftests, modifying entry function prototypes,
+ using FOR_BLOCKS to iterate through data in encrypt/decrypt, using
+ LE_READ_UINT32 and LE_WRITE_UINT32 to access data in
+ encrypt/decrypt, and running indent on the code. */
+
+#if HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <assert.h>
+#include <limits.h>
+
+#include "serpent.h"
+
+#include "macros.h"
+#include "serpent-internal.h"
+
+/* These are the S-Boxes of Serpent. They are copied from Serpents
+ reference implementation (the optimized one, contained in
+ `floppy2') and are therefore:
+
+ Copyright (C) 1998 Ross Anderson, Eli Biham, Lars Knudsen.
+
+ To quote the Serpent homepage
+ (http://www.cl.cam.ac.uk/~rja14/serpent.html):
+
+ "Serpent is now completely in the public domain, and we impose no
+ restrictions on its use. This was announced on the 21st August at
+ the First AES Candidate Conference. The optimised implementations
+ in the submission package are now under the GNU PUBLIC LICENSE
+ (GPL), although some comments in the code still say otherwise. You
+ are welcome to use Serpent for any application." */
+
+/* S0: 3 8 15 1 10 6 5 11 14 13 4 2 7 0 9 12 */
+/* Could easily let y0, y1 overlap with x0, x1, and possibly also x2 and y2 */
+#define SBOX0(x0, x1, x2, x3, y0, y1, y2, y3) \
+ do { \
+ y3 = x1 ^ x2; \
+ y0 = x0 | x3; \
+ y1 = x0 ^ x1; \
+ y3 ^= y0; \
+ y2 = x2 | y3; \
+ x0 ^= x3; \
+ y2 &= x3; \
+ x3 ^= x2; \
+ x2 |= x1; \
+ y0 = y1 & x2; \
+ y2 ^= y0; \
+ y0 &= y2; \
+ y0 ^= x2; \
+ x1 &= x0; \
+ y0 ^= x0; \
+ y0 = ~ y0; \
+ y1 = y0 ^ x1; \
+ y1 ^= x3; \
+ } while (0)
+
+/* FIXME: Arrange for some overlap between inputs and outputs? */
+/* S1: 15 12 2 7 9 0 5 10 1 11 14 8 6 13 3 4 */
+/* Original single-assignment form:
+
+ t01 = x0 | x3;
+ t02 = x2 ^ x3;
+ t03 = ~ x1;
+ t04 = x0 ^ x2;
+ t05 = x0 | t03;
+ t06 = x3 & t04;
+ t07 = t01 & t02;
+ t08 = x1 | t06;
+ y2 = t02 ^ t05;
+ t10 = t07 ^ t08;
+ t11 = t01 ^ t10;
+ t12 = y2 ^ t11;
+ t13 = x1 & x3;
+ y3 = ~ t10;
+ y1 = t13 ^ t12;
+ t16 = t10 | y1;
+ t17 = t05 & t16;
+ y0 = x2 ^ t17;
+*/
+#define SBOX1(x0, x1, x2, x3, y0, y1, y2, y3) \
+ do { \
+ y1 = x0 | x3; \
+ y2 = x2 ^ x3; \
+ y0 = ~ x1; \
+ y3 = x0 ^ x2; \
+ y0 |= x0; \
+ y3 &= x3; \
+ x0 = y1 & y2; \
+ y3 |= x1; \
+ y2 ^= y0; \
+ y3 ^= x0; \
+ x0 = y1 ^ y3; \
+ x0 ^= y2; \
+ y1 = x1 & x3; \
+ y1 ^= x0; \
+ x3 = y1 | y3; \
+ y3 = ~ y3; \
+ y0 &= x3; \
+ y0 ^= x2; \
+ } while (0)
+
+/* FIXME: Arrange for some overlap between inputs and outputs? */
+/* S2: 8 6 7 9 3 12 10 15 13 1 14 4 0 11 5 2 */
+#define SBOX2(x0, x1, x2, x3, y0, y1, y2, y3) \
+ do { \
+ y2 = x0 | x2; \
+ y1 = x0 ^ x1; \
+ y3 = x3 ^ y2; \
+ y0 = y1 ^ y3; \
+ x3 |= x0; \
+ x2 ^= y0; \
+ x0 = x1 ^ x2; \
+ x2 |= x1; \
+ x0 &= y2; \
+ y3 ^= x2; \
+ y1 |= y3; \
+ y1 ^= x0; \
+ y2 = y3 ^ y1; \
+ y2 ^= x1; \
+ y3 = ~ y3; \
+ y2 ^= x3; \
+ } while (0)
+
+/* S3: 0 15 11 8 12 9 6 3 13 1 2 4 10 7 5 14 */
+/* Original single-assignment form:
+
+ t01 = x0 ^ x2;
+ t02 = x0 | x3;
+ t03 = x0 & x3;
+ t04 = t01 & t02;
+ t05 = x1 | t03;
+ t06 = x0 & x1;
+ t07 = x3 ^ t04;
+ t08 = x2 | t06;
+ t09 = x1 ^ t07;
+ t10 = x3 & t05;
+ t11 = t02 ^ t10;
+ y3 = t08 ^ t09;
+ t13 = x3 | y3;
+ t14 = x0 | t07;
+ t15 = x1 & t13;
+ y2 = t08 ^ t11;
+ y0 = t14 ^ t15;
+ y1 = t05 ^ t04;
+*/
+#define SBOX3(x0, x1, x2, x3, y0, y1, y2, y3) \
+ do { \
+ y1 = x0 ^ x2; \
+ y0 = x0 | x3; \
+ y3 = x0 & x3; \
+ y1 &= y0; \
+ y3 |= x1; \
+ y2 = x0 & x1; \
+ y2 |= x2; \
+ x2 = x3 ^ y1; \
+ y1 ^= y3; \
+ x0 |= x2; \
+ x2 ^= x1; \
+ y3 &= x3; \
+ y0 ^= y3; \
+ y3 = y2 ^ x2; \
+ y2 ^= y0; \
+ x3 |= y3; \
+ x1 &= x3; \
+ y0 = x0 ^ x1; \
+ } while (0)
+
+
+/* S4: 1 15 8 3 12 0 11 6 2 5 4 10 9 14 7 13 */
+/* Original single-assignment form:
+ t01 = x0 | x1;
+ t02 = x1 | x2;
+ t03 = x0 ^ t02;
+ t04 = x1 ^ x3;
+ t05 = x3 | t03;
+ t06 = x3 & t01;
+ y3 = t03 ^ t06;
+ t08 = y3 & t04;
+ t09 = t04 & t05;
+ t10 = x2 ^ t06;
+ t11 = x1 & x2;
+ t12 = t04 ^ t08;
+ t13 = t11 | t03;
+ t14 = t10 ^ t09;
+ t15 = x0 & t05;
+ t16 = t11 | t12;
+ y2 = t13 ^ t08;
+ y1 = t15 ^ t16;
+ y0 = ~ t14;
+*/
+#define SBOX4(x0, x1, x2, x3, y0, y1, y2, y3) \
+ do { \
+ y3 = x0 | x1; \
+ y2 = x1 | x2; \
+ y2 ^= x0; \
+ y3 &= x3; \
+ y0 = x1 ^ x3; \
+ x3 |= y2; \
+ x0 &= x3; \
+ x1 &= x2; \
+ x2 ^= y3; \
+ y3 ^= y2; \
+ y2 |= x1; \
+ y1 = y3 & y0; \
+ y2 ^= y1; \
+ y1 ^= y0; \
+ y1 |= x1; \
+ y1 ^= x0; \
+ y0 &= x3; \
+ y0 ^= x2; \
+ y0 = ~y0; \
+ } while (0)
+
+/* S5: 15 5 2 11 4 10 9 12 0 3 14 8 13 6 7 1 */
+/* Original single-assignment form:
+ t01 = x1 ^ x3;
+ t02 = x1 | x3;
+ t03 = x0 & t01;
+ t04 = x2 ^ t02;
+ t05 = t03 ^ t04;
+ y0 = ~ t05;
+ t07 = x0 ^ t01;
+ t08 = x3 | y0;
+ t09 = x1 | t05;
+ t10 = x3 ^ t08;
+ t11 = x1 | t07;
+ t12 = t03 | y0;
+ t13 = t07 | t10;
+ t14 = t01 ^ t11;
+ y2 = t09 ^ t13;
+ y1 = t07 ^ t08;
+ y3 = t12 ^ t14;
+*/
+#define SBOX5(x0, x1, x2, x3, y0, y1, y2, y3) \
+ do { \
+ y0 = x1 | x3; \
+ y0 ^= x2; \
+ x2 = x1 ^ x3; \
+ y2 = x0 ^ x2; \
+ x0 &= x2; \
+ y0 ^= x0; \
+ y3 = x1 | y2; \
+ x1 |= y0; \
+ y0 = ~y0; \
+ x0 |= y0; \
+ y3 ^= x2; \
+ y3 ^= x0; \
+ y1 = x3 | y0; \
+ x3 ^= y1; \
+ y1 ^= y2; \
+ y2 |= x3; \
+ y2 ^= x1; \
+ } while (0)
+
+/* S6: 7 2 12 5 8 4 6 11 14 9 1 15 13 3 10 0 */
+/* Original single-assignment form:
+ t01 = x0 & x3;
+ t02 = x1 ^ x2;
+ t03 = x0 ^ x3;
+ t04 = t01 ^ t02;
+ t05 = x1 | x2;
+ y1 = ~ t04;
+ t07 = t03 & t05;
+ t08 = x1 & y1;
+ t09 = x0 | x2;
+ t10 = t07 ^ t08;
+ t11 = x1 | x3;
+ t12 = x2 ^ t11;
+ t13 = t09 ^ t10;
+ y2 = ~ t13;
+ t15 = y1 & t03;
+ y3 = t12 ^ t07;
+ t17 = x0 ^ x1;
+ t18 = y2 ^ t15;
+ y0 = t17 ^ t18;
+*/
+#define SBOX6(x0, x1, x2, x3, y0, y1, y2, y3) \
+ do { \
+ y0 = x0 ^ x3; \
+ y1 = x0 & x3; \
+ y2 = x0 | x2; \
+ x3 |= x1; \
+ x3 ^= x2; \
+ x0 ^= x1; \
+ y3 = x1 | x2; \
+ x2 ^= x1; \
+ y3 &= y0; \
+ y1 ^= x2; \
+ y1 = ~y1; \
+ y0 &= y1; \
+ x1 &= y1; \
+ x1 ^= y3; \
+ y3 ^= x3; \
+ y2 ^= x1; \
+ y2 = ~y2; \
+ y0 ^= y2; \
+ y0 ^= x0; \
+ } while (0)
+
+/* S7: 1 13 15 0 14 8 2 11 7 4 12 10 9 3 5 6 */
+/* Original single-assignment form:
+ t01 = x0 & x2;
+ t02 = ~ x3;
+ t03 = x0 & t02;
+ t04 = x1 | t01;
+ t05 = x0 & x1;
+ t06 = x2 ^ t04;
+ y3 = t03 ^ t06;
+ t08 = x2 | y3;
+ t09 = x3 | t05;
+ t10 = x0 ^ t08;
+ t11 = t04 & y3;
+ y1 = t09 ^ t10;
+ t13 = x1 ^ y1;
+ t14 = t01 ^ y1;
+ t15 = x2 ^ t05;
+ t16 = t11 | t13;
+ t17 = t02 | t14;
+ y0 = t15 ^ t17;
+ y2 = x0 ^ t16;
+*/
+/* It appears impossible to do this with only 8 registers. We
+ recompute t02, and t04 (if we have spare registers, hopefully the
+ compiler can recognize them as common subexpressions). */
+#define SBOX7(x0, x1, x2, x3, y0, y1, y2, y3) \
+ do { \
+ y0 = x0 & x2; \
+ y3 = x1 | y0; /* t04 */ \
+ y3 ^= x2; \
+ y1 = ~x3; /* t02 */ \
+ y1 &= x0; \
+ y3 ^= y1; \
+ y1 = x2 | y3; \
+ y1 ^= x0; \
+ y2 = x0 & x1; \
+ x2 ^= y2; \
+ y2 |= x3; \
+ y1 ^= y2; \
+ y2 = x1 | y0; /* t04 */ \
+ y2 &= y3; \
+ x1 ^= y1; \
+ y2 |= x1; \
+ y2 ^= x0; \
+ y0 ^= y1; \
+ x3 = ~x3; /* t02 */ \
+ y0 |= x3; \
+ y0 ^= x2; \
+ } while (0)
+
+/* In-place linear transformation. */
+#define LINEAR_TRANSFORMATION(x0,x1,x2,x3) \
+ do { \
+ x0 = ROTL32 (13, x0); \
+ x2 = ROTL32 (3, x2); \
+ x1 = x1 ^ x0 ^ x2; \
+ x3 = x3 ^ x2 ^ (x0 << 3); \
+ x1 = ROTL32 (1, x1); \
+ x3 = ROTL32 (7, x3); \
+ x0 = x0 ^ x1 ^ x3; \
+ x2 = x2 ^ x3 ^ (x1 << 7); \
+ x0 = ROTL32 (5, x0); \
+ x2 = ROTL32 (22, x2); \
+ } while (0)
+
+/* Round inputs are x0,x1,x2,x3 (destroyed), and round outputs are
+ y0,y1,y2,y3. */
+#define ROUND(which, subkey, x0,x1,x2,x3, y0,y1,y2,y3) \
+ do { \
+ KEYXOR(x0,x1,x2,x3, subkey); \
+ SBOX##which(x0,x1,x2,x3, y0,y1,y2,y3); \
+ LINEAR_TRANSFORMATION(y0,y1,y2,y3); \
+ } while (0)
+
+#if HAVE_NATIVE_64_BIT
+
+#define LINEAR_TRANSFORMATION64(x0,x1,x2,x3) \
+ do { \
+ x0 = DROTL32 (13, x0); \
+ x2 = DROTL32 (3, x2); \
+ x1 = x1 ^ x0 ^ x2; \
+ x3 = x3 ^ x2 ^ DRSHIFT32(3, x0); \
+ x1 = DROTL32 (1, x1); \
+ x3 = DROTL32 (7, x3); \
+ x0 = x0 ^ x1 ^ x3; \
+ x2 = x2 ^ x3 ^ DRSHIFT32(7, x1); \
+ x0 = DROTL32 (5, x0); \
+ x2 = DROTL32 (22, x2); \
+ } while (0)
+
+#define ROUND64(which, subkey, x0,x1,x2,x3, y0,y1,y2,y3) \
+ do { \
+ KEYXOR64(x0,x1,x2,x3, subkey); \
+ SBOX##which(x0,x1,x2,x3, y0,y1,y2,y3); \
+ LINEAR_TRANSFORMATION64(y0,y1,y2,y3); \
+ } while (0)
+
+#endif /* HAVE_NATIVE_64_BIT */
+
+void
+serpent_encrypt (const struct serpent_ctx *ctx,
+ unsigned length, uint8_t * dst, const uint8_t * src)
+{
+ assert( !(length % SERPENT_BLOCK_SIZE));
+
+#if HAVE_NATIVE_64_BIT
+ if (length & SERPENT_BLOCK_SIZE)
+#else
+ while (length >= SERPENT_BLOCK_SIZE)
+#endif
+ {
+ uint32_t x0,x1,x2,x3, y0,y1,y2,y3;
+ unsigned k;
+
+ x0 = LE_READ_UINT32 (src);
+ x1 = LE_READ_UINT32 (src + 4);
+ x2 = LE_READ_UINT32 (src + 8);
+ x3 = LE_READ_UINT32 (src + 12);
+
+ for (k = 0; ; k += 8)
+ {
+ ROUND (0, ctx->keys[k+0], x0,x1,x2,x3, y0,y1,y2,y3);
+ ROUND (1, ctx->keys[k+1], y0,y1,y2,y3, x0,x1,x2,x3);
+ ROUND (2, ctx->keys[k+2], x0,x1,x2,x3, y0,y1,y2,y3);
+ ROUND (3, ctx->keys[k+3], y0,y1,y2,y3, x0,x1,x2,x3);
+ ROUND (4, ctx->keys[k+4], x0,x1,x2,x3, y0,y1,y2,y3);
+ ROUND (5, ctx->keys[k+5], y0,y1,y2,y3, x0,x1,x2,x3);
+ ROUND (6, ctx->keys[k+6], x0,x1,x2,x3, y0,y1,y2,y3);
+ if (k == 24)
+ break;
+ ROUND (7, ctx->keys[k+7], y0,y1,y2,y3, x0,x1,x2,x3);
+ }
+
+ /* Special final round, using two subkeys. */
+ KEYXOR (y0,y1,y2,y3, ctx->keys[31]);
+ SBOX7 (y0,y1,y2,y3, x0,x1,x2,x3);
+ KEYXOR (x0,x1,x2,x3, ctx->keys[32]);
+
+ LE_WRITE_UINT32 (dst, x0);
+ LE_WRITE_UINT32 (dst + 4, x1);
+ LE_WRITE_UINT32 (dst + 8, x2);
+ LE_WRITE_UINT32 (dst + 12, x3);
+
+ src += SERPENT_BLOCK_SIZE;
+ dst += SERPENT_BLOCK_SIZE;
+ length -= SERPENT_BLOCK_SIZE;
+ }
+#if HAVE_NATIVE_64_BIT
+ FOR_BLOCKS(length, dst, src, 2*SERPENT_BLOCK_SIZE)
+ {
+ uint64_t x0,x1,x2,x3, y0,y1,y2,y3;
+ unsigned k;
+
+ x0 = LE_READ_UINT32 (src);
+ x1 = LE_READ_UINT32 (src + 4);
+ x2 = LE_READ_UINT32 (src + 8);
+ x3 = LE_READ_UINT32 (src + 12);
+
+ x0 <<= 32; x0 |= LE_READ_UINT32 (src + 16);
+ x1 <<= 32; x1 |= LE_READ_UINT32 (src + 20);
+ x2 <<= 32; x2 |= LE_READ_UINT32 (src + 24);
+ x3 <<= 32; x3 |= LE_READ_UINT32 (src + 28);
+
+ for (k = 0; ; k += 8)
+ {
+ ROUND64 (0, ctx->keys[k+0], x0,x1,x2,x3, y0,y1,y2,y3);
+ ROUND64 (1, ctx->keys[k+1], y0,y1,y2,y3, x0,x1,x2,x3);
+ ROUND64 (2, ctx->keys[k+2], x0,x1,x2,x3, y0,y1,y2,y3);
+ ROUND64 (3, ctx->keys[k+3], y0,y1,y2,y3, x0,x1,x2,x3);
+ ROUND64 (4, ctx->keys[k+4], x0,x1,x2,x3, y0,y1,y2,y3);
+ ROUND64 (5, ctx->keys[k+5], y0,y1,y2,y3, x0,x1,x2,x3);
+ ROUND64 (6, ctx->keys[k+6], x0,x1,x2,x3, y0,y1,y2,y3);
+ if (k == 24)
+ break;
+ ROUND64 (7, ctx->keys[k+7], y0,y1,y2,y3, x0,x1,x2,x3);
+ }
+
+ /* Special final round, using two subkeys. */
+ KEYXOR64 (y0,y1,y2,y3, ctx->keys[31]);
+ SBOX7 (y0,y1,y2,y3, x0,x1,x2,x3);
+ KEYXOR64 (x0,x1,x2,x3, ctx->keys[32]);
+
+ LE_WRITE_UINT32 (dst + 16, x0);
+ LE_WRITE_UINT32 (dst + 20, x1);
+ LE_WRITE_UINT32 (dst + 24, x2);
+ LE_WRITE_UINT32 (dst + 28, x3);
+ x0 >>= 32; LE_WRITE_UINT32 (dst, x0);
+ x1 >>= 32; LE_WRITE_UINT32 (dst + 4, x1);
+ x2 >>= 32; LE_WRITE_UINT32 (dst + 8, x2);
+ x3 >>= 32; LE_WRITE_UINT32 (dst + 12, x3);
+ }
+#endif /* HAVE_NATIVE_64_BIT */
+}
--- /dev/null
+/* serpent-internal-h
+ *
+ * The serpent block cipher.
+ *
+ * For more details on this algorithm, see the Serpent website at
+ * http://www.cl.cam.ac.uk/~rja14/serpent.html
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2011 Niels Möller
+ * Copyright (C) 2010, 2011 Simon Josefsson
+ * Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc.
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* This file is derived from cipher/serpent.c in Libgcrypt v1.4.6.
+ The adaption to Nettle was made by Simon Josefsson on 2010-12-07
+ with final touches on 2011-05-30. Changes include replacing
+ libgcrypt with nettle in the license template, renaming
+ serpent_context to serpent_ctx, renaming u32 to uint32_t, removing
+ libgcrypt stubs and selftests, modifying entry function prototypes,
+ using FOR_BLOCKS to iterate through data in encrypt/decrypt, using
+ LE_READ_UINT32 and LE_WRITE_UINT32 to access data in
+ encrypt/decrypt, and running indent on the code. */
+
+#ifndef NETTLE_SERPENT_INTERNAL_H_INCLUDED
+#define NETTLE_SERPENT_INTERNAL_H_INCLUDED
+
+#define KEYXOR(x0,x1,x2,x3, subkey) \
+ do { \
+ (x0) ^= (subkey)[0]; \
+ (x1) ^= (subkey)[1]; \
+ (x2) ^= (subkey)[2]; \
+ (x3) ^= (subkey)[3]; \
+ } while (0)
+
+#if HAVE_NATIVE_64_BIT
+/* Operate independently on both halves of a 64-bit word. */
+#define DROTL32(n,x) \
+ (((x) << (n) & ~((((uint64_t) 1 << (n))-1) << 32)) \
+ |(((x) >> (32-(n))) & ~((((uint64_t) 1 << (32-(n)))-1) << (n))))
+
+#define KEYXOR64(x0,x1,x2,x3, subkey) \
+ do { \
+ uint64_t _sk; \
+ _sk = (subkey)[0]; _sk |= _sk << 32; (x0) ^= _sk; \
+ _sk = (subkey)[1]; _sk |= _sk << 32; (x1) ^= _sk; \
+ _sk = (subkey)[2]; _sk |= _sk << 32; (x2) ^= _sk; \
+ _sk = (subkey)[3]; _sk |= _sk << 32; (x3) ^= _sk; \
+ } while (0)
+
+#define DRSHIFT32(n,x) \
+ ( ((x) << (n)) & ~((((uint64_t) 1 << (n)) - 1) << 32))
+#endif /* HAVE_NATIVE_64_BIT */
+
+#endif /* NETTLE_SERPENT_INTERNAL_H_INCLUDED */
+
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
--- /dev/null
+/* serpent-set-key.c
+ *
+ * The serpent block cipher.
+ *
+ * For more details on this algorithm, see the Serpent website at
+ * http://www.cl.cam.ac.uk/~rja14/serpent.html
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2011 Niels Möller
+ * Copyright (C) 2010, 2011 Simon Josefsson
+ * Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc.
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+/* This file is derived from cipher/serpent.c in Libgcrypt v1.4.6.
+ The adaption to Nettle was made by Simon Josefsson on 2010-12-07
+ with final touches on 2011-05-30. Changes include replacing
+ libgcrypt with nettle in the license template, renaming
+ serpent_context to serpent_ctx, renaming u32 to uint32_t, removing
+ libgcrypt stubs and selftests, modifying entry function prototypes,
+ using FOR_BLOCKS to iterate through data in encrypt/decrypt, using
+ LE_READ_UINT32 and LE_WRITE_UINT32 to access data in
+ encrypt/decrypt, and running indent on the code. */
+
+#if HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <assert.h>
+#include <limits.h>
+
+#include "serpent.h"
+
+#include "macros.h"
+#include "serpent-internal.h"
+
+/* Magic number, used during generating of the subkeys. */
+#define PHI 0x9E3779B9
+
+/* These are the S-Boxes of Serpent. They are copied from Serpents
+ reference implementation (the optimized one, contained in
+ `floppy2') and are therefore:
+
+ Copyright (C) 1998 Ross Anderson, Eli Biham, Lars Knudsen.
+
+ To quote the Serpent homepage
+ (http://www.cl.cam.ac.uk/~rja14/serpent.html):
+
+ "Serpent is now completely in the public domain, and we impose no
+ restrictions on its use. This was announced on the 21st August at
+ the First AES Candidate Conference. The optimised implementations
+ in the submission package are now under the GNU PUBLIC LICENSE
+ (GPL), although some comments in the code still say otherwise. You
+ are welcome to use Serpent for any application." */
+
+/* FIXME: Except when used within the key schedule, the inputs are not
+ used after the substitution, and hence we could allow them to be
+ destroyed. Can this freedom be used to optimize the sboxes? */
+#define SBOX0(type, a, b, c, d, w, x, y, z) \
+ do { \
+ type t02, t03, t05, t06, t07, t08, t09; \
+ type t11, t12, t13, t14, t15, t17, t01; \
+ t01 = b ^ c ; \
+ t02 = a | d ; \
+ t03 = a ^ b ; \
+ z = t02 ^ t01; \
+ t05 = c | z ; \
+ t06 = a ^ d ; \
+ t07 = b | c ; \
+ t08 = d & t05; \
+ t09 = t03 & t07; \
+ y = t09 ^ t08; \
+ t11 = t09 & y ; \
+ t12 = c ^ d ; \
+ t13 = t07 ^ t11; \
+ t14 = b & t06; \
+ t15 = t06 ^ t13; \
+ w = ~ t15; \
+ t17 = w ^ t14; \
+ x = t12 ^ t17; \
+ } while (0)
+
+#define SBOX1(type, a, b, c, d, w, x, y, z) \
+ do { \
+ type t02, t03, t04, t05, t06, t07, t08; \
+ type t10, t11, t12, t13, t16, t17, t01; \
+ t01 = a | d ; \
+ t02 = c ^ d ; \
+ t03 = ~ b ; \
+ t04 = a ^ c ; \
+ t05 = a | t03; \
+ t06 = d & t04; \
+ t07 = t01 & t02; \
+ t08 = b | t06; \
+ y = t02 ^ t05; \
+ t10 = t07 ^ t08; \
+ t11 = t01 ^ t10; \
+ t12 = y ^ t11; \
+ t13 = b & d ; \
+ z = ~ t10; \
+ x = t13 ^ t12; \
+ t16 = t10 | x ; \
+ t17 = t05 & t16; \
+ w = c ^ t17; \
+ } while (0)
+
+#define SBOX2(type, a, b, c, d, w, x, y, z) \
+ do { \
+ type t02, t03, t05, t06, t07, t08; \
+ type t09, t10, t12, t13, t14, t01; \
+ t01 = a | c ; \
+ t02 = a ^ b ; \
+ t03 = d ^ t01; \
+ w = t02 ^ t03; \
+ t05 = c ^ w ; \
+ t06 = b ^ t05; \
+ t07 = b | t05; \
+ t08 = t01 & t06; \
+ t09 = t03 ^ t07; \
+ t10 = t02 | t09; \
+ x = t10 ^ t08; \
+ t12 = a | d ; \
+ t13 = t09 ^ x ; \
+ t14 = b ^ t13; \
+ z = ~ t09; \
+ y = t12 ^ t14; \
+ } while (0)
+
+#define SBOX3(type, a, b, c, d, w, x, y, z) \
+ do { \
+ type t02, t03, t04, t05, t06, t07, t08; \
+ type t09, t10, t11, t13, t14, t15, t01; \
+ t01 = a ^ c ; \
+ t02 = a | d ; \
+ t03 = a & d ; \
+ t04 = t01 & t02; \
+ t05 = b | t03; \
+ t06 = a & b ; \
+ t07 = d ^ t04; \
+ t08 = c | t06; \
+ t09 = b ^ t07; \
+ t10 = d & t05; \
+ t11 = t02 ^ t10; \
+ z = t08 ^ t09; \
+ t13 = d | z ; \
+ t14 = a | t07; \
+ t15 = b & t13; \
+ y = t08 ^ t11; \
+ w = t14 ^ t15; \
+ x = t05 ^ t04; \
+ } while (0)
+
+#define SBOX4(type, a, b, c, d, w, x, y, z) \
+ do { \
+ type t02, t03, t04, t05, t06, t08, t09; \
+ type t10, t11, t12, t13, t14, t15, t16, t01; \
+ t01 = a | b ; \
+ t02 = b | c ; \
+ t03 = a ^ t02; \
+ t04 = b ^ d ; \
+ t05 = d | t03; \
+ t06 = d & t01; \
+ z = t03 ^ t06; \
+ t08 = z & t04; \
+ t09 = t04 & t05; \
+ t10 = c ^ t06; \
+ t11 = b & c ; \
+ t12 = t04 ^ t08; \
+ t13 = t11 | t03; \
+ t14 = t10 ^ t09; \
+ t15 = a & t05; \
+ t16 = t11 | t12; \
+ y = t13 ^ t08; \
+ x = t15 ^ t16; \
+ w = ~ t14; \
+ } while (0)
+
+#define SBOX5(type, a, b, c, d, w, x, y, z) \
+ do { \
+ type t02, t03, t04, t05, t07, t08, t09; \
+ type t10, t11, t12, t13, t14, t01; \
+ t01 = b ^ d ; \
+ t02 = b | d ; \
+ t03 = a & t01; \
+ t04 = c ^ t02; \
+ t05 = t03 ^ t04; \
+ w = ~ t05; \
+ t07 = a ^ t01; \
+ t08 = d | w ; \
+ t09 = b | t05; \
+ t10 = d ^ t08; \
+ t11 = b | t07; \
+ t12 = t03 | w ; \
+ t13 = t07 | t10; \
+ t14 = t01 ^ t11; \
+ y = t09 ^ t13; \
+ x = t07 ^ t08; \
+ z = t12 ^ t14; \
+ } while (0)
+
+#define SBOX6(type, a, b, c, d, w, x, y, z) \
+ do { \
+ type t02, t03, t04, t05, t07, t08, t09, t10; \
+ type t11, t12, t13, t15, t17, t18, t01; \
+ t01 = a & d ; \
+ t02 = b ^ c ; \
+ t03 = a ^ d ; \
+ t04 = t01 ^ t02; \
+ t05 = b | c ; \
+ x = ~ t04; \
+ t07 = t03 & t05; \
+ t08 = b & x ; \
+ t09 = a | c ; \
+ t10 = t07 ^ t08; \
+ t11 = b | d ; \
+ t12 = c ^ t11; \
+ t13 = t09 ^ t10; \
+ y = ~ t13; \
+ t15 = x & t03; \
+ z = t12 ^ t07; \
+ t17 = a ^ b ; \
+ t18 = y ^ t15; \
+ w = t17 ^ t18; \
+ } while (0)
+
+#define SBOX7(type, a, b, c, d, w, x, y, z) \
+ do { \
+ type t02, t03, t04, t05, t06, t08, t09, t10; \
+ type t11, t13, t14, t15, t16, t17, t01; \
+ t01 = a & c ; \
+ t02 = ~ d ; \
+ t03 = a & t02; \
+ t04 = b | t01; \
+ t05 = a & b ; \
+ t06 = c ^ t04; \
+ z = t03 ^ t06; \
+ t08 = c | z ; \
+ t09 = d | t05; \
+ t10 = a ^ t08; \
+ t11 = t04 & z ; \
+ x = t09 ^ t10; \
+ t13 = b ^ x ; \
+ t14 = t01 ^ x ; \
+ t15 = c ^ t05; \
+ t16 = t11 | t13; \
+ t17 = t02 | t14; \
+ w = t15 ^ t17; \
+ y = a ^ t16; \
+ } while (0)
+
+/* Key schedule */
+/* Note: Increments k */
+#define KS_RECURRENCE(w, i, k) \
+ do { \
+ uint32_t _wn = (w)[(i)] ^ (w)[((i)+3)&7] ^ w[((i)+5)&7] \
+ ^ w[((i)+7)&7] ^ PHI ^ (k)++; \
+ ((w)[(i)] = ROTL32(11, _wn)); \
+ } while (0)
+
+/* Note: Increments k four times and keys once */
+#define KS(keys, s, w, i, k) \
+ do { \
+ KS_RECURRENCE(w, (i), (k)); \
+ KS_RECURRENCE(w, (i)+1, (k)); \
+ KS_RECURRENCE(w, (i)+2, (k)); \
+ KS_RECURRENCE(w, (i)+3, (k)); \
+ SBOX##s(uint32_t, w[(i)],w[(i)+1],w[(i)+2],w[(i)+3], \
+ (*keys)[0],(*keys)[1],(*keys)[2],(*keys)[3]); \
+ (keys)++; \
+ } while (0)
+
+/* Pad user key and convert to an array of 8 uint32_t. */
+static void
+serpent_key_pad (const uint8_t *key, unsigned int key_length,
+ uint32_t *w)
+{
+ unsigned int i;
+
+ assert (key_length <= SERPENT_MAX_KEY_SIZE);
+
+ for (i = 0; key_length >= 4; key_length -=4, key += 4)
+ w[i++] = LE_READ_UINT32(key);
+
+ if (i < 8)
+ {
+ /* Key must be padded according to the Serpent specification.
+ "aabbcc" -> "aabbcc0100...00" -> 0x01ccbbaa. */
+ uint32_t pad = 0x01;
+
+ while (key_length > 0)
+ pad = pad << 8 | key[--key_length];
+
+ w[i++] = pad;
+
+ while (i < 8)
+ w[i++] = 0;
+ }
+}
+
+/* Initialize CONTEXT with the key KEY of KEY_LENGTH bits. */
+void
+serpent_set_key (struct serpent_ctx *ctx,
+ unsigned length, const uint8_t * key)
+{
+ uint32_t w[8];
+ uint32_t (*keys)[4];
+ unsigned k;
+
+ serpent_key_pad (key, length, w);
+
+ /* Derive the 33 subkeys from KEY and store them in SUBKEYS. We do
+ the recurrence in the key schedule using W as a circular buffer
+ of just 8 uint32_t. */
+
+ /* FIXME: Would be better to invoke SBOX with scalar variables as
+ arguments, no arrays. To do that, unpack w into separate
+ variables, use temporary variables as the SBOX destination. */
+
+ keys = ctx->keys;
+ k = 0;
+ for (;;)
+ {
+ KS(keys, 3, w, 0, k);
+ if (k == 132)
+ break;
+ KS(keys, 2, w, 4, k);
+ KS(keys, 1, w, 0, k);
+ KS(keys, 0, w, 4, k);
+ KS(keys, 7, w, 0, k);
+ KS(keys, 6, w, 4, k);
+ KS(keys, 5, w, 0, k);
+ KS(keys, 4, w, 4, k);
+ }
+ assert (keys == ctx->keys + 33);
+}
+++ /dev/null
-/* serpent.h
- *
- * The serpent block cipher.
- *
- * For more details on this algorithm, see the Serpent website at
- * http://www.cl.cam.ac.uk/~rja14/serpent.html
- */
-
-/* nettle, low-level cryptographics library
- *
- * Copyright (C) 1998, 2000, 2001, Ross Anderson, Eli Biham, Lars
- * Knudsen, Rafael R. Sevilla, Niels Möller
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-/* I've modified this code a bit so that it interoperates with lsh
- * properly. 2000-9-5, Rafael R. Sevilla <dido@pacific.net.ph>
- */
-
-/* NOTE: The copyright notice for the original version of this code
- * said "All rights reserved. This code is freely distributed for AES
- * selection process. No other use is allowed." However, the authors
- * later decided to GPL the code. /nisse */
-
-#if HAVE_CONFIG_H
-# include "config.h"
-#endif
-
-#include <assert.h>
-
-#include "serpent.h"
-#include "serpent_sboxes.h"
-
-#include "macros.h"
-
-void
-serpent_set_key(struct serpent_ctx *ctx,
- unsigned key_size, const uint8_t *key)
-{
- unsigned i, j;
- uint32_t w[132], k[132];
-
- assert(key_size >= SERPENT_MIN_KEY_SIZE);
- assert(key_size <= SERPENT_MAX_KEY_SIZE);
-
- for (i = key_size, j = 0;
- (i >= 4);
- i-=4, j++)
- {
- assert(j<8);
- /* Read the key in the reverse direction. Why? */
- w[j] = READ_UINT32(key + i - 4);
- }
-
- if (j < 8)
- {
- /* Pad key, "aabbccddeeff" -> 0xccddeeff, 0x01aabb" */
- uint32_t partial = 0x01;
- while (i)
- partial = (partial << 8 ) | *key++;
- w[j++] = partial;
-
- while (j < 8)
- w[j++] = 0;
- }
-
- for(i=8; i<16; i++)
- w[i]=ROL(w[i-8]^w[i-5]^w[i-3]^w[i-1]^PHI^(i-8),11);
- for(i=0; i<8; i++)
- w[i]=w[i+8];
- for(i=8; i<132; i++)
- w[i]=ROL(w[i-8]^w[i-5]^w[i-3]^w[i-1]^PHI^i,11);
-
- RND03(w[ 0], w[ 1], w[ 2], w[ 3], k[ 0], k[ 1], k[ 2], k[ 3]);
- RND02(w[ 4], w[ 5], w[ 6], w[ 7], k[ 4], k[ 5], k[ 6], k[ 7]);
- RND01(w[ 8], w[ 9], w[ 10], w[ 11], k[ 8], k[ 9], k[ 10], k[ 11]);
- RND00(w[ 12], w[ 13], w[ 14], w[ 15], k[ 12], k[ 13], k[ 14], k[ 15]);
- RND31(w[ 16], w[ 17], w[ 18], w[ 19], k[ 16], k[ 17], k[ 18], k[ 19]);
- RND30(w[ 20], w[ 21], w[ 22], w[ 23], k[ 20], k[ 21], k[ 22], k[ 23]);
- RND29(w[ 24], w[ 25], w[ 26], w[ 27], k[ 24], k[ 25], k[ 26], k[ 27]);
- RND28(w[ 28], w[ 29], w[ 30], w[ 31], k[ 28], k[ 29], k[ 30], k[ 31]);
- RND27(w[ 32], w[ 33], w[ 34], w[ 35], k[ 32], k[ 33], k[ 34], k[ 35]);
- RND26(w[ 36], w[ 37], w[ 38], w[ 39], k[ 36], k[ 37], k[ 38], k[ 39]);
- RND25(w[ 40], w[ 41], w[ 42], w[ 43], k[ 40], k[ 41], k[ 42], k[ 43]);
- RND24(w[ 44], w[ 45], w[ 46], w[ 47], k[ 44], k[ 45], k[ 46], k[ 47]);
- RND23(w[ 48], w[ 49], w[ 50], w[ 51], k[ 48], k[ 49], k[ 50], k[ 51]);
- RND22(w[ 52], w[ 53], w[ 54], w[ 55], k[ 52], k[ 53], k[ 54], k[ 55]);
- RND21(w[ 56], w[ 57], w[ 58], w[ 59], k[ 56], k[ 57], k[ 58], k[ 59]);
- RND20(w[ 60], w[ 61], w[ 62], w[ 63], k[ 60], k[ 61], k[ 62], k[ 63]);
- RND19(w[ 64], w[ 65], w[ 66], w[ 67], k[ 64], k[ 65], k[ 66], k[ 67]);
- RND18(w[ 68], w[ 69], w[ 70], w[ 71], k[ 68], k[ 69], k[ 70], k[ 71]);
- RND17(w[ 72], w[ 73], w[ 74], w[ 75], k[ 72], k[ 73], k[ 74], k[ 75]);
- RND16(w[ 76], w[ 77], w[ 78], w[ 79], k[ 76], k[ 77], k[ 78], k[ 79]);
- RND15(w[ 80], w[ 81], w[ 82], w[ 83], k[ 80], k[ 81], k[ 82], k[ 83]);
- RND14(w[ 84], w[ 85], w[ 86], w[ 87], k[ 84], k[ 85], k[ 86], k[ 87]);
- RND13(w[ 88], w[ 89], w[ 90], w[ 91], k[ 88], k[ 89], k[ 90], k[ 91]);
- RND12(w[ 92], w[ 93], w[ 94], w[ 95], k[ 92], k[ 93], k[ 94], k[ 95]);
- RND11(w[ 96], w[ 97], w[ 98], w[ 99], k[ 96], k[ 97], k[ 98], k[ 99]);
- RND10(w[100], w[101], w[102], w[103], k[100], k[101], k[102], k[103]);
- RND09(w[104], w[105], w[106], w[107], k[104], k[105], k[106], k[107]);
- RND08(w[108], w[109], w[110], w[111], k[108], k[109], k[110], k[111]);
- RND07(w[112], w[113], w[114], w[115], k[112], k[113], k[114], k[115]);
- RND06(w[116], w[117], w[118], w[119], k[116], k[117], k[118], k[119]);
- RND05(w[120], w[121], w[122], w[123], k[120], k[121], k[122], k[123]);
- RND04(w[124], w[125], w[126], w[127], k[124], k[125], k[126], k[127]);
- RND03(w[128], w[129], w[130], w[131], k[128], k[129], k[130], k[131]);
-
- for(i=0; i<=32; i++)
- for(j=0; j<4; j++)
- ctx->keys[i][j] = k[4*i+j];
-}
-
-void
-serpent_encrypt(const struct serpent_ctx *ctx,
- unsigned length, uint8_t *dst,
- const uint8_t *plain)
-{
- register uint32_t x0, x1, x2, x3;
- register uint32_t y0, y1, y2, y3;
-
- FOR_BLOCKS(length, dst, plain, SERPENT_BLOCK_SIZE)
- {
- /* Why the reverse order? */
- x0=READ_UINT32(plain + 12);
- x1=READ_UINT32(plain + 8);
- x2=READ_UINT32(plain + 4);
- x3=READ_UINT32(plain);
-
- /* Start to encrypt the plaintext x */
- keying(x0, x1, x2, x3, ctx->keys[ 0]);
- RND00(x0, x1, x2, x3, y0, y1, y2, y3);
- transform(y0, y1, y2, y3, x0, x1, x2, x3);
- keying(x0, x1, x2, x3, ctx->keys[ 1]);
- RND01(x0, x1, x2, x3, y0, y1, y2, y3);
- transform(y0, y1, y2, y3, x0, x1, x2, x3);
- keying(x0, x1, x2, x3, ctx->keys[ 2]);
- RND02(x0, x1, x2, x3, y0, y1, y2, y3);
- transform(y0, y1, y2, y3, x0, x1, x2, x3);
- keying(x0, x1, x2, x3, ctx->keys[ 3]);
- RND03(x0, x1, x2, x3, y0, y1, y2, y3);
- transform(y0, y1, y2, y3, x0, x1, x2, x3);
- keying(x0, x1, x2, x3, ctx->keys[ 4]);
- RND04(x0, x1, x2, x3, y0, y1, y2, y3);
- transform(y0, y1, y2, y3, x0, x1, x2, x3);
- keying(x0, x1, x2, x3, ctx->keys[ 5]);
- RND05(x0, x1, x2, x3, y0, y1, y2, y3);
- transform(y0, y1, y2, y3, x0, x1, x2, x3);
- keying(x0, x1, x2, x3, ctx->keys[ 6]);
- RND06(x0, x1, x2, x3, y0, y1, y2, y3);
- transform(y0, y1, y2, y3, x0, x1, x2, x3);
- keying(x0, x1, x2, x3, ctx->keys[ 7]);
- RND07(x0, x1, x2, x3, y0, y1, y2, y3);
- transform(y0, y1, y2, y3, x0, x1, x2, x3);
- keying(x0, x1, x2, x3, ctx->keys[ 8]);
- RND08(x0, x1, x2, x3, y0, y1, y2, y3);
- transform(y0, y1, y2, y3, x0, x1, x2, x3);
- keying(x0, x1, x2, x3, ctx->keys[ 9]);
- RND09(x0, x1, x2, x3, y0, y1, y2, y3);
- transform(y0, y1, y2, y3, x0, x1, x2, x3);
- keying(x0, x1, x2, x3, ctx->keys[10]);
- RND10(x0, x1, x2, x3, y0, y1, y2, y3);
- transform(y0, y1, y2, y3, x0, x1, x2, x3);
- keying(x0, x1, x2, x3, ctx->keys[11]);
- RND11(x0, x1, x2, x3, y0, y1, y2, y3);
- transform(y0, y1, y2, y3, x0, x1, x2, x3);
- keying(x0, x1, x2, x3, ctx->keys[12]);
- RND12(x0, x1, x2, x3, y0, y1, y2, y3);
- transform(y0, y1, y2, y3, x0, x1, x2, x3);
- keying(x0, x1, x2, x3, ctx->keys[13]);
- RND13(x0, x1, x2, x3, y0, y1, y2, y3);
- transform(y0, y1, y2, y3, x0, x1, x2, x3);
- keying(x0, x1, x2, x3, ctx->keys[14]);
- RND14(x0, x1, x2, x3, y0, y1, y2, y3);
- transform(y0, y1, y2, y3, x0, x1, x2, x3);
- keying(x0, x1, x2, x3, ctx->keys[15]);
- RND15(x0, x1, x2, x3, y0, y1, y2, y3);
- transform(y0, y1, y2, y3, x0, x1, x2, x3);
- keying(x0, x1, x2, x3, ctx->keys[16]);
- RND16(x0, x1, x2, x3, y0, y1, y2, y3);
- transform(y0, y1, y2, y3, x0, x1, x2, x3);
- keying(x0, x1, x2, x3, ctx->keys[17]);
- RND17(x0, x1, x2, x3, y0, y1, y2, y3);
- transform(y0, y1, y2, y3, x0, x1, x2, x3);
- keying(x0, x1, x2, x3, ctx->keys[18]);
- RND18(x0, x1, x2, x3, y0, y1, y2, y3);
- transform(y0, y1, y2, y3, x0, x1, x2, x3);
- keying(x0, x1, x2, x3, ctx->keys[19]);
- RND19(x0, x1, x2, x3, y0, y1, y2, y3);
- transform(y0, y1, y2, y3, x0, x1, x2, x3);
- keying(x0, x1, x2, x3, ctx->keys[20]);
- RND20(x0, x1, x2, x3, y0, y1, y2, y3);
- transform(y0, y1, y2, y3, x0, x1, x2, x3);
- keying(x0, x1, x2, x3, ctx->keys[21]);
- RND21(x0, x1, x2, x3, y0, y1, y2, y3);
- transform(y0, y1, y2, y3, x0, x1, x2, x3);
- keying(x0, x1, x2, x3, ctx->keys[22]);
- RND22(x0, x1, x2, x3, y0, y1, y2, y3);
- transform(y0, y1, y2, y3, x0, x1, x2, x3);
- keying(x0, x1, x2, x3, ctx->keys[23]);
- RND23(x0, x1, x2, x3, y0, y1, y2, y3);
- transform(y0, y1, y2, y3, x0, x1, x2, x3);
- keying(x0, x1, x2, x3, ctx->keys[24]);
- RND24(x0, x1, x2, x3, y0, y1, y2, y3);
- transform(y0, y1, y2, y3, x0, x1, x2, x3);
- keying(x0, x1, x2, x3, ctx->keys[25]);
- RND25(x0, x1, x2, x3, y0, y1, y2, y3);
- transform(y0, y1, y2, y3, x0, x1, x2, x3);
- keying(x0, x1, x2, x3, ctx->keys[26]);
- RND26(x0, x1, x2, x3, y0, y1, y2, y3);
- transform(y0, y1, y2, y3, x0, x1, x2, x3);
- keying(x0, x1, x2, x3, ctx->keys[27]);
- RND27(x0, x1, x2, x3, y0, y1, y2, y3);
- transform(y0, y1, y2, y3, x0, x1, x2, x3);
- keying(x0, x1, x2, x3, ctx->keys[28]);
- RND28(x0, x1, x2, x3, y0, y1, y2, y3);
- transform(y0, y1, y2, y3, x0, x1, x2, x3);
- keying(x0, x1, x2, x3, ctx->keys[29]);
- RND29(x0, x1, x2, x3, y0, y1, y2, y3);
- transform(y0, y1, y2, y3, x0, x1, x2, x3);
- keying(x0, x1, x2, x3, ctx->keys[30]);
- RND30(x0, x1, x2, x3, y0, y1, y2, y3);
- transform(y0, y1, y2, y3, x0, x1, x2, x3);
- keying(x0, x1, x2, x3, ctx->keys[31]);
- RND31(x0, x1, x2, x3, y0, y1, y2, y3);
- x0 = y0; x1 = y1; x2 = y2; x3 = y3;
- keying(x0, x1, x2, x3, ctx->keys[32]);
-
- /* The ciphertext is now in x */
-
- /* Why the reverse order? */
- WRITE_UINT32(dst, x3);
- WRITE_UINT32(dst+4, x2);
- WRITE_UINT32(dst+8, x1);
- WRITE_UINT32(dst+12, x0);
- }
-}
-
-void
-serpent_decrypt(const struct serpent_ctx *ctx,
- unsigned length, uint8_t *dst,
- const uint8_t *cipher)
-{
- register uint32_t x0, x1, x2, x3;
- register uint32_t y0, y1, y2, y3;
-
- FOR_BLOCKS(length, dst, cipher, SERPENT_BLOCK_SIZE)
- {
- /* Why the reverse order? */
- x0 = READ_UINT32(cipher + 12);
- x1 = READ_UINT32(cipher + 8);
- x2 = READ_UINT32(cipher + 4);
- x3 = READ_UINT32(cipher);
-
- /* Start to decrypt the ciphertext x */
- keying(x0, x1, x2, x3, ctx->keys[32]);
- InvRND31(x0, x1, x2, x3, y0, y1, y2, y3);
- keying(y0, y1, y2, y3, ctx->keys[31]);
- inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
- InvRND30(x0, x1, x2, x3, y0, y1, y2, y3);
- keying(y0, y1, y2, y3, ctx->keys[30]);
- inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
- InvRND29(x0, x1, x2, x3, y0, y1, y2, y3);
- keying(y0, y1, y2, y3, ctx->keys[29]);
- inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
- InvRND28(x0, x1, x2, x3, y0, y1, y2, y3);
- keying(y0, y1, y2, y3, ctx->keys[28]);
- inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
- InvRND27(x0, x1, x2, x3, y0, y1, y2, y3);
- keying(y0, y1, y2, y3, ctx->keys[27]);
- inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
- InvRND26(x0, x1, x2, x3, y0, y1, y2, y3);
- keying(y0, y1, y2, y3, ctx->keys[26]);
- inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
- InvRND25(x0, x1, x2, x3, y0, y1, y2, y3);
- keying(y0, y1, y2, y3, ctx->keys[25]);
- inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
- InvRND24(x0, x1, x2, x3, y0, y1, y2, y3);
- keying(y0, y1, y2, y3, ctx->keys[24]);
- inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
- InvRND23(x0, x1, x2, x3, y0, y1, y2, y3);
- keying(y0, y1, y2, y3, ctx->keys[23]);
- inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
- InvRND22(x0, x1, x2, x3, y0, y1, y2, y3);
- keying(y0, y1, y2, y3, ctx->keys[22]);
- inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
- InvRND21(x0, x1, x2, x3, y0, y1, y2, y3);
- keying(y0, y1, y2, y3, ctx->keys[21]);
- inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
- InvRND20(x0, x1, x2, x3, y0, y1, y2, y3);
- keying(y0, y1, y2, y3, ctx->keys[20]);
- inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
- InvRND19(x0, x1, x2, x3, y0, y1, y2, y3);
- keying(y0, y1, y2, y3, ctx->keys[19]);
- inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
- InvRND18(x0, x1, x2, x3, y0, y1, y2, y3);
- keying(y0, y1, y2, y3, ctx->keys[18]);
- inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
- InvRND17(x0, x1, x2, x3, y0, y1, y2, y3);
- keying(y0, y1, y2, y3, ctx->keys[17]);
- inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
- InvRND16(x0, x1, x2, x3, y0, y1, y2, y3);
- keying(y0, y1, y2, y3, ctx->keys[16]);
- inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
- InvRND15(x0, x1, x2, x3, y0, y1, y2, y3);
- keying(y0, y1, y2, y3, ctx->keys[15]);
- inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
- InvRND14(x0, x1, x2, x3, y0, y1, y2, y3);
- keying(y0, y1, y2, y3, ctx->keys[14]);
- inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
- InvRND13(x0, x1, x2, x3, y0, y1, y2, y3);
- keying(y0, y1, y2, y3, ctx->keys[13]);
- inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
- InvRND12(x0, x1, x2, x3, y0, y1, y2, y3);
- keying(y0, y1, y2, y3, ctx->keys[12]);
- inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
- InvRND11(x0, x1, x2, x3, y0, y1, y2, y3);
- keying(y0, y1, y2, y3, ctx->keys[11]);
- inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
- InvRND10(x0, x1, x2, x3, y0, y1, y2, y3);
- keying(y0, y1, y2, y3, ctx->keys[10]);
- inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
- InvRND09(x0, x1, x2, x3, y0, y1, y2, y3);
- keying(y0, y1, y2, y3, ctx->keys[ 9]);
- inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
- InvRND08(x0, x1, x2, x3, y0, y1, y2, y3);
- keying(y0, y1, y2, y3, ctx->keys[ 8]);
- inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
- InvRND07(x0, x1, x2, x3, y0, y1, y2, y3);
- keying(y0, y1, y2, y3, ctx->keys[ 7]);
- inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
- InvRND06(x0, x1, x2, x3, y0, y1, y2, y3);
- keying(y0, y1, y2, y3, ctx->keys[ 6]);
- inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
- InvRND05(x0, x1, x2, x3, y0, y1, y2, y3);
- keying(y0, y1, y2, y3, ctx->keys[ 5]);
- inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
- InvRND04(x0, x1, x2, x3, y0, y1, y2, y3);
- keying(y0, y1, y2, y3, ctx->keys[ 4]);
- inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
- InvRND03(x0, x1, x2, x3, y0, y1, y2, y3);
- keying(y0, y1, y2, y3, ctx->keys[ 3]);
- inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
- InvRND02(x0, x1, x2, x3, y0, y1, y2, y3);
- keying(y0, y1, y2, y3, ctx->keys[ 2]);
- inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
- InvRND01(x0, x1, x2, x3, y0, y1, y2, y3);
- keying(y0, y1, y2, y3, ctx->keys[ 1]);
- inv_transform(y0, y1, y2, y3, x0, x1, x2, x3);
- InvRND00(x0, x1, x2, x3, y0, y1, y2, y3);
- x0 = y0; x1 = y1; x2 = y2; x3 = y3;
- keying(x0, x1, x2, x3, ctx->keys[ 0]);
-
- /* The plaintext is now in x */
-
- /* Why the reverse order? */
- WRITE_UINT32(dst, x3);
- WRITE_UINT32(dst+4, x2);
- WRITE_UINT32(dst+8, x1);
- WRITE_UINT32(dst+12, x0);
- }
-}
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001 Niels Möller
+ * Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
/* Serpent is a 128-bit block cipher that accepts a key size of 256
+++ /dev/null
-/* serpentsboxes.h
- *
- * $Id: serpent_sboxes.h,v 1.1 2007/04/05 14:20:35 nisse Exp $
- *
- * For more details on this algorithm, see the Serpent website at
- * http://www.cl.cam.ac.uk/~rja14/serpent.html
- */
-
-/* Copyright (C) 1998 Ross Anderson, Eli Biham, Lars Knudsen
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-/* I've modified this code a bit so that it interoperates with lsh
- * properly. 2000-9-5, Rafael R. Sevilla <dido@pacific.net.ph>
- */
-
-/* NOTE: The copyright notice for the original version of this code
- * said "All rights reserved. This code is freely distributed for AES
- * selection process. No other use is allowed." However, the authors
- * later decided to GPL the code. /nisse */
-
-#ifndef SERPENT_SBOXES_H_INCLUDED
-#define SERPENT_SBOXES_H_INCLUDED
-
-#include "serpent.h"
-
-/* S0: 3 8 15 1 10 6 5 11 14 13 4 2 7 0 9 12 */
-
-/* depth = 5,7,4,2, Total gates=18 */
-#define RND00(a,b,c,d,w,x,y,z) \
- { register uint32_t t02, t03, t05, t06, t07, t08, t09, t11, t12, t13, t14, t15, t17, t01;\
- t01 = b ^ c ; \
- t02 = a | d ; \
- t03 = a ^ b ; \
- z = t02 ^ t01; \
- t05 = c | z ; \
- t06 = a ^ d ; \
- t07 = b | c ; \
- t08 = d & t05; \
- t09 = t03 & t07; \
- y = t09 ^ t08; \
- t11 = t09 & y ; \
- t12 = c ^ d ; \
- t13 = t07 ^ t11; \
- t14 = b & t06; \
- t15 = t06 ^ t13; \
- w = ~ t15; \
- t17 = w ^ t14; \
- x = t12 ^ t17; }
-
-/* InvS0: 13 3 11 0 10 6 5 12 1 14 4 7 15 9 8 2 */
-
-/* depth = 8,4,3,6, Total gates=19 */
-#define InvRND00(a,b,c,d,w,x,y,z) \
- { register uint32_t t02, t03, t04, t05, t06, t08, t09, t10, t12, t13, t14, t15, t17, t18, t01;\
- t01 = c ^ d ; \
- t02 = a | b ; \
- t03 = b | c ; \
- t04 = c & t01; \
- t05 = t02 ^ t01; \
- t06 = a | t04; \
- y = ~ t05; \
- t08 = b ^ d ; \
- t09 = t03 & t08; \
- t10 = d | y ; \
- x = t09 ^ t06; \
- t12 = a | t05; \
- t13 = x ^ t12; \
- t14 = t03 ^ t10; \
- t15 = a ^ c ; \
- z = t14 ^ t13; \
- t17 = t05 & t13; \
- t18 = t14 | t17; \
- w = t15 ^ t18; }
-
-/* S1: 15 12 2 7 9 0 5 10 1 11 14 8 6 13 3 4 */
-
-/* depth = 10,7,3,5, Total gates=18 */
-#define RND01(a,b,c,d,w,x,y,z) \
- { register uint32_t t02, t03, t04, t05, t06, t07, t08, t10, t11, t12, t13, t16, t17, t01;\
- t01 = a | d ; \
- t02 = c ^ d ; \
- t03 = ~ b ; \
- t04 = a ^ c ; \
- t05 = a | t03; \
- t06 = d & t04; \
- t07 = t01 & t02; \
- t08 = b | t06; \
- y = t02 ^ t05; \
- t10 = t07 ^ t08; \
- t11 = t01 ^ t10; \
- t12 = y ^ t11; \
- t13 = b & d ; \
- z = ~ t10; \
- x = t13 ^ t12; \
- t16 = t10 | x ; \
- t17 = t05 & t16; \
- w = c ^ t17; }
-
-/* InvS1: 5 8 2 14 15 6 12 3 11 4 7 9 1 13 10 0 */
-
-/* depth = 7,4,5,3, Total gates=18 */
-#define InvRND01(a,b,c,d,w,x,y,z) \
- { register uint32_t t02, t03, t04, t05, t06, t07, t08, t09, t10, t11, t14, t15, t17, t01;\
- t01 = a ^ b ; \
- t02 = b | d ; \
- t03 = a & c ; \
- t04 = c ^ t02; \
- t05 = a | t04; \
- t06 = t01 & t05; \
- t07 = d | t03; \
- t08 = b ^ t06; \
- t09 = t07 ^ t06; \
- t10 = t04 | t03; \
- t11 = d & t08; \
- y = ~ t09; \
- x = t10 ^ t11; \
- t14 = a | y ; \
- t15 = t06 ^ x ; \
- z = t01 ^ t04; \
- t17 = c ^ t15; \
- w = t14 ^ t17; }
-
-/* S2: 8 6 7 9 3 12 10 15 13 1 14 4 0 11 5 2 */
-
-/* depth = 3,8,11,7, Total gates=16 */
-#define RND02(a,b,c,d,w,x,y,z) \
- { register uint32_t t02, t03, t05, t06, t07, t08, t09, t10, t12, t13, t14, t01;\
- t01 = a | c ; \
- t02 = a ^ b ; \
- t03 = d ^ t01; \
- w = t02 ^ t03; \
- t05 = c ^ w ; \
- t06 = b ^ t05; \
- t07 = b | t05; \
- t08 = t01 & t06; \
- t09 = t03 ^ t07; \
- t10 = t02 | t09; \
- x = t10 ^ t08; \
- t12 = a | d ; \
- t13 = t09 ^ x ; \
- t14 = b ^ t13; \
- z = ~ t09; \
- y = t12 ^ t14; }
-
-/* InvS2: 12 9 15 4 11 14 1 2 0 3 6 13 5 8 10 7 */
-
-/* depth = 3,6,8,3, Total gates=18 */
-#define InvRND02(a,b,c,d,w,x,y,z) \
- { register uint32_t t02, t03, t04, t06, t07, t08, t09, t10, t11, t12, t15, t16, t17, t01;\
- t01 = a ^ d ; \
- t02 = c ^ d ; \
- t03 = a & c ; \
- t04 = b | t02; \
- w = t01 ^ t04; \
- t06 = a | c ; \
- t07 = d | w ; \
- t08 = ~ d ; \
- t09 = b & t06; \
- t10 = t08 | t03; \
- t11 = b & t07; \
- t12 = t06 & t02; \
- z = t09 ^ t10; \
- x = t12 ^ t11; \
- t15 = c & z ; \
- t16 = w ^ x ; \
- t17 = t10 ^ t15; \
- y = t16 ^ t17; }
-
-/* S3: 0 15 11 8 12 9 6 3 13 1 2 4 10 7 5 14 */
-
-/* depth = 8,3,5,5, Total gates=18 */
-#define RND03(a,b,c,d,w,x,y,z) \
- { register uint32_t t02, t03, t04, t05, t06, t07, t08, t09, t10, t11, t13, t14, t15, t01;\
- t01 = a ^ c ; \
- t02 = a | d ; \
- t03 = a & d ; \
- t04 = t01 & t02; \
- t05 = b | t03; \
- t06 = a & b ; \
- t07 = d ^ t04; \
- t08 = c | t06; \
- t09 = b ^ t07; \
- t10 = d & t05; \
- t11 = t02 ^ t10; \
- z = t08 ^ t09; \
- t13 = d | z ; \
- t14 = a | t07; \
- t15 = b & t13; \
- y = t08 ^ t11; \
- w = t14 ^ t15; \
- x = t05 ^ t04; }
-
-/* InvS3: 0 9 10 7 11 14 6 13 3 5 12 2 4 8 15 1 */
-
-/* depth = 3,6,4,4, Total gates=17 */
-#define InvRND03(a,b,c,d,w,x,y,z) \
- { register uint32_t t02, t03, t04, t05, t06, t07, t09, t11, t12, t13, t14, t16, t01;\
- t01 = c | d ; \
- t02 = a | d ; \
- t03 = c ^ t02; \
- t04 = b ^ t02; \
- t05 = a ^ d ; \
- t06 = t04 & t03; \
- t07 = b & t01; \
- y = t05 ^ t06; \
- t09 = a ^ t03; \
- w = t07 ^ t03; \
- t11 = w | t05; \
- t12 = t09 & t11; \
- t13 = a & y ; \
- t14 = t01 ^ t05; \
- x = b ^ t12; \
- t16 = b | t13; \
- z = t14 ^ t16; }
-
-/* S4: 1 15 8 3 12 0 11 6 2 5 4 10 9 14 7 13 */
-
-/* depth = 6,7,5,3, Total gates=19 */
-#define RND04(a,b,c,d,w,x,y,z) \
- { register uint32_t t02, t03, t04, t05, t06, t08, t09, t10, t11, t12, t13, t14, t15, t16, t01;\
- t01 = a | b ; \
- t02 = b | c ; \
- t03 = a ^ t02; \
- t04 = b ^ d ; \
- t05 = d | t03; \
- t06 = d & t01; \
- z = t03 ^ t06; \
- t08 = z & t04; \
- t09 = t04 & t05; \
- t10 = c ^ t06; \
- t11 = b & c ; \
- t12 = t04 ^ t08; \
- t13 = t11 | t03; \
- t14 = t10 ^ t09; \
- t15 = a & t05; \
- t16 = t11 | t12; \
- y = t13 ^ t08; \
- x = t15 ^ t16; \
- w = ~ t14; }
-
-/* InvS4: 5 0 8 3 10 9 7 14 2 12 11 6 4 15 13 1 */
-
-/* depth = 6,4,7,3, Total gates=17 */
-#define InvRND04(a,b,c,d,w,x,y,z) \
- { register uint32_t t02, t03, t04, t05, t06, t07, t09, t10, t11, t12, t13, t15, t01;\
- t01 = b | d ; \
- t02 = c | d ; \
- t03 = a & t01; \
- t04 = b ^ t02; \
- t05 = c ^ d ; \
- t06 = ~ t03; \
- t07 = a & t04; \
- x = t05 ^ t07; \
- t09 = x | t06; \
- t10 = a ^ t07; \
- t11 = t01 ^ t09; \
- t12 = d ^ t04; \
- t13 = c | t10; \
- z = t03 ^ t12; \
- t15 = a ^ t04; \
- y = t11 ^ t13; \
- w = t15 ^ t09; }
-
-/* S5: 15 5 2 11 4 10 9 12 0 3 14 8 13 6 7 1 */
-
-/* depth = 4,6,8,6, Total gates=17 */
-#define RND05(a,b,c,d,w,x,y,z) \
- { register uint32_t t02, t03, t04, t05, t07, t08, t09, t10, t11, t12, t13, t14, t01;\
- t01 = b ^ d ; \
- t02 = b | d ; \
- t03 = a & t01; \
- t04 = c ^ t02; \
- t05 = t03 ^ t04; \
- w = ~ t05; \
- t07 = a ^ t01; \
- t08 = d | w ; \
- t09 = b | t05; \
- t10 = d ^ t08; \
- t11 = b | t07; \
- t12 = t03 | w ; \
- t13 = t07 | t10; \
- t14 = t01 ^ t11; \
- y = t09 ^ t13; \
- x = t07 ^ t08; \
- z = t12 ^ t14; }
-
-/* InvS5: 8 15 2 9 4 1 13 14 11 6 5 3 7 12 10 0 */
-
-/* depth = 4,6,9,7, Total gates=17 */
-#define InvRND05(a,b,c,d,w,x,y,z) \
- { register uint32_t t02, t03, t04, t05, t07, t08, t09, t10, t12, t13, t15, t16, t01;\
- t01 = a & d ; \
- t02 = c ^ t01; \
- t03 = a ^ d ; \
- t04 = b & t02; \
- t05 = a & c ; \
- w = t03 ^ t04; \
- t07 = a & w ; \
- t08 = t01 ^ w ; \
- t09 = b | t05; \
- t10 = ~ b ; \
- x = t08 ^ t09; \
- t12 = t10 | t07; \
- t13 = w | x ; \
- z = t02 ^ t12; \
- t15 = t02 ^ t13; \
- t16 = b ^ d ; \
- y = t16 ^ t15; }
-
-/* S6: 7 2 12 5 8 4 6 11 14 9 1 15 13 3 10 0 */
-
-/* depth = 8,3,6,3, Total gates=19 */
-#define RND06(a,b,c,d,w,x,y,z) \
- { register uint32_t t02, t03, t04, t05, t07, t08, t09, t10, t11, t12, t13, t15, t17, t18, t01;\
- t01 = a & d ; \
- t02 = b ^ c ; \
- t03 = a ^ d ; \
- t04 = t01 ^ t02; \
- t05 = b | c ; \
- x = ~ t04; \
- t07 = t03 & t05; \
- t08 = b & x ; \
- t09 = a | c ; \
- t10 = t07 ^ t08; \
- t11 = b | d ; \
- t12 = c ^ t11; \
- t13 = t09 ^ t10; \
- y = ~ t13; \
- t15 = x & t03; \
- z = t12 ^ t07; \
- t17 = a ^ b ; \
- t18 = y ^ t15; \
- w = t17 ^ t18; }
-
-/* InvS6: 15 10 1 13 5 3 6 0 4 9 14 7 2 12 8 11 */
-
-/* depth = 5,3,8,6, Total gates=19 */
-#define InvRND06(a,b,c,d,w,x,y,z) \
- { register uint32_t t02, t03, t04, t05, t06, t07, t08, t09, t12, t13, t14, t15, t16, t17, t01;\
- t01 = a ^ c ; \
- t02 = ~ c ; \
- t03 = b & t01; \
- t04 = b | t02; \
- t05 = d | t03; \
- t06 = b ^ d ; \
- t07 = a & t04; \
- t08 = a | t02; \
- t09 = t07 ^ t05; \
- x = t06 ^ t08; \
- w = ~ t09; \
- t12 = b & w ; \
- t13 = t01 & t05; \
- t14 = t01 ^ t12; \
- t15 = t07 ^ t13; \
- t16 = d | t02; \
- t17 = a ^ x ; \
- z = t17 ^ t15; \
- y = t16 ^ t14; }
-
-/* S7: 1 13 15 0 14 8 2 11 7 4 12 10 9 3 5 6 */
-
-/* depth = 10,7,10,4, Total gates=19 */
-#define RND07(a,b,c,d,w,x,y,z) \
- { register uint32_t t02, t03, t04, t05, t06, t08, t09, t10, t11, t13, t14, t15, t16, t17, t01;\
- t01 = a & c ; \
- t02 = ~ d ; \
- t03 = a & t02; \
- t04 = b | t01; \
- t05 = a & b ; \
- t06 = c ^ t04; \
- z = t03 ^ t06; \
- t08 = c | z ; \
- t09 = d | t05; \
- t10 = a ^ t08; \
- t11 = t04 & z ; \
- x = t09 ^ t10; \
- t13 = b ^ x ; \
- t14 = t01 ^ x ; \
- t15 = c ^ t05; \
- t16 = t11 | t13; \
- t17 = t02 | t14; \
- w = t15 ^ t17; \
- y = a ^ t16; }
-
-/* InvS7: 3 0 6 13 9 14 15 8 5 12 11 7 10 1 4 2 */
-
-/* depth = 9,7,3,3, Total gates=18 */
-#define InvRND07(a,b,c,d,w,x,y,z) \
- { register uint32_t t02, t03, t04, t06, t07, t08, t09, t10, t11, t13, t14, t15, t16, t01;\
- t01 = a & b ; \
- t02 = a | b ; \
- t03 = c | t01; \
- t04 = d & t02; \
- z = t03 ^ t04; \
- t06 = b ^ t04; \
- t07 = d ^ z ; \
- t08 = ~ t07; \
- t09 = t06 | t08; \
- t10 = b ^ d ; \
- t11 = a | d ; \
- x = a ^ t09; \
- t13 = c ^ t06; \
- t14 = c & t11; \
- t15 = d | x ; \
- t16 = t01 | t10; \
- w = t13 ^ t15; \
- y = t14 ^ t16; }
-
-#define RND08(a,b,c,d,e,f,g,h) RND00(a,b,c,d,e,f,g,h)
-#define RND09(a,b,c,d,e,f,g,h) RND01(a,b,c,d,e,f,g,h)
-#define RND10(a,b,c,d,e,f,g,h) RND02(a,b,c,d,e,f,g,h)
-#define RND11(a,b,c,d,e,f,g,h) RND03(a,b,c,d,e,f,g,h)
-#define RND12(a,b,c,d,e,f,g,h) RND04(a,b,c,d,e,f,g,h)
-#define RND13(a,b,c,d,e,f,g,h) RND05(a,b,c,d,e,f,g,h)
-#define RND14(a,b,c,d,e,f,g,h) RND06(a,b,c,d,e,f,g,h)
-#define RND15(a,b,c,d,e,f,g,h) RND07(a,b,c,d,e,f,g,h)
-#define RND16(a,b,c,d,e,f,g,h) RND00(a,b,c,d,e,f,g,h)
-#define RND17(a,b,c,d,e,f,g,h) RND01(a,b,c,d,e,f,g,h)
-#define RND18(a,b,c,d,e,f,g,h) RND02(a,b,c,d,e,f,g,h)
-#define RND19(a,b,c,d,e,f,g,h) RND03(a,b,c,d,e,f,g,h)
-#define RND20(a,b,c,d,e,f,g,h) RND04(a,b,c,d,e,f,g,h)
-#define RND21(a,b,c,d,e,f,g,h) RND05(a,b,c,d,e,f,g,h)
-#define RND22(a,b,c,d,e,f,g,h) RND06(a,b,c,d,e,f,g,h)
-#define RND23(a,b,c,d,e,f,g,h) RND07(a,b,c,d,e,f,g,h)
-#define RND24(a,b,c,d,e,f,g,h) RND00(a,b,c,d,e,f,g,h)
-#define RND25(a,b,c,d,e,f,g,h) RND01(a,b,c,d,e,f,g,h)
-#define RND26(a,b,c,d,e,f,g,h) RND02(a,b,c,d,e,f,g,h)
-#define RND27(a,b,c,d,e,f,g,h) RND03(a,b,c,d,e,f,g,h)
-#define RND28(a,b,c,d,e,f,g,h) RND04(a,b,c,d,e,f,g,h)
-#define RND29(a,b,c,d,e,f,g,h) RND05(a,b,c,d,e,f,g,h)
-#define RND30(a,b,c,d,e,f,g,h) RND06(a,b,c,d,e,f,g,h)
-#define RND31(a,b,c,d,e,f,g,h) RND07(a,b,c,d,e,f,g,h)
-
-#define InvRND08(a,b,c,d,e,f,g,h) InvRND00(a,b,c,d,e,f,g,h)
-#define InvRND09(a,b,c,d,e,f,g,h) InvRND01(a,b,c,d,e,f,g,h)
-#define InvRND10(a,b,c,d,e,f,g,h) InvRND02(a,b,c,d,e,f,g,h)
-#define InvRND11(a,b,c,d,e,f,g,h) InvRND03(a,b,c,d,e,f,g,h)
-#define InvRND12(a,b,c,d,e,f,g,h) InvRND04(a,b,c,d,e,f,g,h)
-#define InvRND13(a,b,c,d,e,f,g,h) InvRND05(a,b,c,d,e,f,g,h)
-#define InvRND14(a,b,c,d,e,f,g,h) InvRND06(a,b,c,d,e,f,g,h)
-#define InvRND15(a,b,c,d,e,f,g,h) InvRND07(a,b,c,d,e,f,g,h)
-#define InvRND16(a,b,c,d,e,f,g,h) InvRND00(a,b,c,d,e,f,g,h)
-#define InvRND17(a,b,c,d,e,f,g,h) InvRND01(a,b,c,d,e,f,g,h)
-#define InvRND18(a,b,c,d,e,f,g,h) InvRND02(a,b,c,d,e,f,g,h)
-#define InvRND19(a,b,c,d,e,f,g,h) InvRND03(a,b,c,d,e,f,g,h)
-#define InvRND20(a,b,c,d,e,f,g,h) InvRND04(a,b,c,d,e,f,g,h)
-#define InvRND21(a,b,c,d,e,f,g,h) InvRND05(a,b,c,d,e,f,g,h)
-#define InvRND22(a,b,c,d,e,f,g,h) InvRND06(a,b,c,d,e,f,g,h)
-#define InvRND23(a,b,c,d,e,f,g,h) InvRND07(a,b,c,d,e,f,g,h)
-#define InvRND24(a,b,c,d,e,f,g,h) InvRND00(a,b,c,d,e,f,g,h)
-#define InvRND25(a,b,c,d,e,f,g,h) InvRND01(a,b,c,d,e,f,g,h)
-#define InvRND26(a,b,c,d,e,f,g,h) InvRND02(a,b,c,d,e,f,g,h)
-#define InvRND27(a,b,c,d,e,f,g,h) InvRND03(a,b,c,d,e,f,g,h)
-#define InvRND28(a,b,c,d,e,f,g,h) InvRND04(a,b,c,d,e,f,g,h)
-#define InvRND29(a,b,c,d,e,f,g,h) InvRND05(a,b,c,d,e,f,g,h)
-#define InvRND30(a,b,c,d,e,f,g,h) InvRND06(a,b,c,d,e,f,g,h)
-#define InvRND31(a,b,c,d,e,f,g,h) InvRND07(a,b,c,d,e,f,g,h)
-
-/* Linear transformations and key mixing: */
-
-#define ROL(x,n) ((((uint32_t)(x))<<(n))| \
- (((uint32_t)(x))>>(32-(n))))
-#define ROR(x,n) ((((uint32_t)(x))<<(32-(n)))| \
- (((uint32_t)(x))>>(n)))
-
-#define transform(x0, x1, x2, x3, y0, y1, y2, y3) \
- y0 = ROL(x0, 13); \
- y2 = ROL(x2, 3); \
- y1 = x1 ^ y0 ^ y2; \
- y3 = x3 ^ y2 ^ ((uint32_t)y0)<<3; \
- y1 = ROL(y1, 1); \
- y3 = ROL(y3, 7); \
- y0 = y0 ^ y1 ^ y3; \
- y2 = y2 ^ y3 ^ ((uint32_t)y1<<7); \
- y0 = ROL(y0, 5); \
- y2 = ROL(y2, 22)
-
-#define inv_transform(x0, x1, x2, x3, y0, y1, y2, y3) \
- y2 = ROR(x2, 22);\
- y0 = ROR(x0, 5); \
- y2 = y2 ^ x3 ^ ((uint32_t)x1<<7); \
- y0 = y0 ^ x1 ^ x3; \
- y3 = ROR(x3, 7); \
- y1 = ROR(x1, 1); \
- y3 = y3 ^ y2 ^ ((uint32_t)y0)<<3; \
- y1 = y1 ^ y0 ^ y2; \
- y2 = ROR(y2, 3); \
- y0 = ROR(y0, 13)
-
-#define keying(x0, x1, x2, x3, subkey) \
- x0^=subkey[0];x1^=subkey[1]; \
- x2^=subkey[2];x3^=subkey[3]
-
-/* PHI: Constant used in the key schedule */
-#define PHI 0x9e3779b9L
-
-#endif /* SERPENT_SBOXES_H_INCLUDED */
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_SEXP_H_INCLUDED
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
#include <stdio.h>
#include <stdlib.h>
-#include <nettle/sha.h>
+#include <nettle/sha1.h>
#define BUF_SIZE 1000
/* sha.h
*
- * The sha1 and sha256 hash functions.
+ * This file is deprecated, and provided only for backwards
+ * compatibility with earlier versions of Nettle. Please use sha1.h
+ * and/or sha2.h instead.
*/
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001 Niels Möller
+ * Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
-
+
#ifndef NETTLE_SHA_H_INCLUDED
#define NETTLE_SHA_H_INCLUDED
-#include "nettle-types.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Name mangling */
-#define sha1_init nettle_sha1_init
-#define sha1_update nettle_sha1_update
-#define sha1_digest nettle_sha1_digest
-#define sha224_init nettle_sha224_init
-#define sha224_digest nettle_sha224_digest
-#define sha256_init nettle_sha256_init
-#define sha256_update nettle_sha256_update
-#define sha256_digest nettle_sha256_digest
-#define sha384_init nettle_sha384_init
-#define sha384_digest nettle_sha384_digest
-#define sha512_init nettle_sha512_init
-#define sha512_update nettle_sha512_update
-#define sha512_digest nettle_sha512_digest
-
-/* SHA1 */
-
-#define SHA1_DIGEST_SIZE 20
-#define SHA1_DATA_SIZE 64
-
-/* Digest is kept internally as 5 32-bit words. */
-#define _SHA1_DIGEST_LENGTH 5
-
-struct sha1_ctx
-{
- uint32_t digest[_SHA1_DIGEST_LENGTH]; /* Message digest */
- uint32_t count_low, count_high; /* 64-bit block count */
- uint8_t block[SHA1_DATA_SIZE]; /* SHA1 data buffer */
- unsigned int index; /* index into buffer */
-};
-
-void
-sha1_init(struct sha1_ctx *ctx);
-
-void
-sha1_update(struct sha1_ctx *ctx,
- unsigned length,
- const uint8_t *data);
-
-void
-sha1_digest(struct sha1_ctx *ctx,
- unsigned length,
- uint8_t *digest);
-
-/* Internal compression function. STATE points to 5 uint32_t words,
- and DATA points to 64 bytes of input data, possibly unaligned. */
-void
-_nettle_sha1_compress(uint32_t *state, const uint8_t *data);
-
-/* SHA256 */
-
-#define SHA256_DIGEST_SIZE 32
-#define SHA256_DATA_SIZE 64
-
-/* Digest is kept internally as 8 32-bit words. */
-#define _SHA256_DIGEST_LENGTH 8
-
-struct sha256_ctx
-{
- uint32_t state[_SHA256_DIGEST_LENGTH]; /* State variables */
- uint32_t count_low, count_high; /* 64-bit block count */
- uint8_t block[SHA256_DATA_SIZE]; /* SHA256 data buffer */
- unsigned int index; /* index into buffer */
-};
-
-void
-sha256_init(struct sha256_ctx *ctx);
-
-void
-sha256_update(struct sha256_ctx *ctx,
- unsigned length,
- const uint8_t *data);
-
-void
-sha256_digest(struct sha256_ctx *ctx,
- unsigned length,
- uint8_t *digest);
-
-/* Internal compression function. STATE points to 8 uint32_t words,
- DATA points to 64 bytes of input data, possibly unaligned, and K
- points to the table of constants. */
-void
-_nettle_sha256_compress(uint32_t *state, const uint8_t *data, const uint32_t *k);
-
-
-/* SHA224, a truncated SHA256 with different initial state. */
-
-#define SHA224_DIGEST_SIZE 28
-#define SHA224_DATA_SIZE SHA256_DATA_SIZE
-#define sha224_ctx sha256_ctx
-
-void
-sha224_init(struct sha256_ctx *ctx);
-
-#define sha224_update nettle_sha256_update
-
-void
-sha224_digest(struct sha256_ctx *ctx,
- unsigned length,
- uint8_t *digest);
-
-
-/* SHA512 */
-
-#define SHA512_DIGEST_SIZE 64
-#define SHA512_DATA_SIZE 128
-
-/* Digest is kept internally as 8 64-bit words. */
-#define _SHA512_DIGEST_LENGTH 8
-
-struct sha512_ctx
-{
- uint64_t state[_SHA512_DIGEST_LENGTH]; /* State variables */
- uint64_t count_low, count_high; /* 128-bit block count */
- uint8_t block[SHA512_DATA_SIZE]; /* SHA512 data buffer */
- unsigned int index; /* index into buffer */
-};
-
-void
-sha512_init(struct sha512_ctx *ctx);
-
-void
-sha512_update(struct sha512_ctx *ctx,
- unsigned length,
- const uint8_t *data);
-
-void
-sha512_digest(struct sha512_ctx *ctx,
- unsigned length,
- uint8_t *digest);
-
-/* Internal compression function. STATE points to 8 uint64_t words,
- DATA points to 128 bytes of input data, possibly unaligned, and K
- points to the table of constants. */
-void
-_nettle_sha512_compress(uint64_t *state, const uint8_t *data, const uint64_t *k);
-
-
-/* SHA384, a truncated SHA512 with different initial state. */
-
-#define SHA384_DIGEST_SIZE 48
-#define SHA384_DATA_SIZE SHA512_DATA_SIZE
-#define sha384_ctx sha512_ctx
-
-void
-sha384_init(struct sha512_ctx *ctx);
-
-#define sha384_update nettle_sha512_update
-
-void
-sha384_digest(struct sha512_ctx *ctx,
- unsigned length,
- uint8_t *digest);
-
-#ifdef __cplusplus
-}
-#endif
+#include "sha1.h"
+#include "sha2.h"
#endif /* NETTLE_SHA_H_INCLUDED */
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001, 2004 Peter Gutmann, Andrew Kuchling, Niels Möller
+ * Copyright (C) 2001, 2004 Peter Gutmann, Andrew Kuchling, Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
/* Here's the first paragraph of Peter Gutmann's posting,
#include <stdlib.h>
#include <string.h>
-#include "sha.h"
+#include "sha1.h"
#include "macros.h"
#define K3 0x8F1BBCDCL /* Rounds 40-59 */
#define K4 0xCA62C1D6L /* Rounds 60-79 */
-/* 32-bit rotate left - kludged with shifts */
-
-#define ROTL(n,X) ( ( (X) << (n) ) | ( (X) >> ( 32 - (n) ) ) )
-
/* The initial expanding function. The hash function is defined over an
80-word expanded input array W, where the first 16 are copies of the input
data, and the remaining 64 are defined by
for this information */
#define expand(W,i) ( W[ i & 15 ] = \
- ROTL( 1, ( W[ i & 15 ] ^ W[ (i - 14) & 15 ] ^ \
- W[ (i - 8) & 15 ] ^ W[ (i - 3) & 15 ] ) ) )
+ ROTL32( 1, ( W[ i & 15 ] ^ W[ (i - 14) & 15 ] ^ \
+ W[ (i - 8) & 15 ] ^ W[ (i - 3) & 15 ] ) ) )
/* The prototype SHA sub-round. The fundamental sub-round is:
- a' = e + ROTL( 5, a ) + f( b, c, d ) + k + data;
+ a' = e + ROTL32( 5, a ) + f( b, c, d ) + k + data;
b' = a;
- c' = ROTL( 30, b );
+ c' = ROTL32( 30, b );
d' = c;
e' = d;
the next 20 values from the W[] array each time */
#define subRound(a, b, c, d, e, f, k, data) \
- ( e += ROTL( 5, a ) + f( b, c, d ) + k + data, b = ROTL( 30, b ) )
+ ( e += ROTL32( 5, a ) + f( b, c, d ) + k + data, b = ROTL32( 30, b ) )
/* Perform the SHA transformation. Note that this code, like MD5, seems to
break some optimizing compilers due to the complexity of the expressions
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
#include "nettle-meta.h"
-#include "sha.h"
+#include "sha1.h"
const struct nettle_hash nettle_sha1
= _NETTLE_HASH(sha1, SHA1);
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001 Peter Gutmann, Andrew Kuchling, Niels Möller
+ * Copyright (C) 2001 Peter Gutmann, Andrew Kuchling, Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
/* Here's the first paragraph of Peter Gutmann's posting,
#include <stdlib.h>
#include <string.h>
-#include "sha.h"
+#include "sha1.h"
#include "macros.h"
#include "nettle-write.h"
-/* A block, treated as a sequence of 32-bit words. */
-#define SHA1_DATA_LENGTH 16
-
-/* SHA initial values */
-
-#define h0init 0x67452301L
-#define h1init 0xEFCDAB89L
-#define h2init 0x98BADCFEL
-#define h3init 0x10325476L
-#define h4init 0xC3D2E1F0L
-
/* Initialize the SHA values */
-
void
sha1_init(struct sha1_ctx *ctx)
{
- /* Set the h-vars to their initial values */
- ctx->digest[ 0 ] = h0init;
- ctx->digest[ 1 ] = h1init;
- ctx->digest[ 2 ] = h2init;
- ctx->digest[ 3 ] = h3init;
- ctx->digest[ 4 ] = h4init;
-
- /* Initialize bit count */
+ /* FIXME: Put the buffer last in the struct, and arrange so that we
+ can initialize with a single memcpy. */
+ static const uint32_t iv[_SHA1_DIGEST_LENGTH] =
+ {
+ /* SHA initial values */
+ 0x67452301L,
+ 0xEFCDAB89L,
+ 0x98BADCFEL,
+ 0x10325476L,
+ 0xC3D2E1F0L,
+ };
+
+ memcpy(ctx->state, iv, sizeof(ctx->state));
ctx->count_low = ctx->count_high = 0;
/* Initialize buffer */
ctx->index = 0;
}
-#define SHA1_INCR(ctx) ((ctx)->count_high += !++(ctx)->count_low)
+#define COMPRESS(ctx, data) (_nettle_sha1_compress((ctx)->state, data))
void
sha1_update(struct sha1_ctx *ctx,
- unsigned length, const uint8_t *buffer)
+ unsigned length, const uint8_t *data)
{
- if (ctx->index)
- { /* Try to fill partial block */
- unsigned left = SHA1_DATA_SIZE - ctx->index;
- if (length < left)
- {
- memcpy(ctx->block + ctx->index, buffer, length);
- ctx->index += length;
- return; /* Finished */
- }
- else
- {
- memcpy(ctx->block + ctx->index, buffer, left);
-
- _nettle_sha1_compress(ctx->digest, ctx->block);
- SHA1_INCR(ctx);
-
- buffer += left;
- length -= left;
- }
- }
- while (length >= SHA1_DATA_SIZE)
- {
- _nettle_sha1_compress(ctx->digest, buffer);
- SHA1_INCR(ctx);
-
- buffer += SHA1_DATA_SIZE;
- length -= SHA1_DATA_SIZE;
- }
- if ((ctx->index = length)) /* This assignment is intended */
- /* Buffer leftovers */
- memcpy(ctx->block, buffer, length);
+ MD_UPDATE (ctx, length, data, COMPRESS, MD_INCR(ctx));
}
-/* Final wrapup - pad to SHA1_DATA_SIZE-byte boundary with the bit pattern
- 1 0* (64-bit count of bits processed, MSB-first) */
-
-static void
-sha1_final(struct sha1_ctx *ctx)
-{
- uint32_t bitcount_high;
- uint32_t bitcount_low;
- unsigned i;
-
- i = ctx->index;
-
- /* Set the first char of padding to 0x80. This is safe since there is
- always at least one byte free */
-
- assert(i < SHA1_DATA_SIZE);
- ctx->block[i++] = 0x80;
-
- if (i > (SHA1_DATA_SIZE - 8))
- { /* No room for length in this block. Process it and
- pad with another one */
- memset(ctx->block + i, 0, SHA1_DATA_SIZE - i);
-
- _nettle_sha1_compress(ctx->digest, ctx->block);
- i = 0;
- }
- if (i < (SHA1_DATA_SIZE - 8))
- memset(ctx->block + i, 0, (SHA1_DATA_SIZE - 8) - i);
-
- /* There are 512 = 2^9 bits in one block */
- bitcount_high = (ctx->count_high << 9) | (ctx->count_low >> 23);
- bitcount_low = (ctx->count_low << 9) | (ctx->index << 3);
-
- /* This is slightly inefficient, as the numbers are converted to
- big-endian format, and will be converted back by the compression
- function. It's probably not worth the effort to fix this. */
- WRITE_UINT32(ctx->block + (SHA1_DATA_SIZE - 8), bitcount_high);
- WRITE_UINT32(ctx->block + (SHA1_DATA_SIZE - 4), bitcount_low);
-
- _nettle_sha1_compress(ctx->digest, ctx->block);
-}
-
void
sha1_digest(struct sha1_ctx *ctx,
unsigned length,
uint8_t *digest)
{
+ uint32_t high, low;
+
assert(length <= SHA1_DIGEST_SIZE);
- sha1_final(ctx);
- _nettle_write_be32(length, digest, ctx->digest);
+ MD_PAD(ctx, 8, COMPRESS);
+
+ /* There are 512 = 2^9 bits in one block */
+ high = (ctx->count_high << 9) | (ctx->count_low >> 23);
+ low = (ctx->count_low << 9) | (ctx->index << 3);
+
+ /* append the 64 bit count */
+ WRITE_UINT32(ctx->block + (SHA1_DATA_SIZE - 8), high);
+ WRITE_UINT32(ctx->block + (SHA1_DATA_SIZE - 4), low);
+ _nettle_sha1_compress(ctx->state, ctx->block);
+
+ _nettle_write_be32(length, digest, ctx->state);
sha1_init(ctx);
}
--- /dev/null
+/* sha1.h
+ *
+ * The sha1 hash function.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2001, 2012 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#ifndef NETTLE_SHA1_H_INCLUDED
+#define NETTLE_SHA1_H_INCLUDED
+
+#include "nettle-types.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Name mangling */
+#define sha1_init nettle_sha1_init
+#define sha1_update nettle_sha1_update
+#define sha1_digest nettle_sha1_digest
+
+/* SHA1 */
+
+#define SHA1_DIGEST_SIZE 20
+#define SHA1_DATA_SIZE 64
+
+/* Digest is kept internally as 5 32-bit words. */
+#define _SHA1_DIGEST_LENGTH 5
+
+struct sha1_ctx
+{
+ uint32_t state[_SHA1_DIGEST_LENGTH]; /* State variables */
+ uint32_t count_low, count_high; /* 64-bit block count */
+ uint8_t block[SHA1_DATA_SIZE]; /* SHA1 data buffer */
+ unsigned int index; /* index into buffer */
+};
+
+void
+sha1_init(struct sha1_ctx *ctx);
+
+void
+sha1_update(struct sha1_ctx *ctx,
+ unsigned length,
+ const uint8_t *data);
+
+void
+sha1_digest(struct sha1_ctx *ctx,
+ unsigned length,
+ uint8_t *digest);
+
+/* Internal compression function. STATE points to 5 uint32_t words,
+ and DATA points to 64 bytes of input data, possibly unaligned. */
+void
+_nettle_sha1_compress(uint32_t *state, const uint8_t *data);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* NETTLE_SHA1_H_INCLUDED */
--- /dev/null
+/* sha2.h
+ *
+ * The sha2 family of hash functions.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2001, 2012 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#ifndef NETTLE_SHA2_H_INCLUDED
+#define NETTLE_SHA2_H_INCLUDED
+
+#include "nettle-types.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Name mangling */
+#define sha224_init nettle_sha224_init
+#define sha224_digest nettle_sha224_digest
+#define sha256_init nettle_sha256_init
+#define sha256_update nettle_sha256_update
+#define sha256_digest nettle_sha256_digest
+#define sha384_init nettle_sha384_init
+#define sha384_digest nettle_sha384_digest
+#define sha512_init nettle_sha512_init
+#define sha512_update nettle_sha512_update
+#define sha512_digest nettle_sha512_digest
+
+/* SHA256 */
+
+#define SHA256_DIGEST_SIZE 32
+#define SHA256_DATA_SIZE 64
+
+/* Digest is kept internally as 8 32-bit words. */
+#define _SHA256_DIGEST_LENGTH 8
+
+struct sha256_ctx
+{
+ uint32_t state[_SHA256_DIGEST_LENGTH]; /* State variables */
+ uint32_t count_low, count_high; /* 64-bit block count */
+ uint8_t block[SHA256_DATA_SIZE]; /* SHA256 data buffer */
+ unsigned int index; /* index into buffer */
+};
+
+void
+sha256_init(struct sha256_ctx *ctx);
+
+void
+sha256_update(struct sha256_ctx *ctx,
+ unsigned length,
+ const uint8_t *data);
+
+void
+sha256_digest(struct sha256_ctx *ctx,
+ unsigned length,
+ uint8_t *digest);
+
+/* Internal compression function. STATE points to 8 uint32_t words,
+ DATA points to 64 bytes of input data, possibly unaligned, and K
+ points to the table of constants. */
+void
+_nettle_sha256_compress(uint32_t *state, const uint8_t *data, const uint32_t *k);
+
+
+/* SHA224, a truncated SHA256 with different initial state. */
+
+#define SHA224_DIGEST_SIZE 28
+#define SHA224_DATA_SIZE SHA256_DATA_SIZE
+#define sha224_ctx sha256_ctx
+
+void
+sha224_init(struct sha256_ctx *ctx);
+
+#define sha224_update nettle_sha256_update
+
+void
+sha224_digest(struct sha256_ctx *ctx,
+ unsigned length,
+ uint8_t *digest);
+
+
+/* SHA512 */
+
+#define SHA512_DIGEST_SIZE 64
+#define SHA512_DATA_SIZE 128
+
+/* Digest is kept internally as 8 64-bit words. */
+#define _SHA512_DIGEST_LENGTH 8
+
+struct sha512_ctx
+{
+ uint64_t state[_SHA512_DIGEST_LENGTH]; /* State variables */
+ uint64_t count_low, count_high; /* 128-bit block count */
+ uint8_t block[SHA512_DATA_SIZE]; /* SHA512 data buffer */
+ unsigned int index; /* index into buffer */
+};
+
+void
+sha512_init(struct sha512_ctx *ctx);
+
+void
+sha512_update(struct sha512_ctx *ctx,
+ unsigned length,
+ const uint8_t *data);
+
+void
+sha512_digest(struct sha512_ctx *ctx,
+ unsigned length,
+ uint8_t *digest);
+
+/* Internal compression function. STATE points to 8 uint64_t words,
+ DATA points to 128 bytes of input data, possibly unaligned, and K
+ points to the table of constants. */
+void
+_nettle_sha512_compress(uint64_t *state, const uint8_t *data, const uint64_t *k);
+
+
+/* SHA384, a truncated SHA512 with different initial state. */
+
+#define SHA384_DIGEST_SIZE 48
+#define SHA384_DATA_SIZE SHA512_DATA_SIZE
+#define sha384_ctx sha512_ctx
+
+void
+sha384_init(struct sha512_ctx *ctx);
+
+#define sha384_update nettle_sha512_update
+
+void
+sha384_digest(struct sha512_ctx *ctx,
+ unsigned length,
+ uint8_t *digest);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* NETTLE_SHA2_H_INCLUDED */
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002, 2010 Niels Möller
+ * Copyright (C) 2002, 2010 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
#include "nettle-meta.h"
-#include "sha.h"
+#include "sha2.h"
const struct nettle_hash nettle_sha224
= _NETTLE_HASH(sha224, SHA224);
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001, 2010 Niels Möller
+ * Copyright (C) 2001, 2010 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
+#ifndef SHA256_DEBUG
+# define SHA256_DEBUG 0
+#endif
+
+#if SHA256_DEBUG
+# include <stdio.h>
+# define DEBUG(i) \
+ fprintf(stderr, "%2d: %8x %8x %8x %8x %8x %8x %8x %8x\n", \
+ i, A, B, C, D ,E, F, G, H)
+#else
+# define DEBUG(i)
+#endif
+
#include <assert.h>
#include <stdlib.h>
#include <string.h>
-#include "sha.h"
+#include "sha2.h"
#include "macros.h"
/* A block, treated as a sequence of 32-bit words. */
#define SHA256_DATA_LENGTH 16
-#define ROTR(n,x) ((x)>>(n) | ((x)<<(32-(n))))
-#define SHR(n,x) ((x)>>(n))
-
/* The SHA256 functions. The Choice function is the same as the SHA1
function f1, and the majority function is the same as the SHA1 f3
function. They can be optimized to save one boolean operation each
/* #define Majority(x,y,z) ( ((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)) ) */
#define Majority(x,y,z) ( ((x) & (y)) ^ ((z) & ((x) ^ (y))) )
-#define S0(x) (ROTR(2,(x)) ^ ROTR(13,(x)) ^ ROTR(22,(x)))
-#define S1(x) (ROTR(6,(x)) ^ ROTR(11,(x)) ^ ROTR(25,(x)))
+#define S0(x) (ROTL32(30,(x)) ^ ROTL32(19,(x)) ^ ROTL32(10,(x)))
+#define S1(x) (ROTL32(26,(x)) ^ ROTL32(21,(x)) ^ ROTL32(7,(x)))
-#define s0(x) (ROTR(7,(x)) ^ ROTR(18,(x)) ^ SHR(3,(x)))
-#define s1(x) (ROTR(17,(x)) ^ ROTR(19,(x)) ^ SHR(10,(x)))
+#define s0(x) (ROTL32(25,(x)) ^ ROTL32(14,(x)) ^ ((x) >> 3))
+#define s1(x) (ROTL32(15,(x)) ^ ROTL32(13,(x)) ^ ((x) >> 10))
/* The initial expanding function. The hash function is defined over an
64-word expanded input array W, where the first 16 are copies of the input
/* It's crucial that DATA is only used once, as that argument will
* have side effects. */
-#define ROUND(a,b,c,d,e,f,g,h,k,data) do { \
- uint32_t T = h + S1(e) + Choice(e,f,g) + k + data; \
- d += T; \
- h = T + S0(a) + Majority(a,b,c); \
-} while (0)
+#define ROUND(a,b,c,d,e,f,g,h,k,data) do { \
+ h += S1(e) + Choice(e,f,g) + k + data; \
+ d += h; \
+ h += S0(a) + Majority(a,b,c); \
+ } while (0)
void
_nettle_sha256_compress(uint32_t *state, const uint8_t *input, const uint32_t *k)
/* Heavy mangling */
/* First 16 subrounds that act on the original data */
+ DEBUG(-1);
for (i = 0, d = data; i<16; i+=8, k += 8, d+= 8)
{
- ROUND(A, B, C, D, E, F, G, H, k[0], d[0]);
- ROUND(H, A, B, C, D, E, F, G, k[1], d[1]);
+ ROUND(A, B, C, D, E, F, G, H, k[0], d[0]); DEBUG(i);
+ ROUND(H, A, B, C, D, E, F, G, k[1], d[1]); DEBUG(i+1);
ROUND(G, H, A, B, C, D, E, F, k[2], d[2]);
ROUND(F, G, H, A, B, C, D, E, k[3], d[3]);
ROUND(E, F, G, H, A, B, C, D, k[4], d[4]);
ROUND(D, E, F, G, H, A, B, C, k[5], d[5]);
- ROUND(C, D, E, F, G, H, A, B, k[6], d[6]);
- ROUND(B, C, D, E, F, G, H, A, k[7], d[7]);
+ ROUND(C, D, E, F, G, H, A, B, k[6], d[6]); DEBUG(i+6);
+ ROUND(B, C, D, E, F, G, H, A, k[7], d[7]); DEBUG(i+7);
}
for (; i<64; i += 16, k+= 16)
{
- ROUND(A, B, C, D, E, F, G, H, k[ 0], EXPAND(data, 0));
- ROUND(H, A, B, C, D, E, F, G, k[ 1], EXPAND(data, 1));
- ROUND(G, H, A, B, C, D, E, F, k[ 2], EXPAND(data, 2));
- ROUND(F, G, H, A, B, C, D, E, k[ 3], EXPAND(data, 3));
- ROUND(E, F, G, H, A, B, C, D, k[ 4], EXPAND(data, 4));
- ROUND(D, E, F, G, H, A, B, C, k[ 5], EXPAND(data, 5));
- ROUND(C, D, E, F, G, H, A, B, k[ 6], EXPAND(data, 6));
- ROUND(B, C, D, E, F, G, H, A, k[ 7], EXPAND(data, 7));
- ROUND(A, B, C, D, E, F, G, H, k[ 8], EXPAND(data, 8));
- ROUND(H, A, B, C, D, E, F, G, k[ 9], EXPAND(data, 9));
- ROUND(G, H, A, B, C, D, E, F, k[10], EXPAND(data, 10));
- ROUND(F, G, H, A, B, C, D, E, k[11], EXPAND(data, 11));
- ROUND(E, F, G, H, A, B, C, D, k[12], EXPAND(data, 12));
- ROUND(D, E, F, G, H, A, B, C, k[13], EXPAND(data, 13));
- ROUND(C, D, E, F, G, H, A, B, k[14], EXPAND(data, 14));
- ROUND(B, C, D, E, F, G, H, A, k[15], EXPAND(data, 15));
+ ROUND(A, B, C, D, E, F, G, H, k[ 0], EXPAND(data, 0)); DEBUG(i);
+ ROUND(H, A, B, C, D, E, F, G, k[ 1], EXPAND(data, 1)); DEBUG(i+1);
+ ROUND(G, H, A, B, C, D, E, F, k[ 2], EXPAND(data, 2)); DEBUG(i+2);
+ ROUND(F, G, H, A, B, C, D, E, k[ 3], EXPAND(data, 3)); DEBUG(i+3);
+ ROUND(E, F, G, H, A, B, C, D, k[ 4], EXPAND(data, 4)); DEBUG(i+4);
+ ROUND(D, E, F, G, H, A, B, C, k[ 5], EXPAND(data, 5)); DEBUG(i+5);
+ ROUND(C, D, E, F, G, H, A, B, k[ 6], EXPAND(data, 6)); DEBUG(i+6);
+ ROUND(B, C, D, E, F, G, H, A, k[ 7], EXPAND(data, 7)); DEBUG(i+7);
+ ROUND(A, B, C, D, E, F, G, H, k[ 8], EXPAND(data, 8)); DEBUG(i+8);
+ ROUND(H, A, B, C, D, E, F, G, k[ 9], EXPAND(data, 9)); DEBUG(i+9);
+ ROUND(G, H, A, B, C, D, E, F, k[10], EXPAND(data, 10)); DEBUG(i+10);
+ ROUND(F, G, H, A, B, C, D, E, k[11], EXPAND(data, 11)); DEBUG(i+11);
+ ROUND(E, F, G, H, A, B, C, D, k[12], EXPAND(data, 12)); DEBUG(i+12);
+ ROUND(D, E, F, G, H, A, B, C, k[13], EXPAND(data, 13)); DEBUG(i+13);
+ ROUND(C, D, E, F, G, H, A, B, k[14], EXPAND(data, 14)); DEBUG(i+14);
+ ROUND(B, C, D, E, F, G, H, A, k[15], EXPAND(data, 15)); DEBUG(i+15);
}
/* Update state */
state[5] += F;
state[6] += G;
state[7] += H;
+#if SHA256_DEBUG
+ fprintf(stderr, "99: %8x %8x %8x %8x %8x %8x %8x %8x\n",
+ state[0], state[1], state[2], state[3],
+ state[4], state[5], state[6], state[7]);
+#endif
}
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
#include "nettle-meta.h"
-#include "sha.h"
+#include "sha2.h"
const struct nettle_hash nettle_sha256
= _NETTLE_HASH(sha256, SHA256);
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001 Niels Möller
+ * Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
/* Modelled after the sha1.c code by Peter Gutmann. */
#include <stdlib.h>
#include <string.h>
-#include "sha.h"
+#include "sha2.h"
#include "macros.h"
#include "nettle-write.h"
0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL,
};
+#define COMPRESS(ctx, data) (_nettle_sha256_compress((ctx)->state, (data), K))
+
/* Initialize the SHA values */
void
ctx->index = 0;
}
-#define SHA256_INCR(ctx) ((ctx)->count_high += !++(ctx)->count_low)
-
void
sha256_update(struct sha256_ctx *ctx,
- unsigned length, const uint8_t *buffer)
+ unsigned length, const uint8_t *data)
{
- if (ctx->index)
- { /* Try to fill partial block */
- unsigned left = SHA256_DATA_SIZE - ctx->index;
- if (length < left)
- {
- memcpy(ctx->block + ctx->index, buffer, length);
- ctx->index += length;
- return; /* Finished */
- }
- else
- {
- memcpy(ctx->block + ctx->index, buffer, left);
-
- _nettle_sha256_compress(ctx->state, ctx->block, K);
- SHA256_INCR(ctx);
-
- buffer += left;
- length -= left;
- }
- }
- while (length >= SHA256_DATA_SIZE)
- {
- _nettle_sha256_compress(ctx->state, buffer, K);
- SHA256_INCR(ctx);
-
- buffer += SHA256_DATA_SIZE;
- length -= SHA256_DATA_SIZE;
- }
- /* Buffer leftovers */
- /* NOTE: The corresponding sha1 code checks for the special case length == 0.
- * That seems supoptimal, as I suspect it increases the number of branches. */
-
- memcpy(ctx->block, buffer, length);
- ctx->index = length;
+ MD_UPDATE (ctx, length, data, COMPRESS, MD_INCR(ctx));
}
-/* Final wrapup - pad to SHA1_DATA_SIZE-byte boundary with the bit pattern
- 1 0* (64-bit count of bits processed, MSB-first) */
-
static void
-sha256_final(struct sha256_ctx *ctx)
+sha256_write_digest(struct sha256_ctx *ctx,
+ unsigned length,
+ uint8_t *digest)
{
- uint32_t bitcount_high;
- uint32_t bitcount_low;
- int i;
-
- i = ctx->index;
-
- /* Set the first char of padding to 0x80. This is safe since there is
- always at least one byte free */
-
- assert(i < SHA256_DATA_SIZE);
- ctx->block[i++] = 0x80;
-
- if (i > (SHA1_DATA_SIZE - 8))
- { /* No room for length in this block. Process it and
- * pad with another one */
- memset(ctx->block + i, 0, SHA256_DATA_SIZE - i);
- _nettle_sha256_compress(ctx->state, ctx->block, K);
+ uint32_t high, low;
- i = 0;
- }
+ assert(length <= SHA256_DIGEST_SIZE);
- if (i < (SHA256_DATA_SIZE - 8))
- memset(ctx->block + i, 0, (SHA256_DATA_SIZE - 8) - i);
+ MD_PAD(ctx, 8, COMPRESS);
- /* There are 512 = 2^9 bits in one block */
- bitcount_high = (ctx->count_high << 9) | (ctx->count_low >> 23);
- bitcount_low = (ctx->count_low << 9) | (ctx->index << 3);
+ /* There are 512 = 2^9 bits in one block */
+ high = (ctx->count_high << 9) | (ctx->count_low >> 23);
+ low = (ctx->count_low << 9) | (ctx->index << 3);
/* This is slightly inefficient, as the numbers are converted to
big-endian format, and will be converted back by the compression
function. It's probably not worth the effort to fix this. */
- WRITE_UINT32(ctx->block + (SHA256_DATA_SIZE - 8), bitcount_high);
- WRITE_UINT32(ctx->block + (SHA256_DATA_SIZE - 4), bitcount_low);
+ WRITE_UINT32(ctx->block + (SHA256_DATA_SIZE - 8), high);
+ WRITE_UINT32(ctx->block + (SHA256_DATA_SIZE - 4), low);
+ COMPRESS(ctx, ctx->block);
- _nettle_sha256_compress(ctx->state, ctx->block, K);
+ _nettle_write_be32(length, digest, ctx->state);
}
void
unsigned length,
uint8_t *digest)
{
- assert(length <= SHA256_DIGEST_SIZE);
-
- sha256_final(ctx);
- _nettle_write_be32(length, digest, ctx->state);
+ sha256_write_digest(ctx, length, digest);
sha256_init(ctx);
}
unsigned length,
uint8_t *digest)
{
- assert(length <= SHA224_DIGEST_SIZE);
-
- sha256_final(ctx);
- _nettle_write_be32(length, digest, ctx->state);
+ sha256_write_digest(ctx, length, digest);
sha224_init(ctx);
}
--- /dev/null
+/* sha3-224-meta.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "nettle-meta.h"
+
+#include "sha3.h"
+
+const struct nettle_hash nettle_sha3_224
+= _NETTLE_HASH(sha3_224, SHA3_224);
--- /dev/null
+/* sha3-224.c
+ *
+ * The sha3 hash function, 224 bit output.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <stddef.h>
+#include <string.h>
+
+#include "sha3.h"
+
+#include "nettle-write.h"
+
+void
+sha3_224_init (struct sha3_224_ctx *ctx)
+{
+ memset (&ctx->state, 0, offsetof (struct sha3_224_ctx, block));
+}
+
+void
+sha3_224_update (struct sha3_224_ctx *ctx,
+ unsigned length,
+ const uint8_t *data)
+{
+ ctx->index = _sha3_update (&ctx->state, SHA3_224_DATA_SIZE, ctx->block,
+ ctx->index, length, data);
+}
+
+void
+sha3_224_digest(struct sha3_224_ctx *ctx,
+ unsigned length,
+ uint8_t *digest)
+{
+ _sha3_pad (&ctx->state, SHA3_224_DATA_SIZE, ctx->block, ctx->index);
+ _nettle_write_le64 (length, digest, ctx->state.a);
+ sha3_224_init (ctx);
+}
--- /dev/null
+/* sha3-256-meta.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "nettle-meta.h"
+
+#include "sha3.h"
+
+const struct nettle_hash nettle_sha3_256
+= _NETTLE_HASH(sha3_256, SHA3_256);
--- /dev/null
+/* sha3-256.c
+ *
+ * The sha3 hash function, 256 bit output.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <stddef.h>
+#include <string.h>
+
+#include "sha3.h"
+
+#include "nettle-write.h"
+
+void
+sha3_256_init (struct sha3_256_ctx *ctx)
+{
+ memset (&ctx->state, 0, offsetof (struct sha3_256_ctx, block));
+}
+
+void
+sha3_256_update (struct sha3_256_ctx *ctx,
+ unsigned length,
+ const uint8_t *data)
+{
+ ctx->index = _sha3_update (&ctx->state, SHA3_256_DATA_SIZE, ctx->block,
+ ctx->index, length, data);
+}
+
+void
+sha3_256_digest(struct sha3_256_ctx *ctx,
+ unsigned length,
+ uint8_t *digest)
+{
+ _sha3_pad (&ctx->state, SHA3_256_DATA_SIZE, ctx->block, ctx->index);
+ _nettle_write_le64 (length, digest, ctx->state.a);
+ sha3_256_init (ctx);
+}
--- /dev/null
+/* sha3-384-meta.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "nettle-meta.h"
+
+#include "sha3.h"
+
+const struct nettle_hash nettle_sha3_384
+= _NETTLE_HASH(sha3_384, SHA3_384);
--- /dev/null
+/* sha3-384.c
+ *
+ * The sha3 hash function, 384 bit output.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <stddef.h>
+#include <string.h>
+
+#include "sha3.h"
+
+#include "nettle-write.h"
+
+void
+sha3_384_init (struct sha3_384_ctx *ctx)
+{
+ memset (&ctx->state, 0, offsetof (struct sha3_384_ctx, block));
+}
+
+void
+sha3_384_update (struct sha3_384_ctx *ctx,
+ unsigned length,
+ const uint8_t *data)
+{
+ ctx->index = _sha3_update (&ctx->state, SHA3_384_DATA_SIZE, ctx->block,
+ ctx->index, length, data);
+}
+
+void
+sha3_384_digest(struct sha3_384_ctx *ctx,
+ unsigned length,
+ uint8_t *digest)
+{
+ _sha3_pad (&ctx->state, SHA3_384_DATA_SIZE, ctx->block, ctx->index);
+ _nettle_write_le64 (length, digest, ctx->state.a);
+ sha3_384_init (ctx);
+}
--- /dev/null
+/* sha3-512-meta.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "nettle-meta.h"
+
+#include "sha3.h"
+
+const struct nettle_hash nettle_sha3_512
+= _NETTLE_HASH(sha3_512, SHA3_512);
--- /dev/null
+/* sha3-512.c
+ *
+ * The sha3 hash function, 512 bit output.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <stddef.h>
+#include <string.h>
+
+#include "sha3.h"
+
+#include "nettle-write.h"
+
+void
+sha3_512_init (struct sha3_512_ctx *ctx)
+{
+ memset (&ctx->state, 0, offsetof (struct sha3_512_ctx, block));
+}
+
+void
+sha3_512_update (struct sha3_512_ctx *ctx,
+ unsigned length,
+ const uint8_t *data)
+{
+ ctx->index = _sha3_update (&ctx->state, SHA3_512_DATA_SIZE, ctx->block,
+ ctx->index, length, data);
+}
+
+void
+sha3_512_digest(struct sha3_512_ctx *ctx,
+ unsigned length,
+ uint8_t *digest)
+{
+ _sha3_pad (&ctx->state, SHA3_512_DATA_SIZE, ctx->block, ctx->index);
+ _nettle_write_le64 (length, digest, ctx->state.a);
+ sha3_512_init (ctx);
+}
--- /dev/null
+/* sha3-permute.c
+ *
+ * The sha3 permutation function (aka Keccak).
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "sha3.h"
+
+#include "macros.h"
+
+#define SHA3_ROUNDS 24
+
+void
+sha3_permute (struct sha3_state *state)
+{
+ static const uint64_t rc[SHA3_ROUNDS] = {
+ 0x0000000000000001ULL, 0X0000000000008082ULL,
+ 0X800000000000808AULL, 0X8000000080008000ULL,
+ 0X000000000000808BULL, 0X0000000080000001ULL,
+ 0X8000000080008081ULL, 0X8000000000008009ULL,
+ 0X000000000000008AULL, 0X0000000000000088ULL,
+ 0X0000000080008009ULL, 0X000000008000000AULL,
+ 0X000000008000808BULL, 0X800000000000008BULL,
+ 0X8000000000008089ULL, 0X8000000000008003ULL,
+ 0X8000000000008002ULL, 0X8000000000000080ULL,
+ 0X000000000000800AULL, 0X800000008000000AULL,
+ 0X8000000080008081ULL, 0X8000000000008080ULL,
+ 0X0000000080000001ULL, 0X8000000080008008ULL,
+ };
+
+ /* Original permutation:
+
+ 0,10,20, 5,15,
+ 16, 1,11,21, 6,
+ 7,17, 2,12,22,
+ 23, 8,18, 3,13,
+ 14,24, 9,19, 4
+
+ Rotation counts:
+
+ 0, 1, 62, 28, 27,
+ 36, 44, 6, 55, 20,
+ 3, 10, 43, 25, 39,
+ 41, 45, 15, 21, 8,
+ 18, 2, 61, 56, 14,
+ */
+
+ /* In-place implementation. Permutation done as a long sequence of
+ 25 moves "following" the permutation.
+
+ T <-- 1
+ 1 <-- 6
+ 6 <-- 9
+ 9 <-- 22
+ 22 <-- 14
+ 14 <-- 20
+ 20 <-- 2
+ 2 <-- 12
+ 12 <-- 13
+ 13 <-- 19
+ 19 <-- 23
+ 23 <-- 15
+ 15 <-- 4
+ 4 <-- 24
+ 24 <-- 21
+ 21 <-- 8
+ 8 <-- 16
+ 16 <-- 5
+ 5 <-- 3
+ 3 <-- 18
+ 18 <-- 17
+ 17 <-- 11
+ 11 <-- 7
+ 7 <-- 10
+ 10 <-- T
+
+ */
+ uint64_t C[5], D[5], T, X;
+ unsigned i, y;
+
+#define A state->a
+
+ C[0] = A[0] ^ A[5+0] ^ A[10+0] ^ A[15+0] ^ A[20+0];
+ C[1] = A[1] ^ A[5+1] ^ A[10+1] ^ A[15+1] ^ A[20+1];
+ C[2] = A[2] ^ A[5+2] ^ A[10+2] ^ A[15+2] ^ A[20+2];
+ C[3] = A[3] ^ A[5+3] ^ A[10+3] ^ A[15+3] ^ A[20+3];
+ C[4] = A[4] ^ A[5+4] ^ A[10+4] ^ A[15+4] ^ A[20+4];
+
+ for (i = 0; i < SHA3_ROUNDS; i++)
+ {
+ D[0] = C[4] ^ ROTL64(1, C[1]);
+ D[1] = C[0] ^ ROTL64(1, C[2]);
+ D[2] = C[1] ^ ROTL64(1, C[3]);
+ D[3] = C[2] ^ ROTL64(1, C[4]);
+ D[4] = C[3] ^ ROTL64(1, C[0]);
+
+ A[0] ^= D[0];
+ X = A[ 1] ^ D[1]; T = ROTL64(1, X);
+ X = A[ 6] ^ D[1]; A[ 1] = ROTL64 (44, X);
+ X = A[ 9] ^ D[4]; A[ 6] = ROTL64 (20, X);
+ X = A[22] ^ D[2]; A[ 9] = ROTL64 (61, X);
+ X = A[14] ^ D[4]; A[22] = ROTL64 (39, X);
+ X = A[20] ^ D[0]; A[14] = ROTL64 (18, X);
+ X = A[ 2] ^ D[2]; A[20] = ROTL64 (62, X);
+ X = A[12] ^ D[2]; A[ 2] = ROTL64 (43, X);
+ X = A[13] ^ D[3]; A[12] = ROTL64 (25, X);
+ X = A[19] ^ D[4]; A[13] = ROTL64 ( 8, X);
+ X = A[23] ^ D[3]; A[19] = ROTL64 (56, X);
+ X = A[15] ^ D[0]; A[23] = ROTL64 (41, X);
+ X = A[ 4] ^ D[4]; A[15] = ROTL64 (27, X);
+ X = A[24] ^ D[4]; A[ 4] = ROTL64 (14, X);
+ X = A[21] ^ D[1]; A[24] = ROTL64 ( 2, X);
+ X = A[ 8] ^ D[3]; A[21] = ROTL64 (55, X); /* row 4 done */
+ X = A[16] ^ D[1]; A[ 8] = ROTL64 (45, X);
+ X = A[ 5] ^ D[0]; A[16] = ROTL64 (36, X);
+ X = A[ 3] ^ D[3]; A[ 5] = ROTL64 (28, X);
+ X = A[18] ^ D[3]; A[ 3] = ROTL64 (21, X); /* row 0 done */
+ X = A[17] ^ D[2]; A[18] = ROTL64 (15, X);
+ X = A[11] ^ D[1]; A[17] = ROTL64 (10, X); /* row 3 done */
+ X = A[ 7] ^ D[2]; A[11] = ROTL64 ( 6, X); /* row 1 done */
+ X = A[10] ^ D[0]; A[ 7] = ROTL64 ( 3, X);
+ A[10] = T; /* row 2 done */
+
+ D[0] = ~A[1] & A[2];
+ D[1] = ~A[2] & A[3];
+ D[2] = ~A[3] & A[4];
+ D[3] = ~A[4] & A[0];
+ D[4] = ~A[0] & A[1];
+
+ A[0] ^= D[0] ^ rc[i]; C[0] = A[0];
+ A[1] ^= D[1]; C[1] = A[1];
+ A[2] ^= D[2]; C[2] = A[2];
+ A[3] ^= D[3]; C[3] = A[3];
+ A[4] ^= D[4]; C[4] = A[4];
+
+ for (y = 5; y < 25; y+= 5)
+ {
+ D[0] = ~A[y+1] & A[y+2];
+ D[1] = ~A[y+2] & A[y+3];
+ D[2] = ~A[y+3] & A[y+4];
+ D[3] = ~A[y+4] & A[y+0];
+ D[4] = ~A[y+0] & A[y+1];
+
+ A[y+0] ^= D[0]; C[0] ^= A[y+0];
+ A[y+1] ^= D[1]; C[1] ^= A[y+1];
+ A[y+2] ^= D[2]; C[2] ^= A[y+2];
+ A[y+3] ^= D[3]; C[3] ^= A[y+3];
+ A[y+4] ^= D[4]; C[4] ^= A[y+4];
+ }
+ }
+#undef A
+}
--- /dev/null
+/* sha3.c
+ *
+ * The sha3 hash function.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+#include <string.h>
+
+#include "sha3.h"
+
+#include "macros.h"
+#include "memxor.h"
+
+static void
+sha3_absorb (struct sha3_state *state, unsigned length, const uint8_t *data)
+{
+ assert ( (length & 7) == 0);
+#if WORDS_BIGENDIAN
+ {
+ uint64_t *p;
+ for (p = state->a; length > 0; p++, length -= 8, data += 8)
+ *p ^= LE_READ_UINT64 (data);
+ }
+#else /* !WORDS_BIGENDIAN */
+ memxor ((uint8_t *) state->a, data, length);
+#endif
+
+ sha3_permute (state);
+}
+
+unsigned
+_sha3_update (struct sha3_state *state,
+ unsigned block_size, uint8_t *block,
+ unsigned pos,
+ unsigned length, const uint8_t *data)
+{
+ if (pos > 0)
+ {
+ unsigned left = block_size - pos;
+ if (length < left)
+ {
+ memcpy (block + pos, data, length);
+ return pos + length;
+ }
+ else
+ {
+ memcpy (block + pos, data, left);
+ data += left;
+ length -= left;
+ sha3_absorb (state, block_size, block);
+ }
+ }
+ for (; length >= block_size; length -= block_size, data += block_size)
+ sha3_absorb (state, block_size, data);
+
+ memcpy (block, data, length);
+ return length;
+}
+
+void
+_sha3_pad (struct sha3_state *state,
+ unsigned block_size, uint8_t *block, unsigned pos)
+{
+ assert (pos < block_size);
+ block[pos++] = 1;
+
+ memset (block + pos, 0, block_size - pos);
+ block[block_size - 1] |= 0x80;
+
+ sha3_absorb (state, block_size, block);
+}
--- /dev/null
+/* sha3.h
+ *
+ * The sha3 hash function (aka Keccak).
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2012 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#ifndef NETTLE_SHA3_H_INCLUDED
+#define NETTLE_SHA3_H_INCLUDED
+
+#include "nettle-types.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define sha3_permute nettle_sha3_permute
+#define _sha3_update _nettle_sha3_update
+#define _sha3_pad _nettle_sha3_pad
+#define sha3_224_init nettle_sha3_224_init
+#define sha3_224_update nettle_sha3_224_update
+#define sha3_224_digest nettle_sha3_224_digest
+#define sha3_256_init nettle_sha3_256_init
+#define sha3_256_update nettle_sha3_256_update
+#define sha3_256_digest nettle_sha3_256_digest
+#define sha3_384_init nettle_sha3_384_init
+#define sha3_384_update nettle_sha3_384_update
+#define sha3_384_digest nettle_sha3_384_digest
+#define sha3_512_init nettle_sha3_512_init
+#define sha3_512_update nettle_sha3_512_update
+#define sha3_512_digest nettle_sha3_512_digest
+
+/* The sha3 state is a 5x5 matrix of 64-bit words. In the notation of
+ Keccak description, S[x,y] is element x + 5*y, so if x is
+ interpreted as the row index and y the column index, it is stored
+ in column-major order. */
+#define SHA3_STATE_LENGTH 25
+
+/* The "width" is 1600 bits or 200 octets */
+struct sha3_state
+{
+ uint64_t a[SHA3_STATE_LENGTH];
+};
+
+void
+sha3_permute (struct sha3_state *state);
+
+unsigned
+_sha3_update (struct sha3_state *state,
+ unsigned block_size, uint8_t *block,
+ unsigned pos,
+ unsigned length, const uint8_t *data);
+void
+_sha3_pad (struct sha3_state *state,
+ unsigned block_size, uint8_t *block, unsigned pos);
+
+/* The "capacity" is set to 2*(digest size), 512 bits or 64 octets.
+ The "rate" is the width - capacity, or width - 2 * (digest
+ size). */
+
+#define SHA3_224_DIGEST_SIZE 28
+#define SHA3_224_DATA_SIZE 144
+
+#define SHA3_256_DIGEST_SIZE 32
+#define SHA3_256_DATA_SIZE 136
+
+#define SHA3_384_DIGEST_SIZE 48
+#define SHA3_384_DATA_SIZE 104
+
+#define SHA3_512_DIGEST_SIZE 64
+#define SHA3_512_DATA_SIZE 72
+
+
+struct sha3_224_ctx
+{
+ struct sha3_state state;
+ unsigned index;
+ uint8_t block[SHA3_224_DATA_SIZE];
+};
+
+void
+sha3_224_init (struct sha3_224_ctx *ctx);
+
+void
+sha3_224_update (struct sha3_224_ctx *ctx,
+ unsigned length,
+ const uint8_t *data);
+
+void
+sha3_224_digest(struct sha3_224_ctx *ctx,
+ unsigned length,
+ uint8_t *digest);
+
+struct sha3_256_ctx
+{
+ struct sha3_state state;
+ unsigned index;
+ uint8_t block[SHA3_256_DATA_SIZE];
+};
+
+void
+sha3_256_init (struct sha3_256_ctx *ctx);
+
+void
+sha3_256_update (struct sha3_256_ctx *ctx,
+ unsigned length,
+ const uint8_t *data);
+
+void
+sha3_256_digest(struct sha3_256_ctx *ctx,
+ unsigned length,
+ uint8_t *digest);
+
+struct sha3_384_ctx
+{
+ struct sha3_state state;
+ unsigned index;
+ uint8_t block[SHA3_384_DATA_SIZE];
+};
+
+void
+sha3_384_init (struct sha3_384_ctx *ctx);
+
+void
+sha3_384_update (struct sha3_384_ctx *ctx,
+ unsigned length,
+ const uint8_t *data);
+
+void
+sha3_384_digest(struct sha3_384_ctx *ctx,
+ unsigned length,
+ uint8_t *digest);
+
+struct sha3_512_ctx
+{
+ struct sha3_state state;
+ unsigned index;
+ uint8_t block[SHA3_512_DATA_SIZE];
+};
+
+void
+sha3_512_init (struct sha3_512_ctx *ctx);
+
+void
+sha3_512_update (struct sha3_512_ctx *ctx,
+ unsigned length,
+ const uint8_t *data);
+
+void
+sha3_512_digest(struct sha3_512_ctx *ctx,
+ unsigned length,
+ uint8_t *digest);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* NETTLE_SHA3_H_INCLUDED */
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002, 2010 Niels Möller
+ * Copyright (C) 2002, 2010 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
#include "nettle-meta.h"
-#include "sha.h"
+#include "sha2.h"
const struct nettle_hash nettle_sha384
= _NETTLE_HASH(sha384, SHA384);
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001, 2010 Niels Möller
+ * Copyright (C) 2001, 2010 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
+#ifndef SHA512_DEBUG
+# define SHA512_DEBUG 0
+#endif
+
+#if SHA512_DEBUG
+# include <stdio.h>
+# define DEBUG(i) \
+ fprintf(stderr, "%2d: %8lx %8lx %8lx %8lx\n %8lx %8lx %8lx %8lx\n", \
+ i, A, B, C, D ,E, F, G, H)
+#else
+# define DEBUG(i)
+#endif
+
#include <assert.h>
#include <stdlib.h>
#include <string.h>
-#include "sha.h"
+#include "sha2.h"
#include "macros.h"
/* A block, treated as a sequence of 64-bit words. */
#define SHA512_DATA_LENGTH 16
-#define ROTR(n,x) ((x)>>(n) | ((x)<<(64-(n))))
-#define SHR(n,x) ((x)>>(n))
-
/* The SHA512 functions. The Choice function is the same as the SHA1
function f1, and the majority function is the same as the SHA1 f3
function, and the same as for SHA256. */
#define Choice(x,y,z) ( (z) ^ ( (x) & ( (y) ^ (z) ) ) )
#define Majority(x,y,z) ( ((x) & (y)) ^ ((z) & ((x) ^ (y))) )
-#define S0(x) (ROTR(28,(x)) ^ ROTR(34,(x)) ^ ROTR(39,(x)))
-#define S1(x) (ROTR(14,(x)) ^ ROTR(18,(x)) ^ ROTR(41,(x)))
+#define S0(x) (ROTL64(36,(x)) ^ ROTL64(30,(x)) ^ ROTL64(25,(x)))
+#define S1(x) (ROTL64(50,(x)) ^ ROTL64(46,(x)) ^ ROTL64(23,(x)))
-#define s0(x) (ROTR(1,(x)) ^ ROTR(8,(x)) ^ SHR(7,(x)))
-#define s1(x) (ROTR(19,(x)) ^ ROTR(61,(x)) ^ SHR(6,(x)))
+#define s0(x) (ROTL64(63,(x)) ^ ROTL64(56,(x)) ^ ((x) >> 7))
+#define s1(x) (ROTL64(45,(x)) ^ ROTL64(3,(x)) ^ ((x) >> 6))
/* The initial expanding function. The hash function is defined over
an 64-word expanded input array W, where the first 16 are copies of
/* It's crucial that DATA is only used once, as that argument will
* have side effects. */
-#define ROUND(a,b,c,d,e,f,g,h,k,data) do { \
- uint64_t T = h + S1(e) + Choice(e,f,g) + k + data; \
- d += T; \
- h = T + S0(a) + Majority(a,b,c); \
+#define ROUND(a,b,c,d,e,f,g,h,k,data) do { \
+ h += S1(e) + Choice(e,f,g) + k + data; \
+ d += h; \
+ h += S0(a) + Majority(a,b,c); \
} while (0)
void
/* Heavy mangling */
/* First 16 subrounds that act on the original data */
+ DEBUG(-1);
for (i = 0, d = data; i<16; i+=8, k += 8, d+= 8)
{
- ROUND(A, B, C, D, E, F, G, H, k[0], d[0]);
- ROUND(H, A, B, C, D, E, F, G, k[1], d[1]);
+ ROUND(A, B, C, D, E, F, G, H, k[0], d[0]); DEBUG(i);
+ ROUND(H, A, B, C, D, E, F, G, k[1], d[1]); DEBUG(i+1);
ROUND(G, H, A, B, C, D, E, F, k[2], d[2]);
ROUND(F, G, H, A, B, C, D, E, k[3], d[3]);
ROUND(E, F, G, H, A, B, C, D, k[4], d[4]);
ROUND(D, E, F, G, H, A, B, C, k[5], d[5]);
- ROUND(C, D, E, F, G, H, A, B, k[6], d[6]);
- ROUND(B, C, D, E, F, G, H, A, k[7], d[7]);
+ ROUND(C, D, E, F, G, H, A, B, k[6], d[6]); DEBUG(i+6);
+ ROUND(B, C, D, E, F, G, H, A, k[7], d[7]); DEBUG(i+7);
}
for (; i<80; i += 16, k+= 16)
{
- ROUND(A, B, C, D, E, F, G, H, k[ 0], EXPAND(data, 0));
- ROUND(H, A, B, C, D, E, F, G, k[ 1], EXPAND(data, 1));
- ROUND(G, H, A, B, C, D, E, F, k[ 2], EXPAND(data, 2));
+ ROUND(A, B, C, D, E, F, G, H, k[ 0], EXPAND(data, 0)); DEBUG(i);
+ ROUND(H, A, B, C, D, E, F, G, k[ 1], EXPAND(data, 1)); DEBUG(i+1);
+ ROUND(G, H, A, B, C, D, E, F, k[ 2], EXPAND(data, 2)); DEBUG(i+2);
ROUND(F, G, H, A, B, C, D, E, k[ 3], EXPAND(data, 3));
ROUND(E, F, G, H, A, B, C, D, k[ 4], EXPAND(data, 4));
ROUND(D, E, F, G, H, A, B, C, k[ 5], EXPAND(data, 5));
ROUND(F, G, H, A, B, C, D, E, k[11], EXPAND(data, 11));
ROUND(E, F, G, H, A, B, C, D, k[12], EXPAND(data, 12));
ROUND(D, E, F, G, H, A, B, C, k[13], EXPAND(data, 13));
- ROUND(C, D, E, F, G, H, A, B, k[14], EXPAND(data, 14));
- ROUND(B, C, D, E, F, G, H, A, k[15], EXPAND(data, 15));
+ ROUND(C, D, E, F, G, H, A, B, k[14], EXPAND(data, 14)); DEBUG(i+14);
+ ROUND(B, C, D, E, F, G, H, A, k[15], EXPAND(data, 15)); DEBUG(i+15);
}
/* Update state */
state[5] += F;
state[6] += G;
state[7] += H;
+#if SHA512_DEBUG
+ fprintf(stderr, "99: %8lx %8lx %8lx %8lx\n %8lx %8lx %8lx %8lx\n",
+ state[0], state[1], state[2], state[3],
+ state[4], state[5], state[6], state[7]);
+#endif
}
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002, 2010 Niels Möller
+ * Copyright (C) 2002, 2010 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
#include "nettle-meta.h"
-#include "sha.h"
+#include "sha2.h"
const struct nettle_hash nettle_sha512
= _NETTLE_HASH(sha512, SHA512);
/* sha512.c
*
- * The sha512 hash function FIXME: Add the SHA384 variant.
+ * The sha512 hash function.
*
- * See http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
+ * See http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
*/
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001, 2010 Niels Möller
+ * Copyright (C) 2001, 2010 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
/* Modelled after the sha1.c code by Peter Gutmann. */
#include <stdlib.h>
#include <string.h>
-#include "sha.h"
+#include "sha2.h"
#include "macros.h"
0x5FCB6FAB3AD6FAECULL,0x6C44198C4A475817ULL,
};
+#define COMPRESS(ctx, data) (_nettle_sha512_compress((ctx)->state, (data), K))
+
void
sha512_init(struct sha512_ctx *ctx)
{
ctx->index = 0;
}
-#define SHA512_INCR(ctx) ((ctx)->count_high += !++(ctx)->count_low)
-
void
sha512_update(struct sha512_ctx *ctx,
- unsigned length, const uint8_t *buffer)
+ unsigned length, const uint8_t *data)
{
- if (ctx->index)
- { /* Try to fill partial block */
- unsigned left = SHA512_DATA_SIZE - ctx->index;
- if (length < left)
- {
- memcpy(ctx->block + ctx->index, buffer, length);
- ctx->index += length;
- return; /* Finished */
- }
- else
- {
- memcpy(ctx->block + ctx->index, buffer, left);
-
- _nettle_sha512_compress(ctx->state, ctx->block, K);
- SHA512_INCR(ctx);
-
- buffer += left;
- length -= left;
- }
- }
- while (length >= SHA512_DATA_SIZE)
- {
- _nettle_sha512_compress(ctx->state, buffer, K);
- SHA512_INCR(ctx);
-
- buffer += SHA512_DATA_SIZE;
- length -= SHA512_DATA_SIZE;
- }
-
- /* Buffer leftovers */
- memcpy(ctx->block, buffer, length);
- ctx->index = length;
+ MD_UPDATE (ctx, length, data, COMPRESS, MD_INCR(ctx));
}
-/* Final wrapup - pad to SHA1_DATA_SIZE-byte boundary with the bit pattern
- 1 0* (64-bit count of bits processed, MSB-first) */
-
static void
-sha512_final(struct sha512_ctx *ctx)
+sha512_write_digest(struct sha512_ctx *ctx,
+ unsigned length,
+ uint8_t *digest)
{
- uint64_t bitcount_high;
- uint64_t bitcount_low;
- int i;
-
- i = ctx->index;
-
- /* Set the first char of padding to 0x80. This is safe since there is
- always at least one byte free */
-
- assert(i < SHA512_DATA_SIZE);
- ctx->block[i++] = 0x80;
+ uint64_t high, low;
- if (i > (SHA512_DATA_SIZE-16))
- { /* No room for length in this block. Process it and
- * pad with another one */
- memset(ctx->block + i, 0, SHA512_DATA_SIZE - i);
- _nettle_sha512_compress(ctx->state, ctx->block, K);
+ unsigned i;
+ unsigned words;
+ unsigned leftover;
- i = 0;
- }
+ assert(length <= SHA512_DIGEST_SIZE);
- if (i < (SHA512_DATA_SIZE - 16))
- memset(ctx->block + i, 0, (SHA512_DATA_SIZE - 16) - i);
+ MD_PAD(ctx, 16, COMPRESS);
- /* There are 1024 = 2^10 bits in one block */
- bitcount_high = (ctx->count_high << 10) | (ctx->count_low >> 54);
- bitcount_low = (ctx->count_low << 10) | (ctx->index << 3);
+ /* There are 1024 = 2^10 bits in one block */
+ high = (ctx->count_high << 10) | (ctx->count_low >> 54);
+ low = (ctx->count_low << 10) | (ctx->index << 3);
/* This is slightly inefficient, as the numbers are converted to
big-endian format, and will be converted back by the compression
function. It's probably not worth the effort to fix this. */
- WRITE_UINT64(ctx->block + (SHA512_DATA_SIZE - 16), bitcount_high);
- WRITE_UINT64(ctx->block + (SHA512_DATA_SIZE - 8), bitcount_low);
-
- _nettle_sha512_compress(ctx->state, ctx->block, K);
-}
+ WRITE_UINT64(ctx->block + (SHA512_DATA_SIZE - 16), high);
+ WRITE_UINT64(ctx->block + (SHA512_DATA_SIZE - 8), low);
+ COMPRESS(ctx, ctx->block);
-static void
-sha512_write_digest(struct sha512_ctx *ctx,
- unsigned length,
- uint8_t *digest)
-{
- unsigned i;
- unsigned words;
- unsigned leftover;
-
- sha512_final(ctx);
-
words = length / 8;
leftover = length % 8;
-#if HAVE_CONFIG_H
-# include "config.h"
-#endif
-
#include <math.h>
#include <stdio.h>
283, 293, 307, 311
};
-int main(int argc UNUSED, char **argv UNUSED)
+int main(int argc, char **argv)
{
int i;
static const double third = 1.0/3;
C -*- mode: asm; asm-comment-char: ?C; -*-
C nettle, low-level cryptographics library
C
-C Copyright (C) 2002, 2005 Niels Möller
+C Copyright (C) 2002, 2005 Niels Möller
C
C The nettle library is free software; you can redistribute it and/or modify
C it under the terms of the GNU Lesser General Public License as published by
C
C You should have received a copy of the GNU Lesser General Public License
C along with the nettle library; see the file COPYING.LIB. If not, write to
-C the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
-C MA 02111-1307, USA.
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
include_src(<sparc32/aes.m4>)
C -*- mode: asm; asm-comment-char: ?C; -*-
C nettle, low-level cryptographics library
C
-C Copyright (C) 2002, 2005 Niels Möller
+C Copyright (C) 2002, 2005 Niels Möller
C
C The nettle library is free software; you can redistribute it and/or modify
C it under the terms of the GNU Lesser General Public License as published by
C
C You should have received a copy of the GNU Lesser General Public License
C along with the nettle library; see the file COPYING.LIB. If not, write to
-C the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
-C MA 02111-1307, USA.
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
include_src(<sparc32/aes.m4>)
C -*- mode: asm; asm-comment-char: ?C; -*-
C nettle, low-level cryptographics library
C
-C Copyright (C) 2002, 2005 Niels Möller
+C Copyright (C) 2002, 2005 Niels Möller
C
C The nettle library is free software; you can redistribute it and/or modify
C it under the terms of the GNU Lesser General Public License as published by
C
C You should have received a copy of the GNU Lesser General Public License
C along with the nettle library; see the file COPYING.LIB. If not, write to
-C the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
-C MA 02111-1307, USA.
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
C Define to YES, to enable the complex code to special case SRC
C and DST with compatible alignment.
C -*- mode: asm; asm-comment-char: ?C; -*-
C nettle, low-level cryptographics library
C
-C Copyright (C) 2002, 2005 Niels Möller
+C Copyright (C) 2002, 2005 Niels Möller
C
C The nettle library is free software; you can redistribute it and/or modify
C it under the terms of the GNU Lesser General Public License as published by
C
C You should have received a copy of the GNU Lesser General Public License
C along with the nettle library; see the file COPYING.LIB. If not, write to
-C the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
-C MA 02111-1307, USA.
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
C The only difference between this code and the sparc32 code is the
C frame offsets, and the magic BIAS when accessing the stack (which
C -*- mode: asm; asm-comment-char: ?C; -*-
C nettle, low-level cryptographics library
C
-C Copyright (C) 2002, 2005 Niels Möller
+C Copyright (C) 2002, 2005 Niels Möller
C
C The nettle library is free software; you can redistribute it and/or modify
C it under the terms of the GNU Lesser General Public License as published by
C
C You should have received a copy of the GNU Lesser General Public License
C along with the nettle library; see the file COPYING.LIB. If not, write to
-C the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
-C MA 02111-1307, USA.
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
C The only difference between this code and the sparc32 code is the
C frame offsets, and the magic BIAS when accessing the stack (which
C -*- mode: asm; asm-comment-char: ?C; -*-
C nettle, low-level cryptographics library
C
-C Copyright (C) 2002, 2005 Niels Möller
+C Copyright (C) 2002, 2005 Niels Möller
C
C The nettle library is free software; you can redistribute it and/or modify
C it under the terms of the GNU Lesser General Public License as published by
C
C You should have received a copy of the GNU Lesser General Public License
C along with the nettle library; see the file COPYING.LIB. If not, write to
-C the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
-C MA 02111-1307, USA.
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
C Define to YES, to enable the complex code to special case SRC
C and DST with compatible alignment.
md5-compat-test$(EXEEXT): md5-compat-test.$(OBJEXT)
$(LINK) md5-compat-test.$(OBJEXT) $(TEST_OBJS) -o md5-compat-test$(EXEEXT)
+memxor-test$(EXEEXT): memxor-test.$(OBJEXT)
+ $(LINK) memxor-test.$(OBJEXT) $(TEST_OBJS) -o memxor-test$(EXEEXT)
+
+gosthash94-test$(EXEEXT): gosthash94-test.$(OBJEXT)
+ $(LINK) gosthash94-test.$(OBJEXT) $(TEST_OBJS) -o gosthash94-test$(EXEEXT)
+
+ripemd160-test$(EXEEXT): ripemd160-test.$(OBJEXT)
+ $(LINK) ripemd160-test.$(OBJEXT) $(TEST_OBJS) -o ripemd160-test$(EXEEXT)
+
+salsa20-test$(EXEEXT): salsa20-test.$(OBJEXT)
+ $(LINK) salsa20-test.$(OBJEXT) $(TEST_OBJS) -o salsa20-test$(EXEEXT)
+
sha1-test$(EXEEXT): sha1-test.$(OBJEXT)
$(LINK) sha1-test.$(OBJEXT) $(TEST_OBJS) -o sha1-test$(EXEEXT)
sha512-test$(EXEEXT): sha512-test.$(OBJEXT)
$(LINK) sha512-test.$(OBJEXT) $(TEST_OBJS) -o sha512-test$(EXEEXT)
+sha3-permute-test$(EXEEXT): sha3-permute-test.$(OBJEXT)
+ $(LINK) sha3-permute-test.$(OBJEXT) $(TEST_OBJS) -o sha3-permute-test$(EXEEXT)
+
+sha3-224-test$(EXEEXT): sha3-224-test.$(OBJEXT)
+ $(LINK) sha3-224-test.$(OBJEXT) $(TEST_OBJS) -o sha3-224-test$(EXEEXT)
+
+sha3-256-test$(EXEEXT): sha3-256-test.$(OBJEXT)
+ $(LINK) sha3-256-test.$(OBJEXT) $(TEST_OBJS) -o sha3-256-test$(EXEEXT)
+
+sha3-384-test$(EXEEXT): sha3-384-test.$(OBJEXT)
+ $(LINK) sha3-384-test.$(OBJEXT) $(TEST_OBJS) -o sha3-384-test$(EXEEXT)
+
+sha3-512-test$(EXEEXT): sha3-512-test.$(OBJEXT)
+ $(LINK) sha3-512-test.$(OBJEXT) $(TEST_OBJS) -o sha3-512-test$(EXEEXT)
+
serpent-test$(EXEEXT): serpent-test.$(OBJEXT)
$(LINK) serpent-test.$(OBJEXT) $(TEST_OBJS) -o serpent-test$(EXEEXT)
ctr-test$(EXEEXT): ctr-test.$(OBJEXT)
$(LINK) ctr-test.$(OBJEXT) $(TEST_OBJS) -o ctr-test$(EXEEXT)
+gcm-test$(EXEEXT): gcm-test.$(OBJEXT)
+ $(LINK) gcm-test.$(OBJEXT) $(TEST_OBJS) -o gcm-test$(EXEEXT)
+
hmac-test$(EXEEXT): hmac-test.$(OBJEXT)
$(LINK) hmac-test.$(OBJEXT) $(TEST_OBJS) -o hmac-test$(EXEEXT)
+umac-test$(EXEEXT): umac-test.$(OBJEXT)
+ $(LINK) umac-test.$(OBJEXT) $(TEST_OBJS) -o umac-test$(EXEEXT)
+
+meta-hash-test$(EXEEXT): meta-hash-test.$(OBJEXT)
+ $(LINK) meta-hash-test.$(OBJEXT) $(TEST_OBJS) -o meta-hash-test$(EXEEXT)
+
+meta-cipher-test$(EXEEXT): meta-cipher-test.$(OBJEXT)
+ $(LINK) meta-cipher-test.$(OBJEXT) $(TEST_OBJS) -o meta-cipher-test$(EXEEXT)
+
+meta-armor-test$(EXEEXT): meta-armor-test.$(OBJEXT)
+ $(LINK) meta-armor-test.$(OBJEXT) $(TEST_OBJS) -o meta-armor-test$(EXEEXT)
+
buffer-test$(EXEEXT): buffer-test.$(OBJEXT)
$(LINK) buffer-test.$(OBJEXT) $(TEST_OBJS) -o buffer-test$(EXEEXT)
yarrow-test$(EXEEXT): yarrow-test.$(OBJEXT)
$(LINK) yarrow-test.$(OBJEXT) $(TEST_OBJS) -o yarrow-test$(EXEEXT)
+pbkdf2-test$(EXEEXT): pbkdf2-test.$(OBJEXT)
+ $(LINK) pbkdf2-test.$(OBJEXT) $(TEST_OBJS) -o pbkdf2-test$(EXEEXT)
+
sexp-test$(EXEEXT): sexp-test.$(OBJEXT)
$(LINK) sexp-test.$(OBJEXT) $(TEST_OBJS) -o sexp-test$(EXEEXT)
dsa-keygen-test$(EXEEXT): dsa-keygen-test.$(OBJEXT)
$(LINK) dsa-keygen-test.$(OBJEXT) $(TEST_OBJS) -o dsa-keygen-test$(EXEEXT)
+ecc-mod-test$(EXEEXT): ecc-mod-test.$(OBJEXT)
+ $(LINK) ecc-mod-test.$(OBJEXT) $(TEST_OBJS) -o ecc-mod-test$(EXEEXT)
+
+ecc-modinv-test$(EXEEXT): ecc-modinv-test.$(OBJEXT)
+ $(LINK) ecc-modinv-test.$(OBJEXT) $(TEST_OBJS) -o ecc-modinv-test$(EXEEXT)
+
+ecc-redc-test$(EXEEXT): ecc-redc-test.$(OBJEXT)
+ $(LINK) ecc-redc-test.$(OBJEXT) $(TEST_OBJS) -o ecc-redc-test$(EXEEXT)
+
+ecc-mul-g-test$(EXEEXT): ecc-mul-g-test.$(OBJEXT)
+ $(LINK) ecc-mul-g-test.$(OBJEXT) $(TEST_OBJS) -o ecc-mul-g-test$(EXEEXT)
+
+ecc-mul-a-test$(EXEEXT): ecc-mul-a-test.$(OBJEXT)
+ $(LINK) ecc-mul-a-test.$(OBJEXT) $(TEST_OBJS) -o ecc-mul-a-test$(EXEEXT)
+
+ecdsa-sign-test$(EXEEXT): ecdsa-sign-test.$(OBJEXT)
+ $(LINK) ecdsa-sign-test.$(OBJEXT) $(TEST_OBJS) -o ecdsa-sign-test$(EXEEXT)
+
+ecdsa-verify-test$(EXEEXT): ecdsa-verify-test.$(OBJEXT)
+ $(LINK) ecdsa-verify-test.$(OBJEXT) $(TEST_OBJS) -o ecdsa-verify-test$(EXEEXT)
+
+ecdsa-keygen-test$(EXEEXT): ecdsa-keygen-test.$(OBJEXT)
+ $(LINK) ecdsa-keygen-test.$(OBJEXT) $(TEST_OBJS) -o ecdsa-keygen-test$(EXEEXT)
+
sha1-huge-test$(EXEEXT): sha1-huge-test.$(OBJEXT)
$(LINK) sha1-huge-test.$(OBJEXT) $(TEST_OBJS) -o sha1-huge-test$(EXEEXT)
camellia-test.c \
des-test.c des3-test.c des-compat-test.c \
md2-test.c md4-test.c md5-test.c md5-compat-test.c \
+ memxor-test.c gosthash94-test.c \
+ ripemd160-test.c \
+ salsa20-test.c \
sha1-test.c sha224-test.c sha256-test.c \
sha384-test.c sha512-test.c \
+ sha3-permute-test.c sha3-224-test.c sha3-256-test.c \
+ sha3-384-test.c sha3-512-test.c \
serpent-test.c twofish-test.c \
knuth-lfib-test.c \
- cbc-test.c ctr-test.c hmac-test.c \
- buffer-test.c yarrow-test.c
+ cbc-test.c ctr-test.c gcm-test.c hmac-test.c umac-test.c \
+ meta-hash-test.c meta-cipher-test.c meta-armor-test.c \
+ buffer-test.c yarrow-test.c pbkdf2-test.c
TS_HOGWEED_SOURCES = sexp-test.c sexp-format-test.c \
rsa2sexp-test.c sexp2rsa-test.c \
bignum-test.c random-prime-test.c \
pkcs1-test.c \
rsa-test.c rsa-encrypt-test.c rsa-keygen-test.c \
- dsa-test.c dsa-keygen-test.c
+ dsa-test.c dsa-keygen-test.c \
+ ecc-mod-test.c ecc-modinv-test.c ecc-redc-test.c \
+ ecc-mul-g-test.c ecc-mul-a-test.c \
+ ecdsa-sign-test.c ecdsa-verify-test.c ecdsa-keygen-test.c
-TS_SOURCES = $(TS_NETTLE_SOURCES) @IF_HOGWEED@ $(TS_HOGWEED_SOURCES)
+TS_SOURCES = $(TS_NETTLE_SOURCES) $(TS_HOGWEED_SOURCES)
+CXX_SOURCES = cxx-test.cxx
TS_NETTLE = $(TS_NETTLE_SOURCES:.c=$(EXEEXT))
TS_HOGWEED = $(TS_HOGWEED_SOURCES:.c=$(EXEEXT))
TS_C = $(TS_NETTLE) @IF_HOGWEED@ $(TS_HOGWEED)
-TS_CXX = @CXX_TESTS@
+TS_CXX = @IF_CXX@ $(CXX_SOURCES:.cxx=$(EXEEXT))
TARGETS = $(TS_C) $(TS_CXX)
TS_SH = sexp-conv-test pkcs1-conv-test symbols-test
TS_ALL = $(TARGETS) $(TS_SH)
EXTRA_SOURCES = sha1-huge-test.c
EXTRA_TARGETS = $(EXTRA_SOURCES:.c=$(EXEEXT))
-SOURCES = $(TS_SOURCES) testutils.c
+# Includes all C source files, regardless of configuration
+SOURCES = $(TS_SOURCES) $(EXTRA_SOURCES) testutils.c
-DISTFILES = $(SOURCES) $(EXTRA_SOURCES) cxx-test.cxx Makefile.in .test-rules.make \
- $(TS_SH) run-tests teardown-env \
- gold-bug.txt testutils.h
+DISTFILES = $(SOURCES) $(CXX_SOURCES) Makefile.in .test-rules.make \
+ $(TS_SH) setup-env teardown-env \
+ gold-bug.txt testutils.h sha3.awk
all: $(TARGETS) $(EXTRA_TARGETS)
# explicit rule for each and every executable.
LIB_HOGWEED = @IF_HOGWEED@ -lhogweed
-TEST_OBJS = testutils.$(OBJEXT) $(LIB_HOGWEED) -lnettle $(LIBS)
+TEST_OBJS = testutils.$(OBJEXT) ../nettle-internal.$(OBJEXT) \
+ $(LIB_HOGWEED) -lnettle $(LIBS)
+
+../nettle-internal.$(OBJEXT):
+ ( cd .. && $(MAKE) nettle-internal.$(OBJEXT) )
.PHONY: test-rules
test-rules:
include $(srcdir)/.test-rules.make
-$(TARGETS) $(EXTRA_TARGETS): testutils.$(OBJEXT) \
+$(TARGETS) $(EXTRA_TARGETS): testutils.$(OBJEXT) ../nettle-internal.$(OBJEXT) \
../libnettle.a @IF_HOGWEED@ ../libhogweed.a
-check: $(TS_ALL) $(srcdir)/run-tests
- LD_LIBRARY_PATH=../.lib srcdir="$(srcdir)" \
- $(srcdir)/run-tests $(TS_ALL)
+# For use as, e.g.,
+#
+# make check EMULATOR='$(VALGRIND)'
+# make check EMULATOR='$(VALGRIND) --log-fd=3' 3>valgrind.log
+
+VALGRIND = valgrind --error-exitcode=1 --leak-check=full --show-reachable=yes
+
+# The PATH update is for locating dlls on w*ndows.
+check: $(TS_ALL)
+ LD_LIBRARY_PATH=../.lib PATH="../.lib:$$PATH" srcdir="$(srcdir)" \
+ EMULATOR="$(EMULATOR)" NM="$(NM)" EXEEXT="$(EXEEXT)" \
+ $(top_srcdir)/run-tests $(TS_ALL)
Makefile: $(srcdir)/Makefile.in ../config.status
tags:
etags -o $(srcdir)/TAGS --include $(top_srcdir) $(srcdir)/*.c $(srcdir)/*.h
-@DEP_INCLUDE@ $(SOURCES:.c=.$(OBJEXT).d)
+# Includes dependency files for everything, including objects which
+# the current configuration will not build.
+DEP_FILES = $(SOURCES:.c=.$(OBJEXT).d) $(CXX_SOURCES:.cxx=.$(OBJEXT).d)
+@DEP_INCLUDE@ $(DEP_FILES)
#include "aes.h"
static void
-test_invert(unsigned key_length, const uint8_t *key,
- unsigned length, const uint8_t *cleartext,
- const uint8_t *ciphertext)
+test_invert(const struct tstring *key,
+ const struct tstring *cleartext,
+ const struct tstring *ciphertext)
{
struct aes_ctx encrypt;
struct aes_ctx decrypt;
- uint8_t *data = xalloc(length);
+ uint8_t *data = xalloc(cleartext->length);
+ unsigned length;
+ ASSERT (cleartext->length == ciphertext->length);
+ length = cleartext->length;
- aes_set_encrypt_key (&encrypt, key_length, key);
- aes_encrypt (&encrypt, length, data, cleartext);
+ aes_set_encrypt_key (&encrypt, key->length, key->data);
+ aes_encrypt (&encrypt, length, data, cleartext->data);
- if (!MEMEQ(length, data, ciphertext))
+ if (!MEMEQ(length, data, ciphertext->data))
{
fprintf(stderr, "test_invert: Encrypt failed:\nInput:");
- print_hex(length, cleartext);
+ tstring_print_hex(cleartext);
fprintf(stderr, "\nOutput: ");
print_hex(length, data);
fprintf(stderr, "\nExpected:");
- print_hex(length, ciphertext);
+ tstring_print_hex(ciphertext);
fprintf(stderr, "\n");
FAIL();
}
aes_invert_key (&decrypt, &encrypt);
aes_decrypt (&decrypt, length, data, data);
- if (!MEMEQ(length, data, cleartext))
+ if (!MEMEQ(length, data, cleartext->data))
{
fprintf(stderr, "test_invert: Decrypt failed:\nInput:");
- print_hex(length, ciphertext);
+ tstring_print_hex(ciphertext);
fprintf(stderr, "\nOutput: ");
print_hex(length, data);
fprintf(stderr, "\nExpected:");
- print_hex(length, cleartext);
+ tstring_print_hex(cleartext);
fprintf(stderr, "\n");
FAIL();
}
free (data);
}
-int
+void
test_main(void)
{
/* 128 bit keys */
test_cipher(&nettle_aes128,
- HL("0001020305060708 0A0B0C0D0F101112"),
- HL("506812A45F08C889 B97F5980038B8359"),
- H("D8F532538289EF7D 06B506A4FD5BE9C9"));
+ SHEX("0001020305060708 0A0B0C0D0F101112"),
+ SHEX("506812A45F08C889 B97F5980038B8359"),
+ SHEX("D8F532538289EF7D 06B506A4FD5BE9C9"));
test_cipher(&nettle_aes128,
- HL("14151617191A1B1C 1E1F202123242526"),
- HL("5C6D71CA30DE8B8B 00549984D2EC7D4B"),
- H("59AB30F4D4EE6E4F F9907EF65B1FB68C"));
+ SHEX("14151617191A1B1C 1E1F202123242526"),
+ SHEX("5C6D71CA30DE8B8B 00549984D2EC7D4B"),
+ SHEX("59AB30F4D4EE6E4F F9907EF65B1FB68C"));
test_cipher(&nettle_aes128,
- HL("28292A2B2D2E2F30 323334353738393A"),
- HL("53F3F4C64F8616E4 E7C56199F48F21F6"),
- H("BF1ED2FCB2AF3FD4 1443B56D85025CB1"));
+ SHEX("28292A2B2D2E2F30 323334353738393A"),
+ SHEX("53F3F4C64F8616E4 E7C56199F48F21F6"),
+ SHEX("BF1ED2FCB2AF3FD4 1443B56D85025CB1"));
test_cipher(&nettle_aes128,
- HL("A0A1A2A3A5A6A7A8 AAABACADAFB0B1B2"),
- HL("F5F4F7F684878689 A6A7A0A1D2CDCCCF"),
- H("CE52AF650D088CA5 59425223F4D32694"));
+ SHEX("A0A1A2A3A5A6A7A8 AAABACADAFB0B1B2"),
+ SHEX("F5F4F7F684878689 A6A7A0A1D2CDCCCF"),
+ SHEX("CE52AF650D088CA5 59425223F4D32694"));
/* 192 bit keys */
test_cipher(&nettle_aes192,
- HL("0001020305060708 0A0B0C0D0F101112"
- "14151617191A1B1C"),
- HL("2D33EEF2C0430A8A 9EBF45E809C40BB6"),
- H("DFF4945E0336DF4C 1C56BC700EFF837F"));
+ SHEX("0001020305060708 0A0B0C0D0F101112"
+ "14151617191A1B1C"),
+ SHEX("2D33EEF2C0430A8A 9EBF45E809C40BB6"),
+ SHEX("DFF4945E0336DF4C 1C56BC700EFF837F"));
/* 256 bit keys */
test_cipher(&nettle_aes256,
- HL("0001020305060708 0A0B0C0D0F101112"
- "14151617191A1B1C 1E1F202123242526"),
- HL("834EADFCCAC7E1B30664B1ABA44815AB"),
- H("1946DABF6A03A2A2 C3D0B05080AED6FC"));
+ SHEX("0001020305060708 0A0B0C0D0F101112"
+ "14151617191A1B1C 1E1F202123242526"),
+ SHEX("834EADFCCAC7E1B30664B1ABA44815AB"),
+ SHEX("1946DABF6A03A2A2 C3D0B05080AED6FC"));
/* This test case has been problematic with the CBC test case */
test_cipher(&nettle_aes256,
- HL("8d ae 93 ff fc 78 c9 44"
- "2a bd 0c 1e 68 bc a6 c7"
- "05 c7 84 e3 5a a9 11 8b"
- "d3 16 aa 54 9b 44 08 9e"),
- HL("a5 ce 55 d4 21 15 a1 c6 4a a4 0c b2 ca a6 d1 37"),
+ SHEX("8d ae 93 ff fc 78 c9 44"
+ "2a bd 0c 1e 68 bc a6 c7"
+ "05 c7 84 e3 5a a9 11 8b"
+ "d3 16 aa 54 9b 44 08 9e"),
+ SHEX("a5 ce 55 d4 21 15 a1 c6 4a a4 0c b2 ca a6 d1 37"),
/* In the cbc test, I once got the bad value
* "b2 a0 6c d2 2f df 7d 2c 26 d2 42 88 8f 20 74 a2" */
- H("1f 94 fc 85 f2 36 21 06"
- "4a ea e3 c9 cc 38 01 0e"));
+ SHEX("1f 94 fc 85 f2 36 21 06"
+ "4a ea e3 c9 cc 38 01 0e"));
/* From draft NIST spec on AES modes.
*
*/
test_cipher(&nettle_aes128,
- HL("2b7e151628aed2a6abf7158809cf4f3c"),
- HL("6bc1bee22e409f96e93d7e117393172a"
- "ae2d8a571e03ac9c9eb76fac45af8e51"
- "30c81c46a35ce411e5fbc1191a0a52ef"
- "f69f2445df4f9b17ad2b417be66c3710"),
- H("3ad77bb40d7a3660a89ecaf32466ef97"
- "f5d3d58503b9699de785895a96fdbaaf"
- "43b1cd7f598ece23881b00e3ed030688"
- "7b0c785e27e8ad3f8223207104725dd4"));
+ SHEX("2b7e151628aed2a6abf7158809cf4f3c"),
+ SHEX("6bc1bee22e409f96e93d7e117393172a"
+ "ae2d8a571e03ac9c9eb76fac45af8e51"
+ "30c81c46a35ce411e5fbc1191a0a52ef"
+ "f69f2445df4f9b17ad2b417be66c3710"),
+ SHEX("3ad77bb40d7a3660a89ecaf32466ef97"
+ "f5d3d58503b9699de785895a96fdbaaf"
+ "43b1cd7f598ece23881b00e3ed030688"
+ "7b0c785e27e8ad3f8223207104725dd4"));
/* F.1.3 ECB-AES192-Encrypt */
test_cipher(&nettle_aes192,
- HL("8e73b0f7da0e6452c810f32b809079e5 62f8ead2522c6b7b"),
- HL("6bc1bee22e409f96e93d7e117393172a"
- "ae2d8a571e03ac9c9eb76fac45af8e51"
- "30c81c46a35ce411e5fbc1191a0a52ef"
- "f69f2445df4f9b17ad2b417be66c3710"),
- H("bd334f1d6e45f25ff712a214571fa5cc"
- "974104846d0ad3ad7734ecb3ecee4eef"
- "ef7afd2270e2e60adce0ba2face6444e"
- "9a4b41ba738d6c72fb16691603c18e0e"));
+ SHEX("8e73b0f7da0e6452c810f32b809079e5 62f8ead2522c6b7b"),
+ SHEX("6bc1bee22e409f96e93d7e117393172a"
+ "ae2d8a571e03ac9c9eb76fac45af8e51"
+ "30c81c46a35ce411e5fbc1191a0a52ef"
+ "f69f2445df4f9b17ad2b417be66c3710"),
+ SHEX("bd334f1d6e45f25ff712a214571fa5cc"
+ "974104846d0ad3ad7734ecb3ecee4eef"
+ "ef7afd2270e2e60adce0ba2face6444e"
+ "9a4b41ba738d6c72fb16691603c18e0e"));
/* F.1.5 ECB-AES256-Encrypt */
test_cipher(&nettle_aes256,
- HL("603deb1015ca71be2b73aef0857d7781"
- "1f352c073b6108d72d9810a30914dff4"),
- HL("6bc1bee22e409f96e93d7e117393172a"
- "ae2d8a571e03ac9c9eb76fac45af8e51"
- "30c81c46a35ce411e5fbc1191a0a52ef"
- "f69f2445df4f9b17ad2b417be66c3710"),
- H("f3eed1bdb5d2a03c064b5a7e3db181f8"
- "591ccb10d410ed26dc5ba74a31362870"
- "b6ed21b99ca6f4f9f153e7b1beafed1d"
- "23304b7a39f9f3ff067d8d8f9e24ecc7"));
+ SHEX("603deb1015ca71be2b73aef0857d7781"
+ "1f352c073b6108d72d9810a30914dff4"),
+ SHEX("6bc1bee22e409f96e93d7e117393172a"
+ "ae2d8a571e03ac9c9eb76fac45af8e51"
+ "30c81c46a35ce411e5fbc1191a0a52ef"
+ "f69f2445df4f9b17ad2b417be66c3710"),
+ SHEX("f3eed1bdb5d2a03c064b5a7e3db181f8"
+ "591ccb10d410ed26dc5ba74a31362870"
+ "b6ed21b99ca6f4f9f153e7b1beafed1d"
+ "23304b7a39f9f3ff067d8d8f9e24ecc7"));
/* Test aes_invert_key with src != dst */
- test_invert(HL("0001020305060708 0A0B0C0D0F101112"),
- HL("506812A45F08C889 B97F5980038B8359"),
- H("D8F532538289EF7D 06B506A4FD5BE9C9"));
- test_invert(HL("0001020305060708 0A0B0C0D0F101112"
- "14151617191A1B1C"),
- HL("2D33EEF2C0430A8A 9EBF45E809C40BB6"),
- H("DFF4945E0336DF4C 1C56BC700EFF837F"));
- test_invert(HL("0001020305060708 0A0B0C0D0F101112"
- "14151617191A1B1C 1E1F202123242526"),
- HL("834EADFCCAC7E1B30664B1ABA44815AB"),
- H("1946DABF6A03A2A2 C3D0B05080AED6FC"));
-
- SUCCESS();
+ test_invert(SHEX("0001020305060708 0A0B0C0D0F101112"),
+ SHEX("506812A45F08C889 B97F5980038B8359"),
+ SHEX("D8F532538289EF7D 06B506A4FD5BE9C9"));
+ test_invert(SHEX("0001020305060708 0A0B0C0D0F101112"
+ "14151617191A1B1C"),
+ SHEX("2D33EEF2C0430A8A 9EBF45E809C40BB6"),
+ SHEX("DFF4945E0336DF4C 1C56BC700EFF837F"));
+ test_invert(SHEX("0001020305060708 0A0B0C0D0F101112"
+ "14151617191A1B1C 1E1F202123242526"),
+ SHEX("834EADFCCAC7E1B30664B1ABA44815AB"),
+ SHEX("1946DABF6A03A2A2 C3D0B05080AED6FC"));
}
/* Internal state for the first test case:
#include "testutils.h"
#include "arcfour.h"
-int
+void
test_main(void)
{
test_cipher_stream(&nettle_arcfour128,
- HL("01234567 89ABCDEF 00000000 00000000"),
- HL("01234567 89ABCDEF"),
- H("69723659 1B5242B1"));
+ SHEX("01234567 89ABCDEF 00000000 00000000"),
+ SHEX("01234567 89ABCDEF"),
+ SHEX("69723659 1B5242B1"));
/* More data. This ensures that we get some collisions between the S
accesses at index i,j and the access at si + sj. I.e. the cases
where the ordering of loads and stores matter. */
test_cipher_stream(&nettle_arcfour128,
- HL("aaaaaaaa bbbbbbbb cccccccc dddddddd"),
- HL("00000000 00000000 00000000 00000000"
- "00000000 00000000 00000000 00000000"
- "00000000 00000000 00000000 00000000"
- "00000000 00000000 00000000 00000000"
+ SHEX("aaaaaaaa bbbbbbbb cccccccc dddddddd"),
+ SHEX("00000000 00000000 00000000 00000000"
+ "00000000 00000000 00000000 00000000"
+ "00000000 00000000 00000000 00000000"
+ "00000000 00000000 00000000 00000000"
- "00000000 00000000 00000000 00000000"
- "00000000 00000000 00000000 00000000"
- "00000000 00000000 00000000 00000000"
- "00000000 00000000 00000000 00000000"
+ "00000000 00000000 00000000 00000000"
+ "00000000 00000000 00000000 00000000"
+ "00000000 00000000 00000000 00000000"
+ "00000000 00000000 00000000 00000000"
- "00000000 00000000 00000000 00000000"
- "00000000 00000000 00000000 00000000"
- "00000000 00000000 00000000 00000000"
- "00000000 00000000 00000000 00000000"
+ "00000000 00000000 00000000 00000000"
+ "00000000 00000000 00000000 00000000"
+ "00000000 00000000 00000000 00000000"
+ "00000000 00000000 00000000 00000000"
- "00000000 00000000 00000000 00000000"
- "00000000 00000000 00000000 00000000"
- "00000000 00000000 00000000 00000000"
- "00000000 00000000 00000000 00000000"
+ "00000000 00000000 00000000 00000000"
+ "00000000 00000000 00000000 00000000"
+ "00000000 00000000 00000000 00000000"
+ "00000000 00000000 00000000 00000000"
- "00000000 00000000 00000000 00000000"
- "00000000 00000000 00000000 00000000"
- "00000000 00000000 00000000 00000000"
- "00000000 00000000 00000000 00000000"
+ "00000000 00000000 00000000 00000000"
+ "00000000 00000000 00000000 00000000"
+ "00000000 00000000 00000000 00000000"
+ "00000000 00000000 00000000 00000000"
- "00000000 00000000 00000000 00000000"
- "00000000 00000000 00000000 00000000"
- "00000000 00000000 00000000 00000000"
- "00000000 00000000 00000000 00000000"
+ "00000000 00000000 00000000 00000000"
+ "00000000 00000000 00000000 00000000"
+ "00000000 00000000 00000000 00000000"
+ "00000000 00000000 00000000 00000000"
- "00000000 00000000 00000000 00000000"
- "00000000 00000000 00000000 00000000"
- "00000000 00000000 00000000 00000000"
- "00000000 00000000 00000000 00000000"
+ "00000000 00000000 00000000 00000000"
+ "00000000 00000000 00000000 00000000"
+ "00000000 00000000 00000000 00000000"
+ "00000000 00000000 00000000 00000000"
- "00000000 00000000 00000000 00000000"
- "00000000 00000000 00000000 00000000"
- "00000000 00000000 00000000 00000000"
- "00000000 00000000 00000000 00000000"),
- H("a2b35dc7 bf95ae1e 1c432d15 f4fb8c1c"
- "f264e1d0 bd090831 6caa7d17 5401ae67"
- "3cfbd140 fd3dee42 1012d674 2fb69fa3"
- "6522631e bb3d4703 535de1ce 4a81ddce"
+ "00000000 00000000 00000000 00000000"
+ "00000000 00000000 00000000 00000000"
+ "00000000 00000000 00000000 00000000"
+ "00000000 00000000 00000000 00000000"),
+ SHEX("a2b35dc7 bf95ae1e 1c432d15 f4fb8c1c"
+ "f264e1d0 bd090831 6caa7d17 5401ae67"
+ "3cfbd140 fd3dee42 1012d674 2fb69fa3"
+ "6522631e bb3d4703 535de1ce 4a81ddce"
- "5780cfe0 b5fc9fae ebe14c96 26451bd9"
- "992f2204 119cbe37 cbdc453c 7afa08c7"
- "1380ccf8 48f81e53 a535cdfb 96c64faa"
- "c3f759d0 fa1ff920 008d95cf 39d52324"
+ "5780cfe0 b5fc9fae ebe14c96 26451bd9"
+ "992f2204 119cbe37 cbdc453c 7afa08c7"
+ "1380ccf8 48f81e53 a535cdfb 96c64faa"
+ "c3f759d0 fa1ff920 008d95cf 39d52324"
- "d0aac3f9 749b22e2 6a065145 06fb249d"
- "ffb8e05e cb0381fe 5346a04a 63dac61c"
- "10b6683e 3ab427de d4c6bc60 6366545e"
- "77d0e121 96037717 a745d49e e72a70aa"
+ "d0aac3f9 749b22e2 6a065145 06fb249d"
+ "ffb8e05e cb0381fe 5346a04a 63dac61c"
+ "10b6683e 3ab427de d4c6bc60 6366545e"
+ "77d0e121 96037717 a745d49e e72a70aa"
- "a50a612d 879b0580 fd4a89ae 3ee49871"
- "2cf6c98d a62dfbc7 d7b2d901 2c3aaf27"
- "42b7e089 ef2466ac 450b440c 138daa1a"
- "cf9ebef6 f66a7a64 2677b213 06640130"
+ "a50a612d 879b0580 fd4a89ae 3ee49871"
+ "2cf6c98d a62dfbc7 d7b2d901 2c3aaf27"
+ "42b7e089 ef2466ac 450b440c 138daa1a"
+ "cf9ebef6 f66a7a64 2677b213 06640130"
- "de6651df 0065180d 4db366ba 9c377712"
- "53d21cac 82ed72a4 c6c4d81e 4375fea3"
- "1f935909 95322c83 13c64d8e 829c93a6"
- "d540a1b3 20f41541 96800888 1a7afc9b"
+ "de6651df 0065180d 4db366ba 9c377712"
+ "53d21cac 82ed72a4 c6c4d81e 4375fea3"
+ "1f935909 95322c83 13c64d8e 829c93a6"
+ "d540a1b3 20f41541 96800888 1a7afc9b"
- "e39e89fc 3ac78be5 cdbbf774 33c36863"
- "da2a3b1b d06e54a9 aa4b7edd 70b34941"
- "b886f7db f36c3def f9fc4c80 7ce55ea5"
- "98a7257b f68a9e1d caf4bfd6 43bd9853"
+ "e39e89fc 3ac78be5 cdbbf774 33c36863"
+ "da2a3b1b d06e54a9 aa4b7edd 70b34941"
+ "b886f7db f36c3def f9fc4c80 7ce55ea5"
+ "98a7257b f68a9e1d caf4bfd6 43bd9853"
- "c966629d 54e34221 6e140780 d48c69bb"
- "5e77e886 86f2ebcb 807732d5 d29bc384"
- "a4ca1c31 c7c1b5b9 85dbfcf1 8d845905"
- "a0ff487a b4a3f252 a75caebf 857ba48b"
+ "c966629d 54e34221 6e140780 d48c69bb"
+ "5e77e886 86f2ebcb 807732d5 d29bc384"
+ "a4ca1c31 c7c1b5b9 85dbfcf1 8d845905"
+ "a0ff487a b4a3f252 a75caebf 857ba48b"
- "613e3067 92cada3e 0e07f599 2f4794f3"
- "af01f15a 491732fb 22aa09a3 d2e1e408"
- "fe94bdb4 993c68b1 1bb79eb1 bb7ec446"
- "760ef7bf 2caa8713 479760e5 a6e143cd"));
-
- SUCCESS();
+ "613e3067 92cada3e 0e07f599 2f4794f3"
+ "af01f15a 491732fb 22aa09a3 d2e1e408"
+ "fe94bdb4 993c68b1 1bb79eb1 bb7ec446"
+ "760ef7bf 2caa8713 479760e5 a6e143cd"));
}
/* nettle, low-level cryptographics library
*
* Copyright (C) 2004 Simon Josefsson
- * Copyright (C) 2004 Niels Möller
+ * Copyright (C) 2004 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#include "testutils.h"
/* For tests with obscure values of ebk. */
static void
test_arctwo(unsigned ekb,
- unsigned key_length,
- const uint8_t *key,
- unsigned length,
- const uint8_t *cleartext,
- const uint8_t *ciphertext)
+ const struct tstring *key,
+ const struct tstring *cleartext,
+ const struct tstring *ciphertext)
{
struct arctwo_ctx ctx;
- uint8_t *data = xalloc(length);
+ uint8_t *data;
+ unsigned length;
- arctwo_set_key_ekb(&ctx, key_length, key, ekb);
- arctwo_encrypt(&ctx, length, data, cleartext);
+ ASSERT (cleartext->length == ciphertext->length);
+ length = cleartext->length;
+
+ data = xalloc(length);
- if (!MEMEQ(length, data, ciphertext))
- FAIL();
+ arctwo_set_key_ekb(&ctx, key->length, key->data, ekb);
+ arctwo_encrypt(&ctx, length, data, cleartext->data);
+
+ ASSERT(MEMEQ(length, data, ciphertext->data));
arctwo_decrypt(&ctx, length, data, data);
- if (!MEMEQ(length, data, cleartext))
- FAIL();
+ ASSERT(MEMEQ(length, data, cleartext->data));
free(data);
}
-int
+void
test_main(void)
{
/* Test vectors from Peter Gutmann's paper. */
test_cipher(&nettle_arctwo_gutmann128,
- HL("00000000 00000000 00000000 00000000"),
- HL("00000000 00000000"),
- H ("1c198a83 8df028b7"));
+ SHEX("00000000 00000000 00000000 00000000"),
+ SHEX("00000000 00000000"),
+ SHEX("1c198a83 8df028b7"));
test_cipher(&nettle_arctwo_gutmann128,
- HL("00010203 04050607 08090a0b 0c0d0e0f"),
- HL("00000000 00000000"),
- H ("50dc0162 bd757f31"));
+ SHEX("00010203 04050607 08090a0b 0c0d0e0f"),
+ SHEX("00000000 00000000"),
+ SHEX("50dc0162 bd757f31"));
/* This one was checked against libmcrypt's RFC2268. */
test_cipher(&nettle_arctwo_gutmann128,
- HL("30000000 00000000 00000000 00000000"),
- HL("10000000 00000000"),
- H ("8fd10389 336bf95e"));
+ SHEX("30000000 00000000 00000000 00000000"),
+ SHEX("10000000 00000000"),
+ SHEX("8fd10389 336bf95e"));
/* Test vectors from RFC 2268. */
test_cipher(&nettle_arctwo64,
- HL("ffffffff ffffffff"),
- HL("ffffffff ffffffff"),
- H ("278b27e4 2e2f0d49"));
+ SHEX("ffffffff ffffffff"),
+ SHEX("ffffffff ffffffff"),
+ SHEX("278b27e4 2e2f0d49"));
test_cipher(&nettle_arctwo64,
- HL("30000000 00000000"),
- HL("10000000 00000001"),
- H ("30649edf 9be7d2c2"));
+ SHEX("30000000 00000000"),
+ SHEX("10000000 00000001"),
+ SHEX("30649edf 9be7d2c2"));
test_cipher(&nettle_arctwo128,
- HL("88bca90e 90875a7f 0f79c384 627bafb2"),
- HL("00000000 00000000"),
- H ("2269552a b0f85ca6"));
+ SHEX("88bca90e 90875a7f 0f79c384 627bafb2"),
+ SHEX("00000000 00000000"),
+ SHEX("2269552a b0f85ca6"));
/* More obscure tests from RFC 2286 */
test_arctwo(63,
- HL("00000000 00000000"),
- HL("00000000 00000000"),
- H ("ebb773f9 93278eff"));
+ SHEX("00000000 00000000"),
+ SHEX("00000000 00000000"),
+ SHEX("ebb773f9 93278eff"));
test_arctwo(64,
- HL("88"),
- HL("00000000 00000000"),
- H ("61a8a244 adacccf0"));
+ SHEX("88"),
+ SHEX("00000000 00000000"),
+ SHEX("61a8a244 adacccf0"));
test_arctwo(64,
- HL("88bca90e 90875a"),
- HL("00000000 00000000"),
- H ("6ccf4308 974c267f"));
+ SHEX("88bca90e 90875a"),
+ SHEX("00000000 00000000"),
+ SHEX("6ccf4308 974c267f"));
test_arctwo(64,
- HL("88bca90e 90875a7f 0f79c384 627bafb2"),
- HL("00000000 00000000"),
- H ("1a807d27 2bbe5db1"));
+ SHEX("88bca90e 90875a7f 0f79c384 627bafb2"),
+ SHEX("00000000 00000000"),
+ SHEX("1a807d27 2bbe5db1"));
test_arctwo(129,
- HL("88bca90e 90875a7f 0f79c384 627bafb2"
- "16f80a6f 85920584 c42fceb0 be255daf 1e"),
- HL("00000000 00000000"),
- H ("5b78d3a4 3dfff1f1"));
-
- SUCCESS ();
+ SHEX("88bca90e 90875a7f 0f79c384 627bafb2"
+ "16f80a6f 85920584 c42fceb0 be255daf 1e"),
+ SHEX("00000000 00000000"),
+ SHEX("5b78d3a4 3dfff1f1"));
}
#include "testutils.h"
#include "base16.h"
-int
+void
test_main(void)
{
ASSERT(BASE16_ENCODE_LENGTH(0) == 0);
test_armor(&nettle_base16, 4, "Hell", "48656c6c");
test_armor(&nettle_base16, 5, "Hello", "48656c6c6f");
test_armor(&nettle_base16, 6, "Hello", "48656c6c6f00");
-
- SUCCESS();
}
#include "testutils.h"
#include "base64.h"
-int
+void
test_main(void)
{
ASSERT(BASE64_ENCODE_LENGTH(0) == 0); /* At most 4 bits */
ASSERT(MEMEQ(9, buffer, "HelloG8=x"));
}
-
- SUCCESS();
}
#include "bignum.h"
static void
-test_bignum(const char *hex, unsigned length, const uint8_t *base256)
+test_bignum(const char *hex, const struct tstring *base256)
{
mpz_t a;
mpz_t b;
uint8_t *buf;
mpz_init_set_str(a, hex, 16);
- nettle_mpz_init_set_str_256_s(b, length, base256);
+ nettle_mpz_init_set_str_256_s(b, base256->length, base256->data);
- if (mpz_cmp(a, b))
- FAIL();
+ ASSERT(mpz_cmp(a, b) == 0);
- buf = xalloc(length + 1);
- memset(buf, 17, length + 1);
+ buf = xalloc(base256->length + 1);
+ memset(buf, 17, base256->length + 1);
- nettle_mpz_get_str_256(length, buf, a);
- if (!MEMEQ(length, buf, base256))
- FAIL();
+ nettle_mpz_get_str_256(base256->length, buf, a);
+ ASSERT(MEMEQ(base256->length, buf, base256->data));
- if (buf[length] != 17)
- FAIL();
+ ASSERT(buf[base256->length] == 17);
mpz_clear(a); mpz_clear(b);
free(buf);
#endif /* HAVE_LIBGMP */
-int
+void
test_main(void)
{
#if HAVE_LIBGMP
test_size(- 0x8000, 2); /* 8000 */
test_size(- 0x8001, 3); /* ff7fff */
- test_bignum("0", HL("00"));
- test_bignum("010203040506", HL("010203040506"));
- test_bignum("80010203040506", HL("0080010203040506"));
-
- test_bignum( "-1", HL( "ff"));
- test_bignum( "-7f", HL( "81"));
- test_bignum( "-80", HL( "80"));
- test_bignum( "-81", HL( "ff7f"));
- test_bignum("-7fff", HL( "8001"));
- test_bignum("-8000", HL( "8000"));
- test_bignum("-8001", HL("ff7fff"));
+ test_bignum("0", SHEX("00"));
+ test_bignum("010203040506", SHEX("010203040506"));
+ test_bignum("80010203040506", SHEX("0080010203040506"));
+
+ test_bignum( "-1", SHEX( "ff"));
+ test_bignum( "-7f", SHEX( "81"));
+ test_bignum( "-80", SHEX( "80"));
+ test_bignum( "-81", SHEX( "ff7f"));
+ test_bignum("-7fff", SHEX( "8001"));
+ test_bignum("-8000", SHEX( "8000"));
+ test_bignum("-8001", SHEX("ff7fff"));
- SUCCESS();
#else /* !HAVE_LIBGMP */
SKIP();
#endif /* !HAVE_LIBGMP */
#include "nettle-internal.h"
#include "blowfish.h"
-int
+void
test_main(void)
{
/* 208 bit key. Test from GNUPG. */
test_cipher(&nettle_blowfish128,
- 26, "abcdefghijklmnopqrstuvwxyz",
- BLOWFISH_BLOCK_SIZE, "BLOWFISH",
- H("32 4E D0 FE F4 13 A2 03"));
-
- SUCCESS();
+ SDATA("abcdefghijklmnopqrstuvwxyz"),
+ SDATA("BLOWFISH"),
+ SHEX("32 4E D0 FE F4 13 A2 03"));
}
/* FIXME: All values below are bogus. */
#if 0
#include "testutils.h"
#include "buffer.h"
-int
+void
test_main(void)
{
struct nettle_buffer buffer;
ASSERT(buffer.size == 3);
ASSERT(!nettle_buffer_write(&buffer, LDATA("bar")));
-
- SUCCESS();
}
#include "camellia.h"
static void
-test_invert(unsigned key_length, const uint8_t *key,
- unsigned length, const uint8_t *cleartext,
- const uint8_t *ciphertext)
+test_invert(const struct tstring *key,
+ const struct tstring *cleartext,
+ const struct tstring *ciphertext)
{
struct camellia_ctx encrypt;
struct camellia_ctx decrypt;
- uint8_t *data = xalloc(length);
+ uint8_t *data;
+ unsigned length;
- camellia_set_encrypt_key (&encrypt, key_length, key);
- camellia_crypt (&encrypt, length, data, cleartext);
+ ASSERT (cleartext->length == ciphertext->length);
+ length = cleartext->length;
+
+ data = xalloc(length);
+
+ camellia_set_encrypt_key (&encrypt, key->length, key->data);
+ camellia_crypt (&encrypt, length, data, cleartext->data);
- if (!MEMEQ(length, data, ciphertext))
+ if (!MEMEQ(length, data, ciphertext->data))
{
- fprintf(stderr, "test_invert: Encrypt failed:\nInput:");
- print_hex(length, cleartext);
+ tstring_print_hex(cleartext);
fprintf(stderr, "\nOutput: ");
print_hex(length, data);
fprintf(stderr, "\nExpected:");
- print_hex(length, ciphertext);
+ tstring_print_hex(ciphertext);
fprintf(stderr, "\n");
FAIL();
}
camellia_invert_key (&decrypt, &encrypt);
camellia_crypt (&decrypt, length, data, data);
- if (!MEMEQ(length, data, cleartext))
+ if (!MEMEQ(length, data, cleartext->data))
{
fprintf(stderr, "test_invert: Decrypt failed:\nInput:");
- print_hex(length, ciphertext);
+ tstring_print_hex(ciphertext);
fprintf(stderr, "\nOutput: ");
print_hex(length, data);
fprintf(stderr, "\nExpected:");
- print_hex(length, cleartext);
+ tstring_print_hex(cleartext);
fprintf(stderr, "\n");
FAIL();
}
free (data);
}
-int
+void
test_main(void)
{
/* Test vectors from RFC 3713 */
/* 128 bit keys */
test_cipher(&nettle_camellia128,
- HL("01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10"),
- HL("01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10"),
- H("67 67 31 38 54 96 69 73 08 57 06 56 48 ea be 43"));
+ SHEX("01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10"),
+ SHEX("01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10"),
+ SHEX("67 67 31 38 54 96 69 73 08 57 06 56 48 ea be 43"));
/* 192 bit keys */
test_cipher(&nettle_camellia192,
- HL("01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10"
- "00 11 22 33 44 55 66 77"),
- HL("01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10"),
- H("b4 99 34 01 b3 e9 96 f8 4e e5 ce e7 d7 9b 09 b9"));
+ SHEX("01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10"
+ "00 11 22 33 44 55 66 77"),
+ SHEX("01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10"),
+ SHEX("b4 99 34 01 b3 e9 96 f8 4e e5 ce e7 d7 9b 09 b9"));
/* 256 bit keys */
test_cipher(&nettle_camellia256,
- HL("01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10"
- "00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff"),
- HL("01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10"),
- H("9a cc 23 7d ff 16 d7 6c 20 ef 7c 91 9e 3a 75 09"));
+ SHEX("01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10"
+ "00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff"),
+ SHEX("01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10"),
+ SHEX("9a cc 23 7d ff 16 d7 6c 20 ef 7c 91 9e 3a 75 09"));
/* Test camellia_invert_key with src != dst */
- test_invert(HL("01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10"),
- HL("01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10"),
- H("67 67 31 38 54 96 69 73 08 57 06 56 48 ea be 43"));
+ test_invert(SHEX("01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10"),
+ SHEX("01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10"),
+ SHEX("67 67 31 38 54 96 69 73 08 57 06 56 48 ea be 43"));
- test_invert(HL("01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10"
- "00 11 22 33 44 55 66 77"),
- HL("01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10"),
- H("b4 99 34 01 b3 e9 96 f8 4e e5 ce e7 d7 9b 09 b9"));
+ test_invert(SHEX("01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10"
+ "00 11 22 33 44 55 66 77"),
+ SHEX("01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10"),
+ SHEX("b4 99 34 01 b3 e9 96 f8 4e e5 ce e7 d7 9b 09 b9"));
- test_invert(HL("01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10"
- "00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff"),
- HL("01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10"),
- H("9a cc 23 7d ff 16 d7 6c 20 ef 7c 91 9e 3a 75 09"));
- SUCCESS();
+ test_invert(SHEX("01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10"
+ "00 11 22 33 44 55 66 77 88 99 aa bb cc dd ee ff"),
+ SHEX("01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 10"),
+ SHEX("9a cc 23 7d ff 16 d7 6c 20 ef 7c 91 9e 3a 75 09"));
}
#include "testutils.h"
#include "cast128.h"
-int
+void
test_main(void)
{
/* Test vectors from B.1. Single Plaintext-Key-Ciphertext Sets, RFC
/* 128 bit key */
test_cipher(&nettle_cast128,
- HL("01 23 45 67 12 34 56 78"
- "23 45 67 89 34 56 78 9A"),
- HL("01 23 45 67 89 AB CD EF"),
- H("23 8B 4F E5 84 7E 44 B2"));
+ SHEX("01 23 45 67 12 34 56 78"
+ "23 45 67 89 34 56 78 9A"),
+ SHEX("01 23 45 67 89 AB CD EF"),
+ SHEX("23 8B 4F E5 84 7E 44 B2"));
/* 80 bit key */
test_cipher(&nettle_cast128,
- HL("01 23 45 67 12 34 56 78 23 45"),
- HL("01 23 45 67 89 AB CD EF"),
- H("EB 6A 71 1A 2C 02 27 1B"));
+ SHEX("01 23 45 67 12 34 56 78 23 45"),
+ SHEX("01 23 45 67 89 AB CD EF"),
+ SHEX("EB 6A 71 1A 2C 02 27 1B"));
/* 40 bit key */
test_cipher(&nettle_cast128,
- HL("01 23 45 67 12"),
- HL("01 23 45 67 89 AB CD EF"),
- H("7A C8 16 D1 6E 9B 30 2E"));
-
- SUCCESS();
+ SHEX("01 23 45 67 12"),
+ SHEX("01 23 45 67 89 AB CD EF"),
+ SHEX("7A C8 16 D1 6E 9B 30 2E"));
}
CBC_ENCRYPT(&aes, aes_encrypt, CBC_BULK_DATA, cipher, clear);
- if (cipher[CBC_BULK_DATA] != 17)
- FAIL();
+ ASSERT(cipher[CBC_BULK_DATA] == 17);
if (verbose)
{
printf("\n");
}
- if (!MEMEQ(AES_BLOCK_SIZE, aes.iv, end_iv))
- FAIL();
+ ASSERT(MEMEQ(AES_BLOCK_SIZE, aes.iv, end_iv));
/* Decrypt, in place */
aes_set_decrypt_key(&aes.ctx, 32, key);
CBC_SET_IV(&aes, start_iv);
CBC_DECRYPT(&aes, aes_decrypt, CBC_BULK_DATA, cipher, cipher);
- if (cipher[CBC_BULK_DATA] != 17)
- FAIL();
+ ASSERT(cipher[CBC_BULK_DATA] == 17);
if (verbose)
{
printf("\n");
}
- if (!MEMEQ(AES_BLOCK_SIZE, aes.iv, end_iv))
- FAIL();
-
- if (!MEMEQ(CBC_BULK_DATA, clear, cipher))
- FAIL();
+ ASSERT (MEMEQ(AES_BLOCK_SIZE, aes.iv, end_iv));
+ ASSERT (MEMEQ(CBC_BULK_DATA, clear, cipher));
}
-int
+void
test_main(void)
{
- static const uint8_t msg[2 * AES_BLOCK_SIZE] = "Listen, I'll say this only once!";
-
/* Intermediate values:
* iv XOR first message block:
* "a5 ce 55 d4 21 15 a1 c6 4a a4 0c b2 ca a6 d1 37"
*/
test_cipher_cbc(&nettle_aes256,
- HL("8d ae 93 ff fc 78 c9 44"
- "2a bd 0c 1e 68 bc a6 c7"
- "05 c7 84 e3 5a a9 11 8b"
- "d3 16 aa 54 9b 44 08 9e"),
- 2 * AES_BLOCK_SIZE, msg,
- H("1f 94 fc 85 f2 36 21 06"
- "4a ea e3 c9 cc 38 01 0e"
- "7b f6 5f c5 02 59 2e 71"
- "af bf 34 87 c0 36 2a 16"),
- H("e9 a7 26 a0 44 7b 8d e6 03 83 60 de ea d5 b0 4e"));
+ SHEX("8d ae 93 ff fc 78 c9 44"
+ "2a bd 0c 1e 68 bc a6 c7"
+ "05 c7 84 e3 5a a9 11 8b"
+ "d3 16 aa 54 9b 44 08 9e"),
+ SDATA("Listen, I'll say this only once!"),
+ SHEX("1f 94 fc 85 f2 36 21 06"
+ "4a ea e3 c9 cc 38 01 0e"
+ "7b f6 5f c5 02 59 2e 71"
+ "af bf 34 87 c0 36 2a 16"),
+ SHEX("e9 a7 26 a0 44 7b 8d e6 03 83 60 de ea d5 b0 4e"));
/* From NIST spec 800-38a on AES modes.
*
* 8521f2fd3c8eef2cdc3da7e5c44ea206
*/
test_cipher_cbc(&nettle_aes128,
- HL("2b7e151628aed2a6abf7158809cf4f3c"),
- HL("6bc1bee22e409f96e93d7e117393172a"
- "ae2d8a571e03ac9c9eb76fac45af8e51"
- "30c81c46a35ce411e5fbc1191a0a52ef"
- "f69f2445df4f9b17ad2b417be66c3710"),
- H("7649abac8119b246cee98e9b12e9197d"
- "5086cb9b507219ee95db113a917678b2"
- "73bed6b8e3c1743b7116e69e22229516"
- "3ff1caa1681fac09120eca307586e1a7"),
- H("000102030405060708090a0b0c0d0e0f"));
+ SHEX("2b7e151628aed2a6abf7158809cf4f3c"),
+ SHEX("6bc1bee22e409f96e93d7e117393172a"
+ "ae2d8a571e03ac9c9eb76fac45af8e51"
+ "30c81c46a35ce411e5fbc1191a0a52ef"
+ "f69f2445df4f9b17ad2b417be66c3710"),
+ SHEX("7649abac8119b246cee98e9b12e9197d"
+ "5086cb9b507219ee95db113a917678b2"
+ "73bed6b8e3c1743b7116e69e22229516"
+ "3ff1caa1681fac09120eca307586e1a7"),
+ SHEX("000102030405060708090a0b0c0d0e0f"));
/* F.2.3 CBC-AES192.Encrypt */
*/
test_cipher_cbc(&nettle_aes192,
- HL("8e73b0f7da0e6452c810f32b809079e5"
- "62f8ead2522c6b7b"),
- HL("6bc1bee22e409f96e93d7e117393172a"
- "ae2d8a571e03ac9c9eb76fac45af8e51"
- "30c81c46a35ce411e5fbc1191a0a52ef"
- "f69f2445df4f9b17ad2b417be66c3710"),
- H("4f021db243bc633d7178183a9fa071e8"
- "b4d9ada9ad7dedf4e5e738763f69145a"
- "571b242012fb7ae07fa9baac3df102e0"
- "08b0e27988598881d920a9e64f5615cd"),
- H("000102030405060708090a0b0c0d0e0f"));
+ SHEX("8e73b0f7da0e6452c810f32b809079e5"
+ "62f8ead2522c6b7b"),
+ SHEX("6bc1bee22e409f96e93d7e117393172a"
+ "ae2d8a571e03ac9c9eb76fac45af8e51"
+ "30c81c46a35ce411e5fbc1191a0a52ef"
+ "f69f2445df4f9b17ad2b417be66c3710"),
+ SHEX("4f021db243bc633d7178183a9fa071e8"
+ "b4d9ada9ad7dedf4e5e738763f69145a"
+ "571b242012fb7ae07fa9baac3df102e0"
+ "08b0e27988598881d920a9e64f5615cd"),
+ SHEX("000102030405060708090a0b0c0d0e0f"));
/* F.2.5 CBC-AES256.Encrypt */
*/
test_cipher_cbc(&nettle_aes256,
- HL("603deb1015ca71be2b73aef0857d7781"
- "1f352c073b6108d72d9810a30914dff4"),
- HL("6bc1bee22e409f96e93d7e117393172a"
- "ae2d8a571e03ac9c9eb76fac45af8e51"
- "30c81c46a35ce411e5fbc1191a0a52ef"
- "f69f2445df4f9b17ad2b417be66c3710"),
- H("f58c4c04d6e5f1ba779eabfb5f7bfbd6"
- "9cfc4e967edb808d679f777bc6702c7d"
- "39f23369a9d9bacfa530e26304231461"
- "b2eb05e2c39be9fcda6c19078c6a9d1b"),
- H("000102030405060708090a0b0c0d0e0f"));
+ SHEX("603deb1015ca71be2b73aef0857d7781"
+ "1f352c073b6108d72d9810a30914dff4"),
+ SHEX("6bc1bee22e409f96e93d7e117393172a"
+ "ae2d8a571e03ac9c9eb76fac45af8e51"
+ "30c81c46a35ce411e5fbc1191a0a52ef"
+ "f69f2445df4f9b17ad2b417be66c3710"),
+ SHEX("f58c4c04d6e5f1ba779eabfb5f7bfbd6"
+ "9cfc4e967edb808d679f777bc6702c7d"
+ "39f23369a9d9bacfa530e26304231461"
+ "b2eb05e2c39be9fcda6c19078c6a9d1b"),
+ SHEX("000102030405060708090a0b0c0d0e0f"));
test_cbc_bulk();
-
- SUCCESS();
}
/*
#include "aes.h"
#include "ctr.h"
-int
+void
test_main(void)
{
/* From NIST spec 800-38a on AES modes,
* F.5 CTR Example Vectors
*/
+ /* Zero-length data. Exposes bug reported by Tim Kosse, where
+ ctr_crypt increment the ctr when it shouldn't. */
+ test_cipher_ctr(&nettle_aes128,
+ SHEX("2b7e151628aed2a6abf7158809cf4f3c"),
+ SHEX(""), SHEX(""),
+ SHEX("f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff"));
+
/* F.5.1 CTR-AES128.Encrypt */
test_cipher_ctr(&nettle_aes128,
- HL("2b7e151628aed2a6abf7158809cf4f3c"),
- HL("6bc1bee22e409f96e93d7e117393172a"
- "ae2d8a571e03ac9c9eb76fac45af8e51"
- "30c81c46a35ce411e5fbc1191a0a52ef"
- "f69f2445df4f9b17ad2b417be66c3710"),
- H("874d6191b620e3261bef6864990db6ce"
- "9806f66b7970fdff8617187bb9fffdff"
- "5ae4df3edbd5d35e5b4f09020db03eab"
- "1e031dda2fbe03d1792170a0f3009cee"),
- H("f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff"));
+ SHEX("2b7e151628aed2a6abf7158809cf4f3c"),
+ SHEX("6bc1bee22e409f96e93d7e117393172a"
+ "ae2d8a571e03ac9c9eb76fac45af8e51"
+ "30c81c46a35ce411e5fbc1191a0a52ef"
+ "f69f2445df4f9b17ad2b417be66c3710"),
+ SHEX("874d6191b620e3261bef6864990db6ce"
+ "9806f66b7970fdff8617187bb9fffdff"
+ "5ae4df3edbd5d35e5b4f09020db03eab"
+ "1e031dda2fbe03d1792170a0f3009cee"),
+ SHEX("f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff"));
/* F.5.3 CTR-AES192.Encrypt */
test_cipher_ctr(&nettle_aes192,
- HL("8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b"),
- HL("6bc1bee22e409f96e93d7e117393172a"
- "ae2d8a571e03ac9c9eb76fac45af8e51"
- "30c81c46a35ce411e5fbc1191a0a52ef"
- "f69f2445df4f9b17ad2b417be66c3710"),
- H("1abc932417521ca24f2b0459fe7e6e0b"
- "090339ec0aa6faefd5ccc2c6f4ce8e94"
- "1e36b26bd1ebc670d1bd1d665620abf7"
- "4f78a7f6d29809585a97daec58c6b050"),
- H("f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff"));
+ SHEX("8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b"),
+ SHEX("6bc1bee22e409f96e93d7e117393172a"
+ "ae2d8a571e03ac9c9eb76fac45af8e51"
+ "30c81c46a35ce411e5fbc1191a0a52ef"
+ "f69f2445df4f9b17ad2b417be66c3710"),
+ SHEX("1abc932417521ca24f2b0459fe7e6e0b"
+ "090339ec0aa6faefd5ccc2c6f4ce8e94"
+ "1e36b26bd1ebc670d1bd1d665620abf7"
+ "4f78a7f6d29809585a97daec58c6b050"),
+ SHEX("f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff"));
/* F.5.5 CTR-AES256.Encrypt */
test_cipher_ctr(&nettle_aes256,
- HL("603deb1015ca71be2b73aef0857d7781"
- "1f352c073b6108d72d9810a30914dff4"),
- HL("6bc1bee22e409f96e93d7e117393172a"
- "ae2d8a571e03ac9c9eb76fac45af8e51"
- "30c81c46a35ce411e5fbc1191a0a52ef"
- "f69f2445df4f9b17ad2b417be66c3710"),
- H("601ec313775789a5b7a7f504bbf3d228"
- "f443e3ca4d62b59aca84e990cacaf5c5"
- "2b0930daa23de94ce87017ba2d84988d"
- "dfc9c58db67aada613c2dd08457941a6"),
- H("f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff"));
-
- SUCCESS();
+ SHEX("603deb1015ca71be2b73aef0857d7781"
+ "1f352c073b6108d72d9810a30914dff4"),
+ SHEX("6bc1bee22e409f96e93d7e117393172a"
+ "ae2d8a571e03ac9c9eb76fac45af8e51"
+ "30c81c46a35ce411e5fbc1191a0a52ef"
+ "f69f2445df4f9b17ad2b417be66c3710"),
+ SHEX("601ec313775789a5b7a7f504bbf3d228"
+ "f443e3ca4d62b59aca84e990cacaf5c5"
+ "2b0930daa23de94ce87017ba2d84988d"
+ "dfc9c58db67aada613c2dd08457941a6"),
+ SHEX("f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff"));
}
/*
#include "md5.h"
/* Test C++ linkage */
-int
+void
test_main(void)
{
struct md5_ctx md5;
md5_update (&md5, 14, reinterpret_cast<const uint8_t *> ("message digest"));
md5_digest (&md5, MD5_DIGEST_SIZE, digest);
- if (!MEMEQH (MD5_DIGEST_SIZE, digest,
- "F96B697D7CB7938D 525A2F31AAF161D0"))
- FAIL();
+ ASSERT (MEMEQ (MD5_DIGEST_SIZE, digest,
+ H("F96B697D7CB7938D 525A2F31AAF161D0")));
#if WITH_PUBLIC_KEY
"e545fbb4cf", 16);
mpz_set_str(pub.e, "0db2ad57", 16);
- if (!rsa_public_key_prepare(&pub))
- FAIL();
+ ASSERT (rsa_public_key_prepare(&pub));
mpz_set_str(key.p,
"0a66399919be4b4d" "e5a78c5ea5c85bf9" "aba8c013cb4a8732"
"e2df9607cee95fa8" "daec7a389a7d9afc" "8dd21fef9d83805a"
"40d46f49676a2f6b" "2926f70c572c00", 16);
- if (!rsa_private_key_prepare(&key))
- FAIL();
+ ASSERT (rsa_private_key_prepare(&key));
- if (pub.size != key.size)
- FAIL();
+ ASSERT (pub.size == key.size);
mpz_set_str(expected,
"53bf517009fa956e" "3daa6adc95e8663d" "3759002f488bbbad"
/* Verify it */
md5_update (&md5, 39, reinterpret_cast<const uint8_t *>
("The magic words are squeamish ossifrage"));
- if (!rsa_md5_verify (&pub, &md5, signature))
- FAIL();
+ ASSERT (rsa_md5_verify (&pub, &md5, signature));
/* Try bad data */
md5_update (&md5, 39, reinterpret_cast<const uint8_t *>
("The magik words are squeamish ossifrage"));
- if (rsa_md5_verify (&pub, &md5, signature))
- FAIL();
+ ASSERT (!rsa_md5_verify (&pub, &md5, signature));
#endif /* WITH_PUBLIC_KEY */
-
- SUCCESS();
}
#ifndef NOPROTO
static char *pt(const unsigned char *p);
+#if 0
static int cfb_test(int bits, unsigned char *cfb_cipher);
static int cfb64_test(unsigned char *cfb_cipher);
static int ede_cfb64_test(unsigned char *cfb_cipher);
+#endif
#else
static char *pt();
static int cfb_test();
static int ede_cfb64_test();
#endif
-int
+void
test_main(void)
{
int i,j,err=0;
des_cblock cbc_in[5];
des_cblock cbc_out[5];
DES_LONG cs;
- unsigned char qret[4][4],cret[8];
+ unsigned char cret[8];
+#if 0
+ unsigned char qret[4][4];
DES_LONG lqret[4];
int num;
char *str;
-
- printf("Doing ecb\n");
+#endif
+ if (verbose) printf("Doing ecb\n");
for (i=0; i<NUM_TESTS; i++)
{
if ((j=des_key_sched(&key_data[i], ks)) != 0)
}
#ifndef LIBDES_LIT
- printf("Doing ede ecb\n");
+ if (verbose) printf("Doing ede ecb\n");
for (i=0; i<(NUM_TESTS-1); i++)
{
if ((j=des_key_sched(&key_data[i], ks)) != 0)
}
#endif
- printf("Doing cbc\n");
+ if (verbose) printf("Doing cbc\n");
if ((j=des_key_sched(&cbc_key, ks)) != 0)
{
printf("Key error %d\n",j);
#ifndef LIBDES_LIT
#if 0
- printf("Doing desx cbc\n");
+ if (verbose) printf("Doing desx cbc\n");
if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0)
{
printf("Key error %d\n",j);
#endif
#endif /* LIBDES_LIT */
- printf("Doing ede cbc\n");
+ if (verbose) printf("Doing ede cbc\n");
if ((j=des_key_sched(&cbc_key,ks)) != 0)
{
printf("Key error %d\n",j);
}
#endif
- printf("Doing cbc_cksum\n");
+ if (verbose) printf("Doing cbc_cksum\n");
des_key_sched(&cbc_key,ks);
cs=des_cbc_cksum(cbc_data[0], &cret,
sizeof(cbc_data), ks, &cbc_iv);
}
printf("\n");
#endif
- exit(err);
- return(0);
+ ASSERT (err == 0);
}
-static char *pt(p)
-const unsigned char *p;
+static char *pt(const unsigned char *p)
{
static char bufs[10][20];
static int bnum=0;
char *ret;
int i;
- static char *f="0123456789ABCDEF";
+ static const char *f="0123456789ABCDEF";
ret= &(bufs[bnum++][0]);
bnum%=10;
#include "des.h"
static void
-test_des(const uint8_t *key, int expected_parity,
- unsigned length,
- const uint8_t *cleartext,
- const uint8_t *ciphertext)
+test_des(const struct tstring *key, int expected_parity,
+ const struct tstring *cleartext,
+ const struct tstring *ciphertext)
{
struct des_ctx ctx;
- uint8_t *data = xalloc(length);
+ uint8_t *data;
+ unsigned length;
- if (des_check_parity(8, key) != expected_parity)
- FAIL();
+ ASSERT (cleartext->length == ciphertext->length);
+ length = cleartext->length;
- if (!des_set_key(&ctx, key))
- FAIL();
+ ASSERT (key->length == DES_KEY_SIZE);
+
+ data = xalloc(length);
- des_encrypt(&ctx, length, data, cleartext);
+ ASSERT (des_check_parity(8, key->data) == expected_parity);
- if (!MEMEQ(length, data, ciphertext))
+ ASSERT (des_set_key(&ctx, key->data));
+
+ des_encrypt(&ctx, length, data, cleartext->data);
+
+ if (!MEMEQ(length, data, ciphertext->data))
{
fprintf(stderr, "Encrypt failed:\nInput:");
- print_hex(length, cleartext);
+ tstring_print_hex(cleartext);
fprintf(stderr, "\nOutput: ");
print_hex(length, data);
fprintf(stderr, "\nExpected:");
- print_hex(length, ciphertext);
+ tstring_print_hex(ciphertext);
fprintf(stderr, "\n");
FAIL();
}
des_decrypt(&ctx, length, data, data);
- if (!MEMEQ(length, data, cleartext))
+ if (!MEMEQ(length, data, cleartext->data))
{
fprintf(stderr, "Decrypt failed:\nInput:");
- print_hex(length, ciphertext);
+ tstring_print_hex(ciphertext);
fprintf(stderr, "\nOutput: ");
print_hex(length, data);
fprintf(stderr, "\nExpected:");
- print_hex(length, cleartext);
+ tstring_print_hex(cleartext);
fprintf(stderr, "\n");
FAIL();
}
}
static void
-test_weak(const uint8_t *key)
+test_weak(const struct tstring *key)
{
struct des_ctx ctx;
- if (des_set_key(&ctx, key))
- FAIL();
+ ASSERT (key->length == DES_KEY_SIZE);
+ ASSERT (des_set_key(&ctx, key->data) == 0);
}
-int
+void
test_main(void)
{
/* From Applied Cryptography */
- test_des(H("01234567 89ABCDEF"), 1,
- HL("01234567 89ABCDE7"),
- H("C9574425 6A5ED31D"));
+ test_des(SHEX("01234567 89ABCDEF"), 1,
+ SHEX("01234567 89ABCDE7"),
+ SHEX("C9574425 6A5ED31D"));
- test_des(H("01 01 01 01 01 01 01 80"), 1,
- HL("00 00 00 00 00 00 00 00"),
- H("9C C6 2D F4 3B 6E ED 74"));
+ test_des(SHEX("01 01 01 01 01 01 01 80"), 1,
+ SHEX("00 00 00 00 00 00 00 00"),
+ SHEX("9C C6 2D F4 3B 6E ED 74"));
- test_des(H("80 01 01 01 01 01 01 01"), 1,
- HL("00 00 00 00 00 00 00 40"),
- H("A3 80 E0 2A 6B E5 46 96"));
+ test_des(SHEX("80 01 01 01 01 01 01 01"), 1,
+ SHEX("00 00 00 00 00 00 00 40"),
+ SHEX("A3 80 E0 2A 6B E5 46 96"));
- test_des(H("08 19 2A 3B 4C 5D 6E 7F"), 1,
- HL("00 00 00 00 00 00 00 00"),
- H("25 DD AC 3E 96 17 64 67"));
+ test_des(SHEX("08 19 2A 3B 4C 5D 6E 7F"), 1,
+ SHEX("00 00 00 00 00 00 00 00"),
+ SHEX("25 DD AC 3E 96 17 64 67"));
- test_des(H("01 23 45 67 89 AB CD EF"), 1,
- DES_BLOCK_SIZE, "Now is t",
- H("3F A4 0E 8A 98 4D 48 15"));
+ test_des(SHEX("01 23 45 67 89 AB CD EF"), 1,
+ SDATA("Now is t"),
+ SHEX("3F A4 0E 8A 98 4D 48 15"));
/* Same key, but with one bad parity bit, */
- test_des(H("01 23 45 66 89 AB CD EF"), 0,
- DES_BLOCK_SIZE, "Now is t",
- H("3F A4 0E 8A 98 4D 48 15"));
+ test_des(SHEX("01 23 45 66 89 AB CD EF"), 0,
+ SDATA("Now is t"),
+ SHEX("3F A4 0E 8A 98 4D 48 15"));
/* Parity check */
- if (des_check_parity(HL("01 01 01 01 01 01 01 00")))
- FAIL();
+ {
+ const struct tstring *s = SHEX("01 01 01 01 01 01 01 00");
+ ASSERT (des_check_parity(s->length, s->data) == 0);
+ }
/* The four weak keys */
- test_weak(H("01 01 01 01 01 01 01 01"));
- test_weak(H("FE FE FE FE FE FE FE FE"));
- test_weak(H("1F 1F 1F 1F 0E 0E 0E 0E"));
- test_weak(H("E0 E0 E0 E0 F1 F1 F1 F1"));
+ test_weak(SHEX("01 01 01 01 01 01 01 01"));
+ test_weak(SHEX("FE FE FE FE FE FE FE FE"));
+ test_weak(SHEX("1F 1F 1F 1F 0E 0E 0E 0E"));
+ test_weak(SHEX("E0 E0 E0 E0 F1 F1 F1 F1"));
/* Same weak key, but different parity. */
- test_weak(H("E0 E0 E0 E0 F0 F1 F1 F1"));
+ test_weak(SHEX("E0 E0 E0 E0 F0 F1 F1 F1"));
/* The six pairs of semiweak keys */
- test_weak(H("01 FE 01 FE 01 FE 01 FE"));
- test_weak(H("FE 01 FE 01 FE 01 FE 01"));
-
- test_weak(H("1F E0 1F E0 0E F1 0E F1"));
- test_weak(H("E0 1F E0 1F F1 0E F1 0E"));
+ test_weak(SHEX("01 FE 01 FE 01 FE 01 FE"));
+ test_weak(SHEX("FE 01 FE 01 FE 01 FE 01"));
- test_weak(H("01 E0 01 E0 01 F1 01 F1"));
- test_weak(H("E0 01 E0 01 F1 01 F1 01"));
+ test_weak(SHEX("1F E0 1F E0 0E F1 0E F1"));
+ test_weak(SHEX("E0 1F E0 1F F1 0E F1 0E"));
- test_weak(H("1F FE 1F FE 0E FE 0E FE"));
- test_weak(H("FE 1F FE 1F FE 0E FE 0E"));
+ test_weak(SHEX("01 E0 01 E0 01 F1 01 F1"));
+ test_weak(SHEX("E0 01 E0 01 F1 01 F1 01"));
- test_weak(H("01 1F 01 1F 01 0E 01 0E"));
- test_weak(H("1F 01 1F 01 0E 01 0E 01"));
+ test_weak(SHEX("1F FE 1F FE 0E FE 0E FE"));
+ test_weak(SHEX("FE 1F FE 1F FE 0E FE 0E"));
- test_weak(H("E0 FE E0 FE F1 FE F1 FE"));
- test_weak(H("FE E0 FE E0 FE F1 FE F1"));
+ test_weak(SHEX("01 1F 01 1F 01 0E 01 0E"));
+ test_weak(SHEX("1F 01 1F 01 0E 01 0E 01"));
- SUCCESS();
+ test_weak(SHEX("E0 FE E0 FE F1 FE F1 FE"));
+ test_weak(SHEX("FE E0 FE E0 FE F1 FE F1"));
}
#include "nettle-internal.h"
#include "des.h"
-int
+void
test_main(void)
{
/* Intermediate values:
*/
test_cipher(&nettle_des3,
- HL("3e 0b 10 b0 5d 49 c2 54"
- "6b 46 e0 75 8a 91 61 85"
- "cb 04 07 d3 20 16 cb a2"),
- DES_BLOCK_SIZE, "Now is t",
- H("0a 5d b5 2d 85 74 d1 c9"));
-
- SUCCESS();
+ SHEX("3e 0b 10 b0 5d 49 c2 54"
+ "6b 46 e0 75 8a 91 61 85"
+ "cb 04 07 d3 20 16 cb a2"),
+ SDATA("Now is t"),
+ SHEX("0a 5d b5 2d 85 74 d1 c9"));
}
fputc(c, stderr);
}
-int
+void
test_main(void)
{
struct dsa_public_key pub;
knuth_lfib_init(&lfib, 13);
- if (!dsa_generate_keypair(&pub, &key,
- &lfib, (nettle_random_func *) knuth_lfib_random,
- NULL, verbose ? progress : NULL,
- 1024, 160))
- FAIL();
+ ASSERT (dsa_generate_keypair(&pub, &key,
+ &lfib,
+ (nettle_random_func *) knuth_lfib_random,
+ NULL, verbose ? progress : NULL,
+ 1024, 160));
test_dsa_key(&pub, &key, 160);
test_dsa160(&pub, &key, NULL);
- if (!dsa_generate_keypair(&pub, &key,
- &lfib, (nettle_random_func *) knuth_lfib_random,
- NULL, verbose ? progress : NULL,
- 2048, 256))
- FAIL();
+ ASSERT (dsa_generate_keypair(&pub, &key,
+ &lfib,
+ (nettle_random_func *) knuth_lfib_random,
+ NULL, verbose ? progress : NULL,
+ 2048, 256));
test_dsa_key(&pub, &key, 256);
test_dsa256(&pub, &key, NULL);
dsa_public_key_clear(&pub);
dsa_private_key_clear(&key);
-
- SUCCESS();
}
#include "testutils.h"
-int
+void
test_main(void)
{
struct dsa_public_key pub;
test_dsa_key(&pub, &key, 160);
- mpz_set_str(expected.r, "373999e9ee0a84a9983e528ee266938091e4c55c", 16);
- mpz_set_str(expected.s, "8017d54592bde7353f6558b3090d12ed8367e2ba", 16);
+ mpz_set_str(expected.r, "180342f8d4fb5bd0311ebf205bdee6e556014eaf", 16);
+ mpz_set_str(expected.s, "392dc6566b2735531a8460966171464ef7ddfe12", 16);
test_dsa160(&pub, &key, &expected);
test_dsa_key(&pub, &key, 256);
mpz_set_str(expected.r,
- "af30ed0383ea9eaca2fe6244adb86b5ffa80b62cd1687571"
- "eb75c2a4fff413fb", 16);
+ "03fe95c9dbbe1be019d7914e45c37c70"
+ "0f499f559312a59f3bc5037f51d3f74c", 16);
mpz_set_str(expected.s,
- "2761c5340430a9b003cd8ba72b1c2cd68644bfa23ae4c40f"
- "9250dee3ef0e7c35", 16);
+ "839dbee8d30e6b0cc349528f900f30ee"
+ "6d4ce9864332d07c87b5a98bd75dbdbb", 16);
- test_dsa256(&pub, &key, NULL);
+ test_dsa256(&pub, &key, &expected);
dsa_public_key_clear(&pub);
dsa_private_key_clear(&key);
dsa_signature_clear(&expected);
- SUCCESS();
}
--- /dev/null
+#include "testutils.h"
+
+static void
+ref_mod (mp_limb_t *rp, const mp_limb_t *ap, const mp_limb_t *mp, mp_size_t mn)
+{
+ mp_limb_t q[mn + 1];
+ mpn_tdiv_qr (q, rp, 0, ap, 2*mn, mp, mn);
+}
+
+#define MAX_ECC_SIZE (1 + 521 / GMP_NUMB_BITS)
+#define MAX_SIZE (2*MAX_ECC_SIZE)
+#define COUNT 50000
+
+void
+test_main (void)
+{
+ gmp_randstate_t state;
+ mp_limb_t a[MAX_SIZE];
+ mp_limb_t m[MAX_SIZE];
+ mp_limb_t ref[MAX_SIZE];
+ unsigned i;
+ mpz_t r;
+
+ gmp_randinit_default (state);
+
+ mpz_init (r);
+
+ for (i = 0; ecc_curves[i]; i++)
+ {
+ const struct ecc_curve *ecc = ecc_curves[i];
+ unsigned j;
+ for (j = 0; j < COUNT; j++)
+ {
+ if (j & 1)
+ mpz_rrandomb (r, state, 2*ecc->size * GMP_NUMB_BITS);
+ else
+ mpz_urandomb (r, state, 2*ecc->size * GMP_NUMB_BITS);
+
+ mpz_limbs_copy (a, r, 2*ecc->size);
+
+ ref_mod (ref, a, ecc->p, ecc->size);
+
+ mpn_copyi (m, a, 2*ecc->size);
+ ecc->modp (ecc, m);
+ if (mpn_cmp (m, ecc->p, ecc->size) >= 0)
+ mpn_sub_n (m, m, ecc->p, ecc->size);
+
+ if (mpn_cmp (m, ref, ecc->size))
+ {
+ fprintf (stderr, "ecc->modp failed: bit_size = %u\n",
+ ecc->bit_size);
+ gmp_fprintf (stderr, "a = %Nx\n", a, 2*ecc->size);
+ gmp_fprintf (stderr, "m = %Nx (bad)\n", m, ecc->size);
+ gmp_fprintf (stderr, "ref = %Nx\n", ref, ecc->size);
+ abort ();
+ }
+
+ if (ecc->Bmodp_size < ecc->size)
+ {
+ mpn_copyi (m, a, 2*ecc->size);
+ ecc_generic_modp (ecc, m);
+ if (mpn_cmp (m, ecc->p, ecc->size) >= 0)
+ mpn_sub_n (m, m, ecc->p, ecc->size);
+
+ if (mpn_cmp (m, ref, ecc->size))
+ {
+ fprintf (stderr, "ecc_generic_modp failed: bit_size = %u\n",
+ ecc->bit_size);
+ gmp_fprintf (stderr, "a = %Nx\n", a, 2*ecc->size);
+ gmp_fprintf (stderr, "m = %Nx (bad)\n", m, ecc->size);
+ gmp_fprintf (stderr, "ref = %Nx\n", ref, ecc->size);
+ abort ();
+ }
+ }
+
+ ref_mod (ref, a, ecc->q, ecc->size);
+
+ mpn_copyi (m, a, 2*ecc->size);
+ ecc->modq (ecc, m);
+ if (mpn_cmp (m, ecc->q, ecc->size) >= 0)
+ mpn_sub_n (m, m, ecc->q, ecc->size);
+
+ if (mpn_cmp (m, ref, ecc->size))
+ {
+ fprintf (stderr, "ecc->modq failed: bit_size = %u\n",
+ ecc->bit_size);
+ gmp_fprintf (stderr, "a = %Nx\n", a, 2*ecc->size);
+ gmp_fprintf (stderr, "m = %Nx (bad)\n", m, ecc->size);
+ gmp_fprintf (stderr, "ref = %Nx\n", ref, ecc->size);
+ abort ();
+ }
+
+ if (ecc->Bmodp_size < ecc->size)
+ {
+ mpn_copyi (m, a, 2*ecc->size);
+ ecc_generic_modq (ecc, m);
+ if (mpn_cmp (m, ecc->q, ecc->size) >= 0)
+ mpn_sub_n (m, m, ecc->q, ecc->size);
+
+ if (mpn_cmp (m, ref, ecc->size))
+ {
+ fprintf (stderr, "ecc_generic_modp failed: bit_size = %u\n",
+ ecc->bit_size);
+ gmp_fprintf (stderr, "a = %Nx\n", a, 2*ecc->size);
+ gmp_fprintf (stderr, "m = %Nx (bad)\n", m, ecc->size);
+ gmp_fprintf (stderr, "ref = %Nx\n", ref, ecc->size);
+ abort ();
+ }
+ }
+ }
+ }
+
+ mpz_clear (r);
+ gmp_randclear (state);
+}
--- /dev/null
+#include "testutils.h"
+
+static int
+ref_modinv (mp_limb_t *rp, const mp_limb_t *ap, const mp_limb_t *mp, mp_size_t mn)
+{
+ mp_limb_t tp[4*(mn+1)];
+ mp_limb_t *up = tp;
+ mp_limb_t *vp = tp + mn+1;
+ mp_limb_t *gp = tp + 2*(mn+1);
+ mp_limb_t *sp = tp + 3*(mn+1);
+ mp_size_t gn, sn;
+
+ mpn_copyi (up, ap, mn);
+ mpn_copyi (vp, mp, mn);
+ gn = mpn_gcdext (gp, sp, &sn, up, mn, vp, mn);
+ if (gn != 1 || gp[0] != 1)
+ return 0;
+
+ if (sn < 0)
+ mpn_sub (sp, mp, mn, sp, -sn);
+ else if (sn < mn)
+ /* Zero-pad. */
+ mpn_zero (sp + sn, mn - sn);
+
+ mpn_copyi (rp, sp, mn);
+ return 1;
+}
+
+#define MAX_ECC_SIZE (1 + 521 / GMP_NUMB_BITS)
+#define COUNT 500
+
+void
+test_main (void)
+{
+ gmp_randstate_t state;
+ mp_limb_t a[MAX_ECC_SIZE];
+ mp_limb_t ai[MAX_ECC_SIZE];
+ mp_limb_t ref[MAX_ECC_SIZE];
+ mp_limb_t scratch[ECC_MODINV_ITCH (MAX_ECC_SIZE)];
+ unsigned i;
+ mpz_t r;
+
+ gmp_randinit_default (state);
+ mpz_init (r);
+
+ for (i = 0; ecc_curves[i]; i++)
+ {
+ const struct ecc_curve *ecc = ecc_curves[i];
+ unsigned j;
+ for (j = 0; j < COUNT; j++)
+ {
+ if (j & 1)
+ mpz_rrandomb (r, state, ecc->size * GMP_NUMB_BITS);
+ else
+ mpz_urandomb (r, state, ecc->size * GMP_NUMB_BITS);
+
+ mpz_limbs_copy (a, r, ecc->size);
+
+ if (!ref_modinv (ref, a, ecc->p, ecc->size))
+ {
+ if (verbose)
+ fprintf (stderr, "Test %u (bit size %u) not invertible.\n",
+ j, ecc->bit_size);
+ continue;
+ }
+ ecc_modp_inv (ecc, ai, a, scratch);
+ if (mpn_cmp (ref, ai, ecc->size))
+ {
+ fprintf (stderr, "ecc_modp_inv failed (test %u, bit size %u):\n",
+ j, ecc->bit_size);
+ gmp_fprintf (stderr, "a = %Zx\n"
+ "p = %Nx\n"
+ "t = %Nx (bad)\n"
+ "r = %Nx\n",
+ r, ecc->p, ecc->size,
+ ai, ecc->size,
+ ref, ecc->size);
+ abort ();
+ }
+
+ mpz_limbs_copy (a, r, ecc->size);
+
+ if (!ref_modinv (ref, a, ecc->q, ecc->size))
+ {
+ fprintf (stderr, "Test %u (bit size %u) not invertible.\n",
+ j, ecc->bit_size);
+ continue;
+ }
+ ecc_modq_inv (ecc, ai, a, scratch);
+ if (mpn_cmp (ref, ai, ecc->size))
+ {
+ fprintf (stderr, "ecc_modq_inv failed (test %u, bit size %u):\n",
+ j, ecc->bit_size);
+ gmp_fprintf (stderr, "a = %Zx\n"
+ "p = %Nx\n"
+ "t = %Nx (bad)\n"
+ "r = %Nx\n",
+ r, ecc->p, ecc->size,
+ ai, ecc->size,
+ ref, ecc->size);
+ abort ();
+ }
+ }
+ }
+ gmp_randclear (state);
+ mpz_clear (r);
+}
--- /dev/null
+#include "testutils.h"
+
+void
+test_main (void)
+{
+ gmp_randstate_t state;
+ mpz_t r;
+ unsigned i;
+
+ gmp_randinit_default (state);
+ mpz_init (r);
+
+ for (i = 0; ecc_curves[i]; i++)
+ {
+ const struct ecc_curve *ecc = ecc_curves[i];
+ mp_size_t size = ecc_size (ecc);
+ mp_limb_t *p = xalloc_limbs (ecc_size_j (ecc));
+ mp_limb_t *q = xalloc_limbs (ecc_size_j (ecc));
+ mp_limb_t *n = xalloc_limbs (size);
+ mp_limb_t *scratch = xalloc_limbs (ecc_mul_a_itch (ecc));
+ unsigned j;
+
+ mpn_zero (n, size);
+
+ n[0] = 1;
+ ecc_mul_a (ecc, 1, p, n, ecc->g, scratch);
+ ecc_j_to_a (ecc, 1, p, p, scratch);
+
+ if (mpn_cmp (p, ecc->g, 2*size != 0))
+ die ("curve %d: ecc_mul_a with n = 1 failed.\n", ecc->bit_size);
+
+ if (ecc->use_redc)
+ {
+ ecc_mul_a (ecc, 0, p, n, ecc->redc_g, scratch);
+ ecc_j_to_a (ecc, 1, p, p, scratch);
+
+ if (mpn_cmp (p, ecc->g, 2*size != 0))
+ die ("curve %d: ecc_mul_a with n = 1 and redc failed.\n", ecc->bit_size);
+ }
+ for (n[0] = 2; n[0] <= 4; n[0]++)
+ {
+ ecc_mul_a (ecc, 1, p, n, ecc->g, scratch);
+ test_ecc_mul_j (i, n[0], p);
+ if (ecc->use_redc)
+ {
+ ecc_mul_a (ecc, 0, p, n, ecc->redc_g, scratch);
+ test_ecc_mul_j (i, n[0], p);
+ }
+ }
+
+ /* (order - 1) * g = - g */
+ mpn_sub_1 (n, ecc->q, size, 1);
+ ecc_mul_a (ecc, 1, p, n, ecc->g, scratch);
+ ecc_j_to_a (ecc, 1, p, p, scratch);
+ mpn_sub_n (p + size, ecc->p, p + size, size);
+ if (mpn_cmp (p, ecc->g, 2*size) != 0)
+ {
+ fprintf (stderr, "ecc_mul_a with n = order - 1 failed.\n");
+ abort ();
+ }
+
+ mpn_zero (n, size);
+
+ for (j = 0; j < 100; j++)
+ {
+ if (j & 1)
+ mpz_rrandomb (r, state, size * GMP_NUMB_BITS);
+ else
+ mpz_urandomb (r, state, size * GMP_NUMB_BITS);
+
+ /* Reduce so that (almost surely) n < q */
+ mpz_limbs_copy (n, r, size);
+ n[size - 1] %= ecc->q[size - 1];
+
+ ecc_mul_a (ecc, 1, p, n, ecc->g, scratch);
+ ecc_j_to_a (ecc, 1, p, p, scratch);
+
+ ecc_mul_g (ecc, q, n, scratch);
+ ecc_j_to_a (ecc, 1, q, q, scratch);
+
+ if (mpn_cmp (p, q, 2*size))
+ {
+ gmp_fprintf (stderr,
+ "Different results from ecc_mul_a and ecc_mul_g.\n"
+ " bits = %u\n"
+ " n = %Nx\n",
+ ecc->bit_size, n, size);
+ gmp_fprintf (stderr, "p = %Nx,\n %Nx\n",
+ p, size, p + size, size);
+ gmp_fprintf (stderr, "q = %Nx,\n %Nx\n",
+ q, size, q + size, size);
+ abort ();
+ }
+ }
+ free (n);
+ free (p);
+ free (q);
+ free (scratch);
+ }
+ mpz_clear (r);
+ gmp_randclear (state);
+}
--- /dev/null
+#include "testutils.h"
+
+void
+test_main (void)
+{
+ gmp_randstate_t state;
+ mpz_t r;
+ unsigned i;
+
+ gmp_randinit_default (state);
+ mpz_init (r);
+
+ for (i = 0; ecc_curves[i]; i++)
+ {
+ const struct ecc_curve *ecc = ecc_curves[i];
+ mp_size_t size = ecc_size (ecc);
+ mp_limb_t *p = xalloc_limbs (ecc_size_j (ecc));
+ mp_limb_t *q = xalloc_limbs (ecc_size_j (ecc));
+ mp_limb_t *n = xalloc_limbs (size);
+ mp_limb_t *scratch = xalloc_limbs (ecc_mul_g_itch (ecc));
+
+ mpn_zero (n, size);
+
+ n[0] = 1;
+ ecc_mul_g (ecc, p, n, scratch);
+ ecc_j_to_a (ecc, 1, p, p, scratch);
+
+ if (mpn_cmp (p, ecc->g, 2*size != 0))
+ {
+ fprintf (stderr, "ecc_mul_g with n = 1 failed.\n");
+ abort ();
+ }
+
+ for (n[0] = 2; n[0] <= 4; n[0]++)
+ {
+ ecc_mul_g (ecc, p, n, scratch);
+ test_ecc_mul_j (i, n[0], p);
+ }
+
+ /* (order - 1) * g = - g */
+ mpn_sub_1 (n, ecc->q, size, 1);
+ ecc_mul_g (ecc, p, n, scratch);
+ ecc_j_to_a (ecc, 1, p, p, scratch);
+ mpn_sub_n (p + size, ecc->p, p + size, size);
+ if (mpn_cmp (p, ecc->g, 2*size) != 0)
+ {
+ fprintf (stderr, "ecc_mul_g with n = order - 1 failed.\n");
+ abort ();
+ }
+
+ free (n);
+ free (p);
+ free (q);
+ free (scratch);
+ }
+ mpz_clear (r);
+ gmp_randclear (state);
+}
--- /dev/null
+#include "testutils.h"
+
+static void
+ref_redc (mp_limb_t *rp, const mp_limb_t *ap, const mp_limb_t *mp, mp_size_t mn)
+{
+ mpz_t t;
+ mpz_t m, a;
+ mp_size_t an;
+
+ mpz_init (t);
+ mpz_setbit (t, mn * GMP_NUMB_BITS);
+
+ mpz_roinit_n (m, mp, mn);
+
+ an = 2*mn;
+ while (an > 0 && ap[an-1] == 0)
+ an--;
+
+ mpz_roinit_n (a, ap, an);
+
+ mpz_invert (t, t, m);
+ mpz_mul (t, t, a);
+ mpz_mod (t, t, m);
+
+ mpz_limbs_copy (rp, t, mn);
+
+ mpz_clear (t);
+}
+
+#define MAX_ECC_SIZE (1 + 521 / GMP_NUMB_BITS)
+#define MAX_SIZE (2*MAX_ECC_SIZE)
+#define COUNT 50000
+
+void
+test_main (void)
+{
+ gmp_randstate_t state;
+ mp_limb_t a[MAX_SIZE];
+ mp_limb_t m[MAX_SIZE];
+ mp_limb_t ref[MAX_SIZE];
+ unsigned i;
+ mpz_t r;
+
+ gmp_randinit_default (state);
+
+ mpz_init (r);
+
+ for (i = 0; ecc_curves[i]; i++)
+ {
+ const struct ecc_curve *ecc = ecc_curves[i];
+ unsigned j;
+ if (!ecc->redc)
+ continue;
+
+ for (j = 0; j < COUNT; j++)
+ {
+ if (j & 1)
+ mpz_rrandomb (r, state, 2*ecc->size * GMP_NUMB_BITS);
+ else
+ mpz_urandomb (r, state, 2*ecc->size * GMP_NUMB_BITS);
+
+ mpz_limbs_copy (a, r, 2*ecc->size);
+
+ ref_redc (ref, a, ecc->p, ecc->size);
+
+ mpn_copyi (m, a, 2*ecc->size);
+ ecc->redc (ecc, m);
+ if (mpn_cmp (m, ecc->p, ecc->size) >= 0)
+ mpn_sub_n (m, m, ecc->p, ecc->size);
+
+ if (mpn_cmp (m, ref, ecc->size))
+ {
+ fprintf (stderr, "ecc->redc failed: bit_size = %u\n",
+ ecc->bit_size);
+ gmp_fprintf (stderr, "a = %Nx\n", a, 2*ecc->size);
+ gmp_fprintf (stderr, "m = %Nx (bad)\n", m, ecc->size);
+ gmp_fprintf (stderr, "ref = %Nx\n", ref, ecc->size);
+ abort ();
+ }
+
+ mpn_copyi (m, a, 2*ecc->size);
+ ecc_generic_redc (ecc, m);
+ if (mpn_cmp (m, ecc->p, ecc->size) >= 0)
+ mpn_sub_n (m, m, ecc->p, ecc->size);
+
+ if (mpn_cmp (m, ref, ecc->size))
+ {
+ fprintf (stderr, "ecc_generic_redc failed: bit_size = %u\n",
+ ecc->bit_size);
+ gmp_fprintf (stderr, "a = %Nx\n", a, 2*ecc->size);
+ gmp_fprintf (stderr, "m = %Nx (bad)\n", m, ecc->size);
+ gmp_fprintf (stderr, "ref = %Nx\n", ref, ecc->size);
+ abort ();
+ }
+ }
+ }
+
+ mpz_clear (r);
+ gmp_randclear (state);
+}
--- /dev/null
+#include "testutils.h"
+#include "knuth-lfib.h"
+
+/* Check if y^2 = x^3 - 3x + b */
+static int
+ecc_valid_p (struct ecc_point *pub)
+{
+ mpz_t t, x, y;
+ mpz_t lhs, rhs;
+ int res;
+ mp_size_t size;
+
+ size = pub->ecc->size;
+
+ /* First check range */
+ if (mpn_cmp (pub->p, pub->ecc->p, size) >= 0
+ || mpn_cmp (pub->p + size, pub->ecc->p, size) >= 0)
+ return 0;
+
+ mpz_init (lhs);
+ mpz_init (rhs);
+
+ mpz_roinit_n (x, pub->p, size);
+ mpz_roinit_n (y, pub->p + size, size);
+
+ mpz_mul (lhs, y, y);
+ mpz_mul (rhs, x, x);
+ mpz_sub_ui (rhs, rhs, 3);
+ mpz_mul (rhs, rhs, x);
+ mpz_add (rhs, rhs, mpz_roinit_n (t, pub->ecc->b, size));
+
+ res = mpz_congruent_p (lhs, rhs, mpz_roinit_n (t, pub->ecc->p, size));
+
+ mpz_clear (lhs);
+ mpz_clear (rhs);
+
+ return res;
+}
+
+void
+test_main (void)
+{
+ unsigned i;
+ struct knuth_lfib_ctx rctx;
+ struct dsa_signature signature;
+
+ struct tstring *digest;
+
+ knuth_lfib_init (&rctx, 4711);
+ dsa_signature_init (&signature);
+
+ digest = SHEX (/* sha256("abc") */
+ "BA7816BF 8F01CFEA 414140DE 5DAE2223"
+ "B00361A3 96177A9C B410FF61 F20015AD");
+
+ for (i = 0; ecc_curves[i]; i++)
+ {
+ const struct ecc_curve *ecc = ecc_curves[i];
+ struct ecc_point pub;
+ struct ecc_scalar key;
+
+ if (verbose)
+ fprintf (stderr, "Curve %d\n", ecc->bit_size);
+
+ ecc_point_init (&pub, ecc);
+ ecc_scalar_init (&key, ecc);
+
+ ecdsa_generate_keypair (&pub, &key,
+ &rctx,
+ (nettle_random_func *) knuth_lfib_random);
+
+ if (verbose)
+ {
+ gmp_fprintf (stderr,
+ "Public key:\nx = %Nx\ny = %Nx\n",
+ pub.p, ecc->size, pub.p + ecc->size, ecc->size);
+ gmp_fprintf (stderr,
+ "Private key: %Nx\n", key.p, ecc->size);
+ }
+ if (!ecc_valid_p (&pub))
+ die ("ecdsa_generate_keypair produced an invalid point.\n");
+
+ ecdsa_sign (&key,
+ &rctx, (nettle_random_func *) knuth_lfib_random,
+ digest->length, digest->data,
+ &signature);
+
+ if (!ecdsa_verify (&pub, digest->length, digest->data,
+ &signature))
+ die ("ecdsa_verify failed.\n");
+
+ digest->data[3] ^= 17;
+ if (ecdsa_verify (&pub, digest->length, digest->data,
+ &signature))
+ die ("ecdsa_verify returned success with invalid digest.\n");
+ digest->data[3] ^= 17;
+
+ mpz_combit (signature.r, 117);
+ if (ecdsa_verify (&pub, digest->length, digest->data,
+ &signature))
+ die ("ecdsa_verify returned success with invalid signature.r.\n");
+
+ mpz_combit (signature.r, 117);
+ mpz_combit (signature.s, 93);
+ if (ecdsa_verify (&pub, digest->length, digest->data,
+ &signature))
+ die ("ecdsa_verify returned success with invalid signature.s.\n");
+
+ ecc_point_clear (&pub);
+ ecc_scalar_clear (&key);
+ }
+ dsa_signature_clear (&signature);
+}
--- /dev/null
+#include "testutils.h"
+
+static void
+test_ecdsa (const struct ecc_curve *ecc,
+ /* Private key */
+ const char *sz,
+ /* Random nonce */
+ const char *sk,
+ /* Hash */
+ const struct tstring *h,
+ /* Expected signature */
+ const char *r, const char *s)
+{
+ struct dsa_signature ref;
+ mpz_t z;
+ mpz_t k;
+ mp_limb_t *rp = xalloc_limbs (ecc->size);
+ mp_limb_t *sp = xalloc_limbs (ecc->size);
+ mp_limb_t *scratch = xalloc_limbs (ecc_ecdsa_sign_itch (ecc));
+
+ dsa_signature_init (&ref);
+
+ mpz_init_set_str (z, sz, 16);
+ mpz_init_set_str (k, sk, 16);
+
+ ecc_ecdsa_sign (ecc, mpz_limbs_read_n (z, ecc->size),
+ mpz_limbs_read_n (k, ecc->size),
+ h->length, h->data, rp, sp, scratch);
+
+ mpz_set_str (ref.r, r, 16);
+ mpz_set_str (ref.s, s, 16);
+
+ if (mpz_limbs_cmp (ref.r, rp, ecc->size) != 0
+ || mpz_limbs_cmp (ref.s, sp, ecc->size) != 0)
+ {
+ fprintf (stderr, "_ecdsa_sign failed, bit_size = %u\n", ecc->bit_size);
+ gmp_fprintf (stderr, "r = %Nx\n", rp, ecc->size);
+ gmp_fprintf (stderr, "s = %Nx\n", sp, ecc->size);
+ gmp_fprintf (stderr, "ref.r = %Zx\n", ref.r);
+ gmp_fprintf (stderr, "ref.s = %Zx\n", ref.s);
+ abort();
+ }
+
+ free (rp);
+ free (sp);
+ free (scratch);
+
+ dsa_signature_clear (&ref);
+ mpz_clear (k);
+ mpz_clear (z);
+}
+
+void
+test_main (void)
+{
+ /* Test cases for the smaller groups, verified with a
+ proof-of-concept implementation done for Yubico AB. */
+ test_ecdsa (&nettle_secp_192r1,
+ "DC51D3866A15BACDE33D96F992FCA99D"
+ "A7E6EF0934E70975", /* z */
+
+ "9E56F509196784D963D1C0A401510EE7"
+ "ADA3DCC5DEE04B15", /* k */
+
+ SHEX("BA7816BF8F01CFEA414140DE5DAE2223"
+ "B00361A396177A9C"), /* h */
+
+ "8c478db6a5c131540cebc739f9c0a9a8"
+ "c720c2abdd14a891", /* r */
+
+ "a91fb738f9f175d72f9c98527e881c36"
+ "8de68cb55ffe589"); /* s */
+
+ test_ecdsa (&nettle_secp_224r1,
+ "446df0a771ed58403ca9cb316e617f6b"
+ "158420465d00a69601e22858", /* z */
+
+ "4c13f1905ad7eb201178bc08e0c9267b"
+ "4751c15d5e1831ca214c33f4", /* z */
+
+ SHEX("1b28a611fe62ab3649350525d06703ba"
+ "4b979a1e543566fd5caa85c6"), /* h */
+
+ "2cc280778f3d067df6d3adbe3a6aad63"
+ "bc75f08f5c5f915411902a99", /* r */
+
+ "d0f069fd0f108eb07b7bbc54c8d6c88d"
+ "f2715c38a95c31a2b486995f"); /* s */
+
+ /* From RFC 4754 */
+ test_ecdsa (&nettle_secp_256r1,
+ "DC51D386 6A15BACD E33D96F9 92FCA99D"
+ "A7E6EF09 34E70975 59C27F16 14C88A7F", /* z */
+
+ "9E56F509 196784D9 63D1C0A4 01510EE7"
+ "ADA3DCC5 DEE04B15 4BF61AF1 D5A6DECE", /* k */
+
+ SHEX("BA7816BF 8F01CFEA 414140DE 5DAE2223"
+ "B00361A3 96177A9C B410FF61 F20015AD"), /* h */
+
+ "CB28E099 9B9C7715 FD0A80D8 E47A7707"
+ "9716CBBF 917DD72E 97566EA1 C066957C", /* r */
+ "86FA3BB4 E26CAD5B F90B7F81 899256CE"
+ "7594BB1E A0C89212 748BFF3B 3D5B0315"); /* s */
+
+ test_ecdsa (&nettle_secp_384r1,
+ "0BEB6466 34BA8773 5D77AE48 09A0EBEA"
+ "865535DE 4C1E1DCB 692E8470 8E81A5AF"
+ "62E528C3 8B2A81B3 5309668D 73524D9F", /* z */
+
+ "B4B74E44 D71A13D5 68003D74 89908D56"
+ "4C7761E2 29C58CBF A1895009 6EB7463B"
+ "854D7FA9 92F934D9 27376285 E63414FA", /* k */
+
+ SHEX("CB00753F 45A35E8B B5A03D69 9AC65007"
+ "272C32AB 0EDED163 1A8B605A 43FF5BED"
+ "8086072B A1E7CC23 58BAECA1 34C825A7"), /* h */
+
+ "FB017B91 4E291494 32D8BAC2 9A514640"
+ "B46F53DD AB2C6994 8084E293 0F1C8F7E"
+ "08E07C9C 63F2D21A 07DCB56A 6AF56EB3", /* r */
+ "B263A130 5E057F98 4D38726A 1B468741"
+ "09F417BC A112674C 528262A4 0A629AF1"
+ "CBB9F516 CE0FA7D2 FF630863 A00E8B9F"); /* s*/
+
+ test_ecdsa (&nettle_secp_521r1,
+ "0065FDA3 409451DC AB0A0EAD 45495112"
+ "A3D813C1 7BFD34BD F8C1209D 7DF58491"
+ "20597779 060A7FF9 D704ADF7 8B570FFA"
+ "D6F062E9 5C7E0C5D 5481C5B1 53B48B37"
+ "5FA1", /* z */
+
+ "00C1C2B3 05419F5A 41344D7E 4359933D"
+ "734096F5 56197A9B 244342B8 B62F46F9"
+ "373778F9 DE6B6497 B1EF825F F24F42F9"
+ "B4A4BD73 82CFC337 8A540B1B 7F0C1B95"
+ "6C2F", /* k */
+
+ SHEX("DDAF35A1 93617ABA CC417349 AE204131"
+ "12E6FA4E 89A97EA2 0A9EEEE6 4B55D39A"
+ "2192992A 274FC1A8 36BA3C23 A3FEEBBD"
+ "454D4423 643CE80E 2A9AC94F A54CA49F"), /* h */
+
+ "0154FD38 36AF92D0 DCA57DD5 341D3053"
+ "988534FD E8318FC6 AAAAB68E 2E6F4339"
+ "B19F2F28 1A7E0B22 C269D93C F8794A92"
+ "78880ED7 DBB8D936 2CAEACEE 54432055"
+ "2251", /* r */
+ "017705A7 030290D1 CEB605A9 A1BB03FF"
+ "9CDD521E 87A696EC 926C8C10 C8362DF4"
+ "97536710 1F67D1CF 9BCCBF2F 3D239534"
+ "FA509E70 AAC851AE 01AAC68D 62F86647"
+ "2660"); /* s */
+}
+
--- /dev/null
+#include "testutils.h"
+
+static void
+test_ecdsa (const struct ecc_curve *ecc,
+ /* Public key */
+ const char *xs, const char *ys,
+ /* Hash */
+ struct tstring *h,
+ /* Valid signature */
+ const char *r, const char *s)
+{
+ struct ecc_point pub;
+ struct dsa_signature signature;
+ mpz_t x, y;
+
+ ecc_point_init (&pub, ecc);
+ dsa_signature_init (&signature);
+
+ mpz_init_set_str (x, xs, 16);
+ mpz_init_set_str (y, ys, 16);
+
+ if (!ecc_point_set (&pub, x, y))
+ die ("ecc_point_set failed.\n");
+
+ mpz_set_str (signature.r, r, 16);
+ mpz_set_str (signature.s, s, 16);
+
+ if (!ecdsa_verify (&pub, h->length, h->data, &signature))
+ {
+ fprintf (stderr, "ecdsa_verify failed with valid signature.\n");
+ fail:
+ fprintf (stderr, "bit_size = %u\n", ecc->bit_size);
+ gmp_fprintf (stderr, "x = %Zx\n", x);
+ gmp_fprintf (stderr, "y = %Zx\ndigest ", y);
+ print_hex (h->length, h->data);
+ gmp_fprintf (stderr, "r = %Zx\n", signature.r);
+ gmp_fprintf (stderr, "s = %Zx\n", signature.s);
+ abort();
+ }
+
+ mpz_combit (signature.r, ecc->bit_size / 3);
+ if (ecdsa_verify (&pub, h->length, h->data, &signature))
+ {
+ fprintf (stderr, "ecdsa_verify unexpectedly succeeded with invalid signature.\n");
+ goto fail;
+ }
+ mpz_combit (signature.r, ecc->bit_size / 3);
+
+ mpz_combit (signature.s, 4*ecc->bit_size / 5);
+ if (ecdsa_verify (&pub, h->length, h->data, &signature))
+ {
+ fprintf (stderr, "ecdsa_verify unexpectedly succeeded with invalid signature.\n");
+ goto fail;
+ }
+ mpz_combit (signature.s, 4*ecc->bit_size / 5);
+
+ h->data[2*h->length / 3] ^= 0x40;
+ if (ecdsa_verify (&pub, h->length, h->data, &signature))
+ {
+ fprintf (stderr, "ecdsa_verify unexpectedly succeeded with invalid signature.\n");
+ goto fail;
+ }
+ h->data[2*h->length / 3] ^= 0x40;
+ if (!ecdsa_verify (&pub, h->length, h->data, &signature))
+ {
+ fprintf (stderr, "ecdsa_verify failed, internal testsuite error.\n");
+ goto fail;
+ }
+
+ ecc_point_clear (&pub);
+ dsa_signature_clear (&signature);
+ mpz_clear (x);
+ mpz_clear (y);
+}
+
+void
+test_main (void)
+{
+ /* From RFC 4754 */
+ test_ecdsa (&nettle_secp_256r1,
+ "2442A5CC 0ECD015F A3CA31DC 8E2BBC70"
+ "BF42D60C BCA20085 E0822CB0 4235E970", /* x */
+
+ "6FC98BD7 E50211A4 A27102FA 3549DF79"
+ "EBCB4BF2 46B80945 CDDFE7D5 09BBFD7D", /* y */
+
+ SHEX("BA7816BF 8F01CFEA 414140DE 5DAE2223"
+ "B00361A3 96177A9C B410FF61 F20015AD"), /* h */
+
+ "CB28E099 9B9C7715 FD0A80D8 E47A7707"
+ "9716CBBF 917DD72E 97566EA1 C066957C", /* r */
+ "86FA3BB4 E26CAD5B F90B7F81 899256CE"
+ "7594BB1E A0C89212 748BFF3B 3D5B0315"); /* s */
+
+ test_ecdsa (&nettle_secp_384r1,
+ "96281BF8 DD5E0525 CA049C04 8D345D30"
+ "82968D10 FEDF5C5A CA0C64E6 465A97EA"
+ "5CE10C9D FEC21797 41571072 1F437922", /* x */
+
+ "447688BA 94708EB6 E2E4D59F 6AB6D7ED"
+ "FF9301D2 49FE49C3 3096655F 5D502FAD"
+ "3D383B91 C5E7EDAA 2B714CC9 9D5743CA", /* y */
+
+ SHEX("CB00753F 45A35E8B B5A03D69 9AC65007"
+ "272C32AB 0EDED163 1A8B605A 43FF5BED"
+ "8086072B A1E7CC23 58BAECA1 34C825A7"), /* h */
+
+ "FB017B91 4E291494 32D8BAC2 9A514640"
+ "B46F53DD AB2C6994 8084E293 0F1C8F7E"
+ "08E07C9C 63F2D21A 07DCB56A 6AF56EB3", /* r */
+ "B263A130 5E057F98 4D38726A 1B468741"
+ "09F417BC A112674C 528262A4 0A629AF1"
+ "CBB9F516 CE0FA7D2 FF630863 A00E8B9F"); /* s*/
+
+ test_ecdsa (&nettle_secp_521r1,
+ "0151518F 1AF0F563 517EDD54 85190DF9"
+ "5A4BF57B 5CBA4CF2 A9A3F647 4725A35F"
+ "7AFE0A6D DEB8BEDB CD6A197E 592D4018"
+ "8901CECD 650699C9 B5E456AE A5ADD190"
+ "52A8", /* x */
+
+ "006F3B14 2EA1BFFF 7E2837AD 44C9E4FF"
+ "6D2D34C7 3184BBAD 90026DD5 E6E85317"
+ "D9DF45CA D7803C6C 20035B2F 3FF63AFF"
+ "4E1BA64D 1C077577 DA3F4286 C58F0AEA"
+ "E643", /* y */
+
+ SHEX("DDAF35A1 93617ABA CC417349 AE204131"
+ "12E6FA4E 89A97EA2 0A9EEEE6 4B55D39A"
+ "2192992A 274FC1A8 36BA3C23 A3FEEBBD"
+ "454D4423 643CE80E 2A9AC94F A54CA49F"), /* h */
+
+ "0154FD38 36AF92D0 DCA57DD5 341D3053"
+ "988534FD E8318FC6 AAAAB68E 2E6F4339"
+ "B19F2F28 1A7E0B22 C269D93C F8794A92"
+ "78880ED7 DBB8D936 2CAEACEE 54432055"
+ "2251", /* r */
+ "017705A7 030290D1 CEB605A9 A1BB03FF"
+ "9CDD521E 87A696EC 926C8C10 C8362DF4"
+ "97536710 1F67D1CF 9BCCBF2F 3D239534"
+ "FA509E70 AAC851AE 01AAC68D 62F86647"
+ "2660"); /* s */
+}
--- /dev/null
+#include "testutils.h"
+#include "aes.h"
+#include "nettle-internal.h"
+
+void
+test_main(void)
+{
+ /*
+ * GCM-AES Test Vectors from
+ * http://www.cryptobarn.com/papers/gcm-spec.pdf
+ */
+
+ /* Test case 1 */
+ test_aead(&nettle_gcm_aes128,
+ SHEX("00000000000000000000000000000000"), /* key */
+ SHEX(""), /* auth data */
+ SHEX(""), /* plaintext */
+ SHEX(""), /* ciphertext*/
+ SHEX("000000000000000000000000"), /* IV */
+ SHEX("58e2fccefa7e3061367f1d57a4e7455a")); /* tag */
+
+ /* Test case 2 */
+ test_aead(&nettle_gcm_aes128,
+ SHEX("00000000000000000000000000000000"),
+ SHEX(""),
+ SHEX("00000000000000000000000000000000"),
+ SHEX("0388dace60b6a392f328c2b971b2fe78"),
+ SHEX("000000000000000000000000"),
+ SHEX("ab6e47d42cec13bdf53a67b21257bddf"));
+
+ /* Test case 3 */
+ test_aead(&nettle_gcm_aes128,
+ SHEX("feffe9928665731c6d6a8f9467308308"),
+ SHEX(""),
+ SHEX("d9313225f88406e5a55909c5aff5269a"
+ "86a7a9531534f7da2e4c303d8a318a72"
+ "1c3c0c95956809532fcf0e2449a6b525"
+ "b16aedf5aa0de657ba637b391aafd255"),
+ SHEX("42831ec2217774244b7221b784d0d49c"
+ "e3aa212f2c02a4e035c17e2329aca12e"
+ "21d514b25466931c7d8f6a5aac84aa05"
+ "1ba30b396a0aac973d58e091473f5985"),
+ SHEX("cafebabefacedbaddecaf888"),
+ SHEX("4d5c2af327cd64a62cf35abd2ba6fab4"));
+
+ /* Test case 4 */
+ test_aead(&nettle_gcm_aes128,
+ SHEX("feffe9928665731c6d6a8f9467308308"),
+ SHEX("feedfacedeadbeeffeedfacedeadbeef"
+ "abaddad2"),
+ SHEX("d9313225f88406e5a55909c5aff5269a"
+ "86a7a9531534f7da2e4c303d8a318a72"
+ "1c3c0c95956809532fcf0e2449a6b525"
+ "b16aedf5aa0de657ba637b39"),
+ SHEX("42831ec2217774244b7221b784d0d49c"
+ "e3aa212f2c02a4e035c17e2329aca12e"
+ "21d514b25466931c7d8f6a5aac84aa05"
+ "1ba30b396a0aac973d58e091"),
+ SHEX("cafebabefacedbaddecaf888"),
+ SHEX("5bc94fbc3221a5db94fae95ae7121a47"));
+
+ /* Test case 5 */
+ test_aead(&nettle_gcm_aes128,
+ SHEX("feffe9928665731c6d6a8f9467308308"),
+ SHEX("feedfacedeadbeeffeedfacedeadbeef"
+ "abaddad2"),
+ SHEX("d9313225f88406e5a55909c5aff5269a"
+ "86a7a9531534f7da2e4c303d8a318a72"
+ "1c3c0c95956809532fcf0e2449a6b525"
+ "b16aedf5aa0de657ba637b39"),
+ SHEX("61353b4c2806934a777ff51fa22a4755"
+ "699b2a714fcdc6f83766e5f97b6c7423"
+ "73806900e49f24b22b097544d4896b42"
+ "4989b5e1ebac0f07c23f4598"),
+ SHEX("cafebabefacedbad"),
+ SHEX("3612d2e79e3b0785561be14aaca2fccb"));
+
+ /* Test case 6 */
+ test_aead(&nettle_gcm_aes128,
+ SHEX("feffe9928665731c6d6a8f9467308308"),
+ SHEX("feedfacedeadbeeffeedfacedeadbeef"
+ "abaddad2"),
+ SHEX("d9313225f88406e5a55909c5aff5269a"
+ "86a7a9531534f7da2e4c303d8a318a72"
+ "1c3c0c95956809532fcf0e2449a6b525"
+ "b16aedf5aa0de657ba637b39"),
+ SHEX("8ce24998625615b603a033aca13fb894"
+ "be9112a5c3a211a8ba262a3cca7e2ca7"
+ "01e4a9a4fba43c90ccdcb281d48c7c6f"
+ "d62875d2aca417034c34aee5"),
+ SHEX("9313225df88406e555909c5aff5269aa"
+ "6a7a9538534f7da1e4c303d2a318a728"
+ "c3c0c95156809539fcf0e2429a6b5254"
+ "16aedbf5a0de6a57a637b39b"),
+ SHEX("619cc5aefffe0bfa462af43c1699d050"));
+
+ /* Test case 7 */
+ test_aead(&nettle_gcm_aes128,
+ SHEX("00000000000000000000000000000000"
+ "0000000000000000"),
+ SHEX(""),
+ SHEX(""),
+ SHEX(""),
+ SHEX("000000000000000000000000"),
+ SHEX("cd33b28ac773f74ba00ed1f312572435"));
+
+ /* Test case 8 */
+ test_aead(&nettle_gcm_aes128,
+ SHEX("00000000000000000000000000000000"
+ "0000000000000000"),
+ SHEX(""),
+ SHEX("00000000000000000000000000000000"),
+ SHEX("98e7247c07f0fe411c267e4384b0f600"),
+ SHEX("000000000000000000000000"),
+ SHEX("2ff58d80033927ab8ef4d4587514f0fb"));
+
+ /* Test case 9 */
+ test_aead(&nettle_gcm_aes128,
+ SHEX("feffe9928665731c6d6a8f9467308308"
+ "feffe9928665731c"),
+ SHEX(""),
+ SHEX("d9313225f88406e5a55909c5aff5269a"
+ "86a7a9531534f7da2e4c303d8a318a72"
+ "1c3c0c95956809532fcf0e2449a6b525"
+ "b16aedf5aa0de657ba637b391aafd255"),
+ SHEX("3980ca0b3c00e841eb06fac4872a2757"
+ "859e1ceaa6efd984628593b40ca1e19c"
+ "7d773d00c144c525ac619d18c84a3f47"
+ "18e2448b2fe324d9ccda2710acade256"),
+ SHEX("cafebabefacedbaddecaf888"),
+ SHEX("9924a7c8587336bfb118024db8674a14"));
+
+ /* Test case 10 */
+ test_aead(&nettle_gcm_aes128,
+ SHEX("feffe9928665731c6d6a8f9467308308"
+ "feffe9928665731c"),
+ SHEX("feedfacedeadbeeffeedfacedeadbeef"
+ "abaddad2"),
+ SHEX("d9313225f88406e5a55909c5aff5269a"
+ "86a7a9531534f7da2e4c303d8a318a72"
+ "1c3c0c95956809532fcf0e2449a6b525"
+ "b16aedf5aa0de657ba637b39"),
+ SHEX("3980ca0b3c00e841eb06fac4872a2757"
+ "859e1ceaa6efd984628593b40ca1e19c"
+ "7d773d00c144c525ac619d18c84a3f47"
+ "18e2448b2fe324d9ccda2710"),
+ SHEX("cafebabefacedbaddecaf888"),
+ SHEX("2519498e80f1478f37ba55bd6d27618c"));
+
+ /* Test case 11 */
+ test_aead(&nettle_gcm_aes128,
+ SHEX("feffe9928665731c6d6a8f9467308308"
+ "feffe9928665731c"),
+ SHEX("feedfacedeadbeeffeedfacedeadbeef"
+ "abaddad2"),
+ SHEX("d9313225f88406e5a55909c5aff5269a"
+ "86a7a9531534f7da2e4c303d8a318a72"
+ "1c3c0c95956809532fcf0e2449a6b525"
+ "b16aedf5aa0de657ba637b39"),
+ SHEX("0f10f599ae14a154ed24b36e25324db8"
+ "c566632ef2bbb34f8347280fc4507057"
+ "fddc29df9a471f75c66541d4d4dad1c9"
+ "e93a19a58e8b473fa0f062f7"),
+ SHEX("cafebabefacedbad"),
+ SHEX("65dcc57fcf623a24094fcca40d3533f8"));
+
+ /* Test case 12 */
+ test_aead(&nettle_gcm_aes128,
+ SHEX("feffe9928665731c6d6a8f9467308308"
+ "feffe9928665731c"),
+ SHEX("feedfacedeadbeeffeedfacedeadbeef"
+ "abaddad2"),
+ SHEX("d9313225f88406e5a55909c5aff5269a"
+ "86a7a9531534f7da2e4c303d8a318a72"
+ "1c3c0c95956809532fcf0e2449a6b525"
+ "b16aedf5aa0de657ba637b39"),
+ SHEX("d27e88681ce3243c4830165a8fdcf9ff"
+ "1de9a1d8e6b447ef6ef7b79828666e45"
+ "81e79012af34ddd9e2f037589b292db3"
+ "e67c036745fa22e7e9b7373b"),
+ SHEX("9313225df88406e555909c5aff5269aa"
+ "6a7a9538534f7da1e4c303d2a318a728"
+ "c3c0c95156809539fcf0e2429a6b5254"
+ "16aedbf5a0de6a57a637b39b"),
+ SHEX("dcf566ff291c25bbb8568fc3d376a6d9"));
+
+ /* Test case 13 */
+ test_aead(&nettle_gcm_aes128,
+ SHEX("00000000000000000000000000000000"
+ "00000000000000000000000000000000"),
+ SHEX(""),
+ SHEX(""),
+ SHEX(""),
+ SHEX("000000000000000000000000"),
+ SHEX("530f8afbc74536b9a963b4f1c4cb738b"));
+
+ /* Test case 14 */
+ test_aead(&nettle_gcm_aes128,
+ SHEX("00000000000000000000000000000000"
+ "00000000000000000000000000000000"),
+ SHEX(""),
+ SHEX("00000000000000000000000000000000"),
+ SHEX("cea7403d4d606b6e074ec5d3baf39d18"),
+ SHEX("000000000000000000000000"),
+ SHEX("d0d1c8a799996bf0265b98b5d48ab919"));
+
+ /* Test case 15 */
+ test_aead(&nettle_gcm_aes128,
+ SHEX("feffe9928665731c6d6a8f9467308308"
+ "feffe9928665731c6d6a8f9467308308"),
+ SHEX(""),
+ SHEX("d9313225f88406e5a55909c5aff5269a"
+ "86a7a9531534f7da2e4c303d8a318a72"
+ "1c3c0c95956809532fcf0e2449a6b525"
+ "b16aedf5aa0de657ba637b391aafd255"),
+ SHEX("522dc1f099567d07f47f37a32a84427d"
+ "643a8cdcbfe5c0c97598a2bd2555d1aa"
+ "8cb08e48590dbb3da7b08b1056828838"
+ "c5f61e6393ba7a0abcc9f662898015ad"),
+ SHEX("cafebabefacedbaddecaf888"),
+ SHEX("b094dac5d93471bdec1a502270e3cc6c"));
+
+ /* Test case 16 */
+ test_aead(&nettle_gcm_aes128,
+ SHEX("feffe9928665731c6d6a8f9467308308"
+ "feffe9928665731c6d6a8f9467308308"),
+ SHEX("feedfacedeadbeeffeedfacedeadbeef"
+ "abaddad2"),
+ SHEX("d9313225f88406e5a55909c5aff5269a"
+ "86a7a9531534f7da2e4c303d8a318a72"
+ "1c3c0c95956809532fcf0e2449a6b525"
+ "b16aedf5aa0de657ba637b39"),
+ SHEX("522dc1f099567d07f47f37a32a84427d"
+ "643a8cdcbfe5c0c97598a2bd2555d1aa"
+ "8cb08e48590dbb3da7b08b1056828838"
+ "c5f61e6393ba7a0abcc9f662"),
+ SHEX("cafebabefacedbaddecaf888"),
+ SHEX("76fc6ece0f4e1768cddf8853bb2d551b"));
+
+ /* Test case 17 */
+ test_aead(&nettle_gcm_aes128,
+ SHEX("feffe9928665731c6d6a8f9467308308"
+ "feffe9928665731c6d6a8f9467308308"),
+ SHEX("feedfacedeadbeeffeedfacedeadbeef"
+ "abaddad2"),
+ SHEX("d9313225f88406e5a55909c5aff5269a"
+ "86a7a9531534f7da2e4c303d8a318a72"
+ "1c3c0c95956809532fcf0e2449a6b525"
+ "b16aedf5aa0de657ba637b39"),
+ SHEX("c3762df1ca787d32ae47c13bf19844cb"
+ "af1ae14d0b976afac52ff7d79bba9de0"
+ "feb582d33934a4f0954cc2363bc73f78"
+ "62ac430e64abe499f47c9b1f"),
+ SHEX("cafebabefacedbad"),
+ SHEX("3a337dbf46a792c45e454913fe2ea8f2"));
+
+ /* Test case 18 */
+ test_aead(&nettle_gcm_aes128,
+ SHEX("feffe9928665731c6d6a8f9467308308"
+ "feffe9928665731c6d6a8f9467308308"),
+ SHEX("feedfacedeadbeeffeedfacedeadbeef"
+ "abaddad2"),
+ SHEX("d9313225f88406e5a55909c5aff5269a"
+ "86a7a9531534f7da2e4c303d8a318a72"
+ "1c3c0c95956809532fcf0e2449a6b525"
+ "b16aedf5aa0de657ba637b39"),
+ SHEX("5a8def2f0c9e53f1f75d7853659e2a20"
+ "eeb2b22aafde6419a058ab4f6f746bf4"
+ "0fc0c3b780f244452da3ebf1c5d82cde"
+ "a2418997200ef82e44ae7e3f"),
+ SHEX("9313225df88406e555909c5aff5269aa"
+ "6a7a9538534f7da1e4c303d2a318a728"
+ "c3c0c95156809539fcf0e2429a6b5254"
+ "16aedbf5a0de6a57a637b39b"),
+ SHEX("a44a8266ee1c8eb0c8b5d4cf5ae9f19a"));
+}
+
--- /dev/null
+#include "testutils.h"
+#include "gosthash94.h"
+
+/* Using test vectors from Wikipedia article on GOST */
+
+void
+test_main(void)
+{
+ test_hash(&nettle_gosthash94, SDATA("The quick brown fox jumps over the lazy dog"),
+ SHEX("77b7fa410c9ac58a25f49bca7d0468c9296529315eaca76bd1a10f376d1f4294"));
+
+ test_hash(&nettle_gosthash94, SDATA("message digest"),
+ SHEX("ad4434ecb18f2c99b60cbe59ec3d2469582b65273f48de72db2fde16a4889a4d"));
+
+ test_hash(&nettle_gosthash94, SDATA("a"),
+ SHEX("d42c539e367c66e9c88a801f6649349c21871b4344c6a573f849fdce62f314dd"));
+
+ test_hash(&nettle_gosthash94, SDATA(""),
+ SHEX("ce85b99cc46752fffee35cab9a7b0278abb4c2d2055cff685af4912c49490f8d"));
+}
#include "testutils.h"
#include "hmac.h"
-/* KEY and MSG are supposed to expand to length, data */
-#define HMAC_TEST(alg, length, key, msg, mac) do { \
- hmac_##alg##_set_key(&alg, key); \
- hmac_##alg##_update(&alg, msg); \
- digest[length] = 17; \
- hmac_##alg##_digest(&alg, length, digest); \
- ASSERT(MEMEQ (length, digest, mac)); \
- ASSERT(digest[length] == 17); \
-} while (0)
-
-int
+#define HMAC_TEST(alg, key, msg, mac) \
+ do { \
+ struct hmac_##alg##_ctx ctx; \
+ \
+ hmac_##alg##_set_key(&ctx, key->length, key->data); \
+ hmac_##alg##_update(&ctx, msg->length, msg->data); \
+ digest[mac->length] = 17; \
+ hmac_##alg##_digest(&ctx, mac->length, digest); \
+ ASSERT(MEMEQ (mac->length, digest, mac->data)); \
+ ASSERT(digest[mac->length] == 17); \
+ } while (0)
+
+void
test_main(void)
{
- struct hmac_md5_ctx md5;
- struct hmac_sha1_ctx sha1;
- struct hmac_sha224_ctx sha224;
- struct hmac_sha256_ctx sha256;
- struct hmac_sha384_ctx sha384;
- struct hmac_sha512_ctx sha512;
-
/* sha512's digests are longest */
uint8_t digest[SHA512_DIGEST_SIZE+1];
/* Test vectors for md5, from RFC-2202 */
/* md5 - 1 */
- HMAC_TEST(md5, MD5_DIGEST_SIZE,
- HL("0b0b0b0b0b0b0b0b 0b0b0b0b0b0b0b0b"),
- LDATA("Hi There"),
- H("9294727a3638bb1c 13f48ef8158bfc9d"));
+ HMAC_TEST(md5,
+ SHEX("0b0b0b0b0b0b0b0b 0b0b0b0b0b0b0b0b"),
+ SDATA("Hi There"),
+ SHEX("9294727a3638bb1c 13f48ef8158bfc9d"));
/* md5 - 2 */
- HMAC_TEST(md5, MD5_DIGEST_SIZE,
- LDATA("Jefe"),
- LDATA("what do ya want for nothing?"),
- H("750c783e6ab0b503 eaa86e310a5db738"));
+ HMAC_TEST(md5,
+ SDATA("Jefe"),
+ SDATA("what do ya want for nothing?"),
+ SHEX("750c783e6ab0b503 eaa86e310a5db738"));
/* md5 - 3 */
- HMAC_TEST(md5, MD5_DIGEST_SIZE,
- HL("aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"),
- HL("dddddddddddddddd dddddddddddddddd"
- "dddddddddddddddd dddddddddddddddd"
- "dddddddddddddddd dddddddddddddddd"
- "dddd"),
- H("56be34521d144c88 dbb8c733f0e8b3f6"));
+ HMAC_TEST(md5,
+ SHEX("aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"),
+ SHEX("dddddddddddddddd dddddddddddddddd"
+ "dddddddddddddddd dddddddddddddddd"
+ "dddddddddddddddd dddddddddddddddd"
+ "dddd"),
+ SHEX("56be34521d144c88 dbb8c733f0e8b3f6"));
/* md5 - 4 */
- HMAC_TEST(md5, MD5_DIGEST_SIZE,
- HL("0102030405060708 090a0b0c0d0e0f10"
- "1112131415161718 19"),
- HL("cdcdcdcdcdcdcdcd cdcdcdcdcdcdcdcd"
- "cdcdcdcdcdcdcdcd cdcdcdcdcdcdcdcd"
- "cdcdcdcdcdcdcdcd cdcdcdcdcdcdcdcd"
- "cdcd"),
- H("697eaf0aca3a3aea 3a75164746ffaa79"));
+ HMAC_TEST(md5,
+ SHEX("0102030405060708 090a0b0c0d0e0f10"
+ "1112131415161718 19"),
+ SHEX("cdcdcdcdcdcdcdcd cdcdcdcdcdcdcdcd"
+ "cdcdcdcdcdcdcdcd cdcdcdcdcdcdcdcd"
+ "cdcdcdcdcdcdcdcd cdcdcdcdcdcdcdcd"
+ "cdcd"),
+ SHEX("697eaf0aca3a3aea 3a75164746ffaa79"));
/* md5 - 5 */
- HMAC_TEST(md5, 12,
- HL("0c0c0c0c0c0c0c0c 0c0c0c0c0c0c0c0c"),
- LDATA("Test With Truncation"),
- H("56461ef2342edc00 f9bab995"));
+ HMAC_TEST(md5,
+ SHEX("0c0c0c0c0c0c0c0c 0c0c0c0c0c0c0c0c"),
+ SDATA("Test With Truncation"),
+ SHEX("56461ef2342edc00 f9bab995"));
/* md5 - 6 */
- HMAC_TEST(md5, MD5_DIGEST_SIZE,
- HL("aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"),
- LDATA("Test Using Larger Than Block-Size Key - Hash Key First"),
- H("6b1ab7fe4bd7bf8f 0b62e6ce61b9d0cd"));
+ HMAC_TEST(md5,
+ SHEX("aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"),
+ SDATA("Test Using Larger Than Block-Size Key - Hash Key First"),
+ SHEX("6b1ab7fe4bd7bf8f 0b62e6ce61b9d0cd"));
/* md5 - 7 */
- HMAC_TEST(md5, MD5_DIGEST_SIZE,
- HL("aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"),
- LDATA("Test Using Larger Than Block-Size Key and Larger "
+ HMAC_TEST(md5,
+ SHEX("aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"),
+ SDATA("Test Using Larger Than Block-Size Key and Larger "
"Than One Block-Size Data"),
- H("6f630fad67cda0ee 1fb1f562db3aa53e"));
+ SHEX("6f630fad67cda0ee 1fb1f562db3aa53e"));
/* Additional test vectors, from Daniel Kahn Gillmor */
- HMAC_TEST(md5, MD5_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA(""),
- H("e84db42a188813f30a15e611d64c7869"));
-
- HMAC_TEST(md5, MD5_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA("a"),
- H("123662062e67c2aab371cc49db0df134"));
+ HMAC_TEST(md5,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA(""),
+ SHEX("e84db42a188813f30a15e611d64c7869"));
- HMAC_TEST(md5, MD5_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA("38"),
- H("0a46cc10a49d4b7025c040c597bf5d76"));
+ HMAC_TEST(md5,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA("a"),
+ SHEX("123662062e67c2aab371cc49db0df134"));
- HMAC_TEST(md5, MD5_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA("abc"),
- H("d1f4d89f0e8b2b6ed0623c99ec298310"));
+ HMAC_TEST(md5,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA("38"),
+ SHEX("0a46cc10a49d4b7025c040c597bf5d76"));
- HMAC_TEST(md5, MD5_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA("message digest"),
- H("1627207b9bed5009a4f6e9ca8d2ca01e"));
+ HMAC_TEST(md5,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA("abc"),
+ SHEX("d1f4d89f0e8b2b6ed0623c99ec298310"));
- HMAC_TEST(md5, MD5_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA("abcdefghijklmnopqrstuvwxyz"),
- H("922aae6ab3b3a29202e21ce5f916ae9a"));
-
- HMAC_TEST(md5, MD5_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"),
- H("ede9cb83679ba82d88fbeae865b3f8fc"));
-
- HMAC_TEST(md5, MD5_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA("12345678901234567890123456789012345678901234567890123456789012345678901234567890"),
- H("939dd45512ee3a594b6654f6b8de27f7"));
+ HMAC_TEST(md5,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA("message digest"),
+ SHEX("1627207b9bed5009a4f6e9ca8d2ca01e"));
+ HMAC_TEST(md5,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA("abcdefghijklmnopqrstuvwxyz"),
+ SHEX("922aae6ab3b3a29202e21ce5f916ae9a"));
+
+ HMAC_TEST(md5,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"),
+ SHEX("ede9cb83679ba82d88fbeae865b3f8fc"));
+
+ HMAC_TEST(md5,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA("12345678901234567890123456789012345678901234567890123456789012345678901234567890"),
+ SHEX("939dd45512ee3a594b6654f6b8de27f7"));
+
+ /* Test vectors for ripemd160, from
+ http://homes.esat.kuleuven.be/~bosselae/ripemd160.html */
+ HMAC_TEST(ripemd160,
+ SHEX("00112233445566778899aabbccddeeff01234567"),
+ SDATA(""),
+ SHEX("cf387677bfda8483e63b57e06c3b5ecd8b7fc055"));
+
+ HMAC_TEST(ripemd160,
+ SHEX("00112233445566778899aabbccddeeff01234567"),
+ SDATA("a"),
+ SHEX("0d351d71b78e36dbb7391c810a0d2b6240ddbafc"));
+
+ HMAC_TEST(ripemd160,
+ SHEX("00112233445566778899aabbccddeeff01234567"),
+ SDATA("abc"),
+ SHEX("f7ef288cb1bbcc6160d76507e0a3bbf712fb67d6"));
+
+ HMAC_TEST(ripemd160,
+ SHEX("00112233445566778899aabbccddeeff01234567"),
+ SDATA("message digest"),
+ SHEX("f83662cc8d339c227e600fcd636c57d2571b1c34"));
+
+ HMAC_TEST(ripemd160,
+ SHEX("00112233445566778899aabbccddeeff01234567"),
+ SDATA("abcdefghijklmnopqrstuvwxyz"),
+ SHEX("843d1c4eb880ac8ac0c9c95696507957d0155ddb"));
+
+ HMAC_TEST(ripemd160,
+ SHEX("00112233445566778899aabbccddeeff01234567"),
+ SDATA("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"),
+ SHEX("60f5ef198a2dd5745545c1f0c47aa3fb5776f881"));
+
+ HMAC_TEST(ripemd160,
+ SHEX("00112233445566778899aabbccddeeff01234567"),
+ SDATA("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"),
+ SHEX("e49c136a9e5627e0681b808a3b97e6a6e661ae79"));
+
+ /* Other key */
+ HMAC_TEST(ripemd160,
+ SHEX("0123456789abcdeffedcba987654321000112233"),
+ SDATA(""),
+ SHEX("fe69a66c7423eea9c8fa2eff8d9dafb4f17a62f5"));
+
+ HMAC_TEST(ripemd160,
+ SHEX("0123456789abcdeffedcba987654321000112233"),
+ SDATA("a"),
+ SHEX("85743e899bc82dbfa36faaa7a25b7cfd372432cd"));
+
+ HMAC_TEST(ripemd160,
+ SHEX("0123456789abcdeffedcba987654321000112233"),
+ SDATA("abc"),
+ SHEX("6e4afd501fa6b4a1823ca3b10bd9aa0ba97ba182"));
+
+ HMAC_TEST(ripemd160,
+ SHEX("0123456789abcdeffedcba987654321000112233"),
+ SDATA("message digest"),
+ SHEX("2e066e624badb76a184c8f90fba053330e650e92"));
+
+ HMAC_TEST(ripemd160,
+ SHEX("0123456789abcdeffedcba987654321000112233"),
+ SDATA("abcdefghijklmnopqrstuvwxyz"),
+ SHEX("07e942aa4e3cd7c04dedc1d46e2e8cc4c741b3d9"));
+
+ HMAC_TEST(ripemd160,
+ SHEX("0123456789abcdeffedcba987654321000112233"),
+ SDATA("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"),
+ SHEX("b6582318ddcfb67a53a67d676b8ad869aded629a"));
+
+ HMAC_TEST(ripemd160,
+ SHEX("0123456789abcdeffedcba987654321000112233"),
+ SDATA("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"),
+ SHEX("f1be3ee877703140d34f97ea1ab3a07c141333e2"));
+
/* Test vectors for sha1, from RFC-2202 */
/* sha1 - 1 */
- HMAC_TEST(sha1, SHA1_DIGEST_SIZE,
- HL("0b0b0b0b0b0b0b0b 0b0b0b0b0b0b0b0b 0b0b0b0b"),
- LDATA("Hi There"),
- H("b617318655057264 e28bc0b6fb378c8e f146be00"));
+ HMAC_TEST(sha1,
+ SHEX("0b0b0b0b0b0b0b0b 0b0b0b0b0b0b0b0b 0b0b0b0b"),
+ SDATA("Hi There"),
+ SHEX("b617318655057264 e28bc0b6fb378c8e f146be00"));
/* sha1 - 2 */
- HMAC_TEST(sha1, SHA1_DIGEST_SIZE,
- LDATA("Jefe"),
- LDATA("what do ya want for nothing?"),
- H("effcdf6ae5eb2fa2 d27416d5f184df9c 259a7c79"));
+ HMAC_TEST(sha1,
+ SDATA("Jefe"),
+ SDATA("what do ya want for nothing?"),
+ SHEX("effcdf6ae5eb2fa2 d27416d5f184df9c 259a7c79"));
/* sha1 - 3 */
- HMAC_TEST(sha1, SHA1_DIGEST_SIZE,
- HL("aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa aaaaaaaa"),
- HL("dddddddddddddddd dddddddddddddddd"
- "dddddddddddddddd dddddddddddddddd"
- "dddddddddddddddd dddddddddddddddd"
- "dddd"),
- H("125d7342b9ac11cd 91a39af48aa17b4f 63f175d3"));
+ HMAC_TEST(sha1,
+ SHEX("aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa aaaaaaaa"),
+ SHEX("dddddddddddddddd dddddddddddddddd"
+ "dddddddddddddddd dddddddddddddddd"
+ "dddddddddddddddd dddddddddddddddd"
+ "dddd"),
+ SHEX("125d7342b9ac11cd 91a39af48aa17b4f 63f175d3"));
/* sha1 - 4 */
- HMAC_TEST(sha1, SHA1_DIGEST_SIZE,
- HL("0102030405060708 090a0b0c0d0e0f10"
- "1112131415161718 19"),
- HL("cdcdcdcdcdcdcdcd cdcdcdcdcdcdcdcd"
- "cdcdcdcdcdcdcdcd cdcdcdcdcdcdcdcd"
- "cdcdcdcdcdcdcdcd cdcdcdcdcdcdcdcd"
- "cdcd"),
- H("4c9007f4026250c6 bc8414f9bf50c86c 2d7235da"));
+ HMAC_TEST(sha1,
+ SHEX("0102030405060708 090a0b0c0d0e0f10"
+ "1112131415161718 19"),
+ SHEX("cdcdcdcdcdcdcdcd cdcdcdcdcdcdcdcd"
+ "cdcdcdcdcdcdcdcd cdcdcdcdcdcdcdcd"
+ "cdcdcdcdcdcdcdcd cdcdcdcdcdcdcdcd"
+ "cdcd"),
+ SHEX("4c9007f4026250c6 bc8414f9bf50c86c 2d7235da"));
/* sha1 - 5 */
- HMAC_TEST(sha1, 12,
- HL("0c0c0c0c0c0c0c0c 0c0c0c0c0c0c0c0c 0c0c0c0c"),
- LDATA("Test With Truncation"),
- H("4c1a03424b55e07f e7f27be1"));
+ HMAC_TEST(sha1,
+ SHEX("0c0c0c0c0c0c0c0c 0c0c0c0c0c0c0c0c 0c0c0c0c"),
+ SDATA("Test With Truncation"),
+ SHEX("4c1a03424b55e07f e7f27be1"));
/* sha1 - 6 */
- HMAC_TEST(sha1, SHA1_DIGEST_SIZE,
- HL("aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"),
- LDATA("Test Using Larger Than Block-Size Key - Hash Key First"),
- H("aa4ae5e15272d00e 95705637ce8a3b55 ed402112"));
+ HMAC_TEST(sha1,
+ SHEX("aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"),
+ SDATA("Test Using Larger Than Block-Size Key - Hash Key First"),
+ SHEX("aa4ae5e15272d00e 95705637ce8a3b55 ed402112"));
/* sha1 - 7 */
- HMAC_TEST(sha1, SHA1_DIGEST_SIZE,
- HL("aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"),
- LDATA("Test Using Larger Than Block-Size Key and Larger "
+ HMAC_TEST(sha1,
+ SHEX("aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"),
+ SDATA("Test Using Larger Than Block-Size Key and Larger "
"Than One Block-Size Data"),
- H("e8e99d0f45237d78 6d6bbaa7965c7808 bbff1a91"));
+ SHEX("e8e99d0f45237d78 6d6bbaa7965c7808 bbff1a91"));
/* Additional test vectors, from Daniel Kahn Gillmor */
- HMAC_TEST(md5, MD5_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA(""),
- H("e84db42a188813f30a15e611d64c7869"));
+ HMAC_TEST(md5,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA(""),
+ SHEX("e84db42a188813f30a15e611d64c7869"));
- HMAC_TEST(md5, MD5_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA("a"),
- H("123662062e67c2aab371cc49db0df134"));
+ HMAC_TEST(md5,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA("a"),
+ SHEX("123662062e67c2aab371cc49db0df134"));
- HMAC_TEST(md5, MD5_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA("38"),
- H("0a46cc10a49d4b7025c040c597bf5d76"));
+ HMAC_TEST(md5,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA("38"),
+ SHEX("0a46cc10a49d4b7025c040c597bf5d76"));
- HMAC_TEST(md5, MD5_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA("abc"),
- H("d1f4d89f0e8b2b6ed0623c99ec298310"));
+ HMAC_TEST(md5,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA("abc"),
+ SHEX("d1f4d89f0e8b2b6ed0623c99ec298310"));
- HMAC_TEST(md5, MD5_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA("message digest"),
- H("1627207b9bed5009a4f6e9ca8d2ca01e"));
+ HMAC_TEST(md5,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA("message digest"),
+ SHEX("1627207b9bed5009a4f6e9ca8d2ca01e"));
- HMAC_TEST(md5, MD5_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA("abcdefghijklmnopqrstuvwxyz"),
- H("922aae6ab3b3a29202e21ce5f916ae9a"));
+ HMAC_TEST(md5,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA("abcdefghijklmnopqrstuvwxyz"),
+ SHEX("922aae6ab3b3a29202e21ce5f916ae9a"));
- HMAC_TEST(md5, MD5_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"),
- H("ede9cb83679ba82d88fbeae865b3f8fc"));
+ HMAC_TEST(md5,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"),
+ SHEX("ede9cb83679ba82d88fbeae865b3f8fc"));
- HMAC_TEST(md5, MD5_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA("12345678901234567890123456789012345678901234567890123456789012345678901234567890"),
- H("939dd45512ee3a594b6654f6b8de27f7"));
+ HMAC_TEST(md5,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA("12345678901234567890123456789012345678901234567890123456789012345678901234567890"),
+ SHEX("939dd45512ee3a594b6654f6b8de27f7"));
/* Test vectors for sha224, from RFC 4231 */
- HMAC_TEST(sha224, SHA224_DIGEST_SIZE,
- HL("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"
- "0b0b0b0b"),
- LDATA("Hi There"),
- H("896fb1128abbdf196832107cd49df33f"
- "47b4b1169912ba4f53684b22"));
-
- HMAC_TEST(sha224, SHA224_DIGEST_SIZE,
- LDATA("Jefe"),
- LDATA("what do ya want for nothing?"),
- H("a30e01098bc6dbbf45690f3a7e9e6d0f"
- "8bbea2a39e6148008fd05e44"));
-
- HMAC_TEST(sha224, SHA224_DIGEST_SIZE,
- HL("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaa"),
- HL("dddddddddddddddddddddddddddddddd"
- "dddddddddddddddddddddddddddddddd"
- "dddddddddddddddddddddddddddddddd"
- "dddd"),
- H("7fb3cb3588c6c1f6ffa9694d7d6ad264"
- "9365b0c1f65d69d1ec8333ea"));
-
- HMAC_TEST(sha224, SHA224_DIGEST_SIZE,
- HL("0102030405060708090a0b0c0d0e0f10"
- "111213141516171819"),
- HL("cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
- "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
- "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
- "cdcd"),
- H("6c11506874013cac6a2abc1bb382627c"
- "ec6a90d86efc012de7afec5a"));
-
- HMAC_TEST(sha224, 16,
- HL("0c0c0c0c0c0c0c0c 0c0c0c0c0c0c0c0c 0c0c0c0c"),
- LDATA("Test With Truncation"),
- H("0e2aea68a90c8d37c988bcdb9fca6fa8"));
-
- HMAC_TEST(sha224, SHA224_DIGEST_SIZE,
- HL("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaa"),
- LDATA("Test Using Larger Than Block-Size Key - Hash Key First"),
- H("95e9a0db962095adaebe9b2d6f0dbce2"
- "d499f112f2d2b7273fa6870e"));
-
- HMAC_TEST(sha224, SHA224_DIGEST_SIZE,
- HL("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaa"),
- LDATA("This is a test using a larger than block-size ke"
+ HMAC_TEST(sha224,
+ SHEX("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"
+ "0b0b0b0b"),
+ SDATA("Hi There"),
+ SHEX("896fb1128abbdf196832107cd49df33f"
+ "47b4b1169912ba4f53684b22"));
+
+ HMAC_TEST(sha224,
+ SDATA("Jefe"),
+ SDATA("what do ya want for nothing?"),
+ SHEX("a30e01098bc6dbbf45690f3a7e9e6d0f"
+ "8bbea2a39e6148008fd05e44"));
+
+ HMAC_TEST(sha224,
+ SHEX("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaa"),
+ SHEX("dddddddddddddddddddddddddddddddd"
+ "dddddddddddddddddddddddddddddddd"
+ "dddddddddddddddddddddddddddddddd"
+ "dddd"),
+ SHEX("7fb3cb3588c6c1f6ffa9694d7d6ad264"
+ "9365b0c1f65d69d1ec8333ea"));
+
+ HMAC_TEST(sha224,
+ SHEX("0102030405060708090a0b0c0d0e0f10"
+ "111213141516171819"),
+ SHEX("cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
+ "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
+ "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
+ "cdcd"),
+ SHEX("6c11506874013cac6a2abc1bb382627c"
+ "ec6a90d86efc012de7afec5a"));
+
+ HMAC_TEST(sha224,
+ SHEX("0c0c0c0c0c0c0c0c 0c0c0c0c0c0c0c0c 0c0c0c0c"),
+ SDATA("Test With Truncation"),
+ SHEX("0e2aea68a90c8d37c988bcdb9fca6fa8"));
+
+ HMAC_TEST(sha224,
+ SHEX("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaa"),
+ SDATA("Test Using Larger Than Block-Size Key - Hash Key First"),
+ SHEX("95e9a0db962095adaebe9b2d6f0dbce2"
+ "d499f112f2d2b7273fa6870e"));
+
+ HMAC_TEST(sha224,
+ SHEX("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaa"),
+ SDATA("This is a test using a larger than block-size ke"
"y and a larger than block-size data. The key nee"
"ds to be hashed before being used by the HMAC al"
"gorithm."),
- H("3a854166ac5d9f023f54d517d0b39dbd"
- "946770db9c2b95c9f6f565d1"));
+ SHEX("3a854166ac5d9f023f54d517d0b39dbd"
+ "946770db9c2b95c9f6f565d1"));
/* Additional test vectors, from Daniel Kahn Gillmor */
- HMAC_TEST(sha224, SHA224_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA(""),
- H("d12a49ae38177ffeaa548b2148bb5238"
- "60849772d9391e675b103d89"));
+ HMAC_TEST(sha224,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA(""),
+ SHEX("d12a49ae38177ffeaa548b2148bb5238"
+ "60849772d9391e675b103d89"));
- HMAC_TEST(sha224, SHA224_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA("a"),
- H("b04ff8522f904f553970bfa8ad3f0086"
- "bce1e8580affd8a12c94e31a"));
+ HMAC_TEST(sha224,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA("a"),
+ SHEX("b04ff8522f904f553970bfa8ad3f0086"
+ "bce1e8580affd8a12c94e31a"));
- HMAC_TEST(sha224, SHA224_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA("38"),
- H("afcfb5511f710334f9350f57faec3c08"
- "764b4bd126a6840f4347f116"));
+ HMAC_TEST(sha224,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA("38"),
+ SHEX("afcfb5511f710334f9350f57faec3c08"
+ "764b4bd126a6840f4347f116"));
- HMAC_TEST(sha224, SHA224_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA("abc"),
- H("9df9907af127900c909376893565c6cf"
- "2d7db244fdc4277da1e0b679"));
+ HMAC_TEST(sha224,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA("abc"),
+ SHEX("9df9907af127900c909376893565c6cf"
+ "2d7db244fdc4277da1e0b679"));
- HMAC_TEST(sha224, SHA224_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA("message digest"),
- H("254ebf6b8ddd7a3271b3d9aca1699b0c"
- "0bfb7df61e8a114922c88d27"));
+ HMAC_TEST(sha224,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA("message digest"),
+ SHEX("254ebf6b8ddd7a3271b3d9aca1699b0c"
+ "0bfb7df61e8a114922c88d27"));
- HMAC_TEST(sha224, SHA224_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA("abcdefghijklmnopqrstuvwxyz"),
- H("6ec5bffba5880c3234a6cf257816e4d5"
- "35ab178a7f12929769e378fb"));
-
- HMAC_TEST(sha224, SHA224_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"),
- H("5f768179dbb29ca722875d0f461a2e2f"
- "597d0210340a84df1a8e9c63"));
-
- HMAC_TEST(sha224, SHA224_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA("12345678901234567890123456789012345678901234567890123456789012345678901234567890"),
- H("c7667b0d7e56b2b4f6fcc1d8da9e22da"
- "a1556f44c47132a87303c6a2"));
+ HMAC_TEST(sha224,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA("abcdefghijklmnopqrstuvwxyz"),
+ SHEX("6ec5bffba5880c3234a6cf257816e4d5"
+ "35ab178a7f12929769e378fb"));
+
+ HMAC_TEST(sha224,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"),
+ SHEX("5f768179dbb29ca722875d0f461a2e2f"
+ "597d0210340a84df1a8e9c63"));
+
+ HMAC_TEST(sha224,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA("12345678901234567890123456789012345678901234567890123456789012345678901234567890"),
+ SHEX("c7667b0d7e56b2b4f6fcc1d8da9e22da"
+ "a1556f44c47132a87303c6a2"));
/* Test vectors for sha256, from RFC 4231 */
- HMAC_TEST(sha256, SHA256_DIGEST_SIZE,
- HL("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"
- "0b0b0b0b"),
- LDATA("Hi There"),
- H("b0344c61d8db38535ca8afceaf0bf12b"
- "881dc200c9833da726e9376c2e32cff7"));
-
- HMAC_TEST(sha256, SHA256_DIGEST_SIZE,
- LDATA("Jefe"),
- LDATA("what do ya want for nothing?"),
- H("5bdcc146bf60754e6a042426089575c7"
- "5a003f089d2739839dec58b964ec3843"));
-
- HMAC_TEST(sha256, SHA256_DIGEST_SIZE,
- HL("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaa"),
- HL("dddddddddddddddddddddddddddddddd"
- "dddddddddddddddddddddddddddddddd"
- "dddddddddddddddddddddddddddddddd"
- "dddd"),
- H("773ea91e36800e46854db8ebd09181a7"
- "2959098b3ef8c122d9635514ced565fe"));
-
- HMAC_TEST(sha256, SHA256_DIGEST_SIZE,
- HL("0102030405060708090a0b0c0d0e0f10"
- "111213141516171819"),
- HL("cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
- "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
- "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
- "cdcd"),
- H("82558a389a443c0ea4cc819899f2083a"
- "85f0faa3e578f8077a2e3ff46729665b"));
-
- HMAC_TEST(sha256, 16,
- HL("0c0c0c0c0c0c0c0c 0c0c0c0c0c0c0c0c 0c0c0c0c"),
- LDATA("Test With Truncation"),
- H("a3b6167473100ee06e0c796c2955552b"));
-
- HMAC_TEST(sha256, SHA256_DIGEST_SIZE,
- HL("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaa"),
- LDATA("Test Using Larger Than Block-Size Key - Hash Key First"),
- H("60e431591ee0b67f0d8a26aacbf5b77f"
- "8e0bc6213728c5140546040f0ee37f54"));
-
- HMAC_TEST(sha256, SHA256_DIGEST_SIZE,
- HL("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaa"),
- LDATA("This is a test using a larger than block-size ke"
+ HMAC_TEST(sha256,
+ SHEX("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"
+ "0b0b0b0b"),
+ SDATA("Hi There"),
+ SHEX("b0344c61d8db38535ca8afceaf0bf12b"
+ "881dc200c9833da726e9376c2e32cff7"));
+
+ HMAC_TEST(sha256,
+ SDATA("Jefe"),
+ SDATA("what do ya want for nothing?"),
+ SHEX("5bdcc146bf60754e6a042426089575c7"
+ "5a003f089d2739839dec58b964ec3843"));
+
+ HMAC_TEST(sha256,
+ SHEX("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaa"),
+ SHEX("dddddddddddddddddddddddddddddddd"
+ "dddddddddddddddddddddddddddddddd"
+ "dddddddddddddddddddddddddddddddd"
+ "dddd"),
+ SHEX("773ea91e36800e46854db8ebd09181a7"
+ "2959098b3ef8c122d9635514ced565fe"));
+
+ HMAC_TEST(sha256,
+ SHEX("0102030405060708090a0b0c0d0e0f10"
+ "111213141516171819"),
+ SHEX("cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
+ "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
+ "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
+ "cdcd"),
+ SHEX("82558a389a443c0ea4cc819899f2083a"
+ "85f0faa3e578f8077a2e3ff46729665b"));
+
+ HMAC_TEST(sha256,
+ SHEX("0c0c0c0c0c0c0c0c 0c0c0c0c0c0c0c0c 0c0c0c0c"),
+ SDATA("Test With Truncation"),
+ SHEX("a3b6167473100ee06e0c796c2955552b"));
+
+ HMAC_TEST(sha256,
+ SHEX("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaa"),
+ SDATA("Test Using Larger Than Block-Size Key - Hash Key First"),
+ SHEX("60e431591ee0b67f0d8a26aacbf5b77f"
+ "8e0bc6213728c5140546040f0ee37f54"));
+
+ HMAC_TEST(sha256,
+ SHEX("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaa"),
+ SDATA("This is a test using a larger than block-size ke"
"y and a larger than block-size data. The key nee"
"ds to be hashed before being used by the HMAC al"
"gorithm."),
- H("9b09ffa71b942fcb27635fbcd5b0e944"
- "bfdc63644f0713938a7f51535c3a35e2"));
+ SHEX("9b09ffa71b942fcb27635fbcd5b0e944"
+ "bfdc63644f0713938a7f51535c3a35e2"));
/* Additional test vectors for sha256, from
draft-ietf-ipsec-ciph-sha-256-01.txt */
/* Test Case #1: HMAC-SHA-256 with 3-byte input and 32-byte key */
- HMAC_TEST(sha256, SHA256_DIGEST_SIZE,
- HL("0102030405060708 090a0b0c0d0e0f10"
- "1112131415161718 191a1b1c1d1e1f20"),
- LDATA("abc"),
- H("a21b1f5d4cf4f73a 4dd939750f7a066a"
+ HMAC_TEST(sha256,
+ SHEX("0102030405060708 090a0b0c0d0e0f10"
+ "1112131415161718 191a1b1c1d1e1f20"),
+ SDATA("abc"),
+ SHEX("a21b1f5d4cf4f73a 4dd939750f7a066a"
"7f98cc131cb16a66 92759021cfab8181"));
/* Test Case #2: HMAC-SHA-256 with 56-byte input and 32-byte key */
- HMAC_TEST(sha256, SHA256_DIGEST_SIZE,
- HL("0102030405060708 090a0b0c0d0e0f10"
- "1112131415161718 191a1b1c1d1e1f20"),
- LDATA("abcdbcdecdefdefgefghfghighijhijk"
+ HMAC_TEST(sha256,
+ SHEX("0102030405060708 090a0b0c0d0e0f10"
+ "1112131415161718 191a1b1c1d1e1f20"),
+ SDATA("abcdbcdecdefdefgefghfghighijhijk"
"ijkljklmklmnlmnomnopnopq"),
- H("104fdc1257328f08 184ba73131c53cae"
+ SHEX("104fdc1257328f08 184ba73131c53cae"
"e698e36119421149 ea8c712456697d30"));
/* Test Case #3: HMAC-SHA-256 with 112-byte (multi-block) input
and 32-byte key */
- HMAC_TEST(sha256, SHA256_DIGEST_SIZE,
- HL("0102030405060708 090a0b0c0d0e0f10"
- "1112131415161718 191a1b1c1d1e1f20"),
- LDATA("abcdbcdecdefdefgefghfghighijhijk"
+ HMAC_TEST(sha256,
+ SHEX("0102030405060708 090a0b0c0d0e0f10"
+ "1112131415161718 191a1b1c1d1e1f20"),
+ SDATA("abcdbcdecdefdefgefghfghighijhijk"
"ijkljklmklmnlmnomnopnopqabcdbcde"
"cdefdefgefghfghighijhijkijkljklm"
"klmnlmnomnopnopq"),
- H("470305fc7e40fe34 d3eeb3e773d95aab"
- "73acf0fd060447a5 eb4595bf33a9d1a3"));
+ SHEX("470305fc7e40fe34 d3eeb3e773d95aab"
+ "73acf0fd060447a5 eb4595bf33a9d1a3"));
/* Test Case #4: HMAC-SHA-256 with 8-byte input and 32-byte key */
- HMAC_TEST(sha256, SHA256_DIGEST_SIZE,
- HL("0b0b0b0b0b0b0b0b 0b0b0b0b0b0b0b0b"
- "0b0b0b0b0b0b0b0b 0b0b0b0b0b0b0b0b"),
- LDATA("Hi There"),
- H("198a607eb44bfbc6 9903a0f1cf2bbdc5"
- "ba0aa3f3d9ae3c1c 7a3b1696a0b68cf7"));
+ HMAC_TEST(sha256,
+ SHEX("0b0b0b0b0b0b0b0b 0b0b0b0b0b0b0b0b"
+ "0b0b0b0b0b0b0b0b 0b0b0b0b0b0b0b0b"),
+ SDATA("Hi There"),
+ SHEX("198a607eb44bfbc6 9903a0f1cf2bbdc5"
+ "ba0aa3f3d9ae3c1c 7a3b1696a0b68cf7"));
/* Test Case #6: HMAC-SHA-256 with 50-byte input and 32-byte key */
- HMAC_TEST(sha256, SHA256_DIGEST_SIZE,
- HL("aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"),
- HL("dddddddddddddddd dddddddddddddddd"
- "dddddddddddddddd dddddddddddddddd"
- "dddddddddddddddd dddddddddddddddd"
- "dddd"),
- H("cdcb1220d1ecccea 91e53aba3092f962"
- "e549fe6ce9ed7fdc 43191fbde45c30b0"));
+ HMAC_TEST(sha256,
+ SHEX("aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"),
+ SHEX("dddddddddddddddd dddddddddddddddd"
+ "dddddddddddddddd dddddddddddddddd"
+ "dddddddddddddddd dddddddddddddddd"
+ "dddd"),
+ SHEX("cdcb1220d1ecccea 91e53aba3092f962"
+ "e549fe6ce9ed7fdc 43191fbde45c30b0"));
/* Test Case #7: HMAC-SHA-256 with 50-byte input and 37-byte key */
- HMAC_TEST(sha256, SHA256_DIGEST_SIZE,
- HL("0102030405060708 090a0b0c0d0e0f10"
- "1112131415161718 191a1b1c1d1e1f20"
- "2122232425"),
- HL("cdcdcdcdcdcdcdcd cdcdcdcdcdcdcdcd"
- "cdcdcdcdcdcdcdcd cdcdcdcdcdcdcdcd"
- "cdcdcdcdcdcdcdcd cdcdcdcdcdcdcdcd"
- "cdcd"),
- H("d4633c17f6fb8d74 4c66dee0f8f07455"
- "6ec4af55ef079985 41468eb49bd2e917"));
+ HMAC_TEST(sha256,
+ SHEX("0102030405060708 090a0b0c0d0e0f10"
+ "1112131415161718 191a1b1c1d1e1f20"
+ "2122232425"),
+ SHEX("cdcdcdcdcdcdcdcd cdcdcdcdcdcdcdcd"
+ "cdcdcdcdcdcdcdcd cdcdcdcdcdcdcdcd"
+ "cdcdcdcdcdcdcdcd cdcdcdcdcdcdcdcd"
+ "cdcd"),
+ SHEX("d4633c17f6fb8d74 4c66dee0f8f07455"
+ "6ec4af55ef079985 41468eb49bd2e917"));
/* Test Case #8: HMAC-SHA-256 with 20-byte input and 32-byte key */
- HMAC_TEST(sha256, 16,
- HL("0c0c0c0c0c0c0c0c 0c0c0c0c0c0c0c0c"
- "0c0c0c0c0c0c0c0c 0c0c0c0c0c0c0c0c"),
- LDATA("Test With Truncation"),
- H("7546af01841fc09b 1ab9c3749a5f1c17"));
+ HMAC_TEST(sha256,
+ SHEX("0c0c0c0c0c0c0c0c 0c0c0c0c0c0c0c0c"
+ "0c0c0c0c0c0c0c0c 0c0c0c0c0c0c0c0c"),
+ SDATA("Test With Truncation"),
+ SHEX("7546af01841fc09b 1ab9c3749a5f1c17"));
/* Test Case #9: HMAC-SHA-256 with 54-byte input and 80-byte key */
- HMAC_TEST(sha256, SHA256_DIGEST_SIZE,
- HL("aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"),
- LDATA("Test Using Larger Than Block-Size Key - Hash Key First"),
- H("6953025ed96f0c09 f80a96f78e6538db"
- "e2e7b820e3dd970e 7ddd39091b32352f"));
+ HMAC_TEST(sha256,
+ SHEX("aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"),
+ SDATA("Test Using Larger Than Block-Size Key - Hash Key First"),
+ SHEX("6953025ed96f0c09 f80a96f78e6538db"
+ "e2e7b820e3dd970e 7ddd39091b32352f"));
/* Test Case #10: HMAC-SHA-256 with 73-byte (multi-block) input
and 80-byte key */
- HMAC_TEST(sha256, SHA256_DIGEST_SIZE,
- HL("aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"),
- LDATA("Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data"),
- H("6355ac22e890d0a3 c8481a5ca4825bc8"
- "84d3e7a1ff98a2fc 2ac7d8e064c3b2e6"));
+ HMAC_TEST(sha256,
+ SHEX("aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa"),
+ SDATA("Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data"),
+ SHEX("6355ac22e890d0a3 c8481a5ca4825bc8"
+ "84d3e7a1ff98a2fc 2ac7d8e064c3b2e6"));
/* Additional test vectors, from Daniel Kahn Gillmor */
- HMAC_TEST(sha256, SHA256_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA(""),
- H("5c780648c90d121c50091c3a0c3afc1f"
- "4ab847528005d99d9821ad3f341b651a"));
+ HMAC_TEST(sha256,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA(""),
+ SHEX("5c780648c90d121c50091c3a0c3afc1f"
+ "4ab847528005d99d9821ad3f341b651a"));
- HMAC_TEST(sha256, SHA256_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA("a"),
- H("6142364c0646b0cfe426866f21d613e0"
- "55a136a7d9b45d85685e080a09cec463"));
+ HMAC_TEST(sha256,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA("a"),
+ SHEX("6142364c0646b0cfe426866f21d613e0"
+ "55a136a7d9b45d85685e080a09cec463"));
- HMAC_TEST(sha256, SHA256_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA("38"),
- H("e49aa7839977e130ad87b63da9d4eb7b"
- "263cd5a27c54a7604b6044eb35901171"));
+ HMAC_TEST(sha256,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA("38"),
+ SHEX("e49aa7839977e130ad87b63da9d4eb7b"
+ "263cd5a27c54a7604b6044eb35901171"));
- HMAC_TEST(sha256, SHA256_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA("abc"),
- H("e5ef49f545c7af933a9d18c7c562bc91"
- "08583fd5cf00d9e0db351d6d8f8e41bc"));
+ HMAC_TEST(sha256,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA("abc"),
+ SHEX("e5ef49f545c7af933a9d18c7c562bc91"
+ "08583fd5cf00d9e0db351d6d8f8e41bc"));
- HMAC_TEST(sha256, SHA256_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA("message digest"),
- H("373b04877180fea27a41a8fb8f88201c"
- "a6268411ee3c80b01a424483eb9156e1"));
+ HMAC_TEST(sha256,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA("message digest"),
+ SHEX("373b04877180fea27a41a8fb8f88201c"
+ "a6268411ee3c80b01a424483eb9156e1"));
- HMAC_TEST(sha256, SHA256_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA("abcdefghijklmnopqrstuvwxyz"),
- H("eb5945d56eefbdb41602946ea6448d53"
- "86b08d7d801a87f439fab52f8bb9736e"));
-
- HMAC_TEST(sha256, SHA256_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"),
- H("3798f363c57afa6edaffe39016ca7bad"
- "efd1e670afb0e3987194307dec3197db"));
-
- HMAC_TEST(sha256, SHA256_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA("12345678901234567890123456789012345678901234567890123456789012345678901234567890"),
- H("c89a7039a62985ff813fe4509b918a43"
- "6d7b1ffd8778e2c24dec464849fb6128"));
+ HMAC_TEST(sha256,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA("abcdefghijklmnopqrstuvwxyz"),
+ SHEX("eb5945d56eefbdb41602946ea6448d53"
+ "86b08d7d801a87f439fab52f8bb9736e"));
+
+ HMAC_TEST(sha256,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"),
+ SHEX("3798f363c57afa6edaffe39016ca7bad"
+ "efd1e670afb0e3987194307dec3197db"));
+
+ HMAC_TEST(sha256,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA("12345678901234567890123456789012345678901234567890123456789012345678901234567890"),
+ SHEX("c89a7039a62985ff813fe4509b918a43"
+ "6d7b1ffd8778e2c24dec464849fb6128"));
/* Test vectors for sha384, from RFC 4231 */
- HMAC_TEST(sha384, SHA384_DIGEST_SIZE,
- HL("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"
- "0b0b0b0b"),
- LDATA("Hi There"),
- H("afd03944d84895626b0825f4ab46907f"
- "15f9dadbe4101ec682aa034c7cebc59c"
- "faea9ea9076ede7f4af152e8b2fa9cb6"));
-
- HMAC_TEST(sha384, SHA384_DIGEST_SIZE,
- LDATA("Jefe"),
- LDATA("what do ya want for nothing?"),
- H("af45d2e376484031617f78d2b58a6b1b"
- "9c7ef464f5a01b47e42ec3736322445e"
- "8e2240ca5e69e2c78b3239ecfab21649"));
-
- HMAC_TEST(sha384, SHA384_DIGEST_SIZE,
- HL("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaa"),
- HL("dddddddddddddddddddddddddddddddd"
- "dddddddddddddddddddddddddddddddd"
- "dddddddddddddddddddddddddddddddd"
- "dddd"),
- H("88062608d3e6ad8a0aa2ace014c8a86f"
- "0aa635d947ac9febe83ef4e55966144b"
- "2a5ab39dc13814b94e3ab6e101a34f27"));
-
- HMAC_TEST(sha384, SHA384_DIGEST_SIZE,
- HL("0102030405060708090a0b0c0d0e0f10"
- "111213141516171819"),
- HL("cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
- "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
- "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
- "cdcd"),
- H("3e8a69b7783c25851933ab6290af6ca7"
- "7a9981480850009cc5577c6e1f573b4e"
- "6801dd23c4a7d679ccf8a386c674cffb"));
-
- HMAC_TEST(sha384, 16,
- HL("0c0c0c0c0c0c0c0c 0c0c0c0c0c0c0c0c 0c0c0c0c"),
- LDATA("Test With Truncation"),
- H("3abf34c3503b2a23a46efc619baef897"));
-
- HMAC_TEST(sha384, SHA384_DIGEST_SIZE,
- HL("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaa"),
- LDATA("Test Using Larger Than Block-Size Key - Hash Key First"),
- H("4ece084485813e9088d2c63a041bc5b4"
- "4f9ef1012a2b588f3cd11f05033ac4c6"
- "0c2ef6ab4030fe8296248df163f44952"));
-
- HMAC_TEST(sha384, SHA384_DIGEST_SIZE,
- HL("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaa"),
- LDATA("This is a test using a larger than block-size ke"
+ HMAC_TEST(sha384,
+ SHEX("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"
+ "0b0b0b0b"),
+ SDATA("Hi There"),
+ SHEX("afd03944d84895626b0825f4ab46907f"
+ "15f9dadbe4101ec682aa034c7cebc59c"
+ "faea9ea9076ede7f4af152e8b2fa9cb6"));
+
+ HMAC_TEST(sha384,
+ SDATA("Jefe"),
+ SDATA("what do ya want for nothing?"),
+ SHEX("af45d2e376484031617f78d2b58a6b1b"
+ "9c7ef464f5a01b47e42ec3736322445e"
+ "8e2240ca5e69e2c78b3239ecfab21649"));
+
+ HMAC_TEST(sha384,
+ SHEX("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaa"),
+ SHEX("dddddddddddddddddddddddddddddddd"
+ "dddddddddddddddddddddddddddddddd"
+ "dddddddddddddddddddddddddddddddd"
+ "dddd"),
+ SHEX("88062608d3e6ad8a0aa2ace014c8a86f"
+ "0aa635d947ac9febe83ef4e55966144b"
+ "2a5ab39dc13814b94e3ab6e101a34f27"));
+
+ HMAC_TEST(sha384,
+ SHEX("0102030405060708090a0b0c0d0e0f10"
+ "111213141516171819"),
+ SHEX("cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
+ "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
+ "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
+ "cdcd"),
+ SHEX("3e8a69b7783c25851933ab6290af6ca7"
+ "7a9981480850009cc5577c6e1f573b4e"
+ "6801dd23c4a7d679ccf8a386c674cffb"));
+
+ HMAC_TEST(sha384,
+ SHEX("0c0c0c0c0c0c0c0c 0c0c0c0c0c0c0c0c 0c0c0c0c"),
+ SDATA("Test With Truncation"),
+ SHEX("3abf34c3503b2a23a46efc619baef897"));
+
+ HMAC_TEST(sha384,
+ SHEX("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaa"),
+ SDATA("Test Using Larger Than Block-Size Key - Hash Key First"),
+ SHEX("4ece084485813e9088d2c63a041bc5b4"
+ "4f9ef1012a2b588f3cd11f05033ac4c6"
+ "0c2ef6ab4030fe8296248df163f44952"));
+
+ HMAC_TEST(sha384,
+ SHEX("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaa"),
+ SDATA("This is a test using a larger than block-size ke"
"y and a larger than block-size data. The key nee"
"ds to be hashed before being used by the HMAC al"
"gorithm."),
- H("6617178e941f020d351e2f254e8fd32c"
- "602420feb0b8fb9adccebb82461e99c5"
- "a678cc31e799176d3860e6110c46523e"));
+ SHEX("6617178e941f020d351e2f254e8fd32c"
+ "602420feb0b8fb9adccebb82461e99c5"
+ "a678cc31e799176d3860e6110c46523e"));
/* Test vectors for sha512, from RFC 4231 */
- HMAC_TEST(sha512, SHA512_DIGEST_SIZE,
- HL("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"
- "0b0b0b0b"),
- LDATA("Hi There"),
- H("87aa7cdea5ef619d4ff0b4241a1d6cb0"
- "2379f4e2ce4ec2787ad0b30545e17cde"
- "daa833b7d6b8a702038b274eaea3f4e4"
- "be9d914eeb61f1702e696c203a126854"));
-
- HMAC_TEST(sha512, SHA512_DIGEST_SIZE,
- LDATA("Jefe"),
- LDATA("what do ya want for nothing?"),
- H("164b7a7bfcf819e2e395fbe73b56e0a3"
- "87bd64222e831fd610270cd7ea250554"
- "9758bf75c05a994a6d034f65f8f0e6fd"
- "caeab1a34d4a6b4b636e070a38bce737"));
-
- HMAC_TEST(sha512, SHA512_DIGEST_SIZE,
- HL("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaa"),
- HL("dddddddddddddddddddddddddddddddd"
- "dddddddddddddddddddddddddddddddd"
- "dddddddddddddddddddddddddddddddd"
- "dddd"),
- H("fa73b0089d56a284efb0f0756c890be9"
- "b1b5dbdd8ee81a3655f83e33b2279d39"
- "bf3e848279a722c806b485a47e67c807"
- "b946a337bee8942674278859e13292fb"));
-
- HMAC_TEST(sha512, SHA512_DIGEST_SIZE,
- HL("0102030405060708090a0b0c0d0e0f10"
- "111213141516171819"),
- HL("cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
- "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
- "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
- "cdcd"),
- H("b0ba465637458c6990e5a8c5f61d4af7"
- "e576d97ff94b872de76f8050361ee3db"
- "a91ca5c11aa25eb4d679275cc5788063"
- "a5f19741120c4f2de2adebeb10a298dd"));
-
- HMAC_TEST(sha512, 16,
- HL("0c0c0c0c0c0c0c0c 0c0c0c0c0c0c0c0c 0c0c0c0c"),
- LDATA("Test With Truncation"),
- H("415fad6271580a531d4179bc891d87a6"));
-
- HMAC_TEST(sha512, SHA512_DIGEST_SIZE,
- HL("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaa"),
- LDATA("Test Using Larger Than Block-Size Key - Hash Key First"),
- H("80b24263c7c1a3ebb71493c1dd7be8b4"
- "9b46d1f41b4aeec1121b013783f8f352"
- "6b56d037e05f2598bd0fd2215d6a1e52"
- "95e64f73f63f0aec8b915a985d786598"));
-
- HMAC_TEST(sha512, SHA512_DIGEST_SIZE,
- HL("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaa"),
- LDATA("This is a test using a larger than block-size ke"
+ HMAC_TEST(sha512,
+ SHEX("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"
+ "0b0b0b0b"),
+ SDATA("Hi There"),
+ SHEX("87aa7cdea5ef619d4ff0b4241a1d6cb0"
+ "2379f4e2ce4ec2787ad0b30545e17cde"
+ "daa833b7d6b8a702038b274eaea3f4e4"
+ "be9d914eeb61f1702e696c203a126854"));
+
+ HMAC_TEST(sha512,
+ SDATA("Jefe"),
+ SDATA("what do ya want for nothing?"),
+ SHEX("164b7a7bfcf819e2e395fbe73b56e0a3"
+ "87bd64222e831fd610270cd7ea250554"
+ "9758bf75c05a994a6d034f65f8f0e6fd"
+ "caeab1a34d4a6b4b636e070a38bce737"));
+
+ HMAC_TEST(sha512,
+ SHEX("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaa"),
+ SHEX("dddddddddddddddddddddddddddddddd"
+ "dddddddddddddddddddddddddddddddd"
+ "dddddddddddddddddddddddddddddddd"
+ "dddd"),
+ SHEX("fa73b0089d56a284efb0f0756c890be9"
+ "b1b5dbdd8ee81a3655f83e33b2279d39"
+ "bf3e848279a722c806b485a47e67c807"
+ "b946a337bee8942674278859e13292fb"));
+
+ HMAC_TEST(sha512,
+ SHEX("0102030405060708090a0b0c0d0e0f10"
+ "111213141516171819"),
+ SHEX("cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
+ "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
+ "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd"
+ "cdcd"),
+ SHEX("b0ba465637458c6990e5a8c5f61d4af7"
+ "e576d97ff94b872de76f8050361ee3db"
+ "a91ca5c11aa25eb4d679275cc5788063"
+ "a5f19741120c4f2de2adebeb10a298dd"));
+
+ HMAC_TEST(sha512,
+ SHEX("0c0c0c0c0c0c0c0c 0c0c0c0c0c0c0c0c 0c0c0c0c"),
+ SDATA("Test With Truncation"),
+ SHEX("415fad6271580a531d4179bc891d87a6"));
+
+ HMAC_TEST(sha512,
+ SHEX("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaa"),
+ SDATA("Test Using Larger Than Block-Size Key - Hash Key First"),
+ SHEX("80b24263c7c1a3ebb71493c1dd7be8b4"
+ "9b46d1f41b4aeec1121b013783f8f352"
+ "6b56d037e05f2598bd0fd2215d6a1e52"
+ "95e64f73f63f0aec8b915a985d786598"));
+
+ HMAC_TEST(sha512,
+ SHEX("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaa"),
+ SDATA("This is a test using a larger than block-size ke"
"y and a larger than block-size data. The key nee"
"ds to be hashed before being used by the HMAC al"
"gorithm."),
- H("e37b6a775dc87dbaa4dfa9f96e5e3ffd"
- "debd71f8867289865df5a32d20cdc944"
- "b6022cac3c4982b10d5eeb55c3e4de15"
- "134676fb6de0446065c97440fa8c6a58"));
+ SHEX("e37b6a775dc87dbaa4dfa9f96e5e3ffd"
+ "debd71f8867289865df5a32d20cdc944"
+ "b6022cac3c4982b10d5eeb55c3e4de15"
+ "134676fb6de0446065c97440fa8c6a58"));
/* Additional test vectors, from Daniel Kahn Gillmor */
- HMAC_TEST(sha512, SHA512_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA(""),
- H("34316413c2d6940572d0bbbf099d529d"
- "148b424533cf562bc1b365f530e21a31"
- "799fc51cef78060cc6f448a8e5d780c2"
- "6cdf20d4c3e6f27fe5ef576bbd05e855"));
+ HMAC_TEST(sha512,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA(""),
+ SHEX("34316413c2d6940572d0bbbf099d529d"
+ "148b424533cf562bc1b365f530e21a31"
+ "799fc51cef78060cc6f448a8e5d780c2"
+ "6cdf20d4c3e6f27fe5ef576bbd05e855"));
- HMAC_TEST(sha512, SHA512_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA("a"),
- H("cf1948507378bc3ab58cb6ec87f4d456"
- "b90d3298395c29873f1ded1e111b50fe"
- "c336ed24684bf19716efc309212f37aa"
- "715cfb9ecccf3af13691ded167b4b336"));
+ HMAC_TEST(sha512,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA("a"),
+ SHEX("cf1948507378bc3ab58cb6ec87f4d456"
+ "b90d3298395c29873f1ded1e111b50fe"
+ "c336ed24684bf19716efc309212f37aa"
+ "715cfb9ecccf3af13691ded167b4b336"));
- HMAC_TEST(sha512, SHA512_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA("38"),
- H("b8201784216ce01b83cdd282616c6e89"
- "644c6dfd1269ed8580bbc39b92add364"
- "c2b2a2018cffb1915e8625e473b67d0f"
- "e54a50e475dfa0e2b1a97bac1383792c"));
+ HMAC_TEST(sha512,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA("38"),
+ SHEX("b8201784216ce01b83cdd282616c6e89"
+ "644c6dfd1269ed8580bbc39b92add364"
+ "c2b2a2018cffb1915e8625e473b67d0f"
+ "e54a50e475dfa0e2b1a97bac1383792c"));
- HMAC_TEST(sha512, SHA512_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA("abc"),
- H("f097ee08b8c44e847a384f9fd645e35e"
- "4816baa9791ba39d3dc611210500b044"
- "873ee296bf1047dc06daa201a5767192"
- "5b73b4ea59c60114881c8287d0699c83"));
+ HMAC_TEST(sha512,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA("abc"),
+ SHEX("f097ee08b8c44e847a384f9fd645e35e"
+ "4816baa9791ba39d3dc611210500b044"
+ "873ee296bf1047dc06daa201a5767192"
+ "5b73b4ea59c60114881c8287d0699c83"));
- HMAC_TEST(sha512, SHA512_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA("message digest"),
- H("921a441a884b83c76a8526da8e60d60d"
- "17ded4eee5c29375e0d93717669a4c3e"
- "eba7473e95f7c1a2a85afc24a0adbc4d"
- "6c2bdd6ca6cab8b18d19f82d4a6c51bc"));
+ HMAC_TEST(sha512,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA("message digest"),
+ SHEX("921a441a884b83c76a8526da8e60d60d"
+ "17ded4eee5c29375e0d93717669a4c3e"
+ "eba7473e95f7c1a2a85afc24a0adbc4d"
+ "6c2bdd6ca6cab8b18d19f82d4a6c51bc"));
- HMAC_TEST(sha512, SHA512_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA("abcdefghijklmnopqrstuvwxyz"),
- H("640054c96f35815095617d0a8c956066"
- "1a6ff46bfb39110333b2c52c8866abfb"
- "59d9152c9b0948c1ed65c3fd72a8fb82"
- "190acc8830770afe5b0c5b6414c75a77"));
-
- HMAC_TEST(sha512, SHA512_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"),
- H("835a4f5b3750b4c1fccfa88da2f746a4"
- "900160c9f18964309bb736c13b59491b"
- "8e32d37b724cc5aebb0f554c6338a3b5"
- "94c4ba26862b2dadb59b7ede1d08d53e"));
-
- HMAC_TEST(sha512, SHA512_DIGEST_SIZE,
- LDATA("monkey monkey monkey monkey"),
- LDATA("12345678901234567890123456789012345678901234567890123456789012345678901234567890"),
- H("fdf83dc879e3476c8e8aceff2bf6fece"
- "2e4f39c7e1a167845465bb549dfa5ffe"
- "997e6c7cf3720eae51ed2b00ad2a8225"
- "375092290edfa9d48ec7e4bc8e276088"));
+ HMAC_TEST(sha512,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA("abcdefghijklmnopqrstuvwxyz"),
+ SHEX("640054c96f35815095617d0a8c956066"
+ "1a6ff46bfb39110333b2c52c8866abfb"
+ "59d9152c9b0948c1ed65c3fd72a8fb82"
+ "190acc8830770afe5b0c5b6414c75a77"));
+
+ HMAC_TEST(sha512,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"),
+ SHEX("835a4f5b3750b4c1fccfa88da2f746a4"
+ "900160c9f18964309bb736c13b59491b"
+ "8e32d37b724cc5aebb0f554c6338a3b5"
+ "94c4ba26862b2dadb59b7ede1d08d53e"));
+
+ HMAC_TEST(sha512,
+ SDATA("monkey monkey monkey monkey"),
+ SDATA("12345678901234567890123456789012345678901234567890123456789012345678901234567890"),
+ SHEX("fdf83dc879e3476c8e8aceff2bf6fece"
+ "2e4f39c7e1a167845465bb549dfa5ffe"
+ "997e6c7cf3720eae51ed2b00ad2a8225"
+ "375092290edfa9d48ec7e4bc8e276088"));
/* Additional test vectors, from
draft-kelly-ipsec-ciph-sha2-01.txt */
/* Test case AUTH512-1: */
- HMAC_TEST(sha512, SHA512_DIGEST_SIZE,
- HL("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"
- "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"
- "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"
- "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"),
- LDATA("Hi There"),
- H("637edc6e01dce7e6742a99451aae82df"
- "23da3e92439e590e43e761b33e910fb8"
- "ac2878ebd5803f6f0b61dbce5e251ff8"
- "789a4722c1be65aea45fd464e89f8f5b"));
+ HMAC_TEST(sha512,
+ SHEX("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"
+ "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"
+ "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"
+ "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"),
+ SDATA("Hi There"),
+ SHEX("637edc6e01dce7e6742a99451aae82df"
+ "23da3e92439e590e43e761b33e910fb8"
+ "ac2878ebd5803f6f0b61dbce5e251ff8"
+ "789a4722c1be65aea45fd464e89f8f5b"));
/* Test case AUTH512-2: */
- HMAC_TEST(sha512, SHA512_DIGEST_SIZE,
- LDATA("JefeJefeJefeJefe"
+ HMAC_TEST(sha512,
+ SDATA("JefeJefeJefeJefe"
"JefeJefeJefeJefe"
"JefeJefeJefeJefe"
"JefeJefeJefeJefe"),
- LDATA("what do ya want for nothing?"),
- H("cb370917ae8a7ce28cfd1d8f4705d614"
- "1c173b2a9362c15df235dfb251b15454"
- "6aa334ae9fb9afc2184932d8695e397b"
- "fa0ffb93466cfcceaae38c833b7dba38"));
+ SDATA("what do ya want for nothing?"),
+ SHEX("cb370917ae8a7ce28cfd1d8f4705d614"
+ "1c173b2a9362c15df235dfb251b15454"
+ "6aa334ae9fb9afc2184932d8695e397b"
+ "fa0ffb93466cfcceaae38c833b7dba38"));
/* Test case AUTH512-3: */
- HMAC_TEST(sha512, SHA512_DIGEST_SIZE,
- HL("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"),
- HL("dddddddddddddddddddddddddddddddd"
- "dddddddddddddddddddddddddddddddd"
- "dddddddddddddddddddddddddddddddd"
- "dddd"),
- H("2ee7acd783624ca9398710f3ee05ae41"
- "b9f9b0510c87e49e586cc9bf961733d8"
- "623c7b55cebefccf02d5581acc1c9d5f"
- "b1ff68a1de45509fbe4da9a433922655"));
+ HMAC_TEST(sha512,
+ SHEX("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"),
+ SHEX("dddddddddddddddddddddddddddddddd"
+ "dddddddddddddddddddddddddddddddd"
+ "dddddddddddddddddddddddddddddddd"
+ "dddd"),
+ SHEX("2ee7acd783624ca9398710f3ee05ae41"
+ "b9f9b0510c87e49e586cc9bf961733d8"
+ "623c7b55cebefccf02d5581acc1c9d5f"
+ "b1ff68a1de45509fbe4da9a433922655"));
/* Test case AUTH512-3 from same document seems broken. */
-
- SUCCESS();
}
#include "testutils.h"
#include "knuth-lfib.h"
-int
+void
test_main(void)
{
struct knuth_lfib_ctx ctx;
knuth_lfib_get_array(&ctx, 1009, a);
x = knuth_lfib_get(&ctx);
- if (x != 461390032)
- FAIL();
-
- SUCCESS();
+ ASSERT (x == 461390032);
}
#include "testutils.h"
#include "md2.h"
-int
+void
test_main(void)
{
/* Testcases from RFC 1319 */
- test_hash(&nettle_md2, 0, "",
- H("8350e5a3e24c153df2275c9f80692773"));
- test_hash(&nettle_md2, LDATA("a"),
- H("32ec01ec4a6dac72c0ab96fb34c0b5d1"));
- test_hash(&nettle_md2, LDATA("abc"),
- H("da853b0d3f88d99b30283a69e6ded6bb"));
- test_hash(&nettle_md2, LDATA("message digest"),
- H("ab4f496bfb2a530b219ff33031fe06b0"));
- test_hash(&nettle_md2, LDATA("abcdefghijklmnopqrstuvwxyz"),
- H("4e8ddff3650292ab5a4108c3aa47940b"));
+ test_hash(&nettle_md2, SDATA(""),
+ SHEX("8350e5a3e24c153df2275c9f80692773"));
+ test_hash(&nettle_md2, SDATA("a"),
+ SHEX("32ec01ec4a6dac72c0ab96fb34c0b5d1"));
+ test_hash(&nettle_md2, SDATA("abc"),
+ SHEX("da853b0d3f88d99b30283a69e6ded6bb"));
+ test_hash(&nettle_md2, SDATA("message digest"),
+ SHEX("ab4f496bfb2a530b219ff33031fe06b0"));
+ test_hash(&nettle_md2, SDATA("abcdefghijklmnopqrstuvwxyz"),
+ SHEX("4e8ddff3650292ab5a4108c3aa47940b"));
test_hash(&nettle_md2,
- LDATA("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+ SDATA("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
"0123456789"),
- H("da33def2a42df13975352846c30338cd"));
- test_hash(&nettle_md2, LDATA("1234567890123456789012345678901234567890"
+ SHEX("da33def2a42df13975352846c30338cd"));
+ test_hash(&nettle_md2, SDATA("1234567890123456789012345678901234567890"
"1234567890123456789012345678901234567890"),
- H("d5976f79d83d3a0dc9806c3c66f3efd8"));
-
- SUCCESS();
+ SHEX("d5976f79d83d3a0dc9806c3c66f3efd8"));
}
#include "testutils.h"
#include "md4.h"
-int
+void
test_main(void)
{
/* Testcases from RFC 1320 */
- test_hash(&nettle_md4, LDATA(""),
- H("31d6cfe0d16ae931b73c59d7e0c089c0"));
- test_hash(&nettle_md4, LDATA("a"),
- H("bde52cb31de33e46245e05fbdbd6fb24"));
- test_hash(&nettle_md4, LDATA("abc"),
- H("a448017aaf21d8525fc10ae87aa6729d"));
- test_hash(&nettle_md4, LDATA("message digest"),
- H("d9130a8164549fe818874806e1c7014b"));
- test_hash(&nettle_md4, LDATA("abcdefghijklmnopqrstuvwxyz"),
- H("d79e1c308aa5bbcdeea8ed63df412da9"));
+ test_hash(&nettle_md4, SDATA(""),
+ SHEX("31d6cfe0d16ae931b73c59d7e0c089c0"));
+ test_hash(&nettle_md4, SDATA("a"),
+ SHEX("bde52cb31de33e46245e05fbdbd6fb24"));
+ test_hash(&nettle_md4, SDATA("abc"),
+ SHEX("a448017aaf21d8525fc10ae87aa6729d"));
+ test_hash(&nettle_md4, SDATA("message digest"),
+ SHEX("d9130a8164549fe818874806e1c7014b"));
+ test_hash(&nettle_md4, SDATA("abcdefghijklmnopqrstuvwxyz"),
+ SHEX("d79e1c308aa5bbcdeea8ed63df412da9"));
test_hash(&nettle_md4,
- LDATA("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+ SDATA("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
"0123456789"),
- H("043f8582f241db351ce627e153e7f0e4"));
+ SHEX("043f8582f241db351ce627e153e7f0e4"));
test_hash(&nettle_md4,
- LDATA("12345678901234567890123456789012345678901234567890"
+ SDATA("12345678901234567890123456789012345678901234567890"
"123456789012345678901234567890"),
- H("e33b4ddc9c38f2199c3e7b164fcc0536"));
+ SHEX("e33b4ddc9c38f2199c3e7b164fcc0536"));
/* Additional test vectors, from Daniel Kahn Gillmor */
- test_hash(&nettle_md4, LDATA("38"),
- H("ae9c7ebfb68ea795483d270f5934b71d"));
- test_hash(&nettle_md4, LDATA("abc"),
- H("a448017aaf21d8525fc10ae87aa6729d"));
- test_hash(&nettle_md4, LDATA("message digest"),
- H("d9130a8164549fe818874806e1c7014b"));
- test_hash(&nettle_md4, LDATA("abcdefghijklmnopqrstuvwxyz"),
- H("d79e1c308aa5bbcdeea8ed63df412da9"));
-
- SUCCESS();
+ test_hash(&nettle_md4, SDATA("38"),
+ SHEX("ae9c7ebfb68ea795483d270f5934b71d"));
+ test_hash(&nettle_md4, SDATA("abc"),
+ SHEX("a448017aaf21d8525fc10ae87aa6729d"));
+ test_hash(&nettle_md4, SDATA("message digest"),
+ SHEX("d9130a8164549fe818874806e1c7014b"));
+ test_hash(&nettle_md4, SDATA("abcdefghijklmnopqrstuvwxyz"),
+ SHEX("d79e1c308aa5bbcdeea8ed63df412da9"));
}
#include "testutils.h"
#include "md5-compat.h"
-int
+void
test_main(void)
{
MD5_CTX ctx;
MD5Init(&ctx);
MD5Final(digest, &ctx);
- if (!MEMEQ(MD5_DIGEST_SIZE, digest, H("D41D8CD98F00B204 E9800998ECF8427E")))
- FAIL();
+ ASSERT(MEMEQ(MD5_DIGEST_SIZE, digest,
+ H("D41D8CD98F00B204 E9800998ECF8427E")));
MD5Init(&ctx);
MD5Update(&ctx, "a", 1);
MD5Final(digest, &ctx);
-
- if (!MEMEQ(MD5_DIGEST_SIZE, digest, H("0CC175B9C0F1B6A8 31C399E269772661")))
- FAIL();
+ ASSERT(MEMEQ(MD5_DIGEST_SIZE, digest,
+ H("0CC175B9C0F1B6A8 31C399E269772661")));
MD5Init(&ctx);
MD5Update(&ctx, "abc", 3);
MD5Final(digest, &ctx);
-
- if (!MEMEQ(MD5_DIGEST_SIZE, digest, H("900150983cd24fb0 D6963F7D28E17F72")))
- FAIL();
+ ASSERT(MEMEQ(MD5_DIGEST_SIZE, digest,
+ H("900150983cd24fb0 D6963F7D28E17F72")));
MD5Init(&ctx);
MD5Update(&ctx, "message digest", 14);
MD5Final(digest, &ctx);
-
- if (!MEMEQ(MD5_DIGEST_SIZE, digest, H("F96B697D7CB7938D 525A2F31AAF161D0")))
- FAIL();
+ ASSERT(MEMEQ(MD5_DIGEST_SIZE, digest,
+ H("F96B697D7CB7938D 525A2F31AAF161D0")));
MD5Init(&ctx);
MD5Update(&ctx, "abcdefghijklmnopqrstuvwxyz", 26);
MD5Final(digest, &ctx);
-
- if (!MEMEQ(MD5_DIGEST_SIZE, digest, H("C3FCD3D76192E400 7DFB496CCA67E13B")))
- FAIL();
+ ASSERT(MEMEQ(MD5_DIGEST_SIZE, digest,
+ H("C3FCD3D76192E400 7DFB496CCA67E13B")));
MD5Init(&ctx);
MD5Update(&ctx, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", 62);
MD5Final(digest, &ctx);
-
- if (!MEMEQ(MD5_DIGEST_SIZE, digest, H("D174AB98D277D9F5 A5611C2C9F419D9F")))
- FAIL();
+ ASSERT(MEMEQ(MD5_DIGEST_SIZE, digest,
+ H("D174AB98D277D9F5 A5611C2C9F419D9F")));
MD5Init(&ctx);
MD5Update(&ctx, "1234567890123456789012345678901234567890"
"1234567890123456789012345678901234567890",
80);
MD5Final(digest, &ctx);
-
- if (!MEMEQ(MD5_DIGEST_SIZE, digest, H("57EDF4A22BE3C955 AC49DA2E2107B67A")))
- FAIL();
-
- SUCCESS();
+ ASSERT(MEMEQ(MD5_DIGEST_SIZE, digest,
+ H("57EDF4A22BE3C955 AC49DA2E2107B67A")));
}
#include "testutils.h"
#include "md5.h"
-int
+void
test_main(void)
{
- test_hash(&nettle_md5, 0, "",
- H("D41D8CD98F00B204 E9800998ECF8427E"));
+ test_hash(&nettle_md5, SDATA(""),
+ SHEX("D41D8CD98F00B204 E9800998ECF8427E"));
- test_hash(&nettle_md5, 1, "a",
- H("0CC175B9C0F1B6A8 31C399E269772661"));
+ test_hash(&nettle_md5, SDATA("a"),
+ SHEX("0CC175B9C0F1B6A8 31C399E269772661"));
- test_hash(&nettle_md5, 3, "abc",
- H("900150983cd24fb0 D6963F7D28E17F72"));
+ test_hash(&nettle_md5, SDATA("abc"),
+ SHEX("900150983cd24fb0 D6963F7D28E17F72"));
- test_hash(&nettle_md5, 14, "message digest",
- H("F96B697D7CB7938D 525A2F31AAF161D0"));
+ test_hash(&nettle_md5, SDATA("message digest"),
+ SHEX("F96B697D7CB7938D 525A2F31AAF161D0"));
- test_hash(&nettle_md5, 26, "abcdefghijklmnopqrstuvwxyz",
- H("C3FCD3D76192E400 7DFB496CCA67E13B"));
+ test_hash(&nettle_md5, SDATA("abcdefghijklmnopqrstuvwxyz"),
+ SHEX("C3FCD3D76192E400 7DFB496CCA67E13B"));
- test_hash(&nettle_md5, 62,
- "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
- "abcdefghijklmnopqrstuvwxyz"
- "0123456789",
- H("D174AB98D277D9F5 A5611C2C9F419D9F"));
+ test_hash(&nettle_md5,
+ SDATA("ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "abcdefghijklmnopqrstuvwxyz"
+ "0123456789"),
+ SHEX("D174AB98D277D9F5 A5611C2C9F419D9F"));
- test_hash(&nettle_md5, 80,
- "1234567890123456789012345678901234567890"
- "1234567890123456789012345678901234567890",
- H("57EDF4A22BE3C955 AC49DA2E2107B67A"));
+ test_hash(&nettle_md5,
+ SDATA("1234567890123456789012345678901234567890"
+ "1234567890123456789012345678901234567890"),
+ SHEX("57EDF4A22BE3C955 AC49DA2E2107B67A"));
/* Additional test vector, from Daniel Kahn Gillmor */
- test_hash(&nettle_md5, LDATA("38"),
- H("a5771bce93e200c3 6f7cd9dfd0e5deaa"));
+ test_hash(&nettle_md5, SDATA("38"),
+ SHEX("a5771bce93e200c3 6f7cd9dfd0e5deaa"));
/* Collisions, reported by Xiaoyun Wang1, Dengguo Feng2, Xuejia
Lai3, Hongbo Yu1, http://eprint.iacr.org/2004/199. */
#define H1 "79054025 255fb1a2 6e4bc422 aef54eb4"
test_hash(&nettle_md5,
- HL(M0 N0), H(H0));
+ SHEX(M0 N0), SHEX(H0));
test_hash(&nettle_md5,
- HL(M1 N1), H(H0));
+ SHEX(M1 N1), SHEX(H0));
test_hash(&nettle_md5,
- HL(M0 N2), H(H1));
+ SHEX(M0 N2), SHEX(H1));
test_hash(&nettle_md5,
- HL(M1 N3), H(H1));
-
- SUCCESS();
+ SHEX(M1 N3), SHEX(H1));
}
/* Intermediate values for the single _nettle_md5_compress call for
--- /dev/null
+#include "testutils.h"
+#include "memxor.h"
+
+#define MAX_SIZE 256
+#define ALIGN_SIZE 16
+
+static uint8_t *
+set_align(uint8_t *buf, unsigned align)
+{
+ unsigned offset;
+ /* An extra redzone char at the beginning */
+ buf++;
+ offset = (uintptr_t) (buf) % ALIGN_SIZE;
+
+ if (offset < align)
+ buf += (align - offset);
+ else if (offset > align)
+ buf += (align + ALIGN_SIZE - offset);
+
+ return buf;
+}
+
+static void
+test_memxor (const uint8_t *a, const uint8_t *b, const uint8_t *c,
+ size_t size, unsigned align_dst, unsigned align_src)
+{
+ uint8_t dst_buf[MAX_SIZE + ALIGN_SIZE + 1];
+ uint8_t src_buf[MAX_SIZE + ALIGN_SIZE + 1];
+
+ uint8_t *dst = set_align (dst_buf, align_dst);
+ uint8_t *src = set_align (src_buf, align_src);
+
+ if (verbose)
+ fprintf(stderr, "size = %d, align_dst = %d, align_src = %d\n",
+ (int) size, align_dst, align_src);
+
+ memcpy (dst, a, size);
+ dst[-1] = 17;
+ dst[size] = 17;
+
+ memcpy (src, b, size);
+ memxor (dst, src, size);
+
+ ASSERT (MEMEQ (size, dst, c));
+ ASSERT (dst[-1] == 17);
+ ASSERT (dst[size] == 17);
+}
+
+static void
+test_memxor3 (const uint8_t *ain, const uint8_t *bin, const uint8_t *c,
+ size_t size, unsigned align_dst, unsigned align_a, unsigned align_b)
+{
+ uint8_t dst_buf[MAX_SIZE + ALIGN_SIZE + 1];
+ uint8_t a_buf[MAX_SIZE + ALIGN_SIZE + 1];
+ uint8_t b_buf[MAX_SIZE + ALIGN_SIZE + 1];
+
+ uint8_t *dst = set_align (dst_buf, align_dst);
+ uint8_t *a = set_align (a_buf, align_a);
+ uint8_t *b = set_align (b_buf, align_b);
+
+ if (verbose)
+ fprintf(stderr, "size = %d, align_dst = %d, align_a = %d, align_b = %d\n",
+ (int) size, align_dst, align_a, align_b);
+
+ memset (dst, 0, size);
+ dst[-1] = 17;
+ dst[size] = 17;
+
+ memcpy (a, ain, size);
+ memcpy (b, bin, size);
+ memxor3 (dst, a, b, size);
+
+ ASSERT (MEMEQ (size, dst, c));
+ ASSERT (dst[-1] == 17);
+ ASSERT (dst[size] == 17);
+}
+
+void
+test_main(void)
+{
+ const uint8_t *a = H("ecc8737f 38f2f9e8 86b9d84c 42a9c7ef"
+ "27a50860 49c6be97 c5cc6c35 3981b367"
+ "f8b4397b 951e3b2f 35749fe1 25884fa6"
+ "9361c97a ab1c6cce 494efb5a 1f108411"
+ "21dc6386 e81b2410 2f04c29d e0ca1135"
+ "c9f96f2e bb5b2e2d 8cb45df9 50c4755a"
+ "362b7ead 4b930010 cbc69834 66221ba8"
+ "c0b8d7ac 7ec3b700 6bdb1a3b 599f3e76"
+ "a7e66a29 ee1fb98c 60a66c9e 0a1d9c49"
+ "6367afc7 362d6ae1 f8799443 17e2b1a1"
+ "ff1cc03c 9e2728ca a1f6598f 5a61bd56"
+ "0826effc f3499da7 119249b6 fd643cd4"
+ "2e7c74b0 f775fda4 a5617138 1e8520bf"
+ "f17de57a decc36b6 9eceee6e d448f592"
+ "be77a67a 1b91a5b3 62fab868 dcb046f6"
+ "394b5335 b2eaa351 fc4456e4 35bb9c54");
+
+ const uint8_t *b = H("cac458ad fe87e226 6cb0ce3d cfa5cb3b"
+ "963d0034 5811bb9e acf4675b 7464f800"
+ "4b1bcff2 b2fa5dd0 0576aea6 888b8150"
+ "bcba48f1 49bc33d2 e138b0d0 a29b486e"
+ "f7e143c6 f9959596 6aaa4493 b0bea6f8"
+ "1d778513 a3bfec7e 70cfe6a7 e31ad041"
+ "5fe3371b 63aba991 dab9a3db 66310ebc"
+ "24c2765d a722a131 2fc4d366 1f2e3388"
+ "7e5b26d5 7b34bf4c 655d19da d1335362"
+ "2fbc0d5d cc68c811 ef735c20 352986ef"
+ "f47ac5c9 afa77f5a 20da6dd3 eb9dfb34"
+ "0cdbf792 caf0d633 61d908da a4c0f2a9"
+ "be7a573e 3b8d161c 47fc19be e47d7edc"
+ "e5f00dae f64cbbb4 a081e1f0 381833d8"
+ "30d302ff eed61887 3390d6b2 0048ac32"
+ "9c6b2981 a224dcc1 6b1feebe 15834b1a");
+
+ const uint8_t *c = H("260c2bd2 c6751bce ea091671 8d0c0cd4"
+ "b1980854 11d70509 69380b6e 4de54b67"
+ "b3aff689 27e466ff 30023147 ad03cef6"
+ "2fdb818b e2a05f1c a8764b8a bd8bcc7f"
+ "d63d2040 118eb186 45ae860e 5074b7cd"
+ "d48eea3d 18e4c253 fc7bbb5e b3dea51b"
+ "69c849b6 2838a981 117f3bef 00131514"
+ "e47aa1f1 d9e11631 441fc95d 46b10dfe"
+ "d9bd4cfc 952b06c0 05fb7544 db2ecf2b"
+ "4cdba29a fa45a2f0 170ac863 22cb374e"
+ "0b6605f5 31805790 812c345c b1fc4662"
+ "04fd186e 39b94b94 704b416c 59a4ce7d"
+ "9006238e ccf8ebb8 e29d6886 faf85e63"
+ "148de8d4 28808d02 3e4f0f9e ec50c64a"
+ "8ea4a485 f547bd34 516a6eda dcf8eac4"
+ "a5207ab4 10ce7f90 975bb85a 2038d74e");
+
+ const int size[] = {
+ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16,
+ 17, 23, 24, 25, 30, 31, 32, 33, 34, 35, 36, 37,
+ 250, 251, 252, 253,254, 255, 256, -1
+ };
+
+ unsigned i, align_dst, align_a, align_b;
+ for (i = 0; size[i] >= 0; i++)
+ for (align_dst = 0; align_dst < ALIGN_SIZE; align_dst++)
+ for (align_a = 0; align_a < ALIGN_SIZE; align_a++)
+ {
+ test_memxor (a, b, c, size[i], align_dst, align_a);
+ for (align_b = 0; align_b < ALIGN_SIZE; align_b++)
+ test_memxor3 (a, b, c, size[i], align_dst, align_a, align_b);
+ }
+}
--- /dev/null
+#include "testutils.h"
+#include "nettle-meta.h"
+
+const char* armors[] = {
+ "base16",
+ "base64"
+};
+
+void
+test_main(void)
+{
+ int i,j;
+ int count = sizeof(armors)/sizeof(*armors);
+ for (i = 0; i < count; i++) {
+ for (j = 0; NULL != nettle_armors[j]; j++) {
+ if (0 == strcmp(armors[i], nettle_armors[j]->name))
+ break;
+ }
+ ASSERT(NULL != nettle_armors[j]); /* make sure we found a matching armor */
+ }
+ j = 0;
+ while (NULL != nettle_armors[j])
+ j++;
+ ASSERT(j == count); /* we are not missing testing any armors */
+}
+
--- /dev/null
+#include "testutils.h"
+#include "nettle-meta.h"
+
+const char* ciphers[] = {
+ "aes128",
+ "aes192",
+ "aes256",
+ "arctwo40",
+ "arctwo64",
+ "arctwo128",
+ "arctwo_gutmann128",
+ "arcfour128",
+ "camellia128",
+ "camellia192",
+ "camellia256",
+ "cast128",
+ "serpent128",
+ "serpent192",
+ "serpent256",
+ "twofish128",
+ "twofish192",
+ "twofish256"
+};
+
+void
+test_main(void)
+{
+ int i,j;
+ int count = sizeof(ciphers)/sizeof(*ciphers);
+ for (i = 0; i < count; i++) {
+ for (j = 0; NULL != nettle_ciphers[j]; j++) {
+ if (0 == strcmp(ciphers[i], nettle_ciphers[j]->name))
+ break;
+ }
+ ASSERT(NULL != nettle_ciphers[j]); /* make sure we found a matching cipher */
+ }
+ j = 0;
+ while (NULL != nettle_ciphers[j])
+ j++;
+ ASSERT(j == count); /* we are not missing testing any ciphers */
+}
+
--- /dev/null
+#include "testutils.h"
+#include "nettle-internal.h"
+#include "nettle-meta.h"
+
+const char* hashes[] = {
+ "md2",
+ "md4",
+ "md5",
+ "ripemd160",
+ "sha1",
+ "sha224",
+ "sha256",
+ "sha384",
+ "sha512"
+};
+
+void
+test_main(void)
+{
+ int i,j;
+ int count = sizeof(hashes)/sizeof(*hashes);
+ for (i = 0; i < count; i++) {
+ for (j = 0; NULL != nettle_hashes[j]; j++) {
+ if (0 == strcmp(hashes[i], nettle_hashes[j]->name))
+ break;
+ }
+ ASSERT(NULL != nettle_hashes[j]); /* make sure we found a matching hash */
+ }
+ j = 0;
+ while (NULL != nettle_hashes[j])
+ j++;
+ ASSERT(j == count); /* we are not missing testing any hashes */
+ for (j = 0; NULL != nettle_hashes[j]; j++)
+ ASSERT(nettle_hashes[j]->digest_size <= NETTLE_MAX_HASH_DIGEST_SIZE);
+}
+
--- /dev/null
+#include "testutils.h"
+#include "hmac.h"
+#include "pbkdf2.h"
+
+/* NOTE: The salt argument is expected to expand to length, data */
+#define PBKDF2_TEST(ctx, update, digest, size, c, salt, expect) \
+ do { \
+ dk[expect->length] = 17; \
+ PBKDF2 (ctx, update, digest, size, c, salt, expect->length, dk); \
+ ASSERT(MEMEQ (expect->length, dk, expect->data)); \
+ ASSERT(dk[expect->length] == 17); \
+ } while (0)
+
+#define PBKDF2_HMAC_TEST(f, key, c, salt, expect) \
+ do { \
+ dk[expect->length] = 17; \
+ f (key, c, salt, expect->length, dk); \
+ ASSERT(MEMEQ (expect->length, dk, expect->data)); \
+ ASSERT(dk[expect->length] == 17); \
+ } while (0)
+
+#define MAX_DKLEN SHA512_DIGEST_SIZE
+
+void
+test_main (void)
+{
+ uint8_t dk[MAX_DKLEN + 1];
+ struct hmac_sha1_ctx sha1ctx;
+ struct hmac_sha256_ctx sha256ctx;
+ struct hmac_sha512_ctx sha512ctx;
+
+ /* Test vectors for PBKDF2 from RFC 6070. */
+
+ hmac_sha1_set_key (&sha1ctx, 8, "password");
+
+ PBKDF2_TEST (&sha1ctx, hmac_sha1_update, hmac_sha1_digest, SHA1_DIGEST_SIZE,
+ 1, LDATA("salt"),
+ SHEX("0c60c80f961f0e71f3a9b524af6012062fe037a6"));
+
+ PBKDF2_TEST (&sha1ctx, hmac_sha1_update, hmac_sha1_digest, SHA1_DIGEST_SIZE,
+ 2, LDATA("salt"),
+ SHEX("ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957"));
+
+ PBKDF2_TEST (&sha1ctx, hmac_sha1_update, hmac_sha1_digest, SHA1_DIGEST_SIZE,
+ 4096, LDATA("salt"),
+ SHEX("4b007901b765489abead49d926f721d065a429c1"));
+
+#if 0 /* too slow */
+ PBKDF2_TEST (&sha1ctx, hmac_sha1_update, hmac_sha1_digest, SHA1_DIGEST_SIZE,
+ 16777216, LDATA("salt"),
+ SHEX("eefe3d61cd4da4e4e9945b3d6ba2158c2634e984"));
+#endif
+
+ hmac_sha1_set_key (&sha1ctx, 24, "passwordPASSWORDpassword");
+
+ PBKDF2_TEST (&sha1ctx, hmac_sha1_update, hmac_sha1_digest, SHA1_DIGEST_SIZE,
+ 4096, LDATA("saltSALTsaltSALTsaltSALTsaltSALTsalt"),
+ SHEX("3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038"));
+
+ hmac_sha1_set_key (&sha1ctx, 9, "pass\0word");
+
+ PBKDF2_TEST (&sha1ctx, hmac_sha1_update, hmac_sha1_digest, SHA1_DIGEST_SIZE,
+ 4096, LDATA("sa\0lt"),
+ SHEX("56fa6aa75548099dcc37d7f03425e0c3"));
+
+ /* PBKDF2-HMAC-SHA-256 test vectors confirmed with another
+ implementation. */
+
+ hmac_sha256_set_key (&sha256ctx, 6, "passwd");
+
+ PBKDF2_TEST (&sha256ctx, hmac_sha256_update, hmac_sha256_digest,
+ SHA256_DIGEST_SIZE, 1, LDATA("salt"),
+ SHEX("55ac046e56e3089fec1691c22544b605"));
+
+ hmac_sha256_set_key (&sha256ctx, 8, "Password");
+
+ PBKDF2_TEST (&sha256ctx, hmac_sha256_update, hmac_sha256_digest,
+ SHA256_DIGEST_SIZE, 80000, LDATA("NaCl"),
+ SHEX("4ddcd8f60b98be21830cee5ef22701f9"));
+
+ /* PBKDF2-HMAC-SHA-512 test vectors confirmed with another
+ implementation (python-pbkdf2).
+
+ >>> from pbkdf2 import PBKDF2
+ >>> import hmac as HMAC
+ >>> from hashlib import sha512 as SHA512
+ >>> PBKDF2("password", "salt", 50, macmodule=HMAC, digestmodule=SHA512).read(64).encode('hex')
+ */
+
+ hmac_sha512_set_key (&sha512ctx, 8, "password");
+ PBKDF2_TEST (&sha512ctx, hmac_sha512_update, hmac_sha512_digest,
+ SHA512_DIGEST_SIZE, 1, LDATA("NaCL"),
+ SHEX("73decfa58aa2e84f94771a75736bb88bd3c7b38270cfb50cb390ed78b305656af8148e52452b2216b2b8098b761fc6336060a09f76415e9f71ea47f9e9064306"));
+
+ hmac_sha512_set_key (&sha512ctx, 9, "pass\0word");
+ PBKDF2_TEST (&sha512ctx, hmac_sha512_update, hmac_sha512_digest,
+ SHA512_DIGEST_SIZE, 1, LDATA("sa\0lt"),
+ SHEX("71a0ec842abd5c678bcfd145f09d83522f93361560563c4d0d63b88329871090e76604a49af08fe7c9f57156c8790996b20f06bc535e5ab5440df7e878296fa7"));
+
+ hmac_sha512_set_key (&sha512ctx, 24, "passwordPASSWORDpassword");
+ PBKDF2_TEST (&sha512ctx, hmac_sha512_update, hmac_sha512_digest,
+ SHA512_DIGEST_SIZE, 50, LDATA("salt\0\0\0"),
+ SHEX("016871a4c4b75f96857fd2b9f8ca28023b30ee2a39f5adcac8c9375f9bda1ccd1b6f0b2fc3adda505412e79d890056c62e524c7d51154b1a8534575bd02dee39"));
+
+ /* Test convenience functions. */
+
+ PBKDF2_HMAC_TEST(pbkdf2_hmac_sha1, LDATA("password"), 1, LDATA("salt"),
+ SHEX("0c60c80f961f0e71f3a9b524af6012062fe037a6"));
+
+ PBKDF2_HMAC_TEST(pbkdf2_hmac_sha256, LDATA("passwd"), 1, LDATA("salt"),
+ SHEX("55ac046e56e3089fec1691c22544b605"));
+
+}
srcdir=`pwd`
fi
-[ -x ../tools/pkcs1-conv ] || exit 77
+[ -x ../tools/pkcs1-conv$EXEEXT ] || exit 77
# Private RSA key, generated by openssl
-../tools/pkcs1-conv >testkey.priv <<EOF || exit 1
+$EMULATOR ../tools/pkcs1-conv >testkey.priv <<EOF || exit 1
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQC3792bBgQ/mc8aYOFaLEJES/JipmLAeVgznob/Vrzvdcx+bl6L
6gTphctU9ToOLC049dZYW3DJ53owUmbQgqB0vvLTjM9lGSEw4oXLrp7x/XVo/fZM
-----END RSA PRIVATE KEY-----
EOF
-../tools/pkcs1-conv >testkey.pub <<EOF || exit 1
+$EMULATOR ../tools/pkcs1-conv >testkey.pub <<EOF || exit 1
# Corresponding public key
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3792bBgQ/mc8aYOFaLEJES/Ji
-----END PUBLIC KEY-----
EOF
-../examples/rsa-sign testkey.priv >testsignature <<EOF || exit 1
+$EMULATOR ../examples/rsa-sign testkey.priv >testtmp <<EOF || exit 1
gazonk
EOF
+tr -d '\r' < testtmp > testsignature
# Signature on the data "gazonk\n", using sha1 and the above key
cat > testsignature2 <<EOF && diff testsignature testsignature2 || exit 1
5c96ffe7e925224ce6e98648bf2ed3193cab2fc82af9c7fa7fdc5b623bde1d77c5409129d16d1127ae4fad519c24059fe85f4a4360a900f3dee906e6de2ecd010fa56c02d3f7d0772d43439464a91b025722a6f0b6cb65aee1017b29aff4511f90315caae0be74c2ac496474896e7e3ad200cb7c609ddef5c674272964e4b780
EOF
-../examples/rsa-verify testkey.pub testsignature <<EOF || exit 1
+$EMULATOR ../examples/rsa-verify testkey.pub testsignature <<EOF || exit 1
gazonk
EOF
#include "pkcs1.h"
-int
+void
test_main(void)
{
uint8_t buffer[16];
- uint8_t expected[16] = { 1, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ uint8_t expected[16] = { 0, 1, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0, 'a', 'b', 'c' };
- pkcs1_signature_prefix(sizeof(buffer), buffer,
- 3, "abc", 0);
+ _pkcs1_signature_prefix(sizeof(buffer), buffer,
+ 3, "abc", 0);
ASSERT(MEMEQ(sizeof(buffer), buffer, expected));
-
- SUCCESS();
}
#include "knuth-lfib.h"
-int
+void
test_main(void)
{
struct knuth_lfib_ctx lfib;
ASSERT (mpz_probab_prime_p(p, 25));
}
- SUCCESS();
+ mpz_clear(p);
}
--- /dev/null
+#include "testutils.h"
+#include "ripemd160.h"
+
+void
+test_main(void)
+{
+ test_hash(&nettle_ripemd160, SDATA(""),
+ SHEX("9c1185a5c5e9fc54612808977ee8f548b2258d31"));
+
+ test_hash(&nettle_ripemd160, SDATA("a"),
+ SHEX("0bdc9d2d256b3ee9daae347be6f4dc835a467ffe"));
+
+ test_hash(&nettle_ripemd160, SDATA("abc"),
+ SHEX("8eb208f7e05d987a9b044a8e98c6b087f15a0bfc"));
+
+ test_hash(&nettle_ripemd160, SDATA("abcdefghijklmnopqrstuvwxyz"),
+ SHEX("f71c27109c692c1b56bbdceb5b9d2865b3708dbc"));
+
+ test_hash(&nettle_ripemd160, SDATA("message digest"),
+ SHEX("5d0689ef49d2fae572b881b123a85ffa21595f36"));
+
+ test_hash(&nettle_ripemd160,
+ SDATA("ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "abcdefghijklmnopqrstuvwxyz0123456789"),
+ SHEX("b0e20b6e3116640286ed3a87a5713079b21f5189"));
+
+ test_hash(&nettle_ripemd160,
+ SDATA("1234567890123456789012345678901234567890"
+ "1234567890123456789012345678901234567890"),
+ SHEX("9b752e45573d4b39f4dbd3323cab82bf63326bfb"));
+
+ /* Additional test vector, from Daniel Kahn Gillmor */
+ test_hash(&nettle_ripemd160, SDATA("38"),
+ SHEX("6b2d075b1cd34cd1c3e43a995f110c55649dad0e"));
+}
#include "rsa.h"
#include "knuth-lfib.h"
-int
+void
test_main(void)
{
struct rsa_public_key pub;
uint8_t *decrypted;
unsigned decrypted_length;
-
+ uint8_t after;
+
mpz_t gibberish;
rsa_private_key_init(&key);
decrypted = xalloc(msg_length + 1);
+ knuth_lfib_random (&lfib, msg_length + 1, decrypted);
+ after = decrypted[msg_length];
+
decrypted_length = msg_length - 1;
ASSERT(!rsa_decrypt(&key, &decrypted_length, decrypted, gibberish));
ASSERT(rsa_decrypt(&key, &decrypted_length, decrypted, gibberish));
ASSERT(decrypted_length == msg_length);
ASSERT(MEMEQ(msg_length, msg, decrypted));
+ ASSERT(decrypted[msg_length] == after);
+
+ knuth_lfib_random (&lfib, msg_length + 1, decrypted);
+ after = decrypted[msg_length];
decrypted_length = key.size;
ASSERT(rsa_decrypt(&key, &decrypted_length, decrypted, gibberish));
ASSERT(decrypted_length == msg_length);
ASSERT(MEMEQ(msg_length, msg, decrypted));
+ ASSERT(decrypted[msg_length] == after);
+ knuth_lfib_random (&lfib, msg_length + 1, decrypted);
+ after = decrypted[msg_length];
+
+ decrypted_length = msg_length;
+ ASSERT(rsa_decrypt_tr(&pub, &key,
+ &lfib, (nettle_random_func *) knuth_lfib_random,
+ &decrypted_length, decrypted, gibberish));
+ ASSERT(decrypted_length == msg_length);
+ ASSERT(MEMEQ(msg_length, msg, decrypted));
+ ASSERT(decrypted[msg_length] == after);
+
rsa_private_key_clear(&key);
rsa_public_key_clear(&pub);
mpz_clear(gibberish);
free(decrypted);
- SUCCESS();
}
fputc(c, stderr);
}
-int
+void
test_main(void)
{
struct rsa_public_key pub;
/* Generate a 1024 bit key with random e */
knuth_lfib_init(&lfib, 13);
- if (!rsa_generate_keypair(&pub, &key,
- &lfib, (nettle_random_func *) knuth_lfib_random,
- NULL, verbose ? progress : NULL,
- 1024, 50))
- FAIL();
+ ASSERT (rsa_generate_keypair(&pub, &key,
+ &lfib,
+ (nettle_random_func *) knuth_lfib_random,
+ NULL, verbose ? progress : NULL,
+ 1024, 50));
test_rsa_key(&pub, &key);
-
+
mpz_set_str(expected,
- "2554579b857a9da3" "409dbd65c994b701" "aabf7347a78bd730"
- "1525b5f511f326dd" "c05e1fd6c282faed" "6c79a4eb30539f10"
- "46db024fe33174f5" "441da5fa175bf781" "8f7117c86cdacf9a"
- "4589c048cc013eca" "7536d0868aca610a" "c20718e3fec3e835"
- "f6c2fd920cba1be9" "e94a6c7238d9b2ee" "67ecc9f3d4a9a487"
- "042190b66582b36a", 16);
+ "31ee088024b66f28" "e182fa07e60f7864" "636eea21cf74c804"
+ "02a9c29ebd00933d" "8fae3ddf029d18e0" "1b5498c70a4b68fd"
+ "d3135748424e8caf" "43ee86068f250c92" "8da001d09f68c433"
+ "96f2c2a42eaed7e5" "8934a052faa38b2c" "f2ac04cc91bd0d15"
+ "4f60b16dc9045b08" "2ea1372717fd7f9c" "1e9cc383b7d5b909"
+ "72e3126df060ef79" , 16);
test_rsa_md5(&pub, &key, expected);
knuth_lfib_init(&lfib, 17);
mpz_set_ui(pub.e, 17);
- if (!rsa_generate_keypair(&pub, &key,
- &lfib, (nettle_random_func *) knuth_lfib_random,
- NULL, verbose ? progress : NULL,
- 2000, 0))
- FAIL();
+ ASSERT (rsa_generate_keypair(&pub, &key,
+ &lfib,
+ (nettle_random_func *) knuth_lfib_random,
+ NULL, verbose ? progress : NULL,
+ 2000, 0));
test_rsa_key(&pub, &key);
mpz_set_str(expected,
- "8c57dfb754270179" "600aced45b45490a" "56715da51f8d029d"
- "057b58187670f9e4" "1a2da64cd3435483" "16b26c860ca97aed"
- "fd3ebf5e3dd97226" "1d1b5536da483863" "f9ad5f47437e7a2a"
- "0119bb0045c64f5a" "cb634d7aff7051b4" "3d01b1c8bc13cc93"
- "0799d57ada86394f" "1286b5ae9480d167" "8f48e9e78bf3ea4f"
- "1ed9a9e381c8f046" "3a25bf30238e7c59" "1c9998255141f628"
- "68e8a01871587152" "38df08281894a5b9" "e9026b55337f9f29"
- "240793935b05162b" "8fa8d2390d7cb407" "52413dd5f7bccdad"
- "232e1c27bae30548" "09797991e13dee5d" "c688985433e63050"
- "6d9a171e144ef442" "eb001166bd95bcdd" "92b3c2e0bd4012a2"
- "2dd05cb032f6ab6b" "dd7c", 16);
+ "892ef7cda3b0b501" "85de20b93340316e" "b35ac9c193f1f5a3"
+ "9e6c1c327b9c36b8" "d4f1d41653b48fbd" "0c49e48bbdc46ced"
+ "13b3f6426e8a1780" "55b9077ba59ce748" "a325563c3b4bdf78"
+ "acdcdd556f5de3cf" "70257c3b334ba360" "5625ebda869c8058"
+ "b95b40c1e75eb91b" "776e83c0224757c6" "b61266cb1739df1a"
+ "c7fcc09194c575b5" "af4f3eb8e3aa3900" "22b72fb6e950c355"
+ "88743bab32c3a214" "ea5865e2f5c41d67" "12e745496890fc9d"
+ "7944a759f39d7b57" "e365d8d3f6ac2dd4" "052b6a2e58a6af82"
+ "b0d67e7fe09045d9" "bc965e260cf3c9a9" "3bfaa09bdd076dc2"
+ "c0ab48ce5b67105c" "cad90dcfc11cd713" "e64478d2d7ea42dd"
+ "fd040793c487588d" "6218" , 16);
test_rsa_sha1(&pub, &key, expected);
rsa_private_key_clear(&key);
rsa_public_key_clear(&pub);
mpz_clear(expected);
-
- SUCCESS();
}
#include "testutils.h"
-int
+void
test_main(void)
{
struct rsa_public_key pub;
mpz_set_str(pub.e, "3f1a012d", 16);
- if (!rsa_public_key_prepare(&pub))
- FAIL();
+ ASSERT (rsa_public_key_prepare(&pub));
mpz_set_str(key.p,
"0b73c990eeda0a2a" "2c26416052c85560" "0c5c0f5ce86a8326"
"05e1831619db2f10" "bb9b6a8fd5c95df2" "eb78f303ea0c0cc8"
"06", 16);
- if (!rsa_private_key_prepare(&key))
- FAIL();
-
- if (pub.size != key.size)
- FAIL();
+ ASSERT (rsa_private_key_prepare(&key));
+ ASSERT (pub.size == key.size);
/* Test md5 signatures */
mpz_set_str(expected,
rsa_private_key_clear(&key);
rsa_public_key_clear(&pub);
mpz_clear(expected);
-
- SUCCESS();
}
#include "buffer.h"
-int
+void
test_main(void)
{
struct rsa_public_key pub;
print_hex(buffer.size, buffer.contents);
}
- ASSERT(MEMEQH(buffer.size, buffer.contents,
- "2831313a707269766174652d6b657928"
- "333a72736128313a6e36333a085c3408"
- "989acae4faec3cbbad91c90d34c1d259"
- "cd74121a36f38b0b51424a9b2be514a0"
- "4377113a6cdafe79dd7d5f2ecc8b5e96"
- "61189b86a7b22239907c252928313a65"
- "343a36ad4b1d2928313a6436333a06ee"
- "6d4ff3c239e408150daf8117abfa36a4"
- "0ad4455d9059a86d52f33a2de07418a0"
- "a699594588c64810248c9412d554f74a"
- "f947c73c32007e87c92f0937ed292831"
- "3a7033323a03259879b24315e9cf1425"
- "4824c7935d807cdb6990f414a0f65e60"
- "65130a611f2928313a7133323a02a81b"
- "a73bad45fc73b36deffce52d1b73e074"
- "7f4d8a82648cecd310448ea63b292831"
- "3a6133323a026cbdad5dd0046e093f06"
- "0ecd5b4ac918e098b0278bb752b7cadd"
- "6a8944f0b92928313a6233323a014875"
- "1e622d6d58e3bb094afd6edacf737035"
- "1d068e2ce9f565c5528c4a7473292831"
- "3a6333323a00f8a458ea73a018dc6fa5"
- "6863e3bc6de405f364f77dee6f096267"
- "9ea1a8282e292929"));
+ ASSERT(MEMEQ(buffer.size, buffer.contents,
+ H("2831313a707269766174652d6b657928"
+ "333a72736128313a6e36333a085c3408"
+ "989acae4faec3cbbad91c90d34c1d259"
+ "cd74121a36f38b0b51424a9b2be514a0"
+ "4377113a6cdafe79dd7d5f2ecc8b5e96"
+ "61189b86a7b22239907c252928313a65"
+ "343a36ad4b1d2928313a6436333a06ee"
+ "6d4ff3c239e408150daf8117abfa36a4"
+ "0ad4455d9059a86d52f33a2de07418a0"
+ "a699594588c64810248c9412d554f74a"
+ "f947c73c32007e87c92f0937ed292831"
+ "3a7033323a03259879b24315e9cf1425"
+ "4824c7935d807cdb6990f414a0f65e60"
+ "65130a611f2928313a7133323a02a81b"
+ "a73bad45fc73b36deffce52d1b73e074"
+ "7f4d8a82648cecd310448ea63b292831"
+ "3a6133323a026cbdad5dd0046e093f06"
+ "0ecd5b4ac918e098b0278bb752b7cadd"
+ "6a8944f0b92928313a6233323a014875"
+ "1e622d6d58e3bb094afd6edacf737035"
+ "1d068e2ce9f565c5528c4a7473292831"
+ "3a6333323a00f8a458ea73a018dc6fa5"
+ "6863e3bc6de405f364f77dee6f096267"
+ "9ea1a8282e292929")));
nettle_buffer_clear(&buffer);
ASSERT(rsa_keypair_to_sexp(&buffer, NULL, &pub, NULL));
printf("public:");
print_hex(buffer.size, buffer.contents);
}
- ASSERT(MEMEQH(buffer.size, buffer.contents,
- "2831303a7075626c69632d6b65792839"
- "3a7273612d706b63733128313a6e3633"
- "3a085c3408989acae4faec3cbbad91c9"
- "0d34c1d259cd74121a36f38b0b51424a"
- "9b2be514a04377113a6cdafe79dd7d5f"
- "2ecc8b5e9661189b86a7b22239907c25"
- "2928313a65343a36ad4b1d292929"));
+ ASSERT(MEMEQ(buffer.size, buffer.contents,
+ H("2831303a7075626c69632d6b65792839"
+ "3a7273612d706b63733128313a6e3633"
+ "3a085c3408989acae4faec3cbbad91c9"
+ "0d34c1d259cd74121a36f38b0b51424a"
+ "9b2be514a04377113a6cdafe79dd7d5f"
+ "2ecc8b5e9661189b86a7b22239907c25"
+ "2928313a65343a36ad4b1d292929")));
+ nettle_buffer_clear(&buffer);
rsa_public_key_clear(&pub);
rsa_private_key_clear(&priv);
-
- SUCCESS();
}
--- /dev/null
+#include "testutils.h"
+#include "salsa20.h"
+
+#include "memxor.h"
+
+static int
+memzero_p (const uint8_t *p, size_t n)
+{
+ size_t i;
+ for (i = 0; i < n; i++)
+ if (p[i])
+ return 0;
+ return 1;
+}
+
+/* The ecrypt testcases encrypt 512 zero bytes (8 blocks), then give
+ the xor of all blocks, and the data for block 0 (0-63), 3,4
+ (192-319), 7 (448-511) */
+
+#define STREAM_LENGTH 512
+static void
+test_salsa20_stream(const struct tstring *key,
+ const struct tstring *iv,
+ const struct tstring *ciphertext,
+ const struct tstring *xor_ref)
+{
+ struct salsa20_ctx ctx;
+ uint8_t data[STREAM_LENGTH + 1];
+ uint8_t stream[STREAM_LENGTH + 1];
+ uint8_t xor[SALSA20_BLOCK_SIZE];
+ unsigned j;
+
+ ASSERT (iv->length == SALSA20_IV_SIZE);
+ ASSERT (ciphertext->length == 4*SALSA20_BLOCK_SIZE);
+ ASSERT (xor_ref->length == SALSA20_BLOCK_SIZE);
+
+ salsa20_set_key(&ctx, key->length, key->data);
+ salsa20_set_iv(&ctx, iv->data);
+ memset(stream, 0, STREAM_LENGTH + 1);
+ salsa20_crypt(&ctx, STREAM_LENGTH, stream, stream);
+ if (stream[STREAM_LENGTH])
+ {
+ fprintf(stderr, "Stream of %d bytes wrote too much!\n", STREAM_LENGTH);
+ FAIL();
+ }
+ if (!MEMEQ (64, stream, ciphertext->data))
+ {
+ fprintf(stderr, "Error failed, offset 0:\n");
+ fprintf(stderr, "\nOutput: ");
+ print_hex(64, stream);
+ fprintf(stderr, "\nExpected:");
+ print_hex(64, ciphertext->data);
+ fprintf(stderr, "\n");
+ FAIL();
+ }
+ if (!MEMEQ (128, stream + 192, ciphertext->data + 64))
+ {
+ fprintf(stderr, "Error failed, offset 192:\n");
+ fprintf(stderr, "\nOutput: ");
+ print_hex(128, stream + 192);
+ fprintf(stderr, "\nExpected:");
+ print_hex(64, ciphertext->data + 64);
+ fprintf(stderr, "\n");
+ FAIL();
+ }
+ if (!MEMEQ (64, stream + 448, ciphertext->data + 192))
+ {
+ fprintf(stderr, "Error failed, offset 448:\n");
+ fprintf(stderr, "\nOutput: ");
+ print_hex(64, stream + 448);
+ fprintf(stderr, "\nExpected:");
+ print_hex(64, ciphertext->data + 192);
+ fprintf(stderr, "\n");
+ FAIL();
+ }
+
+ memxor3 (xor, stream, stream + SALSA20_BLOCK_SIZE, SALSA20_BLOCK_SIZE);
+ for (j = 2*SALSA20_BLOCK_SIZE; j < STREAM_LENGTH; j += SALSA20_BLOCK_SIZE)
+ memxor (xor, stream + j, SALSA20_BLOCK_SIZE);
+
+ if (!MEMEQ (SALSA20_BLOCK_SIZE, xor, xor_ref->data))
+ {
+ fprintf(stderr, "Error failed, bad xor 448:\n");
+ fprintf(stderr, "\nOutput: ");
+ print_hex(SALSA20_BLOCK_SIZE, xor);
+ fprintf(stderr, "\nExpected:");
+ print_hex(SALSA20_BLOCK_SIZE, xor_ref->data);
+ fprintf(stderr, "\n");
+ FAIL();
+ }
+
+ for (j = 1; j <= STREAM_LENGTH; j++)
+ {
+ memset(data, 0, STREAM_LENGTH + 1);
+ salsa20_set_iv(&ctx, iv->data);
+ salsa20_crypt(&ctx, j, data, data);
+
+ if (!MEMEQ(j, data, stream))
+ {
+ fprintf(stderr, "Encrypt failed for length %u:\n", j);
+ fprintf(stderr, "\nOutput: ");
+ print_hex(j, data);
+ fprintf(stderr, "\nExpected:");
+ print_hex(j, stream);
+ fprintf(stderr, "\n");
+ FAIL();
+ }
+ if (!memzero_p (data + j, STREAM_LENGTH + 1 - j))
+ {
+ fprintf(stderr, "Encrypt failed for length %u, wrote too much:\n", j);
+ fprintf(stderr, "\nOutput: ");
+ print_hex(STREAM_LENGTH + 1 - j, data + j);
+ fprintf(stderr, "\n");
+ FAIL();
+ }
+ }
+}
+
+typedef void salsa20_func(struct salsa20_ctx *ctx,
+ unsigned length, uint8_t *dst,
+ const uint8_t *src);
+static void
+_test_salsa20(salsa20_func *crypt,
+ const struct tstring *key,
+ const struct tstring *iv,
+ const struct tstring *cleartext,
+ const struct tstring *ciphertext)
+{
+ struct salsa20_ctx ctx;
+ uint8_t *data;
+ unsigned length;
+
+ ASSERT (cleartext->length == ciphertext->length);
+ length = cleartext->length;
+
+ ASSERT (iv->length == SALSA20_IV_SIZE);
+
+ data = xalloc(length + 1);
+
+ salsa20_set_key(&ctx, key->length, key->data);
+ salsa20_set_iv(&ctx, iv->data);
+ data[length] = 17;
+ crypt(&ctx, length, data, cleartext->data);
+ if (data[length] != 17)
+ {
+ fprintf(stderr, "Encrypt of %u bytes wrote too much!\nInput:", length);
+ tstring_print_hex(cleartext);
+ fprintf(stderr, "\n");
+ FAIL();
+ }
+ if (!MEMEQ(length, data, ciphertext->data))
+ {
+ fprintf(stderr, "Encrypt failed:\nInput:");
+ tstring_print_hex(cleartext);
+ fprintf(stderr, "\nOutput: ");
+ print_hex(length, data);
+ fprintf(stderr, "\nExpected:");
+ tstring_print_hex(ciphertext);
+ fprintf(stderr, "\n");
+ FAIL();
+ }
+ salsa20_set_key(&ctx, key->length, key->data);
+ salsa20_set_iv(&ctx, iv->data);
+ crypt(&ctx, length, data, data);
+
+ if (!MEMEQ(length, data, cleartext->data))
+ {
+ fprintf(stderr, "Decrypt failed:\nInput:");
+ tstring_print_hex(ciphertext);
+ fprintf(stderr, "\nOutput: ");
+ print_hex(length, data);
+ fprintf(stderr, "\nExpected:");
+ tstring_print_hex(cleartext);
+ fprintf(stderr, "\n");
+ FAIL();
+ }
+
+ free(data);
+}
+
+#define test_salsa20(key, iv, cleartext, ciphertext) \
+ _test_salsa20 (salsa20_crypt, (key), (iv), (cleartext), (ciphertext))
+
+#define test_salsa20r12(key, iv, cleartext, ciphertext) \
+ _test_salsa20 (salsa20r12_crypt, (key), (iv), (cleartext), (ciphertext))
+
+
+void
+test_main(void)
+{
+ /* http://www.ecrypt.eu.org/stream/svn/viewcvs.cgi/ecrypt/trunk/submissions/salsa20/reduced/12-rounds/verified.test-vectors?logsort=rev&rev=210&view=markup */
+ test_salsa20r12(SHEX("80000000 00000000 00000000 00000000"),
+ SHEX("00000000 00000000"),
+ SHEX("00000000 00000000"),
+ SHEX("FC207DBF C76C5E17"));
+
+ test_salsa20r12(SHEX("00400000 00000000 00000000 00000000"),
+ SHEX("00000000 00000000"),
+ SHEX("00000000 00000000"),
+ SHEX("6C11A3F9 5FEC7F48"));
+
+ test_salsa20r12(SHEX("09090909090909090909090909090909"),
+ SHEX("0000000000000000"),
+ SHEX("00000000 00000000"),
+ SHEX("78E11FC3 33DEDE88"));
+
+ test_salsa20r12(SHEX("1B1B1B1B1B1B1B1B1B1B1B1B1B1B1B1B"),
+ SHEX("00000000 00000000"),
+ SHEX("00000000 00000000"),
+ SHEX("A6747461 1DF551FF"));
+
+ test_salsa20r12(SHEX("80000000000000000000000000000000"
+ "00000000000000000000000000000000"),
+ SHEX("00000000 00000000"),
+ SHEX("00000000 00000000"),
+ SHEX("AFE411ED 1C4E07E4"));
+
+ test_salsa20r12(SHEX("0053A6F94C9FF24598EB3E91E4378ADD"
+ "3083D6297CCF2275C81B6EC11467BA0D"),
+ SHEX("0D74DB42A91077DE"),
+ SHEX("00000000 00000000"),
+ SHEX("52E20CF8 775AE882"));
+
+ /* http://www.ecrypt.eu.org/stream/svn/viewcvs.cgi/ecrypt/trunk/submissions/salsa20/full/verified.test-vectors?logsort=rev&rev=210&view=markup */
+
+ test_salsa20(SHEX("80000000 00000000 00000000 00000000"),
+ SHEX("00000000 00000000"),
+ SHEX("00000000 00000000"),
+ SHEX("4DFA5E48 1DA23EA0"));
+
+ test_salsa20(SHEX("00000000 00000000 00000000 00000000"),
+ SHEX("80000000 00000000"),
+ SHEX("00000000 00000000"),
+ SHEX("B66C1E44 46DD9557"));
+
+ test_salsa20(SHEX("0053A6F94C9FF24598EB3E91E4378ADD"),
+ SHEX("0D74DB42A91077DE"),
+ SHEX("00000000 00000000"),
+ SHEX("05E1E7BE B697D999"));
+
+ test_salsa20(SHEX("80000000 00000000 00000000 00000000"
+ "00000000 00000000 00000000 00000000"),
+ SHEX("00000000 00000000"),
+ SHEX("00000000 00000000"),
+ SHEX("E3BE8FDD 8BECA2E3"));
+
+ test_salsa20(SHEX("00000000 00000000 00000000 00000000"
+ "00000000 00000000 00000000 00000000"),
+ SHEX("80000000 00000000"),
+ SHEX("00000000 00000000"),
+ SHEX("2ABA3DC45B494700"));
+
+ test_salsa20(SHEX("0053A6F94C9FF24598EB3E91E4378ADD"
+ "3083D6297CCF2275C81B6EC11467BA0D"),
+ SHEX("0D74DB42A91077DE"),
+ SHEX("00000000 00000000"),
+ SHEX("F5FAD53F 79F9DF58"));
+
+ test_salsa20_stream(SHEX("80000000000000000000000000000000"),
+ SHEX("00000000 00000000"),
+ SHEX("4DFA5E481DA23EA09A31022050859936"
+ "DA52FCEE218005164F267CB65F5CFD7F"
+ "2B4F97E0FF16924A52DF269515110A07"
+ "F9E460BC65EF95DA58F740B7D1DBB0AA"
+ "DA9C1581F429E0A00F7D67E23B730676"
+ "783B262E8EB43A25F55FB90B3E753AEF"
+ "8C6713EC66C51881111593CCB3E8CB8F"
+ "8DE124080501EEEB389C4BCB6977CF95"
+ "7D5789631EB4554400E1E025935DFA7B"
+ "3E9039D61BDC58A8697D36815BF1985C"
+ "EFDF7AE112E5BB81E37ECF0616CE7147"
+ "FC08A93A367E08631F23C03B00A8DA2F"
+ "B375703739DACED4DD4059FD71C3C47F"
+ "C2F9939670FAD4A46066ADCC6A564578"
+ "3308B90FFB72BE04A6B147CBE38CC0C3"
+ "B9267C296A92A7C69873F9F263BE9703"),
+ SHEX("F7A274D268316790A67EC058F45C0F2A"
+ "067A99FCDE6236C0CEF8E056349FE54C"
+ "5F13AC74D2539570FD34FEAB06C57205"
+ "3949B59585742181A5A760223AFA22D4"));
+
+ test_salsa20_stream(SHEX("48494A4B4C4D4E4F5051525354555657"
+ "58595A5B5C5D5E5F6061626364656667"),
+ SHEX("0000000000000000"),
+ SHEX("53AD3698A011F779AD71030F3EFBEBA0"
+ "A7EE3C55789681B1591EF33A7BE521ED"
+ "68FC36E58F53FFD6E1369B00E390E973"
+ "F656ACB097E0D603BE59A0B8F7975B98"
+ "A04698274C6AC6EC03F66ED3F94C08B7"
+ "9FFDBF2A1610E6F5814905E73AD6D0D2"
+ "8164EEB8450D8ED0BB4B644761B43512"
+ "52DD5DDF00C31E3DABA0BC17691CCFDC"
+ "B826C7F071E796D34E3BFFB3C96E76A1"
+ "209388392806947C7F19B86D379FA3AE"
+ "DFCD19EBF49803DACC6E577E5B97B0F6"
+ "D2036B6624D8196C96FCF02C865D30C1"
+ "B505D41E2C207FA1C0A0E93413DDCFFC"
+ "9BECA8030AFFAC2466E56482DA0EF428"
+ "E63880B5021D3051F18679505A2B9D4F"
+ "9B2C5A2D271D276DE3F51DBEBA934436"),
+ SHEX("7849651A820B1CDFE36D5D6632716534"
+ "E0635EDEFD538122D80870B60FB055DB"
+ "637C7CA2B78B116F83AFF46E40F8F71D"
+ "4CD6D2E1B750D5E011D1DF2E80F7210A"));
+}
+
+/* Intermediate values for the first salsa20 test case.
+ 0: 61707865 80 0 0
+ 0 3120646e 0 0
+ 0 0 79622d36 80
+ 0 0 0 6b206574
+ 1: 50e6ebaf 3093463d f190e454 9032fa35
+ b83c32b0 7fdf3d47 eff21454 a6bf53f6
+ 59562a33 90327718 9bc1ab3d 49c5665e
+ 4b9c6232 a5b70d82 b1169b3c 8273a766
+ 2: 877140ed bc61b44d 60af1c4e 8a219997
+ dfa36b55 9dc00f65 e245efc8 ece54d32
+ 72a63aac c0dc93d7 a1cd6536 b3d44ccb
+ 8ebd332b c4022fa0 5d4ff16b 65f222e
+ 3: 26693f1 c7ef1593 549a3a3 9396e54a
+ c899675e 1f815f3 47c648d ebbc01
+ 67f6ac0c d03d4afa 810d422e e7fd3e5b
+ 8cd07539 3eb6917b 54e58e29 ef2c818d
+ 4: 1dff67e3 39538859 717137d4 b935012
+ f279ff60 26098b57 4cc2cc68 752f0a9c
+ f62fef8b a3028de7 74c726e7 42bbaa73
+ 85d7ae1b 36e9c191 791019b1 82263e6a
+ 5: 5058d8b0 d3e44dcf 10bb47b1 7b673ef0
+ 19f30031 111e4716 ec0295bc 6fd5bf67
+ 12ffc7e4 d8b55c8 170d410 dd715714
+ dcd50b85 1f2bfff6 bde9be51 dbcb0b76
+ 6: bc9cffbc 33ef9daa 8057f2b9 896b4878
+ 705ae8b d14227c3 64a13629 112fc18c
+ bfe180ad eaf359a0 68467f43 a365bb13
+ 6b1e849 e6cc8032 70e6c3fe cb0a55bb
+ 7: 8d90ced2 54d545b4 85be446e b1632f4f
+ a071ac6a 90e0a919 33e1e736 ca25d574
+ a2b9cc17 7211ef22 c6d499c3 83fdd462
+ 69a1c02c 4ee14ab4 33c7598 6c536d35
+ 8: 27885144 2d2a552b f3f9bf1b 33ebeb6b
+ 104b8b7a a96110e 9acb26ae 9dba5b23
+ be384f78 4cdf3afc ef04b59d f0b9a6fe
+ ae50a69b 6c6ea81 f11fe33a 5abcb2ae
+ 9: 3b2388b1 a820e0d9 1f008910 88c73d4e
+ fc306490 8188ba2d d0cae010 9a65a2e4
+ cf53e73f acec2667 4b870ab0 6cbfe29b
+ 27295feb 2a801ee 16f1c6fe 4f40ae38
+10: 6d52785f 5d421f38 d44f5a20 a7ec3b7c
+ c6a5c6cb f2a38eca c45beae 69415ff
+ 93bbc87e cad09b7b c4627081 55276967
+ 3e13c4d8 aa4e20f4 2a485bf2 bcdbfc61
+11: 5136a836 dd9db9bc 50366ca5 a65edf75
+ 75bb5d1e 6bd4e822 cb52477c 7323b939
+ 881133b8 38079a5c 14e61ea3 632aa57
+ ac091b61 fc1c6ca1 7e5fcc1a 329a1938
+12: 5e0ca897 175e6c47 7a1e9674 609ad5a
+ ac25229b 49de7bae 370e70c f8bde5e7
+ 21f81ab3 e6130800 9e2a3e8f 70eed5f1
+ d0fbb239 d78a8ea6 b644390a 2c582e03
+13: 99fc90d3 f3e42871 78784440 a5885714
+ 28084a8c 27900f47 e453b985 39b7ca44
+ 81e5dbf 7860f2b0 693f4da0 74c5ce19
+ 5f2d43d a9563322 7bd6f4da 4d2e97f5
+14: 25571a99 3197dbee 50a1c7d7 91f0e753
+ 2528837d 56153f81 287f5022 270918e4
+ 42764fa3 fea16e5b 9ec649fe a4e5e669
+ 8734b3d9 6fc1ae8a b79a8a04 af160a85
+15: 34b906a6 3f56196a 6b690cbf 6c08907a
+ 60cfba2b 819592a7 3c9b803a 1a3ce6d2
+ fdfc6af 282cd998 ad20e9ec a0c76a1
+ 772ffdcc ebf39c76 15579a67 dada9ba0
+16: 3d87b380 5f9d893a c676cd97 e6d2b4b8
+ 7d6ca34a 1dc97a79 e3de94b bccb03cd
+ 12e2a81b 23b00e62 74d433a6 acedb4cb
+ 6e34fe34 f4c034e4 b3349639 f6ac0473
+17: e014e81d 916efb68 d833f0c9 2a0e2be9
+ a334791f 71573537 d5c5cb06 c8abbb8c
+ 6abb97da 9031d7dc 9bea8440 90030a9c
+ 6c2bdf8a 2649fbf 3a3aeef8 ee0d66c8
+18: e9fb1dd3 80e4f86d 2bf2e408 d1809e73
+ 20872c8d d93bc116 9012e00c 1c813d8e
+ 45aa03ae 7136cba6 a6b85fc3 9e2d048a
+ 48013f9e 1f2853d3 854c21d b9cdfb3c
+19: 3d47db86 8392cea8 2cf87621 2cff7d58
+ dea99415 5800a055 e3661354 86701443
+ cc9d23f 616a0a0b 836c1eb9 6c1e72e7
+ 24cba2f0 54be11a6 6dcb2586 a5663106
+20: e6ee81e8 a03ea19d 2002319a 36998550
+ eefc52da e4e51bb3 b67c264f 7ffd5c5f
+ e0974f2b 4a9216ff 1bc4b21c 70a1095
+ bc60e4f9 da95ef65 b740f758 3f90765d
+*/
#include "testutils.h"
#include "serpent.h"
-int
+static const struct tstring *
+tstring_hex_reverse (const char *hex)
+{
+ struct tstring *s = tstring_hex (hex);
+ uint8_t *p;
+ unsigned length, i;
+
+ length = s->length;
+ p = s->data;
+
+ for (i = 0; i < (length+1)/2; i++)
+ {
+ uint8_t t = p[i];
+ p[i] = p[length - 1 - i];
+ p[length - 1 - i] = t;
+ }
+ return s;
+}
+
+#define RHEX(x) tstring_hex_reverse(x)
+
+void
test_main(void)
{
+ /* From libgcrypt */
+ test_cipher(&nettle_serpent128,
+ SHEX("0000000000000000 0000000000000000"),
+ SHEX("D29D576FCEA3A3A7 ED9099F29273D78E"),
+ SHEX("B2288B968AE8B086 48D1CE9606FD992D"));
+ test_cipher(&nettle_serpent192,
+ SHEX("0000000000000000 0000000000000000 0000000000000000"),
+ SHEX("D29D576FCEABA3A7 ED9899F2927BD78E"),
+ SHEX("130E353E1037C224 05E8FAEFB2C3C3E9"));
+ test_cipher(&nettle_serpent256,
+ SHEX("0000000000000000 0000000000000000"
+ "0000000000000000 0000000000000000"),
+ SHEX("D095576FCEA3E3A7 ED98D9F29073D78E"),
+ SHEX("B90EE5862DE69168 F2BDD5125B45472B"));
+ test_cipher(&nettle_serpent256,
+ SHEX("0000000000000000 0000000000000000"
+ "0000000000000000 0000000000000000"),
+ SHEX("0000000001000000 0200000003000000"),
+ SHEX("2061A42782BD52EC 691EC383B03BA77C"));
+
/* The first test for each key size from the ecb_vk.txt and ecb_vt.txt
* files in the serpent package. */
+ /* NOTE: These vectors uses strange byte-reversed order of inputs
+ and outputs. */
/* 128 bit key */
/* vk, 1 */
test_cipher(&nettle_serpent128,
- HL("8000000000000000 0000000000000000"),
- HL("0000000000000000 0000000000000000"),
- H("49AFBFAD9D5A3405 2CD8FFA5986BD2DD"));
+ RHEX("8000000000000000 0000000000000000"),
+ RHEX("0000000000000000 0000000000000000"),
+ RHEX("49AFBFAD9D5A3405 2CD8FFA5986BD2DD"));
/* vt, 1 */
test_cipher(&nettle_serpent128,
- HL("0000000000000000 0000000000000000"),
- HL("8000000000000000 0000000000000000"),
- H("10B5FFB720B8CB90 02A1142B0BA2E94A"));
+ RHEX("0000000000000000 0000000000000000"),
+ RHEX("8000000000000000 0000000000000000"),
+ RHEX("10B5FFB720B8CB90 02A1142B0BA2E94A"));
/* 192 bit key */
/* vk, 1 */
test_cipher(&nettle_serpent192,
- HL("8000000000000000 0000000000000000"
- "0000000000000000"),
- HL("0000000000000000 0000000000000000"),
- H("E78E5402C7195568 AC3678F7A3F60C66"));
+ RHEX("8000000000000000 0000000000000000"
+ "0000000000000000"),
+ RHEX("0000000000000000 0000000000000000"),
+ RHEX("E78E5402C7195568 AC3678F7A3F60C66"));
/* vt, 1 */
test_cipher(&nettle_serpent192,
- HL("0000000000000000 0000000000000000"
- "0000000000000000"),
- HL("8000000000000000 0000000000000000"),
- H("B10B271BA25257E1 294F2B51F076D0D9"));
+ RHEX("0000000000000000 0000000000000000"
+ "0000000000000000"),
+ RHEX("8000000000000000 0000000000000000"),
+ RHEX("B10B271BA25257E1 294F2B51F076D0D9"));
/* 256 bit key */
/* vk, 1 */
test_cipher(&nettle_serpent256,
- HL("8000000000000000 0000000000000000"
- "0000000000000000 0000000000000000"),
- HL("0000000000000000 0000000000000000"),
- H("ABED96E766BF28CB C0EBD21A82EF0819"));
+ RHEX("8000000000000000 0000000000000000"
+ "0000000000000000 0000000000000000"),
+ RHEX("0000000000000000 0000000000000000"),
+ RHEX("ABED96E766BF28CB C0EBD21A82EF0819"));
/* vt, 1 */
test_cipher(&nettle_serpent256,
- HL("0000000000000000 0000000000000000"
- "0000000000000000 0000000000000000"),
- HL("8000000000000000 0000000000000000"),
- H("DA5A7992B1B4AE6F 8C004BC8A7DE5520"));
+ RHEX("0000000000000000 0000000000000000"
+ "0000000000000000 0000000000000000"),
+ RHEX("8000000000000000 0000000000000000"),
+ RHEX("DA5A7992B1B4AE6F 8C004BC8A7DE5520"));
+
+ /* Test vectors from
+ http://www.cs.technion.ac.il/~biham/Reports/Serpent/ */
+
+ /* serpent128 */
+ /* Set 4, vector# 0 */
+ test_cipher(&nettle_serpent128,
+ SHEX("000102030405060708090A0B0C0D0E0F"),
+ SHEX("00112233445566778899AABBCCDDEEFF"),
+ SHEX("563E2CF8740A27C164804560391E9B27"));
+
+ /* Set 4, vector# 1 */
+ test_cipher(&nettle_serpent128,
+ SHEX("2BD6459F82C5B300952C49104881FF48"),
+ SHEX("EA024714AD5C4D84EA024714AD5C4D84"),
+ SHEX("92D7F8EF2C36C53409F275902F06539F"));
+
+ /* serpent192 */
+ /* Set 4, vector# 0 */
+ test_cipher(&nettle_serpent192,
+ SHEX("000102030405060708090A0B0C0D0E0F1011121314151617"),
+ SHEX("00112233445566778899AABBCCDDEEFF"),
+ SHEX("6AB816C82DE53B93005008AFA2246A02"));
+
+ /* Set 4, vector# 1 */
+ test_cipher(&nettle_serpent192,
+ SHEX("2BD6459F82C5B300952C49104881FF482BD6459F82C5B300"),
+ SHEX("EA024714AD5C4D84EA024714AD5C4D84"),
+ SHEX("827B18C2678A239DFC5512842000E204"));
+
+ /* serpent256 */
+ /* Set 4, vector# 0 */
+ test_cipher(&nettle_serpent256,
+ SHEX("000102030405060708090A0B0C0D0E0F"
+ "101112131415161718191A1B1C1D1E1F"),
+ SHEX("00112233445566778899AABBCCDDEEFF"),
+ SHEX("2868B7A2D28ECD5E4FDEFAC3C4330074"));
+
+ /* Set 4, vector# 1 */
+ test_cipher(&nettle_serpent256,
+ SHEX("2BD6459F82C5B300952C49104881FF48"
+ "2BD6459F82C5B300952C49104881FF48"),
+ SHEX("EA024714AD5C4D84EA024714AD5C4D84"),
+ SHEX("3E507730776B93FDEA661235E1DD99F0"));
+
+ /* Test key padding. We use nettle_serpent256, which actually works
+ also with key sizes smaller than 32 bytes. */
+ test_cipher(&nettle_serpent256,
+ SHEX("00112233440100000000000000000000"
+ "00000000000000000000000000000000"),
+ SHEX("0000000001000000 0200000003000000"),
+ SHEX("C1415AC653FD7C7F D917482EE8EBFE25"));
- SUCCESS();
+ /* Currrently, key sizes smaller than SERPENT_MIN_KEY_SIZE bytes
+ (128 bits) are not supported. */
+ test_cipher(&nettle_serpent256,
+ SHEX("0011223344"),
+ SHEX("0000000001000000 0200000003000000"),
+ SHEX("C1415AC653FD7C7F D917482EE8EBFE25"));
+
+ test_cipher(&nettle_serpent256,
+ SHEX("00112233445566778899aabbccddeeff"
+ "00010000000000000000000000000000"),
+ SHEX("0000000001000000 0200000003000000"),
+ SHEX("8EB9C958EAFFDF42 009755D7B6458838"));
+
+ test_cipher(&nettle_serpent256,
+ SHEX("00112233445566778899aabbccddeeff"
+ "00"),
+ SHEX("0000000001000000 0200000003000000"),
+ SHEX("8EB9C958EAFFDF42 009755D7B6458838"));
+
+ test_cipher(&nettle_serpent256,
+ SHEX("00112233445566778899aabbccddeeff"
+ "00112201000000000000000000000000"),
+ SHEX("0000000001000000 0200000003000000"),
+ SHEX("C8A078D8212AC96D 9060E30EC5CBB5C7"));
+
+ test_cipher(&nettle_serpent256,
+ SHEX("00112233445566778899aabbccddeeff"
+ "001122"),
+ SHEX("0000000001000000 0200000003000000"),
+ SHEX("C8A078D8212AC96D 9060E30EC5CBB5C7"));
+
+ /* Test with multiple blocks. */
+ test_cipher(&nettle_serpent128,
+ SHEX("e87450aa0fd87293fd0371483a459bd2"),
+ SHEX("a78a7a8d392f629d bd13674c8dce6fa2"),
+ SHEX("b3d488986c80dea7 c5ebdab4907871c9"));
+
+ test_cipher(&nettle_serpent128,
+ SHEX("e87450aa0fd87293fd0371483a459bd2"),
+ SHEX("a78a7a8d392f629d bd13674c8dce6fa2"
+ "930c74dec02a11d8 c80d90b5e5c887a7"),
+ SHEX("b3d488986c80dea7 c5ebdab4907871c9"
+ "a4b92b13b79afb37 5518b01bfd706a37"));
+
+ test_cipher(&nettle_serpent128,
+ SHEX("e87450aa0fd87293fd0371483a459bd2"),
+ SHEX("a78a7a8d392f629d bd13674c8dce6fa2"
+ "930c74dec02a11d8 c80d90b5e5c887a7"
+ "83c92a921b5b2028 d9cb313a5f07ab09"),
+ SHEX("b3d488986c80dea7 c5ebdab4907871c9"
+ "a4b92b13b79afb37 5518b01bfd706a37"
+ "8e44c2d463df4531 165461699edbad03"));
+
+ test_cipher(&nettle_serpent128,
+ SHEX("91c8e949e12f0e38 7b2473238a3df1b6"),
+ SHEX("00000000 00000001 00000002 00000003"
+ "00000004 00000005 00000006 00000007"
+ "00000008 00000009 0000000a 0000000b"
+ "0000000c 0000000d 0000000e 0000000f"),
+ SHEX("2db9f0a39d4f31a4 b1a83cd1032fe1bd"
+ "3606caa84a220b1b f6f43ff80a831203"
+ "8c6c8d2793dc10b3 904d30e194f086a6"
+ "b2f3e932b9b3f8d1 d4d074f7bd1ff7a3"));
+
+ test_cipher(&nettle_serpent128,
+ SHEX("e87450aa0fd87293fd0371483a459bd2"),
+ SHEX("a78a7a8d392f629d bd13674c8dce6fa2"
+ "930c74dec02a11d8 c80d90b5e5c887a7"
+ "83c92a921b5b2028 d9cb313a5f07ab09"
+ "672eadf1624a2ed0 c42d1b08b076f75a"),
+ SHEX("b3d488986c80dea7 c5ebdab4907871c9"
+ "a4b92b13b79afb37 5518b01bfd706a37"
+ "8e44c2d463df4531 165461699edbad03"
+ "30ac8c52697102ae 3b725dba79ceb250"));
+
+ test_cipher(&nettle_serpent128,
+ SHEX("e87450aa0fd87293fd0371483a459bd2"),
+ SHEX("a78a7a8d392f629d bd13674c8dce6fa2"
+ "930c74dec02a11d8 c80d90b5e5c887a7"
+ "83c92a921b5b2028 d9cb313a5f07ab09"
+ "672eadf1624a2ed0 c42d1b08b076f75a"
+ "7378272aa57ad7c8 803e326689541266"),
+ SHEX("b3d488986c80dea7 c5ebdab4907871c9"
+ "a4b92b13b79afb37 5518b01bfd706a37"
+ "8e44c2d463df4531 165461699edbad03"
+ "30ac8c52697102ae 3b725dba79ceb250"
+ "d308b83478e86dbb 629f18736cca042f"));
+
+ test_cipher(&nettle_serpent128,
+ SHEX("e87450aa0fd87293fd0371483a459bd2"),
+ SHEX("a78a7a8d392f629d bd13674c8dce6fa2"
+ "930c74dec02a11d8 c80d90b5e5c887a7"
+ "83c92a921b5b2028 d9cb313a5f07ab09"
+ "672eadf1624a2ed0 c42d1b08b076f75a"
+ "7378272aa57ad7c8 803e326689541266"
+ "b7a2efda5721776f 4113d63a702ac3ae"),
+ SHEX("b3d488986c80dea7 c5ebdab4907871c9"
+ "a4b92b13b79afb37 5518b01bfd706a37"
+ "8e44c2d463df4531 165461699edbad03"
+ "30ac8c52697102ae 3b725dba79ceb250"
+ "d308b83478e86dbb 629f18736cca042f"
+ "006b89e494469adf 0ee78c60684dff86"));
+
+ test_cipher(&nettle_serpent128,
+ SHEX("e87450aa0fd87293fd0371483a459bd2"),
+ SHEX("a78a7a8d392f629d bd13674c8dce6fa2"
+ "930c74dec02a11d8 c80d90b5e5c887a7"
+ "83c92a921b5b2028 d9cb313a5f07ab09"
+ "672eadf1624a2ed0 c42d1b08b076f75a"
+ "7378272aa57ad7c8 803e326689541266"
+ "b7a2efda5721776f 4113d63a702ac3ae"
+ "cd1be7bbfad74819 644617f8656e9e5b"),
+ SHEX("b3d488986c80dea7 c5ebdab4907871c9"
+ "a4b92b13b79afb37 5518b01bfd706a37"
+ "8e44c2d463df4531 165461699edbad03"
+ "30ac8c52697102ae 3b725dba79ceb250"
+ "d308b83478e86dbb 629f18736cca042f"
+ "006b89e494469adf 0ee78c60684dff86"
+ "5f2c99908ee77ffe aea3d30cb78a1ce1"));
+
+ test_cipher(&nettle_serpent128,
+ SHEX("e87450aa0fd87293fd0371483a459bd2"),
+ SHEX("a78a7a8d392f629d bd13674c8dce6fa2"
+ "930c74dec02a11d8 c80d90b5e5c887a7"
+ "83c92a921b5b2028 d9cb313a5f07ab09"
+ "672eadf1624a2ed0 c42d1b08b076f75a"
+ "7378272aa57ad7c8 803e326689541266"
+ "b7a2efda5721776f 4113d63a702ac3ae"
+ "cd1be7bbfad74819 644617f8656e9e5b"
+ "34d449409c1f850a 4cb6700d6ef3405f"),
+ SHEX("b3d488986c80dea7 c5ebdab4907871c9"
+ "a4b92b13b79afb37 5518b01bfd706a37"
+ "8e44c2d463df4531 165461699edbad03"
+ "30ac8c52697102ae 3b725dba79ceb250"
+ "d308b83478e86dbb 629f18736cca042f"
+ "006b89e494469adf 0ee78c60684dff86"
+ "5f2c99908ee77ffe aea3d30cb78a1ce1"
+ "ebe855dd51532477 4d2d55969e032e6c"));
}
--- /dev/null
+#! /bin/sh
+
+set -e
+
+# Workaround, it seems difficult to convince wine to put ../lib into PATH.
+case "$EMULATOR" in
+ wine*)
+ for f in ../.lib/*.dll ; do
+ ln -sf "$f" .
+ done
+ ;;
+esac
test_advanced () {
print_raw "$1" test.in
- if ../tools/sexp-conv -s advanced <test.in >test1.out ; then
+ if $EMULATOR ../tools/sexp-conv -s advanced <test.in | tr -d '\r' >test1.out ; then
true
else
exit 1
test_advanced_hex () {
print_raw "$1" test.in
- if ../tools/sexp-conv -s hex <test.in >test1.out ; then
+ if $EMULATOR ../tools/sexp-conv -s hex <test.in | tr -d '\r' >test1.out ; then
true
else
exit 1
test_transport () {
print_raw "$1" test.in
- if ../tools/sexp-conv -s transport <test.in >test1.out ; then
+ if $EMULATOR ../tools/sexp-conv -s transport <test.in | tr -d '\r' >test1.out ; then
true
else
exit 1
test_canonical () {
print_raw "$1" test.in
- if ../tools/sexp-conv -s canonical <test.in >test1.out ; then
+ if $EMULATOR ../tools/sexp-conv -s canonical <test.in >test1.out ; then
true
else
exit 1
# include "bignum.h"
#endif
-int
+void
test_main(void)
{
struct nettle_buffer buffer;
ASSERT(buffer.size == strlen(e));
ASSERT(MEMEQ(buffer.size, buffer.contents, e));
+ nettle_buffer_clear(&buffer);
}
{
const uint8_t e[] = "{KDM6Zm9vKDM6YmFyMTc6eHh4eHh4eHh4eHh4eHh4eHgpKQ==}";
ASSERT(buffer.size == strlen(e));
ASSERT(MEMEQ(buffer.size, buffer.contents, e));
+ nettle_buffer_clear(&buffer);
}
{
const uint8_t e[] = "1:\0""1:a2:bc3:def4:ghij5:\x00\xDE\xAD\xBE\xEF";
ASSERT(buffer.size == LLENGTH(e));
ASSERT(MEMEQ(buffer.size, buffer.contents, e));
+ nettle_buffer_clear(&buffer);
}
{
ASSERT(buffer.size == strlen(e));
ASSERT(MEMEQ(buffer.size, buffer.contents, e));
+ nettle_buffer_clear(&buffer);
}
{
== strlen(e));
ASSERT(MEMEQ(buffer.size, buffer.contents, e));
+ nettle_buffer_clear(&buffer);
}
/* Try literals */
ASSERT(buffer.size == strlen(e));
ASSERT(MEMEQ(buffer.size, buffer.contents, e));
+ nettle_buffer_clear(&buffer);
}
{
const uint8_t e[] = "(3:foo(3:bar17:xxxxxxxxxxxxxxxxx))";
ASSERT(buffer.size == strlen(e));
ASSERT(MEMEQ(buffer.size, buffer.contents, e));
+ nettle_buffer_clear(&buffer);
}
/* Literal parenthesis */
ASSERT(buffer.size == strlen(e));
ASSERT(MEMEQ(buffer.size, buffer.contents, e));
+ nettle_buffer_clear(&buffer);
}
#if HAVE_LIBGMP
const uint8_t e[] =
"(3:foo(3:bar1:\xff""11:abcdefghijk13:\0\x81""abcdefghijk))";
- nettle_buffer_clear(&buffer);
-
mpz_init_set_si(x, -1);
nettle_mpz_init_set_str_256_u(y, 11, "abcdefghijk");
nettle_mpz_init_set_str_256_u(z, 12, "\x81""abcdefghijk");
nettle_buffer_clear(&buffer);
mpz_clear(x);
+ mpz_clear(y);
+ mpz_clear(z);
}
#endif /* HAVE_LIBGMP */
-
- SUCCESS();
}
#include "testutils.h"
#include "sexp.h"
-int
+void
test_main(void)
{
struct sexp_iterator i;
ASSERT(sexp_iterator_get_uint32(&i, &x) && x == 0x11);
ASSERT(sexp_iterator_get_uint32(&i, &x) && x == 0x80);
ASSERT(sexp_iterator_get_uint32(&i, &x) && x == 0xaabbccdd);
-
+
ASSERT(sexp_iterator_first(&i, LDATA("3:foo0:[3:bar]12:xxxxxxxxxxxx")));
ASSERT(i.type == SEXP_ATOM
&& !i.display_length && !i.display
&& sexp_iterator_next(&i) && i.type == SEXP_END);
/* Same data, transport encoded. */
-
- ASSERT(sexp_transport_iterator_first
- (&i, LDUP("{Mzpmb28=} {MDo=} {WzM6YmFyXTEyOnh4eHh4eHh4eHh4eA==}")));
+
+ {
+ struct tstring *s
+ = tstring_data(LDATA("{Mzpmb28=} {MDo=} {WzM6YmFyXTEyOnh4eHh4eHh4eHh4eA==}"));
+ ASSERT(sexp_transport_iterator_first (&i, s->length, s->data));
ASSERT(i.type == SEXP_ATOM
&& !i.display_length && !i.display
&& i.atom_length == 3 && MEMEQ(3, "foo", i.atom)
&& i.atom_length == 12 && MEMEQ(12, "xxxxxxxxxxxx", i.atom)
&& sexp_iterator_next(&i) && i.type == SEXP_END);
-
+
+ }
{
static const uint8_t *keys[2] = { "n", "e" };
struct sexp_iterator v[2];
ASSERT(sexp_iterator_enter_list(&i)
&& !sexp_iterator_assoc(&i, 2, keys, v));
}
-
- SUCCESS();
}
#include "testutils.h"
-int
+void
test_main(void)
{
struct rsa_public_key pub;
struct rsa_private_key priv;
-
+ const struct tstring *sexp;
+
rsa_public_key_init(&pub);
rsa_private_key_init(&priv);
+ sexp = SHEX("2831313a707269766174652d6b657928"
+ "333a72736128313a6e36333a085c3408"
+ "989acae4faec3cbbad91c90d34c1d259"
+ "cd74121a36f38b0b51424a9b2be514a0"
+ "4377113a6cdafe79dd7d5f2ecc8b5e96"
+ "61189b86a7b22239907c252928313a65"
+ "343a36ad4b1d2928313a6436333a06ee"
+ "6d4ff3c239e408150daf8117abfa36a4"
+ "0ad4455d9059a86d52f33a2de07418a0"
+ "a699594588c64810248c9412d554f74a"
+ "f947c73c32007e87c92f0937ed292831"
+ "3a7033323a03259879b24315e9cf1425"
+ "4824c7935d807cdb6990f414a0f65e60"
+ "65130a611f2928313a7133323a02a81b"
+ "a73bad45fc73b36deffce52d1b73e074"
+ "7f4d8a82648cecd310448ea63b292831"
+ "3a6133323a026cbdad5dd0046e093f06"
+ "0ecd5b4ac918e098b0278bb752b7cadd"
+ "6a8944f0b92928313a6233323a014875"
+ "1e622d6d58e3bb094afd6edacf737035"
+ "1d068e2ce9f565c5528c4a7473292831"
+ "3a6333323a00f8a458ea73a018dc6fa5"
+ "6863e3bc6de405f364f77dee6f096267"
+ "9ea1a8282e292929");
ASSERT(rsa_keypair_from_sexp
- (&pub, &priv, 0,
- HL("2831313a707269766174652d6b657928"
- "333a72736128313a6e36333a085c3408"
- "989acae4faec3cbbad91c90d34c1d259"
- "cd74121a36f38b0b51424a9b2be514a0"
- "4377113a6cdafe79dd7d5f2ecc8b5e96"
- "61189b86a7b22239907c252928313a65"
- "343a36ad4b1d2928313a6436333a06ee"
- "6d4ff3c239e408150daf8117abfa36a4"
- "0ad4455d9059a86d52f33a2de07418a0"
- "a699594588c64810248c9412d554f74a"
- "f947c73c32007e87c92f0937ed292831"
- "3a7033323a03259879b24315e9cf1425"
- "4824c7935d807cdb6990f414a0f65e60"
- "65130a611f2928313a7133323a02a81b"
- "a73bad45fc73b36deffce52d1b73e074"
- "7f4d8a82648cecd310448ea63b292831"
- "3a6133323a026cbdad5dd0046e093f06"
- "0ecd5b4ac918e098b0278bb752b7cadd"
- "6a8944f0b92928313a6233323a014875"
- "1e622d6d58e3bb094afd6edacf737035"
- "1d068e2ce9f565c5528c4a7473292831"
- "3a6333323a00f8a458ea73a018dc6fa5"
- "6863e3bc6de405f364f77dee6f096267"
- "9ea1a8282e292929")));
+ (&pub, &priv, 0, sexp->length, sexp->data));
test_rsa_key(&pub, &priv);
rsa_public_key_clear(&pub);
rsa_private_key_clear(&priv);
-
- SUCCESS();
}
#include "testutils.h"
-#include "sha.h"
-int
+void
test_main(void)
{
/* Hashes 10 000 000 x 30 000 bytes > 64 * 2^32. This overflows the
low word of the block counter. This test vector is not cross
checked with any other sha1 implementation. */
test_hash_large(&nettle_sha1, 10000000, 30000, 'a',
- H("0ba79364dc64648f 2074fb4bc5c28bcf"
- "b7a787b0"));
-
- SUCCESS();
+ SHEX("0ba79364dc64648f 2074fb4bc5c28bcf"
+ "b7a787b0"));
}
#include "testutils.h"
-#include "sha.h"
-int
+void
test_main(void)
{
- test_hash(&nettle_sha1, 0, "",
- H("DA39A3EE5E6B4B0D 3255BFEF95601890 AFD80709"));
+ test_hash(&nettle_sha1, SDATA(""),
+ SHEX("DA39A3EE5E6B4B0D 3255BFEF95601890 AFD80709"));
- test_hash(&nettle_sha1, 1, "a",
- H("86F7E437FAA5A7FC E15D1DDCB9EAEAEA 377667B8"));
+ test_hash(&nettle_sha1, SDATA("a"),
+ SHEX("86F7E437FAA5A7FC E15D1DDCB9EAEAEA 377667B8"));
- test_hash(&nettle_sha1, 3, "abc",
- H("A9993E364706816A BA3E25717850C26C 9CD0D89D"));
+ test_hash(&nettle_sha1, SDATA("abc"),
+ SHEX("A9993E364706816A BA3E25717850C26C 9CD0D89D"));
- test_hash(&nettle_sha1, 26, "abcdefghijklmnopqrstuvwxyz",
- H("32D10C7B8CF96570 CA04CE37F2A19D84 240D3A89"));
+ test_hash(&nettle_sha1, SDATA("abcdefghijklmnopqrstuvwxyz"),
+ SHEX("32D10C7B8CF96570 CA04CE37F2A19D84 240D3A89"));
- test_hash(&nettle_sha1, 14, "message digest",
- H("C12252CEDA8BE899 4D5FA0290A47231C 1D16AAE3"));
+ test_hash(&nettle_sha1, SDATA("message digest"),
+ SHEX("C12252CEDA8BE899 4D5FA0290A47231C 1D16AAE3"));
- test_hash(&nettle_sha1, 62,
- "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
- "abcdefghijklmnopqrstuvwxyz0123456789",
- H("761C457BF73B14D2 7E9E9265C46F4B4D DA11F940"));
+ test_hash(&nettle_sha1,
+ SDATA("ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "abcdefghijklmnopqrstuvwxyz0123456789"),
+ SHEX("761C457BF73B14D2 7E9E9265C46F4B4D DA11F940"));
- test_hash(&nettle_sha1, 80,
- "1234567890123456789012345678901234567890"
- "1234567890123456789012345678901234567890",
- H("50ABF5706A150990 A08B2C5EA40FA0E5 85554732"));
+ test_hash(&nettle_sha1,
+ SDATA("1234567890123456789012345678901234567890"
+ "1234567890123456789012345678901234567890"),
+ SHEX("50ABF5706A150990 A08B2C5EA40FA0E5 85554732"));
/* Additional test vector, from Daniel Kahn Gillmor */
- test_hash(&nettle_sha1, LDATA("38"),
- H("5b384ce32d8cdef02bc3a139d4cac0a22bb029e8"));
-
- SUCCESS();
+ test_hash(&nettle_sha1, SDATA("38"),
+ SHEX("5b384ce32d8cdef02bc3a139d4cac0a22bb029e8"));
}
/* These are intermediate values for the single sha1_compress call
#include "testutils.h"
-#include "sha.h"
-int
+void
test_main(void)
{
/* From FIPS180-2 addendum
(http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf) */
- test_hash(&nettle_sha224, 3, "abc",
- H("23097d22 3405d822 8642a477 bda255b3"
- "2aadbce4 bda0b3f7 e36c9da7"));
+ test_hash(&nettle_sha224, SDATA("abc"),
+ SHEX("23097d22 3405d822 8642a477 bda255b3"
+ "2aadbce4 bda0b3f7 e36c9da7"));
- test_hash(&nettle_sha224, 56,
- "abcdbcdecdefdefgefghfghighij"
- "hijkijkljklmklmnlmnomnopnopq",
- H("75388b16 512776cc 5dba5da1 fd890150"
- "b0c6455c b4f58b19 52522525"));
+ test_hash(&nettle_sha224,
+ SDATA("abcdbcdecdefdefgefghfghighij"
+ "hijkijkljklmklmnlmnomnopnopq"),
+ SHEX("75388b16 512776cc 5dba5da1 fd890150"
+ "b0c6455c b4f58b19 52522525"));
/* Additional test vectors, from Daniel Kahn Gillmor */
- test_hash(&nettle_sha224, LDATA(""),
- H("d14a028c2a3a2bc9 476102bb288234c4"
- "15a2b01f828ea62a c5b3e42f"));
- test_hash(&nettle_sha224, LDATA("a"),
- H("abd37534c7d9a2ef b9465de931cd7055"
- "ffdb8879563ae980 78d6d6d5"));
- test_hash(&nettle_sha224, LDATA("38"),
- H("4cfca6da32da6471 98225460722b7ea1"
- "284f98c4b179e8db ae3f93d5"));
- test_hash(&nettle_sha224, LDATA("message digest"),
- H("2cb21c83ae2f004d e7e81c3c7019cbcb"
- "65b71ab656b22d6d 0c39b8eb"));
- test_hash(&nettle_sha224, LDATA("abcdefghijklmnopqrstuvwxyz"),
- H("45a5f72c39c5cff2 522eb3429799e49e"
- "5f44b356ef926bcf 390dccc2"));
+ test_hash(&nettle_sha224, SDATA(""),
+ SHEX("d14a028c2a3a2bc9 476102bb288234c4"
+ "15a2b01f828ea62a c5b3e42f"));
+ test_hash(&nettle_sha224, SDATA("a"),
+ SHEX("abd37534c7d9a2ef b9465de931cd7055"
+ "ffdb8879563ae980 78d6d6d5"));
+ test_hash(&nettle_sha224, SDATA("38"),
+ SHEX("4cfca6da32da6471 98225460722b7ea1"
+ "284f98c4b179e8db ae3f93d5"));
+ test_hash(&nettle_sha224, SDATA("message digest"),
+ SHEX("2cb21c83ae2f004d e7e81c3c7019cbcb"
+ "65b71ab656b22d6d 0c39b8eb"));
+ test_hash(&nettle_sha224, SDATA("abcdefghijklmnopqrstuvwxyz"),
+ SHEX("45a5f72c39c5cff2 522eb3429799e49e"
+ "5f44b356ef926bcf 390dccc2"));
test_hash(&nettle_sha224,
- LDATA("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdef"
+ SDATA("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdef"
"ghijklmnopqrstuvwxyz0123456789"),
- H("bff72b4fcb7d75e5 632900ac5f90d219"
- "e05e97a7bde72e74 0db393d9"));
+ SHEX("bff72b4fcb7d75e5 632900ac5f90d219"
+ "e05e97a7bde72e74 0db393d9"));
test_hash(&nettle_sha224,
- LDATA("12345678901234567890123456789012"
+ SDATA("12345678901234567890123456789012"
"34567890123456789012345678901234"
"5678901234567890"),
- H("b50aecbe4e9bb0b5 7bc5f3ae760a8e01"
- "db24f203fb3cdcd1 3148046e"));
-
- SUCCESS();
+ SHEX("b50aecbe4e9bb0b5 7bc5f3ae760a8e01"
+ "db24f203fb3cdcd1 3148046e"));
}
#include "testutils.h"
-#include "sha.h"
-int
+void
test_main(void)
{
/* From FIPS180-2 */
- test_hash(&nettle_sha256, 3, "abc",
- H("ba7816bf8f01cfea 414140de5dae2223"
- "b00361a396177a9c b410ff61f20015ad"));
+ test_hash(&nettle_sha256, SDATA("abc"),
+ SHEX("ba7816bf8f01cfea 414140de5dae2223"
+ "b00361a396177a9c b410ff61f20015ad"));
- test_hash(&nettle_sha256, 56,
- "abcdbcdecdefdefgefghfghighij"
- "hijkijkljklmklmnlmnomnopnopq",
- H("248d6a61d20638b8 e5c026930c3e6039"
- "a33ce45964ff2167 f6ecedd419db06c1"));
+ test_hash(&nettle_sha256,
+ SDATA("abcdbcdecdefdefgefghfghighij"
+ "hijkijkljklmklmnlmnomnopnopq"),
+ SHEX("248d6a61d20638b8 e5c026930c3e6039"
+ "a33ce45964ff2167 f6ecedd419db06c1"));
- test_hash(&nettle_sha256, 112,
- "abcdefghbcdefghicdefghijdefg"
- "hijkefghijklfghijklmghijklmn"
- "hijklmnoijklmnopjklmnopqklmn"
- "opqrlmnopqrsmnopqrstnopqrstu",
- H("cf5b16a778af8380 036ce59e7b049237"
- "0b249b11e8f07a51 afac45037afee9d1"));
+ test_hash(&nettle_sha256,
+ SDATA("abcdefghbcdefghicdefghijdefg"
+ "hijkefghijklfghijklmghijklmn"
+ "hijklmnoijklmnopjklmnopqklmn"
+ "opqrlmnopqrsmnopqrstnopqrstu"),
+ SHEX("cf5b16a778af8380 036ce59e7b049237"
+ "0b249b11e8f07a51 afac45037afee9d1"));
/* Additional test vectors, from Daniel Kahn Gillmor */
- test_hash(&nettle_sha256, LDATA(""),
- H("e3b0c44298fc1c14 9afbf4c8996fb924"
- "27ae41e4649b934c a495991b7852b855"));
- test_hash(&nettle_sha256, LDATA("a"),
- H("ca978112ca1bbdca fac231b39a23dc4d"
- "a786eff8147c4e72 b9807785afee48bb"));
- test_hash(&nettle_sha256, LDATA("38"),
- H("aea92132c4cbeb26 3e6ac2bf6c183b5d"
- "81737f179f21efdc 5863739672f0f470"));
- test_hash(&nettle_sha256, LDATA("message digest"),
- H("f7846f55cf23e14e ebeab5b4e1550cad"
- "5b509e3348fbc4ef a3a1413d393cb650"));
- test_hash(&nettle_sha256, LDATA("abcdefghijklmnopqrstuvwxyz"),
- H("71c480df93d6ae2f 1efad1447c66c952"
- "5e316218cf51fc8d 9ed832f2daf18b73"));
+ test_hash(&nettle_sha256, SDATA(""),
+ SHEX("e3b0c44298fc1c14 9afbf4c8996fb924"
+ "27ae41e4649b934c a495991b7852b855"));
+ test_hash(&nettle_sha256, SDATA("a"),
+ SHEX("ca978112ca1bbdca fac231b39a23dc4d"
+ "a786eff8147c4e72 b9807785afee48bb"));
+ test_hash(&nettle_sha256, SDATA("38"),
+ SHEX("aea92132c4cbeb26 3e6ac2bf6c183b5d"
+ "81737f179f21efdc 5863739672f0f470"));
+ test_hash(&nettle_sha256, SDATA("message digest"),
+ SHEX("f7846f55cf23e14e ebeab5b4e1550cad"
+ "5b509e3348fbc4ef a3a1413d393cb650"));
+ test_hash(&nettle_sha256, SDATA("abcdefghijklmnopqrstuvwxyz"),
+ SHEX("71c480df93d6ae2f 1efad1447c66c952"
+ "5e316218cf51fc8d 9ed832f2daf18b73"));
test_hash(&nettle_sha256,
- LDATA("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdef"
+ SDATA("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdef"
"ghijklmnopqrstuvwxyz0123456789"),
- H("db4bfcbd4da0cd85 a60c3c37d3fbd880"
- "5c77f15fc6b1fdfe 614ee0a7c8fdb4c0"));
+ SHEX("db4bfcbd4da0cd85 a60c3c37d3fbd880"
+ "5c77f15fc6b1fdfe 614ee0a7c8fdb4c0"));
test_hash(&nettle_sha256,
- LDATA("12345678901234567890123456789012"
+ SDATA("12345678901234567890123456789012"
"34567890123456789012345678901234"
"5678901234567890"),
- H("f371bc4a311f2b00 9eef952dd83ca80e"
- "2b60026c8e935592 d0f9c308453c813e"));
-
- SUCCESS();
+ SHEX("f371bc4a311f2b00 9eef952dd83ca80e"
+ "2b60026c8e935592 d0f9c308453c813e"));
}
+
+/* These are intermediate values for the single sha1_compress call
+ that results from the first testcase, SHA256("abc"). Each row are
+ the values for A, B, C, D, E, F, G, H after the i:th round. The row
+ i = -1 gives the initial values, and i = 99 gives the output
+ values.
+
+-1: 6a09e667 bb67ae85 3c6ef372 a54ff53a 510e527f 9b05688c 1f83d9ab 5be0cd19
+ 0: 6a09e667 bb67ae85 3c6ef372 fa2a4622 510e527f 9b05688c 1f83d9ab 5d6aebcd
+ 1: 6a09e667 bb67ae85 78ce7989 fa2a4622 510e527f 9b05688c 5a6ad9ad 5d6aebcd
+ 6: 24e00850 e5030380 2b4209f5 4409a6a d550f666 9b27a401 714260ad 43ada245
+ 7: 85a07b5f e5030380 2b4209f5 4409a6a c657a79 9b27a401 714260ad 43ada245
+ 8: 85a07b5f e5030380 2b4209f5 32ca2d8c c657a79 9b27a401 714260ad 8e04ecb9
+ 9: 85a07b5f e5030380 1cc92596 32ca2d8c c657a79 9b27a401 8c87346b 8e04ecb9
+14: 816fd6e9 c0645fde d932eb16 87912990 f71fc5a9 b92f20c 745a48de 1e578218
+15: b0fa238e c0645fde d932eb16 87912990 7590dcd b92f20c 745a48de 1e578218
+16: b0fa238e c0645fde d932eb16 8034229c 7590dcd b92f20c 745a48de 21da9a9b
+17: b0fa238e c0645fde 846ee454 8034229c 7590dcd b92f20c c2fbd9d1 21da9a9b
+18: b0fa238e cc899961 846ee454 8034229c 7590dcd fe777bbf c2fbd9d1 21da9a9b
+19: b0638179 cc899961 846ee454 8034229c e1f20c33 fe777bbf c2fbd9d1 21da9a9b
+20: b0638179 cc899961 846ee454 9dc68b63 e1f20c33 fe777bbf c2fbd9d1 8ada8930
+21: b0638179 cc899961 c2606d6d 9dc68b63 e1f20c33 fe777bbf e1257970 8ada8930
+22: b0638179 a7a3623f c2606d6d 9dc68b63 e1f20c33 49f5114a e1257970 8ada8930
+23: c5d53d8d a7a3623f c2606d6d 9dc68b63 aa47c347 49f5114a e1257970 8ada8930
+24: c5d53d8d a7a3623f c2606d6d 2823ef91 aa47c347 49f5114a e1257970 1c2c2838
+25: c5d53d8d a7a3623f 14383d8e 2823ef91 aa47c347 49f5114a cde8037d 1c2c2838
+26: c5d53d8d c74c6516 14383d8e 2823ef91 aa47c347 b62ec4bc cde8037d 1c2c2838
+27: edffbff8 c74c6516 14383d8e 2823ef91 77d37528 b62ec4bc cde8037d 1c2c2838
+28: edffbff8 c74c6516 14383d8e 363482c9 77d37528 b62ec4bc cde8037d 6112a3b7
+29: edffbff8 c74c6516 a0060b30 363482c9 77d37528 b62ec4bc ade79437 6112a3b7
+30: edffbff8 ea992a22 a0060b30 363482c9 77d37528 109ab3a ade79437 6112a3b7
+31: 73b33bf5 ea992a22 a0060b30 363482c9 ba591112 109ab3a ade79437 6112a3b7
+32: 73b33bf5 ea992a22 a0060b30 9cd9f5f6 ba591112 109ab3a ade79437 98e12507
+33: 73b33bf5 ea992a22 59249dd3 9cd9f5f6 ba591112 109ab3a fe604df5 98e12507
+34: 73b33bf5 85f3833 59249dd3 9cd9f5f6 ba591112 a9a7738c fe604df5 98e12507
+35: f4b002d6 85f3833 59249dd3 9cd9f5f6 65a0cfe4 a9a7738c fe604df5 98e12507
+36: f4b002d6 85f3833 59249dd3 41a65cb1 65a0cfe4 a9a7738c fe604df5 772a26b
+37: f4b002d6 85f3833 34df1604 41a65cb1 65a0cfe4 a9a7738c a507a53d 772a26b
+38: f4b002d6 6dc57a8a 34df1604 41a65cb1 65a0cfe4 f0781bc8 a507a53d 772a26b
+39: 79ea687a 6dc57a8a 34df1604 41a65cb1 1efbc0a0 f0781bc8 a507a53d 772a26b
+40: 79ea687a 6dc57a8a 34df1604 26352d63 1efbc0a0 f0781bc8 a507a53d d6670766
+41: 79ea687a 6dc57a8a 838b2711 26352d63 1efbc0a0 f0781bc8 df46652f d6670766
+42: 79ea687a decd4715 838b2711 26352d63 1efbc0a0 17aa0dfe df46652f d6670766
+43: fda24c2e decd4715 838b2711 26352d63 9d4baf93 17aa0dfe df46652f d6670766
+44: fda24c2e decd4715 838b2711 26628815 9d4baf93 17aa0dfe df46652f a80f11f0
+45: fda24c2e decd4715 72ab4b91 26628815 9d4baf93 17aa0dfe b7755da1 a80f11f0
+46: fda24c2e a14c14b0 72ab4b91 26628815 9d4baf93 d57b94a9 b7755da1 a80f11f0
+47: 4172328d a14c14b0 72ab4b91 26628815 fecf0bc6 d57b94a9 b7755da1 a80f11f0
+48: 4172328d a14c14b0 72ab4b91 bd714038 fecf0bc6 d57b94a9 b7755da1 5757ceb
+49: 4172328d a14c14b0 6e5c390c bd714038 fecf0bc6 d57b94a9 f11bfaa8 5757ceb
+50: 4172328d 52f1ccf7 6e5c390c bd714038 fecf0bc6 7a0508a1 f11bfaa8 5757ceb
+51: 49231c1e 52f1ccf7 6e5c390c bd714038 886e7a22 7a0508a1 f11bfaa8 5757ceb
+52: 49231c1e 52f1ccf7 6e5c390c 101fd28f 886e7a22 7a0508a1 f11bfaa8 529e7d00
+53: 49231c1e 52f1ccf7 f5702fdb 101fd28f 886e7a22 7a0508a1 9f4787c3 529e7d00
+54: 49231c1e 3ec45cdb f5702fdb 101fd28f 886e7a22 e50e1b4f 9f4787c3 529e7d00
+55: 38cc9913 3ec45cdb f5702fdb 101fd28f 54cb266b e50e1b4f 9f4787c3 529e7d00
+56: 38cc9913 3ec45cdb f5702fdb 9b5e906c 54cb266b e50e1b4f 9f4787c3 fcd1887b
+57: 38cc9913 3ec45cdb 7e44008e 9b5e906c 54cb266b e50e1b4f c062d46f fcd1887b
+58: 38cc9913 6d83bfc6 7e44008e 9b5e906c 54cb266b ffb70472 c062d46f fcd1887b
+59: b21bad3d 6d83bfc6 7e44008e 9b5e906c b6ae8fff ffb70472 c062d46f fcd1887b
+60: b21bad3d 6d83bfc6 7e44008e b85e2ce9 b6ae8fff ffb70472 c062d46f 961f4894
+61: b21bad3d 6d83bfc6 4d24d6c b85e2ce9 b6ae8fff ffb70472 948d25b6 961f4894
+62: b21bad3d d39a2165 4d24d6c b85e2ce9 b6ae8fff fb121210 948d25b6 961f4894
+63: 506e3058 d39a2165 4d24d6c b85e2ce9 5ef50f24 fb121210 948d25b6 961f4894
+99: ba7816bf 8f01cfea 414140de 5dae2223 b00361a3 96177a9c b410ff61 f20015ad
+*/
--- /dev/null
+#include "testutils.h"
+
+void
+test_main(void)
+{
+ /* Extracted from ShortMsgKAT_224.txt using sha3.awk. */
+ test_hash(&nettle_sha3_224, /* 0 octets */
+ SHEX(""),
+ SHEX("F71837502BA8E10837BDD8D365ADB85591895602FC552B48B7390ABD"));
+ test_hash(&nettle_sha3_224, /* 1 octets */
+ SHEX("CC"),
+ SHEX("A9CAB59EB40A10B246290F2D6086E32E3689FAF1D26B470C899F2802"));
+ test_hash(&nettle_sha3_224, /* 2 octets */
+ SHEX("41FB"),
+ SHEX("615BA367AFDC35AAC397BC7EB5D58D106A734B24986D5D978FEFD62C"));
+ test_hash(&nettle_sha3_224, /* 3 octets */
+ SHEX("1F877C"),
+ SHEX("6F9D2898EFD096BAAAAAB2E97482DDB6389B8E6CAA964B7A0E347E13"));
+ test_hash(&nettle_sha3_224, /* 4 octets */
+ SHEX("C1ECFDFC"),
+ SHEX("E405869DA1464A705700A3CBCE131AABEEBA9C8D2FE6576B21BCBE16"));
+ test_hash(&nettle_sha3_224, /* 5 octets */
+ SHEX("21F134AC57"),
+ SHEX("5573DA2B02216A860389A581F6E9FB8D805E9E02F6FA911701EEE298"));
+ test_hash(&nettle_sha3_224, /* 6 octets */
+ SHEX("C6F50BB74E29"),
+ SHEX("163C9060163AA66B8B7C0CFAA65D934BFF219BCBC267187CABA0042F"));
+ test_hash(&nettle_sha3_224, /* 7 octets */
+ SHEX("119713CC83EEEF"),
+ SHEX("CFC04C6F8463DDAB24CDF8B8652BD11DF23DD1B95F118328DD01580E"));
+ test_hash(&nettle_sha3_224, /* 8 octets */
+ SHEX("4A4F202484512526"),
+ SHEX("7A5C2CB3F999DD00EFF7399963314CA647DD0E5AE1BDDEC611F8338D"));
+ test_hash(&nettle_sha3_224, /* 9 octets */
+ SHEX("1F66AB4185ED9B6375"),
+ SHEX("A5A75806083AA9307074EF8FBD7DF592985E5F714611E812216C0449"));
+ test_hash(&nettle_sha3_224, /* 10 octets */
+ SHEX("EED7422227613B6F53C9"),
+ SHEX("AC78FC53A1DB90A634F1AAAF90119C889C8C24B59B98B7366029CC73"));
+ test_hash(&nettle_sha3_224, /* 11 octets */
+ SHEX("EAEED5CDFFD89DECE455F1"),
+ SHEX("672CA6826686BEDB258532830D606B258C6DE60154EC0957CD8B858B"));
+ test_hash(&nettle_sha3_224, /* 12 octets */
+ SHEX("5BE43C90F22902E4FE8ED2D3"),
+ SHEX("D98CA07E172B0BC53D679D2F8D002C63FD24A6307F2B7E1EEEF28BE0"));
+ test_hash(&nettle_sha3_224, /* 13 octets */
+ SHEX("A746273228122F381C3B46E4F1"),
+ SHEX("F122BE39C91A6C17CD5900F531E680D54CEDEFD4F0E3D113D26543D4"));
+ test_hash(&nettle_sha3_224, /* 14 octets */
+ SHEX("3C5871CD619C69A63B540EB5A625"),
+ SHEX("2A26D2AD2015C67CABB7895EC5FA25473D4D1433FAE92B9B2CDA31F0"));
+ test_hash(&nettle_sha3_224, /* 15 octets */
+ SHEX("FA22874BCC068879E8EF11A69F0722"),
+ SHEX("A69E4EC1648CBBD595558EE4EA345E4196C2881E85E853739B1F4604"));
+ test_hash(&nettle_sha3_224, /* 16 octets */
+ SHEX("52A608AB21CCDD8A4457A57EDE782176"),
+ SHEX("5679CD509C5120AF54795CF477149641CF27B2EBB6A5F90340704E57"));
+ test_hash(&nettle_sha3_224, /* 17 octets */
+ SHEX("82E192E4043DDCD12ECF52969D0F807EED"),
+ SHEX("455584A1A3BBFBB977AE08DDEE93DA5ACAE0F2F4C3CDAAF089728AAE"));
+ test_hash(&nettle_sha3_224, /* 18 octets */
+ SHEX("75683DCB556140C522543BB6E9098B21A21E"),
+ SHEX("BB779E7267CAF0E891547EE3E3BABF17837671CF731ED56334F61CC3"));
+ test_hash(&nettle_sha3_224, /* 19 octets */
+ SHEX("06E4EFE45035E61FAAF4287B4D8D1F12CA97E5"),
+ SHEX("E7B181DAEC132D3B6C9DFBF61841135B87FB995BE20957B8CD095E2B"));
+ test_hash(&nettle_sha3_224, /* 20 octets */
+ SHEX("E26193989D06568FE688E75540AEA06747D9F851"),
+ SHEX("44729646A05AD0503A876B448F88F177A0A263AB746CA6E30676ADB2"));
+ test_hash(&nettle_sha3_224, /* 21 octets */
+ SHEX("D8DC8FDEFBDCE9D44E4CBAFE78447BAE3B5436102A"),
+ SHEX("05E15793E417DD4E02CD6C5636D42C1638C164D70B79F717F25D1A15"));
+ test_hash(&nettle_sha3_224, /* 22 octets */
+ SHEX("57085FD7E14216AB102D8317B0CB338A786D5FC32D8F"),
+ SHEX("2C4077A8858966EF79AAC3EC6D82855EAD22867BA45D617A68CB926E"));
+ test_hash(&nettle_sha3_224, /* 23 octets */
+ SHEX("A05404DF5DBB57697E2C16FA29DEFAC8AB3560D6126FA0"),
+ SHEX("2E897B479FBCBF42D2139F6768DF147A3B85C36A5B3F3C066EB0565E"));
+ test_hash(&nettle_sha3_224, /* 24 octets */
+ SHEX("AECBB02759F7433D6FCB06963C74061CD83B5B3FFA6F13C6"),
+ SHEX("BA76FFEFD006B81EF5991E697D0425621B16818EA27C11056E00904E"));
+ test_hash(&nettle_sha3_224, /* 25 octets */
+ SHEX("AAFDC9243D3D4A096558A360CC27C8D862F0BE73DB5E88AA55"),
+ SHEX("1C1E758D87399A36BF7C8A2E6A55CE6A4F0C498737956959959FD2AC"));
+ test_hash(&nettle_sha3_224, /* 26 octets */
+ SHEX("7BC84867F6F9E9FDC3E1046CAE3A52C77ED485860EE260E30B15"),
+ SHEX("DDEA76409C61F6D1873F01A34251C74C37B34F28F7F482A84395B5F3"));
+ test_hash(&nettle_sha3_224, /* 27 octets */
+ SHEX("FAC523575A99EC48279A7A459E98FF901918A475034327EFB55843"),
+ SHEX("777C523CF42D0006ED1F88F1BD0C3A5EF21814723794B8461A375C3A"));
+ test_hash(&nettle_sha3_224, /* 28 octets */
+ SHEX("0F8B2D8FCFD9D68CFFC17CCFB117709B53D26462A3F346FB7C79B85E"),
+ SHEX("8D7474ED6DEA4626AD3C1D06D2AD5B198CAAD07B12077C680CF6D89B"));
+ test_hash(&nettle_sha3_224, /* 29 octets */
+ SHEX("A963C3E895FF5A0BE4824400518D81412F875FA50521E26E85EAC90C04"),
+ SHEX("F525D4515D3CA54A2FAB9C679E93561FE151EA0960751352CD7F591A"));
+ test_hash(&nettle_sha3_224, /* 30 octets */
+ SHEX("03A18688B10CC0EDF83ADF0A84808A9718383C4070C6C4F295098699AC2C"),
+ SHEX("9A8455F41F693B91B3DE46BF66FF09D42DC300B856B1DC2DFD12555C"));
+ test_hash(&nettle_sha3_224, /* 31 octets */
+ SHEX("84FB51B517DF6C5ACCB5D022F8F28DA09B10232D42320FFC32DBECC3835B29"),
+ SHEX("81AF3A7A5BD4C1F948D6AF4B96F93C3B0CF9C0E7A6DA6FCD71EEC7F6"));
+ test_hash(&nettle_sha3_224, /* 32 octets */
+ SHEX("9F2FCC7C90DE090D6B87CD7E9718C1EA6CB21118FC2D5DE9F97E5DB6AC1E9C10"),
+ SHEX("A27A051A36A1501974AD8E9873E9DF231AA9AD90EC1D7A8BBF8F639A"));
+ test_hash(&nettle_sha3_224, /* 33 octets */
+ SHEX("DE8F1B3FAA4B7040ED4563C3B8E598253178E87E4D0DF75E4FF2F2DEDD5A0BE046"),
+ SHEX("F217812E362EC64D4DC5EACFABC165184BFA456E5C32C2C7900253D0"));
+ test_hash(&nettle_sha3_224, /* 34 octets */
+ SHEX("62F154EC394D0BC757D045C798C8B87A00E0655D0481A7D2D9FB58D93AEDC676B5A0"),
+ SHEX("5CA92B5F5830E1E5F8DF4391339DF7DF1F23BB31AA05437C103F1652"));
+ test_hash(&nettle_sha3_224, /* 35 octets */
+ SHEX("B2DCFE9FF19E2B23CE7DA2A4207D3E5EC7C6112A8A22AEC9675A886378E14E5BFBAD4E"),
+ SHEX("9F01F07D930F40A26407760104EFD10D4436295F6B8C41FE2A4E09EA"));
+ test_hash(&nettle_sha3_224, /* 36 octets */
+ SHEX("47F5697AC8C31409C0868827347A613A3562041C633CF1F1F86865A576E02835ED2C2492"),
+ SHEX("22A3FED1F4E298C37A1D7BA0C80E994B11D95F290F3945A3CEB2E2E6"));
+ test_hash(&nettle_sha3_224, /* 37 octets */
+ SHEX("512A6D292E67ECB2FE486BFE92660953A75484FF4C4F2ECA2B0AF0EDCDD4339C6B2EE4E542"),
+ SHEX("35F1AB1263211F738D3F97D0E4840C387E09369F23BF9239150D0306"));
+ test_hash(&nettle_sha3_224, /* 38 octets */
+ SHEX("973CF2B4DCF0BFA872B41194CB05BB4E16760A1840D8343301802576197EC19E2A1493D8F4FB"),
+ SHEX("34CC708B874D40478E82324BF3AA32FE9F85AFF8C60B4BADF97003E3"));
+ test_hash(&nettle_sha3_224, /* 39 octets */
+ SHEX("80BEEBCD2E3F8A9451D4499961C9731AE667CDC24EA020CE3B9AA4BBC0A7F79E30A934467DA4B0"),
+ SHEX("5F339B2F87E7F695B236267C819BA1705D97644AD72E0871C7E3A913"));
+ test_hash(&nettle_sha3_224, /* 40 octets */
+ SHEX("7ABAA12EC2A7347674E444140AE0FB659D08E1C66DECD8D6EAE925FA451D65F3C0308E29446B8ED3"),
+ SHEX("8E20D5C83CDA8226B58CEFD74C293CA7579CBB3949CA9EB2F61565B8"));
+ test_hash(&nettle_sha3_224, /* 41 octets */
+ SHEX("C88DEE9927679B8AF422ABCBACF283B904FF31E1CAC58C7819809F65D5807D46723B20F67BA610C2B7"),
+ SHEX("606255348812CFB5082F4D4BB6BBC2FEEF044E381FEB0E346061AA4F"));
+ test_hash(&nettle_sha3_224, /* 42 octets */
+ SHEX("01E43FE350FCEC450EC9B102053E6B5D56E09896E0DDD9074FE138E6038210270C834CE6EADC2BB86BF6"),
+ SHEX("C885274CC3BF110995FEF1154A86772F28B41E745E86E935B4E3A03F"));
+ test_hash(&nettle_sha3_224, /* 43 octets */
+ SHEX("337023370A48B62EE43546F17C4EF2BF8D7ECD1D49F90BAB604B839C2E6E5BD21540D29BA27AB8E309A4B7"),
+ SHEX("EFA7F7E7BFFA6A5E7F7D1C24E7A0A9DC9A6F72B3E9550A0AAA06CCE6"));
+ test_hash(&nettle_sha3_224, /* 44 octets */
+ SHEX("6892540F964C8C74BD2DB02C0AD884510CB38AFD4438AF31FC912756F3EFEC6B32B58EBC38FC2A6B913596A8"),
+ SHEX("ACA7DCCC6B809D511F4C248CAA5D1374E734C1ED6B995760CC3C56D2"));
+ test_hash(&nettle_sha3_224, /* 45 octets */
+ SHEX("F5961DFD2B1FFFFDA4FFBF30560C165BFEDAB8CE0BE525845DEB8DC61004B7DB38467205F5DCFB34A2ACFE96C0"),
+ SHEX("6F1EF55CCC6EF9B68DE54C14448487901022452AB761F84644E9A127"));
+ test_hash(&nettle_sha3_224, /* 46 octets */
+ SHEX("CA061A2EB6CEED8881CE2057172D869D73A1951E63D57261384B80CEB5451E77B06CF0F5A0EA15CA907EE1C27EBA"),
+ SHEX("B297F61FF06021BFE1B9D350B3F54D810BC16ADE17001BAE1B4CD4A2"));
+ test_hash(&nettle_sha3_224, /* 47 octets */
+ SHEX("1743A77251D69242750C4F1140532CD3C33F9B5CCDF7514E8584D4A5F9FBD730BCF84D0D4726364B9BF95AB251D9BB"),
+ SHEX("BE9A75436C3988FB2FE21D0C10EAD9B9C807DE2E13A9BD8437F13332"));
+ test_hash(&nettle_sha3_224, /* 48 octets */
+ SHEX("D8FABA1F5194C4DB5F176FABFFF856924EF627A37CD08CF55608BBA8F1E324D7C7F157298EABC4DCE7D89CE5162499F9"),
+ SHEX("4304582C3892942B1960822C965788B22DE19F1C6D5E204476ADFD26"));
+ test_hash(&nettle_sha3_224, /* 49 octets */
+ SHEX("BE9684BE70340860373C9C482BA517E899FC81BAAA12E5C6D7727975D1D41BA8BEF788CDB5CF4606C9C1C7F61AED59F97D"),
+ SHEX("0480EF8519C32F89C65B8DD450025EC49CBDADA6C4CFCFC6FB4F1C61"));
+ test_hash(&nettle_sha3_224, /* 50 octets */
+ SHEX("7E15D2B9EA74CA60F66C8DFAB377D9198B7B16DEB6A1BA0EA3C7EE2042F89D3786E779CF053C77785AA9E692F821F14A7F51"),
+ SHEX("0BDE9CD50D70F00EED97CCE40C3DF22BB4904C08C4177C3A95985D97"));
+ test_hash(&nettle_sha3_224, /* 51 octets */
+ SHEX("9A219BE43713BD578015E9FDA66C0F2D83CAC563B776AB9F38F3E4F7EF229CB443304FBA401EFB2BDBD7ECE939102298651C86"),
+ SHEX("3BF3ADDB761AB32A38B7B47047AD45B68EDFD88ED475227447EA1B1E"));
+ test_hash(&nettle_sha3_224, /* 52 octets */
+ SHEX("C8F2B693BD0D75EF99CAEBDC22ADF4088A95A3542F637203E283BBC3268780E787D68D28CC3897452F6A22AA8573CCEBF245972A"),
+ SHEX("6182614C8257EB05E9AC0950E15E6044872E5C0AB2AF4540764CA0C8"));
+ test_hash(&nettle_sha3_224, /* 53 octets */
+ SHEX("EC0F99711016C6A2A07AD80D16427506CE6F441059FD269442BAAA28C6CA037B22EEAC49D5D894C0BF66219F2C08E9D0E8AB21DE52"),
+ SHEX("0B5DC722EEA2C348325FD9B3D7F08F365B71D5B582C27BEB79B51D5D"));
+ test_hash(&nettle_sha3_224, /* 54 octets */
+ SHEX("0DC45181337CA32A8222FE7A3BF42FC9F89744259CFF653504D6051FE84B1A7FFD20CB47D4696CE212A686BB9BE9A8AB1C697B6D6A33"),
+ SHEX("29C2B817C75B6417BC89C262AF9D58F0C18FBD991F59F4181F237038"));
+ test_hash(&nettle_sha3_224, /* 55 octets */
+ SHEX("DE286BA4206E8B005714F80FB1CDFAEBDE91D29F84603E4A3EBC04686F99A46C9E880B96C574825582E8812A26E5A857FFC6579F63742F"),
+ SHEX("62C5876694D88007709B50900EE2E6CA9505CC90067EFBF4C1D95B0B"));
+ test_hash(&nettle_sha3_224, /* 56 octets */
+ SHEX("EEBCC18057252CBF3F9C070F1A73213356D5D4BC19AC2A411EC8CDEEE7A571E2E20EAF61FD0C33A0FFEB297DDB77A97F0A415347DB66BCAF"),
+ SHEX("D362BE7896B2AC3CA4DC3161B7F6C5B3FBE65F32D040402B8D306B15"));
+ test_hash(&nettle_sha3_224, /* 57 octets */
+ SHEX("416B5CDC9FE951BD361BD7ABFC120A5054758EBA88FDD68FD84E39D3B09AC25497D36B43CBE7B85A6A3CEBDA8DB4E5549C3EE51BB6FCB6AC1E"),
+ SHEX("D420C7BDF8D86D7B1CBD1AF7868EBC4FF17245595B94959A0714333C"));
+ test_hash(&nettle_sha3_224, /* 58 octets */
+ SHEX("5C5FAF66F32E0F8311C32E8DA8284A4ED60891A5A7E50FB2956B3CBAA79FC66CA376460E100415401FC2B8518C64502F187EA14BFC9503759705"),
+ SHEX("2E04DAE6E3FDF2A47FF40E6F3E61B371F3E51A5864A31CC11D127620"));
+ test_hash(&nettle_sha3_224, /* 59 octets */
+ SHEX("7167E1E02BE1A7CA69D788666F823AE4EEF39271F3C26A5CF7CEE05BCA83161066DC2E217B330DF821103799DF6D74810EED363ADC4AB99F36046A"),
+ SHEX("22817A21CFCEC4FD2348B6BE8A7042A37754D76A3F33A8F818312CC7"));
+ test_hash(&nettle_sha3_224, /* 60 octets */
+ SHEX("2FDA311DBBA27321C5329510FAE6948F03210B76D43E7448D1689A063877B6D14C4F6D0EAA96C150051371F7DD8A4119F7DA5C483CC3E6723C01FB7D"),
+ SHEX("68CAF2203317A8BED30C1792E888910124F2F0EE1D24D47274BCC856"));
+ test_hash(&nettle_sha3_224, /* 61 octets */
+ SHEX("95D1474A5AAB5D2422ACA6E481187833A6212BD2D0F91451A67DD786DFC91DFED51B35F47E1DEB8A8AB4B9CB67B70179CC26F553AE7B569969CE151B8D"),
+ SHEX("7BBAC0C0F192D2C479348358D2247E4C08966A512F73D40445B52EC7"));
+ test_hash(&nettle_sha3_224, /* 62 octets */
+ SHEX("C71BD7941F41DF044A2927A8FF55B4B467C33D089F0988AA253D294ADDBDB32530C0D4208B10D9959823F0C0F0734684006DF79F7099870F6BF53211A88D"),
+ SHEX("D226D9E1F36EC4222693699B6D0383C1452E391C41EFD7645289F8E3"));
+ test_hash(&nettle_sha3_224, /* 63 octets */
+ SHEX("F57C64006D9EA761892E145C99DF1B24640883DA79D9ED5262859DCDA8C3C32E05B03D984F1AB4A230242AB6B78D368DC5AAA1E6D3498D53371E84B0C1D4BA"),
+ SHEX("294A1E5A0629A2736F188691A35FE1ABB55472785DAFF6CD88C6D537"));
+ test_hash(&nettle_sha3_224, /* 64 octets */
+ SHEX("E926AE8B0AF6E53176DBFFCC2A6B88C6BD765F939D3D178A9BDE9EF3AA131C61E31C1E42CDFAF4B4DCDE579A37E150EFBEF5555B4C1CB40439D835A724E2FAE7"),
+ SHEX("C533DCF88CD1A5DFF22B914D3875BD57FC17B2E1F474AE360C3877D2"));
+ test_hash(&nettle_sha3_224, /* 65 octets */
+ SHEX("16E8B3D8F988E9BB04DE9C96F2627811C973CE4A5296B4772CA3EEFEB80A652BDF21F50DF79F32DB23F9F73D393B2D57D9A0297F7A2F2E79CFDA39FA393DF1AC00"),
+ SHEX("C9B7AD7A32B70DFB5A8A2FF9D98B300E484B996ED752A732D84DB6F7"));
+ test_hash(&nettle_sha3_224, /* 66 octets */
+ SHEX("FC424EEB27C18A11C01F39C555D8B78A805B88DBA1DC2A42ED5E2C0EC737FF68B2456D80EB85E11714FA3F8EABFB906D3C17964CB4F5E76B29C1765DB03D91BE37FC"),
+ SHEX("CF646D5E5C81818C97A01F393F8033CE3CB7CCD07FDAC9988766BD1C"));
+ test_hash(&nettle_sha3_224, /* 67 octets */
+ SHEX("ABE3472B54E72734BDBA7D9158736464251C4F21B33FBBC92D7FAC9A35C4E3322FF01D2380CBAA4EF8FB07D21A2128B7B9F5B6D9F34E13F39C7FFC2E72E47888599BA5"),
+ SHEX("D411E8A7CF50AAF91076A8CC5F01BF5B6BB2CCAE8046BF47871891FD"));
+ test_hash(&nettle_sha3_224, /* 68 octets */
+ SHEX("36F9F0A65F2CA498D739B944D6EFF3DA5EBBA57E7D9C41598A2B0E4380F3CF4B479EC2348D015FFE6256273511154AFCF3B4B4BF09D6C4744FDD0F62D75079D440706B05"),
+ SHEX("E094C0303D1841C6E4C0864857CF36CFC980E3CB4D78F18E301117C4"));
+ test_hash(&nettle_sha3_224, /* 69 octets */
+ SHEX("ABC87763CAE1CA98BD8C5B82CABA54AC83286F87E9610128AE4DE68AC95DF5E329C360717BD349F26B872528492CA7C94C2C1E1EF56B74DBB65C2AC351981FDB31D06C77A4"),
+ SHEX("51948E1772C2C2EE49158D02A975B27477BD041262954C3E60F5ACC2"));
+ test_hash(&nettle_sha3_224, /* 70 octets */
+ SHEX("94F7CA8E1A54234C6D53CC734BB3D3150C8BA8C5F880EAB8D25FED13793A9701EBE320509286FD8E422E931D99C98DA4DF7E70AE447BAB8CFFD92382D8A77760A259FC4FBD72"),
+ SHEX("8214A2B0E8BB60CD3E4DFB0D0855D0F6C4BA6D2728D0687BDF75F79E"));
+ test_hash(&nettle_sha3_224, /* 71 octets */
+ SHEX("13BD2811F6ED2B6F04FF3895ACEED7BEF8DCD45EB121791BC194A0F806206BFFC3B9281C2B308B1A729CE008119DD3066E9378ACDCC50A98A82E20738800B6CDDBE5FE9694AD6D"),
+ SHEX("8A2AE6B9AA7B1E08F8C7DC3BF5AE876660D30F79391714A175381091"));
+ test_hash(&nettle_sha3_224, /* 72 octets */
+ SHEX("1EED9CBA179A009EC2EC5508773DD305477CA117E6D569E66B5F64C6BC64801CE25A8424CE4A26D575B8A6FB10EAD3FD1992EDDDEEC2EBE7150DC98F63ADC3237EF57B91397AA8A7"),
+ SHEX("702B1906A63D0F924AFEC3BB5E5C5742E85F9834EA6F5306644811A1"));
+ test_hash(&nettle_sha3_224, /* 73 octets */
+ SHEX("BA5B67B5EC3A3FFAE2C19DD8176A2EF75C0CD903725D45C9CB7009A900C0B0CA7A2967A95AE68269A6DBF8466C7B6844A1D608AC661F7EFF00538E323DB5F2C644B78B2D48DE1A08AA"),
+ SHEX("BF2101511220B7DFE54B127C2476EAADFD4EAB7FD0F6BDD193078AC8"));
+ test_hash(&nettle_sha3_224, /* 74 octets */
+ SHEX("0EFA26AC5673167DCACAB860932ED612F65FF49B80FA9AE65465E5542CB62075DF1C5AE54FBA4DB807BE25B070033EFA223BDD5B1D3C94C6E1909C02B620D4B1B3A6C9FED24D70749604"),
+ SHEX("B07ADBED912723A07FA5353F665EC14FF82D85E90BE3E5A1F5C90FFF"));
+ test_hash(&nettle_sha3_224, /* 75 octets */
+ SHEX("BBFD933D1FD7BF594AC7F435277DC17D8D5A5B8E4D13D96D2F64E771ABBD51A5A8AEA741BECCBDDB177BCEA05243EBD003CFDEAE877CCA4DA94605B67691919D8B033F77D384CA01593C1B"),
+ SHEX("D1718F0D387AC427111A7E90E575DE5F04778EA2BA147A8451914FF0"));
+ test_hash(&nettle_sha3_224, /* 76 octets */
+ SHEX("90078999FD3C35B8AFBF4066CBDE335891365F0FC75C1286CDD88FA51FAB94F9B8DEF7C9AC582A5DBCD95817AFB7D1B48F63704E19C2BAA4DF347F48D4A6D603013C23F1E9611D595EBAC37C"),
+ SHEX("FAF7D793024E6D05E77C5231712478822C915292FCC1427E6ACFD3CF"));
+ test_hash(&nettle_sha3_224, /* 77 octets */
+ SHEX("64105ECA863515C20E7CFBAA0A0B8809046164F374D691CDBD6508AAABC1819F9AC84B52BAFC1B0FE7CDDBC554B608C01C8904C669D8DB316A0953A4C68ECE324EC5A49FFDB59A1BD6A292AA0E"),
+ SHEX("A375D756A8F39C72F67CA489C95F99350FFD0515B151A3BFF288CAAA"));
+ test_hash(&nettle_sha3_224, /* 78 octets */
+ SHEX("D4654BE288B9F3B711C2D02015978A8CC57471D5680A092AA534F7372C71CEAAB725A383C4FCF4D8DEAA57FCA3CE056F312961ECCF9B86F14981BA5BED6AB5B4498E1F6C82C6CAE6FC14845B3C8A"),
+ SHEX("1BD1B6F3144A3DEE93DEA1DF03C0E958F485B8AE164DCEE55F973413"));
+ test_hash(&nettle_sha3_224, /* 79 octets */
+ SHEX("12D9394888305AC96E65F2BF0E1B18C29C90FE9D714DD59F651F52B88B3008C588435548066EA2FC4C101118C91F32556224A540DE6EFDDBCA296EF1FB00341F5B01FECFC146BDB251B3BDAD556CD2"),
+ SHEX("BE88B495D0CD90281AF2094B8D7E72EB417288CA16F751C09694B682"));
+ test_hash(&nettle_sha3_224, /* 80 octets */
+ SHEX("871A0D7A5F36C3DA1DFCE57ACD8AB8487C274FAD336BC137EBD6FF4658B547C1DCFAB65F037AA58F35EF16AFF4ABE77BA61F65826F7BE681B5B6D5A1EA8085E2AE9CD5CF0991878A311B549A6D6AF230"),
+ SHEX("7DAC046254808464024617D63A038267FE2CA65052BDEB569A0A9C15"));
+ test_hash(&nettle_sha3_224, /* 81 octets */
+ SHEX("E90B4FFEF4D457BC7711FF4AA72231CA25AF6B2E206F8BF859D8758B89A7CD36105DB2538D06DA83BAD5F663BA11A5F6F61F236FD5F8D53C5E89F183A3CEC615B50C7C681E773D109FF7491B5CC22296C5"),
+ SHEX("89F6B320EFABE42CE13C9E20E4829F31A7848EEE3FC854E603FBD46F"));
+ test_hash(&nettle_sha3_224, /* 82 octets */
+ SHEX("E728DE62D75856500C4C77A428612CD804F30C3F10D36FB219C5CA0AA30726AB190E5F3F279E0733D77E7267C17BE27D21650A9A4D1E32F649627638DBADA9702C7CA303269ED14014B2F3CF8B894EAC8554"),
+ SHEX("A805DBD3B8DF5E03E05EFFFDE1B94B35A23C5D77C2797D984E56656F"));
+ test_hash(&nettle_sha3_224, /* 83 octets */
+ SHEX("6348F229E7B1DF3B770C77544E5166E081850FA1C6C88169DB74C76E42EB983FACB276AD6A0D1FA7B50D3E3B6FCD799EC97470920A7ABED47D288FF883E24CA21C7F8016B93BB9B9E078BDB9703D2B781B616E"),
+ SHEX("F05742CC1DB422A3113AC49602E8D0DD6CB472E7ED26BCE40BBA09BD"));
+ test_hash(&nettle_sha3_224, /* 84 octets */
+ SHEX("4B127FDE5DE733A1680C2790363627E63AC8A3F1B4707D982CAEA258655D9BF18F89AFE54127482BA01E08845594B671306A025C9A5C5B6F93B0A39522DC877437BE5C2436CBF300CE7AB6747934FCFC30AEAAF6"),
+ SHEX("45945F867B7E1E75EE496E0FC4AAFF71A0CC539841D153439AED4DFC"));
+ test_hash(&nettle_sha3_224, /* 85 octets */
+ SHEX("08461F006CFF4CC64B752C957287E5A0FAABC05C9BFF89D23FD902D324C79903B48FCB8F8F4B01F3E4DDB483593D25F000386698F5ADE7FAADE9615FDC50D32785EA51D49894E45BAA3DC707E224688C6408B68B11"),
+ SHEX("5A8AC7533E1354068B564CCD214EB2A2E097DD60E08BD69FC782B0AF"));
+ test_hash(&nettle_sha3_224, /* 86 octets */
+ SHEX("68C8F8849B120E6E0C9969A5866AF591A829B92F33CD9A4A3196957A148C49138E1E2F5C7619A6D5EDEBE995ACD81EC8BB9C7B9CFCA678D081EA9E25A75D39DB04E18D475920CE828B94E72241F24DB72546B352A0E4"),
+ SHEX("059F7EB983362FD44E94E2BFD59CCED43CAE959C9A483EBD5E6E2036"));
+ test_hash(&nettle_sha3_224, /* 87 octets */
+ SHEX("B8D56472954E31FB54E28FCA743F84D8DC34891CB564C64B08F7B71636DEBD64CA1EDBDBA7FC5C3E40049CE982BBA8C7E0703034E331384695E9DE76B5104F2FBC4535ECBEEBC33BC27F29F18F6F27E8023B0FBB6F563C"),
+ SHEX("22D62AD272FEFC89F73256EAACE00C7B8E998FB322C8EB67DC1EAC6A"));
+ test_hash(&nettle_sha3_224, /* 88 octets */
+ SHEX("0D58AC665FA84342E60CEFEE31B1A4EACDB092F122DFC68309077AED1F3E528F578859EE9E4CEFB4A728E946324927B675CD4F4AC84F64DB3DACFE850C1DD18744C74CECCD9FE4DC214085108F404EAB6D8F452B5442A47D"),
+ SHEX("A396EA905EB612554BD00E4FC1BB4C5247D73FDE4BBAF5380ED42DD0"));
+ test_hash(&nettle_sha3_224, /* 89 octets */
+ SHEX("1755E2D2E5D1C1B0156456B539753FF416651D44698E87002DCF61DCFA2B4E72F264D9AD591DF1FDEE7B41B2EB00283C5AEBB3411323B672EAA145C5125185104F20F335804B02325B6DEA65603F349F4D5D8B782DD3469CCD"),
+ SHEX("D8B5B24B9E92326FDE5DB1058EEDBEEDB0B65982925734B6E2844036"));
+ test_hash(&nettle_sha3_224, /* 90 octets */
+ SHEX("B180DE1A611111EE7584BA2C4B020598CD574AC77E404E853D15A101C6F5A2E5C801D7D85DC95286A1804C870BB9F00FD4DCB03AA8328275158819DCAD7253F3E3D237AEAA7979268A5DB1C6CE08A9EC7C2579783C8AFC1F91A7"),
+ SHEX("FDB9015B20DB446F79575E6B8C73A98EAC731CFE2E59BD46DBDA0E35"));
+ test_hash(&nettle_sha3_224, /* 91 octets */
+ SHEX("CF3583CBDFD4CBC17063B1E7D90B02F0E6E2EE05F99D77E24E560392535E47E05077157F96813544A17046914F9EFB64762A23CF7A49FE52A0A4C01C630CFE8727B81FB99A89FF7CC11DCA5173057E0417B8FE7A9EFBA6D95C555F"),
+ SHEX("DF1B47E73E8CBD2CA852CF58AD68B5F8BAA1169C0795961041E8A918"));
+ test_hash(&nettle_sha3_224, /* 92 octets */
+ SHEX("072FC02340EF99115BAD72F92C01E4C093B9599F6CFC45CB380EE686CB5EB019E806AB9BD55E634AB10AA62A9510CC0672CD3EDDB589C7DF2B67FCD3329F61B1A4441ECA87A33C8F55DA4FBBAD5CF2B2527B8E983BB31A2FADEC7523"),
+ SHEX("1E8A90918D6EAD31E446D4EE2673871ECC5C7DA9B18ED511E1632E0D"));
+ test_hash(&nettle_sha3_224, /* 93 octets */
+ SHEX("76EECF956A52649F877528146DE33DF249CD800E21830F65E90F0F25CA9D6540FDE40603230ECA6760F1139C7F268DEBA2060631EEA92B1FFF05F93FD5572FBE29579ECD48BC3A8D6C2EB4A6B26E38D6C5FBF2C08044AEEA470A8F2F26"),
+ SHEX("1060AFD1E1B9F7F41291A4861774B3B0C95A812788A41D7EBEF4A893"));
+ test_hash(&nettle_sha3_224, /* 94 octets */
+ SHEX("7ADC0B6693E61C269F278E6944A5A2D8300981E40022F839AC644387BFAC9086650085C2CDC585FEA47B9D2E52D65A2B29A7DC370401EF5D60DD0D21F9E2B90FAE919319B14B8C5565B0423CEFB827D5F1203302A9D01523498A4DB10374"),
+ SHEX("EA91EDC393491B4CBC035B8538DF08E3C6B8CAD18338053C81FE2E08"));
+ test_hash(&nettle_sha3_224, /* 95 octets */
+ SHEX("E1FFFA9826CCE8B86BCCEFB8794E48C46CDF372013F782ECED1E378269B7BE2B7BF51374092261AE120E822BE685F2E7A83664BCFBE38FE8633F24E633FFE1988E1BC5ACF59A587079A57A910BDA60060E85B5F5B6F776F0529639D9CCE4BD"),
+ SHEX("DF1AF149E5C92CB29174C1EDB6ED891EBCE4366010DC7CBFC9B1D757"));
+ test_hash(&nettle_sha3_224, /* 96 octets */
+ SHEX("69F9ABBA65592EE01DB4DCE52DBAB90B08FC04193602792EE4DAA263033D59081587B09BBE49D0B49C9825D22840B2FF5D9C5155F975F8F2C2E7A90C75D2E4A8040FE39F63BBAFB403D9E28CC3B86E04E394A9C9E8065BD3C85FA9F0C7891600"),
+ SHEX("5F698408BFF0246B05BAD96CB342B2FD2F11B6804EF2FA07A81B0920"));
+ test_hash(&nettle_sha3_224, /* 97 octets */
+ SHEX("38A10A352CA5AEDFA8E19C64787D8E9C3A75DBF3B8674BFAB29B5DBFC15A63D10FAE66CD1A6E6D2452D557967EAAD89A4C98449787B0B3164CA5B717A93F24EB0B506CEB70CBBCB8D72B2A72993F909AAD92F044E0B5A2C9AC9CB16A0CA2F81F49"),
+ SHEX("EBE6D61E8A946E0D45D3889F9E360ACD3A1A7D6C4B1307448E6E7357"));
+ test_hash(&nettle_sha3_224, /* 98 octets */
+ SHEX("6D8C6E449BC13634F115749C248C17CD148B72157A2C37BF8969EA83B4D6BA8C0EE2711C28EE11495F43049596520CE436004B026B6C1F7292B9C436B055CBB72D530D860D1276A1502A5140E3C3F54A93663E4D20EDEC32D284E25564F624955B52"),
+ SHEX("1B7F6BCB2271AC9C3B558E95F85285EE756B03B767A01AC57D7C6E94"));
+ test_hash(&nettle_sha3_224, /* 99 octets */
+ SHEX("6EFCBCAF451C129DBE00B9CEF0C3749D3EE9D41C7BD500ADE40CDC65DEDBBBADB885A5B14B32A0C0D087825201E303288A733842FA7E599C0C514E078F05C821C7A4498B01C40032E9F1872A1C925FA17CE253E8935E4C3C71282242CB716B2089CCC1"),
+ SHEX("436D1BCD6B3DE2677A72B93E2CEDB60C84A4FE125A802E2997EB2E67"));
+ test_hash(&nettle_sha3_224, /* 100 octets */
+ SHEX("433C5303131624C0021D868A30825475E8D0BD3052A022180398F4CA4423B98214B6BEAAC21C8807A2C33F8C93BD42B092CC1B06CEDF3224D5ED1EC29784444F22E08A55AA58542B524B02CD3D5D5F6907AFE71C5D7462224A3F9D9E53E7E0846DCBB4CE"),
+ SHEX("62B10F1B6236EBC2DA72957742A8D4E48E213B5F8934604BFD4D2C3A"));
+ test_hash(&nettle_sha3_224, /* 101 octets */
+ SHEX("A873E0C67CA639026B6683008F7AA6324D4979550E9BCE064CA1E1FB97A30B147A24F3F666C0A72D71348EDE701CF2D17E2253C34D1EC3B647DBCEF2F879F4EB881C4830B791378C901EB725EA5C172316C6D606E0AF7DF4DF7F76E490CD30B2BADF45685F"),
+ SHEX("1186BEA0880D0A96F6A56BBB431F4D264838BB0180DCF66EF0B599CA"));
+ test_hash(&nettle_sha3_224, /* 102 octets */
+ SHEX("006917B64F9DCDF1D2D87C8A6173B64F6587168E80FAA80F82D84F60301E561E312D9FBCE62F39A6FB476E01E925F26BCC91DE621449BE6504C504830AAE394096C8FC7694651051365D4EE9070101EC9B68086F2EA8F8AB7B811EA8AD934D5C9B62C60A4771"),
+ SHEX("383D2F41ECFDA5994E815432999D192E1A282FF5663196A4A268A67D"));
+ test_hash(&nettle_sha3_224, /* 103 octets */
+ SHEX("F13C972C52CB3CC4A4DF28C97F2DF11CE089B815466BE88863243EB318C2ADB1A417CB1041308598541720197B9B1CB5BA2318BD5574D1DF2174AF14884149BA9B2F446D609DF240CE335599957B8EC80876D9A085AE084907BC5961B20BF5F6CA58D5DAB38ADB"),
+ SHEX("E2594A633B2DC671FD0DDFD3BF7238332C425520827C524FB0E19778"));
+ test_hash(&nettle_sha3_224, /* 104 octets */
+ SHEX("E35780EB9799AD4C77535D4DDB683CF33EF367715327CF4C4A58ED9CBDCDD486F669F80189D549A9364FA82A51A52654EC721BB3AAB95DCEB4A86A6AFA93826DB923517E928F33E3FBA850D45660EF83B9876ACCAFA2A9987A254B137C6E140A21691E1069413848"),
+ SHEX("234764AAE8C39B1571D7741BB176FF86246070EC9AC97A1B2EB35472"));
+ test_hash(&nettle_sha3_224, /* 105 octets */
+ SHEX("64EC021C9585E01FFE6D31BB50D44C79B6993D72678163DB474947A053674619D158016ADB243F5C8D50AA92F50AB36E579FF2DABB780A2B529370DAA299207CFBCDD3A9A25006D19C4F1FE33E4B1EAEC315D8C6EE1E730623FD1941875B924EB57D6D0C2EDC4E78D6"),
+ SHEX("A634D7EBAA2BC0043EB5E237690E38FF1E05EE5A042882A233A2D92A"));
+ test_hash(&nettle_sha3_224, /* 106 octets */
+ SHEX("5954BAB512CF327D66B5D9F296180080402624AD7628506B555EEA8382562324CF452FBA4A2130DE3E165D11831A270D9CB97CE8C2D32A96F50D71600BB4CA268CF98E90D6496B0A6619A5A8C63DB6D8A0634DFC6C7EC8EA9C006B6C456F1B20CD19E781AF20454AC880"),
+ SHEX("EF03FBB1EF3296EECFB98909E416D113B5741E44962EC57993C6DA5D"));
+ test_hash(&nettle_sha3_224, /* 107 octets */
+ SHEX("03D9F92B2C565709A568724A0AFF90F8F347F43B02338F94A03ED32E6F33666FF5802DA4C81BDCE0D0E86C04AFD4EDC2FC8B4141C2975B6F07639B1994C973D9A9AFCE3D9D365862003498513BFA166D2629E314D97441667B007414E739D7FEBF0FE3C32C17AA188A8683"),
+ SHEX("210D245CC8B5A7B4C1B118A9890ECDDC34A66EA92805B7A7C19A944A"));
+ test_hash(&nettle_sha3_224, /* 108 octets */
+ SHEX("F31E8B4F9E0621D531D22A380BE5D9ABD56FAEC53CBD39B1FAB230EA67184440E5B1D15457BD25F56204FA917FA48E669016CB48C1FFC1E1E45274B3B47379E00A43843CF8601A5551411EC12503E5AAC43D8676A1B2297EC7A0800DBFEE04292E937F21C005F17411473041"),
+ SHEX("517BAE010715A020435CFDB531B856C5704E0EC611360F60D5B76161"));
+ test_hash(&nettle_sha3_224, /* 109 octets */
+ SHEX("758EA3FEA738973DB0B8BE7E599BBEF4519373D6E6DCD7195EA885FC991D896762992759C2A09002912FB08E0CB5B76F49162AEB8CF87B172CF3AD190253DF612F77B1F0C532E3B5FC99C2D31F8F65011695A087A35EE4EEE5E334C369D8EE5D29F695815D866DA99DF3F79403"),
+ SHEX("79D478B4BC5E6FC2D406BB1C3834A5CE397A88E80135F55D8FE32C5E"));
+ test_hash(&nettle_sha3_224, /* 110 octets */
+ SHEX("47C6E0C2B74948465921868804F0F7BD50DD323583DC784F998A93CD1CA4C6EF84D41DC81C2C40F34B5BEE6A93867B3BDBA0052C5F59E6F3657918C382E771D33109122CC8BB0E1E53C4E3D13B43CE44970F5E0C079D2AD7D7A3549CD75760C21BB15B447589E86E8D76B1E9CED2"),
+ SHEX("F7BA7A56AFC1C58E62841C3B98F5677199F24B534B0D52D9A5C95495"));
+ test_hash(&nettle_sha3_224, /* 111 octets */
+ SHEX("F690A132AB46B28EDFA6479283D6444E371C6459108AFD9C35DBD235E0B6B6FF4C4EA58E7554BD002460433B2164CA51E868F7947D7D7A0D792E4ABF0BE5F450853CC40D85485B2B8857EA31B5EA6E4CCFA2F3A7EF3380066D7D8979FDAC618AAD3D7E886DEA4F005AE4AD05E5065F"),
+ SHEX("78A90B769E9A326C93D5A6A6105AEE031DCEB2C8D222B36E02F27DB6"));
+ test_hash(&nettle_sha3_224, /* 112 octets */
+ SHEX("58D6A99BC6458824B256916770A8417040721CCCFD4B79EACD8B65A3767CE5BA7E74104C985AC56B8CC9AEBD16FEBD4CDA5ADB130B0FF2329CC8D611EB14DAC268A2F9E633C99DE33997FEA41C52A7C5E1317D5B5DAED35EBA7D5A60E45D1FA7EAABC35F5C2B0A0F2379231953322C4E"),
+ SHEX("3D9D5C2FD2F60F4BB89E11FD3BC2FBD65602EB3F3F38D6FA03BDCE2C"));
+ test_hash(&nettle_sha3_224, /* 113 octets */
+ SHEX("BEFAB574396D7F8B6705E2D5B58B2C1C820BB24E3F4BAE3E8FBCD36DBF734EE14E5D6AB972AEDD3540235466E825850EE4C512EA9795ABFD33F330D9FD7F79E62BBB63A6EA85DE15BEAEEA6F8D204A28956059E2632D11861DFB0E65BC07AC8A159388D5C3277E227286F65FF5E5B5AEC1"),
+ SHEX("E1FABE16152560387FADAD3324CBB94D8AF968786C3C994C8F926D32"));
+ test_hash(&nettle_sha3_224, /* 114 octets */
+ SHEX("8E58144FA9179D686478622CE450C748260C95D1BA43B8F9B59ABECA8D93488DA73463EF40198B4D16FB0B0707201347E0506FF19D01BEA0F42B8AF9E71A1F1BD168781069D4D338FDEF00BF419FBB003031DF671F4A37979564F69282DE9C65407847DD0DA505AB1641C02DEA4F0D834986"),
+ SHEX("CEF84F1966215B1511F5E0DB564D6827898184FBCB88BE0213FC563F"));
+ test_hash(&nettle_sha3_224, /* 115 octets */
+ SHEX("B55C10EAE0EC684C16D13463F29291BF26C82E2FA0422A99C71DB4AF14DD9C7F33EDA52FD73D017CC0F2DBE734D831F0D820D06D5F89DACC485739144F8CFD4799223B1AFF9031A105CB6A029BA71E6E5867D85A554991C38DF3C9EF8C1E1E9A7630BE61CAABCA69280C399C1FB7A12D12AEFC"),
+ SHEX("8E4B5A2B79FC1E7D0526AACB5B9AC01A569635644C9249DFFEE3B927"));
+ test_hash(&nettle_sha3_224, /* 116 octets */
+ SHEX("2EEEA693F585F4ED6F6F8865BBAE47A6908AECD7C429E4BEC4F0DE1D0CA0183FA201A0CB14A529B7D7AC0E6FF6607A3243EE9FB11BCF3E2304FE75FFCDDD6C5C2E2A4CD45F63C962D010645058D36571404A6D2B4F44755434D76998E83409C3205AA1615DB44057DB991231D2CB42624574F545"),
+ SHEX("BAFF55CDAD66AA77AD677E13A138B2F17286B504EA6B94EFFD9D9A95"));
+ test_hash(&nettle_sha3_224, /* 117 octets */
+ SHEX("DAB11DC0B047DB0420A585F56C42D93175562852428499F66A0DB811FCDDDAB2F7CDFFED1543E5FB72110B64686BC7B6887A538AD44C050F1E42631BC4EC8A9F2A047163D822A38989EE4AAB01B4C1F161B062D873B1CFA388FD301514F62224157B9BEF423C7783B7AAC8D30D65CD1BBA8D689C2D"),
+ SHEX("B4EFBE1167755F5A75B72CF15E0601662D036A16CAC8602A909FB328"));
+ test_hash(&nettle_sha3_224, /* 118 octets */
+ SHEX("42E99A2F80AEE0E001279A2434F731E01D34A44B1A8101726921C0590C30F3120EB83059F325E894A5AC959DCA71CE2214799916424E859D27D789437B9D27240BF8C35ADBAFCECC322B48AA205B293962D858652ABACBD588BCF6CBC388D0993BD622F96ED54614C25B6A9AA527589EAAFFCF17DDF7"),
+ SHEX("FA4BB608F8F60841E1189F8770051695CDC9935BDA7187C36419228A"));
+ test_hash(&nettle_sha3_224, /* 119 octets */
+ SHEX("3C9B46450C0F2CAE8E3823F8BDB4277F31B744CE2EB17054BDDC6DFF36AF7F49FB8A2320CC3BDF8E0A2EA29AD3A55DE1165D219ADEDDB5175253E2D1489E9B6FDD02E2C3D3A4B54D60E3A47334C37913C5695378A669E9B72DEC32AF5434F93F46176EBF044C4784467C700470D0C0B40C8A088C815816"),
+ SHEX("B3A877231519C24E2EFA424E6057128EA105B54C65E58074B5B1583C"));
+ test_hash(&nettle_sha3_224, /* 120 octets */
+ SHEX("D1E654B77CB155F5C77971A64DF9E5D34C26A3CAD6C7F6B300D39DEB1910094691ADAA095BE4BA5D86690A976428635D5526F3E946F7DC3BD4DBC78999E653441187A81F9ADCD5A3C5F254BC8256B0158F54673DCC1232F6E918EBFC6C51CE67EAEB042D9F57EEC4BFE910E169AF78B3DE48D137DF4F2840"),
+ SHEX("9F385C0B645DB8DB8B73C98C40BE264FFEE6151C7B5A0964E67DAA9F"));
+ test_hash(&nettle_sha3_224, /* 121 octets */
+ SHEX("626F68C18A69A6590159A9C46BE03D5965698F2DAC3DE779B878B3D9C421E0F21B955A16C715C1EC1E22CE3EB645B8B4F263F60660EA3028981EEBD6C8C3A367285B691C8EE56944A7CD1217997E1D9C21620B536BDBD5DE8925FF71DEC6FBC06624AB6B21E329813DE90D1E572DFB89A18120C3F606355D25"),
+ SHEX("BD6C865993082EC7B3808C13FD140FE0C0667B3EE51B9F8F1F4DFFD8"));
+ test_hash(&nettle_sha3_224, /* 122 octets */
+ SHEX("651A6FB3C4B80C7C68C6011675E6094EB56ABF5FC3057324EBC6477825061F9F27E7A94633ABD1FA598A746E4A577CAF524C52EC1788471F92B8C37F23795CA19D559D446CAB16CBCDCE90B79FA1026CEE77BF4AB1B503C5B94C2256AD75B3EAC6FD5DCB96ACA4B03A834BFB4E9AF988CECBF2AE597CB9097940"),
+ SHEX("8CA844ACFCAABD3B969F86C2F1ECDF1620574EC8C24426BE2DCC1BB5"));
+ test_hash(&nettle_sha3_224, /* 123 octets */
+ SHEX("8AAF072FCE8A2D96BC10B3C91C809EE93072FB205CA7F10ABD82ECD82CF040B1BC49EA13D1857815C0E99781DE3ADBB5443CE1C897E55188CEAF221AA9681638DE05AE1B322938F46BCE51543B57ECDB4C266272259D1798DE13BE90E10EFEC2D07484D9B21A3870E2AA9E06C21AA2D0C9CF420080A80A91DEE16F"),
+ SHEX("E8D549FF8D53745A4C5C75BDAD92314025DA877A77CE49EA134840FA"));
+ test_hash(&nettle_sha3_224, /* 124 octets */
+ SHEX("53F918FD00B1701BD504F8CDEA803ACCA21AC18C564AB90C2A17DA592C7D69688F6580575395551E8CD33E0FEF08CA6ED4588D4D140B3E44C032355DF1C531564D7F4835753344345A6781E11CD5E095B73DF5F82C8AE3AD00877936896671E947CC52E2B29DCD463D90A0C9929128DA222B5A211450BBC0E02448E2"),
+ SHEX("E6BD80787F8704FFF73112E8B368ADFBA3A1109162C769491349DCEF"));
+ test_hash(&nettle_sha3_224, /* 125 octets */
+ SHEX("A64599B8A61B5CCEC9E67AED69447459C8DA3D1EC6C7C7C82A7428B9B584FA67E90F68E2C00FBBED4613666E5168DA4A16F395F7A3C3832B3B134BFC9CBAA95D2A0FE252F44AC6681EB6D40AB91C1D0282FED6701C57463D3C5F2BB8C6A7301FB4576AA3B5F15510DB8956FF77478C26A7C09BEA7B398CFC83503F538E"),
+ SHEX("BD7D9E6CF9D2C1030F892533E01B72B5288E174B0864D81D71F8C6E6"));
+ test_hash(&nettle_sha3_224, /* 126 octets */
+ SHEX("0E3AB0E054739B00CDB6A87BD12CAE024B54CB5E550E6C425360C2E87E59401F5EC24EF0314855F0F56C47695D56A7FB1417693AF2A1ED5291F2FEE95F75EED54A1B1C2E81226FBFF6F63ADE584911C71967A8EB70933BC3F5D15BC91B5C2644D9516D3C3A8C154EE48E118BD1442C043C7A0DBA5AC5B1D5360AAE5B9065"),
+ SHEX("A5312E8C7F0A3594A8ECD1ABC5CBC14B2585F0B1FE32A4E1FA0A2E25"));
+ test_hash(&nettle_sha3_224, /* 127 octets */
+ SHEX("A62FC595B4096E6336E53FCDFC8D1CC175D71DAC9D750A6133D23199EAAC288207944CEA6B16D27631915B4619F743DA2E30A0C00BBDB1BBB35AB852EF3B9AEC6B0A8DCC6E9E1ABAA3AD62AC0A6C5DE765DE2C3711B769E3FDE44A74016FFF82AC46FA8F1797D3B2A726B696E3DEA5530439ACEE3A45C2A51BC32DD055650B"),
+ SHEX("2E0D739386AAAF37980EE421AA8C19B19AF52E70F59DC0A6988471F5"));
+ test_hash(&nettle_sha3_224, /* 128 octets */
+ SHEX("2B6DB7CED8665EBE9DEB080295218426BDAA7C6DA9ADD2088932CDFFBAA1C14129BCCDD70F369EFB149285858D2B1D155D14DE2FDB680A8B027284055182A0CAE275234CC9C92863C1B4AB66F304CF0621CD54565F5BFF461D3B461BD40DF28198E3732501B4860EADD503D26D6E69338F4E0456E9E9BAF3D827AE685FB1D817"),
+ SHEX("AF3E0CC6E64501F10FD39722E852355FD6D80D32190631E2F06C22AD"));
+ test_hash(&nettle_sha3_224, /* 129 octets */
+ SHEX("10DB509B2CDCABA6C062AE33BE48116A29EB18E390E1BBADA5CA0A2718AFBCD23431440106594893043CC7F2625281BF7DE2655880966A23705F0C5155C2F5CCA9F2C2142E96D0A2E763B70686CD421B5DB812DACED0C6D65035FDE558E94F26B3E6DDE5BD13980CC80292B723013BD033284584BFF27657871B0CF07A849F4AE2"),
+ SHEX("F009E05D1AFE2D33D2C5F4008B46F31468A7BF5299D4F0AB0EFE4FD3"));
+ test_hash(&nettle_sha3_224, /* 130 octets */
+ SHEX("9334DE60C997BDA6086101A6314F64E4458F5FF9450C509DF006E8C547983C651CA97879175AABA0C539E82D05C1E02C480975CBB30118121061B1EBAC4F8D9A3781E2DB6B18042E01ECF9017A64A0E57447EC7FCBE6A7F82585F7403EE2223D52D37B4BF426428613D6B4257980972A0ACAB508A7620C1CB28EB4E9D30FC41361EC"),
+ SHEX("76281BD1613843A3ADBCBC78D1923AFB5B8AA2DCBC48934DEEC84AAA"));
+ test_hash(&nettle_sha3_224, /* 131 octets */
+ SHEX("E88AB086891693AA535CEB20E64C7AB97C7DD3548F3786339897A5F0C39031549CA870166E477743CCFBE016B4428D89738E426F5FFE81626137F17AECFF61B72DBEE2DC20961880CFE281DFAB5EE38B1921881450E16032DE5E4D55AD8D4FCA609721B0692BAC79BE5A06E177FE8C80C0C83519FB3347DE9F43D5561CB8107B9B5EDC"),
+ SHEX("DA7C79E04FCA2B69AAA58199CA69105B6B18FE67E29F380501AA7FA8"));
+ test_hash(&nettle_sha3_224, /* 132 octets */
+ SHEX("FD19E01A83EB6EC810B94582CB8FBFA2FCB992B53684FB748D2264F020D3B960CB1D6B8C348C2B54A9FCEA72330C2AAA9A24ECDB00C436ABC702361A82BB8828B85369B8C72ECE0082FE06557163899C2A0EFA466C33C04343A839417057399A63A3929BE1EE4805D6CE3E5D0D0967FE9004696A5663F4CAC9179006A2CEB75542D75D68"),
+ SHEX("70ECB261757371A282903C696715DC03F106A339F076203BAB436E94"));
+ test_hash(&nettle_sha3_224, /* 133 octets */
+ SHEX("59AE20B6F7E0B3C7A989AFB28324A40FCA25D8651CF1F46AE383EF6D8441587AA1C04C3E3BF88E8131CE6145CFB8973D961E8432B202FA5AF3E09D625FAAD825BC19DA9B5C6C20D02ABDA2FCC58B5BD3FE507BF201263F30543819510C12BC23E2DDB4F711D087A86EDB1B355313363A2DE996B891025E147036087401CCF3CA7815BF3C49"),
+ SHEX("740D3CB455133173EC652AA04709EF0F549F19A9D4CC6BEC9E876B5A"));
+ test_hash(&nettle_sha3_224, /* 134 octets */
+ SHEX("77EE804B9F3295AB2362798B72B0A1B2D3291DCEB8139896355830F34B3B328561531F8079B79A6E9980705150866402FDC176C05897E359A6CB1A7AB067383EB497182A7E5AEF7038E4C96D133B2782917417E391535B5E1B51F47D8ED7E4D4025FE98DC87B9C1622614BFF3D1029E68E372DE719803857CA52067CDDAAD958951CB2068CC6"),
+ SHEX("663835A81A2A38D5AD3A37BD9BC96618D27CA32286E9091834A0871A"));
+ test_hash(&nettle_sha3_224, /* 135 octets */
+ SHEX("B771D5CEF5D1A41A93D15643D7181D2A2EF0A8E84D91812F20ED21F147BEF732BF3A60EF4067C3734B85BC8CD471780F10DC9E8291B58339A677B960218F71E793F2797AEA349406512829065D37BB55EA796FA4F56FD8896B49B2CD19B43215AD967C712B24E5032D065232E02C127409D2ED4146B9D75D763D52DB98D949D3B0FED6A8052FBB"),
+ SHEX("2594153AC2DE681F4DEE340FA344EC388773A377D5B89E503254FD2E"));
+ test_hash(&nettle_sha3_224, /* 136 octets */
+ SHEX("B32D95B0B9AAD2A8816DE6D06D1F86008505BD8C14124F6E9A163B5A2ADE55F835D0EC3880EF50700D3B25E42CC0AF050CCD1BE5E555B23087E04D7BF9813622780C7313A1954F8740B6EE2D3F71F768DD417F520482BD3A08D4F222B4EE9DBD015447B33507DD50F3AB4247C5DE9A8ABD62A8DECEA01E3B87C8B927F5B08BEB37674C6F8E380C04"),
+ SHEX("42275C296937745758FF2B7BEE9A897191AE87E42BD10198D9466C19"));
+ test_hash(&nettle_sha3_224, /* 137 octets */
+ SHEX("04410E31082A47584B406F051398A6ABE74E4DA59BB6F85E6B49E8A1F7F2CA00DFBA5462C2CD2BFDE8B64FB21D70C083F11318B56A52D03B81CAC5EEC29EB31BD0078B6156786DA3D6D8C33098C5C47BB67AC64DB14165AF65B44544D806DDE5F487D5373C7F9792C299E9686B7E5821E7C8E2458315B996B5677D926DAC57B3F22DA873C601016A0D"),
+ SHEX("143F9055EB1F736729C77721FB65ED5EE142F6E969132FB22989C11F"));
+ test_hash(&nettle_sha3_224, /* 138 octets */
+ SHEX("8B81E9BADDE026F14D95C019977024C9E13DB7A5CD21F9E9FC491D716164BBACDC7060D882615D411438AEA056C340CDF977788F6E17D118DE55026855F93270472D1FD18B9E7E812BAE107E0DFDE7063301B71F6CFE4E225CAB3B232905A56E994F08EE2891BA922D49C3DAFEB75F7C69750CB67D822C96176C46BD8A29F1701373FB09A1A6E3C7158F"),
+ SHEX("449A0313CCAB4427032B6BE9D66F827FFB4C71B538B2104F9D14D14A"));
+ test_hash(&nettle_sha3_224, /* 139 octets */
+ SHEX("FA6EED24DA6666A22208146B19A532C2EC9BA94F09F1DEF1E7FC13C399A48E41ACC2A589D099276296348F396253B57CB0E40291BD282773656B6E0D8BEA1CDA084A3738816A840485FCF3FB307F777FA5FEAC48695C2AF4769720258C77943FB4556C362D9CBA8BF103AEB9034BAA8EA8BFB9C4F8E6742CE0D52C49EA8E974F339612E830E9E7A9C29065"),
+ SHEX("21E2760644A19ED18ED0CD74C4E4C071D770132AD215EB6F7D42B01D"));
+ test_hash(&nettle_sha3_224, /* 140 octets */
+ SHEX("9BB4AF1B4F09C071CE3CAFA92E4EB73CE8A6F5D82A85733440368DEE4EB1CBC7B55AC150773B6FE47DBE036C45582ED67E23F4C74585DAB509DF1B83610564545642B2B1EC463E18048FC23477C6B2AA035594ECD33791AF6AF4CBC2A1166ABA8D628C57E707F0B0E8707CAF91CD44BDB915E0296E0190D56D33D8DDE10B5B60377838973C1D943C22ED335E"),
+ SHEX("D5534C72BE2E4B1FAAA813118B0D29DBB86F624067EA34515AFA08BE"));
+ test_hash(&nettle_sha3_224, /* 141 octets */
+ SHEX("2167F02118CC62043E9091A647CADBED95611A521FE0D64E8518F16C808AB297725598AE296880A773607A798F7C3CFCE80D251EBEC6885015F9ABF7EAABAE46798F82CB5926DE5C23F44A3F9F9534B3C6F405B5364C2F8A8BDC5CA49C749BED8CE4BA48897062AE8424CA6DDE5F55C0E42A95D1E292CA54FB46A84FBC9CD87F2D0C9E7448DE3043AE22FDD229"),
+ SHEX("C0CD413B1CE000A1BBE3A2CD103C7F8F95925AC6C8A5C922AFB5F96D"));
+ test_hash(&nettle_sha3_224, /* 142 octets */
+ SHEX("94B7FA0BC1C44E949B1D7617D31B4720CBE7CA57C6FA4F4094D4761567E389ECC64F6968E4064DF70DF836A47D0C713336B5028B35930D29EB7A7F9A5AF9AD5CF441745BAEC9BB014CEEFF5A41BA5C1CE085FEB980BAB9CF79F2158E03EF7E63E29C38D7816A84D4F71E0F548B7FC316085AE38A060FF9B8DEC36F91AD9EBC0A5B6C338CBB8F6659D342A24368CF"),
+ SHEX("93C6BF585E994B1669184AC71DC8E772B53443E668DA0786D528090B"));
+ test_hash(&nettle_sha3_224, /* 143 octets */
+ SHEX("EA40E83CB18B3A242C1ECC6CCD0B7853A439DAB2C569CFC6DC38A19F5C90ACBF76AEF9EA3742FF3B54EF7D36EB7CE4FF1C9AB3BC119CFF6BE93C03E208783335C0AB8137BE5B10CDC66FF3F89A1BDDC6A1EED74F504CBE7290690BB295A872B9E3FE2CEE9E6C67C41DB8EFD7D863CF10F840FE618E7936DA3DCA5CA6DF933F24F6954BA0801A1294CD8D7E66DFAFEC"),
+ SHEX("BFE15BB51F680F2F489F0FDEB32F271090A09D1563F29FEAF92104E0"));
+ test_hash(&nettle_sha3_224, /* 144 octets */
+ SHEX("157D5B7E4507F66D9A267476D33831E7BB768D4D04CC3438DA12F9010263EA5FCAFBDE2579DB2F6B58F911D593D5F79FB05FE3596E3FA80FF2F761D1B0E57080055C118C53E53CDB63055261D7C9B2B39BD90ACC32520CBBDBDA2C4FD8856DBCEE173132A2679198DAF83007A9B5C51511AE49766C792A29520388444EBEFE28256FB33D4260439CBA73A9479EE00C63"),
+ SHEX("6D735FB7579135F61B771B2BB0D81514CDE9C977ACCF6FEAF6EDEBF0"));
+ test_hash(&nettle_sha3_224, /* 145 octets */
+ SHEX("836B34B515476F613FE447A4E0C3F3B8F20910AC89A3977055C960D2D5D2B72BD8ACC715A9035321B86703A411DDE0466D58A59769672AA60AD587B8481DE4BBA552A1645779789501EC53D540B904821F32B0BD1855B04E4848F9F8CFE9EBD8911BE95781A759D7AD9724A7102DBE576776B7C632BC39B9B5E19057E226552A5994C1DBB3B5C7871A11F5537011044C53"),
+ SHEX("6D93153145904CEBE0E8A66C272BEDF4F0D0A3C53AB30264135431A7"));
+ test_hash(&nettle_sha3_224, /* 146 octets */
+ SHEX("CC7784A4912A7AB5AD3620AAB29BA87077CD3CB83636ADC9F3DC94F51EDF521B2161EF108F21A0A298557981C0E53CE6CED45BDF782C1EF200D29BAB81DD6460586964EDAB7CEBDBBEC75FD7925060F7DA2B853B2B089588FA0F8C16EC6498B14C55DCEE335CB3A91D698E4D393AB8E8EAC0825F8ADEBEEE196DF41205C011674E53426CAA453F8DE1CBB57932B0B741D4C6"),
+ SHEX("AFE30535675A7021BF618941D94DDFFCCEFCAA1EF06CDE306D5D7A75"));
+ test_hash(&nettle_sha3_224, /* 147 octets */
+ SHEX("7639B461FFF270B2455AC1D1AFCE782944AEA5E9087EB4A39EB96BB5C3BAAF0E868C8526D3404F9405E79E77BFAC5FFB89BF1957B523E17D341D7323C302EA7083872DD5E8705694ACDDA36D5A1B895AAA16ECA6104C82688532C8BFE1790B5DC9F4EC5FE95BAED37E1D287BE710431F1E5E8EE105BC42ED37D74B1E55984BF1C09FE6A1FA13EF3B96FAEAED6A2A1950A12153"),
+ SHEX("916501614891BD99400A8AEAABF69326FA98B833AED82386AB19E507"));
+ test_hash(&nettle_sha3_224, /* 148 octets */
+ SHEX("EB6513FC61B30CFBA58D4D7E80F94D14589090CF1D80B1DF2E68088DC6104959BA0D583D585E9578AB0AEC0CF36C48435EB52ED9AB4BBCE7A5ABE679C97AE2DBE35E8CC1D45B06DDA3CF418665C57CBEE4BBB47FA4CAF78F4EE656FEC237FE4EEBBAFA206E1EF2BD0EE4AE71BD0E9B2F54F91DAADF1FEBFD7032381D636B733DCB3BF76FB14E23AFF1F68ED3DBCF75C9B99C6F26"),
+ SHEX("9C3759905E47E49CC7057C9237545D444F758535F991F7E8728F3A51"));
+ test_hash(&nettle_sha3_224, /* 149 octets */
+ SHEX("1594D74BF5DDE444265D4C04DAD9721FF3E34CBF622DAF341FE16B96431F6C4DF1F760D34F296EB97D98D560AD5286FEC4DCE1724F20B54FD7DF51D4BF137ADD656C80546FB1BF516D62EE82BAA992910EF4CC18B70F3F8698276FCFB44E0EC546C2C39CFD8EE91034FF9303058B4252462F86C823EB15BF481E6B79CC3A02218595B3658E8B37382BD5048EAED5FD02C37944E73B"),
+ SHEX("733ACDF9CED47F2E43936ED6C2AC0F824F4F5B5D2942522D4DE5F6FC"));
+ test_hash(&nettle_sha3_224, /* 150 octets */
+ SHEX("4CFA1278903026F66FEDD41374558BE1B585D03C5C55DAC94361DF286D4BD39C7CB8037ED3B267B07C346626449D0CC5B0DD2CF221F7E4C3449A4BE99985D2D5E67BFF2923357DDEAB5ABCB4619F3A3A57B2CF928A022EB27676C6CF805689004FCA4D41EA6C2D0A4789C7605F7BB838DD883B3AD3E6027E775BCF262881428099C7FFF95B14C095EA130E0B9938A5E22FC52650F591"),
+ SHEX("530438B7A86B16434C82713EF7392D25C5CF814C7C6408368C4F2EAF"));
+ test_hash(&nettle_sha3_224, /* 151 octets */
+ SHEX("D3E65CB92CFA79662F6AF493D696A07CCF32AAADCCEFF06E73E8D9F6F909209E66715D6E978788C49EFB9087B170ECF3AA86D2D4D1A065AE0EFC8924F365D676B3CB9E2BEC918FD96D0B43DEE83727C9A93BF56CA2B2E59ADBA85696546A815067FC7A78039629D4948D157E7B0D826D1BF8E81237BAB7321312FDAA4D521744F988DB6FDF04549D0FDCA393D639C729AF716E9C8BBA48"),
+ SHEX("84944EB018F8A124E3C969C037464EE32BACF8E58901D2E22291DF9A"));
+ test_hash(&nettle_sha3_224, /* 152 octets */
+ SHEX("842CC583504539622D7F71E7E31863A2B885C56A0BA62DB4C2A3F2FD12E79660DC7205CA29A0DC0A87DB4DC62EE47A41DB36B9DDB3293B9AC4BAAE7DF5C6E7201E17F717AB56E12CAD476BE49608AD2D50309E7D48D2D8DE4FA58AC3CFEAFEEE48C0A9EEC88498E3EFC51F54D300D828DDDCCB9D0B06DD021A29CF5CB5B2506915BEB8A11998B8B886E0F9B7A80E97D91A7D01270F9A7717"),
+ SHEX("1311DA757C405F2A0EAB110B0C515F05FCD59F5495A9704252DA5AB8"));
+ test_hash(&nettle_sha3_224, /* 153 octets */
+ SHEX("6C4B0A0719573E57248661E98FEBE326571F9A1CA813D3638531AE28B4860F23C3A3A8AC1C250034A660E2D71E16D3ACC4BF9CE215C6F15B1C0FC7E77D3D27157E66DA9CEEC9258F8F2BF9E02B4AC93793DD6E29E307EDE3695A0DF63CBDC0FC66FB770813EB149CA2A916911BEE4902C47C7802E69E405FE3C04CEB5522792A5503FA829F707272226621F7C488A7698C0D69AA561BE9F378"),
+ SHEX("B5FDAEAD7E68333CEDB5D4AD636AE7059EB31305E2C831787FD51265"));
+ test_hash(&nettle_sha3_224, /* 154 octets */
+ SHEX("51B7DBB7CE2FFEB427A91CCFE5218FD40F9E0B7E24756D4C47CD55606008BDC27D16400933906FD9F30EFFDD4880022D081155342AF3FB6CD53672AB7FB5B3A3BCBE47BE1FD3A2278CAE8A5FD61C1433F7D350675DD21803746CADCA574130F01200024C6340AB0CC2CF74F2234669F34E9009EF2EB94823D62B31407F4BA46F1A1EEC41641E84D77727B59E746B8A671BEF936F05BE820759FA"),
+ SHEX("2919FD6C376AEC9F502893A9970B9AC6591855227C0E137BE01705AC"));
+ test_hash(&nettle_sha3_224, /* 155 octets */
+ SHEX("83599D93F5561E821BD01A472386BC2FF4EFBD4AED60D5821E84AAE74D8071029810F5E286F8F17651CD27DA07B1EB4382F754CD1C95268783AD09220F5502840370D494BEB17124220F6AFCE91EC8A0F55231F9652433E5CE3489B727716CF4AEBA7DCDA20CD29AA9A859201253F948DD94395ABA9E3852BD1D60DDA7AE5DC045B283DA006E1CBAD83CC13292A315DB5553305C628DD091146597"),
+ SHEX("8910E7ABC3DAA506974EC13E35C43133EBFA91DEEC99BFAD4954447E"));
+ test_hash(&nettle_sha3_224, /* 156 octets */
+ SHEX("2BE9BF526C9D5A75D565DD11EF63B979D068659C7F026C08BEA4AF161D85A462D80E45040E91F4165C074C43AC661380311A8CBED59CC8E4C4518E80CD2C78AB1CABF66BFF83EAB3A80148550307310950D034A6286C93A1ECE8929E6385C5E3BB6EA8A7C0FB6D6332E320E71CC4EB462A2A62E2BFE08F0CCAD93E61BEDB5DD0B786A728AB666F07E0576D189C92BF9FB20DCA49AC2D3956D47385E2"),
+ SHEX("F8B4A4A6FBB8C8432712B5B815B36685C86656C3F67D05BDBB44B49A"));
+ test_hash(&nettle_sha3_224, /* 157 octets */
+ SHEX("CA76D3A12595A817682617006848675547D3E8F50C2210F9AF906C0E7CE50B4460186FE70457A9E879E79FD4D1A688C70A347361C847BA0DD6AA52936EAF8E58A1BE2F5C1C704E20146D366AEB3853BED9DE9BEFE9569AC8AAEA37A9FB7139A1A1A7D5C748605A8DEFB297869EBEDD71D615A5DA23496D11E11ABBB126B206FA0A7797EE7DE117986012D0362DCEF775C2FE145ADA6BDA1CCB326BF644"),
+ SHEX("926FE0044B12422D3E4BFA52C59252ACC91DBF09C488AE9D31C7EB63"));
+ test_hash(&nettle_sha3_224, /* 158 octets */
+ SHEX("F76B85DC67421025D64E93096D1D712B7BAF7FB001716F02D33B2160C2C882C310EF13A576B1C2D30EF8F78EF8D2F465007109AAD93F74CB9E7D7BEF7C9590E8AF3B267C89C15DB238138C45833C98CC4A471A7802723EF4C744A853CF80A0C2568DD4ED58A2C9644806F42104CEE53628E5BDF7B63B0B338E931E31B87C24B146C6D040605567CEEF5960DF9E022CB469D4C787F4CBA3C544A1AC91F95F"),
+ SHEX("A4E4B4A573F7B8865D77D7E57F7D840A55261A96E5FEDD763D0811F4"));
+ test_hash(&nettle_sha3_224, /* 159 octets */
+ SHEX("25B8C9C032EA6BCD733FFC8718FBB2A503A4EA8F71DEA1176189F694304F0FF68E862A8197B839957549EF243A5279FC2646BD4C009B6D1EDEBF24738197ABB4C992F6B1DC9BA891F570879ACCD5A6B18691A93C7D0A8D38F95B639C1DAEB48C4C2F15CCF5B9D508F8333C32DE78781B41850F261B855C4BEBCC125A380C54D501C5D3BD07E6B52102116088E53D76583B0161E2A58D0778F091206AABD5A1"),
+ SHEX("EBFD796B29F6059931732F98602185B6377C4E6E40BD26C810D6DA96"));
+ test_hash(&nettle_sha3_224, /* 160 octets */
+ SHEX("21CFDC2A7CCB7F331B3D2EEFFF37E48AD9FA9C788C3F3C200E0173D99963E1CBCA93623B264E920394AE48BB4C3A5BB96FFBC8F0E53F30E22956ADABC2765F57FB761E147ECBF8567533DB6E50C8A1F894310A94EDF806DD8CA6A0E141C0FA7C9FAE6C6AE65F18C93A8529E6E5B553BF55F25BE2E80A9882BD37F145FECBEB3D447A3C4E46C21524CC55CDD62F521AB92A8BA72B897996C49BB273198B7B1C9E"),
+ SHEX("3FB7392A6621B852312A374C14A679AFB0E3D2EC6A2D147BD5E873F6"));
+ test_hash(&nettle_sha3_224, /* 161 octets */
+ SHEX("4E452BA42127DCC956EF4F8F35DD68CB225FB73B5BC7E1EC5A898BBA2931563E74FAFF3B67314F241EC49F4A7061E3BD0213AE826BAB380F1F14FAAB8B0EFDDD5FD1BB49373853A08F30553D5A55CCBBB8153DE4704F29CA2BDEEF0419468E05DD51557CCC80C0A96190BBCC4D77ECFF21C66BDF486459D427F986410F883A80A5BCC32C20F0478BB9A97A126FC5F95451E40F292A4614930D054C851ACD019CCF"),
+ SHEX("8B3750655AF5ECA10CC4F291043590E2D19759253047A4C1DBC86577"));
+ test_hash(&nettle_sha3_224, /* 162 octets */
+ SHEX("FA85671DF7DADF99A6FFEE97A3AB9991671F5629195049880497487867A6C446B60087FAC9A0F2FCC8E3B24E97E42345B93B5F7D3691829D3F8CCD4BB36411B85FC2328EB0C51CB3151F70860AD3246CE0623A8DC8B3C49F958F8690F8E3860E71EB2B1479A5CEA0B3F8BEFD87ACAF5362435EAECCB52F38617BC6C5C2C6E269EAD1FBD69E941D4AD2012DA2C5B21BCFBF98E4A77AB2AF1F3FDA3233F046D38F1DC8"),
+ SHEX("D3A5004477BBB21CF7D0FCA84E51A7A57E93FAE7222570C01B00E89A"));
+ test_hash(&nettle_sha3_224, /* 163 octets */
+ SHEX("E90847AE6797FBC0B6B36D6E588C0A743D725788CA50B6D792352EA8294F5BA654A15366B8E1B288D84F5178240827975A763BC45C7B0430E8A559DF4488505E009C63DA994F1403F407958203CEBB6E37D89C94A5EACF6039A327F6C4DBBC7A2A307D976AA39E41AF6537243FC218DFA6AB4DD817B6A397DF5CA69107A9198799ED248641B63B42CB4C29BFDD7975AC96EDFC274AC562D0474C60347A078CE4C25E88"),
+ SHEX("75B77C36E394711DFD35C11AEC8C033DCD7C18712F3B06D1FEDC1077"));
+ test_hash(&nettle_sha3_224, /* 164 octets */
+ SHEX("F6D5C2B6C93954FC627602C00C4CA9A7D3ED12B27173F0B2C9B0E4A5939398A665E67E69D0B12FB7E4CEB253E8083D1CEB724AC07F009F094E42F2D6F2129489E846EAFF0700A8D4453EF453A3EDDC18F408C77A83275617FABC4EA3A2833AA73406C0E966276079D38E8E38539A70E194CC5513AAA457C699383FD1900B1E72BDFB835D1FD321B37BA80549B078A49EA08152869A918CA57F5B54ED71E4FD3AC5C06729"),
+ SHEX("E52DF7FDF957269CA0B0F46553D554FE2E6367019B379A1E4F4C7A9F"));
+ test_hash(&nettle_sha3_224, /* 165 octets */
+ SHEX("CF8562B1BED89892D67DDAAF3DEEB28246456E972326DBCDB5CF3FB289ACA01E68DA5D59896E3A6165358B071B304D6AB3D018944BE5049D5E0E2BB819ACF67A6006111089E6767132D72DD85BEDDCBB2D64496DB0CC92955AB4C6234F1EEA24F2D51483F2E209E4589BF9519FAC51B4D061E801125E605F8093BB6997BC163D551596FE4AB7CFAE8FB9A90F6980480CE0C229FD1675409BD788354DAF316240CFE0AF93EB"),
+ SHEX("41853CD54692DBD478BB1E2D6CEDCDA1D139C838AC956A37C87F098F"));
+ test_hash(&nettle_sha3_224, /* 166 octets */
+ SHEX("2ACE31ABB0A2E3267944D2F75E1559985DB7354C6E605F18DC8470423FCA30B7331D9B33C4A4326783D1CAAE1B4F07060EFF978E4746BF0C7E30CD61040BD5EC2746B29863EB7F103EBDA614C4291A805B6A4C8214230564A0557BC7102E0BD3ED23719252F7435D64D210EE2AAFC585BE903FA41E1968C50FD5D5367926DF7A05E3A42CF07E656FF92DE73B036CF8B19898C0CB34557C0C12C2D8B84E91181AF467BC75A9D1"),
+ SHEX("1F2727D5132C453BD321A9FC7AA46FB8B3341D90988C41DE8439D2F1"));
+ test_hash(&nettle_sha3_224, /* 167 octets */
+ SHEX("0D8D09AED19F1013969CE5E7EB92F83A209AE76BE31C754844EA9116CEB39A22EBB6003017BBCF26555FA6624185187DB8F0CB3564B8B1C06BF685D47F3286EDA20B83358F599D2044BBF0583FAB8D78F854FE0A596183230C5EF8E54426750EAF2CC4E29D3BDD037E734D863C2BD9789B4C243096138F7672C232314EFFDFC6513427E2DA76916B5248933BE312EB5DDE4CF70804FB258AC5FB82D58D08177AC6F4756017FFF5"),
+ SHEX("5E745F8966D91EEE013B061281BC20C79B0323000A15BBDE7E0D25AE"));
+ test_hash(&nettle_sha3_224, /* 168 octets */
+ SHEX("C3236B73DEB7662BF3F3DAA58F137B358BA610560EF7455785A9BEFDB035A066E90704F929BD9689CEF0CE3BDA5ACF4480BCEB8D09D10B098AD8500D9B6071DFC3A14AF6C77511D81E3AA8844986C3BEA6F469F9E02194C92868CD5F51646256798FF0424954C1434BDFED9FACB390B07D342E992936E0F88BFD0E884A0DDB679D0547CCDEC6384285A45429D115AC7D235A717242021D1DC35641F5F0A48E8445DBA58E6CB2C8EA"),
+ SHEX("CD2EEB7D48D0260986BADF16F15AA09B5229B7830C73EE95B8CBF85A"));
+ test_hash(&nettle_sha3_224, /* 169 octets */
+ SHEX("B39FEB8283EADC63E8184B51DF5AE3FD41AAC8A963BB0BE1CD08AA5867D8D910C669221E73243360646F6553D1CA05A84E8DC0DE05B6419EC349CA994480193D01C92525F3FB3DCEFB08AFC6D26947BDBBFD85193F53B50609C6140905C53A6686B58E53A319A57B962331EDE98149AF3DE3118A819DA4D76706A0424B4E1D2910B0ED26AF61D150EBCB46595D4266A0BD7F651BA47D0C7F179CA28545007D92E8419D48FDFBD744CE"),
+ SHEX("3322FA727A0089F500A6A99D67419A76C7AF77EF2893E8D385B42720"));
+ test_hash(&nettle_sha3_224, /* 170 octets */
+ SHEX("A983D54F503803E8C7999F4EDBBE82E9084F422143A932DDDDC47A17B0B7564A7F37A99D0786E99476428D29E29D3C197A72BFAB1342C12A0FC4787FD7017D7A6174049EA43B5779169EF7472BDBBD941DCB82FC73AAC45A8A94C9F2BD3477F61FD3B796F02A1B8264A214C6FEA74B7051B226C722099EC7883A462B83B6AFDD4009248B8A237F605FE5A08FE7D8B45321421EBBA67BD70A0B00DDBF94BAAB7F359D5D1EEA105F28DCFB"),
+ SHEX("234C1BC03FD4C3D38DD4C736B59A9107911210D54E98B3A372F57236"));
+ test_hash(&nettle_sha3_224, /* 171 octets */
+ SHEX("E4D1C1897A0A866CE564635B74222F9696BF2C7F640DD78D7E2ACA66E1B61C642BB03EA7536AAE597811E9BF4A7B453EDE31F97B46A5F0EF51A071A2B3918DF16B152519AE3776F9F1EDAB4C2A377C3292E96408359D3613844D5EB393000283D5AD3401A318B12FD1474B8612F2BB50FB6A8B9E023A54D7DDE28C43D6D8854C8D9D1155935C199811DBFC87E9E0072E90EB88681CC7529714F8FB8A2C9D88567ADFB974EE205A9BF7B848"),
+ SHEX("BF229F4017E1674D4CB87B70D3D777C7114F085D77216437B860D641"));
+ test_hash(&nettle_sha3_224, /* 172 octets */
+ SHEX("B10C59723E3DCADD6D75DF87D0A1580E73133A9B7D00CB95EC19F5547027323BE75158B11F80B6E142C6A78531886D9047B08E551E75E6261E79785366D7024BD7CD9CF322D9BE7D57FB661069F2481C7BB759CD71B4B36CA2BC2DF6D3A328FAEBDB995A9794A8D72155ED551A1F87C80BF6059B43FC764900B18A1C2441F7487743CF84E565F61F8DD2ECE6B6CCC9444049197AAAF53E926FBEE3BFCA8BE588EC77F29D211BE89DE18B15F6"),
+ SHEX("F95DE3F40E5FAF58D3320B5B24ACEC7DE6B4B7E54C2F80F6D314AB5A"));
+ test_hash(&nettle_sha3_224, /* 173 octets */
+ SHEX("DB11F609BABA7B0CA634926B1DD539C8CBADA24967D7ADD4D9876F77C2D80C0F4DCEFBD7121548373582705CCA2495BD2A43716FE64ED26D059CFB566B3364BD49EE0717BDD9810DD14D8FAD80DBBDC4CAFB37CC60FB0FE2A80FB4541B8CA9D59DCE457738A9D3D8F641AF8C3FD6DA162DC16FC01AAC527A4A0255B4D231C0BE50F44F0DB0B713AF03D968FE7F0F61ED0824C55C4B5265548FEBD6AAD5C5EEDF63EFE793489C39B8FD29D104CE"),
+ SHEX("04B3BBBDDFEBA441005A48CEBDBB1C6B6A674C2D9B224DA29844374D"));
+ test_hash(&nettle_sha3_224, /* 174 octets */
+ SHEX("BEBD4F1A84FC8B15E4452A54BD02D69E304B7F32616AADD90537937106AE4E28DE9D8AAB02D19BC3E2FDE1D651559E296453E4DBA94370A14DBBB2D1D4E2022302EE90E208321EFCD8528AD89E46DC839EA9DF618EA8394A6BFF308E7726BAE0C19BCD4BE52DA6258E2EF4E96AA21244429F49EF5CB486D7FF35CAC1BACB7E95711944BCCB2AB34700D42D1EB38B5D536B947348A458EDE3DC6BD6EC547B1B0CAE5B257BE36A7124E1060C170FFA"),
+ SHEX("6C1809CD88A0EDB211986359498E0AC37E25E8EB62946938C37D3C26"));
+ test_hash(&nettle_sha3_224, /* 175 octets */
+ SHEX("5ACA56A03A13784BDC3289D9364F79E2A85C12276B49B92DB0ADAA4F206D5028F213F678C3510E111F9DC4C1C1F8B6ACB17A6413AA227607C515C62A733817BA5E762CC6748E7E0D6872C984D723C9BB3B117EB8963185300A80BFA65CDE495D70A46C44858605FCCBED086C2B45CEF963D33294DBE9706B13AF22F1B7C4CD5A001CFEC251FBA18E722C6E1C4B1166918B4F6F48A98B64B3C07FC86A6B17A6D0480AB79D4E6415B520F1C484D675B1"),
+ SHEX("D2744A1BBB34718FCBB614C21E1FCCD0FF88615CB82AA03803AB9460"));
+ test_hash(&nettle_sha3_224, /* 176 octets */
+ SHEX("A5AAD0E4646A32C85CFCAC73F02FC5300F1982FABB2F2179E28303E447854094CDFC854310E5C0F60993CEFF54D84D6B46323D930ADB07C17599B35B505F09E784BCA5985E0172257797FB53649E2E9723EFD16865C31B5C3D5113B58BB0BFC8920FABDDA086D7537E66D709D050BD14D0C960873F156FAD5B3D3840CDFCDC9BE6AF519DB262A27F40896AB25CC39F96984D650611C0D5A3080D5B3A1BF186ABD42956588B3B58CD948970D298776060"),
+ SHEX("F6115F635D98B572FD1BA85763ECCF8BF273FBF7B96F0DB0120CA8AD"));
+ test_hash(&nettle_sha3_224, /* 177 octets */
+ SHEX("06CBBE67E94A978203EAD6C057A1A5B098478B4B4CBEF5A97E93C8E42F5572713575FC2A884531D7622F8F879387A859A80F10EF02708CD8F7413AB385AFC357678B9578C0EBF641EF076A1A30F1F75379E9DCB2A885BDD295905EE80C0168A62A9597D10CF12DD2D8CEE46645C7E5A141F6E0E23AA482ABE5661C16E69EF1E28371E2E236C359BA4E92C25626A7B7FF13F6EA4AE906E1CFE163E91719B1F750A96CBDE5FBC953D9E576CD216AFC90323A"),
+ SHEX("5EE73A4F13A08A2D9B1E52DF88972FFB9F03B843A387EE52B00EDCEE"));
+ test_hash(&nettle_sha3_224, /* 178 octets */
+ SHEX("F1C528CF7739874707D4D8AD5B98F7C77169DE0B57188DF233B2DC8A5B31EDA5DB4291DD9F68E6BAD37B8D7F6C9C0044B3BF74BBC3D7D1798E138709B0D75E7C593D3CCCDC1B20C7174B4E692ADD820ACE262D45CCFAE2077E878796347168060A162ECCA8C38C1A88350BD63BB539134F700FD4ADDD5959E255337DAA06BC86358FABCBEFDFB5BC889783D843C08AADC6C4F6C36F65F156E851C9A0F917E4A367B5AD93D874812A1DE6A7B93CD53AD97232"),
+ SHEX("44BC64559BDB910B7079E0261FF8B49DBA141B32ECBCB70B3ABDFBF9"));
+ test_hash(&nettle_sha3_224, /* 179 octets */
+ SHEX("9D9F3A7ECD51B41F6572FD0D0881E30390DFB780991DAE7DB3B47619134718E6F987810E542619DFAA7B505C76B7350C6432D8BF1CFEBDF1069B90A35F0D04CBDF130B0DFC7875F4A4E62CDB8E525AADD7CE842520A482AC18F09442D78305FE85A74E39E760A4837482ED2F437DD13B2EC1042AFCF9DECDC3E877E50FF4106AD10A525230D11920324A81094DA31DEAB6476AA42F20C84843CFC1C58545EE80352BDD3740DD6A16792AE2D86F11641BB717C2"),
+ SHEX("DE82ADDE823C312F83B3D4C0BD35AA0395AB747ABBC22A70973E2A6C"));
+ test_hash(&nettle_sha3_224, /* 180 octets */
+ SHEX("5179888724819FBAD3AFA927D3577796660E6A81C52D98E9303261D5A4A83232F6F758934D50AA83FF9E20A5926DFEBAAC49529D006EB923C5AE5048ED544EC471ED7191EDF46363383824F915769B3E688094C682B02151E5EE01E510B431C8865AFF8B6B6F2F59CB6D129DA79E97C6D2B8FA6C6DA3F603199D2D1BCAB547682A81CD6CF65F6551121391D78BCC23B5BD0E922EC6D8BF97C952E84DD28AEF909ABA31EDB903B28FBFC33B7703CD996215A11238"),
+ SHEX("B1BA910C9F5E126607FF2531AFFECBA791261E354E2C1A81FDA7A756"));
+ test_hash(&nettle_sha3_224, /* 181 octets */
+ SHEX("576EF3520D30B7A4899B8C0D5E359E45C5189ADD100E43BE429A02FB3DE5FF4F8FD0E79D9663ACCA72CD29C94582B19292A557C5B1315297D168FBB54E9E2ECD13809C2B5FCE998EDC6570545E1499DBE7FB74D47CD7F35823B212B05BF3F5A79CAA34224FDD670D335FCB106F5D92C3946F44D3AFCBAE2E41AC554D8E6759F332B76BE89A0324AA12C5482D1EA3EE89DED4936F3E3C080436F539FA137E74C6D3389BDF5A45074C47BC7B20B0948407A66D855E2F"),
+ SHEX("3EF8D4A6BB8E172374E806E8D65D5F81B3FDB36299DE1C0CCC26DC65"));
+ test_hash(&nettle_sha3_224, /* 182 octets */
+ SHEX("0DF2152FA4F4357C8741529DD77E783925D3D76E95BAFA2B542A2C33F3D1D117D159CF473F82310356FEE4C90A9E505E70F8F24859656368BA09381FA245EB6C3D763F3093F0C89B972E66B53D59406D9F01AEA07F8B3B615CAC4EE4D05F542E7D0DAB45D67CCCCD3A606CCBEB31EA1FA7005BA07176E60DAB7D78F6810EF086F42F08E595F0EC217372B98970CC6321576D92CE38F7C397A403BADA1548D205C343AC09DECA86325373C3B76D9F32028FEA8EB32515"),
+ SHEX("1C89D6460B3F13584BF8319EE538F24C850CA771A51ECC547652BAE3"));
+ test_hash(&nettle_sha3_224, /* 183 octets */
+ SHEX("3E15350D87D6EBB5C8AD99D42515CFE17980933C7A8F6B8BBBF0A63728CEFAAD2052623C0BD5931839112A48633FB3C2004E0749C87A41B26A8B48945539D1FF41A4B269462FD199BFECD45374756F55A9116E92093AC99451AEFB2AF9FD32D6D7F5FBC7F7A540D5097C096EBC3B3A721541DE073A1CC02F7FB0FB1B9327FB0B1218CA49C9487AB5396622A13AE546C97ABDEF6B56380DDA7012A8384091B6656D0AB272D363CEA78163FF765CDD13AB1738B940D16CAE"),
+ SHEX("99981766CFE3B1888F2A008EFA1088016CB29993567F9BB74B5C4D3C"));
+ test_hash(&nettle_sha3_224, /* 184 octets */
+ SHEX("C38D6B0B757CB552BE40940ECE0009EF3B0B59307C1451686F1A22702922800D58BCE7A636C1727EE547C01B214779E898FC0E560F8AE7F61BEF4D75EAA696B921FD6B735D171535E9EDD267C192B99880C87997711002009095D8A7A437E258104A41A505E5EF71E5613DDD2008195F0C574E6BA3FE40099CFA116E5F1A2FA8A6DA04BADCB4E2D5D0DE31FDC4800891C45781A0AAC7C907B56D631FCA5CE8B2CDE620D11D1777ED9FA603541DE794DDC5758FCD5FAD78C0"),
+ SHEX("0215E91EF992DCC7E82D16A2C9B27921C1310C182F59DF8BED5151E8"));
+ test_hash(&nettle_sha3_224, /* 185 octets */
+ SHEX("8D2DE3F0B37A6385C90739805B170057F091CD0C7A0BC951540F26A5A75B3E694631BB64C7635EED316F51318E9D8DE13C70A2ABA04A14836855F35E480528B776D0A1E8A23B547C8B8D6A0D09B241D3BE9377160CCA4E6793D00A515DC2992CB7FC741DACA171431DA99CCE6F7789F129E2AC5CF65B40D703035CD2185BB936C82002DAF8CBC27A7A9E554B06196630446A6F0A14BA155ED26D95BD627B7205C072D02B60DB0FD7E49EA058C2E0BA202DAFF0DE91E845CF79"),
+ SHEX("E52EA6714A3978810DC19E999C32516D4ACF0CBCD67E917A4FEB56D0"));
+ test_hash(&nettle_sha3_224, /* 186 octets */
+ SHEX("C464BBDAD275C50DCD983B65AD1019B9FF85A1E71C807F3204BB2C921DC31FBCD8C5FC45868AE9EF85B6C9B83BBA2A5A822201ED68586EC5EC27FB2857A5D1A2D09D09115F22DCC39FE61F5E1BA0FF6E8B4ACB4C6DA748BE7F3F0839739394FF7FA8E39F7F7E84A33C3866875C01BCB1263C9405D91908E9E0B50E7459FABB63D8C6BBB73D8E3483C099B55BC30FF092FF68B6ADEDFD477D63570C9F5515847F36E24BA0B705557130CEC57EBAD1D0B31A378E91894EE26E3A04"),
+ SHEX("4C3D6321133EF74810E60D3190FFF3CF20C8521CAEA6FF782D7E3BAB"));
+ test_hash(&nettle_sha3_224, /* 187 octets */
+ SHEX("8B8D68BB8A75732FE272815A68A1C9C5AA31B41DEDC8493E76525D1D013D33CEBD9E21A5BB95DB2616976A8C07FCF411F5F6BC6F7E0B57ACA78CC2790A6F9B898858AC9C79B165FF24E66677531E39F572BE5D81EB3264524181115F32780257BFB9AEEC6AF12AF28E587CAC068A1A2953B59AD680F4C245B2E3EC36F59940D37E1D3DB38E13EDB29B5C0F404F6FF87F80FC8BE7A225FF22FBB9C8B6B1D7330C57840D24BC75B06B80D30DAD6806544D510AF6C4785E823AC3E0B8"),
+ SHEX("B9F006DBF853C023DEBE2F40035A7E83C49CDE656EC86A4621950F3E"));
+ test_hash(&nettle_sha3_224, /* 188 octets */
+ SHEX("6B018710446F368E7421F1BC0CCF562D9C1843846BC8D98D1C9BF7D9D6FCB48BFC3BF83B36D44C4FA93430AF75CD190BDE36A7F92F867F58A803900DF8018150384D85D82132F123006AC2AEBA58E02A037FE6AFBD65ECA7C44977DD3DC74F48B6E7A1BFD5CC4DCF24E4D52E92BD4455848E4928B0EAC8B7476FE3CC03E862AA4DFF4470DBFED6DE48E410F25096487ECFC32A27277F3F5023B2725ADE461B1355889554A8836C9CF53BD767F5737D55184EEA1AB3F53EDD0976C485"),
+ SHEX("0A5AA6BC564B8CB2F5FD7255455C0E7A5DACE0050C3BBD259FDE2AB9"));
+ test_hash(&nettle_sha3_224, /* 189 octets */
+ SHEX("C9534A24714BD4BE37C88A3DA1082EDA7CABD154C309D7BD670DCCD95AA535594463058A29F79031D6ECAA9F675D1211E9359BE82669A79C855EA8D89DD38C2C761DDD0EC0CE9E97597432E9A1BEAE062CDD71EDFDFD464119BE9E69D18A7A7FD7CE0E2106F0C8B0ABF4715E2CA48EF9F454DC203C96656653B727083513F8EFB86E49C513BB758B3B052FE21F1C05BB33C37129D6CC81F1AEF6ADC45B0E8827A830FE545CF57D0955802C117D23CCB55EA28F95C0D8C2F9C5A242B33F"),
+ SHEX("8CA4E085F04956B5B16520E3A767F8BA937364FE5F4460288AD4F231"));
+ test_hash(&nettle_sha3_224, /* 190 octets */
+ SHEX("07906C87297B867ABF4576E9F3CC7F82F22B154AFCBF293B9319F1B0584DA6A40C27B32E0B1B7F412C4F1B82480E70A9235B12EC27090A5A33175A2BB28D8ADC475CEFE33F7803F8CE27967217381F02E67A3B4F84A71F1C5228E0C2AD971373F6F672624FCEA8D1A9F85170FAD30FA0BBD25035C3B41A6175D467998BD1215F6F3866F53847F9CF68EF3E2FBB54BC994DE2302B829C5EEA68EC441FCBAFD7D16AE4FE9FFF98BF00E5BC2AD54DD91FF9FDA4DD77B6C754A91955D1FBAAD0"),
+ SHEX("C0AA34391CB3104C41995F3DE782F012D421585E5384E047A997062F"));
+ test_hash(&nettle_sha3_224, /* 191 octets */
+ SHEX("588E94B9054ABC2189DF69B8BA34341B77CDD528E7860E5DEFCAA79B0C9A452AD4B82AA306BE84536EB7CEDCBE058D7B84A6AEF826B028B8A0271B69AC3605A9635EA9F5EA0AA700F3EB7835BC54611B922964300C953EFE7491E3677C2CEBE0822E956CD16433B02C68C4A23252C3F9E151A416B4963257B783E038F6B4D5C9F110F871652C7A649A7BCEDCBCCC6F2D0725BB903CC196BA76C76AA9F10A190B1D1168993BAA9FFC96A1655216773458BEC72B0E39C9F2C121378FEAB4E76A"),
+ SHEX("33C10010A0B810386AE62F3F927DEAFC0D5AF0AF3DC7A8355CB779CD"));
+ test_hash(&nettle_sha3_224, /* 192 octets */
+ SHEX("08959A7E4BAAE874928813364071194E2939772F20DB7C3157078987C557C2A6D5ABE68D520EEF3DC491692E1E21BCD880ADEBF63BB4213B50897FA005256ED41B5690F78F52855C8D9168A4B666FCE2DA2B456D7A7E7C17AB5F2FB1EE90B79E698712E963715983FD07641AE4B4E9DC73203FAC1AE11FA1F8C7941FCC82EAB247ADDB56E2638447E9D609E610B60CE086656AAEBF1DA3C8A231D7D94E2FD0AFE46B391FF14A72EAEB3F44AD4DF85866DEF43D4781A0B3578BC996C87970B132"),
+ SHEX("842A2E13D2728CA55B42D784BB6BC4B889E56775AD56BF75789CC57A"));
+ test_hash(&nettle_sha3_224, /* 193 octets */
+ SHEX("CB2A234F45E2ECD5863895A451D389A369AAB99CFEF0D5C9FFCA1E6E63F763B5C14FB9B478313C8E8C0EFEB3AC9500CF5FD93791B789E67EAC12FD038E2547CC8E0FC9DB591F33A1E4907C64A922DDA23EC9827310B306098554A4A78F050262DB5B545B159E1FF1DCA6EB734B872343B842C57EAFCFDA8405EEDBB48EF32E99696D135979235C3A05364E371C2D76F1902F1D83146DF9495C0A6C57D7BF9EE77E80F9787AEE27BE1FE126CDC9EF893A4A7DCBBC367E40FE4E1EE90B42EA25AF01"),
+ SHEX("A576281CFAA89DCEFB1D37772400BA4CABCEEF33CBA2F833336A74F2"));
+ test_hash(&nettle_sha3_224, /* 194 octets */
+ SHEX("D16BEADF02AB1D4DC6F88B8C4554C51E866DF830B89C06E786A5F8757E8909310AF51C840EFE8D20B35331F4355D80F73295974653DDD620CDDE4730FB6C8D0D2DCB2B45D92D4FBDB567C0A3E86BD1A8A795AF26FBF29FC6C65941CDDB090FF7CD230AC5268AB4606FCCBA9EDED0A2B5D014EE0C34F0B2881AC036E24E151BE89EEB6CD9A7A790AFCCFF234D7CB11B99EBF58CD0C589F20BDAC4F9F0E28F75E3E04E5B3DEBCE607A496D848D67FA7B49132C71B878FD5557E082A18ECA1FBDA94D4B"),
+ SHEX("B1579476972D42FA388FEEB8424834672C4D1A4225EE2DB89DEA7359"));
+ test_hash(&nettle_sha3_224, /* 195 octets */
+ SHEX("8F65F6BC59A85705016E2BAE7FE57980DE3127E5AB275F573D334F73F8603106EC3553016608EF2DD6E69B24BE0B7113BF6A760BA6E9CE1C48F9E186012CF96A1D4849D75DF5BB8315387FD78E9E153E76F8BA7EC6C8849810F59FB4BB9B004318210B37F1299526866F44059E017E22E96CBE418699D014C6EA01C9F0038B10299884DBEC3199BB05ADC94E955A1533219C1115FED0E5F21228B071F40DD57C4240D98D37B73E412FE0FA4703120D7C0C67972ED233E5DEB300A22605472FA3A3BA86"),
+ SHEX("A32EC69648B4FD9BA2431ED0FEF036188C19788D7DDF0D25B6B03ECD"));
+ test_hash(&nettle_sha3_224, /* 196 octets */
+ SHEX("84891E52E0D451813210C3FD635B39A03A6B7A7317B221A7ABC270DFA946C42669AACBBBDF801E1584F330E28C729847EA14152BD637B3D0F2B38B4BD5BF9C791C58806281103A3EABBAEDE5E711E539E6A8B2CF297CF351C078B4FA8F7F35CF61BEBF8814BF248A01D41E86C5715EA40C63F7375379A7EB1D78F27622FB468AB784AAABA4E534A6DFD1DF6FA15511341E725ED2E87F98737CCB7B6A6DFAE416477472B046BF1811187D151BFA9F7B2BF9ACDB23A3BE507CDF14CFDF517D2CB5FB9E4AB6"),
+ SHEX("2B8CF4C8D9E6717EBCE4F0584ADA59A8ACDFAB98AD7E33F355B77095"));
+ test_hash(&nettle_sha3_224, /* 197 octets */
+ SHEX("FDD7A9433A3B4AFABD7A3A5E3457E56DEBF78E84B7A0B0CA0E8C6D53BD0C2DAE31B2700C6128334F43981BE3B213B1D7A118D59C7E6B6493A86F866A1635C12859CFB9AD17460A77B4522A5C1883C3D6ACC86E6162667EC414E9A104AA892053A2B1D72165A855BACD8FAF8034A5DD9B716F47A0818C09BB6BAF22AA503C06B4CA261F557761989D2AFBD88B6A678AD128AF68672107D0F1FC73C5CA740459297B3292B281E93BCEB761BDE7221C3A55708E5EC84472CDDCAA84ECF23723CC0991355C6280"),
+ SHEX("E583849474F3C759B7A3093C7ABADD61425073AEA2678E278215708D"));
+ test_hash(&nettle_sha3_224, /* 198 octets */
+ SHEX("70A40BFBEF92277A1AAD72F6B79D0177197C4EBD432668CFEC05D099ACCB651062B5DFF156C0B27336687A94B26679CFDD9DAF7AD204338DD9C4D14114033A5C225BD11F217B5F4732DA167EE3F939262D4043FC9CBA92303B7B5E96AEA12ADDA64859DF4B86E9EE0B58E39091E6B188B408AC94E1294A8911245EE361E60E601EFF58D1D37639F3753BEC80EBB4EFDE25817436076623FC65415FE51D1B0280366D12C554D86743F3C3B6572E400361A60726131441BA493A83FBE9AFDA90F7AF1AE717238D"),
+ SHEX("10795D3ABCC077F4A1F5B5653C478F9DB42110EA9F34925470B3CD11"));
+ test_hash(&nettle_sha3_224, /* 199 octets */
+ SHEX("74356E449F4BF8644F77B14F4D67CB6BD9C1F5AE357621D5B8147E562B65C66585CAF2E491B48529A01A34D226D436959153815380D5689E30B35357CDAC6E08D3F2B0E88E200600D62BD9F5EAF488DF86A4470EA227006182E44809009868C4C280C43D7D64A5268FA719074960087B3A6ABC837882F882C837834535929389A12B2C78187E2EA07EF8B8EEF27DC85002C3AE35F1A50BEE6A1C48BA7E175F3316670B27983472AA6A61EED0A683A39EE323080620EA44A9F74411AE5CE99030528F9AB49C79F2"),
+ SHEX("31A843B4A9F332F3B6B099843540AA70651B26B80E0BD75B77F3AA9B"));
+ test_hash(&nettle_sha3_224, /* 200 octets */
+ SHEX("8C3798E51BC68482D7337D3ABB75DC9FFE860714A9AD73551E120059860DDE24AB87327222B64CF774415A70F724CDF270DE3FE47DDA07B61C9EF2A3551F45A5584860248FABDE676E1CD75F6355AA3EAEABE3B51DC813D9FB2EAA4F0F1D9F834D7CAD9C7C695AE84B329385BC0BEF895B9F1EDF44A03D4B410CC23A79A6B62E4F346A5E8DD851C2857995DDBF5B2D717AEB847310E1F6A46AC3D26A7F9B44985AF656D2B7C9406E8A9E8F47DCB4EF6B83CAACF9AEFB6118BFCFF7E44BEF6937EBDDC89186839B77"),
+ SHEX("1029CA117957D80F3C859E8394DD34969331CA3BCEDC436B1EAB0849"));
+ test_hash(&nettle_sha3_224, /* 201 octets */
+ SHEX("FA56BF730C4F8395875189C10C4FB251605757A8FECC31F9737E3C2503B02608E6731E85D7A38393C67DE516B85304824BFB135E33BF22B3A23B913BF6ACD2B7AB85198B8187B2BCD454D5E3318CACB32FD6261C31AE7F6C54EF6A7A2A4C9F3ECB81CE3555D4F0AD466DD4C108A90399D70041997C3B25345A9653F3C9A6711AB1B91D6A9D2216442DA2C973CBD685EE7643BFD77327A2F7AE9CB283620A08716DFB462E5C1D65432CA9D56A90E811443CD1ECB8F0DE179C9CB48BA4F6FEC360C66F252F6E64EDC96B"),
+ SHEX("6096E9914C1AC93A6809DE7AD91119C637B00BBD64DCC3E1FAC1E1ED"));
+ test_hash(&nettle_sha3_224, /* 202 octets */
+ SHEX("B6134F9C3E91DD8000740D009DD806240811D51AB1546A974BCB18D344642BAA5CD5903AF84D58EC5BA17301D5EC0F10CCD0509CBB3FD3FFF9172D193AF0F782252FD1338C7244D40E0E42362275B22D01C4C3389F19DD69BDF958EBE28E31A4FFE2B5F18A87831CFB7095F58A87C9FA21DB72BA269379B2DC2384B3DA953C7925761FED324620ACEA435E52B424A7723F6A2357374157A34CD8252351C25A1B232826CEFE1BD3E70FFC15A31E7C0598219D7F00436294D11891B82497BC78AA5363892A2495DF8C1EEF"),
+ SHEX("F583F07DF2327887C6F10A9B1D509A744F3C294A4227976E3C3722E8"));
+ test_hash(&nettle_sha3_224, /* 203 octets */
+ SHEX("C941CDB9C28AB0A791F2E5C8E8BB52850626AA89205BEC3A7E22682313D198B1FA33FC7295381354858758AE6C8EC6FAC3245C6E454D16FA2F51C4166FAB51DF272858F2D603770C40987F64442D487AF49CD5C3991CE858EA2A60DAB6A65A34414965933973AC2457089E359160B7CDEDC42F29E10A91921785F6B7224EE0B349393CDCFF6151B50B377D609559923D0984CDA6000829B916AB6896693EF6A2199B3C22F7DC5500A15B8258420E314C222BC000BC4E5413E6DD82C993F8330F5C6D1BE4BC79F08A1A0A46"),
+ SHEX("A9F43B9621FC5902DF2458FD53D0CDE90AAE7000855C67D853C7937A"));
+ test_hash(&nettle_sha3_224, /* 204 octets */
+ SHEX("4499EFFFAC4BCEA52747EFD1E4F20B73E48758BE915C88A1FFE5299B0B005837A46B2F20A9CB3C6E64A9E3C564A27C0F1C6AD1960373036EC5BFE1A8FC6A435C2185ED0F114C50E8B3E4C7ED96B06A036819C9463E864A58D6286F785E32A804443A56AF0B4DF6ABC57ED5C2B185DDEE8489EA080DEEEE66AA33C2E6DAB36251C402682B6824821F998C32163164298E1FAFD31BABBCFFB594C91888C6219079D907FDB438ED89529D6D96212FD55ABE20399DBEFD342248507436931CDEAD496EB6E4A80358ACC78647D043"),
+ SHEX("E9675FAAC37C93AA61FF9730679A3D1209ADBAD4652582DFF5B1BAAF"));
+ test_hash(&nettle_sha3_224, /* 205 octets */
+ SHEX("EECBB8FDFA4DA62170FD06727F697D81F83F601FF61E478105D3CB7502F2C89BF3E8F56EDD469D049807A38882A7EEFBC85FC9A950952E9FA84B8AFEBD3CE782D4DA598002827B1EB98882EA1F0A8F7AA9CE013A6E9BC462FB66C8D4A18DA21401E1B93356EB12F3725B6DB1684F2300A98B9A119E5D27FF704AFFB618E12708E77E6E5F34139A5A41131FD1D6336C272A8FC37080F041C71341BEE6AB550CB4A20A6DDB6A8E0299F2B14BC730C54B8B1C1C487B494BDCCFD3A53535AB2F231590BF2C4062FD2AD58F906A2D0D"),
+ SHEX("CDB500740812A0D70C68D0097DCC7ACA86EC066C89D36642879A74A5"));
+ test_hash(&nettle_sha3_224, /* 206 octets */
+ SHEX("E64F3E4ACE5C8418D65FEC2BC5D2A303DD458034736E3B0DF719098BE7A206DEAF52D6BA82316CAF330EF852375188CDE2B39CC94AA449578A7E2A8E3F5A9D68E816B8D16889FBC0EBF0939D04F63033AE9AE2BDAB73B88C26D6BD25EE460EE1EF58FB0AFA92CC539F8C76D3D097E7A6A63EBB9B5887EDF3CF076028C5BBD5B9DB3211371AD3FE121D4E9BF44229F4E1ECF5A0F9F0EBA4D5CEB72878AB22C3F0EB5A625323AC66F7061F4A81FAC834471E0C59553F108475FE290D43E6A055AE3EE46FB67422F814A68C4BE3E8C9"),
+ SHEX("66F205D7147991A940AFFB7401B692275338519A97608C584362FFEE"));
+ test_hash(&nettle_sha3_224, /* 207 octets */
+ SHEX("D2CB2D733033F9E91395312808383CC4F0CA974E87EC68400D52E96B3FA6984AC58D9AD0938DDE5A973008D818C49607D9DE2284E7618F1B8AED8372FBD52ED54557AF4220FAC09DFA8443011699B97D743F8F2B1AEF3537EBB45DCC9E13DFB438428EE190A4EFDB3CAEB7F3933117BF63ABDC7E57BEB4171C7E1AD260AB0587806C4D137B6316B50ABC9CCE0DFF3ACADA47BBB86BE777E617BBE578FF4519844DB360E0A96C6701290E76BB95D26F0F804C8A4F2717EAC4E7DE9F2CFF3BBC55A17E776C0D02856032A6CD10AD2838"),
+ SHEX("909FB29277AB2C4CE4279C485D4FBA7E18FF1A88C66DAF7ACF630310"));
+ test_hash(&nettle_sha3_224, /* 208 octets */
+ SHEX("F2998955613DD414CC111DF5CE30A995BB792E260B0E37A5B1D942FE90171A4AC2F66D4928D7AD377F4D0554CBF4C523D21F6E5F379D6F4B028CDCB9B1758D3B39663242FF3CB6EDE6A36A6F05DB3BC41E0D861B384B6DEC58BB096D0A422FD542DF175E1BE1571FB52AE66F2D86A2F6824A8CFAACBAC4A7492AD0433EEB15454AF8F312B3B2A577750E3EFBD370E8A8CAC1582581971FBA3BA4BD0D76E718DACF8433D33A59D287F8CC92234E7A271041B526E389EFB0E40B6A18B3AAF658E82ED1C78631FD23B4C3EB27C3FAEC8685"),
+ SHEX("ED535EC075C983A08F7D7AD5714EBC846F25E8661492B2B31978EDF2"));
+ test_hash(&nettle_sha3_224, /* 209 octets */
+ SHEX("447797E2899B72A356BA55BF4DF3ACCA6CDB1041EB477BD1834A9F9ACBC340A294D729F2F97DF3A610BE0FF15EDB9C6D5DB41644B9874360140FC64F52AA03F0286C8A640670067A84E017926A70438DB1BB361DEFEE7317021425F8821DEF26D1EFD77FC853B818545D055ADC9284796E583C76E6FE74C9AC2587AA46AA8F8804F2FEB5836CC4B3ABABAB8429A5783E17D5999F32242EB59EF30CD7ADABC16D72DBDB097623047C98989F88D14EAF02A7212BE16EC2D07981AAA99949DDF89ECD90333A77BC4E1988A82ABF7C7CAF3291"),
+ SHEX("87F15CC2AEC24168D8BBAF188825F3BB0178CFB5C5899F2FD042CE89"));
+ test_hash(&nettle_sha3_224, /* 210 octets */
+ SHEX("9F2C18ADE9B380C784E170FB763E9AA205F64303067EB1BCEA93DF5DAC4BF5A2E00B78195F808DF24FC76E26CB7BE31DC35F0844CDED1567BBA29858CFFC97FB29010331B01D6A3FB3159CC1B973D255DA9843E34A0A4061CABDB9ED37F241BFABB3C20D32743F4026B59A4CCC385A2301F83C0B0A190B0F2D01ACB8F0D41111E10F2F4E149379275599A52DC089B35FDD5234B0CFB7B6D8AEBD563CA1FA653C5C021DFD6F5920E6F18BFAFDBECBF0AB00281333ED50B9A999549C1C8F8C63D7626C48322E9791D5FF72294049BDE91E73F8"),
+ SHEX("31BB872545217FDBF11077E86B1EE451475C31DC5E0E636EFBE50825"));
+ test_hash(&nettle_sha3_224, /* 211 octets */
+ SHEX("AE159F3FA33619002AE6BCCE8CBBDD7D28E5ED9D61534595C4C9F43C402A9BB31F3B301CBFD4A43CE4C24CD5C9849CC6259ECA90E2A79E01FFBAC07BA0E147FA42676A1D668570E0396387B5BCD599E8E66AAED1B8A191C5A47547F61373021FA6DEADCB55363D233C24440F2C73DBB519F7C9FA5A8962EFD5F6252C0407F190DFEFAD707F3C7007D69FF36B8489A5B6B7C557E79DD4F50C06511F599F56C896B35C917B63BA35C6FF8092BAF7D1658E77FC95D8A6A43EEB4C01F33F03877F92774BE89C1114DD531C011E53A34DC248A2F0E6"),
+ SHEX("26D69F0AE8E4DC61C6354FF570FDD913CAF21C18697F0371F2D323AF"));
+ test_hash(&nettle_sha3_224, /* 212 octets */
+ SHEX("3B8E97C5FFC2D6A40FA7DE7FCEFC90F3B12C940E7AB415321E29EE692DFAC799B009C99DCDDB708FCE5A178C5C35EE2B8617143EDC4C40B4D313661F49ABDD93CEA79D117518805496FE6ACF292C4C2A1F76B403A97D7C399DAF85B46AD84E16246C67D6836757BDE336C290D5D401E6C1386AB32797AF6BB251E9B2D8FE754C47482B72E0B394EAB76916126FD68EA7D65EB93D59F5B4C5AC40F7C3B37E7F3694F29424C24AF8C8F0EF59CD9DBF1D28E0E10F799A6F78CAD1D45B9DB3D7DEE4A7059ABE99182714983B9C9D44D7F5643596D4F3"),
+ SHEX("175393534D90B614B158105C95E18A1052A56D0E775EA1CF51AD5853"));
+ test_hash(&nettle_sha3_224, /* 213 octets */
+ SHEX("3434EC31B10FAFDBFEEC0DD6BD94E80F7BA9DCA19EF075F7EB017512AF66D6A4BCF7D16BA0819A1892A6372F9B35BCC7CA8155EE19E8428BC22D214856ED5FA9374C3C09BDE169602CC219679F65A1566FC7316F4CC3B631A18FB4449FA6AFA16A3DB2BC4212EFF539C67CF184680826535589C7111D73BFFCE431B4C40492E763D9279560AAA38EB2DC14A212D723F994A1FE656FF4DD14551CE4E7C621B2AA5604A10001B2878A897A28A08095C325E10A26D2FB1A75BFD64C250309BB55A44F23BBAC0D5516A1C687D3B41EF2FBBF9CC56D4739"),
+ SHEX("3DECD71DA22639985CF242F2FAE7172459042C826495C8D8D95C3719"));
+ test_hash(&nettle_sha3_224, /* 214 octets */
+ SHEX("7C7953D81C8D208FD1C97681D48F49DD003456DE60475B84070EF4847C333B74575B1FC8D2A186964485A3B8634FEAA3595AAA1A2F4595A7D6B6153563DEE31BBAC443C8A33EED6D5D956A980A68366C2527B550EE950250DFB691EACBD5D56AE14B970668BE174C89DF2FEA43AE52F13142639C884FD62A3683C0C3792F0F24AB1318BCB27E21F4737FAB62C77EA38BC8FD1CF41F7DAB64C13FEBE7152BF5BB7AB5A78F5346D43CC741CB6F72B7B8980F268B68BF62ABDFB1577A52438FE14B591498CC95F071228460C7C5D5CEB4A7BDE588E7F21C"),
+ SHEX("2D0A56864BBEC6449FBF7B2EAE53DA46647183B56FA4EDB1602E5163"));
+ test_hash(&nettle_sha3_224, /* 215 octets */
+ SHEX("7A6A4F4FDC59A1D223381AE5AF498D74B7252ECF59E389E49130C7EAEE626E7BD9897EFFD92017F4CCDE66B0440462CDEDFD352D8153E6A4C8D7A0812F701CC737B5178C2556F07111200EB627DBC299CAA792DFA58F35935299FA3A3519E9B03166DFFA159103FFA35E8577F7C0A86C6B46FE13DB8E2CDD9DCFBA85BDDDCCE0A7A8E155F81F712D8E9FE646153D3D22C811BD39F830433B2213DD46301941B59293FD0A33E2B63ADBD95239BC01315C46FDB678875B3C81E053A40F581CFBEC24A1404B1671A1B88A6D06120229518FB13A74CA0AC5AE"),
+ SHEX("A0FF9E11FBB451943A17E3AC510DE0B582BB072B16DC4E03F9E4019F"));
+ test_hash(&nettle_sha3_224, /* 216 octets */
+ SHEX("D9FAA14CEBE9B7DE551B6C0765409A33938562013B5E8E0E1E0A6418DF7399D0A6A771FB81C3CA9BD3BB8E2951B0BC792525A294EBD1083688806FE5E7F1E17FD4E3A41D00C89E8FCF4A363CAEDB1ACB558E3D562F1302B3D83BB886ED27B76033798131DAB05B4217381EAAA7BA15EC820BB5C13B516DD640EAEC5A27D05FDFCA0F35B3A5312146806B4C0275BCD0AAA3B2017F346975DB566F9B4D137F4EE10644C2A2DA66DEECA5342E236495C3C6280528BFD32E90AF4CD9BB908F34012B52B4BC56D48CC8A6B59BAB014988EABD12E1A0A1C2E170E7"),
+ SHEX("4FEFBE74645949A1291C6F6F05EAF4B780EA01EC5EA5105ECDCB984A"));
+ test_hash(&nettle_sha3_224, /* 217 octets */
+ SHEX("2D8427433D0C61F2D96CFE80CF1E932265A191365C3B61AAA3D6DCC039F6BA2AD52A6A8CC30FC10F705E6B7705105977FA496C1C708A277A124304F1FC40911E7441D1B5E77B951AAD7B01FD5DB1B377D165B05BBF898042E39660CAF8B279FE5229D1A8DB86C0999ED65E53D01CCBC4B43173CCF992B3A14586F6BA42F5FE30AFA8AE40C5DF29966F9346DA5F8B35F16A1DE3AB6DE0F477D8D8660918060E88B9B9E9CA6A4207033B87A812DBF5544D39E4882010F82B6CE005F8E8FF6FE3C3806BC2B73C2B83AFB704345629304F9F86358712E9FAE3CA3E"),
+ SHEX("7CC9EEBBE0DF46A398233FA31286F8A530292B53E48BA54B6AE40472"));
+ test_hash(&nettle_sha3_224, /* 218 octets */
+ SHEX("5E19D97887FCAAC0387E22C6F803C34A3DACD2604172433F7A8A7A526CA4A2A1271ECFC5D5D7BE5AC0D85D921095350DFC65997D443C21C8094E0A3FEFD2961BCB94AED03291AE310CCDA75D8ACE4BC7D89E7D3E5D1650BDA5D668B8B50BFC8E608E184F4D3A9A2BADC4FF5F07E0C0BC8A9F2E0B2A26FD6D8C550008FAAAB75FD71AF2A424BEC9A7CD9D83FAD4C8E9319115656A8717D3B523A68FF8004258B9990ED362308461804BA3E3A7E92D8F2FFAE5C2FBA55BA5A3C27C0A2F71BD711D2FE1799C2ADB31B200035481E9EE5C4ADF2AB9C0FA50B23975CF"),
+ SHEX("03D718DA677C4018E52288BB30E4E6E732A16144931176F0A8C73970"));
+ test_hash(&nettle_sha3_224, /* 219 octets */
+ SHEX("C8E976AB4638909387CE3B8D4E510C3230E5690E02C45093B1D297910ABC481E56EEA0F296F98379DFC9080AF69E73B2399D1C143BEE80AE1328162CE1BA7F6A8374679B20AACD380EB4E61382C99998704D62701AFA914F9A2705CDB065885F50D086C3EB5753700C387118BB142F3E6DA1E988DFB31AC75D7368931E45D1391A274B22F83CEB072F9BCABC0B216685BFD789F5023971024B1878A205442522F9EA7D8797A4102A3DF41703768251FD5E017C85D1200A464118AA35654E7CA39F3C375B8EF8CBE7534DBC64BC20BEFB417CF60EC92F63D9EE7397"),
+ SHEX("A9ABB430FC1B3D8C6CDEB5319878E7B12B118E2E03F40562A376418C"));
+ test_hash(&nettle_sha3_224, /* 220 octets */
+ SHEX("7145FA124B7429A1FC2231237A949BA7201BCC1822D3272DE005B682398196C25F7E5CC2F289FBF44415F699CB7FE6757791B1443410234AE061EDF623359E2B4E32C19BF88450432DD01CAA5EB16A1DC378F391CA5E3C4E5F356728BDDD4975DB7C890DA8BBC84CC73FF244394D0D48954978765E4A00B593F70F2CA082673A261ED88DBCEF1127728D8CD89BC2C597E9102CED6010F65FA75A14EBE467FA57CE3BD4948B6867D74A9DF5C0EC6F530CBF2EE61CE6F06BC8F2864DFF5583776B31DF8C7FFCB61428A56BF7BD37188B4A5123BBF338393AF46EDA85E6"),
+ SHEX("4A7A58B337872189A06B53B6BCC50C29EF9D0BBC491832907AF14EC8"));
+ test_hash(&nettle_sha3_224, /* 221 octets */
+ SHEX("7FDFADCC9D29BAD23AE038C6C65CDA1AEF757221B8872ED3D75FF8DF7DA0627D266E224E812C39F7983E4558BFD0A1F2BEF3FEB56BA09120EF762917B9C093867948547AEE98600D10D87B20106878A8D22C64378BF634F7F75900C03986B077B0BF8B740A82447B61B99FEE5376C5EB6680EC9E3088F0BDD0C56883413D60C1357D3C811950E5890E7600103C916341B80C743C6A852B7B4FB60C3BA21F3BC15B8382437A68454779CF3CD7F9F90CCC8EF28D0B706535B1E4108EB5627BB45D719CB046839AEE311CA1ABDC8319E050D67972CB35A6B1601B25DBF487"),
+ SHEX("808E01CD273919BA1BFF011E0E7094EC6D5C4962912B08F11965AB58"));
+ test_hash(&nettle_sha3_224, /* 222 octets */
+ SHEX("988638219FD3095421F826F56E4F09E356296B628C3CE6930C9F2E758FD1A80C8273F2F61E4DAAE65C4F110D3E7CA0965AC7D24E34C0DC4BA2D6FF0BF5BBE93B3585F354D7543CB542A1AA54674D375077F2D360A8F4D42F3DB131C3B7AB7306267BA107659864A90C8C909460A73621D1F5D9D3FD95BEB19B23DB1CB6C0D0FBA91D36891529B8BD8263CAA1BAB56A4AFFAED44962DF096D8D5B1EB845EF31188B3E10F1AF811A13F156BEB7A288AAE593EBD1471B624AA1A7C6ADF01E2200B3D72D88A3AED3100C88231E41EFC376906F0B580DC895F080FDA5741DB1CB"),
+ SHEX("DCBCC30B6909FDF00650F1A10CFBBD419408F9D37F378C5CA693B803"));
+ test_hash(&nettle_sha3_224, /* 223 octets */
+ SHEX("5AAB62756D307A669D146ABA988D9074C5A159B3DE85151A819B117CA1FF6597F6156E80FDD28C9C3176835164D37DA7DA11D94E09ADD770B68A6E081CD22CA0C004BFE7CD283BF43A588DA91F509B27A6584C474A4A2F3EE0F1F56447379240A5AB1FB77FDCA49B305F07BA86B62756FB9EFB4FC225C86845F026EA542076B91A0BC2CDD136E122C659BE259D98E5841DF4C2F60330D4D8CDEE7BF1A0A244524EECC68FF2AEF5BF0069C9E87A11C6E519DE1A4062A10C83837388F7EF58598A3846F49D499682B683C4A062B421594FAFBC1383C943BA83BDEF515EFCF10D"),
+ SHEX("BE077F12762EF51859B6C520B19231E30442AC268CE4FD47366FF9F1"));
+ test_hash(&nettle_sha3_224, /* 224 octets */
+ SHEX("47B8216AA0FBB5D67966F2E82C17C07AA2D6327E96FCD83E3DE7333689F3EE79994A1BF45082C4D725ED8D41205CB5BCDF5C341F77FACB1DA46A5B9B2CBC49EADF786BCD881F371A95FA17DF73F606519AEA0FF79D5A11427B98EE7F13A5C00637E2854134691059839121FEA9ABE2CD1BCBBBF27C74CAF3678E05BFB1C949897EA01F56FFA4DAFBE8644611685C617A3206C7A7036E4AC816799F693DAFE7F19F303CE4EBA09D21E03610201BFC665B72400A547A1E00FA9B7AD8D84F84B34AEF118515E74DEF11B9188BD1E1F97D9A12C30132EC2806339BDADACDA2FD8B78"),
+ SHEX("25C425265AB07D0A8EC659D4D5EE618BDE87003B7255FF4B5315F1C7"));
+ test_hash(&nettle_sha3_224, /* 225 octets */
+ SHEX("8CFF1F67FE53C098896D9136389BD8881816CCAB34862BB67A656E3D98896F3CE6FFD4DA73975809FCDF9666760D6E561C55238B205D8049C1CEDEEF374D1735DAA533147BFA960B2CCE4A4F254176BB4D1BD1E89654432B8DBE1A135C42115B394B024856A2A83DC85D6782BE4B444239567CCEC4B184D4548EAE3FF6A192F343292BA2E32A0F267F31CC26719EB85245D415FB897AC2DA433EE91A99424C9D7F1766A44171D1651001C38FC79294ACCC68CEB5665D36218454D3BA169AE058A831338C17743603F81EE173BFC0927464F9BD728DEE94C6AEAB7AAE6EE3A627E8"),
+ SHEX("046CF62C41CE9B0F54B667558063023F59887BADA9CC288414ADEE7F"));
+ test_hash(&nettle_sha3_224, /* 226 octets */
+ SHEX("EACD07971CFF9B9939903F8C1D8CBB5D4DB1B548A85D04E037514A583604E787F32992BF2111B97AC5E8A938233552731321522AB5E8583561260B7D13EBEEF785B23A41FD8576A6DA764A8ED6D822D4957A545D5244756C18AA80E1AAD4D1F9C20D259DEE1711E2CC8FD013169FB7CC4CE38B362F8E0936AE9198B7E838DCEA4F7A5B9429BB3F6BBCF2DC92565E3676C1C5E6EB3DD2A0F86AA23EDD3D0891F197447692794B3DFA269611AD97F72B795602B4FDB198F3FD3EB41B415064256E345E8D8C51C555DC8A21904A9B0F1AD0EFFAB7786AAC2DA3B196507E9F33CA356427"),
+ SHEX("37E3844080986179FDA99E9B8C54E294643060795B66E810E3E25D9E"));
+ test_hash(&nettle_sha3_224, /* 227 octets */
+ SHEX("23AC4E9A42C6EF45C3336CE6DFC2FF7DE8884CD23DC912FEF0F7756C09D335C189F3AD3A23697ABDA851A81881A0C8CCAFC980AB2C702564C2BE15FE4C4B9F10DFB2248D0D0CB2E2887FD4598A1D4ACDA897944A2FFC580FF92719C95CF2AA42DC584674CB5A9BC5765B9D6DDF5789791D15F8DD925AA12BFFAFBCE60827B490BB7DF3DDA6F2A143C8BF96ABC903D83D59A791E2D62814A89B8080A28060568CF24A80AE61179FE84E0FFAD00388178CB6A617D37EFD54CC01970A4A41D1A8D3DDCE46EDBBA4AB7C90AD565398D376F431189CE8C1C33E132FEAE6A8CD17A61C630012"),
+ SHEX("3B503D615E54132B42CAC1A0450A0D7E2EDC63ED87BF109C509C7987"));
+ test_hash(&nettle_sha3_224, /* 228 octets */
+ SHEX("0172DF732282C9D488669C358E3492260CBE91C95CFBC1E3FEA6C4B0EC129B45F242ACE09F152FC6234E1BEE8AAB8CD56E8B486E1DCBA9C05407C2F95DA8D8F1C0AF78EE2ED82A3A79EC0CB0709396EE62AADB84F8A4EE8A7CCCA3C1EE84E302A09EA802204AFECF04097E67D0F8E8A9D2651126C0A598A37081E42D168B0AE8A71951C524259E4E2054E535B779679BDADE566FE55700858618E626B4A0FAF895BCCE9011504A49E05FD56127EAE3D1F8917AFB548ECADABDA1020111FEC9314C413498A360B08640549A22CB23C731ACE743252A8227A0D2689D4C6001606678DFB921"),
+ SHEX("CB40837DAF4A882538464DEC0A999DA482B4AAE08708EA6D5D7FF461"));
+ test_hash(&nettle_sha3_224, /* 229 octets */
+ SHEX("3875B9240CF3E0A8B59C658540F26A701CF188496E2C2174788B126FD29402D6A75453BA0635284D08835F40051A2A9683DC92AFB9383719191231170379BA6F4ADC816FECBB0F9C446B785BF520796841E58878B73C58D3EBB097CE4761FDEABE15DE2F319DFBAF1742CDEB389559C788131A6793E193856661376C81CE9568DA19AA6925B47FFD77A43C7A0E758C37D69254909FF0FBD415EF8EB937BCD49F91468B49974C07DC819ABD67395DB0E05874FF83DDDAB895344ABD0E7111B2DF9E58D76D85AD98106B36295826BE04D435615595605E4B4BB824B33C4AFEB5E7BB0D19F909"),
+ SHEX("EAE911E66661DCD3472B458A48B74730468923C7ABCAC7F311F02463"));
+ test_hash(&nettle_sha3_224, /* 230 octets */
+ SHEX("747CC1A59FEFBA94A9C75BA866C30DC5C1CB0C0F8E9361D98484956DD5D1A40F6184AFBE3DAC9F76028D1CAECCFBF69199C6CE2B4C092A3F4D2A56FE5A33A00757F4D7DEE5DFB0524311A97AE0668A47971B95766E2F6DD48C3F57841F91F04A00AD5EA70F2D479A2620DC5CD78EAAB3A3B011719B7E78D19DDF70D9423798AF77517EBC55392FCD01FC600D8D466B9E7A7A85BF33F9CC5419E9BD874DDFD60981150DDAF8D7FEBAA4374F0872A5628D318000311E2F5655365AD4D407C20E5C04DF17A222E7DEEC79C5AB1116D8572F91CD06E1CCC7CED53736FC867FD49ECEBE6BF8082E8A"),
+ SHEX("307D5A8BA5865A4D281ACB2F3C5EF16E3B11BCD8C0F82D22D47C2CC8"));
+ test_hash(&nettle_sha3_224, /* 231 octets */
+ SHEX("57AF971FCCAEC97435DC2EC9EF0429BCEDC6B647729EA168858A6E49AC1071E706F4A5A645CA14E8C7746D65511620682C906C8B86EC901F3DDED4167B3F00B06CBFAC6AEE3728051B3E5FF10B4F9ED8BD0B8DA94303C833755B3CA3AEDDF0B54BC8D6632138B5D25BAB03D17B3458A9D782108006F5BB7DE75B5C0BA854B423D8BB801E701E99DC4FEAAD59BC1C7112453B04D33EA3635639FB802C73C2B71D58A56BBD671B18FE34ED2E3DCA38827D63FDB1D4FB3285405004B2B3E26081A8FF08CD6D2B08F8E7B7E90A2AB1ED7A41B1D0128522C2F8BFF56A7FE67969422CE839A9D4608F03"),
+ SHEX("58666B325D81CBE6A4BBAD91720E2BA93C70EA114E7F77323C5BE486"));
+ test_hash(&nettle_sha3_224, /* 232 octets */
+ SHEX("04E16DEDC1227902BAAF332D3D08923601BDD64F573FAA1BB7201918CFE16B1E10151DAE875DA0C0D63C59C3DD050C4C6A874011B018421AFC4623AB0381831B2DA2A8BA42C96E4F70864AC44E106F94311051E74C77C1291BF5DB9539E69567BF6A11CF6932BBBAD33F8946BF5814C066D851633D1A513510039B349939BFD42B858C21827C8FF05F1D09B1B0765DC78A135B5CA4DFBA0801BCADDFA175623C8B647EACFB4444B85A44F73890607D06D507A4F8393658788669F6EF4DEB58D08C50CA0756D5E2F49D1A7AD73E0F0B3D3B5F090ACF622B1878C59133E4A848E05153592EA81C6FBF"),
+ SHEX("BC296FFD39381CF1C96228A9F380F41C871B8788C654ED9B384C17FE"));
+ test_hash(&nettle_sha3_224, /* 233 octets */
+ SHEX("7C815C384EEE0F288ECE27CCED52A01603127B079C007378BC5D1E6C5E9E6D1C735723ACBBD5801AC49854B2B569D4472D33F40BBB8882956245C366DC3582D71696A97A4E19557E41E54DEE482A14229005F93AFD2C4A7D8614D10A97A9DFA07F7CD946FA45263063DDD29DB8F9E34DB60DAA32684F0072EA2A9426ECEBFA5239FB67F29C18CBAA2AF6ED4BF4283936823AC1790164FEC5457A9CBA7C767CA59392D94CAB7448F50EB34E9A93A80027471CE59736F099C886DEA1AB4CBA4D89F5FC7AE2F21CCD27F611ECA4626B2D08DC22382E92C1EFB2F6AFDC8FDC3D2172604F5035C46B8197D3"),
+ SHEX("0CCEAE713E5E39BCEFE7A2273004816FE005D5EDFB2A965CC9AC9948"));
+ test_hash(&nettle_sha3_224, /* 234 octets */
+ SHEX("E29D505158DBDD937D9E3D2145658EE6F5992A2FC790F4F608D9CDB44A091D5B94B88E81FAC4FDF5C49442F13B911C55886469629551189EAFF62488F1A479B7DB11A1560E198DDCCCCF50159093425FF7F1CB8D1D1246D0978764087D6BAC257026B090EFAE8CEC5F22B6F21C59ACE1AC7386F5B8837CA6A12B6FBF5534DD0560EF05CA78104D3B943DDB220FEAEC89AA5E692A00F822A2AB9A2FE60350D75E7BE16FF2526DC643872502D01F42F188ABED0A6E9A6F5FD0D1CE7D5755C9FFA66B0AF0B20BD806F08E06156690D81AC811778CA3DAC2C249B96002017FCE93E507E3B953ACF99964B847"),
+ SHEX("7997FDF30837D8B25E85FC01316E31B61EE814490DA002A04816D7CA"));
+ test_hash(&nettle_sha3_224, /* 235 octets */
+ SHEX("D85588696F576E65ECA0155F395F0CFACD83F36A99111ED5768DF2D116D2121E32357BA4F54EDE927F189F297D3A97FAD4E9A0F5B41D8D89DD7FE20156799C2B7B6BF9C957BA0D6763F5C3BC5129747BBB53652B49290CFF1C87E2CDF2C4B95D8AAEE09BC8FBFA6883E62D237885810491BFC101F1D8C636E3D0EDE838AD05C207A3DF4FAD76452979EB99F29AFAECEDD1C63B8D36CF378454A1BB67A741C77AC6B6B3F95F4F02B64DABC15438613EA49750DF42EE90101F115AA9ABB9FF64324DDE9DABBB01054E1BD6B4BCDC7930A44C2300D87CA78C06924D0323AD7887E46C90E8C4D100ACD9EED21E"),
+ SHEX("9897B479871AC73DABBE6221E27BFA67278F2BB044E3D0726FCB2B81"));
+ test_hash(&nettle_sha3_224, /* 236 octets */
+ SHEX("3A12F8508B40C32C74492B66323375DCFE49184C78F73179F3314B79E63376B8AC683F5A51F1534BD729B02B04D002F55CBD8E8FC9B5EC1EA6BBE6A0D0E7431518E6BA45D124035F9D3DCE0A8BB7BF1430A9F657E0B4EA9F20EB20C786A58181A1E20A96F1628F8728A13BDF7A4B4B32FC8AA7054CC4881AE7FA19AFA65C6C3EE1B3ADE3192AF42054A8A911B8EC1826865D46D93F1E7C5E2B7813C92A506E53886F3D4701BB93D2A681AD109C845904BB861AF8AF0646B6E399B38B614051D34F6842563A0F37EC00CB3D865FC5D746C4987DE2A65071100883A2A9C7A2BFE1E2DD603D9EA24DC7C5FD06BE"),
+ SHEX("EAD2620FBC4BDFB14AEC8C7B9AA882BA3EB2AACC9A15D7D36DBA086D"));
+ test_hash(&nettle_sha3_224, /* 237 octets */
+ SHEX("1861EDCE46FA5AD17E1FF1DEAE084DEC580F97D0A67885DFE834B9DFAC1AE076742CE9E267512CA51F6DF5A455AF0C5FD6ABF94ACEA103A3370C354485A7846FB84F3AC7C2904B5B2FBF227002CE512133BB7E1C4E50057BFD1E44DB33C7CDB969A99E284B184F50A14B068A1FC5009D9B298DBE92239572A7627AAC02ABE8F3E3B473417F36D4D2505D16B7577F4526C9D94A270A2DFE450D06DA8F6FA956879A0A55CFE99E742EA555EA477BA3E9B44CCD508C375423611AF92E55345DC215779B2D5119EBA49C71D49B9FE3F1569FA24E5CA3E332D042422A8B8158D3EC66A80012976F31FFDF305F0C9C5E"),
+ SHEX("545E59812C7AEA1BD1CD48880D6650117DFD9E58A791DAC1072B19DA"));
+ test_hash(&nettle_sha3_224, /* 238 octets */
+ SHEX("08D0FFDE3A6E4EF65608EA672E4830C12943D7187CCFF08F4941CFC13E545F3B9C7AD5EEBBE2B01642B486CAF855C2C73F58C1E4E3391DA8E2D63D96E15FD84953AE5C231911B00AD6050CD7AAFDAAC9B0F663AE6AAB45519D0F5391A541707D479034E73A6AD805AE3598096AF078F1393301493D663DD71F83869CA27BA508B7E91E81E128C1716DC3ACFE3084B2201E04CF8006617EECF1B640474A5D45CFDE9F4D3EF92D6D055B909892194D8A8218DB6D8203A84261D200D71473D7488F3427416B6896C137D455F231071CACBC86E0415AB88AEC841D96B7B8AF41E05BB461A40645BF176601F1E760DE5F"),
+ SHEX("7C2FA00961BCF020B95A0ED7193EA3583340BBD37898EF6A464C1940"));
+ test_hash(&nettle_sha3_224, /* 239 octets */
+ SHEX("D782ABB72A5BE3392757BE02D3E45BE6E2099D6F000D042C8A543F50ED6EBC055A7F133B0DD8E9BC348536EDCAAE2E12EC18E8837DF7A1B3C87EC46D50C241DEE820FD586197552DC20BEEA50F445A07A38F1768A39E2B2FF05DDDEDF751F1DEF612D2E4D810DAA3A0CC904516F9A43AF660315385178A529E51F8AAE141808C8BC5D7B60CAC26BB984AC1890D0436EF780426C547E94A7B08F01ACBFC4A3825EAE04F520A9016F2FB8BF5165ED12736FC71E36A49A73614739EAA3EC834069B1B40F1350C2B3AB885C02C640B9F7686ED5F99527E41CFCD796FE4C256C9173186C226169FF257954EBDA81C0E5F99"),
+ SHEX("232DB22EB2C19109AFEFB71918EA2DAA7C0D76652E1884EA7A8AE646"));
+ test_hash(&nettle_sha3_224, /* 240 octets */
+ SHEX("5FCE8109A358570E40983E1184E541833BB9091E280F258CFB144387B05D190E431CB19BAA67273BA0C58ABE91308E1844DCD0B3678BAA42F335F2FA05267A0240B3C718A5942B3B3E3BFA98A55C25A1466E8D7A603722CB2BBF03AFA54CD769A99F310735EE5A05DAE2C22D397BD95635F58C48A67F90E1B73AAFCD3F82117F0166657838691005B18DA6F341D6E90FC1CDB352B30FAE45D348294E501B63252DE14740F2B85AE5299DDEC3172DE8B6D0BA219A20A23BB5E10FF434D39DB3F583305E9F5C039D98569E377B75A70AB837D1DF269B8A4B566F40BB91B577455FD3C356C914FA06B9A7CE24C7317A172D"),
+ SHEX("DB85AF5CFCE746240E6D44E73CEF66A72CE5968284D35FFEF7FBFF6C"));
+ test_hash(&nettle_sha3_224, /* 241 octets */
+ SHEX("6172F1971A6E1E4E6170AFBAD95D5FEC99BF69B24B674BC17DD78011615E502DE6F56B86B1A71D3F4348087218AC7B7D09302993BE272E4A591968AEF18A1262D665610D1070EE91CC8DA36E1F841A69A7A682C580E836941D21D909A3AFC1F0B963E1CA5AB193E124A1A53DF1C587470E5881FB54DAE1B0D840F0C8F9D1B04C645BA1041C7D8DBF22030A623AA15638B3D99A2C400FF76F3252079AF88D2B37F35EE66C1AD7801A28D3D388AC450B97D5F0F79E4541755356B3B1A5696B023F39AB7AB5F28DF4202936BC97393B93BC915CB159EA1BD7A0A414CB4B7A1AC3AF68F50D79F0C9C7314E750F7D02FAA58BFA"),
+ SHEX("A1EB42FB0792361F0D6809A2E8DC062F09F2855B39BC2C4B7F54311E"));
+ test_hash(&nettle_sha3_224, /* 242 octets */
+ SHEX("5668ECD99DFBE215C4118398AC9C9EAF1A1433FAB4CCDD3968064752B625EA944731F75D48A27D047D67547F14DD0FFAA55FA5E29F7AF0D161D85EAFC4F2029B717C918EAB9D304543290BDBA7158B68020C0BA4E079BC95B5BC0FC044A992B94B4CCD3BD66D0EABB5DBBAB904D62E00752C4E3B0091D773BCF4C14B4377DA3EFFF824B1CB2FA01B32D1E46C909E626ED2DAE920F4C7DBEB635BC754FACBD8D49BEBA3F23C1C41CCBFCD0EE0C114E69737F5597C0BF1D859F0C767E18002AE8E39C26261FFDE2920D3D0BAF0E906138696CFE5B7E32B600F45DF3AAA39932F3A7DF95B60FA8712A2271FCAF3911CE7B511B1"),
+ SHEX("1AF4A3AB9A07CF064C254D122CC7DE15E0F0D3CA3DFA50EA1C43A78D"));
+ test_hash(&nettle_sha3_224, /* 243 octets */
+ SHEX("03D625488354DF30E3F875A68EDFCF340E8366A8E1AB67F9D5C5486A96829DFAC0578289082B2A62117E1CF418B43B90E0ADC881FC6AE8105C888E9ECD21AEA1C9AE1A4038DFD17378FED71D02AE492087D7CDCD98F746855227967CB1AB4714261EE3BEAD3F4DB118329D3EBEF4BC48A875C19BA763966DA0EBEA800E01B2F50B00E9DD4CACA6DCB314D00184EF71EA2391D760C950710DB4A70F9212FFC54861F9DC752CE18867B8AD0C48DF8466EF7231E7AC567F0EB55099E622EBB86CB237520190A61C66AD34F1F4E289CB3282AE3EAAC6152ED24D2C92BAE5A7658252A53C49B7B02DFE54FDB2E90074B6CF310AC661"),
+ SHEX("C14D43525E18892C79142D887D2AD3992848B72CCC087F64F0F1D621"));
+ test_hash(&nettle_sha3_224, /* 244 octets */
+ SHEX("2EDC282FFB90B97118DD03AAA03B145F363905E3CBD2D50ECD692B37BF000185C651D3E9726C690D3773EC1E48510E42B17742B0B0377E7DE6B8F55E00A8A4DB4740CEE6DB0830529DD19617501DC1E9359AA3BCF147E0A76B3AB70C4984C13E339E6806BB35E683AF8527093670859F3D8A0FC7D493BCBA6BB12B5F65E71E705CA5D6C948D66ED3D730B26DB395B3447737C26FAD089AA0AD0E306CB28BF0ACF106F89AF3745F0EC72D534968CCA543CD2CA50C94B1456743254E358C1317C07A07BF2B0ECA438A709367FAFC89A57239028FC5FECFD53B8EF958EF10EE0608B7F5CB9923AD97058EC067700CC746C127A61EE3"),
+ SHEX("116C0462D50D57F948015EC74BE9015707313712B45883C02FE84E1E"));
+ test_hash(&nettle_sha3_224, /* 245 octets */
+ SHEX("90B28A6AA1FE533915BCB8E81ED6CACDC10962B7FF82474F845EEB86977600CF70B07BA8E3796141EE340E3FCE842A38A50AFBE90301A3BDCC591F2E7D9DE53E495525560B908C892439990A2CA2679C5539FFDF636777AD9C1CDEF809CDA9E8DCDB451ABB9E9C17EFA4379ABD24B182BD981CAFC792640A183B61694301D04C5B3EAAD694A6BD4CC06EF5DA8FA23B4FA2A64559C5A68397930079D250C51BCF00E2B16A6C49171433B0AADFD80231276560B80458DD77089B7A1BBCC9E7E4B9F881EACD6C92C4318348A13F4914EB27115A1CFC5D16D7FD94954C3532EFACA2CAB025103B2D02C6FD71DA3A77F417D7932685888A"),
+ SHEX("96F7111176641F6373701BA594090079146D4220F30B5120C12498BA"));
+ test_hash(&nettle_sha3_224, /* 246 octets */
+ SHEX("2969447D175490F2AA9BB055014DBEF2E6854C95F8D60950BFE8C0BE8DE254C26B2D31B9E4DE9C68C9ADF49E4EE9B1C2850967F29F5D08738483B417BB96B2A56F0C8ACA632B552059C59AAC3F61F7B45C966B75F1D9931FF4E596406378CEE91AAA726A3A84C33F37E9CDBE626B5745A0B06064A8A8D56E53AAF102D23DD9DF0A3FDF7A638509A6761A33FA42FA8DDBD8E16159C93008B53765019C3F0E9F10B144CE2AC57F5D7297F9C9949E4FF68B70D339F87501CE8550B772F32C6DA8AD2CE2100A895D8B08FA1EEAD7C376B407709703C510B50F87E73E43F8E7348F87C3832A547EF2BBE5799ABEDCF5E1F372EA809233F006"),
+ SHEX("9EDDAB2C9C60B122503C1C30EC6E74050EE13C7E103A05F9ED41D992"));
+ test_hash(&nettle_sha3_224, /* 247 octets */
+ SHEX("721645633A44A2C78B19024EAECF58575AB23C27190833C26875DC0F0D50B46AEA9C343D82EA7D5B3E50EC700545C615DAEAEA64726A0F05607576DCD396D812B03FB6551C641087856D050B10E6A4D5577B82A98AFB89CEE8594C9DC19E79FEFF0382FCFD127F1B803A4B9946F4AC9A4378E1E6E041B1389A53E3450CD32D9D2941B0CBABDB50DA8EA2513145164C3AB6BCBD251C448D2D4B087AC57A59C2285D564F16DA4ED5E607ED979592146FFB0EF3F3DB308FB342DF5EB5924A48256FC763141A278814C82D6D6348577545870AE3A83C7230AC02A1540FE1798F7EF09E335A865A2AE0949B21E4F748FB8A51F44750E213A8FB"),
+ SHEX("54CC87B9655180C0E1C6672350AE1952DDF51EE5D7E215569652AA2E"));
+ test_hash(&nettle_sha3_224, /* 248 octets */
+ SHEX("6B860D39725A14B498BB714574B4D37CA787404768F64C648B1751B353AC92BAC2C3A28EA909FDF0423336401A02E63EC24325300D823B6864BB701F9D7C7A1F8EC9D0AE3584AA6DD62EA1997CD831B4BABD9A4DA50932D4EFDA745C61E4130890E156AEE6113716DAF95764222A91187DB2EFFEA49D5D0596102D619BD26A616BBFDA8335505FBB0D90B4C180D1A2335B91538E1668F9F9642790B4E55F9CAB0FE2BDD2935D001EE6419ABAB5457880D0DBFF20ED8758F4C20FE759EFB33141CF0E892587FE8187E5FBC57786B7E8B089612C936DFC03D27EFBBE7C8673F1606BD51D5FF386F4A7AB68EDF59F385EB1291F117BFE717399"),
+ SHEX("4629C97F9BA98698E0DDECA5E0A3B6DE210EA9E84BF942C2CCF4EC68"));
+ test_hash(&nettle_sha3_224, /* 249 octets */
+ SHEX("6A01830AF3889A25183244DECB508BD01253D5B508AB490D3124AFBF42626B2E70894E9B562B288D0A2450CFACF14A0DDAE5C04716E5A0082C33981F6037D23D5E045EE1EF2283FB8B6378A914C5D9441627A722C282FF452E25A7EA608D69CEE4393A0725D17963D0342684F255496D8A18C2961145315130549311FC07F0312FB78E6077334F87EAA873BEE8AA95698996EB21375EB2B4EF53C14401207DEB4568398E5DD9A7CF97E8C9663E23334B46912F8344C19EFCF8C2BA6F04325F1A27E062B62A58D0766FC6DB4D2C6A1928604B0175D872D16B7908EBC041761187CC785526C2A3873FEAC3A642BB39F5351550AF9770C328AF7B"),
+ SHEX("F45034AA94C1A2686EB849EF4262F2F5BA9ACDD0E8EA32401E060B43"));
+ test_hash(&nettle_sha3_224, /* 250 octets */
+ SHEX("B3C5E74B69933C2533106C563B4CA20238F2B6E675E8681E34A389894785BDADE59652D4A73D80A5C85BD454FD1E9FFDAD1C3815F5038E9EF432AAC5C3C4FE840CC370CF86580A6011778BBEDAF511A51B56D1A2EB68394AA299E26DA9ADA6A2F39B9FAFF7FBA457689B9C1A577B2A1E505FDF75C7A0A64B1DF81B3A356001BF0DF4E02A1FC59F651C9D585EC6224BB279C6BEBA2966E8882D68376081B987468E7AED1EF90EBD090AE825795CDCA1B4F09A979C8DFC21A48D8A53CDBB26C4DB547FC06EFE2F9850EDD2685A4661CB4911F165D4B63EF25B87D0A96D3DFF6AB0758999AAD214D07BD4F133A6734FDE445FE474711B69A98F7E2B"),
+ SHEX("62153F592C49D3C0485F80073319049A510C730327940CD9D52F3698"));
+ test_hash(&nettle_sha3_224, /* 251 octets */
+ SHEX("83AF34279CCB5430FEBEC07A81950D30F4B66F484826AFEE7456F0071A51E1BBC55570B5CC7EC6F9309C17BF5BEFDD7C6BA6E968CF218A2B34BD5CF927AB846E38A40BBD81759E9E33381016A755F699DF35D660007B5EADF292FEEFB735207EBF70B5BD17834F7BFA0E16CB219AD4AF524AB1EA37334AA66435E5D397FC0A065C411EBBCE32C240B90476D307CE802EC82C1C49BC1BEC48C0675EC2A6C6F3ED3E5B741D13437095707C565E10D8A20B8C20468FF9514FCF31B4249CD82DCEE58C0A2AF538B291A87E3390D737191A07484A5D3F3FB8C8F15CE056E5E5F8FEBE5E1FB59D6740980AA06CA8A0C20F5712B4CDE5D032E92AB89F0AE1"),
+ SHEX("ECDE4D6EB0CF28010B45D0D310E7D05F08B80AFC44B8A359BE7E1923"));
+ test_hash(&nettle_sha3_224, /* 252 octets */
+ SHEX("A7ED84749CCC56BB1DFBA57119D279D412B8A986886D810F067AF349E8749E9EA746A60B03742636C464FC1EE233ACC52C1983914692B64309EDFDF29F1AB912EC3E8DA074D3F1D231511F5756F0B6EEAD3E89A6A88FE330A10FACE267BFFBFC3E3090C7FD9A850561F363AD75EA881E7244F80FF55802D5EF7A1A4E7B89FCFA80F16DF54D1B056EE637E6964B9E0FFD15B6196BDD7DB270C56B47251485348E49813B4EB9ED122A01B3EA45AD5E1A929DF61D5C0F3E77E1FDC356B63883A60E9CBB9FC3E00C2F32DBD469659883F690C6772E335F617BC33F161D6F6984252EE12E62B6000AC5231E0C9BC65BE223D8DFD94C5004A101AF9FD6C0FB"),
+ SHEX("3BFC5018CF15CB88007929924B3E014635EF135C91F9671B29BE8731"));
+ test_hash(&nettle_sha3_224, /* 253 octets */
+ SHEX("A6FE30DCFCDA1A329E82AB50E32B5F50EB25C873C5D2305860A835AECEE6264AA36A47429922C4B8B3AFD00DA16035830EDB897831C4E7B00F2C23FC0B15FDC30D85FB70C30C431C638E1A25B51CAF1D7E8B050B7F89BFB30F59F0F20FECFF3D639ABC4255B3868FC45DD81E47EB12AB40F2AAC735DF5D1DC1AD997CEFC4D836B854CEE9AC02900036F3867FE0D84AFFF37BDE3308C2206C62C4743375094108877C73B87B2546FE05EA137BEDFC06A2796274099A0D554DA8F7D7223A48CBF31B7DECAA1EBC8B145763E3673168C1B1B715C1CD99ECD3DDB238B06049885ECAD9347C2436DFF32C771F34A38587A44A82C5D3D137A03CAA27E66C8FF6"),
+ SHEX("22715559AD15717722B1FA0583996090C79C3DF16CC1E6E0F6D3E898"));
+ test_hash(&nettle_sha3_224, /* 254 octets */
+ SHEX("83167FF53704C3AA19E9FB3303539759C46DD4091A52DDAE9AD86408B69335989E61414BC20AB4D01220E35241EFF5C9522B079FBA597674C8D716FE441E566110B6211531CECCF8FD06BC8E511D00785E57788ED9A1C5C73524F01830D2E1148C92D0EDC97113E3B7B5CD3049627ABDB8B39DD4D6890E0EE91993F92B03354A88F52251C546E64434D9C3D74544F23FB93E5A2D2F1FB15545B4E1367C97335B0291944C8B730AD3D4789273FA44FB98D78A36C3C3764ABEEAC7C569C1E43A352E5B770C3504F87090DEE075A1C4C85C0C39CF421BDCC615F9EFF6CB4FE6468004AECE5F30E1ECC6DB22AD9939BB2B0CCC96521DFBF4AE008B5B46BC006E"),
+ SHEX("2F36FF8AB7264F7A5766DE025018E19B5A64D90994B743B8FBFBDCCA"));
+ test_hash(&nettle_sha3_224, /* 255 octets */
+ SHEX("3A3A819C48EFDE2AD914FBF00E18AB6BC4F14513AB27D0C178A188B61431E7F5623CB66B23346775D386B50E982C493ADBBFC54B9A3CD383382336A1A0B2150A15358F336D03AE18F666C7573D55C4FD181C29E6CCFDE63EA35F0ADF5885CFC0A3D84A2B2E4DD24496DB789E663170CEF74798AA1BBCD4574EA0BBA40489D764B2F83AADC66B148B4A0CD95246C127D5871C4F11418690A5DDF01246A0C80A43C70088B6183639DCFDA4125BD113A8F49EE23ED306FAAC576C3FB0C1E256671D817FC2534A52F5B439F72E424DE376F4C565CCA82307DD9EF76DA5B7C4EB7E085172E328807C02D011FFBF33785378D79DC266F6A5BE6BB0E4A92ECEEBAEB1"),
+ SHEX("5AF56987EA9CF11FCD0EAC5EBC14B037365E9B1123E31CB2DFC7929A"));
+}
--- /dev/null
+#include "testutils.h"
+
+void
+test_main(void)
+{
+ /* Extracted from ShortMsgKAT_256.txt using sha3.awk. */
+ test_hash(&nettle_sha3_256, /* 0 octets */
+ SHEX(""),
+ SHEX("C5D2460186F7233C927E7DB2DCC703C0E500B653CA82273B7BFAD8045D85A470"));
+ test_hash(&nettle_sha3_256, /* 1 octets */
+ SHEX("CC"),
+ SHEX("EEAD6DBFC7340A56CAEDC044696A168870549A6A7F6F56961E84A54BD9970B8A"));
+ test_hash(&nettle_sha3_256, /* 2 octets */
+ SHEX("41FB"),
+ SHEX("A8EACEDA4D47B3281A795AD9E1EA2122B407BAF9AABCB9E18B5717B7873537D2"));
+ test_hash(&nettle_sha3_256, /* 3 octets */
+ SHEX("1F877C"),
+ SHEX("627D7BC1491B2AB127282827B8DE2D276B13D7D70FB4C5957FDF20655BC7AC30"));
+ test_hash(&nettle_sha3_256, /* 4 octets */
+ SHEX("C1ECFDFC"),
+ SHEX("B149E766D7612EAF7D55F74E1A4FDD63709A8115B14F61FCD22AA4ABC8B8E122"));
+ test_hash(&nettle_sha3_256, /* 5 octets */
+ SHEX("21F134AC57"),
+ SHEX("67F05544DBE97D5D6417C1B1EA9BC0E3A99A541381D1CD9B08A9765687EB5BB4"));
+ test_hash(&nettle_sha3_256, /* 6 octets */
+ SHEX("C6F50BB74E29"),
+ SHEX("923062C4E6F057597220D182DBB10E81CD25F60B54005B2A75DD33D6DAC518D0"));
+ test_hash(&nettle_sha3_256, /* 7 octets */
+ SHEX("119713CC83EEEF"),
+ SHEX("FEB8405DCD315D48C6CBF7A3504996DE8E25CC22566EFEC67433712EDA99894F"));
+ test_hash(&nettle_sha3_256, /* 8 octets */
+ SHEX("4A4F202484512526"),
+ SHEX("E620D8F2982B24FEDAAA3BAA9B46C3F9CE204EE356666553ECB35E15C3FF9BF9"));
+ test_hash(&nettle_sha3_256, /* 9 octets */
+ SHEX("1F66AB4185ED9B6375"),
+ SHEX("9E03F7C9A3D055ECA1D786ED6FB624D93F1CF0AC27F9C2B6C05E509FAC9E7FCA"));
+ test_hash(&nettle_sha3_256, /* 10 octets */
+ SHEX("EED7422227613B6F53C9"),
+ SHEX("CAAD8E1ED546630748A12F5351B518A9A431CDA6BA56CBFC3CCBDD8AAE5092F7"));
+ test_hash(&nettle_sha3_256, /* 11 octets */
+ SHEX("EAEED5CDFFD89DECE455F1"),
+ SHEX("D61708BDB3211A9AAB28D4DF01DFA4B29ED40285844D841042257E97488617B0"));
+ test_hash(&nettle_sha3_256, /* 12 octets */
+ SHEX("5BE43C90F22902E4FE8ED2D3"),
+ SHEX("0F53BE55990780B3FAD9870F04F7D8153C3AE605C057C85ABB5D71765043AAA8"));
+ test_hash(&nettle_sha3_256, /* 13 octets */
+ SHEX("A746273228122F381C3B46E4F1"),
+ SHEX("32215AE88204A782B62D1810D945DE49948DE458600F5E1E3896CECA2ED3292B"));
+ test_hash(&nettle_sha3_256, /* 14 octets */
+ SHEX("3C5871CD619C69A63B540EB5A625"),
+ SHEX("9510DA68E58EBB8D2AB9DE8485BB408E358299A9C011AE8544B0D0FAF9D4A4EA"));
+ test_hash(&nettle_sha3_256, /* 15 octets */
+ SHEX("FA22874BCC068879E8EF11A69F0722"),
+ SHEX("F20B3BCF743AA6FA084038520791C364CB6D3D1DD75841F8D7021CD98322BD8F"));
+ test_hash(&nettle_sha3_256, /* 16 octets */
+ SHEX("52A608AB21CCDD8A4457A57EDE782176"),
+ SHEX("0E32DEFA2071F0B5AC0E6A108B842ED0F1D3249712F58EE0DDF956FE332A5F95"));
+ test_hash(&nettle_sha3_256, /* 17 octets */
+ SHEX("82E192E4043DDCD12ECF52969D0F807EED"),
+ SHEX("9204550677B9AA770E6E93E319B9958540D54FF4DCCB063C8561302CD8AFF676"));
+ test_hash(&nettle_sha3_256, /* 18 octets */
+ SHEX("75683DCB556140C522543BB6E9098B21A21E"),
+ SHEX("A6D5444CB7AA61F5106CDEDB39D5E1DD7D608F102798D7E818AC87289123A1DB"));
+ test_hash(&nettle_sha3_256, /* 19 octets */
+ SHEX("06E4EFE45035E61FAAF4287B4D8D1F12CA97E5"),
+ SHEX("5796B993D0BD1257CF26782B4E58FAFB22B0986D88684AB5A2E6CEC6706275F9"));
+ test_hash(&nettle_sha3_256, /* 20 octets */
+ SHEX("E26193989D06568FE688E75540AEA06747D9F851"),
+ SHEX("CFBE73C6585BE6204DD473ABE356B539477174C4B770BFC91E9FDBCBC57086E6"));
+ test_hash(&nettle_sha3_256, /* 21 octets */
+ SHEX("D8DC8FDEFBDCE9D44E4CBAFE78447BAE3B5436102A"),
+ SHEX("31C8006B0EC35E690674297CB27476DB6066B5FA9825C60728E9E0BB338FB7C3"));
+ test_hash(&nettle_sha3_256, /* 22 octets */
+ SHEX("57085FD7E14216AB102D8317B0CB338A786D5FC32D8F"),
+ SHEX("3B8FA3904FE1B837565A50D0FBF03E487D6D72FC3CEA41ADCCE33DF1B835D247"));
+ test_hash(&nettle_sha3_256, /* 23 octets */
+ SHEX("A05404DF5DBB57697E2C16FA29DEFAC8AB3560D6126FA0"),
+ SHEX("37FEBC4DF9D50DAEABD0CAA6578812A687E55F1AC0B109D2512810D00548C85B"));
+ test_hash(&nettle_sha3_256, /* 24 octets */
+ SHEX("AECBB02759F7433D6FCB06963C74061CD83B5B3FFA6F13C6"),
+ SHEX("2329810B5A4735BCD49C10E6456C0B1DED5EAC258AF47CBB797CA162AB6D1BA8"));
+ test_hash(&nettle_sha3_256, /* 25 octets */
+ SHEX("AAFDC9243D3D4A096558A360CC27C8D862F0BE73DB5E88AA55"),
+ SHEX("6FFFA070B865BE3EE766DC2DB49B6AA55C369F7DE3703ADA2612D754145C01E6"));
+ test_hash(&nettle_sha3_256, /* 26 octets */
+ SHEX("7BC84867F6F9E9FDC3E1046CAE3A52C77ED485860EE260E30B15"),
+ SHEX("B30761C053E926F150B9DCE7E005B4D87811CCFB9E3B6EDB0221022F01711CF0"));
+ test_hash(&nettle_sha3_256, /* 27 octets */
+ SHEX("FAC523575A99EC48279A7A459E98FF901918A475034327EFB55843"),
+ SHEX("04F1B3C1E25BA5D012E22AD144E5A8719D94322D05AD9EF61E7DB49B59959B3A"));
+ test_hash(&nettle_sha3_256, /* 28 octets */
+ SHEX("0F8B2D8FCFD9D68CFFC17CCFB117709B53D26462A3F346FB7C79B85E"),
+ SHEX("AEEF4B4DA420834FFCED26DB291248FB2D01E765E2B0564057F8E6C2030AC37F"));
+ test_hash(&nettle_sha3_256, /* 29 octets */
+ SHEX("A963C3E895FF5A0BE4824400518D81412F875FA50521E26E85EAC90C04"),
+ SHEX("03D26AEEB4A7BDDDBFF7CFF667198C425941A2776922DF2BEC545F5304E2C61C"));
+ test_hash(&nettle_sha3_256, /* 30 octets */
+ SHEX("03A18688B10CC0EDF83ADF0A84808A9718383C4070C6C4F295098699AC2C"),
+ SHEX("435CFC0D1AFD8D5509A9CCBF49706575038685BF08DB549D9714548240463EE9"));
+ test_hash(&nettle_sha3_256, /* 31 octets */
+ SHEX("84FB51B517DF6C5ACCB5D022F8F28DA09B10232D42320FFC32DBECC3835B29"),
+ SHEX("D477FB02CAAA95B3280EC8EE882C29D9E8A654B21EF178E0F97571BF9D4D3C1C"));
+ test_hash(&nettle_sha3_256, /* 32 octets */
+ SHEX("9F2FCC7C90DE090D6B87CD7E9718C1EA6CB21118FC2D5DE9F97E5DB6AC1E9C10"),
+ SHEX("24DD2EE02482144F539F810D2CAA8A7B75D0FA33657E47932122D273C3F6F6D1"));
+ test_hash(&nettle_sha3_256, /* 33 octets */
+ SHEX("DE8F1B3FAA4B7040ED4563C3B8E598253178E87E4D0DF75E4FF2F2DEDD5A0BE046"),
+ SHEX("E78C421E6213AFF8DE1F025759A4F2C943DB62BBDE359C8737E19B3776ED2DD2"));
+ test_hash(&nettle_sha3_256, /* 34 octets */
+ SHEX("62F154EC394D0BC757D045C798C8B87A00E0655D0481A7D2D9FB58D93AEDC676B5A0"),
+ SHEX("CCE3E3D498328A4D9C5B4DBF9A1209628AB82621AD1A0D0A18680362889E6164"));
+ test_hash(&nettle_sha3_256, /* 35 octets */
+ SHEX("B2DCFE9FF19E2B23CE7DA2A4207D3E5EC7C6112A8A22AEC9675A886378E14E5BFBAD4E"),
+ SHEX("F871DB93C5C92ECD65D4EDB96FCB12E4729BC2A1899F7FB029F50BFF431CBB72"));
+ test_hash(&nettle_sha3_256, /* 36 octets */
+ SHEX("47F5697AC8C31409C0868827347A613A3562041C633CF1F1F86865A576E02835ED2C2492"),
+ SHEX("4EB143477431DF019311AED936CAB91A912EC1E6868B71E9EDDB777408D4AF34"));
+ test_hash(&nettle_sha3_256, /* 37 octets */
+ SHEX("512A6D292E67ECB2FE486BFE92660953A75484FF4C4F2ECA2B0AF0EDCDD4339C6B2EE4E542"),
+ SHEX("9A0C1D50A59DBF657F6713C795ED14E1F23B4EAA137C5540AACDB0A7E32C29FC"));
+ test_hash(&nettle_sha3_256, /* 38 octets */
+ SHEX("973CF2B4DCF0BFA872B41194CB05BB4E16760A1840D8343301802576197EC19E2A1493D8F4FB"),
+ SHEX("BA062E5D370216D11985C4CA7A2658DDC7328B4BE4B40A52DD8FA3CA662F09D1"));
+ test_hash(&nettle_sha3_256, /* 39 octets */
+ SHEX("80BEEBCD2E3F8A9451D4499961C9731AE667CDC24EA020CE3B9AA4BBC0A7F79E30A934467DA4B0"),
+ SHEX("3A083AE163DF42BD51B9C664BEE9DC4362F16E63383DF16473DF71BE6DD40C1C"));
+ test_hash(&nettle_sha3_256, /* 40 octets */
+ SHEX("7ABAA12EC2A7347674E444140AE0FB659D08E1C66DECD8D6EAE925FA451D65F3C0308E29446B8ED3"),
+ SHEX("4876E273AC00942576D9608D5B63ECC9A3E75D5E0C42C6ABDBCDE037785AF9A7"));
+ test_hash(&nettle_sha3_256, /* 41 octets */
+ SHEX("C88DEE9927679B8AF422ABCBACF283B904FF31E1CAC58C7819809F65D5807D46723B20F67BA610C2B7"),
+ SHEX("4797BA1C7AB7197050D6B2E506F2DF4550E4B673DF78F18C465424E48DF5E997"));
+ test_hash(&nettle_sha3_256, /* 42 octets */
+ SHEX("01E43FE350FCEC450EC9B102053E6B5D56E09896E0DDD9074FE138E6038210270C834CE6EADC2BB86BF6"),
+ SHEX("41C91BE98C5813A4C5D8AE7C29B9919C1CC95B4A05F82433948CB99D9A6D039C"));
+ test_hash(&nettle_sha3_256, /* 43 octets */
+ SHEX("337023370A48B62EE43546F17C4EF2BF8D7ECD1D49F90BAB604B839C2E6E5BD21540D29BA27AB8E309A4B7"),
+ SHEX("EE354290E3F9CE9123C49BA616E1A2684A90F3DDD84E73A1D2C232F740412B18"));
+ test_hash(&nettle_sha3_256, /* 44 octets */
+ SHEX("6892540F964C8C74BD2DB02C0AD884510CB38AFD4438AF31FC912756F3EFEC6B32B58EBC38FC2A6B913596A8"),
+ SHEX("FBEC0B6D71696EEDE900B77AA6D7D25F4AB45DF8961CA9C8B3F4F9B51AF983AB"));
+ test_hash(&nettle_sha3_256, /* 45 octets */
+ SHEX("F5961DFD2B1FFFFDA4FFBF30560C165BFEDAB8CE0BE525845DEB8DC61004B7DB38467205F5DCFB34A2ACFE96C0"),
+ SHEX("9D24AEEA08F9A4B5FB8B6DE85A2296F5F4108DDD1EEA4F8EE58819CF84EDB765"));
+ test_hash(&nettle_sha3_256, /* 46 octets */
+ SHEX("CA061A2EB6CEED8881CE2057172D869D73A1951E63D57261384B80CEB5451E77B06CF0F5A0EA15CA907EE1C27EBA"),
+ SHEX("732034CAE3FF1116F07FC18B5A26EF8FAF3FE75D3DBCA05E48795365E0A17C40"));
+ test_hash(&nettle_sha3_256, /* 47 octets */
+ SHEX("1743A77251D69242750C4F1140532CD3C33F9B5CCDF7514E8584D4A5F9FBD730BCF84D0D4726364B9BF95AB251D9BB"),
+ SHEX("DEAC521805BC6A97C0870E9E225D1C4B2FD8F3A9A7F6B39E357C26414821E2DD"));
+ test_hash(&nettle_sha3_256, /* 48 octets */
+ SHEX("D8FABA1F5194C4DB5F176FABFFF856924EF627A37CD08CF55608BBA8F1E324D7C7F157298EABC4DCE7D89CE5162499F9"),
+ SHEX("AD55537347B20D9FCA02683E6DE1032EC10EB84DA4CBD501E49744A666292EDF"));
+ test_hash(&nettle_sha3_256, /* 49 octets */
+ SHEX("BE9684BE70340860373C9C482BA517E899FC81BAAA12E5C6D7727975D1D41BA8BEF788CDB5CF4606C9C1C7F61AED59F97D"),
+ SHEX("B1F990204BF630569A3EDC634864274786F40CE1C57165EE32D0E29F5D0C6851"));
+ test_hash(&nettle_sha3_256, /* 50 octets */
+ SHEX("7E15D2B9EA74CA60F66C8DFAB377D9198B7B16DEB6A1BA0EA3C7EE2042F89D3786E779CF053C77785AA9E692F821F14A7F51"),
+ SHEX("FA460CD51BC611786D364FCABE39052BCD5F009EDFA81F4701C5B22B729B0016"));
+ test_hash(&nettle_sha3_256, /* 51 octets */
+ SHEX("9A219BE43713BD578015E9FDA66C0F2D83CAC563B776AB9F38F3E4F7EF229CB443304FBA401EFB2BDBD7ECE939102298651C86"),
+ SHEX("F7B0FE5A69FF44060D4F6AD2486E6CDE9ED679AF9AA1ADA613E4CC392442BEB5"));
+ test_hash(&nettle_sha3_256, /* 52 octets */
+ SHEX("C8F2B693BD0D75EF99CAEBDC22ADF4088A95A3542F637203E283BBC3268780E787D68D28CC3897452F6A22AA8573CCEBF245972A"),
+ SHEX("24204D491F202534859FC0A208237184471A2D801FB3B934D0968D0D843D0345"));
+ test_hash(&nettle_sha3_256, /* 53 octets */
+ SHEX("EC0F99711016C6A2A07AD80D16427506CE6F441059FD269442BAAA28C6CA037B22EEAC49D5D894C0BF66219F2C08E9D0E8AB21DE52"),
+ SHEX("81147CBA0647EEE78C4784874C0557621A138CA781FB6F5DCD0D9C609AF56F35"));
+ test_hash(&nettle_sha3_256, /* 54 octets */
+ SHEX("0DC45181337CA32A8222FE7A3BF42FC9F89744259CFF653504D6051FE84B1A7FFD20CB47D4696CE212A686BB9BE9A8AB1C697B6D6A33"),
+ SHEX("5B6D7EDA559574FAE882E6266F4C2BE362133E44B5A947ECB6E75DB9FC8567E0"));
+ test_hash(&nettle_sha3_256, /* 55 octets */
+ SHEX("DE286BA4206E8B005714F80FB1CDFAEBDE91D29F84603E4A3EBC04686F99A46C9E880B96C574825582E8812A26E5A857FFC6579F63742F"),
+ SHEX("86F87E75C87F9BE39E4AA6D0C5A37A5964D6FFDC462525C0642C9DB010DE38EE"));
+ test_hash(&nettle_sha3_256, /* 56 octets */
+ SHEX("EEBCC18057252CBF3F9C070F1A73213356D5D4BC19AC2A411EC8CDEEE7A571E2E20EAF61FD0C33A0FFEB297DDB77A97F0A415347DB66BCAF"),
+ SHEX("959FE007B57C2947C36D1D66CC0808D80DB7DF45D68A34852B70D2DDA192C25C"));
+ test_hash(&nettle_sha3_256, /* 57 octets */
+ SHEX("416B5CDC9FE951BD361BD7ABFC120A5054758EBA88FDD68FD84E39D3B09AC25497D36B43CBE7B85A6A3CEBDA8DB4E5549C3EE51BB6FCB6AC1E"),
+ SHEX("1A93567EEBC41CC44D9346CDE646005D3E82DE8EEEB131E9C1F6D1E4AFD260F7"));
+ test_hash(&nettle_sha3_256, /* 58 octets */
+ SHEX("5C5FAF66F32E0F8311C32E8DA8284A4ED60891A5A7E50FB2956B3CBAA79FC66CA376460E100415401FC2B8518C64502F187EA14BFC9503759705"),
+ SHEX("549DB056B65EDF7D05BD66661B6D0A39B29B825BC80910F8BF7060A53BFF68E1"));
+ test_hash(&nettle_sha3_256, /* 59 octets */
+ SHEX("7167E1E02BE1A7CA69D788666F823AE4EEF39271F3C26A5CF7CEE05BCA83161066DC2E217B330DF821103799DF6D74810EED363ADC4AB99F36046A"),
+ SHEX("794ABFD7EB622D5608C1C7B3F0A7821A71900B7172847FB0907AA2899972663E"));
+ test_hash(&nettle_sha3_256, /* 60 octets */
+ SHEX("2FDA311DBBA27321C5329510FAE6948F03210B76D43E7448D1689A063877B6D14C4F6D0EAA96C150051371F7DD8A4119F7DA5C483CC3E6723C01FB7D"),
+ SHEX("9CE89958CBDDD8DCB22F66E8CBA5F6091A51953189464803BDC773ABC7FAA906"));
+ test_hash(&nettle_sha3_256, /* 61 octets */
+ SHEX("95D1474A5AAB5D2422ACA6E481187833A6212BD2D0F91451A67DD786DFC91DFED51B35F47E1DEB8A8AB4B9CB67B70179CC26F553AE7B569969CE151B8D"),
+ SHEX("6DA733817DC826E8DA773BECA7338131AB7396417104EDA25970980C4EB2A15F"));
+ test_hash(&nettle_sha3_256, /* 62 octets */
+ SHEX("C71BD7941F41DF044A2927A8FF55B4B467C33D089F0988AA253D294ADDBDB32530C0D4208B10D9959823F0C0F0734684006DF79F7099870F6BF53211A88D"),
+ SHEX("66C9CDC8E8C6C9417D7FFBEF3B54B702EEE5F01A9BDA8DD4E28FE3335DEBBB51"));
+ test_hash(&nettle_sha3_256, /* 63 octets */
+ SHEX("F57C64006D9EA761892E145C99DF1B24640883DA79D9ED5262859DCDA8C3C32E05B03D984F1AB4A230242AB6B78D368DC5AAA1E6D3498D53371E84B0C1D4BA"),
+ SHEX("24AB37A93674CCB1CEEC9E5681EFC8BDF9FCC7721CF1CAC175E0B20E461575B8"));
+ test_hash(&nettle_sha3_256, /* 64 octets */
+ SHEX("E926AE8B0AF6E53176DBFFCC2A6B88C6BD765F939D3D178A9BDE9EF3AA131C61E31C1E42CDFAF4B4DCDE579A37E150EFBEF5555B4C1CB40439D835A724E2FAE7"),
+ SHEX("574271CD13959E8DDEAE5BFBDB02A3FDF54F2BABFD0CBEB893082A974957D0C1"));
+ test_hash(&nettle_sha3_256, /* 65 octets */
+ SHEX("16E8B3D8F988E9BB04DE9C96F2627811C973CE4A5296B4772CA3EEFEB80A652BDF21F50DF79F32DB23F9F73D393B2D57D9A0297F7A2F2E79CFDA39FA393DF1AC00"),
+ SHEX("1947E901FA59EA789845775F2A4DB9B4848F8A776073D53D84CBD5D927A96BFF"));
+ test_hash(&nettle_sha3_256, /* 66 octets */
+ SHEX("FC424EEB27C18A11C01F39C555D8B78A805B88DBA1DC2A42ED5E2C0EC737FF68B2456D80EB85E11714FA3F8EABFB906D3C17964CB4F5E76B29C1765DB03D91BE37FC"),
+ SHEX("0C1B8C1AF237E9C5501B50316A80865AAC08A34ACF4F8BEDD4A2D6E7B7BCBB85"));
+ test_hash(&nettle_sha3_256, /* 67 octets */
+ SHEX("ABE3472B54E72734BDBA7D9158736464251C4F21B33FBBC92D7FAC9A35C4E3322FF01D2380CBAA4EF8FB07D21A2128B7B9F5B6D9F34E13F39C7FFC2E72E47888599BA5"),
+ SHEX("C4315666C71FEA834D8FF27F025F5CC34F37C1AAE78604A4B08DAC45DECD42BE"));
+ test_hash(&nettle_sha3_256, /* 68 octets */
+ SHEX("36F9F0A65F2CA498D739B944D6EFF3DA5EBBA57E7D9C41598A2B0E4380F3CF4B479EC2348D015FFE6256273511154AFCF3B4B4BF09D6C4744FDD0F62D75079D440706B05"),
+ SHEX("5FF8734DB3F9977EEE9CF5E2CF725C57AF09926490C55ABD9D00A42E91A8C344"));
+ test_hash(&nettle_sha3_256, /* 69 octets */
+ SHEX("ABC87763CAE1CA98BD8C5B82CABA54AC83286F87E9610128AE4DE68AC95DF5E329C360717BD349F26B872528492CA7C94C2C1E1EF56B74DBB65C2AC351981FDB31D06C77A4"),
+ SHEX("1E141A171CAB085252EA4C2F8F1F1087DD85A75AB3ACD0B3C28EAA5735D349AF"));
+ test_hash(&nettle_sha3_256, /* 70 octets */
+ SHEX("94F7CA8E1A54234C6D53CC734BB3D3150C8BA8C5F880EAB8D25FED13793A9701EBE320509286FD8E422E931D99C98DA4DF7E70AE447BAB8CFFD92382D8A77760A259FC4FBD72"),
+ SHEX("EF763F22F359DD7F5B3FE6A745C423D6B641EC07BA5235232A0701510F74426E"));
+ test_hash(&nettle_sha3_256, /* 71 octets */
+ SHEX("13BD2811F6ED2B6F04FF3895ACEED7BEF8DCD45EB121791BC194A0F806206BFFC3B9281C2B308B1A729CE008119DD3066E9378ACDCC50A98A82E20738800B6CDDBE5FE9694AD6D"),
+ SHEX("6A769F93F255B078FE73AFF68F0422A279939920E4690B4AFF0E433CFA3D3DF3"));
+ test_hash(&nettle_sha3_256, /* 72 octets */
+ SHEX("1EED9CBA179A009EC2EC5508773DD305477CA117E6D569E66B5F64C6BC64801CE25A8424CE4A26D575B8A6FB10EAD3FD1992EDDDEEC2EBE7150DC98F63ADC3237EF57B91397AA8A7"),
+ SHEX("C06DD4261638C44AFCB186F0AF5DE20EA53AA63316FBB71728F874FF3DACEB0D"));
+ test_hash(&nettle_sha3_256, /* 73 octets */
+ SHEX("BA5B67B5EC3A3FFAE2C19DD8176A2EF75C0CD903725D45C9CB7009A900C0B0CA7A2967A95AE68269A6DBF8466C7B6844A1D608AC661F7EFF00538E323DB5F2C644B78B2D48DE1A08AA"),
+ SHEX("B5D84B1809E83B5E75AA53BDEE79E3A97F3FE3A7D3162EBD4908240FF69131D8"));
+ test_hash(&nettle_sha3_256, /* 74 octets */
+ SHEX("0EFA26AC5673167DCACAB860932ED612F65FF49B80FA9AE65465E5542CB62075DF1C5AE54FBA4DB807BE25B070033EFA223BDD5B1D3C94C6E1909C02B620D4B1B3A6C9FED24D70749604"),
+ SHEX("CAD7ABB5BBA5905B5181DD2DBC4E68CFD01BA8659F21C8290D3F835C1A68BBE5"));
+ test_hash(&nettle_sha3_256, /* 75 octets */
+ SHEX("BBFD933D1FD7BF594AC7F435277DC17D8D5A5B8E4D13D96D2F64E771ABBD51A5A8AEA741BECCBDDB177BCEA05243EBD003CFDEAE877CCA4DA94605B67691919D8B033F77D384CA01593C1B"),
+ SHEX("83CA09C1F418B5DAD0A7F64A904A2E07C3314F7D02D92622F8F4674BC1F6AA3D"));
+ test_hash(&nettle_sha3_256, /* 76 octets */
+ SHEX("90078999FD3C35B8AFBF4066CBDE335891365F0FC75C1286CDD88FA51FAB94F9B8DEF7C9AC582A5DBCD95817AFB7D1B48F63704E19C2BAA4DF347F48D4A6D603013C23F1E9611D595EBAC37C"),
+ SHEX("330DE3EE16AEF6711461A994863EED47AF71B362D4C2F243534EF432F63A091A"));
+ test_hash(&nettle_sha3_256, /* 77 octets */
+ SHEX("64105ECA863515C20E7CFBAA0A0B8809046164F374D691CDBD6508AAABC1819F9AC84B52BAFC1B0FE7CDDBC554B608C01C8904C669D8DB316A0953A4C68ECE324EC5A49FFDB59A1BD6A292AA0E"),
+ SHEX("B5675197E49B357218F7118CD15EE773B39BD59B224D9A45CA71C6E371D938F1"));
+ test_hash(&nettle_sha3_256, /* 78 octets */
+ SHEX("D4654BE288B9F3B711C2D02015978A8CC57471D5680A092AA534F7372C71CEAAB725A383C4FCF4D8DEAA57FCA3CE056F312961ECCF9B86F14981BA5BED6AB5B4498E1F6C82C6CAE6FC14845B3C8A"),
+ SHEX("CD9038C1066A59990DF5752107B066EEBBE672CBCA0F60D687D03A9D821934BE"));
+ test_hash(&nettle_sha3_256, /* 79 octets */
+ SHEX("12D9394888305AC96E65F2BF0E1B18C29C90FE9D714DD59F651F52B88B3008C588435548066EA2FC4C101118C91F32556224A540DE6EFDDBCA296EF1FB00341F5B01FECFC146BDB251B3BDAD556CD2"),
+ SHEX("D3172CA263AFF2B9DB6FB13337F2543C5AF51151801A76194012F710306C14F6"));
+ test_hash(&nettle_sha3_256, /* 80 octets */
+ SHEX("871A0D7A5F36C3DA1DFCE57ACD8AB8487C274FAD336BC137EBD6FF4658B547C1DCFAB65F037AA58F35EF16AFF4ABE77BA61F65826F7BE681B5B6D5A1EA8085E2AE9CD5CF0991878A311B549A6D6AF230"),
+ SHEX("9E3D4BCF580EECE39BCF13E5716E5BB8F5E8C3FC3723F66246F836D8DB1238F1"));
+ test_hash(&nettle_sha3_256, /* 81 octets */
+ SHEX("E90B4FFEF4D457BC7711FF4AA72231CA25AF6B2E206F8BF859D8758B89A7CD36105DB2538D06DA83BAD5F663BA11A5F6F61F236FD5F8D53C5E89F183A3CEC615B50C7C681E773D109FF7491B5CC22296C5"),
+ SHEX("EDC2D3B49C85B8DD75F7B5128DA04CD76BF4878779A0077AF3F1D7FB44F18931"));
+ test_hash(&nettle_sha3_256, /* 82 octets */
+ SHEX("E728DE62D75856500C4C77A428612CD804F30C3F10D36FB219C5CA0AA30726AB190E5F3F279E0733D77E7267C17BE27D21650A9A4D1E32F649627638DBADA9702C7CA303269ED14014B2F3CF8B894EAC8554"),
+ SHEX("80DCE7F04DD6AC17CE709B56CF6EA6C0A57190649BB187B5E6D95FA18100C7AC"));
+ test_hash(&nettle_sha3_256, /* 83 octets */
+ SHEX("6348F229E7B1DF3B770C77544E5166E081850FA1C6C88169DB74C76E42EB983FACB276AD6A0D1FA7B50D3E3B6FCD799EC97470920A7ABED47D288FF883E24CA21C7F8016B93BB9B9E078BDB9703D2B781B616E"),
+ SHEX("49BBD5435D2706F85FE77B84A5FA15DDD8259E5D2C20FB947F139373E5C86121"));
+ test_hash(&nettle_sha3_256, /* 84 octets */
+ SHEX("4B127FDE5DE733A1680C2790363627E63AC8A3F1B4707D982CAEA258655D9BF18F89AFE54127482BA01E08845594B671306A025C9A5C5B6F93B0A39522DC877437BE5C2436CBF300CE7AB6747934FCFC30AEAAF6"),
+ SHEX("6B6C11F9731D60789D713DAF53D2EB10AB9CCF15430EA5D1249BE06EDFE2BFF6"));
+ test_hash(&nettle_sha3_256, /* 85 octets */
+ SHEX("08461F006CFF4CC64B752C957287E5A0FAABC05C9BFF89D23FD902D324C79903B48FCB8F8F4B01F3E4DDB483593D25F000386698F5ADE7FAADE9615FDC50D32785EA51D49894E45BAA3DC707E224688C6408B68B11"),
+ SHEX("7E738E8EB3D47D18E97D87C7B3FC681F86417883CED92BA93C3077812BBD17E7"));
+ test_hash(&nettle_sha3_256, /* 86 octets */
+ SHEX("68C8F8849B120E6E0C9969A5866AF591A829B92F33CD9A4A3196957A148C49138E1E2F5C7619A6D5EDEBE995ACD81EC8BB9C7B9CFCA678D081EA9E25A75D39DB04E18D475920CE828B94E72241F24DB72546B352A0E4"),
+ SHEX("A278BA93BA0D7CD2677BE08C9DFC5F516A37F722BB06565FA22500F66FE031A9"));
+ test_hash(&nettle_sha3_256, /* 87 octets */
+ SHEX("B8D56472954E31FB54E28FCA743F84D8DC34891CB564C64B08F7B71636DEBD64CA1EDBDBA7FC5C3E40049CE982BBA8C7E0703034E331384695E9DE76B5104F2FBC4535ECBEEBC33BC27F29F18F6F27E8023B0FBB6F563C"),
+ SHEX("9C0A9F0DA113D39F491B7DA6C4DA5D84FE1CC46367E5ACC433CA3E0500951738"));
+ test_hash(&nettle_sha3_256, /* 88 octets */
+ SHEX("0D58AC665FA84342E60CEFEE31B1A4EACDB092F122DFC68309077AED1F3E528F578859EE9E4CEFB4A728E946324927B675CD4F4AC84F64DB3DACFE850C1DD18744C74CECCD9FE4DC214085108F404EAB6D8F452B5442A47D"),
+ SHEX("6BED496D02FE4CC27D96DCEED14A67DA7BDF75E19B624896DFF6B0B68E4FCC12"));
+ test_hash(&nettle_sha3_256, /* 89 octets */
+ SHEX("1755E2D2E5D1C1B0156456B539753FF416651D44698E87002DCF61DCFA2B4E72F264D9AD591DF1FDEE7B41B2EB00283C5AEBB3411323B672EAA145C5125185104F20F335804B02325B6DEA65603F349F4D5D8B782DD3469CCD"),
+ SHEX("ECD2E3FAF4BA4DD67E5A8656CEBEBDB24611611678E92EB60F7CBD3111D0A345"));
+ test_hash(&nettle_sha3_256, /* 90 octets */
+ SHEX("B180DE1A611111EE7584BA2C4B020598CD574AC77E404E853D15A101C6F5A2E5C801D7D85DC95286A1804C870BB9F00FD4DCB03AA8328275158819DCAD7253F3E3D237AEAA7979268A5DB1C6CE08A9EC7C2579783C8AFC1F91A7"),
+ SHEX("634A95A7E8BA58F7818A13903EC8F3411B6ECB7E389EC9AA97C0ECF87FADD588"));
+ test_hash(&nettle_sha3_256, /* 91 octets */
+ SHEX("CF3583CBDFD4CBC17063B1E7D90B02F0E6E2EE05F99D77E24E560392535E47E05077157F96813544A17046914F9EFB64762A23CF7A49FE52A0A4C01C630CFE8727B81FB99A89FF7CC11DCA5173057E0417B8FE7A9EFBA6D95C555F"),
+ SHEX("A0FE352BA2389B0430EDBE1201032EB09C255514C5C5B529C4BAAFCEB1AC9817"));
+ test_hash(&nettle_sha3_256, /* 92 octets */
+ SHEX("072FC02340EF99115BAD72F92C01E4C093B9599F6CFC45CB380EE686CB5EB019E806AB9BD55E634AB10AA62A9510CC0672CD3EDDB589C7DF2B67FCD3329F61B1A4441ECA87A33C8F55DA4FBBAD5CF2B2527B8E983BB31A2FADEC7523"),
+ SHEX("9A0BFE14F9F3127ACA86773A620945731DF781A6D7DC82930CCDE2F69DAC8F94"));
+ test_hash(&nettle_sha3_256, /* 93 octets */
+ SHEX("76EECF956A52649F877528146DE33DF249CD800E21830F65E90F0F25CA9D6540FDE40603230ECA6760F1139C7F268DEBA2060631EEA92B1FFF05F93FD5572FBE29579ECD48BC3A8D6C2EB4A6B26E38D6C5FBF2C08044AEEA470A8F2F26"),
+ SHEX("19E5101BDE60B200A8B171E4C3EA3DFD913E10111D96F9682ACC7467282B4E31"));
+ test_hash(&nettle_sha3_256, /* 94 octets */
+ SHEX("7ADC0B6693E61C269F278E6944A5A2D8300981E40022F839AC644387BFAC9086650085C2CDC585FEA47B9D2E52D65A2B29A7DC370401EF5D60DD0D21F9E2B90FAE919319B14B8C5565B0423CEFB827D5F1203302A9D01523498A4DB10374"),
+ SHEX("4CC2AFF141987F4C2E683FA2DE30042BACDCD06087D7A7B014996E9CFEAA58CE"));
+ test_hash(&nettle_sha3_256, /* 95 octets */
+ SHEX("E1FFFA9826CCE8B86BCCEFB8794E48C46CDF372013F782ECED1E378269B7BE2B7BF51374092261AE120E822BE685F2E7A83664BCFBE38FE8633F24E633FFE1988E1BC5ACF59A587079A57A910BDA60060E85B5F5B6F776F0529639D9CCE4BD"),
+ SHEX("9A8CE819894EFCCC2153B239C3ADC3F07D0968EAC5EC8080AC0174F2D5E6959C"));
+ test_hash(&nettle_sha3_256, /* 96 octets */
+ SHEX("69F9ABBA65592EE01DB4DCE52DBAB90B08FC04193602792EE4DAA263033D59081587B09BBE49D0B49C9825D22840B2FF5D9C5155F975F8F2C2E7A90C75D2E4A8040FE39F63BBAFB403D9E28CC3B86E04E394A9C9E8065BD3C85FA9F0C7891600"),
+ SHEX("8B35768525F59AC77D35522AC885831A9947299E114A8956FE5BCA103DB7BB2C"));
+ test_hash(&nettle_sha3_256, /* 97 octets */
+ SHEX("38A10A352CA5AEDFA8E19C64787D8E9C3A75DBF3B8674BFAB29B5DBFC15A63D10FAE66CD1A6E6D2452D557967EAAD89A4C98449787B0B3164CA5B717A93F24EB0B506CEB70CBBCB8D72B2A72993F909AAD92F044E0B5A2C9AC9CB16A0CA2F81F49"),
+ SHEX("955F1F7E4E54660B26F30086F2DDDAEDD32813547C1B95D305D882682B4FF7A0"));
+ test_hash(&nettle_sha3_256, /* 98 octets */
+ SHEX("6D8C6E449BC13634F115749C248C17CD148B72157A2C37BF8969EA83B4D6BA8C0EE2711C28EE11495F43049596520CE436004B026B6C1F7292B9C436B055CBB72D530D860D1276A1502A5140E3C3F54A93663E4D20EDEC32D284E25564F624955B52"),
+ SHEX("8FAC5A34EBAFA38B55333624A9514FE97D9956E74309C5252CD2090D3BBE2F9E"));
+ test_hash(&nettle_sha3_256, /* 99 octets */
+ SHEX("6EFCBCAF451C129DBE00B9CEF0C3749D3EE9D41C7BD500ADE40CDC65DEDBBBADB885A5B14B32A0C0D087825201E303288A733842FA7E599C0C514E078F05C821C7A4498B01C40032E9F1872A1C925FA17CE253E8935E4C3C71282242CB716B2089CCC1"),
+ SHEX("62039E0F53869480F88C87BB3D19A31AAD32878F27F2C4E78FF02BBEA2B8B0B9"));
+ test_hash(&nettle_sha3_256, /* 100 octets */
+ SHEX("433C5303131624C0021D868A30825475E8D0BD3052A022180398F4CA4423B98214B6BEAAC21C8807A2C33F8C93BD42B092CC1B06CEDF3224D5ED1EC29784444F22E08A55AA58542B524B02CD3D5D5F6907AFE71C5D7462224A3F9D9E53E7E0846DCBB4CE"),
+ SHEX("CE87A5173BFFD92399221658F801D45C294D9006EE9F3F9D419C8D427748DC41"));
+ test_hash(&nettle_sha3_256, /* 101 octets */
+ SHEX("A873E0C67CA639026B6683008F7AA6324D4979550E9BCE064CA1E1FB97A30B147A24F3F666C0A72D71348EDE701CF2D17E2253C34D1EC3B647DBCEF2F879F4EB881C4830B791378C901EB725EA5C172316C6D606E0AF7DF4DF7F76E490CD30B2BADF45685F"),
+ SHEX("2EF8907B60108638E50EAC535CC46CA02E04581DDB4235FBAC5CB5C53583E24B"));
+ test_hash(&nettle_sha3_256, /* 102 octets */
+ SHEX("006917B64F9DCDF1D2D87C8A6173B64F6587168E80FAA80F82D84F60301E561E312D9FBCE62F39A6FB476E01E925F26BCC91DE621449BE6504C504830AAE394096C8FC7694651051365D4EE9070101EC9B68086F2EA8F8AB7B811EA8AD934D5C9B62C60A4771"),
+ SHEX("BE8B5BD36518E9C5F4C768FC02461BB3D39A5D00EDEF82CEC7DF351DF80238E0"));
+ test_hash(&nettle_sha3_256, /* 103 octets */
+ SHEX("F13C972C52CB3CC4A4DF28C97F2DF11CE089B815466BE88863243EB318C2ADB1A417CB1041308598541720197B9B1CB5BA2318BD5574D1DF2174AF14884149BA9B2F446D609DF240CE335599957B8EC80876D9A085AE084907BC5961B20BF5F6CA58D5DAB38ADB"),
+ SHEX("52CBC5DBE49B009663C43F079DD180E38A77533778062A72A29E864A58522922"));
+ test_hash(&nettle_sha3_256, /* 104 octets */
+ SHEX("E35780EB9799AD4C77535D4DDB683CF33EF367715327CF4C4A58ED9CBDCDD486F669F80189D549A9364FA82A51A52654EC721BB3AAB95DCEB4A86A6AFA93826DB923517E928F33E3FBA850D45660EF83B9876ACCAFA2A9987A254B137C6E140A21691E1069413848"),
+ SHEX("3A8DFCFD1B362003DDFA17910727539E64B18021ABBA018B5F58D71F7A449733"));
+ test_hash(&nettle_sha3_256, /* 105 octets */
+ SHEX("64EC021C9585E01FFE6D31BB50D44C79B6993D72678163DB474947A053674619D158016ADB243F5C8D50AA92F50AB36E579FF2DABB780A2B529370DAA299207CFBCDD3A9A25006D19C4F1FE33E4B1EAEC315D8C6EE1E730623FD1941875B924EB57D6D0C2EDC4E78D6"),
+ SHEX("FA221DEEE80E25E53C6C448AA22028B72501F07D1FF2C3FC7F93AF9838B2D0A9"));
+ test_hash(&nettle_sha3_256, /* 106 octets */
+ SHEX("5954BAB512CF327D66B5D9F296180080402624AD7628506B555EEA8382562324CF452FBA4A2130DE3E165D11831A270D9CB97CE8C2D32A96F50D71600BB4CA268CF98E90D6496B0A6619A5A8C63DB6D8A0634DFC6C7EC8EA9C006B6C456F1B20CD19E781AF20454AC880"),
+ SHEX("ED9C8B87FCE27BE4E95610DB1DDD0C035847F4699DFC8C039A798A30343A6059"));
+ test_hash(&nettle_sha3_256, /* 107 octets */
+ SHEX("03D9F92B2C565709A568724A0AFF90F8F347F43B02338F94A03ED32E6F33666FF5802DA4C81BDCE0D0E86C04AFD4EDC2FC8B4141C2975B6F07639B1994C973D9A9AFCE3D9D365862003498513BFA166D2629E314D97441667B007414E739D7FEBF0FE3C32C17AA188A8683"),
+ SHEX("A485CC9CF4CA4F659F89A0B791A4423953424AC57146B879D385A9E4062AFE52"));
+ test_hash(&nettle_sha3_256, /* 108 octets */
+ SHEX("F31E8B4F9E0621D531D22A380BE5D9ABD56FAEC53CBD39B1FAB230EA67184440E5B1D15457BD25F56204FA917FA48E669016CB48C1FFC1E1E45274B3B47379E00A43843CF8601A5551411EC12503E5AAC43D8676A1B2297EC7A0800DBFEE04292E937F21C005F17411473041"),
+ SHEX("93CD4369A7796239A5CDF78BCE22EBB2137A631C3A613D5E35816D2A64A34947"));
+ test_hash(&nettle_sha3_256, /* 109 octets */
+ SHEX("758EA3FEA738973DB0B8BE7E599BBEF4519373D6E6DCD7195EA885FC991D896762992759C2A09002912FB08E0CB5B76F49162AEB8CF87B172CF3AD190253DF612F77B1F0C532E3B5FC99C2D31F8F65011695A087A35EE4EEE5E334C369D8EE5D29F695815D866DA99DF3F79403"),
+ SHEX("3751CE08750D927EB5C3AE4CA62A703A481D86A4FA1C011E812B4BC0A2FEF08D"));
+ test_hash(&nettle_sha3_256, /* 110 octets */
+ SHEX("47C6E0C2B74948465921868804F0F7BD50DD323583DC784F998A93CD1CA4C6EF84D41DC81C2C40F34B5BEE6A93867B3BDBA0052C5F59E6F3657918C382E771D33109122CC8BB0E1E53C4E3D13B43CE44970F5E0C079D2AD7D7A3549CD75760C21BB15B447589E86E8D76B1E9CED2"),
+ SHEX("A88C7EF7B89B7B6F75D83922B8FD00F034D719F97C67884121434447AE9DD3B9"));
+ test_hash(&nettle_sha3_256, /* 111 octets */
+ SHEX("F690A132AB46B28EDFA6479283D6444E371C6459108AFD9C35DBD235E0B6B6FF4C4EA58E7554BD002460433B2164CA51E868F7947D7D7A0D792E4ABF0BE5F450853CC40D85485B2B8857EA31B5EA6E4CCFA2F3A7EF3380066D7D8979FDAC618AAD3D7E886DEA4F005AE4AD05E5065F"),
+ SHEX("2B4F8F9EF7D6ED60BB4881E635E0F887A51B0C1A42BAB077976B43D2C715E11A"));
+ test_hash(&nettle_sha3_256, /* 112 octets */
+ SHEX("58D6A99BC6458824B256916770A8417040721CCCFD4B79EACD8B65A3767CE5BA7E74104C985AC56B8CC9AEBD16FEBD4CDA5ADB130B0FF2329CC8D611EB14DAC268A2F9E633C99DE33997FEA41C52A7C5E1317D5B5DAED35EBA7D5A60E45D1FA7EAABC35F5C2B0A0F2379231953322C4E"),
+ SHEX("586CFFDC434313CC4E133E85AC88B3E5DEA71818ABCAC236F0AAE418F72B6CDE"));
+ test_hash(&nettle_sha3_256, /* 113 octets */
+ SHEX("BEFAB574396D7F8B6705E2D5B58B2C1C820BB24E3F4BAE3E8FBCD36DBF734EE14E5D6AB972AEDD3540235466E825850EE4C512EA9795ABFD33F330D9FD7F79E62BBB63A6EA85DE15BEAEEA6F8D204A28956059E2632D11861DFB0E65BC07AC8A159388D5C3277E227286F65FF5E5B5AEC1"),
+ SHEX("52D14AB96B24AA4A7A55721AA8550B1FCCAC3653C78234783F7295AE5F39A17A"));
+ test_hash(&nettle_sha3_256, /* 114 octets */
+ SHEX("8E58144FA9179D686478622CE450C748260C95D1BA43B8F9B59ABECA8D93488DA73463EF40198B4D16FB0B0707201347E0506FF19D01BEA0F42B8AF9E71A1F1BD168781069D4D338FDEF00BF419FBB003031DF671F4A37979564F69282DE9C65407847DD0DA505AB1641C02DEA4F0D834986"),
+ SHEX("B6345EDD966030CF70DFB5B7552BC141C42EFE7A7E84F957B1BAF4671BAE4354"));
+ test_hash(&nettle_sha3_256, /* 115 octets */
+ SHEX("B55C10EAE0EC684C16D13463F29291BF26C82E2FA0422A99C71DB4AF14DD9C7F33EDA52FD73D017CC0F2DBE734D831F0D820D06D5F89DACC485739144F8CFD4799223B1AFF9031A105CB6A029BA71E6E5867D85A554991C38DF3C9EF8C1E1E9A7630BE61CAABCA69280C399C1FB7A12D12AEFC"),
+ SHEX("0347901965D3635005E75A1095695CCA050BC9ED2D440C0372A31B348514A889"));
+ test_hash(&nettle_sha3_256, /* 116 octets */
+ SHEX("2EEEA693F585F4ED6F6F8865BBAE47A6908AECD7C429E4BEC4F0DE1D0CA0183FA201A0CB14A529B7D7AC0E6FF6607A3243EE9FB11BCF3E2304FE75FFCDDD6C5C2E2A4CD45F63C962D010645058D36571404A6D2B4F44755434D76998E83409C3205AA1615DB44057DB991231D2CB42624574F545"),
+ SHEX("F0BF7105870F2382B76863BB97AEE79F95AE0E8142675BBCCDB3475B0C99352F"));
+ test_hash(&nettle_sha3_256, /* 117 octets */
+ SHEX("DAB11DC0B047DB0420A585F56C42D93175562852428499F66A0DB811FCDDDAB2F7CDFFED1543E5FB72110B64686BC7B6887A538AD44C050F1E42631BC4EC8A9F2A047163D822A38989EE4AAB01B4C1F161B062D873B1CFA388FD301514F62224157B9BEF423C7783B7AAC8D30D65CD1BBA8D689C2D"),
+ SHEX("631C6F5ABE50B27C9DEA557FC3FBD3FB25781FCB1BBF9F2E010CCA20EC52DBC4"));
+ test_hash(&nettle_sha3_256, /* 118 octets */
+ SHEX("42E99A2F80AEE0E001279A2434F731E01D34A44B1A8101726921C0590C30F3120EB83059F325E894A5AC959DCA71CE2214799916424E859D27D789437B9D27240BF8C35ADBAFCECC322B48AA205B293962D858652ABACBD588BCF6CBC388D0993BD622F96ED54614C25B6A9AA527589EAAFFCF17DDF7"),
+ SHEX("3757A53D195B43B403A796A74AAFB2064072A69E372EE5B36CC2B7A791F75C9F"));
+ test_hash(&nettle_sha3_256, /* 119 octets */
+ SHEX("3C9B46450C0F2CAE8E3823F8BDB4277F31B744CE2EB17054BDDC6DFF36AF7F49FB8A2320CC3BDF8E0A2EA29AD3A55DE1165D219ADEDDB5175253E2D1489E9B6FDD02E2C3D3A4B54D60E3A47334C37913C5695378A669E9B72DEC32AF5434F93F46176EBF044C4784467C700470D0C0B40C8A088C815816"),
+ SHEX("0CC903ACBCED724B221D34877D1D1427182F9493A33DF7758720E8BFC7AF98EE"));
+ test_hash(&nettle_sha3_256, /* 120 octets */
+ SHEX("D1E654B77CB155F5C77971A64DF9E5D34C26A3CAD6C7F6B300D39DEB1910094691ADAA095BE4BA5D86690A976428635D5526F3E946F7DC3BD4DBC78999E653441187A81F9ADCD5A3C5F254BC8256B0158F54673DCC1232F6E918EBFC6C51CE67EAEB042D9F57EEC4BFE910E169AF78B3DE48D137DF4F2840"),
+ SHEX("F23750C32973F24C2422F4E2B43589D9E76D6A575938E01A96AE8E73D026569C"));
+ test_hash(&nettle_sha3_256, /* 121 octets */
+ SHEX("626F68C18A69A6590159A9C46BE03D5965698F2DAC3DE779B878B3D9C421E0F21B955A16C715C1EC1E22CE3EB645B8B4F263F60660EA3028981EEBD6C8C3A367285B691C8EE56944A7CD1217997E1D9C21620B536BDBD5DE8925FF71DEC6FBC06624AB6B21E329813DE90D1E572DFB89A18120C3F606355D25"),
+ SHEX("1ECE87E44A99F59D26411418FB8793689FF8A9C6EF75599056087D8C995BCE1E"));
+ test_hash(&nettle_sha3_256, /* 122 octets */
+ SHEX("651A6FB3C4B80C7C68C6011675E6094EB56ABF5FC3057324EBC6477825061F9F27E7A94633ABD1FA598A746E4A577CAF524C52EC1788471F92B8C37F23795CA19D559D446CAB16CBCDCE90B79FA1026CEE77BF4AB1B503C5B94C2256AD75B3EAC6FD5DCB96ACA4B03A834BFB4E9AF988CECBF2AE597CB9097940"),
+ SHEX("71B4F90AC9215D7474B1197D1B8B24449FD57E9B05483D32EDBEBCB21A82F866"));
+ test_hash(&nettle_sha3_256, /* 123 octets */
+ SHEX("8AAF072FCE8A2D96BC10B3C91C809EE93072FB205CA7F10ABD82ECD82CF040B1BC49EA13D1857815C0E99781DE3ADBB5443CE1C897E55188CEAF221AA9681638DE05AE1B322938F46BCE51543B57ECDB4C266272259D1798DE13BE90E10EFEC2D07484D9B21A3870E2AA9E06C21AA2D0C9CF420080A80A91DEE16F"),
+ SHEX("3B3678BB116FADAB484291F0CF972606523501F5B45D51063797972928E333C0"));
+ test_hash(&nettle_sha3_256, /* 124 octets */
+ SHEX("53F918FD00B1701BD504F8CDEA803ACCA21AC18C564AB90C2A17DA592C7D69688F6580575395551E8CD33E0FEF08CA6ED4588D4D140B3E44C032355DF1C531564D7F4835753344345A6781E11CD5E095B73DF5F82C8AE3AD00877936896671E947CC52E2B29DCD463D90A0C9929128DA222B5A211450BBC0E02448E2"),
+ SHEX("4068246495F508897813332962D3AE0B84685045E832A9A39AD5E94C154D2679"));
+ test_hash(&nettle_sha3_256, /* 125 octets */
+ SHEX("A64599B8A61B5CCEC9E67AED69447459C8DA3D1EC6C7C7C82A7428B9B584FA67E90F68E2C00FBBED4613666E5168DA4A16F395F7A3C3832B3B134BFC9CBAA95D2A0FE252F44AC6681EB6D40AB91C1D0282FED6701C57463D3C5F2BB8C6A7301FB4576AA3B5F15510DB8956FF77478C26A7C09BEA7B398CFC83503F538E"),
+ SHEX("82696259536520E5E4D47E106BD1DCB397529AAFB75878F332D2AF2684493F1B"));
+ test_hash(&nettle_sha3_256, /* 126 octets */
+ SHEX("0E3AB0E054739B00CDB6A87BD12CAE024B54CB5E550E6C425360C2E87E59401F5EC24EF0314855F0F56C47695D56A7FB1417693AF2A1ED5291F2FEE95F75EED54A1B1C2E81226FBFF6F63ADE584911C71967A8EB70933BC3F5D15BC91B5C2644D9516D3C3A8C154EE48E118BD1442C043C7A0DBA5AC5B1D5360AAE5B9065"),
+ SHEX("B494852603393B2B71845BACBDCE89FA1427DFE4AF9CDF925D4F93FA83B9966B"));
+ test_hash(&nettle_sha3_256, /* 127 octets */
+ SHEX("A62FC595B4096E6336E53FCDFC8D1CC175D71DAC9D750A6133D23199EAAC288207944CEA6B16D27631915B4619F743DA2E30A0C00BBDB1BBB35AB852EF3B9AEC6B0A8DCC6E9E1ABAA3AD62AC0A6C5DE765DE2C3711B769E3FDE44A74016FFF82AC46FA8F1797D3B2A726B696E3DEA5530439ACEE3A45C2A51BC32DD055650B"),
+ SHEX("D8A619C0DFBED2A9498A147B53D7B33DD653D390E5C0CD691F02C8608822D06A"));
+ test_hash(&nettle_sha3_256, /* 128 octets */
+ SHEX("2B6DB7CED8665EBE9DEB080295218426BDAA7C6DA9ADD2088932CDFFBAA1C14129BCCDD70F369EFB149285858D2B1D155D14DE2FDB680A8B027284055182A0CAE275234CC9C92863C1B4AB66F304CF0621CD54565F5BFF461D3B461BD40DF28198E3732501B4860EADD503D26D6E69338F4E0456E9E9BAF3D827AE685FB1D817"),
+ SHEX("D82E257D000DC9FA279A00E2961E3286D2FE1C02EF59833AB8A6A7101BC25054"));
+ test_hash(&nettle_sha3_256, /* 129 octets */
+ SHEX("10DB509B2CDCABA6C062AE33BE48116A29EB18E390E1BBADA5CA0A2718AFBCD23431440106594893043CC7F2625281BF7DE2655880966A23705F0C5155C2F5CCA9F2C2142E96D0A2E763B70686CD421B5DB812DACED0C6D65035FDE558E94F26B3E6DDE5BD13980CC80292B723013BD033284584BFF27657871B0CF07A849F4AE2"),
+ SHEX("8D5B7DBF3947219ACDB04FB2E11A84A313C54C22F2AE858DFC8887BF6265F5F3"));
+ test_hash(&nettle_sha3_256, /* 130 octets */
+ SHEX("9334DE60C997BDA6086101A6314F64E4458F5FF9450C509DF006E8C547983C651CA97879175AABA0C539E82D05C1E02C480975CBB30118121061B1EBAC4F8D9A3781E2DB6B18042E01ECF9017A64A0E57447EC7FCBE6A7F82585F7403EE2223D52D37B4BF426428613D6B4257980972A0ACAB508A7620C1CB28EB4E9D30FC41361EC"),
+ SHEX("607C3F31342C3EE5C93E552A8DD79FA86DCCAE2C1B58AABAC25B5918ACFA4DA5"));
+ test_hash(&nettle_sha3_256, /* 131 octets */
+ SHEX("E88AB086891693AA535CEB20E64C7AB97C7DD3548F3786339897A5F0C39031549CA870166E477743CCFBE016B4428D89738E426F5FFE81626137F17AECFF61B72DBEE2DC20961880CFE281DFAB5EE38B1921881450E16032DE5E4D55AD8D4FCA609721B0692BAC79BE5A06E177FE8C80C0C83519FB3347DE9F43D5561CB8107B9B5EDC"),
+ SHEX("0656DE9DCD7B7112A86C7BA199637D2C1C9E9CFBB713E4EDE79F8862EE69993F"));
+ test_hash(&nettle_sha3_256, /* 132 octets */
+ SHEX("FD19E01A83EB6EC810B94582CB8FBFA2FCB992B53684FB748D2264F020D3B960CB1D6B8C348C2B54A9FCEA72330C2AAA9A24ECDB00C436ABC702361A82BB8828B85369B8C72ECE0082FE06557163899C2A0EFA466C33C04343A839417057399A63A3929BE1EE4805D6CE3E5D0D0967FE9004696A5663F4CAC9179006A2CEB75542D75D68"),
+ SHEX("4DDD6224858299F3378E3F5A0ECC52FA4C419C8EBB20F635C4C43F36324ECB4E"));
+ test_hash(&nettle_sha3_256, /* 133 octets */
+ SHEX("59AE20B6F7E0B3C7A989AFB28324A40FCA25D8651CF1F46AE383EF6D8441587AA1C04C3E3BF88E8131CE6145CFB8973D961E8432B202FA5AF3E09D625FAAD825BC19DA9B5C6C20D02ABDA2FCC58B5BD3FE507BF201263F30543819510C12BC23E2DDB4F711D087A86EDB1B355313363A2DE996B891025E147036087401CCF3CA7815BF3C49"),
+ SHEX("EC096314E2F73B6A7027FFFA02104C2F6DD187F20C743445BEFD4B5C034B3295"));
+ test_hash(&nettle_sha3_256, /* 134 octets */
+ SHEX("77EE804B9F3295AB2362798B72B0A1B2D3291DCEB8139896355830F34B3B328561531F8079B79A6E9980705150866402FDC176C05897E359A6CB1A7AB067383EB497182A7E5AEF7038E4C96D133B2782917417E391535B5E1B51F47D8ED7E4D4025FE98DC87B9C1622614BFF3D1029E68E372DE719803857CA52067CDDAAD958951CB2068CC6"),
+ SHEX("FE71D01C2EE50E054D6B07147EF62954FDE7E6959D6EEBA68E3C94107EB0084D"));
+ test_hash(&nettle_sha3_256, /* 135 octets */
+ SHEX("B771D5CEF5D1A41A93D15643D7181D2A2EF0A8E84D91812F20ED21F147BEF732BF3A60EF4067C3734B85BC8CD471780F10DC9E8291B58339A677B960218F71E793F2797AEA349406512829065D37BB55EA796FA4F56FD8896B49B2CD19B43215AD967C712B24E5032D065232E02C127409D2ED4146B9D75D763D52DB98D949D3B0FED6A8052FBB"),
+ SHEX("BD6F5492582A7C1B116304DE28314DF9FFFE95B0DA11AF52FE9440A717A34859"));
+ test_hash(&nettle_sha3_256, /* 136 octets */
+ SHEX("B32D95B0B9AAD2A8816DE6D06D1F86008505BD8C14124F6E9A163B5A2ADE55F835D0EC3880EF50700D3B25E42CC0AF050CCD1BE5E555B23087E04D7BF9813622780C7313A1954F8740B6EE2D3F71F768DD417F520482BD3A08D4F222B4EE9DBD015447B33507DD50F3AB4247C5DE9A8ABD62A8DECEA01E3B87C8B927F5B08BEB37674C6F8E380C04"),
+ SHEX("E717A7769448ABBE5FEF8187954A88AC56DED1D22E63940AB80D029585A21921"));
+ test_hash(&nettle_sha3_256, /* 137 octets */
+ SHEX("04410E31082A47584B406F051398A6ABE74E4DA59BB6F85E6B49E8A1F7F2CA00DFBA5462C2CD2BFDE8B64FB21D70C083F11318B56A52D03B81CAC5EEC29EB31BD0078B6156786DA3D6D8C33098C5C47BB67AC64DB14165AF65B44544D806DDE5F487D5373C7F9792C299E9686B7E5821E7C8E2458315B996B5677D926DAC57B3F22DA873C601016A0D"),
+ SHEX("A95D50B50B4545F0947441DF74A1E9D74622EB3BAA49C1BBFC3A0CCE6619C1AA"));
+ test_hash(&nettle_sha3_256, /* 138 octets */
+ SHEX("8B81E9BADDE026F14D95C019977024C9E13DB7A5CD21F9E9FC491D716164BBACDC7060D882615D411438AEA056C340CDF977788F6E17D118DE55026855F93270472D1FD18B9E7E812BAE107E0DFDE7063301B71F6CFE4E225CAB3B232905A56E994F08EE2891BA922D49C3DAFEB75F7C69750CB67D822C96176C46BD8A29F1701373FB09A1A6E3C7158F"),
+ SHEX("ED53D72595ACE3A6D5166A4EDE41CCE362D644BDED772BE616B87BCF678A6364"));
+ test_hash(&nettle_sha3_256, /* 139 octets */
+ SHEX("FA6EED24DA6666A22208146B19A532C2EC9BA94F09F1DEF1E7FC13C399A48E41ACC2A589D099276296348F396253B57CB0E40291BD282773656B6E0D8BEA1CDA084A3738816A840485FCF3FB307F777FA5FEAC48695C2AF4769720258C77943FB4556C362D9CBA8BF103AEB9034BAA8EA8BFB9C4F8E6742CE0D52C49EA8E974F339612E830E9E7A9C29065"),
+ SHEX("810401B247C23529E24655CAB86C42DF44085DA76CA01C9A14618E563B7C41BE"));
+ test_hash(&nettle_sha3_256, /* 140 octets */
+ SHEX("9BB4AF1B4F09C071CE3CAFA92E4EB73CE8A6F5D82A85733440368DEE4EB1CBC7B55AC150773B6FE47DBE036C45582ED67E23F4C74585DAB509DF1B83610564545642B2B1EC463E18048FC23477C6B2AA035594ECD33791AF6AF4CBC2A1166ABA8D628C57E707F0B0E8707CAF91CD44BDB915E0296E0190D56D33D8DDE10B5B60377838973C1D943C22ED335E"),
+ SHEX("9F01E63F2355393ECB1908D0CAF39718833004A4BF37EBF4CF8D7319B65172DF"));
+ test_hash(&nettle_sha3_256, /* 141 octets */
+ SHEX("2167F02118CC62043E9091A647CADBED95611A521FE0D64E8518F16C808AB297725598AE296880A773607A798F7C3CFCE80D251EBEC6885015F9ABF7EAABAE46798F82CB5926DE5C23F44A3F9F9534B3C6F405B5364C2F8A8BDC5CA49C749BED8CE4BA48897062AE8424CA6DDE5F55C0E42A95D1E292CA54FB46A84FBC9CD87F2D0C9E7448DE3043AE22FDD229"),
+ SHEX("7EC11DE7DB790A850281F043592779B409195DB4ECEDEEFBB93BA683D3BCA851"));
+ test_hash(&nettle_sha3_256, /* 142 octets */
+ SHEX("94B7FA0BC1C44E949B1D7617D31B4720CBE7CA57C6FA4F4094D4761567E389ECC64F6968E4064DF70DF836A47D0C713336B5028B35930D29EB7A7F9A5AF9AD5CF441745BAEC9BB014CEEFF5A41BA5C1CE085FEB980BAB9CF79F2158E03EF7E63E29C38D7816A84D4F71E0F548B7FC316085AE38A060FF9B8DEC36F91AD9EBC0A5B6C338CBB8F6659D342A24368CF"),
+ SHEX("A74AF9C523B4A08D9DB9692EA89255977A5919B9292B7CD0D92C90C97C98E224"));
+ test_hash(&nettle_sha3_256, /* 143 octets */
+ SHEX("EA40E83CB18B3A242C1ECC6CCD0B7853A439DAB2C569CFC6DC38A19F5C90ACBF76AEF9EA3742FF3B54EF7D36EB7CE4FF1C9AB3BC119CFF6BE93C03E208783335C0AB8137BE5B10CDC66FF3F89A1BDDC6A1EED74F504CBE7290690BB295A872B9E3FE2CEE9E6C67C41DB8EFD7D863CF10F840FE618E7936DA3DCA5CA6DF933F24F6954BA0801A1294CD8D7E66DFAFEC"),
+ SHEX("344D129C228359463C40555D94213D015627E5871C04F106A0FEEF9361CDECB6"));
+ test_hash(&nettle_sha3_256, /* 144 octets */
+ SHEX("157D5B7E4507F66D9A267476D33831E7BB768D4D04CC3438DA12F9010263EA5FCAFBDE2579DB2F6B58F911D593D5F79FB05FE3596E3FA80FF2F761D1B0E57080055C118C53E53CDB63055261D7C9B2B39BD90ACC32520CBBDBDA2C4FD8856DBCEE173132A2679198DAF83007A9B5C51511AE49766C792A29520388444EBEFE28256FB33D4260439CBA73A9479EE00C63"),
+ SHEX("4CE7C2B935F21FC34C5E56D940A555C593872AEC2F896DE4E68F2A017060F535"));
+ test_hash(&nettle_sha3_256, /* 145 octets */
+ SHEX("836B34B515476F613FE447A4E0C3F3B8F20910AC89A3977055C960D2D5D2B72BD8ACC715A9035321B86703A411DDE0466D58A59769672AA60AD587B8481DE4BBA552A1645779789501EC53D540B904821F32B0BD1855B04E4848F9F8CFE9EBD8911BE95781A759D7AD9724A7102DBE576776B7C632BC39B9B5E19057E226552A5994C1DBB3B5C7871A11F5537011044C53"),
+ SHEX("24B69D8AB35BACCBD92F94E1B70B07C4C0ECF14EAEAC4B6B8560966D5BE086F3"));
+ test_hash(&nettle_sha3_256, /* 146 octets */
+ SHEX("CC7784A4912A7AB5AD3620AAB29BA87077CD3CB83636ADC9F3DC94F51EDF521B2161EF108F21A0A298557981C0E53CE6CED45BDF782C1EF200D29BAB81DD6460586964EDAB7CEBDBBEC75FD7925060F7DA2B853B2B089588FA0F8C16EC6498B14C55DCEE335CB3A91D698E4D393AB8E8EAC0825F8ADEBEEE196DF41205C011674E53426CAA453F8DE1CBB57932B0B741D4C6"),
+ SHEX("19F34215373E8E80F686953E03CA472B50216719CB515E0667D4E686E45FCF7C"));
+ test_hash(&nettle_sha3_256, /* 147 octets */
+ SHEX("7639B461FFF270B2455AC1D1AFCE782944AEA5E9087EB4A39EB96BB5C3BAAF0E868C8526D3404F9405E79E77BFAC5FFB89BF1957B523E17D341D7323C302EA7083872DD5E8705694ACDDA36D5A1B895AAA16ECA6104C82688532C8BFE1790B5DC9F4EC5FE95BAED37E1D287BE710431F1E5E8EE105BC42ED37D74B1E55984BF1C09FE6A1FA13EF3B96FAEAED6A2A1950A12153"),
+ SHEX("290BD4808E5676EB0C978084E4CD68E745031659A26807AD615B10CDA589B969"));
+ test_hash(&nettle_sha3_256, /* 148 octets */
+ SHEX("EB6513FC61B30CFBA58D4D7E80F94D14589090CF1D80B1DF2E68088DC6104959BA0D583D585E9578AB0AEC0CF36C48435EB52ED9AB4BBCE7A5ABE679C97AE2DBE35E8CC1D45B06DDA3CF418665C57CBEE4BBB47FA4CAF78F4EE656FEC237FE4EEBBAFA206E1EF2BD0EE4AE71BD0E9B2F54F91DAADF1FEBFD7032381D636B733DCB3BF76FB14E23AFF1F68ED3DBCF75C9B99C6F26"),
+ SHEX("70999AB9818309AFA8F1ADC4FEA47A071A8ABD94012F7CE28CC794A0D997C5CB"));
+ test_hash(&nettle_sha3_256, /* 149 octets */
+ SHEX("1594D74BF5DDE444265D4C04DAD9721FF3E34CBF622DAF341FE16B96431F6C4DF1F760D34F296EB97D98D560AD5286FEC4DCE1724F20B54FD7DF51D4BF137ADD656C80546FB1BF516D62EE82BAA992910EF4CC18B70F3F8698276FCFB44E0EC546C2C39CFD8EE91034FF9303058B4252462F86C823EB15BF481E6B79CC3A02218595B3658E8B37382BD5048EAED5FD02C37944E73B"),
+ SHEX("83120033B0140FE3E3E1CBFEBFF323ABC08535C0AA017803F5D2F4ECB35F5DFB"));
+ test_hash(&nettle_sha3_256, /* 150 octets */
+ SHEX("4CFA1278903026F66FEDD41374558BE1B585D03C5C55DAC94361DF286D4BD39C7CB8037ED3B267B07C346626449D0CC5B0DD2CF221F7E4C3449A4BE99985D2D5E67BFF2923357DDEAB5ABCB4619F3A3A57B2CF928A022EB27676C6CF805689004FCA4D41EA6C2D0A4789C7605F7BB838DD883B3AD3E6027E775BCF262881428099C7FFF95B14C095EA130E0B9938A5E22FC52650F591"),
+ SHEX("5584BF3E93BC25945C508B9188D0502C6E755BBEBABFC8CB907FA7A252EF464A"));
+ test_hash(&nettle_sha3_256, /* 151 octets */
+ SHEX("D3E65CB92CFA79662F6AF493D696A07CCF32AAADCCEFF06E73E8D9F6F909209E66715D6E978788C49EFB9087B170ECF3AA86D2D4D1A065AE0EFC8924F365D676B3CB9E2BEC918FD96D0B43DEE83727C9A93BF56CA2B2E59ADBA85696546A815067FC7A78039629D4948D157E7B0D826D1BF8E81237BAB7321312FDAA4D521744F988DB6FDF04549D0FDCA393D639C729AF716E9C8BBA48"),
+ SHEX("C234B252C21EDB842634CC124DA5BEE8A4749CFFBA134723F7963B3A9729C0B4"));
+ test_hash(&nettle_sha3_256, /* 152 octets */
+ SHEX("842CC583504539622D7F71E7E31863A2B885C56A0BA62DB4C2A3F2FD12E79660DC7205CA29A0DC0A87DB4DC62EE47A41DB36B9DDB3293B9AC4BAAE7DF5C6E7201E17F717AB56E12CAD476BE49608AD2D50309E7D48D2D8DE4FA58AC3CFEAFEEE48C0A9EEC88498E3EFC51F54D300D828DDDCCB9D0B06DD021A29CF5CB5B2506915BEB8A11998B8B886E0F9B7A80E97D91A7D01270F9A7717"),
+ SHEX("645F25456752091FFFCAADE806C34C79DFFE72140C7C75D6A6ECFEEDF6DB401C"));
+ test_hash(&nettle_sha3_256, /* 153 octets */
+ SHEX("6C4B0A0719573E57248661E98FEBE326571F9A1CA813D3638531AE28B4860F23C3A3A8AC1C250034A660E2D71E16D3ACC4BF9CE215C6F15B1C0FC7E77D3D27157E66DA9CEEC9258F8F2BF9E02B4AC93793DD6E29E307EDE3695A0DF63CBDC0FC66FB770813EB149CA2A916911BEE4902C47C7802E69E405FE3C04CEB5522792A5503FA829F707272226621F7C488A7698C0D69AA561BE9F378"),
+ SHEX("2D7CAC697E7410C1F7735DD691624A7D04FA51815858E8BA98B19B0DED0638B5"));
+ test_hash(&nettle_sha3_256, /* 154 octets */
+ SHEX("51B7DBB7CE2FFEB427A91CCFE5218FD40F9E0B7E24756D4C47CD55606008BDC27D16400933906FD9F30EFFDD4880022D081155342AF3FB6CD53672AB7FB5B3A3BCBE47BE1FD3A2278CAE8A5FD61C1433F7D350675DD21803746CADCA574130F01200024C6340AB0CC2CF74F2234669F34E9009EF2EB94823D62B31407F4BA46F1A1EEC41641E84D77727B59E746B8A671BEF936F05BE820759FA"),
+ SHEX("F664F626BC6B7A8CF03BE429155EE1F5CD6ECF14816DE49A5E229903F89A4DC6"));
+ test_hash(&nettle_sha3_256, /* 155 octets */
+ SHEX("83599D93F5561E821BD01A472386BC2FF4EFBD4AED60D5821E84AAE74D8071029810F5E286F8F17651CD27DA07B1EB4382F754CD1C95268783AD09220F5502840370D494BEB17124220F6AFCE91EC8A0F55231F9652433E5CE3489B727716CF4AEBA7DCDA20CD29AA9A859201253F948DD94395ABA9E3852BD1D60DDA7AE5DC045B283DA006E1CBAD83CC13292A315DB5553305C628DD091146597"),
+ SHEX("06425E83E4AF817D735E9962C0CDDCE2CD40A087A6B0AF3599719E415AB9A72A"));
+ test_hash(&nettle_sha3_256, /* 156 octets */
+ SHEX("2BE9BF526C9D5A75D565DD11EF63B979D068659C7F026C08BEA4AF161D85A462D80E45040E91F4165C074C43AC661380311A8CBED59CC8E4C4518E80CD2C78AB1CABF66BFF83EAB3A80148550307310950D034A6286C93A1ECE8929E6385C5E3BB6EA8A7C0FB6D6332E320E71CC4EB462A2A62E2BFE08F0CCAD93E61BEDB5DD0B786A728AB666F07E0576D189C92BF9FB20DCA49AC2D3956D47385E2"),
+ SHEX("E8C329149B075C459E11C8AC1E7E6ACFA51CA981C89EC0768ED79D19F4E484FB"));
+ test_hash(&nettle_sha3_256, /* 157 octets */
+ SHEX("CA76D3A12595A817682617006848675547D3E8F50C2210F9AF906C0E7CE50B4460186FE70457A9E879E79FD4D1A688C70A347361C847BA0DD6AA52936EAF8E58A1BE2F5C1C704E20146D366AEB3853BED9DE9BEFE9569AC8AAEA37A9FB7139A1A1A7D5C748605A8DEFB297869EBEDD71D615A5DA23496D11E11ABBB126B206FA0A7797EE7DE117986012D0362DCEF775C2FE145ADA6BDA1CCB326BF644"),
+ SHEX("C86768F6C349EB323BD82DB19676E10BD8AE9F7057763556BBB6D0B671E60F2A"));
+ test_hash(&nettle_sha3_256, /* 158 octets */
+ SHEX("F76B85DC67421025D64E93096D1D712B7BAF7FB001716F02D33B2160C2C882C310EF13A576B1C2D30EF8F78EF8D2F465007109AAD93F74CB9E7D7BEF7C9590E8AF3B267C89C15DB238138C45833C98CC4A471A7802723EF4C744A853CF80A0C2568DD4ED58A2C9644806F42104CEE53628E5BDF7B63B0B338E931E31B87C24B146C6D040605567CEEF5960DF9E022CB469D4C787F4CBA3C544A1AC91F95F"),
+ SHEX("D97F46F3B7EDBFB16E52BFEC7DBA0815B94D46E4251E48A853EABDF876127714"));
+ test_hash(&nettle_sha3_256, /* 159 octets */
+ SHEX("25B8C9C032EA6BCD733FFC8718FBB2A503A4EA8F71DEA1176189F694304F0FF68E862A8197B839957549EF243A5279FC2646BD4C009B6D1EDEBF24738197ABB4C992F6B1DC9BA891F570879ACCD5A6B18691A93C7D0A8D38F95B639C1DAEB48C4C2F15CCF5B9D508F8333C32DE78781B41850F261B855C4BEBCC125A380C54D501C5D3BD07E6B52102116088E53D76583B0161E2A58D0778F091206AABD5A1"),
+ SHEX("51D08E00AAA252812D873357107616055B1B8C5FB2AC7917D0F901DFB01FAC47"));
+ test_hash(&nettle_sha3_256, /* 160 octets */
+ SHEX("21CFDC2A7CCB7F331B3D2EEFFF37E48AD9FA9C788C3F3C200E0173D99963E1CBCA93623B264E920394AE48BB4C3A5BB96FFBC8F0E53F30E22956ADABC2765F57FB761E147ECBF8567533DB6E50C8A1F894310A94EDF806DD8CA6A0E141C0FA7C9FAE6C6AE65F18C93A8529E6E5B553BF55F25BE2E80A9882BD37F145FECBEB3D447A3C4E46C21524CC55CDD62F521AB92A8BA72B897996C49BB273198B7B1C9E"),
+ SHEX("C6A188A6BDACA4DD7B1BC3E41019AFE93473063F932C166E3242B7F52A3C6F8E"));
+ test_hash(&nettle_sha3_256, /* 161 octets */
+ SHEX("4E452BA42127DCC956EF4F8F35DD68CB225FB73B5BC7E1EC5A898BBA2931563E74FAFF3B67314F241EC49F4A7061E3BD0213AE826BAB380F1F14FAAB8B0EFDDD5FD1BB49373853A08F30553D5A55CCBBB8153DE4704F29CA2BDEEF0419468E05DD51557CCC80C0A96190BBCC4D77ECFF21C66BDF486459D427F986410F883A80A5BCC32C20F0478BB9A97A126FC5F95451E40F292A4614930D054C851ACD019CCF"),
+ SHEX("2B31FBC565110110011AB2C8F6CC3DA8FB55D41B1AE5E04310283F207D39682D"));
+ test_hash(&nettle_sha3_256, /* 162 octets */
+ SHEX("FA85671DF7DADF99A6FFEE97A3AB9991671F5629195049880497487867A6C446B60087FAC9A0F2FCC8E3B24E97E42345B93B5F7D3691829D3F8CCD4BB36411B85FC2328EB0C51CB3151F70860AD3246CE0623A8DC8B3C49F958F8690F8E3860E71EB2B1479A5CEA0B3F8BEFD87ACAF5362435EAECCB52F38617BC6C5C2C6E269EAD1FBD69E941D4AD2012DA2C5B21BCFBF98E4A77AB2AF1F3FDA3233F046D38F1DC8"),
+ SHEX("1351F5DBA46098B9A773381D85D52FAD491B3A82AF9107F173DB81FB35ED91D2"));
+ test_hash(&nettle_sha3_256, /* 163 octets */
+ SHEX("E90847AE6797FBC0B6B36D6E588C0A743D725788CA50B6D792352EA8294F5BA654A15366B8E1B288D84F5178240827975A763BC45C7B0430E8A559DF4488505E009C63DA994F1403F407958203CEBB6E37D89C94A5EACF6039A327F6C4DBBC7A2A307D976AA39E41AF6537243FC218DFA6AB4DD817B6A397DF5CA69107A9198799ED248641B63B42CB4C29BFDD7975AC96EDFC274AC562D0474C60347A078CE4C25E88"),
+ SHEX("DFFC700F3E4D84D9131CBB1F98FB843DBAFCB2EF94A52E89D204D431451A3331"));
+ test_hash(&nettle_sha3_256, /* 164 octets */
+ SHEX("F6D5C2B6C93954FC627602C00C4CA9A7D3ED12B27173F0B2C9B0E4A5939398A665E67E69D0B12FB7E4CEB253E8083D1CEB724AC07F009F094E42F2D6F2129489E846EAFF0700A8D4453EF453A3EDDC18F408C77A83275617FABC4EA3A2833AA73406C0E966276079D38E8E38539A70E194CC5513AAA457C699383FD1900B1E72BDFB835D1FD321B37BA80549B078A49EA08152869A918CA57F5B54ED71E4FD3AC5C06729"),
+ SHEX("26726B52242EF8ECF4C66AED9C4B46BF6F5D87044A0B99D4E4AF47DC360B9B0E"));
+ test_hash(&nettle_sha3_256, /* 165 octets */
+ SHEX("CF8562B1BED89892D67DDAAF3DEEB28246456E972326DBCDB5CF3FB289ACA01E68DA5D59896E3A6165358B071B304D6AB3D018944BE5049D5E0E2BB819ACF67A6006111089E6767132D72DD85BEDDCBB2D64496DB0CC92955AB4C6234F1EEA24F2D51483F2E209E4589BF9519FAC51B4D061E801125E605F8093BB6997BC163D551596FE4AB7CFAE8FB9A90F6980480CE0C229FD1675409BD788354DAF316240CFE0AF93EB"),
+ SHEX("25E536315F08A40976ADECB54756EBC0B224C38FAF11509371B5A692A5269AB5"));
+ test_hash(&nettle_sha3_256, /* 166 octets */
+ SHEX("2ACE31ABB0A2E3267944D2F75E1559985DB7354C6E605F18DC8470423FCA30B7331D9B33C4A4326783D1CAAE1B4F07060EFF978E4746BF0C7E30CD61040BD5EC2746B29863EB7F103EBDA614C4291A805B6A4C8214230564A0557BC7102E0BD3ED23719252F7435D64D210EE2AAFC585BE903FA41E1968C50FD5D5367926DF7A05E3A42CF07E656FF92DE73B036CF8B19898C0CB34557C0C12C2D8B84E91181AF467BC75A9D1"),
+ SHEX("AB504592AD7184BE83CC659EFB5D3DE88BA04B060B45D16A76F034080DDE56C6"));
+ test_hash(&nettle_sha3_256, /* 167 octets */
+ SHEX("0D8D09AED19F1013969CE5E7EB92F83A209AE76BE31C754844EA9116CEB39A22EBB6003017BBCF26555FA6624185187DB8F0CB3564B8B1C06BF685D47F3286EDA20B83358F599D2044BBF0583FAB8D78F854FE0A596183230C5EF8E54426750EAF2CC4E29D3BDD037E734D863C2BD9789B4C243096138F7672C232314EFFDFC6513427E2DA76916B5248933BE312EB5DDE4CF70804FB258AC5FB82D58D08177AC6F4756017FFF5"),
+ SHEX("5D8EE133EC441A3DF50A5268A8F393F13F30F23F226AE3A18EC331844402FF54"));
+ test_hash(&nettle_sha3_256, /* 168 octets */
+ SHEX("C3236B73DEB7662BF3F3DAA58F137B358BA610560EF7455785A9BEFDB035A066E90704F929BD9689CEF0CE3BDA5ACF4480BCEB8D09D10B098AD8500D9B6071DFC3A14AF6C77511D81E3AA8844986C3BEA6F469F9E02194C92868CD5F51646256798FF0424954C1434BDFED9FACB390B07D342E992936E0F88BFD0E884A0DDB679D0547CCDEC6384285A45429D115AC7D235A717242021D1DC35641F5F0A48E8445DBA58E6CB2C8EA"),
+ SHEX("712B1CC04C009B52035CC44C9505BB5CB577BA0AD1734EC23620F57EEF3D37FB"));
+ test_hash(&nettle_sha3_256, /* 169 octets */
+ SHEX("B39FEB8283EADC63E8184B51DF5AE3FD41AAC8A963BB0BE1CD08AA5867D8D910C669221E73243360646F6553D1CA05A84E8DC0DE05B6419EC349CA994480193D01C92525F3FB3DCEFB08AFC6D26947BDBBFD85193F53B50609C6140905C53A6686B58E53A319A57B962331EDE98149AF3DE3118A819DA4D76706A0424B4E1D2910B0ED26AF61D150EBCB46595D4266A0BD7F651BA47D0C7F179CA28545007D92E8419D48FDFBD744CE"),
+ SHEX("942E39E230A2251FFDB2F85202871C98597008401B322FF9840CC90CC85B337D"));
+ test_hash(&nettle_sha3_256, /* 170 octets */
+ SHEX("A983D54F503803E8C7999F4EDBBE82E9084F422143A932DDDDC47A17B0B7564A7F37A99D0786E99476428D29E29D3C197A72BFAB1342C12A0FC4787FD7017D7A6174049EA43B5779169EF7472BDBBD941DCB82FC73AAC45A8A94C9F2BD3477F61FD3B796F02A1B8264A214C6FEA74B7051B226C722099EC7883A462B83B6AFDD4009248B8A237F605FE5A08FE7D8B45321421EBBA67BD70A0B00DDBF94BAAB7F359D5D1EEA105F28DCFB"),
+ SHEX("B542B6CD8EF2DAB4ED83B77AC6DC52DAF554ECDA4EF7AB0A50E546BEBE2D8E5A"));
+ test_hash(&nettle_sha3_256, /* 171 octets */
+ SHEX("E4D1C1897A0A866CE564635B74222F9696BF2C7F640DD78D7E2ACA66E1B61C642BB03EA7536AAE597811E9BF4A7B453EDE31F97B46A5F0EF51A071A2B3918DF16B152519AE3776F9F1EDAB4C2A377C3292E96408359D3613844D5EB393000283D5AD3401A318B12FD1474B8612F2BB50FB6A8B9E023A54D7DDE28C43D6D8854C8D9D1155935C199811DBFC87E9E0072E90EB88681CC7529714F8FB8A2C9D88567ADFB974EE205A9BF7B848"),
+ SHEX("F7E9E825722E6554A8619CCA3E57F5B5E6B7347431D55CE178372C917BFB3DC2"));
+ test_hash(&nettle_sha3_256, /* 172 octets */
+ SHEX("B10C59723E3DCADD6D75DF87D0A1580E73133A9B7D00CB95EC19F5547027323BE75158B11F80B6E142C6A78531886D9047B08E551E75E6261E79785366D7024BD7CD9CF322D9BE7D57FB661069F2481C7BB759CD71B4B36CA2BC2DF6D3A328FAEBDB995A9794A8D72155ED551A1F87C80BF6059B43FC764900B18A1C2441F7487743CF84E565F61F8DD2ECE6B6CCC9444049197AAAF53E926FBEE3BFCA8BE588EC77F29D211BE89DE18B15F6"),
+ SHEX("14BB22B98EAF41A4C224FD3C37188A755F9B04F46F3E23A652DA3DB9E25D2F2C"));
+ test_hash(&nettle_sha3_256, /* 173 octets */
+ SHEX("DB11F609BABA7B0CA634926B1DD539C8CBADA24967D7ADD4D9876F77C2D80C0F4DCEFBD7121548373582705CCA2495BD2A43716FE64ED26D059CFB566B3364BD49EE0717BDD9810DD14D8FAD80DBBDC4CAFB37CC60FB0FE2A80FB4541B8CA9D59DCE457738A9D3D8F641AF8C3FD6DA162DC16FC01AAC527A4A0255B4D231C0BE50F44F0DB0B713AF03D968FE7F0F61ED0824C55C4B5265548FEBD6AAD5C5EEDF63EFE793489C39B8FD29D104CE"),
+ SHEX("EB5668F9941C06E5E38EA01B7FA980638B9536CA1939950C1629F84A6EFF3866"));
+ test_hash(&nettle_sha3_256, /* 174 octets */
+ SHEX("BEBD4F1A84FC8B15E4452A54BD02D69E304B7F32616AADD90537937106AE4E28DE9D8AAB02D19BC3E2FDE1D651559E296453E4DBA94370A14DBBB2D1D4E2022302EE90E208321EFCD8528AD89E46DC839EA9DF618EA8394A6BFF308E7726BAE0C19BCD4BE52DA6258E2EF4E96AA21244429F49EF5CB486D7FF35CAC1BACB7E95711944BCCB2AB34700D42D1EB38B5D536B947348A458EDE3DC6BD6EC547B1B0CAE5B257BE36A7124E1060C170FFA"),
+ SHEX("913014BB6E243FAC3A22A185F8227A68C2311DC0B718E276BBBDB73AF98BE35F"));
+ test_hash(&nettle_sha3_256, /* 175 octets */
+ SHEX("5ACA56A03A13784BDC3289D9364F79E2A85C12276B49B92DB0ADAA4F206D5028F213F678C3510E111F9DC4C1C1F8B6ACB17A6413AA227607C515C62A733817BA5E762CC6748E7E0D6872C984D723C9BB3B117EB8963185300A80BFA65CDE495D70A46C44858605FCCBED086C2B45CEF963D33294DBE9706B13AF22F1B7C4CD5A001CFEC251FBA18E722C6E1C4B1166918B4F6F48A98B64B3C07FC86A6B17A6D0480AB79D4E6415B520F1C484D675B1"),
+ SHEX("0284418C10190F413042E3ECEB3954979B94AFBF2E545FC7F8A3C7DB2C235916"));
+ test_hash(&nettle_sha3_256, /* 176 octets */
+ SHEX("A5AAD0E4646A32C85CFCAC73F02FC5300F1982FABB2F2179E28303E447854094CDFC854310E5C0F60993CEFF54D84D6B46323D930ADB07C17599B35B505F09E784BCA5985E0172257797FB53649E2E9723EFD16865C31B5C3D5113B58BB0BFC8920FABDDA086D7537E66D709D050BD14D0C960873F156FAD5B3D3840CDFCDC9BE6AF519DB262A27F40896AB25CC39F96984D650611C0D5A3080D5B3A1BF186ABD42956588B3B58CD948970D298776060"),
+ SHEX("8FEBFF801787F5803E151DCA3434A5CD44ADB49F1C2FFD5D0CD077A9075A492D"));
+ test_hash(&nettle_sha3_256, /* 177 octets */
+ SHEX("06CBBE67E94A978203EAD6C057A1A5B098478B4B4CBEF5A97E93C8E42F5572713575FC2A884531D7622F8F879387A859A80F10EF02708CD8F7413AB385AFC357678B9578C0EBF641EF076A1A30F1F75379E9DCB2A885BDD295905EE80C0168A62A9597D10CF12DD2D8CEE46645C7E5A141F6E0E23AA482ABE5661C16E69EF1E28371E2E236C359BA4E92C25626A7B7FF13F6EA4AE906E1CFE163E91719B1F750A96CBDE5FBC953D9E576CD216AFC90323A"),
+ SHEX("EA7511B993B786DF59A3B3E0B3CD876C0F056D6CA43CC89C51C1B21CCDC79B42"));
+ test_hash(&nettle_sha3_256, /* 178 octets */
+ SHEX("F1C528CF7739874707D4D8AD5B98F7C77169DE0B57188DF233B2DC8A5B31EDA5DB4291DD9F68E6BAD37B8D7F6C9C0044B3BF74BBC3D7D1798E138709B0D75E7C593D3CCCDC1B20C7174B4E692ADD820ACE262D45CCFAE2077E878796347168060A162ECCA8C38C1A88350BD63BB539134F700FD4ADDD5959E255337DAA06BC86358FABCBEFDFB5BC889783D843C08AADC6C4F6C36F65F156E851C9A0F917E4A367B5AD93D874812A1DE6A7B93CD53AD97232"),
+ SHEX("BAAECB6E9DB57971D5C70F5819FF89C5093254DE19EF6059C43CC0AFDA7C5D34"));
+ test_hash(&nettle_sha3_256, /* 179 octets */
+ SHEX("9D9F3A7ECD51B41F6572FD0D0881E30390DFB780991DAE7DB3B47619134718E6F987810E542619DFAA7B505C76B7350C6432D8BF1CFEBDF1069B90A35F0D04CBDF130B0DFC7875F4A4E62CDB8E525AADD7CE842520A482AC18F09442D78305FE85A74E39E760A4837482ED2F437DD13B2EC1042AFCF9DECDC3E877E50FF4106AD10A525230D11920324A81094DA31DEAB6476AA42F20C84843CFC1C58545EE80352BDD3740DD6A16792AE2D86F11641BB717C2"),
+ SHEX("56DB69430B8CA852221D55D7BBFF477DC83F7CB44AB44DDD64C31A52C483DB4F"));
+ test_hash(&nettle_sha3_256, /* 180 octets */
+ SHEX("5179888724819FBAD3AFA927D3577796660E6A81C52D98E9303261D5A4A83232F6F758934D50AA83FF9E20A5926DFEBAAC49529D006EB923C5AE5048ED544EC471ED7191EDF46363383824F915769B3E688094C682B02151E5EE01E510B431C8865AFF8B6B6F2F59CB6D129DA79E97C6D2B8FA6C6DA3F603199D2D1BCAB547682A81CD6CF65F6551121391D78BCC23B5BD0E922EC6D8BF97C952E84DD28AEF909ABA31EDB903B28FBFC33B7703CD996215A11238"),
+ SHEX("F8538F597F4463CAD7A91905744B87156DB33C65BA87B912427FEC3669F425D4"));
+ test_hash(&nettle_sha3_256, /* 181 octets */
+ SHEX("576EF3520D30B7A4899B8C0D5E359E45C5189ADD100E43BE429A02FB3DE5FF4F8FD0E79D9663ACCA72CD29C94582B19292A557C5B1315297D168FBB54E9E2ECD13809C2B5FCE998EDC6570545E1499DBE7FB74D47CD7F35823B212B05BF3F5A79CAA34224FDD670D335FCB106F5D92C3946F44D3AFCBAE2E41AC554D8E6759F332B76BE89A0324AA12C5482D1EA3EE89DED4936F3E3C080436F539FA137E74C6D3389BDF5A45074C47BC7B20B0948407A66D855E2F"),
+ SHEX("447EDA923CFE1112A6F1A3E4C735BF8EE9E4F2AEE7DE666A472FF8CF0FC65315"));
+ test_hash(&nettle_sha3_256, /* 182 octets */
+ SHEX("0DF2152FA4F4357C8741529DD77E783925D3D76E95BAFA2B542A2C33F3D1D117D159CF473F82310356FEE4C90A9E505E70F8F24859656368BA09381FA245EB6C3D763F3093F0C89B972E66B53D59406D9F01AEA07F8B3B615CAC4EE4D05F542E7D0DAB45D67CCCCD3A606CCBEB31EA1FA7005BA07176E60DAB7D78F6810EF086F42F08E595F0EC217372B98970CC6321576D92CE38F7C397A403BADA1548D205C343AC09DECA86325373C3B76D9F32028FEA8EB32515"),
+ SHEX("74D94C13AFEA4DDD07A637B68B6FE095017C092B3CDCCDC498E26035D86D921E"));
+ test_hash(&nettle_sha3_256, /* 183 octets */
+ SHEX("3E15350D87D6EBB5C8AD99D42515CFE17980933C7A8F6B8BBBF0A63728CEFAAD2052623C0BD5931839112A48633FB3C2004E0749C87A41B26A8B48945539D1FF41A4B269462FD199BFECD45374756F55A9116E92093AC99451AEFB2AF9FD32D6D7F5FBC7F7A540D5097C096EBC3B3A721541DE073A1CC02F7FB0FB1B9327FB0B1218CA49C9487AB5396622A13AE546C97ABDEF6B56380DDA7012A8384091B6656D0AB272D363CEA78163FF765CDD13AB1738B940D16CAE"),
+ SHEX("CC11196C095BFFA090A05BA0BC255D38BDA7218D9311143F4F200B1852D1BB0D"));
+ test_hash(&nettle_sha3_256, /* 184 octets */
+ SHEX("C38D6B0B757CB552BE40940ECE0009EF3B0B59307C1451686F1A22702922800D58BCE7A636C1727EE547C01B214779E898FC0E560F8AE7F61BEF4D75EAA696B921FD6B735D171535E9EDD267C192B99880C87997711002009095D8A7A437E258104A41A505E5EF71E5613DDD2008195F0C574E6BA3FE40099CFA116E5F1A2FA8A6DA04BADCB4E2D5D0DE31FDC4800891C45781A0AAC7C907B56D631FCA5CE8B2CDE620D11D1777ED9FA603541DE794DDC5758FCD5FAD78C0"),
+ SHEX("8C085B54C213704374DDD920A45168608BE65DFD036A562659F47143604144C2"));
+ test_hash(&nettle_sha3_256, /* 185 octets */
+ SHEX("8D2DE3F0B37A6385C90739805B170057F091CD0C7A0BC951540F26A5A75B3E694631BB64C7635EED316F51318E9D8DE13C70A2ABA04A14836855F35E480528B776D0A1E8A23B547C8B8D6A0D09B241D3BE9377160CCA4E6793D00A515DC2992CB7FC741DACA171431DA99CCE6F7789F129E2AC5CF65B40D703035CD2185BB936C82002DAF8CBC27A7A9E554B06196630446A6F0A14BA155ED26D95BD627B7205C072D02B60DB0FD7E49EA058C2E0BA202DAFF0DE91E845CF79"),
+ SHEX("D2E233264A3773495FFD12159EF7B631660C1B3E53A3DA0F24AE14466F167757"));
+ test_hash(&nettle_sha3_256, /* 186 octets */
+ SHEX("C464BBDAD275C50DCD983B65AD1019B9FF85A1E71C807F3204BB2C921DC31FBCD8C5FC45868AE9EF85B6C9B83BBA2A5A822201ED68586EC5EC27FB2857A5D1A2D09D09115F22DCC39FE61F5E1BA0FF6E8B4ACB4C6DA748BE7F3F0839739394FF7FA8E39F7F7E84A33C3866875C01BCB1263C9405D91908E9E0B50E7459FABB63D8C6BBB73D8E3483C099B55BC30FF092FF68B6ADEDFD477D63570C9F5515847F36E24BA0B705557130CEC57EBAD1D0B31A378E91894EE26E3A04"),
+ SHEX("FFAC7CA5FA067419D1BDB00C0E49C6E1A748880923A23ED5DD67DDE63D777EDB"));
+ test_hash(&nettle_sha3_256, /* 187 octets */
+ SHEX("8B8D68BB8A75732FE272815A68A1C9C5AA31B41DEDC8493E76525D1D013D33CEBD9E21A5BB95DB2616976A8C07FCF411F5F6BC6F7E0B57ACA78CC2790A6F9B898858AC9C79B165FF24E66677531E39F572BE5D81EB3264524181115F32780257BFB9AEEC6AF12AF28E587CAC068A1A2953B59AD680F4C245B2E3EC36F59940D37E1D3DB38E13EDB29B5C0F404F6FF87F80FC8BE7A225FF22FBB9C8B6B1D7330C57840D24BC75B06B80D30DAD6806544D510AF6C4785E823AC3E0B8"),
+ SHEX("5B2ECA0920D32B1964BBF5810A6E6E53675ED1B83897FD04600D72E097845859"));
+ test_hash(&nettle_sha3_256, /* 188 octets */
+ SHEX("6B018710446F368E7421F1BC0CCF562D9C1843846BC8D98D1C9BF7D9D6FCB48BFC3BF83B36D44C4FA93430AF75CD190BDE36A7F92F867F58A803900DF8018150384D85D82132F123006AC2AEBA58E02A037FE6AFBD65ECA7C44977DD3DC74F48B6E7A1BFD5CC4DCF24E4D52E92BD4455848E4928B0EAC8B7476FE3CC03E862AA4DFF4470DBFED6DE48E410F25096487ECFC32A27277F3F5023B2725ADE461B1355889554A8836C9CF53BD767F5737D55184EEA1AB3F53EDD0976C485"),
+ SHEX("68F41FDFC7217E89687ED118BC31AC6ED2D9D1E1A2F1B20A2D429729FA03517B"));
+ test_hash(&nettle_sha3_256, /* 189 octets */
+ SHEX("C9534A24714BD4BE37C88A3DA1082EDA7CABD154C309D7BD670DCCD95AA535594463058A29F79031D6ECAA9F675D1211E9359BE82669A79C855EA8D89DD38C2C761DDD0EC0CE9E97597432E9A1BEAE062CDD71EDFDFD464119BE9E69D18A7A7FD7CE0E2106F0C8B0ABF4715E2CA48EF9F454DC203C96656653B727083513F8EFB86E49C513BB758B3B052FE21F1C05BB33C37129D6CC81F1AEF6ADC45B0E8827A830FE545CF57D0955802C117D23CCB55EA28F95C0D8C2F9C5A242B33F"),
+ SHEX("FA2F3DE31E9CF25AB9A978C82D605A43EE39B68AC8E30F49F9D209CB4E172AB4"));
+ test_hash(&nettle_sha3_256, /* 190 octets */
+ SHEX("07906C87297B867ABF4576E9F3CC7F82F22B154AFCBF293B9319F1B0584DA6A40C27B32E0B1B7F412C4F1B82480E70A9235B12EC27090A5A33175A2BB28D8ADC475CEFE33F7803F8CE27967217381F02E67A3B4F84A71F1C5228E0C2AD971373F6F672624FCEA8D1A9F85170FAD30FA0BBD25035C3B41A6175D467998BD1215F6F3866F53847F9CF68EF3E2FBB54BC994DE2302B829C5EEA68EC441FCBAFD7D16AE4FE9FFF98BF00E5BC2AD54DD91FF9FDA4DD77B6C754A91955D1FBAAD0"),
+ SHEX("BA2AF506C10DA8D7751E67ED766CFCD47D048D6EF9277DBD2ABFE2FD5D787B79"));
+ test_hash(&nettle_sha3_256, /* 191 octets */
+ SHEX("588E94B9054ABC2189DF69B8BA34341B77CDD528E7860E5DEFCAA79B0C9A452AD4B82AA306BE84536EB7CEDCBE058D7B84A6AEF826B028B8A0271B69AC3605A9635EA9F5EA0AA700F3EB7835BC54611B922964300C953EFE7491E3677C2CEBE0822E956CD16433B02C68C4A23252C3F9E151A416B4963257B783E038F6B4D5C9F110F871652C7A649A7BCEDCBCCC6F2D0725BB903CC196BA76C76AA9F10A190B1D1168993BAA9FFC96A1655216773458BEC72B0E39C9F2C121378FEAB4E76A"),
+ SHEX("3CD33F8811AF12183C53E978528F53AE7D559432724029E55FCFA9B990B91713"));
+ test_hash(&nettle_sha3_256, /* 192 octets */
+ SHEX("08959A7E4BAAE874928813364071194E2939772F20DB7C3157078987C557C2A6D5ABE68D520EEF3DC491692E1E21BCD880ADEBF63BB4213B50897FA005256ED41B5690F78F52855C8D9168A4B666FCE2DA2B456D7A7E7C17AB5F2FB1EE90B79E698712E963715983FD07641AE4B4E9DC73203FAC1AE11FA1F8C7941FCC82EAB247ADDB56E2638447E9D609E610B60CE086656AAEBF1DA3C8A231D7D94E2FD0AFE46B391FF14A72EAEB3F44AD4DF85866DEF43D4781A0B3578BC996C87970B132"),
+ SHEX("3ECC9D27994022045CBEAB4FC041F12419CEC8060C8F6F9F0372884DF6074B5C"));
+ test_hash(&nettle_sha3_256, /* 193 octets */
+ SHEX("CB2A234F45E2ECD5863895A451D389A369AAB99CFEF0D5C9FFCA1E6E63F763B5C14FB9B478313C8E8C0EFEB3AC9500CF5FD93791B789E67EAC12FD038E2547CC8E0FC9DB591F33A1E4907C64A922DDA23EC9827310B306098554A4A78F050262DB5B545B159E1FF1DCA6EB734B872343B842C57EAFCFDA8405EEDBB48EF32E99696D135979235C3A05364E371C2D76F1902F1D83146DF9495C0A6C57D7BF9EE77E80F9787AEE27BE1FE126CDC9EF893A4A7DCBBC367E40FE4E1EE90B42EA25AF01"),
+ SHEX("1501988A55372AC1B0B78849F3B7E107E0BF1F2CBAF670DE7F15ACBB1A00AD3D"));
+ test_hash(&nettle_sha3_256, /* 194 octets */
+ SHEX("D16BEADF02AB1D4DC6F88B8C4554C51E866DF830B89C06E786A5F8757E8909310AF51C840EFE8D20B35331F4355D80F73295974653DDD620CDDE4730FB6C8D0D2DCB2B45D92D4FBDB567C0A3E86BD1A8A795AF26FBF29FC6C65941CDDB090FF7CD230AC5268AB4606FCCBA9EDED0A2B5D014EE0C34F0B2881AC036E24E151BE89EEB6CD9A7A790AFCCFF234D7CB11B99EBF58CD0C589F20BDAC4F9F0E28F75E3E04E5B3DEBCE607A496D848D67FA7B49132C71B878FD5557E082A18ECA1FBDA94D4B"),
+ SHEX("5C4E860A0175C92C1E6AF2CBB3084162403CED073FAAC901D0D358B6BF5EEFA9"));
+ test_hash(&nettle_sha3_256, /* 195 octets */
+ SHEX("8F65F6BC59A85705016E2BAE7FE57980DE3127E5AB275F573D334F73F8603106EC3553016608EF2DD6E69B24BE0B7113BF6A760BA6E9CE1C48F9E186012CF96A1D4849D75DF5BB8315387FD78E9E153E76F8BA7EC6C8849810F59FB4BB9B004318210B37F1299526866F44059E017E22E96CBE418699D014C6EA01C9F0038B10299884DBEC3199BB05ADC94E955A1533219C1115FED0E5F21228B071F40DD57C4240D98D37B73E412FE0FA4703120D7C0C67972ED233E5DEB300A22605472FA3A3BA86"),
+ SHEX("272B4F689263057FBF7605AAA67AF012D742267164C4FAB68035D99C5829B4F0"));
+ test_hash(&nettle_sha3_256, /* 196 octets */
+ SHEX("84891E52E0D451813210C3FD635B39A03A6B7A7317B221A7ABC270DFA946C42669AACBBBDF801E1584F330E28C729847EA14152BD637B3D0F2B38B4BD5BF9C791C58806281103A3EABBAEDE5E711E539E6A8B2CF297CF351C078B4FA8F7F35CF61BEBF8814BF248A01D41E86C5715EA40C63F7375379A7EB1D78F27622FB468AB784AAABA4E534A6DFD1DF6FA15511341E725ED2E87F98737CCB7B6A6DFAE416477472B046BF1811187D151BFA9F7B2BF9ACDB23A3BE507CDF14CFDF517D2CB5FB9E4AB6"),
+ SHEX("9B28E42B67EF32EC80DA10A07B004E1D71C6DCE71D8013FFA0305D0D0CE0469D"));
+ test_hash(&nettle_sha3_256, /* 197 octets */
+ SHEX("FDD7A9433A3B4AFABD7A3A5E3457E56DEBF78E84B7A0B0CA0E8C6D53BD0C2DAE31B2700C6128334F43981BE3B213B1D7A118D59C7E6B6493A86F866A1635C12859CFB9AD17460A77B4522A5C1883C3D6ACC86E6162667EC414E9A104AA892053A2B1D72165A855BACD8FAF8034A5DD9B716F47A0818C09BB6BAF22AA503C06B4CA261F557761989D2AFBD88B6A678AD128AF68672107D0F1FC73C5CA740459297B3292B281E93BCEB761BDE7221C3A55708E5EC84472CDDCAA84ECF23723CC0991355C6280"),
+ SHEX("EE53F83D2E2CCC315C6377EADDA5F42F42F3AADD664E3E895C37CBE9D0E9B9DE"));
+ test_hash(&nettle_sha3_256, /* 198 octets */
+ SHEX("70A40BFBEF92277A1AAD72F6B79D0177197C4EBD432668CFEC05D099ACCB651062B5DFF156C0B27336687A94B26679CFDD9DAF7AD204338DD9C4D14114033A5C225BD11F217B5F4732DA167EE3F939262D4043FC9CBA92303B7B5E96AEA12ADDA64859DF4B86E9EE0B58E39091E6B188B408AC94E1294A8911245EE361E60E601EFF58D1D37639F3753BEC80EBB4EFDE25817436076623FC65415FE51D1B0280366D12C554D86743F3C3B6572E400361A60726131441BA493A83FBE9AFDA90F7AF1AE717238D"),
+ SHEX("21CCFDA65C4B915303012B852AB29481030F87347C29917E21F210F2BD5EFC9C"));
+ test_hash(&nettle_sha3_256, /* 199 octets */
+ SHEX("74356E449F4BF8644F77B14F4D67CB6BD9C1F5AE357621D5B8147E562B65C66585CAF2E491B48529A01A34D226D436959153815380D5689E30B35357CDAC6E08D3F2B0E88E200600D62BD9F5EAF488DF86A4470EA227006182E44809009868C4C280C43D7D64A5268FA719074960087B3A6ABC837882F882C837834535929389A12B2C78187E2EA07EF8B8EEF27DC85002C3AE35F1A50BEE6A1C48BA7E175F3316670B27983472AA6A61EED0A683A39EE323080620EA44A9F74411AE5CE99030528F9AB49C79F2"),
+ SHEX("F5BF70710DA440EDB43AFD3EB7698180317FFEFA81406BB4DF9C2BB8B0B1C034"));
+ test_hash(&nettle_sha3_256, /* 200 octets */
+ SHEX("8C3798E51BC68482D7337D3ABB75DC9FFE860714A9AD73551E120059860DDE24AB87327222B64CF774415A70F724CDF270DE3FE47DDA07B61C9EF2A3551F45A5584860248FABDE676E1CD75F6355AA3EAEABE3B51DC813D9FB2EAA4F0F1D9F834D7CAD9C7C695AE84B329385BC0BEF895B9F1EDF44A03D4B410CC23A79A6B62E4F346A5E8DD851C2857995DDBF5B2D717AEB847310E1F6A46AC3D26A7F9B44985AF656D2B7C9406E8A9E8F47DCB4EF6B83CAACF9AEFB6118BFCFF7E44BEF6937EBDDC89186839B77"),
+ SHEX("E83EA21F5BC0976953AF86069A10EB6024A1AC59D609688E4A9759BB8B6C9441"));
+ test_hash(&nettle_sha3_256, /* 201 octets */
+ SHEX("FA56BF730C4F8395875189C10C4FB251605757A8FECC31F9737E3C2503B02608E6731E85D7A38393C67DE516B85304824BFB135E33BF22B3A23B913BF6ACD2B7AB85198B8187B2BCD454D5E3318CACB32FD6261C31AE7F6C54EF6A7A2A4C9F3ECB81CE3555D4F0AD466DD4C108A90399D70041997C3B25345A9653F3C9A6711AB1B91D6A9D2216442DA2C973CBD685EE7643BFD77327A2F7AE9CB283620A08716DFB462E5C1D65432CA9D56A90E811443CD1ECB8F0DE179C9CB48BA4F6FEC360C66F252F6E64EDC96B"),
+ SHEX("A2D93C6367E1862809D367EC37F9DA44CB3A8B4319C6A094C5E7D7266FE3A593"));
+ test_hash(&nettle_sha3_256, /* 202 octets */
+ SHEX("B6134F9C3E91DD8000740D009DD806240811D51AB1546A974BCB18D344642BAA5CD5903AF84D58EC5BA17301D5EC0F10CCD0509CBB3FD3FFF9172D193AF0F782252FD1338C7244D40E0E42362275B22D01C4C3389F19DD69BDF958EBE28E31A4FFE2B5F18A87831CFB7095F58A87C9FA21DB72BA269379B2DC2384B3DA953C7925761FED324620ACEA435E52B424A7723F6A2357374157A34CD8252351C25A1B232826CEFE1BD3E70FFC15A31E7C0598219D7F00436294D11891B82497BC78AA5363892A2495DF8C1EEF"),
+ SHEX("3C647B195F22DC16D6DECC8873017DF369EE1C4696340934DB158DC4059C76DF"));
+ test_hash(&nettle_sha3_256, /* 203 octets */
+ SHEX("C941CDB9C28AB0A791F2E5C8E8BB52850626AA89205BEC3A7E22682313D198B1FA33FC7295381354858758AE6C8EC6FAC3245C6E454D16FA2F51C4166FAB51DF272858F2D603770C40987F64442D487AF49CD5C3991CE858EA2A60DAB6A65A34414965933973AC2457089E359160B7CDEDC42F29E10A91921785F6B7224EE0B349393CDCFF6151B50B377D609559923D0984CDA6000829B916AB6896693EF6A2199B3C22F7DC5500A15B8258420E314C222BC000BC4E5413E6DD82C993F8330F5C6D1BE4BC79F08A1A0A46"),
+ SHEX("3BB394D056D94FDE68920CD383378EE3ABCC44B7259D3DB9CD0A897E021F7E2E"));
+ test_hash(&nettle_sha3_256, /* 204 octets */
+ SHEX("4499EFFFAC4BCEA52747EFD1E4F20B73E48758BE915C88A1FFE5299B0B005837A46B2F20A9CB3C6E64A9E3C564A27C0F1C6AD1960373036EC5BFE1A8FC6A435C2185ED0F114C50E8B3E4C7ED96B06A036819C9463E864A58D6286F785E32A804443A56AF0B4DF6ABC57ED5C2B185DDEE8489EA080DEEEE66AA33C2E6DAB36251C402682B6824821F998C32163164298E1FAFD31BABBCFFB594C91888C6219079D907FDB438ED89529D6D96212FD55ABE20399DBEFD342248507436931CDEAD496EB6E4A80358ACC78647D043"),
+ SHEX("43640F408613CBF7393D900B921F22B826357F3B4FDFF7168EC45CBFB3EF5EFF"));
+ test_hash(&nettle_sha3_256, /* 205 octets */
+ SHEX("EECBB8FDFA4DA62170FD06727F697D81F83F601FF61E478105D3CB7502F2C89BF3E8F56EDD469D049807A38882A7EEFBC85FC9A950952E9FA84B8AFEBD3CE782D4DA598002827B1EB98882EA1F0A8F7AA9CE013A6E9BC462FB66C8D4A18DA21401E1B93356EB12F3725B6DB1684F2300A98B9A119E5D27FF704AFFB618E12708E77E6E5F34139A5A41131FD1D6336C272A8FC37080F041C71341BEE6AB550CB4A20A6DDB6A8E0299F2B14BC730C54B8B1C1C487B494BDCCFD3A53535AB2F231590BF2C4062FD2AD58F906A2D0D"),
+ SHEX("CB3713A5D5ABBC6AF72F8B38A701C71269B3B51C62EC5116F96AD0D42A10FD90"));
+ test_hash(&nettle_sha3_256, /* 206 octets */
+ SHEX("E64F3E4ACE5C8418D65FEC2BC5D2A303DD458034736E3B0DF719098BE7A206DEAF52D6BA82316CAF330EF852375188CDE2B39CC94AA449578A7E2A8E3F5A9D68E816B8D16889FBC0EBF0939D04F63033AE9AE2BDAB73B88C26D6BD25EE460EE1EF58FB0AFA92CC539F8C76D3D097E7A6A63EBB9B5887EDF3CF076028C5BBD5B9DB3211371AD3FE121D4E9BF44229F4E1ECF5A0F9F0EBA4D5CEB72878AB22C3F0EB5A625323AC66F7061F4A81FAC834471E0C59553F108475FE290D43E6A055AE3EE46FB67422F814A68C4BE3E8C9"),
+ SHEX("B304FC4CA22131857D242EB12FE899ED9E6B55717C3360F113512A84174E6A77"));
+ test_hash(&nettle_sha3_256, /* 207 octets */
+ SHEX("D2CB2D733033F9E91395312808383CC4F0CA974E87EC68400D52E96B3FA6984AC58D9AD0938DDE5A973008D818C49607D9DE2284E7618F1B8AED8372FBD52ED54557AF4220FAC09DFA8443011699B97D743F8F2B1AEF3537EBB45DCC9E13DFB438428EE190A4EFDB3CAEB7F3933117BF63ABDC7E57BEB4171C7E1AD260AB0587806C4D137B6316B50ABC9CCE0DFF3ACADA47BBB86BE777E617BBE578FF4519844DB360E0A96C6701290E76BB95D26F0F804C8A4F2717EAC4E7DE9F2CFF3BBC55A17E776C0D02856032A6CD10AD2838"),
+ SHEX("A3CA830D4771C1BAA7FADA76C5FCEADD0F3CB9736E19CFEC52E9E74F56BFDD55"));
+ test_hash(&nettle_sha3_256, /* 208 octets */
+ SHEX("F2998955613DD414CC111DF5CE30A995BB792E260B0E37A5B1D942FE90171A4AC2F66D4928D7AD377F4D0554CBF4C523D21F6E5F379D6F4B028CDCB9B1758D3B39663242FF3CB6EDE6A36A6F05DB3BC41E0D861B384B6DEC58BB096D0A422FD542DF175E1BE1571FB52AE66F2D86A2F6824A8CFAACBAC4A7492AD0433EEB15454AF8F312B3B2A577750E3EFBD370E8A8CAC1582581971FBA3BA4BD0D76E718DACF8433D33A59D287F8CC92234E7A271041B526E389EFB0E40B6A18B3AAF658E82ED1C78631FD23B4C3EB27C3FAEC8685"),
+ SHEX("CA158C46370E64A9F032F5BA8E091460FD555EF700EDF7087E56BEBFFA261DE7"));
+ test_hash(&nettle_sha3_256, /* 209 octets */
+ SHEX("447797E2899B72A356BA55BF4DF3ACCA6CDB1041EB477BD1834A9F9ACBC340A294D729F2F97DF3A610BE0FF15EDB9C6D5DB41644B9874360140FC64F52AA03F0286C8A640670067A84E017926A70438DB1BB361DEFEE7317021425F8821DEF26D1EFD77FC853B818545D055ADC9284796E583C76E6FE74C9AC2587AA46AA8F8804F2FEB5836CC4B3ABABAB8429A5783E17D5999F32242EB59EF30CD7ADABC16D72DBDB097623047C98989F88D14EAF02A7212BE16EC2D07981AAA99949DDF89ECD90333A77BC4E1988A82ABF7C7CAF3291"),
+ SHEX("5901CDA0CD1510DB5455D072D2737A6721AD9EE3272953A19C7AB378BF3646C5"));
+ test_hash(&nettle_sha3_256, /* 210 octets */
+ SHEX("9F2C18ADE9B380C784E170FB763E9AA205F64303067EB1BCEA93DF5DAC4BF5A2E00B78195F808DF24FC76E26CB7BE31DC35F0844CDED1567BBA29858CFFC97FB29010331B01D6A3FB3159CC1B973D255DA9843E34A0A4061CABDB9ED37F241BFABB3C20D32743F4026B59A4CCC385A2301F83C0B0A190B0F2D01ACB8F0D41111E10F2F4E149379275599A52DC089B35FDD5234B0CFB7B6D8AEBD563CA1FA653C5C021DFD6F5920E6F18BFAFDBECBF0AB00281333ED50B9A999549C1C8F8C63D7626C48322E9791D5FF72294049BDE91E73F8"),
+ SHEX("F64562D6273EFB5EBD027E0A6F38C3FB204A6DBE894EE01200EA249B747CFE66"));
+ test_hash(&nettle_sha3_256, /* 211 octets */
+ SHEX("AE159F3FA33619002AE6BCCE8CBBDD7D28E5ED9D61534595C4C9F43C402A9BB31F3B301CBFD4A43CE4C24CD5C9849CC6259ECA90E2A79E01FFBAC07BA0E147FA42676A1D668570E0396387B5BCD599E8E66AAED1B8A191C5A47547F61373021FA6DEADCB55363D233C24440F2C73DBB519F7C9FA5A8962EFD5F6252C0407F190DFEFAD707F3C7007D69FF36B8489A5B6B7C557E79DD4F50C06511F599F56C896B35C917B63BA35C6FF8092BAF7D1658E77FC95D8A6A43EEB4C01F33F03877F92774BE89C1114DD531C011E53A34DC248A2F0E6"),
+ SHEX("E7D7A113B3A33175D0ABD2CF4F9ADD8E41DC86C93C9552C5B3588277FBCAA24A"));
+ test_hash(&nettle_sha3_256, /* 212 octets */
+ SHEX("3B8E97C5FFC2D6A40FA7DE7FCEFC90F3B12C940E7AB415321E29EE692DFAC799B009C99DCDDB708FCE5A178C5C35EE2B8617143EDC4C40B4D313661F49ABDD93CEA79D117518805496FE6ACF292C4C2A1F76B403A97D7C399DAF85B46AD84E16246C67D6836757BDE336C290D5D401E6C1386AB32797AF6BB251E9B2D8FE754C47482B72E0B394EAB76916126FD68EA7D65EB93D59F5B4C5AC40F7C3B37E7F3694F29424C24AF8C8F0EF59CD9DBF1D28E0E10F799A6F78CAD1D45B9DB3D7DEE4A7059ABE99182714983B9C9D44D7F5643596D4F3"),
+ SHEX("3B40C1493AF411AE7849904D478DF2407254BF62B88E9BFFD7B42BD2A60CE0FA"));
+ test_hash(&nettle_sha3_256, /* 213 octets */
+ SHEX("3434EC31B10FAFDBFEEC0DD6BD94E80F7BA9DCA19EF075F7EB017512AF66D6A4BCF7D16BA0819A1892A6372F9B35BCC7CA8155EE19E8428BC22D214856ED5FA9374C3C09BDE169602CC219679F65A1566FC7316F4CC3B631A18FB4449FA6AFA16A3DB2BC4212EFF539C67CF184680826535589C7111D73BFFCE431B4C40492E763D9279560AAA38EB2DC14A212D723F994A1FE656FF4DD14551CE4E7C621B2AA5604A10001B2878A897A28A08095C325E10A26D2FB1A75BFD64C250309BB55A44F23BBAC0D5516A1C687D3B41EF2FBBF9CC56D4739"),
+ SHEX("FEEB172AEAB2F0DEB748FB77801CA22D3CE99B7A9F9789E479B93D1F4B1D227F"));
+ test_hash(&nettle_sha3_256, /* 214 octets */
+ SHEX("7C7953D81C8D208FD1C97681D48F49DD003456DE60475B84070EF4847C333B74575B1FC8D2A186964485A3B8634FEAA3595AAA1A2F4595A7D6B6153563DEE31BBAC443C8A33EED6D5D956A980A68366C2527B550EE950250DFB691EACBD5D56AE14B970668BE174C89DF2FEA43AE52F13142639C884FD62A3683C0C3792F0F24AB1318BCB27E21F4737FAB62C77EA38BC8FD1CF41F7DAB64C13FEBE7152BF5BB7AB5A78F5346D43CC741CB6F72B7B8980F268B68BF62ABDFB1577A52438FE14B591498CC95F071228460C7C5D5CEB4A7BDE588E7F21C"),
+ SHEX("B240BC52B8AF1B502E26BF1D5E75FE2663BFBA503FAF10F46754DC3D23CB61C1"));
+ test_hash(&nettle_sha3_256, /* 215 octets */
+ SHEX("7A6A4F4FDC59A1D223381AE5AF498D74B7252ECF59E389E49130C7EAEE626E7BD9897EFFD92017F4CCDE66B0440462CDEDFD352D8153E6A4C8D7A0812F701CC737B5178C2556F07111200EB627DBC299CAA792DFA58F35935299FA3A3519E9B03166DFFA159103FFA35E8577F7C0A86C6B46FE13DB8E2CDD9DCFBA85BDDDCCE0A7A8E155F81F712D8E9FE646153D3D22C811BD39F830433B2213DD46301941B59293FD0A33E2B63ADBD95239BC01315C46FDB678875B3C81E053A40F581CFBEC24A1404B1671A1B88A6D06120229518FB13A74CA0AC5AE"),
+ SHEX("3EBACE41F578FDE6603E032FC1C7CFEEF1CB79FE938A94D4C7B58B0BA4CB9720"));
+ test_hash(&nettle_sha3_256, /* 216 octets */
+ SHEX("D9FAA14CEBE9B7DE551B6C0765409A33938562013B5E8E0E1E0A6418DF7399D0A6A771FB81C3CA9BD3BB8E2951B0BC792525A294EBD1083688806FE5E7F1E17FD4E3A41D00C89E8FCF4A363CAEDB1ACB558E3D562F1302B3D83BB886ED27B76033798131DAB05B4217381EAAA7BA15EC820BB5C13B516DD640EAEC5A27D05FDFCA0F35B3A5312146806B4C0275BCD0AAA3B2017F346975DB566F9B4D137F4EE10644C2A2DA66DEECA5342E236495C3C6280528BFD32E90AF4CD9BB908F34012B52B4BC56D48CC8A6B59BAB014988EABD12E1A0A1C2E170E7"),
+ SHEX("65EB4BD5ECCA7164CE9B66727F112C1AC6120DDD200DCB5CE75B7487843FCDB8"));
+ test_hash(&nettle_sha3_256, /* 217 octets */
+ SHEX("2D8427433D0C61F2D96CFE80CF1E932265A191365C3B61AAA3D6DCC039F6BA2AD52A6A8CC30FC10F705E6B7705105977FA496C1C708A277A124304F1FC40911E7441D1B5E77B951AAD7B01FD5DB1B377D165B05BBF898042E39660CAF8B279FE5229D1A8DB86C0999ED65E53D01CCBC4B43173CCF992B3A14586F6BA42F5FE30AFA8AE40C5DF29966F9346DA5F8B35F16A1DE3AB6DE0F477D8D8660918060E88B9B9E9CA6A4207033B87A812DBF5544D39E4882010F82B6CE005F8E8FF6FE3C3806BC2B73C2B83AFB704345629304F9F86358712E9FAE3CA3E"),
+ SHEX("D7155F6D3A90801F5E547689389FF62A604C81B7C1583D9204AC6B0194F0E8DD"));
+ test_hash(&nettle_sha3_256, /* 218 octets */
+ SHEX("5E19D97887FCAAC0387E22C6F803C34A3DACD2604172433F7A8A7A526CA4A2A1271ECFC5D5D7BE5AC0D85D921095350DFC65997D443C21C8094E0A3FEFD2961BCB94AED03291AE310CCDA75D8ACE4BC7D89E7D3E5D1650BDA5D668B8B50BFC8E608E184F4D3A9A2BADC4FF5F07E0C0BC8A9F2E0B2A26FD6D8C550008FAAAB75FD71AF2A424BEC9A7CD9D83FAD4C8E9319115656A8717D3B523A68FF8004258B9990ED362308461804BA3E3A7E92D8F2FFAE5C2FBA55BA5A3C27C0A2F71BD711D2FE1799C2ADB31B200035481E9EE5C4ADF2AB9C0FA50B23975CF"),
+ SHEX("AA7ADAF16F39E398B4AB0ADA037710556B720B0248D84817B2CFDF7600933595"));
+ test_hash(&nettle_sha3_256, /* 219 octets */
+ SHEX("C8E976AB4638909387CE3B8D4E510C3230E5690E02C45093B1D297910ABC481E56EEA0F296F98379DFC9080AF69E73B2399D1C143BEE80AE1328162CE1BA7F6A8374679B20AACD380EB4E61382C99998704D62701AFA914F9A2705CDB065885F50D086C3EB5753700C387118BB142F3E6DA1E988DFB31AC75D7368931E45D1391A274B22F83CEB072F9BCABC0B216685BFD789F5023971024B1878A205442522F9EA7D8797A4102A3DF41703768251FD5E017C85D1200A464118AA35654E7CA39F3C375B8EF8CBE7534DBC64BC20BEFB417CF60EC92F63D9EE7397"),
+ SHEX("B195463FE22A160802BE0A0464EE3AB4D2B117DE517B331C7BF04C8BA90C6120"));
+ test_hash(&nettle_sha3_256, /* 220 octets */
+ SHEX("7145FA124B7429A1FC2231237A949BA7201BCC1822D3272DE005B682398196C25F7E5CC2F289FBF44415F699CB7FE6757791B1443410234AE061EDF623359E2B4E32C19BF88450432DD01CAA5EB16A1DC378F391CA5E3C4E5F356728BDDD4975DB7C890DA8BBC84CC73FF244394D0D48954978765E4A00B593F70F2CA082673A261ED88DBCEF1127728D8CD89BC2C597E9102CED6010F65FA75A14EBE467FA57CE3BD4948B6867D74A9DF5C0EC6F530CBF2EE61CE6F06BC8F2864DFF5583776B31DF8C7FFCB61428A56BF7BD37188B4A5123BBF338393AF46EDA85E6"),
+ SHEX("9F9296C53E753A4DE4E5C5A547F51763A96903B083FBC7A7828EFFE4763A7CE6"));
+ test_hash(&nettle_sha3_256, /* 221 octets */
+ SHEX("7FDFADCC9D29BAD23AE038C6C65CDA1AEF757221B8872ED3D75FF8DF7DA0627D266E224E812C39F7983E4558BFD0A1F2BEF3FEB56BA09120EF762917B9C093867948547AEE98600D10D87B20106878A8D22C64378BF634F7F75900C03986B077B0BF8B740A82447B61B99FEE5376C5EB6680EC9E3088F0BDD0C56883413D60C1357D3C811950E5890E7600103C916341B80C743C6A852B7B4FB60C3BA21F3BC15B8382437A68454779CF3CD7F9F90CCC8EF28D0B706535B1E4108EB5627BB45D719CB046839AEE311CA1ABDC8319E050D67972CB35A6B1601B25DBF487"),
+ SHEX("51DE4090AEC36F6C446476C709253272CAB595D9887CA5D52A9B38086854D58F"));
+ test_hash(&nettle_sha3_256, /* 222 octets */
+ SHEX("988638219FD3095421F826F56E4F09E356296B628C3CE6930C9F2E758FD1A80C8273F2F61E4DAAE65C4F110D3E7CA0965AC7D24E34C0DC4BA2D6FF0BF5BBE93B3585F354D7543CB542A1AA54674D375077F2D360A8F4D42F3DB131C3B7AB7306267BA107659864A90C8C909460A73621D1F5D9D3FD95BEB19B23DB1CB6C0D0FBA91D36891529B8BD8263CAA1BAB56A4AFFAED44962DF096D8D5B1EB845EF31188B3E10F1AF811A13F156BEB7A288AAE593EBD1471B624AA1A7C6ADF01E2200B3D72D88A3AED3100C88231E41EFC376906F0B580DC895F080FDA5741DB1CB"),
+ SHEX("87A17400F919F2F53232B2205E1E8B14BD5698A76E74B9BDD5638A5C7BA5DE1E"));
+ test_hash(&nettle_sha3_256, /* 223 octets */
+ SHEX("5AAB62756D307A669D146ABA988D9074C5A159B3DE85151A819B117CA1FF6597F6156E80FDD28C9C3176835164D37DA7DA11D94E09ADD770B68A6E081CD22CA0C004BFE7CD283BF43A588DA91F509B27A6584C474A4A2F3EE0F1F56447379240A5AB1FB77FDCA49B305F07BA86B62756FB9EFB4FC225C86845F026EA542076B91A0BC2CDD136E122C659BE259D98E5841DF4C2F60330D4D8CDEE7BF1A0A244524EECC68FF2AEF5BF0069C9E87A11C6E519DE1A4062A10C83837388F7EF58598A3846F49D499682B683C4A062B421594FAFBC1383C943BA83BDEF515EFCF10D"),
+ SHEX("9742536C461D0C3503A6C943FA8105DBCD1E542F728D71CCC0517CFFC232EA68"));
+ test_hash(&nettle_sha3_256, /* 224 octets */
+ SHEX("47B8216AA0FBB5D67966F2E82C17C07AA2D6327E96FCD83E3DE7333689F3EE79994A1BF45082C4D725ED8D41205CB5BCDF5C341F77FACB1DA46A5B9B2CBC49EADF786BCD881F371A95FA17DF73F606519AEA0FF79D5A11427B98EE7F13A5C00637E2854134691059839121FEA9ABE2CD1BCBBBF27C74CAF3678E05BFB1C949897EA01F56FFA4DAFBE8644611685C617A3206C7A7036E4AC816799F693DAFE7F19F303CE4EBA09D21E03610201BFC665B72400A547A1E00FA9B7AD8D84F84B34AEF118515E74DEF11B9188BD1E1F97D9A12C30132EC2806339BDADACDA2FD8B78"),
+ SHEX("AE3BF0936497A2955DF874B7F2685314C7606030B9C6E7BFB8A8DFF9825957B5"));
+ test_hash(&nettle_sha3_256, /* 225 octets */
+ SHEX("8CFF1F67FE53C098896D9136389BD8881816CCAB34862BB67A656E3D98896F3CE6FFD4DA73975809FCDF9666760D6E561C55238B205D8049C1CEDEEF374D1735DAA533147BFA960B2CCE4A4F254176BB4D1BD1E89654432B8DBE1A135C42115B394B024856A2A83DC85D6782BE4B444239567CCEC4B184D4548EAE3FF6A192F343292BA2E32A0F267F31CC26719EB85245D415FB897AC2DA433EE91A99424C9D7F1766A44171D1651001C38FC79294ACCC68CEB5665D36218454D3BA169AE058A831338C17743603F81EE173BFC0927464F9BD728DEE94C6AEAB7AAE6EE3A627E8"),
+ SHEX("5FE0216DCC1BDB48F3375B9173B7B232939AA2177C6D056E908C8F2B9293B030"));
+ test_hash(&nettle_sha3_256, /* 226 octets */
+ SHEX("EACD07971CFF9B9939903F8C1D8CBB5D4DB1B548A85D04E037514A583604E787F32992BF2111B97AC5E8A938233552731321522AB5E8583561260B7D13EBEEF785B23A41FD8576A6DA764A8ED6D822D4957A545D5244756C18AA80E1AAD4D1F9C20D259DEE1711E2CC8FD013169FB7CC4CE38B362F8E0936AE9198B7E838DCEA4F7A5B9429BB3F6BBCF2DC92565E3676C1C5E6EB3DD2A0F86AA23EDD3D0891F197447692794B3DFA269611AD97F72B795602B4FDB198F3FD3EB41B415064256E345E8D8C51C555DC8A21904A9B0F1AD0EFFAB7786AAC2DA3B196507E9F33CA356427"),
+ SHEX("C339904EC865F24FB3F88F142A8786D770934E006EAEDDBF45ACBB6B38431021"));
+ test_hash(&nettle_sha3_256, /* 227 octets */
+ SHEX("23AC4E9A42C6EF45C3336CE6DFC2FF7DE8884CD23DC912FEF0F7756C09D335C189F3AD3A23697ABDA851A81881A0C8CCAFC980AB2C702564C2BE15FE4C4B9F10DFB2248D0D0CB2E2887FD4598A1D4ACDA897944A2FFC580FF92719C95CF2AA42DC584674CB5A9BC5765B9D6DDF5789791D15F8DD925AA12BFFAFBCE60827B490BB7DF3DDA6F2A143C8BF96ABC903D83D59A791E2D62814A89B8080A28060568CF24A80AE61179FE84E0FFAD00388178CB6A617D37EFD54CC01970A4A41D1A8D3DDCE46EDBBA4AB7C90AD565398D376F431189CE8C1C33E132FEAE6A8CD17A61C630012"),
+ SHEX("4CA8B7FEBDF0A8062E9B76185CF4165071BB30928C18F14338C305626789C6D3"));
+ test_hash(&nettle_sha3_256, /* 228 octets */
+ SHEX("0172DF732282C9D488669C358E3492260CBE91C95CFBC1E3FEA6C4B0EC129B45F242ACE09F152FC6234E1BEE8AAB8CD56E8B486E1DCBA9C05407C2F95DA8D8F1C0AF78EE2ED82A3A79EC0CB0709396EE62AADB84F8A4EE8A7CCCA3C1EE84E302A09EA802204AFECF04097E67D0F8E8A9D2651126C0A598A37081E42D168B0AE8A71951C524259E4E2054E535B779679BDADE566FE55700858618E626B4A0FAF895BCCE9011504A49E05FD56127EAE3D1F8917AFB548ECADABDA1020111FEC9314C413498A360B08640549A22CB23C731ACE743252A8227A0D2689D4C6001606678DFB921"),
+ SHEX("23D2614420859B2F13AC084453DD35C33FE47C894DD50C087FD1653FCAEEA00B"));
+ test_hash(&nettle_sha3_256, /* 229 octets */
+ SHEX("3875B9240CF3E0A8B59C658540F26A701CF188496E2C2174788B126FD29402D6A75453BA0635284D08835F40051A2A9683DC92AFB9383719191231170379BA6F4ADC816FECBB0F9C446B785BF520796841E58878B73C58D3EBB097CE4761FDEABE15DE2F319DFBAF1742CDEB389559C788131A6793E193856661376C81CE9568DA19AA6925B47FFD77A43C7A0E758C37D69254909FF0FBD415EF8EB937BCD49F91468B49974C07DC819ABD67395DB0E05874FF83DDDAB895344ABD0E7111B2DF9E58D76D85AD98106B36295826BE04D435615595605E4B4BB824B33C4AFEB5E7BB0D19F909"),
+ SHEX("5590BB75247D7CD0B35620F0062B90FFB2A24DE41220ED629D9E9A7ABCADFB51"));
+ test_hash(&nettle_sha3_256, /* 230 octets */
+ SHEX("747CC1A59FEFBA94A9C75BA866C30DC5C1CB0C0F8E9361D98484956DD5D1A40F6184AFBE3DAC9F76028D1CAECCFBF69199C6CE2B4C092A3F4D2A56FE5A33A00757F4D7DEE5DFB0524311A97AE0668A47971B95766E2F6DD48C3F57841F91F04A00AD5EA70F2D479A2620DC5CD78EAAB3A3B011719B7E78D19DDF70D9423798AF77517EBC55392FCD01FC600D8D466B9E7A7A85BF33F9CC5419E9BD874DDFD60981150DDAF8D7FEBAA4374F0872A5628D318000311E2F5655365AD4D407C20E5C04DF17A222E7DEEC79C5AB1116D8572F91CD06E1CCC7CED53736FC867FD49ECEBE6BF8082E8A"),
+ SHEX("E5932441B012E503B0B0C6104703BA02613E472AD65655C085B0ADB07656B28F"));
+ test_hash(&nettle_sha3_256, /* 231 octets */
+ SHEX("57AF971FCCAEC97435DC2EC9EF0429BCEDC6B647729EA168858A6E49AC1071E706F4A5A645CA14E8C7746D65511620682C906C8B86EC901F3DDED4167B3F00B06CBFAC6AEE3728051B3E5FF10B4F9ED8BD0B8DA94303C833755B3CA3AEDDF0B54BC8D6632138B5D25BAB03D17B3458A9D782108006F5BB7DE75B5C0BA854B423D8BB801E701E99DC4FEAAD59BC1C7112453B04D33EA3635639FB802C73C2B71D58A56BBD671B18FE34ED2E3DCA38827D63FDB1D4FB3285405004B2B3E26081A8FF08CD6D2B08F8E7B7E90A2AB1ED7A41B1D0128522C2F8BFF56A7FE67969422CE839A9D4608F03"),
+ SHEX("21C0D84EB7B61774F97DB5D9ACF1DFFAFB662C01ED291A442BEC6F14D1334699"));
+ test_hash(&nettle_sha3_256, /* 232 octets */
+ SHEX("04E16DEDC1227902BAAF332D3D08923601BDD64F573FAA1BB7201918CFE16B1E10151DAE875DA0C0D63C59C3DD050C4C6A874011B018421AFC4623AB0381831B2DA2A8BA42C96E4F70864AC44E106F94311051E74C77C1291BF5DB9539E69567BF6A11CF6932BBBAD33F8946BF5814C066D851633D1A513510039B349939BFD42B858C21827C8FF05F1D09B1B0765DC78A135B5CA4DFBA0801BCADDFA175623C8B647EACFB4444B85A44F73890607D06D507A4F8393658788669F6EF4DEB58D08C50CA0756D5E2F49D1A7AD73E0F0B3D3B5F090ACF622B1878C59133E4A848E05153592EA81C6FBF"),
+ SHEX("0D1E6BB88188B49AF0A9A05EB1AF94255E6799515A2F8EB46AA6AF9A9DD5B9E0"));
+ test_hash(&nettle_sha3_256, /* 233 octets */
+ SHEX("7C815C384EEE0F288ECE27CCED52A01603127B079C007378BC5D1E6C5E9E6D1C735723ACBBD5801AC49854B2B569D4472D33F40BBB8882956245C366DC3582D71696A97A4E19557E41E54DEE482A14229005F93AFD2C4A7D8614D10A97A9DFA07F7CD946FA45263063DDD29DB8F9E34DB60DAA32684F0072EA2A9426ECEBFA5239FB67F29C18CBAA2AF6ED4BF4283936823AC1790164FEC5457A9CBA7C767CA59392D94CAB7448F50EB34E9A93A80027471CE59736F099C886DEA1AB4CBA4D89F5FC7AE2F21CCD27F611ECA4626B2D08DC22382E92C1EFB2F6AFDC8FDC3D2172604F5035C46B8197D3"),
+ SHEX("935DED24F5CECC69E1F012B60B7831ABCE7EF50EEB0BEA7F816C3DBF2B4ABDC1"));
+ test_hash(&nettle_sha3_256, /* 234 octets */
+ SHEX("E29D505158DBDD937D9E3D2145658EE6F5992A2FC790F4F608D9CDB44A091D5B94B88E81FAC4FDF5C49442F13B911C55886469629551189EAFF62488F1A479B7DB11A1560E198DDCCCCF50159093425FF7F1CB8D1D1246D0978764087D6BAC257026B090EFAE8CEC5F22B6F21C59ACE1AC7386F5B8837CA6A12B6FBF5534DD0560EF05CA78104D3B943DDB220FEAEC89AA5E692A00F822A2AB9A2FE60350D75E7BE16FF2526DC643872502D01F42F188ABED0A6E9A6F5FD0D1CE7D5755C9FFA66B0AF0B20BD806F08E06156690D81AC811778CA3DAC2C249B96002017FCE93E507E3B953ACF99964B847"),
+ SHEX("6755BF7E60E4E07965BAC24E51B1DE93E3DD42AE780F256647D4CC2EF8EFF771"));
+ test_hash(&nettle_sha3_256, /* 235 octets */
+ SHEX("D85588696F576E65ECA0155F395F0CFACD83F36A99111ED5768DF2D116D2121E32357BA4F54EDE927F189F297D3A97FAD4E9A0F5B41D8D89DD7FE20156799C2B7B6BF9C957BA0D6763F5C3BC5129747BBB53652B49290CFF1C87E2CDF2C4B95D8AAEE09BC8FBFA6883E62D237885810491BFC101F1D8C636E3D0EDE838AD05C207A3DF4FAD76452979EB99F29AFAECEDD1C63B8D36CF378454A1BB67A741C77AC6B6B3F95F4F02B64DABC15438613EA49750DF42EE90101F115AA9ABB9FF64324DDE9DABBB01054E1BD6B4BCDC7930A44C2300D87CA78C06924D0323AD7887E46C90E8C4D100ACD9EED21E"),
+ SHEX("62C9F5E5B56E2994327A7F9A03888DA7BAD67E387593803B1807482B137B4509"));
+ test_hash(&nettle_sha3_256, /* 236 octets */
+ SHEX("3A12F8508B40C32C74492B66323375DCFE49184C78F73179F3314B79E63376B8AC683F5A51F1534BD729B02B04D002F55CBD8E8FC9B5EC1EA6BBE6A0D0E7431518E6BA45D124035F9D3DCE0A8BB7BF1430A9F657E0B4EA9F20EB20C786A58181A1E20A96F1628F8728A13BDF7A4B4B32FC8AA7054CC4881AE7FA19AFA65C6C3EE1B3ADE3192AF42054A8A911B8EC1826865D46D93F1E7C5E2B7813C92A506E53886F3D4701BB93D2A681AD109C845904BB861AF8AF0646B6E399B38B614051D34F6842563A0F37EC00CB3D865FC5D746C4987DE2A65071100883A2A9C7A2BFE1E2DD603D9EA24DC7C5FD06BE"),
+ SHEX("9927FA5EFD86304E73D54AA4928818C05B01504672C529471394A82E049E5F95"));
+ test_hash(&nettle_sha3_256, /* 237 octets */
+ SHEX("1861EDCE46FA5AD17E1FF1DEAE084DEC580F97D0A67885DFE834B9DFAC1AE076742CE9E267512CA51F6DF5A455AF0C5FD6ABF94ACEA103A3370C354485A7846FB84F3AC7C2904B5B2FBF227002CE512133BB7E1C4E50057BFD1E44DB33C7CDB969A99E284B184F50A14B068A1FC5009D9B298DBE92239572A7627AAC02ABE8F3E3B473417F36D4D2505D16B7577F4526C9D94A270A2DFE450D06DA8F6FA956879A0A55CFE99E742EA555EA477BA3E9B44CCD508C375423611AF92E55345DC215779B2D5119EBA49C71D49B9FE3F1569FA24E5CA3E332D042422A8B8158D3EC66A80012976F31FFDF305F0C9C5E"),
+ SHEX("84E056BF7BDFC73A3AAA95B00A74A136D776069BEEB304423BEAD90120DB6350"));
+ test_hash(&nettle_sha3_256, /* 238 octets */
+ SHEX("08D0FFDE3A6E4EF65608EA672E4830C12943D7187CCFF08F4941CFC13E545F3B9C7AD5EEBBE2B01642B486CAF855C2C73F58C1E4E3391DA8E2D63D96E15FD84953AE5C231911B00AD6050CD7AAFDAAC9B0F663AE6AAB45519D0F5391A541707D479034E73A6AD805AE3598096AF078F1393301493D663DD71F83869CA27BA508B7E91E81E128C1716DC3ACFE3084B2201E04CF8006617EECF1B640474A5D45CFDE9F4D3EF92D6D055B909892194D8A8218DB6D8203A84261D200D71473D7488F3427416B6896C137D455F231071CACBC86E0415AB88AEC841D96B7B8AF41E05BB461A40645BF176601F1E760DE5F"),
+ SHEX("401C3BE59CC373453AEF9603F7335C1D5FE669909A1425D7671DCB84A49887CA"));
+ test_hash(&nettle_sha3_256, /* 239 octets */
+ SHEX("D782ABB72A5BE3392757BE02D3E45BE6E2099D6F000D042C8A543F50ED6EBC055A7F133B0DD8E9BC348536EDCAAE2E12EC18E8837DF7A1B3C87EC46D50C241DEE820FD586197552DC20BEEA50F445A07A38F1768A39E2B2FF05DDDEDF751F1DEF612D2E4D810DAA3A0CC904516F9A43AF660315385178A529E51F8AAE141808C8BC5D7B60CAC26BB984AC1890D0436EF780426C547E94A7B08F01ACBFC4A3825EAE04F520A9016F2FB8BF5165ED12736FC71E36A49A73614739EAA3EC834069B1B40F1350C2B3AB885C02C640B9F7686ED5F99527E41CFCD796FE4C256C9173186C226169FF257954EBDA81C0E5F99"),
+ SHEX("020485DCD264296AFDB7F643CA828C93356F1714CBCC2FBBDD30F9896C3F2789"));
+ test_hash(&nettle_sha3_256, /* 240 octets */
+ SHEX("5FCE8109A358570E40983E1184E541833BB9091E280F258CFB144387B05D190E431CB19BAA67273BA0C58ABE91308E1844DCD0B3678BAA42F335F2FA05267A0240B3C718A5942B3B3E3BFA98A55C25A1466E8D7A603722CB2BBF03AFA54CD769A99F310735EE5A05DAE2C22D397BD95635F58C48A67F90E1B73AAFCD3F82117F0166657838691005B18DA6F341D6E90FC1CDB352B30FAE45D348294E501B63252DE14740F2B85AE5299DDEC3172DE8B6D0BA219A20A23BB5E10FF434D39DB3F583305E9F5C039D98569E377B75A70AB837D1DF269B8A4B566F40BB91B577455FD3C356C914FA06B9A7CE24C7317A172D"),
+ SHEX("F8C43E28816BB41993BDB866888F3CC59EFBA208390144D3878DBF9FBFA1D57E"));
+ test_hash(&nettle_sha3_256, /* 241 octets */
+ SHEX("6172F1971A6E1E4E6170AFBAD95D5FEC99BF69B24B674BC17DD78011615E502DE6F56B86B1A71D3F4348087218AC7B7D09302993BE272E4A591968AEF18A1262D665610D1070EE91CC8DA36E1F841A69A7A682C580E836941D21D909A3AFC1F0B963E1CA5AB193E124A1A53DF1C587470E5881FB54DAE1B0D840F0C8F9D1B04C645BA1041C7D8DBF22030A623AA15638B3D99A2C400FF76F3252079AF88D2B37F35EE66C1AD7801A28D3D388AC450B97D5F0F79E4541755356B3B1A5696B023F39AB7AB5F28DF4202936BC97393B93BC915CB159EA1BD7A0A414CB4B7A1AC3AF68F50D79F0C9C7314E750F7D02FAA58BFA"),
+ SHEX("4EA524E705020284B18284E34683725590E1EE565A6FF598ED4D42B1C987471E"));
+ test_hash(&nettle_sha3_256, /* 242 octets */
+ SHEX("5668ECD99DFBE215C4118398AC9C9EAF1A1433FAB4CCDD3968064752B625EA944731F75D48A27D047D67547F14DD0FFAA55FA5E29F7AF0D161D85EAFC4F2029B717C918EAB9D304543290BDBA7158B68020C0BA4E079BC95B5BC0FC044A992B94B4CCD3BD66D0EABB5DBBAB904D62E00752C4E3B0091D773BCF4C14B4377DA3EFFF824B1CB2FA01B32D1E46C909E626ED2DAE920F4C7DBEB635BC754FACBD8D49BEBA3F23C1C41CCBFCD0EE0C114E69737F5597C0BF1D859F0C767E18002AE8E39C26261FFDE2920D3D0BAF0E906138696CFE5B7E32B600F45DF3AAA39932F3A7DF95B60FA8712A2271FCAF3911CE7B511B1"),
+ SHEX("E4963E74AE01FF7774B96B4F614D1CB2A4CF8D206ED93C66FA42F71432BE2C3F"));
+ test_hash(&nettle_sha3_256, /* 243 octets */
+ SHEX("03D625488354DF30E3F875A68EDFCF340E8366A8E1AB67F9D5C5486A96829DFAC0578289082B2A62117E1CF418B43B90E0ADC881FC6AE8105C888E9ECD21AEA1C9AE1A4038DFD17378FED71D02AE492087D7CDCD98F746855227967CB1AB4714261EE3BEAD3F4DB118329D3EBEF4BC48A875C19BA763966DA0EBEA800E01B2F50B00E9DD4CACA6DCB314D00184EF71EA2391D760C950710DB4A70F9212FFC54861F9DC752CE18867B8AD0C48DF8466EF7231E7AC567F0EB55099E622EBB86CB237520190A61C66AD34F1F4E289CB3282AE3EAAC6152ED24D2C92BAE5A7658252A53C49B7B02DFE54FDB2E90074B6CF310AC661"),
+ SHEX("0F0D72BF8C0198459E45ECE9CC18E930CB86263ACCF1FC7A00BC857AC9F201AD"));
+ test_hash(&nettle_sha3_256, /* 244 octets */
+ SHEX("2EDC282FFB90B97118DD03AAA03B145F363905E3CBD2D50ECD692B37BF000185C651D3E9726C690D3773EC1E48510E42B17742B0B0377E7DE6B8F55E00A8A4DB4740CEE6DB0830529DD19617501DC1E9359AA3BCF147E0A76B3AB70C4984C13E339E6806BB35E683AF8527093670859F3D8A0FC7D493BCBA6BB12B5F65E71E705CA5D6C948D66ED3D730B26DB395B3447737C26FAD089AA0AD0E306CB28BF0ACF106F89AF3745F0EC72D534968CCA543CD2CA50C94B1456743254E358C1317C07A07BF2B0ECA438A709367FAFC89A57239028FC5FECFD53B8EF958EF10EE0608B7F5CB9923AD97058EC067700CC746C127A61EE3"),
+ SHEX("DD1D2A92B3F3F3902F064365838E1F5F3468730C343E2974E7A9ECFCD84AA6DB"));
+ test_hash(&nettle_sha3_256, /* 245 octets */
+ SHEX("90B28A6AA1FE533915BCB8E81ED6CACDC10962B7FF82474F845EEB86977600CF70B07BA8E3796141EE340E3FCE842A38A50AFBE90301A3BDCC591F2E7D9DE53E495525560B908C892439990A2CA2679C5539FFDF636777AD9C1CDEF809CDA9E8DCDB451ABB9E9C17EFA4379ABD24B182BD981CAFC792640A183B61694301D04C5B3EAAD694A6BD4CC06EF5DA8FA23B4FA2A64559C5A68397930079D250C51BCF00E2B16A6C49171433B0AADFD80231276560B80458DD77089B7A1BBCC9E7E4B9F881EACD6C92C4318348A13F4914EB27115A1CFC5D16D7FD94954C3532EFACA2CAB025103B2D02C6FD71DA3A77F417D7932685888A"),
+ SHEX("21BF20664CEC2CD2CEB1DFFC1D78893D5CA1A7DA88EB6BFD0C6EFCA6190C9E15"));
+ test_hash(&nettle_sha3_256, /* 246 octets */
+ SHEX("2969447D175490F2AA9BB055014DBEF2E6854C95F8D60950BFE8C0BE8DE254C26B2D31B9E4DE9C68C9ADF49E4EE9B1C2850967F29F5D08738483B417BB96B2A56F0C8ACA632B552059C59AAC3F61F7B45C966B75F1D9931FF4E596406378CEE91AAA726A3A84C33F37E9CDBE626B5745A0B06064A8A8D56E53AAF102D23DD9DF0A3FDF7A638509A6761A33FA42FA8DDBD8E16159C93008B53765019C3F0E9F10B144CE2AC57F5D7297F9C9949E4FF68B70D339F87501CE8550B772F32C6DA8AD2CE2100A895D8B08FA1EEAD7C376B407709703C510B50F87E73E43F8E7348F87C3832A547EF2BBE5799ABEDCF5E1F372EA809233F006"),
+ SHEX("6472D7C530B548E4B47D2278D7172B421A0FB6398A2823DD2F2B26208AF8942E"));
+ test_hash(&nettle_sha3_256, /* 247 octets */
+ SHEX("721645633A44A2C78B19024EAECF58575AB23C27190833C26875DC0F0D50B46AEA9C343D82EA7D5B3E50EC700545C615DAEAEA64726A0F05607576DCD396D812B03FB6551C641087856D050B10E6A4D5577B82A98AFB89CEE8594C9DC19E79FEFF0382FCFD127F1B803A4B9946F4AC9A4378E1E6E041B1389A53E3450CD32D9D2941B0CBABDB50DA8EA2513145164C3AB6BCBD251C448D2D4B087AC57A59C2285D564F16DA4ED5E607ED979592146FFB0EF3F3DB308FB342DF5EB5924A48256FC763141A278814C82D6D6348577545870AE3A83C7230AC02A1540FE1798F7EF09E335A865A2AE0949B21E4F748FB8A51F44750E213A8FB"),
+ SHEX("2AC7FF80EE36D500995C973B8746D8466715E6D8B0F554AACB5D2876D7F5B874"));
+ test_hash(&nettle_sha3_256, /* 248 octets */
+ SHEX("6B860D39725A14B498BB714574B4D37CA787404768F64C648B1751B353AC92BAC2C3A28EA909FDF0423336401A02E63EC24325300D823B6864BB701F9D7C7A1F8EC9D0AE3584AA6DD62EA1997CD831B4BABD9A4DA50932D4EFDA745C61E4130890E156AEE6113716DAF95764222A91187DB2EFFEA49D5D0596102D619BD26A616BBFDA8335505FBB0D90B4C180D1A2335B91538E1668F9F9642790B4E55F9CAB0FE2BDD2935D001EE6419ABAB5457880D0DBFF20ED8758F4C20FE759EFB33141CF0E892587FE8187E5FBC57786B7E8B089612C936DFC03D27EFBBE7C8673F1606BD51D5FF386F4A7AB68EDF59F385EB1291F117BFE717399"),
+ SHEX("9FF81D575F7BF0C4EF340B4279D56E16CE68821AFCDF2A69105D4F9CADADD3CF"));
+ test_hash(&nettle_sha3_256, /* 249 octets */
+ SHEX("6A01830AF3889A25183244DECB508BD01253D5B508AB490D3124AFBF42626B2E70894E9B562B288D0A2450CFACF14A0DDAE5C04716E5A0082C33981F6037D23D5E045EE1EF2283FB8B6378A914C5D9441627A722C282FF452E25A7EA608D69CEE4393A0725D17963D0342684F255496D8A18C2961145315130549311FC07F0312FB78E6077334F87EAA873BEE8AA95698996EB21375EB2B4EF53C14401207DEB4568398E5DD9A7CF97E8C9663E23334B46912F8344C19EFCF8C2BA6F04325F1A27E062B62A58D0766FC6DB4D2C6A1928604B0175D872D16B7908EBC041761187CC785526C2A3873FEAC3A642BB39F5351550AF9770C328AF7B"),
+ SHEX("09EDC465D4FD91C5E86B292F041BCC17571E1F2E17D584DFF21DD7DD8D8BFF35"));
+ test_hash(&nettle_sha3_256, /* 250 octets */
+ SHEX("B3C5E74B69933C2533106C563B4CA20238F2B6E675E8681E34A389894785BDADE59652D4A73D80A5C85BD454FD1E9FFDAD1C3815F5038E9EF432AAC5C3C4FE840CC370CF86580A6011778BBEDAF511A51B56D1A2EB68394AA299E26DA9ADA6A2F39B9FAFF7FBA457689B9C1A577B2A1E505FDF75C7A0A64B1DF81B3A356001BF0DF4E02A1FC59F651C9D585EC6224BB279C6BEBA2966E8882D68376081B987468E7AED1EF90EBD090AE825795CDCA1B4F09A979C8DFC21A48D8A53CDBB26C4DB547FC06EFE2F9850EDD2685A4661CB4911F165D4B63EF25B87D0A96D3DFF6AB0758999AAD214D07BD4F133A6734FDE445FE474711B69A98F7E2B"),
+ SHEX("C6D86CC4CCEF3BB70BF7BFDDEC6A9A04A0DD0A68FE1BF51C14648CF506A03E98"));
+ test_hash(&nettle_sha3_256, /* 251 octets */
+ SHEX("83AF34279CCB5430FEBEC07A81950D30F4B66F484826AFEE7456F0071A51E1BBC55570B5CC7EC6F9309C17BF5BEFDD7C6BA6E968CF218A2B34BD5CF927AB846E38A40BBD81759E9E33381016A755F699DF35D660007B5EADF292FEEFB735207EBF70B5BD17834F7BFA0E16CB219AD4AF524AB1EA37334AA66435E5D397FC0A065C411EBBCE32C240B90476D307CE802EC82C1C49BC1BEC48C0675EC2A6C6F3ED3E5B741D13437095707C565E10D8A20B8C20468FF9514FCF31B4249CD82DCEE58C0A2AF538B291A87E3390D737191A07484A5D3F3FB8C8F15CE056E5E5F8FEBE5E1FB59D6740980AA06CA8A0C20F5712B4CDE5D032E92AB89F0AE1"),
+ SHEX("1AFC9BA63EEA27603B3A7A5562E12B31E8FE9A96812B531E9D048385FB76D44F"));
+ test_hash(&nettle_sha3_256, /* 252 octets */
+ SHEX("A7ED84749CCC56BB1DFBA57119D279D412B8A986886D810F067AF349E8749E9EA746A60B03742636C464FC1EE233ACC52C1983914692B64309EDFDF29F1AB912EC3E8DA074D3F1D231511F5756F0B6EEAD3E89A6A88FE330A10FACE267BFFBFC3E3090C7FD9A850561F363AD75EA881E7244F80FF55802D5EF7A1A4E7B89FCFA80F16DF54D1B056EE637E6964B9E0FFD15B6196BDD7DB270C56B47251485348E49813B4EB9ED122A01B3EA45AD5E1A929DF61D5C0F3E77E1FDC356B63883A60E9CBB9FC3E00C2F32DBD469659883F690C6772E335F617BC33F161D6F6984252EE12E62B6000AC5231E0C9BC65BE223D8DFD94C5004A101AF9FD6C0FB"),
+ SHEX("9B5E15531385F0D495FDBE686E3E02ECA42B9F1B1CE8837AD3B3E42E6198050A"));
+ test_hash(&nettle_sha3_256, /* 253 octets */
+ SHEX("A6FE30DCFCDA1A329E82AB50E32B5F50EB25C873C5D2305860A835AECEE6264AA36A47429922C4B8B3AFD00DA16035830EDB897831C4E7B00F2C23FC0B15FDC30D85FB70C30C431C638E1A25B51CAF1D7E8B050B7F89BFB30F59F0F20FECFF3D639ABC4255B3868FC45DD81E47EB12AB40F2AAC735DF5D1DC1AD997CEFC4D836B854CEE9AC02900036F3867FE0D84AFFF37BDE3308C2206C62C4743375094108877C73B87B2546FE05EA137BEDFC06A2796274099A0D554DA8F7D7223A48CBF31B7DECAA1EBC8B145763E3673168C1B1B715C1CD99ECD3DDB238B06049885ECAD9347C2436DFF32C771F34A38587A44A82C5D3D137A03CAA27E66C8FF6"),
+ SHEX("216FC325F942EED08401527A8F41C088527C6479342622C907EA08FF3290F8C6"));
+ test_hash(&nettle_sha3_256, /* 254 octets */
+ SHEX("83167FF53704C3AA19E9FB3303539759C46DD4091A52DDAE9AD86408B69335989E61414BC20AB4D01220E35241EFF5C9522B079FBA597674C8D716FE441E566110B6211531CECCF8FD06BC8E511D00785E57788ED9A1C5C73524F01830D2E1148C92D0EDC97113E3B7B5CD3049627ABDB8B39DD4D6890E0EE91993F92B03354A88F52251C546E64434D9C3D74544F23FB93E5A2D2F1FB15545B4E1367C97335B0291944C8B730AD3D4789273FA44FB98D78A36C3C3764ABEEAC7C569C1E43A352E5B770C3504F87090DEE075A1C4C85C0C39CF421BDCC615F9EFF6CB4FE6468004AECE5F30E1ECC6DB22AD9939BB2B0CCC96521DFBF4AE008B5B46BC006E"),
+ SHEX("43184B9F2DB5B6DA5160BC255DBE19A0C94533B884809815B7B326D868589EDC"));
+ test_hash(&nettle_sha3_256, /* 255 octets */
+ SHEX("3A3A819C48EFDE2AD914FBF00E18AB6BC4F14513AB27D0C178A188B61431E7F5623CB66B23346775D386B50E982C493ADBBFC54B9A3CD383382336A1A0B2150A15358F336D03AE18F666C7573D55C4FD181C29E6CCFDE63EA35F0ADF5885CFC0A3D84A2B2E4DD24496DB789E663170CEF74798AA1BBCD4574EA0BBA40489D764B2F83AADC66B148B4A0CD95246C127D5871C4F11418690A5DDF01246A0C80A43C70088B6183639DCFDA4125BD113A8F49EE23ED306FAAC576C3FB0C1E256671D817FC2534A52F5B439F72E424DE376F4C565CCA82307DD9EF76DA5B7C4EB7E085172E328807C02D011FFBF33785378D79DC266F6A5BE6BB0E4A92ECEEBAEB1"),
+ SHEX("348FB774ADC970A16B1105669442625E6ADAA8257A89EFFDB5A802F161B862EA"));
+}
--- /dev/null
+#include "testutils.h"
+
+void
+test_main(void)
+{
+ /* Extracted from ShortMsgKAT_384.txt using sha3.awk. */
+ test_hash(&nettle_sha3_384, /* 0 octets */
+ SHEX(""),
+ SHEX("2C23146A63A29ACF99E73B88F8C24EAA7DC60AA771780CCC006AFBFA8FE2479B2DD2B21362337441AC12B515911957FF"));
+ test_hash(&nettle_sha3_384, /* 1 octets */
+ SHEX("CC"),
+ SHEX("1B84E62A46E5A201861754AF5DC95C4A1A69CAF4A796AE405680161E29572641F5FA1E8641D7958336EE7B11C58F73E9"));
+ test_hash(&nettle_sha3_384, /* 2 octets */
+ SHEX("41FB"),
+ SHEX("495CCE2714CD72C8C53C3363D22C58B55960FE26BE0BF3BBC7A3316DD563AD1DB8410E75EEFEA655E39D4670EC0B1792"));
+ test_hash(&nettle_sha3_384, /* 3 octets */
+ SHEX("1F877C"),
+ SHEX("B0665C345F45E6DE145B0190335EF5D5AA59E0B49FC1425D5EAE7355EA442284CB8A2152D565EBDF2810ECCAB15AF04F"));
+ test_hash(&nettle_sha3_384, /* 4 octets */
+ SHEX("C1ECFDFC"),
+ SHEX("F1850B2ABB24F3FD683C701582789D9E92B6A45F9C345F9DAE7F7997C8C910E88003E592E59281CF92C92D6B51A1AFD1"));
+ test_hash(&nettle_sha3_384, /* 5 octets */
+ SHEX("21F134AC57"),
+ SHEX("68D437327F158287C304BBAF36F782F497DA2C480A1FBB268682362218641F9070A014919AD7331C49BEEFCCB437FE9A"));
+ test_hash(&nettle_sha3_384, /* 6 octets */
+ SHEX("C6F50BB74E29"),
+ SHEX("03566EC003FF55184F0C85BEEBC6D1ECF5E5D082D8D40137246F8FD42BCE097C09418845EF60286FDD894A00FD2D6589"));
+ test_hash(&nettle_sha3_384, /* 7 octets */
+ SHEX("119713CC83EEEF"),
+ SHEX("790D700FA34D6A835BE311B639474780148A2F087AC2FA86E8A1A433EC7A04FCBFC5284A3E188B7D91C6D094EAFBEECB"));
+ test_hash(&nettle_sha3_384, /* 8 octets */
+ SHEX("4A4F202484512526"),
+ SHEX("638E65758A297CB09DED1AC5B9E8F779802000AB791F67F33C60BE36443793ADCC8A4A58E98688157A41784F02A4BCB2"));
+ test_hash(&nettle_sha3_384, /* 9 octets */
+ SHEX("1F66AB4185ED9B6375"),
+ SHEX("308EC6F2EE3F6E01FB3AA06EB7C8CADD199354751B69FD4BA4D4671858F28BB45C94E712AD9D356FCB443067EF5ACA2D"));
+ test_hash(&nettle_sha3_384, /* 10 octets */
+ SHEX("EED7422227613B6F53C9"),
+ SHEX("A88F2FD112E5F11E775AA7858A3A5202E8FCD259F5D112BAA6F568240D2ECC047EAD88509E4B8A747D370751FFB2FDC0"));
+ test_hash(&nettle_sha3_384, /* 11 octets */
+ SHEX("EAEED5CDFFD89DECE455F1"),
+ SHEX("A22A31349D7816545BE31B80E992BDBB62A29480917CEABD0AF5F2FAFBF276D4C29B63A04910B830B8757C81E223B7F9"));
+ test_hash(&nettle_sha3_384, /* 12 octets */
+ SHEX("5BE43C90F22902E4FE8ED2D3"),
+ SHEX("36CA9CC329F9A00FAA5F4F21170A017742174D3CF03C084AEB759F6FA0390349E1B502E435CFFB0BCE4ED46C0012A65C"));
+ test_hash(&nettle_sha3_384, /* 13 octets */
+ SHEX("A746273228122F381C3B46E4F1"),
+ SHEX("3DA54976B291DF77F10BF95E9B7EF9FB2F88DE075DDF6650BA788590F4E2E3C830D3B7DFC0193656B0A185E3AAD9AA5A"));
+ test_hash(&nettle_sha3_384, /* 14 octets */
+ SHEX("3C5871CD619C69A63B540EB5A625"),
+ SHEX("D21A7CF252358A1159A55934456E67D9E1DA538D4E9F9F1ACE2FD75F3074B27AE2B356144BDA7BA0B1ECA1AA201B20DE"));
+ test_hash(&nettle_sha3_384, /* 15 octets */
+ SHEX("FA22874BCC068879E8EF11A69F0722"),
+ SHEX("8A0C6331429375F052960AFFF6D5FE33759F97145D60B262BEDE86D5254994558FC1800ADD09D6887C275F4DD3531CB0"));
+ test_hash(&nettle_sha3_384, /* 16 octets */
+ SHEX("52A608AB21CCDD8A4457A57EDE782176"),
+ SHEX("18422AC1D3A1E54BAD876883D2D6DD65F65C1D5F33A7125CC4C186405A12ED64BA96672EEDDA8C5A6331D28683F488EB"));
+ test_hash(&nettle_sha3_384, /* 17 octets */
+ SHEX("82E192E4043DDCD12ECF52969D0F807EED"),
+ SHEX("4A59DA05C6E035D59D93F559D4A130D3ED91C22EADA53FD679FB0B0F31398A6FF83A5A9739BFD4E95F57318FCCB816F0"));
+ test_hash(&nettle_sha3_384, /* 18 octets */
+ SHEX("75683DCB556140C522543BB6E9098B21A21E"),
+ SHEX("98E6BCCA5F2BB30C554700202E0604F7C86B4941F0345325100C83B1234C45856DFA761E70DCD972ECB1247AEAC29259"));
+ test_hash(&nettle_sha3_384, /* 19 octets */
+ SHEX("06E4EFE45035E61FAAF4287B4D8D1F12CA97E5"),
+ SHEX("D3C3D76B3D3926FD4CC4C05A087C2D76992998A5CD8C13FA3D233E0ECB2AD8B81BA4BE581E02BE91C7F82CCAC90013A0"));
+ test_hash(&nettle_sha3_384, /* 20 octets */
+ SHEX("E26193989D06568FE688E75540AEA06747D9F851"),
+ SHEX("7C53DA060058183CA6204E77F0709AEBEF73557C8F5E45C195B7E9416E7261365D03B8A2D6C01A102655344E725475C4"));
+ test_hash(&nettle_sha3_384, /* 21 octets */
+ SHEX("D8DC8FDEFBDCE9D44E4CBAFE78447BAE3B5436102A"),
+ SHEX("2415C1D053CA207C17D99D02DBD177CD1AA7F00B0D0CA2CF30B4D2098EEA1A04A68E5B1C6DF2FB25ECE157C423EE8AB7"));
+ test_hash(&nettle_sha3_384, /* 22 octets */
+ SHEX("57085FD7E14216AB102D8317B0CB338A786D5FC32D8F"),
+ SHEX("90DA42B0C314445EAFD8656B26644ADDEDDC713EAB36289BFFC6ED4A85BE66A10F5ACD6B3C61E9C36A17C26260872DC8"));
+ test_hash(&nettle_sha3_384, /* 23 octets */
+ SHEX("A05404DF5DBB57697E2C16FA29DEFAC8AB3560D6126FA0"),
+ SHEX("EE209E98A75A67B09008202CAD380917EB1F92C5DB4E8F2C64900AF8C603D265CAB317BF7B8E2251E479F8818D3022CA"));
+ test_hash(&nettle_sha3_384, /* 24 octets */
+ SHEX("AECBB02759F7433D6FCB06963C74061CD83B5B3FFA6F13C6"),
+ SHEX("1198EFA57E1A7884DAC827E683255575510E1F92024A135144659BE87BBF0D063ED26C987647B923A091CF11680316FE"));
+ test_hash(&nettle_sha3_384, /* 25 octets */
+ SHEX("AAFDC9243D3D4A096558A360CC27C8D862F0BE73DB5E88AA55"),
+ SHEX("0435E54C016C0791677DDBC6BADD55D146754296B31132B0B1C0B5CE4AEDB03AEAA9A2DC5157D7AF20B8E36D75E1CC00"));
+ test_hash(&nettle_sha3_384, /* 26 octets */
+ SHEX("7BC84867F6F9E9FDC3E1046CAE3A52C77ED485860EE260E30B15"),
+ SHEX("88D898ED7E6E54A683812B372F678A5FD73BCF3160A969FE4584651ADB3255F9ADCC8B85DCCA5C3BF8EBA3A1B69D9B90"));
+ test_hash(&nettle_sha3_384, /* 27 octets */
+ SHEX("FAC523575A99EC48279A7A459E98FF901918A475034327EFB55843"),
+ SHEX("7AC343A9369FA7BF45AFED43084DC1E275AB1B70034CFAACD4F3CB5E5E2201CFBD1CFFF83BAAD3897A4CB8A0DE5C35C4"));
+ test_hash(&nettle_sha3_384, /* 28 octets */
+ SHEX("0F8B2D8FCFD9D68CFFC17CCFB117709B53D26462A3F346FB7C79B85E"),
+ SHEX("58877B8DD98C51339E4302ABE95CF57662CF05AA01938161CBFB5DDDA724517F0C002D54B54EEA7EBD64E209DAEB8F01"));
+ test_hash(&nettle_sha3_384, /* 29 octets */
+ SHEX("A963C3E895FF5A0BE4824400518D81412F875FA50521E26E85EAC90C04"),
+ SHEX("1CD638128718BE351385E7A156C3F0EE8B210D1565876F8ED46C227B930D188FE8CA27760FE189D3B136836561E9A0EE"));
+ test_hash(&nettle_sha3_384, /* 30 octets */
+ SHEX("03A18688B10CC0EDF83ADF0A84808A9718383C4070C6C4F295098699AC2C"),
+ SHEX("B4DBDFD9922AFD1CE46FF1CB27C30E2AEAA967631A04001C7EF2B5EABD3C0678C0FF219BE7B9FA04CF83DD40BC1B33B6"));
+ test_hash(&nettle_sha3_384, /* 31 octets */
+ SHEX("84FB51B517DF6C5ACCB5D022F8F28DA09B10232D42320FFC32DBECC3835B29"),
+ SHEX("503DCAA4ADDA5A9420B2E436DD62D9AB2E0254295C2982EF67FCE40F117A2400AB492F7BD5D133C6EC2232268BC27B42"));
+ test_hash(&nettle_sha3_384, /* 32 octets */
+ SHEX("9F2FCC7C90DE090D6B87CD7E9718C1EA6CB21118FC2D5DE9F97E5DB6AC1E9C10"),
+ SHEX("64D11ADC77AF5C568F37E44EFAC5FD03C460391AA833ABEC4E464237A8937EEDD23EC513DD2A71D0329BEAA8BEF395C9"));
+ test_hash(&nettle_sha3_384, /* 33 octets */
+ SHEX("DE8F1B3FAA4B7040ED4563C3B8E598253178E87E4D0DF75E4FF2F2DEDD5A0BE046"),
+ SHEX("CF38764973F1EC1C34B5433AE75A3AAD1AAEF6AB197850C56C8617BCD6A882F6666883AC17B2DCCDBAA647075D0972B5"));
+ test_hash(&nettle_sha3_384, /* 34 octets */
+ SHEX("62F154EC394D0BC757D045C798C8B87A00E0655D0481A7D2D9FB58D93AEDC676B5A0"),
+ SHEX("882BFF904BFF1031139503BF6E0274C7A3928C2D73BF474A65B97C22F65F32BE26AD1C5F7E4FA35D5B6253AA4076361A"));
+ test_hash(&nettle_sha3_384, /* 35 octets */
+ SHEX("B2DCFE9FF19E2B23CE7DA2A4207D3E5EC7C6112A8A22AEC9675A886378E14E5BFBAD4E"),
+ SHEX("80448B7A76E0F0666048C02165A4FA8DFD250A227CCDD4471C3703D07762362DC1DF55FEC29E2A31FE70958374271DD7"));
+ test_hash(&nettle_sha3_384, /* 36 octets */
+ SHEX("47F5697AC8C31409C0868827347A613A3562041C633CF1F1F86865A576E02835ED2C2492"),
+ SHEX("6268CD6B41F4C5123EC4D54D1E6943ABB32DBE7BFFB8EB95E4FCEE5C12D4647BE143C27F1281CDD275904920441508DA"));
+ test_hash(&nettle_sha3_384, /* 37 octets */
+ SHEX("512A6D292E67ECB2FE486BFE92660953A75484FF4C4F2ECA2B0AF0EDCDD4339C6B2EE4E542"),
+ SHEX("C73D18DE07A65ACC7E2D8B2A51002AE28CBC4B0A6EE7F81A6B483F81A6DF8FF6B33F632A6E6312888CA714821C0B13DF"));
+ test_hash(&nettle_sha3_384, /* 38 octets */
+ SHEX("973CF2B4DCF0BFA872B41194CB05BB4E16760A1840D8343301802576197EC19E2A1493D8F4FB"),
+ SHEX("3A0BEA62F42F9CEEDB348F6E1613F00356ED9766A5C19F0C2EEB05C74DE69D3943E16CF72281FDD92715FA3D51515931"));
+ test_hash(&nettle_sha3_384, /* 39 octets */
+ SHEX("80BEEBCD2E3F8A9451D4499961C9731AE667CDC24EA020CE3B9AA4BBC0A7F79E30A934467DA4B0"),
+ SHEX("1092F63955F3DFEF1322CF9516F21540215552BC5709CCDA17AD276ECAA091A78451FE9925791B8A9191B5D42010156F"));
+ test_hash(&nettle_sha3_384, /* 40 octets */
+ SHEX("7ABAA12EC2A7347674E444140AE0FB659D08E1C66DECD8D6EAE925FA451D65F3C0308E29446B8ED3"),
+ SHEX("8CD022971D5769761B8E96B442444FA1850F1201AAB0AC9F6E8404E2B3EA1D936244EEDC7957C80B7FAE60B3F216C6A0"));
+ test_hash(&nettle_sha3_384, /* 41 octets */
+ SHEX("C88DEE9927679B8AF422ABCBACF283B904FF31E1CAC58C7819809F65D5807D46723B20F67BA610C2B7"),
+ SHEX("B6575D53D353360521B20AA1F993F6E2B5A262D1F508789D5CE2469E9F3F33CCE8848DF690CCB0D676FB949EB171A7D7"));
+ test_hash(&nettle_sha3_384, /* 42 octets */
+ SHEX("01E43FE350FCEC450EC9B102053E6B5D56E09896E0DDD9074FE138E6038210270C834CE6EADC2BB86BF6"),
+ SHEX("7358C6A0AE58EFA14F65B8E162F07EF2D0AD8DD2006A98293307B76B3BA9E71C308A6694F0B56DE8D59E58536C3513E8"));
+ test_hash(&nettle_sha3_384, /* 43 octets */
+ SHEX("337023370A48B62EE43546F17C4EF2BF8D7ECD1D49F90BAB604B839C2E6E5BD21540D29BA27AB8E309A4B7"),
+ SHEX("18030C2B5EA23B6C66BDAF180A41173394540215CA48FB3E758433FF9884EFB9E56D2922BA5320BA84BE36E6EFE6B89D"));
+ test_hash(&nettle_sha3_384, /* 44 octets */
+ SHEX("6892540F964C8C74BD2DB02C0AD884510CB38AFD4438AF31FC912756F3EFEC6B32B58EBC38FC2A6B913596A8"),
+ SHEX("6F9F9016AC3B6A5978A5DC8C7506C8B4D28742253BC542E79D95824417AA542991EEF7E2B9C58CDB0C93616AE9C1F88F"));
+ test_hash(&nettle_sha3_384, /* 45 octets */
+ SHEX("F5961DFD2B1FFFFDA4FFBF30560C165BFEDAB8CE0BE525845DEB8DC61004B7DB38467205F5DCFB34A2ACFE96C0"),
+ SHEX("424421BB9399BD44AB76500273D7F1E1421A2BFDE1A1C130C0B3474409D8AE92B3E38539CFB09ED1D23C62BB32B9364B"));
+ test_hash(&nettle_sha3_384, /* 46 octets */
+ SHEX("CA061A2EB6CEED8881CE2057172D869D73A1951E63D57261384B80CEB5451E77B06CF0F5A0EA15CA907EE1C27EBA"),
+ SHEX("D07A2CACEEA869274BAEECDA43B6020930EF383A897C72A7AC7FBD8FF5CEA7F8BE655844D9F9BD2B498880FA1527D94F"));
+ test_hash(&nettle_sha3_384, /* 47 octets */
+ SHEX("1743A77251D69242750C4F1140532CD3C33F9B5CCDF7514E8584D4A5F9FBD730BCF84D0D4726364B9BF95AB251D9BB"),
+ SHEX("25D7AB5E930819CF5F59ACD2542691AD66481DA547EAA9C2ADD7C8EA69A475F416C430EA1DE840974E3236A62520911F"));
+ test_hash(&nettle_sha3_384, /* 48 octets */
+ SHEX("D8FABA1F5194C4DB5F176FABFFF856924EF627A37CD08CF55608BBA8F1E324D7C7F157298EABC4DCE7D89CE5162499F9"),
+ SHEX("36A6BF2D4EB3CC6FB797914E734B2CA8702CA7CC6D539B4DDB233EFAFCF068712E845364A4A929D31A440C7DAF8B134C"));
+ test_hash(&nettle_sha3_384, /* 49 octets */
+ SHEX("BE9684BE70340860373C9C482BA517E899FC81BAAA12E5C6D7727975D1D41BA8BEF788CDB5CF4606C9C1C7F61AED59F97D"),
+ SHEX("B69D40A90207EDB20C0068F402008C0E64300B89A1B6AF7930708B263C790A087F3ADBB4C84295D23392E0692F35BDBC"));
+ test_hash(&nettle_sha3_384, /* 50 octets */
+ SHEX("7E15D2B9EA74CA60F66C8DFAB377D9198B7B16DEB6A1BA0EA3C7EE2042F89D3786E779CF053C77785AA9E692F821F14A7F51"),
+ SHEX("CDDB883B9EADC59D2894178B3BA6F61E5E11C2C415C89E554E20A17E4909F8D960F02AA80E1A5129AEEBF2CF975711A4"));
+ test_hash(&nettle_sha3_384, /* 51 octets */
+ SHEX("9A219BE43713BD578015E9FDA66C0F2D83CAC563B776AB9F38F3E4F7EF229CB443304FBA401EFB2BDBD7ECE939102298651C86"),
+ SHEX("FBE0056D65AF279EFF1573F169809A05B6A52112B662D07CDD2570BE5E198A28D1EA49CBEAF0C05E76A9F09BAF6D1F34"));
+ test_hash(&nettle_sha3_384, /* 52 octets */
+ SHEX("C8F2B693BD0D75EF99CAEBDC22ADF4088A95A3542F637203E283BBC3268780E787D68D28CC3897452F6A22AA8573CCEBF245972A"),
+ SHEX("26473DE684CF58D559C7C0CFD360A9AFFDF33900FD69A3A946581484B93EF6FE6FFAC461B4551E136BEAC64CC33A4C15"));
+ test_hash(&nettle_sha3_384, /* 53 octets */
+ SHEX("EC0F99711016C6A2A07AD80D16427506CE6F441059FD269442BAAA28C6CA037B22EEAC49D5D894C0BF66219F2C08E9D0E8AB21DE52"),
+ SHEX("462AD97BB0156A5DA3DD0E9E5BF06D31024FE43BB80C018F6858EE4332F2EB5A78ADA06CB55DDC172AD87F88E26D2451"));
+ test_hash(&nettle_sha3_384, /* 54 octets */
+ SHEX("0DC45181337CA32A8222FE7A3BF42FC9F89744259CFF653504D6051FE84B1A7FFD20CB47D4696CE212A686BB9BE9A8AB1C697B6D6A33"),
+ SHEX("9F890FA80A4C48B67181E89DBF15175CE48B21F9D09405218A8CE3C0759282780E142FC59851157D14509FCE79D1B17F"));
+ test_hash(&nettle_sha3_384, /* 55 octets */
+ SHEX("DE286BA4206E8B005714F80FB1CDFAEBDE91D29F84603E4A3EBC04686F99A46C9E880B96C574825582E8812A26E5A857FFC6579F63742F"),
+ SHEX("2D9A3447D7723D837B8784FEAF03B8F9694CDE5FFB84C6A6628895A345BB8F3F5BA725416906DE063B1CEFB722C7E56A"));
+ test_hash(&nettle_sha3_384, /* 56 octets */
+ SHEX("EEBCC18057252CBF3F9C070F1A73213356D5D4BC19AC2A411EC8CDEEE7A571E2E20EAF61FD0C33A0FFEB297DDB77A97F0A415347DB66BCAF"),
+ SHEX("AF415063A5E25C6E55ECA7F9BD1CB0C71A7A059B569737036B339CA559CC9C7466FA239EA57CFB5FCC50944871C008FB"));
+ test_hash(&nettle_sha3_384, /* 57 octets */
+ SHEX("416B5CDC9FE951BD361BD7ABFC120A5054758EBA88FDD68FD84E39D3B09AC25497D36B43CBE7B85A6A3CEBDA8DB4E5549C3EE51BB6FCB6AC1E"),
+ SHEX("6811EC07E6E85A289C881722AE84E6AEF01FD2761294C6ED9856D2F7EA1C71A89B2FCF4A9E56533360EA22317561EC05"));
+ test_hash(&nettle_sha3_384, /* 58 octets */
+ SHEX("5C5FAF66F32E0F8311C32E8DA8284A4ED60891A5A7E50FB2956B3CBAA79FC66CA376460E100415401FC2B8518C64502F187EA14BFC9503759705"),
+ SHEX("7C90268E981A3C0FF19E14CE9830A1B9DA5FC183950875961582644462059DD2FADCFA68750D7D2F44DFCAB9FFCE5832"));
+ test_hash(&nettle_sha3_384, /* 59 octets */
+ SHEX("7167E1E02BE1A7CA69D788666F823AE4EEF39271F3C26A5CF7CEE05BCA83161066DC2E217B330DF821103799DF6D74810EED363ADC4AB99F36046A"),
+ SHEX("64E9AD357B58C6FA0D26D0D1F48C4AB057B9F80965AC38494E88F542BA41D6B798FC2DD88290F8DDE7948C19B5A1F260"));
+ test_hash(&nettle_sha3_384, /* 60 octets */
+ SHEX("2FDA311DBBA27321C5329510FAE6948F03210B76D43E7448D1689A063877B6D14C4F6D0EAA96C150051371F7DD8A4119F7DA5C483CC3E6723C01FB7D"),
+ SHEX("3D73B33F001387FD1E752068AF39454E476B8407038C772D94400458C93664EC5226AD1BD3A19A6D9A6FBD6E6A62695C"));
+ test_hash(&nettle_sha3_384, /* 61 octets */
+ SHEX("95D1474A5AAB5D2422ACA6E481187833A6212BD2D0F91451A67DD786DFC91DFED51B35F47E1DEB8A8AB4B9CB67B70179CC26F553AE7B569969CE151B8D"),
+ SHEX("FC619CA9810CAAE3639B3FC661388C454167271E65ED0A2E5E8BC718AD21B9EDE895A658C946DC2FB15B33354DFE402A"));
+ test_hash(&nettle_sha3_384, /* 62 octets */
+ SHEX("C71BD7941F41DF044A2927A8FF55B4B467C33D089F0988AA253D294ADDBDB32530C0D4208B10D9959823F0C0F0734684006DF79F7099870F6BF53211A88D"),
+ SHEX("5843123A28F0B50C082023AC43B7299C4FE67302532DF4805BE6DEC3B84515B1C6C98F8A4E3D6CA826DA4A11300C3B9B"));
+ test_hash(&nettle_sha3_384, /* 63 octets */
+ SHEX("F57C64006D9EA761892E145C99DF1B24640883DA79D9ED5262859DCDA8C3C32E05B03D984F1AB4A230242AB6B78D368DC5AAA1E6D3498D53371E84B0C1D4BA"),
+ SHEX("81EDF06E9B64F3016B1547535ABA4DB08760FD23E9580163192F663FF62106001006A1393CF20DE4656DBCB029FB6314"));
+ test_hash(&nettle_sha3_384, /* 64 octets */
+ SHEX("E926AE8B0AF6E53176DBFFCC2A6B88C6BD765F939D3D178A9BDE9EF3AA131C61E31C1E42CDFAF4B4DCDE579A37E150EFBEF5555B4C1CB40439D835A724E2FAE7"),
+ SHEX("14AA679B0C11F9C363F549330261B45E1E90CE31F4A1B0CE5CB9EB81BD6079A3742D8602356C50985D0D3E540FDFDCFB"));
+ test_hash(&nettle_sha3_384, /* 65 octets */
+ SHEX("16E8B3D8F988E9BB04DE9C96F2627811C973CE4A5296B4772CA3EEFEB80A652BDF21F50DF79F32DB23F9F73D393B2D57D9A0297F7A2F2E79CFDA39FA393DF1AC00"),
+ SHEX("E430CE80BCC61D87FDE0A278CFF54D730C03A03377F4AC10B93ED59C5880117ACB20F1705AEFD29BE033D2F202594655"));
+ test_hash(&nettle_sha3_384, /* 66 octets */
+ SHEX("FC424EEB27C18A11C01F39C555D8B78A805B88DBA1DC2A42ED5E2C0EC737FF68B2456D80EB85E11714FA3F8EABFB906D3C17964CB4F5E76B29C1765DB03D91BE37FC"),
+ SHEX("C9F74AC47F9146F091DE6309357F3C2AF3A9C4474CC005AEFACE3C7A552B6127E34EC82C3AFCAACDD83E695CB86241E4"));
+ test_hash(&nettle_sha3_384, /* 67 octets */
+ SHEX("ABE3472B54E72734BDBA7D9158736464251C4F21B33FBBC92D7FAC9A35C4E3322FF01D2380CBAA4EF8FB07D21A2128B7B9F5B6D9F34E13F39C7FFC2E72E47888599BA5"),
+ SHEX("C42ECC8863077ABFF689413CE37B61F0436DDB62E56DE4E3333C26D95AEE9E9CBE1D8AAA6744C0DE6BA9CFF0FF01A6BF"));
+ test_hash(&nettle_sha3_384, /* 68 octets */
+ SHEX("36F9F0A65F2CA498D739B944D6EFF3DA5EBBA57E7D9C41598A2B0E4380F3CF4B479EC2348D015FFE6256273511154AFCF3B4B4BF09D6C4744FDD0F62D75079D440706B05"),
+ SHEX("B15392718CBF4A7C7FAD1C15E7F26C446E79D54251404E646B4DCA3D42142ED5140D0D30BD836C7D513CE6F5E104D42D"));
+ test_hash(&nettle_sha3_384, /* 69 octets */
+ SHEX("ABC87763CAE1CA98BD8C5B82CABA54AC83286F87E9610128AE4DE68AC95DF5E329C360717BD349F26B872528492CA7C94C2C1E1EF56B74DBB65C2AC351981FDB31D06C77A4"),
+ SHEX("E03294C68EDF4E8826B699ABDDBEF75467C49CAB56E085E4B83A58B2D9BDFAC9D58B45AACC0EC0CE2D6D79686A41AC13"));
+ test_hash(&nettle_sha3_384, /* 70 octets */
+ SHEX("94F7CA8E1A54234C6D53CC734BB3D3150C8BA8C5F880EAB8D25FED13793A9701EBE320509286FD8E422E931D99C98DA4DF7E70AE447BAB8CFFD92382D8A77760A259FC4FBD72"),
+ SHEX("D5539D7AEFF9F74DC75B6E95EADE063BE419B15A4179CFD06D4FD2741E22B2A24395AAA1C0242C995EB5EA891347B4DB"));
+ test_hash(&nettle_sha3_384, /* 71 octets */
+ SHEX("13BD2811F6ED2B6F04FF3895ACEED7BEF8DCD45EB121791BC194A0F806206BFFC3B9281C2B308B1A729CE008119DD3066E9378ACDCC50A98A82E20738800B6CDDBE5FE9694AD6D"),
+ SHEX("B115A9968B054C934C396D8188BA0C33A23C7189CE88B1DE4A06CD319792D28647EAE1D88FB0B87443E46292A5C645E8"));
+ test_hash(&nettle_sha3_384, /* 72 octets */
+ SHEX("1EED9CBA179A009EC2EC5508773DD305477CA117E6D569E66B5F64C6BC64801CE25A8424CE4A26D575B8A6FB10EAD3FD1992EDDDEEC2EBE7150DC98F63ADC3237EF57B91397AA8A7"),
+ SHEX("C8FAEF757E6D7B0AF46DA1E57C71ABB4AAF7CC91C5CDC33BA8A738172B95DE087EC4C92692CB40EE3787BCE3206FB7EA"));
+ test_hash(&nettle_sha3_384, /* 73 octets */
+ SHEX("BA5B67B5EC3A3FFAE2C19DD8176A2EF75C0CD903725D45C9CB7009A900C0B0CA7A2967A95AE68269A6DBF8466C7B6844A1D608AC661F7EFF00538E323DB5F2C644B78B2D48DE1A08AA"),
+ SHEX("F4F21BB74593AA107DC195FF52A3F90816CCEAE8D3EB9D4577B28B49C339837A52700A62EB421E8CA1C87F456310F62C"));
+ test_hash(&nettle_sha3_384, /* 74 octets */
+ SHEX("0EFA26AC5673167DCACAB860932ED612F65FF49B80FA9AE65465E5542CB62075DF1C5AE54FBA4DB807BE25B070033EFA223BDD5B1D3C94C6E1909C02B620D4B1B3A6C9FED24D70749604"),
+ SHEX("83544511A07F6058D9FE5AAD7EA837A9E180D8BBB884C5650B798942983A605A514C21D8D63DB0E25AAE51D26F410BC5"));
+ test_hash(&nettle_sha3_384, /* 75 octets */
+ SHEX("BBFD933D1FD7BF594AC7F435277DC17D8D5A5B8E4D13D96D2F64E771ABBD51A5A8AEA741BECCBDDB177BCEA05243EBD003CFDEAE877CCA4DA94605B67691919D8B033F77D384CA01593C1B"),
+ SHEX("8ECD8459FB904D2EDDB14207659C2BF96EFBD3E4C8988736EC75088F1CC8115D3FFFC8CEDF1C01721469D27968A6856B"));
+ test_hash(&nettle_sha3_384, /* 76 octets */
+ SHEX("90078999FD3C35B8AFBF4066CBDE335891365F0FC75C1286CDD88FA51FAB94F9B8DEF7C9AC582A5DBCD95817AFB7D1B48F63704E19C2BAA4DF347F48D4A6D603013C23F1E9611D595EBAC37C"),
+ SHEX("BE60246E27959DC8065C6D4DCAC93EB7F7146B49C759BF1DD5EBA46A3ECF074784A9DF18DEAB7A19AF7F6290CDACA87B"));
+ test_hash(&nettle_sha3_384, /* 77 octets */
+ SHEX("64105ECA863515C20E7CFBAA0A0B8809046164F374D691CDBD6508AAABC1819F9AC84B52BAFC1B0FE7CDDBC554B608C01C8904C669D8DB316A0953A4C68ECE324EC5A49FFDB59A1BD6A292AA0E"),
+ SHEX("9235BA18C55E2CBCA0FB1DA3BC8D0DFD848CA0E51DDC1020D4BECC0F138DA1087929FEC93AF16F5FB29C4A777DD91548"));
+ test_hash(&nettle_sha3_384, /* 78 octets */
+ SHEX("D4654BE288B9F3B711C2D02015978A8CC57471D5680A092AA534F7372C71CEAAB725A383C4FCF4D8DEAA57FCA3CE056F312961ECCF9B86F14981BA5BED6AB5B4498E1F6C82C6CAE6FC14845B3C8A"),
+ SHEX("08739DD866C6216ADCA26D6121E5D81FDB1F7BCD4802C2B811D73C282277D4014B4936E5589F62279BB33075705795F8"));
+ test_hash(&nettle_sha3_384, /* 79 octets */
+ SHEX("12D9394888305AC96E65F2BF0E1B18C29C90FE9D714DD59F651F52B88B3008C588435548066EA2FC4C101118C91F32556224A540DE6EFDDBCA296EF1FB00341F5B01FECFC146BDB251B3BDAD556CD2"),
+ SHEX("D2A2E858A5DD85D62E6F51AF7E42352AC0D7A68A835431BCCA47557E3B5C3373F40D3BAF85AE416012C7C982B2325790"));
+ test_hash(&nettle_sha3_384, /* 80 octets */
+ SHEX("871A0D7A5F36C3DA1DFCE57ACD8AB8487C274FAD336BC137EBD6FF4658B547C1DCFAB65F037AA58F35EF16AFF4ABE77BA61F65826F7BE681B5B6D5A1EA8085E2AE9CD5CF0991878A311B549A6D6AF230"),
+ SHEX("2990D7EA068A0307047B151D5DD6B1B2358A9EC8AD9B6B826CF1BEF399D488BD68D77DF8BE99F7DF7AF14AE0CE636379"));
+ test_hash(&nettle_sha3_384, /* 81 octets */
+ SHEX("E90B4FFEF4D457BC7711FF4AA72231CA25AF6B2E206F8BF859D8758B89A7CD36105DB2538D06DA83BAD5F663BA11A5F6F61F236FD5F8D53C5E89F183A3CEC615B50C7C681E773D109FF7491B5CC22296C5"),
+ SHEX("4B3087F800E4084D7F685737AC635DB459CF70C4FA863C711C1143CC10F0C4AB0A2370C099FB282F9C1CE5F015BF3F79"));
+ test_hash(&nettle_sha3_384, /* 82 octets */
+ SHEX("E728DE62D75856500C4C77A428612CD804F30C3F10D36FB219C5CA0AA30726AB190E5F3F279E0733D77E7267C17BE27D21650A9A4D1E32F649627638DBADA9702C7CA303269ED14014B2F3CF8B894EAC8554"),
+ SHEX("5D347FDDB118FD7DB270898407979D2D1531D3FF6642EC4F22917EBBEDA6CEE0FB0DE11432EDDDFCBF0E2AB9CFA65804"));
+ test_hash(&nettle_sha3_384, /* 83 octets */
+ SHEX("6348F229E7B1DF3B770C77544E5166E081850FA1C6C88169DB74C76E42EB983FACB276AD6A0D1FA7B50D3E3B6FCD799EC97470920A7ABED47D288FF883E24CA21C7F8016B93BB9B9E078BDB9703D2B781B616E"),
+ SHEX("954637B87FDCC484F2B61F7F42558068029F96099C1D6B9246585092EAE68924E5441B45027248A2728833169BFA5004"));
+ test_hash(&nettle_sha3_384, /* 84 octets */
+ SHEX("4B127FDE5DE733A1680C2790363627E63AC8A3F1B4707D982CAEA258655D9BF18F89AFE54127482BA01E08845594B671306A025C9A5C5B6F93B0A39522DC877437BE5C2436CBF300CE7AB6747934FCFC30AEAAF6"),
+ SHEX("78726E91AC311F4D104706362B0314C243CD81644125881FBC03670210C89FB8E7BFF6C61FF68B234C3171F16B398F36"));
+ test_hash(&nettle_sha3_384, /* 85 octets */
+ SHEX("08461F006CFF4CC64B752C957287E5A0FAABC05C9BFF89D23FD902D324C79903B48FCB8F8F4B01F3E4DDB483593D25F000386698F5ADE7FAADE9615FDC50D32785EA51D49894E45BAA3DC707E224688C6408B68B11"),
+ SHEX("80763FB54688F122269430980AA3ABE09091020B8CFA6BDE0EDC2C63AED8B8BA097CDB79B8FC7F5117508FCA4864A14D"));
+ test_hash(&nettle_sha3_384, /* 86 octets */
+ SHEX("68C8F8849B120E6E0C9969A5866AF591A829B92F33CD9A4A3196957A148C49138E1E2F5C7619A6D5EDEBE995ACD81EC8BB9C7B9CFCA678D081EA9E25A75D39DB04E18D475920CE828B94E72241F24DB72546B352A0E4"),
+ SHEX("80447583262DED037DA88F3B98698BD8F7AED7D9BF4D99F8132EC3E7D16BB844ADAD188757CEB32B359C56E5007EA3E4"));
+ test_hash(&nettle_sha3_384, /* 87 octets */
+ SHEX("B8D56472954E31FB54E28FCA743F84D8DC34891CB564C64B08F7B71636DEBD64CA1EDBDBA7FC5C3E40049CE982BBA8C7E0703034E331384695E9DE76B5104F2FBC4535ECBEEBC33BC27F29F18F6F27E8023B0FBB6F563C"),
+ SHEX("E5FB4AE5DDFB4CE8221DF4BE70240B76851E55FAE86BAF35BAD9E7179E24C95DA6F0F0695A8A5291A2394B92A6FF7B7C"));
+ test_hash(&nettle_sha3_384, /* 88 octets */
+ SHEX("0D58AC665FA84342E60CEFEE31B1A4EACDB092F122DFC68309077AED1F3E528F578859EE9E4CEFB4A728E946324927B675CD4F4AC84F64DB3DACFE850C1DD18744C74CECCD9FE4DC214085108F404EAB6D8F452B5442A47D"),
+ SHEX("CE6B07C0C7DA2FA1E6CA05DE0652FC9F1F452FC261E73E52457C72BF0D51BAC7D66160CFF16D6A03527982E7D4393507"));
+ test_hash(&nettle_sha3_384, /* 89 octets */
+ SHEX("1755E2D2E5D1C1B0156456B539753FF416651D44698E87002DCF61DCFA2B4E72F264D9AD591DF1FDEE7B41B2EB00283C5AEBB3411323B672EAA145C5125185104F20F335804B02325B6DEA65603F349F4D5D8B782DD3469CCD"),
+ SHEX("FA76E05F8D2832DADFEBA0107A3137B7B9D4D19A77A1E78F8BBFECDA7EF46414C363453E8C4902C302A4E18CEA4BA157"));
+ test_hash(&nettle_sha3_384, /* 90 octets */
+ SHEX("B180DE1A611111EE7584BA2C4B020598CD574AC77E404E853D15A101C6F5A2E5C801D7D85DC95286A1804C870BB9F00FD4DCB03AA8328275158819DCAD7253F3E3D237AEAA7979268A5DB1C6CE08A9EC7C2579783C8AFC1F91A7"),
+ SHEX("1B43B70B6BBBC768C1F4B3CE241667ADB5246D29981723846168D2234E19A5130B1F576B4974C613639A449E61B2CA79"));
+ test_hash(&nettle_sha3_384, /* 91 octets */
+ SHEX("CF3583CBDFD4CBC17063B1E7D90B02F0E6E2EE05F99D77E24E560392535E47E05077157F96813544A17046914F9EFB64762A23CF7A49FE52A0A4C01C630CFE8727B81FB99A89FF7CC11DCA5173057E0417B8FE7A9EFBA6D95C555F"),
+ SHEX("938252393A532D9E1F91D5C222E2DF2CC7AE102705BFB83FE30DCAEBCEA82BFF9BDA7CA67095439859146632494D3CE4"));
+ test_hash(&nettle_sha3_384, /* 92 octets */
+ SHEX("072FC02340EF99115BAD72F92C01E4C093B9599F6CFC45CB380EE686CB5EB019E806AB9BD55E634AB10AA62A9510CC0672CD3EDDB589C7DF2B67FCD3329F61B1A4441ECA87A33C8F55DA4FBBAD5CF2B2527B8E983BB31A2FADEC7523"),
+ SHEX("47633AD0C80AF26BF74D9598DBD5BCF77FC6BFF1BCA015A611D7B8240F597D8767FB8B0BF5C333156580AFEE121C299C"));
+ test_hash(&nettle_sha3_384, /* 93 octets */
+ SHEX("76EECF956A52649F877528146DE33DF249CD800E21830F65E90F0F25CA9D6540FDE40603230ECA6760F1139C7F268DEBA2060631EEA92B1FFF05F93FD5572FBE29579ECD48BC3A8D6C2EB4A6B26E38D6C5FBF2C08044AEEA470A8F2F26"),
+ SHEX("04456322E1BF27785EDF3F596DB33E693AADF76D9D259352D97ACD561BC45236506FBA3530772242CB369A83A38CD749"));
+ test_hash(&nettle_sha3_384, /* 94 octets */
+ SHEX("7ADC0B6693E61C269F278E6944A5A2D8300981E40022F839AC644387BFAC9086650085C2CDC585FEA47B9D2E52D65A2B29A7DC370401EF5D60DD0D21F9E2B90FAE919319B14B8C5565B0423CEFB827D5F1203302A9D01523498A4DB10374"),
+ SHEX("F8B1F2C317B9D1898C305DEC3C6C0AC45CFE7F995E944968206C1C1B2C92BD1D4FA392FFAA6094C6AFF95E47DC259EE9"));
+ test_hash(&nettle_sha3_384, /* 95 octets */
+ SHEX("E1FFFA9826CCE8B86BCCEFB8794E48C46CDF372013F782ECED1E378269B7BE2B7BF51374092261AE120E822BE685F2E7A83664BCFBE38FE8633F24E633FFE1988E1BC5ACF59A587079A57A910BDA60060E85B5F5B6F776F0529639D9CCE4BD"),
+ SHEX("4F439197C66439BAF65618F826E299A329380B558A52B0711182580BDBADBABB13AD66D60FADDB9DED226F0B401AA8BE"));
+ test_hash(&nettle_sha3_384, /* 96 octets */
+ SHEX("69F9ABBA65592EE01DB4DCE52DBAB90B08FC04193602792EE4DAA263033D59081587B09BBE49D0B49C9825D22840B2FF5D9C5155F975F8F2C2E7A90C75D2E4A8040FE39F63BBAFB403D9E28CC3B86E04E394A9C9E8065BD3C85FA9F0C7891600"),
+ SHEX("1C8B99BF6A3E80F0B8C67FA9BBF07D19C15D484CDE38F8FAADB748AE024A02E29FD2D7BDCE66D46C1A5239D7453FD3E3"));
+ test_hash(&nettle_sha3_384, /* 97 octets */
+ SHEX("38A10A352CA5AEDFA8E19C64787D8E9C3A75DBF3B8674BFAB29B5DBFC15A63D10FAE66CD1A6E6D2452D557967EAAD89A4C98449787B0B3164CA5B717A93F24EB0B506CEB70CBBCB8D72B2A72993F909AAD92F044E0B5A2C9AC9CB16A0CA2F81F49"),
+ SHEX("46F87BC07849E95104E67CC3DC71BDC109C1102BFB1ACDFE2F6A23173B52BF836CE00CD7A5A5FFE7D3BB8FAB33DECEDF"));
+ test_hash(&nettle_sha3_384, /* 98 octets */
+ SHEX("6D8C6E449BC13634F115749C248C17CD148B72157A2C37BF8969EA83B4D6BA8C0EE2711C28EE11495F43049596520CE436004B026B6C1F7292B9C436B055CBB72D530D860D1276A1502A5140E3C3F54A93663E4D20EDEC32D284E25564F624955B52"),
+ SHEX("FA12B9D070F697FD5391F3FC9C44056CEDA63F035D766655AA7D0A575ED55B15BA6BAF56300940B565E37A248E2DCAB8"));
+ test_hash(&nettle_sha3_384, /* 99 octets */
+ SHEX("6EFCBCAF451C129DBE00B9CEF0C3749D3EE9D41C7BD500ADE40CDC65DEDBBBADB885A5B14B32A0C0D087825201E303288A733842FA7E599C0C514E078F05C821C7A4498B01C40032E9F1872A1C925FA17CE253E8935E4C3C71282242CB716B2089CCC1"),
+ SHEX("5304D6DB2730FB07B85348B0226B1A81A546BA1FE201ECCE1E552DBA6AFB84CCE7A6F954E3100AE1724B82CF1CBC4128"));
+ test_hash(&nettle_sha3_384, /* 100 octets */
+ SHEX("433C5303131624C0021D868A30825475E8D0BD3052A022180398F4CA4423B98214B6BEAAC21C8807A2C33F8C93BD42B092CC1B06CEDF3224D5ED1EC29784444F22E08A55AA58542B524B02CD3D5D5F6907AFE71C5D7462224A3F9D9E53E7E0846DCBB4CE"),
+ SHEX("135114508DD63E279E709C26F7817C0482766CDE49132E3EDF2EEDD8996F4E3596D184100B384868249F1D8B8FDAA2C9"));
+ test_hash(&nettle_sha3_384, /* 101 octets */
+ SHEX("A873E0C67CA639026B6683008F7AA6324D4979550E9BCE064CA1E1FB97A30B147A24F3F666C0A72D71348EDE701CF2D17E2253C34D1EC3B647DBCEF2F879F4EB881C4830B791378C901EB725EA5C172316C6D606E0AF7DF4DF7F76E490CD30B2BADF45685F"),
+ SHEX("D560D54A2881ED47CC8C5AF9818FEEAF08B621B1AED4569D08807A0B61F902C1691D8B08FF75590FEAAED6E75F4C9E3F"));
+ test_hash(&nettle_sha3_384, /* 102 octets */
+ SHEX("006917B64F9DCDF1D2D87C8A6173B64F6587168E80FAA80F82D84F60301E561E312D9FBCE62F39A6FB476E01E925F26BCC91DE621449BE6504C504830AAE394096C8FC7694651051365D4EE9070101EC9B68086F2EA8F8AB7B811EA8AD934D5C9B62C60A4771"),
+ SHEX("FE5F30A315584092A271FDBCF4347A24D14A1F98CADC88DF288C36CEA8F89E9020019933BCD4F5A7479E3E4A57644C49"));
+ test_hash(&nettle_sha3_384, /* 103 octets */
+ SHEX("F13C972C52CB3CC4A4DF28C97F2DF11CE089B815466BE88863243EB318C2ADB1A417CB1041308598541720197B9B1CB5BA2318BD5574D1DF2174AF14884149BA9B2F446D609DF240CE335599957B8EC80876D9A085AE084907BC5961B20BF5F6CA58D5DAB38ADB"),
+ SHEX("A4E5EE130FC105818CD1A0DE74F1085B9B4D93889C509DC3A208B5230D39D8F304BB403F72BF0CF5E02C4C4A0831F328"));
+ test_hash(&nettle_sha3_384, /* 104 octets */
+ SHEX("E35780EB9799AD4C77535D4DDB683CF33EF367715327CF4C4A58ED9CBDCDD486F669F80189D549A9364FA82A51A52654EC721BB3AAB95DCEB4A86A6AFA93826DB923517E928F33E3FBA850D45660EF83B9876ACCAFA2A9987A254B137C6E140A21691E1069413848"),
+ SHEX("9FB5700502E01926824F46E9F61894F9487DBCF8AE6217203C85606F975566539376D6239DB04AEF9BF48CA4F191A90B"));
+ test_hash(&nettle_sha3_384, /* 105 octets */
+ SHEX("64EC021C9585E01FFE6D31BB50D44C79B6993D72678163DB474947A053674619D158016ADB243F5C8D50AA92F50AB36E579FF2DABB780A2B529370DAA299207CFBCDD3A9A25006D19C4F1FE33E4B1EAEC315D8C6EE1E730623FD1941875B924EB57D6D0C2EDC4E78D6"),
+ SHEX("F2E0FF6CF4801CFF2ECA1703E4E956C007A1F2709430F1F7A0A4FDD16A063522A4DFB6C41FA529C2E325F8CDD4F8DA96"));
+ test_hash(&nettle_sha3_384, /* 106 octets */
+ SHEX("5954BAB512CF327D66B5D9F296180080402624AD7628506B555EEA8382562324CF452FBA4A2130DE3E165D11831A270D9CB97CE8C2D32A96F50D71600BB4CA268CF98E90D6496B0A6619A5A8C63DB6D8A0634DFC6C7EC8EA9C006B6C456F1B20CD19E781AF20454AC880"),
+ SHEX("62029D962D2E323688DC5851C549DA39EF49CB994D2D6C51C57B9BBAB375AA10BD0605208D9946EA472573880230DD2D"));
+ test_hash(&nettle_sha3_384, /* 107 octets */
+ SHEX("03D9F92B2C565709A568724A0AFF90F8F347F43B02338F94A03ED32E6F33666FF5802DA4C81BDCE0D0E86C04AFD4EDC2FC8B4141C2975B6F07639B1994C973D9A9AFCE3D9D365862003498513BFA166D2629E314D97441667B007414E739D7FEBF0FE3C32C17AA188A8683"),
+ SHEX("25E546F76EA9F98E03E3B2F4AB608185073658E7EDA0777BD5B047A59085C3C500916347D4F77E38E35159AF133ED638"));
+ test_hash(&nettle_sha3_384, /* 108 octets */
+ SHEX("F31E8B4F9E0621D531D22A380BE5D9ABD56FAEC53CBD39B1FAB230EA67184440E5B1D15457BD25F56204FA917FA48E669016CB48C1FFC1E1E45274B3B47379E00A43843CF8601A5551411EC12503E5AAC43D8676A1B2297EC7A0800DBFEE04292E937F21C005F17411473041"),
+ SHEX("BEEFCEFF9E2D0825D60EA20E5271BF49C4AE3A5B54B56050988DD3DF5DB5EB4F1002EFBFBAED2FC72179DE44116976B2"));
+ test_hash(&nettle_sha3_384, /* 109 octets */
+ SHEX("758EA3FEA738973DB0B8BE7E599BBEF4519373D6E6DCD7195EA885FC991D896762992759C2A09002912FB08E0CB5B76F49162AEB8CF87B172CF3AD190253DF612F77B1F0C532E3B5FC99C2D31F8F65011695A087A35EE4EEE5E334C369D8EE5D29F695815D866DA99DF3F79403"),
+ SHEX("7D18254D46A14D0383EC56AC9CA2FDA7885AE673468C9F3B45BA792C2C23C9FF82491E6AECA15D076AD3A3432CFA650C"));
+ test_hash(&nettle_sha3_384, /* 110 octets */
+ SHEX("47C6E0C2B74948465921868804F0F7BD50DD323583DC784F998A93CD1CA4C6EF84D41DC81C2C40F34B5BEE6A93867B3BDBA0052C5F59E6F3657918C382E771D33109122CC8BB0E1E53C4E3D13B43CE44970F5E0C079D2AD7D7A3549CD75760C21BB15B447589E86E8D76B1E9CED2"),
+ SHEX("1E3E007CE37792D8A4423B797E876E89859590DEDD39711AD0F1DE2FD925F4320B44BD57DDC7050427943E3C957D4B6D"));
+ test_hash(&nettle_sha3_384, /* 111 octets */
+ SHEX("F690A132AB46B28EDFA6479283D6444E371C6459108AFD9C35DBD235E0B6B6FF4C4EA58E7554BD002460433B2164CA51E868F7947D7D7A0D792E4ABF0BE5F450853CC40D85485B2B8857EA31B5EA6E4CCFA2F3A7EF3380066D7D8979FDAC618AAD3D7E886DEA4F005AE4AD05E5065F"),
+ SHEX("D1D263B5311B05C7B9F7783E3AFD9A2E75791CE0503ED820474B35340D2CC84B0270921BBD965722011AA30CE4352926"));
+ test_hash(&nettle_sha3_384, /* 112 octets */
+ SHEX("58D6A99BC6458824B256916770A8417040721CCCFD4B79EACD8B65A3767CE5BA7E74104C985AC56B8CC9AEBD16FEBD4CDA5ADB130B0FF2329CC8D611EB14DAC268A2F9E633C99DE33997FEA41C52A7C5E1317D5B5DAED35EBA7D5A60E45D1FA7EAABC35F5C2B0A0F2379231953322C4E"),
+ SHEX("E482B0C1B2057F1B6B897BDC230DCA2B48FFC0E4600AC40A44DCE03E99A8D1DF94908A9FEBA0405DA79569E75059F9CE"));
+ test_hash(&nettle_sha3_384, /* 113 octets */
+ SHEX("BEFAB574396D7F8B6705E2D5B58B2C1C820BB24E3F4BAE3E8FBCD36DBF734EE14E5D6AB972AEDD3540235466E825850EE4C512EA9795ABFD33F330D9FD7F79E62BBB63A6EA85DE15BEAEEA6F8D204A28956059E2632D11861DFB0E65BC07AC8A159388D5C3277E227286F65FF5E5B5AEC1"),
+ SHEX("E54BC3B249DFF637001B58D13CBF64F453E01AD68A554CA994F71EC710216EF9769F1C8B463DC7B4A90A0CEACED41E3D"));
+ test_hash(&nettle_sha3_384, /* 114 octets */
+ SHEX("8E58144FA9179D686478622CE450C748260C95D1BA43B8F9B59ABECA8D93488DA73463EF40198B4D16FB0B0707201347E0506FF19D01BEA0F42B8AF9E71A1F1BD168781069D4D338FDEF00BF419FBB003031DF671F4A37979564F69282DE9C65407847DD0DA505AB1641C02DEA4F0D834986"),
+ SHEX("01DC4CED4693B36814443857931C5D3CEE8762FDA0220F8E9E63AB1EE9A7135ADE21C5AB3791821352FFBC322F3ED208"));
+ test_hash(&nettle_sha3_384, /* 115 octets */
+ SHEX("B55C10EAE0EC684C16D13463F29291BF26C82E2FA0422A99C71DB4AF14DD9C7F33EDA52FD73D017CC0F2DBE734D831F0D820D06D5F89DACC485739144F8CFD4799223B1AFF9031A105CB6A029BA71E6E5867D85A554991C38DF3C9EF8C1E1E9A7630BE61CAABCA69280C399C1FB7A12D12AEFC"),
+ SHEX("587C8104936BDD74700666663843746015906CF4C681C2A6FFDD07B732E9E7787B165E117DA340BCE4E27302BA288299"));
+ test_hash(&nettle_sha3_384, /* 116 octets */
+ SHEX("2EEEA693F585F4ED6F6F8865BBAE47A6908AECD7C429E4BEC4F0DE1D0CA0183FA201A0CB14A529B7D7AC0E6FF6607A3243EE9FB11BCF3E2304FE75FFCDDD6C5C2E2A4CD45F63C962D010645058D36571404A6D2B4F44755434D76998E83409C3205AA1615DB44057DB991231D2CB42624574F545"),
+ SHEX("51753384C8F9584BE3ED4526B9B29A97DC8A87D195D0155E7444950EEA55ABEC5C0D7814F1DFCE5CA4BF1D50EBC709AD"));
+ test_hash(&nettle_sha3_384, /* 117 octets */
+ SHEX("DAB11DC0B047DB0420A585F56C42D93175562852428499F66A0DB811FCDDDAB2F7CDFFED1543E5FB72110B64686BC7B6887A538AD44C050F1E42631BC4EC8A9F2A047163D822A38989EE4AAB01B4C1F161B062D873B1CFA388FD301514F62224157B9BEF423C7783B7AAC8D30D65CD1BBA8D689C2D"),
+ SHEX("BD1E1E9AE80B7FA79ADBD47D7A28BA44F4874108CD9BE5D327CC93C6ED4DACF8A9E2A3491D4168BFFAE63FB2F1070DE7"));
+ test_hash(&nettle_sha3_384, /* 118 octets */
+ SHEX("42E99A2F80AEE0E001279A2434F731E01D34A44B1A8101726921C0590C30F3120EB83059F325E894A5AC959DCA71CE2214799916424E859D27D789437B9D27240BF8C35ADBAFCECC322B48AA205B293962D858652ABACBD588BCF6CBC388D0993BD622F96ED54614C25B6A9AA527589EAAFFCF17DDF7"),
+ SHEX("6B7C1144FA984261377DBAACA78A03AE580B7F3A17D69BA0D56EE908DD9EC9F87EA30A7626ED7CCF25B53A6994E121E8"));
+ test_hash(&nettle_sha3_384, /* 119 octets */
+ SHEX("3C9B46450C0F2CAE8E3823F8BDB4277F31B744CE2EB17054BDDC6DFF36AF7F49FB8A2320CC3BDF8E0A2EA29AD3A55DE1165D219ADEDDB5175253E2D1489E9B6FDD02E2C3D3A4B54D60E3A47334C37913C5695378A669E9B72DEC32AF5434F93F46176EBF044C4784467C700470D0C0B40C8A088C815816"),
+ SHEX("76414F3B9E4FF8D150280C8E44BC54056849B25351352D9D9E986B3ECB6EC050542709AFE01979D2EB97E51D41217E6E"));
+ test_hash(&nettle_sha3_384, /* 120 octets */
+ SHEX("D1E654B77CB155F5C77971A64DF9E5D34C26A3CAD6C7F6B300D39DEB1910094691ADAA095BE4BA5D86690A976428635D5526F3E946F7DC3BD4DBC78999E653441187A81F9ADCD5A3C5F254BC8256B0158F54673DCC1232F6E918EBFC6C51CE67EAEB042D9F57EEC4BFE910E169AF78B3DE48D137DF4F2840"),
+ SHEX("92AC60E5DC492010A45F46AEF05F403F7569E1B4E2D0C909C871A783FC12457DE281AFF4C4CEE0207D20EAF546285070"));
+ test_hash(&nettle_sha3_384, /* 121 octets */
+ SHEX("626F68C18A69A6590159A9C46BE03D5965698F2DAC3DE779B878B3D9C421E0F21B955A16C715C1EC1E22CE3EB645B8B4F263F60660EA3028981EEBD6C8C3A367285B691C8EE56944A7CD1217997E1D9C21620B536BDBD5DE8925FF71DEC6FBC06624AB6B21E329813DE90D1E572DFB89A18120C3F606355D25"),
+ SHEX("8F99032CB49BB022EE5FB32446E1D39AA0FCD749741E4796979D4BEA5AB1B04D241592EC6058E54B8EC9EAB274EE632D"));
+ test_hash(&nettle_sha3_384, /* 122 octets */
+ SHEX("651A6FB3C4B80C7C68C6011675E6094EB56ABF5FC3057324EBC6477825061F9F27E7A94633ABD1FA598A746E4A577CAF524C52EC1788471F92B8C37F23795CA19D559D446CAB16CBCDCE90B79FA1026CEE77BF4AB1B503C5B94C2256AD75B3EAC6FD5DCB96ACA4B03A834BFB4E9AF988CECBF2AE597CB9097940"),
+ SHEX("8BB4F3CF0390A31D682213D22354DFE7D580C811682259872F2A29A08D373FD998F842334F64F81349364A930C82BAD4"));
+ test_hash(&nettle_sha3_384, /* 123 octets */
+ SHEX("8AAF072FCE8A2D96BC10B3C91C809EE93072FB205CA7F10ABD82ECD82CF040B1BC49EA13D1857815C0E99781DE3ADBB5443CE1C897E55188CEAF221AA9681638DE05AE1B322938F46BCE51543B57ECDB4C266272259D1798DE13BE90E10EFEC2D07484D9B21A3870E2AA9E06C21AA2D0C9CF420080A80A91DEE16F"),
+ SHEX("0BB7DAC544569E6EB74ACAB01A846F74AD2A0F31D8FACEE4D09FA49C81B93BD83B4F129B96DA4C0EAF165FDE52EF295B"));
+ test_hash(&nettle_sha3_384, /* 124 octets */
+ SHEX("53F918FD00B1701BD504F8CDEA803ACCA21AC18C564AB90C2A17DA592C7D69688F6580575395551E8CD33E0FEF08CA6ED4588D4D140B3E44C032355DF1C531564D7F4835753344345A6781E11CD5E095B73DF5F82C8AE3AD00877936896671E947CC52E2B29DCD463D90A0C9929128DA222B5A211450BBC0E02448E2"),
+ SHEX("10DD9348B2D95889EE613907824A10EFC708A101A67672FCA4C6539F5156C7DF805DBE666FCF4CC578F421AE3CF27122"));
+ test_hash(&nettle_sha3_384, /* 125 octets */
+ SHEX("A64599B8A61B5CCEC9E67AED69447459C8DA3D1EC6C7C7C82A7428B9B584FA67E90F68E2C00FBBED4613666E5168DA4A16F395F7A3C3832B3B134BFC9CBAA95D2A0FE252F44AC6681EB6D40AB91C1D0282FED6701C57463D3C5F2BB8C6A7301FB4576AA3B5F15510DB8956FF77478C26A7C09BEA7B398CFC83503F538E"),
+ SHEX("444B8A6F1EE118DE3FB3EC76B2FBAD9EF31916E1F99077DEFC51C2E59C8E6A3E207BA48E5EDD66C72B5BEBA67401D794"));
+ test_hash(&nettle_sha3_384, /* 126 octets */
+ SHEX("0E3AB0E054739B00CDB6A87BD12CAE024B54CB5E550E6C425360C2E87E59401F5EC24EF0314855F0F56C47695D56A7FB1417693AF2A1ED5291F2FEE95F75EED54A1B1C2E81226FBFF6F63ADE584911C71967A8EB70933BC3F5D15BC91B5C2644D9516D3C3A8C154EE48E118BD1442C043C7A0DBA5AC5B1D5360AAE5B9065"),
+ SHEX("F4D17C6299BAE7D0E6D15A550B311F30C1B038AEF56FE375F3B4BAE14F7EA427C5AA987EF93285975CE5F9E46A3E4C20"));
+ test_hash(&nettle_sha3_384, /* 127 octets */
+ SHEX("A62FC595B4096E6336E53FCDFC8D1CC175D71DAC9D750A6133D23199EAAC288207944CEA6B16D27631915B4619F743DA2E30A0C00BBDB1BBB35AB852EF3B9AEC6B0A8DCC6E9E1ABAA3AD62AC0A6C5DE765DE2C3711B769E3FDE44A74016FFF82AC46FA8F1797D3B2A726B696E3DEA5530439ACEE3A45C2A51BC32DD055650B"),
+ SHEX("39F911E9CB2763C8911AC3153040E48F403ABFE373E14B709A476868D3AB5841D1088F8393DD728305BA341138365D27"));
+ test_hash(&nettle_sha3_384, /* 128 octets */
+ SHEX("2B6DB7CED8665EBE9DEB080295218426BDAA7C6DA9ADD2088932CDFFBAA1C14129BCCDD70F369EFB149285858D2B1D155D14DE2FDB680A8B027284055182A0CAE275234CC9C92863C1B4AB66F304CF0621CD54565F5BFF461D3B461BD40DF28198E3732501B4860EADD503D26D6E69338F4E0456E9E9BAF3D827AE685FB1D817"),
+ SHEX("3ADEB7EEECF9069F143A10151FD4506AEEF3A0EF94CA65D4448ACF1E892B8EBB0887631804DD64E153AD41FAE0127A85"));
+ test_hash(&nettle_sha3_384, /* 129 octets */
+ SHEX("10DB509B2CDCABA6C062AE33BE48116A29EB18E390E1BBADA5CA0A2718AFBCD23431440106594893043CC7F2625281BF7DE2655880966A23705F0C5155C2F5CCA9F2C2142E96D0A2E763B70686CD421B5DB812DACED0C6D65035FDE558E94F26B3E6DDE5BD13980CC80292B723013BD033284584BFF27657871B0CF07A849F4AE2"),
+ SHEX("14830877DFAFE6F886A22DE7CE9A5FC74733A8FC27ECC523B6B4524E6312CBB22B51D7EB9DDAB37BA54BB2C0BFC32A6F"));
+ test_hash(&nettle_sha3_384, /* 130 octets */
+ SHEX("9334DE60C997BDA6086101A6314F64E4458F5FF9450C509DF006E8C547983C651CA97879175AABA0C539E82D05C1E02C480975CBB30118121061B1EBAC4F8D9A3781E2DB6B18042E01ECF9017A64A0E57447EC7FCBE6A7F82585F7403EE2223D52D37B4BF426428613D6B4257980972A0ACAB508A7620C1CB28EB4E9D30FC41361EC"),
+ SHEX("D109532BC4217326B3D25ED2D2F3F0D2482CC5BDD054218FA8BEDB91CD814F7FD683AA2AFCB8342CD34CE54D607E3DA0"));
+ test_hash(&nettle_sha3_384, /* 131 octets */
+ SHEX("E88AB086891693AA535CEB20E64C7AB97C7DD3548F3786339897A5F0C39031549CA870166E477743CCFBE016B4428D89738E426F5FFE81626137F17AECFF61B72DBEE2DC20961880CFE281DFAB5EE38B1921881450E16032DE5E4D55AD8D4FCA609721B0692BAC79BE5A06E177FE8C80C0C83519FB3347DE9F43D5561CB8107B9B5EDC"),
+ SHEX("DE64A37A7456638D3ACA1B895F4A88C26817177986A9F2F5B77B49CFF2C3E46BE2C49ABE89D741375DB87F4C898F6762"));
+ test_hash(&nettle_sha3_384, /* 132 octets */
+ SHEX("FD19E01A83EB6EC810B94582CB8FBFA2FCB992B53684FB748D2264F020D3B960CB1D6B8C348C2B54A9FCEA72330C2AAA9A24ECDB00C436ABC702361A82BB8828B85369B8C72ECE0082FE06557163899C2A0EFA466C33C04343A839417057399A63A3929BE1EE4805D6CE3E5D0D0967FE9004696A5663F4CAC9179006A2CEB75542D75D68"),
+ SHEX("8D9743710C171CD399A0D712E9D53374ED8E0A97672A40294C74F0D503F0292D6F41D5CEA08FB3C623C4EBA56848770D"));
+ test_hash(&nettle_sha3_384, /* 133 octets */
+ SHEX("59AE20B6F7E0B3C7A989AFB28324A40FCA25D8651CF1F46AE383EF6D8441587AA1C04C3E3BF88E8131CE6145CFB8973D961E8432B202FA5AF3E09D625FAAD825BC19DA9B5C6C20D02ABDA2FCC58B5BD3FE507BF201263F30543819510C12BC23E2DDB4F711D087A86EDB1B355313363A2DE996B891025E147036087401CCF3CA7815BF3C49"),
+ SHEX("FAE998D1074E30F2EA0A8B9FE259FD2E2A36804995EBE7E3A5AD34865B1A3316675297FE8E33EEF8ADCC02BE8C4765BE"));
+ test_hash(&nettle_sha3_384, /* 134 octets */
+ SHEX("77EE804B9F3295AB2362798B72B0A1B2D3291DCEB8139896355830F34B3B328561531F8079B79A6E9980705150866402FDC176C05897E359A6CB1A7AB067383EB497182A7E5AEF7038E4C96D133B2782917417E391535B5E1B51F47D8ED7E4D4025FE98DC87B9C1622614BFF3D1029E68E372DE719803857CA52067CDDAAD958951CB2068CC6"),
+ SHEX("0AA9CCC3C9CAE1603D3DA5E95F304ADB8FA575833929B09F7C1095D968BEA0471DFE8AAAD3AD11266DAAFF95F6667ABC"));
+ test_hash(&nettle_sha3_384, /* 135 octets */
+ SHEX("B771D5CEF5D1A41A93D15643D7181D2A2EF0A8E84D91812F20ED21F147BEF732BF3A60EF4067C3734B85BC8CD471780F10DC9E8291B58339A677B960218F71E793F2797AEA349406512829065D37BB55EA796FA4F56FD8896B49B2CD19B43215AD967C712B24E5032D065232E02C127409D2ED4146B9D75D763D52DB98D949D3B0FED6A8052FBB"),
+ SHEX("8FFDF6A4752D17D496F8ADEE7116BD2AF0A4B726BB3F4C5F85BE2C9DFC34055A509E4FE016930D9951A7212553E2E908"));
+ test_hash(&nettle_sha3_384, /* 136 octets */
+ SHEX("B32D95B0B9AAD2A8816DE6D06D1F86008505BD8C14124F6E9A163B5A2ADE55F835D0EC3880EF50700D3B25E42CC0AF050CCD1BE5E555B23087E04D7BF9813622780C7313A1954F8740B6EE2D3F71F768DD417F520482BD3A08D4F222B4EE9DBD015447B33507DD50F3AB4247C5DE9A8ABD62A8DECEA01E3B87C8B927F5B08BEB37674C6F8E380C04"),
+ SHEX("278E83CFF1FF6CC4B3AC41F3879DA87AE63B535B43815E273687A4CC519855B452CB6AF0198BB9FD0F3E43739BC0CDD7"));
+ test_hash(&nettle_sha3_384, /* 137 octets */
+ SHEX("04410E31082A47584B406F051398A6ABE74E4DA59BB6F85E6B49E8A1F7F2CA00DFBA5462C2CD2BFDE8B64FB21D70C083F11318B56A52D03B81CAC5EEC29EB31BD0078B6156786DA3D6D8C33098C5C47BB67AC64DB14165AF65B44544D806DDE5F487D5373C7F9792C299E9686B7E5821E7C8E2458315B996B5677D926DAC57B3F22DA873C601016A0D"),
+ SHEX("AA4B5A5FB94FE19578F33323BA1EEFC5B6ED70B34BC70193F386C99F73863611AF20581B4B1B3ED776DF9E235D3D4E45"));
+ test_hash(&nettle_sha3_384, /* 138 octets */
+ SHEX("8B81E9BADDE026F14D95C019977024C9E13DB7A5CD21F9E9FC491D716164BBACDC7060D882615D411438AEA056C340CDF977788F6E17D118DE55026855F93270472D1FD18B9E7E812BAE107E0DFDE7063301B71F6CFE4E225CAB3B232905A56E994F08EE2891BA922D49C3DAFEB75F7C69750CB67D822C96176C46BD8A29F1701373FB09A1A6E3C7158F"),
+ SHEX("3174CF3754A6FE603631ECDA4895171A9DCF7AFB02EB72AE270A9E3EBF2A65A72C3436C233FD4F17F7FBAFBAC0680C63"));
+ test_hash(&nettle_sha3_384, /* 139 octets */
+ SHEX("FA6EED24DA6666A22208146B19A532C2EC9BA94F09F1DEF1E7FC13C399A48E41ACC2A589D099276296348F396253B57CB0E40291BD282773656B6E0D8BEA1CDA084A3738816A840485FCF3FB307F777FA5FEAC48695C2AF4769720258C77943FB4556C362D9CBA8BF103AEB9034BAA8EA8BFB9C4F8E6742CE0D52C49EA8E974F339612E830E9E7A9C29065"),
+ SHEX("354813D9823D2F02D75D13893A6ABDB44E9E99666533429CC6F7EB3FBA10BF9ECD4A18BB9D5188E6E8F91DFDDBE8409A"));
+ test_hash(&nettle_sha3_384, /* 140 octets */
+ SHEX("9BB4AF1B4F09C071CE3CAFA92E4EB73CE8A6F5D82A85733440368DEE4EB1CBC7B55AC150773B6FE47DBE036C45582ED67E23F4C74585DAB509DF1B83610564545642B2B1EC463E18048FC23477C6B2AA035594ECD33791AF6AF4CBC2A1166ABA8D628C57E707F0B0E8707CAF91CD44BDB915E0296E0190D56D33D8DDE10B5B60377838973C1D943C22ED335E"),
+ SHEX("E2EFDC5007E4C13F811043DB967A423DE02AF411B4A251A225CAD041E83BD4DD89D8B24198DA00096CFE2E1B3F5D1960"));
+ test_hash(&nettle_sha3_384, /* 141 octets */
+ SHEX("2167F02118CC62043E9091A647CADBED95611A521FE0D64E8518F16C808AB297725598AE296880A773607A798F7C3CFCE80D251EBEC6885015F9ABF7EAABAE46798F82CB5926DE5C23F44A3F9F9534B3C6F405B5364C2F8A8BDC5CA49C749BED8CE4BA48897062AE8424CA6DDE5F55C0E42A95D1E292CA54FB46A84FBC9CD87F2D0C9E7448DE3043AE22FDD229"),
+ SHEX("E44C0856F0C245E002F914CF300E98C496E725A4DB561F2995AD9C8B97F341E15625B56B03D4D5880927B8574F5E5D74"));
+ test_hash(&nettle_sha3_384, /* 142 octets */
+ SHEX("94B7FA0BC1C44E949B1D7617D31B4720CBE7CA57C6FA4F4094D4761567E389ECC64F6968E4064DF70DF836A47D0C713336B5028B35930D29EB7A7F9A5AF9AD5CF441745BAEC9BB014CEEFF5A41BA5C1CE085FEB980BAB9CF79F2158E03EF7E63E29C38D7816A84D4F71E0F548B7FC316085AE38A060FF9B8DEC36F91AD9EBC0A5B6C338CBB8F6659D342A24368CF"),
+ SHEX("5D290C5DFF59A3A3DB8BC7320B8F64A4DBF67CA4F5DF9A07F235EDB6460345FC8971040481C9A5D0F09B62262B9ED9F8"));
+ test_hash(&nettle_sha3_384, /* 143 octets */
+ SHEX("EA40E83CB18B3A242C1ECC6CCD0B7853A439DAB2C569CFC6DC38A19F5C90ACBF76AEF9EA3742FF3B54EF7D36EB7CE4FF1C9AB3BC119CFF6BE93C03E208783335C0AB8137BE5B10CDC66FF3F89A1BDDC6A1EED74F504CBE7290690BB295A872B9E3FE2CEE9E6C67C41DB8EFD7D863CF10F840FE618E7936DA3DCA5CA6DF933F24F6954BA0801A1294CD8D7E66DFAFEC"),
+ SHEX("FE680250CAB1FBDB6AC8800DDC28E70100DF8DAAE38DA27004872AB05D40B15AE93EB44266E3014F0960038B28252C7B"));
+ test_hash(&nettle_sha3_384, /* 144 octets */
+ SHEX("157D5B7E4507F66D9A267476D33831E7BB768D4D04CC3438DA12F9010263EA5FCAFBDE2579DB2F6B58F911D593D5F79FB05FE3596E3FA80FF2F761D1B0E57080055C118C53E53CDB63055261D7C9B2B39BD90ACC32520CBBDBDA2C4FD8856DBCEE173132A2679198DAF83007A9B5C51511AE49766C792A29520388444EBEFE28256FB33D4260439CBA73A9479EE00C63"),
+ SHEX("511B13E53FD353FA4D38EF0CF8F1AF30DA554828A5FD1C53EC41F73D9ACA6C54AC7972C933AF4A2FC7AB852CA63A1BA6"));
+ test_hash(&nettle_sha3_384, /* 145 octets */
+ SHEX("836B34B515476F613FE447A4E0C3F3B8F20910AC89A3977055C960D2D5D2B72BD8ACC715A9035321B86703A411DDE0466D58A59769672AA60AD587B8481DE4BBA552A1645779789501EC53D540B904821F32B0BD1855B04E4848F9F8CFE9EBD8911BE95781A759D7AD9724A7102DBE576776B7C632BC39B9B5E19057E226552A5994C1DBB3B5C7871A11F5537011044C53"),
+ SHEX("554CF00A9AAFE0DFC8D49EA03288B52AED43A5104E22B838E40FDE7358491B5774DF455CF2EC73C53A7B30627A142A41"));
+ test_hash(&nettle_sha3_384, /* 146 octets */
+ SHEX("CC7784A4912A7AB5AD3620AAB29BA87077CD3CB83636ADC9F3DC94F51EDF521B2161EF108F21A0A298557981C0E53CE6CED45BDF782C1EF200D29BAB81DD6460586964EDAB7CEBDBBEC75FD7925060F7DA2B853B2B089588FA0F8C16EC6498B14C55DCEE335CB3A91D698E4D393AB8E8EAC0825F8ADEBEEE196DF41205C011674E53426CAA453F8DE1CBB57932B0B741D4C6"),
+ SHEX("C13C177E6453F78E81BC4EFEA7A10E9CA02273A6EB757497368539BF4AE1F1BBCBAE0FFF5DAD55EDCA61F474976CBF64"));
+ test_hash(&nettle_sha3_384, /* 147 octets */
+ SHEX("7639B461FFF270B2455AC1D1AFCE782944AEA5E9087EB4A39EB96BB5C3BAAF0E868C8526D3404F9405E79E77BFAC5FFB89BF1957B523E17D341D7323C302EA7083872DD5E8705694ACDDA36D5A1B895AAA16ECA6104C82688532C8BFE1790B5DC9F4EC5FE95BAED37E1D287BE710431F1E5E8EE105BC42ED37D74B1E55984BF1C09FE6A1FA13EF3B96FAEAED6A2A1950A12153"),
+ SHEX("C3E5DDF4572A386C99F998E68FCCC7F85867A73E13C2058C18391A922416FD352CA6B659BAD021E0D9A05789F59D3C67"));
+ test_hash(&nettle_sha3_384, /* 148 octets */
+ SHEX("EB6513FC61B30CFBA58D4D7E80F94D14589090CF1D80B1DF2E68088DC6104959BA0D583D585E9578AB0AEC0CF36C48435EB52ED9AB4BBCE7A5ABE679C97AE2DBE35E8CC1D45B06DDA3CF418665C57CBEE4BBB47FA4CAF78F4EE656FEC237FE4EEBBAFA206E1EF2BD0EE4AE71BD0E9B2F54F91DAADF1FEBFD7032381D636B733DCB3BF76FB14E23AFF1F68ED3DBCF75C9B99C6F26"),
+ SHEX("157481D0A24BA9FAFA1800C9713E702976167FDDF52367A7932AA3CFF22F4A2E19A016C7BACBD97CEC3EA6B1E87CB3D3"));
+ test_hash(&nettle_sha3_384, /* 149 octets */
+ SHEX("1594D74BF5DDE444265D4C04DAD9721FF3E34CBF622DAF341FE16B96431F6C4DF1F760D34F296EB97D98D560AD5286FEC4DCE1724F20B54FD7DF51D4BF137ADD656C80546FB1BF516D62EE82BAA992910EF4CC18B70F3F8698276FCFB44E0EC546C2C39CFD8EE91034FF9303058B4252462F86C823EB15BF481E6B79CC3A02218595B3658E8B37382BD5048EAED5FD02C37944E73B"),
+ SHEX("BCDD36EE35C2C771852E27DB2CDDABC155AB43D28E6289F0ABA4F93E793C999F30836C7483FBEA5A73F4EEB5D8D32FE3"));
+ test_hash(&nettle_sha3_384, /* 150 octets */
+ SHEX("4CFA1278903026F66FEDD41374558BE1B585D03C5C55DAC94361DF286D4BD39C7CB8037ED3B267B07C346626449D0CC5B0DD2CF221F7E4C3449A4BE99985D2D5E67BFF2923357DDEAB5ABCB4619F3A3A57B2CF928A022EB27676C6CF805689004FCA4D41EA6C2D0A4789C7605F7BB838DD883B3AD3E6027E775BCF262881428099C7FFF95B14C095EA130E0B9938A5E22FC52650F591"),
+ SHEX("FA7F66D37C1DC3E81BF55C443ABAD5CF79A3D9834F77A206291138AE31438B986737DC4599EC5D10F7F005D1833B7D2E"));
+ test_hash(&nettle_sha3_384, /* 151 octets */
+ SHEX("D3E65CB92CFA79662F6AF493D696A07CCF32AAADCCEFF06E73E8D9F6F909209E66715D6E978788C49EFB9087B170ECF3AA86D2D4D1A065AE0EFC8924F365D676B3CB9E2BEC918FD96D0B43DEE83727C9A93BF56CA2B2E59ADBA85696546A815067FC7A78039629D4948D157E7B0D826D1BF8E81237BAB7321312FDAA4D521744F988DB6FDF04549D0FDCA393D639C729AF716E9C8BBA48"),
+ SHEX("8F0E47ED680661F1ACE9EEEE855D935FDFC66B97C2E9A6FC7341F14D9327C8E72BCA3FA67E59804CEA41F09E1C4F8715"));
+ test_hash(&nettle_sha3_384, /* 152 octets */
+ SHEX("842CC583504539622D7F71E7E31863A2B885C56A0BA62DB4C2A3F2FD12E79660DC7205CA29A0DC0A87DB4DC62EE47A41DB36B9DDB3293B9AC4BAAE7DF5C6E7201E17F717AB56E12CAD476BE49608AD2D50309E7D48D2D8DE4FA58AC3CFEAFEEE48C0A9EEC88498E3EFC51F54D300D828DDDCCB9D0B06DD021A29CF5CB5B2506915BEB8A11998B8B886E0F9B7A80E97D91A7D01270F9A7717"),
+ SHEX("F105810E724C2C55162CF71721E3F59871F06010BC7F052AB282BFB6D4A3BF184B892BAF8FADD02070F64B9E036DC5F7"));
+ test_hash(&nettle_sha3_384, /* 153 octets */
+ SHEX("6C4B0A0719573E57248661E98FEBE326571F9A1CA813D3638531AE28B4860F23C3A3A8AC1C250034A660E2D71E16D3ACC4BF9CE215C6F15B1C0FC7E77D3D27157E66DA9CEEC9258F8F2BF9E02B4AC93793DD6E29E307EDE3695A0DF63CBDC0FC66FB770813EB149CA2A916911BEE4902C47C7802E69E405FE3C04CEB5522792A5503FA829F707272226621F7C488A7698C0D69AA561BE9F378"),
+ SHEX("CBB0FCE4AF36D14B63BC72D37FB4028327843FB22EC033BFC068E7B081287E31E3451D8A1D97692B379FF9E6ACD40240"));
+ test_hash(&nettle_sha3_384, /* 154 octets */
+ SHEX("51B7DBB7CE2FFEB427A91CCFE5218FD40F9E0B7E24756D4C47CD55606008BDC27D16400933906FD9F30EFFDD4880022D081155342AF3FB6CD53672AB7FB5B3A3BCBE47BE1FD3A2278CAE8A5FD61C1433F7D350675DD21803746CADCA574130F01200024C6340AB0CC2CF74F2234669F34E9009EF2EB94823D62B31407F4BA46F1A1EEC41641E84D77727B59E746B8A671BEF936F05BE820759FA"),
+ SHEX("44E4F77C0D7BCA6AD57D334F974BDA8DE2E08E104F14A8713280CE73897A945DC23AD058533B85750D9DD9D2D7B5D1AF"));
+ test_hash(&nettle_sha3_384, /* 155 octets */
+ SHEX("83599D93F5561E821BD01A472386BC2FF4EFBD4AED60D5821E84AAE74D8071029810F5E286F8F17651CD27DA07B1EB4382F754CD1C95268783AD09220F5502840370D494BEB17124220F6AFCE91EC8A0F55231F9652433E5CE3489B727716CF4AEBA7DCDA20CD29AA9A859201253F948DD94395ABA9E3852BD1D60DDA7AE5DC045B283DA006E1CBAD83CC13292A315DB5553305C628DD091146597"),
+ SHEX("6913184FAE1EF9FA2D57B1B7BD586D51DE9A5F387037266E7B4A83F4366498FF86C89934C05332A7E641149EF627FA34"));
+ test_hash(&nettle_sha3_384, /* 156 octets */
+ SHEX("2BE9BF526C9D5A75D565DD11EF63B979D068659C7F026C08BEA4AF161D85A462D80E45040E91F4165C074C43AC661380311A8CBED59CC8E4C4518E80CD2C78AB1CABF66BFF83EAB3A80148550307310950D034A6286C93A1ECE8929E6385C5E3BB6EA8A7C0FB6D6332E320E71CC4EB462A2A62E2BFE08F0CCAD93E61BEDB5DD0B786A728AB666F07E0576D189C92BF9FB20DCA49AC2D3956D47385E2"),
+ SHEX("F04FF5AAA68F2558586D2748587DEE3CF28BACAB5BE5F887D24A068311BA2D9E9BC0206C2706B9C109E7162E3ECB6346"));
+ test_hash(&nettle_sha3_384, /* 157 octets */
+ SHEX("CA76D3A12595A817682617006848675547D3E8F50C2210F9AF906C0E7CE50B4460186FE70457A9E879E79FD4D1A688C70A347361C847BA0DD6AA52936EAF8E58A1BE2F5C1C704E20146D366AEB3853BED9DE9BEFE9569AC8AAEA37A9FB7139A1A1A7D5C748605A8DEFB297869EBEDD71D615A5DA23496D11E11ABBB126B206FA0A7797EE7DE117986012D0362DCEF775C2FE145ADA6BDA1CCB326BF644"),
+ SHEX("D4B8CFB2FE5B63BB5BB678B98B465A2DFD23DFF498E778EE0535A5C077705AA2CA2F039832BAEA0F735609B3E4E18CF7"));
+ test_hash(&nettle_sha3_384, /* 158 octets */
+ SHEX("F76B85DC67421025D64E93096D1D712B7BAF7FB001716F02D33B2160C2C882C310EF13A576B1C2D30EF8F78EF8D2F465007109AAD93F74CB9E7D7BEF7C9590E8AF3B267C89C15DB238138C45833C98CC4A471A7802723EF4C744A853CF80A0C2568DD4ED58A2C9644806F42104CEE53628E5BDF7B63B0B338E931E31B87C24B146C6D040605567CEEF5960DF9E022CB469D4C787F4CBA3C544A1AC91F95F"),
+ SHEX("25B7237DA9D40DE047D41A30BD37155C0F108D7296B09079957D4EE31224A4BA256AF756D154878910C158E49186728B"));
+ test_hash(&nettle_sha3_384, /* 159 octets */
+ SHEX("25B8C9C032EA6BCD733FFC8718FBB2A503A4EA8F71DEA1176189F694304F0FF68E862A8197B839957549EF243A5279FC2646BD4C009B6D1EDEBF24738197ABB4C992F6B1DC9BA891F570879ACCD5A6B18691A93C7D0A8D38F95B639C1DAEB48C4C2F15CCF5B9D508F8333C32DE78781B41850F261B855C4BEBCC125A380C54D501C5D3BD07E6B52102116088E53D76583B0161E2A58D0778F091206AABD5A1"),
+ SHEX("F41B2D02D321F4BA106F931EE27D3F74E8D397BACECB0A1FA90BF5C837ACEB2ED8F0FEFF07B7EBEA6A88D0CC54AE8E6A"));
+ test_hash(&nettle_sha3_384, /* 160 octets */
+ SHEX("21CFDC2A7CCB7F331B3D2EEFFF37E48AD9FA9C788C3F3C200E0173D99963E1CBCA93623B264E920394AE48BB4C3A5BB96FFBC8F0E53F30E22956ADABC2765F57FB761E147ECBF8567533DB6E50C8A1F894310A94EDF806DD8CA6A0E141C0FA7C9FAE6C6AE65F18C93A8529E6E5B553BF55F25BE2E80A9882BD37F145FECBEB3D447A3C4E46C21524CC55CDD62F521AB92A8BA72B897996C49BB273198B7B1C9E"),
+ SHEX("9673A1A3535B8975CA0F512CDB0FDCDFB0179CE229E756AD70EAF1E5C3E1A4135E9FA7653EDBDCA4975AC18B17A662EB"));
+ test_hash(&nettle_sha3_384, /* 161 octets */
+ SHEX("4E452BA42127DCC956EF4F8F35DD68CB225FB73B5BC7E1EC5A898BBA2931563E74FAFF3B67314F241EC49F4A7061E3BD0213AE826BAB380F1F14FAAB8B0EFDDD5FD1BB49373853A08F30553D5A55CCBBB8153DE4704F29CA2BDEEF0419468E05DD51557CCC80C0A96190BBCC4D77ECFF21C66BDF486459D427F986410F883A80A5BCC32C20F0478BB9A97A126FC5F95451E40F292A4614930D054C851ACD019CCF"),
+ SHEX("32429CB1B5DAD663A0663E49033DB2290945019DF7E792CDFF3723EEDB88CD0603B3FAE0228A184F8EFFAC45112F453E"));
+ test_hash(&nettle_sha3_384, /* 162 octets */
+ SHEX("FA85671DF7DADF99A6FFEE97A3AB9991671F5629195049880497487867A6C446B60087FAC9A0F2FCC8E3B24E97E42345B93B5F7D3691829D3F8CCD4BB36411B85FC2328EB0C51CB3151F70860AD3246CE0623A8DC8B3C49F958F8690F8E3860E71EB2B1479A5CEA0B3F8BEFD87ACAF5362435EAECCB52F38617BC6C5C2C6E269EAD1FBD69E941D4AD2012DA2C5B21BCFBF98E4A77AB2AF1F3FDA3233F046D38F1DC8"),
+ SHEX("E91DEEBCD72BA12E2215602B488DED203A1E211D6358CADC6F906FBD89CA928F541222CBD8FC9A20B573EF22FC178778"));
+ test_hash(&nettle_sha3_384, /* 163 octets */
+ SHEX("E90847AE6797FBC0B6B36D6E588C0A743D725788CA50B6D792352EA8294F5BA654A15366B8E1B288D84F5178240827975A763BC45C7B0430E8A559DF4488505E009C63DA994F1403F407958203CEBB6E37D89C94A5EACF6039A327F6C4DBBC7A2A307D976AA39E41AF6537243FC218DFA6AB4DD817B6A397DF5CA69107A9198799ED248641B63B42CB4C29BFDD7975AC96EDFC274AC562D0474C60347A078CE4C25E88"),
+ SHEX("45290A24291E81CCB8D7840B6C4812AC98983D7BD3AFE46B427296AD636862B9E03ECF605B114CB47C0207267BC05958"));
+ test_hash(&nettle_sha3_384, /* 164 octets */
+ SHEX("F6D5C2B6C93954FC627602C00C4CA9A7D3ED12B27173F0B2C9B0E4A5939398A665E67E69D0B12FB7E4CEB253E8083D1CEB724AC07F009F094E42F2D6F2129489E846EAFF0700A8D4453EF453A3EDDC18F408C77A83275617FABC4EA3A2833AA73406C0E966276079D38E8E38539A70E194CC5513AAA457C699383FD1900B1E72BDFB835D1FD321B37BA80549B078A49EA08152869A918CA57F5B54ED71E4FD3AC5C06729"),
+ SHEX("E6BB2FAF5ABB3EDAFFE9E47F62586409B443E4C698070D61FC082261053270ECDC2484AA0145C851031E3C99DEFF2389"));
+ test_hash(&nettle_sha3_384, /* 165 octets */
+ SHEX("CF8562B1BED89892D67DDAAF3DEEB28246456E972326DBCDB5CF3FB289ACA01E68DA5D59896E3A6165358B071B304D6AB3D018944BE5049D5E0E2BB819ACF67A6006111089E6767132D72DD85BEDDCBB2D64496DB0CC92955AB4C6234F1EEA24F2D51483F2E209E4589BF9519FAC51B4D061E801125E605F8093BB6997BC163D551596FE4AB7CFAE8FB9A90F6980480CE0C229FD1675409BD788354DAF316240CFE0AF93EB"),
+ SHEX("79B792B34DA4425BB0B4217ABE23E5DBE4E87D3940E2F7BA52CA146618580A62545C44B81E06620AF6E273499073E3A8"));
+ test_hash(&nettle_sha3_384, /* 166 octets */
+ SHEX("2ACE31ABB0A2E3267944D2F75E1559985DB7354C6E605F18DC8470423FCA30B7331D9B33C4A4326783D1CAAE1B4F07060EFF978E4746BF0C7E30CD61040BD5EC2746B29863EB7F103EBDA614C4291A805B6A4C8214230564A0557BC7102E0BD3ED23719252F7435D64D210EE2AAFC585BE903FA41E1968C50FD5D5367926DF7A05E3A42CF07E656FF92DE73B036CF8B19898C0CB34557C0C12C2D8B84E91181AF467BC75A9D1"),
+ SHEX("9FA1D0AC7C37831731B71C19AC9E81EA115083ACE6D94349CE89FDB79B3462A749D76FDC93892F2F16AB0F7E18CDB79C"));
+ test_hash(&nettle_sha3_384, /* 167 octets */
+ SHEX("0D8D09AED19F1013969CE5E7EB92F83A209AE76BE31C754844EA9116CEB39A22EBB6003017BBCF26555FA6624185187DB8F0CB3564B8B1C06BF685D47F3286EDA20B83358F599D2044BBF0583FAB8D78F854FE0A596183230C5EF8E54426750EAF2CC4E29D3BDD037E734D863C2BD9789B4C243096138F7672C232314EFFDFC6513427E2DA76916B5248933BE312EB5DDE4CF70804FB258AC5FB82D58D08177AC6F4756017FFF5"),
+ SHEX("187CDFDB3757D80010D1E53157A5CCB0FCC34998EFC6BB3CE2E60768F5EEAA590656B49C0E036A3F34C9EF25F3BE587A"));
+ test_hash(&nettle_sha3_384, /* 168 octets */
+ SHEX("C3236B73DEB7662BF3F3DAA58F137B358BA610560EF7455785A9BEFDB035A066E90704F929BD9689CEF0CE3BDA5ACF4480BCEB8D09D10B098AD8500D9B6071DFC3A14AF6C77511D81E3AA8844986C3BEA6F469F9E02194C92868CD5F51646256798FF0424954C1434BDFED9FACB390B07D342E992936E0F88BFD0E884A0DDB679D0547CCDEC6384285A45429D115AC7D235A717242021D1DC35641F5F0A48E8445DBA58E6CB2C8EA"),
+ SHEX("7043F54F390B6ABD0DFF06F266E0E7B3E41F8D2E8DD43F899AC456662447A823A567B1B0FB8C2DF24E5F6689060CDDB4"));
+ test_hash(&nettle_sha3_384, /* 169 octets */
+ SHEX("B39FEB8283EADC63E8184B51DF5AE3FD41AAC8A963BB0BE1CD08AA5867D8D910C669221E73243360646F6553D1CA05A84E8DC0DE05B6419EC349CA994480193D01C92525F3FB3DCEFB08AFC6D26947BDBBFD85193F53B50609C6140905C53A6686B58E53A319A57B962331EDE98149AF3DE3118A819DA4D76706A0424B4E1D2910B0ED26AF61D150EBCB46595D4266A0BD7F651BA47D0C7F179CA28545007D92E8419D48FDFBD744CE"),
+ SHEX("D0CE0259AAEEA5BAEFF52929423C3DA07A8C75195F86D733A718D1C46A1E40AAD404750C41D7A158E79F278830B4C07A"));
+ test_hash(&nettle_sha3_384, /* 170 octets */
+ SHEX("A983D54F503803E8C7999F4EDBBE82E9084F422143A932DDDDC47A17B0B7564A7F37A99D0786E99476428D29E29D3C197A72BFAB1342C12A0FC4787FD7017D7A6174049EA43B5779169EF7472BDBBD941DCB82FC73AAC45A8A94C9F2BD3477F61FD3B796F02A1B8264A214C6FEA74B7051B226C722099EC7883A462B83B6AFDD4009248B8A237F605FE5A08FE7D8B45321421EBBA67BD70A0B00DDBF94BAAB7F359D5D1EEA105F28DCFB"),
+ SHEX("E4385A3BE011AF20FE4566C1CEBF4AA68270E42BE50AAAAE65F8F605E980B1D2736FB0E794330D764CA96BC68B8360BC"));
+ test_hash(&nettle_sha3_384, /* 171 octets */
+ SHEX("E4D1C1897A0A866CE564635B74222F9696BF2C7F640DD78D7E2ACA66E1B61C642BB03EA7536AAE597811E9BF4A7B453EDE31F97B46A5F0EF51A071A2B3918DF16B152519AE3776F9F1EDAB4C2A377C3292E96408359D3613844D5EB393000283D5AD3401A318B12FD1474B8612F2BB50FB6A8B9E023A54D7DDE28C43D6D8854C8D9D1155935C199811DBFC87E9E0072E90EB88681CC7529714F8FB8A2C9D88567ADFB974EE205A9BF7B848"),
+ SHEX("C979F00656A09E68485CCF07FBBB9108B00C5FC11D41F5966FF086F26C7102478EC177EE6D78C623C375A9E6F761809A"));
+ test_hash(&nettle_sha3_384, /* 172 octets */
+ SHEX("B10C59723E3DCADD6D75DF87D0A1580E73133A9B7D00CB95EC19F5547027323BE75158B11F80B6E142C6A78531886D9047B08E551E75E6261E79785366D7024BD7CD9CF322D9BE7D57FB661069F2481C7BB759CD71B4B36CA2BC2DF6D3A328FAEBDB995A9794A8D72155ED551A1F87C80BF6059B43FC764900B18A1C2441F7487743CF84E565F61F8DD2ECE6B6CCC9444049197AAAF53E926FBEE3BFCA8BE588EC77F29D211BE89DE18B15F6"),
+ SHEX("36139336110D1D6C27E4CC1F26F428EB8BDBCBA3AA9FFDCECF72009FB46BFAF9E3464C48BEFA4745BE36C697DD3BED8B"));
+ test_hash(&nettle_sha3_384, /* 173 octets */
+ SHEX("DB11F609BABA7B0CA634926B1DD539C8CBADA24967D7ADD4D9876F77C2D80C0F4DCEFBD7121548373582705CCA2495BD2A43716FE64ED26D059CFB566B3364BD49EE0717BDD9810DD14D8FAD80DBBDC4CAFB37CC60FB0FE2A80FB4541B8CA9D59DCE457738A9D3D8F641AF8C3FD6DA162DC16FC01AAC527A4A0255B4D231C0BE50F44F0DB0B713AF03D968FE7F0F61ED0824C55C4B5265548FEBD6AAD5C5EEDF63EFE793489C39B8FD29D104CE"),
+ SHEX("CE3268B8EC923B3331EA2CF85132C0733CF8BF87DAA544F8EE386D5DE9FBD4D8AD94E00B705CA5B61A3C1790B650080C"));
+ test_hash(&nettle_sha3_384, /* 174 octets */
+ SHEX("BEBD4F1A84FC8B15E4452A54BD02D69E304B7F32616AADD90537937106AE4E28DE9D8AAB02D19BC3E2FDE1D651559E296453E4DBA94370A14DBBB2D1D4E2022302EE90E208321EFCD8528AD89E46DC839EA9DF618EA8394A6BFF308E7726BAE0C19BCD4BE52DA6258E2EF4E96AA21244429F49EF5CB486D7FF35CAC1BACB7E95711944BCCB2AB34700D42D1EB38B5D536B947348A458EDE3DC6BD6EC547B1B0CAE5B257BE36A7124E1060C170FFA"),
+ SHEX("DDC398879BD16FB681FAE1512E3A1AE7ED2362DAD8BEE0D12D2256B2D856282043DC0CBBC0F63197B75E9982A1DAA8AE"));
+ test_hash(&nettle_sha3_384, /* 175 octets */
+ SHEX("5ACA56A03A13784BDC3289D9364F79E2A85C12276B49B92DB0ADAA4F206D5028F213F678C3510E111F9DC4C1C1F8B6ACB17A6413AA227607C515C62A733817BA5E762CC6748E7E0D6872C984D723C9BB3B117EB8963185300A80BFA65CDE495D70A46C44858605FCCBED086C2B45CEF963D33294DBE9706B13AF22F1B7C4CD5A001CFEC251FBA18E722C6E1C4B1166918B4F6F48A98B64B3C07FC86A6B17A6D0480AB79D4E6415B520F1C484D675B1"),
+ SHEX("350B4B2768020EAA95452B90414439A38BE03686131D45612C1B85FE06FD9196F27D221F4FF83251AA8E69AEF72F904D"));
+ test_hash(&nettle_sha3_384, /* 176 octets */
+ SHEX("A5AAD0E4646A32C85CFCAC73F02FC5300F1982FABB2F2179E28303E447854094CDFC854310E5C0F60993CEFF54D84D6B46323D930ADB07C17599B35B505F09E784BCA5985E0172257797FB53649E2E9723EFD16865C31B5C3D5113B58BB0BFC8920FABDDA086D7537E66D709D050BD14D0C960873F156FAD5B3D3840CDFCDC9BE6AF519DB262A27F40896AB25CC39F96984D650611C0D5A3080D5B3A1BF186ABD42956588B3B58CD948970D298776060"),
+ SHEX("4CD1367112C40FB7E3919DF20697A4E1CDC55FD0F01BE3953B1998B5FCB473E76E9E75D5D82E2973B3DB89538554933B"));
+ test_hash(&nettle_sha3_384, /* 177 octets */
+ SHEX("06CBBE67E94A978203EAD6C057A1A5B098478B4B4CBEF5A97E93C8E42F5572713575FC2A884531D7622F8F879387A859A80F10EF02708CD8F7413AB385AFC357678B9578C0EBF641EF076A1A30F1F75379E9DCB2A885BDD295905EE80C0168A62A9597D10CF12DD2D8CEE46645C7E5A141F6E0E23AA482ABE5661C16E69EF1E28371E2E236C359BA4E92C25626A7B7FF13F6EA4AE906E1CFE163E91719B1F750A96CBDE5FBC953D9E576CD216AFC90323A"),
+ SHEX("878AD52FA09FD4B6465083C9C9E6A2DDB81302E2DB0CAA934D03A196972ADDD4BB8FF869BF0069E970D6BAEB5BBA9B79"));
+ test_hash(&nettle_sha3_384, /* 178 octets */
+ SHEX("F1C528CF7739874707D4D8AD5B98F7C77169DE0B57188DF233B2DC8A5B31EDA5DB4291DD9F68E6BAD37B8D7F6C9C0044B3BF74BBC3D7D1798E138709B0D75E7C593D3CCCDC1B20C7174B4E692ADD820ACE262D45CCFAE2077E878796347168060A162ECCA8C38C1A88350BD63BB539134F700FD4ADDD5959E255337DAA06BC86358FABCBEFDFB5BC889783D843C08AADC6C4F6C36F65F156E851C9A0F917E4A367B5AD93D874812A1DE6A7B93CD53AD97232"),
+ SHEX("60071A7E2ECFAF3B5B2E84A677FB98E44BD3725ADDEEC5C37EC62052D57AF7B687A063FD39C8F6E86F79D97F246C757B"));
+ test_hash(&nettle_sha3_384, /* 179 octets */
+ SHEX("9D9F3A7ECD51B41F6572FD0D0881E30390DFB780991DAE7DB3B47619134718E6F987810E542619DFAA7B505C76B7350C6432D8BF1CFEBDF1069B90A35F0D04CBDF130B0DFC7875F4A4E62CDB8E525AADD7CE842520A482AC18F09442D78305FE85A74E39E760A4837482ED2F437DD13B2EC1042AFCF9DECDC3E877E50FF4106AD10A525230D11920324A81094DA31DEAB6476AA42F20C84843CFC1C58545EE80352BDD3740DD6A16792AE2D86F11641BB717C2"),
+ SHEX("EB929023D66AC20F11BF68EBC43069D27F35077A68D21FAB30854FFE53CBD784D7B25776D9F266F106433751E6C38A68"));
+ test_hash(&nettle_sha3_384, /* 180 octets */
+ SHEX("5179888724819FBAD3AFA927D3577796660E6A81C52D98E9303261D5A4A83232F6F758934D50AA83FF9E20A5926DFEBAAC49529D006EB923C5AE5048ED544EC471ED7191EDF46363383824F915769B3E688094C682B02151E5EE01E510B431C8865AFF8B6B6F2F59CB6D129DA79E97C6D2B8FA6C6DA3F603199D2D1BCAB547682A81CD6CF65F6551121391D78BCC23B5BD0E922EC6D8BF97C952E84DD28AEF909ABA31EDB903B28FBFC33B7703CD996215A11238"),
+ SHEX("6A51975C9FFEE8B94135A3BDA954DFE14E6267DBC9253F0BB04515A6B7745AEC611B7B66AE57D3FD3770AED4F412EC84"));
+ test_hash(&nettle_sha3_384, /* 181 octets */
+ SHEX("576EF3520D30B7A4899B8C0D5E359E45C5189ADD100E43BE429A02FB3DE5FF4F8FD0E79D9663ACCA72CD29C94582B19292A557C5B1315297D168FBB54E9E2ECD13809C2B5FCE998EDC6570545E1499DBE7FB74D47CD7F35823B212B05BF3F5A79CAA34224FDD670D335FCB106F5D92C3946F44D3AFCBAE2E41AC554D8E6759F332B76BE89A0324AA12C5482D1EA3EE89DED4936F3E3C080436F539FA137E74C6D3389BDF5A45074C47BC7B20B0948407A66D855E2F"),
+ SHEX("D2DC49C04553F09A8C3D7DB51DE890A71DBC10FE4E910C68BA5CA5DDB313D0A68375275C291B4DEB41F45E35A558BF77"));
+ test_hash(&nettle_sha3_384, /* 182 octets */
+ SHEX("0DF2152FA4F4357C8741529DD77E783925D3D76E95BAFA2B542A2C33F3D1D117D159CF473F82310356FEE4C90A9E505E70F8F24859656368BA09381FA245EB6C3D763F3093F0C89B972E66B53D59406D9F01AEA07F8B3B615CAC4EE4D05F542E7D0DAB45D67CCCCD3A606CCBEB31EA1FA7005BA07176E60DAB7D78F6810EF086F42F08E595F0EC217372B98970CC6321576D92CE38F7C397A403BADA1548D205C343AC09DECA86325373C3B76D9F32028FEA8EB32515"),
+ SHEX("AAB5747D7DCC77BACDE81A58C37764F8F41E08F2413B40D4E6C792CEFE52E4E2A406338752D7AD1269E7D5284FCB7400"));
+ test_hash(&nettle_sha3_384, /* 183 octets */
+ SHEX("3E15350D87D6EBB5C8AD99D42515CFE17980933C7A8F6B8BBBF0A63728CEFAAD2052623C0BD5931839112A48633FB3C2004E0749C87A41B26A8B48945539D1FF41A4B269462FD199BFECD45374756F55A9116E92093AC99451AEFB2AF9FD32D6D7F5FBC7F7A540D5097C096EBC3B3A721541DE073A1CC02F7FB0FB1B9327FB0B1218CA49C9487AB5396622A13AE546C97ABDEF6B56380DDA7012A8384091B6656D0AB272D363CEA78163FF765CDD13AB1738B940D16CAE"),
+ SHEX("72B526D74CF9521E00D9D6BCDFC1FB1760C6ACDF2DD75171305DB45D38098FF23C5B8ED3C21DA73FFB8DF7217CE46DBB"));
+ test_hash(&nettle_sha3_384, /* 184 octets */
+ SHEX("C38D6B0B757CB552BE40940ECE0009EF3B0B59307C1451686F1A22702922800D58BCE7A636C1727EE547C01B214779E898FC0E560F8AE7F61BEF4D75EAA696B921FD6B735D171535E9EDD267C192B99880C87997711002009095D8A7A437E258104A41A505E5EF71E5613DDD2008195F0C574E6BA3FE40099CFA116E5F1A2FA8A6DA04BADCB4E2D5D0DE31FDC4800891C45781A0AAC7C907B56D631FCA5CE8B2CDE620D11D1777ED9FA603541DE794DDC5758FCD5FAD78C0"),
+ SHEX("800CFA48B4647F7783BCD41B2C0F7F7D4D0FAA72481A2A42C4E9C43C9F62E27ACB4DDB73E318061D396059AADE4145E2"));
+ test_hash(&nettle_sha3_384, /* 185 octets */
+ SHEX("8D2DE3F0B37A6385C90739805B170057F091CD0C7A0BC951540F26A5A75B3E694631BB64C7635EED316F51318E9D8DE13C70A2ABA04A14836855F35E480528B776D0A1E8A23B547C8B8D6A0D09B241D3BE9377160CCA4E6793D00A515DC2992CB7FC741DACA171431DA99CCE6F7789F129E2AC5CF65B40D703035CD2185BB936C82002DAF8CBC27A7A9E554B06196630446A6F0A14BA155ED26D95BD627B7205C072D02B60DB0FD7E49EA058C2E0BA202DAFF0DE91E845CF79"),
+ SHEX("F782FF0DE7D5442D562CC500256EE4B5A00E885C8CD86009C53F337AE003854DE4B89794281A64375E3F696A415B95D2"));
+ test_hash(&nettle_sha3_384, /* 186 octets */
+ SHEX("C464BBDAD275C50DCD983B65AD1019B9FF85A1E71C807F3204BB2C921DC31FBCD8C5FC45868AE9EF85B6C9B83BBA2A5A822201ED68586EC5EC27FB2857A5D1A2D09D09115F22DCC39FE61F5E1BA0FF6E8B4ACB4C6DA748BE7F3F0839739394FF7FA8E39F7F7E84A33C3866875C01BCB1263C9405D91908E9E0B50E7459FABB63D8C6BBB73D8E3483C099B55BC30FF092FF68B6ADEDFD477D63570C9F5515847F36E24BA0B705557130CEC57EBAD1D0B31A378E91894EE26E3A04"),
+ SHEX("DE34506AD69085C6357D62B0B127CE66E25E8EC5FACA5BA898C75CA19E9AF24F02406716C61A71D62BDC28D718C125DF"));
+ test_hash(&nettle_sha3_384, /* 187 octets */
+ SHEX("8B8D68BB8A75732FE272815A68A1C9C5AA31B41DEDC8493E76525D1D013D33CEBD9E21A5BB95DB2616976A8C07FCF411F5F6BC6F7E0B57ACA78CC2790A6F9B898858AC9C79B165FF24E66677531E39F572BE5D81EB3264524181115F32780257BFB9AEEC6AF12AF28E587CAC068A1A2953B59AD680F4C245B2E3EC36F59940D37E1D3DB38E13EDB29B5C0F404F6FF87F80FC8BE7A225FF22FBB9C8B6B1D7330C57840D24BC75B06B80D30DAD6806544D510AF6C4785E823AC3E0B8"),
+ SHEX("6F4FEEDBA0ABB4DBF824302250E6B668CBFFDCA0B8C338236FE02A8779D8ACA391D8D116B2BC43D40E736096470A0BC0"));
+ test_hash(&nettle_sha3_384, /* 188 octets */
+ SHEX("6B018710446F368E7421F1BC0CCF562D9C1843846BC8D98D1C9BF7D9D6FCB48BFC3BF83B36D44C4FA93430AF75CD190BDE36A7F92F867F58A803900DF8018150384D85D82132F123006AC2AEBA58E02A037FE6AFBD65ECA7C44977DD3DC74F48B6E7A1BFD5CC4DCF24E4D52E92BD4455848E4928B0EAC8B7476FE3CC03E862AA4DFF4470DBFED6DE48E410F25096487ECFC32A27277F3F5023B2725ADE461B1355889554A8836C9CF53BD767F5737D55184EEA1AB3F53EDD0976C485"),
+ SHEX("A040CE1CBB996723CBCDBDFF7A6A5F69289737609534C5AF36F6C420A6ADFD570794079509D07E62566C58062D8186DB"));
+ test_hash(&nettle_sha3_384, /* 189 octets */
+ SHEX("C9534A24714BD4BE37C88A3DA1082EDA7CABD154C309D7BD670DCCD95AA535594463058A29F79031D6ECAA9F675D1211E9359BE82669A79C855EA8D89DD38C2C761DDD0EC0CE9E97597432E9A1BEAE062CDD71EDFDFD464119BE9E69D18A7A7FD7CE0E2106F0C8B0ABF4715E2CA48EF9F454DC203C96656653B727083513F8EFB86E49C513BB758B3B052FE21F1C05BB33C37129D6CC81F1AEF6ADC45B0E8827A830FE545CF57D0955802C117D23CCB55EA28F95C0D8C2F9C5A242B33F"),
+ SHEX("FF13C29C5E0D746CA27AEE38B6B49A13C1B3D70E62875443BCFC22A22E75031E60D68A917E3AE1D42D374D44CDC9F4C8"));
+ test_hash(&nettle_sha3_384, /* 190 octets */
+ SHEX("07906C87297B867ABF4576E9F3CC7F82F22B154AFCBF293B9319F1B0584DA6A40C27B32E0B1B7F412C4F1B82480E70A9235B12EC27090A5A33175A2BB28D8ADC475CEFE33F7803F8CE27967217381F02E67A3B4F84A71F1C5228E0C2AD971373F6F672624FCEA8D1A9F85170FAD30FA0BBD25035C3B41A6175D467998BD1215F6F3866F53847F9CF68EF3E2FBB54BC994DE2302B829C5EEA68EC441FCBAFD7D16AE4FE9FFF98BF00E5BC2AD54DD91FF9FDA4DD77B6C754A91955D1FBAAD0"),
+ SHEX("3A4418A16896ADAB7C6DC783A0FC9F8D7E949937BE1D68B5EF02574B2B0C9BA902FB9C15ED64FC825D598AAFC1B26347"));
+ test_hash(&nettle_sha3_384, /* 191 octets */
+ SHEX("588E94B9054ABC2189DF69B8BA34341B77CDD528E7860E5DEFCAA79B0C9A452AD4B82AA306BE84536EB7CEDCBE058D7B84A6AEF826B028B8A0271B69AC3605A9635EA9F5EA0AA700F3EB7835BC54611B922964300C953EFE7491E3677C2CEBE0822E956CD16433B02C68C4A23252C3F9E151A416B4963257B783E038F6B4D5C9F110F871652C7A649A7BCEDCBCCC6F2D0725BB903CC196BA76C76AA9F10A190B1D1168993BAA9FFC96A1655216773458BEC72B0E39C9F2C121378FEAB4E76A"),
+ SHEX("17F84411E60F6BD856D09C0ACF314E7546466AB0C1616284D2240D22BCCC7240E5A2D656D35257AB49781BDABEF6FCF9"));
+ test_hash(&nettle_sha3_384, /* 192 octets */
+ SHEX("08959A7E4BAAE874928813364071194E2939772F20DB7C3157078987C557C2A6D5ABE68D520EEF3DC491692E1E21BCD880ADEBF63BB4213B50897FA005256ED41B5690F78F52855C8D9168A4B666FCE2DA2B456D7A7E7C17AB5F2FB1EE90B79E698712E963715983FD07641AE4B4E9DC73203FAC1AE11FA1F8C7941FCC82EAB247ADDB56E2638447E9D609E610B60CE086656AAEBF1DA3C8A231D7D94E2FD0AFE46B391FF14A72EAEB3F44AD4DF85866DEF43D4781A0B3578BC996C87970B132"),
+ SHEX("E577F79B0E05355B8F63EC1E639BC5A51A72BBB0ABAFE76D3133DEC4DA9BEF9A361F3E3C0ADB4C07E2757FE1D4790B9A"));
+ test_hash(&nettle_sha3_384, /* 193 octets */
+ SHEX("CB2A234F45E2ECD5863895A451D389A369AAB99CFEF0D5C9FFCA1E6E63F763B5C14FB9B478313C8E8C0EFEB3AC9500CF5FD93791B789E67EAC12FD038E2547CC8E0FC9DB591F33A1E4907C64A922DDA23EC9827310B306098554A4A78F050262DB5B545B159E1FF1DCA6EB734B872343B842C57EAFCFDA8405EEDBB48EF32E99696D135979235C3A05364E371C2D76F1902F1D83146DF9495C0A6C57D7BF9EE77E80F9787AEE27BE1FE126CDC9EF893A4A7DCBBC367E40FE4E1EE90B42EA25AF01"),
+ SHEX("F78106F10E6C1F1CA5190FE541345145EE25BC51D3C1CBAAA04C0DB2A3BA2584DDD30F3A889B94BBCB9573CD9417574C"));
+ test_hash(&nettle_sha3_384, /* 194 octets */
+ SHEX("D16BEADF02AB1D4DC6F88B8C4554C51E866DF830B89C06E786A5F8757E8909310AF51C840EFE8D20B35331F4355D80F73295974653DDD620CDDE4730FB6C8D0D2DCB2B45D92D4FBDB567C0A3E86BD1A8A795AF26FBF29FC6C65941CDDB090FF7CD230AC5268AB4606FCCBA9EDED0A2B5D014EE0C34F0B2881AC036E24E151BE89EEB6CD9A7A790AFCCFF234D7CB11B99EBF58CD0C589F20BDAC4F9F0E28F75E3E04E5B3DEBCE607A496D848D67FA7B49132C71B878FD5557E082A18ECA1FBDA94D4B"),
+ SHEX("6F42FAF87DA65516FC0CCA70A385F26EBDAA94DF64AA5E7A3119AC18C6214E3D0B61158FBD6C2487E0ABFB0C6C85EF87"));
+ test_hash(&nettle_sha3_384, /* 195 octets */
+ SHEX("8F65F6BC59A85705016E2BAE7FE57980DE3127E5AB275F573D334F73F8603106EC3553016608EF2DD6E69B24BE0B7113BF6A760BA6E9CE1C48F9E186012CF96A1D4849D75DF5BB8315387FD78E9E153E76F8BA7EC6C8849810F59FB4BB9B004318210B37F1299526866F44059E017E22E96CBE418699D014C6EA01C9F0038B10299884DBEC3199BB05ADC94E955A1533219C1115FED0E5F21228B071F40DD57C4240D98D37B73E412FE0FA4703120D7C0C67972ED233E5DEB300A22605472FA3A3BA86"),
+ SHEX("82FC97EE34A8FCC276AE1C8130555CC2D339AA6CB34003488378855529F9EE3AF819EC104DD2DE300AB7DBC04B2B4017"));
+ test_hash(&nettle_sha3_384, /* 196 octets */
+ SHEX("84891E52E0D451813210C3FD635B39A03A6B7A7317B221A7ABC270DFA946C42669AACBBBDF801E1584F330E28C729847EA14152BD637B3D0F2B38B4BD5BF9C791C58806281103A3EABBAEDE5E711E539E6A8B2CF297CF351C078B4FA8F7F35CF61BEBF8814BF248A01D41E86C5715EA40C63F7375379A7EB1D78F27622FB468AB784AAABA4E534A6DFD1DF6FA15511341E725ED2E87F98737CCB7B6A6DFAE416477472B046BF1811187D151BFA9F7B2BF9ACDB23A3BE507CDF14CFDF517D2CB5FB9E4AB6"),
+ SHEX("75D140BE47E116211F4F668E05ADD36C83B3E481DF9F28064A41898335D97C805471214E29C0B849875845C9B8DE25E3"));
+ test_hash(&nettle_sha3_384, /* 197 octets */
+ SHEX("FDD7A9433A3B4AFABD7A3A5E3457E56DEBF78E84B7A0B0CA0E8C6D53BD0C2DAE31B2700C6128334F43981BE3B213B1D7A118D59C7E6B6493A86F866A1635C12859CFB9AD17460A77B4522A5C1883C3D6ACC86E6162667EC414E9A104AA892053A2B1D72165A855BACD8FAF8034A5DD9B716F47A0818C09BB6BAF22AA503C06B4CA261F557761989D2AFBD88B6A678AD128AF68672107D0F1FC73C5CA740459297B3292B281E93BCEB761BDE7221C3A55708E5EC84472CDDCAA84ECF23723CC0991355C6280"),
+ SHEX("1A04CD93747CA583A58AB4A8C7C8C7A33F025EDE1B2DD080E5AF0C4DC63C8715E436DD57FF7F401DECEF813F330D6588"));
+ test_hash(&nettle_sha3_384, /* 198 octets */
+ SHEX("70A40BFBEF92277A1AAD72F6B79D0177197C4EBD432668CFEC05D099ACCB651062B5DFF156C0B27336687A94B26679CFDD9DAF7AD204338DD9C4D14114033A5C225BD11F217B5F4732DA167EE3F939262D4043FC9CBA92303B7B5E96AEA12ADDA64859DF4B86E9EE0B58E39091E6B188B408AC94E1294A8911245EE361E60E601EFF58D1D37639F3753BEC80EBB4EFDE25817436076623FC65415FE51D1B0280366D12C554D86743F3C3B6572E400361A60726131441BA493A83FBE9AFDA90F7AF1AE717238D"),
+ SHEX("FB0626F2B189679DD998BC18F30DF82D0907B62AA77C8669E22B53860E3988503D884884163A561739254CA13929B69B"));
+ test_hash(&nettle_sha3_384, /* 199 octets */
+ SHEX("74356E449F4BF8644F77B14F4D67CB6BD9C1F5AE357621D5B8147E562B65C66585CAF2E491B48529A01A34D226D436959153815380D5689E30B35357CDAC6E08D3F2B0E88E200600D62BD9F5EAF488DF86A4470EA227006182E44809009868C4C280C43D7D64A5268FA719074960087B3A6ABC837882F882C837834535929389A12B2C78187E2EA07EF8B8EEF27DC85002C3AE35F1A50BEE6A1C48BA7E175F3316670B27983472AA6A61EED0A683A39EE323080620EA44A9F74411AE5CE99030528F9AB49C79F2"),
+ SHEX("CC2EF9602F80D0734295C7C158EC366608CF60A423D0836644B60831A94E7EAF994C81F19174FD6CA75BB246BBCCA200"));
+ test_hash(&nettle_sha3_384, /* 200 octets */
+ SHEX("8C3798E51BC68482D7337D3ABB75DC9FFE860714A9AD73551E120059860DDE24AB87327222B64CF774415A70F724CDF270DE3FE47DDA07B61C9EF2A3551F45A5584860248FABDE676E1CD75F6355AA3EAEABE3B51DC813D9FB2EAA4F0F1D9F834D7CAD9C7C695AE84B329385BC0BEF895B9F1EDF44A03D4B410CC23A79A6B62E4F346A5E8DD851C2857995DDBF5B2D717AEB847310E1F6A46AC3D26A7F9B44985AF656D2B7C9406E8A9E8F47DCB4EF6B83CAACF9AEFB6118BFCFF7E44BEF6937EBDDC89186839B77"),
+ SHEX("B5A7160112E0825A7C03643BEB98B1FC2549B81F01C3C4271DFF99BE57D472A7FAD133808D7D2D414D6011E9A2E8DFEC"));
+ test_hash(&nettle_sha3_384, /* 201 octets */
+ SHEX("FA56BF730C4F8395875189C10C4FB251605757A8FECC31F9737E3C2503B02608E6731E85D7A38393C67DE516B85304824BFB135E33BF22B3A23B913BF6ACD2B7AB85198B8187B2BCD454D5E3318CACB32FD6261C31AE7F6C54EF6A7A2A4C9F3ECB81CE3555D4F0AD466DD4C108A90399D70041997C3B25345A9653F3C9A6711AB1B91D6A9D2216442DA2C973CBD685EE7643BFD77327A2F7AE9CB283620A08716DFB462E5C1D65432CA9D56A90E811443CD1ECB8F0DE179C9CB48BA4F6FEC360C66F252F6E64EDC96B"),
+ SHEX("E7B3118D7FCA9D294F596D820F468CD9027920777A41A706EDE877CBEB9517F223B268C5E805A374051822692E9AB44B"));
+ test_hash(&nettle_sha3_384, /* 202 octets */
+ SHEX("B6134F9C3E91DD8000740D009DD806240811D51AB1546A974BCB18D344642BAA5CD5903AF84D58EC5BA17301D5EC0F10CCD0509CBB3FD3FFF9172D193AF0F782252FD1338C7244D40E0E42362275B22D01C4C3389F19DD69BDF958EBE28E31A4FFE2B5F18A87831CFB7095F58A87C9FA21DB72BA269379B2DC2384B3DA953C7925761FED324620ACEA435E52B424A7723F6A2357374157A34CD8252351C25A1B232826CEFE1BD3E70FFC15A31E7C0598219D7F00436294D11891B82497BC78AA5363892A2495DF8C1EEF"),
+ SHEX("C3FA6C9D0FF231198AECA80EA428AC4B32C481D390CE4A90D0F65FF7D58F696C1FAADA1673D7E2D161462C95C2E2A310"));
+ test_hash(&nettle_sha3_384, /* 203 octets */
+ SHEX("C941CDB9C28AB0A791F2E5C8E8BB52850626AA89205BEC3A7E22682313D198B1FA33FC7295381354858758AE6C8EC6FAC3245C6E454D16FA2F51C4166FAB51DF272858F2D603770C40987F64442D487AF49CD5C3991CE858EA2A60DAB6A65A34414965933973AC2457089E359160B7CDEDC42F29E10A91921785F6B7224EE0B349393CDCFF6151B50B377D609559923D0984CDA6000829B916AB6896693EF6A2199B3C22F7DC5500A15B8258420E314C222BC000BC4E5413E6DD82C993F8330F5C6D1BE4BC79F08A1A0A46"),
+ SHEX("C4BD1157C093ACB27BD3BD7F444F836BFCBA0DAFE11675104C6437E5981442BE999C860DD6E1B75FAF6A553E907B61EE"));
+ test_hash(&nettle_sha3_384, /* 204 octets */
+ SHEX("4499EFFFAC4BCEA52747EFD1E4F20B73E48758BE915C88A1FFE5299B0B005837A46B2F20A9CB3C6E64A9E3C564A27C0F1C6AD1960373036EC5BFE1A8FC6A435C2185ED0F114C50E8B3E4C7ED96B06A036819C9463E864A58D6286F785E32A804443A56AF0B4DF6ABC57ED5C2B185DDEE8489EA080DEEEE66AA33C2E6DAB36251C402682B6824821F998C32163164298E1FAFD31BABBCFFB594C91888C6219079D907FDB438ED89529D6D96212FD55ABE20399DBEFD342248507436931CDEAD496EB6E4A80358ACC78647D043"),
+ SHEX("D099F3C8052CAA2CF9751B1ED2D472C21FED667892BC1C417600A4C93EFFE88F1B17B36D37E4D26B9CD65ACB13A6DB6F"));
+ test_hash(&nettle_sha3_384, /* 205 octets */
+ SHEX("EECBB8FDFA4DA62170FD06727F697D81F83F601FF61E478105D3CB7502F2C89BF3E8F56EDD469D049807A38882A7EEFBC85FC9A950952E9FA84B8AFEBD3CE782D4DA598002827B1EB98882EA1F0A8F7AA9CE013A6E9BC462FB66C8D4A18DA21401E1B93356EB12F3725B6DB1684F2300A98B9A119E5D27FF704AFFB618E12708E77E6E5F34139A5A41131FD1D6336C272A8FC37080F041C71341BEE6AB550CB4A20A6DDB6A8E0299F2B14BC730C54B8B1C1C487B494BDCCFD3A53535AB2F231590BF2C4062FD2AD58F906A2D0D"),
+ SHEX("7A9FE13FE3318121BABB340A3B045DC89D1BE2D0EC05802C9254FEC39EFCDE163C514DCDBA3FF93F9B097486C2012385"));
+ test_hash(&nettle_sha3_384, /* 206 octets */
+ SHEX("E64F3E4ACE5C8418D65FEC2BC5D2A303DD458034736E3B0DF719098BE7A206DEAF52D6BA82316CAF330EF852375188CDE2B39CC94AA449578A7E2A8E3F5A9D68E816B8D16889FBC0EBF0939D04F63033AE9AE2BDAB73B88C26D6BD25EE460EE1EF58FB0AFA92CC539F8C76D3D097E7A6A63EBB9B5887EDF3CF076028C5BBD5B9DB3211371AD3FE121D4E9BF44229F4E1ECF5A0F9F0EBA4D5CEB72878AB22C3F0EB5A625323AC66F7061F4A81FAC834471E0C59553F108475FE290D43E6A055AE3EE46FB67422F814A68C4BE3E8C9"),
+ SHEX("8AEEDE5D6E2F9F1C7A6644A8DA0F93574DF8CA33B2ED9D364615E1F9CF1A801315410733881CE0DAD2F6FB5A916A97E1"));
+ test_hash(&nettle_sha3_384, /* 207 octets */
+ SHEX("D2CB2D733033F9E91395312808383CC4F0CA974E87EC68400D52E96B3FA6984AC58D9AD0938DDE5A973008D818C49607D9DE2284E7618F1B8AED8372FBD52ED54557AF4220FAC09DFA8443011699B97D743F8F2B1AEF3537EBB45DCC9E13DFB438428EE190A4EFDB3CAEB7F3933117BF63ABDC7E57BEB4171C7E1AD260AB0587806C4D137B6316B50ABC9CCE0DFF3ACADA47BBB86BE777E617BBE578FF4519844DB360E0A96C6701290E76BB95D26F0F804C8A4F2717EAC4E7DE9F2CFF3BBC55A17E776C0D02856032A6CD10AD2838"),
+ SHEX("29E62D8C1B71F826544A0CBFCDD99CF8AA1C97E153063120D295EDF69E2ECB5A2783C66760D0F87BF944516824CCFCB1"));
+ test_hash(&nettle_sha3_384, /* 208 octets */
+ SHEX("F2998955613DD414CC111DF5CE30A995BB792E260B0E37A5B1D942FE90171A4AC2F66D4928D7AD377F4D0554CBF4C523D21F6E5F379D6F4B028CDCB9B1758D3B39663242FF3CB6EDE6A36A6F05DB3BC41E0D861B384B6DEC58BB096D0A422FD542DF175E1BE1571FB52AE66F2D86A2F6824A8CFAACBAC4A7492AD0433EEB15454AF8F312B3B2A577750E3EFBD370E8A8CAC1582581971FBA3BA4BD0D76E718DACF8433D33A59D287F8CC92234E7A271041B526E389EFB0E40B6A18B3AAF658E82ED1C78631FD23B4C3EB27C3FAEC8685"),
+ SHEX("EB2F1BF2D9EE857B189318DFAF49DC3FAD79501189AC9B5765DFB234EC4A62F0B0E34E7AC3F494D6F05C7BB86AE5CDA2"));
+ test_hash(&nettle_sha3_384, /* 209 octets */
+ SHEX("447797E2899B72A356BA55BF4DF3ACCA6CDB1041EB477BD1834A9F9ACBC340A294D729F2F97DF3A610BE0FF15EDB9C6D5DB41644B9874360140FC64F52AA03F0286C8A640670067A84E017926A70438DB1BB361DEFEE7317021425F8821DEF26D1EFD77FC853B818545D055ADC9284796E583C76E6FE74C9AC2587AA46AA8F8804F2FEB5836CC4B3ABABAB8429A5783E17D5999F32242EB59EF30CD7ADABC16D72DBDB097623047C98989F88D14EAF02A7212BE16EC2D07981AAA99949DDF89ECD90333A77BC4E1988A82ABF7C7CAF3291"),
+ SHEX("2A9CF2FD012B025616478CEF6971B6F9E494A63AAB5F53310DDE70FC6ED27F1E2D7804AEB8D206F641A73E054DA620E6"));
+ test_hash(&nettle_sha3_384, /* 210 octets */
+ SHEX("9F2C18ADE9B380C784E170FB763E9AA205F64303067EB1BCEA93DF5DAC4BF5A2E00B78195F808DF24FC76E26CB7BE31DC35F0844CDED1567BBA29858CFFC97FB29010331B01D6A3FB3159CC1B973D255DA9843E34A0A4061CABDB9ED37F241BFABB3C20D32743F4026B59A4CCC385A2301F83C0B0A190B0F2D01ACB8F0D41111E10F2F4E149379275599A52DC089B35FDD5234B0CFB7B6D8AEBD563CA1FA653C5C021DFD6F5920E6F18BFAFDBECBF0AB00281333ED50B9A999549C1C8F8C63D7626C48322E9791D5FF72294049BDE91E73F8"),
+ SHEX("5F8E2DE742036B6AC4A7D8987B47C4C7A1CCB7239E1B3EEFD1116D6392C79177D68C66221F31D0FAED9134429B89BEEA"));
+ test_hash(&nettle_sha3_384, /* 211 octets */
+ SHEX("AE159F3FA33619002AE6BCCE8CBBDD7D28E5ED9D61534595C4C9F43C402A9BB31F3B301CBFD4A43CE4C24CD5C9849CC6259ECA90E2A79E01FFBAC07BA0E147FA42676A1D668570E0396387B5BCD599E8E66AAED1B8A191C5A47547F61373021FA6DEADCB55363D233C24440F2C73DBB519F7C9FA5A8962EFD5F6252C0407F190DFEFAD707F3C7007D69FF36B8489A5B6B7C557E79DD4F50C06511F599F56C896B35C917B63BA35C6FF8092BAF7D1658E77FC95D8A6A43EEB4C01F33F03877F92774BE89C1114DD531C011E53A34DC248A2F0E6"),
+ SHEX("B0B1F4058417516A5C5A9683A5D72B489E6AD42273D591791D2CDA7360A4008E86C8899369946F7ABFE29BF92C9CA965"));
+ test_hash(&nettle_sha3_384, /* 212 octets */
+ SHEX("3B8E97C5FFC2D6A40FA7DE7FCEFC90F3B12C940E7AB415321E29EE692DFAC799B009C99DCDDB708FCE5A178C5C35EE2B8617143EDC4C40B4D313661F49ABDD93CEA79D117518805496FE6ACF292C4C2A1F76B403A97D7C399DAF85B46AD84E16246C67D6836757BDE336C290D5D401E6C1386AB32797AF6BB251E9B2D8FE754C47482B72E0B394EAB76916126FD68EA7D65EB93D59F5B4C5AC40F7C3B37E7F3694F29424C24AF8C8F0EF59CD9DBF1D28E0E10F799A6F78CAD1D45B9DB3D7DEE4A7059ABE99182714983B9C9D44D7F5643596D4F3"),
+ SHEX("9172AAD6C15B4DCD79BBD84FAD0601119D8B4E3AFED17B594FF38424157985EE27B65826B9905486E767E85AA031E07B"));
+ test_hash(&nettle_sha3_384, /* 213 octets */
+ SHEX("3434EC31B10FAFDBFEEC0DD6BD94E80F7BA9DCA19EF075F7EB017512AF66D6A4BCF7D16BA0819A1892A6372F9B35BCC7CA8155EE19E8428BC22D214856ED5FA9374C3C09BDE169602CC219679F65A1566FC7316F4CC3B631A18FB4449FA6AFA16A3DB2BC4212EFF539C67CF184680826535589C7111D73BFFCE431B4C40492E763D9279560AAA38EB2DC14A212D723F994A1FE656FF4DD14551CE4E7C621B2AA5604A10001B2878A897A28A08095C325E10A26D2FB1A75BFD64C250309BB55A44F23BBAC0D5516A1C687D3B41EF2FBBF9CC56D4739"),
+ SHEX("BAFBB3321C4798548F5DD983EAC1E16E1F3EF2BA5C9D69A340F6CABC9C7FE9F1FD95A692B7387342304945674D9D2E4A"));
+ test_hash(&nettle_sha3_384, /* 214 octets */
+ SHEX("7C7953D81C8D208FD1C97681D48F49DD003456DE60475B84070EF4847C333B74575B1FC8D2A186964485A3B8634FEAA3595AAA1A2F4595A7D6B6153563DEE31BBAC443C8A33EED6D5D956A980A68366C2527B550EE950250DFB691EACBD5D56AE14B970668BE174C89DF2FEA43AE52F13142639C884FD62A3683C0C3792F0F24AB1318BCB27E21F4737FAB62C77EA38BC8FD1CF41F7DAB64C13FEBE7152BF5BB7AB5A78F5346D43CC741CB6F72B7B8980F268B68BF62ABDFB1577A52438FE14B591498CC95F071228460C7C5D5CEB4A7BDE588E7F21C"),
+ SHEX("A055E0A9C4575CD4D7AD84A240176F21ED68F484A269E0C9EFFB6FA93746E31F64B0B90C513D2B57EC78E9E5BA3BA99C"));
+ test_hash(&nettle_sha3_384, /* 215 octets */
+ SHEX("7A6A4F4FDC59A1D223381AE5AF498D74B7252ECF59E389E49130C7EAEE626E7BD9897EFFD92017F4CCDE66B0440462CDEDFD352D8153E6A4C8D7A0812F701CC737B5178C2556F07111200EB627DBC299CAA792DFA58F35935299FA3A3519E9B03166DFFA159103FFA35E8577F7C0A86C6B46FE13DB8E2CDD9DCFBA85BDDDCCE0A7A8E155F81F712D8E9FE646153D3D22C811BD39F830433B2213DD46301941B59293FD0A33E2B63ADBD95239BC01315C46FDB678875B3C81E053A40F581CFBEC24A1404B1671A1B88A6D06120229518FB13A74CA0AC5AE"),
+ SHEX("788D19AD68D1B26CB0078389B45FB18B3DA35A57A1EC914273158EAD43749BF1AB49B1A68D4831CE193F5852D20FD96C"));
+ test_hash(&nettle_sha3_384, /* 216 octets */
+ SHEX("D9FAA14CEBE9B7DE551B6C0765409A33938562013B5E8E0E1E0A6418DF7399D0A6A771FB81C3CA9BD3BB8E2951B0BC792525A294EBD1083688806FE5E7F1E17FD4E3A41D00C89E8FCF4A363CAEDB1ACB558E3D562F1302B3D83BB886ED27B76033798131DAB05B4217381EAAA7BA15EC820BB5C13B516DD640EAEC5A27D05FDFCA0F35B3A5312146806B4C0275BCD0AAA3B2017F346975DB566F9B4D137F4EE10644C2A2DA66DEECA5342E236495C3C6280528BFD32E90AF4CD9BB908F34012B52B4BC56D48CC8A6B59BAB014988EABD12E1A0A1C2E170E7"),
+ SHEX("9C8A4F5BE01AD5AE0946EF7E9F5A82287B6344B966EE28BDEDFE4BD43D840D232054D5E216716EA4F80B457CBC110D1A"));
+ test_hash(&nettle_sha3_384, /* 217 octets */
+ SHEX("2D8427433D0C61F2D96CFE80CF1E932265A191365C3B61AAA3D6DCC039F6BA2AD52A6A8CC30FC10F705E6B7705105977FA496C1C708A277A124304F1FC40911E7441D1B5E77B951AAD7B01FD5DB1B377D165B05BBF898042E39660CAF8B279FE5229D1A8DB86C0999ED65E53D01CCBC4B43173CCF992B3A14586F6BA42F5FE30AFA8AE40C5DF29966F9346DA5F8B35F16A1DE3AB6DE0F477D8D8660918060E88B9B9E9CA6A4207033B87A812DBF5544D39E4882010F82B6CE005F8E8FF6FE3C3806BC2B73C2B83AFB704345629304F9F86358712E9FAE3CA3E"),
+ SHEX("A29BCB89FD2B89006782088BF9A4AB939EABAFF6F4EEFC31B01A66B73CDF0B977D945E051D7E9F02F19CF32AD4BEBA6C"));
+ test_hash(&nettle_sha3_384, /* 218 octets */
+ SHEX("5E19D97887FCAAC0387E22C6F803C34A3DACD2604172433F7A8A7A526CA4A2A1271ECFC5D5D7BE5AC0D85D921095350DFC65997D443C21C8094E0A3FEFD2961BCB94AED03291AE310CCDA75D8ACE4BC7D89E7D3E5D1650BDA5D668B8B50BFC8E608E184F4D3A9A2BADC4FF5F07E0C0BC8A9F2E0B2A26FD6D8C550008FAAAB75FD71AF2A424BEC9A7CD9D83FAD4C8E9319115656A8717D3B523A68FF8004258B9990ED362308461804BA3E3A7E92D8F2FFAE5C2FBA55BA5A3C27C0A2F71BD711D2FE1799C2ADB31B200035481E9EE5C4ADF2AB9C0FA50B23975CF"),
+ SHEX("61D3B13728925646476D67C8D626D2ECE69D9B42503FA6A0DF2B24A5F2AB0FB7D74C2F1F7F04304C49AC94BD4E93FDA4"));
+ test_hash(&nettle_sha3_384, /* 219 octets */
+ SHEX("C8E976AB4638909387CE3B8D4E510C3230E5690E02C45093B1D297910ABC481E56EEA0F296F98379DFC9080AF69E73B2399D1C143BEE80AE1328162CE1BA7F6A8374679B20AACD380EB4E61382C99998704D62701AFA914F9A2705CDB065885F50D086C3EB5753700C387118BB142F3E6DA1E988DFB31AC75D7368931E45D1391A274B22F83CEB072F9BCABC0B216685BFD789F5023971024B1878A205442522F9EA7D8797A4102A3DF41703768251FD5E017C85D1200A464118AA35654E7CA39F3C375B8EF8CBE7534DBC64BC20BEFB417CF60EC92F63D9EE7397"),
+ SHEX("589AB9981D9ABD1D712D59C6863D850BB1D412D24A967D76CCE78FFC998F8C016DD4B115A1BC4DC49248AB5F758C215A"));
+ test_hash(&nettle_sha3_384, /* 220 octets */
+ SHEX("7145FA124B7429A1FC2231237A949BA7201BCC1822D3272DE005B682398196C25F7E5CC2F289FBF44415F699CB7FE6757791B1443410234AE061EDF623359E2B4E32C19BF88450432DD01CAA5EB16A1DC378F391CA5E3C4E5F356728BDDD4975DB7C890DA8BBC84CC73FF244394D0D48954978765E4A00B593F70F2CA082673A261ED88DBCEF1127728D8CD89BC2C597E9102CED6010F65FA75A14EBE467FA57CE3BD4948B6867D74A9DF5C0EC6F530CBF2EE61CE6F06BC8F2864DFF5583776B31DF8C7FFCB61428A56BF7BD37188B4A5123BBF338393AF46EDA85E6"),
+ SHEX("B3CC7224A1DD208E739C5528239B8D335A129EE20E59102621180E6B51714E0D60078F4E7328726434AE41CA273515BA"));
+ test_hash(&nettle_sha3_384, /* 221 octets */
+ SHEX("7FDFADCC9D29BAD23AE038C6C65CDA1AEF757221B8872ED3D75FF8DF7DA0627D266E224E812C39F7983E4558BFD0A1F2BEF3FEB56BA09120EF762917B9C093867948547AEE98600D10D87B20106878A8D22C64378BF634F7F75900C03986B077B0BF8B740A82447B61B99FEE5376C5EB6680EC9E3088F0BDD0C56883413D60C1357D3C811950E5890E7600103C916341B80C743C6A852B7B4FB60C3BA21F3BC15B8382437A68454779CF3CD7F9F90CCC8EF28D0B706535B1E4108EB5627BB45D719CB046839AEE311CA1ABDC8319E050D67972CB35A6B1601B25DBF487"),
+ SHEX("D33AD2A71C712A6F8AD9AC923966B4DB8C4818C79CC60F8275367D2452CFD2F5542FD1888D64C9E912B92A186842B000"));
+ test_hash(&nettle_sha3_384, /* 222 octets */
+ SHEX("988638219FD3095421F826F56E4F09E356296B628C3CE6930C9F2E758FD1A80C8273F2F61E4DAAE65C4F110D3E7CA0965AC7D24E34C0DC4BA2D6FF0BF5BBE93B3585F354D7543CB542A1AA54674D375077F2D360A8F4D42F3DB131C3B7AB7306267BA107659864A90C8C909460A73621D1F5D9D3FD95BEB19B23DB1CB6C0D0FBA91D36891529B8BD8263CAA1BAB56A4AFFAED44962DF096D8D5B1EB845EF31188B3E10F1AF811A13F156BEB7A288AAE593EBD1471B624AA1A7C6ADF01E2200B3D72D88A3AED3100C88231E41EFC376906F0B580DC895F080FDA5741DB1CB"),
+ SHEX("C12D450A020CDE18C24323FB4E3FB23255714B1D4CBF29719F74DA5E6151FAE901DC21A6680AD159FFB2E7C0AAABDF5B"));
+ test_hash(&nettle_sha3_384, /* 223 octets */
+ SHEX("5AAB62756D307A669D146ABA988D9074C5A159B3DE85151A819B117CA1FF6597F6156E80FDD28C9C3176835164D37DA7DA11D94E09ADD770B68A6E081CD22CA0C004BFE7CD283BF43A588DA91F509B27A6584C474A4A2F3EE0F1F56447379240A5AB1FB77FDCA49B305F07BA86B62756FB9EFB4FC225C86845F026EA542076B91A0BC2CDD136E122C659BE259D98E5841DF4C2F60330D4D8CDEE7BF1A0A244524EECC68FF2AEF5BF0069C9E87A11C6E519DE1A4062A10C83837388F7EF58598A3846F49D499682B683C4A062B421594FAFBC1383C943BA83BDEF515EFCF10D"),
+ SHEX("E5B7A9B41FA0CEC3252FF95099523DC845C69B670D8DFEBA3E4AF6DEC659C4B2D4B04F5F7062209485A37C542CCBE7E6"));
+ test_hash(&nettle_sha3_384, /* 224 octets */
+ SHEX("47B8216AA0FBB5D67966F2E82C17C07AA2D6327E96FCD83E3DE7333689F3EE79994A1BF45082C4D725ED8D41205CB5BCDF5C341F77FACB1DA46A5B9B2CBC49EADF786BCD881F371A95FA17DF73F606519AEA0FF79D5A11427B98EE7F13A5C00637E2854134691059839121FEA9ABE2CD1BCBBBF27C74CAF3678E05BFB1C949897EA01F56FFA4DAFBE8644611685C617A3206C7A7036E4AC816799F693DAFE7F19F303CE4EBA09D21E03610201BFC665B72400A547A1E00FA9B7AD8D84F84B34AEF118515E74DEF11B9188BD1E1F97D9A12C30132EC2806339BDADACDA2FD8B78"),
+ SHEX("5E2BA5382C357B5A1987BDAB9A2A0B053EB75EE770E1994E630F24015AB102E482A95A25B68F5DE99FE9748FA48FF696"));
+ test_hash(&nettle_sha3_384, /* 225 octets */
+ SHEX("8CFF1F67FE53C098896D9136389BD8881816CCAB34862BB67A656E3D98896F3CE6FFD4DA73975809FCDF9666760D6E561C55238B205D8049C1CEDEEF374D1735DAA533147BFA960B2CCE4A4F254176BB4D1BD1E89654432B8DBE1A135C42115B394B024856A2A83DC85D6782BE4B444239567CCEC4B184D4548EAE3FF6A192F343292BA2E32A0F267F31CC26719EB85245D415FB897AC2DA433EE91A99424C9D7F1766A44171D1651001C38FC79294ACCC68CEB5665D36218454D3BA169AE058A831338C17743603F81EE173BFC0927464F9BD728DEE94C6AEAB7AAE6EE3A627E8"),
+ SHEX("0467C2B9F02AF8CEAF4F8FE88D1DE3EE03D78EC26EDEE0E34B6E7EE49AC357C35A9AE352FF4932D75E0617B8B0C61C80"));
+ test_hash(&nettle_sha3_384, /* 226 octets */
+ SHEX("EACD07971CFF9B9939903F8C1D8CBB5D4DB1B548A85D04E037514A583604E787F32992BF2111B97AC5E8A938233552731321522AB5E8583561260B7D13EBEEF785B23A41FD8576A6DA764A8ED6D822D4957A545D5244756C18AA80E1AAD4D1F9C20D259DEE1711E2CC8FD013169FB7CC4CE38B362F8E0936AE9198B7E838DCEA4F7A5B9429BB3F6BBCF2DC92565E3676C1C5E6EB3DD2A0F86AA23EDD3D0891F197447692794B3DFA269611AD97F72B795602B4FDB198F3FD3EB41B415064256E345E8D8C51C555DC8A21904A9B0F1AD0EFFAB7786AAC2DA3B196507E9F33CA356427"),
+ SHEX("87F9ECB906C9D8AAFA8DC62AF858C99609A8E9590BA5BC91A89205DE44F06AE7976A9BE918AAFC9134DE9029117152A1"));
+ test_hash(&nettle_sha3_384, /* 227 octets */
+ SHEX("23AC4E9A42C6EF45C3336CE6DFC2FF7DE8884CD23DC912FEF0F7756C09D335C189F3AD3A23697ABDA851A81881A0C8CCAFC980AB2C702564C2BE15FE4C4B9F10DFB2248D0D0CB2E2887FD4598A1D4ACDA897944A2FFC580FF92719C95CF2AA42DC584674CB5A9BC5765B9D6DDF5789791D15F8DD925AA12BFFAFBCE60827B490BB7DF3DDA6F2A143C8BF96ABC903D83D59A791E2D62814A89B8080A28060568CF24A80AE61179FE84E0FFAD00388178CB6A617D37EFD54CC01970A4A41D1A8D3DDCE46EDBBA4AB7C90AD565398D376F431189CE8C1C33E132FEAE6A8CD17A61C630012"),
+ SHEX("510CB484B6D4B47A590F6211C7F33592246A2E05A1C69258B6CF9A24C1A3AFC2527841AE3FCD552E5103DD24743AC6B3"));
+ test_hash(&nettle_sha3_384, /* 228 octets */
+ SHEX("0172DF732282C9D488669C358E3492260CBE91C95CFBC1E3FEA6C4B0EC129B45F242ACE09F152FC6234E1BEE8AAB8CD56E8B486E1DCBA9C05407C2F95DA8D8F1C0AF78EE2ED82A3A79EC0CB0709396EE62AADB84F8A4EE8A7CCCA3C1EE84E302A09EA802204AFECF04097E67D0F8E8A9D2651126C0A598A37081E42D168B0AE8A71951C524259E4E2054E535B779679BDADE566FE55700858618E626B4A0FAF895BCCE9011504A49E05FD56127EAE3D1F8917AFB548ECADABDA1020111FEC9314C413498A360B08640549A22CB23C731ACE743252A8227A0D2689D4C6001606678DFB921"),
+ SHEX("03F3BB45FD70966AC5EFD9598C480ED677C86C7CF00B10261AE6790C5279A5E47386F3D31726D9CB619B92A79CCAE25C"));
+ test_hash(&nettle_sha3_384, /* 229 octets */
+ SHEX("3875B9240CF3E0A8B59C658540F26A701CF188496E2C2174788B126FD29402D6A75453BA0635284D08835F40051A2A9683DC92AFB9383719191231170379BA6F4ADC816FECBB0F9C446B785BF520796841E58878B73C58D3EBB097CE4761FDEABE15DE2F319DFBAF1742CDEB389559C788131A6793E193856661376C81CE9568DA19AA6925B47FFD77A43C7A0E758C37D69254909FF0FBD415EF8EB937BCD49F91468B49974C07DC819ABD67395DB0E05874FF83DDDAB895344ABD0E7111B2DF9E58D76D85AD98106B36295826BE04D435615595605E4B4BB824B33C4AFEB5E7BB0D19F909"),
+ SHEX("68A47C7D124E8AEA5CFEEF7A9D8CA7AA8DF6EEE6652DE3A385231F29BC4B983AEC8AF2A61329B64BB59A45B77A38E4DF"));
+ test_hash(&nettle_sha3_384, /* 230 octets */
+ SHEX("747CC1A59FEFBA94A9C75BA866C30DC5C1CB0C0F8E9361D98484956DD5D1A40F6184AFBE3DAC9F76028D1CAECCFBF69199C6CE2B4C092A3F4D2A56FE5A33A00757F4D7DEE5DFB0524311A97AE0668A47971B95766E2F6DD48C3F57841F91F04A00AD5EA70F2D479A2620DC5CD78EAAB3A3B011719B7E78D19DDF70D9423798AF77517EBC55392FCD01FC600D8D466B9E7A7A85BF33F9CC5419E9BD874DDFD60981150DDAF8D7FEBAA4374F0872A5628D318000311E2F5655365AD4D407C20E5C04DF17A222E7DEEC79C5AB1116D8572F91CD06E1CCC7CED53736FC867FD49ECEBE6BF8082E8A"),
+ SHEX("DD3BBA1B4F8493E0639151D9303835F492606E2DB3AF34FE65156A642794196D00A6C34A3A5FEA66202C3B5A79980A8A"));
+ test_hash(&nettle_sha3_384, /* 231 octets */
+ SHEX("57AF971FCCAEC97435DC2EC9EF0429BCEDC6B647729EA168858A6E49AC1071E706F4A5A645CA14E8C7746D65511620682C906C8B86EC901F3DDED4167B3F00B06CBFAC6AEE3728051B3E5FF10B4F9ED8BD0B8DA94303C833755B3CA3AEDDF0B54BC8D6632138B5D25BAB03D17B3458A9D782108006F5BB7DE75B5C0BA854B423D8BB801E701E99DC4FEAAD59BC1C7112453B04D33EA3635639FB802C73C2B71D58A56BBD671B18FE34ED2E3DCA38827D63FDB1D4FB3285405004B2B3E26081A8FF08CD6D2B08F8E7B7E90A2AB1ED7A41B1D0128522C2F8BFF56A7FE67969422CE839A9D4608F03"),
+ SHEX("50D3B02AC7B907B310C1C0105EB47F6DCF3AF0E473785DAA54D8037A9A3E74A5D1A41D811202F1E3C8A140173D92F60F"));
+ test_hash(&nettle_sha3_384, /* 232 octets */
+ SHEX("04E16DEDC1227902BAAF332D3D08923601BDD64F573FAA1BB7201918CFE16B1E10151DAE875DA0C0D63C59C3DD050C4C6A874011B018421AFC4623AB0381831B2DA2A8BA42C96E4F70864AC44E106F94311051E74C77C1291BF5DB9539E69567BF6A11CF6932BBBAD33F8946BF5814C066D851633D1A513510039B349939BFD42B858C21827C8FF05F1D09B1B0765DC78A135B5CA4DFBA0801BCADDFA175623C8B647EACFB4444B85A44F73890607D06D507A4F8393658788669F6EF4DEB58D08C50CA0756D5E2F49D1A7AD73E0F0B3D3B5F090ACF622B1878C59133E4A848E05153592EA81C6FBF"),
+ SHEX("A6BBAE1FF8E00DCE34F640CEE2CDB5BCFE4382761BE36A940E50EEC12B5C2A02B2B6BE18A7C87A36FD2194C4D243EC38"));
+ test_hash(&nettle_sha3_384, /* 233 octets */
+ SHEX("7C815C384EEE0F288ECE27CCED52A01603127B079C007378BC5D1E6C5E9E6D1C735723ACBBD5801AC49854B2B569D4472D33F40BBB8882956245C366DC3582D71696A97A4E19557E41E54DEE482A14229005F93AFD2C4A7D8614D10A97A9DFA07F7CD946FA45263063DDD29DB8F9E34DB60DAA32684F0072EA2A9426ECEBFA5239FB67F29C18CBAA2AF6ED4BF4283936823AC1790164FEC5457A9CBA7C767CA59392D94CAB7448F50EB34E9A93A80027471CE59736F099C886DEA1AB4CBA4D89F5FC7AE2F21CCD27F611ECA4626B2D08DC22382E92C1EFB2F6AFDC8FDC3D2172604F5035C46B8197D3"),
+ SHEX("7ED83EB659536B36061773073B148ED2117512372E49E0A3AEE48B96353EC936B32688B150C585944D2008F21366B531"));
+ test_hash(&nettle_sha3_384, /* 234 octets */
+ SHEX("E29D505158DBDD937D9E3D2145658EE6F5992A2FC790F4F608D9CDB44A091D5B94B88E81FAC4FDF5C49442F13B911C55886469629551189EAFF62488F1A479B7DB11A1560E198DDCCCCF50159093425FF7F1CB8D1D1246D0978764087D6BAC257026B090EFAE8CEC5F22B6F21C59ACE1AC7386F5B8837CA6A12B6FBF5534DD0560EF05CA78104D3B943DDB220FEAEC89AA5E692A00F822A2AB9A2FE60350D75E7BE16FF2526DC643872502D01F42F188ABED0A6E9A6F5FD0D1CE7D5755C9FFA66B0AF0B20BD806F08E06156690D81AC811778CA3DAC2C249B96002017FCE93E507E3B953ACF99964B847"),
+ SHEX("2516E0015ED162073238996D5A03239087E01C2091F7B03637E6C89A758F565E45C908DE873E378CAA433BAF339D0552"));
+ test_hash(&nettle_sha3_384, /* 235 octets */
+ SHEX("D85588696F576E65ECA0155F395F0CFACD83F36A99111ED5768DF2D116D2121E32357BA4F54EDE927F189F297D3A97FAD4E9A0F5B41D8D89DD7FE20156799C2B7B6BF9C957BA0D6763F5C3BC5129747BBB53652B49290CFF1C87E2CDF2C4B95D8AAEE09BC8FBFA6883E62D237885810491BFC101F1D8C636E3D0EDE838AD05C207A3DF4FAD76452979EB99F29AFAECEDD1C63B8D36CF378454A1BB67A741C77AC6B6B3F95F4F02B64DABC15438613EA49750DF42EE90101F115AA9ABB9FF64324DDE9DABBB01054E1BD6B4BCDC7930A44C2300D87CA78C06924D0323AD7887E46C90E8C4D100ACD9EED21E"),
+ SHEX("6BAE42ADD06C6A20A05D845E7BF391F1EAB83E83A710A18527FC03646104E52A8B417CFF375753882081F31B6F2295EB"));
+ test_hash(&nettle_sha3_384, /* 236 octets */
+ SHEX("3A12F8508B40C32C74492B66323375DCFE49184C78F73179F3314B79E63376B8AC683F5A51F1534BD729B02B04D002F55CBD8E8FC9B5EC1EA6BBE6A0D0E7431518E6BA45D124035F9D3DCE0A8BB7BF1430A9F657E0B4EA9F20EB20C786A58181A1E20A96F1628F8728A13BDF7A4B4B32FC8AA7054CC4881AE7FA19AFA65C6C3EE1B3ADE3192AF42054A8A911B8EC1826865D46D93F1E7C5E2B7813C92A506E53886F3D4701BB93D2A681AD109C845904BB861AF8AF0646B6E399B38B614051D34F6842563A0F37EC00CB3D865FC5D746C4987DE2A65071100883A2A9C7A2BFE1E2DD603D9EA24DC7C5FD06BE"),
+ SHEX("14690DDB5A48FDF382DBC745AD0330C1486124F6AD2E5AE4A850E38C264F99AEAE6F156062AB1946DD07AFE1700A8294"));
+ test_hash(&nettle_sha3_384, /* 237 octets */
+ SHEX("1861EDCE46FA5AD17E1FF1DEAE084DEC580F97D0A67885DFE834B9DFAC1AE076742CE9E267512CA51F6DF5A455AF0C5FD6ABF94ACEA103A3370C354485A7846FB84F3AC7C2904B5B2FBF227002CE512133BB7E1C4E50057BFD1E44DB33C7CDB969A99E284B184F50A14B068A1FC5009D9B298DBE92239572A7627AAC02ABE8F3E3B473417F36D4D2505D16B7577F4526C9D94A270A2DFE450D06DA8F6FA956879A0A55CFE99E742EA555EA477BA3E9B44CCD508C375423611AF92E55345DC215779B2D5119EBA49C71D49B9FE3F1569FA24E5CA3E332D042422A8B8158D3EC66A80012976F31FFDF305F0C9C5E"),
+ SHEX("9DA6652BA890007A01126F0F65970ABF3474C7659C6C80B04DA2CA592EDF0F399601BC0DAD10A0DD6E316A286E2338EF"));
+ test_hash(&nettle_sha3_384, /* 238 octets */
+ SHEX("08D0FFDE3A6E4EF65608EA672E4830C12943D7187CCFF08F4941CFC13E545F3B9C7AD5EEBBE2B01642B486CAF855C2C73F58C1E4E3391DA8E2D63D96E15FD84953AE5C231911B00AD6050CD7AAFDAAC9B0F663AE6AAB45519D0F5391A541707D479034E73A6AD805AE3598096AF078F1393301493D663DD71F83869CA27BA508B7E91E81E128C1716DC3ACFE3084B2201E04CF8006617EECF1B640474A5D45CFDE9F4D3EF92D6D055B909892194D8A8218DB6D8203A84261D200D71473D7488F3427416B6896C137D455F231071CACBC86E0415AB88AEC841D96B7B8AF41E05BB461A40645BF176601F1E760DE5F"),
+ SHEX("B94D578DE79A437BEAD951E9AEE912540D0139965CF0142F1FD403534959B75D11E0B2463201B10364B905CF9BAA57B3"));
+ test_hash(&nettle_sha3_384, /* 239 octets */
+ SHEX("D782ABB72A5BE3392757BE02D3E45BE6E2099D6F000D042C8A543F50ED6EBC055A7F133B0DD8E9BC348536EDCAAE2E12EC18E8837DF7A1B3C87EC46D50C241DEE820FD586197552DC20BEEA50F445A07A38F1768A39E2B2FF05DDDEDF751F1DEF612D2E4D810DAA3A0CC904516F9A43AF660315385178A529E51F8AAE141808C8BC5D7B60CAC26BB984AC1890D0436EF780426C547E94A7B08F01ACBFC4A3825EAE04F520A9016F2FB8BF5165ED12736FC71E36A49A73614739EAA3EC834069B1B40F1350C2B3AB885C02C640B9F7686ED5F99527E41CFCD796FE4C256C9173186C226169FF257954EBDA81C0E5F99"),
+ SHEX("B85F56F69D3BE57A1C2AA553F90BC1B089E8F1C561881BE64630EA6BA4DD3BD5301512313A18C26DF3E97E056A59EDCF"));
+ test_hash(&nettle_sha3_384, /* 240 octets */
+ SHEX("5FCE8109A358570E40983E1184E541833BB9091E280F258CFB144387B05D190E431CB19BAA67273BA0C58ABE91308E1844DCD0B3678BAA42F335F2FA05267A0240B3C718A5942B3B3E3BFA98A55C25A1466E8D7A603722CB2BBF03AFA54CD769A99F310735EE5A05DAE2C22D397BD95635F58C48A67F90E1B73AAFCD3F82117F0166657838691005B18DA6F341D6E90FC1CDB352B30FAE45D348294E501B63252DE14740F2B85AE5299DDEC3172DE8B6D0BA219A20A23BB5E10FF434D39DB3F583305E9F5C039D98569E377B75A70AB837D1DF269B8A4B566F40BB91B577455FD3C356C914FA06B9A7CE24C7317A172D"),
+ SHEX("7D9508FB795811EA1442DB3ECB779CB0494736E7123B252CF88A9A0B50D57CF00B87A6C4FAC27F821CD55979D586AA39"));
+ test_hash(&nettle_sha3_384, /* 241 octets */
+ SHEX("6172F1971A6E1E4E6170AFBAD95D5FEC99BF69B24B674BC17DD78011615E502DE6F56B86B1A71D3F4348087218AC7B7D09302993BE272E4A591968AEF18A1262D665610D1070EE91CC8DA36E1F841A69A7A682C580E836941D21D909A3AFC1F0B963E1CA5AB193E124A1A53DF1C587470E5881FB54DAE1B0D840F0C8F9D1B04C645BA1041C7D8DBF22030A623AA15638B3D99A2C400FF76F3252079AF88D2B37F35EE66C1AD7801A28D3D388AC450B97D5F0F79E4541755356B3B1A5696B023F39AB7AB5F28DF4202936BC97393B93BC915CB159EA1BD7A0A414CB4B7A1AC3AF68F50D79F0C9C7314E750F7D02FAA58BFA"),
+ SHEX("AFD94B061F354B04D0718326D7E10A6B598CE31CC39C52D265D6CF04E4D9EE75CC200149367600312E7514A62F0F0964"));
+ test_hash(&nettle_sha3_384, /* 242 octets */
+ SHEX("5668ECD99DFBE215C4118398AC9C9EAF1A1433FAB4CCDD3968064752B625EA944731F75D48A27D047D67547F14DD0FFAA55FA5E29F7AF0D161D85EAFC4F2029B717C918EAB9D304543290BDBA7158B68020C0BA4E079BC95B5BC0FC044A992B94B4CCD3BD66D0EABB5DBBAB904D62E00752C4E3B0091D773BCF4C14B4377DA3EFFF824B1CB2FA01B32D1E46C909E626ED2DAE920F4C7DBEB635BC754FACBD8D49BEBA3F23C1C41CCBFCD0EE0C114E69737F5597C0BF1D859F0C767E18002AE8E39C26261FFDE2920D3D0BAF0E906138696CFE5B7E32B600F45DF3AAA39932F3A7DF95B60FA8712A2271FCAF3911CE7B511B1"),
+ SHEX("EC63CE9DD979FCD132244BE11A45DDB1D00FC8F80160B8CC456F5C5EB89E0C3F675B28B92DD9E6CEFAA5DA57B4908646"));
+ test_hash(&nettle_sha3_384, /* 243 octets */
+ SHEX("03D625488354DF30E3F875A68EDFCF340E8366A8E1AB67F9D5C5486A96829DFAC0578289082B2A62117E1CF418B43B90E0ADC881FC6AE8105C888E9ECD21AEA1C9AE1A4038DFD17378FED71D02AE492087D7CDCD98F746855227967CB1AB4714261EE3BEAD3F4DB118329D3EBEF4BC48A875C19BA763966DA0EBEA800E01B2F50B00E9DD4CACA6DCB314D00184EF71EA2391D760C950710DB4A70F9212FFC54861F9DC752CE18867B8AD0C48DF8466EF7231E7AC567F0EB55099E622EBB86CB237520190A61C66AD34F1F4E289CB3282AE3EAAC6152ED24D2C92BAE5A7658252A53C49B7B02DFE54FDB2E90074B6CF310AC661"),
+ SHEX("86301FE98F3FFABB0CB0085AAA1EC61BCAD6171459A8623BB780EC32E46F52649946A421EBFC7DE90F0E74EC787A3E03"));
+ test_hash(&nettle_sha3_384, /* 244 octets */
+ SHEX("2EDC282FFB90B97118DD03AAA03B145F363905E3CBD2D50ECD692B37BF000185C651D3E9726C690D3773EC1E48510E42B17742B0B0377E7DE6B8F55E00A8A4DB4740CEE6DB0830529DD19617501DC1E9359AA3BCF147E0A76B3AB70C4984C13E339E6806BB35E683AF8527093670859F3D8A0FC7D493BCBA6BB12B5F65E71E705CA5D6C948D66ED3D730B26DB395B3447737C26FAD089AA0AD0E306CB28BF0ACF106F89AF3745F0EC72D534968CCA543CD2CA50C94B1456743254E358C1317C07A07BF2B0ECA438A709367FAFC89A57239028FC5FECFD53B8EF958EF10EE0608B7F5CB9923AD97058EC067700CC746C127A61EE3"),
+ SHEX("DDF8D547BBA4F43D8864CAEF1B1BED77AA12E41F6886A5D8758C654B7EC1FA5B0E77BA4E7680C7830DA161E14CB1E65C"));
+ test_hash(&nettle_sha3_384, /* 245 octets */
+ SHEX("90B28A6AA1FE533915BCB8E81ED6CACDC10962B7FF82474F845EEB86977600CF70B07BA8E3796141EE340E3FCE842A38A50AFBE90301A3BDCC591F2E7D9DE53E495525560B908C892439990A2CA2679C5539FFDF636777AD9C1CDEF809CDA9E8DCDB451ABB9E9C17EFA4379ABD24B182BD981CAFC792640A183B61694301D04C5B3EAAD694A6BD4CC06EF5DA8FA23B4FA2A64559C5A68397930079D250C51BCF00E2B16A6C49171433B0AADFD80231276560B80458DD77089B7A1BBCC9E7E4B9F881EACD6C92C4318348A13F4914EB27115A1CFC5D16D7FD94954C3532EFACA2CAB025103B2D02C6FD71DA3A77F417D7932685888A"),
+ SHEX("72953FE4CA34E717E304DC77AFD9DEDE32A8467127B9F78BB0BE6191A7ECD051B7DAE091B1758907DDA3B1D25C0C5883"));
+ test_hash(&nettle_sha3_384, /* 246 octets */
+ SHEX("2969447D175490F2AA9BB055014DBEF2E6854C95F8D60950BFE8C0BE8DE254C26B2D31B9E4DE9C68C9ADF49E4EE9B1C2850967F29F5D08738483B417BB96B2A56F0C8ACA632B552059C59AAC3F61F7B45C966B75F1D9931FF4E596406378CEE91AAA726A3A84C33F37E9CDBE626B5745A0B06064A8A8D56E53AAF102D23DD9DF0A3FDF7A638509A6761A33FA42FA8DDBD8E16159C93008B53765019C3F0E9F10B144CE2AC57F5D7297F9C9949E4FF68B70D339F87501CE8550B772F32C6DA8AD2CE2100A895D8B08FA1EEAD7C376B407709703C510B50F87E73E43F8E7348F87C3832A547EF2BBE5799ABEDCF5E1F372EA809233F006"),
+ SHEX("F36A9EE455066E562FB675F399D9DCC6BCCF68FD1B0BA9F7DCC1EDFAC1F1E234CB67B5A0F770E55435F75F9EC84A9151"));
+ test_hash(&nettle_sha3_384, /* 247 octets */
+ SHEX("721645633A44A2C78B19024EAECF58575AB23C27190833C26875DC0F0D50B46AEA9C343D82EA7D5B3E50EC700545C615DAEAEA64726A0F05607576DCD396D812B03FB6551C641087856D050B10E6A4D5577B82A98AFB89CEE8594C9DC19E79FEFF0382FCFD127F1B803A4B9946F4AC9A4378E1E6E041B1389A53E3450CD32D9D2941B0CBABDB50DA8EA2513145164C3AB6BCBD251C448D2D4B087AC57A59C2285D564F16DA4ED5E607ED979592146FFB0EF3F3DB308FB342DF5EB5924A48256FC763141A278814C82D6D6348577545870AE3A83C7230AC02A1540FE1798F7EF09E335A865A2AE0949B21E4F748FB8A51F44750E213A8FB"),
+ SHEX("37368F5A074DA0E5075845F76B1AC5858DF793EEF88A854C7DAFE3B90720707A145A5DCB0D9266C6148204CE693C5432"));
+ test_hash(&nettle_sha3_384, /* 248 octets */
+ SHEX("6B860D39725A14B498BB714574B4D37CA787404768F64C648B1751B353AC92BAC2C3A28EA909FDF0423336401A02E63EC24325300D823B6864BB701F9D7C7A1F8EC9D0AE3584AA6DD62EA1997CD831B4BABD9A4DA50932D4EFDA745C61E4130890E156AEE6113716DAF95764222A91187DB2EFFEA49D5D0596102D619BD26A616BBFDA8335505FBB0D90B4C180D1A2335B91538E1668F9F9642790B4E55F9CAB0FE2BDD2935D001EE6419ABAB5457880D0DBFF20ED8758F4C20FE759EFB33141CF0E892587FE8187E5FBC57786B7E8B089612C936DFC03D27EFBBE7C8673F1606BD51D5FF386F4A7AB68EDF59F385EB1291F117BFE717399"),
+ SHEX("DAAC83B0C5C8F8FC3BCCD259C27D964673B4DCA790B4B63899E1B6C19CC291FE6F88376281E0FA320ADFADC82A8FF4EF"));
+ test_hash(&nettle_sha3_384, /* 249 octets */
+ SHEX("6A01830AF3889A25183244DECB508BD01253D5B508AB490D3124AFBF42626B2E70894E9B562B288D0A2450CFACF14A0DDAE5C04716E5A0082C33981F6037D23D5E045EE1EF2283FB8B6378A914C5D9441627A722C282FF452E25A7EA608D69CEE4393A0725D17963D0342684F255496D8A18C2961145315130549311FC07F0312FB78E6077334F87EAA873BEE8AA95698996EB21375EB2B4EF53C14401207DEB4568398E5DD9A7CF97E8C9663E23334B46912F8344C19EFCF8C2BA6F04325F1A27E062B62A58D0766FC6DB4D2C6A1928604B0175D872D16B7908EBC041761187CC785526C2A3873FEAC3A642BB39F5351550AF9770C328AF7B"),
+ SHEX("357258FA6579867CC0089C8B3C93CE10677A5AD4DBEEE2A27CEA90317ACEBE7254505468875BCB334E0B6F70CFE59082"));
+ test_hash(&nettle_sha3_384, /* 250 octets */
+ SHEX("B3C5E74B69933C2533106C563B4CA20238F2B6E675E8681E34A389894785BDADE59652D4A73D80A5C85BD454FD1E9FFDAD1C3815F5038E9EF432AAC5C3C4FE840CC370CF86580A6011778BBEDAF511A51B56D1A2EB68394AA299E26DA9ADA6A2F39B9FAFF7FBA457689B9C1A577B2A1E505FDF75C7A0A64B1DF81B3A356001BF0DF4E02A1FC59F651C9D585EC6224BB279C6BEBA2966E8882D68376081B987468E7AED1EF90EBD090AE825795CDCA1B4F09A979C8DFC21A48D8A53CDBB26C4DB547FC06EFE2F9850EDD2685A4661CB4911F165D4B63EF25B87D0A96D3DFF6AB0758999AAD214D07BD4F133A6734FDE445FE474711B69A98F7E2B"),
+ SHEX("06E9F892A2716DE18DAC1B8946604473ADE060AFC8CB1287E389994076FF92B4BAE3D84854470ED061AE31A97B7D0DCF"));
+ test_hash(&nettle_sha3_384, /* 251 octets */
+ SHEX("83AF34279CCB5430FEBEC07A81950D30F4B66F484826AFEE7456F0071A51E1BBC55570B5CC7EC6F9309C17BF5BEFDD7C6BA6E968CF218A2B34BD5CF927AB846E38A40BBD81759E9E33381016A755F699DF35D660007B5EADF292FEEFB735207EBF70B5BD17834F7BFA0E16CB219AD4AF524AB1EA37334AA66435E5D397FC0A065C411EBBCE32C240B90476D307CE802EC82C1C49BC1BEC48C0675EC2A6C6F3ED3E5B741D13437095707C565E10D8A20B8C20468FF9514FCF31B4249CD82DCEE58C0A2AF538B291A87E3390D737191A07484A5D3F3FB8C8F15CE056E5E5F8FEBE5E1FB59D6740980AA06CA8A0C20F5712B4CDE5D032E92AB89F0AE1"),
+ SHEX("64047790B1656E78953B981B1BBFAEAF9D2B1B8953AB0304791238393F3372C6373A1E087B57BE48806229DB73E1B1A4"));
+ test_hash(&nettle_sha3_384, /* 252 octets */
+ SHEX("A7ED84749CCC56BB1DFBA57119D279D412B8A986886D810F067AF349E8749E9EA746A60B03742636C464FC1EE233ACC52C1983914692B64309EDFDF29F1AB912EC3E8DA074D3F1D231511F5756F0B6EEAD3E89A6A88FE330A10FACE267BFFBFC3E3090C7FD9A850561F363AD75EA881E7244F80FF55802D5EF7A1A4E7B89FCFA80F16DF54D1B056EE637E6964B9E0FFD15B6196BDD7DB270C56B47251485348E49813B4EB9ED122A01B3EA45AD5E1A929DF61D5C0F3E77E1FDC356B63883A60E9CBB9FC3E00C2F32DBD469659883F690C6772E335F617BC33F161D6F6984252EE12E62B6000AC5231E0C9BC65BE223D8DFD94C5004A101AF9FD6C0FB"),
+ SHEX("9CA6F39087E6457E12C969D41C8BD66BDD6990CE23D355669E7606B9203D216811237955DF6739495D94F0C48CE02845"));
+ test_hash(&nettle_sha3_384, /* 253 octets */
+ SHEX("A6FE30DCFCDA1A329E82AB50E32B5F50EB25C873C5D2305860A835AECEE6264AA36A47429922C4B8B3AFD00DA16035830EDB897831C4E7B00F2C23FC0B15FDC30D85FB70C30C431C638E1A25B51CAF1D7E8B050B7F89BFB30F59F0F20FECFF3D639ABC4255B3868FC45DD81E47EB12AB40F2AAC735DF5D1DC1AD997CEFC4D836B854CEE9AC02900036F3867FE0D84AFFF37BDE3308C2206C62C4743375094108877C73B87B2546FE05EA137BEDFC06A2796274099A0D554DA8F7D7223A48CBF31B7DECAA1EBC8B145763E3673168C1B1B715C1CD99ECD3DDB238B06049885ECAD9347C2436DFF32C771F34A38587A44A82C5D3D137A03CAA27E66C8FF6"),
+ SHEX("FE99F19C79A89080E2FF90981DDE91994542D4BCC1276A82D1A2E53850341B9AD5422CEAB81E69DAE5E91DC5FF60E1A3"));
+ test_hash(&nettle_sha3_384, /* 254 octets */
+ SHEX("83167FF53704C3AA19E9FB3303539759C46DD4091A52DDAE9AD86408B69335989E61414BC20AB4D01220E35241EFF5C9522B079FBA597674C8D716FE441E566110B6211531CECCF8FD06BC8E511D00785E57788ED9A1C5C73524F01830D2E1148C92D0EDC97113E3B7B5CD3049627ABDB8B39DD4D6890E0EE91993F92B03354A88F52251C546E64434D9C3D74544F23FB93E5A2D2F1FB15545B4E1367C97335B0291944C8B730AD3D4789273FA44FB98D78A36C3C3764ABEEAC7C569C1E43A352E5B770C3504F87090DEE075A1C4C85C0C39CF421BDCC615F9EFF6CB4FE6468004AECE5F30E1ECC6DB22AD9939BB2B0CCC96521DFBF4AE008B5B46BC006E"),
+ SHEX("92E1D994FEA2FD500A4B7F5139119058A5B70EF6174E553F12FE7BCFCA24B00A28391E3761BDCBA3FD6B033C1286E28E"));
+ test_hash(&nettle_sha3_384, /* 255 octets */
+ SHEX("3A3A819C48EFDE2AD914FBF00E18AB6BC4F14513AB27D0C178A188B61431E7F5623CB66B23346775D386B50E982C493ADBBFC54B9A3CD383382336A1A0B2150A15358F336D03AE18F666C7573D55C4FD181C29E6CCFDE63EA35F0ADF5885CFC0A3D84A2B2E4DD24496DB789E663170CEF74798AA1BBCD4574EA0BBA40489D764B2F83AADC66B148B4A0CD95246C127D5871C4F11418690A5DDF01246A0C80A43C70088B6183639DCFDA4125BD113A8F49EE23ED306FAAC576C3FB0C1E256671D817FC2534A52F5B439F72E424DE376F4C565CCA82307DD9EF76DA5B7C4EB7E085172E328807C02D011FFBF33785378D79DC266F6A5BE6BB0E4A92ECEEBAEB1"),
+ SHEX("6BFF1C8405A3FE594E360E3BCCEA1EBCD509310DC79B9E45C263783D7A5DD662C6789B18BD567DBDDA1554F5BEE6A860"));
+}
--- /dev/null
+#include "testutils.h"
+
+void
+test_main(void)
+{
+ /* Extracted from ShortMsgKAT_512.txt using sha3.awk. */
+ test_hash(&nettle_sha3_512, /* 0 octets */
+ SHEX(""),
+ SHEX("0EAB42DE4C3CEB9235FC91ACFFE746B29C29A8C366B7C60E4E67C466F36A4304C00FA9CAF9D87976BA469BCBE06713B435F091EF2769FB160CDAB33D3670680E"));
+ test_hash(&nettle_sha3_512, /* 1 octets */
+ SHEX("CC"),
+ SHEX("8630C13CBD066EA74BBE7FE468FEC1DEE10EDC1254FB4C1B7C5FD69B646E44160B8CE01D05A0908CA790DFB080F4B513BC3B6225ECE7A810371441A5AC666EB9"));
+ test_hash(&nettle_sha3_512, /* 2 octets */
+ SHEX("41FB"),
+ SHEX("551DA6236F8B96FCE9F97F1190E901324F0B45E06DBBB5CDB8355D6ED1DC34B3F0EAE7DCB68622FF232FA3CECE0D4616CDEB3931F93803662A28DF1CD535B731"));
+ test_hash(&nettle_sha3_512, /* 3 octets */
+ SHEX("1F877C"),
+ SHEX("EB7F2A98E00AF37D964F7D8C44C1FB6E114D8EE21A7B976AE736539EFDC1E3FE43BECEF5015171E6DA30168CAE99A82C53FA99042774EF982C01626A540F08C0"));
+ test_hash(&nettle_sha3_512, /* 4 octets */
+ SHEX("C1ECFDFC"),
+ SHEX("952D4C0A6F0EF5CE438C52E3EDD345EA00F91CF5DA8097C1168A16069E958FC05BAD90A0C5FB4DD9EC28E84B226B94A847D6BB89235692EF4C9712F0C7030FAE"));
+ test_hash(&nettle_sha3_512, /* 5 octets */
+ SHEX("21F134AC57"),
+ SHEX("2E76D93AFFD62B92FC4F29CB83EFBE4BA21D88426AA7F075BFC20960EA258787898172E17045AF43AB1FE445532BE0185FBEA84D9BE788B05F14DBF4856A5254"));
+ test_hash(&nettle_sha3_512, /* 6 octets */
+ SHEX("C6F50BB74E29"),
+ SHEX("40FA8074E1E509B206448FBE757D9494B9B51E8D6E674A67F53C11EF92E96C3EA08B95EBD4172B020010CD6CF29539A34D6BFA002A2042787AA8D879A0F5B54C"));
+ test_hash(&nettle_sha3_512, /* 7 octets */
+ SHEX("119713CC83EEEF"),
+ SHEX("D1116786A3C1EA46A8F22D82ABB4C5D06DC0691B2E747AC9726D0B290E6959F7B23428519A656B237695E56403855EC4C98DB0CF87F31B6CEABF2B9B8589B713"));
+ test_hash(&nettle_sha3_512, /* 8 octets */
+ SHEX("4A4F202484512526"),
+ SHEX("F326C7C126DDC277922760FEEF77C9BAB6FB5D3430F652593703D7C5E30135CD0B0575257509A624184330D6AB1F508A666391B5D4690426B4E05301891DF897"));
+ test_hash(&nettle_sha3_512, /* 9 octets */
+ SHEX("1F66AB4185ED9B6375"),
+ SHEX("1F5B8A6E8D94F5E2535D46842B9CED467C39C2DB323963D3F3D937E9DDA76FBC17072DDA2AB4771CD7A645145A2AEC1B5749BF9EFE0CDE006CC3EF8936438E0D"));
+ test_hash(&nettle_sha3_512, /* 10 octets */
+ SHEX("EED7422227613B6F53C9"),
+ SHEX("2AEEE7A720C030A820CD7BAA8570D72CB90B7A238C38C358676358A7AE9A5CF26635B2320D61C1284899E654F0BFDD0A3A9C343FFBD11838B57465E6C3AD3A57"));
+ test_hash(&nettle_sha3_512, /* 11 octets */
+ SHEX("EAEED5CDFFD89DECE455F1"),
+ SHEX("7B1C1BEF3B4DEB4B4812C81A6E7B3F2C66FA95157FA3B9D2959DC56B8ADD100170D3C8D1745FD230A31F89FA17889C4C58946B5D746E47B71ED0394B66D1BDB2"));
+ test_hash(&nettle_sha3_512, /* 12 octets */
+ SHEX("5BE43C90F22902E4FE8ED2D3"),
+ SHEX("EE41401AF509D6FC0944CD4A0BB29D2DCE0DCC862606E669E31381E5D6CECB463143645D696D14E40169CDC71C75686D6E8732B432092626421CC6CC196F80BF"));
+ test_hash(&nettle_sha3_512, /* 13 octets */
+ SHEX("A746273228122F381C3B46E4F1"),
+ SHEX("9B53B410B9F5DCE90A77244DB407A3D0F4898D112D0044A8F66AF933E26666DE63EBD2A4322D8FE525AB354CE9676B6A14D0CE6B3D24E6CD5832BEA0C5153CEF"));
+ test_hash(&nettle_sha3_512, /* 14 octets */
+ SHEX("3C5871CD619C69A63B540EB5A625"),
+ SHEX("2B53FE6583FC24EE8A63801067E4D3BD6E6934EF16BC822FC3A69F4EE13A404D9A3CE2BB4A12C77382BFDE4D843F87FD06ED8AECC234A3A24CEDFE60BFC06933"));
+ test_hash(&nettle_sha3_512, /* 15 octets */
+ SHEX("FA22874BCC068879E8EF11A69F0722"),
+ SHEX("80946CA68E8C16A9667CD8339D1C5B00F1E0D401D0ECC79458754794838F3AE2949A8CC5FE5584033BCA9C5BE62C7C08F402EF02F727CEFA43BBD374C2A67C52"));
+ test_hash(&nettle_sha3_512, /* 16 octets */
+ SHEX("52A608AB21CCDD8A4457A57EDE782176"),
+ SHEX("4B39D3DA5BCDF4D9B769015995644311C14C435BF72B1009D6DD71B01A63B97CFB596418E8E42342D117E07471A8914314BA7B0E264DADF0CEA381868CBD43D1"));
+ test_hash(&nettle_sha3_512, /* 17 octets */
+ SHEX("82E192E4043DDCD12ECF52969D0F807EED"),
+ SHEX("C37C9DC2E20D8E2F0AE588D7D45A807CCFA000FC948AC42A8ED63BB14F318FC3D4B963F7305980E6A0FD2316B55B63142373B1A29002264855C716C5C9F17F4C"));
+ test_hash(&nettle_sha3_512, /* 18 octets */
+ SHEX("75683DCB556140C522543BB6E9098B21A21E"),
+ SHEX("9073C62555E6095F17DF71AD02BABB9100288633898489B21C906A3190875BAEACCC83BE80ABD11466FEC371BA2C4623D07F0131DEFAEC13A8C732A9F8417163"));
+ test_hash(&nettle_sha3_512, /* 19 octets */
+ SHEX("06E4EFE45035E61FAAF4287B4D8D1F12CA97E5"),
+ SHEX("23E9352856718E1E2D68A21D56D93117CED7628E984FF04ED8C0CB9B10539E4EDE284F94FA71BF4B83BBB493435FD6BE26EDDB09DEAC39680E6B05ACC87B8C4E"));
+ test_hash(&nettle_sha3_512, /* 20 octets */
+ SHEX("E26193989D06568FE688E75540AEA06747D9F851"),
+ SHEX("909D753426B1DEE09FC474F18CF810D5D5AADBF8A09AF495BF6C22ACA0C673021BFC5D2AD94F50B24E1569E956694B21CF2CC8B4F3C7EE4CF195E4424CC415DD"));
+ test_hash(&nettle_sha3_512, /* 21 octets */
+ SHEX("D8DC8FDEFBDCE9D44E4CBAFE78447BAE3B5436102A"),
+ SHEX("046C6019FC4D628AE0DA7092F9910F269B853D3B57052039AD1375C665405F9FD79D57579F42C4FFF249BB85AE65113A9F4276CEDE73E9CCB0C24753935A006E"));
+ test_hash(&nettle_sha3_512, /* 22 octets */
+ SHEX("57085FD7E14216AB102D8317B0CB338A786D5FC32D8F"),
+ SHEX("51C909A6528949BADDAF1BA0B154EA9C33FDE5074359505B76D4B7ED54352DD893D40B142A5F802F378CBA7B8C3782ECF2A048542BE6C5936822214846A8D5E4"));
+ test_hash(&nettle_sha3_512, /* 23 octets */
+ SHEX("A05404DF5DBB57697E2C16FA29DEFAC8AB3560D6126FA0"),
+ SHEX("EFC8917E1247742A2D4EC29AFEDDF1E6ECE377B3D8AC6E58C9851CE9C99BD599ADEBFED657BAACD1793FC91B04DF2957BF6F1888869286002DC4AD9AC7F76793"));
+ test_hash(&nettle_sha3_512, /* 24 octets */
+ SHEX("AECBB02759F7433D6FCB06963C74061CD83B5B3FFA6F13C6"),
+ SHEX("FCEF88BCC7EF70D8C3973429AC5139155F9BA643B431013F1817ECD2FF3AB287880F9EA54DF7503CB3F73D7CF2B87D2E9BDBD203378FAE74CA4BD2667A4AA706"));
+ test_hash(&nettle_sha3_512, /* 25 octets */
+ SHEX("AAFDC9243D3D4A096558A360CC27C8D862F0BE73DB5E88AA55"),
+ SHEX("470BDD8D709875C8E6F88591B97D6486C5F03B54BFC905757483E013F63A6C56984D4518D45C2D2298EADB44AF3A0C35A76B573D452F5747844D3AD8F84A2E85"));
+ test_hash(&nettle_sha3_512, /* 26 octets */
+ SHEX("7BC84867F6F9E9FDC3E1046CAE3A52C77ED485860EE260E30B15"),
+ SHEX("429FD438B390AD0224028975467EC228F9ADCDE71E1738005E3717C58F727AA2B7C61780BF0C5F8B766CC6D34551D87D22A130B8C215614204E607AA82FF8469"));
+ test_hash(&nettle_sha3_512, /* 27 octets */
+ SHEX("FAC523575A99EC48279A7A459E98FF901918A475034327EFB55843"),
+ SHEX("790A010AEB6F13E019A1DC35574B1219E74FF5DB6FBD8746733664FFDBCFE1CC6E8AB39117E3244C4FA3C0A962C9F50030AEF88E193E7E0D4C4747345F30CB54"));
+ test_hash(&nettle_sha3_512, /* 28 octets */
+ SHEX("0F8B2D8FCFD9D68CFFC17CCFB117709B53D26462A3F346FB7C79B85E"),
+ SHEX("AAF7A391600270F7B5A2A3BBC7474AC4154EBEAC03A790A57FDAD96CEA2D043C9FA5F6916790B92F8032D668ED9A07112DC5B2373EC816AABCA6F577CE60415E"));
+ test_hash(&nettle_sha3_512, /* 29 octets */
+ SHEX("A963C3E895FF5A0BE4824400518D81412F875FA50521E26E85EAC90C04"),
+ SHEX("3E2880A974E50F98BD6CC0F9D769AF348CE3B7E8FA38CF0CA2DA5FD704C9C0E57D5500BEA3CB7477927F9C394AA3F9BBC01824350291B9A0A0CBF094BB37DA55"));
+ test_hash(&nettle_sha3_512, /* 30 octets */
+ SHEX("03A18688B10CC0EDF83ADF0A84808A9718383C4070C6C4F295098699AC2C"),
+ SHEX("48E55E0340F20466881A732AA88459AD4BCDEF364C3BD045AE099F953D89F15957AEF204265C3915BA42FE4235196BE3D0F564676227C3C0DEACFBAF68F9E717"));
+ test_hash(&nettle_sha3_512, /* 31 octets */
+ SHEX("84FB51B517DF6C5ACCB5D022F8F28DA09B10232D42320FFC32DBECC3835B29"),
+ SHEX("9D8098D8D6EDBBAA2BCFC6FB2F89C3EAC67FEC25CDFE75AA7BD570A648E8C8945FF2EC280F6DCF73386109155C5BBC444C707BB42EAB873F5F7476657B1BC1A8"));
+ test_hash(&nettle_sha3_512, /* 32 octets */
+ SHEX("9F2FCC7C90DE090D6B87CD7E9718C1EA6CB21118FC2D5DE9F97E5DB6AC1E9C10"),
+ SHEX("1EAFEDCE7292BA73B80AE6151745F43AC95BFC9F31694D422473ABCA2E69D695CB6544DB65506078CB20DBE0762F84AA6AFD14A60AB597955BE73F3F5C50F7A8"));
+ test_hash(&nettle_sha3_512, /* 33 octets */
+ SHEX("DE8F1B3FAA4B7040ED4563C3B8E598253178E87E4D0DF75E4FF2F2DEDD5A0BE046"),
+ SHEX("9A7688E31AAF40C15575FC58C6B39267AAD3722E696E518A9945CF7F7C0FEA84CB3CB2E9F0384A6B5DC671ADE7FB4D2B27011173F3EEEAF17CB451CF26542031"));
+ test_hash(&nettle_sha3_512, /* 34 octets */
+ SHEX("62F154EC394D0BC757D045C798C8B87A00E0655D0481A7D2D9FB58D93AEDC676B5A0"),
+ SHEX("ADA5CA5630660003C4D16149F235FAEB78132F7F773A631F820CC5C654B08EAB4206BB4EA1389D1CF74D3B60B86E484C90C817CDB5DD5DBF327163B4646F7213"));
+ test_hash(&nettle_sha3_512, /* 35 octets */
+ SHEX("B2DCFE9FF19E2B23CE7DA2A4207D3E5EC7C6112A8A22AEC9675A886378E14E5BFBAD4E"),
+ SHEX("71A0801D32587980B09963A0F547B8B6EE3BADE224671BF44F12E3DA4F21778BAC37FCC73EF45FEE1C96688BAF9020F487B1A16E3AC91B504845D6FBA879134F"));
+ test_hash(&nettle_sha3_512, /* 36 octets */
+ SHEX("47F5697AC8C31409C0868827347A613A3562041C633CF1F1F86865A576E02835ED2C2492"),
+ SHEX("EBA678B7A0E5669DC7FA5ECA5D5F19FE625E113E5028DA5EFB138923CD444757B06078E0BA064B36C72CA2187AB9DD31DDA6F24668F46C32F8EC21AC59AAFA24"));
+ test_hash(&nettle_sha3_512, /* 37 octets */
+ SHEX("512A6D292E67ECB2FE486BFE92660953A75484FF4C4F2ECA2B0AF0EDCDD4339C6B2EE4E542"),
+ SHEX("12DF92D889D7BA0DF05BCD02D9DE58C97F4813126967FF78BDF759C66C4CBE9DF68AB31A0256C776730BB25DEECF91F0997868AC8BB86DF7A0FC110CB0A4DE5D"));
+ test_hash(&nettle_sha3_512, /* 38 octets */
+ SHEX("973CF2B4DCF0BFA872B41194CB05BB4E16760A1840D8343301802576197EC19E2A1493D8F4FB"),
+ SHEX("B8C7CE2BE4CB32C140E75B75474248C1DD77D19B0CBCA31A3ECC2A35C532E4FA3ED4ABBCDA27AA68A9DDA06B245443E5903A65652A94ED3AF15065D3E7736E47"));
+ test_hash(&nettle_sha3_512, /* 39 octets */
+ SHEX("80BEEBCD2E3F8A9451D4499961C9731AE667CDC24EA020CE3B9AA4BBC0A7F79E30A934467DA4B0"),
+ SHEX("A0AE9DFB56831FE4A3223C501B697BD8243C471E8343ACFD37A6B587FEAC74571C23DEEBC9B94A540A02F1B1E2251E01229C9D58C4279F155D5566FB18E81295"));
+ test_hash(&nettle_sha3_512, /* 40 octets */
+ SHEX("7ABAA12EC2A7347674E444140AE0FB659D08E1C66DECD8D6EAE925FA451D65F3C0308E29446B8ED3"),
+ SHEX("631E7847124A70FE6EB293A44A25C50600B5E7E975CA9FAB5AE64AB86C7E42C912DD6EC093F01A8DEBC6E1F5E487AF97DC3FD6C53002765050BE963FFCD4D989"));
+ test_hash(&nettle_sha3_512, /* 41 octets */
+ SHEX("C88DEE9927679B8AF422ABCBACF283B904FF31E1CAC58C7819809F65D5807D46723B20F67BA610C2B7"),
+ SHEX("B989263BB4E0424F95FDC9A49C83A3769FBF31DCEDDA7E005AB5F22F43D2718DEBD39085971F7EB7822C9FA0F67F776CEC4E35A9A8B8C835EF4E9EBDA1922E4D"));
+ test_hash(&nettle_sha3_512, /* 42 octets */
+ SHEX("01E43FE350FCEC450EC9B102053E6B5D56E09896E0DDD9074FE138E6038210270C834CE6EADC2BB86BF6"),
+ SHEX("FF6ADCB9E1546798D396DB78452DF1A375B65EE3D54FCC915A8CA3DA693E24931999B0FC8A4EB92F6FF85E42BB4CFD9CE7D7863EEE709C9EF37642B696174474"));
+ test_hash(&nettle_sha3_512, /* 43 octets */
+ SHEX("337023370A48B62EE43546F17C4EF2BF8D7ECD1D49F90BAB604B839C2E6E5BD21540D29BA27AB8E309A4B7"),
+ SHEX("1051B7FF77274B784E7FB7823E756F0C4355047E489775BBEDAA7CE5A75EFAC331492C016CE02EB2BE8BA2FE6B735B9A1484E73AC06DE573C5D0B4A58822A36A"));
+ test_hash(&nettle_sha3_512, /* 44 octets */
+ SHEX("6892540F964C8C74BD2DB02C0AD884510CB38AFD4438AF31FC912756F3EFEC6B32B58EBC38FC2A6B913596A8"),
+ SHEX("5639A2824297CA099ECF2A81EEF1753F6314CB663D860F05A39E3E801FF82060BBA10628E2C0D9E0A84DD05ED637FC0B65BA03BB66E46FB256F2A5B28D3F41D2"));
+ test_hash(&nettle_sha3_512, /* 45 octets */
+ SHEX("F5961DFD2B1FFFFDA4FFBF30560C165BFEDAB8CE0BE525845DEB8DC61004B7DB38467205F5DCFB34A2ACFE96C0"),
+ SHEX("97F9D642507E6DD179D56F4B815E92D0D486826F273EC711B8F9CB76AFC79F900816FDBC13DD3A59FBECBA1F3B6953F879F27C8987B24C6FF8557A2C834076B9"));
+ test_hash(&nettle_sha3_512, /* 46 octets */
+ SHEX("CA061A2EB6CEED8881CE2057172D869D73A1951E63D57261384B80CEB5451E77B06CF0F5A0EA15CA907EE1C27EBA"),
+ SHEX("AFEF2AF5A01B89BE190A0E6E796AA51F1F8C356772C6FC7731F08AAB8BD81AEE1287C70D564F4F169E37B07F28202A85F468281B4CDC1273CF61EB30E3BDCEE1"));
+ test_hash(&nettle_sha3_512, /* 47 octets */
+ SHEX("1743A77251D69242750C4F1140532CD3C33F9B5CCDF7514E8584D4A5F9FBD730BCF84D0D4726364B9BF95AB251D9BB"),
+ SHEX("F467CCA67C387FFC9F1B173A084C451095D01AD0BF3953AC103A76F0F1BC86167305A926A941A53417F1611A505AAA205BCFCCBFD343465DAD8A6C1E80609A9D"));
+ test_hash(&nettle_sha3_512, /* 48 octets */
+ SHEX("D8FABA1F5194C4DB5F176FABFFF856924EF627A37CD08CF55608BBA8F1E324D7C7F157298EABC4DCE7D89CE5162499F9"),
+ SHEX("4B389A2A0DF5E295EA9444F2739B5492F290C4467B0B4CDC1CC9ED2CEFA7A9E527E0627CDAF0BDA58F17D13F94AF7D2DEFF6FC5D53DD9157674475527FBB4F86"));
+ test_hash(&nettle_sha3_512, /* 49 octets */
+ SHEX("BE9684BE70340860373C9C482BA517E899FC81BAAA12E5C6D7727975D1D41BA8BEF788CDB5CF4606C9C1C7F61AED59F97D"),
+ SHEX("6590FFFB7311AB7DAB370FB518CCC19BAA9AF7C84179ADB002F8FACD3C44AF2830A84DF1E2C2402368CC36614A6EA22903063E57D00EC511A46A9A03FE3819F7"));
+ test_hash(&nettle_sha3_512, /* 50 octets */
+ SHEX("7E15D2B9EA74CA60F66C8DFAB377D9198B7B16DEB6A1BA0EA3C7EE2042F89D3786E779CF053C77785AA9E692F821F14A7F51"),
+ SHEX("895796B2A0824C55F030D82E794925C38D8459F38CF848519F120FF6A9D5A03EBF006C3EA5021E8F3B3408FF12F01BCDDF7A085BA0A9A58944FEC1F554836DF8"));
+ test_hash(&nettle_sha3_512, /* 51 octets */
+ SHEX("9A219BE43713BD578015E9FDA66C0F2D83CAC563B776AB9F38F3E4F7EF229CB443304FBA401EFB2BDBD7ECE939102298651C86"),
+ SHEX("E4BBD54BFB99D345471F8AB94271B4B748F5CE70C21C28AE6559E03EE7890A2C814043E624A6BD2944350756B37FA8208FC7473A67B310CEEBC17D965ED688B2"));
+ test_hash(&nettle_sha3_512, /* 52 octets */
+ SHEX("C8F2B693BD0D75EF99CAEBDC22ADF4088A95A3542F637203E283BBC3268780E787D68D28CC3897452F6A22AA8573CCEBF245972A"),
+ SHEX("80D862AD05428A299213E65B50310463FD22C505E693DD4719E0A120EEAA35C5FC1608A08D22E2CCDDECA49878BC26ABE55A3C9A546347439A942ED0C1A6A23E"));
+ test_hash(&nettle_sha3_512, /* 53 octets */
+ SHEX("EC0F99711016C6A2A07AD80D16427506CE6F441059FD269442BAAA28C6CA037B22EEAC49D5D894C0BF66219F2C08E9D0E8AB21DE52"),
+ SHEX("021B3B392DECCB9075559F88C0C229026A2048CEF8EEB2D4F94803DCF2DA0A73E004D7F14E9FD662670B59229AB3883C340F4E3A8C42624CCB90BEC1156F95D4"));
+ test_hash(&nettle_sha3_512, /* 54 octets */
+ SHEX("0DC45181337CA32A8222FE7A3BF42FC9F89744259CFF653504D6051FE84B1A7FFD20CB47D4696CE212A686BB9BE9A8AB1C697B6D6A33"),
+ SHEX("97BF33A5254C8ACA27486428440B1034AAAFAC8B498ECB830C2581DC68518079B65FB0C595997693DDB8D68D9564EA98DC43CD287E2E018DB7DFAAAA205C547A"));
+ test_hash(&nettle_sha3_512, /* 55 octets */
+ SHEX("DE286BA4206E8B005714F80FB1CDFAEBDE91D29F84603E4A3EBC04686F99A46C9E880B96C574825582E8812A26E5A857FFC6579F63742F"),
+ SHEX("C05FD9C3FA73F80956FF1C3B89160EB520CA640E201B3FE5E6E296220E81B59D530476010D3784CA08692B8C716A3BE982B37450A96D30A401D3BA3C390D9DE3"));
+ test_hash(&nettle_sha3_512, /* 56 octets */
+ SHEX("EEBCC18057252CBF3F9C070F1A73213356D5D4BC19AC2A411EC8CDEEE7A571E2E20EAF61FD0C33A0FFEB297DDB77A97F0A415347DB66BCAF"),
+ SHEX("B980E657C13726DBADB6570EA3A9E633869CADB798EB35C482697A04CB712F1C1E8C5D0BD67E43E52DA294E82D5E80A695A74A3D27C0C672ADCFE2C928859A6D"));
+ test_hash(&nettle_sha3_512, /* 57 octets */
+ SHEX("416B5CDC9FE951BD361BD7ABFC120A5054758EBA88FDD68FD84E39D3B09AC25497D36B43CBE7B85A6A3CEBDA8DB4E5549C3EE51BB6FCB6AC1E"),
+ SHEX("6ADFC561835FDDD70A9FEB57C513165D12AEB3283F0DD7774DD58852DA9E969ABDAF20DD44856FA60E11BDFA2DBB7E3347669FFF7A57A8D8D37431C2B309972D"));
+ test_hash(&nettle_sha3_512, /* 58 octets */
+ SHEX("5C5FAF66F32E0F8311C32E8DA8284A4ED60891A5A7E50FB2956B3CBAA79FC66CA376460E100415401FC2B8518C64502F187EA14BFC9503759705"),
+ SHEX("0E7459BDC857B949CC59A9C649B9625268BF9A11EA81EEEFA4ECDD410E2F6FD2C78289C01365F99034FF8FA8C115DDCEBEFA26A8D6468F5030E641745950061E"));
+ test_hash(&nettle_sha3_512, /* 59 octets */
+ SHEX("7167E1E02BE1A7CA69D788666F823AE4EEF39271F3C26A5CF7CEE05BCA83161066DC2E217B330DF821103799DF6D74810EED363ADC4AB99F36046A"),
+ SHEX("2A8CE9DF40879B24DADF61C9131F694E5531ADE6B7AB071CA10ABDD3C2E4A22C868A52986A329F880137EE76109770927D2658E63EB486D880290AC0782CF5BF"));
+ test_hash(&nettle_sha3_512, /* 60 octets */
+ SHEX("2FDA311DBBA27321C5329510FAE6948F03210B76D43E7448D1689A063877B6D14C4F6D0EAA96C150051371F7DD8A4119F7DA5C483CC3E6723C01FB7D"),
+ SHEX("A83CE5A6A58376D57DB4C58DA1B46C131FF1BF8FF2DE5E8617FB37E5098398EDB53F9888B8752A8AFF19178F2F6BD7A33FD36C59E4A631906280907FC1C5AB07"));
+ test_hash(&nettle_sha3_512, /* 61 octets */
+ SHEX("95D1474A5AAB5D2422ACA6E481187833A6212BD2D0F91451A67DD786DFC91DFED51B35F47E1DEB8A8AB4B9CB67B70179CC26F553AE7B569969CE151B8D"),
+ SHEX("9EBFCEA2DB1676EEE6B103119543C6049DEBD8FB8F1E01A5AB5B348E2919E14C8CFE8E542F2AB747B0FD4A4C3EEE4019BB046E24BFE2091FB9C65DCA527B71AD"));
+ test_hash(&nettle_sha3_512, /* 62 octets */
+ SHEX("C71BD7941F41DF044A2927A8FF55B4B467C33D089F0988AA253D294ADDBDB32530C0D4208B10D9959823F0C0F0734684006DF79F7099870F6BF53211A88D"),
+ SHEX("97B08BE7653E9DF1B5AFA459EA750A3AC9BF3577BCC7E5344FC861184880926DEF354E4C65B20EC66C47B7AFFD3E7493958BAB0A90724D3D8DD9E1D561FA60C2"));
+ test_hash(&nettle_sha3_512, /* 63 octets */
+ SHEX("F57C64006D9EA761892E145C99DF1B24640883DA79D9ED5262859DCDA8C3C32E05B03D984F1AB4A230242AB6B78D368DC5AAA1E6D3498D53371E84B0C1D4BA"),
+ SHEX("EF8AAF08159BBCB88EFAC49A33A5248B7ED0544960D8DD54D748A91C0D84C69F308BB54CB5EC97D3F81CDF76E68E0320815B93F2A00942F2168CBC18E8377708"));
+ test_hash(&nettle_sha3_512, /* 64 octets */
+ SHEX("E926AE8B0AF6E53176DBFFCC2A6B88C6BD765F939D3D178A9BDE9EF3AA131C61E31C1E42CDFAF4B4DCDE579A37E150EFBEF5555B4C1CB40439D835A724E2FAE7"),
+ SHEX("C0A4D8DCA967772DBF6E5508C913E7BEBA1B749A2B1AC963D0676E6F1DCD4EBAA3F909EF87DD849882DC8253347A5F6520B5B9F510973F443976455F923CFCB9"));
+ test_hash(&nettle_sha3_512, /* 65 octets */
+ SHEX("16E8B3D8F988E9BB04DE9C96F2627811C973CE4A5296B4772CA3EEFEB80A652BDF21F50DF79F32DB23F9F73D393B2D57D9A0297F7A2F2E79CFDA39FA393DF1AC00"),
+ SHEX("CF03C946EB7022F60FB5439462AC22684E47EAACBFFE19B797760B4A24A5238BE9D90E17D40EA6FE7B2885CEF7DFB8BB489401CAA94F2DD6E04592E33E76B9D1"));
+ test_hash(&nettle_sha3_512, /* 66 octets */
+ SHEX("FC424EEB27C18A11C01F39C555D8B78A805B88DBA1DC2A42ED5E2C0EC737FF68B2456D80EB85E11714FA3F8EABFB906D3C17964CB4F5E76B29C1765DB03D91BE37FC"),
+ SHEX("2C35F1A57A17CB29403A2B40FC307BDE10BA8F7FEC7B94E1E42EB4EEB952AAD00EC46A26646CD51DB0C6B238189D7D470E21C29BF8710423CB5602CAB75E29E7"));
+ test_hash(&nettle_sha3_512, /* 67 octets */
+ SHEX("ABE3472B54E72734BDBA7D9158736464251C4F21B33FBBC92D7FAC9A35C4E3322FF01D2380CBAA4EF8FB07D21A2128B7B9F5B6D9F34E13F39C7FFC2E72E47888599BA5"),
+ SHEX("505E6E607C90C57BBE7CE52BB42DF3D90BC32DE554025730C84ED0F89A0132885D7A40FADFF7A4B01DE4D29735AEFE0E0469F4F172B62A0DABA889E152308FC4"));
+ test_hash(&nettle_sha3_512, /* 68 octets */
+ SHEX("36F9F0A65F2CA498D739B944D6EFF3DA5EBBA57E7D9C41598A2B0E4380F3CF4B479EC2348D015FFE6256273511154AFCF3B4B4BF09D6C4744FDD0F62D75079D440706B05"),
+ SHEX("7BE2C95413C589EC5AD69F8D80BFE9F26540D5C1832C7A49A31A8F5655D9CE8B47D97C69CCCD693C211904142A5403DA7AD09FBDB825698FE201988FCCCD2BB2"));
+ test_hash(&nettle_sha3_512, /* 69 octets */
+ SHEX("ABC87763CAE1CA98BD8C5B82CABA54AC83286F87E9610128AE4DE68AC95DF5E329C360717BD349F26B872528492CA7C94C2C1E1EF56B74DBB65C2AC351981FDB31D06C77A4"),
+ SHEX("8AAC9201D76DF13424A32552F04390E499B6168711B70C875789DDAA9B115F8B8259A60D17835E2587F8901C3CA782DA9AFB28BA87B9FCBE05A47A42F48FCD48"));
+ test_hash(&nettle_sha3_512, /* 70 octets */
+ SHEX("94F7CA8E1A54234C6D53CC734BB3D3150C8BA8C5F880EAB8D25FED13793A9701EBE320509286FD8E422E931D99C98DA4DF7E70AE447BAB8CFFD92382D8A77760A259FC4FBD72"),
+ SHEX("AA52587D84586317028FB7D3C20892E0288BFE2FEABD76D7F89155FFE9CCBF1A09FA0FFB0553E83F79AE58BD30A35FA54892B6ABA0093A012427DDAB71CDF819"));
+ test_hash(&nettle_sha3_512, /* 71 octets */
+ SHEX("13BD2811F6ED2B6F04FF3895ACEED7BEF8DCD45EB121791BC194A0F806206BFFC3B9281C2B308B1A729CE008119DD3066E9378ACDCC50A98A82E20738800B6CDDBE5FE9694AD6D"),
+ SHEX("48FC282F37A3E1FB5DF4D2DA1F7197EC899AE573CA08DF550E61EE847EEB1D24C074FF46BCAEE224EC7D8CEA4256154F0C4D434E682834F6D827BFBDF75112F5"));
+ test_hash(&nettle_sha3_512, /* 72 octets */
+ SHEX("1EED9CBA179A009EC2EC5508773DD305477CA117E6D569E66B5F64C6BC64801CE25A8424CE4A26D575B8A6FB10EAD3FD1992EDDDEEC2EBE7150DC98F63ADC3237EF57B91397AA8A7"),
+ SHEX("6B4B0F126863552A6F40F45E295DC79B9BA2A88EA7C3B2F607AC1A8431A97844C2A7B664443FB23C05739DF5494FE9824DB80B7F3E67872142F17E2C5544E1EF"));
+ test_hash(&nettle_sha3_512, /* 73 octets */
+ SHEX("BA5B67B5EC3A3FFAE2C19DD8176A2EF75C0CD903725D45C9CB7009A900C0B0CA7A2967A95AE68269A6DBF8466C7B6844A1D608AC661F7EFF00538E323DB5F2C644B78B2D48DE1A08AA"),
+ SHEX("7EEC7B730056B1BD4F6FFC186FB45591E50CD93CF6E4FC958889F82D3F32C5C74D03A4BCF7D2754298F134698AF4559B0E29BAAA365CC00DB0D51D407179C56D"));
+ test_hash(&nettle_sha3_512, /* 74 octets */
+ SHEX("0EFA26AC5673167DCACAB860932ED612F65FF49B80FA9AE65465E5542CB62075DF1C5AE54FBA4DB807BE25B070033EFA223BDD5B1D3C94C6E1909C02B620D4B1B3A6C9FED24D70749604"),
+ SHEX("79CB925ACA072EBB3B49A9D0E59BB07DD1C223C1F26C91768B929472C51B977F85C6CEEB54BCE89CF9FF6155D7FE8091540F1348CE9592A6403F92105477870E"));
+ test_hash(&nettle_sha3_512, /* 75 octets */
+ SHEX("BBFD933D1FD7BF594AC7F435277DC17D8D5A5B8E4D13D96D2F64E771ABBD51A5A8AEA741BECCBDDB177BCEA05243EBD003CFDEAE877CCA4DA94605B67691919D8B033F77D384CA01593C1B"),
+ SHEX("B5D1ED8F039044BCFEF41E99B2F564F45991B329B503FC91FA29D2408512F8711E9DB66F8AE172164650545AE9E3DB32AA369EC47E81A77111276E6CA38E4D92"));
+ test_hash(&nettle_sha3_512, /* 76 octets */
+ SHEX("90078999FD3C35B8AFBF4066CBDE335891365F0FC75C1286CDD88FA51FAB94F9B8DEF7C9AC582A5DBCD95817AFB7D1B48F63704E19C2BAA4DF347F48D4A6D603013C23F1E9611D595EBAC37C"),
+ SHEX("782C008A9EE3DDA0A182267185C995A2AF737BA8CB2F6179F2CDF52505F8D933E712FC4E56D10E175EC8CDD62DE6529CE1F078BFA0DC7A5284F8C565182F85D9"));
+ test_hash(&nettle_sha3_512, /* 77 octets */
+ SHEX("64105ECA863515C20E7CFBAA0A0B8809046164F374D691CDBD6508AAABC1819F9AC84B52BAFC1B0FE7CDDBC554B608C01C8904C669D8DB316A0953A4C68ECE324EC5A49FFDB59A1BD6A292AA0E"),
+ SHEX("91A0241EDA8CA597CBB0F703AB7DBAAF859CFF77B20401AD46230CE3B2BEEF6685775DE37576014D8DA1BA672D47AAD95FB53C590B650634CEBB43A175738569"));
+ test_hash(&nettle_sha3_512, /* 78 octets */
+ SHEX("D4654BE288B9F3B711C2D02015978A8CC57471D5680A092AA534F7372C71CEAAB725A383C4FCF4D8DEAA57FCA3CE056F312961ECCF9B86F14981BA5BED6AB5B4498E1F6C82C6CAE6FC14845B3C8A"),
+ SHEX("00B02DBCB7A3BC117701F2F159FC4492923C437D3369833A9BD09E78E260D48D37168D36C49777B2E68E6FE9846106A6AB8768C3971FAB31FD922AACB87D1CAC"));
+ test_hash(&nettle_sha3_512, /* 79 octets */
+ SHEX("12D9394888305AC96E65F2BF0E1B18C29C90FE9D714DD59F651F52B88B3008C588435548066EA2FC4C101118C91F32556224A540DE6EFDDBCA296EF1FB00341F5B01FECFC146BDB251B3BDAD556CD2"),
+ SHEX("3DEDF819B357DFAB1C7092ABD872A1554DD0962E9944EEF9F7F8BCE830F2D74F1D9BA2B748BBC6EE0B7600BE8CB0FFCB79924D9F51CDB9B06BD6FD37F3050229"));
+ test_hash(&nettle_sha3_512, /* 80 octets */
+ SHEX("871A0D7A5F36C3DA1DFCE57ACD8AB8487C274FAD336BC137EBD6FF4658B547C1DCFAB65F037AA58F35EF16AFF4ABE77BA61F65826F7BE681B5B6D5A1EA8085E2AE9CD5CF0991878A311B549A6D6AF230"),
+ SHEX("5FBE194557B0426F96BA60712176DF073EAFE04F2A50515455412EA3D80C116758AD952598F48031612181D82A16EFE4668FFB3BCCE9563A772FE416FF6DB3B3"));
+ test_hash(&nettle_sha3_512, /* 81 octets */
+ SHEX("E90B4FFEF4D457BC7711FF4AA72231CA25AF6B2E206F8BF859D8758B89A7CD36105DB2538D06DA83BAD5F663BA11A5F6F61F236FD5F8D53C5E89F183A3CEC615B50C7C681E773D109FF7491B5CC22296C5"),
+ SHEX("2E8AB1619859C11473DC7C474CE8B0AE44B1C38417816FD95B9E0614F31E51EBB1DD16D1CBB584C4EBD28AA99F4A68E09DFE3AD462487F2608124B7528293045"));
+ test_hash(&nettle_sha3_512, /* 82 octets */
+ SHEX("E728DE62D75856500C4C77A428612CD804F30C3F10D36FB219C5CA0AA30726AB190E5F3F279E0733D77E7267C17BE27D21650A9A4D1E32F649627638DBADA9702C7CA303269ED14014B2F3CF8B894EAC8554"),
+ SHEX("DB2D182BDBAC6AC866537E24712332CAE74DC3D36168982E4453DD6E009658345255013BC0A54FCA17AEEDCC4BEB79BDEE192CFAB516D24591C8699F7C758179"));
+ test_hash(&nettle_sha3_512, /* 83 octets */
+ SHEX("6348F229E7B1DF3B770C77544E5166E081850FA1C6C88169DB74C76E42EB983FACB276AD6A0D1FA7B50D3E3B6FCD799EC97470920A7ABED47D288FF883E24CA21C7F8016B93BB9B9E078BDB9703D2B781B616E"),
+ SHEX("90A2C05F7001D985B587A046B488BF4ED29D75CC03A745731B5B0CE51BB86387C4CE34018A6D906EB7BEB41A09AFE9FEDD99AACC41B4556F75229C8688C7FCA2"));
+ test_hash(&nettle_sha3_512, /* 84 octets */
+ SHEX("4B127FDE5DE733A1680C2790363627E63AC8A3F1B4707D982CAEA258655D9BF18F89AFE54127482BA01E08845594B671306A025C9A5C5B6F93B0A39522DC877437BE5C2436CBF300CE7AB6747934FCFC30AEAAF6"),
+ SHEX("EA3991C4A8A5F0146402DE4AE235054C78A48DCA340A7D4AD8753995F82347ECFC0054D64EB4F20ABC4F415C54701CBC61A7B239A7C221B833D9EA9F94B154E8"));
+ test_hash(&nettle_sha3_512, /* 85 octets */
+ SHEX("08461F006CFF4CC64B752C957287E5A0FAABC05C9BFF89D23FD902D324C79903B48FCB8F8F4B01F3E4DDB483593D25F000386698F5ADE7FAADE9615FDC50D32785EA51D49894E45BAA3DC707E224688C6408B68B11"),
+ SHEX("1313023B753ED1727F13CC67A64B989A8BF6548324DF9854D8D5A963ED3D860257FE6522B9C6D6CB1BCADF322C985601BA36F7E67110192094AA8F9869A458A8"));
+ test_hash(&nettle_sha3_512, /* 86 octets */
+ SHEX("68C8F8849B120E6E0C9969A5866AF591A829B92F33CD9A4A3196957A148C49138E1E2F5C7619A6D5EDEBE995ACD81EC8BB9C7B9CFCA678D081EA9E25A75D39DB04E18D475920CE828B94E72241F24DB72546B352A0E4"),
+ SHEX("9BCA2A1A5546A11275BF42F0B48492868359C78D94785A0EE12DC1C3D70A8E97EB462148FAED1FFA4DAB0E91519BD36C0C5C5FE7CFCFF3E180680318E1FCF75B"));
+ test_hash(&nettle_sha3_512, /* 87 octets */
+ SHEX("B8D56472954E31FB54E28FCA743F84D8DC34891CB564C64B08F7B71636DEBD64CA1EDBDBA7FC5C3E40049CE982BBA8C7E0703034E331384695E9DE76B5104F2FBC4535ECBEEBC33BC27F29F18F6F27E8023B0FBB6F563C"),
+ SHEX("8492F5E621E82FDBFF1976B1BEECFF7D137805B5736AB49216122A95396B863A0481212B6DABA8B05E29E287BB0E2F588F86407C84DBFB894E6ACFC6F6B2E571"));
+ test_hash(&nettle_sha3_512, /* 88 octets */
+ SHEX("0D58AC665FA84342E60CEFEE31B1A4EACDB092F122DFC68309077AED1F3E528F578859EE9E4CEFB4A728E946324927B675CD4F4AC84F64DB3DACFE850C1DD18744C74CECCD9FE4DC214085108F404EAB6D8F452B5442A47D"),
+ SHEX("EEBE4EC0FE3E0266527F4D9F57A017637EAB92377D82B15856A55A22B008DF67F27AA5AC04E1DEEEB2C819CE41DB07DBF6DCAF17A192A4371A1E92BADF1E6389"));
+ test_hash(&nettle_sha3_512, /* 89 octets */
+ SHEX("1755E2D2E5D1C1B0156456B539753FF416651D44698E87002DCF61DCFA2B4E72F264D9AD591DF1FDEE7B41B2EB00283C5AEBB3411323B672EAA145C5125185104F20F335804B02325B6DEA65603F349F4D5D8B782DD3469CCD"),
+ SHEX("9E36E6291BC2296CB4BA71109CEDCC2A3F0B4F1AE5E5406DC4B3E594551D5C70E6F814D2C9B8413103EF07535886B4AC518AAF7AED64ABED7A5B0A26F7171425"));
+ test_hash(&nettle_sha3_512, /* 90 octets */
+ SHEX("B180DE1A611111EE7584BA2C4B020598CD574AC77E404E853D15A101C6F5A2E5C801D7D85DC95286A1804C870BB9F00FD4DCB03AA8328275158819DCAD7253F3E3D237AEAA7979268A5DB1C6CE08A9EC7C2579783C8AFC1F91A7"),
+ SHEX("F1089483A00B2601BE9C16469A090EFC49FCB70E62AC0FFEA2D1E508083CD5D41DCF2DAAE1E0EAC217859E5FEADDCB782AC471C01D7266136185D37B568E9606"));
+ test_hash(&nettle_sha3_512, /* 91 octets */
+ SHEX("CF3583CBDFD4CBC17063B1E7D90B02F0E6E2EE05F99D77E24E560392535E47E05077157F96813544A17046914F9EFB64762A23CF7A49FE52A0A4C01C630CFE8727B81FB99A89FF7CC11DCA5173057E0417B8FE7A9EFBA6D95C555F"),
+ SHEX("D063EA794CFD2ED9248665A6084A7B99051C1051E41B7D9DCB1537A1C79CBA6DEB4D844C6A618E43C7CA020D16976999684FEB084616F707209F75C4BD584D86"));
+ test_hash(&nettle_sha3_512, /* 92 octets */
+ SHEX("072FC02340EF99115BAD72F92C01E4C093B9599F6CFC45CB380EE686CB5EB019E806AB9BD55E634AB10AA62A9510CC0672CD3EDDB589C7DF2B67FCD3329F61B1A4441ECA87A33C8F55DA4FBBAD5CF2B2527B8E983BB31A2FADEC7523"),
+ SHEX("424A86D746C87C85DABD1DAE298A488E4CA2183DE692D1D01C4B7994EE5124F9004BEA84933C311CC38EA6F604A7769EE178E1EC160A9891C42C462A13A62286"));
+ test_hash(&nettle_sha3_512, /* 93 octets */
+ SHEX("76EECF956A52649F877528146DE33DF249CD800E21830F65E90F0F25CA9D6540FDE40603230ECA6760F1139C7F268DEBA2060631EEA92B1FFF05F93FD5572FBE29579ECD48BC3A8D6C2EB4A6B26E38D6C5FBF2C08044AEEA470A8F2F26"),
+ SHEX("A9403C26A96DE2C3D359EE29F3FD1C581154852D19AD12884B79E7082D2DA22EC83553BABA2BDFF2A2FA15947A8E6ACD5F5D113EC091BFD1962A0A10401D2C98"));
+ test_hash(&nettle_sha3_512, /* 94 octets */
+ SHEX("7ADC0B6693E61C269F278E6944A5A2D8300981E40022F839AC644387BFAC9086650085C2CDC585FEA47B9D2E52D65A2B29A7DC370401EF5D60DD0D21F9E2B90FAE919319B14B8C5565B0423CEFB827D5F1203302A9D01523498A4DB10374"),
+ SHEX("3D23632EE4C2D4F4118A02A677B5A32427C72BA54899BA2E6CCD22EC3DEFE0FCB052E3F83D35786CEA2080EED148A0A94628E735202E6B2809994C5F5BDAFDD6"));
+ test_hash(&nettle_sha3_512, /* 95 octets */
+ SHEX("E1FFFA9826CCE8B86BCCEFB8794E48C46CDF372013F782ECED1E378269B7BE2B7BF51374092261AE120E822BE685F2E7A83664BCFBE38FE8633F24E633FFE1988E1BC5ACF59A587079A57A910BDA60060E85B5F5B6F776F0529639D9CCE4BD"),
+ SHEX("D8FA886884CE577A7282DECEACF4786E7C68FC69B141137FF5DC7CB3C5F8ABC845716DD27397E8BD5CE245107A984A3F8B21F19F99ED40118621DC85303A30B4"));
+ test_hash(&nettle_sha3_512, /* 96 octets */
+ SHEX("69F9ABBA65592EE01DB4DCE52DBAB90B08FC04193602792EE4DAA263033D59081587B09BBE49D0B49C9825D22840B2FF5D9C5155F975F8F2C2E7A90C75D2E4A8040FE39F63BBAFB403D9E28CC3B86E04E394A9C9E8065BD3C85FA9F0C7891600"),
+ SHEX("C768CD313602FABB2193F9EDBF667B4CDABD57D5FF60BDC22BA7BAD5319EA04E7CBEC5D4B4C4560AD52609FDD22750B618951796376ED41B2A8EAFFDD9927722"));
+ test_hash(&nettle_sha3_512, /* 97 octets */
+ SHEX("38A10A352CA5AEDFA8E19C64787D8E9C3A75DBF3B8674BFAB29B5DBFC15A63D10FAE66CD1A6E6D2452D557967EAAD89A4C98449787B0B3164CA5B717A93F24EB0B506CEB70CBBCB8D72B2A72993F909AAD92F044E0B5A2C9AC9CB16A0CA2F81F49"),
+ SHEX("8562CE9399806623B2695712266AF3D4C14F77D2449143379246962C22398C813544A7DEE4C4847F09D3CBE437349B7FC6738AC97075B5DD9E2ADD6ECAA610F4"));
+ test_hash(&nettle_sha3_512, /* 98 octets */
+ SHEX("6D8C6E449BC13634F115749C248C17CD148B72157A2C37BF8969EA83B4D6BA8C0EE2711C28EE11495F43049596520CE436004B026B6C1F7292B9C436B055CBB72D530D860D1276A1502A5140E3C3F54A93663E4D20EDEC32D284E25564F624955B52"),
+ SHEX("99ADE7B13E8E79AEA6ED01A25E10E401CD1D055884575EAB3E66B2294F03F8D5DBF72AB1AE39103189383EBFD2E43258510C124A894A793B206FAC752C035789"));
+ test_hash(&nettle_sha3_512, /* 99 octets */
+ SHEX("6EFCBCAF451C129DBE00B9CEF0C3749D3EE9D41C7BD500ADE40CDC65DEDBBBADB885A5B14B32A0C0D087825201E303288A733842FA7E599C0C514E078F05C821C7A4498B01C40032E9F1872A1C925FA17CE253E8935E4C3C71282242CB716B2089CCC1"),
+ SHEX("D12831BA39DBCD41F56BC7FC071BDAABFB6E7572D08B2FDA3BDDFC6FA5662F4BDBFA431CA2E38B18172709072E50120DB6BE93E86CB4ACE3C11DD0E1F3F5C712"));
+ test_hash(&nettle_sha3_512, /* 100 octets */
+ SHEX("433C5303131624C0021D868A30825475E8D0BD3052A022180398F4CA4423B98214B6BEAAC21C8807A2C33F8C93BD42B092CC1B06CEDF3224D5ED1EC29784444F22E08A55AA58542B524B02CD3D5D5F6907AFE71C5D7462224A3F9D9E53E7E0846DCBB4CE"),
+ SHEX("527D28E341E6B14F4684ADB4B824C496C6482E51149565D3D17226828884306B51D6148A72622C2B75F5D3510B799D8BDC03EAEDE453676A6EC8FE03A1AD0EAB"));
+ test_hash(&nettle_sha3_512, /* 101 octets */
+ SHEX("A873E0C67CA639026B6683008F7AA6324D4979550E9BCE064CA1E1FB97A30B147A24F3F666C0A72D71348EDE701CF2D17E2253C34D1EC3B647DBCEF2F879F4EB881C4830B791378C901EB725EA5C172316C6D606E0AF7DF4DF7F76E490CD30B2BADF45685F"),
+ SHEX("CACDCF8BF855040E9795C422069D8E37B6286066A2197A320BD934061F66995227BE6B85FD928B834D3CA45E1AC3844D9DC66D61581E7799CCFDE008639AB3DD"));
+ test_hash(&nettle_sha3_512, /* 102 octets */
+ SHEX("006917B64F9DCDF1D2D87C8A6173B64F6587168E80FAA80F82D84F60301E561E312D9FBCE62F39A6FB476E01E925F26BCC91DE621449BE6504C504830AAE394096C8FC7694651051365D4EE9070101EC9B68086F2EA8F8AB7B811EA8AD934D5C9B62C60A4771"),
+ SHEX("F454A953501E191A12A80C7A5398F081CEF738E25D48B076A52F77FB09EF0BC2325116020BB06C2C585DA9F115BD9D8F13B50E8E1FB1664450FAE690B7783400"));
+ test_hash(&nettle_sha3_512, /* 103 octets */
+ SHEX("F13C972C52CB3CC4A4DF28C97F2DF11CE089B815466BE88863243EB318C2ADB1A417CB1041308598541720197B9B1CB5BA2318BD5574D1DF2174AF14884149BA9B2F446D609DF240CE335599957B8EC80876D9A085AE084907BC5961B20BF5F6CA58D5DAB38ADB"),
+ SHEX("5F968CC6ECF71C588A3C3BA68858BBFF96861F66C0733FD61FA91A479A49618DF22D9490219DF8008DC78840AE022C5D41AF2B890D0214E562DA8DF0CB3F8522"));
+ test_hash(&nettle_sha3_512, /* 104 octets */
+ SHEX("E35780EB9799AD4C77535D4DDB683CF33EF367715327CF4C4A58ED9CBDCDD486F669F80189D549A9364FA82A51A52654EC721BB3AAB95DCEB4A86A6AFA93826DB923517E928F33E3FBA850D45660EF83B9876ACCAFA2A9987A254B137C6E140A21691E1069413848"),
+ SHEX("E7149461F9CD00B71C216C50041B3EDA9707D7360D4C21740C44C212256A31DA398FE09708E450EA4E2826B7EC20BEF76CD2FBD9D096AF6F77F84ABC2E4FB093"));
+ test_hash(&nettle_sha3_512, /* 105 octets */
+ SHEX("64EC021C9585E01FFE6D31BB50D44C79B6993D72678163DB474947A053674619D158016ADB243F5C8D50AA92F50AB36E579FF2DABB780A2B529370DAA299207CFBCDD3A9A25006D19C4F1FE33E4B1EAEC315D8C6EE1E730623FD1941875B924EB57D6D0C2EDC4E78D6"),
+ SHEX("77097413CAA5A2D38259D47EC078871FA09EE5614D4C14FEB7A95C921C0AAE93B8737A6DC89E57693BE8A0710206664B80B657A1079605A0FF9664BBCB0722D6"));
+ test_hash(&nettle_sha3_512, /* 106 octets */
+ SHEX("5954BAB512CF327D66B5D9F296180080402624AD7628506B555EEA8382562324CF452FBA4A2130DE3E165D11831A270D9CB97CE8C2D32A96F50D71600BB4CA268CF98E90D6496B0A6619A5A8C63DB6D8A0634DFC6C7EC8EA9C006B6C456F1B20CD19E781AF20454AC880"),
+ SHEX("55D8E5202360D7D5841419362F864CC900E11C582FD0CAB2FF5F1680F6CE927B5379E27A335EBAFE1286B9D4A172AB761A36EADE60F10468EAC4CEAFBF63C7CC"));
+ test_hash(&nettle_sha3_512, /* 107 octets */
+ SHEX("03D9F92B2C565709A568724A0AFF90F8F347F43B02338F94A03ED32E6F33666FF5802DA4C81BDCE0D0E86C04AFD4EDC2FC8B4141C2975B6F07639B1994C973D9A9AFCE3D9D365862003498513BFA166D2629E314D97441667B007414E739D7FEBF0FE3C32C17AA188A8683"),
+ SHEX("EFFB03B497ADD6230A0ED99122EA868138644AB81E861491E526FAE37C39872CA731804A0004599849478A787BC7FCE21903ED551D7DB881D2A2C367B6168547"));
+ test_hash(&nettle_sha3_512, /* 108 octets */
+ SHEX("F31E8B4F9E0621D531D22A380BE5D9ABD56FAEC53CBD39B1FAB230EA67184440E5B1D15457BD25F56204FA917FA48E669016CB48C1FFC1E1E45274B3B47379E00A43843CF8601A5551411EC12503E5AAC43D8676A1B2297EC7A0800DBFEE04292E937F21C005F17411473041"),
+ SHEX("A2269A6EF2EA8F1CF8BC3394D27657B0DB996C55E7C47784C0B451202FC5279679D79E06F8DBAA9A63665FD0E914D13C6E056EA006DAAF4CB61D2629468E3D25"));
+ test_hash(&nettle_sha3_512, /* 109 octets */
+ SHEX("758EA3FEA738973DB0B8BE7E599BBEF4519373D6E6DCD7195EA885FC991D896762992759C2A09002912FB08E0CB5B76F49162AEB8CF87B172CF3AD190253DF612F77B1F0C532E3B5FC99C2D31F8F65011695A087A35EE4EEE5E334C369D8EE5D29F695815D866DA99DF3F79403"),
+ SHEX("5A2970D5EC346A8E4E1D5D1E57DC22F6875DDF1CE3626B49A91109E0DE991033E932F883B6A795016D5014E268304ABE2F7577505AAB00956911781F075D113A"));
+ test_hash(&nettle_sha3_512, /* 110 octets */
+ SHEX("47C6E0C2B74948465921868804F0F7BD50DD323583DC784F998A93CD1CA4C6EF84D41DC81C2C40F34B5BEE6A93867B3BDBA0052C5F59E6F3657918C382E771D33109122CC8BB0E1E53C4E3D13B43CE44970F5E0C079D2AD7D7A3549CD75760C21BB15B447589E86E8D76B1E9CED2"),
+ SHEX("2B4356A64DF31936B27F4530F076EE73E71E4E48ABDE04FF1F548E0727F4A5810B71874187FD96ED510D0D6886AF11960A0B3BAD1EE75DDA4CDC148E162EDAE9"));
+ test_hash(&nettle_sha3_512, /* 111 octets */
+ SHEX("F690A132AB46B28EDFA6479283D6444E371C6459108AFD9C35DBD235E0B6B6FF4C4EA58E7554BD002460433B2164CA51E868F7947D7D7A0D792E4ABF0BE5F450853CC40D85485B2B8857EA31B5EA6E4CCFA2F3A7EF3380066D7D8979FDAC618AAD3D7E886DEA4F005AE4AD05E5065F"),
+ SHEX("EDCB59984267BB00402A78F2CA345EF2494956172E10927EE63AFF23D0C834BCA50C47CDBFFD8995036307E9ED4B143E853450367D0E14AFC8490073653CD850"));
+ test_hash(&nettle_sha3_512, /* 112 octets */
+ SHEX("58D6A99BC6458824B256916770A8417040721CCCFD4B79EACD8B65A3767CE5BA7E74104C985AC56B8CC9AEBD16FEBD4CDA5ADB130B0FF2329CC8D611EB14DAC268A2F9E633C99DE33997FEA41C52A7C5E1317D5B5DAED35EBA7D5A60E45D1FA7EAABC35F5C2B0A0F2379231953322C4E"),
+ SHEX("D0B453FBE709C69125DC8FE9E8AE9245211612970373B454F8656A755E8435B321DD3A980FA28719641747E254DC42C9BF012B4D6DBD7ED13020A83B44C504AA"));
+ test_hash(&nettle_sha3_512, /* 113 octets */
+ SHEX("BEFAB574396D7F8B6705E2D5B58B2C1C820BB24E3F4BAE3E8FBCD36DBF734EE14E5D6AB972AEDD3540235466E825850EE4C512EA9795ABFD33F330D9FD7F79E62BBB63A6EA85DE15BEAEEA6F8D204A28956059E2632D11861DFB0E65BC07AC8A159388D5C3277E227286F65FF5E5B5AEC1"),
+ SHEX("FE97C011E525110E03149FAC4179891AFCB6304E1CFD9D84CB7389755554EE723571D76B80B9333A695884192340B3FE022D4A233B7AA8E8C7686745CFE75E67"));
+ test_hash(&nettle_sha3_512, /* 114 octets */
+ SHEX("8E58144FA9179D686478622CE450C748260C95D1BA43B8F9B59ABECA8D93488DA73463EF40198B4D16FB0B0707201347E0506FF19D01BEA0F42B8AF9E71A1F1BD168781069D4D338FDEF00BF419FBB003031DF671F4A37979564F69282DE9C65407847DD0DA505AB1641C02DEA4F0D834986"),
+ SHEX("1BC4AC8D979CA62A7FC81C710CEDF65AF56C9B652EEC356AA92DA924D370FDEBDF076F91BA4FE1EC5CD78FC4C8885EA4304BA2E8E64944AB4BF4D1B3D7DEE745"));
+ test_hash(&nettle_sha3_512, /* 115 octets */
+ SHEX("B55C10EAE0EC684C16D13463F29291BF26C82E2FA0422A99C71DB4AF14DD9C7F33EDA52FD73D017CC0F2DBE734D831F0D820D06D5F89DACC485739144F8CFD4799223B1AFF9031A105CB6A029BA71E6E5867D85A554991C38DF3C9EF8C1E1E9A7630BE61CAABCA69280C399C1FB7A12D12AEFC"),
+ SHEX("76E970E9449D868067CD23B1A202CBDC99693FF6FA74BA644EC41CBF8FD139CB0F5D1106FCD6C871C315FF41C3EAF99C636288F0FCF6A40B480CB881D87E098F"));
+ test_hash(&nettle_sha3_512, /* 116 octets */
+ SHEX("2EEEA693F585F4ED6F6F8865BBAE47A6908AECD7C429E4BEC4F0DE1D0CA0183FA201A0CB14A529B7D7AC0E6FF6607A3243EE9FB11BCF3E2304FE75FFCDDD6C5C2E2A4CD45F63C962D010645058D36571404A6D2B4F44755434D76998E83409C3205AA1615DB44057DB991231D2CB42624574F545"),
+ SHEX("871666B230C5AD75B96D63BE22870621C68FD0899655BA7DC0E0E5299915AF252C226DD7217601D3A6880D55EE5A20B10820E21C74F730EEA9D47FE26DEBE006"));
+ test_hash(&nettle_sha3_512, /* 117 octets */
+ SHEX("DAB11DC0B047DB0420A585F56C42D93175562852428499F66A0DB811FCDDDAB2F7CDFFED1543E5FB72110B64686BC7B6887A538AD44C050F1E42631BC4EC8A9F2A047163D822A38989EE4AAB01B4C1F161B062D873B1CFA388FD301514F62224157B9BEF423C7783B7AAC8D30D65CD1BBA8D689C2D"),
+ SHEX("7E3EF62552B28A2B18A71CEEF2DD8659C8BDF291385AD02FED353775E01594F27CC28CC78663E17CB8B39FD4EA48D494AD0BD7AEE9277EC9B21E46523812736E"));
+ test_hash(&nettle_sha3_512, /* 118 octets */
+ SHEX("42E99A2F80AEE0E001279A2434F731E01D34A44B1A8101726921C0590C30F3120EB83059F325E894A5AC959DCA71CE2214799916424E859D27D789437B9D27240BF8C35ADBAFCECC322B48AA205B293962D858652ABACBD588BCF6CBC388D0993BD622F96ED54614C25B6A9AA527589EAAFFCF17DDF7"),
+ SHEX("0B87F6EBAA293FF79C873820846C0FCC943E3A83BD8111931FF03FF3B0BF785C961CA84CF3FD40E0D831DBAEA595498FC12DA88CC507DE720A35C01D73FC9595"));
+ test_hash(&nettle_sha3_512, /* 119 octets */
+ SHEX("3C9B46450C0F2CAE8E3823F8BDB4277F31B744CE2EB17054BDDC6DFF36AF7F49FB8A2320CC3BDF8E0A2EA29AD3A55DE1165D219ADEDDB5175253E2D1489E9B6FDD02E2C3D3A4B54D60E3A47334C37913C5695378A669E9B72DEC32AF5434F93F46176EBF044C4784467C700470D0C0B40C8A088C815816"),
+ SHEX("681BABBD2E351501C285812E06F20940FD865516CF028B4787D1FFCCD0D537705E8E9B73C608D5A8DC4F08EEE0902AC12936DDB8C7B29228C6AAF8D0B909C30D"));
+ test_hash(&nettle_sha3_512, /* 120 octets */
+ SHEX("D1E654B77CB155F5C77971A64DF9E5D34C26A3CAD6C7F6B300D39DEB1910094691ADAA095BE4BA5D86690A976428635D5526F3E946F7DC3BD4DBC78999E653441187A81F9ADCD5A3C5F254BC8256B0158F54673DCC1232F6E918EBFC6C51CE67EAEB042D9F57EEC4BFE910E169AF78B3DE48D137DF4F2840"),
+ SHEX("C46D2262F186421D07FD740F922306D99B1E3826F6A32486BE5A91DC298F177F50915E17EB4EA2E45494C501736CEFB0E22ACD989DA41AC7BB7BE56B04BFB5E1"));
+ test_hash(&nettle_sha3_512, /* 121 octets */
+ SHEX("626F68C18A69A6590159A9C46BE03D5965698F2DAC3DE779B878B3D9C421E0F21B955A16C715C1EC1E22CE3EB645B8B4F263F60660EA3028981EEBD6C8C3A367285B691C8EE56944A7CD1217997E1D9C21620B536BDBD5DE8925FF71DEC6FBC06624AB6B21E329813DE90D1E572DFB89A18120C3F606355D25"),
+ SHEX("0B3DBC770332823E686470D842104D3B3C1452F64F1BCC71C5F3FAD1C0D93F21EFBD48D73C7D4909227B06B06D54057A74E03C36D9C106EBA79411F1E6E1CFFE"));
+ test_hash(&nettle_sha3_512, /* 122 octets */
+ SHEX("651A6FB3C4B80C7C68C6011675E6094EB56ABF5FC3057324EBC6477825061F9F27E7A94633ABD1FA598A746E4A577CAF524C52EC1788471F92B8C37F23795CA19D559D446CAB16CBCDCE90B79FA1026CEE77BF4AB1B503C5B94C2256AD75B3EAC6FD5DCB96ACA4B03A834BFB4E9AF988CECBF2AE597CB9097940"),
+ SHEX("CA46276B0DC2EC4424BB7136EAE1AF207BD6E5CD833691C7D37B2CAEAF4F484B96A3476FC25FEB206AD37CF975383DD522CA0CC6200A3867FEE7F178D6953FEF"));
+ test_hash(&nettle_sha3_512, /* 123 octets */
+ SHEX("8AAF072FCE8A2D96BC10B3C91C809EE93072FB205CA7F10ABD82ECD82CF040B1BC49EA13D1857815C0E99781DE3ADBB5443CE1C897E55188CEAF221AA9681638DE05AE1B322938F46BCE51543B57ECDB4C266272259D1798DE13BE90E10EFEC2D07484D9B21A3870E2AA9E06C21AA2D0C9CF420080A80A91DEE16F"),
+ SHEX("815B44668BF3751A3392940FCA54C1E3E4EF5227B052332AFE6EB7A10AC8AD6438CE8A0277AA14BCC41590F6D6A10B6B1BABE6BB4F8D777EA576D634B0BE41C0"));
+ test_hash(&nettle_sha3_512, /* 124 octets */
+ SHEX("53F918FD00B1701BD504F8CDEA803ACCA21AC18C564AB90C2A17DA592C7D69688F6580575395551E8CD33E0FEF08CA6ED4588D4D140B3E44C032355DF1C531564D7F4835753344345A6781E11CD5E095B73DF5F82C8AE3AD00877936896671E947CC52E2B29DCD463D90A0C9929128DA222B5A211450BBC0E02448E2"),
+ SHEX("F47799A8547FC9C07D0F808029E7335607D72224BE286E118657BD13A2C51D0374426D9EEB7693BDE5EC6181574C1404DF29BF96941862BA1A0A9A5903319498"));
+ test_hash(&nettle_sha3_512, /* 125 octets */
+ SHEX("A64599B8A61B5CCEC9E67AED69447459C8DA3D1EC6C7C7C82A7428B9B584FA67E90F68E2C00FBBED4613666E5168DA4A16F395F7A3C3832B3B134BFC9CBAA95D2A0FE252F44AC6681EB6D40AB91C1D0282FED6701C57463D3C5F2BB8C6A7301FB4576AA3B5F15510DB8956FF77478C26A7C09BEA7B398CFC83503F538E"),
+ SHEX("8A0AE12A9E797FB7BD46CBB910076A32873BFFCB9AD98B4FC37316AED681EC49C65ABBB9586405FF96CC80DA4BB8FA73BE1BA9E737595B2307CF369D61BAF59C"));
+ test_hash(&nettle_sha3_512, /* 126 octets */
+ SHEX("0E3AB0E054739B00CDB6A87BD12CAE024B54CB5E550E6C425360C2E87E59401F5EC24EF0314855F0F56C47695D56A7FB1417693AF2A1ED5291F2FEE95F75EED54A1B1C2E81226FBFF6F63ADE584911C71967A8EB70933BC3F5D15BC91B5C2644D9516D3C3A8C154EE48E118BD1442C043C7A0DBA5AC5B1D5360AAE5B9065"),
+ SHEX("A3C6D58872BAFDEDFDD50C0309089240D6977D4D3D59FB3F2BE133C57D2DFCFCC7C027296F74FE58B2A9A6CB7E5D70088934D051CBA57001FE27965CFA071A6F"));
+ test_hash(&nettle_sha3_512, /* 127 octets */
+ SHEX("A62FC595B4096E6336E53FCDFC8D1CC175D71DAC9D750A6133D23199EAAC288207944CEA6B16D27631915B4619F743DA2E30A0C00BBDB1BBB35AB852EF3B9AEC6B0A8DCC6E9E1ABAA3AD62AC0A6C5DE765DE2C3711B769E3FDE44A74016FFF82AC46FA8F1797D3B2A726B696E3DEA5530439ACEE3A45C2A51BC32DD055650B"),
+ SHEX("11E0E521B55F02BEFC7207C06444FCC0C16DCF6F34962921B709A322F35E2193477B0DFA21F213F209705FF3958531A75D94346075FEB29A288B62E2315AE270"));
+ test_hash(&nettle_sha3_512, /* 128 octets */
+ SHEX("2B6DB7CED8665EBE9DEB080295218426BDAA7C6DA9ADD2088932CDFFBAA1C14129BCCDD70F369EFB149285858D2B1D155D14DE2FDB680A8B027284055182A0CAE275234CC9C92863C1B4AB66F304CF0621CD54565F5BFF461D3B461BD40DF28198E3732501B4860EADD503D26D6E69338F4E0456E9E9BAF3D827AE685FB1D817"),
+ SHEX("AEBBA57C8ED5AF6EC93F4AA45772FF5167B7EA88DFA71364F37D8FC5FDB7DC3B2C8331A08023F21D110B7D821E2DC7E860826235E7E6291912AC521384747354"));
+ test_hash(&nettle_sha3_512, /* 129 octets */
+ SHEX("10DB509B2CDCABA6C062AE33BE48116A29EB18E390E1BBADA5CA0A2718AFBCD23431440106594893043CC7F2625281BF7DE2655880966A23705F0C5155C2F5CCA9F2C2142E96D0A2E763B70686CD421B5DB812DACED0C6D65035FDE558E94F26B3E6DDE5BD13980CC80292B723013BD033284584BFF27657871B0CF07A849F4AE2"),
+ SHEX("2DF1E09540B53A17222DAB66275CEBECEB1F8A5DB26B0C41F955FA0549F3367E82299E0CD673958AF7DFA04D741AA63BA2C1AD351764DC9228D215F22C24CA58"));
+ test_hash(&nettle_sha3_512, /* 130 octets */
+ SHEX("9334DE60C997BDA6086101A6314F64E4458F5FF9450C509DF006E8C547983C651CA97879175AABA0C539E82D05C1E02C480975CBB30118121061B1EBAC4F8D9A3781E2DB6B18042E01ECF9017A64A0E57447EC7FCBE6A7F82585F7403EE2223D52D37B4BF426428613D6B4257980972A0ACAB508A7620C1CB28EB4E9D30FC41361EC"),
+ SHEX("8299CFCEA5F00C93A5EB8A84A13628A68B26796D53FB6A986C95B0B1C248920FB946D8AF98343D14EFC74A4611C53CCC27C5F14C7237AF28364346CA5CD70D1A"));
+ test_hash(&nettle_sha3_512, /* 131 octets */
+ SHEX("E88AB086891693AA535CEB20E64C7AB97C7DD3548F3786339897A5F0C39031549CA870166E477743CCFBE016B4428D89738E426F5FFE81626137F17AECFF61B72DBEE2DC20961880CFE281DFAB5EE38B1921881450E16032DE5E4D55AD8D4FCA609721B0692BAC79BE5A06E177FE8C80C0C83519FB3347DE9F43D5561CB8107B9B5EDC"),
+ SHEX("AF57BEA357FCBA0579C4204C0F8DFF181BC8A473014BAE78DF76069DE478B2F2A390327A65BDD24BE926551C78F70B0D5F1C8F4B970997D557F06336A315A749"));
+ test_hash(&nettle_sha3_512, /* 132 octets */
+ SHEX("FD19E01A83EB6EC810B94582CB8FBFA2FCB992B53684FB748D2264F020D3B960CB1D6B8C348C2B54A9FCEA72330C2AAA9A24ECDB00C436ABC702361A82BB8828B85369B8C72ECE0082FE06557163899C2A0EFA466C33C04343A839417057399A63A3929BE1EE4805D6CE3E5D0D0967FE9004696A5663F4CAC9179006A2CEB75542D75D68"),
+ SHEX("B299E421061EF26C32BB4F50EE669D05FEB2CCBA3297289C30E6434057B3EA7F617BBBF7A5555328FC291F794987577F458350DF99AF3A5778300BE0BD80164F"));
+ test_hash(&nettle_sha3_512, /* 133 octets */
+ SHEX("59AE20B6F7E0B3C7A989AFB28324A40FCA25D8651CF1F46AE383EF6D8441587AA1C04C3E3BF88E8131CE6145CFB8973D961E8432B202FA5AF3E09D625FAAD825BC19DA9B5C6C20D02ABDA2FCC58B5BD3FE507BF201263F30543819510C12BC23E2DDB4F711D087A86EDB1B355313363A2DE996B891025E147036087401CCF3CA7815BF3C49"),
+ SHEX("CBDFB0D0E720F87259DD0D0B4E9C5319E7F88AAEF7F7AB2FA1CA639AFA0160822F96B3C357A4894CE53CD713FAB23AD052E8565FA3B3A523CB9CE39A6BD535CC"));
+ test_hash(&nettle_sha3_512, /* 134 octets */
+ SHEX("77EE804B9F3295AB2362798B72B0A1B2D3291DCEB8139896355830F34B3B328561531F8079B79A6E9980705150866402FDC176C05897E359A6CB1A7AB067383EB497182A7E5AEF7038E4C96D133B2782917417E391535B5E1B51F47D8ED7E4D4025FE98DC87B9C1622614BFF3D1029E68E372DE719803857CA52067CDDAAD958951CB2068CC6"),
+ SHEX("059A181C83A22BFF0AA9BAA22D872BDF23CBE341032CF0BF57997A4A1924D24FBAE9DCA14B6D290692B6A6B6344CBE531734F58AD0224C6E39BD1E87F870AAD6"));
+ test_hash(&nettle_sha3_512, /* 135 octets */
+ SHEX("B771D5CEF5D1A41A93D15643D7181D2A2EF0A8E84D91812F20ED21F147BEF732BF3A60EF4067C3734B85BC8CD471780F10DC9E8291B58339A677B960218F71E793F2797AEA349406512829065D37BB55EA796FA4F56FD8896B49B2CD19B43215AD967C712B24E5032D065232E02C127409D2ED4146B9D75D763D52DB98D949D3B0FED6A8052FBB"),
+ SHEX("9EDEEB10EE1B7BB8F16A280D8CC3EDA5E909C554419DDC523B69ECEDF2ADF3B3C9BC66FEF365342471C458126F083A3B8E7C0C9D9D77E9F90196B71F9AADF492"));
+ test_hash(&nettle_sha3_512, /* 136 octets */
+ SHEX("B32D95B0B9AAD2A8816DE6D06D1F86008505BD8C14124F6E9A163B5A2ADE55F835D0EC3880EF50700D3B25E42CC0AF050CCD1BE5E555B23087E04D7BF9813622780C7313A1954F8740B6EE2D3F71F768DD417F520482BD3A08D4F222B4EE9DBD015447B33507DD50F3AB4247C5DE9A8ABD62A8DECEA01E3B87C8B927F5B08BEB37674C6F8E380C04"),
+ SHEX("A6054FFC3D81591BE964C4B004A3A21142365B59EE98B2873D488293F93A8D7154BF72100012C60D3C9418F6AF8EA66372CB4703F5F6381DE6D4B9B98CFF1E90"));
+ test_hash(&nettle_sha3_512, /* 137 octets */
+ SHEX("04410E31082A47584B406F051398A6ABE74E4DA59BB6F85E6B49E8A1F7F2CA00DFBA5462C2CD2BFDE8B64FB21D70C083F11318B56A52D03B81CAC5EEC29EB31BD0078B6156786DA3D6D8C33098C5C47BB67AC64DB14165AF65B44544D806DDE5F487D5373C7F9792C299E9686B7E5821E7C8E2458315B996B5677D926DAC57B3F22DA873C601016A0D"),
+ SHEX("B0E54A12FDBA0738898F1BBF0BA81F81DE77648D8D14C20BDD5D90F300D382E069F5DBA7EEC6B23168B008B9F39C2B93FD742A5902A5E02728F57712D6A61D4E"));
+ test_hash(&nettle_sha3_512, /* 138 octets */
+ SHEX("8B81E9BADDE026F14D95C019977024C9E13DB7A5CD21F9E9FC491D716164BBACDC7060D882615D411438AEA056C340CDF977788F6E17D118DE55026855F93270472D1FD18B9E7E812BAE107E0DFDE7063301B71F6CFE4E225CAB3B232905A56E994F08EE2891BA922D49C3DAFEB75F7C69750CB67D822C96176C46BD8A29F1701373FB09A1A6E3C7158F"),
+ SHEX("3CE96077EB17C6A9C95A9A477748876C6451098DBEA2B3261E6D75B64A988E1C75D7EAC73BC2402AFC726543E2A5BDB76689C0931FF762818DD2D3FE57A50FA9"));
+ test_hash(&nettle_sha3_512, /* 139 octets */
+ SHEX("FA6EED24DA6666A22208146B19A532C2EC9BA94F09F1DEF1E7FC13C399A48E41ACC2A589D099276296348F396253B57CB0E40291BD282773656B6E0D8BEA1CDA084A3738816A840485FCF3FB307F777FA5FEAC48695C2AF4769720258C77943FB4556C362D9CBA8BF103AEB9034BAA8EA8BFB9C4F8E6742CE0D52C49EA8E974F339612E830E9E7A9C29065"),
+ SHEX("C9ACD6D98A349512B952D151ED501562F04EA4BB4B8965812510B9B842531A2B41A0108AC129CF9C9517BE790921DF64AD1DFC0B93DDBA3415EEBAF0DA72F6A0"));
+ test_hash(&nettle_sha3_512, /* 140 octets */
+ SHEX("9BB4AF1B4F09C071CE3CAFA92E4EB73CE8A6F5D82A85733440368DEE4EB1CBC7B55AC150773B6FE47DBE036C45582ED67E23F4C74585DAB509DF1B83610564545642B2B1EC463E18048FC23477C6B2AA035594ECD33791AF6AF4CBC2A1166ABA8D628C57E707F0B0E8707CAF91CD44BDB915E0296E0190D56D33D8DDE10B5B60377838973C1D943C22ED335E"),
+ SHEX("26B4E5C4FA85CB33359450E7F7158FB6A0739984565E9D9EBE6AD65B118296E9C1098C11541C871EB1B89853F1FA73AD8702EBF4FC9BE4D0AB057E4391DF964E"));
+ test_hash(&nettle_sha3_512, /* 141 octets */
+ SHEX("2167F02118CC62043E9091A647CADBED95611A521FE0D64E8518F16C808AB297725598AE296880A773607A798F7C3CFCE80D251EBEC6885015F9ABF7EAABAE46798F82CB5926DE5C23F44A3F9F9534B3C6F405B5364C2F8A8BDC5CA49C749BED8CE4BA48897062AE8424CA6DDE5F55C0E42A95D1E292CA54FB46A84FBC9CD87F2D0C9E7448DE3043AE22FDD229"),
+ SHEX("913BBA5C0C13CC49D8310014CF5AF1B63BA3D5DB8A27699FCFC573688F0E826FB5A7B5D10D3A1DE693AA66E08C0915E7278F61B5FA30F1263B134F016F74841F"));
+ test_hash(&nettle_sha3_512, /* 142 octets */
+ SHEX("94B7FA0BC1C44E949B1D7617D31B4720CBE7CA57C6FA4F4094D4761567E389ECC64F6968E4064DF70DF836A47D0C713336B5028B35930D29EB7A7F9A5AF9AD5CF441745BAEC9BB014CEEFF5A41BA5C1CE085FEB980BAB9CF79F2158E03EF7E63E29C38D7816A84D4F71E0F548B7FC316085AE38A060FF9B8DEC36F91AD9EBC0A5B6C338CBB8F6659D342A24368CF"),
+ SHEX("E5D53E81866283179012D9239340B0CBFB8D7AEBCE0C824DC6653A652BB1B54E0883991BE2C3E39AD111A7B24E95DAF6F7D9A379D884D64F9C2AFD645E1DB5E2"));
+ test_hash(&nettle_sha3_512, /* 143 octets */
+ SHEX("EA40E83CB18B3A242C1ECC6CCD0B7853A439DAB2C569CFC6DC38A19F5C90ACBF76AEF9EA3742FF3B54EF7D36EB7CE4FF1C9AB3BC119CFF6BE93C03E208783335C0AB8137BE5B10CDC66FF3F89A1BDDC6A1EED74F504CBE7290690BB295A872B9E3FE2CEE9E6C67C41DB8EFD7D863CF10F840FE618E7936DA3DCA5CA6DF933F24F6954BA0801A1294CD8D7E66DFAFEC"),
+ SHEX("5DA83B7E221933CD67FA2AF8C9934DB74CE822212C99E0EE01F5220B4FE1E9B0388E42E328A1D174E6368F5773853042543A9B493A94B625980B73DF3F3FCCBB"));
+ test_hash(&nettle_sha3_512, /* 144 octets */
+ SHEX("157D5B7E4507F66D9A267476D33831E7BB768D4D04CC3438DA12F9010263EA5FCAFBDE2579DB2F6B58F911D593D5F79FB05FE3596E3FA80FF2F761D1B0E57080055C118C53E53CDB63055261D7C9B2B39BD90ACC32520CBBDBDA2C4FD8856DBCEE173132A2679198DAF83007A9B5C51511AE49766C792A29520388444EBEFE28256FB33D4260439CBA73A9479EE00C63"),
+ SHEX("72DE9184BEB5C6A37EA2C395734D0D5412991A57CFFCC13FF9B5FA0F2046EE87C61811FE8EF2470239D5066C220173DE5EBE41885ED8ACAE397FB395E6CA9AEE"));
+ test_hash(&nettle_sha3_512, /* 145 octets */
+ SHEX("836B34B515476F613FE447A4E0C3F3B8F20910AC89A3977055C960D2D5D2B72BD8ACC715A9035321B86703A411DDE0466D58A59769672AA60AD587B8481DE4BBA552A1645779789501EC53D540B904821F32B0BD1855B04E4848F9F8CFE9EBD8911BE95781A759D7AD9724A7102DBE576776B7C632BC39B9B5E19057E226552A5994C1DBB3B5C7871A11F5537011044C53"),
+ SHEX("B678FA7655584970DEDBBC73A16D7840935B104D06DCB468DDD9814D6CF443FA6F9245824DBFF3AB5FFFEF24B29CB2978796F37E7B49B1682D59F79E3C169E81"));
+ test_hash(&nettle_sha3_512, /* 146 octets */
+ SHEX("CC7784A4912A7AB5AD3620AAB29BA87077CD3CB83636ADC9F3DC94F51EDF521B2161EF108F21A0A298557981C0E53CE6CED45BDF782C1EF200D29BAB81DD6460586964EDAB7CEBDBBEC75FD7925060F7DA2B853B2B089588FA0F8C16EC6498B14C55DCEE335CB3A91D698E4D393AB8E8EAC0825F8ADEBEEE196DF41205C011674E53426CAA453F8DE1CBB57932B0B741D4C6"),
+ SHEX("66C64D5B0585DD8C40BECD456E4B0188061AE8059F03E79FE04C40925442BA93B052F52087B30BDBFD4816BBD148696D4FA6C61F216253D7AC178B39EC44C770"));
+ test_hash(&nettle_sha3_512, /* 147 octets */
+ SHEX("7639B461FFF270B2455AC1D1AFCE782944AEA5E9087EB4A39EB96BB5C3BAAF0E868C8526D3404F9405E79E77BFAC5FFB89BF1957B523E17D341D7323C302EA7083872DD5E8705694ACDDA36D5A1B895AAA16ECA6104C82688532C8BFE1790B5DC9F4EC5FE95BAED37E1D287BE710431F1E5E8EE105BC42ED37D74B1E55984BF1C09FE6A1FA13EF3B96FAEAED6A2A1950A12153"),
+ SHEX("A7BD506DB9C0509AD47413AF4B0E3948B47C18278F15F5B19FBB0B76E2C1C1F19DB9438528EB6D87B0B4A509567DB39F32641E2944365780914296CF3E48CECF"));
+ test_hash(&nettle_sha3_512, /* 148 octets */
+ SHEX("EB6513FC61B30CFBA58D4D7E80F94D14589090CF1D80B1DF2E68088DC6104959BA0D583D585E9578AB0AEC0CF36C48435EB52ED9AB4BBCE7A5ABE679C97AE2DBE35E8CC1D45B06DDA3CF418665C57CBEE4BBB47FA4CAF78F4EE656FEC237FE4EEBBAFA206E1EF2BD0EE4AE71BD0E9B2F54F91DAADF1FEBFD7032381D636B733DCB3BF76FB14E23AFF1F68ED3DBCF75C9B99C6F26"),
+ SHEX("2E681F9DDBD7C77EAB0D225E2AD1F72256BE239DF25933BCD6CEDD757269B35E2A5352B3298A4CDA0542FF7D3ADD2B0CF42F10FBE05A67C8763D54A78A43AEA7"));
+ test_hash(&nettle_sha3_512, /* 149 octets */
+ SHEX("1594D74BF5DDE444265D4C04DAD9721FF3E34CBF622DAF341FE16B96431F6C4DF1F760D34F296EB97D98D560AD5286FEC4DCE1724F20B54FD7DF51D4BF137ADD656C80546FB1BF516D62EE82BAA992910EF4CC18B70F3F8698276FCFB44E0EC546C2C39CFD8EE91034FF9303058B4252462F86C823EB15BF481E6B79CC3A02218595B3658E8B37382BD5048EAED5FD02C37944E73B"),
+ SHEX("FD9BE24763F682043243525E5E0780534A82AD5E83B65EB4ACAF5353313A4CC7C5EEA9DA141DE570232CB4126287E5C77657CA8D6A16B5BE53F470343E722FD6"));
+ test_hash(&nettle_sha3_512, /* 150 octets */
+ SHEX("4CFA1278903026F66FEDD41374558BE1B585D03C5C55DAC94361DF286D4BD39C7CB8037ED3B267B07C346626449D0CC5B0DD2CF221F7E4C3449A4BE99985D2D5E67BFF2923357DDEAB5ABCB4619F3A3A57B2CF928A022EB27676C6CF805689004FCA4D41EA6C2D0A4789C7605F7BB838DD883B3AD3E6027E775BCF262881428099C7FFF95B14C095EA130E0B9938A5E22FC52650F591"),
+ SHEX("14EA33BB33FDF0426E0DFB12DE1C613BA97141454C8971BCCE25C6D87A6C2403CCFAD1E8A6C15754C3CC5AC1718B7F7F1EC003C1B98D70968C5DBB95540B4A17"));
+ test_hash(&nettle_sha3_512, /* 151 octets */
+ SHEX("D3E65CB92CFA79662F6AF493D696A07CCF32AAADCCEFF06E73E8D9F6F909209E66715D6E978788C49EFB9087B170ECF3AA86D2D4D1A065AE0EFC8924F365D676B3CB9E2BEC918FD96D0B43DEE83727C9A93BF56CA2B2E59ADBA85696546A815067FC7A78039629D4948D157E7B0D826D1BF8E81237BAB7321312FDAA4D521744F988DB6FDF04549D0FDCA393D639C729AF716E9C8BBA48"),
+ SHEX("3B4B395514E0CAB04FC9F9D6C358006CE06C93831E8948FB9BD2A863F3FA064E78EB57C76DD2D058D09AB3D105C28C2DACAEBD4A473F1FA023053CC15366082F"));
+ test_hash(&nettle_sha3_512, /* 152 octets */
+ SHEX("842CC583504539622D7F71E7E31863A2B885C56A0BA62DB4C2A3F2FD12E79660DC7205CA29A0DC0A87DB4DC62EE47A41DB36B9DDB3293B9AC4BAAE7DF5C6E7201E17F717AB56E12CAD476BE49608AD2D50309E7D48D2D8DE4FA58AC3CFEAFEEE48C0A9EEC88498E3EFC51F54D300D828DDDCCB9D0B06DD021A29CF5CB5B2506915BEB8A11998B8B886E0F9B7A80E97D91A7D01270F9A7717"),
+ SHEX("2D7D28C4311E0424D71E7F9D267A2E048AA175455FCB724CF0B13DEBF448B59B0F28265B0F010F4E4F4065004904A7C2687A5A1B30AB593BC44F698DFF5DDE33"));
+ test_hash(&nettle_sha3_512, /* 153 octets */
+ SHEX("6C4B0A0719573E57248661E98FEBE326571F9A1CA813D3638531AE28B4860F23C3A3A8AC1C250034A660E2D71E16D3ACC4BF9CE215C6F15B1C0FC7E77D3D27157E66DA9CEEC9258F8F2BF9E02B4AC93793DD6E29E307EDE3695A0DF63CBDC0FC66FB770813EB149CA2A916911BEE4902C47C7802E69E405FE3C04CEB5522792A5503FA829F707272226621F7C488A7698C0D69AA561BE9F378"),
+ SHEX("CB665EC69ABD75743C8713034E9E41736F8C1CE2C77A8518E50388C411E6284D9AADCD4D3BD5A9EB74672325E41E8A67ACF380D1E8A61684F0E501F5663A031D"));
+ test_hash(&nettle_sha3_512, /* 154 octets */
+ SHEX("51B7DBB7CE2FFEB427A91CCFE5218FD40F9E0B7E24756D4C47CD55606008BDC27D16400933906FD9F30EFFDD4880022D081155342AF3FB6CD53672AB7FB5B3A3BCBE47BE1FD3A2278CAE8A5FD61C1433F7D350675DD21803746CADCA574130F01200024C6340AB0CC2CF74F2234669F34E9009EF2EB94823D62B31407F4BA46F1A1EEC41641E84D77727B59E746B8A671BEF936F05BE820759FA"),
+ SHEX("4515A104FC68094D244B234D9DC06A0243B71D419D29A95C46E3CBA6F51E121ABE049B34535DB3CCBF2AD68D83FC36331F615B3E33DEB39A3381DFBCB798FE4D"));
+ test_hash(&nettle_sha3_512, /* 155 octets */
+ SHEX("83599D93F5561E821BD01A472386BC2FF4EFBD4AED60D5821E84AAE74D8071029810F5E286F8F17651CD27DA07B1EB4382F754CD1C95268783AD09220F5502840370D494BEB17124220F6AFCE91EC8A0F55231F9652433E5CE3489B727716CF4AEBA7DCDA20CD29AA9A859201253F948DD94395ABA9E3852BD1D60DDA7AE5DC045B283DA006E1CBAD83CC13292A315DB5553305C628DD091146597"),
+ SHEX("CEE3E60A49F7CAED9387F3EA699524C4CCAFD37C1A7E60D2F0AB037720649F108CCE8769F70B0C5D049359EEB821022F17C4B5F646B750E3070558EC127057F1"));
+ test_hash(&nettle_sha3_512, /* 156 octets */
+ SHEX("2BE9BF526C9D5A75D565DD11EF63B979D068659C7F026C08BEA4AF161D85A462D80E45040E91F4165C074C43AC661380311A8CBED59CC8E4C4518E80CD2C78AB1CABF66BFF83EAB3A80148550307310950D034A6286C93A1ECE8929E6385C5E3BB6EA8A7C0FB6D6332E320E71CC4EB462A2A62E2BFE08F0CCAD93E61BEDB5DD0B786A728AB666F07E0576D189C92BF9FB20DCA49AC2D3956D47385E2"),
+ SHEX("E6ED6F060906D1A772F47E83907507F88A151DE401ED79ACB56BE57C2596792DC0BC5A9DC1045E37C6A31DA1C36200214E4F5698AA2754EEB2CAECFC03BEC39D"));
+ test_hash(&nettle_sha3_512, /* 157 octets */
+ SHEX("CA76D3A12595A817682617006848675547D3E8F50C2210F9AF906C0E7CE50B4460186FE70457A9E879E79FD4D1A688C70A347361C847BA0DD6AA52936EAF8E58A1BE2F5C1C704E20146D366AEB3853BED9DE9BEFE9569AC8AAEA37A9FB7139A1A1A7D5C748605A8DEFB297869EBEDD71D615A5DA23496D11E11ABBB126B206FA0A7797EE7DE117986012D0362DCEF775C2FE145ADA6BDA1CCB326BF644"),
+ SHEX("9ED4EEE87F56AE2741E8E4D65623E4D1FA3AA111F64A85F66E99093BAED990FE1D788D6A4BE1A72A6615281EB45E1B6FB60AFEFDD93987F794084BDA962FAC7F"));
+ test_hash(&nettle_sha3_512, /* 158 octets */
+ SHEX("F76B85DC67421025D64E93096D1D712B7BAF7FB001716F02D33B2160C2C882C310EF13A576B1C2D30EF8F78EF8D2F465007109AAD93F74CB9E7D7BEF7C9590E8AF3B267C89C15DB238138C45833C98CC4A471A7802723EF4C744A853CF80A0C2568DD4ED58A2C9644806F42104CEE53628E5BDF7B63B0B338E931E31B87C24B146C6D040605567CEEF5960DF9E022CB469D4C787F4CBA3C544A1AC91F95F"),
+ SHEX("23139BDD84E9F43A6CC615F0F036199328D39807BEC9E786D4251B83B30800F9DBE8EDC0B910FCD9D9F204C2DDD4D3B92BC26A0CFAABE764BFB90A1444733CD0"));
+ test_hash(&nettle_sha3_512, /* 159 octets */
+ SHEX("25B8C9C032EA6BCD733FFC8718FBB2A503A4EA8F71DEA1176189F694304F0FF68E862A8197B839957549EF243A5279FC2646BD4C009B6D1EDEBF24738197ABB4C992F6B1DC9BA891F570879ACCD5A6B18691A93C7D0A8D38F95B639C1DAEB48C4C2F15CCF5B9D508F8333C32DE78781B41850F261B855C4BEBCC125A380C54D501C5D3BD07E6B52102116088E53D76583B0161E2A58D0778F091206AABD5A1"),
+ SHEX("EC69397000AED63CB7E86B4FB0BFD3DCEE8A6F6A1CFE01A324DA13484B73599FCD37AD392662D4C41D90BACA66BE4D6E3424EFD35D7FF4CB07CBDFBEBDDB7B50"));
+ test_hash(&nettle_sha3_512, /* 160 octets */
+ SHEX("21CFDC2A7CCB7F331B3D2EEFFF37E48AD9FA9C788C3F3C200E0173D99963E1CBCA93623B264E920394AE48BB4C3A5BB96FFBC8F0E53F30E22956ADABC2765F57FB761E147ECBF8567533DB6E50C8A1F894310A94EDF806DD8CA6A0E141C0FA7C9FAE6C6AE65F18C93A8529E6E5B553BF55F25BE2E80A9882BD37F145FECBEB3D447A3C4E46C21524CC55CDD62F521AB92A8BA72B897996C49BB273198B7B1C9E"),
+ SHEX("2EA3EA00E6E9305CED0FC160E004265221306A2BE9613474126825AA3C3170AE07E5EA42F6B74F0B2C1BD2A6CD4D26EB1E04C67C9A4AFEFC1DD0CB57C2A9F4C7"));
+ test_hash(&nettle_sha3_512, /* 161 octets */
+ SHEX("4E452BA42127DCC956EF4F8F35DD68CB225FB73B5BC7E1EC5A898BBA2931563E74FAFF3B67314F241EC49F4A7061E3BD0213AE826BAB380F1F14FAAB8B0EFDDD5FD1BB49373853A08F30553D5A55CCBBB8153DE4704F29CA2BDEEF0419468E05DD51557CCC80C0A96190BBCC4D77ECFF21C66BDF486459D427F986410F883A80A5BCC32C20F0478BB9A97A126FC5F95451E40F292A4614930D054C851ACD019CCF"),
+ SHEX("6A7ADDB28F4F2C23CF0C264579FBA5F892E010689F837B84D006D91402FBFE9BA44B9126F8B5DE1EC6BBE194A3E3854235056A09901D18E8D6F1727DD430212A"));
+ test_hash(&nettle_sha3_512, /* 162 octets */
+ SHEX("FA85671DF7DADF99A6FFEE97A3AB9991671F5629195049880497487867A6C446B60087FAC9A0F2FCC8E3B24E97E42345B93B5F7D3691829D3F8CCD4BB36411B85FC2328EB0C51CB3151F70860AD3246CE0623A8DC8B3C49F958F8690F8E3860E71EB2B1479A5CEA0B3F8BEFD87ACAF5362435EAECCB52F38617BC6C5C2C6E269EAD1FBD69E941D4AD2012DA2C5B21BCFBF98E4A77AB2AF1F3FDA3233F046D38F1DC8"),
+ SHEX("2C0EE8A165BF88C44C8601C6372E522DA9ECF42544DCDC098698F50DF8E70EB7440CAB2953BB490CD2A5E0887BEEAE3482192DA95E5098D3B318F16FC08D1E1E"));
+ test_hash(&nettle_sha3_512, /* 163 octets */
+ SHEX("E90847AE6797FBC0B6B36D6E588C0A743D725788CA50B6D792352EA8294F5BA654A15366B8E1B288D84F5178240827975A763BC45C7B0430E8A559DF4488505E009C63DA994F1403F407958203CEBB6E37D89C94A5EACF6039A327F6C4DBBC7A2A307D976AA39E41AF6537243FC218DFA6AB4DD817B6A397DF5CA69107A9198799ED248641B63B42CB4C29BFDD7975AC96EDFC274AC562D0474C60347A078CE4C25E88"),
+ SHEX("DDD4FF117231ECA0445EADA7C7F1D84686520DAA70E160C87DBBB3FB32BB9E2F4CC53DB5413D4E88DE18A0118570318BD6D0E5264D779339AC6F4F4A95546A53"));
+ test_hash(&nettle_sha3_512, /* 164 octets */
+ SHEX("F6D5C2B6C93954FC627602C00C4CA9A7D3ED12B27173F0B2C9B0E4A5939398A665E67E69D0B12FB7E4CEB253E8083D1CEB724AC07F009F094E42F2D6F2129489E846EAFF0700A8D4453EF453A3EDDC18F408C77A83275617FABC4EA3A2833AA73406C0E966276079D38E8E38539A70E194CC5513AAA457C699383FD1900B1E72BDFB835D1FD321B37BA80549B078A49EA08152869A918CA57F5B54ED71E4FD3AC5C06729"),
+ SHEX("A9744EFA42887DF292FC09DFEB885F1E801855DED09DC2F97CBFCBD019751878619DA1BC9573201C7CC050E2AA1D453E951366D81C188D329B3CB861C1D78F92"));
+ test_hash(&nettle_sha3_512, /* 165 octets */
+ SHEX("CF8562B1BED89892D67DDAAF3DEEB28246456E972326DBCDB5CF3FB289ACA01E68DA5D59896E3A6165358B071B304D6AB3D018944BE5049D5E0E2BB819ACF67A6006111089E6767132D72DD85BEDDCBB2D64496DB0CC92955AB4C6234F1EEA24F2D51483F2E209E4589BF9519FAC51B4D061E801125E605F8093BB6997BC163D551596FE4AB7CFAE8FB9A90F6980480CE0C229FD1675409BD788354DAF316240CFE0AF93EB"),
+ SHEX("89CAE46246EFEDAD1147EB1868C23A6BE54F6BAC75F0C98A9AEFC6BF3CCB89AE012F2E88A9C838B55E57B232CB3C80BC3C2E9FB3FC9768C6226E93284E208BF2"));
+ test_hash(&nettle_sha3_512, /* 166 octets */
+ SHEX("2ACE31ABB0A2E3267944D2F75E1559985DB7354C6E605F18DC8470423FCA30B7331D9B33C4A4326783D1CAAE1B4F07060EFF978E4746BF0C7E30CD61040BD5EC2746B29863EB7F103EBDA614C4291A805B6A4C8214230564A0557BC7102E0BD3ED23719252F7435D64D210EE2AAFC585BE903FA41E1968C50FD5D5367926DF7A05E3A42CF07E656FF92DE73B036CF8B19898C0CB34557C0C12C2D8B84E91181AF467BC75A9D1"),
+ SHEX("E80A63FAF248AE762D13887AFE8E1954F97327EDD9641CE563F4148F9796669827B3A12B06EBD710D4171B86E21BC13360A541845354E0F4934E6FBBD7ACBF2D"));
+ test_hash(&nettle_sha3_512, /* 167 octets */
+ SHEX("0D8D09AED19F1013969CE5E7EB92F83A209AE76BE31C754844EA9116CEB39A22EBB6003017BBCF26555FA6624185187DB8F0CB3564B8B1C06BF685D47F3286EDA20B83358F599D2044BBF0583FAB8D78F854FE0A596183230C5EF8E54426750EAF2CC4E29D3BDD037E734D863C2BD9789B4C243096138F7672C232314EFFDFC6513427E2DA76916B5248933BE312EB5DDE4CF70804FB258AC5FB82D58D08177AC6F4756017FFF5"),
+ SHEX("09C10C4818A6821C170D6780D006F7E853E30FE2D9A4E96545673704EC0A1A3E356375715994E1AC1D8CB0E56DBDB2F77DC558ED228FB56EE62217E63455FD0B"));
+ test_hash(&nettle_sha3_512, /* 168 octets */
+ SHEX("C3236B73DEB7662BF3F3DAA58F137B358BA610560EF7455785A9BEFDB035A066E90704F929BD9689CEF0CE3BDA5ACF4480BCEB8D09D10B098AD8500D9B6071DFC3A14AF6C77511D81E3AA8844986C3BEA6F469F9E02194C92868CD5F51646256798FF0424954C1434BDFED9FACB390B07D342E992936E0F88BFD0E884A0DDB679D0547CCDEC6384285A45429D115AC7D235A717242021D1DC35641F5F0A48E8445DBA58E6CB2C8EA"),
+ SHEX("D1CAB5979EB7F53C97DCA5D725D8B33008906D7759FD3EBB8401EE2FFF01DB895495A0A062D47F251BC3FC13988607C6798969D213C941EFC152E7DB1DA68E72"));
+ test_hash(&nettle_sha3_512, /* 169 octets */
+ SHEX("B39FEB8283EADC63E8184B51DF5AE3FD41AAC8A963BB0BE1CD08AA5867D8D910C669221E73243360646F6553D1CA05A84E8DC0DE05B6419EC349CA994480193D01C92525F3FB3DCEFB08AFC6D26947BDBBFD85193F53B50609C6140905C53A6686B58E53A319A57B962331EDE98149AF3DE3118A819DA4D76706A0424B4E1D2910B0ED26AF61D150EBCB46595D4266A0BD7F651BA47D0C7F179CA28545007D92E8419D48FDFBD744CE"),
+ SHEX("96AD163869AE2FFDB89B96F4DC700ECE27D1F4DAAFBC5FB81A8E9513C6EA5E2B6A8BCCF4E49A294AF326F872740661629AB780581155810E492424C24F8D1DD3"));
+ test_hash(&nettle_sha3_512, /* 170 octets */
+ SHEX("A983D54F503803E8C7999F4EDBBE82E9084F422143A932DDDDC47A17B0B7564A7F37A99D0786E99476428D29E29D3C197A72BFAB1342C12A0FC4787FD7017D7A6174049EA43B5779169EF7472BDBBD941DCB82FC73AAC45A8A94C9F2BD3477F61FD3B796F02A1B8264A214C6FEA74B7051B226C722099EC7883A462B83B6AFDD4009248B8A237F605FE5A08FE7D8B45321421EBBA67BD70A0B00DDBF94BAAB7F359D5D1EEA105F28DCFB"),
+ SHEX("FD2E7A6E11E5D00278099EAF403054D617ACAC5BD3D0A4908191782C89F9217A3F0118BC2B284FDBCE803F66B78DD795EB18DC16BA85E19CB6393DC56C06ECCA"));
+ test_hash(&nettle_sha3_512, /* 171 octets */
+ SHEX("E4D1C1897A0A866CE564635B74222F9696BF2C7F640DD78D7E2ACA66E1B61C642BB03EA7536AAE597811E9BF4A7B453EDE31F97B46A5F0EF51A071A2B3918DF16B152519AE3776F9F1EDAB4C2A377C3292E96408359D3613844D5EB393000283D5AD3401A318B12FD1474B8612F2BB50FB6A8B9E023A54D7DDE28C43D6D8854C8D9D1155935C199811DBFC87E9E0072E90EB88681CC7529714F8FB8A2C9D88567ADFB974EE205A9BF7B848"),
+ SHEX("AE53776D969A9B285641998A9F2C70CA71856C956A3C430A32A1E03A8E08D544F16511A27CFA59F6B8275A2357F8EFA6544B1CD0C00A9460F47954A146429E49"));
+ test_hash(&nettle_sha3_512, /* 172 octets */
+ SHEX("B10C59723E3DCADD6D75DF87D0A1580E73133A9B7D00CB95EC19F5547027323BE75158B11F80B6E142C6A78531886D9047B08E551E75E6261E79785366D7024BD7CD9CF322D9BE7D57FB661069F2481C7BB759CD71B4B36CA2BC2DF6D3A328FAEBDB995A9794A8D72155ED551A1F87C80BF6059B43FC764900B18A1C2441F7487743CF84E565F61F8DD2ECE6B6CCC9444049197AAAF53E926FBEE3BFCA8BE588EC77F29D211BE89DE18B15F6"),
+ SHEX("D4748C8E17F4117BF2BF71557ABB559247552126C36192C5DF5C6C3E307D879B703C3FCD7099DDAB243E2F1D5AE5066990A7B38D3F2CD7FB115AA6D135E7261D"));
+ test_hash(&nettle_sha3_512, /* 173 octets */
+ SHEX("DB11F609BABA7B0CA634926B1DD539C8CBADA24967D7ADD4D9876F77C2D80C0F4DCEFBD7121548373582705CCA2495BD2A43716FE64ED26D059CFB566B3364BD49EE0717BDD9810DD14D8FAD80DBBDC4CAFB37CC60FB0FE2A80FB4541B8CA9D59DCE457738A9D3D8F641AF8C3FD6DA162DC16FC01AAC527A4A0255B4D231C0BE50F44F0DB0B713AF03D968FE7F0F61ED0824C55C4B5265548FEBD6AAD5C5EEDF63EFE793489C39B8FD29D104CE"),
+ SHEX("D8FF0481A63890F0E5A536EBBA2F253FA2CFA19C0F353587AF4BDC3190E4F8F54D17D665E8B2011121D444BFADFFF3E192D97FA03B849D63F36DB20F4CF88A74"));
+ test_hash(&nettle_sha3_512, /* 174 octets */
+ SHEX("BEBD4F1A84FC8B15E4452A54BD02D69E304B7F32616AADD90537937106AE4E28DE9D8AAB02D19BC3E2FDE1D651559E296453E4DBA94370A14DBBB2D1D4E2022302EE90E208321EFCD8528AD89E46DC839EA9DF618EA8394A6BFF308E7726BAE0C19BCD4BE52DA6258E2EF4E96AA21244429F49EF5CB486D7FF35CAC1BACB7E95711944BCCB2AB34700D42D1EB38B5D536B947348A458EDE3DC6BD6EC547B1B0CAE5B257BE36A7124E1060C170FFA"),
+ SHEX("52D771B5016C6B1B93D3BF6A13F718A7B4741D528798609308B54CEA6037862D923751FDDCE10580A7D6431BF208DF17C1B825F7C7401CCBD6D806B744241ACF"));
+ test_hash(&nettle_sha3_512, /* 175 octets */
+ SHEX("5ACA56A03A13784BDC3289D9364F79E2A85C12276B49B92DB0ADAA4F206D5028F213F678C3510E111F9DC4C1C1F8B6ACB17A6413AA227607C515C62A733817BA5E762CC6748E7E0D6872C984D723C9BB3B117EB8963185300A80BFA65CDE495D70A46C44858605FCCBED086C2B45CEF963D33294DBE9706B13AF22F1B7C4CD5A001CFEC251FBA18E722C6E1C4B1166918B4F6F48A98B64B3C07FC86A6B17A6D0480AB79D4E6415B520F1C484D675B1"),
+ SHEX("36D472A8AE13D1E70E1FD275117FFE34063BEFCCF6706FAB0816E1B81F7FE7F2DDB2A122F1F52C9950644659430F81BCEDAD5D833DF4814CF60AE6C542CC4478"));
+ test_hash(&nettle_sha3_512, /* 176 octets */
+ SHEX("A5AAD0E4646A32C85CFCAC73F02FC5300F1982FABB2F2179E28303E447854094CDFC854310E5C0F60993CEFF54D84D6B46323D930ADB07C17599B35B505F09E784BCA5985E0172257797FB53649E2E9723EFD16865C31B5C3D5113B58BB0BFC8920FABDDA086D7537E66D709D050BD14D0C960873F156FAD5B3D3840CDFCDC9BE6AF519DB262A27F40896AB25CC39F96984D650611C0D5A3080D5B3A1BF186ABD42956588B3B58CD948970D298776060"),
+ SHEX("E504AD7F33D65B8D3487B28805D478778C901C0AFF5F889AE95E2919B4F431A80116A8993469E822895F3C21A41D67AFDA93A5B29B6250F76335A76FE8919274"));
+ test_hash(&nettle_sha3_512, /* 177 octets */
+ SHEX("06CBBE67E94A978203EAD6C057A1A5B098478B4B4CBEF5A97E93C8E42F5572713575FC2A884531D7622F8F879387A859A80F10EF02708CD8F7413AB385AFC357678B9578C0EBF641EF076A1A30F1F75379E9DCB2A885BDD295905EE80C0168A62A9597D10CF12DD2D8CEE46645C7E5A141F6E0E23AA482ABE5661C16E69EF1E28371E2E236C359BA4E92C25626A7B7FF13F6EA4AE906E1CFE163E91719B1F750A96CBDE5FBC953D9E576CD216AFC90323A"),
+ SHEX("1DCA53BE0A34114447D1C1443B92B69DFDED705956EAE60BBAB39178CCB11F526A302AAE83720652EF4C5DD450A3647DF7B77C4664717D935B4F5B20F206FEFE"));
+ test_hash(&nettle_sha3_512, /* 178 octets */
+ SHEX("F1C528CF7739874707D4D8AD5B98F7C77169DE0B57188DF233B2DC8A5B31EDA5DB4291DD9F68E6BAD37B8D7F6C9C0044B3BF74BBC3D7D1798E138709B0D75E7C593D3CCCDC1B20C7174B4E692ADD820ACE262D45CCFAE2077E878796347168060A162ECCA8C38C1A88350BD63BB539134F700FD4ADDD5959E255337DAA06BC86358FABCBEFDFB5BC889783D843C08AADC6C4F6C36F65F156E851C9A0F917E4A367B5AD93D874812A1DE6A7B93CD53AD97232"),
+ SHEX("CB1B03B180E04021E0099050EB6B7EB9092C5BD5C445E9D31EE39C724F038E9F619A96D3A2812CA7F208FEB2D074C3F817262F7504705623E635B9F273E37A59"));
+ test_hash(&nettle_sha3_512, /* 179 octets */
+ SHEX("9D9F3A7ECD51B41F6572FD0D0881E30390DFB780991DAE7DB3B47619134718E6F987810E542619DFAA7B505C76B7350C6432D8BF1CFEBDF1069B90A35F0D04CBDF130B0DFC7875F4A4E62CDB8E525AADD7CE842520A482AC18F09442D78305FE85A74E39E760A4837482ED2F437DD13B2EC1042AFCF9DECDC3E877E50FF4106AD10A525230D11920324A81094DA31DEAB6476AA42F20C84843CFC1C58545EE80352BDD3740DD6A16792AE2D86F11641BB717C2"),
+ SHEX("F0482F098B93624BCDE1AAB58097198649A8DC84421826D1C1011AD41B948384C8ED5A97C64C134B38A0075812A35F9CE3CB200972C2ECDFC408714139B9BFF0"));
+ test_hash(&nettle_sha3_512, /* 180 octets */
+ SHEX("5179888724819FBAD3AFA927D3577796660E6A81C52D98E9303261D5A4A83232F6F758934D50AA83FF9E20A5926DFEBAAC49529D006EB923C5AE5048ED544EC471ED7191EDF46363383824F915769B3E688094C682B02151E5EE01E510B431C8865AFF8B6B6F2F59CB6D129DA79E97C6D2B8FA6C6DA3F603199D2D1BCAB547682A81CD6CF65F6551121391D78BCC23B5BD0E922EC6D8BF97C952E84DD28AEF909ABA31EDB903B28FBFC33B7703CD996215A11238"),
+ SHEX("A3188426CEA0C18CB638BCC45C4337C40BE41F6E03CD2D7C4FEE26025C5CA281CFBB3AD1554D45EDC2EB03E2EBE3DE02F57D36D5B6A88A3C61A6AAEDE62180D0"));
+ test_hash(&nettle_sha3_512, /* 181 octets */
+ SHEX("576EF3520D30B7A4899B8C0D5E359E45C5189ADD100E43BE429A02FB3DE5FF4F8FD0E79D9663ACCA72CD29C94582B19292A557C5B1315297D168FBB54E9E2ECD13809C2B5FCE998EDC6570545E1499DBE7FB74D47CD7F35823B212B05BF3F5A79CAA34224FDD670D335FCB106F5D92C3946F44D3AFCBAE2E41AC554D8E6759F332B76BE89A0324AA12C5482D1EA3EE89DED4936F3E3C080436F539FA137E74C6D3389BDF5A45074C47BC7B20B0948407A66D855E2F"),
+ SHEX("0B14693E6320668D64EBB3BF6EEB81AAFCDB7320ECDE80A245786D1B0A808A15C717DC8E8813BF64BF4AA57C29C33E913D6CE1879E52E1919FB83E4A208EDAA4"));
+ test_hash(&nettle_sha3_512, /* 182 octets */
+ SHEX("0DF2152FA4F4357C8741529DD77E783925D3D76E95BAFA2B542A2C33F3D1D117D159CF473F82310356FEE4C90A9E505E70F8F24859656368BA09381FA245EB6C3D763F3093F0C89B972E66B53D59406D9F01AEA07F8B3B615CAC4EE4D05F542E7D0DAB45D67CCCCD3A606CCBEB31EA1FA7005BA07176E60DAB7D78F6810EF086F42F08E595F0EC217372B98970CC6321576D92CE38F7C397A403BADA1548D205C343AC09DECA86325373C3B76D9F32028FEA8EB32515"),
+ SHEX("A9ABC3F554C1E717935D28C28E7C26AA9DC5BD6D7B02ED7DC6AFE21A0EA027A8801AE076F2872D08635EE81420711862EDC4E448C85513289438B3C8BE456B5B"));
+ test_hash(&nettle_sha3_512, /* 183 octets */
+ SHEX("3E15350D87D6EBB5C8AD99D42515CFE17980933C7A8F6B8BBBF0A63728CEFAAD2052623C0BD5931839112A48633FB3C2004E0749C87A41B26A8B48945539D1FF41A4B269462FD199BFECD45374756F55A9116E92093AC99451AEFB2AF9FD32D6D7F5FBC7F7A540D5097C096EBC3B3A721541DE073A1CC02F7FB0FB1B9327FB0B1218CA49C9487AB5396622A13AE546C97ABDEF6B56380DDA7012A8384091B6656D0AB272D363CEA78163FF765CDD13AB1738B940D16CAE"),
+ SHEX("04DD83D20F58E854D857F24720C50A4B5F83DBC8CABD460D379417CD4813772AA85591B90462F34DB3FAA4DCAE335FB1252BF41162E24975A0DBD308C41A4A6B"));
+ test_hash(&nettle_sha3_512, /* 184 octets */
+ SHEX("C38D6B0B757CB552BE40940ECE0009EF3B0B59307C1451686F1A22702922800D58BCE7A636C1727EE547C01B214779E898FC0E560F8AE7F61BEF4D75EAA696B921FD6B735D171535E9EDD267C192B99880C87997711002009095D8A7A437E258104A41A505E5EF71E5613DDD2008195F0C574E6BA3FE40099CFA116E5F1A2FA8A6DA04BADCB4E2D5D0DE31FDC4800891C45781A0AAC7C907B56D631FCA5CE8B2CDE620D11D1777ED9FA603541DE794DDC5758FCD5FAD78C0"),
+ SHEX("CE76B25C928CB75C09C0674E8FCD22089654182CD3D84B85CC44B186A8B1A7CC1BB66F389DA6D744A24A7B02BF5C85542D1BA8EF0DB4A86D2FC394471B396519"));
+ test_hash(&nettle_sha3_512, /* 185 octets */
+ SHEX("8D2DE3F0B37A6385C90739805B170057F091CD0C7A0BC951540F26A5A75B3E694631BB64C7635EED316F51318E9D8DE13C70A2ABA04A14836855F35E480528B776D0A1E8A23B547C8B8D6A0D09B241D3BE9377160CCA4E6793D00A515DC2992CB7FC741DACA171431DA99CCE6F7789F129E2AC5CF65B40D703035CD2185BB936C82002DAF8CBC27A7A9E554B06196630446A6F0A14BA155ED26D95BD627B7205C072D02B60DB0FD7E49EA058C2E0BA202DAFF0DE91E845CF79"),
+ SHEX("02D1671981C2E85D0455EE85F41B8E9C32B1C80221DD432B8BCB5FCEFE0996F32FE9FC3EEB3F1F557AE1632750B92D05239AF857C42D59A3DAEB9629E1158BEC"));
+ test_hash(&nettle_sha3_512, /* 186 octets */
+ SHEX("C464BBDAD275C50DCD983B65AD1019B9FF85A1E71C807F3204BB2C921DC31FBCD8C5FC45868AE9EF85B6C9B83BBA2A5A822201ED68586EC5EC27FB2857A5D1A2D09D09115F22DCC39FE61F5E1BA0FF6E8B4ACB4C6DA748BE7F3F0839739394FF7FA8E39F7F7E84A33C3866875C01BCB1263C9405D91908E9E0B50E7459FABB63D8C6BBB73D8E3483C099B55BC30FF092FF68B6ADEDFD477D63570C9F5515847F36E24BA0B705557130CEC57EBAD1D0B31A378E91894EE26E3A04"),
+ SHEX("6B8BC6211FE5001E07B7D20E0C49D314211E3893A39DA241B8839BB3A494F9A2FD8561009D22CCA1330A69362B386E715F1DBE6291DBEECFADF196DA47E53198"));
+ test_hash(&nettle_sha3_512, /* 187 octets */
+ SHEX("8B8D68BB8A75732FE272815A68A1C9C5AA31B41DEDC8493E76525D1D013D33CEBD9E21A5BB95DB2616976A8C07FCF411F5F6BC6F7E0B57ACA78CC2790A6F9B898858AC9C79B165FF24E66677531E39F572BE5D81EB3264524181115F32780257BFB9AEEC6AF12AF28E587CAC068A1A2953B59AD680F4C245B2E3EC36F59940D37E1D3DB38E13EDB29B5C0F404F6FF87F80FC8BE7A225FF22FBB9C8B6B1D7330C57840D24BC75B06B80D30DAD6806544D510AF6C4785E823AC3E0B8"),
+ SHEX("D00E919DAFFF3D5E51AD3A3046F5E59D64B69CBCDA223CB28BC370201D2C722BAE74DFE0086B0EB47BDCB62FABEE870C3340D46E55D8CFEDF2DD3CED8A8DB3F2"));
+ test_hash(&nettle_sha3_512, /* 188 octets */
+ SHEX("6B018710446F368E7421F1BC0CCF562D9C1843846BC8D98D1C9BF7D9D6FCB48BFC3BF83B36D44C4FA93430AF75CD190BDE36A7F92F867F58A803900DF8018150384D85D82132F123006AC2AEBA58E02A037FE6AFBD65ECA7C44977DD3DC74F48B6E7A1BFD5CC4DCF24E4D52E92BD4455848E4928B0EAC8B7476FE3CC03E862AA4DFF4470DBFED6DE48E410F25096487ECFC32A27277F3F5023B2725ADE461B1355889554A8836C9CF53BD767F5737D55184EEA1AB3F53EDD0976C485"),
+ SHEX("CF63F28F107A509A416F9A92C4E4DB4DBF00FB52C2E16D8BB9694E09F9142A904C34E1E960BD97B8CFB2C53E7660C79B841D1565CDAB83293234026A23A56D12"));
+ test_hash(&nettle_sha3_512, /* 189 octets */
+ SHEX("C9534A24714BD4BE37C88A3DA1082EDA7CABD154C309D7BD670DCCD95AA535594463058A29F79031D6ECAA9F675D1211E9359BE82669A79C855EA8D89DD38C2C761DDD0EC0CE9E97597432E9A1BEAE062CDD71EDFDFD464119BE9E69D18A7A7FD7CE0E2106F0C8B0ABF4715E2CA48EF9F454DC203C96656653B727083513F8EFB86E49C513BB758B3B052FE21F1C05BB33C37129D6CC81F1AEF6ADC45B0E8827A830FE545CF57D0955802C117D23CCB55EA28F95C0D8C2F9C5A242B33F"),
+ SHEX("F21B8D45B6A857CE663C074C18CC54D914CDD5EB0D968E6153A5F70069345D205DDF4370EC473FC80B05F937D014C0A464582CB4A73B1B72041C5C99F576A41E"));
+ test_hash(&nettle_sha3_512, /* 190 octets */
+ SHEX("07906C87297B867ABF4576E9F3CC7F82F22B154AFCBF293B9319F1B0584DA6A40C27B32E0B1B7F412C4F1B82480E70A9235B12EC27090A5A33175A2BB28D8ADC475CEFE33F7803F8CE27967217381F02E67A3B4F84A71F1C5228E0C2AD971373F6F672624FCEA8D1A9F85170FAD30FA0BBD25035C3B41A6175D467998BD1215F6F3866F53847F9CF68EF3E2FBB54BC994DE2302B829C5EEA68EC441FCBAFD7D16AE4FE9FFF98BF00E5BC2AD54DD91FF9FDA4DD77B6C754A91955D1FBAAD0"),
+ SHEX("92287F42AB1A2123669C4D35F18257D3A536445F0E4D2C801E99F8529CD9E2A79205982C280C7A6CDDDEF24CE960EC6CA9A35F590AEEBC40448C389E915FC4E0"));
+ test_hash(&nettle_sha3_512, /* 191 octets */
+ SHEX("588E94B9054ABC2189DF69B8BA34341B77CDD528E7860E5DEFCAA79B0C9A452AD4B82AA306BE84536EB7CEDCBE058D7B84A6AEF826B028B8A0271B69AC3605A9635EA9F5EA0AA700F3EB7835BC54611B922964300C953EFE7491E3677C2CEBE0822E956CD16433B02C68C4A23252C3F9E151A416B4963257B783E038F6B4D5C9F110F871652C7A649A7BCEDCBCCC6F2D0725BB903CC196BA76C76AA9F10A190B1D1168993BAA9FFC96A1655216773458BEC72B0E39C9F2C121378FEAB4E76A"),
+ SHEX("74A9D8F9F72908C7502D1C41212CD86CF4344721A6F02D390346F2BAEC6E6137421E6516C3235443BC2337B3A77630712A12F11B7BA24B2D7085499BA74BCB90"));
+ test_hash(&nettle_sha3_512, /* 192 octets */
+ SHEX("08959A7E4BAAE874928813364071194E2939772F20DB7C3157078987C557C2A6D5ABE68D520EEF3DC491692E1E21BCD880ADEBF63BB4213B50897FA005256ED41B5690F78F52855C8D9168A4B666FCE2DA2B456D7A7E7C17AB5F2FB1EE90B79E698712E963715983FD07641AE4B4E9DC73203FAC1AE11FA1F8C7941FCC82EAB247ADDB56E2638447E9D609E610B60CE086656AAEBF1DA3C8A231D7D94E2FD0AFE46B391FF14A72EAEB3F44AD4DF85866DEF43D4781A0B3578BC996C87970B132"),
+ SHEX("7432861132E6894BB6AE5115398198317E12CC73C0C5DFC61CB189FF5AA9FB0D62224CBB1BFA8B105784405718E6F8E15E041DAD80D11AE507B33C15C6CAC824"));
+ test_hash(&nettle_sha3_512, /* 193 octets */
+ SHEX("CB2A234F45E2ECD5863895A451D389A369AAB99CFEF0D5C9FFCA1E6E63F763B5C14FB9B478313C8E8C0EFEB3AC9500CF5FD93791B789E67EAC12FD038E2547CC8E0FC9DB591F33A1E4907C64A922DDA23EC9827310B306098554A4A78F050262DB5B545B159E1FF1DCA6EB734B872343B842C57EAFCFDA8405EEDBB48EF32E99696D135979235C3A05364E371C2D76F1902F1D83146DF9495C0A6C57D7BF9EE77E80F9787AEE27BE1FE126CDC9EF893A4A7DCBBC367E40FE4E1EE90B42EA25AF01"),
+ SHEX("6AF4FF4C423051E3306ACE812E5CFA85532B73DEEF0DFE601D2630632389D0FAB2A109214D32508D2391775665B87A94D1DF29DB1214CB48DEC10DBD3D8CF591"));
+ test_hash(&nettle_sha3_512, /* 194 octets */
+ SHEX("D16BEADF02AB1D4DC6F88B8C4554C51E866DF830B89C06E786A5F8757E8909310AF51C840EFE8D20B35331F4355D80F73295974653DDD620CDDE4730FB6C8D0D2DCB2B45D92D4FBDB567C0A3E86BD1A8A795AF26FBF29FC6C65941CDDB090FF7CD230AC5268AB4606FCCBA9EDED0A2B5D014EE0C34F0B2881AC036E24E151BE89EEB6CD9A7A790AFCCFF234D7CB11B99EBF58CD0C589F20BDAC4F9F0E28F75E3E04E5B3DEBCE607A496D848D67FA7B49132C71B878FD5557E082A18ECA1FBDA94D4B"),
+ SHEX("4648D263B608CF28CA65B28A361EBB00E0784C65AB1D55C46A785737B6C8D83DD52E3367D898921EA36DADA42D893800D0BFCF86554CDF5E7630D60A2E8EE29F"));
+ test_hash(&nettle_sha3_512, /* 195 octets */
+ SHEX("8F65F6BC59A85705016E2BAE7FE57980DE3127E5AB275F573D334F73F8603106EC3553016608EF2DD6E69B24BE0B7113BF6A760BA6E9CE1C48F9E186012CF96A1D4849D75DF5BB8315387FD78E9E153E76F8BA7EC6C8849810F59FB4BB9B004318210B37F1299526866F44059E017E22E96CBE418699D014C6EA01C9F0038B10299884DBEC3199BB05ADC94E955A1533219C1115FED0E5F21228B071F40DD57C4240D98D37B73E412FE0FA4703120D7C0C67972ED233E5DEB300A22605472FA3A3BA86"),
+ SHEX("DBD3732440010595AB26F84EFEB07732227A7B7B52D6FF339C7FF1B6442249202AE33A0AEF5167F5B0474D74A5B50CDB033D6C5C72894A3686FE6ECB36E357F3"));
+ test_hash(&nettle_sha3_512, /* 196 octets */
+ SHEX("84891E52E0D451813210C3FD635B39A03A6B7A7317B221A7ABC270DFA946C42669AACBBBDF801E1584F330E28C729847EA14152BD637B3D0F2B38B4BD5BF9C791C58806281103A3EABBAEDE5E711E539E6A8B2CF297CF351C078B4FA8F7F35CF61BEBF8814BF248A01D41E86C5715EA40C63F7375379A7EB1D78F27622FB468AB784AAABA4E534A6DFD1DF6FA15511341E725ED2E87F98737CCB7B6A6DFAE416477472B046BF1811187D151BFA9F7B2BF9ACDB23A3BE507CDF14CFDF517D2CB5FB9E4AB6"),
+ SHEX("C24D4054110889290CBC40B82AD8599229D8E86E4CE76BDDBBB6F5386223512C9D7E00973C706442B2C80EDD20904067AF8E4E681AECBFADC6AA15A2EBFE7DDD"));
+ test_hash(&nettle_sha3_512, /* 197 octets */
+ SHEX("FDD7A9433A3B4AFABD7A3A5E3457E56DEBF78E84B7A0B0CA0E8C6D53BD0C2DAE31B2700C6128334F43981BE3B213B1D7A118D59C7E6B6493A86F866A1635C12859CFB9AD17460A77B4522A5C1883C3D6ACC86E6162667EC414E9A104AA892053A2B1D72165A855BACD8FAF8034A5DD9B716F47A0818C09BB6BAF22AA503C06B4CA261F557761989D2AFBD88B6A678AD128AF68672107D0F1FC73C5CA740459297B3292B281E93BCEB761BDE7221C3A55708E5EC84472CDDCAA84ECF23723CC0991355C6280"),
+ SHEX("4A6404D278A0BA70488C18D7D1861CDE26FD57D66A9AFFE74F1E646E616003A52FE42520504AC4ACE5CA6665CF9155F44ECAA05D55F80FE9794ADE17871C5728"));
+ test_hash(&nettle_sha3_512, /* 198 octets */
+ SHEX("70A40BFBEF92277A1AAD72F6B79D0177197C4EBD432668CFEC05D099ACCB651062B5DFF156C0B27336687A94B26679CFDD9DAF7AD204338DD9C4D14114033A5C225BD11F217B5F4732DA167EE3F939262D4043FC9CBA92303B7B5E96AEA12ADDA64859DF4B86E9EE0B58E39091E6B188B408AC94E1294A8911245EE361E60E601EFF58D1D37639F3753BEC80EBB4EFDE25817436076623FC65415FE51D1B0280366D12C554D86743F3C3B6572E400361A60726131441BA493A83FBE9AFDA90F7AF1AE717238D"),
+ SHEX("FFFD1B1E31377DFF00B492295BCCC735733B021F47BB4AFBA6549EA6C1BA3832E8587099AD0CC216AF5899AC683EB7C246871E21C30FEEF9BCEEDFC78D0C966C"));
+ test_hash(&nettle_sha3_512, /* 199 octets */
+ SHEX("74356E449F4BF8644F77B14F4D67CB6BD9C1F5AE357621D5B8147E562B65C66585CAF2E491B48529A01A34D226D436959153815380D5689E30B35357CDAC6E08D3F2B0E88E200600D62BD9F5EAF488DF86A4470EA227006182E44809009868C4C280C43D7D64A5268FA719074960087B3A6ABC837882F882C837834535929389A12B2C78187E2EA07EF8B8EEF27DC85002C3AE35F1A50BEE6A1C48BA7E175F3316670B27983472AA6A61EED0A683A39EE323080620EA44A9F74411AE5CE99030528F9AB49C79F2"),
+ SHEX("33C8F40E1BD1EB1A3A70D2071D27460EF0F6B2D3ECE373743842D6B928F3771E4B7446A9ECFBBF552C064F6B26095401097581C38B95E9551119A1FDCB3D58E7"));
+ test_hash(&nettle_sha3_512, /* 200 octets */
+ SHEX("8C3798E51BC68482D7337D3ABB75DC9FFE860714A9AD73551E120059860DDE24AB87327222B64CF774415A70F724CDF270DE3FE47DDA07B61C9EF2A3551F45A5584860248FABDE676E1CD75F6355AA3EAEABE3B51DC813D9FB2EAA4F0F1D9F834D7CAD9C7C695AE84B329385BC0BEF895B9F1EDF44A03D4B410CC23A79A6B62E4F346A5E8DD851C2857995DDBF5B2D717AEB847310E1F6A46AC3D26A7F9B44985AF656D2B7C9406E8A9E8F47DCB4EF6B83CAACF9AEFB6118BFCFF7E44BEF6937EBDDC89186839B77"),
+ SHEX("2A11CB6921EA662A39DDEE7982E3CF5B317195661D5505AD04D11EE23E178ED65F3E06A7F096F4EAF1FF6A09239CF5A0A39DC9F4C92AF63FDF7211E1CF467653"));
+ test_hash(&nettle_sha3_512, /* 201 octets */
+ SHEX("FA56BF730C4F8395875189C10C4FB251605757A8FECC31F9737E3C2503B02608E6731E85D7A38393C67DE516B85304824BFB135E33BF22B3A23B913BF6ACD2B7AB85198B8187B2BCD454D5E3318CACB32FD6261C31AE7F6C54EF6A7A2A4C9F3ECB81CE3555D4F0AD466DD4C108A90399D70041997C3B25345A9653F3C9A6711AB1B91D6A9D2216442DA2C973CBD685EE7643BFD77327A2F7AE9CB283620A08716DFB462E5C1D65432CA9D56A90E811443CD1ECB8F0DE179C9CB48BA4F6FEC360C66F252F6E64EDC96B"),
+ SHEX("9196BBBD194541FFEE7EDBAB970738BDD3AADBD6B73D1C85B580AFAC1232AE8077F743CE8B5B6F2B418B5134CCCD4F83645E8631885B14FBBCB909A9836C374C"));
+ test_hash(&nettle_sha3_512, /* 202 octets */
+ SHEX("B6134F9C3E91DD8000740D009DD806240811D51AB1546A974BCB18D344642BAA5CD5903AF84D58EC5BA17301D5EC0F10CCD0509CBB3FD3FFF9172D193AF0F782252FD1338C7244D40E0E42362275B22D01C4C3389F19DD69BDF958EBE28E31A4FFE2B5F18A87831CFB7095F58A87C9FA21DB72BA269379B2DC2384B3DA953C7925761FED324620ACEA435E52B424A7723F6A2357374157A34CD8252351C25A1B232826CEFE1BD3E70FFC15A31E7C0598219D7F00436294D11891B82497BC78AA5363892A2495DF8C1EEF"),
+ SHEX("1959CAE3600F128F72E1821C337D841B14CBBFEF3A6D22286F18BDFC3EF63528C11BFFA841A6D2208AFEB5664D524DE83090AB0DB07CD47EF52F4D2EAA8454CE"));
+ test_hash(&nettle_sha3_512, /* 203 octets */
+ SHEX("C941CDB9C28AB0A791F2E5C8E8BB52850626AA89205BEC3A7E22682313D198B1FA33FC7295381354858758AE6C8EC6FAC3245C6E454D16FA2F51C4166FAB51DF272858F2D603770C40987F64442D487AF49CD5C3991CE858EA2A60DAB6A65A34414965933973AC2457089E359160B7CDEDC42F29E10A91921785F6B7224EE0B349393CDCFF6151B50B377D609559923D0984CDA6000829B916AB6896693EF6A2199B3C22F7DC5500A15B8258420E314C222BC000BC4E5413E6DD82C993F8330F5C6D1BE4BC79F08A1A0A46"),
+ SHEX("A913DDC5BB089C121FF093BE529225148DF787D48F4F61699EFF9FC2910282A898A81A38D66BE9B06428D6466A614CA822A872C1C2C4D503D434D3B1D6942102"));
+ test_hash(&nettle_sha3_512, /* 204 octets */
+ SHEX("4499EFFFAC4BCEA52747EFD1E4F20B73E48758BE915C88A1FFE5299B0B005837A46B2F20A9CB3C6E64A9E3C564A27C0F1C6AD1960373036EC5BFE1A8FC6A435C2185ED0F114C50E8B3E4C7ED96B06A036819C9463E864A58D6286F785E32A804443A56AF0B4DF6ABC57ED5C2B185DDEE8489EA080DEEEE66AA33C2E6DAB36251C402682B6824821F998C32163164298E1FAFD31BABBCFFB594C91888C6219079D907FDB438ED89529D6D96212FD55ABE20399DBEFD342248507436931CDEAD496EB6E4A80358ACC78647D043"),
+ SHEX("F10B91564AD93D734743281949BACEF065A6432A455236F1BF798DE9AEC6CCAC9B8D373B07C5ACFBD676EF21E4A3A9E0F7C38E8756D177D0A5C283D520844B4D"));
+ test_hash(&nettle_sha3_512, /* 205 octets */
+ SHEX("EECBB8FDFA4DA62170FD06727F697D81F83F601FF61E478105D3CB7502F2C89BF3E8F56EDD469D049807A38882A7EEFBC85FC9A950952E9FA84B8AFEBD3CE782D4DA598002827B1EB98882EA1F0A8F7AA9CE013A6E9BC462FB66C8D4A18DA21401E1B93356EB12F3725B6DB1684F2300A98B9A119E5D27FF704AFFB618E12708E77E6E5F34139A5A41131FD1D6336C272A8FC37080F041C71341BEE6AB550CB4A20A6DDB6A8E0299F2B14BC730C54B8B1C1C487B494BDCCFD3A53535AB2F231590BF2C4062FD2AD58F906A2D0D"),
+ SHEX("EF26A1BAF33D4DE047BDD2CE34736E042ECD33AA569FFC0CB81ECFA66E9F87DA8D025ECBA24BCB187E4201046FB99A02DFA6F1BF88EC2B88DE216CF759FAC41D"));
+ test_hash(&nettle_sha3_512, /* 206 octets */
+ SHEX("E64F3E4ACE5C8418D65FEC2BC5D2A303DD458034736E3B0DF719098BE7A206DEAF52D6BA82316CAF330EF852375188CDE2B39CC94AA449578A7E2A8E3F5A9D68E816B8D16889FBC0EBF0939D04F63033AE9AE2BDAB73B88C26D6BD25EE460EE1EF58FB0AFA92CC539F8C76D3D097E7A6A63EBB9B5887EDF3CF076028C5BBD5B9DB3211371AD3FE121D4E9BF44229F4E1ECF5A0F9F0EBA4D5CEB72878AB22C3F0EB5A625323AC66F7061F4A81FAC834471E0C59553F108475FE290D43E6A055AE3EE46FB67422F814A68C4BE3E8C9"),
+ SHEX("F8E079A6DC5A6A7E7F32FF7E8015D1B26D43B54F166F2111CFB2B1EB238CABEE58630EF845E0DB00DDF1D800AD67CE7B2B658B42118CC15C8EF3BC9FB252DB64"));
+ test_hash(&nettle_sha3_512, /* 207 octets */
+ SHEX("D2CB2D733033F9E91395312808383CC4F0CA974E87EC68400D52E96B3FA6984AC58D9AD0938DDE5A973008D818C49607D9DE2284E7618F1B8AED8372FBD52ED54557AF4220FAC09DFA8443011699B97D743F8F2B1AEF3537EBB45DCC9E13DFB438428EE190A4EFDB3CAEB7F3933117BF63ABDC7E57BEB4171C7E1AD260AB0587806C4D137B6316B50ABC9CCE0DFF3ACADA47BBB86BE777E617BBE578FF4519844DB360E0A96C6701290E76BB95D26F0F804C8A4F2717EAC4E7DE9F2CFF3BBC55A17E776C0D02856032A6CD10AD2838"),
+ SHEX("A5BFAA52499A688D9C8D3DDC0BA06DECDF3829BE5D444ACFA412F4C6E863F4786BE9935805310734E4F0AFFE05558999807408E97E100FADD0C93FF160F8B11B"));
+ test_hash(&nettle_sha3_512, /* 208 octets */
+ SHEX("F2998955613DD414CC111DF5CE30A995BB792E260B0E37A5B1D942FE90171A4AC2F66D4928D7AD377F4D0554CBF4C523D21F6E5F379D6F4B028CDCB9B1758D3B39663242FF3CB6EDE6A36A6F05DB3BC41E0D861B384B6DEC58BB096D0A422FD542DF175E1BE1571FB52AE66F2D86A2F6824A8CFAACBAC4A7492AD0433EEB15454AF8F312B3B2A577750E3EFBD370E8A8CAC1582581971FBA3BA4BD0D76E718DACF8433D33A59D287F8CC92234E7A271041B526E389EFB0E40B6A18B3AAF658E82ED1C78631FD23B4C3EB27C3FAEC8685"),
+ SHEX("CCEA9FCF1AD93270AC4690E96B875122C5B5EC20D2CC27079CBF893126C44E0208A8BFA139057D72BD2638059EC8DA8A720499AF9D4C117F86799D7515DFC6E0"));
+ test_hash(&nettle_sha3_512, /* 209 octets */
+ SHEX("447797E2899B72A356BA55BF4DF3ACCA6CDB1041EB477BD1834A9F9ACBC340A294D729F2F97DF3A610BE0FF15EDB9C6D5DB41644B9874360140FC64F52AA03F0286C8A640670067A84E017926A70438DB1BB361DEFEE7317021425F8821DEF26D1EFD77FC853B818545D055ADC9284796E583C76E6FE74C9AC2587AA46AA8F8804F2FEB5836CC4B3ABABAB8429A5783E17D5999F32242EB59EF30CD7ADABC16D72DBDB097623047C98989F88D14EAF02A7212BE16EC2D07981AAA99949DDF89ECD90333A77BC4E1988A82ABF7C7CAF3291"),
+ SHEX("2EFC5DFE028A35503A25BDF8B2164D86CA7496B7C5DED09C5D414B6977ADBB4A6988AB9939D1EC65F46BCC99C1DCD5F19E035D8D3DC387361200E4DA80C80671"));
+ test_hash(&nettle_sha3_512, /* 210 octets */
+ SHEX("9F2C18ADE9B380C784E170FB763E9AA205F64303067EB1BCEA93DF5DAC4BF5A2E00B78195F808DF24FC76E26CB7BE31DC35F0844CDED1567BBA29858CFFC97FB29010331B01D6A3FB3159CC1B973D255DA9843E34A0A4061CABDB9ED37F241BFABB3C20D32743F4026B59A4CCC385A2301F83C0B0A190B0F2D01ACB8F0D41111E10F2F4E149379275599A52DC089B35FDD5234B0CFB7B6D8AEBD563CA1FA653C5C021DFD6F5920E6F18BFAFDBECBF0AB00281333ED50B9A999549C1C8F8C63D7626C48322E9791D5FF72294049BDE91E73F8"),
+ SHEX("E80D7A934FDAF17DB8DBB1DC6C42E90E139211C2F599890C06B15D6248FDBE682D77D4E05F26D72852F7492BCE118CE7C36950BD2C50F9699BB47D89C3115377"));
+ test_hash(&nettle_sha3_512, /* 211 octets */
+ SHEX("AE159F3FA33619002AE6BCCE8CBBDD7D28E5ED9D61534595C4C9F43C402A9BB31F3B301CBFD4A43CE4C24CD5C9849CC6259ECA90E2A79E01FFBAC07BA0E147FA42676A1D668570E0396387B5BCD599E8E66AAED1B8A191C5A47547F61373021FA6DEADCB55363D233C24440F2C73DBB519F7C9FA5A8962EFD5F6252C0407F190DFEFAD707F3C7007D69FF36B8489A5B6B7C557E79DD4F50C06511F599F56C896B35C917B63BA35C6FF8092BAF7D1658E77FC95D8A6A43EEB4C01F33F03877F92774BE89C1114DD531C011E53A34DC248A2F0E6"),
+ SHEX("C414B29FD07720F46C351F5C80BE2094E95D13AD97BDD1F7C5207B695693CD5E1E0169B1AA2E271115BD5171FEC51D04B71E3E7CE1618FBFEB382F56F65F7EFF"));
+ test_hash(&nettle_sha3_512, /* 212 octets */
+ SHEX("3B8E97C5FFC2D6A40FA7DE7FCEFC90F3B12C940E7AB415321E29EE692DFAC799B009C99DCDDB708FCE5A178C5C35EE2B8617143EDC4C40B4D313661F49ABDD93CEA79D117518805496FE6ACF292C4C2A1F76B403A97D7C399DAF85B46AD84E16246C67D6836757BDE336C290D5D401E6C1386AB32797AF6BB251E9B2D8FE754C47482B72E0B394EAB76916126FD68EA7D65EB93D59F5B4C5AC40F7C3B37E7F3694F29424C24AF8C8F0EF59CD9DBF1D28E0E10F799A6F78CAD1D45B9DB3D7DEE4A7059ABE99182714983B9C9D44D7F5643596D4F3"),
+ SHEX("A4679A4CBEE6292203BAFBA8913245F30E046ABA6C0937B407C00B73D17D8D696690EE25BA1B39DEB3DB93525A8FBCFD88173BA9C7A65B4406D0550BA9B6CC07"));
+ test_hash(&nettle_sha3_512, /* 213 octets */
+ SHEX("3434EC31B10FAFDBFEEC0DD6BD94E80F7BA9DCA19EF075F7EB017512AF66D6A4BCF7D16BA0819A1892A6372F9B35BCC7CA8155EE19E8428BC22D214856ED5FA9374C3C09BDE169602CC219679F65A1566FC7316F4CC3B631A18FB4449FA6AFA16A3DB2BC4212EFF539C67CF184680826535589C7111D73BFFCE431B4C40492E763D9279560AAA38EB2DC14A212D723F994A1FE656FF4DD14551CE4E7C621B2AA5604A10001B2878A897A28A08095C325E10A26D2FB1A75BFD64C250309BB55A44F23BBAC0D5516A1C687D3B41EF2FBBF9CC56D4739"),
+ SHEX("5F49D6594DA939987D1906294B33A037F63C79E078531DFA7E6CE67279D4D5DBEB650FF8690F23B63B7E9C48EA8791B80FDB34EF66DCF0CEFE45842ECFF4AD1D"));
+ test_hash(&nettle_sha3_512, /* 214 octets */
+ SHEX("7C7953D81C8D208FD1C97681D48F49DD003456DE60475B84070EF4847C333B74575B1FC8D2A186964485A3B8634FEAA3595AAA1A2F4595A7D6B6153563DEE31BBAC443C8A33EED6D5D956A980A68366C2527B550EE950250DFB691EACBD5D56AE14B970668BE174C89DF2FEA43AE52F13142639C884FD62A3683C0C3792F0F24AB1318BCB27E21F4737FAB62C77EA38BC8FD1CF41F7DAB64C13FEBE7152BF5BB7AB5A78F5346D43CC741CB6F72B7B8980F268B68BF62ABDFB1577A52438FE14B591498CC95F071228460C7C5D5CEB4A7BDE588E7F21C"),
+ SHEX("B77FB79669EA52C738E58A9EF3ED1501BBE7974478AFB5A8BED44549D6232FF8D7AA9EEEAF02F6755327951093243110D7BCFC0E51299DB793856B57A77E8420"));
+ test_hash(&nettle_sha3_512, /* 215 octets */
+ SHEX("7A6A4F4FDC59A1D223381AE5AF498D74B7252ECF59E389E49130C7EAEE626E7BD9897EFFD92017F4CCDE66B0440462CDEDFD352D8153E6A4C8D7A0812F701CC737B5178C2556F07111200EB627DBC299CAA792DFA58F35935299FA3A3519E9B03166DFFA159103FFA35E8577F7C0A86C6B46FE13DB8E2CDD9DCFBA85BDDDCCE0A7A8E155F81F712D8E9FE646153D3D22C811BD39F830433B2213DD46301941B59293FD0A33E2B63ADBD95239BC01315C46FDB678875B3C81E053A40F581CFBEC24A1404B1671A1B88A6D06120229518FB13A74CA0AC5AE"),
+ SHEX("CACA0FF43107F730A7FBE6869FBA5AF1E626C96303BE3BC95155164199C88922194511B24C48911186F647CA246427F2CE7BA747271CD8D7C5E1D127C21F1EAA"));
+ test_hash(&nettle_sha3_512, /* 216 octets */
+ SHEX("D9FAA14CEBE9B7DE551B6C0765409A33938562013B5E8E0E1E0A6418DF7399D0A6A771FB81C3CA9BD3BB8E2951B0BC792525A294EBD1083688806FE5E7F1E17FD4E3A41D00C89E8FCF4A363CAEDB1ACB558E3D562F1302B3D83BB886ED27B76033798131DAB05B4217381EAAA7BA15EC820BB5C13B516DD640EAEC5A27D05FDFCA0F35B3A5312146806B4C0275BCD0AAA3B2017F346975DB566F9B4D137F4EE10644C2A2DA66DEECA5342E236495C3C6280528BFD32E90AF4CD9BB908F34012B52B4BC56D48CC8A6B59BAB014988EABD12E1A0A1C2E170E7"),
+ SHEX("E5106B2A0D49D6D1E13E3323232101CEA5DA71CAA24E70EFCAC57E0CCF156CDF4C2492B03CE0E13437018DAB76B9C989883BEA69E849F33BB937A397B84ADA6A"));
+ test_hash(&nettle_sha3_512, /* 217 octets */
+ SHEX("2D8427433D0C61F2D96CFE80CF1E932265A191365C3B61AAA3D6DCC039F6BA2AD52A6A8CC30FC10F705E6B7705105977FA496C1C708A277A124304F1FC40911E7441D1B5E77B951AAD7B01FD5DB1B377D165B05BBF898042E39660CAF8B279FE5229D1A8DB86C0999ED65E53D01CCBC4B43173CCF992B3A14586F6BA42F5FE30AFA8AE40C5DF29966F9346DA5F8B35F16A1DE3AB6DE0F477D8D8660918060E88B9B9E9CA6A4207033B87A812DBF5544D39E4882010F82B6CE005F8E8FF6FE3C3806BC2B73C2B83AFB704345629304F9F86358712E9FAE3CA3E"),
+ SHEX("FAEE462E4BCED12AD54D3757D644396ED9203037741661AEA32BCCADAE568C4BDC925EDA76610E964FBE3FB26B33BC0BC123DDF9B528715317CE5C92E00AC96F"));
+ test_hash(&nettle_sha3_512, /* 218 octets */
+ SHEX("5E19D97887FCAAC0387E22C6F803C34A3DACD2604172433F7A8A7A526CA4A2A1271ECFC5D5D7BE5AC0D85D921095350DFC65997D443C21C8094E0A3FEFD2961BCB94AED03291AE310CCDA75D8ACE4BC7D89E7D3E5D1650BDA5D668B8B50BFC8E608E184F4D3A9A2BADC4FF5F07E0C0BC8A9F2E0B2A26FD6D8C550008FAAAB75FD71AF2A424BEC9A7CD9D83FAD4C8E9319115656A8717D3B523A68FF8004258B9990ED362308461804BA3E3A7E92D8F2FFAE5C2FBA55BA5A3C27C0A2F71BD711D2FE1799C2ADB31B200035481E9EE5C4ADF2AB9C0FA50B23975CF"),
+ SHEX("FBE25B43E540104A3AADE897838C63511928AF5ADD4F952F1E6D4C39E70C923DF191FAA36F46B21F827D9B437996FF7206F73337CF20C6B0DB748A707455B420"));
+ test_hash(&nettle_sha3_512, /* 219 octets */
+ SHEX("C8E976AB4638909387CE3B8D4E510C3230E5690E02C45093B1D297910ABC481E56EEA0F296F98379DFC9080AF69E73B2399D1C143BEE80AE1328162CE1BA7F6A8374679B20AACD380EB4E61382C99998704D62701AFA914F9A2705CDB065885F50D086C3EB5753700C387118BB142F3E6DA1E988DFB31AC75D7368931E45D1391A274B22F83CEB072F9BCABC0B216685BFD789F5023971024B1878A205442522F9EA7D8797A4102A3DF41703768251FD5E017C85D1200A464118AA35654E7CA39F3C375B8EF8CBE7534DBC64BC20BEFB417CF60EC92F63D9EE7397"),
+ SHEX("0A41A004573E0A983FE9C93BD57439A20C8F99B800A60D4A07117E8D9B25C0EE38BAB3CDB6FC9216B8E07F0CCDD028C418EF97B6D7E15DECDE7425497644E2E4"));
+ test_hash(&nettle_sha3_512, /* 220 octets */
+ SHEX("7145FA124B7429A1FC2231237A949BA7201BCC1822D3272DE005B682398196C25F7E5CC2F289FBF44415F699CB7FE6757791B1443410234AE061EDF623359E2B4E32C19BF88450432DD01CAA5EB16A1DC378F391CA5E3C4E5F356728BDDD4975DB7C890DA8BBC84CC73FF244394D0D48954978765E4A00B593F70F2CA082673A261ED88DBCEF1127728D8CD89BC2C597E9102CED6010F65FA75A14EBE467FA57CE3BD4948B6867D74A9DF5C0EC6F530CBF2EE61CE6F06BC8F2864DFF5583776B31DF8C7FFCB61428A56BF7BD37188B4A5123BBF338393AF46EDA85E6"),
+ SHEX("FF081507F979F69C6743E42EE758858713B570CB48FF85EF0D728C4E1BB5456D035E498C05EA4CEBD820E134BB252AC76BA4949A4FAD76871A9972AE2FCCCEEA"));
+ test_hash(&nettle_sha3_512, /* 221 octets */
+ SHEX("7FDFADCC9D29BAD23AE038C6C65CDA1AEF757221B8872ED3D75FF8DF7DA0627D266E224E812C39F7983E4558BFD0A1F2BEF3FEB56BA09120EF762917B9C093867948547AEE98600D10D87B20106878A8D22C64378BF634F7F75900C03986B077B0BF8B740A82447B61B99FEE5376C5EB6680EC9E3088F0BDD0C56883413D60C1357D3C811950E5890E7600103C916341B80C743C6A852B7B4FB60C3BA21F3BC15B8382437A68454779CF3CD7F9F90CCC8EF28D0B706535B1E4108EB5627BB45D719CB046839AEE311CA1ABDC8319E050D67972CB35A6B1601B25DBF487"),
+ SHEX("03444AE8319EBD121E7707B9CDFD1FDFD52F3D6B3D4BCB2748AF421A3C8666C22D8C0D8A096767B1CD16A8D54738C5F67A6F9D48C90827BE71691A42BE87108B"));
+ test_hash(&nettle_sha3_512, /* 222 octets */
+ SHEX("988638219FD3095421F826F56E4F09E356296B628C3CE6930C9F2E758FD1A80C8273F2F61E4DAAE65C4F110D3E7CA0965AC7D24E34C0DC4BA2D6FF0BF5BBE93B3585F354D7543CB542A1AA54674D375077F2D360A8F4D42F3DB131C3B7AB7306267BA107659864A90C8C909460A73621D1F5D9D3FD95BEB19B23DB1CB6C0D0FBA91D36891529B8BD8263CAA1BAB56A4AFFAED44962DF096D8D5B1EB845EF31188B3E10F1AF811A13F156BEB7A288AAE593EBD1471B624AA1A7C6ADF01E2200B3D72D88A3AED3100C88231E41EFC376906F0B580DC895F080FDA5741DB1CB"),
+ SHEX("5EE0A4459724037B7318815A80147C172D6C8F8874C9A0057706FB3E300FE936815F07672E6447B771DE699DFADF345C3BB5974CF019315FADD5534DFF6A079C"));
+ test_hash(&nettle_sha3_512, /* 223 octets */
+ SHEX("5AAB62756D307A669D146ABA988D9074C5A159B3DE85151A819B117CA1FF6597F6156E80FDD28C9C3176835164D37DA7DA11D94E09ADD770B68A6E081CD22CA0C004BFE7CD283BF43A588DA91F509B27A6584C474A4A2F3EE0F1F56447379240A5AB1FB77FDCA49B305F07BA86B62756FB9EFB4FC225C86845F026EA542076B91A0BC2CDD136E122C659BE259D98E5841DF4C2F60330D4D8CDEE7BF1A0A244524EECC68FF2AEF5BF0069C9E87A11C6E519DE1A4062A10C83837388F7EF58598A3846F49D499682B683C4A062B421594FAFBC1383C943BA83BDEF515EFCF10D"),
+ SHEX("54085A2F9C327E5D8EE225EFF5BD2C2837E44E8057CF1691E6202050079D26851061C4DA8D88FC19237E5B658950E66866E92019D9E425E2416240A59D25A6CF"));
+ test_hash(&nettle_sha3_512, /* 224 octets */
+ SHEX("47B8216AA0FBB5D67966F2E82C17C07AA2D6327E96FCD83E3DE7333689F3EE79994A1BF45082C4D725ED8D41205CB5BCDF5C341F77FACB1DA46A5B9B2CBC49EADF786BCD881F371A95FA17DF73F606519AEA0FF79D5A11427B98EE7F13A5C00637E2854134691059839121FEA9ABE2CD1BCBBBF27C74CAF3678E05BFB1C949897EA01F56FFA4DAFBE8644611685C617A3206C7A7036E4AC816799F693DAFE7F19F303CE4EBA09D21E03610201BFC665B72400A547A1E00FA9B7AD8D84F84B34AEF118515E74DEF11B9188BD1E1F97D9A12C30132EC2806339BDADACDA2FD8B78"),
+ SHEX("3EA49B6ABD39CDF04BCCD648FB7E1F8AE3DAE9D3E3A5EAB9CE29BE356DEFBBBEB1BB93AE40D31CC1F011DCC6C6AC85B102F2654E2DBBAC47333BCDB4758A1A28"));
+ test_hash(&nettle_sha3_512, /* 225 octets */
+ SHEX("8CFF1F67FE53C098896D9136389BD8881816CCAB34862BB67A656E3D98896F3CE6FFD4DA73975809FCDF9666760D6E561C55238B205D8049C1CEDEEF374D1735DAA533147BFA960B2CCE4A4F254176BB4D1BD1E89654432B8DBE1A135C42115B394B024856A2A83DC85D6782BE4B444239567CCEC4B184D4548EAE3FF6A192F343292BA2E32A0F267F31CC26719EB85245D415FB897AC2DA433EE91A99424C9D7F1766A44171D1651001C38FC79294ACCC68CEB5665D36218454D3BA169AE058A831338C17743603F81EE173BFC0927464F9BD728DEE94C6AEAB7AAE6EE3A627E8"),
+ SHEX("B3851790CA47575DBF988F82C3B501DC8390A8E8598698166167567A0332913CCC8868584DB4ACFB2C9DC0F0A6833292F4DCEDC47CF003217689BC2422B53B93"));
+ test_hash(&nettle_sha3_512, /* 226 octets */
+ SHEX("EACD07971CFF9B9939903F8C1D8CBB5D4DB1B548A85D04E037514A583604E787F32992BF2111B97AC5E8A938233552731321522AB5E8583561260B7D13EBEEF785B23A41FD8576A6DA764A8ED6D822D4957A545D5244756C18AA80E1AAD4D1F9C20D259DEE1711E2CC8FD013169FB7CC4CE38B362F8E0936AE9198B7E838DCEA4F7A5B9429BB3F6BBCF2DC92565E3676C1C5E6EB3DD2A0F86AA23EDD3D0891F197447692794B3DFA269611AD97F72B795602B4FDB198F3FD3EB41B415064256E345E8D8C51C555DC8A21904A9B0F1AD0EFFAB7786AAC2DA3B196507E9F33CA356427"),
+ SHEX("A710CB26C632F289504CD0039BA6AB9B4D3524C52B286D466E2F8939F8684E3F18DCA298A2BA67EB710997B7BB10AE279438B9B4868D0ADB248F282BB440A130"));
+ test_hash(&nettle_sha3_512, /* 227 octets */
+ SHEX("23AC4E9A42C6EF45C3336CE6DFC2FF7DE8884CD23DC912FEF0F7756C09D335C189F3AD3A23697ABDA851A81881A0C8CCAFC980AB2C702564C2BE15FE4C4B9F10DFB2248D0D0CB2E2887FD4598A1D4ACDA897944A2FFC580FF92719C95CF2AA42DC584674CB5A9BC5765B9D6DDF5789791D15F8DD925AA12BFFAFBCE60827B490BB7DF3DDA6F2A143C8BF96ABC903D83D59A791E2D62814A89B8080A28060568CF24A80AE61179FE84E0FFAD00388178CB6A617D37EFD54CC01970A4A41D1A8D3DDCE46EDBBA4AB7C90AD565398D376F431189CE8C1C33E132FEAE6A8CD17A61C630012"),
+ SHEX("8F677A8089052B47BE60C0BB7666E403A5DAA5E28A2B632F2E496C587F1FDCA0EE33D9E78DAA4EF575B13389748B8C24110053B0B96A082C06C3F80EBE8DE976"));
+ test_hash(&nettle_sha3_512, /* 228 octets */
+ SHEX("0172DF732282C9D488669C358E3492260CBE91C95CFBC1E3FEA6C4B0EC129B45F242ACE09F152FC6234E1BEE8AAB8CD56E8B486E1DCBA9C05407C2F95DA8D8F1C0AF78EE2ED82A3A79EC0CB0709396EE62AADB84F8A4EE8A7CCCA3C1EE84E302A09EA802204AFECF04097E67D0F8E8A9D2651126C0A598A37081E42D168B0AE8A71951C524259E4E2054E535B779679BDADE566FE55700858618E626B4A0FAF895BCCE9011504A49E05FD56127EAE3D1F8917AFB548ECADABDA1020111FEC9314C413498A360B08640549A22CB23C731ACE743252A8227A0D2689D4C6001606678DFB921"),
+ SHEX("CE631E6F2C2DC5738C0FA958571773B58AF130B94824331419EE57E2691CE5F29DB3D8FE456CD1E7CDC07F6105FA1B6FD729C2B419008CCD889169C3385DB1B9"));
+ test_hash(&nettle_sha3_512, /* 229 octets */
+ SHEX("3875B9240CF3E0A8B59C658540F26A701CF188496E2C2174788B126FD29402D6A75453BA0635284D08835F40051A2A9683DC92AFB9383719191231170379BA6F4ADC816FECBB0F9C446B785BF520796841E58878B73C58D3EBB097CE4761FDEABE15DE2F319DFBAF1742CDEB389559C788131A6793E193856661376C81CE9568DA19AA6925B47FFD77A43C7A0E758C37D69254909FF0FBD415EF8EB937BCD49F91468B49974C07DC819ABD67395DB0E05874FF83DDDAB895344ABD0E7111B2DF9E58D76D85AD98106B36295826BE04D435615595605E4B4BB824B33C4AFEB5E7BB0D19F909"),
+ SHEX("FFF677BB58909C158EA677BE704253505B106AF934F639ABFEC63BD0C63097AA4BF032FE924149DD991D335E1C44C0220E4D13CBC41B6A98FB5A05FAA3FE15B3"));
+ test_hash(&nettle_sha3_512, /* 230 octets */
+ SHEX("747CC1A59FEFBA94A9C75BA866C30DC5C1CB0C0F8E9361D98484956DD5D1A40F6184AFBE3DAC9F76028D1CAECCFBF69199C6CE2B4C092A3F4D2A56FE5A33A00757F4D7DEE5DFB0524311A97AE0668A47971B95766E2F6DD48C3F57841F91F04A00AD5EA70F2D479A2620DC5CD78EAAB3A3B011719B7E78D19DDF70D9423798AF77517EBC55392FCD01FC600D8D466B9E7A7A85BF33F9CC5419E9BD874DDFD60981150DDAF8D7FEBAA4374F0872A5628D318000311E2F5655365AD4D407C20E5C04DF17A222E7DEEC79C5AB1116D8572F91CD06E1CCC7CED53736FC867FD49ECEBE6BF8082E8A"),
+ SHEX("451EE587226C99989F5EC10050983B1FD661228A4AB48618F1D1173C94FAC39ECFD3C26C16653633B26097E31A0F2213B4F1153A57CB48A70D2AF1ADEB1BBC06"));
+ test_hash(&nettle_sha3_512, /* 231 octets */
+ SHEX("57AF971FCCAEC97435DC2EC9EF0429BCEDC6B647729EA168858A6E49AC1071E706F4A5A645CA14E8C7746D65511620682C906C8B86EC901F3DDED4167B3F00B06CBFAC6AEE3728051B3E5FF10B4F9ED8BD0B8DA94303C833755B3CA3AEDDF0B54BC8D6632138B5D25BAB03D17B3458A9D782108006F5BB7DE75B5C0BA854B423D8BB801E701E99DC4FEAAD59BC1C7112453B04D33EA3635639FB802C73C2B71D58A56BBD671B18FE34ED2E3DCA38827D63FDB1D4FB3285405004B2B3E26081A8FF08CD6D2B08F8E7B7E90A2AB1ED7A41B1D0128522C2F8BFF56A7FE67969422CE839A9D4608F03"),
+ SHEX("F9D6AD8686125E71FE0856E806D68BA97EF123443938D28283387F33E3AC6E2A7DE042A3EE5F7994C1EECC5B6F22CBAE1349CAB2FB7A0A0125EC2320320858D4"));
+ test_hash(&nettle_sha3_512, /* 232 octets */
+ SHEX("04E16DEDC1227902BAAF332D3D08923601BDD64F573FAA1BB7201918CFE16B1E10151DAE875DA0C0D63C59C3DD050C4C6A874011B018421AFC4623AB0381831B2DA2A8BA42C96E4F70864AC44E106F94311051E74C77C1291BF5DB9539E69567BF6A11CF6932BBBAD33F8946BF5814C066D851633D1A513510039B349939BFD42B858C21827C8FF05F1D09B1B0765DC78A135B5CA4DFBA0801BCADDFA175623C8B647EACFB4444B85A44F73890607D06D507A4F8393658788669F6EF4DEB58D08C50CA0756D5E2F49D1A7AD73E0F0B3D3B5F090ACF622B1878C59133E4A848E05153592EA81C6FBF"),
+ SHEX("F26F3268FD620FC476A49AAC3ED1580864934A2F6BA881ED8C8FB757AAAA64BCDF501E1913DE600BBEF6F12C949FEA8FD68C645086D5E30C9253588FFBD19BE5"));
+ test_hash(&nettle_sha3_512, /* 233 octets */
+ SHEX("7C815C384EEE0F288ECE27CCED52A01603127B079C007378BC5D1E6C5E9E6D1C735723ACBBD5801AC49854B2B569D4472D33F40BBB8882956245C366DC3582D71696A97A4E19557E41E54DEE482A14229005F93AFD2C4A7D8614D10A97A9DFA07F7CD946FA45263063DDD29DB8F9E34DB60DAA32684F0072EA2A9426ECEBFA5239FB67F29C18CBAA2AF6ED4BF4283936823AC1790164FEC5457A9CBA7C767CA59392D94CAB7448F50EB34E9A93A80027471CE59736F099C886DEA1AB4CBA4D89F5FC7AE2F21CCD27F611ECA4626B2D08DC22382E92C1EFB2F6AFDC8FDC3D2172604F5035C46B8197D3"),
+ SHEX("080845D6FD22A00B30FA01A4B4F81FDC7B46CA4C6A676AD5863A9DBF6611BA97F24FB59BB5BAC4E376B3B8B3357166782876B701273FF351BC8C5805532767D4"));
+ test_hash(&nettle_sha3_512, /* 234 octets */
+ SHEX("E29D505158DBDD937D9E3D2145658EE6F5992A2FC790F4F608D9CDB44A091D5B94B88E81FAC4FDF5C49442F13B911C55886469629551189EAFF62488F1A479B7DB11A1560E198DDCCCCF50159093425FF7F1CB8D1D1246D0978764087D6BAC257026B090EFAE8CEC5F22B6F21C59ACE1AC7386F5B8837CA6A12B6FBF5534DD0560EF05CA78104D3B943DDB220FEAEC89AA5E692A00F822A2AB9A2FE60350D75E7BE16FF2526DC643872502D01F42F188ABED0A6E9A6F5FD0D1CE7D5755C9FFA66B0AF0B20BD806F08E06156690D81AC811778CA3DAC2C249B96002017FCE93E507E3B953ACF99964B847"),
+ SHEX("2678A8715FC7E538522DD7608D769508B63017D9EB6CC48F1CB07D14E741066936C8316BF3211E09F62611E140DDD14A07F97F9F372E99C084FFE289EB302BD8"));
+ test_hash(&nettle_sha3_512, /* 235 octets */
+ SHEX("D85588696F576E65ECA0155F395F0CFACD83F36A99111ED5768DF2D116D2121E32357BA4F54EDE927F189F297D3A97FAD4E9A0F5B41D8D89DD7FE20156799C2B7B6BF9C957BA0D6763F5C3BC5129747BBB53652B49290CFF1C87E2CDF2C4B95D8AAEE09BC8FBFA6883E62D237885810491BFC101F1D8C636E3D0EDE838AD05C207A3DF4FAD76452979EB99F29AFAECEDD1C63B8D36CF378454A1BB67A741C77AC6B6B3F95F4F02B64DABC15438613EA49750DF42EE90101F115AA9ABB9FF64324DDE9DABBB01054E1BD6B4BCDC7930A44C2300D87CA78C06924D0323AD7887E46C90E8C4D100ACD9EED21E"),
+ SHEX("AA03EB09417435DA9E6E7803F3B6EAB66FAA3D59CC622950D61F9B962B69145AC2255CD752CB9607742092697B1A79D124817AE26421E61D1176764832ED354C"));
+ test_hash(&nettle_sha3_512, /* 236 octets */
+ SHEX("3A12F8508B40C32C74492B66323375DCFE49184C78F73179F3314B79E63376B8AC683F5A51F1534BD729B02B04D002F55CBD8E8FC9B5EC1EA6BBE6A0D0E7431518E6BA45D124035F9D3DCE0A8BB7BF1430A9F657E0B4EA9F20EB20C786A58181A1E20A96F1628F8728A13BDF7A4B4B32FC8AA7054CC4881AE7FA19AFA65C6C3EE1B3ADE3192AF42054A8A911B8EC1826865D46D93F1E7C5E2B7813C92A506E53886F3D4701BB93D2A681AD109C845904BB861AF8AF0646B6E399B38B614051D34F6842563A0F37EC00CB3D865FC5D746C4987DE2A65071100883A2A9C7A2BFE1E2DD603D9EA24DC7C5FD06BE"),
+ SHEX("D3012F2FB56845B258D7598C0BBB2C97D53B602DEAE9326DC3678B2228454A1E29F28848ED140C70BE85CDEA9F99A8DC347DEABD46D362ED1AFB231146A0255D"));
+ test_hash(&nettle_sha3_512, /* 237 octets */
+ SHEX("1861EDCE46FA5AD17E1FF1DEAE084DEC580F97D0A67885DFE834B9DFAC1AE076742CE9E267512CA51F6DF5A455AF0C5FD6ABF94ACEA103A3370C354485A7846FB84F3AC7C2904B5B2FBF227002CE512133BB7E1C4E50057BFD1E44DB33C7CDB969A99E284B184F50A14B068A1FC5009D9B298DBE92239572A7627AAC02ABE8F3E3B473417F36D4D2505D16B7577F4526C9D94A270A2DFE450D06DA8F6FA956879A0A55CFE99E742EA555EA477BA3E9B44CCD508C375423611AF92E55345DC215779B2D5119EBA49C71D49B9FE3F1569FA24E5CA3E332D042422A8B8158D3EC66A80012976F31FFDF305F0C9C5E"),
+ SHEX("B50C896F2CDF7F105DE751FF6CF664E592FAB752D652B06898B9B288052DF22F721AD87E702AF043E6B1E88929850CBD5698A9172C3932400B2538E401A6F081"));
+ test_hash(&nettle_sha3_512, /* 238 octets */
+ SHEX("08D0FFDE3A6E4EF65608EA672E4830C12943D7187CCFF08F4941CFC13E545F3B9C7AD5EEBBE2B01642B486CAF855C2C73F58C1E4E3391DA8E2D63D96E15FD84953AE5C231911B00AD6050CD7AAFDAAC9B0F663AE6AAB45519D0F5391A541707D479034E73A6AD805AE3598096AF078F1393301493D663DD71F83869CA27BA508B7E91E81E128C1716DC3ACFE3084B2201E04CF8006617EECF1B640474A5D45CFDE9F4D3EF92D6D055B909892194D8A8218DB6D8203A84261D200D71473D7488F3427416B6896C137D455F231071CACBC86E0415AB88AEC841D96B7B8AF41E05BB461A40645BF176601F1E760DE5F"),
+ SHEX("A34A2F27C32F993A7E7007867733547481293C391255FFD0E5CCBE91E1CC749B13525AF6ADFA0C2D1D64BF87DD65B996ADA9111C5DF55BFF8A5742E54B8444F6"));
+ test_hash(&nettle_sha3_512, /* 239 octets */
+ SHEX("D782ABB72A5BE3392757BE02D3E45BE6E2099D6F000D042C8A543F50ED6EBC055A7F133B0DD8E9BC348536EDCAAE2E12EC18E8837DF7A1B3C87EC46D50C241DEE820FD586197552DC20BEEA50F445A07A38F1768A39E2B2FF05DDDEDF751F1DEF612D2E4D810DAA3A0CC904516F9A43AF660315385178A529E51F8AAE141808C8BC5D7B60CAC26BB984AC1890D0436EF780426C547E94A7B08F01ACBFC4A3825EAE04F520A9016F2FB8BF5165ED12736FC71E36A49A73614739EAA3EC834069B1B40F1350C2B3AB885C02C640B9F7686ED5F99527E41CFCD796FE4C256C9173186C226169FF257954EBDA81C0E5F99"),
+ SHEX("DD5F4B167175D9566DCA6C5B1B54A33D02EFD02E25E23BB6FB02D878A4415E5E8682C209BEAC04E9882A272D01E8EB435CAA5BCD74FC825C6B9082D041DFF333"));
+ test_hash(&nettle_sha3_512, /* 240 octets */
+ SHEX("5FCE8109A358570E40983E1184E541833BB9091E280F258CFB144387B05D190E431CB19BAA67273BA0C58ABE91308E1844DCD0B3678BAA42F335F2FA05267A0240B3C718A5942B3B3E3BFA98A55C25A1466E8D7A603722CB2BBF03AFA54CD769A99F310735EE5A05DAE2C22D397BD95635F58C48A67F90E1B73AAFCD3F82117F0166657838691005B18DA6F341D6E90FC1CDB352B30FAE45D348294E501B63252DE14740F2B85AE5299DDEC3172DE8B6D0BA219A20A23BB5E10FF434D39DB3F583305E9F5C039D98569E377B75A70AB837D1DF269B8A4B566F40BB91B577455FD3C356C914FA06B9A7CE24C7317A172D"),
+ SHEX("A43AE5DAD936697564AE1BD9B8624C5C31CC36607322AF40E253F10C285467AFD0D08252D2BAD76EFA52E4775C9C26761ABE38212855A80112FE02623FBF0A13"));
+ test_hash(&nettle_sha3_512, /* 241 octets */
+ SHEX("6172F1971A6E1E4E6170AFBAD95D5FEC99BF69B24B674BC17DD78011615E502DE6F56B86B1A71D3F4348087218AC7B7D09302993BE272E4A591968AEF18A1262D665610D1070EE91CC8DA36E1F841A69A7A682C580E836941D21D909A3AFC1F0B963E1CA5AB193E124A1A53DF1C587470E5881FB54DAE1B0D840F0C8F9D1B04C645BA1041C7D8DBF22030A623AA15638B3D99A2C400FF76F3252079AF88D2B37F35EE66C1AD7801A28D3D388AC450B97D5F0F79E4541755356B3B1A5696B023F39AB7AB5F28DF4202936BC97393B93BC915CB159EA1BD7A0A414CB4B7A1AC3AF68F50D79F0C9C7314E750F7D02FAA58BFA"),
+ SHEX("A5AC23D4A0D533CB9D8A68873F5CB749228458D43CE6BD0536C8733777B5E6E3F28FD36BFFE69002A0777BA74FEF22DE3FAC4C818B4842816C6094496F968555"));
+ test_hash(&nettle_sha3_512, /* 242 octets */
+ SHEX("5668ECD99DFBE215C4118398AC9C9EAF1A1433FAB4CCDD3968064752B625EA944731F75D48A27D047D67547F14DD0FFAA55FA5E29F7AF0D161D85EAFC4F2029B717C918EAB9D304543290BDBA7158B68020C0BA4E079BC95B5BC0FC044A992B94B4CCD3BD66D0EABB5DBBAB904D62E00752C4E3B0091D773BCF4C14B4377DA3EFFF824B1CB2FA01B32D1E46C909E626ED2DAE920F4C7DBEB635BC754FACBD8D49BEBA3F23C1C41CCBFCD0EE0C114E69737F5597C0BF1D859F0C767E18002AE8E39C26261FFDE2920D3D0BAF0E906138696CFE5B7E32B600F45DF3AAA39932F3A7DF95B60FA8712A2271FCAF3911CE7B511B1"),
+ SHEX("07F3BCACF5F78816D515CEDF1CBBA4FFC58D83AA8687B0E7252FAAB43E7F59A7FF7415727ADDF9A22560ADB5755A2C6DF8C7E6DCACEB53106A714D807AAADBF3"));
+ test_hash(&nettle_sha3_512, /* 243 octets */
+ SHEX("03D625488354DF30E3F875A68EDFCF340E8366A8E1AB67F9D5C5486A96829DFAC0578289082B2A62117E1CF418B43B90E0ADC881FC6AE8105C888E9ECD21AEA1C9AE1A4038DFD17378FED71D02AE492087D7CDCD98F746855227967CB1AB4714261EE3BEAD3F4DB118329D3EBEF4BC48A875C19BA763966DA0EBEA800E01B2F50B00E9DD4CACA6DCB314D00184EF71EA2391D760C950710DB4A70F9212FFC54861F9DC752CE18867B8AD0C48DF8466EF7231E7AC567F0EB55099E622EBB86CB237520190A61C66AD34F1F4E289CB3282AE3EAAC6152ED24D2C92BAE5A7658252A53C49B7B02DFE54FDB2E90074B6CF310AC661"),
+ SHEX("13A592B73EDE487036C8816BD6FC6CDC04DC6133409A6EE990584160518F9EF573264CF04D38A3BA75D150F4F026F6DF8936E13C8F4F3ECC9ECBC43FDFC488A4"));
+ test_hash(&nettle_sha3_512, /* 244 octets */
+ SHEX("2EDC282FFB90B97118DD03AAA03B145F363905E3CBD2D50ECD692B37BF000185C651D3E9726C690D3773EC1E48510E42B17742B0B0377E7DE6B8F55E00A8A4DB4740CEE6DB0830529DD19617501DC1E9359AA3BCF147E0A76B3AB70C4984C13E339E6806BB35E683AF8527093670859F3D8A0FC7D493BCBA6BB12B5F65E71E705CA5D6C948D66ED3D730B26DB395B3447737C26FAD089AA0AD0E306CB28BF0ACF106F89AF3745F0EC72D534968CCA543CD2CA50C94B1456743254E358C1317C07A07BF2B0ECA438A709367FAFC89A57239028FC5FECFD53B8EF958EF10EE0608B7F5CB9923AD97058EC067700CC746C127A61EE3"),
+ SHEX("C2FB590AB74E230B8FE159892F94DE04EF7ADAA02B918D4994F996538D257F5A80C9B3BE8F410170B0C5CAC3F507401220881C5E08D8BF0A13247170D39085BC"));
+ test_hash(&nettle_sha3_512, /* 245 octets */
+ SHEX("90B28A6AA1FE533915BCB8E81ED6CACDC10962B7FF82474F845EEB86977600CF70B07BA8E3796141EE340E3FCE842A38A50AFBE90301A3BDCC591F2E7D9DE53E495525560B908C892439990A2CA2679C5539FFDF636777AD9C1CDEF809CDA9E8DCDB451ABB9E9C17EFA4379ABD24B182BD981CAFC792640A183B61694301D04C5B3EAAD694A6BD4CC06EF5DA8FA23B4FA2A64559C5A68397930079D250C51BCF00E2B16A6C49171433B0AADFD80231276560B80458DD77089B7A1BBCC9E7E4B9F881EACD6C92C4318348A13F4914EB27115A1CFC5D16D7FD94954C3532EFACA2CAB025103B2D02C6FD71DA3A77F417D7932685888A"),
+ SHEX("02951596A13A1A41188A4A1D6346F7EAFB60A2051EA67C63237D1A9B79EC4733F33ECEC223DEDD946B78387B6F2DF5E9AB6AF7DFBABAF80F4FCC94FA087275E8"));
+ test_hash(&nettle_sha3_512, /* 246 octets */
+ SHEX("2969447D175490F2AA9BB055014DBEF2E6854C95F8D60950BFE8C0BE8DE254C26B2D31B9E4DE9C68C9ADF49E4EE9B1C2850967F29F5D08738483B417BB96B2A56F0C8ACA632B552059C59AAC3F61F7B45C966B75F1D9931FF4E596406378CEE91AAA726A3A84C33F37E9CDBE626B5745A0B06064A8A8D56E53AAF102D23DD9DF0A3FDF7A638509A6761A33FA42FA8DDBD8E16159C93008B53765019C3F0E9F10B144CE2AC57F5D7297F9C9949E4FF68B70D339F87501CE8550B772F32C6DA8AD2CE2100A895D8B08FA1EEAD7C376B407709703C510B50F87E73E43F8E7348F87C3832A547EF2BBE5799ABEDCF5E1F372EA809233F006"),
+ SHEX("5AA4E32F0EA3E853929BF64ACC9565A01300BC007063B939F6DBBE9CAE0545EA95FBCAC32575AA0727EE4D937071E6B3BE74E23FE76FD63EC05C7F7D8A407AF0"));
+ test_hash(&nettle_sha3_512, /* 247 octets */
+ SHEX("721645633A44A2C78B19024EAECF58575AB23C27190833C26875DC0F0D50B46AEA9C343D82EA7D5B3E50EC700545C615DAEAEA64726A0F05607576DCD396D812B03FB6551C641087856D050B10E6A4D5577B82A98AFB89CEE8594C9DC19E79FEFF0382FCFD127F1B803A4B9946F4AC9A4378E1E6E041B1389A53E3450CD32D9D2941B0CBABDB50DA8EA2513145164C3AB6BCBD251C448D2D4B087AC57A59C2285D564F16DA4ED5E607ED979592146FFB0EF3F3DB308FB342DF5EB5924A48256FC763141A278814C82D6D6348577545870AE3A83C7230AC02A1540FE1798F7EF09E335A865A2AE0949B21E4F748FB8A51F44750E213A8FB"),
+ SHEX("495B2AA2103159D9A937E9DD56B059ACA98A5E3CB7B59BB690DEDC00C692E9D7A18614A73D12E07634B209CC630D1818B09F1076A941FF80474493E3D42B9812"));
+ test_hash(&nettle_sha3_512, /* 248 octets */
+ SHEX("6B860D39725A14B498BB714574B4D37CA787404768F64C648B1751B353AC92BAC2C3A28EA909FDF0423336401A02E63EC24325300D823B6864BB701F9D7C7A1F8EC9D0AE3584AA6DD62EA1997CD831B4BABD9A4DA50932D4EFDA745C61E4130890E156AEE6113716DAF95764222A91187DB2EFFEA49D5D0596102D619BD26A616BBFDA8335505FBB0D90B4C180D1A2335B91538E1668F9F9642790B4E55F9CAB0FE2BDD2935D001EE6419ABAB5457880D0DBFF20ED8758F4C20FE759EFB33141CF0E892587FE8187E5FBC57786B7E8B089612C936DFC03D27EFBBE7C8673F1606BD51D5FF386F4A7AB68EDF59F385EB1291F117BFE717399"),
+ SHEX("217B5A985BED80008274470E254443238C5AEACBC7EE2289F0E63B7AFE6D0F395E2361FD6D9DC33B4F54F03FF56F6B264976161D80091788EE9D262F147A35FC"));
+ test_hash(&nettle_sha3_512, /* 249 octets */
+ SHEX("6A01830AF3889A25183244DECB508BD01253D5B508AB490D3124AFBF42626B2E70894E9B562B288D0A2450CFACF14A0DDAE5C04716E5A0082C33981F6037D23D5E045EE1EF2283FB8B6378A914C5D9441627A722C282FF452E25A7EA608D69CEE4393A0725D17963D0342684F255496D8A18C2961145315130549311FC07F0312FB78E6077334F87EAA873BEE8AA95698996EB21375EB2B4EF53C14401207DEB4568398E5DD9A7CF97E8C9663E23334B46912F8344C19EFCF8C2BA6F04325F1A27E062B62A58D0766FC6DB4D2C6A1928604B0175D872D16B7908EBC041761187CC785526C2A3873FEAC3A642BB39F5351550AF9770C328AF7B"),
+ SHEX("293C551E753BBA7F314DCB93A0FAD94F3F5DEE6ED45D765A708E6FD277601F03F6C905D7E1EAEAEC513CBBBD672B817F6D60FBF02C20167D7F4B7B84AFEEB3F6"));
+ test_hash(&nettle_sha3_512, /* 250 octets */
+ SHEX("B3C5E74B69933C2533106C563B4CA20238F2B6E675E8681E34A389894785BDADE59652D4A73D80A5C85BD454FD1E9FFDAD1C3815F5038E9EF432AAC5C3C4FE840CC370CF86580A6011778BBEDAF511A51B56D1A2EB68394AA299E26DA9ADA6A2F39B9FAFF7FBA457689B9C1A577B2A1E505FDF75C7A0A64B1DF81B3A356001BF0DF4E02A1FC59F651C9D585EC6224BB279C6BEBA2966E8882D68376081B987468E7AED1EF90EBD090AE825795CDCA1B4F09A979C8DFC21A48D8A53CDBB26C4DB547FC06EFE2F9850EDD2685A4661CB4911F165D4B63EF25B87D0A96D3DFF6AB0758999AAD214D07BD4F133A6734FDE445FE474711B69A98F7E2B"),
+ SHEX("89FE6314A0246EFF3BFD07A95FE239BD5071467F53799175B226DAF6C3DB618CAD4CA1C1AF64BF5793F03254F560E6335BEAAA86BCB9E961F214B2AE97B47AF0"));
+ test_hash(&nettle_sha3_512, /* 251 octets */
+ SHEX("83AF34279CCB5430FEBEC07A81950D30F4B66F484826AFEE7456F0071A51E1BBC55570B5CC7EC6F9309C17BF5BEFDD7C6BA6E968CF218A2B34BD5CF927AB846E38A40BBD81759E9E33381016A755F699DF35D660007B5EADF292FEEFB735207EBF70B5BD17834F7BFA0E16CB219AD4AF524AB1EA37334AA66435E5D397FC0A065C411EBBCE32C240B90476D307CE802EC82C1C49BC1BEC48C0675EC2A6C6F3ED3E5B741D13437095707C565E10D8A20B8C20468FF9514FCF31B4249CD82DCEE58C0A2AF538B291A87E3390D737191A07484A5D3F3FB8C8F15CE056E5E5F8FEBE5E1FB59D6740980AA06CA8A0C20F5712B4CDE5D032E92AB89F0AE1"),
+ SHEX("7690F703E894EE22D4DFF55A7F8D5021D5F17B729F95A59C4D55CFB225C67BE105F2E7CDF56D140E566648E9E9C39BBED96F985A6DAE1F21D8BA500F7FD40EDF"));
+ test_hash(&nettle_sha3_512, /* 252 octets */
+ SHEX("A7ED84749CCC56BB1DFBA57119D279D412B8A986886D810F067AF349E8749E9EA746A60B03742636C464FC1EE233ACC52C1983914692B64309EDFDF29F1AB912EC3E8DA074D3F1D231511F5756F0B6EEAD3E89A6A88FE330A10FACE267BFFBFC3E3090C7FD9A850561F363AD75EA881E7244F80FF55802D5EF7A1A4E7B89FCFA80F16DF54D1B056EE637E6964B9E0FFD15B6196BDD7DB270C56B47251485348E49813B4EB9ED122A01B3EA45AD5E1A929DF61D5C0F3E77E1FDC356B63883A60E9CBB9FC3E00C2F32DBD469659883F690C6772E335F617BC33F161D6F6984252EE12E62B6000AC5231E0C9BC65BE223D8DFD94C5004A101AF9FD6C0FB"),
+ SHEX("65E415C7958A47FCA9EED3846FD1283AFEB38E5130F57ECD99DCB21BEDDA856E3B5FB9F839E579C5EA386EACA8CDC0A9549EAAF6EC452DD6CB5212B709BF5C59"));
+ test_hash(&nettle_sha3_512, /* 253 octets */
+ SHEX("A6FE30DCFCDA1A329E82AB50E32B5F50EB25C873C5D2305860A835AECEE6264AA36A47429922C4B8B3AFD00DA16035830EDB897831C4E7B00F2C23FC0B15FDC30D85FB70C30C431C638E1A25B51CAF1D7E8B050B7F89BFB30F59F0F20FECFF3D639ABC4255B3868FC45DD81E47EB12AB40F2AAC735DF5D1DC1AD997CEFC4D836B854CEE9AC02900036F3867FE0D84AFFF37BDE3308C2206C62C4743375094108877C73B87B2546FE05EA137BEDFC06A2796274099A0D554DA8F7D7223A48CBF31B7DECAA1EBC8B145763E3673168C1B1B715C1CD99ECD3DDB238B06049885ECAD9347C2436DFF32C771F34A38587A44A82C5D3D137A03CAA27E66C8FF6"),
+ SHEX("D6542A2F0654B9B874A627D3D53764A65B1DF2C0CEC3BCD0B4B088FAA1095E54F1799757C4371F8D544E298D600E21E11B2F90D295712621231A09C58B05A704"));
+ test_hash(&nettle_sha3_512, /* 254 octets */
+ SHEX("83167FF53704C3AA19E9FB3303539759C46DD4091A52DDAE9AD86408B69335989E61414BC20AB4D01220E35241EFF5C9522B079FBA597674C8D716FE441E566110B6211531CECCF8FD06BC8E511D00785E57788ED9A1C5C73524F01830D2E1148C92D0EDC97113E3B7B5CD3049627ABDB8B39DD4D6890E0EE91993F92B03354A88F52251C546E64434D9C3D74544F23FB93E5A2D2F1FB15545B4E1367C97335B0291944C8B730AD3D4789273FA44FB98D78A36C3C3764ABEEAC7C569C1E43A352E5B770C3504F87090DEE075A1C4C85C0C39CF421BDCC615F9EFF6CB4FE6468004AECE5F30E1ECC6DB22AD9939BB2B0CCC96521DFBF4AE008B5B46BC006E"),
+ SHEX("EC983E787628B94C87FFF8D57D2D058667D12F5AF458BCE79BB7844FB41D9C55920F593C8D8730EB8D54FF1D51CD8AD2F1C2A0F7D6B299A21266744E47D142B2"));
+ test_hash(&nettle_sha3_512, /* 255 octets */
+ SHEX("3A3A819C48EFDE2AD914FBF00E18AB6BC4F14513AB27D0C178A188B61431E7F5623CB66B23346775D386B50E982C493ADBBFC54B9A3CD383382336A1A0B2150A15358F336D03AE18F666C7573D55C4FD181C29E6CCFDE63EA35F0ADF5885CFC0A3D84A2B2E4DD24496DB789E663170CEF74798AA1BBCD4574EA0BBA40489D764B2F83AADC66B148B4A0CD95246C127D5871C4F11418690A5DDF01246A0C80A43C70088B6183639DCFDA4125BD113A8F49EE23ED306FAAC576C3FB0C1E256671D817FC2534A52F5B439F72E424DE376F4C565CCA82307DD9EF76DA5B7C4EB7E085172E328807C02D011FFBF33785378D79DC266F6A5BE6BB0E4A92ECEEBAEB1"),
+ SHEX("81950E7096D31D4F22E3DB71CAC725BF59E81AF54C7CA9E6AEEE71C010FC5467466312A01AA5C137CFB140646941556796F612C9351268737C7E9A2B9631D1FA"));
+}
--- /dev/null
+#include "testutils.h"
+
+#include "sha3.h"
+
+static void
+display (const struct sha3_state *state)
+{
+ unsigned x, y;
+ for (x = 0; x < 5; x++)
+ {
+ for (y = 0; y < 5; y++)
+ /* Is there a simple and *portable* way to print uint64_t? */
+ printf ("%8lx%08lx ", (unsigned long) (state->a[x +5*y] >> 32), (unsigned long) (state->a[x+5*y] & 0xffffffff));
+ printf("\n");
+ }
+}
+
+void
+test_main(void)
+{
+ /* From KeccakPermutationIntermediateValues.txt */
+ static const struct sha3_state s1 =
+ { {
+ 0xF1258F7940E1DDE7ULL, 0x84D5CCF933C0478AULL, 0xD598261EA65AA9EEULL, 0xBD1547306F80494DULL, 0x8B284E056253D057ULL,
+ 0xFF97A42D7F8E6FD4ULL, 0x90FEE5A0A44647C4ULL, 0x8C5BDA0CD6192E76ULL, 0xAD30A6F71B19059CULL, 0x30935AB7D08FFC64ULL,
+ 0xEB5AA93F2317D635ULL, 0xA9A6E6260D712103ULL, 0x81A57C16DBCF555FULL, 0x43B831CD0347C826ULL, 0x01F22F1A11A5569FULL,
+ 0x05E5635A21D9AE61ULL, 0x64BEFEF28CC970F2ULL, 0x613670957BC46611ULL, 0xB87C5A554FD00ECBULL, 0x8C3EE88A1CCF32C8ULL,
+ 0x940C7922AE3A2614ULL, 0x1841F924A2C509E4ULL, 0x16F53526E70465C2ULL, 0x75F644E97F30A13BULL, 0xEAF1FF7B5CECA249ULL,
+ } };
+ static const struct sha3_state s2 =
+ { {
+ 0x2D5C954DF96ECB3CULL, 0x6A332CD07057B56DULL, 0x093D8D1270D76B6CULL, 0x8A20D9B25569D094ULL, 0x4F9C4F99E5E7F156ULL,
+ 0xF957B9A2DA65FB38ULL, 0x85773DAE1275AF0DULL, 0xFAF4F247C3D810F7ULL, 0x1F1B9EE6F79A8759ULL, 0xE4FECC0FEE98B425ULL,
+ 0x68CE61B6B9CE68A1ULL, 0xDEEA66C4BA8F974FULL, 0x33C43D836EAFB1F5ULL, 0xE00654042719DBD9ULL, 0x7CF8A9F009831265ULL,
+ 0xFD5449A6BF174743ULL, 0x97DDAD33D8994B40ULL, 0x48EAD5FC5D0BE774ULL, 0xE3B8C8EE55B7B03CULL, 0x91A0226E649E42E9ULL,
+ 0x900E3129E7BADD7BULL, 0x202A9EC5FAA3CCE8ULL, 0x5B3402464E1C3DB6ULL, 0x609F4E62A44C1059ULL, 0x20D06CD26A8FBF5CULL,
+ } };
+ struct sha3_state state;
+
+ memset (&state, 0, sizeof(state));
+ sha3_permute (&state);
+ if (!MEMEQ (sizeof(state), &state.a, &s1))
+ {
+ printf("Got:\n"); display (&state);
+ printf("Ref:\n"); display (&s1);
+ FAIL();
+ }
+ sha3_permute (&state);
+ if (!MEMEQ (sizeof(state), &state.a, &s2))
+ {
+ printf("Got:\n"); display (&state);
+ printf("Ref:\n"); display (&s2);
+ FAIL();
+ }
+}
--- /dev/null
+#! /usr/bin/awk -f
+
+/^Len/ { len = $3 }
+/^Msg/ { msg = $3 }
+/^MD/ { md = $3;
+ if (len % 8 == 0)
+ printf("test_hash(&nettle_sha3_xxx, /* %d octets */\nSHEX(\"%s\"),\nSHEX(\"%s\"));\n",
+ len / 8, len ? msg : "", md);
+}
#include "testutils.h"
-#include "sha.h"
-int
+void
test_main(void)
{
- test_hash(&nettle_sha384, 3, "abc",
- H("cb00753f45a35e8b b5a03d699ac65007"
- "272c32ab0eded163 1a8b605a43ff5bed"
- "8086072ba1e7cc23 58baeca134c825a7"));
+ test_hash(&nettle_sha384, SDATA("abc"),
+ SHEX("cb00753f45a35e8b b5a03d699ac65007"
+ "272c32ab0eded163 1a8b605a43ff5bed"
+ "8086072ba1e7cc23 58baeca134c825a7"));
- test_hash(&nettle_sha384, 112,
- "abcdefghbcdefghicdefghijdefg"
- "hijkefghijklfghijklmghijklmn"
- "hijklmnoijklmnopjklmnopqklmn"
- "opqrlmnopqrsmnopqrstnopqrstu",
- H("09330c33f71147e8 3d192fc782cd1b47"
- "53111b173b3b05d2 2fa08086e3b0f712"
- "fcc7c71a557e2db9 66c3e9fa91746039"));
+ test_hash(&nettle_sha384,
+ SDATA("abcdefghbcdefghicdefghijdefg"
+ "hijkefghijklfghijklmghijklmn"
+ "hijklmnoijklmnopjklmnopqklmn"
+ "opqrlmnopqrsmnopqrstnopqrstu"),
+ SHEX("09330c33f71147e8 3d192fc782cd1b47"
+ "53111b173b3b05d2 2fa08086e3b0f712"
+ "fcc7c71a557e2db9 66c3e9fa91746039"));
/* Additional test vectors, from Daniel Kahn Gillmor */
- test_hash(&nettle_sha384, LDATA(""),
- H("38b060a751ac9638 4cd9327eb1b1e36a"
- "21fdb71114be0743 4c0cc7bf63f6e1da"
- "274edebfe76f65fb d51ad2f14898b95b"));
- test_hash(&nettle_sha384, LDATA("a"),
- H("54a59b9f22b0b808 80d8427e548b7c23"
- "abd873486e1f035d ce9cd697e8517503"
- "3caa88e6d57bc35e fae0b5afd3145f31"));
- test_hash(&nettle_sha384, LDATA("38"),
- H("c071d202ad950b6a 04a5f15c24596a99"
- "3af8b212467958d5 70a3ffd478006063"
- "8e3a3d06637691d3 012bd31122071b2c"));
- test_hash(&nettle_sha384, LDATA("message digest"),
- H("473ed35167ec1f5d 8e550368a3db39be"
- "54639f828868e945 4c239fc8b52e3c61"
- "dbd0d8b4de1390c2 56dcbb5d5fd99cd5"));
- test_hash(&nettle_sha384, LDATA("abcdefghijklmnopqrstuvwxyz"),
- H("feb67349df3db6f5 924815d6c3dc133f"
- "091809213731fe5c 7b5f4999e463479f"
- "f2877f5f2936fa63 bb43784b12f3ebb4"));
+ test_hash(&nettle_sha384, SDATA(""),
+ SHEX("38b060a751ac9638 4cd9327eb1b1e36a"
+ "21fdb71114be0743 4c0cc7bf63f6e1da"
+ "274edebfe76f65fb d51ad2f14898b95b"));
+ test_hash(&nettle_sha384, SDATA("a"),
+ SHEX("54a59b9f22b0b808 80d8427e548b7c23"
+ "abd873486e1f035d ce9cd697e8517503"
+ "3caa88e6d57bc35e fae0b5afd3145f31"));
+ test_hash(&nettle_sha384, SDATA("38"),
+ SHEX("c071d202ad950b6a 04a5f15c24596a99"
+ "3af8b212467958d5 70a3ffd478006063"
+ "8e3a3d06637691d3 012bd31122071b2c"));
+ test_hash(&nettle_sha384, SDATA("message digest"),
+ SHEX("473ed35167ec1f5d 8e550368a3db39be"
+ "54639f828868e945 4c239fc8b52e3c61"
+ "dbd0d8b4de1390c2 56dcbb5d5fd99cd5"));
+ test_hash(&nettle_sha384, SDATA("abcdefghijklmnopqrstuvwxyz"),
+ SHEX("feb67349df3db6f5 924815d6c3dc133f"
+ "091809213731fe5c 7b5f4999e463479f"
+ "f2877f5f2936fa63 bb43784b12f3ebb4"));
test_hash(&nettle_sha384,
- LDATA("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdef"
+ SDATA("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdef"
"ghijklmnopqrstuvwxyz0123456789"),
- H("1761336e3f7cbfe5 1deb137f026f89e0"
- "1a448e3b1fafa640 39c1464ee8732f11"
- "a5341a6f41e0c202 294736ed64db1a84"));
+ SHEX("1761336e3f7cbfe5 1deb137f026f89e0"
+ "1a448e3b1fafa640 39c1464ee8732f11"
+ "a5341a6f41e0c202 294736ed64db1a84"));
test_hash(&nettle_sha384,
- LDATA("12345678901234567890123456789012"
+ SDATA("12345678901234567890123456789012"
"34567890123456789012345678901234"
"5678901234567890"),
- H("b12932b0627d1c06 0942f54477641556"
- "55bd4da0c9afa6dd 9b9ef53129af1b8f"
- "b0195996d2de9ca0 df9d821ffee67026"));
-
- SUCCESS();
+ SHEX("b12932b0627d1c06 0942f54477641556"
+ "55bd4da0c9afa6dd 9b9ef53129af1b8f"
+ "b0195996d2de9ca0 df9d821ffee67026"));
}
#include "testutils.h"
-#include "sha.h"
-int
+void
test_main(void)
{
- test_hash(&nettle_sha512, 3, "abc",
- H("ddaf35a193617aba cc417349ae204131"
- "12e6fa4e89a97ea2 0a9eeee64b55d39a"
- "2192992a274fc1a8 36ba3c23a3feebbd"
- "454d4423643ce80e 2a9ac94fa54ca49f"));
+ test_hash(&nettle_sha512, SDATA("abc"),
+ SHEX("ddaf35a193617aba cc417349ae204131"
+ "12e6fa4e89a97ea2 0a9eeee64b55d39a"
+ "2192992a274fc1a8 36ba3c23a3feebbd"
+ "454d4423643ce80e 2a9ac94fa54ca49f"));
- test_hash(&nettle_sha512, 112,
- "abcdefghbcdefghicdefghijdefg"
- "hijkefghijklfghijklmghijklmn"
- "hijklmnoijklmnopjklmnopqklmn"
- "opqrlmnopqrsmnopqrstnopqrstu",
- H("8e959b75dae313da 8cf4f72814fc143f"
- "8f7779c6eb9f7fa1 7299aeadb6889018"
- "501d289e4900f7e4 331b99dec4b5433a"
- "c7d329eeb6dd2654 5e96e55b874be909"));
+ test_hash(&nettle_sha512,
+ SDATA("abcdefghbcdefghicdefghijdefg"
+ "hijkefghijklfghijklmghijklmn"
+ "hijklmnoijklmnopjklmnopqklmn"
+ "opqrlmnopqrsmnopqrstnopqrstu"),
+ SHEX("8e959b75dae313da 8cf4f72814fc143f"
+ "8f7779c6eb9f7fa1 7299aeadb6889018"
+ "501d289e4900f7e4 331b99dec4b5433a"
+ "c7d329eeb6dd2654 5e96e55b874be909"));
+
+ /* NESSIE, Set 1, vector #6 */
+ test_hash(&nettle_sha512,
+ SDATA("ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "abcdefghijklmnopqrstuvwxyz"
+ "0123456789"),
+ SHEX("1E07BE23C26A86EA37EA810C8EC78093"
+ "52515A970E9253C26F536CFC7A9996C4"
+ "5C8370583E0A78FA4A90041D71A4CEAB"
+ "7423F19C71B9D5A3E01249F0BEBD5894"));
+
+ /* NESSIE, Set 1, vector #7 */
+ test_hash(&nettle_sha512,
+ SDATA("1234567890123456789012345678901234567890"
+ "1234567890123456789012345678901234567890"),
+ SHEX("72EC1EF1124A45B047E8B7C75A932195"
+ "135BB61DE24EC0D1914042246E0AEC3A"
+ "2354E093D76F3048B456764346900CB1"
+ "30D2A4FD5DD16ABB5E30BCB850DEE843"));
+
+ /* Variants longer than one block (128 bytes), to test varying alignment. */
+ test_hash(&nettle_sha512,
+ SDATA("ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "abcdefghijklmnopqrstuvwxyz"
+ "0123456789"
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "abcdefghijklmnopqrstuvwxyz"
+ "0123456789"
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "abcdefghijklmnopqrstuvwxyz"
+ "0123456789"),
+ SHEX("5338370f5655f4da14572d4fb471539b"
+ "201485ecfb3d3204048dc6b83e61fab5"
+ "05bcbbd73e644a1a5d159a32a0889cf3"
+ "c9591b69b26d31be56c68838ce3cd63d"));
+ test_hash(&nettle_sha512,
+ SDATA("1234567890123456789012345678901234567890"
+ "1234567890123456789012345678901234567890"
+ "1234567890123456789012345678901234567890"
+ "1234567890123456789012345678901234567890"
+ "1234567890123456789012345678901234567890"
+ "1234567890123456789012345678901234567890"
+ "1234567890123456789012345678901234567890"
+ "1234567890123456789012345678901234567890") ,
+ SHEX("33f8901b053e4cc677d3cb4122d96ad9"
+ "b96b13bf76194cf962488bb4de4998a7"
+ "1455cb31582db527adf77a485b81cf5b"
+ "722a5e8638eb6be487400f3aec006e7c"));
/* Additional test vectors, from Daniel Kahn Gillmor */
- test_hash(&nettle_sha512, LDATA(""),
- H("cf83e1357eefb8bd f1542850d66d8007"
- "d620e4050b5715dc 83f4a921d36ce9ce"
- "47d0d13c5d85f2b0 ff8318d2877eec2f"
- "63b931bd47417a81 a538327af927da3e"));
- test_hash(&nettle_sha512, LDATA("a"),
- H("1f40fc92da241694 750979ee6cf582f2"
- "d5d7d28e18335de0 5abc54d0560e0f53"
- "02860c652bf08d56 0252aa5e74210546"
- "f369fbbbce8c12cf c7957b2652fe9a75"));
- test_hash(&nettle_sha512, LDATA("38"),
- H("caae34a5e8103126 8bcdaf6f1d8c04d3"
- "7b7f2c349afb705b 575966f63e2ebf0f"
- "d910c3b05160ba08 7ab7af35d40b7c71"
- "9c53cd8b947c9611 1f64105fd45cc1b2"));
- test_hash(&nettle_sha512, LDATA("message digest"),
- H("107dbf389d9e9f71 a3a95f6c055b9251"
- "bc5268c2be16d6c1 3492ea45b0199f33"
- "09e16455ab1e9611 8e8a905d5597b720"
- "38ddb372a8982604 6de66687bb420e7c"));
- test_hash(&nettle_sha512, LDATA("abcdefghijklmnopqrstuvwxyz"),
- H("4dbff86cc2ca1bae 1e16468a05cb9881"
- "c97f1753bce36190 34898faa1aabe429"
- "955a1bf8ec483d74 21fe3c1646613a59"
- "ed5441fb0f321389 f77f48a879c7b1f1"));
+ test_hash(&nettle_sha512, SDATA(""),
+ SHEX("cf83e1357eefb8bd f1542850d66d8007"
+ "d620e4050b5715dc 83f4a921d36ce9ce"
+ "47d0d13c5d85f2b0 ff8318d2877eec2f"
+ "63b931bd47417a81 a538327af927da3e"));
+ test_hash(&nettle_sha512, SDATA("a"),
+ SHEX("1f40fc92da241694 750979ee6cf582f2"
+ "d5d7d28e18335de0 5abc54d0560e0f53"
+ "02860c652bf08d56 0252aa5e74210546"
+ "f369fbbbce8c12cf c7957b2652fe9a75"));
+ test_hash(&nettle_sha512, SDATA("38"),
+ SHEX("caae34a5e8103126 8bcdaf6f1d8c04d3"
+ "7b7f2c349afb705b 575966f63e2ebf0f"
+ "d910c3b05160ba08 7ab7af35d40b7c71"
+ "9c53cd8b947c9611 1f64105fd45cc1b2"));
+ test_hash(&nettle_sha512, SDATA("message digest"),
+ SHEX("107dbf389d9e9f71 a3a95f6c055b9251"
+ "bc5268c2be16d6c1 3492ea45b0199f33"
+ "09e16455ab1e9611 8e8a905d5597b720"
+ "38ddb372a8982604 6de66687bb420e7c"));
+ test_hash(&nettle_sha512, SDATA("abcdefghijklmnopqrstuvwxyz"),
+ SHEX("4dbff86cc2ca1bae 1e16468a05cb9881"
+ "c97f1753bce36190 34898faa1aabe429"
+ "955a1bf8ec483d74 21fe3c1646613a59"
+ "ed5441fb0f321389 f77f48a879c7b1f1"));
test_hash(&nettle_sha512,
- LDATA("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdef"
+ SDATA("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdef"
"ghijklmnopqrstuvwxyz0123456789"),
- H("1e07be23c26a86ea 37ea810c8ec78093"
- "52515a970e9253c2 6f536cfc7a9996c4"
- "5c8370583e0a78fa 4a90041d71a4ceab"
- "7423f19c71b9d5a3 e01249f0bebd5894"));
+ SHEX("1e07be23c26a86ea 37ea810c8ec78093"
+ "52515a970e9253c2 6f536cfc7a9996c4"
+ "5c8370583e0a78fa 4a90041d71a4ceab"
+ "7423f19c71b9d5a3 e01249f0bebd5894"));
test_hash(&nettle_sha512,
- LDATA("12345678901234567890123456789012"
+ SDATA("12345678901234567890123456789012"
"34567890123456789012345678901234"
"5678901234567890"),
- H("72ec1ef1124a45b0 47e8b7c75a932195"
- "135bb61de24ec0d1 914042246e0aec3a"
- "2354e093d76f3048 b456764346900cb1"
- "30d2a4fd5dd16abb 5e30bcb850dee843"));
-
- SUCCESS();
+ SHEX("72ec1ef1124a45b0 47e8b7c75a932195"
+ "135bb61de24ec0d1 914042246e0aec3a"
+ "2354e093d76f3048 b456764346900cb1"
+ "30d2a4fd5dd16abb 5e30bcb850dee843"));
}
+
+/* For first test case.
+-1: 6a09e667f3bcc908 bb67ae8584caa73b 3c6ef372fe94f82b a54ff53a5f1d36f1 510e527fade682d1 9b05688c2b3e6c1f 1f83d9abfb41bd6b 5be0cd19137e2179
+ 0: 6a09e667f3bcc908 bb67ae8584caa73b 3c6ef372fe94f82b 58cb02347ab51f91 510e527fade682d1 9b05688c2b3e6c1f 1f83d9abfb41bd6b f6afceb8bcfcddf5
+ 1: 6a09e667f3bcc908 bb67ae8584caa73b c3d4ebfd48650ffa 58cb02347ab51f91 510e527fade682d1 9b05688c2b3e6c1f 1320f8c9fb872cc0 f6afceb8bcfcddf5
+ 6: b47b4bb1928990e c4875b0c7abc076b af573b02403e89cd b680953951604860 5a83cb3e80050e82 5a6c781f54dcc00c 96f60209b6dc35ba 745aca4a342ed2e2
+ 7: 8093d195e0054fa3 c4875b0c7abc076b af573b02403e89cd b680953951604860 86f67263a0f0ec0a 5a6c781f54dcc00c 96f60209b6dc35ba 745aca4a342ed2e2
+ 8: 8093d195e0054fa3 c4875b0c7abc076b af573b02403e89cd d0403c398fc40002 86f67263a0f0ec0a 5a6c781f54dcc00c 96f60209b6dc35ba f1eca5544cb89225
+ 9: 8093d195e0054fa3 c4875b0c7abc076b 91f460be46c52 d0403c398fc40002 86f67263a0f0ec0a 5a6c781f54dcc00c 81782d4a5db48f03 f1eca5544cb89225
+14: 475975b91a7a462c fa967eed85a08028 44249631255d2ca0 5e41214388186c14 db0a9963f80c2eaa 874bfe5f6aae9f2f 860acf9effba6f61 cdf3bff2883fc9d9
+15: ae07c86b1181c75 fa967eed85a08028 44249631255d2ca0 5e41214388186c14 a77b7c035dd4c161 874bfe5f6aae9f2f 860acf9effba6f61 cdf3bff2883fc9d9
+16: ae07c86b1181c75 fa967eed85a08028 44249631255d2ca0 2deecc6b39d64d78 a77b7c035dd4c161 874bfe5f6aae9f2f 860acf9effba6f61 caf81a425d800537
+17: ae07c86b1181c75 fa967eed85a08028 f47e8353f8047455 2deecc6b39d64d78 a77b7c035dd4c161 874bfe5f6aae9f2f 4725be249ad19e6b caf81a425d800537
+18: ae07c86b1181c75 29695fd88d81dbd0 f47e8353f8047455 2deecc6b39d64d78 a77b7c035dd4c161 3c4b4104168e3edb 4725be249ad19e6b caf81a425d800537
+30: 9068a4e255a0dac 4c4fbbb75f1873a6 74bf40f869094c63 e62349090f47d30a eab4a9e5771b8d09 73e025d91b9efea3 f0aec2fe1437f085 fcdf99710f21584
+31: ff4d3f1f0d46a736 4c4fbbb75f1873a6 74bf40f869094c63 e62349090f47d30a 3cd388e119e8162e 73e025d91b9efea3 f0aec2fe1437f085 fcdf99710f21584
+32: ff4d3f1f0d46a736 4c4fbbb75f1873a6 74bf40f869094c63 e1034573654a106f 3cd388e119e8162e 73e025d91b9efea3 f0aec2fe1437f085 a0509015ca08c8d4
+33: ff4d3f1f0d46a736 4c4fbbb75f1873a6 efabbd8bf47c041a e1034573654a106f 3cd388e119e8162e 73e025d91b9efea3 60d4e6995ed91fe6 a0509015ca08c8d4
+34: ff4d3f1f0d46a736 fbae670fa780fd3 efabbd8bf47c041a e1034573654a106f 3cd388e119e8162e 2c59ec7743632621 60d4e6995ed91fe6 a0509015ca08c8d4
+46: cc5100997f5710f2 f61e672694de2d67 21fbadbabab5ac6 c47c9d5c7ea8a234 35d7e7f41defcbd5 c6bc35740d8daa9a e95c2a57572d64d9 858d832ae0e8911c
+47: 6b69fc1bb482feac f61e672694de2d67 21fbadbabab5ac6 c47c9d5c7ea8a234 35264334c03ac8ad c6bc35740d8daa9a e95c2a57572d64d9 858d832ae0e8911c
+48: 6b69fc1bb482feac f61e672694de2d67 21fbadbabab5ac6 271580ed6c3e5650 35264334c03ac8ad c6bc35740d8daa9a e95c2a57572d64d9 571f323d96b3a047
+49: 6b69fc1bb482feac f61e672694de2d67 dfe091dab182e645 271580ed6c3e5650 35264334c03ac8ad c6bc35740d8daa9a ca9bd862c5050918 571f323d96b3a047
+50: 6b69fc1bb482feac 7a0d8ef821c5e1a dfe091dab182e645 271580ed6c3e5650 35264334c03ac8ad 813a43dd2c502043 ca9bd862c5050918 571f323d96b3a047
+62: 4797cde4ed370692 a81dedbb9f19e643 cfcd928c5424e2b6 3857dfd2fc37d3ba 2c074484ef1eac8c 84058865d60a05fa 9aee5bda1644de5 a6af4e9c9f807e51
+63: ab44e86276478d85 a81dedbb9f19e643 cfcd928c5424e2b6 3857dfd2fc37d3ba cd881ee59ca6bc53 84058865d60a05fa 9aee5bda1644de5 a6af4e9c9f807e51
+64: ab44e86276478d85 a81dedbb9f19e643 cfcd928c5424e2b6 aa84b086688a5c45 cd881ee59ca6bc53 84058865d60a05fa 9aee5bda1644de5 5a806d7e9821a501
+65: ab44e86276478d85 a81dedbb9f19e643 3b5fed0d6a1f96e1 aa84b086688a5c45 cd881ee59ca6bc53 84058865d60a05fa eeb9c21bb0102598 5a806d7e9821a501
+66: ab44e86276478d85 29fab5a7bff53366 3b5fed0d6a1f96e1 aa84b086688a5c45 cd881ee59ca6bc53 46c4210ab2cc155d eeb9c21bb0102598 5a806d7e9821a501
+78: 995019a6ff3ba3de 10d9c4c4295599f6 d67806db8b148677 654ef9abec389ca9 c8960e6be864b916 9bb4d39778c07f9e 25c96a7768fb2aa3 ceb9fc3691ce8326
+79: 73a54f399fa4b1b2 10d9c4c4295599f6 d67806db8b148677 654ef9abec389ca9 d08446aa79693ed7 9bb4d39778c07f9e 25c96a7768fb2aa3 ceb9fc3691ce8326
+99: ddaf35a193617aba cc417349ae204131 12e6fa4e89a97ea2 a9eeee64b55d39a 2192992a274fc1a8 36ba3c23a3feebbd 454d4423643ce80e 2a9ac94fa54ca49f
+*/
srcdir=`pwd`
fi
-# FIXME: Check libhogweed.a too.
+: ${NM:=nm}
# * nm on aix seems to generate bogus outbut including random binary
# data. Using -g is a workaround to get rid of that. But nm -g
# * gcc on x86 generates functions like __i686.get_pc_thunk.bx in pic
# code.
-( nm -g ../libnettle.a || nm ../libnettle.a ) \
+( $NM -g ../libnettle.a || $NM ../libnettle.a ) \
| grep ' [DRT] ' | egrep -v '( |^)\.?_?(_?nettle_|memxor)|get_pc_thunk' \
| sort -k3 > test1.out
fi
if [ -s ../libhogweed.a ] ; then
- ( nm -g ../libhogweed.a || nm ../libhogweed.a ) \
+ ( $NM -g ../libhogweed.a || $NM ../libhogweed.a ) \
| grep ' [DRT] ' | egrep -v '( |^)\.?_?_?nettle_|get_pc_thunk' \
| sort -k3 > test1.out
#! /bin/sh
-rm -rf testkey.priv testkey.pub testsignature testsignature2
+rm -rf testkey.priv testkey.pub testtmp testsignature testsignature2
+
+case "$EMULATOR" in
+ wine*)
+ find . -type l -name '*.dll' -exec rm -f '{}' ';'
+ ;;
+esac
#include "cbc.h"
#include "ctr.h"
#include "knuth-lfib.h"
+#include "macros.h"
+#include "nettle-internal.h"
+#include <assert.h>
#include <ctype.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
/* -1 means invalid */
static const signed char hex_digits[0x100] =
-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1
};
+void
+die(const char *format, ...)
+{
+ va_list args;
+ va_start(args, format);
+#if WITH_HOGWEED
+ gmp_vfprintf(stderr, format, args);
+#else
+ vfprintf(stderr, format, args);
+#endif
+ va_end(args);
+
+ abort ();
+}
+
void *
xalloc(size_t size)
{
return p;
}
-unsigned
+static struct tstring *tstring_first = NULL;
+
+struct tstring *
+tstring_alloc (unsigned length)
+{
+ struct tstring *s = xalloc(sizeof(struct tstring) + length - 1);
+ s->length = length;
+ s->next = tstring_first;
+ tstring_first = s;
+ return s;
+}
+
+void
+tstring_clear(void)
+{
+ while (tstring_first)
+ {
+ struct tstring *s = tstring_first;
+ tstring_first = s->next;
+ free(s);
+ }
+}
+
+struct tstring *
+tstring_data(unsigned length, const char *data)
+{
+ struct tstring *s = tstring_alloc (length);
+ memcpy (s->data, data, length);
+ return s;
+}
+
+static unsigned
decode_hex_length(const char *h)
{
const unsigned char *hex = (const unsigned char *) h;
return count / 2;
}
-int
+static void
decode_hex(uint8_t *dst, const char *h)
{
const unsigned char *hex = (const unsigned char *) h;
hex++;
if (!*hex)
- return 1;
+ return;
high = hex_digits[*hex++];
- if (high < 0)
- return 0;
+ ASSERT (high >= 0);
while (*hex && isspace(*hex))
hex++;
- if (!*hex)
- return 0;
+ ASSERT (*hex);
low = hex_digits[*hex++];
- if (low < 0)
- return 0;
+ ASSERT (low >= 0);
dst[i++] = (high << 4) | low;
}
}
-const uint8_t *
-decode_hex_dup(const char *hex)
+struct tstring *
+tstring_hex(const char *hex)
{
- uint8_t *p;
+ struct tstring *s;
unsigned length = decode_hex_length(hex);
- p = xalloc(length);
+ s = tstring_alloc(length);
- if (decode_hex(p, hex))
- return p;
- else
- {
- free(p);
- return NULL;
- }
+ decode_hex(s->data, hex);
+ return s;
+}
+
+void
+tstring_print_hex(const struct tstring *s)
+{
+ print_hex (s->length, s->data);
}
void
}
}
- return test_main();
+ test_main();
+
+ tstring_clear();
+ return EXIT_SUCCESS;
}
void
test_cipher(const struct nettle_cipher *cipher,
- unsigned key_length,
- const uint8_t *key,
- unsigned length,
- const uint8_t *cleartext,
- const uint8_t *ciphertext)
+ const struct tstring *key,
+ const struct tstring *cleartext,
+ const struct tstring *ciphertext)
{
void *ctx = xalloc(cipher->context_size);
- uint8_t *data = xalloc(length);
+ uint8_t *data = xalloc(cleartext->length);
+ unsigned length;
+ ASSERT (cleartext->length == ciphertext->length);
+ length = cleartext->length;
- cipher->set_encrypt_key(ctx, key_length, key);
- cipher->encrypt(ctx, length, data, cleartext);
+ cipher->set_encrypt_key(ctx, key->length, key->data);
+ cipher->encrypt(ctx, length, data, cleartext->data);
- if (!MEMEQ(length, data, ciphertext))
+ if (!MEMEQ(length, data, ciphertext->data))
{
fprintf(stderr, "Encrypt failed:\nInput:");
- print_hex(length, cleartext);
+ tstring_print_hex(cleartext);
fprintf(stderr, "\nOutput: ");
print_hex(length, data);
fprintf(stderr, "\nExpected:");
- print_hex(length, ciphertext);
+ tstring_print_hex(ciphertext);
fprintf(stderr, "\n");
FAIL();
}
- cipher->set_decrypt_key(ctx, key_length, key);
+ cipher->set_decrypt_key(ctx, key->length, key->data);
cipher->decrypt(ctx, length, data, data);
- if (!MEMEQ(length, data, cleartext))
+ if (!MEMEQ(length, data, cleartext->data))
{
fprintf(stderr, "Decrypt failed:\nInput:");
- print_hex(length, ciphertext);
+ tstring_print_hex(ciphertext);
fprintf(stderr, "\nOutput: ");
print_hex(length, data);
fprintf(stderr, "\nExpected:");
- print_hex(length, cleartext);
+ tstring_print_hex(cleartext);
fprintf(stderr, "\n");
FAIL();
}
void
test_cipher_cbc(const struct nettle_cipher *cipher,
- unsigned key_length,
- const uint8_t *key,
- unsigned length,
- const uint8_t *cleartext,
- const uint8_t *ciphertext,
- const uint8_t *iiv)
+ const struct tstring *key,
+ const struct tstring *cleartext,
+ const struct tstring *ciphertext,
+ const struct tstring *iiv)
{
void *ctx = xalloc(cipher->context_size);
- uint8_t *data = xalloc(length);
+ uint8_t *data;
uint8_t *iv = xalloc(cipher->block_size);
-
- cipher->set_encrypt_key(ctx, key_length, key);
- memcpy(iv, iiv, cipher->block_size);
+ unsigned length;
+
+ ASSERT (cleartext->length == ciphertext->length);
+ length = cleartext->length;
+
+ ASSERT (iiv->length == cipher->block_size);
+
+ data = xalloc(length);
+ cipher->set_encrypt_key(ctx, key->length, key->data);
+ memcpy(iv, iiv->data, cipher->block_size);
cbc_encrypt(ctx, cipher->encrypt,
cipher->block_size, iv,
- length, data, cleartext);
-
- if (!MEMEQ(length, data, ciphertext))
- FAIL();
+ length, data, cleartext->data);
- cipher->set_decrypt_key(ctx, key_length, key);
- memcpy(iv, iiv, cipher->block_size);
+ if (!MEMEQ(length, data, ciphertext->data))
+ {
+ fprintf(stderr, "CBC encrypt failed:\nInput:");
+ tstring_print_hex(cleartext);
+ fprintf(stderr, "\nOutput: ");
+ print_hex(length, data);
+ fprintf(stderr, "\nExpected:");
+ tstring_print_hex(ciphertext);
+ fprintf(stderr, "\n");
+ FAIL();
+ }
+ cipher->set_decrypt_key(ctx, key->length, key->data);
+ memcpy(iv, iiv->data, cipher->block_size);
cbc_decrypt(ctx, cipher->decrypt,
cipher->block_size, iv,
length, data, data);
- if (!MEMEQ(length, data, cleartext))
- FAIL();
+ if (!MEMEQ(length, data, cleartext->data))
+ {
+ fprintf(stderr, "CBC decrypt failed:\nInput:");
+ tstring_print_hex(ciphertext);
+ fprintf(stderr, "\nOutput: ");
+ print_hex(length, data);
+ fprintf(stderr, "\nExpected:");
+ tstring_print_hex(cleartext);
+ fprintf(stderr, "\n");
+ FAIL();
+ }
free(ctx);
free(data);
void
test_cipher_ctr(const struct nettle_cipher *cipher,
- unsigned key_length,
- const uint8_t *key,
- unsigned length,
- const uint8_t *cleartext,
- const uint8_t *ciphertext,
- const uint8_t *ictr)
+ const struct tstring *key,
+ const struct tstring *cleartext,
+ const struct tstring *ciphertext,
+ const struct tstring *ictr)
{
void *ctx = xalloc(cipher->context_size);
- uint8_t *data = xalloc(length);
+ uint8_t *data;
uint8_t *ctr = xalloc(cipher->block_size);
-
- cipher->set_encrypt_key(ctx, key_length, key);
- memcpy(ctr, ictr, cipher->block_size);
+ uint8_t *octr = xalloc(cipher->block_size);
+ unsigned length;
+ unsigned low, nblocks;
+
+ ASSERT (cleartext->length == ciphertext->length);
+ length = cleartext->length;
+
+ ASSERT (ictr->length == cipher->block_size);
+
+ /* Compute expected counter value after the operation. */
+ nblocks = (length + cipher->block_size - 1) / cipher->block_size;
+ ASSERT (nblocks < 0x100);
+
+ memcpy (octr, ictr->data, cipher->block_size - 1);
+ low = ictr->data[cipher->block_size - 1] + nblocks;
+ octr[cipher->block_size - 1] = low;
+
+ if (low >= 0x100)
+ INCREMENT (cipher->block_size - 1, octr);
+
+ data = xalloc(length);
+
+ cipher->set_encrypt_key(ctx, key->length, key->data);
+ memcpy(ctr, ictr->data, cipher->block_size);
ctr_crypt(ctx, cipher->encrypt,
cipher->block_size, ctr,
- length, data, cleartext);
+ length, data, cleartext->data);
- if (!MEMEQ(length, data, ciphertext))
- FAIL();
+ if (!MEMEQ(length, data, ciphertext->data))
+ {
+ fprintf(stderr, "CTR encrypt failed:\nInput:");
+ tstring_print_hex(cleartext);
+ fprintf(stderr, "\nOutput: ");
+ print_hex(length, data);
+ fprintf(stderr, "\nExpected:");
+ tstring_print_hex(ciphertext);
+ fprintf(stderr, "\n");
+ FAIL();
+ }
+
+ ASSERT (MEMEQ (cipher->block_size, ctr, octr));
- memcpy(ctr, ictr, cipher->block_size);
+ memcpy(ctr, ictr->data, cipher->block_size);
ctr_crypt(ctx, cipher->encrypt,
cipher->block_size, ctr,
length, data, data);
- if (!MEMEQ(length, data, cleartext))
- FAIL();
+ if (!MEMEQ(length, data, cleartext->data))
+ {
+ fprintf(stderr, "CTR decrypt failed:\nInput:");
+ tstring_print_hex(ciphertext);
+ fprintf(stderr, "\nOutput: ");
+ print_hex(length, data);
+ fprintf(stderr, "\nExpected:");
+ tstring_print_hex(cleartext);
+ fprintf(stderr, "\n");
+ FAIL();
+ }
+
+ ASSERT (MEMEQ (cipher->block_size, ctr, octr));
free(ctx);
free(data);
+ free(octr);
free(ctr);
}
void
test_cipher_stream(const struct nettle_cipher *cipher,
- unsigned key_length,
- const uint8_t *key,
- unsigned length,
- const uint8_t *cleartext,
- const uint8_t *ciphertext)
+ const struct tstring *key,
+ const struct tstring *cleartext,
+ const struct tstring *ciphertext)
{
unsigned block;
void *ctx = xalloc(cipher->context_size);
- uint8_t *data = xalloc(length + 1);
-
+ uint8_t *data;
+ unsigned length;
+
+ ASSERT (cleartext->length == ciphertext->length);
+ length = cleartext->length;
+
+ data = xalloc(length + 1);
+
for (block = 1; block <= length; block++)
{
unsigned i;
memset(data, 0x17, length + 1);
- cipher->set_encrypt_key(ctx, key_length, key);
+ cipher->set_encrypt_key(ctx, key->length, key->data);
for (i = 0; i + block < length; i += block)
{
- cipher->encrypt(ctx, block, data + i, cleartext + i);
- if (data[i + block] != 0x17)
- FAIL();
+ cipher->encrypt(ctx, block, data + i, cleartext->data + i);
+ ASSERT (data[i + block] == 0x17);
}
- cipher->encrypt(ctx, length - i, data + i, cleartext + i);
- if (data[length] != 0x17)
- FAIL();
+
+ cipher->encrypt(ctx, length - i, data + i, cleartext->data + i);
+ ASSERT (data[length] == 0x17);
- if (!MEMEQ(length, data, ciphertext))
- FAIL();
+ if (!MEMEQ(length, data, ciphertext->data))
+ {
+ fprintf(stderr, "Encrypt failed, block size %d\nInput:", block);
+ tstring_print_hex(cleartext);
+ fprintf(stderr, "\nOutput: ");
+ print_hex(length, data);
+ fprintf(stderr, "\nExpected:");
+ tstring_print_hex(ciphertext);
+ fprintf(stderr, "\n");
+ FAIL();
+ }
}
- cipher->set_decrypt_key(ctx, key_length, key);
+ cipher->set_decrypt_key(ctx, key->length, key->data);
cipher->decrypt(ctx, length, data, data);
- if (data[length] != 0x17)
- FAIL();
+ ASSERT (data[length] == 0x17);
- if (!MEMEQ(length, data, cleartext))
- FAIL();
+ if (!MEMEQ(length, data, cleartext->data))
+ {
+ fprintf(stderr, "Decrypt failed\nInput:");
+ tstring_print_hex(ciphertext);
+ fprintf(stderr, "\nOutput: ");
+ print_hex(length, data);
+ fprintf(stderr, "\nExpected:");
+ tstring_print_hex(cleartext);
+ fprintf(stderr, "\n");
+ FAIL();
+ }
free(ctx);
free(data);
}
void
+test_aead(const struct nettle_aead *aead,
+ const struct tstring *key,
+ const struct tstring *authtext,
+ const struct tstring *cleartext,
+ const struct tstring *ciphertext,
+ const struct tstring *iv,
+ const struct tstring *digest)
+{
+ void *ctx = xalloc(aead->context_size);
+ uint8_t *data;
+ uint8_t *buffer = xalloc(aead->block_size);
+ unsigned length;
+
+ ASSERT (cleartext->length == ciphertext->length);
+ length = cleartext->length;
+
+ ASSERT (digest->length == aead->block_size);
+
+ data = xalloc(length);
+
+ /* encryption */
+ memset(buffer, 0, aead->block_size);
+ aead->set_key(ctx, key->length, key->data);
+
+ aead->set_iv(ctx, iv->length, iv->data);
+
+ if (authtext->length)
+ aead->update(ctx, authtext->length, authtext->data);
+
+ if (length)
+ aead->encrypt(ctx, length, data, cleartext->data);
+
+ aead->digest(ctx, aead->block_size, buffer);
+
+ ASSERT(MEMEQ(length, data, ciphertext->data));
+ ASSERT(MEMEQ(aead->block_size, buffer, digest->data));
+
+ /* decryption */
+ memset(buffer, 0, aead->block_size);
+ aead->set_iv(ctx, iv->length, iv->data);
+
+ if (authtext->length)
+ aead->update(ctx, authtext->length, authtext->data);
+
+ if (length)
+ aead->decrypt(ctx, length, data, data);
+
+ aead->digest(ctx, aead->block_size, buffer);
+
+ ASSERT(MEMEQ(length, data, cleartext->data));
+ ASSERT(MEMEQ(aead->block_size, buffer, digest->data));
+
+ free(ctx);
+ free(data);
+ free(buffer);
+}
+
+void
test_hash(const struct nettle_hash *hash,
- unsigned length,
- const uint8_t *data,
- const uint8_t *digest)
+ const struct tstring *msg,
+ const struct tstring *digest)
{
void *ctx = xalloc(hash->context_size);
uint8_t *buffer = xalloc(hash->digest_size);
+ uint8_t *input;
+ unsigned offset;
+
+ ASSERT (digest->length == hash->digest_size);
hash->init(ctx);
- hash->update(ctx, length, data);
+ hash->update(ctx, msg->length, msg->data);
hash->digest(ctx, hash->digest_size, buffer);
- if (!MEMEQ(hash->digest_size, digest, buffer))
- FAIL();
+ if (MEMEQ(hash->digest_size, digest->data, buffer) == 0)
+ {
+ fprintf(stdout, "\nGot:\n");
+ print_hex(hash->digest_size, buffer);
+ fprintf(stdout, "\nExpected:\n");
+ print_hex(hash->digest_size, digest->data);
+ abort();
+ }
memset(buffer, 0, hash->digest_size);
hash->init(ctx);
- hash->update(ctx, length, data);
+ hash->update(ctx, msg->length, msg->data);
hash->digest(ctx, hash->digest_size - 1, buffer);
- if (!MEMEQ(hash->digest_size - 1, digest, buffer))
- FAIL();
+ ASSERT(MEMEQ(hash->digest_size - 1, digest->data, buffer));
- if (buffer[hash->digest_size - 1])
- FAIL();
+ ASSERT(buffer[hash->digest_size - 1] == 0);
+ input = xalloc (msg->length + 16);
+ for (offset = 0; offset < 16; offset++)
+ {
+ memset (input, 0, msg->length + 16);
+ memcpy (input + offset, msg->data, msg->length);
+ hash->update (ctx, msg->length, input + offset);
+ hash->digest (ctx, hash->digest_size, buffer);
+ if (MEMEQ(hash->digest_size, digest->data, buffer) == 0)
+ {
+ fprintf(stdout, "hash input address: %p\nGot:\n", input + offset);
+ print_hex(hash->digest_size, buffer);
+ fprintf(stdout, "\nExpected:\n");
+ print_hex(hash->digest_size, digest->data);
+ abort();
+ }
+ }
free(ctx);
free(buffer);
+ free(input);
}
void
test_hash_large(const struct nettle_hash *hash,
unsigned count, unsigned length,
uint8_t c,
- const uint8_t *digest)
+ const struct tstring *digest)
{
void *ctx = xalloc(hash->context_size);
uint8_t *buffer = xalloc(hash->digest_size);
uint8_t *data = xalloc(length);
unsigned i;
+ ASSERT (digest->length == hash->digest_size);
+
memset(data, c, length);
hash->init(ctx);
print_hex(hash->digest_size, buffer);
- if (!MEMEQ(hash->digest_size, digest, buffer))
- FAIL();
+ ASSERT (MEMEQ(hash->digest_size, digest->data, buffer));
free(ctx);
free(buffer);
}
void
-test_mac(const struct nettle_mac *mac,
- unsigned key_length, const uint8_t *key,
- unsigned msg_length, const uint8_t *msg,
- const uint8_t *digest)
-{
- void *ctx = xalloc(mac->context_size);
- uint8_t *buffer = xalloc(mac->digest_size);
-
- mac->set_key(ctx, key_length, key);
- mac->update(ctx, msg_length, msg);
- mac->digest(ctx, mac->digest_size, buffer);
- ASSERT(MEMEQ(mac->digest_size, digest, buffer));
-
- free(ctx);
- free(buffer);
-}
-
-void
test_armor(const struct nettle_armor *armor,
unsigned data_length,
const uint8_t *data,
done += armor->encode_final(encode, buffer + done);
ASSERT(done == ascii_length);
- if (!MEMEQ(ascii_length, buffer, ascii))
- FAIL();
-
- if (0x33 != buffer[strlen(ascii)])
- FAIL();
+ ASSERT (MEMEQ(ascii_length, buffer, ascii));
+ ASSERT (0x33 == buffer[strlen(ascii)]);
armor->decode_init(decode);
done = armor->decode_length(ascii_length);
ASSERT(done == data_length);
ASSERT(armor->decode_final(decode));
- if (!MEMEQ(data_length, check, data))
- FAIL();
-
- if (0x55 != check[data_length])
- FAIL();
+ ASSERT (MEMEQ(data_length, check, data));
+ ASSERT (0x55 == check[data_length]);
free(buffer);
free(check);
#endif /* HAVE_LIBGMP */
#if WITH_HOGWEED
+
+mp_limb_t *
+xalloc_limbs (mp_size_t n)
+{
+ return xalloc (n * sizeof (mp_limb_t));
+}
+
#define SIGN(key, hash, msg, signature) do { \
- hash##_update(&hash, LDATA(msg)); \
+ hash##_update(&hash, LDATA(msg)); \
ASSERT(rsa_##hash##_sign(key, &hash, signature)); \
} while(0)
"e545fbb4cf", 16);
mpz_set_str(pub->e, "0db2ad57", 16);
- if (!rsa_public_key_prepare(pub))
- FAIL();
+ ASSERT (rsa_public_key_prepare(pub));
/* d is not used */
#if 0
"e2df9607cee95fa8" "daec7a389a7d9afc" "8dd21fef9d83805a"
"40d46f49676a2f6b" "2926f70c572c00", 16);
- if (!rsa_private_key_prepare(key))
- FAIL();
-
- if (pub->size != key->size)
- FAIL();
+ ASSERT (rsa_private_key_prepare(key));
+ ASSERT (pub->size == key->size);
}
void
fprintf(stderr, "\n");
}
- if (mpz_cmp(signature, expected))
- FAIL();
+ ASSERT (mpz_cmp(signature, expected) == 0);
/* Try bad data */
- if (VERIFY(pub, md5,
- "The magick words are squeamish ossifrage", signature))
- FAIL();
+ ASSERT (!VERIFY(pub, md5,
+ "The magick words are squeamish ossifrage", signature));
/* Try correct data */
- if (!VERIFY(pub, md5,
- "The magic words are squeamish ossifrage", signature))
- FAIL();
+ ASSERT (VERIFY(pub, md5,
+ "The magic words are squeamish ossifrage", signature));
/* Try bad signature */
mpz_togglebit(signature, 17);
-
- if (VERIFY(pub, md5,
- "The magic words are squeamish ossifrage", signature))
- FAIL();
+ ASSERT (!VERIFY(pub, md5,
+ "The magic words are squeamish ossifrage", signature));
mpz_clear(signature);
}
fprintf(stderr, "\n");
}
- if (mpz_cmp(signature, expected))
- FAIL();
+ ASSERT (mpz_cmp(signature, expected) == 0);
/* Try bad data */
- if (VERIFY(pub, sha1,
- "The magick words are squeamish ossifrage", signature))
- FAIL();
+ ASSERT (!VERIFY(pub, sha1,
+ "The magick words are squeamish ossifrage", signature));
/* Try correct data */
- if (!VERIFY(pub, sha1,
- "The magic words are squeamish ossifrage", signature))
- FAIL();
+ ASSERT (VERIFY(pub, sha1,
+ "The magic words are squeamish ossifrage", signature));
/* Try bad signature */
mpz_togglebit(signature, 17);
-
- if (VERIFY(pub, sha1,
- "The magic words are squeamish ossifrage", signature))
- FAIL();
+ ASSERT (!VERIFY(pub, sha1,
+ "The magic words are squeamish ossifrage", signature));
mpz_clear(signature);
}
fprintf(stderr, "\n");
}
- if (mpz_cmp(signature, expected))
- FAIL();
+ ASSERT (mpz_cmp(signature, expected) == 0);
/* Try bad data */
- if (VERIFY(pub, sha256,
- "The magick words are squeamish ossifrage", signature))
- FAIL();
+ ASSERT (!VERIFY(pub, sha256,
+ "The magick words are squeamish ossifrage", signature));
/* Try correct data */
- if (!VERIFY(pub, sha256,
- "The magic words are squeamish ossifrage", signature))
- FAIL();
+ ASSERT (VERIFY(pub, sha256,
+ "The magic words are squeamish ossifrage", signature));
/* Try bad signature */
mpz_togglebit(signature, 17);
-
- if (VERIFY(pub, sha256,
- "The magic words are squeamish ossifrage", signature))
- FAIL();
+ ASSERT (!VERIFY(pub, sha256,
+ "The magic words are squeamish ossifrage", signature));
mpz_clear(signature);
}
fprintf(stderr, "\n");
}
- if (mpz_cmp(signature, expected))
- FAIL();
+ ASSERT (mpz_cmp(signature, expected) == 0);
/* Try bad data */
- if (VERIFY(pub, sha512,
- "The magick words are squeamish ossifrage", signature))
- FAIL();
+ ASSERT (!VERIFY(pub, sha512,
+ "The magick words are squeamish ossifrage", signature));
/* Try correct data */
- if (!VERIFY(pub, sha512,
- "The magic words are squeamish ossifrage", signature))
- FAIL();
+ ASSERT (VERIFY(pub, sha512,
+ "The magic words are squeamish ossifrage", signature));
/* Try bad signature */
mpz_togglebit(signature, 17);
-
- if (VERIFY(pub, sha512,
- "The magic words are squeamish ossifrage", signature))
- FAIL();
+ ASSERT (!VERIFY(pub, sha512,
+ "The magic words are squeamish ossifrage", signature));
mpz_clear(signature);
}
/* Check n = p q */
mpz_mul(tmp, key->p, key->q);
- if (mpz_cmp(tmp, pub->n))
- FAIL();
+ ASSERT (mpz_cmp(tmp, pub->n)== 0);
/* Check c q = 1 mod p */
mpz_mul(tmp, key->c, key->q);
mpz_fdiv_r(tmp, tmp, key->p);
- if (mpz_cmp_ui(tmp, 1))
- FAIL();
+ ASSERT (mpz_cmp_ui(tmp, 1) == 0);
/* Check ed = 1 (mod phi) */
mpz_sub_ui(phi, key->p, 1);
mpz_mul(tmp, pub->e, key->d);
mpz_fdiv_r(tmp, tmp, phi);
- if (mpz_cmp_ui(tmp, 1))
- FAIL();
+ ASSERT (mpz_cmp_ui(tmp, 1) == 0);
/* Check a e = 1 (mod (p-1) ) */
mpz_sub_ui(phi, key->p, 1);
mpz_mul(tmp, pub->e, key->a);
mpz_fdiv_r(tmp, tmp, phi);
- if (mpz_cmp_ui(tmp, 1))
- FAIL();
+ ASSERT (mpz_cmp_ui(tmp, 1) == 0);
/* Check b e = 1 (mod (q-1) ) */
mpz_sub_ui(phi, key->q, 1);
mpz_mul(tmp, pub->e, key->b);
mpz_fdiv_r(tmp, tmp, phi);
- if (mpz_cmp_ui(tmp, 1))
- FAIL();
+ ASSERT (mpz_cmp_ui(tmp, 1) == 0);
mpz_clear(tmp); mpz_clear(phi);
}
}
if (expected)
- if (mpz_cmp (signature.r, expected->r)
- || mpz_cmp (signature.s, expected->s))
- FAIL();
+ ASSERT (mpz_cmp (signature.r, expected->r) == 0
+ && mpz_cmp (signature.s, expected->s) == 0);
/* Try bad data */
- if (DSA_VERIFY(pub, sha1,
- "The magick words are squeamish ossifrage", &signature))
- FAIL();
+ ASSERT (!DSA_VERIFY(pub, sha1,
+ "The magick words are squeamish ossifrage",
+ &signature));
/* Try correct data */
- if (!DSA_VERIFY(pub, sha1,
- "The magic words are squeamish ossifrage", &signature))
- FAIL();
+ ASSERT (DSA_VERIFY(pub, sha1,
+ "The magic words are squeamish ossifrage",
+ &signature));
/* Try bad signature */
mpz_togglebit(signature.r, 17);
-
- if (DSA_VERIFY(pub, sha1,
- "The magic words are squeamish ossifrage", &signature))
- FAIL();
+ ASSERT (!DSA_VERIFY(pub, sha1,
+ "The magic words are squeamish ossifrage",
+ &signature));
dsa_signature_clear(&signature);
}
}
if (expected)
- if (mpz_cmp (signature.r, expected->r)
- || mpz_cmp (signature.s, expected->s))
- FAIL();
+ ASSERT (mpz_cmp (signature.r, expected->r) == 0
+ && mpz_cmp (signature.s, expected->s) == 0);
/* Try bad data */
- if (DSA_VERIFY(pub, sha256,
- "The magick words are squeamish ossifrage", &signature))
- FAIL();
+ ASSERT (!DSA_VERIFY(pub, sha256,
+ "The magick words are squeamish ossifrage",
+ &signature));
/* Try correct data */
- if (!DSA_VERIFY(pub, sha256,
- "The magic words are squeamish ossifrage", &signature))
- FAIL();
+ ASSERT (DSA_VERIFY(pub, sha256,
+ "The magic words are squeamish ossifrage",
+ &signature));
/* Try bad signature */
mpz_togglebit(signature.r, 17);
-
- if (DSA_VERIFY(pub, sha256,
- "The magic words are squeamish ossifrage", &signature))
- FAIL();
+ ASSERT (!DSA_VERIFY(pub, sha256,
+ "The magic words are squeamish ossifrage",
+ &signature));
dsa_signature_clear(&signature);
}
mpz_powm(t, pub->g, key->x, pub->p);
ASSERT(0 == mpz_cmp(t, pub->y));
+
+ mpz_clear(t);
+}
+
+const struct ecc_curve * const ecc_curves[] = {
+ &nettle_secp_192r1,
+ &nettle_secp_224r1,
+ &nettle_secp_256r1,
+ &nettle_secp_384r1,
+ &nettle_secp_521r1,
+ NULL
};
+static int
+test_mpn (const char *ref, const mp_limb_t *xp, mp_size_t n)
+{
+ mpz_t r;
+ int res;
+
+ mpz_init_set_str (r, ref, 16);
+ while (n > 0 && xp[n-1] == 0)
+ n--;
+
+ res = (mpz_limbs_cmp (r, xp, n) == 0);
+ mpz_clear (r);
+ return res;
+}
+
+struct ecc_ref_point
+{
+ const char *x;
+ const char *y;
+};
+
+static void
+test_ecc_point (const struct ecc_curve *ecc,
+ const struct ecc_ref_point *ref,
+ const mp_limb_t *p)
+{
+ if (! (test_mpn (ref->x, p, ecc->size)
+ && test_mpn (ref->y, p + ecc->size, ecc->size) ))
+ {
+ gmp_fprintf (stderr, "Incorrect point!\n"
+ "got: x = %Nx\n"
+ " y = %Nx\n"
+ "ref: x = %s\n"
+ " y = %s\n",
+ p, ecc->size, p + ecc->size, ecc->size,
+ ref->x, ref->y);
+ abort();
+ }
+}
+
+void
+test_ecc_mul_a (unsigned curve, unsigned n, const mp_limb_t *p)
+{
+ /* For each curve, the points 2 g, 3 g and 4 g */
+ static const struct ecc_ref_point ref[5][3] = {
+ { { "dafebf5828783f2ad35534631588a3f629a70fb16982a888",
+ "dd6bda0d993da0fa46b27bbc141b868f59331afa5c7e93ab" },
+ { "76e32a2557599e6edcd283201fb2b9aadfd0d359cbb263da",
+ "782c37e372ba4520aa62e0fed121d49ef3b543660cfd05fd" },
+ { "35433907297cc378b0015703374729d7a4fe46647084e4ba",
+ "a2649984f2135c301ea3acb0776cd4f125389b311db3be32" }
+ },
+ { { "706a46dc76dcb76798e60e6d89474788d16dc18032d268fd1a704fa6",
+ "1c2b76a7bc25e7702a704fa986892849fca629487acf3709d2e4e8bb" },
+ { "df1b1d66a551d0d31eff822558b9d2cc75c2180279fe0d08fd896d04",
+ "a3f7f03cadd0be444c0aa56830130ddf77d317344e1af3591981a925" },
+ { "ae99feebb5d26945b54892092a8aee02912930fa41cd114e40447301",
+ "482580a0ec5bc47e88bc8c378632cd196cb3fa058a7114eb03054c9" },
+ },
+ { { "7cf27b188d034f7e8a52380304b51ac3c08969e277f21b35a60b48fc47669978",
+ "7775510db8ed040293d9ac69f7430dbba7dade63ce982299e04b79d227873d1" },
+ { "5ecbe4d1a6330a44c8f7ef951d4bf165e6c6b721efada985fb41661bc6e7fd6c",
+ "8734640c4998ff7e374b06ce1a64a2ecd82ab036384fb83d9a79b127a27d5032" },
+ { "e2534a3532d08fbba02dde659ee62bd0031fe2db785596ef509302446b030852",
+ "e0f1575a4c633cc719dfee5fda862d764efc96c3f30ee0055c42c23f184ed8c6" },
+ },
+ { { "8d999057ba3d2d969260045c55b97f089025959a6f434d651d207d19fb96e9e"
+ "4fe0e86ebe0e64f85b96a9c75295df61",
+ "8e80f1fa5b1b3cedb7bfe8dffd6dba74b275d875bc6cc43e904e505f256ab425"
+ "5ffd43e94d39e22d61501e700a940e80" },
+ { "77a41d4606ffa1464793c7e5fdc7d98cb9d3910202dcd06bea4f240d3566da6"
+ "b408bbae5026580d02d7e5c70500c831",
+ "c995f7ca0b0c42837d0bbe9602a9fc998520b41c85115aa5f7684c0edc111eac"
+ "c24abd6be4b5d298b65f28600a2f1df1" },
+ { "138251cd52ac9298c1c8aad977321deb97e709bd0b4ca0aca55dc8ad51dcfc9d"
+ "1589a1597e3a5120e1efd631c63e1835",
+ "cacae29869a62e1631e8a28181ab56616dc45d918abc09f3ab0e63cf792aa4dc"
+ "ed7387be37bba569549f1c02b270ed67" },
+ },
+ { { "43"
+ "3c219024277e7e682fcb288148c282747403279b1ccc06352c6e5505d769be97"
+ "b3b204da6ef55507aa104a3a35c5af41cf2fa364d60fd967f43e3933ba6d783d",
+ "f4"
+ "bb8cc7f86db26700a7f3eceeeed3f0b5c6b5107c4da97740ab21a29906c42dbb"
+ "b3e377de9f251f6b93937fa99a3248f4eafcbe95edc0f4f71be356d661f41b02"
+ },
+ { "1a7"
+ "3d352443de29195dd91d6a64b5959479b52a6e5b123d9ab9e5ad7a112d7a8dd1"
+ "ad3f164a3a4832051da6bd16b59fe21baeb490862c32ea05a5919d2ede37ad7d",
+ "13e"
+ "9b03b97dfa62ddd9979f86c6cab814f2f1557fa82a9d0317d2f8ab1fa355ceec"
+ "2e2dd4cf8dc575b02d5aced1dec3c70cf105c9bc93a590425f588ca1ee86c0e5" },
+ { "35"
+ "b5df64ae2ac204c354b483487c9070cdc61c891c5ff39afc06c5d55541d3ceac"
+ "8659e24afe3d0750e8b88e9f078af066a1d5025b08e5a5e2fbc87412871902f3",
+ "82"
+ "096f84261279d2b673e0178eb0b4abb65521aef6e6e32e1b5ae63fe2f19907f2"
+ "79f283e54ba385405224f750a95b85eebb7faef04699d1d9e21f47fc346e4d0d" },
+ }
+ };
+ assert (curve < 5);
+ assert (n >= 2 && n <= 4);
+ test_ecc_point (ecc_curves[curve], &ref[curve][n-2], p);
+}
+
+void
+test_ecc_mul_j (unsigned curve, unsigned n, const mp_limb_t *p)
+{
+ const struct ecc_curve *ecc = ecc_curves[curve];
+ mp_limb_t *np = xalloc_limbs (ecc_size_a (ecc));
+ mp_limb_t *scratch = xalloc_limbs (ecc_j_to_a_itch(ecc));
+ ecc_j_to_a (ecc, 1, np, p, scratch);
+
+ test_ecc_mul_a (curve, n, np);
+
+ free (np);
+ free (scratch);
+}
+
#endif /* WITH_HOGWEED */
#include "nettle-types.h"
-#include <string.h>
+#include <stdarg.h>
#include <stdlib.h>
#include <stdio.h>
+#include <string.h>
#if HAVE_LIBGMP
# include "bignum.h"
#if WITH_HOGWEED
# include "rsa.h"
# include "dsa.h"
+# include "ecc-curve.h"
+# include "ecc.h"
+# include "ecc-internal.h"
+# include "ecdsa.h"
+# include "gmp-glue.h"
#endif
#include "nettle-meta.h"
+/* Forward declare */
+struct nettle_aead;
+
#ifdef __cplusplus
extern "C" {
#endif
+void
+die(const char *format, ...) PRINTF_STYLE (1, 2) NORETURN;
+
void *
xalloc(size_t size);
-/* Decodes a NUL-terminated hex string. */
+struct tstring {
+ struct tstring *next;
+ unsigned length;
+ uint8_t data[1];
+};
-unsigned
-decode_hex_length(const char *hex);
+struct tstring *
+tstring_alloc (unsigned length);
+
+void
+tstring_clear(void);
-int
-decode_hex(uint8_t *dst, const char *hex);
+struct tstring *
+tstring_data(unsigned length, const char *data);
-/* Allocates space */
-const uint8_t *
-decode_hex_dup(const char *hex);
+struct tstring *
+tstring_hex(const char *hex);
+
+void
+tstring_print_hex(const struct tstring *s);
+
+/* Decodes a NUL-terminated hex string. */
void
print_hex(unsigned length, const uint8_t *data);
/* The main program */
-int
+void
test_main(void);
extern int verbose;
hmac_##name##_update, \
hmac_##name##_digest, \
}
-
+
+/* Test functions deallocate their inputs when finished.*/
void
test_cipher(const struct nettle_cipher *cipher,
- unsigned key_length,
- const uint8_t *key,
- unsigned length,
- const uint8_t *cleartext,
- const uint8_t *ciphertext);
+ const struct tstring *key,
+ const struct tstring *cleartext,
+ const struct tstring *ciphertext);
void
test_cipher_cbc(const struct nettle_cipher *cipher,
- unsigned key_length,
- const uint8_t *key,
- unsigned length,
- const uint8_t *cleartext,
- const uint8_t *ciphertext,
- const uint8_t *iv);
+ const struct tstring *key,
+ const struct tstring *cleartext,
+ const struct tstring *ciphertext,
+ const struct tstring *iv);
void
test_cipher_ctr(const struct nettle_cipher *cipher,
- unsigned key_length,
- const uint8_t *key,
- unsigned length,
- const uint8_t *cleartext,
- const uint8_t *ciphertext,
- const uint8_t *iv);
+ const struct tstring *key,
+ const struct tstring *cleartext,
+ const struct tstring *ciphertext,
+ const struct tstring *iv);
void
test_cipher_stream(const struct nettle_cipher *cipher,
- unsigned key_length,
- const uint8_t *key,
- unsigned length,
- const uint8_t *cleartext,
- const uint8_t *ciphertext);
+ const struct tstring *key,
+ const struct tstring *cleartext,
+ const struct tstring *ciphertext);
+
+void
+test_aead(const struct nettle_aead *aead,
+ const struct tstring *key,
+ const struct tstring *authtext,
+ const struct tstring *cleartext,
+ const struct tstring *ciphertext,
+ const struct tstring *iv,
+ const struct tstring *digest);
void
test_hash(const struct nettle_hash *hash,
- unsigned length,
- const uint8_t *data,
- const uint8_t *digest);
+ const struct tstring *msg,
+ const struct tstring *digest);
void
test_hash_large(const struct nettle_hash *hash,
unsigned count, unsigned length,
uint8_t c,
- const uint8_t *digest);
-
-void
-test_mac(const struct nettle_mac *mac,
- unsigned key_length, const uint8_t *key,
- unsigned msg_length, const uint8_t *msg,
- const uint8_t *digest);
+ const struct tstring *digest);
void
test_armor(const struct nettle_armor *armor,
const uint8_t *ascii);
#if WITH_HOGWEED
+mp_limb_t *
+xalloc_limbs (mp_size_t n);
+
void
test_rsa_set_key_1(struct rsa_public_key *pub,
struct rsa_private_key *key);
struct dsa_private_key *key,
unsigned q_size);
-#endif /* WITH_HOGWEED */
+extern const struct ecc_curve * const ecc_curves[];
-#ifdef __cplusplus
-}
-#endif
+void
+test_ecc_mul_a (unsigned curve, unsigned n, const mp_limb_t *p);
-#define H2(d, s) decode_hex((d), (s))
-#define H(x) decode_hex_dup(x)
-#define HL(x) decode_hex_length(x), decode_hex_dup(x)
+void
+test_ecc_mul_j (unsigned curve, unsigned n, const mp_limb_t *p);
+#endif /* WITH_HOGWEED */
+
/* LDATA needs to handle NUL characters. */
#define LLENGTH(x) (sizeof(x) - 1)
-#define LDATA(x) (sizeof(x) - 1), x
+#define LDATA(x) LLENGTH(x), x
#define LDUP(x) strlen(x), strdup(x)
+#define SHEX(x) (tstring_hex(x))
+#define SDATA(x) ((const struct tstring *)tstring_data(LLENGTH(x), x))
+#define H(x) (SHEX(x)->data)
+
#define MEMEQ(length, a, b) (!memcmp((a), (b), (length)))
-#define MEMEQH(length, a, b) \
-((length) == decode_hex_length((b)) \
- && !memcmp((a), decode_hex_dup((b)), (length)))
#define FAIL() abort()
#define SKIP() exit(77)
-#define SUCCESS() return EXIT_SUCCESS
-#define ASSERT(x) do { if (!(x)) FAIL(); } while(0)
+#define ASSERT(x) do { \
+ if (!(x)) \
+ { \
+ fprintf(stderr, "Assert failed %d: %s\n", __LINE__, #x); \
+ FAIL(); \
+ } \
+ } while(0)
+
+#ifdef __cplusplus
+}
+#endif
#endif /* NETTLE_TESTUTILS_H_INCLUDED */
#include "testutils.h"
#include "twofish.h"
-int
+void
test_main(void)
{
/* 128 bit key */
test_cipher(&nettle_twofish128,
- HL("0000000000000000 0000000000000000"),
- HL("0000000000000000 0000000000000000"),
- H("9F589F5CF6122C32 B6BFEC2F2AE8C35A"));
+ SHEX("0000000000000000 0000000000000000"),
+ SHEX("0000000000000000 0000000000000000"),
+ SHEX("9F589F5CF6122C32 B6BFEC2F2AE8C35A"));
/* 192 bit key */
test_cipher(&nettle_twofish192,
- HL("0123456789ABCDEF FEDCBA9876543210"
- "0011223344556677"),
- HL("0000000000000000 0000000000000000"),
- H("CFD1D2E5A9BE9CDF 501F13B892BD2248"));
+ SHEX("0123456789ABCDEF FEDCBA9876543210"
+ "0011223344556677"),
+ SHEX("0000000000000000 0000000000000000"),
+ SHEX("CFD1D2E5A9BE9CDF 501F13B892BD2248"));
/* 256 bit key */
test_cipher(&nettle_twofish256,
- HL("0123456789ABCDEF FEDCBA9876543210"
- "0011223344556677 8899AABBCCDDEEFF"),
- HL("0000000000000000 0000000000000000"),
- H("37527BE0052334B8 9F0CFCCAE87CFA20"));
-
- SUCCESS();
+ SHEX("0123456789ABCDEF FEDCBA9876543210"
+ "0011223344556677 8899AABBCCDDEEFF"),
+ SHEX("0000000000000000 0000000000000000"),
+ SHEX("37527BE0052334B8 9F0CFCCAE87CFA20"));
}
--- /dev/null
+#include "testutils.h"
+#include "umac.h"
+
+/* FIXME: Missing tests:
+
+ Getting to unlikely cases in the poly64 and poly128 operations.
+*/
+
+static void
+update (void *ctx, nettle_hash_update_func *f,
+ const struct tstring *msg,
+ unsigned length)
+{
+ for (; length > msg->length; length -= msg->length)
+ f(ctx, msg->length, msg->data);
+ f(ctx, length, msg->data);
+}
+
+static void
+check_digest (const char *name, void *ctx, nettle_hash_digest_func *f,
+ const struct tstring *msg, unsigned length,
+ unsigned tag_length, const uint8_t *ref)
+{
+ uint8_t tag[16];
+ f(ctx, tag_length, tag);
+ if (memcmp (tag, ref, tag_length) != 0)
+ {
+ printf ("%s failed\n", name);
+ printf ("msg: "); print_hex (msg->length, msg->data);
+ printf ("length: %u\n", length);
+ printf ("tag: "); print_hex (tag_length, tag);
+ printf ("ref: "); print_hex (tag_length, ref);
+ abort ();
+ }
+
+}
+
+static void
+test_umac (const struct tstring *key,
+ const struct tstring *nonce,
+ const struct tstring *msg,
+ unsigned length,
+ const struct tstring *ref32,
+ const struct tstring *ref64,
+ const struct tstring *ref128)
+{
+ struct umac32_ctx ctx32;
+ struct umac64_ctx ctx64;
+ struct umac96_ctx ctx96;
+ struct umac128_ctx ctx128;
+
+ ASSERT (key->length == UMAC_KEY_SIZE);
+ ASSERT (ref32->length == 4);
+ ASSERT (ref64->length == 8);
+ ASSERT (ref128->length == 16);
+
+ umac32_set_key (&ctx32, key->data);
+ umac32_set_nonce (&ctx32, nonce->length, nonce->data);
+
+ update(&ctx32, (nettle_hash_update_func *) umac32_update, msg, length);
+
+ check_digest ("umac32", &ctx32, (nettle_hash_digest_func *) umac32_digest,
+ msg, length, 4, ref32->data);
+
+ umac64_set_key (&ctx64, key->data);
+ umac64_set_nonce (&ctx64, nonce->length, nonce->data);
+
+ update(&ctx64, (nettle_hash_update_func *) umac64_update, msg, length);
+
+ check_digest ("umac64", &ctx64, (nettle_hash_digest_func *) umac64_digest,
+ msg, length, 8, ref64->data);
+
+ umac96_set_key (&ctx96, key->data);
+ umac96_set_nonce (&ctx96, nonce->length, nonce->data);
+
+ update(&ctx96, (nettle_hash_update_func *) umac96_update, msg, length);
+
+ check_digest ("umac96", &ctx96, (nettle_hash_digest_func *) umac96_digest,
+ msg, length, 12, ref128->data);
+
+ umac128_set_key (&ctx128, key->data);
+ umac128_set_nonce (&ctx128, nonce->length, nonce->data);
+
+ update(&ctx128, (nettle_hash_update_func *) umac128_update, msg, length);
+
+ check_digest ("umac128", &ctx128, (nettle_hash_digest_func *) umac128_digest,
+ msg, length, 16, ref128->data);
+}
+
+static void
+test_align(const struct tstring *key,
+ const struct tstring *nonce,
+ const struct tstring *msg,
+ unsigned length,
+ const struct tstring *ref32,
+ const struct tstring *ref64,
+ const struct tstring *ref128)
+{
+ uint8_t *buffer = xalloc(length + 16);
+ unsigned offset;
+ for (offset = 0; offset < 16; offset++)
+ {
+ struct umac32_ctx ctx32;
+ struct umac64_ctx ctx64;
+ struct umac96_ctx ctx96;
+ struct umac128_ctx ctx128;
+
+ uint8_t *input;
+ unsigned i;
+
+ memset(buffer, 17, length + 16);
+ input = buffer + offset;
+
+ for (i = 0; i + msg->length < length; i += msg->length)
+ memcpy (input + i, msg->data, msg->length);
+ memcpy (input + i, msg->data, length - i);
+
+ umac32_set_key (&ctx32, key->data);
+ umac32_set_nonce (&ctx32, nonce->length, nonce->data);
+
+ umac32_update(&ctx32, length, input);
+
+ check_digest ("umac32 (alignment)",
+ &ctx32, (nettle_hash_digest_func *) umac32_digest,
+ msg, length, 4, ref32->data);
+
+ umac64_set_key (&ctx64, key->data);
+ umac64_set_nonce (&ctx64, nonce->length, nonce->data);
+
+ umac64_update(&ctx64, length, input);
+
+ check_digest ("umac64 (alignment)",
+ &ctx64, (nettle_hash_digest_func *) umac64_digest,
+ msg, length, 8, ref64->data);
+
+ umac96_set_key (&ctx96, key->data);
+ umac96_set_nonce (&ctx96, nonce->length, nonce->data);
+
+ umac96_update(&ctx96, length, input);
+
+ check_digest ("umac96 (alignment)",
+ &ctx96, (nettle_hash_digest_func *) umac96_digest,
+ msg, length, 12, ref128->data);
+
+ umac128_set_key (&ctx128, key->data);
+ umac128_set_nonce (&ctx128, nonce->length, nonce->data);
+
+ umac128_update(&ctx128, length, input);
+
+ check_digest ("umac128 (alignment)",
+ &ctx128, (nettle_hash_digest_func *) umac128_digest,
+ msg, length, 16, ref128->data);
+ }
+ free (buffer);
+}
+
+static void
+test_incr (const struct tstring *key,
+ const struct tstring *nonce,
+ unsigned count,
+ const struct tstring *msg,
+ const struct tstring *ref32,
+ const struct tstring *ref64,
+ const struct tstring *ref128)
+{
+ struct umac32_ctx ctx32;
+ struct umac64_ctx ctx64;
+ struct umac96_ctx ctx96;
+ struct umac128_ctx ctx128;
+
+ unsigned i;
+
+ ASSERT (key->length == UMAC_KEY_SIZE);
+ ASSERT (ref32->length == 4 * count);
+ ASSERT (ref64->length == 8 * count);
+ ASSERT (ref128->length == 16 * count);
+ umac32_set_key (&ctx32, key->data);
+ umac64_set_key (&ctx64, key->data);
+ umac96_set_key (&ctx96, key->data);
+ umac128_set_key (&ctx128, key->data);
+ if (nonce)
+ {
+ umac32_set_nonce (&ctx32, nonce->length, nonce->data);
+ umac64_set_nonce (&ctx64, nonce->length, nonce->data);
+ umac96_set_nonce (&ctx96, nonce->length, nonce->data);
+ umac128_set_nonce (&ctx128, nonce->length, nonce->data);
+ }
+ for (i = 0; i < count; i++)
+ {
+ umac32_update (&ctx32, msg->length, msg->data);
+ check_digest ("umac32 incr",
+ &ctx32, (nettle_hash_digest_func *) umac32_digest,
+ msg, i, 4, ref32->data + 4*i);
+
+ umac64_update (&ctx64, msg->length, msg->data);
+ check_digest ("umac64 incr",
+ &ctx64, (nettle_hash_digest_func *) umac64_digest,
+ msg, i, 8, ref64->data + 8*i);
+
+ umac96_update (&ctx96, msg->length, msg->data);
+ check_digest ("umac96 incr",
+ &ctx96, (nettle_hash_digest_func *) umac96_digest,
+ msg, i, 12, ref128->data + 16*i);
+
+ umac128_update (&ctx128, msg->length, msg->data);
+ check_digest ("umac128 incr",
+ &ctx128, (nettle_hash_digest_func *) umac128_digest,
+ msg, i, 16, ref128->data + 16*i);
+
+ }
+}
+
+void
+test_main(void)
+{
+ /* From RFC 4418 (except that it lacks the last 32 bits of 128-bit
+ tags) */
+ test_umac (SDATA("abcdefghijklmnop"), SDATA("bcdefghi"),
+ SDATA(""), 0,
+ SHEX("113145FB"),
+ SHEX("6E155FAD26900BE1"),
+ SHEX("32fedb100c79ad58f07ff7643cc60465"));
+ test_umac (SDATA("abcdefghijklmnop"), SDATA("bcdefghi"),
+ SDATA("a"), 3,
+ SHEX("3B91D102"),
+ SHEX("44B5CB542F220104"),
+ SHEX("185e4fe905cba7bd85e4c2dc3d117d8d"));
+ test_umac (SDATA("abcdefghijklmnop"), SDATA("bcdefghi"),
+ SDATA("a"), 1<<10,
+ SHEX("599B350B"),
+ SHEX("26BF2F5D60118BD9"),
+ SHEX("7a54abe04af82d60fb298c3cbd195bcb"));
+
+ test_umac (SDATA("abcdefghijklmnop"), SDATA("bcdefghi"),
+ SDATA("aaaaaaaa"), 1<<15,
+ SHEX("58DCF532"),
+ SHEX("27F8EF643B0D118D"),
+ SHEX("7b136bd911e4b734286ef2be501f2c3c"));
+ test_umac (SDATA("abcdefghijklmnop"), SDATA("bcdefghi"),
+ SDATA("aaaaaaaa"), 1<<20,
+ SHEX("DB6364D1"),
+ SHEX("A4477E87E9F55853"),
+ SHEX("f8acfa3ac31cfeea047f7b115b03bef5"));
+ /* Needs POLY128 */
+ /* For the 'a' * 2^25 testcase, see errata
+ http://fastcrypto.org/umac/rfc4418.errata.txt */
+ test_umac (SDATA("abcdefghijklmnop"), SDATA ("bcdefghi"),
+ SDATA ("aaaaaaaa"), 1<<25,
+ SHEX("85EE5CAE"),
+ SHEX("FACA46F856E9B45F"),
+ SHEX("a621c2457c0012e64f3fdae9e7e1870c"));
+ test_umac (SDATA("abcdefghijklmnop"), SDATA ("bcdefghi"),
+ SDATA ("abc"), 3,
+ SHEX("ABF3A3A0"),
+ SHEX("D4D7B9F6BD4FBFCF"),
+ SHEX("883c3d4b97a61976ffcf232308cba5a5"));
+ test_umac (SDATA("abcdefghijklmnop"), SDATA ("bcdefghi"),
+ SDATA ("abc"), 1500,
+ SHEX("ABEB3C8B"),
+ SHEX("D4CF26DDEFD5C01A"),
+ SHEX("8824a260c53c66a36c9260a62cb83aa1"));
+
+ test_incr (SDATA("abcdefghijklmnop"), NULL, 6,
+ SDATA("zero"),
+ SHEX("a0e94011 8c6fea51 6d897143 db1b28c5 a75e23b7 44ea26be"),
+ SHEX("a0e940111c9c2cd5 6d8971434be8ee41 c9c9aef87e2be502"
+ "a0a112b593656107 a75e23b7d419e03a 950526f26a8cc07a"),
+ SHEX("a0e940111c9c2cd5fa59090e3ac2061f"
+ "cbbf18b799fd0f4afb9216e52a89f247"
+ "c9c9aef87e2be50237716af8e24f8959"
+ "d6e96ef461f54d1c85aa66cbd76ca336"
+ "a75e23b7d419e03a02d55ebf1ba62824"
+ "2e63031d182a59b84f148d9a91de70a3"));
+
+ test_incr (SDATA("abcdefghijklmnop"), SDATA("a"), 5,
+ SDATA("nonce-a"),
+ SHEX("81b4ac24 b7e8aad0 f70246fe 0595f0bf a8e9fe85"),
+ SHEX("b7e8aad0da6e7f99 138814c6a03bdadf fb77dd1cd4c7074f"
+ "0595f0bf8585c7e2 817c0b7757cb60f7"),
+ SHEX("d7604bffb5e368da5fe564da0068d2cc"
+ "138814c6a03bdadff7f1666e1bd881aa"
+ "86a016d9e67957c8ab5ebb78a673e4e9"
+ "0595f0bf8585c7e28dfab00598d4e612"
+ "3266ec16a9d85b4f0dc74ec8272238a9"));
+
+ test_incr (SDATA("abcdefghijklmnop"), SHEX("beafcafe"), 5,
+ SDATA("nonce-beaf-cafe"),
+ SHEX("f19d9dc1 4604a56a 4ba9420e da86ff71 77facd79"),
+ SHEX("9e878413aa079032 9cfd7af0bb107748 4ba9420e55b6ba13"
+ "77facd797b686e24 9000c0de4f5f7236"),
+ SHEX("9e878413aa0790329604f3b6ae980e58"
+ "f2b2dd5dab08bb3bc5e9a83e1b4ab2e7"
+ "4ba9420e55b6ba137d03443f6ee01734"
+ "2721ca2e1bcda53a54ae65e0da139c0d"
+ "9000c0de4f5f7236b81ae1a52e78a821"));
+
+ /* Tests exercising various sizes of nonce and data: All nonce
+ lengths from 1 to 16 bytes. Data sizes chosen for testing for
+ various off-by-one errors,
+
+ 0, 1, 2, 3, 4,
+ 1020, 1021, 1022, 1023, 1024, 1025, 1026, 1027,
+ 2046, 2047, 2048, 2049, 2050
+ 16777212, 16777213, 16777214, 16777215, 16777216, 16777217,
+ 16778239, 16778240, 16778241, 16778242, 16778243, 16778244
+ */
+ test_umac (SDATA("abcdefghijklmnop"), SDATA("b"),
+ SDATA("defdefdefdefdef"), 0,
+ SHEX("3a58486b"),
+ SHEX("9e38f67da91a08d9"),
+ SHEX("9e38f67da91a08d9c980f4db4089c877"));
+ test_umac (SDATA("abcdefghijklmnop"), SDATA("bc"),
+ SDATA("defdefdefdefdef"), 1,
+ SHEX("d86b1512"),
+ SHEX("fb0e207971b8e66a"),
+ SHEX("ef406c2ec70d0222f59e860eabb79ed0"));
+ test_umac (SDATA("abcdefghijklmnop"), SDATA("bcd"),
+ SDATA("defdefdefdefdef"), 2,
+ SHEX("1ae6e02d"),
+ SHEX("1ae6e02d73aa9ab2"),
+ SHEX("1ae6e02d73aa9ab2a27fb89e014dc07b"));
+ test_umac (SDATA("abcdefghijklmnop"), SDATA("bcde"),
+ SDATA("defdefdefdefdef"), 3,
+ SHEX("e8c1eb59"),
+ SHEX("c81cf22342e84302"),
+ SHEX("82626d0d575e01038e5e2cc6408216f5"));
+ test_umac (SDATA("abcdefghijklmnop"), SDATA("bcdef"),
+ SDATA("defdefdefdefdef"), 4,
+ SHEX("8950f0d3"),
+ SHEX("aba003e7bd673cc3"),
+ SHEX("aba003e7bd673cc368ba8513cecf2e7c"));
+
+ test_umac (SDATA("abcdefghijklmnop"), SDATA("bcdefg"),
+ SDATA("defdefdefdefdef"), 1020,
+ SHEX("7412167c"),
+ SHEX("f98828a161bb4ae3"),
+ SHEX("d8b4811f747d588d7a913360960de7cf"));
+ test_umac (SDATA("abcdefghijklmnop"), SDATA("bcdefgh"),
+ SDATA("defdefdefdefdef"), 1021,
+ SHEX("2d54936b"),
+ SHEX("2d54936be5bff72d"),
+ SHEX("2d54936be5bff72d2e1052361163b474"));
+ test_umac (SDATA("abcdefghijklmnop"), SDATA("bcdefghi"),
+ SDATA("defdefdefdefdef"), 1022,
+ SHEX("53ca8dd2"),
+ SHEX("2cee9784556387b3"),
+ SHEX("700513397f8a210a98938d3e7ac3bd88"));
+ test_umac (SDATA("abcdefghijklmnop"), SDATA("bcdefghij"),
+ SDATA("defdefdefdefdef"), 1023,
+ SHEX("26cc58df"),
+ SHEX("24ac4284ca371f42"),
+ SHEX("24ac4284ca371f4280f60bd274633d67"));
+ test_umac (SDATA("abcdefghijklmnop"), SDATA("bcdefghijk"),
+ SDATA("defdefdefdefdef"), 1024,
+ SHEX("3cada45a"),
+ SHEX("64c6a0fd14615a76"),
+ SHEX("abc223116cedd2db5af365e641a97539"));
+ test_umac (SDATA("abcdefghijklmnop"), SDATA("bcdefghijkl"),
+ SDATA("defdefdefdefdef"), 1025,
+ SHEX("93251e18"),
+ SHEX("93251e18e56bbdc4"),
+ SHEX("93251e18e56bbdc457de556f95c59931"));
+ test_umac (SDATA("abcdefghijklmnop"), SDATA("bcdefghijklm"),
+ SDATA("defdefdefdefdef"), 1026,
+ SHEX("24a4c3ab"),
+ SHEX("5d98bd8dfaf16352"),
+ SHEX("c1298672e52386753383a15ed58c0e42"));
+ test_umac (SDATA("abcdefghijklmnop"), SDATA("bcdefghijklmn"),
+ SDATA("defdefdefdefdef"), 1027,
+ SHEX("e7e98945"),
+ SHEX("5b0557c9fdcf661b"),
+ SHEX("5b0557c9fdcf661b1758efc603516ebe"));
+
+ /* Test varying the alignment of the buffer eventually passed to
+ _umac_nh and _umac_nh_n. */
+ test_align (SDATA("abcdefghijklmnop"), SDATA("bcdefghijk"),
+ SDATA("defdefdefdefdef"), 1024,
+ SHEX("3cada45a"),
+ SHEX("64c6a0fd14615a76"),
+ SHEX("abc223116cedd2db5af365e641a97539"));
+
+ test_umac (SDATA("abcdefghijklmnop"), SDATA("bcdefghijklmno"),
+ SDATA("defdefdefdefdef"), 2046,
+ SHEX("e12ddc9f"),
+ SHEX("65e85d47447c2277"),
+ SHEX("16bb5183017826ed47c9995c1e5834f3"));
+ test_umac (SDATA("abcdefghijklmnop"), SDATA("bcdefghijklmnop"),
+ SDATA("defdefdefdefdef"), 2047,
+ SHEX("34d723a6"),
+ SHEX("34d723a6cb1676d3"),
+ SHEX("34d723a6cb1676d3547a5064dc5b0a37"));
+ test_umac (SDATA("abcdefghijklmnop"), SDATA("bcdefghijklmnopq"),
+ SDATA("defdefdefdefdef"), 2048,
+ SHEX("21fd8802"),
+ SHEX("3968d5d0af147884"),
+ SHEX("84565620def1e3a614d274e87626f215"));
+ test_umac (SDATA("abcdefghijklmnop"), SDATA("b"),
+ SDATA("defdefdefdefdef"), 2049,
+ SHEX("097e5abd"),
+ SHEX("ad1ee4ab606061c5"),
+ SHEX("ad1ee4ab606061c55e0d2ecfee59940a"));
+ test_umac (SDATA("abcdefghijklmnop"), SDATA("bc"),
+ SDATA("defdefdefdefdef"), 2050,
+ SHEX("a03a7fe9"),
+ SHEX("835f4a8242100055"),
+ SHEX("971106d5f4a5e41dce40a91704cfe1f3"));
+
+ test_umac (SDATA("abcdefghijklmnop"), SDATA("bcd"),
+ SDATA("defdefdefdefdef"), 16777212,
+ SHEX("7ef41cf3"),
+ SHEX("7ef41cf351960aaf"),
+ SHEX("7ef41cf351960aaf729bb19fcee7d8c4"));
+ test_umac (SDATA("abcdefghijklmnop"), SDATA("bcde"),
+ SDATA("defdefdefdefdef"), 16777213,
+ SHEX("8bf81932"),
+ SHEX("ab250048807ff640"),
+ SHEX("e15b9f6695c9b441de035e9b10b8ac32"));
+ test_umac (SDATA("abcdefghijklmnop"), SDATA("bcdef"),
+ SDATA("defdefdefdefdef"), 16777214,
+ SHEX("ddb2f0ab"),
+ SHEX("ff42039fcfe1248e"),
+ SHEX("ff42039fcfe1248e36c19efed14d7140"));
+ test_umac (SDATA("abcdefghijklmnop"), SDATA("bcdefg"),
+ SDATA("defdefdefdefdef"), 16777215,
+ SHEX("e67ad507"),
+ SHEX("6be0ebda623d76df"),
+ SHEX("4adc426477fb64b1ce5afd76d505f048"));
+ test_umac (SDATA("abcdefghijklmnop"), SDATA("bcdefgh"),
+ SDATA("defdefdefdefdef"), 16777216,
+ SHEX("42d8562a"),
+ SHEX("42d8562a224a9e9a"),
+ SHEX("42d8562a224a9e9a75c2f85d39462d07"));
+ test_umac (SDATA("abcdefghijklmnop"), SDATA("bcdefghi"),
+ SDATA("defdefdefdefdef"), 16777217,
+ SHEX("486b138d"),
+ SHEX("374f09dbb0b84b88"),
+ SHEX("6ba48d669a51ed3195ebc2aa562ee71b"));
+
+ test_umac (SDATA("abcdefghijklmnop"), SDATA("bcdefghij"),
+ SDATA("defdefdefdefdef"), 16778239,
+ SHEX("850cb2c5"),
+ SHEX("876ca89ed045777b"),
+ SHEX("876ca89ed045777bf7efa7934e1758c2"));
+ test_umac (SDATA("abcdefghijklmnop"), SDATA("bcdefghijk"),
+ SDATA("defdefdefdefdef"), 16778240,
+ SHEX("b9fc4f81"),
+ SHEX("e1974b26fb35f2c6"),
+ SHEX("2e93c8ca83b97a6b1a21082e2a4c540d"));
+ test_umac (SDATA("abcdefghijklmnop"), SDATA("bcdefghijkl"),
+ SDATA("defdefdefdefdef"), 16778241,
+ SHEX("ffced8f2"),
+ SHEX("ffced8f2494d85bf"),
+ SHEX("ffced8f2494d85bf0cb39408ddfe0295"));
+ test_umac (SDATA("abcdefghijklmnop"), SDATA("bcdefghijklm"),
+ SDATA("defdefdefdefdef"), 16778242,
+ SHEX("1c99c5fb"),
+ SHEX("65a5bbdda3b85368"),
+ SHEX("f9148022bc6ab64f019e9db83704c17b"));
+ test_umac (SDATA("abcdefghijklmnop"), SDATA("bcdefghijklmn"),
+ SDATA("defdefdefdefdef"), 16778243,
+ SHEX("ec304be9"),
+ SHEX("50dc9565fbfc4884"),
+ SHEX(" 50dc9565fbfc48844a4be34403804605"));
+ test_umac (SDATA("abcdefghijklmnop"), SDATA("bcdefghijklmno"),
+ SDATA("defdefdefdefdef"), 16778244,
+ SHEX("8034e26f"),
+ SHEX("04f163b7c2d5d849"),
+ SHEX("77a26f7387d1dcd39378a3220652cff7"));
+}
const char *srcdir = getenv("srcdir");
if (srcdir && srcdir[0])
{
- /* Leaks this name, but that doesn't matter. */
+ FILE *f;
char *buf = xalloc(strlen(name) + strlen(srcdir) + 10);
sprintf(buf, "%s/%s", srcdir, name);
- name = buf;
+
+ f = fopen(buf, "r");
+ free(buf);
+ return f;
}
/* Opens the file in text mode. */
return fopen(name, "r");
}
-int
+void
test_main(void)
{
FILE *input;
uint8_t seed_file[YARROW256_SEED_FILE_SIZE];
const uint8_t *expected_output
- = decode_hex_dup("dd304aacac3dc95e 70d684a642967c89"
- "58501f7c8eb88b79 43b2ffccde6f0f79");
+ = H("dd304aacac3dc95e 70d684a642967c89"
+ "58501f7c8eb88b79 43b2ffccde6f0f79");
const uint8_t *expected_input
- = decode_hex_dup("e0596cf006025506 65d1195f32a87e4a"
- "5c354910dfbd0a31 e2105b262f5ce3d8");
+ = H("e0596cf006025506 65d1195f32a87e4a"
+ "5c354910dfbd0a31 e2105b262f5ce3d8");
const uint8_t *expected_seed_file
- = decode_hex_dup("b03518f32b1084dd 983e6a445d47bb6f"
- "13bb7b998740d570 503d6aaa62e28901");
+ = H("b03518f32b1084dd 983e6a445d47bb6f"
+ "13bb7b998740d570 503d6aaa62e28901");
unsigned c; unsigned t;
printf("source 0 entropy: %d\n",
sources[0].estimate[YARROW_SLOW]);
- assert(!yarrow256_is_seeded(&yarrow));
+ ASSERT(!yarrow256_is_seeded(&yarrow));
input = open_file("gold-bug.txt");
{
fprintf(stderr, "Couldn't open `gold-bug.txt', errno = %d\n",
errno);
- return EXIT_FAILURE;
+ FAIL();
}
while (get_event(input, &input_hash, &c, &t))
}
}
+ fclose(input);
+
if (verbose)
{
printf("\n");
printf("\n");
}
- if (memcmp(digest, expected_input, sizeof(digest)))
- {
- fprintf(stderr, "Failed.\n");
- return EXIT_FAILURE;
- }
+ ASSERT (memcmp(digest, expected_input, sizeof(digest)) == 0);
yarrow256_random(&yarrow, sizeof(seed_file), seed_file);
if (verbose)
printf("\n");
}
- if (memcmp(seed_file, expected_seed_file, sizeof(seed_file)))
- {
- fprintf(stderr, "Failed.\n");
- return EXIT_FAILURE;
- }
+ ASSERT (memcmp(seed_file, expected_seed_file, sizeof(seed_file)) == 0);
if (verbose)
{
printf("\n");
}
- if (memcmp(digest, expected_output, sizeof(digest)))
- {
- fprintf(stderr, "Failed.\n");
- return EXIT_FAILURE;
- }
-
- return EXIT_SUCCESS;
+ ASSERT (memcmp(digest, expected_output, sizeof(digest)) == 0);
}
PRE_LDFLAGS = -L..
HOGWEED_TARGETS = pkcs1-conv$(EXEEXT)
-TARGETS = sexp-conv$(EXEEXT) nettle-lfib-stream$(EXEEXT) \
+TARGETS = sexp-conv$(EXEEXT) nettle-hash$(EXEEXT) nettle-lfib-stream$(EXEEXT) \
@IF_HOGWEED@ $(HOGWEED_TARGETS)
all: $(TARGETS)
-sexp_conv_SOURCES = sexp-conv.c input.c output.c parse.c \
- getopt.c getopt1.c misc.c
-pkcs1_conv_SOURCES = pkcs1-conv.c getopt.c getopt1.c misc.c
+getopt_OBJS = ../getopt.$(OBJEXT) ../getopt1.$(OBJEXT)
-SOURCES = $(sexp_conv_SOURCES) nettle-lfib-stream.c pkcs1-conv.c
+sexp_conv_SOURCES = sexp-conv.c input.c output.c parse.c misc.c
+pkcs1_conv_SOURCES = pkcs1-conv.c misc.c
+nettle_hash_SOURCES = nettle-hash.c misc.c
-DISTFILES = $(SOURCES) Makefile.in getopt.h input.h misc.h output.h parse.h
+SOURCES = $(sexp_conv_SOURCES) nettle-hash.c nettle-lfib-stream.c pkcs1-conv.c
-sexp_conv_OBJS = $(sexp_conv_SOURCES:.c=.$(OBJEXT))
+DISTFILES = $(SOURCES) Makefile.in input.h misc.h output.h parse.h
+
+sexp_conv_OBJS = $(sexp_conv_SOURCES:.c=.$(OBJEXT)) $(getopt_OBJS)
sexp-conv$(EXEEXT): $(sexp_conv_OBJS) ../libnettle.a
$(LINK) $(sexp_conv_OBJS) -lnettle $(LIBS) -o $@
nettle-lfib-stream$(EXEEXT): nettle-lfib-stream.$(OBJEXT) ../libnettle.a
$(LINK) nettle-lfib-stream.$(OBJEXT) -lnettle $(LIBS) -o $@
-pkcs1_conv_OBJS = $(pkcs1_conv_SOURCES:.c=.$(OBJEXT))
+pkcs1_conv_OBJS = $(pkcs1_conv_SOURCES:.c=.$(OBJEXT)) $(getopt_OBJS)
pkcs1-conv$(EXEEXT): $(pkcs1_conv_OBJS) ../libnettle.a ../libhogweed.a
$(LINK) $(pkcs1_conv_OBJS) -lhogweed -lnettle $(LIBS) -o $@
+# FIXME: Avoid linking with gmp
+nettle_hash_OBJS = $(nettle_hash_SOURCES:.c=.$(OBJEXT)) $(getopt_OBJS)
+nettle-hash$(EXEEXT): $(nettle_hash_OBJS) ../libnettle.a
+ $(LINK) $(nettle_hash_OBJS) -lnettle $(LIBS) -o $@
+
+
.c.$(OBJEXT):
$(COMPILE) -c $< && $(DEP_PROCESS)
+# NOTE: If we required GNU make, we could use a single rule with $(@F)
+# or $(notdir $@)
+../getopt.$(OBJEXT):
+ ( cd .. && $(MAKE) getopt.$(OBJEXT))
+../getopt1.$(OBJEXT):
+ ( cd .. && $(MAKE) getopt1.$(OBJEXT))
Makefile: $(srcdir)/Makefile.in ../config.status
cd .. && $(SHELL) ./config.status tools/$@
+++ /dev/null
-/* Getopt for GNU.
- NOTE: getopt is now part of the C library, so if you don't know what
- "Keep this file name-space clean" means, talk to drepper@gnu.org
- before changing it!
- Copyright (C) 1987,88,89,90,91,92,93,94,95,96,98,99,2000,2001
- Free Software Foundation, Inc.
- This file is part of the GNU C Library.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2, or (at your option)
- any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software Foundation,
- Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */
-\f
-/* This tells Alpha OSF/1 not to define a getopt prototype in <stdio.h>.
- Ditto for AIX 3.2 and <stdlib.h>. */
-#ifndef _NO_PROTO
-# define _NO_PROTO
-#endif
-
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-#endif
-
-#if !defined __STDC__ || !__STDC__
-/* This is a separate conditional since some stdc systems
- reject `defined (const)'. */
-# ifndef const
-# define const
-# endif
-#endif
-
-#include <stdio.h>
-
-/* Comment out all this code if we are using the GNU C Library, and are not
- actually compiling the library itself. This code is part of the GNU C
- Library, but also included in many other GNU distributions. Compiling
- and linking in this code is a waste when using the GNU C library
- (especially if it is a shared library). Rather than having every GNU
- program understand `configure --with-gnu-libc' and omit the object files,
- it is simpler to just do this in the source for each such file. */
-
-#define GETOPT_INTERFACE_VERSION 2
-#if !defined _LIBC && defined __GLIBC__ && __GLIBC__ >= 2
-# include <gnu-versions.h>
-# if _GNU_GETOPT_INTERFACE_VERSION == GETOPT_INTERFACE_VERSION
-# define ELIDE_CODE
-# endif
-#endif
-
-#ifndef ELIDE_CODE
-
-
-/* This needs to come after some library #include
- to get __GNU_LIBRARY__ defined. */
-#ifdef __GNU_LIBRARY__
-/* Don't include stdlib.h for non-GNU C libraries because some of them
- contain conflicting prototypes for getopt. */
-# include <stdlib.h>
-# include <unistd.h>
-#endif /* GNU C library. */
-
-#ifdef VMS
-# include <unixlib.h>
-# if HAVE_STRING_H - 0
-# include <string.h>
-# endif
-#endif
-
-#ifndef _
-/* This is for other GNU distributions with internationalized messages. */
-# if (HAVE_LIBINTL_H && ENABLE_NLS) || defined _LIBC
-# include <libintl.h>
-# ifndef _
-# define _(msgid) gettext (msgid)
-# endif
-# else
-# define _(msgid) (msgid)
-# endif
-#endif
-
-/* This version of `getopt' appears to the caller like standard Unix `getopt'
- but it behaves differently for the user, since it allows the user
- to intersperse the options with the other arguments.
-
- As `getopt' works, it permutes the elements of ARGV so that,
- when it is done, all the options precede everything else. Thus
- all application programs are extended to handle flexible argument order.
-
- Setting the environment variable POSIXLY_CORRECT disables permutation.
- Then the behavior is completely standard.
-
- GNU application programs can use a third alternative mode in which
- they can distinguish the relative order of options and other arguments. */
-
-#include "getopt.h"
-
-/* For communication from `getopt' to the caller.
- When `getopt' finds an option that takes an argument,
- the argument value is returned here.
- Also, when `ordering' is RETURN_IN_ORDER,
- each non-option ARGV-element is returned here. */
-
-char *optarg;
-
-/* Index in ARGV of the next element to be scanned.
- This is used for communication to and from the caller
- and for communication between successive calls to `getopt'.
-
- On entry to `getopt', zero means this is the first call; initialize.
-
- When `getopt' returns -1, this is the index of the first of the
- non-option elements that the caller should itself scan.
-
- Otherwise, `optind' communicates from one call to the next
- how much of ARGV has been scanned so far. */
-
-/* 1003.2 says this must be 1 before any call. */
-int optind = 1;
-
-/* Formerly, initialization of getopt depended on optind==0, which
- causes problems with re-calling getopt as programs generally don't
- know that. */
-
-int __getopt_initialized;
-
-/* The next char to be scanned in the option-element
- in which the last option character we returned was found.
- This allows us to pick up the scan where we left off.
-
- If this is zero, or a null string, it means resume the scan
- by advancing to the next ARGV-element. */
-
-static char *nextchar;
-
-/* Callers store zero here to inhibit the error message
- for unrecognized options. */
-
-int opterr = 1;
-
-/* Set to an option character which was unrecognized.
- This must be initialized on some systems to avoid linking in the
- system's own getopt implementation. */
-
-int optopt = '?';
-
-/* Describe how to deal with options that follow non-option ARGV-elements.
-
- If the caller did not specify anything,
- the default is REQUIRE_ORDER if the environment variable
- POSIXLY_CORRECT is defined, PERMUTE otherwise.
-
- REQUIRE_ORDER means don't recognize them as options;
- stop option processing when the first non-option is seen.
- This is what Unix does.
- This mode of operation is selected by either setting the environment
- variable POSIXLY_CORRECT, or using `+' as the first character
- of the list of option characters.
-
- PERMUTE is the default. We permute the contents of ARGV as we scan,
- so that eventually all the non-options are at the end. This allows options
- to be given in any order, even with programs that were not written to
- expect this.
-
- RETURN_IN_ORDER is an option available to programs that were written
- to expect options and other ARGV-elements in any order and that care about
- the ordering of the two. We describe each non-option ARGV-element
- as if it were the argument of an option with character code 1.
- Using `-' as the first character of the list of option characters
- selects this mode of operation.
-
- The special argument `--' forces an end of option-scanning regardless
- of the value of `ordering'. In the case of RETURN_IN_ORDER, only
- `--' can cause `getopt' to return -1 with `optind' != ARGC. */
-
-static enum
-{
- REQUIRE_ORDER, PERMUTE, RETURN_IN_ORDER
-} ordering;
-
-/* Value of POSIXLY_CORRECT environment variable. */
-static char *posixly_correct;
-\f
-#ifdef __GNU_LIBRARY__
-/* We want to avoid inclusion of string.h with non-GNU libraries
- because there are many ways it can cause trouble.
- On some systems, it contains special magic macros that don't work
- in GCC. */
-# include <string.h>
-# define my_index strchr
-#else
-
-# if HAVE_STRING_H
-# include <string.h>
-# else
-# include <strings.h>
-# endif
-
-/* Avoid depending on library functions or files
- whose names are inconsistent. */
-
-#ifndef getenv
-extern char *getenv ();
-#endif
-
-static char *
-my_index (str, chr)
- const char *str;
- int chr;
-{
- while (*str)
- {
- if (*str == chr)
- return (char *) str;
- str++;
- }
- return 0;
-}
-
-/* If using GCC, we can safely declare strlen this way.
- If not using GCC, it is ok not to declare it. */
-#ifdef __GNUC__
-/* Note that Motorola Delta 68k R3V7 comes with GCC but not stddef.h.
- That was relevant to code that was here before. */
-# if (!defined __STDC__ || !__STDC__) && !defined strlen
-/* gcc with -traditional declares the built-in strlen to return int,
- and has done so at least since version 2.4.5. -- rms. */
-extern int strlen (const char *);
-# endif /* not __STDC__ */
-#endif /* __GNUC__ */
-
-#endif /* not __GNU_LIBRARY__ */
-\f
-/* Handle permutation of arguments. */
-
-/* Describe the part of ARGV that contains non-options that have
- been skipped. `first_nonopt' is the index in ARGV of the first of them;
- `last_nonopt' is the index after the last of them. */
-
-static int first_nonopt;
-static int last_nonopt;
-
-#ifdef _LIBC
-/* Bash 2.0 gives us an environment variable containing flags
- indicating ARGV elements that should not be considered arguments. */
-
-#ifdef USE_NONOPTION_FLAGS
-/* Defined in getopt_init.c */
-extern char *__getopt_nonoption_flags;
-
-static int nonoption_flags_max_len;
-static int nonoption_flags_len;
-#endif
-
-static int original_argc;
-static char *const *original_argv;
-
-/* Make sure the environment variable bash 2.0 puts in the environment
- is valid for the getopt call we must make sure that the ARGV passed
- to getopt is that one passed to the process. */
-static void
-__attribute__ ((unused))
-store_args_and_env (int argc, char *const *argv)
-{
- /* XXX This is no good solution. We should rather copy the args so
- that we can compare them later. But we must not use malloc(3). */
- original_argc = argc;
- original_argv = argv;
-}
-# ifdef text_set_element
-text_set_element (__libc_subinit, store_args_and_env);
-# endif /* text_set_element */
-
-# ifdef USE_NONOPTION_FLAGS
-# define SWAP_FLAGS(ch1, ch2) \
- if (nonoption_flags_len > 0) \
- { \
- char __tmp = __getopt_nonoption_flags[ch1]; \
- __getopt_nonoption_flags[ch1] = __getopt_nonoption_flags[ch2]; \
- __getopt_nonoption_flags[ch2] = __tmp; \
- }
-# else
-# define SWAP_FLAGS(ch1, ch2)
-# endif
-#else /* !_LIBC */
-# define SWAP_FLAGS(ch1, ch2)
-#endif /* _LIBC */
-
-/* Exchange two adjacent subsequences of ARGV.
- One subsequence is elements [first_nonopt,last_nonopt)
- which contains all the non-options that have been skipped so far.
- The other is elements [last_nonopt,optind), which contains all
- the options processed since those non-options were skipped.
-
- `first_nonopt' and `last_nonopt' are relocated so that they describe
- the new indices of the non-options in ARGV after they are moved. */
-
-#if defined __STDC__ && __STDC__
-static void exchange (char **);
-#endif
-
-static void
-exchange (argv)
- char **argv;
-{
- int bottom = first_nonopt;
- int middle = last_nonopt;
- int top = optind;
- char *tem;
-
- /* Exchange the shorter segment with the far end of the longer segment.
- That puts the shorter segment into the right place.
- It leaves the longer segment in the right place overall,
- but it consists of two parts that need to be swapped next. */
-
-#if defined _LIBC && defined USE_NONOPTION_FLAGS
- /* First make sure the handling of the `__getopt_nonoption_flags'
- string can work normally. Our top argument must be in the range
- of the string. */
- if (nonoption_flags_len > 0 && top >= nonoption_flags_max_len)
- {
- /* We must extend the array. The user plays games with us and
- presents new arguments. */
- char *new_str = malloc (top + 1);
- if (new_str == NULL)
- nonoption_flags_len = nonoption_flags_max_len = 0;
- else
- {
- memset (__mempcpy (new_str, __getopt_nonoption_flags,
- nonoption_flags_max_len),
- '\0', top + 1 - nonoption_flags_max_len);
- nonoption_flags_max_len = top + 1;
- __getopt_nonoption_flags = new_str;
- }
- }
-#endif
-
- while (top > middle && middle > bottom)
- {
- if (top - middle > middle - bottom)
- {
- /* Bottom segment is the short one. */
- int len = middle - bottom;
- register int i;
-
- /* Swap it with the top part of the top segment. */
- for (i = 0; i < len; i++)
- {
- tem = argv[bottom + i];
- argv[bottom + i] = argv[top - (middle - bottom) + i];
- argv[top - (middle - bottom) + i] = tem;
- SWAP_FLAGS (bottom + i, top - (middle - bottom) + i);
- }
- /* Exclude the moved bottom segment from further swapping. */
- top -= len;
- }
- else
- {
- /* Top segment is the short one. */
- int len = top - middle;
- register int i;
-
- /* Swap it with the bottom part of the bottom segment. */
- for (i = 0; i < len; i++)
- {
- tem = argv[bottom + i];
- argv[bottom + i] = argv[middle + i];
- argv[middle + i] = tem;
- SWAP_FLAGS (bottom + i, middle + i);
- }
- /* Exclude the moved top segment from further swapping. */
- bottom += len;
- }
- }
-
- /* Update records for the slots the non-options now occupy. */
-
- first_nonopt += (optind - last_nonopt);
- last_nonopt = optind;
-}
-
-/* Initialize the internal data when the first call is made. */
-
-#if defined __STDC__ && __STDC__
-static const char *_getopt_initialize (int, char *const *, const char *);
-#endif
-static const char *
-_getopt_initialize (argc, argv, optstring)
- int argc;
- char *const *argv;
- const char *optstring;
-{
- /* Start processing options with ARGV-element 1 (since ARGV-element 0
- is the program name); the sequence of previously skipped
- non-option ARGV-elements is empty. */
-
- first_nonopt = last_nonopt = optind;
-
- nextchar = NULL;
-
- posixly_correct = getenv ("POSIXLY_CORRECT");
-
- /* Determine how to handle the ordering of options and nonoptions. */
-
- if (optstring[0] == '-')
- {
- ordering = RETURN_IN_ORDER;
- ++optstring;
- }
- else if (optstring[0] == '+')
- {
- ordering = REQUIRE_ORDER;
- ++optstring;
- }
- else if (posixly_correct != NULL)
- ordering = REQUIRE_ORDER;
- else
- ordering = PERMUTE;
-
-#if defined _LIBC && defined USE_NONOPTION_FLAGS
- if (posixly_correct == NULL
- && argc == original_argc && argv == original_argv)
- {
- if (nonoption_flags_max_len == 0)
- {
- if (__getopt_nonoption_flags == NULL
- || __getopt_nonoption_flags[0] == '\0')
- nonoption_flags_max_len = -1;
- else
- {
- const char *orig_str = __getopt_nonoption_flags;
- int len = nonoption_flags_max_len = strlen (orig_str);
- if (nonoption_flags_max_len < argc)
- nonoption_flags_max_len = argc;
- __getopt_nonoption_flags =
- (char *) malloc (nonoption_flags_max_len);
- if (__getopt_nonoption_flags == NULL)
- nonoption_flags_max_len = -1;
- else
- memset (__mempcpy (__getopt_nonoption_flags, orig_str, len),
- '\0', nonoption_flags_max_len - len);
- }
- }
- nonoption_flags_len = nonoption_flags_max_len;
- }
- else
- nonoption_flags_len = 0;
-#endif
-
- return optstring;
-}
-\f
-/* Scan elements of ARGV (whose length is ARGC) for option characters
- given in OPTSTRING.
-
- If an element of ARGV starts with '-', and is not exactly "-" or "--",
- then it is an option element. The characters of this element
- (aside from the initial '-') are option characters. If `getopt'
- is called repeatedly, it returns successively each of the option characters
- from each of the option elements.
-
- If `getopt' finds another option character, it returns that character,
- updating `optind' and `nextchar' so that the next call to `getopt' can
- resume the scan with the following option character or ARGV-element.
-
- If there are no more option characters, `getopt' returns -1.
- Then `optind' is the index in ARGV of the first ARGV-element
- that is not an option. (The ARGV-elements have been permuted
- so that those that are not options now come last.)
-
- OPTSTRING is a string containing the legitimate option characters.
- If an option character is seen that is not listed in OPTSTRING,
- return '?' after printing an error message. If you set `opterr' to
- zero, the error message is suppressed but we still return '?'.
-
- If a char in OPTSTRING is followed by a colon, that means it wants an arg,
- so the following text in the same ARGV-element, or the text of the following
- ARGV-element, is returned in `optarg'. Two colons mean an option that
- wants an optional arg; if there is text in the current ARGV-element,
- it is returned in `optarg', otherwise `optarg' is set to zero.
-
- If OPTSTRING starts with `-' or `+', it requests different methods of
- handling the non-option ARGV-elements.
- See the comments about RETURN_IN_ORDER and REQUIRE_ORDER, above.
-
- Long-named options begin with `--' instead of `-'.
- Their names may be abbreviated as long as the abbreviation is unique
- or is an exact match for some defined option. If they have an
- argument, it follows the option name in the same ARGV-element, separated
- from the option name by a `=', or else the in next ARGV-element.
- When `getopt' finds a long-named option, it returns 0 if that option's
- `flag' field is nonzero, the value of the option's `val' field
- if the `flag' field is zero.
-
- The elements of ARGV aren't really const, because we permute them.
- But we pretend they're const in the prototype to be compatible
- with other systems.
-
- LONGOPTS is a vector of `struct option' terminated by an
- element containing a name which is zero.
-
- LONGIND returns the index in LONGOPT of the long-named option found.
- It is only valid when a long-named option has been found by the most
- recent call.
-
- If LONG_ONLY is nonzero, '-' as well as '--' can introduce
- long-named options. */
-
-int
-_getopt_internal (argc, argv, optstring, longopts, longind, long_only)
- int argc;
- char *const *argv;
- const char *optstring;
- const struct option *longopts;
- int *longind;
- int long_only;
-{
- int print_errors = opterr;
- if (optstring[0] == ':')
- print_errors = 0;
-
- if (argc < 1)
- return -1;
-
- optarg = NULL;
-
- if (optind == 0 || !__getopt_initialized)
- {
- if (optind == 0)
- optind = 1; /* Don't scan ARGV[0], the program name. */
- optstring = _getopt_initialize (argc, argv, optstring);
- __getopt_initialized = 1;
- }
-
- /* Test whether ARGV[optind] points to a non-option argument.
- Either it does not have option syntax, or there is an environment flag
- from the shell indicating it is not an option. The later information
- is only used when the used in the GNU libc. */
-#if defined _LIBC && defined USE_NONOPTION_FLAGS
-# define NONOPTION_P (argv[optind][0] != '-' || argv[optind][1] == '\0' \
- || (optind < nonoption_flags_len \
- && __getopt_nonoption_flags[optind] == '1'))
-#else
-# define NONOPTION_P (argv[optind][0] != '-' || argv[optind][1] == '\0')
-#endif
-
- if (nextchar == NULL || *nextchar == '\0')
- {
- /* Advance to the next ARGV-element. */
-
- /* Give FIRST_NONOPT & LAST_NONOPT rational values if OPTIND has been
- moved back by the user (who may also have changed the arguments). */
- if (last_nonopt > optind)
- last_nonopt = optind;
- if (first_nonopt > optind)
- first_nonopt = optind;
-
- if (ordering == PERMUTE)
- {
- /* If we have just processed some options following some non-options,
- exchange them so that the options come first. */
-
- if (first_nonopt != last_nonopt && last_nonopt != optind)
- exchange ((char **) argv);
- else if (last_nonopt != optind)
- first_nonopt = optind;
-
- /* Skip any additional non-options
- and extend the range of non-options previously skipped. */
-
- while (optind < argc && NONOPTION_P)
- optind++;
- last_nonopt = optind;
- }
-
- /* The special ARGV-element `--' means premature end of options.
- Skip it like a null option,
- then exchange with previous non-options as if it were an option,
- then skip everything else like a non-option. */
-
- if (optind != argc && !strcmp (argv[optind], "--"))
- {
- optind++;
-
- if (first_nonopt != last_nonopt && last_nonopt != optind)
- exchange ((char **) argv);
- else if (first_nonopt == last_nonopt)
- first_nonopt = optind;
- last_nonopt = argc;
-
- optind = argc;
- }
-
- /* If we have done all the ARGV-elements, stop the scan
- and back over any non-options that we skipped and permuted. */
-
- if (optind == argc)
- {
- /* Set the next-arg-index to point at the non-options
- that we previously skipped, so the caller will digest them. */
- if (first_nonopt != last_nonopt)
- optind = first_nonopt;
- return -1;
- }
-
- /* If we have come to a non-option and did not permute it,
- either stop the scan or describe it to the caller and pass it by. */
-
- if (NONOPTION_P)
- {
- if (ordering == REQUIRE_ORDER)
- return -1;
- optarg = argv[optind++];
- return 1;
- }
-
- /* We have found another option-ARGV-element.
- Skip the initial punctuation. */
-
- nextchar = (argv[optind] + 1
- + (longopts != NULL && argv[optind][1] == '-'));
- }
-
- /* Decode the current option-ARGV-element. */
-
- /* Check whether the ARGV-element is a long option.
-
- If long_only and the ARGV-element has the form "-f", where f is
- a valid short option, don't consider it an abbreviated form of
- a long option that starts with f. Otherwise there would be no
- way to give the -f short option.
-
- On the other hand, if there's a long option "fubar" and
- the ARGV-element is "-fu", do consider that an abbreviation of
- the long option, just like "--fu", and not "-f" with arg "u".
-
- This distinction seems to be the most useful approach. */
-
- if (longopts != NULL
- && (argv[optind][1] == '-'
- || (long_only && (argv[optind][2] || !my_index (optstring, argv[optind][1])))))
- {
- char *nameend;
- const struct option *p;
- const struct option *pfound = NULL;
- int exact = 0;
- int ambig = 0;
- int indfound = -1;
- int option_index;
-
- for (nameend = nextchar; *nameend && *nameend != '='; nameend++)
- /* Do nothing. */ ;
-
- /* Test all long options for either exact match
- or abbreviated matches. */
- for (p = longopts, option_index = 0; p->name; p++, option_index++)
- if (!strncmp (p->name, nextchar, nameend - nextchar))
- {
- if ((unsigned int) (nameend - nextchar)
- == (unsigned int) strlen (p->name))
- {
- /* Exact match found. */
- pfound = p;
- indfound = option_index;
- exact = 1;
- break;
- }
- else if (pfound == NULL)
- {
- /* First nonexact match found. */
- pfound = p;
- indfound = option_index;
- }
- else if (long_only
- || pfound->has_arg != p->has_arg
- || pfound->flag != p->flag
- || pfound->val != p->val)
- /* Second or later nonexact match found. */
- ambig = 1;
- }
-
- if (ambig && !exact)
- {
- if (print_errors)
- fprintf (stderr, _("%s: option `%s' is ambiguous\n"),
- argv[0], argv[optind]);
- nextchar += strlen (nextchar);
- optind++;
- optopt = 0;
- return '?';
- }
-
- if (pfound != NULL)
- {
- option_index = indfound;
- optind++;
- if (*nameend)
- {
- /* Don't test has_arg with >, because some C compilers don't
- allow it to be used on enums. */
- if (pfound->has_arg)
- optarg = nameend + 1;
- else
- {
- if (print_errors)
- {
- if (argv[optind - 1][1] == '-')
- /* --option */
- fprintf (stderr,
- _("%s: option `--%s' doesn't allow an argument\n"),
- argv[0], pfound->name);
- else
- /* +option or -option */
- fprintf (stderr,
- _("%s: option `%c%s' doesn't allow an argument\n"),
- argv[0], argv[optind - 1][0], pfound->name);
- }
-
- nextchar += strlen (nextchar);
-
- optopt = pfound->val;
- return '?';
- }
- }
- else if (pfound->has_arg == 1)
- {
- if (optind < argc)
- optarg = argv[optind++];
- else
- {
- if (print_errors)
- fprintf (stderr,
- _("%s: option `%s' requires an argument\n"),
- argv[0], argv[optind - 1]);
- nextchar += strlen (nextchar);
- optopt = pfound->val;
- return optstring[0] == ':' ? ':' : '?';
- }
- }
- nextchar += strlen (nextchar);
- if (longind != NULL)
- *longind = option_index;
- if (pfound->flag)
- {
- *(pfound->flag) = pfound->val;
- return 0;
- }
- return pfound->val;
- }
-
- /* Can't find it as a long option. If this is not getopt_long_only,
- or the option starts with '--' or is not a valid short
- option, then it's an error.
- Otherwise interpret it as a short option. */
- if (!long_only || argv[optind][1] == '-'
- || my_index (optstring, *nextchar) == NULL)
- {
- if (print_errors)
- {
- if (argv[optind][1] == '-')
- /* --option */
- fprintf (stderr, _("%s: unrecognized option `--%s'\n"),
- argv[0], nextchar);
- else
- /* +option or -option */
- fprintf (stderr, _("%s: unrecognized option `%c%s'\n"),
- argv[0], argv[optind][0], nextchar);
- }
- nextchar = (char *) "";
- optind++;
- optopt = 0;
- return '?';
- }
- }
-
- /* Look at and handle the next short option-character. */
-
- {
- char c = *nextchar++;
- char *temp = my_index (optstring, c);
-
- /* Increment `optind' when we start to process its last character. */
- if (*nextchar == '\0')
- ++optind;
-
- if (temp == NULL || c == ':')
- {
- if (print_errors)
- {
- if (posixly_correct)
- /* 1003.2 specifies the format of this message. */
- fprintf (stderr, _("%s: illegal option -- %c\n"),
- argv[0], c);
- else
- fprintf (stderr, _("%s: invalid option -- %c\n"),
- argv[0], c);
- }
- optopt = c;
- return '?';
- }
- /* Convenience. Treat POSIX -W foo same as long option --foo */
- if (temp[0] == 'W' && temp[1] == ';')
- {
- char *nameend;
- const struct option *p;
- const struct option *pfound = NULL;
- int exact = 0;
- int ambig = 0;
- int indfound = 0;
- int option_index;
-
- /* This is an option that requires an argument. */
- if (*nextchar != '\0')
- {
- optarg = nextchar;
- /* If we end this ARGV-element by taking the rest as an arg,
- we must advance to the next element now. */
- optind++;
- }
- else if (optind == argc)
- {
- if (print_errors)
- {
- /* 1003.2 specifies the format of this message. */
- fprintf (stderr, _("%s: option requires an argument -- %c\n"),
- argv[0], c);
- }
- optopt = c;
- if (optstring[0] == ':')
- c = ':';
- else
- c = '?';
- return c;
- }
- else
- /* We already incremented `optind' once;
- increment it again when taking next ARGV-elt as argument. */
- optarg = argv[optind++];
-
- /* optarg is now the argument, see if it's in the
- table of longopts. */
-
- for (nextchar = nameend = optarg; *nameend && *nameend != '='; nameend++)
- /* Do nothing. */ ;
-
- /* Test all long options for either exact match
- or abbreviated matches. */
- for (p = longopts, option_index = 0; p->name; p++, option_index++)
- if (!strncmp (p->name, nextchar, nameend - nextchar))
- {
- if ((unsigned int) (nameend - nextchar) == strlen (p->name))
- {
- /* Exact match found. */
- pfound = p;
- indfound = option_index;
- exact = 1;
- break;
- }
- else if (pfound == NULL)
- {
- /* First nonexact match found. */
- pfound = p;
- indfound = option_index;
- }
- else
- /* Second or later nonexact match found. */
- ambig = 1;
- }
- if (ambig && !exact)
- {
- if (print_errors)
- fprintf (stderr, _("%s: option `-W %s' is ambiguous\n"),
- argv[0], argv[optind]);
- nextchar += strlen (nextchar);
- optind++;
- return '?';
- }
- if (pfound != NULL)
- {
- option_index = indfound;
- if (*nameend)
- {
- /* Don't test has_arg with >, because some C compilers don't
- allow it to be used on enums. */
- if (pfound->has_arg)
- optarg = nameend + 1;
- else
- {
- if (print_errors)
- fprintf (stderr, _("\
-%s: option `-W %s' doesn't allow an argument\n"),
- argv[0], pfound->name);
-
- nextchar += strlen (nextchar);
- return '?';
- }
- }
- else if (pfound->has_arg == 1)
- {
- if (optind < argc)
- optarg = argv[optind++];
- else
- {
- if (print_errors)
- fprintf (stderr,
- _("%s: option `%s' requires an argument\n"),
- argv[0], argv[optind - 1]);
- nextchar += strlen (nextchar);
- return optstring[0] == ':' ? ':' : '?';
- }
- }
- nextchar += strlen (nextchar);
- if (longind != NULL)
- *longind = option_index;
- if (pfound->flag)
- {
- *(pfound->flag) = pfound->val;
- return 0;
- }
- return pfound->val;
- }
- nextchar = NULL;
- return 'W'; /* Let the application handle it. */
- }
- if (temp[1] == ':')
- {
- if (temp[2] == ':')
- {
- /* This is an option that accepts an argument optionally. */
- if (*nextchar != '\0')
- {
- optarg = nextchar;
- optind++;
- }
- else
- optarg = NULL;
- nextchar = NULL;
- }
- else
- {
- /* This is an option that requires an argument. */
- if (*nextchar != '\0')
- {
- optarg = nextchar;
- /* If we end this ARGV-element by taking the rest as an arg,
- we must advance to the next element now. */
- optind++;
- }
- else if (optind == argc)
- {
- if (print_errors)
- {
- /* 1003.2 specifies the format of this message. */
- fprintf (stderr,
- _("%s: option requires an argument -- %c\n"),
- argv[0], c);
- }
- optopt = c;
- if (optstring[0] == ':')
- c = ':';
- else
- c = '?';
- }
- else
- /* We already incremented `optind' once;
- increment it again when taking next ARGV-elt as argument. */
- optarg = argv[optind++];
- nextchar = NULL;
- }
- }
- return c;
- }
-}
-
-int
-getopt (argc, argv, optstring)
- int argc;
- char *const *argv;
- const char *optstring;
-{
- return _getopt_internal (argc, argv, optstring,
- (const struct option *) 0,
- (int *) 0,
- 0);
-}
-
-#endif /* Not ELIDE_CODE. */
-\f
-#ifdef TEST
-
-/* Compile with -DTEST to make an executable for use in testing
- the above definition of `getopt'. */
-
-int
-main (argc, argv)
- int argc;
- char **argv;
-{
- int c;
- int digit_optind = 0;
-
- while (1)
- {
- int this_option_optind = optind ? optind : 1;
-
- c = getopt (argc, argv, "abc:d:0123456789");
- if (c == -1)
- break;
-
- switch (c)
- {
- case '0':
- case '1':
- case '2':
- case '3':
- case '4':
- case '5':
- case '6':
- case '7':
- case '8':
- case '9':
- if (digit_optind != 0 && digit_optind != this_option_optind)
- printf ("digits occur in two different argv-elements.\n");
- digit_optind = this_option_optind;
- printf ("option %c\n", c);
- break;
-
- case 'a':
- printf ("option a\n");
- break;
-
- case 'b':
- printf ("option b\n");
- break;
-
- case 'c':
- printf ("option c with value `%s'\n", optarg);
- break;
-
- case '?':
- break;
-
- default:
- printf ("?? getopt returned character code 0%o ??\n", c);
- }
- }
-
- if (optind < argc)
- {
- printf ("non-option ARGV-elements: ");
- while (optind < argc)
- printf ("%s ", argv[optind++]);
- printf ("\n");
- }
-
- exit (0);
-}
-
-#endif /* TEST */
+++ /dev/null
-/* getopt_long and getopt_long_only entry points for GNU getopt.
- Copyright (C) 1987,88,89,90,91,92,93,94,96,97,98
- Free Software Foundation, Inc.
- This file is part of the GNU C Library.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2, or (at your option)
- any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software Foundation,
- Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */
-\f
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include "getopt.h"
-
-#if !defined __STDC__ || !__STDC__
-/* This is a separate conditional since some stdc systems
- reject `defined (const)'. */
-#ifndef const
-#define const
-#endif
-#endif
-
-#include <stdio.h>
-
-/* Comment out all this code if we are using the GNU C Library, and are not
- actually compiling the library itself. This code is part of the GNU C
- Library, but also included in many other GNU distributions. Compiling
- and linking in this code is a waste when using the GNU C library
- (especially if it is a shared library). Rather than having every GNU
- program understand `configure --with-gnu-libc' and omit the object files,
- it is simpler to just do this in the source for each such file. */
-
-#define GETOPT_INTERFACE_VERSION 2
-#if !defined _LIBC && defined __GLIBC__ && __GLIBC__ >= 2
-#include <gnu-versions.h>
-#if _GNU_GETOPT_INTERFACE_VERSION == GETOPT_INTERFACE_VERSION
-#define ELIDE_CODE
-#endif
-#endif
-
-#ifndef ELIDE_CODE
-
-
-/* This needs to come after some library #include
- to get __GNU_LIBRARY__ defined. */
-#ifdef __GNU_LIBRARY__
-#include <stdlib.h>
-#endif
-
-#ifndef NULL
-#define NULL 0
-#endif
-
-int
-getopt_long (argc, argv, options, long_options, opt_index)
- int argc;
- char *const *argv;
- const char *options;
- const struct option *long_options;
- int *opt_index;
-{
- return _getopt_internal (argc, argv, options, long_options, opt_index, 0);
-}
-
-/* Like getopt_long, but '-' as well as '--' can indicate a long option.
- If an option that starts with '-' (not '--') doesn't match a long option,
- but does match a short option, it is parsed as a short option
- instead. */
-
-int
-getopt_long_only (argc, argv, options, long_options, opt_index)
- int argc;
- char *const *argv;
- const char *options;
- const struct option *long_options;
- int *opt_index;
-{
- return _getopt_internal (argc, argv, options, long_options, opt_index, 1);
-}
-
-
-#endif /* Not ELIDE_CODE. */
-\f
-#ifdef TEST
-
-#include <stdio.h>
-
-int
-main (argc, argv)
- int argc;
- char **argv;
-{
- int c;
- int digit_optind = 0;
-
- while (1)
- {
- int this_option_optind = optind ? optind : 1;
- int option_index = 0;
- static struct option long_options[] =
- {
- {"add", 1, 0, 0},
- {"append", 0, 0, 0},
- {"delete", 1, 0, 0},
- {"verbose", 0, 0, 0},
- {"create", 0, 0, 0},
- {"file", 1, 0, 0},
- {0, 0, 0, 0}
- };
-
- c = getopt_long (argc, argv, "abc:d:0123456789",
- long_options, &option_index);
- if (c == -1)
- break;
-
- switch (c)
- {
- case 0:
- printf ("option %s", long_options[option_index].name);
- if (optarg)
- printf (" with arg %s", optarg);
- printf ("\n");
- break;
-
- case '0':
- case '1':
- case '2':
- case '3':
- case '4':
- case '5':
- case '6':
- case '7':
- case '8':
- case '9':
- if (digit_optind != 0 && digit_optind != this_option_optind)
- printf ("digits occur in two different argv-elements.\n");
- digit_optind = this_option_optind;
- printf ("option %c\n", c);
- break;
-
- case 'a':
- printf ("option a\n");
- break;
-
- case 'b':
- printf ("option b\n");
- break;
-
- case 'c':
- printf ("option c with value `%s'\n", optarg);
- break;
-
- case 'd':
- printf ("option d with value `%s'\n", optarg);
- break;
-
- case '?':
- break;
-
- default:
- printf ("?? getopt returned character code 0%o ??\n", c);
- }
- }
-
- if (optind < argc)
- {
- printf ("non-option ARGV-elements: ");
- while (optind < argc)
- printf ("%s ", argv[optind++]);
- printf ("\n");
- }
-
- exit (0);
-}
-
-#endif /* TEST */
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002, 2003 Niels Möller
+ * Copyright (C) 2002, 2003 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002, 2003 Niels Möller
+ * Copyright (C) 2002, 2003 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_TOOLS_INPUT_H_INCLUDED
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002, 2003 Niels Möller
+ * Copyright (C) 2002, 2003 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
va_start(args, format);
vfprintf(stderr, format, args);
va_end(args);
+}
- exit(EXIT_FAILURE);
+void *
+xalloc(size_t size)
+{
+ void *p = malloc(size);
+ if (!p)
+ {
+ fprintf(stderr, "Virtual memory exhausted.\n");
+ abort();
+ }
+
+ return p;
}
const char
1,1,1,1,1,1,1,1, 1,1,1,0,0,1,0,0,
/* @ A ... O */
0,1,1,1,1,1,1,1, 1,1,1,1,1,1,1,1,
- /* P ... Z [ \ ] ^ _ */
+ /* P ... Z [ \Â ] ^ _ */
1,1,1,1,1,1,1,1, 1,1,1,0,0,0,0,1,
/* ` a, ... o */
0,1,1,1,1,1,1,1, 1,1,1,1,1,1,1,1,
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002, 2003 Niels Möller
+ * Copyright (C) 2002, 2003 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_TOOLS_MISC_H_INCLUDED
#endif
void
-die(const char *format, ...)
-#if __GNUC___
- __attribute__((__format__ (__printf__,1, 2)))
- __attribute__((__noreturn__))
-#endif
- ;
+die(const char *format, ...) PRINTF_STYLE (1, 2) NORETURN;
void
-werror(const char *format, ...)
-#if __GNUC___
- __attribute__((__format__ (__printf__,1, 2)))
- __attribute__((__noreturn__))
-#endif
- ;
+werror(const char *format, ...) PRINTF_STYLE (1, 2);
+
+void *
+xalloc(size_t size);
enum sexp_mode
{
--- /dev/null
+/* nettle-hash.c
+ *
+ * General hashing tool. */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2011 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "nettle-meta.h"
+#include "base16.h"
+
+#include "getopt.h"
+#include "misc.h"
+
+#define BUFSIZE 16384
+
+static void
+list_algorithms (void)
+{
+ unsigned i;
+ const struct nettle_hash *alg;
+ printf ("%10s digestsize (internal block size), in units of octets\n", "name");
+
+ for (i = 0; (alg = nettle_hashes[i]); i++)
+ printf ("%10s %d (%d)\n",
+ alg->name, alg->digest_size, alg->block_size);
+};
+
+static const struct nettle_hash *
+find_algorithm (const char *name)
+{
+ const struct nettle_hash *alg;
+ unsigned i;
+
+ for (i = 0; (alg = nettle_hashes[i]); i++)
+ if (!strcmp(name, alg->name))
+ return alg;
+
+ return NULL;
+}
+
+/* Also in examples/io.c */
+static int
+hash_file(const struct nettle_hash *hash, void *ctx, FILE *f)
+{
+ for (;;)
+ {
+ char buffer[BUFSIZE];
+ size_t res = fread(buffer, 1, sizeof(buffer), f);
+ if (ferror(f))
+ return 0;
+
+ hash->update(ctx, res, buffer);
+ if (feof(f))
+ return 1;
+ }
+}
+
+static int
+digest_file(const struct nettle_hash *alg,
+ unsigned digest_length, int raw,
+ FILE *f)
+{
+ void *ctx;
+ uint8_t *digest;
+ ctx = xalloc(alg->context_size);
+
+ alg->init(ctx);
+
+ if (!hash_file (alg, ctx, f))
+ {
+ free (ctx);
+ return 0;
+ }
+
+ digest = xalloc(digest_length);
+ alg->digest(ctx, digest_length, digest);
+ free(ctx);
+
+ if (raw)
+ fwrite (digest, digest_length, 1, stdout);
+
+ else
+ {
+ unsigned i;
+ char *hex = xalloc(BASE16_ENCODE_LENGTH(8) + 1);
+ for (i = 0; i + 8 < digest_length; i += 8)
+ {
+ base16_encode_update(hex, 8, digest + i);
+ hex[BASE16_ENCODE_LENGTH(8)] = 0;
+ printf("%s ", hex);
+ }
+ base16_encode_update(hex, digest_length - i, digest + i);
+ hex[BASE16_ENCODE_LENGTH(digest_length - i)] = 0;
+ printf("%s %s\n", hex, alg->name);
+ free(hex);
+ }
+
+ free(digest);
+
+ return 1;
+}
+
+/* FIXME: Be more compatible with md5sum and sha1sum. Options -c
+ (check), -b (binary), -t (text), and output format with hex hash
+ sum, optional star (meaning binary mode), and file name. */
+int
+main (int argc, char **argv)
+{
+ const char *alg_name = NULL;
+ const struct nettle_hash *alg;
+ unsigned length = 0;
+ int raw = 0;
+ int c;
+
+ enum { OPT_HELP = 0x300, OPT_RAW, OPT_LIST };
+ static const struct option options[] =
+ {
+ /* Name, args, flag, val */
+ { "help", no_argument, NULL, OPT_HELP },
+ { "version", no_argument, NULL, 'V' },
+ { "algorithm", required_argument, NULL, 'a' },
+ { "length", required_argument, NULL, 'l' },
+ { "list", no_argument, NULL, OPT_LIST },
+ { "raw", no_argument, NULL, OPT_RAW },
+
+ { NULL, 0, NULL, 0 }
+ };
+
+ while ( (c = getopt_long(argc, argv, "Va:l:", options, NULL)) != -1)
+ switch (c)
+ {
+ default:
+ abort();
+ case OPT_HELP:
+ printf("nettle-hash -a ALGORITHM [OPTIONS] [FILE ...]\n"
+ "Options:\n"
+ " --help Show this help.\n"
+ " -V, --version Show version information.\n"
+ " --list List supported hash algorithms.\n"
+ " -a, --algorithm=ALG Hash algorithm to use.\n"
+ " -l, --length=LENGTH Desired digest length (octets)\n"
+ " --raw Raw binary output.\n");
+ return EXIT_SUCCESS;
+ case 'V':
+ printf("nettle-hash (" PACKAGE_STRING ")\n");
+ return EXIT_SUCCESS;
+ case 'a':
+ alg_name = optarg;
+ break;
+ case 'l':
+ {
+ int arg;
+ arg = atoi (optarg);
+ if (arg <= 0)
+ die ("Invalid length argument: `%s'\n", optarg);
+ length = arg;
+ }
+ break;
+ case OPT_RAW:
+ raw = 1;
+ break;
+ case OPT_LIST:
+ list_algorithms();
+ return EXIT_SUCCESS;
+ }
+
+ if (!alg_name)
+ die("Algorithm argument (-a option) is mandatory.\n"
+ "See nettle-hash --help for further information.\n");
+
+ alg = find_algorithm (alg_name);
+ if (!alg)
+ die("Hash algorithm `%s' not supported or .\n"
+ "Use nettle-hash --list to list available algorithms.\n",
+ alg_name);
+
+ if (length == 0)
+ length = alg->digest_size;
+ else if (length > alg->digest_size)
+ die ("Length argument %d too large for selected algorithm.\n",
+ length);
+
+ argv += optind;
+ argc -= optind;
+
+ if (argc == 0)
+ digest_file (alg, length, raw, stdin);
+ else
+ {
+ int i;
+ for (i = 0; i < argc; i++)
+ {
+ FILE *f = fopen (argv[i], "rb");
+ if (!f)
+ die ("Cannot open `%s': %s\n", argv[i], STRERROR(errno));
+ printf("%s: ", argv[i]);
+ if (!digest_file (alg, length, raw, f))
+ die("Reading `%s' failed: %s\n", argv[i], STRERROR(errno));
+ fclose(f);
+ }
+ }
+ if (fflush(stdout) != 0 )
+ die("Write failed: %s\n", STRERROR(errno));
+
+ return EXIT_SUCCESS;
+}
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2003 Niels Möller
+ * Copyright (C) 2003 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
#include "knuth-lfib.h"
#include <stdio.h>
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002, 2003 Niels Möller
+ * Copyright (C) 2002, 2003 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002, 2003 Niels Möller
+ * Copyright (C) 2002, 2003 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_TOOLS_OUTPUT_H_INCLUDED
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002, 2003 Niels Möller
+ * Copyright (C) 2002, 2003 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002, 2003 Niels Möller
+ * Copyright (C) 2002, 2003 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_TOOLS_PARSE_H_INCLUDED
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2005, 2009 Niels Möller, Magnus Holmgren
+ * Copyright (C) 2005, 2009 Niels Möller, Magnus Holmgren
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
enum object_type
{
+ /* Use a range of values which also work as option id:s */
RSA_PRIVATE_KEY = 0x200,
RSA_PUBLIC_KEY,
DSA_PRIVATE_KEY,
nettle_buffer_reset(buffer);
res = dsa_keypair_to_sexp(buffer, NULL, &pub, NULL) > 0;
}
+ dsa_public_key_clear(&pub);
}
if (!res)
werror("SubjectPublicKeyInfo: Invalid DSA key.\n");
nettle_buffer_reset(buffer);
res = rsa_keypair_to_sexp(buffer, NULL, &pub, NULL) > 0;
}
+ rsa_public_key_clear(&pub);
}
if (!res)
werror("SubjectPublicKeyInfo: Invalid RSA key.\n");
}
else
werror("SubjectPublicKeyInfo: Invalid object.\n");
-
+
return res;
}
}
}
-
int
main(int argc, char **argv)
{
enum object_type type = 0;
int base64 = 0;
int c;
+
+ enum {
+ OPT_HELP = 0x300,
+ OPT_PRIVATE_RSA = RSA_PRIVATE_KEY,
+ OPT_PUBLIC_RSA = RSA_PUBLIC_KEY,
+ OPT_PRIVATE_DSA = DSA_PRIVATE_KEY,
+ OPT_PUBLIC_KEY = GENERAL_PUBLIC_KEY,
+ };
static const struct option options[] =
{
/* Name, args, flag, val */
- { "help", no_argument, NULL, '?' },
+ { "help", no_argument, NULL, OPT_HELP },
{ "version", no_argument, NULL, 'V' },
- { "private-rsa-key", no_argument, NULL, RSA_PRIVATE_KEY },
- { "public-rsa-key", no_argument, NULL, RSA_PUBLIC_KEY },
- { "private-dsa-key", no_argument, NULL, DSA_PRIVATE_KEY },
- { "public-key-info", no_argument, NULL, GENERAL_PUBLIC_KEY },
+ { "private-rsa-key", no_argument, NULL, OPT_PRIVATE_RSA },
+ { "public-rsa-key", no_argument, NULL, OPT_PUBLIC_RSA },
+ { "private-dsa-key", no_argument, NULL, OPT_PRIVATE_DSA },
+ { "public-key-info", no_argument, NULL, OPT_PUBLIC_KEY },
{ "base-64", no_argument, NULL, 'b' },
{ NULL, 0, NULL, 0 }
};
- while ( (c = getopt_long(argc, argv, "V?b", options, NULL)) != -1)
+ while ( (c = getopt_long(argc, argv, "Vb", options, NULL)) != -1)
{
switch (c)
{
base64 = 1;
break;
- case RSA_PRIVATE_KEY:
- case RSA_PUBLIC_KEY:
- case DSA_PRIVATE_KEY:
- case GENERAL_PUBLIC_KEY:
+ case OPT_PRIVATE_RSA:
+ case OPT_PUBLIC_RSA:
+ case OPT_PRIVATE_DSA:
+ case OPT_PUBLIC_KEY:
+ /* Same values as the type codes. */
type = c;
break;
- case '?':
+ case OPT_HELP:
printf("FIXME: Usage information.\n");
return EXIT_SUCCESS;
+ case '?':
+ return EXIT_FAILURE;
case 'V':
printf("pkcs1-conv (" PACKAGE_STRING ")\n");
- exit (EXIT_SUCCESS);
+ return EXIT_SUCCESS;
}
}
fclose(f);
}
}
+ nettle_buffer_clear (&buffer);
+
return EXIT_SUCCESS;
}
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
#define BUG_ADDRESS "nettle-bugs@lists.lysator.liu.se"
-static void *
-xalloc(size_t size)
-{
- void *p = malloc(size);
- if (!p)
- {
- fprintf(stderr, "Virtual memory exhausted.\n");
- abort();
- }
-
- return p;
-}
-
\f
/* Conversion functions. */
const struct nettle_hash *hash;
};
-enum { OPT_ONCE = 300, OPT_HASH, OPT_LOCK };
+enum { OPT_ONCE = 300, OPT_HASH, OPT_LOCK, OPT_HELP };
static int
match_argument(const char *given, const char *name)
static const struct option options[] =
{
/* Name, args, flag, val */
- { "help", no_argument, NULL, '?' },
+ { "help", no_argument, NULL, OPT_HELP },
{ "version", no_argument, NULL, 'V' },
{ "once", no_argument, NULL, OPT_ONCE },
{ "syntax", required_argument, NULL, 's' },
int option_index = 0;
unsigned i;
- c = getopt_long(argc, argv, "V?s:w:", options, &option_index);
+ c = getopt_long(argc, argv, "Vs:w:", options, &option_index);
switch (c)
{
die("sexp-conv: Command line takes no arguments, only options.\n");
return;
+ case '?':
+ exit(EXIT_FAILURE);
+
case 'w':
{
char *end;
o->lock = 1;
break;
#endif
- case '?':
+ case OPT_HELP:
printf("Usage: sexp-conv [OPTION...]\n"
" Conversion: sexp-conv [OPTION...] <INPUT-SEXP\n"
" Fingerprinting: sexp-conv --hash=HASH <INPUT-SEXP\n\n"
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
* Copyright (C) 1999 J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl>
*
* Integrated with the nettle library,
- * Copyright (C) 2001 Niels Möller
+ * Copyright (C) 2001 Niels Möller
*/
/* nettle, low-level cryptographics library
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* ------------------------------------------------------------------------- */
/* The permutations q0 and q1. These are fixed permutations on 8-bit values.
- * The permutations have been computed using the program generate_q
+ * The permutations have been computed using the program twofish-data,
* which is distributed along with this file.
*/
-static const uint8_t q0[] = { 0xA9, 0x67, 0xB3, 0xE8, 0x04, 0xFD, 0xA3, 0x76,
- 0x9A, 0x92, 0x80, 0x78, 0xE4, 0xDD, 0xD1, 0x38,
- 0x0D, 0xC6, 0x35, 0x98, 0x18, 0xF7, 0xEC, 0x6C,
- 0x43, 0x75, 0x37, 0x26, 0xFA, 0x13, 0x94, 0x48,
- 0xF2, 0xD0, 0x8B, 0x30, 0x84, 0x54, 0xDF, 0x23,
- 0x19, 0x5B, 0x3D, 0x59, 0xF3, 0xAE, 0xA2, 0x82,
- 0x63, 0x01, 0x83, 0x2E, 0xD9, 0x51, 0x9B, 0x7C,
- 0xA6, 0xEB, 0xA5, 0xBE, 0x16, 0x0C, 0xE3, 0x61,
- 0xC0, 0x8C, 0x3A, 0xF5, 0x73, 0x2C, 0x25, 0x0B,
- 0xBB, 0x4E, 0x89, 0x6B, 0x53, 0x6A, 0xB4, 0xF1,
- 0xE1, 0xE6, 0xBD, 0x45, 0xE2, 0xF4, 0xB6, 0x66,
- 0xCC, 0x95, 0x03, 0x56, 0xD4, 0x1C, 0x1E, 0xD7,
- 0xFB, 0xC3, 0x8E, 0xB5, 0xE9, 0xCF, 0xBF, 0xBA,
- 0xEA, 0x77, 0x39, 0xAF, 0x33, 0xC9, 0x62, 0x71,
- 0x81, 0x79, 0x09, 0xAD, 0x24, 0xCD, 0xF9, 0xD8,
- 0xE5, 0xC5, 0xB9, 0x4D, 0x44, 0x08, 0x86, 0xE7,
- 0xA1, 0x1D, 0xAA, 0xED, 0x06, 0x70, 0xB2, 0xD2,
- 0x41, 0x7B, 0xA0, 0x11, 0x31, 0xC2, 0x27, 0x90,
- 0x20, 0xF6, 0x60, 0xFF, 0x96, 0x5C, 0xB1, 0xAB,
- 0x9E, 0x9C, 0x52, 0x1B, 0x5F, 0x93, 0x0A, 0xEF,
- 0x91, 0x85, 0x49, 0xEE, 0x2D, 0x4F, 0x8F, 0x3B,
- 0x47, 0x87, 0x6D, 0x46, 0xD6, 0x3E, 0x69, 0x64,
- 0x2A, 0xCE, 0xCB, 0x2F, 0xFC, 0x97, 0x05, 0x7A,
- 0xAC, 0x7F, 0xD5, 0x1A, 0x4B, 0x0E, 0xA7, 0x5A,
- 0x28, 0x14, 0x3F, 0x29, 0x88, 0x3C, 0x4C, 0x02,
- 0xB8, 0xDA, 0xB0, 0x17, 0x55, 0x1F, 0x8A, 0x7D,
- 0x57, 0xC7, 0x8D, 0x74, 0xB7, 0xC4, 0x9F, 0x72,
- 0x7E, 0x15, 0x22, 0x12, 0x58, 0x07, 0x99, 0x34,
- 0x6E, 0x50, 0xDE, 0x68, 0x65, 0xBC, 0xDB, 0xF8,
- 0xC8, 0xA8, 0x2B, 0x40, 0xDC, 0xFE, 0x32, 0xA4,
- 0xCA, 0x10, 0x21, 0xF0, 0xD3, 0x5D, 0x0F, 0x00,
- 0x6F, 0x9D, 0x36, 0x42, 0x4A, 0x5E, 0xC1, 0xE0, };
-
-static const uint8_t q1[] = { 0x75, 0xF3, 0xC6, 0xF4, 0xDB, 0x7B, 0xFB, 0xC8,
- 0x4A, 0xD3, 0xE6, 0x6B, 0x45, 0x7D, 0xE8, 0x4B,
- 0xD6, 0x32, 0xD8, 0xFD, 0x37, 0x71, 0xF1, 0xE1,
- 0x30, 0x0F, 0xF8, 0x1B, 0x87, 0xFA, 0x06, 0x3F,
- 0x5E, 0xBA, 0xAE, 0x5B, 0x8A, 0x00, 0xBC, 0x9D,
- 0x6D, 0xC1, 0xB1, 0x0E, 0x80, 0x5D, 0xD2, 0xD5,
- 0xA0, 0x84, 0x07, 0x14, 0xB5, 0x90, 0x2C, 0xA3,
- 0xB2, 0x73, 0x4C, 0x54, 0x92, 0x74, 0x36, 0x51,
- 0x38, 0xB0, 0xBD, 0x5A, 0xFC, 0x60, 0x62, 0x96,
- 0x6C, 0x42, 0xF7, 0x10, 0x7C, 0x28, 0x27, 0x8C,
- 0x13, 0x95, 0x9C, 0xC7, 0x24, 0x46, 0x3B, 0x70,
- 0xCA, 0xE3, 0x85, 0xCB, 0x11, 0xD0, 0x93, 0xB8,
- 0xA6, 0x83, 0x20, 0xFF, 0x9F, 0x77, 0xC3, 0xCC,
- 0x03, 0x6F, 0x08, 0xBF, 0x40, 0xE7, 0x2B, 0xE2,
- 0x79, 0x0C, 0xAA, 0x82, 0x41, 0x3A, 0xEA, 0xB9,
- 0xE4, 0x9A, 0xA4, 0x97, 0x7E, 0xDA, 0x7A, 0x17,
- 0x66, 0x94, 0xA1, 0x1D, 0x3D, 0xF0, 0xDE, 0xB3,
- 0x0B, 0x72, 0xA7, 0x1C, 0xEF, 0xD1, 0x53, 0x3E,
- 0x8F, 0x33, 0x26, 0x5F, 0xEC, 0x76, 0x2A, 0x49,
- 0x81, 0x88, 0xEE, 0x21, 0xC4, 0x1A, 0xEB, 0xD9,
- 0xC5, 0x39, 0x99, 0xCD, 0xAD, 0x31, 0x8B, 0x01,
- 0x18, 0x23, 0xDD, 0x1F, 0x4E, 0x2D, 0xF9, 0x48,
- 0x4F, 0xF2, 0x65, 0x8E, 0x78, 0x5C, 0x58, 0x19,
- 0x8D, 0xE5, 0x98, 0x57, 0x67, 0x7F, 0x05, 0x64,
- 0xAF, 0x63, 0xB6, 0xFE, 0xF5, 0xB7, 0x3C, 0xA5,
- 0xCE, 0xE9, 0x68, 0x44, 0xE0, 0x4D, 0x43, 0x69,
- 0x29, 0x2E, 0xAC, 0x15, 0x59, 0xA8, 0x0A, 0x9E,
- 0x6E, 0x47, 0xDF, 0x34, 0x35, 0x6A, 0xCF, 0xDC,
- 0x22, 0xC9, 0xC0, 0x9B, 0x89, 0xD4, 0xED, 0xAB,
- 0x12, 0xA2, 0x0D, 0x52, 0xBB, 0x02, 0x2F, 0xA9,
- 0xD7, 0x61, 0x1E, 0xB4, 0x50, 0x04, 0xF6, 0xC2,
- 0x16, 0x25, 0x86, 0x56, 0x55, 0x09, 0xBE, 0x91, };
+static const uint8_t q0[256] = {
+ 0xA9,0x67,0xB3,0xE8,0x04,0xFD,0xA3,0x76,
+ 0x9A,0x92,0x80,0x78,0xE4,0xDD,0xD1,0x38,
+ 0x0D,0xC6,0x35,0x98,0x18,0xF7,0xEC,0x6C,
+ 0x43,0x75,0x37,0x26,0xFA,0x13,0x94,0x48,
+ 0xF2,0xD0,0x8B,0x30,0x84,0x54,0xDF,0x23,
+ 0x19,0x5B,0x3D,0x59,0xF3,0xAE,0xA2,0x82,
+ 0x63,0x01,0x83,0x2E,0xD9,0x51,0x9B,0x7C,
+ 0xA6,0xEB,0xA5,0xBE,0x16,0x0C,0xE3,0x61,
+ 0xC0,0x8C,0x3A,0xF5,0x73,0x2C,0x25,0x0B,
+ 0xBB,0x4E,0x89,0x6B,0x53,0x6A,0xB4,0xF1,
+ 0xE1,0xE6,0xBD,0x45,0xE2,0xF4,0xB6,0x66,
+ 0xCC,0x95,0x03,0x56,0xD4,0x1C,0x1E,0xD7,
+ 0xFB,0xC3,0x8E,0xB5,0xE9,0xCF,0xBF,0xBA,
+ 0xEA,0x77,0x39,0xAF,0x33,0xC9,0x62,0x71,
+ 0x81,0x79,0x09,0xAD,0x24,0xCD,0xF9,0xD8,
+ 0xE5,0xC5,0xB9,0x4D,0x44,0x08,0x86,0xE7,
+ 0xA1,0x1D,0xAA,0xED,0x06,0x70,0xB2,0xD2,
+ 0x41,0x7B,0xA0,0x11,0x31,0xC2,0x27,0x90,
+ 0x20,0xF6,0x60,0xFF,0x96,0x5C,0xB1,0xAB,
+ 0x9E,0x9C,0x52,0x1B,0x5F,0x93,0x0A,0xEF,
+ 0x91,0x85,0x49,0xEE,0x2D,0x4F,0x8F,0x3B,
+ 0x47,0x87,0x6D,0x46,0xD6,0x3E,0x69,0x64,
+ 0x2A,0xCE,0xCB,0x2F,0xFC,0x97,0x05,0x7A,
+ 0xAC,0x7F,0xD5,0x1A,0x4B,0x0E,0xA7,0x5A,
+ 0x28,0x14,0x3F,0x29,0x88,0x3C,0x4C,0x02,
+ 0xB8,0xDA,0xB0,0x17,0x55,0x1F,0x8A,0x7D,
+ 0x57,0xC7,0x8D,0x74,0xB7,0xC4,0x9F,0x72,
+ 0x7E,0x15,0x22,0x12,0x58,0x07,0x99,0x34,
+ 0x6E,0x50,0xDE,0x68,0x65,0xBC,0xDB,0xF8,
+ 0xC8,0xA8,0x2B,0x40,0xDC,0xFE,0x32,0xA4,
+ 0xCA,0x10,0x21,0xF0,0xD3,0x5D,0x0F,0x00,
+ 0x6F,0x9D,0x36,0x42,0x4A,0x5E,0xC1,0xE0,
+};
+
+static const uint8_t q1[256] = {
+ 0x75,0xF3,0xC6,0xF4,0xDB,0x7B,0xFB,0xC8,
+ 0x4A,0xD3,0xE6,0x6B,0x45,0x7D,0xE8,0x4B,
+ 0xD6,0x32,0xD8,0xFD,0x37,0x71,0xF1,0xE1,
+ 0x30,0x0F,0xF8,0x1B,0x87,0xFA,0x06,0x3F,
+ 0x5E,0xBA,0xAE,0x5B,0x8A,0x00,0xBC,0x9D,
+ 0x6D,0xC1,0xB1,0x0E,0x80,0x5D,0xD2,0xD5,
+ 0xA0,0x84,0x07,0x14,0xB5,0x90,0x2C,0xA3,
+ 0xB2,0x73,0x4C,0x54,0x92,0x74,0x36,0x51,
+ 0x38,0xB0,0xBD,0x5A,0xFC,0x60,0x62,0x96,
+ 0x6C,0x42,0xF7,0x10,0x7C,0x28,0x27,0x8C,
+ 0x13,0x95,0x9C,0xC7,0x24,0x46,0x3B,0x70,
+ 0xCA,0xE3,0x85,0xCB,0x11,0xD0,0x93,0xB8,
+ 0xA6,0x83,0x20,0xFF,0x9F,0x77,0xC3,0xCC,
+ 0x03,0x6F,0x08,0xBF,0x40,0xE7,0x2B,0xE2,
+ 0x79,0x0C,0xAA,0x82,0x41,0x3A,0xEA,0xB9,
+ 0xE4,0x9A,0xA4,0x97,0x7E,0xDA,0x7A,0x17,
+ 0x66,0x94,0xA1,0x1D,0x3D,0xF0,0xDE,0xB3,
+ 0x0B,0x72,0xA7,0x1C,0xEF,0xD1,0x53,0x3E,
+ 0x8F,0x33,0x26,0x5F,0xEC,0x76,0x2A,0x49,
+ 0x81,0x88,0xEE,0x21,0xC4,0x1A,0xEB,0xD9,
+ 0xC5,0x39,0x99,0xCD,0xAD,0x31,0x8B,0x01,
+ 0x18,0x23,0xDD,0x1F,0x4E,0x2D,0xF9,0x48,
+ 0x4F,0xF2,0x65,0x8E,0x78,0x5C,0x58,0x19,
+ 0x8D,0xE5,0x98,0x57,0x67,0x7F,0x05,0x64,
+ 0xAF,0x63,0xB6,0xFE,0xF5,0xB7,0x3C,0xA5,
+ 0xCE,0xE9,0x68,0x44,0xE0,0x4D,0x43,0x69,
+ 0x29,0x2E,0xAC,0x15,0x59,0xA8,0x0A,0x9E,
+ 0x6E,0x47,0xDF,0x34,0x35,0x6A,0xCF,0xDC,
+ 0x22,0xC9,0xC0,0x9B,0x89,0xD4,0xED,0xAB,
+ 0x12,0xA2,0x0D,0x52,0xBB,0x02,0x2F,0xA9,
+ 0xD7,0x61,0x1E,0xB4,0x50,0x04,0xF6,0xC2,
+ 0x16,0x25,0x86,0x56,0x55,0x09,0xBE,0x91,
+};
/* ------------------------------------------------------------------------- */
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001 Niels Möller
+ * Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
/*
--- /dev/null
+/*
+ * twofishdata.c - Generates the permutations q0 and q1 for twofish.
+ * Copyright (C) 1999 Ruud de Rooij <ruud@debian.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA
+ */
+
+#include <stdio.h>
+
+#define ror4(x) (((x) >> 1) | (((x) & 1) << 3))
+
+static unsigned char q0(unsigned char x)
+{
+ static const unsigned char t0[16] = {
+ 0x8, 0x1, 0x7, 0xD, 0x6, 0xF, 0x3, 0x2,
+ 0x0, 0xB, 0x5, 0x9, 0xE, 0xC, 0xA, 0x4
+ };
+ static const unsigned char t1[16] = {
+ 0xE, 0xC, 0xB, 0x8, 0x1, 0x2, 0x3, 0x5,
+ 0xF, 0x4, 0xA, 0x6, 0x7, 0x0, 0x9, 0xD
+ };
+ static const unsigned char t2[16] = {
+ 0xB, 0xA, 0x5, 0xE, 0x6, 0xD, 0x9, 0x0,
+ 0xC, 0x8, 0xF, 0x3, 0x2, 0x4, 0x7, 0x1
+ };
+ static const unsigned char t3[16] = {
+ 0xD, 0x7, 0xF, 0x4, 0x1, 0x2, 0x6, 0xE,
+ 0x9, 0xB, 0x3, 0x0, 0x8, 0x5, 0xC, 0xA
+ };
+
+ unsigned char a0 = x / 16;
+ unsigned char b0 = x % 16;
+
+ unsigned char a1 = a0 ^ b0;
+ unsigned char b1 = a0 ^ ror4(b0) ^ ((8*a0) % 16);
+
+ unsigned char a2 = t0[a1];
+ unsigned char b2 = t1[b1];
+
+ unsigned char a3 = a2 ^ b2;
+ unsigned char b3 = a2 ^ ror4(b2) ^ ((8*a2) % 16);
+
+ unsigned char a4 = t2[a3];
+ unsigned char b4 = t3[b3];
+
+ unsigned char y = 16*b4 + a4;
+
+ return y;
+}
+
+static unsigned char q1(unsigned char x)
+{
+ static const unsigned char t0[16] = {
+ 0x2, 0x8, 0xB, 0xD, 0xF, 0x7, 0x6, 0xE,
+ 0x3, 0x1, 0x9, 0x4, 0x0, 0xA, 0xC, 0x5
+ };
+ static const unsigned char t1[16] = {
+ 0x1, 0xE, 0x2, 0xB, 0x4, 0xC, 0x3, 0x7,
+ 0x6, 0xD, 0xA, 0x5, 0xF, 0x9, 0x0, 0x8
+ };
+ static const unsigned char t2[16] = {
+ 0x4, 0xC, 0x7, 0x5, 0x1, 0x6, 0x9, 0xA,
+ 0x0, 0xE, 0xD, 0x8, 0x2, 0xB, 0x3, 0xF
+ };
+ static const unsigned char t3[16] = {
+ 0xB, 0x9, 0x5, 0x1, 0xC, 0x3, 0xD, 0xE,
+ 0x6, 0x4, 0x7, 0xF, 0x2, 0x0, 0x8, 0xA
+ };
+
+ unsigned char a0 = x / 16;
+ unsigned char b0 = x % 16;
+
+ unsigned char a1 = a0 ^ b0;
+ unsigned char b1 = a0 ^ ror4(b0) ^ ((8*a0) % 16);
+
+ unsigned char a2 = t0[a1];
+ unsigned char b2 = t1[b1];
+
+ unsigned char a3 = a2 ^ b2;
+ unsigned char b3 = a2 ^ ror4(b2) ^ ((8*a2) % 16);
+
+ unsigned char a4 = t2[a3];
+ unsigned char b4 = t3[b3];
+
+ unsigned char y = 16*b4 + a4;
+
+ return y;
+}
+
+int
+main(void)
+{
+ unsigned i;
+
+ printf("static const uint8_t q0[256] = {");
+ for (i = 0; i < 256; i++) {
+ if ( (i % 8) == 0)
+ printf("\n ");
+ printf("0x%02X,", q0(i));
+ }
+ printf("\n};\n\n");
+
+ printf("static const uint8_t q1[256] = {");
+ for (i = 0; i < 256; i++) {
+ if ( (i % 8) == 0)
+ printf("\n ");
+ printf("0x%02X,", q1(i));
+ }
+ printf("\n};\n");
+
+ return 0;
+}
--- /dev/null
+/* umac-l2.c
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+#include <string.h>
+
+#include "umac.h"
+
+#include "macros.h"
+
+/* Same mask applied to low and high halves */
+#define KEY_MASK 0x01ffffffUL
+
+#if WORDS_BIGENDIAN
+#define BE_SWAP32(x) x
+#else
+#define BE_SWAP32(x) \
+ ((ROTL32(8, x) & 0x00FF00FFUL) | \
+ (ROTL32(24, x) & 0xFF00FF00UL))
+#endif
+
+void
+_umac_l2_init (unsigned size, uint32_t *k)
+{
+ unsigned i;
+ for (i = 0; i < size; i++)
+ {
+ uint32_t w = k[i];
+ w = BE_SWAP32 (w);
+ k[i] = w & KEY_MASK;
+ }
+}
+
+void
+_umac_l2(const uint32_t *key, uint64_t *state, unsigned n,
+ uint64_t count, const uint64_t *m)
+{
+ uint64_t *prev = state + 2*n;
+ unsigned i;
+
+ if (count == 0)
+ memcpy (prev, m, n * sizeof(*m));
+ else if (count == 1)
+ for (i = 0; i < n; i++, key += 6)
+ {
+ uint64_t y = _umac_poly64 (key[0], key[1], 1, prev[i]);
+ state[2*i+1] = _umac_poly64 (key[0], key[1], y, m[i]);
+ }
+ else if (count < UMAC_POLY64_BLOCKS)
+ for (i = 0; i < n; i++, key += 6)
+ state[2*i+1] = _umac_poly64 (key[0], key[1], state[2*i+1], m[i]);
+ else if (count % 2 == 0)
+ {
+ if (count == UMAC_POLY64_BLOCKS)
+ for (i = 0, key += 2; i < n; i++, key += 6)
+ {
+ uint64_t y = state[2*i+1];
+ if (y >= UMAC_P64)
+ y -= UMAC_P64;
+ state[2*i] = 0;
+ state[2*i+1] = 1;
+
+ _umac_poly128 (key, state + 2*i, 0, y);
+ }
+ memcpy (prev, m, n * sizeof(*m));
+ }
+ else
+ for (i = 0, key += 2; i < n; i++, key += 6)
+ _umac_poly128 (key, state + 2*i, prev[i], m[i]);
+}
+
+void
+_umac_l2_final(const uint32_t *key, uint64_t *state, unsigned n,
+ uint64_t count)
+{
+ uint64_t *prev = state + 2*n;
+ unsigned i;
+
+ assert (count > 0);
+ if (count == 1)
+ for (i = 0; i < n; i++)
+ {
+ *state++ = 0;
+ *state++ = *prev++;
+ }
+ else if (count <= UMAC_POLY64_BLOCKS)
+ for (i = 0; i < n; i++)
+ {
+ uint64_t y;
+ *state++ = 0;
+
+ y = *state;
+ if (y >= UMAC_P64)
+ y -= UMAC_P64;
+ *state++ = y;
+ }
+ else
+ {
+ uint64_t pad = (uint64_t) 1 << 63;
+ if (count % 2 == 1)
+ for (i = 0, key += 2; i < n; i++, key += 6)
+ _umac_poly128 (key, state + 2*i, prev[i], pad);
+ else
+ for (i = 0, key += 2; i < n; i++, key += 6)
+ _umac_poly128 (key, state + 2*i, pad, 0);
+
+ for (i = 0; i < n; i++, state += 2)
+ {
+ uint64_t yh, yl;
+
+ yh = state[0];
+ yl = state[1];
+ if (yh == UMAC_P128_HI && yl >= UMAC_P128_LO)
+ {
+ state[0] = 0;
+ state[1] = yl -= UMAC_P128_LO;
+ }
+ }
+ }
+}
--- /dev/null
+/* umac-l3.c
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "umac.h"
+
+#include "macros.h"
+
+/* 2^36 - 5 */
+#define P 0x0000000FFFFFFFFBULL
+
+#if WORDS_BIGENDIAN
+#define BE_SWAP64(x) x
+#else
+#define BE_SWAP64(x) \
+ (((x & 0xff) << 56) \
+ | ((x & 0xff00) << 40) \
+ | ((x & 0xff0000) << 24) \
+ | ((x & 0xff000000) << 8) \
+ | ((x >> 8) & 0xff000000) \
+ | ((x >> 24) & 0xff0000) \
+ | ((x >> 40) & 0xff00) \
+ | (x >> 56) )
+#endif
+
+void
+_umac_l3_init (unsigned size, uint64_t *k)
+{
+ unsigned i;
+ for (i = 0; i < size; i++)
+ {
+ uint64_t w = k[i];
+ w = BE_SWAP64 (w);
+ k[i] = w % P;
+ }
+}
+
+static uint64_t
+umac_l3_word (const uint64_t *k, uint64_t w)
+{
+ unsigned i;
+ uint64_t y;
+
+ /* Since it's easiest to process the input word from the low end,
+ * loop over keys in reverse order. */
+
+ for (i = y = 0; i < 4; i++, w >>= 16)
+ y += (w & 0xffff) * k[3-i];
+
+ return y;
+}
+
+uint32_t
+_umac_l3 (const uint64_t *key, const uint64_t *m)
+{
+ uint32_t y = (umac_l3_word (key, m[0])
+ + umac_l3_word (key + 4, m[1])) % P;
+
+#if !WORDS_BIGENDIAN
+ y = ((ROTL32(8, y) & 0x00FF00FFUL)
+ | (ROTL32(24, y) & 0xFF00FF00UL));
+#endif
+ return y;
+}
--- /dev/null
+/* umac-nh-n.c
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+#include <string.h>
+
+#include "umac.h"
+#include "macros.h"
+
+void
+_umac_nh_n (uint64_t *out, unsigned n, const uint32_t *key,
+ unsigned length, const uint8_t *msg)
+{
+ assert (length > 0);
+ assert (length <= 1024);
+ assert (length % 32 == 0);
+
+ memset(out, 0, n*sizeof(*out));
+
+ for (;length > 0; length -= 32, msg += 32, key += 8)
+ {
+ uint32_t a0, a1, b0, b1;
+ unsigned i;
+ a0 = LE_READ_UINT32 (msg);
+ a1 = LE_READ_UINT32 (msg + 4);
+ b0 = LE_READ_UINT32 (msg + 16);
+ b1 = LE_READ_UINT32 (msg + 20);
+ for (i = 0; i < n; i++)
+ out[i] += (uint64_t) (a0 + key[0+4*i]) * (b0 + key[4+4*i])
+ + (uint64_t) (a1 + key[1+4*i]) * (b1 + key[5+4*i]);
+ a0 = LE_READ_UINT32 (msg + 8);
+ a1 = LE_READ_UINT32 (msg + 12);
+ b0 = LE_READ_UINT32 (msg + 24);
+ b1 = LE_READ_UINT32 (msg + 28);
+ for (i = 0; i < n; i++)
+ out[i] += (uint64_t) (a0 + key[2+4*i]) * (b0 + key[6+4*i])
+ + (uint64_t) (a1 + key[3+4*i]) * (b1 + key[7+4*i]);
+ }
+}
--- /dev/null
+/* umac-nh.c
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "umac.h"
+#include "macros.h"
+
+uint64_t
+_umac_nh (const uint32_t *key, unsigned length, const uint8_t *msg)
+{
+ uint64_t y;
+
+ assert (length > 0);
+ assert (length <= 1024);
+ assert (length % 32 == 0);
+ for (y = 0; length > 0; length -= 32, msg += 32, key += 8)
+ {
+ uint32_t a, b;
+ a = LE_READ_UINT32 (msg) + key[0];
+ b = LE_READ_UINT32 (msg + 16) + key[4];
+ y += (uint64_t) a * b;
+ a = LE_READ_UINT32 (msg + 4) + key[1];
+ b = LE_READ_UINT32 (msg + 20) + key[5];
+ y += (uint64_t) a * b;
+ a = LE_READ_UINT32 (msg + 8) + key[2];
+ b = LE_READ_UINT32 (msg + 24) + key[6];
+ y += (uint64_t) a * b;
+ a = LE_READ_UINT32 (msg + 12) + key[3];
+ b = LE_READ_UINT32 (msg + 28) + key[7];
+ y += (uint64_t) a * b;
+ }
+
+ return y;
+}
--- /dev/null
+/* umac-poly128.c
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "umac.h"
+
+#define HI(x) (x >> 32)
+#define LO(x) (x & 0xffffffffUL)
+
+static void
+poly128_mul (const uint32_t *k, uint64_t *y)
+{
+ uint64_t y0,y1,y2,y3,p0,p1,p2,p3,m0,m1,m2;
+ y0 = LO (y[1]);
+ y1 = HI (y[1]);
+ y2 = LO (y[0]);
+ y3 = HI (y[0]);
+
+ p0 = y0 * k[3];
+ m0 = y0 * k[2] + y1 * k[3];
+ p1 = y0 * k[1] + y1 * k[2] + y2 * k[3];
+ m1 = y0 * k[0] + y1 * k[1] + y2 * k[2] + y3 * k[3];
+ p2 = y1 * k[0] + y2 * k[1] + y3 * k[2];
+ m2 = y2 * k[0] + y3 * k[1];
+ p3 = y3 * k[0];
+
+ /* Collaps to 4 64-bit words,
+ +---+---+---+---+
+ | p3| p2| p1| p0|
+ +-+-+-+-+-+-+-+-+
+ + | m2| m1| m0|
+ -+-+-+-+-+-+-+-+-+
+ */
+ /* But it's convenient to reduce (p3,p2,p1,p0) and (m2,m1,m0) mod p first.*/
+ m1 += UMAC_P128_OFFSET * HI(p3);
+ p1 += UMAC_P128_OFFSET * (LO(p3) + HI(m2));
+ m0 += UMAC_P128_OFFSET * (HI(p2) + LO(m2));
+ p0 += UMAC_P128_OFFSET * (LO(p2) + HI(m1));
+
+ /* Left to add
+ +---+---+
+ | p1| p0|
+ +-+-+-+-+
+ m1| m0|
+ +-+---+
+ */
+ /* First add high parts, with no possibilities for carries */
+ p1 += m0 >> 32;
+
+ m0 <<= 32;
+ m1 <<= 32;
+
+ /* Remains:
+ +---+---+
+ | p1| p0|
+ +-+-+---+
+ +| m1| m0|
+ -+---+---+
+ */
+ p0 += m0;
+ p1 += (p0 < m0);
+ p1 += m1;
+ if (p1 < m1)
+ {
+ p0 += UMAC_P128_OFFSET;
+ p1 += (p0 < UMAC_P128_OFFSET);
+ }
+
+ y[0] = p1;
+ y[1] = p0;
+}
+
+void
+_umac_poly128 (const uint32_t *k, uint64_t *y, uint64_t mh, uint64_t ml)
+{
+ uint64_t yh, yl, cy;
+
+ if ( (mh >> 32) == 0xffffffff)
+ {
+ poly128_mul (k, y);
+ if (y[1] > 0)
+ y[1]--;
+ else if (y[0] > 0)
+ {
+ y[0]--;
+ y[1] = UMAC_P128_HI;
+ }
+ else
+ {
+ y[0] = UMAC_P128_HI;
+ y[1] = UMAC_P128_LO-1;
+ }
+
+ mh -= (ml < UMAC_P128_OFFSET);
+ ml -= UMAC_P128_OFFSET;
+ }
+ assert (mh < UMAC_P128_HI || ml < UMAC_P128_LO);
+
+ poly128_mul (k, y);
+ yl = y[1] + ml;
+ cy = (yl < ml);
+ yh = y[0] + cy;
+ cy = (yh < cy);
+ yh += mh;
+ cy += (yh < mh);
+ assert (cy <= 1);
+ if (cy)
+ {
+ yl += UMAC_P128_OFFSET;
+ yh += yl < UMAC_P128_OFFSET;
+ }
+
+ y[0] = yh;
+ y[1] = yl;
+}
--- /dev/null
+/* umac-poly64.c
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "umac.h"
+
+static uint64_t
+poly64_mul (uint32_t kh, uint32_t kl, uint64_t y)
+{
+ uint64_t yl, yh, pl, ph, ml, mh;
+ yl = y & 0xffffffff;
+ yh = y >> 32;
+ pl = yl * kl;
+ ph = yh * kh;
+ ml = yh * kl + yl * kh; /* No overflow, thanks to special form */
+ mh = ml >> 32;
+ ml <<= 32;
+ pl += ml;
+ ph += mh + (pl < ml);
+
+ /* Reduce, using 2^64 = UMAC_P64_OFFSET (mod p) */
+ assert (ph < ((uint64_t) 1 << 57));
+ ph *= UMAC_P64_OFFSET;
+ pl += ph;
+ if (pl < ph)
+ pl += UMAC_P64_OFFSET;
+
+ return pl;
+}
+
+uint64_t
+_umac_poly64 (uint32_t kh, uint32_t kl, uint64_t y, uint64_t m)
+{
+ if ( (m >> 32) == 0xffffffff)
+ {
+ y = poly64_mul (kh, kl, y);
+ if (y == 0)
+ y = UMAC_P64 - 1;
+ else
+ y--;
+ m -= UMAC_P64_OFFSET;
+ }
+ y = poly64_mul (kh, kl, y);
+ y += m;
+ if (y < m)
+ y += UMAC_P64_OFFSET;
+
+ return y;
+}
--- /dev/null
+/* umac-set-key.c
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <string.h>
+
+#include "umac.h"
+
+#include "macros.h"
+
+static void
+umac_kdf (struct aes_ctx *aes, unsigned index, unsigned length, uint8_t *dst)
+{
+ uint8_t block[AES_BLOCK_SIZE];
+ uint64_t count;
+ WRITE_UINT64 (block, (uint64_t) index);
+ for (count = 1; length >= AES_BLOCK_SIZE;
+ length -= AES_BLOCK_SIZE, dst += AES_BLOCK_SIZE, count++)
+ {
+ WRITE_UINT64 (block + 8, count);
+ aes_encrypt (aes, AES_BLOCK_SIZE, dst, block);
+ }
+ if (length > 0)
+ {
+ WRITE_UINT64 (block + 8, count);
+ aes_encrypt (aes, AES_BLOCK_SIZE, block, block);
+ memcpy (dst, block, length);
+ }
+}
+
+#if WORDS_BIGENDIAN
+#define BE_SWAP32(x) x
+#define BE_SWAP32_N(n, x)
+#else
+#define BE_SWAP32(x) \
+ ((ROTL32(8, x) & 0x00FF00FFUL) | \
+ (ROTL32(24, x) & 0xFF00FF00UL))
+#define BE_SWAP32_N(n, x) do { \
+ unsigned be_i; \
+ for (be_i = 0; be_i < n; be_i++) \
+ { \
+ uint32_t be_x = (x)[be_i]; \
+ (x)[be_i] = BE_SWAP32 (be_x); \
+ } \
+ } while (0)
+#endif
+
+void
+_umac_set_key (uint32_t *l1_key, uint32_t *l2_key,
+ uint64_t *l3_key1, uint32_t *l3_key2,
+ struct aes_ctx *aes, const uint8_t *key, unsigned n)
+{
+ unsigned size;
+ uint8_t buffer[UMAC_KEY_SIZE];
+
+ aes_set_encrypt_key (aes, UMAC_KEY_SIZE, key);
+
+ size = UMAC_DATA_SIZE / 4 + 4*(n-1);
+ umac_kdf (aes, 1, size * sizeof(uint32_t), (uint8_t *) l1_key);
+ BE_SWAP32_N (size, l1_key);
+
+ size = 6*n;
+ umac_kdf (aes, 2, size * sizeof(uint32_t), (uint8_t *) l2_key);
+ _umac_l2_init (size, l2_key);
+
+ size = 8*n;
+ umac_kdf (aes, 3, size * sizeof(uint64_t), (uint8_t *) l3_key1);
+ _umac_l3_init (size, l3_key1);
+
+ /* No need to byteswap these subkeys. */
+ umac_kdf (aes, 4, n * sizeof(uint32_t), (uint8_t *) l3_key2);
+
+ umac_kdf (aes, 0, UMAC_KEY_SIZE, buffer);
+ aes_set_encrypt_key (aes, UMAC_KEY_SIZE, buffer);
+}
--- /dev/null
+/* umac.h
+ *
+ * UMAC message authentication code (RFC-4418).
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#ifndef NETTLE_UMAC_H_INCLUDED
+#define NETTLE_UMAC_H_INCLUDED
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Namespace mangling */
+#define umac32_set_key nettle_umac32_set_key
+#define umac64_set_key nettle_umac64_set_key
+#define umac96_set_key nettle_umac96_set_key
+#define umac128_set_key nettle_umac128_set_key
+#define umac32_set_nonce nettle_umac32_set_nonce
+#define umac64_set_nonce nettle_umac64_set_nonce
+#define umac96_set_nonce nettle_umac96_set_nonce
+#define umac128_set_nonce nettle_umac128_set_nonce
+#define umac32_update nettle_umac32_update
+#define umac64_update nettle_umac64_update
+#define umac96_update nettle_umac96_update
+#define umac128_update nettle_umac128_update
+#define umac32_digest nettle_umac32_digest
+#define umac64_digest nettle_umac64_digest
+#define umac96_digest nettle_umac96_digest
+#define umac128_digest nettle_umac128_digest
+#define _umac_set_key _nettle_umac_set_key
+#define _umac_nh _nettle_umac_nh
+#define _umac_nh_n _nettle_umac_nh_n
+#define _umac_poly64 _nettle_umac_poly64
+#define _umac_poly128 _nettle_umac_poly128
+#define _umac_l2_init _nettle_umac_l2_init
+#define _umac_l2 _nettle_umac_l2
+#define _umac_l2_final _nettle_umac_l2_final
+#define _umac_l3_init _nettle_umac_l3_init
+#define _umac_l3 _nettle_umac_l3
+
+#include "nettle-types.h"
+#include "aes.h"
+
+#define UMAC_KEY_SIZE 16
+#define UMAC32_DIGEST_SIZE 4
+#define UMAC64_DIGEST_SIZE 8
+#define UMAC96_DIGEST_SIZE 12
+#define UMAC128_DIGEST_SIZE 16
+#define UMAC_DATA_SIZE 1024
+
+/* Subkeys and state for UMAC with tag size 32*n bits. */
+#define _UMAC_STATE(n) \
+ uint32_t l1_key[UMAC_DATA_SIZE/4 + 4*((n)-1)]; \
+ /* Keys in 32-bit pieces, high first */ \
+ uint32_t l2_key[6*(n)]; \
+ uint64_t l3_key1[8*(n)]; \
+ uint32_t l3_key2[(n)]; \
+ /* AES cipher for encrypting the nonce */ \
+ struct aes_ctx pdf_key; \
+ /* The l2_state consists of 2*n uint64_t, for poly64 \
+ and poly128 hashing, followed by n additional \
+ uint64_t used as an input buffer. */ \
+ uint64_t l2_state[3*(n)]; \
+ /* Input to the pdf_key, zero-padded and low bits \
+ cleared if appropriate. */ \
+ uint8_t nonce[AES_BLOCK_SIZE]; \
+ unsigned short nonce_length /* For incrementing */
+
+ /* Buffering */
+#define _UMAC_BUFFER \
+ unsigned index; \
+ /* Complete blocks processed */ \
+ uint64_t count; \
+ uint8_t block[UMAC_DATA_SIZE]
+
+#define _UMAC_NONCE_CACHED 0x80
+
+struct umac32_ctx
+{
+ _UMAC_STATE(1);
+ /* Low bits and cache flag. */
+ unsigned short nonce_low;
+ /* Previous padding block */
+ uint32_t pad_cache[AES_BLOCK_SIZE / 4];
+ _UMAC_BUFFER;
+};
+
+struct umac64_ctx
+{
+ _UMAC_STATE(2);
+ /* Low bit and cache flag. */
+ unsigned short nonce_low;
+ /* Previous padding block */
+ uint32_t pad_cache[AES_BLOCK_SIZE/4];
+ _UMAC_BUFFER;
+};
+
+struct umac96_ctx
+{
+ _UMAC_STATE(3);
+ _UMAC_BUFFER;
+};
+
+struct umac128_ctx
+{
+ _UMAC_STATE(4);
+ _UMAC_BUFFER;
+};
+
+/* The _set_key function initialize the nonce to zero. */
+void
+umac32_set_key (struct umac32_ctx *ctx, const uint8_t *key);
+void
+umac64_set_key (struct umac64_ctx *ctx, const uint8_t *key);
+void
+umac96_set_key (struct umac96_ctx *ctx, const uint8_t *key);
+void
+umac128_set_key (struct umac128_ctx *ctx, const uint8_t *key);
+
+/* Optional, if not used, messages get incrementing nonces starting from zero. */
+void
+umac32_set_nonce (struct umac32_ctx *ctx,
+ unsigned nonce_length, const uint8_t *nonce);
+void
+umac64_set_nonce (struct umac64_ctx *ctx,
+ unsigned nonce_length, const uint8_t *nonce);
+void
+umac96_set_nonce (struct umac96_ctx *ctx,
+ unsigned nonce_length, const uint8_t *nonce);
+void
+umac128_set_nonce (struct umac128_ctx *ctx,
+ unsigned nonce_length, const uint8_t *nonce);
+
+void
+umac32_update (struct umac32_ctx *ctx,
+ unsigned length, const uint8_t *data);
+void
+umac64_update (struct umac64_ctx *ctx,
+ unsigned length, const uint8_t *data);
+void
+umac96_update (struct umac96_ctx *ctx,
+ unsigned length, const uint8_t *data);
+void
+umac128_update (struct umac128_ctx *ctx,
+ unsigned length, const uint8_t *data);
+
+/* The _digest functions increment the nonce */
+void
+umac32_digest (struct umac32_ctx *ctx,
+ unsigned length, uint8_t *digest);
+void
+umac64_digest (struct umac64_ctx *ctx,
+ unsigned length, uint8_t *digest);
+void
+umac96_digest (struct umac96_ctx *ctx,
+ unsigned length, uint8_t *digest);
+void
+umac128_digest (struct umac128_ctx *ctx,
+ unsigned length, uint8_t *digest);
+
+
+/* Internal functions */
+#define UMAC_POLY64_BLOCKS 16384
+
+#define UMAC_P64_OFFSET 59
+#define UMAC_P64 (- (uint64_t) UMAC_P64_OFFSET)
+
+#define UMAC_P128_OFFSET 159
+#define UMAC_P128_HI (~(uint64_t) 0)
+#define UMAC_P128_LO (-(uint64_t) UMAC_P128_OFFSET)
+
+void
+_umac_set_key (uint32_t *l1_key, uint32_t *l2_key,
+ uint64_t *l3_key1, uint32_t *l3_key2,
+ struct aes_ctx *pad, const uint8_t *key, unsigned n);
+
+uint64_t
+_umac_nh (const uint32_t *key, unsigned length, const uint8_t *msg);
+
+/* Equivalent to
+
+ for (i = 0; i < n; i++)
+ out[i] = _umac_nh (key + 4*i, length, msg);
+
+ but processing input only once.
+*/
+void
+_umac_nh_n (uint64_t *out, unsigned n, const uint32_t *key,
+ unsigned length, const uint8_t *msg);
+
+/* Returns y*k + m (mod p), including "marker" processing. Return
+ value is *not* in canonical representation, and must be normalized
+ before the output is used. */
+uint64_t
+_umac_poly64 (uint32_t kh, uint32_t kl, uint64_t y, uint64_t m);
+
+void
+_umac_poly128 (const uint32_t *k, uint64_t *y, uint64_t mh, uint64_t ml);
+
+void
+_umac_l2_init (unsigned size, uint32_t *k);
+
+void
+_umac_l2(const uint32_t *key, uint64_t *state, unsigned n,
+ uint64_t count, const uint64_t *m);
+
+void
+_umac_l2_final(const uint32_t *key, uint64_t *state, unsigned n,
+ uint64_t count);
+
+void
+_umac_l3_init (unsigned size, uint64_t *k);
+
+uint32_t
+_umac_l3 (const uint64_t *key, const uint64_t *m);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* NETTLE_UMAC_H_INCLUDED */
--- /dev/null
+/* umac128.c
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+#include <string.h>
+
+#include "umac.h"
+
+#include "macros.h"
+
+void
+umac128_set_key (struct umac128_ctx *ctx, const uint8_t *key)
+{
+ _umac_set_key (ctx->l1_key, ctx->l2_key, ctx->l3_key1, ctx->l3_key2,
+ &ctx->pdf_key, key, 4);
+
+ /* Clear nonce */
+ memset (ctx->nonce, 0, sizeof(ctx->nonce));
+ ctx->nonce_length = sizeof(ctx->nonce);
+
+ /* Initialize buffer */
+ ctx->count = ctx->index = 0;
+}
+
+void
+umac128_set_nonce (struct umac128_ctx *ctx,
+ unsigned nonce_length, const uint8_t *nonce)
+{
+ assert (nonce_length > 0);
+ assert (nonce_length <= AES_BLOCK_SIZE);
+
+ memcpy (ctx->nonce, nonce, nonce_length);
+ memset (ctx->nonce + nonce_length, 0, AES_BLOCK_SIZE - nonce_length);
+
+ ctx->nonce_length = nonce_length;
+}
+
+#define UMAC128_BLOCK(ctx, block) do { \
+ uint64_t __umac128_y[4]; \
+ _umac_nh_n (__umac128_y, 4, ctx->l1_key, UMAC_DATA_SIZE, block); \
+ __umac128_y[0] += 8*UMAC_DATA_SIZE; \
+ __umac128_y[1] += 8*UMAC_DATA_SIZE; \
+ __umac128_y[2] += 8*UMAC_DATA_SIZE; \
+ __umac128_y[3] += 8*UMAC_DATA_SIZE; \
+ _umac_l2 (ctx->l2_key, ctx->l2_state, 4, ctx->count++, __umac128_y); \
+ } while (0)
+
+void
+umac128_update (struct umac128_ctx *ctx,
+ unsigned length, const uint8_t *data)
+{
+ MD_UPDATE (ctx, length, data, UMAC128_BLOCK, (void)0);
+}
+
+
+void
+umac128_digest (struct umac128_ctx *ctx,
+ unsigned length, uint8_t *digest)
+{
+ uint32_t tag[4];
+ unsigned i;
+
+ assert (length > 0);
+ assert (length <= 16);
+
+ if (ctx->index > 0 || ctx->count == 0)
+ {
+ /* Zero pad to multiple of 32 */
+ uint64_t y[4];
+ unsigned pad = (ctx->index > 0) ? 31 & - ctx->index : 32;
+ memset (ctx->block + ctx->index, 0, pad);
+
+ _umac_nh_n (y, 4, ctx->l1_key, ctx->index + pad, ctx->block);
+ y[0] += 8 * ctx->index;
+ y[1] += 8 * ctx->index;
+ y[2] += 8 * ctx->index;
+ y[3] += 8 * ctx->index;
+ _umac_l2 (ctx->l2_key, ctx->l2_state, 4, ctx->count++, y);
+ }
+ assert (ctx->count > 0);
+
+ aes_encrypt (&ctx->pdf_key, AES_BLOCK_SIZE,
+ (uint8_t *) tag, ctx->nonce);
+
+ INCREMENT (ctx->nonce_length, ctx->nonce);
+
+ _umac_l2_final (ctx->l2_key, ctx->l2_state, 4, ctx->count);
+ for (i = 0; i < 4; i++)
+ tag[i] ^= ctx->l3_key2[i] ^ _umac_l3 (ctx->l3_key1 + 8*i,
+ ctx->l2_state + 2*i);
+
+ memcpy (digest, tag, length);
+
+ /* Reinitialize */
+ ctx->count = ctx->index = 0;
+}
--- /dev/null
+/* umac32.c
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+#include <string.h>
+
+#include "umac.h"
+
+#include "macros.h"
+
+void
+umac32_set_key (struct umac32_ctx *ctx, const uint8_t *key)
+{
+ _umac_set_key (ctx->l1_key, ctx->l2_key, ctx->l3_key1, ctx->l3_key2,
+ &ctx->pdf_key, key, 1);
+
+ /* Clear nonce */
+ memset (ctx->nonce, 0, sizeof(ctx->nonce));
+ ctx->nonce_low = 0;
+ ctx->nonce_length = sizeof(ctx->nonce);
+
+ /* Initialize buffer */
+ ctx->count = ctx->index = 0;
+}
+
+void
+umac32_set_nonce (struct umac32_ctx *ctx,
+ unsigned nonce_length, const uint8_t *nonce)
+{
+ assert (nonce_length > 0);
+ assert (nonce_length <= AES_BLOCK_SIZE);
+
+ memcpy (ctx->nonce, nonce, nonce_length);
+ memset (ctx->nonce + nonce_length, 0, AES_BLOCK_SIZE - nonce_length);
+
+ ctx->nonce_low = ctx->nonce[nonce_length - 1] & 3;
+ ctx->nonce[nonce_length - 1] &= ~3;
+ ctx->nonce_length = nonce_length;
+}
+
+#define UMAC32_BLOCK(ctx, block) do { \
+ uint64_t __umac32_y \
+ = _umac_nh (ctx->l1_key, UMAC_DATA_SIZE, block) \
+ + 8*UMAC_DATA_SIZE ; \
+ _umac_l2 (ctx->l2_key, ctx->l2_state, 1, ctx->count++, &__umac32_y); \
+ } while (0)
+
+void
+umac32_update (struct umac32_ctx *ctx,
+ unsigned length, const uint8_t *data)
+{
+ MD_UPDATE (ctx, length, data, UMAC32_BLOCK, (void)0);
+}
+
+
+void
+umac32_digest (struct umac32_ctx *ctx,
+ unsigned length, uint8_t *digest)
+{
+ uint32_t pad;
+
+ assert (length > 0);
+ assert (length <= 4);
+
+ if (ctx->index > 0 || ctx->count == 0)
+ {
+ /* Zero pad to multiple of 32 */
+ uint64_t y;
+ unsigned pad = (ctx->index > 0) ? 31 & - ctx->index : 32;
+ memset (ctx->block + ctx->index, 0, pad);
+
+ y = _umac_nh (ctx->l1_key, ctx->index + pad, ctx->block)
+ + 8 * ctx->index;
+ _umac_l2 (ctx->l2_key, ctx->l2_state, 1, ctx->count++, &y);
+ }
+ assert (ctx->count > 0);
+ if ( !(ctx->nonce_low & _UMAC_NONCE_CACHED))
+ {
+ aes_encrypt (&ctx->pdf_key, AES_BLOCK_SIZE,
+ (uint8_t *) ctx->pad_cache, ctx->nonce);
+ ctx->nonce_low |= _UMAC_NONCE_CACHED;
+ }
+
+ pad = ctx->pad_cache[ctx->nonce_low & 3];
+
+ /* Increment nonce */
+ ctx->nonce_low++;
+ if ( !(ctx->nonce_low & 3))
+ {
+ unsigned i = ctx->nonce_length - 1;
+
+ ctx->nonce_low = 0;
+ ctx->nonce[i] += 4;
+
+ if (ctx->nonce[i] == 0 && i > 0)
+ INCREMENT (i, ctx->nonce);
+ }
+
+ _umac_l2_final (ctx->l2_key, ctx->l2_state, 1, ctx->count);
+ pad ^= ctx->l3_key2[0] ^ _umac_l3 (ctx->l3_key1, ctx->l2_state);
+ memcpy (digest, &pad, length);
+
+ /* Reinitialize */
+ ctx->count = ctx->index = 0;
+}
--- /dev/null
+/* umac64.c
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+#include <string.h>
+
+#include "umac.h"
+
+#include "macros.h"
+
+void
+umac64_set_key (struct umac64_ctx *ctx, const uint8_t *key)
+{
+ _umac_set_key (ctx->l1_key, ctx->l2_key, ctx->l3_key1, ctx->l3_key2,
+ &ctx->pdf_key, key, 2);
+
+ /* Clear nonce */
+ memset (ctx->nonce, 0, sizeof(ctx->nonce));
+ ctx->nonce_low = 0;
+ ctx->nonce_length = sizeof(ctx->nonce);
+
+ /* Initialize buffer */
+ ctx->count = ctx->index = 0;
+}
+
+void
+umac64_set_nonce (struct umac64_ctx *ctx,
+ unsigned nonce_length, const uint8_t *nonce)
+{
+ assert (nonce_length > 0);
+ assert (nonce_length <= AES_BLOCK_SIZE);
+
+ memcpy (ctx->nonce, nonce, nonce_length);
+ memset (ctx->nonce + nonce_length, 0, AES_BLOCK_SIZE - nonce_length);
+
+ ctx->nonce_low = ctx->nonce[nonce_length - 1] & 1;
+ ctx->nonce[nonce_length - 1] &= ~1;
+ ctx->nonce_length = nonce_length;
+}
+
+#define UMAC64_BLOCK(ctx, block) do { \
+ uint64_t __umac64_y[2]; \
+ _umac_nh_n (__umac64_y, 2, ctx->l1_key, UMAC_DATA_SIZE, block); \
+ __umac64_y[0] += 8*UMAC_DATA_SIZE; \
+ __umac64_y[1] += 8*UMAC_DATA_SIZE; \
+ _umac_l2 (ctx->l2_key, ctx->l2_state, 2, ctx->count++, __umac64_y); \
+ } while (0)
+
+void
+umac64_update (struct umac64_ctx *ctx,
+ unsigned length, const uint8_t *data)
+{
+ MD_UPDATE (ctx, length, data, UMAC64_BLOCK, (void)0);
+}
+
+
+void
+umac64_digest (struct umac64_ctx *ctx,
+ unsigned length, uint8_t *digest)
+{
+ uint32_t tag[2];
+ uint32_t *pad;
+
+ assert (length > 0);
+ assert (length <= 8);
+
+ if (ctx->index > 0 || ctx->count == 0)
+ {
+ /* Zero pad to multiple of 32 */
+ uint64_t y[2];
+ unsigned pad = (ctx->index > 0) ? 31 & - ctx->index : 32;
+ memset (ctx->block + ctx->index, 0, pad);
+
+ _umac_nh_n (y, 2, ctx->l1_key, ctx->index + pad, ctx->block);
+ y[0] += 8 * ctx->index;
+ y[1] += 8 * ctx->index;
+ _umac_l2 (ctx->l2_key, ctx->l2_state, 2, ctx->count++, y);
+ }
+ assert (ctx->count > 0);
+ if ( !(ctx->nonce_low & _UMAC_NONCE_CACHED))
+ {
+ aes_encrypt (&ctx->pdf_key, AES_BLOCK_SIZE,
+ (uint8_t *) ctx->pad_cache, ctx->nonce);
+ ctx->nonce_low |= _UMAC_NONCE_CACHED;
+ }
+ pad = ctx->pad_cache + 2*(ctx->nonce_low & 1);
+
+ /* Increment nonce */
+ ctx->nonce_low++;
+ if ( !(ctx->nonce_low & 1))
+ {
+ unsigned i = ctx->nonce_length - 1;
+
+ ctx->nonce_low = 0;
+ ctx->nonce[i] += 2;
+
+ if (ctx->nonce[i] == 0 && i > 0)
+ INCREMENT (i, ctx->nonce);
+ }
+
+ _umac_l2_final (ctx->l2_key, ctx->l2_state, 2, ctx->count);
+ tag[0] = pad[0] ^ ctx->l3_key2[0] ^ _umac_l3 (ctx->l3_key1,
+ ctx->l2_state);
+ tag[1] = pad[1] ^ ctx->l3_key2[1] ^ _umac_l3 (ctx->l3_key1 + 8,
+ ctx->l2_state + 2);
+ memcpy (digest, tag, length);
+
+ /* Reinitialize */
+ ctx->count = ctx->index = 0;
+}
--- /dev/null
+/* umac96.c
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2013 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+#include <string.h>
+
+#include "umac.h"
+
+#include "macros.h"
+
+void
+umac96_set_key (struct umac96_ctx *ctx, const uint8_t *key)
+{
+ _umac_set_key (ctx->l1_key, ctx->l2_key, ctx->l3_key1, ctx->l3_key2,
+ &ctx->pdf_key, key, 3);
+
+ /* Clear nonce */
+ memset (ctx->nonce, 0, sizeof(ctx->nonce));
+ ctx->nonce_length = sizeof(ctx->nonce);
+
+ /* Initialize buffer */
+ ctx->count = ctx->index = 0;
+}
+
+void
+umac96_set_nonce (struct umac96_ctx *ctx,
+ unsigned nonce_length, const uint8_t *nonce)
+{
+ assert (nonce_length > 0);
+ assert (nonce_length <= AES_BLOCK_SIZE);
+
+ memcpy (ctx->nonce, nonce, nonce_length);
+ memset (ctx->nonce + nonce_length, 0, AES_BLOCK_SIZE - nonce_length);
+
+ ctx->nonce_length = nonce_length;
+}
+
+#define UMAC96_BLOCK(ctx, block) do { \
+ uint64_t __umac96_y[3]; \
+ _umac_nh_n (__umac96_y, 3, ctx->l1_key, UMAC_DATA_SIZE, block); \
+ __umac96_y[0] += 8*UMAC_DATA_SIZE; \
+ __umac96_y[1] += 8*UMAC_DATA_SIZE; \
+ __umac96_y[2] += 8*UMAC_DATA_SIZE; \
+ _umac_l2 (ctx->l2_key, ctx->l2_state, 3, ctx->count++, __umac96_y); \
+ } while (0)
+
+void
+umac96_update (struct umac96_ctx *ctx,
+ unsigned length, const uint8_t *data)
+{
+ MD_UPDATE (ctx, length, data, UMAC96_BLOCK, (void)0);
+}
+
+
+void
+umac96_digest (struct umac96_ctx *ctx,
+ unsigned length, uint8_t *digest)
+{
+ uint32_t tag[4];
+ unsigned i;
+
+ assert (length > 0);
+ assert (length <= 12);
+
+ if (ctx->index > 0 || ctx->count == 0)
+ {
+ /* Zero pad to multiple of 32 */
+ uint64_t y[3];
+ unsigned pad = (ctx->index > 0) ? 31 & - ctx->index : 32;
+ memset (ctx->block + ctx->index, 0, pad);
+
+ _umac_nh_n (y, 3, ctx->l1_key, ctx->index + pad, ctx->block);
+ y[0] += 8 * ctx->index;
+ y[1] += 8 * ctx->index;
+ y[2] += 8 * ctx->index;
+ _umac_l2 (ctx->l2_key, ctx->l2_state, 3, ctx->count++, y);
+ }
+ assert (ctx->count > 0);
+
+ aes_encrypt (&ctx->pdf_key, AES_BLOCK_SIZE,
+ (uint8_t *) tag, ctx->nonce);
+
+ INCREMENT (ctx->nonce_length, ctx->nonce);
+
+ _umac_l2_final (ctx->l2_key, ctx->l2_state, 3, ctx->count);
+ for (i = 0; i < 3; i++)
+ tag[i] ^= ctx->l3_key2[i] ^ _umac_l3 (ctx->l3_key1 + 8*i,
+ ctx->l2_state + 2*i);
+
+ memcpy (digest, tag, length);
+
+ /* Reinitialize */
+ ctx->count = ctx->index = 0;
+}
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001 Niels Möller
+ * Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
--- /dev/null
+/* write-le32.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2001, 2011 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <stdlib.h>
+
+#include "nettle-write.h"
+
+#include "macros.h"
+
+void
+_nettle_write_le32(unsigned length, uint8_t *dst,
+ uint32_t *src)
+{
+ unsigned i;
+ unsigned words;
+ unsigned leftover;
+
+ words = length / 4;
+ leftover = length % 4;
+
+ for (i = 0; i < words; i++, dst += 4)
+ LE_WRITE_UINT32(dst, src[i]);
+
+ if (leftover)
+ {
+ uint32_t word;
+
+ word = src[i];
+
+ do
+ {
+ *dst++ = word & 0xff;
+ word >>= 8;
+ }
+ while (--leftover);
+ }
+}
--- /dev/null
+/* write-le64.c */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2001, 2011, 2012 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "nettle-write.h"
+
+#include "macros.h"
+
+void
+_nettle_write_le64(unsigned length, uint8_t *dst,
+ uint64_t *src)
+{
+ unsigned i;
+ unsigned words;
+ unsigned leftover;
+
+ words = length / 8;
+ leftover = length % 8;
+
+ for (i = 0; i < words; i++, dst += 8)
+ LE_WRITE_UINT64(dst, src[i]);
+
+ if (leftover)
+ {
+ uint64_t word;
+
+ word = src[i];
+
+ do
+ {
+ *dst++ = word & 0xff;
+ word >>= 8;
+ }
+ while (--leftover);
+ }
+}
-C -*- mode: asm; asm-comment-char: ?C; -*-
C nettle, low-level cryptographics library
C
-C Copyright (C) 2001, 2002, 2005 Rafael R. Sevilla, Niels Möller
+C Copyright (C) 2001, 2002, 2005 Rafael R. Sevilla, Niels Möller
C
C The nettle library is free software; you can redistribute it and/or modify
C it under the terms of the GNU Lesser General Public License as published by
C
C You should have received a copy of the GNU Lesser General Public License
C along with the nettle library; see the file COPYING.LIB. If not, write to
-C the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
-C MA 02111-1307, USA.
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
include_src(<x86/aes.m4>)
C unsigned length, uint8_t *dst,
C uint8_t *src)
.text
- ALIGN(4)
+ ALIGN(16)
PROLOGUE(_nettle_aes_decrypt)
C save all registers that need to be saved
pushl %ebx C 20(%esp)
addl $16,KEY C point to next key
movl KEY,FRAME_KEY
- ALIGN(4)
+ ALIGN(16)
.Lround_loop:
AES_ROUND(T, SA,SD,SC,SB, TMP, KEY)
movl TMP, TA
-C -*- mode: asm; asm-comment-char: ?C; -*-
C nettle, low-level cryptographics library
C
-C Copyright (C) 2001, 2002, 2005 Rafael R. Sevilla, Niels Möller
+C Copyright (C) 2001, 2002, 2005 Rafael R. Sevilla, Niels Möller
C
C The nettle library is free software; you can redistribute it and/or modify
C it under the terms of the GNU Lesser General Public License as published by
C
C You should have received a copy of the GNU Lesser General Public License
C along with the nettle library; see the file COPYING.LIB. If not, write to
-C the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
-C MA 02111-1307, USA.
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
include_src(<x86/aes.m4>)
C unsigned length, uint8_t *dst,
C uint8_t *src)
.text
- ALIGN(4)
+ ALIGN(16)
PROLOGUE(_nettle_aes_encrypt)
C save all registers that need to be saved
pushl %ebx C 20(%esp)
addl $16,KEY C point to next key
movl KEY,FRAME_KEY
- ALIGN(4)
+ ALIGN(16)
.Lround_loop:
AES_ROUND(T, SA,SB,SC,SD, TMP, KEY)
movl TMP, TA
C nettle, low-level cryptographics library
C
-C Copyright (C) 2004, Niels Möller
+C Copyright (C) 2004, Niels Möller
C
C The nettle library is free software; you can redistribute it and/or modify
C it under the terms of the GNU Lesser General Public License as published by
C
C You should have received a copy of the GNU Lesser General Public License
C along with the nettle library; see the file COPYING.LIB. If not, write to
-C the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
-C MA 02111-1307, USA.
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
.file "arcfour-crypt.asm"
C unsigned length, uint8_t *dst,
C const uint8_t *src)
.text
- ALIGN(4)
+ ALIGN(16)
PROLOGUE(nettle_arcfour_crypt)
C save all registers that need to be saved
pushl %ebx C 12(%esp)
sarl $1, %edx
jc .Lloop_odd
- ALIGN(4)
+ ALIGN(16)
.Lloop:
movb (%ebp, %eax), %cl C si.
addb %cl, %bl
-C -*- mode: asm; asm-comment-char: ?C; -*-
C nettle, low-level cryptographics library
C
-C Copyright (C) 2010, Niels Möller
+C Copyright (C) 2010, Niels Möller
C
C The nettle library is free software; you can redistribute it and/or modify
C it under the terms of the GNU Lesser General Public License as published by
C
C You should have received a copy of the GNU Lesser General Public License
C along with the nettle library; see the file COPYING.LIB. If not, write to
-C the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
-C MA 02111-1307, USA.
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
C Register usage:
C unsigned length, uint8_t *dst,
C uint8_t *src)
.text
- ALIGN(4)
+ ALIGN(16)
PROLOGUE(_nettle_camellia_crypt)
C save all registers that need to be saved
pushl %ebx C 32(%esp)
movl FRAME_CTX, KEY
movl (KEY), TMP
subl $8, TMP
- mov TMP, FRAME_CNT
+ movl TMP, FRAME_CNT
C Whitening using first subkey
- xor 4(KEY), L0
- xor 8(KEY), H0
- add $12, KEY
+ addl $ALIGNOF_UINT64_T + 8, KEY
+ xorl -8(KEY), L0
+ xorl -4(KEY), H0
movl FRAME_TABLE, T
ROUND6
.Lround_loop:
- add $64, KEY
+ addl $64, KEY
FL(L0, H0, -16)
FLINV(L1, H1, -8)
ROUND6
- sub $8, FRAME_CNT
+ subl $8, FRAME_CNT
ja .Lround_loop
movl FRAME_DST, TMP
C nettle, low-level cryptographics library
C
-C Copyright (C) 2005, Niels Möller
+C Copyright (C) 2005, Niels Möller
C
C The nettle library is free software; you can redistribute it and/or modify
C it under the terms of the GNU Lesser General Public License as published by
C
C You should have received a copy of the GNU Lesser General Public License
C along with the nettle library; see the file COPYING.LIB. If not, write to
-C the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
-C MA 02111-1307, USA.
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
C Register usage
define(<SA>,<%eax>)
C _nettle_md5_compress(uint32_t *state, uint8_t *data)
.text
- ALIGN(4)
+ ALIGN(16)
PROLOGUE(_nettle_md5_compress)
C save all registers that need to be saved
C nettle, low-level cryptographics library
C
-C Copyright (C) 2004, Niels Möller
+C Copyright (C) 2004, Niels Möller
C
C The nettle library is free software; you can redistribute it and/or modify
C it under the terms of the GNU Lesser General Public License as published by
C
C You should have received a copy of the GNU Lesser General Public License
C along with the nettle library; see the file COPYING.LIB. If not, write to
-C the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
-C MA 02111-1307, USA.
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
C Register usage
define(<SA>,<%eax>)
C Loop-mixed to 520 cycles (for the complete function call) on
C AMD K7.
-ALIGN(5)
+ALIGN(32)
mov 88(%esp), T2
mov OFFSET(2)(T2), %ecx
mov OFFSET(0)(T2), %eax
C nettle, low-level cryptographics library
C
-C Copyright (C) 2001, 2002, 2005, 2008 Rafael R. Sevilla, Niels Möller
+C Copyright (C) 2001, 2002, 2005, 2008 Rafael R. Sevilla, Niels Möller
C
C The nettle library is free software; you can redistribute it and/or modify
C it under the terms of the GNU Lesser General Public License as published by
C
C You should have received a copy of the GNU Lesser General Public License
C along with the nettle library; see the file COPYING.LIB. If not, write to
-C the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
-C MA 02111-1307, USA.
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
include_src(<x86_64/aes.m4>)
C unsigned length, uint8_t *dst,
C uint8_t *src)
.text
- ALIGN(4)
+ ALIGN(16)
PROLOGUE(_nettle_aes_decrypt)
+ W64_ENTRY(5, 0)
test PARAM_LENGTH, PARAM_LENGTH
jz .Lend
subl $1, COUNT
add $16,KEY C point to next key
- ALIGN(4)
+ ALIGN(16)
.Lround_loop:
AES_ROUND(TABLE, SA,SD,SC,SB, TA, TMP)
AES_ROUND(TABLE, SB,SA,SD,SC, TB, TMP)
pop %rbp
pop %rbx
.Lend:
+ W64_EXIT(5, 0)
ret
EPILOGUE(_nettle_aes_decrypt)
C nettle, low-level cryptographics library
C
-C Copyright (C) 2001, 2002, 2005, 2008 Rafael R. Sevilla, Niels Möller
+C Copyright (C) 2001, 2002, 2005, 2008 Rafael R. Sevilla, Niels Möller
C
C The nettle library is free software; you can redistribute it and/or modify
C it under the terms of the GNU Lesser General Public License as published by
C
C You should have received a copy of the GNU Lesser General Public License
C along with the nettle library; see the file COPYING.LIB. If not, write to
-C the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
-C MA 02111-1307, USA.
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
include_src(<x86_64/aes.m4>)
C unsigned length, uint8_t *dst,
C uint8_t *src)
.text
- ALIGN(4)
+ ALIGN(16)
PROLOGUE(_nettle_aes_encrypt)
+ W64_ENTRY(5, 0)
test PARAM_LENGTH, PARAM_LENGTH
jz .Lend
subl $1, COUNT
add $16,KEY C point to next key
- ALIGN(4)
+ ALIGN(16)
.Lround_loop:
AES_ROUND(TABLE, SA,SB,SC,SD, TA, TMP)
AES_ROUND(TABLE, SB,SC,SD,SA, TB, TMP)
pop %rbp
pop %rbx
.Lend:
+ W64_EXIT(5, 0)
ret
EPILOGUE(_nettle_aes_encrypt)
--- /dev/null
+C nettle, low-level cryptographics library
+C
+C Copyright (C) 2010, Niels Möller
+C
+C The nettle library is free software; you can redistribute it and/or modify
+C it under the terms of the GNU Lesser General Public License as published by
+C the Free Software Foundation; either version 2.1 of the License, or (at your
+C option) any later version.
+C
+C The nettle library is distributed in the hope that it will be useful, but
+C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+C License for more details.
+C
+C You should have received a copy of the GNU Lesser General Public License
+C along with the nettle library; see the file COPYING.LIB. If not, write to
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
+
+C Performance, cycles per block
+C
+C Intel SU4100
+C C asm
+C Camellia-128 415 347
+C Camellia-256 543 461
+
+C Register usage:
+
+define(<CTX>, <%rdi>)
+define(<TABLE>, <%rsi>)
+define(<LENGTH>, <%rdx>)
+define(<DST>, <%rcx>)
+define(<SRC>, <%r8>)
+
+C Camellia state
+define(<I0>, <%rax>)
+define(<I1>, <%rbx>) C callee-save
+define(<KEY>, <%r9>)
+define(<TMP>, <%rbp>) C callee-save
+define(<CNT>, <%r10>)
+define(<IL>, <%r11>)
+define(<IR>, <%r12>) C callee-save
+
+define(<SP1110>, <(TABLE,$1,4)>)
+define(<SP0222>, <1024(TABLE,$1,4)>)
+define(<SP3033>, <2048(TABLE,$1,4)>)
+define(<SP4404>, <3072(TABLE,$1,4)>)
+
+C ROUND(x, y, key-offset)
+define(<ROUND>, <
+ C Byte 0,1
+ movzbl LREG($1), XREG(TMP)
+ movl SP1110(TMP), XREG(IR)
+ movzbl HREG($1), XREG(TMP)
+ xorl SP4404(TMP), XREG(IR)
+ ror <$>32, $1
+
+ C Byte 4,5
+ movzbl LREG($1), XREG(TMP)
+ movl SP4404(TMP), XREG(IL)
+ movzbl HREG($1), XREG(TMP)
+ xorl SP3033(TMP), XREG(IL)
+ rol <$>16, $1
+
+ C Byte 2,3
+ movzbl LREG($1), XREG(TMP)
+ xorl SP3033(TMP), XREG(IR)
+ movzbl HREG($1), XREG(TMP)
+ xorl SP0222(TMP), XREG(IR)
+ ror <$>32, $1
+
+ C Byte 6,7
+ movzbl LREG($1), XREG(TMP)
+ xorl SP0222(TMP), XREG(IL)
+ movzbl HREG($1), XREG(TMP)
+ xorl SP1110(TMP), XREG(IL)
+ ror <$>16, $1
+
+ C 76543210
+
+ xorl XREG(IL), XREG(IR)
+ rorl <$>8, XREG(IL)
+ xorl XREG(IR), XREG(IL)
+ shl <$>32, IR
+ or IL, IR
+ xor $3(KEY), $2
+ xor IR, $2
+>)
+
+C FL(x, key-offset)
+define(<FL>, <
+ mov $1, TMP
+ shr <$>32, TMP
+ andl $2 + 4(KEY), XREG(TMP)
+ roll <$>1, XREG(TMP)
+C xorl XREG(TMP), XREG($1)
+ xor TMP, $1
+ movl $2(KEY), XREG(TMP)
+ orl XREG($1), XREG(TMP)
+ shl <$>32, TMP
+ xor TMP, $1
+>)
+C FLINV(x0, key-offset)
+define(<FLINV>, <
+ movl $2(KEY), XREG(TMP)
+ orl XREG($1), XREG(TMP)
+ shl <$>32, TMP
+ xor TMP, $1
+ mov $1, TMP
+ shr <$>32, TMP
+ andl $2 + 4(KEY), XREG(TMP)
+ roll <$>1, XREG(TMP)
+C xorl XREG(TMP), XREG($1)
+ xor TMP, $1
+>)
+
+ .file "camellia-encrypt-internal.asm"
+
+ C _camellia_crypt(struct camellia_context *ctx,
+ C const struct camellia_table *T,
+ C unsigned length, uint8_t *dst,
+ C uint8_t *src)
+ .text
+ ALIGN(16)
+PROLOGUE(_nettle_camellia_crypt)
+
+ W64_ENTRY(5, 0)
+ test LENGTH, LENGTH
+ jz .Lend
+
+ push %rbx
+ push %rbp
+ push %r12
+
+.Lblock_loop:
+ C Load data, note that we'll happily do unaligned loads
+ mov (SRC), I0
+ bswap I0
+ mov 8(SRC), I1
+ bswap I1
+ add $16, SRC
+ mov CTX, KEY
+ movl (KEY), XREG(CNT)
+ sub $8, CNT
+
+ C Whitening using first subkey
+ xor 8(KEY), I0
+ add $16, KEY
+
+ ROUND(I0, I1, 0)
+ ROUND(I1, I0, 8)
+ ROUND(I0, I1, 16)
+ ROUND(I1, I0, 24)
+ ROUND(I0, I1, 32)
+ ROUND(I1, I0, 40)
+
+.Lround_loop:
+ add $64, KEY
+ FL(I0, -16)
+ FLINV(I1, -8)
+ ROUND(I0, I1, 0)
+ ROUND(I1, I0, 8)
+ ROUND(I0, I1, 16)
+ ROUND(I1, I0, 24)
+ ROUND(I0, I1, 32)
+ ROUND(I1, I0, 40)
+
+ sub $8, CNT
+ ja .Lround_loop
+
+ bswap I0
+ mov I0, 8(DST)
+ xor 48(KEY), I1
+ bswap I1
+ mov I1, (DST)
+ add $16, DST
+ sub $16, LENGTH
+
+ ja .Lblock_loop
+
+ pop %r12
+ pop %rbp
+ pop %rbx
+.Lend:
+ W64_EXIT(5, 0)
+ ret
+EPILOGUE(_nettle_camellia_crypt)
--- /dev/null
+C nettle, low-level cryptographics library
+C
+C Copyright (C) 2013 Niels Möller
+C
+C The nettle library is free software; you can redistribute it and/or modify
+C it under the terms of the GNU Lesser General Public License as published by
+C the Free Software Foundation; either version 2.1 of the License, or (at your
+C option) any later version.
+C
+C The nettle library is distributed in the hope that it will be useful, but
+C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+C License for more details.
+C
+C You should have received a copy of the GNU Lesser General Public License
+C along with the nettle library; see the file COPYING.LIB. If not, write to
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
+
+ .file "ecc-192-modp.asm"
+
+define(<RP>, <%rsi>)
+define(<T0>, <%rdi>) C Overlaps unused ecc input
+define(<T1>, <%rcx>)
+define(<T2>, <%rdx>)
+define(<T3>, <%r8>)
+define(<H>, <%r9>)
+define(<C1>, <%r10>)
+define(<C2>, <%r11>)
+
+ C ecc_192_modp (const struct ecc_curve *ecc, mp_limb_t *rp)
+ .text
+ ALIGN(16)
+PROLOGUE(nettle_ecc_192_modp)
+ W64_ENTRY(2, 0)
+ mov 16(RP), T2
+ mov 24(RP), T3
+ mov 40(RP), H
+ xor C1, C1
+ xor C2, C2
+
+ add H, T2
+ adc H, T3
+ C Carry to be added in at T1 and T2
+ setc LREG(C2)
+
+ mov 8(RP), T1
+ mov 32(RP), H
+ adc H, T1
+ adc H, T2
+ C Carry to be added in at T0 and T1
+ setc LREG(C1)
+
+ mov (RP), T0
+ adc T3, T0
+ adc T3, T1
+ adc $0, C2
+
+ C Add in C1 and C2
+ add C1, T1
+ adc C2, T2
+ setc LREG(C1)
+
+ C Fold final carry.
+ adc $0, T0
+ adc C1, T1
+ adc $0, T2
+
+ mov T0, (RP)
+ mov T1, 8(RP)
+ mov T2, 16(RP)
+
+ W64_EXIT(2, 0)
+ ret
+EPILOGUE(nettle_ecc_192_modp)
--- /dev/null
+C nettle, low-level cryptographics library
+C
+C Copyright (C) 2013 Niels Möller
+C
+C The nettle library is free software; you can redistribute it and/or modify
+C it under the terms of the GNU Lesser General Public License as published by
+C the Free Software Foundation; either version 2.1 of the License, or (at your
+C option) any later version.
+C
+C The nettle library is distributed in the hope that it will be useful, but
+C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+C License for more details.
+C
+C You should have received a copy of the GNU Lesser General Public License
+C along with the nettle library; see the file COPYING.LIB. If not, write to
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
+
+ .file "ecc-224-modp.asm"
+
+define(<RP>, <%rsi>)
+define(<T0>, <%rdi>) C Overlaps unused ecc input
+define(<T1>, <%rcx>)
+define(<H0>, <%rax>)
+define(<H1>, <%rdx>)
+define(<H2>, <%r8>)
+define(<F0>, <%r9>)
+define(<F1>, <%r10>)
+define(<F2>, <%r11>)
+
+PROLOGUE(nettle_ecc_224_modp)
+ W64_ENTRY(2, 0)
+ mov 48(RP), H0
+ mov 56(RP), H1
+ C Set (F2,F1,F0) <-- (H1,H0) << 32
+ mov H0, F0
+ mov H0, F1
+ shl $32, F0
+ shr $32, F1
+ mov H1, F2
+ mov H1, T0
+ shl $32, T0
+ shr $32, F2
+ or T0, F1
+
+ xor H2, H2
+ mov 16(RP), T0
+ mov 24(RP), T1
+ sub F0, T0
+ sbb F1, T1
+ sbb F2, H0
+ sbb $0, H1 C No further borrow
+
+ adc 32(RP), H0
+ adc 40(RP), H1
+ adc $0, H2
+
+ C Set (F2,F1,F0) <-- (H2,H1,H0) << 32
+ C To free registers, add in T1, T0 as soon as H0, H1 have been copied
+ mov H0, F0
+ mov H0, F1
+ add T0, H0
+ mov H1, F2
+ mov H1, T0
+ adc T1, H1
+ mov H2, T1
+ adc $0, H2
+
+ C Shift 32 bits
+ shl $32, F0
+ shr $32, F1
+ shl $32, T0
+ shr $32, F2
+ shl $32, T1
+ or T0, F1
+ or T1, F2
+
+ mov (RP), T0
+ mov 8(RP), T1
+ sub F0, T0
+ sbb F1, T1
+ sbb F2, H0
+ sbb $0, H1
+ sbb $0, H2
+
+ C We now have H2, H1, H0, T1, T0, with 33 bits left to reduce
+ C Set F0 <-- (H2, H1) >> 32
+ C Set (F2,F1) <-- (H2, H1 & 0xffffffff00000000)
+ C H1 <-- H1 & 0xffffffff
+
+ mov H1, F0
+ mov H1, F1
+ mov H2, F2
+ movl XREG(H1), XREG(H1) C Clears high 32 bits
+ sub H1, F1 C Clears low 32 bits
+ shr $32, F0
+ shl $32, H2
+ or H2, F0
+
+ sub F0, T0
+ sbb $0, F1
+ sbb $0, F2
+ add F1, T1
+ adc F2, H0
+ adc $0, H1
+
+ mov T0, (RP)
+ mov T1, 8(RP)
+ mov H0, 16(RP)
+ mov H1, 24(RP)
+
+ W64_EXIT(2, 0)
+ ret
+EPILOGUE(nettle_ecc_224_modp)
--- /dev/null
+C nettle, low-level cryptographics library
+C
+C Copyright (C) 2013 Niels Möller
+C
+C The nettle library is free software; you can redistribute it and/or modify
+C it under the terms of the GNU Lesser General Public License as published by
+C the Free Software Foundation; either version 2.1 of the License, or (at your
+C option) any later version.
+C
+C The nettle library is distributed in the hope that it will be useful, but
+C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+C License for more details.
+C
+C You should have received a copy of the GNU Lesser General Public License
+C along with the nettle library; see the file COPYING.LIB. If not, write to
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
+
+ .file "ecc-256-redc.asm"
+
+define(<RP>, <%rsi>)
+define(<U0>, <%rdi>) C Overlaps unused ecc input
+define(<U1>, <%rcx>)
+define(<U2>, <%rax>)
+define(<U3>, <%rdx>)
+define(<U4>, <%r8>)
+define(<U5>, <%r9>)
+define(<U6>, <%r10>)
+define(<F0>, <%r11>)
+define(<F1>, <%r12>)
+define(<F2>, <%rbx>)
+define(<F3>, <%rbp>)
+
+C FOLD(x), sets (F3,F2,F1,F0) <-- (x << 224) - (x << 128) - (x<<32)
+define(<FOLD>, <
+ mov $1, F2
+ mov $1, F3
+ shl <$>32, F2
+ shr <$>32, F3
+ xor F0,F0
+ xor F1,F1
+ sub F2, F0
+ sbb F3, F1
+ sbb $1, F2
+ sbb <$>0, F3
+>)
+PROLOGUE(nettle_ecc_256_redc)
+ W64_ENTRY(2, 0)
+ C save all registers that need to be saved
+ push %rbx
+ push %rbp
+ push %r12
+
+ mov (RP), U0
+ FOLD(U0)
+ mov 8(RP), U1
+ mov 16(RP), U2
+ mov 24(RP), U3
+ sub F0, U1
+ sbb F1, U2
+ sbb F2, U3
+ sbb F3, U0 C Add in later
+
+ FOLD(U1)
+ mov 32(RP), U4
+ sub F0, U2
+ sbb F1, U3
+ sbb F2, U4
+ sbb F3, U1
+
+ FOLD(U2)
+ mov 40(RP), U5
+ sub F0, U3
+ sbb F1, U4
+ sbb F2, U5
+ sbb F3, U2
+
+ FOLD(U3)
+ mov 48(RP), U6
+ sub F0, U4
+ sbb F1, U5
+ sbb F2, U6
+ sbb F3, U3
+
+ add U4, U0
+ adc U5, U1
+ adc U6, U2
+ adc 56(RP), U3
+
+ C If carry, we need to add in
+ C 2^256 - p = <0xfffffffe, 0xff..ff, 0xffffffff00000000, 1>
+ sbb F2, F2
+ mov F2, F0
+ mov F2, F1
+ mov XREG(F2), XREG(F3)
+ neg F0
+ shl $32, F1
+ and $-2, XREG(F3)
+
+ add F0, U0
+ mov U0, (RP)
+ adc F1, U1
+ mov U1, 8(RP)
+ adc F2, U2
+ mov U2, 16(RP)
+ adc F3, U3
+
+ mov U3, 24(RP)
+
+ pop %r12
+ pop %rbp
+ pop %rbx
+ W64_EXIT(2, 0)
+ ret
+EPILOGUE(nettle_ecc_256_redc)
--- /dev/null
+C nettle, low-level cryptographics library
+C
+C Copyright (C) 2013 Niels Möller
+C
+C The nettle library is free software; you can redistribute it and/or modify
+C it under the terms of the GNU Lesser General Public License as published by
+C the Free Software Foundation; either version 2.1 of the License, or (at your
+C option) any later version.
+C
+C The nettle library is distributed in the hope that it will be useful, but
+C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+C License for more details.
+C
+C You should have received a copy of the GNU Lesser General Public License
+C along with the nettle library; see the file COPYING.LIB. If not, write to
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
+
+ .file "ecc-384-modp.asm"
+
+define(<RP>, <%rsi>)
+define(<D4>, <%rax>)
+define(<T0>, <%rbx>)
+define(<T1>, <%rcx>)
+define(<T2>, <%rdx>)
+define(<T3>, <%rbp>)
+define(<T4>, <%rdi>)
+define(<T5>, <%r8>)
+define(<H0>, <%r9>)
+define(<H1>, <%r10>)
+define(<H2>, <%r11>)
+define(<H3>, <%r12>)
+define(<H4>, <%r13>)
+define(<H5>, <%r14>)
+define(<C2>, <%r15>)
+define(<C0>, H5) C Overlap
+define(<D0>, RP) C Overlap
+define(<TMP>, H4) C Overlap
+
+PROLOGUE(nettle_ecc_384_modp)
+ W64_ENTRY(2, 0)
+
+ push %rbx
+ push %rbp
+ push %r12
+ push %r13
+ push %r14
+ push %r15
+
+ C First get top 2 limbs, which need folding twice
+ C
+ C H5 H4
+ C -H5
+ C ------
+ C H0 D4
+ C
+ C Then shift right, (H1,H0,D4) <-- (H0,D4) << 32
+ C and add
+ C
+ C H5 H4
+ C H1 H0
+ C ----------
+ C C2 H1 H0
+
+ mov 80(RP), D4
+ mov 88(RP), H0
+ mov D4, H4
+ mov H0, H5
+ sub H0, D4
+ sbb $0, H0
+
+ mov D4, T2
+ mov H0, H1
+ shl $32, H0
+ shr $32, T2
+ shr $32, H1
+ or T2, H0
+
+ xor C2, C2
+ add H4, H0
+ adc H5, H1
+ adc $0, C2
+
+ C Add in to high part
+ add 48(RP), H0
+ adc 56(RP), H1
+ adc $0, C2 C Do C2 later
+
+ C +1 term
+ mov (RP), T0
+ add H0, T0
+ mov 8(RP), T1
+ adc H1, T1
+ mov 16(RP), T2
+ mov 64(RP), H2
+ adc H2, T2
+ mov 24(RP), T3
+ mov 72(RP), H3
+ adc H3, T3
+ mov 32(RP), T4
+ adc H4, T4
+ mov 40(RP), T5
+ adc H5, T5
+ sbb C0, C0
+ neg C0 C FIXME: Switch sign of C0?
+
+ push RP
+
+ C +B^2 term
+ add H0, T2
+ adc H1, T3
+ adc H2, T4
+ adc H3, T5
+ adc $0, C0
+
+ C H3 H2 H1 H0 0
+ C - H4 H3 H2 H1 H0
+ C ---------------
+ C H3 H2 H1 H0 D0
+
+ mov XREG(D4), XREG(D4)
+ mov H0, D0
+ neg D0
+ sbb H1, H0
+ sbb H2, H1
+ sbb H3, H2
+ sbb H4, H3
+ sbb $0, D4
+
+ C Shift right. High bits are sign, to be added to C0.
+ mov D4, TMP
+ sar $32, TMP
+ shl $32, D4
+ add TMP, C0
+
+ mov H3, TMP
+ shr $32, TMP
+ shl $32, H3
+ or TMP, D4
+
+ mov H2, TMP
+ shr $32, TMP
+ shl $32, H2
+ or TMP, H3
+
+ mov H1, TMP
+ shr $32, TMP
+ shl $32, H1
+ or TMP, H2
+
+ mov H0, TMP
+ shr $32, TMP
+ shl $32, H0
+ or TMP, H1
+
+ mov D0, TMP
+ shr $32, TMP
+ shl $32, D0
+ or TMP, H0
+
+ add D0, T0
+ adc H0, T1
+ adc H1, T2
+ adc H2, T3
+ adc H3, T4
+ adc D4, T5
+ adc $0, C0
+
+ C Remains to add in C2 and C0
+ C C0 C0<<32 (-2^32+1)C0
+ C C2 C2<<32 (-2^32+1)C2
+ C where C2 is always positive, while C0 may be -1.
+ mov C0, H0
+ mov C0, H1
+ mov C0, H2
+ sar $63, C0 C Get sign
+ shl $32, H1
+ sub H1, H0 C Gives borrow iff C0 > 0
+ sbb $0, H1
+ add C0, H2
+
+ add H0, T0
+ adc H1, T1
+ adc $0, H2
+ adc $0, C0
+
+ C Set (H1 H0) <-- C2 << 96 - C2 << 32 + 1
+ mov C2, H0
+ mov C2, H1
+ shl $32, H1
+ sub H1, H0
+ sbb $0, H1
+
+ add H2, H0
+ adc C0, H1
+ adc C2, C0
+ mov C0, H2
+ sar $63, C0
+ add H0, T2
+ adc H1, T3
+ adc H2, T4
+ adc C0, T5
+ sbb C0, C0
+
+ C Final unlikely carry
+ mov C0, H0
+ mov C0, H1
+ mov C0, H2
+ sar $63, C0
+ shl $32, H1
+ sub H1, H0
+ sbb $0, H1
+ add C0, H2
+
+ pop RP
+
+ sub H0, T0
+ mov T0, (RP)
+ sbb H1, T1
+ mov T1, 8(RP)
+ sbb H2, T2
+ mov T2, 16(RP)
+ sbb C0, T3
+ mov T3, 24(RP)
+ sbb C0, T4
+ mov T4, 32(RP)
+ sbb C0, T5
+ mov T5, 40(RP)
+
+ pop %r15
+ pop %r14
+ pop %r13
+ pop %r12
+ pop %rbp
+ pop %rbx
+
+ W64_EXIT(2, 0)
+ ret
+EPILOGUE(nettle_ecc_384_modp)
--- /dev/null
+C nettle, low-level cryptographics library
+C
+C Copyright (C) 2013 Niels Möller
+C
+C The nettle library is free software; you can redistribute it and/or modify
+C it under the terms of the GNU Lesser General Public License as published by
+C the Free Software Foundation; either version 2.1 of the License, or (at your
+C option) any later version.
+C
+C The nettle library is distributed in the hope that it will be useful, but
+C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+C License for more details.
+C
+C You should have received a copy of the GNU Lesser General Public License
+C along with the nettle library; see the file COPYING.LIB. If not, write to
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
+
+ .file "ecc-521-modp.asm"
+
+define(<RP>, <%rsi>)
+define(<U0>, <%rax>)
+define(<U1>, <%rbx>)
+define(<U2>, <%rcx>)
+define(<U3>, <%rdx>)
+define(<U4>, <%rbp>)
+define(<U5>, <%rdi>)
+define(<U6>, <%r8>)
+define(<U7>, <%r9>)
+define(<U8>, <%r10>)
+define(<U9>, <%r11>)
+define(<T0>, <%r12>)
+define(<T1>, <%r13>)
+
+PROLOGUE(nettle_ecc_521_modp)
+ W64_ENTRY(2, 0)
+ push %rbx
+ push %rbp
+ push %r12
+ push %r13
+
+ C Read top 17 limbs, shift left 55 bits
+ mov 72(RP), U1
+ mov U1, U0
+ shl $55, U0
+ shr $9, U1
+
+ mov 80(RP), U2
+ mov U2, T0
+ shr $9, U2
+ shl $55, T0
+ or T0, U1
+
+ mov 88(RP), U3
+ mov U3, T0
+ shr $9, U3
+ shl $55, T0
+ or T0, U2
+
+ mov 96(RP), U4
+ mov U4, T0
+ shr $9, U4
+ shl $55, T0
+ or T0, U3
+
+ mov 104(RP), U5
+ mov U5, T0
+ shr $9, U5
+ shl $55, T0
+ or T0, U4
+
+ mov 112(RP), U6
+ mov U6, T0
+ shr $9, U6
+ shl $55, T0
+ or T0, U5
+
+ mov 120(RP), U7
+ mov U7, T0
+ shr $9, U7
+ shl $55, T0
+ or T0, U6
+
+ mov 128(RP), U8
+ mov U8, T0
+ shr $9, U8
+ shl $55, T0
+ or T0, U7
+
+ mov 136(RP), U9
+ mov U9, T0
+ shr $9, U9
+ shl $55, T0
+ or T0, U8
+
+ add (RP), U0
+ adc 8(RP), U1
+ adc 16(RP), U2
+ adc 24(RP), U3
+ adc 32(RP), U4
+ adc 40(RP), U5
+ adc 48(RP), U6
+ adc 56(RP), U7
+ adc 64(RP), U8
+ adc $0, U9
+
+ C Top limbs are <U9, U8>. Keep low 9 bits of 8, and fold the
+ C top bits (at most 65 bits).
+ mov U8, T0
+ shr $9, T0
+ and $0x1ff, U8
+ mov U9, T1
+ shl $55, U9
+ shr $9, T1
+ or U9, T0
+
+ add T0, U0
+ mov U0, (RP)
+ adc T1, U1
+ mov U1, 8(RP)
+ adc $0, U2
+ mov U2, 16(RP)
+ adc $0, U3
+ mov U3, 24(RP)
+ adc $0, U4
+ mov U4, 32(RP)
+ adc $0, U5
+ mov U5, 40(RP)
+ adc $0, U6
+ mov U6, 48(RP)
+ adc $0, U7
+ mov U7, 56(RP)
+ adc $0, U8
+ mov U8, 64(RP)
+
+ pop %r13
+ pop %r12
+ pop %rbp
+ pop %rbx
+ W64_EXIT(2, 0)
+ ret
+EPILOGUE(nettle_ecc_521_modp)
C OFFSET(i)
C Expands to 4*i, or to the empty string if i is zero
define(<OFFSET>, <ifelse($1,0,,eval(4*$1))>)
+
+C OFFSET64(i)
+C Expands to 8*i, or to the empty string if i is zero
+define(<OFFSET64>, <ifelse($1,0,,eval(8*$1))>)
+
+dnl LREG(reg) gives the 8-bit register corresponding to the given 64-bit register.
+define(<LREG>,<ifelse(
+ $1, %rax, %al,
+ $1, %rbx, %bl,
+ $1, %rcx, %cl,
+ $1, %rdx, %dl,
+ $1, %rsi, %sil,
+ $1, %rdi, %dil,
+ $1, %rbp, %bpl,
+ $1, %r8, %r8b,
+ $1, %r9, %r9b,
+ $1, %r10, %r10b,
+ $1, %r11, %r11b,
+ $1, %r12, %r12b,
+ $1, %r13, %r13b,
+ $1, %r14, %r14b,
+ $1, %r15, %r15b)>)dnl
+
+define(<HREG>,<ifelse(
+ $1, %rax, %ah,
+ $1, %rbx, %bh,
+ $1, %rcx, %ch,
+ $1, %rdx, %dh)>)dnl
+
+define(<WREG>,<ifelse(
+ $1, %rax, %ax,
+ $1, %rbx, %bx,
+ $1, %rcx, %cx,
+ $1, %rdx, %dx,
+ $1, %rsi, %si,
+ $1, %rdi, %di,
+ $1, %rbp, %bp,
+ $1, %r8, %r8w,
+ $1, %r9, %r9w,
+ $1, %r10, %r10w,
+ $1, %r11, %r11w,
+ $1, %r12, %r12w,
+ $1, %r13, %r13w,
+ $1, %r14, %r14w,
+ $1, %r15, %r15w)>)dnl
+
+define(<XREG>,<ifelse(
+ $1, %rax, %eax,
+ $1, %rbx, %ebx,
+ $1, %rcx, %ecx,
+ $1, %rdx, %edx,
+ $1, %rsi, %esi,
+ $1, %rdi, %edi,
+ $1, %rbp, %ebp,
+ $1, %r8, %r8d,
+ $1, %r9, %r9d,
+ $1, %r10, %r10d,
+ $1, %r11, %r11d,
+ $1, %r12, %r12d,
+ $1, %r13, %r13d,
+ $1, %r14, %r14d,
+ $1, %r15, %r15d)>)dnl
+
+dnl W64_ENTRY(nargs, xmm_used)
+define(<W64_ENTRY>, <
+ changequote([,])dnl
+ ifelse(<<<<<<<<<<<<<<<< ignored; only for balancing)
+ ifelse(W64_ABI,yes,[
+ ifelse(eval($2 > 6), 1, [
+ sub [$]eval(8 + 16*($2 - 6)), %rsp
+ movdqu %xmm6, 0(%rsp)
+ ])
+ ifelse(eval($2 > 7), 1, [
+ movdqu %xmm7, 16(%rsp)
+ ])
+ ifelse(eval($2 > 8), 1, [
+ movdqu %xmm8, 32(%rsp)
+ ])
+ ifelse(eval($2 > 9), 1, [
+ movdqu %xmm9, 48(%rsp)
+ ])
+ ifelse(eval($2 > 10), 1, [
+ movdqu %xmm10, 64(%rsp)
+ ])
+ ifelse(eval($2 > 11), 1, [
+ movdqu %xmm11, 80(%rsp)
+ ])
+ ifelse(eval($2 > 12), 1, [
+ movdqu %xmm12, 96(%rsp)
+ ])
+ ifelse(eval($2 > 13), 1, [
+ movdqu %xmm13, 112(%rsp)
+ ])
+ ifelse(eval($2 > 14), 1, [
+ movdqu %xmm14, 128(%rsp)
+ ])
+ ifelse(eval($2 > 15), 1, [
+ movdqu %xmm15, 144(%rsp)
+ ])
+ ifelse(eval($1 >= 1), 1, [
+ push %rdi
+ mov %rcx, %rdi
+ ])
+ ifelse(eval($1 >= 2), 1, [
+ push %rsi
+ mov %rdx, %rsi
+ ])
+ ifelse(eval($1 >= 3), 1, [
+ mov %r8, %rdx
+ ])
+ ifelse(eval($1 >= 4), 1, [
+ mov %r9, %rcx
+ ])
+ ifelse(eval($1 >= 5), 1, [
+ ifelse(eval($2 > 6), 1, [
+ mov eval(8 + 16*($2 - 6) + 56)(%rsp), %r8
+ ], [
+ mov 56(%rsp), %r8
+ ])
+ ])
+ ])
+ changequote(<,>)dnl
+>)
+
+dnl W64_EXIT(nargs, xmm_used)
+define(<W64_EXIT>, <
+ changequote([,])dnl
+ ifelse(<<<<<<<<<<<< ignored; only for balancing)
+ ifelse(W64_ABI,yes,[
+ ifelse(eval($1 >= 2), 1, [
+ pop %rsi
+ ])
+ ifelse(eval($1 >= 1), 1, [
+ pop %rdi
+ ])
+ ifelse(eval($2 > 15), 1, [
+ movdqu 144(%rsp), %xmm15
+ ])
+ ifelse(eval($2 > 14), 1, [
+ movdqu 128(%rsp), %xmm14
+ ])
+ ifelse(eval($2 > 13), 1, [
+ movdqu 112(%rsp), %xmm13
+ ])
+ ifelse(eval($2 > 12), 1, [
+ movdqu 96(%rsp), %xmm12
+ ])
+ ifelse(eval($2 > 11), 1, [
+ movdqu 80(%rsp), %xmm11
+ ])
+ ifelse(eval($2 > 10), 1, [
+ movdqu 64(%rsp), %xmm10
+ ])
+ ifelse(eval($2 > 9), 1, [
+ movdqu 48(%rsp), %xmm9
+ ])
+ ifelse(eval($2 > 8), 1, [
+ movdqu 32(%rsp), %xmm8
+ ])
+ ifelse(eval($2 > 7), 1, [
+ movdqu 16(%rsp), %xmm7
+ ])
+ ifelse(eval($2 > 6), 1, [
+ movdqu 0(%rsp), %xmm6
+ add [$]eval(8 + 16*($2 - 6)), %rsp
+ ])
+ ])
+ changequote(<,>)dnl
+>)
--- /dev/null
+C nettle, low-level cryptographics library
+C
+C Copyright (C) 2010, Niels Möller
+C
+C The nettle library is free software; you can redistribute it and/or modify
+C it under the terms of the GNU Lesser General Public License as published by
+C the Free Software Foundation; either version 2.1 of the License, or (at your
+C option) any later version.
+C
+C The nettle library is distributed in the hope that it will be useful, but
+C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+C License for more details.
+C
+C You should have received a copy of the GNU Lesser General Public License
+C along with the nettle library; see the file COPYING.LIB. If not, write to
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
+
+C Register usage:
+define(<DST>, <%rax>) C Originally in %rdi
+define(<AP>, <%rsi>)
+define(<BP>, <%rdx>)
+define(<N>, <%r10>)
+define(<TMP>, <%r8>)
+define(<TMP2>, <%r9>)
+define(<CNT>, <%rdi>)
+define(<S0>, <%r11>)
+define(<S1>, <%rdi>) C Overlaps with CNT
+
+define(<USE_SSE2>, <no>)
+
+ .file "memxor.asm"
+
+ .text
+
+ C memxor(uint8_t *dst, const uint8_t *src, size_t n)
+ C %rdi %rsi %rdx
+ ALIGN(16)
+
+PROLOGUE(memxor)
+ W64_ENTRY(3, 0)
+ mov %rdx, %r10
+ mov %rdi, %rdx
+ jmp .Lmemxor3_entry
+EPILOGUE(memxor)
+
+ C memxor3(uint8_t *dst, const uint8_t *a, const uint8_t *b, size_t n)
+ C %rdi %rsi %rdx %rcx
+ ALIGN(16)
+
+PROLOGUE(memxor3)
+ W64_ENTRY(4, 0)
+ C %cl needed for shift count, so move away N
+ mov %rcx, N
+.Lmemxor3_entry:
+ test N, N
+ C Get number of unaligned bytes at the end
+ C %rdi is used as CNT, %rax as DST and as return value
+ mov %rdi, %rax
+ jz .Ldone
+ add N, CNT
+ and $7, CNT
+
+ jz .Laligned
+
+ cmp $8, N
+ jc .Lfinal_next
+
+ C FIXME: Instead of this loop, could try cmov with memory
+ C destination, as a sequence of one 8-bit, one 16-bit and one
+ C 32-bit operations. (Except that cmov can't do 8-bit ops, so
+ C that step has to use a conditional).
+.Lalign_loop:
+
+ sub $1, N
+ movb (AP, N), LREG(TMP)
+ xorb (BP, N), LREG(TMP)
+ movb LREG(TMP), (DST, N)
+ sub $1, CNT
+ jnz .Lalign_loop
+
+.Laligned:
+ifelse(USE_SSE2, yes, <
+ cmp $16, N
+ jnc .Lsse2_case
+>)
+ C Check for the case that AP and BP have the same alignment,
+ C but different from DST.
+ mov AP, TMP
+ sub BP, TMP
+ test $7, TMP
+ jnz .Lno_shift_case
+ mov AP, %rcx
+ sub DST, %rcx
+ and $7, %rcx
+ jz .Lno_shift_case
+ sub %rcx, AP
+ sub %rcx, BP
+ shl $3, %rcx
+
+ C Unrolling, with aligned values alternating in S0 and S1
+ test $8, N
+ jnz .Lshift_odd
+ mov (AP, N), S1
+ xor (BP, N), S1
+ jmp .Lshift_next
+
+.Lshift_odd:
+ mov -8(AP, N), S1
+ mov (AP, N), S0
+ xor -8(BP, N), S1
+ xor (BP, N), S0
+ mov S1, TMP
+ shr %cl, TMP
+ neg %cl
+ shl %cl, S0
+ neg %cl
+
+ or S0, TMP
+ mov TMP, -8(DST, N)
+ sub $8, N
+ jz .Ldone
+ jmp .Lshift_next
+
+ ALIGN(16)
+
+.Lshift_loop:
+ mov 8(AP, N), S0
+ xor 8(BP, N), S0
+ mov S0, TMP
+ shr %cl, TMP
+ neg %cl
+ shl %cl, S1
+ neg %cl
+ or S1, TMP
+ mov TMP, 8(DST, N)
+
+ mov (AP, N), S1
+ xor (BP, N), S1
+ mov S1, TMP
+ shr %cl, TMP
+ neg %cl
+ shl %cl, S0
+ neg %cl
+ or S0, TMP
+ mov TMP, (DST, N)
+.Lshift_next:
+ sub $16, N
+ C FIXME: Handle the case N == 16 specially,
+ C like in the non-shifted case?
+C ja .Lshift_loop
+C jz .Ldone
+ jnc .Lshift_loop
+
+ add $15, N
+ jnc .Ldone
+
+ shr $3, %rcx
+ add %rcx, AP
+ add %rcx, BP
+ jmp .Lfinal_loop
+
+.Lno_shift_case:
+ C Next destination word is -8(DST, N)
+ C Setup for unrolling
+ test $8, N
+ jz .Lword_next
+
+ sub $8, N
+ jz .Lone_word
+
+ mov (AP, N), TMP
+ xor (BP, N), TMP
+ mov TMP, (DST, N)
+
+ jmp .Lword_next
+
+ ALIGN(16)
+
+.Lword_loop:
+ mov 8(AP, N), TMP
+ mov (AP, N), TMP2
+ xor 8(BP, N), TMP
+ xor (BP, N), TMP2
+ mov TMP, 8(DST, N)
+ mov TMP2, (DST, N)
+
+.Lword_next:
+ sub $16, N
+ ja .Lword_loop C Not zero and no carry
+ jnz .Lfinal
+
+ C Final operation is word aligned
+ mov 8(AP, N), TMP
+ xor 8(BP, N), TMP
+ mov TMP, 8(DST, N)
+
+.Lone_word:
+ mov (AP, N), TMP
+ xor (BP, N), TMP
+ mov TMP, (DST, N)
+
+ C ENTRY might have been 3 args, too, but it doesn't matter for the exit
+ W64_EXIT(4, 0)
+ ret
+
+.Lfinal:
+ add $15, N
+
+.Lfinal_loop:
+ movb (AP, N), LREG(TMP)
+ xorb (BP, N), LREG(TMP)
+ movb LREG(TMP), (DST, N)
+.Lfinal_next:
+ sub $1, N
+ jnc .Lfinal_loop
+
+.Ldone:
+ C ENTRY might have been 3 args, too, but it doesn't matter for the exit
+ W64_EXIT(4, 0)
+ ret
+
+ifelse(USE_SSE2, yes, <
+
+.Lsse2_case:
+ lea (DST, N), TMP
+ test $8, TMP
+ jz .Lsse2_next
+ sub $8, N
+ mov (AP, N), TMP
+ xor (BP, N), TMP
+ mov TMP, (DST, N)
+ jmp .Lsse2_next
+
+ ALIGN(16)
+.Lsse2_loop:
+ movdqu (AP, N), %xmm0
+ movdqu (BP, N), %xmm1
+ pxor %xmm0, %xmm1
+ movdqa %xmm1, (DST, N)
+.Lsse2_next:
+ sub $16, N
+ ja .Lsse2_loop
+
+ C FIXME: See if we can do a full word first, before the
+ C byte-wise final loop.
+ jnz .Lfinal
+
+ C Final operation is aligned
+ movdqu (AP), %xmm0
+ movdqu (BP), %xmm1
+ pxor %xmm0, %xmm1
+ movdqa %xmm1, (DST)
+ C ENTRY might have been 3 args, too, but it doesn't matter for the exit
+ W64_EXIT(4, 0)
+ ret
+>)
+
+
+EPILOGUE(memxor3)
--- /dev/null
+C nettle, low-level cryptographics library
+C
+C Copyright (C) 2012 Niels Möller
+C
+C The nettle library is free software; you can redistribute it and/or modify
+C it under the terms of the GNU Lesser General Public License as published by
+C the Free Software Foundation; either version 2.1 of the License, or (at your
+C option) any later version.
+C
+C The nettle library is distributed in the hope that it will be useful, but
+C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+C License for more details.
+C
+C You should have received a copy of the GNU Lesser General Public License
+C along with the nettle library; see the file COPYING.LIB. If not, write to
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
+
+define(<DST>, <%rdi>)
+define(<SRC>, <%rsi>)
+define(<COUNT>, <%rdx>)
+define(<X0>, <%xmm0>)
+define(<X1>, <%xmm1>)
+define(<X2>, <%xmm2>)
+define(<X3>, <%xmm3>)
+define(<T0>, <%xmm4>)
+define(<T1>, <%xmm5>)
+define(<M0101>, <%xmm6>)
+define(<M0110>, <%xmm7>)
+define(<M0011>, <%xmm8>)
+
+include_src(<x86_64/salsa20.m4>)
+
+ C _salsa20_core(uint32_t *dst, const uint32_t *src, unsigned rounds)
+ .text
+ ALIGN(16)
+PROLOGUE(_nettle_salsa20_core)
+ W64_ENTRY(3, 9)
+
+ C Load mask registers
+ mov $-1, %eax
+ movd %eax, M0101
+ pshufd $0x09, M0101, M0011 C 01 01 00 00
+ pshufd $0x41, M0101, M0110 C 01 00 00 01
+ pshufd $0x22, M0101, M0101 C 01 00 01 00
+
+ movups (SRC), X0
+ movups 16(SRC), X1
+ movups 32(SRC), X2
+ movups 48(SRC), X3
+
+ C The original rows are now diagonals.
+ SWAP(X0, X1, M0101)
+ SWAP(X2, X3, M0101)
+ SWAP(X1, X3, M0110)
+ SWAP(X0, X2, M0011)
+
+ shrl $1, XREG(COUNT)
+
+ ALIGN(16)
+.Loop:
+ QROUND(X0, X1, X2, X3)
+ pshufd $0x93, X1, X1 C 11 00 01 10 (least sign. left)
+ pshufd $0x4e, X2, X2 C 10 11 00 01
+ pshufd $0x39, X3, X3 C 01 10 11 00
+
+ QROUND(X0, X3, X2, X1)
+
+ C Inverse rotation of the rows
+ pshufd $0x39, X1, X1 C 01 10 11 00
+ pshufd $0x4e, X2, X2 C 10 11 00 01
+ pshufd $0x93, X3, X3 C 11 00 01 10
+
+ decl XREG(COUNT)
+ jnz .Loop
+
+ SWAP(X0, X2, M0011)
+ SWAP(X1, X3, M0110)
+ SWAP(X0, X1, M0101)
+ SWAP(X2, X3, M0101)
+
+ movups (SRC), T0
+ movups 16(SRC), T1
+ paddd T0, X0
+ paddd T1, X1
+ movups X0,(DST)
+ movups X1,16(DST)
+ movups 32(SRC), T0
+ movups 48(SRC), T1
+ paddd T0, X2
+ paddd T1, X3
+ movups X2,32(DST)
+ movups X3,48(DST)
+
+ W64_EXIT(3, 9)
+ ret
+EPILOGUE(_nettle_salsa20_core)
--- /dev/null
+C nettle, low-level cryptographics library
+C
+C Copyright (C) 2012 Niels Möller
+C
+C The nettle library is free software; you can redistribute it and/or modify
+C it under the terms of the GNU Lesser General Public License as published by
+C the Free Software Foundation; either version 2.1 of the License, or (at your
+C option) any later version.
+C
+C The nettle library is distributed in the hope that it will be useful, but
+C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+C License for more details.
+C
+C You should have received a copy of the GNU Lesser General Public License
+C along with the nettle library; see the file COPYING.LIB. If not, write to
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
+
+define(<CTX>, <%rdi>)
+define(<LENGTH>, <%rsi>)
+define(<DST>, <%rdx>)
+define(<SRC>, <%rcx>)
+define(<T64>, <%r8>)
+define(<POS>, <%r9>)
+define(<X0>, <%xmm0>)
+define(<X1>, <%xmm1>)
+define(<X2>, <%xmm2>)
+define(<X3>, <%xmm3>)
+define(<T0>, <%xmm4>)
+define(<T1>, <%xmm5>)
+define(<M0101>, <%xmm6>)
+define(<M0110>, <%xmm7>)
+define(<M0011>, <%xmm8>)
+define(<COUNT>, <%rax>)
+
+include_src(<x86_64/salsa20.m4>)
+
+C Possible improvements:
+C
+C Do two blocks (or more) at a time in parallel, to avoid limitations
+C due to data dependencies.
+C
+C Avoid redoing the permutation of the input for each block (all but
+C the two counter words are constant). Could also keep the input in
+C registers.
+
+ .file "salsa20-crypt.asm"
+
+ C salsa20_crypt(struct salsa20_ctx *ctx, unsigned length,
+ C uint8_t *dst, const uint8_t *src)
+ .text
+ ALIGN(16)
+PROLOGUE(nettle_salsa20_crypt)
+ W64_ENTRY(4, 9)
+
+ test LENGTH, LENGTH
+ jz .Lend
+
+ C Load mask registers
+ mov $-1, XREG(COUNT)
+ movd XREG(COUNT), M0101
+ pshufd $0x09, M0101, M0011 C 01 01 00 00
+ pshufd $0x41, M0101, M0110 C 01 00 00 01
+ pshufd $0x22, M0101, M0101 C 01 00 01 00
+
+.Lblock_loop:
+ movups (CTX), X0
+ movups 16(CTX), X1
+ movups 32(CTX), X2
+ movups 48(CTX), X3
+
+ C On input, each xmm register is one row. We start with
+ C
+ C 0 1 2 3 C K K K
+ C 4 5 6 7 K C I I
+ C 8 9 10 11 B B C K
+ C 12 13 14 15 K K K C
+ C
+ C Diagrams are in little-endian order, with least significant word to
+ C the left. We rotate the columns, to get instead
+ C
+ C 0 5 10 15 C C C C
+ C 4 9 14 3 K B K K
+ C 8 13 2 7 B K K I
+ C 12 1 6 11 K K I K
+ C
+ C The original rows are now diagonals.
+ SWAP(X0, X1, M0101)
+ SWAP(X2, X3, M0101)
+ SWAP(X1, X3, M0110)
+ SWAP(X0, X2, M0011)
+
+ movl $10, XREG(COUNT)
+ ALIGN(16)
+.Loop:
+ QROUND(X0, X1, X2, X3)
+ C For the row operations, we first rotate the rows, to get
+ C
+ C 0 5 10 15
+ C 3 4 9 14
+ C 2 7 8 13
+ C 1 6 11 12
+ C
+ C Now the original rows are turned into into columns. (This
+ C SIMD hack described in djb's papers).
+
+ pshufd $0x93, X1, X1 C 11 00 01 10 (least sign. left)
+ pshufd $0x4e, X2, X2 C 10 11 00 01
+ pshufd $0x39, X3, X3 C 01 10 11 00
+
+ QROUND(X0, X3, X2, X1)
+
+ C Inverse rotation of the rows
+ pshufd $0x39, X1, X1 C 01 10 11 00
+ pshufd $0x4e, X2, X2 C 10 11 00 01
+ pshufd $0x93, X3, X3 C 11 00 01 10
+
+ decl XREG(COUNT)
+ jnz .Loop
+
+ SWAP(X0, X2, M0011)
+ SWAP(X1, X3, M0110)
+ SWAP(X0, X1, M0101)
+ SWAP(X2, X3, M0101)
+
+ movups (CTX), T0
+ movups 16(CTX), T1
+ paddd T0, X0
+ paddd T1, X1
+ movups 32(CTX), T0
+ movups 48(CTX), T1
+ paddd T0, X2
+ paddd T1, X3
+
+ C Increment block counter
+ incq 32(CTX)
+
+ cmp $64, LENGTH
+ jc .Lfinal_xor
+
+ movups 48(SRC), T1
+ pxor T1, X3
+ movups X3, 48(DST)
+.Lxor3:
+ movups 32(SRC), T0
+ pxor T0, X2
+ movups X2, 32(DST)
+.Lxor2:
+ movups 16(SRC), T1
+ pxor T1, X1
+ movups X1, 16(DST)
+.Lxor1:
+ movups (SRC), T0
+ pxor T0, X0
+ movups X0, (DST)
+
+ lea 64(SRC), SRC
+ lea 64(DST), DST
+ sub $64, LENGTH
+ ja .Lblock_loop
+.Lend:
+ W64_EXIT(4, 9)
+ ret
+
+.Lfinal_xor:
+ cmp $32, LENGTH
+ jz .Lxor2
+ jc .Llt32
+ cmp $48, LENGTH
+ jz .Lxor3
+ jc .Llt48
+ movaps X3, T0
+ call .Lpartial
+ jmp .Lxor3
+.Llt48:
+ movaps X2, T0
+ call .Lpartial
+ jmp .Lxor2
+.Llt32:
+ cmp $16, LENGTH
+ jz .Lxor1
+ jc .Llt16
+ movaps X1, T0
+ call .Lpartial
+ jmp .Lxor1
+.Llt16:
+ movaps X0, T0
+ call .Lpartial
+ jmp .Lend
+
+.Lpartial:
+ mov LENGTH, POS
+ and $-16, POS
+ test $8, LENGTH
+ jz .Llt8
+ C This "movd" instruction should assemble to
+ C 66 49 0f 7e e0 movq %xmm4,%r8
+ C Apparently, assemblers treat movd and movq (with the
+ C arguments we use) in the same way, except for osx, which
+ C barfs at movq.
+ movd T0, T64
+ xor (SRC, POS), T64
+ mov T64, (DST, POS)
+ lea 8(POS), POS
+ pshufd $0xee, T0, T0 C 10 11 10 11
+.Llt8:
+ C And this is also really a movq.
+ movd T0, T64
+ test $4, LENGTH
+ jz .Llt4
+ mov XREG(T64), XREG(COUNT)
+ xor (SRC, POS), XREG(COUNT)
+ mov XREG(COUNT), (DST, POS)
+ lea 4(POS), POS
+ shr $32, T64
+.Llt4:
+ test $2, LENGTH
+ jz .Llt2
+ mov WREG(T64), WREG(COUNT)
+ xor (SRC, POS), WREG(COUNT)
+ mov WREG(COUNT), (DST, POS)
+ lea 2(POS), POS
+ shr $16, XREG(T64)
+.Llt2:
+ test $1, LENGTH
+ jz .Lret
+ xor (SRC, POS), LREG(T64)
+ mov LREG(T64), (DST, POS)
+
+.Lret:
+ ret
+
+EPILOGUE(nettle_salsa20_crypt)
--- /dev/null
+C Needs T0 and T1
+C QROUND(x0, x1, x2, x3)
+define(<QROUND>, <
+ movaps $4, T0 C 0
+ paddd $1, T0 C 1
+ movaps T0, T1 C 2
+ pslld <$>7, T0 C 2
+ psrld <$>25, T1 C 3
+ pxor T0, $2 C 3
+ pxor T1, $2 C 4
+
+ movaps $1, T0 C 0
+ paddd $2, T0 C 5
+ movaps T0, T1 C 6
+ pslld <$>9, T0 C 6
+ psrld <$>23, T1 C 7
+ pxor T0, $3 C 7
+ pxor T1, $3 C 8
+
+ movaps $2, T0 C 0
+ paddd $3, T0 C 9
+ movaps T0, T1 C 10
+ pslld <$>13, T0 C 10
+ psrld <$>19, T1 C 11
+ pxor T0, $4 C 11
+ pxor T1, $4 C 12
+
+ movaps $3, T0 C 0
+ paddd $4, T0 C 13
+ movaps T0, T1 C 14
+ pslld <$>18, T0 C 14
+ psrld <$>14, T1 C 15
+ pxor T0, $1 C 15
+ pxor T1, $1 C 16
+>)
+
+C SWAP(x0, x1, mask)
+C Swaps bits in x0 and x1, with bits selected by the mask
+define(<SWAP>, <
+ movaps $1, T0
+ pxor $2, $1
+ pand $3, $1
+ pxor $1, $2
+ pxor T0, $1
+>)
--- /dev/null
+C nettle, low-level cryptographics library
+C
+C Copyright (C) 2011 Niels Möller
+C
+C The nettle library is free software; you can redistribute it and/or modify
+C it under the terms of the GNU Lesser General Public License as published by
+C the Free Software Foundation; either version 2.1 of the License, or (at your
+C option) any later version.
+C
+C The nettle library is distributed in the hope that it will be useful, but
+C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+C License for more details.
+C
+C You should have received a copy of the GNU Lesser General Public License
+C along with the nettle library; see the file COPYING.LIB. If not, write to
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
+
+include_src(<x86_64/serpent.m4>)
+
+C Register usage:
+
+C Single block serpent state, two copies
+define(<x0>, <%eax>)
+define(<x1>, <%ebx>)
+define(<x2>, <%ebp>)
+define(<x3>, <%r8d>)
+
+define(<y0>, <%r9d>)
+define(<y1>, <%r10d>)
+define(<y2>, <%r11d>)
+define(<y3>, <%r12d>)
+
+C Quadruple block serpent state, two copies
+define(<X0>, <%xmm0>)
+define(<X1>, <%xmm1>)
+define(<X2>, <%xmm2>)
+define(<X3>, <%xmm3>)
+
+define(<Y0>, <%xmm4>)
+define(<Y1>, <%xmm5>)
+define(<Y2>, <%xmm6>)
+define(<Y3>, <%xmm7>)
+
+define(<MINUS1>, <%xmm8>)
+define(<T0>, <%xmm9>)
+define(<T1>, <%xmm10>)
+define(<T2>, <%xmm11>)
+define(<T3>, <%xmm12>)
+
+C Arguments
+define(<CTX>, <%rdi>)
+define(<N>, <%rsi>)
+define(<DST>, <%rdx>)
+define(<SRC>, <%rcx>)
+
+define(<CNT>, <%r13>)
+define(<TMP32>, <%r14d>)
+
+C SBOX macros. Inputs $1 - $4 (destroyed), outputs $5 - $8
+
+define(<SBOX0I>, <
+ mov $1, $5
+ xor $3, $5
+ mov $1, $7
+ or $2, $7
+ mov $3, $6
+ xor $4, $6
+ xor $6, $7
+ and $3, $6
+ or $2, $3
+ xor $4, $2
+ or $1, $6
+ and $3, $2
+ xor $2, $6
+ or $7, $1
+ xor $6, $1
+ mov $7, $2
+ and $1, $2
+ not $7
+ or $7, $4
+ xor $3, $4
+ mov $1, $8
+ xor $4, $8
+ or $4, $2
+ xor $2, $5
+>)
+
+define(<SBOX1I>, <
+ mov $2, $6
+ or $4, $6
+ xor $3, $6
+ mov $1, $8
+ xor $2, $8
+ mov $1, $5
+ or $6, $5
+ and $8, $5
+ xor $5, $2
+ xor $6, $8
+ and $4, $2
+ mov $1, $7
+ and $3, $7
+ or $7, $6
+ or $4, $7
+ xor $5, $7
+ not $7
+ xor $2, $6
+ xor $6, $5
+ xor $3, $5
+ or $7, $1
+ xor $1, $5
+>)
+
+define(<SBOX2I>, <
+ mov $1, $5
+ xor $4, $5
+ mov $3, $7
+ xor $4, $7
+ mov $2, $6
+ or $7, $6
+ xor $6, $5
+ mov $4, $6
+ or $5, $6
+ and $2, $6
+ not $4
+ mov $1, $8
+ or $3, $8
+ and $8, $7
+ xor $7, $6
+ and $2, $8
+ and $3, $1
+ or $4, $1
+ xor $1, $8
+ and $8, $3
+ xor $1, $3
+ mov $5, $7
+ xor $6, $7
+ xor $3, $7
+>)
+
+define(<SBOX3I>, <
+ mov $3, $8
+ or $4, $8
+ mov $2, $5
+ and $8, $5
+ mov $1, $7
+ or $4, $7
+ mov $3, $6
+ xor $7, $6
+ xor $6, $5
+ xor $1, $4
+ xor $4, $8
+ xor $2, $7
+ and $6, $7
+ xor $4, $7
+ xor $1, $6
+ or $5, $4
+ and $4, $6
+ xor $2, $6
+ and $7, $1
+ or $2, $1
+ xor $1, $8
+>)
+
+define(<SBOX4I>, <
+ mov $3, $6
+ xor $4, $6
+ mov $3, $7
+ or $4, $7
+ xor $2, $7
+ or $4, $2
+ mov $1, $5
+ xor $7, $5
+ xor $7, $4
+ and $1, $7
+ xor $7, $6
+ xor $1, $7
+ or $3, $7
+ and $2, $1
+ mov $1, $8
+ xor $4, $8
+ not $1
+ or $6, $1
+ xor $1, $5
+ xor $2, $1
+ xor $1, $7
+>)
+
+define(<SBOX5I>, <
+ mov $1, $6
+ and $4, $6
+ mov $3, $8
+ xor $6, $8
+ mov $2, $5
+ and $8, $5
+ mov $1, $7
+ xor $4, $7
+ xor $2, $4
+ xor $7, $5
+ and $1, $3
+ and $5, $1
+ or $2, $3
+ xor $5, $6
+ xor $3, $6
+ mov $5, $7
+ or $6, $7
+ xor $8, $7
+ xor $4, $7
+ not $2
+ or $1, $2
+ xor $2, $8
+>)
+
+define(<SBOX6I>, <
+ mov $1, $7
+ xor $3, $7
+ not $3
+ mov $2, $5
+ xor $4, $5
+ mov $1, $6
+ or $3, $6
+ xor $5, $6
+ mov $2, $8
+ and $7, $8
+ or $4, $8
+ or $3, $4
+ or $2, $3
+ and $1, $3
+ mov $3, $5
+ xor $8, $5
+ not $5
+ and $7, $8
+ xor $3, $8
+ xor $6, $1
+ xor $1, $8
+ and $5, $2
+ xor $2, $7
+ xor $4, $7
+>)
+
+define(<SBOX7I>, <
+ mov $1, $8
+ and $2, $8
+ mov $2, $7
+ xor $4, $7
+ or $8, $7
+ mov $1, $6
+ or $4, $6
+ and $3, $6
+ xor $6, $7
+ or $3, $8
+ mov $1, $5
+ or $2, $5
+ and $4, $5
+ xor $5, $8
+ xor $2, $5
+ mov $4, $6
+ xor $8, $6
+ not $6
+ or $5, $6
+ xor $3, $5
+ xor $1, $6
+ or $6, $4
+ xor $4, $5
+>)
+
+define(<LTI>, <
+ rol <$>10, $3
+ rol <$>27, $1
+ mov $2, TMP32
+ shl <$>7, TMP32
+ xor $4, $3
+ xor TMP32, $3
+ xor $2, $1
+ xor $4, $1
+ rol <$>25, $4
+ rol <$>31, $2
+ mov $1, TMP32
+ shl <$>3, TMP32
+ xor $3, $4
+ xor TMP32, $4
+ xor $1, $2
+ xor $3, $2
+ rol <$>29, $3
+ rol <$>19, $1
+>)
+
+define(<PNOT>, <
+ pxor MINUS1, $1
+>)
+
+define(<WSBOX0I>, <
+ movdqa $1, $5
+ pxor $3, $5
+ movdqa $1, $7
+ por $2, $7
+ movdqa $3, $6
+ pxor $4, $6
+ pxor $6, $7
+ pand $3, $6
+ por $2, $3
+ pxor $4, $2
+ por $1, $6
+ pand $3, $2
+ pxor $2, $6
+ por $7, $1
+ pxor $6, $1
+ movdqa $7, $2
+ pand $1, $2
+ PNOT($7)
+ por $7, $4
+ pxor $3, $4
+ movdqa $1, $8
+ pxor $4, $8
+ por $4, $2
+ pxor $2, $5
+>)
+
+define(<WSBOX1I>, <
+ movdqa $2, $6
+ por $4, $6
+ pxor $3, $6
+ movdqa $1, $8
+ pxor $2, $8
+ movdqa $1, $5
+ por $6, $5
+ pand $8, $5
+ pxor $5, $2
+ pxor $6, $8
+ pand $4, $2
+ movdqa $1, $7
+ pand $3, $7
+ por $7, $6
+ por $4, $7
+ pxor $5, $7
+ PNOT($7)
+ pxor $2, $6
+ pxor $6, $5
+ pxor $3, $5
+ por $7, $1
+ pxor $1, $5
+>)
+
+define(<WSBOX2I>, <
+ movdqa $1, $5
+ pxor $4, $5
+ movdqa $3, $7
+ pxor $4, $7
+ movdqa $2, $6
+ por $7, $6
+ pxor $6, $5
+ movdqa $4, $6
+ por $5, $6
+ pand $2, $6
+ PNOT($4)
+ movdqa $1, $8
+ por $3, $8
+ pand $8, $7
+ pxor $7, $6
+ pand $2, $8
+ pand $3, $1
+ por $4, $1
+ pxor $1, $8
+ pand $8, $3
+ pxor $1, $3
+ movdqa $5, $7
+ pxor $6, $7
+ pxor $3, $7
+>)
+
+define(<WSBOX3I>, <
+ movdqa $3, $8
+ por $4, $8
+ movdqa $2, $5
+ pand $8, $5
+ movdqa $1, $7
+ por $4, $7
+ movdqa $3, $6
+ pxor $7, $6
+ pxor $6, $5
+ pxor $1, $4
+ pxor $4, $8
+ pxor $2, $7
+ pand $6, $7
+ pxor $4, $7
+ pxor $1, $6
+ por $5, $4
+ pand $4, $6
+ pxor $2, $6
+ pand $7, $1
+ por $2, $1
+ pxor $1, $8
+>)
+
+define(<WSBOX4I>, <
+ movdqa $3, $6
+ pxor $4, $6
+ movdqa $3, $7
+ por $4, $7
+ pxor $2, $7
+ por $4, $2
+ movdqa $1, $5
+ pxor $7, $5
+ pxor $7, $4
+ pand $1, $7
+ pxor $7, $6
+ pxor $1, $7
+ por $3, $7
+ pand $2, $1
+ movdqa $1, $8
+ pxor $4, $8
+ PNOT($1)
+ por $6, $1
+ pxor $1, $5
+ pxor $2, $1
+ pxor $1, $7
+>)
+
+define(<WSBOX5I>, <
+ movdqa $1, $6
+ pand $4, $6
+ movdqa $3, $8
+ pxor $6, $8
+ movdqa $2, $5
+ pand $8, $5
+ movdqa $1, $7
+ pxor $4, $7
+ pxor $2, $4
+ pxor $7, $5
+ pand $1, $3
+ pand $5, $1
+ por $2, $3
+ pxor $5, $6
+ pxor $3, $6
+ movdqa $5, $7
+ por $6, $7
+ pxor $8, $7
+ pxor $4, $7
+ PNOT($2)
+ por $1, $2
+ pxor $2, $8
+>)
+
+define(<WSBOX6I>, <
+ movdqa $1, $7
+ pxor $3, $7
+ PNOT($3)
+ movdqa $2, $5
+ pxor $4, $5
+ movdqa $1, $6
+ por $3, $6
+ pxor $5, $6
+ movdqa $2, $8
+ pand $7, $8
+ por $4, $8
+ por $3, $4
+ por $2, $3
+ pand $1, $3
+ movdqa $3, $5
+ pxor $8, $5
+ PNOT($5)
+ pand $7, $8
+ pxor $3, $8
+ pxor $6, $1
+ pxor $1, $8
+ pand $5, $2
+ pxor $2, $7
+ pxor $4, $7
+>)
+
+define(<WSBOX7I>, <
+ movdqa $1, $8
+ pand $2, $8
+ movdqa $2, $7
+ pxor $4, $7
+ por $8, $7
+ movdqa $1, $6
+ por $4, $6
+ pand $3, $6
+ pxor $6, $7
+ por $3, $8
+ movdqa $1, $5
+ por $2, $5
+ pand $4, $5
+ pxor $5, $8
+ pxor $2, $5
+ movdqa $4, $6
+ pxor $8, $6
+ PNOT($6)
+ por $5, $6
+ pxor $3, $5
+ pxor $1, $6
+ por $6, $4
+ pxor $4, $5
+>)
+
+define(<WLTI>, <
+ WROL(10, $3)
+ WROL(27, $1)
+ movdqa $2, T0
+ pslld <$>7, T0
+ pxor $4, $3
+ pxor T0, $3
+ pxor $2, $1
+ pxor $4, $1
+ WROL(25, $4)
+ WROL(31, $2)
+ movdqa $1, T0
+ pslld <$>3, T0
+ pxor $3, $4
+ pxor T0, $4
+ pxor $1, $2
+ pxor $3, $2
+ WROL(29, $3)
+ WROL(19, $1)
+>)
+
+ .file "serpent-decrypt.asm"
+
+ C serpent_decrypt(struct serpent_context *ctx,
+ C unsigned length, uint8_t *dst,
+ C const uint8_t *src)
+ .text
+ ALIGN(16)
+PROLOGUE(nettle_serpent_decrypt)
+ C save all registers that need to be saved
+ W64_ENTRY(4, 13)
+ push %rbx
+ push %rbp
+ push %r12
+ push %r13
+ push %r14
+
+ lea (SRC, N), SRC
+ lea (DST, N), DST
+ neg N
+ jz .Lend
+
+ cmp $-64, N
+ ja .Lblock_loop
+
+ pcmpeqd MINUS1, MINUS1
+
+.Lwblock_loop:
+ movups (SRC, N), X0
+ movups 16(SRC, N), X1
+ movups 32(SRC, N), X2
+ movups 48(SRC, N), X3
+
+ WTRANSPOSE(X0,X1,X2,X3)
+
+ mov $384, CNT
+
+ C FIXME: CNT known, no index register needed
+ WKEYXOR(128, X0,X1,X2,X3)
+
+ jmp .Lwround_start
+
+ ALIGN(16)
+
+.Lwround_loop:
+ WLTI(X0,X1,X2,X3)
+.Lwround_start:
+ WSBOX7I(X0,X1,X2,X3, Y0,Y1,Y2,Y3)
+ WKEYXOR(112, Y0,Y1,Y2,Y3)
+
+ WLTI(Y0,Y1,Y2,Y3)
+ WSBOX6I(Y0,Y1,Y2,Y3, X0,X1,X2,X3)
+ WKEYXOR(96, X0,X1,X2,X3)
+
+ WLTI(X0,X1,X2,X3)
+ WSBOX5I(X0,X1,X2,X3, Y0,Y1,Y2,Y3)
+ WKEYXOR(80, Y0,Y1,Y2,Y3)
+
+ WLTI(Y0,Y1,Y2,Y3)
+ WSBOX4I(Y0,Y1,Y2,Y3, X0,X1,X2,X3)
+ WKEYXOR(64, X0,X1,X2,X3)
+
+ WLTI(X0,X1,X2,X3)
+ WSBOX3I(X0,X1,X2,X3, Y0,Y1,Y2,Y3)
+ WKEYXOR(48, Y0,Y1,Y2,Y3)
+
+ WLTI(Y0,Y1,Y2,Y3)
+ WSBOX2I(Y0,Y1,Y2,Y3, X0,X1,X2,X3)
+ WKEYXOR(32, X0,X1,X2,X3)
+
+ WLTI(X0,X1,X2,X3)
+ WSBOX1I(X0,X1,X2,X3, Y0,Y1,Y2,Y3)
+ WKEYXOR(16, Y0,Y1,Y2,Y3)
+
+ WLTI(Y0,Y1,Y2,Y3)
+ WSBOX0I(Y0,Y1,Y2,Y3, X0,X1,X2,X3)
+ WKEYXOR(, X0,X1,X2,X3)
+
+ sub $128, CNT
+ jnc .Lwround_loop
+
+ WTRANSPOSE(X0,X1,X2,X3)
+
+ movups X0, (DST, N)
+ movups X1, 16(DST, N)
+ movups X2, 32(DST, N)
+ movups X3, 48(DST, N)
+
+ C FIXME: Adjust N, so we can use just jnc without an extra cmp.
+ add $64, N
+ jz .Lend
+
+ cmp $-64, N
+ jbe .Lwblock_loop
+
+.Lblock_loop:
+ movl (SRC, N), x0
+ movl 4(SRC, N), x1
+ movl 8(SRC, N), x2
+ movl 12(SRC, N), x3
+
+ xor 512(CTX), x0
+ xor 516(CTX), x1
+ xor 520(CTX), x2
+ xor 524(CTX), x3
+
+ mov $384, CNT
+ jmp .Lround_start
+
+ ALIGN(16)
+.Lround_loop:
+ LTI(x0,x1,x2,x3)
+.Lround_start:
+ SBOX7I(x0,x1,x2,x3, y0,y1,y2,y3)
+ xor 112(CTX, CNT), y0
+ xor 116(CTX, CNT), y1
+ xor 120(CTX, CNT), y2
+ xor 124(CTX, CNT), y3
+
+ LTI(y0,y1,y2,y3)
+ SBOX6I(y0,y1,y2,y3, x0,x1,x2,x3)
+ xor 96(CTX, CNT), x0
+ xor 100(CTX, CNT), x1
+ xor 104(CTX, CNT), x2
+ xor 108(CTX, CNT), x3
+
+ LTI(x0,x1,x2,x3)
+ SBOX5I(x0,x1,x2,x3, y0,y1,y2,y3)
+ xor 80(CTX, CNT), y0
+ xor 84(CTX, CNT), y1
+ xor 88(CTX, CNT), y2
+ xor 92(CTX, CNT), y3
+
+ LTI(y0,y1,y2,y3)
+ SBOX4I(y0,y1,y2,y3, x0,x1,x2,x3)
+ xor 64(CTX, CNT), x0
+ xor 68(CTX, CNT), x1
+ xor 72(CTX, CNT), x2
+ xor 76(CTX, CNT), x3
+
+ LTI(x0,x1,x2,x3)
+ SBOX3I(x0,x1,x2,x3, y0,y1,y2,y3)
+ xor 48(CTX, CNT), y0
+ xor 52(CTX, CNT), y1
+ xor 56(CTX, CNT), y2
+ xor 60(CTX, CNT), y3
+
+ LTI(y0,y1,y2,y3)
+ SBOX2I(y0,y1,y2,y3, x0,x1,x2,x3)
+ xor 32(CTX, CNT), x0
+ xor 36(CTX, CNT), x1
+ xor 40(CTX, CNT), x2
+ xor 44(CTX, CNT), x3
+
+ LTI(x0,x1,x2,x3)
+ SBOX1I(x0,x1,x2,x3, y0,y1,y2,y3)
+ xor 16(CTX, CNT), y0
+ xor 20(CTX, CNT), y1
+ xor 24(CTX, CNT), y2
+ xor 28(CTX, CNT), y3
+
+ LTI(y0,y1,y2,y3)
+ SBOX0I(y0,y1,y2,y3, x0,x1,x2,x3)
+ xor (CTX, CNT), x0
+ xor 4(CTX, CNT), x1
+ xor 8(CTX, CNT), x2
+ xor 12(CTX, CNT), x3
+ sub $128, CNT
+ jnc .Lround_loop
+
+ movl x0, (DST, N)
+ movl x1, 4(DST, N)
+ movl x2, 8(DST, N)
+ movl x3, 12(DST, N)
+ add $16, N
+ jnc .Lblock_loop
+
+.Lend:
+ pop %r14
+ pop %r13
+ pop %r12
+ pop %rbp
+ pop %rbx
+ W64_EXIT(4, 13)
+ ret
--- /dev/null
+C nettle, low-level cryptographics library
+C
+C Copyright (C) 2011 Niels Möller
+C
+C The nettle library is free software; you can redistribute it and/or modify
+C it under the terms of the GNU Lesser General Public License as published by
+C the Free Software Foundation; either version 2.1 of the License, or (at your
+C option) any later version.
+C
+C The nettle library is distributed in the hope that it will be useful, but
+C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+C License for more details.
+C
+C You should have received a copy of the GNU Lesser General Public License
+C along with the nettle library; see the file COPYING.LIB. If not, write to
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
+
+include_src(<x86_64/serpent.m4>)
+
+C Register usage:
+
+C Single block serpent state, two copies
+define(<x0>, <%eax>)
+define(<x1>, <%ebx>)
+define(<x2>, <%ebp>)
+define(<x3>, <%r8d>)
+
+define(<y0>, <%r9d>)
+define(<y1>, <%r10d>)
+define(<y2>, <%r11d>)
+define(<y3>, <%r12d>)
+
+C Quadruple block serpent state, two copies
+define(<X0>, <%xmm0>)
+define(<X1>, <%xmm1>)
+define(<X2>, <%xmm2>)
+define(<X3>, <%xmm3>)
+
+define(<Y0>, <%xmm4>)
+define(<Y1>, <%xmm5>)
+define(<Y2>, <%xmm6>)
+define(<Y3>, <%xmm7>)
+
+define(<MINUS1>, <%xmm8>)
+define(<T0>, <%xmm9>)
+define(<T1>, <%xmm10>)
+define(<T2>, <%xmm11>)
+define(<T3>, <%xmm12>)
+
+C Arguments
+define(<CTX>, <%rdi>)
+define(<N>, <%rsi>)
+define(<DST>, <%rdx>)
+define(<SRC>, <%rcx>)
+
+define(<CNT>, <%r13>)
+define(<TMP32>, <%r14d>)
+
+C SBOX macros. Inputs $1 - $4 (destroyed), outputs $5 - $8
+
+define(<SBOX0>, <
+ mov $2, $8 C y3 = x1 ^ x2
+ xor $3, $8
+ mov $1, $5 C y0 = x0 | x3
+ or $4, $5
+ mov $1, $6 C y1 = x0 ^ x1
+ xor $2, $6
+ xor $5, $8 C y3 ^= y0
+ mov $3, $7 C y2 = x2 | y3
+ or $8, $7
+ xor $4, $1 C x0 ^= x3
+ and $4, $7 C y2 &= x3
+ xor $3, $4 C x3 ^= x2
+ or $2, $3 C x2 |= x1
+ mov $6, $5 C y0 = y1 & x2
+ and $3, $5
+ xor $5, $7 C y2 ^= y0
+ and $7, $5 C y0 &= y2
+ xor $3, $5 C y0 ^= x2
+ and $1, $2 C x1 &= x0
+ xor $1, $5 C y0 ^= x0
+ not $5 C y0 = ~y0
+ mov $5, $6 C y1 = y0 ^ x1
+ xor $2, $6
+ xor $4, $6 C y1 ^= x3
+>)
+
+define(<SBOX1>, <
+ mov $1, $6 C y1 = x0 | x3
+ or $4, $6
+ mov $3, $7 C y2 = x2 ^ x3
+ xor $4, $7
+ mov $2, $5 C y0 = ~x1
+ not $5
+ mov $1, $8 C y3 = x0 ^ x2
+ xor $3, $8
+ or $1, $5 C y0 |= x0
+ and $4, $8 C y3 &= x3
+ mov $6, $1 C x0 = y1 & y2
+ and $7, $1
+ or $2, $8 C y3 |= x1
+ xor $5, $7 C y2 ^= y0
+ xor $1, $8 C y3 ^= x0
+ mov $6, $1 C x0 = y1 ^ y3
+ xor $8, $1
+ xor $7, $1 C x0 ^= y2
+ mov $2, $6 C y1 = x1 & x3
+ and $4, $6
+ xor $1, $6 C y1 ^= x0
+ mov $6, $4 C x3 = y1 | y3
+ or $8, $4
+ not $8 C y3 = ~y3
+ and $4, $5 C y0 &= x3
+ xor $3, $5 C y0 ^= x2
+>)
+
+define(<SBOX2>, <
+ mov $1, $7 C y2 = x1 | x2
+ or $3, $7
+ mov $1, $6
+ xor $2, $6
+ mov $4, $8
+ xor $7, $8
+ mov $6, $5
+ xor $8, $5
+ or $1, $4
+ xor $5, $3
+ mov $2, $1
+ xor $3, $1
+ or $2, $3
+ and $7, $1
+ xor $3, $8
+ or $8, $6
+ xor $1, $6
+ mov $8, $7
+ xor $6, $7
+ xor $2, $7
+ not $8
+ xor $4, $7
+>)
+
+define(<SBOX3>, <
+ mov $1, $6
+ xor $3, $6
+ mov $1, $5
+ or $4, $5
+ mov $1, $8
+ and $4, $8
+ and $5, $6
+ or $2, $8
+ mov $1, $7
+ and $2, $7
+ or $3, $7
+ mov $4, $3
+ xor $6, $3
+ xor $8, $6
+ or $3, $1
+ xor $2, $3
+ and $4, $8
+ xor $8, $5
+ mov $7, $8
+ xor $3, $8
+ xor $5, $7
+ or $8, $4
+ and $4, $2
+ mov $1, $5
+ xor $2, $5
+>)
+
+define(<SBOX4>, <
+ mov $1, $8
+ or $2, $8
+ mov $2, $7
+ or $3, $7
+ xor $1, $7
+ and $4, $8
+ mov $2, $5
+ xor $4, $5
+ or $7, $4
+ and $4, $1
+ and $3, $2
+ xor $8, $3
+ xor $7, $8
+ or $2, $7
+ mov $8, $6
+ and $5, $6
+ xor $6, $7
+ xor $5, $6
+ or $2, $6
+ xor $1, $6
+ and $4, $5
+ xor $3, $5
+ not $5
+>)
+
+define(<SBOX5>, <
+ mov $2, $5
+ or $4, $5
+ xor $3, $5
+ mov $2, $3
+ xor $4, $3
+ mov $1, $7
+ xor $3, $7
+ and $3, $1
+ xor $1, $5
+ mov $2, $8
+ or $7, $8
+ or $5, $2
+ not $5
+ or $5, $1
+ xor $3, $8
+ xor $1, $8
+ mov $4, $6
+ or $5, $6
+ xor $6, $4
+ xor $7, $6
+ or $4, $7
+ xor $2, $7
+>)
+
+define(<SBOX6>, <
+ mov $1, $5
+ xor $4, $5
+ mov $1, $6
+ and $4, $6
+ mov $1, $7
+ or $3, $7
+ or $2, $4
+ xor $3, $4
+ xor $2, $1
+ mov $2, $8
+ or $3, $8
+ xor $2, $3
+ and $5, $8
+ xor $3, $6
+ not $6
+ and $6, $5
+ and $6, $2
+ xor $8, $2
+ xor $4, $8
+ xor $2, $7
+ not $7
+ xor $7, $5
+ xor $1, $5
+>)
+
+define(<SBOX7>, <
+ mov $1, $5
+ and $3, $5
+ mov $2, $8
+ or $5, $8 C t04
+ xor $3, $8
+ mov $4, $6
+ not $6 C t02
+ and $1, $6
+ xor $6, $8
+ mov $3, $6
+ or $8, $6
+ xor $1, $6
+ mov $1, $7
+ and $2, $7
+ xor $7, $3
+ or $4, $7
+ xor $7, $6
+ mov $2, $7
+ or $5, $7 C t04
+ and $8, $7
+ xor $6, $2
+ or $2, $7
+ xor $1, $7
+ xor $6, $5
+ not $4 C t02
+ or $4, $5
+ xor $3, $5
+>)
+
+define(<LT>, <
+ rol <$>13, $1
+ rol <$>3, $3
+ xor $1, $2
+ xor $3, $2
+ mov $1, TMP32
+ shl <$>3, TMP32
+ xor $3, $4
+ xor TMP32, $4
+ rol $2
+ rol <$>7, $4
+ xor $2, $1
+ xor $4, $1
+ mov $2, TMP32
+ shl <$>7, TMP32
+ xor $4, $3
+ xor TMP32, $3
+ rol <$>5, $1
+ rol <$>22, $3
+>)
+
+C Parallel operation on four blocks at a time.
+
+C pnot instruction is missing. For lack of a spare register, XOR with
+C constant in memory.
+
+define(<PNOT>, <
+ pxor MINUS1, $1
+>)
+
+define(<WSBOX0>, <
+ movdqa $2, $8 C y3 = x1 ^ x2
+ pxor $3, $8
+ movdqa $1, $5 C y0 = x0 | x3
+ por $4, $5
+ movdqa $1, $6 C y1 = x0 ^ x1
+ pxor $2, $6
+ pxor $5, $8 C y3 ^= y0
+ movdqa $3, $7 C y2 = x2 | y3
+ por $8, $7
+ pxor $4, $1 C x0 ^= x3
+ pand $4, $7 C y2 &= x3
+ pxor $3, $4 C x3 ^= x2
+ por $2, $3 C x2 |= x1
+ movdqa $6, $5 C y0 = y1 & x2
+ pand $3, $5
+ pxor $5, $7 C y2 ^= y0
+ pand $7, $5 C y0 &= y2
+ pxor $3, $5 C y0 ^= x2
+ pand $1, $2 C x1 &= x0
+ pxor $1, $5 C y0 ^= x0
+ PNOT($5) C y0 = ~y0
+ movdqa $5, $6 C y1 = y0 ^ x1
+ pxor $2, $6
+ pxor $4, $6 C y1 ^= x3
+>)
+
+define(<WSBOX1>, <
+ movdqa $1, $6 C y1 = x0 | x3
+ por $4, $6
+ movdqa $3, $7 C y2 = x2 ^ x3
+ pxor $4, $7
+ movdqa $2, $5 C y0 = ~x1
+ PNOT($5)
+ movdqa $1, $8 C y3 = x0 ^ x2
+ pxor $3, $8
+ por $1, $5 C y0 |= x0
+ pand $4, $8 C y3 &= x3
+ movdqa $6, $1 C x0 = y1 & y2
+ pand $7, $1
+ por $2, $8 C y3 |= x1
+ pxor $5, $7 C y2 ^= y0
+ pxor $1, $8 C y3 ^= x0
+ movdqa $6, $1 C x0 = y1 ^ y3
+ pxor $8, $1
+ pxor $7, $1 C x0 ^= y2
+ movdqa $2, $6 C y1 = x1 & x3
+ pand $4, $6
+ pxor $1, $6 C y1 ^= x0
+ movdqa $6, $4 C x3 = y1 | y3
+ por $8, $4
+ PNOT($8) C y3 = ~y3
+ pand $4, $5 C y0 &= x3
+ pxor $3, $5 C y0 ^= x2
+>)
+
+define(<WSBOX2>, <
+ movdqa $1, $7 C y2 = x1 | x2
+ por $3, $7
+ movdqa $1, $6
+ pxor $2, $6
+ movdqa $4, $8
+ pxor $7, $8
+ movdqa $6, $5
+ pxor $8, $5
+ por $1, $4
+ pxor $5, $3
+ movdqa $2, $1
+ pxor $3, $1
+ por $2, $3
+ pand $7, $1
+ pxor $3, $8
+ por $8, $6
+ pxor $1, $6
+ movdqa $8, $7
+ pxor $6, $7
+ pxor $2, $7
+ PNOT($8)
+ pxor $4, $7
+>)
+
+define(<WSBOX3>, <
+ movdqa $1, $6
+ pxor $3, $6
+ movdqa $1, $5
+ por $4, $5
+ movdqa $1, $8
+ pand $4, $8
+ pand $5, $6
+ por $2, $8
+ movdqa $1, $7
+ pand $2, $7
+ por $3, $7
+ movdqa $4, $3
+ pxor $6, $3
+ pxor $8, $6
+ por $3, $1
+ pxor $2, $3
+ pand $4, $8
+ pxor $8, $5
+ movdqa $7, $8
+ pxor $3, $8
+ pxor $5, $7
+ por $8, $4
+ pand $4, $2
+ movdqa $1, $5
+ pxor $2, $5
+>)
+
+define(<WSBOX4>, <
+ movdqa $1, $8
+ por $2, $8
+ movdqa $2, $7
+ por $3, $7
+ pxor $1, $7
+ pand $4, $8
+ movdqa $2, $5
+ pxor $4, $5
+ por $7, $4
+ pand $4, $1
+ pand $3, $2
+ pxor $8, $3
+ pxor $7, $8
+ por $2, $7
+ movdqa $8, $6
+ pand $5, $6
+ pxor $6, $7
+ pxor $5, $6
+ por $2, $6
+ pxor $1, $6
+ pand $4, $5
+ pxor $3, $5
+ PNOT($5)
+>)
+
+define(<WSBOX5>, <
+ movdqa $2, $5
+ por $4, $5
+ pxor $3, $5
+ movdqa $2, $3
+ pxor $4, $3
+ movdqa $1, $7
+ pxor $3, $7
+ pand $3, $1
+ pxor $1, $5
+ movdqa $2, $8
+ por $7, $8
+ por $5, $2
+ PNOT($5)
+ por $5, $1
+ pxor $3, $8
+ pxor $1, $8
+ movdqa $4, $6
+ por $5, $6
+ pxor $6, $4
+ pxor $7, $6
+ por $4, $7
+ pxor $2, $7
+>)
+
+define(<WSBOX6>, <
+ movdqa $1, $5
+ pxor $4, $5
+ movdqa $1, $6
+ pand $4, $6
+ movdqa $1, $7
+ por $3, $7
+ por $2, $4
+ pxor $3, $4
+ pxor $2, $1
+ movdqa $2, $8
+ por $3, $8
+ pxor $2, $3
+ pand $5, $8
+ pxor $3, $6
+ PNOT($6)
+ pand $6, $5
+ pand $6, $2
+ pxor $8, $2
+ pxor $4, $8
+ pxor $2, $7
+ PNOT($7)
+ pxor $7, $5
+ pxor $1, $5
+>)
+
+define(<WSBOX7>, <
+ movdqa $1, $5
+ pand $3, $5
+ movdqa $2, $8
+ por $5, $8 C t04
+ pxor $3, $8
+ movdqa $4, $6
+ pandn $1, $6 C t02 implicit
+ pxor $6, $8
+ movdqa $3, $6
+ por $8, $6
+ pxor $1, $6
+ movdqa $1, $7
+ pand $2, $7
+ pxor $7, $3
+ por $4, $7
+ pxor $7, $6
+ movdqa $2, $7
+ por $5, $7 C t04
+ pand $8, $7
+ pxor $6, $2
+ por $2, $7
+ pxor $1, $7
+ pxor $6, $5
+ PNOT($4) C t02
+ por $4, $5
+ pxor $3, $5
+>)
+
+C WLT(x0, x1, x2, x3)
+define(<WLT>, <
+ WROL(13, $1)
+ WROL(3, $3)
+ pxor $1, $2
+ pxor $3, $2
+ movdqa $1, T0
+ pslld <$>3, T0
+ pxor $3, $4
+ pxor T0, $4
+ WROL(1, $2)
+ WROL(7, $4)
+ pxor $2, $1
+ pxor $4, $1
+ movdqa $2, T0
+ pslld <$>7, T0
+ pxor $4, $3
+ pxor T0, $3
+ WROL(5, $1)
+ WROL(22, $3)
+>)
+
+ .file "serpent-encrypt.asm"
+
+ C serpent_encrypt(struct serpent_context *ctx,
+ C unsigned length, uint8_t *dst,
+ C const uint8_t *src)
+ .text
+ ALIGN(16)
+PROLOGUE(nettle_serpent_encrypt)
+ C save all registers that need to be saved
+ W64_ENTRY(4, 13)
+ push %rbx
+ push %rbp
+ push %r12
+ push %r13
+ push %r14
+
+ lea (SRC, N), SRC
+ lea (DST, N), DST
+ neg N
+ jz .Lend
+
+ C Point at the final subkey.
+ lea 512(CTX), CTX
+
+ cmp $-64, N
+ ja .Lblock_loop
+
+ pcmpeqd MINUS1, MINUS1
+
+.Lwblock_loop:
+ movups (SRC, N), X0
+ movups 16(SRC, N), X1
+ movups 32(SRC, N), X2
+ movups 48(SRC, N), X3
+
+ WTRANSPOSE(X0, X1, X2, X3)
+
+ mov $-512, CNT
+ jmp .Lwround_start
+
+ ALIGN(16)
+.Lwround_loop:
+ WLT(X0,X1,X2,X3)
+.Lwround_start:
+ WKEYXOR(, X0,X1,X2,X3)
+ WSBOX0(X0,X1,X2,X3, Y0,Y1,Y2,Y3)
+ WLT(Y0,Y1,Y2,Y3)
+
+ WKEYXOR(16, Y0,Y1,Y2,Y3)
+ WSBOX1(Y0,Y1,Y2,Y3, X0,X1,X2,X3)
+ WLT(X0,X1,X2,X3)
+
+ WKEYXOR(32, X0,X1,X2,X3)
+ WSBOX2(X0,X1,X2,X3, Y0,Y1,Y2,Y3)
+ WLT(Y0,Y1,Y2,Y3)
+
+ WKEYXOR(48, Y0,Y1,Y2,Y3)
+ WSBOX3(Y0,Y1,Y2,Y3, X0,X1,X2,X3)
+ WLT(X0,X1,X2,X3)
+
+ WKEYXOR(64, X0,X1,X2,X3)
+ WSBOX4(X0,X1,X2,X3, Y0,Y1,Y2,Y3)
+ WLT(Y0,Y1,Y2,Y3)
+
+ WKEYXOR(80, Y0,Y1,Y2,Y3)
+ WSBOX5(Y0,Y1,Y2,Y3, X0,X1,X2,X3)
+ WLT(X0,X1,X2,X3)
+
+ WKEYXOR(96, X0,X1,X2,X3)
+ WSBOX6(X0,X1,X2,X3, Y0,Y1,Y2,Y3)
+ WLT(Y0,Y1,Y2,Y3)
+
+ WKEYXOR(112, Y0,Y1,Y2,Y3)
+ WSBOX7(Y0,Y1,Y2,Y3, X0,X1,X2,X3)
+ add $128, CNT
+ jnz .Lwround_loop
+
+ C FIXME: CNT known to be zero, no index register needed
+ WKEYXOR(, X0,X1,X2,X3)
+
+ WTRANSPOSE(X0,X1,X2,X3)
+
+ movups X0, (DST, N)
+ movups X1, 16(DST, N)
+ movups X2, 32(DST, N)
+ movups X3, 48(DST, N)
+
+ C FIXME: Adjust N, so we can use just jnc without an extra cmp.
+ add $64, N
+ jz .Lend
+
+ cmp $-64, N
+ jbe .Lwblock_loop
+
+C The single-block loop here is slightly slower than the double-block
+C loop in serpent-encrypt.c.
+
+C FIXME: Should use non-sse2 code only if we have a single block left.
+C With two or three blocks, it should be better to do them in
+C parallell.
+
+.Lblock_loop:
+ movl (SRC, N), x0
+ movl 4(SRC, N), x1
+ movl 8(SRC, N), x2
+ movl 12(SRC, N), x3
+
+ mov $-512, CNT
+ jmp .Lround_start
+
+ ALIGN(16)
+.Lround_loop:
+ LT(x0,x1,x2,x3)
+.Lround_start:
+ xor (CTX, CNT), x0
+ xor 4(CTX, CNT), x1
+ xor 8(CTX, CNT), x2
+ xor 12(CTX, CNT), x3
+ SBOX0(x0,x1,x2,x3, y0,y1,y2,y3)
+ LT(y0,y1,y2,y3)
+
+ xor 16(CTX, CNT), y0
+ xor 20(CTX, CNT), y1
+ xor 24(CTX, CNT), y2
+ xor 28(CTX, CNT), y3
+ SBOX1(y0,y1,y2,y3, x0,x1,x2,x3)
+ LT(x0,x1,x2,x3)
+
+ xor 32(CTX, CNT), x0
+ xor 36(CTX, CNT), x1
+ xor 40(CTX, CNT), x2
+ xor 44(CTX, CNT), x3
+ SBOX2(x0,x1,x2,x3, y0,y1,y2,y3)
+ LT(y0,y1,y2,y3)
+
+ xor 48(CTX, CNT), y0
+ xor 52(CTX, CNT), y1
+ xor 56(CTX, CNT), y2
+ xor 60(CTX, CNT), y3
+ SBOX3(y0,y1,y2,y3, x0,x1,x2,x3)
+ LT(x0,x1,x2,x3)
+
+ xor 64(CTX, CNT), x0
+ xor 68(CTX, CNT), x1
+ xor 72(CTX, CNT), x2
+ xor 76(CTX, CNT), x3
+ SBOX4(x0,x1,x2,x3, y0,y1,y2,y3)
+ LT(y0,y1,y2,y3)
+
+ xor 80(CTX, CNT), y0
+ xor 84(CTX, CNT), y1
+ xor 88(CTX, CNT), y2
+ xor 92(CTX, CNT), y3
+ SBOX5(y0,y1,y2,y3, x0,x1,x2,x3)
+ LT(x0,x1,x2,x3)
+
+ xor 96(CTX, CNT), x0
+ xor 100(CTX, CNT), x1
+ xor 104(CTX, CNT), x2
+ xor 108(CTX, CNT), x3
+ SBOX6(x0,x1,x2,x3, y0,y1,y2,y3)
+ LT(y0,y1,y2,y3)
+
+ xor 112(CTX, CNT), y0
+ xor 116(CTX, CNT), y1
+ xor 120(CTX, CNT), y2
+ xor 124(CTX, CNT), y3
+ SBOX7(y0,y1,y2,y3, x0,x1,x2,x3)
+ add $128, CNT
+ jnz .Lround_loop
+
+ C Apply final subkey.
+ xor (CTX, CNT), x0
+ xor 4(CTX, CNT), x1
+ xor 8(CTX, CNT), x2
+ xor 12(CTX, CNT), x3
+
+ movl x0, (DST, N)
+ movl x1, 4(DST, N)
+ movl x2, 8(DST, N)
+ movl x3, 12(DST, N)
+ add $16, N
+ jnc .Lblock_loop
+
+.Lend:
+ pop %r14
+ pop %r13
+ pop %r12
+ pop %rbp
+ pop %rbx
+ W64_EXIT(4, 13)
+ ret
--- /dev/null
+C nettle, low-level cryptographics library
+C
+C Copyright (C) 2011 Niels Möller
+C
+C The nettle library is free software; you can redistribute it and/or modify
+C it under the terms of the GNU Lesser General Public License as published by
+C the Free Software Foundation; either version 2.1 of the License, or (at your
+C option) any later version.
+C
+C The nettle library is distributed in the hope that it will be useful, but
+C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+C License for more details.
+C
+C You should have received a copy of the GNU Lesser General Public License
+C along with the nettle library; see the file COPYING.LIB. If not, write to
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
+
+C WROL(count, w)
+define(<WROL>, <
+ movdqa $2, T0
+ pslld <$>$1, $2
+ psrld <$>eval(32 - $1), T0
+ por T0, $2
+>)
+
+C Note: Diagrams use little-endian representation, with least
+C significant word to the left.
+
+C Transpose values from:
+C +----+----+----+----+
+C x0: | a0 | a1 | a2 | a3 |
+C x1: | b0 | b1 | b2 | b3 |
+C x2: | c0 | c1 | c2 | c3 |
+C x3: | d0 | d1 | d2 | d3 |
+C +----+----+----+----+
+C To:
+C +----+----+----+----+
+C x0: | a0 | b0 | c0 | d0 |
+C x1: | a1 | b1 | c1 | d1 |
+C x2: | a2 | b2 | c2 | d2 |
+C x3: | a3 | b3 | c3 | d3 |
+C +----+----+----+----+
+
+define(<WTRANSPOSE>, <
+ movdqa $1, T0
+ punpcklqdq $3, T0 C |a0 a1 c0 c1|
+ punpckhqdq $3, $1 C |a2 a3 c2 c3|
+ pshufd <$>0xd8, T0, T0 C |a0 c0 a1 c1|
+ pshufd <$>0xd8, $1, T1 C |a2 c2 a3 c3|
+
+ movdqa $2, T2
+ punpcklqdq $4, T2 C |b0 b1 d0 11|
+ punpckhqdq $4, $2 C |b2 b3 d2 d3|
+ pshufd <$>0xd8, T2, T2 C |b0 d0 b1 d1|
+ pshufd <$>0xd8, $2, T3 C |b2 d2 b3 d3|
+
+ movdqa T0, $1
+ punpckldq T2, $1 C |a0 b0 c0 d0|
+ movdqa T0, $2
+ punpckhdq T2, $2 C |a1 b1 c1 d1|
+
+ movdqa T1, $3
+ punpckldq T3, $3 C |a2 b2 c2 d2|
+ movdqa T1, $4
+ punpckhdq T3, $4 C |a3 b3 c3 d3|
+>)
+
+C FIXME: Arrange 16-byte alignment, so we can use movaps?
+define(<WKEYXOR>, <
+ movups $1(CTX, CNT), T0
+ pshufd <$>0x55, T0, T1
+ pshufd <$>0xaa, T0, T2
+ pxor T1, $3
+ pxor T2, $4
+ pshufd <$>0xff, T0, T1
+ pshufd <$>0x00, T0, T0
+ pxor T1, $5
+ pxor T0, $2
+>)
C nettle, low-level cryptographics library
C
-C Copyright (C) 2004, 2008 Niels Möller
+C Copyright (C) 2004, 2008 Niels Möller
C
C The nettle library is free software; you can redistribute it and/or modify
C it under the terms of the GNU Lesser General Public License as published by
C
C You should have received a copy of the GNU Lesser General Public License
C along with the nettle library; see the file COPYING.LIB. If not, write to
-C the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
-C MA 02111-1307, USA.
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
C Register usage. KVALUE and INPUT share a register.
define(<SA>,<%eax>)dnl
C _nettle_sha1_compress(uint32_t *state, uint8_t *input)
.text
- ALIGN(4)
+ ALIGN(16)
PROLOGUE(_nettle_sha1_compress)
C save all registers that need to be saved
+ W64_ENTRY(2, 0)
sub $68, %rsp C %rsp = W
addl SE, 16(STATE)
add $68, %rsp
+ W64_EXIT(2, 0)
ret
EPILOGUE(_nettle_sha1_compress)
--- /dev/null
+C nettle, low-level cryptographics library
+C
+C Copyright (C) 2013 Niels Möller
+C
+C The nettle library is free software; you can redistribute it and/or modify
+C it under the terms of the GNU Lesser General Public License as published by
+C the Free Software Foundation; either version 2.1 of the License, or (at your
+C option) any later version.
+C
+C The nettle library is distributed in the hope that it will be useful, but
+C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+C License for more details.
+C
+C You should have received a copy of the GNU Lesser General Public License
+C along with the nettle library; see the file COPYING.LIB. If not, write to
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
+
+ .file "sha256-compress.asm"
+define(<STATE>, <%rdi>)
+define(<INPUT>, <%rsi>)
+define(<K>, <%rdx>)
+define(<SA>, <%eax>)
+define(<SB>, <%ebx>)
+define(<SC>, <%ecx>)
+define(<SD>, <%r8d>)
+define(<SE>, <%r9d>)
+define(<SF>, <%r10d>)
+define(<SG>, <%r11d>)
+define(<SH>, <%r12d>)
+define(<T0>, <%r13d>)
+define(<T1>, <%edi>) C Overlap STATE
+define(<COUNT>, <%r14>)
+define(<W>, <%r15d>)
+
+define(<EXPN>, <
+ movl OFFSET($1)(%rsp), W
+ movl OFFSET(eval(($1 + 14) % 16))(%rsp), T0
+ movl T0, T1
+ shrl <$>10, T0
+ roll <$>13, T1
+ xorl T1, T0
+ roll <$>2, T1
+ xorl T1, T0
+ addl T0, W
+ movl OFFSET(eval(($1 + 1) % 16))(%rsp), T0
+ movl T0, T1
+ shrl <$>3, T0
+ roll <$>14, T1
+ xorl T1, T0
+ roll <$>11, T1
+ xorl T1, T0
+ addl T0, W
+ addl OFFSET(eval(($1 + 9) % 16))(%rsp), W
+ movl W, OFFSET($1)(%rsp)
+>)
+
+C ROUND(A,B,C,D,E,F,G,H,K)
+C
+C H += S1(E) + Choice(E,F,G) + K + W
+C D += H
+C H += S0(A) + Majority(A,B,C)
+C
+C Where
+C
+C S1(E) = E<<<26 ^ E<<<21 ^ E<<<7
+C S0(A) = A<<<30 ^ A<<<19 ^ A<<<10
+C Choice (E, F, G) = G^(E&(F^G))
+C Majority (A,B,C) = (A&B) + (C&(A^B))
+
+define(<ROUND>, <
+ movl $5, T0
+ movl $5, T1
+ roll <$>7, T0
+ roll <$>21, T1
+ xorl T0, T1
+ roll <$>19, T0
+ xorl T0, T1
+ addl W, $8
+ addl T1, $8
+ movl $7, T0
+ xorl $6, T0
+ andl $5, T0
+ xorl $7, T0
+ addl OFFSET($9)(K,COUNT,4), $8
+ addl T0, $8
+ addl $8, $4
+
+ movl $1, T0
+ movl $1, T1
+ roll <$>10, T0
+ roll <$>19, T1
+ xorl T0, T1
+ roll <$>20, T0
+ xorl T0, T1
+ addl T1, $8
+ movl $1, T0
+ movl $1, T1
+ andl $2, T0
+ xorl $2, T1
+ addl T0, $8
+ andl $3, T1
+ addl T1, $8
+>)
+
+define(<NOEXPN>, <
+ movl OFFSET($1)(INPUT, COUNT, 4), W
+ bswapl W
+ movl W, OFFSET($1)(%rsp, COUNT, 4)
+>)
+
+ C void
+ C _nettle_sha256_compress(uint32_t *state, const uint8_t *input, const uint32_t *k)
+
+ .text
+ ALIGN(16)
+
+PROLOGUE(_nettle_sha256_compress)
+ W64_ENTRY(3, 0)
+
+ sub $120, %rsp
+ mov %rbx, 64(%rsp)
+ mov STATE, 72(%rsp) C Save state, to free a register
+ mov %rbp, 80(%rsp)
+ mov %r12, 88(%rsp)
+ mov %r13, 96(%rsp)
+ mov %r14, 104(%rsp)
+ mov %r15, 112(%rsp)
+
+ movl (STATE), SA
+ movl 4(STATE), SB
+ movl 8(STATE), SC
+ movl 12(STATE), SD
+ movl 16(STATE), SE
+ movl 20(STATE), SF
+ movl 24(STATE), SG
+ movl 28(STATE), SH
+ xor COUNT, COUNT
+ ALIGN(16)
+
+.Loop1:
+ NOEXPN(0) ROUND(SA,SB,SC,SD,SE,SF,SG,SH,0)
+ NOEXPN(1) ROUND(SH,SA,SB,SC,SD,SE,SF,SG,1)
+ NOEXPN(2) ROUND(SG,SH,SA,SB,SC,SD,SE,SF,2)
+ NOEXPN(3) ROUND(SF,SG,SH,SA,SB,SC,SD,SE,3)
+ NOEXPN(4) ROUND(SE,SF,SG,SH,SA,SB,SC,SD,4)
+ NOEXPN(5) ROUND(SD,SE,SF,SG,SH,SA,SB,SC,5)
+ NOEXPN(6) ROUND(SC,SD,SE,SF,SG,SH,SA,SB,6)
+ NOEXPN(7) ROUND(SB,SC,SD,SE,SF,SG,SH,SA,7)
+ add $8, COUNT
+ cmp $16, COUNT
+ jne .Loop1
+
+.Loop2:
+ EXPN( 0) ROUND(SA,SB,SC,SD,SE,SF,SG,SH,0)
+ EXPN( 1) ROUND(SH,SA,SB,SC,SD,SE,SF,SG,1)
+ EXPN( 2) ROUND(SG,SH,SA,SB,SC,SD,SE,SF,2)
+ EXPN( 3) ROUND(SF,SG,SH,SA,SB,SC,SD,SE,3)
+ EXPN( 4) ROUND(SE,SF,SG,SH,SA,SB,SC,SD,4)
+ EXPN( 5) ROUND(SD,SE,SF,SG,SH,SA,SB,SC,5)
+ EXPN( 6) ROUND(SC,SD,SE,SF,SG,SH,SA,SB,6)
+ EXPN( 7) ROUND(SB,SC,SD,SE,SF,SG,SH,SA,7)
+ EXPN( 8) ROUND(SA,SB,SC,SD,SE,SF,SG,SH,8)
+ EXPN( 9) ROUND(SH,SA,SB,SC,SD,SE,SF,SG,9)
+ EXPN(10) ROUND(SG,SH,SA,SB,SC,SD,SE,SF,10)
+ EXPN(11) ROUND(SF,SG,SH,SA,SB,SC,SD,SE,11)
+ EXPN(12) ROUND(SE,SF,SG,SH,SA,SB,SC,SD,12)
+ EXPN(13) ROUND(SD,SE,SF,SG,SH,SA,SB,SC,13)
+ EXPN(14) ROUND(SC,SD,SE,SF,SG,SH,SA,SB,14)
+ EXPN(15) ROUND(SB,SC,SD,SE,SF,SG,SH,SA,15)
+ add $16, COUNT
+ cmp $64, COUNT
+ jne .Loop2
+
+ mov 72(%rsp), STATE
+
+ addl SA, (STATE)
+ addl SB, 4(STATE)
+ addl SC, 8(STATE)
+ addl SD, 12(STATE)
+ addl SE, 16(STATE)
+ addl SF, 20(STATE)
+ addl SG, 24(STATE)
+ addl SH, 28(STATE)
+
+ mov 64(%rsp), %rbx
+ mov 80(%rsp), %rbp
+ mov 88(%rsp), %r12
+ mov 96(%rsp), %r13
+ mov 104(%rsp),%r14
+ mov 112(%rsp),%r15
+
+ add $120, %rsp
+ W64_EXIT(3, 0)
+ ret
+EPILOGUE(_nettle_sha256_compress)
--- /dev/null
+C nettle, low-level cryptographics library
+C
+C Copyright (C) 2012 Niels Möller
+C
+C The nettle library is free software; you can redistribute it and/or modify
+C it under the terms of the GNU Lesser General Public License as published by
+C the Free Software Foundation; either version 2.1 of the License, or (at your
+C option) any later version.
+C
+C The nettle library is distributed in the hope that it will be useful, but
+C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+C License for more details.
+C
+C You should have received a copy of the GNU Lesser General Public License
+C along with the nettle library; see the file COPYING.LIB. If not, write to
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
+
+define(<CTX>, <%rdi>) C 25 64-bit values, 200 bytes.
+define(<COUNT>, <%r8>) C Avoid clobbering %rsi, for W64.
+
+define(<A00>, <%rax>)
+define(<A0102>, <%xmm0>)
+define(<A0304>, <%xmm1>)
+
+define(<A05>, <%rcx>)
+define(<A0607>, <%xmm2>)
+define(<A0809>, <%xmm3>)
+
+define(<A10>, <%rdx>)
+define(<A1112>, <%xmm4>)
+define(<A1314>, <%xmm5>)
+
+define(<A15>, <%rbp>)
+define(<A1617>, <%xmm6>)
+define(<A1819>, <%xmm7>)
+
+define(<A20>, <%r9>)
+define(<A2122>, <%xmm8>)
+define(<A2324>, <%xmm9>)
+
+define(<C0>, <%r10>)
+define(<C12>, <%xmm10>)
+define(<C34>, <%xmm11>)
+
+define(<D0>, <%r11>)
+define(<D12>, <%xmm12>)
+define(<D34>, <%xmm13>)
+
+C Wide temporaries
+define(<W0>, <%xmm14>)
+define(<W1>, <%xmm15>)
+define(<W2>, <%xmm12>) C Overlap D12
+define(<W3>, <%xmm13>) C Overlap D34
+
+define(<T0>, <%r12>)
+define(<T1>, <%r13>)
+define(<T2>, <%r11>) C Overlap D0
+define(<T3>, <%r10>) C Overlap C0
+
+define(<RC>, <%r14>)
+
+define(<OFFSET>, <ifelse($1,0,,eval(8*$1))>)
+define(<STATE>, <OFFSET($1)(CTX)>)
+
+define(<SWAP64>, <pshufd <$>0x4e,>)
+
+define(<DIRECT_MOVQ>, <no>)
+
+C MOVQ(src, dst), for moves between a general register and an xmm
+C register.
+
+ifelse(DIRECT_MOVQ, yes, <
+C movq calls that are equal to the corresponding movd,
+C where the Apple assembler requires them to be written as movd.
+define(<MOVQ>, <movd $1, $2>)
+>, <
+C Moving via (cached) memory is generally faster.
+define(<MOVQ>, <
+ movq $1, (CTX)
+ movq (CTX), $2
+>)>)
+
+C ROTL64(rot, register, temp)
+C Caller needs to or together the result.
+define(<ROTL64>, <
+ movdqa $2, $3
+ psllq <$>$1, $2
+ psrlq <$>eval(64-$1), $3
+>)
+
+ .file "sha3-permute.asm"
+
+ C sha3_permute(struct sha3_state *ctx)
+ .text
+ ALIGN(16)
+PROLOGUE(nettle_sha3_permute)
+ W64_ENTRY(1, 16)
+ push %rbp
+ push %r12
+ push %r13
+ push %r14
+
+ movl $24, XREG(COUNT)
+ lea .rc-8(%rip), RC
+ movq STATE(0), A00
+ movups STATE(1), A0102
+ movups STATE(3), A0304
+ movq A00, C0
+
+ movq STATE(5), A05
+ movdqa A0102, C12
+ movups STATE(6), A0607
+ movdqa A0304, C34
+ movups STATE(8), A0809
+ xorq A05, C0
+
+ movq STATE(10), A10
+ pxor A0607, C12
+ movups STATE(11), A1112
+ pxor A0809, C34
+ movups STATE(13), A1314
+ xorq A10, C0
+
+ movq STATE(15), A15
+ pxor A1112, C12
+ movups STATE(16), A1617
+ pxor A1314, C34
+ movups STATE(18), A1819
+ xorq A15, C0
+
+ movq STATE(20), A20
+ pxor A1617, C12
+ movups STATE(21), A2122
+ pxor A1819, C34
+ movups STATE(23), A2324
+ xorq A20, C0
+ pxor A2122, C12
+ pxor A2324, C34
+
+ ALIGN(16)
+.Loop:
+ C The theta step. Combine parity bits, then xor to state.
+ C D0 = C4 ^ (C1 <<< 1)
+ C D1 = C0 ^ (C2 <<< 1)
+ C D2 = C1 ^ (C3 <<< 1)
+ C D3 = C2 ^ (C4 <<< 1)
+ C D4 = C3 ^ (C0 <<< 1)
+
+ C Shift the words around, putting (C0, C1) in D12, (C2, C3) in
+ C D34, and (C4, C0) in C34.
+
+ C Notes on "unpack" instructions:
+ C punpckhqdq 01, 23 gives 31
+ C punpcklqdq 01, 23 gives 20
+
+ SWAP64 C34, C34 C Holds C4, C3
+ movdqa C12, D34
+ MOVQ(C0, D12)
+ punpcklqdq C12, D12 C Holds C0, C1
+ punpckhqdq C34, D34 C Holds C2, C3
+ punpcklqdq D12, C34 C Holds C4, C0
+ MOVQ(C34, D0)
+ MOVQ(C12, T0)
+ rolq $1, T0
+ xorq T0, D0
+
+ C Can use C12 as temporary
+ movdqa D34, W0
+ movdqa D34, W1
+ psllq $1, W0
+ psrlq $63, W1
+ pxor W0, D12
+ pxor W1, D12 C Done D12
+
+ movdqa C34, C12
+ psrlq $63, C34
+ psllq $1, C12
+ pxor C34, D34
+ pxor C12, D34 C Done D34
+
+ xorq D0, A00
+ xorq D0, A05
+ xorq D0, A10
+ xorq D0, A15
+ xorq D0, A20
+ pxor D12, A0102
+ pxor D12, A0607
+ pxor D12, A1112
+ pxor D12, A1617
+ pxor D12, A2122
+ pxor D34, A0304
+ pxor D34, A0809
+ pxor D34, A1314
+ pxor D34, A1819
+ pxor D34, A2324
+
+ C theta step done, no C, D or W temporaries alive.
+
+ C rho and pi steps. When doing the permutations, also
+ C transpose the matrix.
+
+ C The combined permutation + transpose gives the following
+ C cycles (rotation counts in parenthesis)
+ C 0 <- 0(0)
+ C 1 <- 3(28) <- 4(27) <- 2(62) <- 1(1)
+ C 5 <- 6(44) <- 9(20) <- 8(55) <- 5(36)
+ C 7 <- 7(6)
+ C 10 <- 12(43) <- 13(25) <- 11(10) <- 10(3)
+ C 14 <- 14(39)
+ C 15 <- 18(21) <- 17(15) <- 19(8) <- 15(41)
+ C 16 <- 16(45)
+ C 20 <- 24(14) <- 21(2) <- 22(61) <- 20(18)
+ C 23 <- 23(56)
+
+ C Do the 1,2,3,4 row. First rotate, then permute.
+ movdqa A0102, W0
+ movdqa A0102, W1
+ movdqa A0102, W2
+ psllq $1, A0102
+ psrlq $63, W0
+ psllq $62, W1
+ por A0102, W0 C rotl 1 (A01)
+ psrlq $2, W2
+ por W1, W2 C rotl 62 (A02)
+
+ movdqa A0304, A0102
+ movdqa A0304, W1
+ psllq $28, A0102
+ psrlq $36, W1
+ por W1, A0102 C rotl 28 (A03)
+ movdqa A0304, W1
+ psllq $27, A0304
+ psrlq $37, W1
+ por W1, A0304 C rotl 27 (A04)
+
+ punpcklqdq W0, A0102
+ punpckhqdq W2, A0304
+
+ C 5 <- 6(44) <- 9(20) <- 8(55) <- 5(36)
+ C 7 <- 7(6)
+ C __ _______
+ C _ L' ` L_ __`
+ C |5| |6|7| |8|9|
+ C `-_________-^`-^
+
+ rolq $36, A05
+ MOVQ(A05, W0)
+ MOVQ(A0607, A05)
+ rolq $44, A05 C Done A05
+ ROTL64(6, A0607, W1)
+ por A0607, W1
+ movdqa A0809, A0607
+ ROTL64(20, A0607, W2)
+ por W2, A0607
+ punpckhqdq W1, A0607 C Done A0607
+ ROTL64(55, A0809, W1)
+ por A0809, W1
+ movdqa W0, A0809
+ punpcklqdq W1, A0809 C Done 0809
+
+ C 10 <- 12(43) <- 13(25) <- 11(10) <- 10(3)
+ C 14 <- 14(39)
+ C _____ ___
+ C __L' __`_L_ `_____
+ C |10| |11|12| |13|14|
+ C `-___-^`-______-^
+ C
+
+ rolq $42, A10 C 42 + 25 = 3 (mod 64)
+ SWAP64 A1112, W0
+ MOVQ(A10, A1112)
+ MOVQ(W0, A10)
+ rolq $43, A10 C Done A10
+
+ punpcklqdq A1314, A1112
+ ROTL64(25, A1112, W1)
+ por W1, A1112 C Done A1112
+ ROTL64(39, A1314, W2)
+ por A1314, W2
+ ROTL64(10, W0, A1314)
+ por W0, A1314
+ punpckhqdq W2, A1314 C Done A1314
+
+
+ C 15 <- 18(21) <- 17(15) <- 19(8) <- 15(41)
+ C 16 <- 16(45)
+ C _____________
+ C / _______
+ C _L' ____L' | `_
+ C |15| |16|17| |18|19|
+ C \ `_____-^ ^
+ C \_________________/
+
+ SWAP64 A1819, W0
+ rolq $41, A15
+ MOVQ(A15, W1)
+ MOVQ(A1819, A15)
+ rolq $21, A15 C Done A15
+ SWAP64 A1617, A1819
+ ROTL64(45, A1617, W2)
+ por W2, A1617
+ ROTL64(8, W0, W3)
+ por W3, W0
+ punpcklqdq W0, A1617 C Done A1617
+ ROTL64(15, A1819, W2)
+ por W2, A1819
+ punpcklqdq W1, A1819 C Done A1819
+
+ C 20 <- 24(14) <- 21(2) <- 22(61) <- 20(18)
+ C 23 <- 23(56)
+ C _______________
+ C / \
+ C _L' _L'\_ ___`_
+ C |20| |21|22| |23|24|
+ C \ `__ ^________-^
+ C \_______/
+
+ rolq $18, A20
+ MOVQ(A20, W0)
+ SWAP64 A2324, W1
+ movd W1, A20
+ rolq $14, A20 C Done A20
+ ROTL64(56, A2324, W1)
+ por W1, A2324
+
+ movdqa A2122, W2
+ ROTL64(2, W2, W1)
+ por W1, W2
+ punpcklqdq W2, A2324 C Done A2324
+
+ ROTL64(61, A2122, W1)
+ por W1, A2122
+ psrldq $8, A2122
+ punpcklqdq W0, A2122 C Done A2122
+
+ C chi step. With the transposed matrix, applied independently
+ C to each column.
+ movq A05, T0
+ notq T0
+ andq A10, T0
+ movq A10, T1
+ notq T1
+ andq A15, T1
+ movq A15, T2
+ notq T2
+ andq A20, T2
+ xorq T2, A10
+ movq A20, T3
+ notq T3
+ andq A00, T3
+ xorq T3, A15
+ movq A00, T2
+ notq T2
+ andq A05, T2
+ xorq T2, A20
+ xorq T0, A00
+ xorq T1, A05
+
+ movdqa A0607, W0
+ pandn A1112, W0
+ movdqa A1112, W1
+ pandn A1617, W1
+ movdqa A1617, W2
+ pandn A2122, W2
+ pxor W2, A1112
+ movdqa A2122, W3
+ pandn A0102, W3
+ pxor W3, A1617
+ movdqa A0102, W2
+ pandn A0607, W2
+ pxor W2, A2122
+ pxor W0, A0102
+ pxor W1, A0607
+
+ movdqa A0809, W0
+ pandn A1314, W0
+ movdqa A1314, W1
+ pandn A1819, W1
+ movdqa A1819, W2
+ pandn A2324, W2
+ pxor W2, A1314
+ movdqa A2324, W3
+ pandn A0304, W3
+ pxor W3, A1819
+ movdqa A0304, W2
+ pandn A0809, W2
+ pxor W2, A2324
+ pxor W0, A0304
+ pxor W1, A0809
+
+ xorq (RC, COUNT, 8), A00
+
+ C Transpose.
+ C Swap (A05, A10) <-> A0102, and (A15, A20) <-> A0304,
+ C and also copy to C12 and C34 while at it.
+
+ MOVQ(A05, C12)
+ MOVQ(A15, C34)
+ MOVQ(A10, W0)
+ MOVQ(A20, W1)
+ movq A00, C0
+ punpcklqdq W0, C12
+ punpcklqdq W1, C34
+ MOVQ(A0102, A05)
+ MOVQ(A0304, A15)
+ psrldq $8, A0102
+ psrldq $8, A0304
+ xorq A05, C0
+ xorq A15, C0
+ MOVQ(A0102, A10)
+ MOVQ(A0304, A20)
+
+ movdqa C12, A0102
+ movdqa C34, A0304
+
+ C Transpose (A0607, A1112)
+ movdqa A0607, W0
+ punpcklqdq A1112, A0607
+ xorq A10, C0
+ xorq A20, C0
+ punpckhqdq W0, A1112
+ SWAP64 A1112, A1112
+
+ C Transpose (A1819, A2324)
+ movdqa A1819, W0
+ punpcklqdq A2324, A1819
+ pxor A0607, C12
+ pxor A1112, C12
+ punpckhqdq W0, A2324
+ SWAP64 A2324, A2324
+
+ C Transpose (A0809, A1314) and (A1617, A2122), and swap
+ movdqa A0809, W0
+ movdqa A1314, W1
+ movdqa A1617, A0809
+ movdqa A2122, A1314
+ pxor A1819, C34
+ pxor A2324, C34
+ punpcklqdq A2122, A0809
+ punpckhqdq A1617, A1314
+ SWAP64 A1314, A1314
+ movdqa W0, A1617
+ movdqa W1, A2122
+ pxor A0809, C34
+ pxor A1314, C34
+ punpcklqdq W1, A1617
+ punpckhqdq W0, A2122
+ SWAP64 A2122, A2122
+
+ decl XREG(COUNT)
+ pxor A1617, C12
+ pxor A2122, C12
+ jnz .Loop
+
+ movq A00, STATE(0)
+ movups A0102, STATE(1)
+ movups A0304, STATE(3)
+
+ movq A05, STATE(5)
+ movups A0607, STATE(6)
+ movups A0809, STATE(8)
+
+ movq A10, STATE(10)
+ movups A1112, STATE(11)
+ movups A1314, STATE(13)
+
+ movq A15, STATE(15)
+ movups A1617, STATE(16)
+ movups A1819, STATE(18)
+
+ movq A20, STATE(20)
+ movups A2122, STATE(21)
+ movups A2324, STATE(23)
+
+ pop %r14
+ pop %r13
+ pop %r12
+ pop %rbp
+ W64_EXIT(1, 16)
+ ret
+
+EPILOGUE(nettle_sha3_permute)
+
+ALIGN(16)
+.rc: C In reverse order
+ .quad 0x8000000080008008
+ .quad 0x0000000080000001
+ .quad 0x8000000000008080
+ .quad 0x8000000080008081
+ .quad 0x800000008000000A
+ .quad 0x000000000000800A
+ .quad 0x8000000000000080
+ .quad 0x8000000000008002
+ .quad 0x8000000000008003
+ .quad 0x8000000000008089
+ .quad 0x800000000000008B
+ .quad 0x000000008000808B
+ .quad 0x000000008000000A
+ .quad 0x0000000080008009
+ .quad 0x0000000000000088
+ .quad 0x000000000000008A
+ .quad 0x8000000000008009
+ .quad 0x8000000080008081
+ .quad 0x0000000080000001
+ .quad 0x000000000000808B
+ .quad 0x8000000080008000
+ .quad 0x800000000000808A
+ .quad 0x0000000000008082
+ .quad 0x0000000000000001
--- /dev/null
+C nettle, low-level cryptographics library
+C
+C Copyright (C) 2013 Niels Möller
+C
+C The nettle library is free software; you can redistribute it and/or modify
+C it under the terms of the GNU Lesser General Public License as published by
+C the Free Software Foundation; either version 2.1 of the License, or (at your
+C option) any later version.
+C
+C The nettle library is distributed in the hope that it will be useful, but
+C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+C License for more details.
+C
+C You should have received a copy of the GNU Lesser General Public License
+C along with the nettle library; see the file COPYING.LIB. If not, write to
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
+
+ .file "sha512-compress.asm"
+define(<STATE>, <%rdi>)
+define(<INPUT>, <%rsi>)
+define(<K>, <%rdx>)
+define(<SA>, <%rax>)
+define(<SB>, <%rbx>)
+define(<SC>, <%rcx>)
+define(<SD>, <%r8>)
+define(<SE>, <%r9>)
+define(<SF>, <%r10>)
+define(<SG>, <%r11>)
+define(<SH>, <%r12>)
+define(<T0>, <%r13>)
+define(<T1>, <%rdi>) C Overlap STATE
+define(<COUNT>, <%r14>)
+define(<W>, <%r15>)
+
+define(<EXPN>, <
+ mov OFFSET64($1)(%rsp), W
+ mov OFFSET64(eval(($1 + 14) % 16))(%rsp), T0
+ mov T0, T1
+ shr <$>6, T0
+ rol <$>3, T1
+ xor T1, T0
+ rol <$>42, T1
+ xor T1, T0
+ add T0, W
+ mov OFFSET64(eval(($1 + 1) % 16))(%rsp), T0
+ mov T0, T1
+ shr <$>7, T0
+ rol <$>56, T1
+ xor T1, T0
+ rol <$>7, T1
+ xor T1, T0
+ add T0, W
+ add OFFSET64(eval(($1 + 9) % 16))(%rsp), W
+ mov W, OFFSET64($1)(%rsp)
+>)
+
+C ROUND(A,B,C,D,E,F,G,H,K)
+C
+C H += S1(E) + Choice(E,F,G) + K + W
+C D += H
+C H += S0(A) + Majority(A,B,C)
+C
+C Where
+C
+C S1(E) = E<<<50 ^ E<<<46 ^ E<<<23
+C S0(A) = A<<<36 ^ A<<<30 ^ A<<<25
+C Choice (E, F, G) = G^(E&(F^G))
+C Majority (A,B,C) = (A&B) + (C&(A^B))
+
+define(<ROUND>, <
+ mov $5, T0
+ mov $5, T1
+ rol <$>23, T0
+ rol <$>46, T1
+ xor T0, T1
+ rol <$>27, T0
+ xor T0, T1
+ add W, $8
+ add T1, $8
+ mov $7, T0
+ xor $6, T0
+ and $5, T0
+ xor $7, T0
+ add OFFSET64($9)(K,COUNT,8), $8
+ add T0, $8
+ add $8, $4
+
+ mov $1, T0
+ mov $1, T1
+ rol <$>25, T0
+ rol <$>30, T1
+ xor T0, T1
+ rol <$>11, T0
+ xor T0, T1
+ add T1, $8
+ mov $1, T0
+ mov $1, T1
+ and $2, T0
+ xor $2, T1
+ add T0, $8
+ and $3, T1
+ add T1, $8
+>)
+
+define(<NOEXPN>, <
+ mov OFFSET64($1)(INPUT, COUNT, 8), W
+ bswap W
+ mov W, OFFSET64($1)(%rsp, COUNT, 8)
+>)
+
+ C void
+ C _nettle_sha512_compress(uint64_t *state, const uint8_t *input, const uint64_t *k)
+
+ .text
+ ALIGN(16)
+
+PROLOGUE(_nettle_sha512_compress)
+ W64_ENTRY(3, 0)
+
+ sub $184, %rsp
+ mov %rbx, 128(%rsp)
+ mov STATE, 136(%rsp) C Save state, to free a register
+ mov %rbp, 144(%rsp)
+ mov %r12, 152(%rsp)
+ mov %r13, 160(%rsp)
+ mov %r14, 168(%rsp)
+ mov %r15, 176(%rsp)
+
+ mov (STATE), SA
+ mov 8(STATE), SB
+ mov 16(STATE), SC
+ mov 24(STATE), SD
+ mov 32(STATE), SE
+ mov 40(STATE), SF
+ mov 48(STATE), SG
+ mov 56(STATE), SH
+ xor COUNT, COUNT
+ ALIGN(16)
+
+.Loop1:
+ NOEXPN(0) ROUND(SA,SB,SC,SD,SE,SF,SG,SH,0)
+ NOEXPN(1) ROUND(SH,SA,SB,SC,SD,SE,SF,SG,1)
+ NOEXPN(2) ROUND(SG,SH,SA,SB,SC,SD,SE,SF,2)
+ NOEXPN(3) ROUND(SF,SG,SH,SA,SB,SC,SD,SE,3)
+ NOEXPN(4) ROUND(SE,SF,SG,SH,SA,SB,SC,SD,4)
+ NOEXPN(5) ROUND(SD,SE,SF,SG,SH,SA,SB,SC,5)
+ NOEXPN(6) ROUND(SC,SD,SE,SF,SG,SH,SA,SB,6)
+ NOEXPN(7) ROUND(SB,SC,SD,SE,SF,SG,SH,SA,7)
+ add $8, COUNT
+ cmp $16, COUNT
+ jne .Loop1
+
+.Loop2:
+ EXPN( 0) ROUND(SA,SB,SC,SD,SE,SF,SG,SH,0)
+ EXPN( 1) ROUND(SH,SA,SB,SC,SD,SE,SF,SG,1)
+ EXPN( 2) ROUND(SG,SH,SA,SB,SC,SD,SE,SF,2)
+ EXPN( 3) ROUND(SF,SG,SH,SA,SB,SC,SD,SE,3)
+ EXPN( 4) ROUND(SE,SF,SG,SH,SA,SB,SC,SD,4)
+ EXPN( 5) ROUND(SD,SE,SF,SG,SH,SA,SB,SC,5)
+ EXPN( 6) ROUND(SC,SD,SE,SF,SG,SH,SA,SB,6)
+ EXPN( 7) ROUND(SB,SC,SD,SE,SF,SG,SH,SA,7)
+ EXPN( 8) ROUND(SA,SB,SC,SD,SE,SF,SG,SH,8)
+ EXPN( 9) ROUND(SH,SA,SB,SC,SD,SE,SF,SG,9)
+ EXPN(10) ROUND(SG,SH,SA,SB,SC,SD,SE,SF,10)
+ EXPN(11) ROUND(SF,SG,SH,SA,SB,SC,SD,SE,11)
+ EXPN(12) ROUND(SE,SF,SG,SH,SA,SB,SC,SD,12)
+ EXPN(13) ROUND(SD,SE,SF,SG,SH,SA,SB,SC,13)
+ EXPN(14) ROUND(SC,SD,SE,SF,SG,SH,SA,SB,14)
+ EXPN(15) ROUND(SB,SC,SD,SE,SF,SG,SH,SA,15)
+ add $16, COUNT
+ cmp $80, COUNT
+ jne .Loop2
+
+ mov 136(%rsp), STATE
+
+ add SA, (STATE)
+ add SB, 8(STATE)
+ add SC, 16(STATE)
+ add SD, 24(STATE)
+ add SE, 32(STATE)
+ add SF, 40(STATE)
+ add SG, 48(STATE)
+ add SH, 56(STATE)
+
+ mov 128(%rsp), %rbx
+ mov 144(%rsp), %rbp
+ mov 152(%rsp), %r12
+ mov 160(%rsp), %r13
+ mov 168(%rsp),%r14
+ mov 176(%rsp),%r15
+
+ add $184, %rsp
+ W64_EXIT(3, 0)
+ ret
+EPILOGUE(_nettle_sha512_compress)
--- /dev/null
+C nettle, low-level cryptographics library
+C
+C Copyright (C) 2013 Niels Möller
+C
+C The nettle library is free software; you can redistribute it and/or modify
+C it under the terms of the GNU Lesser General Public License as published by
+C the Free Software Foundation; either version 2.1 of the License, or (at your
+C option) any later version.
+C
+C The nettle library is distributed in the hope that it will be useful, but
+C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+C License for more details.
+C
+C You should have received a copy of the GNU Lesser General Public License
+C along with the nettle library; see the file COPYING.LIB. If not, write to
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
+
+define(<OUT>, <%rdi>)
+define(<ITERS>, <%rsi>)
+define(<KEY>, <%rdx>)
+define(<LENGTH>, <%rcx>)
+define(<MSG>, <%r8>)
+
+define(<XM0>, <%xmm0>)
+define(<XM1>, <%xmm1>)
+define(<XM2>, <%xmm2>)
+define(<XM3>, <%xmm3>)
+define(<XK0>, <%xmm4>)
+define(<XK1>, <%xmm5>)
+define(<XK2>, <%xmm6>)
+define(<XK3>, <%xmm7>)
+define(<XT0>, <%xmm8>)
+define(<XT1>, <%xmm9>)
+define(<XT2>, <%xmm10>)
+define(<XT3>, <%xmm11>)
+define(<XY0>, <%xmm12>)
+define(<XY1>, <%xmm13>)
+
+C Copy [0,1,2,3] to [1,1,3,3]
+define(<HI2LO>, <pshufd <$>0xf5,>)
+
+C FIXME: Would be nice if we could force the key array to be 16-byte
+C aligned.
+
+ .file "umac-nh-n.asm"
+
+ C umac_nh_n(uint64_t *out, unsigned n, const uint32_t *key,
+ C unsigned length, const uint8_t *msg)
+ .text
+ ALIGN(16)
+PROLOGUE(_nettle_umac_nh_n)
+ W64_ENTRY(5, 14)
+ pxor XY0, XY0
+ cmp $3, ITERS
+ jc .Lnh2
+ je .Lnh3
+
+.Lnh4:
+ movups (KEY), XK0
+ movups 16(KEY), XT2
+ movups 32(KEY), XK2
+ lea 48(KEY), KEY
+ C Leave XK2 untouched, and put permuted keys in XK0, XK1, XT2, XT3
+ movaps XK0, XT0
+ movaps XK0, XK1
+
+ punpcklqdq XT2, XK0 C [0,1,4,5]
+ punpckhqdq XT2, XK1 C [2,3,6,7]
+ movaps XT2, XT3
+ punpcklqdq XK2, XT2 C [4,5, 8, 9]
+ punpckhqdq XK2, XT3 C [6,7,10,11]
+
+ movaps XY0, XY1
+
+.Loop4:
+ movups (MSG), XT0
+ movups 16(MSG), XT1
+
+ pshufd $0xee, XT1, XM3 C [6,7,6,7]
+ pshufd $0x44, XT1, XM2 C [4,5,4,5]
+ pshufd $0xee, XT0, XM1 C [2,3,2,3]
+ pshufd $0x44, XT0, XM0 C [0,1,0,1]
+
+ paddd XM0, XK0
+ paddd XM1, XK1
+ paddd XM2, XT2
+ paddd XM3, XT3
+
+ HI2LO XK0, XT0
+ HI2LO XT2, XT1
+ pmuludq XK0, XT2
+ pmuludq XT0, XT1
+ paddq XT2, XY0
+ paddq XT1, XY0
+
+ HI2LO XK1, XT0
+ HI2LO XT3, XT1
+ pmuludq XK1, XT3
+ pmuludq XT0, XT1
+ paddq XT3, XY0
+ paddq XT1, XY0
+
+ movaps XK2, XK0
+ movaps XK2, XK1
+ movups (KEY), XT2
+ movups 16(KEY), XK2
+ punpcklqdq XT2, XK0 C [ 8, 9,12,13]
+ punpckhqdq XT2, XK1 C [10,11,14,15]
+ movaps XT2, XT3
+
+ punpcklqdq XK2, XT2 C [12,13,16,17]
+ punpckhqdq XK2, XT3 C [14,15,18,19]
+
+ paddd XK0, XM0
+ paddd XK1, XM1
+ paddd XT2, XM2
+ paddd XT3, XM3
+
+ HI2LO XM0, XT0
+ HI2LO XM2, XT1
+ pmuludq XM0, XM2
+ pmuludq XT0, XT1
+ paddq XM2, XY1
+ paddq XT1, XY1
+
+ HI2LO XM1, XT0
+ HI2LO XM3, XT1
+ pmuludq XM1, XM3
+ pmuludq XT0, XT1
+ paddq XM3, XY1
+ paddq XT1, XY1
+
+ subl $32, XREG(LENGTH)
+ lea 32(MSG), MSG
+ lea 32(KEY), KEY
+ ja .Loop4
+
+ movups XY0, (OUT)
+ movups XY1, 16(OUT)
+
+ W64_EXIT(5, 14)
+ ret
+
+.Lnh3:
+ movups (KEY), XK0
+ movups 16(KEY), XK1
+ movaps XY0, XY1
+.Loop3:
+ lea 32(KEY), KEY
+ movups (MSG), XT0
+ movups 16(MSG), XT1
+ movups (KEY), XK2
+ movups 16(KEY), XK3
+ pshufd $0xee, XT1, XM3 C [6,7,6,7]
+ pshufd $0x44, XT1, XM2 C [4,5,4,5]
+ pshufd $0xee, XT0, XM1 C [2,3,2,3]
+ pshufd $0x44, XT0, XM0 C [0,1,0,1]
+
+ C Iteration 2
+ paddd XK2, XT0
+ paddd XK3, XT1
+ HI2LO XT0, XT2
+ HI2LO XT1, XT3
+ pmuludq XT0, XT1
+ pmuludq XT2, XT3
+ paddq XT1, XY1
+ paddq XT3, XY1
+
+ C Iteration 0,1
+ movaps XK0, XT0
+ punpcklqdq XK1, XK0 C [0,1,4,5]
+ punpckhqdq XK1, XT0 C [2,3,6,7]
+ paddd XK0, XM0
+ paddd XT0, XM1
+ movaps XK2, XK0
+ movaps XK1, XT0
+ punpcklqdq XK2, XK1 C [4,5,8,9]
+ punpckhqdq XK2, XT0 C [6,7,10,11]
+ paddd XK1, XM2
+ paddd XT0, XM3
+
+ HI2LO XM0, XT0
+ HI2LO XM2, XT1
+ pmuludq XM0, XM2
+ pmuludq XT0, XT1
+ paddq XM2, XY0
+ paddq XT1, XY0
+
+ HI2LO XM1, XT0
+ HI2LO XM3, XT1
+ pmuludq XM1, XM3
+ pmuludq XT0, XT1
+ paddq XM3, XY0
+ paddq XT1, XY0
+ subl $32, XREG(LENGTH)
+ lea 32(MSG), MSG
+ movaps XK2, XK0
+ movaps XK3, XK1
+
+ ja .Loop3
+
+ pshufd $0xe, XY1, XT0
+ paddq XT0, XY1
+ movups XY0, (OUT)
+ movlpd XY1, 16(OUT)
+
+ W64_EXIT(5, 14)
+ ret
+
+.Lnh2:
+ C Explode message as [0,1,0,1] [2,3,2,3] [4,5,4,5] [6,7, 6, 7]
+ C Interleave keys as [0,1,4,5] [2,3,6,7] [4,5,8,9] [7,8,10,11]
+ movups (KEY), XK0
+ lea 16(KEY), KEY
+.Loop2:
+ movups (MSG), XM0
+ movups 16(MSG), XM1
+ pshufd $0xee, XM1, XM3 C [6,7,6,7]
+ pshufd $0x44, XM1, XM2 C [4,5,4,5]
+ pshufd $0xee, XM0, XM1 C [2,3,2,3]
+ pshufd $0x44, XM0, XM0 C [0,1,0,1]
+
+ movups (KEY), XK1
+ movups 16(KEY), XK2
+ movaps XK0, XT0
+ punpcklqdq XK1, XK0 C [0,1,4,5]
+ punpckhqdq XK1, XT0 C [2,3,6,7]
+ paddd XK0, XM0
+ paddd XT0, XM1
+ movaps XK2, XK0
+ movaps XK1, XT0
+ punpcklqdq XK2, XK1 C [4,5,8,9]
+ punpckhqdq XK2, XT0 C [6,7,10,11]
+ paddd XK1, XM2
+ paddd XT0, XM3
+
+ HI2LO XM0, XT0
+ HI2LO XM2, XT1
+ pmuludq XM0, XM2
+ pmuludq XT0, XT1
+ paddq XM2, XY0
+ paddq XT1, XY0
+
+ HI2LO XM1, XT0
+ HI2LO XM3, XT1
+ pmuludq XM1, XM3
+ pmuludq XT0, XT1
+ paddq XM3, XY0
+ paddq XT1, XY0
+ subl $32, XREG(LENGTH)
+ lea 32(MSG), MSG
+ lea 32(KEY), KEY
+
+ ja .Loop2
+
+ movups XY0, (OUT)
+.Lend:
+ W64_EXIT(5, 14)
+ ret
+EPILOGUE(_nettle_umac_nh_n)
--- /dev/null
+C nettle, low-level cryptographics library
+C
+C Copyright (C) 2013 Niels Möller
+C
+C The nettle library is free software; you can redistribute it and/or modify
+C it under the terms of the GNU Lesser General Public License as published by
+C the Free Software Foundation; either version 2.1 of the License, or (at your
+C option) any later version.
+C
+C The nettle library is distributed in the hope that it will be useful, but
+C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+C License for more details.
+C
+C You should have received a copy of the GNU Lesser General Public License
+C along with the nettle library; see the file COPYING.LIB. If not, write to
+C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+C MA 02111-1301, USA.
+
+define(<KEY>, <%rdi>)
+define(<LENGTH>, <%rsi>)
+define(<MSG>, <%rdx>)
+
+define(<XA>, <%xmm0>)
+define(<XB>, <%xmm1>)
+define(<XK0>, <%xmm2>)
+define(<XK1>, <%xmm3>)
+define(<XY>, <%xmm4>)
+define(<XT0>, <%xmm5>)
+define(<XT1>, <%xmm6>)
+
+C FIXME: Would be nice if we could force the key array to be 16-byte
+C aligned.
+
+ .file "umac-nh.asm"
+
+ C umac_nh(const uint32_t *key, unsigned length, const uint8_t *msg)
+ .text
+ ALIGN(16)
+PROLOGUE(_nettle_umac_nh)
+ W64_ENTRY(3, 7)
+ pxor XY, XY
+.Loop:
+ movups (KEY), XK0
+ movups 16(KEY), XK1
+ movups (MSG), XA
+ movups 16(MSG), XB
+ paddd XK0, XA
+ paddd XK1, XB
+ pshufd $0x31, XA, XT0
+ pshufd $0x31, XB, XT1
+ pmuludq XT0, XT1
+ paddq XT1, XY
+ pmuludq XA, XB
+ paddq XB, XY
+ C Length is only 32 bits
+ subl $32, XREG(LENGTH)
+ lea 32(KEY), KEY
+ lea 32(MSG), MSG
+ ja .Loop
+
+ pshufd $0xe, XY, XT0
+ paddq XT0, XY
+ C Really a movq, but write as movd to please Apple's assembler
+ movd XY, %rax
+ W64_EXIT(3, 7)
+ ret
+EPILOGUE(_nettle_umac_nh)
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001 Niels Möller
+ * Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#ifndef NETTLE_YARROW_H_INCLUDED
#define NETTLE_YARROW_H_INCLUDED
#include "aes.h"
-#include "sha.h"
+#include "sha2.h"
#ifdef __cplusplus
extern "C" {
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001 Niels Möller
+ * Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2001 Niels Möller
+ * Copyright (C) 2001 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
- * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
projects / external / nettle.git / commitdiff