Rim/master-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Add deps locally

Browse Source
This commit is contained in:
Rim
2023-12-11 20:30:44 -05:00
parent 5a888bbf06
commit 619e5550cc
5618 changed files with 1022726 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

249
deps/libtomcrypt/notes/etc/NoekeonVects.java vendored Normal file
View File

@ -0,0 +1,249 @@
/*
NoekeonVects.java - Generate Noekeon test vectors using BouncyCastle.
Written in 2011 by Patrick Pelletier <code@funwithsoftware.org>
To the extent possible under law, the author(s) have dedicated all
copyright and related and neighboring rights to this software to
the public domain worldwide. This software is distributed without
any warranty.
This file is dedicated to the public domain with the CC0 Public Domain
Dedication: http://creativecommons.org/publicdomain/zero/1.0/legalcode.txt
You may also consider this file to be covered by the WTFPL, as contained
in the LibTomCrypt LICENSE file, if that makes you happier for some reason.
----------------------------------------------------------------------
This program was inspired by the comment in Botan 1.10.1's
doc/examples/eax_test.cpp:
// Noekeon: unknown cause, though LTC's lone test vector does not
// match Botan
So, I investigated the discrepancy by comparing them with a third
implementation, BouncyCastle: http://www.bouncycastle.org/java.html
I determined that there are two reasons why LibTomCrypt's Noekeon does
not match Botan:
1) Botan uses "indirect Noekeon" (with a key schedule), while
LibTomCrypt and BouncyCastle both use "direct Noekeon" (without
a key schedule). See slide 14 of
http://gro.noekeon.org/Noekeon-slides.pdf
2) However, LibTomCrypt's direct Noekeon still does not match
BouncyCastle's direct Noekeon. This is because of a bug in
LibTomCrypt's PI1 and PI2 functions:
https://github.com/libtom/libtomcrypt/issues/5
This program uses BouncyCastle to produce test vectors which are
suitable for Botan (by explicitly scheduling the key, thus
building indirect Noekeon out of BouncyCastle's direct Noekeon),
and also produces test vectors which would be suitable for
LibTomCrypt (direct Noekeon) once its PI1 and PI2 functions are
fixed to match the Noekeon specification.
Although this program uses a PRNG from BouncyCastle to generate
data for the test vectors, it uses a fixed seed and thus will
produce the same output every time it is run.
*/
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.Locale;
import org.bouncycastle.crypto.digests.RIPEMD128Digest;
import org.bouncycastle.crypto.engines.NoekeonEngine;
import org.bouncycastle.crypto.modes.EAXBlockCipher;
import org.bouncycastle.crypto.params.AEADParameters;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.prng.DigestRandomGenerator;
import org.bouncycastle.util.encoders.HexEncoder;
public class NoekeonVects
{
private final DigestRandomGenerator r =
new DigestRandomGenerator(new RIPEMD128Digest());
private final HexEncoder h = new HexEncoder();
private final NoekeonEngine noekeon = new NoekeonEngine();
private final KeyParameter null_key = new KeyParameter(new byte[16]);
private final boolean schedule_key;
private final boolean botan_format;
private byte[] randomBytes(int n)
{
byte[] b = new byte[n];
r.nextBytes(b);
return b;
}
private void hexOut(byte[] b) throws IOException
{
// HexEncoder uses lowercase, and Botan's test vectors must
// be in uppercase, so...
ByteArrayOutputStream os = new ByteArrayOutputStream();
h.encode(b, 0, b.length, os);
String s = os.toString("US-ASCII");
System.out.print(s.toUpperCase(Locale.US));
}
private void printCArray(byte[] a) throws IOException
{
byte[] b = new byte[1];
for (int i = 0; i < a.length; i++)
{
if (i > 0)
System.out.print(", ");
System.out.print("0x");
b[0] = a[i];
hexOut(b);
}
}
private void printVector(byte[] key, byte[] plaintext, byte[] ciphertext)
throws IOException
{
if (botan_format)
{
hexOut(plaintext);
System.out.print(":");
hexOut(ciphertext);
System.out.println(":\\");
hexOut(key);
System.out.println();
}
else
{
System.out.println(" {");
System.out.println(" 16,");
System.out.print(" { ");
printCArray (key);
System.out.println(" },");
System.out.print(" { ");
printCArray (plaintext);
System.out.println(" },");
System.out.print(" { ");
printCArray (ciphertext);
System.out.println(" }");
System.out.println(" },");
}
}
private KeyParameter maybe_schedule_key(byte[] key)
{
if (schedule_key)
{
noekeon.init(true, null_key);
byte[] scheduled = new byte[16];
noekeon.processBlock(key, 0, scheduled, 0);
return new KeyParameter(scheduled);
}
else
return new KeyParameter(key);
}
private byte[] encrypt(byte[] plaintext, byte[] key)
{
KeyParameter kp = maybe_schedule_key(key);
noekeon.init(true, kp);
byte[] ciphertext = new byte[16];
noekeon.processBlock(plaintext, 0, ciphertext, 0);
return ciphertext;
}
public NoekeonVects(long seed, boolean schedule_key, boolean botan_format)
{
this.schedule_key = schedule_key;
this.botan_format = botan_format;
r.addSeedMaterial(seed);
}
public void ecb_vectors() throws IOException
{
for (int i = 0; i < 8; i++)
{
byte[] key = randomBytes(16);
byte[] plaintext = randomBytes(16);
byte[] ciphertext = encrypt(plaintext, key);
printVector(key, plaintext, ciphertext);
}
}
public void eax_vectors() throws Exception
{
System.out.println("EAX-noekeon (16 byte key)");
EAXBlockCipher eax = new EAXBlockCipher(new NoekeonEngine());
byte[] output = new byte[48];
byte[] tag = new byte[16];
for (int j = 0; j < 16; j++)
tag[j] = (byte) j;
for (int i = 0; i <= 32; i++)
{
byte[] header_nonce_plaintext = new byte[i];
for (int j = 0; j < i; j++)
header_nonce_plaintext[j] = (byte) j;
AEADParameters params =
new AEADParameters(maybe_schedule_key(tag),
128,
header_nonce_plaintext,
header_nonce_plaintext);
eax.init(true, params);
int off = eax.processBytes(header_nonce_plaintext, 0, i,
output, 0);
off += eax.doFinal(output, off);
if (off != i + 16)
throw new RuntimeException("didn't expect that");
byte[] ciphertext = new byte[i];
for (int j = 0; j < i; j++)
ciphertext[j] = output[j];
for (int j = 0; j < 16; j++)
tag[j] = output[i + j];
System.out.print(i < 10 ? " " : " ");
System.out.print(i);
System.out.print(": ");
hexOut(ciphertext);
System.out.print(", ");
hexOut(tag);
System.out.println();
}
}
public static void main(String[] argv) throws Exception
{
NoekeonVects bot = new NoekeonVects(0xdefacedbadfacadeL, true, true);
NoekeonVects tom = new NoekeonVects(0xdefacedbadfacadeL, false, false);
System.out.println("# ECB vectors for indirect Noekeon, in Botan's");
System.out.println("# test vector format, suitable for insertion");
System.out.println("# into Botan's file checks/validate.dat");
System.out.println("# Block cipher format is plaintext:ciphertext:key");
bot.ecb_vectors();
System.out.println();
System.out.println("/* ECB vectors for direct Noekeon, as C arrays");
System.out.println(" * suitable for insertion into LibTomCrypt's");
System.out.println(" * noekeon_test() in src/ciphers/noekeon.c,");
System.out.println(" * once LTC's PI1/PI2 bug is fixed. */");
tom.ecb_vectors();
System.out.println();
System.out.println("# EAX vectors for indirect Noekeon, in the format");
System.out.println("# generated by LTC's demos/tv_gen.c and consumed");
System.out.println("# by Botan's doc/examples/eax_test.cpp, suitable");
System.out.println("# for insertion in Botan's doc/examples/eax.vec");
bot.eax_vectors();
System.out.println();
System.out.println("# EAX vectors for direct Noekeon, in the format");
System.out.println("# generated by LTC's demos/tv_gen.c and consumed");
System.out.println("# by Botan's doc/examples/eax_test.cpp, which");
System.out.println("# should match LTC's notes/eax_tv.txt, once");
System.out.println("# LTC's PI1/PI2 bug is fixed.");
tom.eax_vectors();
System.out.flush();
}
}

177
deps/libtomcrypt/notes/etc/saferp_optimizer.c vendored Normal file
View File

@ -0,0 +1,177 @@
/* emits an optimized version of LTC_SAFER+ ... only does encrypt so far... */
#include <stdio.h>
#include <string.h>
/* This is the "Armenian" Shuffle. It takes the input from b and stores it in b2 */
#define SHUF\
b2[0] = b[8]; b2[1] = b[11]; b2[2] = b[12]; b2[3] = b[15]; \
b2[4] = b[2]; b2[5] = b[1]; b2[6] = b[6]; b2[7] = b[5]; \
b2[8] = b[10]; b2[9] = b[9]; b2[10] = b[14]; b2[11] = b[13]; \
b2[12] = b[0]; b2[13] = b[7]; b2[14] = b[4]; b2[15] = b[3]; memcpy(b, b2, sizeof(b));
/* This is the inverse shuffle. It takes from b and gives to b2 */
#define iSHUF(b, b2) \
b2[0] = b[12]; b2[1] = b[5]; b2[2] = b[4]; b2[3] = b[15]; \
b2[4] = b[14]; b2[5] = b[7]; b2[6] = b[6]; b2[7] = b[13]; \
b2[8] = b[0]; b2[9] = b[9]; b2[10] = b[8]; b2[11] = b[1]; \
b2[12] = b[2]; b2[13] = b[11]; b2[14] = b[10]; b2[15] = b[3]; memcpy(b, b2, sizeof(b));
#define ROUND(b, i) \
b[0] = (safer_ebox[(b[0] ^ skey->saferp.K[i][0]) & 255] + skey->saferp.K[i+1][0]) & 255; \
b[1] = safer_lbox[(b[1] + skey->saferp.K[i][1]) & 255] ^ skey->saferp.K[i+1][1]; \
b[2] = safer_lbox[(b[2] + skey->saferp.K[i][2]) & 255] ^ skey->saferp.K[i+1][2]; \
b[3] = (safer_ebox[(b[3] ^ skey->saferp.K[i][3]) & 255] + skey->saferp.K[i+1][3]) & 255; \
b[4] = (safer_ebox[(b[4] ^ skey->saferp.K[i][4]) & 255] + skey->saferp.K[i+1][4]) & 255; \
b[5] = safer_lbox[(b[5] + skey->saferp.K[i][5]) & 255] ^ skey->saferp.K[i+1][5]; \
b[6] = safer_lbox[(b[6] + skey->saferp.K[i][6]) & 255] ^ skey->saferp.K[i+1][6]; \
b[7] = (safer_ebox[(b[7] ^ skey->saferp.K[i][7]) & 255] + skey->saferp.K[i+1][7]) & 255; \
b[8] = (safer_ebox[(b[8] ^ skey->saferp.K[i][8]) & 255] + skey->saferp.K[i+1][8]) & 255; \
b[9] = safer_lbox[(b[9] + skey->saferp.K[i][9]) & 255] ^ skey->saferp.K[i+1][9]; \
b[10] = safer_lbox[(b[10] + skey->saferp.K[i][10]) & 255] ^ skey->saferp.K[i+1][10]; \
b[11] = (safer_ebox[(b[11] ^ skey->saferp.K[i][11]) & 255] + skey->saferp.K[i+1][11]) & 255; \
b[12] = (safer_ebox[(b[12] ^ skey->saferp.K[i][12]) & 255] + skey->saferp.K[i+1][12]) & 255; \
b[13] = safer_lbox[(b[13] + skey->saferp.K[i][13]) & 255] ^ skey->saferp.K[i+1][13]; \
b[14] = safer_lbox[(b[14] + skey->saferp.K[i][14]) & 255] ^ skey->saferp.K[i+1][14]; \
b[15] = (safer_ebox[(b[15] ^ skey->saferp.K[i][15]) & 255] + skey->saferp.K[i+1][15]) & 255;
int main(void)
{
int b[16], b2[16], x, y, z;
/* -- ENCRYPT --- */
for (x = 0; x < 16; x++) b[x] = x;
/* emit encrypt preabmle */
printf(
"void saferp_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)\n"
"{\n"
" int x;\n"
" unsigned char b[16];\n"
"\n"
" LTC_ARGCHK(pt != NULL);\n"
" LTC_ARGCHK(ct != NULL);\n"
" LTC_ARGCHK(skey != NULL);\n"
"\n"
" /* do eight rounds */\n"
" for (x = 0; x < 16; x++) {\n"
" b[x] = pt[x];\n"
" }\n");
/* do 8 rounds of ROUND; LT; */
for (x = 0; x < 8; x++) {
/* ROUND(..., x*2) */
for (y = 0; y < 16; y++) {
printf("b[%d] = (safer_%cbox[(b[%d] %c skey->saferp.K[%d][%d]) & 255] %c skey->saferp.K[%d][%d]) & 255;\n",
b[y], "elle"[y&3], b[y], "^++^"[y&3], x*2, y, "+^^+"[y&3], x*2+1, y);
}
/* LT */
for (y = 0; y < 4; y++) {
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[0], b[0], b[1], b[0], b[1]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[2], b[2], b[3], b[3], b[2]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[4], b[4], b[5], b[5], b[4]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[6], b[6], b[7], b[7], b[6]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[8], b[8], b[9], b[9], b[8]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[10], b[10], b[11], b[11], b[10]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[12], b[12], b[13], b[13], b[12]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[14], b[14], b[15], b[15], b[14]);
if (y < 3) {
SHUF;
}
}
}
printf(
" if (skey->saferp.rounds <= 8) {\n");
/* finish */
for (x = 0; x < 16; x++) {
printf(
" ct[%d] = (b[%d] %c skey->saferp.K[skey->saferp.rounds*2][%d]) & 255;\n",
x, b[x], "^++^"[x&3], x);
}
printf(" return;\n }\n");
/* 192-bit keys */
printf(
" /* 192-bit key? */\n"
" if (skey->saferp.rounds > 8) {\n");
/* do 4 rounds of ROUND; LT; */
for (x = 8; x < 12; x++) {
/* ROUND(..., x*2) */
for (y = 0; y < 16; y++) {
printf("b[%d] = (safer_%cbox[(b[%d] %c skey->saferp.K[%d][%d]) & 255] %c skey->saferp.K[%d][%d]) & 255;\n",
b[y], "elle"[y&3], b[y], "^++^"[y&3], x*2, y, "+^^+"[y&3], x*2+1, y);
}
/* LT */
for (y = 0; y < 4; y++) {
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[0], b[0], b[1], b[0], b[1]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[2], b[2], b[3], b[3], b[2]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[4], b[4], b[5], b[5], b[4]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[6], b[6], b[7], b[7], b[6]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[8], b[8], b[9], b[9], b[8]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[10], b[10], b[11], b[11], b[10]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[12], b[12], b[13], b[13], b[12]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[14], b[14], b[15], b[15], b[14]);
if (y < 3) {
SHUF;
}
}
}
printf("}\n");
printf(
" if (skey->saferp.rounds <= 12) {\n");
/* finish */
for (x = 0; x < 16; x++) {
printf(
" ct[%d] = (b[%d] %c skey->saferp.K[skey->saferp.rounds*2][%d]) & 255;\n",
x, b[x], "^++^"[x&3], x);
}
printf(" return;\n }\n");
/* 256-bit keys */
printf(
" /* 256-bit key? */\n"
" if (skey->saferp.rounds > 12) {\n");
/* do 4 rounds of ROUND; LT; */
for (x = 12; x < 16; x++) {
/* ROUND(..., x*2) */
for (y = 0; y < 16; y++) {
printf("b[%d] = (safer_%cbox[(b[%d] %c skey->saferp.K[%d][%d]) & 255] %c skey->saferp.K[%d][%d]) & 255;\n",
b[y], "elle"[y&3], b[y], "^++^"[y&3], x*2, y, "+^^+"[y&3], x*2+1, y);
}
/* LT */
for (y = 0; y < 4; y++) {
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[0], b[0], b[1], b[0], b[1]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[2], b[2], b[3], b[3], b[2]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[4], b[4], b[5], b[5], b[4]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[6], b[6], b[7], b[7], b[6]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[8], b[8], b[9], b[9], b[8]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[10], b[10], b[11], b[11], b[10]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[12], b[12], b[13], b[13], b[12]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[14], b[14], b[15], b[15], b[14]);
if (y < 3) {
SHUF;
}
}
}
/* finish */
for (x = 0; x < 16; x++) {
printf(
" ct[%d] = (b[%d] %c skey->saferp.K[skey->saferp.rounds*2][%d]) & 255;\n",
x, b[x], "^++^"[x&3], x);
}
printf(" return;\n");
printf(" }\n}\n\n");
return 0;
}
/* ref: $Format:%D$ */
/* git commit: $Format:%H$ */
/* commit time: $Format:%ai$ */

95
deps/libtomcrypt/notes/etc/whirlgen.c vendored Normal file
View File

@ -0,0 +1,95 @@
#include <stdio.h>
unsigned E[16] = { 1, 0xb, 9, 0xc, 0xd, 6, 0xf, 3, 0xe, 8, 7, 4, 0xa, 2, 5, 0 };
unsigned Ei[16];
unsigned R[16] = { 7, 0xc, 0xb, 0xd, 0xe, 4, 9, 0xf, 6, 3, 8, 0xa, 2, 5, 1, 0 };
unsigned cir[8][8] = {
{1, 1, 4, 1, 8, 5, 2, 9 },
};
unsigned gf_mul(unsigned a, unsigned b)
{
unsigned r;
r = 0;
while (a) {
if (a & 1) r ^= b;
a >>= 1;
b = (b << 1) ^ (b & 0x80 ? 0x11d : 0x00);
}
return r;
}
unsigned sbox(unsigned x)
{
unsigned a, b, w;
a = x >> 4;
b = x & 15;
a = E[a]; b = Ei[b];
w = a ^ b; w = R[w];
a = E[a ^ w]; b = Ei[b ^ w];
return (a << 4) | b;
}
int main(void)
{
unsigned x, y;
for (x = 0; x < 16; x++) Ei[E[x]] = x;
// for (x = 0; x < 16; x++) printf("%2x ", sbox(x));
for (y = 1; y < 8; y++) {
for (x = 0; x < 8; x++) {
cir[y][x] = cir[y-1][(x-1)&7];
}
}
/*
printf("\n");
for (y = 0; y < 8; y++) {
for (x = 0; x < 8; x++) printf("%2d ", cir[y][x]);
printf("\n");
}
*/
for (y = 0; y < 8; y++) {
printf("static const ulong64 sbox%d[] = {\n", y);
for (x = 0; x < 256; ) {
printf("CONST64(0x%02x%02x%02x%02x%02x%02x%02x%02x)",
gf_mul(sbox(x), cir[y][0]),
gf_mul(sbox(x), cir[y][1]),
gf_mul(sbox(x), cir[y][2]),
gf_mul(sbox(x), cir[y][3]),
gf_mul(sbox(x), cir[y][4]),
gf_mul(sbox(x), cir[y][5]),
gf_mul(sbox(x), cir[y][6]),
gf_mul(sbox(x), cir[y][7]));
if (x < 255) printf(", ");
if (!(++x & 3)) printf("\n");
}
printf("};\n\n");
}
printf("static const ulong64 cont[] = {\n");
for (y = 0; y <= 10; y++) {
printf("CONST64(0x");
for (x = 0; x < 8; x++) {
printf("%02x", sbox((8*y + x)&255));
}
printf("),\n");
}
printf("};\n\n");
return 0;
}
/* ref: $Format:%D$ */
/* git commit: $Format:%H$ */
/* commit time: $Format:%ai$ */

19
deps/libtomcrypt/notes/etc/whirltest.c vendored Normal file
View File

@ -0,0 +1,19 @@
#include <stdio.h>
int main(void)
{
char buf[4096];
int x;
while (fgets(buf, sizeof(buf)-2, stdin) != NULL) {
for (x = 0; x < 128; ) {
printf("0x%c%c, ", buf[x], buf[x+1]);
if (!((x += 2) & 31)) printf("\n");
}
}
}
/* ref: $Format:%D$ */
/* git commit: $Format:%H$ */
/* commit time: $Format:%ai$ */