diff options
author | Aqua-sama <aqua@iserlohn-fortress.net> | 2020-11-08 20:34:13 +0200 |
---|---|---|
committer | Aqua-sama <aqua@iserlohn-fortress.net> | 2020-11-08 20:34:13 +0200 |
commit | 51528ecf3d90d09351322e172d91eed0cb45b2e7 (patch) | |
tree | 270b22937ccf770a70b287730e4113d1b934ac09 | |
parent | Add compile-time key length check (diff) | |
download | blowfish-master.tar.xz |
-rw-r--r-- | blowfish.hpp | 50 | ||||
-rw-r--r-- | blowfish_init.hpp | 3 | ||||
-rw-r--r-- | main.cpp | 46 | ||||
-rw-r--r-- | makefile | 13 | ||||
-rw-r--r-- | test_set_keys.cpp | 42 | ||||
-rw-r--r-- | test_variable_keys.cpp | 36 | ||||
-rw-r--r-- | vectors.h | 253 |
7 files changed, 255 insertions, 188 deletions
diff --git a/blowfish.hpp b/blowfish.hpp index 3637335..88d865a 100644 --- a/blowfish.hpp +++ b/blowfish.hpp @@ -4,9 +4,12 @@ #include "blowfish_init.hpp" #include <algorithm> +#include <span> namespace Blowfish { -template <std::size_t sz> concept is_valid_key_length = (sz < KEYLEN); + +template <std::size_t sz> +concept is_valid_key_length = (KEYLEN_MIN <= sz && sz <= KEYLEN_MAX); struct Block { constexpr Block(uint64_t x) { @@ -28,23 +31,21 @@ struct Block { template <std::size_t keylen> requires is_valid_key_length<keylen> class Context { public: - constexpr Context(const std::array<uint8_t, keylen> &key) { + constexpr Context(const std::span<const uint8_t> &key) { for (std::size_t i = 0; i < BOXES; ++i) { std::copy(S_INIT[i].begin(), S_INIT[i].end(), S[i].begin()); } - // - std::size_t k = 0; for (std::size_t i = 0; i < SUBKEYS; ++i) { - uint32_t qk = 0; - for (std::size_t j = 0; j < 4; ++j) { - qk = (qk << 8) | key[k]; - ++k; - if (k >= keylen) { - k = 0; - } - } - P[i] = P_INIT[i] ^ qk; + const auto idx0 = (i * 4 + 0) % keylen; + const auto idx1 = (i * 4 + 1) % keylen; + const auto idx2 = (i * 4 + 2) % keylen; + const auto idx3 = (i * 4 + 3) % keylen; + const uint32_t qk = (static_cast<uint32_t>(key[idx0]) << 24) + + (static_cast<uint32_t>(key[idx1]) << 16) + + (static_cast<uint32_t>(key[idx2]) << 8) + + static_cast<uint32_t>(key[idx3]); + P[i] = P_INIT[i] ^ qk; } Block x(0, 0); @@ -54,6 +55,7 @@ public: P[i] = x.L; P[i + 1] = x.R; } + for (std::size_t i = 0; i < BOXES; ++i) { for (std::size_t j = 0; j < ENTRIES; j += 2) { x = encrypt(x); @@ -65,11 +67,12 @@ public: constexpr Block encrypt(const Block &x) const { Block y(x); - for (std::size_t i = 0; i < ROUNDS; ++i) { - y.L = y.L ^ P[i]; - y.R = F(y.L) ^ y.R; - std::swap(y.L, y.R); - } + for (std::size_t i = 0; i < ROUNDS; ++i) + [[likely]] { + y.L = y.L ^ P[i]; + y.R = F(y.L) ^ y.R; + std::swap(y.L, y.R); + } std::swap(y.L, y.R); y.R = y.R ^ P[16]; y.L = y.L ^ P[17]; @@ -79,11 +82,12 @@ public: constexpr Block decrypt(const Block &x) const { Block y(x); - for (std::size_t i = ROUNDS + 1; i > 1; --i) { - y.L = y.L ^ P[i]; - y.R = F(y.L) ^ y.R; - std::swap(y.L, y.R); - } + for (std::size_t i = ROUNDS + 1; i > 1; --i) + [[likely]] { + y.L = y.L ^ P[i]; + y.R = F(y.L) ^ y.R; + std::swap(y.L, y.R); + } std::swap(y.L, y.R); y.R = y.R ^ P[1]; y.L = y.L ^ P[0]; diff --git a/blowfish_init.hpp b/blowfish_init.hpp index 2d7bf6c..7e9a0d9 100644 --- a/blowfish_init.hpp +++ b/blowfish_init.hpp @@ -4,7 +4,8 @@ namespace Blowfish { -constexpr std::size_t KEYLEN = 448 / sizeof(uint8_t); +constexpr std::size_t KEYLEN_MIN = 32 / 8; +constexpr std::size_t KEYLEN_MAX = 448 / 8; constexpr std::size_t ROUNDS = 16; constexpr std::size_t SUBKEYS = ROUNDS + 2; constexpr std::size_t BOXES = 4; @@ -2,49 +2,11 @@ #include "vectors.h" #include <cstdio> -constexpr uint64_t k(const uint8_t key[8]) { - uint64_t r = 0; - for (int i = 0; i < 8; ++i) { - r += static_cast<uint64_t>(key[i]) << (64 - 8 * (i + 1)); - } - return r; -} - -template <int i> struct wrapper { - constexpr void operator()() const { - constexpr Blowfish::Context<8> b(std::to_array(variable_key[i])); - constexpr Blowfish::Block x(plaintext_l[i], plaintext_r[i]); - - constexpr auto y = b.encrypt(x); - static_assert(y.L == ciphertext_l[i]); - static_assert(y.R == ciphertext_r[i]); - - constexpr auto z = b.decrypt(y); - static_assert(x.L == z.L); - static_assert(x.R == z.R); - - printf("0x%016lx\t", k(variable_key[i])); - printf("0x%016lx\t", static_cast<uint64_t>(x)); - printf("0x%016lx\t", static_cast<uint64_t>(y)); - printf("0x%016lx\n", static_cast<uint64_t>(z)); - } -}; - -template <template <int> class W, std::size_t... I> -void caller_impl(std::index_sequence<I...>) { - int t[] = {0, ((void)W<I>()(), 1)...}; - (void)t; -} - -template <template <int> class W, std::size_t N, - typename Indices = std::make_index_sequence<N>> -void call_times() { - caller_impl<W>(Indices()); -} +void run_variable_key_wrapper(); +void run_set_key_wrapper(); int main(int, char **) { - printf("%-18s\t%-18s\t%-18s\t%-18s\n", "/ key", "/ cleartext", "/ encrypt", - "/ decrypt"); - call_times<wrapper, NUM_VARIABLE_KEY_TESTS>(); + run_variable_key_wrapper(); + run_set_key_wrapper(); return 0; } @@ -1,20 +1,17 @@ CXX = g++ -CXXFLAGS = -Wall -Wextra -Wpedantic -std=c++2a -g +CXXFLAGS = -Wall -Wextra -Wpedantic -std=c++2a -g -funroll-loops +LDFLAGS = -static -static-libgcc -static-libstdc++ RELEASE = -O3 -march=native -mtune=native -objects = main.o +objects = main.o test_set_keys.o test_variable_keys.o default: main -release: - $(CXX) -c $(CXXFLAGS) $(RELEASE) main.cpp - $(CXX) -o main main.o - %.o: %.cpp - $(CXX) -c $(CXXFLAGS) $< + $(CXX) -c $(CXXFLAGS) $(RELEASE) $< main: $(objects) - g++ -o $@ $^ + $(CXX) $(LDFLAGS) -o $@ $^ clean: rm $(objects) diff --git a/test_set_keys.cpp b/test_set_keys.cpp new file mode 100644 index 0000000..e963930 --- /dev/null +++ b/test_set_keys.cpp @@ -0,0 +1,42 @@ +#include "blowfish.hpp" +#include "vectors.h" +#include <cstdio> + +template <int sz> constexpr void printKey() { + for (int i = 0; i < sz; ++i) { + printf("%02x ", set_key[i]); + } + printf("\n"); +} + +template <int i> struct set_key_wrapper { + constexpr void operator()() const { + + if constexpr (i < 3) { + printf("skip - minimal key length is 32bits (4bytes): current key " + "length: %i bytes\n", + i + 1); + } else { + constexpr auto s = std::span(set_key, i + 1); + + constexpr Blowfish::Context<i + 1> b(s); + constexpr Blowfish::Block x(set_key_ptext); + + constexpr auto y = b.encrypt(x); + static_assert(static_cast<uint64_t>(y) == set_key_ctext[i]); + printf("0x%016lx\t", static_cast<uint64_t>(y)); + + constexpr auto z = b.decrypt(y); + static_assert(static_cast<uint64_t>(z) == set_key_ptext); + printf("0x%016lx\t", static_cast<uint64_t>(z)); + + printKey<i + 1>(); + } + } +}; + +void run_set_key_wrapper() { + printf("%-18s\t%-18s\t%-18s\n", "/ encrypt", "/ decrypt", "/ key"); + call_times<set_key_wrapper, NUM_SET_KEY_TESTS>(); + printf("%-18s\t0x%016lx\n", "cleartext", set_key_ptext); +} diff --git a/test_variable_keys.cpp b/test_variable_keys.cpp new file mode 100644 index 0000000..8382900 --- /dev/null +++ b/test_variable_keys.cpp @@ -0,0 +1,36 @@ +#include "blowfish.hpp" +#include "vectors.h" +#include <cstdio> + +constexpr uint64_t castVarKey(const uint8_t key[8]) { + uint64_t r = 0; + for (int i = 0; i < 8; ++i) { + r += static_cast<uint64_t>(key[i]) << (64 - 8 * (i + 1)); + } + return r; +} + +template <int i> struct variable_key_wrapper { + constexpr void operator()() const { + constexpr Blowfish::Context<8> b(std::span(variable_key[i], 8)); + constexpr Blowfish::Block x(plaintext_l[i], plaintext_r[i]); + + constexpr auto y = b.encrypt(x); + static_assert(y.L == ciphertext_l[i]); + static_assert(y.R == ciphertext_r[i]); + + constexpr auto z = b.decrypt(y); + static_assert(x.L == z.L); + static_assert(x.R == z.R); + + printf("0x%016lx\t", castVarKey(variable_key[i])); + printf("0x%016lx\t", static_cast<uint64_t>(x)); + printf("0x%016lx\t", static_cast<uint64_t>(y)); + printf("0x%016lx\n", static_cast<uint64_t>(z)); + } +}; +void run_variable_key_wrapper() { + printf("%-18s\t%-18s\t%-18s\t%-18s\n", "/ key", "/ cleartext", "/ encrypt", + "/ decrypt"); + call_times<variable_key_wrapper, NUM_VARIABLE_KEY_TESTS>(); +} @@ -1,114 +1,139 @@ -#pragma once
-// https://www.schneier.com/wp-content/uploads/2015/12/vectors2-1.txt
-
-/*
- * Author : Randy L. Milbert
- * E-mail : rmilbert@mit.edu
- * Date : 18 Jun 97
- * Description: Eric Young's test vectors for Blowfish.
- */
-
-#define NUM_VARIABLE_KEY_TESTS 34
-#define NUM_SET_KEY_TESTS 24
-
-/* plaintext bytes -- left halves */
-constexpr uint32_t plaintext_l[NUM_VARIABLE_KEY_TESTS + NUM_SET_KEY_TESTS] = {
- 0x00000000l, 0xFFFFFFFFl, 0x10000000l, 0x11111111l, 0x11111111l,
- 0x01234567l, 0x00000000l, 0x01234567l, 0x01A1D6D0l, 0x5CD54CA8l,
- 0x0248D438l, 0x51454B58l, 0x42FD4430l, 0x059B5E08l, 0x0756D8E0l,
- 0x762514B8l, 0x3BDD1190l, 0x26955F68l, 0x164D5E40l, 0x6B056E18l,
- 0x004BD6EFl, 0x480D3900l, 0x437540C8l, 0x072D43A0l, 0x02FE5577l,
- 0x1D9D5C50l, 0x30553228l, 0x01234567l, 0x01234567l, 0x01234567l,
- 0xFFFFFFFFl, 0x00000000l, 0x00000000l, 0xFFFFFFFFl, 0xFEDCBA98l,
- 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l,
- 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l,
- 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l,
- 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l,
- 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l};
-
-/* plaintext bytes -- right halves */
-constexpr uint32_t plaintext_r[NUM_VARIABLE_KEY_TESTS + NUM_SET_KEY_TESTS] = {
- 0x00000000l, 0xFFFFFFFFl, 0x00000001l, 0x11111111l, 0x11111111l,
- 0x89ABCDEFl, 0x00000000l, 0x89ABCDEFl, 0x39776742l, 0x3DEF57DAl,
- 0x06F67172l, 0x2DDF440Al, 0x59577FA2l, 0x51CF143Al, 0x774761D2l,
- 0x29BF486Al, 0x49372802l, 0x35AF609Al, 0x4F275232l, 0x759F5CCAl,
- 0x09176062l, 0x6EE762F2l, 0x698F3CFAl, 0x77075292l, 0x8117F12Al,
- 0x18F728C2l, 0x6D6F295Al, 0x89ABCDEFl, 0x89ABCDEFl, 0x89ABCDEFl,
- 0xFFFFFFFFl, 0x00000000l, 0x00000000l, 0xFFFFFFFFl, 0x76543210l,
- 0x76543210l, 0x76543210l, 0x76543210l, 0x76543210l, 0x76543210l,
- 0x76543210l, 0x76543210l, 0x76543210l, 0x76543210l, 0x76543210l,
- 0x76543210l, 0x76543210l, 0x76543210l, 0x76543210l, 0x76543210l,
- 0x76543210l, 0x76543210l, 0x76543210l, 0x76543210l, 0x76543210l,
- 0x76543210l, 0x76543210l, 0x76543210l};
-
-/* key bytes for variable key tests */
-constexpr uint8_t variable_key[NUM_VARIABLE_KEY_TESTS][8] = {
- {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
- {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
- {0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
- {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
- {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
- {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
- {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
- {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
- {0x7C, 0xA1, 0x10, 0x45, 0x4A, 0x1A, 0x6E, 0x57},
- {0x01, 0x31, 0xD9, 0x61, 0x9D, 0xC1, 0x37, 0x6E},
- {0x07, 0xA1, 0x13, 0x3E, 0x4A, 0x0B, 0x26, 0x86},
- {0x38, 0x49, 0x67, 0x4C, 0x26, 0x02, 0x31, 0x9E},
- {0x04, 0xB9, 0x15, 0xBA, 0x43, 0xFE, 0xB5, 0xB6},
- {0x01, 0x13, 0xB9, 0x70, 0xFD, 0x34, 0xF2, 0xCE},
- {0x01, 0x70, 0xF1, 0x75, 0x46, 0x8F, 0xB5, 0xE6},
- {0x43, 0x29, 0x7F, 0xAD, 0x38, 0xE3, 0x73, 0xFE},
- {0x07, 0xA7, 0x13, 0x70, 0x45, 0xDA, 0x2A, 0x16},
- {0x04, 0x68, 0x91, 0x04, 0xC2, 0xFD, 0x3B, 0x2F},
- {0x37, 0xD0, 0x6B, 0xB5, 0x16, 0xCB, 0x75, 0x46},
- {0x1F, 0x08, 0x26, 0x0D, 0x1A, 0xC2, 0x46, 0x5E},
- {0x58, 0x40, 0x23, 0x64, 0x1A, 0xBA, 0x61, 0x76},
- {0x02, 0x58, 0x16, 0x16, 0x46, 0x29, 0xB0, 0x07},
- {0x49, 0x79, 0x3E, 0xBC, 0x79, 0xB3, 0x25, 0x8F},
- {0x4F, 0xB0, 0x5E, 0x15, 0x15, 0xAB, 0x73, 0xA7},
- {0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF},
- {0x01, 0x83, 0x10, 0xDC, 0x40, 0x9B, 0x26, 0xD6},
- {0x1C, 0x58, 0x7F, 0x1C, 0x13, 0x92, 0x4F, 0xEF},
- {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
- {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E},
- {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE},
- {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
- {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
- {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
- {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10}};
-
-/* key bytes for set key tests */
-unsigned char set_key[24] = {0xF0, 0xE1, 0xD2, 0xC3, 0xB4, 0xA5, 0x96, 0x87,
- 0x78, 0x69, 0x5A, 0x4B, 0x3C, 0x2D, 0x1E, 0x0F,
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
-
-/* ciphertext bytes -- left halves */
-constexpr uint32_t ciphertext_l[NUM_VARIABLE_KEY_TESTS + NUM_SET_KEY_TESTS] = {
- 0x4EF99745l, 0x51866FD5l, 0x7D856F9Al, 0x2466DD87l, 0x61F9C380l,
- 0x7D0CC630l, 0x4EF99745l, 0x0ACEAB0Fl, 0x59C68245l, 0xB1B8CC0Bl,
- 0x1730E577l, 0xA25E7856l, 0x353882B1l, 0x48F4D088l, 0x432193B7l,
- 0x13F04154l, 0x2EEDDA93l, 0xD887E039l, 0x5F99D04Fl, 0x4A057A3Bl,
- 0x452031C1l, 0x7555AE39l, 0x53C55F9Cl, 0x7A8E7BFAl, 0xCF9C5D7Al,
- 0xD1ABB290l, 0x55CB3774l, 0xFA34EC48l, 0xA7907951l, 0xC39E072Dl,
- 0x014933E0l, 0xF21E9A77l, 0x24594688l, 0x6B5C5A9Cl, 0xF9AD597Cl,
- 0xE91D21C1l, 0xE9C2B70Al, 0xBE1E6394l, 0xB39E4448l, 0x9457AA83l,
- 0x8BB77032l, 0xE87A244El, 0x15750E7Al, 0x122BA70Bl, 0x3A833C9Al,
- 0x9409DA87l, 0x884F8062l, 0x1F85031Cl, 0x79D9373Al, 0x93142887l,
- 0x03429E83l, 0xA4299E27l, 0xAFD5AED1l, 0x10851C0El, 0xE6F51ED7l,
- 0x64A6E14Al, 0x80C7D7D4l, 0x05044B62l};
-
-/* ciphertext bytes -- right halves */
-constexpr uint32_t ciphertext_r[NUM_VARIABLE_KEY_TESTS + NUM_SET_KEY_TESTS] = {
- 0x6198DD78l, 0xB85ECB8Al, 0x613063F2l, 0x8B963C9Dl, 0x2281B096l,
- 0xAFDA1EC7l, 0x6198DD78l, 0xC6A0A28Dl, 0xEB05282Bl, 0x250F09A0l,
- 0x8BEA1DA4l, 0xCF2651EBl, 0x09CE8F1Al, 0x4C379918l, 0x8951FC98l,
- 0xD69D1AE5l, 0xFFD39C79l, 0x3C2DA6E3l, 0x5B163969l, 0x24D3977Bl,
- 0xE4FADA8El, 0xF59B87BDl, 0xB49FC019l, 0x937E89A3l, 0x4986ADB5l,
- 0x658BC778l, 0xD13EF201l, 0x47B268B2l, 0x08EA3CAEl, 0x9FAC631Dl,
- 0xCDAFF6E4l, 0xB71C49BCl, 0x5754369Al, 0x5D9E0A5Al, 0x49DB005El,
- 0xD961A6D6l, 0x1BC65CF3l, 0x08640F05l, 0x1BDB1E6El, 0xB1928C0Dl,
- 0xF960629Dl, 0x2CC85E82l, 0x4F4EC577l, 0x3AB64AE0l, 0xFFC537F6l,
- 0xA90F6BF2l, 0x5060B8B4l, 0x19E11968l, 0x714CA34Fl, 0xEE3BE15Cl,
- 0x8CE2D14Bl, 0x469FF67Bl, 0xC1BC96A8l, 0x3858DA9Fl, 0x9B9DB21Fl,
- 0xFD36B46Fl, 0x5A5479ADl, 0xFA52D080l};
+#pragma once + +template <template <int> class W, std::size_t... I> +void caller_impl(std::index_sequence<I...>) { + int t[] = {0, ((void)W<I>()(), 1)...}; + (void)t; +} + +template <template <int> class W, std::size_t N, + typename Indices = std::make_index_sequence<N>> +void call_times() { + caller_impl<W>(Indices()); +} + +// https://www.schneier.com/wp-content/uploads/2015/12/vectors2-1.txt + +/* + * Author : Randy L. Milbert + * E-mail : rmilbert@mit.edu + * Date : 18 Jun 97 + * Description: Eric Young's test vectors for Blowfish. + */ + +constexpr std::size_t NUM_VARIABLE_KEY_TESTS = 34; +constexpr std::size_t NUM_SET_KEY_TESTS = 24; + +/* plaintext bytes -- left halves */ +constexpr uint32_t plaintext_l[NUM_VARIABLE_KEY_TESTS + NUM_SET_KEY_TESTS] = { + 0x00000000l, 0xFFFFFFFFl, 0x10000000l, 0x11111111l, 0x11111111l, + 0x01234567l, 0x00000000l, 0x01234567l, 0x01A1D6D0l, 0x5CD54CA8l, + 0x0248D438l, 0x51454B58l, 0x42FD4430l, 0x059B5E08l, 0x0756D8E0l, + 0x762514B8l, 0x3BDD1190l, 0x26955F68l, 0x164D5E40l, 0x6B056E18l, + 0x004BD6EFl, 0x480D3900l, 0x437540C8l, 0x072D43A0l, 0x02FE5577l, + 0x1D9D5C50l, 0x30553228l, 0x01234567l, 0x01234567l, 0x01234567l, + 0xFFFFFFFFl, 0x00000000l, 0x00000000l, 0xFFFFFFFFl, 0xFEDCBA98l, + 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l, + 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l, + 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l, + 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l, + 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l}; + +/* plaintext bytes -- right halves */ +constexpr uint32_t plaintext_r[NUM_VARIABLE_KEY_TESTS + NUM_SET_KEY_TESTS] = { + 0x00000000l, 0xFFFFFFFFl, 0x00000001l, 0x11111111l, 0x11111111l, + 0x89ABCDEFl, 0x00000000l, 0x89ABCDEFl, 0x39776742l, 0x3DEF57DAl, + 0x06F67172l, 0x2DDF440Al, 0x59577FA2l, 0x51CF143Al, 0x774761D2l, + 0x29BF486Al, 0x49372802l, 0x35AF609Al, 0x4F275232l, 0x759F5CCAl, + 0x09176062l, 0x6EE762F2l, 0x698F3CFAl, 0x77075292l, 0x8117F12Al, + 0x18F728C2l, 0x6D6F295Al, 0x89ABCDEFl, 0x89ABCDEFl, 0x89ABCDEFl, + 0xFFFFFFFFl, 0x00000000l, 0x00000000l, 0xFFFFFFFFl, 0x76543210l, + 0x76543210l, 0x76543210l, 0x76543210l, 0x76543210l, 0x76543210l, + 0x76543210l, 0x76543210l, 0x76543210l, 0x76543210l, 0x76543210l, + 0x76543210l, 0x76543210l, 0x76543210l, 0x76543210l, 0x76543210l, + 0x76543210l, 0x76543210l, 0x76543210l, 0x76543210l, 0x76543210l, + 0x76543210l, 0x76543210l, 0x76543210l}; + +/* key bytes for variable key tests */ +constexpr uint8_t variable_key[NUM_VARIABLE_KEY_TESTS][8] = { + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, + {0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, + {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, + {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10}, + {0x7C, 0xA1, 0x10, 0x45, 0x4A, 0x1A, 0x6E, 0x57}, + {0x01, 0x31, 0xD9, 0x61, 0x9D, 0xC1, 0x37, 0x6E}, + {0x07, 0xA1, 0x13, 0x3E, 0x4A, 0x0B, 0x26, 0x86}, + {0x38, 0x49, 0x67, 0x4C, 0x26, 0x02, 0x31, 0x9E}, + {0x04, 0xB9, 0x15, 0xBA, 0x43, 0xFE, 0xB5, 0xB6}, + {0x01, 0x13, 0xB9, 0x70, 0xFD, 0x34, 0xF2, 0xCE}, + {0x01, 0x70, 0xF1, 0x75, 0x46, 0x8F, 0xB5, 0xE6}, + {0x43, 0x29, 0x7F, 0xAD, 0x38, 0xE3, 0x73, 0xFE}, + {0x07, 0xA7, 0x13, 0x70, 0x45, 0xDA, 0x2A, 0x16}, + {0x04, 0x68, 0x91, 0x04, 0xC2, 0xFD, 0x3B, 0x2F}, + {0x37, 0xD0, 0x6B, 0xB5, 0x16, 0xCB, 0x75, 0x46}, + {0x1F, 0x08, 0x26, 0x0D, 0x1A, 0xC2, 0x46, 0x5E}, + {0x58, 0x40, 0x23, 0x64, 0x1A, 0xBA, 0x61, 0x76}, + {0x02, 0x58, 0x16, 0x16, 0x46, 0x29, 0xB0, 0x07}, + {0x49, 0x79, 0x3E, 0xBC, 0x79, 0xB3, 0x25, 0x8F}, + {0x4F, 0xB0, 0x5E, 0x15, 0x15, 0xAB, 0x73, 0xA7}, + {0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF}, + {0x01, 0x83, 0x10, 0xDC, 0x40, 0x9B, 0x26, 0xD6}, + {0x1C, 0x58, 0x7F, 0x1C, 0x13, 0x92, 0x4F, 0xEF}, + {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01}, + {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E}, + {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, + {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, + {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10}}; + +/* ciphertext bytes -- left halves */ +constexpr uint32_t ciphertext_l[NUM_VARIABLE_KEY_TESTS + NUM_SET_KEY_TESTS] = { + 0x4EF99745l, 0x51866FD5l, 0x7D856F9Al, 0x2466DD87l, 0x61F9C380l, + 0x7D0CC630l, 0x4EF99745l, 0x0ACEAB0Fl, 0x59C68245l, 0xB1B8CC0Bl, + 0x1730E577l, 0xA25E7856l, 0x353882B1l, 0x48F4D088l, 0x432193B7l, + 0x13F04154l, 0x2EEDDA93l, 0xD887E039l, 0x5F99D04Fl, 0x4A057A3Bl, + 0x452031C1l, 0x7555AE39l, 0x53C55F9Cl, 0x7A8E7BFAl, 0xCF9C5D7Al, + 0xD1ABB290l, 0x55CB3774l, 0xFA34EC48l, 0xA7907951l, 0xC39E072Dl, + 0x014933E0l, 0xF21E9A77l, 0x24594688l, 0x6B5C5A9Cl, 0xF9AD597Cl, + 0xE91D21C1l, 0xE9C2B70Al, 0xBE1E6394l, 0xB39E4448l, 0x9457AA83l, + 0x8BB77032l, 0xE87A244El, 0x15750E7Al, 0x122BA70Bl, 0x3A833C9Al, + 0x9409DA87l, 0x884F8062l, 0x1F85031Cl, 0x79D9373Al, 0x93142887l, + 0x03429E83l, 0xA4299E27l, 0xAFD5AED1l, 0x10851C0El, 0xE6F51ED7l, + 0x64A6E14Al, 0x80C7D7D4l, 0x05044B62l}; + +/* ciphertext bytes -- right halves */ +constexpr uint32_t ciphertext_r[NUM_VARIABLE_KEY_TESTS + NUM_SET_KEY_TESTS] = { + 0x6198DD78l, 0xB85ECB8Al, 0x613063F2l, 0x8B963C9Dl, 0x2281B096l, + 0xAFDA1EC7l, 0x6198DD78l, 0xC6A0A28Dl, 0xEB05282Bl, 0x250F09A0l, + 0x8BEA1DA4l, 0xCF2651EBl, 0x09CE8F1Al, 0x4C379918l, 0x8951FC98l, + 0xD69D1AE5l, 0xFFD39C79l, 0x3C2DA6E3l, 0x5B163969l, 0x24D3977Bl, + 0xE4FADA8El, 0xF59B87BDl, 0xB49FC019l, 0x937E89A3l, 0x4986ADB5l, + 0x658BC778l, 0xD13EF201l, 0x47B268B2l, 0x08EA3CAEl, 0x9FAC631Dl, + 0xCDAFF6E4l, 0xB71C49BCl, 0x5754369Al, 0x5D9E0A5Al, 0x49DB005El, + 0xD961A6D6l, 0x1BC65CF3l, 0x08640F05l, 0x1BDB1E6El, 0xB1928C0Dl, + 0xF960629Dl, 0x2CC85E82l, 0x4F4EC577l, 0x3AB64AE0l, 0xFFC537F6l, + 0xA90F6BF2l, 0x5060B8B4l, 0x19E11968l, 0x714CA34Fl, 0xEE3BE15Cl, + 0x8CE2D14Bl, 0x469FF67Bl, 0xC1BC96A8l, 0x3858DA9Fl, 0x9B9DB21Fl, + 0xFD36B46Fl, 0x5A5479ADl, 0xFA52D080l}; + +/* key bytes for set key tests */ +constexpr uint8_t set_key[] = {0xF0, 0xE1, 0xD2, 0xC3, 0xB4, 0xA5, 0x96, 0x87, + 0x78, 0x69, 0x5A, 0x4B, 0x3C, 0x2D, 0x1E, 0x0F, + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77}; + +constexpr uint64_t set_key_ptext = 0xFEDCBA9876543210; +constexpr uint64_t set_key_ctext[NUM_SET_KEY_TESTS] = { + 0xF9AD597C49DB005E, 0xE91D21C1D961A6D6, 0xE9C2B70A1BC65CF3, + 0xBE1E639408640F05, 0xB39E44481BDB1E6E, 0x9457AA83B1928C0D, + 0x8BB77032F960629D, 0xE87A244E2CC85E82, 0x15750E7A4F4EC577, + 0x122BA70B3AB64AE0, 0x3A833C9AFFC537F6, 0x9409DA87A90F6BF2, + 0x884F80625060B8B4, 0x1F85031C19E11968, 0x79D9373A714CA34F, + 0x93142887EE3BE15C, 0x03429E838CE2D14B, 0xA4299E27469FF67B, + 0xAFD5AED1C1BC96A8, 0x10851C0E3858DA9F, 0xE6F51ED79B9DB21F, + 0x64A6E14AFD36B46F, 0x80C7D7D45A5479AD, 0x05044B62FA52D080}; + |