aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAqua-sama <aqua@iserlohn-fortress.net>2020-11-08 20:34:13 +0200
committerAqua-sama <aqua@iserlohn-fortress.net>2020-11-08 20:34:13 +0200
commit51528ecf3d90d09351322e172d91eed0cb45b2e7 (patch)
tree270b22937ccf770a70b287730e4113d1b934ac09
parentAdd compile-time key length check (diff)
downloadblowfish-51528ecf3d90d09351322e172d91eed0cb45b2e7.tar.xz
Add more test vectorsHEADmaster
-rw-r--r--blowfish.hpp50
-rw-r--r--blowfish_init.hpp3
-rw-r--r--main.cpp46
-rw-r--r--makefile13
-rw-r--r--test_set_keys.cpp42
-rw-r--r--test_variable_keys.cpp36
-rw-r--r--vectors.h253
7 files changed, 255 insertions, 188 deletions
diff --git a/blowfish.hpp b/blowfish.hpp
index 3637335..88d865a 100644
--- a/blowfish.hpp
+++ b/blowfish.hpp
@@ -4,9 +4,12 @@
#include "blowfish_init.hpp"
#include <algorithm>
+#include <span>
namespace Blowfish {
-template <std::size_t sz> concept is_valid_key_length = (sz < KEYLEN);
+
+template <std::size_t sz>
+concept is_valid_key_length = (KEYLEN_MIN <= sz && sz <= KEYLEN_MAX);
struct Block {
constexpr Block(uint64_t x) {
@@ -28,23 +31,21 @@ struct Block {
template <std::size_t keylen>
requires is_valid_key_length<keylen> class Context {
public:
- constexpr Context(const std::array<uint8_t, keylen> &key) {
+ constexpr Context(const std::span<const uint8_t> &key) {
for (std::size_t i = 0; i < BOXES; ++i) {
std::copy(S_INIT[i].begin(), S_INIT[i].end(), S[i].begin());
}
- //
- std::size_t k = 0;
for (std::size_t i = 0; i < SUBKEYS; ++i) {
- uint32_t qk = 0;
- for (std::size_t j = 0; j < 4; ++j) {
- qk = (qk << 8) | key[k];
- ++k;
- if (k >= keylen) {
- k = 0;
- }
- }
- P[i] = P_INIT[i] ^ qk;
+ const auto idx0 = (i * 4 + 0) % keylen;
+ const auto idx1 = (i * 4 + 1) % keylen;
+ const auto idx2 = (i * 4 + 2) % keylen;
+ const auto idx3 = (i * 4 + 3) % keylen;
+ const uint32_t qk = (static_cast<uint32_t>(key[idx0]) << 24) +
+ (static_cast<uint32_t>(key[idx1]) << 16) +
+ (static_cast<uint32_t>(key[idx2]) << 8) +
+ static_cast<uint32_t>(key[idx3]);
+ P[i] = P_INIT[i] ^ qk;
}
Block x(0, 0);
@@ -54,6 +55,7 @@ public:
P[i] = x.L;
P[i + 1] = x.R;
}
+
for (std::size_t i = 0; i < BOXES; ++i) {
for (std::size_t j = 0; j < ENTRIES; j += 2) {
x = encrypt(x);
@@ -65,11 +67,12 @@ public:
constexpr Block encrypt(const Block &x) const {
Block y(x);
- for (std::size_t i = 0; i < ROUNDS; ++i) {
- y.L = y.L ^ P[i];
- y.R = F(y.L) ^ y.R;
- std::swap(y.L, y.R);
- }
+ for (std::size_t i = 0; i < ROUNDS; ++i)
+ [[likely]] {
+ y.L = y.L ^ P[i];
+ y.R = F(y.L) ^ y.R;
+ std::swap(y.L, y.R);
+ }
std::swap(y.L, y.R);
y.R = y.R ^ P[16];
y.L = y.L ^ P[17];
@@ -79,11 +82,12 @@ public:
constexpr Block decrypt(const Block &x) const {
Block y(x);
- for (std::size_t i = ROUNDS + 1; i > 1; --i) {
- y.L = y.L ^ P[i];
- y.R = F(y.L) ^ y.R;
- std::swap(y.L, y.R);
- }
+ for (std::size_t i = ROUNDS + 1; i > 1; --i)
+ [[likely]] {
+ y.L = y.L ^ P[i];
+ y.R = F(y.L) ^ y.R;
+ std::swap(y.L, y.R);
+ }
std::swap(y.L, y.R);
y.R = y.R ^ P[1];
y.L = y.L ^ P[0];
diff --git a/blowfish_init.hpp b/blowfish_init.hpp
index 2d7bf6c..7e9a0d9 100644
--- a/blowfish_init.hpp
+++ b/blowfish_init.hpp
@@ -4,7 +4,8 @@
namespace Blowfish {
-constexpr std::size_t KEYLEN = 448 / sizeof(uint8_t);
+constexpr std::size_t KEYLEN_MIN = 32 / 8;
+constexpr std::size_t KEYLEN_MAX = 448 / 8;
constexpr std::size_t ROUNDS = 16;
constexpr std::size_t SUBKEYS = ROUNDS + 2;
constexpr std::size_t BOXES = 4;
diff --git a/main.cpp b/main.cpp
index 2a46d8c..d11aba1 100644
--- a/main.cpp
+++ b/main.cpp
@@ -2,49 +2,11 @@
#include "vectors.h"
#include <cstdio>
-constexpr uint64_t k(const uint8_t key[8]) {
- uint64_t r = 0;
- for (int i = 0; i < 8; ++i) {
- r += static_cast<uint64_t>(key[i]) << (64 - 8 * (i + 1));
- }
- return r;
-}
-
-template <int i> struct wrapper {
- constexpr void operator()() const {
- constexpr Blowfish::Context<8> b(std::to_array(variable_key[i]));
- constexpr Blowfish::Block x(plaintext_l[i], plaintext_r[i]);
-
- constexpr auto y = b.encrypt(x);
- static_assert(y.L == ciphertext_l[i]);
- static_assert(y.R == ciphertext_r[i]);
-
- constexpr auto z = b.decrypt(y);
- static_assert(x.L == z.L);
- static_assert(x.R == z.R);
-
- printf("0x%016lx\t", k(variable_key[i]));
- printf("0x%016lx\t", static_cast<uint64_t>(x));
- printf("0x%016lx\t", static_cast<uint64_t>(y));
- printf("0x%016lx\n", static_cast<uint64_t>(z));
- }
-};
-
-template <template <int> class W, std::size_t... I>
-void caller_impl(std::index_sequence<I...>) {
- int t[] = {0, ((void)W<I>()(), 1)...};
- (void)t;
-}
-
-template <template <int> class W, std::size_t N,
- typename Indices = std::make_index_sequence<N>>
-void call_times() {
- caller_impl<W>(Indices());
-}
+void run_variable_key_wrapper();
+void run_set_key_wrapper();
int main(int, char **) {
- printf("%-18s\t%-18s\t%-18s\t%-18s\n", "/ key", "/ cleartext", "/ encrypt",
- "/ decrypt");
- call_times<wrapper, NUM_VARIABLE_KEY_TESTS>();
+ run_variable_key_wrapper();
+ run_set_key_wrapper();
return 0;
}
diff --git a/makefile b/makefile
index ed10a1a..b4cf5d8 100644
--- a/makefile
+++ b/makefile
@@ -1,20 +1,17 @@
CXX = g++
-CXXFLAGS = -Wall -Wextra -Wpedantic -std=c++2a -g
+CXXFLAGS = -Wall -Wextra -Wpedantic -std=c++2a -g -funroll-loops
+LDFLAGS = -static -static-libgcc -static-libstdc++
RELEASE = -O3 -march=native -mtune=native
-objects = main.o
+objects = main.o test_set_keys.o test_variable_keys.o
default: main
-release:
- $(CXX) -c $(CXXFLAGS) $(RELEASE) main.cpp
- $(CXX) -o main main.o
-
%.o: %.cpp
- $(CXX) -c $(CXXFLAGS) $<
+ $(CXX) -c $(CXXFLAGS) $(RELEASE) $<
main: $(objects)
- g++ -o $@ $^
+ $(CXX) $(LDFLAGS) -o $@ $^
clean:
rm $(objects)
diff --git a/test_set_keys.cpp b/test_set_keys.cpp
new file mode 100644
index 0000000..e963930
--- /dev/null
+++ b/test_set_keys.cpp
@@ -0,0 +1,42 @@
+#include "blowfish.hpp"
+#include "vectors.h"
+#include <cstdio>
+
+template <int sz> constexpr void printKey() {
+ for (int i = 0; i < sz; ++i) {
+ printf("%02x ", set_key[i]);
+ }
+ printf("\n");
+}
+
+template <int i> struct set_key_wrapper {
+ constexpr void operator()() const {
+
+ if constexpr (i < 3) {
+ printf("skip - minimal key length is 32bits (4bytes): current key "
+ "length: %i bytes\n",
+ i + 1);
+ } else {
+ constexpr auto s = std::span(set_key, i + 1);
+
+ constexpr Blowfish::Context<i + 1> b(s);
+ constexpr Blowfish::Block x(set_key_ptext);
+
+ constexpr auto y = b.encrypt(x);
+ static_assert(static_cast<uint64_t>(y) == set_key_ctext[i]);
+ printf("0x%016lx\t", static_cast<uint64_t>(y));
+
+ constexpr auto z = b.decrypt(y);
+ static_assert(static_cast<uint64_t>(z) == set_key_ptext);
+ printf("0x%016lx\t", static_cast<uint64_t>(z));
+
+ printKey<i + 1>();
+ }
+ }
+};
+
+void run_set_key_wrapper() {
+ printf("%-18s\t%-18s\t%-18s\n", "/ encrypt", "/ decrypt", "/ key");
+ call_times<set_key_wrapper, NUM_SET_KEY_TESTS>();
+ printf("%-18s\t0x%016lx\n", "cleartext", set_key_ptext);
+}
diff --git a/test_variable_keys.cpp b/test_variable_keys.cpp
new file mode 100644
index 0000000..8382900
--- /dev/null
+++ b/test_variable_keys.cpp
@@ -0,0 +1,36 @@
+#include "blowfish.hpp"
+#include "vectors.h"
+#include <cstdio>
+
+constexpr uint64_t castVarKey(const uint8_t key[8]) {
+ uint64_t r = 0;
+ for (int i = 0; i < 8; ++i) {
+ r += static_cast<uint64_t>(key[i]) << (64 - 8 * (i + 1));
+ }
+ return r;
+}
+
+template <int i> struct variable_key_wrapper {
+ constexpr void operator()() const {
+ constexpr Blowfish::Context<8> b(std::span(variable_key[i], 8));
+ constexpr Blowfish::Block x(plaintext_l[i], plaintext_r[i]);
+
+ constexpr auto y = b.encrypt(x);
+ static_assert(y.L == ciphertext_l[i]);
+ static_assert(y.R == ciphertext_r[i]);
+
+ constexpr auto z = b.decrypt(y);
+ static_assert(x.L == z.L);
+ static_assert(x.R == z.R);
+
+ printf("0x%016lx\t", castVarKey(variable_key[i]));
+ printf("0x%016lx\t", static_cast<uint64_t>(x));
+ printf("0x%016lx\t", static_cast<uint64_t>(y));
+ printf("0x%016lx\n", static_cast<uint64_t>(z));
+ }
+};
+void run_variable_key_wrapper() {
+ printf("%-18s\t%-18s\t%-18s\t%-18s\n", "/ key", "/ cleartext", "/ encrypt",
+ "/ decrypt");
+ call_times<variable_key_wrapper, NUM_VARIABLE_KEY_TESTS>();
+}
diff --git a/vectors.h b/vectors.h
index a34a040..2835de7 100644
--- a/vectors.h
+++ b/vectors.h
@@ -1,114 +1,139 @@
-#pragma once
-// https://www.schneier.com/wp-content/uploads/2015/12/vectors2-1.txt
-
-/*
- * Author : Randy L. Milbert
- * E-mail : rmilbert@mit.edu
- * Date : 18 Jun 97
- * Description: Eric Young's test vectors for Blowfish.
- */
-
-#define NUM_VARIABLE_KEY_TESTS 34
-#define NUM_SET_KEY_TESTS 24
-
-/* plaintext bytes -- left halves */
-constexpr uint32_t plaintext_l[NUM_VARIABLE_KEY_TESTS + NUM_SET_KEY_TESTS] = {
- 0x00000000l, 0xFFFFFFFFl, 0x10000000l, 0x11111111l, 0x11111111l,
- 0x01234567l, 0x00000000l, 0x01234567l, 0x01A1D6D0l, 0x5CD54CA8l,
- 0x0248D438l, 0x51454B58l, 0x42FD4430l, 0x059B5E08l, 0x0756D8E0l,
- 0x762514B8l, 0x3BDD1190l, 0x26955F68l, 0x164D5E40l, 0x6B056E18l,
- 0x004BD6EFl, 0x480D3900l, 0x437540C8l, 0x072D43A0l, 0x02FE5577l,
- 0x1D9D5C50l, 0x30553228l, 0x01234567l, 0x01234567l, 0x01234567l,
- 0xFFFFFFFFl, 0x00000000l, 0x00000000l, 0xFFFFFFFFl, 0xFEDCBA98l,
- 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l,
- 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l,
- 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l,
- 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l,
- 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l};
-
-/* plaintext bytes -- right halves */
-constexpr uint32_t plaintext_r[NUM_VARIABLE_KEY_TESTS + NUM_SET_KEY_TESTS] = {
- 0x00000000l, 0xFFFFFFFFl, 0x00000001l, 0x11111111l, 0x11111111l,
- 0x89ABCDEFl, 0x00000000l, 0x89ABCDEFl, 0x39776742l, 0x3DEF57DAl,
- 0x06F67172l, 0x2DDF440Al, 0x59577FA2l, 0x51CF143Al, 0x774761D2l,
- 0x29BF486Al, 0x49372802l, 0x35AF609Al, 0x4F275232l, 0x759F5CCAl,
- 0x09176062l, 0x6EE762F2l, 0x698F3CFAl, 0x77075292l, 0x8117F12Al,
- 0x18F728C2l, 0x6D6F295Al, 0x89ABCDEFl, 0x89ABCDEFl, 0x89ABCDEFl,
- 0xFFFFFFFFl, 0x00000000l, 0x00000000l, 0xFFFFFFFFl, 0x76543210l,
- 0x76543210l, 0x76543210l, 0x76543210l, 0x76543210l, 0x76543210l,
- 0x76543210l, 0x76543210l, 0x76543210l, 0x76543210l, 0x76543210l,
- 0x76543210l, 0x76543210l, 0x76543210l, 0x76543210l, 0x76543210l,
- 0x76543210l, 0x76543210l, 0x76543210l, 0x76543210l, 0x76543210l,
- 0x76543210l, 0x76543210l, 0x76543210l};
-
-/* key bytes for variable key tests */
-constexpr uint8_t variable_key[NUM_VARIABLE_KEY_TESTS][8] = {
- {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
- {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
- {0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
- {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
- {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
- {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
- {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
- {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
- {0x7C, 0xA1, 0x10, 0x45, 0x4A, 0x1A, 0x6E, 0x57},
- {0x01, 0x31, 0xD9, 0x61, 0x9D, 0xC1, 0x37, 0x6E},
- {0x07, 0xA1, 0x13, 0x3E, 0x4A, 0x0B, 0x26, 0x86},
- {0x38, 0x49, 0x67, 0x4C, 0x26, 0x02, 0x31, 0x9E},
- {0x04, 0xB9, 0x15, 0xBA, 0x43, 0xFE, 0xB5, 0xB6},
- {0x01, 0x13, 0xB9, 0x70, 0xFD, 0x34, 0xF2, 0xCE},
- {0x01, 0x70, 0xF1, 0x75, 0x46, 0x8F, 0xB5, 0xE6},
- {0x43, 0x29, 0x7F, 0xAD, 0x38, 0xE3, 0x73, 0xFE},
- {0x07, 0xA7, 0x13, 0x70, 0x45, 0xDA, 0x2A, 0x16},
- {0x04, 0x68, 0x91, 0x04, 0xC2, 0xFD, 0x3B, 0x2F},
- {0x37, 0xD0, 0x6B, 0xB5, 0x16, 0xCB, 0x75, 0x46},
- {0x1F, 0x08, 0x26, 0x0D, 0x1A, 0xC2, 0x46, 0x5E},
- {0x58, 0x40, 0x23, 0x64, 0x1A, 0xBA, 0x61, 0x76},
- {0x02, 0x58, 0x16, 0x16, 0x46, 0x29, 0xB0, 0x07},
- {0x49, 0x79, 0x3E, 0xBC, 0x79, 0xB3, 0x25, 0x8F},
- {0x4F, 0xB0, 0x5E, 0x15, 0x15, 0xAB, 0x73, 0xA7},
- {0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF},
- {0x01, 0x83, 0x10, 0xDC, 0x40, 0x9B, 0x26, 0xD6},
- {0x1C, 0x58, 0x7F, 0x1C, 0x13, 0x92, 0x4F, 0xEF},
- {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
- {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E},
- {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE},
- {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
- {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
- {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
- {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10}};
-
-/* key bytes for set key tests */
-unsigned char set_key[24] = {0xF0, 0xE1, 0xD2, 0xC3, 0xB4, 0xA5, 0x96, 0x87,
- 0x78, 0x69, 0x5A, 0x4B, 0x3C, 0x2D, 0x1E, 0x0F,
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
-
-/* ciphertext bytes -- left halves */
-constexpr uint32_t ciphertext_l[NUM_VARIABLE_KEY_TESTS + NUM_SET_KEY_TESTS] = {
- 0x4EF99745l, 0x51866FD5l, 0x7D856F9Al, 0x2466DD87l, 0x61F9C380l,
- 0x7D0CC630l, 0x4EF99745l, 0x0ACEAB0Fl, 0x59C68245l, 0xB1B8CC0Bl,
- 0x1730E577l, 0xA25E7856l, 0x353882B1l, 0x48F4D088l, 0x432193B7l,
- 0x13F04154l, 0x2EEDDA93l, 0xD887E039l, 0x5F99D04Fl, 0x4A057A3Bl,
- 0x452031C1l, 0x7555AE39l, 0x53C55F9Cl, 0x7A8E7BFAl, 0xCF9C5D7Al,
- 0xD1ABB290l, 0x55CB3774l, 0xFA34EC48l, 0xA7907951l, 0xC39E072Dl,
- 0x014933E0l, 0xF21E9A77l, 0x24594688l, 0x6B5C5A9Cl, 0xF9AD597Cl,
- 0xE91D21C1l, 0xE9C2B70Al, 0xBE1E6394l, 0xB39E4448l, 0x9457AA83l,
- 0x8BB77032l, 0xE87A244El, 0x15750E7Al, 0x122BA70Bl, 0x3A833C9Al,
- 0x9409DA87l, 0x884F8062l, 0x1F85031Cl, 0x79D9373Al, 0x93142887l,
- 0x03429E83l, 0xA4299E27l, 0xAFD5AED1l, 0x10851C0El, 0xE6F51ED7l,
- 0x64A6E14Al, 0x80C7D7D4l, 0x05044B62l};
-
-/* ciphertext bytes -- right halves */
-constexpr uint32_t ciphertext_r[NUM_VARIABLE_KEY_TESTS + NUM_SET_KEY_TESTS] = {
- 0x6198DD78l, 0xB85ECB8Al, 0x613063F2l, 0x8B963C9Dl, 0x2281B096l,
- 0xAFDA1EC7l, 0x6198DD78l, 0xC6A0A28Dl, 0xEB05282Bl, 0x250F09A0l,
- 0x8BEA1DA4l, 0xCF2651EBl, 0x09CE8F1Al, 0x4C379918l, 0x8951FC98l,
- 0xD69D1AE5l, 0xFFD39C79l, 0x3C2DA6E3l, 0x5B163969l, 0x24D3977Bl,
- 0xE4FADA8El, 0xF59B87BDl, 0xB49FC019l, 0x937E89A3l, 0x4986ADB5l,
- 0x658BC778l, 0xD13EF201l, 0x47B268B2l, 0x08EA3CAEl, 0x9FAC631Dl,
- 0xCDAFF6E4l, 0xB71C49BCl, 0x5754369Al, 0x5D9E0A5Al, 0x49DB005El,
- 0xD961A6D6l, 0x1BC65CF3l, 0x08640F05l, 0x1BDB1E6El, 0xB1928C0Dl,
- 0xF960629Dl, 0x2CC85E82l, 0x4F4EC577l, 0x3AB64AE0l, 0xFFC537F6l,
- 0xA90F6BF2l, 0x5060B8B4l, 0x19E11968l, 0x714CA34Fl, 0xEE3BE15Cl,
- 0x8CE2D14Bl, 0x469FF67Bl, 0xC1BC96A8l, 0x3858DA9Fl, 0x9B9DB21Fl,
- 0xFD36B46Fl, 0x5A5479ADl, 0xFA52D080l};
+#pragma once
+
+template <template <int> class W, std::size_t... I>
+void caller_impl(std::index_sequence<I...>) {
+ int t[] = {0, ((void)W<I>()(), 1)...};
+ (void)t;
+}
+
+template <template <int> class W, std::size_t N,
+ typename Indices = std::make_index_sequence<N>>
+void call_times() {
+ caller_impl<W>(Indices());
+}
+
+// https://www.schneier.com/wp-content/uploads/2015/12/vectors2-1.txt
+
+/*
+ * Author : Randy L. Milbert
+ * E-mail : rmilbert@mit.edu
+ * Date : 18 Jun 97
+ * Description: Eric Young's test vectors for Blowfish.
+ */
+
+constexpr std::size_t NUM_VARIABLE_KEY_TESTS = 34;
+constexpr std::size_t NUM_SET_KEY_TESTS = 24;
+
+/* plaintext bytes -- left halves */
+constexpr uint32_t plaintext_l[NUM_VARIABLE_KEY_TESTS + NUM_SET_KEY_TESTS] = {
+ 0x00000000l, 0xFFFFFFFFl, 0x10000000l, 0x11111111l, 0x11111111l,
+ 0x01234567l, 0x00000000l, 0x01234567l, 0x01A1D6D0l, 0x5CD54CA8l,
+ 0x0248D438l, 0x51454B58l, 0x42FD4430l, 0x059B5E08l, 0x0756D8E0l,
+ 0x762514B8l, 0x3BDD1190l, 0x26955F68l, 0x164D5E40l, 0x6B056E18l,
+ 0x004BD6EFl, 0x480D3900l, 0x437540C8l, 0x072D43A0l, 0x02FE5577l,
+ 0x1D9D5C50l, 0x30553228l, 0x01234567l, 0x01234567l, 0x01234567l,
+ 0xFFFFFFFFl, 0x00000000l, 0x00000000l, 0xFFFFFFFFl, 0xFEDCBA98l,
+ 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l,
+ 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l,
+ 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l,
+ 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l,
+ 0xFEDCBA98l, 0xFEDCBA98l, 0xFEDCBA98l};
+
+/* plaintext bytes -- right halves */
+constexpr uint32_t plaintext_r[NUM_VARIABLE_KEY_TESTS + NUM_SET_KEY_TESTS] = {
+ 0x00000000l, 0xFFFFFFFFl, 0x00000001l, 0x11111111l, 0x11111111l,
+ 0x89ABCDEFl, 0x00000000l, 0x89ABCDEFl, 0x39776742l, 0x3DEF57DAl,
+ 0x06F67172l, 0x2DDF440Al, 0x59577FA2l, 0x51CF143Al, 0x774761D2l,
+ 0x29BF486Al, 0x49372802l, 0x35AF609Al, 0x4F275232l, 0x759F5CCAl,
+ 0x09176062l, 0x6EE762F2l, 0x698F3CFAl, 0x77075292l, 0x8117F12Al,
+ 0x18F728C2l, 0x6D6F295Al, 0x89ABCDEFl, 0x89ABCDEFl, 0x89ABCDEFl,
+ 0xFFFFFFFFl, 0x00000000l, 0x00000000l, 0xFFFFFFFFl, 0x76543210l,
+ 0x76543210l, 0x76543210l, 0x76543210l, 0x76543210l, 0x76543210l,
+ 0x76543210l, 0x76543210l, 0x76543210l, 0x76543210l, 0x76543210l,
+ 0x76543210l, 0x76543210l, 0x76543210l, 0x76543210l, 0x76543210l,
+ 0x76543210l, 0x76543210l, 0x76543210l, 0x76543210l, 0x76543210l,
+ 0x76543210l, 0x76543210l, 0x76543210l};
+
+/* key bytes for variable key tests */
+constexpr uint8_t variable_key[NUM_VARIABLE_KEY_TESTS][8] = {
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
+ {0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
+ {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
+ {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
+ {0x7C, 0xA1, 0x10, 0x45, 0x4A, 0x1A, 0x6E, 0x57},
+ {0x01, 0x31, 0xD9, 0x61, 0x9D, 0xC1, 0x37, 0x6E},
+ {0x07, 0xA1, 0x13, 0x3E, 0x4A, 0x0B, 0x26, 0x86},
+ {0x38, 0x49, 0x67, 0x4C, 0x26, 0x02, 0x31, 0x9E},
+ {0x04, 0xB9, 0x15, 0xBA, 0x43, 0xFE, 0xB5, 0xB6},
+ {0x01, 0x13, 0xB9, 0x70, 0xFD, 0x34, 0xF2, 0xCE},
+ {0x01, 0x70, 0xF1, 0x75, 0x46, 0x8F, 0xB5, 0xE6},
+ {0x43, 0x29, 0x7F, 0xAD, 0x38, 0xE3, 0x73, 0xFE},
+ {0x07, 0xA7, 0x13, 0x70, 0x45, 0xDA, 0x2A, 0x16},
+ {0x04, 0x68, 0x91, 0x04, 0xC2, 0xFD, 0x3B, 0x2F},
+ {0x37, 0xD0, 0x6B, 0xB5, 0x16, 0xCB, 0x75, 0x46},
+ {0x1F, 0x08, 0x26, 0x0D, 0x1A, 0xC2, 0x46, 0x5E},
+ {0x58, 0x40, 0x23, 0x64, 0x1A, 0xBA, 0x61, 0x76},
+ {0x02, 0x58, 0x16, 0x16, 0x46, 0x29, 0xB0, 0x07},
+ {0x49, 0x79, 0x3E, 0xBC, 0x79, 0xB3, 0x25, 0x8F},
+ {0x4F, 0xB0, 0x5E, 0x15, 0x15, 0xAB, 0x73, 0xA7},
+ {0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF},
+ {0x01, 0x83, 0x10, 0xDC, 0x40, 0x9B, 0x26, 0xD6},
+ {0x1C, 0x58, 0x7F, 0x1C, 0x13, 0x92, 0x4F, 0xEF},
+ {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
+ {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E},
+ {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
+ {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
+ {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10}};
+
+/* ciphertext bytes -- left halves */
+constexpr uint32_t ciphertext_l[NUM_VARIABLE_KEY_TESTS + NUM_SET_KEY_TESTS] = {
+ 0x4EF99745l, 0x51866FD5l, 0x7D856F9Al, 0x2466DD87l, 0x61F9C380l,
+ 0x7D0CC630l, 0x4EF99745l, 0x0ACEAB0Fl, 0x59C68245l, 0xB1B8CC0Bl,
+ 0x1730E577l, 0xA25E7856l, 0x353882B1l, 0x48F4D088l, 0x432193B7l,
+ 0x13F04154l, 0x2EEDDA93l, 0xD887E039l, 0x5F99D04Fl, 0x4A057A3Bl,
+ 0x452031C1l, 0x7555AE39l, 0x53C55F9Cl, 0x7A8E7BFAl, 0xCF9C5D7Al,
+ 0xD1ABB290l, 0x55CB3774l, 0xFA34EC48l, 0xA7907951l, 0xC39E072Dl,
+ 0x014933E0l, 0xF21E9A77l, 0x24594688l, 0x6B5C5A9Cl, 0xF9AD597Cl,
+ 0xE91D21C1l, 0xE9C2B70Al, 0xBE1E6394l, 0xB39E4448l, 0x9457AA83l,
+ 0x8BB77032l, 0xE87A244El, 0x15750E7Al, 0x122BA70Bl, 0x3A833C9Al,
+ 0x9409DA87l, 0x884F8062l, 0x1F85031Cl, 0x79D9373Al, 0x93142887l,
+ 0x03429E83l, 0xA4299E27l, 0xAFD5AED1l, 0x10851C0El, 0xE6F51ED7l,
+ 0x64A6E14Al, 0x80C7D7D4l, 0x05044B62l};
+
+/* ciphertext bytes -- right halves */
+constexpr uint32_t ciphertext_r[NUM_VARIABLE_KEY_TESTS + NUM_SET_KEY_TESTS] = {
+ 0x6198DD78l, 0xB85ECB8Al, 0x613063F2l, 0x8B963C9Dl, 0x2281B096l,
+ 0xAFDA1EC7l, 0x6198DD78l, 0xC6A0A28Dl, 0xEB05282Bl, 0x250F09A0l,
+ 0x8BEA1DA4l, 0xCF2651EBl, 0x09CE8F1Al, 0x4C379918l, 0x8951FC98l,
+ 0xD69D1AE5l, 0xFFD39C79l, 0x3C2DA6E3l, 0x5B163969l, 0x24D3977Bl,
+ 0xE4FADA8El, 0xF59B87BDl, 0xB49FC019l, 0x937E89A3l, 0x4986ADB5l,
+ 0x658BC778l, 0xD13EF201l, 0x47B268B2l, 0x08EA3CAEl, 0x9FAC631Dl,
+ 0xCDAFF6E4l, 0xB71C49BCl, 0x5754369Al, 0x5D9E0A5Al, 0x49DB005El,
+ 0xD961A6D6l, 0x1BC65CF3l, 0x08640F05l, 0x1BDB1E6El, 0xB1928C0Dl,
+ 0xF960629Dl, 0x2CC85E82l, 0x4F4EC577l, 0x3AB64AE0l, 0xFFC537F6l,
+ 0xA90F6BF2l, 0x5060B8B4l, 0x19E11968l, 0x714CA34Fl, 0xEE3BE15Cl,
+ 0x8CE2D14Bl, 0x469FF67Bl, 0xC1BC96A8l, 0x3858DA9Fl, 0x9B9DB21Fl,
+ 0xFD36B46Fl, 0x5A5479ADl, 0xFA52D080l};
+
+/* key bytes for set key tests */
+constexpr uint8_t set_key[] = {0xF0, 0xE1, 0xD2, 0xC3, 0xB4, 0xA5, 0x96, 0x87,
+ 0x78, 0x69, 0x5A, 0x4B, 0x3C, 0x2D, 0x1E, 0x0F,
+ 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77};
+
+constexpr uint64_t set_key_ptext = 0xFEDCBA9876543210;
+constexpr uint64_t set_key_ctext[NUM_SET_KEY_TESTS] = {
+ 0xF9AD597C49DB005E, 0xE91D21C1D961A6D6, 0xE9C2B70A1BC65CF3,
+ 0xBE1E639408640F05, 0xB39E44481BDB1E6E, 0x9457AA83B1928C0D,
+ 0x8BB77032F960629D, 0xE87A244E2CC85E82, 0x15750E7A4F4EC577,
+ 0x122BA70B3AB64AE0, 0x3A833C9AFFC537F6, 0x9409DA87A90F6BF2,
+ 0x884F80625060B8B4, 0x1F85031C19E11968, 0x79D9373A714CA34F,
+ 0x93142887EE3BE15C, 0x03429E838CE2D14B, 0xA4299E27469FF67B,
+ 0xAFD5AED1C1BC96A8, 0x10851C0E3858DA9F, 0xE6F51ED79B9DB21F,
+ 0x64A6E14AFD36B46F, 0x80C7D7D45A5479AD, 0x05044B62FA52D080};
+