arcfour-amd64.S |
|
2799 |
arcfour.c |
USE_AMD64_ASM indicates whether to use AMD64 assembly code. |
5879 |
asm-common-aarch64.h |
_ |
3341 |
asm-common-amd64.h |
_ |
5181 |
asm-common-s390x.h |
_ |
2983 |
asm-inline-s390x.h |
GCRY_ASM_INLINE_S390X_H |
4259 |
asm-poly1305-aarch64.h |
_ |
7452 |
asm-poly1305-amd64.h |
poly1305 for stitched chacha20-poly1305 AMD64 implementations
******************************************************************** |
4538 |
asm-poly1305-s390x.h |
poly1305 for stitched chacha20-poly1305
******************************************************************** |
4357 |
bithelp.h |
Rotate the 32 bit unsigned integer X by N bits left/right
|
3368 |
blake2.c |
The code is based on public-domain/CC0 BLAKE2 reference implementation
by Samual Neves, at https://github.com/BLAKE2/BLAKE2/tree/master/ref
Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
|
27179 |
blake2b-amd64-avx2.S |
|
10671 |
blake2s-amd64-avx.S |
|
9269 |
blowfish-amd64.S |
|
11386 |
blowfish-arm.S |
|
18478 |
blowfish.c |
Test values:
key "abcdefghijklmnopqrstuvwxyz";
plain "BLOWFISH"
cipher 32 4E D0 FE F4 13 A2 03
|
37259 |
bufhelp.h |
Compiler is supports attributes needed for automatically issuing unaligned
memory access instructions.
|
9274 |
camellia-aarch64.S |
|
21545 |
camellia-aesni-avx-amd64.S |
|
69192 |
camellia-aesni-avx2-amd64.S |
|
48039 |
camellia-arm.S |
|
22714 |
camellia-glue.c |
I put all the libgcrypt-specific stuff in this file to keep the
camellia.c/camellia.h files exactly as provided by NTT. If they
update their code, this should make it easier to bring the changes
in. - dshaw
There is one small change which needs to be done: Include the
following code at the top of camellia.h: |
33998 |
camellia.c |
Algorithm Specification
http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
|
49017 |
camellia.h |
To use Camellia with libraries it is often useful to keep the name
space of the library clean. The following macro is thus useful:
#define CAMELLIA_EXT_SYM_PREFIX foo_
This prefixes all external symbols with "foo_".
|
3189 |
cast5-amd64.S |
|
13578 |
cast5-arm.S |
|
20771 |
cast5.c |
Test vectors:
128-bit key = 01 23 45 67 12 34 56 78 23 45 67 89 34 56 78 9A
plaintext = 01 23 45 67 89 AB CD EF
ciphertext = 23 8B 4F E5 84 7E 44 B2
80-bit key = 01 23 45 67 12 34 56 78 23 45
= 01 23 45 67 12 34 56 78 23 45 00 00 00 00 00 00
plaintext = 01 23 45 67 89 AB CD EF
ciphertext = EB 6A 71 1A 2C 02 27 1B
40-bit key = 01 23 45 67 12
= 01 23 45 67 12 00 00 00 00 00 00 00 00 00 00 00
plaintext = 01 23 45 67 89 AB CD EF
ciphertext = 7A C8 16 D1 6E 9B 30 2E
|
56868 |
chacha20-aarch64.S |
|
18554 |
chacha20-amd64-avx2.S |
|
16810 |
chacha20-amd64-ssse3.S |
|
25757 |
chacha20-armv7-neon.S |
|
8905 |
chacha20-ppc.c |
2-way && 1-way chacha20
******************************************************************** |
19951 |
chacha20-s390x.S |
|
34647 |
chacha20.c |
Based on D. J. Bernstein reference implementation at
http://cr.yp.to/chacha.html:
chacha-regs.c version 20080118
D. J. Bernstein
Public domain.
|
37848 |
ChangeLog-2011 |
|
143647 |
cipher-aeswrap.c |
Perform the AES-Wrap algorithm as specified by RFC3394. We
implement this as a mode usable with any cipher algorithm of
blocksize 128. |
5737 |
cipher-cbc.c |
We have to be careful here, since outbuf might be equal to
inbuf. |
8203 |
cipher-ccm.c |
Process one block from macbuf. |
10759 |
cipher-cfb.c |
Short enough to be encoded by the remaining XOR mask. |
9474 |
cipher-cmac.c |
Last block is needed for cmac_final. |
7534 |
cipher-ctr.c |
First process a left over encrypted counter. |
3336 |
cipher-eax.c |
Since checksumming is done after encryption, process input in 24KiB
chunks to keep data loaded in L1 cache for checksumming. |
7164 |
cipher-gcm-armv7-neon.S |
|
7750 |
cipher-gcm-armv8-aarch32-ce.S |
|
10267 |
cipher-gcm-armv8-aarch64-ce.S |
|
11565 |
cipher-gcm-intel-pclmul.c |
4.4 |
28869 |
cipher-gcm.c |
Helper macro to force alignment to 16 or 64 bytes. |
31941 |
cipher-internal.h |
The maximum supported size of a block in bytes. |
28093 |
cipher-ocb.c |
Double the OCB_BLOCK_LEN sized block B in-place. |
24621 |
cipher-ofb.c |
Short enough to be encoded by the remaining XOR mask. |
3195 |
cipher-poly1305.c |
Padding to 16 byte boundary. |
9235 |
cipher-selftest.c |
HAVE_SYSLOG |
15123 |
cipher-selftest.h |
Helper function to allocate an aligned context for selftests. |
2481 |
cipher-xts.c |
Data-unit max length: 2^20 blocks. |
5636 |
cipher.c |
This is the list of the default ciphers, which are included in
libgcrypt. |
44139 |
crc-armv8-aarch64-ce.S |
|
13819 |
crc-armv8-ce.c |
Constants structure for generic reflected/non-reflected CRC32 PMULL
functions. |
6121 |
crc-intel-pclmul.c |
4.4 |
26393 |
crc-ppc.c |
Constants structure for generic reflected/non-reflected CRC32 PMULL
functions. |
18680 |
crc.c |
USE_INTEL_PCLMUL indicates whether to compile CRC with Intel PCLMUL/SSE4.1
code. |
35711 |
des-amd64.S |
|
32348 |
des.c |
Written by Michael Roth <mroth@nessie.de>, September 1998
|
50039 |
dsa-common.c |
Modify K, so that computation time difference can be small,
by making K large enough.
Originally, (EC)DSA computation requires k where 0 < k < q. Here,
we add q (the order), to keep k in a range: q < k < 2*q (or,
addming more q, to keep k in a range: 2*q < k < 3*q), so that
timing difference of the EC multiply (or exponentiation) operation
can be small. The result of (EC)DSA computation is same.
|
11342 |
dsa.c |
prime |
42057 |
ecc-common.h |
Definition of a curve. |
6110 |
ecc-curves.c |
This tables defines aliases for curve names. |
53257 |
ecc-ecdh.c |
|
3119 |
ecc-ecdsa.c |
Compute an ECDSA signature.
Return the signature struct (r,s) from the message hash. The caller
must have allocated R and S.
|
6968 |
ecc-eddsa.c |
Helper to scan a hex string. |
31885 |
ecc-gost.c |
Compute an GOST R 34.10-01/-12 signature.
Return the signature struct (r,s) from the message hash. The caller
must have allocated R and S.
|
5919 |
ecc-misc.c |
Release a curve object.
|
10552 |
ecc-sm2.c |
Key derivation function from X9.63/SECG |
13169 |
ecc.c |
This code is originally based on the Patch 0.1.6 for the gnupg
1.4.x branch as retrieved on 2007-03-21 from
http://www.calcurco.cat/eccGnuPG/src/gnupg-1.4.6-ecc0.2.0beta1.diff.bz2
The original authors are:
Written by
Sergi Blanch i Torne <d4372211 at alumnes.eup.udl.es>,
Ramiro Moreno Chiral <ramiro at eup.udl.es>
Maintainers
Sergi Blanch i Torne
Ramiro Moreno Chiral
Mikael Mylnikov (mmr)
For use in Libgcrypt the code has been heavily modified and cleaned
up. In fact there is not much left of the originally code except for
some variable names and the text book implementaion of the sign and
verification algorithms. The arithmetic functions have entirely
been rewritten and moved to mpi/ec.c.
ECDH encrypt and decrypt code written by Andrey Jivsov.
|
48006 |
elgamal.c |
Blinding is used to mitigate side-channel attacks. You may undef
this to speed up the operation in case the system is secured
against physical and network mounted side-channel attacks. |
29889 |
gost-s-box.c |
|
8638 |
gost.h |
This is a simple interface that will be used by GOST R 34.11-94 |
1155 |
gost28147.c |
GOST 28147-89 defines several modes of encryption:
- ECB which should be used only for key transfer
- CFB mode
- OFB-like mode with additional transformation on keystream
RFC 5830 names this 'counter encryption' mode
Original GOST text uses the term 'gammirovanie'
- MAC mode ('imitovstavka')
This implementation handles ECB and CFB modes via usual libgcrypt handling.
OFB-like modes are unsupported.
|
14755 |
gostr3411-94.c |
apply do_a twice: 1 2 3 4 -> 3 4 1^2 2^3 |
9078 |
hash-common.c |
Run a selftest for hash algorithm ALGO. If the resulting digest
matches EXPECT/EXPECTLEN and everything else is fine as well,
return NULL. If an error occurs, return a static text string
describing the error.
DATAMODE controls what will be hashed according to this table:
0 - Hash the supplied DATA of DATALEN.
1 - Hash one million times a 'a'. DATA and DATALEN are ignored.
|
5031 |
hash-common.h |
/ (int algo,
int datamode, const void *data, size_t datalen,
const void *expect, size_t expectlen);
/* Type for the md_write helper function. |
1962 |
idea.c |
Please see http://www.noepatents.org/ to learn why software patents
are bad for society and what you can do to fight them.
The code herein is based on the one from:
Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996.
ISBN 0-471-11709-9.
|
9901 |
kdf-internal.h |
-- kdf.c -- |
1448 |
kdf.c |
Transform a passphrase into a suitable key of length KEYSIZE and
store this key in the caller provided buffer KEYBUFFER. The caller
must provide an HASHALGO, a valid ALGO and depending on that algo a
SALT of 8 bytes and the number of ITERATIONS. Code taken from
gnupg/agent/protect.c:hash_passphrase. |
14488 |
keccak-armv7-neon.S |
|
22295 |
keccak.c |
USE_64BIT indicates whether to use 64-bit generic implementation.
USE_32BIT indicates whether to use 32-bit generic implementation. |
40214 |
keccak_permute_32.h |
The code is based on public-domain/CC0 "keccakc1024/simple32bi/
Keccak-simple32BI.c" implementation by Ronny Van Keer from SUPERCOP toolkit
package.
|
14897 |
keccak_permute_64.h |
The code is based on public-domain/CC0 "keccakc1024/simple/Keccak-simple.c"
implementation by Ronny Van Keer from SUPERCOP toolkit package.
|
9999 |
mac-cmac.c |
Check one CMAC with MAC ALGO using the regular MAC
API. (DATA,DATALEN) is the data to be MACed, (KEY,KEYLEN) the key
and (EXPECT,EXPECTLEN) the expected result. Returns NULL on
success or a string describing the failure. |
15930 |
mac-gmac.c |
|
4139 |
mac-hmac.c |
|
55955 |
mac-internal.h |
The data object used to hold a handle to an encryption object. |
7929 |
mac-poly1305.c |
already checked. |
8675 |
mac.c |
This is the list of the digest implementations included in
libgcrypt. |
16877 |
Makefile.am |
|
8898 |
Makefile.in |
|
60815 |
md.c |
This is the list of the digest implementations included in
libgcrypt. |
37516 |
md4.c |
MD4 test suite:
MD4 ("") = 31d6cfe0d16ae931b73c59d7e0c089c0
MD4 ("a") = bde52cb31de33e46245e05fbdbd6fb24
MD4 ("abc") = a448017aaf21d8525fc10ae87aa6729d
MD4 ("message digest") = d9130a8164549fe818874806e1c7014b
MD4 ("abcdefghijklmnopqrstuvwxyz") = d79e1c308aa5bbcdeea8ed63df412da9
MD4 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") =
043f8582f241db351ce627e153e7f0e4
MD4 ("123456789012345678901234567890123456789012345678901234567890123456
78901234567890") = e33b4ddc9c38f2199c3e7b164fcc0536
|
7587 |
md5.c |
Test values:
"" D4 1D 8C D9 8F 00 B2 04 E9 80 09 98 EC F8 42 7E
"a" 0C C1 75 B9 C0 F1 B6 A8 31 C3 99 E2 69 77 26 61
"abc 90 01 50 98 3C D2 4F B0 D6 96 3F 7D 28 E1 7F 72
"message digest" F9 6B 69 7D 7C B7 93 8D 52 5A 2F 31 AA F1 61 D0
|
9184 |
poly1305-internal.h |
G10_POLY1305_INTERNAL_H |
1774 |
poly1305-s390x.S |
|
2066 |
poly1305.c |
USE_S390X_ASM indicates whether to enable zSeries code. |
20781 |
primegen.c |
Note: 2 is not included because it can be tested more easily by
looking at bit 0. The last entry in this list is marked by a zero |
56997 |
pubkey-internal.h |
-- pubkey-util.c -- |
5029 |
pubkey-util.c |
Callback for the pubkey algorithm code to verify PSS signatures.
OPAQUE is the data provided by the actual caller. The meaning of
TMP depends on the actual algorithm (but there is only RSA); now
for RSA it is the output of running the public key function on the
input. |
31677 |
pubkey.c |
This is the list of the public-key algorithms included in
Libgcrypt. |
23131 |
rfc2268.c |
This implementation was written by Nikos Mavroyanopoulos for GNUTLS
as a Libgcrypt module (gnutls/lib/x509/rc2.c) and later adapted for
direct use by Libgcrypt by Werner Koch. This implementation is
only useful for pkcs#12 decryption.
The implementation here is based on Peter Gutmann's RRC.2 paper.
|
11301 |
rijndael-aarch64.S |
|
14255 |
rijndael-aesni.c |
for memcmp() |
139670 |
rijndael-amd64.S |
|
11649 |
rijndael-arm.S |
|
15828 |
rijndael-armv8-aarch32-ce.S |
|
46051 |
rijndael-armv8-aarch64-ce.S |
|
40765 |
rijndael-armv8-ce.c |
for memcmp() |
14176 |
rijndael-internal.h |
for byte and u32 typedefs |
6697 |
rijndael-padlock.c |
for memcmp() |
3371 |
rijndael-ppc-common.h |
|
9382 |
rijndael-ppc-functions.h |
does not use stack |
52535 |
rijndael-ppc.c |
NOTE: vec needs to be be-swapped using 'asm_be_swap' by caller |
6476 |
rijndael-ppc9le.c |
USE_PPC_CRYPTO |
3072 |
rijndael-s390x.c |
Prepare parameter block. |
30680 |
rijndael-ssse3-amd64-asm.S |
|
22361 |
rijndael-ssse3-amd64.c |
for memcmp() |
22611 |
rijndael-tables.h |
To keep the actual implementation at a readable size we use this
include file to define the tables. |
10139 |
rijndael.c |
for memcmp() |
68199 |
rmd160.c |
Only used for the rmd160_hash_buffer() prototype. |
17958 |
rsa-common.c |
Turn VALUE into an octet string and store it in an allocated buffer
at R_FRAME or - if R_RAME is NULL - copy it into the caller
provided buffer SPACE; either SPACE or R_FRAME may be used. If
SPACE if not NULL, the caller must provide a buffer of at least
NBYTES. If the resulting octet string is shorter than NBYTES pad
it to the left with zeroes. If VALUE does not fit into NBYTES
return an error code. |
31730 |
rsa.c |
This code uses an algorithm protected by U.S. Patent #4,405,829
which expired on September 20, 2000. The patent holder placed that
patent into the public domain on Sep 6th, 2000.
|
55958 |
salsa20-amd64.S |
|
19989 |
salsa20-armv7-neon.S |
|
17452 |
salsa20.c |
The code is based on the code in Nettle
(git commit id 9d2d8ddaee35b91a4e1a32ae77cba04bea3480e7)
which in turn is based on
salsa20-ref.c version 20051118
D. J. Bernstein
Public domain.
|
17208 |
scrypt.c |
We really need a 64 bit type for this code. |
7747 |
seed.c |
for byte and u32 typedefs |
20304 |
serpent-armv7-neon.S |
|
38913 |
serpent-avx2-amd64.S |
|
37158 |
serpent-sse2-amd64.S |
|
35238 |
serpent.c |
USE_SSE2 indicates whether to compile with AMD64 SSE2 code. |
51600 |
sha1-armv7-neon.S |
|
21423 |
sha1-armv8-aarch32-ce.S |
|
6019 |
sha1-armv8-aarch64-ce.S |
|
5714 |
sha1-avx-amd64.S |
|
14969 |
sha1-avx-bmi2-amd64.S |
|
15251 |
sha1-avx2-bmi2-amd64.S |
|
21020 |
sha1-intel-shaext.c |
4.4 |
11949 |
sha1-ssse3-amd64.S |
|
15237 |
sha1.c |
Test vectors:
"abc"
A999 3E36 4706 816A BA3E 2571 7850 C26C 9CD0 D89D
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
8498 3E44 1C3B D26E BAAE 4AA1 F951 29E5 E546 70F1
|
21904 |
sha1.h |
SHA1_USE_S390X_CRYPTO indicates whether to enable zSeries code. |
1546 |
sha256-armv8-aarch32-ce.S |
|
6550 |
sha256-armv8-aarch64-ce.S |
|
6312 |
sha256-avx-amd64.S |
|
17017 |
sha256-avx2-bmi2-amd64.S |
|
15662 |
sha256-intel-shaext.c |
4.4 |
15096 |
sha256-ppc.c |
SHA2 round in vector registers |
28200 |
sha256-ssse3-amd64.S |
|
17393 |
sha256.c |
Test vectors:
"abc"
SHA224: 23097d22 3405d822 8642a477 bda255b3 2aadbce4 bda0b3f7 e36c9da7
SHA256: ba7816bf 8f01cfea 414140de 5dae2223 b00361a3 96177a9c b410ff61 f20015ad
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
SHA224: 75388b16 512776cc 5dba5da1 fd890150 b0c6455c b4f58b19 52522525
SHA256: 248d6a61 d20638b8 e5c02693 0c3e6039 a33ce459 64ff2167 f6ecedd4 19db06c1
"a" one million times
SHA224: 20794655 980c91d8 bbb4c1ea 97618a4b f03f4258 1948b2ee 4ee7ad67
SHA256: cdc76e5c 9914fb92 81a1c7e2 84d73e67 f1809a48 a497200e 046d39cc c7112cd0
|
25104 |
sha512-arm.S |
|
14189 |
sha512-armv7-neon.S |
|
12647 |
sha512-avx-amd64.S |
|
16382 |
sha512-avx2-bmi2-amd64.S |
|
16830 |
sha512-ppc.c |
|
35087 |
sha512-ssse3-amd64.S |
|
16571 |
sha512-ssse3-i386.c |
SHA512 Message Expansion (I2 and W2 macros) based on implementation
from file "sha512-ssse3-amd64.s":
***********************************************************************
Copyright (c) 2012, Intel Corporation
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the
distribution.
* Neither the name of the Intel Corporation nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION "AS IS" AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
***********************************************************************
|
14345 |
sha512.c |
Test vectors from FIPS-180-2:
"abc"
384:
CB00753F 45A35E8B B5A03D69 9AC65007 272C32AB 0EDED163
1A8B605A 43FF5BED 8086072B A1E7CC23 58BAECA1 34C825A7
512:
DDAF35A1 93617ABA CC417349 AE204131 12E6FA4E 89A97EA2 0A9EEEE6 4B55D39A
2192992A 274FC1A8 36BA3C23 A3FEEBBD 454D4423 643CE80E 2A9AC94F A54CA49F
"abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
384:
09330C33 F71147E8 3D192FC7 82CD1B47 53111B17 3B3B05D2
2FA08086 E3B0F712 FCC7C71A 557E2DB9 66C3E9FA 91746039
512:
8E959B75 DAE313DA 8CF4F728 14FC143F 8F7779C6 EB9F7FA1 7299AEAD B6889018
501D289E 4900F7E4 331B99DE C4B5433A C7D329EE B6DD2654 5E96E55B 874BE909
"a" x 1000000
384:
9D0E1809 716474CB 086E834E 310A4A1C ED149E9C 00F24852
7972CEC5 704C2A5B 07B8B3DC 38ECC4EB AE97DDD8 7F3D8985
512:
E718483D 0CE76964 4E2E42C7 BC15B463 8E1F98B1 3B204428 5632A803 AFA973EB
DE0FF244 877EA60A 4CB0432C E577C31B EB009C5C 2C49AA2E 4EADB217 AD8CC09B
|
37577 |
sm3.c |
Test vectors:
"abc"
SM3: 66c7f0f4 62eeedd9 d1f2d46b dc10e4e2 4167c487 5cf2f7a2 297da02b 8f4ba8e0
"abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd"
SM3: debe9ff9 2275b8a1 38604889 c18e5a4d 6fdb70e5 387e5765 293dcba3 9c0c5732
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
SM3: 639b6cc5 e64d9e37 a390b192 df4fa1ea 0720ab74 7ff692b9 f38c4e66 ad7b8c05
"a" one million times
SM3: c8aaf894 29554029 e231941a 2acc0ad6 1ff2a5ac d8fadd25 847a3a73 2b3b02c3
|
14054 |
sm4-aesni-avx-amd64.S |
|
25597 |
sm4-aesni-avx2-amd64.S |
|
22660 |
sm4.c |
for byte and u32 typedefs |
33577 |
stribog.c |
Pre-computed results of multiplication of bytes on A and reordered with
Pi[]. |
68570 |
tiger.c |
See http://www.cs.technion.ac.il/~biham/Reports/Tiger/ |
48693 |
twofish-aarch64.S |
|
7539 |
twofish-amd64.S |
|
26792 |
twofish-arm.S |
|
8877 |
twofish-avx2-amd64.S |
|
25479 |
twofish.c |
for memcmp() |
70841 |
whirlpool-sse2-amd64.S |
|
8780 |
whirlpool.c |
This is an implementation of the Whirlpool hashing algorithm, which
has been developed by Vincent Rijmen and Paulo S. L. M. Barreto;
it's homepage is located at:
http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html
The S-Boxes and the structure of the main transformation function,
which implements an optimized version of the algorithm, is taken
from the reference implementation available from
http://www.larc.usp.br/~pbarreto/whirlpool.zip
|
76406 |