Name Description Size
arcfour-amd64.S 2799
arcfour.c USE_AMD64_ASM indicates whether to use AMD64 assembly code. 5879
asm-common-aarch64.h _ 3341
asm-common-amd64.h _ 5181
asm-common-s390x.h _ 2983
asm-inline-s390x.h GCRY_ASM_INLINE_S390X_H 4259
asm-poly1305-aarch64.h _ 7452
asm-poly1305-amd64.h poly1305 for stitched chacha20-poly1305 AMD64 implementations ******************************************************************** 4538
asm-poly1305-s390x.h poly1305 for stitched chacha20-poly1305 ******************************************************************** 4357
bithelp.h Rotate the 32 bit unsigned integer X by N bits left/right 3368
blake2.c The code is based on public-domain/CC0 BLAKE2 reference implementation by Samual Neves, at https://github.com/BLAKE2/BLAKE2/tree/master/ref Copyright 2012, Samuel Neves <sneves@dei.uc.pt> 27179
blake2b-amd64-avx2.S 10671
blake2s-amd64-avx.S 9269
blowfish-amd64.S 11386
blowfish-arm.S 18478
blowfish.c Test values: key "abcdefghijklmnopqrstuvwxyz"; plain "BLOWFISH" cipher 32 4E D0 FE F4 13 A2 03 37259
bufhelp.h Compiler is supports attributes needed for automatically issuing unaligned memory access instructions. 9274
camellia-aarch64.S 21545
camellia-aesni-avx-amd64.S 69192
camellia-aesni-avx2-amd64.S 48039
camellia-arm.S 22714
camellia-glue.c I put all the libgcrypt-specific stuff in this file to keep the camellia.c/camellia.h files exactly as provided by NTT. If they update their code, this should make it easier to bring the changes in. - dshaw There is one small change which needs to be done: Include the following code at the top of camellia.h: 33998
camellia.c Algorithm Specification http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html 49017
camellia.h To use Camellia with libraries it is often useful to keep the name space of the library clean. The following macro is thus useful: #define CAMELLIA_EXT_SYM_PREFIX foo_ This prefixes all external symbols with "foo_". 3189
cast5-amd64.S 13578
cast5-arm.S 20771
cast5.c Test vectors: 128-bit key = 01 23 45 67 12 34 56 78 23 45 67 89 34 56 78 9A plaintext = 01 23 45 67 89 AB CD EF ciphertext = 23 8B 4F E5 84 7E 44 B2 80-bit key = 01 23 45 67 12 34 56 78 23 45 = 01 23 45 67 12 34 56 78 23 45 00 00 00 00 00 00 plaintext = 01 23 45 67 89 AB CD EF ciphertext = EB 6A 71 1A 2C 02 27 1B 40-bit key = 01 23 45 67 12 = 01 23 45 67 12 00 00 00 00 00 00 00 00 00 00 00 plaintext = 01 23 45 67 89 AB CD EF ciphertext = 7A C8 16 D1 6E 9B 30 2E 56868
chacha20-aarch64.S 18554
chacha20-amd64-avx2.S 16810
chacha20-amd64-ssse3.S 25757
chacha20-armv7-neon.S 8905
chacha20-ppc.c 2-way && 1-way chacha20 ******************************************************************** 19951
chacha20-s390x.S 34647
chacha20.c Based on D. J. Bernstein reference implementation at http://cr.yp.to/chacha.html: chacha-regs.c version 20080118 D. J. Bernstein Public domain. 37848
ChangeLog-2011 143647
cipher-aeswrap.c Perform the AES-Wrap algorithm as specified by RFC3394. We implement this as a mode usable with any cipher algorithm of blocksize 128. 5737
cipher-cbc.c We have to be careful here, since outbuf might be equal to inbuf. 8203
cipher-ccm.c Process one block from macbuf. 10759
cipher-cfb.c Short enough to be encoded by the remaining XOR mask. 9474
cipher-cmac.c Last block is needed for cmac_final. 7534
cipher-ctr.c First process a left over encrypted counter. 3336
cipher-eax.c Since checksumming is done after encryption, process input in 24KiB chunks to keep data loaded in L1 cache for checksumming. 7164
cipher-gcm-armv7-neon.S 7750
cipher-gcm-armv8-aarch32-ce.S 10267
cipher-gcm-armv8-aarch64-ce.S 11565
cipher-gcm-intel-pclmul.c 4.4 28869
cipher-gcm.c Helper macro to force alignment to 16 or 64 bytes. 31941
cipher-internal.h The maximum supported size of a block in bytes. 28093
cipher-ocb.c Double the OCB_BLOCK_LEN sized block B in-place. 24621
cipher-ofb.c Short enough to be encoded by the remaining XOR mask. 3195
cipher-poly1305.c Padding to 16 byte boundary. 9235
cipher-selftest.c HAVE_SYSLOG 15123
cipher-selftest.h Helper function to allocate an aligned context for selftests. 2481
cipher-xts.c Data-unit max length: 2^20 blocks. 5636
cipher.c This is the list of the default ciphers, which are included in libgcrypt. 44139
crc-armv8-aarch64-ce.S 13819
crc-armv8-ce.c Constants structure for generic reflected/non-reflected CRC32 PMULL functions. 6121
crc-intel-pclmul.c 4.4 26393
crc-ppc.c Constants structure for generic reflected/non-reflected CRC32 PMULL functions. 18680
crc.c USE_INTEL_PCLMUL indicates whether to compile CRC with Intel PCLMUL/SSE4.1 code. 35711
des-amd64.S 32348
des.c Written by Michael Roth <mroth@nessie.de>, September 1998 50039
dsa-common.c Modify K, so that computation time difference can be small, by making K large enough. Originally, (EC)DSA computation requires k where 0 < k < q. Here, we add q (the order), to keep k in a range: q < k < 2*q (or, addming more q, to keep k in a range: 2*q < k < 3*q), so that timing difference of the EC multiply (or exponentiation) operation can be small. The result of (EC)DSA computation is same. 11342
dsa.c prime 42057
ecc-common.h Definition of a curve. 6110
ecc-curves.c This tables defines aliases for curve names. 53257
ecc-ecdh.c 3119
ecc-ecdsa.c Compute an ECDSA signature. Return the signature struct (r,s) from the message hash. The caller must have allocated R and S. 6968
ecc-eddsa.c Helper to scan a hex string. 31885
ecc-gost.c Compute an GOST R 34.10-01/-12 signature. Return the signature struct (r,s) from the message hash. The caller must have allocated R and S. 5919
ecc-misc.c Release a curve object. 10552
ecc-sm2.c Key derivation function from X9.63/SECG 13169
ecc.c This code is originally based on the Patch 0.1.6 for the gnupg 1.4.x branch as retrieved on 2007-03-21 from http://www.calcurco.cat/eccGnuPG/src/gnupg-1.4.6-ecc0.2.0beta1.diff.bz2 The original authors are: Written by Sergi Blanch i Torne <d4372211 at alumnes.eup.udl.es>, Ramiro Moreno Chiral <ramiro at eup.udl.es> Maintainers Sergi Blanch i Torne Ramiro Moreno Chiral Mikael Mylnikov (mmr) For use in Libgcrypt the code has been heavily modified and cleaned up. In fact there is not much left of the originally code except for some variable names and the text book implementaion of the sign and verification algorithms. The arithmetic functions have entirely been rewritten and moved to mpi/ec.c. ECDH encrypt and decrypt code written by Andrey Jivsov. 48006
elgamal.c Blinding is used to mitigate side-channel attacks. You may undef this to speed up the operation in case the system is secured against physical and network mounted side-channel attacks. 29889
gost-s-box.c 8638
gost.h This is a simple interface that will be used by GOST R 34.11-94 1155
gost28147.c GOST 28147-89 defines several modes of encryption: - ECB which should be used only for key transfer - CFB mode - OFB-like mode with additional transformation on keystream RFC 5830 names this 'counter encryption' mode Original GOST text uses the term 'gammirovanie' - MAC mode ('imitovstavka') This implementation handles ECB and CFB modes via usual libgcrypt handling. OFB-like modes are unsupported. 14755
gostr3411-94.c apply do_a twice: 1 2 3 4 -> 3 4 1^2 2^3 9078
hash-common.c Run a selftest for hash algorithm ALGO. If the resulting digest matches EXPECT/EXPECTLEN and everything else is fine as well, return NULL. If an error occurs, return a static text string describing the error. DATAMODE controls what will be hashed according to this table: 0 - Hash the supplied DATA of DATALEN. 1 - Hash one million times a 'a'. DATA and DATALEN are ignored. 5031
hash-common.h / (int algo, int datamode, const void *data, size_t datalen, const void *expect, size_t expectlen); /* Type for the md_write helper function. 1962
idea.c Please see http://www.noepatents.org/ to learn why software patents are bad for society and what you can do to fight them. The code herein is based on the one from: Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996. ISBN 0-471-11709-9. 9901
kdf-internal.h -- kdf.c -- 1448
kdf.c Transform a passphrase into a suitable key of length KEYSIZE and store this key in the caller provided buffer KEYBUFFER. The caller must provide an HASHALGO, a valid ALGO and depending on that algo a SALT of 8 bytes and the number of ITERATIONS. Code taken from gnupg/agent/protect.c:hash_passphrase. 14488
keccak-armv7-neon.S 22295
keccak.c USE_64BIT indicates whether to use 64-bit generic implementation. USE_32BIT indicates whether to use 32-bit generic implementation. 40214
keccak_permute_32.h The code is based on public-domain/CC0 "keccakc1024/simple32bi/ Keccak-simple32BI.c" implementation by Ronny Van Keer from SUPERCOP toolkit package. 14897
keccak_permute_64.h The code is based on public-domain/CC0 "keccakc1024/simple/Keccak-simple.c" implementation by Ronny Van Keer from SUPERCOP toolkit package. 9999
mac-cmac.c Check one CMAC with MAC ALGO using the regular MAC API. (DATA,DATALEN) is the data to be MACed, (KEY,KEYLEN) the key and (EXPECT,EXPECTLEN) the expected result. Returns NULL on success or a string describing the failure. 15930
mac-gmac.c 4139
mac-hmac.c 55955
mac-internal.h The data object used to hold a handle to an encryption object. 7929
mac-poly1305.c already checked. 8675
mac.c This is the list of the digest implementations included in libgcrypt. 16877
Makefile.am 8898
Makefile.in 60815
md.c This is the list of the digest implementations included in libgcrypt. 37516
md4.c MD4 test suite: MD4 ("") = 31d6cfe0d16ae931b73c59d7e0c089c0 MD4 ("a") = bde52cb31de33e46245e05fbdbd6fb24 MD4 ("abc") = a448017aaf21d8525fc10ae87aa6729d MD4 ("message digest") = d9130a8164549fe818874806e1c7014b MD4 ("abcdefghijklmnopqrstuvwxyz") = d79e1c308aa5bbcdeea8ed63df412da9 MD4 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") = 043f8582f241db351ce627e153e7f0e4 MD4 ("123456789012345678901234567890123456789012345678901234567890123456 78901234567890") = e33b4ddc9c38f2199c3e7b164fcc0536 7587
md5.c Test values: "" D4 1D 8C D9 8F 00 B2 04 E9 80 09 98 EC F8 42 7E "a" 0C C1 75 B9 C0 F1 B6 A8 31 C3 99 E2 69 77 26 61 "abc 90 01 50 98 3C D2 4F B0 D6 96 3F 7D 28 E1 7F 72 "message digest" F9 6B 69 7D 7C B7 93 8D 52 5A 2F 31 AA F1 61 D0 9184
poly1305-internal.h G10_POLY1305_INTERNAL_H 1774
poly1305-s390x.S 2066
poly1305.c USE_S390X_ASM indicates whether to enable zSeries code. 20781
primegen.c Note: 2 is not included because it can be tested more easily by looking at bit 0. The last entry in this list is marked by a zero 56997
pubkey-internal.h -- pubkey-util.c -- 5029
pubkey-util.c Callback for the pubkey algorithm code to verify PSS signatures. OPAQUE is the data provided by the actual caller. The meaning of TMP depends on the actual algorithm (but there is only RSA); now for RSA it is the output of running the public key function on the input. 31677
pubkey.c This is the list of the public-key algorithms included in Libgcrypt. 23131
rfc2268.c This implementation was written by Nikos Mavroyanopoulos for GNUTLS as a Libgcrypt module (gnutls/lib/x509/rc2.c) and later adapted for direct use by Libgcrypt by Werner Koch. This implementation is only useful for pkcs#12 decryption. The implementation here is based on Peter Gutmann's RRC.2 paper. 11301
rijndael-aarch64.S 14255
rijndael-aesni.c for memcmp() 139670
rijndael-amd64.S 11649
rijndael-arm.S 15828
rijndael-armv8-aarch32-ce.S 46051
rijndael-armv8-aarch64-ce.S 40765
rijndael-armv8-ce.c for memcmp() 14176
rijndael-internal.h for byte and u32 typedefs 6697
rijndael-padlock.c for memcmp() 3371
rijndael-ppc-common.h 9382
rijndael-ppc-functions.h does not use stack 52535
rijndael-ppc.c NOTE: vec needs to be be-swapped using 'asm_be_swap' by caller 6476
rijndael-ppc9le.c USE_PPC_CRYPTO 3072
rijndael-s390x.c Prepare parameter block. 30680
rijndael-ssse3-amd64-asm.S 22361
rijndael-ssse3-amd64.c for memcmp() 22611
rijndael-tables.h To keep the actual implementation at a readable size we use this include file to define the tables. 10139
rijndael.c for memcmp() 68199
rmd160.c Only used for the rmd160_hash_buffer() prototype. 17958
rsa-common.c Turn VALUE into an octet string and store it in an allocated buffer at R_FRAME or - if R_RAME is NULL - copy it into the caller provided buffer SPACE; either SPACE or R_FRAME may be used. If SPACE if not NULL, the caller must provide a buffer of at least NBYTES. If the resulting octet string is shorter than NBYTES pad it to the left with zeroes. If VALUE does not fit into NBYTES return an error code. 31730
rsa.c This code uses an algorithm protected by U.S. Patent #4,405,829 which expired on September 20, 2000. The patent holder placed that patent into the public domain on Sep 6th, 2000. 55958
salsa20-amd64.S 19989
salsa20-armv7-neon.S 17452
salsa20.c The code is based on the code in Nettle (git commit id 9d2d8ddaee35b91a4e1a32ae77cba04bea3480e7) which in turn is based on salsa20-ref.c version 20051118 D. J. Bernstein Public domain. 17208
scrypt.c We really need a 64 bit type for this code. 7747
seed.c for byte and u32 typedefs 20304
serpent-armv7-neon.S 38913
serpent-avx2-amd64.S 37158
serpent-sse2-amd64.S 35238
serpent.c USE_SSE2 indicates whether to compile with AMD64 SSE2 code. 51600
sha1-armv7-neon.S 21423
sha1-armv8-aarch32-ce.S 6019
sha1-armv8-aarch64-ce.S 5714
sha1-avx-amd64.S 14969
sha1-avx-bmi2-amd64.S 15251
sha1-avx2-bmi2-amd64.S 21020
sha1-intel-shaext.c 4.4 11949
sha1-ssse3-amd64.S 15237
sha1.c Test vectors: "abc" A999 3E36 4706 816A BA3E 2571 7850 C26C 9CD0 D89D "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" 8498 3E44 1C3B D26E BAAE 4AA1 F951 29E5 E546 70F1 21904
sha1.h SHA1_USE_S390X_CRYPTO indicates whether to enable zSeries code. 1546
sha256-armv8-aarch32-ce.S 6550
sha256-armv8-aarch64-ce.S 6312
sha256-avx-amd64.S 17017
sha256-avx2-bmi2-amd64.S 15662
sha256-intel-shaext.c 4.4 15096
sha256-ppc.c SHA2 round in vector registers 28200
sha256-ssse3-amd64.S 17393
sha256.c Test vectors: "abc" SHA224: 23097d22 3405d822 8642a477 bda255b3 2aadbce4 bda0b3f7 e36c9da7 SHA256: ba7816bf 8f01cfea 414140de 5dae2223 b00361a3 96177a9c b410ff61 f20015ad "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" SHA224: 75388b16 512776cc 5dba5da1 fd890150 b0c6455c b4f58b19 52522525 SHA256: 248d6a61 d20638b8 e5c02693 0c3e6039 a33ce459 64ff2167 f6ecedd4 19db06c1 "a" one million times SHA224: 20794655 980c91d8 bbb4c1ea 97618a4b f03f4258 1948b2ee 4ee7ad67 SHA256: cdc76e5c 9914fb92 81a1c7e2 84d73e67 f1809a48 a497200e 046d39cc c7112cd0 25104
sha512-arm.S 14189
sha512-armv7-neon.S 12647
sha512-avx-amd64.S 16382
sha512-avx2-bmi2-amd64.S 16830
sha512-ppc.c 35087
sha512-ssse3-amd64.S 16571
sha512-ssse3-i386.c SHA512 Message Expansion (I2 and W2 macros) based on implementation from file "sha512-ssse3-amd64.s": *********************************************************************** Copyright (c) 2012, Intel Corporation All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of the Intel Corporation nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. *********************************************************************** 14345
sha512.c Test vectors from FIPS-180-2: "abc" 384: CB00753F 45A35E8B B5A03D69 9AC65007 272C32AB 0EDED163 1A8B605A 43FF5BED 8086072B A1E7CC23 58BAECA1 34C825A7 512: DDAF35A1 93617ABA CC417349 AE204131 12E6FA4E 89A97EA2 0A9EEEE6 4B55D39A 2192992A 274FC1A8 36BA3C23 A3FEEBBD 454D4423 643CE80E 2A9AC94F A54CA49F "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" 384: 09330C33 F71147E8 3D192FC7 82CD1B47 53111B17 3B3B05D2 2FA08086 E3B0F712 FCC7C71A 557E2DB9 66C3E9FA 91746039 512: 8E959B75 DAE313DA 8CF4F728 14FC143F 8F7779C6 EB9F7FA1 7299AEAD B6889018 501D289E 4900F7E4 331B99DE C4B5433A C7D329EE B6DD2654 5E96E55B 874BE909 "a" x 1000000 384: 9D0E1809 716474CB 086E834E 310A4A1C ED149E9C 00F24852 7972CEC5 704C2A5B 07B8B3DC 38ECC4EB AE97DDD8 7F3D8985 512: E718483D 0CE76964 4E2E42C7 BC15B463 8E1F98B1 3B204428 5632A803 AFA973EB DE0FF244 877EA60A 4CB0432C E577C31B EB009C5C 2C49AA2E 4EADB217 AD8CC09B 37577
sm3.c Test vectors: "abc" SM3: 66c7f0f4 62eeedd9 d1f2d46b dc10e4e2 4167c487 5cf2f7a2 297da02b 8f4ba8e0 "abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd" SM3: debe9ff9 2275b8a1 38604889 c18e5a4d 6fdb70e5 387e5765 293dcba3 9c0c5732 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" SM3: 639b6cc5 e64d9e37 a390b192 df4fa1ea 0720ab74 7ff692b9 f38c4e66 ad7b8c05 "a" one million times SM3: c8aaf894 29554029 e231941a 2acc0ad6 1ff2a5ac d8fadd25 847a3a73 2b3b02c3 14054
sm4-aesni-avx-amd64.S 25597
sm4-aesni-avx2-amd64.S 22660
sm4.c for byte and u32 typedefs 33577
stribog.c Pre-computed results of multiplication of bytes on A and reordered with Pi[]. 68570
tiger.c See http://www.cs.technion.ac.il/~biham/Reports/Tiger/ 48693
twofish-aarch64.S 7539
twofish-amd64.S 26792
twofish-arm.S 8877
twofish-avx2-amd64.S 25479
twofish.c for memcmp() 70841
whirlpool-sse2-amd64.S 8780
whirlpool.c This is an implementation of the Whirlpool hashing algorithm, which has been developed by Vincent Rijmen and Paulo S. L. M. Barreto; it's homepage is located at: http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html The S-Boxes and the structure of the main transformation function, which implements an optimized version of the algorithm, is taken from the reference implementation available from http://www.larc.usp.br/~pbarreto/whirlpool.zip 76406