Add HC-256 stream cipher (GH #680)

weidai11 · Jul 5, 2018 · 989bf6d · 989bf6d · noloader · Jul 5, 2018
1 parent 069d85d
commit 989bf6d
Show file tree

Hide file tree

Showing 15 changed files with 2,587 additions and 17 deletions.
diff --git a/TestVectors/all.txt b/TestVectors/all.txt
@@ -42,6 +42,7 @@ Test: TestVectors/chacha.txt
 Test: TestVectors/sosemanuk.txt
 Test: TestVectors/rabbit.txt
 Test: TestVectors/hc128.txt
+Test: TestVectors/hc256.txt
 Test: TestVectors/vmac.txt
 Test: TestVectors/ccm.txt
 Test: TestVectors/gcm.txt

diff --git a/TestVectors/hc256.txt b/TestVectors/hc256.txt
diff --git a/bench1.cpp b/bench1.cpp
@@ -568,6 +568,7 @@ void Benchmark2(double t, double hertz)
 		BenchMarkByName<SymmetricCipher>("Rabbit");
 		BenchMarkByName<SymmetricCipher>("RabbitWithIV");
 		BenchMarkByName<SymmetricCipher>("HC-128");
+		BenchMarkByName<SymmetricCipher>("HC-256");
 		BenchMarkByName<SymmetricCipher>("MARC4");
 		BenchMarkByName<SymmetricCipher>("SEAL-3.0-LE");
 		BenchMarkByName<SymmetricCipher>("WAKE-OFB-LE");

diff --git a/cryptest.nmake b/cryptest.nmake
@@ -47,9 +47,9 @@
 
 # If you use 'make sources' from Linux makefile, then add 'winpipes.cpp' to the list below.
 
-LIB_SRCS = cryptlib.cpp cpu.cpp integer.cpp 3way.cpp adler32.cpp algebra.cpp algparam.cpp arc4.cpp aria-simd.cpp aria.cpp ariatab.cpp asn.cpp authenc.cpp base32.cpp base64.cpp basecode.cpp bfinit.cpp blake2-simd.cpp blake2.cpp blowfish.cpp blumshub.cpp camellia.cpp cast.cpp casts.cpp cbcmac.cpp ccm.cpp chacha.cpp cham.cpp cham-simd.cpp channels.cpp cmac.cpp crc-simd.cpp crc.cpp default.cpp des.cpp dessp.cpp dh.cpp dh2.cpp dll.cpp dsa.cpp eax.cpp ec2n.cpp eccrypto.cpp ecp.cpp elgamal.cpp emsa2.cpp eprecomp.cpp esign.cpp files.cpp filters.cpp fips140.cpp fipstest.cpp gcm-simd.cpp gcm.cpp gf256.cpp gf2_32.cpp gf2n.cpp gfpcrypt.cpp gost.cpp gzip.cpp hc128.cpp hex.cpp hight.cpp hmac.cpp hrtimer.cpp ida.cpp idea.cpp iterhash.cpp kalyna.cpp kalynatab.cpp keccak.cpp lea.cpp lea-simd.cpp luc.cpp mars.cpp marss.cpp md2.cpp md4.cpp md5.cpp misc.cpp modes.cpp mqueue.cpp mqv.cpp nbtheory.cpp neon-simd.cpp network.cpp oaep.cpp osrng.cpp padlkrng.cpp panama.cpp pkcspad.cpp poly1305.cpp polynomi.cpp pssr.cpp pubkey.cpp queue.cpp rabin.cpp randpool.cpp rabbit.cpp rc2.cpp rc5.cpp rc6.cpp rdrand.cpp rdtables.cpp rijndael-simd.cpp rijndael.cpp ripemd.cpp rng.cpp rsa.cpp rw.cpp safer.cpp salsa.cpp scrypt.cpp seal.cpp seed.cpp serpent.cpp sha-simd.cpp sha.cpp sha3.cpp shacal2-simd.cpp shacal2.cpp shark.cpp sharkbox.cpp simeck-simd.cpp simeck.cpp simon.cpp simon-simd.cpp skipjack.cpp sm3.cpp sm4.cpp socketft.cpp sosemanuk.cpp speck.cpp speck-simd.cpp square.cpp squaretb.cpp sse-simd.cpp strciphr.cpp tea.cpp tftables.cpp threefish.cpp tiger.cpp tigertab.cpp trdlocal.cpp ttmac.cpp tweetnacl.cpp twofish.cpp vmac.cpp wait.cpp wake.cpp whrlpool.cpp winpipes.cpp xtr.cpp xtrcrypt.cpp zdeflate.cpp zinflate.cpp zlib.cpp
+LIB_SRCS = cryptlib.cpp cpu.cpp integer.cpp 3way.cpp adler32.cpp algebra.cpp algparam.cpp arc4.cpp aria-simd.cpp aria.cpp ariatab.cpp asn.cpp authenc.cpp base32.cpp base64.cpp basecode.cpp bfinit.cpp blake2-simd.cpp blake2.cpp blowfish.cpp blumshub.cpp camellia.cpp cast.cpp casts.cpp cbcmac.cpp ccm.cpp chacha.cpp cham.cpp cham-simd.cpp channels.cpp cmac.cpp crc-simd.cpp crc.cpp default.cpp des.cpp dessp.cpp dh.cpp dh2.cpp dll.cpp dsa.cpp eax.cpp ec2n.cpp eccrypto.cpp ecp.cpp elgamal.cpp emsa2.cpp eprecomp.cpp esign.cpp files.cpp filters.cpp fips140.cpp fipstest.cpp gcm-simd.cpp gcm.cpp gf256.cpp gf2_32.cpp gf2n.cpp gfpcrypt.cpp gost.cpp gzip.cpp hc128.cpp hc256.cpp hex.cpp hight.cpp hmac.cpp hrtimer.cpp ida.cpp idea.cpp iterhash.cpp kalyna.cpp kalynatab.cpp keccak.cpp lea.cpp lea-simd.cpp luc.cpp mars.cpp marss.cpp md2.cpp md4.cpp md5.cpp misc.cpp modes.cpp mqueue.cpp mqv.cpp nbtheory.cpp neon-simd.cpp network.cpp oaep.cpp osrng.cpp padlkrng.cpp panama.cpp pkcspad.cpp poly1305.cpp polynomi.cpp pssr.cpp pubkey.cpp queue.cpp rabin.cpp randpool.cpp rabbit.cpp rc2.cpp rc5.cpp rc6.cpp rdrand.cpp rdtables.cpp rijndael-simd.cpp rijndael.cpp ripemd.cpp rng.cpp rsa.cpp rw.cpp safer.cpp salsa.cpp scrypt.cpp seal.cpp seed.cpp serpent.cpp sha-simd.cpp sha.cpp sha3.cpp shacal2-simd.cpp shacal2.cpp shark.cpp sharkbox.cpp simeck-simd.cpp simeck.cpp simon.cpp simon-simd.cpp skipjack.cpp sm3.cpp sm4.cpp socketft.cpp sosemanuk.cpp speck.cpp speck-simd.cpp square.cpp squaretb.cpp sse-simd.cpp strciphr.cpp tea.cpp tftables.cpp threefish.cpp tiger.cpp tigertab.cpp trdlocal.cpp ttmac.cpp tweetnacl.cpp twofish.cpp vmac.cpp wait.cpp wake.cpp whrlpool.cpp winpipes.cpp xtr.cpp xtrcrypt.cpp zdeflate.cpp zinflate.cpp zlib.cpp
 
-LIB_OBJS = cryptlib.obj cpu.obj integer.obj 3way.obj adler32.obj algebra.obj algparam.obj arc4.obj aria-simd.obj aria.obj ariatab.obj asn.obj authenc.obj base32.obj base64.obj basecode.obj bfinit.obj blake2-simd.obj blake2.obj blowfish.obj blumshub.obj camellia.obj cast.obj casts.obj cbcmac.obj ccm.obj chacha.obj cham.obj cham-simd.obj channels.obj cmac.obj crc-simd.obj crc.obj default.obj des.obj dessp.obj dh.obj dh2.obj dll.obj dsa.obj eax.obj ec2n.obj eccrypto.obj ecp.obj elgamal.obj emsa2.obj eprecomp.obj esign.obj files.obj filters.obj fips140.obj fipstest.obj gcm-simd.obj gcm.obj gf256.obj gf2_32.obj gf2n.obj gfpcrypt.obj gost.obj gzip.obj hc128.obj hex.obj hight.obj hmac.obj hrtimer.obj ida.obj idea.obj iterhash.obj kalyna.obj kalynatab.obj keccak.obj lea.obj lea-simd.obj luc.obj mars.obj marss.obj md2.obj md4.obj md5.obj misc.obj modes.obj mqueue.obj mqv.obj nbtheory.obj neon-simd.obj network.obj oaep.obj osrng.obj padlkrng.obj panama.obj pkcspad.obj poly1305.obj polynomi.obj pssr.obj pubkey.obj queue.obj rabin.obj randpool.obj rabbit.obj rc2.obj rc5.obj rc6.obj rdrand.obj rdtables.obj rijndael-simd.obj rijndael.obj ripemd.obj rng.obj rsa.obj rw.obj safer.obj salsa.obj scrypt.obj seal.obj seed.obj serpent.obj sha-simd.obj sha.obj sha3.obj shacal2-simd.obj shacal2.obj shark.obj sharkbox.obj simeck-simd.obj simeck.obj simon.obj simon-simd.obj skipjack.obj sm3.obj sm4.obj socketft.obj sosemanuk.obj speck.obj speck-simd.obj square.obj squaretb.obj sse-simd.obj strciphr.obj tea.obj tftables.obj threefish.obj tiger.obj tigertab.obj trdlocal.obj ttmac.obj tweetnacl.obj twofish.obj vmac.obj wait.obj wake.obj whrlpool.obj winpipes.obj xtr.obj xtrcrypt.obj zdeflate.obj zinflate.obj zlib.obj
+LIB_OBJS = cryptlib.obj cpu.obj integer.obj 3way.obj adler32.obj algebra.obj algparam.obj arc4.obj aria-simd.obj aria.obj ariatab.obj asn.obj authenc.obj base32.obj base64.obj basecode.obj bfinit.obj blake2-simd.obj blake2.obj blowfish.obj blumshub.obj camellia.obj cast.obj casts.obj cbcmac.obj ccm.obj chacha.obj cham.obj cham-simd.obj channels.obj cmac.obj crc-simd.obj crc.obj default.obj des.obj dessp.obj dh.obj dh2.obj dll.obj dsa.obj eax.obj ec2n.obj eccrypto.obj ecp.obj elgamal.obj emsa2.obj eprecomp.obj esign.obj files.obj filters.obj fips140.obj fipstest.obj gcm-simd.obj gcm.obj gf256.obj gf2_32.obj gf2n.obj gfpcrypt.obj gost.obj gzip.obj hc128.obj hc256.obj hex.obj hight.obj hmac.obj hrtimer.obj ida.obj idea.obj iterhash.obj kalyna.obj kalynatab.obj keccak.obj lea.obj lea-simd.obj luc.obj mars.obj marss.obj md2.obj md4.obj md5.obj misc.obj modes.obj mqueue.obj mqv.obj nbtheory.obj neon-simd.obj network.obj oaep.obj osrng.obj padlkrng.obj panama.obj pkcspad.obj poly1305.obj polynomi.obj pssr.obj pubkey.obj queue.obj rabin.obj randpool.obj rabbit.obj rc2.obj rc5.obj rc6.obj rdrand.obj rdtables.obj rijndael-simd.obj rijndael.obj ripemd.obj rng.obj rsa.obj rw.obj safer.obj salsa.obj scrypt.obj seal.obj seed.obj serpent.obj sha-simd.obj sha.obj sha3.obj shacal2-simd.obj shacal2.obj shark.obj sharkbox.obj simeck-simd.obj simeck.obj simon.obj simon-simd.obj skipjack.obj sm3.obj sm4.obj socketft.obj sosemanuk.obj speck.obj speck-simd.obj square.obj squaretb.obj sse-simd.obj strciphr.obj tea.obj tftables.obj threefish.obj tiger.obj tigertab.obj trdlocal.obj ttmac.obj tweetnacl.obj twofish.obj vmac.obj wait.obj wake.obj whrlpool.obj winpipes.obj xtr.obj xtrcrypt.obj zdeflate.obj zinflate.obj zlib.obj
 
 TEST_SRCS = bench1.cpp bench2.cpp test.cpp validat0.cpp validat1.cpp validat2.cpp validat3.cpp validat4.cpp datatest.cpp regtest1.cpp regtest2.cpp regtest3.cpp fipsalgt.cpp dlltest.cpp fipstest.cpp
 

diff --git a/cryptest.vcxproj b/cryptest.vcxproj
@@ -242,6 +242,7 @@
     <None Include="TestVectors\esign.txt" />
     <None Include="TestVectors\gcm.txt" />
     <None Include="TestVectors\hc128.txt" />
+    <None Include="TestVectors\hc256.txt" />
     <None Include="TestVectors\hkdf.txt" />
     <None Include="TestVectors\hmac.txt" />
     <None Include="TestVectors\lea.txt" />

diff --git a/cryptest.vcxproj.filters b/cryptest.vcxproj.filters
@@ -80,6 +80,9 @@
     <None Include="TestVectors\hc128.txt">
       <Filter>TestVectors</Filter>
     </None>
+    <None Include="TestVectors\hc256.txt">
+      <Filter>TestVectors</Filter>
+    </None>
     <None Include="TestVectors\hkdf.txt">
       <Filter>TestVectors</Filter>
     </None>

diff --git a/cryptlib.h b/cryptlib.h
@@ -17,7 +17,7 @@
 	\ref SHACAL2 "SHACAL-2", SHARK, \ref SIMECK64 "SIMECK (32/64)" SKIPJACK, SM4, Square, TEA,
 	\ref ThreeWay "3-Way", \ref Threefish256 "Threefish (256/512/1024)", Twofish, XTEA
 <dt>Stream Ciphers<dd>
-	ChaCha (ChaCha-8/12/20), \ref HC128 "HC-128", \ref Panama "Panama-LE", \ref Panama "Panama-BE",
+	ChaCha (ChaCha-8/12/20), \ref HC128 "HC-128/256", \ref Panama "Panama-LE", \ref Panama "Panama-BE",
 	Rabbit, Salsa20, \ref SEAL "SEAL-LE", \ref SEAL "SEAL-BE", WAKE, XSalsa20
 <dt>Hash Functions<dd>
 	BLAKE2s, BLAKE2b, \ref Keccak "Keccak (F1600)", SHA1, SHA224, SHA256, SHA384, SHA512,

diff --git a/cryptlib.vcxproj b/cryptlib.vcxproj
@@ -231,6 +231,7 @@
     <ClCompile Include="gost.cpp" />
     <ClCompile Include="gzip.cpp" />
     <ClCompile Include="hc128.cpp" />
+    <ClCompile Include="hc256.cpp" />
     <ClCompile Include="hex.cpp" />
     <ClCompile Include="hight.cpp" />
     <ClCompile Include="hmac.cpp" />
@@ -427,6 +428,7 @@
     <ClInclude Include="gost.h" />
     <ClInclude Include="gzip.h" />
     <ClInclude Include="hc128.h" />
+    <ClInclude Include="hc256.h" />
     <ClInclude Include="hex.h" />
     <ClInclude Include="hight.h" />
     <ClInclude Include="hkdf.h" />

diff --git a/cryptlib.vcxproj.filters b/cryptlib.vcxproj.filters
@@ -194,6 +194,9 @@
     <ClCompile Include="hc128.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="hc256.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
     <ClCompile Include="hex.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>
@@ -675,6 +678,9 @@
     <ClInclude Include="hc128.h">
       <Filter>Header Files</Filter>
     </ClInclude>
+    <ClInclude Include="hc256.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
     <ClInclude Include="hex.h">
       <Filter>Header Files</Filter>
     </ClInclude>

diff --git a/hc256.cpp b/hc256.cpp
@@ -0,0 +1,148 @@
+// hc256.cpp - written and placed in the public domain by Jeffrey Walton
+//             based on public domain code by Hongjun Wu.
+//
+//             The reference materials and source files are available at
+//             The eSTREAM Project, http://www.ecrypt.eu.org/stream/hc256.html.
+
+#include "pch.h"
+#include "config.h"
+
+#include "hc256.h"
+#include "secblock.h"
+#include "misc.h"
+
+ANONYMOUS_NAMESPACE_BEGIN
+
+using CryptoPP::word32;
+using CryptoPP::rotrConstant;
+
+inline word32 f1(word32 x)
+{
+	return rotrConstant<7>(x) ^ rotrConstant<18>(x) ^ ((x) >> 3);
+}
+
+inline word32 f2(word32 x)
+{
+	return rotrConstant<17>(x) ^ rotrConstant<19>(x) ^ ((x) >> 10);
+}
+
+ANONYMOUS_NAMESPACE_END
+
+NAMESPACE_BEGIN(CryptoPP)
+
+word32 HC256Policy::H1(word32 u)
+{
+	word32 tem;
+	unsigned char a, b, c, d;
+	a = (unsigned char)((u));
+	b = (unsigned char)((u) >> 8);
+	c = (unsigned char)((u) >> 16);
+	d = (unsigned char)((u) >> 24);
+	tem = m_Q[a] + m_Q[256 + b] + m_Q[512 + c] + m_Q[768 + d];
+	return (tem);
+}
+
+word32 HC256Policy::H2(word32 u)
+{
+	word32 tem;
+	unsigned char a, b, c, d;
+	a = (unsigned char)((u));
+	b = (unsigned char)((u) >> 8);
+	c = (unsigned char)((u) >> 16);
+	d = (unsigned char)((u) >> 24);
+	tem = m_P[a] + m_P[256 + b] + m_P[512 + c] + m_P[768 + d];
+	return (tem);
+}
+
+word32 HC256Policy::Generate() /*one step of the cipher*/
+{
+	word32 i, i3, i10, i12, i1023;
+	word32 output;
+
+	i = m_ctr & 0x3ff;
+	i3 = (i - 3) & 0x3ff;
+	i10 = (i - 10) & 0x3ff;
+	i12 = (i - 12) & 0x3ff;
+	i1023 = (i - 1023) & 0x3ff;
+
+	if (m_ctr < 1024) {
+		m_P[i] = m_P[i] + m_P[i10] + (rotrConstant<10>(m_P[i3]) ^ rotrConstant<23>(m_P[i1023])) + m_Q[(m_P[i3] ^ m_P[i1023]) & 0x3ff];
+		output = H1(m_P[i12]) ^ m_P[i];
+	}
+	else {
+		m_Q[i] = m_Q[i] + m_Q[i10] + (rotrConstant<10>(m_Q[i3]) ^ rotrConstant<23>(m_Q[i1023])) + m_P[(m_Q[i3] ^ m_Q[i1023]) & 0x3ff];
+		output = H2(m_Q[i12]) ^ m_Q[i];
+	}
+	m_ctr = (m_ctr + 1) & 0x7ff;
+	return (output);
+}
+
+void HC256Policy::CipherSetKey(const NameValuePairs &params, const byte *userKey, size_t keylen)
+{
+	CRYPTOPP_UNUSED(params); CRYPTOPP_UNUSED(keylen);
+	CRYPTOPP_ASSERT(keylen == 32);
+
+	for (unsigned int i = 0; i < 8; i++)
+		m_key[i] = 0;
+
+	for (unsigned int i = 0; i < 32; i++)
+	{
+		m_key[i >> 2] = m_key[i >> 2] | userKey[i];
+		m_key[i >> 2] = rotlConstant<8>(m_key[i >> 2]);
+	}
+}
+
+void HC256Policy::OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount)
+{
+	size_t msglen = (GetBytesPerIteration() * iterationCount) >> 2;
+	for (unsigned int i = 0; i < msglen; i++, input += 4, output += 4)
+	{
+		PutWord(false, LITTLE_ENDIAN_ORDER, output, Generate());
+
+		// If AdditiveCipherTemplate does not have an acculated keystream
+		//  then it will ask OperateKeystream to XOR the plaintext with
+		//  the keystream and write it to the ciphertext buffer.
+		if ((operation & INPUT_NULL) != INPUT_NULL)
+			xorbuf(output, input, 4);
+	}
+}
+
+void HC256Policy::CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length)
+{
+	CRYPTOPP_UNUSED(keystreamBuffer); CRYPTOPP_UNUSED(length);
+	CRYPTOPP_ASSERT(length == 32);
+
+	/* initialize the iv */
+	word32 W[2560];
+	for (unsigned int i = 0; i < 8; i++)
+		m_iv[i] = 0;
+
+	for (unsigned int i = 0; i < 32; i++)
+	{
+		m_iv[i >> 2] = m_iv[i >> 2] | iv[i];
+		m_iv[i >> 2] = rotlConstant<8>(m_iv[i >> 2]);
+	}
+
+	/* setup the table P and Q */
+
+	for (unsigned int i = 0; i < 8; i++)
+		W[i] = m_key[i];
+	for (unsigned int i = 8; i < 16; i++)
+		W[i] = m_iv[i - 8];
+
+	for (unsigned int i = 16; i < 2560; i++)
+		W[i] = f2(W[i - 2]) + W[i - 7] + f1(W[i - 15]) + W[i - 16] + i;
+
+	for (unsigned int i = 0; i < 1024; i++)
+		m_P[i] = W[i + 512];
+	for (unsigned int i = 0; i < 1024; i++)
+		m_Q[i] = W[i + 1536];
+
+	m_ctr = 0;
+
+	/* run the cipher 4096 steps before generating the output */
+	for (unsigned int i = 0; i < 4096; i++)
+		Generate();
+}
+
+NAMESPACE_END
diff --git a/hc256.h b/hc256.h
@@ -0,0 +1,67 @@
+// hc256.h - written and placed in the public domain by Jeffrey Walton
+//           based on public domain code by Hongjun Wu.
+//
+//           The reference materials and source files are available at
+//           The eSTREAM Project, http://www.ecrypt.eu.org/stream/hc256.html.
+
+/// \file hc256.h
+/// \brief Classes for HC-256 stream cipher
+/// \sa <A HREF="http://www.ecrypt.eu.org/stream/hc256.html">The
+///   eSTREAM Project | HC-256</A> and
+///   <A HREF="https://www.cryptopp.com/wiki/HC-128">Crypto++ Wiki | HC-128</A>.
+/// \since Crypto++ 7.1
+
+#ifndef CRYPTOPP_HC256_H
+#define CRYPTOPP_HC256_H
+
+#include "strciphr.h"
+#include "secblock.h"
+
+NAMESPACE_BEGIN(CryptoPP)
+
+/// \brief HC-256 stream cipher information
+/// \since Crypto++ 7.1
+struct HC256Info : public FixedKeyLength<32, SimpleKeyingInterface::UNIQUE_IV, 32>
+{
+	CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() { return "HC-256"; }
+};
+
+/// \brief HC-256 stream cipher implementation
+/// \since Crypto++ 7.1
+class HC256Policy : public AdditiveCipherConcretePolicy<word32, 4>, public HC256Info
+{
+protected:
+	void CipherSetKey(const NameValuePairs &params, const byte *key, size_t length);
+	void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount);
+	void CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length);
+	bool CanOperateKeystream() const { return true; }
+	bool CipherIsRandomAccess() const { return false; }
+
+	word32 H1(word32 u);
+	word32 H2(word32 u);
+	word32 Generate();
+
+private:
+	word32 m_P[1024];
+	word32 m_Q[1024];
+	word32 m_key[8];
+	word32 m_iv[8];
+	word32 m_ctr;
+};
+
+/// \brief HC-256 stream cipher
+/// \details HC-256 is a stream cipher developed by Hongjun Wu. HC-256 is the
+///   successor to HC-128 from the eSTREAM project.
+/// \sa <A HREF="http://www.ecrypt.eu.org/stream/hc256.html">The
+///   eSTREAM Project | HC-256</A> and
+///   <A HREF="https://www.cryptopp.com/wiki/HC-128">Crypto++ Wiki | HC-128</A>.
+/// \since Crypto++ 7.1
+struct HC256 : public HC256Info, public SymmetricCipherDocumentation
+{
+	typedef SymmetricCipherFinal<ConcretePolicyHolder<HC256Policy, AdditiveCipherTemplate<> >, HC256Info> Encryption;
+	typedef Encryption Decryption;
+};
+
+NAMESPACE_END
+
+#endif  // CRYPTOPP_HC256_H
diff --git a/regtest2.cpp b/regtest2.cpp
@@ -24,6 +24,7 @@
 #include "sosemanuk.h"
 #include "rabbit.h"
 #include "hc128.h"
+#include "hc256.h"
 #include "arc4.h"
 #include "ccm.h"
 #include "gcm.h"
@@ -124,6 +125,7 @@ void RegisterFactories2()
 	RegisterSymmetricCipherDefaultFactories<Rabbit>();
 	RegisterSymmetricCipherDefaultFactories<RabbitWithIV>();
 	RegisterSymmetricCipherDefaultFactories<HC128>();
+	RegisterSymmetricCipherDefaultFactories<HC256>();
 	RegisterSymmetricCipherDefaultFactories<Weak::MARC4>();
 	RegisterSymmetricCipherDefaultFactories<WAKE_OFB<LittleEndian> >();
 	RegisterSymmetricCipherDefaultFactories<WAKE_OFB<BigEndian> >();

diff --git a/test.cpp b/test.cpp
@@ -939,20 +939,21 @@ bool Validate(int alg, bool thorough, const char *seedInput)
 	case 70: result = ValidateSosemanuk(); break;
 	case 71: result = ValidateRabbit(); break;
 	case 72: result = ValidateHC128(); break;
-	case 73: result = ValidateVMAC(); break;
-	case 74: result = ValidateCCM(); break;
-	case 75: result = ValidateGCM(); break;
-	case 76: result = ValidateCMAC(); break;
-	case 77: result = ValidateSM3(); break;
-	case 78: result = ValidateBLAKE2s(); break;
-	case 79: result = ValidateBLAKE2b(); break;
-	case 80: result = ValidatePoly1305(); break;
-	case 81: result = ValidateSipHash(); break;
-	case 82: result = ValidateHashDRBG(); break;
-	case 83: result = ValidateHmacDRBG(); break;
-	case 84: result = ValidateNaCl(); break;
-	case 85: result = ValidateSIMECK(); break;
-	case 86: result = ValidateCHAM(); break;
+	case 73: result = ValidateHC256(); break;
+	case 74: result = ValidateVMAC(); break;
+	case 75: result = ValidateCCM(); break;
+	case 76: result = ValidateGCM(); break;
+	case 77: result = ValidateCMAC(); break;
+	case 78: result = ValidateSM3(); break;
+	case 79: result = ValidateBLAKE2s(); break;
+	case 80: result = ValidateBLAKE2b(); break;
+	case 81: result = ValidatePoly1305(); break;
+	case 82: result = ValidateSipHash(); break;
+	case 83: result = ValidateHashDRBG(); break;
+	case 84: result = ValidateHmacDRBG(); break;
+	case 85: result = ValidateNaCl(); break;
+	case 86: result = ValidateSIMECK(); break;
+	case 87: result = ValidateCHAM(); break;
 
 #if defined(CRYPTOPP_EXTENDED_VALIDATION)
 	// http://github.com/weidai11/cryptopp/issues/92

diff --git a/validat1.cpp b/validat1.cpp
@@ -180,6 +180,7 @@ bool ValidateAll(bool thorough)
 	pass=ValidateSosemanuk() && pass;
 	pass=ValidateRabbit() && pass;
 	pass=ValidateHC128() && pass;
+	pass=ValidateHC256() && pass;
 	pass=RunTestDataFile(CRYPTOPP_DATA_DIR "TestVectors/seed.txt") && pass;
 	pass=RunTestDataFile(CRYPTOPP_DATA_DIR "TestVectors/threefish.txt") && pass;
 	pass=RunTestDataFile(CRYPTOPP_DATA_DIR "TestVectors/kalyna.txt") && pass;
@@ -3488,6 +3489,12 @@ bool ValidateHC128()
 	return RunTestDataFile(CRYPTOPP_DATA_DIR "TestVectors/hc128.txt");
 }
 
+bool ValidateHC256()
+{
+	std::cout << "\nHC-256 validation suite running...\n";
+	return RunTestDataFile(CRYPTOPP_DATA_DIR "TestVectors/hc256.txt");
+}
+
 bool ValidateVMAC()
 {
 	std::cout << "\nVMAC validation suite running...\n";

diff --git a/validate.h b/validate.h
@@ -88,6 +88,7 @@ bool ValidateLEA();
 bool ValidateCamellia();
 
 bool ValidateHC128();
+bool ValidateHC256();
 bool ValidateRabbit();
 bool ValidateSalsa();
 bool ValidateSosemanuk();