~zooko/cryptopp/trunk

« back to all changes in this revision

Viewing changes to panama.cpp

Committer: weidai
Date: 2006-12-09 17:18:13 UTC
Revision ID: svn-v4:57ff6487-cd31-0410-9ec3-f628ee90f5f0:trunk/c5:247

add Salsa20 cipher

files added:
crypto++.mcp

haval.cpp

haval.h

havalcer.dat

md5mac.cpp

md5mac.h

xormac.h

files removed:
TestVectors/sosemanuk.txt

TestVectors/vmac.txt

cpu.cpp

cpu.h

cryptest_bds.bdsgroup

cryptest_bds.bdsproj

cryptest_bds.bpf

cryptlib_bds.bdsproj

cryptlib_bds.cpp

serpentp.h

sosemanuk.cpp

sosemanuk.h

vmac.cpp

vmac.h

x64masm.asm

files modified:
3way.cpp

3way.h

GNUmakefile

License.txt

Readme.txt

TestVectors/aes.txt

TestVectors/all.txt

TestVectors/camellia.txt

TestVectors/panama.txt

TestVectors/salsa.txt

TestVectors/seal.txt

TestVectors/shacal2.txt

TestVectors/tea.txt

adler32.h

algebra.cpp

algparam.h

arc4.cpp

arc4.h

argnames.h

asn.cpp

asn.h

bench.cpp

bench.h

bench2.cpp

blowfish.cpp

blowfish.h

blumshub.cpp

blumshub.h

camellia.cpp

camellia.h

cast.cpp

cast.h

cbcmac.cpp

cbcmac.h

channels.h

config.h

crc.h

cryptdll.dsp

cryptdll.vcproj

cryptest.dsp

cryptest.vcproj

cryptlib.cpp

cryptlib.dsp

cryptlib.h

cryptlib.vcproj

cryptopp.rc

datatest.cpp

des.cpp

des.h

dh2.cpp

dh2.h

dll.cpp

dlltest.cpp

dlltest.dsp

dlltest.vcproj

dmac.h

eccrypto.cpp

eccrypto.h

elgamal.h

eprecomp.cpp

esign.cpp

esign.h

factory.h

files.cpp

filters.cpp

filters.h

fipsalgt.cpp

fipstest.cpp

gf2_32.cpp

gfpcrypt.cpp

gfpcrypt.h

gost.cpp

gost.h

hmac.cpp

hmac.h

hrtimer.cpp

hrtimer.h

ida.cpp

idea.cpp

idea.h

integer.cpp

integer.h

iterhash.cpp

iterhash.h

lubyrack.h

mars.cpp

mars.h

md2.cpp

md2.h

md4.cpp

md4.h

md5.cpp

md5.h

mdc.h

misc.cpp

misc.h

modarith.h

modes.cpp

modes.h

nbtheory.cpp

network.cpp

network.h

osrng.cpp

osrng.h

panama.cpp

panama.h

pkcspad.cpp

pkcspad.h

pssr.cpp

pubkey.h

randpool.cpp

randpool.h

rc2.cpp

rc2.h

rc5.cpp

rc5.h

rc6.cpp

rc6.h

rdtables.cpp

regtest.cpp

rijndael.cpp

rijndael.h

rng.cpp

rng.h

rsa.cpp

rsa.h

rw.cpp

rw.h

safer.cpp

safer.h

salsa.cpp

salsa.h

seal.cpp

seal.h

secblock.h

seckey.h

serpent.cpp

serpent.h

sha.cpp

sha.h

shacal2.cpp

shacal2.h

shark.cpp

shark.h

simple.h

skipjack.cpp

skipjack.h

smartptr.h

socketft.h

square.cpp

square.h

strciphr.cpp

strciphr.h

tea.cpp

tea.h

test.cpp

tiger.cpp

tiger.h

tigertab.cpp

trunhash.h

ttmac.cpp

ttmac.h

twofish.cpp

twofish.h

usage.dat

validat1.cpp

validat2.cpp

validat3.cpp

validate.h

wait.cpp

wake.cpp

wake.h

whrlpool.cpp

whrlpool.h

words.h

zdeflate.cpp

Show diffs side-by-side

added added

removed removed

panama.cpp

#include "pch.h"

#include "panama.h"

#include "misc.h"

#include "cpu.h"

NAMESPACE_BEGIN(CryptoPP)

template <class B>

void Panama::Reset()

{

memset(m_state, 0, m_state.SizeInBytes());

#if CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE

m_state[17] = HasSSSE3();

#endif

}

#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE

#pragma warning(disable: 4731) // frame pointer register 'ebp' modified by inline assembly code

void Panama_SSE2_Pull(size_t count, word32 *state, word32 *z, const word32 *y)

{

#ifdef __GNUC__

__asm__ __volatile__

(

".intel_syntax noprefix;"

AS_PUSH( bx)

#else

AS2( mov WORD_REG(cx), count)

AS2( mov WORD_REG(si), state)

AS2( mov WORD_REG(di), z)

AS2( mov WORD_REG(dx), y)

#endif

AS2( shl WORD_REG(cx), 5)

ASJ( jz, 5, f)

AS2( mov ebx, [WORD_REG(si)+4*17])

AS2( add WORD_REG(cx), WORD_REG(bx))

AS_PUSH( bp)

AS_PUSH( cx)

AS2( movdqa xmm0, [WORD_REG(si)+0*16])

AS2( movdqa xmm1, [WORD_REG(si)+1*16])

AS2( movdqa xmm2, [WORD_REG(si)+2*16])

AS2( movdqa xmm3, [WORD_REG(si)+3*16])

AS2( mov eax, [WORD_REG(si)+4*16])

ASL(4)

// gamma and pi

#if CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE

AS2( test WORD_REG(bx), 1)

ASJ( jnz, 6, f)

#endif

AS2( movdqa xmm6, xmm2)

AS2( movss xmm6, xmm3)

ASS( pshufd xmm5, xmm6, 0, 3, 2, 1)

AS2( movd xmm6, eax)

AS2( movdqa xmm7, xmm3)

AS2( movss xmm7, xmm6)

ASS( pshufd xmm6, xmm7, 0, 3, 2, 1)

#if CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE

ASJ( jmp, 7, f)

ASL(6)

AS2( movdqa xmm5, xmm3)

AS3( palignr xmm5, xmm2, 4)

AS2( movd xmm6, eax)

AS3( palignr xmm6, xmm3, 4)

ASL(7)

#endif

AS2( movd ecx, xmm2)

AS1( not ecx)

AS2( movd ebp, xmm3)

AS2( or ecx, ebp)

AS2( xor eax, ecx)

#define SSE2_Index(i) ASM_MOD(((i)*13+16), 17)

#define pi(i) \

AS2( movd ecx, xmm7)\

AS2( rol ecx, ASM_MOD((ASM_MOD(5*i,17)*(ASM_MOD(5*i,17)+1)/2), 32))\

AS2( mov [WORD_REG(si)+SSE2_Index(ASM_MOD(5*(i), 17))*4], ecx)

#define pi4(x, y, z, a, b, c, d) \

AS2( pcmpeqb xmm7, xmm7)\

AS2( pxor xmm7, x)\

AS2( por xmm7, y)\

AS2( pxor xmm7, z)\

pi(a)\

ASS( pshuflw xmm7, xmm7, 1, 0, 3, 2)\

pi(b)\

AS2( punpckhqdq xmm7, xmm7)\

pi(c)\

ASS( pshuflw xmm7, xmm7, 1, 0, 3, 2)\

pi(d)

pi4(xmm1, xmm2, xmm3, 1, 5, 9, 13)

100

pi4(xmm0, xmm1, xmm2, 2, 6, 10, 14)

101

pi4(xmm6, xmm0, xmm1, 3, 7, 11, 15)

102

pi4(xmm5, xmm6, xmm0, 4, 8, 12, 16)

103

104

// output keystream and update buffer here to hide partial memory stalls between pi and theta

105

AS2( movdqa xmm4, xmm3)

106

AS2( punpcklqdq xmm3, xmm2) // 1 5 2 6

107

AS2( punpckhdq xmm4, xmm2) // 9 10 13 14

108

AS2( movdqa xmm2, xmm1)

109

AS2( punpcklqdq xmm1, xmm0) // 3 7 4 8

110

AS2( punpckhdq xmm2, xmm0) // 11 12 15 16

111

112

// keystream

113

AS2( test WORD_REG(di), WORD_REG(di))

114

ASJ( jz, 0, f)

115

AS2( movdqa xmm6, xmm4)

116

AS2( punpcklqdq xmm4, xmm2)

117

AS2( punpckhqdq xmm6, xmm2)

118

AS2( test WORD_REG(dx), 0xf)

119

ASJ( jnz, 2, f)

120

AS2( test WORD_REG(dx), WORD_REG(dx))

121

ASJ( jz, 1, f)

122

AS2( pxor xmm4, [WORD_REG(dx)])

123

AS2( pxor xmm6, [WORD_REG(dx)+16])

124

AS2( add WORD_REG(dx), 32)

125

ASJ( jmp, 1, f)

126

ASL(2)

127

AS2( movdqu xmm0, [WORD_REG(dx)])

128

AS2( movdqu xmm2, [WORD_REG(dx)+16])

129

AS2( pxor xmm4, xmm0)

130

AS2( pxor xmm6, xmm2)

131

AS2( add WORD_REG(dx), 32)

132

ASL(1)

133

AS2( test WORD_REG(di), 0xf)

134

ASJ( jnz, 3, f)

135

AS2( movdqa [WORD_REG(di)], xmm4)

136

AS2( movdqa [WORD_REG(di)+16], xmm6)

137

AS2( add WORD_REG(di), 32)

138

ASJ( jmp, 0, f)

139

ASL(3)

140

AS2( movdqu [WORD_REG(di)], xmm4)

141

AS2( movdqu [WORD_REG(di)+16], xmm6)

142

AS2( add WORD_REG(di), 32)

143

ASL(0)

144

145

// buffer update

146

AS2( lea WORD_REG(cx), [WORD_REG(bx) + 32])

147

AS2( and WORD_REG(cx), 31*32)

148

AS2( lea WORD_REG(bp), [WORD_REG(bx) + (32-24)*32])

149

AS2( and WORD_REG(bp), 31*32)

150

151

AS2( movdqa xmm0, [WORD_REG(si)+20*4+WORD_REG(cx)+0*8])

152

AS2( pxor xmm3, xmm0)

153

ASS( pshufd xmm0, xmm0, 2, 3, 0, 1)

154

AS2( movdqa [WORD_REG(si)+20*4+WORD_REG(cx)+0*8], xmm3)

155

AS2( pxor xmm0, [WORD_REG(si)+20*4+WORD_REG(bp)+2*8])

156

AS2( movdqa [WORD_REG(si)+20*4+WORD_REG(bp)+2*8], xmm0)

157

158

AS2( movdqa xmm4, [WORD_REG(si)+20*4+WORD_REG(cx)+2*8])

159

AS2( pxor xmm1, xmm4)

160

AS2( movdqa [WORD_REG(si)+20*4+WORD_REG(cx)+2*8], xmm1)

161

AS2( pxor xmm4, [WORD_REG(si)+20*4+WORD_REG(bp)+0*8])

162

AS2( movdqa [WORD_REG(si)+20*4+WORD_REG(bp)+0*8], xmm4)

163

164

// theta

165

AS2( movdqa xmm3, [WORD_REG(si)+3*16])

166

AS2( movdqa xmm2, [WORD_REG(si)+2*16])

167

AS2( movdqa xmm1, [WORD_REG(si)+1*16])

168

AS2( movdqa xmm0, [WORD_REG(si)+0*16])

169

170

#if CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE

171

AS2( test WORD_REG(bx), 1)

172

ASJ( jnz, 8, f)

173

#endif

174

AS2( movd xmm6, eax)

175

AS2( movdqa xmm7, xmm3)

176

AS2( movss xmm7, xmm6)

177

AS2( movdqa xmm6, xmm2)

178

AS2( movss xmm6, xmm3)

179

AS2( movdqa xmm5, xmm1)

180

AS2( movss xmm5, xmm2)

181

AS2( movdqa xmm4, xmm0)

182

AS2( movss xmm4, xmm1)

183

ASS( pshufd xmm7, xmm7, 0, 3, 2, 1)

184

ASS( pshufd xmm6, xmm6, 0, 3, 2, 1)

185

ASS( pshufd xmm5, xmm5, 0, 3, 2, 1)

186

ASS( pshufd xmm4, xmm4, 0, 3, 2, 1)

187

#if CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE

188

ASJ( jmp, 9, f)

189

ASL(8)

190

AS2( movd xmm7, eax)

191

AS3( palignr xmm7, xmm3, 4)

192

AS2( movq xmm6, xmm3)

193

AS3( palignr xmm6, xmm2, 4)

194

AS2( movq xmm5, xmm2)

195

AS3( palignr xmm5, xmm1, 4)

196

AS2( movq xmm4, xmm1)

197

AS3( palignr xmm4, xmm0, 4)

198

ASL(9)

199

#endif

200

201

AS2( xor eax, 1)

202

AS2( movd ecx, xmm0)

203

AS2( xor eax, ecx)

204

AS2( movd ecx, xmm3)

205

AS2( xor eax, ecx)

206

207

AS2( pxor xmm3, xmm2)

208

AS2( pxor xmm2, xmm1)

209

AS2( pxor xmm1, xmm0)

210

AS2( pxor xmm0, xmm7)

211

AS2( pxor xmm3, xmm7)

212

AS2( pxor xmm2, xmm6)

213

AS2( pxor xmm1, xmm5)

214

AS2( pxor xmm0, xmm4)

215

216

// sigma

217

AS2( lea WORD_REG(cx), [WORD_REG(bx) + (32-4)*32])

218

AS2( and WORD_REG(cx), 31*32)

219

AS2( lea WORD_REG(bp), [WORD_REG(bx) + 16*32])

220

AS2( and WORD_REG(bp), 31*32)

221

222

AS2( movdqa xmm4, [WORD_REG(si)+20*4+WORD_REG(cx)+0*16])

223

AS2( movdqa xmm5, [WORD_REG(si)+20*4+WORD_REG(bp)+0*16])

224

AS2( movdqa xmm6, xmm4)

225

AS2( punpcklqdq xmm4, xmm5)

226

AS2( punpckhqdq xmm6, xmm5)

227

AS2( pxor xmm3, xmm4)

228

AS2( pxor xmm2, xmm6)

229

230

AS2( movdqa xmm4, [WORD_REG(si)+20*4+WORD_REG(cx)+1*16])

231

AS2( movdqa xmm5, [WORD_REG(si)+20*4+WORD_REG(bp)+1*16])

232

AS2( movdqa xmm6, xmm4)

233

AS2( punpcklqdq xmm4, xmm5)

234

AS2( punpckhqdq xmm6, xmm5)

235

AS2( pxor xmm1, xmm4)

236

AS2( pxor xmm0, xmm6)

237

238

// loop

239

AS2( add WORD_REG(bx), 32)

240

AS2( cmp WORD_REG(bx), [WORD_REG(sp)])

241

ASJ( jne, 4, b)

242

243

// save state

244

AS2( add WORD_REG(sp), WORD_SZ)

245

AS_POP( bp)

246

AS2( mov [WORD_REG(si)+4*16], eax)

247

AS2( movdqa [WORD_REG(si)+3*16], xmm3)

248

AS2( movdqa [WORD_REG(si)+2*16], xmm2)

249

AS2( movdqa [WORD_REG(si)+1*16], xmm1)

250

AS2( movdqa [WORD_REG(si)+0*16], xmm0)

251

ASL(5)

252

253

#ifdef __GNUC__

254

AS_POP( bx)

255

".att_syntax prefix;"

256

257

: "c" (count), "S" (state), "D" (z), "d" (y)

258

: "%eax", "memory", "cc"

259

);

260

#endif

261

}

262

263

#endif

m_bstart = 0;

memset(m_state, 0, m_state.size()*4);

}

264

265

template <class B>

266

void Panama::Iterate(size_t count, const word32 *p, word32 *z, const word32 *y)

267

{

268

word32 bstart = m_state[17];

269

word32 *const aPtr = m_state;

270

word32 cPtr[17];

271

272

#define bPtr ((byte *)(aPtr+20))

273

274

// reorder the state for SSE2

275

// a and c: 4 8 12 16 | 3 7 11 15 | 2 6 10 14 | 1 5 9 13 | 0

276

// xmm0 xmm1 xmm2 xmm3 eax

277

#define a(i) aPtr[((i)*13+16) % 17] // 13 is inverse of 4 mod 17

278

#define c(i) cPtr[((i)*13+16) % 17]

279

// b: 0 4 | 1 5 | 2 6 | 3 7

280

#define b(i, j) b##i[(j)*2%8 + (j)/4]

unsigned int bstart = m_bstart;

word32 *const a = m_state;

#define c (a+17)

#define b ((Stage *)(a+34))

281

282

// output

283

#define OA(i) z[i] = ConditionalByteReverse(B::ToEnum(), a(i+9))

284

#define OX(i) z[i] = y[i] ^ ConditionalByteReverse(B::ToEnum(), a(i+9))

#define OA(i) z[i] = ConditionalByteReverse(B::ToEnum(), a[i+9])

#define OX(i) z[i] = y[i] ^ ConditionalByteReverse(B::ToEnum(), a[i+9])

285

// buffer update

286

#define US(i) {word32 t=b(0,i); b(0,i)=ConditionalByteReverse(B::ToEnum(), p[i])^t; b(25,(i+6)%8)^=t;}

287

#define UL(i) {word32 t=b(0,i); b(0,i)=a(i+1)^t; b(25,(i+6)%8)^=t;}

#define US(i) {word32 t=b0[i]; b0[i]=ConditionalByteReverse(B::ToEnum(), p[i])^t; b25[(i+6)%8]^=t;}

#define UL(i) {word32 t=b0[i]; b0[i]=a[i+1]^t; b25[(i+6)%8]^=t;}

288

// gamma and pi

289

#define GP(i) c(5*i%17) = rotlFixed(a(i) ^ (a((i+1)%17) | ~a((i+2)%17)), ((5*i%17)*((5*i%17)+1)/2)%32)

#define GP(i) c[5*i%17] = rotlFixed(a[i] ^ (a[(i+1)%17] | ~a[(i+2)%17]), ((5*i%17)*((5*i%17)+1)/2)%32)

290

// theta and sigma

291

#define T(i,x) a(i) = c(i) ^ c((i+1)%17) ^ c((i+4)%17) ^ x

#define T(i,x) a[i] = c[i] ^ c[(i+1)%17] ^ c[(i+4)%17] ^ x

292

#define TS1S(i) T(i+1, ConditionalByteReverse(B::ToEnum(), p[i]))

293

#define TS1L(i) T(i+1, b(4,i))

294

#define TS2(i) T(i+9, b(16,i))

#define TS1L(i) T(i+1, b4[i])

#define TS2(i) T(i+9, b16[i])

295

296

while (count--)

297

{

309

z += 8;

310

}

311

312

word32 *const b16 = (word32 *)(bPtr+((bstart+16*32) & 31*32));

313

word32 *const b4 = (word32 *)(bPtr+((bstart+(32-4)*32) & 31*32));

314

bstart += 32;

315

word32 *const b0 = (word32 *)(bPtr+((bstart) & 31*32));

316

word32 *const b25 = (word32 *)(bPtr+((bstart+(32-25)*32) & 31*32));

word32 *const b16 = b[(bstart+16) % STAGES];

word32 *const b4 = b[(bstart+4) % STAGES];

bstart = (bstart + STAGES - 1) % STAGES;

word32 *const b0 = b[bstart];

word32 *const b25 = b[(bstart+25) % STAGES];

317

318

if (p)

319

{

324

UL(0); UL(1); UL(2); UL(3); UL(4); UL(5); UL(6); UL(7);

325

}

326

327

GP(0);

328

GP(1);

329

GP(2);

330

GP(3);

331

GP(4);

332

GP(5);

333

GP(6);

334

GP(7);

335

GP(8);

336

GP(9);

337

GP(10);

338

GP(11);

339

GP(12);

340

GP(13);

341

GP(14);

342

GP(15);

343

GP(16);

GP(0); GP(1); GP(2); GP(3); GP(4); GP(5); GP(6); GP(7);

GP(8); GP(9); GP(10); GP(11); GP(12); GP(13); GP(14); GP(15); GP(16);

344

345

T(0,1);

346

356

357

TS2(0); TS2(1); TS2(2); TS2(3); TS2(4); TS2(5); TS2(6); TS2(7);

358

}

359

m_state[17] = bstart;

m_bstart = bstart;

360

}

361

362

namespace Weak {

363

template <class B>

364

size_t PanamaHash::HashMultipleBlocks(const word32 *input, size_t length)

365

{

378

105

379

106

this->Iterate(32); // pull

380

107

381

FixedSizeSecBlock<word32, 8> buf;

382

this->Iterate(1, NULL, buf, NULL);

383

384

memcpy(hash, buf, size);

108

ConditionalByteReverse(B::ToEnum(), this->m_state+9, this->m_state+9, DIGESTSIZE);

109

memcpy(hash, this->m_state+9, size);

385

110

386

111

this->Restart(); // reinit for next use

387

112

}

388

}

389

113

390

114

template <class B>

391

115

void PanamaCipherPolicy::CipherSetKey(const NameValuePairs &params, const byte *key, size_t length)

392

116

{

393

assert(length==32);

394

memcpy(m_key, key, 32);

395

}

117

FixedSizeSecBlock<word32, 8> buf;

396

118

397

template <class B>

398

void PanamaCipherPolicy::CipherResynchronize(byte *keystreamBuffer, const byte *iv)

399

{

400

119

this->Reset();

401

this->Iterate(1, m_key);

402

if (iv && IsAligned<word32>(iv))

403

this->Iterate(1, (const word32 *)iv);

404

else

405

{

406

FixedSizeSecBlock<word32, 8> buf;

407

if (iv)

408

memcpy(buf, iv, 32);

409

else

410

memset(buf, 0, 32);

411

this->Iterate(1, buf);

412

}

413

414

#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE

415

if (B::ToEnum() == LITTLE_ENDIAN_ORDER && HasSSE2())

416

Panama_SSE2_Pull(32, this->m_state, NULL, NULL);

417

else

418

#endif

419

this->Iterate(32);

420

}

421

422

#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X64

423

template <class B>

424

unsigned int PanamaCipherPolicy::GetAlignment() const

425

{

426

#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE

427

if (B::ToEnum() == LITTLE_ENDIAN_ORDER && HasSSE2())

428

return 16;

429

else

430

#endif

431

return 1;

432

}

433

#endif

120

memcpy(buf, key, 32);

121

this->Iterate(1, buf);

122

if (length == 64)

123

memcpy(buf, key+32, 32);

124

else

125

memset(buf, 0, 32);

126

this->Iterate(1, buf);

127

128

this->Iterate(32);

129

}

434

130

435

131

template <class B>

436

132

void PanamaCipherPolicy::OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount)

437

133

{

438

#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE

439

if (B::ToEnum() == LITTLE_ENDIAN_ORDER && HasSSE2())

440

Panama_SSE2_Pull(iterationCount, this->m_state, (word32 *)output, (const word32 *)input);

441

else

442

#endif

443

this->Iterate(iterationCount, NULL, (word32 *)output, (const word32 *)input);

134

this->Iterate(iterationCount, NULL, (word32 *)output, (const word32 *)input);

444

135

}

445

136

446

137

template class Panama<BigEndian>;

447

138

template class Panama<LittleEndian>;

448

139

449

template class Weak::PanamaHash<BigEndian>;

450

template class Weak::PanamaHash<LittleEndian>;

140

template class PanamaHash<BigEndian>;

141

template class PanamaHash<LittleEndian>;

451

142

452

143

template class PanamaCipherPolicy<BigEndian>;

453

144

template class PanamaCipherPolicy<LittleEndian>;

Older »