27
27
#if VMAC_BOOL_WORD128
29
// workaround GCC Bug 31690: ICE with const __uint128_t and C++ front-end
30
#define m126 ((word128(m62)<<64)|m64)
28
32
static const word128 m126 = (word128(m62)<<64)|m64; /* 126-bit mask */
31
36
void VMAC_Base::UncheckedSetKey(const byte *userKey, unsigned int keylength, const NameValuePairs ¶ms)
55
for (i = 0; i < m_nhKeySize()*sizeof(word64); i += blockSize)
57
cipher.ProcessBlock(in, out.BytePtr());
58
ConditionalByteReverse(BIG_ENDIAN_ORDER, m_nhKey()+i/sizeof(word64), out.begin(), blockSize);
60
cipher.AdvancedProcessBlocks(in, NULL, (byte *)m_nhKey(), m_nhKeySize()*sizeof(word64), cipher.BT_InBlockIsCounter);
61
ConditionalByteReverse<word64>(BIG_ENDIAN_ORDER, m_nhKey(), m_nhKey(), m_nhKeySize()*sizeof(word64));
62
63
/* Fill poly key */
84
85
} while ((l3Key[i*2+0] >= p64) || (l3Key[i*2+1] >= p64));
86
87
m_padCached = false;
87
Resynchronize(GetIVAndThrowIfInvalid(params));
89
const byte *nonce = GetIVAndThrowIfInvalid(params, nonceLength);
90
Resynchronize(nonce, (int)nonceLength);
90
93
void VMAC_Base::GetNextIV(RandomNumberGenerator &rng, byte *IV)
96
void VMAC_Base::Resynchronize(const byte *IV)
99
void VMAC_Base::Resynchronize(const byte *nonce, int len)
101
size_t length = ThrowIfInvalidIVLength(len);
103
byte *storedNonce = m_nonce();
101
memcpy(m_nonce(), IV, s);
102
AccessCipher().ProcessBlock(m_nonce(), m_pad());
107
memset(storedNonce, 0, s-length);
108
memcpy(storedNonce+s-length, nonce, length);
109
AccessCipher().ProcessBlock(storedNonce, m_pad());
106
m_padCached = m_padCached && (m_nonce()[s-1] | 1) == (IV[s-1] | 1) && memcmp(m_nonce(), IV, s-1) == 0;
113
if (m_padCached && (storedNonce[s-1] | 1) == (nonce[length-1] | 1))
115
m_padCached = VerifyBufsEqual(storedNonce+s-length, nonce, length-1);
116
for (size_t i=0; m_padCached && i<s-length; i++)
117
m_padCached = (storedNonce[i] == 0);
107
119
if (!m_padCached)
109
memcpy(m_nonce(), IV, s);
110
m_nonce()[s-1] &= 0xfe;
111
AccessCipher().ProcessBlock(m_nonce(), m_pad());
121
memset(storedNonce, 0, s-length);
122
memcpy(storedNonce+s-length, nonce, length-1);
123
storedNonce[s-1] = nonce[length-1] & 0xfe;
124
AccessCipher().ProcessBlock(storedNonce, m_pad());
112
125
m_padCached = true;
114
m_nonce()[s-1] = IV[s-1];
127
storedNonce[s-1] = nonce[length-1];
116
129
m_isFirstBlock = true;
141
156
AS2( mov %1, %%ebx)
142
157
".intel_syntax noprefix;"
145
word32 L1KeyLength = m_L1KeyLength;
159
#if _MSC_VER < 1300 || defined(__INTEL_COMPILER)
146
160
char isFirstBlock = m_isFirstBlock;
147
161
AS2( mov ebx, [L1KeyLength])
148
162
AS2( mov dl, [isFirstBlock])
362
376
".att_syntax prefix;"
363
377
AS2( mov %0, %%ebx)
365
: "m" (m_L1KeyLength), "c" (blocksRemainingInWord64), "S" (data), "D" (nhK+tagPart*2), "d" (m_isFirstBlock), "a" (polyS+tagPart*4)
379
: "m" (L1KeyLength), "c" (blocksRemainingInWord64), "S" (data), "D" (nhK+tagPart*2), "d" (m_isFirstBlock), "a" (polyS+tagPart*4)
385
399
#define MUL64(rh,rl,i1,i2) asm ("mulq %3" : "=a"(rl), "=d"(rh) : "a"(i1), "g"(i2) : "cc");
386
400
#define AccumulateNH(a, b, c) asm ("mulq %3; addq %%rax, %0; adcq %%rdx, %1" : "+r"(a##0), "+r"(a##1) : "a"(b), "g"(c) : "%rdx", "cc");
387
401
#define ADD128(rh,rl,ih,il) asm ("addq %3, %1; adcq %2, %0" : "+r"(rh),"+r"(rl) : "r"(ih),"r"(il) : "cc");
388
#elif defined(_MSC_VER) && !defined(CRYPTOPP_SLOW_WORD64)
402
#elif defined(_MSC_VER) && !CRYPTOPP_BOOL_SLOW_WORD64
389
403
#define DeclareNH(a) word64 a##0=0, a##1=0
390
404
#define MUL64(rh,rl,i1,i2) (rl) = _umul128(i1,i2,&(rh));
391
405
#define AccumulateNH(a, b, c) {\
475
490
if (blocksRemainingInWord64 < L1KeyLengthInWord64)
477
492
if (blocksRemainingInWord64 % 8)
479
494
innerLoopEnd = blocksRemainingInWord64 % 8;
480
for (i=0; i<innerLoopEnd; i+=2)
495
for (; i<innerLoopEnd; i+=2)
481
496
INNER_LOOP_ITERATION(0);
482
blocksRemainingInWord64 -= innerLoopEnd;
483
data += innerLoopEnd;
485
498
innerLoopEnd = blocksRemainingInWord64;
488
for (i=0; i<innerLoopEnd; i+=8)
500
for (; i<innerLoopEnd; i+=8)
490
502
INNER_LOOP_ITERATION(0);
491
503
INNER_LOOP_ITERATION(1);