diff options
author | Jack Lloyd <[email protected]> | 2021-03-31 08:06:48 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2021-03-31 08:07:27 -0400 |
commit | b558aebdd4bdd13641ccfdaf9502a2031f66c655 (patch) | |
tree | 10780e079444dbb519ee58bfac6a5cd5ce8c9123 | |
parent | 2cbb1c530fba8dbe9534be0ba76c8463e7bc7226 (diff) |
Modify DES to use a variant of the BMI2 approach
This works portably and is even a little faster, since we are basically
trading a multiply and an AND for a pdep.
Not a complete side channel protection but should be side channel
silent except for those rare processors with cache bank conflicts,
or those which short-circuit multiplication, which are beyond hopeless.
-rw-r--r-- | src/lib/block/des/des.cpp | 185 | ||||
-rw-r--r-- | src/lib/block/des/des.h | 5 | ||||
-rw-r--r-- | src/lib/block/des/des_bmi2/des_bmi2.cpp | 292 | ||||
-rw-r--r-- | src/lib/block/des/des_bmi2/info.txt | 17 |
4 files changed, 67 insertions, 432 deletions
diff --git a/src/lib/block/des/des.cpp b/src/lib/block/des/des.cpp index 2dc3e9c43..0e2b0d189 100644 --- a/src/lib/block/des/des.cpp +++ b/src/lib/block/des/des.cpp @@ -17,102 +17,65 @@ namespace Botan { namespace { -alignas(256) const uint32_t DES_SPBOX[64*8] = { - 0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404, - 0x00000004, 0x00010000, 0x00000400, 0x01010400, 0x01010404, 0x00000400, - 0x01000404, 0x01010004, 0x01000000, 0x00000004, 0x00000404, 0x01000400, - 0x01000400, 0x00010400, 0x00010400, 0x01010000, 0x01010000, 0x01000404, - 0x00010004, 0x01000004, 0x01000004, 0x00010004, 0x00000000, 0x00000404, - 0x00010404, 0x01000000, 0x00010000, 0x01010404, 0x00000004, 0x01010000, - 0x01010400, 0x01000000, 0x01000000, 0x00000400, 0x01010004, 0x00010000, - 0x00010400, 0x01000004, 0x00000400, 0x00000004, 0x01000404, 0x00010404, - 0x01010404, 0x00010004, 0x01010000, 0x01000404, 0x01000004, 0x00000404, - 0x00010404, 0x01010400, 0x00000404, 0x01000400, 0x01000400, 0x00000000, - 0x00010004, 0x00010400, 0x00000000, 0x01010004, - - 0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020, - 0x80100020, 0x80008020, 0x80000020, 0x80108020, 0x80108000, 0x80000000, - 0x80008000, 0x00100000, 0x00000020, 0x80100020, 0x00108000, 0x00100020, - 0x80008020, 0x00000000, 0x80000000, 0x00008000, 0x00108020, 0x80100000, - 0x00100020, 0x80000020, 0x00000000, 0x00108000, 0x00008020, 0x80108000, - 0x80100000, 0x00008020, 0x00000000, 0x00108020, 0x80100020, 0x00100000, - 0x80008020, 0x80100000, 0x80108000, 0x00008000, 0x80100000, 0x80008000, - 0x00000020, 0x80108020, 0x00108020, 0x00000020, 0x00008000, 0x80000000, - 0x00008020, 0x80108000, 0x00100000, 0x80000020, 0x00100020, 0x80008020, - 0x80000020, 0x00100020, 0x00108000, 0x00000000, 0x80008000, 0x00008020, - 0x80000000, 0x80100020, 0x80108020, 0x00108000, - - 0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000, - 0x00020208, 0x08000200, 0x00020008, 0x08000008, 0x08000008, 0x00020000, - 0x08020208, 0x00020008, 0x08020000, 0x00000208, 0x08000000, 0x00000008, - 0x08020200, 0x00000200, 0x00020200, 0x08020000, 0x08020008, 0x00020208, - 0x08000208, 0x00020200, 0x00020000, 0x08000208, 0x00000008, 0x08020208, - 0x00000200, 0x08000000, 0x08020200, 0x08000000, 0x00020008, 0x00000208, - 0x00020000, 0x08020200, 0x08000200, 0x00000000, 0x00000200, 0x00020008, - 0x08020208, 0x08000200, 0x08000008, 0x00000200, 0x00000000, 0x08020008, - 0x08000208, 0x00020000, 0x08000000, 0x08020208, 0x00000008, 0x00020208, - 0x00020200, 0x08000008, 0x08020000, 0x08000208, 0x00000208, 0x08020000, - 0x00020208, 0x00000008, 0x08020008, 0x00020200, - - 0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081, - 0x00800001, 0x00002001, 0x00000000, 0x00802000, 0x00802000, 0x00802081, - 0x00000081, 0x00000000, 0x00800080, 0x00800001, 0x00000001, 0x00002000, - 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002001, 0x00002080, - 0x00800081, 0x00000001, 0x00002080, 0x00800080, 0x00002000, 0x00802080, - 0x00802081, 0x00000081, 0x00800080, 0x00800001, 0x00802000, 0x00802081, - 0x00000081, 0x00000000, 0x00000000, 0x00802000, 0x00002080, 0x00800080, - 0x00800081, 0x00000001, 0x00802001, 0x00002081, 0x00002081, 0x00000080, - 0x00802081, 0x00000081, 0x00000001, 0x00002000, 0x00800001, 0x00002001, - 0x00802080, 0x00800081, 0x00002001, 0x00002080, 0x00800000, 0x00802001, - 0x00000080, 0x00800000, 0x00002000, 0x00802080, - - 0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100, - 0x40000000, 0x02080000, 0x40080100, 0x00080000, 0x02000100, 0x40080100, - 0x42000100, 0x42080000, 0x00080100, 0x40000000, 0x02000000, 0x40080000, - 0x40080000, 0x00000000, 0x40000100, 0x42080100, 0x42080100, 0x02000100, - 0x42080000, 0x40000100, 0x00000000, 0x42000000, 0x02080100, 0x02000000, - 0x42000000, 0x00080100, 0x00080000, 0x42000100, 0x00000100, 0x02000000, - 0x40000000, 0x02080000, 0x42000100, 0x40080100, 0x02000100, 0x40000000, - 0x42080000, 0x02080100, 0x40080100, 0x00000100, 0x02000000, 0x42080000, - 0x42080100, 0x00080100, 0x42000000, 0x42080100, 0x02080000, 0x00000000, - 0x40080000, 0x42000000, 0x00080100, 0x02000100, 0x40000100, 0x00080000, - 0x00000000, 0x40080000, 0x02080100, 0x40000100, - - 0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010, - 0x20404010, 0x00400000, 0x20004000, 0x00404010, 0x00400000, 0x20000010, - 0x00400010, 0x20004000, 0x20000000, 0x00004010, 0x00000000, 0x00400010, - 0x20004010, 0x00004000, 0x00404000, 0x20004010, 0x00000010, 0x20400010, - 0x20400010, 0x00000000, 0x00404010, 0x20404000, 0x00004010, 0x00404000, - 0x20404000, 0x20000000, 0x20004000, 0x00000010, 0x20400010, 0x00404000, - 0x20404010, 0x00400000, 0x00004010, 0x20000010, 0x00400000, 0x20004000, - 0x20000000, 0x00004010, 0x20000010, 0x20404010, 0x00404000, 0x20400000, - 0x00404010, 0x20404000, 0x00000000, 0x20400010, 0x00000010, 0x00004000, - 0x20400000, 0x00404010, 0x00004000, 0x00400010, 0x20004010, 0x00000000, - 0x20404000, 0x20000000, 0x00400010, 0x20004010, - - 0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802, - 0x00200802, 0x04200800, 0x04200802, 0x00200000, 0x00000000, 0x04000002, - 0x00000002, 0x04000000, 0x04200002, 0x00000802, 0x04000800, 0x00200802, - 0x00200002, 0x04000800, 0x04000002, 0x04200000, 0x04200800, 0x00200002, - 0x04200000, 0x00000800, 0x00000802, 0x04200802, 0x00200800, 0x00000002, - 0x04000000, 0x00200800, 0x04000000, 0x00200800, 0x00200000, 0x04000802, - 0x04000802, 0x04200002, 0x04200002, 0x00000002, 0x00200002, 0x04000000, - 0x04000800, 0x00200000, 0x04200800, 0x00000802, 0x00200802, 0x04200800, - 0x00000802, 0x04000002, 0x04200802, 0x04200000, 0x00200800, 0x00000000, - 0x00000002, 0x04200802, 0x00000000, 0x00200802, 0x04200000, 0x00000800, - 0x04000002, 0x04000800, 0x00000800, 0x00200002, - - 0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040, - 0x00000040, 0x10000000, 0x00040040, 0x10040000, 0x10041040, 0x00041000, - 0x10041000, 0x00041040, 0x00001000, 0x00000040, 0x10040000, 0x10000040, - 0x10001000, 0x00001040, 0x00041000, 0x00040040, 0x10040040, 0x10041000, - 0x00001040, 0x00000000, 0x00000000, 0x10040040, 0x10000040, 0x10001000, - 0x00041040, 0x00040000, 0x00041040, 0x00040000, 0x10041000, 0x00001000, - 0x00000040, 0x10040040, 0x00001000, 0x00041040, 0x10001000, 0x00000040, - 0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x00040000, 0x10001040, - 0x00000000, 0x10041040, 0x00040040, 0x10000040, 0x10040000, 0x10001000, - 0x10001040, 0x00000000, 0x10041040, 0x00041000, 0x00041000, 0x00001040, - 0x00001040, 0x00040040, 0x10000000, 0x10041000 }; +alignas(256) const uint8_t SPBOX_CATS[64*8] = { + 0x54, 0x00, 0x10, 0x55, 0x51, 0x15, 0x01, 0x10, 0x04, 0x54, 0x55, 0x04, 0x45, 0x51, 0x40, 0x01, + 0x05, 0x44, 0x44, 0x14, 0x14, 0x50, 0x50, 0x45, 0x11, 0x41, 0x41, 0x11, 0x00, 0x05, 0x15, 0x40, + 0x10, 0x55, 0x01, 0x50, 0x54, 0x40, 0x40, 0x04, 0x51, 0x10, 0x14, 0x41, 0x04, 0x01, 0x45, 0x15, + 0x55, 0x11, 0x50, 0x45, 0x41, 0x05, 0x15, 0x54, 0x05, 0x44, 0x44, 0x00, 0x11, 0x14, 0x00, 0x51, + + 0x55, 0x44, 0x04, 0x15, 0x10, 0x01, 0x51, 0x45, 0x41, 0x55, 0x54, 0x40, 0x44, 0x10, 0x01, 0x51, + 0x14, 0x11, 0x45, 0x00, 0x40, 0x04, 0x15, 0x50, 0x11, 0x41, 0x00, 0x14, 0x05, 0x54, 0x50, 0x05, + 0x00, 0x15, 0x51, 0x10, 0x45, 0x50, 0x54, 0x04, 0x50, 0x44, 0x01, 0x55, 0x15, 0x01, 0x04, 0x40, + 0x05, 0x54, 0x10, 0x41, 0x11, 0x45, 0x41, 0x11, 0x14, 0x00, 0x44, 0x05, 0x40, 0x51, 0x55, 0x14, + + 0x09, 0xA8, 0x00, 0xA1, 0x88, 0x00, 0x29, 0x88, 0x21, 0x81, 0x81, 0x20, 0xA9, 0x21, 0xA0, 0x09, + 0x80, 0x01, 0xA8, 0x08, 0x28, 0xA0, 0xA1, 0x29, 0x89, 0x28, 0x20, 0x89, 0x01, 0xA9, 0x08, 0x80, + 0xA8, 0x80, 0x21, 0x09, 0x20, 0xA8, 0x88, 0x00, 0x08, 0x21, 0xA9, 0x88, 0x81, 0x08, 0x00, 0xA1, + 0x89, 0x20, 0x80, 0xA9, 0x01, 0x29, 0x28, 0x81, 0xA0, 0x89, 0x09, 0xA0, 0x29, 0x01, 0xA1, 0x28, + + 0x51, 0x15, 0x15, 0x04, 0x54, 0x45, 0x41, 0x11, 0x00, 0x50, 0x50, 0x55, 0x05, 0x00, 0x44, 0x41, + 0x01, 0x10, 0x40, 0x51, 0x04, 0x40, 0x11, 0x14, 0x45, 0x01, 0x14, 0x44, 0x10, 0x54, 0x55, 0x05, + 0x44, 0x41, 0x50, 0x55, 0x05, 0x00, 0x00, 0x50, 0x14, 0x44, 0x45, 0x01, 0x51, 0x15, 0x15, 0x04, + 0x55, 0x05, 0x01, 0x10, 0x41, 0x11, 0x54, 0x45, 0x11, 0x14, 0x40, 0x51, 0x04, 0x40, 0x10, 0x54, + + 0x01, 0x29, 0x28, 0xA1, 0x08, 0x01, 0x80, 0x28, 0x89, 0x08, 0x21, 0x89, 0xA1, 0xA8, 0x09, 0x80, + 0x20, 0x88, 0x88, 0x00, 0x81, 0xA9, 0xA9, 0x21, 0xA8, 0x81, 0x00, 0xA0, 0x29, 0x20, 0xA0, 0x09, + 0x08, 0xA1, 0x01, 0x20, 0x80, 0x28, 0xA1, 0x89, 0x21, 0x80, 0xA8, 0x29, 0x89, 0x01, 0x20, 0xA8, + 0xA9, 0x09, 0xA0, 0xA9, 0x28, 0x00, 0x88, 0xA0, 0x09, 0x21, 0x81, 0x08, 0x00, 0x88, 0x29, 0x81, + + 0x41, 0x50, 0x04, 0x55, 0x50, 0x01, 0x55, 0x10, 0x44, 0x15, 0x10, 0x41, 0x11, 0x44, 0x40, 0x05, + 0x00, 0x11, 0x45, 0x04, 0x14, 0x45, 0x01, 0x51, 0x51, 0x00, 0x15, 0x54, 0x05, 0x14, 0x54, 0x40, + 0x44, 0x01, 0x51, 0x14, 0x55, 0x10, 0x05, 0x41, 0x10, 0x44, 0x40, 0x05, 0x41, 0x55, 0x14, 0x50, + 0x15, 0x54, 0x00, 0x51, 0x01, 0x04, 0x50, 0x15, 0x04, 0x11, 0x45, 0x00, 0x54, 0x40, 0x11, 0x45, + + 0x10, 0x51, 0x45, 0x00, 0x04, 0x45, 0x15, 0x54, 0x55, 0x10, 0x00, 0x41, 0x01, 0x40, 0x51, 0x05, + 0x44, 0x15, 0x11, 0x44, 0x41, 0x50, 0x54, 0x11, 0x50, 0x04, 0x05, 0x55, 0x14, 0x01, 0x40, 0x14, + 0x40, 0x14, 0x10, 0x45, 0x45, 0x51, 0x51, 0x01, 0x11, 0x40, 0x44, 0x10, 0x54, 0x05, 0x15, 0x54, + 0x05, 0x41, 0x55, 0x50, 0x14, 0x00, 0x01, 0x55, 0x00, 0x15, 0x50, 0x04, 0x41, 0x44, 0x04, 0x11, + + 0x89, 0x08, 0x20, 0xA9, 0x80, 0x89, 0x01, 0x80, 0x21, 0xA0, 0xA9, 0x28, 0xA8, 0x29, 0x08, 0x01, + 0xA0, 0x81, 0x88, 0x09, 0x28, 0x21, 0xA1, 0xA8, 0x09, 0x00, 0x00, 0xA1, 0x81, 0x88, 0x29, 0x20, + 0x29, 0x20, 0xa8, 0x08, 0x01, 0xA1, 0x08, 0x29, 0x88, 0x01, 0x81, 0xA0, 0xA1, 0x80, 0x20, 0x89, + 0x00, 0xA9, 0x21, 0x81, 0xA0, 0x88, 0x89, 0x00, 0xA9, 0x28, 0x28, 0x09, 0x09, 0x21, 0x80, 0xA8, +}; + +const uint32_t SPBOX_CAT_0_MUL = 0x70041106; +const uint32_t SPBOX_CAT_1_MUL = 0x02012020; +const uint32_t SPBOX_CAT_2_MUL = 0x00901048; +const uint32_t SPBOX_CAT_3_MUL = 0x8e060221; +const uint32_t SPBOX_CAT_4_MUL = 0x00912140; +const uint32_t SPBOX_CAT_5_MUL = 0x80841018; +const uint32_t SPBOX_CAT_6_MUL = 0xe0120202; +const uint32_t SPBOX_CAT_7_MUL = 0x00212240; + +const uint32_t SPBOX_CAT_0_MASK = 0x01010404; +const uint32_t SPBOX_CAT_1_MASK = 0x80108020; +const uint32_t SPBOX_CAT_2_MASK = 0x08020208; +const uint32_t SPBOX_CAT_3_MASK = 0x00802081; +const uint32_t SPBOX_CAT_4_MASK = 0x42080100; +const uint32_t SPBOX_CAT_5_MASK = 0x20404010; +const uint32_t SPBOX_CAT_6_MASK = 0x04200802; +const uint32_t SPBOX_CAT_7_MASK = 0x10041040; /* * DES Key Schedule @@ -183,14 +146,14 @@ void des_key_schedule(uint32_t round_key[32], const uint8_t key[8]) inline uint32_t spbox(uint32_t T0, uint32_t T1) { return - DES_SPBOX[64*0+((T0 >> 24) & 0x3F)] ^ - DES_SPBOX[64*1+((T1 >> 24) & 0x3F)] ^ - DES_SPBOX[64*2+((T0 >> 16) & 0x3F)] ^ - DES_SPBOX[64*3+((T1 >> 16) & 0x3F)] ^ - DES_SPBOX[64*4+((T0 >> 8) & 0x3F)] ^ - DES_SPBOX[64*5+((T1 >> 8) & 0x3F)] ^ - DES_SPBOX[64*6+((T0 >> 0) & 0x3F)] ^ - DES_SPBOX[64*7+((T1 >> 0) & 0x3F)]; + ((SPBOX_CATS[0*64 + ((T0 >> 24) & 0x3F)] * SPBOX_CAT_0_MUL) & SPBOX_CAT_0_MASK) ^ + ((SPBOX_CATS[1*64 + ((T1 >> 24) & 0x3F)] * SPBOX_CAT_1_MUL) & SPBOX_CAT_1_MASK) ^ + ((SPBOX_CATS[2*64 + ((T0 >> 16) & 0x3F)] * SPBOX_CAT_2_MUL) & SPBOX_CAT_2_MASK) ^ + ((SPBOX_CATS[3*64 + ((T1 >> 16) & 0x3F)] * SPBOX_CAT_3_MUL) & SPBOX_CAT_3_MASK) ^ + ((SPBOX_CATS[4*64 + ((T0 >> 8) & 0x3F)] * SPBOX_CAT_4_MUL) & SPBOX_CAT_4_MASK) ^ + ((SPBOX_CATS[5*64 + ((T1 >> 8) & 0x3F)] * SPBOX_CAT_5_MUL) & SPBOX_CAT_5_MASK) ^ + ((SPBOX_CATS[6*64 + ((T0 >> 0) & 0x3F)] * SPBOX_CAT_6_MUL) & SPBOX_CAT_6_MASK) ^ + ((SPBOX_CATS[7*64 + ((T1 >> 0) & 0x3F)] * SPBOX_CAT_7_MUL) & SPBOX_CAT_7_MASK); } /* @@ -432,13 +395,6 @@ void TripleDES::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) cons { verify_key_set(m_round_key.empty() == false); -#if defined(BOTAN_HAS_DES_BMI2) - if(CPUID::has_bmi2() && CPUID::has_fast_pdep()) - { - return bmi2_encrypt_n(in, out, blocks, &m_round_key[0]); - } -#endif - while(blocks >= 2) { uint32_t L0 = load_be<uint32_t>(in, 0); @@ -489,13 +445,6 @@ void TripleDES::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) cons { verify_key_set(m_round_key.empty() == false); -#if defined(BOTAN_HAS_DES_BMI2) - if(CPUID::has_bmi2() && CPUID::has_fast_pdep()) - { - return bmi2_decrypt_n(in, out, blocks, &m_round_key[0]); - } -#endif - while(blocks >= 2) { uint32_t L0 = load_be<uint32_t>(in, 0); diff --git a/src/lib/block/des/des.h b/src/lib/block/des/des.h index 2907ff0f1..4c834c6f6 100644 --- a/src/lib/block/des/des.h +++ b/src/lib/block/des/des.h @@ -44,11 +44,6 @@ class TripleDES final : public Block_Cipher_Fixed_Params<8, 16, 24, 8> BlockCipher* clone() const override { return new TripleDES; } private: -#if defined(BOTAN_HAS_DES_BMI2) - static void bmi2_encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks, const uint32_t key[]); - static void bmi2_decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks, const uint32_t key[]); -#endif - void key_schedule(const uint8_t[], size_t) override; secure_vector<uint32_t> m_round_key; diff --git a/src/lib/block/des/des_bmi2/des_bmi2.cpp b/src/lib/block/des/des_bmi2/des_bmi2.cpp deleted file mode 100644 index da3f5bd6d..000000000 --- a/src/lib/block/des/des_bmi2/des_bmi2.cpp +++ /dev/null @@ -1,292 +0,0 @@ -/* -* (C) 2020 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#include <botan/internal/des.h> -#include <botan/internal/rotate.h> -#include <botan/internal/loadstor.h> -#include <immintrin.h> - -namespace Botan { - -namespace { - -namespace DES_BMI2_fn { - -alignas(64) const uint8_t SPBOX_CAT_0[64] = { - 0xE, 0x0, 0x4, 0xF, 0xD, 0x7, 0x1, 0x4, 0x2, 0xE, 0xF, 0x2, 0xB, 0xD, 0x8, 0x1, - 0x3, 0xA, 0xA, 0x6, 0x6, 0xC, 0xC, 0xB, 0x5, 0x9, 0x9, 0x5, 0x0, 0x3, 0x7, 0x8, - 0x4, 0xF, 0x1, 0xC, 0xE, 0x8, 0x8, 0x2, 0xD, 0x4, 0x6, 0x9, 0x2, 0x1, 0xB, 0x7, - 0xF, 0x5, 0xC, 0xB, 0x9, 0x3, 0x7, 0xE, 0x3, 0xA, 0xA, 0x0, 0x5, 0x6, 0x0, 0xD, -}; - -alignas(64) const uint8_t SPBOX_CAT_1[64] = { - 0xF, 0xA, 0x2, 0x7, 0x4, 0x1, 0xD, 0xB, 0x9, 0xF, 0xE, 0x8, 0xA, 0x4, 0x1, 0xD, - 0x6, 0x5, 0xB, 0x0, 0x8, 0x2, 0x7, 0xC, 0x5, 0x9, 0x0, 0x6, 0x3, 0xE, 0xC, 0x3, - 0x0, 0x7, 0xD, 0x4, 0xB, 0xC, 0xE, 0x2, 0xC, 0xA, 0x1, 0xF, 0x7, 0x1, 0x2, 0x8, - 0x3, 0xE, 0x4, 0x9, 0x5, 0xB, 0x9, 0x5, 0x6, 0x0, 0xA, 0x3, 0x8, 0xD, 0xF, 0x6, -}; - -alignas(64) const uint8_t SPBOX_CAT_2[64] = { - 0x3, 0xE, 0x0, 0xD, 0xA, 0x0, 0x7, 0xA, 0x5, 0x9, 0x9, 0x4, 0xF, 0x5, 0xC, 0x3, - 0x8, 0x1, 0xE, 0x2, 0x6, 0xC, 0xD, 0x7, 0xB, 0x6, 0x4, 0xB, 0x1, 0xF, 0x2, 0x8, - 0xE, 0x8, 0x5, 0x3, 0x4, 0xE, 0xA, 0x0, 0x2, 0x5, 0xF, 0xA, 0x9, 0x2, 0x0, 0xD, - 0xB, 0x4, 0x8, 0xF, 0x1, 0x7, 0x6, 0x9, 0xC, 0xB, 0x3, 0xC, 0x7, 0x1, 0xD, 0x6, -}; - -alignas(64) const uint8_t SPBOX_CAT_3[64] = { - 0xD, 0x7, 0x7, 0x2, 0xE, 0xB, 0x9, 0x5, 0x0, 0xC, 0xC, 0xF, 0x3, 0x0, 0xA, 0x9, - 0x1, 0x4, 0x8, 0xD, 0x2, 0x8, 0x5, 0x6, 0xB, 0x1, 0x6, 0xA, 0x4, 0xE, 0xF, 0x3, - 0xA, 0x9, 0xC, 0xF, 0x3, 0x0, 0x0, 0xC, 0x6, 0xA, 0xB, 0x1, 0xD, 0x7, 0x7, 0x2, - 0xF, 0x3, 0x1, 0x4, 0x9, 0x5, 0xE, 0xB, 0x5, 0x6, 0x8, 0xD, 0x2, 0x8, 0x4, 0xE, -}; - -alignas(64) const uint8_t SPBOX_CAT_4[64] = { - 0x1, 0x7, 0x6, 0xD, 0x2, 0x1, 0x8, 0x6, 0xB, 0x2, 0x5, 0xB, 0xD, 0xE, 0x3, 0x8, - 0x4, 0xA, 0xA, 0x0, 0x9, 0xF, 0xF, 0x5, 0xE, 0x9, 0x0, 0xC, 0x7, 0x4, 0xC, 0x3, - 0x2, 0xD, 0x1, 0x4, 0x8, 0x6, 0xD, 0xB, 0x5, 0x8, 0xE, 0x7, 0xB, 0x1, 0x4, 0xE, - 0xF, 0x3, 0xC, 0xF, 0x6, 0x0, 0xA, 0xC, 0x3, 0x5, 0x9, 0x2, 0x0, 0xA, 0x7, 0x9, -}; - -alignas(64) const uint8_t SPBOX_CAT_5[64] = { - 0x9, 0xC, 0x2, 0xF, 0xC, 0x1, 0xF, 0x4, 0xA, 0x7, 0x4, 0x9, 0x5, 0xA, 0x8, 0x3, - 0x0, 0x5, 0xB, 0x2, 0x6, 0xB, 0x1, 0xD, 0xD, 0x0, 0x7, 0xE, 0x3, 0x6, 0xE, 0x8, - 0xA, 0x1, 0xD, 0x6, 0xF, 0x4, 0x3, 0x9, 0x4, 0xA, 0x8, 0x3, 0x9, 0xF, 0x6, 0xC, - 0x7, 0xE, 0x0, 0xD, 0x1, 0x2, 0xC, 0x7, 0x2, 0x5, 0xB, 0x0, 0xE, 0x8, 0x5, 0xB, -}; - -alignas(64) const uint8_t SPBOX_CAT_6[64] = { - 0x4, 0xD, 0xB, 0x0, 0x2, 0xB, 0x7, 0xE, 0xF, 0x4, 0x0, 0x9, 0x1, 0x8, 0xD, 0x3, - 0xA, 0x7, 0x5, 0xA, 0x9, 0xC, 0xE, 0x5, 0xC, 0x2, 0x3, 0xF, 0x6, 0x1, 0x8, 0x6, - 0x8, 0x6, 0x4, 0xB, 0xB, 0xD, 0xD, 0x1, 0x5, 0x8, 0xA, 0x4, 0xE, 0x3, 0x7, 0xE, - 0x3, 0x9, 0xF, 0xC, 0x6, 0x0, 0x1, 0xF, 0x0, 0x7, 0xC, 0x2, 0x9, 0xA, 0x2, 0x5, -}; - -alignas(64) const uint8_t SPBOX_CAT_7[64] = { - 0xB, 0x2, 0x4, 0xF, 0x8, 0xB, 0x1, 0x8, 0x5, 0xC, 0xF, 0x6, 0xE, 0x7, 0x2, 0x1, - 0xC, 0x9, 0xA, 0x3, 0x6, 0x5, 0xD, 0xE, 0x3, 0x0, 0x0, 0xD, 0x9, 0xA, 0x7, 0x4, - 0x7, 0x4, 0xE, 0x2, 0x1, 0xD, 0x2, 0x7, 0xA, 0x1, 0x9, 0xC, 0xD, 0x8, 0x4, 0xB, - 0x0, 0xF, 0x5, 0x9, 0xC, 0xA, 0xB, 0x0, 0xF, 0x6, 0x6, 0x3, 0x3, 0x5, 0x8, 0xE, -}; - -inline uint32_t spbox(uint32_t T0, uint32_t T1) - { - return - _pdep_u32(SPBOX_CAT_0[get_byte(0, T0) % 64], 0x01010404) ^ - _pdep_u32(SPBOX_CAT_1[get_byte(0, T1) % 64], 0x80108020) ^ - _pdep_u32(SPBOX_CAT_2[get_byte(1, T0) % 64], 0x08020208) ^ - _pdep_u32(SPBOX_CAT_3[get_byte(1, T1) % 64], 0x00802081) ^ - _pdep_u32(SPBOX_CAT_4[get_byte(2, T0) % 64], 0x42080100) ^ - _pdep_u32(SPBOX_CAT_5[get_byte(2, T1) % 64], 0x20404010) ^ - _pdep_u32(SPBOX_CAT_6[get_byte(3, T0) % 64], 0x04200802) ^ - _pdep_u32(SPBOX_CAT_7[get_byte(3, T1) % 64], 0x10041040); - } - -inline void des_encrypt(uint32_t& Lr, uint32_t& Rr, - const uint32_t round_key[32]) - { - uint32_t L = Lr; - uint32_t R = Rr; - for(size_t i = 0; i != 16; i += 2) - { - L ^= spbox(rotr<4>(R) ^ round_key[2*i ], R ^ round_key[2*i+1]); - R ^= spbox(rotr<4>(L) ^ round_key[2*i+2], L ^ round_key[2*i+3]); - } - - Lr = L; - Rr = R; - } - -inline void des_encrypt_x2(uint32_t& L0r, uint32_t& R0r, - uint32_t& L1r, uint32_t& R1r, - const uint32_t round_key[32]) - { - uint32_t L0 = L0r; - uint32_t R0 = R0r; - uint32_t L1 = L1r; - uint32_t R1 = R1r; - - for(size_t i = 0; i != 16; i += 2) - { - L0 ^= spbox(rotr<4>(R0) ^ round_key[2*i ], R0 ^ round_key[2*i+1]); - L1 ^= spbox(rotr<4>(R1) ^ round_key[2*i ], R1 ^ round_key[2*i+1]); - - R0 ^= spbox(rotr<4>(L0) ^ round_key[2*i+2], L0 ^ round_key[2*i+3]); - R1 ^= spbox(rotr<4>(L1) ^ round_key[2*i+2], L1 ^ round_key[2*i+3]); - } - - L0r = L0; - R0r = R0; - L1r = L1; - R1r = R1; - } - -inline void des_decrypt(uint32_t& Lr, uint32_t& Rr, - const uint32_t round_key[32]) - { - uint32_t L = Lr; - uint32_t R = Rr; - for(size_t i = 16; i != 0; i -= 2) - { - L ^= spbox(rotr<4>(R) ^ round_key[2*i - 2], R ^ round_key[2*i - 1]); - R ^= spbox(rotr<4>(L) ^ round_key[2*i - 4], L ^ round_key[2*i - 3]); - } - Lr = L; - Rr = R; - } - -inline void des_decrypt_x2(uint32_t& L0r, uint32_t& R0r, - uint32_t& L1r, uint32_t& R1r, - const uint32_t round_key[32]) - { - uint32_t L0 = L0r; - uint32_t R0 = R0r; - uint32_t L1 = L1r; - uint32_t R1 = R1r; - - for(size_t i = 16; i != 0; i -= 2) - { - L0 ^= spbox(rotr<4>(R0) ^ round_key[2*i - 2], R0 ^ round_key[2*i - 1]); - L1 ^= spbox(rotr<4>(R1) ^ round_key[2*i - 2], R1 ^ round_key[2*i - 1]); - - R0 ^= spbox(rotr<4>(L0) ^ round_key[2*i - 4], L0 ^ round_key[2*i - 3]); - R1 ^= spbox(rotr<4>(L1) ^ round_key[2*i - 4], L1 ^ round_key[2*i - 3]); - } - - L0r = L0; - R0r = R0; - L1r = L1; - R1r = R1; - } - -inline void des_IP(uint32_t& L, uint32_t& R, const uint8_t block[]) - { - // IP sequence by Wei Dai, taken from public domain Crypto++ - L = load_be<uint32_t>(block, 0); - R = load_be<uint32_t>(block, 1); - - uint32_t T; - R = rotl<4>(R); - T = (L ^ R) & 0xF0F0F0F0; - L ^= T; - R = rotr<20>(R ^ T); - T = (L ^ R) & 0xFFFF0000; - L ^= T; - R = rotr<18>(R ^ T); - T = (L ^ R) & 0x33333333; - L ^= T; - R = rotr<6>(R ^ T); - T = (L ^ R) & 0x00FF00FF; - L ^= T; - R = rotl<9>(R ^ T); - T = (L ^ R) & 0xAAAAAAAA; - L = rotl<1>(L ^ T); - R ^= T; - } - -inline void des_FP(uint32_t L, uint32_t R, uint8_t out[]) - { - // FP sequence by Wei Dai, taken from public domain Crypto++ - uint32_t T; - - R = rotr<1>(R); - T = (L ^ R) & 0xAAAAAAAA; - R ^= T; - L = rotr<9>(L ^ T); - T = (L ^ R) & 0x00FF00FF; - R ^= T; - L = rotl<6>(L ^ T); - T = (L ^ R) & 0x33333333; - R ^= T; - L = rotl<18>(L ^ T); - T = (L ^ R) & 0xFFFF0000; - R ^= T; - L = rotl<20>(L ^ T); - T = (L ^ R) & 0xF0F0F0F0; - R ^= T; - L = rotr<4>(L ^ T); - store_be(out, R, L); - } - -} - -} - -//static -void TripleDES::bmi2_encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks, const uint32_t key[]) - { - using namespace DES_BMI2_fn; - while(blocks >= 2) - { - uint32_t L0, R0; - uint32_t L1, R1; - - des_IP(L0, R0, in); - des_IP(L1, R1, in + BLOCK_SIZE); - - des_encrypt_x2(L0, R0, L1, R1, &key[0]); - des_decrypt_x2(R0, L0, R1, L1, &key[32]); - des_encrypt_x2(L0, R0, L1, R1, &key[64]); - - des_FP(L0, R0, out); - des_FP(L1, R1, out + BLOCK_SIZE); - - in += 2*BLOCK_SIZE; - out += 2*BLOCK_SIZE; - blocks -= 2; - } - - for(size_t i = 0; i != blocks; ++i) - { - uint32_t L, R; - des_IP(L, R, in + BLOCK_SIZE*i); - - des_encrypt(L, R, &key[0]); - des_decrypt(R, L, &key[32]); - des_encrypt(L, R, &key[64]); - - des_FP(L, R, out + BLOCK_SIZE*i); - } - } - -//static -void TripleDES::bmi2_decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks, const uint32_t key[]) - { - using namespace DES_BMI2_fn; - - while(blocks >= 2) - { - uint32_t L0, R0; - uint32_t L1, R1; - - des_IP(L0, R0, in); - des_IP(L1, R1, in + BLOCK_SIZE); - - des_decrypt_x2(L0, R0, L1, R1, &key[64]); - des_encrypt_x2(R0, L0, R1, L1, &key[32]); - des_decrypt_x2(L0, R0, L1, R1, &key[0]); - - des_FP(L0, R0, out); - des_FP(L1, R1, out + BLOCK_SIZE); - - in += 2*BLOCK_SIZE; - out += 2*BLOCK_SIZE; - blocks -= 2; - } - - for(size_t i = 0; i != blocks; ++i) - { - uint32_t L, R; - des_IP(L, R, in + BLOCK_SIZE*i); - - des_decrypt(L, R, &key[64]); - des_encrypt(R, L, &key[32]); - des_decrypt(L, R, &key[0]); - - des_FP(L, R, out + BLOCK_SIZE*i); - } - } - -} diff --git a/src/lib/block/des/des_bmi2/info.txt b/src/lib/block/des/des_bmi2/info.txt deleted file mode 100644 index a895c6964..000000000 --- a/src/lib/block/des/des_bmi2/info.txt +++ /dev/null @@ -1,17 +0,0 @@ -<defines> -DES_BMI2 -> 20201204 -</defines> - -<isa> -bmi2 -</isa> - -<arch> -x86_64 -</arch> - -<cc> -gcc -clang -msvc -</cc> |