aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2021-03-31 08:06:48 -0400
committerJack Lloyd <[email protected]>2021-03-31 08:07:27 -0400
commitb558aebdd4bdd13641ccfdaf9502a2031f66c655 (patch)
tree10780e079444dbb519ee58bfac6a5cd5ce8c9123
parent2cbb1c530fba8dbe9534be0ba76c8463e7bc7226 (diff)
Modify DES to use a variant of the BMI2 approach
This works portably and is even a little faster, since we are basically trading a multiply and an AND for a pdep. Not a complete side channel protection but should be side channel silent except for those rare processors with cache bank conflicts, or those which short-circuit multiplication, which are beyond hopeless.
-rw-r--r--src/lib/block/des/des.cpp185
-rw-r--r--src/lib/block/des/des.h5
-rw-r--r--src/lib/block/des/des_bmi2/des_bmi2.cpp292
-rw-r--r--src/lib/block/des/des_bmi2/info.txt17
4 files changed, 67 insertions, 432 deletions
diff --git a/src/lib/block/des/des.cpp b/src/lib/block/des/des.cpp
index 2dc3e9c43..0e2b0d189 100644
--- a/src/lib/block/des/des.cpp
+++ b/src/lib/block/des/des.cpp
@@ -17,102 +17,65 @@ namespace Botan {
namespace {
-alignas(256) const uint32_t DES_SPBOX[64*8] = {
- 0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404,
- 0x00000004, 0x00010000, 0x00000400, 0x01010400, 0x01010404, 0x00000400,
- 0x01000404, 0x01010004, 0x01000000, 0x00000004, 0x00000404, 0x01000400,
- 0x01000400, 0x00010400, 0x00010400, 0x01010000, 0x01010000, 0x01000404,
- 0x00010004, 0x01000004, 0x01000004, 0x00010004, 0x00000000, 0x00000404,
- 0x00010404, 0x01000000, 0x00010000, 0x01010404, 0x00000004, 0x01010000,
- 0x01010400, 0x01000000, 0x01000000, 0x00000400, 0x01010004, 0x00010000,
- 0x00010400, 0x01000004, 0x00000400, 0x00000004, 0x01000404, 0x00010404,
- 0x01010404, 0x00010004, 0x01010000, 0x01000404, 0x01000004, 0x00000404,
- 0x00010404, 0x01010400, 0x00000404, 0x01000400, 0x01000400, 0x00000000,
- 0x00010004, 0x00010400, 0x00000000, 0x01010004,
-
- 0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020,
- 0x80100020, 0x80008020, 0x80000020, 0x80108020, 0x80108000, 0x80000000,
- 0x80008000, 0x00100000, 0x00000020, 0x80100020, 0x00108000, 0x00100020,
- 0x80008020, 0x00000000, 0x80000000, 0x00008000, 0x00108020, 0x80100000,
- 0x00100020, 0x80000020, 0x00000000, 0x00108000, 0x00008020, 0x80108000,
- 0x80100000, 0x00008020, 0x00000000, 0x00108020, 0x80100020, 0x00100000,
- 0x80008020, 0x80100000, 0x80108000, 0x00008000, 0x80100000, 0x80008000,
- 0x00000020, 0x80108020, 0x00108020, 0x00000020, 0x00008000, 0x80000000,
- 0x00008020, 0x80108000, 0x00100000, 0x80000020, 0x00100020, 0x80008020,
- 0x80000020, 0x00100020, 0x00108000, 0x00000000, 0x80008000, 0x00008020,
- 0x80000000, 0x80100020, 0x80108020, 0x00108000,
-
- 0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000,
- 0x00020208, 0x08000200, 0x00020008, 0x08000008, 0x08000008, 0x00020000,
- 0x08020208, 0x00020008, 0x08020000, 0x00000208, 0x08000000, 0x00000008,
- 0x08020200, 0x00000200, 0x00020200, 0x08020000, 0x08020008, 0x00020208,
- 0x08000208, 0x00020200, 0x00020000, 0x08000208, 0x00000008, 0x08020208,
- 0x00000200, 0x08000000, 0x08020200, 0x08000000, 0x00020008, 0x00000208,
- 0x00020000, 0x08020200, 0x08000200, 0x00000000, 0x00000200, 0x00020008,
- 0x08020208, 0x08000200, 0x08000008, 0x00000200, 0x00000000, 0x08020008,
- 0x08000208, 0x00020000, 0x08000000, 0x08020208, 0x00000008, 0x00020208,
- 0x00020200, 0x08000008, 0x08020000, 0x08000208, 0x00000208, 0x08020000,
- 0x00020208, 0x00000008, 0x08020008, 0x00020200,
-
- 0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081,
- 0x00800001, 0x00002001, 0x00000000, 0x00802000, 0x00802000, 0x00802081,
- 0x00000081, 0x00000000, 0x00800080, 0x00800001, 0x00000001, 0x00002000,
- 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002001, 0x00002080,
- 0x00800081, 0x00000001, 0x00002080, 0x00800080, 0x00002000, 0x00802080,
- 0x00802081, 0x00000081, 0x00800080, 0x00800001, 0x00802000, 0x00802081,
- 0x00000081, 0x00000000, 0x00000000, 0x00802000, 0x00002080, 0x00800080,
- 0x00800081, 0x00000001, 0x00802001, 0x00002081, 0x00002081, 0x00000080,
- 0x00802081, 0x00000081, 0x00000001, 0x00002000, 0x00800001, 0x00002001,
- 0x00802080, 0x00800081, 0x00002001, 0x00002080, 0x00800000, 0x00802001,
- 0x00000080, 0x00800000, 0x00002000, 0x00802080,
-
- 0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100,
- 0x40000000, 0x02080000, 0x40080100, 0x00080000, 0x02000100, 0x40080100,
- 0x42000100, 0x42080000, 0x00080100, 0x40000000, 0x02000000, 0x40080000,
- 0x40080000, 0x00000000, 0x40000100, 0x42080100, 0x42080100, 0x02000100,
- 0x42080000, 0x40000100, 0x00000000, 0x42000000, 0x02080100, 0x02000000,
- 0x42000000, 0x00080100, 0x00080000, 0x42000100, 0x00000100, 0x02000000,
- 0x40000000, 0x02080000, 0x42000100, 0x40080100, 0x02000100, 0x40000000,
- 0x42080000, 0x02080100, 0x40080100, 0x00000100, 0x02000000, 0x42080000,
- 0x42080100, 0x00080100, 0x42000000, 0x42080100, 0x02080000, 0x00000000,
- 0x40080000, 0x42000000, 0x00080100, 0x02000100, 0x40000100, 0x00080000,
- 0x00000000, 0x40080000, 0x02080100, 0x40000100,
-
- 0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010,
- 0x20404010, 0x00400000, 0x20004000, 0x00404010, 0x00400000, 0x20000010,
- 0x00400010, 0x20004000, 0x20000000, 0x00004010, 0x00000000, 0x00400010,
- 0x20004010, 0x00004000, 0x00404000, 0x20004010, 0x00000010, 0x20400010,
- 0x20400010, 0x00000000, 0x00404010, 0x20404000, 0x00004010, 0x00404000,
- 0x20404000, 0x20000000, 0x20004000, 0x00000010, 0x20400010, 0x00404000,
- 0x20404010, 0x00400000, 0x00004010, 0x20000010, 0x00400000, 0x20004000,
- 0x20000000, 0x00004010, 0x20000010, 0x20404010, 0x00404000, 0x20400000,
- 0x00404010, 0x20404000, 0x00000000, 0x20400010, 0x00000010, 0x00004000,
- 0x20400000, 0x00404010, 0x00004000, 0x00400010, 0x20004010, 0x00000000,
- 0x20404000, 0x20000000, 0x00400010, 0x20004010,
-
- 0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802,
- 0x00200802, 0x04200800, 0x04200802, 0x00200000, 0x00000000, 0x04000002,
- 0x00000002, 0x04000000, 0x04200002, 0x00000802, 0x04000800, 0x00200802,
- 0x00200002, 0x04000800, 0x04000002, 0x04200000, 0x04200800, 0x00200002,
- 0x04200000, 0x00000800, 0x00000802, 0x04200802, 0x00200800, 0x00000002,
- 0x04000000, 0x00200800, 0x04000000, 0x00200800, 0x00200000, 0x04000802,
- 0x04000802, 0x04200002, 0x04200002, 0x00000002, 0x00200002, 0x04000000,
- 0x04000800, 0x00200000, 0x04200800, 0x00000802, 0x00200802, 0x04200800,
- 0x00000802, 0x04000002, 0x04200802, 0x04200000, 0x00200800, 0x00000000,
- 0x00000002, 0x04200802, 0x00000000, 0x00200802, 0x04200000, 0x00000800,
- 0x04000002, 0x04000800, 0x00000800, 0x00200002,
-
- 0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040,
- 0x00000040, 0x10000000, 0x00040040, 0x10040000, 0x10041040, 0x00041000,
- 0x10041000, 0x00041040, 0x00001000, 0x00000040, 0x10040000, 0x10000040,
- 0x10001000, 0x00001040, 0x00041000, 0x00040040, 0x10040040, 0x10041000,
- 0x00001040, 0x00000000, 0x00000000, 0x10040040, 0x10000040, 0x10001000,
- 0x00041040, 0x00040000, 0x00041040, 0x00040000, 0x10041000, 0x00001000,
- 0x00000040, 0x10040040, 0x00001000, 0x00041040, 0x10001000, 0x00000040,
- 0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x00040000, 0x10001040,
- 0x00000000, 0x10041040, 0x00040040, 0x10000040, 0x10040000, 0x10001000,
- 0x10001040, 0x00000000, 0x10041040, 0x00041000, 0x00041000, 0x00001040,
- 0x00001040, 0x00040040, 0x10000000, 0x10041000 };
+alignas(256) const uint8_t SPBOX_CATS[64*8] = {
+ 0x54, 0x00, 0x10, 0x55, 0x51, 0x15, 0x01, 0x10, 0x04, 0x54, 0x55, 0x04, 0x45, 0x51, 0x40, 0x01,
+ 0x05, 0x44, 0x44, 0x14, 0x14, 0x50, 0x50, 0x45, 0x11, 0x41, 0x41, 0x11, 0x00, 0x05, 0x15, 0x40,
+ 0x10, 0x55, 0x01, 0x50, 0x54, 0x40, 0x40, 0x04, 0x51, 0x10, 0x14, 0x41, 0x04, 0x01, 0x45, 0x15,
+ 0x55, 0x11, 0x50, 0x45, 0x41, 0x05, 0x15, 0x54, 0x05, 0x44, 0x44, 0x00, 0x11, 0x14, 0x00, 0x51,
+
+ 0x55, 0x44, 0x04, 0x15, 0x10, 0x01, 0x51, 0x45, 0x41, 0x55, 0x54, 0x40, 0x44, 0x10, 0x01, 0x51,
+ 0x14, 0x11, 0x45, 0x00, 0x40, 0x04, 0x15, 0x50, 0x11, 0x41, 0x00, 0x14, 0x05, 0x54, 0x50, 0x05,
+ 0x00, 0x15, 0x51, 0x10, 0x45, 0x50, 0x54, 0x04, 0x50, 0x44, 0x01, 0x55, 0x15, 0x01, 0x04, 0x40,
+ 0x05, 0x54, 0x10, 0x41, 0x11, 0x45, 0x41, 0x11, 0x14, 0x00, 0x44, 0x05, 0x40, 0x51, 0x55, 0x14,
+
+ 0x09, 0xA8, 0x00, 0xA1, 0x88, 0x00, 0x29, 0x88, 0x21, 0x81, 0x81, 0x20, 0xA9, 0x21, 0xA0, 0x09,
+ 0x80, 0x01, 0xA8, 0x08, 0x28, 0xA0, 0xA1, 0x29, 0x89, 0x28, 0x20, 0x89, 0x01, 0xA9, 0x08, 0x80,
+ 0xA8, 0x80, 0x21, 0x09, 0x20, 0xA8, 0x88, 0x00, 0x08, 0x21, 0xA9, 0x88, 0x81, 0x08, 0x00, 0xA1,
+ 0x89, 0x20, 0x80, 0xA9, 0x01, 0x29, 0x28, 0x81, 0xA0, 0x89, 0x09, 0xA0, 0x29, 0x01, 0xA1, 0x28,
+
+ 0x51, 0x15, 0x15, 0x04, 0x54, 0x45, 0x41, 0x11, 0x00, 0x50, 0x50, 0x55, 0x05, 0x00, 0x44, 0x41,
+ 0x01, 0x10, 0x40, 0x51, 0x04, 0x40, 0x11, 0x14, 0x45, 0x01, 0x14, 0x44, 0x10, 0x54, 0x55, 0x05,
+ 0x44, 0x41, 0x50, 0x55, 0x05, 0x00, 0x00, 0x50, 0x14, 0x44, 0x45, 0x01, 0x51, 0x15, 0x15, 0x04,
+ 0x55, 0x05, 0x01, 0x10, 0x41, 0x11, 0x54, 0x45, 0x11, 0x14, 0x40, 0x51, 0x04, 0x40, 0x10, 0x54,
+
+ 0x01, 0x29, 0x28, 0xA1, 0x08, 0x01, 0x80, 0x28, 0x89, 0x08, 0x21, 0x89, 0xA1, 0xA8, 0x09, 0x80,
+ 0x20, 0x88, 0x88, 0x00, 0x81, 0xA9, 0xA9, 0x21, 0xA8, 0x81, 0x00, 0xA0, 0x29, 0x20, 0xA0, 0x09,
+ 0x08, 0xA1, 0x01, 0x20, 0x80, 0x28, 0xA1, 0x89, 0x21, 0x80, 0xA8, 0x29, 0x89, 0x01, 0x20, 0xA8,
+ 0xA9, 0x09, 0xA0, 0xA9, 0x28, 0x00, 0x88, 0xA0, 0x09, 0x21, 0x81, 0x08, 0x00, 0x88, 0x29, 0x81,
+
+ 0x41, 0x50, 0x04, 0x55, 0x50, 0x01, 0x55, 0x10, 0x44, 0x15, 0x10, 0x41, 0x11, 0x44, 0x40, 0x05,
+ 0x00, 0x11, 0x45, 0x04, 0x14, 0x45, 0x01, 0x51, 0x51, 0x00, 0x15, 0x54, 0x05, 0x14, 0x54, 0x40,
+ 0x44, 0x01, 0x51, 0x14, 0x55, 0x10, 0x05, 0x41, 0x10, 0x44, 0x40, 0x05, 0x41, 0x55, 0x14, 0x50,
+ 0x15, 0x54, 0x00, 0x51, 0x01, 0x04, 0x50, 0x15, 0x04, 0x11, 0x45, 0x00, 0x54, 0x40, 0x11, 0x45,
+
+ 0x10, 0x51, 0x45, 0x00, 0x04, 0x45, 0x15, 0x54, 0x55, 0x10, 0x00, 0x41, 0x01, 0x40, 0x51, 0x05,
+ 0x44, 0x15, 0x11, 0x44, 0x41, 0x50, 0x54, 0x11, 0x50, 0x04, 0x05, 0x55, 0x14, 0x01, 0x40, 0x14,
+ 0x40, 0x14, 0x10, 0x45, 0x45, 0x51, 0x51, 0x01, 0x11, 0x40, 0x44, 0x10, 0x54, 0x05, 0x15, 0x54,
+ 0x05, 0x41, 0x55, 0x50, 0x14, 0x00, 0x01, 0x55, 0x00, 0x15, 0x50, 0x04, 0x41, 0x44, 0x04, 0x11,
+
+ 0x89, 0x08, 0x20, 0xA9, 0x80, 0x89, 0x01, 0x80, 0x21, 0xA0, 0xA9, 0x28, 0xA8, 0x29, 0x08, 0x01,
+ 0xA0, 0x81, 0x88, 0x09, 0x28, 0x21, 0xA1, 0xA8, 0x09, 0x00, 0x00, 0xA1, 0x81, 0x88, 0x29, 0x20,
+ 0x29, 0x20, 0xa8, 0x08, 0x01, 0xA1, 0x08, 0x29, 0x88, 0x01, 0x81, 0xA0, 0xA1, 0x80, 0x20, 0x89,
+ 0x00, 0xA9, 0x21, 0x81, 0xA0, 0x88, 0x89, 0x00, 0xA9, 0x28, 0x28, 0x09, 0x09, 0x21, 0x80, 0xA8,
+};
+
+const uint32_t SPBOX_CAT_0_MUL = 0x70041106;
+const uint32_t SPBOX_CAT_1_MUL = 0x02012020;
+const uint32_t SPBOX_CAT_2_MUL = 0x00901048;
+const uint32_t SPBOX_CAT_3_MUL = 0x8e060221;
+const uint32_t SPBOX_CAT_4_MUL = 0x00912140;
+const uint32_t SPBOX_CAT_5_MUL = 0x80841018;
+const uint32_t SPBOX_CAT_6_MUL = 0xe0120202;
+const uint32_t SPBOX_CAT_7_MUL = 0x00212240;
+
+const uint32_t SPBOX_CAT_0_MASK = 0x01010404;
+const uint32_t SPBOX_CAT_1_MASK = 0x80108020;
+const uint32_t SPBOX_CAT_2_MASK = 0x08020208;
+const uint32_t SPBOX_CAT_3_MASK = 0x00802081;
+const uint32_t SPBOX_CAT_4_MASK = 0x42080100;
+const uint32_t SPBOX_CAT_5_MASK = 0x20404010;
+const uint32_t SPBOX_CAT_6_MASK = 0x04200802;
+const uint32_t SPBOX_CAT_7_MASK = 0x10041040;
/*
* DES Key Schedule
@@ -183,14 +146,14 @@ void des_key_schedule(uint32_t round_key[32], const uint8_t key[8])
inline uint32_t spbox(uint32_t T0, uint32_t T1)
{
return
- DES_SPBOX[64*0+((T0 >> 24) & 0x3F)] ^
- DES_SPBOX[64*1+((T1 >> 24) & 0x3F)] ^
- DES_SPBOX[64*2+((T0 >> 16) & 0x3F)] ^
- DES_SPBOX[64*3+((T1 >> 16) & 0x3F)] ^
- DES_SPBOX[64*4+((T0 >> 8) & 0x3F)] ^
- DES_SPBOX[64*5+((T1 >> 8) & 0x3F)] ^
- DES_SPBOX[64*6+((T0 >> 0) & 0x3F)] ^
- DES_SPBOX[64*7+((T1 >> 0) & 0x3F)];
+ ((SPBOX_CATS[0*64 + ((T0 >> 24) & 0x3F)] * SPBOX_CAT_0_MUL) & SPBOX_CAT_0_MASK) ^
+ ((SPBOX_CATS[1*64 + ((T1 >> 24) & 0x3F)] * SPBOX_CAT_1_MUL) & SPBOX_CAT_1_MASK) ^
+ ((SPBOX_CATS[2*64 + ((T0 >> 16) & 0x3F)] * SPBOX_CAT_2_MUL) & SPBOX_CAT_2_MASK) ^
+ ((SPBOX_CATS[3*64 + ((T1 >> 16) & 0x3F)] * SPBOX_CAT_3_MUL) & SPBOX_CAT_3_MASK) ^
+ ((SPBOX_CATS[4*64 + ((T0 >> 8) & 0x3F)] * SPBOX_CAT_4_MUL) & SPBOX_CAT_4_MASK) ^
+ ((SPBOX_CATS[5*64 + ((T1 >> 8) & 0x3F)] * SPBOX_CAT_5_MUL) & SPBOX_CAT_5_MASK) ^
+ ((SPBOX_CATS[6*64 + ((T0 >> 0) & 0x3F)] * SPBOX_CAT_6_MUL) & SPBOX_CAT_6_MASK) ^
+ ((SPBOX_CATS[7*64 + ((T1 >> 0) & 0x3F)] * SPBOX_CAT_7_MUL) & SPBOX_CAT_7_MASK);
}
/*
@@ -432,13 +395,6 @@ void TripleDES::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) cons
{
verify_key_set(m_round_key.empty() == false);
-#if defined(BOTAN_HAS_DES_BMI2)
- if(CPUID::has_bmi2() && CPUID::has_fast_pdep())
- {
- return bmi2_encrypt_n(in, out, blocks, &m_round_key[0]);
- }
-#endif
-
while(blocks >= 2)
{
uint32_t L0 = load_be<uint32_t>(in, 0);
@@ -489,13 +445,6 @@ void TripleDES::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) cons
{
verify_key_set(m_round_key.empty() == false);
-#if defined(BOTAN_HAS_DES_BMI2)
- if(CPUID::has_bmi2() && CPUID::has_fast_pdep())
- {
- return bmi2_decrypt_n(in, out, blocks, &m_round_key[0]);
- }
-#endif
-
while(blocks >= 2)
{
uint32_t L0 = load_be<uint32_t>(in, 0);
diff --git a/src/lib/block/des/des.h b/src/lib/block/des/des.h
index 2907ff0f1..4c834c6f6 100644
--- a/src/lib/block/des/des.h
+++ b/src/lib/block/des/des.h
@@ -44,11 +44,6 @@ class TripleDES final : public Block_Cipher_Fixed_Params<8, 16, 24, 8>
BlockCipher* clone() const override { return new TripleDES; }
private:
-#if defined(BOTAN_HAS_DES_BMI2)
- static void bmi2_encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks, const uint32_t key[]);
- static void bmi2_decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks, const uint32_t key[]);
-#endif
-
void key_schedule(const uint8_t[], size_t) override;
secure_vector<uint32_t> m_round_key;
diff --git a/src/lib/block/des/des_bmi2/des_bmi2.cpp b/src/lib/block/des/des_bmi2/des_bmi2.cpp
deleted file mode 100644
index da3f5bd6d..000000000
--- a/src/lib/block/des/des_bmi2/des_bmi2.cpp
+++ /dev/null
@@ -1,292 +0,0 @@
-/*
-* (C) 2020 Jack Lloyd
-*
-* Botan is released under the Simplified BSD License (see license.txt)
-*/
-
-#include <botan/internal/des.h>
-#include <botan/internal/rotate.h>
-#include <botan/internal/loadstor.h>
-#include <immintrin.h>
-
-namespace Botan {
-
-namespace {
-
-namespace DES_BMI2_fn {
-
-alignas(64) const uint8_t SPBOX_CAT_0[64] = {
- 0xE, 0x0, 0x4, 0xF, 0xD, 0x7, 0x1, 0x4, 0x2, 0xE, 0xF, 0x2, 0xB, 0xD, 0x8, 0x1,
- 0x3, 0xA, 0xA, 0x6, 0x6, 0xC, 0xC, 0xB, 0x5, 0x9, 0x9, 0x5, 0x0, 0x3, 0x7, 0x8,
- 0x4, 0xF, 0x1, 0xC, 0xE, 0x8, 0x8, 0x2, 0xD, 0x4, 0x6, 0x9, 0x2, 0x1, 0xB, 0x7,
- 0xF, 0x5, 0xC, 0xB, 0x9, 0x3, 0x7, 0xE, 0x3, 0xA, 0xA, 0x0, 0x5, 0x6, 0x0, 0xD,
-};
-
-alignas(64) const uint8_t SPBOX_CAT_1[64] = {
- 0xF, 0xA, 0x2, 0x7, 0x4, 0x1, 0xD, 0xB, 0x9, 0xF, 0xE, 0x8, 0xA, 0x4, 0x1, 0xD,
- 0x6, 0x5, 0xB, 0x0, 0x8, 0x2, 0x7, 0xC, 0x5, 0x9, 0x0, 0x6, 0x3, 0xE, 0xC, 0x3,
- 0x0, 0x7, 0xD, 0x4, 0xB, 0xC, 0xE, 0x2, 0xC, 0xA, 0x1, 0xF, 0x7, 0x1, 0x2, 0x8,
- 0x3, 0xE, 0x4, 0x9, 0x5, 0xB, 0x9, 0x5, 0x6, 0x0, 0xA, 0x3, 0x8, 0xD, 0xF, 0x6,
-};
-
-alignas(64) const uint8_t SPBOX_CAT_2[64] = {
- 0x3, 0xE, 0x0, 0xD, 0xA, 0x0, 0x7, 0xA, 0x5, 0x9, 0x9, 0x4, 0xF, 0x5, 0xC, 0x3,
- 0x8, 0x1, 0xE, 0x2, 0x6, 0xC, 0xD, 0x7, 0xB, 0x6, 0x4, 0xB, 0x1, 0xF, 0x2, 0x8,
- 0xE, 0x8, 0x5, 0x3, 0x4, 0xE, 0xA, 0x0, 0x2, 0x5, 0xF, 0xA, 0x9, 0x2, 0x0, 0xD,
- 0xB, 0x4, 0x8, 0xF, 0x1, 0x7, 0x6, 0x9, 0xC, 0xB, 0x3, 0xC, 0x7, 0x1, 0xD, 0x6,
-};
-
-alignas(64) const uint8_t SPBOX_CAT_3[64] = {
- 0xD, 0x7, 0x7, 0x2, 0xE, 0xB, 0x9, 0x5, 0x0, 0xC, 0xC, 0xF, 0x3, 0x0, 0xA, 0x9,
- 0x1, 0x4, 0x8, 0xD, 0x2, 0x8, 0x5, 0x6, 0xB, 0x1, 0x6, 0xA, 0x4, 0xE, 0xF, 0x3,
- 0xA, 0x9, 0xC, 0xF, 0x3, 0x0, 0x0, 0xC, 0x6, 0xA, 0xB, 0x1, 0xD, 0x7, 0x7, 0x2,
- 0xF, 0x3, 0x1, 0x4, 0x9, 0x5, 0xE, 0xB, 0x5, 0x6, 0x8, 0xD, 0x2, 0x8, 0x4, 0xE,
-};
-
-alignas(64) const uint8_t SPBOX_CAT_4[64] = {
- 0x1, 0x7, 0x6, 0xD, 0x2, 0x1, 0x8, 0x6, 0xB, 0x2, 0x5, 0xB, 0xD, 0xE, 0x3, 0x8,
- 0x4, 0xA, 0xA, 0x0, 0x9, 0xF, 0xF, 0x5, 0xE, 0x9, 0x0, 0xC, 0x7, 0x4, 0xC, 0x3,
- 0x2, 0xD, 0x1, 0x4, 0x8, 0x6, 0xD, 0xB, 0x5, 0x8, 0xE, 0x7, 0xB, 0x1, 0x4, 0xE,
- 0xF, 0x3, 0xC, 0xF, 0x6, 0x0, 0xA, 0xC, 0x3, 0x5, 0x9, 0x2, 0x0, 0xA, 0x7, 0x9,
-};
-
-alignas(64) const uint8_t SPBOX_CAT_5[64] = {
- 0x9, 0xC, 0x2, 0xF, 0xC, 0x1, 0xF, 0x4, 0xA, 0x7, 0x4, 0x9, 0x5, 0xA, 0x8, 0x3,
- 0x0, 0x5, 0xB, 0x2, 0x6, 0xB, 0x1, 0xD, 0xD, 0x0, 0x7, 0xE, 0x3, 0x6, 0xE, 0x8,
- 0xA, 0x1, 0xD, 0x6, 0xF, 0x4, 0x3, 0x9, 0x4, 0xA, 0x8, 0x3, 0x9, 0xF, 0x6, 0xC,
- 0x7, 0xE, 0x0, 0xD, 0x1, 0x2, 0xC, 0x7, 0x2, 0x5, 0xB, 0x0, 0xE, 0x8, 0x5, 0xB,
-};
-
-alignas(64) const uint8_t SPBOX_CAT_6[64] = {
- 0x4, 0xD, 0xB, 0x0, 0x2, 0xB, 0x7, 0xE, 0xF, 0x4, 0x0, 0x9, 0x1, 0x8, 0xD, 0x3,
- 0xA, 0x7, 0x5, 0xA, 0x9, 0xC, 0xE, 0x5, 0xC, 0x2, 0x3, 0xF, 0x6, 0x1, 0x8, 0x6,
- 0x8, 0x6, 0x4, 0xB, 0xB, 0xD, 0xD, 0x1, 0x5, 0x8, 0xA, 0x4, 0xE, 0x3, 0x7, 0xE,
- 0x3, 0x9, 0xF, 0xC, 0x6, 0x0, 0x1, 0xF, 0x0, 0x7, 0xC, 0x2, 0x9, 0xA, 0x2, 0x5,
-};
-
-alignas(64) const uint8_t SPBOX_CAT_7[64] = {
- 0xB, 0x2, 0x4, 0xF, 0x8, 0xB, 0x1, 0x8, 0x5, 0xC, 0xF, 0x6, 0xE, 0x7, 0x2, 0x1,
- 0xC, 0x9, 0xA, 0x3, 0x6, 0x5, 0xD, 0xE, 0x3, 0x0, 0x0, 0xD, 0x9, 0xA, 0x7, 0x4,
- 0x7, 0x4, 0xE, 0x2, 0x1, 0xD, 0x2, 0x7, 0xA, 0x1, 0x9, 0xC, 0xD, 0x8, 0x4, 0xB,
- 0x0, 0xF, 0x5, 0x9, 0xC, 0xA, 0xB, 0x0, 0xF, 0x6, 0x6, 0x3, 0x3, 0x5, 0x8, 0xE,
-};
-
-inline uint32_t spbox(uint32_t T0, uint32_t T1)
- {
- return
- _pdep_u32(SPBOX_CAT_0[get_byte(0, T0) % 64], 0x01010404) ^
- _pdep_u32(SPBOX_CAT_1[get_byte(0, T1) % 64], 0x80108020) ^
- _pdep_u32(SPBOX_CAT_2[get_byte(1, T0) % 64], 0x08020208) ^
- _pdep_u32(SPBOX_CAT_3[get_byte(1, T1) % 64], 0x00802081) ^
- _pdep_u32(SPBOX_CAT_4[get_byte(2, T0) % 64], 0x42080100) ^
- _pdep_u32(SPBOX_CAT_5[get_byte(2, T1) % 64], 0x20404010) ^
- _pdep_u32(SPBOX_CAT_6[get_byte(3, T0) % 64], 0x04200802) ^
- _pdep_u32(SPBOX_CAT_7[get_byte(3, T1) % 64], 0x10041040);
- }
-
-inline void des_encrypt(uint32_t& Lr, uint32_t& Rr,
- const uint32_t round_key[32])
- {
- uint32_t L = Lr;
- uint32_t R = Rr;
- for(size_t i = 0; i != 16; i += 2)
- {
- L ^= spbox(rotr<4>(R) ^ round_key[2*i ], R ^ round_key[2*i+1]);
- R ^= spbox(rotr<4>(L) ^ round_key[2*i+2], L ^ round_key[2*i+3]);
- }
-
- Lr = L;
- Rr = R;
- }
-
-inline void des_encrypt_x2(uint32_t& L0r, uint32_t& R0r,
- uint32_t& L1r, uint32_t& R1r,
- const uint32_t round_key[32])
- {
- uint32_t L0 = L0r;
- uint32_t R0 = R0r;
- uint32_t L1 = L1r;
- uint32_t R1 = R1r;
-
- for(size_t i = 0; i != 16; i += 2)
- {
- L0 ^= spbox(rotr<4>(R0) ^ round_key[2*i ], R0 ^ round_key[2*i+1]);
- L1 ^= spbox(rotr<4>(R1) ^ round_key[2*i ], R1 ^ round_key[2*i+1]);
-
- R0 ^= spbox(rotr<4>(L0) ^ round_key[2*i+2], L0 ^ round_key[2*i+3]);
- R1 ^= spbox(rotr<4>(L1) ^ round_key[2*i+2], L1 ^ round_key[2*i+3]);
- }
-
- L0r = L0;
- R0r = R0;
- L1r = L1;
- R1r = R1;
- }
-
-inline void des_decrypt(uint32_t& Lr, uint32_t& Rr,
- const uint32_t round_key[32])
- {
- uint32_t L = Lr;
- uint32_t R = Rr;
- for(size_t i = 16; i != 0; i -= 2)
- {
- L ^= spbox(rotr<4>(R) ^ round_key[2*i - 2], R ^ round_key[2*i - 1]);
- R ^= spbox(rotr<4>(L) ^ round_key[2*i - 4], L ^ round_key[2*i - 3]);
- }
- Lr = L;
- Rr = R;
- }
-
-inline void des_decrypt_x2(uint32_t& L0r, uint32_t& R0r,
- uint32_t& L1r, uint32_t& R1r,
- const uint32_t round_key[32])
- {
- uint32_t L0 = L0r;
- uint32_t R0 = R0r;
- uint32_t L1 = L1r;
- uint32_t R1 = R1r;
-
- for(size_t i = 16; i != 0; i -= 2)
- {
- L0 ^= spbox(rotr<4>(R0) ^ round_key[2*i - 2], R0 ^ round_key[2*i - 1]);
- L1 ^= spbox(rotr<4>(R1) ^ round_key[2*i - 2], R1 ^ round_key[2*i - 1]);
-
- R0 ^= spbox(rotr<4>(L0) ^ round_key[2*i - 4], L0 ^ round_key[2*i - 3]);
- R1 ^= spbox(rotr<4>(L1) ^ round_key[2*i - 4], L1 ^ round_key[2*i - 3]);
- }
-
- L0r = L0;
- R0r = R0;
- L1r = L1;
- R1r = R1;
- }
-
-inline void des_IP(uint32_t& L, uint32_t& R, const uint8_t block[])
- {
- // IP sequence by Wei Dai, taken from public domain Crypto++
- L = load_be<uint32_t>(block, 0);
- R = load_be<uint32_t>(block, 1);
-
- uint32_t T;
- R = rotl<4>(R);
- T = (L ^ R) & 0xF0F0F0F0;
- L ^= T;
- R = rotr<20>(R ^ T);
- T = (L ^ R) & 0xFFFF0000;
- L ^= T;
- R = rotr<18>(R ^ T);
- T = (L ^ R) & 0x33333333;
- L ^= T;
- R = rotr<6>(R ^ T);
- T = (L ^ R) & 0x00FF00FF;
- L ^= T;
- R = rotl<9>(R ^ T);
- T = (L ^ R) & 0xAAAAAAAA;
- L = rotl<1>(L ^ T);
- R ^= T;
- }
-
-inline void des_FP(uint32_t L, uint32_t R, uint8_t out[])
- {
- // FP sequence by Wei Dai, taken from public domain Crypto++
- uint32_t T;
-
- R = rotr<1>(R);
- T = (L ^ R) & 0xAAAAAAAA;
- R ^= T;
- L = rotr<9>(L ^ T);
- T = (L ^ R) & 0x00FF00FF;
- R ^= T;
- L = rotl<6>(L ^ T);
- T = (L ^ R) & 0x33333333;
- R ^= T;
- L = rotl<18>(L ^ T);
- T = (L ^ R) & 0xFFFF0000;
- R ^= T;
- L = rotl<20>(L ^ T);
- T = (L ^ R) & 0xF0F0F0F0;
- R ^= T;
- L = rotr<4>(L ^ T);
- store_be(out, R, L);
- }
-
-}
-
-}
-
-//static
-void TripleDES::bmi2_encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks, const uint32_t key[])
- {
- using namespace DES_BMI2_fn;
- while(blocks >= 2)
- {
- uint32_t L0, R0;
- uint32_t L1, R1;
-
- des_IP(L0, R0, in);
- des_IP(L1, R1, in + BLOCK_SIZE);
-
- des_encrypt_x2(L0, R0, L1, R1, &key[0]);
- des_decrypt_x2(R0, L0, R1, L1, &key[32]);
- des_encrypt_x2(L0, R0, L1, R1, &key[64]);
-
- des_FP(L0, R0, out);
- des_FP(L1, R1, out + BLOCK_SIZE);
-
- in += 2*BLOCK_SIZE;
- out += 2*BLOCK_SIZE;
- blocks -= 2;
- }
-
- for(size_t i = 0; i != blocks; ++i)
- {
- uint32_t L, R;
- des_IP(L, R, in + BLOCK_SIZE*i);
-
- des_encrypt(L, R, &key[0]);
- des_decrypt(R, L, &key[32]);
- des_encrypt(L, R, &key[64]);
-
- des_FP(L, R, out + BLOCK_SIZE*i);
- }
- }
-
-//static
-void TripleDES::bmi2_decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks, const uint32_t key[])
- {
- using namespace DES_BMI2_fn;
-
- while(blocks >= 2)
- {
- uint32_t L0, R0;
- uint32_t L1, R1;
-
- des_IP(L0, R0, in);
- des_IP(L1, R1, in + BLOCK_SIZE);
-
- des_decrypt_x2(L0, R0, L1, R1, &key[64]);
- des_encrypt_x2(R0, L0, R1, L1, &key[32]);
- des_decrypt_x2(L0, R0, L1, R1, &key[0]);
-
- des_FP(L0, R0, out);
- des_FP(L1, R1, out + BLOCK_SIZE);
-
- in += 2*BLOCK_SIZE;
- out += 2*BLOCK_SIZE;
- blocks -= 2;
- }
-
- for(size_t i = 0; i != blocks; ++i)
- {
- uint32_t L, R;
- des_IP(L, R, in + BLOCK_SIZE*i);
-
- des_decrypt(L, R, &key[64]);
- des_encrypt(R, L, &key[32]);
- des_decrypt(L, R, &key[0]);
-
- des_FP(L, R, out + BLOCK_SIZE*i);
- }
- }
-
-}
diff --git a/src/lib/block/des/des_bmi2/info.txt b/src/lib/block/des/des_bmi2/info.txt
deleted file mode 100644
index a895c6964..000000000
--- a/src/lib/block/des/des_bmi2/info.txt
+++ /dev/null
@@ -1,17 +0,0 @@
-<defines>
-DES_BMI2 -> 20201204
-</defines>
-
-<isa>
-bmi2
-</isa>
-
-<arch>
-x86_64
-</arch>
-
-<cc>
-gcc
-clang
-msvc
-</cc>