Modify DES to use a variant of the BMI2 approach

This works portably and is even a little faster, since we are basically trading a multiply and an AND for a pdep. Not a complete side channel protection but should be side channel silent except for those rare processors with cache bank conflicts, or those which short-circuit multiplication, which are beyond hopeless.
author: Jack Lloyd <[email protected]> 2021-03-31 08:06:48 -0400
committer: Jack Lloyd <[email protected]> 2021-03-31 08:07:27 -0400
commit: b558aebdd4bdd13641ccfdaf9502a2031f66c655 (patch)
tree: 10780e079444dbb519ee58bfac6a5cd5ce8c9123 /src
parent: 2cbb1c530fba8dbe9534be0ba76c8463e7bc7226 (diff)
4 files changed, 67 insertions, 432 deletions
diff --git a/src/lib/block/des/des.cpp b/src/lib/block/des/des.cpp
index 2dc3e9c43..0e2b0d189 100644
--- a/src/lib/block/des/des.cpp
+++ b/src/lib/block/des/des.cpp
@@ -17,102 +17,65 @@ namespace Botan {
 
 namespace {
 
-alignas(256) const uint32_t DES_SPBOX[64*8] = {
-   0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404,
-   0x00000004, 0x00010000, 0x00000400, 0x01010400, 0x01010404, 0x00000400,
-   0x01000404, 0x01010004, 0x01000000, 0x00000004, 0x00000404, 0x01000400,
-   0x01000400, 0x00010400, 0x00010400, 0x01010000, 0x01010000, 0x01000404,
-   0x00010004, 0x01000004, 0x01000004, 0x00010004, 0x00000000, 0x00000404,
-   0x00010404, 0x01000000, 0x00010000, 0x01010404, 0x00000004, 0x01010000,
-   0x01010400, 0x01000000, 0x01000000, 0x00000400, 0x01010004, 0x00010000,
-   0x00010400, 0x01000004, 0x00000400, 0x00000004, 0x01000404, 0x00010404,
-   0x01010404, 0x00010004, 0x01010000, 0x01000404, 0x01000004, 0x00000404,
-   0x00010404, 0x01010400, 0x00000404, 0x01000400, 0x01000400, 0x00000000,
-   0x00010004, 0x00010400, 0x00000000, 0x01010004,
-
-   0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020,
-   0x80100020, 0x80008020, 0x80000020, 0x80108020, 0x80108000, 0x80000000,
-   0x80008000, 0x00100000, 0x00000020, 0x80100020, 0x00108000, 0x00100020,
-   0x80008020, 0x00000000, 0x80000000, 0x00008000, 0x00108020, 0x80100000,
-   0x00100020, 0x80000020, 0x00000000, 0x00108000, 0x00008020, 0x80108000,
-   0x80100000, 0x00008020, 0x00000000, 0x00108020, 0x80100020, 0x00100000,
-   0x80008020, 0x80100000, 0x80108000, 0x00008000, 0x80100000, 0x80008000,
-   0x00000020, 0x80108020, 0x00108020, 0x00000020, 0x00008000, 0x80000000,
-   0x00008020, 0x80108000, 0x00100000, 0x80000020, 0x00100020, 0x80008020,
-   0x80000020, 0x00100020, 0x00108000, 0x00000000, 0x80008000, 0x00008020,
-   0x80000000, 0x80100020, 0x80108020, 0x00108000,
-
-   0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000,
-   0x00020208, 0x08000200, 0x00020008, 0x08000008, 0x08000008, 0x00020000,
-   0x08020208, 0x00020008, 0x08020000, 0x00000208, 0x08000000, 0x00000008,
-   0x08020200, 0x00000200, 0x00020200, 0x08020000, 0x08020008, 0x00020208,
-   0x08000208, 0x00020200, 0x00020000, 0x08000208, 0x00000008, 0x08020208,
-   0x00000200, 0x08000000, 0x08020200, 0x08000000, 0x00020008, 0x00000208,
-   0x00020000, 0x08020200, 0x08000200, 0x00000000, 0x00000200, 0x00020008,
-   0x08020208, 0x08000200, 0x08000008, 0x00000200, 0x00000000, 0x08020008,
-   0x08000208, 0x00020000, 0x08000000, 0x08020208, 0x00000008, 0x00020208,
-   0x00020200, 0x08000008, 0x08020000, 0x08000208, 0x00000208, 0x08020000,
-   0x00020208, 0x00000008, 0x08020008, 0x00020200,
-
-   0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081,
-   0x00800001, 0x00002001, 0x00000000, 0x00802000, 0x00802000, 0x00802081,
-   0x00000081, 0x00000000, 0x00800080, 0x00800001, 0x00000001, 0x00002000,
-   0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002001, 0x00002080,
-   0x00800081, 0x00000001, 0x00002080, 0x00800080, 0x00002000, 0x00802080,
-   0x00802081, 0x00000081, 0x00800080, 0x00800001, 0x00802000, 0x00802081,
-   0x00000081, 0x00000000, 0x00000000, 0x00802000, 0x00002080, 0x00800080,
-   0x00800081, 0x00000001, 0x00802001, 0x00002081, 0x00002081, 0x00000080,
-   0x00802081, 0x00000081, 0x00000001, 0x00002000, 0x00800001, 0x00002001,
-   0x00802080, 0x00800081, 0x00002001, 0x00002080, 0x00800000, 0x00802001,
-   0x00000080, 0x00800000, 0x00002000, 0x00802080,
-
-   0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100,
-   0x40000000, 0x02080000, 0x40080100, 0x00080000, 0x02000100, 0x40080100,
-   0x42000100, 0x42080000, 0x00080100, 0x40000000, 0x02000000, 0x40080000,
-   0x40080000, 0x00000000, 0x40000100, 0x42080100, 0x42080100, 0x02000100,
-   0x42080000, 0x40000100, 0x00000000, 0x42000000, 0x02080100, 0x02000000,
-   0x42000000, 0x00080100, 0x00080000, 0x42000100, 0x00000100, 0x02000000,
-   0x40000000, 0x02080000, 0x42000100, 0x40080100, 0x02000100, 0x40000000,
-   0x42080000, 0x02080100, 0x40080100, 0x00000100, 0x02000000, 0x42080000,
-   0x42080100, 0x00080100, 0x42000000, 0x42080100, 0x02080000, 0x00000000,
-   0x40080000, 0x42000000, 0x00080100, 0x02000100, 0x40000100, 0x00080000,
-   0x00000000, 0x40080000, 0x02080100, 0x40000100,
-
-   0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010,
-   0x20404010, 0x00400000, 0x20004000, 0x00404010, 0x00400000, 0x20000010,
-   0x00400010, 0x20004000, 0x20000000, 0x00004010, 0x00000000, 0x00400010,
-   0x20004010, 0x00004000, 0x00404000, 0x20004010, 0x00000010, 0x20400010,
-   0x20400010, 0x00000000, 0x00404010, 0x20404000, 0x00004010, 0x00404000,
-   0x20404000, 0x20000000, 0x20004000, 0x00000010, 0x20400010, 0x00404000,
-   0x20404010, 0x00400000, 0x00004010, 0x20000010, 0x00400000, 0x20004000,
-   0x20000000, 0x00004010, 0x20000010, 0x20404010, 0x00404000, 0x20400000,
-   0x00404010, 0x20404000, 0x00000000, 0x20400010, 0x00000010, 0x00004000,
-   0x20400000, 0x00404010, 0x00004000, 0x00400010, 0x20004010, 0x00000000,
-   0x20404000, 0x20000000, 0x00400010, 0x20004010,
-
-   0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802,
-   0x00200802, 0x04200800, 0x04200802, 0x00200000, 0x00000000, 0x04000002,
-   0x00000002, 0x04000000, 0x04200002, 0x00000802, 0x04000800, 0x00200802,
-   0x00200002, 0x04000800, 0x04000002, 0x04200000, 0x04200800, 0x00200002,
-   0x04200000, 0x00000800, 0x00000802, 0x04200802, 0x00200800, 0x00000002,
-   0x04000000, 0x00200800, 0x04000000, 0x00200800, 0x00200000, 0x04000802,
-   0x04000802, 0x04200002, 0x04200002, 0x00000002, 0x00200002, 0x04000000,
-   0x04000800, 0x00200000, 0x04200800, 0x00000802, 0x00200802, 0x04200800,
-   0x00000802, 0x04000002, 0x04200802, 0x04200000, 0x00200800, 0x00000000,
-   0x00000002, 0x04200802, 0x00000000, 0x00200802, 0x04200000, 0x00000800,
-   0x04000002, 0x04000800, 0x00000800, 0x00200002,
-
-   0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040,
-   0x00000040, 0x10000000, 0x00040040, 0x10040000, 0x10041040, 0x00041000,
-   0x10041000, 0x00041040, 0x00001000, 0x00000040, 0x10040000, 0x10000040,
-   0x10001000, 0x00001040, 0x00041000, 0x00040040, 0x10040040, 0x10041000,
-   0x00001040, 0x00000000, 0x00000000, 0x10040040, 0x10000040, 0x10001000,
-   0x00041040, 0x00040000, 0x00041040, 0x00040000, 0x10041000, 0x00001000,
-   0x00000040, 0x10040040, 0x00001000, 0x00041040, 0x10001000, 0x00000040,
-   0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x00040000, 0x10001040,
-   0x00000000, 0x10041040, 0x00040040, 0x10000040, 0x10040000, 0x10001000,
-   0x10001040, 0x00000000, 0x10041040, 0x00041000, 0x00041000, 0x00001040,
-   0x00001040, 0x00040040, 0x10000000, 0x10041000 };
+alignas(256) const uint8_t SPBOX_CATS[64*8] = {
+   0x54, 0x00, 0x10, 0x55, 0x51, 0x15, 0x01, 0x10, 0x04, 0x54, 0x55, 0x04, 0x45, 0x51, 0x40, 0x01,
+   0x05, 0x44, 0x44, 0x14, 0x14, 0x50, 0x50, 0x45, 0x11, 0x41, 0x41, 0x11, 0x00, 0x05, 0x15, 0x40,
+   0x10, 0x55, 0x01, 0x50, 0x54, 0x40, 0x40, 0x04, 0x51, 0x10, 0x14, 0x41, 0x04, 0x01, 0x45, 0x15,
+   0x55, 0x11, 0x50, 0x45, 0x41, 0x05, 0x15, 0x54, 0x05, 0x44, 0x44, 0x00, 0x11, 0x14, 0x00, 0x51,
+
+   0x55, 0x44, 0x04, 0x15, 0x10, 0x01, 0x51, 0x45, 0x41, 0x55, 0x54, 0x40, 0x44, 0x10, 0x01, 0x51,
+   0x14, 0x11, 0x45, 0x00, 0x40, 0x04, 0x15, 0x50, 0x11, 0x41, 0x00, 0x14, 0x05, 0x54, 0x50, 0x05,
+   0x00, 0x15, 0x51, 0x10, 0x45, 0x50, 0x54, 0x04, 0x50, 0x44, 0x01, 0x55, 0x15, 0x01, 0x04, 0x40,
+   0x05, 0x54, 0x10, 0x41, 0x11, 0x45, 0x41, 0x11, 0x14, 0x00, 0x44, 0x05, 0x40, 0x51, 0x55, 0x14,
+
+   0x09, 0xA8, 0x00, 0xA1, 0x88, 0x00, 0x29, 0x88, 0x21, 0x81, 0x81, 0x20, 0xA9, 0x21, 0xA0, 0x09,
+   0x80, 0x01, 0xA8, 0x08, 0x28, 0xA0, 0xA1, 0x29, 0x89, 0x28, 0x20, 0x89, 0x01, 0xA9, 0x08, 0x80,
+   0xA8, 0x80, 0x21, 0x09, 0x20, 0xA8, 0x88, 0x00, 0x08, 0x21, 0xA9, 0x88, 0x81, 0x08, 0x00, 0xA1,
+   0x89, 0x20, 0x80, 0xA9, 0x01, 0x29, 0x28, 0x81, 0xA0, 0x89, 0x09, 0xA0, 0x29, 0x01, 0xA1, 0x28,
+
+   0x51, 0x15, 0x15, 0x04, 0x54, 0x45, 0x41, 0x11, 0x00, 0x50, 0x50, 0x55, 0x05, 0x00, 0x44, 0x41,
+   0x01, 0x10, 0x40, 0x51, 0x04, 0x40, 0x11, 0x14, 0x45, 0x01, 0x14, 0x44, 0x10, 0x54, 0x55, 0x05,
+   0x44, 0x41, 0x50, 0x55, 0x05, 0x00, 0x00, 0x50, 0x14, 0x44, 0x45, 0x01, 0x51, 0x15, 0x15, 0x04,
+   0x55, 0x05, 0x01, 0x10, 0x41, 0x11, 0x54, 0x45, 0x11, 0x14, 0x40, 0x51, 0x04, 0x40, 0x10, 0x54,
+
+   0x01, 0x29, 0x28, 0xA1, 0x08, 0x01, 0x80, 0x28, 0x89, 0x08, 0x21, 0x89, 0xA1, 0xA8, 0x09, 0x80,
+   0x20, 0x88, 0x88, 0x00, 0x81, 0xA9, 0xA9, 0x21, 0xA8, 0x81, 0x00, 0xA0, 0x29, 0x20, 0xA0, 0x09,
+   0x08, 0xA1, 0x01, 0x20, 0x80, 0x28, 0xA1, 0x89, 0x21, 0x80, 0xA8, 0x29, 0x89, 0x01, 0x20, 0xA8,
+   0xA9, 0x09, 0xA0, 0xA9, 0x28, 0x00, 0x88, 0xA0, 0x09, 0x21, 0x81, 0x08, 0x00, 0x88, 0x29, 0x81,
+
+   0x41, 0x50, 0x04, 0x55, 0x50, 0x01, 0x55, 0x10, 0x44, 0x15, 0x10, 0x41, 0x11, 0x44, 0x40, 0x05,
+   0x00, 0x11, 0x45, 0x04, 0x14, 0x45, 0x01, 0x51, 0x51, 0x00, 0x15, 0x54, 0x05, 0x14, 0x54, 0x40,
+   0x44, 0x01, 0x51, 0x14, 0x55, 0x10, 0x05, 0x41, 0x10, 0x44, 0x40, 0x05, 0x41, 0x55, 0x14, 0x50,
+   0x15, 0x54, 0x00, 0x51, 0x01, 0x04, 0x50, 0x15, 0x04, 0x11, 0x45, 0x00, 0x54, 0x40, 0x11, 0x45,
+
+   0x10, 0x51, 0x45, 0x00, 0x04, 0x45, 0x15, 0x54, 0x55, 0x10, 0x00, 0x41, 0x01, 0x40, 0x51, 0x05,
+   0x44, 0x15, 0x11, 0x44, 0x41, 0x50, 0x54, 0x11, 0x50, 0x04, 0x05, 0x55, 0x14, 0x01, 0x40, 0x14,
+   0x40, 0x14, 0x10, 0x45, 0x45, 0x51, 0x51, 0x01, 0x11, 0x40, 0x44, 0x10, 0x54, 0x05, 0x15, 0x54,
+   0x05, 0x41, 0x55, 0x50, 0x14, 0x00, 0x01, 0x55, 0x00, 0x15, 0x50, 0x04, 0x41, 0x44, 0x04, 0x11,
+
+   0x89, 0x08, 0x20, 0xA9, 0x80, 0x89, 0x01, 0x80, 0x21, 0xA0, 0xA9, 0x28, 0xA8, 0x29, 0x08, 0x01,
+   0xA0, 0x81, 0x88, 0x09, 0x28, 0x21, 0xA1, 0xA8, 0x09, 0x00, 0x00, 0xA1, 0x81, 0x88, 0x29, 0x20,
+   0x29, 0x20, 0xa8, 0x08, 0x01, 0xA1, 0x08, 0x29, 0x88, 0x01, 0x81, 0xA0, 0xA1, 0x80, 0x20, 0x89,
+   0x00, 0xA9, 0x21, 0x81, 0xA0, 0x88, 0x89, 0x00, 0xA9, 0x28, 0x28, 0x09, 0x09, 0x21, 0x80, 0xA8,
+};
+
+const uint32_t SPBOX_CAT_0_MUL = 0x70041106;
+const uint32_t SPBOX_CAT_1_MUL = 0x02012020;
+const uint32_t SPBOX_CAT_2_MUL = 0x00901048;
+const uint32_t SPBOX_CAT_3_MUL = 0x8e060221;
+const uint32_t SPBOX_CAT_4_MUL = 0x00912140;
+const uint32_t SPBOX_CAT_5_MUL = 0x80841018;
+const uint32_t SPBOX_CAT_6_MUL = 0xe0120202;
+const uint32_t SPBOX_CAT_7_MUL = 0x00212240;
+
+const uint32_t SPBOX_CAT_0_MASK = 0x01010404;
+const uint32_t SPBOX_CAT_1_MASK = 0x80108020;
+const uint32_t SPBOX_CAT_2_MASK = 0x08020208;
+const uint32_t SPBOX_CAT_3_MASK = 0x00802081;
+const uint32_t SPBOX_CAT_4_MASK = 0x42080100;
+const uint32_t SPBOX_CAT_5_MASK = 0x20404010;
+const uint32_t SPBOX_CAT_6_MASK = 0x04200802;
+const uint32_t SPBOX_CAT_7_MASK = 0x10041040;
 
 /*
 * DES Key Schedule
@@ -183,14 +146,14 @@ void des_key_schedule(uint32_t round_key[32], const uint8_t key[8])
 inline uint32_t spbox(uint32_t T0, uint32_t T1)
    {
    return
-      DES_SPBOX[64*0+((T0 >> 24) & 0x3F)] ^
-      DES_SPBOX[64*1+((T1 >> 24) & 0x3F)] ^
-      DES_SPBOX[64*2+((T0 >> 16) & 0x3F)] ^
-      DES_SPBOX[64*3+((T1 >> 16) & 0x3F)] ^
-      DES_SPBOX[64*4+((T0 >>  8) & 0x3F)] ^
-      DES_SPBOX[64*5+((T1 >>  8) & 0x3F)] ^
-      DES_SPBOX[64*6+((T0 >>  0) & 0x3F)] ^
-      DES_SPBOX[64*7+((T1 >>  0) & 0x3F)];
+      ((SPBOX_CATS[0*64 + ((T0 >> 24) & 0x3F)] * SPBOX_CAT_0_MUL) & SPBOX_CAT_0_MASK)  ^
+      ((SPBOX_CATS[1*64 + ((T1 >> 24) & 0x3F)] * SPBOX_CAT_1_MUL) & SPBOX_CAT_1_MASK)  ^
+      ((SPBOX_CATS[2*64 + ((T0 >> 16) & 0x3F)] * SPBOX_CAT_2_MUL) & SPBOX_CAT_2_MASK)  ^
+      ((SPBOX_CATS[3*64 + ((T1 >> 16) & 0x3F)] * SPBOX_CAT_3_MUL) & SPBOX_CAT_3_MASK)  ^
+      ((SPBOX_CATS[4*64 + ((T0 >>  8) & 0x3F)] * SPBOX_CAT_4_MUL) & SPBOX_CAT_4_MASK)  ^
+      ((SPBOX_CATS[5*64 + ((T1 >>  8) & 0x3F)] * SPBOX_CAT_5_MUL) & SPBOX_CAT_5_MASK)  ^
+      ((SPBOX_CATS[6*64 + ((T0 >>  0) & 0x3F)] * SPBOX_CAT_6_MUL) & SPBOX_CAT_6_MASK)  ^
+      ((SPBOX_CATS[7*64 + ((T1 >>  0) & 0x3F)] * SPBOX_CAT_7_MUL) & SPBOX_CAT_7_MASK);
    }
 
 /*
@@ -432,13 +395,6 @@ void TripleDES::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) cons
    {
    verify_key_set(m_round_key.empty() == false);
 
-#if defined(BOTAN_HAS_DES_BMI2)
-   if(CPUID::has_bmi2() && CPUID::has_fast_pdep())
-      {
-      return bmi2_encrypt_n(in, out, blocks, &m_round_key[0]);
-      }
-#endif
-
    while(blocks >= 2)
       {
       uint32_t L0 = load_be<uint32_t>(in, 0);
@@ -489,13 +445,6 @@ void TripleDES::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) cons
    {
    verify_key_set(m_round_key.empty() == false);
 
-#if defined(BOTAN_HAS_DES_BMI2)
-   if(CPUID::has_bmi2() && CPUID::has_fast_pdep())
-      {
-      return bmi2_decrypt_n(in, out, blocks, &m_round_key[0]);
-      }
-#endif
-
    while(blocks >= 2)
       {
       uint32_t L0 = load_be<uint32_t>(in, 0);
diff --git a/src/lib/block/des/des.h b/src/lib/block/des/des.h
index 2907ff0f1..4c834c6f6 100644
--- a/src/lib/block/des/des.h
+++ b/src/lib/block/des/des.h
@@ -44,11 +44,6 @@ class TripleDES final : public Block_Cipher_Fixed_Params<8, 16, 24, 8>
       BlockCipher* clone() const override { return new TripleDES; }
    private:
 
-#if defined(BOTAN_HAS_DES_BMI2)
-      static void bmi2_encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks, const uint32_t key[]);
-      static void bmi2_decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks, const uint32_t key[]);
-#endif
-
       void key_schedule(const uint8_t[], size_t) override;
 
       secure_vector<uint32_t> m_round_key;
diff --git a/src/lib/block/des/des_bmi2/des_bmi2.cpp b/src/lib/block/des/des_bmi2/des_bmi2.cpp
deleted file mode 100644
index da3f5bd6d..000000000
--- a/src/lib/block/des/des_bmi2/des_bmi2.cpp
+++ /dev/null
@@ -1,292 +0,0 @@
-/*
-* (C) 2020 Jack Lloyd
-*
-* Botan is released under the Simplified BSD License (see license.txt)
-*/
-
-#include <botan/internal/des.h>
-#include <botan/internal/rotate.h>
-#include <botan/internal/loadstor.h>
-#include <immintrin.h>
-
-namespace Botan {
-
-namespace {
-
-namespace DES_BMI2_fn {
-
-alignas(64) const uint8_t SPBOX_CAT_0[64] = {
-   0xE, 0x0, 0x4, 0xF, 0xD, 0x7, 0x1, 0x4, 0x2, 0xE, 0xF, 0x2, 0xB, 0xD, 0x8, 0x1,
-   0x3, 0xA, 0xA, 0x6, 0x6, 0xC, 0xC, 0xB, 0x5, 0x9, 0x9, 0x5, 0x0, 0x3, 0x7, 0x8,
-   0x4, 0xF, 0x1, 0xC, 0xE, 0x8, 0x8, 0x2, 0xD, 0x4, 0x6, 0x9, 0x2, 0x1, 0xB, 0x7,
-   0xF, 0x5, 0xC, 0xB, 0x9, 0x3, 0x7, 0xE, 0x3, 0xA, 0xA, 0x0, 0x5, 0x6, 0x0, 0xD,
-};
-
-alignas(64) const uint8_t SPBOX_CAT_1[64] = {
-   0xF, 0xA, 0x2, 0x7, 0x4, 0x1, 0xD, 0xB, 0x9, 0xF, 0xE, 0x8, 0xA, 0x4, 0x1, 0xD,
-   0x6, 0x5, 0xB, 0x0, 0x8, 0x2, 0x7, 0xC, 0x5, 0x9, 0x0, 0x6, 0x3, 0xE, 0xC, 0x3,
-   0x0, 0x7, 0xD, 0x4, 0xB, 0xC, 0xE, 0x2, 0xC, 0xA, 0x1, 0xF, 0x7, 0x1, 0x2, 0x8,
-   0x3, 0xE, 0x4, 0x9, 0x5, 0xB, 0x9, 0x5, 0x6, 0x0, 0xA, 0x3, 0x8, 0xD, 0xF, 0x6,
-};
-
-alignas(64) const uint8_t SPBOX_CAT_2[64] = {
-   0x3, 0xE, 0x0, 0xD, 0xA, 0x0, 0x7, 0xA, 0x5, 0x9, 0x9, 0x4, 0xF, 0x5, 0xC, 0x3,
-   0x8, 0x1, 0xE, 0x2, 0x6, 0xC, 0xD, 0x7, 0xB, 0x6, 0x4, 0xB, 0x1, 0xF, 0x2, 0x8,
-   0xE, 0x8, 0x5, 0x3, 0x4, 0xE, 0xA, 0x0, 0x2, 0x5, 0xF, 0xA, 0x9, 0x2, 0x0, 0xD,
-   0xB, 0x4, 0x8, 0xF, 0x1, 0x7, 0x6, 0x9, 0xC, 0xB, 0x3, 0xC, 0x7, 0x1, 0xD, 0x6,
-};
-
-alignas(64) const uint8_t SPBOX_CAT_3[64] = {
-   0xD, 0x7, 0x7, 0x2, 0xE, 0xB, 0x9, 0x5, 0x0, 0xC, 0xC, 0xF, 0x3, 0x0, 0xA, 0x9,
-   0x1, 0x4, 0x8, 0xD, 0x2, 0x8, 0x5, 0x6, 0xB, 0x1, 0x6, 0xA, 0x4, 0xE, 0xF, 0x3,
-   0xA, 0x9, 0xC, 0xF, 0x3, 0x0, 0x0, 0xC, 0x6, 0xA, 0xB, 0x1, 0xD, 0x7, 0x7, 0x2,
-   0xF, 0x3, 0x1, 0x4, 0x9, 0x5, 0xE, 0xB, 0x5, 0x6, 0x8, 0xD, 0x2, 0x8, 0x4, 0xE,
-};
-
-alignas(64) const uint8_t SPBOX_CAT_4[64] = {
-   0x1, 0x7, 0x6, 0xD, 0x2, 0x1, 0x8, 0x6, 0xB, 0x2, 0x5, 0xB, 0xD, 0xE, 0x3, 0x8,
-   0x4, 0xA, 0xA, 0x0, 0x9, 0xF, 0xF, 0x5, 0xE, 0x9, 0x0, 0xC, 0x7, 0x4, 0xC, 0x3,
-   0x2, 0xD, 0x1, 0x4, 0x8, 0x6, 0xD, 0xB, 0x5, 0x8, 0xE, 0x7, 0xB, 0x1, 0x4, 0xE,
-   0xF, 0x3, 0xC, 0xF, 0x6, 0x0, 0xA, 0xC, 0x3, 0x5, 0x9, 0x2, 0x0, 0xA, 0x7, 0x9,
-};
-
-alignas(64) const uint8_t SPBOX_CAT_5[64] = {
-   0x9, 0xC, 0x2, 0xF, 0xC, 0x1, 0xF, 0x4, 0xA, 0x7, 0x4, 0x9, 0x5, 0xA, 0x8, 0x3,
-   0x0, 0x5, 0xB, 0x2, 0x6, 0xB, 0x1, 0xD, 0xD, 0x0, 0x7, 0xE, 0x3, 0x6, 0xE, 0x8,
-   0xA, 0x1, 0xD, 0x6, 0xF, 0x4, 0x3, 0x9, 0x4, 0xA, 0x8, 0x3, 0x9, 0xF, 0x6, 0xC,
-   0x7, 0xE, 0x0, 0xD, 0x1, 0x2, 0xC, 0x7, 0x2, 0x5, 0xB, 0x0, 0xE, 0x8, 0x5, 0xB,
-};
-
-alignas(64) const uint8_t SPBOX_CAT_6[64] = {
-   0x4, 0xD, 0xB, 0x0, 0x2, 0xB, 0x7, 0xE, 0xF, 0x4, 0x0, 0x9, 0x1, 0x8, 0xD, 0x3,
-   0xA, 0x7, 0x5, 0xA, 0x9, 0xC, 0xE, 0x5, 0xC, 0x2, 0x3, 0xF, 0x6, 0x1, 0x8, 0x6,
-   0x8, 0x6, 0x4, 0xB, 0xB, 0xD, 0xD, 0x1, 0x5, 0x8, 0xA, 0x4, 0xE, 0x3, 0x7, 0xE,
-   0x3, 0x9, 0xF, 0xC, 0x6, 0x0, 0x1, 0xF, 0x0, 0x7, 0xC, 0x2, 0x9, 0xA, 0x2, 0x5,
-};
-
-alignas(64) const uint8_t SPBOX_CAT_7[64] = {
-   0xB, 0x2, 0x4, 0xF, 0x8, 0xB, 0x1, 0x8, 0x5, 0xC, 0xF, 0x6, 0xE, 0x7, 0x2, 0x1,
-   0xC, 0x9, 0xA, 0x3, 0x6, 0x5, 0xD, 0xE, 0x3, 0x0, 0x0, 0xD, 0x9, 0xA, 0x7, 0x4,
-   0x7, 0x4, 0xE, 0x2, 0x1, 0xD, 0x2, 0x7, 0xA, 0x1, 0x9, 0xC, 0xD, 0x8, 0x4, 0xB,
-   0x0, 0xF, 0x5, 0x9, 0xC, 0xA, 0xB, 0x0, 0xF, 0x6, 0x6, 0x3, 0x3, 0x5, 0x8, 0xE,
-};
-
-inline uint32_t spbox(uint32_t T0, uint32_t T1)
-   {
-   return
-      _pdep_u32(SPBOX_CAT_0[get_byte(0, T0) % 64], 0x01010404) ^
-      _pdep_u32(SPBOX_CAT_1[get_byte(0, T1) % 64], 0x80108020) ^
-      _pdep_u32(SPBOX_CAT_2[get_byte(1, T0) % 64], 0x08020208) ^
-      _pdep_u32(SPBOX_CAT_3[get_byte(1, T1) % 64], 0x00802081) ^
-      _pdep_u32(SPBOX_CAT_4[get_byte(2, T0) % 64], 0x42080100) ^
-      _pdep_u32(SPBOX_CAT_5[get_byte(2, T1) % 64], 0x20404010) ^
-      _pdep_u32(SPBOX_CAT_6[get_byte(3, T0) % 64], 0x04200802) ^
-      _pdep_u32(SPBOX_CAT_7[get_byte(3, T1) % 64], 0x10041040);
-   }
-
-inline void des_encrypt(uint32_t& Lr, uint32_t& Rr,
-                        const uint32_t round_key[32])
-   {
-   uint32_t L = Lr;
-   uint32_t R = Rr;
-   for(size_t i = 0; i != 16; i += 2)
-      {
-      L ^= spbox(rotr<4>(R) ^ round_key[2*i  ], R ^ round_key[2*i+1]);
-      R ^= spbox(rotr<4>(L) ^ round_key[2*i+2], L ^ round_key[2*i+3]);
-      }
-
-   Lr = L;
-   Rr = R;
-   }
-
-inline void des_encrypt_x2(uint32_t& L0r, uint32_t& R0r,
-                           uint32_t& L1r, uint32_t& R1r,
-                           const uint32_t round_key[32])
-   {
-   uint32_t L0 = L0r;
-   uint32_t R0 = R0r;
-   uint32_t L1 = L1r;
-   uint32_t R1 = R1r;
-
-   for(size_t i = 0; i != 16; i += 2)
-      {
-      L0 ^= spbox(rotr<4>(R0) ^ round_key[2*i  ], R0 ^ round_key[2*i+1]);
-      L1 ^= spbox(rotr<4>(R1) ^ round_key[2*i  ], R1 ^ round_key[2*i+1]);
-
-      R0 ^= spbox(rotr<4>(L0) ^ round_key[2*i+2], L0 ^ round_key[2*i+3]);
-      R1 ^= spbox(rotr<4>(L1) ^ round_key[2*i+2], L1 ^ round_key[2*i+3]);
-      }
-
-   L0r = L0;
-   R0r = R0;
-   L1r = L1;
-   R1r = R1;
-   }
-
-inline void des_decrypt(uint32_t& Lr, uint32_t& Rr,
-                        const uint32_t round_key[32])
-   {
-   uint32_t L = Lr;
-   uint32_t R = Rr;
-   for(size_t i = 16; i != 0; i -= 2)
-      {
-      L ^= spbox(rotr<4>(R) ^ round_key[2*i - 2], R  ^ round_key[2*i - 1]);
-      R ^= spbox(rotr<4>(L) ^ round_key[2*i - 4], L  ^ round_key[2*i - 3]);
-      }
-   Lr = L;
-   Rr = R;
-   }
-
-inline void des_decrypt_x2(uint32_t& L0r, uint32_t& R0r,
-                           uint32_t& L1r, uint32_t& R1r,
-                           const uint32_t round_key[32])
-   {
-   uint32_t L0 = L0r;
-   uint32_t R0 = R0r;
-   uint32_t L1 = L1r;
-   uint32_t R1 = R1r;
-
-   for(size_t i = 16; i != 0; i -= 2)
-      {
-      L0 ^= spbox(rotr<4>(R0) ^ round_key[2*i - 2], R0  ^ round_key[2*i - 1]);
-      L1 ^= spbox(rotr<4>(R1) ^ round_key[2*i - 2], R1  ^ round_key[2*i - 1]);
-
-      R0 ^= spbox(rotr<4>(L0) ^ round_key[2*i - 4], L0  ^ round_key[2*i - 3]);
-      R1 ^= spbox(rotr<4>(L1) ^ round_key[2*i - 4], L1  ^ round_key[2*i - 3]);
-      }
-
-   L0r = L0;
-   R0r = R0;
-   L1r = L1;
-   R1r = R1;
-   }
-
-inline void des_IP(uint32_t& L, uint32_t& R, const uint8_t block[])
-   {
-   // IP sequence by Wei Dai, taken from public domain Crypto++
-   L = load_be<uint32_t>(block, 0);
-   R = load_be<uint32_t>(block, 1);
-
-   uint32_t T;
-   R = rotl<4>(R);
-   T = (L ^ R) & 0xF0F0F0F0;
-   L ^= T;
-   R = rotr<20>(R ^ T);
-   T = (L ^ R) & 0xFFFF0000;
-   L ^= T;
-   R = rotr<18>(R ^ T);
-   T = (L ^ R) & 0x33333333;
-   L ^= T;
-   R = rotr<6>(R ^ T);
-   T = (L ^ R) & 0x00FF00FF;
-   L ^= T;
-   R = rotl<9>(R ^ T);
-   T = (L ^ R) & 0xAAAAAAAA;
-   L = rotl<1>(L ^ T);
-   R ^= T;
-   }
-
-inline void des_FP(uint32_t L, uint32_t R, uint8_t out[])
-   {
-   // FP sequence by Wei Dai, taken from public domain Crypto++
-   uint32_t T;
-
-   R = rotr<1>(R);
-   T = (L ^ R) & 0xAAAAAAAA;
-   R ^= T;
-   L = rotr<9>(L ^ T);
-   T = (L ^ R) & 0x00FF00FF;
-   R ^= T;
-   L = rotl<6>(L ^ T);
-   T = (L ^ R) & 0x33333333;
-   R ^= T;
-   L = rotl<18>(L ^ T);
-   T = (L ^ R) & 0xFFFF0000;
-   R ^= T;
-   L = rotl<20>(L ^ T);
-   T = (L ^ R) & 0xF0F0F0F0;
-   R ^= T;
-   L = rotr<4>(L ^ T);
-   store_be(out, R, L);
-   }
-
-}
-
-}
-
-//static
-void TripleDES::bmi2_encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks, const uint32_t key[])
-   {
-   using namespace DES_BMI2_fn;
-   while(blocks >= 2)
-      {
-      uint32_t L0, R0;
-      uint32_t L1, R1;
-
-      des_IP(L0, R0, in);
-      des_IP(L1, R1, in + BLOCK_SIZE);
-
-      des_encrypt_x2(L0, R0, L1, R1, &key[0]);
-      des_decrypt_x2(R0, L0, R1, L1, &key[32]);
-      des_encrypt_x2(L0, R0, L1, R1, &key[64]);
-
-      des_FP(L0, R0, out);
-      des_FP(L1, R1, out + BLOCK_SIZE);
-
-      in += 2*BLOCK_SIZE;
-      out += 2*BLOCK_SIZE;
-      blocks -= 2;
-      }
-
-   for(size_t i = 0; i != blocks; ++i)
-      {
-      uint32_t L, R;
-      des_IP(L, R, in + BLOCK_SIZE*i);
-
-      des_encrypt(L, R, &key[0]);
-      des_decrypt(R, L, &key[32]);
-      des_encrypt(L, R, &key[64]);
-
-      des_FP(L, R, out + BLOCK_SIZE*i);
-      }
-   }
-
-//static
-void TripleDES::bmi2_decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks, const uint32_t key[])
-   {
-   using namespace DES_BMI2_fn;
-
-   while(blocks >= 2)
-      {
-      uint32_t L0, R0;
-      uint32_t L1, R1;
-
-      des_IP(L0, R0, in);
-      des_IP(L1, R1, in + BLOCK_SIZE);
-
-      des_decrypt_x2(L0, R0, L1, R1, &key[64]);
-      des_encrypt_x2(R0, L0, R1, L1, &key[32]);
-      des_decrypt_x2(L0, R0, L1, R1, &key[0]);
-
-      des_FP(L0, R0, out);
-      des_FP(L1, R1, out + BLOCK_SIZE);
-
-      in += 2*BLOCK_SIZE;
-      out += 2*BLOCK_SIZE;
-      blocks -= 2;
-      }
-
-   for(size_t i = 0; i != blocks; ++i)
-      {
-      uint32_t L, R;
-      des_IP(L, R, in + BLOCK_SIZE*i);
-
-      des_decrypt(L, R, &key[64]);
-      des_encrypt(R, L, &key[32]);
-      des_decrypt(L, R, &key[0]);
-
-      des_FP(L, R, out + BLOCK_SIZE*i);
-      }
-   }
-
-}
diff --git a/src/lib/block/des/des_bmi2/info.txt b/src/lib/block/des/des_bmi2/info.txt
deleted file mode 100644
index a895c6964..000000000
--- a/src/lib/block/des/des_bmi2/info.txt
+++ /dev/null
@@ -1,17 +0,0 @@
-<defines>
-DES_BMI2 -> 20201204
-</defines>
-
-<isa>
-bmi2
-</isa>
-
-<arch>
-x86_64
-</arch>
-
-<cc>
-gcc
-clang
-msvc
-</cc>
author	Jack Lloyd <[email protected]>	2021-03-31 08:06:48 -0400
committer	Jack Lloyd <[email protected]>	2021-03-31 08:07:27 -0400
commit	b558aebdd4bdd13641ccfdaf9502a2031f66c655 (patch)
tree	10780e079444dbb519ee58bfac6a5cd5ce8c9123 /src
parent	2cbb1c530fba8dbe9534be0ba76c8463e7bc7226 (diff)