📄 vmac.cpp
字号:
// vmac.cpp - written and placed in the public domain by Wei Dai
// based on Ted Krovetz's public domain vmac.c and draft-krovetz-vmac-01.txt
#include "pch.h"
#include "vmac.h"
#include "argnames.h"
#include "cpu.h"
NAMESPACE_BEGIN(CryptoPP)
#if defined(_MSC_VER) && !defined(CRYPTOPP_SLOW_WORD64)
#include <intrin.h>
#endif
#define VMAC_BOOL_WORD128 (defined(CRYPTOPP_WORD128_AVAILABLE) && !defined(CRYPTOPP_X64_ASM_AVAILABLE))
#ifdef __BORLANDC__
#define const // Turbo C++ 2006 workaround
#endif
static const word64 p64 = W64LIT(0xfffffffffffffeff); /* 2^64 - 257 prime */
static const word64 m62 = W64LIT(0x3fffffffffffffff); /* 62-bit mask */
static const word64 m63 = W64LIT(0x7fffffffffffffff); /* 63-bit mask */
static const word64 m64 = W64LIT(0xffffffffffffffff); /* 64-bit mask */
static const word64 mpoly = W64LIT(0x1fffffff1fffffff); /* Poly key mask */
#ifdef __BORLANDC__
#undef const
#endif
#if VMAC_BOOL_WORD128
static const word128 m126 = (word128(m62)<<64)|m64; /* 126-bit mask */
#endif
void VMAC_Base::UncheckedSetKey(const byte *userKey, unsigned int keylength, const NameValuePairs ¶ms)
{
int digestLength = params.GetIntValueWithDefault(Name::DigestSize(), DefaultDigestSize());
if (digestLength != 8 && digestLength != 16)
throw InvalidArgument("VMAC: DigestSize must be 8 or 16");
m_is128 = digestLength == 16;
m_L1KeyLength = params.GetIntValueWithDefault(Name::L1KeyLength(), 128);
if (m_L1KeyLength <= 0 || m_L1KeyLength % 128 != 0)
throw InvalidArgument("VMAC: L1KeyLength must be a positive multiple of 128");
AllocateBlocks();
BlockCipher &cipher = AccessCipher();
cipher.SetKey(userKey, keylength, params);
unsigned int blockSize = cipher.BlockSize();
unsigned int blockSizeInWords = blockSize / sizeof(word64);
SecBlock<word64> out(blockSizeInWords);
SecByteBlock in;
in.CleanNew(blockSize);
size_t i;
/* Fill nh key */
in[0] = 0x80;
for (i = 0; i < m_nhKeySize()*sizeof(word64); i += blockSize)
{
cipher.ProcessBlock(in, out.BytePtr());
ConditionalByteReverse(BIG_ENDIAN_ORDER, m_nhKey()+i/sizeof(word64), out.begin(), blockSize);
in[15]++;
}
/* Fill poly key */
in[0] = 0xC0;
in[15] = 0;
for (i = 0; i <= (size_t)m_is128; i++)
{
cipher.ProcessBlock(in, out.BytePtr());
m_polyState()[i*4+2] = GetWord<word64>(true, BIG_ENDIAN_ORDER, out.BytePtr()) & mpoly;
m_polyState()[i*4+3] = GetWord<word64>(true, BIG_ENDIAN_ORDER, out.BytePtr()+8) & mpoly;
in[15]++;
}
/* Fill ip key */
in[0] = 0xE0;
in[15] = 0;
word64 *l3Key = m_l3Key();
for (i = 0; i <= (size_t)m_is128; i++)
do
{
cipher.ProcessBlock(in, out.BytePtr());
l3Key[i*2+0] = GetWord<word64>(true, BIG_ENDIAN_ORDER, out.BytePtr());
l3Key[i*2+1] = GetWord<word64>(true, BIG_ENDIAN_ORDER, out.BytePtr()+8);
in[15]++;
} while ((l3Key[i*2+0] >= p64) || (l3Key[i*2+1] >= p64));
m_padCached = false;
Resynchronize(GetIVAndThrowIfInvalid(params));
}
void VMAC_Base::GetNextIV(RandomNumberGenerator &rng, byte *IV)
{
SimpleKeyingInterface::GetNextIV(rng, IV);
IV[0] &= 0x7f;
}
void VMAC_Base::Resynchronize(const byte *IV)
{
int s = IVSize();
if (m_is128)
{
memcpy(m_nonce(), IV, s);
AccessCipher().ProcessBlock(m_nonce(), m_pad());
}
else
{
m_padCached = m_padCached && (m_nonce()[s-1] | 1) == (IV[s-1] | 1) && memcmp(m_nonce(), IV, s-1) == 0;
if (!m_padCached)
{
memcpy(m_nonce(), IV, s);
m_nonce()[s-1] &= 0xfe;
AccessCipher().ProcessBlock(m_nonce(), m_pad());
m_padCached = true;
}
m_nonce()[s-1] = IV[s-1];
}
m_isFirstBlock = true;
Restart();
}
void VMAC_Base::HashEndianCorrectedBlock(const word64 *data)
{
assert(false);
}
#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE && CRYPTOPP_BOOL_X86
#pragma warning(disable: 4731) // frame pointer register 'ebp' modified by inline assembly code
void
#ifdef __GNUC__
__attribute__ ((noinline)) // Intel Compiler 9.1 workaround
#endif
VMAC_Base::VHASH_Update_SSE2(const word64 *data, size_t blocksRemainingInWord64, int tagPart)
{
const word64 *nhK = m_nhKey();
word64 *polyS = m_polyState();
#ifdef __GNUC__
word32 temp;
__asm__ __volatile__
(
AS2( mov %%ebx, %0)
AS2( mov %1, %%ebx)
".intel_syntax noprefix;"
#else
#if _MSC_VER < 1300 || defined(__INTEL_COMPILER)
word32 L1KeyLength = m_L1KeyLength;
char isFirstBlock = m_isFirstBlock;
AS2( mov ebx, [L1KeyLength])
AS2( mov dl, [isFirstBlock])
#else
AS2( mov ecx, this)
AS2( mov ebx, [ecx+m_L1KeyLength])
AS2( mov dl, [ecx+m_isFirstBlock])
#endif
AS2( mov eax, tagPart)
AS2( shl eax, 4)
AS2( mov edi, nhK)
AS2( add edi, eax)
AS2( add eax, eax)
AS2( add eax, polyS)
AS2( mov esi, data)
AS2( mov ecx, blocksRemainingInWord64)
#endif
AS2( shr ebx, 3)
AS1( push ebp)
AS2( sub esp, 12)
ASL(4)
AS2( mov ebp, ebx)
AS2( cmp ecx, ebx)
AS2( cmovl ebp, ecx)
AS2( sub ecx, ebp)
AS2( lea ebp, [edi+8*ebp]) // end of nhK
AS2( movq mm6, [esi])
AS2( paddq mm6, [edi])
AS2( movq mm5, [esi+8])
AS2( paddq mm5, [edi+8])
AS2( add esi, 16)
AS2( add edi, 16)
AS2( movq mm4, mm6)
ASS( pshufw mm2, mm6, 1, 0, 3, 2)
AS2( pmuludq mm6, mm5)
ASS( pshufw mm3, mm5, 1, 0, 3, 2)
AS2( pmuludq mm5, mm2)
AS2( pmuludq mm2, mm3)
AS2( pmuludq mm3, mm4)
AS2( pxor mm7, mm7)
AS2( movd [esp], mm6)
AS2( psrlq mm6, 32)
AS2( movd [esp+4], mm5)
AS2( psrlq mm5, 32)
AS2( cmp edi, ebp)
ASJ( je, 1, f)
ASL(0)
AS2( movq mm0, [esi])
AS2( paddq mm0, [edi])
AS2( movq mm1, [esi+8])
AS2( paddq mm1, [edi+8])
AS2( add esi, 16)
AS2( add edi, 16)
AS2( movq mm4, mm0)
AS2( paddq mm5, mm2)
ASS( pshufw mm2, mm0, 1, 0, 3, 2)
AS2( pmuludq mm0, mm1)
AS2( movd [esp+8], mm3)
AS2( psrlq mm3, 32)
AS2( paddq mm5, mm3)
ASS( pshufw mm3, mm1, 1, 0, 3, 2)
AS2( pmuludq mm1, mm2)
AS2( pmuludq mm2, mm3)
AS2( pmuludq mm3, mm4)
AS2( movd mm4, [esp])
AS2( paddq mm7, mm4)
AS2( movd mm4, [esp+4])
AS2( paddq mm6, mm4)
AS2( movd mm4, [esp+8])
AS2( paddq mm6, mm4)
AS2( movd [esp], mm0)
AS2( psrlq mm0, 32)
AS2( paddq mm6, mm0)
AS2( movd [esp+4], mm1)
AS2( psrlq mm1, 32)
AS2( paddq mm5, mm1)
AS2( cmp edi, ebp)
ASJ( jne, 0, b)
ASL(1)
AS2( paddq mm5, mm2)
AS2( movd [esp+8], mm3)
AS2( psrlq mm3, 32)
AS2( paddq mm5, mm3)
AS2( movd mm4, [esp])
AS2( paddq mm7, mm4)
AS2( movd mm4, [esp+4])
AS2( paddq mm6, mm4)
AS2( movd mm4, [esp+8])
AS2( paddq mm6, mm4)
AS2( lea ebp, [8*ebx])
AS2( sub edi, ebp) // reset edi to start of nhK
AS2( movd [esp], mm7)
AS2( psrlq mm7, 32)
AS2( paddq mm6, mm7)
AS2( movd [esp+4], mm6)
AS2( psrlq mm6, 32)
AS2( paddq mm5, mm6)
AS2( psllq mm5, 2)
AS2( psrlq mm5, 2)
#define a0 [eax+2*4]
#define a1 [eax+3*4]
#define a2 [eax+0*4]
#define a3 [eax+1*4]
#define k0 [eax+2*8+2*4]
#define k1 [eax+2*8+3*4]
#define k2 [eax+2*8+0*4]
#define k3 [eax+2*8+1*4]
AS2( test dl, dl)
ASJ( jz, 2, f)
AS2( movd mm1, k0)
AS2( movd mm0, [esp])
AS2( paddq mm0, mm1)
AS2( movd a0, mm0)
AS2( psrlq mm0, 32)
AS2( movd mm1, k1)
AS2( movd mm2, [esp+4])
AS2( paddq mm1, mm2)
AS2( paddq mm0, mm1)
AS2( movd a1, mm0)
AS2( psrlq mm0, 32)
AS2( paddq mm5, k2)
AS2( paddq mm0, mm5)
AS2( movq a2, mm0)
AS2( xor edx, edx)
ASJ( jmp, 3, f)
ASL(2)
AS2( movd mm0, a3)
AS2( movq mm4, mm0)
AS2( pmuludq mm0, k3) // a3*k3
AS2( movd mm1, a0)
AS2( pmuludq mm1, k2) // a0*k2
AS2( movd mm2, a1)
AS2( movd mm6, k1)
AS2( pmuludq mm2, mm6) // a1*k1
AS2( movd mm3, a2)
AS2( psllq mm0, 1)
AS2( paddq mm0, mm5)
AS2( movq mm5, mm3)
AS2( movd mm7, k0)
AS2( pmuludq mm3, mm7) // a2*k0
AS2( pmuludq mm4, mm7) // a3*k0
AS2( pmuludq mm5, mm6) // a2*k1
AS2( paddq mm0, mm1)
AS2( movd mm1, a1)
AS2( paddq mm4, mm5)
AS2( movq mm5, mm1)
AS2( pmuludq mm1, k2) // a1*k2
AS2( paddq mm0, mm2)
AS2( movd mm2, a0)
AS2( paddq mm0, mm3)
AS2( movq mm3, mm2)
AS2( pmuludq mm2, k3) // a0*k3
AS2( pmuludq mm3, mm7) // a0*k0
AS2( movd [esp+8], mm0)
AS2( psrlq mm0, 32)
AS2( pmuludq mm7, mm5) // a1*k0
AS2( pmuludq mm5, k3) // a1*k3
AS2( paddq mm0, mm1)
AS2( movd mm1, a2)
AS2( pmuludq mm1, k2) // a2*k2
AS2( paddq mm0, mm2)
AS2( paddq mm0, mm4)
AS2( movq mm4, mm0)
AS2( movd mm2, a3)
AS2( pmuludq mm2, mm6) // a3*k1
AS2( pmuludq mm6, a0) // a0*k1
AS2( psrlq mm0, 31)
AS2( paddq mm0, mm3)
AS2( movd mm3, [esp])
AS2( paddq mm0, mm3)
AS2( movd mm3, a2)
AS2( pmuludq mm3, k3) // a2*k3
AS2( paddq mm5, mm1)
AS2( movd mm1, a3)
AS2( pmuludq mm1, k2) // a3*k2
AS2( paddq mm5, mm2)
AS2( movd mm2, [esp+4])
AS2( psllq mm5, 1)
AS2( paddq mm0, mm5)
AS2( psllq mm4, 33)
AS2( movd a0, mm0)
AS2( psrlq mm0, 32)
AS2( paddq mm6, mm7)
AS2( movd mm7, [esp+8])
AS2( paddq mm0, mm6)
AS2( paddq mm0, mm2)
AS2( paddq mm3, mm1)
AS2( psllq mm3, 1)
AS2( paddq mm0, mm3)
AS2( psrlq mm4, 1)
AS2( movd a1, mm0)
AS2( psrlq mm0, 32)
AS2( por mm4, mm7)
AS2( paddq mm0, mm4)
AS2( movq a2, mm0)
#undef a0
#undef a1
#undef a2
#undef a3
#undef k0
#undef k1
#undef k2
#undef k3
ASL(3)
AS2( test ecx, ecx)
ASJ( jnz, 4, b)
AS2( add esp, 12)
AS1( pop ebp)
AS1( emms)
#ifdef __GNUC__
".att_syntax prefix;"
AS2( mov %0, %%ebx)
: "=m" (temp)
: "m" (m_L1KeyLength), "c" (blocksRemainingInWord64), "S" (data), "D" (nhK+tagPart*2), "d" (m_isFirstBlock), "a" (polyS+tagPart*4)
: "memory", "cc"
);
#endif
}
#endif
#if VMAC_BOOL_WORD128
#define DeclareNH(a) word128 a=0
#define MUL64(rh,rl,i1,i2) {word128 p = word128(i1)*(i2); rh = word64(p>>64); rl = word64(p);}
#define AccumulateNH(a, b, c) a += word128(b)*(c)
#define Multiply128(r, i1, i2) r = word128(word64(i1)) * word64(i2)
#else
#if _MSC_VER >= 1400 && !defined(__INTEL_COMPILER)
#define MUL32(a, b) __emulu(word32(a), word32(b))
#else
#define MUL32(a, b) ((word64)((word32)(a)) * (word32)(b))
#endif
#if defined(CRYPTOPP_X64_ASM_AVAILABLE)
#define DeclareNH(a) word64 a##0=0, a##1=0
#define MUL64(rh,rl,i1,i2) asm ("mulq %3" : "=a"(rl), "=d"(rh) : "a"(i1), "g"(i2) : "cc");
#define AccumulateNH(a, b, c) asm ("mulq %3; addq %%rax, %0; adcq %%rdx, %1" : "+r"(a##0), "+r"(a##1) : "a"(b), "g"(c) : "%rdx", "cc");
#define ADD128(rh,rl,ih,il) asm ("addq %3, %1; adcq %2, %0" : "+r"(rh),"+r"(rl) : "r"(ih),"r"(il) : "cc");
#elif defined(_MSC_VER) && !defined(CRYPTOPP_SLOW_WORD64)
#define DeclareNH(a) word64 a##0=0, a##1=0
#define MUL64(rh,rl,i1,i2) (rl) = _umul128(i1,i2,&(rh));
#define AccumulateNH(a, b, c) {\
word64 ph, pl;\
pl = _umul128(b,c,&ph);\
a##0 += pl;\
a##1 += ph + (a##0 < pl);}
#else
#define VMAC_BOOL_32BIT 1
#define DeclareNH(a) word64 a##0=0, a##1=0, a##2=0
#define MUL64(rh,rl,i1,i2) \
{ word64 _i1 = (i1), _i2 = (i2); \
word64 m1= MUL32(_i1,_i2>>32); \
word64 m2= MUL32(_i1>>32,_i2); \
rh = MUL32(_i1>>32,_i2>>32); \
rl = MUL32(_i1,_i2); \
ADD128(rh,rl,(m1 >> 32),(m1 << 32)); \
ADD128(rh,rl,(m2 >> 32),(m2 << 32)); \
}
#define AccumulateNH(a, b, c) {\
word64 p = MUL32(b, c);\
a##1 += word32((p)>>32);\
a##0 += word32(p);\
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -