salsa_8cpp-source.html

著名的密码库Crypto++的文档 C++语言的杰作。程序员必备。

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head><meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title>Crypto++: salsa.cpp Source File</title>
<link href="doxygen.css" rel="stylesheet" type="text/css">
<link href="tabs.css" rel="stylesheet" type="text/css">
</head><body>
<!-- Generated by Doxygen 1.5.2 -->
<div class="tabs">
  <ul>
    <li><a href="index.html"><span>Main&nbsp;Page</span></a></li>
    <li><a href="namespaces.html"><span>Namespaces</span></a></li>
    <li><a href="classes.html"><span>Classes</span></a></li>
    <li class="current"><a href="files.html"><span>Files</span></a></li>
  </ul>
</div>
<div class="tabs">
  <ul>
    <li><a href="files.html"><span>File&nbsp;List</span></a></li>
    <li><a href="globals.html"><span>File&nbsp;Members</span></a></li>
  </ul>
</div>
<h1>salsa.cpp</h1><div class="fragment"><pre class="fragment"><a name="l00001"></a>00001 <span class="comment">// salsa.cpp - written and placed in the public domain by Wei Dai</span>
<a name="l00002"></a>00002 
<a name="l00003"></a>00003 <span class="preprocessor">#include "pch.h"</span>
<a name="l00004"></a>00004 <span class="preprocessor">#include "salsa.h"</span>
<a name="l00005"></a>00005 <span class="preprocessor">#include "misc.h"</span>
<a name="l00006"></a>00006 <span class="preprocessor">#include "argnames.h"</span>
<a name="l00007"></a>00007 <span class="preprocessor">#include "cpu.h"</span>
<a name="l00008"></a>00008 
<a name="l00009"></a>00009 <span class="preprocessor">#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE</span>
<a name="l00010"></a>00010 <span class="preprocessor"></span><span class="preprocessor">#include &lt;emmintrin.h&gt;</span>
<a name="l00011"></a>00011 <span class="preprocessor">#endif</span>
<a name="l00012"></a>00012 <span class="preprocessor"></span>
<a name="l00013"></a>00013 NAMESPACE_BEGIN(CryptoPP)
<a name="l00014"></a>00014 
<a name="l00015"></a>00015 void Salsa20_TestInstantiations()
<a name="l00016"></a>00016 {
<a name="l00017"></a>00017         <a class="code" href="class_symmetric_cipher_final.html" title="_">Salsa20::Encryption</a> x;
<a name="l00018"></a>00018 }
<a name="l00019"></a>00019 
<a name="l00020"></a><a class="code" href="class_salsa20___policy.html#006fb7bde6a7d7fe4234a9428ee2adda">00020</a> <span class="keywordtype">void</span> <a class="code" href="class_salsa20___policy.html#006fb7bde6a7d7fe4234a9428ee2adda">Salsa20_Policy::CipherSetKey</a>(<span class="keyword">const</span> <a class="code" href="class_name_value_pairs.html" title="interface for retrieving values given their names">NameValuePairs</a> &amp;params, <span class="keyword">const</span> byte *key, <span class="keywordtype">size_t</span> length)
<a name="l00021"></a>00021 {
<a name="l00022"></a>00022         m_rounds = params.<a class="code" href="class_name_value_pairs.html#7ddb654b7afcd1a04422a7b4b01366d9" title="get a named value with type int, with default">GetIntValueWithDefault</a>(<a class="code" href="namespace_name.html#ef07deb188a711a240d95f3ccddc9e8e" title="int">Name::Rounds</a>(), 20);
<a name="l00023"></a>00023 
<a name="l00024"></a>00024         <span class="keywordflow">if</span> (!(m_rounds == 8 || m_rounds == 12 || m_rounds == 20))
<a name="l00025"></a>00025                 <span class="keywordflow">throw</span> <a class="code" href="class_invalid_rounds.html" title="_">InvalidRounds</a>(<a class="code" href="struct_salsa20___info.html#385bea1bb87f3897062d3f37abed13e8">StaticAlgorithmName</a>(), m_rounds);
<a name="l00026"></a>00026 
<a name="l00027"></a>00027         <span class="comment">// m_state is reordered for SSE2</span>
<a name="l00028"></a>00028         <a class="code" href="class_get_block.html">GetBlock&lt;word32, LittleEndian, false&gt;</a> get1(key);
<a name="l00029"></a>00029         get1(m_state[13])(m_state[10])(m_state[7])(m_state[4]);
<a name="l00030"></a>00030         <a class="code" href="class_get_block.html">GetBlock&lt;word32, LittleEndian, false&gt;</a> get2(key + length - 16);
<a name="l00031"></a>00031         get2(m_state[15])(m_state[12])(m_state[9])(m_state[6]);
<a name="l00032"></a>00032 
<a name="l00033"></a>00033         <span class="comment">// "expand 16-byte k" or "expand 32-byte k"</span>
<a name="l00034"></a>00034         m_state[0] = 0x61707865;
<a name="l00035"></a>00035         m_state[1] = (length == 16) ? 0x3120646e : 0x3320646e;
<a name="l00036"></a>00036         m_state[2] = (length == 16) ? 0x79622d36 : 0x79622d32;
<a name="l00037"></a>00037         m_state[3] = 0x6b206574;
<a name="l00038"></a>00038 }
<a name="l00039"></a>00039 
<a name="l00040"></a><a class="code" href="class_salsa20___policy.html#be84a91c4d547b206e75a4eec6ece1f5">00040</a> <span class="keywordtype">void</span> <a class="code" href="class_salsa20___policy.html#be84a91c4d547b206e75a4eec6ece1f5">Salsa20_Policy::CipherResynchronize</a>(byte *keystreamBuffer, <span class="keyword">const</span> byte *IV)
<a name="l00041"></a>00041 {
<a name="l00042"></a>00042         <a class="code" href="class_get_block.html">GetBlock&lt;word32, LittleEndian, false&gt;</a> <span class="keyword">get</span>(IV);
<a name="l00043"></a>00043         <span class="keyword">get</span>(m_state[14])(m_state[11]);
<a name="l00044"></a>00044         m_state[8] = m_state[5] = 0;
<a name="l00045"></a>00045 }
<a name="l00046"></a>00046 
<a name="l00047"></a><a class="code" href="class_salsa20___policy.html#95d78a37d87b66a3045c2ea2b1b6fb96">00047</a> <span class="keywordtype">void</span> <a class="code" href="class_salsa20___policy.html#95d78a37d87b66a3045c2ea2b1b6fb96">Salsa20_Policy::SeekToIteration</a>(lword iterationCount)
<a name="l00048"></a>00048 {
<a name="l00049"></a>00049         m_state[8] = (word32)iterationCount;
<a name="l00050"></a>00050         m_state[5] = (word32)SafeRightShift&lt;32&gt;(iterationCount);
<a name="l00051"></a>00051 }
<a name="l00052"></a>00052 
<a name="l00053"></a>00053 <span class="preprocessor">#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X64</span>
<a name="l00054"></a>00054 <span class="preprocessor"></span><span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> <a class="code" href="struct_additive_cipher_concrete_policy.html#5bdc1cb44b0ddc8df0fb6953aec93602">Salsa20_Policy::GetAlignment</a>()<span class="keyword"> const</span>
<a name="l00055"></a>00055 <span class="keyword"></span>{
<a name="l00056"></a>00056 <span class="preprocessor">#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE</span>
<a name="l00057"></a>00057 <span class="preprocessor"></span>        <span class="keywordflow">if</span> (HasSSE2())
<a name="l00058"></a>00058                 <span class="keywordflow">return</span> 16;
<a name="l00059"></a>00059         <span class="keywordflow">else</span>
<a name="l00060"></a>00060 <span class="preprocessor">#endif</span>
<a name="l00061"></a>00061 <span class="preprocessor"></span>                <span class="keywordflow">return</span> 1;
<a name="l00062"></a>00062 }
<a name="l00063"></a>00063 
<a name="l00064"></a>00064 <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> <a class="code" href="struct_additive_cipher_abstract_policy.html#32bbafa12b59e77d4d8bc67e9d5a4004">Salsa20_Policy::GetOptimalBlockSize</a>()<span class="keyword"> const</span>
<a name="l00065"></a>00065 <span class="keyword"></span>{
<a name="l00066"></a>00066 <span class="preprocessor">#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE</span>
<a name="l00067"></a>00067 <span class="preprocessor"></span>        <span class="keywordflow">if</span> (HasSSE2())
<a name="l00068"></a>00068                 <span class="keywordflow">return</span> 4*<a class="code" href="struct_additive_cipher_concrete_policy.html#0c584b68c2f3a8208ff245cd8d09fcd5">BYTES_PER_ITERATION</a>;
<a name="l00069"></a>00069         <span class="keywordflow">else</span>
<a name="l00070"></a>00070 <span class="preprocessor">#endif</span>
<a name="l00071"></a>00071 <span class="preprocessor"></span>                <span class="keywordflow">return</span> <a class="code" href="struct_additive_cipher_concrete_policy.html#0c584b68c2f3a8208ff245cd8d09fcd5">BYTES_PER_ITERATION</a>;
<a name="l00072"></a>00072 }
<a name="l00073"></a>00073 <span class="preprocessor">#endif</span>
<a name="l00074"></a>00074 <span class="preprocessor"></span>
<a name="l00075"></a>00075 <span class="preprocessor">#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE</span>
<a name="l00076"></a>00076 <span class="preprocessor"></span><span class="keyword">static</span> <span class="keyword">const</span> __m128i s_maskLo32 = _mm_shuffle_epi32(_mm_cvtsi32_si128(-1), _MM_SHUFFLE(1, 0, 1, 0));
<a name="l00077"></a>00077 <span class="keyword">static</span> <span class="keyword">const</span> __m128i s_maskHi32 = _mm_slli_epi64(s_maskLo32, 32);
<a name="l00078"></a>00078 <span class="preprocessor">#endif</span>
<a name="l00079"></a>00079 <span class="preprocessor"></span>
<a name="l00080"></a><a class="code" href="class_salsa20___policy.html#be5b426a2424cf8fbd3935f54e16a91c">00080</a> <span class="keywordtype">void</span> <a class="code" href="class_salsa20___policy.html#be5b426a2424cf8fbd3935f54e16a91c">Salsa20_Policy::OperateKeystream</a>(<a class="code" href="strciphr_8h.html#b4a226527d2bd01ff19bfa14d0974227">KeystreamOperation</a> operation, byte *output, <span class="keyword">const</span> byte *input, <span class="keywordtype">size_t</span> iterationCount)
<a name="l00081"></a>00081 {
<a name="l00082"></a>00082         <span class="keywordtype">int</span> i;
<a name="l00083"></a>00083 <span class="preprocessor">#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE</span>
<a name="l00084"></a>00084 <span class="preprocessor"></span><span class="preprocessor">        #define SSE2_QUARTER_ROUND(a, b, d, i)                          {\</span>
<a name="l00085"></a>00085 <span class="preprocessor">                __m128i t = _mm_add_epi32(a, d);                                \</span>
<a name="l00086"></a>00086 <span class="preprocessor">                b = _mm_xor_si128(b, _mm_slli_epi32(t, i));             \</span>
<a name="l00087"></a>00087 <span class="preprocessor">                b = _mm_xor_si128(b, _mm_srli_epi32(t, 32-i));}</span>
<a name="l00088"></a>00088 <span class="preprocessor"></span>
<a name="l00089"></a>00089         <span class="keywordflow">if</span> (HasSSE2())
<a name="l00090"></a>00090         {
<a name="l00091"></a>00091                 __m128i *s = (__m128i *)m_state.<a class="code" href="class_sec_block.html#42ad7c28810297ca50b2411284876845">data</a>();
<a name="l00092"></a>00092 
<a name="l00093"></a>00093 <span class="preprocessor">#if _MSC_VER &gt; 1400 || (defined(_MSC_VER) &amp;&amp; CRYPTOPP_BOOL_X86) || (CRYPTOPP_GCC_VERSION &gt;= 40000 &amp;&amp; CRYPTOPP_BOOL_X86)</span>
<a name="l00094"></a>00094 <span class="preprocessor"></span>                <span class="comment">// This code triggers an internal compiler error on MSVC 2005 when compiling </span>
<a name="l00095"></a>00095                 <span class="comment">// for x64 with optimizations on. hopefully it will get fixed in the next release.</span>
<a name="l00096"></a>00096                 <span class="comment">// A bug report has been submitted at http://connect.microsoft.com/VisualStudio/feedback/ViewFeedback.aspx?FeedbackID=274123</span>
<a name="l00097"></a>00097                 <span class="comment">// Also, GCC 3.4.4 generates incorrect code for x86 at -O2.</span>
<a name="l00098"></a>00098                 <span class="comment">// GCC 4.1.1 generates incorrect code for x64 at -O2</span>
<a name="l00099"></a>00099                 <span class="keywordflow">if</span> (iterationCount &gt;= 4)
<a name="l00100"></a>00100                 {
<a name="l00101"></a>00101                         __m128i ss[16];