rijndael.cpp

AlgorithmType: SymmetricCipher Name: AES/ECB Source: NIST Special Publication 800-38A Plaintext:

		QUARTER_ROUND(c, t0, t1, t2, t3)
		RESTORE_2(ecx)
		QUARTER_ROUND(c, t3, t0, t1, t2)
		RESTORE_1(ecx)
		QUARTER_ROUND(c, t2, t3, t0, t1)
		RESTORE_0(ecx)
		QUARTER_ROUND(c, t1, t2, t3, t0)
		SAVE_2(ebx)
		SAVE_1(eax)
		SAVE_0(edi)

		RESTORE_K
		RESTORE_K_END
		AS2(	add		K_REG, 8*4)
		SAVE_K
		AS2(	cmp		K_END_REG, K_REG)
		ASJ(	jne,	0, b)

#undef QUARTER_ROUND
#undef s0
#undef s1
#undef s2
#undef s3
#undef t0
#undef t1
#undef t2
#undef t3

		AS2(	mov		eax, [K_END_REG+0*4])
		AS2(	mov		ecx, [K_END_REG+1*4])
		AS2(	mov		esi, [K_END_REG+2*4])
		AS2(	mov		edi, [K_END_REG+3*4])

#define QUARTER_ROUND(a, b, c, d)	\
	AS2(	movzx	ebx, dl)\
	AS2(	movzx	ebx, BYTE PTR [AS_REG_7+1+4*WORD_REG(bx)])\
	AS2(	shl		ebx, 3*8)\
	AS2(	xor		a, ebx)\
	AS2(	movzx	ebx, dh)\
	AS2(	movzx	ebx, BYTE PTR [AS_REG_7+1+4*WORD_REG(bx)])\
	AS2(	shl		ebx, 2*8)\
	AS2(	xor		b, ebx)\
	AS2(	shr		edx, 16)\
	AS2(	movzx	ebx, dl)\
	AS2(	shr		edx, 8)\
	AS2(	movzx	ebx, BYTE PTR [AS_REG_7+1+4*WORD_REG(bx)])\
	AS2(	shl		ebx, 1*8)\
	AS2(	xor		c, ebx)\
	AS2(	movzx	ebx, BYTE PTR [AS_REG_7+1+4*WORD_REG(dx)])\
	AS2(	xor		d, ebx)

		QUARTER_ROUND(eax, ecx, esi, edi)
		RESTORE_2(edx)
		QUARTER_ROUND(edi, eax, ecx, esi)
		RESTORE_1(edx)
		QUARTER_ROUND(esi, edi, eax, ecx)
		RESTORE_0(edx)
		QUARTER_ROUND(ecx, esi, edi, eax)

#undef QUARTER_ROUND

#if CRYPTOPP_BOOL_X86
		AS1(emms)
		AS1(pop		ebp)
	#if defined(__GNUC__) || (defined(_MSC_VER) && _MSC_VER < 1300)
		AS1(pop		ebx)
	#endif
#endif

#ifdef __GNUC__
		".att_syntax prefix;"
			: "=a" (t0), "=c" (t1), "=S" (t2), "=D" (t3)
			: "a" (Te), "D" (inBlock), "S" (k), "c" (kLoopEnd), "d" (g_cacheLineSize)
			: "memory", "cc"
	#if CRYPTOPP_BOOL_X64
			, "%ebx", "%r8", "%r9", "%r10", "%r11", "%r12", "%r13", "%r14", "%r15"
	#endif
		);

		if (xorBlock)
		{
			t0 ^= ((const word32 *)xorBlock)[0];
			t1 ^= ((const word32 *)xorBlock)[1];
			t2 ^= ((const word32 *)xorBlock)[2];
			t3 ^= ((const word32 *)xorBlock)[3];
		}
		((word32 *)outBlock)[0] = t0;
		((word32 *)outBlock)[1] = t1;
		((word32 *)outBlock)[2] = t2;
		((word32 *)outBlock)[3] = t3;
#else
	#if CRYPTOPP_BOOL_X64
		mov		rbx, [rsp + 6*8 + 7*8]			; xorBlock
	#else
		AS2(	mov		ebx, xorBlock)
	#endif
		AS2(	test	WORD_REG(bx), WORD_REG(bx))
		ASJ(	jz,		1, f)
		AS2(	xor		eax, [WORD_REG(bx)+0*4])
		AS2(	xor		ecx, [WORD_REG(bx)+1*4])
		AS2(	xor		esi, [WORD_REG(bx)+2*4])
		AS2(	xor		edi, [WORD_REG(bx)+3*4])
		ASL(1)
	#if CRYPTOPP_BOOL_X64
		mov		rbx, [rsp + 7*8 + 7*8]			; outBlock
	#else
		AS2(	mov		ebx, outBlock)
	#endif
		AS2(	mov		[WORD_REG(bx)+0*4], eax)
		AS2(	mov		[WORD_REG(bx)+1*4], ecx)
		AS2(	mov		[WORD_REG(bx)+2*4], esi)
		AS2(	mov		[WORD_REG(bx)+3*4], edi)
#endif

#if CRYPTOPP_GENERATE_X64_MASM
		pop r15
		pop r14
		pop r13
		pop r12
		pop rdi
		pop rsi
		pop rbx
		ret
	Rijndael_Enc_ProcessAndXorBlock ENDP
#else
	}
	else
#endif
#endif	// #ifdef CRYPTOPP_X86_ASM_AVAILABLE
#ifndef CRYPTOPP_GENERATE_X64_MASM
	{
	word32 s0, s1, s2, s3, t0, t1, t2, t3;
	const word32 *rk = m_key;

	s0 = ((const word32 *)inBlock)[0] ^ rk[0];
	s1 = ((const word32 *)inBlock)[1] ^ rk[1];
	s2 = ((const word32 *)inBlock)[2] ^ rk[2];
	s3 = ((const word32 *)inBlock)[3] ^ rk[3];
	t0 = rk[4];
	t1 = rk[5];
	t2 = rk[6];
	t3 = rk[7];
	rk += 8;

	// timing attack countermeasure. see comments at top for more details
	const int cacheLineSize = GetCacheLineSize();
	unsigned int i;
	word32 u = 0;
	for (i=0; i<1024; i+=cacheLineSize)
		u &= *(const word32 *)(((const byte *)Te)+i);
	u &= Te[255];
	s0 |= u; s1 |= u; s2 |= u; s3 |= u;

	// first round
#ifdef IS_BIG_ENDIAN
#define QUARTER_ROUND(t, a, b, c, d)	\
		a ^= rotrFixed(Te[byte(t)], 24);	t >>= 8;\
		b ^= rotrFixed(Te[byte(t)], 16);	t >>= 8;\
		c ^= rotrFixed(Te[byte(t)], 8);	t >>= 8;\
		d ^= Te[t];
#else
#define QUARTER_ROUND(t, a, b, c, d)	\
		d ^= Te[byte(t)];					t >>= 8;\
		c ^= rotrFixed(Te[byte(t)], 8);	t >>= 8;\
		b ^= rotrFixed(Te[byte(t)], 16);	t >>= 8;\
		a ^= rotrFixed(Te[t], 24);
#endif

	QUARTER_ROUND(s3, t0, t1, t2, t3)
	QUARTER_ROUND(s2, t3, t0, t1, t2)
	QUARTER_ROUND(s1, t2, t3, t0, t1)
	QUARTER_ROUND(s0, t1, t2, t3, t0)
#undef QUARTER_ROUND

	// Nr - 2 full rounds:
    unsigned int r = m_rounds/2 - 1;
    do
	{
#define QUARTER_ROUND(t, a, b, c, d)	\
		a ^= Te[3*256+byte(t)]; t >>= 8;\
		b ^= Te[2*256+byte(t)]; t >>= 8;\
		c ^= Te[1*256+byte(t)]; t >>= 8;\
		d ^= Te[t];

		s0 = rk[0]; s1 = rk[1]; s2 = rk[2]; s3 = rk[3];

		QUARTER_ROUND(t3, s0, s1, s2, s3)
		QUARTER_ROUND(t2, s3, s0, s1, s2)
		QUARTER_ROUND(t1, s2, s3, s0, s1)
		QUARTER_ROUND(t0, s1, s2, s3, s0)

		t0 = rk[4]; t1 = rk[5]; t2 = rk[6]; t3 = rk[7];

		QUARTER_ROUND(s3, t0, t1, t2, t3)
		QUARTER_ROUND(s2, t3, t0, t1, t2)
		QUARTER_ROUND(s1, t2, t3, t0, t1)
		QUARTER_ROUND(s0, t1, t2, t3, t0)
#undef QUARTER_ROUND

        rk += 8;
    } while (--r);

	// timing attack countermeasure. see comments at top for more details
	u = 0;
	for (i=0; i<256; i+=cacheLineSize)
		u &= *(const word32 *)(Se+i);
	u &= *(const word32 *)(Se+252);
	t0 |= u; t1 |= u; t2 |= u; t3 |= u;

	word32 tbw[4];
	byte *const tempBlock = (byte *)tbw;
	word32 *const obw = (word32 *)outBlock;
	const word32 *const xbw = (const word32 *)xorBlock;

#define QUARTER_ROUND(t, a, b, c, d)	\
	tempBlock[a] = Se[byte(t)]; t >>= 8;\
	tempBlock[b] = Se[byte(t)]; t >>= 8;\
	tempBlock[c] = Se[byte(t)]; t >>= 8;\
	tempBlock[d] = Se[t];

	QUARTER_ROUND(t2, 15, 2, 5, 8)
	QUARTER_ROUND(t1, 11, 14, 1, 4)
	QUARTER_ROUND(t0, 7, 10, 13, 0)
	QUARTER_ROUND(t3, 3, 6, 9, 12)
#undef QUARTER_ROUND

	if (xbw)
	{
		obw[0] = tbw[0] ^ xbw[0] ^ rk[0];
		obw[1] = tbw[1] ^ xbw[1] ^ rk[1];
		obw[2] = tbw[2] ^ xbw[2] ^ rk[2];
		obw[3] = tbw[3] ^ xbw[3] ^ rk[3];
	}
	else
	{
		obw[0] = tbw[0] ^ rk[0];
		obw[1] = tbw[1] ^ rk[1];
		obw[2] = tbw[2] ^ rk[2];
		obw[3] = tbw[3] ^ rk[3];
	}
	}
}

void Rijndael::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
{
	word32 s0, s1, s2, s3, t0, t1, t2, t3;
	const word32 *rk = m_key;

	s0 = ((const word32 *)inBlock)[0] ^ rk[0];
	s1 = ((const word32 *)inBlock)[1] ^ rk[1];
	s2 = ((const word32 *)inBlock)[2] ^ rk[2];
	s3 = ((const word32 *)inBlock)[3] ^ rk[3];
	t0 = rk[4];
	t1 = rk[5];
	t2 = rk[6];
	t3 = rk[7];
	rk += 8;

	// timing attack countermeasure. see comments at top for more details
	const int cacheLineSize = GetCacheLineSize();
	unsigned int i;
	word32 u = 0;
	for (i=0; i<1024; i+=cacheLineSize)
		u &= *(const word32 *)(((const byte *)Td)+i);
	u &= Td[255];
	s0 |= u; s1 |= u; s2 |= u; s3 |= u;

	// first round
#ifdef IS_BIG_ENDIAN
#define QUARTER_ROUND(t, a, b, c, d)	\
		a ^= rotrFixed(Td[byte(t)], 24);	t >>= 8;\
		b ^= rotrFixed(Td[byte(t)], 16);	t >>= 8;\
		c ^= rotrFixed(Td[byte(t)], 8);		t >>= 8;\
		d ^= Td[t];
#else
#define QUARTER_ROUND(t, a, b, c, d)	\
		d ^= Td[byte(t)];					t >>= 8;\
		c ^= rotrFixed(Td[byte(t)], 8);		t >>= 8;\
		b ^= rotrFixed(Td[byte(t)], 16);	t >>= 8;\
		a ^= rotrFixed(Td[t], 24);
#endif

	QUARTER_ROUND(s3, t2, t1, t0, t3)
	QUARTER_ROUND(s2, t1, t0, t3, t2)
	QUARTER_ROUND(s1, t0, t3, t2, t1)
	QUARTER_ROUND(s0, t3, t2, t1, t0)
#undef QUARTER_ROUND

	// Nr - 2 full rounds:
    unsigned int r = m_rounds/2 - 1;
    do
	{
#define QUARTER_ROUND(t, a, b, c, d)	\
		a ^= Td[3*256+byte(t)]; t >>= 8;\
		b ^= Td[2*256+byte(t)]; t >>= 8;\
		c ^= Td[1*256+byte(t)]; t >>= 8;\
		d ^= Td[t];

		s0 = rk[0]; s1 = rk[1]; s2 = rk[2]; s3 = rk[3];

		QUARTER_ROUND(t3, s2, s1, s0, s3)
		QUARTER_ROUND(t2, s1, s0, s3, s2)
		QUARTER_ROUND(t1, s0, s3, s2, s1)
		QUARTER_ROUND(t0, s3, s2, s1, s0)

		t0 = rk[4]; t1 = rk[5]; t2 = rk[6]; t3 = rk[7];

		QUARTER_ROUND(s3, t2, t1, t0, t3)
		QUARTER_ROUND(s2, t1, t0, t3, t2)
		QUARTER_ROUND(s1, t0, t3, t2, t1)
		QUARTER_ROUND(s0, t3, t2, t1, t0)
#undef QUARTER_ROUND

        rk += 8;
    } while (--r);

	// timing attack countermeasure. see comments at top for more details
	u = 0;
	for (i=0; i<256; i+=cacheLineSize)
		u &= *(const word32 *)(Sd+i);
	u &= *(const word32 *)(Sd+252);
	t0 |= u; t1 |= u; t2 |= u; t3 |= u;

	word32 tbw[4];
	byte *const tempBlock = (byte *)tbw;
	word32 *const obw = (word32 *)outBlock;
	const word32 *const xbw = (const word32 *)xorBlock;

#define QUARTER_ROUND(t, a, b, c, d)	\
	tempBlock[a] = Sd[byte(t)]; t >>= 8;\
	tempBlock[b] = Sd[byte(t)]; t >>= 8;\
	tempBlock[c] = Sd[byte(t)]; t >>= 8;\
	tempBlock[d] = Sd[t];

	QUARTER_ROUND(t2, 7, 2, 13, 8)
	QUARTER_ROUND(t1, 3, 14, 9, 4)
	QUARTER_ROUND(t0, 15, 10, 5, 0)
	QUARTER_ROUND(t3, 11, 6, 1, 12)
#undef QUARTER_ROUND

	if (xbw)
	{
		obw[0] = tbw[0] ^ xbw[0] ^ rk[0];
		obw[1] = tbw[1] ^ xbw[1] ^ rk[1];
		obw[2] = tbw[2] ^ xbw[2] ^ rk[2];
		obw[3] = tbw[3] ^ xbw[3] ^ rk[3];
	}
	else
	{
		obw[0] = tbw[0] ^ rk[0];
		obw[1] = tbw[1] ^ rk[1];
		obw[2] = tbw[2] ^ rk[2];
		obw[3] = tbw[3] ^ rk[3];
	}
}

NAMESPACE_END

#endif
#endif