70 #ifndef CRYPTOPP_IMPORTS 71 #ifndef CRYPTOPP_GENERATE_X64_MASMrij 81 #if (CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE)) && !defined(CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS) 82 # define CRYPTOPP_ALLOW_RIJNDAEL_UNALIGNED_DATA_ACCESS 1 85 #if defined(CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS) || defined(CRYPTOPP_ALLOW_RIJNDAEL_UNALIGNED_DATA_ACCESS) 86 # if (CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE)) && !defined(CRYPTOPP_DISABLE_RIJNDAEL_ASM) 87 namespace rdtable {CRYPTOPP_ALIGN_DATA(16) word64 Te[256+2];}
88 using namespace rdtable;
90 static word64 Te[256];
92 static word64 Td[256];
94 static word32 Te[256*4], Td[256*4];
96 static volatile bool s_TeFilled =
false, s_TdFilled =
false;
100 #define QUARTER_ROUND(L, T, t, a, b, c, d) \ 101 a ^= L(T, 3, byte(t)); t >>= 8;\ 102 b ^= L(T, 2, byte(t)); t >>= 8;\ 103 c ^= L(T, 1, byte(t)); t >>= 8;\ 106 #define QUARTER_ROUND_LE(t, a, b, c, d) \ 107 tempBlock[a] = ((byte *)(Te+byte(t)))[1]; t >>= 8;\ 108 tempBlock[b] = ((byte *)(Te+byte(t)))[1]; t >>= 8;\ 109 tempBlock[c] = ((byte *)(Te+byte(t)))[1]; t >>= 8;\ 110 tempBlock[d] = ((byte *)(Te+t))[1]; 112 #if defined(CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS) || defined(CRYPTOPP_ALLOW_RIJNDAEL_UNALIGNED_DATA_ACCESS) 113 #define QUARTER_ROUND_LD(t, a, b, c, d) \ 114 tempBlock[a] = ((byte *)(Td+byte(t)))[GetNativeByteOrder()*7]; t >>= 8;\ 115 tempBlock[b] = ((byte *)(Td+byte(t)))[GetNativeByteOrder()*7]; t >>= 8;\ 116 tempBlock[c] = ((byte *)(Td+byte(t)))[GetNativeByteOrder()*7]; t >>= 8;\ 117 tempBlock[d] = ((byte *)(Td+t))[GetNativeByteOrder()*7]; 119 #define QUARTER_ROUND_LD(t, a, b, c, d) \ 120 tempBlock[a] = Sd[byte(t)]; t >>= 8;\ 121 tempBlock[b] = Sd[byte(t)]; t >>= 8;\ 122 tempBlock[c] = Sd[byte(t)]; t >>= 8;\ 123 tempBlock[d] = Sd[t]; 126 #define QUARTER_ROUND_E(t, a, b, c, d) QUARTER_ROUND(TL_M, Te, t, a, b, c, d) 127 #define QUARTER_ROUND_D(t, a, b, c, d) QUARTER_ROUND(TL_M, Td, t, a, b, c, d) 129 #ifdef IS_LITTLE_ENDIAN 130 #define QUARTER_ROUND_FE(t, a, b, c, d) QUARTER_ROUND(TL_F, Te, t, d, c, b, a) 131 #define QUARTER_ROUND_FD(t, a, b, c, d) QUARTER_ROUND(TL_F, Td, t, d, c, b, a) 132 #if defined(CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS) || defined(CRYPTOPP_ALLOW_RIJNDAEL_UNALIGNED_DATA_ACCESS) 133 #define TL_F(T, i, x) (*(word32 *)((byte *)T + x*8 + (6-i)%4+1)) 134 #define TL_M(T, i, x) (*(word32 *)((byte *)T + x*8 + (i+3)%4+1)) 136 #define TL_F(T, i, x) rotrFixed(T[x], (3-i)*8) 137 #define TL_M(T, i, x) T[i*256 + x] 140 #define QUARTER_ROUND_FE(t, a, b, c, d) QUARTER_ROUND(TL_F, Te, t, a, b, c, d) 141 #define QUARTER_ROUND_FD(t, a, b, c, d) QUARTER_ROUND(TL_F, Td, t, a, b, c, d) 142 #if defined(CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS) || defined(CRYPTOPP_ALLOW_RIJNDAEL_UNALIGNED_DATA_ACCESS) 143 #define TL_F(T, i, x) (*(word32 *)((byte *)T + x*8 + (4-i)%4)) 146 #define TL_F(T, i, x) rotrFixed(T[x], i*8) 147 #define TL_M(T, i, x) T[i*256 + x] 152 #define f2(x) ((x<<1)^(((x>>7)&1)*0x11b)) 153 #define f4(x) ((x<<2)^(((x>>6)&1)*0x11b)^(((x>>6)&2)*0x11b)) 154 #define f8(x) ((x<<3)^(((x>>5)&1)*0x11b)^(((x>>5)&2)*0x11b)^(((x>>5)&4)*0x11b)) 156 #define f3(x) (f2(x) ^ x) 157 #define f9(x) (f8(x) ^ x) 158 #define fb(x) (f8(x) ^ f2(x) ^ x) 159 #define fd(x) (f8(x) ^ f4(x) ^ x) 160 #define fe(x) (f8(x) ^ f4(x) ^ f2(x)) 162 void Rijndael::Base::FillEncTable()
164 for (
int i=0; i<256; i++)
167 #if defined(CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS) || defined(CRYPTOPP_ALLOW_RIJNDAEL_UNALIGNED_DATA_ACCESS) 168 word32 y = word32(x)<<8 | word32(x)<<16 | word32(f2(x))<<24;
169 Te[i] = word64(y | f3(x))<<32 | y;
171 word32 y = f3(x) | word32(x)<<8 | word32(x)<<16 | word32(f2(x))<<24;
172 for (
int j=0; j<4; j++)
179 #if (CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE)) && !defined(CRYPTOPP_DISABLE_RIJNDAEL_ASM) 180 Te[256] = Te[257] = 0;
185 void Rijndael::Base::FillDecTable()
187 for (
int i=0; i<256; i++)
190 #if defined(CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS) || defined(CRYPTOPP_ALLOW_RIJNDAEL_UNALIGNED_DATA_ACCESS) 191 word32 y = word32(fd(x))<<8 | word32(f9(x))<<16 | word32(fe(x))<<24;
192 Td[i] = word64(y | fb(x))<<32 | y | x;
194 word32 y = fb(x) | word32(fd(x))<<8 | word32(f9(x))<<16 | word32(fe(x))<<24;;
195 for (
int j=0; j<4; j++)
205 void Rijndael::Base::UncheckedSetKey(
const byte *userKey,
unsigned int keylen,
const NameValuePairs &)
207 AssertValidKeyLength(keylen);
209 m_rounds = keylen/4 + 6;
210 m_key.New(4*(m_rounds+1));
214 #if (CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE && (!defined(_MSC_VER) || _MSC_VER >= 1600 || CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32)) 218 static const word32 rcLE[] = {
219 0x01, 0x02, 0x04, 0x08,
220 0x10, 0x20, 0x40, 0x80,
223 const word32 *rc = rcLE;
225 __m128i temp = _mm_loadu_si128((__m128i *)(userKey+keylen-16));
226 memcpy(rk, userKey, keylen);
230 rk[keylen/4] = rk[0] ^ _mm_extract_epi32(_mm_aeskeygenassist_si128(temp, 0), 3) ^ *(rc++);
231 rk[keylen/4+1] = rk[1] ^ rk[keylen/4];
232 rk[keylen/4+2] = rk[2] ^ rk[keylen/4+1];
233 rk[keylen/4+3] = rk[3] ^ rk[keylen/4+2];
235 if (rk + keylen/4 + 4 == m_key.end())
240 rk[10] = rk[ 4] ^ rk[ 9];
241 rk[11] = rk[ 5] ^ rk[10];
242 temp = _mm_insert_epi32(temp, rk[11], 3);
244 else if (keylen == 32)
246 temp = _mm_insert_epi32(temp, rk[11], 3);
247 rk[12] = rk[ 4] ^ _mm_extract_epi32(_mm_aeskeygenassist_si128(temp, 0), 2);
248 rk[13] = rk[ 5] ^ rk[12];
249 rk[14] = rk[ 6] ^ rk[13];
250 rk[15] = rk[ 7] ^ rk[14];
251 temp = _mm_insert_epi32(temp, rk[15], 3);
254 temp = _mm_insert_epi32(temp, rk[7], 3);
259 if (!IsForwardTransformation())
264 std::swap(*(__m128i *)(rk), *(__m128i *)(rk+4*m_rounds));
266 for (i = 4, j = 4*m_rounds-4; i < j; i += 4, j -= 4)
268 temp = _mm_aesimc_si128(*(__m128i *)(rk+i));
269 *(__m128i *)(rk+i) = _mm_aesimc_si128(*(__m128i *)(rk+j));
270 *(__m128i *)(rk+j) = temp;
273 *(__m128i *)(rk+i) = _mm_aesimc_si128(*(__m128i *)(rk+i));
280 GetUserKey(BIG_ENDIAN_ORDER, rk, keylen/4, userKey, keylen);
281 const word32 *rc = rcon;
286 temp = rk[keylen/4-1];
287 word32 x = (word32(Se[GETBYTE(temp, 2)]) << 24) ^ (word32(Se[GETBYTE(temp, 1)]) << 16) ^ (word32(Se[GETBYTE(temp, 0)]) << 8) ^ Se[GETBYTE(temp, 3)];
288 rk[keylen/4] = rk[0] ^ x ^ *(rc++);
289 rk[keylen/4+1] = rk[1] ^ rk[keylen/4];
290 rk[keylen/4+2] = rk[2] ^ rk[keylen/4+1];
291 rk[keylen/4+3] = rk[3] ^ rk[keylen/4+2];
293 if (rk + keylen/4 + 4 == m_key.end())
298 rk[10] = rk[ 4] ^ rk[ 9];
299 rk[11] = rk[ 5] ^ rk[10];
301 else if (keylen == 32)
304 rk[12] = rk[ 4] ^ (word32(Se[GETBYTE(temp, 3)]) << 24) ^ (word32(Se[GETBYTE(temp, 2)]) << 16) ^ (word32(Se[GETBYTE(temp, 1)]) << 8) ^ Se[GETBYTE(temp, 0)];
305 rk[13] = rk[ 5] ^ rk[12];
306 rk[14] = rk[ 6] ^ rk[13];
307 rk[15] = rk[ 7] ^ rk[14];
314 if (IsForwardTransformation())
329 #define InverseMixColumn(x) TL_M(Td, 0, Se[GETBYTE(x, 3)]) ^ TL_M(Td, 1, Se[GETBYTE(x, 2)]) ^ TL_M(Td, 2, Se[GETBYTE(x, 1)]) ^ TL_M(Td, 3, Se[GETBYTE(x, 0)]) 331 for (i = 4, j = 4*m_rounds-4; i < j; i += 4, j -= 4)
333 temp = InverseMixColumn(rk[i ]); rk[i ] = InverseMixColumn(rk[j ]); rk[j ] = temp;
334 temp = InverseMixColumn(rk[i + 1]); rk[i + 1] = InverseMixColumn(rk[j + 1]); rk[j + 1] = temp;
335 temp = InverseMixColumn(rk[i + 2]); rk[i + 2] = InverseMixColumn(rk[j + 2]); rk[j + 2] = temp;
336 temp = InverseMixColumn(rk[i + 3]); rk[i + 3] = InverseMixColumn(rk[j + 3]); rk[j + 3] = temp;
339 rk[i+0] = InverseMixColumn(rk[i+0]);
340 rk[i+1] = InverseMixColumn(rk[i+1]);
341 rk[i+2] = InverseMixColumn(rk[i+2]);
342 rk[i+3] = InverseMixColumn(rk[i+3]);
350 #if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE 356 void Rijndael::Enc::ProcessAndXorBlock(
const byte *inBlock,
const byte *xorBlock, byte *outBlock)
const 358 #if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE) || CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE 359 #if (CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE)) && !defined(CRYPTOPP_DISABLE_RIJNDAEL_ASM) 365 return (
void)Rijndael::Enc::AdvancedProcessBlocks(inBlock, xorBlock, outBlock, 16, 0);
371 word32 s0, s1, s2, s3, t0, t1, t2, t3;
372 Block::Get(inBlock)(s0)(s1)(s2)(s3);
374 const word32 *rk = m_key;
387 const int cacheLineSize = GetCacheLineSize();
389 volatile word32 _u = 0;
391 #if defined(CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS) || defined(CRYPTOPP_ALLOW_RIJNDAEL_UNALIGNED_DATA_ACCESS) 392 for (i=0; i<2048; i+=cacheLineSize)
394 for (i=0; i<1024; i+=cacheLineSize)
396 u &= *(
const word32 *)(((
const byte *)Te)+i);
398 s0 |= u; s1 |= u; s2 |= u; s3 |= u;
400 QUARTER_ROUND_FE(s3, t0, t1, t2, t3)
401 QUARTER_ROUND_FE(s2, t3, t0, t1, t2)
402 QUARTER_ROUND_FE(s1, t2, t3, t0, t1)
403 QUARTER_ROUND_FE(s0, t1, t2, t3, t0)
406 unsigned int r = m_rounds/2 - 1;
409 s0 = rk[0]; s1 = rk[1]; s2 = rk[2]; s3 = rk[3];
411 QUARTER_ROUND_E(t3, s0, s1, s2, s3)
412 QUARTER_ROUND_E(t2, s3, s0, s1, s2)
413 QUARTER_ROUND_E(t1, s2, s3, s0, s1)
414 QUARTER_ROUND_E(t0, s1, s2, s3, s0)
416 t0 = rk[4]; t1 = rk[5]; t2 = rk[6]; t3 = rk[7];
418 QUARTER_ROUND_E(s3, t0, t1, t2, t3)
419 QUARTER_ROUND_E(s2, t3, t0, t1, t2)
420 QUARTER_ROUND_E(s1, t2, t3, t0, t1)
421 QUARTER_ROUND_E(s0, t1, t2, t3, t0)
427 byte *const tempBlock = (byte *)tbw;
429 QUARTER_ROUND_LE(t2, 15, 2, 5, 8)
430 QUARTER_ROUND_LE(t1, 11, 14, 1, 4)
431 QUARTER_ROUND_LE(t0, 7, 10, 13, 0)
432 QUARTER_ROUND_LE(t3, 3, 6, 9, 12)
434 Block::Put(xorBlock, outBlock)(tbw[0]^rk[0])(tbw[1]^rk[1])(tbw[2]^rk[2])(tbw[3]^rk[3]);
437 void Rijndael::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock)
const 439 #if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE 442 Rijndael::Dec::AdvancedProcessBlocks(inBlock, xorBlock, outBlock, 16, 0);
449 word32 s0, s1, s2, s3, t0, t1, t2, t3;
450 Block::Get(inBlock)(s0)(s1)(s2)(s3);
452 const word32 *rk = m_key;
465 const int cacheLineSize = GetCacheLineSize();
467 volatile word32 _u = 0;
469 #if defined(CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS) || defined(CRYPTOPP_ALLOW_RIJNDAEL_UNALIGNED_DATA_ACCESS) 470 for (i=0; i<2048; i+=cacheLineSize)
472 for (i=0; i<1024; i+=cacheLineSize)
474 u &= *(
const word32 *)(((
const byte *)Td)+i);
476 s0 |= u; s1 |= u; s2 |= u; s3 |= u;
478 QUARTER_ROUND_FD(s3, t2, t1, t0, t3)
479 QUARTER_ROUND_FD(s2, t1, t0, t3, t2)
480 QUARTER_ROUND_FD(s1, t0, t3, t2, t1)
481 QUARTER_ROUND_FD(s0, t3, t2, t1, t0)
484 unsigned int r = m_rounds/2 - 1;
487 s0 = rk[0]; s1 = rk[1]; s2 = rk[2]; s3 = rk[3];
489 QUARTER_ROUND_D(t3, s2, s1, s0, s3)
490 QUARTER_ROUND_D(t2, s1, s0, s3, s2)
491 QUARTER_ROUND_D(t1, s0, s3, s2, s1)
492 QUARTER_ROUND_D(t0, s3, s2, s1, s0)
494 t0 = rk[4]; t1 = rk[5]; t2 = rk[6]; t3 = rk[7];
496 QUARTER_ROUND_D(s3, t2, t1, t0, t3)
497 QUARTER_ROUND_D(s2, t1, t0, t3, t2)
498 QUARTER_ROUND_D(s1, t0, t3, t2, t1)
499 QUARTER_ROUND_D(s0, t3, t2, t1, t0)
504 #if !(defined(CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS) || defined(CRYPTOPP_ALLOW_RIJNDAEL_UNALIGNED_DATA_ACCESS)) 509 for (i=0; i<256; i+=cacheLineSize)
510 u &= *(
const word32 *)(Sd+i);
511 u &= *(
const word32 *)(Sd+252);
512 t0 |= u; t1 |= u; t2 |= u; t3 |= u;
516 byte *
const tempBlock = (byte *)tbw;
518 QUARTER_ROUND_LD(t2, 7, 2, 13, 8)
519 QUARTER_ROUND_LD(t1, 3, 14, 9, 4)
520 QUARTER_ROUND_LD(t0, 15, 10, 5, 0)
521 QUARTER_ROUND_LD(t3, 11, 6, 1, 12)
523 Block::Put(xorBlock, outBlock)(tbw[0]^rk[0])(tbw[1]^rk[1])(tbw[2]^rk[2])(tbw[3]^rk[3]);
528 #if CRYPTOPP_MSC_VERSION 529 # pragma warning(disable: 4731) // frame pointer register 'ebp' modified by inline assembly code 532 #endif // #ifndef CRYPTOPP_GENERATE_X64_MASM 534 #if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE && !defined(CRYPTOPP_DISABLE_RIJNDAEL_ASM) 536 CRYPTOPP_NAKED
void CRYPTOPP_FASTCALL Rijndael_Enc_AdvancedProcessBlocks(
void *locals,
const word32 *k)
538 CRYPTOPP_UNUSED(locals); CRYPTOPP_UNUSED(k);
540 #if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 543 #define L_INDEX(i) (L_REG+768+i) 544 #define L_INXORBLOCKS L_INBLOCKS+4 545 #define L_OUTXORBLOCKS L_INBLOCKS+8 546 #define L_OUTBLOCKS L_INBLOCKS+12 547 #define L_INCREMENTS L_INDEX(16*15) 548 #define L_SP L_INDEX(16*16) 549 #define L_LENGTH L_INDEX(16*16+4) 550 #define L_KEYS_BEGIN L_INDEX(16*16+8) 555 #define MXOR(a,b,c) \ 557 AS2( movd mm7, DWORD PTR [AS_REG_7+8*WORD_REG(si)+MAP0TO4(c)])\ 558 AS2( pxor MM(a), mm7)\ 560 #define MMOV(a,b,c) \ 562 AS2( movd MM(a), DWORD PTR [AS_REG_7+8*WORD_REG(si)+MAP0TO4(c)])\ 567 #define L_INDEX(i) (L_REG+i) 568 #define L_INXORBLOCKS L_INBLOCKS+8 569 #define L_OUTXORBLOCKS L_INBLOCKS+16 570 #define L_OUTBLOCKS L_INBLOCKS+24 571 #define L_INCREMENTS L_INDEX(16*16) 572 #define L_LENGTH L_INDEX(16*18+8) 573 #define L_KEYS_BEGIN L_INDEX(16*19) 585 #define MXOR(a,b,c) \ 587 AS2( xor MM(a), DWORD PTR [AS_REG_7+8*WORD_REG(si)+MAP0TO4(c)])\ 589 #define MMOV(a,b,c) \ 591 AS2( mov MM(a), DWORD PTR [AS_REG_7+8*WORD_REG(si)+MAP0TO4(c)])\ 595 #define L_SUBKEYS L_INDEX(0) 596 #define L_SAVED_X L_SUBKEYS 597 #define L_KEY12 L_INDEX(16*12) 598 #define L_LASTROUND L_INDEX(16*13) 599 #define L_INBLOCKS L_INDEX(16*14) 600 #define MAP0TO4(i) (ASM_MOD(i+3,4)+1) 604 AS2( xor a, DWORD PTR [AS_REG_7+8*WORD_REG(si)+MAP0TO4(c)])\ 608 AS2( mov a, DWORD PTR [AS_REG_7+8*WORD_REG(si)+MAP0TO4(c)])\ 610 #ifdef CRYPTOPP_GENERATE_X64_MASM 612 Rijndael_Enc_AdvancedProcessBlocks PROC FRAME
619 mov AS_REG_7, ?Te@rdtable@
CryptoPP@@3PA_KA
620 mov edi, DWORD PTR [?g_cacheLineSize@
CryptoPP@@3IA]
621 #elif defined(__GNUC__) 625 #
if CRYPTOPP_BOOL_X64
630 AS2( mov AS_REG_7, WORD_REG(si))
636 AS2( lea AS_REG_7, [Te])
637 AS2( mov edi, [g_cacheLineSize])
640 #
if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32
641 AS2( mov [ecx+16*12+16*4], esp)
642 AS2( lea esp, [ecx-768])
646 AS2( mov WORD_REG(si), [L_KEYS_BEGIN])
647 AS2( mov WORD_REG(ax), 16)
648 AS2( and WORD_REG(ax), WORD_REG(si))
649 AS2( movdqa xmm3, XMMWORD_PTR [WORD_REG(dx)+16+WORD_REG(ax)])
650 AS2( movdqa [L_KEY12], xmm3)
651 AS2( lea WORD_REG(ax), [WORD_REG(dx)+WORD_REG(ax)+2*16])
652 AS2( sub WORD_REG(ax), WORD_REG(si))
654 AS2( movdqa xmm0, [WORD_REG(ax)+WORD_REG(si)])
655 AS2( movdqa XMMWORD_PTR [L_SUBKEYS+WORD_REG(si)], xmm0)
656 AS2( add WORD_REG(si), 16)
657 AS2( cmp WORD_REG(si), 16*12)
661 AS2( movdqa xmm4, [WORD_REG(ax)+WORD_REG(si)])
662 AS2( movdqa xmm1, [WORD_REG(dx)])
663 AS2( MOVD MM(1), [WORD_REG(dx)+4*4])
664 AS2( mov ebx, [WORD_REG(dx)+5*4])
665 AS2( mov ecx, [WORD_REG(dx)+6*4])
666 AS2( mov edx, [WORD_REG(dx)+7*4])
669 AS2( xor WORD_REG(ax), WORD_REG(ax))
671 AS2( mov esi, [AS_REG_7+WORD_REG(ax)])
672 AS2( add WORD_REG(ax), WORD_REG(di))
673 AS2( mov esi, [AS_REG_7+WORD_REG(ax)])
674 AS2( add WORD_REG(ax), WORD_REG(di))
675 AS2( mov esi, [AS_REG_7+WORD_REG(ax)])
676 AS2( add WORD_REG(ax), WORD_REG(di))
677 AS2( mov esi, [AS_REG_7+WORD_REG(ax)])
678 AS2( add WORD_REG(ax), WORD_REG(di))
679 AS2( cmp WORD_REG(ax), 2048)
683 AS2( test DWORD PTR [L_LENGTH], 1)
687 AS2( mov WORD_REG(si), [L_INBLOCKS])
688 AS2( movdqu xmm2, [WORD_REG(si)])
689 AS2( pxor xmm2, xmm1)
690 AS2( psrldq xmm1, 14)
692 AS2( mov al, BYTE PTR [WORD_REG(si)+15])
693 AS2( MOVD MM(2), eax)
694 #
if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32
732 AS2( mov eax, [L_KEY12+0*4])
733 AS2( mov edi, [L_KEY12+2*4])
734 AS2( MOVD MM(0), [L_KEY12+3*4])
741 AS2( xor ebx, [L_KEY12+1*4])
753 AS2( MOVD edx, MM(1))
754 AS2( MOVD [L_SAVED_X+3*4], MM(0))
755 AS2( mov [L_SAVED_X+0*4], eax)
756 AS2( mov [L_SAVED_X+1*4], ebx)
757 AS2( mov [L_SAVED_X+2*4], edi)
762 AS2( MOVD MM(1), [L_KEY12+0*4])
763 AS2( mov ebx, [L_KEY12+1*4])
764 AS2( mov ecx, [L_KEY12+2*4])
765 AS2( mov edx, [L_KEY12+3*4])
767 AS2( mov WORD_REG(ax), [L_INBLOCKS])
768 AS2( movdqu xmm2, [WORD_REG(ax)])
769 AS2( mov WORD_REG(si), [L_INXORBLOCKS])
770 AS2( movdqu xmm5, [WORD_REG(si)])
771 AS2( pxor xmm2, xmm1)
772 AS2( pxor xmm2, xmm5)
805 AS2( MOVD eax, MM(1))
807 AS2( add L_REG, [L_KEYS_BEGIN])
808 AS2( add L_REG, 4*16)
813 AS2( MOVD ecx, MM(2))
814 AS2( MOVD edx, MM(1))
815 AS2( mov eax, [L_SAVED_X+0*4])
816 AS2( mov ebx, [L_SAVED_X+1*4])
818 AS2( and WORD_REG(cx), 255)
820 #
if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32
821 AS2( paddb MM(2), mm3)
826 AS2( xor edx, DWORD PTR [AS_REG_7+WORD_REG(cx)*8+3])
830 AS2( xor ecx, [L_SAVED_X+2*4])
833 AS2( xor edx, [L_SAVED_X+3*4])
835 AS2( add L_REG, [L_KEYS_BEGIN])
836 AS2( add L_REG, 3*16)
865 AS2( MOVD MM(0), [L_SUBKEYS-4*16+3*4])
866 AS2( mov edi, [L_SUBKEYS-4*16+2*4])
869 AS2( xor eax, [L_SUBKEYS-4*16+0*4])
870 AS2( xor ebx, [L_SUBKEYS-4*16+1*4])
871 AS2( MOVD edx, MM(0))
874 AS2( MOVD MM(0), [L_SUBKEYS-4*16+7*4])
875 AS2( mov edi, [L_SUBKEYS-4*16+6*4])
878 AS2( xor eax, [L_SUBKEYS-4*16+4*4])
879 AS2( xor ebx, [L_SUBKEYS-4*16+5*4])
880 AS2( MOVD edx, MM(0))
883 AS2( test L_REG, 255)
885 AS2( sub L_REG, 16*16)
887 #define LAST(a, b, c) \
889 AS2( movzx edi, BYTE PTR [AS_REG_7+WORD_REG(si)*8+1] )\
891 AS2( xor edi, DWORD PTR [AS_REG_7+WORD_REG(si)*8+0] )\
892 AS2( mov WORD PTR [L_LASTROUND+c], di )\
908 AS2( mov WORD_REG(ax), [L_OUTXORBLOCKS])
909 AS2( mov WORD_REG(bx), [L_OUTBLOCKS])
911 AS2( mov WORD_REG(cx), [L_LENGTH])
912 AS2( sub WORD_REG(cx), 16)
914 AS2( movdqu xmm2, [WORD_REG(ax)])
915 AS2( pxor xmm2, xmm4)
917 #
if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32
918 AS2( movdqa xmm0, [L_INCREMENTS])
919 AS2( paddd xmm0, [L_INBLOCKS])
920 AS2( movdqa [L_INBLOCKS], xmm0)
922 AS2( movdqa xmm0, [L_INCREMENTS+16])
923 AS2( paddq xmm0, [L_INBLOCKS+16])
924 AS2( movdqa [L_INBLOCKS+16], xmm0)
927 AS2( pxor xmm2, [L_LASTROUND])
928 AS2( movdqu [WORD_REG(bx)], xmm2)
931 AS2( mov [L_LENGTH], WORD_REG(cx))
932 AS2( test WORD_REG(cx), 1)
934 #
if CRYPTOPP_BOOL_X64
935 AS2( movdqa xmm0, [L_INCREMENTS])
936 AS2( paddq xmm0, [L_INBLOCKS])
937 AS2( movdqa [L_INBLOCKS], xmm0)
943 AS2( xorps xmm0, xmm0)
944 AS2( lea WORD_REG(ax), [L_SUBKEYS+7*16])
945 AS2( movaps [WORD_REG(ax)-7*16], xmm0)
946 AS2( movaps [WORD_REG(ax)-6*16], xmm0)
947 AS2( movaps [WORD_REG(ax)-5*16], xmm0)
948 AS2( movaps [WORD_REG(ax)-4*16], xmm0)
949 AS2( movaps [WORD_REG(ax)-3*16], xmm0)
950 AS2( movaps [WORD_REG(ax)-2*16], xmm0)
951 AS2( movaps [WORD_REG(ax)-1*16], xmm0)
952 AS2( movaps [WORD_REG(ax)+0*16], xmm0)
953 AS2( movaps [WORD_REG(ax)+1*16], xmm0)
954 AS2( movaps [WORD_REG(ax)+2*16], xmm0)
955 AS2( movaps [WORD_REG(ax)+3*16], xmm0)
956 AS2( movaps [WORD_REG(ax)+4*16], xmm0)
957 AS2( movaps [WORD_REG(ax)+5*16], xmm0)
958 AS2( movaps [WORD_REG(ax)+6*16], xmm0)
959 #
if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32
960 AS2( mov esp, [L_SP])
965 #
if defined(_MSC_VER) && CRYPTOPP_BOOL_X86
970 #ifdef CRYPTOPP_GENERATE_X64_MASM
976 Rijndael_Enc_AdvancedProcessBlocks ENDP
981 :
"c" (locals),
"d" (k),
"S" (Te),
"D" (g_cacheLineSize)
982 :
"memory",
"cc",
"%eax" 983 #
if CRYPTOPP_BOOL_X64
984 ,
"%rbx",
"%r8",
"%r9",
"%r10",
"%r11",
"%r12" 992 #ifndef CRYPTOPP_GENERATE_X64_MASM 994 #ifdef CRYPTOPP_X64_MASM_AVAILABLE 996 void Rijndael_Enc_AdvancedProcessBlocks(
void *locals,
const word32 *k);
1000 #if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X86 1002 static inline bool AliasedWithTable(
const byte *begin,
const byte *end)
1004 size_t s0 = size_t(begin)%4096, s1 = size_t(end)%4096;
1005 size_t t0 = size_t(Te)%4096, t1 = (size_t(Te)+
sizeof(Te))%4096;
1007 return (s0 >= t0 && s0 < t1) || (s1 > t0 && s1 <= t1);
1009 return (s0 < t1 || s1 <= t1) || (s0 >= t0 || s1 > t0);
1012 #if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE 1014 inline void AESNI_Enc_Block(__m128i &block,
const __m128i *subkeys,
unsigned int rounds)
1016 block = _mm_xor_si128(block, subkeys[0]);
1017 for (
unsigned int i=1; i<rounds-1; i+=2)
1019 block = _mm_aesenc_si128(block, subkeys[i]);
1020 block = _mm_aesenc_si128(block, subkeys[i+1]);
1022 block = _mm_aesenc_si128(block, subkeys[rounds-1]);
1023 block = _mm_aesenclast_si128(block, subkeys[rounds]);
1026 inline void AESNI_Enc_4_Blocks(__m128i &block0, __m128i &block1, __m128i &block2, __m128i &block3,
const __m128i *subkeys,
unsigned int rounds)
1028 __m128i rk = subkeys[0];
1029 block0 = _mm_xor_si128(block0, rk);
1030 block1 = _mm_xor_si128(block1, rk);
1031 block2 = _mm_xor_si128(block2, rk);
1032 block3 = _mm_xor_si128(block3, rk);
1033 for (
unsigned int i=1; i<rounds; i++)
1036 block0 = _mm_aesenc_si128(block0, rk);
1037 block1 = _mm_aesenc_si128(block1, rk);
1038 block2 = _mm_aesenc_si128(block2, rk);
1039 block3 = _mm_aesenc_si128(block3, rk);
1041 rk = subkeys[rounds];
1042 block0 = _mm_aesenclast_si128(block0, rk);
1043 block1 = _mm_aesenclast_si128(block1, rk);
1044 block2 = _mm_aesenclast_si128(block2, rk);
1045 block3 = _mm_aesenclast_si128(block3, rk);
1048 inline void AESNI_Dec_Block(__m128i &block,
const __m128i *subkeys,
unsigned int rounds)
1050 block = _mm_xor_si128(block, subkeys[0]);
1051 for (
unsigned int i=1; i<rounds-1; i+=2)
1053 block = _mm_aesdec_si128(block, subkeys[i]);
1054 block = _mm_aesdec_si128(block, subkeys[i+1]);
1056 block = _mm_aesdec_si128(block, subkeys[rounds-1]);
1057 block = _mm_aesdeclast_si128(block, subkeys[rounds]);
1060 inline void AESNI_Dec_4_Blocks(__m128i &block0, __m128i &block1, __m128i &block2, __m128i &block3,
const __m128i *subkeys,
unsigned int rounds)
1062 __m128i rk = subkeys[0];
1063 block0 = _mm_xor_si128(block0, rk);
1064 block1 = _mm_xor_si128(block1, rk);
1065 block2 = _mm_xor_si128(block2, rk);
1066 block3 = _mm_xor_si128(block3, rk);
1067 for (
unsigned int i=1; i<rounds; i++)
1070 block0 = _mm_aesdec_si128(block0, rk);
1071 block1 = _mm_aesdec_si128(block1, rk);
1072 block2 = _mm_aesdec_si128(block2, rk);
1073 block3 = _mm_aesdec_si128(block3, rk);
1075 rk = subkeys[rounds];
1076 block0 = _mm_aesdeclast_si128(block0, rk);
1077 block1 = _mm_aesdeclast_si128(block1, rk);
1078 block2 = _mm_aesdeclast_si128(block2, rk);
1079 block3 = _mm_aesdeclast_si128(block3, rk);
1082 static CRYPTOPP_ALIGN_DATA(16) const word32 s_one[] = {0, 0, 0, 1<<24};
1084 template <
typename F1,
typename F4>
1085 inline size_t AESNI_AdvancedProcessBlocks(F1 func1, F4 func4,
const __m128i *subkeys,
unsigned int rounds,
const byte *inBlocks,
const byte *xorBlocks, byte *outBlocks,
size_t length, word32 flags)
1087 size_t blockSize = 16;
1089 size_t xorIncrement = xorBlocks ? blockSize : 0;
1094 assert(length % blockSize == 0);
1095 inBlocks += length - blockSize;
1096 xorBlocks += length - blockSize;
1097 outBlocks += length - blockSize;
1098 inIncrement = 0-inIncrement;
1099 xorIncrement = 0-xorIncrement;
1100 outIncrement = 0-outIncrement;
1103 if (flags & BlockTransformation::BT_AllowParallel)
1105 while (length >= 4*blockSize)
1107 __m128i block0 = _mm_loadu_si128((
const __m128i *)inBlocks), block1, block2, block3;
1110 const __m128i be1 = *(
const __m128i *)s_one;
1111 block1 = _mm_add_epi32(block0, be1);
1112 block2 = _mm_add_epi32(block1, be1);
1113 block3 = _mm_add_epi32(block2, be1);
1114 _mm_storeu_si128((__m128i *)inBlocks, _mm_add_epi32(block3, be1));
1118 inBlocks += inIncrement;
1119 block1 = _mm_loadu_si128((
const __m128i *)inBlocks);
1120 inBlocks += inIncrement;
1121 block2 = _mm_loadu_si128((
const __m128i *)inBlocks);
1122 inBlocks += inIncrement;
1123 block3 = _mm_loadu_si128((
const __m128i *)inBlocks);
1124 inBlocks += inIncrement;
1127 if (flags & BlockTransformation::BT_XorInput)
1129 block0 = _mm_xor_si128(block0, _mm_loadu_si128((
const __m128i *)xorBlocks));
1130 xorBlocks += xorIncrement;
1131 block1 = _mm_xor_si128(block1, _mm_loadu_si128((
const __m128i *)xorBlocks));
1132 xorBlocks += xorIncrement;
1133 block2 = _mm_xor_si128(block2, _mm_loadu_si128((
const __m128i *)xorBlocks));
1134 xorBlocks += xorIncrement;
1135 block3 = _mm_xor_si128(block3, _mm_loadu_si128((
const __m128i *)xorBlocks));
1136 xorBlocks += xorIncrement;
1139 func4(block0, block1, block2, block3, subkeys, rounds);
1141 if (xorBlocks && !(flags & BlockTransformation::BT_XorInput))
1143 block0 = _mm_xor_si128(block0, _mm_loadu_si128((
const __m128i *)xorBlocks));
1144 xorBlocks += xorIncrement;
1145 block1 = _mm_xor_si128(block1, _mm_loadu_si128((
const __m128i *)xorBlocks));
1146 xorBlocks += xorIncrement;
1147 block2 = _mm_xor_si128(block2, _mm_loadu_si128((
const __m128i *)xorBlocks));
1148 xorBlocks += xorIncrement;
1149 block3 = _mm_xor_si128(block3, _mm_loadu_si128((
const __m128i *)xorBlocks));
1150 xorBlocks += xorIncrement;
1153 _mm_storeu_si128((__m128i *)outBlocks, block0);
1154 outBlocks += outIncrement;
1155 _mm_storeu_si128((__m128i *)outBlocks, block1);
1156 outBlocks += outIncrement;
1157 _mm_storeu_si128((__m128i *)outBlocks, block2);
1158 outBlocks += outIncrement;
1159 _mm_storeu_si128((__m128i *)outBlocks, block3);
1160 outBlocks += outIncrement;
1162 length -= 4*blockSize;
1166 while (length >= blockSize)
1168 __m128i block = _mm_loadu_si128((
const __m128i *)inBlocks);
1170 if (flags & BlockTransformation::BT_XorInput)
1171 block = _mm_xor_si128(block, _mm_loadu_si128((
const __m128i *)xorBlocks));
1173 if (flags & BlockTransformation::BT_InBlockIsCounter)
1174 const_cast<byte *
>(inBlocks)[15]++;
1176 func1(block, subkeys, rounds);
1178 if (xorBlocks && !(flags & BlockTransformation::BT_XorInput))
1179 block = _mm_xor_si128(block, _mm_loadu_si128((
const __m128i *)xorBlocks));
1181 _mm_storeu_si128((__m128i *)outBlocks, block);
1183 inBlocks += inIncrement;
1184 outBlocks += outIncrement;
1185 xorBlocks += xorIncrement;
1186 length -= blockSize;
1193 size_t Rijndael::Enc::AdvancedProcessBlocks(
const byte *inBlocks,
const byte *xorBlocks, byte *outBlocks,
size_t length, word32 flags)
const 1195 #if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE 1197 return AESNI_AdvancedProcessBlocks(AESNI_Enc_Block, AESNI_Enc_4_Blocks, (
const __m128i *)m_key.begin(), m_rounds, inBlocks, xorBlocks, outBlocks, length, flags);
1200 #if (CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE)) && !defined(CRYPTOPP_DISABLE_RIJNDAEL_ASM) 1203 if (length < BLOCKSIZE)
1208 word32 subkeys[4*12], workspace[8];
1209 const byte *inBlocks, *inXorBlocks, *outXorBlocks;
1211 size_t inIncrement, inXorIncrement, outXorIncrement, outIncrement;
1212 size_t regSpill, lengthAndCounterFlag, keysBegin;
1215 size_t increment = BLOCKSIZE;
1216 const byte* zeros = (byte *)(Te+256);
1221 #if (CRYPTOPP_MSC_VERION >= 1400) 1222 space = (byte *)_malloca(255+
sizeof(Locals));
1223 space += (256-(size_t)space%256)%256;
1225 space = (byte *)alloca(255+
sizeof(Locals));
1226 space += (256-(size_t)space%256)%256;
1229 while (AliasedWithTable(space, space+
sizeof(Locals)));
1231 if (flags & BT_ReverseDirection)
1233 assert(length % BLOCKSIZE == 0);
1234 inBlocks += length - BLOCKSIZE;
1235 xorBlocks += length - BLOCKSIZE;
1236 outBlocks += length - BLOCKSIZE;
1237 increment = 0-increment;
1240 Locals &locals = *(Locals *)space;
1242 locals.inBlocks = inBlocks;
1243 locals.inXorBlocks = (flags & BT_XorInput) && xorBlocks ? xorBlocks : zeros;
1244 locals.outXorBlocks = (flags & BT_XorInput) || !xorBlocks ? zeros : xorBlocks;
1245 locals.outBlocks = outBlocks;
1247 locals.inIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : increment;
1248 locals.inXorIncrement = (flags & BT_XorInput) && xorBlocks ? increment : 0;
1249 locals.outXorIncrement = (flags & BT_XorInput) || !xorBlocks ? 0 : increment;
1250 locals.outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : increment;
1252 locals.lengthAndCounterFlag = length - (length%16) -
bool(flags & BT_InBlockIsCounter);
1253 int keysToCopy = m_rounds - (flags & BT_InBlockIsCounter ? 3 : 2);
1254 locals.keysBegin = (12-keysToCopy)*16;
1256 Rijndael_Enc_AdvancedProcessBlocks(&locals, m_key);
1257 return length % BLOCKSIZE;
1266 #if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE 1268 size_t Rijndael::Dec::AdvancedProcessBlocks(
const byte *inBlocks,
const byte *xorBlocks, byte *outBlocks,
size_t length, word32 flags)
const 1271 return AESNI_AdvancedProcessBlocks(AESNI_Dec_Block, AESNI_Dec_4_Blocks, (
const __m128i *)m_key.begin(), m_rounds, inBlocks, xorBlocks, outBlocks, length, flags);
1276 #endif // #if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE Utility functions for the Crypto++ library.
Library configuration file.
Rijndael block cipher implementation details.
T ConditionalByteReverse(ByteOrder order, T value)
Reverses bytes in a value depending upon endianess.
Classes for Rijndael encryption algorithm.
Classes, functions, intrinsics and features for X86, X32 nd X64 assembly.
Crypto++ library namespace.
T rotrFixed(T x, unsigned int y)
Performs a right rotate.
Interface for retrieving values given their names.