From 36795a688fd1d5bb9f497970938d9fcb08cfc330 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Mon, 7 Mar 2022 00:45:30 +0100 Subject: Implement support of Blake2s-256 hash algorithm and remove deprecated algorithms RIPEMD-160 and GOST89. --- src/Crypto/Crypto.vcxproj | 21 +- src/Crypto/Crypto.vcxproj.filters | 36 +-- src/Crypto/Crypto_vs2019.vcxproj | 23 +- src/Crypto/GostCipher.c | 265 -------------------- src/Crypto/GostCipher.h | 68 ------ src/Crypto/Makefile.inc | 3 - src/Crypto/Rmd160.c | 500 -------------------------------------- src/Crypto/Rmd160.h | 33 --- src/Crypto/Sources | 8 +- src/Crypto/config.h | 6 + src/Crypto/cpu.h | 11 +- src/Crypto/gost89_x64.asm | 483 ------------------------------------ 12 files changed, 47 insertions(+), 1410 deletions(-) delete mode 100644 src/Crypto/GostCipher.c delete mode 100644 src/Crypto/GostCipher.h delete mode 100644 src/Crypto/Rmd160.c delete mode 100644 src/Crypto/Rmd160.h delete mode 100644 src/Crypto/gost89_x64.asm (limited to 'src/Crypto') diff --git a/src/Crypto/Crypto.vcxproj b/src/Crypto/Crypto.vcxproj index c6e0aac5..97a472f7 100644 --- a/src/Crypto/Crypto.vcxproj +++ b/src/Crypto/Crypto.vcxproj @@ -197,16 +197,6 @@ $(TargetDir)\%(Filename).obj;%(Outputs) true echo %(Filename)%(Extension) & nasm.exe -Xvc -f win32 -Ox --prefix _ -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)" - - $(TargetDir)\%(Filename).obj;%(Outputs) - - - true - echo %(Filename)%(Extension) & nasm.exe -Xvc -f win64 -Ox -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)" - - $(TargetDir)\%(Filename).obj;%(Outputs) - true - echo %(Filename)%(Extension) & nasm.exe -Xvc -f win64 -Ox -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)" $(TargetDir)\%(Filename).obj;%(Outputs) @@ -214,12 +204,15 @@ + + + + - Disabled Disabled @@ -227,7 +220,6 @@ - @@ -243,6 +235,9 @@ + + + @@ -250,13 +245,11 @@ - - diff --git a/src/Crypto/Crypto.vcxproj.filters b/src/Crypto/Crypto.vcxproj.filters index 541a0867..5d149bdd 100644 --- a/src/Crypto/Crypto.vcxproj.filters +++ b/src/Crypto/Crypto.vcxproj.filters @@ -24,9 +24,6 @@ Source Files - - Source Files - Source Files @@ -36,9 +33,6 @@ Source Files - - Source Files - Source Files @@ -81,6 +75,18 @@ Source Files + + Source Files + + + Source Files + + + Source Files + + + Source Files + @@ -107,9 +113,6 @@ Header Files - - Header Files - Header Files @@ -119,9 +122,6 @@ Header Files - - Header Files - Header Files @@ -164,6 +164,15 @@ Header Files + + Header Files + + + Header Files + + + Header Files + @@ -175,9 +184,6 @@ Source Files - - Source Files - Source Files diff --git a/src/Crypto/Crypto_vs2019.vcxproj b/src/Crypto/Crypto_vs2019.vcxproj index 8d9ce46e..aa75b9b8 100644 --- a/src/Crypto/Crypto_vs2019.vcxproj +++ b/src/Crypto/Crypto_vs2019.vcxproj @@ -297,24 +297,6 @@ $(TargetDir)\%(Filename).obj;%(Outputs) $(TargetDir)\%(Filename).obj;%(Outputs) - - true - echo %(Filename)%(Extension) & nasm.exe -Xvc -f win64 -Ox -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)" - - echo %(Filename)%(Extension) & nasm.exe -Xvc -f win64 -Ox -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)" - - $(TargetDir)\%(Filename).obj;%(Outputs) - $(TargetDir)\%(Filename).obj;%(Outputs) - true - echo %(Filename)%(Extension) & nasm.exe -Xvc -f win64 -Ox -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)" - - echo %(Filename)%(Extension) & nasm.exe -Xvc -f win64 -Ox -o "$(TargetDir)\%(Filename).obj" -l "$(TargetDir)\%(Filename).lst" "%(FullPath)" - - $(TargetDir)\%(Filename).obj;%(Outputs) - $(TargetDir)\%(Filename).obj;%(Outputs) - true - true - @@ -325,12 +307,12 @@ + - Disabled Disabled @@ -345,7 +327,6 @@ true true - @@ -368,13 +349,11 @@ - - diff --git a/src/Crypto/GostCipher.c b/src/Crypto/GostCipher.c deleted file mode 100644 index ddd649cd..00000000 --- a/src/Crypto/GostCipher.c +++ /dev/null @@ -1,265 +0,0 @@ -/** @file -GOST89 implementation - -Copyright (c) 2016. Disk Cryptography Services for EFI (DCS), Alex Kolotnikov - -This program and the accompanying materials -are licensed and made available under the terms and conditions -of the Apache License, Version 2.0. -The full text of the license may be found at -https://opensource.org/licenses/Apache-2.0 - -Dynamic SBOX idea is from GostCrypt project. Copyright (c) 2008-2011 TrueCrypt Developers Association -**/ - - - -#include "GostCipher.h" -#include "Streebog.h" -#include "cpu.h" - -#if defined(CIPHER_GOST89) - -// Crypto Pro -byte S_CryptoPro[8][16] = { - {0x1,0x3,0xA,0x9,0x5,0xB,0x4,0xF,0x8,0x6,0x7,0xE,0xD,0x0,0x2,0xC}, - {0xD,0xE,0x4,0x1,0x7,0x0,0x5,0xA,0x3,0xC,0x8,0xF,0x6,0x2,0x9,0xB}, - {0x7,0x6,0x2,0x4,0xD,0x9,0xF,0x0,0xA,0x1,0x5,0xB,0x8,0xE,0xC,0x3}, - {0x7,0x6,0x4,0xB,0x9,0xC,0x2,0xA,0x1,0x8,0x0,0xE,0xF,0xD,0x3,0x5}, - {0x4,0xA,0x7,0xC,0x0,0xF,0x2,0x8,0xE,0x1,0x6,0x5,0xD,0xB,0x9,0x3}, - {0x7,0xF,0xC,0xE,0x9,0x4,0x1,0x0,0x3,0xB,0x5,0x2,0x6,0xA,0x8,0xD}, - {0x5,0xF,0x4,0x0,0x2,0xD,0xB,0x9,0x1,0x7,0x6,0x3,0xC,0xE,0xA,0x8}, - {0xA,0x4,0x5,0x6,0x8,0x1,0x3,0x7,0xD,0xC,0xE,0x0,0x9,0x2,0xB,0xF} - }; - -// TC26 -byte S_TC26[8][16] = -{ - { 0xc, 0x4, 0x6, 0x2, 0xa, 0x5, 0xb, 0x9, 0xe, 0x8, 0xd, 0x7, 0x0, 0x3, 0xf, 0x1 }, - { 0x6, 0x8, 0x2, 0x3, 0x9, 0xa, 0x5, 0xc, 0x1, 0xe, 0x4, 0x7, 0xb, 0xd, 0x0, 0xf }, - { 0xb, 0x3, 0x5, 0x8, 0x2, 0xf, 0xa, 0xd, 0xe, 0x1, 0x7, 0x4, 0xc, 0x9, 0x6, 0x0 }, - { 0xc, 0x8, 0x2, 0x1, 0xd, 0x4, 0xf, 0x6, 0x7, 0x0, 0xa, 0x5, 0x3, 0xe, 0x9, 0xb }, - { 0x7, 0xf, 0x5, 0xa, 0x8, 0x1, 0x6, 0xd, 0x0, 0x9, 0x3, 0xe, 0xb, 0x4, 0x2, 0xc }, - { 0x5, 0xd, 0xf, 0x6, 0x9, 0x2, 0xc, 0xa, 0xb, 0x7, 0x8, 0x1, 0x4, 0x3, 0xe, 0x0 }, - { 0x8, 0xe, 0x2, 0x5, 0x6, 0x9, 0x1, 0xc, 0xf, 0x4, 0xb, 0x0, 0xd, 0xa, 0x3, 0x7 }, - { 0x1, 0x7, 0xe, 0xd, 0x0, 0x5, 0x8, 0x3, 0x4, 0xf, 0xa, 0x6, 0x9, 0xc, 0xb, 0x2 }, -}; - -void gost_prepare_kds(gost_kds* kds) { - uint32 i; - // Build substitution tables. - for (i = 0; i < 256; ++i) { - uint32 p; - p = kds->sbox[7][i >> 4] << 4 | kds->sbox[6][i & 15]; - p = p << 24; p = p << 11 | p >> 21; - kds->sbox_cvt[i] = p; // S87 - - p = kds->sbox[5][i >> 4] << 4 | kds->sbox[4][i & 15]; - p = p << 16; p = p << 11 | p >> 21; - kds->sbox_cvt[256 + i] = p; // S65 - - p = kds->sbox[3][i >> 4] << 4 | kds->sbox[2][i & 15]; - p = p << 8; p = p << 11 | p >> 21; - kds->sbox_cvt[256 * 2 + i] = p; // S43 - - p = kds->sbox[1][i >> 4] << 4 | kds->sbox[0][i & 15]; - p = p << 11 | p >> 21; - kds->sbox_cvt[256 * 3 + i] = p; // S21 - } -} - - -static void xor_s_box(byte s_box[8][16], byte *seed) -{ - int i; - for (i = 0; i < 16; i++) - { - s_box[0][i] ^= (seed[ (i * 4) + 0 ] ) & 0xF; - s_box[1][i] ^= (seed[ (i * 4) + 0 ]>>4) & 0xF; - s_box[2][i] ^= (seed[ (i * 4) + 1 ] ) & 0xF; - s_box[3][i] ^= (seed[ (i * 4) + 1 ]>>4) & 0xF; - s_box[4][i] ^= (seed[ (i * 4) + 2 ] ) & 0xF; - s_box[5][i] ^= (seed[ (i * 4) + 2 ]>>4) & 0xF; - s_box[6][i] ^= (seed[ (i * 4) + 3 ] ) & 0xF; - s_box[7][i] ^= (seed[ (i * 4) + 3 ]>>4) & 0xF; - } -} - -void gost_set_key(const byte *key, gost_kds *ks, int useDynamicSbox) -{ - memcpy(ks->key, key, GOST_KEYSIZE); - memcpy(ks->sbox, S_TC26, sizeof(ks->sbox)); - - if (useDynamicSbox) - { - STREEBOG_CTX sctx; - byte sbox_seed[64]; -#if defined (DEVICE_DRIVER) && !defined (_WIN64) - KFLOATING_SAVE floatingPointState; - NTSTATUS saveStatus = STATUS_INVALID_PARAMETER; - if (HasSSE2() || HasSSE41()) - saveStatus = KeSaveFloatingPointState (&floatingPointState); -#endif - //Generate pseudorandom data based on the key - STREEBOG_init(&sctx); - STREEBOG_add(&sctx, ks->key, 32); - STREEBOG_finalize(&sctx, sbox_seed); - -#if defined (DEVICE_DRIVER) && !defined (_WIN64) - if (NT_SUCCESS (saveStatus)) - KeRestoreFloatingPointState (&floatingPointState); -#endif - - xor_s_box(ks->sbox, sbox_seed); - } - - gost_prepare_kds(ks); -} - -static uint32 f(uint32 v, uint32* sbox){ - byte* x =(byte*) &v; - /* Do substitutions */ - return sbox[x[3]] | sbox[256 + x[2]] | sbox[256*2 + x[1]] | sbox[256*3 + x[0]]; -} - -void gost_encrypt_block(uint64 in_, uint64* out_, gost_kds* kds) { - uint32* in = (uint32*)&in_; - uint32* out = (uint32*)out_; - uint32* key = (uint32*)kds->key; - uint32* sbox = kds->sbox_cvt; - - // As named in the GOST - uint32 n1 = in[0]; - uint32 n2 = in[1]; - - n2 ^= f(n1+key[0], sbox); - n1 ^= f(n2+key[1], sbox); - n2 ^= f(n1+key[2], sbox); - n1 ^= f(n2+key[3], sbox); - n2 ^= f(n1+key[4], sbox); - n1 ^= f(n2+key[5], sbox); - n2 ^= f(n1+key[6], sbox); - n1 ^= f(n2+key[7], sbox); - - n2 ^= f(n1+key[0], sbox); - n1 ^= f(n2+key[1], sbox); - n2 ^= f(n1+key[2], sbox); - n1 ^= f(n2+key[3], sbox); - n2 ^= f(n1+key[4], sbox); - n1 ^= f(n2+key[5], sbox); - n2 ^= f(n1+key[6], sbox); - n1 ^= f(n2+key[7], sbox); - - n2 ^= f(n1+key[0], sbox); - n1 ^= f(n2+key[1], sbox); - n2 ^= f(n1+key[2], sbox); - n1 ^= f(n2+key[3], sbox); - n2 ^= f(n1+key[4], sbox); - n1 ^= f(n2+key[5], sbox); - n2 ^= f(n1+key[6], sbox); - n1 ^= f(n2+key[7], sbox); - - n2 ^= f(n1+key[7], sbox); - n1 ^= f(n2+key[6], sbox); - n2 ^= f(n1+key[5], sbox); - n1 ^= f(n2+key[4], sbox); - n2 ^= f(n1+key[3], sbox); - n1 ^= f(n2+key[2], sbox); - n2 ^= f(n1+key[1], sbox); - n1 ^= f(n2+key[0], sbox); - - // There is no swap after the last round - out[0] = n2; - out[1] = n1; -} - -void gost_decrypt_block(uint64 in_, uint64* out_, gost_kds* kds) { - uint32* in = (uint32*)&in_; - uint32* out = (uint32*)out_; - uint32* key = (uint32*)kds->key; - uint32* sbox = kds->sbox_cvt; - - // As named in the GOST - uint32 n1 = in[0]; - uint32 n2 = in[1]; - - n2 ^= f(n1+key[0], sbox); - n1 ^= f(n2+key[1], sbox); - n2 ^= f(n1+key[2], sbox); - n1 ^= f(n2+key[3], sbox); - n2 ^= f(n1+key[4], sbox); - n1 ^= f(n2+key[5], sbox); - n2 ^= f(n1+key[6], sbox); - n1 ^= f(n2+key[7], sbox); - - n2 ^= f(n1+key[7], sbox); - n1 ^= f(n2+key[6], sbox); - n2 ^= f(n1+key[5], sbox); - n1 ^= f(n2+key[4], sbox); - n2 ^= f(n1+key[3], sbox); - n1 ^= f(n2+key[2], sbox); - n2 ^= f(n1+key[1], sbox); - n1 ^= f(n2+key[0], sbox); - - n2 ^= f(n1+key[7], sbox); - n1 ^= f(n2+key[6], sbox); - n2 ^= f(n1+key[5], sbox); - n1 ^= f(n2+key[4], sbox); - n2 ^= f(n1+key[3], sbox); - n1 ^= f(n2+key[2], sbox); - n2 ^= f(n1+key[1], sbox); - n1 ^= f(n2+key[0], sbox); - - n2 ^= f(n1+key[7], sbox); - n1 ^= f(n2+key[6], sbox); - n2 ^= f(n1+key[5], sbox); - n1 ^= f(n2+key[4], sbox); - n2 ^= f(n1+key[3], sbox); - n1 ^= f(n2+key[2], sbox); - n2 ^= f(n1+key[1], sbox); - n1 ^= f(n2+key[0], sbox); - - out[0] = n2; - out[1] = n1; -} - -#if defined(_M_AMD64) -void gost_encrypt_128_CBC_asm(const byte *in, byte *out, gost_kds *ks, uint64 count); -void gost_decrypt_128_CBC_asm(const byte *in, byte *out, gost_kds *ks, uint64 count); -#endif - -void gost_encrypt(const byte *in, byte *out, gost_kds *ks, int count) { -#if defined(_M_AMD64) - gost_encrypt_128_CBC_asm(in, out, ks, (uint64)count); -#else - while (count > 0) { - // encrypt two blocks in CBC mode - gost_encrypt_block(*((uint64*)in), (uint64*)out, ks); - *((gst_udword*)(out + 8)) = *((gst_udword*)(in + 8)) ^ *((gst_udword*)(out)); - *((gst_udword*)(out + 12)) = *((gst_udword*)(in + 12)) ^ *((gst_udword*)(out + 4)); - gost_encrypt_block(*((uint64*)(out + 8)), (uint64*)(out + 8), ks); - count--; - in += 16; - out += 16; - } -#endif -} - -void gost_decrypt(const byte *in, byte *out, gost_kds *ks, int count) { -#if defined(_M_AMD64) - gost_decrypt_128_CBC_asm(in, out, ks, (uint64)count); -#else - while (count > 0) { - // decrypt two blocks in CBC mode - gost_decrypt_block(*((uint64*)(in + 8)), (uint64*)(out + 8), ks); - *((gst_udword*)(out + 8)) ^= *((gst_udword*)(in));; - *((gst_udword*)(out + 12)) ^= *((gst_udword*)(in + 4));; - gost_decrypt_block(*((uint64*)(in)), (uint64*)(out), ks); - count--; - in += 16; - out += 16; - } -#endif -} - -#endif diff --git a/src/Crypto/GostCipher.h b/src/Crypto/GostCipher.h deleted file mode 100644 index bcb77207..00000000 --- a/src/Crypto/GostCipher.h +++ /dev/null @@ -1,68 +0,0 @@ - -/* - Copyright (c) 2008-2011 TrueCrypt Developers Association. All rights reserved. - - Governed by the TrueCrypt License 3.0 the full text of which is contained in - the file License.txt included in TrueCrypt binary and source code distribution - packages. -*/ - - - -#ifndef GOST_CIPHER_H -#define GOST_CIPHER_H - -#include "Common/Tcdefs.h" -#include "config.h" -#include "misc.h" - -#ifdef __cplusplus -extern "C" { -#endif - -//In unsigned chars -#define GOST_KEYSIZE 32 -#define GOST_BLOCKSIZE 8 -#define GOST_SBOX_SIZE 16 - -//Production setting, but can be turned off to compare the algorithm with other implementations -#define CIPHER_GOST89 -#define GOST_DYNAMIC_SBOXES - -#if defined(CIPHER_GOST89) - -#ifdef GST_WINDOWS_BOOT -typedef int gst_word; -typedef long gst_dword; -typedef unsigned int gst_uword; -typedef unsigned long gst_udword; -#else -typedef short gst_word; -typedef int gst_dword; -typedef unsigned short gst_uword; -typedef unsigned int gst_udword; -#endif - -typedef struct gost_kds -{ - CRYPTOPP_ALIGN_DATA(16) byte key[32]; - gst_udword sbox_cvt[256 * 4]; - byte sbox[8][16]; -} gost_kds; - -#define GOST_KS (sizeof(gost_kds)) - -void gost_encrypt(const byte *in, byte *out, gost_kds *ks, int count); -void gost_decrypt(const byte *in, byte *out, gost_kds *ks, int count); -void gost_set_key(const byte *key, gost_kds *ks, int useDynamicSbox); - -#else -#define GOST_KS (0) -#endif - -#ifdef __cplusplus -} -#endif - - -#endif diff --git a/src/Crypto/Makefile.inc b/src/Crypto/Makefile.inc index c8d2dfdf..e05d02ca 100644 --- a/src/Crypto/Makefile.inc +++ b/src/Crypto/Makefile.inc @@ -16,9 +16,6 @@ VC_MLEXE = ml64.exe TC_ASM_ERR_LOG = ..\Driver\build_errors_asm.log -"$(OBJ_PATH)\$(O)\gost89_$(TC_ARCH).obj": gost89_$(TC_ARCH).asm - nasm.exe $(TC_ASFLAGS) -o "$@" -l "$(OBJ_PATH)\$(O)\gost89_$(TC_ARCH).lst" gost89_$(TC_ARCH).asm 2>$(TC_ASM_ERR_LOG) - "$(OBJ_PATH)\$(O)\Aes_$(TC_ARCH).obj": Aes_$(TC_ARCH).asm nasm.exe $(TC_ASFLAGS) -o "$@" -l "$(OBJ_PATH)\$(O)\Aes_$(TC_ARCH).lst" Aes_$(TC_ARCH).asm 2>$(TC_ASM_ERR_LOG) diff --git a/src/Crypto/Rmd160.c b/src/Crypto/Rmd160.c deleted file mode 100644 index 0c6ec839..00000000 --- a/src/Crypto/Rmd160.c +++ /dev/null @@ -1,500 +0,0 @@ -// RIPEMD-160 written and placed in the public domain by Wei Dai - -/* - * This code implements the MD4 message-digest algorithm. - * The algorithm is due to Ron Rivest. This code was - * written by Colin Plumb in 1993, no copyright is claimed. - * This code is in the public domain; do with it what you wish. - */ - -/* Adapted for TrueCrypt */ -/* Adapted for VeraCrypt */ -#if !defined(_UEFI) -#include -#endif // !defined(_UEFI) - -#include "Common/Tcdefs.h" -#include "Common/Endian.h" -#include "Rmd160.h" - -#define F(x, y, z) (x ^ y ^ z) -#define G(x, y, z) (z ^ (x & (y^z))) -#define H(x, y, z) (z ^ (x | ~y)) -#define I(x, y, z) (y ^ (z & (x^y))) -#define J(x, y, z) (x ^ (y | ~z)) - -#define PUT_64BIT_LE(cp, value) do { \ - (cp)[7] = (byte) ((value) >> 56); \ - (cp)[6] = (byte) ((value) >> 48); \ - (cp)[5] = (byte) ((value) >> 40); \ - (cp)[4] = (byte) ((value) >> 32); \ - (cp)[3] = (byte) ((value) >> 24); \ - (cp)[2] = (byte) ((value) >> 16); \ - (cp)[1] = (byte) ((value) >> 8); \ - (cp)[0] = (byte) (value); } while (0) - -#define PUT_32BIT_LE(cp, value) do { \ - (cp)[3] = (byte) ((value) >> 24); \ - (cp)[2] = (byte) ((value) >> 16); \ - (cp)[1] = (byte) ((value) >> 8); \ - (cp)[0] = (byte) (value); } while (0) - -#ifndef TC_MINIMIZE_CODE_SIZE - -static byte PADDING[64] = { - 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; - -#else - -static byte PADDING[64]; - -#endif - -void RMD160Init (RMD160_CTX *ctx) -{ - ctx->count = 0; - ctx->state[0] = 0x67452301; - ctx->state[1] = 0xefcdab89; - ctx->state[2] = 0x98badcfe; - ctx->state[3] = 0x10325476; - ctx->state[4] = 0xc3d2e1f0; - PADDING[0] = 0x80; -} - -/* -* Update context to reflect the concatenation of another buffer full -* of bytes. -*/ -void RMD160Update (RMD160_CTX *ctx, const unsigned char *input, unsigned __int32 lenArg) -{ -#ifndef TC_WINDOWS_BOOT - uint64 len = lenArg; -#else - uint32 len = lenArg; -#endif - unsigned int have, need; - - /* Check how many bytes we already have and how many more we need. */ - have = (unsigned int) ((ctx->count) & (RIPEMD160_BLOCK_LENGTH - 1)); - need = RIPEMD160_BLOCK_LENGTH - have; - - /* Update bitcount */ - ctx->count += len; - - if (len >= need) { - if (have != 0) { - memcpy (ctx->buffer + have, input, (size_t) need); - RMD160Transform ((uint32 *) ctx->state, (const uint32 *) ctx->buffer); - input += need; - len -= need; - have = 0; - } - - /* Process data in RIPEMD160_BLOCK_LENGTH-byte chunks. */ - while (len >= RIPEMD160_BLOCK_LENGTH) { - RMD160Transform ((uint32 *) ctx->state, (const uint32 *) input); - input += RIPEMD160_BLOCK_LENGTH; - len -= RIPEMD160_BLOCK_LENGTH; - } - } - - /* Handle any remaining bytes of data. */ - if (len != 0) - memcpy (ctx->buffer + have, input, (size_t) len); -} - -/* -* Pad pad to 64-byte boundary with the bit pattern -* 1 0* (64-bit count of bits processed, MSB-first) -*/ -static void RMD160Pad(RMD160_CTX *ctx) -{ - byte count[8]; - uint32 padlen; - - /* Convert count to 8 bytes in little endian order. */ - -#ifndef TC_WINDOWS_BOOT - uint64 bitcount = ctx->count << 3; - PUT_64BIT_LE(count, bitcount); -#else - *(uint32 *) (count + 4) = 0; - *(uint32 *) (count + 0) = ctx->count << 3; -#endif - - /* Pad out to 56 mod 64. */ - padlen = RIPEMD160_BLOCK_LENGTH - - (uint32)((ctx->count) & (RIPEMD160_BLOCK_LENGTH - 1)); - if (padlen < 1 + 8) - padlen += RIPEMD160_BLOCK_LENGTH; - RMD160Update(ctx, PADDING, padlen - 8); /* padlen - 8 <= 64 */ - RMD160Update(ctx, count, 8); -} - -/* -* Final wrapup--call RMD160Pad, fill in digest and zero out ctx. -*/ -void RMD160Final(unsigned char *digest, RMD160_CTX *ctx) -{ - int i; - - RMD160Pad(ctx); - if (digest) { - for (i = 0; i < 5; i++) - PUT_32BIT_LE(digest + i * 4, ctx->state[i]); -#ifndef TC_WINDOWS_BOOT - burn (ctx, sizeof(*ctx)); -#endif - } -} - - -#ifndef TC_MINIMIZE_CODE_SIZE - -#define word32 unsigned __int32 - -#define k0 0 -#define k1 0x5a827999UL -#define k2 0x6ed9eba1UL -#define k3 0x8f1bbcdcUL -#define k4 0xa953fd4eUL -#define k5 0x50a28be6UL -#define k6 0x5c4dd124UL -#define k7 0x6d703ef3UL -#define k8 0x7a6d76e9UL -#define k9 0 - -static word32 rotlFixed (word32 x, unsigned int y) -{ - return (word32)((x<>(sizeof(word32)*8-y))); -} - -#define Subround(f, a, b, c, d, e, x, s, k) \ - a += f(b, c, d) + x + k;\ - a = rotlFixed((word32)a, s) + e;\ - c = rotlFixed((word32)c, 10U) - -void RMD160Transform (unsigned __int32 *digest, const unsigned __int32 *data) -{ -#if BYTE_ORDER == LITTLE_ENDIAN - const word32 *X = data; -#else - word32 X[16]; - int i; -#endif - - word32 a1, b1, c1, d1, e1, a2, b2, c2, d2, e2; - a1 = a2 = digest[0]; - b1 = b2 = digest[1]; - c1 = c2 = digest[2]; - d1 = d2 = digest[3]; - e1 = e2 = digest[4]; - -#if BYTE_ORDER == BIG_ENDIAN - for (i = 0; i < 16; i++) - { - X[i] = LE32 (data[i]); - } -#endif - - Subround(F, a1, b1, c1, d1, e1, X[ 0], 11, k0); - Subround(F, e1, a1, b1, c1, d1, X[ 1], 14, k0); - Subround(F, d1, e1, a1, b1, c1, X[ 2], 15, k0); - Subround(F, c1, d1, e1, a1, b1, X[ 3], 12, k0); - Subround(F, b1, c1, d1, e1, a1, X[ 4], 5, k0); - Subround(F, a1, b1, c1, d1, e1, X[ 5], 8, k0); - Subround(F, e1, a1, b1, c1, d1, X[ 6], 7, k0); - Subround(F, d1, e1, a1, b1, c1, X[ 7], 9, k0); - Subround(F, c1, d1, e1, a1, b1, X[ 8], 11, k0); - Subround(F, b1, c1, d1, e1, a1, X[ 9], 13, k0); - Subround(F, a1, b1, c1, d1, e1, X[10], 14, k0); - Subround(F, e1, a1, b1, c1, d1, X[11], 15, k0); - Subround(F, d1, e1, a1, b1, c1, X[12], 6, k0); - Subround(F, c1, d1, e1, a1, b1, X[13], 7, k0); - Subround(F, b1, c1, d1, e1, a1, X[14], 9, k0); - Subround(F, a1, b1, c1, d1, e1, X[15], 8, k0); - - Subround(G, e1, a1, b1, c1, d1, X[ 7], 7, k1); - Subround(G, d1, e1, a1, b1, c1, X[ 4], 6, k1); - Subround(G, c1, d1, e1, a1, b1, X[13], 8, k1); - Subround(G, b1, c1, d1, e1, a1, X[ 1], 13, k1); - Subround(G, a1, b1, c1, d1, e1, X[10], 11, k1); - Subround(G, e1, a1, b1, c1, d1, X[ 6], 9, k1); - Subround(G, d1, e1, a1, b1, c1, X[15], 7, k1); - Subround(G, c1, d1, e1, a1, b1, X[ 3], 15, k1); - Subround(G, b1, c1, d1, e1, a1, X[12], 7, k1); - Subround(G, a1, b1, c1, d1, e1, X[ 0], 12, k1); - Subround(G, e1, a1, b1, c1, d1, X[ 9], 15, k1); - Subround(G, d1, e1, a1, b1, c1, X[ 5], 9, k1); - Subround(G, c1, d1, e1, a1, b1, X[ 2], 11, k1); - Subround(G, b1, c1, d1, e1, a1, X[14], 7, k1); - Subround(G, a1, b1, c1, d1, e1, X[11], 13, k1); - Subround(G, e1, a1, b1, c1, d1, X[ 8], 12, k1); - - Subround(H, d1, e1, a1, b1, c1, X[ 3], 11, k2); - Subround(H, c1, d1, e1, a1, b1, X[10], 13, k2); - Subround(H, b1, c1, d1, e1, a1, X[14], 6, k2); - Subround(H, a1, b1, c1, d1, e1, X[ 4], 7, k2); - Subround(H, e1, a1, b1, c1, d1, X[ 9], 14, k2); - Subround(H, d1, e1, a1, b1, c1, X[15], 9, k2); - Subround(H, c1, d1, e1, a1, b1, X[ 8], 13, k2); - Subround(H, b1, c1, d1, e1, a1, X[ 1], 15, k2); - Subround(H, a1, b1, c1, d1, e1, X[ 2], 14, k2); - Subround(H, e1, a1, b1, c1, d1, X[ 7], 8, k2); - Subround(H, d1, e1, a1, b1, c1, X[ 0], 13, k2); - Subround(H, c1, d1, e1, a1, b1, X[ 6], 6, k2); - Subround(H, b1, c1, d1, e1, a1, X[13], 5, k2); - Subround(H, a1, b1, c1, d1, e1, X[11], 12, k2); - Subround(H, e1, a1, b1, c1, d1, X[ 5], 7, k2); - Subround(H, d1, e1, a1, b1, c1, X[12], 5, k2); - - Subround(I, c1, d1, e1, a1, b1, X[ 1], 11, k3); - Subround(I, b1, c1, d1, e1, a1, X[ 9], 12, k3); - Subround(I, a1, b1, c1, d1, e1, X[11], 14, k3); - Subround(I, e1, a1, b1, c1, d1, X[10], 15, k3); - Subround(I, d1, e1, a1, b1, c1, X[ 0], 14, k3); - Subround(I, c1, d1, e1, a1, b1, X[ 8], 15, k3); - Subround(I, b1, c1, d1, e1, a1, X[12], 9, k3); - Subround(I, a1, b1, c1, d1, e1, X[ 4], 8, k3); - Subround(I, e1, a1, b1, c1, d1, X[13], 9, k3); - Subround(I, d1, e1, a1, b1, c1, X[ 3], 14, k3); - Subround(I, c1, d1, e1, a1, b1, X[ 7], 5, k3); - Subround(I, b1, c1, d1, e1, a1, X[15], 6, k3); - Subround(I, a1, b1, c1, d1, e1, X[14], 8, k3); - Subround(I, e1, a1, b1, c1, d1, X[ 5], 6, k3); - Subround(I, d1, e1, a1, b1, c1, X[ 6], 5, k3); - Subround(I, c1, d1, e1, a1, b1, X[ 2], 12, k3); - - Subround(J, b1, c1, d1, e1, a1, X[ 4], 9, k4); - Subround(J, a1, b1, c1, d1, e1, X[ 0], 15, k4); - Subround(J, e1, a1, b1, c1, d1, X[ 5], 5, k4); - Subround(J, d1, e1, a1, b1, c1, X[ 9], 11, k4); - Subround(J, c1, d1, e1, a1, b1, X[ 7], 6, k4); - Subround(J, b1, c1, d1, e1, a1, X[12], 8, k4); - Subround(J, a1, b1, c1, d1, e1, X[ 2], 13, k4); - Subround(J, e1, a1, b1, c1, d1, X[10], 12, k4); - Subround(J, d1, e1, a1, b1, c1, X[14], 5, k4); - Subround(J, c1, d1, e1, a1, b1, X[ 1], 12, k4); - Subround(J, b1, c1, d1, e1, a1, X[ 3], 13, k4); - Subround(J, a1, b1, c1, d1, e1, X[ 8], 14, k4); - Subround(J, e1, a1, b1, c1, d1, X[11], 11, k4); - Subround(J, d1, e1, a1, b1, c1, X[ 6], 8, k4); - Subround(J, c1, d1, e1, a1, b1, X[15], 5, k4); - Subround(J, b1, c1, d1, e1, a1, X[13], 6, k4); - - Subround(J, a2, b2, c2, d2, e2, X[ 5], 8, k5); - Subround(J, e2, a2, b2, c2, d2, X[14], 9, k5); - Subround(J, d2, e2, a2, b2, c2, X[ 7], 9, k5); - Subround(J, c2, d2, e2, a2, b2, X[ 0], 11, k5); - Subround(J, b2, c2, d2, e2, a2, X[ 9], 13, k5); - Subround(J, a2, b2, c2, d2, e2, X[ 2], 15, k5); - Subround(J, e2, a2, b2, c2, d2, X[11], 15, k5); - Subround(J, d2, e2, a2, b2, c2, X[ 4], 5, k5); - Subround(J, c2, d2, e2, a2, b2, X[13], 7, k5); - Subround(J, b2, c2, d2, e2, a2, X[ 6], 7, k5); - Subround(J, a2, b2, c2, d2, e2, X[15], 8, k5); - Subround(J, e2, a2, b2, c2, d2, X[ 8], 11, k5); - Subround(J, d2, e2, a2, b2, c2, X[ 1], 14, k5); - Subround(J, c2, d2, e2, a2, b2, X[10], 14, k5); - Subround(J, b2, c2, d2, e2, a2, X[ 3], 12, k5); - Subround(J, a2, b2, c2, d2, e2, X[12], 6, k5); - - Subround(I, e2, a2, b2, c2, d2, X[ 6], 9, k6); - Subround(I, d2, e2, a2, b2, c2, X[11], 13, k6); - Subround(I, c2, d2, e2, a2, b2, X[ 3], 15, k6); - Subround(I, b2, c2, d2, e2, a2, X[ 7], 7, k6); - Subround(I, a2, b2, c2, d2, e2, X[ 0], 12, k6); - Subround(I, e2, a2, b2, c2, d2, X[13], 8, k6); - Subround(I, d2, e2, a2, b2, c2, X[ 5], 9, k6); - Subround(I, c2, d2, e2, a2, b2, X[10], 11, k6); - Subround(I, b2, c2, d2, e2, a2, X[14], 7, k6); - Subround(I, a2, b2, c2, d2, e2, X[15], 7, k6); - Subround(I, e2, a2, b2, c2, d2, X[ 8], 12, k6); - Subround(I, d2, e2, a2, b2, c2, X[12], 7, k6); - Subround(I, c2, d2, e2, a2, b2, X[ 4], 6, k6); - Subround(I, b2, c2, d2, e2, a2, X[ 9], 15, k6); - Subround(I, a2, b2, c2, d2, e2, X[ 1], 13, k6); - Subround(I, e2, a2, b2, c2, d2, X[ 2], 11, k6); - - Subround(H, d2, e2, a2, b2, c2, X[15], 9, k7); - Subround(H, c2, d2, e2, a2, b2, X[ 5], 7, k7); - Subround(H, b2, c2, d2, e2, a2, X[ 1], 15, k7); - Subround(H, a2, b2, c2, d2, e2, X[ 3], 11, k7); - Subround(H, e2, a2, b2, c2, d2, X[ 7], 8, k7); - Subround(H, d2, e2, a2, b2, c2, X[14], 6, k7); - Subround(H, c2, d2, e2, a2, b2, X[ 6], 6, k7); - Subround(H, b2, c2, d2, e2, a2, X[ 9], 14, k7); - Subround(H, a2, b2, c2, d2, e2, X[11], 12, k7); - Subround(H, e2, a2, b2, c2, d2, X[ 8], 13, k7); - Subround(H, d2, e2, a2, b2, c2, X[12], 5, k7); - Subround(H, c2, d2, e2, a2, b2, X[ 2], 14, k7); - Subround(H, b2, c2, d2, e2, a2, X[10], 13, k7); - Subround(H, a2, b2, c2, d2, e2, X[ 0], 13, k7); - Subround(H, e2, a2, b2, c2, d2, X[ 4], 7, k7); - Subround(H, d2, e2, a2, b2, c2, X[13], 5, k7); - - Subround(G, c2, d2, e2, a2, b2, X[ 8], 15, k8); - Subround(G, b2, c2, d2, e2, a2, X[ 6], 5, k8); - Subround(G, a2, b2, c2, d2, e2, X[ 4], 8, k8); - Subround(G, e2, a2, b2, c2, d2, X[ 1], 11, k8); - Subround(G, d2, e2, a2, b2, c2, X[ 3], 14, k8); - Subround(G, c2, d2, e2, a2, b2, X[11], 14, k8); - Subround(G, b2, c2, d2, e2, a2, X[15], 6, k8); - Subround(G, a2, b2, c2, d2, e2, X[ 0], 14, k8); - Subround(G, e2, a2, b2, c2, d2, X[ 5], 6, k8); - Subround(G, d2, e2, a2, b2, c2, X[12], 9, k8); - Subround(G, c2, d2, e2, a2, b2, X[ 2], 12, k8); - Subround(G, b2, c2, d2, e2, a2, X[13], 9, k8); - Subround(G, a2, b2, c2, d2, e2, X[ 9], 12, k8); - Subround(G, e2, a2, b2, c2, d2, X[ 7], 5, k8); - Subround(G, d2, e2, a2, b2, c2, X[10], 15, k8); - Subround(G, c2, d2, e2, a2, b2, X[14], 8, k8); - - Subround(F, b2, c2, d2, e2, a2, X[12], 8, k9); - Subround(F, a2, b2, c2, d2, e2, X[15], 5, k9); - Subround(F, e2, a2, b2, c2, d2, X[10], 12, k9); - Subround(F, d2, e2, a2, b2, c2, X[ 4], 9, k9); - Subround(F, c2, d2, e2, a2, b2, X[ 1], 12, k9); - Subround(F, b2, c2, d2, e2, a2, X[ 5], 5, k9); - Subround(F, a2, b2, c2, d2, e2, X[ 8], 14, k9); - Subround(F, e2, a2, b2, c2, d2, X[ 7], 6, k9); - Subround(F, d2, e2, a2, b2, c2, X[ 6], 8, k9); - Subround(F, c2, d2, e2, a2, b2, X[ 2], 13, k9); - Subround(F, b2, c2, d2, e2, a2, X[13], 6, k9); - Subround(F, a2, b2, c2, d2, e2, X[14], 5, k9); - Subround(F, e2, a2, b2, c2, d2, X[ 0], 15, k9); - Subround(F, d2, e2, a2, b2, c2, X[ 3], 13, k9); - Subround(F, c2, d2, e2, a2, b2, X[ 9], 11, k9); - Subround(F, b2, c2, d2, e2, a2, X[11], 11, k9); - - c1 = digest[1] + c1 + d2; - digest[1] = digest[2] + d1 + e2; - digest[2] = digest[3] + e1 + a2; - digest[3] = digest[4] + a1 + b2; - digest[4] = digest[0] + b1 + c2; - digest[0] = c1; -} - -#else // TC_MINIMIZE_CODE_SIZE - -/* - Derived from source code of TrueCrypt 7.1a, which is - Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed - by the TrueCrypt License 3.0. - - Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX - and are governed by the Apache License 2.0 the full text of which is - contained in the file License.txt included in VeraCrypt binary and source - code distribution packages. -*/ - -#pragma optimize ("tl", on) - -typedef unsigned __int32 uint32; -typedef unsigned __int8 byte; - -#include -#pragma intrinsic (_lrotl) - -static const byte OrderTab[] = { - 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, - 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8, - 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12, - 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2, - 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13, - 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, - 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2, - 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13, - 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14, - 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11 -}; - -static const byte RolTab[] = { - 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8, - 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12, - 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5, - 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12, - 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6, - 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6, - 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11, - 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5, - 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8, - 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11 -}; - -static const uint32 KTab[] = { - 0x00000000UL, - 0x5A827999UL, - 0x6ED9EBA1UL, - 0x8F1BBCDCUL, - 0xA953FD4EUL, - 0x50A28BE6UL, - 0x5C4DD124UL, - 0x6D703EF3UL, - 0x7A6D76E9UL, - 0x00000000UL -}; - - -void RMD160Transform (unsigned __int32 *state, const unsigned __int32 *data) -{ - uint32 a, b, c, d, e; - uint32 a2, b2, c2, d2, e2; - byte pos; - uint32 tmp; - - a = state[0]; - b = state[1]; - c = state[2]; - d = state[3]; - e = state[4]; - - for (pos = 0; pos < 160; ++pos) - { - tmp = a + data[OrderTab[pos]] + KTab[pos >> 4]; - - switch (pos >> 4) - { - case 0: case 9: tmp += F (b, c, d); break; - case 1: case 8: tmp += G (b, c, d); break; - case 2: case 7: tmp += H (b, c, d); break; - case 3: case 6: tmp += I (b, c, d); break; - case 4: case 5: tmp += J (b, c, d); break; - } - - tmp = _lrotl (tmp, RolTab[pos]) + e; - a = e; - e = d; - d = _lrotl (c, 10); - c = b; - b = tmp; - - if (pos == 79) - { - a2 = a; - b2 = b; - c2 = c; - d2 = d; - e2 = e; - - a = state[0]; - b = state[1]; - c = state[2]; - d = state[3]; - e = state[4]; - } - } - - tmp = state[1] + c2 + d; - state[1] = state[2] + d2 + e; - state[2] = state[3] + e2 + a; - state[3] = state[4] + a2 + b; - state[4] = state[0] + b2 + c; - state[0] = tmp; -} - -#endif // TC_MINIMIZE_CODE_SIZE diff --git a/src/Crypto/Rmd160.h b/src/Crypto/Rmd160.h deleted file mode 100644 index 81b5d6f0..00000000 --- a/src/Crypto/Rmd160.h +++ /dev/null @@ -1,33 +0,0 @@ -#ifndef TC_HEADER_Crypto_Ripemd160 -#define TC_HEADER_Crypto_Ripemd160 - -#include "Common/Tcdefs.h" - -#if defined(__cplusplus) -extern "C" -{ -#endif - -#define RIPEMD160_BLOCK_LENGTH 64 - -typedef struct RMD160Context -{ - unsigned __int32 state[5]; -#ifndef TC_WINDOWS_BOOT - uint64 count; -#else - uint32 count; -#endif - unsigned char buffer[RIPEMD160_BLOCK_LENGTH]; -} RMD160_CTX; - -void RMD160Init (RMD160_CTX *ctx); -void RMD160Transform (unsigned __int32 *state, const unsigned __int32 *data); -void RMD160Update (RMD160_CTX *ctx, const unsigned char *input, unsigned __int32 len); -void RMD160Final (unsigned char *digest, RMD160_CTX *ctx); - -#if defined(__cplusplus) -} -#endif - -#endif // TC_HEADER_Crypto_Ripemd160 diff --git a/src/Crypto/Sources b/src/Crypto/Sources index 9a1bef14..9542d4b6 100644 --- a/src/Crypto/Sources +++ b/src/Crypto/Sources @@ -7,7 +7,6 @@ NTTARGETFILES = \ "$(OBJ_PATH)\$(O)\Aes_$(TC_ARCH).obj" \ "$(OBJ_PATH)\$(O)\Aes_hw_cpu.obj" \ "$(OBJ_PATH)\$(O)\rdrand_ml.obj" \ - "$(OBJ_PATH)\$(O)\gost89_$(TC_ARCH).obj" \ "$(OBJ_PATH)\$(O)\Twofish_$(TC_ARCH).obj" \ "$(OBJ_PATH)\$(O)\Camellia_$(TC_ARCH).obj" \ "$(OBJ_PATH)\$(O)\Camellia_aesni_$(TC_ARCH).obj" \ @@ -22,19 +21,21 @@ NTTARGETFILES = \ SOURCES = \ Aes_$(TC_ARCH).asm \ - gost89_$(TC_ARCH).asm \ Aes_hw_cpu.asm \ rdrand_ml.asm \ rdseed_ml.asm \ Aeskey.c \ Aestab.c \ + blake2s.c \ + blake2s_SSE2.c \ + blake2s_SSE41.c \ + blake2s_SSSE3.c \ chacha-xmm.c \ chacha256.c \ chachaRng.c \ cpu.c \ jitterentropy-base.c \ rdrand.c \ - Rmd160.c \ SerpentFast.c \ SerpentFast_simd.cpp \ Sha2.c \ @@ -43,7 +44,6 @@ SOURCES = \ t1ha2_selfcheck.c \ Twofish.c \ Twofish_$(TC_ARCH).S \ - GostCipher.c \ Streebog.c \ kuznyechik.c \ kuznyechik_simd.c \ diff --git a/src/Crypto/config.h b/src/Crypto/config.h index 8e1e41fc..7ed6aabf 100644 --- a/src/Crypto/config.h +++ b/src/Crypto/config.h @@ -128,6 +128,12 @@ #define CRYPTOPP_SSSE3_AVAILABLE 0 # endif +#if !defined(CRYPTOPP_DISABLE_SSSE3) && (defined(__SSSE3__) || (_MSC_VER >= 1500)) && !defined(_M_ARM) && !defined(_M_ARM64) + #define CRYPTOPP_BOOL_SSSE3_INTRINSICS_AVAILABLE 1 +#else + #define CRYPTOPP_BOOL_SSSE3_INTRINSICS_AVAILABLE 0 +#endif + #if !defined(CRYPTOPP_DISABLE_SSSE3) && !defined(CRYPTOPP_DISABLE_AESNI) && CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && (CRYPTOPP_GCC_VERSION >= 40400 || _MSC_FULL_VER >= 150030729 || __INTEL_COMPILER >= 1110 || defined(__AES__)) #define CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE 1 #else diff --git a/src/Crypto/cpu.h b/src/Crypto/cpu.h index 1a3efcee..157aeaef 100644 --- a/src/Crypto/cpu.h +++ b/src/Crypto/cpu.h @@ -134,6 +134,11 @@ extern __m128i _mm_slli_epi16(__m128i _A, int _Count); extern __m128i _mm_shuffle_epi32 (__m128i a, int imm8); extern __m128i _mm_set_epi64x (__int64 e1, __int64 e0); extern __m128i _mm_set1_epi64x (__int64 a); +extern __m128i _mm_castps_si128(__m128); +extern __m128 _mm_castsi128_ps(__m128i); +extern __m128 _mm_shuffle_ps(__m128 _A, __m128 _B, unsigned int _Imm8); +extern __m128i _mm_srli_si128(__m128i _A, int _Imm); +extern __m128i _mm_slli_si128(__m128i _A, int _Imm); #define _mm_xor_si64 _m_pxor #define _mm_empty _m_empty #define _MM_SHUFFLE(fp3,fp2,fp1,fp0) (((fp3) << 6) | ((fp2) << 4) | \ @@ -148,12 +153,12 @@ extern __m128i _mm_set1_epi64x (__int64 a); #endif #if CRYPTOPP_SSSE3_AVAILABLE || defined(__INTEL_COMPILER) -#if defined (_MSC_VER) && !defined (TC_WINDOWS_BOOT) #if defined(TC_WINDOWS_DRIVER) || defined (_UEFI) #if defined(__cplusplus) extern "C" { #endif extern __m128i _mm_shuffle_epi8 (__m128i a, __m128i b); +extern __m128i _mm_alignr_epi8 (__m128i a, __m128i b, int n); #if defined(__cplusplus) } #endif @@ -162,13 +167,14 @@ extern __m128i _mm_shuffle_epi8 (__m128i a, __m128i b); #endif #endif -#if defined(__SSE4_1__) || defined(__INTEL_COMPILER) || defined(_MSC_VER) +#if CRYPTOPP_BOOL_SSE41_INTRINSICS_AVAILABLE || defined(__INTEL_COMPILER) #if defined(TC_WINDOWS_DRIVER) || defined (_UEFI) #if defined(__cplusplus) extern "C" { #endif extern int _mm_extract_epi32(__m128i src, const int ndx); extern __m128i _mm_insert_epi32(__m128i dst, int s, const int ndx); +extern __m128i _mm_blend_epi16 (__m128i v1, __m128i v2, const int mask); #if defined(_M_X64) extern __m128i _mm_insert_epi64(__m128i dst, __int64 s, const int ndx); #endif @@ -200,7 +206,6 @@ extern __m128i _mm_aesdeclast_si128(__m128i v, __m128i rkey); #include #endif #endif -#endif #if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64 diff --git a/src/Crypto/gost89_x64.asm b/src/Crypto/gost89_x64.asm deleted file mode 100644 index 5f5892fe..00000000 --- a/src/Crypto/gost89_x64.asm +++ /dev/null @@ -1,483 +0,0 @@ -; -; GOST89 implementation x64 -; -; Copyright (c) 2016. Disk Cryptography Services for EFI (DCS), Alex Kolotnikov -; -; This program and the accompanying materials -; are licensed and made available under the terms and conditions -; of the Apache License, Version 2.0. -; -; The full text of the license may be found at -; https://opensource.org/licenses/Apache-2.0 -; -; Some ideas from article https://xakep.ru/2013/10/19/shifrovanie-gost-28147-89/ -; - -[section .bss align=16] - -;/////////////////////////////////////////////////////////////////// -;// Win64 registers to save -;/////////////////////////////////////////////////////////////////// -%macro SaveRegs 0 - sub rsp,8*8+10*16 - mov [rsp], rbx - mov [rsp+8], rbp - mov [rsp+8*2], rdi - mov [rsp+8*3], rsi - mov [rsp+8*4], r12 - mov [rsp+8*5], r13 - mov [rsp+8*6], r14 - mov [rsp+8*7], r15 -%endmacro - -%macro RestoreRegs 0 - mov rbx, [rsp] - mov rbp, [rsp+8] - mov rdi, [rsp+8*2] - mov rsi, [rsp+8*3] - mov r12, [rsp+8*4] - mov r13, [rsp+8*5] - mov r14, [rsp+8*6] - mov r15, [rsp+8*7] - add rsp,8*8+10*16 -%endmacro - -[section .text align=16] -;/////////////////////////////////////////////////////////////////// -;// Crypting 2 blocks -;/////////////////////////////////////////////////////////////////// -%macro gost_round2 2 ; 1 - pos1, 2 - pos2 - ; 1st - ; 1-2 byte - add ecx, r13d ; add key - movzx edi, cl - movzx esi, ch - xor r14d, dword [r8 + 32 + 256*3*4 + rdi*4] - xor r14d, dword [r8 + 32 + 256*2*4 + rsi*4] - shr ecx, 16 - ; 3-4 байт - movzx edi, cl - xor r14d, dword [r8 + 32 + 256*4 + rdi*4] - movzx esi, ch - xor r14d, dword [r8 + 32 + rsi*4] - mov edx, [r8 + %1*4] ; read key for second step - - ; 2nd - ; 1-2 byte - add eax, r10d ; read key - movzx r15d, al - movzx ebp, ah - xor r11d, dword [r8 + 32 + 256*3*4 + r15*4] - xor r11d, dword [r8 + 32 + 256*2*4 + rbp*4] - shr eax, 16 - ; 3-4 байт - movzx r15d, al - xor r11d, dword [r8 + 32 + 256*4 + r15*4] - movzx ebp, ah - xor r11d, dword [r8 + 32 + rbp*4] - mov ebx, [r8 + %1*4] ; read key for second step - - ; second step - ; 1st - ; 1-2 byte - add edx, r14d ; add key - movzx edi, dl - movzx esi, dh - xor r13d, dword [r8 + 32 + 256*3*4 + rdi*4] - xor r13d, dword [r8 + 32 + 256*2*4 + rsi*4] - shr edx, 16 - ; 3-4 байт - movzx edi, dl - xor r13d, dword [r8 + 32 + 256*4 + rdi*4] - movzx esi, dh - xor r13d, dword [r8 + 32 + rsi*4] - mov ecx, [r8 + %2*4] ; read key - - ; 2nd - ; 1-2 byte - add ebx, r11d; ; add key - movzx r15d, bl; - movzx ebp, bh; - xor r10d, dword [r8 + 32 + 256*3*4 + r15*4] - xor r10d, dword [r8 + 32 + 256*2*4 + rbp*4] - shr ebx, 16 - ; 3-4 байт - movzx r15d, bl - xor r10d, dword [r8 + 32 + 256*4 + r15*4] - movzx ebp, bh - xor r10d, dword [r8 + 32 + rbp*4] - mov eax, [r8 + %2*4] ; read key -%endmacro - -; input: r8 - &key, rcx - &IN -; returns: (r13) & (r10) -GostEncrypt2x64: - ; 1st - mov r13d, [rcx] - mov r14, [rcx] - shr r14, 32 - - ; 2nd - mov r10d, [rcx + 16] - mov r11, [rcx + 16] - shr r11, 32 - - mov ecx, [r8] - mov eax, ecx - - gost_round2 1, 2 - gost_round2 3, 4 - gost_round2 5, 6 - gost_round2 7, 0 - - gost_round2 1, 2 - gost_round2 3, 4 - gost_round2 5, 6 - gost_round2 7, 0 - - gost_round2 1, 2 - gost_round2 3, 4 - gost_round2 5, 6 - gost_round2 7, 7 - - gost_round2 6, 5 - gost_round2 4, 3 - gost_round2 2, 1 - gost_round2 0, 0 - - shl r13, 32 ; combine - or r13, r14 - - shl r10, 32 ; combine - or r10, r11 - ret - -; input: r8 - &key, rcx - &IN -; returns: (r13) & (r10) -GostDecrypt2x64: - ; 1st - mov r13d, [rcx] - mov r14, [rcx] - shr r14, 32 - - ; 2nd - mov r10d, [rcx + 16] - mov r11, [rcx + 16] - shr r11, 32 - - mov ecx, [r8] - mov eax, ecx - - gost_round2 1, 2 - gost_round2 3, 4 - gost_round2 5, 6 - gost_round2 7, 7 - - gost_round2 6, 5 - gost_round2 4, 3 - gost_round2 2, 1 - gost_round2 0, 7 - - gost_round2 6, 5 - gost_round2 4, 3 - gost_round2 2, 1 - gost_round2 0, 7 - - gost_round2 6, 5 - gost_round2 4, 3 - gost_round2 2, 1 - gost_round2 0, 0 - - shl r13, 32 ; combine - or r13, r14 - - shl r10, 32 ; combine - or r10, r11 -ret - -;/////////////////////////////////////////////////////////////////// -;// Crypting 1 block -;/////////////////////////////////////////////////////////////////// -%macro gost_round1 2 ; 1 - pos1, 2 - pos2 - ; 1-2 byte - add ecx, r13d ; add key - movzx edi, cl - movzx esi, ch - xor r14d, dword [r8 + 32 + 256*3*4 + rdi*4] - xor r14d, dword [r8 + 32 + 256*2*4 + rsi*4] - shr ecx, 16 - ; 3-4 байт - movzx edi, cl - xor r14d, dword [r8 + 32 + 256*4 + rdi*4] - movzx esi, ch - xor r14d, dword [r8 + 32 + rsi*4] - mov edx, [r8 + %1*4] ; read key for second step - - ; second step - ; 1-2 byte - add edx, r14d ; add key - movzx edi, dl - movzx esi, dh - xor r13d, dword [r8 + 32 + 256*3*4 + rdi*4] - xor r13d, dword [r8 + 32 + 256*2*4 + rsi*4] - shr edx, 16 - ; 3-4 байт - movzx edi, dl - xor r13d, dword [r8 + 32 + 256*4 + rdi*4] - movzx esi, dh - xor r13d, dword [r8 + 32 + rsi*4] - mov ecx, [r8 + %2*4] ; read key -%endmacro - -; input: r8 - &gost_kds rcx - &IN -; returns: r13 -GostEncrypt1x64: - mov r13d, [rcx] - mov r14, [rcx] - shr r14, 32 - mov ecx, [r8] - - gost_round1 1, 2 - gost_round1 3, 4 - gost_round1 5, 6 - gost_round1 7, 0 - - gost_round1 1, 2 - gost_round1 3, 4 - gost_round1 5, 6 - gost_round1 7, 0 - - gost_round1 1, 2 - gost_round1 3, 4 - gost_round1 5, 6 - gost_round1 7, 7 - - gost_round1 6, 5 - gost_round1 4, 3 - gost_round1 2, 1 - gost_round1 0, 0 - - shl r13, 32 ; combine - or r13, r14 -ret - -; input: r8 - &gost_kds rcx - IN -; returns: r13 -GostDecrypt1x64: - mov r13d, [rcx] - mov r14, [rcx] - shr r14, 32 - mov ecx, [r8] - - gost_round1 1, 2 - gost_round1 3, 4 - gost_round1 5, 6 - gost_round1 7, 7 - - gost_round1 6, 5 - gost_round1 4, 3 - gost_round1 2, 1 - gost_round1 0, 7 - - gost_round1 6, 5 - gost_round1 4, 3 - gost_round1 2, 1 - gost_round1 0, 7 - - gost_round1 6, 5 - gost_round1 4, 3 - gost_round1 2, 1 - gost_round1 0, 0 - - shl r13, 32 ; combine - or r13, r14 -ret - -global gost_encrypt_128_CBC_asm ; gost_encrypt_128_CBC_asm(uint64* in, uint64* out, gost_kds* kds, uint64 count); -; rcx - &in -; rdx - &out -; r8 - &gost_kds -; r9 - count -gost_encrypt_128_CBC_asm: - SaveRegs ; Saving - - sub rsp, 32 - mov [rsp], rdx ; Save out addr - mov [rsp + 8], rcx ; Save in addr - mov [rsp + 16], r8 ; key addr - -.do: - mov [rsp + 24], r9 ; Save count - cmp r9, 2 - jge .blk2 - cmp r9, 1 - jge .blk1 - jmp .end - -; One 128 block encryption -.blk1: - mov rcx, [rsp + 8] ; set in addr - call GostEncrypt1x64 - - mov rdx, [rsp] ; Restore out - mov rcx, [rsp + 8] ; restore in - - mov [rdx], r13 - mov rax, [rcx + 8] - xor rax, r13 ; CBC - - add rdx, 8 ;next 8 bytes - mov [rdx], rax - - mov rcx, rdx - call GostEncrypt1x64 - - mov rdx, [rsp] ; Restore out addr - mov rcx, [rsp+8] ; Restore in addr - - mov [rdx + 8], r13 - - add rdx,16 - mov [rsp], rdx - - add rcx, 16 - mov [rsp+8], rcx - - mov r9, [rsp + 24] - dec r9 - - jmp .do - -.blk2: - mov rcx, [rsp + 8] ; set in addr - call GostEncrypt2x64 - - mov rdx, [rsp] ; Restore out - mov rcx, [rsp + 8] ; restore in - - mov [rdx], r13 - - mov rax, [rcx + 8] - xor rax, r13 ; CBC - - mov [rdx + 16], r10 - - mov rbx, [rcx + 24] - xor rbx, r10 ; CBC - - mov [rdx + 8], rax - mov [rdx + 24], rbx - - add rdx, 8 ;next 8 bytes - - mov rcx, rdx - call GostEncrypt2x64 - - mov rdx, [rsp] ; Restore out addr - mov rcx, [rsp+8] ; Restore in addr - - mov [rdx + 8], r13 - mov [rdx + 24], r10 - - add rdx,32 - mov [rsp], rdx - - add rcx, 32 - mov [rsp+8], rcx - - mov r9, [rsp + 24] - sub r9, 2 - - jmp .do - -.end: - add rsp, 32 ; Load out addr - RestoreRegs ; Load -ret - -global gost_decrypt_128_CBC_asm ; gost_decrypt_128_CBC_asm(uint64* in, uint64* out, const gost_kds* kds, uint64 count); -; rcx - &in -; rdx - &out -; r8 - &gost_kds -; r9 - count -gost_decrypt_128_CBC_asm: - SaveRegs ; Saving - - sub rsp, 32 - mov [rsp], rdx ; Save out addr - mov [rsp+8], rcx ; Save in addr - mov [rsp+16], r8 ; key addr - -.do: - mov [rsp + 24], r9 ; Save count - cmp r9, 2 - jge .blk2 - cmp r9, 1 - jge .blk1 - jmp .end - -; One 128 block decryption -.blk1: - add rcx, 8 - call GostDecrypt1x64 - mov rdx, [rsp] ; Restore out - mov rcx, [rsp + 8] ; Restore in - mov rax, [rcx] - xor rax, r13 ; CBC - mov [rdx + 8], rax - - call GostDecrypt1x64 - - mov rdx, [rsp] ; Restore out addr - mov rcx, [rsp+8] ; Restore in addr - - mov [rdx], r13 - - add rdx,16 - mov [rsp], rdx - - add rcx, 16 - mov [rsp+8], rcx - - mov r9, [rsp + 24] - dec r9 - - jmp .do - -.blk2: - add rcx, 8 - call GostDecrypt2x64 - mov rdx, [rsp] ; Restore out - mov rcx, [rsp + 8] ; Restore in - - mov rax, [rcx] - xor rax, r13 ; CBC - mov [rdx + 8], rax - - mov rbx, [rcx+16] - xor rbx, r10 ; CBC - mov [rdx + 24], rbx - - call GostDecrypt2x64 - - mov rdx, [rsp] ; Restore out addr - mov rcx, [rsp+8] ; Restore in addr - - mov [rdx], r13 - mov [rdx+16], r10 - - add rdx,32 - mov [rsp], rdx - - add rcx,32 - mov [rsp+8], rcx - - mov r9, [rsp + 24] - sub r9, 2 - - jmp .do - -.end: - add rsp, 32 ; Load out addr - RestoreRegs ; Load -ret -- cgit v1.2.3