10 #if CRYPTOPP_SSE2_INTRIN_AVAILABLE 11 # define CRYPTOPP_ENABLE_ARIA_SSE2_INTRINSICS 1 14 #if CRYPTOPP_SSSE3_AVAILABLE 15 # define CRYPTOPP_ENABLE_ARIA_SSSE3_INTRINSICS 1 20 #define UINT32_CAST(x) ((word32 *)(void *)(x)) 23 NAMESPACE_BEGIN(ARIATab)
25 extern const word32 S1[256];
26 extern const word32 S2[256];
27 extern const word32 X1[256];
28 extern const word32 X2[256];
29 extern const word32 KRK[3][4];
36 using CryptoPP::ARIATab::S1;
37 using CryptoPP::ARIATab::S2;
38 using CryptoPP::ARIATab::X1;
39 using CryptoPP::ARIATab::X2;
40 using CryptoPP::ARIATab::KRK;
42 inline byte ARIA_BRF(
const word32 x,
const int y) {
48 typedef BlockGetAndPut<word32, NativeByteOrder, true, true> NativeBlock; \ 49 NativeBlock::Put(rk, t)(t[0])(t[1])(t[2])(t[3]); \ 53 #define SBL1_M(T0,T1,T2,T3) { \ 54 T0=S1[ARIA_BRF(T0,3)]^S2[ARIA_BRF(T0,2)]^X1[ARIA_BRF(T0,1)]^X2[ARIA_BRF(T0,0)]; \ 55 T1=S1[ARIA_BRF(T1,3)]^S2[ARIA_BRF(T1,2)]^X1[ARIA_BRF(T1,1)]^X2[ARIA_BRF(T1,0)]; \ 56 T2=S1[ARIA_BRF(T2,3)]^S2[ARIA_BRF(T2,2)]^X1[ARIA_BRF(T2,1)]^X2[ARIA_BRF(T2,0)]; \ 57 T3=S1[ARIA_BRF(T3,3)]^S2[ARIA_BRF(T3,2)]^X1[ARIA_BRF(T3,1)]^X2[ARIA_BRF(T3,0)]; \ 61 #define SBL2_M(T0,T1,T2,T3) { \ 62 T0=X1[ARIA_BRF(T0,3)]^X2[ARIA_BRF(T0,2)]^S1[ARIA_BRF(T0,1)]^S2[ARIA_BRF(T0,0)]; \ 63 T1=X1[ARIA_BRF(T1,3)]^X2[ARIA_BRF(T1,2)]^S1[ARIA_BRF(T1,1)]^S2[ARIA_BRF(T1,0)]; \ 64 T2=X1[ARIA_BRF(T2,3)]^X2[ARIA_BRF(T2,2)]^S1[ARIA_BRF(T2,1)]^S2[ARIA_BRF(T2,0)]; \ 65 T3=X1[ARIA_BRF(T3,3)]^X2[ARIA_BRF(T3,2)]^S1[ARIA_BRF(T3,1)]^S2[ARIA_BRF(T3,0)]; \ 68 #define ARIA_P(T0,T1,T2,T3) { \ 69 (T1) = (((T1)<< 8)&0xff00ff00) ^ (((T1)>> 8)&0x00ff00ff); \ 70 (T2) = rotrConstant<16>(T2); \ 71 (T3) = ByteReverse((T3)); \ 74 #define ARIA_M(X,Y) { \ 75 Y=(X)<<8 ^ (X)>>8 ^ (X)<<16 ^ (X)>>16 ^ (X)<<24 ^ (X)>>24; \ 78 #define ARIA_MM(T0,T1,T2,T3) { \ 79 (T1)^=(T2); (T2)^=(T3); (T0)^=(T1); \ 80 (T3)^=(T1); (T2)^=(T0); (T1)^=(T2); \ 83 #define ARIA_FO {SBL1_M(t[0],t[1],t[2],t[3]) ARIA_MM(t[0],t[1],t[2],t[3]) ARIA_P(t[0],t[1],t[2],t[3]) ARIA_MM(t[0],t[1],t[2],t[3])} 84 #define ARIA_FE {SBL2_M(t[0],t[1],t[2],t[3]) ARIA_MM(t[0],t[1],t[2],t[3]) ARIA_P(t[2],t[3],t[0],t[1]) ARIA_MM(t[0],t[1],t[2],t[3])} 86 #if (CRYPTOPP_ARM_NEON_AVAILABLE) 87 extern void ARIA_UncheckedSetKey_Schedule_NEON(byte* rk, word32* ws,
unsigned int keylen);
88 extern void ARIA_ProcessAndXorBlock_Xor_NEON(
const byte* xorBlock, byte* outblock);
91 #if (CRYPTOPP_SSSE3_AVAILABLE) 92 extern void ARIA_ProcessAndXorBlock_Xor_SSSE3(
const byte* xorBlock, byte* outBlock,
const byte *rk, word32 *t);
96 template <
unsigned int N>
97 inline void ARIA_GSRK(
const word32 X[4],
const word32 Y[4], byte RK[16])
100 static const unsigned int Q = 4-(N/32);
101 static const unsigned int R = N % 32;
102 UINT32_CAST(RK)[0] = (X[0]) ^ ((Y[(Q )%4])>>R) ^ ((Y[(Q+3)%4])<<(32-R));
103 UINT32_CAST(RK)[1] = (X[1]) ^ ((Y[(Q+1)%4])>>R) ^ ((Y[(Q )%4])<<(32-R));
104 UINT32_CAST(RK)[2] = (X[2]) ^ ((Y[(Q+2)%4])>>R) ^ ((Y[(Q+1)%4])<<(32-R));
105 UINT32_CAST(RK)[3] = (X[3]) ^ ((Y[(Q+3)%4])>>R) ^ ((Y[(Q+2)%4])<<(32-R));
108 void ARIA::Base::UncheckedSetKey(
const byte *key,
unsigned int keylen,
const NameValuePairs ¶ms)
110 CRYPTOPP_UNUSED(params);
115 const byte *mk = key;
116 byte *rk = m_rk.
data();
122 R = r = m_rounds = 12;
126 R = r = m_rounds = 16;
130 R = r = m_rounds = 14;
134 Q = q = R = r = m_rounds = 0;
139 word32 *w0 = m_w.
data(), *w1 = m_w.
data()+8, *w2 = m_w.
data()+12, *w3 = m_w.
data()+16, *t = m_w.
data()+20;
142 block(w0[0])(w0[1])(w0[2])(w0[3]);
144 t[0]=w0[0]^KRK[q][0]; t[1]=w0[1]^KRK[q][1];
145 t[2]=w0[2]^KRK[q][2]; t[3]=w0[3]^KRK[q][3];
152 block(w1[0])(w1[1])(w1[2])(w1[3]);
154 else if (keylen == 24)
157 block(w1[0])(w1[1]); w1[2] = w1[3] = 0;
161 w1[0]=w1[1]=w1[2]=w1[3]=0;
164 w1[0]^=t[0]; w1[1]^=t[1]; w1[2]^=t[2]; w1[3]^=t[3];
167 q = (q==2) ? 0 : (q+1);
168 t[0]^=KRK[q][0]; t[1]^=KRK[q][1]; t[2]^=KRK[q][2]; t[3]^=KRK[q][3];
172 t[0]^=w0[0]; t[1]^=w0[1]; t[2]^=w0[2]; t[3]^=w0[3];
175 q = (q==2) ? 0 : (q+1);
176 t[0]^=KRK[q][0]; t[1]^=KRK[q][1]; t[2]^=KRK[q][2]; t[3]^=KRK[q][3];
180 w3[0]=t[0]^w1[0]; w3[1]=t[1]^w1[1]; w3[2]=t[2]^w1[2]; w3[3]=t[3]^w1[3];
182 #if CRYPTOPP_ARM_NEON_AVAILABLE 185 ARIA_UncheckedSetKey_Schedule_NEON(rk, m_w, keylen);
188 #endif // CRYPTOPP_ARM_NEON_AVAILABLE 190 ARIA_GSRK<19>(w0, w1, rk + 0);
191 ARIA_GSRK<19>(w1, w2, rk + 16);
192 ARIA_GSRK<19>(w2, w3, rk + 32);
193 ARIA_GSRK<19>(w3, w0, rk + 48);
194 ARIA_GSRK<31>(w0, w1, rk + 64);
195 ARIA_GSRK<31>(w1, w2, rk + 80);
196 ARIA_GSRK<31>(w2, w3, rk + 96);
197 ARIA_GSRK<31>(w3, w0, rk + 112);
198 ARIA_GSRK<67>(w0, w1, rk + 128);
199 ARIA_GSRK<67>(w1, w2, rk + 144);
200 ARIA_GSRK<67>(w2, w3, rk + 160);
201 ARIA_GSRK<67>(w3, w0, rk + 176);
202 ARIA_GSRK<97>(w0, w1, rk + 192);
206 ARIA_GSRK<97>(w1, w2, rk + 208);
207 ARIA_GSRK<97>(w2, w3, rk + 224);
211 ARIA_GSRK< 97>(w3, w0, rk + 240);
212 ARIA_GSRK<109>(w0, w1, rk + 256);
218 if (!IsForwardTransformation())
224 a=UINT32_CAST(rk); s=m_w.
data()+24; z=a+r*4;
225 ::memcpy(t, a, 16); ::memcpy(a, z, 16); ::memcpy(z, t, 16);
228 for (; a<z; a+=4, z-=4)
230 ARIA_M(a[0],t[0]); ARIA_M(a[1],t[1]); ARIA_M(a[2],t[2]); ARIA_M(a[3],t[3]);
231 ARIA_MM(t[0],t[1],t[2],t[3]); ARIA_P(t[0],t[1],t[2],t[3]); ARIA_MM(t[0],t[1],t[2],t[3]);
234 ARIA_M(z[0],t[0]); ARIA_M(z[1],t[1]); ARIA_M(z[2],t[2]); ARIA_M(z[3],t[3]);
235 ARIA_MM(t[0],t[1],t[2],t[3]); ARIA_P(t[0],t[1],t[2],t[3]); ARIA_MM(t[0],t[1],t[2],t[3]);
236 ::memcpy(a, t, 16); ::memcpy(z, s, 16);
239 ARIA_M(a[0],t[0]); ARIA_M(a[1],t[1]); ARIA_M(a[2],t[2]); ARIA_M(a[3],t[3]);
240 ARIA_MM(t[0],t[1],t[2],t[3]); ARIA_P(t[0],t[1],t[2],t[3]); ARIA_MM(t[0],t[1],t[2],t[3]);
245 CRYPTOPP_UNUSED(Q); CRYPTOPP_UNUSED(R);
246 CRYPTOPP_UNUSED(q); CRYPTOPP_UNUSED(r);
249 void ARIA::Base::ProcessAndXorBlock(
const byte *inBlock,
const byte *xorBlock, byte *outBlock)
const 251 const byte *rk =
reinterpret_cast<const byte*
>(m_rk.
data());
252 word32 *t =
const_cast<word32*
>(m_w.
data()+20);
258 volatile word32 _u = 0;
261 for (i=0; i<
COUNTOF(S1); i+=cacheLineSize/(
sizeof(S1[0])))
266 block(t[0])(t[1])(t[2])(t[3]);
269 ARIA_KXL; rk+= 16; ARIA_FO;
270 ARIA_KXL; rk+= 16; ARIA_FE;
274 ARIA_KXL; rk+= 16; ARIA_FO;
275 ARIA_KXL; rk+= 16; ARIA_FE;
278 ARIA_KXL; rk+= 16; ARIA_FO; ARIA_KXL; rk+= 16; ARIA_FE;
279 ARIA_KXL; rk+= 16; ARIA_FO; ARIA_KXL; rk+= 16; ARIA_FE;
280 ARIA_KXL; rk+= 16; ARIA_FO; ARIA_KXL; rk+= 16; ARIA_FE;
281 ARIA_KXL; rk+= 16; ARIA_FO; ARIA_KXL; rk+= 16; ARIA_FE;
282 ARIA_KXL; rk+= 16; ARIA_FO; ARIA_KXL; rk+= 16; ARIA_FE;
283 ARIA_KXL; rk+= 16; ARIA_FO; ARIA_KXL; rk+= 16;
285 #if CRYPTOPP_ENABLE_ARIA_SSSE3_INTRINSICS 288 ARIA_ProcessAndXorBlock_Xor_SSSE3(xorBlock, outBlock, rk, t);
292 #endif // CRYPTOPP_ENABLE_ARIA_SSSE3_INTRINSICS 294 #ifdef CRYPTOPP_LITTLE_ENDIAN 296 outBlock[ 0] = (byte)(X1[ARIA_BRF(t[0],3)] ) ^ rk[ 3];
297 outBlock[ 1] = (byte)(X2[ARIA_BRF(t[0],2)]>>8) ^ rk[ 2];
298 outBlock[ 2] = (byte)(S1[ARIA_BRF(t[0],1)] ) ^ rk[ 1];
299 outBlock[ 3] = (byte)(S2[ARIA_BRF(t[0],0)] ) ^ rk[ 0];
300 outBlock[ 4] = (byte)(X1[ARIA_BRF(t[1],3)] ) ^ rk[ 7];
301 outBlock[ 5] = (byte)(X2[ARIA_BRF(t[1],2)]>>8) ^ rk[ 6];
302 outBlock[ 6] = (byte)(S1[ARIA_BRF(t[1],1)] ) ^ rk[ 5];
303 outBlock[ 7] = (byte)(S2[ARIA_BRF(t[1],0)] ) ^ rk[ 4];
304 outBlock[ 8] = (byte)(X1[ARIA_BRF(t[2],3)] ) ^ rk[11];
305 outBlock[ 9] = (byte)(X2[ARIA_BRF(t[2],2)]>>8) ^ rk[10];
306 outBlock[10] = (byte)(S1[ARIA_BRF(t[2],1)] ) ^ rk[ 9];
307 outBlock[11] = (byte)(S2[ARIA_BRF(t[2],0)] ) ^ rk[ 8];
308 outBlock[12] = (byte)(X1[ARIA_BRF(t[3],3)] ) ^ rk[15];
309 outBlock[13] = (byte)(X2[ARIA_BRF(t[3],2)]>>8) ^ rk[14];
310 outBlock[14] = (byte)(S1[ARIA_BRF(t[3],1)] ) ^ rk[13];
311 outBlock[15] = (byte)(S2[ARIA_BRF(t[3],0)] ) ^ rk[12];
315 outBlock[ 0] = (byte)(X1[ARIA_BRF(t[0],3)] ) ^ rk[ 0];
316 outBlock[ 1] = (byte)(X2[ARIA_BRF(t[0],2)]>>8) ^ rk[ 1];
317 outBlock[ 2] = (byte)(S1[ARIA_BRF(t[0],1)] ) ^ rk[ 2];
318 outBlock[ 3] = (byte)(S2[ARIA_BRF(t[0],0)] ) ^ rk[ 3];
319 outBlock[ 4] = (byte)(X1[ARIA_BRF(t[1],3)] ) ^ rk[ 4];
320 outBlock[ 5] = (byte)(X2[ARIA_BRF(t[1],2)]>>8) ^ rk[ 5];
321 outBlock[ 6] = (byte)(S1[ARIA_BRF(t[1],1)] ) ^ rk[ 6];
322 outBlock[ 7] = (byte)(S2[ARIA_BRF(t[1],0)] ) ^ rk[ 7];
323 outBlock[ 8] = (byte)(X1[ARIA_BRF(t[2],3)] ) ^ rk[ 8];
324 outBlock[ 9] = (byte)(X2[ARIA_BRF(t[2],2)]>>8) ^ rk[ 9];
325 outBlock[10] = (byte)(S1[ARIA_BRF(t[2],1)] ) ^ rk[10];
326 outBlock[11] = (byte)(S2[ARIA_BRF(t[2],0)] ) ^ rk[11];
327 outBlock[12] = (byte)(X1[ARIA_BRF(t[3],3)] ) ^ rk[12];
328 outBlock[13] = (byte)(X2[ARIA_BRF(t[3],2)]>>8) ^ rk[13];
329 outBlock[14] = (byte)(S1[ARIA_BRF(t[3],1)] ) ^ rk[14];
330 outBlock[15] = (byte)(S2[ARIA_BRF(t[3],0)] ) ^ rk[15];
332 #endif // CRYPTOPP_LITTLE_ENDIAN 334 #if CRYPTOPP_ARM_NEON_AVAILABLE 337 if (xorBlock != NULLPTR)
338 ARIA_ProcessAndXorBlock_Xor_NEON(xorBlock, outBlock);
341 #endif // CRYPTOPP_ARM_NEON_AVAILABLE 343 if (xorBlock != NULLPTR)
345 outBlock[n] ^= xorBlock[n];
Utility functions for the Crypto++ library.
bool HasSSSE3()
Determines SSSE3 availability.
Library configuration file.
int GetCacheLineSize()
Provides the cache line size.
void New(size_type newSize)
Change size without preserving contents.
A::pointer data()
Provides a pointer to the first element in the memory block.
#define COUNTOF(arr)
Counts elements in an array.
Classes for the ARIA block cipher.
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
Functions for CPU features and intrinsics.
Access a block of memory.
Crypto++ library namespace.
static const int BLOCKSIZE
The block size of the algorithm provided as a constant.
bool HasNEON()
Determine if an ARM processor has Advanced SIMD available.
Interface for retrieving values given their names.