diff options
author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2019-02-08 01:48:12 +0100 |
---|---|---|
committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2019-02-08 01:50:12 +0100 |
commit | ba5da0946c3abaa93d1161ca512c3c326cda3736 (patch) | |
tree | 128c238dea40ac0de0c7de8e0b02810eabc8e564 /src/Crypto/chacha_u4.h | |
parent | e5b9cee8681dc45340321f759079b344a3b2676c (diff) | |
download | VeraCrypt-ba5da0946c3abaa93d1161ca512c3c326cda3736.tar.gz VeraCrypt-ba5da0946c3abaa93d1161ca512c3c326cda3736.zip |
Windows: Add implementation of ChaCha20 based random generator. Use it for driver need of random bytes (currently only wipe bytes but more to come later).
Diffstat (limited to 'src/Crypto/chacha_u4.h')
-rw-r--r-- | src/Crypto/chacha_u4.h | 187 |
1 files changed, 187 insertions, 0 deletions
diff --git a/src/Crypto/chacha_u4.h b/src/Crypto/chacha_u4.h new file mode 100644 index 00000000..8eef5dc5 --- /dev/null +++ b/src/Crypto/chacha_u4.h @@ -0,0 +1,187 @@ +/* +u4.h version $Date: 2014/11/11 10:46:58 $ +D. J. Bernstein +Romain Dolbeau +Public domain. +*/ + +// Modified by kerukuro for use in cppcrypto. + +#define VEC4_ROT(a,imm) _mm_or_si128(_mm_slli_epi32(a,imm),_mm_srli_epi32(a,(32-imm))) + +/* same, but replace 2 of the shift/shift/or "rotation" by byte shuffles (8 & 16) (better) */ +#define VEC4_QUARTERROUND_SHUFFLE(a,b,c,d) \ + x_##a = _mm_add_epi32(x_##a, x_##b); t_##a = _mm_xor_si128(x_##d, x_##a); x_##d = _mm_shuffle_epi8(t_##a, rot16); \ + x_##c = _mm_add_epi32(x_##c, x_##d); t_##c = _mm_xor_si128(x_##b, x_##c); x_##b = VEC4_ROT(t_##c, 12); \ + x_##a = _mm_add_epi32(x_##a, x_##b); t_##a = _mm_xor_si128(x_##d, x_##a); x_##d = _mm_shuffle_epi8(t_##a, rot8); \ + x_##c = _mm_add_epi32(x_##c, x_##d); t_##c = _mm_xor_si128(x_##b, x_##c); x_##b = VEC4_ROT(t_##c, 7) + +#define VEC4_QUARTERROUND(a,b,c,d) VEC4_QUARTERROUND_SHUFFLE(a,b,c,d) + + +// if (!bytes) return; +if (bytes>=256) { + /* constant for shuffling bytes (replacing multiple-of-8 rotates) */ + __m128i rot16 = _mm_set_epi8(13,12,15,14,9,8,11,10,5,4,7,6,1,0,3,2); + __m128i rot8 = _mm_set_epi8(14,13,12,15,10,9,8,11,6,5,4,7,2,1,0,3); + uint32 in12, in13; + __m128i x_0 = _mm_set1_epi32(x[0]); + __m128i x_1 = _mm_set1_epi32(x[1]); + __m128i x_2 = _mm_set1_epi32(x[2]); + __m128i x_3 = _mm_set1_epi32(x[3]); + __m128i x_4 = _mm_set1_epi32(x[4]); + __m128i x_5 = _mm_set1_epi32(x[5]); + __m128i x_6 = _mm_set1_epi32(x[6]); + __m128i x_7 = _mm_set1_epi32(x[7]); + __m128i x_8 = _mm_set1_epi32(x[8]); + __m128i x_9 = _mm_set1_epi32(x[9]); + __m128i x_10 = _mm_set1_epi32(x[10]); + __m128i x_11 = _mm_set1_epi32(x[11]); + __m128i x_12;// = _mm_set1_epi32(x[12]); /* useless */ + __m128i x_13;// = _mm_set1_epi32(x[13]); /* useless */ + __m128i x_14 = _mm_set1_epi32(x[14]); + __m128i x_15 = _mm_set1_epi32(x[15]); + __m128i orig0 = x_0; + __m128i orig1 = x_1; + __m128i orig2 = x_2; + __m128i orig3 = x_3; + __m128i orig4 = x_4; + __m128i orig5 = x_5; + __m128i orig6 = x_6; + __m128i orig7 = x_7; + __m128i orig8 = x_8; + __m128i orig9 = x_9; + __m128i orig10 = x_10; + __m128i orig11 = x_11; + __m128i orig12;// = x_12; /* useless */ + __m128i orig13;// = x_13; /* useless */ + __m128i orig14 = x_14; + __m128i orig15 = x_15; + __m128i t_0; + __m128i t_1; + __m128i t_2; + __m128i t_3; + __m128i t_4; + __m128i t_5; + __m128i t_6; + __m128i t_7; + __m128i t_8; + __m128i t_9; + __m128i t_10; + __m128i t_11; + __m128i t_12; + __m128i t_13; + __m128i t_14; + __m128i t_15; + + while (bytes >= 256) { + const __m128i addv12 = _mm_set_epi64x(1,0); + const __m128i addv13 = _mm_set_epi64x(3,2); + __m128i t12, t13; + uint64 in1213; + + x_0 = orig0; + x_1 = orig1; + x_2 = orig2; + x_3 = orig3; + x_4 = orig4; + x_5 = orig5; + x_6 = orig6; + x_7 = orig7; + x_8 = orig8; + x_9 = orig9; + x_10 = orig10; + x_11 = orig11; + //x_12 = orig12; /* useless */ + //x_13 = orig13; /* useless */ + x_14 = orig14; + x_15 = orig15; + + + + + in12 = x[12]; + in13 = x[13]; + in1213 = ((uint64)in12) | (((uint64)in13) << 32); + t12 = _mm_set1_epi64x(in1213); + t13 = _mm_set1_epi64x(in1213); + + x_12 = _mm_add_epi64(addv12, t12); + x_13 = _mm_add_epi64(addv13, t13); + + t12 = _mm_unpacklo_epi32(x_12, x_13); + t13 = _mm_unpackhi_epi32(x_12, x_13); + + x_12 = _mm_unpacklo_epi32(t12, t13); + x_13 = _mm_unpackhi_epi32(t12, t13); + + orig12 = x_12; + orig13 = x_13; + + in1213 += 4; + + x[12] = in1213 & 0xFFFFFFFF; + x[13] = (in1213>>32)&0xFFFFFFFF; + + for (i = 0 ; i < r ; ++i) { + VEC4_QUARTERROUND( 0, 4, 8,12); + VEC4_QUARTERROUND( 1, 5, 9,13); + VEC4_QUARTERROUND( 2, 6,10,14); + VEC4_QUARTERROUND( 3, 7,11,15); + VEC4_QUARTERROUND( 0, 5,10,15); + VEC4_QUARTERROUND( 1, 6,11,12); + VEC4_QUARTERROUND( 2, 7, 8,13); + VEC4_QUARTERROUND( 3, 4, 9,14); + } + +#define ONEQUAD_TRANSPOSE(a,b,c,d) \ + { \ + __m128i t0, t1, t2, t3; \ + x_##a = _mm_add_epi32(x_##a, orig##a); \ + x_##b = _mm_add_epi32(x_##b, orig##b); \ + x_##c = _mm_add_epi32(x_##c, orig##c); \ + x_##d = _mm_add_epi32(x_##d, orig##d); \ + t_##a = _mm_unpacklo_epi32(x_##a, x_##b); \ + t_##b = _mm_unpacklo_epi32(x_##c, x_##d); \ + t_##c = _mm_unpackhi_epi32(x_##a, x_##b); \ + t_##d = _mm_unpackhi_epi32(x_##c, x_##d); \ + x_##a = _mm_unpacklo_epi64(t_##a, t_##b); \ + x_##b = _mm_unpackhi_epi64(t_##a, t_##b); \ + x_##c = _mm_unpacklo_epi64(t_##c, t_##d); \ + x_##d = _mm_unpackhi_epi64(t_##c, t_##d); \ + t0 = _mm_xor_si128(x_##a, _mm_loadu_si128((__m128i*)(m+0))); \ + _mm_storeu_si128((__m128i*)(out+0),t0); \ + t1 = _mm_xor_si128(x_##b, _mm_loadu_si128((__m128i*)(m+64))); \ + _mm_storeu_si128((__m128i*)(out+64),t1); \ + t2 = _mm_xor_si128(x_##c, _mm_loadu_si128((__m128i*)(m+128))); \ + _mm_storeu_si128((__m128i*)(out+128),t2); \ + t3 = _mm_xor_si128(x_##d, _mm_loadu_si128((__m128i*)(m+192))); \ + _mm_storeu_si128((__m128i*)(out+192),t3); \ + } + +#define ONEQUAD(a,b,c,d) ONEQUAD_TRANSPOSE(a,b,c,d) + + ONEQUAD(0,1,2,3); + m+=16; + out+=16; + ONEQUAD(4,5,6,7); + m+=16; + out+=16; + ONEQUAD(8,9,10,11); + m+=16; + out+=16; + ONEQUAD(12,13,14,15); + m-=48; + out-=48; + +#undef ONEQUAD +#undef ONEQUAD_TRANSPOSE + + bytes -= 256; + out += 256; + m += 256; + } + } +#undef VEC4_ROT +#undef VEC4_QUARTERROUND +#undef VEC4_QUARTERROUND_SHUFFLE |