/src/botan/src/lib/block/threefish_512/threefish_512.cpp

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Threefish-512
3		* (C) 2013,2014,2016 Jack Lloyd
4		*
5		* Botan is released under the Simplified BSD License (see license.txt)
6		*/
7
8		#include <botan/internal/threefish_512.h>
9		#include <botan/internal/loadstor.h>
10		#include <botan/internal/rotate.h>
11		#include <botan/internal/cpuid.h>
12
13		namespace Botan {
14
15		namespace Threefish_F {
16
17		template<size_t R1, size_t R2, size_t R3, size_t R4>
18		BOTAN_FORCE_INLINE void e_round(
19		uint64_t& X0, uint64_t& X1, uint64_t& X2, uint64_t& X3,
20		uint64_t& X4, uint64_t& X5, uint64_t& X6, uint64_t& X7)
21	0	{
22	0	X0 += X4;
23	0	X1 += X5;
24	0	X2 += X6;
25	0	X3 += X7;
26	0	X4 = rotl<R1>(X4);
27	0	X5 = rotl<R2>(X5);
28	0	X6 = rotl<R3>(X6);
29	0	X7 = rotl<R4>(X7);
30	0	X4 ^= X0;
31	0	X5 ^= X1;
32	0	X6 ^= X2;
33	0	X7 ^= X3;
34	0	} Unexecuted instantiation: void Botan::Threefish_F::e_round<46ul, 36ul, 19ul, 37ul>(unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&) Unexecuted instantiation: void Botan::Threefish_F::e_round<33ul, 27ul, 14ul, 42ul>(unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&) Unexecuted instantiation: void Botan::Threefish_F::e_round<17ul, 49ul, 36ul, 39ul>(unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&) Unexecuted instantiation: void Botan::Threefish_F::e_round<44ul, 9ul, 54ul, 56ul>(unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&) Unexecuted instantiation: void Botan::Threefish_F::e_round<39ul, 30ul, 34ul, 24ul>(unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&) Unexecuted instantiation: void Botan::Threefish_F::e_round<13ul, 50ul, 10ul, 17ul>(unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&) Unexecuted instantiation: void Botan::Threefish_F::e_round<25ul, 29ul, 39ul, 43ul>(unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&) Unexecuted instantiation: void Botan::Threefish_F::e_round<8ul, 35ul, 56ul, 22ul>(unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&)
35
36		template<size_t R1, size_t R2, size_t R3, size_t R4>
37		BOTAN_FORCE_INLINE void d_round(
38		uint64_t& X0, uint64_t& X1, uint64_t& X2, uint64_t& X3,
39		uint64_t& X4, uint64_t& X5, uint64_t& X6, uint64_t& X7)
40	0	{
41	0	X4 ^= X0;
42	0	X5 ^= X1;
43	0	X6 ^= X2;
44	0	X7 ^= X3;
45	0	X4 = rotr<R1>(X4);
46	0	X5 = rotr<R2>(X5);
47	0	X6 = rotr<R3>(X6);
48	0	X7 = rotr<R4>(X7);
49	0	X0 -= X4;
50	0	X1 -= X5;
51	0	X2 -= X6;
52	0	X3 -= X7;
53	0	} Unexecuted instantiation: void Botan::Threefish_F::d_round<8ul, 35ul, 56ul, 22ul>(unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&) Unexecuted instantiation: void Botan::Threefish_F::d_round<25ul, 29ul, 39ul, 43ul>(unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&) Unexecuted instantiation: void Botan::Threefish_F::d_round<13ul, 50ul, 10ul, 17ul>(unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&) Unexecuted instantiation: void Botan::Threefish_F::d_round<39ul, 30ul, 34ul, 24ul>(unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&) Unexecuted instantiation: void Botan::Threefish_F::d_round<44ul, 9ul, 54ul, 56ul>(unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&) Unexecuted instantiation: void Botan::Threefish_F::d_round<17ul, 49ul, 36ul, 39ul>(unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&) Unexecuted instantiation: void Botan::Threefish_F::d_round<33ul, 27ul, 14ul, 42ul>(unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&) Unexecuted instantiation: void Botan::Threefish_F::d_round<46ul, 36ul, 19ul, 37ul>(unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&)
54
55		class Key_Inserter
56		{
57		public:
58		Key_Inserter(const uint64_t* K, const uint64_t* T) :
59	0	m_K(K), m_T(T) {}
60
61		inline void e_add(
62		size_t R,
63		uint64_t& X0, uint64_t& X1, uint64_t& X2, uint64_t& X3,
64		uint64_t& X4, uint64_t& X5, uint64_t& X6, uint64_t& X7) const
65	0	{
66	0	X0 += m_K[(R ) % 9];
67	0	X1 += m_K[(R+1) % 9];
68	0	X2 += m_K[(R+2) % 9];
69	0	X3 += m_K[(R+3) % 9];
70	0	X4 += m_K[(R+4) % 9];
71	0	X5 += m_K[(R+5) % 9] + m_T[(R ) % 3];
72	0	X6 += m_K[(R+6) % 9] + m_T[(R+1) % 3];
73	0	X7 += m_K[(R+7) % 9] + R;
74	0	}
75
76		inline void d_add(
77		size_t R,
78		uint64_t& X0, uint64_t& X1, uint64_t& X2, uint64_t& X3,
79		uint64_t& X4, uint64_t& X5, uint64_t& X6, uint64_t& X7) const
80	0	{
81	0	X0 -= m_K[(R ) % 9];
82	0	X1 -= m_K[(R+1) % 9];
83	0	X2 -= m_K[(R+2) % 9];
84	0	X3 -= m_K[(R+3) % 9];
85	0	X4 -= m_K[(R+4) % 9];
86	0	X5 -= m_K[(R+5) % 9] + m_T[(R ) % 3];
87	0	X6 -= m_K[(R+6) % 9] + m_T[(R+1) % 3];
88	0	X7 -= m_K[(R+7) % 9] + R;
89	0	}
90
91		private:
92		const uint64_t* m_K;
93		const uint64_t* m_T;
94		};
95
96		template<size_t R1, size_t R2>
97		BOTAN_FORCE_INLINE void e8_rounds(
98		uint64_t& X0, uint64_t& X1, uint64_t& X2, uint64_t& X3,
99		uint64_t& X4, uint64_t& X5, uint64_t& X6, uint64_t& X7,
100		const Key_Inserter& key)
101	0	{
102	0	e_round<46,36,19,37>(X0,X2,X4,X6, X1,X3,X5,X7);
103	0	e_round<33,27,14,42>(X2,X4,X6,X0, X1,X7,X5,X3);
104	0	e_round<17,49,36,39>(X4,X6,X0,X2, X1,X3,X5,X7);
105	0	e_round<44, 9,54,56>(X6,X0,X2,X4, X1,X7,X5,X3);
106	0	key.e_add(R1, X0, X1, X2, X3, X4, X5, X6, X7);
107
108	0	e_round<39,30,34,24>(X0,X2,X4,X6, X1,X3,X5,X7);
109	0	e_round<13,50,10,17>(X2,X4,X6,X0, X1,X7,X5,X3);
110	0	e_round<25,29,39,43>(X4,X6,X0,X2, X1,X3,X5,X7);
111	0	e_round< 8,35,56,22>(X6,X0,X2,X4, X1,X7,X5,X3);
112	0	key.e_add(R2, X0, X1, X2, X3, X4, X5, X6, X7);
113	0	} Unexecuted instantiation: void Botan::Threefish_F::e8_rounds<1ul, 2ul>(unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, Botan::Threefish_F::Key_Inserter const&) Unexecuted instantiation: void Botan::Threefish_F::e8_rounds<3ul, 4ul>(unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, Botan::Threefish_F::Key_Inserter const&) Unexecuted instantiation: void Botan::Threefish_F::e8_rounds<5ul, 6ul>(unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, Botan::Threefish_F::Key_Inserter const&) Unexecuted instantiation: void Botan::Threefish_F::e8_rounds<7ul, 8ul>(unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, Botan::Threefish_F::Key_Inserter const&) Unexecuted instantiation: void Botan::Threefish_F::e8_rounds<9ul, 10ul>(unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, Botan::Threefish_F::Key_Inserter const&) Unexecuted instantiation: void Botan::Threefish_F::e8_rounds<11ul, 12ul>(unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, Botan::Threefish_F::Key_Inserter const&) Unexecuted instantiation: void Botan::Threefish_F::e8_rounds<13ul, 14ul>(unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, Botan::Threefish_F::Key_Inserter const&) Unexecuted instantiation: void Botan::Threefish_F::e8_rounds<15ul, 16ul>(unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, Botan::Threefish_F::Key_Inserter const&) Unexecuted instantiation: void Botan::Threefish_F::e8_rounds<17ul, 18ul>(unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, Botan::Threefish_F::Key_Inserter const&)
114
115		template<size_t R1, size_t R2>
116		BOTAN_FORCE_INLINE void d8_rounds(
117		uint64_t& X0, uint64_t& X1, uint64_t& X2, uint64_t& X3,
118		uint64_t& X4, uint64_t& X5, uint64_t& X6, uint64_t& X7,
119		const Key_Inserter& key)
120	0	{
121	0	d_round< 8,35,56,22>(X6,X0,X2,X4, X1,X7,X5,X3);
122	0	d_round<25,29,39,43>(X4,X6,X0,X2, X1,X3,X5,X7);
123	0	d_round<13,50,10,17>(X2,X4,X6,X0, X1,X7,X5,X3);
124	0	d_round<39,30,34,24>(X0,X2,X4,X6, X1,X3,X5,X7);
125	0	key.d_add(R1, X0, X1, X2, X3, X4, X5, X6, X7);
126
127	0	d_round<44, 9,54,56>(X6,X0,X2,X4, X1,X7,X5,X3);
128	0	d_round<17,49,36,39>(X4,X6,X0,X2, X1,X3,X5,X7);
129	0	d_round<33,27,14,42>(X2,X4,X6,X0, X1,X7,X5,X3);
130	0	d_round<46,36,19,37>(X0,X2,X4,X6, X1,X3,X5,X7);
131	0	key.d_add(R2, X0, X1, X2, X3, X4, X5, X6, X7);
132	0	} Unexecuted instantiation: void Botan::Threefish_F::d8_rounds<17ul, 16ul>(unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, Botan::Threefish_F::Key_Inserter const&) Unexecuted instantiation: void Botan::Threefish_F::d8_rounds<15ul, 14ul>(unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, Botan::Threefish_F::Key_Inserter const&) Unexecuted instantiation: void Botan::Threefish_F::d8_rounds<13ul, 12ul>(unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, Botan::Threefish_F::Key_Inserter const&) Unexecuted instantiation: void Botan::Threefish_F::d8_rounds<11ul, 10ul>(unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, Botan::Threefish_F::Key_Inserter const&) Unexecuted instantiation: void Botan::Threefish_F::d8_rounds<9ul, 8ul>(unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, Botan::Threefish_F::Key_Inserter const&) Unexecuted instantiation: void Botan::Threefish_F::d8_rounds<7ul, 6ul>(unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, Botan::Threefish_F::Key_Inserter const&) Unexecuted instantiation: void Botan::Threefish_F::d8_rounds<5ul, 4ul>(unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, Botan::Threefish_F::Key_Inserter const&) Unexecuted instantiation: void Botan::Threefish_F::d8_rounds<3ul, 2ul>(unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, Botan::Threefish_F::Key_Inserter const&) Unexecuted instantiation: void Botan::Threefish_F::d8_rounds<1ul, 0ul>(unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, unsigned long&, Botan::Threefish_F::Key_Inserter const&)
133
134		}
135
136		void Threefish_512::skein_feedfwd(const secure_vector<uint64_t>& M,
137		const secure_vector<uint64_t>& T)
138	0	{
139	0	using namespace Threefish_F;
140
141	0	BOTAN_ASSERT(m_K.size() == 9, "Key was set");
142	0	BOTAN_ASSERT(M.size() == 8, "Single block");
143
144	0	m_T[0] = T[0];
145	0	m_T[1] = T[1];
146	0	m_T[2] = T[0] ^ T[1];
147
148	0	const Key_Inserter key(m_K.data(), m_T.data());
149
150	0	uint64_t X0 = M[0];
151	0	uint64_t X1 = M[1];
152	0	uint64_t X2 = M[2];
153	0	uint64_t X3 = M[3];
154	0	uint64_t X4 = M[4];
155	0	uint64_t X5 = M[5];
156	0	uint64_t X6 = M[6];
157	0	uint64_t X7 = M[7];
158
159	0	key.e_add(0, X0, X1, X2, X3, X4, X5, X6, X7);
160
161	0	e8_rounds< 1, 2>(X0, X1, X2, X3, X4, X5, X6, X7, key);
162	0	e8_rounds< 3, 4>(X0, X1, X2, X3, X4, X5, X6, X7, key);
163	0	e8_rounds< 5, 6>(X0, X1, X2, X3, X4, X5, X6, X7, key);
164	0	e8_rounds< 7, 8>(X0, X1, X2, X3, X4, X5, X6, X7, key);
165	0	e8_rounds< 9,10>(X0, X1, X2, X3, X4, X5, X6, X7, key);
166	0	e8_rounds<11,12>(X0, X1, X2, X3, X4, X5, X6, X7, key);
167	0	e8_rounds<13,14>(X0, X1, X2, X3, X4, X5, X6, X7, key);
168	0	e8_rounds<15,16>(X0, X1, X2, X3, X4, X5, X6, X7, key);
169	0	e8_rounds<17,18>(X0, X1, X2, X3, X4, X5, X6, X7, key);
170
171	0	m_K[0] = M[0] ^ X0;
172	0	m_K[1] = M[1] ^ X1;
173	0	m_K[2] = M[2] ^ X2;
174	0	m_K[3] = M[3] ^ X3;
175	0	m_K[4] = M[4] ^ X4;
176	0	m_K[5] = M[5] ^ X5;
177	0	m_K[6] = M[6] ^ X6;
178	0	m_K[7] = M[7] ^ X7;
179
180	0	m_K[8] = m_K[0] ^ m_K[1] ^ m_K[2] ^ m_K[3] ^
181	0	m_K[4] ^ m_K[5] ^ m_K[6] ^ m_K[7] ^ 0x1BD11BDAA9FC1A22;
182	0	}
183
184		size_t Threefish_512::parallelism() const
185	0	{
186	0	#if defined(BOTAN_HAS_THREEFISH_512_AVX2)
187	0	if(CPUID::has_avx2())
188	0	{
189	0	return 2;
190	0	}
191	0	#endif
192
193	0	return 1;
194	0	}
195
196		std::string Threefish_512::provider() const
197	0	{
198	0	#if defined(BOTAN_HAS_THREEFISH_512_AVX2)
199	0	if(CPUID::has_avx2())
200	0	{
201	0	return "avx2";
202	0	}
203	0	#endif
204
205	0	return "base";
206	0	}
207
208		void Threefish_512::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const
209	0	{
210	0	using namespace Threefish_F;
211
212	0	verify_key_set(m_K.empty() == false);
213
214	0	#if defined(BOTAN_HAS_THREEFISH_512_AVX2)
215	0	if(CPUID::has_avx2())
216	0	{
217	0	return avx2_encrypt_n(in, out, blocks);
218	0	}
219	0	#endif
220
221	0	const Key_Inserter key(m_K.data(), m_T.data());
222
223	0	BOTAN_PARALLEL_SIMD_FOR(size_t i = 0; i < blocks; ++i)
224	0	{
225	0	uint64_t X0, X1, X2, X3, X4, X5, X6, X7;
226	0	load_le(in + BLOCK_SIZE*i, X0, X1, X2, X3, X4, X5, X6, X7);
227
228	0	key.e_add(0, X0, X1, X2, X3, X4, X5, X6, X7);
229
230	0	e8_rounds< 1, 2>(X0, X1, X2, X3, X4, X5, X6, X7, key);
231	0	e8_rounds< 3, 4>(X0, X1, X2, X3, X4, X5, X6, X7, key);
232	0	e8_rounds< 5, 6>(X0, X1, X2, X3, X4, X5, X6, X7, key);
233	0	e8_rounds< 7, 8>(X0, X1, X2, X3, X4, X5, X6, X7, key);
234	0	e8_rounds< 9,10>(X0, X1, X2, X3, X4, X5, X6, X7, key);
235	0	e8_rounds<11,12>(X0, X1, X2, X3, X4, X5, X6, X7, key);
236	0	e8_rounds<13,14>(X0, X1, X2, X3, X4, X5, X6, X7, key);
237	0	e8_rounds<15,16>(X0, X1, X2, X3, X4, X5, X6, X7, key);
238	0	e8_rounds<17,18>(X0, X1, X2, X3, X4, X5, X6, X7, key);
239
240	0	store_le(out + BLOCK_SIZE*i, X0, X1, X2, X3, X4, X5, X6, X7);
241	0	}
242	0	}
243
244		#undef THREEFISH_ENC_8_ROUNDS
245
246		void Threefish_512::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const
247	0	{
248	0	using namespace Threefish_F;
249
250	0	verify_key_set(m_K.empty() == false);
251
252	0	#if defined(BOTAN_HAS_THREEFISH_512_AVX2)
253	0	if(CPUID::has_avx2())
254	0	{
255	0	return avx2_decrypt_n(in, out, blocks);
256	0	}
257	0	#endif
258
259	0	const Key_Inserter key(m_K.data(), m_T.data());
260
261	0	BOTAN_PARALLEL_SIMD_FOR(size_t i = 0; i < blocks; ++i)
262	0	{
263	0	uint64_t X0, X1, X2, X3, X4, X5, X6, X7;
264	0	load_le(in + BLOCK_SIZE*i, X0, X1, X2, X3, X4, X5, X6, X7);
265
266	0	key.d_add(18, X0, X1, X2, X3, X4, X5, X6, X7);
267
268	0	d8_rounds<17,16>(X0, X1, X2, X3, X4, X5, X6, X7, key);
269	0	d8_rounds<15,14>(X0, X1, X2, X3, X4, X5, X6, X7, key);
270	0	d8_rounds<13,12>(X0, X1, X2, X3, X4, X5, X6, X7, key);
271	0	d8_rounds<11,10>(X0, X1, X2, X3, X4, X5, X6, X7, key);
272	0	d8_rounds< 9, 8>(X0, X1, X2, X3, X4, X5, X6, X7, key);
273	0	d8_rounds< 7, 6>(X0, X1, X2, X3, X4, X5, X6, X7, key);
274	0	d8_rounds< 5, 4>(X0, X1, X2, X3, X4, X5, X6, X7, key);
275	0	d8_rounds< 3, 2>(X0, X1, X2, X3, X4, X5, X6, X7, key);
276	0	d8_rounds< 1, 0>(X0, X1, X2, X3, X4, X5, X6, X7, key);
277
278	0	store_le(out + BLOCK_SIZE*i, X0, X1, X2, X3, X4, X5, X6, X7);
279	0	}
280
281	0	}
282
283		void Threefish_512::set_tweak(const uint8_t tweak[], size_t len)
284	0	{
285	0	BOTAN_ARG_CHECK(len == 16, "Threefish-512 requires 128 bit tweak");
286
287	0	m_T.resize(3);
288	0	m_T[0] = load_le<uint64_t>(tweak, 0);
289	0	m_T[1] = load_le<uint64_t>(tweak, 1);
290	0	m_T[2] = m_T[0] ^ m_T[1];
291	0	}
292
293		void Threefish_512::key_schedule(const uint8_t key[], size_t /length/)
294	0	{
295		// todo: define key schedule for smaller keys
296	0	m_K.resize(9);
297
298	0	for(size_t i = 0; i != 8; ++i)
299	0	m_K[i] = load_le<uint64_t>(key, i);
300
301	0	m_K[8] = m_K[0] ^ m_K[1] ^ m_K[2] ^ m_K[3] ^
302	0	m_K[4] ^ m_K[5] ^ m_K[6] ^ m_K[7] ^ 0x1BD11BDAA9FC1A22;
303
304		// Reset tweak to all zeros on key reset
305	0	m_T.resize(3);
306	0	zeroise(m_T);
307	0	}
308
309		void Threefish_512::clear()
310	0	{
311	0	zap(m_K);
312	0	zap(m_T);
313	0	}
314
315		}

Coverage Report

Created: 2022-09-23 06:05