docs/ref/sosemanuk_8cpp_source.html

 // sosemanuk.cpp - originally written and placed in the public domain by Wei Dai


 // use "cl /EP /P /DCRYPTOPP_GENERATE_X64_MASM sosemanuk.cpp" to generate MASM code


 #include "pch.h"

 #include "config.h"


 #if CRYPTOPP_MSC_VERSION

 # pragma warning(disable: 4702 4731)

 #endif


 #ifndef CRYPTOPP_GENERATE_X64_MASM


 #include "sosemanuk.h"

 #include "serpentp.h"

 #include "secblock.h"

 #include "misc.h"

 #include "cpu.h"


 NAMESPACE_BEGIN(CryptoPP)


 std::string SosemanukPolicy::AlgorithmProvider() const

 {

 #ifndef CRYPTOPP_DISABLE_SOSEMANUK_ASM

 # if CRYPTOPP_SSE2_ASM_AVAILABLE

     if (HasSSE2())

         return "SSE2";

 # endif

 #endif

     return "C++";

 }


 void SosemanukPolicy::CipherSetKey(const NameValuePairs &params, const byte *userKey, size_t keylen)

 {

     CRYPTOPP_UNUSED(params);

     Serpent_KeySchedule(m_key, 24, userKey, keylen);

 }


 void SosemanukPolicy::CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length)

 {

     CRYPTOPP_UNUSED(keystreamBuffer), CRYPTOPP_UNUSED(iv), CRYPTOPP_UNUSED(length);

     CRYPTOPP_ASSERT(length==16);


     word32 a, b, c, d, e;


     typedef BlockGetAndPut<word32, LittleEndian> Block;

     Block::Get(iv)(a)(b)(c)(d);


     const word32 *k = m_key;

     unsigned int i=1;


     do

     {

         beforeS0(KX); beforeS0(S0); afterS0(LT);

         afterS0(KX); afterS0(S1); afterS1(LT);

         if (i == 3) // after 18th round

         {

             m_state[4] = b;

             m_state[5] = e;

             m_state[10] = c;

             m_state[11] = a;

         }

         afterS1(KX); afterS1(S2); afterS2(LT);

         afterS2(KX); afterS2(S3); afterS3(LT);

         if (i == 2) // after 12th round

         {

             m_state[6] = c;

             m_state[7] = d;

             m_state[8] = b;

             m_state[9] = e;

         }

         afterS3(KX); afterS3(S4); afterS4(LT);

         afterS4(KX); afterS4(S5); afterS5(LT);

         afterS5(KX); afterS5(S6); afterS6(LT);

         afterS6(KX); afterS6(S7); afterS7(LT);


         if (i == 3)

             break;


         ++i;

         c = b;

         b = e;

         e = d;

         d = a;

         a = e;

         k += 32;

     }

     while (true);


     afterS7(KX);


     m_state[0] = a;

     m_state[1] = b;

     m_state[2] = e;

     m_state[3] = d;


 #define XMUX(c, x, y)   (x ^ (y & (0 - (c & 1))))

     m_state[11] += XMUX(m_state[10], m_state[1], m_state[8]);

     m_state[10] = rotlConstant<7>(m_state[10] * 0x54655307);

 }


 extern "C" {

 word32 s_sosemanukMulTables[512] = {

 #if (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64) && !defined(CRYPTOPP_DISABLE_SOSEMANUK_ASM)

     0x00000000, 0xE19FCF12, 0x6B973724, 0x8A08F836,

     0xD6876E48, 0x3718A15A, 0xBD10596C, 0x5C8F967E,

     0x05A7DC90, 0xE4381382, 0x6E30EBB4, 0x8FAF24A6,

     0xD320B2D8, 0x32BF7DCA, 0xB8B785FC, 0x59284AEE,

     0x0AE71189, 0xEB78DE9B, 0x617026AD, 0x80EFE9BF,

     0xDC607FC1, 0x3DFFB0D3, 0xB7F748E5, 0x566887F7,

     0x0F40CD19, 0xEEDF020B, 0x64D7FA3D, 0x8548352F,

     0xD9C7A351, 0x38586C43, 0xB2509475, 0x53CF5B67,

     0x146722BB, 0xF5F8EDA9, 0x7FF0159F, 0x9E6FDA8D,

     0xC2E04CF3, 0x237F83E1, 0xA9777BD7, 0x48E8B4C5,

     0x11C0FE2B, 0xF05F3139, 0x7A57C90F, 0x9BC8061D,

     0xC7479063, 0x26D85F71, 0xACD0A747, 0x4D4F6855,

     0x1E803332, 0xFF1FFC20, 0x75170416, 0x9488CB04,

     0xC8075D7A, 0x29989268, 0xA3906A5E, 0x420FA54C,

     0x1B27EFA2, 0xFAB820B0, 0x70B0D886, 0x912F1794,

     0xCDA081EA, 0x2C3F4EF8, 0xA637B6CE, 0x47A879DC,

     0x28CE44DF, 0xC9518BCD, 0x435973FB, 0xA2C6BCE9,

     0xFE492A97, 0x1FD6E585, 0x95DE1DB3, 0x7441D2A1,

     0x2D69984F, 0xCCF6575D, 0x46FEAF6B, 0xA7616079,

     0xFBEEF607, 0x1A713915, 0x9079C123, 0x71E60E31,

     0x22295556, 0xC3B69A44, 0x49BE6272, 0xA821AD60,

     0xF4AE3B1E, 0x1531F40C, 0x9F390C3A, 0x7EA6C328,

     0x278E89C6, 0xC61146D4, 0x4C19BEE2, 0xAD8671F0,

     0xF109E78E, 0x1096289C, 0x9A9ED0AA, 0x7B011FB8,

     0x3CA96664, 0xDD36A976, 0x573E5140, 0xB6A19E52,

     0xEA2E082C, 0x0BB1C73E, 0x81B93F08, 0x6026F01A,

     0x390EBAF4, 0xD89175E6, 0x52998DD0, 0xB30642C2,

     0xEF89D4BC, 0x0E161BAE, 0x841EE398, 0x65812C8A,

     0x364E77ED, 0xD7D1B8FF, 0x5DD940C9, 0xBC468FDB,

     0xE0C919A5, 0x0156D6B7, 0x8B5E2E81, 0x6AC1E193,

     0x33E9AB7D, 0xD276646F, 0x587E9C59, 0xB9E1534B,

     0xE56EC535, 0x04F10A27, 0x8EF9F211, 0x6F663D03,

     0x50358817, 0xB1AA4705, 0x3BA2BF33, 0xDA3D7021,

     0x86B2E65F, 0x672D294D, 0xED25D17B, 0x0CBA1E69,

     0x55925487, 0xB40D9B95, 0x3E0563A3, 0xDF9AACB1,

     0x83153ACF, 0x628AF5DD, 0xE8820DEB, 0x091DC2F9,

     0x5AD2999E, 0xBB4D568C, 0x3145AEBA, 0xD0DA61A8,

     0x8C55F7D6, 0x6DCA38C4, 0xE7C2C0F2, 0x065D0FE0,

     0x5F75450E, 0xBEEA8A1C, 0x34E2722A, 0xD57DBD38,

     0x89F22B46, 0x686DE454, 0xE2651C62, 0x03FAD370,

     0x4452AAAC, 0xA5CD65BE, 0x2FC59D88, 0xCE5A529A,

     0x92D5C4E4, 0x734A0BF6, 0xF942F3C0, 0x18DD3CD2,

     0x41F5763C, 0xA06AB92E, 0x2A624118, 0xCBFD8E0A,

     0x97721874, 0x76EDD766, 0xFCE52F50, 0x1D7AE042,

     0x4EB5BB25, 0xAF2A7437, 0x25228C01, 0xC4BD4313,

     0x9832D56D, 0x79AD1A7F, 0xF3A5E249, 0x123A2D5B,

     0x4B1267B5, 0xAA8DA8A7, 0x20855091, 0xC11A9F83,

     0x9D9509FD, 0x7C0AC6EF, 0xF6023ED9, 0x179DF1CB,

     0x78FBCCC8, 0x996403DA, 0x136CFBEC, 0xF2F334FE,

     0xAE7CA280, 0x4FE36D92, 0xC5EB95A4, 0x24745AB6,

     0x7D5C1058, 0x9CC3DF4A, 0x16CB277C, 0xF754E86E,

     0xABDB7E10, 0x4A44B102, 0xC04C4934, 0x21D38626,

     0x721CDD41, 0x93831253, 0x198BEA65, 0xF8142577,

     0xA49BB309, 0x45047C1B, 0xCF0C842D, 0x2E934B3F,

     0x77BB01D1, 0x9624CEC3, 0x1C2C36F5, 0xFDB3F9E7,

     0xA13C6F99, 0x40A3A08B, 0xCAAB58BD, 0x2B3497AF,

     0x6C9CEE73, 0x8D032161, 0x070BD957, 0xE6941645,

     0xBA1B803B, 0x5B844F29, 0xD18CB71F, 0x3013780D,

     0x693B32E3, 0x88A4FDF1, 0x02AC05C7, 0xE333CAD5,

     0xBFBC5CAB, 0x5E2393B9, 0xD42B6B8F, 0x35B4A49D,

     0x667BFFFA, 0x87E430E8, 0x0DECC8DE, 0xEC7307CC,

     0xB0FC91B2, 0x51635EA0, 0xDB6BA696, 0x3AF46984,

     0x63DC236A, 0x8243EC78, 0x084B144E, 0xE9D4DB5C,

     0xB55B4D22, 0x54C48230, 0xDECC7A06, 0x3F53B514,

 #else

     0x00000000, 0xE19FCF13, 0x6B973726, 0x8A08F835,

     0xD6876E4C, 0x3718A15F, 0xBD10596A, 0x5C8F9679,

     0x05A7DC98, 0xE438138B, 0x6E30EBBE, 0x8FAF24AD,

     0xD320B2D4, 0x32BF7DC7, 0xB8B785F2, 0x59284AE1,

     0x0AE71199, 0xEB78DE8A, 0x617026BF, 0x80EFE9AC,

     0xDC607FD5, 0x3DFFB0C6, 0xB7F748F3, 0x566887E0,

     0x0F40CD01, 0xEEDF0212, 0x64D7FA27, 0x85483534,

     0xD9C7A34D, 0x38586C5E, 0xB250946B, 0x53CF5B78,

     0x1467229B, 0xF5F8ED88, 0x7FF015BD, 0x9E6FDAAE,

     0xC2E04CD7, 0x237F83C4, 0xA9777BF1, 0x48E8B4E2,

     0x11C0FE03, 0xF05F3110, 0x7A57C925, 0x9BC80636,

     0xC747904F, 0x26D85F5C, 0xACD0A769, 0x4D4F687A,

     0x1E803302, 0xFF1FFC11, 0x75170424, 0x9488CB37,

     0xC8075D4E, 0x2998925D, 0xA3906A68, 0x420FA57B,

     0x1B27EF9A, 0xFAB82089, 0x70B0D8BC, 0x912F17AF,

     0xCDA081D6, 0x2C3F4EC5, 0xA637B6F0, 0x47A879E3,

     0x28CE449F, 0xC9518B8C, 0x435973B9, 0xA2C6BCAA,

     0xFE492AD3, 0x1FD6E5C0, 0x95DE1DF5, 0x7441D2E6,

     0x2D699807, 0xCCF65714, 0x46FEAF21, 0xA7616032,

     0xFBEEF64B, 0x1A713958, 0x9079C16D, 0x71E60E7E,

     0x22295506, 0xC3B69A15, 0x49BE6220, 0xA821AD33,

     0xF4AE3B4A, 0x1531F459, 0x9F390C6C, 0x7EA6C37F,

     0x278E899E, 0xC611468D, 0x4C19BEB8, 0xAD8671AB,

     0xF109E7D2, 0x109628C1, 0x9A9ED0F4, 0x7B011FE7,

     0x3CA96604, 0xDD36A917, 0x573E5122, 0xB6A19E31,

     0xEA2E0848, 0x0BB1C75B, 0x81B93F6E, 0x6026F07D,

     0x390EBA9C, 0xD891758F, 0x52998DBA, 0xB30642A9,

     0xEF89D4D0, 0x0E161BC3, 0x841EE3F6, 0x65812CE5,

     0x364E779D, 0xD7D1B88E, 0x5DD940BB, 0xBC468FA8,

     0xE0C919D1, 0x0156D6C2, 0x8B5E2EF7, 0x6AC1E1E4,

     0x33E9AB05, 0xD2766416, 0x587E9C23, 0xB9E15330,

     0xE56EC549, 0x04F10A5A, 0x8EF9F26F, 0x6F663D7C,

     0x50358897, 0xB1AA4784, 0x3BA2BFB1, 0xDA3D70A2,

     0x86B2E6DB, 0x672D29C8, 0xED25D1FD, 0x0CBA1EEE,

     0x5592540F, 0xB40D9B1C, 0x3E056329, 0xDF9AAC3A,

     0x83153A43, 0x628AF550, 0xE8820D65, 0x091DC276,

     0x5AD2990E, 0xBB4D561D, 0x3145AE28, 0xD0DA613B,

     0x8C55F742, 0x6DCA3851, 0xE7C2C064, 0x065D0F77,

     0x5F754596, 0xBEEA8A85, 0x34E272B0, 0xD57DBDA3,

     0x89F22BDA, 0x686DE4C9, 0xE2651CFC, 0x03FAD3EF,

     0x4452AA0C, 0xA5CD651F, 0x2FC59D2A, 0xCE5A5239,

     0x92D5C440, 0x734A0B53, 0xF942F366, 0x18DD3C75,

     0x41F57694, 0xA06AB987, 0x2A6241B2, 0xCBFD8EA1,

     0x977218D8, 0x76EDD7CB, 0xFCE52FFE, 0x1D7AE0ED,

     0x4EB5BB95, 0xAF2A7486, 0x25228CB3, 0xC4BD43A0,

     0x9832D5D9, 0x79AD1ACA, 0xF3A5E2FF, 0x123A2DEC,

     0x4B12670D, 0xAA8DA81E, 0x2085502B, 0xC11A9F38,

     0x9D950941, 0x7C0AC652, 0xF6023E67, 0x179DF174,

     0x78FBCC08, 0x9964031B, 0x136CFB2E, 0xF2F3343D,

     0xAE7CA244, 0x4FE36D57, 0xC5EB9562, 0x24745A71,

     0x7D5C1090, 0x9CC3DF83, 0x16CB27B6, 0xF754E8A5,

     0xABDB7EDC, 0x4A44B1CF, 0xC04C49FA, 0x21D386E9,

     0x721CDD91, 0x93831282, 0x198BEAB7, 0xF81425A4,

     0xA49BB3DD, 0x45047CCE, 0xCF0C84FB, 0x2E934BE8,

     0x77BB0109, 0x9624CE1A, 0x1C2C362F, 0xFDB3F93C,

     0xA13C6F45, 0x40A3A056, 0xCAAB5863, 0x2B349770,

     0x6C9CEE93, 0x8D032180, 0x070BD9B5, 0xE69416A6,

     0xBA1B80DF, 0x5B844FCC, 0xD18CB7F9, 0x301378EA,

     0x693B320B, 0x88A4FD18, 0x02AC052D, 0xE333CA3E,

     0xBFBC5C47, 0x5E239354, 0xD42B6B61, 0x35B4A472,

     0x667BFF0A, 0x87E43019, 0x0DECC82C, 0xEC73073F,

     0xB0FC9146, 0x51635E55, 0xDB6BA660, 0x3AF46973,

     0x63DC2392, 0x8243EC81, 0x084B14B4, 0xE9D4DBA7,

     0xB55B4DDE, 0x54C482CD, 0xDECC7AF8, 0x3F53B5EB,

 #endif

     0x00000000, 0x180F40CD, 0x301E8033, 0x2811C0FE,

     0x603CA966, 0x7833E9AB, 0x50222955, 0x482D6998,

     0xC078FBCC, 0xD877BB01, 0xF0667BFF, 0xE8693B32,

     0xA04452AA, 0xB84B1267, 0x905AD299, 0x88559254,

     0x29F05F31, 0x31FF1FFC, 0x19EEDF02, 0x01E19FCF,

     0x49CCF657, 0x51C3B69A, 0x79D27664, 0x61DD36A9,

     0xE988A4FD, 0xF187E430, 0xD99624CE, 0xC1996403,

     0x89B40D9B, 0x91BB4D56, 0xB9AA8DA8, 0xA1A5CD65,

     0x5249BE62, 0x4A46FEAF, 0x62573E51, 0x7A587E9C,

     0x32751704, 0x2A7A57C9, 0x026B9737, 0x1A64D7FA,

     0x923145AE, 0x8A3E0563, 0xA22FC59D, 0xBA208550,

     0xF20DECC8, 0xEA02AC05, 0xC2136CFB, 0xDA1C2C36,

     0x7BB9E153, 0x63B6A19E, 0x4BA76160, 0x53A821AD,

     0x1B854835, 0x038A08F8, 0x2B9BC806, 0x339488CB,

     0xBBC11A9F, 0xA3CE5A52, 0x8BDF9AAC, 0x93D0DA61,

     0xDBFDB3F9, 0xC3F2F334, 0xEBE333CA, 0xF3EC7307,

     0xA492D5C4, 0xBC9D9509, 0x948C55F7, 0x8C83153A,

     0xC4AE7CA2, 0xDCA13C6F, 0xF4B0FC91, 0xECBFBC5C,

     0x64EA2E08, 0x7CE56EC5, 0x54F4AE3B, 0x4CFBEEF6,

     0x04D6876E, 0x1CD9C7A3, 0x34C8075D, 0x2CC74790,

     0x8D628AF5, 0x956DCA38, 0xBD7C0AC6, 0xA5734A0B,

     0xED5E2393, 0xF551635E, 0xDD40A3A0, 0xC54FE36D,

     0x4D1A7139, 0x551531F4, 0x7D04F10A, 0x650BB1C7,

     0x2D26D85F, 0x35299892, 0x1D38586C, 0x053718A1,

     0xF6DB6BA6, 0xEED42B6B, 0xC6C5EB95, 0xDECAAB58,

     0x96E7C2C0, 0x8EE8820D, 0xA6F942F3, 0xBEF6023E,

     0x36A3906A, 0x2EACD0A7, 0x06BD1059, 0x1EB25094,

     0x569F390C, 0x4E9079C1, 0x6681B93F, 0x7E8EF9F2,

     0xDF2B3497, 0xC724745A, 0xEF35B4A4, 0xF73AF469,

     0xBF179DF1, 0xA718DD3C, 0x8F091DC2, 0x97065D0F,

     0x1F53CF5B, 0x075C8F96, 0x2F4D4F68, 0x37420FA5,

     0x7F6F663D, 0x676026F0, 0x4F71E60E, 0x577EA6C3,

     0xE18D0321, 0xF98243EC, 0xD1938312, 0xC99CC3DF,

     0x81B1AA47, 0x99BEEA8A, 0xB1AF2A74, 0xA9A06AB9,

     0x21F5F8ED, 0x39FAB820, 0x11EB78DE, 0x09E43813,

     0x41C9518B, 0x59C61146, 0x71D7D1B8, 0x69D89175,

     0xC87D5C10, 0xD0721CDD, 0xF863DC23, 0xE06C9CEE,

     0xA841F576, 0xB04EB5BB, 0x985F7545, 0x80503588,

     0x0805A7DC, 0x100AE711, 0x381B27EF, 0x20146722,

     0x68390EBA, 0x70364E77, 0x58278E89, 0x4028CE44,

     0xB3C4BD43, 0xABCBFD8E, 0x83DA3D70, 0x9BD57DBD,

     0xD3F81425, 0xCBF754E8, 0xE3E69416, 0xFBE9D4DB,

     0x73BC468F, 0x6BB30642, 0x43A2C6BC, 0x5BAD8671,

     0x1380EFE9, 0x0B8FAF24, 0x239E6FDA, 0x3B912F17,

     0x9A34E272, 0x823BA2BF, 0xAA2A6241, 0xB225228C,

     0xFA084B14, 0xE2070BD9, 0xCA16CB27, 0xD2198BEA,

     0x5A4C19BE, 0x42435973, 0x6A52998D, 0x725DD940,

     0x3A70B0D8, 0x227FF015, 0x0A6E30EB, 0x12617026,

     0x451FD6E5, 0x5D109628, 0x750156D6, 0x6D0E161B,

     0x25237F83, 0x3D2C3F4E, 0x153DFFB0, 0x0D32BF7D,

     0x85672D29, 0x9D686DE4, 0xB579AD1A, 0xAD76EDD7,

     0xE55B844F, 0xFD54C482, 0xD545047C, 0xCD4A44B1,

     0x6CEF89D4, 0x74E0C919, 0x5CF109E7, 0x44FE492A,

     0x0CD320B2, 0x14DC607F, 0x3CCDA081, 0x24C2E04C,

     0xAC977218, 0xB49832D5, 0x9C89F22B, 0x8486B2E6,

     0xCCABDB7E, 0xD4A49BB3, 0xFCB55B4D, 0xE4BA1B80,

     0x17566887, 0x0F59284A, 0x2748E8B4, 0x3F47A879,

     0x776AC1E1, 0x6F65812C, 0x477441D2, 0x5F7B011F,

     0xD72E934B, 0xCF21D386, 0xE7301378, 0xFF3F53B5,

     0xB7123A2D, 0xAF1D7AE0, 0x870CBA1E, 0x9F03FAD3,

     0x3EA637B6, 0x26A9777B, 0x0EB8B785, 0x16B7F748,

     0x5E9A9ED0, 0x4695DE1D, 0x6E841EE3, 0x768B5E2E,

     0xFEDECC7A, 0xE6D18CB7, 0xCEC04C49, 0xD6CF0C84,

     0x9EE2651C, 0x86ED25D1, 0xAEFCE52F, 0xB6F3A5E2

 };

 }


 #if (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64)

 unsigned int SosemanukPolicy::GetAlignment() const

 {

 #if CRYPTOPP_SSE2_ASM_AVAILABLE

 #ifdef __INTEL_COMPILER

     if (HasSSE2() && !IsP4())   // Intel compiler produces faster code for this algorithm on the P4

 #else

     if (HasSSE2())

 #endif

         return 16;

     else

 #endif

         return GetAlignmentOf<word32>();

 }


 unsigned int SosemanukPolicy::GetOptimalBlockSize() const

 {

 #if CRYPTOPP_SSE2_ASM_AVAILABLE

 #ifdef __INTEL_COMPILER

     if (HasSSE2() && !IsP4())   // Intel compiler produces faster code for this algorithm on the P4

 #else

     if (HasSSE2())

 #endif

         return 4*BYTES_PER_ITERATION;

     else

 #endif

         return BYTES_PER_ITERATION;

 }

 #endif


 #ifdef CRYPTOPP_X64_MASM_AVAILABLE

 extern "C" {

 void Sosemanuk_OperateKeystream(size_t iterationCount, const byte *input, byte *output, word32 *state);

 }

 #endif


 void SosemanukPolicy::OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount)

 {

 #endif  // #ifdef CRYPTOPP_GENERATE_X64_MASM


 #ifdef CRYPTOPP_X64_MASM_AVAILABLE

     Sosemanuk_OperateKeystream(iterationCount, input, output, m_state.data());

     return;

 #endif


 #if CRYPTOPP_SSE2_ASM_AVAILABLE && !defined(CRYPTOPP_DISABLE_SOSEMANUK_ASM)

 #ifdef CRYPTOPP_GENERATE_X64_MASM

         ALIGN   8

     Sosemanuk_OperateKeystream  PROC FRAME

         rex_push_reg rsi

         push_reg rdi

         alloc_stack(80*4*2+12*4+8*WORD_SZ + 2*16+8)

         save_xmm128 xmm6, 02f0h

         save_xmm128 xmm7, 0300h

         .endprolog

         mov     rdi, r8

         mov     rax, r9

 #else

 #ifdef __INTEL_COMPILER

     if (HasSSE2() && !IsP4())   // Intel compiler produces faster code for this algorithm on the P4

 #else

     if (HasSSE2())

 #endif

     {

 #ifdef __GNUC__

     #if CRYPTOPP_BOOL_X64

         FixedSizeAlignedSecBlock<byte, 80*4*2+12*4+8*WORD_SZ> workspace;

     #endif

         __asm__ __volatile__

         (

         INTEL_NOPREFIX

         AS_PUSH_IF86(   bx)

 #else

         word32 *state = m_state;

         AS2(    mov     WORD_REG(ax), state)

         AS2(    mov     WORD_REG(di), output)

         AS2(    mov     WORD_REG(dx), input)

         AS2(    mov     WORD_REG(cx), iterationCount)

 #endif

 #endif  // #ifdef CRYPTOPP_GENERATE_X64_MASM


 #if defined(__GNUC__) && CRYPTOPP_BOOL_X64

     #define SSE2_workspace %5

 #else

     #define SSE2_workspace WORD_REG(sp)

 #endif


 #define SSE2_output         WORD_PTR [SSE2_workspace+1*WORD_SZ]

 #define SSE2_input          WORD_PTR [SSE2_workspace+2*WORD_SZ]

 #define SSE2_wordsLeft      WORD_PTR [SSE2_workspace+3*WORD_SZ]

 #define SSE2_diEnd          WORD_PTR [SSE2_workspace+4*WORD_SZ]

 #define SSE2_pMulTables     WORD_PTR [SSE2_workspace+5*WORD_SZ]

 #define SSE2_state          WORD_PTR [SSE2_workspace+6*WORD_SZ]

 #define SSE2_wordsLeft2     WORD_PTR [SSE2_workspace+7*WORD_SZ]

 #define SSE2_stateCopy      SSE2_workspace + 8*WORD_SZ

 #define SSE2_uvStart        SSE2_stateCopy + 12*4


 #if (CRYPTOPP_BOOL_X86) && !defined(CRYPTOPP_DISABLE_SOSEMANUK_ASM)

         AS_PUSH_IF86(   bp)

         AS2(    mov     AS_REG_6, esp)

         AS2(    and     esp, -16)

         AS2(    sub     esp, 80*4*2+12*4+8*WORD_SZ) // 80 v's, 80 u's, 12 state, 8 locals

         AS2(    mov     [esp], AS_REG_6)

 #endif

         AS2(    mov     SSE2_output, WORD_REG(di))

         AS2(    mov     SSE2_input, WORD_REG(dx))

         AS2(    mov     SSE2_state, WORD_REG(ax))

 #ifndef CRYPTOPP_MSC_VERSION

         AS2(    mov     SSE2_pMulTables, WORD_REG(si))

 #endif

         AS2(    lea     WORD_REG(cx), [4*WORD_REG(cx)+WORD_REG(cx)])

         AS2(    lea     WORD_REG(si), [4*WORD_REG(cx)])

         AS2(    mov     SSE2_wordsLeft, WORD_REG(si))

         AS2(    movdqa  xmm0, [WORD_REG(ax)+0*16])      // copy state to stack to save a register

         AS2(    movdqa  [SSE2_stateCopy+0*16], xmm0)

         AS2(    movdqa  xmm0, [WORD_REG(ax)+1*16])

         AS2(    movdqa  [SSE2_stateCopy+1*16], xmm0)

         AS2(    movq    xmm0, QWORD PTR [WORD_REG(ax)+2*16])

         AS2(    movq    QWORD PTR [SSE2_stateCopy+2*16], xmm0)

         AS2(    psrlq   xmm0, 32)

         AS2(    movd    AS_REG_6d, xmm0)                // s(9)

         AS2(    mov     ecx, [WORD_REG(ax)+10*4])

         AS2(    mov     edx, [WORD_REG(ax)+11*4])

         AS2(    pcmpeqb xmm7, xmm7)             // all ones


 #define s(i)    SSE2_stateCopy + ASM_MOD(i,10)*4

 #define u(j)    WORD_REG(di) + (ASM_MOD(j,4)*20 + (j/4)) * 4

 #define v(j)    WORD_REG(di) + (ASM_MOD(j,4)*20 + (j/4)) * 4 + 80*4


 #define R10 ecx

 #define R11 edx

 #define R20 edx

 #define R21 ecx

 // workaround bug in GAS 2.15

 #define R20r WORD_REG(dx)

 #define R21r WORD_REG(cx)


 #define SSE2_STEP(i, j) \

     AS2(    mov     eax, [s(i+0)])\

     AS2(    mov     [v(i)], eax)\

     AS2(    rol     eax, 8)\

     AS2(    lea     AS_REG_7, [AS_REG_6 + R2##j##r])\

     AS2(    xor     AS_REG_7d, R1##j)\

     AS2(    mov     [u(i)], AS_REG_7d)\

     AS2(    mov     AS_REG_7d, 1)\

     AS2(    and     AS_REG_7d, R2##j)\

     AS1(    neg     AS_REG_7d)\

     AS2(    and     AS_REG_7d, AS_REG_6d)\

     AS2(    xor     AS_REG_6d, eax)\

     AS2(    movzx   eax, al)\

     AS2(    xor     AS_REG_6d, [WORD_REG(si)+WORD_REG(ax)*4])\

     AS2(    mov     eax, [s(i+3)])\

     AS2(    xor     AS_REG_7d, [s(i+2)])\

     AS2(    add     R1##j, AS_REG_7d)\

     AS2(    movzx   AS_REG_7d, al)\

     AS2(    shr     eax, 8)\

     AS2(    xor     AS_REG_6d, [WORD_REG(si)+1024+AS_REG_7*4])\

     AS2(    xor     AS_REG_6d, eax)\

     AS2(    imul    R2##j, AS_HEX(54655307))\

     AS2(    rol     R2##j, 7)\

     AS2(    mov     [s(i+0)], AS_REG_6d)\


         ASL(2)  // outer loop, each iteration of this processes 80 words

         AS2(    lea     WORD_REG(di), [SSE2_uvStart])   // start of v and u

         AS2(    mov     WORD_REG(ax), 80)

         AS2(    cmp     WORD_REG(si), 80)

         AS2(    cmovg   WORD_REG(si), WORD_REG(ax))

         AS2(    mov     SSE2_wordsLeft2, WORD_REG(si))

         AS2(    lea     WORD_REG(si), [WORD_REG(di)+WORD_REG(si)])      // use to end first inner loop

         AS2(    mov     SSE2_diEnd, WORD_REG(si))

 #ifdef CRYPTOPP_MSC_VERSION

         AS2(    lea     WORD_REG(si), s_sosemanukMulTables)

 #else

         AS2(    mov     WORD_REG(si), SSE2_pMulTables)

 #endif


         ASL(0)  // first inner loop, 20 words each, 4 iterations

         SSE2_STEP(0, 0)

         SSE2_STEP(1, 1)

         SSE2_STEP(2, 0)

         SSE2_STEP(3, 1)

         SSE2_STEP(4, 0)

         SSE2_STEP(5, 1)

         SSE2_STEP(6, 0)

         SSE2_STEP(7, 1)

         SSE2_STEP(8, 0)

         SSE2_STEP(9, 1)

         SSE2_STEP(10, 0)

         SSE2_STEP(11, 1)

         SSE2_STEP(12, 0)

         SSE2_STEP(13, 1)

         SSE2_STEP(14, 0)

         SSE2_STEP(15, 1)

         SSE2_STEP(16, 0)

         SSE2_STEP(17, 1)

         SSE2_STEP(18, 0)

         SSE2_STEP(19, 1)

         // loop

         AS2(    add     WORD_REG(di), 5*4)

         AS2(    cmp     WORD_REG(di), SSE2_diEnd)

         ASJ(    jne,    0, b)


         AS2(    mov     WORD_REG(ax), SSE2_input)

         AS2(    mov     AS_REG_7, SSE2_output)

         AS2(    lea     WORD_REG(di), [SSE2_uvStart])       // start of v and u

         AS2(    mov     WORD_REG(si), SSE2_wordsLeft2)


         ASL(1)  // second inner loop, 16 words each, 5 iterations

         AS2(    movdqa  xmm0, [WORD_REG(di)+0*20*4])

         AS2(    movdqa  xmm2, [WORD_REG(di)+2*20*4])

         AS2(    movdqa  xmm3, [WORD_REG(di)+3*20*4])

         AS2(    movdqa  xmm1, [WORD_REG(di)+1*20*4])

         // S2

         AS2(    movdqa  xmm4, xmm0)

         AS2(    pand    xmm0, xmm2)

         AS2(    pxor    xmm0, xmm3)

         AS2(    pxor    xmm2, xmm1)

         AS2(    pxor    xmm2, xmm0)

         AS2(    por     xmm3, xmm4)

         AS2(    pxor    xmm3, xmm1)

         AS2(    pxor    xmm4, xmm2)

         AS2(    movdqa  xmm1, xmm3)

         AS2(    por     xmm3, xmm4)

         AS2(    pxor    xmm3, xmm0)

         AS2(    pand    xmm0, xmm1)

         AS2(    pxor    xmm4, xmm0)

         AS2(    pxor    xmm1, xmm3)

         AS2(    pxor    xmm1, xmm4)

         AS2(    pxor    xmm4, xmm7)

         // xor with v

         AS2(    pxor    xmm2, [WORD_REG(di)+80*4])

         AS2(    pxor    xmm3, [WORD_REG(di)+80*5])

         AS2(    pxor    xmm1, [WORD_REG(di)+80*6])

         AS2(    pxor    xmm4, [WORD_REG(di)+80*7])

         // exit loop early if less than 16 words left to output

         // this is necessary because block size is 20 words, and we output 16 words in each iteration of this loop

         AS2(    cmp     WORD_REG(si), 16)

         ASJ(    jl,     4, f)

         // unpack

         AS2(    movdqa      xmm6, xmm2)

         AS2(    punpckldq   xmm2, xmm3)

         AS2(    movdqa      xmm5, xmm1)

         AS2(    punpckldq   xmm1, xmm4)

         AS2(    movdqa      xmm0, xmm2)

         AS2(    punpcklqdq  xmm2, xmm1)

         AS2(    punpckhqdq  xmm0, xmm1)

         AS2(    punpckhdq   xmm6, xmm3)

         AS2(    punpckhdq   xmm5, xmm4)

         AS2(    movdqa      xmm3, xmm6)

         AS2(    punpcklqdq  xmm6, xmm5)

         AS2(    punpckhqdq  xmm3, xmm5)


         // output keystream

         AS_XMM_OUTPUT4(SSE2_Sosemanuk_Output, WORD_REG(ax), AS_REG_7, 2,0,6,3, 1, 0,1,2,3, 4)


         // loop

         AS2(    add     WORD_REG(di), 4*4)

         AS2(    sub     WORD_REG(si), 16)

         ASJ(    jnz,    1, b)


         // outer loop

         AS2(    mov     WORD_REG(si), SSE2_wordsLeft)

         AS2(    sub     WORD_REG(si), 80)

         ASJ(    jz,     6, f)

         AS2(    mov     SSE2_wordsLeft, WORD_REG(si))

         AS2(    mov     SSE2_input, WORD_REG(ax))

         AS2(    mov     SSE2_output, AS_REG_7)

         ASJ(    jmp,    2, b)


         ASL(4)  // final output of less than 16 words

         AS2(    test    WORD_REG(ax), WORD_REG(ax))

         ASJ(    jz,     5, f)

         AS2(    movd    xmm0, dword ptr [WORD_REG(ax)+0*4])

         AS2(    pxor    xmm2, xmm0)

         AS2(    movd    xmm0, dword ptr [WORD_REG(ax)+1*4])

         AS2(    pxor    xmm3, xmm0)

         AS2(    movd    xmm0, dword ptr [WORD_REG(ax)+2*4])

         AS2(    pxor    xmm1, xmm0)

         AS2(    movd    xmm0, dword ptr [WORD_REG(ax)+3*4])

         AS2(    pxor    xmm4, xmm0)

         AS2(    add     WORD_REG(ax), 16)

         ASL(5)

         AS2(    movd    dword ptr [AS_REG_7+0*4], xmm2)

         AS2(    movd    dword ptr [AS_REG_7+1*4], xmm3)

         AS2(    movd    dword ptr [AS_REG_7+2*4], xmm1)

         AS2(    movd    dword ptr [AS_REG_7+3*4], xmm4)

         AS2(    sub     WORD_REG(si), 4)

         ASJ(    jz,     6, f)

         AS2(    add     AS_REG_7, 16)

         AS2(    psrldq  xmm2, 4)

         AS2(    psrldq  xmm3, 4)

         AS2(    psrldq  xmm1, 4)

         AS2(    psrldq  xmm4, 4)

         ASJ(    jmp,    4, b)


         ASL(6)  // save state

         AS2(    mov     AS_REG_6, SSE2_state)

         AS2(    movdqa  xmm0, [SSE2_stateCopy+0*16])

         AS2(    movdqa  [AS_REG_6+0*16], xmm0)

         AS2(    movdqa  xmm0, [SSE2_stateCopy+1*16])

         AS2(    movdqa  [AS_REG_6+1*16], xmm0)

         AS2(    movq    xmm0, QWORD PTR [SSE2_stateCopy+2*16])

         AS2(    movq    QWORD PTR [AS_REG_6+2*16], xmm0)

         AS2(    mov     [AS_REG_6+10*4], ecx)

         AS2(    mov     [AS_REG_6+11*4], edx)


         AS_POP_IF86(    sp)

         AS_POP_IF86(    bp)


 #ifdef __GNUC__

         AS_POP_IF86(    bx)

         ATT_PREFIX

             :

             : "a" (m_state.data()), "c" (iterationCount), "S" (s_sosemanukMulTables), "D" (output), "d" (input)

     #if CRYPTOPP_BOOL_X64

             , "r" (workspace.data())

             : "memory", "cc", "%r9", "%r10", "%xmm0", "%xmm1", "%xmm2", "%xmm3", "%xmm4", "%xmm5", "%xmm6", "%xmm7"

     #else

             : "memory", "cc"

     #endif

         );

 #endif

 #ifdef CRYPTOPP_GENERATE_X64_MASM

     movdqa  xmm6, [rsp + 02f0h]

     movdqa  xmm7, [rsp + 0300h]

     add     rsp, 80*4*2+12*4+8*WORD_SZ + 2*16+8

     pop     rdi

     pop     rsi

     ret

     Sosemanuk_OperateKeystream ENDP

 #else

     }

     else

 #endif

 #endif

 #ifndef CRYPTOPP_GENERATE_X64_MASM

     {

 #if (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64) && !defined(CRYPTOPP_DISABLE_SOSEMANUK_ASM)

 #define MUL_A(x)    (x = (rotlConstant<8>(x)), x ^ s_sosemanukMulTables[byte(x)])

 #else

 #define MUL_A(x)    (((x) << 8) ^ s_sosemanukMulTables[(x) >> 24])

 #endif


 #define DIV_A(x)    (((x) >> 8) ^ s_sosemanukMulTables[256 + byte(x)])


 #define r1(i) ((i%2) ? reg2 : reg1)

 #define r2(i) ((i%2) ? reg1 : reg2)


 #define STEP(x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, v, u)  \

         u = (s##x9 + r2(x0)) ^ r1(x0);\

         t = v = s##x0;\

         s##x0 = MUL_A(t) ^ DIV_A(s##x3) ^ s##x9;\

         r1(x0) += XMUX(r2(x0), s##x2, s##x9);\

         r2(x0) = rotlFixed(r2(x0) * 0x54655307, 7);\


 #define SOSEMANUK_OUTPUT(x) \

     CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 0, u2 ^ v0);\

     CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 1, u3 ^ v1);\

     CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 2, u1 ^ v2);\

     CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 3, u4 ^ v3);


 #define OUTPUT4 \

     S2(0, u0, u1, u2, u3, u4);\

     CRYPTOPP_KEYSTREAM_OUTPUT_SWITCH(SOSEMANUK_OUTPUT, 4*4);


     word32 s0 = m_state[0];

     word32 s1 = m_state[1];

     word32 s2 = m_state[2];

     word32 s3 = m_state[3];

     word32 s4 = m_state[4];

     word32 s5 = m_state[5];

     word32 s6 = m_state[6];

     word32 s7 = m_state[7];

     word32 s8 = m_state[8];

     word32 s9 = m_state[9];

     word32 reg1 = m_state[10];

     word32 reg2 = m_state[11];

     word32 t, u0, u1, u2, u3, u4, v0, v1, v2, v3;


     do

     {

         STEP(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, v0, u0)

         STEP(1, 2, 3, 4, 5, 6, 7, 8, 9, 0, v1, u1)

         STEP(2, 3, 4, 5, 6, 7, 8, 9, 0, 1, v2, u2)

         STEP(3, 4, 5, 6, 7, 8, 9, 0, 1, 2, v3, u3)

         OUTPUT4

         STEP(4, 5, 6, 7, 8, 9, 0, 1, 2, 3, v0, u0)

         STEP(5, 6, 7, 8, 9, 0, 1, 2, 3, 4, v1, u1)

         STEP(6, 7, 8, 9, 0, 1, 2, 3, 4, 5, v2, u2)

         STEP(7, 8, 9, 0, 1, 2, 3, 4, 5, 6, v3, u3)

         OUTPUT4

         STEP(8, 9, 0, 1, 2, 3, 4, 5, 6, 7, v0, u0)

         STEP(9, 0, 1, 2, 3, 4, 5, 6, 7, 8, v1, u1)

         STEP(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, v2, u2)

         STEP(1, 2, 3, 4, 5, 6, 7, 8, 9, 0, v3, u3)

         OUTPUT4

         STEP(2, 3, 4, 5, 6, 7, 8, 9, 0, 1, v0, u0)

         STEP(3, 4, 5, 6, 7, 8, 9, 0, 1, 2, v1, u1)

         STEP(4, 5, 6, 7, 8, 9, 0, 1, 2, 3, v2, u2)

         STEP(5, 6, 7, 8, 9, 0, 1, 2, 3, 4, v3, u3)

         OUTPUT4

         STEP(6, 7, 8, 9, 0, 1, 2, 3, 4, 5, v0, u0)

         STEP(7, 8, 9, 0, 1, 2, 3, 4, 5, 6, v1, u1)

         STEP(8, 9, 0, 1, 2, 3, 4, 5, 6, 7, v2, u2)

         STEP(9, 0, 1, 2, 3, 4, 5, 6, 7, 8, v3, u3)

         OUTPUT4

     }

     while (--iterationCount);


     m_state[0] = s0;

     m_state[1] = s1;

     m_state[2] = s2;

     m_state[3] = s3;

     m_state[4] = s4;

     m_state[5] = s5;

     m_state[6] = s6;

     m_state[7] = s7;

     m_state[8] = s8;

     m_state[9] = s9;

     m_state[10] = reg1;

     m_state[11] = reg2;

     }

 }


 NAMESPACE_END


 #endif // #ifndef CRYPTOPP_GENERATE_X64_MASM

FixedSizeAlignedSecBlock
Fixed size stack-based SecBlock with 16-byte alignment.
Definition: secblock.h:1259

NameValuePairs
Interface for retrieving values given their names.
Definition: cryptlib.h:327

SecBlock::data
A::pointer data()
Provides a pointer to the first element in the memory block.
Definition: secblock.h:857

config.h
Library configuration file.

CRYPTOPP_BOOL_X64
#define CRYPTOPP_BOOL_X64
32-bit x86 platform
Definition: config_cpu.h:48

word32
unsigned int word32
32-bit unsigned datatype
Definition: config_int.h:72

dword
word128 dword
Double word used for multiprecision integer arithmetic.
Definition: config_int.h:203

cpu.h
Functions for CPU features and intrinsics.

misc.h
Utility functions for the Crypto++ library.

CryptoPP
Crypto++ library namespace.

pch.h
Precompiled header file.

secblock.h
Classes and functions for secure memory allocations.

sosemanuk.h
Classes for Sosemanuk stream cipher.

KeystreamOperation
KeystreamOperation
Keystream operation flags.
Definition: strciphr.h:88

AdditiveCipherConcretePolicy< word32, 20 >::BYTES_PER_ITERATION
static const int BYTES_PER_ITERATION
Number of bytes for an iteration.
Definition: strciphr.h:211

BlockGetAndPut
Access a block of memory.
Definition: misc.h:3053

CRYPTOPP_ASSERT
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
Definition: trap.h:68