arne
/
cryptopp
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix carry bug in AdvancedProcessBlocks128_6x1_ALTIVEC

pull/703/head
Jeffrey Walton 2018-08-13 01:44:23 -04:00
parent 7dc2e6ea31
commit de7f4a0894
No known key found for this signature in database
GPG Key ID: B36AB348921B1838
2 changed files with 18 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
adv-simd.h
View File

@ -1830,7 +1830,7 @@ inline size_t AdvancedProcessBlocks128_6x1_ALTIVEC(F1 func1, F6 func6,
{ {
while (length >= 6*blockSize) while (length >= 6*blockSize)
{ {
uint32x4_p block0, block1, block2, block3, block4, block5, temp; uint32x4_p block0, block1, block2, block3, block4, block5;
if (flags & BT_InBlockIsCounter) if (flags & BT_InBlockIsCounter)
{ {
@ -1840,7 +1840,21 @@ inline size_t AdvancedProcessBlocks128_6x1_ALTIVEC(F1 func1, F6 func6,
block3 = VectorAdd(block2, s_one); block3 = VectorAdd(block2, s_one);
block4 = VectorAdd(block3, s_one); block4 = VectorAdd(block3, s_one);
block5 = VectorAdd(block4, s_one); block5 = VectorAdd(block4, s_one);
temp = VectorAdd(block5, s_one);
// Hack due to big-endian loads used by POWER8 (and maybe ARM-BE).
// CTR_ModePolicy::OperateKeystream is wired such that after
// returning from this function if the last counter byte is 0 then
// CTR_ModePolicy increments the next to last byte. The problem is,
// with a big-endian load, inBlocks[15] is located at index 15. The
// vector addition using a 32-bit element generates a carry into
// inBlocks[14] and then CTR_ModePolicy increments inBlocks[14] too.
//
// To find this bug we needed a test case with a ctr of 0xNN...FA.
// The last octet is 0xFA and adding 6 creates the wrap to trigger
// the issue. If the last octet was 0xFC then 4 would trigger it.
// We dumb-lucked into the test with SPECK-128. The test case of
// interest is the one with IV 348ECA9766C09F04 826520DE47A212FA.
uint8x16_p temp = VectorAdd((uint8x16_p)block5, (uint8x16_p)s_one);
VectorStoreBE(temp, const_cast<byte*>(inBlocks)); VectorStoreBE(temp, const_cast<byte*>(inBlocks));
} }
else else

4
ppc-simd.h
View File

@ -421,9 +421,9 @@ inline uint32x4_p VectorLoadBE(int off, const byte src[16])
return (uint32x4_p)vec_xl_be(off, (byte*)src); return (uint32x4_p)vec_xl_be(off, (byte*)src);
#else #else
# if defined(CRYPTOPP_BIG_ENDIAN) # if defined(CRYPTOPP_BIG_ENDIAN)
return (uint32x4_p)vec_vsx_ld(off, src); return (uint32x4_p)vec_vsx_ld(off, (byte*)src);
# else # else
return (uint32x4_p)Reverse(vec_vsx_ld(off, src)); return (uint32x4_p)Reverse(vec_vsx_ld(off, (byte*)src));
# endif # endif
#endif #endif
} }