Hi guys.
I am trying to do a multiplication in GF to a 128 bit block.
But I have completely different results than I should. For example, if multiplied(Case 2: Test vectors):
H = 0x66e94bd4ef8a2c3b884cfa59ca342b2e
C = 0x0388dace60b6a392f328c2b971b2fe78
H * C = 0x5e2ec746917062882c85b0685353deb7
I'm confused, I don't know if I have a problem with my code, or I didn't understand any part of the algorithm. I don't know if I have a problem when passing the two values H and C, such as the small endian and the big endian ...
But in GCM theory for bytes it uses big endian.
GCM document
The code is oriented on algorithm 1 on page 8.
I have checked that the bit movements in my code were fine, and the counter, so I don't understand how I get wrong results, what is wrong?
Regards.
I am trying to do a multiplication in GF to a 128 bit block.
But I have completely different results than I should. For example, if multiplied(Case 2: Test vectors):
H = 0x66e94bd4ef8a2c3b884cfa59ca342b2e
C = 0x0388dace60b6a392f328c2b971b2fe78
H * C = 0x5e2ec746917062882c85b0685353deb7
I'm confused, I don't know if I have a problem with my code, or I didn't understand any part of the algorithm. I don't know if I have a problem when passing the two values H and C, such as the small endian and the big endian ...
But in GCM theory for bytes it uses big endian.
Code:
.section .text
.globl _start
.align 16
_start:
# xmm0 | Z
# rsp | Y
# rsp-16 | V
pxor %xmm0, %xmm0
movq $-16, %rax # byte position
_l01:
xorq %r8, %r8 # bit position
movq $-8, %r9 # bit count
_l0:
btq %r8, 16(%rsp, %rax) # check the bit posotion 0 - 7
jnc _l1 # bit equal to 0, jump to _l1
movdqu -16(%rsp), %xmm3
pxor %xmm3, %xmm0 # bit equal to 1, Z = Z xor V
_l1:
movq -8(%rsp), %r10
movq %r10, %rbx
shlq $63, %rbx
shrq $1, -8(%rsp)
shrq $1, -16(%rsp) #Rightshift V in memory and xored by R
orq %rbx, -16(%rsp)
btq $63, %r10
jnc _l3
xorb $0xe1, -1(%rsp)
_l3:
incq %r8 #next bit position
incq %r9 #bit count addition
js _l0 #r9 equal to signed, next bit
# else go to the next byte
incq %rax #byte addition, rax equal to 0, block finished
js _l01 # else next byte
# END - ret xmm0 entire block 128 bits
#Explanation of Rightshift V in memory
#rsp-16 = 0x80000000000000010000000000000000
#movq -8(%rsp), %rbx //rbx = 0x8000000000000001
#shlq $63, %rbx //rbx = 0x8000000000000000
#shrq $1, -8(%rsp) //rsp-8 = 0x4000000000000000
#shrq $1, -16(%rsp) //rsp-16 = 0x0000000000000000
#orq %rbx, -16(%rsp) //rsp-16 = 0x8000000000000000
#btq $63, %r10 // check the bit V[127]
#jnc _l3 // V[127] equal to 0, no xored
#xorb $0xe1, -1(%rsp) // else, V[127] equal to 1, xored by R rsp-1 = 0xa100000000000000
#result rsp-16 = 0xa1000000000000008000000000000000
GCM document
The code is oriented on algorithm 1 on page 8.
I have checked that the bit movements in my code were fine, and the counter, so I don't understand how I get wrong results, what is wrong?
Regards.
Last edited: