Cell B.E Crypto stuff

Martyr · 16-05-2009 2:00am #1

these are just placed here for anyone interested in how to "waste time" with a ps3

macros are for MD5 on the SPU.

nobody online has released info like this... so you saw it here first (joking, but serious too)
anybody at those blackhat meetings, you can dismiss them :P

[PHP]// selb replaces ((z) ^ ((x) & ((y) ^ (z))))
#define FF(a,b,c,d,x,t,s) \
data[x] = spu_insert(((unsigned int*)buf1)[x],data[x],0); \
data[x] = spu_insert(((unsigned int*)buf2)[x],data[x],1); \
data[x] = spu_insert(((unsigned int*)buf3)[x],data[x],2); \
data[x] = spu_insert(((unsigned int*)buf4)[x],data[x],3); \
a = spu_add(a, spu_splats((unsigned int)t)); \
a = spu_add(a, data[x]); \
a = spu_add(a, spu_sel(d,c,b)); \
a = spu_rl (a, s); \
a = spu_add(a, b);

// selb replaces ((y) ^ ((z) & ((x) ^ (y))))
#define GG(a,b,c,d,x,t,s) \
a = spu_add(a, spu_splats((unsigned int)t)); \
a = spu_add(a, data[x]); \
a = spu_add(a, spu_sel(c,b,d)); \
a = spu_rl (a, s); \
a = spu_add(a, b);

// same 2 xors here for ((x) ^ (y) ^ (z))
#define HH(a,b,c,d,x,t,s) \
a = spu_add(a, spu_splats((unsigned int)t)); \
a = spu_add(a, data[x]); \
a = spu_add(a, spu_xor(b,spu_xor(c,d))); \
a = spu_rl (a, s); \
a = spu_add(a, b);

// orc + xor used to replace ((y) ^ ((x) | ~(z)))
#define II(a,b,c,d,x,t,s) \
a = spu_add(a, spu_splats((unsigned int)t)); \
a = spu_add(a, data[x]); \
a = spu_add(a, spu_xor(c,spu_orc(b,d))); \
a = spu_rl (a, s); \
a = spu_add(a, b);[/PHP]

the md4/sha1 macros was something i wanted to write article about since NTLM1/SHA-1(many many password algorithms) use.

...tbc

Martyr · 16-05-2009 2:07am

[PHP]

.686
.xmm
.model flat,C

public ntlm1_hash

; ntlm1_hash( char buf1[], char buf2[], char buf3[], char buf4[], __m128i md4_hashes);

.code
align 16

xmA equ xmm4
xmB equ xmm5
xmC equ xmm6
xmD equ xmm7

ff macro xA,xB,xC,xD,x,s
movd xmm0, dword ptr[eax+4*x] ; buf1[x]
movd xmm1, dword ptr[ebx+4*x] ; buf2[x]

movd xmm2, dword ptr[ecx+4*x] ; buf3[x]
movd xmm3, dword ptr[edx+4*x] ; buf4[x]

punpckldq xmm0,xmm2
punpckldq xmm1,xmm3

punpckldq xmm0,xmm1
movdqa xmm2,xC

paddd xA,xmm0
pxor xmm2,xD

pand xmm2,xB
movdqa [edi],xmm0

pxor xmm2,xD
paddd xA,xmm2

movdqa xmm1,xA
pslld xA,s

psrld xmm1,32-s
por xA,xmm1

add edi,16 ; advance storage buffer of packed data

endm

gg macro xA,xB,xC,xD,x,s

movdqa xmm1,xC
movdqa xmm2,xC

pand xmm1,xD
por xmm2,xD

pand xmm2,xB
movdqa xmm0,[esi+16*x] ; get packed data

por xmm1,xmm2
paddd xA,xmm3 ; add known constant

paddd xA,xmm1
paddd xA,xmm0 ; add packed data

movdqa xmm1,xA
pslld xA,s

psrld xmm1,32-s
por xA,xmm1

endm

hh macro xA,xB,xC,xD,x,s

movdqa xmm1,xC
movdqa xmm0,[esi+16*x]

pxor xmm1,xD
pxor xmm1,xB

paddd xA,xmm0
paddd xA,xmm3 ; known constant

paddd xA,xmm1
movdqa xmm2,xA

pslld xA,s
psrld xmm2,32-s

por xA,xmm2

endm

ntlm1_hash:
align 16

;int 3

mov [esp- 4],ebx
mov [esp- 8],ebp
mov [esp-12],esi
mov [esp-16],edi

mov eax,[esp+ 4] ; buf1
mov ebx,[esp+ 8] ; buf2
mov ecx,[esp+12] ; buf3
mov edx,[esp+16] ; buf4
mov esi,[esp+20] ; md4_hashes

sub esp,4*4
mov ebp,esp ; save esp

; create local stack

and esp,-16 ; align by 16 bytes
sub esp,16*16 ; create space for 16 __m128i variables

mov [esp-4],esi

mov edi,esp ; store unpacked data in edi
mov esi,esp ; get data from esi in last 3 functions

movdqa xmA,[a_constant]
movdqa xmB,[b_constant]
movdqa xmC,[c_constant]
movdqa xmD,[d_constant]

;

ff xmA, xmB, xmC, xmD, 00, 03
ff xmD, xmA, xmB, xmC, 01, 07
ff xmC, xmD, xmA, xmB, 02, 11
ff xmB, xmC, xmD, xmA, 03, 19

ff xmA, xmB, xmC, xmD, 04, 03
ff xmD, xmA, xmB, xmC, 05, 07
ff xmC, xmD, xmA, xmB, 06, 11
ff xmB, xmC, xmD, xmA, 07, 19

ff xmA, xmB, xmC, xmD, 08, 03
ff xmD, xmA, xmB, xmC, 09, 07
ff xmC, xmD, xmA, xmB, 10, 11
ff xmB, xmC, xmD, xmA, 11, 19

ff xmA, xmB, xmC, xmD, 12, 03
ff xmD, xmA, xmB, xmC, 13, 07
ff xmC, xmD, xmA, xmB, 14, 11
ff xmB, xmC, xmD, xmA, 15, 19

;

movdqa xmm3,[gg_constant]

gg xmA, xmB, xmC, xmD, 00, 03
gg xmD, xmA, xmB, xmC, 04, 05
gg xmC, xmD, xmA, xmB, 08, 09
gg xmB, xmC, xmD, xmA, 12, 13

gg xmA, xmB, xmC, xmD, 01, 03
gg xmD, xmA, xmB, xmC, 05, 05
gg xmC, xmD, xmA, xmB, 09, 09
gg xmB, xmC, xmD, xmA, 13, 13

gg xmA, xmB, xmC, xmD, 02, 03
gg xmD, xmA, xmB, xmC, 06, 05
gg xmC, xmD, xmA, xmB, 10, 09
gg xmB, xmC, xmD, xmA, 14, 13

gg xmA, xmB, xmC, xmD, 03, 03
gg xmD, xmA, xmB, xmC, 07, 05
gg xmC, xmD, xmA, xmB, 11, 09
gg xmB, xmC, xmD, xmA, 15, 13

;

movdqa xmm3,[hh_constant]

hh xmA, xmB, xmC, xmD, 00, 03
hh xmD, xmA, xmB, xmC, 08, 09
hh xmC, xmD, xmA, xmB, 04, 11
hh xmB, xmC, xmD, xmA, 12, 15

hh xmA, xmB, xmC, xmD, 02, 03
hh xmD, xmA, xmB, xmC, 10, 09
hh xmC, xmD, xmA, xmB, 06, 11
hh xmB, xmC, xmD, xmA, 14, 15

hh xmA, xmB, xmC, xmD, 01, 03
hh xmD, xmA, xmB, xmC, 09, 09
hh xmC, xmD, xmA, xmB, 05, 11
hh xmB, xmC, xmD, xmA, 13, 15

hh xmA, xmB, xmC, xmD, 03, 03
hh xmD, xmA, xmB, xmC, 11, 09
hh xmC, xmD, xmA, xmB, 07, 11
hh xmB, xmC, xmD, xmA, 15, 15

;

paddd xmA,[a_constant]
paddd xmB,[b_constant]
paddd xmC,[c_constant]
paddd xmD,[d_constant]

;int 3

mov eax,[esp-4]
mov ebx,[esp-4]

movdqa [eax+00],xmA
movdqa [ebx+16],xmB

movdqa [eax+32],xmC
movdqa [ebx+48],xmD

; cleanup stack

mov esp,ebp
add esp,4*4

mov ebx,[esp- 4]
mov ebp,[esp- 8]
mov esi,[esp-12]
mov edi,[esp-16]
ret

align 16

a_constant dd 4 dup (067452301h)
b_constant dd 4 dup (0efcdab89h)
c_constant dd 4 dup (098badcfeh)
d_constant dd 4 dup (010325476h)

gg_constant dd 4 dup (05a827999h)
hh_constant dd 4 dup (06ed9eba1h)

end[/PHP]

Martyr · 16-05-2009 7:10am

[PHP]spu of ps3
Vectorized MD5 - 1x - 16,500,000
Vectorized MD5 - 2x - 20,000,000

Vectorized MD4 - 1x - 20,000,000
Vectorized MD4 - 2x - 25,000,000[/PHP]

[PHP]In the G function of MD4 and SHA-1 we have the following expression:

(((x) & (y)) | ((x) & (z)) | ((y) & (z)))

This was optimized to:

(x & y) | (z & (x | y))

and using the SPU or PPE vector instructions, we can
do it with 2 VSEL or SELB opcodes.

Bit selector instructions SELB and VSEL can be used to reduce
code size.

t = spu_sel(y,x,spu_sel(y,x,z));[/PHP]

Thomas_S_Hunterson · 16-05-2009 8:45am

/backs away slowly

Cell B.E Crypto stuff

Comments