diff options
| author | Jussi Kivilinna <jussi.kivilinna@iki.fi> | 2016-12-10 12:29:12 +0200 |
|---|---|---|
| committer | Jussi Kivilinna <jussi.kivilinna@iki.fi> | 2016-12-10 12:29:12 +0200 |
| commit | 2d2e5286d53e1f62fe040dff4c6e01961f00afe2 (patch) | |
| tree | 6e1b88b6ec0ef96de23a0c67278276edb1de626f /cipher/rijndael-armv8-ce.c | |
| parent | 161d339f48c03be7fd0f4249d730f7f1767ef8e4 (diff) | |
| download | libgcrypt-2d2e5286d53e1f62fe040dff4c6e01961f00afe2.tar.gz | |
OCB: Move large L handling from bottom to upper level
* cipher/cipher-ocb.c (_gcry_cipher_ocb_get_l): Remove.
(ocb_get_L_big): New.
(_gcry_cipher_ocb_authenticate): L-big handling done in upper
processing loop, so that lower level never sees the case where
'aad_nblocks % 65536 == 0'; Add missing stack burn.
(ocb_aad_finalize): Add missing stack burn.
(ocb_crypt): L-big handling done in upper processing loop, so that
lower level never sees the case where 'data_nblocks % 65536 == 0'.
* cipher/cipher-internal.h (_gcry_cipher_ocb_get_l): Remove.
(ocb_get_l): Remove 'l_tmp' usage and simplify since input
is more limited now, 'N is not multiple of 65536'.
* cipher/rijndael-aesni.c (get_l): Remove.
(aesni_ocb_enc, aesni_ocb_dec, _gcry_aes_aesni_ocb_auth): Remove
l_tmp; Use 'ocb_get_l'.
* cipher/rijndael-ssse3-amd64.c (get_l): Remove.
(ssse3_ocb_enc, ssse3_ocb_dec, _gcry_aes_ssse3_ocb_auth): Remove
l_tmp; Use 'ocb_get_l'.
* cipher/camellia-glue.c: Remove OCB l_tmp usage.
* cipher/rijndael-armv8-ce.c: Ditto.
* cipher/rijndael.c: Ditto.
* cipher/serpent.c: Ditto.
* cipher/twofish.c: Ditto.
--
Move large L value generation to up-most level to simplify lower level
ocb_get_l for greater performance and simpler implementation. This helps
implementing OCB in assembly as 'ocb_get_l' no longer has function call
on slow-path.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Diffstat (limited to 'cipher/rijndael-armv8-ce.c')
| -rw-r--r-- | cipher/rijndael-armv8-ce.c | 20 |
1 files changed, 6 insertions, 14 deletions
diff --git a/cipher/rijndael-armv8-ce.c b/cipher/rijndael-armv8-ce.c index bed40665..1bf74da6 100644 --- a/cipher/rijndael-armv8-ce.c +++ b/cipher/rijndael-armv8-ce.c @@ -336,7 +336,6 @@ _gcry_aes_armv8_ce_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg, u64 blkn = c->u_mode.ocb.data_nblocks; u64 blkn_offs = blkn - blkn % 32; unsigned int n = 32 - blkn % 32; - unsigned char l_tmp[16]; void *Ls[32]; void **l; size_t i; @@ -364,9 +363,8 @@ _gcry_aes_armv8_ce_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg, /* Process data in 32 block chunks. */ while (nblocks >= 32) { - /* l_tmp will be used only every 65536-th block. */ blkn_offs += 32; - *l = (void *)ocb_get_l(c, l_tmp, blkn_offs); + *l = (void *)ocb_get_l(c, blkn_offs); crypt_fn(keysched, outbuf, inbuf, c->u_iv.iv, c->u_ctr.ctr, Ls, 32, nrounds); @@ -378,13 +376,13 @@ _gcry_aes_armv8_ce_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg, if (nblocks && l < &Ls[nblocks]) { - *l = (void *)ocb_get_l(c, l_tmp, 32 + blkn_offs); + *l = (void *)ocb_get_l(c, 32 + blkn_offs); } } else { for (i = 0; i < nblocks; i++) - Ls[i] = (void *)ocb_get_l(c, l_tmp, ++blkn); + Ls[i] = (void *)ocb_get_l(c, ++blkn); } if (nblocks) @@ -392,8 +390,6 @@ _gcry_aes_armv8_ce_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg, crypt_fn(keysched, outbuf, inbuf, c->u_iv.iv, c->u_ctr.ctr, Ls, nblocks, nrounds); } - - wipememory(&l_tmp, sizeof(l_tmp)); } void @@ -407,7 +403,6 @@ _gcry_aes_armv8_ce_ocb_auth (gcry_cipher_hd_t c, void *abuf_arg, u64 blkn = c->u_mode.ocb.aad_nblocks; u64 blkn_offs = blkn - blkn % 32; unsigned int n = 32 - blkn % 32; - unsigned char l_tmp[16]; void *Ls[32]; void **l; size_t i; @@ -435,9 +430,8 @@ _gcry_aes_armv8_ce_ocb_auth (gcry_cipher_hd_t c, void *abuf_arg, /* Process data in 32 block chunks. */ while (nblocks >= 32) { - /* l_tmp will be used only every 65536-th block. */ blkn_offs += 32; - *l = (void *)ocb_get_l(c, l_tmp, blkn_offs); + *l = (void *)ocb_get_l(c, blkn_offs); _gcry_aes_ocb_auth_armv8_ce(keysched, abuf, c->u_mode.ocb.aad_offset, c->u_mode.ocb.aad_sum, Ls, 32, nrounds); @@ -448,13 +442,13 @@ _gcry_aes_armv8_ce_ocb_auth (gcry_cipher_hd_t c, void *abuf_arg, if (nblocks && l < &Ls[nblocks]) { - *l = (void *)ocb_get_l(c, l_tmp, 32 + blkn_offs); + *l = (void *)ocb_get_l(c, 32 + blkn_offs); } } else { for (i = 0; i < nblocks; i++) - Ls[i] = (void *)ocb_get_l(c, l_tmp, ++blkn); + Ls[i] = (void *)ocb_get_l(c, ++blkn); } if (nblocks) @@ -462,8 +456,6 @@ _gcry_aes_armv8_ce_ocb_auth (gcry_cipher_hd_t c, void *abuf_arg, _gcry_aes_ocb_auth_armv8_ce(keysched, abuf, c->u_mode.ocb.aad_offset, c->u_mode.ocb.aad_sum, Ls, nblocks, nrounds); } - - wipememory(&l_tmp, sizeof(l_tmp)); } #endif /* USE_ARM_CE */ |