diff options
author | Jussi Kivilinna <jussi.kivilinna@iki.fi> | 2016-12-10 12:29:12 +0200 |
---|---|---|
committer | Jussi Kivilinna <jussi.kivilinna@iki.fi> | 2016-12-10 12:29:12 +0200 |
commit | 2d2e5286d53e1f62fe040dff4c6e01961f00afe2 (patch) | |
tree | 6e1b88b6ec0ef96de23a0c67278276edb1de626f /cipher/serpent.c | |
parent | 161d339f48c03be7fd0f4249d730f7f1767ef8e4 (diff) | |
download | libgcrypt-2d2e5286d53e1f62fe040dff4c6e01961f00afe2.tar.gz |
OCB: Move large L handling from bottom to upper level
* cipher/cipher-ocb.c (_gcry_cipher_ocb_get_l): Remove.
(ocb_get_L_big): New.
(_gcry_cipher_ocb_authenticate): L-big handling done in upper
processing loop, so that lower level never sees the case where
'aad_nblocks % 65536 == 0'; Add missing stack burn.
(ocb_aad_finalize): Add missing stack burn.
(ocb_crypt): L-big handling done in upper processing loop, so that
lower level never sees the case where 'data_nblocks % 65536 == 0'.
* cipher/cipher-internal.h (_gcry_cipher_ocb_get_l): Remove.
(ocb_get_l): Remove 'l_tmp' usage and simplify since input
is more limited now, 'N is not multiple of 65536'.
* cipher/rijndael-aesni.c (get_l): Remove.
(aesni_ocb_enc, aesni_ocb_dec, _gcry_aes_aesni_ocb_auth): Remove
l_tmp; Use 'ocb_get_l'.
* cipher/rijndael-ssse3-amd64.c (get_l): Remove.
(ssse3_ocb_enc, ssse3_ocb_dec, _gcry_aes_ssse3_ocb_auth): Remove
l_tmp; Use 'ocb_get_l'.
* cipher/camellia-glue.c: Remove OCB l_tmp usage.
* cipher/rijndael-armv8-ce.c: Ditto.
* cipher/rijndael.c: Ditto.
* cipher/serpent.c: Ditto.
* cipher/twofish.c: Ditto.
--
Move large L value generation to up-most level to simplify lower level
ocb_get_l for greater performance and simpler implementation. This helps
implementing OCB in assembly as 'ocb_get_l' no longer has function call
on slow-path.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Diffstat (limited to 'cipher/serpent.c')
-rw-r--r-- | cipher/serpent.c | 24 |
1 files changed, 6 insertions, 18 deletions
diff --git a/cipher/serpent.c b/cipher/serpent.c index ef19d3be..ea4b8edc 100644 --- a/cipher/serpent.c +++ b/cipher/serpent.c @@ -1235,7 +1235,6 @@ _gcry_serpent_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg, serpent_context_t *ctx = (void *)&c->context.c; unsigned char *outbuf = outbuf_arg; const unsigned char *inbuf = inbuf_arg; - unsigned char l_tmp[sizeof(serpent_block_t)]; int burn_stack_depth = 2 * sizeof (serpent_block_t); u64 blkn = c->u_mode.ocb.data_nblocks; #else @@ -1275,9 +1274,8 @@ _gcry_serpent_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg, /* Process data in 16 block chunks. */ while (nblocks >= 16) { - /* l_tmp will be used only every 65536-th block. */ blkn += 16; - *l = (uintptr_t)(void *)ocb_get_l(c, l_tmp, blkn - blkn % 16); + *l = (uintptr_t)(void *)ocb_get_l(c, blkn - blkn % 16); if (encrypt) _gcry_serpent_avx2_ocb_enc(ctx, outbuf, inbuf, c->u_iv.iv, @@ -1327,9 +1325,8 @@ _gcry_serpent_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg, /* Process data in 8 block chunks. */ while (nblocks >= 8) { - /* l_tmp will be used only every 65536-th block. */ blkn += 8; - *l = (uintptr_t)(void *)ocb_get_l(c, l_tmp, blkn - blkn % 8); + *l = (uintptr_t)(void *)ocb_get_l(c, blkn - blkn % 8); if (encrypt) _gcry_serpent_sse2_ocb_enc(ctx, outbuf, inbuf, c->u_iv.iv, @@ -1378,9 +1375,8 @@ _gcry_serpent_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg, /* Process data in 8 block chunks. */ while (nblocks >= 8) { - /* l_tmp will be used only every 65536-th block. */ blkn += 8; - *l = ocb_get_l(c, l_tmp, blkn - blkn % 8); + *l = ocb_get_l(c, blkn - blkn % 8); if (encrypt) _gcry_serpent_neon_ocb_enc(ctx, outbuf, inbuf, c->u_iv.iv, @@ -1410,8 +1406,6 @@ _gcry_serpent_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg, #if defined(USE_AVX2) || defined(USE_SSE2) || defined(USE_NEON) c->u_mode.ocb.data_nblocks = blkn; - wipememory(&l_tmp, sizeof(l_tmp)); - if (burn_stack_depth) _gcry_burn_stack (burn_stack_depth + 4 * sizeof(void *)); #endif @@ -1427,7 +1421,6 @@ _gcry_serpent_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg, #if defined(USE_AVX2) || defined(USE_SSE2) || defined(USE_NEON) serpent_context_t *ctx = (void *)&c->context.c; const unsigned char *abuf = abuf_arg; - unsigned char l_tmp[sizeof(serpent_block_t)]; int burn_stack_depth = 2 * sizeof(serpent_block_t); u64 blkn = c->u_mode.ocb.aad_nblocks; #else @@ -1465,9 +1458,8 @@ _gcry_serpent_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg, /* Process data in 16 block chunks. */ while (nblocks >= 16) { - /* l_tmp will be used only every 65536-th block. */ blkn += 16; - *l = (uintptr_t)(void *)ocb_get_l(c, l_tmp, blkn - blkn % 16); + *l = (uintptr_t)(void *)ocb_get_l(c, blkn - blkn % 16); _gcry_serpent_avx2_ocb_auth(ctx, abuf, c->u_mode.ocb.aad_offset, c->u_mode.ocb.aad_sum, Ls); @@ -1512,9 +1504,8 @@ _gcry_serpent_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg, /* Process data in 8 block chunks. */ while (nblocks >= 8) { - /* l_tmp will be used only every 65536-th block. */ blkn += 8; - *l = (uintptr_t)(void *)ocb_get_l(c, l_tmp, blkn - blkn % 8); + *l = (uintptr_t)(void *)ocb_get_l(c, blkn - blkn % 8); _gcry_serpent_sse2_ocb_auth(ctx, abuf, c->u_mode.ocb.aad_offset, c->u_mode.ocb.aad_sum, Ls); @@ -1558,9 +1549,8 @@ _gcry_serpent_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg, /* Process data in 8 block chunks. */ while (nblocks >= 8) { - /* l_tmp will be used only every 65536-th block. */ blkn += 8; - *l = ocb_get_l(c, l_tmp, blkn - blkn % 8); + *l = ocb_get_l(c, blkn - blkn % 8); _gcry_serpent_neon_ocb_auth(ctx, abuf, c->u_mode.ocb.aad_offset, c->u_mode.ocb.aad_sum, Ls); @@ -1585,8 +1575,6 @@ _gcry_serpent_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg, #if defined(USE_AVX2) || defined(USE_SSE2) || defined(USE_NEON) c->u_mode.ocb.aad_nblocks = blkn; - wipememory(&l_tmp, sizeof(l_tmp)); - if (burn_stack_depth) _gcry_burn_stack (burn_stack_depth + 4 * sizeof(void *)); #endif |