diff options
author | Jussi Kivilinna <jussi.kivilinna@iki.fi> | 2016-12-10 12:29:12 +0200 |
---|---|---|
committer | Jussi Kivilinna <jussi.kivilinna@iki.fi> | 2016-12-10 12:29:12 +0200 |
commit | 2d2e5286d53e1f62fe040dff4c6e01961f00afe2 (patch) | |
tree | 6e1b88b6ec0ef96de23a0c67278276edb1de626f /cipher/twofish.c | |
parent | 161d339f48c03be7fd0f4249d730f7f1767ef8e4 (diff) | |
download | libgcrypt-2d2e5286d53e1f62fe040dff4c6e01961f00afe2.tar.gz |
OCB: Move large L handling from bottom to upper level
* cipher/cipher-ocb.c (_gcry_cipher_ocb_get_l): Remove.
(ocb_get_L_big): New.
(_gcry_cipher_ocb_authenticate): L-big handling done in upper
processing loop, so that lower level never sees the case where
'aad_nblocks % 65536 == 0'; Add missing stack burn.
(ocb_aad_finalize): Add missing stack burn.
(ocb_crypt): L-big handling done in upper processing loop, so that
lower level never sees the case where 'data_nblocks % 65536 == 0'.
* cipher/cipher-internal.h (_gcry_cipher_ocb_get_l): Remove.
(ocb_get_l): Remove 'l_tmp' usage and simplify since input
is more limited now, 'N is not multiple of 65536'.
* cipher/rijndael-aesni.c (get_l): Remove.
(aesni_ocb_enc, aesni_ocb_dec, _gcry_aes_aesni_ocb_auth): Remove
l_tmp; Use 'ocb_get_l'.
* cipher/rijndael-ssse3-amd64.c (get_l): Remove.
(ssse3_ocb_enc, ssse3_ocb_dec, _gcry_aes_ssse3_ocb_auth): Remove
l_tmp; Use 'ocb_get_l'.
* cipher/camellia-glue.c: Remove OCB l_tmp usage.
* cipher/rijndael-armv8-ce.c: Ditto.
* cipher/rijndael.c: Ditto.
* cipher/serpent.c: Ditto.
* cipher/twofish.c: Ditto.
--
Move large L value generation to up-most level to simplify lower level
ocb_get_l for greater performance and simpler implementation. This helps
implementing OCB in assembly as 'ocb_get_l' no longer has function call
on slow-path.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Diffstat (limited to 'cipher/twofish.c')
-rw-r--r-- | cipher/twofish.c | 20 |
1 files changed, 6 insertions, 14 deletions
diff --git a/cipher/twofish.c b/cipher/twofish.c index 7a4d26a5..55f6fb98 100644 --- a/cipher/twofish.c +++ b/cipher/twofish.c @@ -1261,7 +1261,6 @@ _gcry_twofish_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg, TWOFISH_context *ctx = (void *)&c->context.c; unsigned char *outbuf = outbuf_arg; const unsigned char *inbuf = inbuf_arg; - unsigned char l_tmp[TWOFISH_BLOCKSIZE]; unsigned int burn, burn_stack_depth = 0; u64 blkn = c->u_mode.ocb.data_nblocks; @@ -1273,10 +1272,9 @@ _gcry_twofish_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg, /* Process data in 3 block chunks. */ while (nblocks >= 3) { - /* l_tmp will be used only every 65536-th block. */ - Ls[0] = (uintptr_t)(const void *)ocb_get_l(c, l_tmp, blkn + 1); - Ls[1] = (uintptr_t)(const void *)ocb_get_l(c, l_tmp, blkn + 2); - Ls[2] = (uintptr_t)(const void *)ocb_get_l(c, l_tmp, blkn + 3); + Ls[0] = (uintptr_t)(const void *)ocb_get_l(c, blkn + 1); + Ls[1] = (uintptr_t)(const void *)ocb_get_l(c, blkn + 2); + Ls[2] = (uintptr_t)(const void *)ocb_get_l(c, blkn + 3); blkn += 3; if (encrypt) @@ -1300,8 +1298,6 @@ _gcry_twofish_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg, c->u_mode.ocb.data_nblocks = blkn; - wipememory(&l_tmp, sizeof(l_tmp)); - if (burn_stack_depth) _gcry_burn_stack (burn_stack_depth + 4 * sizeof(void *)); #else @@ -1322,7 +1318,6 @@ _gcry_twofish_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg, #ifdef USE_AMD64_ASM TWOFISH_context *ctx = (void *)&c->context.c; const unsigned char *abuf = abuf_arg; - unsigned char l_tmp[TWOFISH_BLOCKSIZE]; unsigned int burn, burn_stack_depth = 0; u64 blkn = c->u_mode.ocb.aad_nblocks; @@ -1334,10 +1329,9 @@ _gcry_twofish_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg, /* Process data in 3 block chunks. */ while (nblocks >= 3) { - /* l_tmp will be used only every 65536-th block. */ - Ls[0] = (uintptr_t)(const void *)ocb_get_l(c, l_tmp, blkn + 1); - Ls[1] = (uintptr_t)(const void *)ocb_get_l(c, l_tmp, blkn + 2); - Ls[2] = (uintptr_t)(const void *)ocb_get_l(c, l_tmp, blkn + 3); + Ls[0] = (uintptr_t)(const void *)ocb_get_l(c, blkn + 1); + Ls[1] = (uintptr_t)(const void *)ocb_get_l(c, blkn + 2); + Ls[2] = (uintptr_t)(const void *)ocb_get_l(c, blkn + 3); blkn += 3; twofish_amd64_ocb_auth(ctx, abuf, c->u_mode.ocb.aad_offset, @@ -1356,8 +1350,6 @@ _gcry_twofish_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg, c->u_mode.ocb.aad_nblocks = blkn; - wipememory(&l_tmp, sizeof(l_tmp)); - if (burn_stack_depth) _gcry_burn_stack (burn_stack_depth + 4 * sizeof(void *)); #else |