diff options
| author | Niels Möller <nisse@lysator.liu.se> | 2022-02-10 18:32:12 +0100 |
|---|---|---|
| committer | Niels Möller <nisse@lysator.liu.se> | 2022-02-10 18:32:12 +0100 |
| commit | 23f75f58f9b71e39756858cb6747e542c7c759e3 (patch) | |
| tree | 6bd84b50e696f86965a45f86ce9f8a0161806a00 /gcm.c | |
| parent | 483ccbc9c3e06c2aaef79e3ed8d12f073a0e9b61 (diff) | |
| download | nettle-23f75f58f9b71e39756858cb6747e542c7c759e3.tar.gz | |
Rearrange gcm configuration defines, and add tests for internal functions.
Diffstat (limited to 'gcm.c')
| -rw-r--r-- | gcm.c | 53 |
1 files changed, 20 insertions, 33 deletions
@@ -56,15 +56,6 @@ #include "ctr-internal.h" #include "block-internal.h" -#if GCM_TABLE_BITS != 8 -/* The native implementations (currently ppc64 only) depend on the - GCM_TABLE_BITS == 8 layout */ -#undef HAVE_NATIVE_gcm_hash -#undef HAVE_NATIVE_gcm_init_key -#undef HAVE_NATIVE_fat_gcm_hash -#undef HAVE_NATIVE_fat_gcm_init_key -#endif - #if !HAVE_NATIVE_gcm_hash # if GCM_TABLE_BITS == 0 /* Sets x <- x * y mod r, using the plain bitwise algorithm from the @@ -151,13 +142,7 @@ gcm_gf_mul (union nettle_block16 *x, const union nettle_block16 *table) memcpy (x->b, Z.b, sizeof(Z)); } # elif GCM_TABLE_BITS == 8 -# if HAVE_NATIVE_gcm_hash8 - -#define _nettle_gcm_hash _nettle_gcm_hash8 -void -_nettle_gcm_hash8 (const struct gcm_key *key, union nettle_block16 *x, - size_t length, const uint8_t *data); -# else /* !HAVE_NATIVE_gcm_hash8 */ +# if !HAVE_NATIVE_gcm_hash8 static const uint16_t shift_table[0x100] = { W(00,00),W(01,c2),W(03,84),W(02,46),W(07,08),W(06,ca),W(04,8c),W(05,4e), @@ -267,6 +252,16 @@ _nettle_gcm_init_key_c(union nettle_block16 *table) } #endif /* !HAVE_NATIVE_gcm_init_key */ +void +_nettle_gcm_set_key (struct gcm_key *gcm, const uint8_t *key) +{ + memset (gcm->h[0].b, 0, GCM_BLOCK_SIZE); + /* Middle element if GCM_TABLE_BITS > 0, otherwise the first + element */ + memcpy (gcm->h[(1<<GCM_TABLE_BITS)/2].b, key, GCM_BLOCK_SIZE); + _nettle_gcm_init_key(gcm->h); +} + /* Initialization of GCM. * @ctx: The context of GCM * @cipher: The context of the underlying block cipher @@ -276,22 +271,14 @@ void gcm_set_key(struct gcm_key *key, const void *cipher, nettle_cipher_func *f) { - /* Middle element if GCM_TABLE_BITS > 0, otherwise the first - element */ - unsigned i = (1<<GCM_TABLE_BITS)/2; + static const union nettle_block16 zero_block; + union nettle_block16 key_block; + f (cipher, GCM_BLOCK_SIZE, key_block.b, zero_block.b); - /* H */ - memset(key->h[0].b, 0, GCM_BLOCK_SIZE); - f (cipher, GCM_BLOCK_SIZE, key->h[i].b, key->h[0].b); - - _nettle_gcm_init_key(key->h); + _nettle_gcm_set_key (key, key_block.b); } #if !(HAVE_NATIVE_gcm_hash || HAVE_NATIVE_gcm_hash8) -# if !HAVE_NATIVE_fat_gcm_hash -# define _nettle_gcm_hash _nettle_gcm_hash_c -static -# endif void _nettle_gcm_hash_c(const struct gcm_key *key, union nettle_block16 *x, size_t length, const uint8_t *data) @@ -322,7 +309,7 @@ gcm_hash_sizes(const struct gcm_key *key, union nettle_block16 *x, WRITE_UINT64 (buffer, auth_size); WRITE_UINT64 (buffer + 8, data_size); - _nettle_gcm_hash(key, x, GCM_BLOCK_SIZE, buffer); + _gcm_hash(key, x, GCM_BLOCK_SIZE, buffer); } /* NOTE: The key is needed only if length != GCM_IV_SIZE */ @@ -341,7 +328,7 @@ gcm_set_iv(struct gcm_ctx *ctx, const struct gcm_key *key, else { memset(ctx->iv.b, 0, GCM_BLOCK_SIZE); - _nettle_gcm_hash(key, &ctx->iv, length, iv); + _gcm_hash(key, &ctx->iv, length, iv); gcm_hash_sizes(key, &ctx->iv, 0, length); } @@ -360,7 +347,7 @@ gcm_update(struct gcm_ctx *ctx, const struct gcm_key *key, assert(ctx->auth_size % GCM_BLOCK_SIZE == 0); assert(ctx->data_size == 0); - _nettle_gcm_hash(key, &ctx->x, length, data); + _gcm_hash(key, &ctx->x, length, data); ctx->auth_size += length; } @@ -431,7 +418,7 @@ gcm_encrypt (struct gcm_ctx *ctx, const struct gcm_key *key, assert(ctx->data_size % GCM_BLOCK_SIZE == 0); _nettle_ctr_crypt16(cipher, f, gcm_fill, ctx->ctr.b, length, dst, src); - _nettle_gcm_hash(key, &ctx->x, length, dst); + _gcm_hash(key, &ctx->x, length, dst); ctx->data_size += length; } @@ -443,7 +430,7 @@ gcm_decrypt(struct gcm_ctx *ctx, const struct gcm_key *key, { assert(ctx->data_size % GCM_BLOCK_SIZE == 0); - _nettle_gcm_hash(key, &ctx->x, length, src); + _gcm_hash(key, &ctx->x, length, src); _nettle_ctr_crypt16(cipher, f, gcm_fill, ctx->ctr.b, length, dst, src); ctx->data_size += length; |