ppc: Enable gcm code in fat builds. Based on patch by Mamone Tarsha.

author: Niels Möller <nisse@lysator.liu.se> 2020-11-26 20:07:07 +0100
committer: Niels Möller <nisse@lysator.liu.se> 2020-11-26 20:07:07 +0100
commit: 90c34ebe3ee812ecaee46980597e37b6136ba9e2 (patch)
tree: f0086d6852c57d2980475007fabe6074367e0fe3 /gcm.c
parent: 31bbf5342d49aec42c952c2aa2e3054f9b614f60 (diff)
download: nettle-90c34ebe3ee812ecaee46980597e37b6136ba9e2.tar.gz
1 files changed, 51 insertions, 45 deletions
diff --git a/gcm.c b/gcm.c
index f0290b70..4770e414 100644
--- a/gcm.c
+++ b/gcm.c
@@ -49,13 +49,24 @@
 
 #include "gcm.h"
 
+#include "gcm-internal.h"
 #include "memxor.h"
 #include "nettle-internal.h"
 #include "macros.h"
 #include "ctr-internal.h"
 #include "block-internal.h"
 
-#if GCM_TABLE_BITS == 0
+#if GCM_TABLE_BITS != 8
+/* The native implementations (currently ppc64 only) depend on the
+   GCM_TABLE_BITS == 8 layout */
+#undef HAVE_NATIVE_gcm_hash
+#undef HAVE_NATIVE_gcm_init_key
+#undef HAVE_NATIVE_fat_gcm_hash
+#undef HAVE_NATIVE_fat_gcm_init_key
+#endif
+
+#if !HAVE_NATIVE_gcm_hash
+# if GCM_TABLE_BITS == 0
 /* Sets x <- x * y mod r, using the plain bitwise algorithm from the
    specification. y may be shorter than a full block, missing bytes
    are assumed zero. */
@@ -83,15 +94,15 @@ gcm_gf_mul (union nettle_block16 *x, const union nettle_block16 *y)
     }
   memcpy (x->b, Z.b, sizeof(Z));
 }
-#else /* GCM_TABLE_BITS != 0 */
+# else /* GCM_TABLE_BITS != 0 */
 
-# if WORDS_BIGENDIAN
-#  define W(left,right) (0x##left##right)
-# else
-#  define W(left,right) (0x##right##left)
-# endif
+#  if WORDS_BIGENDIAN
+#   define W(left,right) (0x##left##right)
+#  else
+#   define W(left,right) (0x##right##left)
+#  endif
 
-# if GCM_TABLE_BITS == 4
+#  if GCM_TABLE_BITS == 4
 static const uint16_t
 shift_table[0x10] = {
   W(00,00),W(1c,20),W(38,40),W(24,60),W(70,80),W(6c,a0),W(48,c0),W(54,e0),
@@ -110,7 +121,7 @@ gcm_gf_shift_4(union nettle_block16 *x)
   u64[1] = (u64[1] >> 4) | ((u64[0] & 0xf) << 60);
   u64[0] = (u64[0] >> 4) ^ (reduce << 48);
 #else /* ! WORDS_BIGENDIAN */
-#define RSHIFT_WORD_4(x) \
+# define RSHIFT_WORD_4(x) \
   ((((x) & UINT64_C(0xf0f0f0f0f0f0f0f0)) >> 4) \
    | (((x) & UINT64_C(0x000f0f0f0f0f0f0f)) << 12))
   reduce = shift_table[(u64[1] >> 56) & 0xf];
@@ -139,20 +150,7 @@ gcm_gf_mul (union nettle_block16 *x, const union nettle_block16 *table)
     }
   memcpy (x->b, Z.b, sizeof(Z));
 }
-# elif GCM_TABLE_BITS == 8
-#  if HAVE_NATIVE_gcm_init_key
-#   define gcm_init_key _nettle_gcm_init_key
-void
-_nettle_gcm_init_key (union nettle_block16 *table);
-#  endif /* HAVE_NATIVE_gcm_init_key */
-
-#  if HAVE_NATIVE_gcm_hash
-#   define gcm_hash _nettle_gcm_hash
-void
-_nettle_gcm_hash (const struct gcm_key *key, union nettle_block16 *x,
-		   size_t length, const uint8_t *data);
-#  else /* !HAVE_NATIVE_gcm_hash */
-
+#  elif GCM_TABLE_BITS == 8
 #   if HAVE_NATIVE_gcm_hash8
 
 #define gcm_hash _nettle_gcm_hash8
@@ -230,21 +228,25 @@ gcm_gf_mul (union nettle_block16 *x, const union nettle_block16 *table)
   block16_xor3(x, &Z, &table[x->b[0]]);
 }
 #   endif /* ! HAVE_NATIVE_gcm_hash8 */
-#  endif /* !HAVE_NATIVE_gcm_hash */
-# else /* GCM_TABLE_BITS != 8 */
-#  error Unsupported table size. 
-# endif /* GCM_TABLE_BITS != 8 */
+#  else /* GCM_TABLE_BITS != 8 */
+#   error Unsupported table size.
+#  endif /* GCM_TABLE_BITS != 8 */
 
-#undef W
+#  undef W
+# endif /* GCM_TABLE_BITS != 0 */
+#endif /* !HAVE_NATIVE_gcm_hash */
 
-#endif /* GCM_TABLE_BITS */
 
 /* Increment the rightmost 32 bits. */
 #define INC32(block) INCREMENT(4, (block.b) + GCM_BLOCK_SIZE - 4)
 
-#ifndef gcm_init_key
-static void
-gcm_init_key(union nettle_block16 *table)
+#if !HAVE_NATIVE_gcm_init_key
+# if !HAVE_NATIVE_fat_gcm_hash
+#  define _nettle_gcm_init_key _nettle_gcm_init_key_c
+static
+# endif
+void
+_nettle_gcm_init_key_c(union nettle_block16 *table)
 {
 #if GCM_TABLE_BITS
   /* Middle element if GCM_TABLE_BITS > 0, otherwise the first
@@ -263,7 +265,7 @@ gcm_init_key(union nettle_block16 *table)
     }
 #endif
 }
-#endif /* !gcm_init_key */
+#endif /* !HAVE_NATIVE_gcm_init_key */
 
 /* Initialization of GCM.
  * @ctx: The context of GCM
@@ -281,14 +283,18 @@ gcm_set_key(struct gcm_key *key,
   /* H */  
   memset(key->h[0].b, 0, GCM_BLOCK_SIZE);
   f (cipher, GCM_BLOCK_SIZE, key->h[i].b, key->h[0].b);
-  
-  gcm_init_key(key->h);
+
+  _nettle_gcm_init_key(key->h);
 }
 
-#ifndef gcm_hash
-static void
-gcm_hash(const struct gcm_key *key, union nettle_block16 *x,
-	 size_t length, const uint8_t *data)
+#if !(HAVE_NATIVE_gcm_hash || HAVE_NATIVE_gcm_hash8)
+# if !HAVE_NATIVE_fat_gcm_hash
+#  define _nettle_gcm_hash _nettle_gcm_hash_c
+static
+# endif
+void
+_nettle_gcm_hash_c(const struct gcm_key *key, union nettle_block16 *x,
+		   size_t length, const uint8_t *data)
 {
   for (; length >= GCM_BLOCK_SIZE;
        length -= GCM_BLOCK_SIZE, data += GCM_BLOCK_SIZE)
@@ -302,7 +308,7 @@ gcm_hash(const struct gcm_key *key, union nettle_block16 *x,
       gcm_gf_mul (x, key->h);
     }
 }
-#endif /* !gcm_hash */
+#endif /* !(HAVE_NATIVE_gcm_hash || HAVE_NATIVE_gcm_hash8) */
 
 static void
 gcm_hash_sizes(const struct gcm_key *key, union nettle_block16 *x,
@@ -316,7 +322,7 @@ gcm_hash_sizes(const struct gcm_key *key, union nettle_block16 *x,
   WRITE_UINT64 (buffer, auth_size);
   WRITE_UINT64 (buffer + 8, data_size);
 
-  gcm_hash(key, x, GCM_BLOCK_SIZE, buffer);
+  _nettle_gcm_hash(key, x, GCM_BLOCK_SIZE, buffer);
 }
 
 /* NOTE: The key is needed only if length != GCM_IV_SIZE */
@@ -335,7 +341,7 @@ gcm_set_iv(struct gcm_ctx *ctx, const struct gcm_key *key,
   else
     {
       memset(ctx->iv.b, 0, GCM_BLOCK_SIZE);
-      gcm_hash(key, &ctx->iv, length, iv);
+      _nettle_gcm_hash(key, &ctx->iv, length, iv);
       gcm_hash_sizes(key, &ctx->iv, 0, length);
     }
 
@@ -354,7 +360,7 @@ gcm_update(struct gcm_ctx *ctx, const struct gcm_key *key,
   assert(ctx->auth_size % GCM_BLOCK_SIZE == 0);
   assert(ctx->data_size == 0);
 
-  gcm_hash(key, &ctx->x, length, data);
+  _nettle_gcm_hash(key, &ctx->x, length, data);
 
   ctx->auth_size += length;
 }
@@ -425,7 +431,7 @@ gcm_encrypt (struct gcm_ctx *ctx, const struct gcm_key *key,
   assert(ctx->data_size % GCM_BLOCK_SIZE == 0);
 
   _ctr_crypt16(cipher, f, gcm_fill, ctx->ctr.b, length, dst, src);
-  gcm_hash(key, &ctx->x, length, dst);
+  _nettle_gcm_hash(key, &ctx->x, length, dst);
 
   ctx->data_size += length;
 }
@@ -437,7 +443,7 @@ gcm_decrypt(struct gcm_ctx *ctx, const struct gcm_key *key,
 {
   assert(ctx->data_size % GCM_BLOCK_SIZE == 0);
 
-  gcm_hash(key, &ctx->x, length, src);
+  _nettle_gcm_hash(key, &ctx->x, length, src);
   _ctr_crypt16(cipher, f, gcm_fill, ctx->ctr.b, length, dst, src);
 
   ctx->data_size += length;
author	Niels Möller <nisse@lysator.liu.se>	2020-11-26 20:07:07 +0100
committer	Niels Möller <nisse@lysator.liu.se>	2020-11-26 20:07:07 +0100
commit	90c34ebe3ee812ecaee46980597e37b6136ba9e2 (patch)
tree	f0086d6852c57d2980475007fabe6074367e0fe3 /gcm.c
parent	31bbf5342d49aec42c952c2aa2e3054f9b614f60 (diff)
download	nettle-90c34ebe3ee812ecaee46980597e37b6136ba9e2.tar.gz