From: Dmitry Eremin-Solenikov <dbarysh...@gmail.com>
Move Galois polynomial shifts to block-internal.h, simplifying common
code. GCM is left unconverted for now, this will be fixed later.
Signed-off-by: Dmitry Eremin-Solenikov <dbarysh...@gmail.com>
---
Makefile.in | 2 +-
block-internal.h | 76 +++++++++++++++++++++++++++++++++++++++++++++++
cmac-internal.h | 54 ---------------------------------
cmac.c | 20 ++-----------
cmac64.c | 21 ++-----------
eax.c | 18 ++---------
gcm.c | 4 ---
siv-cmac-aes128.c | 1 -
siv-cmac-aes256.c | 1 -
siv-cmac.c | 9 +++++-
xts.c | 18 ++---------
11 files changed, 94 insertions(+), 130 deletions(-)
delete mode 100644 cmac-internal.h
diff --git a/Makefile.in b/Makefile.in
index f6658c86341c..ae9c8a7563f9 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -231,7 +231,7 @@ DISTFILES = $(SOURCES) $(HEADERS) getopt.h getopt_int.h \
nettle.pc.in hogweed.pc.in \
$(des_headers) descore.README desdata.stamp \
aes-internal.h block-internal.h \
- camellia-internal.h cmac-internal.h serpent-internal.h \
+ camellia-internal.h serpent-internal.h \
cast128_sboxes.h desinfo.h desCode.h \
ripemd160-internal.h sha2-internal.h \
memxor-internal.h nettle-internal.h nettle-write.h \
diff --git a/block-internal.h b/block-internal.h
index 84839c872f63..8cc30f6f5a02 100644
--- a/block-internal.h
+++ b/block-internal.h
@@ -90,4 +90,80 @@ block8_xor_bytes (union nettle_block8 *r,
memxor3 (r->b, x->b, bytes, 8);
}
+#define LSHIFT_WORD(x) ((((x) & 0x7f7f7f7f7f7f7f7f) << 1) | \
+ (((x) & 0x8080808080808080) >> 15))
+#define RSHIFT_WORD(x) ((((x) & 0xfefefefefefefefe) >> 1) | \
+ (((x) & 0x0001010101010101) << 15))
+
+/* Galois multiplications by 2:
+ * functions differ in shifting right or left, big- or little- endianness
+ * and by defininy polynom.
+ * r == x is allowed. */
+
+#if WORDS_BIGENDIAN
+static inline void
+block16_lshift_be (union nettle_block16 *dst,
+ const union nettle_block16 *src,
+ uint64_t poly)
+{
+ uint64_t carry = src->u64[0] >> 63;
+ dst->u64[0] = (src->u64[0] << 1) | (src->u64[1] >> 63);
+ dst->u64[1] = (src->u64[1] << 1) ^ (poly & -carry);
+}
+#else /* !WORDS_BIGENDIAN */
+static inline void
+block16_lshift_be (union nettle_block16 *dst,
+ const union nettle_block16 *src,
+ uint64_t poly)
+{
+ uint64_t carry = (src->u64[0] & 0x80) >> 7;
+ dst->u64[0] = LSHIFT_WORD(src->u64[0]) | ((src->u64[1] & 0x80) << 49);
+ dst->u64[1] = LSHIFT_WORD(src->u64[1]) ^ ((poly << 56) & -carry);
+}
+#endif /* !WORDS_BIGENDIAN */
+
+#if WORDS_BIGENDIAN
+static inline void
+block16_lshift_le (union nettle_block16 *dst,
+ const union nettle_block16 *src,
+ uint64_t poly)
+{
+ uint64_t carry = (src->u64[1] & 0x80) >> 7;
+ dst->u64[1] = LSHIFT_WORD(src->u64[1]) | ((src->u64[0] & 0x80) << 49);
+ dst->u64[0] = LSHIFT_WORD(src->u64[0]) ^ ((poly << 56) & -carry);
+}
+#else /* !WORDS_BIGENDIAN */
+static inline void
+block16_lshift_le (union nettle_block16 *dst,
+ const union nettle_block16 *src,
+ uint64_t poly)
+{
+ uint64_t carry = src->u64[1] >> 63;
+ dst->u64[1] = (src->u64[1] << 1) | (src->u64[0] >> 63);
+ dst->u64[0] = (src->u64[0] << 1) ^ (poly & -carry);
+}
+#endif /* !WORDS_BIGNDIAN */
+
+#if WORDS_BIGENDIAN
+static inline void
+block8_lshift_be (union nettle_block8 *dst,
+ const union nettle_block8 *src,
+ uint64_t poly)
+{
+ uint64_t carry = src->u64 >> 63;
+
+ dst->u64 = (src->u64 << 1) ^ (poly & -carry);
+}
+#else /* !WORDS_BIGENDIAN */
+static inline void
+block8_lshift_be (union nettle_block8 *dst,
+ const union nettle_block8 *src,
+ uint64_t poly)
+{
+ uint64_t carry = (src->u64 & 0x80) >> 7;
+
+ dst->u64 = LSHIFT_WORD(src->u64) ^ ((poly << 56) & -carry);
+}
+#endif /* !WORDS_BIGENDIAN */
+
#endif /* NETTLE_BLOCK_INTERNAL_H_INCLUDED */
diff --git a/cmac-internal.h b/cmac-internal.h
deleted file mode 100644
index 80db7fcc58cd..000000000000
--- a/cmac-internal.h
+++ /dev/null
@@ -1,54 +0,0 @@
-/* cmac-internal.h
-
- CMAC mode internal functions
-
- Copyright (C) 2017 Red Hat, Inc.
-
- Contributed by Nikos Mavrogiannopoulos
-
- This file is part of GNU Nettle.
-
- GNU Nettle is free software: you can redistribute it and/or
- modify it under the terms of either:
-
- * the GNU Lesser General Public License as published by the Free
- Software Foundation; either version 3 of the License, or (at your
- option) any later version.
-
- or
-
- * the GNU General Public License as published by the Free
- Software Foundation; either version 2 of the License, or (at your
- option) any later version.
-
- or both in parallel, as here.
-
- GNU Nettle is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
-
- You should have received copies of the GNU General Public License and
- the GNU Lesser General Public License along with this program. If
- not, see http://www.gnu.org/licenses/.
-*/
-
-#ifndef NETTLE_CMAC_INTERNAL_H_INCLUDED
-#define NETTLE_CMAC_INTERNAL_H_INCLUDED
-
-#include "cmac.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define _cmac128_block_mulx _nettle_cmac128_block_mulx
-
-void _cmac128_block_mulx(union nettle_block16 *out,
- const union nettle_block16 *in);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* CMAC_INTERNAL_H_INCLUDED */
diff --git a/cmac.c b/cmac.c
index 194324421c58..9b745daaaf1b 100644
--- a/cmac.c
+++ b/cmac.c
@@ -44,32 +44,16 @@
#include "memxor.h"
#include "nettle-internal.h"
-#include "cmac-internal.h"
#include "block-internal.h"
#include "macros.h"
/* shift one and XOR with 0x87. */
-#if WORDS_BIGENDIAN
-void
-_cmac128_block_mulx(union nettle_block16 *dst,
- const union nettle_block16 *src)
-{
- uint64_t carry = src->u64[0] >> 63;
- dst->u64[0] = (src->u64[0] << 1) | (src->u64[1] >> 63);
- dst->u64[1] = (src->u64[1] << 1) ^ (0x87 & -carry);
-}
-#else /* !WORDS_BIGENDIAN */
-#define LE_SHIFT(x) ((((x) & 0x7f7f7f7f7f7f7f7f) << 1) | \
- (((x) & 0x8080808080808080) >> 15))
-void
+static inline void
_cmac128_block_mulx(union nettle_block16 *dst,
const union nettle_block16 *src)
{
- uint64_t carry = (src->u64[0] & 0x80) >> 7;
- dst->u64[0] = LE_SHIFT(src->u64[0]) | ((src->u64[1] & 0x80) << 49);
- dst->u64[1] = LE_SHIFT(src->u64[1]) ^ (0x8700000000000000 & -carry);
+ block16_lshift_be(dst, src, 0x87);
}
-#endif /* !WORDS_BIGENDIAN */
void
cmac128_set_key(struct cmac128_key *key, const void *cipher,
diff --git a/cmac64.c b/cmac64.c
index e7bb438580d6..c423a804145e 100644
--- a/cmac64.c
+++ b/cmac64.c
@@ -47,28 +47,13 @@
#include "block-internal.h"
#include "macros.h"
-/* shift one and XOR with 0x87. */
-#if WORDS_BIGENDIAN
-static void
+/* shift one and XOR with 0x1b. */
+static inline void
_cmac64_block_mulx(union nettle_block8 *dst,
const union nettle_block8 *src)
{
- uint64_t carry = src->u64 >> 63;
-
- dst->u64 = (src->u64 << 1) ^ (0x1b & -carry);
-}
-#else /* !WORDS_BIGENDIAN */
-#define LE_SHIFT(x) ((((x) & 0x7f7f7f7f7f7f7f7f) << 1) | \
- (((x) & 0x8080808080808080) >> 15))
-static void
-_cmac64_block_mulx(union nettle_block8 *dst,
- const union nettle_block8 *src)
-{
- uint64_t carry = (src->u64 & 0x80) >> 7;
-
- dst->u64 = LE_SHIFT(src->u64) ^ (0x1b00000000000000 & -carry);
+ block8_lshift_be(dst, src, 0x1b);
}
-#endif /* !WORDS_BIGENDIAN */
void
cmac64_set_key(struct cmac64_key *key, const void *cipher,
diff --git a/eax.c b/eax.c
index 63f3ff82fe65..24f5b4f592fe 100644
--- a/eax.c
+++ b/eax.c
@@ -82,27 +82,13 @@ omac_final (union nettle_block16 *state, const struct
eax_key *key,
f (cipher, EAX_BLOCK_SIZE, state->b, state->b);
}
-/* Allows r == a */
-static void
-gf2_double (uint8_t *r, const uint8_t *a)
-{
- unsigned high = - (a[0] >> 7);
- unsigned i;
- /* Shift left */
- for (i = 0; i < EAX_BLOCK_SIZE - 1; i++)
- r[i] = (a[i] << 1) + (a[i+1] >> 7);
-
- /* Wrap around for x^{128} = x^7 + x^2 + x + 1 */
- r[EAX_BLOCK_SIZE - 1] = (a[EAX_BLOCK_SIZE - 1] << 1) ^ (high & 0x87);
-}
-
void
eax_set_key (struct eax_key *key, const void *cipher, nettle_cipher_func *f)
{
static const union nettle_block16 zero_block;
f (cipher, EAX_BLOCK_SIZE, key->pad_block.b, zero_block.b);
- gf2_double (key->pad_block.b, key->pad_block.b);
- gf2_double (key->pad_partial.b, key->pad_block.b);
+ block16_lshift_be (&key->pad_block, &key->pad_block, 0x87);
+ block16_lshift_be (&key->pad_partial, &key->pad_block, 0x87);
block16_xor (&key->pad_partial, &key->pad_block);
}
diff --git a/gcm.c b/gcm.c
index c550c5d810ef..17c889e67553 100644
--- a/gcm.c
+++ b/gcm.c
@@ -71,13 +71,9 @@ gcm_gf_shift (union nettle_block16 *r, const union
nettle_block16 *x)
r->u64[1] = (x->u64[1] >> 1) | ((x->u64[0] & 1) << 63);
r->u64[0] = (x->u64[0] >> 1) ^ (mask & ((uint64_t) GHASH_POLYNOMIAL << 56));
#else /* ! WORDS_BIGENDIAN */
-#define RSHIFT_WORD(x) \
- ((((x) & 0xfefefefefefefefeUL) >> 1) \
- | (((x) & 0x0001010101010101UL) << 15))
mask = - ((x->u64[1] >> 56) & 1);
r->u64[1] = RSHIFT_WORD(x->u64[1]) | ((x->u64[0] >> 49) & 0x80);
r->u64[0] = RSHIFT_WORD(x->u64[0]) ^ (mask & GHASH_POLYNOMIAL);
-# undef RSHIFT_WORD
#endif /* ! WORDS_BIGENDIAN */
}
diff --git a/siv-cmac-aes128.c b/siv-cmac-aes128.c
index 82ac16e91992..fd2e23a4513e 100644
--- a/siv-cmac-aes128.c
+++ b/siv-cmac-aes128.c
@@ -44,7 +44,6 @@
#include "ctr.h"
#include "memxor.h"
#include "memops.h"
-#include "cmac-internal.h"
void
siv_cmac_aes128_set_key(struct siv_cmac_aes128_ctx *ctx, const uint8_t *key)
diff --git a/siv-cmac-aes256.c b/siv-cmac-aes256.c
index 9401bbf119c5..eda7f1c27a55 100644
--- a/siv-cmac-aes256.c
+++ b/siv-cmac-aes256.c
@@ -44,7 +44,6 @@
#include "ctr.h"
#include "memxor.h"
#include "memops.h"
-#include "cmac-internal.h"
void
siv_cmac_aes256_set_key(struct siv_cmac_aes256_ctx *ctx, const uint8_t *key)
diff --git a/siv-cmac.c b/siv-cmac.c
index 42f740cddf5d..c0c8fff900dd 100644
--- a/siv-cmac.c
+++ b/siv-cmac.c
@@ -44,10 +44,17 @@
#include "ctr.h"
#include "memxor.h"
#include "memops.h"
-#include "cmac-internal.h"
#include "nettle-internal.h"
#include "block-internal.h"
+/* shift one and XOR with 0x87. */
+static inline void
+_cmac128_block_mulx(union nettle_block16 *dst,
+ const union nettle_block16 *src)
+{
+ block16_lshift_be(dst, src, 0x87);
+}
+
/* This is an implementation of S2V for the AEAD case where
* vectors if zero, are considered as S empty components */
static void
diff --git a/xts.c b/xts.c
index 6730b3ad76ff..8f565751cac1 100644
--- a/xts.c
+++ b/xts.c
@@ -44,31 +44,17 @@
#include "macros.h"
#include "memxor.h"
#include "nettle-internal.h"
+#include "block-internal.h"
/* shift left one and XOR with 0x87 if there is carry. */
/* the algorithm reads this as a 128bit Little Endian number */
/* src and dest can point to the same buffer for in-place operations */
-#if WORDS_BIGENDIAN
-#define BE_SHIFT(x) ((((x) & 0x7f7f7f7f7f7f7f7f) << 1) | \
- (((x) & 0x8080808080808080) >> 15))
static void
xts_shift(union nettle_block16 *dst,
const union nettle_block16 *src)
{
- uint64_t carry = (src->u64[1] & 0x80) >> 7;
- dst->u64[1] = BE_SHIFT(src->u64[1]) | ((src->u64[0] & 0x80) << 49);
- dst->u64[0] = BE_SHIFT(src->u64[0]) ^ (0x8700000000000000 & -carry);
+ block16_lshift_le(dst, src, 0x87);
}
-#else /* !WORDS_BIGENDIAN */
-static void
-xts_shift(union nettle_block16 *dst,
- const union nettle_block16 *src)
-{
- uint64_t carry = src->u64[1] >> 63;
- dst->u64[1] = (src->u64[1] << 1) | (src->u64[0] >> 63);
- dst->u64[0] = (src->u64[0] << 1) ^ (0x87 & -carry);
-}
-#endif /* !WORDS_BIGNDIAN */
static void
check_length(size_t length, uint8_t *dst)
--
2.23.0.rc1
_______________________________________________
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
