From: Dmitry Eremin-Solenikov <dbarysh...@gmail.com>
It makes little sense to have intermediate solution with GCM_TABLE_BITS
== 4. One either will use unoptimized case of GCM_TABLE_BITS == 0, or
will switch to fully optimized case (8) as memory usage difference is
quite low between 4 and 8. So drop GCM_TABLE_BITS == 4 support
Signed-off-by: Dmitry Eremin-Solenikov <dbarysh...@gmail.com>
---
gcm.c | 67 +++++++----------------------------------------------------
1 file changed, 8 insertions(+), 59 deletions(-)
diff --git a/gcm.c b/gcm.c
index cf615daf18bd..3a6f04a7671b 100644
--- a/gcm.c
+++ b/gcm.c
@@ -83,62 +83,7 @@ gcm_gf_mul (union nettle_block16 *x, const union
nettle_block16 *y)
}
memcpy (x->b, Z.b, sizeof(Z));
}
-#else /* GCM_TABLE_BITS != 0 */
-# if WORDS_BIGENDIAN
-# define W(left,right) (0x##left##right)
-# else
-# define W(left,right) (0x##right##left)
-# endif
-
-# if GCM_TABLE_BITS == 4
-static const uint16_t
-shift_table[0x10] = {
- W(00,00),W(1c,20),W(38,40),W(24,60),W(70,80),W(6c,a0),W(48,c0),W(54,e0),
- W(e1,00),W(fd,20),W(d9,40),W(c5,60),W(91,80),W(8d,a0),W(a9,c0),W(b5,e0),
-};
-
-static void
-gcm_gf_shift_4(union nettle_block16 *x)
-{
- uint64_t *u64 = x->u64;
- uint64_t reduce;
-
- /* Shift uses big-endian representation. */
-#if WORDS_BIGENDIAN
- reduce = shift_table[u64[1] & 0xf];
- u64[1] = (u64[1] >> 4) | ((u64[0] & 0xf) << 60);
- u64[0] = (u64[0] >> 4) ^ (reduce << 48);
-#else /* ! WORDS_BIGENDIAN */
-#define RSHIFT_WORD_4(x) \
- ((((x) & UINT64_C(0xf0f0f0f0f0f0f0f0)) >> 4) \
- | (((x) & UINT64_C(0x000f0f0f0f0f0f0f)) << 12))
- reduce = shift_table[(u64[1] >> 56) & 0xf];
- u64[1] = RSHIFT_WORD_4(u64[1]) | ((u64[0] >> 52) & 0xf0);
- u64[0] = RSHIFT_WORD_4(u64[0]) ^ reduce;
-# undef RSHIFT_WORD_4
-#endif /* ! WORDS_BIGENDIAN */
-}
-
-static void
-gcm_gf_mul (union nettle_block16 *x, const union nettle_block16 *table)
-{
- union nettle_block16 Z;
- unsigned i;
-
- memset(Z.b, 0, sizeof(Z));
-
- for (i = GCM_BLOCK_SIZE; i-- > 0;)
- {
- uint8_t b = x->b[i];
-
- gcm_gf_shift_4(&Z);
- block16_xor(&Z, &table[b & 0xf]);
- gcm_gf_shift_4(&Z);
- block16_xor(&Z, &table[b >> 4]);
- }
- memcpy (x->b, Z.b, sizeof(Z));
-}
# elif GCM_TABLE_BITS == 8
# if HAVE_NATIVE_gcm_hash8
@@ -147,6 +92,13 @@ void
_nettle_gcm_hash8 (const struct gcm_key *key, union nettle_block16 *x,
size_t length, const uint8_t *data);
# else /* !HAVE_NATIVE_gcm_hash8 */
+
+# if WORDS_BIGENDIAN
+# define W(left,right) (0x##left##right)
+# else
+# define W(left,right) (0x##right##left)
+# endif
+
static const uint16_t
shift_table[0x100] = {
W(00,00),W(01,c2),W(03,84),W(02,46),W(07,08),W(06,ca),W(04,8c),W(05,4e),
@@ -182,6 +134,7 @@ shift_table[0x100] = {
W(b5,e0),W(b4,22),W(b6,64),W(b7,a6),W(b2,e8),W(b3,2a),W(b1,6c),W(b0,ae),
W(bb,f0),W(ba,32),W(b8,74),W(b9,b6),W(bc,f8),W(bd,3a),W(bf,7c),W(be,be),
};
+#undef W
static void
gcm_gf_shift_8(union nettle_block16 *x)
@@ -221,10 +174,6 @@ gcm_gf_mul (union nettle_block16 *x, const union
nettle_block16 *table)
# error Unsupported table size.
# endif /* GCM_TABLE_BITS != 8 */
-#undef W
-
-#endif /* GCM_TABLE_BITS */
-
/* Increment the rightmost 32 bits. */
#define INC32(block) INCREMENT(4, (block.b) + GCM_BLOCK_SIZE - 4)
--
2.23.0.rc1
_______________________________________________
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
