INSTALL NEWS ChangeLog \
nettle.pc.in hogweed.pc.in \
$(des_headers) descore.README desdata.stamp \
- aes-internal.h camellia-internal.h cmac-internal.h serpent-internal.h \
+ aes-internal.h block-internal.h \
+ camellia-internal.h cmac-internal.h serpent-internal.h \
cast128_sboxes.h desinfo.h desCode.h \
ripemd160-internal.h sha2-internal.h \
memxor-internal.h nettle-internal.h nettle-write.h \
--- /dev/null
+/* block-internal.h
+
+ Internal implementations of nettle_blockZ-related functions.
+
+ Copyright (C) 2011 Katholieke Universiteit Leuven
+ Copyright (C) 2011, 2013, 2018 Niels Möller
+ Copyright (C) 2018 Red Hat, Inc.
+ Copyright (C) 2019 Dmitry Eremin-Solenikov
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#ifndef NETTLE_BLOCK_INTERNAL_H_INCLUDED
+#define NETTLE_BLOCK_INTERNAL_H_INCLUDED
+
+#include <assert.h>
+
+#include "nettle-types.h"
+#include "memxor.h"
+
+static inline void
+block16_xor (union nettle_block16 *r,
+ const union nettle_block16 *x)
+{
+ r->u64[0] ^= x->u64[0];
+ r->u64[1] ^= x->u64[1];
+}
+
+static inline void
+block16_xor3 (union nettle_block16 *r,
+ const union nettle_block16 *x,
+ const union nettle_block16 *y)
+{
+ r->u64[0] = x->u64[0] ^ y->u64[0];
+ r->u64[1] = x->u64[1] ^ y->u64[1];
+}
+
+static inline void
+block16_xor_bytes (union nettle_block16 *r,
+ const union nettle_block16 *x,
+ const uint8_t *bytes)
+{
+ memxor3 (r->b, x->b, bytes, 16);
+}
+
+static inline void
+block8_xor (union nettle_block8 *r,
+ const union nettle_block8 *x)
+{
+ r->u64 ^= x->u64;
+}
+
+static inline void
+block8_xor3 (union nettle_block8 *r,
+ const union nettle_block8 *x,
+ const union nettle_block8 *y)
+{
+ r->u64 = x->u64 ^ y->u64;
+}
+
+static inline void
+block8_xor_bytes (union nettle_block8 *r,
+ const union nettle_block8 *x,
+ const uint8_t *bytes)
+{
+ memxor3 (r->b, x->b, bytes, 8);
+}
+
+#endif /* NETTLE_BLOCK_INTERNAL_H_INCLUDED */
#include "memxor.h"
#include "nettle-internal.h"
#include "cmac-internal.h"
+#include "block-internal.h"
#include "macros.h"
/* shift one and XOR with 0x87. */
/*
* now checksum everything but the last block
*/
- memxor3(Y.b, ctx->X.b, ctx->block.b, 16);
+ block16_xor3(&Y, &ctx->X, &ctx->block);
encrypt(cipher, 16, ctx->X.b, Y.b);
while (msg_len > 16)
{
- memxor3(Y.b, ctx->X.b, msg, 16);
+ block16_xor_bytes (&Y, &ctx->X, msg);
encrypt(cipher, 16, ctx->X.b, Y.b);
msg += 16;
msg_len -= 16;
ctx->block.b[ctx->index] = 0x80;
memset(ctx->block.b + ctx->index + 1, 0, 16 - 1 - ctx->index);
- memxor(ctx->block.b, key->K2.b, 16);
+ block16_xor (&ctx->block, &key->K2);
}
else
{
- memxor(ctx->block.b, key->K1.b, 16);
+ block16_xor (&ctx->block, &key->K1);
}
- memxor3(Y.b, ctx->block.b, ctx->X.b, 16);
+ block16_xor3 (&Y, &ctx->block, &ctx->X);
assert(length <= 16);
if (length == 16)
#include "cmac.h"
-#include "memxor.h"
#include "nettle-internal.h"
+#include "block-internal.h"
#include "macros.h"
/* shift one and XOR with 0x87. */
/*
* now checksum everything but the last block
*/
- memxor3(Y.b, ctx->X.b, ctx->block.b, 8);
+ block8_xor3(&Y, &ctx->X, &ctx->block);
encrypt(cipher, 8, ctx->X.b, Y.b);
while (msg_len > 8)
{
- memxor3(Y.b, ctx->X.b, msg, 8);
+ block8_xor_bytes(&Y, &ctx->X, msg);
encrypt(cipher, 8, ctx->X.b, Y.b);
msg += 8;
msg_len -= 8;
if (ctx->index < 8)
{
ctx->block.b[ctx->index] = 0x80;
- memxor(ctx->block.b, key->K2.b, 8);
+ block8_xor(&ctx->block, &key->K2);
}
else
{
- memxor(ctx->block.b, key->K1.b, 8);
+ block8_xor(&ctx->block, &key->K1);
}
- memxor3(Y.b, ctx->block.b, ctx->X.b, 8);
+ block8_xor3(&Y, &ctx->block, &ctx->X);
assert(length <= 8);
if (length == 8)
#include "eax.h"
+#include "block-internal.h"
#include "ctr.h"
#include "memxor.h"
state->b[EAX_BLOCK_SIZE - 1] = t;
}
-/* Almost the same as gcm_gf_add */
-static void
-block16_xor (union nettle_block16 *dst, const union nettle_block16 *src)
-{
- dst->u64[0] ^= src->u64[0];
- dst->u64[1] ^= src->u64[1];
-}
-
static void
omac_update (union nettle_block16 *state, const struct eax_key *key,
const void *cipher, nettle_cipher_func *f,
#include "nettle-internal.h"
#include "macros.h"
#include "ctr-internal.h"
+#include "block-internal.h"
#define GHASH_POLYNOMIAL 0xE1UL
-static void
-gcm_gf_add (union nettle_block16 *r,
- const union nettle_block16 *x, const union nettle_block16 *y)
-{
- r->u64[0] = x->u64[0] ^ y->u64[0];
- r->u64[1] = x->u64[1] ^ y->u64[1];
-}
/* Multiplication by 010...0; a big-endian shift right. If the bit
shifted out is one, the defining polynomial is added to cancel it
out. r == x is allowed. */
for (j = 0; j < 8; j++, b <<= 1)
{
if (b & 0x80)
- gcm_gf_add(&Z, &Z, &V);
+ block16_xor(&Z, &V);
gcm_gf_shift(&V, &V);
}
uint8_t b = x->b[i];
gcm_gf_shift_4(&Z);
- gcm_gf_add(&Z, &Z, &table[b & 0xf]);
+ block16_xor(&Z, &table[b & 0xf]);
gcm_gf_shift_4(&Z);
- gcm_gf_add(&Z, &Z, &table[b >> 4]);
+ block16_xor(&Z, &table[b >> 4]);
}
memcpy (x->b, Z.b, sizeof(Z));
}
for (i = GCM_BLOCK_SIZE-2; i > 0; i--)
{
gcm_gf_shift_8(&Z);
- gcm_gf_add(&Z, &Z, &table[x->b[i]]);
+ block16_xor(&Z, &table[x->b[i]]);
}
gcm_gf_shift_8(&Z);
- gcm_gf_add(x, &Z, &table[x->b[0]]);
+ block16_xor3(x, &Z, &table[x->b[0]]);
}
# endif /* ! HAVE_NATIVE_gcm_hash8 */
# else /* GCM_TABLE_BITS != 8 */
{
unsigned j;
for (j = 1; j < i; j++)
- gcm_gf_add(&key->h[i+j], &key->h[i],&key->h[j]);
+ block16_xor3(&key->h[i+j], &key->h[i],&key->h[j]);
}
#endif
}
#include "memops.h"
#include "cmac-internal.h"
#include "nettle-internal.h"
+#include "block-internal.h"
/* This is an implementation of S2V for the AEAD case where
* vectors if zero, are considered as S empty components */
_cmac128_block_mulx (&D, &D);
cmac128_update (&cmac_ctx, cmac_cipher, nc->encrypt, alength, adata);
cmac128_digest (&cmac_ctx, cmac_key, cmac_cipher, nc->encrypt, 16, S.b);
- memxor (D.b, S.b, 16);
+ block16_xor (&D, &S);
_cmac128_block_mulx (&D, &D);
cmac128_update (&cmac_ctx, cmac_cipher, nc->encrypt, nlength, nonce);
cmac128_digest (&cmac_ctx, cmac_key, cmac_cipher, nc->encrypt, 16, S.b);
- memxor (D.b, S.b, 16);
+ block16_xor (&D, &S);
/* Sn */
if (plength >= 16)
pdata += plength - 16;
- memxor3 (T.b, pdata, D.b, 16);
+ block16_xor_bytes (&T, &D, pdata);
}
else
{
if (plength + 1 < 16)
memset (&pad.b[plength + 1], 0, 16 - plength - 1);
- memxor (T.b, pad.b, 16);
+ block16_xor (&T, &pad);
}
cmac128_update (&cmac_ctx, cmac_cipher, nc->encrypt, 16, T.b);
git.samba.org / gd / nettle / commitdiff