/src/nettle/block-internal.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* block-internal.h |
2 | | |
3 | | Internal implementations of nettle_blockZ-related functions. |
4 | | |
5 | | Copyright (C) 2011 Katholieke Universiteit Leuven |
6 | | Copyright (C) 2011, 2013, 2018 Niels Möller |
7 | | Copyright (C) 2018 Red Hat, Inc. |
8 | | Copyright (C) 2019 Dmitry Eremin-Solenikov |
9 | | |
10 | | This file is part of GNU Nettle. |
11 | | |
12 | | GNU Nettle is free software: you can redistribute it and/or |
13 | | modify it under the terms of either: |
14 | | |
15 | | * the GNU Lesser General Public License as published by the Free |
16 | | Software Foundation; either version 3 of the License, or (at your |
17 | | option) any later version. |
18 | | |
19 | | or |
20 | | |
21 | | * the GNU General Public License as published by the Free |
22 | | Software Foundation; either version 2 of the License, or (at your |
23 | | option) any later version. |
24 | | |
25 | | or both in parallel, as here. |
26 | | |
27 | | GNU Nettle is distributed in the hope that it will be useful, |
28 | | but WITHOUT ANY WARRANTY; without even the implied warranty of |
29 | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
30 | | General Public License for more details. |
31 | | |
32 | | You should have received copies of the GNU General Public License and |
33 | | the GNU Lesser General Public License along with this program. If |
34 | | not, see http://www.gnu.org/licenses/. |
35 | | */ |
36 | | |
37 | | #ifndef NETTLE_BLOCK_INTERNAL_H_INCLUDED |
38 | | #define NETTLE_BLOCK_INTERNAL_H_INCLUDED |
39 | | |
40 | | #include <assert.h> |
41 | | |
42 | | #include "nettle-types.h" |
43 | | #include "bswap-internal.h" |
44 | | #include "memxor.h" |
45 | | |
46 | | static inline void |
47 | | block16_zero (union nettle_block16 *r) |
48 | 0 | { |
49 | 0 | static const union nettle_block16 zero_block; |
50 | 0 | *r = zero_block; |
51 | 0 | } Unexecuted instantiation: gcm.c:block16_zero Unexecuted instantiation: cmac.c:block16_zero Unexecuted instantiation: cmac64.c:block16_zero Unexecuted instantiation: siv-cmac.c:block16_zero Unexecuted instantiation: ghash-set-key.c:block16_zero Unexecuted instantiation: xts.c:block16_zero |
52 | | |
53 | | static inline void |
54 | | block16_set (union nettle_block16 *r, |
55 | | const union nettle_block16 *x) |
56 | 0 | { |
57 | 0 | r->u64[0] = x->u64[0]; |
58 | 0 | r->u64[1] = x->u64[1]; |
59 | 0 | } Unexecuted instantiation: gcm.c:block16_set Unexecuted instantiation: cmac.c:block16_set Unexecuted instantiation: cmac64.c:block16_set Unexecuted instantiation: siv-cmac.c:block16_set Unexecuted instantiation: ghash-set-key.c:block16_set Unexecuted instantiation: xts.c:block16_set |
60 | | |
61 | | static inline void |
62 | | block16_xor (union nettle_block16 *r, |
63 | | const union nettle_block16 *x) |
64 | 0 | { |
65 | 0 | r->u64[0] ^= x->u64[0]; |
66 | 0 | r->u64[1] ^= x->u64[1]; |
67 | 0 | } Unexecuted instantiation: gcm.c:block16_xor Unexecuted instantiation: cmac.c:block16_xor Unexecuted instantiation: cmac64.c:block16_xor Unexecuted instantiation: siv-cmac.c:block16_xor Unexecuted instantiation: ghash-set-key.c:block16_xor Unexecuted instantiation: xts.c:block16_xor |
68 | | |
69 | | static inline void |
70 | | block16_xor3 (union nettle_block16 *r, |
71 | | const union nettle_block16 *x, |
72 | | const union nettle_block16 *y) |
73 | 0 | { |
74 | 0 | r->u64[0] = x->u64[0] ^ y->u64[0]; |
75 | 0 | r->u64[1] = x->u64[1] ^ y->u64[1]; |
76 | 0 | } Unexecuted instantiation: gcm.c:block16_xor3 Unexecuted instantiation: cmac.c:block16_xor3 Unexecuted instantiation: cmac64.c:block16_xor3 Unexecuted instantiation: siv-cmac.c:block16_xor3 Unexecuted instantiation: ghash-set-key.c:block16_xor3 Unexecuted instantiation: xts.c:block16_xor3 |
77 | | |
78 | | static inline void |
79 | | block16_xor_bytes (union nettle_block16 *r, |
80 | | const union nettle_block16 *x, |
81 | | const uint8_t *bytes) |
82 | 0 | { |
83 | 0 | memxor3 (r->b, x->b, bytes, 16); |
84 | 0 | } Unexecuted instantiation: gcm.c:block16_xor_bytes Unexecuted instantiation: cmac.c:block16_xor_bytes Unexecuted instantiation: cmac64.c:block16_xor_bytes Unexecuted instantiation: siv-cmac.c:block16_xor_bytes Unexecuted instantiation: ghash-set-key.c:block16_xor_bytes Unexecuted instantiation: xts.c:block16_xor_bytes |
85 | | |
86 | | static inline void |
87 | | block8_xor (union nettle_block8 *r, |
88 | | const union nettle_block8 *x) |
89 | 0 | { |
90 | 0 | r->u64 ^= x->u64; |
91 | 0 | } Unexecuted instantiation: gcm.c:block8_xor Unexecuted instantiation: cmac.c:block8_xor Unexecuted instantiation: cmac64.c:block8_xor Unexecuted instantiation: siv-cmac.c:block8_xor Unexecuted instantiation: ghash-set-key.c:block8_xor Unexecuted instantiation: xts.c:block8_xor |
92 | | |
93 | | static inline void |
94 | | block8_xor3 (union nettle_block8 *r, |
95 | | const union nettle_block8 *x, |
96 | | const union nettle_block8 *y) |
97 | 0 | { |
98 | 0 | r->u64 = x->u64 ^ y->u64; |
99 | 0 | } Unexecuted instantiation: gcm.c:block8_xor3 Unexecuted instantiation: cmac.c:block8_xor3 Unexecuted instantiation: cmac64.c:block8_xor3 Unexecuted instantiation: siv-cmac.c:block8_xor3 Unexecuted instantiation: ghash-set-key.c:block8_xor3 Unexecuted instantiation: xts.c:block8_xor3 |
100 | | |
101 | | static inline void |
102 | | block8_xor_bytes (union nettle_block8 *r, |
103 | | const union nettle_block8 *x, |
104 | | const uint8_t *bytes) |
105 | 0 | { |
106 | 0 | memxor3 (r->b, x->b, bytes, 8); |
107 | 0 | } Unexecuted instantiation: gcm.c:block8_xor_bytes Unexecuted instantiation: cmac.c:block8_xor_bytes Unexecuted instantiation: cmac64.c:block8_xor_bytes Unexecuted instantiation: siv-cmac.c:block8_xor_bytes Unexecuted instantiation: ghash-set-key.c:block8_xor_bytes Unexecuted instantiation: xts.c:block8_xor_bytes |
108 | | |
109 | | /* Do a foreign-endianness shift of data */ |
110 | | |
111 | | #define LSHIFT_ALIEN_UINT64(x) \ |
112 | 0 | ((((x) & UINT64_C(0x7f7f7f7f7f7f7f7f)) << 1) | \ |
113 | 0 | (((x) & UINT64_C(0x8080808080808080)) >> 15)) |
114 | | #define RSHIFT_ALIEN_UINT64(x) \ |
115 | 0 | ((((x) & UINT64_C(0xfefefefefefefefe)) >> 1) | \ |
116 | 0 | (((x) & UINT64_C(0x0001010101010101)) << 15)) |
117 | | |
118 | | /* Two typical defining polynoms */ |
119 | | |
120 | 0 | #define BLOCK16_POLY (UINT64_C(0x87)) |
121 | 0 | #define BLOCK8_POLY (UINT64_C(0x1b)) |
122 | 0 | #define GHASH_POLY (UINT64_C(0xE1)) |
123 | | |
124 | | /* Galois multiplications by 2: |
125 | | * functions differ in shifting right or left, big- or little- endianness |
126 | | * and by defining polynom. |
127 | | * r == x is allowed. */ |
128 | | |
129 | | #if WORDS_BIGENDIAN |
130 | | static inline void |
131 | | block16_mulx_be (union nettle_block16 *dst, |
132 | | const union nettle_block16 *src) |
133 | | { |
134 | | uint64_t carry = src->u64[0] >> 63; |
135 | | dst->u64[0] = (src->u64[0] << 1) | (src->u64[1] >> 63); |
136 | | dst->u64[1] = (src->u64[1] << 1) ^ (BLOCK16_POLY & -carry); |
137 | | } |
138 | | |
139 | | static inline void |
140 | | block16_mulx_le (union nettle_block16 *dst, |
141 | | const union nettle_block16 *src) |
142 | | { |
143 | | uint64_t carry = (src->u64[1] & 0x80) >> 7; |
144 | | dst->u64[1] = LSHIFT_ALIEN_UINT64(src->u64[1]) | ((src->u64[0] & 0x80) << 49); |
145 | | dst->u64[0] = LSHIFT_ALIEN_UINT64(src->u64[0]) ^ ((BLOCK16_POLY << 56) & -carry); |
146 | | } |
147 | | |
148 | | static inline void |
149 | | block8_mulx_be (union nettle_block8 *dst, |
150 | | const union nettle_block8 *src) |
151 | | { |
152 | | uint64_t carry = src->u64 >> 63; |
153 | | |
154 | | dst->u64 = (src->u64 << 1) ^ (BLOCK8_POLY & -carry); |
155 | | } |
156 | | |
157 | | static inline void |
158 | | block16_mulx_ghash (union nettle_block16 *r, |
159 | | const union nettle_block16 *x) |
160 | | { |
161 | | uint64_t mask; |
162 | | |
163 | | /* Shift uses big-endian representation. */ |
164 | | mask = - (x->u64[1] & 1); |
165 | | r->u64[1] = (x->u64[1] >> 1) | ((x->u64[0] & 1) << 63); |
166 | | r->u64[0] = (x->u64[0] >> 1) ^ (mask & (GHASH_POLY << 56)); |
167 | | } |
168 | | #else /* !WORDS_BIGENDIAN */ |
169 | | static inline void |
170 | | block16_mulx_be (union nettle_block16 *dst, |
171 | | const union nettle_block16 *src) |
172 | 0 | { |
173 | 0 | uint64_t carry = (src->u64[0] & 0x80) >> 7; |
174 | 0 | dst->u64[0] = LSHIFT_ALIEN_UINT64(src->u64[0]) | ((src->u64[1] & 0x80) << 49); |
175 | 0 | dst->u64[1] = LSHIFT_ALIEN_UINT64(src->u64[1]) ^ ((BLOCK16_POLY << 56) & -carry); |
176 | 0 | } Unexecuted instantiation: gcm.c:block16_mulx_be Unexecuted instantiation: cmac.c:block16_mulx_be Unexecuted instantiation: cmac64.c:block16_mulx_be Unexecuted instantiation: siv-cmac.c:block16_mulx_be Unexecuted instantiation: ghash-set-key.c:block16_mulx_be Unexecuted instantiation: xts.c:block16_mulx_be |
177 | | |
178 | | static inline void |
179 | | block16_mulx_le (union nettle_block16 *dst, |
180 | | const union nettle_block16 *src) |
181 | 0 | { |
182 | 0 | uint64_t carry = src->u64[1] >> 63; |
183 | 0 | dst->u64[1] = (src->u64[1] << 1) | (src->u64[0] >> 63); |
184 | 0 | dst->u64[0] = (src->u64[0] << 1) ^ (BLOCK16_POLY & -carry); |
185 | 0 | } Unexecuted instantiation: gcm.c:block16_mulx_le Unexecuted instantiation: cmac.c:block16_mulx_le Unexecuted instantiation: cmac64.c:block16_mulx_le Unexecuted instantiation: siv-cmac.c:block16_mulx_le Unexecuted instantiation: ghash-set-key.c:block16_mulx_le Unexecuted instantiation: xts.c:block16_mulx_le |
186 | | |
187 | | static inline void |
188 | | block8_mulx_be (union nettle_block8 *dst, |
189 | | const union nettle_block8 *src) |
190 | 0 | { |
191 | 0 | uint64_t carry = (src->u64 & 0x80) >> 7; |
192 | |
|
193 | 0 | dst->u64 = LSHIFT_ALIEN_UINT64(src->u64) ^ ((BLOCK8_POLY << 56) & -carry); |
194 | 0 | } Unexecuted instantiation: gcm.c:block8_mulx_be Unexecuted instantiation: cmac.c:block8_mulx_be Unexecuted instantiation: cmac64.c:block8_mulx_be Unexecuted instantiation: siv-cmac.c:block8_mulx_be Unexecuted instantiation: ghash-set-key.c:block8_mulx_be Unexecuted instantiation: xts.c:block8_mulx_be |
195 | | |
196 | | static inline void |
197 | | block16_mulx_ghash (union nettle_block16 *r, |
198 | | const union nettle_block16 *x) |
199 | 0 | { |
200 | 0 | uint64_t mask; |
201 | | |
202 | | /* Shift uses big-endian representation. */ |
203 | 0 | mask = - ((x->u64[1] >> 56) & 1); |
204 | 0 | r->u64[1] = RSHIFT_ALIEN_UINT64(x->u64[1]) | ((x->u64[0] >> 49) & 0x80); |
205 | 0 | r->u64[0] = RSHIFT_ALIEN_UINT64(x->u64[0]) ^ (mask & GHASH_POLY); |
206 | 0 | } Unexecuted instantiation: gcm.c:block16_mulx_ghash Unexecuted instantiation: cmac.c:block16_mulx_ghash Unexecuted instantiation: cmac64.c:block16_mulx_ghash Unexecuted instantiation: siv-cmac.c:block16_mulx_ghash Unexecuted instantiation: ghash-set-key.c:block16_mulx_ghash Unexecuted instantiation: xts.c:block16_mulx_ghash |
207 | | #endif /* ! WORDS_BIGENDIAN */ |
208 | | |
209 | | /* Reverse bytes in X and store the result in R. This supports |
210 | | in-place operation (R and X can overlap). */ |
211 | | static inline void |
212 | | block16_bswap (union nettle_block16 *r, |
213 | | const union nettle_block16 *x) |
214 | 0 | { |
215 | 0 | uint64_t t = nettle_bswap64 (x->u64[0]); |
216 | 0 | r->u64[0] = nettle_bswap64 (x->u64[1]); |
217 | 0 | r->u64[1] = t; |
218 | 0 | } Unexecuted instantiation: gcm.c:block16_bswap Unexecuted instantiation: cmac.c:block16_bswap Unexecuted instantiation: cmac64.c:block16_bswap Unexecuted instantiation: siv-cmac.c:block16_bswap Unexecuted instantiation: ghash-set-key.c:block16_bswap Unexecuted instantiation: xts.c:block16_bswap |
219 | | |
220 | | #endif /* NETTLE_BLOCK_INTERNAL_H_INCLUDED */ |