Mercurial > dropbear

comparison libtomcrypt/src/encauth/gcm/gcm_gf_mult.c @ 1471:6dba84798cd5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update to libtomcrypt 1.18.1, merged with Dropbear changes
author Matt Johnston <matt@ucc.asn.au>
date Fri, 09 Feb 2018 21:44:05 +0800
parents f849a5ca2efc
children
comparison
equal deleted inserted replaced
1470:8bba51a55704 1471:6dba84798cd5
3 * LibTomCrypt is a library that provides various cryptographic 3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner. 4 * algorithms in a highly modular and flexible manner.
5 * 5 *
6 * The library is free for all purposes without any express 6 * The library is free for all purposes without any express
7 * guarantee it works. 7 * guarantee it works.
8 *
9 * Tom St Denis, [email protected], http://libtom.org
10 */ 8 */
11 9
12 /** 10 /**
13 @file gcm_gf_mult.c 11 @file gcm_gf_mult.c
14 GCM implementation, do the GF mult, by Tom St Denis 12 GCM implementation, do the GF mult, by Tom St Denis
15 */ 13 */
16 #include "tomcrypt.h" 14 #include "tomcrypt.h"
17 15
18 #if defined(LTC_GCM_TABLES) || defined(LRW_TABLES) || ((defined(LTC_GCM_MODE) || defined(LTC_GCM_MODE)) && defined(LTC_FAST)) 16 #if defined(LTC_GCM_TABLES) || defined(LTC_LRW_TABLES) || ((defined(LTC_GCM_MODE) || defined(LTC_GCM_MODE)) && defined(LTC_FAST))
19 17
20 /* this is x*2^128 mod p(x) ... the results are 16 bytes each stored in a packed format. Since only the 18 /* this is x*2^128 mod p(x) ... the results are 16 bytes each stored in a packed format. Since only the
21 * lower 16 bits are not zero'ed I removed the upper 14 bytes */ 19 * lower 16 bits are not zero'ed I removed the upper 14 bytes */
22 const unsigned char gcm_shift_table[256*2] = { 20 const unsigned char gcm_shift_table[256*2] = {
23 0x00, 0x00, 0x01, 0xc2, 0x03, 0x84, 0x02, 0x46, 0x07, 0x08, 0x06, 0xca, 0x04, 0x8c, 0x05, 0x4e, 21 0x00, 0x00, 0x01, 0xc2, 0x03, 0x84, 0x02, 0x46, 0x07, 0x08, 0x06, 0xca, 0x04, 0x8c, 0x05, 0x4e,
24 0x0e, 0x10, 0x0f, 0xd2, 0x0d, 0x94, 0x0c, 0x56, 0x09, 0x18, 0x08, 0xda, 0x0a, 0x9c, 0x0b, 0x5e, 22 0x0e, 0x10, 0x0f, 0xd2, 0x0d, 0x94, 0x0c, 0x56, 0x09, 0x18, 0x08, 0xda, 0x0a, 0x9c, 0x0b, 0x5e,
25 0x1c, 0x20, 0x1d, 0xe2, 0x1f, 0xa4, 0x1e, 0x66, 0x1b, 0x28, 0x1a, 0xea, 0x18, 0xac, 0x19, 0x6e, 23 0x1c, 0x20, 0x1d, 0xe2, 0x1f, 0xa4, 0x1e, 0x66, 0x1b, 0x28, 0x1a, 0xea, 0x18, 0xac, 0x19, 0x6e,
58 56
59 #if defined(LTC_GCM_MODE) || defined(LRW_MODE) 57 #if defined(LTC_GCM_MODE) || defined(LRW_MODE)
60 58
61 #ifndef LTC_FAST 59 #ifndef LTC_FAST
62 /* right shift */ 60 /* right shift */
63 static void gcm_rightshift(unsigned char *a) 61 static void _gcm_rightshift(unsigned char *a)
64 { 62 {
65 int x; 63 int x;
66 for (x = 15; x > 0; x--) { 64 for (x = 15; x > 0; x--) {
67 a[x] = (a[x]>>1) | ((a[x-1]<<7)&0x80); 65 a[x] = (a[x]>>1) | ((a[x-1]<<7)&0x80);
68 } 66 }
71 69
72 /* c = b*a */ 70 /* c = b*a */
73 static const unsigned char mask[] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 }; 71 static const unsigned char mask[] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
74 static const unsigned char poly[] = { 0x00, 0xE1 }; 72 static const unsigned char poly[] = { 0x00, 0xE1 };
75 73
76 74
77 /** 75 /**
78 GCM GF multiplier (internal use only) bitserial 76 GCM GF multiplier (internal use only) bitserial
79 @param a First value 77 @param a First value
80 @param b Second value 78 @param b Second value
81 @param c Destination for a * b 79 @param c Destination for a * b
82 */ 80 */
83 void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c) 81 void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c)
84 { 82 {
85 unsigned char Z[16], V[16]; 83 unsigned char Z[16], V[16];
86 unsigned x, y, z; 84 unsigned char x, y, z;
87 85
88 zeromem(Z, 16); 86 zeromem(Z, 16);
89 XMEMCPY(V, a, 16); 87 XMEMCPY(V, a, 16);
90 for (x = 0; x < 128; x++) { 88 for (x = 0; x < 128; x++) {
91 if (b[x>>3] & mask[x&7]) { 89 if (b[x>>3] & mask[x&7]) {
92 for (y = 0; y < 16; y++) { 90 for (y = 0; y < 16; y++) {
93 Z[y] ^= V[y]; 91 Z[y] ^= V[y];
94 } 92 }
95 } 93 }
96 z = V[15] & 0x01; 94 z = V[15] & 0x01;
97 gcm_rightshift(V); 95 _gcm_rightshift(V);
98 V[0] ^= poly[z]; 96 V[0] ^= poly[z];
99 } 97 }
100 XMEMCPY(c, Z, 16); 98 XMEMCPY(c, Z, 16);
101 } 99 }
102 100
111 /** 109 /**
112 GCM GF multiplier (internal use only) word oriented 110 GCM GF multiplier (internal use only) word oriented
113 @param a First value 111 @param a First value
114 @param b Second value 112 @param b Second value
115 @param c Destination for a * b 113 @param c Destination for a * b
116 */ 114 */
117 void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c) 115 void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c)
118 { 116 {
119 int i, j, k, u; 117 int i, j, k, u;
120 LTC_FAST_TYPE B[16][WPV], tmp[32 / sizeof(LTC_FAST_TYPE)], pB[16 / sizeof(LTC_FAST_TYPE)], zz, z; 118 LTC_FAST_TYPE B[16][WPV], tmp[32 / sizeof(LTC_FAST_TYPE)], pB[16 / sizeof(LTC_FAST_TYPE)], zz, z;
121 unsigned char pTmp[32]; 119 unsigned char pTmp[32];
127 #ifdef ENDIAN_32BITWORD 125 #ifdef ENDIAN_32BITWORD
128 for (i = 0; i < 4; i++) { 126 for (i = 0; i < 4; i++) {
129 LOAD32H(B[M(1)][i], a + (i<<2)); 127 LOAD32H(B[M(1)][i], a + (i<<2));
130 LOAD32L(pB[i], b + (i<<2)); 128 LOAD32L(pB[i], b + (i<<2));
131 } 129 }
132 #else 130 #else
133 for (i = 0; i < 2; i++) { 131 for (i = 0; i < 2; i++) {
134 LOAD64H(B[M(1)][i], a + (i<<3)); 132 LOAD64H(B[M(1)][i], a + (i<<3));
135 LOAD64L(pB[i], b + (i<<3)); 133 LOAD64L(pB[i], b + (i<<3));
136 } 134 }
137 #endif 135 #endif
152 B[M(5)][i] = B[M(1)][i] ^ B[M(4)][i]; 150 B[M(5)][i] = B[M(1)][i] ^ B[M(4)][i];
153 B[M(6)][i] = B[M(2)][i] ^ B[M(4)][i]; 151 B[M(6)][i] = B[M(2)][i] ^ B[M(4)][i];
154 B[M(9)][i] = B[M(1)][i] ^ B[M(8)][i]; 152 B[M(9)][i] = B[M(1)][i] ^ B[M(8)][i];
155 B[M(10)][i] = B[M(2)][i] ^ B[M(8)][i]; 153 B[M(10)][i] = B[M(2)][i] ^ B[M(8)][i];
156 B[M(12)][i] = B[M(8)][i] ^ B[M(4)][i]; 154 B[M(12)][i] = B[M(8)][i] ^ B[M(4)][i];
157 155
158 /* now all 3 bit values and the only 4 bit value: 7, 11, 13, 14, 15 */ 156 /* now all 3 bit values and the only 4 bit value: 7, 11, 13, 14, 15 */
159 B[M(7)][i] = B[M(3)][i] ^ B[M(4)][i]; 157 B[M(7)][i] = B[M(3)][i] ^ B[M(4)][i];
160 B[M(11)][i] = B[M(3)][i] ^ B[M(8)][i]; 158 B[M(11)][i] = B[M(3)][i] ^ B[M(8)][i];
161 B[M(13)][i] = B[M(1)][i] ^ B[M(12)][i]; 159 B[M(13)][i] = B[M(1)][i] ^ B[M(12)][i];
162 B[M(14)][i] = B[M(6)][i] ^ B[M(8)][i]; 160 B[M(14)][i] = B[M(6)][i] ^ B[M(8)][i];
191 /* store product */ 189 /* store product */
192 #ifdef ENDIAN_32BITWORD 190 #ifdef ENDIAN_32BITWORD
193 for (i = 0; i < 8; i++) { 191 for (i = 0; i < 8; i++) {
194 STORE32H(tmp[i], pTmp + (i<<2)); 192 STORE32H(tmp[i], pTmp + (i<<2));
195 } 193 }
196 #else 194 #else
197 for (i = 0; i < 4; i++) { 195 for (i = 0; i < 4; i++) {
198 STORE64H(tmp[i], pTmp + (i<<3)); 196 STORE64H(tmp[i], pTmp + (i<<3));
199 } 197 }
200 #endif 198 #endif
201 199
213 211
214 #endif 212 #endif
215 213
216 #endif 214 #endif
217 215
218 /* $Source$ */ 216 /* ref: $Format:%D$ */
219 /* $Revision$ */ 217 /* git commit: $Format:%H$ */
220 /* $Date$ */ 218 /* commit time: $Format:%ai$ */
221 219