Bladeren bron
Keep the GCM bits in one place.
This avoids needing to duplicate the "This API differs [...]" comment. Change-Id: If07c77bb66ecdae4e525fa01cc8c762dbacb52f1 Reviewed-on: https://boringssl-review.googlesource.com/32005 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>kris/onging/CECPQ3_patch15
David Benjamin
6 jaren geleden
committed by
CQ bot account: commit-bot@chromium.org
CQ bot account: commit-bot@chromium.org
1 gewijzigde bestanden met toevoegingen van 47 en 54 verwijderingen
+ 47
- 54
crypto/fipsmodule/modes/internal.h
Bestand weergeven
| @@ -91,7 +91,48 @@ static inline void store_word_le(void *out, size_t v) { | |||
| typedef void (*block128_f)(const uint8_t in[16], uint8_t out[16], | |||
| const void *key); | |||
| // GCM definitions | |||
| // CTR. | |||
| // ctr128_f is the type of a function that performs CTR-mode encryption. | |||
| typedef void (*ctr128_f)(const uint8_t *in, uint8_t *out, size_t blocks, | |||
| const void *key, const uint8_t ivec[16]); | |||
| // CRYPTO_ctr128_encrypt encrypts (or decrypts, it's the same in CTR mode) | |||
| // |len| bytes from |in| to |out| using |block| in counter mode. There's no | |||
| // requirement that |len| be a multiple of any value and any partial blocks are | |||
| // stored in |ecount_buf| and |*num|, which must be zeroed before the initial | |||
| // call. The counter is a 128-bit, big-endian value in |ivec| and is | |||
| // incremented by this function. | |||
| void CRYPTO_ctr128_encrypt(const uint8_t *in, uint8_t *out, size_t len, | |||
| const void *key, uint8_t ivec[16], | |||
| uint8_t ecount_buf[16], unsigned *num, | |||
| block128_f block); | |||
| // CRYPTO_ctr128_encrypt_ctr32 acts like |CRYPTO_ctr128_encrypt| but takes | |||
| // |ctr|, a function that performs CTR mode but only deals with the lower 32 | |||
| // bits of the counter. This is useful when |ctr| can be an optimised | |||
| // function. | |||
| void CRYPTO_ctr128_encrypt_ctr32(const uint8_t *in, uint8_t *out, size_t len, | |||
| const void *key, uint8_t ivec[16], | |||
| uint8_t ecount_buf[16], unsigned *num, | |||
| ctr128_f ctr); | |||
| #if !defined(OPENSSL_NO_ASM) && \ | |||
| (defined(OPENSSL_X86) || defined(OPENSSL_X86_64)) | |||
| void aesni_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out, size_t blocks, | |||
| const void *key, const uint8_t *ivec); | |||
| #endif | |||
| // GCM. | |||
| // | |||
| // This API differs from the upstream API slightly. The |GCM128_CONTEXT| does | |||
| // not have a |key| pointer that points to the key as upstream's version does. | |||
| // Instead, every function takes a |key| parameter. This way |GCM128_CONTEXT| | |||
| // can be safely copied. Additionally, |gcm_key| is split into a separate | |||
| // struct. | |||
| typedef struct { uint64_t hi,lo; } u128; | |||
| // gmult_func multiplies |Xi| by the GCM key and writes the result back to | |||
| @@ -104,7 +145,7 @@ typedef void (*gmult_func)(uint64_t Xi[2], const u128 Htable[16]); | |||
| typedef void (*ghash_func)(uint64_t Xi[2], const u128 Htable[16], | |||
| const uint8_t *inp, size_t len); | |||
| typedef struct { | |||
| typedef struct gcm128_key_st { | |||
| // Note the MOVBE-based, x86-64, GHASH assembly requires |H| and |Htable| to | |||
| // be the first two elements of this struct. | |||
| u128 H; | |||
| @@ -119,14 +160,9 @@ typedef struct { | |||
| unsigned use_aesni_gcm_crypt:1; | |||
| } GCM128_KEY; | |||
| // gcm128_context, or |GCM128_CONTEXT| contains state for a single GCM | |||
| // operation. The structure should be zero-initialized before use. | |||
| // | |||
| // This differs from upstream's |gcm128_context| in that it does not have the | |||
| // |key| pointer, in order to make it |memcpy|-friendly. Rather the key is | |||
| // passed into each call that needs it. Additionally, |gcm_key| is split into a | |||
| // separate struct. | |||
| struct gcm128_context { | |||
| // GCM128_CONTEXT contains state for a single GCM operation. The structure | |||
| // should be zero-initialized before use. | |||
| typedef struct { | |||
| // The following 5 names follow names in GCM specification | |||
| union { | |||
| uint64_t u[2]; | |||
| @@ -140,7 +176,7 @@ struct gcm128_context { | |||
| GCM128_KEY gcm_key; | |||
| unsigned mres, ares; | |||
| }; | |||
| } GCM128_CONTEXT; | |||
| #if defined(OPENSSL_X86) || defined(OPENSSL_X86_64) | |||
| // crypto_gcm_clmul_enabled returns one if the CLMUL implementation of GCM is | |||
| @@ -148,49 +184,6 @@ struct gcm128_context { | |||
| int crypto_gcm_clmul_enabled(void); | |||
| #endif | |||
| // CTR. | |||
| // ctr128_f is the type of a function that performs CTR-mode encryption. | |||
| typedef void (*ctr128_f)(const uint8_t *in, uint8_t *out, size_t blocks, | |||
| const void *key, const uint8_t ivec[16]); | |||
| // CRYPTO_ctr128_encrypt encrypts (or decrypts, it's the same in CTR mode) | |||
| // |len| bytes from |in| to |out| using |block| in counter mode. There's no | |||
| // requirement that |len| be a multiple of any value and any partial blocks are | |||
| // stored in |ecount_buf| and |*num|, which must be zeroed before the initial | |||
| // call. The counter is a 128-bit, big-endian value in |ivec| and is | |||
| // incremented by this function. | |||
| void CRYPTO_ctr128_encrypt(const uint8_t *in, uint8_t *out, size_t len, | |||
| const void *key, uint8_t ivec[16], | |||
| uint8_t ecount_buf[16], unsigned *num, | |||
| block128_f block); | |||
| // CRYPTO_ctr128_encrypt_ctr32 acts like |CRYPTO_ctr128_encrypt| but takes | |||
| // |ctr|, a function that performs CTR mode but only deals with the lower 32 | |||
| // bits of the counter. This is useful when |ctr| can be an optimised | |||
| // function. | |||
| void CRYPTO_ctr128_encrypt_ctr32(const uint8_t *in, uint8_t *out, size_t len, | |||
| const void *key, uint8_t ivec[16], | |||
| uint8_t ecount_buf[16], unsigned *num, | |||
| ctr128_f ctr); | |||
| #if !defined(OPENSSL_NO_ASM) && \ | |||
| (defined(OPENSSL_X86) || defined(OPENSSL_X86_64)) | |||
| void aesni_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out, size_t blocks, | |||
| const void *key, const uint8_t *ivec); | |||
| #endif | |||
| // GCM. | |||
| // | |||
| // This API differs from the upstream API slightly. The |GCM128_CONTEXT| does | |||
| // not have a |key| pointer that points to the key as upstream's version does. | |||
| // Instead, every function takes a |key| parameter. This way |GCM128_CONTEXT| | |||
| // can be safely copied. | |||
| typedef struct gcm128_context GCM128_CONTEXT; | |||
| // CRYPTO_ghash_init writes a precomputed table of powers of |gcm_key| to | |||
| // |out_table| and sets |*out_mult| and |*out_hash| to (potentially hardware | |||
| // accelerated) functions for performing operations in the GHASH field. If the | |||