1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef GCM_H
#define GCM_H 1
#include "blapii.h"
#include <stdint.h>
#ifdef NSS_X86_OR_X64
/* GCC <= 4.8 doesn't support including emmintrin.h without enabling SSE2 */
#if !defined(__clang__) && defined(__GNUC__) && defined(__GNUC_MINOR__) && \
(__GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ <= 8))
#pragma GCC push_options
#pragma GCC target("sse2")
#undef NSS_DISABLE_SSE2
#define NSS_DISABLE_SSE2 1
#endif /* GCC <= 4.8 */
#include <emmintrin.h> /* __m128i */
#ifdef NSS_DISABLE_SSE2
#undef NSS_DISABLE_SSE2
#pragma GCC pop_options
#endif /* NSS_DISABLE_SSE2 */
#endif
#ifdef __aarch64__
#include <arm_neon.h>
#endif
#ifdef __powerpc64__
#include "altivec-types.h"
/* The ghash freebl test tries to use this in C++, and gcc defines conflict. */
#ifdef __cplusplus
#undef pixel
#undef vector
#undef bool
#endif
/*
* PPC CRYPTO requires at least gcc 5 or clang. The LE check is purely
* because it's only been tested on LE. If you're interested in BE,
* please send a patch.
*/
#if (defined(__clang__) || (defined(__GNUC__) && __GNUC__ >= 5)) && \
defined(IS_LITTLE_ENDIAN)
#define USE_PPC_CRYPTO
#endif
#endif
SEC_BEGIN_PROTOS
#ifdef HAVE_INT128_SUPPORT
typedef unsigned __int128 uint128_t;
#endif
typedef struct GCMContextStr GCMContext;
/*
* The context argument is the inner cipher context to use with cipher. The
* GCMContext does not own context. context needs to remain valid for as long
* as the GCMContext is valid.
*
* The cipher argument is a block cipher in the ECB encrypt mode.
*/
GCMContext *GCM_CreateContext(void *context, freeblCipherFunc cipher,
const unsigned char *params);
void GCM_DestroyContext(GCMContext *gcm, PRBool freeit);
SECStatus GCM_EncryptUpdate(GCMContext *gcm, unsigned char *outbuf,
unsigned int *outlen, unsigned int maxout,
const unsigned char *inbuf, unsigned int inlen,
unsigned int blocksize);
SECStatus GCM_DecryptUpdate(GCMContext *gcm, unsigned char *outbuf,
unsigned int *outlen, unsigned int maxout,
const unsigned char *inbuf, unsigned int inlen,
unsigned int blocksize);
/* These functions are here only so we can test them */
#define GCM_HASH_LEN_LEN 8 /* gcm hash defines lengths to be 64 bits */
typedef struct gcmHashContextStr gcmHashContext;
typedef SECStatus (*ghash_t)(gcmHashContext *, const unsigned char *,
unsigned int);
pre_align struct gcmHashContextStr {
#ifdef NSS_X86_OR_X64
__m128i x, h;
#elif defined(__aarch64__)
uint64x2_t x, h;
#elif defined(USE_PPC_CRYPTO)
vec_u64 x, h;
#endif
uint64_t x_low, x_high, h_high, h_low;
unsigned char buffer[MAX_BLOCK_SIZE];
unsigned int bufLen;
uint8_t counterBuf[16];
uint64_t cLen;
ghash_t ghash_mul;
PRBool hw;
gcmHashContext *mem;
} post_align;
SECStatus gcmHash_Update(gcmHashContext *ghash, const unsigned char *buf,
unsigned int len);
SECStatus gcmHash_InitContext(gcmHashContext *ghash, const unsigned char *H,
PRBool sw);
SECStatus gcmHash_Reset(gcmHashContext *ghash, const unsigned char *AAD,
unsigned int AADLen);
SECStatus gcmHash_Final(gcmHashContext *ghash, unsigned char *outbuf,
unsigned int *outlen, unsigned int maxout);
SEC_END_PROTOS
#endif
|