summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/freebl/gcm.c
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-02-24 00:43:43 +0100
committerwolfbeast <mcwerewolf@gmail.com>2018-02-24 00:43:43 +0100
commitdc7ceccf8bc0950e4daa5f0e7736d4c204526fc0 (patch)
treec70154c611b0f03bdcba029f1c51c48e5f69eb36 /security/nss/lib/freebl/gcm.c
parent6f93b00559c8fe5b8dfaf59fcbaac8f1e0dd3366 (diff)
parent788c588bf6f8907dc57b01cd1c86239215d3c661 (diff)
downloadUXP-dc7ceccf8bc0950e4daa5f0e7736d4c204526fc0.tar
UXP-dc7ceccf8bc0950e4daa5f0e7736d4c204526fc0.tar.gz
UXP-dc7ceccf8bc0950e4daa5f0e7736d4c204526fc0.tar.lz
UXP-dc7ceccf8bc0950e4daa5f0e7736d4c204526fc0.tar.xz
UXP-dc7ceccf8bc0950e4daa5f0e7736d4c204526fc0.zip
Merge branch 'TLS-1.3'
Diffstat (limited to 'security/nss/lib/freebl/gcm.c')
-rw-r--r--security/nss/lib/freebl/gcm.c171
1 files changed, 49 insertions, 122 deletions
diff --git a/security/nss/lib/freebl/gcm.c b/security/nss/lib/freebl/gcm.c
index 0fdb0fd48..f1e16da78 100644
--- a/security/nss/lib/freebl/gcm.c
+++ b/security/nss/lib/freebl/gcm.c
@@ -17,18 +17,50 @@
#include <limits.h>
-#ifdef NSS_X86_OR_X64
-#include <wmmintrin.h> /* clmul */
-#endif
-
/* Forward declarations */
+SECStatus gcm_HashInit_hw(gcmHashContext *ghash);
+SECStatus gcm_HashWrite_hw(gcmHashContext *ghash, unsigned char *outbuf);
SECStatus gcm_HashMult_hw(gcmHashContext *ghash, const unsigned char *buf,
unsigned int count);
+SECStatus gcm_HashZeroX_hw(gcmHashContext *ghash);
SECStatus gcm_HashMult_sftw(gcmHashContext *ghash, const unsigned char *buf,
unsigned int count);
SECStatus gcm_HashMult_sftw32(gcmHashContext *ghash, const unsigned char *buf,
unsigned int count);
+/* Stub definitions for the above *_hw functions, which shouldn't be
+ * used unless NSS_X86_OR_X64 is defined */
+#ifndef NSS_X86_OR_X64
+SECStatus
+gcm_HashWrite_hw(gcmHashContext *ghash, unsigned char *outbuf)
+{
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+}
+
+SECStatus
+gcm_HashMult_hw(gcmHashContext *ghash, const unsigned char *buf,
+ unsigned int count)
+{
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+}
+
+SECStatus
+gcm_HashInit_hw(gcmHashContext *ghash)
+{
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+}
+
+SECStatus
+gcm_HashZeroX_hw(gcmHashContext *ghash)
+{
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+}
+#endif /* NSS_X86_OR_X64 */
+
uint64_t
get64(const unsigned char *bytes)
{
@@ -46,6 +78,8 @@ get64(const unsigned char *bytes)
SECStatus
gcmHash_InitContext(gcmHashContext *ghash, const unsigned char *H, PRBool sw)
{
+ SECStatus rv = SECSuccess;
+
ghash->cLen = 0;
ghash->bufLen = 0;
PORT_Memset(ghash->counterBuf, 0, sizeof(ghash->counterBuf));
@@ -53,17 +87,7 @@ gcmHash_InitContext(gcmHashContext *ghash, const unsigned char *H, PRBool sw)
ghash->h_low = get64(H + 8);
ghash->h_high = get64(H);
if (clmul_support() && !sw) {
-#ifdef NSS_X86_OR_X64
- ghash->ghash_mul = gcm_HashMult_hw;
- ghash->x = _mm_setzero_si128();
- /* MSVC requires __m64 to load epi64. */
- ghash->h = _mm_set_epi32(ghash->h_high >> 32, (uint32_t)ghash->h_high,
- ghash->h_low >> 32, (uint32_t)ghash->h_low);
- ghash->hw = PR_TRUE;
-#else
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return SECFailure;
-#endif /* NSS_X86_OR_X64 */
+ rv = gcm_HashInit_hw(ghash);
} else {
/* We fall back to the software implementation if we can't use / don't
* want to use pclmul. */
@@ -75,7 +99,7 @@ gcmHash_InitContext(gcmHashContext *ghash, const unsigned char *H, PRBool sw)
ghash->x_high = ghash->x_low = 0;
ghash->hw = PR_FALSE;
}
- return SECSuccess;
+ return rv;
}
#ifdef HAVE_INT128_SUPPORT
@@ -283,102 +307,17 @@ gcm_HashMult_sftw32(gcmHashContext *ghash, const unsigned char *buf,
}
#endif /* HAVE_INT128_SUPPORT */
-SECStatus
-gcm_HashMult_hw(gcmHashContext *ghash, const unsigned char *buf,
- unsigned int count)
-{
-#ifdef NSS_X86_OR_X64
- size_t i;
- pre_align __m128i z_high post_align;
- pre_align __m128i z_low post_align;
- pre_align __m128i C post_align;
- pre_align __m128i D post_align;
- pre_align __m128i E post_align;
- pre_align __m128i F post_align;
- pre_align __m128i bin post_align;
- pre_align __m128i Ci post_align;
- pre_align __m128i tmp post_align;
-
- for (i = 0; i < count; i++, buf += 16) {
- bin = _mm_set_epi16(((uint16_t)buf[0] << 8) | buf[1],
- ((uint16_t)buf[2] << 8) | buf[3],
- ((uint16_t)buf[4] << 8) | buf[5],
- ((uint16_t)buf[6] << 8) | buf[7],
- ((uint16_t)buf[8] << 8) | buf[9],
- ((uint16_t)buf[10] << 8) | buf[11],
- ((uint16_t)buf[12] << 8) | buf[13],
- ((uint16_t)buf[14] << 8) | buf[15]);
- Ci = _mm_xor_si128(bin, ghash->x);
-
- /* Do binary mult ghash->X = Ci * ghash->H. */
- C = _mm_clmulepi64_si128(Ci, ghash->h, 0x00);
- D = _mm_clmulepi64_si128(Ci, ghash->h, 0x11);
- E = _mm_clmulepi64_si128(Ci, ghash->h, 0x01);
- F = _mm_clmulepi64_si128(Ci, ghash->h, 0x10);
- tmp = _mm_xor_si128(E, F);
- z_high = _mm_xor_si128(tmp, _mm_slli_si128(D, 8));
- z_high = _mm_unpackhi_epi64(z_high, D);
- z_low = _mm_xor_si128(_mm_slli_si128(tmp, 8), C);
- z_low = _mm_unpackhi_epi64(_mm_slli_si128(C, 8), z_low);
-
- /* Shift one to the left (multiply by x) as gcm spec is stupid. */
- C = _mm_slli_si128(z_low, 8);
- E = _mm_srli_epi64(C, 63);
- D = _mm_slli_si128(z_high, 8);
- F = _mm_srli_epi64(D, 63);
- /* Carry over */
- C = _mm_srli_si128(z_low, 8);
- D = _mm_srli_epi64(C, 63);
- z_low = _mm_or_si128(_mm_slli_epi64(z_low, 1), E);
- z_high = _mm_or_si128(_mm_or_si128(_mm_slli_epi64(z_high, 1), F), D);
-
- /* Reduce */
- C = _mm_slli_si128(z_low, 8);
- /* D = z_low << 127 */
- D = _mm_slli_epi64(C, 63);
- /* E = z_low << 126 */
- E = _mm_slli_epi64(C, 62);
- /* F = z_low << 121 */
- F = _mm_slli_epi64(C, 57);
- /* z_low ^= (z_low << 127) ^ (z_low << 126) ^ (z_low << 121); */
- z_low = _mm_xor_si128(_mm_xor_si128(_mm_xor_si128(z_low, D), E), F);
- C = _mm_srli_si128(z_low, 8);
- /* D = z_low >> 1 */
- D = _mm_slli_epi64(C, 63);
- D = _mm_or_si128(_mm_srli_epi64(z_low, 1), D);
- /* E = z_low >> 2 */
- E = _mm_slli_epi64(C, 62);
- E = _mm_or_si128(_mm_srli_epi64(z_low, 2), E);
- /* F = z_low >> 7 */
- F = _mm_slli_epi64(C, 57);
- F = _mm_or_si128(_mm_srli_epi64(z_low, 7), F);
- /* ghash->x ^= z_low ^ (z_low >> 1) ^ (z_low >> 2) ^ (z_low >> 7); */
- ghash->x = _mm_xor_si128(_mm_xor_si128(
- _mm_xor_si128(_mm_xor_si128(z_high, z_low), D), E),
- F);
- }
- return SECSuccess;
-#else
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return SECFailure;
-#endif /* NSS_X86_OR_X64 */
-}
-
static SECStatus
gcm_zeroX(gcmHashContext *ghash)
{
+ SECStatus rv = SECSuccess;
+
if (ghash->hw) {
-#ifdef NSS_X86_OR_X64
- ghash->x = _mm_setzero_si128();
- return SECSuccess;
-#else
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return SECFailure;
-#endif /* NSS_X86_OR_X64 */
+ rv = gcm_HashZeroX_hw(ghash);
}
ghash->x_high = ghash->x_low = 0;
- return SECSuccess;
+ return rv;
}
/*
@@ -503,15 +442,10 @@ gcmHash_Final(gcmHashContext *ghash, unsigned char *outbuf,
}
if (ghash->hw) {
-#ifdef NSS_X86_OR_X64
- uint64_t tmp_out[2];
- _mm_storeu_si128((__m128i *)tmp_out, ghash->x);
- WRITE64(tmp_out[0], T + 8);
- WRITE64(tmp_out[1], T);
-#else
- PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- return SECFailure;
-#endif /* NSS_X86_OR_X64 */
+ rv = gcm_HashWrite_hw(ghash, T);
+ if (rv != SECSuccess) {
+ goto cleanup;
+ }
} else {
WRITE64(ghash->x_low, T + 8);
WRITE64(ghash->x_high, T);
@@ -595,14 +529,7 @@ GCM_CreateContext(void *context, freeblCipherFunc cipher,
if (gcm == NULL) {
return NULL;
}
- /* aligned_alloc is C11 so we have to do it the old way. */
- ghash = PORT_ZAlloc(sizeof(gcmHashContext) + 15);
- if (ghash == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- goto loser;
- }
- ghash->mem = ghash;
- ghash = (gcmHashContext *)(((uintptr_t)ghash + 15) & ~(uintptr_t)0x0F);
+ ghash = PORT_ZNewAligned(gcmHashContext, 16, mem);
/* first plug in the ghash context */
gcm->ghash_context = ghash;