summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/freebl/gcm.h
blob: 571b9ec55e09699ed1935d751588cdcef387e848 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef GCM_H
#define GCM_H 1

#include "blapii.h"
#include <stdint.h>

#ifdef NSS_X86_OR_X64
/* GCC <= 4.8 doesn't support including emmintrin.h without enabling SSE2 */
#if !defined(__clang__) && defined(__GNUC__) && defined(__GNUC_MINOR__) && \
    (__GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ <= 8))
#pragma GCC push_options
#pragma GCC target("sse2")
#undef NSS_DISABLE_SSE2
#define NSS_DISABLE_SSE2 1
#endif /* GCC <= 4.8 */

#include <emmintrin.h> /* __m128i */

#ifdef NSS_DISABLE_SSE2
#undef NSS_DISABLE_SSE2
#pragma GCC pop_options
#endif /* NSS_DISABLE_SSE2 */
#endif

#ifdef __aarch64__
#include <arm_neon.h>
#endif

#ifdef __powerpc64__
#include "altivec-types.h"

/* The ghash freebl test tries to use this in C++, and gcc defines conflict. */
#ifdef __cplusplus
#undef pixel
#undef vector
#undef bool
#endif

/*
 * PPC CRYPTO requires at least gcc 5 or clang. The LE check is purely
 * because it's only been tested on LE. If you're interested in BE,
 * please send a patch.
 */
#if (defined(__clang__) || (defined(__GNUC__) && __GNUC__ >= 5)) && \
    defined(IS_LITTLE_ENDIAN)
#define USE_PPC_CRYPTO
#endif

#endif

SEC_BEGIN_PROTOS

#ifdef HAVE_INT128_SUPPORT
typedef unsigned __int128 uint128_t;
#endif

typedef struct GCMContextStr GCMContext;

/*
 * The context argument is the inner cipher context to use with cipher. The
 * GCMContext does not own context. context needs to remain valid for as long
 * as the GCMContext is valid.
 *
 * The cipher argument is a block cipher in the ECB encrypt mode.
 */
GCMContext *GCM_CreateContext(void *context, freeblCipherFunc cipher,
                              const unsigned char *params);
void GCM_DestroyContext(GCMContext *gcm, PRBool freeit);
SECStatus GCM_EncryptUpdate(GCMContext *gcm, unsigned char *outbuf,
                            unsigned int *outlen, unsigned int maxout,
                            const unsigned char *inbuf, unsigned int inlen,
                            unsigned int blocksize);
SECStatus GCM_DecryptUpdate(GCMContext *gcm, unsigned char *outbuf,
                            unsigned int *outlen, unsigned int maxout,
                            const unsigned char *inbuf, unsigned int inlen,
                            unsigned int blocksize);

/* These functions are here only so we can test them */
#define GCM_HASH_LEN_LEN 8 /* gcm hash defines lengths to be 64 bits */
typedef struct gcmHashContextStr gcmHashContext;
typedef SECStatus (*ghash_t)(gcmHashContext *, const unsigned char *,
                             unsigned int);
pre_align struct gcmHashContextStr {
#ifdef NSS_X86_OR_X64
    __m128i x, h;
#elif defined(__aarch64__)
    uint64x2_t x, h;
#elif defined(USE_PPC_CRYPTO)
    vec_u64 x, h;
#endif
    uint64_t x_low, x_high, h_high, h_low;
    unsigned char buffer[MAX_BLOCK_SIZE];
    unsigned int bufLen;
    uint8_t counterBuf[16];
    uint64_t cLen;
    ghash_t ghash_mul;
    PRBool hw;
    gcmHashContext *mem;
} post_align;

SECStatus gcmHash_Update(gcmHashContext *ghash, const unsigned char *buf,
                         unsigned int len);
SECStatus gcmHash_InitContext(gcmHashContext *ghash, const unsigned char *H,
                              PRBool sw);
SECStatus gcmHash_Reset(gcmHashContext *ghash, const unsigned char *AAD,
                        unsigned int AADLen);
SECStatus gcmHash_Final(gcmHashContext *ghash, unsigned char *outbuf,
                        unsigned int *outlen, unsigned int maxout);

SEC_END_PROTOS

#endif