1 /*-
2 * Copyright (c) 2014 The FreeBSD Foundation
3 * All rights reserved.
4 *
5 * This software was developed by John-Mark Gurney under
6 * the sponsorship of the FreeBSD Foundation and
7 * Rubicon Communications, LLC (Netgate).
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 *
29 * $FreeBSD$
30 *
31 */
32
33 #ifndef _GFMULT_H_
34 #define _GFMULT_H_
35
36 #ifdef __APPLE__
37 #define __aligned(x) __attribute__((__aligned__(x)))
38 #define be64dec(buf) __builtin_bswap64(*(uint64_t *)buf)
39 #define be64enc(buf, x) (*(uint64_t *)buf = __builtin_bswap64(x))
40 #else
41 #include <sys/endian.h>
42 #endif
43
44 #ifdef _KERNEL
45 #include <sys/types.h>
46 #else
47 #include <stdint.h>
48 #include <strings.h>
49 #endif
50
51 #define REQ_ALIGN (16 * 4)
52 /*
53 * The rows are striped across cache lines. Note that the indexes
54 * are bit reversed to make accesses quicker.
55 */
56 struct gf128table {
57 uint32_t a[16] __aligned(REQ_ALIGN); /* bits 0 - 31 */
58 uint32_t b[16] __aligned(REQ_ALIGN); /* bits 63 - 32 */
59 uint32_t c[16] __aligned(REQ_ALIGN); /* bits 95 - 64 */
60 uint32_t d[16] __aligned(REQ_ALIGN); /* bits 127 - 96 */
61 } __aligned(REQ_ALIGN);
62
63 /*
64 * A set of tables that contain h, h^2, h^3, h^4. To be used w/ gf128_mul4.
65 */
66 struct gf128table4 {
67 struct gf128table tbls[4];
68 };
69
70 /*
71 * GCM per spec is bit reversed in memory. So byte 0 is really bit reversed
72 * and contains bits 0-7. We can deal w/ this by using right shifts and
73 * related math instead of having to bit reverse everything. This means that
74 * the low bits are in v[0] (bits 0-63) and reverse order, while the high
75 * bits are in v[1] (bits 64-127) and reverse order. The high bit of v[0] is
76 * bit 0, and the low bit of v[1] is bit 127.
77 */
78 struct gf128 {
79 uint64_t v[2];
80 };
81
82 /* Note that we don't bit reverse in MAKE_GF128. */
83 #define MAKE_GF128(a, b) ((struct gf128){.v = { (a), (b) } })
84 #define GF128_EQ(a, b) ((((a).v[0] ^ (b).v[0]) | \
85 ((a).v[1] ^ (b).v[1])) == 0)
86
87 static inline struct gf128
88 gf128_read(const uint8_t *buf)
89 {
90 struct gf128 r;
91
92 r.v[0] = be64dec(buf);
93 buf += sizeof(uint64_t);
94
95 r.v[1] = be64dec(buf);
96
97 return r;
98 }
99
100 static inline void
101 gf128_write(struct gf128 v, uint8_t *buf)
102 {
103 uint64_t tmp;
104
105 be64enc(buf, v.v[0]);
106 buf += sizeof tmp;
107
108 be64enc(buf, v.v[1]);
109 }
110
111 static inline struct gf128 __pure /* XXX - __pure2 instead */
112 gf128_add(struct gf128 a, struct gf128 b)
113 {
114 a.v[0] ^= b.v[0];
115 a.v[1] ^= b.v[1];
116
117 return a;
118 }
119
120 void gf128_genmultable(struct gf128 h, struct gf128table *t);
121 void gf128_genmultable4(struct gf128 h, struct gf128table4 *t);
122 struct gf128 gf128_mul(struct gf128 v, struct gf128table *tbl);
123 struct gf128 gf128_mul4(struct gf128 a, struct gf128 b, struct gf128 c,
124 struct gf128 d, struct gf128table4 *tbl);
125 struct gf128 gf128_mul4b(struct gf128 r, const uint8_t *v,
126 struct gf128table4 *tbl);
127
128 #endif /* _GFMULT_H_ */
Cache object: b2818e9b3edc3387c65ce4f11ba8486a
|