From: Niels Möller <nisse@lysator.liu.se>
Date: Fri, 25 Sep 2020 17:27:02 +0000 (+0200)
Subject: gcm: Micro optimized gcm_fill, for big and little endian.
X-Git-Tag: nettle_3.7rc1~59
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b62e5f5e0d9b828a1cd10357391b1fe04ec18495;p=thirdparty%2Fnettle.git

gcm: Micro optimized gcm_fill, for big and little endian.
---

diff --git a/ChangeLog b/ChangeLog
index f1fc7e9b..07a32586 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2020-09-25  Niels Möller  <nisse@lysator.liu.se>
+
+	* gcm.c (gcm_fill): Added separate implementations for big- and
+	little-endian, to use uint64_t stores and less overhead.
+
 2020-09-24  Niels Möller  <nisse@obsidian>
 
 	* aclocal.m4 (GMP_ASM_POWERPC_R_REGISTERS): Prefer to use register
diff --git a/gcm.c b/gcm.c
index cf615daf..48b3e75a 100644
--- a/gcm.c
+++ b/gcm.c
@@ -334,6 +334,46 @@ gcm_update(struct gcm_ctx *ctx, const struct gcm_key *key,
 }
 
 static nettle_fill16_func gcm_fill;
+#if WORDS_BIGENDIAN
+static void
+gcm_fill(uint8_t *ctr, size_t blocks, union nettle_block16 *buffer)
+{
+  uint64_t hi, mid;
+  uint32_t lo;
+  size_t i;
+  hi = READ_UINT64(ctr);
+  mid = (uint64_t) READ_UINT32(ctr + 8) << 32;
+  lo = READ_UINT32(ctr + 12);
+
+  for (i = 0; i < blocks; i++)
+    {
+      buffer[i].u64[0] = hi;
+      buffer[i].u64[1] = mid + lo++;
+    }
+  WRITE_UINT32(ctr + 12, lo);
+
+}
+#elif HAVE_BUILTIN_BSWAP64
+/* Assume __builtin_bswap32 is also available */
+static void
+gcm_fill(uint8_t *ctr, size_t blocks, union nettle_block16 *buffer)
+{
+  uint64_t hi, mid;
+  uint32_t lo;
+  size_t i;
+  hi = LE_READ_UINT64(ctr);
+  mid = LE_READ_UINT32(ctr + 8);
+  lo = READ_UINT32(ctr + 12);
+
+  for (i = 0; i < blocks; i++)
+    {
+      buffer[i].u64[0] = hi;
+      buffer[i].u64[1] = mid + ((uint64_t)__builtin_bswap32(lo) << 32);
+      lo++;
+    }
+  WRITE_UINT32(ctr + 12, lo);
+}
+#else
 static void
 gcm_fill(uint8_t *ctr, size_t blocks, union nettle_block16 *buffer)
 {
@@ -349,6 +389,7 @@ gcm_fill(uint8_t *ctr, size_t blocks, union nettle_block16 *buffer)
 
   WRITE_UINT32(ctr + GCM_BLOCK_SIZE - 4, c);
 }
+#endif
 
 void
 gcm_encrypt (struct gcm_ctx *ctx, const struct gcm_key *key,