From: Nick Mathewson Date: Sat, 19 Apr 2025 00:25:29 +0000 (-0400) Subject: Adapt ctmul64.c to work with polyval.c. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bd95dab0f609bd0257ca519e9ba034339968c706;p=thirdparty%2Ftor.git Adapt ctmul64.c to work with polyval.c. --- diff --git a/src/ext/polyval/ctmul64.c b/src/ext/polyval/ctmul64.c index a46f16fee9..c2205953a3 100644 --- a/src/ext/polyval/ctmul64.c +++ b/src/ext/polyval/ctmul64.c @@ -1,7 +1,7 @@ /* * Copyright (c) 2016 Thomas Pornin * - * Permission is hereby granted, free of charge, to any person obtaining + * Permission is hereby granted, free of charge, to any person obtaining * a copy of this software and associated documentation files (the * "Software"), to deal in the Software without restriction, including * without limitation the rights to use, copy, modify, merge, publish, @@ -9,12 +9,12 @@ * permit persons to whom the Software is furnished to do so, subject to * the following conditions: * - * The above copyright notice and this permission notice shall be + * The above copyright notice and this permission notice shall be * included in all copies or substantial portions of the Software. * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN @@ -22,8 +22,6 @@ * SOFTWARE. */ -#include "inner.h" - /* * This is the 64-bit variant of br_ghash_ctmul32(), with 64-bit operands * and bit reversal of 64-bit words. @@ -73,46 +71,28 @@ rev64(uint64_t x) #undef RMS } -/* see bearssl_ghash.h */ -void -br_ghash_ctmul64(void *y, const void *h, const void *data, size_t len) + +static void +pv_mul_y_h(polyval_t *pv) { - const unsigned char *buf, *hb; - unsigned char *yb; uint64_t y0, y1; uint64_t h0, h1, h2, h0r, h1r, h2r; - buf = data; - yb = y; - hb = h; - y1 = br_dec64be(yb); - y0 = br_dec64be(yb + 8); - h1 = br_dec64be(hb); - h0 = br_dec64be(hb + 8); - h0r = rev64(h0); - h1r = rev64(h1); + y0 = pv->y.lo; + y1 = pv->y.hi; + h0 = pv->h.lo; + h1 = pv->h.hi; + // TODO(nm) does it actually make sense for us to precompute this? + h0r = pv->hr.lo; + h1r = pv->hr.hi; + h2 = h0 ^ h1; h2r = h0r ^ h1r; - while (len > 0) { - const unsigned char *src; - unsigned char tmp[16]; + { uint64_t y0r, y1r, y2, y2r; uint64_t z0, z1, z2, z0h, z1h, z2h; uint64_t v0, v1, v2, v3; - if (len >= 16) { - src = buf; - buf += 16; - len -= 16; - } else { - memcpy(tmp, buf, len); - memset(tmp + len, 0, (sizeof tmp) - len); - src = tmp; - len = 0; - } - y1 ^= br_dec64be(src); - y0 ^= br_dec64be(src + 8); - y0r = rev64(y0); y1r = rev64(y1); y2 = y0 ^ y1; @@ -135,20 +115,20 @@ br_ghash_ctmul64(void *y, const void *h, const void *data, size_t len) v2 = z1 ^ z2h; v3 = z1h; +#if 0 + // This step is GHASH only. v3 = (v3 << 1) | (v2 >> 63); v2 = (v2 << 1) | (v1 >> 63); v1 = (v1 << 1) | (v0 >> 63); v0 = (v0 << 1); +#endif v2 ^= v0 ^ (v0 >> 1) ^ (v0 >> 2) ^ (v0 >> 7); v1 ^= (v0 << 63) ^ (v0 << 62) ^ (v0 << 57); v3 ^= v1 ^ (v1 >> 1) ^ (v1 >> 2) ^ (v1 >> 7); v2 ^= (v1 << 63) ^ (v1 << 62) ^ (v1 << 57); - y0 = v2; - y1 = v3; + pv->y.lo = v2; + pv->y.hi = v3; } - - br_enc64be(yb, y1); - br_enc64be(yb + 8, y0); } diff --git a/src/ext/polyval/polyval.c b/src/ext/polyval/polyval.c index c74d0330a1..163d10d8c9 100644 --- a/src/ext/polyval/polyval.c +++ b/src/ext/polyval/polyval.c @@ -20,7 +20,11 @@ static inline void pv_xor(polyval_t *, u128); static inline void pv_init_extra(polyval_t *pv); /* Functions which we expect our multiply implementation to declare. */ -static inline void pv_mul_y_h(polyval_t *); +/** + * Within the polyval struct, perform "y *= h". + */ +static +void pv_mul_y_h(polyval_t *); #ifdef WORDS_BIG_ENDIAN #ifdef __GNUC__ @@ -48,6 +52,9 @@ static inline uint64_t bswap64(uint64_t v) #endif #ifdef PV_USE_CTMUL64 + +#include "ext/polyval/ctmul64.c" + static inline u128 u128_from_bytes(const uint8_t *bytes) { @@ -75,17 +82,11 @@ pv_xor(polyval_t *pv, u128 val) static inline void pv_init_extra(polyval_t *pv) { - + pv->hr.lo = rev64(pv->h.lo); + pv->hr.hi = rev64(pv->h.hi); } -static inline void pv_mul_y_h(polyval_t *pv) -{ - -} - -// #include "ext/polyval/ctmul64.c" #endif - void polyval_init(polyval_t *pv, const uint8_t *key) {