1ebfedea0SLionel Sambuc /* ====================================================================
2ebfedea0SLionel Sambuc  * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
3ebfedea0SLionel Sambuc  *
4ebfedea0SLionel Sambuc  * Redistribution and use is governed by OpenSSL license.
5ebfedea0SLionel Sambuc  * ====================================================================
6ebfedea0SLionel Sambuc  */
7ebfedea0SLionel Sambuc 
8ebfedea0SLionel Sambuc #include <openssl/modes.h>
9ebfedea0SLionel Sambuc 
10ebfedea0SLionel Sambuc #if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
11ebfedea0SLionel Sambuc typedef __int64 i64;
12ebfedea0SLionel Sambuc typedef unsigned __int64 u64;
13ebfedea0SLionel Sambuc # define U64(C) C##UI64
14ebfedea0SLionel Sambuc #elif defined(__arch64__)
15ebfedea0SLionel Sambuc typedef long i64;
16ebfedea0SLionel Sambuc typedef unsigned long u64;
17ebfedea0SLionel Sambuc # define U64(C) C##UL
18ebfedea0SLionel Sambuc #else
19ebfedea0SLionel Sambuc typedef long long i64;
20ebfedea0SLionel Sambuc typedef unsigned long long u64;
21ebfedea0SLionel Sambuc # define U64(C) C##ULL
22ebfedea0SLionel Sambuc #endif
23ebfedea0SLionel Sambuc 
24ebfedea0SLionel Sambuc typedef unsigned int u32;
25ebfedea0SLionel Sambuc typedef unsigned char u8;
26ebfedea0SLionel Sambuc 
27ebfedea0SLionel Sambuc #define STRICT_ALIGNMENT 1
28ebfedea0SLionel Sambuc #if defined(__i386)     || defined(__i386__)    || \
29ebfedea0SLionel Sambuc     defined(__x86_64)   || defined(__x86_64__)  || \
30ebfedea0SLionel Sambuc     defined(_M_IX86)    || defined(_M_AMD64)    || defined(_M_X64) || \
31*0a6a1f1dSLionel Sambuc     defined(__s390__)   || defined(__s390x__)
32ebfedea0SLionel Sambuc # undef STRICT_ALIGNMENT
33ebfedea0SLionel Sambuc #endif
34ebfedea0SLionel Sambuc 
35ebfedea0SLionel Sambuc #if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
36ebfedea0SLionel Sambuc # if defined(__GNUC__) && __GNUC__>=2
37ebfedea0SLionel Sambuc #  if defined(__x86_64) || defined(__x86_64__)
38ebfedea0SLionel Sambuc #   define BSWAP8(x) ({ u64 ret=(x);                    \
39ebfedea0SLionel Sambuc                         asm ("bswapq %0"                \
40ebfedea0SLionel Sambuc                         : "+r"(ret));   ret;            })
41ebfedea0SLionel Sambuc #   define BSWAP4(x) ({ u32 ret=(x);                    \
42ebfedea0SLionel Sambuc                         asm ("bswapl %0"                \
43ebfedea0SLionel Sambuc                         : "+r"(ret));   ret;            })
44ebfedea0SLionel Sambuc #  elif (defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)
45ebfedea0SLionel Sambuc #   define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x);     \
46ebfedea0SLionel Sambuc                         asm ("bswapl %0; bswapl %1"     \
47ebfedea0SLionel Sambuc                         : "+r"(hi),"+r"(lo));           \
48ebfedea0SLionel Sambuc                         (u64)hi<<32|lo;                 })
49ebfedea0SLionel Sambuc #   define BSWAP4(x) ({ u32 ret=(x);                    \
50ebfedea0SLionel Sambuc                         asm ("bswapl %0"                \
51ebfedea0SLionel Sambuc                         : "+r"(ret));   ret;            })
52ebfedea0SLionel Sambuc #  elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT)
53ebfedea0SLionel Sambuc #   define BSWAP8(x) ({  u32 lo=(u64)(x)>>32,hi=(x);     \
54ebfedea0SLionel Sambuc                         asm ("rev %0,%0; rev %1,%1"     \
55ebfedea0SLionel Sambuc                         : "+r"(hi),"+r"(lo));           \
56ebfedea0SLionel Sambuc                         (u64)hi<<32|lo;                 })
57ebfedea0SLionel Sambuc #   define BSWAP4(x) ({ u32 ret;                        \
58ebfedea0SLionel Sambuc                         asm ("rev %0,%1"                \
59ebfedea0SLionel Sambuc                         : "=r"(ret) : "r"((u32)(x)));   \
60ebfedea0SLionel Sambuc                         ret;                            })
61ebfedea0SLionel Sambuc #  endif
62ebfedea0SLionel Sambuc # elif defined(_MSC_VER)
63ebfedea0SLionel Sambuc #  if _MSC_VER>=1300
64ebfedea0SLionel Sambuc #   pragma intrinsic(_byteswap_uint64,_byteswap_ulong)
65ebfedea0SLionel Sambuc #   define BSWAP8(x)    _byteswap_uint64((u64)(x))
66ebfedea0SLionel Sambuc #   define BSWAP4(x)    _byteswap_ulong((u32)(x))
67ebfedea0SLionel Sambuc #  elif defined(_M_IX86)
_bswap4(u32 val)68*0a6a1f1dSLionel Sambuc __inline u32 _bswap4(u32 val)
69*0a6a1f1dSLionel Sambuc {
70*0a6a1f1dSLionel Sambuc _asm mov eax, val _asm bswap eax}
71ebfedea0SLionel Sambuc #   define BSWAP4(x)    _bswap4(x)
72ebfedea0SLionel Sambuc #  endif
73ebfedea0SLionel Sambuc # endif
74ebfedea0SLionel Sambuc #endif
75ebfedea0SLionel Sambuc #if defined(BSWAP4) && !defined(STRICT_ALIGNMENT)
76ebfedea0SLionel Sambuc # define GETU32(p)       BSWAP4(*(const u32 *)(p))
77ebfedea0SLionel Sambuc # define PUTU32(p,v)     *(u32 *)(p) = BSWAP4(v)
78ebfedea0SLionel Sambuc #else
79ebfedea0SLionel Sambuc # define GETU32(p)       ((u32)(p)[0]<<24|(u32)(p)[1]<<16|(u32)(p)[2]<<8|(u32)(p)[3])
80ebfedea0SLionel Sambuc # define PUTU32(p,v)     ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v))
81ebfedea0SLionel Sambuc #endif
82*0a6a1f1dSLionel Sambuc /*- GCM definitions */ typedef struct {
83*0a6a1f1dSLionel Sambuc     u64 hi, lo;
84*0a6a1f1dSLionel Sambuc } u128;
85ebfedea0SLionel Sambuc 
86ebfedea0SLionel Sambuc #ifdef  TABLE_BITS
87ebfedea0SLionel Sambuc # undef  TABLE_BITS
88ebfedea0SLionel Sambuc #endif
89ebfedea0SLionel Sambuc /*
90ebfedea0SLionel Sambuc  * Even though permitted values for TABLE_BITS are 8, 4 and 1, it should
91ebfedea0SLionel Sambuc  * never be set to 8 [or 1]. For further information see gcm128.c.
92ebfedea0SLionel Sambuc  */
93ebfedea0SLionel Sambuc #define TABLE_BITS 4
94ebfedea0SLionel Sambuc 
95ebfedea0SLionel Sambuc struct gcm128_context {
96ebfedea0SLionel Sambuc     /* Following 6 names follow names in GCM specification */
97*0a6a1f1dSLionel Sambuc     union {
98*0a6a1f1dSLionel Sambuc         u64 u[2];
99*0a6a1f1dSLionel Sambuc         u32 d[4];
100*0a6a1f1dSLionel Sambuc         u8 c[16];
101*0a6a1f1dSLionel Sambuc         size_t t[16 / sizeof(size_t)];
102*0a6a1f1dSLionel Sambuc     } Yi, EKi, EK0, len, Xi, H;
103*0a6a1f1dSLionel Sambuc     /*
104*0a6a1f1dSLionel Sambuc      * Relative position of Xi, H and pre-computed Htable is used in some
105*0a6a1f1dSLionel Sambuc      * assembler modules, i.e. don't change the order!
106*0a6a1f1dSLionel Sambuc      */
107ebfedea0SLionel Sambuc #if TABLE_BITS==8
108ebfedea0SLionel Sambuc     u128 Htable[256];
109ebfedea0SLionel Sambuc #else
110ebfedea0SLionel Sambuc     u128 Htable[16];
111ebfedea0SLionel Sambuc     void (*gmult) (u64 Xi[2], const u128 Htable[16]);
112*0a6a1f1dSLionel Sambuc     void (*ghash) (u64 Xi[2], const u128 Htable[16], const u8 *inp,
113*0a6a1f1dSLionel Sambuc                    size_t len);
114ebfedea0SLionel Sambuc #endif
115ebfedea0SLionel Sambuc     unsigned int mres, ares;
116ebfedea0SLionel Sambuc     block128_f block;
117ebfedea0SLionel Sambuc     void *key;
118ebfedea0SLionel Sambuc };
119ebfedea0SLionel Sambuc 
120ebfedea0SLionel Sambuc struct xts128_context {
121ebfedea0SLionel Sambuc     void *key1, *key2;
122ebfedea0SLionel Sambuc     block128_f block1, block2;
123ebfedea0SLionel Sambuc };
124ebfedea0SLionel Sambuc 
125ebfedea0SLionel Sambuc struct ccm128_context {
126*0a6a1f1dSLionel Sambuc     union {
127*0a6a1f1dSLionel Sambuc         u64 u[2];
128*0a6a1f1dSLionel Sambuc         u8 c[16];
129*0a6a1f1dSLionel Sambuc     } nonce, cmac;
130ebfedea0SLionel Sambuc     u64 blocks;
131ebfedea0SLionel Sambuc     block128_f block;
132ebfedea0SLionel Sambuc     void *key;
133ebfedea0SLionel Sambuc };
134