1238384Sjkim/* ==================================================================== 2238384Sjkim * Copyright (c) 2010 The OpenSSL Project. All rights reserved. 3238384Sjkim * 4238384Sjkim * Redistribution and use is governed by OpenSSL license. 5238384Sjkim * ==================================================================== 6238384Sjkim */ 7238384Sjkim 8238384Sjkim#include <openssl/modes.h> 9238384Sjkim 10238384Sjkim#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) 11238384Sjkimtypedef __int64 i64; 12238384Sjkimtypedef unsigned __int64 u64; 13296341Sdelphij# define U64(C) C##UI64 14238384Sjkim#elif defined(__arch64__) 15238384Sjkimtypedef long i64; 16238384Sjkimtypedef unsigned long u64; 17296341Sdelphij# define U64(C) C##UL 18238384Sjkim#else 19238384Sjkimtypedef long long i64; 20238384Sjkimtypedef unsigned long long u64; 21296341Sdelphij# define U64(C) C##ULL 22238384Sjkim#endif 23238384Sjkim 24238384Sjkimtypedef unsigned int u32; 25238384Sjkimtypedef unsigned char u8; 26238384Sjkim 27238384Sjkim#define STRICT_ALIGNMENT 1 28296341Sdelphij#if defined(__i386) || defined(__i386__) || \ 29296341Sdelphij defined(__x86_64) || defined(__x86_64__) || \ 30296341Sdelphij defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ 31296341Sdelphij defined(__s390__) || defined(__s390x__) 32238384Sjkim# undef STRICT_ALIGNMENT 33238384Sjkim#endif 34238384Sjkim 35238384Sjkim#if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) 36296341Sdelphij# if defined(__GNUC__) && __GNUC__>=2 37296341Sdelphij# if defined(__x86_64) || defined(__x86_64__) 38296341Sdelphij# define BSWAP8(x) ({ u64 ret=(x); \ 39296341Sdelphij asm ("bswapq %0" \ 40296341Sdelphij : "+r"(ret)); ret; }) 41296341Sdelphij# define BSWAP4(x) ({ u32 ret=(x); \ 42296341Sdelphij asm ("bswapl %0" \ 43296341Sdelphij : "+r"(ret)); ret; }) 44296341Sdelphij# elif (defined(__i386) || defined(__i386__)) && !defined(I386_ONLY) 45296341Sdelphij# define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x); \ 46296341Sdelphij asm ("bswapl %0; bswapl %1" \ 47296341Sdelphij : "+r"(hi),"+r"(lo)); \ 48296341Sdelphij (u64)hi<<32|lo; }) 49296341Sdelphij# define BSWAP4(x) ({ u32 ret=(x); \ 50296341Sdelphij asm ("bswapl %0" \ 51296341Sdelphij : "+r"(ret)); ret; }) 52296341Sdelphij# elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT) 53296341Sdelphij# define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x); \ 54296341Sdelphij asm ("rev %0,%0; rev %1,%1" \ 55296341Sdelphij : "+r"(hi),"+r"(lo)); \ 56296341Sdelphij (u64)hi<<32|lo; }) 57296341Sdelphij# define BSWAP4(x) ({ u32 ret; \ 58296341Sdelphij asm ("rev %0,%1" \ 59296341Sdelphij : "=r"(ret) : "r"((u32)(x))); \ 60296341Sdelphij ret; }) 61296341Sdelphij# endif 62296341Sdelphij# elif defined(_MSC_VER) 63296341Sdelphij# if _MSC_VER>=1300 64296341Sdelphij# pragma intrinsic(_byteswap_uint64,_byteswap_ulong) 65296341Sdelphij# define BSWAP8(x) _byteswap_uint64((u64)(x)) 66296341Sdelphij# define BSWAP4(x) _byteswap_ulong((u32)(x)) 67296341Sdelphij# elif defined(_M_IX86) 68296341Sdelphij__inline u32 _bswap4(u32 val) 69296341Sdelphij{ 70296341Sdelphij_asm mov eax, val _asm bswap eax} 71296341Sdelphij# define BSWAP4(x) _bswap4(x) 72296341Sdelphij# endif 73238384Sjkim# endif 74238384Sjkim#endif 75238384Sjkim#if defined(BSWAP4) && !defined(STRICT_ALIGNMENT) 76296341Sdelphij# define GETU32(p) BSWAP4(*(const u32 *)(p)) 77296341Sdelphij# define PUTU32(p,v) *(u32 *)(p) = BSWAP4(v) 78238384Sjkim#else 79296341Sdelphij# define GETU32(p) ((u32)(p)[0]<<24|(u32)(p)[1]<<16|(u32)(p)[2]<<8|(u32)(p)[3]) 80296341Sdelphij# define PUTU32(p,v) ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v)) 81238384Sjkim#endif 82296341Sdelphij/*- GCM definitions */ typedef struct { 83296341Sdelphij u64 hi, lo; 84296341Sdelphij} u128; 85238384Sjkim 86296341Sdelphij#ifdef TABLE_BITS 87296341Sdelphij# undef TABLE_BITS 88238384Sjkim#endif 89238384Sjkim/* 90238384Sjkim * Even though permitted values for TABLE_BITS are 8, 4 and 1, it should 91238384Sjkim * never be set to 8 [or 1]. For further information see gcm128.c. 92238384Sjkim */ 93296341Sdelphij#define TABLE_BITS 4 94238384Sjkim 95238384Sjkimstruct gcm128_context { 96296341Sdelphij /* Following 6 names follow names in GCM specification */ 97296341Sdelphij union { 98296341Sdelphij u64 u[2]; 99296341Sdelphij u32 d[4]; 100296341Sdelphij u8 c[16]; 101296341Sdelphij size_t t[16 / sizeof(size_t)]; 102296341Sdelphij } Yi, EKi, EK0, len, Xi, H; 103296341Sdelphij /* 104296341Sdelphij * Relative position of Xi, H and pre-computed Htable is used in some 105296341Sdelphij * assembler modules, i.e. don't change the order! 106296341Sdelphij */ 107238384Sjkim#if TABLE_BITS==8 108296341Sdelphij u128 Htable[256]; 109238384Sjkim#else 110296341Sdelphij u128 Htable[16]; 111296341Sdelphij void (*gmult) (u64 Xi[2], const u128 Htable[16]); 112296341Sdelphij void (*ghash) (u64 Xi[2], const u128 Htable[16], const u8 *inp, 113296341Sdelphij size_t len); 114238384Sjkim#endif 115296341Sdelphij unsigned int mres, ares; 116296341Sdelphij block128_f block; 117296341Sdelphij void *key; 118238384Sjkim}; 119238384Sjkim 120238384Sjkimstruct xts128_context { 121296341Sdelphij void *key1, *key2; 122296341Sdelphij block128_f block1, block2; 123238384Sjkim}; 124238384Sjkim 125238384Sjkimstruct ccm128_context { 126296341Sdelphij union { 127296341Sdelphij u64 u[2]; 128296341Sdelphij u8 c[16]; 129296341Sdelphij } nonce, cmac; 130296341Sdelphij u64 blocks; 131296341Sdelphij block128_f block; 132296341Sdelphij void *key; 133238384Sjkim}; 134