cheng/libsodium
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Avoid unnecessary casts for the nonce/counter

Browse Source
This commit is contained in:
Frank Denis 2015-11-26 23:54:46 +01:00
parent d341893ec6
commit ef3a073d13
1 changed files with 14 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c
View File

@ -173,15 +173,7 @@ aesni_encrypt1(unsigned char *out, __m128i nv, const __m128i *rkeys)
X(6); \ X(6); \
X(7) X(7)
#define COUNTER_INC2(N) \ #define COUNTER_INC2(N) (N)[3] += 2
{ \
void *xp = (void *) &(N)[12]; \
uint32_t x; \
\
memcpy(&x, xp, sizeof x); \
x += 2; \
memcpy(xp, &x, sizeof x); \
}
/* create a function of unrolling N ; the MAKEN is the unrolling /* create a function of unrolling N ; the MAKEN is the unrolling
macro, defined above. The N in MAKEN must match N, obviously. */ macro, defined above. The N in MAKEN must match N, obviously. */
@ -526,8 +518,8 @@ crypto_aead_aes256gcm_encrypt_afternm(unsigned char *c, unsigned long long *clen
unsigned long long i, j; unsigned long long i, j;
unsigned long long adlen_rnd64 = adlen & ~63ULL; unsigned long long adlen_rnd64 = adlen & ~63ULL;
unsigned long long mlen_rnd128 = mlen & ~127ULL; unsigned long long mlen_rnd128 = mlen & ~127ULL;
CRYPTO_ALIGN(16) uint32_t n2[4];
CRYPTO_ALIGN(16) unsigned char H[16]; CRYPTO_ALIGN(16) unsigned char H[16];
CRYPTO_ALIGN(16) unsigned char n2[16];
CRYPTO_ALIGN(16) unsigned char T[16]; CRYPTO_ALIGN(16) unsigned char T[16];
CRYPTO_ALIGN(16) unsigned char accum[16]; CRYPTO_ALIGN(16) unsigned char accum[16];
CRYPTO_ALIGN(16) unsigned char fb[16]; CRYPTO_ALIGN(16) unsigned char fb[16];
@ -537,11 +529,8 @@ crypto_aead_aes256gcm_encrypt_afternm(unsigned char *c, unsigned long long *clen
if (mlen > 16ULL * (1ULL << 32)) { if (mlen > 16ULL * (1ULL << 32)) {
abort(); abort();
} }
memcpy(&n2[0], npub, 12); memcpy(&n2[0], npub, 3 * 4);
{ n2[3] = 0x01000000;
const uint32_t one = 0x01000000;
memcpy(&n2[12], &one, sizeof one);
}
aesni_encrypt1(T, _mm_load_si128((const __m128i *) n2), rkeys); aesni_encrypt1(T, _mm_load_si128((const __m128i *) n2), rkeys);
{ {
uint64_t x; uint64_t x;
@ -585,7 +574,7 @@ crypto_aead_aes256gcm_encrypt_afternm(unsigned char *c, unsigned long long *clen
const int lb = iter * 16; \ const int lb = iter * 16; \
\ \
for (i = 0; i < mlen_rnd128; i += lb) { \ for (i = 0; i < mlen_rnd128; i += lb) { \
aesni_encrypt8full(c + i, (uint32_t *) n2, rkeys, m + i, accum, Hv, H2v, H3v, H4v, rev); \ aesni_encrypt8full(c + i, n2, rkeys, m + i, accum, Hv, H2v, H3v, H4v, rev); \
} \ } \
} while(0) } while(0)
@ -599,7 +588,7 @@ crypto_aead_aes256gcm_encrypt_afternm(unsigned char *c, unsigned long long *clen
CRYPTO_ALIGN(16) unsigned char outni[8 * 16]; \ CRYPTO_ALIGN(16) unsigned char outni[8 * 16]; \
unsigned long long mj = lb; \ unsigned long long mj = lb; \
\ \
aesni_encrypt8(outni, (uint32_t *) n2, rkeys); \ aesni_encrypt8(outni, n2, rkeys); \
if ((i + mj) >= mlen) { \ if ((i + mj) >= mlen) { \
mj = mlen - i; \ mj = mlen - i; \
} \ } \
@ -617,7 +606,7 @@ crypto_aead_aes256gcm_encrypt_afternm(unsigned char *c, unsigned long long *clen
} \ } \
} while(0) } while(0)
n2[15] = 0; n2[3] &= 0x00ffffff;
COUNTER_INC2(n2); COUNTER_INC2(n2);
LOOPRND128; LOOPRND128;
LOOPRMD128; LOOPRMD128;
@ -649,8 +638,8 @@ crypto_aead_aes256gcm_decrypt_afternm(unsigned char *m, unsigned long long *mlen
unsigned long long adlen_rnd64 = adlen & ~63ULL; unsigned long long adlen_rnd64 = adlen & ~63ULL;
unsigned long long mlen; unsigned long long mlen;
unsigned long long mlen_rnd128; unsigned long long mlen_rnd128;
CRYPTO_ALIGN(16) uint32_t n2[4];
CRYPTO_ALIGN(16) unsigned char H[16]; CRYPTO_ALIGN(16) unsigned char H[16];
CRYPTO_ALIGN(16) unsigned char n2[16];
CRYPTO_ALIGN(16) unsigned char T[16]; CRYPTO_ALIGN(16) unsigned char T[16];
CRYPTO_ALIGN(16) unsigned char accum[16]; CRYPTO_ALIGN(16) unsigned char accum[16];
CRYPTO_ALIGN(16) unsigned char fb[16]; CRYPTO_ALIGN(16) unsigned char fb[16];
@ -667,11 +656,8 @@ crypto_aead_aes256gcm_decrypt_afternm(unsigned char *m, unsigned long long *mlen
} }
mlen = clen - 16; mlen = clen - 16;
memcpy(&n2[0], npub, 12); memcpy(&n2[0], npub, 3 * 4);
{ n2[3] = 0x01000000;
const uint32_t one = 0x01000000;
memcpy(&n2[12], &one, sizeof one);
}
aesni_encrypt1(T, _mm_load_si128((const __m128i *) n2), rkeys); aesni_encrypt1(T, _mm_load_si128((const __m128i *) n2), rkeys);
{ {
uint64_t x; uint64_t x;
@ -722,7 +708,7 @@ crypto_aead_aes256gcm_decrypt_afternm(unsigned char *m, unsigned long long *mlen
const int lb = iter * 16; \ const int lb = iter * 16; \
\ \
for (i = 0; i < mlen_rnd128; i += lb) { \ for (i = 0; i < mlen_rnd128; i += lb) { \
aesni_decrypt8full(m + i, (uint32_t *) n2, rkeys, c + i); \ aesni_decrypt8full(m + i, n2, rkeys, c + i); \
} \ } \
} while(0) } while(0)
@ -760,13 +746,13 @@ crypto_aead_aes256gcm_decrypt_afternm(unsigned char *m, unsigned long long *mlen
if ((i + mj) >= mlen) { \ if ((i + mj) >= mlen) { \
mj = mlen - i; \ mj = mlen - i; \
} \ } \
aesni_encrypt8(outni, (uint32_t *) n2, rkeys); \ aesni_encrypt8(outni, n2, rkeys); \
for (j = 0; j < mj; j++) { \ for (j = 0; j < mj; j++) { \
m[i + j] = c[i + j] ^ outni[j]; \ m[i + j] = c[i + j] ^ outni[j]; \
} \ } \
} \ } \
} while(0) } while(0)
n2[15] = 0; n2[3] &= 0x00ffffff;
COUNTER_INC2(n2); COUNTER_INC2(n2);
LOOPACCUMDRND128; LOOPACCUMDRND128;
@ -782,7 +768,7 @@ crypto_aead_aes256gcm_decrypt_afternm(unsigned char *m, unsigned long long *mlen
return -1; return -1;
} }
} }
memset(&n2[12], 0, sizeof (uint32_t)); n2[3] = 0U;
COUNTER_INC2(n2); COUNTER_INC2(n2);
LOOPDRND128; LOOPDRND128;
LOOPDRMD128; LOOPDRMD128;