diff options
author | Matthias Schiffer <mschiffer@universe-factory.net> | 2014-05-29 05:00:11 +0200 |
---|---|---|
committer | Matthias Schiffer <mschiffer@universe-factory.net> | 2014-05-29 05:00:11 +0200 |
commit | 2fe678653b7dd9f61dbbcd5e7d862360882bd7e8 (patch) | |
tree | 38c9dabad94845e848373b15788fcd7ae089218e /src/crypto/mac/ghash | |
parent | efcafca969d2e789cdf106609b04a86ef9b53a3d (diff) | |
download | fastd-2fe678653b7dd9f61dbbcd5e7d862360882bd7e8.tar fastd-2fe678653b7dd9f61dbbcd5e7d862360882bd7e8.zip |
Document *everything*
Diffstat (limited to 'src/crypto/mac/ghash')
-rw-r--r-- | src/crypto/mac/ghash/builtin/ghash_builtin.c | 16 | ||||
-rw-r--r-- | src/crypto/mac/ghash/ghash.c | 8 | ||||
-rw-r--r-- | src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq.c | 8 | ||||
-rw-r--r-- | src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq.h | 6 | ||||
-rw-r--r-- | src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq_impl.c | 22 |
5 files changed, 56 insertions, 4 deletions
diff --git a/src/crypto/mac/ghash/builtin/ghash_builtin.c b/src/crypto/mac/ghash/builtin/ghash_builtin.c index 28e9292..0b957a4 100644 --- a/src/crypto/mac/ghash/builtin/ghash_builtin.c +++ b/src/crypto/mac/ghash/builtin/ghash_builtin.c @@ -23,18 +23,27 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/** + \file + + Portable, table-based GHASH implementation +*/ + #include "../../../../crypto.h" +/** MAC state used by this GHASH implmentation */ struct fastd_mac_state { - fastd_block128_t H[32][16]; + fastd_block128_t H[32][16]; /**< Lookup table unpacked from the hash key */ }; +/** Lower 128 bit of the modulus \f$ x^{128} + x^7 + x^2 + x + 1 \f$ */ static const fastd_block128_t r = { .b = {0xe1} }; +/** Right shift of a 128bit integer by up to 8 bytes */ static inline uint8_t shr(fastd_block128_t *out, const fastd_block128_t *in, int n) { size_t i; uint8_t c = 0; @@ -48,6 +57,7 @@ static inline uint8_t shr(fastd_block128_t *out, const fastd_block128_t *in, int return (c >> (8-n)); } +/** Galois field multiplication of a 128bit integer with H */ static inline void mulH_a(fastd_block128_t *x, const fastd_mac_state_t *cstate) { fastd_block128_t out = {}; @@ -61,6 +71,7 @@ static inline void mulH_a(fastd_block128_t *x, const fastd_mac_state_t *cstate) } +/** Initializes the MAC state with the unpacked key data */ static fastd_mac_state_t* ghash_init(const uint8_t *key) { fastd_mac_state_t *state; if (posix_memalign((void**)&state, 16, sizeof(fastd_mac_state_t))) @@ -107,6 +118,7 @@ static fastd_mac_state_t* ghash_init(const uint8_t *key) { return state; } +/** Calculates the GHASH of the supplied blocks */ static bool ghash_hash(const fastd_mac_state_t *state, fastd_block128_t *out, const fastd_block128_t *in, size_t n_blocks) { memset(out, 0, sizeof(fastd_block128_t)); @@ -119,6 +131,7 @@ static bool ghash_hash(const fastd_mac_state_t *state, fastd_block128_t *out, co return true; } +/** Frees the MAC state */ static void ghash_free(fastd_mac_state_t *state) { if (state) { secure_memzero(state, sizeof(*state)); @@ -126,6 +139,7 @@ static void ghash_free(fastd_mac_state_t *state) { } } +/** The builtin GHASH implementation */ const fastd_mac_t fastd_mac_ghash_builtin = { .init = ghash_init, .hash = ghash_hash, diff --git a/src/crypto/mac/ghash/ghash.c b/src/crypto/mac/ghash/ghash.c index 5976131..0ba6440 100644 --- a/src/crypto/mac/ghash/ghash.c +++ b/src/crypto/mac/ghash/ghash.c @@ -23,10 +23,18 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/** + \file + + General information about the GHASH algorithm + + \sa http://en.wikipedia.org/wiki/Galois/Counter_Mode +*/ #include "../../../crypto.h" +/** MAC info about the GHASH algorithm */ const fastd_mac_info_t fastd_mac_info_ghash = { .key_length = 16, }; diff --git a/src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq.c b/src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq.c index e335a82..5d5977a 100644 --- a/src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq.c +++ b/src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq.c @@ -23,17 +23,25 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/** + \file + + PCLMULQDQ-based GHASH implementation for newer x86 systems +*/ + #include "ghash_pclmulqdq.h" #include "../../../../cpuid.h" +/** Checks if the runtime platform can support the PCLMULQDQ implementation */ static bool ghash_available(void) { static const uint64_t REQ = CPUID_FXSR|CPUID_SSSE3|CPUID_PCLMULQDQ; return ((fastd_cpuid()&REQ) == REQ); } +/** The pclmulqdq ghash implementation */ const fastd_mac_t fastd_mac_ghash_pclmulqdq = { .available = ghash_available, diff --git a/src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq.h b/src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq.h index c2cf4e3..51ef5da 100644 --- a/src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq.h +++ b/src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq.h @@ -23,6 +23,12 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/** + \file + + PCLMULQDQ-based GHASH implementation for newer x86 systems +*/ + #pragma once diff --git a/src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq_impl.c b/src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq_impl.c index 9dc0a32..49c036a 100644 --- a/src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq_impl.c +++ b/src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq_impl.c @@ -23,6 +23,12 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/** + \file + + PCLMULQDQ-based GHASH implementation for newer x86 systems: implementation +*/ + #include "ghash_pclmulqdq.h" #include <wmmintrin.h> @@ -30,16 +36,19 @@ #include <tmmintrin.h> +/** An union allowing easy access to a block as a SIMD vector and a fastd_block128_t */ typedef union vecblock { - __m128i v; - fastd_block128_t b; + __m128i v; /**< __m128i access */ + fastd_block128_t b; /**< fastd_block128_t access */ } vecblock_t; +/** The MAC state used by this GHASH implementation */ struct fastd_mac_state { - vecblock_t H; + vecblock_t H; /**< The hash key used by GHASH */ }; +/** Left shift on a 128bit integer */ static inline __m128i shl(__m128i v, int a) { __m128i tmpl = _mm_slli_epi64(v, a); __m128i tmpr = _mm_srli_epi64(v, 64-a); @@ -48,6 +57,7 @@ static inline __m128i shl(__m128i v, int a) { return _mm_xor_si128(tmpl, tmpr); } +/** Right shift on a 128bit integer */ static inline __m128i shr(__m128i v, int a) { __m128i tmpr = _mm_srli_epi64(v, a); __m128i tmpl = _mm_slli_epi64(v, 64-a); @@ -56,13 +66,16 @@ static inline __m128i shr(__m128i v, int a) { return _mm_xor_si128(tmpr, tmpl); } +/** _mm_shuffle_epi8 parameter to reverse the bytes of a __m128i */ static const __v16qi BYTESWAP_SHUFFLE = {15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0}; +/** Reverses the order of the bytes of a __m128i */ static inline __m128i byteswap(__m128i v) { return _mm_shuffle_epi8(v, (__m128i)BYTESWAP_SHUFFLE); } +/** Initializes the state used by this GHASH implementation */ fastd_mac_state_t* fastd_ghash_pclmulqdq_init(const uint8_t *key) { fastd_mac_state_t *state; if (posix_memalign((void**)&state, 16, sizeof(fastd_mac_state_t))) @@ -74,6 +87,7 @@ fastd_mac_state_t* fastd_ghash_pclmulqdq_init(const uint8_t *key) { return state; } +/** Frees the state used by this GHASH implementation */ void fastd_ghash_pclmulqdq_free(fastd_mac_state_t *state) { if (state) { secure_memzero(state, sizeof(*state)); @@ -81,6 +95,7 @@ void fastd_ghash_pclmulqdq_free(fastd_mac_state_t *state) { } } +/** Performs a carryless multiplication of two 128bit integers modulo \f$ x^{128} + x^7 + x^2 + x + 1 \f$ */ static __m128i gmul(__m128i v, __m128i h) { /* multiply */ __m128i z0, z1, z2, tmp; @@ -134,6 +149,7 @@ static __m128i gmul(__m128i v, __m128i h) { } +/** Calculates the GHASH of the supplied input blocks */ bool fastd_ghash_pclmulqdq_hash(const fastd_mac_state_t *state, fastd_block128_t *out, const fastd_block128_t *in, size_t n_blocks) { vecblock_t v = {.v = _mm_setzero_si128()}; |