summaryrefslogtreecommitdiffstats
path: root/src/crypto/mac/ghash
diff options
context:
space:
mode:
authorMatthias Schiffer <mschiffer@universe-factory.net>2014-05-29 05:00:11 +0200
committerMatthias Schiffer <mschiffer@universe-factory.net>2014-05-29 05:00:11 +0200
commit2fe678653b7dd9f61dbbcd5e7d862360882bd7e8 (patch)
tree38c9dabad94845e848373b15788fcd7ae089218e /src/crypto/mac/ghash
parentefcafca969d2e789cdf106609b04a86ef9b53a3d (diff)
downloadfastd-2fe678653b7dd9f61dbbcd5e7d862360882bd7e8.tar
fastd-2fe678653b7dd9f61dbbcd5e7d862360882bd7e8.zip
Document *everything*
Diffstat (limited to 'src/crypto/mac/ghash')
-rw-r--r--src/crypto/mac/ghash/builtin/ghash_builtin.c16
-rw-r--r--src/crypto/mac/ghash/ghash.c8
-rw-r--r--src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq.c8
-rw-r--r--src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq.h6
-rw-r--r--src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq_impl.c22
5 files changed, 56 insertions, 4 deletions
diff --git a/src/crypto/mac/ghash/builtin/ghash_builtin.c b/src/crypto/mac/ghash/builtin/ghash_builtin.c
index 28e9292..0b957a4 100644
--- a/src/crypto/mac/ghash/builtin/ghash_builtin.c
+++ b/src/crypto/mac/ghash/builtin/ghash_builtin.c
@@ -23,18 +23,27 @@
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
+/**
+ \file
+
+ Portable, table-based GHASH implementation
+*/
+
#include "../../../../crypto.h"
+/** MAC state used by this GHASH implmentation */
struct fastd_mac_state {
- fastd_block128_t H[32][16];
+ fastd_block128_t H[32][16]; /**< Lookup table unpacked from the hash key */
};
+/** Lower 128 bit of the modulus \f$ x^{128} + x^7 + x^2 + x + 1 \f$ */
static const fastd_block128_t r = { .b = {0xe1} };
+/** Right shift of a 128bit integer by up to 8 bytes */
static inline uint8_t shr(fastd_block128_t *out, const fastd_block128_t *in, int n) {
size_t i;
uint8_t c = 0;
@@ -48,6 +57,7 @@ static inline uint8_t shr(fastd_block128_t *out, const fastd_block128_t *in, int
return (c >> (8-n));
}
+/** Galois field multiplication of a 128bit integer with H */
static inline void mulH_a(fastd_block128_t *x, const fastd_mac_state_t *cstate) {
fastd_block128_t out = {};
@@ -61,6 +71,7 @@ static inline void mulH_a(fastd_block128_t *x, const fastd_mac_state_t *cstate)
}
+/** Initializes the MAC state with the unpacked key data */
static fastd_mac_state_t* ghash_init(const uint8_t *key) {
fastd_mac_state_t *state;
if (posix_memalign((void**)&state, 16, sizeof(fastd_mac_state_t)))
@@ -107,6 +118,7 @@ static fastd_mac_state_t* ghash_init(const uint8_t *key) {
return state;
}
+/** Calculates the GHASH of the supplied blocks */
static bool ghash_hash(const fastd_mac_state_t *state, fastd_block128_t *out, const fastd_block128_t *in, size_t n_blocks) {
memset(out, 0, sizeof(fastd_block128_t));
@@ -119,6 +131,7 @@ static bool ghash_hash(const fastd_mac_state_t *state, fastd_block128_t *out, co
return true;
}
+/** Frees the MAC state */
static void ghash_free(fastd_mac_state_t *state) {
if (state) {
secure_memzero(state, sizeof(*state));
@@ -126,6 +139,7 @@ static void ghash_free(fastd_mac_state_t *state) {
}
}
+/** The builtin GHASH implementation */
const fastd_mac_t fastd_mac_ghash_builtin = {
.init = ghash_init,
.hash = ghash_hash,
diff --git a/src/crypto/mac/ghash/ghash.c b/src/crypto/mac/ghash/ghash.c
index 5976131..0ba6440 100644
--- a/src/crypto/mac/ghash/ghash.c
+++ b/src/crypto/mac/ghash/ghash.c
@@ -23,10 +23,18 @@
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
+/**
+ \file
+
+ General information about the GHASH algorithm
+
+ \sa http://en.wikipedia.org/wiki/Galois/Counter_Mode
+*/
#include "../../../crypto.h"
+/** MAC info about the GHASH algorithm */
const fastd_mac_info_t fastd_mac_info_ghash = {
.key_length = 16,
};
diff --git a/src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq.c b/src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq.c
index e335a82..5d5977a 100644
--- a/src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq.c
+++ b/src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq.c
@@ -23,17 +23,25 @@
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
+/**
+ \file
+
+ PCLMULQDQ-based GHASH implementation for newer x86 systems
+*/
+
#include "ghash_pclmulqdq.h"
#include "../../../../cpuid.h"
+/** Checks if the runtime platform can support the PCLMULQDQ implementation */
static bool ghash_available(void) {
static const uint64_t REQ = CPUID_FXSR|CPUID_SSSE3|CPUID_PCLMULQDQ;
return ((fastd_cpuid()&REQ) == REQ);
}
+/** The pclmulqdq ghash implementation */
const fastd_mac_t fastd_mac_ghash_pclmulqdq = {
.available = ghash_available,
diff --git a/src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq.h b/src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq.h
index c2cf4e3..51ef5da 100644
--- a/src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq.h
+++ b/src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq.h
@@ -23,6 +23,12 @@
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
+/**
+ \file
+
+ PCLMULQDQ-based GHASH implementation for newer x86 systems
+*/
+
#pragma once
diff --git a/src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq_impl.c b/src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq_impl.c
index 9dc0a32..49c036a 100644
--- a/src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq_impl.c
+++ b/src/crypto/mac/ghash/pclmulqdq/ghash_pclmulqdq_impl.c
@@ -23,6 +23,12 @@
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
+/**
+ \file
+
+ PCLMULQDQ-based GHASH implementation for newer x86 systems: implementation
+*/
+
#include "ghash_pclmulqdq.h"
#include <wmmintrin.h>
@@ -30,16 +36,19 @@
#include <tmmintrin.h>
+/** An union allowing easy access to a block as a SIMD vector and a fastd_block128_t */
typedef union vecblock {
- __m128i v;
- fastd_block128_t b;
+ __m128i v; /**< __m128i access */
+ fastd_block128_t b; /**< fastd_block128_t access */
} vecblock_t;
+/** The MAC state used by this GHASH implementation */
struct fastd_mac_state {
- vecblock_t H;
+ vecblock_t H; /**< The hash key used by GHASH */
};
+/** Left shift on a 128bit integer */
static inline __m128i shl(__m128i v, int a) {
__m128i tmpl = _mm_slli_epi64(v, a);
__m128i tmpr = _mm_srli_epi64(v, 64-a);
@@ -48,6 +57,7 @@ static inline __m128i shl(__m128i v, int a) {
return _mm_xor_si128(tmpl, tmpr);
}
+/** Right shift on a 128bit integer */
static inline __m128i shr(__m128i v, int a) {
__m128i tmpr = _mm_srli_epi64(v, a);
__m128i tmpl = _mm_slli_epi64(v, 64-a);
@@ -56,13 +66,16 @@ static inline __m128i shr(__m128i v, int a) {
return _mm_xor_si128(tmpr, tmpl);
}
+/** _mm_shuffle_epi8 parameter to reverse the bytes of a __m128i */
static const __v16qi BYTESWAP_SHUFFLE = {15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0};
+/** Reverses the order of the bytes of a __m128i */
static inline __m128i byteswap(__m128i v) {
return _mm_shuffle_epi8(v, (__m128i)BYTESWAP_SHUFFLE);
}
+/** Initializes the state used by this GHASH implementation */
fastd_mac_state_t* fastd_ghash_pclmulqdq_init(const uint8_t *key) {
fastd_mac_state_t *state;
if (posix_memalign((void**)&state, 16, sizeof(fastd_mac_state_t)))
@@ -74,6 +87,7 @@ fastd_mac_state_t* fastd_ghash_pclmulqdq_init(const uint8_t *key) {
return state;
}
+/** Frees the state used by this GHASH implementation */
void fastd_ghash_pclmulqdq_free(fastd_mac_state_t *state) {
if (state) {
secure_memzero(state, sizeof(*state));
@@ -81,6 +95,7 @@ void fastd_ghash_pclmulqdq_free(fastd_mac_state_t *state) {
}
}
+/** Performs a carryless multiplication of two 128bit integers modulo \f$ x^{128} + x^7 + x^2 + x + 1 \f$ */
static __m128i gmul(__m128i v, __m128i h) {
/* multiply */
__m128i z0, z1, z2, tmp;
@@ -134,6 +149,7 @@ static __m128i gmul(__m128i v, __m128i h) {
}
+/** Calculates the GHASH of the supplied input blocks */
bool fastd_ghash_pclmulqdq_hash(const fastd_mac_state_t *state, fastd_block128_t *out, const fastd_block128_t *in, size_t n_blocks) {
vecblock_t v = {.v = _mm_setzero_si128()};