Page Menu
Home
FreeBSD
Search
Configure Global Search
Log In
Files
F96200876
D28948.id84759.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Flag For Later
Award Token
Size
5 KB
Referenced Files
None
Subscribers
None
D28948.id84759.diff
View Options
Index: sys/crypto/armv8/armv8_crypto_wrap.c
===================================================================
--- sys/crypto/armv8/armv8_crypto_wrap.c
+++ sys/crypto/armv8/armv8_crypto_wrap.c
@@ -242,46 +242,71 @@
uint8_t aes_counter[AES_BLOCK_LEN];
};
-void
-armv8_aes_encrypt_gcm(AES_key_t *aes_key, size_t len,
- const uint8_t *from, uint8_t *to,
- size_t authdatalen, const uint8_t *authdata,
- uint8_t tag[static GMAC_DIGEST_LEN],
- const uint8_t iv[static AES_GCM_IV_LEN],
- const __uint128_val_t *Htable)
+static void
+armv8_aes_gmac_setup(struct armv8_gcm_state *s, AES_key_t *aes_key,
+ const uint8_t *authdata, size_t authdatalen,
+ const uint8_t iv[static AES_GCM_IV_LEN], const __uint128_val_t *Htable)
{
- struct armv8_gcm_state s;
- const uint64_t *from64;
- uint64_t *to64;
uint8_t block[AES_BLOCK_LEN];
- size_t i, trailer;
+ size_t trailer;
- bzero(&s.aes_counter, AES_BLOCK_LEN);
- memcpy(s.aes_counter, iv, AES_GCM_IV_LEN);
+ bzero(s->aes_counter, AES_BLOCK_LEN);
+ memcpy(s->aes_counter, iv, AES_GCM_IV_LEN);
/* Setup the counter */
- s.aes_counter[AES_BLOCK_LEN - 1] = 1;
+ s->aes_counter[AES_BLOCK_LEN - 1] = 1;
/* EK0 for a final GMAC round */
- aes_v8_encrypt(s.aes_counter, s.EK0.c, aes_key);
+ aes_v8_encrypt(s->aes_counter, s->EK0.c, aes_key);
/* GCM starts with 2 as counter, 1 is used for final xor of tag. */
- s.aes_counter[AES_BLOCK_LEN - 1] = 2;
+ s->aes_counter[AES_BLOCK_LEN - 1] = 2;
- memset(s.Xi.c, 0, sizeof(s.Xi.c));
+ memset(s->Xi.c, 0, sizeof(s->Xi.c));
trailer = authdatalen % AES_BLOCK_LEN;
if (authdatalen - trailer > 0) {
- gcm_ghash_v8(s.Xi.u, Htable, authdata, authdatalen - trailer);
+ gcm_ghash_v8(s->Xi.u, Htable, authdata, authdatalen - trailer);
authdata += authdatalen - trailer;
}
if (trailer > 0 || authdatalen == 0) {
memset(block, 0, sizeof(block));
memcpy(block, authdata, trailer);
- gcm_ghash_v8(s.Xi.u, Htable, block, AES_BLOCK_LEN);
+ gcm_ghash_v8(s->Xi.u, Htable, block, AES_BLOCK_LEN);
}
+}
- from64 = (const uint64_t*)from;
- to64 = (uint64_t*)to;
+static void
+armv8_aes_gmac_finish(struct armv8_gcm_state *s, size_t len,
+ size_t authdatalen, const __uint128_val_t *Htable)
+{
+ /* Lengths block */
+ s->lenblock.u[0] = s->lenblock.u[1] = 0;
+ s->lenblock.d[1] = htobe32(authdatalen * 8);
+ s->lenblock.d[3] = htobe32(len * 8);
+ gcm_ghash_v8(s->Xi.u, Htable, s->lenblock.c, AES_BLOCK_LEN);
+
+ s->Xi.u[0] ^= s->EK0.u[0];
+ s->Xi.u[1] ^= s->EK0.u[1];
+}
+
+void
+armv8_aes_encrypt_gcm(AES_key_t *aes_key, size_t len,
+ const uint8_t *from, uint8_t *to,
+ size_t authdatalen, const uint8_t *authdata,
+ uint8_t tag[static GMAC_DIGEST_LEN],
+ const uint8_t iv[static AES_GCM_IV_LEN],
+ const __uint128_val_t *Htable)
+{
+ struct armv8_gcm_state s;
+ const uint64_t *from64;
+ uint64_t *to64;
+ uint8_t block[AES_BLOCK_LEN];
+ size_t i, trailer;
+
+ armv8_aes_gmac_setup(&s, aes_key, authdata, authdatalen, iv, Htable);
+
+ from64 = (const uint64_t *)from;
+ to64 = (uint64_t *)to;
trailer = len % AES_BLOCK_LEN;
for (i = 0; i < (len - trailer); i += AES_BLOCK_LEN) {
@@ -309,14 +334,7 @@
gcm_ghash_v8(s.Xi.u, Htable, block, AES_BLOCK_LEN);
}
- /* Lengths block */
- s.lenblock.u[0] = s.lenblock.u[1] = 0;
- s.lenblock.d[1] = htobe32(authdatalen * 8);
- s.lenblock.d[3] = htobe32(len * 8);
- gcm_ghash_v8(s.Xi.u, Htable, s.lenblock.c, AES_BLOCK_LEN);
-
- s.Xi.u[0] ^= s.EK0.u[0];
- s.Xi.u[1] ^= s.EK0.u[1];
+ armv8_aes_gmac_finish(&s, len, authdatalen, Htable);
memcpy(tag, s.Xi.c, GMAC_DIGEST_LEN);
explicit_bzero(&s, sizeof(s));
@@ -338,26 +356,8 @@
int error;
error = 0;
- bzero(&s.aes_counter, AES_BLOCK_LEN);
- memcpy(s.aes_counter, iv, AES_GCM_IV_LEN);
-
- /* Setup the counter */
- s.aes_counter[AES_BLOCK_LEN - 1] = 1;
-
- /* EK0 for a final GMAC round */
- aes_v8_encrypt(s.aes_counter, s.EK0.c, aes_key);
- memset(s.Xi.c, 0, sizeof(s.Xi.c));
- trailer = authdatalen % AES_BLOCK_LEN;
- if (authdatalen - trailer > 0) {
- gcm_ghash_v8(s.Xi.u, Htable, authdata, authdatalen - trailer);
- authdata += authdatalen - trailer;
- }
- if (trailer > 0 || authdatalen == 0) {
- memset(block, 0, sizeof(block));
- memcpy(block, authdata, trailer);
- gcm_ghash_v8(s.Xi.u, Htable, block, AES_BLOCK_LEN);
- }
+ armv8_aes_gmac_setup(&s, aes_key, authdata, authdatalen, iv, Htable);
trailer = len % AES_BLOCK_LEN;
if (len - trailer > 0)
@@ -368,24 +368,15 @@
gcm_ghash_v8(s.Xi.u, Htable, block, AES_BLOCK_LEN);
}
- /* Lengths block */
- s.lenblock.u[0] = s.lenblock.u[1] = 0;
- s.lenblock.d[1] = htobe32(authdatalen * 8);
- s.lenblock.d[3] = htobe32(len * 8);
- gcm_ghash_v8(s.Xi.u, Htable, s.lenblock.c, AES_BLOCK_LEN);
+ armv8_aes_gmac_finish(&s, len, authdatalen, Htable);
- s.Xi.u[0] ^= s.EK0.u[0];
- s.Xi.u[1] ^= s.EK0.u[1];
if (timingsafe_bcmp(tag, s.Xi.c, GMAC_DIGEST_LEN) != 0) {
error = EBADMSG;
goto out;
}
- /* GCM starts with 2 as counter, 1 is used for final xor of tag. */
- s.aes_counter[AES_BLOCK_LEN - 1] = 2;
-
- from64 = (const uint64_t*)from;
- to64 = (uint64_t*)to;
+ from64 = (const uint64_t *)from;
+ to64 = (uint64_t *)to;
for (i = 0; i < (len - trailer); i += AES_BLOCK_LEN) {
aes_v8_encrypt(s.aes_counter, s.EKi.c, aes_key);
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Wed, Sep 25, 1:09 AM (21 h, 40 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
12717197
Default Alt Text
D28948.id84759.diff (5 KB)
Attached To
Mode
D28948: armv8crypto: Factor out some GCM code
Attached
Detach File
Event Timeline
Log In to Comment