xref: /freebsd/sys/opencrypto/gfmult.h (revision 95ee2897e98f5d444f26ed2334cc7c439f9c16c6) 
1*08fca7a5SJohn-Mark Gurney /*-
2*08fca7a5SJohn-Mark Gurney  * Copyright (c) 2014 The FreeBSD Foundation
3*08fca7a5SJohn-Mark Gurney  *
4*08fca7a5SJohn-Mark Gurney  * This software was developed by John-Mark Gurney under
5*08fca7a5SJohn-Mark Gurney  * the sponsorship of the FreeBSD Foundation and
6*08fca7a5SJohn-Mark Gurney  * Rubicon Communications, LLC (Netgate).
7*08fca7a5SJohn-Mark Gurney  * Redistribution and use in source and binary forms, with or without
8*08fca7a5SJohn-Mark Gurney  * modification, are permitted provided that the following conditions
9*08fca7a5SJohn-Mark Gurney  * are met:
10*08fca7a5SJohn-Mark Gurney  * 1.  Redistributions of source code must retain the above copyright
11*08fca7a5SJohn-Mark Gurney  *     notice, this list of conditions and the following disclaimer.
12*08fca7a5SJohn-Mark Gurney  * 2.  Redistributions in binary form must reproduce the above copyright
13*08fca7a5SJohn-Mark Gurney  *     notice, this list of conditions and the following disclaimer in the
14*08fca7a5SJohn-Mark Gurney  *     documentation and/or other materials provided with the distribution.
15*08fca7a5SJohn-Mark Gurney  *
16*08fca7a5SJohn-Mark Gurney  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17*08fca7a5SJohn-Mark Gurney  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18*08fca7a5SJohn-Mark Gurney  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19*08fca7a5SJohn-Mark Gurney  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20*08fca7a5SJohn-Mark Gurney  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21*08fca7a5SJohn-Mark Gurney  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22*08fca7a5SJohn-Mark Gurney  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23*08fca7a5SJohn-Mark Gurney  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24*08fca7a5SJohn-Mark Gurney  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25*08fca7a5SJohn-Mark Gurney  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26*08fca7a5SJohn-Mark Gurney  * SUCH DAMAGE.
27*08fca7a5SJohn-Mark Gurney  *
28*08fca7a5SJohn-Mark Gurney  */
29*08fca7a5SJohn-Mark Gurney 
30*08fca7a5SJohn-Mark Gurney #ifndef _GFMULT_H_
31*08fca7a5SJohn-Mark Gurney #define _GFMULT_H_
32*08fca7a5SJohn-Mark Gurney 
33*08fca7a5SJohn-Mark Gurney #ifdef __APPLE__
34*08fca7a5SJohn-Mark Gurney #define	__aligned(x)    __attribute__((__aligned__(x)))
35*08fca7a5SJohn-Mark Gurney #define	be64dec(buf)	__builtin_bswap64(*(uint64_t *)buf)
36*08fca7a5SJohn-Mark Gurney #define	be64enc(buf, x)	(*(uint64_t *)buf = __builtin_bswap64(x))
37*08fca7a5SJohn-Mark Gurney #else
38*08fca7a5SJohn-Mark Gurney #include <sys/endian.h>
39*08fca7a5SJohn-Mark Gurney #endif
40*08fca7a5SJohn-Mark Gurney 
41*08fca7a5SJohn-Mark Gurney #ifdef _KERNEL
42*08fca7a5SJohn-Mark Gurney #include <sys/types.h>
43*08fca7a5SJohn-Mark Gurney #else
44*08fca7a5SJohn-Mark Gurney #include <stdint.h>
45*08fca7a5SJohn-Mark Gurney #include <strings.h>
46*08fca7a5SJohn-Mark Gurney #endif
47*08fca7a5SJohn-Mark Gurney 
48*08fca7a5SJohn-Mark Gurney #define REQ_ALIGN	(16 * 4)
49*08fca7a5SJohn-Mark Gurney /*
50*08fca7a5SJohn-Mark Gurney  * The rows are striped across cache lines.  Note that the indexes
51*08fca7a5SJohn-Mark Gurney  * are bit reversed to make accesses quicker.
52*08fca7a5SJohn-Mark Gurney  */
53*08fca7a5SJohn-Mark Gurney struct gf128table {
54*08fca7a5SJohn-Mark Gurney 	uint32_t a[16] __aligned(REQ_ALIGN);	/* bits   0 - 31 */
55*08fca7a5SJohn-Mark Gurney 	uint32_t b[16] __aligned(REQ_ALIGN);	/* bits  63 - 32 */
56*08fca7a5SJohn-Mark Gurney 	uint32_t c[16] __aligned(REQ_ALIGN);	/* bits  95 - 64 */
57*08fca7a5SJohn-Mark Gurney 	uint32_t d[16] __aligned(REQ_ALIGN);	/* bits 127 - 96 */
58*08fca7a5SJohn-Mark Gurney } __aligned(REQ_ALIGN);
59*08fca7a5SJohn-Mark Gurney 
60*08fca7a5SJohn-Mark Gurney /*
61*08fca7a5SJohn-Mark Gurney  * A set of tables that contain h, h^2, h^3, h^4.  To be used w/ gf128_mul4.
62*08fca7a5SJohn-Mark Gurney  */
63*08fca7a5SJohn-Mark Gurney struct gf128table4 {
64*08fca7a5SJohn-Mark Gurney 	struct gf128table	tbls[4];
65*08fca7a5SJohn-Mark Gurney };
66*08fca7a5SJohn-Mark Gurney 
67*08fca7a5SJohn-Mark Gurney /*
68*08fca7a5SJohn-Mark Gurney  * GCM per spec is bit reversed in memory.  So byte 0 is really bit reversed
69*08fca7a5SJohn-Mark Gurney  * and contains bits 0-7.  We can deal w/ this by using right shifts and
70*08fca7a5SJohn-Mark Gurney  * related math instead of having to bit reverse everything.  This means that
71*08fca7a5SJohn-Mark Gurney  * the low bits are in v[0] (bits 0-63) and reverse order, while the high
72*08fca7a5SJohn-Mark Gurney  * bits are in v[1] (bits 64-127) and reverse order.  The high bit of v[0] is
73*08fca7a5SJohn-Mark Gurney  * bit 0, and the low bit of v[1] is bit 127.
74*08fca7a5SJohn-Mark Gurney  */
75*08fca7a5SJohn-Mark Gurney struct gf128 {
76*08fca7a5SJohn-Mark Gurney 	uint64_t v[2];
77*08fca7a5SJohn-Mark Gurney };
78*08fca7a5SJohn-Mark Gurney 
79*08fca7a5SJohn-Mark Gurney /* Note that we don't bit reverse in MAKE_GF128. */
80*08fca7a5SJohn-Mark Gurney #define MAKE_GF128(a, b)	((struct gf128){.v = { (a), (b) } })
81*08fca7a5SJohn-Mark Gurney #define GF128_EQ(a, b)		((((a).v[0] ^ (b).v[0]) | \
82*08fca7a5SJohn-Mark Gurney 				    ((a).v[1] ^ (b).v[1])) == 0)
83*08fca7a5SJohn-Mark Gurney 
84*08fca7a5SJohn-Mark Gurney static inline struct gf128
gf128_read(const uint8_t * buf)85*08fca7a5SJohn-Mark Gurney gf128_read(const uint8_t *buf)
86*08fca7a5SJohn-Mark Gurney {
87*08fca7a5SJohn-Mark Gurney 	struct gf128 r;
88*08fca7a5SJohn-Mark Gurney 
89*08fca7a5SJohn-Mark Gurney 	r.v[0] = be64dec(buf);
90*08fca7a5SJohn-Mark Gurney 	buf += sizeof(uint64_t);
91*08fca7a5SJohn-Mark Gurney 
92*08fca7a5SJohn-Mark Gurney 	r.v[1] = be64dec(buf);
93*08fca7a5SJohn-Mark Gurney 
94*08fca7a5SJohn-Mark Gurney 	return r;
95*08fca7a5SJohn-Mark Gurney }
96*08fca7a5SJohn-Mark Gurney 
97*08fca7a5SJohn-Mark Gurney static inline void
gf128_write(struct gf128 v,uint8_t * buf)98*08fca7a5SJohn-Mark Gurney gf128_write(struct gf128 v, uint8_t *buf)
99*08fca7a5SJohn-Mark Gurney {
100*08fca7a5SJohn-Mark Gurney 	uint64_t tmp;
101*08fca7a5SJohn-Mark Gurney 
102*08fca7a5SJohn-Mark Gurney 	be64enc(buf, v.v[0]);
103*08fca7a5SJohn-Mark Gurney 	buf += sizeof tmp;
104*08fca7a5SJohn-Mark Gurney 
105*08fca7a5SJohn-Mark Gurney 	be64enc(buf, v.v[1]);
106*08fca7a5SJohn-Mark Gurney }
107*08fca7a5SJohn-Mark Gurney 
108*08fca7a5SJohn-Mark Gurney static inline struct gf128 __pure /* XXX - __pure2 instead */
gf128_add(struct gf128 a,struct gf128 b)109*08fca7a5SJohn-Mark Gurney gf128_add(struct gf128 a, struct gf128 b)
110*08fca7a5SJohn-Mark Gurney {
111*08fca7a5SJohn-Mark Gurney 	a.v[0] ^= b.v[0];
112*08fca7a5SJohn-Mark Gurney 	a.v[1] ^= b.v[1];
113*08fca7a5SJohn-Mark Gurney 
114*08fca7a5SJohn-Mark Gurney 	return a;
115*08fca7a5SJohn-Mark Gurney }
116*08fca7a5SJohn-Mark Gurney 
117*08fca7a5SJohn-Mark Gurney void gf128_genmultable(struct gf128 h, struct gf128table *t);
118*08fca7a5SJohn-Mark Gurney void gf128_genmultable4(struct gf128 h, struct gf128table4 *t);
119*08fca7a5SJohn-Mark Gurney struct gf128 gf128_mul(struct gf128 v, struct gf128table *tbl);
120*08fca7a5SJohn-Mark Gurney struct gf128 gf128_mul4(struct gf128 a, struct gf128 b, struct gf128 c,
121*08fca7a5SJohn-Mark Gurney     struct gf128 d, struct gf128table4 *tbl);
122*08fca7a5SJohn-Mark Gurney struct gf128 gf128_mul4b(struct gf128 r, const uint8_t *v,
123*08fca7a5SJohn-Mark Gurney     struct gf128table4 *tbl);
124*08fca7a5SJohn-Mark Gurney 
125*08fca7a5SJohn-Mark Gurney #endif /* _GFMULT_H_ */
126