Gitiles
Code Review Sign In
192.168.1.100 / R306 / acd32f0e12acecb1b42a8ed34464f8fd76bcfc80 / . / ap / lib / libssl / openssl-1.1.1o / crypto / modes / modes_local.h
blob: 888141681e69f95bc5637f1eb54cbe9bf3380d49 [file] [log] [blame]
yuezonghe824eb0c2024-06-27 02:32:26 -0700[diff] [blame]1/*
2 * Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <openssl/modes.h>
11
12#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
13typedef __int64 i64;
14typedef unsigned __int64 u64;
15# define U64(C) C##UI64
16#elif defined(__arch64__)
17typedef long i64;
18typedef unsigned long u64;
19# define U64(C) C##UL
20#else
21typedef long long i64;
22typedef unsigned long long u64;
23# define U64(C) C##ULL
24#endif
25
26typedef unsigned int u32;
27typedef unsigned char u8;
28
29#define STRICT_ALIGNMENT 1
30#ifndef PEDANTIC
31# if defined(__i386) || defined(__i386__) || \
32 defined(__x86_64) || defined(__x86_64__) || \
33 defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
34 defined(__aarch64__) || \
35 defined(__s390__) || defined(__s390x__)
36# undef STRICT_ALIGNMENT
37# endif
38#endif
39
40#ifndef STRICT_ALIGNMENT
41# ifdef __GNUC__
42typedef u32 u32_a1 __attribute((__aligned__(1)));
43# else
44typedef u32 u32_a1;
45# endif
46#endif
47
48#if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
49# if defined(__GNUC__) && __GNUC__>=2
50# if defined(__x86_64) || defined(__x86_64__)
51# define BSWAP8(x) ({ u64 ret_=(x); \
52 asm ("bswapq %0" \
53 : "+r"(ret_)); ret_; })
54# define BSWAP4(x) ({ u32 ret_=(x); \
55 asm ("bswapl %0" \
56 : "+r"(ret_)); ret_; })
57# elif (defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)
58# define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x); \
59 asm ("bswapl %0; bswapl %1" \
60 : "+r"(hi_),"+r"(lo_)); \
61 (u64)hi_<<32|lo_; })
62# define BSWAP4(x) ({ u32 ret_=(x); \
63 asm ("bswapl %0" \
64 : "+r"(ret_)); ret_; })
65# elif defined(__aarch64__)
66# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
67 __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
68# define BSWAP8(x) ({ u64 ret_; \
69 asm ("rev %0,%1" \
70 : "=r"(ret_) : "r"(x)); ret_; })
71# define BSWAP4(x) ({ u32 ret_; \
72 asm ("rev %w0,%w1" \
73 : "=r"(ret_) : "r"(x)); ret_; })
74# endif
75# elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT)
76# define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x); \
77 asm ("rev %0,%0; rev %1,%1" \
78 : "+r"(hi_),"+r"(lo_)); \
79 (u64)hi_<<32|lo_; })
80# define BSWAP4(x) ({ u32 ret_; \
81 asm ("rev %0,%1" \
82 : "=r"(ret_) : "r"((u32)(x))); \
83 ret_; })
84# endif
85# elif defined(_MSC_VER)
86# if _MSC_VER>=1300
87# include <stdlib.h>
88# pragma intrinsic(_byteswap_uint64,_byteswap_ulong)
89# define BSWAP8(x) _byteswap_uint64((u64)(x))
90# define BSWAP4(x) _byteswap_ulong((u32)(x))
91# elif defined(_M_IX86)
92__inline u32 _bswap4(u32 val)
93{
94_asm mov eax, val _asm bswap eax}
95# define BSWAP4(x) _bswap4(x)
96# endif
97# endif
98#endif
99#if defined(BSWAP4) && !defined(STRICT_ALIGNMENT)
100# define GETU32(p) BSWAP4(*(const u32_a1 *)(p))
101# define PUTU32(p,v) *(u32_a1 *)(p) = BSWAP4(v)
102#else
103# define GETU32(p) ((u32)(p)[0]<<24|(u32)(p)[1]<<16|(u32)(p)[2]<<8|(u32)(p)[3])
104# define PUTU32(p,v) ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v))
105#endif
106/*- GCM definitions */ typedef struct {
107 u64 hi, lo;
108} u128;
109
110#ifdef TABLE_BITS
111# undef TABLE_BITS
112#endif
113/*
114 * Even though permitted values for TABLE_BITS are 8, 4 and 1, it should
115 * never be set to 8 [or 1]. For further information see gcm128.c.
116 */
117#define TABLE_BITS 4
118
119struct gcm128_context {
120 /* Following 6 names follow names in GCM specification */
121 union {
122 u64 u[2];
123 u32 d[4];
124 u8 c[16];
125 size_t t[16 / sizeof(size_t)];
126 } Yi, EKi, EK0, len, Xi, H;
127 /*
128 * Relative position of Xi, H and pre-computed Htable is used in some
129 * assembler modules, i.e. don't change the order!
130 */
131#if TABLE_BITS==8
132 u128 Htable[256];
133#else
134 u128 Htable[16];
135 void (*gmult) (u64 Xi[2], const u128 Htable[16]);
136 void (*ghash) (u64 Xi[2], const u128 Htable[16], const u8 *inp,
137 size_t len);
138#endif
139 unsigned int mres, ares;
140 block128_f block;
141 void *key;
142#if !defined(OPENSSL_SMALL_FOOTPRINT)
143 unsigned char Xn[48];
144#endif
145};
146
147struct xts128_context {
148 void *key1, *key2;
149 block128_f block1, block2;
150};
151
152struct ccm128_context {
153 union {
154 u64 u[2];
155 u8 c[16];
156 } nonce, cmac;
157 u64 blocks;
158 block128_f block;
159 void *key;
160};
161
162#ifndef OPENSSL_NO_OCB
163
164typedef union {
165 u64 a[2];
166 unsigned char c[16];
167} OCB_BLOCK;
168# define ocb_block16_xor(in1,in2,out) \
169 ( (out)->a[0]=(in1)->a[0]^(in2)->a[0], \
170 (out)->a[1]=(in1)->a[1]^(in2)->a[1] )
171# if STRICT_ALIGNMENT
172# define ocb_block16_xor_misaligned(in1,in2,out) \
173 ocb_block_xor((in1)->c,(in2)->c,16,(out)->c)
174# else
175# define ocb_block16_xor_misaligned ocb_block16_xor
176# endif
177
178struct ocb128_context {
179 /* Need both encrypt and decrypt key schedules for decryption */
180 block128_f encrypt;
181 block128_f decrypt;
182 void *keyenc;
183 void *keydec;
184 ocb128_f stream; /* direction dependent */
185 /* Key dependent variables. Can be reused if key remains the same */
186 size_t l_index;
187 size_t max_l_index;
188 OCB_BLOCK l_star;
189 OCB_BLOCK l_dollar;
190 OCB_BLOCK *l;
191 /* Must be reset for each session */
192 struct {
193 u64 blocks_hashed;
194 u64 blocks_processed;
195 OCB_BLOCK offset_aad;
196 OCB_BLOCK sum;
197 OCB_BLOCK offset;
198 OCB_BLOCK checksum;
199 } sess;
200};
201#endif /* OPENSSL_NO_OCB */