From 897ccd21b7221982806b5c024518f4e989152f14 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Fri, 18 Mar 2016 18:57:19 +0100 Subject: Always require a 64 bit integer type * configure.ac (available_digests_64): Merge with available_digests. (available_kdfs_64): Merge with available_kdfs. <64 bit datatype test>: Bail out if no such type is available. * src/types.h: Emit #error if no u64 can be defined. (PROPERLY_ALIGNED_TYPE): Always add u64 type. * cipher/bithelp.h: Remove all code paths which handle the case of !HAVE_U64_TYPEDEF. * cipher/bufhelp.h: Ditto. * cipher/cipher-ccm.c: Ditto. * cipher/cipher-gcm.c: Ditto. * cipher/cipher-internal.h: Ditto. * cipher/cipher.c: Ditto. * cipher/hash-common.h: Ditto. * cipher/md.c: Ditto. * cipher/poly1305.c: Ditto. * cipher/scrypt.c: Ditto. * cipher/tiger.c: Ditto. * src/g10lib.h: Ditto. * tests/basic.c: Ditto. * tests/bench-slope.c: Ditto. * tests/benchmark.c: Ditto. -- Given that SHA-2 and some other algorithms require a 64 bit type it does not make anymore sense to conditionally compile some part when the platform does not provide such a type. GnuPG-bug-id: 1815. Signed-off-by: Werner Koch --- cipher/poly1305.c | 214 ------------------------------------------------------ 1 file changed, 214 deletions(-) (limited to 'cipher/poly1305.c') diff --git a/cipher/poly1305.c b/cipher/poly1305.c index 1adf0e7b..7ae35923 100644 --- a/cipher/poly1305.c +++ b/cipher/poly1305.c @@ -98,8 +98,6 @@ static const poly1305_ops_t poly1305_armv7_neon_ops = { #endif -#ifdef HAVE_U64_TYPEDEF - /* Reference unoptimized poly1305 implementation using 32 bit * 32 bit = 64 bit * multiplication and 64 bit addition. */ @@ -358,218 +356,6 @@ static const poly1305_ops_t poly1305_default_ops = { poly1305_finish_ext_ref32 }; -#else /* !HAVE_U64_TYPEDEF */ - -/* Reference unoptimized poly1305 implementation using 8 bit * 8 bit = 16 bit - * multiplication and 16 bit addition, used when we don't have 'u64'. - */ - -typedef struct poly1305_state_ref8_t -{ - byte h[17]; - byte r[17]; - byte pad[17]; - byte final; -} poly1305_state_ref8_t; - - -static OPS_FUNC_ABI void -poly1305_init_ext_ref8 (void *state, const poly1305_key_t * key) -{ - poly1305_state_ref8_t *st = (poly1305_state_ref8_t *) state; - size_t i; - - /* h = 0 */ - for (i = 0; i < 17; i++) - st->h[i] = 0; - - /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */ - st->r[0] = key->b[0]; - st->r[1] = key->b[1]; - st->r[2] = key->b[2]; - st->r[3] = key->b[3] & 0x0f; - st->r[4] = key->b[4] & 0xfc; - st->r[5] = key->b[5]; - st->r[6] = key->b[6]; - st->r[7] = key->b[7] & 0x0f; - st->r[8] = key->b[8] & 0xfc; - st->r[9] = key->b[9]; - st->r[10] = key->b[10]; - st->r[11] = key->b[11] & 0x0f; - st->r[12] = key->b[12] & 0xfc; - st->r[13] = key->b[13]; - st->r[14] = key->b[14]; - st->r[15] = key->b[15] & 0x0f; - st->r[16] = 0; - - /* save pad for later */ - for (i = 0; i < 16; i++) - st->pad[i] = key->b[i + 16]; - st->pad[16] = 0; - - st->final = 0; -} - - -static void -poly1305_add_ref8 (byte h[17], const byte c[17]) -{ - u16 u; - unsigned int i; - for (u = 0, i = 0; i < 17; i++) - { - u += (u16) h[i] + (u16) c[i]; - h[i] = (byte) u & 0xff; - u >>= 8; - } -} - - -static void -poly1305_squeeze_ref8 (byte h[17], u32 hr[17]) -{ - u32 u; - unsigned int i; - u = 0; - for (i = 0; i < 16; i++) - { - u += hr[i]; - h[i] = (byte) u & 0xff; - u >>= 8; - } - u += hr[16]; - h[16] = (byte) u & 0x03; - u >>= 2; - u += (u << 2); /* u *= 5; */ - for (i = 0; i < 16; i++) - { - u += h[i]; - h[i] = (byte) u & 0xff; - u >>= 8; - } - h[16] += (byte) u; -} - - -static void -poly1305_freeze_ref8 (byte h[17]) -{ - static const byte minusp[17] = { - 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0xfc - }; - byte horig[17], negative; - unsigned int i; - - /* compute h + -p */ - for (i = 0; i < 17; i++) - horig[i] = h[i]; - poly1305_add_ref8 (h, minusp); - - /* select h if h < p, or h + -p if h >= p */ - negative = -(h[16] >> 7); - for (i = 0; i < 17; i++) - h[i] ^= negative & (horig[i] ^ h[i]); -} - - -static OPS_FUNC_ABI unsigned int -poly1305_blocks_ref8 (void *state, const byte * m, size_t bytes) -{ - poly1305_state_ref8_t *st = (poly1305_state_ref8_t *) state; - const byte hibit = st->final ^ 1; /* 1 << 128 */ - - while (bytes >= POLY1305_REF_BLOCKSIZE) - { - u32 hr[17], u; - byte c[17]; - unsigned int i, j; - - /* h += m */ - for (i = 0; i < 16; i++) - c[i] = m[i]; - c[16] = hibit; - poly1305_add_ref8 (st->h, c); - - /* h *= r */ - for (i = 0; i < 17; i++) - { - u = 0; - for (j = 0; j <= i; j++) - { - u += (u16) st->h[j] * st->r[i - j]; - } - for (j = i + 1; j < 17; j++) - { - u32 v = (u16) st->h[j] * st->r[i + 17 - j]; - v = ((v << 8) + (v << 6)); /* v *= (5 << 6); */ - u += v; - } - hr[i] = u; - } - - /* (partial) h %= p */ - poly1305_squeeze_ref8 (st->h, hr); - - m += POLY1305_REF_BLOCKSIZE; - bytes -= POLY1305_REF_BLOCKSIZE; - } - - /* burn_stack */ - return (18 + 2) * sizeof (u32) + 18 + 6 * sizeof (void *) + - 6 * sizeof (void *); -} - - -static OPS_FUNC_ABI unsigned int -poly1305_finish_ext_ref8 (void *state, const byte * m, size_t remaining, - byte mac[POLY1305_TAGLEN]) -{ - poly1305_state_ref8_t *st = (poly1305_state_ref8_t *) state; - size_t i; - unsigned int burn = 0; - - /* process the remaining block */ - if (remaining) - { - byte final[POLY1305_REF_BLOCKSIZE] = { 0 }; - for (i = 0; i < remaining; i++) - final[i] = m[i]; - final[remaining] = 1; - st->final = 1; - burn = poly1305_blocks_ref8 (st, final, POLY1305_REF_BLOCKSIZE); - } - - /* fully reduce h */ - poly1305_freeze_ref8 (st->h); - - /* h = (h + pad) % (1 << 128) */ - poly1305_add_ref8 (st->h, st->pad); - for (i = 0; i < 16; i++) - mac[i] = st->h[i]; - - /* zero out the state */ - for (i = 0; i < 17; i++) - st->h[i] = 0; - for (i = 0; i < 17; i++) - st->r[i] = 0; - for (i = 0; i < 17; i++) - st->pad[i] = 0; - - /* burn_stack */ - return POLY1305_REF_BLOCKSIZE + 18 + 16 * sizeof (void *) + burn; -} - - -static const poly1305_ops_t poly1305_default_ops = { - POLY1305_REF_BLOCKSIZE, - poly1305_init_ext_ref8, - poly1305_blocks_ref8, - poly1305_finish_ext_ref8 -}; - -#endif /* HAVE_U64_TYPEDEF */ -- cgit v1.2.1