[PATCH 5/5] gcm: move block shifting function to block-internal.h

From: Dmitry Eremin-Solenikov dbaryshkov@gmail.com

Move GCM's block shift function to block-internal.h. This concludes moving of all Galois mul-by-2 to single header.

Signed-off-by: Dmitry Eremin-Solenikov dbaryshkov@gmail.com --- block-internal.h | 29 +++++++++++++++++++++++++++++ gcm.c | 15 ++------------- 2 files changed, 31 insertions(+), 13 deletions(-)

diff --git a/block-internal.h b/block-internal.h index 8cc30f6f5a02..874e4dbe1929 100644 --- a/block-internal.h +++ b/block-internal.h @@ -166,4 +166,33 @@ block8_lshift_be (union nettle_block8 *dst, } #endif /* !WORDS_BIGENDIAN */

+#if WORDS_BIGENDIAN +static inline void +block16_rshift_be (union nettle_block16 *r, + const union nettle_block16 *x, + uint64_t poly) +{ + uint64_t mask; + + /* Shift uses big-endian representation. */ + mask = - (x->u64[1] & 1); + r->u64[1] = (x->u64[1] >> 1) | ((x->u64[0] & 1) << 63); + r->u64[0] = (x->u64[0] >> 1) ^ (mask & (poly << 56)); +} +#else /* ! WORDS_BIGENDIAN */ +static inline void +block16_rshift_be (union nettle_block16 *r, + const union nettle_block16 *x, + uint64_t poly) +{ + uint64_t mask; + + /* Shift uses big-endian representation. */ + mask = - ((x->u64[1] >> 56) & 1); + r->u64[1] = RSHIFT_WORD(x->u64[1]) | ((x->u64[0] >> 49) & 0x80); + r->u64[0] = RSHIFT_WORD(x->u64[0]) ^ (mask & poly); +} +#endif /* ! WORDS_BIGENDIAN */ + +/* shift one and XOR with 0x87. */ #endif /* NETTLE_BLOCK_INTERNAL_H_INCLUDED */ diff --git a/gcm.c b/gcm.c index 17c889e67553..eca6ab6cab25 100644 --- a/gcm.c +++ b/gcm.c @@ -60,21 +60,10 @@ /* Multiplication by 010...0; a big-endian shift right. If the bit shifted out is one, the defining polynomial is added to cancel it out. r == x is allowed. */ -static void +static inline void gcm_gf_shift (union nettle_block16 *r, const union nettle_block16 *x) { - uint64_t mask; - - /* Shift uses big-endian representation. */ -#if WORDS_BIGENDIAN - mask = - (x->u64[1] & 1); - r->u64[1] = (x->u64[1] >> 1) | ((x->u64[0] & 1) << 63); - r->u64[0] = (x->u64[0] >> 1) ^ (mask & ((uint64_t) GHASH_POLYNOMIAL << 56)); -#else /* ! WORDS_BIGENDIAN */ - mask = - ((x->u64[1] >> 56) & 1); - r->u64[1] = RSHIFT_WORD(x->u64[1]) | ((x->u64[0] >> 49) & 0x80); - r->u64[0] = RSHIFT_WORD(x->u64[0]) ^ (mask & GHASH_POLYNOMIAL); -#endif /* ! WORDS_BIGENDIAN */ + block16_rshift_be (r, x, GHASH_POLYNOMIAL); }

#if GCM_TABLE_BITS == 0