From: Dmitry Eremin-Solenikov dbaryshkov@gmail.com
It makes little sense to have intermediate solution with GCM_TABLE_BITS == 4. One either will use unoptimized case of GCM_TABLE_BITS == 0, or will switch to fully optimized case (8) as memory usage difference is quite low between 4 and 8. So drop GCM_TABLE_BITS == 4 support
Signed-off-by: Dmitry Eremin-Solenikov dbaryshkov@gmail.com --- gcm.c | 67 +++++++---------------------------------------------------- 1 file changed, 8 insertions(+), 59 deletions(-)
diff --git a/gcm.c b/gcm.c index cf615daf18bd..3a6f04a7671b 100644 --- a/gcm.c +++ b/gcm.c @@ -83,62 +83,7 @@ gcm_gf_mul (union nettle_block16 *x, const union nettle_block16 *y) } memcpy (x->b, Z.b, sizeof(Z)); } -#else /* GCM_TABLE_BITS != 0 */
-# if WORDS_BIGENDIAN -# define W(left,right) (0x##left##right) -# else -# define W(left,right) (0x##right##left) -# endif - -# if GCM_TABLE_BITS == 4 -static const uint16_t -shift_table[0x10] = { - W(00,00),W(1c,20),W(38,40),W(24,60),W(70,80),W(6c,a0),W(48,c0),W(54,e0), - W(e1,00),W(fd,20),W(d9,40),W(c5,60),W(91,80),W(8d,a0),W(a9,c0),W(b5,e0), -}; - -static void -gcm_gf_shift_4(union nettle_block16 *x) -{ - uint64_t *u64 = x->u64; - uint64_t reduce; - - /* Shift uses big-endian representation. */ -#if WORDS_BIGENDIAN - reduce = shift_table[u64[1] & 0xf]; - u64[1] = (u64[1] >> 4) | ((u64[0] & 0xf) << 60); - u64[0] = (u64[0] >> 4) ^ (reduce << 48); -#else /* ! WORDS_BIGENDIAN */ -#define RSHIFT_WORD_4(x) \ - ((((x) & UINT64_C(0xf0f0f0f0f0f0f0f0)) >> 4) \ - | (((x) & UINT64_C(0x000f0f0f0f0f0f0f)) << 12)) - reduce = shift_table[(u64[1] >> 56) & 0xf]; - u64[1] = RSHIFT_WORD_4(u64[1]) | ((u64[0] >> 52) & 0xf0); - u64[0] = RSHIFT_WORD_4(u64[0]) ^ reduce; -# undef RSHIFT_WORD_4 -#endif /* ! WORDS_BIGENDIAN */ -} - -static void -gcm_gf_mul (union nettle_block16 *x, const union nettle_block16 *table) -{ - union nettle_block16 Z; - unsigned i; - - memset(Z.b, 0, sizeof(Z)); - - for (i = GCM_BLOCK_SIZE; i-- > 0;) - { - uint8_t b = x->b[i]; - - gcm_gf_shift_4(&Z); - block16_xor(&Z, &table[b & 0xf]); - gcm_gf_shift_4(&Z); - block16_xor(&Z, &table[b >> 4]); - } - memcpy (x->b, Z.b, sizeof(Z)); -} # elif GCM_TABLE_BITS == 8 # if HAVE_NATIVE_gcm_hash8
@@ -147,6 +92,13 @@ void _nettle_gcm_hash8 (const struct gcm_key *key, union nettle_block16 *x, size_t length, const uint8_t *data); # else /* !HAVE_NATIVE_gcm_hash8 */ + +# if WORDS_BIGENDIAN +# define W(left,right) (0x##left##right) +# else +# define W(left,right) (0x##right##left) +# endif + static const uint16_t shift_table[0x100] = { W(00,00),W(01,c2),W(03,84),W(02,46),W(07,08),W(06,ca),W(04,8c),W(05,4e), @@ -182,6 +134,7 @@ shift_table[0x100] = { W(b5,e0),W(b4,22),W(b6,64),W(b7,a6),W(b2,e8),W(b3,2a),W(b1,6c),W(b0,ae), W(bb,f0),W(ba,32),W(b8,74),W(b9,b6),W(bc,f8),W(bd,3a),W(bf,7c),W(be,be), }; +#undef W
static void gcm_gf_shift_8(union nettle_block16 *x) @@ -221,10 +174,6 @@ gcm_gf_mul (union nettle_block16 *x, const union nettle_block16 *table) # error Unsupported table size. # endif /* GCM_TABLE_BITS != 8 */
-#undef W - -#endif /* GCM_TABLE_BITS */ - /* Increment the rightmost 32 bits. */ #define INC32(block) INCREMENT(4, (block.b) + GCM_BLOCK_SIZE - 4)