diff options
author | Niels Möller <nisse@lysator.liu.se> | 2022-02-23 16:51:23 +0000 |
---|---|---|
committer | Niels Möller <nisse@lysator.liu.se> | 2022-02-23 16:51:23 +0000 |
commit | c68dd3229c5063f344b77dffdc13dbb794da3616 (patch) | |
tree | 44d4a9f58629ffff0bc6689c1dc50f6b16a05f7c | |
parent | 2aabd5e2618f7a9277583f744b68bae80bf02b07 (diff) | |
parent | 5d0089ed895c17e0462fd30431008b55f7b2f8a2 (diff) | |
download | nettle-ghash-refactor.tar.gz |
Merge branch 's390x-ghash-refactor' into 'ghash-refactor'ghash-refactor
Refactor s390x-specific code for new ghash organization
See merge request nettle/nettle!44
-rw-r--r-- | fat-s390x.c | 40 | ||||
-rw-r--r-- | s390x/fat/ghash-set-key-2.asm (renamed from s390x/fat/gcm-hash.asm) | 7 | ||||
-rw-r--r-- | s390x/fat/ghash-update-2.asm | 37 | ||||
-rw-r--r-- | s390x/msa_x4/ghash-set-key.asm | 44 | ||||
-rw-r--r-- | s390x/msa_x4/ghash-update.asm (renamed from s390x/msa_x4/gcm-hash.asm) | 53 |
5 files changed, 118 insertions, 63 deletions
diff --git a/fat-s390x.c b/fat-s390x.c index a1295736..fa026018 100644 --- a/fat-s390x.c +++ b/fat-s390x.c @@ -50,9 +50,9 @@ #include "nettle-types.h" #include "memxor.h" -#include "aes.h" -#include "gcm.h" -#include "gcm-internal.h" +#include "aes-internal.h" +#include "chacha-internal.h" +#include "ghash-internal.h" #include "fat-setup.h" /* Max number of doublewords returned by STFLE */ @@ -242,13 +242,13 @@ DECLARE_FAT_FUNC_VAR(aes256_decrypt, aes256_crypt_func, c) DECLARE_FAT_FUNC_VAR(aes256_decrypt, aes256_crypt_func, s390x) /* GHASH */ -DECLARE_FAT_FUNC(_nettle_gcm_init_key, gcm_init_key_func) -DECLARE_FAT_FUNC_VAR(gcm_init_key, gcm_init_key_func, c) -DECLARE_FAT_FUNC_VAR(gcm_init_key, gcm_init_key_func, s390x) +DECLARE_FAT_FUNC(_nettle_ghash_set_key, ghash_set_key_func) +DECLARE_FAT_FUNC_VAR(ghash_set_key, ghash_set_key_func, c) +DECLARE_FAT_FUNC_VAR(ghash_set_key, ghash_set_key_func, s390x) -DECLARE_FAT_FUNC(_nettle_gcm_hash, gcm_hash_func) -DECLARE_FAT_FUNC_VAR(gcm_hash, gcm_hash_func, c) -DECLARE_FAT_FUNC_VAR(gcm_hash, gcm_hash_func, s390x) +DECLARE_FAT_FUNC(_nettle_ghash_update, ghash_update_func) +DECLARE_FAT_FUNC_VAR(ghash_update, ghash_update_func, c) +DECLARE_FAT_FUNC_VAR(ghash_update, ghash_update_func, s390x) DECLARE_FAT_FUNC(nettle_sha1_compress, sha1_compress_func) DECLARE_FAT_FUNC_VAR(sha1_compress, sha1_compress_func, c) @@ -372,13 +372,13 @@ fat_init (void) { if (verbose) fprintf (stderr, "libnettle: enabling hardware accelerated GHASH.\n"); - _nettle_gcm_init_key_vec = _nettle_gcm_init_key_s390x; - _nettle_gcm_hash_vec = _nettle_gcm_hash_s390x; + _nettle_ghash_set_key_vec = _nettle_ghash_set_key_s390x; + _nettle_ghash_update_vec = _nettle_ghash_update_s390x; } else { - _nettle_gcm_init_key_vec = _nettle_gcm_init_key_c; - _nettle_gcm_hash_vec = _nettle_gcm_hash_c; + _nettle_ghash_set_key_vec = _nettle_ghash_set_key_c; + _nettle_ghash_update_vec = _nettle_ghash_update_c; } /* SHA1 */ @@ -481,13 +481,13 @@ DEFINE_FAT_FUNC(nettle_aes256_decrypt, void, (ctx, length, dst, src)) /* GHASH */ -DEFINE_FAT_FUNC(_nettle_gcm_init_key, void, - (union nettle_block16 *table), - (table)) -DEFINE_FAT_FUNC(_nettle_gcm_hash, void, - (const struct gcm_key *key, union nettle_block16 *x, - size_t length, const uint8_t *data), - (key, x, length, data)) +DEFINE_FAT_FUNC(_nettle_ghash_set_key, void, + (struct gcm_key *ctx, const union nettle_block16 *key), + (ctx, key)) +DEFINE_FAT_FUNC(_nettle_ghash_update, const uint8_t *, + (const struct gcm_key *ctx, union nettle_block16 *state, + size_t blocks, const uint8_t *data), + (ctx, state, blocks, data)) /* SHA1 */ DEFINE_FAT_FUNC(nettle_sha1_compress, void, diff --git a/s390x/fat/gcm-hash.asm b/s390x/fat/ghash-set-key-2.asm index 17ca7342..c69e153f 100644 --- a/s390x/fat/gcm-hash.asm +++ b/s390x/fat/ghash-set-key-2.asm @@ -1,4 +1,4 @@ -C s390x/fat/gcm-hash.asm +C s390x/fat/ghash-set-key-2.asm ifelse(` Copyright (C) 2020 Mamone Tarsha @@ -31,8 +31,7 @@ ifelse(` ') dnl picked up by configure -dnl PROLOGUE(_nettle_fat_gcm_init_key) -dnl PROLOGUE(_nettle_fat_gcm_hash) +dnl PROLOGUE(_nettle_ghash_set_key) define(`fat_transform', `$1_s390x') -include_src(`s390x/msa_x4/gcm-hash.asm') +include_src(`s390x/msa_x4/ghash-set-key.asm') diff --git a/s390x/fat/ghash-update-2.asm b/s390x/fat/ghash-update-2.asm new file mode 100644 index 00000000..108a1ced --- /dev/null +++ b/s390x/fat/ghash-update-2.asm @@ -0,0 +1,37 @@ +C s390x/fat/ghash-update.asm + +ifelse(` + Copyright (C) 2020 Mamone Tarsha + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +dnl picked up by configure +dnl PROLOGUE(_nettle_ghash_update) + +define(`fat_transform', `$1_s390x') +include_src(`s390x/msa_x4/ghash-update.asm') diff --git a/s390x/msa_x4/ghash-set-key.asm b/s390x/msa_x4/ghash-set-key.asm new file mode 100644 index 00000000..486ac9be --- /dev/null +++ b/s390x/msa_x4/ghash-set-key.asm @@ -0,0 +1,44 @@ +C s390x/msa_x4/ghash-set-key.asm + +ifelse(` + Copyright (C) 2020 Mamone Tarsha + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +.file "ghash-set-key.asm" + +.text + +C void _ghash_set_key (struct gcm_key *ctx, const union nettle_block16 *key) + +PROLOGUE(_nettle_ghash_set_key) + C Except for Hash Subkey (H), KIMD-GHASH function does not need + C any pre-computed values so just copy H into the first element + C of context table and return to the caller. + mvc 0(16,%r2),0(%r3) + br RA +EPILOGUE(_nettle_ghash_set_key) diff --git a/s390x/msa_x4/gcm-hash.asm b/s390x/msa_x4/ghash-update.asm index 50d8b7c0..cb55953c 100644 --- a/s390x/msa_x4/gcm-hash.asm +++ b/s390x/msa_x4/ghash-update.asm @@ -1,4 +1,4 @@ -C s390x/msa_x4/gcm-hash.asm +C s390x/msa_x4/ghash-update.asm ifelse(` Copyright (C) 2020 Mamone Tarsha @@ -47,53 +47,28 @@ C *----------------------------------------------* C Size of parameter block define(`PB_SIZE', `32') -C gcm_set_key() assigns H value in the middle element of the table -define(`H_idx', `128*16') - -.file "gcm-hash.asm" +.file "ghash-update.asm" .text -C void gcm_init_key (union gcm_block *table) - -PROLOGUE(_nettle_gcm_init_key) - C Except for Hash Subkey (H), KIMD-GHASH does not need any pre-computed values so just return to the caller. - br RA -EPILOGUE(_nettle_gcm_init_key) - -C void gcm_hash (const struct gcm_key *key, union gcm_block *x, -C size_t length, const uint8_t *data) + C const uint8_t *_ghash_update (const struct gcm_key *ctx, + C union nettle_block16 *x, + C size_t blocks, const uint8_t *data) -PROLOGUE(_nettle_gcm_hash) - ldgr %f0,%r6 C load non-volatile general register 6 into volatile float-point register 0 +PROLOGUE(_nettle_ghash_update) C --- allocate a stack space for parameter block in addition to 16-byte buffer to handle leftover bytes --- - ALLOC_STACK(%r1,PB_SIZE+16) C parameter block (must be general register 1) - lgr %r6,%r3 + ALLOC_STACK(%r1,PB_SIZE) C parameter block (must be general register 1) mvc 0(16,%r1),0(%r3) C copy x Initial Chaining Value field - mvc 16(16,%r1),H_idx (%r2) C copy H to Hash Subkey field + mvc 16(16,%r1),0(%r2) C copy H to Hash Subkey field lghi %r0,65 C GHASH function code (must be general register 0) lgr %r2,%r5 C location of leftmost byte of data (must not be odd-numbered general register nor be general register 0) + lgr %r5,%r3 C number of bytes (must be general register of data + 1). length must be a multiple of the data block size (16). - risbg %r3,%r4,0,187,0 C Insert bit offsets 0-59, bit offset 0 of the fourth operand is set to clear the remaining bits. + sllg %r3,%r4,4 C LEN = 16*BLOCKS 1: .long 0xb93e0002 C kimd %r0,%r2 brc 1,1b C safely branch back in case of partial completion - C --- handle leftovers --- - risbg %r5,%r4,60,191,0 C Insert bit offsets 60-63 and clear the remaining bits. - jz 4f - lgr %r4,%r2 - C --- copy the leftovers to allocated stack buffer and pad the remaining bytes with zero --- - la %r2,PB_SIZE (%r1) - lghi %r3,16 -2: mvcle %r2,%r4,0 - brc 1,2b - aghi %r2,-16 - aghi %r3,16 -3: .long 0xb93e0002 C kimd %r0,%r2 - brc 1,3b C safely branch back in case of partial completion -4: - mvc 0(16,%r6),0(%r1) C store x - xc 0(PB_SIZE+16,%r1),0(%r1) C wipe parameter block content and leftover bytes of data from stack - FREE_STACK(PB_SIZE+16) - lgdr %r6,%f0 C restore general register 6 + mvc 0(16,%r5),0(%r1) C store x + xc 0(PB_SIZE,%r1),0(%r1) C wipe parameter block content from stack + FREE_STACK(PB_SIZE) br RA -EPILOGUE(_nettle_gcm_hash) +EPILOGUE(_nettle_ghash_update) |