1238384Sjkim/* ====================================================================
2238384Sjkim * Copyright (c) 2010 The OpenSSL Project.  All rights reserved.
3238384Sjkim *
4238384Sjkim * Redistribution and use is governed by OpenSSL license.
5238384Sjkim * ====================================================================
6238384Sjkim */
7238384Sjkim
8238384Sjkim#include <openssl/modes.h>
9238384Sjkim
10238384Sjkim
11238384Sjkim#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
12238384Sjkimtypedef __int64 i64;
13238384Sjkimtypedef unsigned __int64 u64;
14238384Sjkim#define U64(C) C##UI64
15238384Sjkim#elif defined(__arch64__)
16238384Sjkimtypedef long i64;
17238384Sjkimtypedef unsigned long u64;
18238384Sjkim#define U64(C) C##UL
19238384Sjkim#else
20238384Sjkimtypedef long long i64;
21238384Sjkimtypedef unsigned long long u64;
22238384Sjkim#define U64(C) C##ULL
23238384Sjkim#endif
24238384Sjkim
25238384Sjkimtypedef unsigned int u32;
26238384Sjkimtypedef unsigned char u8;
27238384Sjkim
28238384Sjkim#define STRICT_ALIGNMENT 1
29238384Sjkim#if defined(__i386)	|| defined(__i386__)	|| \
30238384Sjkim    defined(__x86_64)	|| defined(__x86_64__)	|| \
31238384Sjkim    defined(_M_IX86)	|| defined(_M_AMD64)	|| defined(_M_X64) || \
32279264Sdelphij    defined(__s390__)	|| defined(__s390x__)
33238384Sjkim# undef STRICT_ALIGNMENT
34238384Sjkim#endif
35238384Sjkim
36238384Sjkim#if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
37238384Sjkim#if defined(__GNUC__) && __GNUC__>=2
38238384Sjkim# if defined(__x86_64) || defined(__x86_64__)
39238384Sjkim#  define BSWAP8(x) ({	u64 ret=(x);			\
40238384Sjkim			asm ("bswapq %0"		\
41238384Sjkim			: "+r"(ret));	ret;		})
42238384Sjkim#  define BSWAP4(x) ({	u32 ret=(x);			\
43238384Sjkim			asm ("bswapl %0"		\
44238384Sjkim			: "+r"(ret));	ret;		})
45238384Sjkim# elif (defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)
46238384Sjkim#  define BSWAP8(x) ({	u32 lo=(u64)(x)>>32,hi=(x);	\
47238384Sjkim			asm ("bswapl %0; bswapl %1"	\
48238384Sjkim			: "+r"(hi),"+r"(lo));		\
49238384Sjkim			(u64)hi<<32|lo;			})
50238384Sjkim#  define BSWAP4(x) ({	u32 ret=(x);			\
51238384Sjkim			asm ("bswapl %0"		\
52238384Sjkim			: "+r"(ret));	ret;		})
53238384Sjkim# elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT)
54238384Sjkim#  define BSWAP8(x) ({	u32 lo=(u64)(x)>>32,hi=(x);	\
55238384Sjkim			asm ("rev %0,%0; rev %1,%1"	\
56238384Sjkim			: "+r"(hi),"+r"(lo));		\
57238384Sjkim			(u64)hi<<32|lo;			})
58238384Sjkim#  define BSWAP4(x) ({	u32 ret;			\
59238384Sjkim			asm ("rev %0,%1"		\
60238384Sjkim			: "=r"(ret) : "r"((u32)(x)));	\
61238384Sjkim			ret;				})
62238384Sjkim# endif
63238384Sjkim#elif defined(_MSC_VER)
64238384Sjkim# if _MSC_VER>=1300
65238384Sjkim#  pragma intrinsic(_byteswap_uint64,_byteswap_ulong)
66238384Sjkim#  define BSWAP8(x)	_byteswap_uint64((u64)(x))
67238384Sjkim#  define BSWAP4(x)	_byteswap_ulong((u32)(x))
68238384Sjkim# elif defined(_M_IX86)
69238384Sjkim   __inline u32 _bswap4(u32 val) {
70238384Sjkim	_asm mov eax,val
71238384Sjkim	_asm bswap eax
72238384Sjkim   }
73238384Sjkim#  define BSWAP4(x)	_bswap4(x)
74238384Sjkim# endif
75238384Sjkim#endif
76238384Sjkim#endif
77238384Sjkim
78238384Sjkim#if defined(BSWAP4) && !defined(STRICT_ALIGNMENT)
79238384Sjkim#define GETU32(p)	BSWAP4(*(const u32 *)(p))
80238384Sjkim#define PUTU32(p,v)	*(u32 *)(p) = BSWAP4(v)
81238384Sjkim#else
82238384Sjkim#define GETU32(p)	((u32)(p)[0]<<24|(u32)(p)[1]<<16|(u32)(p)[2]<<8|(u32)(p)[3])
83238384Sjkim#define PUTU32(p,v)	((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v))
84238384Sjkim#endif
85238384Sjkim
86238384Sjkim/* GCM definitions */
87238384Sjkim
88238384Sjkimtypedef struct { u64 hi,lo; } u128;
89238384Sjkim
90238384Sjkim#ifdef	TABLE_BITS
91238384Sjkim#undef	TABLE_BITS
92238384Sjkim#endif
93238384Sjkim/*
94238384Sjkim * Even though permitted values for TABLE_BITS are 8, 4 and 1, it should
95238384Sjkim * never be set to 8 [or 1]. For further information see gcm128.c.
96238384Sjkim */
97238384Sjkim#define	TABLE_BITS 4
98238384Sjkim
99238384Sjkimstruct gcm128_context {
100238384Sjkim	/* Following 6 names follow names in GCM specification */
101279264Sdelphij	union { u64 u[2]; u32 d[4]; u8 c[16]; size_t t[16/sizeof(size_t)]; }
102279264Sdelphij	  Yi,EKi,EK0,len,Xi,H;
103238384Sjkim	/* Relative position of Xi, H and pre-computed Htable is used
104238384Sjkim	 * in some assembler modules, i.e. don't change the order! */
105238384Sjkim#if TABLE_BITS==8
106238384Sjkim	u128 Htable[256];
107238384Sjkim#else
108238384Sjkim	u128 Htable[16];
109238384Sjkim	void (*gmult)(u64 Xi[2],const u128 Htable[16]);
110238384Sjkim	void (*ghash)(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len);
111238384Sjkim#endif
112238384Sjkim	unsigned int mres, ares;
113238384Sjkim	block128_f block;
114238384Sjkim	void *key;
115238384Sjkim};
116238384Sjkim
117238384Sjkimstruct xts128_context {
118238384Sjkim	void      *key1, *key2;
119238384Sjkim	block128_f block1,block2;
120238384Sjkim};
121238384Sjkim
122238384Sjkimstruct ccm128_context {
123238384Sjkim	union { u64 u[2]; u8 c[16]; } nonce, cmac;
124238384Sjkim	u64 blocks;
125238384Sjkim	block128_f block;
126238384Sjkim	void *key;
127238384Sjkim};
128238384Sjkim
129