~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/include/crypto/gf128mul.h

Version: ~ [ linux-6.11.5 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.58 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.114 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.169 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.228 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.284 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.322 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /include/crypto/gf128mul.h (Version linux-6.11.5) and /include/crypto/gf128mul.h (Version linux-4.19.319)


** Warning: Cannot open xref database.

  1 /* gf128mul.h - GF(2^128) multiplication funct      1 
  2  *                                                
  3  * Copyright (c) 2003, Dr Brian Gladman, Worce    
  4  * Copyright (c) 2006 Rik Snel <rsnel@cube.dyn    
  5  *                                                
  6  * Based on Dr Brian Gladman's (GPL'd) work pu    
  7  * http://fp.gladman.plus.com/cryptography_tec    
  8  * See the original copyright notice below.       
  9  *                                                
 10  * This program is free software; you can redi    
 11  * under the terms of the GNU General Public L    
 12  * Software Foundation; either version 2 of th    
 13  * any later version.                             
 14  */                                               
 15 /*                                                
 16  ---------------------------------------------    
 17  Copyright (c) 2003, Dr Brian Gladman, Worcest    
 18                                                   
 19  LICENSE TERMS                                    
 20                                                   
 21  The free distribution and use of this softwar    
 22  form is allowed (with or without changes) pro    
 23                                                   
 24    1. distributions of this source code includ    
 25       notice, this list of conditions and the     
 26                                                   
 27    2. distributions in binary form include the    
 28       notice, this list of conditions and the     
 29       in the documentation and/or other associ    
 30                                                   
 31    3. the copyright holder's name is not used     
 32       built using this software without specif    
 33                                                   
 34  ALTERNATIVELY, provided that this notice is r    
 35  may be distributed under the terms of the GNU    
 36  in which case the provisions of the GPL apply    
 37                                                   
 38  DISCLAIMER                                       
 39                                                   
 40  This software is provided 'as is' with no exp    
 41  in respect of its properties, including, but     
 42  and/or fitness for purpose.                      
 43  ---------------------------------------------    
 44  Issue Date: 31/01/2006                           
 45                                                   
 46  An implementation of field multiplication in     
 47 */                                                
 48                                                   
 49 #ifndef _CRYPTO_GF128MUL_H                        
 50 #define _CRYPTO_GF128MUL_H                        
 51                                                   
 52 #include <asm/byteorder.h>                        
 53 #include <crypto/b128ops.h>                       
 54 #include <linux/slab.h>                           
 55                                                   
 56 /* Comment by Rik:                                
 57  *                                                
 58  * For some background on GF(2^128) see for ex    
 59  * http://csrc.nist.gov/groups/ST/toolkit/BCM/    
 60  *                                                
 61  * The elements of GF(2^128) := GF(2)[X]/(X^12    
 62  * be mapped to computer memory in a variety o    
 63  * three common cases.                            
 64  *                                                
 65  * Take a look at the 16 binary octets below i    
 66  * are left and the lsb's are right. char b[16    
 67  * the first octet.                               
 68  *                                                
 69  * 10000000 00000000 00000000 00000000 .... 00    
 70  *   b[0]     b[1]     b[2]     b[3]              
 71  *                                                
 72  * Every bit is a coefficient of some power of    
 73  * in every byte in little-endian order and th    
 74  * little endian order. I will call this lle (    
 75  * The above buffer represents the polynomial     
 76  * like 11100001 00000000 .... 00000000 = { 0x    
 77  * This format was originally implemented in g    
 78  * in GCM (Galois/Counter mode) and in ABL (Ar    
 79  *                                                
 80  * Another convention says: store the bits in     
 81  * bytes also. This is bbe (big-big-endian). N    
 82  * represents X^127. X^7+X^2+X^1+1 looks like     
 83  * b[15] = 0x87 and the rest is 0. LRW uses th    
 84  * is partly implemented.                         
 85  *                                                
 86  * Both of the above formats are easy to imple    
 87  * machines.                                      
 88  *                                                
 89  * XTS and EME (the latter of which is patent     
 90  * format (bits are stored in big endian order    
 91  * endian). The above buffer represents X^7 in    
 92  * primitive polynomial is b[0] = 0x87.           
 93  *                                                
 94  * The common machine word-size is smaller tha    
 95  * an efficient implementation we must split i    
 96  * This implementation uses 64-bit words for t    
 97  * endianness comes into play. The lle format     
 98  * endianness is discussed below by the origin    
 99  * Brian Gladman.                                 
100  *                                                
101  * Let's look at the bbe and ble format on a l    
102  *                                                
103  * bbe on a little endian machine u32 x[4]:       
104  *                                                
105  *  MS            x[0]           LS  MS           
106  *  ms   ls ms   ls ms   ls ms   ls  ms   ls m    
107  *  103..96 111.104 119.112 127.120  71...64 7    
108  *                                                
109  *  MS            x[2]           LS  MS           
110  *  ms   ls ms   ls ms   ls ms   ls  ms   ls m    
111  *  39...32 47...40 55...48 63...56  07...00 1    
112  *                                                
113  * ble on a little endian machine                 
114  *                                                
115  *  MS            x[0]           LS  MS           
116  *  ms   ls ms   ls ms   ls ms   ls  ms   ls m    
117  *  31...24 23...16 15...08 07...00  63...56 5    
118  *                                                
119  *  MS            x[2]           LS  MS           
120  *  ms   ls ms   ls ms   ls ms   ls  ms   ls m    
121  *  95...88 87...80 79...72 71...64  127.120 1    
122  *                                                
123  * Multiplications in GF(2^128) are mostly bit    
124  * ble (and lbe also) are easier to implement     
125  * machine than on a big-endian machine. The c    
126  * and lle.                                       
127  *                                                
128  * Note: to have good alignment, it seems to m    
129  * to keep elements of GF(2^128) in type u64[2    
130  * machines this will automatically aligned to    
131  * machine also.                                  
132  */                                               
133 /*      Multiply a GF(2^128) field element by     
134     held in arrays of bytes in which field bit    
135     byte[n], with lower indexed bits placed in    
136     significant bit positions within bytes.       
137                                                   
138     On little endian machines the bit indexes     
139     positions within four 32-bit words in the     
140                                                   
141     MS            x[0]           LS  MS           
142     ms   ls ms   ls ms   ls ms   ls  ms   ls m    
143     24...31 16...23 08...15 00...07  56...63 4    
144                                                   
145     MS            x[2]           LS  MS           
146     ms   ls ms   ls ms   ls ms   ls  ms   ls m    
147     88...95 80...87 72...79 64...71  120.127 1    
148                                                   
149     On big endian machines the bit indexes tra    
150     positions within four 32-bit words in the     
151                                                   
152     MS            x[0]           LS  MS           
153     ms   ls ms   ls ms   ls ms   ls  ms   ls m    
154     00...07 08...15 16...23 24...31  32...39 4    
155                                                   
156     MS            x[2]           LS  MS           
157     ms   ls ms   ls ms   ls ms   ls  ms   ls m    
158     64...71 72...79 80...87 88...95  96..103 1    
159 */                                                
160                                                   
161 /*      A slow generic version of gf_mul, impl    
162  *      It multiplies a and b and puts the res    
163 void gf128mul_lle(be128 *a, const be128 *b);      
164                                                   
165 void gf128mul_bbe(be128 *a, const be128 *b);      
166                                                   
167 /*                                                
168  * The following functions multiply a field el    
169  * the polynomial field representation.  They     
170  * to gain speed but compensate for machine en    
171  * correctly on both styles of machine.           
172  *                                                
173  * They are defined here for performance.         
174  */                                               
175                                                   
176 static inline u64 gf128mul_mask_from_bit(u64 x    
177 {                                                 
178         /* a constant-time version of 'x & ((u    
179         return ((s64)(x << (63 - which)) >> 63    
180 }                                                 
181                                                   
182 static inline void gf128mul_x_lle(be128 *r, co    
183 {                                                 
184         u64 a = be64_to_cpu(x->a);                
185         u64 b = be64_to_cpu(x->b);                
186                                                   
187         /* equivalent to gf128mul_table_le[(b     
188          * (see crypto/gf128mul.c): */            
189         u64 _tt = gf128mul_mask_from_bit(b, 0)    
190                                                   
191         r->b = cpu_to_be64((b >> 1) | (a << 63    
192         r->a = cpu_to_be64((a >> 1) ^ _tt);       
193 }                                                 
194                                                   
195 static inline void gf128mul_x_bbe(be128 *r, co    
196 {                                                 
197         u64 a = be64_to_cpu(x->a);                
198         u64 b = be64_to_cpu(x->b);                
199                                                   
200         /* equivalent to gf128mul_table_be[a >    
201         u64 _tt = gf128mul_mask_from_bit(a, 63    
202                                                   
203         r->a = cpu_to_be64((a << 1) | (b >> 63    
204         r->b = cpu_to_be64((b << 1) ^ _tt);       
205 }                                                 
206                                                   
207 /* needed by XTS */                               
208 static inline void gf128mul_x_ble(le128 *r, co    
209 {                                                 
210         u64 a = le64_to_cpu(x->a);                
211         u64 b = le64_to_cpu(x->b);                
212                                                   
213         /* equivalent to gf128mul_table_be[b >    
214         u64 _tt = gf128mul_mask_from_bit(a, 63    
215                                                   
216         r->a = cpu_to_le64((a << 1) | (b >> 63    
217         r->b = cpu_to_le64((b << 1) ^ _tt);       
218 }                                                 
219                                                   
220 /* 4k table optimization */                       
221                                                   
222 struct gf128mul_4k {                              
223         be128 t[256];                             
224 };                                                
225                                                   
226 struct gf128mul_4k *gf128mul_init_4k_lle(const    
227 struct gf128mul_4k *gf128mul_init_4k_bbe(const    
228 void gf128mul_4k_lle(be128 *a, const struct gf    
229 void gf128mul_4k_bbe(be128 *a, const struct gf    
230 void gf128mul_x8_ble(le128 *r, const le128 *x)    
231 static inline void gf128mul_free_4k(struct gf1    
232 {                                                 
233         kfree_sensitive(t);                       
234 }                                                 
235                                                   
236                                                   
237 /* 64k table optimization, implemented for bbe    
238                                                   
239 struct gf128mul_64k {                             
240         struct gf128mul_4k *t[16];                
241 };                                                
242                                                   
243 /* First initialize with the constant factor w    
244  * want to multiply and then call gf128mul_64k    
245  * factor in the first argument, and the table    
246  * Afterwards, the result is stored in *a.        
247  */                                               
248 struct gf128mul_64k *gf128mul_init_64k_bbe(con    
249 void gf128mul_free_64k(struct gf128mul_64k *t)    
250 void gf128mul_64k_bbe(be128 *a, const struct g    
251                                                   
252 #endif /* _CRYPTO_GF128MUL_H */                   
253                                                   

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php