Beispiel #1
0
/**
 * Multiply to elements of GF(2**128) using the reducing polynomial
 * (x^128 + x^7 + x^2 + x + 1).
 */
static void gcm_mult(uint8_t out[16], const uint8_t x[16], const uint8_t y[16])
{
    uint64_t z[2], v[2];
    int i;

    /** z, v = 0, y **/
    z[0] = z[1] = 0;
    v[0] = be_to_word(&y[0]);
    v[1] = be_to_word(&y[8]);

    for (i=0; i<16; i++) {
        uint8_t j;

        for (j=0x80; j>0; j>>=1) {
            uint64_t c;

            /** z ^= (x>>i&1)*v **/
            if (x[i] & j) {

                z[0] ^= v[0];
                z[1] ^= v[1];
            }
            /** v = (v&1)*0xE1000000000000000000000000000000L ^ (v>>1) **/
            c = v[1]&1 ? 0xE100000000000000 : 0;
            v[1] = v[1]>>1 | (v[0] << 63);
            v[0] = v[0]>>1 ^ c;
        }
    }
    word_to_be(out, z[0]);
    word_to_be(out+8, z[1]);
}
Beispiel #2
0
/**
 * Create a V table. V[i] is the value H*x^i (i=0..127).
 * \param h         The 16 byte GHASH key
 * \param tables    A pointer to an allocated V table
 */
static void make_v_tables(const uint8_t h[16], t_v_tables *tables)
{
    uint64_t (*cur)[2];
    int i;

    memset(tables, 0, sizeof(t_v_tables));

    cur = &((*tables)[0][1]);

    (*cur)[0] = be_to_word(&h[0]);
    (*cur)[1] = be_to_word(&h[8]);

    for (i=1; i<128; i++) {
        uint64_t c;
        uint64_t (*next)[2];

        next = &((*tables)[i][1]);

        /** v = (v&1)*0xE1000000000000000000000000000000L ^ (v>>1) **/
        c = (*cur)[1]&1 ? 0xE100000000000000 : 0;
        (*next)[1] = (*cur)[1]>>1 | (*cur)[0]<<63;
        (*next)[0] = (*cur)[0]>>1 ^ c;

        cur = next;
    }
}
Beispiel #3
0
/**
 * Compute H*x^i for i=0..127. Store the results in a new
 * vector indexed by i.
 */
static const t_v_tables* make_v_tables(const uint8_t y[16])
{
    t_v_tables *tables;
    uint64_t *cur;
    int i;

    tables = (t_v_tables*) calloc(128*2, sizeof(uint64_t));
    if (!tables) {
        return NULL;
    }

    cur = &((*tables)[0][0]);

    cur[0] = be_to_word(&y[0]);
    cur[1] = be_to_word(&y[8]);

    for (i=1; i<128; i++) {
        uint64_t c;
        uint64_t *next;

        next = &((*tables)[i][0]);

        /** v = (v&1)*0xE1000000000000000000000000000000L ^ (v>>1) **/
        c = cur[1]&1 ? 0xE100000000000000 : 0;
        next[1] = cur[1]>>1 | cur[0]<<63;
        next[0] = cur[0]>>1 ^ c;

        cur = next;
    }

    return (const t_v_tables*)tables;
}