Lines Matching +full:- +full:c1 +full:- +full:16
2 * AES-NI support functions
5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
9 …* [AES-WP] https://www.intel.com/content/www/us/en/developer/articles/tool/intel-advanced-encrypti…
10 …CLMUL-WP] https://www.intel.com/content/www/us/en/develop/download/intel-carry-less-multiplication…
47 * AES-NI support detection routine
53 * https://github.com/Mbed-TLS/mbedtls/issues/9840 in mbedtls_aesni_has_support()
58 * (See example 8-1 in Sewell et al., "x86-TSO: A Rigorous and Usable in mbedtls_aesni_has_support()
91 * AES-NI AES-ECB block en(de)cryption
95 const unsigned char input[16], in mbedtls_aesni_crypt_ecb() argument
96 unsigned char output[16]) in mbedtls_aesni_crypt_ecb() argument
98 const __m128i *rk = (const __m128i *) (ctx->buf + ctx->rk_offset); in mbedtls_aesni_crypt_ecb()
99 unsigned nr = ctx->nr; // Number of remaining rounds in mbedtls_aesni_crypt_ecb()
103 memcpy(&state, input, 16); in mbedtls_aesni_crypt_ecb()
106 --nr; in mbedtls_aesni_crypt_ecb()
113 --nr; in mbedtls_aesni_crypt_ecb()
124 --nr; in mbedtls_aesni_crypt_ecb()
129 memcpy(output, &state, 16); in mbedtls_aesni_crypt_ecb()
135 * Based on [CLMUL-WP] algorithms 1 (with equation 27) and 5.
143 * using [CLMUL-WP] algorithm 1 (p. 12). in gcm_clmul()
145 *cc = _mm_clmulepi64_si128(aa, bb, 0x00); // a0*b0 = c1:c0 in gcm_clmul()
154 *cc = _mm_xor_si128(*cc, ee); // c1+e0+f0:c0 in gcm_clmul()
159 /* [CMUCL-WP] Algorithm 5 Step 1: shift cc:dd one bit to the left, in gcm_shift()
160 * taking advantage of [CLMUL-WP] eq 27 (p. 18). */ in gcm_shift()
178 /* [CLMUL-WP] Algorithm 5 Step 2 */ in gcm_reduce()
188 /* [CLMUL-WP] Algorithm 5 Steps 3 and 4 */ in gcm_mix()
203 void mbedtls_aesni_gcm_mult(unsigned char c[16], in mbedtls_aesni_gcm_mult() argument
204 const unsigned char a[16], in mbedtls_aesni_gcm_mult() argument
205 const unsigned char b[16]) in mbedtls_aesni_gcm_mult() argument
209 /* The inputs are in big-endian order, so byte-reverse them */ in mbedtls_aesni_gcm_mult()
210 for (size_t i = 0; i < 16; i++) { in mbedtls_aesni_gcm_mult()
211 ((uint8_t *) &aa)[i] = a[15 - i]; in mbedtls_aesni_gcm_mult()
212 ((uint8_t *) &bb)[i] = b[15 - i]; in mbedtls_aesni_gcm_mult()
219 * using [CLMUL-WP] algorithm 5 (p. 18). in mbedtls_aesni_gcm_mult()
226 /* Now byte-reverse the outputs */ in mbedtls_aesni_gcm_mult()
227 for (size_t i = 0; i < 16; i++) { in mbedtls_aesni_gcm_mult()
228 c[i] = ((uint8_t *) &cc)[15 - i]; in mbedtls_aesni_gcm_mult()
245 for (--fk, ++ik; fk > (const __m128i *) fwdkey; --fk, ++ik) { in mbedtls_aesni_inverse_key()
253 * Key expansion, 128-bit case
283 memcpy(&rk[0], key, 16); in aesni_setkey_enc_128()
297 * Key expansion, 192-bit case
304 * Finish generating the next 6 quarter-keys. in aesni_set_rk_192()
330 * an array of 24-byte elements. Since 24 is not a multiple of 16, in aesni_set_rk_192()
332 memcpy(rk, state0, 16); in aesni_set_rk_192()
333 memcpy(rk + 16, state1, 8); in aesni_set_rk_192()
341 /* aes.c guarantees that rk is aligned on a 16-byte boundary. */ in aesni_setkey_enc_192()
357 * Key expansion, 256-bit case
401 memcpy(&rk[0], key, 16); in aesni_setkey_enc_256()
402 memcpy(&rk[1], key + 16, 16); in aesni_setkey_enc_256()
405 * Main "loop" - Generating one more key than necessary, in aesni_setkey_enc_256()
437 * Binutils needs to be at least 2.19 to support AES-NI instructions.
438 * Unfortunately, a lot of users have a lower version now (2014-04).
463 * AES-NI AES-ECB block en(de)cryption
467 const unsigned char input[16], in mbedtls_aesni_crypt_ecb() argument
468 unsigned char output[16]) in mbedtls_aesni_crypt_ecb() argument
473 "add $16, %1 \n\t" // point to next round key in mbedtls_aesni_crypt_ecb()
474 "subl $1, %0 \n\t" // normal rounds = nr - 1 in mbedtls_aesni_crypt_ecb()
481 "add $16, %1 \n\t" // point to next round key in mbedtls_aesni_crypt_ecb()
492 "add $16, %1 \n\t" in mbedtls_aesni_crypt_ecb()
502 : "r" (ctx->nr), "r" (ctx->buf + ctx->rk_offset), "r" (mode), "r" (input), "r" (output) in mbedtls_aesni_crypt_ecb()
511 * Based on [CLMUL-WP] algorithms 1 (with equation 27) and 5.
513 void mbedtls_aesni_gcm_mult(unsigned char c[16], in mbedtls_aesni_gcm_mult() argument
514 const unsigned char a[16], in mbedtls_aesni_gcm_mult() argument
515 const unsigned char b[16]) in mbedtls_aesni_gcm_mult() argument
517 unsigned char aa[16], bb[16], cc[16]; in mbedtls_aesni_gcm_mult()
520 /* The inputs are in big-endian order, so byte-reverse them */ in mbedtls_aesni_gcm_mult()
521 for (i = 0; i < 16; i++) { in mbedtls_aesni_gcm_mult()
522 aa[i] = a[15 - i]; in mbedtls_aesni_gcm_mult()
523 bb[i] = b[15 - i]; in mbedtls_aesni_gcm_mult()
531 * using [CLMUL-WP] algorithm 1 (p. 12). in mbedtls_aesni_gcm_mult()
536 PCLMULQDQ(xmm0_xmm1, "0x00") // a0*b0 = c1:c0 in mbedtls_aesni_gcm_mult()
545 "pxor %%xmm3, %%xmm1 \n\t" // c1+e0+f1:c0 in mbedtls_aesni_gcm_mult()
549 * taking advantage of [CLMUL-WP] eq 27 (p. 18) in mbedtls_aesni_gcm_mult()
567 * using [CLMUL-WP] algorithm 5 (p. 18). in mbedtls_aesni_gcm_mult()
613 /* Now byte-reverse the outputs */ in mbedtls_aesni_gcm_mult()
614 for (i = 0; i < 16; i++) { in mbedtls_aesni_gcm_mult()
615 c[i] = cc[15 - i]; in mbedtls_aesni_gcm_mult()
629 const unsigned char *fk = fwdkey + 16 * nr; in mbedtls_aesni_inverse_key()
631 memcpy(ik, fk, 16); in mbedtls_aesni_inverse_key()
633 for (fk -= 16, ik += 16; fk > fwdkey; fk -= 16, ik += 16) { in mbedtls_aesni_inverse_key()
642 memcpy(ik, fk, 16); in mbedtls_aesni_inverse_key()
647 * Key expansion, 128-bit case
675 "add $16, %0 \n\t" // point to next round key in aesni_setkey_enc_128()
697 * Key expansion, 192-bit case
705 "add $16, %0 \n\t" in aesni_setkey_enc_192()
706 "movq 16(%1), %%xmm1 \n\t" in aesni_setkey_enc_192()
712 * Finish generating the next 6 quarter-keys. in aesni_setkey_enc_192()
730 "add $16, %0 \n\t" in aesni_setkey_enc_192()
756 * Key expansion, 256-bit case
764 "add $16, %0 \n\t" in aesni_setkey_enc_256()
765 "movdqu 16(%1), %%xmm1 \n\t" in aesni_setkey_enc_256()
787 "add $16, %0 \n\t" in aesni_setkey_enc_256()
801 "add $16, %0 \n\t" in aesni_setkey_enc_256()
806 * Main "loop" - Generating one more key than necessary, in aesni_setkey_enc_256()