2 * Copyright (C) 2017 Denys Vlasenko
4 * Licensed under GPLv2, see file LICENSE in this source tree.
8 /* The part below is a section of matrixssl-3-7-2b-open/crypto/cryptolib.h
9 * Changes are flagged with //bbox
12 /******************************************************************************/
14 /******************************************************************************/
16 /******************************************************************************/
18 /* instrinsic rotate */
20 #pragma intrinsic(_lrotr,_lrotl)
21 #define ROR(x,n) _lrotr(x,n)
22 #define ROL(x,n) _lrotl(x,n)
24 /******************************************************************************/
25 #elif defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__)) && \
26 !defined(INTEL_CC) && !defined(PS_NO_ASM)
28 static ALWAYS_INLINE unsigned ROL(unsigned word, int i)
30 if (__builtin_constant_p(i)) //box
31 // Rotates by constant use fewer registers,
32 // and on many Intel CPUs rotates by %cl take 2 cycles, not 1.
33 asm ("roll %2,%0" //box
43 static ALWAYS_INLINE unsigned ROR(unsigned word, int i)
45 if (__builtin_constant_p(i)) //box
46 asm ("rorl %2,%0" //box
56 /******************************************************************************/
59 /* rotates the hard way */
61 ( (((unsigned long)(x)<<(unsigned long)((y)&31)) | \
62 (((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)(32-((y)&31)))) & \
65 ( ((((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)((y)&31)) | \
66 ((unsigned long)(x)<<(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL)
68 #endif /* 32-bit Rotates */
69 /******************************************************************************/
71 #ifdef HAVE_NATIVE_INT64
73 #define CONST64(n) n ## ui64
75 #define CONST64(n) n ## ULL
79 /******************************************************************************/
83 #if defined (ENDIAN_NEUTRAL)
84 #define STORE32L(x, y) { \
85 (y)[3] = (unsigned char)(((x)>>24)&255); \
86 (y)[2] = (unsigned char)(((x)>>16)&255); \
87 (y)[1] = (unsigned char)(((x)>>8)&255); \
88 (y)[0] = (unsigned char)((x)&255); \
91 #define LOAD32L(x, y) { \
92 x = ((unsigned long)((y)[3] & 255)<<24) | \
93 ((unsigned long)((y)[2] & 255)<<16) | \
94 ((unsigned long)((y)[1] & 255)<<8) | \
95 ((unsigned long)((y)[0] & 255)); \
98 #define STORE64L(x, y) { \
99 (y)[7] = (unsigned char)(((x)>>56)&255); \
100 (y)[6] = (unsigned char)(((x)>>48)&255); \
101 (y)[5] = (unsigned char)(((x)>>40)&255); \
102 (y)[4] = (unsigned char)(((x)>>32)&255); \
103 (y)[3] = (unsigned char)(((x)>>24)&255); \
104 (y)[2] = (unsigned char)(((x)>>16)&255); \
105 (y)[1] = (unsigned char)(((x)>>8)&255); \
106 (y)[0] = (unsigned char)((x)&255); \
109 #define LOAD64L(x, y) { \
110 x = (((uint64)((y)[7] & 255))<<56)|(((uint64)((y)[6] & 255))<<48)| \
111 (((uint64)((y)[5] & 255))<<40)|(((uint64)((y)[4] & 255))<<32)| \
112 (((uint64)((y)[3] & 255))<<24)|(((uint64)((y)[2] & 255))<<16)| \
113 (((uint64)((y)[1] & 255))<<8)|(((uint64)((y)[0] & 255))); \
116 #define STORE32H(x, y) { \
117 (y)[0] = (unsigned char)(((x)>>24)&255); \
118 (y)[1] = (unsigned char)(((x)>>16)&255); \
119 (y)[2] = (unsigned char)(((x)>>8)&255); \
120 (y)[3] = (unsigned char)((x)&255); \
123 #define LOAD32H(x, y) { \
124 x = ((unsigned long)((y)[0] & 255)<<24) | \
125 ((unsigned long)((y)[1] & 255)<<16) | \
126 ((unsigned long)((y)[2] & 255)<<8) | \
127 ((unsigned long)((y)[3] & 255)); \
130 #define STORE64H(x, y) { \
131 (y)[0] = (unsigned char)(((x)>>56)&255); \
132 (y)[1] = (unsigned char)(((x)>>48)&255); \
133 (y)[2] = (unsigned char)(((x)>>40)&255); \
134 (y)[3] = (unsigned char)(((x)>>32)&255); \
135 (y)[4] = (unsigned char)(((x)>>24)&255); \
136 (y)[5] = (unsigned char)(((x)>>16)&255); \
137 (y)[6] = (unsigned char)(((x)>>8)&255); \
138 (y)[7] = (unsigned char)((x)&255); \
141 #define LOAD64H(x, y) { \
142 x = (((uint64)((y)[0] & 255))<<56)|(((uint64)((y)[1] & 255))<<48) | \
143 (((uint64)((y)[2] & 255))<<40)|(((uint64)((y)[3] & 255))<<32) | \
144 (((uint64)((y)[4] & 255))<<24)|(((uint64)((y)[5] & 255))<<16) | \
145 (((uint64)((y)[6] & 255))<<8)|(((uint64)((y)[7] & 255))); \
148 #endif /* ENDIAN_NEUTRAL */
151 #define STORE32H(x, y) { \
152 (y)[0] = (unsigned char)(((x)>>24)&255); \
153 (y)[1] = (unsigned char)(((x)>>16)&255); \
154 (y)[2] = (unsigned char)(((x)>>8)&255); \
155 (y)[3] = (unsigned char)((x)&255); \
158 #define LOAD32H(x, y) { \
159 x = ((unsigned long)((y)[0] & 255)<<24) | \
160 ((unsigned long)((y)[1] & 255)<<16) | \
161 ((unsigned long)((y)[2] & 255)<<8) | \
162 ((unsigned long)((y)[3] & 255)); \
165 #define STORE64H(x, y) { \
166 (y)[0] = (unsigned char)(((x)>>56)&255); \
167 (y)[1] = (unsigned char)(((x)>>48)&255); \
168 (y)[2] = (unsigned char)(((x)>>40)&255); \
169 (y)[3] = (unsigned char)(((x)>>32)&255); \
170 (y)[4] = (unsigned char)(((x)>>24)&255); \
171 (y)[5] = (unsigned char)(((x)>>16)&255); \
172 (y)[6] = (unsigned char)(((x)>>8)&255); \
173 (y)[7] = (unsigned char)((x)&255); \
176 #define LOAD64H(x, y) { \
177 x = (((uint64)((y)[0] & 255))<<56)|(((uint64)((y)[1] & 255))<<48) | \
178 (((uint64)((y)[2] & 255))<<40)|(((uint64)((y)[3] & 255))<<32) | \
179 (((uint64)((y)[4] & 255))<<24)|(((uint64)((y)[5] & 255))<<16) | \
180 (((uint64)((y)[6] & 255))<<8)|(((uint64)((y)[7] & 255))); }
182 #ifdef ENDIAN_32BITWORD
183 #define STORE32L(x, y) { \
184 unsigned long __t = (x); memcpy(y, &__t, 4); \
187 #define LOAD32L(x, y) memcpy(&(x), y, 4);
189 #define STORE64L(x, y) { \
190 (y)[7] = (unsigned char)(((x)>>56)&255); \
191 (y)[6] = (unsigned char)(((x)>>48)&255); \
192 (y)[5] = (unsigned char)(((x)>>40)&255); \
193 (y)[4] = (unsigned char)(((x)>>32)&255); \
194 (y)[3] = (unsigned char)(((x)>>24)&255); \
195 (y)[2] = (unsigned char)(((x)>>16)&255); \
196 (y)[1] = (unsigned char)(((x)>>8)&255); \
197 (y)[0] = (unsigned char)((x)&255); \
200 #define LOAD64L(x, y) { \
201 x = (((uint64)((y)[7] & 255))<<56)|(((uint64)((y)[6] & 255))<<48)| \
202 (((uint64)((y)[5] & 255))<<40)|(((uint64)((y)[4] & 255))<<32)| \
203 (((uint64)((y)[3] & 255))<<24)|(((uint64)((y)[2] & 255))<<16)| \
204 (((uint64)((y)[1] & 255))<<8)|(((uint64)((y)[0] & 255))); \
207 #else /* 64-bit words then */
208 #define STORE32L(x, y) \
209 { unsigned long __t = (x); memcpy(y, &__t, 4); }
211 #define LOAD32L(x, y) \
212 { memcpy(&(x), y, 4); x &= 0xFFFFFFFF; }
214 #define STORE64L(x, y) \
215 { uint64 __t = (x); memcpy(y, &__t, 8); }
217 #define LOAD64L(x, y) \
218 { memcpy(&(x), y, 8); }
220 #endif /* ENDIAN_64BITWORD */
221 #endif /* ENDIAN_LITTLE */
224 #define STORE32L(x, y) { \
225 (y)[3] = (unsigned char)(((x)>>24)&255); \
226 (y)[2] = (unsigned char)(((x)>>16)&255); \
227 (y)[1] = (unsigned char)(((x)>>8)&255); \
228 (y)[0] = (unsigned char)((x)&255); \
231 #define LOAD32L(x, y) { \
232 x = ((unsigned long)((y)[3] & 255)<<24) | \
233 ((unsigned long)((y)[2] & 255)<<16) | \
234 ((unsigned long)((y)[1] & 255)<<8) | \
235 ((unsigned long)((y)[0] & 255)); \
238 #define STORE64L(x, y) { \
239 (y)[7] = (unsigned char)(((x)>>56)&255); \
240 (y)[6] = (unsigned char)(((x)>>48)&255); \
241 (y)[5] = (unsigned char)(((x)>>40)&255); \
242 (y)[4] = (unsigned char)(((x)>>32)&255); \
243 (y)[3] = (unsigned char)(((x)>>24)&255); \
244 (y)[2] = (unsigned char)(((x)>>16)&255); \
245 (y)[1] = (unsigned char)(((x)>>8)&255); \
246 (y)[0] = (unsigned char)((x)&255); \
249 #define LOAD64L(x, y) { \
250 x = (((uint64)((y)[7] & 255))<<56)|(((uint64)((y)[6] & 255))<<48) | \
251 (((uint64)((y)[5] & 255))<<40)|(((uint64)((y)[4] & 255))<<32) | \
252 (((uint64)((y)[3] & 255))<<24)|(((uint64)((y)[2] & 255))<<16) | \
253 (((uint64)((y)[1] & 255))<<8)|(((uint64)((y)[0] & 255))); \
256 #ifdef ENDIAN_32BITWORD
257 #define STORE32H(x, y) \
258 { unsigned int __t = (x); memcpy(y, &__t, 4); }
260 #define LOAD32H(x, y) memcpy(&(x), y, 4);
262 #define STORE64H(x, y) { \
263 (y)[0] = (unsigned char)(((x)>>56)&255); \
264 (y)[1] = (unsigned char)(((x)>>48)&255); \
265 (y)[2] = (unsigned char)(((x)>>40)&255); \
266 (y)[3] = (unsigned char)(((x)>>32)&255); \
267 (y)[4] = (unsigned char)(((x)>>24)&255); \
268 (y)[5] = (unsigned char)(((x)>>16)&255); \
269 (y)[6] = (unsigned char)(((x)>>8)&255); \
270 (y)[7] = (unsigned char)((x)&255); \
273 #define LOAD64H(x, y) { \
274 x = (((uint64)((y)[0] & 255))<<56)|(((uint64)((y)[1] & 255))<<48)| \
275 (((uint64)((y)[2] & 255))<<40)|(((uint64)((y)[3] & 255))<<32)| \
276 (((uint64)((y)[4] & 255))<<24)|(((uint64)((y)[5] & 255))<<16)| \
277 (((uint64)((y)[6] & 255))<<8)| (((uint64)((y)[7] & 255))); \
280 #else /* 64-bit words then */
282 #define STORE32H(x, y) \
283 { unsigned long __t = (x); memcpy(y, &__t, 4); }
285 #define LOAD32H(x, y) \
286 { memcpy(&(x), y, 4); x &= 0xFFFFFFFF; }
288 #define STORE64H(x, y) \
289 { uint64 __t = (x); memcpy(y, &__t, 8); }
291 #define LOAD64H(x, y) \
292 { memcpy(&(x), y, 8); }
294 #endif /* ENDIAN_64BITWORD */
295 #endif /* ENDIAN_BIG */
297 #ifdef HAVE_NATIVE_INT64
298 #define ROL64c(x, y) \
299 ( (((x)<<((uint64)(y)&63)) | \
300 (((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((uint64)64-((y)&63)))) & CONST64(0xFFFFFFFFFFFFFFFF))
302 #define ROR64c(x, y) \
303 ( ((((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((uint64)(y)&CONST64(63))) | \
304 ((x)<<((uint64)(64-((y)&CONST64(63)))))) & CONST64(0xFFFFFFFFFFFFFFFF))
305 #endif /* HAVE_NATIVE_INT64 */
306 /******************************************************************************/
310 /* The part below is taken almost verbatim from matrixssl-3-7-2b-open/crypto/symmetric/.
311 * Changes are flagged with //bbox
316 * @version 33ef80f (HEAD, tag: MATRIXSSL-3-7-2-OPEN, tag: MATRIXSSL-3-7-2-COMM, origin/master, origin/HEAD, master)
318 * Header for internal symmetric key cryptography support.
321 * Copyright (c) 2013-2015 INSIDE Secure Corporation
322 * Copyright (c) PeerSec Networks, 2002-2011
323 * All Rights Reserved
325 * The latest version of this code is available at http://www.matrixssl.org
327 * This software is open source; you can redistribute it and/or modify
328 * it under the terms of the GNU General Public License as published by
329 * the Free Software Foundation; either version 2 of the License, or
330 * (at your option) any later version.
332 * This General Public License does NOT permit incorporating this software
333 * into proprietary programs. If you are unable to comply with the GPL, a
334 * commercial license for this software may be purchased from INSIDE at
335 * http://www.insidesecure.com/eng/Company/Locations
337 * This program is distributed in WITHOUT ANY WARRANTY; without even the
338 * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
339 * See the GNU General Public License for more details.
341 * You should have received a copy of the GNU General Public License
342 * along with this program; if not, write to the Free Software
343 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
344 * http://www.gnu.org/copyleft/gpl.html
346 /******************************************************************************/
348 #ifndef _h_PS_SYMMETRIC
349 #define _h_PS_SYMMETRIC
351 /******************************************************************************/
353 /******************************************************************************/
356 #ifndef USE_AES_CBC_EXTERNAL
358 uint32 eK[64], dK[64];
364 unsigned char IV[16];
366 #if defined(USE_AES_GCM) || defined(USE_AES_CCM)
367 unsigned char EncCtr[16];
368 unsigned char CtrBlock[16];
371 unsigned char gInit[16];
373 unsigned char Hash_SubKey[16];
374 uint32 ProcessedBitCount[4];
375 uint32 InputBufferCount;
376 uint32 OutputBufferCount;
379 unsigned char Buffer[128];
380 uint32 BufferAlignment;
382 #endif /* USE_AES_GCM */
384 uint32_t ccmTagTemp[16 / sizeof(uint32_t)]; /* 32 */
387 /* Used for formatting IV. */
388 uint8_t Temporary[16];
389 /* Used for processing Mac. */
392 #endif /* USE_AES_CCM */
394 #endif /* USE_AES_CBC_EXTERNAL */
399 #define SSL_IDEA_KEY_LEN 16
400 #define SSL_IDEA_IV_LEN 8
401 #define SSL_IDEA_BLOCK_LEN 8
404 uint16 key_schedule[52];
410 short for_encryption;
414 /******************************************************************************/
416 /******************************************************************************/
418 /******************************************************************************/
419 #define SSL_SEED_KEY_LEN 16
420 #define SSL_SEED_IV_LEN 16
424 uint32 K[32], dK[32];
429 unsigned char IV[16];
433 #endif /* USE_SEED */
434 /******************************************************************************/
436 /******************************************************************************/
437 #if defined(USE_3DES) || defined(USE_DES)
438 /******************************************************************************/
439 #define DES3_KEY_LEN 24
440 #define DES3_IV_LEN 8
441 #define DES_KEY_LEN 8
444 uint32 ek[3][32], dk[3][32];
448 A block cipher CBC structure
456 #endif /* USE_3DES || USE_DES */
457 /******************************************************************************/
459 /******************************************************************************/
462 unsigned char state[256];
467 #endif /* USE_ARC4 */
468 /******************************************************************************/
480 /******************************************************************************/
481 /* Universal types and defines */
482 /******************************************************************************/
483 #define MAXBLOCKSIZE 24
506 #define byte(x, n) (((x) >> (8 * (n))) & 255)
508 #endif /* _h_PS_SYMMETRIC */
509 /******************************************************************************/