Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP4:GA
libnettle
libnettle-s390x-CPACF-SHA-AES-support.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libnettle-s390x-CPACF-SHA-AES-support.patch of Package libnettle
From c7391e5cdb8a0afc05186d484bc9f752b8f0c074 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se> Date: Tue, 10 Aug 2021 22:05:40 +0200 Subject: [PATCH] x86_64: Refactor aesni assembly, with specific functions for each key size. --- ChangeLog | 13 ++ fat-x86_64.c | 80 +++++++--- x86_64/aesni/aes-decrypt-internal.asm | 134 ---------------- x86_64/aesni/aes-encrypt-internal.asm | 134 ---------------- x86_64/aesni/aes128-decrypt.asm | 136 ++++++++++++++++ x86_64/aesni/aes128-encrypt.asm | 136 ++++++++++++++++ x86_64/aesni/aes192-decrypt.asm | 146 ++++++++++++++++++ x86_64/aesni/aes192-encrypt.asm | 146 ++++++++++++++++++ x86_64/aesni/aes256-decrypt.asm | 113 ++++++++++++++ x86_64/aesni/aes256-encrypt.asm | 113 ++++++++++++++ ...pt-internal-2.asm => aes128-decrypt-2.asm} | 11 +- ...rypt-internal.asm => aes128-encrypt-2.asm} | 11 +- ...pt-internal-2.asm => aes192-decrypt-2.asm} | 11 +- ...rypt-internal.asm => aes192-encrypt-2.asm} | 11 +- x86_64/fat/aes256-decrypt-2.asm | 36 +++++ x86_64/fat/aes256-encrypt-2.asm | 36 +++++ 16 files changed, 955 insertions(+), 312 deletions(-) delete mode 100644 x86_64/aesni/aes-decrypt-internal.asm delete mode 100644 x86_64/aesni/aes-encrypt-internal.asm create mode 100644 x86_64/aesni/aes128-decrypt.asm create mode 100644 x86_64/aesni/aes128-encrypt.asm create mode 100644 x86_64/aesni/aes192-decrypt.asm create mode 100644 x86_64/aesni/aes192-encrypt.asm create mode 100644 x86_64/aesni/aes256-decrypt.asm create mode 100644 x86_64/aesni/aes256-encrypt.asm rename x86_64/fat/{aes-encrypt-internal-2.asm => aes128-decrypt-2.asm} (82%) rename x86_64/fat/{aes-encrypt-internal.asm => aes128-encrypt-2.asm} (82%) rename x86_64/fat/{aes-decrypt-internal-2.asm => aes192-decrypt-2.asm} (82%) rename x86_64/fat/{aes-decrypt-internal.asm => aes192-encrypt-2.asm} (82%) create mode 100644 x86_64/fat/aes256-decrypt-2.asm create mode 100644 x86_64/fat/aes256-encrypt-2.asm Index: nettle-3.7.3/fat-x86_64.c =================================================================== --- nettle-3.7.3.orig/fat-x86_64.c +++ nettle-3.7.3/fat-x86_64.c @@ -111,13 +111,24 @@ get_x86_features (struct x86_features *f } } -DECLARE_FAT_FUNC(_nettle_aes_encrypt, aes_crypt_internal_func) -DECLARE_FAT_FUNC_VAR(aes_encrypt, aes_crypt_internal_func, x86_64) -DECLARE_FAT_FUNC_VAR(aes_encrypt, aes_crypt_internal_func, aesni) - -DECLARE_FAT_FUNC(_nettle_aes_decrypt, aes_crypt_internal_func) -DECLARE_FAT_FUNC_VAR(aes_decrypt, aes_crypt_internal_func, x86_64) -DECLARE_FAT_FUNC_VAR(aes_decrypt, aes_crypt_internal_func, aesni) +DECLARE_FAT_FUNC(nettle_aes128_encrypt, aes128_crypt_func) +DECLARE_FAT_FUNC(nettle_aes128_decrypt, aes128_crypt_func) +DECLARE_FAT_FUNC_VAR(aes128_encrypt, aes128_crypt_func, c) +DECLARE_FAT_FUNC_VAR(aes128_encrypt, aes128_crypt_func, aesni) +DECLARE_FAT_FUNC_VAR(aes128_decrypt, aes128_crypt_func, c) +DECLARE_FAT_FUNC_VAR(aes128_decrypt, aes128_crypt_func, aesni) +DECLARE_FAT_FUNC(nettle_aes192_encrypt, aes192_crypt_func) +DECLARE_FAT_FUNC(nettle_aes192_decrypt, aes192_crypt_func) +DECLARE_FAT_FUNC_VAR(aes192_encrypt, aes192_crypt_func, c) +DECLARE_FAT_FUNC_VAR(aes192_encrypt, aes192_crypt_func, aesni) +DECLARE_FAT_FUNC_VAR(aes192_decrypt, aes192_crypt_func, c) +DECLARE_FAT_FUNC_VAR(aes192_decrypt, aes192_crypt_func, aesni) +DECLARE_FAT_FUNC(nettle_aes256_encrypt, aes256_crypt_func) +DECLARE_FAT_FUNC(nettle_aes256_decrypt, aes256_crypt_func) +DECLARE_FAT_FUNC_VAR(aes256_encrypt, aes256_crypt_func, c) +DECLARE_FAT_FUNC_VAR(aes256_encrypt, aes256_crypt_func, aesni) +DECLARE_FAT_FUNC_VAR(aes256_decrypt, aes256_crypt_func, c) +DECLARE_FAT_FUNC_VAR(aes256_decrypt, aes256_crypt_func, aesni) DECLARE_FAT_FUNC(nettle_memxor, memxor_func) DECLARE_FAT_FUNC_VAR(memxor, memxor_func, x86_64) @@ -160,15 +171,23 @@ fat_init (void) { if (verbose) fprintf (stderr, "libnettle: using aes instructions.\n"); - _nettle_aes_encrypt_vec = _nettle_aes_encrypt_aesni; - _nettle_aes_decrypt_vec = _nettle_aes_decrypt_aesni; + nettle_aes128_encrypt_vec = _nettle_aes128_encrypt_aesni; + nettle_aes128_decrypt_vec = _nettle_aes128_decrypt_aesni; + nettle_aes192_encrypt_vec = _nettle_aes192_encrypt_aesni; + nettle_aes192_decrypt_vec = _nettle_aes192_decrypt_aesni; + nettle_aes256_encrypt_vec = _nettle_aes256_encrypt_aesni; + nettle_aes256_decrypt_vec = _nettle_aes256_decrypt_aesni; } else { if (verbose) fprintf (stderr, "libnettle: not using aes instructions.\n"); - _nettle_aes_encrypt_vec = _nettle_aes_encrypt_x86_64; - _nettle_aes_decrypt_vec = _nettle_aes_decrypt_x86_64; + nettle_aes128_encrypt_vec = _nettle_aes128_encrypt_c; + nettle_aes128_decrypt_vec = _nettle_aes128_decrypt_c; + nettle_aes192_encrypt_vec = _nettle_aes192_encrypt_c; + nettle_aes192_decrypt_vec = _nettle_aes192_decrypt_c; + nettle_aes256_encrypt_vec = _nettle_aes256_encrypt_c; + nettle_aes256_decrypt_vec = _nettle_aes256_decrypt_c; } if (features.have_sha_ni) @@ -199,19 +218,32 @@ fat_init (void) } } -DEFINE_FAT_FUNC(_nettle_aes_encrypt, void, - (unsigned rounds, const uint32_t *keys, - const struct aes_table *T, - size_t length, uint8_t *dst, - const uint8_t *src), - (rounds, keys, T, length, dst, src)) - -DEFINE_FAT_FUNC(_nettle_aes_decrypt, void, - (unsigned rounds, const uint32_t *keys, - const struct aes_table *T, - size_t length, uint8_t *dst, - const uint8_t *src), - (rounds, keys, T, length, dst, src)) +DEFINE_FAT_FUNC(nettle_aes128_encrypt, void, + (const struct aes128_ctx *ctx, size_t length, + uint8_t *dst,const uint8_t *src), + (ctx, length, dst, src)) +DEFINE_FAT_FUNC(nettle_aes128_decrypt, void, + (const struct aes128_ctx *ctx, size_t length, + uint8_t *dst,const uint8_t *src), + (ctx, length, dst, src)) + +DEFINE_FAT_FUNC(nettle_aes192_encrypt, void, + (const struct aes192_ctx *ctx, size_t length, + uint8_t *dst,const uint8_t *src), + (ctx, length, dst, src)) +DEFINE_FAT_FUNC(nettle_aes192_decrypt, void, + (const struct aes192_ctx *ctx, size_t length, + uint8_t *dst,const uint8_t *src), + (ctx, length, dst, src)) + +DEFINE_FAT_FUNC(nettle_aes256_encrypt, void, + (const struct aes256_ctx *ctx, size_t length, + uint8_t *dst,const uint8_t *src), + (ctx, length, dst, src)) +DEFINE_FAT_FUNC(nettle_aes256_decrypt, void, + (const struct aes256_ctx *ctx, size_t length, + uint8_t *dst,const uint8_t *src), + (ctx, length, dst, src)) DEFINE_FAT_FUNC(nettle_memxor, void *, (void *dst, const void *src, size_t n), Index: nettle-3.7.3/x86_64/aesni/aes-decrypt-internal.asm =================================================================== --- nettle-3.7.3.orig/x86_64/aesni/aes-decrypt-internal.asm +++ /dev/null @@ -1,134 +0,0 @@ -C x86_64/aesni/aes-decrypt-internal.asm - - -ifelse(` - Copyright (C) 2015, 2018 Niels Möller - - This file is part of GNU Nettle. - - GNU Nettle is free software: you can redistribute it and/or - modify it under the terms of either: - - * the GNU Lesser General Public License as published by the Free - Software Foundation; either version 3 of the License, or (at your - option) any later version. - - or - - * the GNU General Public License as published by the Free - Software Foundation; either version 2 of the License, or (at your - option) any later version. - - or both in parallel, as here. - - GNU Nettle is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received copies of the GNU General Public License and - the GNU Lesser General Public License along with this program. If - not, see http://www.gnu.org/licenses/. -') - -C Input argument -define(`ROUNDS', `%rdi') -define(`KEYS', `%rsi') -C define(`TABLE', `%rdx') C Unused here -define(`LENGTH',`%rcx') -define(`DST', `%r8') -define(`SRC', `%r9') - -define(`KEY0', `%xmm0') -define(`KEY1', `%xmm1') -define(`KEY2', `%xmm2') -define(`KEY3', `%xmm3') -define(`KEY4', `%xmm4') -define(`KEY5', `%xmm5') -define(`KEY6', `%xmm6') -define(`KEY7', `%xmm7') -define(`KEY8', `%xmm8') -define(`KEY9', `%xmm9') -define(`KEY10', `%xmm10') -define(`KEY11', `%xmm11') -define(`KEY12', `%xmm12') -define(`KEY13', `%xmm13') -define(`KEYLAST', `%xmm14') -define(`BLOCK', `%xmm15') - - .file "aes-decrypt-internal.asm" - - C _aes_decrypt(unsigned rounds, const uint32_t *keys, - C const struct aes_table *T, - C size_t length, uint8_t *dst, - C uint8_t *src) - .text - ALIGN(16) -PROLOGUE(_nettle_aes_decrypt) - W64_ENTRY(6, 16) - shr $4, LENGTH - test LENGTH, LENGTH - jz .Lend - - movups (KEYS), KEY0 - movups 16(KEYS), KEY1 - movups 32(KEYS), KEY2 - movups 48(KEYS), KEY3 - movups 64(KEYS), KEY4 - movups 80(KEYS), KEY5 - movups 96(KEYS), KEY6 - movups 112(KEYS), KEY7 - movups 128(KEYS), KEY8 - movups 144(KEYS), KEY9 - lea 160(KEYS), KEYS - sub $10, XREG(ROUNDS) C Also clears high half - je .Lkey_last - - movups (KEYS), KEY10 - movups 16(KEYS), KEY11 - lea (KEYS, ROUNDS, 8), KEYS - lea (KEYS, ROUNDS, 8), KEYS - - cmpl $2, XREG(ROUNDS) - je .Lkey_last - movups -32(KEYS), KEY12 - movups -16(KEYS), KEY13 - -.Lkey_last: - movups (KEYS), KEYLAST - -.Lblock_loop: - movups (SRC), BLOCK - pxor KEY0, BLOCK - aesdec KEY1, BLOCK - aesdec KEY2, BLOCK - aesdec KEY3, BLOCK - aesdec KEY4, BLOCK - aesdec KEY5, BLOCK - aesdec KEY6, BLOCK - aesdec KEY7, BLOCK - aesdec KEY8, BLOCK - aesdec KEY9, BLOCK - testl XREG(ROUNDS), XREG(ROUNDS) - je .Lblock_end - aesdec KEY10, BLOCK - aesdec KEY11, BLOCK - cmpl $2, XREG(ROUNDS) - je .Lblock_end - - aesdec KEY12, BLOCK - aesdec KEY13, BLOCK - -.Lblock_end: - aesdeclast KEYLAST, BLOCK - - movups BLOCK, (DST) - add $16, SRC - add $16, DST - dec LENGTH - jnz .Lblock_loop - -.Lend: - W64_EXIT(6, 16) - ret -EPILOGUE(_nettle_aes_decrypt) Index: nettle-3.7.3/x86_64/aesni/aes-encrypt-internal.asm =================================================================== --- nettle-3.7.3.orig/x86_64/aesni/aes-encrypt-internal.asm +++ /dev/null @@ -1,134 +0,0 @@ -C x86_64/aesni/aes-encrypt-internal.asm - - -ifelse(` - Copyright (C) 2015, 2018 Niels Möller - - This file is part of GNU Nettle. - - GNU Nettle is free software: you can redistribute it and/or - modify it under the terms of either: - - * the GNU Lesser General Public License as published by the Free - Software Foundation; either version 3 of the License, or (at your - option) any later version. - - or - - * the GNU General Public License as published by the Free - Software Foundation; either version 2 of the License, or (at your - option) any later version. - - or both in parallel, as here. - - GNU Nettle is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received copies of the GNU General Public License and - the GNU Lesser General Public License along with this program. If - not, see http://www.gnu.org/licenses/. -') - -C Input argument -define(`ROUNDS', `%rdi') -define(`KEYS', `%rsi') -C define(`TABLE', `%rdx') C Unused here -define(`LENGTH',`%rcx') -define(`DST', `%r8') -define(`SRC', `%r9') - -define(`KEY0', `%xmm0') -define(`KEY1', `%xmm1') -define(`KEY2', `%xmm2') -define(`KEY3', `%xmm3') -define(`KEY4', `%xmm4') -define(`KEY5', `%xmm5') -define(`KEY6', `%xmm6') -define(`KEY7', `%xmm7') -define(`KEY8', `%xmm8') -define(`KEY9', `%xmm9') -define(`KEY10', `%xmm10') -define(`KEY11', `%xmm11') -define(`KEY12', `%xmm12') -define(`KEY13', `%xmm13') -define(`KEYLAST', `%xmm14') -define(`BLOCK', `%xmm15') - - .file "aes-encrypt-internal.asm" - - C _aes_encrypt(unsigned rounds, const uint32_t *keys, - C const struct aes_table *T, - C size_t length, uint8_t *dst, - C uint8_t *src) - .text - ALIGN(16) -PROLOGUE(_nettle_aes_encrypt) - W64_ENTRY(6, 16) - shr $4, LENGTH - test LENGTH, LENGTH - jz .Lend - - movups (KEYS), KEY0 - movups 16(KEYS), KEY1 - movups 32(KEYS), KEY2 - movups 48(KEYS), KEY3 - movups 64(KEYS), KEY4 - movups 80(KEYS), KEY5 - movups 96(KEYS), KEY6 - movups 112(KEYS), KEY7 - movups 128(KEYS), KEY8 - movups 144(KEYS), KEY9 - lea 160(KEYS), KEYS - sub $10, XREG(ROUNDS) C Also clears high half - je .Lkey_last - - movups (KEYS), KEY10 - movups 16(KEYS), KEY11 - lea (KEYS, ROUNDS, 8), KEYS - lea (KEYS, ROUNDS, 8), KEYS - - cmpl $2, XREG(ROUNDS) - je .Lkey_last - movups -32(KEYS), KEY12 - movups -16(KEYS), KEY13 - -.Lkey_last: - movups (KEYS), KEYLAST - -.Lblock_loop: - movups (SRC), BLOCK - pxor KEY0, BLOCK - aesenc KEY1, BLOCK - aesenc KEY2, BLOCK - aesenc KEY3, BLOCK - aesenc KEY4, BLOCK - aesenc KEY5, BLOCK - aesenc KEY6, BLOCK - aesenc KEY7, BLOCK - aesenc KEY8, BLOCK - aesenc KEY9, BLOCK - testl XREG(ROUNDS), XREG(ROUNDS) - je .Lblock_end - aesenc KEY10, BLOCK - aesenc KEY11, BLOCK - cmpl $2, XREG(ROUNDS) - je .Lblock_end - - aesenc KEY12, BLOCK - aesenc KEY13, BLOCK - -.Lblock_end: - aesenclast KEYLAST, BLOCK - - movups BLOCK, (DST) - add $16, SRC - add $16, DST - dec LENGTH - jnz .Lblock_loop - -.Lend: - W64_EXIT(6, 16) - ret -EPILOGUE(_nettle_aes_encrypt) Index: nettle-3.7.3/x86_64/aesni/aes128-decrypt.asm =================================================================== --- /dev/null +++ nettle-3.7.3/x86_64/aesni/aes128-decrypt.asm @@ -0,0 +1,136 @@ +C x86_64/aesni/aes128-decrypt.asm + +ifelse(` + Copyright (C) 2015, 2018, 2021 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +C Input argument +define(`CTX', `%rdi') +define(`LENGTH',`%rsi') +define(`DST', `%rdx') +define(`SRC', `%rcx') + +define(`KEY0', `%xmm0') +define(`KEY1', `%xmm1') +define(`KEY2', `%xmm2') +define(`KEY3', `%xmm3') +define(`KEY4', `%xmm4') +define(`KEY5', `%xmm5') +define(`KEY6', `%xmm6') +define(`KEY7', `%xmm7') +define(`KEY8', `%xmm8') +define(`KEY9', `%xmm9') +define(`KEY10', `%xmm10') +define(`X', `%xmm11') +define(`Y', `%xmm12') + + .file "aes128-decrypt.asm" + + C nettle_aes128_decrypt(const struct aes128_ctx *ctx, + C size_t length, uint8_t *dst, + C const uint8_t *src); + + .text + ALIGN(16) +PROLOGUE(nettle_aes128_decrypt) + W64_ENTRY(4, 13) + shr $4, LENGTH + test LENGTH, LENGTH + jz .Lend + + movups (CTX), KEY0 + movups 16(CTX), KEY1 + movups 32(CTX), KEY2 + movups 48(CTX), KEY3 + movups 64(CTX), KEY4 + movups 80(CTX), KEY5 + movups 96(CTX), KEY6 + movups 112(CTX), KEY7 + movups 128(CTX), KEY8 + movups 144(CTX), KEY9 + movups 160(CTX), KEY10 + shr LENGTH + jnc .Lblock_loop + + movups (SRC), X + pxor KEY0, X + aesdec KEY1, X + aesdec KEY2, X + aesdec KEY3, X + aesdec KEY4, X + aesdec KEY5, X + aesdec KEY6, X + aesdec KEY7, X + aesdec KEY8, X + aesdec KEY9, X + aesdeclast KEY10, X + + movups X, (DST) + add $16, SRC + add $16, DST + test LENGTH, LENGTH + jz .Lend + +.Lblock_loop: + movups (SRC), X + movups 16(SRC), Y + pxor KEY0, X + pxor KEY0, Y + aesdec KEY1, X + aesdec KEY1, Y + aesdec KEY2, X + aesdec KEY2, Y + aesdec KEY3, X + aesdec KEY3, Y + aesdec KEY4, X + aesdec KEY4, Y + aesdec KEY5, X + aesdec KEY5, Y + aesdec KEY6, X + aesdec KEY6, Y + aesdec KEY7, X + aesdec KEY7, Y + aesdec KEY8, X + aesdec KEY8, Y + aesdec KEY9, X + aesdec KEY9, Y + aesdeclast KEY10, X + aesdeclast KEY10, Y + + movups X, (DST) + movups Y, 16(DST) + add $32, SRC + add $32, DST + dec LENGTH + jnz .Lblock_loop + +.Lend: + W64_EXIT(4, 13) + ret +EPILOGUE(nettle_aes128_decrypt) Index: nettle-3.7.3/x86_64/aesni/aes128-encrypt.asm =================================================================== --- /dev/null +++ nettle-3.7.3/x86_64/aesni/aes128-encrypt.asm @@ -0,0 +1,136 @@ +C x86_64/aesni/aes128-encrypt.asm + +ifelse(` + Copyright (C) 2015, 2018, 2021 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +C Input argument +define(`CTX', `%rdi') +define(`LENGTH',`%rsi') +define(`DST', `%rdx') +define(`SRC', `%rcx') + +define(`KEY0', `%xmm0') +define(`KEY1', `%xmm1') +define(`KEY2', `%xmm2') +define(`KEY3', `%xmm3') +define(`KEY4', `%xmm4') +define(`KEY5', `%xmm5') +define(`KEY6', `%xmm6') +define(`KEY7', `%xmm7') +define(`KEY8', `%xmm8') +define(`KEY9', `%xmm9') +define(`KEY10', `%xmm10') +define(`X', `%xmm11') +define(`Y', `%xmm12') + + .file "aes128-encrypt.asm" + + C nettle_aes128_encrypt(const struct aes128_ctx *ctx, + C size_t length, uint8_t *dst, + C const uint8_t *src); + + .text + ALIGN(16) +PROLOGUE(nettle_aes128_encrypt) + W64_ENTRY(4, 13) + shr $4, LENGTH + test LENGTH, LENGTH + jz .Lend + + movups (CTX), KEY0 + movups 16(CTX), KEY1 + movups 32(CTX), KEY2 + movups 48(CTX), KEY3 + movups 64(CTX), KEY4 + movups 80(CTX), KEY5 + movups 96(CTX), KEY6 + movups 112(CTX), KEY7 + movups 128(CTX), KEY8 + movups 144(CTX), KEY9 + movups 160(CTX), KEY10 + shr LENGTH + jnc .Lblock_loop + + movups (SRC), X + pxor KEY0, X + aesenc KEY1, X + aesenc KEY2, X + aesenc KEY3, X + aesenc KEY4, X + aesenc KEY5, X + aesenc KEY6, X + aesenc KEY7, X + aesenc KEY8, X + aesenc KEY9, X + aesenclast KEY10, X + + movups X, (DST) + add $16, SRC + add $16, DST + test LENGTH, LENGTH + jz .Lend + +.Lblock_loop: + movups (SRC), X + movups 16(SRC), Y + pxor KEY0, X + pxor KEY0, Y + aesenc KEY1, X + aesenc KEY1, Y + aesenc KEY2, X + aesenc KEY2, Y + aesenc KEY3, X + aesenc KEY3, Y + aesenc KEY4, X + aesenc KEY4, Y + aesenc KEY5, X + aesenc KEY5, Y + aesenc KEY6, X + aesenc KEY6, Y + aesenc KEY7, X + aesenc KEY7, Y + aesenc KEY8, X + aesenc KEY8, Y + aesenc KEY9, X + aesenc KEY9, Y + aesenclast KEY10, X + aesenclast KEY10, Y + + movups X, (DST) + movups Y, 16(DST) + add $32, SRC + add $32, DST + dec LENGTH + jnz .Lblock_loop + +.Lend: + W64_EXIT(4, 13) + ret +EPILOGUE(nettle_aes128_encrypt) Index: nettle-3.7.3/x86_64/aesni/aes192-decrypt.asm =================================================================== --- /dev/null +++ nettle-3.7.3/x86_64/aesni/aes192-decrypt.asm @@ -0,0 +1,146 @@ +C x86_64/aesni/aes192-decrypt.asm + +ifelse(` + Copyright (C) 2015, 2018, 2021 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +C Input argument +define(`CTX', `%rdi') +define(`LENGTH',`%rsi') +define(`DST', `%rdx') +define(`SRC', `%rcx') + +define(`KEY0', `%xmm0') +define(`KEY1', `%xmm1') +define(`KEY2', `%xmm2') +define(`KEY3', `%xmm3') +define(`KEY4', `%xmm4') +define(`KEY5', `%xmm5') +define(`KEY6', `%xmm6') +define(`KEY7', `%xmm7') +define(`KEY8', `%xmm8') +define(`KEY9', `%xmm9') +define(`KEY10', `%xmm10') +define(`KEY11', `%xmm11') +define(`KEY12', `%xmm12') +define(`X', `%xmm13') +define(`Y', `%xmm14') + + .file "aes192-decrypt.asm" + + C nettle_aes192_decrypt(const struct aes192_ctx *ctx, + C size_t length, uint8_t *dst, + C const uint8_t *src); + + .text + ALIGN(16) +PROLOGUE(nettle_aes192_decrypt) + W64_ENTRY(4, 15) + shr $4, LENGTH + test LENGTH, LENGTH + jz .Lend + + movups (CTX), KEY0 + movups 16(CTX), KEY1 + movups 32(CTX), KEY2 + movups 48(CTX), KEY3 + movups 64(CTX), KEY4 + movups 80(CTX), KEY5 + movups 96(CTX), KEY6 + movups 112(CTX), KEY7 + movups 128(CTX), KEY8 + movups 144(CTX), KEY9 + movups 160(CTX), KEY10 + movups 176(CTX), KEY11 + movups 192(CTX), KEY12 + shr LENGTH + jnc .Lblock_loop + + movups (SRC), X + pxor KEY0, X + aesdec KEY1, X + aesdec KEY2, X + aesdec KEY3, X + aesdec KEY4, X + aesdec KEY5, X + aesdec KEY6, X + aesdec KEY7, X + aesdec KEY8, X + aesdec KEY9, X + aesdec KEY10, X + aesdec KEY11, X + aesdeclast KEY12, X + + movups X, (DST) + add $16, SRC + add $16, DST + test LENGTH, LENGTH + jz .Lend + +.Lblock_loop: + movups (SRC), X + movups 16(SRC), Y + pxor KEY0, X + pxor KEY0, Y + aesdec KEY1, X + aesdec KEY1, Y + aesdec KEY2, X + aesdec KEY2, Y + aesdec KEY3, X + aesdec KEY3, Y + aesdec KEY4, X + aesdec KEY4, Y + aesdec KEY5, X + aesdec KEY5, Y + aesdec KEY6, X + aesdec KEY6, Y + aesdec KEY7, X + aesdec KEY7, Y + aesdec KEY8, X + aesdec KEY8, Y + aesdec KEY9, X + aesdec KEY9, Y + aesdec KEY10, X + aesdec KEY10, Y + aesdec KEY11, X + aesdec KEY11, Y + aesdeclast KEY12, X + aesdeclast KEY12, Y + + movups X, (DST) + movups Y, 16(DST) + add $32, SRC + add $32, DST + dec LENGTH + jnz .Lblock_loop + +.Lend: + W64_EXIT(4, 15) + ret +EPILOGUE(nettle_aes192_decrypt) Index: nettle-3.7.3/x86_64/aesni/aes192-encrypt.asm =================================================================== --- /dev/null +++ nettle-3.7.3/x86_64/aesni/aes192-encrypt.asm @@ -0,0 +1,146 @@ +C x86_64/aesni/aes192-encrypt.asm + +ifelse(` + Copyright (C) 2015, 2018, 2021 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +C Input argument +define(`CTX', `%rdi') +define(`LENGTH',`%rsi') +define(`DST', `%rdx') +define(`SRC', `%rcx') + +define(`KEY0', `%xmm0') +define(`KEY1', `%xmm1') +define(`KEY2', `%xmm2') +define(`KEY3', `%xmm3') +define(`KEY4', `%xmm4') +define(`KEY5', `%xmm5') +define(`KEY6', `%xmm6') +define(`KEY7', `%xmm7') +define(`KEY8', `%xmm8') +define(`KEY9', `%xmm9') +define(`KEY10', `%xmm10') +define(`KEY11', `%xmm11') +define(`KEY12', `%xmm12') +define(`X', `%xmm13') +define(`Y', `%xmm14') + + .file "aes192-encrypt.asm" + + C nettle_aes192_encrypt(const struct aes192_ctx *ctx, + C size_t length, uint8_t *dst, + C const uint8_t *src); + + .text + ALIGN(16) +PROLOGUE(nettle_aes192_encrypt) + W64_ENTRY(4, 15) + shr $4, LENGTH + test LENGTH, LENGTH + jz .Lend + + movups (CTX), KEY0 + movups 16(CTX), KEY1 + movups 32(CTX), KEY2 + movups 48(CTX), KEY3 + movups 64(CTX), KEY4 + movups 80(CTX), KEY5 + movups 96(CTX), KEY6 + movups 112(CTX), KEY7 + movups 128(CTX), KEY8 + movups 144(CTX), KEY9 + movups 160(CTX), KEY10 + movups 176(CTX), KEY11 + movups 192(CTX), KEY12 + shr LENGTH + jnc .Lblock_loop + + movups (SRC), X + pxor KEY0, X + aesenc KEY1, X + aesenc KEY2, X + aesenc KEY3, X + aesenc KEY4, X + aesenc KEY5, X + aesenc KEY6, X + aesenc KEY7, X + aesenc KEY8, X + aesenc KEY9, X + aesenc KEY10, X + aesenc KEY11, X + aesenclast KEY12, X + + movups X, (DST) + add $16, SRC + add $16, DST + test LENGTH, LENGTH + jz .Lend + +.Lblock_loop: + movups (SRC), X + movups 16(SRC), Y + pxor KEY0, X + pxor KEY0, Y + aesenc KEY1, X + aesenc KEY1, Y + aesenc KEY2, X + aesenc KEY2, Y + aesenc KEY3, X + aesenc KEY3, Y + aesenc KEY4, X + aesenc KEY4, Y + aesenc KEY5, X + aesenc KEY5, Y + aesenc KEY6, X + aesenc KEY6, Y + aesenc KEY7, X + aesenc KEY7, Y + aesenc KEY8, X + aesenc KEY8, Y + aesenc KEY9, X + aesenc KEY9, Y + aesenc KEY10, X + aesenc KEY10, Y + aesenc KEY11, X + aesenc KEY11, Y + aesenclast KEY12, X + aesenclast KEY12, Y + + movups X, (DST) + movups Y, 16(DST) + add $32, SRC + add $32, DST + dec LENGTH + jnz .Lblock_loop + +.Lend: + W64_EXIT(4, 15) + ret +EPILOGUE(nettle_aes192_encrypt) Index: nettle-3.7.3/x86_64/aesni/aes256-decrypt.asm =================================================================== --- /dev/null +++ nettle-3.7.3/x86_64/aesni/aes256-decrypt.asm @@ -0,0 +1,113 @@ +C x86_64/aesni/aes256-decrypt.asm + +ifelse(` + Copyright (C) 2015, 2018, 2021 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +C Input argument +define(`CTX', `%rdi') +define(`LENGTH',`%rsi') +define(`DST', `%rdx') +define(`SRC', `%rcx') + +define(`KEY0', `%xmm0') +define(`KEY1', `%xmm1') +define(`KEY2', `%xmm2') +define(`KEY3', `%xmm3') +define(`KEY4', `%xmm4') +define(`KEY5', `%xmm5') +define(`KEY6', `%xmm6') +define(`KEY7', `%xmm7') +define(`KEY8', `%xmm8') +define(`KEY9', `%xmm9') +define(`KEY10', `%xmm10') +define(`KEY11', `%xmm11') +define(`KEY12', `%xmm12') +define(`KEY13', `%xmm13') +define(`KEY14', `%xmm14') +define(`X', `%xmm15') + + .file "aes256-decrypt.asm" + + C nettle_aes256_decrypt(const struct aes256_ctx *ctx, + C size_t length, uint8_t *dst, + C const uint8_t *src); + + .text + ALIGN(16) +PROLOGUE(nettle_aes256_decrypt) + W64_ENTRY(4, 16) + shr $4, LENGTH + test LENGTH, LENGTH + jz .Lend + + movups (CTX), KEY0 + movups 16(CTX), KEY1 + movups 32(CTX), KEY2 + movups 48(CTX), KEY3 + movups 64(CTX), KEY4 + movups 80(CTX), KEY5 + movups 96(CTX), KEY6 + movups 112(CTX), KEY7 + movups 128(CTX), KEY8 + movups 144(CTX), KEY9 + movups 160(CTX), KEY10 + movups 176(CTX), KEY11 + movups 192(CTX), KEY12 + movups 208(CTX), KEY13 + movups 224(CTX), KEY14 + +.Lblock_loop: + movups (SRC), X + pxor KEY0, X + aesdec KEY1, X + aesdec KEY2, X + aesdec KEY3, X + aesdec KEY4, X + aesdec KEY5, X + aesdec KEY6, X + aesdec KEY7, X + aesdec KEY8, X + aesdec KEY9, X + aesdec KEY10, X + aesdec KEY11, X + aesdec KEY12, X + aesdec KEY13, X + aesdeclast KEY14, X + + movups X, (DST) + add $16, SRC + add $16, DST + dec LENGTH + jnz .Lblock_loop + +.Lend: + W64_EXIT(4, 16) + ret +EPILOGUE(nettle_aes256_decrypt) Index: nettle-3.7.3/x86_64/aesni/aes256-encrypt.asm =================================================================== --- /dev/null +++ nettle-3.7.3/x86_64/aesni/aes256-encrypt.asm @@ -0,0 +1,113 @@ +C x86_64/aesni/aes256-encrypt.asm + +ifelse(` + Copyright (C) 2015, 2018, 2021 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +C Input argument +define(`CTX', `%rdi') +define(`LENGTH',`%rsi') +define(`DST', `%rdx') +define(`SRC', `%rcx') + +define(`KEY0', `%xmm0') +define(`KEY1', `%xmm1') +define(`KEY2', `%xmm2') +define(`KEY3', `%xmm3') +define(`KEY4', `%xmm4') +define(`KEY5', `%xmm5') +define(`KEY6', `%xmm6') +define(`KEY7', `%xmm7') +define(`KEY8', `%xmm8') +define(`KEY9', `%xmm9') +define(`KEY10', `%xmm10') +define(`KEY11', `%xmm11') +define(`KEY12', `%xmm12') +define(`KEY13', `%xmm13') +define(`KEY14', `%xmm14') +define(`X', `%xmm15') + + .file "aes256-encrypt.asm" + + C nettle_aes256_encrypt(const struct aes256_ctx *ctx, + C size_t length, uint8_t *dst, + C const uint8_t *src); + + .text + ALIGN(16) +PROLOGUE(nettle_aes256_encrypt) + W64_ENTRY(4, 16) + shr $4, LENGTH + test LENGTH, LENGTH + jz .Lend + + movups (CTX), KEY0 + movups 16(CTX), KEY1 + movups 32(CTX), KEY2 + movups 48(CTX), KEY3 + movups 64(CTX), KEY4 + movups 80(CTX), KEY5 + movups 96(CTX), KEY6 + movups 112(CTX), KEY7 + movups 128(CTX), KEY8 + movups 144(CTX), KEY9 + movups 160(CTX), KEY10 + movups 176(CTX), KEY11 + movups 192(CTX), KEY12 + movups 208(CTX), KEY13 + movups 224(CTX), KEY14 + +.Lblock_loop: + movups (SRC), X + pxor KEY0, X + aesenc KEY1, X + aesenc KEY2, X + aesenc KEY3, X + aesenc KEY4, X + aesenc KEY5, X + aesenc KEY6, X + aesenc KEY7, X + aesenc KEY8, X + aesenc KEY9, X + aesenc KEY10, X + aesenc KEY11, X + aesenc KEY12, X + aesenc KEY13, X + aesenclast KEY14, X + + movups X, (DST) + add $16, SRC + add $16, DST + dec LENGTH + jnz .Lblock_loop + +.Lend: + W64_EXIT(4, 16) + ret +EPILOGUE(nettle_aes256_encrypt) Index: nettle-3.7.3/x86_64/fat/aes-encrypt-internal-2.asm =================================================================== --- nettle-3.7.3.orig/x86_64/fat/aes-encrypt-internal-2.asm +++ /dev/null @@ -1,35 +0,0 @@ -C x86_64/fat/aes-encrypt-internal-2.asm - - -ifelse(` - Copyright (C) 2015 Niels Möller - - This file is part of GNU Nettle. - - GNU Nettle is free software: you can redistribute it and/or - modify it under the terms of either: - - * the GNU Lesser General Public License as published by the Free - Software Foundation; either version 3 of the License, or (at your - option) any later version. - - or - - * the GNU General Public License as published by the Free - Software Foundation; either version 2 of the License, or (at your - option) any later version. - - or both in parallel, as here. - - GNU Nettle is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received copies of the GNU General Public License and - the GNU Lesser General Public License along with this program. If - not, see http://www.gnu.org/licenses/. -') - -define(`fat_transform', `$1_aesni') -include_src(`x86_64/aesni/aes-encrypt-internal.asm') Index: nettle-3.7.3/x86_64/fat/aes128-decrypt-2.asm =================================================================== --- /dev/null +++ nettle-3.7.3/x86_64/fat/aes128-decrypt-2.asm @@ -0,0 +1,36 @@ +C x86_64/fat/aes128-decrypt.asm + +ifelse(` + Copyright (C) 2021 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +dnl PROLOGUE(nettle_aes128_decrypt) picked up by configure + +define(`fat_transform', `_$1_aesni') +include_src(`x86_64/aesni/aes128-decrypt.asm') Index: nettle-3.7.3/x86_64/fat/aes-encrypt-internal.asm =================================================================== --- nettle-3.7.3.orig/x86_64/fat/aes-encrypt-internal.asm +++ /dev/null @@ -1,35 +0,0 @@ -C x86_64/fat/aes-encrypt-internal.asm - - -ifelse(` - Copyright (C) 2015 Niels Möller - - This file is part of GNU Nettle. - - GNU Nettle is free software: you can redistribute it and/or - modify it under the terms of either: - - * the GNU Lesser General Public License as published by the Free - Software Foundation; either version 3 of the License, or (at your - option) any later version. - - or - - * the GNU General Public License as published by the Free - Software Foundation; either version 2 of the License, or (at your - option) any later version. - - or both in parallel, as here. - - GNU Nettle is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received copies of the GNU General Public License and - the GNU Lesser General Public License along with this program. If - not, see http://www.gnu.org/licenses/. -') - -define(`fat_transform', `$1_x86_64') -include_src(`x86_64/aes-encrypt-internal.asm') Index: nettle-3.7.3/x86_64/fat/aes128-encrypt-2.asm =================================================================== --- /dev/null +++ nettle-3.7.3/x86_64/fat/aes128-encrypt-2.asm @@ -0,0 +1,36 @@ +C x86_64/fat/aes128-encrypt.asm + +ifelse(` + Copyright (C) 2021 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +dnl PROLOGUE(nettle_aes128_encrypt) picked up by configure + +define(`fat_transform', `_$1_aesni') +include_src(`x86_64/aesni/aes128-encrypt.asm') Index: nettle-3.7.3/x86_64/fat/aes-decrypt-internal-2.asm =================================================================== --- nettle-3.7.3.orig/x86_64/fat/aes-decrypt-internal-2.asm +++ /dev/null @@ -1,35 +0,0 @@ -C x86_64/fat/aes-decrypt-internal-2.asm - - -ifelse(` - Copyright (C) 2015 Niels Möller - - This file is part of GNU Nettle. - - GNU Nettle is free software: you can redistribute it and/or - modify it under the terms of either: - - * the GNU Lesser General Public License as published by the Free - Software Foundation; either version 3 of the License, or (at your - option) any later version. - - or - - * the GNU General Public License as published by the Free - Software Foundation; either version 2 of the License, or (at your - option) any later version. - - or both in parallel, as here. - - GNU Nettle is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received copies of the GNU General Public License and - the GNU Lesser General Public License along with this program. If - not, see http://www.gnu.org/licenses/. -') - -define(`fat_transform', `$1_aesni') -include_src(`x86_64/aesni/aes-decrypt-internal.asm') Index: nettle-3.7.3/x86_64/fat/aes192-decrypt-2.asm =================================================================== --- /dev/null +++ nettle-3.7.3/x86_64/fat/aes192-decrypt-2.asm @@ -0,0 +1,36 @@ +C x86_64/fat/aes192-decrypt.asm + +ifelse(` + Copyright (C) 2021 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +dnl PROLOGUE(nettle_aes192_decrypt) picked up by configure + +define(`fat_transform', `_$1_aesni') +include_src(`x86_64/aesni/aes192-decrypt.asm') Index: nettle-3.7.3/x86_64/fat/aes-decrypt-internal.asm =================================================================== --- nettle-3.7.3.orig/x86_64/fat/aes-decrypt-internal.asm +++ /dev/null @@ -1,35 +0,0 @@ -C x86_64/fat/aes-decrypt-internal.asm - - -ifelse(` - Copyright (C) 2015 Niels Möller - - This file is part of GNU Nettle. - - GNU Nettle is free software: you can redistribute it and/or - modify it under the terms of either: - - * the GNU Lesser General Public License as published by the Free - Software Foundation; either version 3 of the License, or (at your - option) any later version. - - or - - * the GNU General Public License as published by the Free - Software Foundation; either version 2 of the License, or (at your - option) any later version. - - or both in parallel, as here. - - GNU Nettle is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received copies of the GNU General Public License and - the GNU Lesser General Public License along with this program. If - not, see http://www.gnu.org/licenses/. -') - -define(`fat_transform', `$1_x86_64') -include_src(`x86_64/aes-decrypt-internal.asm') Index: nettle-3.7.3/x86_64/fat/aes192-encrypt-2.asm =================================================================== --- /dev/null +++ nettle-3.7.3/x86_64/fat/aes192-encrypt-2.asm @@ -0,0 +1,36 @@ +C x86_64/fat/aes192-encrypt.asm + +ifelse(` + Copyright (C) 2021 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +dnl PROLOGUE(nettle_aes192_encrypt) picked up by configure + +define(`fat_transform', `_$1_aesni') +include_src(`x86_64/aesni/aes192-encrypt.asm') Index: nettle-3.7.3/x86_64/fat/aes256-decrypt-2.asm =================================================================== --- /dev/null +++ nettle-3.7.3/x86_64/fat/aes256-decrypt-2.asm @@ -0,0 +1,36 @@ +C x86_64/fat/aes256-decrypt.asm + +ifelse(` + Copyright (C) 2021 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +dnl PROLOGUE(nettle_aes256_decrypt) picked up by configure + +define(`fat_transform', `_$1_aesni') +include_src(`x86_64/aesni/aes256-decrypt.asm') Index: nettle-3.7.3/x86_64/fat/aes256-encrypt-2.asm =================================================================== --- /dev/null +++ nettle-3.7.3/x86_64/fat/aes256-encrypt-2.asm @@ -0,0 +1,36 @@ +C x86_64/fat/aes256-encrypt.asm + +ifelse(` + Copyright (C) 2021 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +dnl PROLOGUE(nettle_aes256_encrypt) picked up by configure + +define(`fat_transform', `_$1_aesni') +include_src(`x86_64/aesni/aes256-encrypt.asm') Index: nettle-3.7.3/Makefile.in =================================================================== --- nettle-3.7.3.orig/Makefile.in +++ nettle-3.7.3/Makefile.in @@ -74,8 +74,10 @@ dvi installcheck uninstallcheck: all-here: $(TARGETS) $(DOCTARGETS) -nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \ +nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c aes-decrypt-table.c \ + aes128-decrypt.c aes192-decrypt.c aes256-decrypt.c \ aes-encrypt-internal.c aes-encrypt.c aes-encrypt-table.c \ + aes128-encrypt.c aes192-encrypt.c aes256-encrypt.c \ aes-invert-internal.c aes-set-key-internal.c \ aes-set-encrypt-key.c aes-set-decrypt-key.c \ aes128-set-encrypt-key.c aes128-set-decrypt-key.c \ @@ -217,7 +219,7 @@ hogweed_SOURCES = sexp.c sexp-format.c \ ed448-shake256.c ed448-shake256-pubkey.c \ ed448-shake256-sign.c ed448-shake256-verify.c -OPT_SOURCES = fat-arm.c fat-ppc.c fat-x86_64.c mini-gmp.c +OPT_SOURCES = fat-arm.c fat-ppc.c fat-s390x.c fat-x86_64.c mini-gmp.c HEADERS = aes.h arcfour.h arctwo.h asn1.h blowfish.h \ base16.h base64.h bignum.h buffer.h camellia.h cast128.h \ @@ -616,7 +618,8 @@ distdir: $(DISTFILES) set -e; for d in sparc32 sparc64 x86 \ x86_64 x86_64/aesni x86_64/sha_ni x86_64/fat \ arm arm/neon arm/v6 arm/fat \ - powerpc64 powerpc64/p7 powerpc64/p8 powerpc64/fat ; do \ + powerpc64 powerpc64/p7 powerpc64/p8 powerpc64/fat \ + s390x s390x/vf s390x/msa s390x/msa_x1 s390x/msa_x2 s390x/msa_x4 s390x/fat ; do \ mkdir "$(distdir)/$$d" ; \ find "$(srcdir)/$$d" -maxdepth 1 '(' -name '*.asm' -o -name '*.m4' -o -name README ')' \ -exec cp '{}' "$(distdir)/$$d" ';' ; \ Index: nettle-3.7.3/configure.ac =================================================================== --- nettle-3.7.3.orig/configure.ac +++ nettle-3.7.3/configure.ac @@ -97,6 +97,14 @@ AC_ARG_ENABLE(power-altivec, AC_HELP_STRING([--enable-power-altivec], [Enable POWER altivec and vsx extensions. (default=no)]),, [enable_altivec=no]) +AC_ARG_ENABLE(s390x-vf, + AC_HELP_STRING([--enable-s390x-vf], [Enable vector facility on z/Architecture. (default=no)]),, + [enable_s390x_vf=no]) + +AC_ARG_ENABLE(s390x-msa, + AC_HELP_STRING([--enable-s390x-msa], [Enable message-security assist extensions on z/Architecture. (default=no)]),, + [enable_s390x_msa=no]) + AC_ARG_ENABLE(mini-gmp, AC_HELP_STRING([--enable-mini-gmp], [Enable mini-gmp, used instead of libgmp.]),, [enable_mini_gmp=no]) @@ -344,6 +352,17 @@ case "$host_cpu" in ABI=64 ]) ;; + *s390x*) + AC_TRY_COMPILE([ +#if defined(__s390x__) +#error 64-bit s390x +#endif + ], [], [ + ABI=32 + ], [ + ABI=64 + ]) + ;; esac if test "x$ABI" != xstandard ; then @@ -477,7 +496,23 @@ if test "x$enable_assembler" = xyes ; th fi fi ;; - + *s390x*) + if test "$ABI" = 64 ; then + asm_path="s390x" + if test "x$enable_fat" = xyes ; then + asm_path="s390x/fat $asm_path" + OPT_NETTLE_SOURCES="fat-s390x.c $OPT_NETTLE_SOURCES" + FAT_TEST_LIST="none vf msa msa_x1 msa_x2 msa_x4" + else + if test "$enable_s390x_vf" = yes ; then + asm_path="s390x/vf $asm_path" + fi + if test "$enable_s390x_msa" = yes ; then + asm_path="s390x/msa s390x/msa_x1 s390x/msa_x2 s390x/msa_x4 $asm_path" + fi + fi + fi + ;; *) enable_assembler=no ;; @@ -487,6 +522,12 @@ fi # Files which replace a C source file (or otherwise don't correspond # to a new object file). asm_replace_list="aes-encrypt-internal.asm aes-decrypt-internal.asm \ + aes128-set-encrypt-key.asm aes128-set-decrypt-key.asm \ + aes128-encrypt.asm aes128-decrypt.asm \ + aes192-set-encrypt-key.asm aes192-set-decrypt-key.asm \ + aes192-encrypt.asm aes192-decrypt.asm \ + aes256-set-encrypt-key.asm aes256-set-decrypt-key.asm \ + aes256-encrypt.asm aes256-decrypt.asm \ arcfour-crypt.asm camellia-crypt-internal.asm \ md5-compress.asm memxor.asm memxor3.asm \ poly1305-internal.asm \ @@ -497,8 +538,14 @@ asm_replace_list="aes-encrypt-internal.a sha3-permute.asm umac-nh.asm umac-nh-n.asm machine.m4" # Assembler files which generate additional object files if they are used. -asm_nettle_optional_list="gcm-hash.asm gcm-hash8.asm cpuid.asm \ - aes-encrypt-internal-2.asm aes-decrypt-internal-2.asm memxor-2.asm \ +asm_nettle_optional_list="gcm-hash.asm gcm-hash8.asm cpuid.asm cpu-facility.asm \ + aes-encrypt-internal-2.asm aes-decrypt-internal-2.asm memxor-2.asm memxor3-2.asm \ + aes128-set-encrypt-key-2.asm aes128-set-decrypt-key-2.asm \ + aes128-encrypt-2.asm aes128-decrypt-2.asm \ + aes192-set-encrypt-key-2.asm aes192-set-decrypt-key-2.asm \ + aes192-encrypt-2.asm aes192-decrypt-2.asm \ + aes256-set-encrypt-key-2.asm aes256-set-decrypt-key-2.asm \ + aes256-encrypt-2.asm aes256-decrypt-2.asm \ chacha-2core.asm chacha-3core.asm chacha-4core.asm chacha-core-internal-2.asm \ salsa20-2core.asm salsa20-core-internal-2.asm \ sha1-compress-2.asm sha256-compress-2.asm \ @@ -605,8 +652,24 @@ AC_SUBST([ASM_PPC_WANT_R_REGISTERS]) AH_VERBATIM([HAVE_NATIVE], [/* Define to 1 each of the following for which a native (ie. CPU specific) implementation of the corresponding routine exists. */ +#undef HAVE_NATIVE_memxor3 #undef HAVE_NATIVE_aes_decrypt #undef HAVE_NATIVE_aes_encrypt +#undef HAVE_NATIVE_aes128_decrypt +#undef HAVE_NATIVE_aes128_encrypt +#undef HAVE_NATIVE_aes128_invert_key +#undef HAVE_NATIVE_aes128_set_decrypt_key +#undef HAVE_NATIVE_aes128_set_encrypt_key +#undef HAVE_NATIVE_aes192_decrypt +#undef HAVE_NATIVE_aes192_encrypt +#undef HAVE_NATIVE_aes192_invert_key +#undef HAVE_NATIVE_aes192_set_decrypt_key +#undef HAVE_NATIVE_aes192_set_encrypt_key +#undef HAVE_NATIVE_aes256_decrypt +#undef HAVE_NATIVE_aes256_encrypt +#undef HAVE_NATIVE_aes256_invert_key +#undef HAVE_NATIVE_aes256_set_decrypt_key +#undef HAVE_NATIVE_aes256_set_encrypt_key #undef HAVE_NATIVE_chacha_core #undef HAVE_NATIVE_chacha_2core #undef HAVE_NATIVE_chacha_3core Index: nettle-3.7.3/s390x/README =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/README @@ -0,0 +1,60 @@ +Registers Conventions[1] + +Register Status Use + +r0, r1 General purpose Volatile +r2 Parameter passing and return values Volatile +r3, r4, r5 Parameter passing Volatile +r6 Parameter passing Saved +r7 - r11 Local variables Saved +r12 Local variable, commonly used as GOT pointer Saved +r13 Local variable, commonly used as Literal Pool pointer Saved +r14 Return address Volatile +r15 Stack pointer Saved + +f0, f2, f4, f6 Parameter passing and return values Volatile +f1, f3, f5, f7 General purpose Volatile +f8 – f15 General purpose Saved + +Vector Register Conventions + +Register Use + +VR0 - VR7 Volatile +VR8 - VR15 Bytes 0-7 are non-volatile, Bytes 8-15 are volatile +VR16 - VR23 Non-volatile +VR24 - VR31 Volatile + +General Registers[2] + +In addition to their use as accumulators in general +arithmetic and logical operations, 15 of the 16 general +registers are also used as base-address and +index registers in address generation. In these +cases, the registers are designated by a four-bit B +field or X field in an instruction. A value of zero in the +B or X field specifies that no base or index is to be +applied, and, thus, general register 0 cannot be designated +as containing a base address or index. + +Parameter passing[1] + +Values shorter than 64 bits are sign- or zero-extended (as appropriate) +to 64 bits. Arguments not handled in the registers are passed in the parameter +words of the caller’s stack frame. + +Dynamic stack space allocation[1] + +1. After a new stack frame is acquired, and before the first dynamic space +allocation, a new register, the frame pointer or FP, is set to the value of the +stack pointer. +2. The amount of dynamic space to be allocated is rounded up to a multiple of 8 +bytes, so that 8-byte stack alignment is maintained. +3. The stack pointer is decreased by the rounded byte count, and the address of +the previous stack frame (the back chain) may be stored at the word addressed +by the new stack pointer. The back chain is not necessary to restore from this +allocation at the end of the function since the frame pointer can be used to +restore the stack pointer. + +[1] http://legacy.redhat.com/pub/redhat/linux/7.1/es/os/s390x/doc/lzsabi0.pdf +[2] https://www.ibm.com/support/pages/zarchitecture-principles-operation Index: nettle-3.7.3/aes-decrypt-table.c =================================================================== --- /dev/null +++ nettle-3.7.3/aes-decrypt-table.c @@ -0,0 +1,345 @@ +/* aes-decrypt-table.c + + Decryption function for aes/rijndael block cipher. + + Copyright (C) 2002, 2013 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include <stdlib.h> + +#include "aes-internal.h" + +const struct aes_table +_nettle_aes_decrypt_table = + { /* isbox */ + { + 0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38, + 0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb, + 0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87, + 0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb, + 0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d, + 0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e, + 0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2, + 0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25, + 0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16, + 0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92, + 0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda, + 0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84, + 0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a, + 0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06, + 0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02, + 0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b, + 0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea, + 0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73, + 0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85, + 0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e, + 0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89, + 0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b, + 0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20, + 0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4, + 0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31, + 0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f, + 0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d, + 0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef, + 0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0, + 0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61, + 0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26, + 0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d, + }, + { /* itable */ + { + 0x50a7f451,0x5365417e,0xc3a4171a,0x965e273a, + 0xcb6bab3b,0xf1459d1f,0xab58faac,0x9303e34b, + 0x55fa3020,0xf66d76ad,0x9176cc88,0x254c02f5, + 0xfcd7e54f,0xd7cb2ac5,0x80443526,0x8fa362b5, + 0x495ab1de,0x671bba25,0x980eea45,0xe1c0fe5d, + 0x02752fc3,0x12f04c81,0xa397468d,0xc6f9d36b, + 0xe75f8f03,0x959c9215,0xeb7a6dbf,0xda595295, + 0x2d83bed4,0xd3217458,0x2969e049,0x44c8c98e, + 0x6a89c275,0x78798ef4,0x6b3e5899,0xdd71b927, + 0xb64fe1be,0x17ad88f0,0x66ac20c9,0xb43ace7d, + 0x184adf63,0x82311ae5,0x60335197,0x457f5362, + 0xe07764b1,0x84ae6bbb,0x1ca081fe,0x942b08f9, + 0x58684870,0x19fd458f,0x876cde94,0xb7f87b52, + 0x23d373ab,0xe2024b72,0x578f1fe3,0x2aab5566, + 0x0728ebb2,0x03c2b52f,0x9a7bc586,0xa50837d3, + 0xf2872830,0xb2a5bf23,0xba6a0302,0x5c8216ed, + 0x2b1ccf8a,0x92b479a7,0xf0f207f3,0xa1e2694e, + 0xcdf4da65,0xd5be0506,0x1f6234d1,0x8afea6c4, + 0x9d532e34,0xa055f3a2,0x32e18a05,0x75ebf6a4, + 0x39ec830b,0xaaef6040,0x069f715e,0x51106ebd, + 0xf98a213e,0x3d06dd96,0xae053edd,0x46bde64d, + 0xb58d5491,0x055dc471,0x6fd40604,0xff155060, + 0x24fb9819,0x97e9bdd6,0xcc434089,0x779ed967, + 0xbd42e8b0,0x888b8907,0x385b19e7,0xdbeec879, + 0x470a7ca1,0xe90f427c,0xc91e84f8,0x00000000, + 0x83868009,0x48ed2b32,0xac70111e,0x4e725a6c, + 0xfbff0efd,0x5638850f,0x1ed5ae3d,0x27392d36, + 0x64d90f0a,0x21a65c68,0xd1545b9b,0x3a2e3624, + 0xb1670a0c,0x0fe75793,0xd296eeb4,0x9e919b1b, + 0x4fc5c080,0xa220dc61,0x694b775a,0x161a121c, + 0x0aba93e2,0xe52aa0c0,0x43e0223c,0x1d171b12, + 0x0b0d090e,0xadc78bf2,0xb9a8b62d,0xc8a91e14, + 0x8519f157,0x4c0775af,0xbbdd99ee,0xfd607fa3, + 0x9f2601f7,0xbcf5725c,0xc53b6644,0x347efb5b, + 0x7629438b,0xdcc623cb,0x68fcedb6,0x63f1e4b8, + 0xcadc31d7,0x10856342,0x40229713,0x2011c684, + 0x7d244a85,0xf83dbbd2,0x1132f9ae,0x6da129c7, + 0x4b2f9e1d,0xf330b2dc,0xec52860d,0xd0e3c177, + 0x6c16b32b,0x99b970a9,0xfa489411,0x2264e947, + 0xc48cfca8,0x1a3ff0a0,0xd82c7d56,0xef903322, + 0xc74e4987,0xc1d138d9,0xfea2ca8c,0x360bd498, + 0xcf81f5a6,0x28de7aa5,0x268eb7da,0xa4bfad3f, + 0xe49d3a2c,0x0d927850,0x9bcc5f6a,0x62467e54, + 0xc2138df6,0xe8b8d890,0x5ef7392e,0xf5afc382, + 0xbe805d9f,0x7c93d069,0xa92dd56f,0xb31225cf, + 0x3b99acc8,0xa77d1810,0x6e639ce8,0x7bbb3bdb, + 0x097826cd,0xf418596e,0x01b79aec,0xa89a4f83, + 0x656e95e6,0x7ee6ffaa,0x08cfbc21,0xe6e815ef, + 0xd99be7ba,0xce366f4a,0xd4099fea,0xd67cb029, + 0xafb2a431,0x31233f2a,0x3094a5c6,0xc066a235, + 0x37bc4e74,0xa6ca82fc,0xb0d090e0,0x15d8a733, + 0x4a9804f1,0xf7daec41,0x0e50cd7f,0x2ff69117, + 0x8dd64d76,0x4db0ef43,0x544daacc,0xdf0496e4, + 0xe3b5d19e,0x1b886a4c,0xb81f2cc1,0x7f516546, + 0x04ea5e9d,0x5d358c01,0x737487fa,0x2e410bfb, + 0x5a1d67b3,0x52d2db92,0x335610e9,0x1347d66d, + 0x8c61d79a,0x7a0ca137,0x8e14f859,0x893c13eb, + 0xee27a9ce,0x35c961b7,0xede51ce1,0x3cb1477a, + 0x59dfd29c,0x3f73f255,0x79ce1418,0xbf37c773, + 0xeacdf753,0x5baafd5f,0x146f3ddf,0x86db4478, + 0x81f3afca,0x3ec468b9,0x2c342438,0x5f40a3c2, + 0x72c31d16,0x0c25e2bc,0x8b493c28,0x41950dff, + 0x7101a839,0xdeb30c08,0x9ce4b4d8,0x90c15664, + 0x6184cb7b,0x70b632d5,0x745c6c48,0x4257b8d0, + }, +#if !AES_SMALL + { /* Before: itable[1] */ + 0xa7f45150,0x65417e53,0xa4171ac3,0x5e273a96, + 0x6bab3bcb,0x459d1ff1,0x58faacab,0x03e34b93, + 0xfa302055,0x6d76adf6,0x76cc8891,0x4c02f525, + 0xd7e54ffc,0xcb2ac5d7,0x44352680,0xa362b58f, + 0x5ab1de49,0x1bba2567,0x0eea4598,0xc0fe5de1, + 0x752fc302,0xf04c8112,0x97468da3,0xf9d36bc6, + 0x5f8f03e7,0x9c921595,0x7a6dbfeb,0x595295da, + 0x83bed42d,0x217458d3,0x69e04929,0xc8c98e44, + 0x89c2756a,0x798ef478,0x3e58996b,0x71b927dd, + 0x4fe1beb6,0xad88f017,0xac20c966,0x3ace7db4, + 0x4adf6318,0x311ae582,0x33519760,0x7f536245, + 0x7764b1e0,0xae6bbb84,0xa081fe1c,0x2b08f994, + 0x68487058,0xfd458f19,0x6cde9487,0xf87b52b7, + 0xd373ab23,0x024b72e2,0x8f1fe357,0xab55662a, + 0x28ebb207,0xc2b52f03,0x7bc5869a,0x0837d3a5, + 0x872830f2,0xa5bf23b2,0x6a0302ba,0x8216ed5c, + 0x1ccf8a2b,0xb479a792,0xf207f3f0,0xe2694ea1, + 0xf4da65cd,0xbe0506d5,0x6234d11f,0xfea6c48a, + 0x532e349d,0x55f3a2a0,0xe18a0532,0xebf6a475, + 0xec830b39,0xef6040aa,0x9f715e06,0x106ebd51, + 0x8a213ef9,0x06dd963d,0x053eddae,0xbde64d46, + 0x8d5491b5,0x5dc47105,0xd406046f,0x155060ff, + 0xfb981924,0xe9bdd697,0x434089cc,0x9ed96777, + 0x42e8b0bd,0x8b890788,0x5b19e738,0xeec879db, + 0x0a7ca147,0x0f427ce9,0x1e84f8c9,0x00000000, + 0x86800983,0xed2b3248,0x70111eac,0x725a6c4e, + 0xff0efdfb,0x38850f56,0xd5ae3d1e,0x392d3627, + 0xd90f0a64,0xa65c6821,0x545b9bd1,0x2e36243a, + 0x670a0cb1,0xe757930f,0x96eeb4d2,0x919b1b9e, + 0xc5c0804f,0x20dc61a2,0x4b775a69,0x1a121c16, + 0xba93e20a,0x2aa0c0e5,0xe0223c43,0x171b121d, + 0x0d090e0b,0xc78bf2ad,0xa8b62db9,0xa91e14c8, + 0x19f15785,0x0775af4c,0xdd99eebb,0x607fa3fd, + 0x2601f79f,0xf5725cbc,0x3b6644c5,0x7efb5b34, + 0x29438b76,0xc623cbdc,0xfcedb668,0xf1e4b863, + 0xdc31d7ca,0x85634210,0x22971340,0x11c68420, + 0x244a857d,0x3dbbd2f8,0x32f9ae11,0xa129c76d, + 0x2f9e1d4b,0x30b2dcf3,0x52860dec,0xe3c177d0, + 0x16b32b6c,0xb970a999,0x489411fa,0x64e94722, + 0x8cfca8c4,0x3ff0a01a,0x2c7d56d8,0x903322ef, + 0x4e4987c7,0xd138d9c1,0xa2ca8cfe,0x0bd49836, + 0x81f5a6cf,0xde7aa528,0x8eb7da26,0xbfad3fa4, + 0x9d3a2ce4,0x9278500d,0xcc5f6a9b,0x467e5462, + 0x138df6c2,0xb8d890e8,0xf7392e5e,0xafc382f5, + 0x805d9fbe,0x93d0697c,0x2dd56fa9,0x1225cfb3, + 0x99acc83b,0x7d1810a7,0x639ce86e,0xbb3bdb7b, + 0x7826cd09,0x18596ef4,0xb79aec01,0x9a4f83a8, + 0x6e95e665,0xe6ffaa7e,0xcfbc2108,0xe815efe6, + 0x9be7bad9,0x366f4ace,0x099fead4,0x7cb029d6, + 0xb2a431af,0x233f2a31,0x94a5c630,0x66a235c0, + 0xbc4e7437,0xca82fca6,0xd090e0b0,0xd8a73315, + 0x9804f14a,0xdaec41f7,0x50cd7f0e,0xf691172f, + 0xd64d768d,0xb0ef434d,0x4daacc54,0x0496e4df, + 0xb5d19ee3,0x886a4c1b,0x1f2cc1b8,0x5165467f, + 0xea5e9d04,0x358c015d,0x7487fa73,0x410bfb2e, + 0x1d67b35a,0xd2db9252,0x5610e933,0x47d66d13, + 0x61d79a8c,0x0ca1377a,0x14f8598e,0x3c13eb89, + 0x27a9ceee,0xc961b735,0xe51ce1ed,0xb1477a3c, + 0xdfd29c59,0x73f2553f,0xce141879,0x37c773bf, + 0xcdf753ea,0xaafd5f5b,0x6f3ddf14,0xdb447886, + 0xf3afca81,0xc468b93e,0x3424382c,0x40a3c25f, + 0xc31d1672,0x25e2bc0c,0x493c288b,0x950dff41, + 0x01a83971,0xb30c08de,0xe4b4d89c,0xc1566490, + 0x84cb7b61,0xb632d570,0x5c6c4874,0x57b8d042, + },{ /* Before: itable[2] */ + 0xf45150a7,0x417e5365,0x171ac3a4,0x273a965e, + 0xab3bcb6b,0x9d1ff145,0xfaacab58,0xe34b9303, + 0x302055fa,0x76adf66d,0xcc889176,0x02f5254c, + 0xe54ffcd7,0x2ac5d7cb,0x35268044,0x62b58fa3, + 0xb1de495a,0xba25671b,0xea45980e,0xfe5de1c0, + 0x2fc30275,0x4c8112f0,0x468da397,0xd36bc6f9, + 0x8f03e75f,0x9215959c,0x6dbfeb7a,0x5295da59, + 0xbed42d83,0x7458d321,0xe0492969,0xc98e44c8, + 0xc2756a89,0x8ef47879,0x58996b3e,0xb927dd71, + 0xe1beb64f,0x88f017ad,0x20c966ac,0xce7db43a, + 0xdf63184a,0x1ae58231,0x51976033,0x5362457f, + 0x64b1e077,0x6bbb84ae,0x81fe1ca0,0x08f9942b, + 0x48705868,0x458f19fd,0xde94876c,0x7b52b7f8, + 0x73ab23d3,0x4b72e202,0x1fe3578f,0x55662aab, + 0xebb20728,0xb52f03c2,0xc5869a7b,0x37d3a508, + 0x2830f287,0xbf23b2a5,0x0302ba6a,0x16ed5c82, + 0xcf8a2b1c,0x79a792b4,0x07f3f0f2,0x694ea1e2, + 0xda65cdf4,0x0506d5be,0x34d11f62,0xa6c48afe, + 0x2e349d53,0xf3a2a055,0x8a0532e1,0xf6a475eb, + 0x830b39ec,0x6040aaef,0x715e069f,0x6ebd5110, + 0x213ef98a,0xdd963d06,0x3eddae05,0xe64d46bd, + 0x5491b58d,0xc471055d,0x06046fd4,0x5060ff15, + 0x981924fb,0xbdd697e9,0x4089cc43,0xd967779e, + 0xe8b0bd42,0x8907888b,0x19e7385b,0xc879dbee, + 0x7ca1470a,0x427ce90f,0x84f8c91e,0x00000000, + 0x80098386,0x2b3248ed,0x111eac70,0x5a6c4e72, + 0x0efdfbff,0x850f5638,0xae3d1ed5,0x2d362739, + 0x0f0a64d9,0x5c6821a6,0x5b9bd154,0x36243a2e, + 0x0a0cb167,0x57930fe7,0xeeb4d296,0x9b1b9e91, + 0xc0804fc5,0xdc61a220,0x775a694b,0x121c161a, + 0x93e20aba,0xa0c0e52a,0x223c43e0,0x1b121d17, + 0x090e0b0d,0x8bf2adc7,0xb62db9a8,0x1e14c8a9, + 0xf1578519,0x75af4c07,0x99eebbdd,0x7fa3fd60, + 0x01f79f26,0x725cbcf5,0x6644c53b,0xfb5b347e, + 0x438b7629,0x23cbdcc6,0xedb668fc,0xe4b863f1, + 0x31d7cadc,0x63421085,0x97134022,0xc6842011, + 0x4a857d24,0xbbd2f83d,0xf9ae1132,0x29c76da1, + 0x9e1d4b2f,0xb2dcf330,0x860dec52,0xc177d0e3, + 0xb32b6c16,0x70a999b9,0x9411fa48,0xe9472264, + 0xfca8c48c,0xf0a01a3f,0x7d56d82c,0x3322ef90, + 0x4987c74e,0x38d9c1d1,0xca8cfea2,0xd498360b, + 0xf5a6cf81,0x7aa528de,0xb7da268e,0xad3fa4bf, + 0x3a2ce49d,0x78500d92,0x5f6a9bcc,0x7e546246, + 0x8df6c213,0xd890e8b8,0x392e5ef7,0xc382f5af, + 0x5d9fbe80,0xd0697c93,0xd56fa92d,0x25cfb312, + 0xacc83b99,0x1810a77d,0x9ce86e63,0x3bdb7bbb, + 0x26cd0978,0x596ef418,0x9aec01b7,0x4f83a89a, + 0x95e6656e,0xffaa7ee6,0xbc2108cf,0x15efe6e8, + 0xe7bad99b,0x6f4ace36,0x9fead409,0xb029d67c, + 0xa431afb2,0x3f2a3123,0xa5c63094,0xa235c066, + 0x4e7437bc,0x82fca6ca,0x90e0b0d0,0xa73315d8, + 0x04f14a98,0xec41f7da,0xcd7f0e50,0x91172ff6, + 0x4d768dd6,0xef434db0,0xaacc544d,0x96e4df04, + 0xd19ee3b5,0x6a4c1b88,0x2cc1b81f,0x65467f51, + 0x5e9d04ea,0x8c015d35,0x87fa7374,0x0bfb2e41, + 0x67b35a1d,0xdb9252d2,0x10e93356,0xd66d1347, + 0xd79a8c61,0xa1377a0c,0xf8598e14,0x13eb893c, + 0xa9ceee27,0x61b735c9,0x1ce1ede5,0x477a3cb1, + 0xd29c59df,0xf2553f73,0x141879ce,0xc773bf37, + 0xf753eacd,0xfd5f5baa,0x3ddf146f,0x447886db, + 0xafca81f3,0x68b93ec4,0x24382c34,0xa3c25f40, + 0x1d1672c3,0xe2bc0c25,0x3c288b49,0x0dff4195, + 0xa8397101,0x0c08deb3,0xb4d89ce4,0x566490c1, + 0xcb7b6184,0x32d570b6,0x6c48745c,0xb8d04257, + },{ /* Before: itable[3] */ + 0x5150a7f4,0x7e536541,0x1ac3a417,0x3a965e27, + 0x3bcb6bab,0x1ff1459d,0xacab58fa,0x4b9303e3, + 0x2055fa30,0xadf66d76,0x889176cc,0xf5254c02, + 0x4ffcd7e5,0xc5d7cb2a,0x26804435,0xb58fa362, + 0xde495ab1,0x25671bba,0x45980eea,0x5de1c0fe, + 0xc302752f,0x8112f04c,0x8da39746,0x6bc6f9d3, + 0x03e75f8f,0x15959c92,0xbfeb7a6d,0x95da5952, + 0xd42d83be,0x58d32174,0x492969e0,0x8e44c8c9, + 0x756a89c2,0xf478798e,0x996b3e58,0x27dd71b9, + 0xbeb64fe1,0xf017ad88,0xc966ac20,0x7db43ace, + 0x63184adf,0xe582311a,0x97603351,0x62457f53, + 0xb1e07764,0xbb84ae6b,0xfe1ca081,0xf9942b08, + 0x70586848,0x8f19fd45,0x94876cde,0x52b7f87b, + 0xab23d373,0x72e2024b,0xe3578f1f,0x662aab55, + 0xb20728eb,0x2f03c2b5,0x869a7bc5,0xd3a50837, + 0x30f28728,0x23b2a5bf,0x02ba6a03,0xed5c8216, + 0x8a2b1ccf,0xa792b479,0xf3f0f207,0x4ea1e269, + 0x65cdf4da,0x06d5be05,0xd11f6234,0xc48afea6, + 0x349d532e,0xa2a055f3,0x0532e18a,0xa475ebf6, + 0x0b39ec83,0x40aaef60,0x5e069f71,0xbd51106e, + 0x3ef98a21,0x963d06dd,0xddae053e,0x4d46bde6, + 0x91b58d54,0x71055dc4,0x046fd406,0x60ff1550, + 0x1924fb98,0xd697e9bd,0x89cc4340,0x67779ed9, + 0xb0bd42e8,0x07888b89,0xe7385b19,0x79dbeec8, + 0xa1470a7c,0x7ce90f42,0xf8c91e84,0x00000000, + 0x09838680,0x3248ed2b,0x1eac7011,0x6c4e725a, + 0xfdfbff0e,0x0f563885,0x3d1ed5ae,0x3627392d, + 0x0a64d90f,0x6821a65c,0x9bd1545b,0x243a2e36, + 0x0cb1670a,0x930fe757,0xb4d296ee,0x1b9e919b, + 0x804fc5c0,0x61a220dc,0x5a694b77,0x1c161a12, + 0xe20aba93,0xc0e52aa0,0x3c43e022,0x121d171b, + 0x0e0b0d09,0xf2adc78b,0x2db9a8b6,0x14c8a91e, + 0x578519f1,0xaf4c0775,0xeebbdd99,0xa3fd607f, + 0xf79f2601,0x5cbcf572,0x44c53b66,0x5b347efb, + 0x8b762943,0xcbdcc623,0xb668fced,0xb863f1e4, + 0xd7cadc31,0x42108563,0x13402297,0x842011c6, + 0x857d244a,0xd2f83dbb,0xae1132f9,0xc76da129, + 0x1d4b2f9e,0xdcf330b2,0x0dec5286,0x77d0e3c1, + 0x2b6c16b3,0xa999b970,0x11fa4894,0x472264e9, + 0xa8c48cfc,0xa01a3ff0,0x56d82c7d,0x22ef9033, + 0x87c74e49,0xd9c1d138,0x8cfea2ca,0x98360bd4, + 0xa6cf81f5,0xa528de7a,0xda268eb7,0x3fa4bfad, + 0x2ce49d3a,0x500d9278,0x6a9bcc5f,0x5462467e, + 0xf6c2138d,0x90e8b8d8,0x2e5ef739,0x82f5afc3, + 0x9fbe805d,0x697c93d0,0x6fa92dd5,0xcfb31225, + 0xc83b99ac,0x10a77d18,0xe86e639c,0xdb7bbb3b, + 0xcd097826,0x6ef41859,0xec01b79a,0x83a89a4f, + 0xe6656e95,0xaa7ee6ff,0x2108cfbc,0xefe6e815, + 0xbad99be7,0x4ace366f,0xead4099f,0x29d67cb0, + 0x31afb2a4,0x2a31233f,0xc63094a5,0x35c066a2, + 0x7437bc4e,0xfca6ca82,0xe0b0d090,0x3315d8a7, + 0xf14a9804,0x41f7daec,0x7f0e50cd,0x172ff691, + 0x768dd64d,0x434db0ef,0xcc544daa,0xe4df0496, + 0x9ee3b5d1,0x4c1b886a,0xc1b81f2c,0x467f5165, + 0x9d04ea5e,0x015d358c,0xfa737487,0xfb2e410b, + 0xb35a1d67,0x9252d2db,0xe9335610,0x6d1347d6, + 0x9a8c61d7,0x377a0ca1,0x598e14f8,0xeb893c13, + 0xceee27a9,0xb735c961,0xe1ede51c,0x7a3cb147, + 0x9c59dfd2,0x553f73f2,0x1879ce14,0x73bf37c7, + 0x53eacdf7,0x5f5baafd,0xdf146f3d,0x7886db44, + 0xca81f3af,0xb93ec468,0x382c3424,0xc25f40a3, + 0x1672c31d,0xbc0c25e2,0x288b493c,0xff41950d, + 0x397101a8,0x08deb30c,0xd89ce4b4,0x6490c156, + 0x7b6184cb,0xd570b632,0x48745c6c,0xd04257b8, + }, +#endif /* !AES_SMALL */ + } + }; Index: nettle-3.7.3/aes-decrypt.c =================================================================== --- nettle-3.7.3.orig/aes-decrypt.c +++ nettle-3.7.3/aes-decrypt.c @@ -35,316 +35,10 @@ # include "config.h" #endif -#include <assert.h> #include <stdlib.h> #include "aes-internal.h" -static const struct aes_table -_aes_decrypt_table = - { /* isbox */ - { - 0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38, - 0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb, - 0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87, - 0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb, - 0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d, - 0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e, - 0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2, - 0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25, - 0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16, - 0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92, - 0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda, - 0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84, - 0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a, - 0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06, - 0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02, - 0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b, - 0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea, - 0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73, - 0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85, - 0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e, - 0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89, - 0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b, - 0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20, - 0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4, - 0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31, - 0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f, - 0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d, - 0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef, - 0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0, - 0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61, - 0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26, - 0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d, - }, - { /* itable */ - { - 0x50a7f451,0x5365417e,0xc3a4171a,0x965e273a, - 0xcb6bab3b,0xf1459d1f,0xab58faac,0x9303e34b, - 0x55fa3020,0xf66d76ad,0x9176cc88,0x254c02f5, - 0xfcd7e54f,0xd7cb2ac5,0x80443526,0x8fa362b5, - 0x495ab1de,0x671bba25,0x980eea45,0xe1c0fe5d, - 0x02752fc3,0x12f04c81,0xa397468d,0xc6f9d36b, - 0xe75f8f03,0x959c9215,0xeb7a6dbf,0xda595295, - 0x2d83bed4,0xd3217458,0x2969e049,0x44c8c98e, - 0x6a89c275,0x78798ef4,0x6b3e5899,0xdd71b927, - 0xb64fe1be,0x17ad88f0,0x66ac20c9,0xb43ace7d, - 0x184adf63,0x82311ae5,0x60335197,0x457f5362, - 0xe07764b1,0x84ae6bbb,0x1ca081fe,0x942b08f9, - 0x58684870,0x19fd458f,0x876cde94,0xb7f87b52, - 0x23d373ab,0xe2024b72,0x578f1fe3,0x2aab5566, - 0x0728ebb2,0x03c2b52f,0x9a7bc586,0xa50837d3, - 0xf2872830,0xb2a5bf23,0xba6a0302,0x5c8216ed, - 0x2b1ccf8a,0x92b479a7,0xf0f207f3,0xa1e2694e, - 0xcdf4da65,0xd5be0506,0x1f6234d1,0x8afea6c4, - 0x9d532e34,0xa055f3a2,0x32e18a05,0x75ebf6a4, - 0x39ec830b,0xaaef6040,0x069f715e,0x51106ebd, - 0xf98a213e,0x3d06dd96,0xae053edd,0x46bde64d, - 0xb58d5491,0x055dc471,0x6fd40604,0xff155060, - 0x24fb9819,0x97e9bdd6,0xcc434089,0x779ed967, - 0xbd42e8b0,0x888b8907,0x385b19e7,0xdbeec879, - 0x470a7ca1,0xe90f427c,0xc91e84f8,0x00000000, - 0x83868009,0x48ed2b32,0xac70111e,0x4e725a6c, - 0xfbff0efd,0x5638850f,0x1ed5ae3d,0x27392d36, - 0x64d90f0a,0x21a65c68,0xd1545b9b,0x3a2e3624, - 0xb1670a0c,0x0fe75793,0xd296eeb4,0x9e919b1b, - 0x4fc5c080,0xa220dc61,0x694b775a,0x161a121c, - 0x0aba93e2,0xe52aa0c0,0x43e0223c,0x1d171b12, - 0x0b0d090e,0xadc78bf2,0xb9a8b62d,0xc8a91e14, - 0x8519f157,0x4c0775af,0xbbdd99ee,0xfd607fa3, - 0x9f2601f7,0xbcf5725c,0xc53b6644,0x347efb5b, - 0x7629438b,0xdcc623cb,0x68fcedb6,0x63f1e4b8, - 0xcadc31d7,0x10856342,0x40229713,0x2011c684, - 0x7d244a85,0xf83dbbd2,0x1132f9ae,0x6da129c7, - 0x4b2f9e1d,0xf330b2dc,0xec52860d,0xd0e3c177, - 0x6c16b32b,0x99b970a9,0xfa489411,0x2264e947, - 0xc48cfca8,0x1a3ff0a0,0xd82c7d56,0xef903322, - 0xc74e4987,0xc1d138d9,0xfea2ca8c,0x360bd498, - 0xcf81f5a6,0x28de7aa5,0x268eb7da,0xa4bfad3f, - 0xe49d3a2c,0x0d927850,0x9bcc5f6a,0x62467e54, - 0xc2138df6,0xe8b8d890,0x5ef7392e,0xf5afc382, - 0xbe805d9f,0x7c93d069,0xa92dd56f,0xb31225cf, - 0x3b99acc8,0xa77d1810,0x6e639ce8,0x7bbb3bdb, - 0x097826cd,0xf418596e,0x01b79aec,0xa89a4f83, - 0x656e95e6,0x7ee6ffaa,0x08cfbc21,0xe6e815ef, - 0xd99be7ba,0xce366f4a,0xd4099fea,0xd67cb029, - 0xafb2a431,0x31233f2a,0x3094a5c6,0xc066a235, - 0x37bc4e74,0xa6ca82fc,0xb0d090e0,0x15d8a733, - 0x4a9804f1,0xf7daec41,0x0e50cd7f,0x2ff69117, - 0x8dd64d76,0x4db0ef43,0x544daacc,0xdf0496e4, - 0xe3b5d19e,0x1b886a4c,0xb81f2cc1,0x7f516546, - 0x04ea5e9d,0x5d358c01,0x737487fa,0x2e410bfb, - 0x5a1d67b3,0x52d2db92,0x335610e9,0x1347d66d, - 0x8c61d79a,0x7a0ca137,0x8e14f859,0x893c13eb, - 0xee27a9ce,0x35c961b7,0xede51ce1,0x3cb1477a, - 0x59dfd29c,0x3f73f255,0x79ce1418,0xbf37c773, - 0xeacdf753,0x5baafd5f,0x146f3ddf,0x86db4478, - 0x81f3afca,0x3ec468b9,0x2c342438,0x5f40a3c2, - 0x72c31d16,0x0c25e2bc,0x8b493c28,0x41950dff, - 0x7101a839,0xdeb30c08,0x9ce4b4d8,0x90c15664, - 0x6184cb7b,0x70b632d5,0x745c6c48,0x4257b8d0, - }, -#if !AES_SMALL - { /* Before: itable[1] */ - 0xa7f45150,0x65417e53,0xa4171ac3,0x5e273a96, - 0x6bab3bcb,0x459d1ff1,0x58faacab,0x03e34b93, - 0xfa302055,0x6d76adf6,0x76cc8891,0x4c02f525, - 0xd7e54ffc,0xcb2ac5d7,0x44352680,0xa362b58f, - 0x5ab1de49,0x1bba2567,0x0eea4598,0xc0fe5de1, - 0x752fc302,0xf04c8112,0x97468da3,0xf9d36bc6, - 0x5f8f03e7,0x9c921595,0x7a6dbfeb,0x595295da, - 0x83bed42d,0x217458d3,0x69e04929,0xc8c98e44, - 0x89c2756a,0x798ef478,0x3e58996b,0x71b927dd, - 0x4fe1beb6,0xad88f017,0xac20c966,0x3ace7db4, - 0x4adf6318,0x311ae582,0x33519760,0x7f536245, - 0x7764b1e0,0xae6bbb84,0xa081fe1c,0x2b08f994, - 0x68487058,0xfd458f19,0x6cde9487,0xf87b52b7, - 0xd373ab23,0x024b72e2,0x8f1fe357,0xab55662a, - 0x28ebb207,0xc2b52f03,0x7bc5869a,0x0837d3a5, - 0x872830f2,0xa5bf23b2,0x6a0302ba,0x8216ed5c, - 0x1ccf8a2b,0xb479a792,0xf207f3f0,0xe2694ea1, - 0xf4da65cd,0xbe0506d5,0x6234d11f,0xfea6c48a, - 0x532e349d,0x55f3a2a0,0xe18a0532,0xebf6a475, - 0xec830b39,0xef6040aa,0x9f715e06,0x106ebd51, - 0x8a213ef9,0x06dd963d,0x053eddae,0xbde64d46, - 0x8d5491b5,0x5dc47105,0xd406046f,0x155060ff, - 0xfb981924,0xe9bdd697,0x434089cc,0x9ed96777, - 0x42e8b0bd,0x8b890788,0x5b19e738,0xeec879db, - 0x0a7ca147,0x0f427ce9,0x1e84f8c9,0x00000000, - 0x86800983,0xed2b3248,0x70111eac,0x725a6c4e, - 0xff0efdfb,0x38850f56,0xd5ae3d1e,0x392d3627, - 0xd90f0a64,0xa65c6821,0x545b9bd1,0x2e36243a, - 0x670a0cb1,0xe757930f,0x96eeb4d2,0x919b1b9e, - 0xc5c0804f,0x20dc61a2,0x4b775a69,0x1a121c16, - 0xba93e20a,0x2aa0c0e5,0xe0223c43,0x171b121d, - 0x0d090e0b,0xc78bf2ad,0xa8b62db9,0xa91e14c8, - 0x19f15785,0x0775af4c,0xdd99eebb,0x607fa3fd, - 0x2601f79f,0xf5725cbc,0x3b6644c5,0x7efb5b34, - 0x29438b76,0xc623cbdc,0xfcedb668,0xf1e4b863, - 0xdc31d7ca,0x85634210,0x22971340,0x11c68420, - 0x244a857d,0x3dbbd2f8,0x32f9ae11,0xa129c76d, - 0x2f9e1d4b,0x30b2dcf3,0x52860dec,0xe3c177d0, - 0x16b32b6c,0xb970a999,0x489411fa,0x64e94722, - 0x8cfca8c4,0x3ff0a01a,0x2c7d56d8,0x903322ef, - 0x4e4987c7,0xd138d9c1,0xa2ca8cfe,0x0bd49836, - 0x81f5a6cf,0xde7aa528,0x8eb7da26,0xbfad3fa4, - 0x9d3a2ce4,0x9278500d,0xcc5f6a9b,0x467e5462, - 0x138df6c2,0xb8d890e8,0xf7392e5e,0xafc382f5, - 0x805d9fbe,0x93d0697c,0x2dd56fa9,0x1225cfb3, - 0x99acc83b,0x7d1810a7,0x639ce86e,0xbb3bdb7b, - 0x7826cd09,0x18596ef4,0xb79aec01,0x9a4f83a8, - 0x6e95e665,0xe6ffaa7e,0xcfbc2108,0xe815efe6, - 0x9be7bad9,0x366f4ace,0x099fead4,0x7cb029d6, - 0xb2a431af,0x233f2a31,0x94a5c630,0x66a235c0, - 0xbc4e7437,0xca82fca6,0xd090e0b0,0xd8a73315, - 0x9804f14a,0xdaec41f7,0x50cd7f0e,0xf691172f, - 0xd64d768d,0xb0ef434d,0x4daacc54,0x0496e4df, - 0xb5d19ee3,0x886a4c1b,0x1f2cc1b8,0x5165467f, - 0xea5e9d04,0x358c015d,0x7487fa73,0x410bfb2e, - 0x1d67b35a,0xd2db9252,0x5610e933,0x47d66d13, - 0x61d79a8c,0x0ca1377a,0x14f8598e,0x3c13eb89, - 0x27a9ceee,0xc961b735,0xe51ce1ed,0xb1477a3c, - 0xdfd29c59,0x73f2553f,0xce141879,0x37c773bf, - 0xcdf753ea,0xaafd5f5b,0x6f3ddf14,0xdb447886, - 0xf3afca81,0xc468b93e,0x3424382c,0x40a3c25f, - 0xc31d1672,0x25e2bc0c,0x493c288b,0x950dff41, - 0x01a83971,0xb30c08de,0xe4b4d89c,0xc1566490, - 0x84cb7b61,0xb632d570,0x5c6c4874,0x57b8d042, - },{ /* Before: itable[2] */ - 0xf45150a7,0x417e5365,0x171ac3a4,0x273a965e, - 0xab3bcb6b,0x9d1ff145,0xfaacab58,0xe34b9303, - 0x302055fa,0x76adf66d,0xcc889176,0x02f5254c, - 0xe54ffcd7,0x2ac5d7cb,0x35268044,0x62b58fa3, - 0xb1de495a,0xba25671b,0xea45980e,0xfe5de1c0, - 0x2fc30275,0x4c8112f0,0x468da397,0xd36bc6f9, - 0x8f03e75f,0x9215959c,0x6dbfeb7a,0x5295da59, - 0xbed42d83,0x7458d321,0xe0492969,0xc98e44c8, - 0xc2756a89,0x8ef47879,0x58996b3e,0xb927dd71, - 0xe1beb64f,0x88f017ad,0x20c966ac,0xce7db43a, - 0xdf63184a,0x1ae58231,0x51976033,0x5362457f, - 0x64b1e077,0x6bbb84ae,0x81fe1ca0,0x08f9942b, - 0x48705868,0x458f19fd,0xde94876c,0x7b52b7f8, - 0x73ab23d3,0x4b72e202,0x1fe3578f,0x55662aab, - 0xebb20728,0xb52f03c2,0xc5869a7b,0x37d3a508, - 0x2830f287,0xbf23b2a5,0x0302ba6a,0x16ed5c82, - 0xcf8a2b1c,0x79a792b4,0x07f3f0f2,0x694ea1e2, - 0xda65cdf4,0x0506d5be,0x34d11f62,0xa6c48afe, - 0x2e349d53,0xf3a2a055,0x8a0532e1,0xf6a475eb, - 0x830b39ec,0x6040aaef,0x715e069f,0x6ebd5110, - 0x213ef98a,0xdd963d06,0x3eddae05,0xe64d46bd, - 0x5491b58d,0xc471055d,0x06046fd4,0x5060ff15, - 0x981924fb,0xbdd697e9,0x4089cc43,0xd967779e, - 0xe8b0bd42,0x8907888b,0x19e7385b,0xc879dbee, - 0x7ca1470a,0x427ce90f,0x84f8c91e,0x00000000, - 0x80098386,0x2b3248ed,0x111eac70,0x5a6c4e72, - 0x0efdfbff,0x850f5638,0xae3d1ed5,0x2d362739, - 0x0f0a64d9,0x5c6821a6,0x5b9bd154,0x36243a2e, - 0x0a0cb167,0x57930fe7,0xeeb4d296,0x9b1b9e91, - 0xc0804fc5,0xdc61a220,0x775a694b,0x121c161a, - 0x93e20aba,0xa0c0e52a,0x223c43e0,0x1b121d17, - 0x090e0b0d,0x8bf2adc7,0xb62db9a8,0x1e14c8a9, - 0xf1578519,0x75af4c07,0x99eebbdd,0x7fa3fd60, - 0x01f79f26,0x725cbcf5,0x6644c53b,0xfb5b347e, - 0x438b7629,0x23cbdcc6,0xedb668fc,0xe4b863f1, - 0x31d7cadc,0x63421085,0x97134022,0xc6842011, - 0x4a857d24,0xbbd2f83d,0xf9ae1132,0x29c76da1, - 0x9e1d4b2f,0xb2dcf330,0x860dec52,0xc177d0e3, - 0xb32b6c16,0x70a999b9,0x9411fa48,0xe9472264, - 0xfca8c48c,0xf0a01a3f,0x7d56d82c,0x3322ef90, - 0x4987c74e,0x38d9c1d1,0xca8cfea2,0xd498360b, - 0xf5a6cf81,0x7aa528de,0xb7da268e,0xad3fa4bf, - 0x3a2ce49d,0x78500d92,0x5f6a9bcc,0x7e546246, - 0x8df6c213,0xd890e8b8,0x392e5ef7,0xc382f5af, - 0x5d9fbe80,0xd0697c93,0xd56fa92d,0x25cfb312, - 0xacc83b99,0x1810a77d,0x9ce86e63,0x3bdb7bbb, - 0x26cd0978,0x596ef418,0x9aec01b7,0x4f83a89a, - 0x95e6656e,0xffaa7ee6,0xbc2108cf,0x15efe6e8, - 0xe7bad99b,0x6f4ace36,0x9fead409,0xb029d67c, - 0xa431afb2,0x3f2a3123,0xa5c63094,0xa235c066, - 0x4e7437bc,0x82fca6ca,0x90e0b0d0,0xa73315d8, - 0x04f14a98,0xec41f7da,0xcd7f0e50,0x91172ff6, - 0x4d768dd6,0xef434db0,0xaacc544d,0x96e4df04, - 0xd19ee3b5,0x6a4c1b88,0x2cc1b81f,0x65467f51, - 0x5e9d04ea,0x8c015d35,0x87fa7374,0x0bfb2e41, - 0x67b35a1d,0xdb9252d2,0x10e93356,0xd66d1347, - 0xd79a8c61,0xa1377a0c,0xf8598e14,0x13eb893c, - 0xa9ceee27,0x61b735c9,0x1ce1ede5,0x477a3cb1, - 0xd29c59df,0xf2553f73,0x141879ce,0xc773bf37, - 0xf753eacd,0xfd5f5baa,0x3ddf146f,0x447886db, - 0xafca81f3,0x68b93ec4,0x24382c34,0xa3c25f40, - 0x1d1672c3,0xe2bc0c25,0x3c288b49,0x0dff4195, - 0xa8397101,0x0c08deb3,0xb4d89ce4,0x566490c1, - 0xcb7b6184,0x32d570b6,0x6c48745c,0xb8d04257, - },{ /* Before: itable[3] */ - 0x5150a7f4,0x7e536541,0x1ac3a417,0x3a965e27, - 0x3bcb6bab,0x1ff1459d,0xacab58fa,0x4b9303e3, - 0x2055fa30,0xadf66d76,0x889176cc,0xf5254c02, - 0x4ffcd7e5,0xc5d7cb2a,0x26804435,0xb58fa362, - 0xde495ab1,0x25671bba,0x45980eea,0x5de1c0fe, - 0xc302752f,0x8112f04c,0x8da39746,0x6bc6f9d3, - 0x03e75f8f,0x15959c92,0xbfeb7a6d,0x95da5952, - 0xd42d83be,0x58d32174,0x492969e0,0x8e44c8c9, - 0x756a89c2,0xf478798e,0x996b3e58,0x27dd71b9, - 0xbeb64fe1,0xf017ad88,0xc966ac20,0x7db43ace, - 0x63184adf,0xe582311a,0x97603351,0x62457f53, - 0xb1e07764,0xbb84ae6b,0xfe1ca081,0xf9942b08, - 0x70586848,0x8f19fd45,0x94876cde,0x52b7f87b, - 0xab23d373,0x72e2024b,0xe3578f1f,0x662aab55, - 0xb20728eb,0x2f03c2b5,0x869a7bc5,0xd3a50837, - 0x30f28728,0x23b2a5bf,0x02ba6a03,0xed5c8216, - 0x8a2b1ccf,0xa792b479,0xf3f0f207,0x4ea1e269, - 0x65cdf4da,0x06d5be05,0xd11f6234,0xc48afea6, - 0x349d532e,0xa2a055f3,0x0532e18a,0xa475ebf6, - 0x0b39ec83,0x40aaef60,0x5e069f71,0xbd51106e, - 0x3ef98a21,0x963d06dd,0xddae053e,0x4d46bde6, - 0x91b58d54,0x71055dc4,0x046fd406,0x60ff1550, - 0x1924fb98,0xd697e9bd,0x89cc4340,0x67779ed9, - 0xb0bd42e8,0x07888b89,0xe7385b19,0x79dbeec8, - 0xa1470a7c,0x7ce90f42,0xf8c91e84,0x00000000, - 0x09838680,0x3248ed2b,0x1eac7011,0x6c4e725a, - 0xfdfbff0e,0x0f563885,0x3d1ed5ae,0x3627392d, - 0x0a64d90f,0x6821a65c,0x9bd1545b,0x243a2e36, - 0x0cb1670a,0x930fe757,0xb4d296ee,0x1b9e919b, - 0x804fc5c0,0x61a220dc,0x5a694b77,0x1c161a12, - 0xe20aba93,0xc0e52aa0,0x3c43e022,0x121d171b, - 0x0e0b0d09,0xf2adc78b,0x2db9a8b6,0x14c8a91e, - 0x578519f1,0xaf4c0775,0xeebbdd99,0xa3fd607f, - 0xf79f2601,0x5cbcf572,0x44c53b66,0x5b347efb, - 0x8b762943,0xcbdcc623,0xb668fced,0xb863f1e4, - 0xd7cadc31,0x42108563,0x13402297,0x842011c6, - 0x857d244a,0xd2f83dbb,0xae1132f9,0xc76da129, - 0x1d4b2f9e,0xdcf330b2,0x0dec5286,0x77d0e3c1, - 0x2b6c16b3,0xa999b970,0x11fa4894,0x472264e9, - 0xa8c48cfc,0xa01a3ff0,0x56d82c7d,0x22ef9033, - 0x87c74e49,0xd9c1d138,0x8cfea2ca,0x98360bd4, - 0xa6cf81f5,0xa528de7a,0xda268eb7,0x3fa4bfad, - 0x2ce49d3a,0x500d9278,0x6a9bcc5f,0x5462467e, - 0xf6c2138d,0x90e8b8d8,0x2e5ef739,0x82f5afc3, - 0x9fbe805d,0x697c93d0,0x6fa92dd5,0xcfb31225, - 0xc83b99ac,0x10a77d18,0xe86e639c,0xdb7bbb3b, - 0xcd097826,0x6ef41859,0xec01b79a,0x83a89a4f, - 0xe6656e95,0xaa7ee6ff,0x2108cfbc,0xefe6e815, - 0xbad99be7,0x4ace366f,0xead4099f,0x29d67cb0, - 0x31afb2a4,0x2a31233f,0xc63094a5,0x35c066a2, - 0x7437bc4e,0xfca6ca82,0xe0b0d090,0x3315d8a7, - 0xf14a9804,0x41f7daec,0x7f0e50cd,0x172ff691, - 0x768dd64d,0x434db0ef,0xcc544daa,0xe4df0496, - 0x9ee3b5d1,0x4c1b886a,0xc1b81f2c,0x467f5165, - 0x9d04ea5e,0x015d358c,0xfa737487,0xfb2e410b, - 0xb35a1d67,0x9252d2db,0xe9335610,0x6d1347d6, - 0x9a8c61d7,0x377a0ca1,0x598e14f8,0xeb893c13, - 0xceee27a9,0xb735c961,0xe1ede51c,0x7a3cb147, - 0x9c59dfd2,0x553f73f2,0x1879ce14,0x73bf37c7, - 0x53eacdf7,0x5f5baafd,0xdf146f3d,0x7886db44, - 0xca81f3af,0xb93ec468,0x382c3424,0xc25f40a3, - 0x1672c31d,0xbc0c25e2,0x288b493c,0xff41950d, - 0x397101a8,0x08deb30c,0xd89ce4b4,0x6490c156, - 0x7b6184cb,0xd570b632,0x48745c6c,0xd04257b8, - }, -#endif /* !AES_SMALL */ - } - }; - void aes_decrypt(const struct aes_ctx *ctx, size_t length, uint8_t *dst, @@ -364,33 +58,3 @@ aes_decrypt(const struct aes_ctx *ctx, break; } } - -void -aes128_decrypt(const struct aes128_ctx *ctx, - size_t length, uint8_t *dst, - const uint8_t *src) -{ - assert(!(length % AES_BLOCK_SIZE) ); - _nettle_aes_decrypt(_AES128_ROUNDS, ctx->keys, &_aes_decrypt_table, - length, dst, src); -} - -void -aes192_decrypt(const struct aes192_ctx *ctx, - size_t length, uint8_t *dst, - const uint8_t *src) -{ - assert(!(length % AES_BLOCK_SIZE) ); - _nettle_aes_decrypt(_AES192_ROUNDS, ctx->keys, &_aes_decrypt_table, - length, dst, src); -} - -void -aes256_decrypt(const struct aes256_ctx *ctx, - size_t length, uint8_t *dst, - const uint8_t *src) -{ - assert(!(length % AES_BLOCK_SIZE) ); - _nettle_aes_decrypt(_AES256_ROUNDS, ctx->keys, &_aes_decrypt_table, - length, dst, src); -} Index: nettle-3.7.3/aes-encrypt.c =================================================================== --- nettle-3.7.3.orig/aes-encrypt.c +++ nettle-3.7.3/aes-encrypt.c @@ -35,7 +35,6 @@ # include "config.h" #endif -#include <assert.h> #include <stdlib.h> #include "aes-internal.h" @@ -62,33 +61,3 @@ aes_encrypt(const struct aes_ctx *ctx, break; } } - -void -aes128_encrypt(const struct aes128_ctx *ctx, - size_t length, uint8_t *dst, - const uint8_t *src) -{ - assert(!(length % AES_BLOCK_SIZE) ); - _nettle_aes_encrypt(_AES128_ROUNDS, ctx->keys, &_nettle_aes_encrypt_table, - length, dst, src); -} - -void -aes192_encrypt(const struct aes192_ctx *ctx, - size_t length, uint8_t *dst, - const uint8_t *src) -{ - assert(!(length % AES_BLOCK_SIZE) ); - _nettle_aes_encrypt(_AES192_ROUNDS, ctx->keys, &_nettle_aes_encrypt_table, - length, dst, src); -} - -void -aes256_encrypt(const struct aes256_ctx *ctx, - size_t length, uint8_t *dst, - const uint8_t *src) -{ - assert(!(length % AES_BLOCK_SIZE) ); - _nettle_aes_encrypt(_AES256_ROUNDS, ctx->keys, &_nettle_aes_encrypt_table, - length, dst, src); -} Index: nettle-3.7.3/aes-internal.h =================================================================== --- nettle-3.7.3.orig/aes-internal.h +++ nettle-3.7.3/aes-internal.h @@ -96,9 +96,8 @@ _nettle_aes_decrypt(unsigned rounds, con | ((uint32_t) T->sbox[ B2(w2) ] << 16) \ | ((uint32_t) T->sbox[ B3(w3) ] << 24)) ^ (k)) -/* Globally visible so that the same sbox table can be used by aes_set_encrypt_key */ - extern const struct aes_table _nettle_aes_encrypt_table; #define aes_sbox (_nettle_aes_encrypt_table.sbox) +extern const struct aes_table _nettle_aes_decrypt_table; #endif /* NETTLE_AES_INTERNAL_H_INCLUDED */ Index: nettle-3.7.3/aes128-decrypt.c =================================================================== --- /dev/null +++ nettle-3.7.3/aes128-decrypt.c @@ -0,0 +1,59 @@ +/* aes128-decrypt.c + + Decryption function for aes/rijndael block cipher. + + Copyright (C) 2002, 2013 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include <assert.h> + +#include "aes-internal.h" + +/* For fat builds */ +#if HAVE_NATIVE_aes128_decrypt +void +_nettle_aes128_decrypt_c(const struct aes128_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src); +# define nettle_aes128_decrypt _nettle_aes128_decrypt_c +#endif + +void +nettle_aes128_decrypt(const struct aes128_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src) +{ + assert(!(length % AES_BLOCK_SIZE) ); + _nettle_aes_decrypt(_AES128_ROUNDS, ctx->keys, &_nettle_aes_decrypt_table, + length, dst, src); +} Index: nettle-3.7.3/aes128-encrypt.c =================================================================== --- /dev/null +++ nettle-3.7.3/aes128-encrypt.c @@ -0,0 +1,59 @@ +/* aes128-encrypt.c + + Encryption function for the aes/rijndael block cipher. + + Copyright (C) 2002, 2013 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include <assert.h> + +#include "aes-internal.h" + +/* For fat builds */ +#if HAVE_NATIVE_aes128_encrypt +void +_nettle_aes128_encrypt_c(const struct aes128_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src); +# define nettle_aes128_encrypt _nettle_aes128_encrypt_c +#endif + +void +nettle_aes128_encrypt(const struct aes128_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src) +{ + assert(!(length % AES_BLOCK_SIZE) ); + _nettle_aes_encrypt(_AES128_ROUNDS, ctx->keys, &_nettle_aes_encrypt_table, + length, dst, src); +} Index: nettle-3.7.3/aes192-decrypt.c =================================================================== --- /dev/null +++ nettle-3.7.3/aes192-decrypt.c @@ -0,0 +1,59 @@ +/* aes192-decrypt.c + + Decryption function for aes/rijndael block cipher. + + Copyright (C) 2002, 2013 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include <assert.h> + +#include "aes-internal.h" + +/* For fat builds */ +#if HAVE_NATIVE_aes192_decrypt +void +_nettle_aes192_decrypt_c(const struct aes192_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src); +# define nettle_aes192_decrypt _nettle_aes192_decrypt_c +#endif + +void +nettle_aes192_decrypt(const struct aes192_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src) +{ + assert(!(length % AES_BLOCK_SIZE) ); + _nettle_aes_decrypt(_AES192_ROUNDS, ctx->keys, &_nettle_aes_decrypt_table, + length, dst, src); +} Index: nettle-3.7.3/aes192-encrypt.c =================================================================== --- /dev/null +++ nettle-3.7.3/aes192-encrypt.c @@ -0,0 +1,59 @@ +/* aes192-encrypt.c + + Encryption function for the aes/rijndael block cipher. + + Copyright (C) 2002, 2013 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include <assert.h> + +#include "aes-internal.h" + +/* For fat builds */ +#if HAVE_NATIVE_aes192_encrypt +void +_nettle_aes192_encrypt_c(const struct aes192_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src); +# define nettle_aes192_encrypt _nettle_aes192_encrypt_c +#endif + +void +nettle_aes192_encrypt(const struct aes192_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src) +{ + assert(!(length % AES_BLOCK_SIZE) ); + _nettle_aes_encrypt(_AES192_ROUNDS, ctx->keys, &_nettle_aes_encrypt_table, + length, dst, src); +} Index: nettle-3.7.3/aes256-decrypt.c =================================================================== --- /dev/null +++ nettle-3.7.3/aes256-decrypt.c @@ -0,0 +1,59 @@ +/* aes256-decrypt.c + + Decryption function for aes/rijndael block cipher. + + Copyright (C) 2002, 2013 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include <assert.h> + +#include "aes-internal.h" + +/* For fat builds */ +#if HAVE_NATIVE_aes256_decrypt +void +_nettle_aes256_decrypt_c(const struct aes256_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src); +# define nettle_aes256_decrypt _nettle_aes256_decrypt_c +#endif + +void +nettle_aes256_decrypt(const struct aes256_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src) +{ + assert(!(length % AES_BLOCK_SIZE) ); + _nettle_aes_decrypt(_AES256_ROUNDS, ctx->keys, &_nettle_aes_decrypt_table, + length, dst, src); +} Index: nettle-3.7.3/aes256-encrypt.c =================================================================== --- /dev/null +++ nettle-3.7.3/aes256-encrypt.c @@ -0,0 +1,59 @@ +/* aes256-encrypt.c + + Encryption function for the aes/rijndael block cipher. + + Copyright (C) 2002, 2013 Niels Möller + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include <assert.h> + +#include "aes-internal.h" + +/* For fat builds */ +#if HAVE_NATIVE_aes256_encrypt +void +_nettle_aes256_encrypt_c(const struct aes256_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src); +# define nettle_aes256_encrypt _nettle_aes256_encrypt_c +#endif + +void +nettle_aes256_encrypt(const struct aes256_ctx *ctx, + size_t length, uint8_t *dst, + const uint8_t *src) +{ + assert(!(length % AES_BLOCK_SIZE) ); + _nettle_aes_encrypt(_AES256_ROUNDS, ctx->keys, &_nettle_aes_encrypt_table, + length, dst, src); +} Index: nettle-3.7.3/s390x/machine.m4 =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/machine.m4 @@ -0,0 +1,38 @@ +C Register usage: +define(`RA', `%r14') C Return address +define(`SP', `%r15') C Stack pointer + +define(`STANDARD_STACK_FRAME',`160') + +C Dynamic stack space allocation +C AP is a general register to which the allocated space is assigned +C SPACE_LEN is the length of space, must be a multiple of 8 +C FREE_STACK macro can be used to free the allocated space +C ALLOC_STACK(AP, SPACE_LEN) +define(`ALLOC_STACK', +`lgr $1,SP + aghi SP,-(STANDARD_STACK_FRAME+$2) + stg $1,0(SP) + la $1,STANDARD_STACK_FRAME (SP)') + +C Free allocated stack space +C FREE_STACK(SPACE_LEN) +define(`FREE_STACK', +`aghi SP,STANDARD_STACK_FRAME+$1') + +C XOR contents of two areas in storage with specific length +C DST: The destination area of storage +C SRC: The source area of storage +C LEN: The length of storage area. LEN <= 256 +C TMP_ADDR: A temporary register that handles the XOR instrcution address +C All parameters are general registers and cannot be assigned to +C general register 0 +C XOR_LEN(DST, SRC, LEN, TMP_ADDR) +define(`XOR_LEN', +`larl $4,18f + aghi $3,-1 + jm 19f + ex $3,0($4) + j 19f +18: xc 0(1,$1),0($2) +19:') Index: nettle-3.7.3/s390x/msa_x1/aes128-decrypt.asm =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/msa_x1/aes128-decrypt.asm @@ -0,0 +1,60 @@ +C s390x/msa_x1/aes128-decrypt.asm + +ifelse(` + Copyright (C) 2020 Mamone Tarsha + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +C KM (CIPHER MESSAGE) is specefied in "z/Architecture Principles of Operation SA22-7832-12" as follows: +C A function specified by the function code in general register 0 is performed. +C General register 1 contains the logical address of the leftmost byte of the parameter block in storage. +C The second operand is ciphered as specified by the function code using a cryptographic +C key in the parameter block, and the result is placed in the first-operand location. + +C This implementation uses KM-AES-128 function. +C The parameter block used for the KM-AES-128 function has the following format: +C *----------------------------------------------* +C | Cryptographic Key (16 bytes) | +C *----------------------------------------------* + +.file "aes128-decrypt.asm" + +.text + +C void +C aes128_decrypt(const struct aes128_ctx *ctx, +C size_t length, uint8_t *dst, +C const uint8_t *src) + +PROLOGUE(nettle_aes128_decrypt) + lghi %r0,128|18 C KM function code (KM-AES-128), enable modifier bit to perform decryption operation + lgr %r1,%r2 C parameter block: byte offsets 0-15 Cryptographic Key + lgr %r2,%r5 +1: .long 0xb92e0042 C km %r4,%r2 + brc 1,1b C safely branch back in case of partial completion + br RA +EPILOGUE(nettle_aes128_decrypt) Index: nettle-3.7.3/s390x/msa_x1/aes128-encrypt.asm =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/msa_x1/aes128-encrypt.asm @@ -0,0 +1,60 @@ +C s390x/msa_x1/aes128-encrypt.asm + +ifelse(` + Copyright (C) 2020 Mamone Tarsha + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +C KM (CIPHER MESSAGE) is specefied in "z/Architecture Principles of Operation SA22-7832-12" as follows: +C A function specified by the function code in general register 0 is performed. +C General register 1 contains the logical address of the leftmost byte of the parameter block in storage. +C The second operand is ciphered as specified by the function code using a cryptographic +C key in the parameter block, and the result is placed in the first-operand location. + +C This implementation uses KM-AES-128 function. +C The parameter block used for the KM-AES-128 function has the following format: +C *----------------------------------------------* +C | Cryptographic Key (16 bytes) | +C *----------------------------------------------* + +.file "aes128-encrypt.asm" + +.text + +C void +C aes128_encrypt(const struct aes128_ctx *ctx, +C size_t length, uint8_t *dst, +C const uint8_t *src) + +PROLOGUE(nettle_aes128_encrypt) + lghi %r0,18 C KM function code (KM-AES-128) + lgr %r1,%r2 C parameter block: byte offsets 0-15 Cryptographic Key + lgr %r2,%r5 +1: .long 0xb92e0042 C km %r4,%r2 + brc 1,1b C safely branch back in case of partial completion + br RA +EPILOGUE(nettle_aes128_encrypt) Index: nettle-3.7.3/s390x/msa_x1/aes128-set-decrypt-key.asm =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/msa_x1/aes128-set-decrypt-key.asm @@ -0,0 +1,52 @@ +C s390x/msa_x1/aes128-set-decrypt-key.asm + +ifelse(` + Copyright (C) 2020 Mamone Tarsha + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +.file "aes128-set-decrypt-key.asm" + +.text + +C void +C aes128_invert_key(struct aes128_ctx *dst, const struct aes128_ctx *src) + +PROLOGUE(nettle_aes128_invert_key) + C AES cipher functions only need the raw cryptographic key so just copy it to AES context + mvc 0(16,%r2),0(%r3) C copy Cryptographic Key (16 bytes) + br RA +EPILOGUE(nettle_aes128_invert_key) + +C void +C aes128_set_decrypt_key(struct aes128_ctx *ctx, const uint8_t *key) + +PROLOGUE(nettle_aes128_set_decrypt_key) + C AES cipher functions only need the raw cryptographic key so just copy it to AES context + mvc 0(16,%r2),0(%r3) C copy Cryptographic Key (16 bytes) + br RA +EPILOGUE(nettle_aes128_set_decrypt_key) Index: nettle-3.7.3/s390x/msa_x1/aes128-set-encrypt-key.asm =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/msa_x1/aes128-set-encrypt-key.asm @@ -0,0 +1,43 @@ +C s390x/msa_x1/aes128-set-encrypt-key.asm + +ifelse(` + Copyright (C) 2020 Mamone Tarsha + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +.file "aes128-set-encrypt-key.asm" + +.text + +C void +C aes128_set_encrypt_key(struct aes128_ctx *ctx, const uint8_t *key) + +PROLOGUE(nettle_aes128_set_encrypt_key) + C AES cipher functions only need the raw cryptographic key so just copy it to AES context + mvc 0(16,%r2),0(%r3) C copy Cryptographic Key (16 bytes) + br RA +EPILOGUE(nettle_aes128_set_encrypt_key) Index: nettle-3.7.3/s390x/msa_x2/aes192-decrypt.asm =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/msa_x2/aes192-decrypt.asm @@ -0,0 +1,60 @@ +C s390x/msa_x2/aes192-decrypt.asm + +ifelse(` + Copyright (C) 2020 Mamone Tarsha + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +C KM (CIPHER MESSAGE) is specefied in "z/Architecture Principles of Operation SA22-7832-12" as follows: +C A function specified by the function code in general register 0 is performed. +C General register 1 contains the logical address of the leftmost byte of the parameter block in storage. +C The second operand is ciphered as specified by the function code using a cryptographic +C key in the parameter block, and the result is placed in the first-operand location. + +C This implementation uses KM-AES-192 function. +C The parameter block used for the KM-AES-192 function has the following format: +C *----------------------------------------------* +C | Cryptographic Key (24 bytes) | +C *----------------------------------------------* + +.file "aes192-decrypt.asm" + +.text + +C void +C aes192_decrypt(const struct aes192_ctx *ctx, +C size_t length, uint8_t *dst, +C const uint8_t *src) + +PROLOGUE(nettle_aes192_decrypt) + lghi %r0,128|19 C KM function code (KM-AES-192), enable modifier bit to perform decryption operation + lgr %r1,%r2 C parameter block: byte offsets 0-23 Cryptographic Key + lgr %r2,%r5 +1: .long 0xb92e0042 C km %r4,%r2 + brc 1,1b C safely branch back in case of partial completion + br RA +EPILOGUE(nettle_aes192_decrypt) Index: nettle-3.7.3/s390x/msa_x2/aes192-encrypt.asm =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/msa_x2/aes192-encrypt.asm @@ -0,0 +1,60 @@ +C s390x/msa_x2/aes192-encrypt.asm + +ifelse(` + Copyright (C) 2020 Mamone Tarsha + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +C KM (CIPHER MESSAGE) is specefied in "z/Architecture Principles of Operation SA22-7832-12" as follows: +C A function specified by the function code in general register 0 is performed. +C General register 1 contains the logical address of the leftmost byte of the parameter block in storage. +C The second operand is ciphered as specified by the function code using a cryptographic +C key in the parameter block, and the result is placed in the first-operand location. + +C This implementation uses KM-AES-192 function. +C The parameter block used for the KM-AES-192 function has the following format: +C *----------------------------------------------* +C | Cryptographic Key (24 bytes) | +C *----------------------------------------------* + +.file "aes192-encrypt.asm" + +.text + +C void +C aes192_encrypt(const struct aes192_ctx *ctx, +C size_t length, uint8_t *dst, +C const uint8_t *src) + +PROLOGUE(nettle_aes192_encrypt) + lghi %r0,19 C KM function code (KM-AES-192) + lgr %r1,%r2 C parameter block: byte offsets 0-23 Cryptographic Key + lgr %r2,%r5 +1: .long 0xb92e0042 C km %r4,%r2 + brc 1,1b C safely branch back in case of partial completion + br RA +EPILOGUE(nettle_aes192_encrypt) Index: nettle-3.7.3/s390x/msa_x2/aes192-set-decrypt-key.asm =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/msa_x2/aes192-set-decrypt-key.asm @@ -0,0 +1,52 @@ +C s390x/msa_x2/aes192-set-decrypt-key.asm + +ifelse(` + Copyright (C) 2020 Mamone Tarsha + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +.file "aes192-set-decrypt-key.asm" + +.text + +C void +C aes192_invert_key(struct aes192_ctx *dst, const struct aes192_ctx *src) + +PROLOGUE(nettle_aes192_invert_key) + C AES cipher functions only need the raw cryptographic key so just copy it to AES context + mvc 0(24,%r2),0(%r3) C copy Cryptographic Key (24 bytes) + br RA +EPILOGUE(nettle_aes192_invert_key) + +C void +C aes192_set_decrypt_key(struct aes192_ctx *ctx, const uint8_t *key) + +PROLOGUE(nettle_aes192_set_decrypt_key) + C AES cipher functions only need the raw cryptographic key so just copy it to AES context + mvc 0(24,%r2),0(%r3) C copy Cryptographic Key (24 bytes) + br RA +EPILOGUE(nettle_aes192_set_decrypt_key) Index: nettle-3.7.3/s390x/msa_x2/aes192-set-encrypt-key.asm =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/msa_x2/aes192-set-encrypt-key.asm @@ -0,0 +1,43 @@ +C s390x/msa_x2/aes192-set-encrypt-key.asm + +ifelse(` + Copyright (C) 2020 Mamone Tarsha + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +.file "aes192-set-encrypt-key.asm" + +.text + +C void +C aes192_set_encrypt_key(struct aes192_ctx *ctx, const uint8_t *key) + +PROLOGUE(nettle_aes192_set_encrypt_key) + C AES cipher functions only need the raw cryptographic key so just copy it to AES context + mvc 0(24,%r2),0(%r3) C copy Cryptographic Key (24 bytes) + br RA +EPILOGUE(nettle_aes192_set_encrypt_key) Index: nettle-3.7.3/s390x/msa_x2/aes256-decrypt.asm =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/msa_x2/aes256-decrypt.asm @@ -0,0 +1,60 @@ +C s390x/msa_x2/aes256-decrypt.asm + +ifelse(` + Copyright (C) 2020 Mamone Tarsha + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +C KM (CIPHER MESSAGE) is specefied in "z/Architecture Principles of Operation SA22-7832-12" as follows: +C A function specified by the function code in general register 0 is performed. +C General register 1 contains the logical address of the leftmost byte of the parameter block in storage. +C The second operand is ciphered as specified by the function code using a cryptographic +C key in the parameter block, and the result is placed in the first-operand location. + +C This implementation uses KM-AES-256 function. +C The parameter block used for the KM-AES-256 function has the following format: +C *----------------------------------------------* +C | Cryptographic Key (32 bytes) | +C *----------------------------------------------* + +.file "aes256-decrypt.asm" + +.text + +C void +C aes256_decrypt(const struct aes256_ctx *ctx, +C size_t length, uint8_t *dst, +C const uint8_t *src) + +PROLOGUE(nettle_aes256_decrypt) + lghi %r0,128|20 C KM function code (KM-AES-256), enable modifier bit to perform decryption operation + lgr %r1,%r2 C parameter block: byte offsets 0-31 Cryptographic Key + lgr %r2,%r5 +1: .long 0xb92e0042 C km %r4,%r2 + brc 1,1b C safely branch back in case of partial completion + br RA +EPILOGUE(nettle_aes256_decrypt) Index: nettle-3.7.3/s390x/msa_x2/aes256-encrypt.asm =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/msa_x2/aes256-encrypt.asm @@ -0,0 +1,60 @@ +C s390x/msa_x2/aes256-encrypt.asm + +ifelse(` + Copyright (C) 2020 Mamone Tarsha + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +C KM (CIPHER MESSAGE) is specefied in "z/Architecture Principles of Operation SA22-7832-12" as follows: +C A function specified by the function code in general register 0 is performed. +C General register 1 contains the logical address of the leftmost byte of the parameter block in storage. +C The second operand is ciphered as specified by the function code using a cryptographic +C key in the parameter block, and the result is placed in the first-operand location. + +C This implementation uses KM-AES-256 function. +C The parameter block used for the KM-AES-256 function has the following format: +C *----------------------------------------------* +C | Cryptographic Key (32 bytes) | +C *----------------------------------------------* + +.file "aes256-encrypt.asm" + +.text + +C void +C aes256_encrypt(const struct aes256_ctx *ctx, +C size_t length, uint8_t *dst, +C const uint8_t *src) + +PROLOGUE(nettle_aes256_encrypt) + lghi %r0,20 C KM function code (KM-AES-256) + lgr %r1,%r2 C parameter block: byte offsets 0-31 Cryptographic Key + lgr %r2,%r5 +1: .long 0xb92e0042 C km %r4,%r2 + brc 1,1b C safely branch back in case of partial completion + br RA +EPILOGUE(nettle_aes256_encrypt) Index: nettle-3.7.3/s390x/msa_x2/aes256-set-decrypt-key.asm =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/msa_x2/aes256-set-decrypt-key.asm @@ -0,0 +1,52 @@ +C s390x/msa_x2/aes256-set-decrypt-key.asm + +ifelse(` + Copyright (C) 2020 Mamone Tarsha + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +.file "aes256-set-decrypt-key.asm" + +.text + +C void +C aes256_invert_key(struct aes256_ctx *dst, const struct aes256_ctx *src) + +PROLOGUE(nettle_aes256_invert_key) + C AES cipher functions only need the raw cryptographic key so just copy it to AES context + mvc 0(32,%r2),0(%r3) C copy Cryptographic Key (32 bytes) + br RA +EPILOGUE(nettle_aes256_invert_key) + +C void +C aes256_set_decrypt_key(struct aes256_ctx *ctx, const uint8_t *key) + +PROLOGUE(nettle_aes256_set_decrypt_key) + C AES cipher functions only need the raw cryptographic key so just copy it to AES context + mvc 0(32,%r2),0(%r3) C copy Cryptographic Key (32 bytes) + br RA +EPILOGUE(nettle_aes256_set_decrypt_key) Index: nettle-3.7.3/s390x/msa_x2/aes256-set-encrypt-key.asm =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/msa_x2/aes256-set-encrypt-key.asm @@ -0,0 +1,43 @@ +C s390x/msa_x2/aes256-set-encrypt-key.asm + +ifelse(` + Copyright (C) 2020 Mamone Tarsha + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +.file "aes256-set-encrypt-key.asm" + +.text + +C void +C aes256_set_encrypt_key(struct aes256_ctx *ctx, const uint8_t *key) + +PROLOGUE(nettle_aes256_set_encrypt_key) + C AES cipher functions only need the raw cryptographic key so just copy it to AES context + mvc 0(32,%r2),0(%r3) C copy Cryptographic Key (32 bytes) + br RA +EPILOGUE(nettle_aes256_set_encrypt_key) Index: nettle-3.7.3/s390x/msa_x4/gcm-hash.asm =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/msa_x4/gcm-hash.asm @@ -0,0 +1,99 @@ +C s390x/msa_x4/gcm-hash.asm + +ifelse(` + Copyright (C) 2020 Mamone Tarsha + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +C KIMD (COMPUTE INTERMEDIATE MESSAGE DIGEST) is specefied in +C "z/Architecture Principles of Operation SA22-7832-12" as follows: +C A function specified by the function code in general register 0 is performed. +C General register 1 contains the logical address of the leftmost byte of the parameter block in storage. +C the second operand is processed as specified by the function code using an initial chaining value in +C the parameter block, and the result replaces the chaining value. + +C This implementation uses KIMD-GHASH function. +C The parameter block used for the KIMD-GHASH function has the following format: +C *----------------------------------------------* +C | Initial Chaining Value (16 bytes) | +C |----------------------------------------------| +C | Hash Subkey (16 bytes) | +C *----------------------------------------------* + +C Size of parameter block +define(`PB_SIZE', `32') + +C gcm_set_key() assigns H value in the middle element of the table +define(`H_idx', `128*16') + +.file "gcm-hash.asm" + +.text + +C void gcm_init_key (union gcm_block *table) + +PROLOGUE(_nettle_gcm_init_key) + C Except for Hash Subkey (H), KIMD-GHASH does not need any pre-computed values so just return to the caller. + br RA +EPILOGUE(_nettle_gcm_init_key) + +C void gcm_hash (const struct gcm_key *key, union gcm_block *x, +C size_t length, const uint8_t *data) + +PROLOGUE(_nettle_gcm_hash) + ldgr %f0,%r6 C load non-volatile general register 6 into volatile float-point register 0 + C --- allocate a stack space for parameter block in addition to 16-byte buffer to handle leftover bytes --- + ALLOC_STACK(%r1,PB_SIZE+16) C parameter block (must be general register 1) + lgr %r6,%r3 + mvc 0(16,%r1),0(%r3) C copy x Initial Chaining Value field + mvc 16(16,%r1),H_idx (%r2) C copy H to Hash Subkey field + lghi %r0,65 C GHASH function code (must be general register 0) + lgr %r2,%r5 C location of leftmost byte of data (must not be odd-numbered general register nor be general register 0) + C number of bytes (must be general register of data + 1). length must be a multiple of the data block size (16). + risbg %r3,%r4,0,187,0 C Insert bit offsets 0-59, bit offset 0 of the fourth operand is set to clear the remaining bits. +1: .long 0xb93e0002 C kimd %r0,%r2 + brc 1,1b C safely branch back in case of partial completion + C --- handle leftovers --- + risbg %r5,%r4,60,191,0 C Insert bit offsets 60-63 and clear the remaining bits. + jz 4f + lgr %r4,%r2 + C --- copy the leftovers to allocated stack buffer and pad the remaining bytes with zero --- + la %r2,PB_SIZE (%r1) + lghi %r3,16 +2: mvcle %r2,%r4,0 + brc 1,2b + aghi %r2,-16 + aghi %r3,16 +3: .long 0xb93e0002 C kimd %r0,%r2 + brc 1,3b C safely branch back in case of partial completion +4: + mvc 0(16,%r6),0(%r1) C store x + xc 0(PB_SIZE+16,%r1),0(%r1) C wipe parameter block content and leftover bytes of data from stack + FREE_STACK(PB_SIZE+16) + lgdr %r6,%f0 C restore general register 6 + br RA +EPILOGUE(_nettle_gcm_hash) Index: nettle-3.7.3/aes128-set-decrypt-key.c =================================================================== --- nettle-3.7.3.orig/aes128-set-decrypt-key.c +++ nettle-3.7.3/aes128-set-decrypt-key.c @@ -40,14 +40,28 @@ #include "aes-internal.h" #include "macros.h" +/* For fat builds */ +#if HAVE_NATIVE_aes128_invert_key void -aes128_invert_key (struct aes128_ctx *dst, const struct aes128_ctx *src) +_nettle_aes128_invert_key_c(struct aes128_ctx *dst, + const struct aes128_ctx *src); +# define nettle_aes128_invert_key _nettle_aes128_invert_key_c +#endif + +#if HAVE_NATIVE_aes128_set_decrypt_key +void +_nettle_aes128_set_decrypt_key_c(struct aes128_ctx *ctx, const uint8_t *key); +# define nettle_aes128_set_decrypt_key _nettle_aes128_set_decrypt_key_c +#endif + +void +nettle_aes128_invert_key (struct aes128_ctx *dst, const struct aes128_ctx *src) { _nettle_aes_invert (_AES128_ROUNDS, dst->keys, src->keys); } void -aes128_set_decrypt_key(struct aes128_ctx *ctx, const uint8_t *key) +nettle_aes128_set_decrypt_key(struct aes128_ctx *ctx, const uint8_t *key) { aes128_set_encrypt_key (ctx, key); aes128_invert_key (ctx, ctx); Index: nettle-3.7.3/aes128-set-encrypt-key.c =================================================================== --- nettle-3.7.3.orig/aes128-set-encrypt-key.c +++ nettle-3.7.3/aes128-set-encrypt-key.c @@ -37,8 +37,15 @@ #include "aes-internal.h" +/* For fat builds */ +#if HAVE_NATIVE_aes128_set_encrypt_key void -aes128_set_encrypt_key(struct aes128_ctx *ctx, const uint8_t *key) +_nettle_aes128_set_encrypt_key_c(struct aes128_ctx *ctx, const uint8_t *key); +# define nettle_aes128_set_encrypt_key _nettle_aes128_set_encrypt_key_c +#endif + +void +nettle_aes128_set_encrypt_key(struct aes128_ctx *ctx, const uint8_t *key) { _nettle_aes_set_key (_AES128_ROUNDS, AES128_KEY_SIZE / 4, ctx->keys, key); } Index: nettle-3.7.3/aes192-set-decrypt-key.c =================================================================== --- nettle-3.7.3.orig/aes192-set-decrypt-key.c +++ nettle-3.7.3/aes192-set-decrypt-key.c @@ -38,14 +38,28 @@ #include "aes-internal.h" #include "macros.h" +/* For fat builds */ +#if HAVE_NATIVE_aes192_invert_key void -aes192_invert_key (struct aes192_ctx *dst, const struct aes192_ctx *src) +_nettle_aes192_invert_key_c(struct aes192_ctx *dst, + const struct aes192_ctx *src); +# define nettle_aes192_invert_key _nettle_aes192_invert_key_c +#endif + +#if HAVE_NATIVE_aes192_set_decrypt_key +void +_nettle_aes192_set_decrypt_key_c(struct aes192_ctx *ctx, const uint8_t *key); +# define nettle_aes192_set_decrypt_key _nettle_aes192_set_decrypt_key_c +#endif + +void +nettle_aes192_invert_key (struct aes192_ctx *dst, const struct aes192_ctx *src) { _nettle_aes_invert (_AES192_ROUNDS, dst->keys, src->keys); } void -aes192_set_decrypt_key(struct aes192_ctx *ctx, const uint8_t *key) +nettle_aes192_set_decrypt_key(struct aes192_ctx *ctx, const uint8_t *key) { aes192_set_encrypt_key (ctx, key); aes192_invert_key (ctx, ctx); Index: nettle-3.7.3/aes192-set-encrypt-key.c =================================================================== --- nettle-3.7.3.orig/aes192-set-encrypt-key.c +++ nettle-3.7.3/aes192-set-encrypt-key.c @@ -37,8 +37,15 @@ #include "aes-internal.h" +/* For fat builds */ +#if HAVE_NATIVE_aes192_set_encrypt_key void -aes192_set_encrypt_key(struct aes192_ctx *ctx, const uint8_t *key) +_nettle_aes192_set_encrypt_key_c(struct aes192_ctx *ctx, const uint8_t *key); +# define nettle_aes192_set_encrypt_key _nettle_aes192_set_encrypt_key_c +#endif + +void +nettle_aes192_set_encrypt_key(struct aes192_ctx *ctx, const uint8_t *key) { _nettle_aes_set_key (_AES192_ROUNDS, AES192_KEY_SIZE / 4, ctx->keys, key); } Index: nettle-3.7.3/aes256-set-decrypt-key.c =================================================================== --- nettle-3.7.3.orig/aes256-set-decrypt-key.c +++ nettle-3.7.3/aes256-set-decrypt-key.c @@ -38,14 +38,28 @@ #include "aes-internal.h" #include "macros.h" +/* For fat builds */ +#if HAVE_NATIVE_aes256_invert_key void -aes256_invert_key (struct aes256_ctx *dst, const struct aes256_ctx *src) +_nettle_aes256_invert_key_c(struct aes256_ctx *dst, + const struct aes256_ctx *src); +# define nettle_aes256_invert_key _nettle_aes256_invert_key_c +#endif + +#if HAVE_NATIVE_aes256_set_decrypt_key +void +_nettle_aes256_set_decrypt_key_c(struct aes256_ctx *ctx, const uint8_t *key); +# define nettle_aes256_set_decrypt_key _nettle_aes256_set_decrypt_key_c +#endif + +void +nettle_aes256_invert_key (struct aes256_ctx *dst, const struct aes256_ctx *src) { _nettle_aes_invert (_AES256_ROUNDS, dst->keys, src->keys); } void -aes256_set_decrypt_key(struct aes256_ctx *ctx, const uint8_t *key) +nettle_aes256_set_decrypt_key(struct aes256_ctx *ctx, const uint8_t *key) { aes256_set_encrypt_key (ctx, key); aes256_invert_key (ctx, ctx); Index: nettle-3.7.3/aes256-set-encrypt-key.c =================================================================== --- nettle-3.7.3.orig/aes256-set-encrypt-key.c +++ nettle-3.7.3/aes256-set-encrypt-key.c @@ -37,8 +37,15 @@ #include "aes-internal.h" +/* For fat builds */ +#if HAVE_NATIVE_aes256_set_encrypt_key void -aes256_set_encrypt_key(struct aes256_ctx *ctx, const uint8_t *key) +_nettle_aes256_set_encrypt_key_c(struct aes256_ctx *ctx, const uint8_t *key); +# define nettle_aes256_set_encrypt_key _nettle_aes256_set_encrypt_key_c +#endif + +void +nettle_aes256_set_encrypt_key(struct aes256_ctx *ctx, const uint8_t *key) { _nettle_aes_set_key (_AES256_ROUNDS, AES256_KEY_SIZE / 4, ctx->keys, key); } Index: nettle-3.7.3/fat-s390x.c =================================================================== --- /dev/null +++ nettle-3.7.3/fat-s390x.c @@ -0,0 +1,485 @@ +/* fat-s390x.c + + Copyright (C) 2020 Mamone Tarsha + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#define _GNU_SOURCE + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include <assert.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#if defined(__GLIBC__) && defined(__GLIBC_PREREQ) +# if __GLIBC_PREREQ(2, 16) +# define USE_GETAUXVAL 1 +# include <sys/auxv.h> +# endif +#endif + +#include "nettle-types.h" + +#include "memxor.h" +#include "aes.h" +#include "gcm.h" +#include "gcm-internal.h" +#include "fat-setup.h" + +/* Max number of doublewords returned by STFLE */ +#define FACILITY_DOUBLEWORDS_MAX 3 +#define FACILITY_INDEX(bit) ((bit) / 64) +/* STFLE and cipher query store doublewords as bit-reversed. + reverse facility bit or function code in doubleword */ +#define FACILITY_BIT(bit) (1ULL << (63 - (bit) % 64)) + +/* Define from arch/s390/include/asm/elf.h in Linux kernel */ +#ifndef HWCAP_S390_STFLE +#define HWCAP_S390_STFLE 4 +#endif + +/* Facility bits */ +#define FAC_VF 129 /* vector facility */ +#define FAC_MSA 17 /* message-security assist */ +#define FAC_MSA_X4 77 /* message-security-assist extension 4 */ + +/* Function codes */ +#define AES_128_CODE 18 +#define AES_192_CODE 19 +#define AES_256_CODE 20 +#define SHA_1_CODE 1 +#define SHA_256_CODE 2 +#define SHA_512_CODE 3 +#define GHASH_CODE 65 + +struct s390x_features +{ + int have_vector_facility; + int have_km_aes128; + int have_km_aes192; + int have_km_aes256; + int have_kimd_sha_1; + int have_kimd_sha_256; + int have_kimd_sha_512; + int have_kimd_ghash; +}; + +void _nettle_stfle(uint64_t *facility, uint64_t facility_size); +void _nettle_km_status(uint64_t *status); +void _nettle_kimd_status(uint64_t *status); + +#define MATCH(s, slen, literal, llen) \ + ((slen) == (llen) && memcmp ((s), (literal), llen) == 0) + +static void +get_s390x_features (struct s390x_features *features) +{ + features->have_vector_facility = 0; + features->have_km_aes128 = 0; + features->have_km_aes192 = 0; + features->have_km_aes256 = 0; + features->have_kimd_sha_1 = 0; + features->have_kimd_sha_256 = 0; + features->have_kimd_sha_512 = 0; + features->have_kimd_ghash = 0; + + const char *s = secure_getenv (ENV_OVERRIDE); + if (s) + for (;;) + { + const char *sep = strchr (s, ','); + size_t length = sep ? (size_t) (sep - s) : strlen(s); + + if (MATCH (s, length, "vf", 2)) + features->have_vector_facility = 1; + else if (MATCH (s, length, "msa", 3)) + features->have_kimd_sha_1 = 1; + else if (MATCH (s, length, "msa_x1", 6)) + { + features->have_km_aes128 = 1; + features->have_kimd_sha_256 = 1; + } + else if (MATCH (s, length, "msa_x2", 6)) + { + features->have_km_aes192 = 1; + features->have_km_aes256 = 1; + features->have_kimd_sha_512 = 1; + } + else if (MATCH (s, length, "msa_x4", 6)) + features->have_kimd_ghash = 1; + if (!sep) + break; + s = sep + 1; + } + else + { +#if USE_GETAUXVAL + unsigned long hwcap = getauxval(AT_HWCAP); + if (hwcap & HWCAP_S390_STFLE) + { + uint64_t facilities[FACILITY_DOUBLEWORDS_MAX] = {0}; + _nettle_stfle(facilities, FACILITY_DOUBLEWORDS_MAX); + + if (facilities[FACILITY_INDEX(FAC_VF)] & FACILITY_BIT(FAC_VF)) + features->have_vector_facility = 1; + + if (facilities[FACILITY_INDEX(FAC_MSA)] & FACILITY_BIT(FAC_MSA)) + { + uint64_t query_status[2] = {0}; + _nettle_km_status(query_status); + if (query_status[FACILITY_INDEX(AES_128_CODE)] & FACILITY_BIT(AES_128_CODE)) + features->have_km_aes128 = 1; + if (query_status[FACILITY_INDEX(AES_192_CODE)] & FACILITY_BIT(AES_192_CODE)) + features->have_km_aes192 = 1; + if (query_status[FACILITY_INDEX(AES_256_CODE)] & FACILITY_BIT(AES_256_CODE)) + features->have_km_aes256 = 1; + + memset(query_status, 0, sizeof(query_status)); + _nettle_kimd_status(query_status); + if (query_status[FACILITY_INDEX(SHA_1_CODE)] & FACILITY_BIT(SHA_1_CODE)) + features->have_kimd_sha_1 = 1; + if (query_status[FACILITY_INDEX(SHA_256_CODE)] & FACILITY_BIT(SHA_256_CODE)) + features->have_kimd_sha_256 = 1; + if (query_status[FACILITY_INDEX(SHA_512_CODE)] & FACILITY_BIT(SHA_512_CODE)) + features->have_kimd_sha_512 = 1; + } + + if (facilities[FACILITY_INDEX(FAC_MSA_X4)] & FACILITY_BIT(FAC_MSA_X4)) + { + uint64_t query_status[2] = {0}; + _nettle_kimd_status(query_status); + if (query_status[FACILITY_INDEX(GHASH_CODE)] & FACILITY_BIT(GHASH_CODE)) + features->have_kimd_ghash = 1; + } + } +#endif + } +} + +/* MEMXOR3 */ +DECLARE_FAT_FUNC(nettle_memxor3, memxor3_func) +DECLARE_FAT_FUNC_VAR(memxor3, memxor3_func, c) +DECLARE_FAT_FUNC_VAR(memxor3, memxor3_func, s390x) + +/* AES128 */ +DECLARE_FAT_FUNC(nettle_aes128_set_encrypt_key, aes128_set_key_func) +DECLARE_FAT_FUNC_VAR(aes128_set_encrypt_key, aes128_set_key_func, c) +DECLARE_FAT_FUNC_VAR(aes128_set_encrypt_key, aes128_set_key_func, s390x) +DECLARE_FAT_FUNC(nettle_aes128_set_decrypt_key, aes128_set_key_func) +DECLARE_FAT_FUNC_VAR(aes128_set_decrypt_key, aes128_set_key_func, c) +DECLARE_FAT_FUNC_VAR(aes128_set_decrypt_key, aes128_set_key_func, s390x) +DECLARE_FAT_FUNC(nettle_aes128_invert_key, aes128_invert_key_func) +DECLARE_FAT_FUNC_VAR(aes128_invert_key, aes128_invert_key_func, c) +DECLARE_FAT_FUNC_VAR(aes128_invert_key, aes128_invert_key_func, s390x) +DECLARE_FAT_FUNC(nettle_aes128_encrypt, aes128_crypt_func) +DECLARE_FAT_FUNC_VAR(aes128_encrypt, aes128_crypt_func, c) +DECLARE_FAT_FUNC_VAR(aes128_encrypt, aes128_crypt_func, s390x) +DECLARE_FAT_FUNC(nettle_aes128_decrypt, aes128_crypt_func) +DECLARE_FAT_FUNC_VAR(aes128_decrypt, aes128_crypt_func, c) +DECLARE_FAT_FUNC_VAR(aes128_decrypt, aes128_crypt_func, s390x) + +/* AES192 */ +DECLARE_FAT_FUNC(nettle_aes192_set_encrypt_key, aes192_set_key_func) +DECLARE_FAT_FUNC_VAR(aes192_set_encrypt_key, aes192_set_key_func, c) +DECLARE_FAT_FUNC_VAR(aes192_set_encrypt_key, aes192_set_key_func, s390x) +DECLARE_FAT_FUNC(nettle_aes192_set_decrypt_key, aes192_set_key_func) +DECLARE_FAT_FUNC_VAR(aes192_set_decrypt_key, aes192_set_key_func, c) +DECLARE_FAT_FUNC_VAR(aes192_set_decrypt_key, aes192_set_key_func, s390x) +DECLARE_FAT_FUNC(nettle_aes192_invert_key, aes192_invert_key_func) +DECLARE_FAT_FUNC_VAR(aes192_invert_key, aes192_invert_key_func, c) +DECLARE_FAT_FUNC_VAR(aes192_invert_key, aes192_invert_key_func, s390x) +DECLARE_FAT_FUNC(nettle_aes192_encrypt, aes192_crypt_func) +DECLARE_FAT_FUNC_VAR(aes192_encrypt, aes192_crypt_func, c) +DECLARE_FAT_FUNC_VAR(aes192_encrypt, aes192_crypt_func, s390x) +DECLARE_FAT_FUNC(nettle_aes192_decrypt, aes192_crypt_func) +DECLARE_FAT_FUNC_VAR(aes192_decrypt, aes192_crypt_func, c) +DECLARE_FAT_FUNC_VAR(aes192_decrypt, aes192_crypt_func, s390x) + +/* AES256 */ +DECLARE_FAT_FUNC(nettle_aes256_set_encrypt_key, aes256_set_key_func) +DECLARE_FAT_FUNC_VAR(aes256_set_encrypt_key, aes256_set_key_func, c) +DECLARE_FAT_FUNC_VAR(aes256_set_encrypt_key, aes256_set_key_func, s390x) +DECLARE_FAT_FUNC(nettle_aes256_set_decrypt_key, aes256_set_key_func) +DECLARE_FAT_FUNC_VAR(aes256_set_decrypt_key, aes256_set_key_func, c) +DECLARE_FAT_FUNC_VAR(aes256_set_decrypt_key, aes256_set_key_func, s390x) +DECLARE_FAT_FUNC(nettle_aes256_invert_key, aes256_invert_key_func) +DECLARE_FAT_FUNC_VAR(aes256_invert_key, aes256_invert_key_func, c) +DECLARE_FAT_FUNC_VAR(aes256_invert_key, aes256_invert_key_func, s390x) +DECLARE_FAT_FUNC(nettle_aes256_encrypt, aes256_crypt_func) +DECLARE_FAT_FUNC_VAR(aes256_encrypt, aes256_crypt_func, c) +DECLARE_FAT_FUNC_VAR(aes256_encrypt, aes256_crypt_func, s390x) +DECLARE_FAT_FUNC(nettle_aes256_decrypt, aes256_crypt_func) +DECLARE_FAT_FUNC_VAR(aes256_decrypt, aes256_crypt_func, c) +DECLARE_FAT_FUNC_VAR(aes256_decrypt, aes256_crypt_func, s390x) + +/* GHASH */ +#if GCM_TABLE_BITS == 8 +DECLARE_FAT_FUNC(_nettle_gcm_init_key, gcm_init_key_func) +DECLARE_FAT_FUNC_VAR(gcm_init_key, gcm_init_key_func, c) +DECLARE_FAT_FUNC_VAR(gcm_init_key, gcm_init_key_func, s390x) + +DECLARE_FAT_FUNC(_nettle_gcm_hash, gcm_hash_func) +DECLARE_FAT_FUNC_VAR(gcm_hash, gcm_hash_func, c) +DECLARE_FAT_FUNC_VAR(gcm_hash, gcm_hash_func, s390x) +#endif /* GCM_TABLE_BITS == 8 */ + +DECLARE_FAT_FUNC(nettle_sha1_compress, sha1_compress_func) +DECLARE_FAT_FUNC_VAR(sha1_compress, sha1_compress_func, c) +DECLARE_FAT_FUNC_VAR(sha1_compress, sha1_compress_func, s390x) + +DECLARE_FAT_FUNC(_nettle_sha256_compress, sha256_compress_func) +DECLARE_FAT_FUNC_VAR(sha256_compress, sha256_compress_func, c) +DECLARE_FAT_FUNC_VAR(sha256_compress, sha256_compress_func, s390x) + +DECLARE_FAT_FUNC(_nettle_sha512_compress, sha512_compress_func) +DECLARE_FAT_FUNC_VAR(sha512_compress, sha512_compress_func, c) +DECLARE_FAT_FUNC_VAR(sha512_compress, sha512_compress_func, s390x) + +static void CONSTRUCTOR +fat_init (void) +{ + struct s390x_features features; + int verbose; + + get_s390x_features (&features); + verbose = getenv (ENV_VERBOSE) != NULL; + + /* MEMXOR3 */ + if (features.have_vector_facility) + { + if (verbose) + fprintf (stderr, "libnettle: enabling vectorized memxor3.\n"); + nettle_memxor3_vec = _nettle_memxor3_s390x; + } + else + { + nettle_memxor3_vec = _nettle_memxor3_c; + } + + /* AES128 */ + if (features.have_km_aes128) + { + if (verbose) + fprintf (stderr, "libnettle: enabling hardware accelerated AES128 EBC mode.\n"); + nettle_aes128_set_encrypt_key_vec = _nettle_aes128_set_encrypt_key_s390x; + nettle_aes128_set_decrypt_key_vec = _nettle_aes128_set_decrypt_key_s390x; + nettle_aes128_invert_key_vec = _nettle_aes128_invert_key_s390x; + nettle_aes128_encrypt_vec = _nettle_aes128_encrypt_s390x; + nettle_aes128_decrypt_vec = _nettle_aes128_decrypt_s390x; + } + else + { + nettle_aes128_set_encrypt_key_vec = _nettle_aes128_set_encrypt_key_c; + nettle_aes128_set_decrypt_key_vec = _nettle_aes128_set_decrypt_key_c; + nettle_aes128_invert_key_vec = _nettle_aes128_invert_key_c; + nettle_aes128_encrypt_vec = _nettle_aes128_encrypt_c; + nettle_aes128_decrypt_vec = _nettle_aes128_decrypt_c; + } + + /* AES192 */ + if (features.have_km_aes192) + { + if (verbose) + fprintf (stderr, "libnettle: enabling hardware accelerated AES192 EBC mode.\n"); + nettle_aes192_set_encrypt_key_vec = _nettle_aes192_set_encrypt_key_s390x; + nettle_aes192_set_decrypt_key_vec = _nettle_aes192_set_decrypt_key_s390x; + nettle_aes192_invert_key_vec = _nettle_aes192_invert_key_s390x; + nettle_aes192_encrypt_vec = _nettle_aes192_encrypt_s390x; + nettle_aes192_decrypt_vec = _nettle_aes192_decrypt_s390x; + } + else + { + nettle_aes192_set_encrypt_key_vec = _nettle_aes192_set_encrypt_key_c; + nettle_aes192_set_decrypt_key_vec = _nettle_aes192_set_decrypt_key_c; + nettle_aes192_invert_key_vec = _nettle_aes192_invert_key_c; + nettle_aes192_encrypt_vec = _nettle_aes192_encrypt_c; + nettle_aes192_decrypt_vec = _nettle_aes192_decrypt_c; + } + + /* AES256 */ + if (features.have_km_aes256) + { + if (verbose) + fprintf (stderr, "libnettle: enabling hardware accelerated AES256 EBC mode.\n"); + nettle_aes256_set_encrypt_key_vec = _nettle_aes256_set_encrypt_key_s390x; + nettle_aes256_set_decrypt_key_vec = _nettle_aes256_set_decrypt_key_s390x; + nettle_aes256_invert_key_vec = _nettle_aes256_invert_key_s390x; + nettle_aes256_encrypt_vec = _nettle_aes256_encrypt_s390x; + nettle_aes256_decrypt_vec = _nettle_aes256_decrypt_s390x; + } + else + { + nettle_aes256_set_encrypt_key_vec = _nettle_aes256_set_encrypt_key_c; + nettle_aes256_set_decrypt_key_vec = _nettle_aes256_set_decrypt_key_c; + nettle_aes256_invert_key_vec = _nettle_aes256_invert_key_c; + nettle_aes256_encrypt_vec = _nettle_aes256_encrypt_c; + nettle_aes256_decrypt_vec = _nettle_aes256_decrypt_c; + } + + /* GHASH */ + if (features.have_kimd_ghash) + { + if (verbose) + fprintf (stderr, "libnettle: enabling hardware accelerated GHASH.\n"); + _nettle_gcm_init_key_vec = _nettle_gcm_init_key_s390x; + _nettle_gcm_hash_vec = _nettle_gcm_hash_s390x; + } + else + { + _nettle_gcm_init_key_vec = _nettle_gcm_init_key_c; + _nettle_gcm_hash_vec = _nettle_gcm_hash_c; + } + + /* SHA1 */ + if (features.have_kimd_sha_1) + { + if (verbose) + fprintf (stderr, "libnettle: enabling hardware accelerated SHA1 compress code.\n"); + nettle_sha1_compress_vec = _nettle_sha1_compress_s390x; + } + else + { + nettle_sha1_compress_vec = _nettle_sha1_compress_c; + } + + /* SHA256 */ + if (features.have_kimd_sha_256) + { + if (verbose) + fprintf (stderr, "libnettle: enabling hardware accelerated SHA256 compress code.\n"); + _nettle_sha256_compress_vec = _nettle_sha256_compress_s390x; + } + else + { + _nettle_sha256_compress_vec = _nettle_sha256_compress_c; + } + + /* SHA512 */ + if (features.have_kimd_sha_512) + { + if (verbose) + fprintf (stderr, "libnettle: enabling hardware accelerated SHA512 compress code.\n"); + _nettle_sha512_compress_vec = _nettle_sha512_compress_s390x; + } + else + { + _nettle_sha512_compress_vec = _nettle_sha512_compress_c; + } +} + +/* MEMXOR3 */ +DEFINE_FAT_FUNC(nettle_memxor3, void *, + (void *dst_in, const void *a_in, const void *b_in, size_t n), + (dst_in, a_in, b_in, n)) + +/* AES128 */ +DEFINE_FAT_FUNC(nettle_aes128_set_encrypt_key, void, + (struct aes128_ctx *ctx, const uint8_t *key), + (ctx, key)) +DEFINE_FAT_FUNC(nettle_aes128_set_decrypt_key, void, + (struct aes128_ctx *ctx, const uint8_t *key), + (ctx, key)) +DEFINE_FAT_FUNC(nettle_aes128_invert_key, void, + (struct aes128_ctx *dst, const struct aes128_ctx *src), + (dst, src)) +DEFINE_FAT_FUNC(nettle_aes128_encrypt, void, + (const struct aes128_ctx *ctx, size_t length, + uint8_t *dst,const uint8_t *src), + (ctx, length, dst, src)) +DEFINE_FAT_FUNC(nettle_aes128_decrypt, void, + (const struct aes128_ctx *ctx, size_t length, + uint8_t *dst,const uint8_t *src), + (ctx, length, dst, src)) + +/* AES192 */ +DEFINE_FAT_FUNC(nettle_aes192_set_encrypt_key, void, + (struct aes192_ctx *ctx, const uint8_t *key), + (ctx, key)) +DEFINE_FAT_FUNC(nettle_aes192_set_decrypt_key, void, + (struct aes192_ctx *ctx, const uint8_t *key), + (ctx, key)) +DEFINE_FAT_FUNC(nettle_aes192_invert_key, void, + (struct aes192_ctx *dst, const struct aes192_ctx *src), + (dst, src)) +DEFINE_FAT_FUNC(nettle_aes192_encrypt, void, + (const struct aes192_ctx *ctx, size_t length, + uint8_t *dst,const uint8_t *src), + (ctx, length, dst, src)) +DEFINE_FAT_FUNC(nettle_aes192_decrypt, void, + (const struct aes192_ctx *ctx, size_t length, + uint8_t *dst,const uint8_t *src), + (ctx, length, dst, src)) + +/* AES256 */ +DEFINE_FAT_FUNC(nettle_aes256_set_encrypt_key, void, + (struct aes256_ctx *ctx, const uint8_t *key), + (ctx, key)) +DEFINE_FAT_FUNC(nettle_aes256_set_decrypt_key, void, + (struct aes256_ctx *ctx, const uint8_t *key), + (ctx, key)) +DEFINE_FAT_FUNC(nettle_aes256_invert_key, void, + (struct aes256_ctx *dst, const struct aes256_ctx *src), + (dst, src)) +DEFINE_FAT_FUNC(nettle_aes256_encrypt, void, + (const struct aes256_ctx *ctx, size_t length, + uint8_t *dst,const uint8_t *src), + (ctx, length, dst, src)) +DEFINE_FAT_FUNC(nettle_aes256_decrypt, void, + (const struct aes256_ctx *ctx, size_t length, + uint8_t *dst,const uint8_t *src), + (ctx, length, dst, src)) + +/* GHASH */ +#if GCM_TABLE_BITS == 8 +DEFINE_FAT_FUNC(_nettle_gcm_init_key, void, + (union nettle_block16 *table), + (table)) +DEFINE_FAT_FUNC(_nettle_gcm_hash, void, + (const struct gcm_key *key, union nettle_block16 *x, + size_t length, const uint8_t *data), + (key, x, length, data)) +#endif /* GCM_TABLE_BITS == 8 */ + +/* SHA1 */ +DEFINE_FAT_FUNC(nettle_sha1_compress, void, + (uint32_t *state, const uint8_t *input), + (state, input)) + +/* SHA256 */ +DEFINE_FAT_FUNC(_nettle_sha256_compress, void, + (uint32_t *state, const uint8_t *input, const uint32_t *k), + (state, input, k)) + +/* SHA512 */ +DEFINE_FAT_FUNC(_nettle_sha512_compress, void, + (uint64_t *state, const uint8_t *input, const uint64_t *k), + (state, input, k)) Index: nettle-3.7.3/fat-setup.h =================================================================== --- nettle-3.7.3.orig/fat-setup.h +++ nettle-3.7.3/fat-setup.h @@ -157,6 +157,7 @@ struct salsa20_ctx; typedef void void_func (void); +struct aes_table; typedef void aes_crypt_internal_func (unsigned rounds, const uint32_t *keys, const struct aes_table *T, size_t length, uint8_t *dst, @@ -169,6 +170,7 @@ typedef void gcm_hash_func (const struct size_t length, const uint8_t *data); typedef void *(memxor_func)(void *dst, const void *src, size_t n); +typedef void *(memxor3_func)(void *dst_in, const void *a_in, const void *b_in, size_t n); typedef void salsa20_core_func (uint32_t *dst, const uint32_t *src, unsigned rounds); typedef void salsa20_crypt_func (struct salsa20_ctx *ctx, unsigned rounds, @@ -193,3 +195,21 @@ typedef void chacha_crypt_func(struct ch size_t length, uint8_t *dst, const uint8_t *src); + +struct aes128_ctx; +typedef void aes128_set_key_func (struct aes128_ctx *ctx, const uint8_t *key); +typedef void aes128_invert_key_func (struct aes128_ctx *dst, const struct aes128_ctx *src); +typedef void aes128_crypt_func (const struct aes128_ctx *ctx, size_t length, uint8_t *dst, + const uint8_t *src); + +struct aes192_ctx; +typedef void aes192_set_key_func (struct aes192_ctx *ctx, const uint8_t *key); +typedef void aes192_invert_key_func (struct aes192_ctx *dst, const struct aes192_ctx *src); +typedef void aes192_crypt_func (const struct aes192_ctx *ctx, size_t length, uint8_t *dst, + const uint8_t *src); + +struct aes256_ctx; +typedef void aes256_set_key_func (struct aes256_ctx *ctx, const uint8_t *key); +typedef void aes256_invert_key_func (struct aes256_ctx *dst, const struct aes256_ctx *src); +typedef void aes256_crypt_func (const struct aes256_ctx *ctx, size_t length, uint8_t *dst, + const uint8_t *src); Index: nettle-3.7.3/s390x/fat/gcm-hash.asm =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/fat/gcm-hash.asm @@ -0,0 +1,38 @@ +C s390x/fat/gcm-hash.asm + +ifelse(` + Copyright (C) 2020 Mamone Tarsha + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +dnl picked up by configure +dnl PROLOGUE(_nettle_fat_gcm_init_key) +dnl PROLOGUE(_nettle_fat_gcm_hash) + +define(`fat_transform', `$1_s390x') +include_src(`s390x/msa_x4/gcm-hash.asm') Index: nettle-3.7.3/s390x/fat/cpu-facility.asm =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/fat/cpu-facility.asm @@ -0,0 +1,62 @@ +C s390x/fat/cpu-facility.asm + +ifelse(` + Copyright (C) 2021 Mamone Tarsha + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +.file "cpu-facility.asm" + +.text + +C void _nettle_stfle(uint64_t *facility, uint64_t facility_size) + +PROLOGUE(_nettle_stfle) + lgr %r0,%r3 C facility_size + aghi %r0,-1 C facility_size - 1 + .long 0xb2b02000 C stfle 0(%r2) + br RA +EPILOGUE(_nettle_stfle) + +C void _nettle_km_status(uint64_t *status) + +PROLOGUE(_nettle_km_status) + lghi %r0,0 C query code + lgr %r1,%r2 C status + .long 0xb92e0022 C km %r2,%r2. Operands are ignored + br RA +EPILOGUE(_nettle_km_status) + +C void _nettle_kimd_status(uint64_t *status) + +PROLOGUE(_nettle_kimd_status) + lghi %r0,0 C query code + lgr %r1,%r2 C status + .long 0xb93e0002 C kimd %r0,%r2. Operands are ignored + br RA +EPILOGUE(_nettle_kimd_status) Index: nettle-3.7.3/s390x/fat/aes128-decrypt-2.asm =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/fat/aes128-decrypt-2.asm @@ -0,0 +1,36 @@ +C s390x/fat/aes128-decrypt.asm + +ifelse(` + Copyright (C) 2020 Mamone Tarsha + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +dnl PROLOGUE(nettle_aes128_decrypt) picked up by configure + +define(`fat_transform', `_$1_s390x') +include_src(`s390x/msa_x1/aes128-decrypt.asm') Index: nettle-3.7.3/s390x/fat/aes128-encrypt-2.asm =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/fat/aes128-encrypt-2.asm @@ -0,0 +1,36 @@ +C s390x/fat/aes128-encrypt.asm + +ifelse(` + Copyright (C) 2020 Mamone Tarsha + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +dnl PROLOGUE(nettle_aes128_encrypt) picked up by configure + +define(`fat_transform', `_$1_s390x') +include_src(`s390x/msa_x1/aes128-encrypt.asm') Index: nettle-3.7.3/s390x/fat/aes128-set-decrypt-key-2.asm =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/fat/aes128-set-decrypt-key-2.asm @@ -0,0 +1,38 @@ +C s390x/fat/aes128-set-decrypt-key.asm + +ifelse(` + Copyright (C) 2020 Mamone Tarsha + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +dnl picked up by configure +dnl PROLOGUE(nettle_aes128_invert_key) +dnl PROLOGUE(nettle_aes128_set_decrypt_key) + +define(`fat_transform', `_$1_s390x') +include_src(`s390x/msa_x1/aes128-set-decrypt-key.asm') Index: nettle-3.7.3/s390x/fat/aes128-set-encrypt-key-2.asm =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/fat/aes128-set-encrypt-key-2.asm @@ -0,0 +1,36 @@ +C s390x/fat/aes128-set-encrypt-key.asm + +ifelse(` + Copyright (C) 2020 Mamone Tarsha + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +dnl PROLOGUE(nettle_aes128_set_encrypt_key) picked up by configure + +define(`fat_transform', `_$1_s390x') +include_src(`s390x/msa_x1/aes128-set-encrypt-key.asm') Index: nettle-3.7.3/s390x/fat/aes192-decrypt-2.asm =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/fat/aes192-decrypt-2.asm @@ -0,0 +1,36 @@ +C s390x/fat/aes192-decrypt.asm + +ifelse(` + Copyright (C) 2020 Mamone Tarsha + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +dnl PROLOGUE(nettle_aes192_decrypt) picked up by configure + +define(`fat_transform', `_$1_s390x') +include_src(`s390x/msa_x2/aes192-decrypt.asm') Index: nettle-3.7.3/s390x/fat/aes192-encrypt-2.asm =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/fat/aes192-encrypt-2.asm @@ -0,0 +1,36 @@ +C s390x/fat/aes192-encrypt.asm + +ifelse(` + Copyright (C) 2020 Mamone Tarsha + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +dnl PROLOGUE(nettle_aes192_encrypt) picked up by configure + +define(`fat_transform', `_$1_s390x') +include_src(`s390x/msa_x2/aes192-encrypt.asm') Index: nettle-3.7.3/s390x/fat/aes192-set-decrypt-key-2.asm =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/fat/aes192-set-decrypt-key-2.asm @@ -0,0 +1,38 @@ +C s390x/fat/aes192-set-decrypt-key.asm + +ifelse(` + Copyright (C) 2020 Mamone Tarsha + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +dnl picked up by configure +dnl PROLOGUE(nettle_aes192_invert_key) +dnl PROLOGUE(nettle_aes192_set_decrypt_key) + +define(`fat_transform', `_$1_s390x') +include_src(`s390x/msa_x2/aes192-set-decrypt-key.asm') Index: nettle-3.7.3/s390x/fat/aes192-set-encrypt-key-2.asm =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/fat/aes192-set-encrypt-key-2.asm @@ -0,0 +1,36 @@ +C s390x/fat/aes192-set-encrypt-key.asm + +ifelse(` + Copyright (C) 2020 Mamone Tarsha + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +dnl PROLOGUE(nettle_aes192_set_encrypt_key) picked up by configure + +define(`fat_transform', `_$1_s390x') +include_src(`s390x/msa_x2/aes192-set-encrypt-key.asm') Index: nettle-3.7.3/s390x/fat/aes256-decrypt-2.asm =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/fat/aes256-decrypt-2.asm @@ -0,0 +1,36 @@ +C s390x/fat/aes256-decrypt.asm + +ifelse(` + Copyright (C) 2020 Mamone Tarsha + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +dnl PROLOGUE(nettle_aes256_decrypt) picked up by configure + +define(`fat_transform', `_$1_s390x') +include_src(`s390x/msa_x2/aes256-decrypt.asm') Index: nettle-3.7.3/s390x/fat/aes256-encrypt-2.asm =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/fat/aes256-encrypt-2.asm @@ -0,0 +1,36 @@ +C s390x/fat/aes256-encrypt.asm + +ifelse(` + Copyright (C) 2020 Mamone Tarsha + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +dnl PROLOGUE(nettle_aes256_encrypt) picked up by configure + +define(`fat_transform', `_$1_s390x') +include_src(`s390x/msa_x2/aes256-encrypt.asm') Index: nettle-3.7.3/s390x/fat/aes256-set-decrypt-key-2.asm =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/fat/aes256-set-decrypt-key-2.asm @@ -0,0 +1,38 @@ +C s390x/fat/aes256-set-decrypt-key.asm + +ifelse(` + Copyright (C) 2020 Mamone Tarsha + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +dnl picked up by configure +dnl PROLOGUE(nettle_aes256_invert_key) +dnl PROLOGUE(nettle_aes256_set_decrypt_key) + +define(`fat_transform', `_$1_s390x') +include_src(`s390x/msa_x2/aes256-set-decrypt-key.asm') Index: nettle-3.7.3/s390x/fat/aes256-set-encrypt-key-2.asm =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/fat/aes256-set-encrypt-key-2.asm @@ -0,0 +1,36 @@ +C s390x/fat/aes256-set-encrypt-key.asm + +ifelse(` + Copyright (C) 2020 Mamone Tarsha + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +dnl PROLOGUE(nettle_aes256_set_encrypt_key) picked up by configure + +define(`fat_transform', `_$1_s390x') +include_src(`s390x/msa_x2/aes256-set-encrypt-key.asm') Index: nettle-3.7.3/s390x/memxor.asm =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/memxor.asm @@ -0,0 +1,52 @@ +C s390x/memxor.asm + +ifelse(` + Copyright (C) 2021 Mamone Tarsha + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +.file "memxor.asm" + +.text + +C void * memxor(void *dst, const void *src, size_t n) + +PROLOGUE(nettle_memxor) + srlg %r5,%r4,8 + clgije %r5,0,Llen +L256_loop: + xc 0(256,%r2),0(%r3) + aghi %r2,256 + aghi %r3,256 + brctg %r5,L256_loop +Llen: + risbg %r5,%r4,56,191,0 + jz Ldone + XOR_LEN(%r2,%r3,%r5,%r1) +Ldone: + br RA +EPILOGUE(nettle_memxor) Index: nettle-3.7.3/memxor3.c =================================================================== --- nettle-3.7.3.orig/memxor3.c +++ nettle-3.7.3/memxor3.c @@ -45,6 +45,13 @@ #define WORD_T_THRESH 16 +/* For fat builds */ +#if HAVE_NATIVE_memxor3 +void * +_nettle_memxor3_c(void *dst_in, const void *a_in, const void *b_in, size_t n); +# define nettle_memxor3 _nettle_memxor3_c +#endif + /* XOR word-aligned areas. n is the number of words, not bytes. */ static void memxor3_common_alignment (word_t *dst, @@ -236,7 +243,8 @@ memxor3_different_alignment_all (word_t internally by cbc decrypt, and it is not advertised or documented to nettle users. */ void * -memxor3(void *dst_in, const void *a_in, const void *b_in, size_t n) +nettle_memxor3(void *dst_in, const void *a_in, + const void *b_in, size_t n) { unsigned char *dst = dst_in; const unsigned char *a = a_in; Index: nettle-3.7.3/s390x/fat/memxor3-2.asm =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/fat/memxor3-2.asm @@ -0,0 +1,36 @@ +C s390x/fat/memxor3-2.asm + +ifelse(` + Copyright (C) 2021 Mamone Tarsha + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +dnl PROLOGUE(nettle_memxor3) picked up by configure + +define(`fat_transform', `_$1_s390x') +include_src(`s390x/vf/memxor3.asm') Index: nettle-3.7.3/s390x/vf/memxor3.asm =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/vf/memxor3.asm @@ -0,0 +1,85 @@ +C s390/memxor3.asm + +ifelse(` + Copyright (C) 2020 Mamone Tarsha + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +.file "memxor3.asm" + +.text +.machine arch12 + +C void * memxor3(void *dst_in, const void *a_in, const void *b_in, size_t n) + +PROLOGUE(nettle_memxor3) + agr %r2,%r5 + agr %r3,%r5 + agr %r4,%r5 +Lmod: + risbg %r1,%r5,60,191,0 + jz L1x + sgr %r3,%r1 + sgr %r4,%r1 + sgr %r2,%r1 + aghi %r1,-1 C highest index + vll %v24,%r1,0(%r3) + vll %v28,%r1,0(%r4) + vx %v24,%v24,%v28 + vstl %v24,%r1,0(%r2) +L1x: + risbg %r1,%r5,58,187,0 + jz L4x + srlg %r1,%r1,4 C 1-block loop count 'n / 16' +L1x_loop: + aghi %r3,-16 + aghi %r4,-16 + aghi %r2,-16 + vl %v24,0(%r3),0 + vl %v28,0(%r4),0 + vx %v24,%v24,%v28 + vst %v24,0(%r2),0 + brctg %r1,L1x_loop +L4x: + risbg %r1,%r5,0,185,0 + jz Ldone + srlg %r1,%r1,6 C 4-blocks loop count 'n / (16 * 4)' +L4x_loop: + aghi %r3,-64 + aghi %r4,-64 + aghi %r2,-64 + vlm %v24,%v27,0(%r3),0 + vlm %v28,%v31,0(%r4),0 + vx %v24,%v24,%v28 + vx %v25,%v25,%v29 + vx %v26,%v26,%v30 + vx %v27,%v27,%v31 + vstm %v24,%v27,0(%r2),0 + brctg %r1,L4x_loop +Ldone: + br RA +EPILOGUE(nettle_memxor3) Index: nettle-3.7.3/s390x/fat/sha1-compress-2.asm =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/fat/sha1-compress-2.asm @@ -0,0 +1,36 @@ +C s390x/fat/sha1-compress-2.asm + +ifelse(` + Copyright (C) 2021 Mamone Tarsha + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +dnl PROLOGUE(nettle_sha1_compress) picked up by configure + +define(`fat_transform', `_$1_s390x') +include_src(`s390x/msa/sha1-compress.asm') Index: nettle-3.7.3/s390x/msa/sha1-compress.asm =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/msa/sha1-compress.asm @@ -0,0 +1,72 @@ +C s390x/msa/sha1-compress.asm + +ifelse(` + Copyright (C) 2021 Mamone Tarsha + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +C KIMD (COMPUTE INTERMEDIATE MESSAGE DIGEST) is specefied in +C "z/Architecture Principles of Operation SA22-7832-12" as follows: +C A function specified by the function code in general register 0 is performed. +C General register 1 contains the logical address of the leftmost byte of the parameter block in storage. +C the second operand is processed as specified by the function code using an initial chaining value in +C the parameter block, and the result replaces the chaining value. + +C This implementation uses KIMD-SHA-1 function. +C The parameter block used for the KIMD-SHA-1 function has the following format: +C *----------------------------------------------* +C | H0 (4 bytes) | +C |----------------------------------------------| +C | H1 (4 bytes) | +C |----------------------------------------------| +C | H2 (4 bytes) | +C |----------------------------------------------| +C | H3 (4 bytes) | +C |----------------------------------------------| +C | H4 (4 bytes) | +C *----------------------------------------------* + +.file "sha1-compress.asm" + +.text + +C SHA function code +define(`SHA1_FUNCTION_CODE', `1') +C Size of block +define(`SHA1_BLOCK_SIZE', `64') + +C void nettle_sha1_compress(uint32_t *state, const uint8_t *input) + +PROLOGUE(nettle_sha1_compress) + lghi %r0,SHA1_FUNCTION_CODE C FUNCTION_CODE + lgr %r1,%r2 + lgr %r4,%r3 + lghi %r5,SHA1_BLOCK_SIZE +1: .long 0xb93e0004 C kimd %r0,%r4. perform KIMD-SHA operation on data + brc 1,1b + br RA +EPILOGUE(nettle_sha1_compress) Index: nettle-3.7.3/s390x/fat/sha256-compress-2.asm =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/fat/sha256-compress-2.asm @@ -0,0 +1,36 @@ +C s390x/fat/sha256-compress-2.asm + +ifelse(` + Copyright (C) 2021 Mamone Tarsha + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +dnl PROLOGUE(_nettle_sha256_compress) picked up by configure + +define(`fat_transform', `$1_s390x') +include_src(`s390x/msa_x1/sha256-compress.asm') Index: nettle-3.7.3/s390x/fat/sha512-compress-2.asm =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/fat/sha512-compress-2.asm @@ -0,0 +1,36 @@ +C s390x/fat/sha512-compress-2.asm + +ifelse(` + Copyright (C) 2021 Mamone Tarsha + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +dnl PROLOGUE(_nettle_sha512_compress) picked up by configure + +define(`fat_transform', `$1_s390x') +include_src(`s390x/msa_x2/sha512-compress.asm') Index: nettle-3.7.3/s390x/msa_x1/sha256-compress.asm =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/msa_x1/sha256-compress.asm @@ -0,0 +1,80 @@ +C s390x/msa_x1/sha256-compress.asm + +ifelse(` + Copyright (C) 2021 Mamone Tarsha + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +C KIMD (COMPUTE INTERMEDIATE MESSAGE DIGEST) is specefied in +C "z/Architecture Principles of Operation SA22-7832-12" as follows: +C A function specified by the function code in general register 0 is performed. +C General register 1 contains the logical address of the leftmost byte of the parameter block in storage. +C the second operand is processed as specified by the function code using an initial chaining value in +C the parameter block, and the result replaces the chaining value. + +C This implementation uses KIMD-SHA-256 function. +C The parameter block used for the KIMD-SHA-256 function has the following format: +C *----------------------------------------------* +C | H0 (4 bytes) | +C |----------------------------------------------| +C | H1 (4 bytes) | +C |----------------------------------------------| +C | H2 (4 bytes) | +C |----------------------------------------------| +C | H3 (4 bytes) | +C |----------------------------------------------| +C | H4 (4 bytes) | +C |----------------------------------------------| +C | H5 (4 bytes) | +C |----------------------------------------------| +C | H6 (4 bytes) | +C |----------------------------------------------| +C | H7 (4 bytes) | +C *----------------------------------------------* + +.file "sha256-compress.asm" + +.text + +C SHA function code +define(`SHA256_FUNCTION_CODE', `2') +C Size of block +define(`SHA256_BLOCK_SIZE', `64') + +C void +C _nettle_sha256_compress(uint32_t *state, const uint8_t *input, +C const uint32_t *k) + +PROLOGUE(_nettle_sha256_compress) + lghi %r0,SHA256_FUNCTION_CODE C SHA-256 Function Code + lgr %r1,%r2 + lgr %r4,%r3 + lghi %r5,SHA256_BLOCK_SIZE +1: .long 0xb93e0004 C kimd %r0,%r4. perform KIMD-SHA operation on data + brc 1,1b + br RA +EPILOGUE(_nettle_sha256_compress) Index: nettle-3.7.3/s390x/msa_x2/sha512-compress.asm =================================================================== --- /dev/null +++ nettle-3.7.3/s390x/msa_x2/sha512-compress.asm @@ -0,0 +1,80 @@ +C s390x/msa_x2/sha512-compress.asm + +ifelse(` + Copyright (C) 2021 Mamone Tarsha + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +') + +C KIMD (COMPUTE INTERMEDIATE MESSAGE DIGEST) is specefied in +C "z/Architecture Principles of Operation SA22-7832-12" as follows: +C A function specified by the function code in general register 0 is performed. +C General register 1 contains the logical address of the leftmost byte of the parameter block in storage. +C the second operand is processed as specified by the function code using an initial chaining value in +C the parameter block, and the result replaces the chaining value. + +C This implementation uses KIMD-SHA-512 function. +C The parameter block used for the KIMD-SHA-512 function has the following format: +C *----------------------------------------------* +C | H0 (8 bytes) | +C |----------------------------------------------| +C | H1 (8 bytes) | +C |----------------------------------------------| +C | H2 (8 bytes) | +C |----------------------------------------------| +C | H3 (8 bytes) | +C |----------------------------------------------| +C | H4 (8 bytes) | +C |----------------------------------------------| +C | H5 (8 bytes) | +C |----------------------------------------------| +C | H6 (8 bytes) | +C |----------------------------------------------| +C | H7 (8 bytes) | +C *----------------------------------------------* + +.file "sha512-compress.asm" + +.text + +C SHA function code +define(`SHA512_FUNCTION_CODE', `3') +C Size of block +define(`SHA512_BLOCK_SIZE', `128') + +C void +C _nettle_sha512_compress(uint64_t *state, const uint8_t *input, +C const uint64_t *k) + +PROLOGUE(_nettle_sha512_compress) + lghi %r0,SHA512_FUNCTION_CODE C SHA-512 Function Code + lgr %r1,%r2 + lgr %r4,%r3 + lghi %r5,SHA512_BLOCK_SIZE +1: .long 0xb93e0004 C kimd %r0,%r4. perform KIMD-SHA operation on data + brc 1,1b + br RA +EPILOGUE(_nettle_sha512_compress)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
