From cvs at cvs.gnupg.org Thu Jan 1 19:35:16 2015 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Thu, 01 Jan 2015 19:35:16 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-144-gc2e1f8f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via c2e1f8fea271f3ef8027809547c4a52e0b1e24a2 (commit) via 1dab4c9422bf0f3cdc7a4d3ccf9db090abd90e94 (commit) via 99faf9cb34f872144313403f29f3379798debfc9 (commit) via 4515315f61fbf79413e150fbd1d5f5a2435f2bc5 (commit) via cc26106dbebeb84d481661813edc3e5aea9a7d99 (commit) from 520070e02e2e6ee7228945015573a6e1f4895ec3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c2e1f8fea271f3ef8027809547c4a52e0b1e24a2 Author: Jussi Kivilinna Date: Tue Dec 23 13:33:12 2014 +0200 random-csprng: fix compiler warnings on ARM * random/random-csprng.c (_gcry_rngcsprng_update_seed_file) (read_pool): Cast keypool and rndpool to 'unsigned long *' through 'void *'. -- Patch fixes 'cast increases required alignment' warnings seen on GCC: random-csprng.c: In function '_gcry_rngcsprng_update_seed_file': random-csprng.c:867:15: warning: cast increases required alignment of target type [-Wcast-align] for (i=0,dp=(unsigned long*)keypool, sp=(unsigned long*)rndpool; ^ random-csprng.c:867:43: warning: cast increases required alignment of target type [-Wcast-align] for (i=0,dp=(unsigned long*)keypool, sp=(unsigned long*)rndpool; ^ random-csprng.c: In function 'read_pool': random-csprng.c:1023:14: warning: cast increases required alignment of target type [-Wcast-align] for(i=0,dp=(unsigned long*)keypool, sp=(unsigned long*)rndpool; ^ random-csprng.c:1023:42: warning: cast increases required alignment of target type [-Wcast-align] for(i=0,dp=(unsigned long*)keypool, sp=(unsigned long*)rndpool; ^ Signed-off-by: Jussi Kivilinna diff --git a/random/random-csprng.c b/random/random-csprng.c index 429c84f..332744b 100644 --- a/random/random-csprng.c +++ b/random/random-csprng.c @@ -864,7 +864,7 @@ _gcry_rngcsprng_update_seed_file (void) /* Copy the entropy pool to a scratch pool and mix both of them. */ - for (i=0,dp=(unsigned long*)keypool, sp=(unsigned long*)rndpool; + for (i=0,dp=(unsigned long*)(void*)keypool, sp=(unsigned long*)(void*)rndpool; i < POOLWORDS; i++, dp++, sp++ ) { *dp = *sp + ADD_VALUE; @@ -1020,7 +1020,7 @@ read_pool (byte *buffer, size_t length, int level) } /* Create a new pool. */ - for(i=0,dp=(unsigned long*)keypool, sp=(unsigned long*)rndpool; + for(i=0,dp=(unsigned long*)(void*)keypool, sp=(unsigned long*)(void*)rndpool; i < POOLWORDS; i++, dp++, sp++ ) *dp = *sp + ADD_VALUE; commit 1dab4c9422bf0f3cdc7a4d3ccf9db090abd90e94 Author: Jussi Kivilinna Date: Tue Dec 23 13:31:58 2014 +0200 scrypt: fix compiler warnings on ARM * cipher/scrypt.c (_scryptBlockMix): Cast X to 'u32 *' through 'void *'. -- Patch fixes 'cast increases required alignment' warnings seen on GCC: scrypt.c: In function '_scryptBlockMix': scrypt.c:145:22: warning: cast increases required alignment of target type [-Wcast-align] _salsa20_core ((u32*)X, (u32*)X, 8); ^ scrypt.c:145:31: warning: cast increases required alignment of target type [-Wcast-align] _salsa20_core ((u32*)X, (u32*)X, 8); ^ Signed-off-by: Jussi Kivilinna diff --git a/cipher/scrypt.c b/cipher/scrypt.c index 404943d..aca903d 100644 --- a/cipher/scrypt.c +++ b/cipher/scrypt.c @@ -142,7 +142,7 @@ _scryptBlockMix (u32 r, unsigned char *B, unsigned char *tmp2) buf_xor(X, X, &B[i * 64], 64); /* X = Salsa (T) */ - _salsa20_core ((u32*)X, (u32*)X, 8); + _salsa20_core ((u32*)(void*)X, (u32*)(void*)X, 8); /* Y[i] = X */ memcpy (&Y[i * 64], X, 64); commit 99faf9cb34f872144313403f29f3379798debfc9 Author: Jussi Kivilinna Date: Tue Dec 23 13:31:09 2014 +0200 secmem: fix compiler warnings on ARM * src/secmem.c (ADDR_TO_BLOCK, mb_get_next, mb_get_new): Cast pointer from 'char *' to 'memblock_t *' through 'void *'. (MB_WIPE_OUT): Remove unneeded cast to 'memblock_t *'. -- Patch fixes 'cast increases required alignment' warnings seen on GCC: secmem.c: In function 'mb_get_next': secmem.c:140:13: warning: cast increases required alignment of target type [-Wcast-align] mb_next = (memblock_t *) ((char *) mb + BLOCK_HEAD_SIZE + mb->size); ^ secmem.c: In function 'mb_get_new': secmem.c:208:17: warning: cast increases required alignment of target type [-Wcast-align] mb_split = (memblock_t *) (((char *) mb) + BLOCK_HEAD_SIZE + size); ^ secmem.c: In function '_gcry_secmem_free_internal': secmem.c:101:3: warning: cast increases required alignment of target type [-Wcast-align] (memblock_t *) ((char *) addr - BLOCK_HEAD_SIZE) ^ secmem.c:603:8: note: in expansion of macro 'ADDR_TO_BLOCK' mb = ADDR_TO_BLOCK (a); ^ In file included from secmem.c:40:0: secmem.c:609:16: warning: cast increases required alignment of target type [-Wcast-align] wipememory2 ((memblock_t *) ((char *) mb + BLOCK_HEAD_SIZE), (byte), size); ^ g10lib.h:309:54: note: in definition of macro 'wipememory2' volatile char *_vptr=(volatile char *)(_ptr); \ ^ secmem.c:611:3: note: in expansion of macro 'MB_WIPE_OUT' MB_WIPE_OUT (0xff); ^ secmem.c:609:16: warning: cast increases required alignment of target type [-Wcast-align] wipememory2 ((memblock_t *) ((char *) mb + BLOCK_HEAD_SIZE), (byte), size); ^ g10lib.h:309:54: note: in definition of macro 'wipememory2' volatile char *_vptr=(volatile char *)(_ptr); \ ^ secmem.c:612:3: note: in expansion of macro 'MB_WIPE_OUT' MB_WIPE_OUT (0xaa); ^ secmem.c:609:16: warning: cast increases required alignment of target type [-Wcast-align] wipememory2 ((memblock_t *) ((char *) mb + BLOCK_HEAD_SIZE), (byte), size); ^ g10lib.h:309:54: note: in definition of macro 'wipememory2' volatile char *_vptr=(volatile char *)(_ptr); \ ^ secmem.c:613:3: note: in expansion of macro 'MB_WIPE_OUT' MB_WIPE_OUT (0x55); ^ secmem.c:609:16: warning: cast increases required alignment of target type [-Wcast-align] wipememory2 ((memblock_t *) ((char *) mb + BLOCK_HEAD_SIZE), (byte), size); ^ g10lib.h:309:54: note: in definition of macro 'wipememory2' volatile char *_vptr=(volatile char *)(_ptr); \ ^ secmem.c:614:3: note: in expansion of macro 'MB_WIPE_OUT' MB_WIPE_OUT (0x00); ^ secmem.c: In function '_gcry_secmem_realloc': secmem.c:644:8: warning: cast increases required alignment of target type [-Wcast-align] mb = (memblock_t *) ((char *) p - ((size_t) &((memblock_t *) 0)->aligned.c)); ^ Signed-off-by: Jussi Kivilinna diff --git a/src/secmem.c b/src/secmem.c index cfea921..df15df0 100644 --- a/src/secmem.c +++ b/src/secmem.c @@ -98,7 +98,7 @@ GPGRT_LOCK_DEFINE (secmem_lock); /* Convert an address into the according memory block structure. */ #define ADDR_TO_BLOCK(addr) \ - (memblock_t *) ((char *) addr - BLOCK_HEAD_SIZE) + (memblock_t *) (void *) ((char *) addr - BLOCK_HEAD_SIZE) /* Check whether P points into the pool. */ static int @@ -137,7 +137,7 @@ mb_get_next (memblock_t *mb) { memblock_t *mb_next; - mb_next = (memblock_t *) ((char *) mb + BLOCK_HEAD_SIZE + mb->size); + mb_next = (memblock_t *) (void *) ((char *) mb + BLOCK_HEAD_SIZE + mb->size); if (! ptr_into_pool_p (mb_next)) mb_next = NULL; @@ -205,7 +205,8 @@ mb_get_new (memblock_t *block, size_t size) { /* Split block. */ - mb_split = (memblock_t *) (((char *) mb) + BLOCK_HEAD_SIZE + size); + mb_split = (memblock_t *) (void *) (((char *) mb) + BLOCK_HEAD_SIZE + + size); mb_split->size = mb->size - size - BLOCK_HEAD_SIZE; mb_split->flags = 0; @@ -606,7 +607,7 @@ _gcry_secmem_free_internal (void *a) /* This does not make much sense: probably this memory is held in the * cache. We do it anyway: */ #define MB_WIPE_OUT(byte) \ - wipememory2 ((memblock_t *) ((char *) mb + BLOCK_HEAD_SIZE), (byte), size); + wipememory2 (((char *) mb + BLOCK_HEAD_SIZE), (byte), size); MB_WIPE_OUT (0xff); MB_WIPE_OUT (0xaa); @@ -641,7 +642,8 @@ _gcry_secmem_realloc (void *p, size_t newsize) SECMEM_LOCK; - mb = (memblock_t *) ((char *) p - ((size_t) &((memblock_t *) 0)->aligned.c)); + mb = (memblock_t *) (void *) ((char *) p + - ((size_t) &((memblock_t *) 0)->aligned.c)); size = mb->size; if (newsize < size) { commit 4515315f61fbf79413e150fbd1d5f5a2435f2bc5 Author: Jussi Kivilinna Date: Tue Dec 23 13:01:33 2014 +0200 hash: fix compiler warning on ARM * cipher/md.c (md_open, md_copy): Cast 'char *' to ctx through 'void *'. * cipher/md4.c (md4_final): Use buf_put_* helper instead of converting 'char *' to 'u32 *'. * cipher/md5.c (md5_final): Ditto. * cipher/rmd160.c (_gcry_rmd160_mixblock, rmd160_final): Ditto. * cipher/sha1.c (sha1_final): Ditto. * cipher/sha256.c (sha256_final): Ditto. * cipher/sha512.c (sha512_final): Ditto. * cipher/tiger.c (tiger_final): Ditto. -- Patch fixes 'cast increases required alignment' warnings seen on GCC: md.c: In function 'md_open': md.c:318:23: warning: cast increases required alignment of target type [-Wcast-align] hd->ctx = ctx = (struct gcry_md_context *) ((char *) hd + n); ^ md.c: In function 'md_copy': md.c:491:22: warning: cast increases required alignment of target type [-Wcast-align] bhd->ctx = b = (struct gcry_md_context *) ((char *) bhd + n); ^ md4.c: In function 'md4_final': md4.c:258:20: warning: cast increases required alignment of target type [-Wcast-align] #define X(a) do { *(u32*)p = le_bswap32((*hd).a) ; p += 4; } while(0) ^ md4.c:259:3: note: in expansion of macro 'X' X(A); ^ md4.c:258:20: warning: cast increases required alignment of target type [-Wcast-align] #define X(a) do { *(u32*)p = le_bswap32((*hd).a) ; p += 4; } while(0) ^ md4.c:260:3: note: in expansion of macro 'X' X(B); ^ [removed the rest] Signed-off-by: Jussi Kivilinna diff --git a/cipher/md.c b/cipher/md.c index df8b027..f9414de 100644 --- a/cipher/md.c +++ b/cipher/md.c @@ -315,7 +315,7 @@ md_open (gcry_md_hd_t *h, int algo, unsigned int flags) if (! err) { - hd->ctx = ctx = (struct gcry_md_context *) ((char *) hd + n); + hd->ctx = ctx = (void *) ((char *) hd + n); /* Setup the globally visible data (bctl in the diagram).*/ hd->bufsize = n - sizeof (struct gcry_md_handle) + 1; hd->bufpos = 0; @@ -488,7 +488,7 @@ md_copy (gcry_md_hd_t ahd, gcry_md_hd_t *b_hd) if (! err) { - bhd->ctx = b = (struct gcry_md_context *) ((char *) bhd + n); + bhd->ctx = b = (void *) ((char *) bhd + n); /* No need to copy the buffer due to the write above. */ gcry_assert (ahd->bufsize == (n - sizeof (struct gcry_md_handle) + 1)); bhd->bufsize = ahd->bufsize; diff --git a/cipher/md4.c b/cipher/md4.c index 7291254..c9b4154 100644 --- a/cipher/md4.c +++ b/cipher/md4.c @@ -255,7 +255,7 @@ md4_final( void *context ) _gcry_burn_stack (burn); p = hd->bctx.buf; -#define X(a) do { *(u32*)p = le_bswap32((*hd).a) ; p += 4; } while(0) +#define X(a) do { buf_put_le32(p, hd->a); p += 4; } while(0) X(A); X(B); X(C); diff --git a/cipher/md5.c b/cipher/md5.c index 73ad968..f17af7a 100644 --- a/cipher/md5.c +++ b/cipher/md5.c @@ -279,7 +279,7 @@ md5_final( void *context) _gcry_burn_stack (burn); p = hd->bctx.buf; -#define X(a) do { *(u32*)p = le_bswap32((*hd).a) ; p += 4; } while(0) +#define X(a) do { buf_put_le32(p, hd->a); p += 4; } while(0) X(A); X(B); X(C); diff --git a/cipher/rmd160.c b/cipher/rmd160.c index e6d02f5..2b1f321 100644 --- a/cipher/rmd160.c +++ b/cipher/rmd160.c @@ -411,7 +411,7 @@ _gcry_rmd160_mixblock ( RMD160_CONTEXT *hd, void *blockof64byte ) char *p = blockof64byte; transform ( hd, blockof64byte, 1 ); -#define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0) +#define X(a) do { buf_put_le32(p, hd->h##a); p += 4; } while(0) X(0); X(1); X(2); @@ -474,7 +474,7 @@ rmd160_final( void *context ) _gcry_burn_stack (burn); p = hd->bctx.buf; -#define X(a) do { *(u32*)p = le_bswap32(hd->h##a) ; p += 4; } while(0) +#define X(a) do { buf_put_le32(p, hd->h##a); p += 4; } while(0) X(0); X(1); X(2); diff --git a/cipher/sha1.c b/cipher/sha1.c index 00c57dd..6ccf0e8 100644 --- a/cipher/sha1.c +++ b/cipher/sha1.c @@ -401,7 +401,7 @@ sha1_final(void *context) _gcry_burn_stack (burn); p = hd->bctx.buf; -#define X(a) do { *(u32*)p = be_bswap32(hd->h##a) ; p += 4; } while(0) +#define X(a) do { buf_put_be32(p, hd->h##a); p += 4; } while(0) X(0); X(1); X(2); diff --git a/cipher/sha256.c b/cipher/sha256.c index 4efaec6..d3af172 100644 --- a/cipher/sha256.c +++ b/cipher/sha256.c @@ -428,7 +428,7 @@ sha256_final(void *context) _gcry_burn_stack (burn); p = hd->bctx.buf; -#define X(a) do { *(u32*)p = be_bswap32(hd->h##a); p += 4; } while(0) +#define X(a) do { buf_put_be32(p, hd->h##a); p += 4; } while(0) X(0); X(1); X(2); diff --git a/cipher/sha512.c b/cipher/sha512.c index 7d60df0..5a6af80 100644 --- a/cipher/sha512.c +++ b/cipher/sha512.c @@ -669,7 +669,7 @@ sha512_final (void *context) _gcry_burn_stack (stack_burn_depth); p = hd->bctx.buf; -#define X(a) do { *(u64*)p = be_bswap64(hd->state.h##a) ; p += 8; } while (0) +#define X(a) do { buf_put_be64(p, hd->state.h##a); p += 8; } while (0) X (0); X (1); X (2); diff --git a/cipher/tiger.c b/cipher/tiger.c index 91db4e6..8a08953 100644 --- a/cipher/tiger.c +++ b/cipher/tiger.c @@ -805,8 +805,8 @@ tiger_final( void *context ) _gcry_burn_stack (burn); p = hd->bctx.buf; -#define X(a) do { *(u64*)p = be_bswap64(hd->a); p += 8; } while(0) -#define Y(a) do { *(u64*)p = le_bswap64(hd->a); p += 8; } while(0) +#define X(a) do { buf_put_be64(p, hd->a); p += 8; } while(0) +#define Y(a) do { buf_put_le64(p, hd->a); p += 8; } while(0) if (hd->variant == 0) { X(a); commit cc26106dbebeb84d481661813edc3e5aea9a7d99 Author: Jussi Kivilinna Date: Tue Dec 23 12:13:50 2014 +0200 rijndael: fix compiler warnings on ARM * cipher/rijndael-internal.h (RIJNDAEL_context_s): Add u32 variants of keyschedule arrays to unions u1 and u2. (keyschedenc32, keyscheddec32): New. * cipher/rijndael.c (u32_a_t): Remove. (do_setkey): Add and use tkk[].data32, k_u32, tk_u32 and W_u32; Remove casting byte arrays to u32_a_t. (prepare_decryption, do_encrypt_fn, do_decrypt_fn): Use keyschedenc32 and keyscheddec32; Remove casting byte arrays to u32_a_t. -- Patch fixes 'cast increases required alignment' compiler warnings that GCC was showing: rijndael.c: In function 'do_setkey': rijndael.c:310:13: warning: cast increases required alignment of target type [-Wcast-align] *((u32_a_t*)tk[j]) = *((u32_a_t*)k[j]); ^ rijndael.c:310:34: warning: cast increases required alignment of target type [-Wcast-align] *((u32_a_t*)tk[j]) = *((u32_a_t*)k[j]); [removed the rest] Signed-off-by: Jussi Kivilinna diff --git a/cipher/rijndael-internal.h b/cipher/rijndael-internal.h index 7bc3790..7ff8660 100644 --- a/cipher/rijndael-internal.h +++ b/cipher/rijndael-internal.h @@ -95,6 +95,7 @@ typedef struct RIJNDAEL_context_s { PROPERLY_ALIGNED_TYPE dummy; byte keyschedule[MAXROUNDS+1][4][4]; + u32 keyschedule32[MAXROUNDS+1][4]; #ifdef USE_PADLOCK /* The key as passed to the padlock engine. It is only used if the padlock engine is used (USE_PADLOCK, below). */ @@ -105,6 +106,7 @@ typedef struct RIJNDAEL_context_s { PROPERLY_ALIGNED_TYPE dummy; byte keyschedule[MAXROUNDS+1][4][4]; + u32 keyschedule32[MAXROUNDS+1][4]; } u2; int rounds; /* Key-length-dependent number of rounds. */ unsigned int decryption_prepared:1; /* The decryption key schedule is available. */ @@ -121,8 +123,10 @@ typedef struct RIJNDAEL_context_s } RIJNDAEL_context ATTR_ALIGNED_16; /* Macros defining alias for the keyschedules. */ -#define keyschenc u1.keyschedule -#define keyschdec u2.keyschedule -#define padlockkey u1.padlock_key +#define keyschenc u1.keyschedule +#define keyschenc32 u1.keyschedule32 +#define keyschdec u2.keyschedule +#define keyschdec32 u2.keyschedule32 +#define padlockkey u1.padlock_key #endif /* G10_RIJNDAEL_INTERNAL_H */ diff --git a/cipher/rijndael.c b/cipher/rijndael.c index 5b0fe1c..7a83718 100644 --- a/cipher/rijndael.c +++ b/cipher/rijndael.c @@ -50,14 +50,6 @@ #include "rijndael-internal.h" -/* Define an u32 variant for the sake of gcc 4.4's strict aliasing. */ -#if __GNUC__ > 4 || ( __GNUC__ == 4 && __GNUC_MINOR__ >= 4 ) -typedef u32 __attribute__ ((__may_alias__)) u32_a_t; -#else -typedef u32 u32_a_t; -#endif - - #ifdef USE_AMD64_ASM /* AMD64 assembly implementations of AES */ extern unsigned int _gcry_aes_amd64_encrypt_block(const void *keysched_enc, @@ -293,10 +285,14 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) { PROPERLY_ALIGNED_TYPE dummy; byte data[MAXKC][4]; + u32 data32[MAXKC]; } tkk[2]; -#define k tkk[0].data -#define tk tkk[1].data -#define W (ctx->keyschenc) +#define k tkk[0].data +#define k_u32 tkk[0].data32 +#define tk tkk[1].data +#define tk_u32 tkk[1].data32 +#define W (ctx->keyschenc) +#define W_u32 (ctx->keyschenc32) prefetch_enc(); @@ -307,7 +303,7 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) for (j = KC-1; j >= 0; j--) { - *((u32_a_t*)tk[j]) = *((u32_a_t*)k[j]); + tk_u32[j] = k_u32[j]; } r = 0; t = 0; @@ -316,7 +312,7 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) { for (; (j < KC) && (t < 4); j++, t++) { - *((u32_a_t*)W[r][t]) = le_bswap32(*((u32_a_t*)tk[j])); + W_u32[r][t] = le_bswap32(tk_u32[j]); } if (t == 4) { @@ -339,14 +335,14 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) { for (j = 1; j < KC; j++) { - *((u32_a_t*)tk[j]) ^= *((u32_a_t*)tk[j-1]); + tk_u32[j] ^= tk_u32[j-1]; } } else { for (j = 1; j < KC/2; j++) { - *((u32_a_t*)tk[j]) ^= *((u32_a_t*)tk[j-1]); + tk_u32[j] ^= tk_u32[j-1]; } tk[KC/2][0] ^= sbox[tk[KC/2 - 1][0] * 4]; tk[KC/2][1] ^= sbox[tk[KC/2 - 1][1] * 4]; @@ -354,7 +350,7 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) tk[KC/2][3] ^= sbox[tk[KC/2 - 1][3] * 4]; for (j = KC/2 + 1; j < KC; j++) { - *((u32_a_t*)tk[j]) ^= *((u32_a_t*)tk[j-1]); + tk_u32[j] ^= tk_u32[j-1]; } } @@ -363,7 +359,7 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) { for (; (j < KC) && (t < 4); j++, t++) { - *((u32_a_t*)W[r][t]) = le_bswap32(*((u32_a_t*)tk[j])); + W_u32[r][t] = le_bswap32(tk_u32[j]); } if (t == 4) { @@ -375,6 +371,9 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) #undef W #undef tk #undef k +#undef W_u32 +#undef tk_u32 +#undef k_u32 wipememory(&tkk, sizeof(tkk)); } @@ -417,15 +416,15 @@ prepare_decryption( RIJNDAEL_context *ctx ) prefetch_enc(); prefetch_dec(); - *((u32_a_t*)ctx->keyschdec[0][0]) = *((u32_a_t*)ctx->keyschenc[0][0]); - *((u32_a_t*)ctx->keyschdec[0][1]) = *((u32_a_t*)ctx->keyschenc[0][1]); - *((u32_a_t*)ctx->keyschdec[0][2]) = *((u32_a_t*)ctx->keyschenc[0][2]); - *((u32_a_t*)ctx->keyschdec[0][3]) = *((u32_a_t*)ctx->keyschenc[0][3]); + ctx->keyschdec32[0][0] = ctx->keyschenc32[0][0]; + ctx->keyschdec32[0][1] = ctx->keyschenc32[0][1]; + ctx->keyschdec32[0][2] = ctx->keyschenc32[0][2]; + ctx->keyschdec32[0][3] = ctx->keyschenc32[0][3]; for (r = 1; r < ctx->rounds; r++) { - u32_a_t *wi = (u32_a_t*)((ctx->keyschenc)[r]); - u32_a_t *wo = (u32_a_t*)((ctx->keyschdec)[r]); + u32 *wi = ctx->keyschenc32[r]; + u32 *wo = ctx->keyschdec32[r]; u32 wt; wt = wi[0]; @@ -453,10 +452,10 @@ prepare_decryption( RIJNDAEL_context *ctx ) ^ rol(decT[sbox[(byte)(wt >> 24) * 4]], 8 * 3); } - *((u32_a_t*)ctx->keyschdec[r][0]) = *((u32_a_t*)ctx->keyschenc[r][0]); - *((u32_a_t*)ctx->keyschdec[r][1]) = *((u32_a_t*)ctx->keyschenc[r][1]); - *((u32_a_t*)ctx->keyschdec[r][2]) = *((u32_a_t*)ctx->keyschenc[r][2]); - *((u32_a_t*)ctx->keyschdec[r][3]) = *((u32_a_t*)ctx->keyschenc[r][3]); + ctx->keyschdec32[r][0] = ctx->keyschenc32[r][0]; + ctx->keyschdec32[r][1] = ctx->keyschenc32[r][1]; + ctx->keyschdec32[r][2] = ctx->keyschenc32[r][2]; + ctx->keyschdec32[r][3] = ctx->keyschenc32[r][3]; } } @@ -467,7 +466,7 @@ static unsigned int do_encrypt_fn (const RIJNDAEL_context *ctx, unsigned char *b, const unsigned char *a) { -#define rk (ctx->keyschenc) +#define rk (ctx->keyschenc32) const byte *sbox = ((const byte *)encT) + 1; int rounds = ctx->rounds; int r; @@ -479,34 +478,34 @@ do_encrypt_fn (const RIJNDAEL_context *ctx, unsigned char *b, sb[2] = buf_get_le32(a + 8); sb[3] = buf_get_le32(a + 12); - sa[0] = sb[0] ^ *((u32_a_t*)rk[0][0]); - sa[1] = sb[1] ^ *((u32_a_t*)rk[0][1]); - sa[2] = sb[2] ^ *((u32_a_t*)rk[0][2]); - sa[3] = sb[3] ^ *((u32_a_t*)rk[0][3]); + sa[0] = sb[0] ^ rk[0][0]; + sa[1] = sb[1] ^ rk[0][1]; + sa[2] = sb[2] ^ rk[0][2]; + sa[3] = sb[3] ^ rk[0][3]; sb[0] = rol(encT[(byte)(sa[0] >> (0 * 8))], (0 * 8)); sb[3] = rol(encT[(byte)(sa[0] >> (1 * 8))], (1 * 8)); sb[2] = rol(encT[(byte)(sa[0] >> (2 * 8))], (2 * 8)); sb[1] = rol(encT[(byte)(sa[0] >> (3 * 8))], (3 * 8)); - sa[0] = *((u32_a_t*)rk[1][0]) ^ sb[0]; + sa[0] = rk[1][0] ^ sb[0]; sb[1] ^= rol(encT[(byte)(sa[1] >> (0 * 8))], (0 * 8)); sa[0] ^= rol(encT[(byte)(sa[1] >> (1 * 8))], (1 * 8)); sb[3] ^= rol(encT[(byte)(sa[1] >> (2 * 8))], (2 * 8)); sb[2] ^= rol(encT[(byte)(sa[1] >> (3 * 8))], (3 * 8)); - sa[1] = *((u32_a_t*)rk[1][1]) ^ sb[1]; + sa[1] = rk[1][1] ^ sb[1]; sb[2] ^= rol(encT[(byte)(sa[2] >> (0 * 8))], (0 * 8)); sa[1] ^= rol(encT[(byte)(sa[2] >> (1 * 8))], (1 * 8)); sa[0] ^= rol(encT[(byte)(sa[2] >> (2 * 8))], (2 * 8)); sb[3] ^= rol(encT[(byte)(sa[2] >> (3 * 8))], (3 * 8)); - sa[2] = *((u32_a_t*)rk[1][2]) ^ sb[2]; + sa[2] = rk[1][2] ^ sb[2]; sb[3] ^= rol(encT[(byte)(sa[3] >> (0 * 8))], (0 * 8)); sa[2] ^= rol(encT[(byte)(sa[3] >> (1 * 8))], (1 * 8)); sa[1] ^= rol(encT[(byte)(sa[3] >> (2 * 8))], (2 * 8)); sa[0] ^= rol(encT[(byte)(sa[3] >> (3 * 8))], (3 * 8)); - sa[3] = *((u32_a_t*)rk[1][3]) ^ sb[3]; + sa[3] = rk[1][3] ^ sb[3]; for (r = 2; r < rounds; r++) { @@ -514,25 +513,25 @@ do_encrypt_fn (const RIJNDAEL_context *ctx, unsigned char *b, sb[3] = rol(encT[(byte)(sa[0] >> (1 * 8))], (1 * 8)); sb[2] = rol(encT[(byte)(sa[0] >> (2 * 8))], (2 * 8)); sb[1] = rol(encT[(byte)(sa[0] >> (3 * 8))], (3 * 8)); - sa[0] = *((u32_a_t*)rk[r][0]) ^ sb[0]; + sa[0] = rk[r][0] ^ sb[0]; sb[1] ^= rol(encT[(byte)(sa[1] >> (0 * 8))], (0 * 8)); sa[0] ^= rol(encT[(byte)(sa[1] >> (1 * 8))], (1 * 8)); sb[3] ^= rol(encT[(byte)(sa[1] >> (2 * 8))], (2 * 8)); sb[2] ^= rol(encT[(byte)(sa[1] >> (3 * 8))], (3 * 8)); - sa[1] = *((u32_a_t*)rk[r][1]) ^ sb[1]; + sa[1] = rk[r][1] ^ sb[1]; sb[2] ^= rol(encT[(byte)(sa[2] >> (0 * 8))], (0 * 8)); sa[1] ^= rol(encT[(byte)(sa[2] >> (1 * 8))], (1 * 8)); sa[0] ^= rol(encT[(byte)(sa[2] >> (2 * 8))], (2 * 8)); sb[3] ^= rol(encT[(byte)(sa[2] >> (3 * 8))], (3 * 8)); - sa[2] = *((u32_a_t*)rk[r][2]) ^ sb[2]; + sa[2] = rk[r][2] ^ sb[2]; sb[3] ^= rol(encT[(byte)(sa[3] >> (0 * 8))], (0 * 8)); sa[2] ^= rol(encT[(byte)(sa[3] >> (1 * 8))], (1 * 8)); sa[1] ^= rol(encT[(byte)(sa[3] >> (2 * 8))], (2 * 8)); sa[0] ^= rol(encT[(byte)(sa[3] >> (3 * 8))], (3 * 8)); - sa[3] = *((u32_a_t*)rk[r][3]) ^ sb[3]; + sa[3] = rk[r][3] ^ sb[3]; r++; @@ -540,25 +539,25 @@ do_encrypt_fn (const RIJNDAEL_context *ctx, unsigned char *b, sb[3] = rol(encT[(byte)(sa[0] >> (1 * 8))], (1 * 8)); sb[2] = rol(encT[(byte)(sa[0] >> (2 * 8))], (2 * 8)); sb[1] = rol(encT[(byte)(sa[0] >> (3 * 8))], (3 * 8)); - sa[0] = *((u32_a_t*)rk[r][0]) ^ sb[0]; + sa[0] = rk[r][0] ^ sb[0]; sb[1] ^= rol(encT[(byte)(sa[1] >> (0 * 8))], (0 * 8)); sa[0] ^= rol(encT[(byte)(sa[1] >> (1 * 8))], (1 * 8)); sb[3] ^= rol(encT[(byte)(sa[1] >> (2 * 8))], (2 * 8)); sb[2] ^= rol(encT[(byte)(sa[1] >> (3 * 8))], (3 * 8)); - sa[1] = *((u32_a_t*)rk[r][1]) ^ sb[1]; + sa[1] = rk[r][1] ^ sb[1]; sb[2] ^= rol(encT[(byte)(sa[2] >> (0 * 8))], (0 * 8)); sa[1] ^= rol(encT[(byte)(sa[2] >> (1 * 8))], (1 * 8)); sa[0] ^= rol(encT[(byte)(sa[2] >> (2 * 8))], (2 * 8)); sb[3] ^= rol(encT[(byte)(sa[2] >> (3 * 8))], (3 * 8)); - sa[2] = *((u32_a_t*)rk[r][2]) ^ sb[2]; + sa[2] = rk[r][2] ^ sb[2]; sb[3] ^= rol(encT[(byte)(sa[3] >> (0 * 8))], (0 * 8)); sa[2] ^= rol(encT[(byte)(sa[3] >> (1 * 8))], (1 * 8)); sa[1] ^= rol(encT[(byte)(sa[3] >> (2 * 8))], (2 * 8)); sa[0] ^= rol(encT[(byte)(sa[3] >> (3 * 8))], (3 * 8)); - sa[3] = *((u32_a_t*)rk[r][3]) ^ sb[3]; + sa[3] = rk[r][3] ^ sb[3]; } /* Last round is special. */ @@ -567,25 +566,25 @@ do_encrypt_fn (const RIJNDAEL_context *ctx, unsigned char *b, sb[3] = (sbox[(byte)(sa[0] >> (1 * 8)) * 4]) << (1 * 8); sb[2] = (sbox[(byte)(sa[0] >> (2 * 8)) * 4]) << (2 * 8); sb[1] = (sbox[(byte)(sa[0] >> (3 * 8)) * 4]) << (3 * 8); - sa[0] = *((u32_a_t*)rk[r][0]) ^ sb[0]; + sa[0] = rk[r][0] ^ sb[0]; sb[1] ^= (sbox[(byte)(sa[1] >> (0 * 8)) * 4]) << (0 * 8); sa[0] ^= (sbox[(byte)(sa[1] >> (1 * 8)) * 4]) << (1 * 8); sb[3] ^= (sbox[(byte)(sa[1] >> (2 * 8)) * 4]) << (2 * 8); sb[2] ^= (sbox[(byte)(sa[1] >> (3 * 8)) * 4]) << (3 * 8); - sa[1] = *((u32_a_t*)rk[r][1]) ^ sb[1]; + sa[1] = rk[r][1] ^ sb[1]; sb[2] ^= (sbox[(byte)(sa[2] >> (0 * 8)) * 4]) << (0 * 8); sa[1] ^= (sbox[(byte)(sa[2] >> (1 * 8)) * 4]) << (1 * 8); sa[0] ^= (sbox[(byte)(sa[2] >> (2 * 8)) * 4]) << (2 * 8); sb[3] ^= (sbox[(byte)(sa[2] >> (3 * 8)) * 4]) << (3 * 8); - sa[2] = *((u32_a_t*)rk[r][2]) ^ sb[2]; + sa[2] = rk[r][2] ^ sb[2]; sb[3] ^= (sbox[(byte)(sa[3] >> (0 * 8)) * 4]) << (0 * 8); sa[2] ^= (sbox[(byte)(sa[3] >> (1 * 8)) * 4]) << (1 * 8); sa[1] ^= (sbox[(byte)(sa[3] >> (2 * 8)) * 4]) << (2 * 8); sa[0] ^= (sbox[(byte)(sa[3] >> (3 * 8)) * 4]) << (3 * 8); - sa[3] = *((u32_a_t*)rk[r][3]) ^ sb[3]; + sa[3] = rk[r][3] ^ sb[3]; buf_put_le32(b + 0, sa[0]); buf_put_le32(b + 4, sa[1]); @@ -790,7 +789,7 @@ static unsigned int do_decrypt_fn (const RIJNDAEL_context *ctx, unsigned char *b, const unsigned char *a) { -#define rk (ctx->keyschdec) +#define rk (ctx->keyschdec32) int rounds = ctx->rounds; int r; u32 sa[4]; @@ -801,10 +800,10 @@ do_decrypt_fn (const RIJNDAEL_context *ctx, unsigned char *b, sb[2] = buf_get_le32(a + 8); sb[3] = buf_get_le32(a + 12); - sa[0] = sb[0] ^ *((u32_a_t*)rk[rounds][0]); - sa[1] = sb[1] ^ *((u32_a_t*)rk[rounds][1]); - sa[2] = sb[2] ^ *((u32_a_t*)rk[rounds][2]); - sa[3] = sb[3] ^ *((u32_a_t*)rk[rounds][3]); + sa[0] = sb[0] ^ rk[rounds][0]; + sa[1] = sb[1] ^ rk[rounds][1]; + sa[2] = sb[2] ^ rk[rounds][2]; + sa[3] = sb[3] ^ rk[rounds][3]; for (r = rounds - 1; r > 1; r--) { @@ -812,25 +811,25 @@ do_decrypt_fn (const RIJNDAEL_context *ctx, unsigned char *b, sb[1] = rol(decT[(byte)(sa[0] >> (1 * 8))], (1 * 8)); sb[2] = rol(decT[(byte)(sa[0] >> (2 * 8))], (2 * 8)); sb[3] = rol(decT[(byte)(sa[0] >> (3 * 8))], (3 * 8)); - sa[0] = *((u32_a_t*)rk[r][0]) ^ sb[0]; + sa[0] = rk[r][0] ^ sb[0]; sb[1] ^= rol(decT[(byte)(sa[1] >> (0 * 8))], (0 * 8)); sb[2] ^= rol(decT[(byte)(sa[1] >> (1 * 8))], (1 * 8)); sb[3] ^= rol(decT[(byte)(sa[1] >> (2 * 8))], (2 * 8)); sa[0] ^= rol(decT[(byte)(sa[1] >> (3 * 8))], (3 * 8)); - sa[1] = *((u32_a_t*)rk[r][1]) ^ sb[1]; + sa[1] = rk[r][1] ^ sb[1]; sb[2] ^= rol(decT[(byte)(sa[2] >> (0 * 8))], (0 * 8)); sb[3] ^= rol(decT[(byte)(sa[2] >> (1 * 8))], (1 * 8)); sa[0] ^= rol(decT[(byte)(sa[2] >> (2 * 8))], (2 * 8)); sa[1] ^= rol(decT[(byte)(sa[2] >> (3 * 8))], (3 * 8)); - sa[2] = *((u32_a_t*)rk[r][2]) ^ sb[2]; + sa[2] = rk[r][2] ^ sb[2]; sb[3] ^= rol(decT[(byte)(sa[3] >> (0 * 8))], (0 * 8)); sa[0] ^= rol(decT[(byte)(sa[3] >> (1 * 8))], (1 * 8)); sa[1] ^= rol(decT[(byte)(sa[3] >> (2 * 8))], (2 * 8)); sa[2] ^= rol(decT[(byte)(sa[3] >> (3 * 8))], (3 * 8)); - sa[3] = *((u32_a_t*)rk[r][3]) ^ sb[3]; + sa[3] = rk[r][3] ^ sb[3]; r--; @@ -838,75 +837,75 @@ do_decrypt_fn (const RIJNDAEL_context *ctx, unsigned char *b, sb[1] = rol(decT[(byte)(sa[0] >> (1 * 8))], (1 * 8)); sb[2] = rol(decT[(byte)(sa[0] >> (2 * 8))], (2 * 8)); sb[3] = rol(decT[(byte)(sa[0] >> (3 * 8))], (3 * 8)); - sa[0] = *((u32_a_t*)rk[r][0]) ^ sb[0]; + sa[0] = rk[r][0] ^ sb[0]; sb[1] ^= rol(decT[(byte)(sa[1] >> (0 * 8))], (0 * 8)); sb[2] ^= rol(decT[(byte)(sa[1] >> (1 * 8))], (1 * 8)); sb[3] ^= rol(decT[(byte)(sa[1] >> (2 * 8))], (2 * 8)); sa[0] ^= rol(decT[(byte)(sa[1] >> (3 * 8))], (3 * 8)); - sa[1] = *((u32_a_t*)rk[r][1]) ^ sb[1]; + sa[1] = rk[r][1] ^ sb[1]; sb[2] ^= rol(decT[(byte)(sa[2] >> (0 * 8))], (0 * 8)); sb[3] ^= rol(decT[(byte)(sa[2] >> (1 * 8))], (1 * 8)); sa[0] ^= rol(decT[(byte)(sa[2] >> (2 * 8))], (2 * 8)); sa[1] ^= rol(decT[(byte)(sa[2] >> (3 * 8))], (3 * 8)); - sa[2] = *((u32_a_t*)rk[r][2]) ^ sb[2]; + sa[2] = rk[r][2] ^ sb[2]; sb[3] ^= rol(decT[(byte)(sa[3] >> (0 * 8))], (0 * 8)); sa[0] ^= rol(decT[(byte)(sa[3] >> (1 * 8))], (1 * 8)); sa[1] ^= rol(decT[(byte)(sa[3] >> (2 * 8))], (2 * 8)); sa[2] ^= rol(decT[(byte)(sa[3] >> (3 * 8))], (3 * 8)); - sa[3] = *((u32_a_t*)rk[r][3]) ^ sb[3]; + sa[3] = rk[r][3] ^ sb[3]; } sb[0] = rol(decT[(byte)(sa[0] >> (0 * 8))], (0 * 8)); sb[1] = rol(decT[(byte)(sa[0] >> (1 * 8))], (1 * 8)); sb[2] = rol(decT[(byte)(sa[0] >> (2 * 8))], (2 * 8)); sb[3] = rol(decT[(byte)(sa[0] >> (3 * 8))], (3 * 8)); - sa[0] = *((u32_a_t*)rk[1][0]) ^ sb[0]; + sa[0] = rk[1][0] ^ sb[0]; sb[1] ^= rol(decT[(byte)(sa[1] >> (0 * 8))], (0 * 8)); sb[2] ^= rol(decT[(byte)(sa[1] >> (1 * 8))], (1 * 8)); sb[3] ^= rol(decT[(byte)(sa[1] >> (2 * 8))], (2 * 8)); sa[0] ^= rol(decT[(byte)(sa[1] >> (3 * 8))], (3 * 8)); - sa[1] = *((u32_a_t*)rk[1][1]) ^ sb[1]; + sa[1] = rk[1][1] ^ sb[1]; sb[2] ^= rol(decT[(byte)(sa[2] >> (0 * 8))], (0 * 8)); sb[3] ^= rol(decT[(byte)(sa[2] >> (1 * 8))], (1 * 8)); sa[0] ^= rol(decT[(byte)(sa[2] >> (2 * 8))], (2 * 8)); sa[1] ^= rol(decT[(byte)(sa[2] >> (3 * 8))], (3 * 8)); - sa[2] = *((u32_a_t*)rk[1][2]) ^ sb[2]; + sa[2] = rk[1][2] ^ sb[2]; sb[3] ^= rol(decT[(byte)(sa[3] >> (0 * 8))], (0 * 8)); sa[0] ^= rol(decT[(byte)(sa[3] >> (1 * 8))], (1 * 8)); sa[1] ^= rol(decT[(byte)(sa[3] >> (2 * 8))], (2 * 8)); sa[2] ^= rol(decT[(byte)(sa[3] >> (3 * 8))], (3 * 8)); - sa[3] = *((u32_a_t*)rk[1][3]) ^ sb[3]; + sa[3] = rk[1][3] ^ sb[3]; /* Last round is special. */ sb[0] = inv_sbox[(byte)(sa[0] >> (0 * 8))] << (0 * 8); sb[1] = inv_sbox[(byte)(sa[0] >> (1 * 8))] << (1 * 8); sb[2] = inv_sbox[(byte)(sa[0] >> (2 * 8))] << (2 * 8); sb[3] = inv_sbox[(byte)(sa[0] >> (3 * 8))] << (3 * 8); - sa[0] = sb[0] ^ *((u32_a_t*)rk[0][0]); + sa[0] = sb[0] ^ rk[0][0]; sb[1] ^= inv_sbox[(byte)(sa[1] >> (0 * 8))] << (0 * 8); sb[2] ^= inv_sbox[(byte)(sa[1] >> (1 * 8))] << (1 * 8); sb[3] ^= inv_sbox[(byte)(sa[1] >> (2 * 8))] << (2 * 8); sa[0] ^= inv_sbox[(byte)(sa[1] >> (3 * 8))] << (3 * 8); - sa[1] = sb[1] ^ *((u32_a_t*)rk[0][1]); + sa[1] = sb[1] ^ rk[0][1]; sb[2] ^= inv_sbox[(byte)(sa[2] >> (0 * 8))] << (0 * 8); sb[3] ^= inv_sbox[(byte)(sa[2] >> (1 * 8))] << (1 * 8); sa[0] ^= inv_sbox[(byte)(sa[2] >> (2 * 8))] << (2 * 8); sa[1] ^= inv_sbox[(byte)(sa[2] >> (3 * 8))] << (3 * 8); - sa[2] = sb[2] ^ *((u32_a_t*)rk[0][2]); + sa[2] = sb[2] ^ rk[0][2]; sb[3] ^= inv_sbox[(byte)(sa[3] >> (0 * 8))] << (0 * 8); sa[0] ^= inv_sbox[(byte)(sa[3] >> (1 * 8))] << (1 * 8); sa[1] ^= inv_sbox[(byte)(sa[3] >> (2 * 8))] << (2 * 8); sa[2] ^= inv_sbox[(byte)(sa[3] >> (3 * 8))] << (3 * 8); - sa[3] = sb[3] ^ *((u32_a_t*)rk[0][3]); + sa[3] = sb[3] ^ rk[0][3]; buf_put_le32(b + 0, sa[0]); buf_put_le32(b + 4, sa[1]); ----------------------------------------------------------------------- Summary of changes: cipher/md.c | 4 +- cipher/md4.c | 2 +- cipher/md5.c | 2 +- cipher/rijndael-internal.h | 10 +++- cipher/rijndael.c | 137 ++++++++++++++++++++++---------------------- cipher/rmd160.c | 4 +- cipher/scrypt.c | 2 +- cipher/sha1.c | 2 +- cipher/sha256.c | 2 +- cipher/sha512.c | 2 +- cipher/tiger.c | 4 +- random/random-csprng.c | 4 +- src/secmem.c | 12 ++-- 13 files changed, 96 insertions(+), 91 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From cvs at cvs.gnupg.org Thu Jan 1 19:46:07 2015 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Thu, 01 Jan 2015 19:46:07 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-145-g8eabecc Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 8eabecc883332156adffc1df42d27f614c157e06 (commit) from c2e1f8fea271f3ef8027809547c4a52e0b1e24a2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8eabecc883332156adffc1df42d27f614c157e06 Author: Jussi Kivilinna Date: Sat Dec 27 12:37:16 2014 +0200 Add Intel SSSE3 based vector permutation AES implementation * cipher/Makefile.am: Add 'rijndael-ssse3-amd64.c'. * cipher/rijndael-internal.h (USE_SSSE3): New. (RIJNDAEL_context_s) [USE_SSSE3]: Add 'use_ssse3'. * cipher/rijndael-ssse3-amd64.c: New. * cipher/rijndael.c [USE_SSSE3] (_gcry_aes_ssse3_do_setkey) (_gcry_aes_ssse3_prepare_decryption, _gcry_aes_ssse3_encrypt) (_gcry_aes_ssse3_decrypt, _gcry_aes_ssse3_cfb_enc) (_gcry_aes_ssse3_cbc_enc, _gcry_aes_ssse3_ctr_enc) (_gcry_aes_ssse3_cfb_dec, _gcry_aes_ssse3_cbc_dec): New. (do_setkey): Add HWF check for SSSE3 and setup for SSSE3 implementation. (prepare_decryption, _gcry_aes_cfb_enc, _gcry_aes_cbc_enc) (_gcry_aes_ctr_enc, _gcry_aes_cfb_dec, _gcry_aes_cbc_dec): Add selection for SSSE3 implementation. * configure.ac [host=x86_64]: Add 'rijndael-ssse3-amd64.lo'. -- This patch adds "AES with vector permutations" implementation by Mike Hamburg. Public-domain source-code is available at: http://crypto.stanford.edu/vpaes/ Benchmark on Intel Core2 T8100 (2.1Ghz, no turbo): Old (AMD64 asm): AES | nanosecs/byte mebibytes/sec cycles/byte ECB enc | 8.79 ns/B 108.5 MiB/s 18.46 c/B ECB dec | 9.07 ns/B 105.1 MiB/s 19.05 c/B CBC enc | 7.77 ns/B 122.7 MiB/s 16.33 c/B CBC dec | 7.74 ns/B 123.2 MiB/s 16.26 c/B CFB enc | 7.88 ns/B 121.0 MiB/s 16.54 c/B CFB dec | 7.56 ns/B 126.1 MiB/s 15.88 c/B OFB enc | 9.02 ns/B 105.8 MiB/s 18.94 c/B OFB dec | 9.07 ns/B 105.1 MiB/s 19.05 c/B CTR enc | 7.80 ns/B 122.2 MiB/s 16.38 c/B CTR dec | 7.81 ns/B 122.2 MiB/s 16.39 c/B New (ssse3): AES | nanosecs/byte mebibytes/sec cycles/byte ECB enc | 5.77 ns/B 165.2 MiB/s 12.13 c/B ECB dec | 7.13 ns/B 133.7 MiB/s 14.98 c/B CBC enc | 5.27 ns/B 181.0 MiB/s 11.06 c/B CBC dec | 6.39 ns/B 149.3 MiB/s 13.42 c/B CFB enc | 5.27 ns/B 180.9 MiB/s 11.07 c/B CFB dec | 5.28 ns/B 180.7 MiB/s 11.08 c/B OFB enc | 6.11 ns/B 156.1 MiB/s 12.83 c/B OFB dec | 6.13 ns/B 155.5 MiB/s 12.88 c/B CTR enc | 5.26 ns/B 181.5 MiB/s 11.04 c/B CTR dec | 5.24 ns/B 182.0 MiB/s 11.00 c/B Benchmark on Intel i5-2450M (2.5Ghz, no turbo, aes-ni disabled): Old (AMD64 asm): AES | nanosecs/byte mebibytes/sec cycles/byte ECB enc | 8.06 ns/B 118.3 MiB/s 20.15 c/B ECB dec | 8.21 ns/B 116.1 MiB/s 20.53 c/B CBC enc | 7.88 ns/B 121.1 MiB/s 19.69 c/B CBC dec | 7.57 ns/B 126.0 MiB/s 18.92 c/B CFB enc | 7.87 ns/B 121.2 MiB/s 19.67 c/B CFB dec | 7.56 ns/B 126.2 MiB/s 18.89 c/B OFB enc | 8.27 ns/B 115.3 MiB/s 20.67 c/B OFB dec | 8.28 ns/B 115.1 MiB/s 20.71 c/B CTR enc | 8.02 ns/B 119.0 MiB/s 20.04 c/B CTR dec | 8.02 ns/B 118.9 MiB/s 20.05 c/B New (ssse3): AES | nanosecs/byte mebibytes/sec cycles/byte ECB enc | 4.03 ns/B 236.6 MiB/s 10.07 c/B ECB dec | 5.28 ns/B 180.8 MiB/s 13.19 c/B CBC enc | 3.77 ns/B 252.7 MiB/s 9.43 c/B CBC dec | 4.69 ns/B 203.3 MiB/s 11.73 c/B CFB enc | 3.75 ns/B 254.3 MiB/s 9.37 c/B CFB dec | 3.69 ns/B 258.6 MiB/s 9.22 c/B OFB enc | 4.17 ns/B 228.7 MiB/s 10.43 c/B OFB dec | 4.17 ns/B 228.7 MiB/s 10.42 c/B CTR enc | 3.72 ns/B 256.5 MiB/s 9.30 c/B CTR dec | 3.72 ns/B 256.1 MiB/s 9.31 c/B Signed-off-by: Jussi Kivilinna diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 98142ed..7dd626c 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -75,7 +75,7 @@ md4.c \ md5.c \ poly1305-sse2-amd64.S poly1305-avx2-amd64.S poly1305-armv7-neon.S \ rijndael.c rijndael-internal.h rijndael-tables.h rijndael-aesni.c \ - rijndael-padlock.c rijndael-amd64.S rijndael-arm.S \ + rijndael-padlock.c rijndael-amd64.S rijndael-arm.S rijndael-ssse3-amd64.c \ rmd160.c \ rsa.c \ salsa20.c salsa20-amd64.S salsa20-armv7-neon.S \ diff --git a/cipher/rijndael-internal.h b/cipher/rijndael-internal.h index 7ff8660..854980b 100644 --- a/cipher/rijndael-internal.h +++ b/cipher/rijndael-internal.h @@ -43,6 +43,12 @@ # define USE_AMD64_ASM 1 #endif +/* USE_SSSE3 indicates whether to use SSSE3 code. */ +#if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ + defined(HAVE_GCC_INLINE_ASM_SSSE3) +# define USE_SSSE3 1 +#endif + /* USE_ARM_ASM indicates whether to use ARM assembly code. */ #undef USE_ARM_ASM #if defined(__ARMEL__) @@ -116,6 +122,9 @@ typedef struct RIJNDAEL_context_s #ifdef USE_AESNI unsigned int use_aesni:1; /* AES-NI shall be used. */ #endif /*USE_AESNI*/ +#ifdef USE_SSSE3 + unsigned int use_ssse3:1; /* SSSE3 shall be used. */ +#endif /*USE_SSSE3*/ rijndael_cryptfn_t encrypt_fn; rijndael_cryptfn_t decrypt_fn; rijndael_prefetchfn_t prefetch_enc_fn; diff --git a/cipher/rijndael-ssse3-amd64.c b/cipher/rijndael-ssse3-amd64.c new file mode 100644 index 0000000..112ab22 --- /dev/null +++ b/cipher/rijndael-ssse3-amd64.c @@ -0,0 +1,1209 @@ +/* SSSE3 vector permutation AES for Libgcrypt + * Copyright (C) 2014-2015 Jussi Kivilinna + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + */ + +#include +#include +#include +#include /* for memcmp() */ + +#include "types.h" /* for byte and u32 typedefs */ +#include "g10lib.h" +#include "cipher.h" +#include "bufhelp.h" +#include "cipher-selftest.h" +#include "rijndael-internal.h" + + +#ifdef USE_SSSE3 + + +/* Two macros to be called prior and after the use of SSSE3 + instructions. There should be no external function calls between + the use of these macros. There purpose is to make sure that the + SSE regsiters are cleared and won't reveal any information about + the key or the data. */ +#define vpaes_ssse3_prepare_enc(const_ptr) \ + asm volatile ("lea .Laes_consts(%%rip), %q0 \n\t" \ + "movdqa (%q0), %%xmm9 # 0F \n\t" \ + "movdqa .Lk_inv (%q0), %%xmm10 # inv \n\t" \ + "movdqa .Lk_inv+16(%q0), %%xmm11 # inva \n\t" \ + "movdqa .Lk_sb1 (%q0), %%xmm13 # sb1u \n\t" \ + "movdqa .Lk_sb1+16(%q0), %%xmm12 # sb1t \n\t" \ + "movdqa .Lk_sb2 (%q0), %%xmm15 # sb2u \n\t" \ + "movdqa .Lk_sb2+16(%q0), %%xmm14 # sb2t \n\t" \ + : "=c" (const_ptr) \ + : \ + : "memory" ) + +#define vpaes_ssse3_prepare_dec(const_ptr) \ + asm volatile ("lea .Laes_consts(%%rip), %q0 \n\t" \ + "movdqa (%q0), %%xmm9 # 0F \n\t" \ + "movdqa .Lk_inv (%q0), %%xmm10 # inv \n\t" \ + "movdqa .Lk_inv+16(%q0), %%xmm11 # inva \n\t" \ + "movdqa .Lk_dsb9 (%q0), %%xmm13 # sb9u \n\t" \ + "movdqa .Lk_dsb9+16(%q0), %%xmm12 # sb9t \n\t" \ + "movdqa .Lk_dsbd (%q0), %%xmm15 # sbdu \n\t" \ + "movdqa .Lk_dsbb (%q0), %%xmm14 # sbbu \n\t" \ + "movdqa .Lk_dsbe (%q0), %%xmm8 # sbeu \n\t" \ + : "=c" (const_ptr) \ + : \ + : "memory" ) + +#define vpaes_ssse3_cleanup() \ + asm volatile ("pxor %%xmm0, %%xmm0 \n\t" \ + "pxor %%xmm1, %%xmm1 \n\t" \ + "pxor %%xmm2, %%xmm2 \n\t" \ + "pxor %%xmm3, %%xmm3 \n\t" \ + "pxor %%xmm4, %%xmm4 \n\t" \ + "pxor %%xmm5, %%xmm5 \n\t" \ + "pxor %%xmm6, %%xmm6 \n\t" \ + "pxor %%xmm7, %%xmm7 \n\t" \ + "pxor %%xmm8, %%xmm8 \n\t" \ + ::: "memory" ) + + +void +_gcry_aes_ssse3_do_setkey (RIJNDAEL_context *ctx, const byte *key) +{ + unsigned int keybits = (ctx->rounds - 10) * 32 + 128; + + asm volatile ("leaq %q[key], %%rdi" "\n\t" + "movl %[bits], %%esi" "\n\t" + "leaq %[buf], %%rdx" "\n\t" + "movl %[dir], %%ecx" "\n\t" + "movl %[rotoffs], %%r8d" "\n\t" + "call _aes_schedule_core" "\n\t" + : + : [key] "m" (*key), + [bits] "g" (keybits), + [buf] "m" (ctx->keyschenc32[0][0]), + [dir] "g" (0), + [rotoffs] "g" (48) + : "r8", "r9", "r10", "r11", "rax", "rcx", "rdx", "rdi", "rsi", + "cc", "memory"); + + /* Save key for setting up decryption. */ + memcpy(&ctx->keyschdec32[0][0], key, keybits / 8); +} + + +/* Make a decryption key from an encryption key. */ +void +_gcry_aes_ssse3_prepare_decryption (RIJNDAEL_context *ctx) +{ + unsigned int keybits = (ctx->rounds - 10) * 32 + 128; + + asm volatile ("leaq %q[key], %%rdi" "\n\t" + "movl %[bits], %%esi" "\n\t" + "leaq %[buf], %%rdx" "\n\t" + "movl %[dir], %%ecx" "\n\t" + "movl %[rotoffs], %%r8d" "\n\t" + "call _aes_schedule_core" "\n\t" + : + : [key] "m" (ctx->keyschdec32[0][0]), + [bits] "g" (keybits), + [buf] "m" (ctx->keyschdec32[ctx->rounds][0]), + [dir] "g" (1), + [rotoffs] "g" ((keybits == 192) ? 0 : 32) + : "r8", "r9", "r10", "r11", "rax", "rcx", "rdx", "rdi", "rsi", + "cc", "memory"); +} + + +/* Encrypt one block using the Intel SSSE3 instructions. Block is input +* and output through SSE register xmm0. */ +static inline void +do_vpaes_ssse3_enc (const RIJNDAEL_context *ctx, unsigned int nrounds, + const void *aes_const_ptr) +{ + unsigned int middle_rounds = nrounds - 1; + const void *keysched = ctx->keyschenc32; + + asm volatile ("call _aes_encrypt_core" "\n\t" + : "+a" (middle_rounds), "+d" (keysched) + : "c" (aes_const_ptr) + : "rdi", "rsi", "cc", "memory"); +} + + +/* Decrypt one block using the Intel SSSE3 instructions. Block is input +* and output through SSE register xmm0. */ +static inline void +do_vpaes_ssse3_dec (const RIJNDAEL_context *ctx, unsigned int nrounds, + const void *aes_const_ptr) +{ + unsigned int middle_rounds = nrounds - 1; + const void *keysched = ctx->keyschdec32; + + asm volatile ("call _aes_decrypt_core" "\n\t" + : "+a" (middle_rounds), "+d" (keysched) + : "c" (aes_const_ptr) + : "rsi", "cc", "memory"); +} + + +unsigned int +_gcry_aes_ssse3_encrypt (const RIJNDAEL_context *ctx, unsigned char *dst, + const unsigned char *src) +{ + unsigned int nrounds = ctx->rounds; + const void *aes_const_ptr; + + vpaes_ssse3_prepare_enc (aes_const_ptr); + asm volatile ("movdqu %[src], %%xmm0\n\t" + : + : [src] "m" (*src) + : "memory" ); + do_vpaes_ssse3_enc (ctx, nrounds, aes_const_ptr); + asm volatile ("movdqu %%xmm0, %[dst]\n\t" + : [dst] "=m" (*dst) + : + : "memory" ); + vpaes_ssse3_cleanup (); + return 0; +} + + +void +_gcry_aes_ssse3_cfb_enc (RIJNDAEL_context *ctx, unsigned char *outbuf, + const unsigned char *inbuf, unsigned char *iv, + size_t nblocks) +{ + unsigned int nrounds = ctx->rounds; + const void *aes_const_ptr; + + vpaes_ssse3_prepare_enc (aes_const_ptr); + + asm volatile ("movdqu %[iv], %%xmm0\n\t" + : /* No output */ + : [iv] "m" (*iv) + : "memory" ); + + for ( ;nblocks; nblocks-- ) + { + do_vpaes_ssse3_enc (ctx, nrounds, aes_const_ptr); + + asm volatile ("movdqu %[inbuf], %%xmm1\n\t" + "pxor %%xmm1, %%xmm0\n\t" + "movdqu %%xmm0, %[outbuf]\n\t" + : [outbuf] "=m" (*outbuf) + : [inbuf] "m" (*inbuf) + : "memory" ); + + outbuf += BLOCKSIZE; + inbuf += BLOCKSIZE; + } + + asm volatile ("movdqu %%xmm0, %[iv]\n\t" + : [iv] "=m" (*iv) + : + : "memory" ); + + vpaes_ssse3_cleanup (); +} + + +void +_gcry_aes_ssse3_cbc_enc (RIJNDAEL_context *ctx, unsigned char *outbuf, + const unsigned char *inbuf, unsigned char *iv, + size_t nblocks, int cbc_mac) +{ + unsigned int nrounds = ctx->rounds; + const void *aes_const_ptr; + + vpaes_ssse3_prepare_enc (aes_const_ptr); + + asm volatile ("movdqu %[iv], %%xmm7\n\t" + : /* No output */ + : [iv] "m" (*iv) + : "memory" ); + + for ( ;nblocks; nblocks-- ) + { + asm volatile ("movdqu %[inbuf], %%xmm0\n\t" + "pxor %%xmm7, %%xmm0\n\t" + : /* No output */ + : [inbuf] "m" (*inbuf) + : "memory" ); + + do_vpaes_ssse3_enc (ctx, nrounds, aes_const_ptr); + + asm volatile ("movdqa %%xmm0, %%xmm7\n\t" + "movdqu %%xmm0, %[outbuf]\n\t" + : [outbuf] "=m" (*outbuf) + : + : "memory" ); + + inbuf += BLOCKSIZE; + if (!cbc_mac) + outbuf += BLOCKSIZE; + } + + asm volatile ("movdqu %%xmm7, %[iv]\n\t" + : [iv] "=m" (*iv) + : + : "memory" ); + + vpaes_ssse3_cleanup (); +} + + +void +_gcry_aes_ssse3_ctr_enc (RIJNDAEL_context *ctx, unsigned char *outbuf, + const unsigned char *inbuf, unsigned char *ctr, + size_t nblocks) +{ + static const unsigned char be_mask[16] __attribute__ ((aligned (16))) = + { 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 }; + unsigned int nrounds = ctx->rounds; + const void *aes_const_ptr; + u64 ctrlow; + + vpaes_ssse3_prepare_enc (aes_const_ptr); + + asm volatile ("movdqa %[mask], %%xmm6\n\t" /* Preload mask */ + "movdqa (%[ctr]), %%xmm7\n\t" /* Preload CTR */ + "movq 8(%[ctr]), %q[ctrlow]\n\t" + "bswapq %q[ctrlow]\n\t" + : [ctrlow] "=r" (ctrlow) + : [mask] "m" (*be_mask), + [ctr] "r" (ctr) + : "memory", "cc"); + + for ( ;nblocks; nblocks-- ) + { + asm volatile ("movdqa %%xmm7, %%xmm0\n\t" /* xmm0 := CTR (xmm7) */ + "pcmpeqd %%xmm1, %%xmm1\n\t" + "psrldq $8, %%xmm1\n\t" /* xmm1 = -1 */ + + "pshufb %%xmm6, %%xmm7\n\t" + "psubq %%xmm1, %%xmm7\n\t" /* xmm7++ (big endian) */ + + /* detect if 64-bit carry handling is needed */ + "incq %q[ctrlow]\n\t" + "jnz .Lno_carry%=\n\t" + + "pslldq $8, %%xmm1\n\t" /* move lower 64-bit to high */ + "psubq %%xmm1, %%xmm7\n\t" /* add carry to upper 64bits */ + + ".Lno_carry%=:\n\t" + + "pshufb %%xmm6, %%xmm7\n\t" + : + : [ctr] "r" (ctr), [ctrlow] "r" (ctrlow) + : "cc", "memory"); + + do_vpaes_ssse3_enc (ctx, nrounds, aes_const_ptr); + + asm volatile ("movdqu %[src], %%xmm1\n\t" /* xmm1 := input */ + "pxor %%xmm1, %%xmm0\n\t" /* EncCTR ^= input */ + "movdqu %%xmm0, %[dst]" /* Store EncCTR. */ + : [dst] "=m" (*outbuf) + : [src] "m" (*inbuf) + : "memory"); + + outbuf += BLOCKSIZE; + inbuf += BLOCKSIZE; + } + + asm volatile ("movdqu %%xmm7, %[ctr]\n\t" /* Update CTR (mem). */ + : [ctr] "=m" (*ctr) + : + : "memory" ); + + vpaes_ssse3_cleanup (); +} + + +unsigned int +_gcry_aes_ssse3_decrypt (const RIJNDAEL_context *ctx, unsigned char *dst, + const unsigned char *src) +{ + unsigned int nrounds = ctx->rounds; + const void *aes_const_ptr; + + vpaes_ssse3_prepare_dec (aes_const_ptr); + asm volatile ("movdqu %[src], %%xmm0\n\t" + : + : [src] "m" (*src) + : "memory" ); + do_vpaes_ssse3_dec (ctx, nrounds, aes_const_ptr); + asm volatile ("movdqu %%xmm0, %[dst]\n\t" + : [dst] "=m" (*dst) + : + : "memory" ); + vpaes_ssse3_cleanup (); + return 0; +} + + +void +_gcry_aes_ssse3_cfb_dec (RIJNDAEL_context *ctx, unsigned char *outbuf, + const unsigned char *inbuf, unsigned char *iv, + size_t nblocks) +{ + unsigned int nrounds = ctx->rounds; + const void *aes_const_ptr; + + vpaes_ssse3_prepare_enc (aes_const_ptr); + + asm volatile ("movdqu %[iv], %%xmm0\n\t" + : /* No output */ + : [iv] "m" (*iv) + : "memory" ); + + for ( ;nblocks; nblocks-- ) + { + do_vpaes_ssse3_enc (ctx, nrounds, aes_const_ptr); + + asm volatile ("movdqa %%xmm0, %%xmm6\n\t" + "movdqu %[inbuf], %%xmm0\n\t" + "pxor %%xmm0, %%xmm6\n\t" + "movdqu %%xmm6, %[outbuf]\n\t" + : [outbuf] "=m" (*outbuf) + : [inbuf] "m" (*inbuf) + : "memory" ); + + outbuf += BLOCKSIZE; + inbuf += BLOCKSIZE; + } + + asm volatile ("movdqu %%xmm0, %[iv]\n\t" + : [iv] "=m" (*iv) + : + : "memory" ); + + vpaes_ssse3_cleanup (); +} + + +void +_gcry_aes_ssse3_cbc_dec (RIJNDAEL_context *ctx, unsigned char *outbuf, + const unsigned char *inbuf, unsigned char *iv, + size_t nblocks) +{ + unsigned int nrounds = ctx->rounds; + const void *aes_const_ptr; + + vpaes_ssse3_prepare_dec (aes_const_ptr); + + asm volatile + ("movdqu %[iv], %%xmm7\n\t" /* use xmm7 as fast IV storage */ + : /* No output */ + : [iv] "m" (*iv) + : "memory"); + + for ( ;nblocks; nblocks-- ) + { + asm volatile + ("movdqu %[inbuf], %%xmm0\n\t" + "movdqa %%xmm0, %%xmm6\n\t" /* use xmm6 as savebuf */ + : /* No output */ + : [inbuf] "m" (*inbuf) + : "memory"); + + do_vpaes_ssse3_dec (ctx, nrounds, aes_const_ptr); + + asm volatile + ("pxor %%xmm7, %%xmm0\n\t" /* xor IV with output */ + "movdqu %%xmm0, %[outbuf]\n\t" + "movdqu %%xmm6, %%xmm7\n\t" /* store savebuf as new IV */ + : [outbuf] "=m" (*outbuf) + : + : "memory"); + + outbuf += BLOCKSIZE; + inbuf += BLOCKSIZE; + } + + asm volatile + ("movdqu %%xmm7, %[iv]\n\t" /* store IV */ + : /* No output */ + : [iv] "m" (*iv) + : "memory"); + + vpaes_ssse3_cleanup (); +} + + + +asm ( + "\n\t" "##" + "\n\t" "## Constant-time SSSE3 AES core implementation." + "\n\t" "##" + "\n\t" "## By Mike Hamburg (Stanford University), 2009" + "\n\t" "## Public domain." + "\n\t" "##" + + "\n\t" ".text" + + "\n\t" "##" + "\n\t" "## _aes_encrypt_core" + "\n\t" "##" + "\n\t" "## AES-encrypt %xmm0." + "\n\t" "##" + "\n\t" "## Inputs:" + "\n\t" "## %xmm0 = input" + "\n\t" "## %xmm9-%xmm15 as in .Laes_preheat" + "\n\t" "## %rcx = .Laes_consts" + "\n\t" "## (%rdx) = scheduled keys" + "\n\t" "## %rax = nrounds - 1" + "\n\t" "##" + "\n\t" "## Output in %xmm0" + "\n\t" "## Clobbers %xmm1-%xmm4, %r9, %r11, %rax" + "\n\t" "## Preserves %xmm6 - %xmm7 so you get some local vectors" + "\n\t" "##" + "\n\t" "##" + "\n\t" ".align 16" + "\n\t" ".type _aes_encrypt_core, at function" + "\n\t" "_aes_encrypt_core:" + "\n\t" " leaq .Lk_mc_backward(%rcx), %rdi" + "\n\t" " mov $16, %rsi" + "\n\t" " movdqa .Lk_ipt (%rcx), %xmm2 # iptlo" + "\n\t" " movdqa %xmm9, %xmm1" + "\n\t" " pandn %xmm0, %xmm1" + "\n\t" " psrld $4, %xmm1" + "\n\t" " pand %xmm9, %xmm0" + "\n\t" " pshufb %xmm0, %xmm2" + "\n\t" " movdqa .Lk_ipt+16(%rcx), %xmm0 # ipthi" + "\n\t" " pshufb %xmm1, %xmm0" + "\n\t" " pxor (%rdx),%xmm2" + "\n\t" " pxor %xmm2, %xmm0" + "\n\t" " add $16, %rdx" + "\n\t" " jmp .Laes_entry" + + "\n\t" ".align 8" + "\n\t" ".Laes_loop:" + "\n\t" " # middle of middle round" + "\n\t" " movdqa %xmm13, %xmm4 # 4 : sb1u" + "\n\t" " pshufb %xmm2, %xmm4 # 4 = sb1u" + "\n\t" " pxor (%rdx), %xmm4 # 4 = sb1u + k" + "\n\t" " movdqa %xmm12, %xmm0 # 0 : sb1t" + "\n\t" " pshufb %xmm3, %xmm0 # 0 = sb1t" + "\n\t" " pxor %xmm4, %xmm0 # 0 = A" + "\n\t" " movdqa %xmm15, %xmm4 # 4 : sb2u" + "\n\t" " pshufb %xmm2, %xmm4 # 4 = sb2u" + "\n\t" " movdqa .Lk_mc_forward-.Lk_mc_backward(%rsi,%rdi), %xmm1" + "\n\t" " movdqa %xmm14, %xmm2 # 2 : sb2t" + "\n\t" " pshufb %xmm3, %xmm2 # 2 = sb2t" + "\n\t" " pxor %xmm4, %xmm2 # 2 = 2A" + "\n\t" " movdqa %xmm0, %xmm3 # 3 = A" + "\n\t" " pshufb %xmm1, %xmm0 # 0 = B" + "\n\t" " pxor %xmm2, %xmm0 # 0 = 2A+B" + "\n\t" " pshufb (%rsi,%rdi), %xmm3 # 3 = D" + "\n\t" " lea 16(%esi),%esi # next mc" + "\n\t" " pxor %xmm0, %xmm3 # 3 = 2A+B+D" + "\n\t" " lea 16(%rdx),%rdx # next key" + "\n\t" " pshufb %xmm1, %xmm0 # 0 = 2B+C" + "\n\t" " pxor %xmm3, %xmm0 # 0 = 2A+3B+C+D" + "\n\t" " and $48, %rsi # ... mod 4" + "\n\t" " dec %rax # nr--" + + "\n\t" ".Laes_entry:" + "\n\t" " # top of round" + "\n\t" " movdqa %xmm9, %xmm1 # 1 : i" + "\n\t" " pandn %xmm0, %xmm1 # 1 = i<<4" + "\n\t" " psrld $4, %xmm1 # 1 = i" + "\n\t" " pand %xmm9, %xmm0 # 0 = k" + "\n\t" " movdqa %xmm11, %xmm2 # 2 : a/k" + "\n\t" " pshufb %xmm0, %xmm2 # 2 = a/k" + "\n\t" " pxor %xmm1, %xmm0 # 0 = j" + "\n\t" " movdqa %xmm10, %xmm3 # 3 : 1/i" + "\n\t" " pshufb %xmm1, %xmm3 # 3 = 1/i" + "\n\t" " pxor %xmm2, %xmm3 # 3 = iak = 1/i + a/k" + "\n\t" " movdqa %xmm10, %xmm4 # 4 : 1/j" + "\n\t" " pshufb %xmm0, %xmm4 # 4 = 1/j" + "\n\t" " pxor %xmm2, %xmm4 # 4 = jak = 1/j + a/k" + "\n\t" " movdqa %xmm10, %xmm2 # 2 : 1/iak" + "\n\t" " pshufb %xmm3, %xmm2 # 2 = 1/iak" + "\n\t" " pxor %xmm0, %xmm2 # 2 = io" + "\n\t" " movdqa %xmm10, %xmm3 # 3 : 1/jak" + "\n\t" " pshufb %xmm4, %xmm3 # 3 = 1/jak" + "\n\t" " pxor %xmm1, %xmm3 # 3 = jo" + "\n\t" " jnz .Laes_loop" + + "\n\t" " # middle of last round" + "\n\t" " movdqa .Lk_sbo(%rcx), %xmm4 # 3 : sbou" + "\n\t" " pshufb %xmm2, %xmm4 # 4 = sbou" + "\n\t" " pxor (%rdx), %xmm4 # 4 = sb1u + k" + "\n\t" " movdqa .Lk_sbo+16(%rcx), %xmm0 # 0 : sbot" + "\n\t" " pshufb %xmm3, %xmm0 # 0 = sb1t" + "\n\t" " pxor %xmm4, %xmm0 # 0 = A" + "\n\t" " pshufb .Lk_sr(%rsi,%rcx), %xmm0" + "\n\t" " ret" + "\n\t" ".size _aes_encrypt_core,.-_aes_encrypt_core" + + "\n\t" "##" + "\n\t" "## Decryption core" + "\n\t" "##" + "\n\t" "## Same API as encryption core." + "\n\t" "##" + "\n\t" ".align 16" + "\n\t" ".type _aes_decrypt_core, at function" + "\n\t" "_aes_decrypt_core:" + "\n\t" " movl %eax, %esi" + "\n\t" " shll $4, %esi" + "\n\t" " xorl $48, %esi" + "\n\t" " andl $48, %esi" + "\n\t" " movdqa .Lk_dipt (%rcx), %xmm2 # iptlo" + "\n\t" " movdqa %xmm9, %xmm1" + "\n\t" " pandn %xmm0, %xmm1" + "\n\t" " psrld $4, %xmm1" + "\n\t" " pand %xmm9, %xmm0" + "\n\t" " pshufb %xmm0, %xmm2" + "\n\t" " movdqa .Lk_dipt+16(%rcx), %xmm0 # ipthi" + "\n\t" " pshufb %xmm1, %xmm0" + "\n\t" " pxor (%rdx), %xmm2" + "\n\t" " pxor %xmm2, %xmm0" + "\n\t" " movdqa .Lk_mc_forward+48(%rcx), %xmm5" + "\n\t" " lea 16(%rdx), %rdx" + "\n\t" " neg %rax" + "\n\t" " jmp .Laes_dec_entry" + + "\n\t" ".align 16" + "\n\t" ".Laes_dec_loop:" + "\n\t" "##" + "\n\t" "## Inverse mix columns" + "\n\t" "##" + "\n\t" " movdqa %xmm13, %xmm4 # 4 : sb9u" + "\n\t" " pshufb %xmm2, %xmm4 # 4 = sb9u" + "\n\t" " pxor (%rdx), %xmm4" + "\n\t" " movdqa %xmm12, %xmm0 # 0 : sb9t" + "\n\t" " pshufb %xmm3, %xmm0 # 0 = sb9t" + "\n\t" " movdqa .Lk_dsbd+16(%rcx),%xmm1 # 1 : sbdt" + "\n\t" " pxor %xmm4, %xmm0 # 0 = ch" + "\n\t" " lea 16(%rdx), %rdx # next round key" + + "\n\t" " pshufb %xmm5, %xmm0 # MC ch" + "\n\t" " movdqa %xmm15, %xmm4 # 4 : sbdu" + "\n\t" " pshufb %xmm2, %xmm4 # 4 = sbdu" + "\n\t" " pxor %xmm0, %xmm4 # 4 = ch" + "\n\t" " pshufb %xmm3, %xmm1 # 1 = sbdt" + "\n\t" " pxor %xmm4, %xmm1 # 1 = ch" + + "\n\t" " pshufb %xmm5, %xmm1 # MC ch" + "\n\t" " movdqa %xmm14, %xmm4 # 4 : sbbu" + "\n\t" " pshufb %xmm2, %xmm4 # 4 = sbbu" + "\n\t" " inc %rax # nr--" + "\n\t" " pxor %xmm1, %xmm4 # 4 = ch" + "\n\t" " movdqa .Lk_dsbb+16(%rcx),%xmm0 # 0 : sbbt" + "\n\t" " pshufb %xmm3, %xmm0 # 0 = sbbt" + "\n\t" " pxor %xmm4, %xmm0 # 0 = ch" + + "\n\t" " pshufb %xmm5, %xmm0 # MC ch" + "\n\t" " movdqa %xmm8, %xmm4 # 4 : sbeu" + "\n\t" " pshufb %xmm2, %xmm4 # 4 = sbeu" + "\n\t" " pshufd $0x93, %xmm5, %xmm5" + "\n\t" " pxor %xmm0, %xmm4 # 4 = ch" + "\n\t" " movdqa .Lk_dsbe+16(%rcx),%xmm0 # 0 : sbet" + "\n\t" " pshufb %xmm3, %xmm0 # 0 = sbet" + "\n\t" " pxor %xmm4, %xmm0 # 0 = ch" + + "\n\t" ".Laes_dec_entry:" + "\n\t" " # top of round" + "\n\t" " movdqa %xmm9, %xmm1 # 1 : i" + "\n\t" " pandn %xmm0, %xmm1 # 1 = i<<4" + "\n\t" " psrld $4, %xmm1 # 1 = i" + "\n\t" " pand %xmm9, %xmm0 # 0 = k" + "\n\t" " movdqa %xmm11, %xmm2 # 2 : a/k" + "\n\t" " pshufb %xmm0, %xmm2 # 2 = a/k" + "\n\t" " pxor %xmm1, %xmm0 # 0 = j" + "\n\t" " movdqa %xmm10, %xmm3 # 3 : 1/i" + "\n\t" " pshufb %xmm1, %xmm3 # 3 = 1/i" + "\n\t" " pxor %xmm2, %xmm3 # 3 = iak = 1/i + a/k" + "\n\t" " movdqa %xmm10, %xmm4 # 4 : 1/j" + "\n\t" " pshufb %xmm0, %xmm4 # 4 = 1/j" + "\n\t" " pxor %xmm2, %xmm4 # 4 = jak = 1/j + a/k" + "\n\t" " movdqa %xmm10, %xmm2 # 2 : 1/iak" + "\n\t" " pshufb %xmm3, %xmm2 # 2 = 1/iak" + "\n\t" " pxor %xmm0, %xmm2 # 2 = io" + "\n\t" " movdqa %xmm10, %xmm3 # 3 : 1/jak" + "\n\t" " pshufb %xmm4, %xmm3 # 3 = 1/jak" + "\n\t" " pxor %xmm1, %xmm3 # 3 = jo" + "\n\t" " jnz .Laes_dec_loop" + + "\n\t" " # middle of last round" + "\n\t" " movdqa .Lk_dsbo(%rcx), %xmm4 # 3 : sbou" + "\n\t" " pshufb %xmm2, %xmm4 # 4 = sbou" + "\n\t" " pxor (%rdx), %xmm4 # 4 = sb1u + k" + "\n\t" " movdqa .Lk_dsbo+16(%rcx), %xmm0 # 0 : sbot" + "\n\t" " pshufb %xmm3, %xmm0 # 0 = sb1t" + "\n\t" " pxor %xmm4, %xmm0 # 0 = A" + "\n\t" " pshufb .Lk_sr(%rsi,%rcx), %xmm0" + "\n\t" " ret" + "\n\t" ".size _aes_decrypt_core,.-_aes_decrypt_core" + + "\n\t" "########################################################" + "\n\t" "## ##" + "\n\t" "## AES key schedule ##" + "\n\t" "## ##" + "\n\t" "########################################################" + + "\n\t" ".align 16" + "\n\t" ".type _aes_schedule_core, at function" + "\n\t" "_aes_schedule_core:" + "\n\t" " # rdi = key" + "\n\t" " # rsi = size in bits" + "\n\t" " # rdx = buffer" + "\n\t" " # rcx = direction. 0=encrypt, 1=decrypt" + + "\n\t" " # load the tables" + "\n\t" " lea .Laes_consts(%rip), %r10" + "\n\t" " movdqa (%r10), %xmm9 # 0F" + "\n\t" " movdqa .Lk_inv (%r10), %xmm10 # inv" + "\n\t" " movdqa .Lk_inv+16(%r10), %xmm11 # inva" + "\n\t" " movdqa .Lk_sb1 (%r10), %xmm13 # sb1u" + "\n\t" " movdqa .Lk_sb1+16(%r10), %xmm12 # sb1t" + "\n\t" " movdqa .Lk_sb2 (%r10), %xmm15 # sb2u" + "\n\t" " movdqa .Lk_sb2+16(%r10), %xmm14 # sb2t" + + "\n\t" " movdqa .Lk_rcon(%r10), %xmm8 # load rcon" + "\n\t" " movdqu (%rdi), %xmm0 # load key (unaligned)" + + "\n\t" " # input transform" + "\n\t" " movdqu %xmm0, %xmm3" + "\n\t" " lea .Lk_ipt(%r10), %r11" + "\n\t" " call .Laes_schedule_transform" + "\n\t" " movdqu %xmm0, %xmm7" + + "\n\t" " test %rcx, %rcx" + "\n\t" " jnz .Laes_schedule_am_decrypting" + + "\n\t" " # encrypting, output zeroth round key after transform" + "\n\t" " movdqa %xmm0, (%rdx)" + "\n\t" " jmp .Laes_schedule_go" + + "\n\t" ".Laes_schedule_am_decrypting:" + "\n\t" " # decrypting, output zeroth round key after shiftrows" + "\n\t" " pshufb .Lk_sr(%r8,%r10),%xmm3" + "\n\t" " movdqa %xmm3, (%rdx)" + "\n\t" " xor $48, %r8" + + "\n\t" ".Laes_schedule_go:" + "\n\t" " cmp $192, %rsi" + "\n\t" " je .Laes_schedule_192" + "\n\t" " cmp $256, %rsi" + "\n\t" " je .Laes_schedule_256" + "\n\t" " # 128: fall though" + + "\n\t" "##" + "\n\t" "## .Laes_schedule_128" + "\n\t" "##" + "\n\t" "## 128-bit specific part of key schedule." + "\n\t" "##" + "\n\t" "## This schedule is really simple, because all its parts" + "\n\t" "## are accomplished by the subroutines." + "\n\t" "##" + "\n\t" ".Laes_schedule_128:" + "\n\t" " mov $10, %rsi" + + "\n\t" ".Laes_schedule_128_L:" + "\n\t" " call .Laes_schedule_round" + "\n\t" " dec %rsi" + "\n\t" " jz .Laes_schedule_mangle_last" + "\n\t" " call .Laes_schedule_mangle # write output" + "\n\t" " jmp .Laes_schedule_128_L" + + "\n\t" "##" + "\n\t" "## .Laes_schedule_192" + "\n\t" "##" + "\n\t" "## 192-bit specific part of key schedule." + "\n\t" "##" + "\n\t" "## The main body of this schedule is the same as the 128-bit" + "\n\t" "## schedule, but with more smearing. The long, high side is" + "\n\t" "## stored in %xmm7 as before, and the short, low side is in" + "\n\t" "## the high bits of %xmm6." + "\n\t" "##" + "\n\t" "## This schedule is somewhat nastier, however, because each" + "\n\t" "## round produces 192 bits of key material, or 1.5 round keys." + "\n\t" "## Therefore, on each cycle we do 2 rounds and produce 3 round" + "\n\t" "## keys." + "\n\t" "##" + "\n\t" ".Laes_schedule_192:" + "\n\t" " movdqu 8(%rdi),%xmm0 # load key part 2 (very unaligned)" + "\n\t" " call .Laes_schedule_transform # input transform" + "\n\t" " pshufd $0x0E, %xmm0, %xmm6" + "\n\t" " pslldq $8, %xmm6 # clobber low side with zeros" + "\n\t" " mov $4, %rsi" + + "\n\t" ".Laes_schedule_192_L:" + "\n\t" " call .Laes_schedule_round" + "\n\t" " palignr $8,%xmm6,%xmm0 " + "\n\t" " call .Laes_schedule_mangle # save key n" + "\n\t" " call .Laes_schedule_192_smear" + "\n\t" " call .Laes_schedule_mangle # save key n+1" + "\n\t" " call .Laes_schedule_round" + "\n\t" " dec %rsi" + "\n\t" " jz .Laes_schedule_mangle_last" + "\n\t" " call .Laes_schedule_mangle # save key n+2" + "\n\t" " call .Laes_schedule_192_smear" + "\n\t" " jmp .Laes_schedule_192_L" + + "\n\t" "##" + "\n\t" "## .Laes_schedule_192_smear" + "\n\t" "##" + "\n\t" "## Smear the short, low side in the 192-bit key schedule." + "\n\t" "##" + "\n\t" "## Inputs:" + "\n\t" "## %xmm7: high side, b a x y" + "\n\t" "## %xmm6: low side, d c 0 0" + "\n\t" "## %xmm13: 0" + "\n\t" "##" + "\n\t" "## Outputs:" + "\n\t" "## %xmm6: b+c+d b+c 0 0" + "\n\t" "## %xmm0: b+c+d b+c b a" + "\n\t" "##" + "\n\t" ".Laes_schedule_192_smear:" + "\n\t" " pshufd $0x80, %xmm6, %xmm0 # d c 0 0 -> c 0 0 0" + "\n\t" " pxor %xmm0, %xmm6 # -> c+d c 0 0" + "\n\t" " pshufd $0xFE, %xmm7, %xmm0 # b a _ _ -> b b b a" + "\n\t" " pxor %xmm6, %xmm0 # -> b+c+d b+c b a" + "\n\t" " pshufd $0x0E, %xmm0, %xmm6" + "\n\t" " pslldq $8, %xmm6 # clobber low side with zeros" + "\n\t" " ret" + + "\n\t" "##" + "\n\t" "## .Laes_schedule_256" + "\n\t" "##" + "\n\t" "## 256-bit specific part of key schedule." + "\n\t" "##" + "\n\t" "## The structure here is very similar to the 128-bit" + "\n\t" "## schedule, but with an additional 'low side' in" + "\n\t" "## %xmm6. The low side's rounds are the same as the" + "\n\t" "## high side's, except no rcon and no rotation." + "\n\t" "##" + "\n\t" ".Laes_schedule_256:" + "\n\t" " movdqu 16(%rdi),%xmm0 # load key part 2 (unaligned)" + "\n\t" " call .Laes_schedule_transform # input transform" + "\n\t" " mov $7, %rsi" + + "\n\t" ".Laes_schedule_256_L:" + "\n\t" " call .Laes_schedule_mangle # output low result" + "\n\t" " movdqa %xmm0, %xmm6 # save cur_lo in xmm6" + + "\n\t" " # high round" + "\n\t" " call .Laes_schedule_round" + "\n\t" " dec %rsi" + "\n\t" " jz .Laes_schedule_mangle_last" + "\n\t" " call .Laes_schedule_mangle " + + "\n\t" " # low round. swap xmm7 and xmm6" + "\n\t" " pshufd $0xFF, %xmm0, %xmm0" + "\n\t" " movdqa %xmm7, %xmm5" + "\n\t" " movdqa %xmm6, %xmm7" + "\n\t" " call .Laes_schedule_low_round" + "\n\t" " movdqa %xmm5, %xmm7" + + "\n\t" " jmp .Laes_schedule_256_L" + + "\n\t" "##" + "\n\t" "## .Laes_schedule_round" + "\n\t" "##" + "\n\t" "## Runs one main round of the key schedule on %xmm0, %xmm7" + "\n\t" "##" + "\n\t" "## Specifically, runs subbytes on the high dword of %xmm0" + "\n\t" "## then rotates it by one byte and xors into the low dword of" + "\n\t" "## %xmm7." + "\n\t" "##" + "\n\t" "## Adds rcon from low byte of %xmm8, then rotates %xmm8 for" + "\n\t" "## next rcon." + "\n\t" "##" + "\n\t" "## Smears the dwords of %xmm7 by xoring the low into the" + "\n\t" "## second low, result into third, result into highest." + "\n\t" "##" + "\n\t" "## Returns results in %xmm7 = %xmm0." + "\n\t" "## Clobbers %xmm1-%xmm4, %r11." + "\n\t" "##" + "\n\t" ".Laes_schedule_round:" + "\n\t" " # extract rcon from xmm8" + "\n\t" " pxor %xmm1, %xmm1" + "\n\t" " palignr $15, %xmm8, %xmm1" + "\n\t" " palignr $15, %xmm8, %xmm8" + "\n\t" " pxor %xmm1, %xmm7" + + "\n\t" " # rotate" + "\n\t" " pshufd $0xFF, %xmm0, %xmm0" + "\n\t" " palignr $1, %xmm0, %xmm0" + + "\n\t" " # fall through..." + + "\n\t" " # low round: same as high round, but no rotation and no rcon." + "\n\t" ".Laes_schedule_low_round:" + "\n\t" " # smear xmm7" + "\n\t" " movdqa %xmm7, %xmm1" + "\n\t" " pslldq $4, %xmm7" + "\n\t" " pxor %xmm1, %xmm7" + "\n\t" " movdqa %xmm7, %xmm1" + "\n\t" " pslldq $8, %xmm7" + "\n\t" " pxor %xmm1, %xmm7" + "\n\t" " pxor .Lk_s63(%r10), %xmm7" + + "\n\t" " # subbytes" + "\n\t" " movdqa %xmm9, %xmm1" + "\n\t" " pandn %xmm0, %xmm1" + "\n\t" " psrld $4, %xmm1 # 1 = i" + "\n\t" " pand %xmm9, %xmm0 # 0 = k" + "\n\t" " movdqa %xmm11, %xmm2 # 2 : a/k" + "\n\t" " pshufb %xmm0, %xmm2 # 2 = a/k" + "\n\t" " pxor %xmm1, %xmm0 # 0 = j" + "\n\t" " movdqa %xmm10, %xmm3 # 3 : 1/i" + "\n\t" " pshufb %xmm1, %xmm3 # 3 = 1/i" + "\n\t" " pxor %xmm2, %xmm3 # 3 = iak = 1/i + a/k" + "\n\t" " movdqa %xmm10, %xmm4 # 4 : 1/j" + "\n\t" " pshufb %xmm0, %xmm4 # 4 = 1/j" + "\n\t" " pxor %xmm2, %xmm4 # 4 = jak = 1/j + a/k" + "\n\t" " movdqa %xmm10, %xmm2 # 2 : 1/iak" + "\n\t" " pshufb %xmm3, %xmm2 # 2 = 1/iak" + "\n\t" " pxor %xmm0, %xmm2 # 2 = io" + "\n\t" " movdqa %xmm10, %xmm3 # 3 : 1/jak" + "\n\t" " pshufb %xmm4, %xmm3 # 3 = 1/jak" + "\n\t" " pxor %xmm1, %xmm3 # 3 = jo" + "\n\t" " movdqa .Lk_sb1(%r10), %xmm4 # 4 : sbou" + "\n\t" " pshufb %xmm2, %xmm4 # 4 = sbou" + "\n\t" " movdqa .Lk_sb1+16(%r10), %xmm0 # 0 : sbot" + "\n\t" " pshufb %xmm3, %xmm0 # 0 = sb1t" + "\n\t" " pxor %xmm4, %xmm0 # 0 = sbox output" + + "\n\t" " # add in smeared stuff" + "\n\t" " pxor %xmm7, %xmm0 " + "\n\t" " movdqa %xmm0, %xmm7" + "\n\t" " ret" + + "\n\t" "##" + "\n\t" "## .Laes_schedule_transform" + "\n\t" "##" + "\n\t" "## Linear-transform %xmm0 according to tables at (%r11)" + "\n\t" "##" + "\n\t" "## Requires that %xmm9 = 0x0F0F... as in preheat" + "\n\t" "## Output in %xmm0" + "\n\t" "## Clobbers %xmm1, %xmm2" + "\n\t" "##" + "\n\t" ".Laes_schedule_transform:" + "\n\t" " movdqa %xmm9, %xmm1" + "\n\t" " pandn %xmm0, %xmm1" + "\n\t" " psrld $4, %xmm1" + "\n\t" " pand %xmm9, %xmm0" + "\n\t" " movdqa (%r11), %xmm2 # lo" + "\n\t" " pshufb %xmm0, %xmm2" + "\n\t" " movdqa 16(%r11), %xmm0 # hi" + "\n\t" " pshufb %xmm1, %xmm0" + "\n\t" " pxor %xmm2, %xmm0" + "\n\t" " ret" + + "\n\t" "##" + "\n\t" "## .Laes_schedule_mangle" + "\n\t" "##" + "\n\t" "## Mangle xmm0 from (basis-transformed) standard version" + "\n\t" "## to our version." + "\n\t" "##" + "\n\t" "## On encrypt," + "\n\t" "## xor with 0x63" + "\n\t" "## multiply by circulant 0,1,1,1" + "\n\t" "## apply shiftrows transform" + "\n\t" "##" + "\n\t" "## On decrypt," + "\n\t" "## xor with 0x63" + "\n\t" "## multiply by 'inverse mixcolumns' circulant E,B,D,9" + "\n\t" "## deskew" + "\n\t" "## apply shiftrows transform" + "\n\t" "##" + "\n\t" "##" + "\n\t" "## Writes out to (%rdx), and increments or decrements it" + "\n\t" "## Keeps track of round number mod 4 in %r8" + "\n\t" "## Preserves xmm0" + "\n\t" "## Clobbers xmm1-xmm5" + "\n\t" "##" + "\n\t" ".Laes_schedule_mangle:" + "\n\t" " movdqa %xmm0, %xmm4 # save xmm0 for later" + "\n\t" " movdqa .Lk_mc_forward(%r10),%xmm5" + "\n\t" " test %rcx, %rcx" + "\n\t" " jnz .Laes_schedule_mangle_dec" + + "\n\t" " # encrypting" + "\n\t" " add $16, %rdx" + "\n\t" " pxor .Lk_s63(%r10),%xmm4" + "\n\t" " pshufb %xmm5, %xmm4" + "\n\t" " movdqa %xmm4, %xmm3" + "\n\t" " pshufb %xmm5, %xmm4" + "\n\t" " pxor %xmm4, %xmm3" + "\n\t" " pshufb %xmm5, %xmm4" + "\n\t" " pxor %xmm4, %xmm3" + + "\n\t" " jmp .Laes_schedule_mangle_both" + + "\n\t" ".Laes_schedule_mangle_dec:" + "\n\t" " lea .Lk_dks_1(%r10), %r11 # first table: *9" + "\n\t" " call .Laes_schedule_transform" + "\n\t" " movdqa %xmm0, %xmm3" + "\n\t" " pshufb %xmm5, %xmm3" + + "\n\t" " add $32, %r11 # next table: *B" + "\n\t" " call .Laes_schedule_transform" + "\n\t" " pxor %xmm0, %xmm3" + "\n\t" " pshufb %xmm5, %xmm3" + + "\n\t" " add $32, %r11 # next table: *D" + "\n\t" " call .Laes_schedule_transform" + "\n\t" " pxor %xmm0, %xmm3" + "\n\t" " pshufb %xmm5, %xmm3" + + "\n\t" " add $32, %r11 # next table: *E" + "\n\t" " call .Laes_schedule_transform" + "\n\t" " pxor %xmm0, %xmm3" + "\n\t" " pshufb %xmm5, %xmm3" + + "\n\t" " movdqa %xmm4, %xmm0 # restore %xmm0" + "\n\t" " add $-16, %rdx" + + "\n\t" ".Laes_schedule_mangle_both:" + "\n\t" " pshufb .Lk_sr(%r8,%r10),%xmm3" + "\n\t" " add $-16, %r8" + "\n\t" " and $48, %r8" + "\n\t" " movdqa %xmm3, (%rdx)" + "\n\t" " ret" + + "\n\t" "##" + "\n\t" "## .Laes_schedule_mangle_last" + "\n\t" "##" + "\n\t" "## Mangler for last round of key schedule" + "\n\t" "## Mangles %xmm0" + "\n\t" "## when encrypting, outputs out(%xmm0) ^ 63" + "\n\t" "## when decrypting, outputs unskew(%xmm0)" + "\n\t" "##" + "\n\t" "## Always called right before return... jumps to cleanup and exits" + "\n\t" "##" + "\n\t" ".Laes_schedule_mangle_last:" + "\n\t" " # schedule last round key from xmm0" + "\n\t" " lea .Lk_deskew(%r10),%r11 # prepare to deskew" + "\n\t" " test %rcx, %rcx" + "\n\t" " jnz .Laes_schedule_mangle_last_dec" + + "\n\t" " # encrypting" + "\n\t" " pshufb .Lk_sr(%r8,%r10),%xmm0 # output permute" + "\n\t" " lea .Lk_opt(%r10), %r11 # prepare to output transform" + "\n\t" " add $32, %rdx" + + "\n\t" ".Laes_schedule_mangle_last_dec:" + "\n\t" " add $-16, %rdx" + "\n\t" " pxor .Lk_s63(%r10), %xmm0" + "\n\t" " call .Laes_schedule_transform # output transform" + "\n\t" " movdqa %xmm0, (%rdx) # save last key" + + "\n\t" " #_aes_cleanup" + "\n\t" " pxor %xmm0, %xmm0" + "\n\t" " pxor %xmm1, %xmm1" + "\n\t" " pxor %xmm2, %xmm2" + "\n\t" " pxor %xmm3, %xmm3" + "\n\t" " pxor %xmm4, %xmm4" + "\n\t" " pxor %xmm5, %xmm5" + "\n\t" " pxor %xmm6, %xmm6" + "\n\t" " pxor %xmm7, %xmm7" + "\n\t" " pxor %xmm8, %xmm8" + "\n\t" " ret" + "\n\t" ".size _aes_schedule_core,.-_aes_schedule_core" + + "\n\t" "########################################################" + "\n\t" "## ##" + "\n\t" "## Constants ##" + "\n\t" "## ##" + "\n\t" "########################################################" + + "\n\t" ".align 16" + "\n\t" ".type _aes_consts, at object" + "\n\t" ".Laes_consts:" + "\n\t" "_aes_consts:" + "\n\t" " # s0F" + "\n\t" " .Lk_s0F = .-.Laes_consts" + "\n\t" " .quad 0x0F0F0F0F0F0F0F0F" + "\n\t" " .quad 0x0F0F0F0F0F0F0F0F" + + "\n\t" " # input transform (lo, hi)" + "\n\t" " .Lk_ipt = .-.Laes_consts" + "\n\t" " .quad 0xC2B2E8985A2A7000" + "\n\t" " .quad 0xCABAE09052227808" + "\n\t" " .quad 0x4C01307D317C4D00" + "\n\t" " .quad 0xCD80B1FCB0FDCC81" + + "\n\t" " # inv, inva" + "\n\t" " .Lk_inv = .-.Laes_consts" + "\n\t" " .quad 0x0E05060F0D080180" + "\n\t" " .quad 0x040703090A0B0C02" + "\n\t" " .quad 0x01040A060F0B0780" + "\n\t" " .quad 0x030D0E0C02050809" + + "\n\t" " # sb1u, sb1t" + "\n\t" " .Lk_sb1 = .-.Laes_consts" + "\n\t" " .quad 0xB19BE18FCB503E00" + "\n\t" " .quad 0xA5DF7A6E142AF544" + "\n\t" " .quad 0x3618D415FAE22300" + "\n\t" " .quad 0x3BF7CCC10D2ED9EF" + + + "\n\t" " # sb2u, sb2t" + "\n\t" " .Lk_sb2 = .-.Laes_consts" + "\n\t" " .quad 0xE27A93C60B712400" + "\n\t" " .quad 0x5EB7E955BC982FCD" + "\n\t" " .quad 0x69EB88400AE12900" + "\n\t" " .quad 0xC2A163C8AB82234A" + + "\n\t" " # sbou, sbot" + "\n\t" " .Lk_sbo = .-.Laes_consts" + "\n\t" " .quad 0xD0D26D176FBDC700" + "\n\t" " .quad 0x15AABF7AC502A878" + "\n\t" " .quad 0xCFE474A55FBB6A00" + "\n\t" " .quad 0x8E1E90D1412B35FA" + + "\n\t" " # mc_forward" + "\n\t" " .Lk_mc_forward = .-.Laes_consts" + "\n\t" " .quad 0x0407060500030201" + "\n\t" " .quad 0x0C0F0E0D080B0A09" + "\n\t" " .quad 0x080B0A0904070605" + "\n\t" " .quad 0x000302010C0F0E0D" + "\n\t" " .quad 0x0C0F0E0D080B0A09" + "\n\t" " .quad 0x0407060500030201" + "\n\t" " .quad 0x000302010C0F0E0D" + "\n\t" " .quad 0x080B0A0904070605" + + "\n\t" " # mc_backward" + "\n\t" " .Lk_mc_backward = .-.Laes_consts" + "\n\t" " .quad 0x0605040702010003" + "\n\t" " .quad 0x0E0D0C0F0A09080B" + "\n\t" " .quad 0x020100030E0D0C0F" + "\n\t" " .quad 0x0A09080B06050407" + "\n\t" " .quad 0x0E0D0C0F0A09080B" + "\n\t" " .quad 0x0605040702010003" + "\n\t" " .quad 0x0A09080B06050407" + "\n\t" " .quad 0x020100030E0D0C0F" + + "\n\t" " # sr" + "\n\t" " .Lk_sr = .-.Laes_consts" + "\n\t" " .quad 0x0706050403020100" + "\n\t" " .quad 0x0F0E0D0C0B0A0908" + "\n\t" " .quad 0x030E09040F0A0500" + "\n\t" " .quad 0x0B06010C07020D08" + "\n\t" " .quad 0x0F060D040B020900" + "\n\t" " .quad 0x070E050C030A0108" + "\n\t" " .quad 0x0B0E0104070A0D00" + "\n\t" " .quad 0x0306090C0F020508" + + "\n\t" " # rcon" + "\n\t" " .Lk_rcon = .-.Laes_consts" + "\n\t" " .quad 0x1F8391B9AF9DEEB6" + "\n\t" " .quad 0x702A98084D7C7D81" + + "\n\t" " # s63: all equal to 0x63 transformed" + "\n\t" " .Lk_s63 = .-.Laes_consts" + "\n\t" " .quad 0x5B5B5B5B5B5B5B5B" + "\n\t" " .quad 0x5B5B5B5B5B5B5B5B" + + "\n\t" " # output transform" + "\n\t" " .Lk_opt = .-.Laes_consts" + "\n\t" " .quad 0xFF9F4929D6B66000" + "\n\t" " .quad 0xF7974121DEBE6808" + "\n\t" " .quad 0x01EDBD5150BCEC00" + "\n\t" " .quad 0xE10D5DB1B05C0CE0" + + "\n\t" " # deskew tables: inverts the sbox's 'skew'" + "\n\t" " .Lk_deskew = .-.Laes_consts" + "\n\t" " .quad 0x07E4A34047A4E300" + "\n\t" " .quad 0x1DFEB95A5DBEF91A" + "\n\t" " .quad 0x5F36B5DC83EA6900" + "\n\t" " .quad 0x2841C2ABF49D1E77" + + "\n\t" "##" + "\n\t" "## Decryption stuff" + "\n\t" "## Key schedule constants" + "\n\t" "##" + "\n\t" " # decryption key schedule: x -> invskew x*9" + "\n\t" " .Lk_dks_1 = .-.Laes_consts" + "\n\t" " .quad 0xB6116FC87ED9A700" + "\n\t" " .quad 0x4AED933482255BFC" + "\n\t" " .quad 0x4576516227143300" + "\n\t" " .quad 0x8BB89FACE9DAFDCE" + + "\n\t" " # decryption key schedule: invskew x*9 -> invskew x*D" + "\n\t" " .Lk_dks_2 = .-.Laes_consts" + "\n\t" " .quad 0x27438FEBCCA86400" + "\n\t" " .quad 0x4622EE8AADC90561" + "\n\t" " .quad 0x815C13CE4F92DD00" + "\n\t" " .quad 0x73AEE13CBD602FF2" + + "\n\t" " # decryption key schedule: invskew x*D -> invskew x*B" + "\n\t" " .Lk_dks_3 = .-.Laes_consts" + "\n\t" " .quad 0x03C4C50201C6C700" + "\n\t" " .quad 0xF83F3EF9FA3D3CFB" + "\n\t" " .quad 0xEE1921D638CFF700" + "\n\t" " .quad 0xA5526A9D7384BC4B" + + "\n\t" " # decryption key schedule: invskew x*B -> invskew x*E + 0x63" + "\n\t" " .Lk_dks_4 = .-.Laes_consts" + "\n\t" " .quad 0xE3C390B053732000" + "\n\t" " .quad 0xA080D3F310306343" + "\n\t" " .quad 0xA0CA214B036982E8" + "\n\t" " .quad 0x2F45AEC48CE60D67" + + "\n\t" "##" + "\n\t" "## Decryption stuff" + "\n\t" "## Round function constants" + "\n\t" "##" + "\n\t" " # decryption input transform" + "\n\t" " .Lk_dipt = .-.Laes_consts" + "\n\t" " .quad 0x0F505B040B545F00" + "\n\t" " .quad 0x154A411E114E451A" + "\n\t" " .quad 0x86E383E660056500" + "\n\t" " .quad 0x12771772F491F194" + + "\n\t" " # decryption sbox output *9*u, *9*t" + "\n\t" " .Lk_dsb9 = .-.Laes_consts" + "\n\t" " .quad 0x851C03539A86D600" + "\n\t" " .quad 0xCAD51F504F994CC9" + "\n\t" " .quad 0xC03B1789ECD74900" + "\n\t" " .quad 0x725E2C9EB2FBA565" + + "\n\t" " # decryption sbox output *D*u, *D*t" + "\n\t" " .Lk_dsbd = .-.Laes_consts" + "\n\t" " .quad 0x7D57CCDFE6B1A200" + "\n\t" " .quad 0xF56E9B13882A4439" + "\n\t" " .quad 0x3CE2FAF724C6CB00" + "\n\t" " .quad 0x2931180D15DEEFD3" + + "\n\t" " # decryption sbox output *B*u, *B*t" + "\n\t" " .Lk_dsbb = .-.Laes_consts" + "\n\t" " .quad 0xD022649296B44200" + "\n\t" " .quad 0x602646F6B0F2D404" + "\n\t" " .quad 0xC19498A6CD596700" + "\n\t" " .quad 0xF3FF0C3E3255AA6B" + + "\n\t" " # decryption sbox output *E*u, *E*t" + "\n\t" " .Lk_dsbe = .-.Laes_consts" + "\n\t" " .quad 0x46F2929626D4D000" + "\n\t" " .quad 0x2242600464B4F6B0" + "\n\t" " .quad 0x0C55A6CDFFAAC100" + "\n\t" " .quad 0x9467F36B98593E32" + + "\n\t" " # decryption sbox final output" + "\n\t" " .Lk_dsbo = .-.Laes_consts" + "\n\t" " .quad 0x1387EA537EF94000" + "\n\t" " .quad 0xC7AA6DB9D4943E2D" + "\n\t" " .quad 0x12D7560F93441D00" + "\n\t" " .quad 0xCA4B8159D8C58E9C" + "\n\t" ".size _aes_consts,.-_aes_consts" +); + +#endif /* USE_SSSE3 */ diff --git a/cipher/rijndael.c b/cipher/rijndael.c index 7a83718..51c36c7 100644 --- a/cipher/rijndael.c +++ b/cipher/rijndael.c @@ -99,6 +99,40 @@ extern void _gcry_aes_aesni_cbc_dec (RIJNDAEL_context *ctx, unsigned char *iv, size_t nblocks); #endif +#ifdef USE_SSSE3 +/* SSSE3 (AMD64) vector permutation implementation of AES */ +extern void _gcry_aes_ssse3_do_setkey(RIJNDAEL_context *ctx, const byte *key); +extern void _gcry_aes_ssse3_prepare_decryption(RIJNDAEL_context *ctx); + +extern unsigned int _gcry_aes_ssse3_encrypt (const RIJNDAEL_context *ctx, + unsigned char *dst, + const unsigned char *src); +extern unsigned int _gcry_aes_ssse3_decrypt (const RIJNDAEL_context *ctx, + unsigned char *dst, + const unsigned char *src); +extern void _gcry_aes_ssse3_cfb_enc (RIJNDAEL_context *ctx, + unsigned char *outbuf, + const unsigned char *inbuf, + unsigned char *iv, size_t nblocks); +extern void _gcry_aes_ssse3_cbc_enc (RIJNDAEL_context *ctx, + unsigned char *outbuf, + const unsigned char *inbuf, + unsigned char *iv, size_t nblocks, + int cbc_mac); +extern void _gcry_aes_ssse3_ctr_enc (RIJNDAEL_context *ctx, + unsigned char *outbuf, + const unsigned char *inbuf, + unsigned char *ctr, size_t nblocks); +extern void _gcry_aes_ssse3_cfb_dec (RIJNDAEL_context *ctx, + unsigned char *outbuf, + const unsigned char *inbuf, + unsigned char *iv, size_t nblocks); +extern void _gcry_aes_ssse3_cbc_dec (RIJNDAEL_context *ctx, + unsigned char *outbuf, + const unsigned char *inbuf, + unsigned char *iv, size_t nblocks); +#endif + #ifdef USE_PADLOCK extern unsigned int _gcry_aes_padlock_encrypt (const RIJNDAEL_context *ctx, unsigned char *bx, @@ -182,7 +216,7 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) int rounds; int i,j, r, t, rconpointer = 0; int KC; -#if defined(USE_AESNI) || defined(USE_PADLOCK) +#if defined(USE_AESNI) || defined(USE_PADLOCK) || defined(USE_SSSE3) unsigned int hwfeatures; #endif @@ -223,7 +257,7 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) ctx->rounds = rounds; -#if defined(USE_AESNI) || defined(USE_PADLOCK) +#if defined(USE_AESNI) || defined(USE_PADLOCK) || defined(USE_SSSE3) hwfeatures = _gcry_get_hw_features (); #endif @@ -234,6 +268,9 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) #ifdef USE_AESNI ctx->use_aesni = 0; #endif +#ifdef USE_SSSE3 + ctx->use_ssse3 = 0; +#endif if (0) { @@ -260,6 +297,16 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) memcpy (ctx->padlockkey, key, keylen); } #endif +#ifdef USE_SSSE3 + else if (hwfeatures & HWF_INTEL_SSSE3) + { + ctx->encrypt_fn = _gcry_aes_ssse3_encrypt; + ctx->decrypt_fn = _gcry_aes_ssse3_decrypt; + ctx->prefetch_enc_fn = NULL; + ctx->prefetch_dec_fn = NULL; + ctx->use_ssse3 = 1; + } +#endif else { ctx->encrypt_fn = do_encrypt; @@ -278,6 +325,10 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) else if (ctx->use_aesni) _gcry_aes_aesni_do_setkey (ctx, key); #endif +#ifdef USE_AESNI + else if (ctx->use_ssse3) + _gcry_aes_ssse3_do_setkey (ctx, key); +#endif else { const byte *sbox = ((const byte *)encT) + 1; @@ -403,6 +454,12 @@ prepare_decryption( RIJNDAEL_context *ctx ) _gcry_aes_aesni_prepare_decryption (ctx); } #endif /*USE_AESNI*/ +#ifdef USE_SSSE3 + else if (ctx->use_ssse3) + { + _gcry_aes_ssse3_prepare_decryption (ctx); + } +#endif /*USE_SSSE3*/ #ifdef USE_PADLOCK else if (ctx->use_padlock) { @@ -650,6 +707,13 @@ _gcry_aes_cfb_enc (void *context, unsigned char *iv, burn_depth = 0; } #endif /*USE_AESNI*/ +#ifdef USE_SSSE3 + else if (ctx->use_ssse3) + { + _gcry_aes_ssse3_cfb_enc (ctx, outbuf, inbuf, iv, nblocks); + burn_depth = 0; + } +#endif /*USE_SSSE3*/ else { rijndael_cryptfn_t encrypt_fn = ctx->encrypt_fn; @@ -697,6 +761,13 @@ _gcry_aes_cbc_enc (void *context, unsigned char *iv, burn_depth = 0; } #endif /*USE_AESNI*/ +#ifdef USE_SSSE3 + else if (ctx->use_ssse3) + { + _gcry_aes_ssse3_cbc_enc (ctx, outbuf, inbuf, iv, nblocks, cbc_mac); + burn_depth = 0; + } +#endif /*USE_SSSE3*/ else { rijndael_cryptfn_t encrypt_fn = ctx->encrypt_fn; @@ -752,6 +823,13 @@ _gcry_aes_ctr_enc (void *context, unsigned char *ctr, burn_depth = 0; } #endif /*USE_AESNI*/ +#ifdef USE_SSSE3 + else if (ctx->use_ssse3) + { + _gcry_aes_ssse3_ctr_enc (ctx, outbuf, inbuf, ctr, nblocks); + burn_depth = 0; + } +#endif /*USE_SSSE3*/ else { union { unsigned char x1[16] ATTR_ALIGNED_16; u32 x32[4]; } tmp; @@ -986,6 +1064,13 @@ _gcry_aes_cfb_dec (void *context, unsigned char *iv, burn_depth = 0; } #endif /*USE_AESNI*/ +#ifdef USE_SSSE3 + else if (ctx->use_ssse3) + { + _gcry_aes_ssse3_cfb_dec (ctx, outbuf, inbuf, iv, nblocks); + burn_depth = 0; + } +#endif /*USE_SSSE3*/ else { rijndael_cryptfn_t encrypt_fn = ctx->encrypt_fn; @@ -1032,6 +1117,13 @@ _gcry_aes_cbc_dec (void *context, unsigned char *iv, burn_depth = 0; } #endif /*USE_AESNI*/ +#ifdef USE_SSSE3 + else if (ctx->use_ssse3) + { + _gcry_aes_ssse3_cbc_dec (ctx, outbuf, inbuf, iv, nblocks); + burn_depth = 0; + } +#endif /*USE_SSSE3*/ else { unsigned char savebuf[BLOCKSIZE] ATTR_ALIGNED_16; diff --git a/configure.ac b/configure.ac index a4ea990..71c50c0 100644 --- a/configure.ac +++ b/configure.ac @@ -1692,6 +1692,9 @@ if test "$found" = "1" ; then x86_64-*-*) # Build with the assembly implementation GCRYPT_CIPHERS="$GCRYPT_CIPHERS rijndael-amd64.lo" + + # Build with the SSSE3 implementation + GCRYPT_CIPHERS="$GCRYPT_CIPHERS rijndael-ssse3-amd64.lo" ;; arm*-*-*) # Build with the assembly implementation ----------------------------------------------------------------------- Summary of changes: cipher/Makefile.am | 2 +- cipher/rijndael-internal.h | 9 + cipher/rijndael-ssse3-amd64.c | 1209 +++++++++++++++++++++++++++++++++++++++++ cipher/rijndael.c | 96 +++- configure.ac | 3 + 5 files changed, 1316 insertions(+), 3 deletions(-) create mode 100644 cipher/rijndael-ssse3-amd64.c hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From yumkam at gmail.com Fri Jan 2 16:46:00 2015 From: yumkam at gmail.com (Yuriy Kaminskiy) Date: Fri, 02 Jan 2015 18:46:00 +0300 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-144-gc2e1f8f In-Reply-To: References: Message-ID: by Jussi Kivilinna wrote: > commit 4515315f61fbf79413e150fbd1d5f5a2435f2bc5 > Author: Jussi Kivilinna > Date: Tue Dec 23 13:01:33 2014 +0200 > > hash: fix compiler warning on ARM > > * cipher/md.c (md_open, md_copy): Cast 'char *' to ctx through > 'void *'. > * cipher/md4.c (md4_final): Use buf_put_* helper instead of > converting 'char *' to 'u32 *'. > * cipher/md5.c (md5_final): Ditto. > * cipher/rmd160.c (_gcry_rmd160_mixblock, rmd160_final): Ditto. > * cipher/sha1.c (sha1_final): Ditto. > * cipher/sha256.c (sha256_final): Ditto. > * cipher/sha512.c (sha512_final): Ditto. > * cipher/tiger.c (tiger_final): Ditto. > -- > > Patch fixes 'cast increases required alignment' warnings seen on GCC: > ... > > Signed-off-by: Jussi Kivilinna > [...] > diff --git a/cipher/rmd160.c b/cipher/rmd160.c > index e6d02f5..2b1f321 100644 > --- a/cipher/rmd160.c > +++ b/cipher/rmd160.c > @@ -411,7 +411,7 @@ _gcry_rmd160_mixblock ( RMD160_CONTEXT *hd, void *blockof64byte ) > char *p = blockof64byte; > > transform ( hd, blockof64byte, 1 ); > -#define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0) > +#define X(a) do { buf_put_le32(p, hd->h##a); p += 4; } while(0) > X(0); > X(1); > X(2); Note that this commit changes result of this function on BE arches (it was stored as "native-endian integer" before, it is stored as "little-endian integer" now). This function is only used in random-csprng.c, so there should be no practical consequences (except it is a tiny bit slower on BE arches now). From jussi.kivilinna at iki.fi Sat Jan 3 09:59:37 2015 From: jussi.kivilinna at iki.fi (Jussi Kivilinna) Date: Sat, 03 Jan 2015 10:59:37 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-144-gc2e1f8f In-Reply-To: References: Message-ID: <54A7AF79.3010404@iki.fi> On 02.01.2015 17:46, Yuriy Kaminskiy wrote: > [...] >> diff --git a/cipher/rmd160.c b/cipher/rmd160.c >> index e6d02f5..2b1f321 100644 >> --- a/cipher/rmd160.c >> +++ b/cipher/rmd160.c >> @@ -411,7 +411,7 @@ _gcry_rmd160_mixblock ( RMD160_CONTEXT *hd, void *blockof64byte ) >> char *p = blockof64byte; >> >> transform ( hd, blockof64byte, 1 ); >> -#define X(a) do { *(u32*)p = hd->h##a ; p += 4; } while(0) >> +#define X(a) do { buf_put_le32(p, hd->h##a); p += 4; } while(0) >> X(0); >> X(1); >> X(2); > > Note that this commit changes result of this function on BE arches (it was > stored as "native-endian integer" before, it is stored as "little-endian > integer" now). This function is only used in random-csprng.c, so there should be > no practical consequences (except it is a tiny bit slower on BE arches now). > Other "#define X(a)" macros did the big/little-endian store so I ended up using same macro here as for rmd160_final(). I'll make patch to restore native-endianess. -Jussi > > _______________________________________________ > Gcrypt-devel mailing list > Gcrypt-devel at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gcrypt-devel > From wk at gnupg.org Sat Jan 3 11:46:19 2015 From: wk at gnupg.org (Werner Koch) Date: Sat, 03 Jan 2015 11:46:19 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-144-gc2e1f8f In-Reply-To: (Yuriy Kaminskiy's message of "Fri, 02 Jan 2015 18:46:00 +0300") References: Message-ID: <87d26w9m6c.fsf@vigenere.g10code.de> On Fri, 2 Jan 2015 16:46, yumkam at gmail.com said: > Note that this commit changes result of this function on BE arches (it was > stored as "native-endian integer" before, it is stored as "little-endian > integer" now). This function is only used in random-csprng.c, so there Good catch. Thanks. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From jussi.kivilinna at iki.fi Sat Jan 3 19:21:29 2015 From: jussi.kivilinna at iki.fi (Jussi Kivilinna) Date: Sat, 03 Jan 2015 20:21:29 +0200 Subject: [PATCH] rmd160: restore native-endian store in _gcry_rmd160_mixblock Message-ID: <20150103182129.14797.85712.stgit@localhost6.localdomain6> * cipher/rmd160.c (_gcry_rmd160_mixblock): Store result to buffer in native-endianess. -- Commit 4515315f61fbf79413e150fbd1d5f5a2435f2bc5 unintendedly changed this native-endian store to little-endian. Reported-by: Yuriy Kaminskiy Signed-off-by: Jussi Kivilinna --- cipher/rmd160.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/cipher/rmd160.c b/cipher/rmd160.c index 2b1f321..2695db2 100644 --- a/cipher/rmd160.c +++ b/cipher/rmd160.c @@ -403,15 +403,16 @@ transform ( void *c, const unsigned char *data, size_t nblks ) * Apply the rmd160 transform function on the buffer which must have * a length 64 bytes. Do not use this function together with the * other functions, use rmd160_init to initialize internal variables. - * Returns: 16 bytes in buffer with the mixed contentes of buffer. + * Buffer must be 32-bit aligned. + * Returns: 20 bytes in buffer with the mixed contents of buffer. */ void _gcry_rmd160_mixblock ( RMD160_CONTEXT *hd, void *blockof64byte ) { - char *p = blockof64byte; + u32 *p = blockof64byte; transform ( hd, blockof64byte, 1 ); -#define X(a) do { buf_put_le32(p, hd->h##a); p += 4; } while(0) +#define X(a) do { p[a] = hd->h##a; } while(0) X(0); X(1); X(2); From cvs at cvs.gnupg.org Sun Jan 4 14:58:46 2015 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Sun, 04 Jan 2015 14:58:46 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-146-gd7c7453 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via d7c7453cf5e6b8f3c6b522a30e680f844a28c9de (commit) from 8eabecc883332156adffc1df42d27f614c157e06 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d7c7453cf5e6b8f3c6b522a30e680f844a28c9de Author: Jussi Kivilinna Date: Fri Jan 2 19:07:24 2015 +0200 rmd160: restore native-endian store in _gcry_rmd160_mixblock * cipher/rmd160.c (_gcry_rmd160_mixblock): Store result to buffer in native-endianess. -- Commit 4515315f61fbf79413e150fbd1d5f5a2435f2bc5 unintendedly changed this native-endian store to little-endian. Reported-by: Yuriy Kaminskiy Signed-off-by: Jussi Kivilinna diff --git a/cipher/rmd160.c b/cipher/rmd160.c index 2b1f321..2695db2 100644 --- a/cipher/rmd160.c +++ b/cipher/rmd160.c @@ -403,15 +403,16 @@ transform ( void *c, const unsigned char *data, size_t nblks ) * Apply the rmd160 transform function on the buffer which must have * a length 64 bytes. Do not use this function together with the * other functions, use rmd160_init to initialize internal variables. - * Returns: 16 bytes in buffer with the mixed contentes of buffer. + * Buffer must be 32-bit aligned. + * Returns: 20 bytes in buffer with the mixed contents of buffer. */ void _gcry_rmd160_mixblock ( RMD160_CONTEXT *hd, void *blockof64byte ) { - char *p = blockof64byte; + u32 *p = blockof64byte; transform ( hd, blockof64byte, 1 ); -#define X(a) do { buf_put_le32(p, hd->h##a); p += 4; } while(0) +#define X(a) do { p[a] = hd->h##a; } while(0) X(0); X(1); X(2); ----------------------------------------------------------------------- Summary of changes: cipher/rmd160.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From wk at gnupg.org Mon Jan 5 16:43:14 2015 From: wk at gnupg.org (Werner Koch) Date: Mon, 05 Jan 2015 16:43:14 +0100 Subject: git hooks Message-ID: <87vbkl5j3h.fsf@vigenere.g10code.de> Hi! I just noticed that for Libgcrypt we do not install a commit-msg check script (via autogen.sh). GnuPG does this similar to GNU coreutils to limit the linelength to 72 characters and ensure that there is a subject line. I still consider it good style to have short lines in mails and on ttys. For Jussi's benchmark results that might sometimes be too short but in these cases it is easy to temporary disable the script. Shall I add such a hook to autogen.sh? Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From cvs at cvs.gnupg.org Mon Jan 5 17:53:43 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 05 Jan 2015 17:53:43 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-152-gdd5df19 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via dd5df198727ea5d8f6b04288e14fd732051453c8 (commit) via f65276970a6dcd6d9bca94cecc49b68acdcc9492 (commit) via 95a751d9cef2c6dfcd7358154bcdbbdf35e31a2e (commit) via 1a6d65ac0aab335541726d02f2046d883a768ec3 (commit) via c420c0fff5e3b5bdd9ef1a6a4a9b2e1da8301416 (commit) via 943ce27e6a13057c988c35c913dc6a3f56149591 (commit) from d7c7453cf5e6b8f3c6b522a30e680f844a28c9de (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit dd5df198727ea5d8f6b04288e14fd732051453c8 Author: Werner Koch Date: Mon Jan 5 17:47:26 2015 +0100 doc: Update yat2m to current upstream version (GnuPG). diff --git a/doc/yat2m.c b/doc/yat2m.c index 2ac4390..86c3c70 100644 --- a/doc/yat2m.c +++ b/doc/yat2m.c @@ -87,6 +87,10 @@ detects the number of white spaces in front of an @item and remove this number of spaces from all following lines until a new @item is found or there are less spaces than for the last @item. + + Note that @* does only work correctly if used at the end of an + input line. + */ #include @@ -136,6 +140,9 @@ typedef struct macro_s *macro_t; /* List of all defined macros. */ static macro_t macrolist; +/* List of variables set by @set. */ +static macro_t variablelist; + /* List of global macro names. The value part is not used. */ static macro_t predefinedmacrolist; @@ -375,8 +382,44 @@ set_macro (const char *macroname, char *macrovalue) } -/* Return true if the macro NAME is set, i.e. not the empty string and - not evaluating to 0. */ +/* Create or update a variable with name and value given in NAMEANDVALUE. */ +static void +set_variable (char *nameandvalue) +{ + macro_t m; + const char *value; + char *p; + + for (p = nameandvalue; *p && *p != ' ' && *p != '\t'; p++) + ; + if (!*p) + value = ""; + else + { + *p++ = 0; + while (*p == ' ' || *p == '\t') + p++; + value = p; + } + + for (m=variablelist; m; m = m->next) + if (!strcmp (m->name, nameandvalue)) + break; + if (m) + free (m->value); + else + { + m = xcalloc (1, sizeof *m + strlen (nameandvalue)); + strcpy (m->name, nameandvalue); + m->next = variablelist; + variablelist = m; + } + m->value = xstrdup (value); +} + + +/* Return true if the macro or variable NAME is set, i.e. not the + empty string and not evaluating to 0. */ static int macro_set_p (const char *name) { @@ -385,6 +428,10 @@ macro_set_p (const char *name) for (m = macrolist; m ; m = m->next) if (!strcmp (m->name, name)) break; + if (!m) + for (m = variablelist; m ; m = m->next) + if (!strcmp (m->name, name)) + break; if (!m || !m->value || !*m->value) return 0; if ((*m->value & 0x80) || !isdigit (*m->value)) @@ -609,6 +656,7 @@ write_th (FILE *fp) *p++ = 0; fprintf (fp, ".TH %s %s %s \"%s\" \"%s\"\n", name, p, isodatestring (), opt_release, opt_source); + free (name); return 0; } @@ -664,8 +712,11 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, { "table", 3 }, { "itemize", 3 }, { "bullet", 0, "* " }, + { "*", 0, "\n.br"}, + { "/", 0 }, { "end", 4 }, { "quotation",1, ".RS\n\\fB" }, + { "value", 8 }, { NULL } }; size_t n; @@ -741,11 +792,46 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, case 7: ignore_args = 1; break; + case 8: + ignore_args = 1; + if (*rest != '{') + { + err ("opening brace for command '%s' missing", command); + return len; + } + else + { + /* Find closing brace. */ + for (s=rest+1, n=1; *s && n < len; s++, n++) + if (*s == '}') + break; + if (*s != '}') + { + err ("closing brace for command '%s' not found", command); + return len; + } + else + { + size_t len = s - (rest + 1); + macro_t m; + + for (m = variablelist; m; m = m->next) + if (strlen (m->name) == len + &&!strncmp (m->name, rest+1, len)) + break; + if (m) + fputs (m->value, fp); + else + inf ("texinfo variable '%.*s' is not set", + (int)len, rest+1); + } + } + break; default: break; } } - else + else /* macro */ { macro_t m; @@ -1215,6 +1301,10 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause) macrovalue = xmalloc ((macrovaluesize = 1024)); macrovalueused = 0; } + else if (n == 4 && !memcmp (line, "@set", 4)) + { + set_variable (p); + } else if (n == 8 && !memcmp (line, "@manpage", 8)) { free (*section_name); @@ -1325,6 +1415,13 @@ top_parse_file (const char *fname, FILE *fp) free (macrolist); macrolist = next; } + while (variablelist) + { + macro_t next = variablelist->next; + free (variablelist->value); + free (variablelist); + variablelist = next; + } for (m=predefinedmacrolist; m; m = m->next) set_macro (m->name, xstrdup ("1")); cond_is_active = 1; commit f65276970a6dcd6d9bca94cecc49b68acdcc9492 Author: Werner Koch Date: Mon Jan 5 17:46:05 2015 +0100 build: Require automake 1.14. * configure.ac (AM_INIT_AUTOMAKE): Add serial-tests. Signed-off-by: Werner Koch diff --git a/configure.ac b/configure.ac index 71c50c0..161571a 100644 --- a/configure.ac +++ b/configure.ac @@ -21,7 +21,7 @@ # (Process this file with autoconf to produce a configure script.) AC_REVISION($Revision$) AC_PREREQ(2.60) -min_automake_version="1.10" +min_automake_version="1.14" # To build a release you need to create a tag with the version number # (git tag -s libgcrypt-n.m.k) and run "./autogen.sh --force". Please @@ -75,7 +75,7 @@ VERSION=$PACKAGE_VERSION AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_SRCDIR([src/libgcrypt.vers]) -AM_INIT_AUTOMAKE([dist-bzip2]) +AM_INIT_AUTOMAKE([serial-tests dist-bzip2]) AC_CONFIG_HEADER(config.h) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_LIBOBJ_DIR([compat]) commit 95a751d9cef2c6dfcd7358154bcdbbdf35e31a2e Author: Werner Koch Date: Mon Jan 5 17:16:04 2015 +0100 cipher: Add the original PD notice to rijndael-ssse3-amd64.c -- diff --git a/cipher/rijndael-ssse3-amd64.c b/cipher/rijndael-ssse3-amd64.c index 112ab22..d72ec31 100644 --- a/cipher/rijndael-ssse3-amd64.c +++ b/cipher/rijndael-ssse3-amd64.c @@ -15,6 +15,23 @@ * * You should have received a copy of the GNU Lesser General Public * License along with this program; if not, see . + * + * + * The code is based on the public domain library libvpaes version 0.5 + * available at http://crypto.stanford.edu/vpaes/ and which carries + * this notice: + * + * libvpaes: constant-time SSSE3 AES encryption and decryption. + * version 0.5 + * + * By Mike Hamburg, Stanford University, 2009. Public domain. + * I wrote essentially all of this code. I did not write the test + * vectors; they are the NIST known answer tests. I hereby release all + * the code and documentation here that I wrote into the public domain. + * + * This is an implementation of AES following my paper, + * "Accelerating AES with Vector Permute Instructions" + * CHES 2009; http://shiftleft.org/papers/vector_aes/ */ #include @@ -36,7 +53,7 @@ /* Two macros to be called prior and after the use of SSSE3 instructions. There should be no external function calls between the use of these macros. There purpose is to make sure that the - SSE regsiters are cleared and won't reveal any information about + SSE registers are cleared and won't reveal any information about the key or the data. */ #define vpaes_ssse3_prepare_enc(const_ptr) \ asm volatile ("lea .Laes_consts(%%rip), %q0 \n\t" \ commit 1a6d65ac0aab335541726d02f2046d883a768ec3 Author: Werner Koch Date: Mon Jan 5 17:04:10 2015 +0100 Replace camel case of internal scrypt functions. * cipher/scrypt.c (_salsa20_core): Rename to salsa20_core. Change callers. (_scryptBlockMix): Rename to scrypt_block_mix. Change callers. (_scryptROMix): Rename to scrypt_ro_mix. Change callers. -- Signed-off-by: Werner Koch diff --git a/cipher/scrypt.c b/cipher/scrypt.c index aca903d..3c21c2a 100644 --- a/cipher/scrypt.c +++ b/cipher/scrypt.c @@ -76,7 +76,7 @@ static void -_salsa20_core(u32 *dst, const u32 *src, unsigned rounds) +salsa20_core (u32 *dst, const u32 *src, unsigned int rounds) { u32 x[SALSA20_INPUT_LENGTH]; unsigned i; @@ -108,7 +108,7 @@ _salsa20_core(u32 *dst, const u32 *src, unsigned rounds) static void -_scryptBlockMix (u32 r, unsigned char *B, unsigned char *tmp2) +scrypt_block_mix (u32 r, unsigned char *B, unsigned char *tmp2) { u64 i; unsigned char *X = tmp2; @@ -142,7 +142,7 @@ _scryptBlockMix (u32 r, unsigned char *B, unsigned char *tmp2) buf_xor(X, X, &B[i * 64], 64); /* X = Salsa (T) */ - _salsa20_core ((u32*)(void*)X, (u32*)(void*)X, 8); + salsa20_core ((u32*)(void*)X, (u32*)(void*)X, 8); /* Y[i] = X */ memcpy (&Y[i * 64], X, 64); @@ -173,8 +173,9 @@ _scryptBlockMix (u32 r, unsigned char *B, unsigned char *tmp2) #endif } + static void -_scryptROMix (u32 r, unsigned char *B, u64 N, +scrypt_ro_mix (u32 r, unsigned char *B, u64 N, unsigned char *tmp1, unsigned char *tmp2) { unsigned char *X = B, *T = B; @@ -201,7 +202,7 @@ _scryptROMix (u32 r, unsigned char *B, u64 N, memcpy (&tmp1[i * 128 * r], X, 128 * r); /* X = ScryptBlockMix (X) */ - _scryptBlockMix (r, X, tmp2); + scrypt_block_mix (r, X, tmp2); } /* for i = 0 to N - 1 do */ @@ -216,7 +217,7 @@ _scryptROMix (u32 r, unsigned char *B, u64 N, buf_xor (T, T, &tmp1[j * 128 * r], 128 * r); /* X = scryptBlockMix (T) */ - _scryptBlockMix (r, T, tmp2); + scrypt_block_mix (r, T, tmp2); } #if 0 @@ -234,7 +235,9 @@ _scryptROMix (u32 r, unsigned char *B, u64 N, #endif } -/** + +/* + * */ gcry_err_code_t _gcry_kdf_scrypt (const unsigned char *passwd, size_t passwdlen, @@ -306,7 +309,7 @@ _gcry_kdf_scrypt (const unsigned char *passwd, size_t passwdlen, 1 /* iterations */, p * r128, B); for (i = 0; !ec && i < p; i++) - _scryptROMix (r, &B[i * r128], N, tmp1, tmp2); + scrypt_ro_mix (r, &B[i * r128], N, tmp1, tmp2); for (i = 0; !ec && i < p; i++) ec = _gcry_kdf_pkdf2 (passwd, passwdlen, GCRY_MD_SHA256, B, p * r128, commit c420c0fff5e3b5bdd9ef1a6a4a9b2e1da8301416 Author: Werner Koch Date: Sun Dec 28 14:26:48 2014 +0100 doc: State that gcry_md_write et al may be used after md_read. -- diff --git a/cipher/hash-common.c b/cipher/hash-common.c index ed63a0b..9a007e1 100644 --- a/cipher/hash-common.c +++ b/cipher/hash-common.c @@ -95,7 +95,10 @@ _gcry_hash_selftest_check_one (int algo, /* Common function to write a chunk of data to the transform function of a hash algorithm. Note that the use of the term "block" does - not imply a fixed size block. */ + not imply a fixed size block. Note that we explicitly allow to use + this function after the context has been finalized; the result does + not have any meaning but writing after finalize is sometimes + helpful to mitigate timing attacks. */ void _gcry_md_block_write (void *context, const void *inbuf_arg, size_t inlen) { diff --git a/cipher/md.c b/cipher/md.c index f9414de..9fef555 100644 --- a/cipher/md.c +++ b/cipher/md.c @@ -642,6 +642,9 @@ md_write (gcry_md_hd_t a, const void *inbuf, size_t inlen) } +/* Note that this function may be used after finalize and read to keep + on writing to the transform function so to mitigate timing + attacks. */ void _gcry_md_write (gcry_md_hd_t hd, const void *inbuf, size_t inlen) { diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index be5f805..30acd2f 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -3233,7 +3233,11 @@ by just one character. Both methods can be used on the same hash context. Pass @var{length} bytes of the data in @var{buffer} to the digest object with handle @var{h} to update the digest values. This -function should be used for large blocks of data. +function should be used for large blocks of data. If this function is +used after the context has been finalized, it will keep on pushing +the data through the algorithm specific transform function and change +the context; however the results are not meaningful and this feature +is only available to mitigate timing attacks. @end deftypefun @deftypefun void gcry_md_putc (gcry_md_hd_t @var{h}, int @var{c}) @@ -3253,7 +3257,9 @@ message digest or some padding. Finalize the message digest calculation. This is not really needed because @code{gcry_md_read} does this implicitly. After this has been done no further updates (by means of @code{gcry_md_write} or - at code{gcry_md_putc} are allowed. Only the first call to this function + at code{gcry_md_putc} should be done; However, to mitigate timing +attacks it is sometimes useful to keep on updating the context after +having stored away the actual digest. Only the first call to this function has an effect. It is implemented as a macro. @end deftypefun @@ -3266,8 +3272,9 @@ function: calculation. This function may be used as often as required but it will always return the same value for one handle. The returned message digest is allocated within the message context and therefore valid until the -handle is released or reseted (using @code{gcry_md_close} or - at code{gcry_md_reset}. @var{algo} may be given as 0 to return the only +handle is released or reset-ed (using @code{gcry_md_close} or + at code{gcry_md_reset} or it has been updated as a mitigation measure +against timing attacks. @var{algo} may be given as 0 to return the only enabled message digest or it may specify one of the enabled algorithms. The function does return @code{NULL} if the requested algorithm has not been enabled. @@ -3680,10 +3687,13 @@ see how it is actually done. @deftypefun gcry_error_t gcry_mac_write (gcry_mac_hd_t @var{h}, const void *@var{buffer}, size_t @var{length}) Pass @var{length} bytes of the data in @var{buffer} to the MAC object -with handle @var{h} to update the MAC values. +with handle @var{h} to update the MAC values. If this function is +used after the context has been finalized, it will keep on pushing the +data through the algorithm specific transform function and thereby +change the context; however the results are not meaningful and this +feature is only available to mitigate timing attacks. @end deftypefun - The way to read out the calculated MAC is by using the function: @deftypefun gcry_error_t gcry_mac_read (gcry_mac_hd_t @var{h}, void *@var{buffer}, size_t *@var{length}) @@ -3694,7 +3704,6 @@ Function copies the resulting MAC value to @var{buffer} of the length then length of MAC is returned through @var{length}. @end deftypefun - To compare existing MAC value with recalculated MAC, one is to use the function: @deftypefun gcry_error_t gcry_mac_verify (gcry_mac_hd_t @var{h}, void *@var{buffer}, size_t @var{length}) commit 943ce27e6a13057c988c35c913dc6a3f56149591 Author: Werner Koch Date: Fri Dec 19 09:11:08 2014 +0100 doc: typo fix -- GnuPG-bug-id: 1589 diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 108d53a..be5f805 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -3414,7 +3414,7 @@ hashed can be written to files on request. @deftypefun void gcry_md_debug (gcry_md_hd_t @var{h}, const char *@var{suffix}) Enable debugging for the digest object with handle @var{h}. This -creates create files named @file{dbgmd-.} while doing the +creates files named @file{dbgmd-.} while doing the actual hashing. @var{suffix} is the string part in the filename. The number is a counter incremented for each new hashing. The data in the file is the raw data as passed to @code{gcry_md_write} or ----------------------------------------------------------------------- Summary of changes: cipher/hash-common.c | 5 +- cipher/md.c | 3 ++ cipher/rijndael-ssse3-amd64.c | 19 +++++++- cipher/scrypt.c | 19 ++++---- configure.ac | 4 +- doc/gcrypt.texi | 25 ++++++---- doc/yat2m.c | 103 +++++++++++++++++++++++++++++++++++++++-- 7 files changed, 155 insertions(+), 23 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From dbaryshkov at gmail.com Mon Jan 5 17:57:22 2015 From: dbaryshkov at gmail.com (Dmitry Eremin-Solenikov) Date: Mon, 5 Jan 2015 20:57:22 +0400 Subject: [PATCH] gostr3411-94: fix the iteration count for length filling loop In-Reply-To: <1419757543-15954-1-git-send-email-dbaryshkov@gmail.com> References: <1419757543-15954-1-git-send-email-dbaryshkov@gmail.com> Message-ID: 2014-12-28 12:05 GMT+03:00 Dmitry Eremin-Solenikov : > The maximum iteration count for filling the l (bit length) array was > incrrectly set to 32 (missed that in u8->u32 refactoring). This was not > resulting in stack corruption, since nblocks variable would be exausted > earlier compared to 8 32-bit values (the size of the array). > > Signed-off-by: Dmitry Eremin-Solenikov > --- > cipher/gostr3411-94.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) What about this patch? > > diff --git a/cipher/gostr3411-94.c b/cipher/gostr3411-94.c > index 91e5b4c..7b16e61 100644 > --- a/cipher/gostr3411-94.c > +++ b/cipher/gostr3411-94.c > @@ -307,7 +307,7 @@ gost3411_final (void *context) > l[0] |= nblocks << 8; > nblocks >>= 24; > > - for (i = 1; i < 32 && nblocks != 0; i++) > + for (i = 1; i < 8 && nblocks != 0; i++) > { > l[i] = nblocks; > nblocks >>= 24; > -- > 2.1.4 > -- With best wishes Dmitry From dbaryshkov at gmail.com Mon Jan 5 17:56:57 2015 From: dbaryshkov at gmail.com (Dmitry Eremin-Solenikov) Date: Mon, 5 Jan 2015 20:56:57 +0400 Subject: [PATCH] Stribog: fix C16 table size In-Reply-To: <1419758133-26930-1-git-send-email-dbaryshkov@gmail.com> References: <1419758133-26930-1-git-send-email-dbaryshkov@gmail.com> Message-ID: What about this patch? 2014-12-28 12:15 GMT+03:00 Dmitry Eremin-Solenikov : > Signed-off-by: Dmitry Eremin-Solenikov > --- > cipher/stribog.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/cipher/stribog.c b/cipher/stribog.c > index 942bbf4..de167a7 100644 > --- a/cipher/stribog.c > +++ b/cipher/stribog.c > @@ -1080,7 +1080,7 @@ static const u64 stribog_table[8][256] = > U64_C(0x72d14d3493b2e388), U64_C(0xd6a30f258c153427) }, > }; > > -static const u64 C16[13][16] = > +static const u64 C16[12][8] = > { > { U64_C(0xdd806559f2a64507), U64_C(0x05767436cc744d23), > U64_C(0xa2422a08a460d315), U64_C(0x4b7ce09192676901), > -- > 2.1.4 > -- With best wishes Dmitry From andre at amorim.me Mon Jan 5 17:55:15 2015 From: andre at amorim.me (Andre Amorim) Date: Mon, 5 Jan 2015 16:55:15 +0000 Subject: git hooks In-Reply-To: <87vbkl5j3h.fsf@vigenere.g10code.de> References: <87vbkl5j3h.fsf@vigenere.g10code.de> Message-ID: I vote YES to 72 CPL. Reason: History. Kind Regards AA :. Andre Amorim .: Key-ID: A70B444E Fingerprint: FAAD3B6556A8877B938EAB2FC05E2CB0A70B444E On 5 January 2015 at 15:43, Werner Koch wrote: > Hi! > > I just noticed that for Libgcrypt we do not install a commit-msg check > script (via autogen.sh). GnuPG does this similar to GNU coreutils to > limit the linelength to 72 characters and ensure that there is a subject > line. > > I still consider it good style to have short lines in mails and on > ttys. For Jussi's benchmark results that might sometimes be too short > but in these cases it is easy to temporary disable the script. > > Shall I add such a hook to autogen.sh? > > > Shalom-Salam, > > Werner > > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > > > _______________________________________________ > Gcrypt-devel mailing list > Gcrypt-devel at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gcrypt-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From cvs at cvs.gnupg.org Mon Jan 5 18:59:03 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 05 Jan 2015 18:59:03 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-153-g8c5eee5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 8c5eee51d9a25b143e41ffb7ff4a6b2a29b82d83 (commit) from dd5df198727ea5d8f6b04288e14fd732051453c8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8c5eee51d9a25b143e41ffb7ff4a6b2a29b82d83 Author: Werner Koch Date: Mon Jan 5 18:58:39 2015 +0100 primegen: Fix memory leak for invalid call sequences. * cipher/primegen.c (prime_generate_internal): Refactor generator code to not leak memory for non-implemented feature. (_gcry_prime_group_generator): Refactor to not leak memory for invalid args. Also make sure that R_G is set as soon as possible. -- GnuPG-bug-id: 1705 Signed-off-by: Werner Koch diff --git a/cipher/primegen.c b/cipher/primegen.c index ce6db8d..2a702a7 100644 --- a/cipher/primegen.c +++ b/cipher/primegen.c @@ -622,47 +622,44 @@ prime_generate_internal (int need_q_factor, } } - if (g) + if (g && need_q_factor) + err = GPG_ERR_NOT_IMPLEMENTED; + else if (g) { /* Create a generator (start with 3). */ gcry_mpi_t tmp = mpi_alloc (mpi_get_nlimbs (prime)); gcry_mpi_t b = mpi_alloc (mpi_get_nlimbs (prime)); gcry_mpi_t pmin1 = mpi_alloc (mpi_get_nlimbs (prime)); - if (need_q_factor) - err = GPG_ERR_NOT_IMPLEMENTED; - else + factors[n] = q; + factors[n + 1] = mpi_alloc_set_ui (2); + mpi_sub_ui (pmin1, prime, 1); + mpi_set_ui (g, 2); + do { - factors[n] = q; - factors[n + 1] = mpi_alloc_set_ui (2); - mpi_sub_ui (pmin1, prime, 1); - mpi_set_ui (g, 2); - do + mpi_add_ui (g, g, 1); + if (DBG_CIPHER) + log_printmpi ("checking g", g); + else + progress('^'); + for (i = 0; i < n + 2; i++) { - mpi_add_ui (g, g, 1); - if (DBG_CIPHER) - log_printmpi ("checking g", g); - else - progress('^'); - for (i = 0; i < n + 2; i++) - { - mpi_fdiv_q (tmp, pmin1, factors[i]); - /* No mpi_pow(), but it is okay to use this with mod - prime. */ - mpi_powm (b, g, tmp, prime); - if (! mpi_cmp_ui (b, 1)) - break; - } - if (DBG_CIPHER) - progress('\n'); + mpi_fdiv_q (tmp, pmin1, factors[i]); + /* No mpi_pow(), but it is okay to use this with mod + prime. */ + mpi_powm (b, g, tmp, prime); + if (! mpi_cmp_ui (b, 1)) + break; } - while (i < n + 2); - - mpi_free (factors[n+1]); - mpi_free (tmp); - mpi_free (b); - mpi_free (pmin1); + if (DBG_CIPHER) + progress('\n'); } + while (i < n + 2); + + mpi_free (factors[n+1]); + mpi_free (tmp); + mpi_free (b); + mpi_free (pmin1); } if (! DBG_CIPHER) @@ -1194,22 +1191,25 @@ _gcry_prime_group_generator (gcry_mpi_t *r_g, gcry_mpi_t prime, gcry_mpi_t *factors, gcry_mpi_t start_g) { - gcry_mpi_t tmp = mpi_new (0); - gcry_mpi_t b = mpi_new (0); - gcry_mpi_t pmin1 = mpi_new (0); - gcry_mpi_t g = start_g? mpi_copy (start_g) : mpi_set_ui (NULL, 3); - int first = 1; - int i, n; - - if (!factors || !r_g || !prime) + gcry_mpi_t tmp, b, pmin1, g; + int first, i, n; + + if (!r_g) return GPG_ERR_INV_ARG; *r_g = NULL; + if (!factors || !prime) + return GPG_ERR_INV_ARG; for (n=0; factors[n]; n++) ; if (n < 2) return GPG_ERR_INV_ARG; + tmp = mpi_new (0); + b = mpi_new (0); + pmin1 = mpi_new (0); + g = start_g? mpi_copy (start_g) : mpi_set_ui (NULL, 3); + /* Extra sanity check - usually disabled. */ /* mpi_set (tmp, factors[0]); */ /* for(i = 1; i < n; i++) */ @@ -1219,6 +1219,7 @@ _gcry_prime_group_generator (gcry_mpi_t *r_g, /* return gpg_error (GPG_ERR_INV_ARG); */ mpi_sub_ui (pmin1, prime, 1); + first = 1; do { if (first) ----------------------------------------------------------------------- Summary of changes: cipher/primegen.c | 79 +++++++++++++++++++++++++++-------------------------- 1 file changed, 40 insertions(+), 39 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From cvs at cvs.gnupg.org Mon Jan 5 19:39:01 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 05 Jan 2015 19:39:01 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-154-g8174723 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 817472358a093438e802380caecf7139406400cf (commit) from 8c5eee51d9a25b143e41ffb7ff4a6b2a29b82d83 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 817472358a093438e802380caecf7139406400cf Author: Werner Koch Date: Mon Jan 5 19:38:29 2015 +0100 random: Silent warning under NetBSD using rndunix * random/rndunix.c (STDERR_FILENO): Define if needed. (start_gatherer): Re-open standard descriptors. Fix an unsigned/signed pointer warning. -- GnuPG-bug-id: 1702 diff --git a/configure.ac b/configure.ac index 161571a..4cfebe7 100644 --- a/configure.ac +++ b/configure.ac @@ -2184,11 +2184,10 @@ cat < sizeof(msg.data)? sizeof(msg.data) : nbytes; memcpy( msg.data, p, msg.ndata ); ----------------------------------------------------------------------- Summary of changes: configure.ac | 7 +++---- random/rndunix.c | 19 ++++++++++++++++++- 2 files changed, 21 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From jussi.kivilinna at iki.fi Tue Jan 6 13:51:59 2015 From: jussi.kivilinna at iki.fi (Jussi Kivilinna) Date: Tue, 06 Jan 2015 14:51:59 +0200 Subject: git hooks In-Reply-To: <87vbkl5j3h.fsf@vigenere.g10code.de> References: <87vbkl5j3h.fsf@vigenere.g10code.de> Message-ID: <54ABDA6F.3000608@iki.fi> On 05.01.2015 17:43, Werner Koch wrote: > Hi! > > I just noticed that for Libgcrypt we do not install a commit-msg check > script (via autogen.sh). GnuPG does this similar to GNU coreutils to > limit the linelength to 72 characters and ensure that there is a subject > line. > > I still consider it good style to have short lines in mails and on > ttys. For Jussi's benchmark results that might sometimes be too short > but in these cases it is easy to temporary disable the script. Getting benchmark results to fit 72 character lines should not be a problem. > > Shall I add such a hook to autogen.sh? > Please do, it helps maintain good style. -Jussi > > Shalom-Salam, > > Werner > > From cvs at cvs.gnupg.org Tue Jan 6 14:51:45 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 06 Jan 2015 14:51:45 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-155-ge6996fe Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via e6996fe55685f8042a846b465e0d0c097d615086 (commit) from 817472358a093438e802380caecf7139406400cf (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e6996fe55685f8042a846b465e0d0c097d615086 Author: Werner Koch Date: Tue Jan 6 14:51:39 2015 +0100 build: Add a commit-msg git-hook script. -- This is the same script as used by GnuPG. It makes sure that lines are not too long and checks some other basic things. ./autogen.sh installs it. diff --git a/build-aux/git-hooks/commit-msg b/build-aux/git-hooks/commit-msg new file mode 100755 index 0000000..5a697c7 --- /dev/null +++ b/build-aux/git-hooks/commit-msg @@ -0,0 +1,127 @@ +eval '(exit $?0)' && eval 'exec perl -w "$0" ${1+"$@"}' + & eval 'exec perl -w "$0" $argv:q' + if 0; + +# An hook script to check the commit log message. +# Called by "git commit" with one argument, the name of the file +# that has the commit message. The hook should exit with non-zero +# status after issuing an appropriate message if it wants to stop the +# commit. The hook is allowed to edit the commit message file. +# +# To enable this hook, copy it to "~/.git/hooks/commit-msg". +# +# This script is based on the one from GNU coreutils. + +use strict; +use warnings; +(my $ME = $0) =~ s|.*/||; + +my $editor = $ENV{EDITOR} || 'vi'; +$ENV{PATH} = '/bin:/usr/bin'; + +# Rewrite the $LOG_FILE (old contents in @$LINE_REF) with an additional +# commented diagnostic "# $ERR" line at the top. +sub rewrite($$$) +{ + my ($log_file, $err, $line_ref) = @_; + local *LOG; + open LOG, '>', $log_file + or die "$ME: $log_file: failed to open for writing: $!"; + print LOG "# $err"; + print LOG @$line_ref; + close LOG + or die "$ME: $log_file: failed to rewrite: $!\n"; +} + +sub re_edit($) +{ + my ($log_file) = @_; + + warn "Interrupt (Ctrl-C) to abort...\n"; + + system 'sh', '-c', "$editor $log_file"; + ($? & 127) || ($? >> 8) + and die "$ME: $log_file: the editor ($editor) failed, aborting\n"; +} + +# Given a $LOG_FILE name and a \@LINE buffer, +# read the contents of the file into the buffer and analyze it. +# If the log message passes muster, return the empty string. +# If not, return a diagnostic. +sub check_msg($$) +{ + my ($log_file, $line_ref) = @_; + + local *LOG; + open LOG, '<', $log_file + or return "failed to open for reading: $!"; + @$line_ref = ; + close LOG; + + my @line = @$line_ref; + chomp @line; + + # Don't filter out blank or comment lines; git does that already, + # and if we were to ignore them here, it could lead to committing + # with lines that start with "#" in the log. + + # Filter out leading blank and comment lines. + # while (@line && $line[0] =~ /^(?:#.*|[ \t]*)$/) { shift @line; } + + # Filter out blank and comment lines at EOF. + # while (@line && $line[$#line] =~ /^(?:#.*|[ \t]*)$/) { pop @line; } + + @line == 0 + and return 'no log message'; + + # The first line should not be too short + 8 < length $line[0] || return 'summary line too short'; + + # The first line should not start with an asterisk or a hash sign. + # An asterisk might indicate that a change entry was started right + # at the first line. + $line[0] =~ /^[*#]/ && return "summary line starts with an * or #"; + + # Second line should be blank or not present. + 2 <= @line && length $line[1] + and return 'second line must be empty'; + + # Limit line length to allow for the ChangeLog's leading TAB. + foreach my $line (@line) + { + 72 < length $line && $line =~ /^[^#]/ + and return 'line longer than 72 characters'; + } + + return ''; +} + +{ + @ARGV == 1 + or die; + + my $log_file = $ARGV[0]; + + while (1) + { + my @line; + my $err = check_msg $log_file, \@line; + $err eq '' + and last; + $err = "$ME: $err\n"; + warn $err; + exit 1; + + # Insert the diagnostic as a comment on the first line of $log_file. + #rewrite $log_file, $err, \@line; + #re_edit $log_file; + # + ## Stop if our parent is killed. + #getppid() == 1 + # and last; + } +} + +# Local Variables: +# mode: perl +# End: ----------------------------------------------------------------------- Summary of changes: build-aux/git-hooks/commit-msg | 127 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 127 insertions(+) create mode 100755 build-aux/git-hooks/commit-msg hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From wk at gnupg.org Tue Jan 6 14:51:48 2015 From: wk at gnupg.org (Werner Koch) Date: Tue, 06 Jan 2015 14:51:48 +0100 Subject: git hooks In-Reply-To: <54ABDA6F.3000608@iki.fi> (Jussi Kivilinna's message of "Tue, 06 Jan 2015 14:51:59 +0200") References: <87vbkl5j3h.fsf@vigenere.g10code.de> <54ABDA6F.3000608@iki.fi> Message-ID: <87fvbo2f0r.fsf@vigenere.g10code.de> On Tue, 6 Jan 2015 13:51, jussi.kivilinna at iki.fi said: > Please do, it helps maintain good style. Done. The next ./autogen.sh will install it. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From cvs at cvs.gnupg.org Tue Jan 6 15:04:33 2015 From: cvs at cvs.gnupg.org (by Dmitry Eremin-Solenikov) Date: Tue, 06 Jan 2015 15:04:33 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-157-ge4de523 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via e4de52378a85cf383994ded8edf0d5cf98dcb10c (commit) via 05dc5bcd234909ae9c9366b653346076b9a834ed (commit) from e6996fe55685f8042a846b465e0d0c097d615086 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e4de52378a85cf383994ded8edf0d5cf98dcb10c Author: Dmitry Eremin-Solenikov Date: Sun Dec 28 12:15:33 2014 +0300 stribog: Reduce table size to the needed one. * cipher/stribog.c (C16): Avoid allocating superfluous space. -- Signed-off-by: Dmitry Eremin-Solenikov diff --git a/cipher/stribog.c b/cipher/stribog.c index 942bbf4..de167a7 100644 --- a/cipher/stribog.c +++ b/cipher/stribog.c @@ -1080,7 +1080,7 @@ static const u64 stribog_table[8][256] = U64_C(0x72d14d3493b2e388), U64_C(0xd6a30f258c153427) }, }; -static const u64 C16[13][16] = +static const u64 C16[12][8] = { { U64_C(0xdd806559f2a64507), U64_C(0x05767436cc744d23), U64_C(0xa2422a08a460d315), U64_C(0x4b7ce09192676901), commit 05dc5bcd234909ae9c9366b653346076b9a834ed Author: Dmitry Eremin-Solenikov Date: Sun Dec 28 12:05:43 2014 +0300 gostr3411-94: Fix the iteration count for length filling loop. * cipher/gostr3411-94.c (gost3411_final): Fix loop -- The maximum iteration count for filling the l (bit length) array was incrrectly set to 32 (missed that in u8->u32 refactoring). This was not resulting in stack corruption, since nblocks variable would be exausted earlier compared to 8 32-bit values (the size of the array). Signed-off-by: Dmitry Eremin-Solenikov diff --git a/cipher/gostr3411-94.c b/cipher/gostr3411-94.c index 91e5b4c..7b16e61 100644 --- a/cipher/gostr3411-94.c +++ b/cipher/gostr3411-94.c @@ -307,7 +307,7 @@ gost3411_final (void *context) l[0] |= nblocks << 8; nblocks >>= 24; - for (i = 1; i < 32 && nblocks != 0; i++) + for (i = 1; i < 8 && nblocks != 0; i++) { l[i] = nblocks; nblocks >>= 24; ----------------------------------------------------------------------- Summary of changes: cipher/gostr3411-94.c | 2 +- cipher/stribog.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From wk at gnupg.org Tue Jan 6 15:04:40 2015 From: wk at gnupg.org (Werner Koch) Date: Tue, 06 Jan 2015 15:04:40 +0100 Subject: [PATCH] Stribog: fix C16 table size In-Reply-To: <1419758133-26930-1-git-send-email-dbaryshkov@gmail.com> (Dmitry Eremin-Solenikov's message of "Sun, 28 Dec 2014 12:15:33 +0300") References: <1419758133-26930-1-git-send-email-dbaryshkov@gmail.com> Message-ID: <87bnmc2efb.fsf@vigenere.g10code.de> On Sun, 28 Dec 2014 10:15, dbaryshkov at gmail.com said: > Signed-off-by: Dmitry Eremin-Solenikov > --- > cipher/stribog.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Thanks. Pushed. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Tue Jan 6 15:05:00 2015 From: wk at gnupg.org (Werner Koch) Date: Tue, 06 Jan 2015 15:05:00 +0100 Subject: [PATCH] gostr3411-94: fix the iteration count for length filling loop In-Reply-To: <1419757543-15954-1-git-send-email-dbaryshkov@gmail.com> (Dmitry Eremin-Solenikov's message of "Sun, 28 Dec 2014 12:05:43 +0300") References: <1419757543-15954-1-git-send-email-dbaryshkov@gmail.com> Message-ID: <877fx02eer.fsf@vigenere.g10code.de> On Sun, 28 Dec 2014 10:05, dbaryshkov at gmail.com said: > The maximum iteration count for filling the l (bit length) array was > incrrectly set to 32 (missed that in u8->u32 refactoring). This was not > resulting in stack corruption, since nblocks variable would be exausted > earlier compared to 8 32-bit values (the size of the array). > > Signed-off-by: Dmitry Eremin-Solenikov Thanks. Pushed. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From cvs at cvs.gnupg.org Tue Jan 6 20:32:52 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 06 Jan 2015 20:32:52 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-159-g4f7dcdc Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 4f7dcdc25af269b12275126edeef30b262fb891d (commit) via c33277d2da321df04db1988ed6758a1350025634 (commit) from e4de52378a85cf383994ded8edf0d5cf98dcb10c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4f7dcdc25af269b12275126edeef30b262fb891d Author: Werner Koch Date: Tue Jan 6 20:30:37 2015 +0100 Make make distcheck work again. * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Remove --enable-ciphers. * cipher/Makefile.am (DISTCLEANFILES): Add gost-sb.h. diff --git a/Makefile.am b/Makefile.am index 2d7ca43..4c2c509 100644 --- a/Makefile.am +++ b/Makefile.am @@ -18,8 +18,7 @@ # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA ACLOCAL_AMFLAGS = -I m4 -DISTCHECK_CONFIGURE_FLAGS = --disable-random-daemon --enable-doc \ - --enable-ciphers=arcfour:blowfish:cast5:des:aes:twofish:serpent:rfc2268:seed:camellia +DISTCHECK_CONFIGURE_FLAGS = --disable-random-daemon --enable-doc # (A suitable gitlog-to-changelog script can be found in GnuPG master.) GITLOG_TO_CHANGELOG=gitlog-to-changelog diff --git a/cipher/Makefile.am b/cipher/Makefile.am index e59bafc..ceb95f1 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -26,6 +26,8 @@ AM_CFLAGS = $(GPG_ERROR_CFLAGS) AM_CCASFLAGS = $(NOEXECSTACK_FLAGS) +DISTCLEANFILES = gost-sb.h + noinst_LTLIBRARIES = libcipher.la commit c33277d2da321df04db1988ed6758a1350025634 Author: Werner Koch Date: Tue Jan 6 18:54:24 2015 +0100 Remove the old Manifest files -- The Manifest file have been part of an experiment a long time ago to implement source level integrity. I is not maintained for more than a decade and with the advent of git this is superfluous anyway. diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 7dd626c..e59bafc 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -19,8 +19,6 @@ # Process this file with automake to produce Makefile.in -EXTRA_DIST = Manifest - # Need to include ../src in addition to top_srcdir because gcrypt.h is # a built header. AM_CPPFLAGS = -I../src -I$(top_srcdir)/src diff --git a/cipher/Manifest b/cipher/Manifest deleted file mode 100644 index 0cd64f7..0000000 --- a/cipher/Manifest +++ /dev/null @@ -1,73 +0,0 @@ -# Manifest - checksums of the cipher directory -# Copyright 2003 Free Software Foundation, Inc. -# -# This file is part of Libgcrypt. -# -# Libgcrypt is free software; you can redistribute it and/or modify -# it under the terms of the GNU Lesser general Public License as -# published by the Free Software Foundation; either version 2.1 of -# the License, or (at your option) any later version. -# -# Libgcrypt is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA - -# Checksums for all source files in this directory. Format is -# filename, blanks, base-64 part of an OpenPGP detached signature -# without the header lines. Blank lines and lines beginning with a -# hash mark are ignored. A tool to process this file is available by -# cvs -d :pserver:anoncvs at cvs.gnupg.org:/cvs/wk co misc-scripts/manifest-tool -# -# The special entry "$names$" holds a signature over all sorted -# filenames excluding itself. - - -# Algorithm API -cipher.c iQCVAwUAQDzrVjEAnp832S/7AQIPDgP+OVJ/YNWY5m7c09EBbPAzL/WsGoj6wrBNMmkRlMOqTHeh+OOtjuFHt1f9uhfM2Nzl7sJ5+h4ryZKLEZmQPRMTZTnAqkvGdsrJWJnigUA9QwYdV0ONqC9C63gpuG465gO9TZVOqlQu/FTxSRuTQYUulkaBNG71n8nZEOusBVwV2YA==58xH -pubkey.c iQCVAwUAP9XQ3jEAnp832S/7AQJ5UgQAyHfEBvPVJ8wTRg8c7ixS2GiVmIgwIo5tvQaiQJTPWASevvYrB+2Z2qa9cATyu50ACjLzbaquGBgPzjJV3dU/qttT1gCqRuN/LCNvXFe5qnIZezejc3RAadFNTw/pOTHq0wxD1Keg66ruei9R36Nba59pEQIWIBXTfubRft2hMYk==E09t -ac.c iQCVAwUAQDzsOzEAnp832S/7AQJCBQP/WI6EV/dsR4rmha6RVhvkjZo17kQ8z6pIl5J3cXOvqEkIFeD2HYu3HHrWST5l7yXlffhpDkVHkfMih4ruK76q6Fm0dxZ98pO4C/dVtgimlvvcy/wOQjpzsE0fYAe1BYdg81LJ09X33vW5x6C29lunfKROO2tPlV5i8ffeoFvmMF8==j26g -md.c iQCVAwUAP+NFGjEAnp832S/7AQJs8wP/Qdk0EAKsyr3O1/pmOSN8AG4rPKbd6KDTzvoBPAN4upFwKYY4hWwvy12Q3YU9DmECrzZkRCXHR7mljVQKs6B7CRZJKjFKmOELpcJDtKvu40vTs1bOH4k9iJYZpGgRA83nkQ+ELAcphAbCA+KIpVr2K4mCJAB0FhpC2uOQ50JHAko==BeF6 -primegen.c iQCVAwUAQDzsoDEAnp832S/7AQKYRwP/TqAQBm1rHTnF0HYE05PqXfWlOqa6EosqVpaOcs/OIW6PaqX0xH1UlrukK7jNOjK3xC4o1qNQ1UKzz2dvQaq1bMvNNizeavxAh10SJZc0hIc/ofc83IbjLh8SZVWQ67JxjsUd3DOXmSmhPZ+Pqd7cUIiw8fDoF+I9EZqy3COu1wY==1ebT - -# Algorithm implementations -arcfour.c iQCVAwUAP9XR/TEAnp832S/7AQJcRwP6AlvYEx++fpT4mIYo0xRDqKEQeqMQvbaRhIg2eV74JxItpHa3q5YsYIl+n1yUz5g35JRWWXSWmAZBwO5wLKsHii4kRUhgrKWnSoQZoPpl49L5+N3R58ON3S0ru5lsBiEJEze3xplf2vqwrH9v1QHVD+gU7UTlfNqrIJoOUXN+1O4==Tq+x -blowfish.c iQCVAwUAP9XTETEAnp832S/7AQJaEgQAgiqqfuO+zQtscgTB0rvOzVymIKjRKjYhFuLjVuc79G4z1RCAffvIn/YM2d7kt+Z/QF7zjcTAOgETCQL1XokpX2zz9HPAMi2tlDY5zsDufTNqj0n4WBL9nM7w6XAvsiwP1B3bqCTv9SjJV4KbxJ58vw1yQE+sqW74R/QIHFvC7mU==wZnX -cast5.c iQCVAwUAP9XT6DEAnp832S/7AQJ3xgP/ehLjEN3GELGudbqeo91Xd+PqitHrkuBbtRIYX7Udd/fyXLN+h8rMJVyIQX2m+mpxbBxudVU3x8/DNT8B0ZHAwK6qqJmEBLLhEYPgIuF76i9LMrP1KqUPhAwRZ2OppjIIugBQ+rP74aD4eLyd/aKQHNuXML8QGWR6KwQShohXM5I==/BRh -crc.c iQCVAwUAP7ouejEAnp832S/7AQIgwQQApg5Nm63tH5DQkbN+zPzMO9Ygoj3ukxfFTyTBPYSXYKMiTjEbESegaU40uN8jnz2vprcIQWcgZfzO4+opEJMcI35aPwzEk0vKOp0S/PrBLUY2rJfnDVkX5XgJFZa2Q7LLe826UEBzTVYW924utiCCe8oOaOEWVNpg1mqdknu3M9o==kz5D -des.c iQCVAwUAQCN2oDEAnp832S/7AQL/jwP6Auoq6nZCDBjpgc9tDzuIRwa9DqyuM3gX94uvgEpUwdHszb2bG43dz03kVmcYxtj1MzXbyCeCZOwox0b2SKmLgxIbrNP6yGbzVdTj6592gDYuf/ZXmc1ZNJ1DDldcPQ0n9fXUipUPwyPaNWo3mSZaNcMKSWWzdK0J6ciG6nk7SWI==9k/t -dsa.c iQCVAwUAP9XZHDEAnp832S/7AQLBRgP/XrBzTEYx5ccMj1MMb6sg37liEHdIyyy49zjvt6jUqxj4RuwVEN8S6v3u4q/QyJkHAi1E0EkREgENlyHW6PKWhYbcrd0vPIAN15yjnl2yqtrCrJImexUCoqJJewK0E4JOicGbabTil8MZjk+mbhEPnjJBqOkyP1w0i31pEDgE/8M==pC8s -elgamal.c iQCVAwUAP9XbYzEAnp832S/7AQLXagQA3HrvspZfbTGgmUH0IqLQTJ0exUPxJv5DET2TvoIy62trDmMN6lTAj5P+a7jQ8udcu0w+mR2vXUHcxUpNA2PxLaMwGzNSY4zRDNe9r3SFTDrFm6m4y9Ko2e8XtEA+WF6P/XLpck4Jn7vMEDmVGPwkNd22kXFFE8dBGwG6i5Hk1Mk==oBUs -md4.c iQCVAwUAP9h50DEAnp832S/7AQJhHgQAzNA/B6MWFDlCtPkIVaW8RpP1Eg0ZNMsy0s7SJkopOCBlu6CwXUOKe+8ppcSxhjYKh4i4uQr/QtfipYlBjzKJGnrafoF/NugXNCOHSTGT11TvK7mCiBuUMVgvZGAlOJImk6eTTfUjRrMfaXM/SWl8bdJ4ZpzdjEyVh89r7I5JrGk==x2UD -md5.c iQCVAwUAP9h7LzEAnp832S/7AQJUGQP/c0cbf6WZXCzmjufHxiE9FAQBzTsA0WtaNqdFcHl7fhmikGtknlaED8n5a7eYd/C481UQW6Wgq/oZdsvgoPWPhG3fOCy2CFP9cZVXITuMSf0ucyZTFUJNO15fnZ+nDfsUv+JPdv1aSeRinAUtfAcSKfkSyR9BCPZvkx+tgU6cphU==Zv+h -rijndael.c iQCVAwUAP9h9cTEAnp832S/7AQKF1AP+P2L/tPqDJRDg+/fwbOk8Ts0MNxnvvYEm3gE73TKuLt1S+B2+jkrZcKNvM5VGPnVMJbnS0lmIK04nmedHCOftGTOwhGulZAHHIaKGystT3Jql4iPws/JMgAjE7Fyxh5WZMtB9yEljKBpJ5XNqhrMvvxcHpnyP3+YzIXNwzk34V+c==dJ5k -rmd160.c iQCVAwUAP9h+bTEAnp832S/7AQK1OgP+PNKF6Nzi6X93easVlksdLqKEsArCAw2QjGWDGyxTnbiJM55qAl9JxR1mn3V+oOL7izLLwTt6EYK9evhzfcxY5N5Mni85RAcsLPsuAfQDEzjI6GUWHtQUKPbM+BaorzfhQjYFSZyvum/dZYJ/WfiwwwhqqIKyVU2ZFSqA38YGC/c==9jdA -rsa.c iQCVAwUAP9iHIzEAnp832S/7AQKAYwQAuWtnMte54QHN+Hij9t4sGuypXogajOb1vQQwGgS0fKsaBZsuSP2amze4o5diIvsQTsFQ4CzjvqoCVuBDoHM3xkSD8wGDizgvtCamAxkdbF7wmzldKFn8SpJqlVwWQMP6kk1IjXHEuYb4IDWGTbVMhfEu+eOlU8+PSK4IhZqNvt4==/3hp -serpent.c iQCVAwUAP9h/VzEAnp832S/7AQLyCwP/d1zbmb7l/PriZNa9/Z7mo01XFe5MnAqCfIwhl9GjeaMszcoS37jECNq5nLvrTTFIIJpm3rvBePwiCG4Wwx1I18HCxaP198pcSaR+BLOJ3Aj52EZPrxtqlDKuFr38ZOP5giyUqUYVYGVdrz4kRMNWAZQK53GeJnGhXCnhxojLEgA==ck46 -sha1.c iQCVAwUAP9iATTEAnp832S/7AQKcSwQAwAs/HnNqho3lU1ZUgCPNt5P2/Brm6W21+wWWGKJkSrra/c4NYVKJGDDwlsFE0b9ln1uZt7bHReFkKXK3JnrKTmNVcx/Cy64iCMRNMhaM72Mqy7wWx5yHBAmMBxzFGnNQKbmeY52zeGih5HsNLSibc2pPuOViWo2JPJ5Ci/wIwl8==/wtO -sha256.c iQCVAwUAP9iAtzEAnp832S/7AQJD2QP/UqvL0hhjG1wEFbGrdkV9tba1sMDXdnnK6X7HdLuRpVAgNiQiFf8JDmntd/dZ2Q71p4Uae2ctqve4WoEijPUZPjACnpuZfx0SEQL0lQBkwxzJp7lz9ujVtwQ2cM/aYexJkXcWgGcloJNLM3JbWPGIJnuYbr/IwJ6RQF9vgj0357o==UWO1 -sha512.c iQCVAwUAP9iBTDEAnp832S/7AQIPBAQA28CJSUQLiW0s2x9u8/OH2eKnxPjA4sZmb50WP7920Lem66P31C3BrOqwfBot4RLhjL+zh/+Uc4s3HPwApZuj9E4BxNMlqLv+Tqk++DAbdaOeYT4jeUt+mlhQQ6mH/RDsy32rZsNsGQ2bUGxazZmfG++PL3JyhawqCy00SUDr/o0==H+0X -tiger.c iQCVAwUAP9iCfjEAnp832S/7AQKufwP/fryv3MqSOYY+90325DH7X3/CtekxeooN0scGsHX0fxBakWSMecTNrj33KPddLS46gU/S89zIc2N/Bw/7EVIAXVFA3/3Ip+OrFOuIMO4Py1sCdB8o2Y+5ygv8iXLcsXIq1O0av79i9g774V3uaXa2qN9ZnXe0AEhcy8FHJ2i/wro==5XVB -twofish.c iQCVAwUAP9iD6TEAnp832S/7AQKUnQP/Rq8FaYeHTG7HbZuqAs9pbPitzjDbkdZddmInWR7NmevBkKvhsJALjVooc0KGQfo2lAAmy3Xi/4QQN8VPn51DVjDIgf7x+DQh/9TFJHMccxI9asUgi4+TNnmMqLU1k3N8S2PjyZ1sjeC8B79fKPpwCzj72WkqPkzZw3l2jArr+dU==NdJT -rfc2268.c iQCVAwUAQCN+3jEAnp832S/7AQLv1gQA1hJh29hAjKi4uLSGxXvJ6cyYmPdmevdKrbLnuHZWtHe4xvCgy/nTdEojEpxgLp/hL/ogasuWRC1W16Wiz9ryxf7YR0uhZWayO/bQNagpfU5MIkJTLuKqqgpwYumCSQfOugXVAqcgEzj+13eeyJaFVrzwrNa67sh84nmbjOjNjvE==0zBq - -# Random number related -random.c iQCVAwUAP7nsITEAnp832S/7AQK4SAQAtvfUgrtGOQ2PlxGMla0qJLPHjJacMwgq0ecusiI79elPdDsFfCCk6dK1Ug2kFbNm22nCGHNcUquqbX7noi7ZVQnmPBQXzyLNZd7GmrawRZfdlRerTUDBpSnR8V8ui/5+YYp627E7kKGC0hPSgqXFql6oBMIfno0LZwFJTjIevRY==L419 -random.h iQCVAwUAP7ovKDEAnp832S/7AQJ3bQQAjnPebnyTC7sphAv2I7uIz+yPgw1ZfbVhLv+OiWDlO9ish+fRyyMpy+HELBOgZjJdgRegqhlZC6qyns5arM/VglYi+PzvdLO3hIqHE/YFfpIFPz8wBrcmlqrYyd3CsGqcYsfjocXNttCBLeSWmoJ09ltKQH8yzJf3oAgN6X1yuc4==eNoU -rand-internal.h iQCVAwUAP7ouvDEAnp832S/7AQLYnAQAhdI7ERoJVCkV8GiV7MjaUxv1WIL7iZ+jIOvVhv4fNyhCGCGoEtTjkyput/lj7Nsh3FXEqRhypGGrCLf47x/gua5n+BwffogxVyUDqiOyyGhNTPpe3fQcNBvbPCtco8yMK4GJO5G3BqzlPyN+BMeogLymyV6Sm1mvh5LZDyAFbfQ==tZSE -rndlinux.c iQCVAwUAP9iPYTEAnp832S/7AQL6/AP/ZDrbOkVuB9qJ7sKeX1MImZEsz3mi0xPovJzaBtBU7a0idcUKrWYOvQFWRlLUeq0iCT6+h2l5bniP7q7hepzlKa+VPY9VWaQthqeJm2l5LN6QQ5PyMfBq04QuBncw9BJnCGmEyTLt3RxIXBAPdxmiVxtcRIFUqCBtQvoUXGLvemw==t37k -rndegd.c iQCVAwUAP9iPRDEAnp832S/7AQImBQP/WHKg+hKXcm1pQvilzML0jZpwK5PAMM4uBnnPJNIXWOYBO6I/Xg9d/tPLg8NlmmtyQCo2Eu0ybDSt+8mu+dWveAys+0LTi0MIqeP9BMzCKz8dnWH6+S8huLXwTF3m0IrqM0JLb6b71GK9SOq6sWQ22yW5vf61hXP8kH9dhIaoMZs==FaHV -rndunix.c iQCVAwUAP9iQlzEAnp832S/7AQL/KgQA29GnvcD4Xb5qjDMBgW9THEE4+4lfex/6k+Fh0IT61OLJsWVLJ7bJpRntburw4uQm4Tf7CO8vaiDFDYhKKrzXeOF1fmdpcL8hA+fNp9I/MUOc4e9kN9+YJ9wikVa0SZj1OBfhzgcFLd1xOtulkr3ii52HLF9vhrxzkgVwvD10Bi8==2cML -rndw32.c iQCVAwUAP9iRKDEAnp832S/7AQIuaAQA3AJr3WqnxNDsWCIdvehf8Suotthj+laX8nJsvDfFhXPKcXDpsg0wTTXSnnKgyED53+uYiMDnVRsxeWAyhKwvx1MjjlaSMMjzbH6isWTH8FaWpLgrxEkXoPeNqYf5FXpdUkcUxGX2RkQeuX/cIfiHLNE9CV0usaF2jysjBX2iERY==EEnO - -# Helper -bithelp.h iQCVAwUAP7ouPTEAnp832S/7AQKXggQAqjcgvihIF3WclOgw1JV2rbARw4ISIDRMFqdaNCqBRx6BwEz3UGsEIlz6+iR1sS/reqN61WvtjLb+D0+tujAkGrgQJhFLG85WtG2tB5UVoI3am1fpkwiRm+bR4rv0rGk0BYk81bC7+l4KrK9o5lVp4lCsrorlUKsd48lNmBHyAXM==mDDN -rmd.h iQCVAwUAP7oumjEAnp832S/7AQJiJQP/V4bJwjZaYndJzV+KRnIDbl1koHuw+ZK5heMYVu8Qk4ylqv//BGyeRa3jZCcfPHI35q6HilCs2VBm8hiBMjHSqY/VPn2ZQ0yg/lt6qEvl7YjsLmyMICvjG+ncszHoq9pRvnF3vTnM18sPIioXLk8fskuM0XOCNBs0ARBAQjY9UGI==olUN - -# Configuration -Makefile.am iQCVAwUAQCN33TEAnp832S/7AQKFJAQAz7BDkC814q+QiuE/jnutJHR5qlgbrm3ikGbQwdRzYUscst4bCCWy3uKL/sIPGLg+JQXtF5FnsQy3s4D9BOYhp72cA9ktYK65hhi4pNm/JQ0lXkZMNfk8Go5lNzKezlWwHvkMwRXR0Fep0wPdyeaKW5BfaW2ABvgep6Bp+hHEbyg==zSyi -$names$ iQCVAwUAQCN3EDEAnp832S/7AQJXLAP8DvHTpm5DkTF35EmzeKpi9ie59AZcZanD19ir/e/7+PaQxr2riuLHDGwFKTju+dcvvBsqrygXOC378GXVWzIF2OZwS4EdDcJ+pgojo9UpsqpKsJHouY4Ugx5cQialxba462kUn8hcihSBnMyc4LzbJ5WQ4puQuqy544d2x94+2ms==G4Ls diff --git a/mpi/Makefile.am b/mpi/Makefile.am index c41b1ea..8f39ee7 100644 --- a/mpi/Makefile.am +++ b/mpi/Makefile.am @@ -29,7 +29,7 @@ AM_CFLAGS = $(GPG_ERROR_CFLAGS) AM_ASFLAGS = $(MPI_SFLAGS) AM_CCASFLAGS = $(NOEXECSTACK_FLAGS) -EXTRA_DIST = Manifest config.links +EXTRA_DIST = config.links DISTCLEANFILES = mpi-asm-defs.h \ mpih-add1-asm.S mpih-mul1-asm.S mpih-mul2-asm.S mpih-mul3-asm.S \ mpih-lshift-asm.S mpih-rshift-asm.S mpih-sub1-asm.S asm-syntax.h \ diff --git a/mpi/Manifest b/mpi/Manifest deleted file mode 100644 index 3b0d673..0000000 --- a/mpi/Manifest +++ /dev/null @@ -1,41 +0,0 @@ -# Manifest - checksums of the mpi directory -# Copyright 2003 Free Software Foundation, Inc. -# -# This file is part of Libgcrypt. -# -# Libgcrypt is free software; you can redistribute it and/or modify -# it under the terms of the GNU Lesser general Public License as -# published by the Free Software Foundation; either version 2.1 of -# the License, or (at your option) any later version. -# -# Libgcrypt is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA - -Makefile.am -config.links -longlong.h -mpi-add.c -mpi-bit.c -mpi-cmp.c -mpi-div.c -mpi-gcd.c -mpi-inline.c -mpi-inline.h -mpi-internal.h -mpi-inv.c -mpi-mpow.c -mpi-mul.c -mpi-pow.c -mpi-scan.c -mpicoder.c -mpih-div.c -mpih-mul.c -mpiutil.c -$names$ iQCVAwUAP+LmfDEAnp832S/7AQKZJQQAkR/gQITUM+6Ygy9WAOAO17btyKAlCtGTXp5XSZ+J3X0o/rYneRdSCW89IJvwFRJjAOcFJd52MXs6ZVFF/RQBC8MvJzuQChbEzvihK8o2VgK34YWjU+6XH9sFgRMIgzkHs/51ZZxeQUOPy1XF7TyKB0WE7YBUVisFiRaqB1qGIOs==Z3qB - diff --git a/mpi/generic/Manifest b/mpi/generic/Manifest deleted file mode 100644 index c429fde..0000000 --- a/mpi/generic/Manifest +++ /dev/null @@ -1,29 +0,0 @@ -# Manifest - checksums -# Copyright 2003 Free Software Foundation, Inc. -# -# This file is part of Libgcrypt. -# -# Libgcrypt is free software; you can redistribute it and/or modify -# it under the terms of the GNU Lesser general Public License as -# published by the Free Software Foundation; either version 2.1 of -# the License, or (at your option) any later version. -# -# Libgcrypt is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA - -mpih-add1.c iQCVAwUAP+Lj2DEAnp832S/7AQKn/AQAwQLWggl6zNQ5EZ+lE+jKV8W3FsogW3/6tp9T5rrSR5JnlWyoHQ9/Pu4knOcLjS6nIfVOiAEifu3nuIysQr9jDSSSJA2LylSUBSXKLKDamPsOCwXOLxiZODslJT3CCGAUtLvXJrWDbTZQrkEuwnLnjQFDzuA7iY9JLrG9kAoXD6Q==WoWm -mpih-mul1.c iQCVAwUAP+LkCTEAnp832S/7AQKFVQP+MhBNjcY73JtnsHZfnaVZq3TiKwN151cWV51nDc1RnTaMhSIFeuNlj3vNML2W0Gn8n+GnyiWE2XXdQEaik6BL02eekUn9aq7I/rdpnTHuOjQPK1uwjuNl8RuJ9YrERBAxq4oB71f+iwMab8dsMSUlVC+NdeAocRqLLgnR/efkdLc==2Tkb -mpih-mul2.c iQCVAwUAP+LkMjEAnp832S/7AQLPeAQAqmRzxFe/mDqTdZr/pTXT8RVyB1vKB0Ei2THV05BxmI4OPv39uysfFpLMt/INsX7AGqdOlj4jOZ/qNaFXR1ceMrlSXvo8u/epk6rCXFp82kM7Qs983LjoP//PrMCkYkXwblaVrgUGiBUCbuPMliWTK6qKkxxXtEfqZ7nVbEWdBx8==Kwhl -mpih-mul3.c iQCVAwUAP+LkVDEAnp832S/7AQL91gP/Qd5iZWxRiN5DdEIVHAedoNvl23NPrT2UUdXvnSK49DpplTxkLiMBj0WqCayG/YIET2NpMRCeLvAZNcSt6lOm0bSZDYo1Hv/N+UoqD3V1McjY16REBv/nnPaMWMZcx7rl5yKTVZiX2PgV6oQOL7Yfrt5ZIOlrHBRs9S2/zcCaVz0==9BQe -mpih-lshift.c iQCVAwUAP+LlATEAnp832S/7AQIACAQAhMrpx0SRXE/LN1NkjMO9n74nMrvmzYJyru0gw2O4BYrUPvD/LWGju2FZaggKV0IBjmi0cDoCrNeK9EGjKOO1lfgODbX2IZ1LUhr9jDuMj0QRqj6T9YkAFYTNUk4GfpwIf7T6Ybo7c78Jx93PidCJt7d39eMMEalooC7LZ4IU3NM==nZ4k -mpih-rshift.c iQCVAwUAP+LlIjEAnp832S/7AQKiuAP/eYC2ZScd+taBx/kNzRvGjA0eAXvORMkMLV6Ot+OXVzVUi04eoP2yXdxSNFKwUj12p8GWXkdoMG3aOGBKg2a7bY5Q5RUho3hUWb9UsVYVUfXLf7IOTt/3a6MLh2CmV5dFPWJmSlbCyQRcn6n/fLDeJ3A2bWTS/BhqGfpOXUIU1ws==jCf8 -mpih-sub1.c iQCVAwUAP+LlZzEAnp832S/7AQIEPgP/dLHTDRbPrYJhsLp9SjGstU1M8/IC5XytcDtO3NQeu4mx6vaXjpujtsTvKIbX4QL5IahNntVVKv1xFLEm2yFg7L2ns0uD/mfwGgOhCG1j2o/SaTAWP5KxP7ae5UDcZl2w6NWvEuMj9t32zmziAZjP8W73A37FUspeRDYiL9sQzkI==QQzk -udiv-w-sdiv.c iQCVAwUAP+Lk0TEAnp832S/7AQICXAQAsxe1SQD4+xZaZTqBC0V9Cyuo0mrdccnRFzthOtm0ARwKFXU2cuLW/ZBOkmeWOVmOFhBp22/I8dEGYnMA3gcfmOMCpNu9i9zk/XHfptdunA1MnOe3GsoWgfHL0rhpAyPhp/X043ICB41NElnnuxADuQQlD4Z1fca5ygYxMr2crJg==EI/6 -mpi-asm-defs.h iQCVAwUAP+LkgDEAnp832S/7AQK0FgQAxJZ7xvXhoZa33GWe23LRb3asrno/loZSyAIXrntqtVH8M3pEsCY0OyW4ry4hX2RnxpuhRCM/PdRNLG3xXyMSVIhkHU8WVRLqzF2LLjEkyU3cAmHnnTQ9aO/XpUWtJGTZ8q2bv7ZsAEi4aPl0p6KhPXcPgM9vQ2XcyOPn3Dl0d6Q==xpjI -$names$ iQCVAwUAP+LmNDEAnp832S/7AQJa+gP+KQNJpbNOgc+s2UX+Ya2gDaOFcAROImIllhg3ej8EaBF8xxdHmWT1zaKwTwi3moEEleykMR104YAGWyQeMbFYiuPPBW+ohrT6KxRBVJpIA9auOOqqJMyglZyoR3Hv7gduVYUW1h/DebnqiKXKEfzQDFqYuT0ayuteoOR4B5NICbE==nLSh diff --git a/mpi/generic/distfiles b/mpi/generic/distfiles index 9810eef..649e829 100644 --- a/mpi/generic/distfiles +++ b/mpi/generic/distfiles @@ -1,4 +1,3 @@ -Manifest mpih-add1.c mpih-mul1.c mpih-mul2.c diff --git a/mpi/i386/Manifest b/mpi/i386/Manifest deleted file mode 100644 index 812bc8a..0000000 --- a/mpi/i386/Manifest +++ /dev/null @@ -1,28 +0,0 @@ -# Manifest - checksums -# Copyright 2003 Free Software Foundation, Inc. -# -# This file is part of Libgcrypt. -# -# Libgcrypt is free software; you can redistribute it and/or modify -# it under the terms of the GNU Lesser general Public License as -# published by the Free Software Foundation; either version 2.1 of -# the License, or (at your option) any later version. -# -# Libgcrypt is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA - -mpih-add1.S -mpih-mul1.S -mpih-mul2.S -mpih-mul3.S -mpih-lshift.S -mpih-rshift.S -mpih-sub1.S -syntax.h -$names$ iQCVAwUAP+LmOTEAnp832S/7AQJZmgQA1+GIl7rXiEY00y5xD2kG5Lm2QD6c9aBME8hTl812OEcj0ul/QSpdv8E2NEKooifr4SiLVhEVfLNaLqAgN3cIsttn3rRX3/pMC5JwSKHDJPsUbpN9tzb5dr2YC9GG9m8xngAQrN11IQPnGfvFLJK+oDnEMIAeHDpOnX9NeQPDAQA==bnOy diff --git a/mpi/i386/distfiles b/mpi/i386/distfiles index 22b9979..88d2a30 100644 --- a/mpi/i386/distfiles +++ b/mpi/i386/distfiles @@ -1,4 +1,3 @@ -Manifest mpih-add1.S mpih-mul1.S mpih-mul2.S diff --git a/mpi/i586/Manifest b/mpi/i586/Manifest deleted file mode 100644 index 6d1d7f8..0000000 --- a/mpi/i586/Manifest +++ /dev/null @@ -1,27 +0,0 @@ -# Manifest - checksums -# Copyright 2003 Free Software Foundation, Inc. -# -# This file is part of Libgcrypt. -# -# Libgcrypt is free software; you can redistribute it and/or modify -# it under the terms of the GNU Lesser general Public License as -# published by the Free Software Foundation; either version 2.1 of -# the License, or (at your option) any later version. -# -# Libgcrypt is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA - -mpih-add1.S -mpih-mul1.S -mpih-mul2.S -mpih-mul3.S -mpih-lshift.S -mpih-rshift.S -mpih-sub1.S -$names$ iQCVAwUAP+LmQDEAnp832S/7AQKCmgQAhG+E7X0KB4qdVf3sMb6Qr+Iv5Jlehzoub/5vxTRgePKzRuOHidCnTzSSoyzA++UcHrOjHQQDMsXnO6PqpS1d/TKkxjnGN7rE8mvMYlFAT8RsawTozSfh14mCzI0HTDbaKL9Z8pcMJtadB3XqAuqWJNO8kyECJFwurt3DRWXSWS8==Rug5 diff --git a/mpi/i586/distfiles b/mpi/i586/distfiles index 546f777..8f821fb 100644 --- a/mpi/i586/distfiles +++ b/mpi/i586/distfiles @@ -1,4 +1,3 @@ -Manifest mpih-add1.S mpih-mul1.S mpih-mul2.S diff --git a/mpi/m68k/Manifest b/mpi/m68k/Manifest deleted file mode 100644 index 8e0538a..0000000 --- a/mpi/m68k/Manifest +++ /dev/null @@ -1,25 +0,0 @@ -# Manifest - checksums -# Copyright 2003 Free Software Foundation, Inc. -# -# This file is part of Libgcrypt. -# -# Libgcrypt is free software; you can redistribute it and/or modify -# it under the terms of the GNU Lesser general Public License as -# published by the Free Software Foundation; either version 2.1 of -# the License, or (at your option) any later version. -# -# Libgcrypt is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA - -syntax.h -mpih-lshift.S -mpih-rshift.S -mpih-add1.S -mpih-sub1.S -$names$ iQCVAwUAP+LmTDEAnp832S/7AQJHUAP/dxfq2U0pDc5ZLoEizoqgjjcnHIyb9EjMG3YjvgK6jQ62yoAOCuo/jFYlJS+Mdve6bgfdTzYMrnKV7BG2SEcwb263pVnIntS7ZhKQPiMCbFgXWR2VjN3+a1v8yjQDZtgqEgm8OlQ+u7jKBY13Oryiuq5nPNxsXZqJpelG6Zkdg9M==PIee diff --git a/mpi/m68k/distfiles b/mpi/m68k/distfiles index 1e2e36f..4c0967b 100644 --- a/mpi/m68k/distfiles +++ b/mpi/m68k/distfiles @@ -1,4 +1,3 @@ -Manifest syntax.h mpih-lshift.S mpih-rshift.S diff --git a/mpi/m68k/mc68020/Manifest b/mpi/m68k/mc68020/Manifest deleted file mode 100644 index bcb2768..0000000 --- a/mpi/m68k/mc68020/Manifest +++ /dev/null @@ -1,23 +0,0 @@ -# Manifest - checksums -# Copyright 2003 Free Software Foundation, Inc. -# -# This file is part of Libgcrypt. -# -# Libgcrypt is free software; you can redistribute it and/or modify -# it under the terms of the GNU Lesser general Public License as -# published by the Free Software Foundation; either version 2.1 of -# the License, or (at your option) any later version. -# -# Libgcrypt is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA - -mpih-mul1.S -mpih-mul2.S -mpih-mul3.S -$names$ iQCVAwUAP+LmRTEAnp832S/7AQK3rwP/TyGBbii5HCrjDiLCVJHiDNeOdENx6AicRXnu4vuJmMmPZ0y+i7MPusDaeTbIUA0w6RaJx+Ep41nIvthmNDnFePY5Mw0pIUJcpI7AJR4vYqpwNQA6nlEdn/m1jg6sPLKZXUXNUkhroEzcHzoU+12BPS+nvSXlwSksg6rXEGOJ+Ms==XCXP diff --git a/mpi/m68k/mc68020/distfiles b/mpi/m68k/mc68020/distfiles index 6b96433..fc7df9f 100644 --- a/mpi/m68k/mc68020/distfiles +++ b/mpi/m68k/mc68020/distfiles @@ -1,4 +1,3 @@ -Manifest mpih-mul1.S mpih-mul2.S mpih-mul3.S diff --git a/mpi/mips3/Manifest b/mpi/mips3/Manifest deleted file mode 100644 index e191184..0000000 --- a/mpi/mips3/Manifest +++ /dev/null @@ -1,28 +0,0 @@ -# Manifest - checksums -# Copyright 2003 Free Software Foundation, Inc. -# -# This file is part of Libgcrypt. -# -# Libgcrypt is free software; you can redistribute it and/or modify -# it under the terms of the GNU Lesser general Public License as -# published by the Free Software Foundation; either version 2.1 of -# the License, or (at your option) any later version. -# -# Libgcrypt is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA - -mpih-add1.S -mpih-sub1.S -mpih-mul1.S -mpih-mul2.S -mpih-mul3.S -mpih-lshift.S -mpih-rshift.S -mpi-asm-defs.h -$names$ iQCVAwUAP+LmUTEAnp832S/7AQLm/gP/RHR2aLMwHPxsq0mGO5H0kneVn8a9l9yDNEZBefkYcOJMb7MZGKxbGspyENiU04Mc2TFnA1wS9gjNHlRWtUYxxn/wyuV6BIRgfstXt2nXGgEQrK07GIz8ETFcYqcxu7JKiICIuXZgnIgdwBJswbBV1zaMUDXeg5B8vkkEeRWj8hQ==IQVO diff --git a/mpi/mips3/distfiles b/mpi/mips3/distfiles index ef9b6fe..85260fc 100644 --- a/mpi/mips3/distfiles +++ b/mpi/mips3/distfiles @@ -1,4 +1,3 @@ -Manifest README mpih-add1.S mpih-sub1.S diff --git a/mpi/pa7100/Manifest b/mpi/pa7100/Manifest deleted file mode 100644 index f075ab0..0000000 --- a/mpi/pa7100/Manifest +++ /dev/null @@ -1,22 +0,0 @@ -# Manifest - checksums -# Copyright 2003 Free Software Foundation, Inc. -# -# This file is part of Libgcrypt. -# -# Libgcrypt is free software; you can redistribute it and/or modify -# it under the terms of the GNU Lesser General Public License as -# published by the Free Software Foundation; either version 2.1 of -# the License, or (at your option) any later version. -# -# Libgcrypt is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA - -mpih-lshift.S -mpih-rshift.S -$names$ iQCVAwUAP+LmVjEAnp832S/7AQKlEQQAv2+x/d+Z0t8FwwHlxKpIKOJDr9e+Y2i8y8orcIEa3dnwU5LMOH3EzFoNSD9crc31FMokgm/X5xeLjqRTdcmGHyJJQJDPJVJyuaOm6qHJaFzzfJjrfMW66nJxfNSXIiIm4DgpP20NmumaorLCkiIZ5Z81KGAc8FiRggbRVYx+wxo==Vjh9 diff --git a/mpi/pa7100/distfiles b/mpi/pa7100/distfiles index e1cde4d..fece943 100644 --- a/mpi/pa7100/distfiles +++ b/mpi/pa7100/distfiles @@ -1,4 +1,3 @@ -Manifest mpih-lshift.S mpih-rshift.S diff --git a/mpi/power/Manifest b/mpi/power/Manifest deleted file mode 100644 index c60fc23..0000000 --- a/mpi/power/Manifest +++ /dev/null @@ -1,27 +0,0 @@ -# Manifest - checksums -# Copyright 2003 Free Software Foundation, Inc. -# -# This file is part of Libgcrypt. -# -# Libgcrypt is free software; you can redistribute it and/or modify -# it under the terms of the GNU Lesser General Public License as -# published by the Free Software Foundation; either version 2.1 of -# the License, or (at your option) any later version. -# -# Libgcrypt is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA - -mpih-add1.S -mpih-lshift.S -mpih-mul1.S -mpih-mul2.S -mpih-mul3.S -mpih-rshift.S -mpih-sub1.S -$names$ iQCVAwUAP+LmXTEAnp832S/7AQJ+ngP/XYr5Fvl/8WGVHcIKaehxvnKcSD2ILTWZNGubgnWp8ebIxVijjQCxYneTTy+zO0sNaB002neyscyiwaJj/JQIwZXfr06uGweIqlSpwpj9ndkoJc8E4/FZu+5NTO+E3RaBDAD+Tpo+MTfbC1s18p5i+an93VrSTgNck5PPYQrUcPA==sl3t diff --git a/mpi/power/distfiles b/mpi/power/distfiles index e1bc008..e664c8d 100644 --- a/mpi/power/distfiles +++ b/mpi/power/distfiles @@ -1,4 +1,3 @@ -Manifest mpih-add1.S mpih-lshift.S mpih-mul1.S diff --git a/mpi/powerpc32/Manifest b/mpi/powerpc32/Manifest deleted file mode 100644 index 26ab6ea..0000000 --- a/mpi/powerpc32/Manifest +++ /dev/null @@ -1,28 +0,0 @@ -# Manifest - checksums -# Copyright 2003 Free Software Foundation, Inc. -# -# This file is part of Libgcrypt. -# -# Libgcrypt is free software; you can redistribute it and/or modify -# it under the terms of the GNU Lesser General Public License as -# published by the Free Software Foundation; either version 2.1 of -# the License, or (at your option) any later version. -# -# Libgcrypt is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA - -mpih-add1.S -mpih-sub1.S -mpih-mul1.S -mpih-mul2.S -mpih-mul3.S -mpih-lshift.S -mpih-rshift.S -syntax.h -$names$ iQCVAwUAP+LmYzEAnp832S/7AQI/cQP+Mcg9rF/c/bJTY48PE1/ARt7vCMtpIlv9alZSSSrU3WHzCtv9nVczFmwHU3DdKFawigY2DljQcK92dZ5ZlOfpFNMz4PKlVMWaKDk+jKlqm2dxvlHuqEvXPpjFAE2gHrhq5qLXS5ZHeMLJIEK84GYC6fjfLUMdZU3altXTUBvoXhA==Yax+ diff --git a/mpi/powerpc32/distfiles b/mpi/powerpc32/distfiles index a086614..af10d79 100644 --- a/mpi/powerpc32/distfiles +++ b/mpi/powerpc32/distfiles @@ -1,4 +1,3 @@ -Manifest mpih-add1.S mpih-sub1.S mpih-mul1.S diff --git a/mpi/sparc32/Manifest b/mpi/sparc32/Manifest deleted file mode 100644 index d279229..0000000 --- a/mpi/sparc32/Manifest +++ /dev/null @@ -1,24 +0,0 @@ -# Manifest - checksums -# Copyright 2003 Free Software Foundation, Inc. -# -# This file is part of Libgcrypt. -# -# Libgcrypt is free software; you can redistribute it and/or modify -# it under the terms of the GNU Lesser General Public License as -# published by the Free Software Foundation; either version 2.1 of -# the License, or (at your option) any later version. -# -# Libgcrypt is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA - -mpih-lshift.S -mpih-rshift.S -mpih-add1.S -udiv.S -$names$ iQCVAwUAP+LmaDEAnp832S/7AQISHgP/Z5orU+CPKBeRFCogSQDm4p7J2VpDovU6mtfMTdjhqWuZG0U6y8WqH0aj3USfziOhtc8YjQHQ+97g3+EnIWZgLjKacWC6pScY/QbATEpF1D0Wrcea5rk3qR1t7isdBVVOrxedZ5vuj5Op2zx/0OlPI+wt6fTtW88BdG/a6w/ZU/8==Py6h diff --git a/mpi/sparc32/distfiles b/mpi/sparc32/distfiles index a20f18e..51329db 100644 --- a/mpi/sparc32/distfiles +++ b/mpi/sparc32/distfiles @@ -1,4 +1,3 @@ -Manifest mpih-lshift.S mpih-rshift.S mpih-add1.S diff --git a/mpi/sparc32v8/Manifest b/mpi/sparc32v8/Manifest deleted file mode 100644 index dc1ce6a..0000000 --- a/mpi/sparc32v8/Manifest +++ /dev/null @@ -1,23 +0,0 @@ -# Manifest - checksums -# Copyright 2003 Free Software Foundation, Inc. -# -# This file is part of Libgcrypt. -# -# Libgcrypt is free software; you can redistribute it and/or modify -# it under the terms of the GNU Lesser General Public License as -# published by the Free Software Foundation; either version 2.1 of -# the License, or (at your option) any later version. -# -# Libgcrypt is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA - -mpih-mul1.S -mpih-mul2.S -mpih-mul3.S -$names$ iQCVAwUAP+LmbjEAnp832S/7AQKQ2gQAotpCpY9rOJUCdZHbDLXXB9i1UUMraRKbVWimtKq493Y2d2wcqXCK2WaGs1AePK3K6Qk6msxZ0PL5Ho7KgHMkzsZ+wG0EUziiuX0yZRTWNm0r3TYerP6SdWH5GOVdSXn7ckkppk2sVOokfQTy+Tmrnah3+dlYJoujan+fmXWN6Us==DolM diff --git a/mpi/sparc32v8/distfiles b/mpi/sparc32v8/distfiles index 6e9a530..2fcb0d1 100644 --- a/mpi/sparc32v8/distfiles +++ b/mpi/sparc32v8/distfiles @@ -1,4 +1,3 @@ -Manifest mpih-mul1.S mpih-mul2.S mpih-mul3.S diff --git a/mpi/supersparc/Manifest b/mpi/supersparc/Manifest deleted file mode 100644 index 869b97b..0000000 --- a/mpi/supersparc/Manifest +++ /dev/null @@ -1,21 +0,0 @@ -# Manifest - checksums -# Copyright 2003 Free Software Foundation, Inc. -# -# This file is part of Libgcrypt. -# -# Libgcrypt is free software; you can redistribute it and/or modify -# it under the terms of the GNU Lesser General Public License as -# published by the Free Software Foundation; either version 2.1 of -# the License, or (at your option) any later version. -# -# Libgcrypt is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA - -udiv.S -$names$ iQCVAwUAP+LmdjEAnp832S/7AQIrUgQA3YmurZhK7r20DqRvg0gwNe9jMDcFfUY4ZPhW5HkGzMbmrxXtj5Dx50RIPteum72bXE+IhcngljQb/cskiN5Hi9oc2a2CPhyTqVFEeGyF+kJ170GI1pVfFOfzbVG0F4nEwm5lGHgv/nvFsvrjmmAXVW1v/yk5N35wbiLviOFrLOQ==byFc diff --git a/mpi/supersparc/distfiles b/mpi/supersparc/distfiles index ef7c0a5..550601c 100644 --- a/mpi/supersparc/distfiles +++ b/mpi/supersparc/distfiles @@ -1,3 +1,2 @@ -Manifest udiv.S diff --git a/src/Makefile.am b/src/Makefile.am index b764852..cbb08af 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -20,7 +20,7 @@ ## Process this file with automake to produce Makefile.in -EXTRA_DIST = Manifest libgcrypt-config.in libgcrypt.m4 libgcrypt.vers \ +EXTRA_DIST = libgcrypt-config.in libgcrypt.m4 libgcrypt.vers \ gcrypt.h.in libgcrypt.def bin_SCRIPTS = libgcrypt-config diff --git a/src/Manifest b/src/Manifest deleted file mode 100644 index 2d003d8..0000000 --- a/src/Manifest +++ /dev/null @@ -1,58 +0,0 @@ -# Manifest - checksums of the src directory -# Copyright 2004 Free Software Foundation, Inc. -# -# This file is part of Libgcrypt. -# -# Libgcrypt is free software; you can redistribute it and/or modify -# it under the terms of the GNU Lesser general Public License as -# published by the Free Software Foundation; either version 2.1 of -# the License, or (at your option) any later version. -# -# Libgcrypt is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA - -# Checksums for all source files in this directory. Format is -# filename, blanks, base-64 part of an OpenPGP detached signature -# without the header lines. Blank lines and lines beginning with a -# hash mark are ignored. A tool to process this file is available by -# cvs -d :pserver:anoncvs at cvs.gnupg.org:/cvs/wk co misc-scripts/manifest-tool -# -# The special entry "$names$" holds a signature over all sorted -# filenames excluding itself. - -gcrypt.h iQCVAwUAQH5RsTEAnp832S/7AQK7xgP+Kc3NY9lipZkaAMrnHDkQVLdHYwTbZWuGOYdTLp8Xy7Auh9wtWV9hrWVUqs+kxDzT/2iF6XkO3WT3rf/PmQ/Q0TIGfOyjE3c/qvB/jVippaxoGda3tnGpODytdI3XPhfPS0Ss8nDzfCStPBGAEq0OVU7imnExrFzhRXt+Gljr0o0==Yagz -gcrypt-module.h iQCVAwUAQH5UXzEAnp832S/7AQJMQgQAzumz9aaZelhw+FxTCeVadphBxt1bbNQvMrnddYYblyJv+AcxZ9ZxGz2oPeusN58Qg54DQcaW3lYhTgnWfXultsi+Ruxlz7400OUrzSXOl3At7KssdODAoscFzZIgh94G9lzQxEBr9lTXI9R3LsPFJP6muNG4frcNBAA42yckK7w==BBp5 - -ath.c iQCVAwUAQH5E+DEAnp832S/7AQKFpgP+KSZHtVcnh9FFggIyHKbALUljW2FXauasZvFyN8Sk/mIMgKxyXFOG1THBAUzWLaKWIEWU+WkYU7uThqBtpnEImM5AenWzbQuJjftPC3gVHO8yjjmBWD4zmJj28htoKDoa/xDsoqumrHxae3FYcaCWtYGVjM/Pbl+OMRMOFAhp0ho==lQZ3 -ath.h iQCVAwUAQH5FODEAnp832S/7AQKiuQQAg4K+KOAn1LWBZN32MAhms4FeZKoce0fAuZW7BpyY4cCxIVgxqrtUC90CDykw8XegFfOyyYrgd0NmaMVdY7HZDncNOvIPxpgFQPCZrycsMOoAtoVwjK704RDeNo3zmeyxTKeDH+3M1J7JmLiafaEdSbOC8flX/W0icaV0Ol4dmBc==Ll6w - -cipher.h iQCVAwUAQH5FUzEAnp832S/7AQJKLgP9GSSk9f7EINIRqSQH1XKX+dYzt3phDHdqFTUGIfYNh7YzGdy0drvgFhG4k15nqDouKRuFVM/hKY3ZVY7JccmKXKGAH6+ZYShoG6LMFfIGgDX8zne0dNxc72PLfns3fVxNn/RlHmHBkrQ+ppjR9HnSthFmOqzbQaW1BKmc3Z2x5GU==lIeW -g10lib.h iQCVAwUAQH5FejEAnp832S/7AQJ75wP/ZjOybwRix5eoXdfVeXPjoPygejzpYJJdMUGN3Y5UtkfBu9mPREsKfvZ6tH+Evjx+3xfeAb4bU/k2mRMp0tiWnk2koToS08vI9uxnioKQr9oulZH6r28S+NLSgMQuEGN1JNUky6RQ9TTNRndeTjKKSrEjZ7V6bv+rb8A1bYCKChs==P5mk -mpi.h iQCVAwUAQH5FwzEAnp832S/7AQJJ4wP9E3jVkcO9M0YtSBHIbjG3hDWKWXzi86AlUh51qiE8/2XP0FfjA4TosyvmicZs7j48HitAByr9tHOSxnbeo7NBf17ICwAo6Eqty+wKDg+eyLeEGUy7VpVK3RJRQAA4H+kl3S2l3YMTKf3WJlbc7qkWSXZspdy5c9sAxeodCKrAubU==oALf - -global.c iQCVAwUAQH5HFzEAnp832S/7AQJc+QQAvi53ZkMCzLnVULHvhI6W+EX537zi9n8cplYguvIJqUhAZrP68yGAIyqyCONbZVDyB7wqeXdUMLzMk7W8fg+xuk5JSDpppAQf2m/bdQyze6XVqJso682eYBM8+b9z/IVEvLaFwhZcOKO1bcXudBlBCcJgVDpupfTtAWgPnewil9Q==Xwy1 -misc.c iQCVAwUAQH5IIjEAnp832S/7AQKNJAQAkEpyY3fCG7tvADJFAW9xA7DEQwLCa8YmiUhHvrEsWOI4YgvS7LUbWWc7VqK+ryORvXLKRAVieznbnHAuy0TKtqdnmA/kUmiurS0ah5SWqR/iuAeJtt0RGsmZaZ6oa2m4PZ2Y2GCHSTZqcclvwsetS9eq5AipxHxYFUltu5wGZNI==twM2 -missing-string.c iQCVAwUAQH5JfjEAnp832S/7AQI3ZQQAg55eEJbGQQHyBEJGxvt/FXpQiXcoDit3ZHzvdaQn/NUgdLjCHiWVzhyCXACGivLWMNModDaSaZk073NXxVkWfPcX9vkF//Wugwzidd5P3Bfu5k35o+Xxz82fsk5KuFGGq1mBUZ07xUYQ8KkKkhADUkr0QiQAuypp079Yq0uUC7Q==zvKn -module.c iQCVAwUAQH5JvjEAnp832S/7AQKlMgQAjZYTXMpWb5kHxCMXzRi069Ku/4/xnWsD+S0dje1LiKzCnRpwTTxARzc/y10Y8OcygkMuR4unEaWedO+9syjjty3fBCcue/j7YlLitq5EC9UE4o23poWvWCuX9Tadm2DK5qf4p7smMJ22O22cLTYTVCyAoYTQ2xC8ajzBsBRkX80==yRRD -secmem.c iQCVAwUAQH5LLDEAnp832S/7AQKtFwQAwY2wBr6WJC1cwqp/1DQoKzHx9C3plONxbZMazwR7VMI83NUbBAbv1mcxpeZWXmb2dRrnsR1VBbNPDSbJLN5T6czLQ2nIb6mnq9u8Ip4SAa+GCWfDV4AUtAJ4hN/yvWo8iEKu+KD5iJ6xJh31NdXjt5yk6vnk46SA6R4FkHdIEXc==UKVr -secmem.h iQCVAwUAQH5LTDEAnp832S/7AQIsJwQAkZUu4hvmh9NXCLNm98+tGZFzWYvZO/NffC2wdPE8Q/OTa/m3g+oBbEhaV1ze3oY4t1F/p7ZHFx5CsIp4zVjyPkxlni8AAVMUOQr/LopyxouHn2OjKO+dVqecWQf01+nPWjklbL2FZ3mQ99k2qeWZlVSkz0nm8u39F3v7z3OTCss==AJqE -sexp.c iQCVAwUAQH5LojEAnp832S/7AQKCTQQArlrj1KGwR2x93fcyN3M0iXuGkBq5R9KNu+1Bq04G4SLlpZ1RRY0OjV3L9To1BHTd01lXlO8MNz7NpRxWlG1Sw5FohbBlhWZQRcW8GdAawJPcfIY2Y8Ek6Yx8quZKbk9uD3bcBmStmg0P+TIA0nr20bmtfB3uX2KQVHQqWZQT5qU==P8FE -stdmem.c iQCVAwUAQH5LzjEAnp832S/7AQLOUAP9FU16itXBBrkfRDGmhUjAOeEEKdd+brQ3XdT8xoLvP/IH/6U1Kq3ampP2/xcL4kwVdz2rw6NRzP7jlL/yM3tW722lSS/JPJkH+2+qUkcb0fYNoql/WYPMYp1/Mzu6ttXnjag1cQGlKIyYAD+G6h3FtpLwQy0hEJopnF9+Ovd8U7A==CkiZ -stdmem.h iQCVAwUAQH5L8jEAnp832S/7AQIH0wP+Lyqh0tj++s2L79Tmf/gqgCK+HLMxTddcewF3XbsYf9T5FmLez1gz6Ggti4Ss9VjozOA3ti3trCiA/YNRmV9AYw4zLUPm+MsjJuveL/AgB9HdoD2v+RfJm0WwgSKiysp+8iyjg3Plopmhba4cGuOP5MJ3CWTqYwPmJVscUKC6g38==02MN - -types.h iQCVAwUAQH5MKTEAnp832S/7AQLqTAP6A3mUMD5MMkBkebq4bRY6Bq0KsgdKfZ8TLhc2o87gFay8YD0Uom3YJNG2LF/rAIct2ih4jYJaIb5dRfJ0KJoPi2ETd462J8OFCL4fjq9TaSjB2pXcB+kWoxzPasGNg2Ukk0dQ6lvF1tSYrtt32PVI7q/UaPsjTylgRmzLfX/VxrU==OMu3 - - -# Configuration -Makefile.am iQCVAwUAQH5WVjEAnp832S/7AQLmsQP/bbI8/UWAC5yITVhGcCOCbN/FaMqXVKjxESzo6GTs02jxK1y3RuuaoNU1ssQZGAxpFiMJW8u933V3yTHFMxWpwHemDnEyv/a8YACxJBQ0tQgpgHS716BjMbHOfcuOis2WlCOOm0ErjhAYNa4NQ1q3jwkOvTDLFpdnqaWI2wWn08U==Yjun -libgcrypt.m4 iQCVAwUAQH5MbTEAnp832S/7AQJ1uAQA1C6xI7qXiKVtUeXawhPytAldosrzcXmqz34xi7JklQqw83d68WtWHFMBEUa7MKfi4WCbuQb7FjGUvMRw5z/T9ez7CoDekHc63+cIIZLQ23weUK8GaA1uQLoD0scmT41J5RkBlJbH7ck1zRd3d04o75rWNEUNit6KBvrQ4Pd8oQ8==uMgB -libgcrypt-config.in iQCVAwUAQH5UbzEAnp832S/7AQJISgP+Nbd2AQnDM/k8sQLbvz8YZjwX3LigZM+AkF1VAwyAm6YOU3nrXnz5t+cXkQD2dkz4L2F0AAsIkFiJsrgmZgCp2h1L6LeFnH+hoId9RhbYw4NkDaHb+MC9JcalpcfFvvxq6vM/W37bSFimM78P+5RLKypXCytVQNAAaIRgZjVfXY8==IGDS -libgcrypt.vers iQCVAwUAQH5MjTEAnp832S/7AQKCdQQAotG6Z3zdcePI0V33YY2sh91uYkLBNhQw+PzyE3BRRAVhMGLOBD1nSWJHJvE3eyCVOqFY0ZmvpVex51Fa0D/TwsJOO4RVxf1L9bbAncu9OuEXaGXKytLZp54TliDTAWGDq0lvtx1TvDDgtM8TbbaXvMbjfQ4wXBxdLvaenFCTlR4==kgHq - -$names$ iQCVAwUAQH5UhDEAnp832S/7AQK/jwP9H7A3mI99M1NGuhD+16C+2gJIITB8GJeYeUd3vm8kWQ5n76WyMCdeA62qn0JUddIBjAbagtfvTL5aesnD9MlhEGaNlHauU7SINTIJ8njKf87EAAfDZrhS/tGDziC2nakMPweRxXQCLDWHkBPjYfrspSLLohjdegqBvTNyVM76+KE==3p9Z ----------------------------------------------------------------------- Summary of changes: Makefile.am | 3 +- cipher/Makefile.am | 4 +-- cipher/Manifest | 73 -------------------------------------------- mpi/Makefile.am | 2 +- mpi/Manifest | 41 ------------------------- mpi/generic/Manifest | 29 ------------------ mpi/generic/distfiles | 1 - mpi/i386/Manifest | 28 ----------------- mpi/i386/distfiles | 1 - mpi/i586/Manifest | 27 ---------------- mpi/i586/distfiles | 1 - mpi/m68k/Manifest | 25 --------------- mpi/m68k/distfiles | 1 - mpi/m68k/mc68020/Manifest | 23 -------------- mpi/m68k/mc68020/distfiles | 1 - mpi/mips3/Manifest | 28 ----------------- mpi/mips3/distfiles | 1 - mpi/pa7100/Manifest | 22 ------------- mpi/pa7100/distfiles | 1 - mpi/power/Manifest | 27 ---------------- mpi/power/distfiles | 1 - mpi/powerpc32/Manifest | 28 ----------------- mpi/powerpc32/distfiles | 1 - mpi/sparc32/Manifest | 24 --------------- mpi/sparc32/distfiles | 1 - mpi/sparc32v8/Manifest | 23 -------------- mpi/sparc32v8/distfiles | 1 - mpi/supersparc/Manifest | 21 ------------- mpi/supersparc/distfiles | 1 - src/Makefile.am | 2 +- src/Manifest | 58 ----------------------------------- 31 files changed, 5 insertions(+), 495 deletions(-) delete mode 100644 cipher/Manifest delete mode 100644 mpi/Manifest delete mode 100644 mpi/generic/Manifest delete mode 100644 mpi/i386/Manifest delete mode 100644 mpi/i586/Manifest delete mode 100644 mpi/m68k/Manifest delete mode 100644 mpi/m68k/mc68020/Manifest delete mode 100644 mpi/mips3/Manifest delete mode 100644 mpi/pa7100/Manifest delete mode 100644 mpi/power/Manifest delete mode 100644 mpi/powerpc32/Manifest delete mode 100644 mpi/sparc32/Manifest delete mode 100644 mpi/sparc32v8/Manifest delete mode 100644 mpi/supersparc/Manifest delete mode 100644 src/Manifest hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From maxim.suraev at campus.tu-berlin.de Wed Jan 7 16:05:31 2015 From: maxim.suraev at campus.tu-berlin.de (Max) Date: Wed, 07 Jan 2015 16:05:31 +0100 Subject: bug tracker Message-ID: <54AD4B3B.5040204@campus.tu-berlin.de> Hi. What's the proper place to report issues and ask for features for libgcrypt? best, Max. From cvs at cvs.gnupg.org Thu Jan 8 09:07:38 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 08 Jan 2015 09:07:38 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-160-g9d32896 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 9d328962660da72f094dc5424d5ef67abbaffdf6 (commit) from 4f7dcdc25af269b12275126edeef30b262fb891d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9d328962660da72f094dc5424d5ef67abbaffdf6 Author: Werner Koch Date: Thu Jan 8 09:07:09 2015 +0100 cipher: Prepare for OCB mode. * src/gcrypt.h.in (GCRY_CIPHER_MODE_OCB): New. -- This is merely a claim that I am working on OCB mode. diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 30acd2f..7337db9 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -1647,6 +1647,11 @@ Associated Data (AEAD) block cipher mode, which is specified in Poly1305 is an Authenticated Encryption with Associated Data (AEAD) mode, which can be used with ChaCha20 and Salsa20 stream ciphers. + at item GCRY_CIPHER_MODE_OCB + at cindex OCB, OCB3 +OCB is an Authenticated Encryption with Associated Data (AEAD) block +cipher mode, which is specified in RFC-7253. + @end table @node Working with cipher handles @@ -1675,12 +1680,14 @@ and the according constants. Note that some modes are incompatible with some algorithms - in particular, stream mode (@code{GCRY_CIPHER_MODE_STREAM}) only works with stream ciphers. Poly1305 AEAD mode (@code{GCRY_CIPHER_MODE_POLY1305}) only works with -ChaCha and Salsa stream ciphers. The block cipher modes (@code{GCRY_CIPHER_MODE_ECB}, - at code{GCRY_CIPHER_MODE_CBC}, @code{GCRY_CIPHER_MODE_CFB}, - at code{GCRY_CIPHER_MODE_OFB} and @code{GCRY_CIPHER_MODE_CTR}) will work -with any block cipher algorithm. GCM mode (@code{GCRY_CIPHER_MODE_CCM}) and -CCM mode (@code{GCRY_CIPHER_MODE_GCM}) will only work with block cipher algorithms -which have the block size of 16 bytes. +ChaCha and Salsa stream ciphers. The block cipher modes +(@code{GCRY_CIPHER_MODE_ECB}, @code{GCRY_CIPHER_MODE_CBC}, + at code{GCRY_CIPHER_MODE_CFB}, @code{GCRY_CIPHER_MODE_OFB} and + at code{GCRY_CIPHER_MODE_CTR}) will work with any block cipher +algorithm. GCM mode (@code{GCRY_CIPHER_MODE_CCM}), CCM mode +(@code{GCRY_CIPHER_MODE_GCM}), and OCB mode +(@code{GCRY_CIPHER_MODE_OCB}) will only work with block cipher +algorithms which have the block size of 16 bytes. The third argument @var{flags} can either be passed as @code{0} or as the bit-wise OR of the following constants. diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index f3207c9..85c6753 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -912,6 +912,7 @@ enum gcry_cipher_modes GCRY_CIPHER_MODE_CCM = 8, /* Counter with CBC-MAC. */ GCRY_CIPHER_MODE_GCM = 9, /* Galois Counter Mode. */ GCRY_CIPHER_MODE_POLY1305 = 10, /* Poly1305 based AEAD mode. */ + GCRY_CIPHER_MODE_OCB = 11 /* OCB3 mode. */ }; /* Flags used with the open function. */ ----------------------------------------------------------------------- Summary of changes: doc/gcrypt.texi | 19 +++++++++++++------ src/gcrypt.h.in | 1 + 2 files changed, 14 insertions(+), 6 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From wk at gnupg.org Thu Jan 8 13:45:18 2015 From: wk at gnupg.org (Werner Koch) Date: Thu, 08 Jan 2015 13:45:18 +0100 Subject: bug tracker In-Reply-To: <54AD4B3B.5040204@campus.tu-berlin.de> (Max's message of "Wed, 07 Jan 2015 16:05:31 +0100") References: <54AD4B3B.5040204@campus.tu-berlin.de> Message-ID: <87oaq9v3tt.fsf@vigenere.g10code.de> On Wed, 7 Jan 2015 16:05, maxim.suraev at campus.tu-berlin.de said: > What's the proper place to report issues and ask for features for libgcrypt? If that is clearly a bug put it into the tracker https://bugs.gnupg.org . Feature requests are best discussed right here. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From maxim.suraev at campus.tu-berlin.de Tue Jan 13 15:04:10 2015 From: maxim.suraev at campus.tu-berlin.de (Max) Date: Tue, 13 Jan 2015 15:04:10 +0100 Subject: [feature request] move hex routines Message-ID: <54B525DA.2080704@campus.tu-berlin.de> Hi. There are some routines for conversion ascii number representation to/from hex in gnupg/common/convert.c but nor in gcrypt. I think those are generally useful enough to move them into gcrypt library. This would make nice addition to existing functions for s-exp and mpi printing and scanning. cheers, Max. From cvs at cvs.gnupg.org Thu Jan 15 10:38:11 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 15 Jan 2015 10:38:11 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-162-g9d2a22c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 9d2a22c94ae99f9301321082c4fb8d73f4085fda (commit) via 27a91a93d101ef080f71e5d7e50c3cbf3dbb2e39 (commit) from 9d328962660da72f094dc5424d5ef67abbaffdf6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9d2a22c94ae99f9301321082c4fb8d73f4085fda Author: Werner Koch Date: Thu Jan 15 10:04:43 2015 +0100 Add functions to count trailing zero bits in a word. * cipher/bithelp.h (_gcry_ctz, _gcry_ctz64): New. * configure.ac (HAVE_BUILTIN_CTZ): Add new test. -- Note that these functions return the number of bits in the word when passing 0. Signed-off-by: Werner Koch diff --git a/cipher/bithelp.h b/cipher/bithelp.h index 6e59c53..2220bc8 100644 --- a/cipher/bithelp.h +++ b/cipher/bithelp.h @@ -77,4 +77,49 @@ _gcry_bswap64(u64 x) # endif #endif + +/* Count trailing zero bits in an unsigend int. We return an int + because that is what gcc's builtin does. Returns the number of + bits in X if X is 0. */ +static inline int +_gcry_ctz (unsigned int x) +{ +#if defined (HAVE_BUILTIN_CTZ) + return x? __builtin_ctz (x) : 8 * sizeof (x); +#else + /* See + * http://graphics.stanford.edu/~seander/bithacks.html#ZerosOnRightModLookup + */ + static const unsigned char mod37[] = + { + sizeof (unsigned int)*8, + 0, 1, 26, 2, 23, 27, 0, 3, 16, 24, 30, 28, 11, 0, 13, + 4, 7, 17, 0, 25, 22, 31, 15, 29, 10, 12, 6, 0, 21, 14, 9, + 5, 20, 8, 19, 18 + }; + return (int)mod37[(-x & x) % 37]; +#endif +} + + +/* Count trailing zero bits in an u64. We return an int because that + is what gcc's builtin does. Returns the number of bits in X if X + is 0. */ +#ifdef HAVE_U64_TYPEDEF +static inline int +_gcry_ctz64(u64 x) +{ +#if defined (HAVE_BUILTIN_CTZ) && SIZEOF_UNSIGNED_INT >= 8 +#warning hello + return x? __builtin_ctz (x) : 8 * sizeof (x); +#else + if ((x & 0xffffffff)) + return _gcry_ctz (x); + else + return 32 + _gcry_ctz (x >> 32); +#endif +} +#endif /*HAVE_U64_TYPEDEF*/ + + #endif /*G10_BITHELP_H*/ diff --git a/configure.ac b/configure.ac index 4cfebe7..4bbd686 100644 --- a/configure.ac +++ b/configure.ac @@ -827,6 +827,21 @@ fi # +# Check for __builtin_ctz intrinsic. +# +AC_CACHE_CHECK(for __builtin_ctz, + [gcry_cv_have_builtin_ctz], + [gcry_cv_have_builtin_ctz=no + AC_LINK_IFELSE([AC_LANG_PROGRAM([], + [unsigned int x = 0; int y = __builtin_ctz(x); return y;])], + [gcry_cv_have_builtin_ctz=yes])]) +if test "$gcry_cv_have_builtin_ctz" = "yes" ; then + AC_DEFINE(HAVE_BUILTIN_CTZ, 1, + [Defined if compiler has '__builtin_ctz' intrinsic]) +fi + + +# # Check for VLA support (variable length arrays). # AC_CACHE_CHECK(whether the variable length arrays are supported, commit 27a91a93d101ef080f71e5d7e50c3cbf3dbb2e39 Author: Werner Koch Date: Thu Jan 15 10:02:28 2015 +0100 Re-indent types.h for easier reading. -- diff --git a/src/types.h b/src/types.h index ee0a62b..561b74d 100644 --- a/src/types.h +++ b/src/types.h @@ -25,16 +25,16 @@ /* The AC_CHECK_SIZEOF() in configure fails for some machines. * we provide some fallback values here */ #if !SIZEOF_UNSIGNED_SHORT -#undef SIZEOF_UNSIGNED_SHORT -#define SIZEOF_UNSIGNED_SHORT 2 +# undef SIZEOF_UNSIGNED_SHORT +# define SIZEOF_UNSIGNED_SHORT 2 #endif #if !SIZEOF_UNSIGNED_INT -#undef SIZEOF_UNSIGNED_INT -#define SIZEOF_UNSIGNED_INT 4 +# undef SIZEOF_UNSIGNED_INT +# define SIZEOF_UNSIGNED_INT 4 #endif #if !SIZEOF_UNSIGNED_LONG -#undef SIZEOF_UNSIGNED_LONG -#define SIZEOF_UNSIGNED_LONG 4 +# undef SIZEOF_UNSIGNED_LONG +# define SIZEOF_UNSIGNED_LONG 4 #endif @@ -42,87 +42,88 @@ #ifndef HAVE_BYTE_TYPEDEF -#undef byte /* maybe there is a macro with this name */ -/* Windows typedefs byte in the rpc headers. Avoid warning about - double definition. */ -#if !(defined(_WIN32) && defined(cbNDRContext)) - typedef unsigned char byte; -#endif -#define HAVE_BYTE_TYPEDEF +# undef byte /* In case there is a macro with that name. */ +# if !(defined(_WIN32) && defined(cbNDRContext)) + /* Windows typedefs byte in the rpc headers. Avoid warning about + double definition. */ + typedef unsigned char byte; +# endif +# define HAVE_BYTE_TYPEDEF #endif #ifndef HAVE_USHORT_TYPEDEF -#undef ushort /* maybe there is a macro with this name */ +# undef ushort /* In case there is a macro with that name. */ typedef unsigned short ushort; -#define HAVE_USHORT_TYPEDEF +# define HAVE_USHORT_TYPEDEF #endif #ifndef HAVE_ULONG_TYPEDEF -#undef ulong /* maybe there is a macro with this name */ +# undef ulong /* In case there is a macro with that name. */ typedef unsigned long ulong; -#define HAVE_ULONG_TYPEDEF +# define HAVE_ULONG_TYPEDEF #endif #ifndef HAVE_U16_TYPEDEF -#undef u16 /* maybe there is a macro with this name */ -#if SIZEOF_UNSIGNED_INT == 2 - typedef unsigned int u16; -#elif SIZEOF_UNSIGNED_SHORT == 2 - typedef unsigned short u16; -#else -#error no typedef for u16 -#endif -#define HAVE_U16_TYPEDEF +# undef u16 /* In case there is a macro with that name. */ +# if SIZEOF_UNSIGNED_INT == 2 + typedef unsigned int u16; +# elif SIZEOF_UNSIGNED_SHORT == 2 + typedef unsigned short u16; +# else +# error no typedef for u16 +# endif +# define HAVE_U16_TYPEDEF #endif #ifndef HAVE_U32_TYPEDEF -#undef u32 /* maybe there is a macro with this name */ -#if SIZEOF_UNSIGNED_INT == 4 - typedef unsigned int u32; -#elif SIZEOF_UNSIGNED_LONG == 4 - typedef unsigned long u32; -#else -#error no typedef for u32 -#endif -#define HAVE_U32_TYPEDEF +# undef u32 /* In case there is a macro with that name. */ +# if SIZEOF_UNSIGNED_INT == 4 + typedef unsigned int u32; +# elif SIZEOF_UNSIGNED_LONG == 4 + typedef unsigned long u32; +# else +# error no typedef for u32 +# endif +# define HAVE_U32_TYPEDEF #endif -/**************** +/* * Warning: Some systems segfault when this u64 typedef and * the dummy code in cipher/md.c is not available. Examples are * Solaris and IRIX. */ #ifndef HAVE_U64_TYPEDEF -#undef u64 /* maybe there is a macro with this name */ -#if SIZEOF_UNSIGNED_INT == 8 - typedef unsigned int u64; -#define U64_C(c) (c ## U) -#define HAVE_U64_TYPEDEF -#elif SIZEOF_UNSIGNED_LONG == 8 - typedef unsigned long u64; -#define U64_C(c) (c ## UL) -#define HAVE_U64_TYPEDEF -#elif SIZEOF_UNSIGNED_LONG_LONG == 8 - typedef unsigned long long u64; -#define U64_C(c) (c ## ULL) -#define HAVE_U64_TYPEDEF -#elif SIZEOF_UINT64_T == 8 - typedef uint64_t u64; -#define U64_C(c) (UINT64_C(c)) -#define HAVE_U64_TYPEDEF -#endif +# undef u64 /* In case there is a macro with that name. */ +# if SIZEOF_UNSIGNED_INT == 8 + typedef unsigned int u64; +# define U64_C(c) (c ## U) +# define HAVE_U64_TYPEDEF +# elif SIZEOF_UNSIGNED_LONG == 8 + typedef unsigned long u64; +# define U64_C(c) (c ## UL) +# define HAVE_U64_TYPEDEF +# elif SIZEOF_UNSIGNED_LONG_LONG == 8 + typedef unsigned long long u64; +# define U64_C(c) (c ## ULL) +# define HAVE_U64_TYPEDEF +# elif SIZEOF_UINT64_T == 8 + typedef uint64_t u64; +# define U64_C(c) (UINT64_C(c)) +# define HAVE_U64_TYPEDEF +# endif #endif -typedef union { - int a; - short b; - char c[1]; - long d; +typedef union +{ + int a; + short b; + char c[1]; + long d; #ifdef HAVE_U64_TYPEDEF - u64 e; + u64 e; #endif - float f; - double g; + float f; + double g; } PROPERLY_ALIGNED_TYPE; #endif /*GCRYPT_TYPES_H*/ ----------------------------------------------------------------------- Summary of changes: cipher/bithelp.h | 45 ++++++++++++++++++++ configure.ac | 15 +++++++ src/types.h | 125 ++++++++++++++++++++++++++++--------------------------- 3 files changed, 123 insertions(+), 62 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From cvs at cvs.gnupg.org Fri Jan 16 14:57:30 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 16 Jan 2015 14:57:30 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-163-g067d7d8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 067d7d8752d4d8a98f8e0e5e9b1a5b13e1b7ff9c (commit) from 9d2a22c94ae99f9301321082c4fb8d73f4085fda (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 067d7d8752d4d8a98f8e0e5e9b1a5b13e1b7ff9c Author: Werner Koch Date: Fri Jan 16 14:55:03 2015 +0100 Add OCB cipher mode * cipher/cipher-ocb.c: New. * cipher/Makefile.am (libcipher_la_SOURCES): Add cipher-ocb.c * cipher/cipher-internal.h (OCB_BLOCK_LEN, OCB_L_TABLE_SIZE): New. (gcry_cipher_handle): Add fields marks.finalize and u_mode.ocb. * cipher/cipher.c (_gcry_cipher_open_internal): Add OCB mode. (_gcry_cipher_open_internal): Setup default taglen of OCB. (cipher_reset): Clear OCB specific data. (cipher_encrypt, cipher_decrypt, _gcry_cipher_authenticate) (_gcry_cipher_gettag, _gcry_cipher_checktag): Call OCB functions. (_gcry_cipher_setiv): Add OCB specific nonce setting. (_gcry_cipher_ctl): Add GCRYCTL_FINALIZE and GCRYCTL_SET_TAGLEN * src/gcrypt.h.in (GCRYCTL_SET_TAGLEN): New. (gcry_cipher_final): New. * cipher/bufhelp.h (buf_xor_1): New. * tests/basic.c (hex2buffer): New. (check_ocb_cipher): New. (main): Call it here. Add option --cipher-modes. * tests/bench-slope.c (bench_aead_encrypt_do_bench): Call gcry_cipher_final. (bench_aead_decrypt_do_bench): Ditto. (bench_aead_authenticate_do_bench): Ditto. Check error code. (bench_ocb_encrypt_do_bench): New. (bench_ocb_decrypt_do_bench): New. (bench_ocb_authenticate_do_bench): New. (ocb_encrypt_ops): New. (ocb_decrypt_ops): New. (ocb_authenticate_ops): New. (cipher_modes): Add them. (cipher_bench_one): Skip wrong block length for OCB. * tests/benchmark.c (cipher_bench): Add field noncelen to MODES. Add OCB support. -- See the comments on top of cipher/cipher-ocb.c for the patent status of the OCB mode. The implementation has not yet been optimized and as such is not faster that the other AEAD modes. A first candidate for optimization is the double_block function. Large improvements can be expected by writing an AES ECB function to work on multiple blocks. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index 0150fdd..4c74533 100644 --- a/NEWS +++ b/NEWS @@ -21,6 +21,8 @@ Noteworthy changes in version 1.7.0 (unreleased) * Fixed some asm build problems and feature detection bugs. + * Added OCB mode. + * Interface changes relative to the 1.6.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gcry_mac_get_algo NEW. @@ -30,6 +32,9 @@ Noteworthy changes in version 1.7.0 (unreleased) gcry_cipher_set_sbox NEW macro. GCRY_MD_GOSTR3411_CP NEW. gcry_mpi_ec_sub NEW. + GCRY_CIPHER_MODE_OCB NEW. + GCRYCTL_SET_TAGLEN NEW. + gcry_cipher_final NEW macro. Noteworthy changes in version 1.6.0 (2013-12-16) diff --git a/cipher/Makefile.am b/cipher/Makefile.am index ceb95f1..4a9c86d 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -41,7 +41,8 @@ libcipher_la_SOURCES = \ cipher.c cipher-internal.h \ cipher-cbc.c cipher-cfb.c cipher-ofb.c cipher-ctr.c cipher-aeswrap.c \ cipher-ccm.c cipher-cmac.c cipher-gcm.c cipher-gcm-intel-pclmul.c \ -cipher-poly1305.c cipher-selftest.c cipher-selftest.h \ +cipher-poly1305.c cipher-ocb.c \ +cipher-selftest.c cipher-selftest.h \ pubkey.c pubkey-internal.h pubkey-util.c \ md.c \ mac.c mac-internal.h \ diff --git a/cipher/bufhelp.h b/cipher/bufhelp.h index 464b141..a372acb 100644 --- a/cipher/bufhelp.h +++ b/cipher/bufhelp.h @@ -120,6 +120,40 @@ do_bytes: } +/* Optimized function for in-place buffer xoring. */ +static inline void +buf_xor_1(void *_dst, const void *_src, size_t len) +{ + byte *dst = _dst; + const byte *src = _src; + uintptr_t *ldst; + const uintptr_t *lsrc; +#ifndef BUFHELP_FAST_UNALIGNED_ACCESS + const unsigned int longmask = sizeof(uintptr_t) - 1; + + /* Skip fast processing if buffers are unaligned. */ + if (((uintptr_t)dst | (uintptr_t)src) & longmask) + goto do_bytes; +#endif + + ldst = (uintptr_t *)(void *)dst; + lsrc = (const uintptr_t *)(const void *)src; + + for (; len >= sizeof(uintptr_t); len -= sizeof(uintptr_t)) + *ldst++ ^= *lsrc++; + + dst = (byte *)ldst; + src = (const byte *)lsrc; + +#ifndef BUFHELP_FAST_UNALIGNED_ACCESS +do_bytes: +#endif + /* Handle tail. */ + for (; len; len--) + *dst++ ^= *src; +} + + /* Optimized function for buffer xoring with two destination buffers. Used mainly by CFB mode encryption. */ static inline void diff --git a/cipher/cipher-internal.h b/cipher/cipher-internal.h index 650d813..50b0324 100644 --- a/cipher/cipher-internal.h +++ b/cipher/cipher-internal.h @@ -26,6 +26,25 @@ /* The maximum supported size of a block in bytes. */ #define MAX_BLOCKSIZE 16 +/* The length for an OCB block. Although OCB supports any block + length it does not make sense to use a 64 bit blocklen (and cipher) + because this reduces the security margin to an unacceptable state. + Thus we require a cipher with 128 bit blocklength. */ +#define OCB_BLOCK_LEN (128/8) + +/* The size of the pre-computed L table for OCB. This takes the same + size as the table used for GCM and thus we don't save anything by + not using such a table. */ +#define OCB_L_TABLE_SIZE 16 + + +/* Check the above constants. */ +#if OCB_BLOCK_LEN > MAX_BLOCKSIZE +# error OCB_BLOCKLEN > MAX_BLOCKSIZE +#endif + + + /* Magic values for the context structure. */ #define CTX_MAGIC_NORMAL 0x24091964 #define CTX_MAGIC_SECURE 0x46919042 @@ -119,19 +138,22 @@ struct gcry_cipher_handle unsigned int key:1; /* Set to 1 if a key has been set. */ unsigned int iv:1; /* Set to 1 if a IV has been set. */ unsigned int tag:1; /* Set to 1 if a tag is finalized. */ + unsigned int finalize:1; /* Next encrypt/decrypt has the final data. */ } marks; /* The initialization vector. For best performance we make sure that it is properly aligned. In particular some implementations of bulk operations expect an 16 byte aligned IV. IV is also used - to store CBC-MAC in CCM mode; counter IV is stored in U_CTR. */ + to store CBC-MAC in CCM mode; counter IV is stored in U_CTR. For + OCB mode it is used for the offset value. */ union { cipher_context_alignment_t iv_align; unsigned char iv[MAX_BLOCKSIZE]; } u_iv; /* The counter for CTR mode. This field is also used by AESWRAP and - thus we can't use the U_IV union. */ + thus we can't use the U_IV union. For OCB mode it is used for + the checksum. */ union { cipher_context_alignment_t iv_align; unsigned char ctr[MAX_BLOCKSIZE]; @@ -232,6 +254,40 @@ struct gcry_cipher_handle #endif #endif } gcm; + + /* Mode specific storage for OCB mode. */ + struct { + /* Helper variables and pre-computed table of L values. */ + unsigned char L_star[OCB_BLOCK_LEN]; + unsigned char L_dollar[OCB_BLOCK_LEN]; + unsigned char L[OCB_BLOCK_LEN][OCB_L_TABLE_SIZE]; + + /* The tag is valid if marks.tag has been set. */ + unsigned char tag[OCB_BLOCK_LEN]; + + /* A buffer to hold the offset for the AAD processing. */ + unsigned char aad_offset[OCB_BLOCK_LEN]; + + /* A buffer to hold the current sum of AAD processing. We can't + use tag here because tag may already hold the preprocessed + checksum of the data. */ + unsigned char aad_sum[OCB_BLOCK_LEN]; + + /* Number of data/aad blocks processed so far. */ + u64 data_nblocks; + u64 aad_nblocks; + + /* Length of the tag. Fixed for now but may eventually be + specified using a set of gcry_cipher_flags. */ + unsigned char taglen; + + /* Flags indicating that the final data/aad block has been + processed. */ + unsigned int data_finalized:1; + unsigned int aad_finalized:1; + + } ocb; + } u_mode; /* What follows are two contexts of the cipher in use. The first @@ -363,4 +419,27 @@ gcry_err_code_t _gcry_cipher_poly1305_check_tag void _gcry_cipher_poly1305_setkey /* */ (gcry_cipher_hd_t c); + +/*-- cipher-ocb.c --*/ +gcry_err_code_t _gcry_cipher_ocb_encrypt +/* */ (gcry_cipher_hd_t c, + unsigned char *outbuf, size_t outbuflen, + const unsigned char *inbuf, size_t inbuflen); +gcry_err_code_t _gcry_cipher_ocb_decrypt +/* */ (gcry_cipher_hd_t c, + unsigned char *outbuf, size_t outbuflen, + const unsigned char *inbuf, size_t inbuflen); +gcry_err_code_t _gcry_cipher_ocb_set_nonce +/* */ (gcry_cipher_hd_t c, const unsigned char *nonce, + size_t noncelen); +gcry_err_code_t _gcry_cipher_ocb_authenticate +/* */ (gcry_cipher_hd_t c, const unsigned char *abuf, size_t abuflen); +gcry_err_code_t _gcry_cipher_ocb_get_tag +/* */ (gcry_cipher_hd_t c, + unsigned char *outtag, size_t taglen); +gcry_err_code_t _gcry_cipher_ocb_check_tag +/* */ (gcry_cipher_hd_t c, + const unsigned char *intag, size_t taglen); + + #endif /*G10_CIPHER_INTERNAL_H*/ diff --git a/cipher/cipher-ocb.c b/cipher/cipher-ocb.c new file mode 100644 index 0000000..25466f0 --- /dev/null +++ b/cipher/cipher-ocb.c @@ -0,0 +1,495 @@ +/* cipher-ocb.c - OCB cipher mode + * Copyright (C) 2015 g10 Code GmbH + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser general Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + * + * + * OCB is covered by several patents but may be used freely by most + * software. See http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm . + * In particular license 1 is suitable for Libgcrypt: See + * http://web.cs.ucdavis.edu/~rogaway/ocb/license1.pdf for the full + * license document; it basically says: + * + * License 1 ? License for Open-Source Software Implementations of OCB + * (Jan 9, 2013) + * + * Under this license, you are authorized to make, use, and + * distribute open-source software implementations of OCB. This + * license terminates for you if you sue someone over their + * open-source software implementation of OCB claiming that you have + * a patent covering their implementation. + */ + + +#include +#include +#include +#include +#include + +#include "g10lib.h" +#include "cipher.h" +#include "bufhelp.h" +#include "./cipher-internal.h" + + +/* Double the OCB_BLOCK_LEN sized block B in-place. */ +static inline void +double_block (unsigned char *b) +{ +#if OCB_BLOCK_LEN != 16 + unsigned char b_0 = b[0]; + int i; + + for (i=0; i < OCB_BLOCK_LEN - 1; i++) + b[i] = (b[i] << 1) | (b[i+1] >> 7); + + b[OCB_BLOCK_LEN-1] = (b[OCB_BLOCK_LEN-1] << 1) ^ ((b_0 >> 7) * 135); +#else + /* This is the generic code for 16 byte blocks. However it is not + faster than the straight byte by byte implementation. */ + u64 l_0, l, r; + + l = buf_get_be64 (b); + r = buf_get_be64 (b + 8); + + l_0 = (int64_t)l >> 63; + l = (l + l) ^ (r >> 63); + r = (r + r) ^ (l_0 & 135); + + buf_put_be64 (b, l); + buf_put_be64 (b+8, r); +#endif +} + + +/* Double the OCB_BLOCK_LEN sized block S and store it at D. S and D + may point to the same memory location but they may not overlap. */ +static void +double_block_cpy (unsigned char *d, const unsigned char *s) +{ + if (d != s) + buf_cpy (d, s, OCB_BLOCK_LEN); + double_block (d); +} + + +/* Copy NBYTES from buffer S starting at bit offset BITOFF to buffer D. */ +static void +bit_copy (unsigned char *d, const unsigned char *s, + unsigned int bitoff, unsigned int nbytes) +{ + unsigned int shift; + + s += bitoff / 8; + shift = bitoff % 8; + if (shift) + { + for (; nbytes; nbytes--, d++, s++) + *d = (s[0] << shift) | (s[1] >> (8 - shift)); + } + else + { + for (; nbytes; nbytes--, d++, s++) + *d = *s; + } +} + + +/* Return the L-value for block N. In most cases we use the table; + only if the lower OCB_L_TABLE_SIZE bits of N are zero we need to + compute it. With a table size of 16 we need to this this only + every 65536-th block. L_TMP is a helper buffer of size + OCB_BLOCK_LEN which is used to hold the computation if not taken + from the table. */ +static const unsigned char * +get_l (gcry_cipher_hd_t c, unsigned char *l_tmp, u64 n) +{ + int ntz = _gcry_ctz64 (n); + + if (ntz < OCB_L_TABLE_SIZE) + return c->u_mode.ocb.L[ntz]; + + double_block_cpy (l_tmp, c->u_mode.ocb.L[OCB_L_TABLE_SIZE - 1]); + for (ntz -= OCB_L_TABLE_SIZE; ntz; ntz--) + double_block (l_tmp); + + return l_tmp; +} + + +/* Set the nonce for OCB. This requires that the key has been set. + Using it again resets start a new encryption cycle using the same + key. */ +gcry_err_code_t +_gcry_cipher_ocb_set_nonce (gcry_cipher_hd_t c, const unsigned char *nonce, + size_t noncelen) +{ + unsigned char ktop[OCB_BLOCK_LEN]; + unsigned char stretch[OCB_BLOCK_LEN + 8]; + unsigned int bottom; + int i; + unsigned int burn = 0; + unsigned int nburn; + + /* Check args. */ + if (!c->marks.key) + return GPG_ERR_INV_STATE; /* Key must have been set first. */ + switch (c->u_mode.ocb.taglen) + { + case 8: + case 12: + case 16: + break; + default: + return GPG_ERR_BUG; /* Invalid tag length. */ + } + + if (c->spec->blocksize != OCB_BLOCK_LEN) + return GPG_ERR_CIPHER_ALGO; + if (!nonce) + return GPG_ERR_INV_ARG; + /* 120 bit is the allowed maximum. In addition we impose a minimum + of 64 bit. */ + if (noncelen > (120/8) || noncelen < (64/8) || noncelen >= OCB_BLOCK_LEN) + return GPG_ERR_INV_LENGTH; + + /* Set up the L table. */ + /* L_star = E(zero_128) */ + memset (ktop, 0, OCB_BLOCK_LEN); + nburn = c->spec->encrypt (&c->context.c, c->u_mode.ocb.L_star, ktop); + burn = nburn > burn ? nburn : burn; + /* L_dollar = double(L_star) */ + double_block_cpy (c->u_mode.ocb.L_dollar, c->u_mode.ocb.L_star); + /* L_0 = double(L_dollar), ... */ + double_block_cpy (c->u_mode.ocb.L[0], c->u_mode.ocb.L_dollar); + for (i = 1; i < OCB_L_TABLE_SIZE; i++) + double_block_cpy (c->u_mode.ocb.L[i], c->u_mode.ocb.L[i-1]); + + /* Prepare the nonce. */ + memset (ktop, 0, (OCB_BLOCK_LEN - noncelen)); + buf_cpy (ktop + (OCB_BLOCK_LEN - noncelen), nonce, noncelen); + ktop[0] = ((c->u_mode.ocb.taglen * 8) % 128) << 1; + ktop[OCB_BLOCK_LEN - noncelen - 1] |= 1; + bottom = ktop[OCB_BLOCK_LEN - 1] & 0x3f; + ktop[OCB_BLOCK_LEN - 1] &= 0xc0; /* Zero the bottom bits. */ + nburn = c->spec->encrypt (&c->context.c, ktop, ktop); + burn = nburn > burn ? nburn : burn; + /* Stretch = Ktop || (Ktop[1..64] xor Ktop[9..72]) */ + buf_cpy (stretch, ktop, OCB_BLOCK_LEN); + buf_xor (stretch + OCB_BLOCK_LEN, ktop, ktop + 1, 8); + /* Offset_0 = Stretch[1+bottom..128+bottom] + (We use the IV field to store the offset) */ + bit_copy (c->u_iv.iv, stretch, bottom, OCB_BLOCK_LEN); + c->marks.iv = 1; + + /* Checksum_0 = zeros(128) + (We use the CTR field to store the checksum) */ + memset (c->u_ctr.ctr, 0, OCB_BLOCK_LEN); + + /* Clear AAD buffer. */ + memset (c->u_mode.ocb.aad_offset, 0, OCB_BLOCK_LEN); + memset (c->u_mode.ocb.aad_sum, 0, OCB_BLOCK_LEN); + + /* Setup other values. */ + memset (c->lastiv, 0, sizeof(c->lastiv)); + c->unused = 0; + c->marks.tag = 0; + c->marks.finalize = 0; + c->u_mode.ocb.data_nblocks = 0; + c->u_mode.ocb.aad_nblocks = 0; + c->u_mode.ocb.data_finalized = 0; + c->u_mode.ocb.aad_finalized = 0; + + /* log_printhex ("L_* ", c->u_mode.ocb.L_star, OCB_BLOCK_LEN); */ + /* log_printhex ("L_$ ", c->u_mode.ocb.L_dollar, OCB_BLOCK_LEN); */ + /* log_printhex ("L_0 ", c->u_mode.ocb.L[0], OCB_BLOCK_LEN); */ + /* log_printhex ("L_1 ", c->u_mode.ocb.L[1], OCB_BLOCK_LEN); */ + /* log_debug ( "bottom : %u (decimal)\n", bottom); */ + /* log_printhex ("Ktop ", ktop, OCB_BLOCK_LEN); */ + /* log_printhex ("Stretch ", stretch, sizeof stretch); */ + /* log_printhex ("Offset_0 ", c->u_iv.iv, OCB_BLOCK_LEN); */ + + /* Cleanup */ + wipememory (ktop, sizeof ktop); + wipememory (stretch, sizeof stretch); + if (burn > 0) + _gcry_burn_stack (burn + 4*sizeof(void*)); + + return 0; +} + + +/* Process additional authentication data. This implementation allows + to add additional authentication data at any time before the final + gcry_cipher_gettag. The size of the data provided in + (ABUF,ABUFLEN) must be a multiple of the blocksize. If a + non-multiple of the blocksize is used no further data may be passed + to this function. */ +gcry_err_code_t +_gcry_cipher_ocb_authenticate (gcry_cipher_hd_t c, const unsigned char *abuf, + size_t abuflen) +{ + unsigned char l_tmp[OCB_BLOCK_LEN]; + + /* Check that a nonce and thus a key has been set and that we have + not yet computed the tag. We also return an error if the aad has + been finalized (i.e. a short block has been processed). */ + if (!c->marks.iv || c->marks.tag || c->u_mode.ocb.aad_finalized) + return GPG_ERR_INV_STATE; + + /* Check correct usage and arguments. */ + if (c->spec->blocksize != OCB_BLOCK_LEN) + return GPG_ERR_CIPHER_ALGO; + if (!abuflen) + return 0; + + /* Hash all full blocks. */ + while (abuflen >= OCB_BLOCK_LEN) + { + c->u_mode.ocb.aad_nblocks++; + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + buf_xor_1 (c->u_mode.ocb.aad_offset, + get_l (c, l_tmp, c->u_mode.ocb.aad_nblocks), OCB_BLOCK_LEN); + /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */ + buf_xor (l_tmp, c->u_mode.ocb.aad_offset, abuf, OCB_BLOCK_LEN); + c->spec->encrypt (&c->context.c, l_tmp, l_tmp); + buf_xor_1 (c->u_mode.ocb.aad_sum, l_tmp, OCB_BLOCK_LEN); + + abuf += OCB_BLOCK_LEN; + abuflen -= OCB_BLOCK_LEN; + } + + /* Hash final partial block. Note that we expect ABUFLEN to be + shorter than OCB_BLOCK_LEN. */ + if (abuflen) + { + /* Offset_* = Offset_m xor L_* */ + buf_xor_1 (c->u_mode.ocb.aad_offset, + c->u_mode.ocb.L_star, OCB_BLOCK_LEN); + /* CipherInput = (A_* || 1 || zeros(127-bitlen(A_*))) xor Offset_* */ + buf_cpy (l_tmp, abuf, abuflen); + memset (l_tmp + abuflen, 0, OCB_BLOCK_LEN - abuflen); + l_tmp[abuflen] = 0x80; + buf_xor_1 (l_tmp, c->u_mode.ocb.aad_offset, OCB_BLOCK_LEN); + /* Sum = Sum_m xor ENCIPHER(K, CipherInput) */ + c->spec->encrypt (&c->context.c, l_tmp, l_tmp); + buf_xor_1 (c->u_mode.ocb.aad_sum, l_tmp, OCB_BLOCK_LEN); + + /* Mark AAD as finalized to avoid accidently calling this + function again after a non-full block has been processed. */ + c->u_mode.ocb.aad_finalized = 1; + } + + return 0; +} + + +/* Common code for encrypt and decrypt. */ +static gcry_err_code_t +ocb_crypt (gcry_cipher_hd_t c, int encrypt, + unsigned char *outbuf, size_t outbuflen, + const unsigned char *inbuf, size_t inbuflen) +{ + unsigned char l_tmp[OCB_BLOCK_LEN]; + unsigned int burn = 0; + unsigned int nburn; + + /* Check that a nonce and thus a key has been set and that we are + not yet in end of data state. */ + if (!c->marks.iv || c->u_mode.ocb.data_finalized) + return GPG_ERR_INV_STATE; + + /* Check correct usage and arguments. */ + if (c->spec->blocksize != OCB_BLOCK_LEN) + return GPG_ERR_CIPHER_ALGO; + if (outbuflen < inbuflen) + return GPG_ERR_BUFFER_TOO_SHORT; + if (c->marks.finalize) + ; /* Allow arbitarty length. */ + else if ((inbuflen % OCB_BLOCK_LEN)) + return GPG_ERR_INV_LENGTH; /* We support only full blocks for now. */ + + /* Encrypt all full blocks. */ + while (inbuflen >= OCB_BLOCK_LEN) + { + c->u_mode.ocb.data_nblocks++; + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + buf_xor_1 (c->u_iv.iv, + get_l (c, l_tmp, c->u_mode.ocb.data_nblocks), OCB_BLOCK_LEN); + /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */ + buf_xor (outbuf, c->u_iv.iv, inbuf, OCB_BLOCK_LEN); + if (encrypt) + nburn = c->spec->encrypt (&c->context.c, outbuf, outbuf); + else + nburn = c->spec->decrypt (&c->context.c, outbuf, outbuf); + burn = nburn > burn ? nburn : burn; + buf_xor_1 (outbuf, c->u_iv.iv, OCB_BLOCK_LEN); + + /* Checksum_i = Checksum_{i-1} xor P_i */ + buf_xor_1 (c->u_ctr.ctr, encrypt? inbuf : outbuf, OCB_BLOCK_LEN); + + inbuf += OCB_BLOCK_LEN; + inbuflen -= OCB_BLOCK_LEN; + outbuf += OCB_BLOCK_LEN; + outbuflen =- OCB_BLOCK_LEN; + } + + /* Encrypt final partial block. Note that we expect INBUFLEN to be + shorter than OCB_BLOCK_LEN (see above). */ + if (inbuflen) + { + unsigned char pad[OCB_BLOCK_LEN]; + + /* Offset_* = Offset_m xor L_* */ + buf_xor_1 (c->u_iv.iv, c->u_mode.ocb.L_star, OCB_BLOCK_LEN); + /* Pad = ENCIPHER(K, Offset_*) */ + nburn = c->spec->encrypt (&c->context.c, pad, c->u_iv.iv); + burn = nburn > burn ? nburn : burn; + + if (encrypt) + { + /* Checksum_* = Checksum_m xor (P_* || 1 || zeros(127-bitlen(P_*))) */ + /* Note that INBUFLEN is less than OCB_BLOCK_LEN. */ + buf_cpy (l_tmp, inbuf, inbuflen); + memset (l_tmp + inbuflen, 0, OCB_BLOCK_LEN - inbuflen); + l_tmp[inbuflen] = 0x80; + buf_xor_1 (c->u_ctr.ctr, l_tmp, OCB_BLOCK_LEN); + /* C_* = P_* xor Pad[1..bitlen(P_*)] */ + buf_xor (outbuf, inbuf, pad, inbuflen); + } + else + { + /* P_* = C_* xor Pad[1..bitlen(C_*)] */ + /* Checksum_* = Checksum_m xor (P_* || 1 || zeros(127-bitlen(P_*))) */ + buf_cpy (l_tmp, pad, OCB_BLOCK_LEN); + buf_cpy (l_tmp, inbuf, inbuflen); + buf_xor_1 (l_tmp, pad, OCB_BLOCK_LEN); + l_tmp[inbuflen] = 0x80; + buf_cpy (outbuf, l_tmp, inbuflen); + + buf_xor_1 (c->u_ctr.ctr, l_tmp, OCB_BLOCK_LEN); + } + } + + /* Compute the tag if the finalize flag has been set. */ + if (c->marks.finalize) + { + /* Tag = ENCIPHER(K, Checksum xor Offset xor L_$) xor HASH(K,A) */ + buf_xor (c->u_mode.ocb.tag, c->u_ctr.ctr, c->u_iv.iv, OCB_BLOCK_LEN); + buf_xor_1 (c->u_mode.ocb.tag, c->u_mode.ocb.L_dollar, OCB_BLOCK_LEN); + nburn = c->spec->encrypt (&c->context.c, + c->u_mode.ocb.tag, c->u_mode.ocb.tag); + burn = nburn > burn ? nburn : burn; + + c->u_mode.ocb.data_finalized = 1; + /* Note that the the final part of the tag computation is done + by _gcry_cipher_ocb_get_tag. */ + } + + if (burn > 0) + _gcry_burn_stack (burn + 4*sizeof(void*)); + + return 0; +} + + +/* Encrypt (INBUF,INBUFLEN) in OCB mode to OUTBUF. OUTBUFLEN gives + the allocated size of OUTBUF. This function accepts only multiples + of a full block unless gcry_cipher_final has been called in which + case the next block may have any length. */ +gcry_err_code_t +_gcry_cipher_ocb_encrypt (gcry_cipher_hd_t c, + unsigned char *outbuf, size_t outbuflen, + const unsigned char *inbuf, size_t inbuflen) + +{ + return ocb_crypt (c, 1, outbuf, outbuflen, inbuf, inbuflen); +} + + +/* Decrypt (INBUF,INBUFLEN) in OCB mode to OUTBUF. OUTBUFLEN gives + the allocated size of OUTBUF. This function accepts only multiples + of a full block unless gcry_cipher_final has been called in which + case the next block may have any length. */ +gcry_err_code_t +_gcry_cipher_ocb_decrypt (gcry_cipher_hd_t c, + unsigned char *outbuf, size_t outbuflen, + const unsigned char *inbuf, size_t inbuflen) +{ + return ocb_crypt (c, 0, outbuf, outbuflen, inbuf, inbuflen); +} + + +/* Compute the tag. The last data operation has already done some + part of it. To allow adding AAD even after having done all data, + we finish the tag computation only here. */ +static void +compute_tag_if_needed (gcry_cipher_hd_t c) +{ + if (!c->marks.tag) + { + buf_xor_1 (c->u_mode.ocb.tag, c->u_mode.ocb.aad_sum, OCB_BLOCK_LEN); + c->marks.tag = 1; + } +} + + +/* Copy the already computed tag to OUTTAG. OUTTAGSIZE is the + allocated size of OUTTAG; the function returns an error if that is + too short to hold the tag. */ +gcry_err_code_t +_gcry_cipher_ocb_get_tag (gcry_cipher_hd_t c, + unsigned char *outtag, size_t outtagsize) +{ + if (c->u_mode.ocb.taglen > outtagsize) + return GPG_ERR_BUFFER_TOO_SHORT; + if (!c->u_mode.ocb.data_finalized) + return GPG_ERR_INV_STATE; /* Data has not yet been finalized. */ + + compute_tag_if_needed (c); + + memcpy (outtag, c->u_mode.ocb.tag, c->u_mode.ocb.taglen); + + return 0; +} + + +/* Check that the tag (INTAG,TAGLEN) matches the computed tag for the + handle C. */ +gcry_err_code_t +_gcry_cipher_ocb_check_tag (gcry_cipher_hd_t c, const unsigned char *intag, + size_t taglen) +{ + size_t n; + + if (!c->u_mode.ocb.data_finalized) + return GPG_ERR_INV_STATE; /* Data has not yet been finalized. */ + + compute_tag_if_needed (c); + + n = c->u_mode.ocb.taglen; + if (taglen < n) + n = taglen; + + if (!buf_eq_const (intag, c->u_mode.ocb.tag, n) + || c->u_mode.ocb.taglen != taglen) + return GPG_ERR_CHECKSUM; + + return 0; +} diff --git a/cipher/cipher.c b/cipher/cipher.c index 78cad21..0a13fe6 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -425,6 +425,17 @@ _gcry_cipher_open_internal (gcry_cipher_hd_t *handle, err = GPG_ERR_INV_CIPHER_MODE; break; + case GCRY_CIPHER_MODE_OCB: + /* Note that our implementation allows only for 128 bit block + length algorithms. Lower block lengths would be possible + but we do not implement them because they limit the + security too much. */ + if (!spec->encrypt || !spec->decrypt) + err = GPG_ERR_INV_CIPHER_MODE; + else if (spec->blocksize != (128/8)) + err = GPG_ERR_INV_CIPHER_MODE; + break; + case GCRY_CIPHER_MODE_STREAM: if (!spec->stencrypt || !spec->stdecrypt) err = GPG_ERR_INV_CIPHER_MODE; @@ -445,7 +456,8 @@ _gcry_cipher_open_internal (gcry_cipher_hd_t *handle, /* Perform selftest here and mark this with a flag in cipher_table? No, we should not do this as it takes too long. Further it does not make sense to exclude algorithms with failing selftests at - runtime: If a selftest fails there is something seriously wrong with the system and thus we better die immediately. */ + runtime: If a selftest fails there is something seriously wrong + with the system and thus we better die immediately. */ if (! err) { @@ -551,6 +563,18 @@ _gcry_cipher_open_internal (gcry_cipher_hd_t *handle, default: break; } + + /* Setup defaults depending on the mode. */ + switch (mode) + { + case GCRY_CIPHER_MODE_OCB: + h->u_mode.ocb.taglen = 16; /* Bytes. */ + break; + + default: + break; + } + } } @@ -716,6 +740,10 @@ cipher_reset (gcry_cipher_hd_t c) break; #endif + case GCRY_CIPHER_MODE_OCB: + memset (&c->u_mode.ocb, 0, sizeof c->u_mode.ocb); + break; + default: break; /* u_mode unused by other modes. */ } @@ -827,6 +855,10 @@ cipher_encrypt (gcry_cipher_hd_t c, byte *outbuf, size_t outbuflen, inbuf, inbuflen); break; + case GCRY_CIPHER_MODE_OCB: + rc = _gcry_cipher_ocb_encrypt (c, outbuf, outbuflen, inbuf, inbuflen); + break; + case GCRY_CIPHER_MODE_STREAM: c->spec->stencrypt (&c->context.c, outbuf, (byte*)/*arggg*/inbuf, inbuflen); @@ -940,6 +972,10 @@ cipher_decrypt (gcry_cipher_hd_t c, byte *outbuf, size_t outbuflen, inbuf, inbuflen); break; + case GCRY_CIPHER_MODE_OCB: + rc = _gcry_cipher_ocb_decrypt (c, outbuf, outbuflen, inbuf, inbuflen); + break; + case GCRY_CIPHER_MODE_STREAM: c->spec->stdecrypt (&c->context.c, outbuf, (byte*)/*arggg*/inbuf, inbuflen); @@ -1029,6 +1065,10 @@ _gcry_cipher_setiv (gcry_cipher_hd_t hd, const void *iv, size_t ivlen) rc = _gcry_cipher_poly1305_setiv (hd, iv, ivlen); break; + case GCRY_CIPHER_MODE_OCB: + rc = _gcry_cipher_ocb_set_nonce (hd, iv, ivlen); + break; + default: rc = cipher_setiv (hd, iv, ivlen); break; @@ -1083,6 +1123,10 @@ _gcry_cipher_authenticate (gcry_cipher_hd_t hd, const void *abuf, rc = _gcry_cipher_poly1305_authenticate (hd, abuf, abuflen); break; + case GCRY_CIPHER_MODE_OCB: + rc = _gcry_cipher_ocb_authenticate (hd, abuf, abuflen); + break; + default: log_error ("gcry_cipher_authenticate: invalid mode %d\n", hd->mode); rc = GPG_ERR_INV_CIPHER_MODE; @@ -1116,6 +1160,10 @@ _gcry_cipher_gettag (gcry_cipher_hd_t hd, void *outtag, size_t taglen) rc = _gcry_cipher_poly1305_get_tag (hd, outtag, taglen); break; + case GCRY_CIPHER_MODE_OCB: + rc = _gcry_cipher_ocb_get_tag (hd, outtag, taglen); + break; + default: log_error ("gcry_cipher_gettag: invalid mode %d\n", hd->mode); rc = GPG_ERR_INV_CIPHER_MODE; @@ -1149,6 +1197,10 @@ _gcry_cipher_checktag (gcry_cipher_hd_t hd, const void *intag, size_t taglen) rc = _gcry_cipher_poly1305_check_tag (hd, intag, taglen); break; + case GCRY_CIPHER_MODE_OCB: + rc = _gcry_cipher_ocb_check_tag (hd, intag, taglen); + break; + default: log_error ("gcry_cipher_checktag: invalid mode %d\n", hd->mode); rc = GPG_ERR_INV_CIPHER_MODE; @@ -1170,6 +1222,12 @@ _gcry_cipher_ctl (gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen) cipher_reset (h); break; + case GCRYCTL_FINALIZE: + if (!h || buffer || buflen) + return GPG_ERR_INV_ARG; + h->marks.finalize = 1; + break; + case GCRYCTL_CFB_SYNC: cipher_sync( h ); break; @@ -1222,6 +1280,29 @@ _gcry_cipher_ctl (gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen) #endif break; + case GCRYCTL_SET_TAGLEN: + if (!h || !buffer || buflen != sizeof(int) ) + return GPG_ERR_INV_ARG; + switch (h->mode) + { + case GCRY_CIPHER_MODE_OCB: + switch (*(int*)buffer) + { + case 8: case 12: case 16: + h->u_mode.ocb.taglen = *(int*)buffer; + break; + default: + rc = GPG_ERR_INV_LENGTH; /* Invalid tag length. */ + break; + } + break; + + default: + rc =GPG_ERR_INV_CIPHER_MODE; + break; + } + break; + case GCRYCTL_DISABLE_ALGO: /* This command expects NULL for H and BUFFER to point to an integer with the algo number. */ diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 7337db9..8683ca8 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -1650,7 +1650,14 @@ mode, which can be used with ChaCha20 and Salsa20 stream ciphers. @item GCRY_CIPHER_MODE_OCB @cindex OCB, OCB3 OCB is an Authenticated Encryption with Associated Data (AEAD) block -cipher mode, which is specified in RFC-7253. +cipher mode, which is specified in RFC-7253. Supported tag lengths +are 128, 96, and 64 bit with the default being 128 bit. To switch to +a different tag length @code{gcry_cipher_ctl} using the command + at code{GCRYCTL_SET_TAGLEN} and the address of an @code{int} variable +set to 12 (for 96 bit) or 8 (for 64 bit) provided for the + at code{buffer} argument and @code{sizeof(int)} for @code{buflen}. + +Note that the use of @code{gcry_cipher_final} is required. @end table @@ -1750,12 +1757,9 @@ vector is passed as the buffer @var{K} of length @var{l} bytes and copied to internal data structures. The function checks that the IV matches the requirement of the selected algorithm and mode. -This function is also used with Salsa20 and ChaCha20 stream ciphers -to set or update the required nonce. In this case it needs to be -called after setting the key. - -This function is also used with the AEAD cipher modes to set or -update the required nonce. +This function is also used by AEAD modes and with Salsa20 and ChaCha20 +stream ciphers to set or update the required nonce. In these cases it +needs to be called after setting the key. @end deftypefun @@ -1827,6 +1831,9 @@ is sufficient space. Note that overlapping buffers are not allowed. Depending on the selected algorithms and encryption mode, the length of the buffers must be a multiple of the block size. +Some encryption modes require that @code{gcry_cipher_final} is used +before the final data chunk is passed to this function. + The function returns @code{0} on success or an error code. @end deftypefun @@ -1847,11 +1854,27 @@ is sufficient space. Note that overlapping buffers are not allowed. Depending on the selected algorithms and encryption mode, the length of the buffers must be a multiple of the block size. +Some encryption modes require that @code{gcry_cipher_final} is used +before the final data chunk is passed to this function. + The function returns @code{0} on success or an error code. @end deftypefun -OpenPGP (as defined in RFC-2440) requires a special sync operation in +The OCB mode features integrated padding and must thus be told about +the end of the input data. This is done with: + + at deftypefun gcry_error_t gcry_cipher_final (gcry_cipher_hd_t @var{h}) + +Set a flag in the context to tell the encrypt and decrypt functions +that their next call will provide the last chunk of data. Only the +first call to this function has an effect and only for modes which +support it. Checking the error in in general not necessary. This is +implemented as a macro. + at end deftypefun + + +OpenPGP (as defined in RFC-4880) requires a special sync operation in some places. The following function is used for this: @deftypefun gcry_error_t gcry_cipher_sync (gcry_cipher_hd_t @var{h}) diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index 85c6753..10099e1 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -331,7 +331,8 @@ enum gcry_ctl_cmds GCRYCTL_INACTIVATE_FIPS_FLAG = 71, GCRYCTL_REACTIVATE_FIPS_FLAG = 72, GCRYCTL_SET_SBOX = 73, - GCRYCTL_DRBG_REINIT = 74 + GCRYCTL_DRBG_REINIT = 74, + GCRYCTL_SET_TAGLEN = 75 }; /* Perform various operations defined by CMD. */ @@ -1012,6 +1013,11 @@ gcry_error_t gcry_cipher_checktag (gcry_cipher_hd_t hd, const void *intag, #define gcry_cipher_set_sbox(h,oid) gcry_cipher_ctl( (h), GCRYCTL_SET_SBOX, \ (oid), 0); +/* Indicate to the encrypt and decrypt functions that the next call + provides the final data. Only used with some modes. e */ +#define gcry_cipher_final(a) \ + gcry_cipher_ctl ((a), GCRYCTL_FINALIZE, NULL, 0) + /* Set counter for CTR mode. (CTR,CTRLEN) must denote a buffer of block size length, or (NULL,0) to set the CTR to the all-zero block. */ gpg_error_t gcry_cipher_setctr (gcry_cipher_hd_t hd, diff --git a/tests/basic.c b/tests/basic.c index ef8260f..869b381 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -61,6 +61,22 @@ static int error_count; static int in_fips_mode; static int die_on_error; +#define MAX_DATA_LEN 128 + +#define digitp(p) (*(p) >= '0' && *(p) <= '9') +#define hexdigitp(a) (digitp (a) \ + || (*(a) >= 'A' && *(a) <= 'F') \ + || (*(a) >= 'a' && *(a) <= 'f')) +#define xtoi_1(p) (*(p) <= '9'? (*(p)- '0'): \ + *(p) <= 'F'? (*(p)-'A'+10):(*(p)-'a'+10)) +#define xtoi_2(p) ((xtoi_1(p) * 16) + xtoi_1((p)+1)) +#define xmalloc(a) gcry_xmalloc ((a)) +#define xcalloc(a,b) gcry_xcalloc ((a),(b)) +#define xstrdup(a) gcry_xstrdup ((a)) +#define xfree(a) gcry_free ((a)) + + + static void fail (const char *format, ...) { @@ -74,6 +90,7 @@ fail (const char *format, ...) exit (1); } + static void mismatch (const void *expected, size_t expectedlen, const void *computed, size_t computedlen) @@ -102,6 +119,30 @@ die (const char *format, ...) } +/* Convert STRING consisting of hex characters into its binary + representation and return it as an allocated buffer. The valid + length of the buffer is returned at R_LENGTH. The string is + delimited by end of string. The function terminates on error. */ +static void * +hex2buffer (const char *string, size_t *r_length) +{ + const char *s; + unsigned char *buffer; + size_t length; + + buffer = xmalloc (strlen(string)/2+1); + length = 0; + for (s=string; *s; s +=2 ) + { + if (!hexdigitp (s) || !hexdigitp (s+1)) + die ("invalid hex digits in \"%s\"\n", string); + ((unsigned char*)buffer)[length++] = xtoi_2 (s); + } + *r_length = length; + return buffer; +} + + static void show_sexp (const char *prefix, gcry_sexp_t a) { @@ -195,8 +236,6 @@ show_mac_not_available (int algo) -#define MAX_DATA_LEN 128 - void progress_handler (void *cb_data, const char *what, int printchar, int current, int total) @@ -2742,6 +2781,355 @@ check_ccm_cipher (void) static void +check_ocb_cipher (void) +{ + /* Note that we use hex strings and not binary strings in TV. That + makes it easier to maintain the test vectors. */ + static const struct + { + int algo; + int taglen; /* 16, 12, or 8 bytes */ + const char *key; /* NULL means "000102030405060708090A0B0C0D0E0F" */ + const char *nonce; + const char *aad; + const char *plain; + const char *ciph; + } tv[] = { + /* The RFC-7253 test vectos*/ + { GCRY_CIPHER_AES, 16, NULL, + "BBAA99887766554433221100", + "", + "", + "785407BFFFC8AD9EDCC5520AC9111EE6" + }, + { GCRY_CIPHER_AES, 16, NULL, + "BBAA99887766554433221101", + "0001020304050607", + "0001020304050607", + "6820B3657B6F615A5725BDA0D3B4EB3A257C9AF1F8F03009" + }, + { GCRY_CIPHER_AES, 16, NULL, + "BBAA99887766554433221102", + "0001020304050607", + "", + "81017F8203F081277152FADE694A0A00" + }, + { GCRY_CIPHER_AES, 16, NULL, + "BBAA99887766554433221103", + "", + "0001020304050607", + "45DD69F8F5AAE72414054CD1F35D82760B2CD00D2F99BFA9" + }, + { GCRY_CIPHER_AES, 16, NULL, + "BBAA99887766554433221104", + "000102030405060708090A0B0C0D0E0F", + "000102030405060708090A0B0C0D0E0F", + "571D535B60B277188BE5147170A9A22C3AD7A4FF3835B8C5" + "701C1CCEC8FC3358" + }, + { GCRY_CIPHER_AES, 16, NULL, + "BBAA99887766554433221105", + "000102030405060708090A0B0C0D0E0F", + "", + "8CF761B6902EF764462AD86498CA6B97" + }, + { GCRY_CIPHER_AES, 16, NULL, + "BBAA99887766554433221106", + "", + "000102030405060708090A0B0C0D0E0F", + "5CE88EC2E0692706A915C00AEB8B2396F40E1C743F52436B" + "DF06D8FA1ECA343D" + }, + { GCRY_CIPHER_AES, 16, NULL, + "BBAA99887766554433221107", + "000102030405060708090A0B0C0D0E0F1011121314151617", + "000102030405060708090A0B0C0D0E0F1011121314151617", + "1CA2207308C87C010756104D8840CE1952F09673A448A122" + "C92C62241051F57356D7F3C90BB0E07F" + }, + { GCRY_CIPHER_AES, 16, NULL, + "BBAA99887766554433221108", + "000102030405060708090A0B0C0D0E0F1011121314151617", + "", + "6DC225A071FC1B9F7C69F93B0F1E10DE" + }, + { GCRY_CIPHER_AES, 16, NULL, + "BBAA99887766554433221109", + "", + "000102030405060708090A0B0C0D0E0F1011121314151617", + "221BD0DE7FA6FE993ECCD769460A0AF2D6CDED0C395B1C3C" + "E725F32494B9F914D85C0B1EB38357FF" + }, + { GCRY_CIPHER_AES, 16, NULL, + "BBAA9988776655443322110A", + "000102030405060708090A0B0C0D0E0F1011121314151617" + "18191A1B1C1D1E1F", + "000102030405060708090A0B0C0D0E0F1011121314151617" + "18191A1B1C1D1E1F", + "BD6F6C496201C69296C11EFD138A467ABD3C707924B964DE" + "AFFC40319AF5A48540FBBA186C5553C68AD9F592A79A4240" + }, + { GCRY_CIPHER_AES, 16, NULL, + "BBAA9988776655443322110B", + "000102030405060708090A0B0C0D0E0F1011121314151617" + "18191A1B1C1D1E1F", + "", + "FE80690BEE8A485D11F32965BC9D2A32" + }, + { GCRY_CIPHER_AES, 16, NULL, + "BBAA9988776655443322110C", + "", + "000102030405060708090A0B0C0D0E0F1011121314151617" + "18191A1B1C1D1E1F", + "2942BFC773BDA23CABC6ACFD9BFD5835BD300F0973792EF4" + "6040C53F1432BCDFB5E1DDE3BC18A5F840B52E653444D5DF" + }, + { GCRY_CIPHER_AES, 16, NULL, + "BBAA9988776655443322110D", + "000102030405060708090A0B0C0D0E0F1011121314151617" + "18191A1B1C1D1E1F2021222324252627", + "000102030405060708090A0B0C0D0E0F1011121314151617" + "18191A1B1C1D1E1F2021222324252627", + "D5CA91748410C1751FF8A2F618255B68A0A12E093FF45460" + "6E59F9C1D0DDC54B65E8628E568BAD7AED07BA06A4A69483" + "A7035490C5769E60" + }, + { GCRY_CIPHER_AES, 16, NULL, + "BBAA9988776655443322110E", + "000102030405060708090A0B0C0D0E0F1011121314151617" + "18191A1B1C1D1E1F2021222324252627", + "", + "C5CD9D1850C141E358649994EE701B68" + }, + { GCRY_CIPHER_AES, 16, NULL, + "BBAA9988776655443322110F", + "", + "000102030405060708090A0B0C0D0E0F1011121314151617" + "18191A1B1C1D1E1F2021222324252627", + "4412923493C57D5DE0D700F753CCE0D1D2D95060122E9F15" + "A5DDBFC5787E50B5CC55EE507BCB084E479AD363AC366B95" + "A98CA5F3000B1479" + }, + { GCRY_CIPHER_AES, 12, "0F0E0D0C0B0A09080706050403020100", + "BBAA9988776655443322110D", + "000102030405060708090A0B0C0D0E0F1011121314151617" + "18191A1B1C1D1E1F2021222324252627", + "000102030405060708090A0B0C0D0E0F1011121314151617" + "18191A1B1C1D1E1F2021222324252627", + "1792A4E31E0755FB03E31B22116E6C2DDF9EFD6E33D536F1" + "A0124B0A55BAE884ED93481529C76B6AD0C515F4D1CDD4FD" + "AC4F02AA" + } + }; + gpg_error_t err = 0; + gcry_cipher_hd_t hde, hdd; + unsigned char out[MAX_DATA_LEN]; + unsigned char tag[16]; + int tidx; + + if (verbose) + fprintf (stderr, " Starting OCB checks.\n"); + + for (tidx = 0; tidx < DIM (tv); tidx++) + { + char *key, *nonce, *aad, *ciph, *plain; + size_t keylen, noncelen, aadlen, ciphlen, plainlen; + int taglen; + + if (verbose) + fprintf (stderr, " checking OCB mode for %s [%i] (tv %d)\n", + gcry_cipher_algo_name (tv[tidx].algo), tv[tidx].algo, tidx); + + /* Convert to hex strings to binary. */ + key = hex2buffer (tv[tidx].key? tv[tidx].key + /* */: "000102030405060708090A0B0C0D0E0F", + &keylen); + nonce = hex2buffer (tv[tidx].nonce, &noncelen); + aad = hex2buffer (tv[tidx].aad, &aadlen); + plain = hex2buffer (tv[tidx].plain, &plainlen); + ciph = hex2buffer (tv[tidx].ciph, &ciphlen); + + /* Check that our test vectors are sane. */ + assert (plainlen <= sizeof out); + assert (tv[tidx].taglen <= ciphlen); + assert (tv[tidx].taglen <= sizeof tag); + + err = gcry_cipher_open (&hde, tv[tidx].algo, GCRY_CIPHER_MODE_OCB, 0); + if (!err) + err = gcry_cipher_open (&hdd, tv[tidx].algo, GCRY_CIPHER_MODE_OCB, 0); + if (err) + { + fail ("cipher-ocb, gcry_cipher_open failed (tv %d): %s\n", + tidx, gpg_strerror (err)); + return; + } + + /* Set the taglen. For the first handle we do this only for a + non-default taglen. For the second handle we check that we + can also set to the default taglen. */ + taglen = tv[tidx].taglen; + if (taglen != 16) + { + err = gcry_cipher_ctl (hde, GCRYCTL_SET_TAGLEN, + &taglen, sizeof taglen); + if (err) + { + fail ("cipher-ocb, gcryctl_set_taglen failed (tv %d): %s\n", + tidx, gpg_strerror (err)); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + return; + } + } + err = gcry_cipher_ctl (hdd, GCRYCTL_SET_TAGLEN, + &taglen, sizeof taglen); + if (err) + { + fail ("cipher-ocb, gcryctl_set_taglen failed (tv %d): %s\n", + tidx, gpg_strerror (err)); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + return; + } + + err = gcry_cipher_setkey (hde, key, keylen); + if (!err) + err = gcry_cipher_setkey (hdd, key, keylen); + if (err) + { + fail ("cipher-ocb, gcry_cipher_setkey failed (tv %d): %s\n", + tidx, gpg_strerror (err)); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + return; + } + + err = gcry_cipher_setiv (hde, nonce, noncelen); + if (!err) + err = gcry_cipher_setiv (hdd, nonce, noncelen); + if (err) + { + fail ("cipher-ocb, gcry_cipher_setiv failed (tv %d): %s\n", + tidx, gpg_strerror (err)); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + return; + } + + err = gcry_cipher_authenticate (hde, aad, aadlen); + if (err) + { + fail ("cipher-ocb, gcry_cipher_authenticate failed (tv %d): %s\n", + tidx, gpg_strerror (err)); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + return; + } + + err = gcry_cipher_final (hde); + if (!err) + err = gcry_cipher_encrypt (hde, out, MAX_DATA_LEN, plain, plainlen); + if (err) + { + fail ("cipher-ocb, gcry_cipher_encrypt failed (tv %d): %s\n", + tidx, gpg_strerror (err)); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + return; + } + + /* Check that the encrypt output matches the expected cipher + text without the tag (i.e. at the length of plaintext). */ + if (memcmp (ciph, out, plainlen)) + { + mismatch (ciph, plainlen, out, plainlen); + fail ("cipher-ocb, encrypt data mismatch (tv %d)\n", tidx); + } + + /* Check that the tag matches TAGLEN bytes from the end of the + expected ciphertext. */ + err = gcry_cipher_gettag (hde, tag, tv[tidx].taglen); + if (err) + { + fail ("cipher_ocb, gcry_cipher_gettag failed (tv %d): %s\n", + tidx, gpg_strerror (err)); + } + if (memcmp (ciph + ciphlen - tv[tidx].taglen, tag, tv[tidx].taglen)) + { + mismatch (ciph + ciphlen - tv[tidx].taglen, tv[tidx].taglen, + tag, tv[tidx].taglen); + fail ("cipher-ocb, encrypt tag mismatch (tv %d)\n", tidx); + } + + + err = gcry_cipher_authenticate (hdd, aad, aadlen); + if (err) + { + fail ("cipher-ocb, gcry_cipher_authenticate failed (tv %d): %s\n", + tidx, gpg_strerror (err)); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + return; + } + + /* Now for the decryption. */ + err = gcry_cipher_final (hdd); + if (!err) + err = gcry_cipher_decrypt (hdd, out, plainlen, NULL, 0); + if (err) + { + fail ("cipher-ocb, gcry_cipher_decrypt (tv %d) failed: %s\n", + tidx, gpg_strerror (err)); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + return; + } + + /* We still have TAG from the encryption. */ + err = gcry_cipher_checktag (hdd, tag, tv[tidx].taglen); + if (err) + { + fail ("cipher-ocb, gcry_cipher_checktag failed (tv %d): %s\n", + tidx, gpg_strerror (err)); + } + + /* Check that the decrypt output matches the original plaintext. */ + if (memcmp (plain, out, plainlen)) + { + mismatch (plain, plainlen, out, plainlen); + fail ("cipher-ocb, decrypt data mismatch (tv %d)\n", tidx); + } + + /* Check that gettag also works for decryption. */ + err = gcry_cipher_gettag (hdd, tag, tv[tidx].taglen); + if (err) + { + fail ("cipher_ocb, decrypt gettag failed (tv %d): %s\n", + tidx, gpg_strerror (err)); + } + if (memcmp (ciph + ciphlen - tv[tidx].taglen, tag, tv[tidx].taglen)) + { + mismatch (ciph + ciphlen - tv[tidx].taglen, tv[tidx].taglen, + tag, tv[tidx].taglen); + fail ("cipher-ocb, decrypt tag mismatch (tv %d)\n", tidx); + } + + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + + xfree (nonce); + xfree (aad); + xfree (ciph); + xfree (plain); + xfree (key); + } + + if (verbose) + fprintf (stderr, " Completed OCB checks.\n"); +} + + +static void check_stream_cipher (void) { static const struct tv @@ -4391,6 +4779,7 @@ check_cipher_modes(void) check_ccm_cipher (); check_gcm_cipher (); check_poly1305_cipher (); + check_ocb_cipher (); check_stream_cipher (); check_stream_cipher_large_block (); @@ -7143,6 +7532,7 @@ main (int argc, char **argv) int use_fips = 0; int selftest_only = 0; int pubkey_only = 0; + int cipher_modes_only = 0; int loop = 0; unsigned int loopcount = 0; @@ -7183,6 +7573,11 @@ main (int argc, char **argv) pubkey_only = 1; argc--; argv++; } + else if (!strcmp (*argv, "--cipher-modes")) + { + cipher_modes_only = 1; + argc--; argv++; + } else if (!strcmp (*argv, "--die")) { die_on_error = 1; @@ -7228,6 +7623,8 @@ main (int argc, char **argv) { if (pubkey_only) check_pubkey (); + else if (cipher_modes_only) + check_ciphers (); else if (!selftest_only) { check_ciphers (); diff --git a/tests/bench-slope.c b/tests/bench-slope.c index ebf672e..c309b7e 100644 --- a/tests/bench-slope.c +++ b/tests/bench-slope.c @@ -916,6 +916,7 @@ bench_aead_encrypt_do_bench (struct bench_obj *obj, void *buf, size_t buflen, gcry_cipher_setiv (hd, nonce, noncelen); + gcry_cipher_final (hd); err = gcry_cipher_encrypt (hd, buf, buflen, buf, buflen); if (err) { @@ -945,6 +946,7 @@ bench_aead_decrypt_do_bench (struct bench_obj *obj, void *buf, size_t buflen, gcry_cipher_setiv (hd, nonce, noncelen); + gcry_cipher_final (hd); err = gcry_cipher_decrypt (hd, buf, buflen, buf, buflen); if (err) { @@ -976,7 +978,14 @@ bench_aead_authenticate_do_bench (struct bench_obj *obj, void *buf, char tag[16] = { 0, }; char data = 0xff; - gcry_cipher_setiv (hd, nonce, noncelen); + err = gcry_cipher_setiv (hd, nonce, noncelen); + if (err) + { + fprintf (stderr, PGM ": gcry_cipher_setiv failed: %s\n", + gpg_strerror (err)); + gcry_cipher_close (hd); + exit (1); + } err = gcry_cipher_authenticate (hd, buf, buflen); if (err) @@ -987,6 +996,7 @@ bench_aead_authenticate_do_bench (struct bench_obj *obj, void *buf, exit (1); } + gcry_cipher_final (hd); err = gcry_cipher_encrypt (hd, &data, sizeof (data), &data, sizeof (data)); if (err) { @@ -1012,7 +1022,7 @@ bench_gcm_encrypt_do_bench (struct bench_obj *obj, void *buf, size_t buflen) { char nonce[12] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, - 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88, }; + 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88 }; bench_aead_encrypt_do_bench (obj, buf, buflen, nonce, sizeof(nonce)); } @@ -1021,7 +1031,7 @@ bench_gcm_decrypt_do_bench (struct bench_obj *obj, void *buf, size_t buflen) { char nonce[12] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, - 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88, }; + 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88 }; bench_aead_decrypt_do_bench (obj, buf, buflen, nonce, sizeof(nonce)); } @@ -1030,7 +1040,7 @@ bench_gcm_authenticate_do_bench (struct bench_obj *obj, void *buf, size_t buflen) { char nonce[12] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, - 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88, }; + 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88 }; bench_aead_authenticate_do_bench (obj, buf, buflen, nonce, sizeof(nonce)); } @@ -1054,6 +1064,55 @@ static struct bench_ops gcm_authenticate_ops = { static void +bench_ocb_encrypt_do_bench (struct bench_obj *obj, void *buf, + size_t buflen) +{ + char nonce[15] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, + 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88, + 0x00, 0x00, 0x01 }; + bench_aead_encrypt_do_bench (obj, buf, buflen, nonce, sizeof(nonce)); +} + +static void +bench_ocb_decrypt_do_bench (struct bench_obj *obj, void *buf, + size_t buflen) +{ + char nonce[15] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, + 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88, + 0x00, 0x00, 0x01 }; + bench_aead_decrypt_do_bench (obj, buf, buflen, nonce, sizeof(nonce)); +} + +static void +bench_ocb_authenticate_do_bench (struct bench_obj *obj, void *buf, + size_t buflen) +{ + char nonce[15] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, + 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88, + 0x00, 0x00, 0x01 }; + bench_aead_authenticate_do_bench (obj, buf, buflen, nonce, sizeof(nonce)); +} + +static struct bench_ops ocb_encrypt_ops = { + &bench_encrypt_init, + &bench_encrypt_free, + &bench_ocb_encrypt_do_bench +}; + +static struct bench_ops ocb_decrypt_ops = { + &bench_encrypt_init, + &bench_encrypt_free, + &bench_ocb_decrypt_do_bench +}; + +static struct bench_ops ocb_authenticate_ops = { + &bench_encrypt_init, + &bench_encrypt_free, + &bench_ocb_authenticate_do_bench +}; + + +static void bench_poly1305_encrypt_do_bench (struct bench_obj *obj, void *buf, size_t buflen) { @@ -1115,6 +1174,9 @@ static struct bench_cipher_mode cipher_modes[] = { {GCRY_CIPHER_MODE_GCM, "GCM enc", &gcm_encrypt_ops}, {GCRY_CIPHER_MODE_GCM, "GCM dec", &gcm_decrypt_ops}, {GCRY_CIPHER_MODE_GCM, "GCM auth", &gcm_authenticate_ops}, + {GCRY_CIPHER_MODE_OCB, "OCB enc", &ocb_encrypt_ops}, + {GCRY_CIPHER_MODE_OCB, "OCB dec", &ocb_decrypt_ops}, + {GCRY_CIPHER_MODE_OCB, "OCB auth", &ocb_authenticate_ops}, {GCRY_CIPHER_MODE_POLY1305, "POLY1305 enc", &poly1305_encrypt_ops}, {GCRY_CIPHER_MODE_POLY1305, "POLY1305 dec", &poly1305_decrypt_ops}, {GCRY_CIPHER_MODE_POLY1305, "POLY1305 auth", &poly1305_authenticate_ops}, @@ -1155,10 +1217,14 @@ cipher_bench_one (int algo, struct bench_cipher_mode *pmode) if (mode.mode == GCRY_CIPHER_MODE_CCM && blklen != GCRY_CCM_BLOCK_LEN) return; - /* CCM has restrictions for block-size */ + /* GCM has restrictions for block-size */ if (mode.mode == GCRY_CIPHER_MODE_GCM && blklen != GCRY_GCM_BLOCK_LEN) return; + /* Our OCB implementaion has restrictions for block-size. */ + if (mode.mode == GCRY_CIPHER_MODE_OCB && blklen != 16) + return; + bench_print_mode (14, mode.name); obj.ops = mode.ops; @@ -1197,17 +1263,17 @@ cipher_bench (char **argv, int argc) if (argv && argc) { for (i = 0; i < argc; i++) - { - algo = gcry_cipher_map_name (argv[i]); - if (algo) - _cipher_bench (algo); - } + { + algo = gcry_cipher_map_name (argv[i]); + if (algo) + _cipher_bench (algo); + } } else { for (i = 1; i < 400; i++) - if (!gcry_cipher_test_algo (i)) - _cipher_bench (i); + if (!gcry_cipher_test_algo (i)) + _cipher_bench (i); } } diff --git a/tests/benchmark.c b/tests/benchmark.c index 5bf92da..6be9509 100644 --- a/tests/benchmark.c +++ b/tests/benchmark.c @@ -779,6 +779,7 @@ cipher_bench ( const char *algoname ) void (* const aead_init)(gcry_cipher_hd_t hd, size_t buflen, int authlen); int req_blocksize; int authlen; + int noncelen; } modes[] = { { GCRY_CIPHER_MODE_ECB, " ECB/Stream", 1 }, { GCRY_CIPHER_MODE_CBC, " CBC", 1 }, @@ -791,6 +792,8 @@ cipher_bench ( const char *algoname ) #endif { GCRY_CIPHER_MODE_GCM, " GCM", 0, NULL, GCRY_GCM_BLOCK_LEN, GCRY_GCM_BLOCK_LEN }, + { GCRY_CIPHER_MODE_OCB, " OCB", 1, + NULL, 16, 16, 15 }, { GCRY_CIPHER_MODE_STREAM, "", 0 }, {0} }; @@ -929,9 +932,30 @@ cipher_bench ( const char *algoname ) exit (1); } } + + if (modes[modeidx].noncelen) + { + char nonce[100]; + size_t noncelen; + + noncelen = modes[modeidx].noncelen; + if (noncelen > sizeof nonce) + noncelen = sizeof nonce; + memset (nonce, 42, noncelen); + err = gcry_cipher_setiv (hd, nonce, noncelen); + if (err) + { + fprintf (stderr, "gcry_cipher_setiv failed: %s\n", + gpg_strerror (err)); + gcry_cipher_close (hd); + exit (1); + } + } + if (modes[modeidx].aead_init) { (*modes[modeidx].aead_init) (hd, buflen, modes[modeidx].authlen); + gcry_cipher_final (hd); err = gcry_cipher_encrypt (hd, outbuf, buflen, buf, buflen); if (err) break; @@ -987,18 +1011,42 @@ cipher_bench ( const char *algoname ) exit (1); } } + + if (modes[modeidx].noncelen) + { + char nonce[100]; + size_t noncelen; + + noncelen = modes[modeidx].noncelen; + if (noncelen > sizeof nonce) + noncelen = sizeof nonce; + memset (nonce, 42, noncelen); + err = gcry_cipher_setiv (hd, nonce, noncelen); + if (err) + { + fprintf (stderr, "gcry_cipher_setiv failed: %s\n", + gpg_strerror (err)); + gcry_cipher_close (hd); + exit (1); + } + } + if (modes[modeidx].aead_init) { (*modes[modeidx].aead_init) (hd, buflen, modes[modeidx].authlen); + gcry_cipher_final (hd); err = gcry_cipher_decrypt (hd, outbuf, buflen, buf, buflen); if (err) break; err = gcry_cipher_checktag (hd, outbuf, modes[modeidx].authlen); if (gpg_err_code (err) == GPG_ERR_CHECKSUM) - err = gpg_error (GPG_ERR_NO_ERROR); + err = 0; } else - err = gcry_cipher_decrypt (hd, outbuf, buflen, buf, buflen); + { + gcry_cipher_final (hd); + err = gcry_cipher_decrypt (hd, outbuf, buflen, buf, buflen); + } } stop_timer (); printf (" %s", elapsed_time ()); ----------------------------------------------------------------------- Summary of changes: NEWS | 5 + cipher/Makefile.am | 3 +- cipher/bufhelp.h | 34 ++++ cipher/cipher-internal.h | 83 +++++++- cipher/cipher-ocb.c | 495 +++++++++++++++++++++++++++++++++++++++++++++++ cipher/cipher.c | 83 +++++++- doc/gcrypt.texi | 39 +++- src/gcrypt.h.in | 8 +- tests/basic.c | 401 +++++++++++++++++++++++++++++++++++++- tests/bench-slope.c | 90 +++++++-- tests/benchmark.c | 52 ++++- 11 files changed, 1264 insertions(+), 29 deletions(-) create mode 100644 cipher/cipher-ocb.c hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From ricardohenrylee at gmail.com Sat Jan 17 01:33:30 2015 From: ricardohenrylee at gmail.com (Richard H Lee) Date: Sat, 17 Jan 2015 00:33:30 +0000 Subject: Typo in rijndael.c Message-ID: <54B9ADDA.10202@gmail.com> I think there is a typo for the processor extension checks in rijndael.c diff --git a/cipher/rijndael.c b/cipher/rijndael.c index 51c36c7..a481e6f 100644 --- a/cipher/rijndael.c +++ b/cipher/rijndael.c @@ -325,7 +325,7 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) else if (ctx->use_aesni) _gcry_aes_aesni_do_setkey (ctx, key); #endif -#ifdef USE_AESNI +#ifdef USE_SSSE3 else if (ctx->use_ssse3) _gcry_aes_ssse3_do_setkey (ctx, key); #endif From jussi.kivilinna at iki.fi Mon Jan 19 08:09:22 2015 From: jussi.kivilinna at iki.fi (Jussi Kivilinna) Date: Mon, 19 Jan 2015 09:09:22 +0200 Subject: Typo in rijndael.c In-Reply-To: <54B9ADDA.10202@gmail.com> References: <54B9ADDA.10202@gmail.com> Message-ID: <54BCADA2.30401@iki.fi> On 17.01.2015 02:33, Richard H Lee wrote: > I think there is a typo for the processor extension checks in rijndael.c You're right. I'll submit patch to fix this. Thanks. -Jussi > > diff --git a/cipher/rijndael.c b/cipher/rijndael.c > index 51c36c7..a481e6f 100644 > --- a/cipher/rijndael.c > +++ b/cipher/rijndael.c > @@ -325,7 +325,7 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) > else if (ctx->use_aesni) > _gcry_aes_aesni_do_setkey (ctx, key); > #endif > -#ifdef USE_AESNI > +#ifdef USE_SSSE3 > else if (ctx->use_ssse3) > _gcry_aes_ssse3_do_setkey (ctx, key); > #endif > > _______________________________________________ > Gcrypt-devel mailing list > Gcrypt-devel at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gcrypt-devel > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 648 bytes Desc: OpenPGP digital signature URL: From cvs at cvs.gnupg.org Tue Jan 20 21:17:53 2015 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Tue, 20 Jan 2015 21:17:53 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-164-gceaa97f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via ceaa97f0d849c07f3a15b642fc3a2b0a477b4a47 (commit) from 067d7d8752d4d8a98f8e0e5e9b1a5b13e1b7ff9c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ceaa97f0d849c07f3a15b642fc3a2b0a477b4a47 Author: Jussi Kivilinna Date: Tue Jan 20 18:54:13 2015 +0200 rijndael: fix wrong ifdef for SSSE3 setkey * cipher/rijndael.c (do_setkey): Use USE_SSSE3 instead of USE_AESNI around SSSE3 setkey selection. -- Reported-by: Richard H Lee Signed-off-by: Jussi Kivilinna diff --git a/cipher/rijndael.c b/cipher/rijndael.c index 51c36c7..a481e6f 100644 --- a/cipher/rijndael.c +++ b/cipher/rijndael.c @@ -325,7 +325,7 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) else if (ctx->use_aesni) _gcry_aes_aesni_do_setkey (ctx, key); #endif -#ifdef USE_AESNI +#ifdef USE_SSSE3 else if (ctx->use_ssse3) _gcry_aes_ssse3_do_setkey (ctx, key); #endif ----------------------------------------------------------------------- Summary of changes: cipher/rijndael.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From cvs at cvs.gnupg.org Wed Jan 28 15:14:14 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 28 Jan 2015 15:14:14 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-165-g2564d20 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 2564d204e408b296425ac0660c6bdc6270575fb6 (commit) from ceaa97f0d849c07f3a15b642fc3a2b0a477b4a47 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2564d204e408b296425ac0660c6bdc6270575fb6 Author: Werner Koch Date: Wed Jan 28 15:13:50 2015 +0100 Fix building of GOST s-boxes when cross-compiling. * cipher/Makefile.am (gost-s-box): USe CC_FOR_BUILD. (noinst_PROGRAMS): Remove. (EXTRA_DIST): New. (CLEANFILES): New. Signed-off-by: Werner Koch diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 4a9c86d..33a68ff 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -26,8 +26,10 @@ AM_CFLAGS = $(GPG_ERROR_CFLAGS) AM_CCASFLAGS = $(NOEXECSTACK_FLAGS) -DISTCLEANFILES = gost-sb.h +EXTRA_DIST = gost-s-box.c +CLEANFILES = gost-s-box +DISTCLEANFILES = gost-sb.h noinst_LTLIBRARIES = libcipher.la @@ -96,10 +98,13 @@ rfc2268.c \ camellia.c camellia.h camellia-glue.c camellia-aesni-avx-amd64.S \ camellia-aesni-avx2-amd64.S camellia-arm.S -noinst_PROGRAMS = gost-s-box gost28147.lo: gost-sb.h gost-sb.h: gost-s-box - $(builddir)/gost-s-box $@ + ./gost-s-box $@ + +gost-s-box: gost-s-box.c + $(CC_FOR_BUILD) -o $@ $(srcdir)/gost-s-box.c + if ENABLE_O_FLAG_MUNGING o_flag_munging = sed -e 's/-O\([2-9s][2-9s]*\)/-O1/' -e 's/-Ofast/-O1/g' ----------------------------------------------------------------------- Summary of changes: cipher/Makefile.am | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From cvs at cvs.gnupg.org Fri Jan 30 17:27:07 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 30 Jan 2015 17:27:07 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-166-g40a7bdf Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 40a7bdf50e19faaf106470897fed72af623adc50 (commit) from 2564d204e408b296425ac0660c6bdc6270575fb6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 40a7bdf50e19faaf106470897fed72af623adc50 Author: Werner Koch Date: Fri Jan 30 16:58:02 2015 +0100 w32: Use -static-libgcc to avoid linking to libgcc_s_sjlj-1.dll. * src/Makefile.am (extra_ltoptions): New. (libgcrypt_la_LDFLAGS): Use it. -- Since gcc 4.8 there is a regression in that plain C programs may link to libgcc_s.a which has a dependency on libgcc_s_sjlj.dll. This is for example triggered by using long long arithmetic on a 32 bit Windows (e.g symbol __udivdi3). As usual the gcc maintainers don't care about backward compatibility and declare that as some kind of compatibility fix and not as regression from 4.7 and all earlier versions. Signed-off-by: Werner Koch diff --git a/src/Makefile.am b/src/Makefile.am index cbb08af..cd0d354 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -81,6 +81,7 @@ SUFFIXES = .rc .lo gcrypt_res = versioninfo.lo no_undefined = -no-undefined export_symbols = -export-symbols $(srcdir)/libgcrypt.def +extra_ltoptions = -XCClinker -static-libgcc install-def-file: -$(INSTALL) -d $(DESTDIR)$(libdir) @@ -97,6 +98,7 @@ gcrypt_res = gcrypt_res_ldflag = no_undefined = export_symbols = +extra_ltoptions = install-def-file: uninstall-def-file: @@ -105,7 +107,7 @@ gcrypt_deps = endif !HAVE_W32_SYSTEM -libgcrypt_la_LDFLAGS = $(no_undefined) $(export_symbols) \ +libgcrypt_la_LDFLAGS = $(no_undefined) $(export_symbols) $(extra_ltoptions) \ $(libgcrypt_version_script_cmd) -version-info \ @LIBGCRYPT_LT_CURRENT@:@LIBGCRYPT_LT_REVISION@:@LIBGCRYPT_LT_AGE@ libgcrypt_la_DEPENDENCIES = \ ----------------------------------------------------------------------- Summary of changes: src/Makefile.am | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits