From cmouse at desteem.org Fri Jan 1 11:57:56 2016 From: cmouse at desteem.org (Aki Tuomi) Date: Fri, 1 Jan 2016 12:57:56 +0200 Subject: Doing Ed25519 with GCrypt Message-ID: <20160101105756.GA2558@pi.ip.fi> Hi! Is it possible to implement Ed25519 sign/verify as per http://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-03 using libgcrypt with some version? I tried to do this but could not figure out how to the encode/decode part. Aki From wk at gnupg.org Mon Jan 4 16:36:45 2016 From: wk at gnupg.org (Werner Koch) Date: Mon, 04 Jan 2016 16:36:45 +0100 Subject: Doing Ed25519 with GCrypt In-Reply-To: <20160101105756.GA2558@pi.ip.fi> (Aki Tuomi's message of "Fri, 1 Jan 2016 12:57:56 +0200") References: <20160101105756.GA2558@pi.ip.fi> Message-ID: <87vb79l5ki.fsf@vigenere.g10code.de> On Fri, 1 Jan 2016 11:57, cmouse at desteem.org said: > using libgcrypt with some version? I tried to do this but could > not figure out how to the encode/decode part. Have a look at tests/t-ed25519.c which processes the original test vectors. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From komh78 at gmail.com Thu Jan 14 08:25:40 2016 From: komh78 at gmail.com (KO Myung-Hun) Date: Thu, 14 Jan 2016 16:25:40 +0900 Subject: [PATCH] OS/2 patches Message-ID: <56974D74.9000603@chollian.net> Hi/2, long time no see. ^^ Here are OS/2 patches for OS2-BRANCH including merge commits from LIBGCRYPT-1-6-BRANCH. It's too big. So I provide a link. http://www.ecomstation.co.kr/komh/download/libgcrypt_os2patches.zip Review, please... -- KO Myung-Hun Using Mozilla SeaMonkey 2.7.2 Under OS/2 Warp 4 for Korean with FixPak #15 In VirtualBox v4.1.32 on Intel Core i7-3615QM 2.30GHz with 8GB RAM Korean OS/2 User Community : http://www.ecomstation.co.kr From jussi.kivilinna at iki.fi Thu Jan 14 21:34:27 2016 From: jussi.kivilinna at iki.fi (Jussi Kivilinna) Date: Thu, 14 Jan 2016 22:34:27 +0200 Subject: [PATCH] Improve performance of generic SHA256 implementation Message-ID: <20160114203427.25564.63630.stgit@localhost6.localdomain6> * cipher/sha256.c (R): Let caller do variable shuffling. (Chro, Maj, Sum0, Sum1): Convert from inline functions to macros. (W, I): New. (transform_blk): Unroll round loop; inline message expansion to rounds to make message expansion buffer smaller. -- Benchmark on Cortex-A8 (armv6, 1008 Mhz): Before: | nanosecs/byte mebibytes/sec cycles/byte SHA256 | 27.63 ns/B 34.52 MiB/s 27.85 c/B After (1.31x faster): | nanosecs/byte mebibytes/sec cycles/byte SHA256 | 20.97 ns/B 45.48 MiB/s 21.13 c/B Benchmark on Cortex-A8 (armv7, 1008 Mhz): Before: | nanosecs/byte mebibytes/sec cycles/byte SHA256 | 24.18 ns/B 39.43 MiB/s 24.38 c/B After (1.13x faster): | nanosecs/byte mebibytes/sec cycles/byte SHA256 | 21.28 ns/B 44.82 MiB/s 21.45 c/B Benchmark on Intel Core i5-4570 (i386, 3.2 Ghz): Before: | nanosecs/byte mebibytes/sec cycles/byte SHA256 | 5.78 ns/B 164.9 MiB/s 18.51 c/B After (1.06x faster) | nanosecs/byte mebibytes/sec cycles/byte SHA256 | 5.41 ns/B 176.1 MiB/s 17.33 c/B Signed-off-by: Jussi Kivilinna --- cipher/sha256.c | 167 +++++++++++++++++++++++++++---------------------------- 1 file changed, 82 insertions(+), 85 deletions(-) diff --git a/cipher/sha256.c b/cipher/sha256.c index bc326e0..624c296 100644 --- a/cipher/sha256.c +++ b/cipher/sha256.c @@ -180,44 +180,27 @@ sha224_init (void *context, unsigned int flags) { \ t1 = (h) + Sum1((e)) + Cho((e),(f),(g)) + (k) + (w); \ t2 = Sum0((a)) + Maj((a),(b),(c)); \ - h = g; \ - g = f; \ - f = e; \ - e = d + t1; \ - d = c; \ - c = b; \ - b = a; \ - a = t1 + t2; \ + d += t1; \ + h = t1 + t2; \ } while (0) /* (4.2) same as SHA-1's F1. */ -static inline u32 -Cho (u32 x, u32 y, u32 z) -{ - return (z ^ (x & (y ^ z))); -} +#define Cho(x, y, z) (z ^ (x & (y ^ z))) /* (4.3) same as SHA-1's F3 */ -static inline u32 -Maj (u32 x, u32 y, u32 z) -{ - return ((x & y) | (z & (x|y))); -} +#define Maj(x, y, z) ((x & y) + (z & (x ^ y))) /* (4.4) */ -static inline u32 -Sum0 (u32 x) -{ - return (ror (x, 2) ^ ror (x, 13) ^ ror (x, 22)); -} +#define Sum0(x) (ror (x, 2) ^ ror (x, 13) ^ ror (x, 22)) /* (4.5) */ -static inline u32 -Sum1 (u32 x) -{ - return (ror (x, 6) ^ ror (x, 11) ^ ror (x, 25)); -} +#define Sum1(x) (ror (x, 6) ^ ror (x, 11) ^ ror (x, 25)) +/* Message expansion */ +#define W(i) ( w[i&0x0f] = S1(w[(i-2) &0x0f]) \ + + w[(i-7) &0x0f] \ + + S0(w[(i-15)&0x0f]) \ + + w[(i-16)&0x0f] ) static unsigned int transform_blk (void *ctx, const unsigned char *data) @@ -243,8 +226,9 @@ transform_blk (void *ctx, const unsigned char *data) }; u32 a,b,c,d,e,f,g,h,t1,t2; - u32 w[64]; - int i; + u32 w[16]; + +#define I(i) (w[i] = buf_get_be32(data + i * 4)) a = hd->h0; b = hd->h1; @@ -255,60 +239,73 @@ transform_blk (void *ctx, const unsigned char *data) g = hd->h6; h = hd->h7; - for (i=0; i < 16; i++) - w[i] = buf_get_be32(data + i * 4); - for (; i < 64; i++) - w[i] = S1(w[i-2]) + w[i-7] + S0(w[i-15]) + w[i-16]; - - for (i=0; i < 64;) - { -#if 0 - R(a,b,c,d,e,f,g,h,K[i],w[i]); - i++; -#else - t1 = h + Sum1 (e) + Cho (e, f, g) + K[i] + w[i]; - t2 = Sum0 (a) + Maj (a, b, c); - d += t1; - h = t1 + t2; - - t1 = g + Sum1 (d) + Cho (d, e, f) + K[i+1] + w[i+1]; - t2 = Sum0 (h) + Maj (h, a, b); - c += t1; - g = t1 + t2; - - t1 = f + Sum1 (c) + Cho (c, d, e) + K[i+2] + w[i+2]; - t2 = Sum0 (g) + Maj (g, h, a); - b += t1; - f = t1 + t2; - - t1 = e + Sum1 (b) + Cho (b, c, d) + K[i+3] + w[i+3]; - t2 = Sum0 (f) + Maj (f, g, h); - a += t1; - e = t1 + t2; - - t1 = d + Sum1 (a) + Cho (a, b, c) + K[i+4] + w[i+4]; - t2 = Sum0 (e) + Maj (e, f, g); - h += t1; - d = t1 + t2; - - t1 = c + Sum1 (h) + Cho (h, a, b) + K[i+5] + w[i+5]; - t2 = Sum0 (d) + Maj (d, e, f); - g += t1; - c = t1 + t2; - - t1 = b + Sum1 (g) + Cho (g, h, a) + K[i+6] + w[i+6]; - t2 = Sum0 (c) + Maj (c, d, e); - f += t1; - b = t1 + t2; - - t1 = a + Sum1 (f) + Cho (f, g, h) + K[i+7] + w[i+7]; - t2 = Sum0 (b) + Maj (b, c, d); - e += t1; - a = t1 + t2; - - i += 8; -#endif - } + R(a, b, c, d, e, f, g, h, K[0], I(0)); + R(h, a, b, c, d, e, f, g, K[1], I(1)); + R(g, h, a, b, c, d, e, f, K[2], I(2)); + R(f, g, h, a, b, c, d, e, K[3], I(3)); + R(e, f, g, h, a, b, c, d, K[4], I(4)); + R(d, e, f, g, h, a, b, c, K[5], I(5)); + R(c, d, e, f, g, h, a, b, K[6], I(6)); + R(b, c, d, e, f, g, h, a, K[7], I(7)); + R(a, b, c, d, e, f, g, h, K[8], I(8)); + R(h, a, b, c, d, e, f, g, K[9], I(9)); + R(g, h, a, b, c, d, e, f, K[10], I(10)); + R(f, g, h, a, b, c, d, e, K[11], I(11)); + R(e, f, g, h, a, b, c, d, K[12], I(12)); + R(d, e, f, g, h, a, b, c, K[13], I(13)); + R(c, d, e, f, g, h, a, b, K[14], I(14)); + R(b, c, d, e, f, g, h, a, K[15], I(15)); + + R(a, b, c, d, e, f, g, h, K[16], W(16)); + R(h, a, b, c, d, e, f, g, K[17], W(17)); + R(g, h, a, b, c, d, e, f, K[18], W(18)); + R(f, g, h, a, b, c, d, e, K[19], W(19)); + R(e, f, g, h, a, b, c, d, K[20], W(20)); + R(d, e, f, g, h, a, b, c, K[21], W(21)); + R(c, d, e, f, g, h, a, b, K[22], W(22)); + R(b, c, d, e, f, g, h, a, K[23], W(23)); + R(a, b, c, d, e, f, g, h, K[24], W(24)); + R(h, a, b, c, d, e, f, g, K[25], W(25)); + R(g, h, a, b, c, d, e, f, K[26], W(26)); + R(f, g, h, a, b, c, d, e, K[27], W(27)); + R(e, f, g, h, a, b, c, d, K[28], W(28)); + R(d, e, f, g, h, a, b, c, K[29], W(29)); + R(c, d, e, f, g, h, a, b, K[30], W(30)); + R(b, c, d, e, f, g, h, a, K[31], W(31)); + + R(a, b, c, d, e, f, g, h, K[32], W(32)); + R(h, a, b, c, d, e, f, g, K[33], W(33)); + R(g, h, a, b, c, d, e, f, K[34], W(34)); + R(f, g, h, a, b, c, d, e, K[35], W(35)); + R(e, f, g, h, a, b, c, d, K[36], W(36)); + R(d, e, f, g, h, a, b, c, K[37], W(37)); + R(c, d, e, f, g, h, a, b, K[38], W(38)); + R(b, c, d, e, f, g, h, a, K[39], W(39)); + R(a, b, c, d, e, f, g, h, K[40], W(40)); + R(h, a, b, c, d, e, f, g, K[41], W(41)); + R(g, h, a, b, c, d, e, f, K[42], W(42)); + R(f, g, h, a, b, c, d, e, K[43], W(43)); + R(e, f, g, h, a, b, c, d, K[44], W(44)); + R(d, e, f, g, h, a, b, c, K[45], W(45)); + R(c, d, e, f, g, h, a, b, K[46], W(46)); + R(b, c, d, e, f, g, h, a, K[47], W(47)); + + R(a, b, c, d, e, f, g, h, K[48], W(48)); + R(h, a, b, c, d, e, f, g, K[49], W(49)); + R(g, h, a, b, c, d, e, f, K[50], W(50)); + R(f, g, h, a, b, c, d, e, K[51], W(51)); + R(e, f, g, h, a, b, c, d, K[52], W(52)); + R(d, e, f, g, h, a, b, c, K[53], W(53)); + R(c, d, e, f, g, h, a, b, K[54], W(54)); + R(b, c, d, e, f, g, h, a, K[55], W(55)); + R(a, b, c, d, e, f, g, h, K[56], W(56)); + R(h, a, b, c, d, e, f, g, K[57], W(57)); + R(g, h, a, b, c, d, e, f, K[58], W(58)); + R(f, g, h, a, b, c, d, e, K[59], W(59)); + R(e, f, g, h, a, b, c, d, K[60], W(60)); + R(d, e, f, g, h, a, b, c, K[61], W(61)); + R(c, d, e, f, g, h, a, b, K[62], W(62)); + R(b, c, d, e, f, g, h, a, K[63], W(63)); hd->h0 += a; hd->h1 += b; @@ -319,7 +316,7 @@ transform_blk (void *ctx, const unsigned char *data) hd->h6 += g; hd->h7 += h; - return /*burn_stack*/ 74*4+32; + return /*burn_stack*/ 26*4+32; } #undef S0 #undef S1 From cvs at cvs.gnupg.org Fri Jan 15 16:19:04 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 15 Jan 2016 16:19:04 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-302-g191c2e4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 191c2e4fe2dc0e00f61aa44e011a9596887e6ce1 (commit) via 6303b0e83856ee89374b447e710f0ab2af61caec (commit) from 5a78e7f15e0dd96a8bf64e2bb142880bf8ea6965 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 191c2e4fe2dc0e00f61aa44e011a9596887e6ce1 Author: Werner Koch Date: Fri Jan 15 16:10:34 2016 +0100 Fix build problem for rndegd.c * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Test all RND modules. * random/rndegd.c (_gcry_rndegd_connect_socket) (my_make_filename): Use functions with '_' prefix. Signed-off-by: Werner Koch diff --git a/Makefile.am b/Makefile.am index 4c2c509..2e7abc4 100644 --- a/Makefile.am +++ b/Makefile.am @@ -18,7 +18,8 @@ # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA ACLOCAL_AMFLAGS = -I m4 -DISTCHECK_CONFIGURE_FLAGS = --disable-random-daemon --enable-doc +DISTCHECK_CONFIGURE_FLAGS = --disable-random-daemon --enable-doc \ + --enable-random=auto # (A suitable gitlog-to-changelog script can be found in GnuPG master.) GITLOG_TO_CHANGELOG=gitlog-to-changelog diff --git a/random/rndegd.c b/random/rndegd.c index d43fcbc..b87115f 100644 --- a/random/rndegd.c +++ b/random/rndegd.c @@ -62,7 +62,7 @@ my_make_filename (const char *first_part, const char *second_part) && (home = getenv("HOME")) && *home ) n += strlen(home); - name = gcry_xmalloc(n); + name = _gcry_xmalloc(n); p = (home ? stpcpy (stpcpy (name, home), first_part+1 ) : stpcpy (name, first_part) ); @@ -161,7 +161,7 @@ _gcry_rndegd_connect_socket (int nofail) #endif if (user_socket_name) { - name = gcry_strdup (user_socket_name); + name = _gcry_strdup (user_socket_name); if (!name) { if (!nofail) commit 6303b0e83856ee89374b447e710f0ab2af61caec Author: Werner Koch Date: Fri Jan 15 16:01:35 2016 +0100 random: Fix possible AIX problem with sysconf in rndunix. * random/rndunix.c [HAVE_STDINT_H]: Include stdint.h. (start_gatherer): Detect misbehaving sysconf. -- See GnuPG-bug-id: 1778 for the reason of this patch. There is no concrete bug report but this change should not harm. Signed-off-by: Werner Koch diff --git a/random/rndunix.c b/random/rndunix.c index 315906b..2e13298 100644 --- a/random/rndunix.c +++ b/random/rndunix.c @@ -86,6 +86,9 @@ #include #include #include +#ifdef HAVE_STDINT_H +# include +#endif #include /* OS-specific includes */ @@ -726,12 +729,18 @@ start_gatherer( int pipefd ) { int nmax, n1, n2, i; #ifdef _SC_OPEN_MAX if( (nmax=sysconf( _SC_OPEN_MAX )) < 0 ) { -#ifdef _POSIX_OPEN_MAX +# ifdef _POSIX_OPEN_MAX nmax = _POSIX_OPEN_MAX; -#else +# else nmax = 20; /* assume a reasonable value */ -#endif +# endif } + /* AIX returns INT32_MAX instead of a proper value. We assume that + * this is always an error and use a reasonable value. */ +# ifdef INT32_MAX + if (nmax == INT32_MAX) + nmax = 20; +# endif #else /*!_SC_OPEN_MAX*/ nmax = 20; /* assume a reasonable value */ #endif /*!_SC_OPEN_MAX*/ ----------------------------------------------------------------------- Summary of changes: Makefile.am | 3 ++- random/rndegd.c | 4 ++-- random/rndunix.c | 15 ++++++++++++--- 3 files changed, 16 insertions(+), 6 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From urslovingramesh at gmail.com Wed Jan 20 12:00:40 2016 From: urslovingramesh at gmail.com (Ramesh Chandra Vuppala) Date: Wed, 20 Jan 2016 16:30:40 +0530 Subject: Query on Libgcrypt for ARM In-Reply-To: References: Message-ID: Hello, We are trying to cross compile and generate static gcrypt library for arm processor and cortex-r7 cpu using 'arm-linux-gnueabi-gcc' compiler option and got library of size 4.5 MB 1. Is there any configure option or any other means to reduce the size of the static library (libgcrypt.a) ? We want library size in ~1 MB range. Tried using -- disable-threads since we do not require multi-threading, but it did not help. 2. We could see copying.lib in the gcrypt package as 26 KB. Is this the final library? If yes, how can we generate for arm with same size? 3. We used below configuration option command. Could you please correct if we are wrong? > ./configure CC=arm-linux-gnueabi-gcc --target=arm-none-linux-gnueabi --host=arm-unknown-linux-gnueabi --enable-static=libgcrypt --disable-threads --disable no exec stack > ./config.status > make - Thanks, Ramesh -------------- next part -------------- An HTML attachment was scrubbed... URL: From opalraava at riseup.net Thu Jan 21 15:02:57 2016 From: opalraava at riseup.net (Opal Raava) Date: Thu, 21 Jan 2016 15:02:57 +0100 Subject: Query on Libgcrypt for ARM In-Reply-To: References: Message-ID: <56A0E511.2000309@riseup.net> On 01/20/2016 12:00 PM, Ramesh Chandra Vuppala wrote: > Hello, > > We are trying to cross compile and generate static gcrypt library for > arm processor and cortex-r7 cpu using 'arm-linux-gnueabi-gcc' compiler > option and got library of size 4.5 MB > > 1. Is there any configure option or any other means to reduce the size > of the static library (libgcrypt.a) ? > > We want library size in ~1 MB range. > Tried using -- disable-threads since we do not require multi-threading, > but it did not help. > > 2. We could see copying.lib in the gcrypt package as 26 KB. Is this the > final library? If yes, how can we generate for arm with same size? > > 3. We used below configuration option command. Could you please correct > if we are wrong? > >> ./configure CC=arm-linux-gnueabi-gcc --target=arm-none-linux-gnueabi > --host=arm-unknown-linux-gnueabi --enable-static=libgcrypt > --disable-threads --disable no exec stack > >> ./config.status > >> make > > - Thanks, > Ramesh Hi Ramesh, I've not tried this on ARM, but when I pull the latest git, and compile on my x64_86 machine, with: ./configure --disable-shared --enable-static I get with ls -h: 7,6M Jan 21 14:56 libgcrypt.a If I then strip the debugging symbols with: strip libgcrypt.a I'm left with a library around 1Mb big: 1,1M Jan 21 14:57 libgcrypt.a Maybe it's just a matter of stripping the debug info? Hope this helps, --Opal From shilpahk_84 at yahoo.com Fri Jan 22 18:45:15 2016 From: shilpahk_84 at yahoo.com (shilpa shilpa) Date: Fri, 22 Jan 2016 17:45:15 +0000 (UTC) Subject: Help needed : Error in compiling libgpg-error References: <402052700.10017577.1453484715323.JavaMail.yahoo.ref@mail.yahoo.com> Message-ID: <402052700.10017577.1453484715323.JavaMail.yahoo@mail.yahoo.com> Hi, We are trying to cross-compile libgpg-error for arm-platform, But compilation is failing. See the confirure and make logs below: ============================================================./configure --prefix=/usr --host=arm-unknown-linux-gnueabi checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for arm-unknown-linux-gnueabi-strip... arm-unknown-linux-gnueabi-strip checking for a thread-safe mkdir -p... /bin/mkdir -p checking for gawk... gawk checking whether make sets $(MAKE)... yes checking whether make supports nested variables... yes checking whether to enable maintainer-specific portions of Makefiles... no checking whether make supports nested variables... (cached) yes checking build system type... x86_64-unknown-linux-gnu checking host system type... arm-unknown-linux-gnueabi configure: autobuild project... libgpg-error configure: autobuild revision... 1.21 configure: autobuild hostname... inbanesdbuild3 configure: autobuild timestamp... 20160122-230022 checking for arm-unknown-linux-gnueabi-gcc... arm-unknown-linux-gnueabi-gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... yes checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether arm-unknown-linux-gnueabi-gcc accepts -g... yes checking for arm-unknown-linux-gnueabi-gcc option to accept ISO C89... none needed checking whether arm-unknown-linux-gnueabi-gcc understands -c and -o together... yes checking for style of include used by make... GNU checking dependency style of arm-unknown-linux-gnueabi-gcc... gcc3 checking how to run the C preprocessor... arm-unknown-linux-gnueabi-gcc -E checking for gawk... (cached) gawk checking for arm-unknown-linux-gnueabi-ar... arm-unknown-linux-gnueabi-ar checking for grep that handles long lines and -e... /bin/grep checking for egrep... /bin/grep -E checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking minix/config.h usability... no checking minix/config.h presence... no checking for minix/config.h... no checking whether it is safe to define __EXTENSIONS__... yes checking for special C compiler options needed for large files... no checking for _FILE_OFFSET_BITS value needed for large files... 64 checking how to print strings... printf checking for a sed that does not truncate output... /bin/sed checking for fgrep... /bin/grep -F checking for ld used by arm-unknown-linux-gnueabi-gcc... /soft/gnu/cross/linux_64/13/arm/arm-unknown-linux-gnueabi/bin/ld checking if the linker (/soft/gnu/cross/linux_64/13/arm/arm-unknown-linux-gnueabi/bin/ld) is GNU ld... yes checking for BSD- or MS-compatible name lister (nm)... /soft/gnu/cross/linux_64/13/arm/bin/arm-unknown-linux-gnueabi-nm -B checking the name lister (/soft/gnu/cross/linux_64/13/arm/bin/arm-unknown-linux-gnueabi-nm -B) interface... BSD nm checking whether ln -s works... yes checking the maximum length of command line arguments... 3458764513820540925 checking whether the shell understands some XSI constructs... yes checking whether the shell understands "+="... yes checking how to convert x86_64-unknown-linux-gnu file names to arm-unknown-linux-gnueabi format... func_convert_file_noop checking how to convert x86_64-unknown-linux-gnu file names to toolchain format... func_convert_file_noop checking for /soft/gnu/cross/linux_64/13/arm/arm-unknown-linux-gnueabi/bin/ld option to reload object files... -r checking for arm-unknown-linux-gnueabi-objdump... arm-unknown-linux-gnueabi-objdump checking how to recognize dependent libraries... pass_all checking for arm-unknown-linux-gnueabi-dlltool... no checking for dlltool... no checking how to associate runtime and link libraries... printf %s\n checking for arm-unknown-linux-gnueabi-ar... (cached) arm-unknown-linux-gnueabi-ar checking for archiver @FILE support... @ checking for arm-unknown-linux-gnueabi-strip... (cached) arm-unknown-linux-gnueabi-strip checking for arm-unknown-linux-gnueabi-ranlib... arm-unknown-linux-gnueabi-ranlib checking command to parse /soft/gnu/cross/linux_64/13/arm/bin/arm-unknown-linux-gnueabi-nm -B output from arm-unknown-linux-gnueabi-gcc object... ok checking for sysroot... no checking for arm-unknown-linux-gnueabi-mt... no checking for mt... mt configure: WARNING: using cross tools not prefixed with host triplet checking if mt is a manifest tool... no checking for dlfcn.h... yes checking for objdir... .libs checking if arm-unknown-linux-gnueabi-gcc supports -fno-rtti -fno-exceptions... no checking for arm-unknown-linux-gnueabi-gcc option to produce PIC... -fPIC -DPIC checking if arm-unknown-linux-gnueabi-gcc PIC flag -fPIC -DPIC works... yes checking if arm-unknown-linux-gnueabi-gcc static flag -static works... yes checking if arm-unknown-linux-gnueabi-gcc supports -c -o file.o... yes checking if arm-unknown-linux-gnueabi-gcc supports -c -o file.o... (cached) yes checking whether the arm-unknown-linux-gnueabi-gcc linker (/soft/gnu/cross/linux_64/13/arm/arm-unknown-linux-gnueabi/bin/ld) supports shared libraries... yes checking whether -lc should be explicitly linked in... no checking dynamic linker characteristics... GNU/Linux ld.so checking how to hardcode library paths into programs... immediate checking whether stripping libraries is possible... yes checking if libtool supports shared libraries... yes checking whether to build shared libraries... yes checking whether to build static libraries... no checking for arm-unknown-linux-gnueabi-windres... no checking for windres... no checking for cc for build... cc checking whether NLS is requested... yes checking for msgfmt... /usr/bin/msgfmt checking for gmsgfmt... /usr/bin/msgfmt checking for xgettext... /usr/bin/xgettext checking for msgmerge... /usr/bin/msgmerge checking for ld used by arm-unknown-linux-gnueabi-gcc... /soft/gnu/cross/linux_64/13/arm/arm-unknown-linux-gnueabi/bin/ld checking if the linker (/soft/gnu/cross/linux_64/13/arm/arm-unknown-linux-gnueabi/bin/ld) is GNU ld... yes checking for shared library run path origin... done checking for CFPreferencesCopyAppValue... no checking for CFLocaleCopyCurrent... no checking for GNU gettext in libc... yes checking whether to use NLS... yes checking where the gettext function comes from... libc checking for ANSI C header files... (cached) yes checking for stdlib.h... (cached) yes checking locale.h usability... yes checking locale.h presence... yes checking for locale.h... yes checking for stdint.h... (cached) yes checking sys/select.h usability... yes checking sys/select.h presence... yes checking for sys/select.h... yes checking sys/time.h usability... yes checking sys/time.h presence... yes checking for sys/time.h... yes checking whether strerror_r is declared... yes checking for strerror_r... yes checking whether strerror_r returns char *... yes checking for strerror_r... (cached) yes checking for flockfile... yes checking for vasprintf... yes checking for an ANSI C-conforming const... yes checking size of int... 4 checking size of long... 4 checking size of long long... 8 configure: checking for cc features checking if gcc ignores unknown -Wno-* options... yes checking if gcc supports -Wpointer-arith... yes checking whether the GCC style aligned attribute is supported... yes checking whether the visibility attribute is supported... yes checking for broken visibility attribute... no checking for broken alias attribute... no checking if gcc supports -fvisibility=hidden... yes checking whether imported symbols can be declared weak... guessing yes checking pthread.h usability... yes checking pthread.h presence... yes checking for pthread.h... yes checking for pthread_kill in -lpthread... yes checking for multithread API to use... posix checking for pthread_rwlock_t... yes checking size of pthread_mutex_t... 24 checking for unsigned long long int... yes configure: checking system features for estream-printf checking for stdint.h... (cached) yes checking for long long int... yes checking for long double... yes checking for intmax_t... yes checking for uintmax_t... yes checking for ptrdiff_t... yes checking size of unsigned long... 4 checking size of void *... 4 checking for nl_langinfo and THOUSANDS_SEP... yes configure: checking system features for estream checking for memrchr... yes checking that generated files are newer than configure... done configure: creating ./config.status config.status: creating Makefile config.status: creating doc/Makefile config.status: creating po/Makefile.in config.status: creating m4/Makefile config.status: creating src/Makefile config.status: creating tests/Makefile config.status: creating lang/Makefile config.status: creating lang/cl/Makefile config.status: creating lang/cl/gpg-error.asd config.status: creating src/versioninfo.rc config.status: creating src/gpg-error.w32-manifest config.status: creating src/gpg-error-config config.status: creating config.h config.status: executing depfiles commands config.status: executing libtool commands config.status: executing po-directories commands config.status: creating po/POTFILES config.status: creating po/Makefile ??????? libgpg-error-1.21 prepared for make ??????? Revision: 425b768? (16987) ??????? Platform: arm-unknown-linux-gnueabi touch /home1/shh/PERFORCE/7.X.X.R01-shh-2/engr/sw/tps/objs/46/7.X.X.R01/armv7/libgpg/libpng.configured cd /home1/shh/PERFORCE/7.X.X.R01-shh-2/engr/sw/tps/objs/46/7.X.X.R01/armv7/libgpg;\ ??????? declare -x PATH=/soft/gnu/cross/linux_64/13/arm/bin:/soft/gnu/cross/linux/13/arm/arm-unknown-linux-gnueabi/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/soft/tools/linux:/soft/tools/linux/common:/soft/tools/linux/falcon:/soft/bcm-tools:/soft/tools:/bin:/usr/bin:/soft/tools/falcon:/soft/tools/common:/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/games:/opt/OBSDssh/bin:/import/tools/bin:/usr/sfw/bin/:;\ ??????? declare -x CFLAGS="-mcpu=cortex-a9 -mabi=aapcs-linux -msoft-float -O1 -fPIC -fno-omit-frame-pointer -mapcs-frame -mno-sched-prolog? -I/soft/gnu/cross/linux_64/13/arm/sysroot/usr/include -I/home1/shh/PERFORCE/7.X.X.R01-shh-2/engr/sw/tps/built/46/7.X.X.R01/armv7/include";\ ??????? declare -x CPPLAGS="-mcpu=cortex-a9 -mabi=aapcs-linux -msoft-float -O1 -fPIC -fno-omit-frame-pointer -mapcs-frame -mno-sched-prolog? -I/soft/gnu/cross/linux_64/13/arm/sysroot/usr/include -I/home1/shh/PERFORCE/7.X.X.R01-shh-2/engr/sw/tps/built/46/7.X.X.R01/armv7/include -I/home1/shh/PERFORCE/7.X.X.R01-shh-2/engr/sw/tps/libgpg-error-1.21 -I/home1/shh/PERFORCE/7.X.X.R01-shh-2/engr/sw/tps/libgpg-error-1.21/src";\ ??????? declare -x LDFLAGS="-mcpu=cortex-a9 -mabi=aapcs-linux -msoft-float? -L/soft/gnu/cross/linux_64/13/arm/sysroot/lib -L/home1/shh/PERFORCE/7.X.X.R01-shh-2/engr/sw/tps/built/46/7.X.X.R01/armv7/lib";\ ??????? make ;\ ??????? echo "armv7 libgpg done" make[2]: Entering directory `/home1/shh/PERFORCE/7.X.X.R01-shh-2/engr/sw/tps/objs/46/7.X.X.R01/armv7/libgpg' make[2]: Warning: File `Makefile' has modification time 7.5e+02 s in the future make? all-recursive make[3]: Entering directory `/home1/shh/PERFORCE/7.X.X.R01-shh-2/engr/sw/tps/objs/46/7.X.X.R01/armv7/libgpg' make[3]: Warning: File `Makefile' has modification time 7.5e+02 s in the future Making all in m4 make[4]: Entering directory `/home1/shh/PERFORCE/7.X.X.R01-shh-2/engr/sw/tps/objs/46/7.X.X.R01/armv7/libgpg/m4' make[4]: Warning: File `Makefile' has modification time 7.5e+02 s in the future make[4]: Nothing to be done for `all'. make[4]: warning:? Clock skew detected.? Your build may be incomplete. make[4]: Leaving directory `/home1/shh/PERFORCE/7.X.X.R01-shh-2/engr/sw/tps/objs/46/7.X.X.R01/armv7/libgpg/m4' Making all in src make[4]: Entering directory `/home1/shh/PERFORCE/7.X.X.R01-shh-2/engr/sw/tps/objs/46/7.X.X.R01/armv7/libgpg/src' make[4]: Warning: File `.deps/libgpg_error_la-w32-thread.Plo' has modification time 7.3e+02 s in the future gawk -f ./mkstrtable.awk -v textidx=3 \ ??????????????? ./err-sources.h.in >err-sources.h gawk -f ./mkstrtable.awk -v textidx=3 \ ??????????????? ./err-codes.h.in >err-codes.h gawk -f ./mkerrnos.awk ./errnos.in >code-to-errno.h gawk -f ./mkerrcodes1.awk ./errnos.in >_mkerrcodes.h arm-unknown-linux-gnueabi-gcc -E?? -P _mkerrcodes.h | grep GPG_ERR_ | \ ?????????????? gawk -f ./mkerrcodes.awk >mkerrcodes.h In file included from /soft/gnu/cross/linux_64/13/arm/arm-unknown-linux-gnueabi/usr/include/errno.h:28:0, ???????????????? from _mkerrcodes.h:25: /soft/gnu/cross/linux_64/13/arm/arm-unknown-linux-gnueabi/usr/include/features.h:327:4: warning: #warning _FORTIFY_SOURCE requires compiling with optimization (-O) [-Wcpp] ?#? warning _FORTIFY_SOURCE requires compiling with optimization (-O) ??? ^ rm _mkerrcodes.h cc -I. -I. -o mkerrcodes ./mkerrcodes.c as: unrecognized option '--64' make[4]: *** [mkerrcodes] Error 1 make[4]: Leaving directory `/home1/shh/PERFORCE/7.X.X.R01-shh-2/engr/sw/tps/objs/46/7.X.X.R01/armv7/libgpg/src' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/home1/shh/PERFORCE/7.X.X.R01-shh-2/engr/sw/tps/objs/46/7.X.X.R01/armv7/libgpg' make[2]: *** [all] Error 2 make[2]: Leaving directory `/home1/shh/PERFORCE/7.X.X.R01-shh-2/engr/sw/tps/objs/46/7.X.X.R01/armv7/libgpg' ========================================================================== Thanks and RegardsShilpa -------------- next part -------------- An HTML attachment was scrubbed... URL: From cvs at cvs.gnupg.org Thu Jan 28 17:40:23 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 28 Jan 2016 17:40:23 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-303-g2cf2ca7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 2cf2ca7bb9741ac86e8aa92d8f03b1c5f5938897 (commit) from 191c2e4fe2dc0e00f61aa44e011a9596887e6ce1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2cf2ca7bb9741ac86e8aa92d8f03b1c5f5938897 Author: Werner Koch Date: Thu Jan 28 17:33:51 2016 +0100 ecc: New API function gcry_mpi_ec_decode_point. * mpi/ec.c (_gcry_mpi_ec_decode_point): New. * cipher/ecc-common.h: Move two prototypes to ... * src/ec-context.h: here. * src/gcrypt.h.in (gcry_mpi_ec_decode_point): New. * src/libgcrypt.def (gcry_mpi_ec_decode_point): New. * src/libgcrypt.vers (gcry_mpi_ec_decode_point): New. * src/visibility.c (gcry_mpi_ec_decode_point): New. * src/visibility.h: Add new function. -- This new function make the use of the gcry_mpi_ec_curve_point function possible in many contexts. Here is a code snippet which could be used in gpg to check a point: static gpg_error_t check_point (PKT_public_key *pk, gcry_mpi_t m_point) { gpg_error_t err; char *curve; gcry_ctx_t gctx = NULL; gcry_mpi_point_t point = NULL; /* Get the curve name from the first OpenPGP key parameter. */ curve = openpgp_oid_to_str (pk->pkey[0]); if (!curve) { err = gpg_error_from_syserror (); goto leave; } point = gcry_mpi_point_new (0); if (!point) { err = gpg_error_from_syserror (); goto leave; } err = gcry_mpi_ec_new (&gctx, NULL, curve); if (err) goto leave; err = gcry_mpi_ec_decode_point (point, m_point, gctx); if (err) goto leave; if (!gcry_mpi_ec_curve_point (point, gctx)) err = gpg_error (GPG_ERR_BAD_DATA); leave: gcry_ctx_release (gctx); gcry_mpi_point_release (point); xfree (curve); return err; } Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index 22565ed..79d1931 100644 --- a/NEWS +++ b/NEWS @@ -36,6 +36,7 @@ Noteworthy changes in version 1.7.0 (unreleased) gcry_cipher_set_sbox NEW macro. GCRY_MD_GOSTR3411_CP NEW. gcry_mpi_ec_sub NEW. + gcry_mpi_ec_decode_point NEW. GCRY_CIPHER_MODE_OCB NEW. GCRYCTL_SET_TAGLEN NEW. gcry_cipher_final NEW macro. diff --git a/cipher/ecc-common.h b/cipher/ecc-common.h index 4e528af..748e6db 100644 --- a/cipher/ecc-common.h +++ b/cipher/ecc-common.h @@ -89,13 +89,10 @@ elliptic_curve_t _gcry_ecc_curve_copy (elliptic_curve_t E); const char *_gcry_ecc_model2str (enum gcry_mpi_ec_models model); const char *_gcry_ecc_dialect2str (enum ecc_dialects dialect); gcry_mpi_t _gcry_ecc_ec2os (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t p); -gcry_err_code_t _gcry_ecc_os2ec (mpi_point_t result, gcry_mpi_t value); mpi_point_t _gcry_ecc_compute_public (mpi_point_t Q, mpi_ec_t ec, mpi_point_t G, gcry_mpi_t d); -gpg_err_code_t _gcry_ecc_mont_decodepoint (gcry_mpi_t pk, mpi_ec_t ctx, - mpi_point_t result); /*-- ecc.c --*/ @@ -116,10 +113,8 @@ gpg_err_code_t _gcry_ecc_eddsa_encodepoint (mpi_point_t point, mpi_ec_t ctx, unsigned int *r_buflen); gpg_err_code_t _gcry_ecc_eddsa_ensure_compact (gcry_mpi_t value, unsigned int nbits); -gpg_err_code_t _gcry_ecc_eddsa_decodepoint (gcry_mpi_t pk, mpi_ec_t ctx, - mpi_point_t result, - unsigned char **r_encpk, - unsigned int *r_encpklen); + + gpg_err_code_t _gcry_ecc_eddsa_compute_h_d (unsigned char **r_digest, gcry_mpi_t d, mpi_ec_t ec); diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 39c7c9f..bbaaac6 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -4882,6 +4882,19 @@ Valid names are the point parameters of an elliptic curve (@pxref{ecc_keyparam}). @end deftypefun + at deftypefun gpg_err_code_t gcry_mpi_ec_decode_point ( @ + @w{mpi_point_t @var{result}}, @w{gcry_mpi_t @var{value}}, @ + @w{gcry_ctx_t @var{ctx}}) + +Decode the point given as an MPI in @var{value} and store at + at var{result}. To decide which encoding is used the function takes a +context @var{ctx} which can be created with @code{gcry_mpi_ec_new}. +If @code{NULL} is given for the context the function assumes a 0x04 +prefixed uncompressed encoding. On error an error code is returned +and @var{result} might be changed. + at end deftypefun + + @deftypefun int gcry_mpi_ec_get_affine ( @ @w{gcry_mpi_t @var{x}}, @w{gcry_mpi_t @var{y}}, @ @w{gcry_mpi_point_t @var{point}}, @w{gcry_ctx_t @var{ctx}}) diff --git a/mpi/ec.c b/mpi/ec.c index 40e09be..346e5f1 100644 --- a/mpi/ec.c +++ b/mpi/ec.c @@ -589,6 +589,27 @@ _gcry_mpi_ec_set_point (const char *name, gcry_mpi_point_t newvalue, } +/* Given an encoded point in the MPI VALUE and a context EC, decode + * the point according to the context and store it in RESULT. On + * error an error code is return but RESULT might have been changed. + * If no context is given the function tries to decode VALUE by + * assuming a 0x04 prefixed uncompressed encoding. */ +gpg_err_code_t +_gcry_mpi_ec_decode_point (mpi_point_t result, gcry_mpi_t value, mpi_ec_t ec) +{ + gcry_err_code_t rc; + + if (ec && ec->dialect == ECC_DIALECT_ED25519) + rc = _gcry_ecc_eddsa_decodepoint (value, ec, result, NULL, NULL); + else if (ec && ec->model == MPI_EC_MONTGOMERY) + rc = _gcry_ecc_mont_decodepoint (value, ec, result); + else + rc = _gcry_ecc_os2ec (result, value); + + return rc; +} + + /* Compute the affine coordinates from the projective coordinates in POINT. Set them into X and Y. If one coordinate is not required, X or Y may be passed as NULL. CTX is the usual context. Returns: 0 diff --git a/src/ec-context.h b/src/ec-context.h index c8f2ad0..d74fb69 100644 --- a/src/ec-context.h +++ b/src/ec-context.h @@ -81,5 +81,17 @@ gpg_err_code_t _gcry_ecc_set_mpi (const char *name, gpg_err_code_t _gcry_ecc_set_point (const char *name, gcry_mpi_point_t newvalue, mpi_ec_t ec); +/*-- cipher/ecc-misc.c --*/ +gcry_err_code_t _gcry_ecc_os2ec (mpi_point_t result, gcry_mpi_t value); +gpg_err_code_t _gcry_ecc_mont_decodepoint (gcry_mpi_t pk, mpi_ec_t ctx, + mpi_point_t result); + +/*-- cipher/ecc-eddsa.c --*/ +gpg_err_code_t _gcry_ecc_eddsa_decodepoint (gcry_mpi_t pk, mpi_ec_t ctx, + mpi_point_t result, + unsigned char **r_encpk, + unsigned int *r_encpklen); + + #endif /*GCRY_EC_CONTEXT_H*/ diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index 93b1f43..f48f04f 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -694,6 +694,10 @@ gpg_error_t gcry_mpi_ec_set_mpi (const char *name, gcry_mpi_t newvalue, gpg_error_t gcry_mpi_ec_set_point (const char *name, gcry_mpi_point_t newvalue, gcry_ctx_t ctx); +/* Decode and store VALUE into RESULT. */ +gpg_error_t gcry_mpi_ec_decode_point (gcry_mpi_point_t result, + gcry_mpi_t value, gcry_ctx_t ctx); + /* Store the affine coordinates of POINT into X and Y. */ int gcry_mpi_ec_get_affine (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_point_t point, gcry_ctx_t ctx); diff --git a/src/libgcrypt.def b/src/libgcrypt.def index f3e074b..067cb84 100644 --- a/src/libgcrypt.def +++ b/src/libgcrypt.def @@ -280,4 +280,6 @@ EXPORTS gcry_md_extract @245 + gcry_mpi_ec_decode_point @246 + ;; end of file with public symbols for Windows. diff --git a/src/libgcrypt.vers b/src/libgcrypt.vers index 5b3d419..785b8ed 100644 --- a/src/libgcrypt.vers +++ b/src/libgcrypt.vers @@ -106,7 +106,7 @@ GCRYPT_1.6 { gcry_mpi_ec_set_mpi; gcry_mpi_ec_set_point; gcry_mpi_ec_get_affine; gcry_mpi_ec_dup; gcry_mpi_ec_add; gcry_mpi_ec_sub; gcry_mpi_ec_mul; - gcry_mpi_ec_curve_point; + gcry_mpi_ec_curve_point; gcry_mpi_ec_decode_point; gcry_log_debug; gcry_log_debughex; gcry_log_debugmpi; gcry_log_debugpnt; gcry_log_debugsxp; diff --git a/src/mpi.h b/src/mpi.h index 0d19f46..cd539f5 100644 --- a/src/mpi.h +++ b/src/mpi.h @@ -307,6 +307,8 @@ gpg_err_code_t _gcry_mpi_ec_set_mpi (const char *name, gcry_mpi_t newvalue, gpg_err_code_t _gcry_mpi_ec_set_point (const char *name, gcry_mpi_point_t newvalue, gcry_ctx_t ctx); +gpg_err_code_t _gcry_mpi_ec_decode_point (mpi_point_t result, + gcry_mpi_t value, mpi_ec_t ec); /*-- ecc-curves.c --*/ gpg_err_code_t _gcry_mpi_ec_new (gcry_ctx_t *r_ctx, diff --git a/src/visibility.c b/src/visibility.c index 23a2705..3abbd37 100644 --- a/src/visibility.c +++ b/src/visibility.c @@ -544,6 +544,15 @@ gcry_mpi_ec_set_point (const char *name, gcry_mpi_point_t newvalue, return gpg_error (_gcry_mpi_ec_set_point (name, newvalue, ctx)); } +gpg_error_t +gcry_mpi_ec_decode_point (gcry_mpi_point_t result, gcry_mpi_t value, + gcry_ctx_t ctx) +{ + return gpg_error (_gcry_mpi_ec_decode_point + (result, value, + ctx? _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC) : NULL)); +} + int gcry_mpi_ec_get_affine (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_point_t point, gcry_ctx_t ctx) diff --git a/src/visibility.h b/src/visibility.h index bb25de0..7ecd75e 100644 --- a/src/visibility.h +++ b/src/visibility.h @@ -222,6 +222,7 @@ MARK_VISIBLEX (gcry_mpi_ec_add) MARK_VISIBLEX (gcry_mpi_ec_sub) MARK_VISIBLEX (gcry_mpi_ec_curve_point) MARK_VISIBLEX (gcry_mpi_ec_dup) +MARK_VISIBLEX (gcry_mpi_ec_decode_point) MARK_VISIBLEX (gcry_mpi_ec_get_affine) MARK_VISIBLEX (gcry_mpi_ec_mul) MARK_VISIBLEX (gcry_mpi_ec_new) @@ -492,6 +493,7 @@ MARK_VISIBLEX (_gcry_mpi_get_const) #define gcry_mpi_ec_sub _gcry_USE_THE_UNDERSCORED_FUNCTION #define gcry_mpi_ec_curve_point _gcry_USE_THE_UNDERSCORED_FUNCTION #define gcry_mpi_ec_dup _gcry_USE_THE_UNDERSCORED_FUNCTION +#define gcry_mpi_ec_decode_point _gcry_USE_THE_UNDERSCORED_FUNCTION #define gcry_mpi_ec_get_affine _gcry_USE_THE_UNDERSCORED_FUNCTION #define gcry_mpi_ec_get_mpi _gcry_USE_THE_UNDERSCORED_FUNCTION #define gcry_mpi_ec_get_point _gcry_USE_THE_UNDERSCORED_FUNCTION ----------------------------------------------------------------------- Summary of changes: NEWS | 1 + cipher/ecc-common.h | 9 ++------- doc/gcrypt.texi | 13 +++++++++++++ mpi/ec.c | 21 +++++++++++++++++++++ src/ec-context.h | 12 ++++++++++++ src/gcrypt.h.in | 4 ++++ src/libgcrypt.def | 2 ++ src/libgcrypt.vers | 2 +- src/mpi.h | 2 ++ src/visibility.c | 9 +++++++++ src/visibility.h | 2 ++ 11 files changed, 69 insertions(+), 8 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From jussi.kivilinna at iki.fi Thu Jan 28 18:07:50 2016 From: jussi.kivilinna at iki.fi (Jussi Kivilinna) Date: Thu, 28 Jan 2016 19:07:50 +0200 Subject: [PATCH] Update NEWS Message-ID: <20160128170750.23462.38269.stgit@localhost6.localdomain6> -- Signed-off-by: Jussi Kivilinna --- NEWS | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/NEWS b/NEWS index 22565ed..968dab3 100644 --- a/NEWS +++ b/NEWS @@ -23,6 +23,18 @@ Noteworthy changes in version 1.7.0 (unreleased) * Added OCB mode. + * Added support for the SHA3-224, SHA3-256, SHA3-384 and SHA3-512 + hash algorithms. + + * Added support for the SHAKE128 and SHAKE256 extendable-output + function algorithms. + + * Added support for the ChaCha20 stream cipher. + + * Added support for the Poly1305 message authentication algorithm and + ChaCha20-Poly1305 Authenticated Encryption with Associated Data + mode. + * New flag "no-keytest" for ECC key generation. Due to a bug in the parser that flag will also be accepted but ignored by older version of Libgcrypt. @@ -30,6 +42,7 @@ Noteworthy changes in version 1.7.0 (unreleased) * Interface changes relative to the 1.6.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gcry_mac_get_algo NEW. + gcry_md_extract NEW. GCRY_MAC_HMAC_MD2 NEW. GCRY_MD_FLAG_BUGEMU1 NEW. GCRYCTL_SET_SBOX NEW. From cvs at cvs.gnupg.org Thu Jan 28 18:21:25 2016 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 28 Jan 2016 18:21:25 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-304-g79fe55c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 79fe55c36996627a4856e2af280c1bf98f66f170 (commit) from 2cf2ca7bb9741ac86e8aa92d8f03b1c5f5938897 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 79fe55c36996627a4856e2af280c1bf98f66f170 Author: Werner Koch Date: Thu Jan 28 18:16:22 2016 +0100 doc: Fix typos in gcry_mpi_ec_new. -- Reported-by: Hanno B?ck Signed-off-by: Werner Koch diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index bbaaac6..23b1f79 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -4805,7 +4805,7 @@ newly allocated point object. @end deftypefun @anchor{gcry_mpi_ec_new} - at deftypefun gpg_error_t gcry_mpi_ec_p_new (@w{gpg_ctx_t *@var{r_ctx}}, @ + at deftypefun gpg_error_t gcry_mpi_ec_new (@w{gcry_ctx_t *@var{r_ctx}}, @ @w{gcry_sexp_t @var{keyparam}}, @w{const char *@var{curvename}}) Allocate a new context for elliptic curve operations. If ----------------------------------------------------------------------- Summary of changes: doc/gcrypt.texi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From wk at gnupg.org Thu Jan 28 18:19:59 2016 From: wk at gnupg.org (Werner Koch) Date: Thu, 28 Jan 2016 18:19:59 +0100 Subject: [PATCH] fix api doc for gcry_mpi_ec_new In-Reply-To: <20151205111158.096164b7@pc1> ("Hanno =?utf-8?Q?B=C3=B6ck=22'?= =?utf-8?Q?s?= message of "Sat, 5 Dec 2015 11:11:58 +0100") References: <20151205111158.096164b7@pc1> Message-ID: <87a8npoc3k.fsf@vigenere.g10code.de> On Sat, 5 Dec 2015 11:11, hanno at hboeck.de said: > Patch attached, please apply. Thanks. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 180 bytes Desc: not available URL: From cvs at cvs.gnupg.org Fri Jan 29 10:04:55 2016 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Fri, 29 Jan 2016 10:04:55 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-305-g5d41e1a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 5d41e1a1216c4b341bc737d7fe91438676a5c361 (commit) from 79fe55c36996627a4856e2af280c1bf98f66f170 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5d41e1a1216c4b341bc737d7fe91438676a5c361 Author: Jussi Kivilinna Date: Thu Jan 28 19:07:50 2016 +0200 Update NEWS -- Signed-off-by: Jussi Kivilinna diff --git a/NEWS b/NEWS index 79d1931..e4e4882 100644 --- a/NEWS +++ b/NEWS @@ -23,6 +23,18 @@ Noteworthy changes in version 1.7.0 (unreleased) * Added OCB mode. + * Added support for the SHA3-224, SHA3-256, SHA3-384 and SHA3-512 + hash algorithms. + + * Added support for the SHAKE128 and SHAKE256 extendable-output + function algorithms. + + * Added support for the ChaCha20 stream cipher. + + * Added support for the Poly1305 message authentication algorithm and + ChaCha20-Poly1305 Authenticated Encryption with Associated Data + mode. + * New flag "no-keytest" for ECC key generation. Due to a bug in the parser that flag will also be accepted but ignored by older version of Libgcrypt. @@ -30,6 +42,7 @@ Noteworthy changes in version 1.7.0 (unreleased) * Interface changes relative to the 1.6.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gcry_mac_get_algo NEW. + gcry_md_extract NEW. GCRY_MAC_HMAC_MD2 NEW. GCRY_MD_FLAG_BUGEMU1 NEW. GCRYCTL_SET_SBOX NEW. ----------------------------------------------------------------------- Summary of changes: NEWS | 13 +++++++++++++ 1 file changed, 13 insertions(+) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From wk at gnupg.org Fri Jan 29 10:11:37 2016 From: wk at gnupg.org (Werner Koch) Date: Fri, 29 Jan 2016 10:11:37 +0100 Subject: [PATCH] Update NEWS In-Reply-To: <20160128170750.23462.38269.stgit@localhost6.localdomain6> (Jussi Kivilinna's message of "Thu, 28 Jan 2016 19:07:50 +0200") References: <20160128170750.23462.38269.stgit@localhost6.localdomain6> Message-ID: <87io2cn41i.fsf@vigenere.g10code.de> Hi, thanks for the patch. I pushed it. I would like to get libgcrypt 1.7 out soon. The following topics need to be addressed before a release: - Addition of a new DRNG to replace or the X9.31 RNG we use for in FIPS mode. Quite some time ago Stephan Mueller posted an implementation which can be used for this. - Add a test to check our Curve25519 implementation against the test vectors from RFC-7748 (Elliptic Curves for Security). - Check that all constant-time improvements gniibe posted are applied. - Check whether there are important things left in the bug tracker. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From cvs at cvs.gnupg.org Fri Jan 29 17:04:59 2016 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Fri, 29 Jan 2016 17:04:59 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-307-g57b60bb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 57b60bb1718b4f2c2500bb447ebd1d4562a5aa9b (commit) via f3e51161036382429c3491c7c881f36c0a653c7b (commit) from 5d41e1a1216c4b341bc737d7fe91438676a5c361 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 57b60bb1718b4f2c2500bb447ebd1d4562a5aa9b Author: Jussi Kivilinna Date: Fri Jan 29 17:42:41 2016 +0200 Update 'Interface changes' in NEWS -- Signed-off-by: Jussi Kivilinna diff --git a/NEWS b/NEWS index e4e4882..0064bbe 100644 --- a/NEWS +++ b/NEWS @@ -48,8 +48,25 @@ Noteworthy changes in version 1.7.0 (unreleased) GCRYCTL_SET_SBOX NEW. gcry_cipher_set_sbox NEW macro. GCRY_MD_GOSTR3411_CP NEW. + GCRY_MD_SHA3_224 NEW. + GCRY_MD_SHA3_256 NEW. + GCRY_MD_SHA3_384 NEW. + GCRY_MD_SHA3_512 NEW. + GCRY_MD_SHAKE128 NEW. + GCRY_MD_SHAKE256 NEW. + GCRY_MAC_HMAC_SHA3_224 NEW. + GCRY_MAC_HMAC_SHA3_256 NEW. + GCRY_MAC_HMAC_SHA3_384 NEW. + GCRY_MAC_HMAC_SHA3_512 NEW. + GCRY_MAC_POLY1305 NEW. + GCRY_MAC_POLY1305_AES NEW. + GCRY_MAC_POLY1305_CAMELLIA NEW. + GCRY_MAC_POLY1305_TWOFISH NEW. + GCRY_MAC_POLY1305_SERPENT NEW. + GCRY_MAC_POLY1305_SEED NEW. gcry_mpi_ec_sub NEW. gcry_mpi_ec_decode_point NEW. + GCRY_CIPHER_MODE_POLY1305 NEW. GCRY_CIPHER_MODE_OCB NEW. GCRYCTL_SET_TAGLEN NEW. gcry_cipher_final NEW macro. commit f3e51161036382429c3491c7c881f36c0a653c7b Author: Jussi Kivilinna Date: Fri Jan 29 17:42:41 2016 +0200 Improve performance of generic SHA256 implementation * cipher/sha256.c (R): Let caller do variable shuffling. (Chro, Maj, Sum0, Sum1): Convert from inline functions to macros. (W, I): New. (transform_blk): Unroll round loop; inline message expansion to rounds to make message expansion buffer smaller. -- Benchmark on Cortex-A8 (armv6, 1008 Mhz): Before: | nanosecs/byte mebibytes/sec cycles/byte SHA256 | 27.63 ns/B 34.52 MiB/s 27.85 c/B After (1.31x faster): | nanosecs/byte mebibytes/sec cycles/byte SHA256 | 20.97 ns/B 45.48 MiB/s 21.13 c/B Benchmark on Cortex-A8 (armv7, 1008 Mhz): Before: | nanosecs/byte mebibytes/sec cycles/byte SHA256 | 24.18 ns/B 39.43 MiB/s 24.38 c/B After (1.13x faster): | nanosecs/byte mebibytes/sec cycles/byte SHA256 | 21.28 ns/B 44.82 MiB/s 21.45 c/B Benchmark on Intel Core i5-4570 (i386, 3.2 Ghz): Before: | nanosecs/byte mebibytes/sec cycles/byte SHA256 | 5.78 ns/B 164.9 MiB/s 18.51 c/B After (1.06x faster) | nanosecs/byte mebibytes/sec cycles/byte SHA256 | 5.41 ns/B 176.1 MiB/s 17.33 c/B Signed-off-by: Jussi Kivilinna diff --git a/cipher/sha256.c b/cipher/sha256.c index bc326e0..1b82ee7 100644 --- a/cipher/sha256.c +++ b/cipher/sha256.c @@ -174,50 +174,34 @@ sha224_init (void *context, unsigned int flags) /* Transform the message X which consists of 16 32-bit-words. See FIPS 180-2 for details. */ -#define S0(x) (ror ((x), 7) ^ ror ((x), 18) ^ ((x) >> 3)) /* (4.6) */ -#define S1(x) (ror ((x), 17) ^ ror ((x), 19) ^ ((x) >> 10)) /* (4.7) */ #define R(a,b,c,d,e,f,g,h,k,w) do \ { \ t1 = (h) + Sum1((e)) + Cho((e),(f),(g)) + (k) + (w); \ t2 = Sum0((a)) + Maj((a),(b),(c)); \ - h = g; \ - g = f; \ - f = e; \ - e = d + t1; \ - d = c; \ - c = b; \ - b = a; \ - a = t1 + t2; \ + d += t1; \ + h = t1 + t2; \ } while (0) /* (4.2) same as SHA-1's F1. */ -static inline u32 -Cho (u32 x, u32 y, u32 z) -{ - return (z ^ (x & (y ^ z))); -} +#define Cho(x, y, z) (z ^ (x & (y ^ z))) /* (4.3) same as SHA-1's F3 */ -static inline u32 -Maj (u32 x, u32 y, u32 z) -{ - return ((x & y) | (z & (x|y))); -} +#define Maj(x, y, z) ((x & y) + (z & (x ^ y))) /* (4.4) */ -static inline u32 -Sum0 (u32 x) -{ - return (ror (x, 2) ^ ror (x, 13) ^ ror (x, 22)); -} +#define Sum0(x) (ror (x, 2) ^ ror (x, 13) ^ ror (x, 22)) /* (4.5) */ -static inline u32 -Sum1 (u32 x) -{ - return (ror (x, 6) ^ ror (x, 11) ^ ror (x, 25)); -} +#define Sum1(x) (ror (x, 6) ^ ror (x, 11) ^ ror (x, 25)) +/* Message expansion */ +#define S0(x) (ror ((x), 7) ^ ror ((x), 18) ^ ((x) >> 3)) /* (4.6) */ +#define S1(x) (ror ((x), 17) ^ ror ((x), 19) ^ ((x) >> 10)) /* (4.7) */ +#define I(i) ( w[i] = buf_get_be32(data + i * 4) ) +#define W(i) ( w[i&0x0f] = S1(w[(i-2) &0x0f]) \ + + w[(i-7) &0x0f] \ + + S0(w[(i-15)&0x0f]) \ + + w[(i-16)&0x0f] ) static unsigned int transform_blk (void *ctx, const unsigned char *data) @@ -243,8 +227,7 @@ transform_blk (void *ctx, const unsigned char *data) }; u32 a,b,c,d,e,f,g,h,t1,t2; - u32 w[64]; - int i; + u32 w[16]; a = hd->h0; b = hd->h1; @@ -255,60 +238,73 @@ transform_blk (void *ctx, const unsigned char *data) g = hd->h6; h = hd->h7; - for (i=0; i < 16; i++) - w[i] = buf_get_be32(data + i * 4); - for (; i < 64; i++) - w[i] = S1(w[i-2]) + w[i-7] + S0(w[i-15]) + w[i-16]; - - for (i=0; i < 64;) - { -#if 0 - R(a,b,c,d,e,f,g,h,K[i],w[i]); - i++; -#else - t1 = h + Sum1 (e) + Cho (e, f, g) + K[i] + w[i]; - t2 = Sum0 (a) + Maj (a, b, c); - d += t1; - h = t1 + t2; - - t1 = g + Sum1 (d) + Cho (d, e, f) + K[i+1] + w[i+1]; - t2 = Sum0 (h) + Maj (h, a, b); - c += t1; - g = t1 + t2; - - t1 = f + Sum1 (c) + Cho (c, d, e) + K[i+2] + w[i+2]; - t2 = Sum0 (g) + Maj (g, h, a); - b += t1; - f = t1 + t2; - - t1 = e + Sum1 (b) + Cho (b, c, d) + K[i+3] + w[i+3]; - t2 = Sum0 (f) + Maj (f, g, h); - a += t1; - e = t1 + t2; - - t1 = d + Sum1 (a) + Cho (a, b, c) + K[i+4] + w[i+4]; - t2 = Sum0 (e) + Maj (e, f, g); - h += t1; - d = t1 + t2; - - t1 = c + Sum1 (h) + Cho (h, a, b) + K[i+5] + w[i+5]; - t2 = Sum0 (d) + Maj (d, e, f); - g += t1; - c = t1 + t2; - - t1 = b + Sum1 (g) + Cho (g, h, a) + K[i+6] + w[i+6]; - t2 = Sum0 (c) + Maj (c, d, e); - f += t1; - b = t1 + t2; - - t1 = a + Sum1 (f) + Cho (f, g, h) + K[i+7] + w[i+7]; - t2 = Sum0 (b) + Maj (b, c, d); - e += t1; - a = t1 + t2; - - i += 8; -#endif - } + R(a, b, c, d, e, f, g, h, K[0], I(0)); + R(h, a, b, c, d, e, f, g, K[1], I(1)); + R(g, h, a, b, c, d, e, f, K[2], I(2)); + R(f, g, h, a, b, c, d, e, K[3], I(3)); + R(e, f, g, h, a, b, c, d, K[4], I(4)); + R(d, e, f, g, h, a, b, c, K[5], I(5)); + R(c, d, e, f, g, h, a, b, K[6], I(6)); + R(b, c, d, e, f, g, h, a, K[7], I(7)); + R(a, b, c, d, e, f, g, h, K[8], I(8)); + R(h, a, b, c, d, e, f, g, K[9], I(9)); + R(g, h, a, b, c, d, e, f, K[10], I(10)); + R(f, g, h, a, b, c, d, e, K[11], I(11)); + R(e, f, g, h, a, b, c, d, K[12], I(12)); + R(d, e, f, g, h, a, b, c, K[13], I(13)); + R(c, d, e, f, g, h, a, b, K[14], I(14)); + R(b, c, d, e, f, g, h, a, K[15], I(15)); + + R(a, b, c, d, e, f, g, h, K[16], W(16)); + R(h, a, b, c, d, e, f, g, K[17], W(17)); + R(g, h, a, b, c, d, e, f, K[18], W(18)); + R(f, g, h, a, b, c, d, e, K[19], W(19)); + R(e, f, g, h, a, b, c, d, K[20], W(20)); + R(d, e, f, g, h, a, b, c, K[21], W(21)); + R(c, d, e, f, g, h, a, b, K[22], W(22)); + R(b, c, d, e, f, g, h, a, K[23], W(23)); + R(a, b, c, d, e, f, g, h, K[24], W(24)); + R(h, a, b, c, d, e, f, g, K[25], W(25)); + R(g, h, a, b, c, d, e, f, K[26], W(26)); + R(f, g, h, a, b, c, d, e, K[27], W(27)); + R(e, f, g, h, a, b, c, d, K[28], W(28)); + R(d, e, f, g, h, a, b, c, K[29], W(29)); + R(c, d, e, f, g, h, a, b, K[30], W(30)); + R(b, c, d, e, f, g, h, a, K[31], W(31)); + + R(a, b, c, d, e, f, g, h, K[32], W(32)); + R(h, a, b, c, d, e, f, g, K[33], W(33)); + R(g, h, a, b, c, d, e, f, K[34], W(34)); + R(f, g, h, a, b, c, d, e, K[35], W(35)); + R(e, f, g, h, a, b, c, d, K[36], W(36)); + R(d, e, f, g, h, a, b, c, K[37], W(37)); + R(c, d, e, f, g, h, a, b, K[38], W(38)); + R(b, c, d, e, f, g, h, a, K[39], W(39)); + R(a, b, c, d, e, f, g, h, K[40], W(40)); + R(h, a, b, c, d, e, f, g, K[41], W(41)); + R(g, h, a, b, c, d, e, f, K[42], W(42)); + R(f, g, h, a, b, c, d, e, K[43], W(43)); + R(e, f, g, h, a, b, c, d, K[44], W(44)); + R(d, e, f, g, h, a, b, c, K[45], W(45)); + R(c, d, e, f, g, h, a, b, K[46], W(46)); + R(b, c, d, e, f, g, h, a, K[47], W(47)); + + R(a, b, c, d, e, f, g, h, K[48], W(48)); + R(h, a, b, c, d, e, f, g, K[49], W(49)); + R(g, h, a, b, c, d, e, f, K[50], W(50)); + R(f, g, h, a, b, c, d, e, K[51], W(51)); + R(e, f, g, h, a, b, c, d, K[52], W(52)); + R(d, e, f, g, h, a, b, c, K[53], W(53)); + R(c, d, e, f, g, h, a, b, K[54], W(54)); + R(b, c, d, e, f, g, h, a, K[55], W(55)); + R(a, b, c, d, e, f, g, h, K[56], W(56)); + R(h, a, b, c, d, e, f, g, K[57], W(57)); + R(g, h, a, b, c, d, e, f, K[58], W(58)); + R(f, g, h, a, b, c, d, e, K[59], W(59)); + R(e, f, g, h, a, b, c, d, K[60], W(60)); + R(d, e, f, g, h, a, b, c, K[61], W(61)); + R(c, d, e, f, g, h, a, b, K[62], W(62)); + R(b, c, d, e, f, g, h, a, K[63], W(63)); hd->h0 += a; hd->h1 += b; @@ -319,7 +315,7 @@ transform_blk (void *ctx, const unsigned char *data) hd->h6 += g; hd->h7 += h; - return /*burn_stack*/ 74*4+32; + return /*burn_stack*/ 26*4+32; } #undef S0 #undef S1 ----------------------------------------------------------------------- Summary of changes: NEWS | 17 ++++++ cipher/sha256.c | 170 +++++++++++++++++++++++++++----------------------------- 2 files changed, 100 insertions(+), 87 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org _______________________________________________ Gnupg-commits mailing list Gnupg-commits at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-commits From jussi.kivilinna at iki.fi Sun Jan 31 00:11:38 2016 From: jussi.kivilinna at iki.fi (Jussi Kivilinna) Date: Sun, 31 Jan 2016 01:11:38 +0200 Subject: [PATCH] Add ARM assembly implementation of SHA-512 Message-ID: <20160130231138.8480.47832.stgit@localhost6.localdomain6> * cipher/Makefile.am: Add 'sha512-arm.S'. * cipher/sha512-arm.S: New. * cipher/sha512.c (USE_ARM_ASM): New. (_gcry_sha512_transform_arm): New. (transform) [USE_ARM_ASM]: Use ARM assembly implementation instead of generic. * configure.ac: Add 'sha512-arm.lo'. -- Benchmark on Cortex-A8 (armv6, 1008 Mhz): Before: | nanosecs/byte mebibytes/sec cycles/byte SHA512 | 112.0 ns/B 8.52 MiB/s 112.9 c/B After (3.3x faster): | nanosecs/byte mebibytes/sec cycles/byte SHA512 | 34.01 ns/B 28.04 MiB/s 34.28 c/B Signed-off-by: Jussi Kivilinna --- cipher/Makefile.am | 2 cipher/sha512-arm.S | 465 +++++++++++++++++++++++++++++++++++++++++++++++++++ cipher/sha512.c | 82 +++++---- configure.ac | 4 4 files changed, 520 insertions(+), 33 deletions(-) create mode 100644 cipher/sha512-arm.S diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 88c8fbf..65d7afb 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -89,7 +89,7 @@ sha1.c sha1-ssse3-amd64.S sha1-avx-amd64.S sha1-avx-bmi2-amd64.S \ sha1-armv7-neon.S \ sha256.c sha256-ssse3-amd64.S sha256-avx-amd64.S sha256-avx2-bmi2-amd64.S \ sha512.c sha512-ssse3-amd64.S sha512-avx-amd64.S sha512-avx2-bmi2-amd64.S \ - sha512-armv7-neon.S \ + sha512-armv7-neon.S sha512-arm.S \ keccak.c keccak_permute_32.h keccak_permute_64.h keccak-armv7-neon.S \ stribog.c \ tiger.c \ diff --git a/cipher/sha512-arm.S b/cipher/sha512-arm.S new file mode 100644 index 0000000..28f156e --- /dev/null +++ b/cipher/sha512-arm.S @@ -0,0 +1,465 @@ +/* sha512-arm.S - ARM assembly implementation of SHA-512 transform + * + * Copyright (C) 2016 Jussi Kivilinna + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + */ +#include + +#if defined(__ARMEL__) +#ifdef HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS + +.text + +.syntax unified +.arm + +/* structure of SHA512_CONTEXT */ +#define hd_a 0 +#define hd_b ((hd_a) + 8) +#define hd_c ((hd_b) + 8) +#define hd_d ((hd_c) + 8) +#define hd_e ((hd_d) + 8) +#define hd_f ((hd_e) + 8) +#define hd_g ((hd_f) + 8) +#define hd_h ((hd_g) + 8) + +/* register macros */ +#define RK %r2 + +#define RElo %r0 +#define REhi %r1 + +#define RT1lo %r3 +#define RT1hi %r4 +#define RT2lo %r5 +#define RT2hi %r6 +#define RWlo %r7 +#define RWhi %r8 +#define RT3lo %r9 +#define RT3hi %r10 +#define RT4lo %r11 +#define RT4hi %ip + +#define RRND %lr + +/* variable offsets in stack */ +#define ctx (0) +#define data ((ctx) + 4) +#define nblks ((data) + 4) +#define _a ((nblks) + 4) +#define _b ((_a) + 8) +#define _c ((_b) + 8) +#define _d ((_c) + 8) +#define _e ((_d) + 8) +#define _f ((_e) + 8) +#define _g ((_f) + 8) +#define _h ((_g) + 8) + +#define w(i) ((_h) + 8 + ((i) % 16) * 8) + +#define STACK_MAX (w(15) + 8) + +/* helper macros */ +#define ldr_unaligned_be(rout, rsrc, offs, rtmp) \ + ldrb rout, [rsrc, #((offs) + 3)]; \ + ldrb rtmp, [rsrc, #((offs) + 2)]; \ + orr rout, rout, rtmp, lsl #8; \ + ldrb rtmp, [rsrc, #((offs) + 1)]; \ + orr rout, rout, rtmp, lsl #16; \ + ldrb rtmp, [rsrc, #((offs) + 0)]; \ + orr rout, rout, rtmp, lsl #24; + +#ifdef __ARMEL__ + /* bswap on little-endian */ +#ifdef HAVE_ARM_ARCH_V6 + #define be_to_host(reg, rtmp) \ + rev reg, reg; +#else + #define be_to_host(reg, rtmp) \ + eor rtmp, reg, reg, ror #16; \ + mov rtmp, rtmp, lsr #8; \ + bic rtmp, rtmp, #65280; \ + eor reg, rtmp, reg, ror #8; +#endif +#else + /* nop on big-endian */ + #define be_to_host(reg, rtmp) /*_*/ +#endif + +#define host_to_host(x, y) /*_*/ + +#define read_u64_aligned_4(rin, offs, lo0, hi0, lo1, hi1, lo2, hi2, lo3, hi3, convert, rtmp) \ + ldr lo0, [rin, #((offs) + 0 * 8 + 4)]; \ + ldr hi0, [rin, #((offs) + 0 * 8 + 0)]; \ + ldr lo1, [rin, #((offs) + 1 * 8 + 4)]; \ + ldr hi1, [rin, #((offs) + 1 * 8 + 0)]; \ + ldr lo2, [rin, #((offs) + 2 * 8 + 4)]; \ + convert(lo0, rtmp); \ + ldr hi2, [rin, #((offs) + 2 * 8 + 0)]; \ + convert(hi0, rtmp); \ + ldr lo3, [rin, #((offs) + 3 * 8 + 4)]; \ + convert(lo1, rtmp); \ + ldr hi3, [rin, #((offs) + 3 * 8 + 0)]; \ + convert(hi1, rtmp); \ + convert(lo2, rtmp); \ + convert(hi2, rtmp); \ + convert(lo3, rtmp); \ + convert(hi3, rtmp); + +#define read_be64_aligned_4(rin, offs, lo0, hi0, lo1, hi1, lo2, hi2, lo3, hi3, rtmp0) \ + read_u64_aligned_4(rin, offs, lo0, hi0, lo1, hi1, lo2, hi2, lo3, hi3, be_to_host, rtmp0) + +/* need to handle unaligned reads by byte reads */ +#define read_be64_unaligned_4(rin, offs, lo0, hi0, lo1, hi1, lo2, hi2, lo3, hi3, rtmp0) \ + ldr_unaligned_be(lo0, rin, (offs) + 0 * 8 + 4, rtmp0); \ + ldr_unaligned_be(hi0, rin, (offs) + 0 * 8 + 0, rtmp0); \ + ldr_unaligned_be(lo1, rin, (offs) + 1 * 8 + 4, rtmp0); \ + ldr_unaligned_be(hi1, rin, (offs) + 1 * 8 + 0, rtmp0); \ + ldr_unaligned_be(lo2, rin, (offs) + 2 * 8 + 4, rtmp0); \ + ldr_unaligned_be(hi2, rin, (offs) + 2 * 8 + 0, rtmp0); \ + ldr_unaligned_be(lo3, rin, (offs) + 3 * 8 + 4, rtmp0); \ + ldr_unaligned_be(hi3, rin, (offs) + 3 * 8 + 0, rtmp0); + +/*********************************************************************** + * ARM assembly implementation of sha512 transform + ***********************************************************************/ + +/* Round function */ + +#define R(_a,_b,_c,_d,_e,_f,_g,_h,W,wi) \ + /* Message expansion, t1 = _h + w[i] */ \ + W(_a,_h,wi); \ + \ + /* w = Sum1(_e) */ \ + mov RWlo, RElo, lsr#14; \ + ldm RK!, {RT2lo-RT2hi}; \ + mov RWhi, REhi, lsr#14; \ + eor RWlo, RWlo, RElo, lsr#18; \ + eor RWhi, RWhi, REhi, lsr#18; \ + ldr RT3lo, [%sp, #(_f)]; \ + adds RT1lo, RT2lo; /* t1 += K */ \ + ldr RT3hi, [%sp, #(_f) + 4]; \ + adc RT1hi, RT2hi; \ + ldr RT4lo, [%sp, #(_g)]; \ + eor RWlo, RWlo, RElo, lsl#23; \ + ldr RT4hi, [%sp, #(_g) + 4]; \ + eor RWhi, RWhi, REhi, lsl#23; \ + eor RWlo, RWlo, REhi, lsl#18; \ + eor RWhi, RWhi, RElo, lsl#18; \ + eor RWlo, RWlo, REhi, lsl#14; \ + eor RWhi, RWhi, RElo, lsl#14; \ + eor RWlo, RWlo, REhi, lsr#9; \ + eor RWhi, RWhi, RElo, lsr#9; \ + \ + /* Cho(_e,_f,_g) => (_e & _f) ^ (~_e & _g) */ \ + adds RT1lo, RWlo; /* t1 += Sum1(_e) */ \ + and RT3lo, RT3lo, RElo; \ + adc RT1hi, RWhi; \ + and RT3hi, RT3hi, REhi; \ + bic RT4lo, RT4lo, RElo; \ + bic RT4hi, RT4hi, REhi; \ + eor RT3lo, RT3lo, RT4lo; \ + eor RT3hi, RT3hi, RT4hi; \ + \ + /* Load D */ \ + /* t1 += Cho(_e,_f,_g) */ \ + ldr RElo, [%sp, #(_d)]; \ + adds RT1lo, RT3lo; \ + ldr REhi, [%sp, #(_d) + 4]; \ + adc RT1hi, RT3hi; \ + \ + /* Load A */ \ + ldr RT3lo, [%sp, #(_a)]; \ + \ + /* _d += t1 */ \ + adds RElo, RT1lo; \ + ldr RT3hi, [%sp, #(_a) + 4]; \ + adc REhi, RT1hi; \ + \ + /* Store D */ \ + str RElo, [%sp, #(_d)]; \ + \ + /* t2 = Sum0(_a) */ \ + mov RT2lo, RT3lo, lsr#28; \ + str REhi, [%sp, #(_d) + 4]; \ + mov RT2hi, RT3hi, lsr#28; \ + ldr RWlo, [%sp, #(_b)]; \ + eor RT2lo, RT2lo, RT3lo, lsl#30; \ + ldr RWhi, [%sp, #(_b) + 4]; \ + eor RT2hi, RT2hi, RT3hi, lsl#30; \ + eor RT2lo, RT2lo, RT3lo, lsl#25; \ + eor RT2hi, RT2hi, RT3hi, lsl#25; \ + eor RT2lo, RT2lo, RT3hi, lsl#4; \ + eor RT2hi, RT2hi, RT3lo, lsl#4; \ + eor RT2lo, RT2lo, RT3hi, lsr#2; \ + eor RT2hi, RT2hi, RT3lo, lsr#2; \ + eor RT2lo, RT2lo, RT3hi, lsr#7; \ + eor RT2hi, RT2hi, RT3lo, lsr#7; \ + \ + /* t2 += t1 */ \ + adds RT2lo, RT1lo; \ + ldr RT1lo, [%sp, #(_c)]; \ + adc RT2hi, RT1hi; \ + \ + /* Maj(_a,_b,_c) => ((_a & _b) ^ (_c & (_a ^ _b))) */ \ + ldr RT1hi, [%sp, #(_c) + 4]; \ + and RT4lo, RWlo, RT3lo; \ + and RT4hi, RWhi, RT3hi; \ + eor RWlo, RWlo, RT3lo; \ + eor RWhi, RWhi, RT3hi; \ + and RWlo, RWlo, RT1lo; \ + and RWhi, RWhi, RT1hi; \ + eor RWlo, RWlo, RT4lo; \ + eor RWhi, RWhi, RT4hi; \ + +/* Message expansion */ + +#define W_0_63(_a,_h,i) \ + ldr RT3lo, [%sp, #(w(i-2))]; \ + adds RT2lo, RWlo; /* _h = t2 + Maj(_a,_b,_c) */ \ + ldr RT3hi, [%sp, #(w(i-2)) + 4]; \ + adc RT2hi, RWhi; \ + /* nw = S1(w[i-2]) */ \ + ldr RT1lo, [%sp, #(_h)]; /* Load H */ \ + mov RWlo, RT3lo, lsr#19; \ + str RT2lo, [%sp, #(_a)]; \ + eor RWlo, RWlo, RT3lo, lsl#3; \ + ldr RT1hi, [%sp, #(_h) + 4]; \ + mov RWhi, RT3hi, lsr#19; \ + ldr RT2lo, [%sp, #(w(i-7))]; \ + eor RWhi, RWhi, RT3hi, lsl#3; \ + str RT2hi, [%sp, #(_a) + 4]; \ + eor RWlo, RWlo, RT3lo, lsr#6; \ + ldr RT2hi, [%sp, #(w(i-7)) + 4]; \ + eor RWhi, RWhi, RT3hi, lsr#6; \ + eor RWlo, RWlo, RT3hi, lsl#13; \ + eor RWhi, RWhi, RT3lo, lsl#13; \ + eor RWlo, RWlo, RT3hi, lsr#29; \ + eor RWhi, RWhi, RT3lo, lsr#29; \ + ldr RT3lo, [%sp, #(w(i-15))]; \ + eor RWlo, RWlo, RT3hi, lsl#26; \ + ldr RT3hi, [%sp, #(w(i-15)) + 4]; \ + \ + adds RT2lo, RWlo; /* nw += w[i-7] */ \ + ldr RWlo, [%sp, #(w(i-16))]; \ + adc RT2hi, RWhi; \ + mov RT4lo, RT3lo, lsr#1; /* S0(w[i-15]) */ \ + ldr RWhi, [%sp, #(w(i-16)) + 4]; \ + mov RT4hi, RT3hi, lsr#1; \ + adds RT2lo, RWlo; /* nw += w[i-16] */ \ + eor RT4lo, RT4lo, RT3lo, lsr#8; \ + eor RT4hi, RT4hi, RT3hi, lsr#8; \ + eor RT4lo, RT4lo, RT3lo, lsr#7; \ + eor RT4hi, RT4hi, RT3hi, lsr#7; \ + eor RT4lo, RT4lo, RT3hi, lsl#31; \ + eor RT4hi, RT4hi, RT3lo, lsl#31; \ + eor RT4lo, RT4lo, RT3hi, lsl#24; \ + eor RT4hi, RT4hi, RT3lo, lsl#24; \ + eor RT4lo, RT4lo, RT3hi, lsl#25; \ + adc RT2hi, RWhi; \ + \ + /* nw += S0(w[i-15]) */ \ + adds RT2lo, RT4lo; \ + adc RT2hi, RT4hi; \ + \ + /* w[0] = nw */ \ + str RT2lo, [%sp, #(w(i))]; \ + adds RT1lo, RWlo; \ + str RT2hi, [%sp, #(w(i)) + 4]; \ + adc RT1hi, RWhi; + +#define W_64_79(_a,_h,i) \ + adds RT2lo, RWlo; /* _h = t2 + Maj(_a,_b,_c) */ \ + ldr RWlo, [%sp, #(w(i-16))]; \ + adc RT2hi, RWhi; \ + ldr RWhi, [%sp, #(w(i-16)) + 4]; \ + ldr RT1lo, [%sp, #(_h)]; /* Load H */ \ + ldr RT1hi, [%sp, #(_h) + 4]; \ + str RT2lo, [%sp, #(_a)]; \ + str RT2hi, [%sp, #(_a) + 4]; \ + adds RT1lo, RWlo; \ + adc RT1hi, RWhi; + +.align 3 +.globl _gcry_sha512_transform_arm +.type _gcry_sha512_transform_arm,%function; + +_gcry_sha512_transform_arm: + /* Input: + * %r0: SHA512_CONTEXT + * %r1: data + * %r2: u64 k[] constants + * %r3: nblks + */ + push {%r4-%r11, %ip, %lr}; + sub %sp, %sp, #STACK_MAX; + movs RWlo, %r3; + str %r0, [%sp, #(ctx)]; + + beq .Ldone; + +.Loop_blocks: + str RWlo, [%sp, #nblks]; + + /* Load context to stack */ + add RWhi, %sp, #(_a); + ldm %r0!, {RT1lo,RT1hi,RT2lo,RT2hi,RT3lo,RT3hi,RT4lo,RT4hi} + stm RWhi!, {RT1lo,RT1hi,RT2lo,RT2hi,RT3lo,RT3hi,RT4lo,RT4hi} + ldm %r0, {RT1lo,RT1hi,RT2lo,RT2hi,RT3lo,RT3hi,RT4lo,RT4hi} + stm RWhi, {RT1lo,RT1hi,RT2lo,RT2hi,RT3lo,RT3hi,RT4lo,RT4hi} + + /* Load input to w[16] */ +#ifndef __ARM_FEATURE_UNALIGNED + /* test if data is unaligned */ + tst %r1, #3; + beq 1f; + + /* unaligned load */ + add RWhi, %sp, #(w(0)); + read_be64_unaligned_4(%r1, 0 * 8, RT1lo, RT1hi, RT2lo, RT2hi, RT3lo, RT3hi, RT4lo, RT4hi, RWlo); + stm RWhi!, {RT1lo,RT1hi,RT2lo,RT2hi,RT3lo,RT3hi,RT4lo,RT4hi} + + read_be64_unaligned_4(%r1, 4 * 8, RT1lo, RT1hi, RT2lo, RT2hi, RT3lo, RT3hi, RT4lo, RT4hi, RWlo); + stm RWhi!, {RT1lo,RT1hi,RT2lo,RT2hi,RT3lo,RT3hi,RT4lo,RT4hi} + + read_be64_unaligned_4(%r1, 8 * 8, RT1lo, RT1hi, RT2lo, RT2hi, RT3lo, RT3hi, RT4lo, RT4hi, RWlo); + stm RWhi!, {RT1lo,RT1hi,RT2lo,RT2hi,RT3lo,RT3hi,RT4lo,RT4hi} + + read_be64_unaligned_4(%r1, 12 * 8, RT1lo, RT1hi, RT2lo, RT2hi, RT3lo, RT3hi, RT4lo, RT4hi, RWlo); + b 2f; +#endif +1: + /* aligned load */ + add RWhi, %sp, #(w(0)); + read_be64_aligned_4(%r1, 0 * 8, RT1lo, RT1hi, RT2lo, RT2hi, RT3lo, RT3hi, RT4lo, RT4hi, RWlo); + stm RWhi!, {RT1lo,RT1hi,RT2lo,RT2hi,RT3lo,RT3hi,RT4lo,RT4hi} + + read_be64_aligned_4(%r1, 4 * 8, RT1lo, RT1hi, RT2lo, RT2hi, RT3lo, RT3hi, RT4lo, RT4hi, RWlo); + stm RWhi!, {RT1lo,RT1hi,RT2lo,RT2hi,RT3lo,RT3hi,RT4lo,RT4hi} + + read_be64_aligned_4(%r1, 8 * 8, RT1lo, RT1hi, RT2lo, RT2hi, RT3lo, RT3hi, RT4lo, RT4hi, RWlo); + stm RWhi!, {RT1lo,RT1hi,RT2lo,RT2hi,RT3lo,RT3hi,RT4lo,RT4hi} + + read_be64_aligned_4(%r1, 12 * 8, RT1lo, RT1hi, RT2lo, RT2hi, RT3lo, RT3hi, RT4lo, RT4hi, RWlo); +2: + add %r1, #(16 * 8); + stm RWhi, {RT1lo,RT1hi,RT2lo,RT2hi,RT3lo,RT3hi,RT4lo,RT4hi} + str %r1, [%sp, #(data)]; + + /* preload E & A */ + ldr RElo, [%sp, #(_e)]; + ldr REhi, [%sp, #(_e) + 4]; + mov RWlo, #0; + ldr RT2lo, [%sp, #(_a)]; + mov RRND, #(80-16); + ldr RT2hi, [%sp, #(_a) + 4]; + mov RWhi, #0; + +.Loop_rounds: + R(_a, _b, _c, _d, _e, _f, _g, _h, W_0_63, 16); + R(_h, _a, _b, _c, _d, _e, _f, _g, W_0_63, 17); + R(_g, _h, _a, _b, _c, _d, _e, _f, W_0_63, 18); + R(_f, _g, _h, _a, _b, _c, _d, _e, W_0_63, 19); + R(_e, _f, _g, _h, _a, _b, _c, _d, W_0_63, 20); + R(_d, _e, _f, _g, _h, _a, _b, _c, W_0_63, 21); + R(_c, _d, _e, _f, _g, _h, _a, _b, W_0_63, 22); + R(_b, _c, _d, _e, _f, _g, _h, _a, W_0_63, 23); + R(_a, _b, _c, _d, _e, _f, _g, _h, W_0_63, 24); + R(_h, _a, _b, _c, _d, _e, _f, _g, W_0_63, 25); + R(_g, _h, _a, _b, _c, _d, _e, _f, W_0_63, 26); + R(_f, _g, _h, _a, _b, _c, _d, _e, W_0_63, 27); + R(_e, _f, _g, _h, _a, _b, _c, _d, W_0_63, 28); + R(_d, _e, _f, _g, _h, _a, _b, _c, W_0_63, 29); + R(_c, _d, _e, _f, _g, _h, _a, _b, W_0_63, 30); + R(_b, _c, _d, _e, _f, _g, _h, _a, W_0_63, 31); + + subs RRND, #16; + bne .Loop_rounds; + + R(_a, _b, _c, _d, _e, _f, _g, _h, W_64_79, 16); + R(_h, _a, _b, _c, _d, _e, _f, _g, W_64_79, 17); + R(_g, _h, _a, _b, _c, _d, _e, _f, W_64_79, 18); + R(_f, _g, _h, _a, _b, _c, _d, _e, W_64_79, 19); + R(_e, _f, _g, _h, _a, _b, _c, _d, W_64_79, 20); + R(_d, _e, _f, _g, _h, _a, _b, _c, W_64_79, 21); + R(_c, _d, _e, _f, _g, _h, _a, _b, W_64_79, 22); + R(_b, _c, _d, _e, _f, _g, _h, _a, W_64_79, 23); + R(_a, _b, _c, _d, _e, _f, _g, _h, W_64_79, 24); + R(_h, _a, _b, _c, _d, _e, _f, _g, W_64_79, 25); + R(_g, _h, _a, _b, _c, _d, _e, _f, W_64_79, 26); + R(_f, _g, _h, _a, _b, _c, _d, _e, W_64_79, 27); + R(_e, _f, _g, _h, _a, _b, _c, _d, W_64_79, 28); + R(_d, _e, _f, _g, _h, _a, _b, _c, W_64_79, 29); + R(_c, _d, _e, _f, _g, _h, _a, _b, W_64_79, 30); + R(_b, _c, _d, _e, _f, _g, _h, _a, W_64_79, 31); + + ldr %r0, [%sp, #(ctx)]; + adds RT2lo, RWlo; /* _h = t2 + Maj(_a,_b,_c) */ + ldr %r1, [%sp, #(data)]; + adc RT2hi, RWhi; + + ldm %r0, {RT1lo,RT1hi,RWlo,RWhi,RT3lo,RT3hi,RT4lo,RT4hi} + adds RT1lo, RT2lo; + ldr RT2lo, [%sp, #(_b + 0)]; + adc RT1hi, RT2hi; + ldr RT2hi, [%sp, #(_b + 4)]; + adds RWlo, RT2lo; + ldr RT2lo, [%sp, #(_c + 0)]; + adc RWhi, RT2hi; + ldr RT2hi, [%sp, #(_c + 4)]; + adds RT3lo, RT2lo; + ldr RT2lo, [%sp, #(_d + 0)]; + adc RT3hi, RT2hi; + ldr RT2hi, [%sp, #(_d + 4)]; + adds RT4lo, RT2lo; + ldr RT2lo, [%sp, #(_e + 0)]; + adc RT4hi, RT2hi; + stm %r0!, {RT1lo,RT1hi,RWlo,RWhi,RT3lo,RT3hi,RT4lo,RT4hi} + + ldr RT2hi, [%sp, #(_e + 4)]; + ldm %r0, {RT1lo,RT1hi,RWlo,RWhi,RT3lo,RT3hi,RT4lo,RT4hi} + adds RT1lo, RT2lo; + ldr RT2lo, [%sp, #(_f + 0)]; + adc RT1hi, RT2hi; + ldr RT2hi, [%sp, #(_f + 4)]; + adds RWlo, RT2lo; + ldr RT2lo, [%sp, #(_g + 0)]; + adc RWhi, RT2hi; + ldr RT2hi, [%sp, #(_g + 4)]; + adds RT3lo, RT2lo; + ldr RT2lo, [%sp, #(_h + 0)]; + adc RT3hi, RT2hi; + ldr RT2hi, [%sp, #(_h + 4)]; + adds RT4lo, RT2lo; + adc RT4hi, RT2hi; + stm %r0, {RT1lo,RT1hi,RWlo,RWhi,RT3lo,RT3hi,RT4lo,RT4hi} + sub %r0, %r0, #(4 * 8); + ldr RWlo, [%sp, #nblks]; + + sub RK, #(80 * 8); + subs RWlo, #1; + bne .Loop_blocks; + +.Ldone: + mov %r0, #STACK_MAX; +__out: + add %sp, %sp, #STACK_MAX; + pop {%r4-%r11, %ip, %pc}; +.size _gcry_sha512_transform_arm,.-_gcry_sha512_transform_arm; + +#endif +#endif diff --git a/cipher/sha512.c b/cipher/sha512.c index 1196db9..5b25965 100644 --- a/cipher/sha512.c +++ b/cipher/sha512.c @@ -66,6 +66,13 @@ #endif /*ENABLE_NEON_SUPPORT*/ +/* USE_ARM_ASM indicates whether to enable ARM assembly code. */ +#undef USE_ARM_ASM +#if defined(__ARMEL__) && defined(HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS) +# define USE_ARM_ASM 1 +#endif + + /* USE_SSSE3 indicates whether to compile with Intel SSSE3 code. */ #undef USE_SSSE3 #if defined(__x86_64__) && defined(HAVE_GCC_INLINE_ASM_SSSE3) && \ @@ -204,36 +211,6 @@ sha384_init (void *context, unsigned int flags) } -static inline u64 -ROTR (u64 x, u64 n) -{ - return ((x >> n) | (x << (64 - n))); -} - -static inline u64 -Ch (u64 x, u64 y, u64 z) -{ - return ((x & y) ^ ( ~x & z)); -} - -static inline u64 -Maj (u64 x, u64 y, u64 z) -{ - return ((x & y) ^ (x & z) ^ (y & z)); -} - -static inline u64 -Sum0 (u64 x) -{ - return (ROTR (x, 28) ^ ROTR (x, 34) ^ ROTR (x, 39)); -} - -static inline u64 -Sum1 (u64 x) -{ - return (ROTR (x, 14) ^ ROTR (x, 18) ^ ROTR (x, 41)); -} - static const u64 k[] = { U64_C(0x428a2f98d728ae22), U64_C(0x7137449123ef65cd), @@ -278,6 +255,38 @@ static const u64 k[] = U64_C(0x5fcb6fab3ad6faec), U64_C(0x6c44198c4a475817) }; +#ifndef USE_ARM_ASM + +static inline u64 +ROTR (u64 x, u64 n) +{ + return ((x >> n) | (x << (64 - n))); +} + +static inline u64 +Ch (u64 x, u64 y, u64 z) +{ + return ((x & y) ^ ( ~x & z)); +} + +static inline u64 +Maj (u64 x, u64 y, u64 z) +{ + return ((x & y) ^ (x & z) ^ (y & z)); +} + +static inline u64 +Sum0 (u64 x) +{ + return (ROTR (x, 28) ^ ROTR (x, 34) ^ ROTR (x, 39)); +} + +static inline u64 +Sum1 (u64 x) +{ + return (ROTR (x, 14) ^ ROTR (x, 18) ^ ROTR (x, 41)); +} + /**************** * Transform the message W which consists of 16 64-bit-words */ @@ -304,7 +313,6 @@ transform_blk (SHA512_STATE *hd, const unsigned char *data) #define S0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) #define S1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) - for (t = 0; t < 80 - 16; ) { u64 t1, t2; @@ -545,7 +553,7 @@ transform_blk (SHA512_STATE *hd, const unsigned char *data) return /* burn_stack */ (8 + 16) * sizeof(u64) + sizeof(u32) + 3 * sizeof(void*); } - +#endif /*!USE_ARM_ASM*/ /* AMD64 assembly implementations use SystemV ABI, ABI conversion and additional * stack to store XMM6-XMM15 needed on Win64. */ @@ -568,6 +576,12 @@ void _gcry_sha512_transform_armv7_neon (SHA512_STATE *hd, const u64 k[], size_t num_blks); #endif +#ifdef USE_ARM_ASM +unsigned int _gcry_sha512_transform_arm (SHA512_STATE *hd, + const unsigned char *data, + const u64 k[], size_t num_blks); +#endif + #ifdef USE_SSSE3 unsigned int _gcry_sha512_transform_amd64_ssse3(const void *input_data, void *state, @@ -622,6 +636,9 @@ transform (void *context, const unsigned char *data, size_t nblks) } #endif +#ifdef USE_ARM_ASM + burn = _gcry_sha512_transform_arm (&ctx->state, data, k, nblks); +#else do { burn = transform_blk (&ctx->state, data) + 3 * sizeof(void*); @@ -636,6 +653,7 @@ transform (void *context, const unsigned char *data, size_t nblks) */ burn += ASM_EXTRA_STACK; #endif +#endif return burn; } diff --git a/configure.ac b/configure.ac index ed37ab5..8b50360 100644 --- a/configure.ac +++ b/configure.ac @@ -2086,6 +2086,10 @@ if test "$found" = "1" ; then GCRYPT_DIGESTS="$GCRYPT_DIGESTS sha512-avx-amd64.lo" GCRYPT_DIGESTS="$GCRYPT_DIGESTS sha512-avx2-bmi2-amd64.lo" ;; + arm*-*-*) + # Build with the assembly implementation + GCRYPT_DIGESTS="$GCRYPT_DIGESTS sha512-arm.lo" + ;; esac if test x"$neonsupport" = xyes ; then