Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
f2d78649
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
大约 1 年 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
f2d78649
编写于
12月 09, 2016
作者:
A
Andy Polyakov
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
poly1305/poly1305_base2_44.c: add reference base 2^44 implementation.
Reviewed-by:
N
Rich Salz
<
rsalz@openssl.org
>
上级
210fe4ed
变更
1
隐藏空白更改
内联
并排
Showing
1 changed file
with
171 addition
and
0 deletion
+171
-0
crypto/poly1305/poly1305_base2_44.c
crypto/poly1305/poly1305_base2_44.c
+171
-0
未找到文件。
crypto/poly1305/poly1305_base2_44.c
0 → 100644
浏览文件 @
f2d78649
/*
* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* This module is meant to be used as template for base 2^44 assembly
* implementation[s]. On side note compiler-generated code is not
* slower than compiler-generated base 2^64 code on [high-end] x86_64,
* even though amount of multiplications is 50% higher. Go figure...
*/
#include <stdlib.h>
typedef
unsigned
char
u8
;
typedef
unsigned
int
u32
;
typedef
unsigned
long
u64
;
typedef
unsigned
__int128
u128
;
typedef
struct
{
u64
h
[
3
];
u64
s
[
2
];
u64
r
[
3
];
}
poly1305_internal
;
#define POLY1305_BLOCK_SIZE 16
/* pick 64-bit unsigned integer in little endian order */
static
u64
U8TOU64
(
const
unsigned
char
*
p
)
{
return
(((
u64
)(
p
[
0
]
&
0xff
))
|
((
u64
)(
p
[
1
]
&
0xff
)
<<
8
)
|
((
u64
)(
p
[
2
]
&
0xff
)
<<
16
)
|
((
u64
)(
p
[
3
]
&
0xff
)
<<
24
)
|
((
u64
)(
p
[
4
]
&
0xff
)
<<
32
)
|
((
u64
)(
p
[
5
]
&
0xff
)
<<
40
)
|
((
u64
)(
p
[
6
]
&
0xff
)
<<
48
)
|
((
u64
)(
p
[
7
]
&
0xff
)
<<
56
));
}
/* store a 64-bit unsigned integer in little endian */
static
void
U64TO8
(
unsigned
char
*
p
,
u64
v
)
{
p
[
0
]
=
(
unsigned
char
)((
v
)
&
0xff
);
p
[
1
]
=
(
unsigned
char
)((
v
>>
8
)
&
0xff
);
p
[
2
]
=
(
unsigned
char
)((
v
>>
16
)
&
0xff
);
p
[
3
]
=
(
unsigned
char
)((
v
>>
24
)
&
0xff
);
p
[
4
]
=
(
unsigned
char
)((
v
>>
32
)
&
0xff
);
p
[
5
]
=
(
unsigned
char
)((
v
>>
40
)
&
0xff
);
p
[
6
]
=
(
unsigned
char
)((
v
>>
48
)
&
0xff
);
p
[
7
]
=
(
unsigned
char
)((
v
>>
56
)
&
0xff
);
}
int
poly1305_init
(
void
*
ctx
,
const
unsigned
char
key
[
16
])
{
poly1305_internal
*
st
=
(
poly1305_internal
*
)
ctx
;
u64
r0
,
r1
;
/* h = 0 */
st
->
h
[
0
]
=
0
;
st
->
h
[
1
]
=
0
;
st
->
h
[
2
]
=
0
;
r0
=
U8TOU64
(
&
key
[
0
])
&
0x0ffffffc0fffffff
;
r1
=
U8TOU64
(
&
key
[
8
])
&
0x0ffffffc0ffffffc
;
/* break r1:r0 to three 44-bit digits, masks are 1<<44-1 */
st
->
r
[
0
]
=
r0
&
0x0fffffffffff
;
st
->
r
[
1
]
=
((
r0
>>
44
)
|
(
r1
<<
20
))
&
0x0fffffffffff
;
st
->
r
[
2
]
=
(
r1
>>
24
);
st
->
s
[
0
]
=
(
st
->
r
[
1
]
+
(
st
->
r
[
1
]
<<
2
))
<<
2
;
st
->
s
[
1
]
=
(
st
->
r
[
2
]
+
(
st
->
r
[
2
]
<<
2
))
<<
2
;
return
0
;
}
void
poly1305_blocks
(
void
*
ctx
,
const
unsigned
char
*
inp
,
size_t
len
,
u32
padbit
)
{
poly1305_internal
*
st
=
(
poly1305_internal
*
)
ctx
;
u64
r0
,
r1
,
r2
;
u64
s1
,
s2
;
u64
h0
,
h1
,
h2
,
c
;
u128
d0
,
d1
,
d2
;
u64
pad
=
(
u64
)
padbit
<<
40
;
r0
=
st
->
r
[
0
];
r1
=
st
->
r
[
1
];
r2
=
st
->
r
[
2
];
s1
=
st
->
s
[
0
];
s2
=
st
->
s
[
1
];
h0
=
st
->
h
[
0
];
h1
=
st
->
h
[
1
];
h2
=
st
->
h
[
2
];
while
(
len
>=
POLY1305_BLOCK_SIZE
)
{
u64
m0
,
m1
;
m0
=
U8TOU64
(
inp
+
0
);
m1
=
U8TOU64
(
inp
+
8
);
/* h += m[i], m[i] is broken to 44-bit digits */
h0
+=
m0
&
0x0fffffffffff
;
h1
+=
((
m0
>>
44
)
|
(
m1
<<
20
))
&
0x0fffffffffff
;
h2
+=
(
m1
>>
24
)
+
pad
;
/* h *= r "%" p, where "%" stands for "partial remainder" */
d0
=
((
u128
)
h0
*
r0
)
+
((
u128
)
h1
*
s2
)
+
((
u128
)
h2
*
s1
);
d1
=
((
u128
)
h0
*
r1
)
+
((
u128
)
h1
*
r0
)
+
((
u128
)
h2
*
s2
);
d2
=
((
u128
)
h0
*
r2
)
+
((
u128
)
h1
*
r1
)
+
((
u128
)
h2
*
r0
);
/* "lazy" reduction step */
h0
=
(
u64
)
d0
&
0x0fffffffffff
;
h1
=
(
u64
)(
d1
+=
d0
>>
44
)
&
0x0fffffffffff
;
h2
=
(
u64
)(
d2
+=
d1
>>
44
)
&
0x03ffffffffff
;
/* last digit is 42 bits */
c
=
(
d2
>>
42
);
h0
+=
c
+
(
c
<<
2
);
inp
+=
POLY1305_BLOCK_SIZE
;
len
-=
POLY1305_BLOCK_SIZE
;
}
st
->
h
[
0
]
=
h0
;
st
->
h
[
1
]
=
h1
;
st
->
h
[
2
]
=
h2
;
}
void
poly1305_emit
(
void
*
ctx
,
unsigned
char
mac
[
16
],
const
u32
nonce
[
4
])
{
poly1305_internal
*
st
=
(
poly1305_internal
*
)
ctx
;
u64
h0
,
h1
,
h2
;
u64
g0
,
g1
,
g2
;
u128
t
;
u64
mask
;
h0
=
st
->
h
[
0
];
h1
=
st
->
h
[
1
];
h2
=
st
->
h
[
2
];
/* after "lazy" reduction, convert 44+bit digits to 64-bit ones */
h0
=
(
u64
)(
t
=
(
u128
)
h0
+
(
h1
<<
44
));
h1
>>=
20
;
h1
=
(
u64
)(
t
=
(
u128
)
h1
+
(
h2
<<
24
)
+
(
t
>>
64
));
h2
>>=
40
;
h2
+=
(
u64
)(
t
>>
64
);
/* compare to modulus by computing h + -p */
g0
=
(
u64
)(
t
=
(
u128
)
h0
+
5
);
g1
=
(
u64
)(
t
=
(
u128
)
h1
+
(
t
>>
64
));
g2
=
h2
+
(
u64
)(
t
>>
64
);
/* if there was carry into 131st bit, h1:h0 = g1:g0 */
mask
=
0
-
(
g2
>>
2
);
g0
&=
mask
;
g1
&=
mask
;
mask
=
~
mask
;
h0
=
(
h0
&
mask
)
|
g0
;
h1
=
(
h1
&
mask
)
|
g1
;
/* mac = (h + nonce) % (2^128) */
h0
=
(
u64
)(
t
=
(
u128
)
h0
+
nonce
[
0
]
+
((
u64
)
nonce
[
1
]
<<
32
));
h1
=
(
u64
)(
t
=
(
u128
)
h1
+
nonce
[
2
]
+
((
u64
)
nonce
[
3
]
<<
32
)
+
(
t
>>
64
));
U64TO8
(
mac
+
0
,
h0
);
U64TO8
(
mac
+
8
,
h1
);
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录