Commit ffa94b29 authored by Franziskus Kiefer's avatar Franziskus Kiefer

Bug 868948 - new ct software and hardware accelarated gcm implementations, r=mt,ttaubert

Differential Revision: https://nss-review.dev.mozaws.net/D291

--HG--
extra : rebase_source : 749216bca7194c81822d74f2d0a1f45ebfb805bf
extra : histedit_source : 6c91e0a89f4094b1d03f668ac23171234e254cec%2C3f871ba6161313f7235937aea841b8ae61f6820a
parent 99b0a24a
......@@ -14,6 +14,7 @@
'mpi_unittest.cc',
'dh_unittest.cc',
'ecl_unittest.cc',
'ghash_unittest.cc',
'<(DEPTH)/gtests/common/gtests.cc'
],
'dependencies': [
......
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this file,
// You can obtain one at http://mozilla.org/MPL/2.0/.
#include <stdint.h>
#include <string>
#include <vector>
std::vector<uint8_t> hex_string_to_bytes(std::string s) {
std::vector<uint8_t> bytes;
assert(s.length() % 2 == 0);
for (size_t i = 0; i < s.length(); i += 2) {
bytes.push_back(std::stoul(s.substr(i, 2), nullptr, 16));
}
return bytes;
}
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this file,
// You can obtain one at http://mozilla.org/MPL/2.0/.
#include "gtest/gtest.h"
#include "freebl_util.h"
#include "gcm.h"
namespace nss_test {
typedef struct ghash_kat_str {
std::string hash_key;
std::string additional_data;
std::string cipher_text;
std::string result;
} ghash_kat_value;
/*
* http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
*/
const ghash_kat_value kKatValues[] = {
{"66e94bd4ef8a2c3b884cfa59ca342b2e", "", "",
"00000000000000000000000000000000"},
{"66e94bd4ef8a2c3b884cfa59ca342b2e", "", "0388dace60b6a392f328c2b971b2fe78",
"f38cbb1ad69223dcc3457ae5b6b0f885"},
{"b83b533708bf535d0aa6e52980d53b78", "",
"42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25"
"4"
"66931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
"7f1b32b81b820d02614f8895ac1d4eac"},
{"b83b533708bf535d0aa6e52980d53b78",
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
"42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25"
"4"
"66931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
"698e57f70e6ecc7fd9463b7260a9ae5f"},
{"b83b533708bf535d0aa6e52980d53b78",
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
"61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e"
"4"
"9f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
"df586bb4c249b92cb6922877e444d37b"},
{"b83b533708bf535d0aa6e52980d53b78",
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
"8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4f"
"b"
"a43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
"1c5afe9760d3932f3c9a878aac3dc3de"},
{"aae06992acbf52a3e8f4a96ec9300bd7", "", "98e7247c07f0fe411c267e4384b0f600",
"e2c63f0ac44ad0e02efa05ab6743d4ce"},
{"466923ec9ae682214f2c082badb39249", "",
"3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c"
"1"
"44c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
"51110d40f6c8fff0eb1ae33445a889f0"},
{"466923ec9ae682214f2c082badb39249",
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
"3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c"
"1"
"44c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
"ed2ce3062e4a8ec06db8b4c490e8a268"},
{"466923ec9ae682214f2c082badb39249",
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
"0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9"
"a"
"471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
"1e6a133806607858ee80eaf237064089"},
{"466923ec9ae682214f2c082badb39249",
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
"d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012a"
"f"
"34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
"82567fb0b4cc371801eadec005968e94"},
{"dc95c078a2408989ad48a21492842087", "", "cea7403d4d606b6e074ec5d3baf39d18",
"83de425c5edc5d498f382c441041ca92"},
{"acbef20579b4b8ebce889bac8732dad7", "",
"522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e485"
"9"
"0dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
"4db870d37cb75fcb46097c36230d1612"},
{"acbef20579b4b8ebce889bac8732dad7",
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
"522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e485"
"9"
"0dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
"8bd0c4d8aacd391e67cca447e8c38f65"},
{"acbef20579b4b8ebce889bac8732dad7",
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
"c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33"
"9"
"34a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
"75a34288b8c68f811c52b2e9a2f97f63"},
{"acbef20579b4b8ebce889bac8732dad7",
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
"5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b78"
"0"
"f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
"d5ffcf6fc5ac4d69722187421a7f170b"},
/* Extra, non-nist, test case to test 64-bit binary multiplication carry
* correctness. */
{"0000000000000000fcefef64ffc4766c", "", "0000000000000000ffcef9ebbffdbd8b",
"3561e34e52d8b598f9937982512fff27"}};
class GHashTest : public ::testing::TestWithParam<ghash_kat_value> {
protected:
void TestGHash(const ghash_kat_value val, bool sw) {
// Read test data.
std::vector<uint8_t> hash_key = hex_string_to_bytes(val.hash_key);
ASSERT_EQ(16UL, hash_key.size());
std::vector<uint8_t> additional_data =
hex_string_to_bytes(val.additional_data);
std::vector<uint8_t> cipher_text = hex_string_to_bytes(val.cipher_text);
std::vector<uint8_t> expected = hex_string_to_bytes(val.result);
ASSERT_EQ(16UL, expected.size());
// Prepare context.
gcmHashContext ghashCtx;
ASSERT_EQ(SECSuccess, gcmHash_InitContext(&ghashCtx, hash_key.data(), sw));
// Hash additional_data, cipher_text.
gcmHash_Reset(&ghashCtx,
const_cast<const unsigned char *>(additional_data.data()),
additional_data.size(), 16);
gcmHash_Update(&ghashCtx,
const_cast<const unsigned char *>(cipher_text.data()),
cipher_text.size(), 16);
// Finalise (hash in the length).
uint8_t result_bytes[16];
unsigned int out_len;
ASSERT_EQ(SECSuccess,
gcmHash_Final(&ghashCtx, result_bytes, &out_len, 16, 16));
ASSERT_EQ(16U, out_len);
EXPECT_EQ(expected, std::vector<uint8_t>(result_bytes, result_bytes + 16));
}
};
#ifdef NSS_X86_OR_X64
TEST_P(GHashTest, KAT_X86_HW) { TestGHash(GetParam(), false); }
#endif
TEST_P(GHashTest, KAT_Sftw) { TestGHash(GetParam(), true); }
INSTANTIATE_TEST_CASE_P(NISTTestVector, GHashTest,
::testing::ValuesIn(kKatValues));
} // nss_test
......@@ -8,12 +8,12 @@
#include <cstdlib>
#include <fstream>
#include <string>
#define GTEST_HAS_RTTI 0
#include "gtest/gtest.h"
#include "blapi.h"
#include "freebl_util.h"
namespace nss_test {
......@@ -44,15 +44,6 @@ std::string trim(std::string str) {
return str.substr(strBegin, strRange);
}
std::vector<uint8_t> hex_string_to_bytes(std::string s) {
std::vector<uint8_t> bytes;
assert(s.length() % 2 == 0);
for (size_t i = 0; i < s.length(); i += 2) {
bytes.push_back(std::stoul(s.substr(i, 2), nullptr, 16));
}
return bytes;
}
std::vector<uint8_t> read_option_s(std::string& s) {
size_t start = s.find("=") + 1;
assert(start > 0);
......
......@@ -110,6 +110,7 @@ endif
# NSS_X86_OR_X64 means the target is either x86 or x64
ifeq (,$(filter-out i386 x386 x86 x86_64,$(CPU_ARCH)))
DEFINES += -DNSS_X86_OR_X64
CFLAGS += -mpclmul -maes
ifneq (,$(USE_64)$(USE_X32))
DEFINES += -DNSS_X64
else
......
......@@ -153,6 +153,16 @@
'MP_API_COMPATIBLE'
],
'conditions': [
[ 'OS=="mac"', {
'xcode_settings': {
# I'm not sure since when this is supported.
# But I hope that doesn't matter. We also assume this is x86/x64.
'OTHER_CFLAGS': [
'-mpclmul',
'-maes',
],
},
}],
[ 'OS=="win" and target_arch=="ia32"', {
'msvs_settings': {
'VCCLCompilerTool': {
......@@ -243,6 +253,14 @@
'MP_USE_UINT_DIGIT',
],
}],
[ 'target_arch=="ia32" or target_arch=="x64"', {
'cflags': [
# enable isa option for pclmul am aes-ni; supported since gcc 4.4
# This is only support by x84/x64. It's not needed for Windows.
'-mpclmul',
'-maes',
],
}],
[ 'target_arch=="arm"', {
'defines': [
'MP_ASSEMBLY_MULTIPLY',
......
This diff is collapsed.
......@@ -6,6 +6,17 @@
#define GCM_H 1
#include "blapii.h"
#include <stdint.h>
#ifdef NSS_X86_OR_X64
#include <emmintrin.h> /* __m128i */
#endif
SEC_BEGIN_PROTOS
#ifdef HAVE_INT128_SUPPORT
typedef unsigned __int128 uint128_t;
#endif
typedef struct GCMContextStr GCMContext;
......@@ -28,4 +39,46 @@ SECStatus GCM_DecryptUpdate(GCMContext *gcm, unsigned char *outbuf,
const unsigned char *inbuf, unsigned int inlen,
unsigned int blocksize);
/* These functions are here only so we can test them */
#if defined(_WINDOWS) && defined(NSS_X86_OR_X64)
#define pre_align __declspec(align(16))
#define post_align
#elif defined(NSS_X86_OR_X64)
#define pre_align
#define post_align __attribute__((aligned(16)))
#else
#define pre_align
#define post_align
#endif
#define GCM_HASH_LEN_LEN 8 /* gcm hash defines lengths to be 64 bits */
typedef struct gcmHashContextStr gcmHashContext;
typedef SECStatus (*ghash_t)(gcmHashContext *, const unsigned char *,
unsigned int, unsigned int);
pre_align struct gcmHashContextStr {
#ifdef NSS_X86_OR_X64
__m128i x, h;
#endif
uint64_t x_low, x_high, h_high, h_low;
unsigned char buffer[MAX_BLOCK_SIZE];
unsigned int bufLen;
uint8_t counterBuf[16];
uint64_t cLen;
ghash_t ghash_mul;
PRBool hw;
gcmHashContext *mem;
} post_align;
SECStatus gcmHash_Update(gcmHashContext *ghash, const unsigned char *buf,
unsigned int len, unsigned int blocksize);
SECStatus gcmHash_InitContext(gcmHashContext *ghash, const unsigned char *H,
PRBool sw);
SECStatus gcmHash_Reset(gcmHashContext *ghash, const unsigned char *AAD,
unsigned int AADLen, unsigned int blocksize);
SECStatus gcmHash_Final(gcmHashContext *ghash, unsigned char *outbuf,
unsigned int *outlen, unsigned int maxout,
unsigned int blocksize);
SEC_END_PROTOS
#endif
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment