OpenCores
URL https://opencores.org/ocsvn/test_project/test_project/trunk

Subversion Repositories test_project

[/] [test_project/] [trunk/] [linux_sd_driver/] [include/] [crypto/] [gf128mul.h] - Blame information for rev 81

Go to most recent revision | Details | Compare with Previous | View Log

Line No. Rev Author Line
1 62 marcus.erl 
/* gf128mul.h - GF(2^128) multiplication functions
2 
 *
3 
 * Copyright (c) 2003, Dr Brian Gladman, Worcester, UK.
4 
 * Copyright (c) 2006 Rik Snel <rsnel@cube.dyndns.org>
5 
 *
6 
 * Based on Dr Brian Gladman's (GPL'd) work published at
7 
 * http://fp.gladman.plus.com/cryptography_technology/index.htm
8 
 * See the original copyright notice below.
9 
 *
10 
 * This program is free software; you can redistribute it and/or modify it
11 
 * under the terms of the GNU General Public License as published by the Free
12 
 * Software Foundation; either version 2 of the License, or (at your option)
13 
 * any later version.
14 
 */
15 
/*
16 
 ---------------------------------------------------------------------------
17 
 Copyright (c) 2003, Dr Brian Gladman, Worcester, UK.   All rights reserved.
18 
 
19 
 LICENSE TERMS
20 
 
21 
 The free distribution and use of this software in both source and binary
22 
 form is allowed (with or without changes) provided that:
23 
 
24 
   1. distributions of this source code include the above copyright
25 
      notice, this list of conditions and the following disclaimer;
26 
 
27 
   2. distributions in binary form include the above copyright
28 
      notice, this list of conditions and the following disclaimer
29 
      in the documentation and/or other associated materials;
30 
 
31 
   3. the copyright holder's name is not used to endorse products
32 
      built using this software without specific written permission.
33 
 
34 
 ALTERNATIVELY, provided that this notice is retained in full, this product
35 
 may be distributed under the terms of the GNU General Public License (GPL),
36 
 in which case the provisions of the GPL apply INSTEAD OF those given above.
37 
 
38 
 DISCLAIMER
39 
 
40 
 This software is provided 'as is' with no explicit or implied warranties
41 
 in respect of its properties, including, but not limited to, correctness
42 
 and/or fitness for purpose.
43 
 ---------------------------------------------------------------------------
44 
 Issue Date: 31/01/2006
45 
 
46 
 An implementation of field multiplication in Galois Field GF(128)
47 
*/
48 
 
49 
#ifndef _CRYPTO_GF128MUL_H
50 
#define _CRYPTO_GF128MUL_H
51 
 
52 
#include <crypto/b128ops.h>
53 
#include <linux/slab.h>
54 
 
55 
/* Comment by Rik:
56 
 *
57 
 * For some background on GF(2^128) see for example: http://-
58 
 * csrc.nist.gov/CryptoToolkit/modes/proposedmodes/gcm/gcm-revised-spec.pdf
59 
 *
60 
 * The elements of GF(2^128) := GF(2)[X]/(X^128-X^7-X^2-X^1-1) can
61 
 * be mapped to computer memory in a variety of ways. Let's examine
62 
 * three common cases.
63 
 *
64 
 * Take a look at the 16 binary octets below in memory order. The msb's
65 
 * are left and the lsb's are right. char b[16] is an array and b[0] is
66 
 * the first octet.
67 
 *
68 
 * 80000000 00000000 00000000 00000000 .... 00000000 00000000 00000000
69 
 *   b[0]     b[1]     b[2]     b[3]          b[13]    b[14]    b[15]
70 
 *
71 
 * Every bit is a coefficient of some power of X. We can store the bits
72 
 * in every byte in little-endian order and the bytes themselves also in
73 
 * little endian order. I will call this lle (little-little-endian).
74 
 * The above buffer represents the polynomial 1, and X^7+X^2+X^1+1 looks
75 
 * like 11100001 00000000 .... 00000000 = { 0xE1, 0x00, }.
76 
 * This format was originally implemented in gf128mul and is used
77 
 * in GCM (Galois/Counter mode) and in ABL (Arbitrary Block Length).
78 
 *
79 
 * Another convention says: store the bits in bigendian order and the
80 
 * bytes also. This is bbe (big-big-endian). Now the buffer above
81 
 * represents X^127. X^7+X^2+X^1+1 looks like 00000000 .... 10000111,
82 
 * b[15] = 0x87 and the rest is 0. LRW uses this convention and bbe
83 
 * is partly implemented.
84 
 *
85 
 * Both of the above formats are easy to implement on big-endian
86 
 * machines.
87 
 *
88 
 * EME (which is patent encumbered) uses the ble format (bits are stored
89 
 * in big endian order and the bytes in little endian). The above buffer
90 
 * represents X^7 in this case and the primitive polynomial is b[0] = 0x87.
91 
 *
92 
 * The common machine word-size is smaller than 128 bits, so to make
93 
 * an efficient implementation we must split into machine word sizes.
94 
 * This file uses one 32bit for the moment. Machine endianness comes into
95 
 * play. The lle format in relation to machine endianness is discussed
96 
 * below by the original author of gf128mul Dr Brian Gladman.
97 
 *
98 
 * Let's look at the bbe and ble format on a little endian machine.
99 
 *
100 
 * bbe on a little endian machine u32 x[4]:
101 
 *
102 
 *  MS            x[0]           LS  MS            x[1]           LS
103 
 *  ms   ls ms   ls ms   ls ms   ls  ms   ls ms   ls ms   ls ms   ls
104 
 *  103..96 111.104 119.112 127.120  71...64 79...72 87...80 95...88
105 
 *
106 
 *  MS            x[2]           LS  MS            x[3]           LS
107 
 *  ms   ls ms   ls ms   ls ms   ls  ms   ls ms   ls ms   ls ms   ls
108 
 *  39...32 47...40 55...48 63...56  07...00 15...08 23...16 31...24
109 
 *
110 
 * ble on a little endian machine
111 
 *
112 
 *  MS            x[0]           LS  MS            x[1]           LS
113 
 *  ms   ls ms   ls ms   ls ms   ls  ms   ls ms   ls ms   ls ms   ls
114 
 *  31...24 23...16 15...08 07...00  63...56 55...48 47...40 39...32
115 
 *
116 
 *  MS            x[2]           LS  MS            x[3]           LS
117 
 *  ms   ls ms   ls ms   ls ms   ls  ms   ls ms   ls ms   ls ms   ls
118 
 *  95...88 87...80 79...72 71...64  127.120 199.112 111.104 103..96
119 
 *
120 
 * Multiplications in GF(2^128) are mostly bit-shifts, so you see why
121 
 * ble (and lbe also) are easier to implement on a little-endian
122 
 * machine than on a big-endian machine. The converse holds for bbe
123 
 * and lle.
124 
 *
125 
 * Note: to have good alignment, it seems to me that it is sufficient
126 
 * to keep elements of GF(2^128) in type u64[2]. On 32-bit wordsize
127 
 * machines this will automatically aligned to wordsize and on a 64-bit
128 
 * machine also.
129 
 */
130 
/*      Multiply a GF128 field element by x. Field elements are held in arrays
131 
    of bytes in which field bits 8n..8n + 7 are held in byte[n], with lower
132 
    indexed bits placed in the more numerically significant bit positions
133 
    within bytes.
134 
 
135 
    On little endian machines the bit indexes translate into the bit
136 
    positions within four 32-bit words in the following way
137 
 
138 
    MS            x[0]           LS  MS            x[1]           LS
139 
    ms   ls ms   ls ms   ls ms   ls  ms   ls ms   ls ms   ls ms   ls
140 
    24...31 16...23 08...15 00...07  56...63 48...55 40...47 32...39
141 
 
142 
    MS            x[2]           LS  MS            x[3]           LS
143 
    ms   ls ms   ls ms   ls ms   ls  ms   ls ms   ls ms   ls ms   ls
144 
    88...95 80...87 72...79 64...71  120.127 112.119 104.111 96..103
145 
 
146 
    On big endian machines the bit indexes translate into the bit
147 
    positions within four 32-bit words in the following way
148 
 
149 
    MS            x[0]           LS  MS            x[1]           LS
150 
    ms   ls ms   ls ms   ls ms   ls  ms   ls ms   ls ms   ls ms   ls
151 
    00...07 08...15 16...23 24...31  32...39 40...47 48...55 56...63
152 
 
153 
    MS            x[2]           LS  MS            x[3]           LS
154 
    ms   ls ms   ls ms   ls ms   ls  ms   ls ms   ls ms   ls ms   ls
155 
    64...71 72...79 80...87 88...95  96..103 104.111 112.119 120.127
156 
*/
157 
 
158 
/*      A slow generic version of gf_mul, implemented for lle and bbe
159 
 *      It multiplies a and b and puts the result in a */
160 
void gf128mul_lle(be128 *a, const be128 *b);
161 
 
162 
void gf128mul_bbe(be128 *a, const be128 *b);
163 
 
164 
/* multiply by x in ble format, needed by XTS */
165 
void gf128mul_x_ble(be128 *a, const be128 *b);
166 
 
167 
/* 4k table optimization */
168 
 
169 
struct gf128mul_4k {
170 
        be128 t[256];
171 
};
172 
 
173 
struct gf128mul_4k *gf128mul_init_4k_lle(const be128 *g);
174 
struct gf128mul_4k *gf128mul_init_4k_bbe(const be128 *g);
175 
void gf128mul_4k_lle(be128 *a, struct gf128mul_4k *t);
176 
void gf128mul_4k_bbe(be128 *a, struct gf128mul_4k *t);
177 
 
178 
static inline void gf128mul_free_4k(struct gf128mul_4k *t)
179 
{
180 
        kfree(t);
181 
}
182 
 
183 
 
184 
/* 64k table optimization, implemented for lle and bbe */
185 
 
186 
struct gf128mul_64k {
187 
        struct gf128mul_4k *t[16];
188 
};
189 
 
190 
/* first initialize with the constant factor with which you
191 
 * want to multiply and then call gf128_64k_lle with the other
192 
 * factor in the first argument, the table in the second and a
193 
 * scratch register in the third. Afterwards *a = *r. */
194 
struct gf128mul_64k *gf128mul_init_64k_lle(const be128 *g);
195 
struct gf128mul_64k *gf128mul_init_64k_bbe(const be128 *g);
196 
void gf128mul_free_64k(struct gf128mul_64k *t);
197 
void gf128mul_64k_lle(be128 *a, struct gf128mul_64k *t);
198 
void gf128mul_64k_bbe(be128 *a, struct gf128mul_64k *t);
199 
 
200 
#endif /* _CRYPTO_GF128MUL_H */

powered by: WebSVN 2.1.0

© copyright 1999-2025 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.